[PATCH v1 14/14] linux-user: detect overflow of MAP

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH v1 14/14] linux-user: detect overflow of MAP_FIXED mmap

From:	Alex Bennée
Subject:	[PATCH v1 14/14] linux-user: detect overflow of MAP_FIXED mmap
Date:	Fri, 5 Jun 2020 16:49:29 +0100

Relaxing the restrictions on 64 bit guests leads to the user being
able to attempt to map right at the edge of addressable memory. This
in turn lead to address overflow tripping the assert in page_set_flags
when the end address wrapped around.

Detect the wrap earlier and correctly -ENOMEM the guest (in the
reported case LTP mmap15).

Fixes: 7d8cbbabcb
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
---
 linux-user/mmap.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/linux-user/mmap.c b/linux-user/mmap.c
index e3780337974..2e05bd499e6 100644
--- a/linux-user/mmap.c
+++ b/linux-user/mmap.c
@@ -467,7 +467,7 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int 
prot,
          * It can fail only on 64-bit host with 32-bit target.
          * On any other target/host host mmap() handles this error correctly.
          */
-        if (!guest_range_valid(start, len)) {
+        if (end < start || !guest_range_valid(start, len)) {
             errno = ENOMEM;
             goto fail;
         }
-- 
2.20.1

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH v1 02/14] scripts/clean-includes: Mark 'qemu/qemu-plugin.h' as special header, (continued)
- [PATCH v1 02/14] scripts/clean-includes: Mark 'qemu/qemu-plugin.h' as special header, Alex Bennée, 2020/06/05
- [PATCH v1 01/14] qemu-plugin.h: add missing include <stddef.h> to define size_t, Alex Bennée, 2020/06/05
- [PATCH v1 05/14] .travis.yml: allow failure for unreliable hosts, Alex Bennée, 2020/06/05
- [PATCH v1 03/14] tests/plugin: correctly honour io_count, Alex Bennée, 2020/06/05
- [PATCH v1 06/14] .shippable: temporaily disable some cross builds, Alex Bennée, 2020/06/05
  - Re: [PATCH v1 06/14] .shippable: temporaily disable some cross builds, Philippe Mathieu-Daudé, 2020/06/05
- [PATCH v1 08/14] tests/docker: fix pre-requisite for debian-tricore-cross, Alex Bennée, 2020/06/05
- [PATCH v1 10/14] hw/virtio/vhost: re-factor vhost-section and allow DIRTY_MEMORY_CODE, Alex Bennée, 2020/06/05
- [PATCH v1 09/14] docker: update Ubuntu to 20.04, Alex Bennée, 2020/06/05
- [PATCH v1 12/14] linux-user: deal with address wrap for ARM_COMMPAGE on 32 bit, Alex Bennée, 2020/06/05
- [PATCH v1 14/14] linux-user: detect overflow of MAP_FIXED mmap, Alex Bennée <=
  - Re: [PATCH v1 14/14] linux-user: detect overflow of MAP_FIXED mmap, Philippe Mathieu-Daudé, 2020/06/05
- [PATCH v1 13/14] tests/tcg: add simple commpage test case, Alex Bennée, 2020/06/05
- [PATCH v1 07/14] iotests: 194: wait migration completion on target too, Alex Bennée, 2020/06/05
- [PATCH v1 11/14] linux-user: provide fallback pgd_find_hole for bare chroots, Alex Bennée, 2020/06/05
- Re: [PATCH v1 00/14] various fixes for next PR (testing, vhost, guest_base fixes), Eric Blake, 2020/06/05
- Re: [PATCH v1 00/14] various fixes for next PR (testing, vhost, guest_base fixes), no-reply, 2020/06/05
- Re: [PATCH v1 00/14] various fixes for next PR (testing, vhost, guest_base fixes), Thomas Huth, 2020/06/07
  - Re: [PATCH v1 00/14] various fixes for next PR (testing, vhost, guest_base fixes), Alex Bennée, 2020/06/08

Prev by Date: [PATCH v1 12/14] linux-user: deal with address wrap for ARM_COMMPAGE on 32 bit
Next by Date: [PATCH v1 13/14] tests/tcg: add simple commpage test case
Previous by thread: [PATCH v1 12/14] linux-user: deal with address wrap for ARM_COMMPAGE on 32 bit
Next by thread: Re: [PATCH v1 14/14] linux-user: detect overflow of MAP_FIXED mmap
Index(es):
- Date
- Thread