diff options
| author | Christian Krinitsin <mail@krinitsin.com> | 2025-05-21 21:21:26 +0200 |
|---|---|---|
| committer | Christian Krinitsin <mail@krinitsin.com> | 2025-05-21 21:21:26 +0200 |
| commit | 4b927bc37359dec23f67d3427fc982945f24f404 (patch) | |
| tree | 245449ef9146942dc7fffd0235b48b7e70a00bf2 /gitlab/issues/target_missing/host_missing/accel_missing/927.toml | |
| parent | aa8bd79cec7bf6790ddb01d156c2ef2201abbaab (diff) | |
| download | qemu-analysis-4b927bc37359dec23f67d3427fc982945f24f404.tar.gz qemu-analysis-4b927bc37359dec23f67d3427fc982945f24f404.zip | |
add gitlab issues in toml format
Diffstat (limited to 'gitlab/issues/target_missing/host_missing/accel_missing/927.toml')
| -rw-r--r-- | gitlab/issues/target_missing/host_missing/accel_missing/927.toml | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/gitlab/issues/target_missing/host_missing/accel_missing/927.toml b/gitlab/issues/target_missing/host_missing/accel_missing/927.toml new file mode 100644 index 000000000..24654f70d --- /dev/null +++ b/gitlab/issues/target_missing/host_missing/accel_missing/927.toml @@ -0,0 +1,40 @@ +id = 927 +title = "linux-user: openat on /proc/self/exe can return a closed file descriptor" +state = "opened" +created_at = "2022-03-22T10:51:45.166Z" +closed_at = "n/a" +labels = ["linux-user"] +url = "https://gitlab.com/qemu-project/qemu/-/issues/927" +host-os = "Docker in macOS" +host-arch = "arm64" +qemu-version = "qemu-x86_64 version 6.2.0 (v6.2.0)" +guest-os = "n/a" +guest-arch = "n/a" +description = """`open("/proc/self/exe", ...)` returns a closed file descriptor if qemu-user was executed as an interpreter, passing a file descriptor in the `AT_EXECFD` auxval. + +When the `AT_EXECFD` auxval is nonzero the user program is loaded through `load_elf_binary()` (in `linux-user/elfload.c`) which ultimately calls `load_elf_image()` with that same file descriptor, and `load_elf_image()` closes the file descriptor before returning. + +`do_openat` in `linux-user/syscall.c` will return that file descriptor to the user if the opened path satisfies `is_proc_myself(pathname, "exe")`, which is obviously wrong both in that the file descriptor is closed as part of the initialization process of qemu itself, and that the user program would then close that file descriptor and thus the next invocation of `open` would have the same problem.""" +reproduce = """This program prints `3 3` in a x86_64 docker container on my machine (arm64 macos, which docker desktop handles by running containers in a native linux VM under qemu-user). + +```c +#include <fcntl.h> +#include <stdio.h> + +int main(int argc, char **argv) { + int selfexe = open("/proc/self/exe", O_RDONLY | O_CLOEXEC); + if (selfexe < 0) { + perror("open self"); + return 1; + } + + int devnull = open("/dev/null", O_WRONLY | O_CLOEXEC); + if (devnull < 0) { + perror("open devnull"); + return 1; + } + + printf("%d %d\\n", selfexe, devnull); +} +```""" +additional = """Thanks to @pm215 for helping me pinpoint the exact issue I was encountering.""" |