Le 24/07/2020 à 23:23, Richard Henderson a écrit : > When the chroot does not have /proc mounted, we can read neither > /proc/sys/vm/mmap_min_addr nor /proc/sys/maps. > > The enforcement of mmap_min_addr in the host kernel is done by > the security module, and so does not apply to processes owned > by root. Which leads pgd_find_hole_fallback to succeed in probing > a reservation at address 0. Which confuses pgb_reserved_va to > believe that guest_base has not actually been initialized. > > We don't actually want NULL addresses to become accessible, so > make sure that mmap_min_addr is initialized with a non-zero value. > > Buglink: https://bugs.launchpad.net/qemu/+bug/1888728 > Reported-by: John Paul Adrian Glaubitz <glaub...@physik.fu-berlin.de> > Signed-off-by: Richard Henderson <richard.hender...@linaro.org> > --- > linux-user/main.c | 16 ++++++++++++++-- > 1 file changed, 14 insertions(+), 2 deletions(-) > > diff --git a/linux-user/main.c b/linux-user/main.c > index 3597e99bb1..75c9785157 100644 > --- a/linux-user/main.c > +++ b/linux-user/main.c > @@ -758,14 +758,26 @@ int main(int argc, char **argv, char **envp) > > if ((fp = fopen("/proc/sys/vm/mmap_min_addr", "r")) != NULL) { > unsigned long tmp; > - if (fscanf(fp, "%lu", &tmp) == 1) { > + if (fscanf(fp, "%lu", &tmp) == 1 && tmp != 0) { > mmap_min_addr = tmp; > - qemu_log_mask(CPU_LOG_PAGE, "host mmap_min_addr=0x%lx\n", > mmap_min_addr); > + qemu_log_mask(CPU_LOG_PAGE, "host mmap_min_addr=0x%lx\n", > + mmap_min_addr); > } > fclose(fp); > } > } > > + /* > + * We prefer to not make NULL pointers accessible to QEMU. > + * If we're in a chroot with no /proc, fall back to 1 page. > + */ > + if (mmap_min_addr == 0) { > + mmap_min_addr = qemu_host_page_size; > + qemu_log_mask(CPU_LOG_PAGE, > + "host mmap_min_addr=0x%lx (fallback)\n", > + mmap_min_addr); > + } > + > /* > * Prepare copy of argv vector for target. > */ >
Applied to my linux-user-for-5.1 branch. Thanks, Laurent