From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1KIWGn-0006Lz-EW for qemu-devel@nongnu.org; Mon, 14 Jul 2008 18:11:45 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1KIWGl-0006KC-Uv for qemu-devel@nongnu.org; Mon, 14 Jul 2008 18:11:44 -0400 Received: from [199.232.76.173] (port=45304 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1KIWGl-0006Jb-8C for qemu-devel@nongnu.org; Mon, 14 Jul 2008 18:11:43 -0400 Received: from fmmailgate02.web.de ([217.72.192.227]:48543) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1KIWGk-0001Gx-MO for qemu-devel@nongnu.org; Mon, 14 Jul 2008 18:11:43 -0400 Received: from smtp06.web.de (fmsmtp06.dlan.cinetic.de [172.20.5.172]) by fmmailgate02.web.de (Postfix) with ESMTP id A7DE0E5C3672 for ; Tue, 15 Jul 2008 00:11:41 +0200 (CEST) Received: from [88.64.11.250] (helo=[192.168.1.198]) by smtp06.web.de with asmtp (TLSv1:AES256-SHA:256) (WEB.DE 4.109 #226) id 1KIWGj-0001v5-00 for qemu-devel@nongnu.org; Tue, 15 Jul 2008 00:11:41 +0200 Resent-To: qemu-devel@nongnu.org Resent-Message-Id: <487BCF1D.5020905@web.de> Message-ID: <487BCEAA.5090804@web.de> Date: Tue, 15 Jul 2008 00:09:46 +0200 From: Jan Kiszka MIME-Version: 1.0 References: <487BCA03.9060001@web.de> In-Reply-To: <487BCA03.9060001@web.de> Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: 7bit Sender: jan.kiszka@web.de Subject: [Qemu-devel] [PATCH 4/4] linux-user: Fix page_find_alloc for 32-bit use on 64-bit hosts Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org page_find_alloc, used e.g. for TB allocation, is not safe on 64-bit hosts for 32-bit guests. Patch below fixes this by requesting new pages only from the guest-reachable address range. Signed-off-by: Jan Kiszka --- exec.c | 24 +++++++++++++++++------- linux-user/mmap.c | 2 +- linux-user/qemu.h | 1 + 3 files changed, 19 insertions(+), 8 deletions(-) Index: b/linux-user/qemu.h =================================================================== --- a/linux-user/qemu.h +++ b/linux-user/qemu.h @@ -232,6 +232,7 @@ void sparc64_get_context(CPUSPARCState * #endif /* mmap.c */ +abi_ulong mmap_find_vma(abi_ulong start, abi_ulong size); int target_mprotect(abi_ulong start, abi_ulong len, int prot); abi_long target_mmap(abi_ulong start, abi_ulong len, int prot, int flags, int fd, abi_ulong offset); Index: b/linux-user/mmap.c =================================================================== --- a/linux-user/mmap.c +++ b/linux-user/mmap.c @@ -297,7 +297,7 @@ unsigned long last_brk; */ /* page_init() marks pages used by the host as reserved to be sure not to use them. */ -static abi_ulong mmap_find_vma(abi_ulong start, abi_ulong size) +abi_ulong mmap_find_vma(abi_ulong start, abi_ulong size) { abi_ulong addr, addr1, addr_start; int prot; Index: b/exec.c =================================================================== --- a/exec.c +++ b/exec.c @@ -294,18 +294,28 @@ static inline PageDesc *page_find_alloc( if (!p) { /* allocate if not found */ #if defined(CONFIG_USER_ONLY) + void *start = NULL; unsigned long addr; size_t len = sizeof(PageDesc) * L2_SIZE; - /* Don't use qemu_malloc because it may recurse. */ - p = mmap(0, len, PROT_READ | PROT_WRITE, + +#if TARGET_LONG_BITS < HOST_LONG_BITS + { + /* Ensure we allocate from the guest-reachable rage */ + abi_ulong guest_start; + + len = HOST_PAGE_ALIGN(len); + guest_start = mmap_find_vma(0, len); + assert(guest_start != (abi_ulong)-1); + start = g2h(guest_start); + } +#endif + p = mmap(start, len, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); + assert(p != MAP_FAILED); *lp = p; addr = h2g(p); - if (addr == (target_ulong)addr) { - page_set_flags(addr & TARGET_PAGE_MASK, - TARGET_PAGE_ALIGN(addr + len), - PAGE_RESERVED); - } + page_set_flags(addr & TARGET_PAGE_MASK, TARGET_PAGE_ALIGN(addr + len), + PAGE_RESERVED); #else p = qemu_mallocz(sizeof(PageDesc) * L2_SIZE); *lp = p;