Convert CTASSERT(9) for PAGE_{SIZE,MASK} into KASSERT(9).

They are not compile-time constants for sparc.

uvm(9): fo_mmap caller guarantees positive size.

No functional change intended, just sprinkling assertions to make it
clearer.

mmap(2): Assert size != 0 in non-anonymous case.

This is guaranteed by a test earlier; adding the assertion just makes
it clearer that it applies to the branch where we call fo_mmap -- no
functional

mmap(2): Assert size != 0 in non-anonymous case.

This is guaranteed by a test earlier; adding the assertion just makes
it clearer that it applies to the branch where we call fo_mmap -- no
functional change intended.

show more ...

mmap(2): Avoid overflow in rounding and checking size.

mmap(2): If we fail with a hint, try again without it.

`Hint' here means nonzero addr, but no MAP_FIXED or MAP_TRYFIXED.

This is suboptimal -- we could teach uvm_mmap to do a fancier search
using t

mmap(2): If we fail with a hint, try again without it.

`Hint' here means nonzero addr, but no MAP_FIXED or MAP_TRYFIXED.

This is suboptimal -- we could teach uvm_mmap to do a fancier search
using the address as a hint. But this should do for now.

Candidate fix for PR kern/55533.

show more ...

Revert "mmap(2): If we fail with a hint, try again without it."

This doesn't work, because uvm_mmap releases the uobj when it fails.
Should factor this more coherently, but let's just revert for now

Revert "mmap(2): If we fail with a hint, try again without it."

This doesn't work, because uvm_mmap releases the uobj when it fails.
Should factor this more coherently, but let's just revert for now.

Reported-by: syzbot+d347c8951821b236117a@syzkaller.appspotmail.com
Reported-by: syzbot+7643d1b769fdfa18c3b2@syzkaller.appspotmail.com
Reported-by: syzbot+44f4b39671dd580cba5c@syzkaller.appspotmail.com
Reported-by: syzbot+b5a422299ca4ffe8570c@syzkaller.appspotmail.com
Reported-by: syzbot+22681822db67b6e90cfb@syzkaller.appspotmail.com
Reported-by: syzbot+e59f493ceef72b925a17@syzkaller.appspotmail.com
Reported-by: syzbot+666f3fe8364f47e8641b@syzkaller.appspotmail.com
Reported-by: syzbot+511d4572f52f1fd9b5cc@syzkaller.appspotmail.com

show more ...

mmap(2): If we fail with a hint, try again without it.

`Hint' here means nonzero addr, but no MAP_FIXED or MAP_TRYFIXED.

This is suboptimal -- we could teach uvm_mmap to do a fancier search
using t

mmap(2): If we fail with a hint, try again without it.

`Hint' here means nonzero addr, but no MAP_FIXED or MAP_TRYFIXED.

This is suboptimal -- we could teach uvm_mmap to do a fancier search
using the address as a hint. But this should do for now.

Candidate fix for PR kern/55533.

ok chs@

show more ...

Make mmap() with "len == 0" an error if not MAP_ANON. We should return
an error for MAP_ANON too but unfortunately our /libexec/ld.elf_so
sometimes creates an empty anon mapping for the bss of a sha

Make mmap() with "len == 0" an error if not MAP_ANON. We should return
an error for MAP_ANON too but unfortunately our /libexec/ld.elf_so
sometimes creates an empty anon mapping for the bss of a shared library.

At least FreeBSD and Solaris return this error too and according to POSIX
"If len is zero, mmap() shall fail and no mapping shall be established".

Fixes PR pkg/56338 Installing qt5-qtdeclarative leaves a dangling reference

The dangling reference here originates from vn_mmap() taking a vnode
reference for this empty mapping that will never be released.

show more ...

need <sys/param.h> for COHERENCY_UNIT

Minor KNF along the way.

UVM locking changes, proposed on tech-kern:

- Change the lock on uvm_object, vm_amap and vm_anon to be a RW lock.
- Break v_interlock and vmobjlock apart. v_interlock remains a mutex.
- Do partial

UVM locking changes, proposed on tech-kern:

- Change the lock on uvm_object, vm_amap and vm_anon to be a RW lock.
- Break v_interlock and vmobjlock apart. v_interlock remains a mutex.
- Do partial PV list locking in the x86 pmap. Others to follow later.

show more ...

Avoid left shift changing the signedness flag

Reviewed by <mrg>

Reported-by: syzbot+25ac03024cedf27f3368@syzkaller.appspotmail.com

Change 'npgs' from int to size_t. Otherwise the 64bit->32bit conversion
could lead to npgs=0, which is not expected. It later triggers a panic
in uvm_vsunlock().

Found by TriforceAFL (Akul Pillai).

Overhaul the API used to fetch and store individual memory cells in
userspace. The old fetch(9) and store(9) APIs (fubyte(), fuword(),
subyte(), suword(), etc.) are retired and replaced with new ufe

Overhaul the API used to fetch and store individual memory cells in
userspace. The old fetch(9) and store(9) APIs (fubyte(), fuword(),
subyte(), suword(), etc.) are retired and replaced with new ufetch(9)
and ustore(9) APIs that can return proper error codes, etc. and are
implemented consistently across all platforms. The interrupt-safe
variants are no longer supported (and several of the existing attempts
at fuswintr(), etc. were buggy and not actually interrupt-safe).

Also augmement the ucas(9) API, making it consistently available on
all plaforms, supporting uniprocessor and multiprocessor systems, even
those that do not have CAS or LL/SC primitives.

Welcome to NetBSD 8.99.37.

show more ...

unify rounding and range checking.

Avoid a panic from the sequence

mlock(buf, 0);
munlock(buf, 0);
mlock(buf, page);
munlock(buf, page);

where buf is page aligned, and page is actually anything > 0
(but not too big) which will g

Avoid a panic from the sequence

mlock(buf, 0);
munlock(buf, 0);
mlock(buf, page);
munlock(buf, page);

where buf is page aligned, and page is actually anything > 0
(but not too big) which will get rounded up to the next multiple
of the page size.

In that sequence, it is possible that the 1st munlock() is optional.

Add a KASSERT() (or two) to detect the first effects of the problem
(without that, or in !DIAGNOSTIC kernels) the problem eventually
causes some kind of problem or other (most often still a panic.)

After this, mlock(anything, 0) (or munlock) validates "anything"
but is otherwise a no-op (regardless of the alignment of anything).

Also, don't treat mlock(buf, verybig) as equivalent to mlock(buf, 0)
which is (more or less) what we had been doing.

XXX pullup -8 (maybe -7 as well, need to check).

show more ...

Drop SYS_sbrk

sbrk - change data segment size

This syscall is dummy since the inception of the project.

Sponsored by <The NetBSD Foundation>

Drop the sstk(2) syscall stub

sstk - change stack section size

This functionality has never been implemented and is a remnant from 16-bit
UNIX. This stub appeared with the first NetBSD commit.

Spo

Drop the sstk(2) syscall stub

sstk - change stack section size

This functionality has never been implemented and is a remnant from 16-bit
UNIX. This stub appeared with the first NetBSD commit.

Sponsored by <The NetBSD Foundation>

show more ...

[syzkaller] Fix for PR #52658 as suggested by riastradh@

The bug was found by Dmitry Vyukov (dvyukov@google.com)
using syzkaller and was tested by me on a VM running
8.99.5

MAP_FIXED means something different for mremap() than it does for mmap(),
so we cannot use UVM_FLAG_FIXED to specify both behaviors.
keep UVM_FLAG_FIXED with its earlier meaning (prior to my previous

MAP_FIXED means something different for mremap() than it does for mmap(),
so we cannot use UVM_FLAG_FIXED to specify both behaviors.
keep UVM_FLAG_FIXED with its earlier meaning (prior to my previous change)
of whether to use uvm_map_findspace() to locate space for the new mapping or
to use the hint address that the caller passed in, and add a new flag
UVM_FLAG_UNMAP to indicate that any existing entries in the range should be
unmapped as part of creating the new mapping. the new UVM_FLAG_UNMAP flag
may only be used if UVM_FLAG_FIXED is also specified.

show more ...

make MAP_FIXED mapping operations atomic. fixes PR 52239.
previously, unmapping any entries being replaced was done separately
from entering the new mapping, which allowed another thread doing
a non-

make MAP_FIXED mapping operations atomic. fixes PR 52239.
previously, unmapping any entries being replaced was done separately
from entering the new mapping, which allowed another thread doing
a non-MAP_FIXED mapping to allocate the range out from under the
MAP_FIXED thread.

show more ...

Extend the mmap(2) interface to allow requesting protections for later
use with mprotect(2), but without enabling them immediately.

Extend the mremap(2) interface to allow duplicating mappings, i.e.

Extend the mmap(2) interface to allow requesting protections for later
use with mprotect(2), but without enabling them immediately.

Extend the mremap(2) interface to allow duplicating mappings, i.e.
create a second range of virtual addresses references the same physical
pages. Duplicated mappings can have different effective protections.

Adjust PAX mprotect logic to disallow effective protections of W&X, but
allow one mapping W and another X protections. This obsoletes using
temporary files for purposes like JIT.

Adjust PAX logic for mmap(2) and mprotect(2) to fail if W&X is requested
and not silently drop the X protection.

Improve test cases to ensure correct operation of the changed
interfaces.

show more ...

MAP_COPY is handled in compat

The only error that can occur from munlock() on NetBSD is ENOMEM.
Make it be that way.

KNF a little.

Explicitly return syscall-specific error codes, instead of the ones given
by range_test. This fixes msync, mlock and munlock, which all return EINVAL
instead of ENOMEM if the address is not in the va

Explicitly return syscall-specific error codes, instead of the ones given
by range_test. This fixes msync, mlock and munlock, which all return EINVAL
instead of ENOMEM if the address is not in the va space.

It should also fix the recent ATF failures.

show more ...