From patchwork Thu Mar 5 21:05:34 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tobias Koch X-Patchwork-Id: 1249888 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nonterra.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=nonterra01.onmicrosoft.com header.i=@nonterra01.onmicrosoft.com header.a=rsa-sha256 header.s=selector2-nonterra01-onmicrosoft-com header.b=ESEy+YC2; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 48YNbG31nTz9sP7 for ; Fri, 6 Mar 2020 08:06:34 +1100 (AEDT) Received: from localhost ([::1]:56250 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1j9xhQ-0000Qb-BG for incoming@patchwork.ozlabs.org; Thu, 05 Mar 2020 16:06:32 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:49743) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1j9xgo-0000Ek-1X for qemu-devel@nongnu.org; Thu, 05 Mar 2020 16:05:55 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1j9xgm-0003KJ-TK for qemu-devel@nongnu.org; Thu, 05 Mar 2020 16:05:53 -0500 Received: from mail-eopbgr140082.outbound.protection.outlook.com ([40.107.14.82]:10550 helo=EUR01-VE1-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1j9xgm-0003IY-HQ for qemu-devel@nongnu.org; Thu, 05 Mar 2020 16:05:52 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gB5TABEBfEPr0167DljB5q62NZRalnweDn2Q9NQLMi2HX9A2aZ8wySaWZ+DAwJooC79rtjye39eMDEwbVJhT7ju8W48nVeV7ejojaa8JFBDw/8dcJaZPBFZeUMyUCkN0v/8z3BCBCB2kZKHc1/rKoWOQVHRFPyUSKX+yyTvbbvYWfnV1QlMIgsSN1z/ABIG5L1gX+8EDgpqN3jvIThxrhIpYsI7TTM1jqTFQxGUtvCoqbB6q24JAK+Xylp3WVAu2Le4LNcp2ePxMIZOEeyFkLTGVA7/vH2XLpdVm8w+Uo0us2rnYAPG2QXRhrJiCAYuf9edJyqsPIzGa6iSFPS7DNg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=A43n3iT9G7mx/l3hbMnLlq12aoiBdIOA6GYBMxcKIeU=; b=HnrMs9bf2zGlm5yzTUUJuZAAeYLSy/k24tVaz+pfLSykgdEVh9SeD0b4/UxE0UvaFlAyMWVxoi5idBbMgBCxHZ3TIPCwVH+5zeN1nRGmxu9mhMGChKcjiMIbt+Z54NNs1I0bAme29J+a2gV/X7vsGYRAxCUw6o+P3vo9vDfB1nxqR8hNQWxMDJAABVr1M7RR3dTOaf8plEDzYbrFQcZZ8zlDlhx70c0IcGnC0acAgYmPP/e8QhG7f8HvIsa39bvU/2tTxSd8lzNAhFTNZZy3Xofqx/hrpEFRWCiNnBRxCT5wzGjJex9V+1USGdOV3RJiNk0QXj8cpHPlwE1EMqe4VQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nonterra.com; dmarc=pass action=none header.from=nonterra.com; dkim=pass header.d=nonterra.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nonterra01.onmicrosoft.com; s=selector2-nonterra01-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=A43n3iT9G7mx/l3hbMnLlq12aoiBdIOA6GYBMxcKIeU=; b=ESEy+YC24q9fQdqn19gSEUzX/7Z7l4YYnum7oYjWi3FzE/hxZw1TtyuG0GYZj6Y/EY4THWfFN2TyOTOS6BQAlSbggrvID4bgvJMdI0l2pryr0SCJpzZyFhYkd+Ak68odqeOz/3WLJJ+YcFfB1WCIxb+9syobmRhsZhBOalnXcsI= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=tobias.koch@nonterra.com; Received: from AM0PR08MB4273.eurprd08.prod.outlook.com (20.179.35.80) by AM0PR08MB5347.eurprd08.prod.outlook.com (52.132.212.137) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2793.16; Thu, 5 Mar 2020 21:05:49 +0000 Received: from AM0PR08MB4273.eurprd08.prod.outlook.com ([fe80::7163:372d:fd4c:812a]) by AM0PR08MB4273.eurprd08.prod.outlook.com ([fe80::7163:372d:fd4c:812a%5]) with mapi id 15.20.2772.019; Thu, 5 Mar 2020 21:05:49 +0000 From: Tobias Koch To: qemu-devel@nongnu.org Subject: [PATCH] linux-user: mremap fails with EFAULT if address range overlaps with stack guard Date: Thu, 5 Mar 2020 22:05:34 +0100 Message-ID: <20200305210534.28392-1-tobias.koch@nonterra.com> X-Mailer: git-send-email 2.20.1 X-ClientProxiedBy: FRYP281CA0016.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10::26) To AM0PR08MB4273.eurprd08.prod.outlook.com (2603:10a6:208:144::16) MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from build.nonterra.com (46.4.103.172) by FRYP281CA0016.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2793.11 via Frontend Transport; Thu, 5 Mar 2020 21:05:49 +0000 X-Mailer: git-send-email 2.20.1 X-Originating-IP: [46.4.103.172] X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 8684050e-41aa-4e8b-d8d5-08d7c148fb47 X-MS-TrafficTypeDiagnostic: AM0PR08MB5347: X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:1751; X-Forefront-PRVS: 03333C607F X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(39830400003)(376002)(396003)(366004)(346002)(136003)(189003)(199004)(1076003)(508600001)(44832011)(86362001)(5660300002)(55236004)(956004)(2616005)(4326008)(52116002)(186003)(16526019)(26005)(316002)(6916009)(7696005)(6486002)(81166006)(81156014)(8676002)(2906002)(8936002)(6666004)(36756003)(66476007)(66946007)(66556008)(41780200001); DIR:OUT; SFP:1101; SCL:1; SRVR:AM0PR08MB5347; H:AM0PR08MB4273.eurprd08.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; Received-SPF: None (protection.outlook.com: nonterra.com does not designate permitted sender hosts) X-MS-Exchange-SenderADCheck: 1 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Ii8Ae43ReM7TQItU96S/tppnMjp93fsd50jID8Nbg/qIYHHOnzWb/gcrpYMyuq+5SuWK6aTwrE2h6a+Z0Ee073efhx2oFbpE7DCx6CFlNoVz4Zgr9rkoF3jVXufPcgIBksHy06rjZz3gVn33MGhygF6QLF52QQBVyyp/G7UvSAhexE7VjLlHg+op8Plcy4UY+RQ9grPI797PRB+nVIiL+1D1XQEkVrGlCYg6/zdzJS/2HPCKqL37b4cXwIKRxSIEI9gdJlJPBjEd7Y7Hg5XZzd82ge5ouphxgK8PONgrudfE/ank7XTImDfnze7ODfrN0Ix3PLwvZSBoGObxUtSGc5XzrPU63QAhR7jOCbgN52Wct+Avq6AUkDtJt5hxBwYOrsagYMHi9eNA7YPYDzJi1eGlgzq5wgyAaKoRevjT883rMo5jV6Z/KrgUycTxwGjtWCwjH7PGB/RoM8cVvjYQ3K308lTVbSQFMVQZ0csA5lcyfvRYV/+VlLlJLnsBTf1K X-MS-Exchange-AntiSpam-MessageData: t/lP2P2T1SxKgL3HDk63e5WLc00MwLtzGUiHXUkB2RvgTLAm8v7EbMGwsMC3cNTWxkYZUcSyBtlEABZlNsrGqOXfpwix0OfXX60hCdZSec9c6+ZyKpHWsIHtpgyT3e8cGI68ywxmUIWEVAJPbvEJzg== X-OriginatorOrg: nonterra.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8684050e-41aa-4e8b-d8d5-08d7c148fb47 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Mar 2020 21:05:49.6269 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 76ec9478-ab84-4eac-917c-c1a3242376a3 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: UqtgiianHCeqyK+tNwqLxmzcyBIAwUD3RCS5yQDIlffCDM0zcC7DKvIabwCxLRS6MYYfUzn6qu0MWmEcSc1peY1IHpBihgr/6NvUhrWgeOk= X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR08MB5347 X-detected-operating-system: by eggs.gnu.org: Windows NT kernel [generic] [fuzzy] X-Received-From: 40.107.14.82 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: riku.voipio@iki.fi Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" If the address range starting at old_address overlaps with the stack guard it is invalid and mremap must fail with EFAULT. The musl c library relies on this behavior to detect the stack size, which it does by doing consecutive mremaps until it hits the stack guard. Without this patch, software (such as the Ruby interpreter) that calls pthread_getattr_np under musl will crash on 32 bit targets emulated on a 64 bit host. Signed-off-by: Tobias Koch --- linux-user/mmap.c | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/linux-user/mmap.c b/linux-user/mmap.c index 8685f02e7e..62cddbd072 100644 --- a/linux-user/mmap.c +++ b/linux-user/mmap.c @@ -651,6 +651,12 @@ int target_munmap(abi_ulong start, abi_ulong len) return ret; } +#ifdef TARGET_HPPA +#define STACK_GROWS_DOWN 0 +#else +#define STACK_GROWS_DOWN 1 +#endif + abi_long target_mremap(abi_ulong old_addr, abi_ulong old_size, abi_ulong new_size, unsigned long flags, abi_ulong new_addr) @@ -665,6 +671,26 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong old_size, return -1; } + /* Check that we're not overlapping with the stack guard. */ + if (reserved_va) { + abi_ulong guard_size, guard_start; + + guard_size = TARGET_PAGE_SIZE < qemu_real_host_page_size ? + qemu_real_host_page_size : TARGET_PAGE_SIZE; + + if (STACK_GROWS_DOWN) { + guard_start = reserved_va - guest_stack_size - guard_size; + } else { + guard_start = reserved_va - guard_size; + } + + if (guard_start < old_addr + old_size && + old_addr < guard_start + guard_size) { + errno = EFAULT; + return -1; + } + } + mmap_lock(); if (flags & MREMAP_FIXED) {