Author: markj Date: Fri Dec 6 23:39:08 2019 New Revision: 355469 URL: https://svnweb.freebsd.org/changeset/base/355469
Log: Fix fault_type handling in vm_map_lookup(). Suppose that the map entry is wired, so that we later assign fault_type = entry->protection. Suppose further that we jump back to RetryLookup. Then fault_type will no longer contain the original fault protection mask, but instead that of the wired entry. Submitted by: Wuyang Chung <wuyang.chu...@gmail.com> Reviewed by: kib MFC after: 3 days Github PR: https://github.com/freebsd/freebsd/pull/419 Differential Revision: https://reviews.freebsd.org/D22683 Modified: head/sys/vm/vm_map.c Modified: head/sys/vm/vm_map.c ============================================================================== --- head/sys/vm/vm_map.c Fri Dec 6 22:45:36 2019 (r355468) +++ head/sys/vm/vm_map.c Fri Dec 6 23:39:08 2019 (r355469) @@ -4687,7 +4687,7 @@ vm_map_lookup(vm_map_t *var_map, /* IN/OUT */ vm_map_entry_t entry; vm_map_t map = *var_map; vm_prot_t prot; - vm_prot_t fault_type = fault_typea; + vm_prot_t fault_type; vm_object_t eobject; vm_size_t size; struct ucred *cred; @@ -4731,7 +4731,7 @@ RetryLookupLocked: vm_map_growstack(map, vaddr, entry) == KERN_SUCCESS) goto RetryLookupLocked; } - fault_type &= VM_PROT_READ | VM_PROT_WRITE | VM_PROT_EXECUTE; + fault_type = fault_typea & VM_PROT_ALL; if ((fault_type & prot) != fault_type || prot == VM_PROT_NONE) { vm_map_unlock_read(map); return (KERN_PROTECTION_FAILURE); _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
