[Bug 1894071] Re: qemu-i386-static ioctl return -14 (Bad Address)

Fri, 04 Sep 2020 02:52:18 -0700 

Hi,I found some problems, but I don't know if how to solve it better(I'm
not really familiar with the source code).

When I use ioctl() and use a structure like this:

struct drm_mode_card_res {
        __u64 fb_id_ptr;
        __u64 crtc_id_ptr;
        __u64 connector_id_ptr;
        __u64 encoder_id_ptr;
        __u32 count_fbs;
        ....
};
And in syscall_types.h
STRUCT(drm_mode_card_res,
        TYPE_PTRVOID,
        TYPE_PTRVOID,
        TYPE_PTRVOID,
        TYPE_PTRVOID,
        TYPE_INT,
        ...
        )
Some code:
        ...
        if (res.count_fbs) {
                res.fb_id_ptr = 
VOID2U64(drmMalloc(res.count_fbs*sizeof(uint32_t)));
                if (!res.fb_id_ptr)
                        goto err_allocs;
        }
        ...

This is strace:
openat(AT_FDCWD,"/dev/dri/card0",O_RDWR|O_LARGEFILE|O_CLOEXEC) = 4
9469 ioctl(4,DRM_IOCTL_GET_CAP,{1,0}) = 0 ({1,1})
9469 ioctl(4,DRM_IOCTL_MODE_GETRESOURCES,{0x0,0x0,0x0,0x0,0,0,0,0,0,0,0,0}) = 0 
({0x0,0x0,0x0,0x0,0,2,2,2,0,16384,0,16384})
9469 brk(NULL) = 0x40006000
9469 brk(0x40027000) = 0x40027000
9469 brk(0x40028000) = 0x40028000
9469 
ioctl(4,DRM_IOCTL_MODE_GETRESOURCES,{0x0,0x0,0x400061a0,0x0,0,2,1073832368,0,0,16384,0,16384})
 = -1 errno=14 (Bad address)
9469 brk(0x40027000) = 0x40027000

Look
9469 
ioctl(4,DRM_IOCTL_MODE_GETRESOURCES,{0x0,0x0,0x400061a0,0x0,0,2,1073832368,0,0,16384,0,16384})
 = -1 errno=14 (Bad address)

Why does memory overrun occur here???
I think this is right:
{0x0,0x400061a0,1073832368(0x400061a0),0x400061c0,0,2,2,2,0,16384,0,16384}

Who can help me? Thank you!

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1894071

Title:
  qemu-i386-static ioctl return -14 (Bad Address)

Status in QEMU:
  New

Bug description:
  I use qemu-i386-static on 64 bit ARM.But I don't know how to solve some 
problems.
  First I added some ioctl operations.
  Then I tried to do some DRM operations like test.c.
  This is successful when I use qemu-x86_64-static,but it failed when I use 
qemu-i386-static.
  I can get some strace info like this:

  403 openat(AT_FDCWD,"/dev/dri/card0",O_RDWR|O_LARGEFILE|O_CLOEXEC) = 4
  403 ioctl(4,DRM_IOCTL_GET_CAP,{1,0}) = 0 ({1,1})
  403 ioctl(4,DRM_IOCTL_MODE_GETRESOURCES,{0,0,0,0,0,0,0,0,0,0,0,0}) = 0 
({0,0,0,0,0,2,2,2,0,16384,0,16384})
  403 brk(NULL) = 0x40006000
  403 brk(0x40027000) = 0x40027000
  403 brk(0x40028000) = 0x40028000
  403 
ioctl(4,DRM_IOCTL_MODE_GETRESOURCES,{0,1073766816,1073766832,1073766848,0,2,2,2,0,16384,0,16384})
 = -1 errno=14 (Bad address)

  And there are similar errors in other self driven operations.
  I want to know if it is QEMU's problem, so I hope to get some help. 
  Thank you!

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1894071/+subscriptions

Reply via email to