Author: dougm Date: Mon Jun 10 21:26:14 2019 New Revision: 348879 URL: https://svnweb.freebsd.org/changeset/base/348879
Log: Change the check for 'size' wrapping around to zero in kern_mmap to account for both the lower and upper bound modifications. Change the error returned to ENOMEM. Rename the parameter size to len and make size a local variable that stores the value of len after it has been modified. This addresses concerns expressed by Bruce Evans after r348843. Reported by: b...@optusnet.com.au Reviewed by: kib, markj (mentors) MFC after: 3 days Relnotes: yes Differential Revision: https://reviews.freebsd.org/D20592 Modified: head/sys/sys/syscallsubr.h head/sys/vm/vm_mmap.c Modified: head/sys/sys/syscallsubr.h ============================================================================== --- head/sys/sys/syscallsubr.h Mon Jun 10 21:24:38 2019 (r348878) +++ head/sys/sys/syscallsubr.h Mon Jun 10 21:26:14 2019 (r348879) @@ -173,7 +173,7 @@ int kern_mknodat(struct thread *td, int fd, const char enum uio_seg pathseg, int mode, dev_t dev); int kern_mlock(struct proc *proc, struct ucred *cred, uintptr_t addr, size_t len); -int kern_mmap(struct thread *td, uintptr_t addr, size_t size, int prot, +int kern_mmap(struct thread *td, uintptr_t addr, size_t len, int prot, int flags, int fd, off_t pos); int kern_mprotect(struct thread *td, uintptr_t addr, size_t size, int prot); int kern_msgctl(struct thread *, int, int, struct msqid_ds *); Modified: head/sys/vm/vm_mmap.c ============================================================================== --- head/sys/vm/vm_mmap.c Mon Jun 10 21:24:38 2019 (r348878) +++ head/sys/vm/vm_mmap.c Mon Jun 10 21:26:14 2019 (r348879) @@ -179,13 +179,13 @@ sys_mmap(struct thread *td, struct mmap_args *uap) } int -kern_mmap(struct thread *td, uintptr_t addr0, size_t size, int prot, int flags, +kern_mmap(struct thread *td, uintptr_t addr0, size_t len, int prot, int flags, int fd, off_t pos) { struct vmspace *vms; struct file *fp; vm_offset_t addr; - vm_size_t pageoff; + vm_size_t pageoff, size; vm_prot_t cap_maxprot; int align, error; cap_rights_t rights; @@ -210,7 +210,7 @@ kern_mmap(struct thread *td, uintptr_t addr0, size_t s * pos. */ if (!SV_CURPROC_FLAG(SV_AOUT)) { - if ((size == 0 && curproc->p_osrel >= P_OSREL_MAP_ANON) || + if ((len == 0 && curproc->p_osrel >= P_OSREL_MAP_ANON) || ((flags & MAP_ANON) != 0 && (fd != -1 || pos != 0))) return (EINVAL); } else { @@ -255,12 +255,12 @@ kern_mmap(struct thread *td, uintptr_t addr0, size_t s pageoff = (pos & PAGE_MASK); pos -= pageoff; - /* Adjust size for rounding (on both ends). */ - size += pageoff; /* low end... */ - /* Check for rounding up to zero. */ - if (round_page(size) < size) - return (EINVAL); + /* Compute size from len by rounding (on both ends). */ + size = len + pageoff; /* low end... */ size = round_page(size); /* hi end */ + /* Check for rounding up to zero. */ + if (len < size) + return (ENOMEM); /* Ensure alignment is at least a page and fits in a pointer. */ align = flags & MAP_ALIGNMENT_MASK; @@ -317,7 +317,7 @@ kern_mmap(struct thread *td, uintptr_t addr0, size_t s addr = round_page((vm_offset_t)vms->vm_daddr + lim_max(td, RLIMIT_DATA)); } - if (size == 0) { + if (len == 0) { /* * Return success without mapping anything for old * binaries that request a page-aligned mapping of _______________________________________________ svn-src-head@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
