On Wed, Jan 03, 2001 at 10:07:58PM -0500, Chuck Cranor wrote:

 > one of the issues left in my mind is what about the remaining
 > pmap_enter() calls that were not converted to PMAP_CANFAIL?  would
 > removing the error protection open the kernel up more to an attack by
 > a malicious program (esp related to kernel memory allocation)?
 > looking at the code there are plain calls in uvm_bio.c, uvm_km.c, and
 > uvm_pager.c.

I can possibly see an argument for PV entries... but not for PT pages,
since kernel PT pages are always pre-allocated.

...but there's still a problem -- once you've run out of mappings to
steal, you STILL panic... so, you can "recover" for a while, but not
forever.  I guess for those cases, you want the caller to decide to
return NULL or panic or whatever.

-- 
        -- Jason R. Thorpe <thorpej@zembu.com>