[Qemu-devel] [Bug 656285] Re: arm-semi mishandling SYS_HEAPINFO

Fri, 12 Aug 2011 11:02:00 -0700 

QEMU 0.15.0 has been released with a fix for this bug.


** Changed in: qemu
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/656285

Title:
  arm-semi mishandling SYS_HEAPINFO

Status in QEMU:
  Fix Released

Bug description:
  I am running qemu-arm on a 32-bit fedora-7 i386 machine:

  $ /home/bri0633/users/clarkes/qemu/build/arm-linux-user/qemu-arm --version
  qemu-arm version 0.12.3, Copyright (c) 2003-2008 Fabrice Bellard

  When I try to run an arm semi-hosted executable, I sometimes get
  unexpected segv and sometimes not, depending on the executable.  The
  symptom is:

  $ /home/bri0633/users/clarkes/qemu/build/arm-linux-user/qemu-arm -cpu 
cortex-a9 -- a.out
  qemu: uncaught target signal 11 (Segmentation fault) - core dumped
  Segmentation fault

  
  It appear to be because of the handling of the SYS_HEAPINFO syscall in 
arm-semi.c.  There it tries to allocate 128M for the heap by calling do_brk() 
which calls target_mmap().  This is the DEBUG_MMAP diagnostic:

  mmap: start=0x00009000 len=0x08001000 prot=rw- flags=MAP_FIXED
  MAP_ANON MAP_PRIVATE fd=0 offset=00000000

  but this mmap is failing because there are shared libraries (and the
  gate page) mapped there:

  $ ldd /home/bri0633/users/clarkes/qemu/build/arm-linux-user/qemu-arm
          linux-gate.so.1 =>  (0x00880000)
          librt.so.1 => /lib/librt.so.1 (0x03409000)
          libpthread.so.0 => /lib/libpthread.so.0 (0x00d7d000)
          libm.so.6 => /lib/libm.so.6 (0x00d4b000)
          libc.so.6 => /lib/libc.so.6 (0x00bf5000)
          /lib/ld-linux.so.2 (0x00bd6000)

  However, it seems that the code in arm-semi.c does not interpret the result 
of do_brk() correctly, and thinks that the mapping succeeded.
  The following patch appears to fix the problem:

  $ diff -u arm-semi.c.orig arm-semi.c
  --- arm-semi.c.orig     2010-09-21 13:19:15.000000000 +0100
  +++ arm-semi.c  2010-10-07 13:23:13.000000000 +0100
  @@ -475,7 +475,7 @@
                   /* Try a big heap, and reduce the size if that fails.  */
                   for (;;) {
                       ret = do_brk(limit);
  -                    if (ret != -1)
  +                    if (ret == limit)
                           break;
                       limit = (ts->heap_base >> 1) + (limit >> 1);
                   }

  Do you think this is a genuine bug?
  Steve.

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/656285/+subscriptions

Reply via email to