Mailing List Archive

From:: David Higgs <higgsd@gmail.com>
Subject:: vmcmd_map_readvn mprotect fix
To:: OpenBSD Tech <tech@openbsd.org>
Date:: Wed, 19 Feb 2025 21:18:36 -0500

Download raw body.

Thread

2025-02-20 02:18 David Higgs:
vmcmd_map_readvn mprotect fix
- 2025-03-10 19:24 Martin Pieuchot:
  vmcmd_map_readvn mprotect fix
- - 2025-03-10 21:54 David Higgs:
    vmcmd_map_readvn mprotect fix

The uvm_map_protect takes start and end vaddr_t values, rather than a
start and length.  It seems this code path is rarely/never taken, as
it would immediately fail with EINVAL.

Again, apologies for the mangled diff.

--david

diff --git a/sys/kern/exec_subr.c b/sys/kern/exec_subr.c
index 9f4aea64a8f..e9c28d6c66c 100644
--- a/sys/kern/exec_subr.c
+++ b/sys/kern/exec_subr.c
@@ -260,7 +260,7 @@ vmcmd_map_readvn(struct proc *p, struct exec_vmcmd *cmd)
                 * uvm_map_protect() to fix up the protection.  ICK.
                 */
                error = (uvm_map_protect(&p->p_vmspace->vm_map,
-                   cmd->ev_addr, round_page(cmd->ev_len),
+                   cmd->ev_addr, round_page(cmd->ev_addr + cmd->ev_len),
                    prot, 0, FALSE, TRUE));
        }
        if (error == 0) {

2025-02-20 02:18 David Higgs:
vmcmd_map_readvn mprotect fix
- 2025-03-10 19:24 Martin Pieuchot:
  vmcmd_map_readvn mprotect fix
- - 2025-03-10 21:54 David Higgs:
    vmcmd_map_readvn mprotect fix