svn commit: r348843 - head/sys/vm
Shawn Webb
shawn.webb at hardenedbsd.org
Mon Jun 10 13:00:37 UTC 2019
On Mon, Jun 10, 2019 at 03:07:11AM +0000, Doug Moore wrote:
> Author: dougm
> Date: Mon Jun 10 03:07:10 2019
> New Revision: 348843
> URL: https://svnweb.freebsd.org/changeset/base/348843
>
> Log:
> There are times when a len==0 parameter to mmap is okay. But on a
> 32-bit machine, a len parameter just a few bytes short of 4G, rounded
> up to a page boundary and hitting zero then, is not okay. Return
> failure in that case.
>
> Reported by: pho
> Reviewed by: alc, kib (mentor)
> Tested by: pho
> Differential Revision: https://reviews.freebsd.org/D20580
>
> Modified:
> head/sys/vm/vm_mmap.c
>
> Modified: head/sys/vm/vm_mmap.c
> ==============================================================================
> --- head/sys/vm/vm_mmap.c Sun Jun 9 22:55:21 2019 (r348842)
> +++ head/sys/vm/vm_mmap.c Mon Jun 10 03:07:10 2019 (r348843)
> @@ -257,7 +257,10 @@ kern_mmap(struct thread *td, uintptr_t addr0, size_t s
>
> /* Adjust size for rounding (on both ends). */
> size += pageoff; /* low end... */
> - size = (vm_size_t) round_page(size); /* hi end */
> + /* Check for rounding up to zero. */
> + if (round_page(size) < size)
> + return (EINVAL);
The mmap(2) manpage says that len==0 results in EINVAL, so the manpage
needs updating.
I'm curious what "there are times" refers to. Can you or the original
reporter elaborate those cases?
Thanks a lot!
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
Tor-ified Signal: +1 443-546-8752
Tor+XMPP+OTR: lattera at is.a.hacker.sx
GPG Key ID: 0xFF2E67A277F8E1FA
GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9 3633 C85B 0AF8 AB23 0FB2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/svn-src-all/attachments/20190610/f5650bd1/attachment.sig>
More information about the svn-src-all
mailing list