From: Ilya Leoshkevich <iii@linux.ibm.com>
To: Richard Henderson <richard.henderson@linaro.org>,
Warner Losh <imp@bsdimp.com>, Laurent Vivier <laurent@vivier.eu>
Cc: Kyle Evans <kevans@freebsd.org>,
qemu-devel@nongnu.org, Ilya Leoshkevich <iii@linux.ibm.com>
Subject: [PATCH] {linux, bsd}-user: Fail mmap() if size doesn't fit into host's size_t
Date: Thu, 25 Jan 2024 21:07:02 +0100 [thread overview]
Message-ID: <20240125200731.2633-1-iii@linux.ibm.com> (raw)
s390x's branch-relative-long test fails with the following error
message on 32-bit hosts:
qemu-s390x: ../accel/tcg/user-exec.c:493: page_set_flags: Assertion `last <= GUEST_ADDR_MAX' failed.
The root cause is that the size passed to mmap() by this test does not
fit into 32 bits and gets truncated. Since there is no chance for such
mmap() to succeed, detect this condition and fail the mmap() right away.
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
---
bsd-user/mmap.c | 4 ++++
linux-user/mmap.c | 4 ++++
2 files changed, 8 insertions(+)
diff --git a/bsd-user/mmap.c b/bsd-user/mmap.c
index 3ef11b28079..5dc327d0ad3 100644
--- a/bsd-user/mmap.c
+++ b/bsd-user/mmap.c
@@ -256,6 +256,10 @@ static abi_ulong mmap_find_vma_aligned(abi_ulong start, abi_ulong size,
size = HOST_PAGE_ALIGN(size);
+ if (size != (size_t)size) {
+ return (abi_ulong)(-1);
+ }
+
if (reserved_va) {
return mmap_find_vma_reserved(start, size,
(alignment != 0 ? 1 << alignment :
diff --git a/linux-user/mmap.c b/linux-user/mmap.c
index 96c9433e271..ae59d70fb67 100644
--- a/linux-user/mmap.c
+++ b/linux-user/mmap.c
@@ -389,6 +389,10 @@ abi_ulong mmap_find_vma(abi_ulong start, abi_ulong size, abi_ulong align)
size = HOST_PAGE_ALIGN(size);
+ if (size != (size_t)size) {
+ return (abi_ulong)(-1);
+ }
+
if (reserved_va) {
return mmap_find_vma_reserved(start, size, align);
}
--
2.43.0
next reply other threads:[~2024-01-25 20:08 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-25 20:07 Ilya Leoshkevich [this message]
2024-01-27 3:55 ` [PATCH] {linux,bsd}-user: Fail mmap() if size doesn't fit into host's size_t Richard Henderson
2024-01-29 19:02 ` Warner Losh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240125200731.2633-1-iii@linux.ibm.com \
--to=iii@linux.ibm.com \
--cc=imp@bsdimp.com \
--cc=kevans@freebsd.org \
--cc=laurent@vivier.eu \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.