|
From: <sv...@va...> - 2006-08-16 14:22:37
|
Author: sewardj
Date: 2006-08-16 15:22:29 +0100 (Wed, 16 Aug 2006)
New Revision: 6003
Log:
When handling mremap, disallow an expanding in-place remap if it would
trash some other segment as a result of the expansion. This fixes
#129866. I don't know if it is a good solution though. Causes
none/tests/mremap{,2} to fail now, although I think it is still OK.
mremap really is a semantic disaster area.
Modified:
trunk/coregrind/m_aspacemgr/aspacemgr.c
trunk/coregrind/m_syswrap/syswrap-generic.c
Modified: trunk/coregrind/m_aspacemgr/aspacemgr.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- trunk/coregrind/m_aspacemgr/aspacemgr.c 2006-08-16 01:50:55 UTC (rev =
6002)
+++ trunk/coregrind/m_aspacemgr/aspacemgr.c 2006-08-16 14:22:29 UTC (rev =
6003)
@@ -2903,6 +2903,9 @@
NSegment seg_copy =3D *seg;
SizeT seg_old_len =3D seg->end + 1 - seg->start;
=20
+ if (0)
+ VG_(am_show_nsegments)(0, "VG_(am_extend_map_client) BEFORE");
+
if (seg->kind !=3D SkFileC && seg->kind !=3D SkAnonC)
return False;
=20
@@ -2924,6 +2927,9 @@
if (sres.isError) {
AM_SANITY_CHECK;
return False;
+ } else {
+ /* the area must not have moved */
+ aspacem_assert(sres.val =3D=3D seg->start);
}
=20
*need_discard =3D any_Ts_in_range( seg_copy.end+1, delta );
@@ -2931,6 +2937,9 @@
seg_copy.end +=3D delta;
add_segment( &seg_copy );
=20
+ if (0)
+ VG_(am_show_nsegments)(0, "VG_(am_extend_map_client) AFTER");
+
AM_SANITY_CHECK;
return True;
}
Modified: trunk/coregrind/m_syswrap/syswrap-generic.c
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
--- trunk/coregrind/m_syswrap/syswrap-generic.c 2006-08-16 01:50:55 UTC (=
rev 6002)
+++ trunk/coregrind/m_syswrap/syswrap-generic.c 2006-08-16 14:22:29 UTC (=
rev 6003)
@@ -187,6 +187,8 @@
old_addr,old_len,new_addr,new_len,=20
flags & VKI_MREMAP_MAYMOVE ? "MAYMOVE" : "",
flags & VKI_MREMAP_FIXED ? "FIXED" : "");
+ if (0)
+ VG_(am_show_nsegments)(0, "do_remap: before");
=20
if (flags & ~(VKI_MREMAP_FIXED | VKI_MREMAP_MAYMOVE))
goto eINVAL;
@@ -327,6 +329,18 @@
/* VG_(am_get_advisory_client_simple) interprets zero to mean
non-fixed, which is not what we want */
advised =3D VG_(am_get_advisory_client_simple)( needA, needL, &ok );
+ if (ok) {
+ /* VG_(am_get_advisory_client_simple) (first arg =3D=3D 0, meaning
+ this-or-nothing) is too lenient, and may allow us to trash
+ the next segment along. So make very sure that the proposed
+ new area really is free. This is perhaps overly
+ conservative, but it fixes #129866. */
+ NSegment* segLo =3D VG_(am_find_nsegment)( needA );
+ NSegment* segHi =3D VG_(am_find_nsegment)( needA + needL - 1 );
+ if (segLo =3D=3D NULL || segHi =3D=3D NULL=20
+ || segLo !=3D segHi || segLo->kind !=3D SkFree)
+ ok =3D False;
+ }
if (ok && advised =3D=3D needA) {
ok =3D VG_(am_extend_map_client)( &d, old_seg, needL );
if (ok) {
@@ -374,6 +388,17 @@
/* VG_(am_get_advisory_client_simple) interprets zero to mean
non-fixed, which is not what we want */
advised =3D VG_(am_get_advisory_client_simple)( needA, needL, &ok );
+ if (ok) {
+ /* VG_(am_get_advisory_client_simple) (first arg =3D=3D 0, meaning
+ this-or-nothing) is too lenient, and may allow us to trash
+ the next segment along. So make very sure that the proposed
+ new area really is free. */
+ NSegment* segLo =3D VG_(am_find_nsegment)( needA );
+ NSegment* segHi =3D VG_(am_find_nsegment)( needA + needL - 1 );
+ if (segLo =3D=3D NULL || segHi =3D=3D NULL=20
+ || segLo !=3D segHi || segLo->kind !=3D SkFree)
+ ok =3D False;
+ }
if (!ok || advised !=3D needA)
goto eNOMEM;
ok =3D VG_(am_extend_map_client)( &d, old_seg, needL );
|