linux-user/syscall.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
The guest binary and libraries are not always mapped with the
executable bit in the host process. The guest may read a
/proc/self/maps with no executable address range. The
patch bases the perm fields against the guest permission inside
Qemu.
Signed-off-by: Nicolas Surbayrole <nsurbayrole@quarkslab.com>
---
linux-user/syscall.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 389ec09764..77c40a274f 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -7888,9 +7888,9 @@ static int open_self_maps(void *cpu_env, int fd)
count = dprintf(fd, TARGET_ABI_FMT_ptr "-" TARGET_ABI_FMT_ptr
" %c%c%c%c %08" PRIx64 " %s %"PRId64,
h2g(min), h2g(max - 1) + 1,
- e->is_read ? 'r' : '-',
- e->is_write ? 'w' : '-',
- e->is_exec ? 'x' : '-',
+ (flags & PROT_READ) ? 'r' : '-',
+ (flags & PROT_WRITE) ? 'w' : '-',
+ (flags & PROT_EXEC) ? 'x' : '-',
e->is_priv ? 'p' : '-',
(uint64_t) e->offset, e->dev, e->inode);
if (path) {
--
2.30.1
When trying to used Qemu on amd64 host to run aarch64 binary, I've reached
an issue with /proc/self/maps.
$ docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
$ docker run --rm -it arm64v8/ubuntu cat /proc/self/maps
5500000000-5500008000 r--p 00000000 fe:06 141788774 /usr/bin/cat
5500008000-5500017000 ---p 00000000 00:00 0
5500017000-5500018000 r--p 00007000 fe:06 141788774 /usr/bin/cat
5500018000-5500019000 rw-p 00008000 fe:06 141788774 /usr/bin/cat
5500019000-550003a000 rw-p 00000000 00:00 0
5501019000-550101a000 ---p 00000000 00:00 0
550101a000-550181a000 rw-p 00000000 00:00 0 [stack]
550181a000-550183b000 r--p 00000000 fe:06 134329967 /usr/lib/aarch64-linux-gnu/ld-2.31.so
550183b000-550184b000 ---p 00000000 00:00 0
550184b000-550184c000 r--p 00021000 fe:06 134329967 /usr/lib/aarch64-linux-gnu/ld-2.31.so
550184c000-550184e000 rw-p 00022000 fe:06 134329967 /usr/lib/aarch64-linux-gnu/ld-2.31.so
5501850000-55019a9000 r--p 00000000 fe:06 134344388 /usr/lib/aarch64-linux-gnu/libc-2.31.so
55019a9000-55019b8000 ---p 00159000 fe:06 134344388 /usr/lib/aarch64-linux-gnu/libc-2.31.so
55019b8000-55019bb000 r--p 00158000 fe:06 134344388 /usr/lib/aarch64-linux-gnu/libc-2.31.so
55019bb000-55019be000 rw-p 0015b000 fe:06 134344388 /usr/lib/aarch64-linux-gnu/libc-2.31.so
55019be000-55019c3000 rw-p 00000000 00:00 0
No executable page is available. The same result is observed with the
last master commit. I think the perm fields should be based on
the guest permission inside Qemu, but I'd be happy to hear the rational against this.
On 3/5/21 9:31 AM, Nicolas Surbayrole wrote:
> The guest binary and libraries are not always mapped with the
> executable bit in the host process. The guest may read a
> /proc/self/maps with no executable address range. The
> patch bases the perm fields against the guest permission inside
> Qemu.
>
> Signed-off-by: Nicolas Surbayrole <nsurbayrole@quarkslab.com>
> ---
> linux-user/syscall.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index 389ec09764..77c40a274f 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -7888,9 +7888,9 @@ static int open_self_maps(void *cpu_env, int fd)
> count = dprintf(fd, TARGET_ABI_FMT_ptr "-" TARGET_ABI_FMT_ptr
> " %c%c%c%c %08" PRIx64 " %s %"PRId64,
> h2g(min), h2g(max - 1) + 1,
> - e->is_read ? 'r' : '-',
> - e->is_write ? 'w' : '-',
> - e->is_exec ? 'x' : '-',
> + (flags & PROT_READ) ? 'r' : '-',
> + (flags & PROT_WRITE) ? 'w' : '-',
> + (flags & PROT_EXEC) ? 'x' : '-',
Use PAGE_*, as those are the bits in flags. These three just happen to be the
same.
While we're at it, use PAGE_WRITE_ORG -- PAGE_WRITE may be removed on a rwx
page in which we've translated code.
r~
> e->is_priv ? 'p' : '-',
> (uint64_t) e->offset, e->dev, e->inode);
> if (path) {
>
© 2016 - 2024 Red Hat, Inc.