Date: Fri, 25 Aug 2023 01:08:25 GMT From: Konstantin Belousov <kib@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: 6c79559bf0c6 - stable/13 - mmap(MAP_STACK): on stack grow, use original protection Message-ID: <202308250108.37P18Pl0058003@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by kib: URL: https://cgit.FreeBSD.org/src/commit/?id=6c79559bf0c641a7b06966fa419935ca50dddedf commit 6c79559bf0c641a7b06966fa419935ca50dddedf Author: Konstantin Belousov <kib@FreeBSD.org> AuthorDate: 2023-07-19 11:05:32 +0000 Commit: Konstantin Belousov <kib@FreeBSD.org> CommitDate: 2023-08-25 01:06:43 +0000 mmap(MAP_STACK): on stack grow, use original protection PR: 272585 (cherry picked from commit 21e45c30c35c9aa732073f725924caf581c93460) --- sys/vm/vm_map.c | 24 ++++++++++++++++-------- sys/vm/vm_map.h | 4 ++++ 2 files changed, 20 insertions(+), 8 deletions(-) diff --git a/sys/vm/vm_map.c b/sys/vm/vm_map.c index 03d44d773552..c8f3c72302fc 100644 --- a/sys/vm/vm_map.c +++ b/sys/vm/vm_map.c @@ -4489,7 +4489,7 @@ static int vm_map_stack_locked(vm_map_t map, vm_offset_t addrbos, vm_size_t max_ssize, vm_size_t growsize, vm_prot_t prot, vm_prot_t max, int cow) { - vm_map_entry_t new_entry, prev_entry; + vm_map_entry_t gap_entry, new_entry, prev_entry; vm_offset_t bot, gap_bot, gap_top, top; vm_size_t init_ssize, sgp; int orient, rv; @@ -4571,11 +4571,14 @@ vm_map_stack_locked(vm_map_t map, vm_offset_t addrbos, vm_size_t max_ssize, * read-ahead logic is never used for it. Re-use * next_read of the gap entry to store * stack_guard_page for vm_map_growstack(). + * Similarly, since a gap cannot have a backing object, + * store the original stack protections in the + * object offset. */ - if (orient == MAP_STACK_GROWS_DOWN) - vm_map_entry_pred(new_entry)->next_read = sgp; - else - vm_map_entry_succ(new_entry)->next_read = sgp; + gap_entry = orient == MAP_STACK_GROWS_DOWN ? + vm_map_entry_pred(new_entry) : vm_map_entry_succ(new_entry); + gap_entry->next_read = sgp; + gap_entry->offset = prot; } else { (void)vm_map_delete(map, bot, top); } @@ -4595,6 +4598,7 @@ vm_map_growstack(vm_map_t map, vm_offset_t addr, vm_map_entry_t gap_entry) struct ucred *cred; vm_offset_t gap_end, gap_start, grow_start; vm_size_t grow_amount, guard, max_grow; + vm_prot_t prot; rlim_t lmemlim, stacklim, vmemlim; int rv, rv1; bool gap_deleted, grow_down, is_procstack; @@ -4735,6 +4739,12 @@ retry: } if (grow_down) { + /* + * The gap_entry "offset" field is overloaded. See + * vm_map_stack_locked(). + */ + prot = gap_entry->offset; + grow_start = gap_entry->end - grow_amount; if (gap_entry->start + grow_amount == gap_entry->end) { gap_start = gap_entry->start; @@ -4747,9 +4757,7 @@ retry: gap_deleted = false; } rv = vm_map_insert(map, NULL, 0, grow_start, - grow_start + grow_amount, - stack_entry->protection, stack_entry->max_protection, - MAP_STACK_GROWS_DOWN); + grow_start + grow_amount, prot, prot, MAP_STACK_GROWS_DOWN); if (rv != KERN_SUCCESS) { if (gap_deleted) { rv1 = vm_map_insert(map, NULL, 0, gap_start, diff --git a/sys/vm/vm_map.h b/sys/vm/vm_map.h index 5db7a2230351..85d622ee1bb6 100644 --- a/sys/vm/vm_map.h +++ b/sys/vm/vm_map.h @@ -95,6 +95,10 @@ union vm_map_object { * a VM object (or sharing map) and offset into that object, * and user-exported inheritance and protection information. * Also included is control information for virtual copy operations. + * + * For stack gap map entries (MAP_ENTRY_GUARD | MAP_ENTRY_GROWS_DOWN + * or UP), the next_read member is reused as the stack_guard_page + * storage, and offset is the stack protection. */ struct vm_map_entry { struct vm_map_entry *left; /* left child or previous entry */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202308250108.37P18Pl0058003>