]> Git Repo - qemu.git/commitdiff
projects / qemu.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: af3f373)
linux-user/mmap.c: check range of mremap result in target address space
authorTobias Koch <[email protected]>
Wed, 28 Oct 2020 21:38:33 +0000 (22:38 +0100)
committerLaurent Vivier <[email protected]>
Thu, 17 Dec 2020 09:34:27 +0000 (10:34 +0100)
If mremap succeeds, an additional check is performed to ensure that the
new address range fits into the target address space. This check was
previously perfomed in host address space, with the upper bound fixed to
abi_ulong.

This patch replaces the static check with a call to `guest_range_valid`,
performing the range check against the actual size of the target address
space. It also moves the corresponding block to prevent it from being
called incorrectly when the mapping itself fails.

Signed-off-by: Tobias Koch <[email protected]>
Message-Id: <20201028213833[email protected]>
Signed-off-by: Laurent Vivier <[email protected]>
linux-user/mmap.c patch | blob | blame | history

diff --git a/linux-user/mmap.c b/linux-user/mmap.c
index 00c05e6a0f198507344dcddf1a40d37c8518dc1c..810653c503579dfc0a1d4cc146734a54df218e8e 100644 (file)
--- a/linux-user/mmap.c
+++ b/linux-user/mmap.c
@@ -767,20 +767,23 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong old_size,
         }
         if (prot == 0) {
             host_addr = mremap(g2h(old_addr), old_size, new_size, flags);
-            if (host_addr != MAP_FAILED && reserved_va && old_size > new_size) {
-                mmap_reserve(old_addr + old_size, old_size - new_size);
+
+            if (host_addr != MAP_FAILED) {
+                /* Check if address fits target address space */
+                if (!guest_range_valid(h2g(host_addr), new_size)) {
+                    /* Revert mremap() changes */
+                    host_addr = mremap(g2h(old_addr), new_size, old_size,
+                                       flags);
+                    errno = ENOMEM;
+                    host_addr = MAP_FAILED;
+                } else if (reserved_va && old_size > new_size) {
+                    mmap_reserve(old_addr + old_size, old_size - new_size);
+                }
             }
         } else {
             errno = ENOMEM;
             host_addr = MAP_FAILED;
         }
-        /* Check if address fits target address space */
-        if ((unsigned long)host_addr + new_size > (abi_ulong)-1) {
-            /* Revert mremap() changes */
-            host_addr = mremap(g2h(old_addr), new_size, old_size, flags);
-            errno = ENOMEM;
-            host_addr = MAP_FAILED;
-        }
     }
 
     if (host_addr == MAP_FAILED) {
Empty description
This page took 0.027283 seconds and 4 git commands to generate.