svn commit: r348879 - in head/sys: sys vm
Doug Moore
dougm at FreeBSD.org
Mon Jun 10 21:26:15 UTC 2019
Author: dougm
Date: Mon Jun 10 21:26:14 2019
New Revision: 348879
URL: https://svnweb.freebsd.org/changeset/base/348879
Log:
Change the check for 'size' wrapping around to zero in kern_mmap to account
for both the lower and upper bound modifications. Change the error returned
to ENOMEM. Rename the parameter size to len and make size a local variable
that stores the value of len after it has been modified.
This addresses concerns expressed by Bruce Evans after r348843.
Reported by: brde at optusnet.com.au
Reviewed by: kib, markj (mentors)
MFC after: 3 days
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D20592
Modified:
head/sys/sys/syscallsubr.h
head/sys/vm/vm_mmap.c
Modified: head/sys/sys/syscallsubr.h
==============================================================================
--- head/sys/sys/syscallsubr.h Mon Jun 10 21:24:38 2019 (r348878)
+++ head/sys/sys/syscallsubr.h Mon Jun 10 21:26:14 2019 (r348879)
@@ -173,7 +173,7 @@ int kern_mknodat(struct thread *td, int fd, const char
enum uio_seg pathseg, int mode, dev_t dev);
int kern_mlock(struct proc *proc, struct ucred *cred, uintptr_t addr,
size_t len);
-int kern_mmap(struct thread *td, uintptr_t addr, size_t size, int prot,
+int kern_mmap(struct thread *td, uintptr_t addr, size_t len, int prot,
int flags, int fd, off_t pos);
int kern_mprotect(struct thread *td, uintptr_t addr, size_t size, int prot);
int kern_msgctl(struct thread *, int, int, struct msqid_ds *);
Modified: head/sys/vm/vm_mmap.c
==============================================================================
--- head/sys/vm/vm_mmap.c Mon Jun 10 21:24:38 2019 (r348878)
+++ head/sys/vm/vm_mmap.c Mon Jun 10 21:26:14 2019 (r348879)
@@ -179,13 +179,13 @@ sys_mmap(struct thread *td, struct mmap_args *uap)
}
int
-kern_mmap(struct thread *td, uintptr_t addr0, size_t size, int prot, int flags,
+kern_mmap(struct thread *td, uintptr_t addr0, size_t len, int prot, int flags,
int fd, off_t pos)
{
struct vmspace *vms;
struct file *fp;
vm_offset_t addr;
- vm_size_t pageoff;
+ vm_size_t pageoff, size;
vm_prot_t cap_maxprot;
int align, error;
cap_rights_t rights;
@@ -210,7 +210,7 @@ kern_mmap(struct thread *td, uintptr_t addr0, size_t s
* pos.
*/
if (!SV_CURPROC_FLAG(SV_AOUT)) {
- if ((size == 0 && curproc->p_osrel >= P_OSREL_MAP_ANON) ||
+ if ((len == 0 && curproc->p_osrel >= P_OSREL_MAP_ANON) ||
((flags & MAP_ANON) != 0 && (fd != -1 || pos != 0)))
return (EINVAL);
} else {
@@ -255,12 +255,12 @@ kern_mmap(struct thread *td, uintptr_t addr0, size_t s
pageoff = (pos & PAGE_MASK);
pos -= pageoff;
- /* Adjust size for rounding (on both ends). */
- size += pageoff; /* low end... */
- /* Check for rounding up to zero. */
- if (round_page(size) < size)
- return (EINVAL);
+ /* Compute size from len by rounding (on both ends). */
+ size = len + pageoff; /* low end... */
size = round_page(size); /* hi end */
+ /* Check for rounding up to zero. */
+ if (len < size)
+ return (ENOMEM);
/* Ensure alignment is at least a page and fits in a pointer. */
align = flags & MAP_ALIGNMENT_MASK;
@@ -317,7 +317,7 @@ kern_mmap(struct thread *td, uintptr_t addr0, size_t s
addr = round_page((vm_offset_t)vms->vm_daddr +
lim_max(td, RLIMIT_DATA));
}
- if (size == 0) {
+ if (len == 0) {
/*
* Return success without mapping anything for old
* binaries that request a page-aligned mapping of
More information about the svn-src-all
mailing list