NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: kern/57622: memfd mmap does not work for requests < page size
The following reply was made to PR kern/57622; it has been noted by GNATS.
From: mlelstv%serpens.de@localhost (Michael van Elst)
To: gnats-bugs%netbsd.org@localhost
Cc:
Subject: Re: kern/57622: memfd mmap does not work for requests < page size
Date: Sun, 22 Feb 2026 14:46:52 -0000 (UTC)
gnats-admin%NetBSD.org@localhost ("Robert Bagdan via gnats") writes:
>The following reply was made to PR kern/57622; it has been noted by GNATS.
> The mmap() call memfd_mmap(), where:
>
> KASSERT(*offp =3D=3D round_page(*offp));
> KASSERT(size =3D=3D round_page(size));
>
> and the following check then fails:
>
> if (*offp + size > mfd->mfd_size) {
> error =3D EINVAL;
> goto leave;
> }
>
> where mfd_size is still 2304, while size is already rounded up to 4096.
Maybe this:
Index: sys/kern/sys_memfd.c
===================================================================
RCS file: /cvsroot/src/sys/kern/sys_memfd.c,v
retrieving revision 1.13
diff -p -u -r1.13 sys_memfd.c
--- sys/kern/sys_memfd.c 15 Nov 2025 19:02:26 -0000 1.13
+++ sys/kern/sys_memfd.c 22 Feb 2026 14:43:10 -0000
@@ -337,6 +337,7 @@ memfd_mmap(file_t *fp, off_t *offp, size
{
struct memfd *mfd = fp->f_memfd;
int error = 0;
+ size_t maxoff;
/* uvm_mmap guarantees page-aligned offset and size. */
KASSERT(*offp == round_page(*offp));
@@ -349,7 +350,9 @@ memfd_mmap(file_t *fp, off_t *offp, size
error = EINVAL;
goto leave;
}
- if (*offp + size > mfd->mfd_size) {
+
+ maxoff = round_page(mfd->mfd_size);
+ if (size > maxoff - *offp) {
error = EINVAL;
goto leave;
}
@@ -360,6 +363,12 @@ memfd_mmap(file_t *fp, off_t *offp, size
goto leave;
}
+ /* Zero fill end of partial page */
+ if (size > mfd->mfd_size - *offp) {
+ ubc_zerorange(mfd->mfd_uobj, mfd->mfd_size,
+ *offp + size - mfd->mfd_size, 0);
+ }
+
uao_reference(fp->f_memfd->mfd_uobj);
*uobjp = fp->f_memfd->mfd_uobj;
Home |
Main Index |
Thread Index |
Old Index