From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <libc-stable-return-965-listarch-libc-stable=sourceware.org@sourceware.org>
Received: (qmail 125558 invoked by alias); 15 Jul 2019 12:24:24 -0000
Mailing-List: contact libc-stable-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:libc-stable@sourceware.org>
List-Help: <mailto:libc-stable-help@sourceware.org>
List-Subscribe: <mailto:libc-stable-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/libc-stable/>
Sender: libc-stable-owner@sourceware.org
Received: (qmail 125459 invoked by uid 89); 15 Jul 2019 12:24:16 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Checked: by ClamAV 0.100.3 on sourceware.org
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-15.1 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.1 spammy=
X-Spam-Status: No, score=-15.1 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_0,GIT_PATCH_1,GIT_PATCH_2,GIT_PATCH_3,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on sourceware.org
X-Spam-Level:
X-HELO: mail-qk1-f194.google.com
Received: from mail-qk1-f194.google.com (HELO mail-qk1-f194.google.com) (209.85.222.194) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 15 Jul 2019 12:24:02 +0000
Received: by mail-qk1-f194.google.com with SMTP id t8so11410489qkt.1        for <libc-stable@sourceware.org>; Mon, 15 Jul 2019 05:24:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;        d=linaro.org; s=google;        h=from:to:subject:date:message-id;        bh=JgYlpeaEPEM0j+zk6su1PgVVpyO96U9EJ+UBEnSlSD0=;        b=DbWzrXusv5W/nHbhnxu2agEOYnXlYldttU9yOnAoP4oFlzJSQaEbgIVxTR/y7OZved         r8QB8RMuBlcC5Aofi2RdWMWtPqFI7R0tcHzrb1jcFCofQPgXBLXVLDsLMhtkMXwVjV0x         T9+gKOSEgjd6NKDQehv0cRelv9ogjzT+GKuey8LIc9LF/NzwbGvd/SRtVwtcmSTbQs7T         NTNJikh/cU7+1lzWtQ5BGwmqPtfvuO4IIVVsSGhoWGgni3unkeuVpsqmM5JEWZ174MYq         nqvIWR5GemouL/pJVHf0s00fae27oHka5Z8XbeYrVPBQGO3hiJAWsI18oP/sDY3rAaSK         mq6Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;        d=1e100.net; s=20161025;        h=x-gm-message-state:from:to:subject:date:message-id;        bh=JgYlpeaEPEM0j+zk6su1PgVVpyO96U9EJ+UBEnSlSD0=;        b=LM9V+ebTAweTqBbq/zJVwiNZnUu1KXLs04pM8gh6xqAi6l0fu+HnLYHTP6ahrZmY/2         CzmpuOpD/Zx5t8vKo4qXnOp0C8dSByn6j2teTP6lkWwIbB2klgD8HIQVw8cLbwwiaH5E         eXKBBfJFVqVPI6EB+CLNnLsHTYU6lv5vyvGQzQtCJzUY6smUEqDZJVydWb8qQtx8qBTF         Xhan2BBLPLv1Q3OecZ+/zciaJvSCILxtFoGHe2tkznIF5qEzlZGQqyl9KgOiott5uySn         F4hNUhKr15Ce4vPHlfov2lxqtEkFTCDnZr3M4+J80a+9YNgbRawFWeRllNk2RGj0Sga8         slSA==
X-Gm-Message-State: APjAAAV1Hdw2RFXIbeF/PrfL7a0Y99K1cenZN76+qzoIy/k8S76eRea2	BCRZ86dHFEt/dh+M2KeBYp3k2XxrS4s=
X-Google-Smtp-Source: APXvYqwXmvJ+UeNF5rUhpSxhSTbkGxVKMgVh+83h7ZR/CaU+Qc7KnX4OngkL/0+WsoufjCfZM3FgmA==
X-Received: by 2002:a37:9844:: with SMTP id a65mr16308275qke.500.1563193440858;        Mon, 15 Jul 2019 05:24:00 -0700 (PDT)
Received: from localhost.localdomain ([179.159.209.43])        by smtp.googlemail.com with ESMTPSA id a23sm7666570qtp.22.2019.07.15.05.23.59        for <libc-stable@sourceware.org>        (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256);        Mon, 15 Jul 2019 05:24:00 -0700 (PDT)
From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
To: libc-stable@sourceware.org
Subject: [2.26 COMMITTED] posix: Fix large mmap64 offset for mips64n32 (BZ#24699)
Date: Tue, 01 Jan 2019 00:00:00 -0000
Message-Id: <20190715122356.9267-1-adhemerval.zanella@linaro.org>
X-Mailer: git-send-email 2.17.1
X-IsSubscribed: yes
X-SW-Source: 2019-07/txt/msg00008.txt.bz2

The fix for BZ#21270 (commit 158d5fa0e19) added a mask to avoid offset larger
than 1^44 to be used along __NR_mmap2.  However mips64n32 users __NR_mmap,
as mips64n64, but still defines off_t as old non-LFS type (other ILP32, such
x32, defines off_t being equal to off64_t).  This leads to use the same
mask meant only for __NR_mmap2 call for __NR_mmap, thus limiting the maximum
offset it can use with mmap64.

This patch fixes by setting the high mask only for __NR_mmap2 usage. The
posix/tst-mmap-offset.c already tests it and also fails for mips64n32. The
patch also change the test to check for an arch-specific header that defines
the maximum supported offset.

Checked on x86_64-linux-gnu, i686-linux-gnu, and I also tests tst-mmap-offset
on qemu simulated mips64 with kernel 3.2.0 kernel for both mips-linux-gnu and
mips64-n32-linux-gnu.

	[BZ #24699]
	* posix/tst-mmap-offset.c: Mention BZ #24699.
	(do_test_bz21270): Rename to do_test_large_offset and use
	mmap64_maximum_offset to check for maximum expected offset value.
	* sysdeps/generic/mmap_info.h: New file.
	* sysdeps/unix/sysv/linux/mips/mmap_info.h: Likewise.
	* sysdeps/unix/sysv/linux/mmap64.c (MMAP_OFF_HIGH_MASK): Define iff
	__NR_mmap2 is used.

(cherry picked from commit a008c76b56e4f958cf5a0d6f67d29fade89421b7)
---
 ChangeLog                                | 11 +++++++++++
 posix/tst-mmap-offset.c                  |  9 +++++----
 sysdeps/generic/mmap_info.h              | 16 ++++++++++++++++
 sysdeps/unix/sysv/linux/mips/mmap_info.h | 13 +++++++++++++
 sysdeps/unix/sysv/linux/mmap64.c         |  9 ++++++++-
 5 files changed, 53 insertions(+), 5 deletions(-)
 create mode 100644 sysdeps/generic/mmap_info.h
 create mode 100644 sysdeps/unix/sysv/linux/mips/mmap_info.h

diff --git a/posix/tst-mmap-offset.c b/posix/tst-mmap-offset.c
index 5bb88aab10..cfd82484f6 100644
--- a/posix/tst-mmap-offset.c
+++ b/posix/tst-mmap-offset.c
@@ -1,4 +1,4 @@
-/* BZ #18877 and #21270 mmap offset test.
+/* BZ #18877, BZ #21270, and BZ #24699 mmap offset test.
 
    Copyright (C) 2015-2017 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
@@ -24,6 +24,7 @@
 #include <unistd.h>
 #include <errno.h>
 #include <sys/mman.h>
+#include <mmap_info.h>
 
 #include <support/check.h>
 
@@ -76,7 +77,7 @@ do_test_bz18877 (void)
 
 /* Check if invalid offset are handled correctly by mmap.  */
 static int
-do_test_bz21270 (void)
+do_test_large_offset (void)
 {
   /* For architectures with sizeof (off_t) < sizeof (off64_t) mmap is
      implemented with __SYS_mmap2 syscall and the offset is represented in
@@ -90,7 +91,7 @@ do_test_bz21270 (void)
   const size_t length = 4096;
 
   void *addr = mmap64 (NULL, length, prot, flags, fd, offset);
-  if (sizeof (off_t) < sizeof (off64_t))
+  if (mmap64_maximum_offset (page_shift) < UINT64_MAX)
     {
       if ((addr != MAP_FAILED) && (errno != EINVAL))
 	FAIL_RET ("mmap succeed");
@@ -110,7 +111,7 @@ do_test (void)
   int ret = 0;
 
   ret += do_test_bz18877 ();
-  ret += do_test_bz21270 ();
+  ret += do_test_large_offset ();
 
   return ret;
 }
diff --git a/sysdeps/generic/mmap_info.h b/sysdeps/generic/mmap_info.h
new file mode 100644
index 0000000000..b3087df2d3
--- /dev/null
+++ b/sysdeps/generic/mmap_info.h
@@ -0,0 +1,16 @@
+/* As default architectures with sizeof (off_t) < sizeof (off64_t) the mmap is
+   implemented with __SYS_mmap2 syscall and the offset is represented in
+   multiples of page size.  For offset larger than
+   '1 << (page_shift + 8 * sizeof (off_t))' (that is, 1<<44 on system with
+   page size of 4096 bytes) the system call silently truncates the offset.
+   For this case, glibc mmap implementation returns EINVAL.  */
+
+/* Return the maximum value expected as offset argument in mmap64 call.  */
+static inline uint64_t
+mmap64_maximum_offset (long int page_shift)
+{
+  if (sizeof (off_t) < sizeof (off64_t))
+    return (UINT64_C(1) << (page_shift + (8 * sizeof (off_t)))) - 1;
+  else
+    return UINT64_MAX;
+}
diff --git a/sysdeps/unix/sysv/linux/mips/mmap_info.h b/sysdeps/unix/sysv/linux/mips/mmap_info.h
new file mode 100644
index 0000000000..07c9e3a044
--- /dev/null
+++ b/sysdeps/unix/sysv/linux/mips/mmap_info.h
@@ -0,0 +1,13 @@
+/* mips64n32 uses __NR_mmap for mmap64 while still having sizeof (off_t)
+   smaller than sizeof (off64_t).  So it allows mapping large offsets
+   using mmap64 than 32-bit archs which uses __NR_mmap2.  */
+
+static inline uint64_t
+mmap64_maximum_offset (long int page_shift)
+{
+#if _MIPS_SIM == _ABIN32 || _MIPS_SIM == _ABI64
+  return UINT64_MAX;
+#else
+  return (UINT64_C(1) << (page_shift + (8 * sizeof (off_t)))) - 1;
+#endif
+}
diff --git a/sysdeps/unix/sysv/linux/mmap64.c b/sysdeps/unix/sysv/linux/mmap64.c
index e8d519b17a..8441a9caa7 100644
--- a/sysdeps/unix/sysv/linux/mmap64.c
+++ b/sysdeps/unix/sysv/linux/mmap64.c
@@ -23,11 +23,18 @@
 #include <sysdep.h>
 #include <mmap_internal.h>
 
+#ifdef __NR_mmap2
 /* To avoid silent truncation of offset when using mmap2, do not accept
    offset larger than 1 << (page_shift + off_t bits).  For archictures with
    32 bits off_t and page size of 4096 it would be 1^44.  */
-#define MMAP_OFF_HIGH_MASK \
+# define MMAP_OFF_HIGH_MASK \
   ((-(MMAP2_PAGE_UNIT << 1) << (8 * sizeof (off_t) - 1)))
+#else
+/* Some ABIs might use __NR_mmap while having sizeof (off_t) smaller than
+   sizeof (off64_t) (currently only MIPS64n32).  For this case just set
+   zero the higher bits so mmap with large offset does not fail.  */
+# define MMAP_OFF_HIGH_MASK  0x0
+#endif
 
 #define MMAP_OFF_MASK (MMAP_OFF_HIGH_MASK | MMAP_OFF_LOW_MASK)
 
-- 
2.17.1