From owner-freebsd-bugs@FreeBSD.ORG Sun Sep 19 19:40:48 2010 Return-Path: Delivered-To: freebsd-bugs@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 53C8F106566C; Sun, 19 Sep 2010 19:40:48 +0000 (UTC) (envelope-from alc@rice.edu) Received: from mh1.mail.rice.edu (mh1.mail.rice.edu [128.42.201.20]) by mx1.freebsd.org (Postfix) with ESMTP id 2C1758FC16; Sun, 19 Sep 2010 19:40:47 +0000 (UTC) Received: from mh1.mail.rice.edu (localhost.localdomain [127.0.0.1]) by mh1.mail.rice.edu (Postfix) with ESMTP id F2ED328F715; Sun, 19 Sep 2010 14:23:11 -0500 (CDT) X-Virus-Scanned: by amavis-2.6.4 at mh1.mail.rice.edu, auth channel Received: from mh1.mail.rice.edu ([127.0.0.1]) by mh1.mail.rice.edu (mh1.mail.rice.edu [127.0.0.1]) (amavis, port 10026) with ESMTP id 4tzGMRnfiR8G; Sun, 19 Sep 2010 14:23:11 -0500 (CDT) Received: from adsl-216-63-78-18.dsl.hstntx.swbell.net (adsl-216-63-78-18.dsl.hstntx.swbell.net [216.63.78.18]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) (Authenticated sender: alc) by mh1.mail.rice.edu (Postfix) with ESMTPSA id 70BE428F73C; Sun, 19 Sep 2010 14:23:11 -0500 (CDT) Message-ID: <4C96631E.40400@rice.edu> Date: Sun, 19 Sep 2010 14:23:10 -0500 From: Alan Cox User-Agent: Thunderbird 2.0.0.24 (X11/20100725) MIME-Version: 1.0 To: arundel@FreeBSD.org References: <201009051525.o85FPFLa055194@freefall.freebsd.org> In-Reply-To: <201009051525.o85FPFLa055194@freefall.freebsd.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: alc@FreeBSD.org, freebsd-bugs@FreeBSD.org Subject: Re: kern/150260: mmap(2) fails with EPERM (not documented) if read-only shared memory is mmapped with MAP_PRIVATE & PROT_WRITE X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Sep 2010 19:40:48 -0000 arundel@FreeBSD.org wrote: > Synopsis: mmap(2) fails with EPERM (not documented) if read-only shared memory is mmapped with MAP_PRIVATE & PROT_WRITE > > Responsible-Changed-From-To: freebsd-bugs->alc > Responsible-Changed-By: arundel > Responsible-Changed-When: Sun Sep 5 15:21:21 UTC 2010 > Responsible-Changed-Why: > Alan might have an opinion on this PR. > > http://www.freebsd.org/cgi/query-pr.cgi?pr=150260 > > It's a legitimate bug. The attached program has a couple minor issues. It crashes on amd64 because string.h is not included. (strerror() needs to be declared, otherwise its return value is believed to be a 32-bit int, and not a pointer.) Also, contrary to the bug description, the attached program specifies MAP_SHARED where it clearly means to use MAP_PRIVATE. I believe that the following change addresses the bug: Index: vm/vm_mmap.c =================================================================== --- vm/vm_mmap.c (revision 212830) +++ vm/vm_mmap.c (working copy) @@ -1373,7 +1373,8 @@ vm_mmap_shm(struct thread *td, vm_size_t objsize, { int error; - if ((*maxprotp & VM_PROT_WRITE) == 0 && + if ((*flagsp & MAP_SHARED) != 0 && + (*maxprotp & VM_PROT_WRITE) == 0 && (prot & PROT_WRITE) != 0) return (EACCES); #ifdef MAC