summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorMartin Pieuchot <mpi@cvs.openbsd.org>2024-04-16 08:53:03 +0000
committerMartin Pieuchot <mpi@cvs.openbsd.org>2024-04-16 08:53:03 +0000
commit24fa894f29740c8b4143233f6003dc9d28834169 (patch)
tree12fb671a8166ccba12f0b44ced00c3a4ef00615c /sys
parent1dff650f39a64387f01ee36fe46137289f99bce2 (diff)
Prevent a NULL dereference in error code path.
Under memory pressure allocating an amap chunk can fail. In such case it is not possible to call amap_wipeout() because the newly allocated amap isn't yet on the global list. Issue reported by bluhm@, ok jsg@
Diffstat (limited to 'sys')
-rw-r--r--sys/uvm/uvm_amap.c9
1 files changed, 5 insertions, 4 deletions
diff --git a/sys/uvm/uvm_amap.c b/sys/uvm/uvm_amap.c
index 63dc8534081..fb85a3c91a8 100644
--- a/sys/uvm/uvm_amap.c
+++ b/sys/uvm/uvm_amap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: uvm_amap.c,v 1.92 2023/04/11 00:45:09 jsg Exp $ */
+/* $OpenBSD: uvm_amap.c,v 1.93 2024/04/16 08:53:02 mpi Exp $ */
/* $NetBSD: uvm_amap.c,v 1.27 2000/11/25 06:27:59 chs Exp $ */
/*
@@ -662,9 +662,10 @@ amap_copy(struct vm_map *map, struct vm_map_entry *entry, int waitf,
chunk = amap_chunk_get(amap, lcv, 1, PR_NOWAIT);
if (chunk == NULL) {
- /* amap_wipeout() releases the lock. */
- amap->am_ref = 0;
- amap_wipeout(amap);
+ amap_unlock(srcamap);
+ /* Destroy the new amap. */
+ amap->am_ref--;
+ amap_free(amap);
return;
}