[Qemu-devel] [PATCH] linux-user/mmap: Testsuite + bugfixes

["Edgar E. Iglesias" <edgar.iglesias@axis.com>]

Hi again,

I spent some more time creating more mmap test-cases and managed to trig a few
more bugs. Luckily, most of them were straight forward to fix. A few are
related to the funny semantics of MAP_FILE mmaps beyond EOF.
This posts elaborates a bit more on the issue:
http://lists.gnu.org/archive/html/qemu-devel/2008-01/msg00163.html

Tested on my intel centrino duo as host, for CRIS, MIPS and i386 targets. Used
the -p flag to simulate 8K, 16K and 32K page-sizes.

To run the tests for i386 just do a 'make -C tests test-mmap'.

I hope this is helpful to somebody.

Best regards
-- 
Edgar E. Iglesias
Axis Communications AB

diff --git a/configure b/configure
index bbda3f7..3df08ab 100755
--- a/configure
+++ b/configure
@@ -1244,6 +1244,7 @@ if test "$source_path_used" = "yes" ; then
     DIRS="tests tests/cris slirp audio"
     FILES="Makefile tests/Makefile"
     FILES="$FILES tests/cris/Makefile tests/cris/.gdbinit"
+    FILES="$FILES tests/test-mmap.c"
     for dir in $DIRS ; do
             mkdir -p $dir
     done
diff --git a/linux-user/mmap.c b/linux-user/mmap.c
index 6292826..3c77cc9 100644
--- a/linux-user/mmap.c
+++ b/linux-user/mmap.c
@@ -23,6 +23,8 @@
 #include <string.h>
 #include <unistd.h>
 #include <errno.h>
+#include <sys/types.h>
+#include <sys/stat.h>
 #include <sys/mman.h>
 
 #include "qemu.h"
@@ -153,10 +155,12 @@ static int mmap_frag(abi_ulong real_start,
 
 #if defined(__CYGWIN__)
 /* Cygwin doesn't have a whole lot of address space.  */
-static abi_ulong mmap_next_start = 0x18000000;
+#define MMAP_BASE 0x18000000
 #else
-static abi_ulong mmap_next_start = 0x40000000;
+#define MMAP_BASE 0x40000000
 #endif
+static abi_ulong mmap_next_start = MMAP_BASE;
+
 
 /* find a free memory area of size 'size'. The search starts at
    'start'. If 'start' == 0, then a default start address is used.
@@ -234,8 +238,40 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int prot,
     len = TARGET_PAGE_ALIGN(len);
     if (len == 0)
         return start;
-    real_start = start & qemu_host_page_mask;
 
+    /* When mapping files into a memory area larger than the file, accesses
+       to pages beyond the file size will cause a SIGBUS. 
+
+       For example, if mmaping a file of 100 bytes on a host with 4K pages
+       emulating a target with 8K pages, the target expects to be able to
+       access the first 8K. But the host will trap us on any access beyond
+       4K.  
+
+       When emulating a target with a larger page-size than the hosts, we
+       may need to truncate file maps at EOF and add extra anonymous pages
+       up to the targets page boundary.  */
+
+    if (!(flags & MAP_ANONYMOUS)) {
+        struct stat sb;
+	    
+	if (fstat (fd, &sb) == -1)
+	    return -1;
+	    
+	/* Are trying to create a map beyond the EOF?.  */
+	if (offset + len > sb.st_size) {
+	    /* If so, truncate the file map at eof aligned with 
+	       the hosts real pagesize. Additional anonymous maps
+	       will be created beyond EOF.  */
+	    len = (sb.st_size - offset);
+	    len += qemu_real_host_page_size - 1;
+	    len &= ~(qemu_real_host_page_size - 1);
+	}
+    }
+
+    real_start = start & qemu_host_page_mask;
+    end = start + len;
+    real_end = HOST_PAGE_ALIGN(end);
+ 
     if (!(flags & MAP_FIXED)) {
         abi_ulong mmap_start;
         void *p;
@@ -251,9 +287,17 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int prot,
            especially important if qemu_host_page_size >
            qemu_real_host_page_size */
         p = mmap(g2h(mmap_start),
-                 host_len, prot, flags | MAP_FIXED, fd, host_offset);
+                 len, prot, flags | MAP_FIXED, fd, host_offset);
         if (p == MAP_FAILED)
             return -1;
+
+	/* If we are dealing with truncated file maps due to pagesize
+	 * differences between host and target we may need to append
+	 * an anonymous mapping.  */
+	if (len < host_len)
+		mmap(g2h(mmap_start) + len, qemu_host_page_size, 
+		     prot, flags | MAP_FIXED | MAP_ANONYMOUS, -1, 0);
+
         /* update start so that it points to the file position at 'offset' */
         host_start = (unsigned long)p;
         if (!(flags & MAP_ANONYMOUS))
@@ -264,8 +308,6 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int prot,
             errno = EINVAL;
             return -1;
         }
-        end = start + len;
-        real_end = HOST_PAGE_ALIGN(end);
         
         /* worst case: we cannot map the file because the offset is not
            aligned, so we read it */
@@ -337,7 +379,7 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int prot,
     page_set_flags(start, start + len, prot | PAGE_VALID);
  the_end:
 #ifdef DEBUG_MMAP
-    printf("ret=0x%llx\n", start);
+    printf("ret=0x" TARGET_FMT_lx "\n", start);
     page_dump(stdout);
     printf("\n");
 #endif
@@ -385,6 +427,8 @@ int target_munmap(abi_ulong start, abi_ulong len)
             real_end -= qemu_host_page_size;
     }
 
+    mmap_next_start = MMAP_BASE;
+
     /* unmap what we can */
     if (real_start < real_end) {
         ret = munmap(g2h(real_start), real_end - real_start);
@@ -432,4 +476,3 @@ int target_msync(abi_ulong start, abi_ulong len, int flags)
     start &= qemu_host_page_mask;
     return msync(g2h(start), end - start, flags);
 }
-
diff --git a/tests/Makefile b/tests/Makefile
index 1775be8..f8e15e4 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -51,6 +51,15 @@ ifeq ($(ARCH),i386)
 	@if diff -u test-i386.ref test-i386.out ; then echo "Auto Test OK (no code copy)"; fi
 endif
 
+.PHONY: test-mmap
+test-mmap: test-mmap.c
+	$(CC) $(CFLAGS) -Wall -static -O2 $(LDFLAGS) -o $@ $<
+	./test-mmap
+	$(QEMU) ./test-mmap
+	$(QEMU) -p 8192 ./test-mmap 8192
+	$(QEMU) -p 16384 ./test-mmap 16384
+	$(QEMU) -p 32768 ./test-mmap 32768
+
 # generic Linux and CPU test
 linux-test: linux-test.c
 	$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< -lm
diff --git a/tests/test-mmap.c b/tests/test-mmap.c
new file mode 100644
index 0000000..38a675a
--- /dev/null
+++ b/tests/test-mmap.c
@@ -0,0 +1,377 @@
+/*
+ * Small test program to verify simulated mmap behaviour.
+ *
+ * When running qemu-linux-user with the -p flag, you may need to tell
+ * this test program about the pagesize because getpagesize() will not reflect
+ * the -p choice. Simply pass one argument beeing the pagesize.
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <string.h>
+#include <unistd.h>
+
+#include <sys/mman.h>
+
+#define fail_unless(x)                                         \
+do                                                             \
+{                                                              \
+  if (!(x)) {                                                  \
+    fprintf (stderr, "FAILED at %s:%d\n", __FILE__, __LINE__); \
+    exit (EXIT_FAILURE);                                       \
+  }                                                            \
+} while (0);
+
+unsigned char *dummybuf;
+static unsigned int pagesize;
+static unsigned int pagemask;
+int test_fd;
+size_t test_fsize;
+
+void check_aligned_anonymous_unfixed_mmaps(void)
+{
+	void *p1;
+	void *p2;
+	void *p3;
+	uintptr_t p;
+	int i;
+
+	fprintf (stderr, "%s\n", __func__);
+	for (i = 0; i < 0x1fff; i++)
+	{
+		size_t len;
+
+		len = pagesize + (pagesize * i & 7);
+		p1 = mmap(NULL, len, PROT_READ, 
+			  MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+		p2 = mmap(NULL, len, PROT_READ, 
+			  MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+		p3 = mmap(NULL, len, PROT_READ, 
+			  MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+
+		/* Make sure we get pages aligned with the pagesize. The
+		   target expects this.  */
+		fail_unless (p1 != MAP_FAILED);
+		fail_unless (p2 != MAP_FAILED);
+		fail_unless (p3 != MAP_FAILED);
+		p = (uintptr_t) p1;
+		fail_unless ((p & pagemask) == 0);
+		p = (uintptr_t) p2;
+		fail_unless ((p & pagemask) == 0);
+		p = (uintptr_t) p3;
+		fail_unless ((p & pagemask) == 0);
+
+		/* Make sure we can read from the entire area.  */
+		memcpy (dummybuf, p1, pagesize);
+		memcpy (dummybuf, p2, pagesize);
+		memcpy (dummybuf, p3, pagesize);
+
+		munmap (p1, len);
+		munmap (p2, len);
+		munmap (p3, len);
+	}
+}
+
+void check_aligned_anonymous_unfixed_colliding_mmaps(void)
+{
+	char *p1;
+	char *p2;
+	char *p3;
+	uintptr_t p;
+	int i;
+
+	fprintf (stderr, "%s\n", __func__);
+	for (i = 0; i < 0x2fff; i++)
+	{
+		int nlen;
+
+		p1 = mmap(NULL, pagesize, PROT_READ, 
+			  MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+		fail_unless (p1 != MAP_FAILED);
+		p = (uintptr_t) p1;
+		fail_unless ((p & pagemask) == 0);
+		memcpy (dummybuf, p1, pagesize);
+
+		p2 = mmap(NULL, pagesize, PROT_READ, 
+			  MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+		fail_unless (p2 != MAP_FAILED);
+		p = (uintptr_t) p2;
+		fail_unless ((p & pagemask) == 0);
+		memcpy (dummybuf, p2, pagesize);
+
+
+		munmap (p1, pagesize);
+		nlen = pagesize * 8;
+		p3 = mmap(NULL, nlen, PROT_READ, 
+			  MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+
+		/* Check if the mmaped areas collide.  */
+		if (p3 < p2 
+		    && (p3 + nlen) > p2)
+			fail_unless (0);
+
+		memcpy (dummybuf, p3, pagesize);
+
+		/* Make sure we get pages aligned with the pagesize. The
+		   target expects this.  */
+		fail_unless (p3 != MAP_FAILED);
+		p = (uintptr_t) p3;
+		fail_unless ((p & pagemask) == 0);
+		munmap (p2, pagesize);
+		munmap (p3, nlen);
+	}
+}
+
+void check_aligned_anonymous_fixed_mmaps(void)
+{
+	char *addr;
+	void *p1;
+	uintptr_t p;
+	int i;
+
+	/* Find a suitable address to start with.  */
+	addr = mmap(NULL, pagesize * 40, PROT_READ | PROT_WRITE, 
+		    MAP_PRIVATE | MAP_ANONYMOUS,
+		    -1, 0);
+	fprintf (stderr, "%s addr=%p\n", __func__, addr);
+	fail_unless (addr != MAP_FAILED);
+
+	for (i = 0; i < 40; i++)
+	{
+		/* Create submaps within our unfixed map.  */
+		p1 = mmap(addr, pagesize, PROT_READ, 
+			  MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED,
+			  -1, 0);
+		/* Make sure we get pages aligned with the pagesize. 
+		   The target expects this.  */
+		p = (uintptr_t) p1;
+		fail_unless (p1 == addr);
+		fail_unless ((p & pagemask) == 0);		
+		memcpy (dummybuf, p1, pagesize);
+		munmap (p1, pagesize);
+		addr += pagesize;
+	}
+}
+
+void check_file_unfixed_mmaps(void)
+{
+	unsigned int *p1, *p2, *p3;
+	uintptr_t p;
+	int i;
+
+	fprintf (stderr, "%s\n", __func__);
+	for (i = 0; i < 0x10; i++)
+	{
+		size_t len;
+
+		len = pagesize;
+		p1 = mmap(NULL, len, PROT_READ, 
+			  MAP_PRIVATE, 
+			  test_fd, 0);
+		p2 = mmap(NULL, len, PROT_READ, 
+			  MAP_PRIVATE, 
+			  test_fd, pagesize);
+		p3 = mmap(NULL, len, PROT_READ, 
+			  MAP_PRIVATE, 
+			  test_fd, pagesize * 2);
+
+		fail_unless (p1 != MAP_FAILED);
+		fail_unless (p2 != MAP_FAILED);
+		fail_unless (p3 != MAP_FAILED);
+
+		/* Make sure we get pages aligned with the pagesize. The
+		   target expects this.  */
+		p = (uintptr_t) p1;
+		fail_unless ((p & pagemask) == 0);
+		p = (uintptr_t) p2;
+		fail_unless ((p & pagemask) == 0);
+		p = (uintptr_t) p3;
+		fail_unless ((p & pagemask) == 0);
+
+		/* Verify that the file maps was made correctly.  */
+		fail_unless (*p1 == 0);
+		fail_unless (*p2 == (pagesize / sizeof *p2));
+		fail_unless (*p3 == ((pagesize * 2) / sizeof *p3));
+
+		memcpy (dummybuf, p1, pagesize);
+		memcpy (dummybuf, p2, pagesize);
+		memcpy (dummybuf, p3, pagesize);
+		munmap (p1, len);
+		munmap (p2, len);
+		munmap (p3, len);
+	}
+}
+
+void check_file_unfixed_eof_mmaps(void)
+{
+	char *cp;
+	unsigned int *p1;
+	uintptr_t p;
+	int i;
+
+	fprintf (stderr, "%s\n", __func__);
+	for (i = 0; i < 0x10; i++)
+	{
+		p1 = mmap(NULL, pagesize, PROT_READ, 
+			  MAP_PRIVATE, 
+			  test_fd, 
+			  (test_fsize - sizeof *p1) & ~pagemask);
+
+		fail_unless (p1 != MAP_FAILED);
+
+		/* Make sure we get pages aligned with the pagesize. The
+		   target expects this.  */
+		p = (uintptr_t) p1;
+		fail_unless ((p & pagemask) == 0);
+
+		/* Verify that the file maps was made correctly.  */
+		fail_unless (p1[(test_fsize & pagemask) / sizeof *p1 - 1]
+			     == ((test_fsize - sizeof *p1) / sizeof *p1));
+
+		/* Verify that the end of page is accessable and zeroed.  */
+		cp = (void *) p1;
+		fail_unless (cp[pagesize - 4] == 0);
+		munmap (p1, pagesize);
+	}
+}
+
+void check_file_fixed_eof_mmaps(void)
+{
+	char *addr;
+	char *cp;
+	unsigned int *p1;
+	uintptr_t p;
+	int i;
+
+	/* Find a suitable address to start with.  */
+	addr = mmap(NULL, pagesize * 44, PROT_READ, 
+		    MAP_PRIVATE | MAP_ANONYMOUS,
+		    -1, 0);
+
+	fprintf (stderr, "%s addr=%p\n", __func__, (void *)addr);
+	fail_unless (addr != MAP_FAILED);
+
+	for (i = 0; i < 0x10; i++)
+	{
+		/* Create submaps within our unfixed map.  */
+		p1 = mmap(addr, pagesize, PROT_READ, 
+			  MAP_PRIVATE | MAP_FIXED, 
+			  test_fd, 
+			  (test_fsize - sizeof *p1) & ~pagemask);
+
+		fail_unless (p1 != MAP_FAILED);
+
+		/* Make sure we get pages aligned with the pagesize. The
+		   target expects this.  */
+		p = (uintptr_t) p1;
+		fail_unless ((p & pagemask) == 0);
+
+		/* Verify that the file maps was made correctly.  */
+		fail_unless (p1[(test_fsize & pagemask) / sizeof *p1 - 1]
+			     == ((test_fsize - sizeof *p1) / sizeof *p1));
+
+		/* Verify that the end of page is accessable and zeroed.  */
+		cp = (void *)p1;
+		fail_unless (cp[pagesize - 4] == 0);
+		munmap (p1, pagesize);
+		addr += pagesize;
+	}
+}
+
+void check_file_fixed_mmaps(void)
+{
+	unsigned int *addr;
+	unsigned int *p1, *p2, *p3, *p4;
+	int i;
+
+	/* Find a suitable address to start with.  */
+	addr = mmap(NULL, pagesize * 44 * 3, PROT_READ, 
+		    MAP_PRIVATE | MAP_ANONYMOUS,
+		    -1, 0);
+	printf ("%s addr=%p\n", __func__, (void *)addr);
+	fail_unless (addr != MAP_FAILED);
+
+	for (i = 0; i < 40; i++)
+	{
+		p1 = mmap(addr, pagesize, PROT_READ, 
+			  MAP_PRIVATE | MAP_FIXED,
+			  test_fd, 0);
+		p2 = mmap(addr + pagesize, pagesize, PROT_READ, 
+			  MAP_PRIVATE | MAP_FIXED,
+			  test_fd, pagesize);
+		p3 = mmap(addr + pagesize * 2, pagesize, PROT_READ, 
+			  MAP_PRIVATE | MAP_FIXED,
+			  test_fd, pagesize * 2);
+		p4 = mmap(addr + pagesize * 3, pagesize, PROT_READ, 
+			  MAP_PRIVATE | MAP_FIXED,
+			  test_fd, pagesize * 3);
+
+		/* Make sure we get pages aligned with the pagesize. 
+		   The target expects this.  */
+		fail_unless (p1 == addr);
+		fail_unless (p2 == addr + pagesize);
+		fail_unless (p3 == addr + pagesize * 2);
+		fail_unless (p4 == addr + pagesize * 3);
+
+		/* Verify that the file maps was made correctly.  */
+		fail_unless (*p1 == 0);
+		fail_unless (*p2 == (pagesize / sizeof *p2));
+		fail_unless (*p3 == ((pagesize * 2) / sizeof *p3));
+		fail_unless (*p4 == ((pagesize * 3) / sizeof *p4));
+
+		memcpy (dummybuf, p1, pagesize);
+		memcpy (dummybuf, p2, pagesize);
+		memcpy (dummybuf, p3, pagesize);
+		memcpy (dummybuf, p4, pagesize);
+
+		munmap (p1, pagesize);
+		munmap (p2, pagesize);
+		munmap (p3, pagesize);
+		munmap (p4, pagesize);
+		addr += pagesize * 3;
+	}
+}
+
+int main(int argc, char **argv)
+{
+	char tempname[] = "/tmp/.cmmapXXXXXX";
+	unsigned int i;
+
+	/* Trust the first argument, otherwise probe the system for our
+	   pagesize.  */
+	if (argc > 1)
+		pagesize = strtoul(argv[1], NULL, 0);
+	else
+		pagesize = sysconf(_SC_PAGESIZE);
+
+	/* Assume pagesize is a power of two.  */
+	pagemask = pagesize - 1;
+	dummybuf = malloc (pagesize);
+	printf ("pagesize=%u pagemask=%x\n", pagesize, pagemask);
+
+	test_fd = mkstemp(tempname);
+	unlink(tempname);
+
+	/* Fill the file with int's counting from zero and up.  */
+	for (i = 0; i < (pagesize * 4) / sizeof i; i++)
+		write (test_fd, &i, sizeof i);
+	/* Append a few extra writes to make the file end at non 
+	   page boundary.  */
+	write (test_fd, &i, sizeof i); i++;
+	write (test_fd, &i, sizeof i); i++;
+	write (test_fd, &i, sizeof i); i++;
+
+	test_fsize = lseek(test_fd, 0, SEEK_CUR);
+	printf ("fsize=%d\n",test_fsize);
+
+	/* Run the tests.  */
+	check_aligned_anonymous_unfixed_mmaps();
+	check_aligned_anonymous_unfixed_colliding_mmaps();
+	check_aligned_anonymous_fixed_mmaps();
+	check_file_unfixed_mmaps();
+	check_file_fixed_mmaps();
+	check_file_fixed_eof_mmaps();
+	check_file_unfixed_eof_mmaps();
+
+	return EXIT_SUCCESS;
+}