From patchwork Mon Jul 17 21:35:40 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Helge Deller X-Patchwork-Id: 1808921 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=gmx.de header.i=deller@gmx.de header.a=rsa-sha256 header.s=s31663417 header.b=ntWj+/cZ; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4R4b5X4M47z20FX for ; Tue, 18 Jul 2023 07:37:20 +1000 (AEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qLVsn-00022y-OY; Mon, 17 Jul 2023 17:35:53 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qLVsm-00022a-80 for qemu-devel@nongnu.org; Mon, 17 Jul 2023 17:35:52 -0400 Received: from mout.gmx.net ([212.227.15.15]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qLVsk-00083e-7G for qemu-devel@nongnu.org; Mon, 17 Jul 2023 17:35:51 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.de; s=s31663417; t=1689629746; x=1690234546; i=deller@gmx.de; bh=JQkQBiVR+OHUGrLq6zEvCE+y8fkagC30PPU3cX2QOLw=; h=X-UI-Sender-Class:From:To:Cc:Subject:Date:In-Reply-To:References; b=ntWj+/cZ9D0Wjn9miATjUVHaIbMuHhqm0T/ORxy5ciILxqShlezeCo8cF43Kbv6ngt+mjf5 r5k5ArKbulpPPTydxuyycVSIxY9mThHcMuYbwAKvuPee7GbIbIIG7l6vJz2z9TdVVJnn9eIDN UTtDdDQxBe2AWFEm7uXN9PcH4c4nU6fER/EqNmEFS3zzFxLZbFaZFg7LL0e4sjyroyXDNtuwz YKelM2CcfXQT9jBzotUP4T/C2ed9YHJxyMcFefUCUU4AHWso129eh3HNCHyob8X4nQ29LWx5X CwphYhdJf6uPa2A5VLbpnwqWXz86dTaXNuRLJ0ZuYzYGhsckzJyw== X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a Received: from p100.fritz.box ([94.134.159.97]) by mail.gmx.net (mrgmx005 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MFKGZ-1qACGh17bl-00FlX6; Mon, 17 Jul 2023 23:35:46 +0200 From: Helge Deller To: Laurent Vivier , qemu-devel@nongnu.org, Michael Tokarev , Richard Henderson Cc: Helge Deller , "Markus F . X . J . Oberhumer" Subject: [PATCH 1/6] Revert "linux-user: Make sure initial brk(0) is page-aligned" Date: Mon, 17 Jul 2023 23:35:40 +0200 Message-ID: <20230717213545.142598-2-deller@gmx.de> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230717213545.142598-1-deller@gmx.de> References: <20230717213545.142598-1-deller@gmx.de> MIME-Version: 1.0 X-Provags-ID: V03:K1:DtSMRM0qakslN7G4lyg91Dw7hyrIv2K8x0rZfPO/5t9+zRVJfbw wk+c8O13xTZmAIzJV8ddthDmvLVU4ErjY75TjxLFF3fFIlFxY6R7kLzezCS+kdT1XfnpcTS 0MeMvkmoGwkbJdNTknYq6QJhmTUormo1q76Cgsqr/oN/5iWtJUIqQGGrtUVKTFUKiSV7ATq +RhjPsQeuhOqQvzUakHnQ== UI-OutboundReport: notjunk:1;M01:P0:e3ElbqU2R8o=;EAcRZ6I+7so4Ju35AMber7XT+PK 3Fj5x8g8E23CGdNPGVihC3/sH80IQiFl96hsJzL+1bkvp7ittv19ITyI8oHaVJYpBNN3EZ4V6 RgVr6832yiaf3TvbBzIqCleV3NtkRaSDQPNejOjIj2w2SBS2aiLQkEBASDz19evHTy9CWuyVf I+U8ZrxeMbqTftSaagnuBAQzfcPf57joZqB7uk/iFWEzm6+Cgz/xH86qPl69kl47a/Vku/KKf LlR3I9HGZ82TPnG9NncTmc1QirgKMfNJWNsVHsKh+dRb+hid/isBVHp1/wGXSpjt4A6RBaRdW 2S43BmmiI2GWN5AvPosQkPHjQlLVKMu/BUH0jXSWiHyB6pa42TONcu/p5YKLpQoxy8+GqvhSF iq0J6hsECgI4w/jMtgVD2/5dIzWROaxaqHX3HwoAyyPF7p6uJC9Ug4vSzRypobFTQKAGeoxVX cynh4SI9jrki15BepdNBb9E4PDkCrD/TlQEB5MekbFplMXllLyP59ClDPdAQy8RpvgWsyDWAq ++BhKjjfZr6QDu77LN/0kLfCxWGGkWtYnV2gBOn/nuthZMdw4vxwFMCh2d163RvgeQNvNlY3B lopyIcZwAx1eAXwn/o8e+sfp/TDNbVGig5sVWkAjOgK0/VU3JGs7W/pTJlWkBnC9QtgMw7Oc2 zu4HuYaOD+LVEzhaSAUO41OgPk0f5XUug7NkO/+uWmw0ZRrF7WozSfbmeIRS9dbqirRI/i9Pt 4b6OWHmzHfEK34i6Z4LvlEtwHk7U9o004BnPHwUhBLcFRBXQFtT51W0UtxY6i/Di28AnvZNLl gxAPwJm7HEk5Wfd8Tlg6n6ZFoQe9Jfr5gkXyMwczk6OVlVAMvalziURbS0wzYNzK0jPG9oxrr D+N8i5FSU7l2je2vihPY0AWxjrnuP5B9u6HGl64lDsixpzfzLvbOlTl8zt+D22Hk5L8KbThZ0 cf1fyorst8ykGZ1odNTKykRiTqk= Received-SPF: pass client-ip=212.227.15.15; envelope-from=deller@gmx.de; helo=mout.gmx.net X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org This reverts commit d28b3c90cfad1a7e211ae2bce36ecb9071086129. It just hides the real bug, and even the Linux kernel may return page-unaligned addresses. Signed-off-by: Helge Deller Tested-by: Markus F.X.J. Oberhumer --- linux-user/syscall.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- 2.41.0 diff --git a/linux-user/syscall.c b/linux-user/syscall.c index c99ef9c01e..b9527ab00f 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -806,7 +806,7 @@ static abi_ulong brk_page; void target_set_brk(abi_ulong new_brk) { - target_brk = TARGET_PAGE_ALIGN(new_brk); + target_brk = new_brk; brk_page = HOST_PAGE_ALIGN(target_brk); } From patchwork Mon Jul 17 21:35:41 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Helge Deller X-Patchwork-Id: 1808917 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=gmx.de header.i=deller@gmx.de header.a=rsa-sha256 header.s=s31663417 header.b=Rgioz8J8; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4R4b4c4DKMz20FX for ; Tue, 18 Jul 2023 07:36:30 +1000 (AEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qLVso-00023l-Qz; Mon, 17 Jul 2023 17:35:54 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qLVsm-00022b-AB for qemu-devel@nongnu.org; Mon, 17 Jul 2023 17:35:52 -0400 Received: from mout.gmx.net ([212.227.15.18]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qLVsk-00083f-7K for qemu-devel@nongnu.org; Mon, 17 Jul 2023 17:35:52 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.de; s=s31663417; t=1689629746; x=1690234546; i=deller@gmx.de; bh=wnRg8SPQ0wYFmJrUrlN+dbul1Q8Xbd63TQUBTBR6cMc=; h=X-UI-Sender-Class:From:To:Cc:Subject:Date:In-Reply-To:References; b=Rgioz8J8CXSE0T7sTG3hxkv/7cIr/snVhBgMYbLFX0r4h0sanUljTRVbDx690CmXgnH/mU0 kNqmry34IWNw6VALXZT7U47JBijn0NUeU8WtxtB8z7eU3PiiSqRP3lQ5CsrnRpU4x/YB9lHjG BrwUwt5wx9dqIw8sCLje7geW90u+1l8ZwTilDNu4yOtnaEE4Af1imbl2fVrO1On/dTSd3STte cYDD+DvMV5oLLQrpn298SIG9WWp/C8/Y2HWMZZWlfjvLcRqu1zKvJeywnpvOZ1qOzElLqljIy p6KdIxM4hZjQVqrwTTwhz4jNSXLGNgjMtlnCg/trrU3efQSMUR/g== X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a Received: from p100.fritz.box ([94.134.159.97]) by mail.gmx.net (mrgmx005 [212.227.17.190]) with ESMTPSA (Nemesis) id 1N2V0H-1pwOY12HBH-013rFm; Mon, 17 Jul 2023 23:35:46 +0200 From: Helge Deller To: Laurent Vivier , qemu-devel@nongnu.org, Michael Tokarev , Richard Henderson Cc: Helge Deller , "Markus F . X . J . Oberhumer" Subject: [PATCH 2/6] linux-user: Fix qemu brk() to not zero bytes on current page Date: Mon, 17 Jul 2023 23:35:41 +0200 Message-ID: <20230717213545.142598-3-deller@gmx.de> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230717213545.142598-1-deller@gmx.de> References: <20230717213545.142598-1-deller@gmx.de> MIME-Version: 1.0 X-Provags-ID: V03:K1:Tv+VDVi0+XYHIjGqDMR9h0kS2ak6KWfpNssCP9EyR02VR2Ir7CM 1f3/xT722ks1JZ3Hgv62jB/TMMTEWi+QQDGfH8DxG/o3GKz4WC7eH0hWj6cNTZ4xUf0paQr E0iEyj457s4RdvNwHTh7pnUNMQbtPeo6oa2Y6z3Hgbzbyd6PFp5iq/QVsNAiHJBQ/PpTztm qTkVDtOBj2ef9YhgLgjhw== UI-OutboundReport: notjunk:1;M01:P0:5NM1riW7inA=;RX5C1JRcdU7etbEyoDpeJBnwZkk PXS0Q+tEKSA0UtJgxBDE0g8EhneDuMqV1SNfFSrkn+Jc1et4dyyneaDQDvyJ9XUedOP5Je7oh A8bP4gy6uIbLqzKE69ZHsccwJ5vxE7vjV1CWE36Uf9tIq1A9hTosWWbAQuFJI0mBM6oISj2wp UHExfKyFJRtpwsfDqnx3WTzo2ME/kiSodN4FjrRZEVTsUKk2jQ8kId5HMClesg+FC+imxXov2 sXqjca+vun2qGvwrGoLujvdCWpxQGuZYIwvLhjl7/LXi2fCAj9OZ7JRXz32sg7NJMv09ayqzb wHs+q3rwqGmrRGaezjvvEnAEXtqrU1JWGC179tZZMx5ePF3V/8flptHZbkTjPs6VV+CInJWNQ rFNAz3s5cw98OF6C0mm0HKKPy9sy0V8eZvPfERJdjqE5agR1yA9Ld2v7hJycaS6vkzJmrXFx4 WojiVAzuPj9+eojC124y6PhST5hXDUF+Bm++vn9MSvkwrmtdDMW8D3OEB7Y21Z0ZZaRR1yUWo Gn3AvPQgNaoDXs6A7tRz7F8PdWD52ogyTNPWRl2zDSq7cQeGKGYUal+NV2Y6K5Y0c5ujFT69u 3W0AaPGw2oADSLD7+hgvjx/CxPiV7P6G0R9Th3dYweoCoHWPubpHmJa08KN5EQL8j29aX+2Fb TgXzsmJvJAkyKBj+wqXgxNjs9dpKiy3SukdHXukFK3bIvatApeMlUD5ngv9nJ1r6cTZhn4Ujc cIkkYLR1e6XkxlXXwnytcI2aDjEBN//vl97pZVIl6B0v2bszC+6ZS0i0PXqZS53nYLFvK66iL ioCK+t07jo0ZgUGmXezmqFUx3Q9C2mWhXJ7lTJx+G7vYroHKxK9MLUQJiMZQu37JaiVChUzOO zSXWFs6gaK5D0iQiYaXn1BXAe/sd3Qfo19gb/6EqIziEQf/6VqI+AuWxb1GKYdHnprHqEOr5a 5/yXbOmw7sKP9uEesj7unc6IyB4= Received-SPF: pass client-ip=212.227.15.18; envelope-from=deller@gmx.de; helo=mout.gmx.net X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org The qemu brk() implementation is too aggressive and cleans remaining bytes on the current page above the last brk address. But some existing applications are buggy and read or write to bytes above their current heap address. On a phyiscal machine this does not trigger any runtime errors (as long as the accesses happen on the same page only) since the Linux kernel allocates only full pages and does no zeroing on already allocated pages. So, fix qemu to behave the same way as the kernel does. Do not touch already allocated pages, and - when running with different page sizes of guest and host - zero out only those memory areas where the host have a bigger page size than the guest. Signed-off-by: Helge Deller Tested-by: Markus F.X.J. Oberhumer Fixes: 86f04735ac ("linux-user: Fix brk() to release pages") Buglink: https://github.com/upx/upx/issues/683 --- linux-user/syscall.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) -- 2.41.0 diff --git a/linux-user/syscall.c b/linux-user/syscall.c index b9527ab00f..f877156ed3 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -829,10 +829,8 @@ abi_long do_brk(abi_ulong brk_val) /* brk_val and old target_brk might be on the same page */ if (new_brk == TARGET_PAGE_ALIGN(target_brk)) { - if (brk_val > target_brk) { - /* empty remaining bytes in (possibly larger) host page */ - memset(g2h_untagged(target_brk), 0, new_host_brk_page - target_brk); - } + /* empty remaining bytes in (possibly larger) host page */ + memset(g2h_untagged(new_brk), 0, new_host_brk_page - new_brk); target_brk = brk_val; return target_brk; } @@ -840,7 +838,7 @@ abi_long do_brk(abi_ulong brk_val) /* Release heap if necesary */ if (new_brk < target_brk) { /* empty remaining bytes in (possibly larger) host page */ - memset(g2h_untagged(brk_val), 0, new_host_brk_page - brk_val); + memset(g2h_untagged(new_brk), 0, new_host_brk_page - new_brk); /* free unused host pages and set new brk_page */ target_munmap(new_host_brk_page, brk_page - new_host_brk_page); @@ -873,7 +871,7 @@ abi_long do_brk(abi_ulong brk_val) * come from the remaining part of the previous page: it may * contains garbage data due to a previous heap usage (grown * then shrunken). */ - memset(g2h_untagged(target_brk), 0, brk_page - target_brk); + memset(g2h_untagged(brk_page), 0, HOST_PAGE_ALIGN(brk_page) - brk_page); target_brk = brk_val; brk_page = new_host_brk_page; From patchwork Mon Jul 17 21:35:42 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Helge Deller X-Patchwork-Id: 1808923 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=gmx.de header.i=deller@gmx.de header.a=rsa-sha256 header.s=s31663417 header.b=hCI1+26p; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4R4b5j0Bs2z20Bh for ; Tue, 18 Jul 2023 07:37:29 +1000 (AEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qLVsp-00024F-Dh; Mon, 17 Jul 2023 17:35:55 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qLVsn-00023E-Ts for qemu-devel@nongnu.org; Mon, 17 Jul 2023 17:35:53 -0400 Received: from mout.gmx.net ([212.227.15.18]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qLVsk-00083g-Gh for qemu-devel@nongnu.org; Mon, 17 Jul 2023 17:35:53 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.de; s=s31663417; t=1689629746; x=1690234546; i=deller@gmx.de; bh=X8cCmtRNuxyGIvbr+KDa1t6PktswG9UGYjkCnXWrFBA=; h=X-UI-Sender-Class:From:To:Cc:Subject:Date:In-Reply-To:References; b=hCI1+26pyuGXwMmn8Z/v9boxMOe5oQPUGQbqPCDwAMGuH0MtysDIRYEY44Cj/aYHrZM4So+ Vi3UWXMkZcKdhu4lMFKYFnZzyecpRYtzNvyYrtvKaW7pd8Gu7M57Ha7Erji8Yxd9Hc/4OwQfh 2SY6aweFRr1GZdtm+p9k9Z0hmiJNnrxZhBNkGs1JbV+cs+EdCloaBkXWhCqQAGKq7RaFngyg9 GhaAV6NggqnJKKpdkpTZYv1dnEKs2Xk/d+sb4KE4Z88nxOc5KWIKi4kbg1Ouecyp8r43ml5Nn VF+JDZZbLl3lNvvOy3ln0NRYnX2YYo8k3UajgUcgrvPZb7FH5jRg== X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a Received: from p100.fritz.box ([94.134.159.97]) by mail.gmx.net (mrgmx005 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MNKm0-1qbWau34tG-00OnwR; Mon, 17 Jul 2023 23:35:46 +0200 From: Helge Deller To: Laurent Vivier , qemu-devel@nongnu.org, Michael Tokarev , Richard Henderson Cc: Helge Deller , "Markus F . X . J . Oberhumer" Subject: [PATCH 3/6] linux-user: Prohibit brk() to to shrink below initial heap address Date: Mon, 17 Jul 2023 23:35:42 +0200 Message-ID: <20230717213545.142598-4-deller@gmx.de> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230717213545.142598-1-deller@gmx.de> References: <20230717213545.142598-1-deller@gmx.de> MIME-Version: 1.0 X-Provags-ID: V03:K1:Ubc9Lmcj//WY4Ix6cMYUFlPU+q2CYCBrth9NzgZhvQXagsA5pow dPba0y5UM7oj2Dx6xH/4Ak9lziS3z5kho1kEEyHMNrDzBwFEdQyoFJqxg/SoMid3vnh44rf imfI7+lJM14ht7amCM5lvbLqtSqWOKzNOkv7cSOllGiRmEQx/DUQmpbSr6RynbN72Kr8oD5 T/WBSl67j+4rpRFOdZDjQ== UI-OutboundReport: notjunk:1;M01:P0:W/2dum31TEQ=;8PjjCIgmrrj4xH3O6/7RVDtP1tn KUzSh10T3q9D3rQppCKpMgE6dWkPVJ8o4A7x5N2jGRofF1zrQZ4HTXJV3DFakjPxLEmxxaDZh FQUgPIUmaLdbwuqbW9rYXDBD2Yd0nBK1BzKErJg/lOhe7Qp6j8njRvZsfXYUcCc+pPgLHrjt0 DqP14N8vZm7JB3MRFuxUTxl0JzohDBD+pph8rxloH8dFWbQp1llxPD04VRYCXl2BzB7ws5JeU 2F9VfsCkekyExBgUHCg8r2SmwUi65qh3etill4LG5vMoPdsvU7tAqKkhjrU9EdAriU3t56Phz FD5o7p6cOuNJpNFlnrgi3JyIOzzUZH+S8Fo5ikSs5isdljzTcI2wMxCKCLO81R7AXsAjOdlM7 CZvHyKmvRe2GCmcmaCK8bTSb8eJWQP0eVRo2Nb6PqZ2jgEKkH9aMa474KtdLuu4oUQJ3FnS3A wsXB04QSV3OI5puG+0+IkRKr8x2ictJw2AjbSbWIWJQ6kk68NbaK6GXw3CeKzKgeLzaajr+zy AJFkTIev7YicvJYhiXgiAIGbZn77KE5TkIFKY9a89NrkDvSHZ8odnl+XNGaOqP3HzRQN/C5rl IyCmDaNag2MHRkm9HMTZ1nrVSlPmZqaIPPzoETPw7xBRGVMVCUrVHWV/p+ohaoqugBl/YSvWn 34g8sHHmmVRvIcLeHbJ+yU/EOfg7QxOwlIqUQ1UR9lCImcc3Me+U7fEOw0qiBLe8pNR282TFq a9dNc2VRjaHJjFmiP6G9L1e8V5uRO5c200XpVfBH7/+z92qSP5IKLm4aOcMsNHuyVI0xb0huz TUSj+43XYz9/c4ObSvJwIJ5eC+DbyGuGhCFu5QqkALmvnELv7d6Mcl2IJ11VWC4IZxTnz2ha/ kupsdOyQfPk54EFH8XY8GV9Hm3LIb2MwvXnDGcBECrF5w8q1RQeoB0awZrDgAJLT88hkN920m EPwwGxPxARaPw5Sosl7kXJ4ADOo= Received-SPF: pass client-ip=212.227.15.18; envelope-from=deller@gmx.de; helo=mout.gmx.net X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Since commit 86f04735ac ("linux-user: Fix brk() to release pages") it's possible for userspace applications to reduce memory footprint by calling brk() with a lower address and free up memory. Before that guest heap memory never was unmapped. But the Linux kernel prohibits to reduce brk() below the initial memory address which is set at startup by the program, while this check was missed in commit 86f04735ac. This patch adds the missing check by storing the initial brk value in initial_target_brk and verify new brk addresses against that value. Tested with the i386 upx binary from https://github.com/upx/upx/releases/download/v4.0.2/upx-4.0.2-i386_linux.tar.xz Signed-off-by: Helge Deller Tested-by: Markus F.X.J. Oberhumer Fixes: 86f04735ac ("linux-user: Fix brk() to release pages") Buglink: https://github.com/upx/upx/issues/683 --- linux-user/syscall.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) -- 2.41.0 diff --git a/linux-user/syscall.c b/linux-user/syscall.c index f877156ed3..92d146f8fb 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -801,12 +801,13 @@ static inline int host_to_target_sock_type(int host_type) return target_type; } -static abi_ulong target_brk; +static abi_ulong target_brk, initial_target_brk; static abi_ulong brk_page; void target_set_brk(abi_ulong new_brk) { target_brk = new_brk; + initial_target_brk = new_brk; brk_page = HOST_PAGE_ALIGN(target_brk); } @@ -824,6 +825,11 @@ abi_long do_brk(abi_ulong brk_val) return target_brk; } + /* do not allow to shrink below initial brk value */ + if (brk_val < initial_target_brk) { + brk_val = initial_target_brk; + } + new_brk = TARGET_PAGE_ALIGN(brk_val); new_host_brk_page = HOST_PAGE_ALIGN(brk_val); From patchwork Mon Jul 17 21:35:43 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Helge Deller X-Patchwork-Id: 1808920 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=gmx.de header.i=deller@gmx.de header.a=rsa-sha256 header.s=s31663417 header.b=kP/IBOBo; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4R4b5X2cMWz20Bh for ; Tue, 18 Jul 2023 07:37:20 +1000 (AEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qLVsq-00024a-0X; Mon, 17 Jul 2023 17:35:56 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qLVsn-00023F-Tt for qemu-devel@nongnu.org; Mon, 17 Jul 2023 17:35:53 -0400 Received: from mout.gmx.net ([212.227.15.19]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qLVsk-00083j-GZ for qemu-devel@nongnu.org; Mon, 17 Jul 2023 17:35:53 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.de; s=s31663417; t=1689629747; x=1690234547; i=deller@gmx.de; bh=SVEf7aN/7yvN3zNDrj1ViH2aOCzxdiVcivng1Q+RCiA=; h=X-UI-Sender-Class:From:To:Cc:Subject:Date:In-Reply-To:References; b=kP/IBOBoESYlWYtWywB22lfkiiqW/Go7tYg7h+t/oBvRSdY3tBfDC+vgnAyVLfaFEmDQ6AR 7y8eP9320uWdkOkjkwro6/xlLj+Ercz/T9RpR1RCYUlwj2uQ4VdpQSUDiAvQY1jk/bDHWEblR aoXdUMj7NfiSCxy1dPyagOvOwq/XjZB1YhDsycHzaybcaWQLHgLkeiLEGzQGwk4DjvPcd/m6g ZhSA3l/9IQ2G6R8QeOIPFzpHNomdOLDbAfPCTiTeozsGPKaC6izZG3Cjme/ek3Ri5vHuYAUxe JO5/4GCoUlVLGtExHmtPs90QRCnSoW0KwJEdFijTQrPL3O86yuLw== X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a Received: from p100.fritz.box ([94.134.159.97]) by mail.gmx.net (mrgmx005 [212.227.17.190]) with ESMTPSA (Nemesis) id 1N8GQs-1pqayw3q52-014AML; Mon, 17 Jul 2023 23:35:46 +0200 From: Helge Deller To: Laurent Vivier , qemu-devel@nongnu.org, Michael Tokarev , Richard Henderson Cc: Helge Deller , "Markus F . X . J . Oberhumer" Subject: [PATCH 4/6] linux-user: Fix signed math overflow in brk() syscall Date: Mon, 17 Jul 2023 23:35:43 +0200 Message-ID: <20230717213545.142598-5-deller@gmx.de> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230717213545.142598-1-deller@gmx.de> References: <20230717213545.142598-1-deller@gmx.de> MIME-Version: 1.0 X-Provags-ID: V03:K1:MIc9Pv/Sd/rhUh2mgW9+pMx7e0VJXG9F6mXc1/V5yrbyCh8Ev4g WaJ7K+vecYXc7zQzPdElr+4O61bCP/5IVBxNA+KxzrnEEopgFgG7YELezLhJUNv5lRdosZH gJRex/MvWxTjEwbuDsCm1Ad8ZTvQU38JXtBKkdRHA4N2FJj/m1xqNfDAXiTZ3CMuwNDQ4Cx z39nWjmROTqyw89hWAdbQ== UI-OutboundReport: notjunk:1;M01:P0:NhOvFUn2Ub4=;Q8T5UU9c8MDCENkm7ua3ldbNbhH 9Fd8mQYoI49WKGb35T23kTKSvYmlRkhlxOQw8ijiAVMjz39rRZK+YWgR3JZcnXhU5Cm1L8PzP UQDDu1L9BZ/0C2Xar/b7uD4uVYIkjhswioMesL5BKK2qoeUEf1K1JYPoTEEJ8ThvuCOQDEEO0 LMNccsXNx08hkYKLkc249mkBim9qmD/2GKRoHRzCj7XGzsd0WDDRk4FlL791OZdcIlfOHkYAN 1hjCvyVc7rBW1y8Dqgs0Ooxx1lMNaKd7lqf5yU62P3gb8B20O/x99R8IptHLft2Rm+QZp1iWr QDV8T7dm4OnXS80UYLSXvZr/jRN7z/dg1G34N5poAtwTMbKQvYeM1+U3CJ9w1XZQzb8wuaXFB q471wqp5ejAL3PUdYUmWEMlbTjz27KbYRO5jTbP8b78a4mIDdGbXl0NlGZN932WJNib0x37Yn /l/G02XQUct9vh4514EV435au6bNC+ecnvEh5CjCIkVPCcv8gOc9Dtce9xuPuTYKtmeqiWzn8 o4okdRJz6Y/gyHaXd+OWISUv0tGG9YhyuZk3fXN+jCmb2oviXbnwlUQbwnzo4j5ylYL9/vftm M7VHp6KlYjd6+UNypuT+HjWJNhXjWIEaiiDJAEc8YM0/HyWM+itjZsIJ3qUZSQ+uyV0RaO2SK Y9BKF6k+ha/Yj+cVIZkKs9IPiksdhY1DaAwPqzrECKFc0SN0SP08lD9hLLadiZchl12YrLN65 Y2ie8EsAPeNF47ZpY868nj6/6/xCvbNvM6b5Vcoy9V3HJlshgkdAYTenFAlXMLcSdWRq4gcAh q8wVsiPrP17/8FNu1bvq+JddjoinIOkNaqL6CSMkoH1V/MOZ8IMuMkiHfZAuSa2er99vUpoG7 V4nqny14kMQjwJa95oSj0X6sWqktVZa4J4gKvLUHY+o301wIt/3dgKO6okh/l7MG2J+HASn7j ZLCGBGYIjpBhlYb4xfgpuG81NfA= Received-SPF: pass client-ip=212.227.15.19; envelope-from=deller@gmx.de; helo=mout.gmx.net X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Fix the math overflow when calculating the new_malloc_size. new_host_brk_page and brk_page are unsigned integers. If userspace reduces the heap, new_host_brk_page is lower than brk_page which results in a huge positive number (but should actually be negative). Fix it by adding a proper check and as such make the code more readable. Signed-off-by: Helge Deller Tested-by: Markus F.X.J. Oberhumer Fixes: 86f04735ac ("linux-user: Fix brk() to release pages") Buglink: https://github.com/upx/upx/issues/683 Tested-by: Markus F.X.J. Oberhumer Reviewed-by: Philippe Mathieu-Daudé --- linux-user/syscall.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) -- 2.41.0 diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 92d146f8fb..aa906bedcc 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -860,12 +860,13 @@ abi_long do_brk(abi_ulong brk_val) * itself); instead we treat "mapped but at wrong address" as * a failure and unmap again. */ - new_alloc_size = new_host_brk_page - brk_page; - if (new_alloc_size) { + if (new_host_brk_page > brk_page) { + new_alloc_size = new_host_brk_page - brk_page; mapped_addr = get_errno(target_mmap(brk_page, new_alloc_size, PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE, 0, 0)); } else { + new_alloc_size = 0; mapped_addr = brk_page; } From patchwork Mon Jul 17 21:35:44 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Helge Deller X-Patchwork-Id: 1808918 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=gmx.de header.i=deller@gmx.de header.a=rsa-sha256 header.s=s31663417 header.b=JSa6iGHn; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4R4b4t6VFrz20Bh for ; Tue, 18 Jul 2023 07:36:46 +1000 (AEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qLVsr-00025M-Mu; Mon, 17 Jul 2023 17:35:57 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qLVsn-00023H-Ul for qemu-devel@nongnu.org; Mon, 17 Jul 2023 17:35:53 -0400 Received: from mout.gmx.net ([212.227.15.15]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qLVsk-00083l-8F for qemu-devel@nongnu.org; Mon, 17 Jul 2023 17:35:53 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.de; s=s31663417; t=1689629747; x=1690234547; i=deller@gmx.de; bh=KUncMKy9WijiQatbHwZfVT1Ov1h903vkxW37+woTdNU=; h=X-UI-Sender-Class:From:To:Cc:Subject:Date:In-Reply-To:References; b=JSa6iGHnqlJozeGNwRDBZEhhJ1V1SIr7jMNtEghclTu946A2ltJ98fBpD9u8U4Xke8xwf4o Brdw/KVnoaGEX6bPPXT8JHvfgbG2lp2vQvgEZ5B7pxy5DBWHOnkSJWbVkZeECIOz7B/0WGAas L2l9U02yimQ5bYGmhxKtO1AMRQnggU8cwZgqADNVVPuLS1KsaFTC6NC6AvaUaQnbkppQW09mW 9wMxY01p9s4qDRMTa98M/dOqbbivdPO4SUiYJxNbioq7XjcKFlhVmDiMxZ/9SJYpKaAFiQRdV HWVVKd36BlWtlqYHgkOidnzwlhZPBjBStd0pfWS35qVEmMp8Eqgg== X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a Received: from p100.fritz.box ([94.134.159.97]) by mail.gmx.net (mrgmx005 [212.227.17.190]) with ESMTPSA (Nemesis) id 1Mj8mV-1pgNpm0Nwj-00fEzk; Mon, 17 Jul 2023 23:35:47 +0200 From: Helge Deller To: Laurent Vivier , qemu-devel@nongnu.org, Michael Tokarev , Richard Henderson Cc: Helge Deller , John Reiser Subject: [PATCH 5/6] linux-user: Fix strace output for old_mmap Date: Mon, 17 Jul 2023 23:35:44 +0200 Message-ID: <20230717213545.142598-6-deller@gmx.de> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230717213545.142598-1-deller@gmx.de> References: <20230717213545.142598-1-deller@gmx.de> MIME-Version: 1.0 X-Provags-ID: V03:K1:wHPIVKXnP5yU6MEZ3dxkwdz/AVdzphvlzmuAE3u3oXCJNK3IYXg MRpyP0rNcirRbBu0JlsSOD16+i8/4j9iDZfKbDAicuXTCD9mn3MDpfWDAUY6cjdEyweWa9S LsBv9NoRgRoy2bJbSMJRn8ykUfCNnmXBjCa6i/XzNjD0J71rtk3VAivNr00Cm+3kq9gde7M RI5G2CWVXSnqmiDTry7Rw== UI-OutboundReport: notjunk:1;M01:P0:+UtD1Q2TZHg=;327xq7DJTB+qQqX2/qHmTLifkvb cPuybQ9tJ721vy3d7v3L0SdcOKgFmkBPgthNDmbj44gF5f4sprTfYUPljOmxs1nmAL2+k4DzO KMJAeI2EKg7a1mHwENRsmpymFKuy3SjUXspqfkrKDt3CX7gYMuSHEqyDlyhahdFB3+q67PAa9 8V5ajJKA1HJzb0YHB7PfQjIGS0tkZFLuuqAYUhRHDX3V2SAvD40dHyk7iBb5nVHBPDX3l7f16 n8H5vX0Ef0WnEQBwBbyi+kfEuPO5CKow8H8eSjmqpAKPvBlEmMoR1BFmxRrO+i4ipBXcuFg3Y uclFXzs5e8znkisWufLH7SFXBrrhmz1Ls7pjvY7tTaF3YYjDKdsfuIFCQqX172GFl8NNre004 zOvPdJUEV2QnKN/GkH17MV2gjKq+5hy/WXzF3gGd3SpLNOT6bHP8FiuT27kTWXca0VTWaGGFr U+xAOj41e0ENLgq1qvdkKFc2nG1B8+fYqJEjX+ZHcwsPppn3ALp3HxyUIUkbLqZYk7iubfV6B FZYUH2m53yDHgI9AfzL2pe6hAwqgpsaELHwRGInOkds3YJjZ5fJJjbUVgK+lapW4WC2lYiGyX K/15+hcA4nRnYHQo14oJTK2bDqab+EL5bJK6wTJX4GGcWwmAEP9eypeQL0M8oP6btXsUYdnfp hiqQXOkHRjWtR6TVZ2EKH0PaFyo0oCwusNzuA6OgEP2EEHVRy1XTSVixKrr6FUdn2dFaSiJgw HG25lvvhk9QHeqcaycrKIvRIZH0oKsHOlxyudjRIXjjvFsT1GjOELAylhMg02jE7ZceoaQ1lj s3Haj7+9eBxwsBJobt2jpBdo2qq3kEA37/FR/G/H90onJboPeAYcMIG7rqqpQKeQHVy6Ro8z1 KnGOrmcq6nxbSHnmkcW0+zG1r4U0ylKP0ZiwiCSTPJuM4By4zBaT+8oPDQntNYHHrSk2NlZfv Uq2LyWyild73bjbGz60QLUHiPqs= Received-SPF: pass client-ip=212.227.15.15; envelope-from=deller@gmx.de; helo=mout.gmx.net X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org The old_mmap syscall (e.g. on i386) hands over the parameters in a struct. Adjust the strace output to print the correct values. Signed-off-by: Helge Deller Reported-by: John Reiser Closes: https://gitlab.com/qemu-project/qemu/-/issues/1760 --- linux-user/strace.c | 49 +++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 45 insertions(+), 4 deletions(-) -- 2.41.0 diff --git a/linux-user/strace.c b/linux-user/strace.c index bbd29148d4..e0ab8046ec 100644 --- a/linux-user/strace.c +++ b/linux-user/strace.c @@ -3767,10 +3767,24 @@ print_utimensat(CPUArchState *cpu_env, const struct syscallname *name, #if defined(TARGET_NR_mmap) || defined(TARGET_NR_mmap2) static void -print_mmap(CPUArchState *cpu_env, const struct syscallname *name, +print_mmap_both(CPUArchState *cpu_env, const struct syscallname *name, abi_long arg0, abi_long arg1, abi_long arg2, - abi_long arg3, abi_long arg4, abi_long arg5) -{ + abi_long arg3, abi_long arg4, abi_long arg5, + bool is_old_mmap) +{ + if (is_old_mmap) { + abi_ulong *v; + abi_ulong argp = arg0; + if (!(v = lock_user(VERIFY_READ, argp, 6 * sizeof(abi_ulong), 1))) + return; + arg0 = tswapal(v[0]); + arg1 = tswapal(v[1]); + arg2 = tswapal(v[2]); + arg3 = tswapal(v[3]); + arg4 = tswapal(v[4]); + arg5 = tswapal(v[5]); + unlock_user(v, argp, 0); + } print_syscall_prologue(name); print_pointer(arg0, 0); print_raw_param("%d", arg1, 0); @@ -3780,7 +3794,34 @@ print_mmap(CPUArchState *cpu_env, const struct syscallname *name, print_raw_param("%#x", arg5, 1); print_syscall_epilogue(name); } -#define print_mmap2 print_mmap +#endif + +#if defined(TARGET_NR_mmap) +static void +print_mmap(CPUArchState *cpu_env, const struct syscallname *name, + abi_long arg0, abi_long arg1, abi_long arg2, + abi_long arg3, abi_long arg4, abi_long arg5) +{ + return print_mmap_both(cpu_env, name, arg0, arg1, arg2, arg3, + arg4, arg5, +#if defined(TARGET_NR_mmap2) + true +#else + false +#endif + ); +} +#endif + +#if defined(TARGET_NR_mmap2) +static void +print_mmap2(CPUArchState *cpu_env, const struct syscallname *name, + abi_long arg0, abi_long arg1, abi_long arg2, + abi_long arg3, abi_long arg4, abi_long arg5) +{ + return print_mmap_both(cpu_env, name, arg0, arg1, arg2, arg3, + arg4, arg5, false); +} #endif #ifdef TARGET_NR_mprotect From patchwork Mon Jul 17 21:35:45 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Helge Deller X-Patchwork-Id: 1808922 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org (client-ip=209.51.188.17; helo=lists.gnu.org; envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=gmx.de header.i=deller@gmx.de header.a=rsa-sha256 header.s=s31663417 header.b=ELoEgTJU; dkim-atps=neutral Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4R4b5Y5TRVz20Bh for ; Tue, 18 Jul 2023 07:37:21 +1000 (AEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qLVsr-00025L-L8; Mon, 17 Jul 2023 17:35:57 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qLVso-00023J-VT for qemu-devel@nongnu.org; Mon, 17 Jul 2023 17:35:54 -0400 Received: from mout.gmx.net ([212.227.15.18]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qLVsk-00083p-NO for qemu-devel@nongnu.org; Mon, 17 Jul 2023 17:35:53 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.de; s=s31663417; t=1689629747; x=1690234547; i=deller@gmx.de; bh=jqdGT+3zMzpTvJDkwwWYOMwSvh7bKZAP0NicUIgUqwU=; h=X-UI-Sender-Class:From:To:Cc:Subject:Date:In-Reply-To:References; b=ELoEgTJUkLzt+kH/9gZ6rgRHl3vocX3kq3rLJzdt2s984ac79RlPn6CpmK+U5hahbk6dKdF hIu/dcnslzpr6MMpUR9k4OTb2SRnfSuGkNGpVi/cS9yjsI9pCLQymfrMf5CbjHaKCF8s5V5qD uIk4ElmDFZxU3zG6v9q7Jr0U6xRXn+fll7QYn3BN5GpVvmL33RIkh+Niysz7R15x34e4lcHnc zcq6HFMrK9vYJLCBIw7peSHE1WpyVgqs4xd62cKq5pGPExJVziyHLc3hBk1+H6dHuVnCAOHM9 z4xtZoc31UapRIJ5056nwjTNDay7O3yuXv++ZO/6ZT6vQwnUlOxw== X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a Received: from p100.fritz.box ([94.134.159.97]) by mail.gmx.net (mrgmx005 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MJmGZ-1qf7EY12oj-00K77A; Mon, 17 Jul 2023 23:35:47 +0200 From: Helge Deller To: Laurent Vivier , qemu-devel@nongnu.org, Michael Tokarev , Richard Henderson Cc: Helge Deller Subject: [PATCH 6/6] linux-user: Fix qemu-arm to run static armhf binaries Date: Mon, 17 Jul 2023 23:35:45 +0200 Message-ID: <20230717213545.142598-7-deller@gmx.de> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230717213545.142598-1-deller@gmx.de> References: <20230717213545.142598-1-deller@gmx.de> MIME-Version: 1.0 X-Provags-ID: V03:K1:biImiLaFmNiZanSayC8FMswgYYfpLL6zfzYnsJcSZSvPwginvgk JM497MLp5Fj+9iFLnsHjaMR/6bUZBSge0uvONhJsRoLviURuBxDBGIUqhvbF0IYXXIDRICu 3MLseDJAdBS3cYTxss4GUJOhnppouU9OFCjFXafSDZxcplo+K2JSMvNJGkxsEjjNLFRWeZu z667qD7+yZ5Lb7GI0b1MA== UI-OutboundReport: notjunk:1;M01:P0:7QbaCM7FUlU=;PvHVaAOv426ohvEF/NZKClMQPrM LVq8fyLFFv5zw5Y7zHHkf16lW5w3uJ0JQzomC/T53I36uEfKAWRso8usowIqbjX5G64JZT1W3 cXRl3YZX3vgPmuhQi+PYcgTOHFWtTjmWjSr8z/xx8UmrgkL4jBdVnPzYuDgocDR04qT0FHYzB 0HpKsB1GyTrSWIaMDI6Ij5BMYR5g5AD+dgzwQep7JsvdZUlEgQwSaB9/gtlx1MDapv2ck5Pm7 4Dtswv45ZHy11E+pKPMKOLMDk8fUhaDcpVCthQh7QKIRl/hiaWYlhyWIwiZPJy8H28ziTpq+s lzKtZSFjtoP0Gz5gtSETeCxLdvQfAYOtdh10dAUMJ4Z+xN+t/I732XLEPtJ+7fdxqVw4VBfqF khl17SETi3CfnCurxx4ibdNKG7UZf/cVL7y1HV/ncgmDpgrAs4C++AD6VPVW1pUgReXzqgqCk zfduvBbh9WiuNLoMTrZ2NHIWtpn3roSReQ/pb5mU5n844gq4FRCMBvODVm3oxGPLxGljTpGnx dL2yPx4ADNjyCbiKevjZgZLRtqmlSWL5INOs2UXYZcyOHUPm0bLDhHsU0m8FNP9tHY4q5IjhQ K44R7XxSq/gEVf4ce7dom5XfL79r2UBKtzlwCJ7SjAbL477GjOnDFGviJVEKKbQKMQ2lBAmCq D/NZqgPro+YN28+4tu+NuJFvN46B5/J4aklEKJURQiwuY1Ywiho7Zv5uBS+ZsHoLo7xD9Ydug 26Q97U6+djx95Wnh6blwn3q+ux+vyfC6bp49JIJQiy6Gj5UJhfqscXkHJPLTCLSpykEcSzN97 uFWOHpYNLq7QxcdquhdSRDNsy0EfxYUDjuv+yEyJ9zZCCCQ1z6JmPlPk6YcaKahJaHVe4ysUF AAgldasvl2EmUwAa2+B9sO5EzaRO7KYcucF0GIzdpVLZoybXEPiODbZEIHEHNaqT5z4HaisM3 Gq0AIQ== Received-SPF: pass client-ip=212.227.15.18; envelope-from=deller@gmx.de; helo=mout.gmx.net X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org qemu-user crashes immediately when running static binaries on the armhf architecture. The problem is the memory layout where the executable is loaded before the interpreter library, in which case the reserved brk region clashes with the interpreter code and is released before qemu tries to start the program. Fix it by ncreasing the brk value to the highest brk value of interpreter or executable. Signed-off-by: Helge Deller Reported-by: Venkata.Pyla@toshiba-tsip.com Closes: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040981 --- linux-user/elfload.c | 7 +++++++ 1 file changed, 7 insertions(+) -- 2.41.0 diff --git a/linux-user/elfload.c b/linux-user/elfload.c index a26200d9f3..94951630b1 100644 --- a/linux-user/elfload.c +++ b/linux-user/elfload.c @@ -3615,6 +3615,13 @@ int load_elf_binary(struct linux_binprm *bprm, struct image_info *info) if (elf_interpreter) { load_elf_interp(elf_interpreter, &interp_info, bprm->buf); + /* + * adjust brk address if the interpreter was loaded above the main + * executable, e.g. happens with static binaries on armhf + */ + if (interp_info.brk > info->brk) { + info->brk = interp_info.brk; + } /* If the program interpreter is one of these two, then assume an iBCS2 image. Otherwise assume a native linux image. */