[Bug,656285] Re: arm-semi mishandling SYS_HEAPINFO

Message ID	AANLkTi=dtGEDBOOq2iYD-1Cbp0aT3DGHYDX51mAcECJL@mail.gmail.com
State	New
Headers	show Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Date: Sat, 27 Nov 2010 20:06:38 -0000 From: Peter Maydell <peter.maydell@linaro.org> To: qemu-devel@nongnu.org References: <20101007125628.8009.23815.malonedeb@soybean.canonical.com> <20101127192930.5365.13234.malone@potassium.ubuntu.com> Message-Id: <AANLkTi=dtGEDBOOq2iYD-1Cbp0aT3DGHYDX51mAcECJL@mail.gmail.com> Subject: Re: [Qemu-devel] [Bug 656285] Re: arm-semi mishandling SYS_HEAPINFO Precedence: bulk Reply-To: Bug 656285 <656285@bugs.launchpad.net> Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Message ID

AANLkTi=dtGEDBOOq2iYD-1Cbp0aT3DGHYDX51mAcECJL@mail.gmail.com

State

New

Headers

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Date: Sat, 27 Nov 2010 20:06:38 -0000
From: Peter Maydell <peter.maydell@linaro.org>
To: qemu-devel@nongnu.org
References: <20101007125628.8009.23815.malonedeb@soybean.canonical.com>
	<20101127192930.5365.13234.malone@potassium.ubuntu.com>
Message-Id: <AANLkTi=dtGEDBOOq2iYD-1Cbp0aT3DGHYDX51mAcECJL@mail.gmail.com>
Subject: Re: [Qemu-devel] [Bug 656285] Re: arm-semi mishandling SYS_HEAPINFO
Precedence: bulk
Reply-To: Bug 656285 <656285@bugs.launchpad.net>
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

Commit Message

Peter Maydell Nov. 27, 2010, 8:06 p.m. UTC

On 27 November 2010 19:29, Brian Harring <ferringb@gmail.com> wrote:
> Look through linux-user/syscall.c; looks like the flaw is more in do_brk
> itself.  Invocations of do_brk *appear* to all assume that it's
> basically brk like in it's behaviour- -1 on failure, else a non-negative
> value of what the size now is.

I think this is wrong. The primary user of do_brk() is the Linux
user system call emulation, so do_brk()'s semantics follow
those of the kernel implemented syscall. (This is different from
those of the brk() library routine, hence the confusion.) That means
it returns the old brk value on failure, not -1. [This is documented
in the NOTES section of the Linux brk(2) manpage, or you can
look at the kernel sources.]

You could argue that this is a bit unhelpful for platform-independent
code like the ARM semihosting routines which end up coding to
an API which might be platform-dependent between linux-user
and some-other-user modes...

-- PMM

--- arm-semi.c.orig     2010-09-21 13:19:15.000000000 +0100
+++ arm-semi.c  2010-10-07 13:23:13.000000000 +0100
@@ -475,7 +475,7 @@ 
                 /* Try a big heap, and reduce the size if that fails.  */
                 for (;;) {
                     ret = do_brk(limit);
-                    if (ret != -1)
+                    if (ret == limit)
                         break;
                     limit = (ts->heap_base >> 1) + (limit >> 1);
                 }

[Bug,656285] Re: arm-semi mishandling SYS_HEAPINFO

Commit Message

Patch