From nobody Fri May 17 05:50:14 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass header.i=deller@gmx.de; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmx.de ARC-Seal: i=1; a=rsa-sha256; t=1689782028; cv=none; d=zohomail.com; s=zohoarc; b=H24sHnY8ZN1m5VL3QZgtgoR00fdNX57QTLlBxmJd9jVlzMtHGlLAnmDR+S9jGcKpB2cxoroChAsSOnkgFOyB07NsczMNx273fZ0mx76eAJ6/CArnDAbm8qegRKM+5/cax4qFC/cL1yohlxBU3rKmmfWsfbZQ8GsIPiPyvMQ0e08= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1689782028; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=SI/RXbgy4rMYzDtsKSI4n+sFBjjRNA26z0w2I/MhuN0=; b=Aki8dV2y8E3UY+nxnZ/gD9IaNga3+SbLvzQH130G+kxYztpLiw9yrNBACtlbJvvir7aUD5Ucag3ZLrdxVJr6AwfrDXtv/bMXQmT2Ho84pGQpebYoU6mN90FRL79iZf7EodUP59ffb7soAwKZn+nqrUJp2f0+orBSPgdsPvpNQqU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=deller@gmx.de; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1689782028154869.8782265851154; Wed, 19 Jul 2023 08:53:48 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qM9Ty-00072K-59; Wed, 19 Jul 2023 11:52:54 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qM9Tw-00070Y-5g; Wed, 19 Jul 2023 11:52:52 -0400 Received: from mout.gmx.net ([212.227.15.19]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qM9Tt-0006Ph-NV; Wed, 19 Jul 2023 11:52:51 -0400 Received: from p100.fritz.box ([94.134.145.157]) by mail.gmx.net (mrgmx004 [212.227.17.190]) with ESMTPSA (Nemesis) id 1McH5a-1plzmT2ExQ-00cgbC; Wed, 19 Jul 2023 17:52:37 +0200 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.de; s=s31663417; t=1689781957; x=1690386757; i=deller@gmx.de; bh=efVESnAW6H7a8ZymmHelPG4JpfCKaU44b+i4/YpA37k=; h=X-UI-Sender-Class:From:To:Cc:Subject:Date:In-Reply-To:References; b=gIz+3yIxdFbiIKTyacrbDX9wwLMoWCSAFgm0qZy1TnIYo3wJ11BW15dDFxfB1okVDNrzoyH NJuISt8tpK174S8/EyaTZbtC6I5vktVHpNn5uv+IYDKIKkvjflmlDR97JT/FRt6BfsG4V7f+6 V+7d4ypMQV4AbXtoGBvwBvrcHgoEi6vo8bjSuKq9LoAJ2GVD15lPogPtAlLZZ6IVnVOCI5Z38 Z7QANSeyuYFclZi885/gv7gT95u25aJw7DoRChV/Cn3Qw2KStwEQmal/FwJZ+QNjPZgzeqvA8 6mfXn7KJGMPXCO47Wzq35SOGAgv7HBfDNQjtG9q9+p/FdIw0aAkg== X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a From: Helge Deller To: Richard Henderson , Laurent Vivier , Andreas Schwab , Michael Tokarev , qemu-devel@nongnu.org Cc: Helge Deller , "Markus F.X.J. Oberhumer" , qemu-stable@nongnu.org Subject: [PULL 1/5] linux-user: Fix qemu brk() to not zero bytes on current page Date: Wed, 19 Jul 2023 17:52:31 +0200 Message-ID: <20230719155235.244478-2-deller@gmx.de> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230719155235.244478-1-deller@gmx.de> References: <20230719155235.244478-1-deller@gmx.de> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Provags-ID: V03:K1:9ki5GeoyYFsDmXulyMlR7W48fzzEaB85Bx6bs6KtGYaneKENyCU eVOokJLxVu9yJYhwrWuA+yTgatY5rTYxcbNWozvoK0iepV7sEJQP6U+vu3hEo4heZd9XinK plSu+Ad9wDmr/i6tJLEw/1mg1vlllGET6z3k8hLAWAhMuPusBJseR+V5KaTxFruKC3HZx2l gigu35h0sXys34uLrVtxQ== UI-OutboundReport: notjunk:1;M01:P0:NdG3xE/qhxI=;Oi3/a6d/YL3rRDXPdA6e7l6CDTN p4FOj0pjPf9UO3AZ6roKgdsoGwVEdzwNmSh1p38AGCwPhPo0jUNHLd3EBjKVAHnr32mw6sq3+ ps3+YXNWblIuWYMuZO2EdZ/cn6cuLv7+vyrpwfwX/eejnO3Z5ahBgWZOkHEmikY2NcNEL8G2w hVUP3CXyEsdymeuT8GKo8TaolPELECHDyK5AZeimY/Q5VPzobVh5soZBP4/TDUiKPmUrgDKNJ OKcglEGC8oup71IJw2Srf6Xw09kyed9UpyoWx2QOb7NyZJ/pHn5Yr5lxLbeOXA4b57f2IB6yz bOtjJ7LOk1z7n4PbohY+Vt/+Idr9XtwinJAm+m5alIy5IQHH0gZaf+Ro5sgEEFhLjfkpv91fM FBYRPEKZGlI4HhFRwP4fLPIqB1oJzXm/c+N6HKJ7rDDtXcH3VTrrVMMNzfnuVkTZwBfONvLOU NwjhSu0rgIj+PYp9fQ1l6o2dDN0O4JVOZ5zIpNR/pgZu1Fyf3/pD8ZiiNBk62IvlIoWXrq+IQ g/VdHWVYjjTEYCN0ScdGZmqTvh1nKVLmD77LRp0cPIQroQglr6Hs3W4iIzX6FdzrmL+TET/s+ m54nsfKZFN8+kYWcIKsmFZqwgmY4qeMV2YQnToA3+lmVeYWOPT3OsjHF4zH0iJKE0m2rHTkmE zIgK+3TIbBQ0YvO5sOZIgfbkM9X078dM249wB9nLXiucDF9lZzqkVcEBfIkH+AOS7yqmt0DY/ hFzAfUESgnsj/rNglBtiBvfumorc+xqTMh/k/necczyH9JdsdXOpXwMCEWtUXajowtK0yf0hW +EpMTT5HaiAHhVuxTm61DG7L2/5Fz6oTgbt3YJjENB5jDF1zNnq2x+wUMT41qHmQp95rX309X zhBZne+MGK1aIHvPn4m/snkuxUoE/atHZ7/dr2JEGg7f3zguW1VzS8b+FJDHBzf8LPxSQ1sQh yu0p+XKDQSZ9bVMlDC83UD8uGf0= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.227.15.19; envelope-from=deller@gmx.de; helo=mout.gmx.net X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity deller@gmx.de) X-ZM-MESSAGEID: 1689782029225100005 Content-Type: text/plain; charset="utf-8" The qemu brk() implementation is too aggressive and cleans remaining bytes on the current page above the last brk address. But some existing applications are buggy and read/write bytes above their current heap address. On a phyiscal machine this does not trigger a runtime error as long as the access happens on the same page. Additionally the Linux kernel allocates only full pages and does no zeroing on already allocated pages, even if the brk address is lowered. Fix qemu to behave the same way as the kernel does. Do not touch already allocated pages, and - when running with different page sizes of guest and host - zero out only those memory areas where the host page size is bigger than the guest page size. Signed-off-by: Helge Deller Tested-by: "Markus F.X.J. Oberhumer" Fixes: 86f04735ac ("linux-user: Fix brk() to release pages") Cc: qemu-stable@nongnu.org Buglink: https://github.com/upx/upx/issues/683 --- linux-user/syscall.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index c99ef9c01e..ee54eed33b 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -829,10 +829,8 @@ abi_long do_brk(abi_ulong brk_val) /* brk_val and old target_brk might be on the same page */ if (new_brk =3D=3D TARGET_PAGE_ALIGN(target_brk)) { - if (brk_val > target_brk) { - /* empty remaining bytes in (possibly larger) host page */ - memset(g2h_untagged(target_brk), 0, new_host_brk_page - target= _brk); - } + /* empty remaining bytes in (possibly larger) host page */ + memset(g2h_untagged(new_brk), 0, new_host_brk_page - new_brk); target_brk =3D brk_val; return target_brk; } @@ -840,7 +838,7 @@ abi_long do_brk(abi_ulong brk_val) /* Release heap if necesary */ if (new_brk < target_brk) { /* empty remaining bytes in (possibly larger) host page */ - memset(g2h_untagged(brk_val), 0, new_host_brk_page - brk_val); + memset(g2h_untagged(new_brk), 0, new_host_brk_page - new_brk); /* free unused host pages and set new brk_page */ target_munmap(new_host_brk_page, brk_page - new_host_brk_page); @@ -873,7 +871,7 @@ abi_long do_brk(abi_ulong brk_val) * come from the remaining part of the previous page: it may * contains garbage data due to a previous heap usage (grown * then shrunken). */ - memset(g2h_untagged(target_brk), 0, brk_page - target_brk); + memset(g2h_untagged(brk_page), 0, HOST_PAGE_ALIGN(brk_page) - brk_= page); target_brk =3D brk_val; brk_page =3D new_host_brk_page; -- 2.41.0 From nobody Fri May 17 05:50:14 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass header.i=deller@gmx.de; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmx.de ARC-Seal: i=1; a=rsa-sha256; t=1689782036; cv=none; d=zohomail.com; s=zohoarc; b=c+cZDVUmfqcipJx71ZBT91B2t6Plw8HtPZzSRYor+pMFQKnyhj+wkfkq9Z5+neh18Ow/8d0VcUoduk1TYpCwhSopzIeQs98Fx70BtMdNcPzZ28idMA1xaVCB4WglFCFPJ+hMNlUMgnjqcwPqN6fJR0f7f/rZRVQUWxqhdCQy7uI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1689782036; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=jMcNmZ9EpHnu0MrJq64cNJjKKWb4zCLiXR9w2sQTCj4=; b=V+jMJQUp10mDDWpqlKTOcxuvnQsHmdaCmW4sx0+Cb7eVOTSXEAiT1BW3/wGZ7Zll1B4fdVVeb9mmE4HAMgZp36h2/wgui94wCWEbrfbsRhf7T8fLdHh5sBpGepDCWtexP4iKTJT0AmlxN5Pj/6fP/VLZY4HDaQFr2esFCg/8fIo= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=deller@gmx.de; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1689782036049757.4077717696466; Wed, 19 Jul 2023 08:53:56 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qM9Tw-00071k-OU; Wed, 19 Jul 2023 11:52:52 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qM9Tv-00070D-Kg; Wed, 19 Jul 2023 11:52:51 -0400 Received: from mout.gmx.net ([212.227.15.18]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qM9Tt-0006Pv-G1; Wed, 19 Jul 2023 11:52:51 -0400 Received: from p100.fritz.box ([94.134.145.157]) by mail.gmx.net (mrgmx004 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MVeI2-1qW9M934pI-00Ramw; Wed, 19 Jul 2023 17:52:37 +0200 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.de; s=s31663417; t=1689781957; x=1690386757; i=deller@gmx.de; bh=Y2R6dhX3c4Smt/gWWNK5vjxqVT4qS1UdFbVRJHqxeWA=; h=X-UI-Sender-Class:From:To:Cc:Subject:Date:In-Reply-To:References; b=fQkZNeAYbn2AIAEnlAZcPQzmNvkx0GCcxB6hCDciwCi2133Fp25ax+yHUlPodDCKIwBoxsY J+9tyg2iD275MGt0q2gL8gAqEEL46qvURl8dbQRDqej4j8ldzC39yk+Brs0zVYuX0W0rLZE5y Ppe2aX238tj6K6RYGXm/DGPTR3EZRf8BLSu2u4FpYRd56AJi8mW4p3hG/DsK5MBykttHBFj8j Z2NsKMx5EzWNKfKhVm65oitjc4eTn86za1IwRAtLX2LBW9MADcA8/leXK9djJdhQ060MUx02x R7LljgrUf13ikeHLQkgsP0nDC7jFVSf3YiLuB2gOUuLhMkA/p0Zw== X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a From: Helge Deller To: Richard Henderson , Laurent Vivier , Andreas Schwab , Michael Tokarev , qemu-devel@nongnu.org Cc: Helge Deller , "Markus F.X.J. Oberhumer" , qemu-stable@nongnu.org Subject: [PULL 2/5] linux-user: Prohibit brk() to to shrink below initial heap address Date: Wed, 19 Jul 2023 17:52:32 +0200 Message-ID: <20230719155235.244478-3-deller@gmx.de> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230719155235.244478-1-deller@gmx.de> References: <20230719155235.244478-1-deller@gmx.de> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Provags-ID: V03:K1:OA5vYHshQY22MErZzwGYNNTa3R5JEFDzHdW7oPVlc61XFox7BMY Gw9W4K2e/Nn0pta7Ehhuc3d5vzInRsHrOAUV2490cUKHJcxcNmJCJE3l8BFuC7aIuN2XkAt TMjD0P9MD6aFlicMfjP6LYmDlVaYQgaocxzcf5VB+i82kfrZcX/kBbj4V8y2UZRxOka3kkL g25jpFvEfq/H35fz4mdYA== UI-OutboundReport: notjunk:1;M01:P0:yu3NnRHu6Aw=;wHZxXWz/JfgvoKueP3mBqrkBB3i Lo4gXTSflQ7SsyZGgc/xXBA6zkr95p6L+tMFL3nryOBqlDIW0xqWeDlHKdsT1dQRrPRY7KEHG t4RZodf7biI7GXHGvkLLTYOojWqNRSycOvXnGFK/R4bsHQPiEF4yXPOwroWopo8PksVHh7fWm vL0TisIFGns6Bz9zEHshXvbP1SOcIoj48bJFLuUmSV+eyHF1+8Xxjrgp+hCc3/QxpfXVfmlcy vXM3NQWmaN+xBjVF0FpaSdErn+NP1O9uh06gOiHcXOgvCdI4k02nx9m3zTXKNZk4ke7JsQqJm ErH2BEg/0latpZiyIL2FvBvWInNgQoV9V2whWA61O9RXDs9nGZzNj6xOW9VRai3RWml6RLh0y WWeDne/BzbrMQp1mEBVo9yom2eC7lnDavkJmpcOd4fmDRDLVOvuJSsrOdRsSVZFS3ovlWsnmD 5PlLq/FWWmOUc2nUKoJkm6OiKh6EHwx5zYxwDBKnnANmJP716n8dFeG/p3UI8vKxD0/GzaIjP yiHWi5/kUuwT+pe8TGsrRDlaRd813dA+FS0Q7ahyR9ZXt5vSC+z4+UYf/h11EUfSHkRMEpeYk F1HZmcZx3tNvJmVAp1S67Kpga5Q5EyiFPzQ8De7SETyEz0Club5M19DS72EeCWepFKbJfVbjE dVorekShyU/evVAbMogFKNRHL8nJQh3jiBnuz/VtNckmeOmugzIrXQk00Sf/7RBcurz6C9ZKj ti4ZGgqhykuXaFxIqBylYVurdy2s7pR0mHptYox09IIxx076D0YujCm2IwRj5ouypRTXkmqef EEAKmhwrxgaUSGu/wko1SbIP2VIHb2dM+nw8o3xeJTbcG0TRAlUeVq7C0AfmYtpEp91Sc32kP LMvlS+RBB9kig4oCGsiZR8tk6Yz8uje0YOsbvRkrNj43P8jkv403QDes+e9ifUeRyhl5pnvqt hpEHtPMEKFPt5MWlsnC4dR3TD5I= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.227.15.18; envelope-from=deller@gmx.de; helo=mout.gmx.net X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity deller@gmx.de) X-ZM-MESSAGEID: 1689782037177100001 Content-Type: text/plain; charset="utf-8" Since commit 86f04735ac ("linux-user: Fix brk() to release pages") it's possible for userspace applications to reduce their memory footprint by calling brk() with a lower address and free up memory. Before that commit guest heap memory was never unmapped. But the Linux kernel prohibits to reduce brk() below the initial memory address which is set at startup by the set_brk() function in binfmt_elf.c. Such a range check was missed in commit 86f04735ac. This patch adds the missing check by storing the initial brk value in initial_target_brk and verify any new brk addresses against that value. Tested with the i386 upx binary from https://github.com/upx/upx/releases/download/v4.0.2/upx-4.0.2-i386_linux.ta= r.xz Signed-off-by: Helge Deller Tested-by: "Markus F.X.J. Oberhumer" Fixes: 86f04735ac ("linux-user: Fix brk() to release pages") Cc: qemu-stable@nongnu.org Buglink: https://github.com/upx/upx/issues/683 --- linux-user/syscall.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index ee54eed33b..125fcbe423 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -801,12 +801,13 @@ static inline int host_to_target_sock_type(int host_t= ype) return target_type; } -static abi_ulong target_brk; +static abi_ulong target_brk, initial_target_brk; static abi_ulong brk_page; void target_set_brk(abi_ulong new_brk) { target_brk =3D TARGET_PAGE_ALIGN(new_brk); + initial_target_brk =3D target_brk; brk_page =3D HOST_PAGE_ALIGN(target_brk); } @@ -824,6 +825,11 @@ abi_long do_brk(abi_ulong brk_val) return target_brk; } + /* do not allow to shrink below initial brk value */ + if (brk_val < initial_target_brk) { + brk_val =3D initial_target_brk; + } + new_brk =3D TARGET_PAGE_ALIGN(brk_val); new_host_brk_page =3D HOST_PAGE_ALIGN(brk_val); -- 2.41.0 From nobody Fri May 17 05:50:14 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass header.i=deller@gmx.de; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmx.de ARC-Seal: i=1; a=rsa-sha256; t=1689782083; cv=none; d=zohomail.com; s=zohoarc; b=ZZ/b70Hfysxy4kugfHipIR0ZgV55cEJFIas789J/FgrT8PTxzqRx16XR/dAUqqdgWmj9K79YOep0pxPfEcyrJX9CNvS8SMpZkXCMPpr+zGsM/Poqk2QkvZK/KynHUyr86FtJqqOEcCNvrF+bxtnX+ktBlYPxbJ0cds+QL9ye1wc= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1689782083; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=kpSWEWJkL0kx+D28TH/y1BLZgvJ4pej8o4fRZm0NbVE=; b=PrarjRnGYj92h2LHtgSOQdrAdrt8TXFpdyqCMu1Kh+fR0iyby4eb20bVmjkTJPrCmL0WCtlKiNXYkvKRJhJ5cwc5yuqWIXjiGdave/8FpWcODImAWU/c4A6ZiQQYM3AFWjrvXNatoM/bK2SVACuICS7HapbvDFmerEVcUPtwCzQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=deller@gmx.de; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1689782083817948.1331401792517; Wed, 19 Jul 2023 08:54:43 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qM9Tx-00071x-Hh; Wed, 19 Jul 2023 11:52:53 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qM9Tu-0006zu-Re; Wed, 19 Jul 2023 11:52:50 -0400 Received: from mout.gmx.net ([212.227.15.19]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qM9Ts-0006Pg-4s; Wed, 19 Jul 2023 11:52:50 -0400 Received: from p100.fritz.box ([94.134.145.157]) by mail.gmx.net (mrgmx004 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MulqD-1q5aAH04FH-00rtX3; Wed, 19 Jul 2023 17:52:38 +0200 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.de; s=s31663417; t=1689781958; x=1690386758; i=deller@gmx.de; bh=QndR1JShYxuIGvq9fxtuUmSM0VG5DS7IN52I1fXIGAw=; h=X-UI-Sender-Class:From:To:Cc:Subject:Date:In-Reply-To:References; b=PDhuruxvCMI4wtWeqFx584ShHaLCzSfB9KGcwAdSOTrnxti6S7KphnAERJORfhInjpx7WCg JeTEzU3lEyg4QkvIwEv12qxTSNh0nCnrvGyKlbqh+zOSEh3GRjiutc6fEMim9EssfKjmJbQFC uF3zGjn/Yu5aSS5S8pp0zIAHyFDw5wI0MmS0shcbCQDywaNyN/md/dsKjEtUmV/FD+eDhGc1j ZwDxjdB38JlLcpgW7chLjizSQfzrHoySzWQdReDa3komXOhnH15kB16yaEJROLJiWEp7YqMvH j9tFxE/+LtQXMVZOMafn+ZArF1XUxKWCgGKWB5SKmU3r9hYUkt2g== X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a From: Helge Deller To: Richard Henderson , Laurent Vivier , Andreas Schwab , Michael Tokarev , qemu-devel@nongnu.org Cc: Helge Deller , "Markus F.X.J. Oberhumer" , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , qemu-stable@nongnu.org Subject: [PULL 3/5] linux-user: Fix signed math overflow in brk() syscall Date: Wed, 19 Jul 2023 17:52:33 +0200 Message-ID: <20230719155235.244478-4-deller@gmx.de> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230719155235.244478-1-deller@gmx.de> References: <20230719155235.244478-1-deller@gmx.de> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Provags-ID: V03:K1:K9yOMTZJBZEDnsKu1NePC5D43Rgn+8cvnQEPGDA1qDySEKSpsQy FUQDdqHmGy2nShdYhfniAfig+iZL9u0dos/nPIqQVH80Kb/IDw6jp66pgk/m4yNM52zPdUP 57k1BHvt9WYKJwK/4XnGRx47vfpdSO6BC51EOJCK67IM8GKYbUEsR0iDL6GLwbPUxt9jPaM YVD5M94w+5UFZf8ppHxZg== UI-OutboundReport: notjunk:1;M01:P0:vOP6zqKiwGU=;rthfAxYtLngh3PHj4zZUw+vuIKI FcPznh4oazHhxlWUlq7ArTwoGU3v07qaQSW+hNgZPcpYkqMJh6VSGv4/MNw/oHOM12RBFZJeO 7GShiCu2Xy0Y9738jkBuXlicNk0dLJ1YZ85oN7LbDfqwPOLgpkn3nAQh2/wLBMaPnLiIhg4Rw Ct3w98yA1XRx25lGXsxPsJ1gw1dAyzLUkVs5DclVOcw34+FP+dm4e6z3q1bVSvFfA6lFW+mjT uZAKRD0Pxt15lL34HvDdPxYmHrLUmbihM6m3EU+DJMc1lMxDhqNKW7SQc82LYgoptHuYN4S7e n2nb4Noh9BiqtOHJbK9GiXPrIaYnjEtl2nxp6Ouh9mZOGt6C2MSllrObzVlY+N41KQbKxCIxz u5YT5miOGMEhObiR4JEtHvW4UWxTWgnyapVTKQcpATDoF2nuksI7RpRT2eSK5M07TqH5P++BA jb2du38DF/VqS2HPHPOMQ4rK7QiY1obZUmuHoh7TRGpg+k9Do/qrLMHOXmEZIKxi/ZSHfhcrD AkPyMQE/jYLdz6ZkmcK4Ltq33a6lOUqNLgkMx2/UBEfaKLt/4gPkbNcEacI+WcltgLRkv1lks jDOpZeT24wNfcZR/mYXQHG4GQDWUHbU8D1W3tBDv95XS65xGdeYD79+DU97GjUOxmlhwxjdXt uEAJGKejiAbI+urLgCBRdYu2l3l70o0zMrMS5kqOjFHutXmcGOBlcF6LZ4MqehRUEiiEV6poF Pfpd0+0ax6rSv7few05wbcgWsBIWjd+Hk62XiaJbaAE2uyMtMbMHseSmW1euSeGY7GEcqYsGp 2AvR0ASd6H9ise+9u/c7U+KDSzns9YqJan4a6FaNjJ7uwjlWAjWFTR0iXoFV2GrDJPb6plXJk xnsKOOsa5zNk1wPYkp7MBST5XHclxu1ywn87SNCITlBUCnuYuuoFs8cTDPNd3p7T7MsWbpvRG KRjraqSP0K+lVaS33ZyuvvpmmIQ= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.227.15.19; envelope-from=deller@gmx.de; helo=mout.gmx.net X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity deller@gmx.de) X-ZM-MESSAGEID: 1689782085394100001 Content-Type: text/plain; charset="utf-8" Fix the math overflow when calculating the new_malloc_size. new_host_brk_page and brk_page are unsigned integers. If userspace reduces the heap, new_host_brk_page is lower than brk_page which results in a huge positive number (but should actually be negative). Fix it by adding a proper check and as such make the code more readable. Signed-off-by: Helge Deller Tested-by: "Markus F.X.J. Oberhumer" Reviewed-by: Philippe Mathieu-Daud=C3=A9 Fixes: 86f04735ac ("linux-user: Fix brk() to release pages") Cc: qemu-stable@nongnu.org Buglink: https://github.com/upx/upx/issues/683 --- linux-user/syscall.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 125fcbe423..95727a816a 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -860,12 +860,13 @@ abi_long do_brk(abi_ulong brk_val) * itself); instead we treat "mapped but at wrong address" as * a failure and unmap again. */ - new_alloc_size =3D new_host_brk_page - brk_page; - if (new_alloc_size) { + if (new_host_brk_page > brk_page) { + new_alloc_size =3D new_host_brk_page - brk_page; mapped_addr =3D get_errno(target_mmap(brk_page, new_alloc_size, PROT_READ|PROT_WRITE, MAP_ANON|MAP_PRIVATE, 0, 0)); } else { + new_alloc_size =3D 0; mapped_addr =3D brk_page; } -- 2.41.0 From nobody Fri May 17 05:50:14 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass header.i=deller@gmx.de; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmx.de ARC-Seal: i=1; a=rsa-sha256; t=1689782060; cv=none; d=zohomail.com; s=zohoarc; b=oFaJ/rrV8LcbjS4/xlm6apl2cjsHBX/MUAUAHcoTurZuinluCmfN/dEs/ddz2FjBjs31hRRkOZE0TZzLnSAkh4QhEK8Ek2WesMtp24oVx74MpHpjAwfezGpNOGudnjxUjDauWaxH3MVgVh/rh/8BX4tNS38zHZfYj7o9eLml2D4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1689782060; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=V2JADnpak0J0rJ2Fobuqmy8VQrQFsIkAhtS0MAuheg8=; b=XkmC64dfrxXLf2qSw7plkxehmQnWIdozFBBK9EvEKHjot/FWb1JvzCVgvz9TMfhfl8vKY9x/3pEv7e+GYo8wwfrxCrfocpreR3BY5C/+ApcaTkVSUkbw11XigaN+Ki7VtalLBuujvdtCOQBhbvWTGjzz2nTwmz5mMT47UmRO0hM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=deller@gmx.de; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1689782060633714.7150382470612; Wed, 19 Jul 2023 08:54:20 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qM9Tv-00070P-UH; Wed, 19 Jul 2023 11:52:51 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qM9Tr-0006zK-5r for qemu-devel@nongnu.org; Wed, 19 Jul 2023 11:52:47 -0400 Received: from mout.gmx.net ([212.227.15.15]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qM9Tp-0006P3-2N for qemu-devel@nongnu.org; Wed, 19 Jul 2023 11:52:46 -0400 Received: from p100.fritz.box ([94.134.145.157]) by mail.gmx.net (mrgmx004 [212.227.17.190]) with ESMTPSA (Nemesis) id 1N2V4P-1pvioL0w8N-013wkL; Wed, 19 Jul 2023 17:52:38 +0200 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.de; s=s31663417; t=1689781958; x=1690386758; i=deller@gmx.de; bh=GcJX0PwH05RXdjGqj9MYbykoFQSW3eaMaUjhr3sxux0=; h=X-UI-Sender-Class:From:To:Cc:Subject:Date:In-Reply-To:References; b=h2Ev3lR7zClEULiUowIBb2hHYJVVWGzvNMh13FKfNHFvRKlYzqe4+op5XykQXOL3hx7aVBQ 5j2fIxAxWS1hKHFjWv+TV6/P1pWf++Qum/1gKSyDE6aLcqJNfI8t+fDWlrNtQhGql4ZTtxDee cKjqCE2X4TE8gvlWTcEhd0PucP73lsef+hBmtUNt5+J8EhKsA0VjPWePUtMPeiTgCuQDArLgz 0NJ3NplQ+c8a7ZKtmNLl1oL4IHPzCXcz0nvuwwaBHhko2rGZza21tp9UuGPOkwhbjrIhh56LU lGDxVqX0fmQhjbWvumgRMubaz7YNILSxvLkfhv3PgeJIGFZl6nMw== X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a From: Helge Deller To: Richard Henderson , Laurent Vivier , Andreas Schwab , Michael Tokarev , qemu-devel@nongnu.org Cc: Helge Deller , John Reiser Subject: [PULL 4/5] linux-user: Fix strace output for old_mmap Date: Wed, 19 Jul 2023 17:52:34 +0200 Message-ID: <20230719155235.244478-5-deller@gmx.de> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230719155235.244478-1-deller@gmx.de> References: <20230719155235.244478-1-deller@gmx.de> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Provags-ID: V03:K1:IjwP9qap1dfkmxXafXQiVDTU6A4wuDEgQGVHIsNr46Ol6CII3GR NHujKO22hgF7NH59OlolTL1615+6MXmyDm/7FEjut79iF2yvwVVgyvyysv1fzB5ZCuqd8qm 5lsr/fTV3ohDxQMzZFRdWyKnJwXiV3kUT7tCt9thDN4bn3doXNEcsReTLPy/Drza7dQMCW6 77EKtU9+bW7zfzTDaHHpw== UI-OutboundReport: notjunk:1;M01:P0:w2N/4v1U7Ng=;9PeK4cJlWoftt8e91+EQ2Fm4vuI 3vhBNaatb7pVNJjtTMJQn/lWnnxo0AfRKyT5DbyGEKaeo4J/gBL0NiA1vYoeI8T1nZi3rGpSr 0Q4eMOMg6CMhzN/grhnWAH1Mz77AXe97vPeDQynxgDfD7ySM7IEE/M72Um/dcRKfYNshfWUXj g/tExCquaSFx6mtCzRt2y4kkj6l0i+B2O7DfSlUUjS4aUHX+F/Dq1MaPqUiQctFKqvlSl0yE6 rYf8ij0LysvEjqe0SRxfIVErd8sqz5SK69tN5XoBJvlD9jdrOYdyPAAU5XvpsSlpWf5q7CP5A mBnp5UfiEf9vD1WF1oHPk1WVfsP3j7dVqIS1tTpkWjIcJLBqF64nUWFBDb++1lxqAMxJ1iGwE vde/mZMvjPIB4d3UDC7qiiSKGdVptomkfxt8OOoRGTi3E3aVHlAVkmlb0TeJUqd+VNbG6PsOw Gw4N31Y3H+MavHC9iChY7aiUFTPTBSUI4ipos1Rso4bOWGpiyWCJMnWrALm4CcMt12KKXq/kr 5WBGXpMjyivxBV/Oe5jjSnZuIfTi+/vmZGk+cu/3VHfY7CDgJW4Vwy/TV8IxMDMMxC0xhFbqq p7tdqarihAgP4ks65cvYZM4ezzs0rHmL2rZUPus3gOgWpEhL+4OwC0DFbR/4IcIKQGPFPDhG9 Ooy9b24r7FT/FTnflwaqqD6LCrJk2RUspcEAOvCCjmhacU80yrAXOLP2BDq5SnkFpZLiacOID UI6wPba1XYwOl1xYW4VAy581DE625xsr4QfB2fVH/q10751zxjahAexnXLk5t9vnm6Ub9bcqf BPT7NmF++yX0FJOq/+vT6AnzOEXfYjysHsQVitvfXTfHodribQt8sttzHWMwPO5u9OxXNGrxd WCThxj5/tj5eDLuw61lhYoXw1kOfSj5AzpIqFmvUE8Xq8Iy363hORSKBVEFD+SFUb+5Xv1tI3 JS1EB428jrHxMIj41ZKCX+yVkEg= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.227.15.15; envelope-from=deller@gmx.de; helo=mout.gmx.net X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity deller@gmx.de) X-ZM-MESSAGEID: 1689782061297100001 Content-Type: text/plain; charset="utf-8" The old_mmap syscall (e.g. on i386) hands over the parameters in a struct. Adjust the strace output to print the correct values. Signed-off-by: Helge Deller Reported-by: John Reiser Closes: https://gitlab.com/qemu-project/qemu/-/issues/1760 --- linux-user/strace.c | 49 +++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 45 insertions(+), 4 deletions(-) diff --git a/linux-user/strace.c b/linux-user/strace.c index bbd29148d4..e0ab8046ec 100644 --- a/linux-user/strace.c +++ b/linux-user/strace.c @@ -3767,10 +3767,24 @@ print_utimensat(CPUArchState *cpu_env, const struct= syscallname *name, #if defined(TARGET_NR_mmap) || defined(TARGET_NR_mmap2) static void -print_mmap(CPUArchState *cpu_env, const struct syscallname *name, +print_mmap_both(CPUArchState *cpu_env, const struct syscallname *name, abi_long arg0, abi_long arg1, abi_long arg2, - abi_long arg3, abi_long arg4, abi_long arg5) -{ + abi_long arg3, abi_long arg4, abi_long arg5, + bool is_old_mmap) +{ + if (is_old_mmap) { + abi_ulong *v; + abi_ulong argp =3D arg0; + if (!(v =3D lock_user(VERIFY_READ, argp, 6 * sizeof(abi_ulong)= , 1))) + return; + arg0 =3D tswapal(v[0]); + arg1 =3D tswapal(v[1]); + arg2 =3D tswapal(v[2]); + arg3 =3D tswapal(v[3]); + arg4 =3D tswapal(v[4]); + arg5 =3D tswapal(v[5]); + unlock_user(v, argp, 0); + } print_syscall_prologue(name); print_pointer(arg0, 0); print_raw_param("%d", arg1, 0); @@ -3780,7 +3794,34 @@ print_mmap(CPUArchState *cpu_env, const struct sysca= llname *name, print_raw_param("%#x", arg5, 1); print_syscall_epilogue(name); } -#define print_mmap2 print_mmap +#endif + +#if defined(TARGET_NR_mmap) +static void +print_mmap(CPUArchState *cpu_env, const struct syscallname *name, + abi_long arg0, abi_long arg1, abi_long arg2, + abi_long arg3, abi_long arg4, abi_long arg5) +{ + return print_mmap_both(cpu_env, name, arg0, arg1, arg2, arg3, + arg4, arg5, +#if defined(TARGET_NR_mmap2) + true +#else + false +#endif + ); +} +#endif + +#if defined(TARGET_NR_mmap2) +static void +print_mmap2(CPUArchState *cpu_env, const struct syscallname *name, + abi_long arg0, abi_long arg1, abi_long arg2, + abi_long arg3, abi_long arg4, abi_long arg5) +{ + return print_mmap_both(cpu_env, name, arg0, arg1, arg2, arg3, + arg4, arg5, false); +} #endif #ifdef TARGET_NR_mprotect -- 2.41.0 From nobody Fri May 17 05:50:14 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass header.i=deller@gmx.de; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=gmx.de ARC-Seal: i=1; a=rsa-sha256; t=1689782030; cv=none; d=zohomail.com; s=zohoarc; b=UhgGjbX4ntzTeGhz1dVdVj8T7lX5E0WdjkHzWS5Flf7WwxlX5nKou8YA1dfLu41zXKzmSq9UxUa7NcWLl5ex1QZ8b0bWvGmxuLDU5ndjkKq5E8Rwvt8t/Pi0lHss903OP/X/glbcQceoi8I321I2MBBhNuafAL3+Tcuu3Bdw/Eg= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1689782030; h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=71mnHVUaJuxYRxrxUCN3ZoWqwU62AptCAvu/rAi2Ft4=; b=IHrLg91BU1oYkZI/M/j8gZ+jfG33eiC0ZZ3T6M20DZH5EpydQ/28rvKV5e1z+y4jhxOzYaEEQ7Xik/m5MhZq3v2fnpFx+9im+mZZ/mjoNQEkjKmHgZwmNQ4fDeoIhnV7Uzv0ZU/bGTUdjwN/SNur4YSxmZjnLsoK575gmVYANK8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=deller@gmx.de; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1689782030048158.3355471596892; Wed, 19 Jul 2023 08:53:50 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qM9Tt-0006zp-Vw; Wed, 19 Jul 2023 11:52:50 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qM9Tr-0006zL-5q; Wed, 19 Jul 2023 11:52:47 -0400 Received: from mout.gmx.net ([212.227.15.19]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qM9To-0006NH-Dl; Wed, 19 Jul 2023 11:52:46 -0400 Received: from p100.fritz.box ([94.134.145.157]) by mail.gmx.net (mrgmx004 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MA7GS-1qBkA01hV4-00BZZk; Wed, 19 Jul 2023 17:52:38 +0200 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.de; s=s31663417; t=1689781958; x=1690386758; i=deller@gmx.de; bh=Rx4B0JKQX5xnCv8PHKKcBOIyM5MzrsGvZF5tbMB77Mo=; h=X-UI-Sender-Class:From:To:Cc:Subject:Date:In-Reply-To:References; b=Yfct0ElBCLZPjmBFZls/XSvz8i6rQB68EnqDpWLKSXuXZxC4/+wF7QR/6LjOdbeDCGOnmPk 8M/fQ/9K8UvaGMuS+DkeH+CpXXi5HMA3vz15SvCsIytgDYb6EeDOhnwspToCQTL/EWdeKuomN UAFsuwuzUUz0hhE9/XAC7fGFo1QQylDFZJOvUZeWg7qdJW9Ks/YHKRUMgpZAYZifF/Rs8kv9f rAv6zXi975opSyfHE+Xui73L7iFXorBYswCKs5pESL5diY3DR1Ucw5BwlZhNDsLkWKaAPRoc8 JBThkS4tvElgx2/FpSAgsfVln0L/GWVZno1+ihmYTo9HiZyrtf8A== X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a From: Helge Deller To: Richard Henderson , Laurent Vivier , Andreas Schwab , Michael Tokarev , qemu-devel@nongnu.org Cc: Helge Deller , qemu-stable@nongnu.org Subject: [PULL 5/5] linux-user: Fix qemu-arm to run static armhf binaries Date: Wed, 19 Jul 2023 17:52:35 +0200 Message-ID: <20230719155235.244478-6-deller@gmx.de> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230719155235.244478-1-deller@gmx.de> References: <20230719155235.244478-1-deller@gmx.de> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-Provags-ID: V03:K1:0iW520w2ysnszSIoacfznsSvEkeo+Q6oqBt4+/1hANdDSf/6GDB w8nWTS4gwIg6dT+1cTgeTqD+L7ZqPK7ScHJ59ZP2Q5RDd1g0GnOd3lQhptNy/KMbSpjEr5D t3+06M1to8J1mLLFmDjCWczEVu8gkLEyck77b97hOYTv59mQjb3GVaT3Q8IZhXwPxRxjbsb P4WTWpJej2oWK7/EQx/kQ== UI-OutboundReport: notjunk:1;M01:P0:cRBrKvJQuvE=;FRjQWX3LK2tdwONyyfnhQ1od/rW FET+t6XnyJ55UdiFyqEJiU+u/Of407AuwJea0hD1Kg7shE2ObF8eP7wcKnrqxK+Tz0DgJowBD wYymor7AAgI4nXMFNKLD0Dn0CHZiK/6s41zT5JejFXTjqh/V+yuyV9z7UZcCG2jHfHTF+Lvn2 0YvinGjmX0r6p6+aou4ezGeqqeMVi6u39SpVRW1T/tfSSu8k6osvsi1fX0NNojlC/S8bn+vev FwP9T7JeoagW7oH3UZy3I/Fpedr/i6ImJWsCNXSvRbe5TPzG6CLwVzNDivDYVlDl0SXdF214r 93+gfh8w0+Mc+qraKY2jmZviN8hOO5P//aLjIkXqz+YjzKBr8D10Hl6YPNoEX1iO80DsDCzG4 X71aDZ/eQLLzETNNHiKSjxvnJZinBO/OfzBEBl/3CZ3Mkdxc6uTQPz1UDAqcSOJn/NJygg2en upIH+64KrsKVZofdA9JOfPsd6CvJNdz9/ZFsXJj7N0SzsMpI9u6Amxk4bMLdtLqA1N+jvidns V4rLkRppi+cxhkSwByk3umMwcFKXy3tKiv+K/U1ExZhMxpDoatBC2/4weAXNsaJRR8ZITwD+u TdVetndfiYai4+qXhfedNfJ1NTp51kYd0hQNW05olbs8MKUtvb1zWQ/WStNpDqfHRhcLtNSaw CIiabRivt9wx4VW/pYlVRJ1hK9Wqm6YlgKqnAS+QO2CzDgQW5pX0m8BK8HY2Phc6NJQc3KIhG JbPKnM4rIF4qLzfJy4cXlhn8UZNjzc2gogcrOllGtE/gSql/15575wwObTMuuVjiAp+Is2WiZ tc9L8ukka272Uls4AwCy3MLzUFj8RjGHNavZWBx7/Ynq6JcY3KtolwnCp/UF4+wrRvaBu5BZ7 xsNcv+vp8pJdVHkc/B3CsFzQtupuZiu3sGGwAwtjhKzVyzoRi2MH+6GXnpK/Hu4EqwLwiKtHK f3vgY6B2VrAXEOgv167mRMVB1xs= Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.227.15.19; envelope-from=deller@gmx.de; helo=mout.gmx.net X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity deller@gmx.de) X-ZM-MESSAGEID: 1689782030906100009 Content-Type: text/plain; charset="utf-8" qemu-user crashes immediately when running static binaries on the armhf architecture. The problem is the memory layout where the executable is loaded before the interpreter library, in which case the reserved brk region clashes with the interpreter code and is released before qemu tries to start the program. At load time qemu calculates a brk value for interpreter and executable each. The fix is to choose the higher one of both. Signed-off-by: Helge Deller Cc: Andreas Schwab Cc: qemu-stable@nongnu.org Reported-by: Venkata.Pyla@toshiba-tsip.com Closes: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=3D1040981 --- linux-user/elfload.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/linux-user/elfload.c b/linux-user/elfload.c index a26200d9f3..94951630b1 100644 --- a/linux-user/elfload.c +++ b/linux-user/elfload.c @@ -3615,6 +3615,13 @@ int load_elf_binary(struct linux_binprm *bprm, struc= t image_info *info) if (elf_interpreter) { load_elf_interp(elf_interpreter, &interp_info, bprm->buf); + /* + * adjust brk address if the interpreter was loaded above the main + * executable, e.g. happens with static binaries on armhf + */ + if (interp_info.brk > info->brk) { + info->brk =3D interp_info.brk; + } /* If the program interpreter is one of these two, then assume an iBCS2 image. Otherwise assume a native linux image. */ -- 2.41.0