Re: git: c718009884b3 - main - vm_map.c: plug several more places which might modify entry->offset
Date: Fri, 18 Aug 2023 13:16:40 UTC
> On 18. Aug 2023, at 14:44, Konstantin Belousov <kib@FreeBSD.org> wrote: > > The branch main has been updated by kib: > > URL: https://cgit.FreeBSD.org/src/commit/?id=c718009884b3d65528deaff24712cbf98e3be656 > > commit c718009884b3d65528deaff24712cbf98e3be656 > Author: Konstantin Belousov <kib@FreeBSD.org> > AuthorDate: 2023-08-15 19:05:33 +0000 > Commit: Konstantin Belousov <kib@FreeBSD.org> > CommitDate: 2023-08-18 12:43:35 +0000 > > vm_map.c: plug several more places which might modify entry->offset > > for the GUARD entries protecting stacks gaps. > > syzkaller: https://syzkaller.appspot.com/bug?extid=c325d6a75e4fd0a68714 > Reviewed by: dougm, markj (previous version) > Tested by: pho (previous version) > Sponsored by: The FreeBSD Foundation > MFC after: 1 week > Differential revision: https://reviews.freebsd.org/D41475 > --- > sys/vm/vm_map.c | 13 ++++++++++--- > 1 file changed, 10 insertions(+), 3 deletions(-) > > diff --git a/sys/vm/vm_map.c b/sys/vm/vm_map.c > index 252b58ad2924..f609d1fd68d7 100644 > --- a/sys/vm/vm_map.c > +++ b/sys/vm/vm_map.c > @@ -1413,7 +1413,9 @@ vm_map_entry_link(vm_map_t map, vm_map_entry_t entry) > KASSERT(entry->end < root->end, > ("%s: clip_start not within entry", __func__)); > vm_map_splay_findprev(root, &llist); > - root->offset += entry->end - root->start; > + if ((root->eflags & (MAP_ENTRY_STACK_GAP_DN | > + MAP_ENTRY_STACK_GAP_UP)) == 0) > + root->offset += entry->end - root->start; > root->start = entry->end; > max_free_left = vm_map_splay_merge_pred(header, entry, llist); > max_free_right = root->max_free = vm_size_max( > @@ -1429,7 +1431,9 @@ vm_map_entry_link(vm_map_t map, vm_map_entry_t entry) > KASSERT(entry->end == root->end, > ("%s: clip_start not within entry", __func__)); > vm_map_splay_findnext(root, &rlist); > - entry->offset += entry->start - root->start; > + if ((entry->eflags & (MAP_ENTRY_STACK_GAP_DN | > + MAP_ENTRY_STACK_GAP_UP)) == 0) > + entry->offset += entry->start - root->start; > root->end = entry->start; > max_free_left = root->max_free = vm_size_max( > vm_map_splay_merge_left(header, root, llist), > @@ -1463,6 +1467,8 @@ vm_map_entry_unlink(vm_map_t map, vm_map_entry_t entry, > vm_map_splay_findnext(root, &rlist); > if (op == UNLINK_MERGE_NEXT) { > rlist->start = root->start; > + MPASS((rlist->eflags & (MAP_ENTRY_STACK_GAP_DN | > + MAP_ENTRY_STACK_GAP_UP) == 0); This breaks compilation. I guess it should be + MPASS((rlist->eflags & (MAP_ENTRY_STACK_GAP_DN | + MAP_ENTRY_STACK_GAP_UP)) == 0); Best regards Michael > rlist->offset = root->offset; > } > if (llist != header) { > @@ -3103,7 +3109,8 @@ vm_map_madvise( > entry = vm_map_entry_succ(entry)) { > vm_offset_t useEnd, useStart; > > - if ((entry->eflags & MAP_ENTRY_IS_SUB_MAP) != 0) > + if ((entry->eflags & (MAP_ENTRY_IS_SUB_MAP | > + MAP_ENTRY_GUARD)) != 0) > continue; > > /*