From abd1094f175810ed5ec686a897d27fae63d1ca87 Mon Sep 17 00:00:00 2001 From: kib Date: Fri, 17 Feb 2012 23:47:16 +0000 Subject: Fix misuse of the kernel map in miscellaneous image activators. Vnode-backed mappings cannot be put into the kernel map, since it is a system map. Use exec_map for transient mappings, and remove the mappings with kmem_free_wakeup() to notify the waiters on available map space. Do not map the whole executable into KVA at all to copy it out into usermode. Directly use vn_rdwr() for the case of not page aligned binary. There is one place left where the potentially unbounded amount of data is mapped into exec_map, namely, in the COFF image activator enumeration of the needed shared libraries. Reviewed by: alc MFC after: 2 weeks --- sys/compat/linux/linux_misc.c | 34 ++++++++++++---------------------- 1 file changed, 12 insertions(+), 22 deletions(-) (limited to 'sys/compat/linux/linux_misc.c') diff --git a/sys/compat/linux/linux_misc.c b/sys/compat/linux/linux_misc.c index dacfb69..d8ce2a8 100644 --- a/sys/compat/linux/linux_misc.c +++ b/sys/compat/linux/linux_misc.c @@ -229,9 +229,9 @@ linux_uselib(struct thread *td, struct linux_uselib_args *args) struct vattr attr; vm_offset_t vmaddr; unsigned long file_offset; - vm_offset_t buffer; unsigned long bss_size; char *library; + ssize_t aresid; int error; int locked, vfslocked; @@ -308,8 +308,8 @@ linux_uselib(struct thread *td, struct linux_uselib_args *args) if (error) goto cleanup; - /* Pull in executable header into kernel_map */ - error = vm_mmap(kernel_map, (vm_offset_t *)&a_out, PAGE_SIZE, + /* Pull in executable header into exec_map */ + error = vm_mmap(exec_map, (vm_offset_t *)&a_out, PAGE_SIZE, VM_PROT_READ, VM_PROT_READ, 0, OBJT_VNODE, vp, 0); if (error) goto cleanup; @@ -402,24 +402,15 @@ linux_uselib(struct thread *td, struct linux_uselib_args *args) if (error) goto cleanup; - /* map file into kernel_map */ - error = vm_mmap(kernel_map, &buffer, - round_page(a_out->a_text + a_out->a_data + file_offset), - VM_PROT_READ, VM_PROT_READ, 0, OBJT_VNODE, vp, - trunc_page(file_offset)); - if (error) + error = vn_rdwr(UIO_READ, vp, (void *)vmaddr, file_offset, + a_out->a_text + a_out->a_data, UIO_USERSPACE, 0, + td->td_ucred, NOCRED, &aresid, td); + if (error != 0) goto cleanup; - - /* copy from kernel VM space to user space */ - error = copyout(PTRIN(buffer + file_offset), - (void *)vmaddr, a_out->a_text + a_out->a_data); - - /* release temporary kernel space */ - vm_map_remove(kernel_map, buffer, buffer + - round_page(a_out->a_text + a_out->a_data + file_offset)); - - if (error) + if (aresid != 0) { + error = ENOEXEC; goto cleanup; + } } else { #ifdef DEBUG printf("uselib: Page aligned binary %lu\n", file_offset); @@ -463,10 +454,9 @@ cleanup: VFS_UNLOCK_GIANT(vfslocked); } - /* Release the kernel mapping. */ + /* Release the temporary mapping. */ if (a_out) - vm_map_remove(kernel_map, (vm_offset_t)a_out, - (vm_offset_t)a_out + PAGE_SIZE); + kmem_free_wakeup(exec_map, (vm_offset_t)a_out, PAGE_SIZE); return (error); } -- cgit v1.1