On 10 February 2016 at 18:39, Laurent Vivier <laur...@vivier.eu> wrote: > > > Le 09/02/2016 16:57, Peter Maydell a écrit : >> Our implementation of shmat() and shmdt() for linux-user was >> using "zero guest address" as its marker for "entry in the >> shm_regions[] array is not in use". This meant that if the >> guest did a shmdt(0) we would match on an unused array entry > > Is shmdt(0) valid ?
It's valid in the sense of "should detach" if shmat() ever returned 0 (which I suspect it will never do but have not attempted to determine). It's valid in the sense of "should not cause an assert" anyway. > I mean, if shmat() is called with shmaddr equal to 0: > "the system chooses a suitable (unused) address at which > to attach the segment." > > and > > "The to-be-detached segment must be currently attached with shmaddr > equal to the value returned by the attaching shmat() call." > > Did you check shmat() can return 0 ? > (I think our mmap_find_vma() cannot return 0) Not wanting to try to figure this out is why I switched to having an extra in_use flag in the shm_regions[] array. 0 is now not any kind of special value as far as addresses go -- if shmat() returned 0 as a valid address then we'll record it in the array, and shmdt() will work. If it never did, then shmdt() won't find any valid entries, we'll call the host with shmdt() on something that wasn't an attached segment and the host kernel will fail the syscall as it should. > Why don't you fail on shmdt(0) (EINVAL) ? We let the host kernel do the error checking and return the errno for us, at which point it will indeed fail EINVAL. thanks -- PMM