Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 29 Jul 2018 19:16:58 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 230162] mprotect(2): error converting size argument in 32-bit emulation
Message-ID:  <bug-230162-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=230162

            Bug ID: 230162
           Summary: mprotect(2): error converting size argument in 32-bit
                    emulation
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: asomers@FreeBSD.org

The lib/libc/sys/mprotect_test:mprotect_err test fails when run under 32-bit
emulation.  Examining the problem with dtrace, it looks like there's a casting
error; the 32-bit syscall's len argument winds up in the high half of
kern_mprotect's size argument.  I don't see that behavior when I dtrace msgsnd,
another syscall with a size_t argument.

Here's an example of the problem.  Notice how len=0x1 in
syscall:freebsd32_mprotect, but 0x100000000 in fbt:kern_mprotect

$ sudo dtrace -i 'fbt:kernel:kern_mprotect:entry {printf("addr0=%#lx,
size=%#lx", args[1], args[2]);}'  -i
'syscall:freebsd32:freebsd32_mprotect:entry {printf("addr=%p len=%#lx",
args[0], args[1]);}' -i 'fbt:kernel:vm_map_protect:entry {printf("size ~=
%#lx", args[2] - args[1]);}'
dtrace: description 'fbt:kernel:kern_mprotect:entry ' matched 1 probe
dtrace: description 'syscall:freebsd32:freebsd32_mprotect:entry ' matched 1
probe
dtrace: description 'fbt:kernel:vm_map_protect:entry ' matched 1 probe
CPU     ID                    FUNCTION:NAME
  2  61769         freebsd32_mprotect:entry addr=0 len=0
  2  28572              kern_mprotect:entry addr0=0, size=0
  2  47917             vm_map_protect:entry size ~= 0
  3  61769         freebsd32_mprotect:entry addr=ffffffff len=0x1
  3  28572              kern_mprotect:entry addr0=0xfffff000, size=0x100000000
  3  47917             vm_map_protect:entry size ~= 0x1000

And in another terminal, in a 32-bit chroot, run
# kyua debug mprotect_test:mprotect_err
mprotect_test:mprotect_err  ->  failed:
/usr/home/somers/freebsd/base/head/contrib/netbsd-tests/lib/libc/sys/t_mprotect.c:158:
mprotect((char *)-1, 1, PROT_READ) != 0 not met

-- 
You are receiving this mail because:
You are the assignee for the bug.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-230162-227>