1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
semantic: 0.709
register: 0.700
performance: 0.698
device: 0.652
ppc: 0.646
graphic: 0.641
architecture: 0.620
user-level: 0.576
mistranslation: 0.525
vnc: 0.511
PID: 0.506
files: 0.503
hypervisor: 0.493
arm: 0.488
network: 0.484
socket: 0.466
peripherals: 0.402
boot: 0.391
kernel: 0.377
debug: 0.375
x86: 0.336
TCG: 0.322
i386: 0.297
assembly: 0.288
VMM: 0.280
permissions: 0.249
virtual: 0.247
risc-v: 0.218
KVM: 0.164
Bad check for return value of mmap()
In
./roms/skiboot/extract-gcov.c
there is this code:
addr = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
assert(addr != NULL);
This check is wrong, mmap never returns NULL, on errors it returns MAP_FAILED (or -1). (Also sidenote: asserts usually shouldn't be used for error checking.)
In
roms/skiboot/libstb/print-container.c
there's a similar issue:
payload = mmap(NULL, payload_st.st_size - SECURE_BOOT_HEADERS_SIZE,
PROT_READ, MAP_PRIVATE, fdin, SECURE_BOOT_HEADERS_SIZE);
if (!payload)
This if should be (payload == MAP_FAILED).
Another one is in
./roms/skiboot/libstb/create-container.c
And in
./roms/u-boot/tools/aisimage.c
there's an mmap call that does not check the return value at all.
skiboot is a separate project, we do not manage its code in the QEMU project, but just include the source code in our release tarballs since we ship the skiboot binary with QEMU. Please report these problems to the skiboot project instead:
https://github.com/open-power/skiboot
And concerning the mmap in roms/u-boot/, please report that issue to the U-Boot project instead: https://www.denx.de/wiki/U-Boot/
|