Andrew Geissler | d1e8949 | 2021-02-12 15:35:20 -0600 | [diff] [blame^] | 1 | If mremap() is called without the MREMAP_MAYMOVE flag with a start address |
| 2 | just before the end of memory (reserved_va) where new_size would exceed |
| 3 | GUEST_ADD_MAX, the assert(end - 1 <= GUEST_ADDR_MAX) in page_set_flags() |
| 4 | would trigger. |
| 5 | |
| 6 | Add an extra guard to the guest_range_valid() checks to prevent this and |
| 7 | avoid asserting binaries when reserved_va is set. |
| 8 | |
| 9 | This meant a test case now gives the same behaviour regardless of whether |
| 10 | reserved_va is set or not. |
| 11 | |
| 12 | Upstream-Status: Pending |
| 13 | Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org |
| 14 | |
| 15 | Index: qemu-5.2.0/linux-user/mmap.c |
| 16 | =================================================================== |
| 17 | --- qemu-5.2.0.orig/linux-user/mmap.c |
| 18 | +++ qemu-5.2.0/linux-user/mmap.c |
| 19 | @@ -727,7 +727,9 @@ abi_long target_mremap(abi_ulong old_add |
| 20 | |
| 21 | if (!guest_range_valid(old_addr, old_size) || |
| 22 | ((flags & MREMAP_FIXED) && |
| 23 | - !guest_range_valid(new_addr, new_size))) { |
| 24 | + !guest_range_valid(new_addr, new_size)) || |
| 25 | + ((flags & MREMAP_MAYMOVE) == 0 && |
| 26 | + !guest_range_valid(old_addr, new_size))) { |
| 27 | errno = ENOMEM; |
| 28 | return -1; |
| 29 | } |