From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1MH1u8-0003KC-3z
	for qemu-devel@nongnu.org; Wed, 17 Jun 2009 16:38:44 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1MH1u2-0003JT-Kj
	for qemu-devel@nongnu.org; Wed, 17 Jun 2009 16:38:42 -0400
Received: from [199.232.76.173] (port=48485 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1MH1u2-0003JQ-FN
	for qemu-devel@nongnu.org; Wed, 17 Jun 2009 16:38:38 -0400
Received: from smtp-out.google.com ([216.239.33.17]:24633)
	by monty-python.gnu.org with esmtps
	(TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60)
	(envelope-from <kaib@google.com>) id 1MH1u1-0001qn-Uh
	for qemu-devel@nongnu.org; Wed, 17 Jun 2009 16:38:38 -0400
Received: from wpaz5.hot.corp.google.com (wpaz5.hot.corp.google.com
	[172.24.198.69]) by smtp-out.google.com with ESMTP id n5HKcZix031284
	for <qemu-devel@nongnu.org>; Wed, 17 Jun 2009 21:38:36 +0100
Received: from pzk12 (pzk12.prod.google.com [10.243.19.140])
	by wpaz5.hot.corp.google.com with ESMTP id n5HKcWYI009348
	for <qemu-devel@nongnu.org>; Wed, 17 Jun 2009 13:38:33 -0700
Received: by pzk12 with SMTP id 12so577827pzk.1
	for <qemu-devel@nongnu.org>; Wed, 17 Jun 2009 13:38:32 -0700 (PDT)
MIME-Version: 1.0
In-Reply-To: <c7187c3d0906171054m7037bf78va250ec93a6b580e8@mail.gmail.com>
References: <c7187c3d0906171054m7037bf78va250ec93a6b580e8@mail.gmail.com>
Date: Wed, 17 Jun 2009 23:38:32 +0300
Message-ID: <c7187c3d0906171338t1a66b32ai73e7acd615ecbf@mail.gmail.com>
From: Kai Backman <kaib@google.com>
Content-Type: multipart/alternative; boundary=00504502c74f4912d5046c91463a
Subject: [Qemu-devel] Re: problems with mmap on qemu-arm
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

--00504502c74f4912d5046c91463a
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

I tracked this down to the code in linux-user/syscall.c. The mmap code seems
broken, it assumes arg1 is a pointer to an array where the real arguments
are. Given arg1 = 0 the memory access check fails.
The code I'm working on will happily take mmap2 instead so I have a
workaround. Does someone have an opinion on the state of the mmap code?

 Kai

On Wed, Jun 17, 2009 at 8:54 PM, Kai Backman <kaib@google.com> wrote:

> I'm running qemu-arm and see the following output from mmap with 'strace
> qemu-arm -strace' (for both host and traget strace output):
> mmap(NULL, 32800, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
> 0x2ad329b46000
> 4023 mmap(0,131072,7,34,-1,0) = 0xfffffff2
>
> When my program later tries to read memory at 0xfffffffe it fails with a
> SIGSEGV:
> Program received signal SIGSEGV, Segmentation fault.
> 1: x/i $pc  0xce30:     ldr     r1, [r5]
> (gdb) i r
> r5             0xfffffffe       -2
>
> Why does qemu-arm return such high addresses on a 32 bit platform and why
> is the memory inaccessible? If this doesn't seem like an obvious bug in my
> code, where in the qemu code should I start looking for how mmap works?
>
>  Kai
>
> --
> Kai Backman, Software Engineer, kaib@google.com
>



-- 
Kai Backman, Software Engineer, kaib@google.com

--00504502c74f4912d5046c91463a
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

I tracked this down to the code in linux-user/syscall.c. The mmap code seem=
s broken, it assumes arg1 is a pointer to an array where the real arguments=
 are. Given arg1 =3D 0 the memory access check fails.<div><br></div><div>Th=
e code I&#39;m working on will happily take mmap2 instead so I have a worka=
round. Does someone have an opinion on the state of the mmap code?</div>
<div><br></div><div>=A0Kai<br><br><div class=3D"gmail_quote">On Wed, Jun 17=
, 2009 at 8:54 PM, Kai Backman <span dir=3D"ltr">&lt;<a href=3D"mailto:kaib=
@google.com">kaib@google.com</a>&gt;</span> wrote:<br><blockquote class=3D"=
gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-=
left:1ex;">
I&#39;m running qemu-arm and see the following output from mmap with &#39;s=
trace qemu-arm -strace&#39; (for both host and traget strace output):<br><d=
iv><font face=3D"&#39;courier new&#39;, monospace">mmap(NULL, 32800, PROT_R=
EAD|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =3D 0x2ad329b46000</font>=
</div>

<div><font face=3D"&#39;courier new&#39;, monospace">4023 mmap(0,131072,7,3=
4,-1,0) =3D 0xfffffff2</font></div><div><br></div>
<div>When my program later tries to read memory at 0xfffffffe it fails with=
 a SIGSEGV:</div><div><div><font face=3D"&#39;courier new&#39;, monospace">=
Program received signal SIGSEGV, Segmentation fault.</font></div>
<div><span style=3D"font-family:&#39;courier new&#39;;font-size:10px">1: x/=
i $pc =A00xce30: =A0 =A0 ldr =A0 =A0 r1, [r5]</span></div><div><font face=
=3D"&#39;courier new&#39;, monospace">(gdb) i r</font></div>
<div><span style=3D"font-family:&#39;courier new&#39;;font-size:10px">r5 =
=A0 =A0 =A0 =A0 =A0 =A0 0xfffffffe =A0 =A0 =A0 -2</span></div></div><div><b=
r></div><div>Why does qemu-arm return such high addresses on a 32 bit platf=
orm and why is the memory inaccessible? If this doesn&#39;t seem like an ob=
vious bug in my code, where in the qemu code should I start looking for how=
 mmap works?</div>


<div><br></div><div>=A0Kai</div><div><br><font color=3D"#888888">--<br>Kai =
Backman, Software Engineer, <a href=3D"mailto:kaib@google.com" target=3D"_b=
lank">kaib@google.com</a></font></div>
</blockquote></div><br><br clear=3D"all"><br>-- <br>Kai Backman, Software E=
ngineer, <a href=3D"mailto:kaib@google.com">kaib@google.com</a><br>
</div>

--00504502c74f4912d5046c91463a--