From nobody Sat May 30 18:34:18 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1779199604; cv=none; d=zohomail.com; s=zohoarc; b=MiZ3YH+iEKm1mlv+QBAePNysawiuum1QTtZbpZF0WzWZJ6luhHoA3ZFQ6HKpcyGe/w9dU1Kv7GvEyitH9eptMoBgAi3GKpnSQSaEXioNQwpYkM8GPZP6Xba6KeIbLSqTXQONk/fxiW0BkDO2enfkPBcT5xJnT8KMgB0Sd9uMU9U= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779199604; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=ShJiBYQt+c8QY/qdDS7cOJk3ts+iqd2aYZKKDwfoFfQ=; b=fbITJ58jNOZbq6Oayr6PVc/TOJmFnb6n8PVl8wIgg8y0b2GUcJFGtQCPEfMZnt3SSe6cgxEaXvms4nhMTrDVrGchF1iiCLA0T3CBmPTw7grUkejhkjvtWobFeVJTK767H0aDRPo8CKsdnsY3K/Urnj57sxQXxMGplyIOUV0CYP0= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1779199604326201.91457653798852; Tue, 19 May 2026 07:06:44 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wPL4r-0001TT-04; Tue, 19 May 2026 10:05:45 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wPL4m-0001Sc-D6 for qemu-devel@nongnu.org; Tue, 19 May 2026 10:05:41 -0400 Received: from tor.source.kernel.org ([172.105.4.254]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wPL4j-000775-3Z for qemu-devel@nongnu.org; Tue, 19 May 2026 10:05:38 -0400 Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by tor.source.kernel.org (Postfix) with ESMTP id 3CD4C60126; Tue, 19 May 2026 14:05:36 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id DF997C2BCB3; Tue, 19 May 2026 14:05:34 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1779199535; bh=GBZdbzjGaum42fWLafQBNCc6oH/g2UwOzhGmatGVaxQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=eX0i5kRvltbJQMQTRtmDvJpQ7gyJlfPHELizc42j17HfjOBdqOt2VsJKt7NTWSeis rjUjqoi0AsA7exa4hyNpJ+RvfFETsbkoy9IZ6/gMBGD+HHQrK2Lo0RzrScwyG5nueB Y54Cq7mVeulx8pXr/97M317fiTe4K1mCCauh4D1w8uZ8Gsio/tL7W+Jb+ciJalpTiK YESbH6Q3ujV9LhPH0jkyPaMUALLHn05kn3UIfpPkLR/AgPYXjp0o+5DZ7zt2jL3r/2 b7mTHDhpEITi+LjXr+dt+UCjGnKVyIEeElDuC5LmNfgHXZtR5jVPA5fPoUGouuVFT/ EBvVeWKRGwK4w== From: Helge Deller To: qemu-devel@nongnu.org Cc: deller@gmx.de, Laurent Vivier , Pierrick Bouvier Subject: [PULL 1/4] linux-user: Fix AT_EXECFN in AUXV for symlinked programs Date: Tue, 19 May 2026 16:05:28 +0200 Message-ID: <20260519140531.11931-2-deller@kernel.org> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260519140531.11931-1-deller@kernel.org> References: <20260519140531.11931-1-deller@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=172.105.4.254; envelope-from=deller@kernel.org; helo=tor.source.kernel.org X-Spam_score_int: -24 X-Spam_score: -2.5 X-Spam_bar: -- X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.445, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @kernel.org) X-ZM-MESSAGEID: 1779199606093154100 Content-Type: text/plain; charset="utf-8" From: Helge Deller The AT_EXECFN entry in AUXV needs to keep the value which was used when the program was started. Especially for symlinked programs qemu should not try to resolve the realpath. Here is a reproducer: (arm64-chroot)root@p100:/# cd /usr/bin (arm64-chroot)root@p100:/usr/bin# ln -s echo testprog (arm64-chroot)root@p100:/usr/bin# LD_SHOW_AUXV=3D1 ./testprog | grep AT_EXE= CFN AT_EXECFN: ./testprog In this example, "./testprog" is the correct output, and not "/usr/bin/echo= ". This patch fixes parts of commit 258bec39 ("linux-user: Fix access to /proc/self/exe"). Fixes: 258bec39 ("linux-user: Fix access to /proc/self/exe") Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3379 Signed-off-by: Helge Deller --- linux-user/main.c | 6 ++++-- linux-user/syscall.c | 14 +++++++------- linux-user/user-internals.h | 1 + 3 files changed, 12 insertions(+), 9 deletions(-) diff --git a/linux-user/main.c b/linux-user/main.c index 86d04cca3c..c08c73fd80 100644 --- a/linux-user/main.c +++ b/linux-user/main.c @@ -772,8 +772,10 @@ int main(int argc, char **argv, char **envp) } =20 /* Resolve executable file name to full path name */ - if (realpath(exec_path, real_exec_path)) { - exec_path =3D real_exec_path; + /* Keep how we started the program in exec_path, e.g. "./my_program" */ + /* Store real path in real_exec_path, e.g. "/usr/local/bin/my_program"= */ + if (!realpath(exec_path, real_exec_path)) { + printf("Could not resolve %s\n", exec_path); } =20 /* diff --git a/linux-user/syscall.c b/linux-user/syscall.c index d3d9fffb54..65bbeb8551 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -8790,9 +8790,9 @@ static int maybe_do_fake_open(CPUArchState *cpu_env, = int dirfd, return -1; } if (safe) { - return safe_openat(dirfd, exec_path, flags, mode); + return safe_openat(dirfd, real_exec_path, flags, mode); } else { - return openat(dirfd, exec_path, flags, mode); + return openat(dirfd, real_exec_path, flags, mode); } } =20 @@ -8929,9 +8929,9 @@ ssize_t do_guest_readlink(const char *pathname, char = *buf, size_t bufsiz) * Don't worry about sign mismatch as earlier mapping * logic would have thrown a bad address error. */ - ret =3D MIN(strlen(exec_path), bufsiz); + ret =3D MIN(strlen(real_exec_path), bufsiz); /* We cannot NUL terminate the string. */ - memcpy(buf, exec_path, ret); + memcpy(buf, real_exec_path, ret); } else { ret =3D readlink(path(pathname), buf, bufsiz); } @@ -9022,7 +9022,7 @@ static int do_execv(CPUArchState *cpu_env, int dirfd, =20 const char *exe =3D p; if (is_proc_myself(p, "exe")) { - exe =3D exec_path; + exe =3D real_exec_path; } ret =3D is_execveat ? safe_execveat(dirfd, exe, argp, envp, flags) @@ -11033,9 +11033,9 @@ static abi_long do_syscall1(CPUArchState *cpu_env, = int num, abi_long arg1, * Don't worry about sign mismatch as earlier mapping * logic would have thrown a bad address error. */ - ret =3D MIN(strlen(exec_path), arg4); + ret =3D MIN(strlen(real_exec_path), arg4); /* We cannot NUL terminate the string. */ - memcpy(p2, exec_path, ret); + memcpy(p2, real_exec_path, ret); } else { ret =3D get_errno(readlinkat(arg1, path(p), p2, arg4)); } diff --git a/linux-user/user-internals.h b/linux-user/user-internals.h index e65373b204..21daf422b7 100644 --- a/linux-user/user-internals.h +++ b/linux-user/user-internals.h @@ -24,6 +24,7 @@ #include "exec/translation-block.h" =20 extern char *exec_path; +extern char real_exec_path[PATH_MAX]; void init_task_state(TaskState *ts); void task_settid(TaskState *); void stop_all_tasks(void); --=20 2.54.0 From nobody Sat May 30 18:34:18 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1779199588; cv=none; d=zohomail.com; s=zohoarc; b=MnamQiiUCk/jn0QdrFn/7lU6AWAaYeD3mu69plMBbUFPc0SszFvi82tFK7gCwEKEy5bI5Sb5Xq1n3Y7pUfnBBpe/obX9pGOevbROtO1SuZIcQ/c2/jW48T578wSpPca2C+cw6tEtiilnnAR39HCFYQtyqlcF3ZniibWYKVgS0JY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779199588; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=omZWBJj+rItuZvq7CdUfjgKuZIPfCUgWbm9yR1Yn6bk=; b=NWv/YY/VGo5Sh5aeqkbzp2NJe0dPM0+wdEcLF2bOoauUNijQbtmLQgYAvY9tCdpbhBzGDgdQQyuZcEPnqW3sfldbF48yBn/mGnLIHChVVaomBm3p1khhHX/CTK7lwrgRgCe3st4nPNEIq9KgDqS62ZgKm6phZNjk7bdogQ/kS70= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1779199588391199.55399699304144; Tue, 19 May 2026 07:06:28 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wPL4r-0001Tp-JZ; Tue, 19 May 2026 10:05:45 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wPL4p-0001Sz-Be for qemu-devel@nongnu.org; Tue, 19 May 2026 10:05:43 -0400 Received: from tor.source.kernel.org ([172.105.4.254]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wPL4l-00077E-A7 for qemu-devel@nongnu.org; Tue, 19 May 2026 10:05:41 -0400 Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by tor.source.kernel.org (Postfix) with ESMTP id B2F0A6012B; Tue, 19 May 2026 14:05:37 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5FFFBC2BCB3; Tue, 19 May 2026 14:05:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1779199537; bh=PY17bYS21Bby74vu+bLPlBHFARjqbvT+1eN8tdKEo+E=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=WN8lLU52U0h65NZRg1rz0Et39SNUwYVLl9aBgHSoOfLTUeL9FR55kxZEmxT5yegf6 S/WaiMIPVhPTrnFDB2E82U6EOZIjtpMkWhNSXQQkjSvt2WSHBUoXSDz/tsMI8gCMmm 8vqRRVevokJN/Bo1W/IE5McZHml4T3oJ/YdxRapXPDw5OPNucdsnVoFniHs4gqGRxU NYyly0JCmS0x1JXuYeG1STjxkSPlhfAciAXFCDabWBkuqor1OFw/T8wlTnocwbobSZ LHVgGbPI8K2B/u43RreNHUpGv4UXgtEuX7KCiSKEwKw0ZmWZ4uVibUYO6yYkARFXEd 2UqleJTlvzfyQ== From: Helge Deller To: qemu-devel@nongnu.org Cc: deller@gmx.de, Laurent Vivier , Pierrick Bouvier Subject: [PULL 2/4] linux-user/sh4: Fix target_ucontext tuc_link field type Date: Tue, 19 May 2026 16:05:29 +0200 Message-ID: <20260519140531.11931-3-deller@kernel.org> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260519140531.11931-1-deller@kernel.org> References: <20260519140531.11931-1-deller@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=172.105.4.254; envelope-from=deller@kernel.org; helo=tor.source.kernel.org X-Spam_score_int: -24 X-Spam_score: -2.5 X-Spam_bar: -- X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.445, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @kernel.org) X-ZM-MESSAGEID: 1779199589391158500 Content-Type: text/plain; charset="utf-8" From: Matt Turner tuc_link is declared as 'struct target_ucontext *', which is a HOST pointer. On a 64-bit host running a 32-bit SH4 target, this is 8 bytes instead of the 4 bytes the target expects, padding pushes tuc_mcontext 8 bytes past its correct offset. When a signal handler receives ucontext_t *, every field accessed through uc_mcontext (gregs[], pc, pr, ...) is read from the wrong address. In particular the saved PC comes back as a garbage stack value, which breaks any code that initialises a libunwind cursor from the signal context. Fix it by using abi_ulong, which is always sized to the target ABI (4 bytes for SH4), matching the layout the kernel and glibc agree on. This is the same pattern used by arm/signal.c. Also remove the (unsigned long *) cast from the __put_user that zeros tuc_link. The cast was harmless when tuc_link was pointer-sized (8 bytes matching unsigned long on a 64-bit host), but after the type change __put_user's sizeof dispatch would select stq_le_p (8-byte write) for a now-4-byte field, silently overwriting the start of tuc_stack. Neither this fix nor the companion setup_sigtramp fix is independently sufficient: this fix corrects register values read from the signal context but libunwind still cannot detect the frame without the correct trampoline pattern; that fix makes the frame detectable but register reads remain garbage without the correct ucontext layout. Together they fix the following libunwind tests on a 64-bit host: Gtest-sig-context, Gtest-trace, Ltest-init-local-signal, Ltest-sig-context, Ltest-trace Signed-off-by: Matt Turner Cc: qemu-stable@nongnu.org Reviewed-by: Richard Henderson Signed-off-by: Helge Deller --- linux-user/sh4/signal.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/linux-user/sh4/signal.c b/linux-user/sh4/signal.c index 9ecc026fae..20d2bc8b2c 100644 --- a/linux-user/sh4/signal.c +++ b/linux-user/sh4/signal.c @@ -57,7 +57,7 @@ struct target_sigframe =20 struct target_ucontext { target_ulong tuc_flags; - struct target_ucontext *tuc_link; + abi_ulong tuc_link; target_stack_t tuc_stack; struct target_sigcontext tuc_mcontext; target_sigset_t tuc_sigmask; /* mask last for extensibility */ @@ -237,7 +237,7 @@ void setup_rt_frame(int sig, struct target_sigaction *k= a, =20 /* Create the ucontext. */ __put_user(0, &frame->uc.tuc_flags); - __put_user(0, (unsigned long *)&frame->uc.tuc_link); + __put_user(0, &frame->uc.tuc_link); target_save_altstack(&frame->uc.tuc_stack, regs); setup_sigcontext(&frame->uc.tuc_mcontext, regs, set->sig[0]); --=20 2.54.0 From nobody Sat May 30 18:34:18 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1779199587; cv=none; d=zohomail.com; s=zohoarc; b=alplP8KM9Ffe9xP3heUPh6YWq0foyT8FSO0qzp/rX44ycs4rpJcIpHSYfczf4Y9SsnfJHmRokpf2f56y0PnXeorlx7xCmFvxDxv/UccW7DnM0pIl9Vij7VOqmjfyKu/AHHEvWpktzTE2ansixwgs043haF5+E2l92sp9Lhk3sCo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779199587; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=n1giLJY5S+pl/SzraYkTfHDbgEP3eHVY2DDDbbtJjik=; b=evkL/9hUr2e6tJMd7LSIrZ8uvSFMINmqLus2RT4Kb+6jaS6MUIcVZfUe/2kJg9yh3A4Q+hZo9Xrfd42X3T6XJ74EUB+vXYiSx38LfbcrsU4fAl+mG8oWzBjSUA7WKNmPCWc22KBQ756Zt5i7w+4a7zY+Z48Xm7X2dJYGXiFvHgk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1779199587066478.53592886222043; Tue, 19 May 2026 07:06:27 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wPL4s-0001U0-D1; Tue, 19 May 2026 10:05:46 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wPL4q-0001TS-SO for qemu-devel@nongnu.org; Tue, 19 May 2026 10:05:44 -0400 Received: from sea.source.kernel.org ([172.234.252.31]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wPL4m-00077K-8w for qemu-devel@nongnu.org; Tue, 19 May 2026 10:05:44 -0400 Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sea.source.kernel.org (Postfix) with ESMTP id 052ED4379D; Tue, 19 May 2026 14:05:39 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id D432BC2BCB3; Tue, 19 May 2026 14:05:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1779199538; bh=3v+BFejDNyEEVNhvj2/6NonkOFls7oCfp3Nq5ZbZK+c=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=iYw22ywRYbPJglA2aYbyurzDpgikkZ1iqRZfp6TaUeDqeJVF0K02/0lCilgrmTVUw OJXSwJuHoNsJpwn8LOe29cGniRC0AdrLBaQwconFEGiKhzfYPlPEhWcODZYjJZ/RKK oN6CA+cOM5a5HST50xmlEU9sp2gAvKtvBmcJ6b/6sstzQvFS+Kj8fruf0ECr4VJYhx 5q43ayzjHrXF8QYjNG7sbf4QVj+5ffiv59QsPefvac+47N7qwbxSjO0Wf67tP06jGv OXOaKu+up7ySkzKKFTa6zUsaFPf9R3UQuUqFB7KDCyj9SYzHsUjr/B8kGqPQAWFRjs aVhebDiwFsZcQ== From: Helge Deller To: qemu-devel@nongnu.org Cc: deller@gmx.de, Laurent Vivier , Pierrick Bouvier Subject: [PULL 3/4] linux-user/sh4: Fix setup_sigtramp to match Linux kernel trampoline pattern Date: Tue, 19 May 2026 16:05:30 +0200 Message-ID: <20260519140531.11931-4-deller@kernel.org> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260519140531.11931-1-deller@kernel.org> References: <20260519140531.11931-1-deller@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=172.234.252.31; envelope-from=deller@kernel.org; helo=sea.source.kernel.org X-Spam_score_int: -24 X-Spam_score: -2.5 X-Spam_bar: -- X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.445, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @kernel.org) X-ZM-MESSAGEID: 1779199589276154101 Content-Type: text/plain; charset="utf-8" From: Matt Turner QEMU used MOVW(2) (0x9300), which loads the syscall number from PC+4, instead of the kernel's MOVW(7) (0x9305), which loads from PC+14. The kernel uses five "or r0,r0" nop pads between TRAP_NOARG and the syscall number word to reach that offset. libunwind's unw_is_signal_frame checks for the exact kernel byte pattern 0xc3109305 at the frame PC, so QEMU's compact layout was not detected, breaking unwinding through signal frames. Expand each trampoline from 6 to 16 bytes matching the kernel layout defined in arch/sh/kernel/signal_32.c: #define MOVW(n) (0x9300|((n)-2)) /* Move mem word at PC+n to R3 */ #define TRAP_NOARG 0xc310 /* Syscall w/no args (NR in R3) */ #define OR_R0_R0 0x200b /* or r0,r0 (insert to avoid hardwar= e bug) */ __put_user(MOVW(7), &frame->retcode[0]); /* 0x9305 */ __put_user(TRAP_NOARG, &frame->retcode[1]); /* 0xc310 */ __put_user(OR_R0_R0, &frame->retcode[2]); /* 0x200b */ __put_user(OR_R0_R0, &frame->retcode[3]); /* 0x200b */ __put_user(OR_R0_R0, &frame->retcode[4]); /* 0x200b */ __put_user(OR_R0_R0, &frame->retcode[5]); /* 0x200b */ __put_user(OR_R0_R0, &frame->retcode[6]); /* 0x200b */ __put_user((__NR_sigreturn), &frame->retcode[7]); The first two halfwords (MOVW(7) || TRAP_NOARG =3D 0xc3109305) form the 32-bit value libunwind checks at the frame PC, followed by two OR_R0_R0 halfwords (0x200b200b) at PC+4. The same layout applies to the rt_sigreturn trampoline (lines 366-373 of signal_32.c). Neither this fix nor the companion tuc_link fix is independently sufficient: this fix makes signal frames detectable but register reads remain garbage without the correct ucontext layout; that fix corrects the ucontext layout but libunwind still cannot detect the frame without the correct trampoline pattern. Together they fix the following libunwind tests on a 64-bit host: Gtest-sig-context, Gtest-trace, Ltest-init-local-signal, Ltest-sig-context, Ltest-trace Signed-off-by: Matt Turner Cc: qemu-stable@nongnu.org Reviewed-by: Richard Henderson Signed-off-by: Helge Deller --- linux-user/sh4/signal.c | 42 +++++++++++++++++++++++++++++++---------- 1 file changed, 32 insertions(+), 10 deletions(-) diff --git a/linux-user/sh4/signal.c b/linux-user/sh4/signal.c index 20d2bc8b2c..d70be24c38 100644 --- a/linux-user/sh4/signal.c +++ b/linux-user/sh4/signal.c @@ -329,20 +329,42 @@ badframe: return -QEMU_ESIGRETURN; } =20 +/* + * "or r0,r0" nop used by the Linux kernel inline sigreturn trampolines to + * avoid a hardware bug (OR_R0_R0 in arch/sh/kernel/signal_32.c). Five of + * these nops follow TRAP_NOARG, placing the syscall number word 14 bytes + * past the MOVW(7) instruction (at MOVW(7)'s load offset). This yields t= he + * fixed 16-byte layout that libunwind's unw_is_signal_frame detects: + * [MOVW(7), TRAP_NOARG, 5x NOP_OR, .word syscall_nr] + */ +#define NOP_OR 0x200b + void setup_sigtramp(abi_ulong sigtramp_page) { - uint16_t *tramp =3D lock_user(VERIFY_WRITE, sigtramp_page, 2 * 6, 0); + uint16_t *tramp =3D lock_user(VERIFY_WRITE, sigtramp_page, 2 * 16, 0); assert(tramp !=3D NULL); =20 + /* sigreturn trampoline (non-RT) at offset 0 */ default_sigreturn =3D sigtramp_page; - __put_user(MOVW(2), &tramp[0]); + __put_user(MOVW(7), &tramp[0]); __put_user(TRAP_NOARG, &tramp[1]); - __put_user(TARGET_NR_sigreturn, &tramp[2]); - - default_rt_sigreturn =3D sigtramp_page + 6; - __put_user(MOVW(2), &tramp[3]); - __put_user(TRAP_NOARG, &tramp[4]); - __put_user(TARGET_NR_rt_sigreturn, &tramp[5]); - - unlock_user(tramp, sigtramp_page, 2 * 6); + __put_user(NOP_OR, &tramp[2]); + __put_user(NOP_OR, &tramp[3]); + __put_user(NOP_OR, &tramp[4]); + __put_user(NOP_OR, &tramp[5]); + __put_user(NOP_OR, &tramp[6]); + __put_user(TARGET_NR_sigreturn, &tramp[7]); + + /* rt_sigreturn trampoline at offset 16 */ + default_rt_sigreturn =3D sigtramp_page + 16; + __put_user(MOVW(7), &tramp[8]); + __put_user(TRAP_NOARG, &tramp[9]); + __put_user(NOP_OR, &tramp[10]); + __put_user(NOP_OR, &tramp[11]); + __put_user(NOP_OR, &tramp[12]); + __put_user(NOP_OR, &tramp[13]); + __put_user(NOP_OR, &tramp[14]); + __put_user(TARGET_NR_rt_sigreturn, &tramp[15]); + + unlock_user(tramp, sigtramp_page, 2 * 16); } --=20 2.54.0 From nobody Sat May 30 18:34:18 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=quarantine dis=none) header.from=kernel.org ARC-Seal: i=1; a=rsa-sha256; t=1779199595; cv=none; d=zohomail.com; s=zohoarc; b=Gqr0egPcwi8G83iVrkVNg63tE4Mz3gMNqVPdBiVs4kwhonzb/wLZKHvnkL2u0oKlxAJZTmDt+uY7tnEGWhf9THQ9QIX/JRqB3e9biwJy7P5Mf3AthcRhZ2NdcOCE2gKOEQ3Q/XZ1ltMzbClrUqrfZ/3pQtPtm8AOGtLKfz37Rs0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1779199595; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To; bh=o3gZSdGTPNhRpnjt72TFTNC+BXx63+mBJJ10eep47j8=; b=M/B8wdHF4UL0D3q+whKqC36dtXHyBDQQ2lWCyYuVZ/rGrMhJhN7RQ3GgOBhpWS7gJ5NT/xX3zKaW0TctIQqQMaziqvkFwrM/XjE69JNAmeFp26v3kSylBs8y4R9bR6BFDOiRh9+dLWEOkFavwlXb0zyxgxpOYmL4cIzPKGoHM64= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=quarantine dis=none) Return-Path: Received: from lists1p.gnu.org (lists1p.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1779199595433702.5418474841719; Tue, 19 May 2026 07:06:35 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists1p.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1wPL4s-0001UN-U4; Tue, 19 May 2026 10:05:46 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists1p.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wPL4s-0001Tr-2z for qemu-devel@nongnu.org; Tue, 19 May 2026 10:05:46 -0400 Received: from sea.source.kernel.org ([2600:3c0a:e001:78e:0:1991:8:25]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1wPL4p-00077c-3R for qemu-devel@nongnu.org; Tue, 19 May 2026 10:05:45 -0400 Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sea.source.kernel.org (Postfix) with ESMTP id 78E2340D72; Tue, 19 May 2026 14:05:40 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 54BA8C2BCB3; Tue, 19 May 2026 14:05:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1779199540; bh=NJ2IiKRcrXZDqlm0yyQvg6DRpQCePqd/EFPFnCOx9SA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=HjPMCl0WNgDI0x3jT/y9rSzOvEWJ53gtjWpnLtYBeBz+gzoHoFaWU17Ij1oHqtzdf WCVBaPEHXsvKwruvL7Dc7YOAMFd36aBByC14wL+qulClcbQcwxD1m+gz0lSAuHi59B Gc2ZLVpG1LDTKyaJxPA8o/TcqBys+EocgcwqxX3hobsDdnNO7Jth6x//AoYmQYR1Le 1nZqLyGc6K2ZQU4K5wWCXHj8L1c3MYN1ZqTVHX9AVkFdWdjyTIx4u1CeehIEIr6a+d mcsuhfkykNpNOT/gYEiPMAUaR7IwOyL9TwdeGEbeVWWUF4X9PAvqhNf1h1fBI2NHTs zTTHmSa4ZGEMA== From: Helge Deller To: qemu-devel@nongnu.org Cc: deller@gmx.de, Laurent Vivier , Pierrick Bouvier Subject: [PULL 4/4] linux-user: Fix a memory leak when pthread_create fails Date: Tue, 19 May 2026 16:05:31 +0200 Message-ID: <20260519140531.11931-5-deller@kernel.org> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260519140531.11931-1-deller@kernel.org> References: <20260519140531.11931-1-deller@kernel.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists1p.gnu.org; Received-SPF: pass client-ip=2600:3c0a:e001:78e:0:1991:8:25; envelope-from=deller@kernel.org; helo=sea.source.kernel.org X-Spam_score_int: -24 X-Spam_score: -2.5 X-Spam_bar: -- X-Spam_report: (-2.5 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.445, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @kernel.org) X-ZM-MESSAGEID: 1779199597435154100 Content-Type: text/plain; charset="utf-8" From: Warner Losh Fix one of the TODO items when creating a new thread: release the copied cpu and free the task state. Signed-off-by: Warner Losh Reviewed-by: Helge Deller Signed-off-by: Helge Deller --- linux-user/syscall.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 65bbeb8551..2d4a8aa182 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -7005,7 +7005,6 @@ static int do_fork(CPUArchState *env, unsigned int fl= ags, abi_ulong newsp, cpu->random_seed =3D qemu_guest_random_seed_thread_part1(); =20 ret =3D pthread_create(&info.thread, &attr, clone_func, &info); - /* TODO: Free new CPU state if thread creation failed. */ =20 sigprocmask(SIG_SETMASK, &info.sigmask, NULL); pthread_attr_destroy(&attr); @@ -7014,7 +7013,16 @@ static int do_fork(CPUArchState *env, unsigned int f= lags, abi_ulong newsp, pthread_cond_wait(&info.cond, &info.mutex); ret =3D info.tid; } else { + errno =3D ret; ret =3D -1; + object_unparent(OBJECT(new_cpu)); + object_unref(OBJECT(new_cpu)); +#ifdef TARGET_AARCH64 + if (ts->gcs_base) { + target_munmap(ts->gcs_base, ts->gcs_size); + } +#endif + g_free(ts); } pthread_mutex_unlock(&info.mutex); pthread_cond_destroy(&info.cond); --=20 2.54.0