Re: [Qemu-devel] [PATCH 0/6] Multi-level page tables and userland mapping fixes, v3

[Jan-Simon Möller]

Am Montag, 15. März 2010 15:48:03 schrieb Riku Voipio:
> On Mon, Mar 15, 2010 at 01:46:10PM +0100, Jan-Simon Möller wrote:
> > We're still investigating the topic. So far, we tracked one failure down
> > to ldconfig.real which is a static arm binary executed after the chroot
> > got the basic packages installed. If we setup a chroot with an older
> > qemu-arm and exchange it afterwards with the new qemu and rerun just the
> > build step, it works. Thus it seems to be an issue with static arm
> > binaries atm.
> >
> > Strace of a call of ldconfig.real with the qemu-arm failing:
> >
> > http://pastie.org/870189
> >
> > Sort version:
> >
> > address@hidden:/# qemu-arm -strace /sbin/ldconfig.real
> > 16359 uname(0x403fef78) = 0
> > 16359 brk(NULL) = 0x000a9000
> > 16359 brk(0x000a9d08) = 0x000a9d08
> > 16359 open("/dev/urandom",O_RDONLY) = 3
> > 16359 read(3,0x403ff27d,3) = 3
> > 16359 close(3) = 0
> > [...]
> > 16359 stat64("/usr/lib/libgettextlib.so",0x403fdf28) = 0
> > 16359 stat64("/usr/lib/libgettextpo.so.0",0x403fdec0) = 0
> > 16359 stat64("/usr/lib/libgettextpo.so.0.4.0",0x403fdf28) = 0
> > 16359 stat64("/usr/lib/libpython2.6.so.1.0",0x403fdec0) = 0
> > 16359 stat64("/usr/lib/libpython2.6.so.1.0",0x403fdf28) = 0
> > 16359 open("/etc/ld.so.cache~",O_WRONLY|O_CREAT|O_NOFOLLOW|O_TRUNC,0600)
> > = 3 16359 write(3,0xb03d0,1288) = 1288
> > 16359 write(3,0x403ff0a0,0) = -1 errno=14 (Bad address)
> 
> A zero sized write. According to manpage ok.
> 
> In qemu we do a lock_user to to get the string to write. Richards change
>  changes the access checks the get called by lock_user:
> 
> page_check_range:
> 
> -    if (start + len < start)
> -        /* we've wrapped around */
> ...
> +    if (start + len - 1 < start) {
> +        /* We've wrapped around.  */
> 
> This now blows up with len = 0;

Confirmed. A quick test with  if (len > 0) around and ldconfig.real runs.

Best,
Jan-Simon