[Qemu-devel] [patch] qemu-user mmap bug

[Qemu-devel] [patch] qemu-user mmap bug

[Paul Brook]

Under some circumstances target_mmap will return -EINVAL.  However its callers 
expect it behave like normal mmap. ie. return -1 and ser errno.

Discovered when testing qemu with some malformed ELF executables. It 
segfaulted instead of displaying an error.
The patch below changes target_map to have the expected error behavior.

Paul

Index: linux-user/mmap.c
===================================================================
RCS file: /sources/qemu/qemu/linux-user/mmap.c,v
retrieving revision 1.8
diff -u -p -r1.8 mmap.c
--- linux-user/mmap.c	7 Apr 2005 22:20:31 -0000	1.8
+++ linux-user/mmap.c	4 Jan 2006 23:49:29 -0000
@@ -183,8 +183,10 @@ long target_mmap(unsigned long start, un
     }
 #endif
 
-    if (offset & ~TARGET_PAGE_MASK)
-        return -EINVAL;
+    if (offset & ~TARGET_PAGE_MASK) {
+        errno = EINVAL;
+        return -1;
+    }
 
     len = TARGET_PAGE_ALIGN(len);
     if (len == 0)
@@ -232,8 +234,10 @@ long target_mmap(unsigned long start, un
         }
     }
     
-    if (start & ~TARGET_PAGE_MASK)
-        return -EINVAL;
+    if (start & ~TARGET_PAGE_MASK) {
+        errno = EINVAL;
+        return -1;
+    }
     end = start + len;
     host_end = HOST_PAGE_ALIGN(end);
 
@@ -244,8 +248,10 @@ long target_mmap(unsigned long start, un
         /* msync() won't work here, so we return an error if write is
            possible while it is a shared mapping */
         if ((flags & MAP_TYPE) == MAP_SHARED &&
-            (prot & PROT_WRITE))
-            return -EINVAL;
+            (prot & PROT_WRITE)) {
+            errno = EINVAL;
+            return -1;
+        }
         retaddr = target_mmap(start, len, prot | PROT_WRITE, 
                               MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, 
                               -1, 0);