Hi, This is the third version of the linux-user/mmap bugfix patches:
* Let the native mmap choose addresses for unfixed mappings. * For file mappings, correct mapping of pages beyond EOF. * Adds a small testsuite for linux-user/mmap. Tested with test-mmap for CRIS, MIPS, ARM and i386, simulated on linux-i686 hosts. Felipe, I think the problems you are seeing are related to large mmaps failing. By letting the native mmap choose the addresses for unfixed mmaps, I hope your segfaults will go away. Thanks -- Edgar E. Iglesias Axis Communications AB diff --git a/configure b/configure index bbda3f7..3df08ab 100755 --- a/configure +++ b/configure @@ -1244,6 +1244,7 @@ if test "$source_path_used" = "yes" ; then DIRS="tests tests/cris slirp audio" FILES="Makefile tests/Makefile" FILES="$FILES tests/cris/Makefile tests/cris/.gdbinit" + FILES="$FILES tests/test-mmap.c" for dir in $DIRS ; do mkdir -p $dir done diff --git a/linux-user/mmap.c b/linux-user/mmap.c index 6292826..9d656ea 100644 --- a/linux-user/mmap.c +++ b/linux-user/mmap.c @@ -23,6 +23,8 @@ #include <string.h> #include <unistd.h> #include <errno.h> +#include <sys/types.h> +#include <sys/stat.h> #include <sys/mman.h> #include "qemu.h" @@ -151,53 +153,11 @@ static int mmap_frag(abi_ulong real_start, return 0; } -#if defined(__CYGWIN__) -/* Cygwin doesn't have a whole lot of address space. */ -static abi_ulong mmap_next_start = 0x18000000; -#else -static abi_ulong mmap_next_start = 0x40000000; -#endif - -/* find a free memory area of size 'size'. The search starts at - 'start'. If 'start' == 0, then a default start address is used. - Return -1 if error. -*/ -/* page_init() marks pages used by the host as reserved to be sure not - to use them. */ -static abi_ulong mmap_find_vma(abi_ulong start, abi_ulong size) -{ - abi_ulong addr, addr1, addr_start; - int prot; - - size = HOST_PAGE_ALIGN(size); - start = start & qemu_host_page_mask; - addr = start; - if (addr == 0) - addr = mmap_next_start; - addr_start = addr; - for(;;) { - prot = 0; - for(addr1 = addr; addr1 < (addr + size); addr1 += TARGET_PAGE_SIZE) { - prot |= page_get_flags(addr1); - } - if (prot == 0) - break; - addr += qemu_host_page_size; - /* we found nothing */ - if (addr == addr_start) - return (abi_ulong)-1; - } - if (start == 0) - mmap_next_start = addr + size; - return addr; -} - /* NOTE: all the constants are the HOST ones */ abi_long target_mmap(abi_ulong start, abi_ulong len, int prot, int flags, int fd, abi_ulong offset) { abi_ulong ret, end, real_start, real_end, retaddr, host_offset, host_len; - unsigned long host_start; #ifdef DEBUG_MMAP { @@ -234,38 +194,81 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int prot, len = TARGET_PAGE_ALIGN(len); if (len == 0) return start; - real_start = start & qemu_host_page_mask; + /* When mapping files into a memory area larger than the file, accesses + to pages beyond the file size will cause a SIGBUS. + + For example, if mmaping a file of 100 bytes on a host with 4K pages + emulating a target with 8K pages, the target expects to be able to + access the first 8K. But the host will trap us on any access beyond + 4K. + + When emulating a target with a larger page-size than the hosts, we + may need to truncate file maps at EOF and add extra anonymous pages + up to the targets page boundary. */ + + if (!(flags & MAP_ANONYMOUS)) { + struct stat sb; + + if (fstat (fd, &sb) == -1) + return -1; + + /* Are we trying to create a map beyond EOF?. */ + if (offset + len > sb.st_size) { + /* If so, truncate the file map at eof aligned with + the hosts real pagesize. Additional anonymous maps + will be created beyond EOF. */ + len = (sb.st_size - offset); + len += qemu_real_host_page_size - 1; + len &= ~(qemu_real_host_page_size - 1); + } + } + + real_start = start & qemu_host_page_mask; + end = start + len; + real_end = HOST_PAGE_ALIGN(end); + if (!(flags & MAP_FIXED)) { - abi_ulong mmap_start; - void *p; - host_offset = offset & qemu_host_page_mask; - host_len = len + offset - host_offset; - host_len = HOST_PAGE_ALIGN(host_len); - mmap_start = mmap_find_vma(real_start, host_len); - if (mmap_start == (abi_ulong)-1) { - errno = ENOMEM; - return -1; - } - /* Note: we prefer to control the mapping address. It is - especially important if qemu_host_page_size > - qemu_real_host_page_size */ - p = mmap(g2h(mmap_start), - host_len, prot, flags | MAP_FIXED, fd, host_offset); - if (p == MAP_FAILED) - return -1; - /* update start so that it points to the file position at 'offset' */ - host_start = (unsigned long)p; - if (!(flags & MAP_ANONYMOUS)) - host_start += offset - host_offset; - start = h2g(host_start); + void *p; + host_offset = offset & qemu_host_page_mask; + host_len = HOST_PAGE_ALIGN(len + offset - host_offset); + + /* We allocate an extra page, it's needed in case we get a memory + region that is not aligned to the targets page-size and needs to + be displaced. */ + p = mmap(0, host_len + qemu_host_page_size, + prot, flags | MAP_ANONYMOUS, -1, 0); + if (p == MAP_FAILED) + return -1; + + start = HOST_PAGE_ALIGN((abi_ulong) p); + real_end = (abi_ulong)p + host_len + qemu_host_page_size; + + /* Chop off unneeded memory edges. */ + if (start > (abi_ulong)p) { + munmap(p, start - (abi_ulong)p); + munmap((void*) (start + host_len), real_end - (start + host_len)); + } + else + munmap((void *) (start + host_len), qemu_host_page_size); + + /* If this was a file mapping, remap the same region with the fd. */ + if (!(flags & MAP_ANONYMOUS)) { + p = mmap((void *) start, len, prot, + flags | MAP_FIXED, fd, host_offset); + } + + /* In we failed to map in the file, unmap the region and get out. */ + if (p == MAP_FAILED) { + munmap((void *) start, len); + return -1; + } + start = h2g(start); } else { if (start & ~TARGET_PAGE_MASK) { errno = EINVAL; return -1; } - end = start + len; - real_end = HOST_PAGE_ALIGN(end); /* worst case: we cannot map the file because the offset is not aligned, so we read it */ @@ -337,7 +340,7 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int prot, page_set_flags(start, start + len, prot | PAGE_VALID); the_end: #ifdef DEBUG_MMAP - printf("ret=0x%llx\n", start); + printf("ret=0x" TARGET_FMT_lx "\n", start); page_dump(stdout); printf("\n"); #endif @@ -432,4 +435,3 @@ int target_msync(abi_ulong start, abi_ulong len, int flags) start &= qemu_host_page_mask; return msync(g2h(start), end - start, flags); } - diff --git a/tests/Makefile b/tests/Makefile index 1775be8..35bff3e 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -51,6 +51,15 @@ ifeq ($(ARCH),i386) @if diff -u test-i386.ref test-i386.out ; then echo "Auto Test OK (no code copy)"; fi endif +.PHONY: test-mmap +test-mmap: test-mmap.c + $(CC) $(CFLAGS) -Wall -static -O2 $(LDFLAGS) -o $@ $< + -./test-mmap + $(QEMU) ./test-mmap + $(QEMU) -p 8192 ./test-mmap 8192 + $(QEMU) -p 16384 ./test-mmap 16384 + $(QEMU) -p 32768 ./test-mmap 32768 + # generic Linux and CPU test linux-test: linux-test.c $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< -lm diff --git a/tests/test-mmap.c b/tests/test-mmap.c new file mode 100644 index 0000000..ce027e4 --- /dev/null +++ b/tests/test-mmap.c @@ -0,0 +1,449 @@ +/* + * Small test program to verify simulated mmap behaviour. + * + * When running qemu-linux-user with the -p flag, you may need to tell + * this test program about the pagesize because getpagesize() will not reflect + * the -p choice. Simply pass one argument beeing the pagesize. + */ +#include <stdio.h> +#include <stdlib.h> +#include <stdint.h> +#include <string.h> +#include <unistd.h> + +#include <sys/mman.h> + +#define D(x) + +#define fail_unless(x) \ +do \ +{ \ + if (!(x)) { \ + fprintf (stderr, "FAILED at %s:%d\n", __FILE__, __LINE__); \ + exit (EXIT_FAILURE); \ + } \ +} while (0); + +unsigned char *dummybuf; +static unsigned int pagesize; +static unsigned int pagemask; +int test_fd; +size_t test_fsize; + +void check_aligned_anonymous_unfixed_mmaps(void) +{ + void *p1; + void *p2; + void *p3; + void *p4; + void *p5; + uintptr_t p; + int i; + + fprintf (stderr, "%s\n", __func__); + for (i = 0; i < 0x1fff; i++) + { + size_t len; + + len = pagesize + (pagesize * i & 7); + p1 = mmap(NULL, len, PROT_READ, + MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); + p2 = mmap(NULL, len, PROT_READ, + MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); + p3 = mmap(NULL, len, PROT_READ, + MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); + p4 = mmap(NULL, len, PROT_READ, + MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); + p5 = mmap(NULL, len, PROT_READ, + MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); + + /* Make sure we get pages aligned with the pagesize. The + target expects this. */ + fail_unless (p1 != MAP_FAILED); + fail_unless (p2 != MAP_FAILED); + fail_unless (p3 != MAP_FAILED); + fail_unless (p4 != MAP_FAILED); + fail_unless (p5 != MAP_FAILED); + p = (uintptr_t) p1; + D(printf ("p=%x\n", p)); + fail_unless ((p & pagemask) == 0); + p = (uintptr_t) p2; + fail_unless ((p & pagemask) == 0); + p = (uintptr_t) p3; + fail_unless ((p & pagemask) == 0); + p = (uintptr_t) p4; + fail_unless ((p & pagemask) == 0); + p = (uintptr_t) p5; + fail_unless ((p & pagemask) == 0); + + /* Make sure we can read from the entire area. */ + memcpy (dummybuf, p1, pagesize); + memcpy (dummybuf, p2, pagesize); + memcpy (dummybuf, p3, pagesize); + memcpy (dummybuf, p4, pagesize); + memcpy (dummybuf, p5, pagesize); + + munmap (p1, len); + munmap (p2, len); + munmap (p3, len); + munmap (p4, len); + munmap (p5, len); + } +} + +void check_large_anonymous_unfixed_mmap(void) +{ + void *p1; + uintptr_t p; + size_t len; + + fprintf (stderr, "%s\n", __func__); + + len = 0x02000000; + p1 = mmap(NULL, len, PROT_READ, + MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); + + /* Make sure we get pages aligned with the pagesize. The + target expects this. */ + fail_unless (p1 != MAP_FAILED); + p = (uintptr_t) p1; + fail_unless ((p & pagemask) == 0); + + /* Make sure we can read from the entire area. */ + memcpy (dummybuf, p1, pagesize); + munmap (p1, len); +} + +void check_aligned_anonymous_unfixed_colliding_mmaps(void) +{ + char *p1; + char *p2; + char *p3; + uintptr_t p; + int i; + + fprintf (stderr, "%s\n", __func__); + for (i = 0; i < 0x2fff; i++) + { + int nlen; + p1 = mmap(NULL, pagesize, PROT_READ, + MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); + fail_unless (p1 != MAP_FAILED); + p = (uintptr_t) p1; + fail_unless ((p & pagemask) == 0); + memcpy (dummybuf, p1, pagesize); + + p2 = mmap(NULL, pagesize, PROT_READ, + MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); + fail_unless (p2 != MAP_FAILED); + p = (uintptr_t) p2; + fail_unless ((p & pagemask) == 0); + memcpy (dummybuf, p2, pagesize); + + + munmap (p1, pagesize); + nlen = pagesize * 8; + p3 = mmap(NULL, nlen, PROT_READ, + MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); + + /* Check if the mmaped areas collide. */ + if (p3 < p2 + && (p3 + nlen) > p2) + fail_unless (0); + + memcpy (dummybuf, p3, pagesize); + + /* Make sure we get pages aligned with the pagesize. The + target expects this. */ + fail_unless (p3 != MAP_FAILED); + p = (uintptr_t) p3; + fail_unless ((p & pagemask) == 0); + munmap (p2, pagesize); + munmap (p3, nlen); + } +} + +void check_aligned_anonymous_fixed_mmaps(void) +{ + char *addr; + void *p1; + uintptr_t p; + int i; + + /* Find a suitable address to start with. */ + addr = mmap(NULL, pagesize * 40, PROT_READ | PROT_WRITE, + MAP_PRIVATE | MAP_ANONYMOUS, + -1, 0); + fprintf (stderr, "%s addr=%p\n", __func__, addr); + fail_unless (addr != MAP_FAILED); + + for (i = 0; i < 40; i++) + { + /* Create submaps within our unfixed map. */ + p1 = mmap(addr, pagesize, PROT_READ, + MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED, + -1, 0); + /* Make sure we get pages aligned with the pagesize. + The target expects this. */ + p = (uintptr_t) p1; + fail_unless (p1 == addr); + fail_unless ((p & pagemask) == 0); + memcpy (dummybuf, p1, pagesize); + munmap (p1, pagesize); + addr += pagesize; + } +} + +void check_aligned_anonymous_fixed_mmaps_collide_with_host(void) +{ + char *addr; + void *p1; + uintptr_t p; + int i; + + /* Find a suitable address to start with. Right were the x86 hosts + stack is. */ + addr = ((void *)0xbfffb000) - pagesize * 2; + + for (i = 0; i < 2; i++) + { + /* Create submaps within our unfixed map. */ + p1 = mmap(addr, pagesize, PROT_READ, + MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED, + -1, 0); + /* Make sure we get pages aligned with the pagesize. + The target expects this. */ + p = (uintptr_t) p1; + fail_unless (p1 == addr); + fail_unless ((p & pagemask) == 0); + memcpy (p1, dummybuf, pagesize); + munmap (p1, pagesize); + addr += pagesize; + } +} + +void check_file_unfixed_mmaps(void) +{ + unsigned int *p1, *p2, *p3; + uintptr_t p; + int i; + + fprintf (stderr, "%s\n", __func__); + for (i = 0; i < 0x10; i++) + { + size_t len; + + len = pagesize; + p1 = mmap(NULL, len, PROT_READ, + MAP_PRIVATE, + test_fd, 0); + p2 = mmap(NULL, len, PROT_READ, + MAP_PRIVATE, + test_fd, pagesize); + p3 = mmap(NULL, len, PROT_READ, + MAP_PRIVATE, + test_fd, pagesize * 2); + + fail_unless (p1 != MAP_FAILED); + fail_unless (p2 != MAP_FAILED); + fail_unless (p3 != MAP_FAILED); + + /* Make sure we get pages aligned with the pagesize. The + target expects this. */ + p = (uintptr_t) p1; + fail_unless ((p & pagemask) == 0); + p = (uintptr_t) p2; + fail_unless ((p & pagemask) == 0); + p = (uintptr_t) p3; + fail_unless ((p & pagemask) == 0); + + /* Verify that the file maps was made correctly. */ + D(printf ("p1=%d p2=%d p3=%d\n", *p1, *p2, *p3)); + fail_unless (*p1 == 0); + fail_unless (*p2 == (pagesize / sizeof *p2)); + fail_unless (*p3 == ((pagesize * 2) / sizeof *p3)); + + memcpy (dummybuf, p1, pagesize); + memcpy (dummybuf, p2, pagesize); + memcpy (dummybuf, p3, pagesize); + munmap (p1, len); + munmap (p2, len); + munmap (p3, len); + } +} + +void check_file_unfixed_eof_mmaps(void) +{ + char *cp; + unsigned int *p1; + uintptr_t p; + int i; + + fprintf (stderr, "%s\n", __func__); + for (i = 0; i < 0x10; i++) + { + p1 = mmap(NULL, pagesize, PROT_READ, + MAP_PRIVATE, + test_fd, + (test_fsize - sizeof *p1) & ~pagemask); + + fail_unless (p1 != MAP_FAILED); + + /* Make sure we get pages aligned with the pagesize. The + target expects this. */ + p = (uintptr_t) p1; + fail_unless ((p & pagemask) == 0); + /* Verify that the file maps was made correctly. */ + fail_unless (p1[(test_fsize & pagemask) / sizeof *p1 - 1] + == ((test_fsize - sizeof *p1) / sizeof *p1)); + + /* Verify that the end of page is accessable and zeroed. */ + cp = (void *) p1; + fail_unless (cp[pagesize - 4] == 0); + munmap (p1, pagesize); + } +} + +void check_file_fixed_eof_mmaps(void) +{ + char *addr; + char *cp; + unsigned int *p1; + uintptr_t p; + int i; + + /* Find a suitable address to start with. */ + addr = mmap(NULL, pagesize * 44, PROT_READ, + MAP_PRIVATE | MAP_ANONYMOUS, + -1, 0); + + fprintf (stderr, "%s addr=%p\n", __func__, (void *)addr); + fail_unless (addr != MAP_FAILED); + + for (i = 0; i < 0x10; i++) + { + /* Create submaps within our unfixed map. */ + p1 = mmap(addr, pagesize, PROT_READ, + MAP_PRIVATE | MAP_FIXED, + test_fd, + (test_fsize - sizeof *p1) & ~pagemask); + + fail_unless (p1 != MAP_FAILED); + + /* Make sure we get pages aligned with the pagesize. The + target expects this. */ + p = (uintptr_t) p1; + fail_unless ((p & pagemask) == 0); + + /* Verify that the file maps was made correctly. */ + fail_unless (p1[(test_fsize & pagemask) / sizeof *p1 - 1] + == ((test_fsize - sizeof *p1) / sizeof *p1)); + + /* Verify that the end of page is accessable and zeroed. */ + cp = (void *)p1; + fail_unless (cp[pagesize - 4] == 0); + munmap (p1, pagesize); + addr += pagesize; + } +} + +void check_file_fixed_mmaps(void) +{ + unsigned int *addr; + unsigned int *p1, *p2, *p3, *p4; + int i; + + /* Find a suitable address to start with. */ + addr = mmap(NULL, pagesize * 44 * 3, PROT_READ, + MAP_PRIVATE | MAP_ANONYMOUS, + -1, 0); + printf ("%s addr=%p\n", __func__, (void *)addr); + fail_unless (addr != MAP_FAILED); + + for (i = 0; i < 40; i++) + { + p1 = mmap(addr, pagesize, PROT_READ, + MAP_PRIVATE | MAP_FIXED, + test_fd, 0); + p2 = mmap(addr + pagesize, pagesize, PROT_READ, + MAP_PRIVATE | MAP_FIXED, + test_fd, pagesize); + p3 = mmap(addr + pagesize * 2, pagesize, PROT_READ, + MAP_PRIVATE | MAP_FIXED, + test_fd, pagesize * 2); + p4 = mmap(addr + pagesize * 3, pagesize, PROT_READ, + MAP_PRIVATE | MAP_FIXED, + test_fd, pagesize * 3); + + /* Make sure we get pages aligned with the pagesize. + The target expects this. */ + fail_unless (p1 == addr); + fail_unless (p2 == addr + pagesize); + fail_unless (p3 == addr + pagesize * 2); + fail_unless (p4 == addr + pagesize * 3); + + /* Verify that the file maps was made correctly. */ + fail_unless (*p1 == 0); + fail_unless (*p2 == (pagesize / sizeof *p2)); + fail_unless (*p3 == ((pagesize * 2) / sizeof *p3)); + fail_unless (*p4 == ((pagesize * 3) / sizeof *p4)); + + memcpy (dummybuf, p1, pagesize); + memcpy (dummybuf, p2, pagesize); + memcpy (dummybuf, p3, pagesize); + memcpy (dummybuf, p4, pagesize); + + munmap (p1, pagesize); + munmap (p2, pagesize); + munmap (p3, pagesize); + munmap (p4, pagesize); + addr += pagesize * 3; + } +} + +int main(int argc, char **argv) +{ + char tempname[] = "/tmp/.cmmapXXXXXX"; + unsigned int i; + + /* Trust the first argument, otherwise probe the system for our + pagesize. */ + if (argc > 1) + pagesize = strtoul(argv[1], NULL, 0); + else + pagesize = sysconf(_SC_PAGESIZE); + + /* Assume pagesize is a power of two. */ + pagemask = pagesize - 1; + dummybuf = malloc (pagesize); + printf ("pagesize=%u pagemask=%x\n", pagesize, pagemask); + + test_fd = mkstemp(tempname); + unlink(tempname); + + /* Fill the file with int's counting from zero and up. */ + for (i = 0; i < (pagesize * 4) / sizeof i; i++) + write (test_fd, &i, sizeof i); + /* Append a few extra writes to make the file end at non + page boundary. */ + write (test_fd, &i, sizeof i); i++; + write (test_fd, &i, sizeof i); i++; + write (test_fd, &i, sizeof i); i++; + + test_fsize = lseek(test_fd, 0, SEEK_CUR); + printf ("fsize=%d\n",test_fsize); + + /* Run the tests. */ + check_aligned_anonymous_unfixed_mmaps(); + check_aligned_anonymous_unfixed_colliding_mmaps(); + check_aligned_anonymous_fixed_mmaps(); + check_file_unfixed_mmaps(); + check_file_fixed_mmaps(); + check_file_fixed_eof_mmaps(); + check_file_unfixed_eof_mmaps(); + + /* Fails at the moment. */ + /* check_aligned_anonymous_fixed_mmaps_collide_with_host(); */ + + return EXIT_SUCCESS; +}