From: David Higgs <higgsd@gmail.com>
Subject: Re: vmcmd_map_readvn mprotect fix
To: OpenBSD Tech <tech@openbsd.org>
Date: Mon, 10 Mar 2025 17:54:06 -0400

An emulation pet project that is compiling select kernel code to run in
user land. Paging is hard so I sent everything down the readvn path, then
this crashed my code.

—david

On Mon, Mar 10, 2025 at 3:24 PM Martin Pieuchot <mpi@grenadille.net> wrote:

> On 19/02/25(Wed) 21:18, David Higgs wrote:
> > The uvm_map_protect takes start and end vaddr_t values, rather than a
> > start and length.  It seems this code path is rarely/never taken, as
> > it would immediately fail with EINVAL.
>
> Indeed, thanks for the diff.  Out of curiosity how did you find this?
>
> > Again, apologies for the mangled diff.
> >
> > --david
> >
> > diff --git a/sys/kern/exec_subr.c b/sys/kern/exec_subr.c
> > index 9f4aea64a8f..e9c28d6c66c 100644
> > --- a/sys/kern/exec_subr.c
> > +++ b/sys/kern/exec_subr.c
> > @@ -260,7 +260,7 @@ vmcmd_map_readvn(struct proc *p, struct exec_vmcmd
> *cmd)
> >                  * uvm_map_protect() to fix up the protection.  ICK.
> >                  */
> >                 error = (uvm_map_protect(&p->p_vmspace->vm_map,
> > -                   cmd->ev_addr, round_page(cmd->ev_len),
> > +                   cmd->ev_addr, round_page(cmd->ev_addr + cmd->ev_len),
> >                     prot, 0, FALSE, TRUE));
> >         }
> >         if (error == 0) {
> >
>
>
>