On 10/6/22 08:38, Soichiro Isshiki wrote:
From: sisshiki1969 <[email protected]>
For now, qemu-x86_64 returns ENOMEM when mprotect() was called with an argument
len is 0 from a guest process.
This behavior is incompatible with the current Linux implementation,
which mprotect() with len = 0 does nothing and returns 0,
although it does not appear to be explicitly described in man.
You're right that the ordering of checks differs from the kernel.
The kernel has:
(1) validate prot !(growdown && growup)
(2) validate page aligned
(3) pass len == 0
(4) validate no wraparound
(5) validate prot for arch.
(6) validate vma valid.
while we have
(1) validate page aligned
(2) validate prot for arch
(3) validate vma valid
(4) pass len == 0.
My previous answer vs guest_range_valid_untagged is incorrect considering all of this: if
start > GUEST_ADDR_MAX, that *should* fail vma valid, but the kernel will have returned
success before that.
Although, sorta, this smells like a kernel bug.
Why should mprotect(-4096, 0, 0) succeed while mprotect(-4096, 4096, 0) fails?
But anyway, if we're going to fix len == 0 to match, we might as well fix all 3 test
ordering bugs at the same time.
r~
