linux-user: Use MAP_FIXED_NOREPLACE for initial image mmap

Use this as extra protection for the guest mapping over any qemu host mappings. Tested-by: Helge Deller <deller@gmx.de> Reviewed-by: Helge Deller <deller@gmx.de> Reviewed-by: Akihiko Odaki <akihiko.odaki@daynix.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-08-03 17:55:28 +00:00 · 2023-08-03 17:55:28 +00:00 · ad25051bae
commit ad25051bae
parent da2b71fab6
1 changed files with 6 additions and 3 deletions
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@ -3147,8 +3147,11 @@ static void load_elf_image(const char *image_name, int image_fd,
    /*
     * Reserve address space for all of this.
     *
-     * In the case of ET_EXEC, we supply MAP_FIXED so that we get
-     * exactly the address range that is required.
+     * In the case of ET_EXEC, we supply MAP_FIXED_NOREPLACE so that we get
+     * exactly the address range that is required.  Without reserved_va,
+     * the guest address space is not isolated.  We have attempted to avoid
+     * conflict with the host program itself via probe_guest_base, but using
+     * MAP_FIXED_NOREPLACE instead of MAP_FIXED provides an extra check.
     *
     * Otherwise this is ET_DYN, and we are searching for a location
     * that can hold the memory space required.  If the image is
@ -3160,7 +3163,7 @@ static void load_elf_image(const char *image_name, int image_fd,
     */
    load_addr = target_mmap(loaddr, (size_t)hiaddr - loaddr + 1, PROT_NONE,
                            MAP_PRIVATE | MAP_ANON | MAP_NORESERVE |
-                            (ehdr->e_type == ET_EXEC ? MAP_FIXED : 0),
+                            (ehdr->e_type == ET_EXEC ? MAP_FIXED_NOREPLACE : 0),
                            -1, 0);
    if (load_addr == -1) {
        goto exit_mmap;