Fix fault_type handling in vm_map_lookup().

Suppose that the map entry is wired, so that we later assign fault_type = entry->protection. Suppose further that we jump back to RetryLookup. Then fault_type will no longer contain the original fault protection mask, but instead that of the wired entry. Submitted by: Wuyang Chung <wuyang.chung1@gmail.com> Reviewed by: kib MFC after: 3 days Github PR: https://github.com/freebsd/freebsd/pull/419 Differential Revision: https://reviews.freebsd.org/D22683
svn path=/head/; revision=355469
2024-10-17 13:53:39 +00:00 · 2019-12-06 23:39:08 +00:00 · 2019-12-06 23:39:08 +00:00 · a6f21d15dd · 2020-12-20 02:59:44 +00:00
parent 0d9048c3c2
commit a6f21d15dd
1 changed files with 2 additions and 2 deletions
--- a/sys/vm/vm_map.c
+++ b/sys/vm/vm_map.c
@ -4687,7 +4687,7 @@ vm_map_lookup(vm_map_t *var_map,		/* IN/OUT */
 	vm_map_entry_t entry;
 	vm_map_t map = *var_map;
 	vm_prot_t prot;
-	vm_prot_t fault_type = fault_typea;
+	vm_prot_t fault_type;
 	vm_object_t eobject;
 	vm_size_t size;
 	struct ucred *cred;
@ -4731,7 +4731,7 @@ vm_map_lookup(vm_map_t *var_map,		/* IN/OUT */
 		    vm_map_growstack(map, vaddr, entry) == KERN_SUCCESS)
 			goto RetryLookupLocked;
 	}
-	fault_type &= VM_PROT_READ | VM_PROT_WRITE | VM_PROT_EXECUTE;
+	fault_type = fault_typea & VM_PROT_ALL;
 	if ((fault_type & prot) != fault_type || prot == VM_PROT_NONE) {
 		vm_map_unlock_read(map);
 		return (KERN_PROTECTION_FAILURE);