From nobody Fri Nov 14 19:41:00 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1760214031299223.18062960846828; Sat, 11 Oct 2025 13:20:31 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v7g3p-0007Yt-OK; Sat, 11 Oct 2025 16:19:25 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v7foz-00053b-CA; Sat, 11 Oct 2025 16:04:05 -0400 Received: from mlugg.co.uk ([104.238.170.239] helo=mail.mlugg.co.uk) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v7fox-0006mi-8r; Sat, 11 Oct 2025 16:04:05 -0400 Received: from localhost.localdomain (7.1.8.2.8.1.e.f.f.f.e.d.0.b.e.f.f.b.9.2.0.c.b.a.0.b.8.0.1.0.0.2.ip6.arpa [IPv6:2001:8b0:abc0:29bf:feb0:deff:fe18:2817]) by mail.mlugg.co.uk (Postfix) with ESMTPSA id 7D6CB35301; Sat, 11 Oct 2025 20:03:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mlugg.co.uk; s=20200703; t=1760213038; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=dqp9t6T6HsmAajsqrOf/+9n3pprQKmod8UzZgWfRNrg=; b=sUe92/K5aNNSr/AtZm2B0iu4K6BHIxpgd/UgJVeD+1bO2LaQE/dLhyrDkGd2xkkflOWku9 mLlmPdjQEPyisITQQ7Rjp7EPLdJxCUFwrHVhOKW7VjITbPOp01ge+wDpbnzYHXiVX1bxsy nH6BhjXuRllchEmzC5IAFciCLioJNVE= From: Matthew Lugg To: qemu-devel@nongnu.org Cc: laurent@vivier.eu, qemu-stable@nongnu.org, Matthew Lugg Subject: [PATCH 1/4] linux-user: fix mremap unmapping adjacent region Date: Sat, 11 Oct 2025 21:03:34 +0100 Message-ID: <20251011200337.30258-2-mlugg@mlugg.co.uk> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20251011200337.30258-1-mlugg@mlugg.co.uk> References: <20251011200337.30258-1-mlugg@mlugg.co.uk> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=104.238.170.239; envelope-from=mlugg@mlugg.co.uk; helo=mail.mlugg.co.uk X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Mailman-Approved-At: Sat, 11 Oct 2025 16:19:20 -0400 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1760214036494154100 Content-Type: text/plain; charset="utf-8" This typo meant that calls to `mremap` which shrink a mapping by some N bytes would, when the virtual address space was pre-reserved (e.g. 32-bit guest on 64-bit host), unmap the N bytes following the *original* mapping. Signed-off-by: Matthew Lugg Reviewed-by: Peter Maydell Reviewed-by: Richard Henderson --- linux-user/mmap.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/linux-user/mmap.c b/linux-user/mmap.c index 847092a28a..ec8392b35b 100644 --- a/linux-user/mmap.c +++ b/linux-user/mmap.c @@ -1164,7 +1164,8 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong = old_size, errno =3D ENOMEM; host_addr =3D MAP_FAILED; } else if (reserved_va && old_size > new_size) { - mmap_reserve_or_unmap(old_addr + old_size, + /* Re-reserve pages we just shrunk out of the mapping = */ + mmap_reserve_or_unmap(old_addr + new_size, old_size - new_size); } } --=20 2.51.0 From nobody Fri Nov 14 19:41:00 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1760214064933728.0472749465209; Sat, 11 Oct 2025 13:21:04 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v7g3n-0007Y1-0n; Sat, 11 Oct 2025 16:19:23 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v7fp1-000540-2W; Sat, 11 Oct 2025 16:04:07 -0400 Received: from mlugg.co.uk ([104.238.170.239] helo=mail.mlugg.co.uk) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v7fox-0006n9-UH; Sat, 11 Oct 2025 16:04:06 -0400 Received: from localhost.localdomain (7.1.8.2.8.1.e.f.f.f.e.d.0.b.e.f.f.b.9.2.0.c.b.a.0.b.8.0.1.0.0.2.ip6.arpa [IPv6:2001:8b0:abc0:29bf:feb0:deff:fe18:2817]) by mail.mlugg.co.uk (Postfix) with ESMTPSA id 93F4535324; Sat, 11 Oct 2025 20:04:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mlugg.co.uk; s=20200703; t=1760213041; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=iIXFL4xk4x30Y5a7OuQM/O0iDcWc+2aUW58n+TpLjT8=; b=gYLXuyDjBx5/6l2zpzPq5Am2xeUnixpzzpKaJDLVoTfeUjaYClNeWeeskCfTf63wz0zoUw ktDfzPW/eM+8XYuQzkSu+d0L5PfdGSBzLCy4Ou+0foBlnfED922o58l59zD7Xe9EOtK4Kh ki/1SnT6qtjjl5XK3fySy/EMAHaKodQ= From: Matthew Lugg To: qemu-devel@nongnu.org Cc: laurent@vivier.eu, qemu-stable@nongnu.org, Matthew Lugg Subject: [PATCH 2/4] linux-user: fix mremap errors for invalid ranges Date: Sat, 11 Oct 2025 21:03:35 +0100 Message-ID: <20251011200337.30258-3-mlugg@mlugg.co.uk> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20251011200337.30258-1-mlugg@mlugg.co.uk> References: <20251011200337.30258-1-mlugg@mlugg.co.uk> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=104.238.170.239; envelope-from=mlugg@mlugg.co.uk; helo=mail.mlugg.co.uk X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Mailman-Approved-At: Sat, 11 Oct 2025 16:19:20 -0400 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1760214067957154100 Content-Type: text/plain; charset="utf-8" If an address range given to `mremap` is invalid (exceeds addressing bounds on the guest), we were previously returning `ENOMEM`, which is not correct. The manpage and the Linux kernel implementation both agree that if `old_addr`/`old_size` refer to an invalid address, `EFAULT` is returned, and if `new_addr`/`new_size` refer to an invalid address, `EINVAL` is returned. Signed-off-by: Matthew Lugg Reviewed-by: Peter Maydell --- linux-user/mmap.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/linux-user/mmap.c b/linux-user/mmap.c index ec8392b35b..4c5fe832ad 100644 --- a/linux-user/mmap.c +++ b/linux-user/mmap.c @@ -1103,12 +1103,15 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulon= g old_size, int prot; void *host_addr; =20 - if (!guest_range_valid_untagged(old_addr, old_size) || - ((flags & MREMAP_FIXED) && + if (!guest_range_valid_untagged(old_addr, old_size)) { + errno =3D EFAULT; + return -1; + } + if (((flags & MREMAP_FIXED) && !guest_range_valid_untagged(new_addr, new_size)) || ((flags & MREMAP_MAYMOVE) =3D=3D 0 && !guest_range_valid_untagged(old_addr, new_size))) { - errno =3D ENOMEM; + errno =3D EINVAL; return -1; } =20 --=20 2.51.0 From nobody Fri Nov 14 19:41:00 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1760214056492948.2883882629787; Sat, 11 Oct 2025 13:20:56 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v7g3n-0007Xm-0w; Sat, 11 Oct 2025 16:19:23 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v7fp4-00054i-Ra; Sat, 11 Oct 2025 16:04:10 -0400 Received: from mlugg.co.uk ([2001:19f0:7401:8244:5400:ff:fe24:ff33] helo=mail.mlugg.co.uk) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v7fox-0006nG-RC; Sat, 11 Oct 2025 16:04:10 -0400 Received: from localhost.localdomain (7.1.8.2.8.1.e.f.f.f.e.d.0.b.e.f.f.b.9.2.0.c.b.a.0.b.8.0.1.0.0.2.ip6.arpa [IPv6:2001:8b0:abc0:29bf:feb0:deff:fe18:2817]) by mail.mlugg.co.uk (Postfix) with ESMTPSA id A01B035326; Sat, 11 Oct 2025 20:04:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mlugg.co.uk; s=20200703; t=1760213042; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=5vPQSa7WA7dbzwXbgPnxO0UP9bshojnnbTD+nPr31J0=; b=pvjRt9p7kYbW1Y7H3O5PVbUhQkCLh1Wl9sRCsCJe43A3QY3FMwj51uRNMFvKT94sWHUJN6 IQeN2SViKvXX3ZclbRSn+jEbdhDrXD4fBA7sCy/WxctEgx6MBJ5XyVZpBtkXGRM5QIaJWo KJA/Y0bTqQi/95q9NCXIyhZ3rc/Rbg4= From: Matthew Lugg To: qemu-devel@nongnu.org Cc: laurent@vivier.eu, qemu-stable@nongnu.org, Matthew Lugg Subject: [PATCH 3/4] linux-user: fix reserved_va page leak in do_munmap Date: Sat, 11 Oct 2025 21:03:36 +0100 Message-ID: <20251011200337.30258-4-mlugg@mlugg.co.uk> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20251011200337.30258-1-mlugg@mlugg.co.uk> References: <20251011200337.30258-1-mlugg@mlugg.co.uk> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2001:19f0:7401:8244:5400:ff:fe24:ff33; envelope-from=mlugg@mlugg.co.uk; helo=mail.mlugg.co.uk X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Mailman-Approved-At: Sat, 11 Oct 2025 16:19:20 -0400 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1760214062388158500 Content-Type: text/plain; charset="utf-8" The previous logic here had an off-by-one error: assuming 4k pages on host and guest, if `len =3D=3D 4097` (indicating to unmap 2 pages), then `last =3D start + 4096`, so `real_last =3D start + 4095`, so ultimately `real_len =3D 4096`. I do not believe this could cause any observable bugs in guests, because `target_munmap` page-aligns the length it passes in. However, calls to this function in `target_mremap` do not page-align the length, so those calls could "drop" pages, leading to a part of the reserved region becoming unmapped. At worst, a host allocation could get mapped into that hole, then clobbered by a new guest mapping. A simple fix didn't feel ideal here, because I think this function was not written as well as it could be. Instead, the logic is simpler if we use `end =3D start + len` instead of `last =3D start + len - 1` (overflow does not cause any problem here), and use offsets in the loops (avoiding overflows since the offset is never larger than the host page size). Signed-off-by: Matthew Lugg --- linux-user/mmap.c | 63 ++++++++++++++++------------------------------- 1 file changed, 21 insertions(+), 42 deletions(-) diff --git a/linux-user/mmap.c b/linux-user/mmap.c index 4c5fe832ad..e1ed9085c7 100644 --- a/linux-user/mmap.c +++ b/linux-user/mmap.c @@ -1014,59 +1014,38 @@ abi_long target_mmap(abi_ulong start, abi_ulong len= , int target_prot, static int mmap_reserve_or_unmap(abi_ulong start, abi_ulong len) { int host_page_size =3D qemu_real_host_page_size(); + abi_ulong end; abi_ulong real_start; - abi_ulong real_last; - abi_ulong real_len; - abi_ulong last; - abi_ulong a; + abi_ulong real_end; + abi_ulong off; void *host_start; int prot; =20 - last =3D start + len - 1; + end =3D ROUND_UP(start + len, TARGET_PAGE_SIZE); + real_start =3D start & -host_page_size; - real_last =3D ROUND_UP(last, host_page_size) - 1; + real_end =3D ROUND_UP(end, host_page_size); =20 - /* - * If guest pages remain on the first or last host pages, - * adjust the deallocation to retain those guest pages. - * The single page special case is required for the last page, - * lest real_start overflow to zero. - */ - if (real_last - real_start < host_page_size) { - prot =3D 0; - for (a =3D real_start; a < start; a +=3D TARGET_PAGE_SIZE) { - prot |=3D page_get_flags(a); - } - for (a =3D last; a < real_last; a +=3D TARGET_PAGE_SIZE) { - prot |=3D page_get_flags(a + 1); - } - if (prot !=3D 0) { - return 0; - } - } else { - for (prot =3D 0, a =3D real_start; a < start; a +=3D TARGET_PAGE_S= IZE) { - prot |=3D page_get_flags(a); - } - if (prot !=3D 0) { - real_start +=3D host_page_size; - } + /* end or real_end may have overflowed to 0, but that's okay. */ =20 - for (prot =3D 0, a =3D last; a < real_last; a +=3D TARGET_PAGE_SIZ= E) { - prot |=3D page_get_flags(a + 1); - } - if (prot !=3D 0) { - real_last -=3D host_page_size; - } + /* If [real_start,start) contains a mapped guest page, retain the firs= t page. */ + for (prot =3D 0, off =3D 0; off < start - real_start; off +=3D TARGET_= PAGE_SIZE) { + prot |=3D page_get_flags(real_start + off); + } + if (prot !=3D 0) { + real_start +=3D host_page_size; + } =20 - if (real_last < real_start) { - return 0; - } + /* If [end,real_end) contains a mapped guest page, retain the last pag= e. */ + for (prot =3D 0, off =3D 0; off < real_end - end; off +=3D TARGET_PAGE= _SIZE) { + prot |=3D page_get_flags(end + off); + } + if (prot !=3D 0) { + real_end -=3D host_page_size; } =20 - real_len =3D real_last - real_start + 1; host_start =3D g2h_untagged(real_start); - - return do_munmap(host_start, real_len); + return do_munmap(host_start, real_end - real_start); } =20 int target_munmap(abi_ulong start, abi_ulong len) --=20 2.51.0 From nobody Fri Nov 14 19:41:00 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1760214050796983.1591258198008; Sat, 11 Oct 2025 13:20:50 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v7g3q-0007ZO-DZ; Sat, 11 Oct 2025 16:19:26 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v7fp1-00054E-UB; Sat, 11 Oct 2025 16:04:07 -0400 Received: from mlugg.co.uk ([104.238.170.239] helo=mail.mlugg.co.uk) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v7foz-0006nd-Ha; Sat, 11 Oct 2025 16:04:07 -0400 Received: from localhost.localdomain (7.1.8.2.8.1.e.f.f.f.e.d.0.b.e.f.f.b.9.2.0.c.b.a.0.b.8.0.1.0.0.2.ip6.arpa [IPv6:2001:8b0:abc0:29bf:feb0:deff:fe18:2817]) by mail.mlugg.co.uk (Postfix) with ESMTPSA id 50BCF35328; Sat, 11 Oct 2025 20:04:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mlugg.co.uk; s=20200703; t=1760213044; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=KQmKOKS099ZmAen6Sfq2XqL4bQLAZacXypZFxP+j2AA=; b=A06/XEkKpmTC3B1N5yZxd8tAb8Uaym0wlVoxpbrkGB5FEwApsguK8NUOZNmePj3F3PUcVY mDG4pLGJQW4y1coykYFRthsT5MZIrqpnwypUU/2tSj3o+WSzgBdv/vwn+m+BVgrpSydons IlUyfFUJNacVOF5f/VvZcKgB5Jgoltc= From: Matthew Lugg To: qemu-devel@nongnu.org Cc: laurent@vivier.eu, qemu-stable@nongnu.org, Matthew Lugg Subject: [PATCH 4/4] tests: add tcg coverage for fixed mremap bugs Date: Sat, 11 Oct 2025 21:03:37 +0100 Message-ID: <20251011200337.30258-5-mlugg@mlugg.co.uk> X-Mailer: git-send-email 2.51.0 In-Reply-To: <20251011200337.30258-1-mlugg@mlugg.co.uk> References: <20251011200337.30258-1-mlugg@mlugg.co.uk> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=104.238.170.239; envelope-from=mlugg@mlugg.co.uk; helo=mail.mlugg.co.uk X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Mailman-Approved-At: Sat, 11 Oct 2025 16:19:20 -0400 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1760214054572158500 Content-Type: text/plain; charset="utf-8" These tests cover the first two fixes in this patch series. The final patch is not covered because the bug it fixes is not easily observable by the guest. Signed-off-by: Matthew Lugg --- tests/tcg/multiarch/test-mmap.c | 47 +++++++++++++++++++++++++++++---- 1 file changed, 42 insertions(+), 5 deletions(-) diff --git a/tests/tcg/multiarch/test-mmap.c b/tests/tcg/multiarch/test-mma= p.c index 96257f8ebe..64df694d1a 100644 --- a/tests/tcg/multiarch/test-mmap.c +++ b/tests/tcg/multiarch/test-mmap.c @@ -22,6 +22,7 @@ * along with this program; if not, see . */ =20 +#define _GNU_SOURCE #include #include #include @@ -36,12 +37,12 @@ do \ { \ if (!(x)) { \ - fprintf(stderr, "FAILED at %s:%d\n", __FILE__, __LINE__); \ + fprintf(stderr, " FAILED at %s:%d\n", __FILE__, __LINE__); \ exit (EXIT_FAILURE); \ } \ } while (0) =20 -unsigned char *dummybuf; +unsigned char *dummybuf; /* length is 2*pagesize */ static unsigned int pagesize; static unsigned int pagemask; int test_fd; @@ -439,21 +440,56 @@ void check_invalid_mmaps(void) { unsigned char *addr; =20 + fprintf(stdout, "%s", __func__); + /* Attempt to map a zero length page. */ addr =3D mmap(NULL, 0, PROT_READ, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); - fprintf(stdout, "%s addr=3D%p", __func__, (void *)addr); fail_unless(addr =3D=3D MAP_FAILED); fail_unless(errno =3D=3D EINVAL); =20 /* Attempt to map a over length page. */ addr =3D mmap(NULL, -4, PROT_READ, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); - fprintf(stdout, "%s addr=3D%p", __func__, (void *)addr); fail_unless(addr =3D=3D MAP_FAILED); fail_unless(errno =3D=3D ENOMEM); =20 + /* Attempt to remap a region which exceeds the bounds of memory. */ + addr =3D mremap((void *)((uintptr_t)pagesize * 10), SIZE_MAX & ~(size_= t)pagemask, pagesize, 0); + fail_unless(addr =3D=3D MAP_FAILED); + fail_unless(errno =3D=3D EFAULT); + fprintf(stdout, " passed\n"); } =20 +void check_shrink_mmaps(void) +{ + unsigned char *a, *b, *c; + a =3D mmap(NULL, pagesize * 2, PROT_READ, MAP_PRIVATE | MAP_ANONYMOUS,= -1, 0); + b =3D mmap(NULL, pagesize * 2, PROT_READ, MAP_PRIVATE | MAP_ANONYMOUS,= -1, 0); + c =3D mmap(NULL, pagesize * 2, PROT_READ, MAP_PRIVATE | MAP_ANONYMOUS,= -1, 0); + + fail_unless(a !=3D MAP_FAILED); + fail_unless(b !=3D MAP_FAILED); + fail_unless(c !=3D MAP_FAILED); + + /* Ensure we can read the full mappings */ + memcpy(dummybuf, a, 2 * pagesize); + memcpy(dummybuf, b, 2 * pagesize); + memcpy(dummybuf, c, 2 * pagesize); + + /* Shrink the middle mapping in-place; the others should be unaffected= */ + b =3D mremap(b, pagesize * 2, pagesize, 0); + fail_unless(b !=3D MAP_FAILED); + + /* Ensure we can still access all valid mappings */ + memcpy(dummybuf, a, 2 * pagesize); + memcpy(dummybuf, b, pagesize); + memcpy(dummybuf, c, 2 * pagesize); + + munmap(a, 2 * pagesize); + munmap(b, pagesize); + munmap(c, 2 * pagesize); +} + int main(int argc, char **argv) { char tempname[] =3D "/tmp/.cmmapXXXXXX"; @@ -468,7 +504,7 @@ int main(int argc, char **argv) =20 /* Assume pagesize is a power of two. */ pagemask =3D pagesize - 1; - dummybuf =3D malloc (pagesize); + dummybuf =3D malloc (pagesize * 2); printf ("pagesize=3D%u pagemask=3D%x\n", pagesize, pagemask); =20 test_fd =3D mkstemp(tempname); @@ -496,6 +532,7 @@ int main(int argc, char **argv) check_file_fixed_eof_mmaps(); check_file_unfixed_eof_mmaps(); check_invalid_mmaps(); + check_shrink_mmaps(); =20 /* Fails at the moment. */ /* check_aligned_anonymous_fixed_mmaps_collide_with_host(); */ --=20 2.51.0