summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRichard Purdie2021-01-08 18:42:12 +0100
committerLaurent Vivier2021-02-13 22:50:50 +0100
commitccc5ccc17f8cfbfd87d9aede5d12a2d47c56e712 (patch)
tree47efe65cf5f2e3fb15aba79ed2ac864dbb07fce4
parentlinux-user: Fix loading of BSS segments (diff)
downloadqemu-ccc5ccc17f8cfbfd87d9aede5d12a2d47c56e712.tar.gz
qemu-ccc5ccc17f8cfbfd87d9aede5d12a2d47c56e712.tar.xz
qemu-ccc5ccc17f8cfbfd87d9aede5d12a2d47c56e712.zip
linux-user/mmap: Avoid asserts for out of range mremap calls
If mremap() is called without the MREMAP_MAYMOVE flag with a start address just before the end of memory (reserved_va) where new_size would exceed it (and GUEST_ADDR_MAX), the assert(end - 1 <= GUEST_ADDR_MAX) inĀ  page_set_flags() would trigger. Add an extra guard to the guest_range_valid() checks to prevent this and avoid asserting binaries when reserved_va is set. This meant a bug I was seeing locally now gives the same behaviourĀ  regardless of whether reserved_va is set or not. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <70c46e7b999bafbb01d54bfafd44b420d0b782e9.camel@linuxfoundation.org> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
-rw-r--r--linux-user/mmap.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/linux-user/mmap.c b/linux-user/mmap.c
index 810653c503..1c9faef476 100644
--- a/linux-user/mmap.c
+++ b/linux-user/mmap.c
@@ -724,7 +724,9 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong old_size,
if (!guest_range_valid(old_addr, old_size) ||
((flags & MREMAP_FIXED) &&
- !guest_range_valid(new_addr, new_size))) {
+ !guest_range_valid(new_addr, new_size)) ||
+ ((flags & MREMAP_MAYMOVE) == 0 &&
+ !guest_range_valid(old_addr, new_size))) {
errno = ENOMEM;
return -1;
}