From: Matthew Dillon <dillon@apollo.backplane.com>
Date: Sat, 22 Oct 2011 21:07:29 +0000 (-0700)
Subject: kernel - Fix null-pointer crash in i386/pmap.c
X-Git-Tag: v3.0.0~837
X-Git-Url: https://gitweb.dragonflybsd.org/~nant/dragonfly.git/commitdiff_plain/cef01e15fe912e0bb866742427c9afcbf4328d44

kernel - Fix null-pointer crash in i386/pmap.c

* Related to recent work, check that m->object is not NULL
---

diff --git a/sys/platform/pc32/i386/pmap.c b/sys/platform/pc32/i386/pmap.c
index 977afd63e0..45e3a85978 100644
--- a/sys/platform/pc32/i386/pmap.c
+++ b/sys/platform/pc32/i386/pmap.c
@@ -1782,7 +1782,8 @@ pmap_remove_entry(struct pmap *pmap, vm_page_t m,
 	test_m_maps_pv(m, pv);
 	TAILQ_REMOVE(&m->md.pv_list, pv, pv_list);
 	m->md.pv_list_count--;
-	atomic_add_int(&m->object->agg_pv_list_count, -1);
+	if (m->object)
+		atomic_add_int(&m->object->agg_pv_list_count, -1);
 	if (TAILQ_EMPTY(&m->md.pv_list))
 		vm_page_flag_clear(m, PG_MAPPED | PG_WRITEABLE);
 	TAILQ_REMOVE(&pmap->pm_pvlist, pv, pv_plist);
@@ -1818,7 +1819,8 @@ pmap_insert_entry(pmap_t pmap, vm_offset_t va, vm_page_t mpte, vm_page_t m)
 	TAILQ_INSERT_TAIL(&m->md.pv_list, pv, pv_list);
 	++pmap->pm_generation;
 	m->md.pv_list_count++;
-	atomic_add_int(&m->object->agg_pv_list_count, 1);
+	if (m->object)
+		atomic_add_int(&m->object->agg_pv_list_count, 1);
 }
 
 /*
@@ -2061,7 +2063,8 @@ pmap_remove_all(vm_page_t m)
 		TAILQ_REMOVE(&pv->pv_pmap->pm_pvlist, pv, pv_plist);
 		++pv->pv_pmap->pm_generation;
 		m->md.pv_list_count--;
-		atomic_add_int(&m->object->agg_pv_list_count, -1);
+		if (m->object)
+			atomic_add_int(&m->object->agg_pv_list_count, -1);
 		if (TAILQ_EMPTY(&m->md.pv_list))
 			vm_page_flag_clear(m, PG_MAPPED | PG_WRITEABLE);
 		vm_object_hold(pv->pv_pmap->pm_pteobj);
@@ -2969,7 +2972,8 @@ pmap_remove_pages(pmap_t pmap, vm_offset_t sva, vm_offset_t eva)
 		save_generation = ++pmap->pm_generation;
 
 		m->md.pv_list_count--;
-		atomic_add_int(&m->object->agg_pv_list_count, -1);
+		if (m->object)
+			atomic_add_int(&m->object->agg_pv_list_count, -1);
 		TAILQ_REMOVE(&m->md.pv_list, pv, pv_list);
 		if (TAILQ_EMPTY(&m->md.pv_list))
 			vm_page_flag_clear(m, PG_MAPPED | PG_WRITEABLE);