Subject: patch for kern/subr_extent.c
To: None <tech-kern@netbsd.org>
From: matthew green <mrg@eterna.com.au>
List: tech-kern
Date: 06/16/2000 21:23:27
i've noticed that extent_alloc() can fail and return a value outside
of the extent when there the map start address + the boundary condition
overflow. this happens on the sparc64 with the sbus dvma map (which
is mapped near the very top of kva) when mapping the le driver (which
has a boundary condition of 16M). the follow patch fixes this problem
by noticing the overflow when checking boundary condition..
Index: subr_extent.c
===================================================================
RCS file: /cvsroot/syssrc/sys/kern/subr_extent.c,v
retrieving revision 1.31
diff -p -r1.31 subr_extent.c
*** subr_extent.c 2000/06/06 17:32:50 1.31
--- subr_extent.c 2000/06/16 06:02:21
*************** extent_alloc_subregion1(ex, substart, su
*** 673,679 ****
boundary, dontcross);
#endif
! if (newend > dontcross) {
/*
* Candidate region crosses boundary.
* Throw away the leading part and see
--- 673,682 ----
boundary, dontcross);
#endif
! /* Check for overflow */
! if (dontcross < ex->ex_start)
! dontcross = ex->ex_end;
! else if (newend > dontcross) {
/*
* Candidate region crosses boundary.
* Throw away the leading part and see
*************** extent_alloc_subregion1(ex, substart, su
*** 764,770 ****
boundary, dontcross);
#endif
! if (newend > dontcross) {
/*
* Candidate region crosses boundary.
* Throw away the leading part and see
--- 767,776 ----
boundary, dontcross);
#endif
! /* Check for overflow */
! if (dontcross < ex->ex_start)
! dontcross = ex->ex_end;
! else if (newend > dontcross) {
/*
* Candidate region crosses boundary.
* Throw away the leading part and see