> Date: Tue, 24 Mar 2020 16:08:56 +0100
> From: Martin Pieuchot <[email protected]>
>
> Variable `me' is never NULL before reaching RBT_POISON(). Diff has a
> lot of context to ease the review.
>
> CID 1453116 Dereference before null check
>
> ok?
ok kettenis@
> Index: uvm/uvm_map.c
> ===================================================================
> RCS file: /cvs/src/sys/uvm/uvm_map.c,v
> retrieving revision 1.263
> diff -u -p -u -2 -0 -r1.263 uvm_map.c
> --- uvm/uvm_map.c 4 Mar 2020 21:15:38 -0000 1.263
> +++ uvm/uvm_map.c 24 Mar 2020 15:06:26 -0000
> @@ -1736,44 +1736,41 @@ uvm_mapent_alloc(struct vm_map *map, int
> }
> me = SLIST_FIRST(&uvm.kentry_free);
> SLIST_REMOVE_HEAD(&uvm.kentry_free, daddrs.addr_kentry);
> uvmexp.kmapent++;
> mtx_leave(&uvm_kmapent_mtx);
> me->flags = UVM_MAP_STATIC;
> } else if (map == kernel_map) {
> splassert(IPL_NONE);
> me = pool_get(&uvm_map_entry_kmem_pool, pool_flags);
> if (me == NULL)
> goto out;
> me->flags = UVM_MAP_KMEM;
> } else {
> splassert(IPL_NONE);
> me = pool_get(&uvm_map_entry_pool, pool_flags);
> if (me == NULL)
> goto out;
> me->flags = 0;
> }
>
> - if (me != NULL) {
> - RBT_POISON(uvm_map_addr, me, UVMMAP_DEADBEEF);
> - }
> -
> + RBT_POISON(uvm_map_addr, me, UVMMAP_DEADBEEF);
> out:
> return(me);
> }
>
> /*
> * uvm_mapent_free: free map entry
> *
> * => XXX: static pool for kernel map?
> */
> void
> uvm_mapent_free(struct vm_map_entry *me)
> {
> if (me->flags & UVM_MAP_STATIC) {
> mtx_enter(&uvm_kmapent_mtx);
> SLIST_INSERT_HEAD(&uvm.kentry_free, me, daddrs.addr_kentry);
> uvmexp.kmapent--;
> mtx_leave(&uvm_kmapent_mtx);
> } else if (me->flags & UVM_MAP_KMEM) {
> splassert(IPL_NONE);
> pool_put(&uvm_map_entry_kmem_pool, me);
>
>
