From: gkoehler <gkoehler@openbsd.org>
Date: Mon, 6 Feb 2023 06:41:38 +0000 (+0000)
Subject: Add missing check for pg != NULL
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=7c6a291384345490aa2fe06dfa14678b608d6b30;p=openbsd

Add missing check for pg != NULL

The code was reading pg->pg_flags, so clang assumed pg != NULL, then
optimized a later "if (pg != NULL)" to "if (1)", and allowed a call to
pmap_enter_pv(pted, NULL).  Such a call can freeze bsd.mp by trying to
lock NULL's ((struct mutex *)0x3c).  I froze bsd.mp this way by
starting Xorg on a macppc with nv(4) or r128(4) video, as it tried to
mmap the xf86(4) aperture.

ok miod@
---

diff --git a/sys/arch/powerpc/powerpc/pmap.c b/sys/arch/powerpc/powerpc/pmap.c
index ee143a4de5e..e47eafa9829 100644
--- a/sys/arch/powerpc/powerpc/pmap.c
+++ b/sys/arch/powerpc/powerpc/pmap.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pmap.c,v 1.180 2023/01/31 15:18:55 deraadt Exp $ */
+/*	$OpenBSD: pmap.c,v 1.181 2023/02/06 06:41:38 gkoehler Exp $ */
 
 /*
  * Copyright (c) 2015 Martin Pieuchot
@@ -576,7 +576,7 @@ pmap_enter(pmap_t pm, vaddr_t va, paddr_t pa, vm_prot_t prot, int flags)
 	}
 
 	pg = PHYS_TO_VM_PAGE(pa);
-	if (pg->pg_flags & PG_PMAP_UC)
+	if (pg != NULL && (pg->pg_flags & PG_PMAP_UC))
 		nocache = TRUE;
 	if (wt)
 		cache = PMAP_CACHE_WT;