| If mremap() is called without the MREMAP_MAYMOVE flag with a start address |
| just before the end of memory (reserved_va) where new_size would exceed |
| GUEST_ADD_MAX, the assert(end - 1 <= GUEST_ADDR_MAX) in page_set_flags() |
| would trigger. |
| |
| Add an extra guard to the guest_range_valid() checks to prevent this and |
| avoid asserting binaries when reserved_va is set. |
| |
| This meant a test case now gives the same behaviour regardless of whether |
| reserved_va is set or not. |
| |
| Upstream-Status: Backport [https://github.com/qemu/qemu/commit/ccc5ccc17f8cfbfd87d9aede5d12a2d47c56e712] |
| Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org |
| |
| Index: qemu-5.2.0/linux-user/mmap.c |
| =================================================================== |
| --- qemu-5.2.0.orig/linux-user/mmap.c |
| +++ qemu-5.2.0/linux-user/mmap.c |
| @@ -727,7 +727,9 @@ abi_long target_mremap(abi_ulong old_add |
| |
| if (!guest_range_valid(old_addr, old_size) || |
| ((flags & MREMAP_FIXED) && |
| - !guest_range_valid(new_addr, new_size))) { |
| + !guest_range_valid(new_addr, new_size)) || |
| + ((flags & MREMAP_MAYMOVE) == 0 && |
| + !guest_range_valid(old_addr, new_size))) { |
| errno = ENOMEM; |
| return -1; |
| } |