From 8aaa9468d3aaa2eb250c6d0e8ad3e10ee1e8ca8e Mon Sep 17 00:00:00 2001
From: Hubert Badocha <hubert.badocha@phoenix-rtos.com>
Date: Wed, 21 Aug 2024 15:10:38 +0200
Subject: [PATCH] fix(mprotect): fix mapEntrySplit

Do not call amap_getanons.
Set offset and lmaxgap.

JIRA: RTOS-895
---
 vm/map.c | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/vm/map.c b/vm/map.c
index 7e7d57c5f..e1f6e8f97 100644
--- a/vm/map.c
+++ b/vm/map.c
@@ -747,22 +747,27 @@ int vm_munmap(vm_map_t *map, void *vaddr, size_t size)
 }
 
 
-static void vm_mapEntryCopy(map_entry_t *dst, map_entry_t *src)
+static void vm_mapEntryCopy(map_entry_t *dst, map_entry_t *src, int refAnons)
 {
 	hal_memcpy(dst, src, sizeof(map_entry_t));
-	dst->amap = amap_ref(src->amap);
-	amap_getanons(dst->amap, dst->aoffs, dst->size);
-	dst->object = vm_objectRef(src->object);
+	src->amap = amap_ref(dst->amap);
+	/* In case of splitting the entry the anons shouldn't be reffed as they just change the owner. */
+	if (refAnons != 0) {
+		amap_getanons(dst->amap, dst->aoffs, dst->size);
+	}
+	src->object = vm_objectRef(dst->object);
 }
 
 
 static void vm_mapEntrySplit(process_t *p, vm_map_t *m, map_entry_t *e, map_entry_t *new, size_t len)
 {
-	vm_mapEntryCopy(new, e);
+	vm_mapEntryCopy(new, e, 0);
 
 	new->vaddr += len;
 	new->size -= len;
 	new->aoffs += len;
+	new->offs = (new->offs == -1) ? -1 : (new->offs + len);
+	new->lmaxgap = 0;
 
 	e->size = len;
 	e->rmaxgap = 0;
@@ -1028,7 +1033,7 @@ int vm_mapCopy(process_t *proc, vm_map_t *dst, vm_map_t *src)
 			return -ENOMEM;
 		}
 
-		vm_mapEntryCopy(f, e);
+		vm_mapEntryCopy(f, e, 1);
 		_map_add(proc, dst, f);
 
 		if ((e->prot & PROT_WRITE) && !(e->flags & MAP_DEVICE)) {