Date: Mon, 10 Jun 2019 09:00:34 -0400 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: Doug Moore <dougm@FreeBSD.org> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org, pho@freebsd.org Subject: Re: svn commit: r348843 - head/sys/vm Message-ID: <20190610130034.k2nzitvaxvpj5lzx@mutt-hbsd> In-Reply-To: <201906100307.x5A37BFt099669@repo.freebsd.org> References: <201906100307.x5A37BFt099669@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--z44yomx5hny7i4jy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jun 10, 2019 at 03:07:11AM +0000, Doug Moore wrote: > Author: dougm > Date: Mon Jun 10 03:07:10 2019 > New Revision: 348843 > URL: https://svnweb.freebsd.org/changeset/base/348843 >=20 > Log: > There are times when a len=3D=3D0 parameter to mmap is okay. But on a > 32-bit machine, a len parameter just a few bytes short of 4G, rounded > up to a page boundary and hitting zero then, is not okay. Return > failure in that case. > =20 > Reported by: pho > Reviewed by: alc, kib (mentor) > Tested by: pho > Differential Revision: https://reviews.freebsd.org/D20580 >=20 > Modified: > head/sys/vm/vm_mmap.c >=20 > Modified: head/sys/vm/vm_mmap.c > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > --- head/sys/vm/vm_mmap.c Sun Jun 9 22:55:21 2019 (r348842) > +++ head/sys/vm/vm_mmap.c Mon Jun 10 03:07:10 2019 (r348843) > @@ -257,7 +257,10 @@ kern_mmap(struct thread *td, uintptr_t addr0, size_t= s > =20 > /* Adjust size for rounding (on both ends). */ > size +=3D pageoff; /* low end... */ > - size =3D (vm_size_t) round_page(size); /* hi end */ > + /* Check for rounding up to zero. */ > + if (round_page(size) < size) > + return (EINVAL); The mmap(2) manpage says that len=3D=3D0 results in EINVAL, so the manpage needs updating. I'm curious what "there are times" refers to. Can you or the original reporter elaborate those cases? Thanks a lot! --=20 Shawn Webb Cofounder / Security Engineer HardenedBSD Tor-ified Signal: +1 443-546-8752 Tor+XMPP+OTR: lattera@is.a.hacker.sx GPG Key ID: 0xFF2E67A277F8E1FA GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9 3633 C85B 0AF8 AB23 0FB2 --z44yomx5hny7i4jy Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEA6TL67gupaZ9nzhT/y5nonf44foFAlz+VGwACgkQ/y5nonf4 4frvGA//eQq2TpOcbjRwgfD6CI3iSLMimv3LTcxYDdmWvBEOaQYLVU4jk4gHM02F PkiHEw95AhW+YLD+Wqy62xCuzc4A9FtEjMSbIcBK3rxZ7fJzBreWCUNoFen29+3T 0qJQTf7gOE/l5XQ2Ysghi/Z3+5lpaLEuQCwjQbmgkBO+3Yl15YdJFupH9rM+RqcH /YQXUUfdwmV77N07iOpM6IGRHBVoW33D8a0LNdf7E3xrqgvd2guZnv2cnxt6FAyZ 213Rj44nvs1zkBerYuT1n1aEHEcvaSGv+8Cok9iaF5vQHfIsj2kkko2pvawF/RsJ Oo79JaYueU6+nGq87Tb7V/Z0EGDN3nvrbPbWM1TZXf7spT7SZOwb/tE098GPtG2w o6YCZTdxtDEMlApGK4yT3lCPBfhrmL4NdQ8bla5KyxjwubtZImdjuDlcFHIrmIJF FNk8az1+kapJcJmpbSJ0DI79N1YjdS/uUhP+et99GxYfzU80VeYiLYgAmXs3Xfbc ffwpelv5gxlav+VaT2WHYru0xxOklADd2zHkhrmsGYg5sP5wg7gM5+AYvHF763nU F5xa8vMyCHh5lvrd7ZZjcaDhrbqtztMWStCuZAfZ6cAbbT686FFtblYmuCT1QulR AH/nfS2f/8/cftLvSpbGArAt2v6GVBCh02CwlIdF7lz7bcSbyTA= =kEQg -----END PGP SIGNATURE----- --z44yomx5hny7i4jy--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190610130034.k2nzitvaxvpj5lzx>