If mprotect(2) changed protection in the bottom of the currently grown stack region, currently the changed protection would be used for the stack grow on next fault. This is arguably unexpected. Store the original protection for the entry at mmap(2) time in the offset member of the gap vm_map_entry, and use it for protection of the grown stack region. PR: 272585 Reported by: John F. Carr <jfc@mit.edu>
Details
Diff Detail
- Repository
- rG FreeBSD src repository
- Lint
Lint Skipped - Unit
Tests Skipped
Event Timeline
sys/vm/vm_map.c | ||
---|---|---|
4761 | Instead of applying this subtle reasoning, can we simply load gap_entry->offset into a local variable before potentially deleting the entry? |
I think that the overloading of the vm map entry fields should be mentioned where the structure is defined.
P.S. While looking at this code, I would if it would be beneficial to have vm_map_insert() optionally return the new (or extended) map entry since finding the prev or succ map entry is no longer as trivial as it once was.
sys/vm/vm_map.c | ||
---|---|---|
4496 | Alphabetize. | |
4578–4580 | ||
4757–4760 | Move this comment up to where "prot" is initialized. |
Wouldn't it be better to use an anonymous union with offset as a member, and prot as another?
sys/vm/vm_map.c | ||
---|---|---|
4757–4760 |
Yes, that's the "surprising" statement. |
I'm okay with this. I just reread the mmap(2) description of MAP_STACK, and I don't think that it needs to change to explicitly mention the behavior implemented here. This change implements the behavior that I believe that a reader would most likely expect.
sys/vm/vm_map.c | ||
---|---|---|
4579 |
I'm on the fence. Anonymous unions wouldn't really protect against bugs that can arise from this overloading. I'd wait to see more examples of map entries that need auxiliary fields before trying to change the vm_map_entry type definition.
Anonymous unions are c11 feature, they are not in c99 AFAIR. Although we mostly acccept that kernel requires c11, vm/vm_map.h is user-visible header and should definitely be c99-compliant, if not c89.