NetBSD Problem Report #52384
From www@NetBSD.org Sun Jul 9 14:39:50 2017
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id 9FEF37A215
for <gnats-bugs@gnats.NetBSD.org>; Sun, 9 Jul 2017 14:39:50 +0000 (UTC)
Message-Id: <20170709143949.A561B7A2A6@mollari.NetBSD.org>
Date: Sun, 9 Jul 2017 14:39:49 +0000 (UTC)
From: n54@gmx.com
Reply-To: n54@gmx.com
To: gnats-bugs@NetBSD.org
Subject: write(2) from a nonreadable memory region returns EACCES
X-Send-Pr-Version: www-1.0
>Number: 52384
>Category: kern
>Synopsis: write(2) from a nonreadable memory region returns EACCES
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: kern-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sun Jul 09 14:40:01 +0000 2017
>Closed-Date: Sun Jul 09 23:45:44 +0000 2017
>Last-Modified: Mon Jul 24 06:05:00 +0000 2017
>Originator: Kamil Rytarowski
>Release: NetBSD 8.99.1 amd64
>Organization:
TNF
>Environment:
NetBSD chieftec 8.99.1 NetBSD 8.99.1 (GENERIC) #5: Sat Jul 1 17:48:34 CEST 2017 root@chieftec:/public/netbsd-root/sys/arch/amd64/compile/GENERIC amd64
>Description:
When using write(2) to write to a file descriptor (pipe(2)) from a memory region that is not readable, the system call returns EACCES.
This differs from Darwin, Linux, OpenBSD, FreeBSD - they return EFAULT.
This behavior breaks part of LLVM sanitizers functionality. There are failing tests that use IsAccessibleMemoryRange() from sanitizer_posix_libcdep.cc.
>How-To-Repeat:
#include <unistd.h>
#include <sys/mman.h>
#include <stdio.h>
#include <errno.h>
#define SIZE 100
int
main(int argc, char **argv)
{
int sock_pair[2];
if (pipe(sock_pair))
return -1;
void *map = mmap(NULL, SIZE, PROT_NONE, MAP_ANON | MAP_PRIVATE, -1, 0);
long bytes_written = write(sock_pair[1], map, SIZE);
printf("map=%p bytes_written=%d errno=%d\n", map, bytes_written, errno);
close(sock_pair[0]);
close(sock_pair[1]);
return 0;
}
>Fix:
Adjust the system call to return EFAULT.
>Release-Note:
>Audit-Trail:
From: "Christos Zoulas" <christos@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/52384 CVS commit: src/sys/uvm
Date: Sun, 9 Jul 2017 16:53:10 -0400
Module Name: src
Committed By: christos
Date: Sun Jul 9 20:53:09 UTC 2017
Modified Files:
src/sys/uvm: uvm_fault.c
Log Message:
PR/52384: make uvm_fault_check() return EFAULT not EACCES, like our man pages
(but not OpenGroup which does not document EFAULT for read/write, and only
documents EACCES for sockets) say for read/write.
To generate a diff of this commit:
cvs rdiff -u -r1.199 -r1.200 src/sys/uvm/uvm_fault.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->closed
State-Changed-By: kamil@NetBSD.org
State-Changed-When: Mon, 10 Jul 2017 01:45:44 +0200
State-Changed-Why:
Fixed by Christos.
LLVM compiler-rt sanitizer common tests (check-sanitizer) works now.
From: "Soren Jacobsen" <snj@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/52384 CVS commit: [netbsd-8] src
Date: Mon, 24 Jul 2017 06:03:42 +0000
Module Name: src
Committed By: snj
Date: Mon Jul 24 06:03:42 UTC 2017
Modified Files:
src/sys/uvm [netbsd-8]: uvm_fault.c
src/tests/lib/libc/sys [netbsd-8]: t_write.c
Log Message:
Pull up following revision(s) (requested by kamil in ticket #120):
sys/uvm/uvm_fault.c: revision 1.200
tests/lib/libc/sys/t_write.c: revision 1.4-1.6
PR/52384: make uvm_fault_check() return EFAULT not EACCES, like our man
pages
(but not OpenGroup which does not document EFAULT for read/write, and onl=
y
documents EACCES for sockets) say for read/write.
--
check for EFAULT on reads and writes to memory with not permission.
--
add munmap
#define for const.
--
add another missing munmap (Kamil)
To generate a diff of this commit:
cvs rdiff -u -r1.199 -r1.199.6.1 src/sys/uvm/uvm_fault.c
cvs rdiff -u -r1.3 -r1.3.6.1 src/tests/lib/libc/sys/t_write.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2014
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.