Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 2 Mar 2012 11:32:47 +0000 (UTC)
From:      Konstantin Belousov <kib@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org
Subject:   svn commit: r232387 - in stable/9/sys: compat/linux compat/svr4 i386/ibcs2 i386/linux kern
Message-ID:  <201203021132.q22BWl86028098@svn.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: kib
Date: Fri Mar  2 11:32:47 2012
New Revision: 232387
URL: http://svn.freebsd.org/changeset/base/232387

Log:
  MFC r231885:
  Fix misuse of the kernel map in miscellaneous image activators.
  Vnode-backed mappings cannot be put into the kernel map, since it is a
  system map.

Modified:
  stable/9/sys/compat/linux/linux_misc.c
  stable/9/sys/compat/svr4/imgact_svr4.c
  stable/9/sys/i386/ibcs2/imgact_coff.c
  stable/9/sys/i386/linux/imgact_linux.c
  stable/9/sys/kern/imgact_gzip.c
Directory Properties:
  stable/9/sys/   (props changed)

Modified: stable/9/sys/compat/linux/linux_misc.c
==============================================================================
--- stable/9/sys/compat/linux/linux_misc.c	Fri Mar  2 11:27:07 2012	(r232386)
+++ stable/9/sys/compat/linux/linux_misc.c	Fri Mar  2 11:32:47 2012	(r232387)
@@ -229,9 +229,9 @@ linux_uselib(struct thread *td, struct l
 	struct vattr attr;
 	vm_offset_t vmaddr;
 	unsigned long file_offset;
-	vm_offset_t buffer;
 	unsigned long bss_size;
 	char *library;
+	ssize_t aresid;
 	int error;
 	int locked, vfslocked;
 
@@ -308,8 +308,8 @@ linux_uselib(struct thread *td, struct l
 	if (error)
 		goto cleanup;
 
-	/* Pull in executable header into kernel_map */
-	error = vm_mmap(kernel_map, (vm_offset_t *)&a_out, PAGE_SIZE,
+	/* Pull in executable header into exec_map */
+	error = vm_mmap(exec_map, (vm_offset_t *)&a_out, PAGE_SIZE,
 	    VM_PROT_READ, VM_PROT_READ, 0, OBJT_VNODE, vp, 0);
 	if (error)
 		goto cleanup;
@@ -402,24 +402,15 @@ linux_uselib(struct thread *td, struct l
 		if (error)
 			goto cleanup;
 
-		/* map file into kernel_map */
-		error = vm_mmap(kernel_map, &buffer,
-		    round_page(a_out->a_text + a_out->a_data + file_offset),
-		    VM_PROT_READ, VM_PROT_READ, 0, OBJT_VNODE, vp,
-		    trunc_page(file_offset));
-		if (error)
+		error = vn_rdwr(UIO_READ, vp, (void *)vmaddr, file_offset,
+		    a_out->a_text + a_out->a_data, UIO_USERSPACE, 0,
+		    td->td_ucred, NOCRED, &aresid, td);
+		if (error != 0)
 			goto cleanup;
-
-		/* copy from kernel VM space to user space */
-		error = copyout(PTRIN(buffer + file_offset),
-		    (void *)vmaddr, a_out->a_text + a_out->a_data);
-
-		/* release temporary kernel space */
-		vm_map_remove(kernel_map, buffer, buffer +
-		    round_page(a_out->a_text + a_out->a_data + file_offset));
-
-		if (error)
+		if (aresid != 0) {
+			error = ENOEXEC;
 			goto cleanup;
+		}
 	} else {
 #ifdef DEBUG
 		printf("uselib: Page aligned binary %lu\n", file_offset);
@@ -463,10 +454,9 @@ cleanup:
 		VFS_UNLOCK_GIANT(vfslocked);
 	}
 
-	/* Release the kernel mapping. */
+	/* Release the temporary mapping. */
 	if (a_out)
-		vm_map_remove(kernel_map, (vm_offset_t)a_out,
-		    (vm_offset_t)a_out + PAGE_SIZE);
+		kmem_free_wakeup(exec_map, (vm_offset_t)a_out, PAGE_SIZE);
 
 	return (error);
 }

Modified: stable/9/sys/compat/svr4/imgact_svr4.c
==============================================================================
--- stable/9/sys/compat/svr4/imgact_svr4.c	Fri Mar  2 11:27:07 2012	(r232386)
+++ stable/9/sys/compat/svr4/imgact_svr4.c	Fri Mar  2 11:32:47 2012	(r232387)
@@ -66,8 +66,8 @@ exec_svr4_imgact(imgp)
     struct vmspace *vmspace;
     vm_offset_t vmaddr;
     unsigned long virtual_offset, file_offset;
-    vm_offset_t buffer;
     unsigned long bss_size;
+    ssize_t aresid;
     int error;
 
     if (((a_out->a_magic >> 16) & 0xff) != 0x64)
@@ -145,21 +145,15 @@ exec_svr4_imgact(imgp)
 	if (error)
 	    goto fail;
 
-	error = vm_mmap(kernel_map, &buffer,
-			round_page(a_out->a_text + a_out->a_data + file_offset),
-			VM_PROT_READ, VM_PROT_READ, 0,
-			OBJT_VNODE, imgp->vp, trunc_page(file_offset));
-	if (error)
-	    goto fail;
-
-	error = copyout((caddr_t)(buffer + file_offset), (caddr_t)vmaddr, 
-			a_out->a_text + a_out->a_data);
-
-	vm_map_remove(kernel_map, buffer,
-		      buffer + round_page(a_out->a_text + a_out->a_data + file_offset));
-
-	if (error)
-	    goto fail;
+	error = vn_rdwr(UIO_READ, imgp->vp, (void *)vmaddr, file_offset,
+	    a_out->a_text + a_out->a_data, UIO_USERSPACE, 0,
+	    curthread->td_ucred, NOCRED, &aresid, curthread);
+	if (error != 0)
+		goto fail;
+	if (aresid != 0) {
+		error = ENOEXEC;
+		goto fail;
+	}
 
 	/*
 	 * remove write enable on the 'text' part

Modified: stable/9/sys/i386/ibcs2/imgact_coff.c
==============================================================================
--- stable/9/sys/i386/ibcs2/imgact_coff.c	Fri Mar  2 11:27:07 2012	(r232386)
+++ stable/9/sys/i386/ibcs2/imgact_coff.c	Fri Mar  2 11:32:47 2012	(r232387)
@@ -146,10 +146,7 @@ load_coff_section(struct vmspace *vmspac
 
 	error = copyout(data_buf, (caddr_t) map_addr, copy_len);
 
-	if (vm_map_remove(exec_map,
-			  (vm_offset_t) data_buf,
-			  (vm_offset_t) data_buf + PAGE_SIZE))
-		panic("load_coff_section vm_map_remove failed");
+	kmem_free_wakeup(exec_map, (vm_offset_t)data_buf, PAGE_SIZE);
 
 	return error;
 }
@@ -280,11 +277,7 @@ coff_load_file(struct thread *td, char *
   	error = 0;
 
  dealloc_and_fail:
-	if (vm_map_remove(exec_map,
-			  (vm_offset_t) ptr,
-			  (vm_offset_t) ptr + PAGE_SIZE))
-    		panic("%s vm_map_remove failed", __func__);
-
+	kmem_free_wakeup(exec_map, (vm_offset_t)ptr,  PAGE_SIZE);
  fail:
 	VOP_UNLOCK(vp, 0);
  unlocked_fail:
@@ -421,10 +414,7 @@ exec_coff_imgact(imgp)
 		    	}
 			free(libbuf, M_TEMP);
 		}
-		if (vm_map_remove(exec_map,
-				  (vm_offset_t) buf,
-				  (vm_offset_t) buf + len))
-	      		panic("exec_coff_imgact vm_map_remove failed");
+		kmem_free_wakeup(exec_map, (vm_offset_t)buf, len);
 	    	if (error)
 	      		goto fail;
 	  	}

Modified: stable/9/sys/i386/linux/imgact_linux.c
==============================================================================
--- stable/9/sys/i386/linux/imgact_linux.c	Fri Mar  2 11:27:07 2012	(r232386)
+++ stable/9/sys/i386/linux/imgact_linux.c	Fri Mar  2 11:32:47 2012	(r232387)
@@ -64,8 +64,8 @@ exec_linux_imgact(struct image_params *i
     struct vmspace *vmspace;
     vm_offset_t vmaddr;
     unsigned long virtual_offset, file_offset;
-    vm_offset_t buffer;
     unsigned long bss_size;
+    ssize_t aresid;
     int error;
 
     if (((a_out->a_magic >> 16) & 0xff) != 0x64)
@@ -144,21 +144,15 @@ exec_linux_imgact(struct image_params *i
 	if (error)
 	    goto fail;
 
-	error = vm_mmap(kernel_map, &buffer,
-			round_page(a_out->a_text + a_out->a_data + file_offset),
-			VM_PROT_READ, VM_PROT_READ, 0, OBJT_VNODE,
-			imgp->vp, trunc_page(file_offset));
-	if (error)
-	    goto fail;
-
-	error = copyout((void *)(uintptr_t)(buffer + file_offset),
-			(void *)vmaddr, a_out->a_text + a_out->a_data);
-
-	vm_map_remove(kernel_map, buffer,
-		      buffer + round_page(a_out->a_text + a_out->a_data + file_offset));
-
-	if (error)
-	    goto fail;
+	error = vn_rdwr(UIO_READ, imgp->vp, (void *)vmaddr, file_offset,
+	    a_out->a_text + a_out->a_data, UIO_USERSPACE, 0,
+	    curthread->td_ucred, NOCRED, &aresid, curthread);
+	if (error != 0)
+		goto fail;
+	if (aresid != 0) {
+		error = ENOEXEC;
+		goto fail;
+	}
 
 	/*
 	 * remove write enable on the 'text' part

Modified: stable/9/sys/kern/imgact_gzip.c
==============================================================================
--- stable/9/sys/kern/imgact_gzip.c	Fri Mar  2 11:27:07 2012	(r232386)
+++ stable/9/sys/kern/imgact_gzip.c	Fri Mar  2 11:32:47 2012	(r232387)
@@ -70,7 +70,7 @@ static int
 exec_gzip_imgact(imgp)
 	struct image_params *imgp;
 {
-	int             error, error2 = 0;
+	int             error;
 	const u_char   *p = (const u_char *) imgp->image_header;
 	struct imgact_gzip igz;
 	struct inflate  infl;
@@ -136,22 +136,17 @@ exec_gzip_imgact(imgp)
 			VM_PROT_READ|VM_PROT_EXECUTE,0);
 	}
 
-	if (igz.inbuf) {
-		error2 =
-			vm_map_remove(kernel_map, (vm_offset_t) igz.inbuf,
-			    (vm_offset_t) igz.inbuf + PAGE_SIZE);
-	}
-	if (igz.error || error || error2) {
+	if (igz.inbuf)
+		kmem_free_wakeup(exec_map, (vm_offset_t)igz.inbuf, PAGE_SIZE);
+	if (igz.error || error) {
 		printf("Output=%lu ", igz.output);
-		printf("Inflate_error=%d igz.error=%d error2=%d where=%d\n",
-		       error, igz.error, error2, igz.where);
+		printf("Inflate_error=%d igz.error=%d where=%d\n",
+		       error, igz.error, igz.where);
 	}
 	if (igz.error)
 		return igz.error;
 	if (error)
 		return ENOEXEC;
-	if (error2)
-		return error2;
 	return 0;
 }
 
@@ -314,18 +309,11 @@ NextByte(void *vp)
 	if (igz->inbuf && igz->idx < (igz->offset + PAGE_SIZE)) {
 		return igz->inbuf[(igz->idx++) - igz->offset];
 	}
-	if (igz->inbuf) {
-		error = vm_map_remove(kernel_map, (vm_offset_t) igz->inbuf,
-			    (vm_offset_t) igz->inbuf + PAGE_SIZE);
-		if (error) {
-			igz->where = __LINE__;
-			igz->error = error;
-			return GZ_EOF;
-		}
-	}
+	if (igz->inbuf)
+		kmem_free_wakeup(exec_map, (vm_offset_t)igz->inbuf, PAGE_SIZE);
 	igz->offset = igz->idx & ~PAGE_MASK;
 
-	error = vm_mmap(kernel_map,	/* map */
+	error = vm_mmap(exec_map,	/* map */
 			(vm_offset_t *) & igz->inbuf,	/* address */
 			PAGE_SIZE,	/* size */
 			VM_PROT_READ,	/* protection */



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201203021132.q22BWl86028098>