This patch (hack) fixes the crash on armhf.
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index a26200d9f3..2efa981061 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -3674,7 +3685,7 @@ int load_elf_binary(struct linux_binprm *bprm, struct
image_info *info)
* The implementation of do_brk in syscalls.c expects to be able
* to mmap pages in this space.
*/
- if (info->reserve_brk) {
+ if (0 && info->reserve_brk) {
abi_ulong start_brk = HOST_PAGE_ALIGN(info->brk);
abi_ulong end_brk = HOST_PAGE_ALIGN(info->brk + info->reserve_brk);
target_munmap(start_brk, end_brk - start_brk);
Still wondering what the best fix is.
Without the patch this is the memory layout:
start end size prot
00010000-00011000 00001000 r-x
00011000-00020000 0000f000 ---
00020000-00021000 00001000 rw-
40000000-40001000 00001000 ---
40001000-40801000 00800000 rwx
40801000-40802000 00001000 r-x
ffff0000-ffff1000 00001000 r-x
start_brk 0x00000000
end_code 0x00010a73
start_code 0x00010000
start_data 0x00020a78
end_data 0x00020cd0
start_stack 0x407ffe50
brk 0x00020cd4
entry 0x003800f9
argv_start 0x407ffe54
env_start 0x407ffe60
auxv_start 0x407fff28
With the patch, this is the layout:
start end size prot
00010000-00011000 00001000 r-x
00011000-00020000 0000f000 ---
00020000-00021000 00001000 rw-
00021000-00380000 0035f000 ---
00380000-0038d000 0000d000 r-x
0038d000-0039c000 0000f000 ---
0039c000-0039d000 00001000 rw-
0039d000-0039f000 00002000 rw-
0039f000-01021000 00c82000 ---
40000000-40001000 00001000 ---
40001000-40801000 00800000 rwx
40801000-40802000 00001000 r-x
ffff0000-ffff1000 00001000 r-x
start_brk 0x00000000
end_code 0x00010a73
start_code 0x00010000
start_data 0x00020a78
end_data 0x00020cd0
start_stack 0x407ffe50
brk 0x00020cd4
entry 0x003800f9
argv_start 0x407ffe54
env_start 0x407ffe60
auxv_start 0x407fff28
As can be seen, the memory segment of "entry" at 0x003800f9
has been unmapped when releasing the "reserve_brk" region.
Since qemu can't then fetch the instructions, it crashes immediately.
