blob: edd9734f30a71c05d2bdb523541dac5f167b7649 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
If mremap() is called without the MREMAP_MAYMOVE flag with a start address
just before the end of memory (reserved_va) where new_size would exceed
GUEST_ADD_MAX, the assert(end - 1 <= GUEST_ADDR_MAX) in page_set_flags()
would trigger.
Add an extra guard to the guest_range_valid() checks to prevent this and
avoid asserting binaries when reserved_va is set.
This meant a test case now gives the same behaviour regardless of whether
reserved_va is set or not.
Upstream-Status: Backport [https://github.com/qemu/qemu/commit/ccc5ccc17f8cfbfd87d9aede5d12a2d47c56e712]
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org
Index: qemu-5.2.0/linux-user/mmap.c
===================================================================
--- qemu-5.2.0.orig/linux-user/mmap.c
+++ qemu-5.2.0/linux-user/mmap.c
@@ -727,7 +727,9 @@ abi_long target_mremap(abi_ulong old_add
if (!guest_range_valid(old_addr, old_size) ||
((flags & MREMAP_FIXED) &&
- !guest_range_valid(new_addr, new_size))) {
+ !guest_range_valid(new_addr, new_size)) ||
+ ((flags & MREMAP_MAYMOVE) == 0 &&
+ !guest_range_valid(old_addr, new_size))) {
errno = ENOMEM;
return -1;
}
|
