kern/49073: uvm_mapent_alloc() can return NULL, yet isn't always checked

[mrg%eterna.com.au@localhost]

>Number:         49073
>Category:       kern
>Synopsis:       uvm_mapent_alloc() can return NULL, yet isn't always checked
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Aug 05 09:30:00 +0000 2014
>Originator:     matthew green
>Release:        -current, 20140804
>Organization:
people's front against (bozotic) www (softwar foundation)
>Environment:
>Description:

        while reading about minherit(2), i noticed that all calls to
        UVM_MAP_CLIP_START() or UVM_MAP_CLIP_END() can cause a page
        fault in the case that uvm_mapent_alloc() returns NULL.  in
        the distant UVM past, this function would panic() instead.
        the failure seems to be handled in all other cases, but the
        several functions in uvm_amap.c and uvm_map.c that call 
        these all seem to be potential issues.

>How-To-Repeat:
        N/A
>Fix:
        probably need to fix these macros and their backends to return
        a failure case, and to have these callers handle failure.
        these are the functions needing attention:

        uvm_amap.c:
                amap_copy()
        uvm_map.c:
                uvm_unmap_remove() -- currently can't fail, would need
                        non-trivial work
                uvm_map_extract()
                uvm_map_submap()
                uvm_map_protect()
                uvm_map_inherit()
                uvm_map_advice()
                uvm_map_pageable()