Fix write only mappings on arm64

When trapping on a wrote access to a buffer the kernel has mapped as write only we should only pass the VM_PROT_WRITE flag. Previously the call to vm_fault_trap as the VM_PROT_READ flag was unexpected. Reported by: manu Sponsored by: Innovate UK
2020-10-13 10:26:15 +00:00 · 2020-10-13 10:26:15 +00:00 · f56a08c810
commit f56a08c810
parent 2cef3afd7b
2 changed files with 17 additions and 1 deletions
--- a/sys/arm64/arm64/trap.c
+++ b/sys/arm64/arm64/trap.c
@ -301,7 +301,7 @@ data_abort(struct thread *td, struct trapframe *frame, uint64_t esr,
 		break;
 	default:
 		ftype = (esr & ISS_DATA_WnR) == 0 ? VM_PROT_READ :
-		    VM_PROT_READ | VM_PROT_WRITE;
+		    VM_PROT_WRITE;
 		break;
 	}
--- a/tests/sys/vm/mmap_test.c
+++ b/tests/sys/vm/mmap_test.c
@ -259,6 +259,21 @@ ATF_TC_BODY(mmap__dev_zero_shared, tc)
 	close(fd);
 }
 ATF_TC_WITHOUT_HEAD(mmap__write_only);
 ATF_TC_BODY(mmap__write_only, tc)
 {
 	void *p;
 	int pagesize;
 	ATF_REQUIRE((pagesize = getpagesize()) > 0);
 	p = mmap(NULL, pagesize, PROT_WRITE, MAP_ANON, -1, 0);
 	ATF_REQUIRE(p != MAP_FAILED);
 	*(volatile uint32_t *)p = 0x12345678;
 	munmap(p, pagesize);
 }
 ATF_TP_ADD_TCS(tp)
 {
@ -266,6 +281,7 @@ ATF_TP_ADD_TCS(tp)
 	ATF_TP_ADD_TC(tp, mmap__bad_arguments);
 	ATF_TP_ADD_TC(tp, mmap__dev_zero_private);
 	ATF_TP_ADD_TC(tp, mmap__dev_zero_shared);
 	ATF_TP_ADD_TC(tp, mmap__write_only);
 	return (atf_no_error());
 }