d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
bcc537c59d
freebsd-nq/sys/vm
History
Konstantin Belousov 987ff18184 Consistently handle negative or wrapping offsets in the mmap(2) syscalls. 
For regular files and posix shared memory, POSIX requires that
[offset, offset + size) range is legitimate.  At the maping time,
check that offset is not negative.  Allowing negative offsets might
expose the data that filesystem put into vm_object for internal use,
esp. due to OFF_TO_IDX() signess treatment.  Fault handler verifies
that the mapped range is valid, assuming that mmap(2) checked that
arithmetic gives no undefined results.

For device mappings, leave the semantic of negative offsets to the
driver.  Correct object page index calculation to not erronously
propagate sign.

In either case, disallow overflow of offset + size.

Update mmap(2) man page to explain the requirement of the range
validity, and behaviour when the range becomes invalid after mapping.

Reported and tested by:	royger (previous version)
Reviewed by:	alc
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
2017-02-12 21:05:44 +00:00
..
_vm_radix.h During vm_page_cache()'s call to vm_radix_insert(), if vm_page_alloc() was 2016-12-01 17:26:37 +00:00
default_pager.c Provide introductory description of the default pager. 2016-12-14 23:36:32 +00:00
device_pager.c Consistently handle negative or wrapping offsets in the mmap(2) syscalls. 2017-02-12 21:05:44 +00:00
memguard.c Include sys/_task.h into uma_int.h, so that taskqueue.h isn't a 2016-02-09 20:22:35 +00:00
memguard.h
phys_pager.c Implement the populate() pager method for phys pager. 2016-12-08 11:35:53 +00:00
pmap.h Various changes to pmap_ts_referenced() 2016-09-10 16:49:25 +00:00
redzone.c
redzone.h
sg_pager.c Consistently handle negative or wrapping offsets in the mmap(2) syscalls. 2017-02-12 21:05:44 +00:00
swap_pager.c Add a page queue for holding dirty anonymous unswappable pages. 2017-01-03 00:05:44 +00:00
swap_pager.h Add a page queue for holding dirty anonymous unswappable pages. 2017-01-03 00:05:44 +00:00
uma_core.c Print flags in hex instead of decimal. 2017-01-02 16:50:52 +00:00
uma_dbg.c Fix memguard(9) in kernels with INVARIANTS enabled. 2016-06-01 22:31:35 +00:00
uma_dbg.h Move uma_dbg_alloc() and uma_dbg_free() into uma_core.c, which allows 2016-02-03 22:02:36 +00:00
uma_int.h Autotune the number of pages set aside for UMA startup based on the number 2016-07-07 18:37:12 +00:00
uma.h Replace a number of conflations of mp_ncpus and mp_maxid with either 2016-07-06 14:09:49 +00:00
vm_domain.c Remove cpu_spinwait after seq_consistent. 2016-12-30 06:26:17 +00:00
vm_domain.h Add an initial NUMA affinity/policy configuration for threads and processes. 2015-07-11 15:21:37 +00:00
vm_extern.h Change type of the prot parameter for kern_vm_mmap() from vm_prot_t to int. 2017-02-11 20:27:39 +00:00
vm_fault.c Fix two similar bugs in the populate vm_fault() code. 2016-12-30 18:55:33 +00:00
vm_glue.c Eliminate unneeded vm_page_xbusy() and vm_page_xunbusy() operations when 2016-08-14 22:00:45 +00:00
vm_init.c Remove a redundant use of min(). 2017-01-05 03:13:45 +00:00
vm_kern.c Add a small allocator for exec_map entries. 2017-01-05 01:44:12 +00:00
vm_kern.h Add a small allocator for exec_map entries. 2017-01-05 01:44:12 +00:00
vm_map.c Style fixes for vm_map_insert(). 2017-01-01 18:49:46 +00:00
vm_map.h Change the type of the map entry's next_read field from a vm_pindex_t to a 2016-07-07 20:58:16 +00:00
vm_meter.c Remove redundancy in vmtotal(). 2016-12-26 19:29:04 +00:00
vm_mmap.c Change type of the prot parameter for kern_vm_mmap() from vm_prot_t to int. 2017-02-11 20:27:39 +00:00
vm_object.c Avoid page lookups in the top-level object in vm_object_madvise(). 2017-01-30 18:51:43 +00:00
vm_object.h Consistently handle negative or wrapping offsets in the mmap(2) syscalls. 2017-02-12 21:05:44 +00:00
vm_page.c Over the years, the code and comments in vm_page_startup() have diverged in 2017-02-04 05:23:10 +00:00
vm_page.h Move bogus_page declaration to vm_page.h and initialization to vm_page.c. 2017-01-04 22:27:19 +00:00
vm_pageout.c Add a page queue for holding dirty anonymous unswappable pages. 2017-01-03 00:05:44 +00:00
vm_pageout.h The flag "vm_pages_needed" has long served two distinct purposes: (1) to 2016-05-27 19:15:45 +00:00
vm_pager.c Move bogus_page declaration to vm_page.h and initialization to vm_page.c. 2017-01-04 22:27:19 +00:00
vm_pager.h Add a new populate() pager method and extend device pager ops vector 2016-12-08 11:26:11 +00:00
vm_param.h Remove the v_cache_min and v_cache_max sysctls. They are unused and have 2015-09-11 03:00:20 +00:00
vm_phys.c Ifdef out the unused vm_rr_selectdomain(). 2017-02-02 17:44:55 +00:00
vm_phys.h Remove support for idle page zeroing. 2016-09-03 20:38:13 +00:00
vm_radix.c Previously, vm_radix_remove() would panic if the radix trie didn't 2016-12-08 04:29:29 +00:00
vm_radix.h Previously, vm_radix_remove() would panic if the radix trie didn't 2016-12-08 04:29:29 +00:00
vm_reserv.c Relax the object type restrictions on vm_page_alloc_contig(). Specifically, 2016-12-28 18:32:13 +00:00
vm_reserv.h Relax the object type restrictions on vm_page_alloc_contig(). Specifically, 2016-12-28 18:32:13 +00:00
vm_unix.c Implement lockless resource limits. 2015-06-10 10:48:12 +00:00
vm.h Add new bus methods for mapping resources. 2016-05-20 17:57:47 +00:00
vnode_pager.c Fix the contiguity once more. 2017-01-12 20:26:02 +00:00
vnode_pager.h A change to KPI of vm_pager_get_pages() and underlying VOP_GETPAGES(). 2015-12-16 21:30:45 +00:00