Hi again, I spent some more time creating more mmap test-cases and managed to trig a few more bugs. Luckily, most of them were straight forward to fix. A few are related to the funny semantics of MAP_FILE mmaps beyond EOF. This posts elaborates a bit more on the issue: http://lists.gnu.org/archive/html/qemu-devel/2008-01/msg00163.html
Tested on my intel centrino duo as host, for CRIS, MIPS and i386 targets. Used the -p flag to simulate 8K, 16K and 32K page-sizes. To run the tests for i386 just do a 'make -C tests test-mmap'. I hope this is helpful to somebody. Best regards -- Edgar E. Iglesias Axis Communications AB diff --git a/configure b/configure index bbda3f7..3df08ab 100755 --- a/configure +++ b/configure @@ -1244,6 +1244,7 @@ if test "$source_path_used" = "yes" ; then DIRS="tests tests/cris slirp audio" FILES="Makefile tests/Makefile" FILES="$FILES tests/cris/Makefile tests/cris/.gdbinit" + FILES="$FILES tests/test-mmap.c" for dir in $DIRS ; do mkdir -p $dir done diff --git a/linux-user/mmap.c b/linux-user/mmap.c index 6292826..3c77cc9 100644 --- a/linux-user/mmap.c +++ b/linux-user/mmap.c @@ -23,6 +23,8 @@ #include <string.h> #include <unistd.h> #include <errno.h> +#include <sys/types.h> +#include <sys/stat.h> #include <sys/mman.h> #include "qemu.h" @@ -153,10 +155,12 @@ static int mmap_frag(abi_ulong real_start, #if defined(__CYGWIN__) /* Cygwin doesn't have a whole lot of address space. */ -static abi_ulong mmap_next_start = 0x18000000; +#define MMAP_BASE 0x18000000 #else -static abi_ulong mmap_next_start = 0x40000000; +#define MMAP_BASE 0x40000000 #endif +static abi_ulong mmap_next_start = MMAP_BASE; + /* find a free memory area of size 'size'. The search starts at 'start'. If 'start' == 0, then a default start address is used. @@ -234,8 +238,40 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int prot, len = TARGET_PAGE_ALIGN(len); if (len == 0) return start; - real_start = start & qemu_host_page_mask; + /* When mapping files into a memory area larger than the file, accesses + to pages beyond the file size will cause a SIGBUS. + + For example, if mmaping a file of 100 bytes on a host with 4K pages + emulating a target with 8K pages, the target expects to be able to + access the first 8K. But the host will trap us on any access beyond + 4K. + + When emulating a target with a larger page-size than the hosts, we + may need to truncate file maps at EOF and add extra anonymous pages + up to the targets page boundary. */ + + if (!(flags & MAP_ANONYMOUS)) { + struct stat sb; + + if (fstat (fd, &sb) == -1) + return -1; + + /* Are trying to create a map beyond the EOF?. */ + if (offset + len > sb.st_size) { + /* If so, truncate the file map at eof aligned with + the hosts real pagesize. Additional anonymous maps + will be created beyond EOF. */ + len = (sb.st_size - offset); + len += qemu_real_host_page_size - 1; + len &= ~(qemu_real_host_page_size - 1); + } + } + + real_start = start & qemu_host_page_mask; + end = start + len; + real_end = HOST_PAGE_ALIGN(end); + if (!(flags & MAP_FIXED)) { abi_ulong mmap_start; void *p; @@ -251,9 +287,17 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int prot, especially important if qemu_host_page_size > qemu_real_host_page_size */ p = mmap(g2h(mmap_start), - host_len, prot, flags | MAP_FIXED, fd, host_offset); + len, prot, flags | MAP_FIXED, fd, host_offset); if (p == MAP_FAILED) return -1; + + /* If we are dealing with truncated file maps due to pagesize + * differences between host and target we may need to append + * an anonymous mapping. */ + if (len < host_len) + mmap(g2h(mmap_start) + len, qemu_host_page_size, + prot, flags | MAP_FIXED | MAP_ANONYMOUS, -1, 0); + /* update start so that it points to the file position at 'offset' */ host_start = (unsigned long)p; if (!(flags & MAP_ANONYMOUS)) @@ -264,8 +308,6 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int prot, errno = EINVAL; return -1; } - end = start + len; - real_end = HOST_PAGE_ALIGN(end); /* worst case: we cannot map the file because the offset is not aligned, so we read it */ @@ -337,7 +379,7 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int prot, page_set_flags(start, start + len, prot | PAGE_VALID); the_end: #ifdef DEBUG_MMAP - printf("ret=0x%llx\n", start); + printf("ret=0x" TARGET_FMT_lx "\n", start); page_dump(stdout); printf("\n"); #endif @@ -385,6 +427,8 @@ int target_munmap(abi_ulong start, abi_ulong len) real_end -= qemu_host_page_size; } + mmap_next_start = MMAP_BASE; + /* unmap what we can */ if (real_start < real_end) { ret = munmap(g2h(real_start), real_end - real_start); @@ -432,4 +476,3 @@ int target_msync(abi_ulong start, abi_ulong len, int flags) start &= qemu_host_page_mask; return msync(g2h(start), end - start, flags); } - diff --git a/tests/Makefile b/tests/Makefile index 1775be8..f8e15e4 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -51,6 +51,15 @@ ifeq ($(ARCH),i386) @if diff -u test-i386.ref test-i386.out ; then echo "Auto Test OK (no code copy)"; fi endif +.PHONY: test-mmap +test-mmap: test-mmap.c + $(CC) $(CFLAGS) -Wall -static -O2 $(LDFLAGS) -o $@ $< + ./test-mmap + $(QEMU) ./test-mmap + $(QEMU) -p 8192 ./test-mmap 8192 + $(QEMU) -p 16384 ./test-mmap 16384 + $(QEMU) -p 32768 ./test-mmap 32768 + # generic Linux and CPU test linux-test: linux-test.c $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< -lm diff --git a/tests/test-mmap.c b/tests/test-mmap.c new file mode 100644 index 0000000..38a675a --- /dev/null +++ b/tests/test-mmap.c @@ -0,0 +1,377 @@ +/* + * Small test program to verify simulated mmap behaviour. + * + * When running qemu-linux-user with the -p flag, you may need to tell + * this test program about the pagesize because getpagesize() will not reflect + * the -p choice. Simply pass one argument beeing the pagesize. + */ +#include <stdio.h> +#include <stdlib.h> +#include <stdint.h> +#include <string.h> +#include <unistd.h> + +#include <sys/mman.h> + +#define fail_unless(x) \ +do \ +{ \ + if (!(x)) { \ + fprintf (stderr, "FAILED at %s:%d\n", __FILE__, __LINE__); \ + exit (EXIT_FAILURE); \ + } \ +} while (0); + +unsigned char *dummybuf; +static unsigned int pagesize; +static unsigned int pagemask; +int test_fd; +size_t test_fsize; + +void check_aligned_anonymous_unfixed_mmaps(void) +{ + void *p1; + void *p2; + void *p3; + uintptr_t p; + int i; + + fprintf (stderr, "%s\n", __func__); + for (i = 0; i < 0x1fff; i++) + { + size_t len; + + len = pagesize + (pagesize * i & 7); + p1 = mmap(NULL, len, PROT_READ, + MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); + p2 = mmap(NULL, len, PROT_READ, + MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); + p3 = mmap(NULL, len, PROT_READ, + MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); + + /* Make sure we get pages aligned with the pagesize. The + target expects this. */ + fail_unless (p1 != MAP_FAILED); + fail_unless (p2 != MAP_FAILED); + fail_unless (p3 != MAP_FAILED); + p = (uintptr_t) p1; + fail_unless ((p & pagemask) == 0); + p = (uintptr_t) p2; + fail_unless ((p & pagemask) == 0); + p = (uintptr_t) p3; + fail_unless ((p & pagemask) == 0); + + /* Make sure we can read from the entire area. */ + memcpy (dummybuf, p1, pagesize); + memcpy (dummybuf, p2, pagesize); + memcpy (dummybuf, p3, pagesize); + + munmap (p1, len); + munmap (p2, len); + munmap (p3, len); + } +} + +void check_aligned_anonymous_unfixed_colliding_mmaps(void) +{ + char *p1; + char *p2; + char *p3; + uintptr_t p; + int i; + + fprintf (stderr, "%s\n", __func__); + for (i = 0; i < 0x2fff; i++) + { + int nlen; + + p1 = mmap(NULL, pagesize, PROT_READ, + MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); + fail_unless (p1 != MAP_FAILED); + p = (uintptr_t) p1; + fail_unless ((p & pagemask) == 0); + memcpy (dummybuf, p1, pagesize); + + p2 = mmap(NULL, pagesize, PROT_READ, + MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); + fail_unless (p2 != MAP_FAILED); + p = (uintptr_t) p2; + fail_unless ((p & pagemask) == 0); + memcpy (dummybuf, p2, pagesize); + + + munmap (p1, pagesize); + nlen = pagesize * 8; + p3 = mmap(NULL, nlen, PROT_READ, + MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); + + /* Check if the mmaped areas collide. */ + if (p3 < p2 + && (p3 + nlen) > p2) + fail_unless (0); + + memcpy (dummybuf, p3, pagesize); + + /* Make sure we get pages aligned with the pagesize. The + target expects this. */ + fail_unless (p3 != MAP_FAILED); + p = (uintptr_t) p3; + fail_unless ((p & pagemask) == 0); + munmap (p2, pagesize); + munmap (p3, nlen); + } +} + +void check_aligned_anonymous_fixed_mmaps(void) +{ + char *addr; + void *p1; + uintptr_t p; + int i; + + /* Find a suitable address to start with. */ + addr = mmap(NULL, pagesize * 40, PROT_READ | PROT_WRITE, + MAP_PRIVATE | MAP_ANONYMOUS, + -1, 0); + fprintf (stderr, "%s addr=%p\n", __func__, addr); + fail_unless (addr != MAP_FAILED); + + for (i = 0; i < 40; i++) + { + /* Create submaps within our unfixed map. */ + p1 = mmap(addr, pagesize, PROT_READ, + MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED, + -1, 0); + /* Make sure we get pages aligned with the pagesize. + The target expects this. */ + p = (uintptr_t) p1; + fail_unless (p1 == addr); + fail_unless ((p & pagemask) == 0); + memcpy (dummybuf, p1, pagesize); + munmap (p1, pagesize); + addr += pagesize; + } +} + +void check_file_unfixed_mmaps(void) +{ + unsigned int *p1, *p2, *p3; + uintptr_t p; + int i; + + fprintf (stderr, "%s\n", __func__); + for (i = 0; i < 0x10; i++) + { + size_t len; + + len = pagesize; + p1 = mmap(NULL, len, PROT_READ, + MAP_PRIVATE, + test_fd, 0); + p2 = mmap(NULL, len, PROT_READ, + MAP_PRIVATE, + test_fd, pagesize); + p3 = mmap(NULL, len, PROT_READ, + MAP_PRIVATE, + test_fd, pagesize * 2); + + fail_unless (p1 != MAP_FAILED); + fail_unless (p2 != MAP_FAILED); + fail_unless (p3 != MAP_FAILED); + + /* Make sure we get pages aligned with the pagesize. The + target expects this. */ + p = (uintptr_t) p1; + fail_unless ((p & pagemask) == 0); + p = (uintptr_t) p2; + fail_unless ((p & pagemask) == 0); + p = (uintptr_t) p3; + fail_unless ((p & pagemask) == 0); + + /* Verify that the file maps was made correctly. */ + fail_unless (*p1 == 0); + fail_unless (*p2 == (pagesize / sizeof *p2)); + fail_unless (*p3 == ((pagesize * 2) / sizeof *p3)); + + memcpy (dummybuf, p1, pagesize); + memcpy (dummybuf, p2, pagesize); + memcpy (dummybuf, p3, pagesize); + munmap (p1, len); + munmap (p2, len); + munmap (p3, len); + } +} + +void check_file_unfixed_eof_mmaps(void) +{ + char *cp; + unsigned int *p1; + uintptr_t p; + int i; + + fprintf (stderr, "%s\n", __func__); + for (i = 0; i < 0x10; i++) + { + p1 = mmap(NULL, pagesize, PROT_READ, + MAP_PRIVATE, + test_fd, + (test_fsize - sizeof *p1) & ~pagemask); + + fail_unless (p1 != MAP_FAILED); + + /* Make sure we get pages aligned with the pagesize. The + target expects this. */ + p = (uintptr_t) p1; + fail_unless ((p & pagemask) == 0); + + /* Verify that the file maps was made correctly. */ + fail_unless (p1[(test_fsize & pagemask) / sizeof *p1 - 1] + == ((test_fsize - sizeof *p1) / sizeof *p1)); + + /* Verify that the end of page is accessable and zeroed. */ + cp = (void *) p1; + fail_unless (cp[pagesize - 4] == 0); + munmap (p1, pagesize); + } +} + +void check_file_fixed_eof_mmaps(void) +{ + char *addr; + char *cp; + unsigned int *p1; + uintptr_t p; + int i; + + /* Find a suitable address to start with. */ + addr = mmap(NULL, pagesize * 44, PROT_READ, + MAP_PRIVATE | MAP_ANONYMOUS, + -1, 0); + + fprintf (stderr, "%s addr=%p\n", __func__, (void *)addr); + fail_unless (addr != MAP_FAILED); + + for (i = 0; i < 0x10; i++) + { + /* Create submaps within our unfixed map. */ + p1 = mmap(addr, pagesize, PROT_READ, + MAP_PRIVATE | MAP_FIXED, + test_fd, + (test_fsize - sizeof *p1) & ~pagemask); + + fail_unless (p1 != MAP_FAILED); + + /* Make sure we get pages aligned with the pagesize. The + target expects this. */ + p = (uintptr_t) p1; + fail_unless ((p & pagemask) == 0); + + /* Verify that the file maps was made correctly. */ + fail_unless (p1[(test_fsize & pagemask) / sizeof *p1 - 1] + == ((test_fsize - sizeof *p1) / sizeof *p1)); + + /* Verify that the end of page is accessable and zeroed. */ + cp = (void *)p1; + fail_unless (cp[pagesize - 4] == 0); + munmap (p1, pagesize); + addr += pagesize; + } +} + +void check_file_fixed_mmaps(void) +{ + unsigned int *addr; + unsigned int *p1, *p2, *p3, *p4; + int i; + + /* Find a suitable address to start with. */ + addr = mmap(NULL, pagesize * 44 * 3, PROT_READ, + MAP_PRIVATE | MAP_ANONYMOUS, + -1, 0); + printf ("%s addr=%p\n", __func__, (void *)addr); + fail_unless (addr != MAP_FAILED); + + for (i = 0; i < 40; i++) + { + p1 = mmap(addr, pagesize, PROT_READ, + MAP_PRIVATE | MAP_FIXED, + test_fd, 0); + p2 = mmap(addr + pagesize, pagesize, PROT_READ, + MAP_PRIVATE | MAP_FIXED, + test_fd, pagesize); + p3 = mmap(addr + pagesize * 2, pagesize, PROT_READ, + MAP_PRIVATE | MAP_FIXED, + test_fd, pagesize * 2); + p4 = mmap(addr + pagesize * 3, pagesize, PROT_READ, + MAP_PRIVATE | MAP_FIXED, + test_fd, pagesize * 3); + + /* Make sure we get pages aligned with the pagesize. + The target expects this. */ + fail_unless (p1 == addr); + fail_unless (p2 == addr + pagesize); + fail_unless (p3 == addr + pagesize * 2); + fail_unless (p4 == addr + pagesize * 3); + + /* Verify that the file maps was made correctly. */ + fail_unless (*p1 == 0); + fail_unless (*p2 == (pagesize / sizeof *p2)); + fail_unless (*p3 == ((pagesize * 2) / sizeof *p3)); + fail_unless (*p4 == ((pagesize * 3) / sizeof *p4)); + + memcpy (dummybuf, p1, pagesize); + memcpy (dummybuf, p2, pagesize); + memcpy (dummybuf, p3, pagesize); + memcpy (dummybuf, p4, pagesize); + + munmap (p1, pagesize); + munmap (p2, pagesize); + munmap (p3, pagesize); + munmap (p4, pagesize); + addr += pagesize * 3; + } +} + +int main(int argc, char **argv) +{ + char tempname[] = "/tmp/.cmmapXXXXXX"; + unsigned int i; + + /* Trust the first argument, otherwise probe the system for our + pagesize. */ + if (argc > 1) + pagesize = strtoul(argv[1], NULL, 0); + else + pagesize = sysconf(_SC_PAGESIZE); + + /* Assume pagesize is a power of two. */ + pagemask = pagesize - 1; + dummybuf = malloc (pagesize); + printf ("pagesize=%u pagemask=%x\n", pagesize, pagemask); + + test_fd = mkstemp(tempname); + unlink(tempname); + + /* Fill the file with int's counting from zero and up. */ + for (i = 0; i < (pagesize * 4) / sizeof i; i++) + write (test_fd, &i, sizeof i); + /* Append a few extra writes to make the file end at non + page boundary. */ + write (test_fd, &i, sizeof i); i++; + write (test_fd, &i, sizeof i); i++; + write (test_fd, &i, sizeof i); i++; + + test_fsize = lseek(test_fd, 0, SEEK_CUR); + printf ("fsize=%d\n",test_fsize); + + /* Run the tests. */ + check_aligned_anonymous_unfixed_mmaps(); + check_aligned_anonymous_unfixed_colliding_mmaps(); + check_aligned_anonymous_fixed_mmaps(); + check_file_unfixed_mmaps(); + check_file_fixed_mmaps(); + check_file_fixed_eof_mmaps(); + check_file_unfixed_eof_mmaps(); + + return EXIT_SUCCESS; +}