From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:38962)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <av1474@comtv.ru>) id 1S3wQM-00079b-C3
	for qemu-devel@nongnu.org; Sat, 03 Mar 2012 16:23:31 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <av1474@comtv.ru>) id 1S3wQK-000079-Ej
	for qemu-devel@nongnu.org; Sat, 03 Mar 2012 16:23:29 -0500
Received: from fe02x03-cgp.akado.ru ([77.232.31.165]:60425 helo=akado.ru)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <av1474@comtv.ru>) id 1S3wQK-00005h-7I
	for qemu-devel@nongnu.org; Sat, 03 Mar 2012 16:23:28 -0500
Date: Sun, 4 Mar 2012 01:23:09 +0400 (MSK)
From: malc <av1474@comtv.ru>
In-Reply-To: <93FCCE39-FC5B-43F1-B581-76D2AD1660A6@suse.de>
Message-ID: <alpine.LNX.2.00.1203040117490.3760@linmac>
References: <4F4B9E6B.2020405@suse.de>
	<CAFEAcA_Qe3R36RF+2s+HpUjDtqoyrp2FPumOrTTQr+aXLJhZbw@mail.gmail.com>
	<93FCCE39-FC5B-43F1-B581-76D2AD1660A6@suse.de>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Subject: Re: [Qemu-devel] ARM brk bug
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Alexander Graf <agraf@suse.de>
Cc: Peter Maydell <peter.maydell@linaro.org>, paul@codesourcery.com, riku.voipio@iki.fi, qemu-devel@nongnu.org, "Bernhard M. Wiedemann" <bwiedemann@suse.de>

On Sat, 3 Mar 2012, Alexander Graf wrote:

> 
> On 02.03.2012, at 18:49, Peter Maydell wrote:
> 
> > On 27 February 2012 15:16, Bernhard M. Wiedemann <bwiedemann@suse.de> wrote:
> >> I found that running a debian arm5 bash with qemu runs into varying
> >> problems with -R but works without.
> > 
> > So I had a look at this this afternoon, and what seems to be happening
> > is that with -R, the call to target_mmap() in elfload.c:setup_arg_pages()
> > (which creates the stack) is putting the stack immediately after the
> > bash BSS segment in the address space. This means that brk() will
> > never be able to expand, and it looks like something in either bash
> > or libc's locale code isn't correctly handling the failure, so we
> > crash. (The segfault is from a strlen(NULL) from setlocale() I think.)
> > 
> > We should probably try to put the stack somewhere more sensible than
> > where it currently ends up...
> 
> I wrote a small test case to reproduce the breakage as far as I understood it at least:
> 
> #include <stdio.h>
> #include <stdlib.h>
> #include <unistd.h>
> #include <sys/mman.h>
> #include <sys/types.h>
> #include <sys/stat.h>
> #include <sys/fcntl.h>
> 
> int main(int argc, char **argv)
> {
>     void *curbrk;
>     void *tmp;
>     char buf[1024];
>     int fd, r;
> 
>     tmp = mmap((void*)0x5000UL, 0x10000, PROT_READ|PROT_WRITE,
>                MAP_PRIVATE|MAP_ANONYMOUS, 0, 0);

You are setting a bad example here (not that i know if that makes a
dent of a practical difference in this case): passing 0 as an fd even
in MAP_ANONYMOUS case is unsafe.

[..snip..]

-- 
mailto:av1474@comtv.ru