Commit 2422884ec5 for qemu.org

commit 2422884ec5a12037d2378f45ca1411d3f37c7081
Author: Matthew Lugg <mlugg@mlugg.co.uk>
Date:   Mon Nov 17 17:09:52 2025 +0000

    linux-user: fix mremap errors for invalid ranges

    If an address range given to `mremap` is invalid (exceeds addressing
    bounds on the guest), we were previously returning `ENOMEM`, which is
    not correct. The manpage and the Linux kernel implementation both agree
    that if `old_addr`/`old_size` refer to an invalid address, `EFAULT` is
    returned, and if `new_addr`/`new_size` refer to an invalid address,
    `EINVAL` is returned.

    Signed-off-by: Matthew Lugg <mlugg@mlugg.co.uk>
    Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
    Message-ID: <20251117170954.31451-3-mlugg@mlugg.co.uk>

diff --git a/linux-user/mmap.c b/linux-user/mmap.c
index ef3833a2bb..6163f1a0d1 100644
--- a/linux-user/mmap.c
+++ b/linux-user/mmap.c
@@ -1110,12 +1110,15 @@ abi_long target_mremap(abi_ulong old_addr, abi_ulong old_size,
     int prot;
     void *host_addr;

-    if (!guest_range_valid_untagged(old_addr, old_size) ||
-        ((flags & MREMAP_FIXED) &&
+    if (((flags & MREMAP_FIXED) &&
          !guest_range_valid_untagged(new_addr, new_size)) ||
         ((flags & MREMAP_MAYMOVE) == 0 &&
          !guest_range_valid_untagged(old_addr, new_size))) {
-        errno = ENOMEM;
+        errno = EINVAL;
+        return -1;
+    }
+    if (!guest_range_valid_untagged(old_addr, old_size)) {
+        errno = EFAULT;
         return -1;
     }