Mercurial > illumos > illumos-gate

changeset 3183:e066f975b8da

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
6496754 zfod_segvn_crargs overwrite may cause panic
author susans
date Mon, 27 Nov 2006 17:14:00 -0800
parents 175d080807a8
children 182e493de99b
files usr/src/uts/common/vm/vm_as.c
diffstat 1 files changed, 5 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/usr/src/uts/common/vm/vm_as.c	Mon Nov 27 16:54:30 2006 -0800
+++ b/usr/src/uts/common/vm/vm_as.c	Mon Nov 27 17:14:00 2006 -0800
@@ -1692,6 +1692,7 @@
 	int error;
 	int unmap = 0;
 	struct proc *p = curproc;
+	struct segvn_crargs crargs;
 
 	raddr = (caddr_t)((uintptr_t)addr & (uintptr_t)PAGEMASK);
 	rsize = (((size_t)(addr + size) + PAGEOFFSET) & PAGEMASK) -
@@ -1718,8 +1719,8 @@
 	}
 
 	if (AS_MAP_CHECK_VNODE_LPOOB(crfp, argsp)) {
-		error = as_map_vnsegs(as, raddr, rsize, crfp,
-		    (struct segvn_crargs *)argsp, &unmap);
+		crargs = *(struct segvn_crargs *)argsp;
+		error = as_map_vnsegs(as, raddr, rsize, crfp, &crargs, &unmap);
 		if (error != 0) {
 			AS_LOCK_EXIT(as, &as->a_lock);
 			if (unmap) {
@@ -1728,8 +1729,8 @@
 			return (error);
 		}
 	} else if (AS_MAP_CHECK_ANON_LPOOB(crfp, argsp)) {
-		error = as_map_ansegs(as, raddr, rsize, crfp,
-		    (struct segvn_crargs *)argsp, &unmap);
+		crargs = *(struct segvn_crargs *)argsp;
+		error = as_map_ansegs(as, raddr, rsize, crfp, &crargs, &unmap);
 		if (error != 0) {
 			AS_LOCK_EXIT(as, &as->a_lock);
 			if (unmap) {