Adjust the r205536, by allowing a non-zero offset for anonymous

mappings for a.out binaries. Apparently, a.out ld.so from FreeBSD 1.1.5.1 can issue such requests. Reported and tested by: Dan Plassche <dplassche@gmail.com> MFC after: 1 week
2012-08-14 11:47:07 +00:00 · 2012-08-14 11:47:07 +00:00 · 7707ccabfb
commit 7707ccabfb
parent b6c00483e9
1 changed files with 17 additions and 5 deletions
--- a/sys/vm/vm_mmap.c
+++ b/sys/vm/vm_mmap.c
@ -207,11 +207,23 @@ sys_mmap(td, uap)

 	fp = NULL;

-	/* Make sure mapping fits into numeric range, etc. */
-	if ((uap->len == 0 && !SV_CURPROC_FLAG(SV_AOUT) &&
-	     curproc->p_osrel >= P_OSREL_MAP_ANON) ||
-	    ((flags & MAP_ANON) && (uap->fd != -1 || pos != 0)))
-		return (EINVAL);
+	/*
+	 * Enforce the constraints.
+	 * Mapping of length 0 is only allowed for old binaries.
+	 * Anonymous mapping shall specify -1 as filedescriptor and
+	 * zero position for new code. Be nice to ancient a.out
+	 * binaries and correct pos for anonymous mapping, since old
+	 * ld.so sometimes issues anonymous map requests with non-zero
+	 * pos.
+	 */
+	if (!SV_CURPROC_FLAG(SV_AOUT)) {
+		if ((uap->len == 0 && curproc->p_osrel >= P_OSREL_MAP_ANON) ||
+		    ((flags & MAP_ANON) != 0 && (uap->fd != -1 || pos != 0)))
+			return (EINVAL);
+	} else {
+		if ((flags & MAP_ANON) != 0)
+			pos = 0;
+	}

 	if (flags & MAP_STACK) {
 		if ((uap->fd != -1) ||