From nobody Fri Aug 18 13:16:40 2023
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RS2TJ0Xgkz4qWXp;
	Fri, 18 Aug 2023 13:16:52 +0000 (UTC)
	(envelope-from tuexen@freebsd.org)
Received: from drew.franken.de (drew.ipv6.franken.de [IPv6:2001:638:a02:a001:20e:cff:fe4a:feaa])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "*.franken.de", Issuer "Sectigo RSA Domain Validation Secure Server CA" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4RS2TH3kBlz4VwM;
	Fri, 18 Aug 2023 13:16:51 +0000 (UTC)
	(envelope-from tuexen@freebsd.org)
Authentication-Results: mx1.freebsd.org;
	none
Received: from smtpclient.apple (unknown [IPv6:2a02:8109:1140:c3d:70f9:430b:3c08:cd93])
	(Authenticated sender: micmac)
	by mail-n.franken.de (Postfix) with ESMTPSA id E7C1475C1C93E;
	Fri, 18 Aug 2023 15:16:40 +0200 (CEST)
Content-Type: text/plain;
	charset=us-ascii
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-all@freebsd.org
X-BeenThere: dev-commits-src-all@freebsd.org
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6\))
Subject: Re: git: c718009884b3 - main - vm_map.c: plug several more places
 which might modify entry->offset
From: tuexen@freebsd.org
In-Reply-To: <202308181244.37ICi4AR067333@gitrepo.freebsd.org>
Date: Fri, 18 Aug 2023 15:16:40 +0200
Cc: "src-committers@freebsd.org" <src-committers@FreeBSD.org>,
 "dev-commits-src-all@freebsd.org" <dev-commits-src-all@FreeBSD.org>,
 "dev-commits-src-main@freebsd.org" <dev-commits-src-main@FreeBSD.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <9F89FB07-6B8A-4028-8667-171CBCFA33B2@freebsd.org>
References: <202308181244.37ICi4AR067333@gitrepo.freebsd.org>
To: Konstantin Belousov <kib@FreeBSD.org>
X-Mailer: Apple Mail (2.3731.700.6)
X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00
	autolearn=disabled version=3.4.1
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on mail-n.franken.de
X-Rspamd-Queue-Id: 4RS2TH3kBlz4VwM
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:680, ipnet:2001:638::/32, country:DE]

> On 18. Aug 2023, at 14:44, Konstantin Belousov <kib@FreeBSD.org> =
wrote:
>=20
> The branch main has been updated by kib:
>=20
> URL: =
https://cgit.FreeBSD.org/src/commit/?id=3Dc718009884b3d65528deaff24712cbf9=
8e3be656
>=20
> commit c718009884b3d65528deaff24712cbf98e3be656
> Author:     Konstantin Belousov <kib@FreeBSD.org>
> AuthorDate: 2023-08-15 19:05:33 +0000
> Commit:     Konstantin Belousov <kib@FreeBSD.org>
> CommitDate: 2023-08-18 12:43:35 +0000
>=20
>   vm_map.c: plug several more places which might modify entry->offset
>=20
>   for the GUARD entries protecting stacks gaps.
>=20
>   syzkaller: =
https://syzkaller.appspot.com/bug?extid=3Dc325d6a75e4fd0a68714
>   Reviewed by:    dougm, markj (previous version)
>   Tested by:      pho (previous version)
>   Sponsored by:   The FreeBSD Foundation
>   MFC after:      1 week
>   Differential revision:  https://reviews.freebsd.org/D41475
> ---
> sys/vm/vm_map.c | 13 ++++++++++---
> 1 file changed, 10 insertions(+), 3 deletions(-)
>=20
> diff --git a/sys/vm/vm_map.c b/sys/vm/vm_map.c
> index 252b58ad2924..f609d1fd68d7 100644
> --- a/sys/vm/vm_map.c
> +++ b/sys/vm/vm_map.c
> @@ -1413,7 +1413,9 @@ vm_map_entry_link(vm_map_t map, vm_map_entry_t =
entry)
> KASSERT(entry->end < root->end,
>   ("%s: clip_start not within entry", __func__));
> vm_map_splay_findprev(root, &llist);
> - root->offset +=3D entry->end - root->start;
> + if ((root->eflags & (MAP_ENTRY_STACK_GAP_DN |
> +    MAP_ENTRY_STACK_GAP_UP)) =3D=3D 0)
> + root->offset +=3D entry->end - root->start;
> root->start =3D entry->end;
> max_free_left =3D vm_map_splay_merge_pred(header, entry, llist);
> max_free_right =3D root->max_free =3D vm_size_max(
> @@ -1429,7 +1431,9 @@ vm_map_entry_link(vm_map_t map, vm_map_entry_t =
entry)
> KASSERT(entry->end =3D=3D root->end,
>   ("%s: clip_start not within entry", __func__));
> vm_map_splay_findnext(root, &rlist);
> - entry->offset +=3D entry->start - root->start;
> + if ((entry->eflags & (MAP_ENTRY_STACK_GAP_DN |
> +    MAP_ENTRY_STACK_GAP_UP)) =3D=3D 0)
> + entry->offset +=3D entry->start - root->start;
> root->end =3D entry->start;
> max_free_left =3D root->max_free =3D vm_size_max(
>   vm_map_splay_merge_left(header, root, llist),
> @@ -1463,6 +1467,8 @@ vm_map_entry_unlink(vm_map_t map, vm_map_entry_t =
entry,
> vm_map_splay_findnext(root, &rlist);
> if (op =3D=3D UNLINK_MERGE_NEXT) {
> rlist->start =3D root->start;
> + MPASS((rlist->eflags & (MAP_ENTRY_STACK_GAP_DN |
> +    MAP_ENTRY_STACK_GAP_UP) =3D=3D 0);
This breaks compilation. I guess it should be

+ MPASS((rlist->eflags & (MAP_ENTRY_STACK_GAP_DN |
+    MAP_ENTRY_STACK_GAP_UP)) =3D=3D 0);

Best regards
Michael

> rlist->offset =3D root->offset;
> }
> if (llist !=3D header) {
> @@ -3103,7 +3109,8 @@ vm_map_madvise(
>   entry =3D vm_map_entry_succ(entry)) {
> vm_offset_t useEnd, useStart;
>=20
> - if ((entry->eflags & MAP_ENTRY_IS_SUB_MAP) !=3D 0)
> + if ((entry->eflags & (MAP_ENTRY_IS_SUB_MAP |
> +    MAP_ENTRY_GUARD)) !=3D 0)
> continue;
>=20
> /*