diff mbox series

[08/24] bsd-user: Use page_check_range_empty for MAP_EXCL

Message ID 20230630132159.376995-9-richard.henderson@linaro.org
State Superseded
Headers show
Series linux-user: mmap range fixes | expand

Commit Message

Richard Henderson June 30, 2023, 1:21 p.m. UTC
The previous check returned -1 when any page within
[start, start+len) is unmapped, not when all are unmapped.

Cc: Warner Losh <imp@bsdimp.com>
Cc: Kyle Evans <kevans@freebsd.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 bsd-user/mmap.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Warner Losh June 30, 2023, 6:46 p.m. UTC | #1
On Fri, Jun 30, 2023 at 7:22 AM Richard Henderson <
richard.henderson@linaro.org> wrote:

> The previous check returned -1 when any page within
> [start, start+len) is unmapped, not when all are unmapped.
>
> Cc: Warner Losh <imp@bsdimp.com>
> Cc: Kyle Evans <kevans@freebsd.org>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
> ---
>  bsd-user/mmap.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/bsd-user/mmap.c b/bsd-user/mmap.c
> index 565b9f97ed..07b5b8055e 100644
> --- a/bsd-user/mmap.c
> +++ b/bsd-user/mmap.c
> @@ -609,7 +609,7 @@ abi_long target_mmap(abi_ulong start, abi_ulong len,
> int prot,
>          }
>
>          /* Reject the mapping if any page within the range is mapped */
> -        if ((flags & MAP_EXCL) && page_check_range(start, len, 0) < 0) {
> +        if ((flags & MAP_EXCL) && !page_check_range_empty(start, end -
> 1)) {
>

Won't computing end overflow if start is 1<<32 - len? Then subtracting one
here would be too late.

Warner



>              errno = EINVAL;
>              goto fail;
>          }
> --
> 2.34.1
>
>
Richard Henderson June 30, 2023, 7:40 p.m. UTC | #2
On 6/30/23 20:46, Warner Losh wrote:
> 
> 
> On Fri, Jun 30, 2023 at 7:22 AM Richard Henderson <richard.henderson@linaro.org 
> <mailto:richard.henderson@linaro.org>> wrote:
> 
>     The previous check returned -1 when any page within
>     [start, start+len) is unmapped, not when all are unmapped.
> 
>     Cc: Warner Losh <imp@bsdimp.com <mailto:imp@bsdimp.com>>
>     Cc: Kyle Evans <kevans@freebsd.org <mailto:kevans@freebsd.org>>
>     Signed-off-by: Richard Henderson <richard.henderson@linaro.org
>     <mailto:richard.henderson@linaro.org>>
>     ---
>       bsd-user/mmap.c | 2 +-
>       1 file changed, 1 insertion(+), 1 deletion(-)
> 
>     diff --git a/bsd-user/mmap.c b/bsd-user/mmap.c
>     index 565b9f97ed..07b5b8055e 100644
>     --- a/bsd-user/mmap.c
>     +++ b/bsd-user/mmap.c
>     @@ -609,7 +609,7 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int prot,
>               }
> 
>               /* Reject the mapping if any page within the range is mapped */
>     -        if ((flags & MAP_EXCL) && page_check_range(start, len, 0) < 0) {
>     +        if ((flags & MAP_EXCL) && !page_check_range_empty(start, end - 1)) {
> 
> 
> Won't computing end overflow if start is 1<<32 - len? Then subtracting one here would be 
> too late.

-fwrapv, so fully twos-compliment.

So start per above, end == 0, end - 1 == UINT32_MAX.

See also the rest of the linux-user code, wherein I work with "last == end - 1".
Which has the advantage of preserving comparison order: start < last.


r~
diff mbox series

Patch

diff --git a/bsd-user/mmap.c b/bsd-user/mmap.c
index 565b9f97ed..07b5b8055e 100644
--- a/bsd-user/mmap.c
+++ b/bsd-user/mmap.c
@@ -609,7 +609,7 @@  abi_long target_mmap(abi_ulong start, abi_ulong len, int prot,
         }
 
         /* Reject the mapping if any page within the range is mapped */
-        if ((flags & MAP_EXCL) && page_check_range(start, len, 0) < 0) {
+        if ((flags & MAP_EXCL) && !page_check_range_empty(start, end - 1)) {
             errno = EINVAL;
             goto fail;
         }