From nobody Thu Jul 20 18:38:03 2023
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4R6LzQ1b1Cz4p1NC;
	Thu, 20 Jul 2023 18:38:10 +0000 (UTC)
	(envelope-from garyj@gmx.de)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "mout.gmx.net", Issuer "Telekom Security ServerID OV Class 2 CA" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4R6LzP5Cwgz3vS2;
	Thu, 20 Jul 2023 18:38:09 +0000 (UTC)
	(envelope-from garyj@gmx.de)
Authentication-Results: mx1.freebsd.org;
	none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.de;
 s=s31663417; t=1689878284; x=1690483084; i=garyj@gmx.de;
 bh=FZeElCvFs0bGg9K8gbIoOxxtK4fSUNX+tq59CqCpPus=;
 h=X-UI-Sender-Class:Date:From:To:Cc:Subject:In-Reply-To:References:Reply-
 To;
 b=bBILZsew9+IDZeHKiU+WmR7IIZrH7AwosvZwGq3Zx267OLtwMPpYIemU6ZrIfKIZCtZytuZ
 nWCDc2DIqbUk5FZ2ZEDCqgwbRx8/AoxS5xUfncl6lFcH/13N+hA7y9A0yKdkCHga8ex1vBH9Z
 lHDssah7fWDamfN1YX40/pWkJG2hoTNpAYuu7EwpUwzLW9tQRfCvhyrl92uytOChT5a7D84xJ
 /tB5s14wtG+ZtAa+081XpvDNkFcx26la8kvAvwo0MhN5ihCgOxrcbejk5yo0dbQmFr+K1RQaX
 e/KRBKVlRhJjbFPW0hqtzJaik69LHglzO0VHYpmTPScRG7sf6VeA==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
Received: from ernst.home ([91.2.50.110]) by mail.gmx.net (mrgmx004
 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MuUj2-1q5ZgU0FMo-00rcIx; Thu, 20
 Jul 2023 20:38:04 +0200
Date: Thu, 20 Jul 2023 20:38:03 +0200
From: Gary Jennejohn <garyj@gmx.de>
To: Konstantin Belousov <kostikbel@gmail.com>
Cc: Cy Schubert <Cy.Schubert@cschubert.com>, src-committers@freebsd.org,
 dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org
Subject: Re: git: 21e45c30c35c - main - mmap(MAP_STACK): on stack grow, use
 original protection
Message-ID: <20230720203803.5af13f1d@ernst.home>
In-Reply-To: <ZLlwK0sM57aoE-cr@kib.kiev.ua>
References: <202307201412.36KECDSU084918@gitrepo.freebsd.org>
	<20230720163231.B1D4277@slippy.cwsent.com>
	<20230720164145.0CF1311F@slippy.cwsent.com>
	<20230720170624.B8F28DB@slippy.cwsent.com>
	<ZLlwK0sM57aoE-cr@kib.kiev.ua>
Reply-To: garyj@gmx.de
X-Mailer: Claws Mail 3.19.0 (GTK+ 2.24.33; amd64-portbld-freebsd14.0)
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-main@freebsd.org
X-BeenThere: dev-commits-src-main@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:SUaDsaYvdHbEoKhSwzkl/zPbG9sDsJ0y3dw2KCmgj4AsYH6A/0/
 7OmEigb3dtA+V/l7nK6r8lJfa4vohKhL6CnxeOUz05t7dN0+S/1VrephA61Z94gcgV03yJS
 kJeUzOXMCJeUBCwQCTZuV0Gb7LVi8IjCqwlBtGYY6eKaF0RGVDHsT6zLmSha+dKbpy7Ybbu
 TFYEH1Cw/E4JcgGdZoj7w==
X-Spam-Flag: NO
UI-OutboundReport: notjunk:1;M01:P0:E98sdG7LiG0=;2vDE57DyQ3HUMrTKJLvQc+BptzL
 4jgxS6vZJFRStKzmPvPD3d6sx9LlXcyIiDBC5vQ/rTTDZGaoEuIB/W44Co4Fv1Auis+OZ7A/b
 MKDCqRjfvrV9c4yjct0Ta1yHp7Ko8SpKOC/o5KtKXuWPR4JzDJOAOOl2NZn/COwDmgp/mRc3t
 YaVpsl/fJwS0N3eyU6fL9fdJ6pAgJpe/pwLHouPVNAyjDdmT2JEFpRJjOhL7ngyAGpVItGUed
 Osuxv26SkakKbEFAz7aeQwY1mjYXv4ClVqhIXnxBNy6eWUK2FZp/MaKtIip/UoNRbe/zDts+y
 6DREms6Opv8ApMGWcaiePmsSov1OMdxIG/KMbDG+3fhE1ae+CfoxPzu/v9FuZ99INcvAdNgBd
 p53HY0iIeX0NGGBaa2JNvbmeo+slOAKbGWWgo+4diGhugs/jC3jV8NImqqBbqM+rYYsFXWxGa
 niDfb+vCpIG1Hzk87R3vkpa08eRnhFzmHukBwSJfDmnQ8zilKNPQVZqhrhKE8k9Ze1Tuj9Iho
 TsI1CxvRVkpj7y62P8HzCRXM8rDXxKpc20zuVaakZhixHRcVBeNivTlgOuXbVqYlvKgxhMOr7
 qIJkT5HwT23zx85iIjYhL3stUKVAQPzwX5UcLcH/Gc7ZzkQvg8w7SXzjfhJ2YK2lTiPahdC4L
 4ORqveR0zT42lcXCkjiCjwpgTtluyNhrs+uP8Yu56vYc2DSfSa2wZSbFDhYFq4lVZgu2wC7/o
 dkV8pcBrTsS95Nr+UEvJMDGkPe42h/KIaw3P3pL4MvAPK1hFqT515OEfS7TvXpIDZv4NqlcN3
 kcZJtPbBSBNczopuskAgr99SHuUq/PmiGM46Zh9d7SnR5gzAkZk09zwOmN/IQfPp8TCb+gF0a
 N4myr7W8KjLukzpdKc8LUYGm6ovbXcHtUjW9ngIENs4JiJMUf6C6g5pwU471RRlGqCuA+kS3V
 mbvxwzxQAHlyr4EA6N707md5Bc0=
X-Rspamd-Queue-Id: 4R6LzP5Cwgz3vS2
X-Spamd-Bar: ----
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:8560, ipnet:212.227.0.0/16, country:DE]
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated

On Thu, 20 Jul 2023 20:34:35 +0300
Konstantin Belousov <kostikbel@gmail.com> wrote:

> On Thu, Jul 20, 2023 at 10:06:24AM -0700, Cy Schubert wrote:
> > In message <20230720164145.0CF1311F@slippy.cwsent.com>, Cy Schubert wr=
ites:
> > > In message <20230720163231.B1D4277@slippy.cwsent.com>, Cy Schubert w=
rites:
> > > > In message <202307201412.36KECDSU084918@gitrepo.freebsd.org>, Kons=
tantin
> > > > Belous
> > > > ov writes:
> > > > > The branch main has been updated by kib:
> > > > >
> > > > > URL: https://cgit.FreeBSD.org/src/commit/?id=3D21e45c30c35c9aa73=
2073f725924
> > > ca
> > > > f5
> > > > > 81c93460
> > > > >
> > > > > commit 21e45c30c35c9aa732073f725924caf581c93460
> > > > > Author:     Konstantin Belousov <kib@FreeBSD.org>
> > > > > AuthorDate: 2023-07-19 11:05:32 +0000
> > > > > Commit:     Konstantin Belousov <kib@FreeBSD.org>
> > > > > CommitDate: 2023-07-20 14:11:42 +0000
> > > > >
> > > > >     mmap(MAP_STACK): on stack grow, use original protection
> > > > >
> > > > >     If mprotect(2) changed protection in the bottom of the curre=
ntly grow
> > > n
> > > > >     stack region, currently the changed protection would be used=
 for the
> > > > >     stack grow on next fault.  This is arguably unexpected.
> > > > >
> > > > >     Store the original protection for the entry at mmap(2) time =
in the
> > > > >     offset member of the gap vm_map_entry, and use it for protec=
tion of t
> > > he
> > > > >     grown stack region.
> > > > >
> > > > >     PR:     272585
> > > > >     Reported by:    John F. Carr <jfc@mit.edu>
> > > > >     Reviewed by:    alc, markj
> > > > >     Sponsored by:   The FreeBSD Foundation
> > > > >     MFC after:      1 week
> > > > >     Differential revision:  https://reviews.freebsd.org/D41089
> > > > > ---
> > > > >  sys/vm/vm_map.c | 24 ++++++++++++++++--------
> > > > >  sys/vm/vm_map.h |  4 ++++
> > > > >  2 files changed, 20 insertions(+), 8 deletions(-)
> > > > >
> > > > > diff --git a/sys/vm/vm_map.c b/sys/vm/vm_map.c
> > > > > index a02107b5e64d..997a49111a59 100644
> > > > > --- a/sys/vm/vm_map.c
> > > > > +++ b/sys/vm/vm_map.c
> > > > > @@ -4493,7 +4493,7 @@ static int
> > > > >  vm_map_stack_locked(vm_map_t map, vm_offset_t addrbos, vm_size_=
t max_ssi
> > > ze
> > > > ,
> > > > >      vm_size_t growsize, vm_prot_t prot, vm_prot_t max, int cow)
> > > > >  {
> > > > > -	vm_map_entry_t new_entry, prev_entry;
> > > > > +	vm_map_entry_t gap_entry, new_entry, prev_entry;
> > > > >  	vm_offset_t bot, gap_bot, gap_top, top;
> > > > >  	vm_size_t init_ssize, sgp;
> > > > >  	int orient, rv;
> > > > > @@ -4575,11 +4575,14 @@ vm_map_stack_locked(vm_map_t map, vm_off=
set_t add
> > > rb
> > > > os
> > > > > , vm_size_t max_ssize,
> > > > >  		 * read-ahead logic is never used for it.  Re-use
> > > > >  		 * next_read of the gap entry to store
> > > > >  		 * stack_guard_page for vm_map_growstack().
> > > > > +		 * Similarly, since a gap cannot have a backing object,
> > > > > +		 * store the original stack protections in the
> > > > > +		 * object offset.
> > > > >  		 */
> > > > > -		if (orient =3D=3D MAP_STACK_GROWS_DOWN)
> > > > > -			vm_map_entry_pred(new_entry)->next_read =3D sgp;
> > > > > -		else
> > > > > -			vm_map_entry_succ(new_entry)->next_read =3D sgp;
> > > > > +		gap_entry =3D orient =3D=3D MAP_STACK_GROWS_DOWN ?
> > > > > +		    vm_map_entry_pred(new_entry) : vm_map_entry_succ(new_entr=
y)
> > > > > ;
> > > > > +		gap_entry->next_read =3D sgp;
> > > > > +		gap_entry->offset =3D prot;
> > > > >  	} else {
> > > > >  		(void)vm_map_delete(map, bot, top);
> > > > >  	}
> > > > > @@ -4599,6 +4602,7 @@ vm_map_growstack(vm_map_t map, vm_offset_t=
 addr, vm
> > > _m
> > > > ap
> > > > > _entry_t gap_entry)
> > > > >  	struct ucred *cred;
> > > > >  	vm_offset_t gap_end, gap_start, grow_start;
> > > > >  	vm_size_t grow_amount, guard, max_grow;
> > > > > +	vm_prot_t prot;
> > > > >  	rlim_t lmemlim, stacklim, vmemlim;
> > > > >  	int rv, rv1 __diagused;
> > > > >  	bool gap_deleted, grow_down, is_procstack;
> > > > > @@ -4739,6 +4743,12 @@ retry:
> > > > >  	}
> > > > >
> > > > >  	if (grow_down) {
> > > > > +		/*
> > > > > +		 * The gap_entry "offset" field is overloaded.  See
> > > > > +		 * vm_map_stack_locked().
> > > > > +		 */
> > > > > +		prot =3D gap_entry->offset;
> > > > > +
> > > > >  		grow_start =3D gap_entry->end - grow_amount;
> > > > >  		if (gap_entry->start + grow_amount =3D=3D gap_entry->end) {
> > > > >  			gap_start =3D gap_entry->start;
> > > > > @@ -4751,9 +4761,7 @@ retry:
> > > > >  			gap_deleted =3D false;
> > > > >  		}
> > > > >  		rv =3D vm_map_insert(map, NULL, 0, grow_start,
> > > > > -		    grow_start + grow_amount,
> > > > > -		    stack_entry->protection, stack_entry->max_protection,
> > > > > -		    MAP_STACK_GROWS_DOWN);
> > > > > +		    grow_start + grow_amount, prot, prot, MAP_STACK_GROWS_DOW=
N)
> > > > > ;
> > > > >  		if (rv !=3D KERN_SUCCESS) {
> > > > >  			if (gap_deleted) {
> > > > >  				rv1 =3D vm_map_insert(map, NULL, 0, gap_start,
> > > > > diff --git a/sys/vm/vm_map.h b/sys/vm/vm_map.h
> > > > > index fd8b606e8ddc..c4ed36ce57ba 100644
> > > > > --- a/sys/vm/vm_map.h
> > > > > +++ b/sys/vm/vm_map.h
> > > > > @@ -97,6 +97,10 @@ union vm_map_object {
> > > > >   *	a VM object (or sharing map) and offset into that object,
> > > > >   *	and user-exported inheritance and protection information.
> > > > >   *	Also included is control information for virtual copy operat=
ion
> > > s.
> > > > > + *
> > > > > + *	For stack gap map entries (MAP_ENTRY_GUARD | MAP_ENTRY_GROWS=
_DO
> > > WN
> > > > > + *	or UP), the next_read member is reused as the stack_guard_pa=
ge
> > > > > + *	storage, and offset is the stack protection.
> > > > >   */
> > > > >  struct vm_map_entry {
> > > > >  	struct vm_map_entry *left;	/* left child or previous entry */
> > > > >
> > > >
> > > > This commit has caused screen (sysutils/screen) to display the fol=
lowing
> > > > error when opening a new screen window (ctrl-A c):
> > > >
> > > > pid 28473 comm screen-4.9.0 has trashed its stack, killing
> > > >
> > > >
> > > > --
> > > > Cheers,
> > > > Cy Schubert <Cy.Schubert@cschubert.com>
> > > > FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  https://FreeBSD.org
> > > > NTP:           <cy@nwtime.org>    Web:  https://nwtime.org
> > > >
> > > > 			e^(i*pi)+1=3D0
> > > >
> > > >
> > >
> > > I'm also seeing artifacts in emails by nmh (mail/nmh) in my sent dir=
ectory
> > > and in the email cc'd to me.
> > >
> > >
> > > --
> > > Cheers,
> > > Cy Schubert <Cy.Schubert@cschubert.com>
> > > FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  https://FreeBSD.org
> > > NTP:           <cy@nwtime.org>    Web:  https://nwtime.org
> > >
> > > 			e^(i*pi)+1=3D0
> > >
> > >
> >
> > Sometimes this occurs at screen start. Then it hangs.
> >
> > slippy$ screen
> > pid 7275 comm screen-4.9.0 has trashed its stack, killing
>
> Can you check this?
>
> diff --git a/sys/vm/vm_map.c b/sys/vm/vm_map.c
> index 8c864c943f5d..4c5f1c08954d 100644
> --- a/sys/vm/vm_map.c
> +++ b/sys/vm/vm_map.c
> @@ -4202,7 +4202,8 @@ vm_map_copy_entry(
>  			    src_entry->start);
>  		} else {
>  			dst_entry->object.vm_object =3D NULL;
> -			dst_entry->offset =3D 0;
> +			if ((dst_entry->eflags & MAP_ENTRY_GUARD) =3D=3D 0)
> +				dst_entry->offset =3D 0;
>  			if (src_entry->cred !=3D NULL) {
>  				dst_entry->cred =3D curthread->td_ucred;
>  				crhold(dst_entry->cred);
>
>

Works for me.  I tested with both pkg and screen and saw no errors.

=2D-
Gary Jennejohn