From: Helge Deller <deller@gmx.de>
To: Joel Stanley <joel@jms.id.au>, Laurent Vivier <laurent@vivier.eu>,
Richard Henderson <richard.henderson@linaro.org>,
qemu-devel@nongnu.org
Cc: Helge Deller <deller@gmx.de>, akihiko.odaki@daynix.com
Subject: Re: [PATCH v7 00/14] linux-user: brk fixes
Date: Thu, 3 Aug 2023 17:01:32 +0200 [thread overview]
Message-ID: <ZMvBTMpi9jDVWDiP@p100> (raw)
In-Reply-To: <CACPK8XcdO4KpBfUZmxLNRLLcAOfM9D39be=m4O72kO0+_GiuQQ@mail.gmail.com>
* Joel Stanley <joel@jms.id.au>:
> On Thu, 3 Aug 2023 at 13:55, Helge Deller <deller@gmx.de> wrote:
> > > 143551 brk(NULL) = 0x0009b000
> > > 143551 brk(0x0009b8fc) = 0x0009b000
> >
> > I think the problem is the brk with 9b000 here.
> > It's not 64k aligned (=pages size of your ppc64le).
> >
> > Please try with this patch on top of Richard's series:
> >
> > > @@ -3229,7 +3208,8 @@ static void load_elf_image(const char *image_name, int image_fd,
> > > info->end_code = 0;
> > > info->start_data = -1;
> > > info->end_data = 0;
> > > - info->brk = .....
> > change that to become:
> > info->brk = HOST_PAGE_ALIGN(hiaddr);
>
> That stopped the crashing, and the binaries seem to run fine. I tested
> on two hosts: ppc64le (64K) and arm64 (16K).
Great!
That made re-read Akihiko's patch:
----
Author: Akihiko Odaki <akihiko.odaki@daynix.com>
linux-user: Do not align brk with host page size
do_brk() minimizes calls into target_mmap() by aligning the address
with host page size, which is potentially larger than the target page
size. However, the current implementation of this optimization has two
bugs:
- The start of brk is rounded up with the host page size while brk
advertises an address aligned with the target page size as the
beginning of brk. This makes the beginning of brk unmapped.
----
this patch has wrong assumptions.
The start of brk always needs to be host page aligned.
It's not an optimization, but a requirement, since brk needs to be
located on a host-aligned page which may get different permissions
than the page before it (where code from the binary may be located).
I wonder if we need that patch at all.
Joel, could you give the patch below on top of git head (no other
patches applied) a spin?
(I just tested it here locally on a full range of linux-user chroots)
I think this is ALL what's needed for git head to fix the static binary
issues, has a nice preparation for Richard's ELF_ET_DYN_BASE patches.
If it does, it replaces patches 1,2 & 4-6 from Richard's v7 patch
series.
Helge
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index 861ec07abc..88d9e4056e 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -3021,8 +3021,10 @@ static void load_elf_image(const char *image_name, int image_fd,
struct elfhdr *ehdr = (struct elfhdr *)bprm_buf;
struct elf_phdr *phdr;
abi_ulong load_addr, load_bias, loaddr, hiaddr, error;
+ unsigned long load_offset = 0;
int i, retval, prot_exec;
Error *err = NULL;
+ bool is_main_executable;
/* First of all, some simple consistency checks */
if (!elf_check_ident(ehdr)) {
@@ -3106,28 +3108,8 @@ static void load_elf_image(const char *image_name, int image_fd,
}
}
- if (pinterp_name != NULL) {
- /*
- * This is the main executable.
- *
- * Reserve extra space for brk.
- * We hold on to this space while placing the interpreter
- * and the stack, lest they be placed immediately after
- * the data segment and block allocation from the brk.
- *
- * 16MB is chosen as "large enough" without being so large as
- * to allow the result to not fit with a 32-bit guest on a
- * 32-bit host. However some 64 bit guests (e.g. s390x)
- * attempt to place their heap further ahead and currently
- * nothing stops them smashing into QEMUs address space.
- */
-#if TARGET_LONG_BITS == 64
- info->reserve_brk = 32 * MiB;
-#else
- info->reserve_brk = 16 * MiB;
-#endif
- hiaddr += info->reserve_brk;
-
+ is_main_executable = (pinterp_name != NULL);
+ if (is_main_executable) {
if (ehdr->e_type == ET_EXEC) {
/*
* Make sure that the low address does not conflict with
@@ -3136,10 +3118,11 @@ static void load_elf_image(const char *image_name, int image_fd,
probe_guest_base(image_name, loaddr, hiaddr);
} else {
/*
- * The binary is dynamic, but we still need to
+ * The binary is dynamic (pie-executabe), but we still need to
* select guest_base. In this case we pass a size.
*/
probe_guest_base(image_name, 0, hiaddr - loaddr);
+ load_offset = 0 /* TODO: should be ELF_ET_DYN_BASE */;
}
}
@@ -3157,9 +3140,9 @@ static void load_elf_image(const char *image_name, int image_fd,
* In both cases, we will overwrite pages in this range with mappings
* from the executable.
*/
- load_addr = target_mmap(loaddr, (size_t)hiaddr - loaddr + 1, PROT_NONE,
+ load_addr = target_mmap(loaddr + load_offset, (size_t)hiaddr - loaddr + 1, PROT_NONE,
MAP_PRIVATE | MAP_ANON | MAP_NORESERVE |
- (ehdr->e_type == ET_EXEC ? MAP_FIXED : 0),
+ (is_main_executable ? MAP_FIXED : 0),
-1, 0);
if (load_addr == -1) {
goto exit_mmap;
@@ -3194,7 +3177,8 @@ static void load_elf_image(const char *image_name, int image_fd,
info->end_code = 0;
info->start_data = -1;
info->end_data = 0;
- info->brk = 0;
+ /* possible start for brk is behind all sections of this ELF file. */
+ info->brk = HOST_PAGE_ALIGN(load_offset + hiaddr);
info->elf_flags = ehdr->e_flags;
prot_exec = PROT_EXEC;
@@ -3288,9 +3272,6 @@ static void load_elf_image(const char *image_name, int image_fd,
info->end_data = vaddr_ef;
}
}
- if (vaddr_em > info->brk) {
- info->brk = vaddr_em;
- }
#ifdef TARGET_MIPS
} else if (eppnt->p_type == PT_MIPS_ABIFLAGS) {
Mips_elf_abiflags_v0 abiflags;
@@ -3618,6 +3599,15 @@ int load_elf_binary(struct linux_binprm *bprm, struct image_info *info)
if (elf_interpreter) {
load_elf_interp(elf_interpreter, &interp_info, bprm->buf);
+ /*
+ * Use brk address of interpreter if it was loaded above the
+ * executable and leaves less than 16 MB for heap.
+ * This happens e.g. with static binaries on armhf.
+ */
+ if (interp_info.brk > info->brk &&
+ interp_info.load_bias - info->brk < 16 * MiB) {
+ info->brk = interp_info.brk;
+ }
/* If the program interpreter is one of these two, then assume
an iBCS2 image. Otherwise assume a native linux image. */
@@ -3672,17 +3662,6 @@ int load_elf_binary(struct linux_binprm *bprm, struct image_info *info)
bprm->core_dump = &elf_core_dump;
#endif
- /*
- * If we reserved extra space for brk, release it now.
- * The implementation of do_brk in syscalls.c expects to be able
- * to mmap pages in this space.
- */
- if (info->reserve_brk) {
- abi_ulong start_brk = HOST_PAGE_ALIGN(info->brk);
- abi_ulong end_brk = HOST_PAGE_ALIGN(info->brk + info->reserve_brk);
- target_munmap(start_brk, end_brk - start_brk);
- }
-
return 0;
}
next prev parent reply other threads:[~2023-08-03 15:02 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-03 1:52 [PATCH v7 00/14] linux-user: brk fixes Richard Henderson
2023-08-03 1:52 ` [PATCH v7 01/14] linux-user: Unset MAP_FIXED_NOREPLACE for host Richard Henderson
2023-08-03 1:52 ` [PATCH v7 02/14] linux-user: Fix MAP_FIXED_NOREPLACE on old kernels Richard Henderson
2023-08-03 1:52 ` [PATCH v7 03/14] linux-user: Do not call get_errno() in do_brk() Richard Henderson
2023-08-03 1:52 ` [PATCH v7 04/14] linux-user: Use MAP_FIXED_NOREPLACE for do_brk() Richard Henderson
2023-08-03 1:52 ` [PATCH v7 05/14] linux-user: Do nothing if too small brk is specified Richard Henderson
2023-08-03 1:52 ` [PATCH v7 06/14] linux-user: Do not align brk with host page size Richard Henderson
2023-08-03 1:52 ` [PATCH v7 07/14] linux-user: Remove last_brk Richard Henderson
2023-08-03 1:52 ` [PATCH v7 08/14] bsd-user: " Richard Henderson
2023-08-03 1:52 ` [PATCH v7 09/14] linux-user: Adjust task_unmapped_base for reserved_va Richard Henderson
2023-08-03 1:52 ` [PATCH v7 10/14] linux-user: Define TASK_UNMAPPED_BASE in $guest/target_mman.h Richard Henderson
2023-08-03 1:52 ` [PATCH v7 11/14] linux-user: Add ELF_ET_DYN_BASE Richard Henderson
2023-08-03 1:53 ` [PATCH v7 12/14] linux-user: Use elf_et_dyn_base for ET_DYN with interpreter Richard Henderson
2023-08-03 1:53 ` [PATCH v7 13/14] linux-user: Adjust initial brk when interpreter is close to executable Richard Henderson
2023-08-03 13:00 ` Helge Deller
2023-08-03 1:53 ` [PATCH v7 14/14] linux-user: Properly set image_info.brk in flatload Richard Henderson
2023-08-03 13:11 ` [PATCH v7 00/14] linux-user: brk fixes Joel Stanley
2023-08-03 13:55 ` Helge Deller
2023-08-03 14:17 ` Joel Stanley
2023-08-03 15:01 ` Helge Deller [this message]
2023-08-03 15:11 ` Richard Henderson
2023-08-03 16:09 ` Helge Deller
2023-08-03 15:20 ` Richard Henderson
2023-08-03 16:10 ` Helge Deller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZMvBTMpi9jDVWDiP@p100 \
--to=deller@gmx.de \
--cc=akihiko.odaki@daynix.com \
--cc=joel@jms.id.au \
--cc=laurent@vivier.eu \
--cc=qemu-devel@nongnu.org \
--cc=richard.henderson@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).