I can confirm that this bug still exists in the current qemu master (short commit ID 0050f9978e):
~/qemu$ gcc -m32 shm_bug.c -o shm_bug32 shm_bug.c: In function ‘main’: shm_bug.c:12:24: warning: initialization makes pointer from integer without a cast [-Wint-conversion] const void *at = 0x7f7df38ea000; ^~~~~~~~~~~~~~ ~/qemu$ i386-linux-user/qemu-i386 ./shm_bug32 got err 0, ptr 0xffffffff ari@ari-thinkpad:~/qemu$ gcc shm_bug.c -o shm_bug64 shm_bug.c: In function ‘main’: shm_bug.c:12:24: warning: initialization makes pointer from integer without a cast [-Wint-conversion] const void *at = 0x7f7df38ea000; ^~~~~~~~~~~~~~ ~/qemu$ x86_64-linux-user/qemu-x86_64 ./shm_bug64 got err 0, ptr 0x7f7df38ea000 ari@ari-thinkpad:~/qemu$ Additionally, running each executable directly on a 64-bit Ubuntu 18.04 system, we can see that the behavior of the 32-bit binary differs between qemu-i386 and native, while that of the 64-bit binary does not: ~/qemu$ ./shm_bug32 got err 0, ptr 0xf38ea000 ~/qemu$ ./shm_bug64 got err 0, ptr 0x7f7df38ea000 ~/qemu$ ** Changed in: qemu Status: Expired => Confirmed -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1462640 Title: shmat fails on 32-to-64 setup Status in QEMU: Confirmed Bug description: I am trying to run a guest mips32 program (user mode) on a x86_64 host. The program fails on a call to shmat() reproducibly. when digging into this problem, I could make a small guest POC that fails when compiled as i386 (-m32) running on a x86_64 host, but pass when compiled as 64bit. The problem has to do with mmap flags. From what I can understand, when running 32bits guests programs, qemu reserve the whole guest virtual space with an mmap call. That mmap call specifys MAP:PRIVATE flag. When shmat is called, it tries to make part of that region MAP_SHARED and that fails. As a possible fix, it looks like it is possible to first unmap the shm region before calling shmat. steps to reproduce: 1 - create a file shm.c with content below 2 - compile with: gcc -m32 shm.c -o shm32 3 - run on a x86_64 host: qemu-i386 ./shm32 4 - observe shmat fails, by returning ptr -1 5- compile without -m32: : gcc shm.c -o shm64 6 - observe it pass: qemu-x84_64 ./shm64 #include <sys/ipc.h> #include <sys/shm.h> #include <sys/mman.h> #include <stdio.h> int main() { struct shmid_ds shm_desc; int err = 0; int id = shmget(IPC_PRIVATE, 688128, IPC_CREAT|IPC_EXCL|0666); err = shmctl(id, IPC_STAT, &shm_desc); const void *at = 0x7f7df38ea000; void* ptr = shmat(id, at, 0); printf( "got err %d, ptr %p\n", err, ptr ); } To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1462640/+subscriptions