From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1EuIT8-0001Ly-J0
	for qemu-devel@nongnu.org; Wed, 04 Jan 2006 18:55:03 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1EuIT5-0001Js-AF
	for qemu-devel@nongnu.org; Wed, 04 Jan 2006 18:55:01 -0500
Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1EuIT5-0001Jl-5e
	for qemu-devel@nongnu.org; Wed, 04 Jan 2006 18:54:59 -0500
Received: from [65.74.133.5] (helo=mail.codesourcery.com)
	by monty-python.gnu.org with esmtp
	(TLS-1.0:DHE_RSA_3DES_EDE_CBC_SHA:24) (Exim 4.34) id 1EuIUY-0003FB-MZ
	for qemu-devel@nongnu.org; Wed, 04 Jan 2006 18:56:30 -0500
From: Paul Brook <paul@codesourcery.com>
Date: Wed, 4 Jan 2006 23:53:06 +0000
MIME-Version: 1.0
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200601042353.07002.paul@codesourcery.com>
Subject: [Qemu-devel] [patch] qemu-user mmap bug
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

Under some circumstances target_mmap will return -EINVAL.  However its callers 
expect it behave like normal mmap. ie. return -1 and ser errno.

Discovered when testing qemu with some malformed ELF executables. It 
segfaulted instead of displaying an error.
The patch below changes target_map to have the expected error behavior.

Paul

Index: linux-user/mmap.c
===================================================================
RCS file: /sources/qemu/qemu/linux-user/mmap.c,v
retrieving revision 1.8
diff -u -p -r1.8 mmap.c
--- linux-user/mmap.c	7 Apr 2005 22:20:31 -0000	1.8
+++ linux-user/mmap.c	4 Jan 2006 23:49:29 -0000
@@ -183,8 +183,10 @@ long target_mmap(unsigned long start, un
     }
 #endif
 
-    if (offset & ~TARGET_PAGE_MASK)
-        return -EINVAL;
+    if (offset & ~TARGET_PAGE_MASK) {
+        errno = EINVAL;
+        return -1;
+    }
 
     len = TARGET_PAGE_ALIGN(len);
     if (len == 0)
@@ -232,8 +234,10 @@ long target_mmap(unsigned long start, un
         }
     }
     
-    if (start & ~TARGET_PAGE_MASK)
-        return -EINVAL;
+    if (start & ~TARGET_PAGE_MASK) {
+        errno = EINVAL;
+        return -1;
+    }
     end = start + len;
     host_end = HOST_PAGE_ALIGN(end);
 
@@ -244,8 +248,10 @@ long target_mmap(unsigned long start, un
         /* msync() won't work here, so we return an error if write is
            possible while it is a shared mapping */
         if ((flags & MAP_TYPE) == MAP_SHARED &&
-            (prot & PROT_WRITE))
-            return -EINVAL;
+            (prot & PROT_WRITE)) {
+            errno = EINVAL;
+            return -1;
+        }
         retaddr = target_mmap(start, len, prot | PROT_WRITE, 
                               MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, 
                               -1, 0);