Page MenuHomeFreeBSD
Differential D55076

vm_phys: Check `RB_FIND()` return value in case it is NULL
ClosedPublic
Actions

Authored by dumbbell on Feb 3 2026, 12:10 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Mar 1, 2:14 PM
Unknown Object (File)
Thu, Feb 26, 2:02 AM
Unknown Object (File)
Thu, Feb 26, 1:42 AM
Unknown Object (File)
Mon, Feb 23, 2:42 PM
Unknown Object (File)
Thu, Feb 12, 1:58 PM
Unknown Object (File)
Wed, Feb 11, 3:58 AM
Unknown Object (File)
Sun, Feb 8, 11:05 AM
Unknown Object (File)
Feb 3 2026, 11:55 PM
View All 13 Files
Subscribers
imp

Details

Reviewers
emaste
Group Reviewers
linuxkpi
Commits
rG465ba08bb537: vm_phys: Check `RB_FIND()` return value in case it is NULL
Summary

When trying to unregister a fictitious range in vm_phys_fictitious_unreg_range(), the function checks the properties of the looked up segment, but it does not check if a segment was found in the first place.

This can happen with the amdgpu DRM driver which could call vm_phys_fictitious_unreg_range() without a fictitious range registered if the initialisation of the driver failed (for example because firmwares are unavailable).

The code in the DRM driver was improved to avoid that, but vm_phys_fictitious_unreg_range() should still check the return value of RB_FIND() before trying to dereference the segment pointer and panic with a page fault.

Sponsored by: The FreeBSD Foundation

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
sys/
vm/
2 lines

Diff 171070

View Options

sys/vm/vm_phys.c

Loading...