From: Richard Henderson <richard.henderson@linaro.org>
To: qemu-devel@nongnu.org
Cc: peter.maydell@linaro.org, "Philippe Mathieu-Daudé" <philmd@linaro.org>
Subject: [PULL 10/15] linux-user: Pass last not end to probe_guest_base
Date: Tue, 28 Mar 2023 15:58:01 -0700 [thread overview]
Message-ID: <20230328225806.2278728-11-richard.henderson@linaro.org> (raw)
In-Reply-To: <20230328225806.2278728-1-richard.henderson@linaro.org>
Pass the address of the last byte of the image, rather than
the first address past the last byte. This avoids overflow
when the last page of the address space is involved.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
linux-user/user-internals.h | 12 ++++++------
linux-user/elfload.c | 24 ++++++++++++------------
linux-user/flatload.c | 2 +-
3 files changed, 19 insertions(+), 19 deletions(-)
diff --git a/linux-user/user-internals.h b/linux-user/user-internals.h
index 9333db4f51..c63ef45fc7 100644
--- a/linux-user/user-internals.h
+++ b/linux-user/user-internals.h
@@ -76,19 +76,19 @@ void fork_end(int child);
/**
* probe_guest_base:
* @image_name: the executable being loaded
- * @loaddr: the lowest fixed address in the executable
- * @hiaddr: the highest fixed address in the executable
+ * @loaddr: the lowest fixed address within the executable
+ * @hiaddr: the highest fixed address within the executable
*
* Creates the initial guest address space in the host memory space.
*
- * If @loaddr == 0, then no address in the executable is fixed,
- * i.e. it is fully relocatable. In that case @hiaddr is the size
- * of the executable.
+ * If @loaddr == 0, then no address in the executable is fixed, i.e.
+ * it is fully relocatable. In that case @hiaddr is the size of the
+ * executable minus one.
*
* This function will not return if a valid value for guest_base
* cannot be chosen. On return, the executable loader can expect
*
- * target_mmap(loaddr, hiaddr - loaddr, ...)
+ * target_mmap(loaddr, hiaddr - loaddr + 1, ...)
*
* to succeed.
*/
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index fa4cc41567..dfae967908 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -2504,7 +2504,7 @@ static void pgb_have_guest_base(const char *image_name, abi_ulong guest_loaddr,
if (guest_hiaddr > reserved_va) {
error_report("%s: requires more than reserved virtual "
"address space (0x%" PRIx64 " > 0x%lx)",
- image_name, (uint64_t)guest_hiaddr, reserved_va);
+ image_name, (uint64_t)guest_hiaddr + 1, reserved_va);
exit(EXIT_FAILURE);
}
} else {
@@ -2512,7 +2512,7 @@ static void pgb_have_guest_base(const char *image_name, abi_ulong guest_loaddr,
if ((guest_hiaddr - guest_base) > ~(uintptr_t)0) {
error_report("%s: requires more virtual address space "
"than the host can provide (0x%" PRIx64 ")",
- image_name, (uint64_t)guest_hiaddr - guest_base);
+ image_name, (uint64_t)guest_hiaddr + 1 - guest_base);
exit(EXIT_FAILURE);
}
#endif
@@ -2525,18 +2525,18 @@ static void pgb_have_guest_base(const char *image_name, abi_ulong guest_loaddr,
if (reserved_va) {
guest_loaddr = (guest_base >= mmap_min_addr ? 0
: mmap_min_addr - guest_base);
- guest_hiaddr = reserved_va;
+ guest_hiaddr = reserved_va - 1;
}
/* Reserve the address space for the binary, or reserved_va. */
test = g2h_untagged(guest_loaddr);
- addr = mmap(test, guest_hiaddr - guest_loaddr, PROT_NONE, flags, -1, 0);
+ addr = mmap(test, guest_hiaddr - guest_loaddr + 1, PROT_NONE, flags, -1, 0);
if (test != addr) {
pgb_fail_in_use(image_name);
}
qemu_log_mask(CPU_LOG_PAGE,
- "%s: base @ %p for " TARGET_ABI_FMT_ld " bytes\n",
- __func__, addr, guest_hiaddr - guest_loaddr);
+ "%s: base @ %p for %" PRIu64 " bytes\n",
+ __func__, addr, (uint64_t)guest_hiaddr - guest_loaddr + 1);
}
/**
@@ -2680,7 +2680,7 @@ static void pgb_static(const char *image_name, abi_ulong orig_loaddr,
if (hiaddr != orig_hiaddr) {
error_report("%s: requires virtual address space that the "
"host cannot provide (0x%" PRIx64 ")",
- image_name, (uint64_t)orig_hiaddr);
+ image_name, (uint64_t)orig_hiaddr + 1);
exit(EXIT_FAILURE);
}
@@ -2694,7 +2694,7 @@ static void pgb_static(const char *image_name, abi_ulong orig_loaddr,
* arithmetic wraps around.
*/
if (sizeof(uintptr_t) == 8 || loaddr >= 0x80000000u) {
- hiaddr = (uintptr_t) 4 << 30;
+ hiaddr = UINT32_MAX;
} else {
offset = -(HI_COMMPAGE & -align);
}
@@ -2702,7 +2702,7 @@ static void pgb_static(const char *image_name, abi_ulong orig_loaddr,
loaddr = MIN(loaddr, LO_COMMPAGE & -align);
}
- addr = pgb_find_hole(loaddr, hiaddr - loaddr, align, offset);
+ addr = pgb_find_hole(loaddr, hiaddr - loaddr + 1, align, offset);
if (addr == -1) {
/*
* If HI_COMMPAGE, there *might* be a non-consecutive allocation
@@ -2755,7 +2755,7 @@ static void pgb_reserved_va(const char *image_name, abi_ulong guest_loaddr,
if (guest_hiaddr > reserved_va) {
error_report("%s: requires more than reserved virtual "
"address space (0x%" PRIx64 " > 0x%lx)",
- image_name, (uint64_t)guest_hiaddr, reserved_va);
+ image_name, (uint64_t)guest_hiaddr + 1, reserved_va);
exit(EXIT_FAILURE);
}
@@ -3021,7 +3021,7 @@ static void load_elf_image(const char *image_name, int image_fd,
if (a < loaddr) {
loaddr = a;
}
- a = eppnt->p_vaddr + eppnt->p_memsz;
+ a = eppnt->p_vaddr + eppnt->p_memsz - 1;
if (a > hiaddr) {
hiaddr = a;
}
@@ -3112,7 +3112,7 @@ static void load_elf_image(const char *image_name, int image_fd,
* In both cases, we will overwrite pages in this range with mappings
* from the executable.
*/
- load_addr = target_mmap(loaddr, hiaddr - loaddr, PROT_NONE,
+ load_addr = target_mmap(loaddr, (size_t)hiaddr - loaddr + 1, PROT_NONE,
MAP_PRIVATE | MAP_ANON | MAP_NORESERVE |
(ehdr->e_type == ET_EXEC ? MAP_FIXED : 0),
-1, 0);
diff --git a/linux-user/flatload.c b/linux-user/flatload.c
index e99570ca18..5efec2630e 100644
--- a/linux-user/flatload.c
+++ b/linux-user/flatload.c
@@ -448,7 +448,7 @@ static int load_flat_file(struct linux_binprm * bprm,
* Allocate the address space.
*/
probe_guest_base(bprm->filename, 0,
- text_len + data_len + extra + indx_len);
+ text_len + data_len + extra + indx_len - 1);
/*
* there are a couple of cases here, the separate code/data
--
2.34.1
next prev parent reply other threads:[~2023-03-28 23:00 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-28 22:57 [PULL 00/15] tcg patch queue Richard Henderson
2023-03-28 22:57 ` [PULL 01/15] util: import GTree as QTree Richard Henderson
2023-03-28 22:57 ` [PULL 02/15] tcg: use QTree instead of GTree Richard Henderson
2023-03-28 22:57 ` [PULL 03/15] linux-user: Diagnose misaligned -R size Richard Henderson
2023-03-28 22:57 ` [PULL 04/15] accel/tcg: Pass last not end to page_set_flags Richard Henderson
2023-03-28 22:57 ` [PULL 05/15] accel/tcg: Pass last not end to page_reset_target_data Richard Henderson
2023-03-28 22:57 ` [PULL 06/15] accel/tcg: Pass last not end to PAGE_FOR_EACH_TB Richard Henderson
2023-03-28 22:57 ` [PULL 07/15] accel/tcg: Pass last not end to page_collection_lock Richard Henderson
2023-03-28 22:57 ` [PULL 08/15] accel/tcg: Pass last not end to tb_invalidate_phys_page_range__locked Richard Henderson
2023-03-28 22:58 ` [PULL 09/15] accel/tcg: Pass last not end to tb_invalidate_phys_range Richard Henderson
2023-03-28 22:58 ` Richard Henderson [this message]
2023-03-28 22:58 ` [PULL 11/15] include/exec: Change reserved_va semantics to last byte Richard Henderson
2023-05-11 11:48 ` Laurent Vivier
2023-05-11 13:24 ` Richard Henderson
2023-03-28 22:58 ` [PULL 12/15] linux-user/arm: Take more care allocating commpage Richard Henderson
2023-03-28 22:58 ` [PULL 13/15] softmmu: Restrict cpu_check_watchpoint / address_matches to TCG accel Richard Henderson
2023-03-28 22:58 ` [PULL 14/15] softmmu/watchpoint: Add missing 'qemu/error-report.h' include Richard Henderson
2023-03-28 22:58 ` [PULL 15/15] softmmu: Restore use of CPU watchpoint for all accelerators Richard Henderson
2023-03-29 13:01 ` [PULL 00/15] tcg patch queue Peter Maydell
2023-03-30 10:37 ` Joel Stanley
2023-03-31 17:20 ` Richard Henderson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230328225806.2278728-11-richard.henderson@linaro.org \
--to=richard.henderson@linaro.org \
--cc=peter.maydell@linaro.org \
--cc=philmd@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).