diff options
author | Richard Henderson <richard.henderson@linaro.org> | 2023-03-31 18:34:42 -0700 |
---|---|---|
committer | Richard Henderson <richard.henderson@linaro.org> | 2023-04-04 07:48:27 -0700 |
commit | 6cda41daa2162b8e1048124655ba02a8c2b762b4 (patch) | |
tree | 04ee24a950f87fdfd7677a5ab18a9895ada1003a | |
parent | 51a6dc9d394098e8f4141fad869a1ee9585f54f8 (diff) |
Revert "linux-user/arm: Take more care allocating commpage"
This reverts commit 4f5c67f8df7f26e559509c68c45e652709edd23f.
This exposes bugs in target_mmap et al with respect to overflow
with the final page of the guest address space. To be fixed in
the next development cycle.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-rw-r--r-- | linux-user/elfload.c | 37 |
1 files changed, 10 insertions, 27 deletions
diff --git a/linux-user/elfload.c b/linux-user/elfload.c index b96b3e566b..f1370a7a8b 100644 --- a/linux-user/elfload.c +++ b/linux-user/elfload.c @@ -423,32 +423,12 @@ enum { static bool init_guest_commpage(void) { - ARMCPU *cpu = ARM_CPU(thread_cpu); - abi_ptr want = HI_COMMPAGE & TARGET_PAGE_MASK; - abi_ptr addr; - - /* - * M-profile allocates maximum of 2GB address space, so can never - * allocate the commpage. Skip it. - */ - if (arm_feature(&cpu->env, ARM_FEATURE_M)) { - return true; - } - - /* - * If reserved_va does not cover the commpage, we get an assert - * in page_set_flags. Produce an intelligent error instead. - */ - if (reserved_va != 0 && want + TARGET_PAGE_SIZE - 1 > reserved_va) { - error_report("Allocating guest commpage: -R 0x%" PRIx64 " too small", - (uint64_t)reserved_va + 1); - exit(EXIT_FAILURE); - } - - addr = target_mmap(want, TARGET_PAGE_SIZE, PROT_READ | PROT_WRITE, - MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0); + abi_ptr commpage = HI_COMMPAGE & -qemu_host_page_size; + void *want = g2h_untagged(commpage); + void *addr = mmap(want, qemu_host_page_size, PROT_READ | PROT_WRITE, + MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0); - if (addr == -1) { + if (addr == MAP_FAILED) { perror("Allocating guest commpage"); exit(EXIT_FAILURE); } @@ -457,12 +437,15 @@ static bool init_guest_commpage(void) } /* Set kernel helper versions; rest of page is 0. */ - put_user_u32(5, 0xffff0ffcu); + __put_user(5, (uint32_t *)g2h_untagged(0xffff0ffcu)); - if (target_mprotect(addr, qemu_host_page_size, PROT_READ | PROT_EXEC)) { + if (mprotect(addr, qemu_host_page_size, PROT_READ)) { perror("Protecting guest commpage"); exit(EXIT_FAILURE); } + + page_set_flags(commpage, commpage | ~qemu_host_page_mask, + PAGE_READ | PAGE_EXEC | PAGE_VALID); return true; } |