include/qemu/qemu-plugin.h | 1 + exec.c | 8 ++- hw/virtio/vhost.c | 57 ++++++++++++----- linux-user/elfload.c | 71 +++++++++++++++++++--- linux-user/mmap.c | 2 +- tests/plugin/mem.c | 2 +- tests/tcg/arm/commpage.c | 61 +++++++++++++++++++ .cirrus.yml | 2 +- .shippable.yml | 12 ++-- .travis.yml | 5 ++ hw/virtio/trace-events | 3 +- scripts/clean-includes | 1 + scripts/coverity-scan/coverity-scan.docker | 2 - tests/docker/Makefile.include | 2 +- tests/docker/dockerfiles/centos7.docker | 2 - tests/docker/dockerfiles/centos8.docker | 2 - .../docker/dockerfiles/debian-xtensa-cross.docker | 2 - tests/docker/dockerfiles/debian10.docker | 2 - tests/docker/dockerfiles/debian9.docker | 2 - tests/docker/dockerfiles/fedora.docker | 2 - tests/docker/dockerfiles/ubuntu.docker | 4 +- tests/docker/dockerfiles/ubuntu1804.docker | 2 +- tests/tcg/arm/Makefile.target | 2 + tests/vm/fedora | 1 - tests/vm/freebsd | 1 - tests/vm/netbsd | 1 - tests/vm/openbsd | 1 - tests/vm/ubuntu.i386 | 2 +- 28 files changed, 195 insertions(+), 60 deletions(-) create mode 100644 tests/tcg/arm/commpage.c
The following changes since commit 49ee11555262a256afec592dfed7c5902d5eefd2:
Merge remote-tracking branch 'remotes/vivier2/tags/linux-user-for-5.1-pull-request' into staging (2020-06-08 11:04:57 +0100)
are available in the Git repository at:
https://github.com/stsquad/qemu.git tags/pull-testing-and-misc-080620-1
for you to fetch changes up to a5b04ccd742f6c58a1d305530d9e07ad9731b8e6:
scripts/coverity-scan: Remove flex/bison packages (2020-06-08 17:04:19 +0100)
----------------------------------------------------------------
Various testing and misc fixes:
- header cleanups for plugins
- support wider watchpoints
- tweaks for unreliable and broken CI
- docker image fixes and verion bumps
- linux-user guest_base fixes
- remove flex/bison from various test images
----------------------------------------------------------------
Alex Bennée (10):
tests/plugin: correctly honour io_count
exec: flush the whole TLB if a watchpoint crosses a page boundary
.travis.yml: allow failure for unreliable hosts
.shippable: temporaily disable some cross builds
tests/docker: fix pre-requisite for debian-tricore-cross
hw/virtio/vhost: re-factor vhost-section and allow DIRTY_MEMORY_CODE
linux-user: provide fallback pgd_find_hole for bare chroots
linux-user: deal with address wrap for ARM_COMMPAGE on 32 bit
tests/tcg: add simple commpage test case
linux-user: detect overflow of MAP_FIXED mmap
Emilio G. Cota (1):
qemu-plugin.h: add missing include <stddef.h> to define size_t
Paolo Bonzini (1):
docker: update Ubuntu to 20.04
Philippe Mathieu-Daudé (5):
scripts/clean-includes: Mark 'qemu/qemu-plugin.h' as special header
tests/docker: Remove flex/bison packages
tests/vm: Remove flex/bison packages
cirrus-ci: Remove flex/bison packages
scripts/coverity-scan: Remove flex/bison packages
include/qemu/qemu-plugin.h | 1 +
exec.c | 8 ++-
hw/virtio/vhost.c | 57 ++++++++++++-----
linux-user/elfload.c | 71 +++++++++++++++++++---
linux-user/mmap.c | 2 +-
tests/plugin/mem.c | 2 +-
tests/tcg/arm/commpage.c | 61 +++++++++++++++++++
.cirrus.yml | 2 +-
.shippable.yml | 12 ++--
.travis.yml | 5 ++
hw/virtio/trace-events | 3 +-
scripts/clean-includes | 1 +
scripts/coverity-scan/coverity-scan.docker | 2 -
tests/docker/Makefile.include | 2 +-
tests/docker/dockerfiles/centos7.docker | 2 -
tests/docker/dockerfiles/centos8.docker | 2 -
.../docker/dockerfiles/debian-xtensa-cross.docker | 2 -
tests/docker/dockerfiles/debian10.docker | 2 -
tests/docker/dockerfiles/debian9.docker | 2 -
tests/docker/dockerfiles/fedora.docker | 2 -
tests/docker/dockerfiles/ubuntu.docker | 4 +-
tests/docker/dockerfiles/ubuntu1804.docker | 2 +-
tests/tcg/arm/Makefile.target | 2 +
tests/vm/fedora | 1 -
tests/vm/freebsd | 1 -
tests/vm/netbsd | 1 -
tests/vm/openbsd | 1 -
tests/vm/ubuntu.i386 | 2 +-
28 files changed, 195 insertions(+), 60 deletions(-)
create mode 100644 tests/tcg/arm/commpage.c
--
2.20.1
On Tue, 9 Jun 2020 at 11:38, Alex Bennée <alex.bennee@linaro.org> wrote: > > The following changes since commit 49ee11555262a256afec592dfed7c5902d5eefd2: > > Merge remote-tracking branch 'remotes/vivier2/tags/linux-user-for-5.1-pull-request' into staging (2020-06-08 11:04:57 +0100) > > are available in the Git repository at: > > https://github.com/stsquad/qemu.git tags/pull-testing-and-misc-080620-1 > > for you to fetch changes up to a5b04ccd742f6c58a1d305530d9e07ad9731b8e6: > > scripts/coverity-scan: Remove flex/bison packages (2020-06-08 17:04:19 +0100) > > ---------------------------------------------------------------- > Various testing and misc fixes: > > - header cleanups for plugins > - support wider watchpoints > - tweaks for unreliable and broken CI > - docker image fixes and verion bumps > - linux-user guest_base fixes > - remove flex/bison from various test images Applied, thanks. Please update the changelog at https://wiki.qemu.org/ChangeLog/5.1 for any user-visible changes. -- PMM
From: "Emilio G. Cota" <cota@braap.org> Signed-off-by: Emilio G. Cota <cota@braap.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20200524202427.951784-1-cota@braap.org> Message-Id: <20200605154929.26910-2-alex.bennee@linaro.org> diff --git a/include/qemu/qemu-plugin.h b/include/qemu/qemu-plugin.h index 89ed579f559..bab8b0d4b3a 100644 --- a/include/qemu/qemu-plugin.h +++ b/include/qemu/qemu-plugin.h @@ -12,6 +12,7 @@ #include <inttypes.h> #include <stdbool.h> +#include <stddef.h> /* * For best performance, build the plugin with -fvisibility=hidden so that -- 2.20.1
From: Philippe Mathieu-Daudé <f4bug@amsat.org>
"qemu/qemu-plugin.h" isn't meant to be include by QEMU codebase,
but by 3rd party plugins that QEMU can use. These plugins can be
built out of QEMU and don't include "qemu/osdep.h".
Mark "qemu/qemu-plugin.h" as a special header that doesn't need
to be cleaned for "qemu/osdep.h".
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Emilio G. Cota <cota@braap.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20200524215654.13256-1-f4bug@amsat.org>
Message-Id: <20200605154929.26910-3-alex.bennee@linaro.org>
diff --git a/scripts/clean-includes b/scripts/clean-includes
index dd938daa3ec..795b3bea318 100755
--- a/scripts/clean-includes
+++ b/scripts/clean-includes
@@ -123,6 +123,7 @@ for f in "$@"; do
;;
*include/qemu/osdep.h | \
*include/qemu/compiler.h | \
+ *include/qemu/qemu-plugin.h | \
*include/glib-compat.h | \
*include/sysemu/os-posix.h | \
*include/sysemu/os-win32.h | \
--
2.20.1
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20200605154929.26910-4-alex.bennee@linaro.org>
diff --git a/tests/plugin/mem.c b/tests/plugin/mem.c
index 878abf09d19..4725bd851d8 100644
--- a/tests/plugin/mem.c
+++ b/tests/plugin/mem.c
@@ -28,7 +28,7 @@ static void plugin_exit(qemu_plugin_id_t id, void *p)
g_string_printf(out, "mem accesses: %" PRIu64 "\n", mem_count);
if (do_haddr) {
- g_string_append_printf(out, "io accesses: %" PRIu64 "\n", mem_count);
+ g_string_append_printf(out, "io accesses: %" PRIu64 "\n", io_count);
}
qemu_plugin_outs(out->str);
}
--
2.20.1
There is no particular reason why you can't have a watchpoint in TCG
that covers a large chunk of the address space. We could be clever
about it but these cases are pretty rare and we can assume the user
will expect a little performance degradation.
NB: In my testing gdb will silently squash a watchpoint like:
watch (char[0x7fffffffff]) *0x0
to a 4 byte watchpoint. Practically it will limit the maximum size
based on max-value-size. However given enough of a tweak the sky is
the limit.
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20200605154929.26910-5-alex.bennee@linaro.org>
diff --git a/exec.c b/exec.c
index be4be2df3a1..a0bf9d61c87 100644
--- a/exec.c
+++ b/exec.c
@@ -1038,6 +1038,7 @@ int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
int flags, CPUWatchpoint **watchpoint)
{
CPUWatchpoint *wp;
+ vaddr in_page;
/* forbid ranges which are empty or run off the end of the address space */
if (len == 0 || (addr + len - 1) < addr) {
@@ -1058,7 +1059,12 @@ int cpu_watchpoint_insert(CPUState *cpu, vaddr addr, vaddr len,
QTAILQ_INSERT_TAIL(&cpu->watchpoints, wp, entry);
}
- tlb_flush_page(cpu, addr);
+ in_page = -(addr | TARGET_PAGE_MASK);
+ if (len <= in_page) {
+ tlb_flush_page(cpu, addr);
+ } else {
+ tlb_flush(cpu);
+ }
if (watchpoint)
*watchpoint = wp;
--
2.20.1
They will still run but they won't get in the way of the result.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20200605154929.26910-6-alex.bennee@linaro.org>
diff --git a/.travis.yml b/.travis.yml
index 564be50a3c1..ec6367af1f0 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -429,6 +429,7 @@ jobs:
env:
- TEST_CMD="make check check-tcg V=1"
- CONFIG="--disable-containers --target-list=${MAIN_SOFTMMU_TARGETS}"
+ - UNRELIABLE=true
- name: "[ppc64] GCC check-tcg"
arch: ppc64le
@@ -493,6 +494,7 @@ jobs:
env:
- TEST_CMD="make check check-tcg V=1"
- CONFIG="--disable-containers --target-list=${MAIN_SOFTMMU_TARGETS},s390x-linux-user"
+ - UNRELIABLE=true
script:
- ( cd ${SRC_DIR} ; git submodule update --init roms/SLOF )
- BUILD_RC=0 && make -j${JOBS} || BUILD_RC=$?
@@ -535,6 +537,7 @@ jobs:
- TEST_CMD="make check-unit"
- CONFIG="--disable-containers --disable-tcg --enable-kvm
--disable-tools --host-cc=clang --cxx=clang++"
+ - UNRELIABLE=true
# Release builds
# The make-release script expect a QEMU version, so our tag must start with a 'v'.
@@ -556,3 +559,5 @@ jobs:
- mkdir -p release-build && cd release-build
- ../configure ${BASE_CONFIG} ${CONFIG} || { cat config.log && exit 1; }
- make install
+ allow_failures:
+ - env: UNRELIABLE=true
--
2.20.1
These currently fail due to Debian bug #960271 as the
linux-libc-library has a user-space build breaking symbol in it.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20200605154929.26910-7-alex.bennee@linaro.org>
diff --git a/.shippable.yml b/.shippable.yml
index 2cce7b56890..10cf219bff4 100644
--- a/.shippable.yml
+++ b/.shippable.yml
@@ -5,8 +5,8 @@ env:
global:
- LC_ALL=C
matrix:
- - IMAGE=debian-amd64
- TARGET_LIST=x86_64-softmmu,x86_64-linux-user
+ # - IMAGE=debian-amd64
+ # TARGET_LIST=x86_64-softmmu,x86_64-linux-user
- IMAGE=debian-win32-cross
TARGET_LIST=arm-softmmu,i386-softmmu,lm32-softmmu
- IMAGE=debian-win64-cross
@@ -19,10 +19,10 @@ env:
TARGET_LIST=aarch64-softmmu,aarch64-linux-user
- IMAGE=debian-s390x-cross
TARGET_LIST=s390x-softmmu,s390x-linux-user
- - IMAGE=debian-mips-cross
- TARGET_LIST=mips-softmmu,mipsel-linux-user
- - IMAGE=debian-mips64el-cross
- TARGET_LIST=mips64el-softmmu,mips64el-linux-user
+ # - IMAGE=debian-mips-cross
+ # TARGET_LIST=mips-softmmu,mipsel-linux-user
+ # - IMAGE=debian-mips64el-cross
+ # TARGET_LIST=mips64el-softmmu,mips64el-linux-user
- IMAGE=debian-ppc64el-cross
TARGET_LIST=ppc64-softmmu,ppc64-linux-user,ppc64abi32-linux-user
build:
--
2.20.1
Reported-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20200605154929.26910-9-alex.bennee@linaro.org> diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include index ed46bd98eb5..981b7fcf2a5 100644 --- a/tests/docker/Makefile.include +++ b/tests/docker/Makefile.include @@ -130,7 +130,7 @@ docker-image-debian-sparc64-cross: docker-image-debian10 docker-image-travis: NOUSER=1 # Specialist build images, sometimes very limited tools -docker-image-tricore-cross: docker-image-debian9 +docker-image-debian-tricore-cross: docker-image-debian9 docker-image-debian-arm64-test-cross: docker-image-debian11 # These images may be good enough for building tests but not for test builds -- 2.20.1
From: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20200604231716.11354-1-pbonzini@redhat.com>
Message-Id: <20200605154929.26910-10-alex.bennee@linaro.org>
diff --git a/tests/docker/dockerfiles/ubuntu.docker b/tests/docker/dockerfiles/ubuntu.docker
index eeb3b22bf20..43872417dec 100644
--- a/tests/docker/dockerfiles/ubuntu.docker
+++ b/tests/docker/dockerfiles/ubuntu.docker
@@ -9,7 +9,7 @@
# system won't pick up that it has changed.
#
-FROM ubuntu:19.04
+FROM ubuntu:20.04
ENV PACKAGES flex bison \
ccache \
clang \
--
2.20.1
When running QEMU out of a chroot environment we may not have access
to /proc/self/maps. As there is no other "official" way to introspect
our memory map we need to fall back to the original technique of
repeatedly trying to mmap an address range until we find one that
works.
Fortunately it's not quite as ugly as the original code given we
already re-factored the complications of dealing with the
ARM_COMMPAGE. We do make an attempt to skip over brk() which is about
the only concrete piece of information we have about the address map
at this moment.
Fixes: ee9474303
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20200605154929.26910-12-alex.bennee@linaro.org>
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index ebc663ea0b3..475d243f3bd 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -2101,6 +2101,50 @@ static void pgb_have_guest_base(const char *image_name, abi_ulong guest_loaddr,
}
}
+/**
+ * pgd_find_hole_fallback: potential mmap address
+ * @guest_size: size of available space
+ * @brk: location of break
+ * @align: memory alignment
+ *
+ * This is a fallback method for finding a hole in the host address
+ * space if we don't have the benefit of being able to access
+ * /proc/self/map. It can potentially take a very long time as we can
+ * only dumbly iterate up the host address space seeing if the
+ * allocation would work.
+ */
+static uintptr_t pgd_find_hole_fallback(uintptr_t guest_size, uintptr_t brk, long align)
+{
+ uintptr_t base;
+
+ /* Start (aligned) at the bottom and work our way up */
+ base = ROUND_UP(mmap_min_addr, align);
+
+ while (true) {
+ uintptr_t align_start, end;
+ align_start = ROUND_UP(base, align);
+ end = align_start + guest_size;
+
+ /* if brk is anywhere in the range give ourselves some room to grow. */
+ if (align_start <= brk && brk < end) {
+ base = brk + (16 * MiB);
+ continue;
+ } else if (align_start + guest_size < align_start) {
+ /* we have run out of space */
+ return -1;
+ } else {
+ int flags = MAP_ANONYMOUS | MAP_PRIVATE | MAP_NORESERVE | MAP_FIXED;
+ void * mmap_start = mmap((void *) align_start, guest_size,
+ PROT_NONE, flags, -1, 0);
+ if (mmap_start != MAP_FAILED) {
+ munmap((void *) align_start, guest_size);
+ return (uintptr_t) mmap_start;
+ }
+ base += qemu_host_page_size;
+ }
+ }
+}
+
/* Return value for guest_base, or -1 if no hole found. */
static uintptr_t pgb_find_hole(uintptr_t guest_loaddr, uintptr_t guest_size,
long align)
@@ -2116,6 +2160,10 @@ static uintptr_t pgb_find_hole(uintptr_t guest_loaddr, uintptr_t guest_size,
/* Read brk after we've read the maps, which will malloc. */
brk = (uintptr_t)sbrk(0);
+ if (!maps) {
+ return pgd_find_hole_fallback(guest_size, brk, align);
+ }
+
/* The first hole is before the first map entry. */
this_start = mmap_min_addr;
--
2.20.1
We rely on the pointer to wrap when accessing the high address of the
COMMPAGE so it lands somewhere reasonable. However on 32 bit hosts we
cannot afford just to map the entire 4gb address range. The old mmap
trial and error code handled this by just checking we could map both
the guest_base and the computed COMMPAGE address.
We can't just manipulate loadaddr to get what we want so we introduce
an offset which pgb_find_hole can apply when looking for a gap for
guest_base that ensures there is space left to map the COMMPAGE
afterwards.
This is arguably a little inefficient for the one 32 bit
value (kuser_helper_version) we need to keep there given all the
actual code entries are picked up during the translation phase.
Fixes: ee94743034b
Bug: https://bugs.launchpad.net/qemu/+bug/1880225
Cc: Bug 1880225 <1880225@bugs.launchpad.net>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Aleksandar Markovic <aleksandar.qemu.devel@gmail.com>
Cc: Richard Henderson <richard.henderson@linaro.org>
Cc: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20200605154929.26910-13-alex.bennee@linaro.org>
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index 475d243f3bd..b5cb21384a1 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -389,7 +389,7 @@ static bool init_guest_commpage(void)
{
void *want = g2h(ARM_COMMPAGE & -qemu_host_page_size);
void *addr = mmap(want, qemu_host_page_size, PROT_READ | PROT_WRITE,
- MAP_ANONYMOUS | MAP_PRIVATE, -1, 0);
+ MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0);
if (addr == MAP_FAILED) {
perror("Allocating guest commpage");
@@ -2113,7 +2113,8 @@ static void pgb_have_guest_base(const char *image_name, abi_ulong guest_loaddr,
* only dumbly iterate up the host address space seeing if the
* allocation would work.
*/
-static uintptr_t pgd_find_hole_fallback(uintptr_t guest_size, uintptr_t brk, long align)
+static uintptr_t pgd_find_hole_fallback(uintptr_t guest_size, uintptr_t brk,
+ long align, uintptr_t offset)
{
uintptr_t base;
@@ -2123,7 +2124,7 @@ static uintptr_t pgd_find_hole_fallback(uintptr_t guest_size, uintptr_t brk, lon
while (true) {
uintptr_t align_start, end;
align_start = ROUND_UP(base, align);
- end = align_start + guest_size;
+ end = align_start + guest_size + offset;
/* if brk is anywhere in the range give ourselves some room to grow. */
if (align_start <= brk && brk < end) {
@@ -2138,7 +2139,7 @@ static uintptr_t pgd_find_hole_fallback(uintptr_t guest_size, uintptr_t brk, lon
PROT_NONE, flags, -1, 0);
if (mmap_start != MAP_FAILED) {
munmap((void *) align_start, guest_size);
- return (uintptr_t) mmap_start;
+ return (uintptr_t) mmap_start + offset;
}
base += qemu_host_page_size;
}
@@ -2147,7 +2148,7 @@ static uintptr_t pgd_find_hole_fallback(uintptr_t guest_size, uintptr_t brk, lon
/* Return value for guest_base, or -1 if no hole found. */
static uintptr_t pgb_find_hole(uintptr_t guest_loaddr, uintptr_t guest_size,
- long align)
+ long align, uintptr_t offset)
{
GSList *maps, *iter;
uintptr_t this_start, this_end, next_start, brk;
@@ -2161,7 +2162,7 @@ static uintptr_t pgb_find_hole(uintptr_t guest_loaddr, uintptr_t guest_size,
brk = (uintptr_t)sbrk(0);
if (!maps) {
- return pgd_find_hole_fallback(guest_size, brk, align);
+ return pgd_find_hole_fallback(guest_size, brk, align, offset);
}
/* The first hole is before the first map entry. */
@@ -2173,7 +2174,7 @@ static uintptr_t pgb_find_hole(uintptr_t guest_loaddr, uintptr_t guest_size,
this_end = ((MapInfo *)iter->data)->start;
next_start = ((MapInfo *)iter->data)->end;
- align_start = ROUND_UP(this_start, align);
+ align_start = ROUND_UP(this_start + offset, align);
/* Skip holes that are too small. */
if (align_start >= this_end) {
@@ -2223,6 +2224,7 @@ static void pgb_static(const char *image_name, abi_ulong orig_loaddr,
{
uintptr_t loaddr = orig_loaddr;
uintptr_t hiaddr = orig_hiaddr;
+ uintptr_t offset = 0;
uintptr_t addr;
if (hiaddr != orig_hiaddr) {
@@ -2236,18 +2238,19 @@ static void pgb_static(const char *image_name, abi_ulong orig_loaddr,
if (ARM_COMMPAGE) {
/*
* Extend the allocation to include the commpage.
- * For a 64-bit host, this is just 4GiB; for a 32-bit host,
- * the address arithmetic will wrap around, but the difference
- * will produce the correct allocation size.
+ * For a 64-bit host, this is just 4GiB; for a 32-bit host we
+ * need to ensure there is space bellow the guest_base so we
+ * can map the commpage in the place needed when the address
+ * arithmetic wraps around.
*/
if (sizeof(uintptr_t) == 8 || loaddr >= 0x80000000u) {
- hiaddr = (uintptr_t)4 << 30;
+ hiaddr = (uintptr_t) 4 << 30;
} else {
- loaddr = ARM_COMMPAGE & -align;
+ offset = -(ARM_COMMPAGE & -align);
}
}
- addr = pgb_find_hole(loaddr, hiaddr - loaddr, align);
+ addr = pgb_find_hole(loaddr, hiaddr - loaddr, align, offset);
if (addr == -1) {
/*
* If ARM_COMMPAGE, there *might* be a non-consecutive allocation
@@ -2282,7 +2285,7 @@ static void pgb_dynamic(const char *image_name, long align)
* just above that, and maximises the positive guest addresses.
*/
commpage = ARM_COMMPAGE & -align;
- addr = pgb_find_hole(commpage, -commpage, align);
+ addr = pgb_find_hole(commpage, -commpage, align, 0);
assert(addr != -1);
guest_base = addr;
}
--
2.20.1
Relaxing the restrictions on 64 bit guests leads to the user being
able to attempt to map right at the edge of addressable memory. This
in turn lead to address overflow tripping the assert in page_set_flags
when the end address wrapped around.
Detect the wrap earlier and correctly -ENOMEM the guest (in the
reported case LTP mmap15).
Fixes: 7d8cbbabcb
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reported-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20200605154929.26910-15-alex.bennee@linaro.org>
diff --git a/linux-user/mmap.c b/linux-user/mmap.c
index caab62909eb..0019447892e 100644
--- a/linux-user/mmap.c
+++ b/linux-user/mmap.c
@@ -467,7 +467,7 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int prot,
* It can fail only on 64-bit host with 32-bit target.
* On any other target/host host mmap() handles this error correctly.
*/
- if (!guest_range_valid(start, len)) {
+ if (end < start || !guest_range_valid(start, len)) {
errno = ENOMEM;
goto fail;
}
--
2.20.1
From: Philippe Mathieu-Daudé <philmd@redhat.com>
QEMU does not use flex/bison packages.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Li-Wen Hsu <lwhsu@freebsd.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20200515163029.12917-5-philmd@redhat.com>
diff --git a/.cirrus.yml b/.cirrus.yml
index de0727cb097..ce7850a320e 100644
--- a/.cirrus.yml
+++ b/.cirrus.yml
@@ -7,7 +7,7 @@ freebsd_12_task:
cpu: 8
memory: 8G
install_script: ASSUME_ALWAYS_YES=yes pkg bootstrap -f ; pkg install -y
- bash bison curl cyrus-sasl git glib gmake gnutls gsed
+ bash curl cyrus-sasl git glib gmake gnutls gsed
nettle perl5 pixman pkgconf png usbredir
script:
- mkdir build
--
2.20.1
From: Philippe Mathieu-Daudé <philmd@redhat.com>
QEMU does not use flex/bison packages.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Claudio Fontana <cfontana@suse.de>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20200515163029.12917-6-philmd@redhat.com>
diff --git a/scripts/coverity-scan/coverity-scan.docker b/scripts/coverity-scan/coverity-scan.docker
index a4f64d12834..ad4d64c0f81 100644
--- a/scripts/coverity-scan/coverity-scan.docker
+++ b/scripts/coverity-scan/coverity-scan.docker
@@ -19,7 +19,6 @@ FROM fedora:30
ENV PACKAGES \
alsa-lib-devel \
bc \
- bison \
brlapi-devel \
bzip2 \
bzip2-devel \
@@ -30,7 +29,6 @@ ENV PACKAGES \
dbus-daemon \
device-mapper-multipath-devel \
findutils \
- flex \
gcc \
gcc-c++ \
gettext \
--
2.20.1
© 2016 - 2024 Red Hat, Inc.