NetBSD Problem Report #52384

From www@NetBSD.org  Sun Jul  9 14:39:50 2017
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 9FEF37A215
	for <gnats-bugs@gnats.NetBSD.org>; Sun,  9 Jul 2017 14:39:50 +0000 (UTC)
Message-Id: <20170709143949.A561B7A2A6@mollari.NetBSD.org>
Date: Sun,  9 Jul 2017 14:39:49 +0000 (UTC)
From: n54@gmx.com
Reply-To: n54@gmx.com
To: gnats-bugs@NetBSD.org
Subject: write(2) from a nonreadable memory region returns EACCES
X-Send-Pr-Version: www-1.0

>Number:         52384
>Category:       kern
>Synopsis:       write(2) from a nonreadable memory region returns EACCES
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Jul 09 14:40:01 +0000 2017
>Closed-Date:    Sun Jul 09 23:45:44 +0000 2017
>Last-Modified:  Mon Jul 24 06:05:00 +0000 2017
>Originator:     Kamil Rytarowski
>Release:        NetBSD 8.99.1 amd64
>Organization:
TNF
>Environment:
NetBSD chieftec 8.99.1 NetBSD 8.99.1 (GENERIC) #5: Sat Jul  1 17:48:34 CEST 2017  root@chieftec:/public/netbsd-root/sys/arch/amd64/compile/GENERIC amd64
>Description:
When using write(2) to write to a file descriptor (pipe(2)) from a memory region that is not readable, the system call returns EACCES.

This differs from Darwin, Linux, OpenBSD, FreeBSD - they return EFAULT.

This behavior breaks part of LLVM sanitizers functionality. There are failing tests that use IsAccessibleMemoryRange() from sanitizer_posix_libcdep.cc.
>How-To-Repeat:
#include <unistd.h>
#include <sys/mman.h>
#include <stdio.h>
#include <errno.h>

#define SIZE 100

int
main(int argc, char **argv)
{
  int sock_pair[2];
  if (pipe(sock_pair))
    return -1;   
  void *map = mmap(NULL, SIZE, PROT_NONE, MAP_ANON | MAP_PRIVATE, -1, 0);  
  long bytes_written = write(sock_pair[1], map, SIZE); 

  printf("map=%p bytes_written=%d errno=%d\n", map, bytes_written, errno);

  close(sock_pair[0]);         
  close(sock_pair[1]);         
  return 0;     
}
>Fix:
Adjust the system call to return EFAULT.

>Release-Note:

>Audit-Trail:
From: "Christos Zoulas" <christos@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/52384 CVS commit: src/sys/uvm
Date: Sun, 9 Jul 2017 16:53:10 -0400

 Module Name:	src
 Committed By:	christos
 Date:		Sun Jul  9 20:53:09 UTC 2017

 Modified Files:
 	src/sys/uvm: uvm_fault.c

 Log Message:
 PR/52384: make uvm_fault_check() return EFAULT not EACCES, like our man pages
 (but not OpenGroup which does not document EFAULT for read/write, and only
 documents EACCES for sockets) say for read/write.


 To generate a diff of this commit:
 cvs rdiff -u -r1.199 -r1.200 src/sys/uvm/uvm_fault.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: open->closed
State-Changed-By: kamil@NetBSD.org
State-Changed-When: Mon, 10 Jul 2017 01:45:44 +0200
State-Changed-Why:
Fixed by Christos.
LLVM compiler-rt sanitizer common tests (check-sanitizer) works now.


From: "Soren Jacobsen" <snj@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/52384 CVS commit: [netbsd-8] src
Date: Mon, 24 Jul 2017 06:03:42 +0000

 Module Name:	src
 Committed By:	snj
 Date:		Mon Jul 24 06:03:42 UTC 2017

 Modified Files:
 	src/sys/uvm [netbsd-8]: uvm_fault.c
 	src/tests/lib/libc/sys [netbsd-8]: t_write.c

 Log Message:
 Pull up following revision(s) (requested by kamil in ticket #120):
 	sys/uvm/uvm_fault.c: revision 1.200
 	tests/lib/libc/sys/t_write.c: revision 1.4-1.6
 PR/52384: make uvm_fault_check() return EFAULT not EACCES, like our man
 pages
 (but not OpenGroup which does not document EFAULT for read/write, and onl=
 y
 documents EACCES for sockets) say for read/write.
 --
 check for EFAULT on reads and writes to memory with not permission.
 --
 add munmap
 #define for const.
 --
 add another missing munmap (Kamil)


 To generate a diff of this commit:
 cvs rdiff -u -r1.199 -r1.199.6.1 src/sys/uvm/uvm_fault.c
 cvs rdiff -u -r1.3 -r1.3.6.1 src/tests/lib/libc/sys/t_write.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2014 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.