[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 13/18] linux-user: init_guest_space: Correctly handle
|
From: |
Laurent Vivier |
|
Subject: |
[Qemu-devel] [PULL 13/18] linux-user: init_guest_space: Correctly handle guest_start in commpage initialization |
|
Date: |
Tue, 13 Mar 2018 18:33:50 +0100 |
From: Luke Shumaker <address@hidden>
init_guest_commpage needs to check if the mapped space, which ends at
real_start+real_size overlaps with where it needs to put the commpage,
which is (assuming sane qemu_host_page_size) guest_base + 0xffff000, where
guest_base is real_start - guest_start.
[guest_base][ 0xffff0000 ][commpage]
[guest_base][guest_start][real_size] [commpage]
[ real_start ][real_size] [commpage]
^
fail if this gap < 0
Since init_guest_commpage wants to do everything relative to guest_base
(rather than real_start), it obviously needs to be comparing 0xffff0000
against guest_start+real_size, not just real_size.
This bug has been present since 806d102141b99d4f1e55a97d68b7ea8c8ba3129f in
2012, but guest_start is usually 0, and prior to v2.11 real_size was
usually much smaller than 0xffff0000, so it was uncommon for it to have
made a difference.
Signed-off-by: Luke Shumaker <address@hidden>
Message-Id: <address@hidden>
Reviewed-by: Peter Maydell <address@hidden>
Signed-off-by: Laurent Vivier <address@hidden>
---
linux-user/elfload.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index dcdd756908..feecbd4163 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -1856,7 +1856,7 @@ unsigned long init_guest_space(unsigned long host_start,
#if defined(TARGET_ARM) && !defined(TARGET_AARCH64)
/* On 32-bit ARM, we need to also be able to map the commpage. */
int valid = init_guest_commpage(real_start - guest_start,
- real_size);
+ real_size + guest_start);
if (valid == 1) {
break;
} else if (valid == -1) {
--
2.14.3
- [Qemu-devel] [PULL 08/18] linux-user: drop unused target_msync function, (continued)
- [Qemu-devel] [PULL 08/18] linux-user: drop unused target_msync function, Laurent Vivier, 2018/03/13
- [Qemu-devel] [PULL 01/18] linux-user: Drop unicore32 code, Laurent Vivier, 2018/03/13
- [Qemu-devel] [PULL 10/18] linux-user: Use #if to only call validate_guest_space for 32-bit ARM target, Laurent Vivier, 2018/03/13
- [Qemu-devel] [PULL 12/18] linux-user: init_guest_space: Clean up if we can't initialize the commpage, Laurent Vivier, 2018/03/13
- [Qemu-devel] [PULL 17/18] linux-user: init_guest_space: Don't try to align if we'll reject it, Laurent Vivier, 2018/03/13
- [Qemu-devel] [PULL 14/18] linux-user: init_guest_space: Clarify page alignment logic, Laurent Vivier, 2018/03/13
- [Qemu-devel] [PULL 11/18] linux-user: Rename validate_guest_space => init_guest_commpage, Laurent Vivier, 2018/03/13
- [Qemu-devel] [PULL 16/18] linux-user: init_guest_space: Clean up control flow a bit, Laurent Vivier, 2018/03/13
- [Qemu-devel] [PULL 15/18] linux-user: init_guest_commpage: Add a comment about size check, Laurent Vivier, 2018/03/13
- [Qemu-devel] [PULL 18/18] linux-user: init_guest_space: Add a comment about search strategy, Laurent Vivier, 2018/03/13
- [Qemu-devel] [PULL 13/18] linux-user: init_guest_space: Correctly handle guest_start in commpage initialization,
Laurent Vivier <=
- Re: [Qemu-devel] [PULL 00/18] Linux user for 2.12 patches, no-reply, 2018/03/14
- Re: [Qemu-devel] [PULL 00/18] Linux user for 2.12 patches, Peter Maydell, 2018/03/15