Skip to content

Commit

Permalink
Revert "mmap(2): If we fail with a hint, try again without it."
Browse files Browse the repository at this point in the history 
This doesn't work, because uvm_mmap releases the uobj when it fails.
Should factor this more coherently, but let's just revert for now.

Reported-by: syzbot+d347c8951821b236117a@syzkaller.appspotmail.com
Reported-by: syzbot+7643d1b769fdfa18c3b2@syzkaller.appspotmail.com
Reported-by: syzbot+44f4b39671dd580cba5c@syzkaller.appspotmail.com
Reported-by: syzbot+b5a422299ca4ffe8570c@syzkaller.appspotmail.com
Reported-by: syzbot+22681822db67b6e90cfb@syzkaller.appspotmail.com
Reported-by: syzbot+e59f493ceef72b925a17@syzkaller.appspotmail.com
Reported-by: syzbot+666f3fe8364f47e8641b@syzkaller.appspotmail.com
Reported-by: syzbot+511d4572f52f1fd9b5cc@syzkaller.appspotmail.com
  • Loading branch information
riastradh authored and riastradh committed Apr 19, 2022
1 parent 1d4fad0 commit 3e14ad0
Showing 1 changed file with 4 additions and 22 deletions.
26 changes: 4 additions & 22 deletions sys/uvm/uvm_mmap.c
View file
@@ -1,4 +1,4 @@
/* $NetBSD: uvm_mmap.c,v 1.178 2022/04/19 01:34:52 riastradh Exp $ */
/* $NetBSD: uvm_mmap.c,v 1.179 2022/04/19 22:53:34 riastradh Exp $ */

/*
* Copyright (c) 1997 Charles D. Cranor and Washington University.
Expand Down Expand Up @@ -46,7 +46,7 @@
*/

#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: uvm_mmap.c,v 1.178 2022/04/19 01:34:52 riastradh Exp $");
__KERNEL_RCSID(0, "$NetBSD: uvm_mmap.c,v 1.179 2022/04/19 22:53:34 riastradh Exp $");

#include "opt_compat_netbsd.h"
#include "opt_pax.h"
Expand Down Expand Up @@ -277,8 +277,7 @@ sys_mmap(struct lwp *l, const struct sys_mmap_args *uap, register_t *retval)
vsize_t size, pageoff, newsize;
vm_prot_t prot, maxprot, extraprot;
int flags, fd, advice;
vaddr_t defaddr = 0; /* XXXGCC */
bool addrhint = false;
vaddr_t defaddr;
struct file *fp = NULL;
struct uvm_object *uobj;
int error;
Expand Down Expand Up @@ -350,12 +349,6 @@ sys_mmap(struct lwp *l, const struct sys_mmap_args *uap, register_t *retval)
addr = MAX(addr, defaddr);
else
addr = MIN(addr, defaddr);

/*
* If addr is nonzero and not the default, then the
* address is a hint.
*/
addrhint = (addr != 0 && addr != defaddr);
}

/*
Expand Down Expand Up @@ -408,21 +401,10 @@ sys_mmap(struct lwp *l, const struct sys_mmap_args *uap, register_t *retval)
/*
* now let kernel internal function uvm_mmap do the work.
*/

error = uvm_mmap(&p->p_vmspace->vm_map, &addr, size, prot, maxprot,
flags, advice, uobj, pos, p->p_rlimit[RLIMIT_MEMLOCK].rlim_cur);

/*
* If the user provided a hint, and we couldn't satisfy that
* hint, try again with the default address.
*/
if (error && addrhint) {
addr = defaddr;
pax_aslr_mmap(l, &addr, orig_addr, flags);
error = uvm_mmap(&p->p_vmspace->vm_map, &addr, size, prot,
maxprot, flags, advice, uobj, pos,
p->p_rlimit[RLIMIT_MEMLOCK].rlim_cur);
}

/* remember to add offset */
*retval = (register_t)(addr + pageoff);

Expand Down

0 comments on commit 3e14ad0

Please sign in to comment.