From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1KI8Bp-0002FW-Gq for qemu-devel@nongnu.org; Sun, 13 Jul 2008 16:29:01 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1KI8Bn-0002Eh-Vs for qemu-devel@nongnu.org; Sun, 13 Jul 2008 16:29:01 -0400 Received: from [199.232.76.173] (port=40923 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1KI8Bn-0002ES-My for qemu-devel@nongnu.org; Sun, 13 Jul 2008 16:28:59 -0400 Received: from fmmailgate01.web.de ([217.72.192.221]:46210) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1KI8Bn-00072l-Fr for qemu-devel@nongnu.org; Sun, 13 Jul 2008 16:28:59 -0400 Received: from smtp05.web.de (fmsmtp05.dlan.cinetic.de [172.20.4.166]) by fmmailgate01.web.de (Postfix) with ESMTP id B9407E7D39E7 for ; Sun, 13 Jul 2008 22:28:58 +0200 (CEST) Received: from [88.64.30.223] (helo=[192.168.1.198]) by smtp05.web.de with asmtp (TLSv1:AES256-SHA:256) (WEB.DE 4.109 #226) id 1KI8Bm-000135-00 for qemu-devel@nongnu.org; Sun, 13 Jul 2008 22:28:58 +0200 Message-ID: <487A658A.3060203@web.de> Date: Sun, 13 Jul 2008 22:28:58 +0200 From: Jan Kiszka MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit Sender: jan.kiszka@web.de Subject: [Qemu-devel] [PATCH] linux-user: Fix page_find_alloc for 32-bit use on 64-bit hosts Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org page_find_alloc, used e.g. for TB allocation, is not safe on 64-bit hosts for 32-bit guests. Patch below fixes this by requesting new pages only from the guest-reachable address range. This patch, together with the one for gdt_table, fixes the reported qemu-i386 regression [1]. [1] http://permalink.gmane.org/gmane.comp.emulators.qemu/26987 Signed-off-by: Jan Kiszka --- exec.c | 17 ++++++++++------- linux-user/mmap.c | 2 +- linux-user/qemu.h | 1 + 3 files changed, 12 insertions(+), 8 deletions(-) Index: b/linux-user/qemu.h =================================================================== --- a/linux-user/qemu.h +++ b/linux-user/qemu.h @@ -232,6 +232,7 @@ void sparc64_get_context(CPUSPARCState * #endif /* mmap.c */ +abi_ulong mmap_find_vma(abi_ulong start, abi_ulong size); int target_mprotect(abi_ulong start, abi_ulong len, int prot); abi_long target_mmap(abi_ulong start, abi_ulong len, int prot, int flags, int fd, abi_ulong offset); Index: b/linux-user/mmap.c =================================================================== --- a/linux-user/mmap.c +++ b/linux-user/mmap.c @@ -260,7 +260,7 @@ unsigned long last_brk; */ /* page_init() marks pages used by the host as reserved to be sure not to use them. */ -static abi_ulong mmap_find_vma(abi_ulong start, abi_ulong size) +abi_ulong mmap_find_vma(abi_ulong start, abi_ulong size) { abi_ulong addr, addr1, addr_start; int prot; Index: b/exec.c =================================================================== --- a/exec.c +++ b/exec.c @@ -295,17 +295,20 @@ static inline PageDesc *page_find_alloc( /* allocate if not found */ #if defined(CONFIG_USER_ONLY) unsigned long addr; + abi_ulong mmap_start; size_t len = sizeof(PageDesc) * L2_SIZE; - /* Don't use qemu_malloc because it may recurse. */ - p = mmap(0, len, PROT_READ | PROT_WRITE, + abi_ulong host_len = HOST_PAGE_ALIGN(len); + + /* Ensure we allocate from the guest-reachable rage */ + mmap_start = mmap_find_vma(0, host_len); + assert(mmap_start != (abi_ulong)-1); + p = mmap(g2h(mmap_start), len, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); + assert(p != MAP_FAILED); *lp = p; addr = h2g(p); - if (addr == (target_ulong)addr) { - page_set_flags(addr & TARGET_PAGE_MASK, - TARGET_PAGE_ALIGN(addr + len), - PAGE_RESERVED); - } + page_set_flags(addr & TARGET_PAGE_MASK, TARGET_PAGE_ALIGN(addr + len), + PAGE_RESERVED); #else p = qemu_mallocz(sizeof(PageDesc) * L2_SIZE); *lp = p;