From patchwork Fri Oct 27 18:09:20 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Thomas Huth <1728116@bugs.launchpad.net>
X-Patchwork-Id: 831441
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=pass (mailfrom) smtp.mailfrom=nongnu.org
	(client-ip=2001:4830:134:3::11; helo=lists.gnu.org;
	envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;
	receiver=<UNKNOWN>)
Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 3yNsdQ3vjYz9t48
	for <incoming@patchwork.ozlabs.org>;
	Sat, 28 Oct 2017 05:21:14 +1100 (AEDT)
Received: from localhost ([::1]:58545 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from
	<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)
	id 1e89Fo-0007ve-Ly
	for incoming@patchwork.ozlabs.org; Fri, 27 Oct 2017 14:21:12 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:50099)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bounces@canonical.com>) id 1e89FS-0007vJ-3q
	for qemu-devel@nongnu.org; Fri, 27 Oct 2017 14:20:51 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <bounces@canonical.com>) id 1e89FN-0006rg-7t
	for qemu-devel@nongnu.org; Fri, 27 Oct 2017 14:20:50 -0400
Received: from indium.canonical.com ([91.189.90.7]:33146)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <bounces@canonical.com>)
	id 1e89FN-0006rI-1P
	for qemu-devel@nongnu.org; Fri, 27 Oct 2017 14:20:45 -0400
Received: from loganberry.canonical.com ([91.189.90.37])
	by indium.canonical.com with esmtp (Exim 4.86_2 #2 (Debian))
	id 1e89FM-00064V-1J
	for <qemu-devel@nongnu.org>; Fri, 27 Oct 2017 18:20:44 +0000
Received: from loganberry.canonical.com (localhost [127.0.0.1])
	by loganberry.canonical.com (Postfix) with ESMTP id F1B5F2E80CB
	for <qemu-devel@nongnu.org>; Fri, 27 Oct 2017 18:20:43 +0000 (UTC)
MIME-Version: 1.0
Date: Fri, 27 Oct 2017 18:09:20 -0000
From: Thomas Moschny <1728116@bugs.launchpad.net>
To: qemu-devel@nongnu.org
X-Launchpad-Notification-Type: bug
X-Launchpad-Bug: product=qemu; status=New; importance=Undecided;
	assignee=None;
X-Launchpad-Bug-Information-Type: Public
X-Launchpad-Bug-Private: no
X-Launchpad-Bug-Security-Vulnerability: no
X-Launchpad-Bug-Commenters: moschny
X-Launchpad-Bug-Reporter: Thomas Moschny (moschny)
X-Launchpad-Bug-Modifier: Thomas Moschny (moschny)
Message-Id: 
 <150912776103.20350.959452179379767829.malonedeb@soybean.canonical.com>
X-Launchpad-Message-Rationale: Subscriber (QEMU) @qemu-devel-ml
X-Launchpad-Message-For: qemu-devel-ml
Precedence: bulk
X-Generated-By: Launchpad (canonical.com); Revision="18493";
	Instance="launchpad-lazr.conf"
X-Launchpad-Hash: 90f688a4515e9e410116cf75eface7b628e92475
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
	[fuzzy]
X-Received-From: 91.189.90.7
Subject: [Qemu-devel] [Bug 1728116] [NEW] Empty /proc/self/auxv (linux-user)
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Reply-To: Bug 1728116 <1728116@bugs.launchpad.net>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: "Qemu-devel"
	<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>

Public bug reported:

The userspace Linux API virtualization used to fake access to
/proc/self/auxv, to provide meaningful data for the guest process.

For newer qemu versions, this fails: The openat() is intercepted, but
there's no content: /proc/self/auxv has length zero (i.e. reading from
it returns 0 bytes).

Good:

$ x86_64-linux-user/qemu-x86_64 /usr/bin/cat /proc/self/auxv | wc -c
256 /proc/self/auxv

Bad:

$ x86_64-linux-user/qemu-x86_64 /usr/bin/cat /proc/self/auxv | wc -c
0 /proc/self/auxv

This worked in 2.7.1, and fails in 2.10.1.

This causes e.g. any procps-ng-based tool to segfault while reading from
/proc/self/auxv in an endless loop (probably worth another bug
report...)

Doing a "git bisect" shows that this commit:
https://github.com/qemu/qemu/commit/7c4ee5bcc introduced the problem.

It might be a simple logic (subtraction in the wrong direction?) or
sign-ness error: Adding some logging (to v2.10.1)


shows this output:

$  x86_64-linux-user/qemu-x86_64 /usr/bin/cat /proc/self/auxv | wc -c
18446744073709551264
-352
0

And 352 could be the expected length.

** Affects: qemu
     Importance: Undecided
         Status: New

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 9b6364a..49285f9 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -7469,6 +7469,9 @@ static int open_self_auxv(void *cpu_env, int fd)
     abi_ulong len = ts->info->auxv_len;
     char *ptr;
 
+    gemu_log(TARGET_ABI_FMT_lu"\n", len);
+    gemu_log(TARGET_ABI_FMT_ld"\n", len);
+
     /*
      * Auxiliary vector is stored in target process stack.
      * read in whole auxv vector and copy it to file