Current-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Null pointer dereferences on x86

Hi, folks!

Last week, in my zeal to slay sleeping kva fragmentation dragons[1], I
accidentally caused pool_get(PR_WAITOK) to sometimes return NULL.

pool_get(PR_WAITOK) is never allowed to return NULL at all, but it may
have started doing so even when memory was not short, if someone else
had a concurrent call to pool_get.  This probably caused some null
pointer dereferences down the line over the past week, which I have
been seeing various reports of at a higher frequency than usual, such
as [2].

Not too long before that, maxv@ added support to x86 for taking
advantage of SMAP[3], a mechanism for preventing accidental kernel
access to userland pages, which had the side effect of changing the
panic message.  This in turn may have had the unfortunate effect of
blaming maxv@ for breaking things by adding security features.

Yesterday, mlelstv@ found the missing logic I neglected to add to
pool_get[4], and today I added a kassert[5] that would have caught my
mistake.  So if things have seemed a bit crashy on x86 in the past
week, please give current another whirl -- and make sure to blame me,
not maxv@, for breaking the world, and instead thank maxv@ for keeping
our x86 code up with the times and mlelstv@ for cleaning up my mess.


Home | Main Index | Thread Index | Old Index