From 60221a5701f83de91c418766e3ccae2c8d4020b5 Mon Sep 17 00:00:00 2001
From: Alan Cox <alc@FreeBSD.org>
Date: Fri, 1 Jun 2018 21:37:42 +0000
Subject: [PATCH] Only a small subset of mmap(2)'s flags should be used in
 combination with the flag MAP_GUARD.  Rather than enumerating the flags that
 are not allowed, enumerate the flags that are allowed.  The list of allowed
 flags is much shorter and less likely to change.  (As an aside, one of the
 previously enumerated flags, MAP_PREFAULT, was not even a legal flag for
 mmap(2).  However, because of an earlier check within kern_mmap(), this
 misuse of MAP_PREFAULT was harmless.)

Reviewed by:	kib
MFC after:	10 days
---
 sys/vm/vm_mmap.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sys/vm/vm_mmap.c b/sys/vm/vm_mmap.c
index ed7a624be75e..c0d339cc5752 100644
--- a/sys/vm/vm_mmap.c
+++ b/sys/vm/vm_mmap.c
@@ -241,8 +241,8 @@ kern_mmap(struct thread *td, uintptr_t addr0, size_t size, int prot, int flags,
 	    (prot & ~(PROT_READ | PROT_WRITE | PROT_EXEC)) != 0)
 		return (EINVAL);
 	if ((flags & MAP_GUARD) != 0 && (prot != PROT_NONE || fd != -1 ||
-	    pos != 0 || (flags & (MAP_SHARED | MAP_PRIVATE | MAP_PREFAULT |
-	    MAP_PREFAULT_READ | MAP_ANON | MAP_STACK)) != 0))
+	    pos != 0 || (flags & ~(MAP_FIXED | MAP_GUARD | MAP_EXCL |
+	    MAP_32BIT | MAP_ALIGNMENT_MASK)) != 0))
 		return (EINVAL);
 
 	/*