* [PATCH] {linux, bsd}-user: Fail mmap() if size doesn't fit into host's size_t
@ 2024-01-25 20:07 Ilya Leoshkevich
2024-01-27 3:55 ` [PATCH] {linux,bsd}-user: " Richard Henderson
2024-01-29 19:02 ` Warner Losh
0 siblings, 2 replies; 3+ messages in thread
From: Ilya Leoshkevich @ 2024-01-25 20:07 UTC (permalink / raw)
To: Richard Henderson, Warner Losh, Laurent Vivier
Cc: Kyle Evans, qemu-devel, Ilya Leoshkevich
s390x's branch-relative-long test fails with the following error
message on 32-bit hosts:
qemu-s390x: ../accel/tcg/user-exec.c:493: page_set_flags: Assertion `last <= GUEST_ADDR_MAX' failed.
The root cause is that the size passed to mmap() by this test does not
fit into 32 bits and gets truncated. Since there is no chance for such
mmap() to succeed, detect this condition and fail the mmap() right away.
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
---
bsd-user/mmap.c | 4 ++++
linux-user/mmap.c | 4 ++++
2 files changed, 8 insertions(+)
diff --git a/bsd-user/mmap.c b/bsd-user/mmap.c
index 3ef11b28079..5dc327d0ad3 100644
--- a/bsd-user/mmap.c
+++ b/bsd-user/mmap.c
@@ -256,6 +256,10 @@ static abi_ulong mmap_find_vma_aligned(abi_ulong start, abi_ulong size,
size = HOST_PAGE_ALIGN(size);
+ if (size != (size_t)size) {
+ return (abi_ulong)(-1);
+ }
+
if (reserved_va) {
return mmap_find_vma_reserved(start, size,
(alignment != 0 ? 1 << alignment :
diff --git a/linux-user/mmap.c b/linux-user/mmap.c
index 96c9433e271..ae59d70fb67 100644
--- a/linux-user/mmap.c
+++ b/linux-user/mmap.c
@@ -389,6 +389,10 @@ abi_ulong mmap_find_vma(abi_ulong start, abi_ulong size, abi_ulong align)
size = HOST_PAGE_ALIGN(size);
+ if (size != (size_t)size) {
+ return (abi_ulong)(-1);
+ }
+
if (reserved_va) {
return mmap_find_vma_reserved(start, size, align);
}
--
2.43.0
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [PATCH] {linux,bsd}-user: Fail mmap() if size doesn't fit into host's size_t
2024-01-25 20:07 [PATCH] {linux, bsd}-user: Fail mmap() if size doesn't fit into host's size_t Ilya Leoshkevich
@ 2024-01-27 3:55 ` Richard Henderson
2024-01-29 19:02 ` Warner Losh
1 sibling, 0 replies; 3+ messages in thread
From: Richard Henderson @ 2024-01-27 3:55 UTC (permalink / raw)
To: Ilya Leoshkevich, Warner Losh, Laurent Vivier; +Cc: Kyle Evans, qemu-devel
On 1/26/24 06:07, Ilya Leoshkevich wrote:
> s390x's branch-relative-long test fails with the following error
> message on 32-bit hosts:
>
> qemu-s390x: ../accel/tcg/user-exec.c:493: page_set_flags: Assertion `last <= GUEST_ADDR_MAX' failed.
>
> The root cause is that the size passed to mmap() by this test does not
> fit into 32 bits and gets truncated. Since there is no chance for such
> mmap() to succeed, detect this condition and fail the mmap() right away.
>
> Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
> ---
> bsd-user/mmap.c | 4 ++++
> linux-user/mmap.c | 4 ++++
> 2 files changed, 8 insertions(+)
>
> diff --git a/bsd-user/mmap.c b/bsd-user/mmap.c
> index 3ef11b28079..5dc327d0ad3 100644
> --- a/bsd-user/mmap.c
> +++ b/bsd-user/mmap.c
> @@ -256,6 +256,10 @@ static abi_ulong mmap_find_vma_aligned(abi_ulong start, abi_ulong size,
>
> size = HOST_PAGE_ALIGN(size);
>
> + if (size != (size_t)size) {
> + return (abi_ulong)(-1);
> + }
> +
I have this same fix in
https://lore.kernel.org/qemu-devel/20240102015808.132373-18-richard.henderson@linaro.org/
so as far as that's concerned,
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
But perhaps you got cast your eye across the larger reorg,
https://lore.kernel.org/qemu-devel/20240102015808.132373-1-richard.henderson@linaro.org/
?
r~
^ permalink raw reply [flat|nested] 3+ messages in thread* Re: [PATCH] {linux,bsd}-user: Fail mmap() if size doesn't fit into host's size_t
2024-01-25 20:07 [PATCH] {linux, bsd}-user: Fail mmap() if size doesn't fit into host's size_t Ilya Leoshkevich
2024-01-27 3:55 ` [PATCH] {linux,bsd}-user: " Richard Henderson
@ 2024-01-29 19:02 ` Warner Losh
1 sibling, 0 replies; 3+ messages in thread
From: Warner Losh @ 2024-01-29 19:02 UTC (permalink / raw)
To: Ilya Leoshkevich
Cc: Richard Henderson, Laurent Vivier, Kyle Evans, qemu-devel
[-- Attachment #1: Type: text/plain, Size: 1347 bytes --]
On Thu, Jan 25, 2024 at 1:07 PM Ilya Leoshkevich <iii@linux.ibm.com> wrote:
> s390x's branch-relative-long test fails with the following error
> message on 32-bit hosts:
>
> qemu-s390x: ../accel/tcg/user-exec.c:493: page_set_flags: Assertion
> `last <= GUEST_ADDR_MAX' failed.
>
> The root cause is that the size passed to mmap() by this test does not
> fit into 32 bits and gets truncated. Since there is no chance for such
> mmap() to succeed, detect this condition and fail the mmap() right away.
>
> Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
> ---
> bsd-user/mmap.c | 4 ++++
> linux-user/mmap.c | 4 ++++
> 2 files changed, 8 insertions(+)
>
> diff --git a/bsd-user/mmap.c b/bsd-user/mmap.c
> index 3ef11b28079..5dc327d0ad3 100644
> --- a/bsd-user/mmap.c
> +++ b/bsd-user/mmap.c
> @@ -256,6 +256,10 @@ static abi_ulong mmap_find_vma_aligned(abi_ulong
> start, abi_ulong size,
>
> size = HOST_PAGE_ALIGN(size);
>
> + if (size != (size_t)size) {
> + return (abi_ulong)(-1);
> + }
> +
> if (reserved_va) {
> return mmap_find_vma_reserved(start, size,
> (alignment != 0 ? 1 << alignment :
>
Reviewed-by: Warner Losh <imp@bsdimp.com>
Seems good to me.. I can queue it to this month's landing code, unless
Richard beats me to it.
Warner
[-- Attachment #2: Type: text/html, Size: 1929 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-01-29 19:03 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-01-25 20:07 [PATCH] {linux, bsd}-user: Fail mmap() if size doesn't fit into host's size_t Ilya Leoshkevich
2024-01-27 3:55 ` [PATCH] {linux,bsd}-user: " Richard Henderson
2024-01-29 19:02 ` Warner Losh
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.