RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-31 13:18:13 +00:00
Code Issues Activity Actions

Kernel: Remove regions from the region tree after failing to map them

Browse source 
At the point at which we try to map the Region it was already added to
the Process region tree, so we have to make sure to remove it before
freeing it in the mapping failure path, otherwise the tree will contain
a dangling pointer to the free'd instance.
This commit is contained in:
Idan Horowitz 2022-08-15 01:32:45 +03:00 committed by Andreas Kling
parent ae8f1c7dc8
commit 4edae21bd1
1 changed files with 8 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

9
Kernel/Memory/AddressSpace.cpp
View file

@ -217,7 +217,14 @@ ErrorOr<Region*> AddressSpace::allocate_region_with_vmobject(RandomizeVirtualAdd
SpinlockLocker mm_locker(s_mm_lock);
region->set_page_directory(page_directory());
} else {
TRY(region->map(page_directory(), ShouldFlushTLB::No));
auto result = region->map(page_directory(), ShouldFlushTLB::No);
if (result.is_error()) [[unlikely]] {
// At this point the region is already part of the Process region tree, so we have to make sure
// we remove it from the tree before returning this error, or else the Region tree will contain
// a dangling pointer to the free'd Region instance
m_region_tree.remove(*region);
return result.release_error();
}
}
return region.leak_ptr();
}