Date: Tue, 31 Jul 2018 18:00:47 +0000 (UTC) From: Konstantin Belousov <kib@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r336987 - head/sys/vm Message-ID: <201807311800.w6VI0l26036691@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kib Date: Tue Jul 31 18:00:47 2018 New Revision: 336987 URL: https://svnweb.freebsd.org/changeset/base/336987 Log: For compat32, emulate the same wraparound check as occurs on the real ILP32 system. Reported by and discussed with: asomers PR: 230162 Sponsored by: The FreeBSD Foundation MFC after: 1 week Differential revision: https://reviews.freebsd.org/D16525 Modified: head/sys/vm/vm_mmap.c Modified: head/sys/vm/vm_mmap.c ============================================================================== --- head/sys/vm/vm_mmap.c Tue Jul 31 17:53:24 2018 (r336986) +++ head/sys/vm/vm_mmap.c Tue Jul 31 18:00:47 2018 (r336987) @@ -600,6 +600,12 @@ kern_mprotect(struct thread *td, uintptr_t addr0, size addr -= pageoff; size += pageoff; size = (vm_size_t) round_page(size); +#ifdef COMPAT_FREEBSD32 + if (SV_PROC_FLAG(td->td_proc, SV_ILP32)) { + if (((addr + size) & 0xffffffff) < addr) + return (EINVAL); + } else +#endif if (addr + size < addr) return (EINVAL);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201807311800.w6VI0l26036691>