[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 15ad98: linux-user: Fix qemu brk() to not zer
|
From: |
Peter Maydell |
|
Subject: |
[Qemu-commits] [qemu/qemu] 15ad98: linux-user: Fix qemu brk() to not zero bytes on cu... |
|
Date: |
Thu, 20 Jul 2023 01:54:48 -0700 |
Branch: refs/heads/staging
Home: https://github.com/qemu/qemu
Commit: 15ad98536ad9410fb32ddf1ff09389b677643faa
https://github.com/qemu/qemu/commit/15ad98536ad9410fb32ddf1ff09389b677643faa
Author: Helge Deller <deller@gmx.de>
Date: 2023-07-18 (Tue, 18 Jul 2023)
Changed paths:
M linux-user/syscall.c
Log Message:
-----------
linux-user: Fix qemu brk() to not zero bytes on current page
The qemu brk() implementation is too aggressive and cleans remaining bytes
on the current page above the last brk address.
But some existing applications are buggy and read/write bytes above their
current heap address. On a phyiscal machine this does not trigger a
runtime error as long as the access happens on the same page. Additionally
the Linux kernel allocates only full pages and does no zeroing on already
allocated pages, even if the brk address is lowered.
Fix qemu to behave the same way as the kernel does. Do not touch already
allocated pages, and - when running with different page sizes of guest and
host - zero out only those memory areas where the host page size is bigger
than the guest page size.
Signed-off-by: Helge Deller <deller@gmx.de>
Tested-by: "Markus F.X.J. Oberhumer" <markus@oberhumer.com>
Fixes: 86f04735ac ("linux-user: Fix brk() to release pages")
Cc: qemu-stable@nongnu.org
Buglink: https://github.com/upx/upx/issues/683
Commit: dfe49864afb06e7e452a4366051697bc4fcfc1a5
https://github.com/qemu/qemu/commit/dfe49864afb06e7e452a4366051697bc4fcfc1a5
Author: Helge Deller <deller@gmx.de>
Date: 2023-07-18 (Tue, 18 Jul 2023)
Changed paths:
M linux-user/syscall.c
Log Message:
-----------
linux-user: Prohibit brk() to to shrink below initial heap address
Since commit 86f04735ac ("linux-user: Fix brk() to release pages") it's
possible for userspace applications to reduce their memory footprint by
calling brk() with a lower address and free up memory. Before that commit
guest heap memory was never unmapped.
But the Linux kernel prohibits to reduce brk() below the initial memory
address which is set at startup by the set_brk() function in binfmt_elf.c.
Such a range check was missed in commit 86f04735ac.
This patch adds the missing check by storing the initial brk value in
initial_target_brk and verify any new brk addresses against that value.
Tested with the i386 upx binary from
https://github.com/upx/upx/releases/download/v4.0.2/upx-4.0.2-i386_linux.tar.xz
Signed-off-by: Helge Deller <deller@gmx.de>
Tested-by: "Markus F.X.J. Oberhumer" <markus@oberhumer.com>
Fixes: 86f04735ac ("linux-user: Fix brk() to release pages")
Cc: qemu-stable@nongnu.org
Buglink: https://github.com/upx/upx/issues/683
Commit: eac78a4b0b7da4de2c0a297f4d528ca9cc6256a3
https://github.com/qemu/qemu/commit/eac78a4b0b7da4de2c0a297f4d528ca9cc6256a3
Author: Helge Deller <deller@gmx.de>
Date: 2023-07-18 (Tue, 18 Jul 2023)
Changed paths:
M linux-user/syscall.c
Log Message:
-----------
linux-user: Fix signed math overflow in brk() syscall
Fix the math overflow when calculating the new_malloc_size.
new_host_brk_page and brk_page are unsigned integers. If userspace
reduces the heap, new_host_brk_page is lower than brk_page which results
in a huge positive number (but should actually be negative).
Fix it by adding a proper check and as such make the code more readable.
Signed-off-by: Helge Deller <deller@gmx.de>
Tested-by: "Markus F.X.J. Oberhumer" <markus@oberhumer.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Fixes: 86f04735ac ("linux-user: Fix brk() to release pages")
Cc: qemu-stable@nongnu.org
Buglink: https://github.com/upx/upx/issues/683
Commit: d971040c2d16b7fda9fcd52c993262b437501538
https://github.com/qemu/qemu/commit/d971040c2d16b7fda9fcd52c993262b437501538
Author: Helge Deller <deller@gmx.de>
Date: 2023-07-18 (Tue, 18 Jul 2023)
Changed paths:
M linux-user/strace.c
Log Message:
-----------
linux-user: Fix strace output for old_mmap
The old_mmap syscall (e.g. on i386) hands over the parameters in
a struct. Adjust the strace output to print the correct values.
Signed-off-by: Helge Deller <deller@gmx.de>
Reported-by: John Reiser <jreiser@BitWagon.com>
Closes: https://gitlab.com/qemu-project/qemu/-/issues/1760
Commit: 518f32221af759a29500ac172c4c857bef142067
https://github.com/qemu/qemu/commit/518f32221af759a29500ac172c4c857bef142067
Author: Helge Deller <deller@gmx.de>
Date: 2023-07-18 (Tue, 18 Jul 2023)
Changed paths:
M linux-user/elfload.c
Log Message:
-----------
linux-user: Fix qemu-arm to run static armhf binaries
qemu-user crashes immediately when running static binaries on the armhf
architecture. The problem is the memory layout where the executable is
loaded before the interpreter library, in which case the reserved brk
region clashes with the interpreter code and is released before qemu
tries to start the program.
At load time qemu calculates a brk value for interpreter and executable
each. The fix is to choose the higher one of both.
Signed-off-by: Helge Deller <deller@gmx.de>
Cc: Andreas Schwab <schwab@suse.de>
Cc: qemu-stable@nongnu.org
Reported-by: Venkata.Pyla@toshiba-tsip.com
Closes: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040981
Commit: 2c27fdc7a626408ee2cf30d791aa0b63027c7404
https://github.com/qemu/qemu/commit/2c27fdc7a626408ee2cf30d791aa0b63027c7404
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2023-07-19 (Wed, 19 Jul 2023)
Changed paths:
M VERSION
Log Message:
-----------
Update version for v8.1.0-rc0 release
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit: 03b67621445d601c9cdc7dfe25812e9f19b81488
https://github.com/qemu/qemu/commit/03b67621445d601c9cdc7dfe25812e9f19b81488
Author: Denis V. Lunev <den@openvz.org>
Date: 2023-07-19 (Wed, 19 Jul 2023)
Changed paths:
M qemu-nbd.c
Log Message:
-----------
qemu-nbd: pass structure into nbd_client_thread instead of plain char*
We are going to pass additional flag inside next patch.
Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Eric Blake <eblake@redhat.com>
CC: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
CC: <qemu-stable@nongnu.org>
Message-ID: <20230717145544.194786-2-den@openvz.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
Commit: 5c56dd27a2c905c9cf2472d2fd057621ce5fd00d
https://github.com/qemu/qemu/commit/5c56dd27a2c905c9cf2472d2fd057621ce5fd00d
Author: Denis V. Lunev <den@openvz.org>
Date: 2023-07-19 (Wed, 19 Jul 2023)
Changed paths:
M qemu-nbd.c
Log Message:
-----------
qemu-nbd: fix regression with qemu-nbd --fork run over ssh
Commit e6df58a5578fee7a50bbf36f4a50a2781cff855d
Author: Hanna Reitz <hreitz@redhat.com>
Date: Wed May 8 23:18:18 2019 +0200
qemu-nbd: Do not close stderr
has introduced an interesting regression. Original behavior of
ssh somehost qemu-nbd /home/den/tmp/file -f raw --fork
was the following:
* qemu-nbd was started as a daemon
* the command execution is done and ssh exited with success
The patch has changed this behavior and 'ssh' command now hangs forever.
According to the normal specification of the daemon() call, we should
endup with STDERR pointing to /dev/null. That should be done at the
very end of the successful startup sequence when the pipe to the
bootstrap process (used for diagnostics) is no longer needed.
This could be achived in the same way as done for 'qemu-nbd -c' case.
That was commit 0eaf453e, also fixing up e6df58a5. STDOUT copying to
STDERR does the trick.
This also leads to proper 'ssh' connection closing which fixes my
original problem.
Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Eric Blake <eblake@redhat.com>
CC: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
CC: Hanna Reitz <hreitz@redhat.com>
CC: <qemu-stable@nongnu.org>
Message-ID: <20230717145544.194786-3-den@openvz.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
Commit: 1dc8215118ca5b99669c3bf27082a365aef16ea6
https://github.com/qemu/qemu/commit/1dc8215118ca5b99669c3bf27082a365aef16ea6
Author: Denis V. Lunev <den@openvz.org>
Date: 2023-07-19 (Wed, 19 Jul 2023)
Changed paths:
M qemu-nbd.c
Log Message:
-----------
qemu-nbd: properly report error if qemu_daemon() is failed
errno has been overwritten by dup2() just below qemu_daemon() and thus
improperly returned to the caller. Fix accordingly.
Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Eric Blake <eblake@redhat.com>
CC: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Message-ID: <20230717145544.194786-5-den@openvz.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
[eblake: reorder patch series]
Signed-off-by: Eric Blake <eblake@redhat.com>
Commit: e0892ced0534b1009d009e32c3e338456018ab15
https://github.com/qemu/qemu/commit/e0892ced0534b1009d009e32c3e338456018ab15
Author: Denis V. Lunev <den@openvz.org>
Date: 2023-07-19 (Wed, 19 Jul 2023)
Changed paths:
M qemu-nbd.c
Log Message:
-----------
qemu-nbd: properly report error on error in dup2() after qemu_daemon()
We are trying to temporarily redirect stderr of daemonized process to
a pipe to report a error and get failed. In that case we could not
use error_report() helper, but should write the message directly into
the problematic pipe.
Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Eric Blake <eblake@redhat.com>
CC: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Message-ID: <20230717145544.194786-4-den@openvz.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
[eblake: rearrange patch series, fix typo]
Signed-off-by: Eric Blake <eblake@redhat.com>
Commit: 173776f74d072f375b3815a4beaa6ddc7bf26cab
https://github.com/qemu/qemu/commit/173776f74d072f375b3815a4beaa6ddc7bf26cab
Author: Denis V. Lunev <den@openvz.org>
Date: 2023-07-19 (Wed, 19 Jul 2023)
Changed paths:
M qemu-nbd.c
Log Message:
-----------
qemu-nbd: handle dup2() error when qemu-nbd finished setup process
Fail on error, we are in trouble.
Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Eric Blake <eblake@redhat.com>
CC: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Message-ID: <20230717145544.194786-6-den@openvz.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
[eblake: avoid intermediate variable]
Signed-off-by: Eric Blake <eblake@redhat.com>
Commit: 414c0cf0e88b8cba1d4f5a6bc32f9796a66b5c26
https://github.com/qemu/qemu/commit/414c0cf0e88b8cba1d4f5a6bc32f9796a66b5c26
Author: Denis V. Lunev <den@openvz.org>
Date: 2023-07-19 (Wed, 19 Jul 2023)
Changed paths:
M qemu-nbd.c
Log Message:
-----------
qemu-nbd: make verbose bool and local variable in main()
Pass 'verbose' to nbd_client_thread() inside NbdClientOpts which looks
a little bit cleaner and make it bool as it is used as bool actually.
Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Eric Blake <eblake@redhat.com>
CC: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Message-ID: <20230717202520.236999-1-den@openvz.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
Commit: f47b6eab8372fef45cdc711c5a904df82de3aecf
https://github.com/qemu/qemu/commit/f47b6eab8372fef45cdc711c5a904df82de3aecf
Author: Eric Blake <eblake@redhat.com>
Date: 2023-07-19 (Wed, 19 Jul 2023)
Changed paths:
M nbd/client.c
Log Message:
-----------
nbd/client: Use smarter assert
Assigning strlen() to a uint32_t and then asserting that it isn't too
large doesn't catch the case of an input string 4G in length.
Thankfully, the incoming strings can never be that large: if the
export name or query is reflecting a string the client got from the
server, we already guarantee that we dropped the NBD connection if the
server sent more than 32M in a single reply to our NBD_OPT_* request;
if the export name is coming from qemu, nbd_receive_negotiate()
asserted that strlen(info->name) <= NBD_MAX_STRING_SIZE; and
similarly, a query string via x->dirty_bitmap coming from the user was
bounds-checked in either qemu-nbd or by the limitations of QMP.
Still, it doesn't hurt to be more explicit in how we write our
assertions to not have to analyze whether inadvertent wraparound is
possible.
Fixes: 93676c88 ("nbd: Don't send oversize strings", v4.2.0)
Reported-by: Dr. David Alan Gilbert <dave@treblig.org>
Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Message-ID: <20230608135653.2918540-2-eblake@redhat.com>
Commit: 8d2931dc85695e39be9db1d1cc55e0c3ca46fbe9
https://github.com/qemu/qemu/commit/8d2931dc85695e39be9db1d1cc55e0c3ca46fbe9
Author: Eric Blake <eblake@redhat.com>
Date: 2023-07-19 (Wed, 19 Jul 2023)
Changed paths:
M include/block/nbd.h
Log Message:
-----------
nbd: Consistent typedef usage in header
We had a mix of struct declarations followed by typedefs, and direct
struct definitions as part of a typedef. Pick a single style. Also
float forward declarations of opaque types to the top of the file,
rather than interspersed with function declarations, which will help a
future patch that wants to expose yet another opaque type that will be
referenced in NBDRequest. No semantic impact.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-ID: <20230608135653.2918540-3-eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
[eblake: alter patch per mailing list feedback]
Signed-off-by: Eric Blake <eblake@redhat.com>
Commit: a7c8ed36bf9d3b7f75faefb5bb01535eb818e260
https://github.com/qemu/qemu/commit/a7c8ed36bf9d3b7f75faefb5bb01535eb818e260
Author: Eric Blake <eblake@redhat.com>
Date: 2023-07-19 (Wed, 19 Jul 2023)
Changed paths:
M include/block/nbd.h
M nbd/server.c
M nbd/trace-events
Log Message:
-----------
nbd/server: Prepare for alternate-size headers
Upstream NBD now documents[1] an extension that supports 64-bit effect
lengths in requests. As part of that extension, the size of the reply
headers will change in order to permit a 64-bit length in the reply
for symmetry[2]. Additionally, where the reply header is currently 16
bytes for simple reply, and 20 bytes for structured reply; with the
extension enabled, there will only be one extended reply header, of 32
bytes, with both structured and extended modes sending identical
payloads for chunked replies.
Since we are already wired up to use iovecs, it is easiest to allow
for this change in header size by splitting each structured reply
across multiple iovecs, one for the header (which will become wider in
a future patch according to client negotiation), and the other(s) for
the chunk payload, and removing the header from the payload struct
definitions. Rename the affected functions with s/structured/chunk/
to make it obvious that the code will be reused in extended mode.
Interestingly, the client side code never utilized the packed types,
so only the server code needs to be updated.
[1]
https://github.com/NetworkBlockDevice/nbd/blob/extension-ext-header/doc/proto.md
as of NBD commit e6f3b94a934
[2] Note that on the surface, this is because some future server might
permit a 4G+ NBD_CMD_READ and need to reply with that much data in one
transaction. But even though the extended reply length is widened to
64 bits, for now the NBD spec is clear that servers will not reply
with more than a maximum payload bounded by the 32-bit
NBD_INFO_BLOCK_SIZE field; allowing a client and server to mutually
agree to transactions larger than 4G would require yet another
extension.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-ID: <20230608135653.2918540-4-eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Commit: 66d4f4fe2f1c282a34a429f61aa4283e60336500
https://github.com/qemu/qemu/commit/66d4f4fe2f1c282a34a429f61aa4283e60336500
Author: Eric Blake <eblake@redhat.com>
Date: 2023-07-19 (Wed, 19 Jul 2023)
Changed paths:
M nbd/server.c
Log Message:
-----------
nbd/server: Refactor to pass full request around
Part of NBD's 64-bit headers extension involves passing the client's
requested offset back as part of the reply header (one reason it
stated for this change: converting absolute offsets stored in
NBD_REPLY_TYPE_OFFSET_DATA to relative offsets within the buffer is
easier if the absolute offset of the buffer is also available). This
is a refactoring patch to pass the full request around the reply
stack, rather than just the handle, so that later patches can then
access request->from when extended headers are active. Meanwhile,
this patch enables us to now assert that simple replies are only
attempted when appropriate, and otherwise has no semantic change.
Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Message-ID: <20230608135653.2918540-5-eblake@redhat.com>
Commit: 22efd81104f07f7dbe571a923cc43ed625560551
https://github.com/qemu/qemu/commit/22efd81104f07f7dbe571a923cc43ed625560551
Author: Eric Blake <eblake@redhat.com>
Date: 2023-07-19 (Wed, 19 Jul 2023)
Changed paths:
M block/nbd.c
M include/block/nbd.h
M nbd/client.c
M nbd/server.c
M nbd/trace-events
Log Message:
-----------
nbd: s/handle/cookie/ to match NBD spec
Externally, libnbd exposed the 64-bit opaque marker for each client
NBD packet as the "cookie", because it was less confusing when
contrasted with 'struct nbd_handle *' holding all libnbd state. It
also avoids confusion between the noun 'handle' as a way to identify a
packet and the verb 'handle' for reacting to things like signals.
Upstream NBD changed their spec to favor the name "cookie" based on
libnbd's recommendations[1], so we can do likewise.
[1] https://github.com/NetworkBlockDevice/nbd/commit/ca4392eb2b
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-ID: <20230608135653.2918540-6-eblake@redhat.com>
[eblake: typo fix]
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Commit: 8cb98a725e7397c9de25ebd77c00b1d5f2d8351e
https://github.com/qemu/qemu/commit/8cb98a725e7397c9de25ebd77c00b1d5f2d8351e
Author: Eric Blake <eblake@redhat.com>
Date: 2023-07-19 (Wed, 19 Jul 2023)
Changed paths:
M block/nbd.c
Log Message:
-----------
nbd/client: Simplify cookie vs. index computation
Our code relies on a sentinel cookie value of zero for deciding when a
packet has been handled, as well as relying on array indices between 0
and MAX_NBD_REQUESTS-1 for dereferencing purposes. As long as we can
symmetrically convert between two forms, there is no reason to go with
the odd choice of using XOR with a random pointer, when we can instead
simplify the mappings with a mere offset of 1.
Using ((uint64_t)-1) as the sentinel instead of NULL such that the two
macros could be entirely eliminated might also be possible, but would
require a more careful audit to find places where we currently rely on
zero-initialization to be interpreted as the sentinel value, so I did
not pursue that course.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-ID: <20230608135653.2918540-7-eblake@redhat.com>
[eblake: enhance commit message]
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Commit: 70fa99f445a6fabe4b46f188cc665cd469cd8293
https://github.com/qemu/qemu/commit/70fa99f445a6fabe4b46f188cc665cd469cd8293
Author: Eric Blake <eblake@redhat.com>
Date: 2023-07-19 (Wed, 19 Jul 2023)
Changed paths:
M nbd/client.c
Log Message:
-----------
nbd/client: Add safety check on chunk payload length
Our existing use of structured replies either reads into a qiov capped
at 32M (NBD_CMD_READ) or caps allocation to 1000 bytes (see
NBD_MAX_MALLOC_PAYLOAD in block/nbd.c). But the existing length
checks are rather late; if we encounter a buggy (or malicious) server
that sends a super-large payload length, we should drop the connection
right then rather than assuming the layer on top will be careful.
This becomes more important when we permit 64-bit lengths which are
even more likely to have the potential for attempted denial of service
abuse.
Signed-off-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Message-ID: <20230608135653.2918540-8-eblake@redhat.com>
Commit: bfe04d0a7d5e8a4f4c9014ee7622af2056685974
https://github.com/qemu/qemu/commit/bfe04d0a7d5e8a4f4c9014ee7622af2056685974
Author: Eric Blake <eblake@redhat.com>
Date: 2023-07-19 (Wed, 19 Jul 2023)
Changed paths:
M include/block/nbd.h
M nbd/client.c
M nbd/common.c
Log Message:
-----------
nbd: Use enum for various negotiation modes
Deciphering the hard-coded list of integer return values from
nbd_start_negotiate() will only get more confusing when adding support
for 64-bit extended headers. Better is to name things in an enum.
Although the function in question is private to client.c, putting the
enum in a public header and including an enum-to-string conversion
will allow its use in more places in upcoming patches.
The enum is intentionally laid out so that operators like <= can be
used to group multiple modes with similar characteristics, and where
the least powerful mode has value 0, even though this patch does not
exploit that. No semantic change intended.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-ID: <20230608135653.2918540-9-eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Commit: 67d1f0a3908235b9a7ede51ef03d4d08b4ac46ff
https://github.com/qemu/qemu/commit/67d1f0a3908235b9a7ede51ef03d4d08b4ac46ff
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2023-07-20 (Thu, 20 Jul 2023)
Changed paths:
M linux-user/elfload.c
M linux-user/strace.c
M linux-user/syscall.c
Log Message:
-----------
Merge tag 'linux-user-brk-fixes-pull-request' of
https://github.com/hdeller/qemu-hppa into staging
linux-user: brk() syscall fixes and armhf static binary fix
Commit 86f04735ac ("linux-user: Fix brk() to release pages") introduced
the possibility for userspace applications to reduce memory footprint by
calling brk() with a lower address and as such free up memory, the same
way as the Linux kernel allows on physical machines.
This change introduced some failures for applications with errors like
- accesing bytes above the brk heap address on the same page,
- freeing memory below the initial brk address,
and introduced a behaviour which isn't done by the kernel (e.g. zeroing
memory above brk).
This patch series fixes those issues and has been tested with existing
programs (e.g. upx).
Additionally one patch fixes running static armhf executables (e.g. fstype)
which was broken since qemu-8.0.
Changes in v2:
- dropped patch to revert d28b3c90cfad ("linux-user: Make sure initial brk(0)
is page-aligned")
- rephrased some commit messages
- fixed Cc email addresses, added new ones
- added R-b tags
Helge
# -----BEGIN PGP SIGNATURE-----
#
# iHUEABYKAB0WIQS86RI+GtKfB8BJu973ErUQojoPXwUCZLgGswAKCRD3ErUQojoP
# XwkUAQCKb/lkI3IYxiqO48rVyHtLPtkXd+WttFpeZ076p73LTgD+IEpHZL4WV1Rw
# 4+eqW9vswjZwp1xm9bItLdnP2hkyUgI=
# =K3Va
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 19 Jul 2023 16:52:19 BST
# gpg: using EDDSA key BCE9123E1AD29F07C049BBDEF712B510A23A0F5F
# gpg: Good signature from "Helge Deller <deller@gmx.de>" [unknown]
# gpg: aka "Helge Deller <deller@kernel.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 4544 8228 2CD9 10DB EF3D 25F8 3E5F 3D04 A7A2 4603
# Subkey fingerprint: BCE9 123E 1AD2 9F07 C049 BBDE F712 B510 A23A 0F5F
* tag 'linux-user-brk-fixes-pull-request' of
https://github.com/hdeller/qemu-hppa:
linux-user: Fix qemu-arm to run static armhf binaries
linux-user: Fix strace output for old_mmap
linux-user: Fix signed math overflow in brk() syscall
linux-user: Prohibit brk() to to shrink below initial heap address
linux-user: Fix qemu brk() to not zero bytes on current page
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit: d1181d29370a4318a9f11ea92065bea6bb159f83
https://github.com/qemu/qemu/commit/d1181d29370a4318a9f11ea92065bea6bb159f83
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2023-07-20 (Thu, 20 Jul 2023)
Changed paths:
M block/nbd.c
M include/block/nbd.h
M nbd/client.c
M nbd/common.c
M nbd/server.c
M nbd/trace-events
M qemu-nbd.c
Log Message:
-----------
Merge tag 'pull-nbd-2023-07-19' of https://repo.or.cz/qemu/ericb into staging
NBD patches through 2023-07-19
- Denis V. Lunev: fix hang with 'ssh ... "qemu-nbd -c"'
- Eric Blake: preliminary work towards NBD 64-bit extensions
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCAAdFiEEccLMIrHEYCkn0vOqp6FrSiUnQ2oFAmS4RwcACgkQp6FrSiUn
# Q2pXfQf/clnttPdw9BW2cJltFRKeMeZrgn8mut0S7jhC0DWIy6zanzp07MylryHP
# EyJ++dCbLEg8mueThL/n5mKsTS/OECtfZO9Ot11WmZqDZVtLKorfmy7YVI3VwMjI
# yQqrUIwiYxzZOkPban/MXofY6vJmuia5aGkEmYUyKiHvsLF3Hk2gHPB/qa2S+U6I
# QDmC032/L+/LgVkK5r/1vamwJNP29QI4DNp3RiTtcMK5sEZJfMsAZSxFDDdH2pqi
# 5gyVqw0zNl3vz6znoVy0XZ/8OUVloPKHswyf7xLlBukY1GL5D+aiXz2ilwBvk9aM
# SoZzYvaOOBDyJhSjapOvseTqXTNeqQ==
# =TB9t
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 19 Jul 2023 21:26:47 BST
# gpg: using RSA key 71C2CC22B1C4602927D2F3AAA7A16B4A2527436A
# gpg: Good signature from "Eric Blake <eblake@redhat.com>" [full]
# gpg: aka "Eric Blake (Free Software Programmer)
<ebb9@byu.net>" [full]
# gpg: aka "[jpeg image of size 6874]" [full]
# Primary key fingerprint: 71C2 CC22 B1C4 6029 27D2 F3AA A7A1 6B4A 2527 436A
* tag 'pull-nbd-2023-07-19' of https://repo.or.cz/qemu/ericb:
nbd: Use enum for various negotiation modes
nbd/client: Add safety check on chunk payload length
nbd/client: Simplify cookie vs. index computation
nbd: s/handle/cookie/ to match NBD spec
nbd/server: Refactor to pass full request around
nbd/server: Prepare for alternate-size headers
nbd: Consistent typedef usage in header
nbd/client: Use smarter assert
qemu-nbd: make verbose bool and local variable in main()
qemu-nbd: handle dup2() error when qemu-nbd finished setup process
qemu-nbd: properly report error on error in dup2() after qemu_daemon()
qemu-nbd: properly report error if qemu_daemon() is failed
qemu-nbd: fix regression with qemu-nbd --fork run over ssh
qemu-nbd: pass structure into nbd_client_thread instead of plain char*
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Compare: https://github.com/qemu/qemu/compare/76e6a2ca9e3b...d1181d29370a
- [Qemu-commits] [qemu/qemu] 15ad98: linux-user: Fix qemu brk() to not zero bytes on cu...,
Peter Maydell <=