linux-user: Fix shmat(NULL) for h != g

In the h != g && shmaddr == NULL && !reserved_va case, target_shmat() incorrectly mmap()s the initial anonymous range with MAP_FIXED_NOREPLACE, even though the earlier mmap_find_vma() has already reserved the respective address range. Fix by using MAP_FIXED when "mapped", which is set after mmap_find_vma(), is true. Fixes: 78bc8ed ("linux-user: Rewrite target_shmat") Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com> Message-Id: <20240325192436.561154-4-iii@linux.ibm.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
qemu · Mar 27, 2024 · fa527b4 · fa527b4
1 parent e6763d7
commit fa527b4
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/linux-user/mmap.c b/linux-user/mmap.c
@@ -1354,7 +1354,7 @@ abi_ulong target_shmat(CPUArchState *cpu_env, int shmid,
         if (h_len != t_len) {
             int mmap_p = PROT_READ | (shmflg & SHM_RDONLY ? 0 : PROT_WRITE);
             int mmap_f = MAP_PRIVATE | MAP_ANONYMOUS
-                       | (reserved_va || (shmflg & SHM_REMAP)
+                       | (reserved_va || mapped || (shmflg & SHM_REMAP)
                           ? MAP_FIXED : MAP_FIXED_NOREPLACE);
 
             test = mmap(want, m_len, mmap_p, mmap_f, -1, 0);