From nobody Thu Jul 20 14:12:54 2023 X-Original-To: bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4R6F5L5X2Tz4nrDJ for ; Thu, 20 Jul 2023 14:12:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4R6F5L1g1rz3h2C for ; Thu, 20 Jul 2023 14:12:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1689862374; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=MYbaUKdYqBEAfDjU+P+vfhvNl+3ykED5C5oawUz5iP8=; b=oMvpoLDpxdIC/ud7PvCDywgcIiQO8DsDGL09hk7SFG4q0dj4H45ULQTr+lvxESjC+jMcWe 8peR2YXH+qVVcAYNyVPmz+RzXssLUxBSi1XTwW6zp+pFbjbl+GsJz8H6AYppkAdkuQc+6C nDllLbXaM27xgTcMGYibPkHG5SC2P2rQS30YFQlTcZYNAsHsyLtFohbdnAbPcPAxo1M0lR AFhPfpJ5oKAPj9nLH7J4XoKK6+dPJ6df8Aag0WItog+FlfLkm7V29b4NYv4fi9gmGj7qxN JL2IZzAgtus/xt9eKvFs49JJEz9pY+GA2YOQHNixnP3FCO27fVxX9J3oeZI8Pw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1689862374; a=rsa-sha256; cv=none; b=p/FKvc4xi1aeaBig++/oUDc1QPl7ilzCDufeiddXFtXT/w9DwKerd63QwomvU+TG1QS7ek mtXcDsEGcuXCrEkpuYU//8R+DMkxUox8Ri2aGXZEmpG5f2mhZuLo3Hzbn9H6V6I4P/0Rjs ZI2xJ+1vLuSJZ2pNgb0eQozF0lrFt/3MdD6WaQDI3XNS08qid1juglMyaM1fWChfHhl+ve gOPccZVKSQ5fG6/3pRYFSVuqI2xA0OEdxRgu4Qq6eMUjKuPOTXjTmF7jHHb96TVvASjsrD mfRvu5FC3ubPdmGSSSeED5Uthp7r/wnaVV1n6pdB9/srxXA5g5ALLqRQBNO1dA== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4R6F5L0kfhzYLx for ; Thu, 20 Jul 2023 14:12:54 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 36KECsmG087623 for ; Thu, 20 Jul 2023 14:12:54 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from bugzilla@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 36KECsUi087622 for bugs@FreeBSD.org; Thu, 20 Jul 2023 14:12:54 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: bugzilla set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 272585] calling mprotect in an mmap-ed stack can affect non-target pages Date: Thu, 20 Jul 2023 14:12:54 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: commit-hook@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-bugs@freebsd.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D272585 --- Comment #2 from commit-hook@FreeBSD.org --- A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=3D21e45c30c35c9aa732073f725924caf58= 1c93460 commit 21e45c30c35c9aa732073f725924caf581c93460 Author: Konstantin Belousov AuthorDate: 2023-07-19 11:05:32 +0000 Commit: Konstantin Belousov CommitDate: 2023-07-20 14:11:42 +0000 mmap(MAP_STACK): on stack grow, use original protection If mprotect(2) changed protection in the bottom of the currently grown stack region, currently the changed protection would be used for the stack grow on next fault. This is arguably unexpected. Store the original protection for the entry at mmap(2) time in the offset member of the gap vm_map_entry, and use it for protection of the grown stack region. PR: 272585 Reported by: John F. Carr Reviewed by: alc, markj Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D41089 sys/vm/vm_map.c | 24 ++++++++++++++++-------- sys/vm/vm_map.h | 4 ++++ 2 files changed, 20 insertions(+), 8 deletions(-) --=20 You are receiving this mail because: You are the assignee for the bug.=