diff options
| author | Christian Krinitsin <mail@krinitsin.com> | 2025-05-21 21:21:26 +0200 |
|---|---|---|
| committer | Christian Krinitsin <mail@krinitsin.com> | 2025-05-21 21:21:26 +0200 |
| commit | 4b927bc37359dec23f67d3427fc982945f24f404 (patch) | |
| tree | 245449ef9146942dc7fffd0235b48b7e70a00bf2 /gitlab/issues/target_missing/host_missing/accel_missing/1760.toml | |
| parent | aa8bd79cec7bf6790ddb01d156c2ef2201abbaab (diff) | |
| download | emulator-bug-study-4b927bc37359dec23f67d3427fc982945f24f404.tar.gz emulator-bug-study-4b927bc37359dec23f67d3427fc982945f24f404.zip | |
add gitlab issues in toml format
Diffstat (limited to 'gitlab/issues/target_missing/host_missing/accel_missing/1760.toml')
| -rw-r--r-- | gitlab/issues/target_missing/host_missing/accel_missing/1760.toml | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/gitlab/issues/target_missing/host_missing/accel_missing/1760.toml b/gitlab/issues/target_missing/host_missing/accel_missing/1760.toml new file mode 100644 index 00000000..44aa5113 --- /dev/null +++ b/gitlab/issues/target_missing/host_missing/accel_missing/1760.toml @@ -0,0 +1,61 @@ +id = 1760 +title = "qemu8-i386 gets wrong arguments for 32-bit old mmap syscall (_NR_mmap = 90)" +state = "closed" +created_at = "2023-07-12T18:40:17.467Z" +closed_at = "2023-08-05T21:22:39.184Z" +labels = [] +url = "https://gitlab.com/qemu-project/qemu/-/issues/1760" +host-os = "Fedora 36" +host-arch = "x86_64" +qemu-version = "commit fcb237e64f9d026c03d635579c7b288d0008a6e5 (HEAD -> master, origin/master, origin/HEAD)" +guest-os = "Fedora 36" +guest-arch = "i686" +description = """qemu8-i386 does not decode syscall arguments correctly for system call _NR_mmap = 90 on i386. +``` +$ strace ./oldmmap +execve("./oldmmap", ["./oldmmap"], 0x7fff46ba6d40 /* 61 vars */) = 0 +[ Process PID=405233 runs in 32 bit mode. ] +mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xf7fa7000 +exit(5) = ? ++++ exited with 5 +++ + +$ build/qemu-i386 -strace ./oldmmap +405254 mmap(0x40800058,0,PROT_NONE,0,0,0) = 0x3fffb000 +405254 exit(5) +```""" +reproduce = """1. gcc -m32 -o oldmmap -nostartfiles -nostdlib oldmmap.S # build 32-bit executable +2. strace ./oldmmap # run under strace +3. build/qemu-i386 -strace ./oldmmap # run under "qemu-i386 -strace" +4. Notice that qemu-i386 did not report the same arguments to the _NR_map syscall as /usr/bin/strace did.""" +additional = """``` +$ cat oldmmap.S +MAP_FIXED= 0x10 +MAP_PRIVATE= 0x02 +MAP_ANONYMOUS= 0x20 + +PROT_READ= 1 +PROT_WRITE= 2 +PROT_EXEC= 4 + +_NR_exit = 1 +_NR_mmap = 90 // oldmmap: %ebx -> array of 6 arguments + + .globl _start +_start: + push $0 // offset + push $-1 // fd + push $MAP_PRIVATE|MAP_ANONYMOUS // flags + push $PROT_READ|PROT_WRITE // protection + push $2<<12 // length + push $0 // addr (kernel chooses) + mov %esp,%ebx + mov $_NR_mmap,%eax + int $0x80 + nop + + mov $5,%ebx + mov $_NR_exit,%eax + int $0x80 + hlt +$ +```""" |