diff options
author | Konstantin Belousov <kib@FreeBSD.org> | 2012-02-17 23:47:16 +0000 |
---|---|---|
committer | Konstantin Belousov <kib@FreeBSD.org> | 2012-02-17 23:47:16 +0000 |
commit | 3494f31ad2f19dd3cd47c609560a6a116b8e015d (patch) | |
tree | 8d01d9dbb96b87e94aed60c4fc7d2b35c530a0c8 /sys/compat/svr4/imgact_svr4.c | |
parent | 45cbfcdabc4ce68336116bacf93dcc6abbb76656 (diff) | |
download | src-3494f31ad2f19dd3cd47c609560a6a116b8e015d.tar.gz src-3494f31ad2f19dd3cd47c609560a6a116b8e015d.zip |
Fix misuse of the kernel map in miscellaneous image activators.
Vnode-backed mappings cannot be put into the kernel map, since it is a
system map.
Use exec_map for transient mappings, and remove the mappings with
kmem_free_wakeup() to notify the waiters on available map space.
Do not map the whole executable into KVA at all to copy it out into
usermode. Directly use vn_rdwr() for the case of not page aligned
binary.
There is one place left where the potentially unbounded amount of data
is mapped into exec_map, namely, in the COFF image activator
enumeration of the needed shared libraries.
Reviewed by: alc
MFC after: 2 weeks
Notes
Notes:
svn path=/head/; revision=231885
Diffstat (limited to 'sys/compat/svr4/imgact_svr4.c')
-rw-r--r-- | sys/compat/svr4/imgact_svr4.c | 26 |
1 files changed, 10 insertions, 16 deletions
diff --git a/sys/compat/svr4/imgact_svr4.c b/sys/compat/svr4/imgact_svr4.c index 9b19ec35e204..69e88900622a 100644 --- a/sys/compat/svr4/imgact_svr4.c +++ b/sys/compat/svr4/imgact_svr4.c @@ -66,8 +66,8 @@ exec_svr4_imgact(imgp) struct vmspace *vmspace; vm_offset_t vmaddr; unsigned long virtual_offset, file_offset; - vm_offset_t buffer; unsigned long bss_size; + ssize_t aresid; int error; if (((a_out->a_magic >> 16) & 0xff) != 0x64) @@ -145,21 +145,15 @@ exec_svr4_imgact(imgp) if (error) goto fail; - error = vm_mmap(kernel_map, &buffer, - round_page(a_out->a_text + a_out->a_data + file_offset), - VM_PROT_READ, VM_PROT_READ, 0, - OBJT_VNODE, imgp->vp, trunc_page(file_offset)); - if (error) - goto fail; - - error = copyout((caddr_t)(buffer + file_offset), (caddr_t)vmaddr, - a_out->a_text + a_out->a_data); - - vm_map_remove(kernel_map, buffer, - buffer + round_page(a_out->a_text + a_out->a_data + file_offset)); - - if (error) - goto fail; + error = vn_rdwr(UIO_READ, imgp->vp, (void *)vmaddr, file_offset, + a_out->a_text + a_out->a_data, UIO_USERSPACE, 0, + curthread->td_ucred, NOCRED, &aresid, curthread); + if (error != 0) + goto fail; + if (aresid != 0) { + error = ENOEXEC; + goto fail; + } /* * remove write enable on the 'text' part |