Page MenuHomeFreeBSD
Differential D55076

vm_phys: Check `RB_FIND()` return value in case it is NULL
ClosedPublic
Actions

Authored by dumbbell on Feb 3 2026, 12:10 PM.
Tags
None
Referenced Files
F151383246: D55076.id171058.diff
Wed, Apr 8, 1:15 AM
Unknown Object (File)
Tue, Apr 7, 3:10 AM
Unknown Object (File)
Tue, Apr 7, 2:23 AM
Unknown Object (File)
Sun, Apr 5, 1:40 AM
Unknown Object (File)
Tue, Mar 24, 2:24 AM
Unknown Object (File)
Wed, Mar 18, 8:22 AM
Unknown Object (File)
Fri, Mar 13, 7:12 PM
Unknown Object (File)
Mar 1 2026, 2:14 PM
View All 20 Files
Subscribers
imp

Details

Reviewers
emaste
Group Reviewers
linuxkpi
Commits
rG465ba08bb537: vm_phys: Check `RB_FIND()` return value in case it is NULL
Summary

When trying to unregister a fictitious range in vm_phys_fictitious_unreg_range(), the function checks the properties of the looked up segment, but it does not check if a segment was found in the first place.

This can happen with the amdgpu DRM driver which could call vm_phys_fictitious_unreg_range() without a fictitious range registered if the initialisation of the driver failed (for example because firmwares are unavailable).

The code in the DRM driver was improved to avoid that, but vm_phys_fictitious_unreg_range() should still check the return value of RB_FIND() before trying to dereference the segment pointer and panic with a page fault.

Sponsored by: The FreeBSD Foundation

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
sys/
vm/
2 lines

Diff 171070

View Options

sys/vm/vm_phys.c

Loading...