From nobody Thu Jul 20 14:12:13 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4R6F4Y5Zkyz4nqjM; Thu, 20 Jul 2023 14:12:13 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4R6F4Y3y0Xz3R2L; Thu, 20 Jul 2023 14:12:13 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1689862333; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=uU1BW/5atvujpVPuQQsFahOcwaLwgquIjeOvmw0r/G4=; b=YShh8c4cM6ppRfJGL7Q1kwMdimBhBE4cDYno/Ivua/9O+T/7kb/lIjDBay25md1KOv2vZV EgYTGN5uQ53PBx8CXZ6fXPsfeh/DsIhby8x6uFo0AJVVcReL/mdeq7SiBAdP1lNPYPRHHd N3DEN+r2ZJ10oWByPK6X9nOF4BCsTeo2VXvrYbnl/7wK0YVFlYo6gpE0SP4l647GOBZi7X JE57AHxS8uRAwvSFZb1Oaciqe5TOGum6jaAgRbO3Wz9xSDFdJRTbsloJclQT+jpuEMfPwK bDYI0yXozFq6TpfYvjaDbxDqHY0aBTgjt00CKwfaOuAbHYGWMy5bLwlRnbpZOw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1689862333; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=uU1BW/5atvujpVPuQQsFahOcwaLwgquIjeOvmw0r/G4=; b=s1k52jTNAiE5etv2yW+UdoSSWZdQ90gaod6gYOpTDvCrp+dPKgOqhjg1jcvxaogfFFLAkH xcorvkOvnvXZF05WXlAnIMuy0PdP4OYbPJb4nyduLyqmXJkY/eRLswDlxaI8jlzLm/i1j1 edSl0wE2sDV7IkldfGOtq2dNJszAhLYZElq0WZRHGLhDIBQ2jVsjmP8Mvi8X51KNLeYlvy 67xDtij4ZnjAo8auZiVuUXmGK4afF1Pb8lKP4H5X8m5wH8sTagzht/d3rDN7J/9E2+B6zi p5d2h79lQm4swwcpdHDdfv2InE8hi/+YHwBgyotQoUOYicU//RilkCff26vfGQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1689862333; a=rsa-sha256; cv=none; b=BpUnslLWcsuSEjlBSR6YlYkwnlOVk6HtR3PrJ9oQ8DrSaTHnsJJ8bbxIJA0elgw0sM/3XF taUYSiC/98TWeVM3quic0hpfAIgG0JB/WXoJw1Ztg4prWVHc1d5nG6msVe1t1ld/f26E9c 5lPGL9Tc8MZjUdPYyJBdtuMWB/JQjH4qg183ekyJK1mm8flWQ/KF7xlBpcCsHnzTuDqbDn FG/Wch7LgK9UymUAW7dAGTP32Yv0wR144ozNTv4eHm7C0bwkwtox85Jvn2Px9XaiM/JeF0 fmjHvXJZzOjeEbqMZwXfM90gZn5fwUy7lcaVOQ3H7lsYHJ2/OkWX2Z7YI6q+/g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4R6F4Y31dLzYgl; Thu, 20 Jul 2023 14:12:13 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 36KECDko084919; Thu, 20 Jul 2023 14:12:13 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 36KECDSU084918; Thu, 20 Jul 2023 14:12:13 GMT (envelope-from git) Date: Thu, 20 Jul 2023 14:12:13 GMT Message-Id: <202307201412.36KECDSU084918@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Konstantin Belousov Subject: git: 21e45c30c35c - main - mmap(MAP_STACK): on stack grow, use original protection List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kib X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 21e45c30c35c9aa732073f725924caf581c93460 Auto-Submitted: auto-generated The branch main has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=21e45c30c35c9aa732073f725924caf581c93460 commit 21e45c30c35c9aa732073f725924caf581c93460 Author: Konstantin Belousov AuthorDate: 2023-07-19 11:05:32 +0000 Commit: Konstantin Belousov CommitDate: 2023-07-20 14:11:42 +0000 mmap(MAP_STACK): on stack grow, use original protection If mprotect(2) changed protection in the bottom of the currently grown stack region, currently the changed protection would be used for the stack grow on next fault. This is arguably unexpected. Store the original protection for the entry at mmap(2) time in the offset member of the gap vm_map_entry, and use it for protection of the grown stack region. PR: 272585 Reported by: John F. Carr Reviewed by: alc, markj Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D41089 --- sys/vm/vm_map.c | 24 ++++++++++++++++-------- sys/vm/vm_map.h | 4 ++++ 2 files changed, 20 insertions(+), 8 deletions(-) diff --git a/sys/vm/vm_map.c b/sys/vm/vm_map.c index a02107b5e64d..997a49111a59 100644 --- a/sys/vm/vm_map.c +++ b/sys/vm/vm_map.c @@ -4493,7 +4493,7 @@ static int vm_map_stack_locked(vm_map_t map, vm_offset_t addrbos, vm_size_t max_ssize, vm_size_t growsize, vm_prot_t prot, vm_prot_t max, int cow) { - vm_map_entry_t new_entry, prev_entry; + vm_map_entry_t gap_entry, new_entry, prev_entry; vm_offset_t bot, gap_bot, gap_top, top; vm_size_t init_ssize, sgp; int orient, rv; @@ -4575,11 +4575,14 @@ vm_map_stack_locked(vm_map_t map, vm_offset_t addrbos, vm_size_t max_ssize, * read-ahead logic is never used for it. Re-use * next_read of the gap entry to store * stack_guard_page for vm_map_growstack(). + * Similarly, since a gap cannot have a backing object, + * store the original stack protections in the + * object offset. */ - if (orient == MAP_STACK_GROWS_DOWN) - vm_map_entry_pred(new_entry)->next_read = sgp; - else - vm_map_entry_succ(new_entry)->next_read = sgp; + gap_entry = orient == MAP_STACK_GROWS_DOWN ? + vm_map_entry_pred(new_entry) : vm_map_entry_succ(new_entry); + gap_entry->next_read = sgp; + gap_entry->offset = prot; } else { (void)vm_map_delete(map, bot, top); } @@ -4599,6 +4602,7 @@ vm_map_growstack(vm_map_t map, vm_offset_t addr, vm_map_entry_t gap_entry) struct ucred *cred; vm_offset_t gap_end, gap_start, grow_start; vm_size_t grow_amount, guard, max_grow; + vm_prot_t prot; rlim_t lmemlim, stacklim, vmemlim; int rv, rv1 __diagused; bool gap_deleted, grow_down, is_procstack; @@ -4739,6 +4743,12 @@ retry: } if (grow_down) { + /* + * The gap_entry "offset" field is overloaded. See + * vm_map_stack_locked(). + */ + prot = gap_entry->offset; + grow_start = gap_entry->end - grow_amount; if (gap_entry->start + grow_amount == gap_entry->end) { gap_start = gap_entry->start; @@ -4751,9 +4761,7 @@ retry: gap_deleted = false; } rv = vm_map_insert(map, NULL, 0, grow_start, - grow_start + grow_amount, - stack_entry->protection, stack_entry->max_protection, - MAP_STACK_GROWS_DOWN); + grow_start + grow_amount, prot, prot, MAP_STACK_GROWS_DOWN); if (rv != KERN_SUCCESS) { if (gap_deleted) { rv1 = vm_map_insert(map, NULL, 0, gap_start, diff --git a/sys/vm/vm_map.h b/sys/vm/vm_map.h index fd8b606e8ddc..c4ed36ce57ba 100644 --- a/sys/vm/vm_map.h +++ b/sys/vm/vm_map.h @@ -97,6 +97,10 @@ union vm_map_object { * a VM object (or sharing map) and offset into that object, * and user-exported inheritance and protection information. * Also included is control information for virtual copy operations. + * + * For stack gap map entries (MAP_ENTRY_GUARD | MAP_ENTRY_GROWS_DOWN + * or UP), the next_read member is reused as the stack_guard_page + * storage, and offset is the stack protection. */ struct vm_map_entry { struct vm_map_entry *left; /* left child or previous entry */