From nobody Wed May 15 20:05:24 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass  header.i=deller@gmx.de;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=none dis=none)  header.from=gmx.de
ARC-Seal: i=1; a=rsa-sha256; t=1689706446; cv=none;
	d=zohomail.com; s=zohoarc;
	b=Rmur/6q4TIOF4mvgKCr2ihK3Nyuov7mEkuJ+pgENpZ0qg2B9Mifamo0ZvKmU/SG4T0jAPy9Yv5OOxovNx4gVL1a0y0ot0gRHLgregm/77qISFrdQqW2z0N/rydfhC+dX+qgv1bVqdURtP+s6cJdXL3ak7fw8My+calp4LDPzoMY=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1689706446;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=SI/RXbgy4rMYzDtsKSI4n+sFBjjRNA26z0w2I/MhuN0=;
	b=HsOfz0R0Ddt7s/HPRZlUACQFiRwkAwYZAadzUn219z8syzXKWTgXi4QBXrrKZovy1QRMWS3S1mKW8tS41up8xR1ZfE3LjZBWgJM5yOmFTy8TBqHB1Aqjv6zGgAZzzZ8N+EDtW//jiIY4aQBs+63CuTknrLZNrTGfYuLBYylr+vQ=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass  header.i=deller@gmx.de;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<deller@gmx.de> (p=none dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1689706446864897.0182743314242;
 Tue, 18 Jul 2023 11:54:06 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1qLpok-0000vE-TT; Tue, 18 Jul 2023 14:53:02 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <deller@gmx.de>)
 id 1qLpoj-0000um-2D; Tue, 18 Jul 2023 14:53:01 -0400
Received: from mout.gmx.net ([212.227.15.15])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <deller@gmx.de>)
 id 1qLpod-0003O5-45; Tue, 18 Jul 2023 14:53:00 -0400
Received: from p100.fritz.box ([94.134.159.74]) by mail.gmx.net (mrgmx005
 [212.227.17.190]) with ESMTPSA (Nemesis) id 1M5wLZ-1qJKZE3dAh-007XUP; Tue, 18
 Jul 2023 20:52:43 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.de;
 s=s31663417; t=1689706364; x=1690311164; i=deller@gmx.de;
 bh=efVESnAW6H7a8ZymmHelPG4JpfCKaU44b+i4/YpA37k=;
 h=X-UI-Sender-Class:From:To:Cc:Subject:Date:In-Reply-To:References;
 b=TiKGCoq0p9LSPPN6puDPiGgBV/zT+k/L/zBJAmso8cy/EPnMvFAc9Zi0pitJ+1skephS/eh
 nH09tuAKvpvgESfN4L/1ja7ONn8MCNyhHZtuwKity72EE0I7N0Rj9I2+IOJ8kR4RYfKXDuwDE
 SL31jn+m12yKdCNYOyirEd4DRGWfloyWi4YvUwvaIUMgEimt82hxcGBJfjZ0gTajyRDC8ArW8
 W27OGkENoeOgLVCiY0IN+DkU+ufJPytEueJ7vvDlwTVG4irzk0OYA2IGYDcU/FHXHNooez2jp
 Pau3gvIw+FB4CbdHwGMhcx6ihWhINF7AGavPSVETtRD+Xnx+2f6Q==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
From: Helge Deller <deller@gmx.de>
To: Laurent Vivier <laurent@vivier.eu>, qemu-devel@nongnu.org,
 Michael Tokarev <mjt@tls.msk.ru>, Andreas Schwab <schwab@suse.de>,
 Richard Henderson <richard.henderson@linaro.org>
Cc: Helge Deller <deller@gmx.de>,
 "Markus F.X.J. Oberhumer" <markus@oberhumer.com>, qemu-stable@nongnu.org
Subject: [PATCH v2 1/5] linux-user: Fix qemu brk() to not zero bytes on
 current page
Date: Tue, 18 Jul 2023 20:52:37 +0200
Message-ID: <20230718185241.11433-2-deller@gmx.de>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <20230718185241.11433-1-deller@gmx.de>
References: <20230718185241.11433-1-deller@gmx.de>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:26V3d8PsRKflThy3WAo2Ip2YHyW3V+xMCvIF7YDXmeUcC8gaWvf
 FJjpl/V0MyooyejRqwsEclmDI7gFKQX6U1YnheD9/cQ3q8utcld9Re0Is1nMw/u8P4dOJf3
 Rx1cw4mwtNSK/325gx4ydCXEbX1thSDR7yCsTMa9PI5dWNKotrsFZb3epoSNyJ/OJkmK9iG
 Mq1+DQlDym0C63mpYMG1Q==
UI-OutboundReport: notjunk:1;M01:P0:hdFHamfIf6I=;hj5vA0ZCSPVXLsFEAh6DHM3lHzq
 AXPx2mwEEOALCxauIkDpUIoH+JDUnR8B8kz9GV8wyUe23bWbeMntiAESPkRL3Q6sDFaKHMt+L
 pqkdKWCPUYfjPaeGQVRxZIoXseIaJ5Rt8CU0oB9CAHbby7sv9vDhmh2JTOb111bD4ne6Wc7WS
 9EFyhJB/ljwmfrl7hDjWDfiukIuL1UbzoL4dorJoov2hU5zmlPp+dzD5OYRdlpP9TAT2MyGW1
 ZN6ZivFI3V+7vge6zD3+1endG4J+vQlqXxS1F45pNSz9bPEwPe84dMFyLEY6SasNzJhAVA24f
 cp3FS3FI9c1iC7PONi1ky2zpDyNQvml7HJVqVfKbOWoVxB8h/VeAFwIT5lpjcWkDZ/0h8MXYn
 Am+zfsEQC2hvaEw9ZJUMkQy7wd3vnwspaiS/UcSYC1lnF95dpBUcM6Wa/zLYg+d90nFXoUQOl
 E8wYbvpc3Jr5SduMuK5iyjY/0hHEydMdmCzVID3Q4WGMNeazSelN4TCvFA20U0Xw9UQrXw1HB
 ZneMVBuR2iTYPGebbZA9rZqJAs74gR1TlNWVD4Z2yh5o4wzzL/fjZBK5KmdYRFKk9dmokkool
 iWSNyO6MeRiD18RX8LMQT8kDBWVqDPJBKkhji9GCREUkLpD0CkNn+iE8IWM/xAeyvi3ND2tTY
 Fo5yHNnmeGk7k82suUQ5BC80XMJXNq5/KepqiESJystWi5PHzOHofn/Xe7pchT1xF6gRv/jmE
 UZo+lssKrCrcwyXmETFsJUoZ+RWPDr63x1nFYBjBRqoL2BOOYvqKoZO2xQRN2Z4CilqS9eWJl
 S/d+f71PsOKvGxC7rcC3/Uh0todx9Kcw0JQvWvr5VZFDL5ANnuLR4PZVZWGwFVcP26Z/0aFBK
 Jyeibb2jpFuzt8VuSE8QWx7cCdMF+5JlhFbP5zFpFH1CPkUSEkXjQPDIqzNb2wVR+XeV4E5wz
 KTmCUc2z6pCAfP/3tOTRC7p5nyQ=
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=212.227.15.15; envelope-from=deller@gmx.de;
 helo=mout.gmx.net
X-Spam_score_int: -23
X-Spam_score: -2.4
X-Spam_bar: --
X-Spam_report: (-2.4 / 5.0 requ) BAYES_00=-1.9, DKIM_INVALID=0.1,
 DKIM_SIGNED=0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity deller@gmx.de)
X-ZM-MESSAGEID: 1689706447707100003
Content-Type: text/plain; charset="utf-8"

The qemu brk() implementation is too aggressive and cleans remaining bytes
on the current page above the last brk address.

But some existing applications are buggy and read/write bytes above their
current heap address. On a phyiscal machine this does not trigger a
runtime error as long as the access happens on the same page. Additionally
the Linux kernel allocates only full pages and does no zeroing on already
allocated pages, even if the brk address is lowered.

Fix qemu to behave the same way as the kernel does. Do not touch already
allocated pages, and - when running with different page sizes of guest and
host - zero out only those memory areas where the host page size is bigger
than the guest page size.

Signed-off-by: Helge Deller <deller@gmx.de>
Tested-by: "Markus F.X.J. Oberhumer" <markus@oberhumer.com>
Fixes: 86f04735ac ("linux-user: Fix brk() to release pages")
Cc: qemu-stable@nongnu.org
Buglink: https://github.com/upx/upx/issues/683
---
 linux-user/syscall.c | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index c99ef9c01e..ee54eed33b 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -829,10 +829,8 @@ abi_long do_brk(abi_ulong brk_val)

     /* brk_val and old target_brk might be on the same page */
     if (new_brk =3D=3D TARGET_PAGE_ALIGN(target_brk)) {
-        if (brk_val > target_brk) {
-            /* empty remaining bytes in (possibly larger) host page */
-            memset(g2h_untagged(target_brk), 0, new_host_brk_page - target=
_brk);
-        }
+        /* empty remaining bytes in (possibly larger) host page */
+        memset(g2h_untagged(new_brk), 0, new_host_brk_page - new_brk);
         target_brk =3D brk_val;
         return target_brk;
     }
@@ -840,7 +838,7 @@ abi_long do_brk(abi_ulong brk_val)
     /* Release heap if necesary */
     if (new_brk < target_brk) {
         /* empty remaining bytes in (possibly larger) host page */
-        memset(g2h_untagged(brk_val), 0, new_host_brk_page - brk_val);
+        memset(g2h_untagged(new_brk), 0, new_host_brk_page - new_brk);

         /* free unused host pages and set new brk_page */
         target_munmap(new_host_brk_page, brk_page - new_host_brk_page);
@@ -873,7 +871,7 @@ abi_long do_brk(abi_ulong brk_val)
          * come from the remaining part of the previous page: it may
          * contains garbage data due to a previous heap usage (grown
          * then shrunken).  */
-        memset(g2h_untagged(target_brk), 0, brk_page - target_brk);
+        memset(g2h_untagged(brk_page), 0, HOST_PAGE_ALIGN(brk_page) - brk_=
page);

         target_brk =3D brk_val;
         brk_page =3D new_host_brk_page;
--
2.41.0
From nobody Wed May 15 20:05:24 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass  header.i=deller@gmx.de;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=none dis=none)  header.from=gmx.de
ARC-Seal: i=1; a=rsa-sha256; t=1689706438; cv=none;
	d=zohomail.com; s=zohoarc;
	b=T+PX4Axk4BzOpS8S0UwsP/bKqpU5Sw+1FFv8HOch/UjqWtgoJhLySv60ZvMCFyLK/Z7Gv8I400B3p52zVZImDITAOuQCo0eUYTZQilmN8c+buIpYamx4PHEG9lIFpE3HDGvJEkj7WmNN2drvuxm3sxHttxe3iWMrHNIyDAT8J+Y=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1689706438;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=jMcNmZ9EpHnu0MrJq64cNJjKKWb4zCLiXR9w2sQTCj4=;
	b=FpVao+SZPgIBXdx2PgkZ3VzAUwgZa4m2bE7p4b+YVDiyL9435weOhW1n1+VKzTRzeOcpczkE61ocQsysv4v7Tq8j9jjButHBbxEjE5isty/DBvoYWHo/CjcTlvaaT3WiYzOSyMIyRkppn0CdecqaCpn820BVjh4NTH8eyXg3FpM=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass  header.i=deller@gmx.de;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<deller@gmx.de> (p=none dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1689706438798383.9546945159276;
 Tue, 18 Jul 2023 11:53:58 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1qLpou-0000xQ-ON; Tue, 18 Jul 2023 14:53:12 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <deller@gmx.de>)
 id 1qLpot-0000x2-HN; Tue, 18 Jul 2023 14:53:11 -0400
Received: from mout.gmx.net ([212.227.15.15])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <deller@gmx.de>)
 id 1qLpod-0003O6-5L; Tue, 18 Jul 2023 14:53:11 -0400
Received: from p100.fritz.box ([94.134.159.74]) by mail.gmx.net (mrgmx005
 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MMofW-1qcGCW0Bjo-00Ikqs; Tue, 18
 Jul 2023 20:52:44 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.de;
 s=s31663417; t=1689706364; x=1690311164; i=deller@gmx.de;
 bh=Y2R6dhX3c4Smt/gWWNK5vjxqVT4qS1UdFbVRJHqxeWA=;
 h=X-UI-Sender-Class:From:To:Cc:Subject:Date:In-Reply-To:References;
 b=jS9mtCzJ75znawTzoTZvu/qqUkUuV7VNo09uBqozVKITyHbnJM/gtZTLQJYN07R7pSNaMfJ
 lcYbq8Ec2gnms8b0TBFgw56WOdrSov6Z3ihHYOYJp76KPK29cJuttfoh2SDtZxYLlJt/z9cJz
 pNCME7r3LAIrvmw7a4ArP9N4tdHtt4BWjW9xmEfHBu+0fjjTGLmh7XJnpog1Vc4qn43/vKLdm
 IU7t3MJEQqigKn2nrwaoidVRNh+ofJgTmEie/8kwTBKKWNvAFeExmDXNcjXLq4QtjV9NM01+s
 Fdk3uznQ+Ogr8JW1+u3gDSAGCuDokqR2+oLut3xWvxTwqcEgKd2A==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
From: Helge Deller <deller@gmx.de>
To: Laurent Vivier <laurent@vivier.eu>, qemu-devel@nongnu.org,
 Michael Tokarev <mjt@tls.msk.ru>, Andreas Schwab <schwab@suse.de>,
 Richard Henderson <richard.henderson@linaro.org>
Cc: Helge Deller <deller@gmx.de>,
 "Markus F.X.J. Oberhumer" <markus@oberhumer.com>, qemu-stable@nongnu.org
Subject: [PATCH v2 2/5] linux-user: Prohibit brk() to to shrink below initial
 heap address
Date: Tue, 18 Jul 2023 20:52:38 +0200
Message-ID: <20230718185241.11433-3-deller@gmx.de>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <20230718185241.11433-1-deller@gmx.de>
References: <20230718185241.11433-1-deller@gmx.de>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:bN2rE8OD/IFUXJ4lb2S2+6vORvqJCC9LQmfhUWkR4GzxGLgORyX
 In444UrIfupWtIMKp98xIkv3BGfiT8Xg5/V95Q+z8bkbRVE5iypWzePpTgdC1qptJXQt89H
 wRTAI3PhA0BXbw5Ge1ojwXmB6qcBNdmPfb5Z4SYVKoas63MQcCR2EOmMiQJu3Fc5jg6SCev
 OdDeQassOEcg2iupKQzLg==
UI-OutboundReport: notjunk:1;M01:P0:do2eX0aYYZ8=;c/AlMSPb6/IkqNfagJ9j9mPCo5S
 HqTl7+YGqai0fwuS1GdAoirvECMlvUik3PJ6JGrQwtVmH4VT6UGor2sM1YonI6fBTrG6Kdx3K
 4FUEq39wgxnNmNxUyXQtfD8rJo46oz+rCYOO/8Ngwq+xKa1XkHpkydtkKRDBFfJimGfFf4kxl
 gk1iyoOxHmdEeHL8IZk/yPKvDTeaqyCAEKwjMfchZzwYbKEa4TvG3uReVsrpKpGtPy0rZMS4m
 Lh/IlvDnzNjlIKsykCvaOnOEwTaNcu/IBliBupL35FEJTS0oBnOA6prXOvx/WuS5GrZT3EoH0
 tE5CXO2WH5DVKXKLviYqcqZSGFTTiuLwtjBM/YFMmWEk+XqlXFU8q2DoOdlDHeNHuxaS5x1Pe
 FI4mNM3G34fPG3Lb5cTgt33mhzOik8LEoh45zhByxi7oh23wAEZEkPpA0R7UAao+fLLSIOHbw
 YUTzj9vxWOvIIv0aT5iumK4Og7cJFoZKLrD5RdRUR0cim6os92o/2TPor1VBoElWTPA+RekF2
 lRhr47fw4TiIvMaV5siy2ggtP9GwMiilEVO2Pn/nZ2tMftWYcGOV+t8ZMIMZ6tKzYVOcNvH+R
 5AWLCRtyhRZFZQuvWNNFa64Lw0iRFrDRb1g36wY/CxFyn3ovQymdn5IGs4cCXHhO6z9bhRzZ2
 L85HiywEMa491J1NpcUg2NtA8Od+GHpVYnGvgXHrnxQjroGro2MgZlaHJ/OTFwT5HPnDDsXNo
 rFMFztd/nYYod2I+Z2EfI0oeG4V8fKL8ITqhqtATx9mX5z0NW7SMP6mSmFB872/aoCOWChkTE
 u+xybUQVa0EU0hVPIJ1bRPE+tC92C2hyYmfdqbvQ62YMbX3PoXTkUnYnugJpdxg8hZzlZeviC
 Ad6ZyzXuSXMAmisX1yw7u5LfBIFivY56+Vb8qXtvXZz+zpkeU6TEezPjgeOVLIOnZXGad6Rg5
 oZ6REz7/jn02944pEUq6eHSjkyE=
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=212.227.15.15; envelope-from=deller@gmx.de;
 helo=mout.gmx.net
X-Spam_score_int: -16
X-Spam_score: -1.7
X-Spam_bar: -
X-Spam_report: (-1.7 / 5.0 requ) BAYES_00=-1.9, DKIM_INVALID=0.1,
 DKIM_SIGNED=0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity deller@gmx.de)
X-ZM-MESSAGEID: 1689706440258100007
Content-Type: text/plain; charset="utf-8"

Since commit 86f04735ac ("linux-user: Fix brk() to release pages") it's
possible for userspace applications to reduce their memory footprint by
calling brk() with a lower address and free up memory. Before that commit
guest heap memory was never unmapped.

But the Linux kernel prohibits to reduce brk() below the initial memory
address which is set at startup by the set_brk() function in binfmt_elf.c.
Such a range check was missed in commit 86f04735ac.

This patch adds the missing check by storing the initial brk value in
initial_target_brk and verify any new brk addresses against that value.

Tested with the i386 upx binary from
https://github.com/upx/upx/releases/download/v4.0.2/upx-4.0.2-i386_linux.ta=
r.xz

Signed-off-by: Helge Deller <deller@gmx.de>
Tested-by: "Markus F.X.J. Oberhumer" <markus@oberhumer.com>
Fixes: 86f04735ac ("linux-user: Fix brk() to release pages")
Cc: qemu-stable@nongnu.org
Buglink: https://github.com/upx/upx/issues/683
---
 linux-user/syscall.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index ee54eed33b..125fcbe423 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -801,12 +801,13 @@ static inline int host_to_target_sock_type(int host_t=
ype)
     return target_type;
 }

-static abi_ulong target_brk;
+static abi_ulong target_brk, initial_target_brk;
 static abi_ulong brk_page;

 void target_set_brk(abi_ulong new_brk)
 {
     target_brk =3D TARGET_PAGE_ALIGN(new_brk);
+    initial_target_brk =3D target_brk;
     brk_page =3D HOST_PAGE_ALIGN(target_brk);
 }

@@ -824,6 +825,11 @@ abi_long do_brk(abi_ulong brk_val)
         return target_brk;
     }

+    /* do not allow to shrink below initial brk value */
+    if (brk_val < initial_target_brk) {
+        brk_val =3D initial_target_brk;
+    }
+
     new_brk =3D TARGET_PAGE_ALIGN(brk_val);
     new_host_brk_page =3D HOST_PAGE_ALIGN(brk_val);

--
2.41.0
From nobody Wed May 15 20:05:24 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass  header.i=deller@gmx.de;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=none dis=none)  header.from=gmx.de
ARC-Seal: i=1; a=rsa-sha256; t=1689706438; cv=none;
	d=zohomail.com; s=zohoarc;
	b=UHVUDfNPd0eczhkiliUpJNo7+ZxB0EXOz73NxilvqEn+XQj6XwqzhjQOR+OhYBrZ4PUkpYYyaM0w9vIj7JnsCegbE6gzm1K4Bt0K0pleD2mwcv8YC76UaPbRpd7I2hEV7YNNQrb5a1Il0DtXeOWqo75nDj8x1AmXI6r1dilNhzU=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1689706438;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=kpSWEWJkL0kx+D28TH/y1BLZgvJ4pej8o4fRZm0NbVE=;
	b=kJRFo+n631hYE1sm9ycOWXU7ulo885NzfnkxBNV+gM87WVXov5/E6d1GD9wWEWSo8cJv/4vUDP904i4khUjiOltQWmINq3EvUcxMdwleuK0/azcFNfL+0GjsOiHzPK03p+WrmR39XXKdM6nXsQvUzQK+kXimRKYVlFDZm0+Jv/k=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass  header.i=deller@gmx.de;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<deller@gmx.de> (p=none dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1689706438791728.0887560713417;
 Tue, 18 Jul 2023 11:53:58 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1qLpon-0000wQ-9j; Tue, 18 Jul 2023 14:53:05 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <deller@gmx.de>)
 id 1qLpok-0000v7-M0; Tue, 18 Jul 2023 14:53:02 -0400
Received: from mout.gmx.net ([212.227.15.15])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <deller@gmx.de>)
 id 1qLpod-0003O7-45; Tue, 18 Jul 2023 14:53:02 -0400
Received: from p100.fritz.box ([94.134.159.74]) by mail.gmx.net (mrgmx005
 [212.227.17.190]) with ESMTPSA (Nemesis) id 1N0XCw-1pyVb610r6-00wTJe; Tue, 18
 Jul 2023 20:52:44 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.de;
 s=s31663417; t=1689706364; x=1690311164; i=deller@gmx.de;
 bh=QndR1JShYxuIGvq9fxtuUmSM0VG5DS7IN52I1fXIGAw=;
 h=X-UI-Sender-Class:From:To:Cc:Subject:Date:In-Reply-To:References;
 b=X0uYX//QpGBItdWR8W/nkwxs5l7ohmNYDtnoAs91icp6LNHCZ+U3hMiXPB36WHfIBCicCoW
 rYicHt5hu6Qz/9UuaDcmPuugNyFof+IOkcWk/nx9fR3cUHDBtZ0qX/I9NtdVrttolwjTi/Xej
 aGzHLJXTF3ZY9Zj1XS0kHb5qnmtthhvgzQF12pnvp6yV0WAB39YtRu9ql5sR+LxJnc957vM9C
 wwpQjZ/7lZk6LCXRW8FaBKqriHrbEDVCleXHzPzTOPIp9rVMvel/g/CbGvzPY3gezGI3AtpTb
 BY36DGy0w1H2QS5X8iVNFs4XDIAW2YAfDwMDoAycp1TRDVRLN/GQ==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
From: Helge Deller <deller@gmx.de>
To: Laurent Vivier <laurent@vivier.eu>, qemu-devel@nongnu.org,
 Michael Tokarev <mjt@tls.msk.ru>, Andreas Schwab <schwab@suse.de>,
 Richard Henderson <richard.henderson@linaro.org>
Cc: Helge Deller <deller@gmx.de>,
 "Markus F.X.J. Oberhumer" <markus@oberhumer.com>,
 =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>,
 qemu-stable@nongnu.org
Subject: [PATCH v2 3/5] linux-user: Fix signed math overflow in brk() syscall
Date: Tue, 18 Jul 2023 20:52:39 +0200
Message-ID: <20230718185241.11433-4-deller@gmx.de>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <20230718185241.11433-1-deller@gmx.de>
References: <20230718185241.11433-1-deller@gmx.de>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:FnEnS4MBuGuiyF5GalAz3XXr5XaQc9V2PMWB++QvF4nd3A4IcYe
 NiYT6YW/d/GDgFl0pbRByz2AvJtUt59mBBaK5WUbcqf07RWEMhsymJMv7GBM4qMpNqicyow
 LGhInJ9oumkM2q4otlUTFBKRqkwBIJmlyUf9dFXJaFiSGePCVUdQQ1og7YagBZ7nj8Y3Ojb
 Mu4Ky1KGEQ6umqtQy/kig==
UI-OutboundReport: notjunk:1;M01:P0:V3TWnA8EgoE=;b/RECnGFcxMgtjc/zTdT6BAzQAw
 Kc46MX0uWHYdWClE9KnKkCpC9pDgq74MhXpPAFdHMeso6jpS39OjbD87blgVwamR0fhk6MTnf
 h3Jm81vEfiP/414FXCvZOdXAr2h/F5QHFeJeseu95uT2DICr9/7BNafrLc3B1xYF/UMUbsXf0
 APbJvSvEqvA694LBOEVbQg0a4EeyvlAuCIHAPl3uv/6kRPJXnH3ONndKFJMH/fjauCP/77l3L
 lGvIy664dZHVgjd+qkXMQl/g7oi5ul35KlCVeJ1Lm8+Gqo2efe+ynAa4OnknOqJXnGoKL2Y3x
 2RNkWs4oq8wMwnS9de555WVIDXmSxmcFamn7E30IFykv9YBQQI+P4DINKSDUKr9oAs6AAeJYb
 H3Y+RitGCRPzkQGSqXnVJ7u7/N2PlXbvWGfBjCLh4gNseXGT6gljlWb/7MgcgZaWviYrR9NRg
 VkxVcCKmut+sNM5Ng+KrrxSflrDqXSAAdMBCQ8U7KSMxx4RH0nJg9ot3fGAHgIUuPTeEh3/XN
 Wl1LmBXrLX6PADFbHR1zoHNR9fhQl4/coy0k81TbuSQm79s0q590UfKvXCJyrOK043x206vKH
 6CH5GoXSFjtLG0RErVKqrh8bwjk1yiXRBqTQ2heiBiVy6jU9VJkzukWmkwpuxF5ZOBavqdy7u
 2VADMDaR8JjrxbbJ5wzGpEDxeYt0Xs8GjdE57HCf195fpUIR8R4ZVeu3Yiv8rpHux17dEkh72
 3jNdDGzPqnbmu2cLcFLJ/YqzfbsOAgUFcu+b6EgiRo0L9L/6SxLdbrqmGmNUc6tPO/DHHqMta
 R6eecw1zcr08nWskzH9zfM1w8MxW2BWnaViLbSEQY9HslQYHoSpkLLrwu3RwaQssEOrNLnOKE
 WflomhezPkJUkQtHshXKUupWoXFJn1sVm/JxyiFKemT4yPgkGiMA2zr0eM4kszbsrAia//pHj
 qAR5w28nZJP+QtQpmRjyKq24IH4=
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=212.227.15.15; envelope-from=deller@gmx.de;
 helo=mout.gmx.net
X-Spam_score_int: -23
X-Spam_score: -2.4
X-Spam_bar: --
X-Spam_report: (-2.4 / 5.0 requ) BAYES_00=-1.9, DKIM_INVALID=0.1,
 DKIM_SIGNED=0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity deller@gmx.de)
X-ZM-MESSAGEID: 1689706440261100008
Content-Type: text/plain; charset="utf-8"

Fix the math overflow when calculating the new_malloc_size.

new_host_brk_page and brk_page are unsigned integers. If userspace
reduces the heap, new_host_brk_page is lower than brk_page which results
in a huge positive number (but should actually be negative).

Fix it by adding a proper check and as such make the code more readable.

Signed-off-by: Helge Deller <deller@gmx.de>
Tested-by: "Markus F.X.J. Oberhumer" <markus@oberhumer.com>
Reviewed-by: Philippe Mathieu-Daud=C3=A9 <philmd@linaro.org>
Fixes: 86f04735ac ("linux-user: Fix brk() to release pages")
Cc: qemu-stable@nongnu.org
Buglink: https://github.com/upx/upx/issues/683
---
 linux-user/syscall.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 125fcbe423..95727a816a 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -860,12 +860,13 @@ abi_long do_brk(abi_ulong brk_val)
      * itself); instead we treat "mapped but at wrong address" as
      * a failure and unmap again.
      */
-    new_alloc_size =3D new_host_brk_page - brk_page;
-    if (new_alloc_size) {
+    if (new_host_brk_page > brk_page) {
+        new_alloc_size =3D new_host_brk_page - brk_page;
         mapped_addr =3D get_errno(target_mmap(brk_page, new_alloc_size,
                                         PROT_READ|PROT_WRITE,
                                         MAP_ANON|MAP_PRIVATE, 0, 0));
     } else {
+        new_alloc_size =3D 0;
         mapped_addr =3D brk_page;
     }

--
2.41.0
From nobody Wed May 15 20:05:24 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass  header.i=deller@gmx.de;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=none dis=none)  header.from=gmx.de
ARC-Seal: i=1; a=rsa-sha256; t=1689706485; cv=none;
	d=zohomail.com; s=zohoarc;
	b=U5gG7yHk1xBMk3rxxLHLBdQd9pgevF/XYQCuRNmWhPI5QvaP1a9phLTcCh0Ol2YLu01gkleUMa9h7JjDJV/IIuAWysj0GOf1YCOhTOYkZeF8CkWIiRLcOI9O9YK+Pu/vdOpaROEb1otec4mTTgjUxPv61847wFpYVjk1fzfvJwQ=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1689706485;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=V2JADnpak0J0rJ2Fobuqmy8VQrQFsIkAhtS0MAuheg8=;
	b=C/0zIPNgVDwDLJRb+dli4AV6Dao3o0m2zoUK3Y1kFpoJ5MtLp4nzCo6HakoH8pQUVt3XjQY6SD5J2acA4Bvl/JWq4cZc0dTsib96jSm8VPU3OmREFOSg24Pl8HKnR2c1SG6jsD3Dm2TQeK85mGP6TL8003uhuJeCIlyxsXnqBd0=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass  header.i=deller@gmx.de;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<deller@gmx.de> (p=none dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1689706485641879.2225400090639;
 Tue, 18 Jul 2023 11:54:45 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1qLpod-0000tS-4W; Tue, 18 Jul 2023 14:52:55 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <deller@gmx.de>) id 1qLpoc-0000sr-9J
 for qemu-devel@nongnu.org; Tue, 18 Jul 2023 14:52:54 -0400
Received: from mout.gmx.net ([212.227.15.19])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <deller@gmx.de>) id 1qLpoZ-0003Nk-6F
 for qemu-devel@nongnu.org; Tue, 18 Jul 2023 14:52:53 -0400
Received: from p100.fritz.box ([94.134.159.74]) by mail.gmx.net (mrgmx005
 [212.227.17.190]) with ESMTPSA (Nemesis) id 1Mi2Jn-1piMBx1rur-00e75H; Tue, 18
 Jul 2023 20:52:44 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.de;
 s=s31663417; t=1689706364; x=1690311164; i=deller@gmx.de;
 bh=GcJX0PwH05RXdjGqj9MYbykoFQSW3eaMaUjhr3sxux0=;
 h=X-UI-Sender-Class:From:To:Cc:Subject:Date:In-Reply-To:References;
 b=Ztl+Q5uUoRHcolJ0kyOVC9lpWiQjlOOC/WnqClUpvrN3IxY9/8DOMzCLnwr1dAxHPaKjw3/
 Vu91QItsoHAiLavxS3KwpQRR9PKRo3h4msra7nUgsHFhPtOmAOVNc2SUEYON77mFhEBhN/Elo
 8svQEYAEnIdURpEiMSJzOQyAC312AqLBsinzP8vRsuf2jFtbUAHnq025PfMMr4pRkK3vlAcDf
 hgjOh+tx3akAqN6EXRICpeExSIy4eTgCMw4fdaYFCSTKcoebUM9vE0pkF3ukillbUyqh8vQBR
 KSAoJRnHzZCXV+K2CtrEg5iAXvwovms0iGm2UiWMhtmUyJiaTSgg==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
From: Helge Deller <deller@gmx.de>
To: Laurent Vivier <laurent@vivier.eu>, qemu-devel@nongnu.org,
 Michael Tokarev <mjt@tls.msk.ru>, Andreas Schwab <schwab@suse.de>,
 Richard Henderson <richard.henderson@linaro.org>
Cc: Helge Deller <deller@gmx.de>,
	John Reiser <jreiser@BitWagon.com>
Subject: [PATCH v2 4/5] linux-user: Fix strace output for old_mmap
Date: Tue, 18 Jul 2023 20:52:40 +0200
Message-ID: <20230718185241.11433-5-deller@gmx.de>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <20230718185241.11433-1-deller@gmx.de>
References: <20230718185241.11433-1-deller@gmx.de>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:0dFX3G0Bd6BSsOP4o7TQN4/V/N++S3lfnco+TNsbJ8h9NXzvxju
 8lB3mb3bl+qO7WODNETNf0CwsEMsPFwiD9Z79+Ax40PR84/NBIE09GEQA1TBaXk2qIKqIBw
 YXyi7vDdloEqfOzgQQAqa6T4HcpuMKQVV0LFcVrXOUl6+q/qtYSO9cvBTKJ7uPuwH7kon94
 7VQpkV3LEjzm+3M8IUNcw==
UI-OutboundReport: notjunk:1;M01:P0:yEey5Un+CoU=;pX/9gPDpN4Wi6iVvXsDDqFdSvAO
 e5mNCiuG3fiESOa9BW/PdoHsDryqJi/F/XuZOvydqdNzPFKyLHL8vDd23BeDEqmgR7jHNrpI+
 VSOMbVpLo+g/f8eJRj0EvePQAfGUuoxDyvf/dYBliVzzUSWA6MrxlChxXtvmclnlLsOBtWb8D
 q5whGVG8emsAgiOIXwTEBPstQ3PSraPSnKFoX3zRTyFbW/30lm5QSq/xWcWS178FGZRWlV8fi
 ueVWyS2JeNxtR+iL97iYf/B3ZiXrFPsts4x+GapRR8fD1XExd/7n565BC9Eq1AtdfBTd2AHWq
 DuF1c+0Ys7JfAiC1A6BtytxRH+hghgDGYFPXrJ4SfbwjaQGWIImS1N/tUSBOYQwc18nYPvXd8
 MjRBeRYUCrGSesabXpP1Iy7D9n3RRvBn/hpNOxbxZBh+RSVr7IfZkvY9uTpALZHQadNrJOVOo
 Vq8FI0bCerhtBZxfH8zK6IGW49UUJII9y0UDB400m5meB8KO0Nsdz1bRzW4VzVnzRcOLcXgY6
 o7DpH2MPb1A0g0wFY3j4NWjpre2ilQDse7oU3RF1vYXFZuNPhDwBaJu5gyd0857D8nR9jcIQQ
 vgGuoR1NIPxwHSJw0nCMgqT6QJyNKW+j4pZo4A8DsB07vfhc1rWzwdhqL8OVVKO9ZABC6dljS
 D5o3uQYJznZXxiM5opUxPeDDvKp9DAqxMWQwgcE4dHFL4A0DJIdSPl2TdpeFrKa2uDxD0Aj+e
 +ajG/ZUAEwPgW8+mNlMcRSjR1iIoz52E41Is6OKFBwRMsS8Y5v8S6a4kcGnn/tmkgL/1ogPET
 xspVY/rkF26xcgRBU7x6DHJ2+WJzlk/geN9KvEH/2XXqXUvUlwvqnslKZ1DJFpm6iBhaeR/yG
 gVg+pg/D7FOUcs0mCpdGYrPevOHDfvPcQpSDaw1Yb7aEMwgaC7HvF0zS+kZGUJ6H65lJwmKyi
 EK9K5k3GgnlCs+VcL8g0nJwnhpQ=
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=212.227.15.19; envelope-from=deller@gmx.de;
 helo=mout.gmx.net
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity deller@gmx.de)
X-ZM-MESSAGEID: 1689706488062100003
Content-Type: text/plain; charset="utf-8"

The old_mmap syscall (e.g. on i386) hands over the parameters in
a struct. Adjust the strace output to print the correct values.

Signed-off-by: Helge Deller <deller@gmx.de>
Reported-by: John Reiser <jreiser@BitWagon.com>
Closes: https://gitlab.com/qemu-project/qemu/-/issues/1760
---
 linux-user/strace.c | 49 +++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 45 insertions(+), 4 deletions(-)

diff --git a/linux-user/strace.c b/linux-user/strace.c
index bbd29148d4..e0ab8046ec 100644
--- a/linux-user/strace.c
+++ b/linux-user/strace.c
@@ -3767,10 +3767,24 @@ print_utimensat(CPUArchState *cpu_env, const struct=
 syscallname *name,

 #if defined(TARGET_NR_mmap) || defined(TARGET_NR_mmap2)
 static void
-print_mmap(CPUArchState *cpu_env, const struct syscallname *name,
+print_mmap_both(CPUArchState *cpu_env, const struct syscallname *name,
            abi_long arg0, abi_long arg1, abi_long arg2,
-           abi_long arg3, abi_long arg4, abi_long arg5)
-{
+           abi_long arg3, abi_long arg4, abi_long arg5,
+           bool is_old_mmap)
+{
+    if (is_old_mmap) {
+            abi_ulong *v;
+            abi_ulong argp =3D arg0;
+            if (!(v =3D lock_user(VERIFY_READ, argp, 6 * sizeof(abi_ulong)=
, 1)))
+                return;
+            arg0 =3D tswapal(v[0]);
+            arg1 =3D tswapal(v[1]);
+            arg2 =3D tswapal(v[2]);
+            arg3 =3D tswapal(v[3]);
+            arg4 =3D tswapal(v[4]);
+            arg5 =3D tswapal(v[5]);
+            unlock_user(v, argp, 0);
+        }
     print_syscall_prologue(name);
     print_pointer(arg0, 0);
     print_raw_param("%d", arg1, 0);
@@ -3780,7 +3794,34 @@ print_mmap(CPUArchState *cpu_env, const struct sysca=
llname *name,
     print_raw_param("%#x", arg5, 1);
     print_syscall_epilogue(name);
 }
-#define print_mmap2     print_mmap
+#endif
+
+#if defined(TARGET_NR_mmap)
+static void
+print_mmap(CPUArchState *cpu_env, const struct syscallname *name,
+           abi_long arg0, abi_long arg1, abi_long arg2,
+           abi_long arg3, abi_long arg4, abi_long arg5)
+{
+    return print_mmap_both(cpu_env, name, arg0, arg1, arg2, arg3,
+                           arg4, arg5,
+#if defined(TARGET_NR_mmap2)
+                            true
+#else
+                            false
+#endif
+                            );
+}
+#endif
+
+#if defined(TARGET_NR_mmap2)
+static void
+print_mmap2(CPUArchState *cpu_env, const struct syscallname *name,
+           abi_long arg0, abi_long arg1, abi_long arg2,
+           abi_long arg3, abi_long arg4, abi_long arg5)
+{
+    return print_mmap_both(cpu_env, name, arg0, arg1, arg2, arg3,
+                           arg4, arg5, false);
+}
 #endif

 #ifdef TARGET_NR_mprotect
--
2.41.0
From nobody Wed May 15 20:05:24 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=pass  header.i=deller@gmx.de;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass(p=none dis=none)  header.from=gmx.de
ARC-Seal: i=1; a=rsa-sha256; t=1689706438; cv=none;
	d=zohomail.com; s=zohoarc;
	b=amNfynQ/EnAu8/4pj/vteSvar8Yj2TIEUObqpA8dOUurlfdA4Xn1SMkzU7LAg8VUUQh1QWk1Zpd2IrFkGPsOeNRwo1yJu8u7nJ9yqhaTiT2VL36WAQaYkwMsE2r7gDnMP6VSZQThNNgsLCXBfxaA0P6QqJSe7E4t6705Go1T4Vk=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1689706438;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=71mnHVUaJuxYRxrxUCN3ZoWqwU62AptCAvu/rAi2Ft4=;
	b=S8OTKG5EPznzSM//dvzKIP5+rVrHtpMWUsSGCcFtgnHOutUXmX5/1wogsw9NrSH05qdMnCAVZrR9o3SdAvQh8Z9YVTzR+J3ubq4TiiaRU1v/B7WCowI1hW9uNPJFQ0GNiBsZfexdKRJryKgBi8RAUTjPH28k62uLByUYxTjeYlQ=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass  header.i=deller@gmx.de;
	spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as
 permitted sender)
  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org;
	dmarc=pass header.from=<deller@gmx.de> (p=none dis=none)
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by
 mx.zohomail.com
	with SMTPS id 1689706438716776.7737801876618;
 Tue, 18 Jul 2023 11:53:58 -0700 (PDT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <qemu-devel-bounces@nongnu.org>)
	id 1qLpod-0000tl-W6; Tue, 18 Jul 2023 14:52:56 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <deller@gmx.de>)
 id 1qLpoc-0000sq-95; Tue, 18 Jul 2023 14:52:54 -0400
Received: from mout.gmx.net ([212.227.15.18])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <deller@gmx.de>)
 id 1qLpoV-0003NN-OH; Tue, 18 Jul 2023 14:52:53 -0400
Received: from p100.fritz.box ([94.134.159.74]) by mail.gmx.net (mrgmx005
 [212.227.17.190]) with ESMTPSA (Nemesis) id 1Mkpav-1peXlT2WoZ-00mMPt; Tue, 18
 Jul 2023 20:52:44 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.de;
 s=s31663417; t=1689706364; x=1690311164; i=deller@gmx.de;
 bh=Rx4B0JKQX5xnCv8PHKKcBOIyM5MzrsGvZF5tbMB77Mo=;
 h=X-UI-Sender-Class:From:To:Cc:Subject:Date:In-Reply-To:References;
 b=eoXHds/vxsoNXrLOVhtylLa9K+yFbiLykAqSXD30UGXYnoqJyiGzYshSo5oQhZStiee86GF
 5HRxFgTQHdHi9agafm197Ru1lgvnO+iRBpEJ76CP5trTyZi23M4C3HeFSUqgA+qUr61M7ZlhR
 NupfoF3/oVOtg4T0fuY+rwYmSfD3bEFFiHv8R+yzOVecVCIktl2kQl/eH7610SU8WNd9CL+ub
 TmvlQOh3xsyafqZc4eM2cutVHJx2QJ/Ii2aku6bNNjCIoU5na+hPe/bPgCTUDJBmfaTnx3IGW
 0J6QiG4yi/6mG0Lfsds0J29EchzHM0886QUWun1HqwFlNiSBeySQ==
X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a
From: Helge Deller <deller@gmx.de>
To: Laurent Vivier <laurent@vivier.eu>, qemu-devel@nongnu.org,
 Michael Tokarev <mjt@tls.msk.ru>, Andreas Schwab <schwab@suse.de>,
 Richard Henderson <richard.henderson@linaro.org>
Cc: Helge Deller <deller@gmx.de>,
	qemu-stable@nongnu.org
Subject: [PATCH v2 5/5] linux-user: Fix qemu-arm to run static armhf binaries
Date: Tue, 18 Jul 2023 20:52:41 +0200
Message-ID: <20230718185241.11433-6-deller@gmx.de>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <20230718185241.11433-1-deller@gmx.de>
References: <20230718185241.11433-1-deller@gmx.de>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:Uu8rxaudrckdKw3xat1fW6YiGzaEPrChCyZVfu4g/Hd7PmEQYQT
 qj3a9Yn8Rr1aoaBpYqZm8NhMGyau4DE/XNyIr4b+7lE5ogncRz0XPNrJBZSfOk8rCPIvT4n
 4GnKMN+cBfZFhdzgPL4rHdEDWaqOFq8V5Tv2WSRyWgfl5L9KGSmmNaO0IqGoT9YuWLhAN6A
 Pvx7TsOiwSFHHdy4Iy3hg==
UI-OutboundReport: notjunk:1;M01:P0:EZd+2tv+q/I=;pU0bylCpK7TdeEHTchkp11B9V62
 oID3Hoi6pSO6V8mx8qbCCumEkz8/5Zeo0KMbSkt0D/stWJaeFFbKJ6Ky3v9W3daOhIj2rEs2r
 xZoU/o1639NWn2+hWParotY+4ARGVD+kf7j10Uo5yt6mdNBDT2Ys0VmvvO73uQUfu3JN4uU6+
 VY0g0JNFjmKVJIXlG3V9m+3VzUHqt28pNJgOz6R11p1oHXGHNzGlWaM59N7s/8FRZpq+326SI
 PinxhVE/fKpUoYuYCHMMCNdqFv3SMoWxOT/Tzw4f4Z1smEkh0bQz2iDP4/K5eZi+4p+jk1YEo
 NMKQBKULGADZMjfOGBq5hNk4ftm6fq8Mn9AasNPk6doY4i3iQhx/skI6OVHhf77k2P9BZIV/y
 3B3YiCMviT1AAww9EcxcE7ko04Rb0FkBQQVH06Tf4sReW9PxuEHm25kSkmYUpafIr83tHtehp
 WZMavksfXPwIzSWkKLMYSFQAGas6Gmlm+avIBGj8Zo9fv3vBhWLCVGfpufRTJiB1qn31klo4C
 WbxCdBRW1YoIoVKrXtHbVV/XS76KCz2sGH2tUNcz4ukWZ7UEqEzEXQqyZin+2VVfsSpfWnzMi
 wt7HvYEuTzsGCbE4e6liwtXLPtZ/pOLEXVaN3Gqt2gT1fOE1Rj+s4vopUhSNpTZF66VJ9LhXr
 83yXZkxeQmIkxQU+W2ZHxJ7SAuA78qnNAi4RwyDV+UBfXCe8cCz6K56ZHAsxeiWxGb7/m3dDP
 788G29+sgbl+47tB3YyLY8O/H1gmmnilLVPPubZIrUGI4+ojIyE/MIV+VUyEY1oUFQJDzs0WN
 Y3S7iKhExFBLa3EtpZPh7pwA5PI33TIRkr7m6kegh+amqwmojRv2f2UnV6fdLMiwiTCDHUNl7
 2Zc6LkxdXahgxgqVkAViVcAVpQ6zTSBA2v3+5oLLk/9/ia8EDtN7p/DV3JUIewg3OvJo2p8gr
 QI0I3L4ucMDOm5OFpka7VhCSI1c=
Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17
 as permitted sender) client-ip=209.51.188.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Received-SPF: pass client-ip=212.227.15.18; envelope-from=deller@gmx.de;
 helo=mout.gmx.net
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org
X-ZohoMail-DKIM: pass (identity deller@gmx.de)
X-ZM-MESSAGEID: 1689706439407100001
Content-Type: text/plain; charset="utf-8"

qemu-user crashes immediately when running static binaries on the armhf
architecture. The problem is the memory layout where the executable is
loaded before the interpreter library, in which case the reserved brk
region clashes with the interpreter code and is released before qemu
tries to start the program.

At load time qemu calculates a brk value for interpreter and executable
each.  The fix is to choose the higher one of both.

Signed-off-by: Helge Deller <deller@gmx.de>
Cc: Andreas Schwab <schwab@suse.de>
Cc: qemu-stable@nongnu.org
Reported-by:  Venkata.Pyla@toshiba-tsip.com
Closes: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D1040981
---
 linux-user/elfload.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index a26200d9f3..94951630b1 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -3615,6 +3615,13 @@ int load_elf_binary(struct linux_binprm *bprm, struc=
t image_info *info)

     if (elf_interpreter) {
         load_elf_interp(elf_interpreter, &interp_info, bprm->buf);
+        /*
+         * adjust brk address if the interpreter was loaded above the main
+         * executable, e.g. happens with static binaries on armhf
+         */
+        if (interp_info.brk > info->brk) {
+            info->brk =3D interp_info.brk;
+        }

         /* If the program interpreter is one of these two, then assume
            an iBCS2 image.  Otherwise assume a native linux image.  */
--
2.41.0