[Qemu-commits] [qemu/qemu] 08f3a9: linux-user: Fix executable page of /p

qemu-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-commits] [qemu/qemu] 08f3a9: linux-user: Fix executable page of /p

From:	Peter Maydell
Subject:	[Qemu-commits] [qemu/qemu] 08f3a9: linux-user: Fix executable page of /proc/self/maps
Date:	Sun, 14 Mar 2021 10:53:24 -0700

  Branch: refs/heads/staging
  Home:   https://github.com/qemu/qemu
  Commit: 08f3a96b33e7eef39b651af9edb5e6de8ff13371
      
https://github.com/qemu/qemu/commit/08f3a96b33e7eef39b651af9edb5e6de8ff13371
  Author: Nicolas Surbayrole <nsurbayrole@quarkslab.com>
  Date:   2021-03-13 (Sat, 13 Mar 2021)

  Changed paths:
    M linux-user/syscall.c

  Log Message:
  -----------
  linux-user: Fix executable page of /proc/self/maps

The guest binary and libraries are not always map with the
executable bit in the host process. The guest may read a
/proc/self/maps with no executable address range. The
perm fields should be based on the guest permission inside
Qemu.

Signed-off-by: Nicolas Surbayrole <nsurbayrole@quarkslab.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Acked-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20210308091959.986540-1-nsurbayrole@quarkslab.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>


  Commit: 6e1c0d7b951e19c53b8467e8bc4b71ee73a394ea
      
https://github.com/qemu/qemu/commit/6e1c0d7b951e19c53b8467e8bc4b71ee73a394ea
  Author: Laurent Vivier <laurent@vivier.eu>
  Date:   2021-03-13 (Sat, 13 Mar 2021)

  Changed paths:
    M linux-user/main.c
    M scripts/qemu-binfmt-conf.sh

  Log Message:
  -----------
  linux-user: manage binfmt-misc preserve-arg[0] flag

Add --preserve-argv0 in qemu-binfmt-conf.sh to configure the preserve-argv0
flag.

This patch allows to use new flag in AT_FLAGS to detect if
preserve-argv0 is configured for this interpreter:
argv[0] (the full pathname provided by binfmt-misc) is removed and
replaced by argv[1] (the original argv[0] provided by binfmt-misc when
'P'/preserve-arg[0] is set)

For instance with this patch and kernel support for AT_FLAGS:

  $ sudo chroot m68k-chroot sh -c 'echo $0'
  sh

without this patch:

  $ sudo chroot m68k-chroot sh -c 'echo $0'
  /usr/bin/sh

The new flag is available in kernel (v5.12) since:
2347961b11d4 ("binfmt_misc: pass binfmt_misc flags to the interpreter")

This can be tested with something like:

  # cp ..../qemu-ppc /chroot/powerpc/jessie

  # qemu-binfmt-conf.sh --qemu-path / --systemd ppc --credential yes \
                        --persistent no --preserve-argv0 yes
  # systemctl restart systemd-binfmt.service
  # cat /proc/sys/fs/binfmt_misc/qemu-ppc
  enabled
  interpreter //qemu-ppc
  flags: POC
  offset 0
  magic 7f454c4601020100000000000000000000020014
  mask ffffffffffffff00fffffffffffffffffffeffff
  # chroot /chroot/powerpc/jessie  sh -c 'echo $0'
  sh

  # qemu-binfmt-conf.sh --qemu-path / --systemd ppc --credential yes \
                        --persistent no --preserve-argv0 no
  # systemctl restart systemd-binfmt.service
  # cat /proc/sys/fs/binfmt_misc/qemu-ppc
  enabled
  interpreter //qemu-ppc
  flags: OC
  offset 0
  magic 7f454c4601020100000000000000000000020014
  mask ffffffffffffff00fffffffffffffffffffeffff
  # chroot /chroot/powerpc/jessie  sh -c 'echo $0'
  /bin/sh

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20210222105004.1642234-1-laurent@vivier.eu>


  Commit: 7e588fbc57397daac02cf23677d1849aab7c7507
      
https://github.com/qemu/qemu/commit/7e588fbc57397daac02cf23677d1849aab7c7507
  Author: Vincent Fazio <vfazio@gmail.com>
  Date:   2021-03-13 (Sat, 13 Mar 2021)

  Changed paths:
    M linux-user/elfload.c

  Log Message:
  -----------
  linux-user/elfload: munmap proper address in pgd_find_hole_fallback

Previously, if the build host's libc did not define MAP_FIXED_NOREPLACE
or if the running kernel didn't support that flag, it was possible for
pgd_find_hole_fallback to munmap an incorrect address which could lead to
SIGSEGV if the range happened to overlap with the mapped address of the
QEMU binary.

  mmap(0x1000, 22261224, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, 
-1, 0) = 0x7f889d331000
  munmap(0x1000, 22261224)                = 0
  --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=0x84b817} ---
  ++ killed by SIGSEGV +++

Now, always munmap the address returned by mmap.

Fixes: 2667e069e7b5 ("linux-user: don't use MAP_FIXED in 
pgd_find_hole_fallback")
Signed-off-by: Vincent Fazio <vfazio@gmail.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20210131061849.12615-1-vfazio@xes-inc.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>


  Commit: 934eed517857ce2de9a8a92c2599612581b4eb4a
      
https://github.com/qemu/qemu/commit/934eed517857ce2de9a8a92c2599612581b4eb4a
  Author: Vincent Fazio <vfazio@gmail.com>
  Date:   2021-03-13 (Sat, 13 Mar 2021)

  Changed paths:
    M linux-user/elfload.c

  Log Message:
  -----------
  linux-user/elfload: do not assume MAP_FIXED_NOREPLACE kernel support

Previously, pgd_find_hole_fallback assumed that if the build host's libc
had MAP_FIXED_NOREPLACE defined that the address returned by mmap would
match the requested address. This is not a safe assumption for Linux
kernels prior to 4.17

Now, we always compare mmap's resultant address with the requested
address and no longer short-circuit based on MAP_FIXED_NOREPLACE.

Fixes: 2667e069e7b5 ("linux-user: don't use MAP_FIXED in 
pgd_find_hole_fallback")
Signed-off-by: Vincent Fazio <vfazio@gmail.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20210131061930.14554-1-vfazio@xes-inc.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>


  Commit: 0266e8e3b3981b492e82be20bb97e8ed9792ed00
      
https://github.com/qemu/qemu/commit/0266e8e3b3981b492e82be20bb97e8ed9792ed00
  Author: Vincent Fazio <vfazio@gmail.com>
  Date:   2021-03-13 (Sat, 13 Mar 2021)

  Changed paths:
    M linux-user/elfload.c

  Log Message:
  -----------
  linux-user/elfload: fix address calculation in fallback scenario

Previously, guest_loaddr was not taken into account when returning an
address from pgb_find_hole when /proc/self/maps was unavailable which
caused an improper guest_base address to be calculated.

This could cause a SIGSEGV later in load_elf_image -> target_mmap for
ET_EXEC type images since the mmap MAP_FIXED flag is specified which
could clobber existing mappings at the address returnd by g2h().

  mmap(0xd87000, 16846912, PROT_NONE, 
MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE|0x100000, -1, 0) = 0xd87000
  munmap(0xd87000, 16846912)              = 0
  write(2, "Locating guest address space @ 0"..., 40Locating guest address 
space @ 0xd87000) = 40
  mmap(0x1187000, 16850944, PROT_NONE, 
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x1187000
  --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_ACCERR, si_addr=0x2188310} ---
  +++ killed by SIGSEGV +++

Now, pgd_find_hole accounts for guest_loaddr in this scenario.

Fixes: ad592e37dfcc ("linux-user: provide fallback pgd_find_hole for bare 
chroots")
Signed-off-by: Vincent Fazio <vfazio@gmail.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20210131061948.15990-1-vfazio@xes-inc.com>
[lv: updated it to check if ret == -1]
Signed-off-by: Laurent Vivier <laurent@vivier.eu>


  Commit: 6157b0e19721aadb4c7fdcfe57b2924af6144b14
      
https://github.com/qemu/qemu/commit/6157b0e19721aadb4c7fdcfe57b2924af6144b14
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   2021-03-14 (Sun, 14 Mar 2021)

  Changed paths:
    M linux-user/elfload.c
    M linux-user/main.c
    M linux-user/syscall.c
    M scripts/qemu-binfmt-conf.sh

  Log Message:
  -----------
  Merge remote-tracking branch 
'remotes/vivier2/tags/linux-user-for-6.0-pull-request' into staging

linux-user pull request 20210313

- fix elfload
- fix executable page of /proc/self/maps
- add preserve-arg[0] support for binfmt_misc

# gpg: Signature made Sat 13 Mar 2021 09:47:23 GMT
# gpg:                using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C
# gpg:                issuer "laurent@vivier.eu"
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full]
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>" [full]
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" 
[full]
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F  5173 F30C 38BD 3F2F BE3C

* remotes/vivier2/tags/linux-user-for-6.0-pull-request:
  linux-user/elfload: fix address calculation in fallback scenario
  linux-user/elfload: do not assume MAP_FIXED_NOREPLACE kernel support
  linux-user/elfload: munmap proper address in pgd_find_hole_fallback
  linux-user: manage binfmt-misc preserve-arg[0] flag
  linux-user: Fix executable page of /proc/self/maps

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>


Compare: https://github.com/qemu/qemu/compare/757acb9a8295...6157b0e19721

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-commits] [qemu/qemu] 08f3a9: linux-user: Fix executable page of /proc/self/maps, Peter Maydell <=
- [Qemu-commits] [qemu/qemu] 08f3a9: linux-user: Fix executable page of /proc/self/maps, Peter Maydell, 2021/03/14

Prev by Date: [Qemu-commits] [qemu/qemu] da668a: tests: Move unit tests into a separate directory
Next by Date: [Qemu-commits] [qemu/qemu] 08f3a9: linux-user: Fix executable page of /proc/self/maps
Previous by thread: [Qemu-commits] [qemu/qemu] da668a: tests: Move unit tests into a separate directory
Next by thread: [Qemu-commits] [qemu/qemu] 08f3a9: linux-user: Fix executable page of /proc/self/maps
Index(es):
- Date
- Thread