From 249542ac78fa6dca8bf8d66b74b5b6d3e3531140 Mon Sep 17 00:00:00 2001 From: andrew Date: Tue, 13 Oct 2020 10:26:15 +0000 Subject: [PATCH] Fix write only mappings on arm64 When trapping on a wrote access to a buffer the kernel has mapped as write only we should only pass the VM_PROT_WRITE flag. Previously the call to vm_fault_trap as the VM_PROT_READ flag was unexpected. Reported by: manu Sponsored by: Innovate UK --- sys/arm64/arm64/trap.c | 2 +- tests/sys/vm/mmap_test.c | 16 ++++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/sys/arm64/arm64/trap.c b/sys/arm64/arm64/trap.c index 05f08b90cdfe..1330838148d2 100644 --- a/sys/arm64/arm64/trap.c +++ b/sys/arm64/arm64/trap.c @@ -301,7 +301,7 @@ data_abort(struct thread *td, struct trapframe *frame, uint64_t esr, break; default: ftype = (esr & ISS_DATA_WnR) == 0 ? VM_PROT_READ : - VM_PROT_READ | VM_PROT_WRITE; + VM_PROT_WRITE; break; } diff --git a/tests/sys/vm/mmap_test.c b/tests/sys/vm/mmap_test.c index afabb5c41b83..61ede96fc49b 100644 --- a/tests/sys/vm/mmap_test.c +++ b/tests/sys/vm/mmap_test.c @@ -259,6 +259,21 @@ ATF_TC_BODY(mmap__dev_zero_shared, tc) close(fd); } +ATF_TC_WITHOUT_HEAD(mmap__write_only); +ATF_TC_BODY(mmap__write_only, tc) +{ + void *p; + int pagesize; + + ATF_REQUIRE((pagesize = getpagesize()) > 0); + p = mmap(NULL, pagesize, PROT_WRITE, MAP_ANON, -1, 0); + ATF_REQUIRE(p != MAP_FAILED); + + *(volatile uint32_t *)p = 0x12345678; + + munmap(p, pagesize); +} + ATF_TP_ADD_TCS(tp) { @@ -266,6 +281,7 @@ ATF_TP_ADD_TCS(tp) ATF_TP_ADD_TC(tp, mmap__bad_arguments); ATF_TP_ADD_TC(tp, mmap__dev_zero_private); ATF_TP_ADD_TC(tp, mmap__dev_zero_shared); + ATF_TP_ADD_TC(tp, mmap__write_only); return (atf_no_error()); }