[PULL 13/17] linux-user: detect overflow of MAP

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PULL 13/17] linux-user: detect overflow of MAP_FIXED mmap

From:	Alex Bennée
Subject:	[PULL 13/17] linux-user: detect overflow of MAP_FIXED mmap
Date:	Tue, 9 Jun 2020 11:38:05 +0100

Relaxing the restrictions on 64 bit guests leads to the user being
able to attempt to map right at the edge of addressable memory. This
in turn lead to address overflow tripping the assert in page_set_flags
when the end address wrapped around.

Detect the wrap earlier and correctly -ENOMEM the guest (in the
reported case LTP mmap15).

Fixes: 7d8cbbabcb
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reported-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20200605154929.26910-15-alex.bennee@linaro.org>

diff --git a/linux-user/mmap.c b/linux-user/mmap.c
index caab62909eb..0019447892e 100644
--- a/linux-user/mmap.c
+++ b/linux-user/mmap.c
@@ -467,7 +467,7 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int 
prot,
          * It can fail only on 64-bit host with 32-bit target.
          * On any other target/host host mmap() handles this error correctly.
          */
-        if (!guest_range_valid(start, len)) {
+        if (end < start || !guest_range_valid(start, len)) {
             errno = ENOMEM;
             goto fail;
         }
-- 
2.20.1

[Prev in Thread]

Current Thread

[Next in Thread]

[PULL 05/17] .travis.yml: allow failure for unreliable hosts, (continued)
- [PULL 05/17] .travis.yml: allow failure for unreliable hosts, Alex Bennée, 2020/06/09
- [PULL 06/17] .shippable: temporaily disable some cross builds, Alex Bennée, 2020/06/09
- [PULL 09/17] hw/virtio/vhost: re-factor vhost-section and allow DIRTY_MEMORY_CODE, Alex Bennée, 2020/06/09
- [PULL 10/17] linux-user: provide fallback pgd_find_hole for bare chroots, Alex Bennée, 2020/06/09
- [PULL 08/17] docker: update Ubuntu to 20.04, Alex Bennée, 2020/06/09
- [PULL 11/17] linux-user: deal with address wrap for ARM_COMMPAGE on 32 bit, Alex Bennée, 2020/06/09
- [PULL 07/17] tests/docker: fix pre-requisite for debian-tricore-cross, Alex Bennée, 2020/06/09
- [PULL 15/17] tests/vm: Remove flex/bison packages, Alex Bennée, 2020/06/09
  - Re: [PULL 15/17] tests/vm: Remove flex/bison packages, Claudio Fontana, 2020/06/09
    - Re: [PULL 15/17] tests/vm: Remove flex/bison packages, Alex Bennée, 2020/06/09
- [PULL 13/17] linux-user: detect overflow of MAP_FIXED mmap, Alex Bennée <=
- [PULL 17/17] scripts/coverity-scan: Remove flex/bison packages, Alex Bennée, 2020/06/09
- [PULL 14/17] tests/docker: Remove flex/bison packages, Alex Bennée, 2020/06/09
- [PULL 16/17] cirrus-ci: Remove flex/bison packages, Alex Bennée, 2020/06/09
- Re: [PULL 00/17] testing and misc fixes, Peter Maydell, 2020/06/11

Prev by Date: [PULL 15/17] tests/vm: Remove flex/bison packages
Next by Date: [PULL 17/17] scripts/coverity-scan: Remove flex/bison packages
Previous by thread: Re: [PULL 15/17] tests/vm: Remove flex/bison packages
Next by thread: [PULL 17/17] scripts/coverity-scan: Remove flex/bison packages
Index(es):
- Date
- Thread