From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from [140.186.70.92] (port=46707 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1OFVEs-0000jG-11
	for qemu-devel@nongnu.org; Fri, 21 May 2010 12:38:23 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69)
	(envelope-from <rth@twiddle.net>) id 1OFVEp-0005l5-FY
	for qemu-devel@nongnu.org; Fri, 21 May 2010 12:38:21 -0400
Received: from are.twiddle.net ([75.149.56.221]:34329)
	by eggs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <rth@twiddle.net>) id 1OFVEp-0005kr-8V
	for qemu-devel@nongnu.org; Fri, 21 May 2010 12:38:19 -0400
Message-ID: <4BF6B6F9.3070802@twiddle.net>
Date: Fri, 21 May 2010 09:38:17 -0700
From: Richard Henderson <rth@twiddle.net>
MIME-Version: 1.0
Subject: Re: [Qemu-devel] linux-user mmap bug
References: <20100521132817.GA8021@edde.se.axis.com>
In-Reply-To: <20100521132817.GA8021@edde.se.axis.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "Edgar E. Iglesias" <edgar.iglesias@gmail.com>
Cc: qemu-devel@nongnu.org

On 05/21/2010 06:28 AM, Edgar E. Iglesias wrote:
>          ptr = mmap(g2h(addr), size, PROT_NONE,
> -                   MAP_ANONYMOUS|MAP_PRIVATE|MAP_NORESERVE, -1, 0);
> +                   /* When the kernel returns addresses that the guest
> +                      cannot use we might need to fallback to fixed
> +                      allocations.  */
> +                   (addr ? MAP_FIXED : 0)
> +                   | MAP_ANONYMOUS|MAP_PRIVATE|MAP_NORESERVE, -1, 0);

NACK.  We are in fact probing for a free address in this loop,
so you don't know that the address being tested is in fact free.

I have a patch series that attempts to clean this up, but it 
isn't quite optimal.  I'll post it for reference, however.


r~