bsd-user/mmap.c | 4 ++++ linux-user/mmap.c | 4 ++++ 2 files changed, 8 insertions(+)
s390x's branch-relative-long test fails with the following error
message on 32-bit hosts:
qemu-s390x: ../accel/tcg/user-exec.c:493: page_set_flags: Assertion `last <= GUEST_ADDR_MAX' failed.
The root cause is that the size passed to mmap() by this test does not
fit into 32 bits and gets truncated. Since there is no chance for such
mmap() to succeed, detect this condition and fail the mmap() right away.
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
---
bsd-user/mmap.c | 4 ++++
linux-user/mmap.c | 4 ++++
2 files changed, 8 insertions(+)
diff --git a/bsd-user/mmap.c b/bsd-user/mmap.c
index 3ef11b28079..5dc327d0ad3 100644
--- a/bsd-user/mmap.c
+++ b/bsd-user/mmap.c
@@ -256,6 +256,10 @@ static abi_ulong mmap_find_vma_aligned(abi_ulong start, abi_ulong size,
size = HOST_PAGE_ALIGN(size);
+ if (size != (size_t)size) {
+ return (abi_ulong)(-1);
+ }
+
if (reserved_va) {
return mmap_find_vma_reserved(start, size,
(alignment != 0 ? 1 << alignment :
diff --git a/linux-user/mmap.c b/linux-user/mmap.c
index 96c9433e271..ae59d70fb67 100644
--- a/linux-user/mmap.c
+++ b/linux-user/mmap.c
@@ -389,6 +389,10 @@ abi_ulong mmap_find_vma(abi_ulong start, abi_ulong size, abi_ulong align)
size = HOST_PAGE_ALIGN(size);
+ if (size != (size_t)size) {
+ return (abi_ulong)(-1);
+ }
+
if (reserved_va) {
return mmap_find_vma_reserved(start, size, align);
}
--
2.43.0On Thu, Jan 25, 2024 at 1:07 PM Ilya Leoshkevich <iii@linux.ibm.com> wrote:
> s390x's branch-relative-long test fails with the following error
> message on 32-bit hosts:
>
> qemu-s390x: ../accel/tcg/user-exec.c:493: page_set_flags: Assertion
> `last <= GUEST_ADDR_MAX' failed.
>
> The root cause is that the size passed to mmap() by this test does not
> fit into 32 bits and gets truncated. Since there is no chance for such
> mmap() to succeed, detect this condition and fail the mmap() right away.
>
> Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
> ---
> bsd-user/mmap.c | 4 ++++
> linux-user/mmap.c | 4 ++++
> 2 files changed, 8 insertions(+)
>
> diff --git a/bsd-user/mmap.c b/bsd-user/mmap.c
> index 3ef11b28079..5dc327d0ad3 100644
> --- a/bsd-user/mmap.c
> +++ b/bsd-user/mmap.c
> @@ -256,6 +256,10 @@ static abi_ulong mmap_find_vma_aligned(abi_ulong
> start, abi_ulong size,
>
> size = HOST_PAGE_ALIGN(size);
>
> + if (size != (size_t)size) {
> + return (abi_ulong)(-1);
> + }
> +
> if (reserved_va) {
> return mmap_find_vma_reserved(start, size,
> (alignment != 0 ? 1 << alignment :
>
Reviewed-by: Warner Losh <imp@bsdimp.com>
Seems good to me.. I can queue it to this month's landing code, unless
Richard beats me to it.
Warner
On 1/26/24 06:07, Ilya Leoshkevich wrote:
> s390x's branch-relative-long test fails with the following error
> message on 32-bit hosts:
>
> qemu-s390x: ../accel/tcg/user-exec.c:493: page_set_flags: Assertion `last <= GUEST_ADDR_MAX' failed.
>
> The root cause is that the size passed to mmap() by this test does not
> fit into 32 bits and gets truncated. Since there is no chance for such
> mmap() to succeed, detect this condition and fail the mmap() right away.
>
> Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
> ---
> bsd-user/mmap.c | 4 ++++
> linux-user/mmap.c | 4 ++++
> 2 files changed, 8 insertions(+)
>
> diff --git a/bsd-user/mmap.c b/bsd-user/mmap.c
> index 3ef11b28079..5dc327d0ad3 100644
> --- a/bsd-user/mmap.c
> +++ b/bsd-user/mmap.c
> @@ -256,6 +256,10 @@ static abi_ulong mmap_find_vma_aligned(abi_ulong start, abi_ulong size,
>
> size = HOST_PAGE_ALIGN(size);
>
> + if (size != (size_t)size) {
> + return (abi_ulong)(-1);
> + }
> +
I have this same fix in
https://lore.kernel.org/qemu-devel/20240102015808.132373-18-richard.henderson@linaro.org/
so as far as that's concerned,
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
But perhaps you got cast your eye across the larger reorg,
https://lore.kernel.org/qemu-devel/20240102015808.132373-1-richard.henderson@linaro.org/
?
r~
© 2016 - 2026 Red Hat, Inc.