linux-user: Fix shmat(NULL) for h != g
In the h != g && shmaddr == NULL && !reserved_va case, target_shmat()
incorrectly mmap()s the initial anonymous range with
MAP_FIXED_NOREPLACE, even though the earlier mmap_find_vma() has
already reserved the respective address range.
Fix by using MAP_FIXED when "mapped", which is set after
mmap_find_vma(), is true.
Fixes: 78bc8ed9a8
("linux-user: Rewrite target_shmat")
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-Id: <20240325192436.561154-4-iii@linux.ibm.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
This commit is contained in:
parent
e6763d7dfc
commit
fa527b44c2
@ -1354,7 +1354,7 @@ abi_ulong target_shmat(CPUArchState *cpu_env, int shmid,
|
|||||||
if (h_len != t_len) {
|
if (h_len != t_len) {
|
||||||
int mmap_p = PROT_READ | (shmflg & SHM_RDONLY ? 0 : PROT_WRITE);
|
int mmap_p = PROT_READ | (shmflg & SHM_RDONLY ? 0 : PROT_WRITE);
|
||||||
int mmap_f = MAP_PRIVATE | MAP_ANONYMOUS
|
int mmap_f = MAP_PRIVATE | MAP_ANONYMOUS
|
||||||
| (reserved_va || (shmflg & SHM_REMAP)
|
| (reserved_va || mapped || (shmflg & SHM_REMAP)
|
||||||
? MAP_FIXED : MAP_FIXED_NOREPLACE);
|
? MAP_FIXED : MAP_FIXED_NOREPLACE);
|
||||||
|
|
||||||
test = mmap(want, m_len, mmap_p, mmap_f, -1, 0);
|
test = mmap(want, m_len, mmap_p, mmap_f, -1, 0);
|
||||||
|
Loading…
Reference in New Issue
Block a user