Re: kern/56819: netbsd32 compat does not handle sign-extended addresses

To: gnats-bugs%netbsd.org@localhost
Subject: Re: kern/56819: netbsd32 compat does not handle sign-extended addresses
From: Michael van Elst <mlelstv%serpens.de@localhost>
Date: Sat, 7 May 2022 15:28:23 +0200

On Sat, May 07, 2022 at 11:55:02AM +0000, Martin Husemann wrote:
> The following reply was made to PR kern/56819; it has been noted by GNATS.
> 
> From: Martin Husemann <martin%duskware.de@localhost>
> To: gnats-bugs%netbsd.org@localhost
> Cc: 
> Subject: Re: kern/56819: netbsd32 compat does not handle sign-extended
>  addresses
> Date: Sat, 7 May 2022 13:54:12 +0200
> 
>  On Sat, May 07, 2022 at 11:10:00AM +0000, mlelstv%netbsd.org@localhost wrote:
>  > Run a 32bit program on aarch64 that calls mmap and gets a mapping
>  > beyond 2GB.
>  
>  How could that ever happen? Can you provide a sample program or point
>  at one that makes it happen?
>  
>  Maybe the MD parts of ASLR are broken for aarch64?


A 32bit process running on an aarch64 system has a 4GB address space,
the "cut" (VM_MAXUSER_ADDRESS32) is at 0xfffff000, i.e. only the last
page doesn't exist. This is different from a native 32bit arm process
where the "cut" is at 2GB, so "negative" addresses are not used.

pmap doesn't work, but procfs shows e.g.:

0x980000 0x987000 r-x r-x COW NC 1 0 0
0x996000 0xa57000 rw- rw- COW NNC 1 0 0
0xed200000 0xed213000 r-x r-x COW NC 1 0 0
0xed213000 0xed222000 --- --- COW NC 1 0 0
0xed222000 0xed223000 rw- rw- COW NNC 1 0 0
0xeec00000 0xeec10000 rw- rw- COW NNC 1 0 0
0xeec10000 0xeee00000 rw- rw- COW NC 1 0 0
0xeeef4000 0xeef34000 rw- rw- COW NNC 1 0 0
0xeef34000 0xef020000 rw- rw- COW NNC 1 0 0
0xef020000 0xef1bb000 r-x r-x COW NC 1 0 0
0xef1bb000 0xef1ca000 --- r-x COW NC 1 0 0
0xef1ca000 0xef1d4000 rw- rw- COW NNC 1 0 0
0xef1d4000 0xef1f0000 rw- rw- COW NNC 1 0 0
0xef1f0000 0xef1f2000 r-x r-x COW NC 1 0 0
0xef1f2000 0xef201000 --- r-x COW NC 1 0 0
0xef201000 0xef202000 rw- rw- COW NNC 1 0 0
0xef202000 0xef20e000 rw- rw- COW NNC 1 0 0
0xfbeff000 0xff756000 --- --- COW NC 1 0 0
0xff756000 0xfff50000 rw- rw- COW NC 1 0 0
0xfff50000 0xfff55000 rw- rw- COW NNC 1 0 0
0xfff55000 0xfff56000 rw- rw- COW NNC 1 0 0


The assumption is that the 64bit kernel sees the addresses
sign extended on some level and passes an unsigned value (vaddr)
from the ranges

0x0000000000000000 .. 0x000000007fffffff
0xffffffff80000000 .. 0xfffffffffffff000

to the compat routine.



Greetings,
-- 
                                Michael van Elst
Internet: mlelstv%serpens.de@localhost
                                "A potential Snark may lurk in every tree."

References:
- Re: kern/56819: netbsd32 compat does not handle sign-extended addresses
  - From: Martin Husemann

Prev by Date: Re: misc/56820: Many FPE related tests fail on softfloat machines
Next by Date: Re: kern/56819: netbsd32 compat does not handle sign-extended addresses
Previous by Thread: Re: kern/56819: netbsd32 compat does not handle sign-extended addresses
Next by Thread: Re: kern/56819: netbsd32 compat does not handle sign-extended addresses
Indexes:

Home | Main Index | Thread Index | Old Index