diff options
author | Idan Horowitz <idan.horowitz@gmail.com> | 2022-08-15 01:32:45 +0300 |
---|---|---|
committer | Andreas Kling <kling@serenityos.org> | 2022-08-15 02:42:28 +0200 |
commit | 4edae21bd13ea17290990f2730670f7fd035b18f (patch) | |
tree | aa5482bc43c5344b1543c4be81e2a4c251a1e55e /Kernel/Memory/AddressSpace.cpp | |
parent | ae8f1c7dc88e5bd79fb3e232e540ddc3dd2f1c11 (diff) | |
download | serenity-4edae21bd13ea17290990f2730670f7fd035b18f.zip |
Kernel: Remove regions from the region tree after failing to map them
At the point at which we try to map the Region it was already added to
the Process region tree, so we have to make sure to remove it before
freeing it in the mapping failure path, otherwise the tree will contain
a dangling pointer to the free'd instance.
Diffstat (limited to 'Kernel/Memory/AddressSpace.cpp')
-rw-r--r-- | Kernel/Memory/AddressSpace.cpp | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/Kernel/Memory/AddressSpace.cpp b/Kernel/Memory/AddressSpace.cpp index 7f3bb554e0..01964f324b 100644 --- a/Kernel/Memory/AddressSpace.cpp +++ b/Kernel/Memory/AddressSpace.cpp @@ -217,7 +217,14 @@ ErrorOr<Region*> AddressSpace::allocate_region_with_vmobject(RandomizeVirtualAdd SpinlockLocker mm_locker(s_mm_lock); region->set_page_directory(page_directory()); } else { - TRY(region->map(page_directory(), ShouldFlushTLB::No)); + auto result = region->map(page_directory(), ShouldFlushTLB::No); + if (result.is_error()) [[unlikely]] { + // At this point the region is already part of the Process region tree, so we have to make sure + // we remove it from the tree before returning this error, or else the Region tree will contain + // a dangling pointer to the free'd Region instance + m_region_tree.remove(*region); + return result.release_error(); + } } return region.leak_ptr(); } |