Skip to content
Snippets Groups Projects
New look
Closed qemu8-i386 gets wrong arguments for 32-bit old mmap syscall (_NR_mmap = 90)
  • View options

    • qemu8-i386 gets wrong arguments for 32-bit old mmap syscall (_NR_mmap = 90)

  • View options
    • Closed Issue created by John Reiser

    Host environment

    • Operating system: Fedora 36

    • OS/kernel version: Linux host 6.2.15-100.fc36.x86_64 #1 SMP PREEMPT_DYNAMIC Thu May 11 16:51:53 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux

    • Architecture: x86_64

    • QEMU flavor: qemu-i386 (user mode only)

    • QEMU version: commit fcb237e6 (HEAD -> master, origin/master, origin/HEAD) Merge: 2ff49e96 c00aac6f Date: Mon Jul 10 09:17:06 2023 +0100

    • QEMU command line: build/qemu-i386 -strace ./oldmmap

    Emulated/Virtualized environment

    • Operating system: Fedora 36
    • OS/kernel version: Linux host 6.2.15-100.fc36.x86_64 #1 SMP PREEMPT_DYNAMIC Thu May 11 16:51:53 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
    • Architecture: i686

    Description of problem

    qemu8-i386 does not decode syscall arguments correctly for system call _NR_mmap = 90 on i386.

    $ strace ./oldmmap
execve("./oldmmap", ["./oldmmap"], 0x7fff46ba6d40 /* 61 vars */) = 0
[ Process PID=405233 runs in 32 bit mode. ]
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xf7fa7000
exit(5)                                 = ?
+++ exited with 5 +++

$ build/qemu-i386 -strace ./oldmmap
405254 mmap(0x40800058,0,PROT_NONE,0,0,0) = 0x3fffb000
405254 exit(5)

    Steps to reproduce

    1. gcc -m32 -o oldmmap -nostartfiles -nostdlib oldmmap.S # build 32-bit executable
    2. strace ./oldmmap # run under strace
    3. build/qemu-i386 -strace ./oldmmap # run under "qemu-i386 -strace"
    4. Notice that qemu-i386 did not report the same arguments to the _NR_map syscall as /usr/bin/strace did.

    Additional information

    $ cat oldmmap.S
MAP_FIXED=     0x10
MAP_PRIVATE=   0x02
MAP_ANONYMOUS= 0x20

PROT_READ=      1
PROT_WRITE=     2
PROT_EXEC=      4

_NR_exit = 1
_NR_mmap = 90  // oldmmap: %ebx -> array of 6 arguments

    .globl _start
_start:
    push $0  // offset
    push $-1  // fd
    push $MAP_PRIVATE|MAP_ANONYMOUS  // flags
    push $PROT_READ|PROT_WRITE  // protection
    push $2<<12  // length
    push $0  // addr (kernel chooses)
    mov %esp,%ebx
    mov $_NR_mmap,%eax
    int $0x80
    nop

    mov $5,%ebx
    mov $_NR_exit,%eax
    int $0x80
    hlt
$

    Linked items 0

    • Link items together to show that they're related or that one is blocking others.

    Activity

    • All activity
    • Comments only
    • History only
    • Newest first
    • Oldest first
    Loading Loading Loading Loading Loading Loading Loading Loading Loading Loading