* [Qemu-devel] [Bug 1785203] [NEW] accel/tcg/translate-all.c:2511: page_check_range: Assertion `start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS)' failed.
@ 2018-08-03 9:42 Serge Belyshev
2020-09-05 9:19 ` [Bug 1785203] " Serge Belyshev
0 siblings, 1 reply; 2+ messages in thread
From: Serge Belyshev @ 2018-08-03 9:42 UTC (permalink / raw)
To: qemu-devel
Public bug reported:
qemu-riscv64 version 2.12.93 crashes when mincore() is called with
invalid pointer with the following message:
qemu-riscv64: /opt/qemu/accel/tcg/translate-all.c:2511: page_check_range: Assertion `start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS)' failed.
qemu:handle_cpu_signal received signal outside vCPU context @ pc=0x600014ef
Testcase:
#include <sys/mman.h>
int main (void)
{
unsigned char v;
return mincore ((void *) 0x00000010000000000, 1, &v);
}
Backtrace:
#0 raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x000000006000140a in abort () at abort.c:79
#2 0x00000000600012ec in __assert_fail_base (
fmt=0x6024eae8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n",
assertion=0x601b9758 "start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS)",
file=0x601b9658 "/opt/qemu/accel/tcg/translate-all.c", line=2511,
function=0x601b9810 <__PRETTY_FUNCTION__.23867> "page_check_range") at assert.c:92
#3 0x000000006010e10e in __assert_fail (
assertion=assertion@entry=0x601b9758 "start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS)", file=file@entry=0x601b9658 "/opt/qemu/accel/tcg/translate-all.c", line=line@entry=2511,
function=function@entry=0x601b9810 <__PRETTY_FUNCTION__.23867> "page_check_range")
at assert.c:101
#4 0x000000006003e916 in page_check_range (start=start@entry=1099511627776, len=len@entry=1,
flags=flags@entry=1) at /opt/qemu/accel/tcg/translate-all.c:2511
#5 0x0000000060057717 in access_ok (size=1, addr=1099511627776, type=0)
at /opt/qemu/linux-user/qemu.h:567
#6 lock_user (copy=0, len=1, guest_addr=1099511627776, type=0)
at /opt/qemu/linux-user/qemu.h:567
#7 do_syscall (cpu_env=cpu_env@entry=0x622fca28, num=232, arg1=1099511627776, arg2=1,
arg3=274886298751, arg4=0, arg5=274886298808, arg6=66518, arg7=0, arg8=0)
at /opt/qemu/linux-user/syscall.c:11635
#8 0x0000000060066c5c in cpu_loop (env=env@entry=0x622fca28)
at /opt/qemu/linux-user/riscv/cpu_loop.c:55
#9 0x0000000060002156 in main (argc=<optimized out>, argv=0x7fffffffed68,
envp=<optimized out>) at /opt/qemu/linux-user/main.c:819
** Affects: qemu
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1785203
Title:
accel/tcg/translate-all.c:2511: page_check_range: Assertion `start <
((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS)' failed.
Status in QEMU:
New
Bug description:
qemu-riscv64 version 2.12.93 crashes when mincore() is called with
invalid pointer with the following message:
qemu-riscv64: /opt/qemu/accel/tcg/translate-all.c:2511: page_check_range: Assertion `start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS)' failed.
qemu:handle_cpu_signal received signal outside vCPU context @ pc=0x600014ef
Testcase:
#include <sys/mman.h>
int main (void)
{
unsigned char v;
return mincore ((void *) 0x00000010000000000, 1, &v);
}
Backtrace:
#0 raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x000000006000140a in abort () at abort.c:79
#2 0x00000000600012ec in __assert_fail_base (
fmt=0x6024eae8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n",
assertion=0x601b9758 "start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS)",
file=0x601b9658 "/opt/qemu/accel/tcg/translate-all.c", line=2511,
function=0x601b9810 <__PRETTY_FUNCTION__.23867> "page_check_range") at assert.c:92
#3 0x000000006010e10e in __assert_fail (
assertion=assertion@entry=0x601b9758 "start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS)", file=file@entry=0x601b9658 "/opt/qemu/accel/tcg/translate-all.c", line=line@entry=2511,
function=function@entry=0x601b9810 <__PRETTY_FUNCTION__.23867> "page_check_range")
at assert.c:101
#4 0x000000006003e916 in page_check_range (start=start@entry=1099511627776, len=len@entry=1,
flags=flags@entry=1) at /opt/qemu/accel/tcg/translate-all.c:2511
#5 0x0000000060057717 in access_ok (size=1, addr=1099511627776, type=0)
at /opt/qemu/linux-user/qemu.h:567
#6 lock_user (copy=0, len=1, guest_addr=1099511627776, type=0)
at /opt/qemu/linux-user/qemu.h:567
#7 do_syscall (cpu_env=cpu_env@entry=0x622fca28, num=232, arg1=1099511627776, arg2=1,
arg3=274886298751, arg4=0, arg5=274886298808, arg6=66518, arg7=0, arg8=0)
at /opt/qemu/linux-user/syscall.c:11635
#8 0x0000000060066c5c in cpu_loop (env=env@entry=0x622fca28)
at /opt/qemu/linux-user/riscv/cpu_loop.c:55
#9 0x0000000060002156 in main (argc=<optimized out>, argv=0x7fffffffed68,
envp=<optimized out>) at /opt/qemu/linux-user/main.c:819
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1785203/+subscriptions
^ permalink raw reply [flat|nested] 2+ messages in thread
* [Bug 1785203] Re: accel/tcg/translate-all.c:2511: page_check_range: Assertion `start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS)' failed.
2018-08-03 9:42 [Qemu-devel] [Bug 1785203] [NEW] accel/tcg/translate-all.c:2511: page_check_range: Assertion `start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS)' failed Serge Belyshev
@ 2020-09-05 9:19 ` Serge Belyshev
0 siblings, 0 replies; 2+ messages in thread
From: Serge Belyshev @ 2020-09-05 9:19 UTC (permalink / raw)
To: qemu-devel
Fixed by 0acd4ab849827bbc20402e01c9da088207c0d236 ("linux-user: check
valid address in access_ok()"), fix released in v5.0.0.
** Changed in: qemu
Status: New => Fix Released
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1785203
Title:
accel/tcg/translate-all.c:2511: page_check_range: Assertion `start <
((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS)' failed.
Status in QEMU:
Fix Released
Bug description:
qemu-riscv64 version 2.12.93 crashes when mincore() is called with
invalid pointer with the following message:
qemu-riscv64: /opt/qemu/accel/tcg/translate-all.c:2511: page_check_range: Assertion `start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS)' failed.
qemu:handle_cpu_signal received signal outside vCPU context @ pc=0x600014ef
Testcase:
#include <sys/mman.h>
int main (void)
{
unsigned char v;
return mincore ((void *) 0x00000010000000000, 1, &v);
}
Backtrace:
#0 raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x000000006000140a in abort () at abort.c:79
#2 0x00000000600012ec in __assert_fail_base (
fmt=0x6024eae8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n",
assertion=0x601b9758 "start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS)",
file=0x601b9658 "/opt/qemu/accel/tcg/translate-all.c", line=2511,
function=0x601b9810 <__PRETTY_FUNCTION__.23867> "page_check_range") at assert.c:92
#3 0x000000006010e10e in __assert_fail (
assertion=assertion@entry=0x601b9758 "start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS)", file=file@entry=0x601b9658 "/opt/qemu/accel/tcg/translate-all.c", line=line@entry=2511,
function=function@entry=0x601b9810 <__PRETTY_FUNCTION__.23867> "page_check_range")
at assert.c:101
#4 0x000000006003e916 in page_check_range (start=start@entry=1099511627776, len=len@entry=1,
flags=flags@entry=1) at /opt/qemu/accel/tcg/translate-all.c:2511
#5 0x0000000060057717 in access_ok (size=1, addr=1099511627776, type=0)
at /opt/qemu/linux-user/qemu.h:567
#6 lock_user (copy=0, len=1, guest_addr=1099511627776, type=0)
at /opt/qemu/linux-user/qemu.h:567
#7 do_syscall (cpu_env=cpu_env@entry=0x622fca28, num=232, arg1=1099511627776, arg2=1,
arg3=274886298751, arg4=0, arg5=274886298808, arg6=66518, arg7=0, arg8=0)
at /opt/qemu/linux-user/syscall.c:11635
#8 0x0000000060066c5c in cpu_loop (env=env@entry=0x622fca28)
at /opt/qemu/linux-user/riscv/cpu_loop.c:55
#9 0x0000000060002156 in main (argc=<optimized out>, argv=0x7fffffffed68,
envp=<optimized out>) at /opt/qemu/linux-user/main.c:819
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1785203/+subscriptions
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-09-05 9:26 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-08-03 9:42 [Qemu-devel] [Bug 1785203] [NEW] accel/tcg/translate-all.c:2511: page_check_range: Assertion `start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS)' failed Serge Belyshev
2020-09-05 9:19 ` [Bug 1785203] " Serge Belyshev
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.