This is revision 3 of this patch.
Apply by doing
cd /sys
patch < vm_mmap.patch
Index: vm/vm_mmap.c
===================================================================
RCS file: /cvs/src/sys/vm/vm_mmap.c,v
retrieving revision 1.10
retrieving revision 1.13
diff -u -r1.10 -r1.13
--- vm_mmap.c 1997/11/14 20:56:08 1.10
+++ vm_mmap.c 1998/02/25 22:13:46 1.13
@@ -1,4 +1,4 @@
-/* $OpenBSD: vm_mmap.c,v 1.8 1997/07/25 06:03:08 mickey Exp $ */
+/* $OpenBSD: vm_mmap.c,v 1.13 1998/02/25 22:13:46 deraadt Exp $ */
/* $NetBSD: vm_mmap.c,v 1.47 1996/03/16 23:15:23 christos Exp $ */
/*
@@ -213,8 +213,7 @@
if (fp->f_type != DTYPE_VNODE)
return (EINVAL);
vp = (struct vnode *)fp->f_data;
- if (vp->v_type != VREG && vp->v_type != VCHR)
- return (EINVAL);
+
/*
* XXX hack to handle use of /dev/zero to map anon
* memory (ala SunOS).
@@ -223,6 +222,14 @@
flags |= MAP_ANON;
goto is_anon;
}
+
+ /*
+ * Only files and cdevs are mappable, and cdevs does not
+ * provide private mappings of any kind.
+ */
+ if (vp->v_type != VREG &&
+ (vp->v_type != VCHR || (flags & (MAP_PRIVATE|MAP_COPY))))
+ return (EINVAL);
/*
* Ensure that file and memory protections are
* compatible. Note that we only worry about
@@ -236,13 +243,18 @@
if (fp->f_flag & FREAD)
maxprot |= VM_PROT_READ;
else if (prot & PROT_READ)
+ return (EACCES);
+
+ /*
+ * If we are sharing potential changes (either via MAP_SHARED
+ * or via the implicit sharing of character device mappings),
+ * and we are trying to get write permission although we
+ * opened it without asking for it, bail out.
+ */
+ if (((flags & MAP_SHARED) != 0 || vp->v_type == VCHR) &&
+ (fp->f_flag & FWRITE) == 0 && (prot & PROT_WRITE) != 0)
return (EACCES);
- if (flags & MAP_SHARED) {
- if (fp->f_flag & FWRITE)
- maxprot |= VM_PROT_WRITE;
- else if (prot & PROT_WRITE)
- return (EACCES);
- } else
+ else
maxprot |= VM_PROT_WRITE;
handle = (caddr_t)vp;
} else {
