[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 13/17] linux-user: detect overflow of MAP_FIXED mmap
From: |
Alex Bennée |
Subject: |
[PULL 13/17] linux-user: detect overflow of MAP_FIXED mmap |
Date: |
Tue, 9 Jun 2020 11:38:05 +0100 |
Relaxing the restrictions on 64 bit guests leads to the user being
able to attempt to map right at the edge of addressable memory. This
in turn lead to address overflow tripping the assert in page_set_flags
when the end address wrapped around.
Detect the wrap earlier and correctly -ENOMEM the guest (in the
reported case LTP mmap15).
Fixes: 7d8cbbabcb
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reported-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20200605154929.26910-15-alex.bennee@linaro.org>
diff --git a/linux-user/mmap.c b/linux-user/mmap.c
index caab62909eb..0019447892e 100644
--- a/linux-user/mmap.c
+++ b/linux-user/mmap.c
@@ -467,7 +467,7 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int
prot,
* It can fail only on 64-bit host with 32-bit target.
* On any other target/host host mmap() handles this error correctly.
*/
- if (!guest_range_valid(start, len)) {
+ if (end < start || !guest_range_valid(start, len)) {
errno = ENOMEM;
goto fail;
}
--
2.20.1
- [PULL 05/17] .travis.yml: allow failure for unreliable hosts, (continued)
- [PULL 05/17] .travis.yml: allow failure for unreliable hosts, Alex Bennée, 2020/06/09
- [PULL 06/17] .shippable: temporaily disable some cross builds, Alex Bennée, 2020/06/09
- [PULL 09/17] hw/virtio/vhost: re-factor vhost-section and allow DIRTY_MEMORY_CODE, Alex Bennée, 2020/06/09
- [PULL 10/17] linux-user: provide fallback pgd_find_hole for bare chroots, Alex Bennée, 2020/06/09
- [PULL 08/17] docker: update Ubuntu to 20.04, Alex Bennée, 2020/06/09
- [PULL 11/17] linux-user: deal with address wrap for ARM_COMMPAGE on 32 bit, Alex Bennée, 2020/06/09
- [PULL 07/17] tests/docker: fix pre-requisite for debian-tricore-cross, Alex Bennée, 2020/06/09
- [PULL 15/17] tests/vm: Remove flex/bison packages, Alex Bennée, 2020/06/09
- [PULL 13/17] linux-user: detect overflow of MAP_FIXED mmap,
Alex Bennée <=
- [PULL 17/17] scripts/coverity-scan: Remove flex/bison packages, Alex Bennée, 2020/06/09
- [PULL 14/17] tests/docker: Remove flex/bison packages, Alex Bennée, 2020/06/09
- [PULL 16/17] cirrus-ci: Remove flex/bison packages, Alex Bennée, 2020/06/09
- Re: [PULL 00/17] testing and misc fixes, Peter Maydell, 2020/06/11