* [PATCH] linux-user/elfload: fix address calculation in fallback scenario
@ 2021-01-31 6:19 Vincent Fazio
2021-02-13 21:48 ` Laurent Vivier
2021-03-09 21:23 ` Laurent Vivier
0 siblings, 2 replies; 4+ messages in thread
From: Vincent Fazio @ 2021-01-31 6:19 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-trivial, laurent, Vincent Fazio
From: Vincent Fazio <vfazio@gmail.com>
Previously, guest_loaddr was not taken into account when returning an
address from pgb_find_hole when /proc/self/maps was unavailable which
caused an improper guest_base address to be calculated.
This could cause a SIGSEGV later in load_elf_image -> target_mmap for
ET_EXEC type images since the mmap MAP_FIXED flag is specified which
could clobber existing mappings at the address returnd by g2h().
mmap(0xd87000, 16846912, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE|0x100000, -1, 0) = 0xd87000
munmap(0xd87000, 16846912) = 0
write(2, "Locating guest address space @ 0"..., 40Locating guest address space @ 0xd87000) = 40
mmap(0x1187000, 16850944, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x1187000
--- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2188310} ---
+++ killed by SIGSEGV +++
Now, pgd_find_hole accounts for guest_loaddr in this scenario.
Fixes: ad592e37dfcc ("linux-user: provide fallback pgd_find_hole for bare chroots")
Signed-off-by: Vincent Fazio <vfazio@gmail.com>
---
linux-user/elfload.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index 8d425f9ed0..6d606b9442 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -2242,7 +2242,8 @@ static uintptr_t pgb_find_hole(uintptr_t guest_loaddr, uintptr_t guest_size,
brk = (uintptr_t)sbrk(0);
if (!maps) {
- return pgd_find_hole_fallback(guest_size, brk, align, offset);
+ ret = pgd_find_hole_fallback(guest_size, brk, align, offset);
+ return ret - guest_loaddr;
}
/* The first hole is before the first map entry. */
--
2.30.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] linux-user/elfload: fix address calculation in fallback scenario
2021-01-31 6:19 [PATCH] linux-user/elfload: fix address calculation in fallback scenario Vincent Fazio
@ 2021-02-13 21:48 ` Laurent Vivier
2021-03-09 21:04 ` Vincent Fazio
2021-03-09 21:23 ` Laurent Vivier
1 sibling, 1 reply; 4+ messages in thread
From: Laurent Vivier @ 2021-02-13 21:48 UTC (permalink / raw)
To: Vincent Fazio, qemu-devel; +Cc: qemu-trivial, Alex Bennée, Vincent Fazio
Le 31/01/2021 à 07:19, Vincent Fazio a écrit :
> From: Vincent Fazio <vfazio@gmail.com>
>
> Previously, guest_loaddr was not taken into account when returning an
> address from pgb_find_hole when /proc/self/maps was unavailable which
> caused an improper guest_base address to be calculated.
>
> This could cause a SIGSEGV later in load_elf_image -> target_mmap for
> ET_EXEC type images since the mmap MAP_FIXED flag is specified which
> could clobber existing mappings at the address returnd by g2h().
>
> mmap(0xd87000, 16846912, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE|0x100000, -1, 0) = 0xd87000
> munmap(0xd87000, 16846912) = 0
> write(2, "Locating guest address space @ 0"..., 40Locating guest address space @ 0xd87000) = 40
> mmap(0x1187000, 16850944, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x1187000
> --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2188310} ---
> +++ killed by SIGSEGV +++
>
> Now, pgd_find_hole accounts for guest_loaddr in this scenario.
>
> Fixes: ad592e37dfcc ("linux-user: provide fallback pgd_find_hole for bare chroots")
> Signed-off-by: Vincent Fazio <vfazio@gmail.com>
> ---
> linux-user/elfload.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/linux-user/elfload.c b/linux-user/elfload.c
> index 8d425f9ed0..6d606b9442 100644
> --- a/linux-user/elfload.c
> +++ b/linux-user/elfload.c
> @@ -2242,7 +2242,8 @@ static uintptr_t pgb_find_hole(uintptr_t guest_loaddr, uintptr_t guest_size,
> brk = (uintptr_t)sbrk(0);
>
> if (!maps) {
> - return pgd_find_hole_fallback(guest_size, brk, align, offset);
> + ret = pgd_find_hole_fallback(guest_size, brk, align, offset);
> + return ret - guest_loaddr;
> }
>
> /* The first hole is before the first map entry. */
>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
CC: Alex
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] linux-user/elfload: fix address calculation in fallback scenario
2021-02-13 21:48 ` Laurent Vivier
@ 2021-03-09 21:04 ` Vincent Fazio
0 siblings, 0 replies; 4+ messages in thread
From: Vincent Fazio @ 2021-03-09 21:04 UTC (permalink / raw)
To: Laurent Vivier, qemu-devel; +Cc: qemu-trivial, Alex Bennée, Vincent Fazio
Pinging per Laurent.
On 2/13/21 3:48 PM, Laurent Vivier wrote:
> Le 31/01/2021 à 07:19, Vincent Fazio a écrit :
>> From: Vincent Fazio <vfazio@gmail.com>
>>
>> Previously, guest_loaddr was not taken into account when returning an
>> address from pgb_find_hole when /proc/self/maps was unavailable which
>> caused an improper guest_base address to be calculated.
>>
>> This could cause a SIGSEGV later in load_elf_image -> target_mmap for
>> ET_EXEC type images since the mmap MAP_FIXED flag is specified which
>> could clobber existing mappings at the address returnd by g2h().
>>
>> mmap(0xd87000, 16846912, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE|0x100000, -1, 0) = 0xd87000
>> munmap(0xd87000, 16846912) = 0
>> write(2, "Locating guest address space @ 0"..., 40Locating guest address space @ 0xd87000) = 40
>> mmap(0x1187000, 16850944, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x1187000
>> --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2188310} ---
>> +++ killed by SIGSEGV +++
>>
>> Now, pgd_find_hole accounts for guest_loaddr in this scenario.
>>
>> Fixes: ad592e37dfcc ("linux-user: provide fallback pgd_find_hole for bare chroots")
>> Signed-off-by: Vincent Fazio <vfazio@gmail.com>
>> ---
>> linux-user/elfload.c | 3 ++-
>> 1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/linux-user/elfload.c b/linux-user/elfload.c
>> index 8d425f9ed0..6d606b9442 100644
>> --- a/linux-user/elfload.c
>> +++ b/linux-user/elfload.c
>> @@ -2242,7 +2242,8 @@ static uintptr_t pgb_find_hole(uintptr_t guest_loaddr, uintptr_t guest_size,
>> brk = (uintptr_t)sbrk(0);
>>
>> if (!maps) {
>> - return pgd_find_hole_fallback(guest_size, brk, align, offset);
>> + ret = pgd_find_hole_fallback(guest_size, brk, align, offset);
>> + return ret - guest_loaddr;
>> }
>>
>> /* The first hole is before the first map entry. */
>>
>
> Reviewed-by: Laurent Vivier <laurent@vivier.eu>
>
> CC: Alex
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] linux-user/elfload: fix address calculation in fallback scenario
2021-01-31 6:19 [PATCH] linux-user/elfload: fix address calculation in fallback scenario Vincent Fazio
2021-02-13 21:48 ` Laurent Vivier
@ 2021-03-09 21:23 ` Laurent Vivier
1 sibling, 0 replies; 4+ messages in thread
From: Laurent Vivier @ 2021-03-09 21:23 UTC (permalink / raw)
To: Vincent Fazio, qemu-devel; +Cc: qemu-trivial, Vincent Fazio
Le 31/01/2021 à 07:19, Vincent Fazio a écrit :
> From: Vincent Fazio <vfazio@gmail.com>
>
> Previously, guest_loaddr was not taken into account when returning an
> address from pgb_find_hole when /proc/self/maps was unavailable which
> caused an improper guest_base address to be calculated.
>
> This could cause a SIGSEGV later in load_elf_image -> target_mmap for
> ET_EXEC type images since the mmap MAP_FIXED flag is specified which
> could clobber existing mappings at the address returnd by g2h().
>
> mmap(0xd87000, 16846912, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE|0x100000, -1, 0) = 0xd87000
> munmap(0xd87000, 16846912) = 0
> write(2, "Locating guest address space @ 0"..., 40Locating guest address space @ 0xd87000) = 40
> mmap(0x1187000, 16850944, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x1187000
> --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2188310} ---
> +++ killed by SIGSEGV +++
>
> Now, pgd_find_hole accounts for guest_loaddr in this scenario.
>
> Fixes: ad592e37dfcc ("linux-user: provide fallback pgd_find_hole for bare chroots")
> Signed-off-by: Vincent Fazio <vfazio@gmail.com>
> ---
> linux-user/elfload.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/linux-user/elfload.c b/linux-user/elfload.c
> index 8d425f9ed0..6d606b9442 100644
> --- a/linux-user/elfload.c
> +++ b/linux-user/elfload.c
> @@ -2242,7 +2242,8 @@ static uintptr_t pgb_find_hole(uintptr_t guest_loaddr, uintptr_t guest_size,
> brk = (uintptr_t)sbrk(0);
>
> if (!maps) {
> - return pgd_find_hole_fallback(guest_size, brk, align, offset);
> + ret = pgd_find_hole_fallback(guest_size, brk, align, offset);
> + return ret - guest_loaddr;
> }
>
> /* The first hole is before the first map entry. */
>
Applied to my linux-user-for-6.0 branch.
Thanks,
Laurent
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-03-09 21:34 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-31 6:19 [PATCH] linux-user/elfload: fix address calculation in fallback scenario Vincent Fazio
2021-02-13 21:48 ` Laurent Vivier
2021-03-09 21:04 ` Vincent Fazio
2021-03-09 21:23 ` Laurent Vivier
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.