[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v1 14/14] linux-user: detect overflow of MAP_FIXED mmap
|
From: |
Philippe Mathieu-Daudé |
|
Subject: |
Re: [PATCH v1 14/14] linux-user: detect overflow of MAP_FIXED mmap |
|
Date: |
Fri, 5 Jun 2020 18:16:38 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.5.0 |
On 6/5/20 5:49 PM, Alex Bennée wrote:
> Relaxing the restrictions on 64 bit guests leads to the user being
> able to attempt to map right at the edge of addressable memory. This
> in turn lead to address overflow tripping the assert in page_set_flags
> when the end address wrapped around.
>
> Detect the wrap earlier and correctly -ENOMEM the guest (in the
> reported case LTP mmap15).
>
> Fixes: 7d8cbbabcb
Reported-by: Laurent Vivier <laurent@vivier.eu>
> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
> ---
> linux-user/mmap.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/linux-user/mmap.c b/linux-user/mmap.c
> index e3780337974..2e05bd499e6 100644
> --- a/linux-user/mmap.c
> +++ b/linux-user/mmap.c
> @@ -467,7 +467,7 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int
> prot,
> * It can fail only on 64-bit host with 32-bit target.
> * On any other target/host host mmap() handles this error correctly.
> */
> - if (!guest_range_valid(start, len)) {
> + if (end < start || !guest_range_valid(start, len)) {
> errno = ENOMEM;
> goto fail;
> }
>
- [PATCH v1 01/14] qemu-plugin.h: add missing include <stddef.h> to define size_t, (continued)
- [PATCH v1 01/14] qemu-plugin.h: add missing include <stddef.h> to define size_t, Alex Bennée, 2020/06/05
- [PATCH v1 05/14] .travis.yml: allow failure for unreliable hosts, Alex Bennée, 2020/06/05
- [PATCH v1 03/14] tests/plugin: correctly honour io_count, Alex Bennée, 2020/06/05
- [PATCH v1 06/14] .shippable: temporaily disable some cross builds, Alex Bennée, 2020/06/05
- [PATCH v1 08/14] tests/docker: fix pre-requisite for debian-tricore-cross, Alex Bennée, 2020/06/05
- [PATCH v1 10/14] hw/virtio/vhost: re-factor vhost-section and allow DIRTY_MEMORY_CODE, Alex Bennée, 2020/06/05
- [PATCH v1 09/14] docker: update Ubuntu to 20.04, Alex Bennée, 2020/06/05
- [PATCH v1 12/14] linux-user: deal with address wrap for ARM_COMMPAGE on 32 bit, Alex Bennée, 2020/06/05
- [PATCH v1 14/14] linux-user: detect overflow of MAP_FIXED mmap, Alex Bennée, 2020/06/05
- Re: [PATCH v1 14/14] linux-user: detect overflow of MAP_FIXED mmap,
Philippe Mathieu-Daudé <=
- [PATCH v1 13/14] tests/tcg: add simple commpage test case, Alex Bennée, 2020/06/05
- [PATCH v1 07/14] iotests: 194: wait migration completion on target too, Alex Bennée, 2020/06/05
- [PATCH v1 11/14] linux-user: provide fallback pgd_find_hole for bare chroots, Alex Bennée, 2020/06/05
- Re: [PATCH v1 00/14] various fixes for next PR (testing, vhost, guest_base fixes), Eric Blake, 2020/06/05
- Re: [PATCH v1 00/14] various fixes for next PR (testing, vhost, guest_base fixes), no-reply, 2020/06/05
- Re: [PATCH v1 00/14] various fixes for next PR (testing, vhost, guest_base fixes), Thomas Huth, 2020/06/07