Re: [Qemu-devel] [PATCH] linux-user: fix host_to_target

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH] linux-user: fix host_to_target_cmsg in case of

From:	Peter Maydell
Subject:	Re: [Qemu-devel] [PATCH] linux-user: fix host_to_target_cmsg in case of multiple headers
Date:	Thu, 27 Aug 2015 19:06:24 +0100

On 27 August 2015 at 15:50, Jonathan Neuschäfer <address@hidden> wrote:
> In the current implementation, __target_cmsg_nxthdr compares a pointer
> derived from target_cmsg against the msg_control field of target_msgh
> (through subtraction).  This failed for me when emulating i386 code
> under x86_64, because pointers in the host address space and pointers in
> the guest address space were not the same.  This patch adds a g2h()
> address translation around the msg_control value.
>
> Signed-off-by: Jonathan Neuschäfer <address@hidden>
> ---
>  linux-user/syscall_defs.h | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h
> index edd5f3c..1eaaf2a 100644
> --- a/linux-user/syscall_defs.h
> +++ b/linux-user/syscall_defs.h
> @@ -248,7 +248,7 @@ __target_cmsg_nxthdr (struct target_msghdr *__mhdr, 
> struct target_cmsghdr *__cms
>
>    __ptr = (struct target_cmsghdr *)((unsigned char *) __cmsg
>                                      + TARGET_CMSG_ALIGN 
> (tswapal(__cmsg->cmsg_len)));
> -  if ((unsigned long)((char *)(__ptr+1) - (char 
> *)(size_t)tswapal(__mhdr->msg_control))
> +  if ((unsigned long)((char *)(__ptr+1) - (char 
> *)g2h(tswapal(__mhdr->msg_control)))
>        > tswapal(__mhdr->msg_controllen))
>      /* No more entries.  */
>      return (struct target_cmsghdr *)0;

This definitely looks like a bug, but I don't think this is
a sufficient fix, because if DEBUG_REMAP is defined then the
locked-memory which the target_cmsghdr* is in is not a
simple g2h() away from the host pointer.

What you need to do is change target_to_host_cmsg and
host_to_target_cmsg so that when at the top of the function
we do:
    target_cmsg_addr = tswapal(target_msgh->msg_control);
    target_cmsg = lock_user(VERIFY_READ, target_cmsg_addr, msg_controllen, 1);

we save that target_cmsg into some variable (eg target_msg_control),
and pass it into the TARGET_CMSG_NXTHDR macro. That host pointer
is the one we need to use on the right side of the subtraction.

thanks
-- PMM

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH] linux-user: fix host_to_target_cmsg in case of multiple headers, Jonathan Neuschäfer, 2015/08/27
- Re: [Qemu-devel] [PATCH] linux-user: fix host_to_target_cmsg in case of multiple headers, Peter Maydell <=
  - Re: [Qemu-devel] [PATCH] linux-user: fix host_to_target_cmsg in case of multiple headers, Jonathan Neuschäfer, 2015/08/29
    - Re: [Qemu-devel] [PATCH] linux-user: fix host_to_target_cmsg in case of multiple headers, Peter Maydell, 2015/08/29
    - [Qemu-devel] [PATCH] linux-user: fix cmsg conversion in case of multiple headers, Jonathan Neuschäfer, 2015/08/31

Prev by Date: Re: [Qemu-devel] [PATCH v2 0/4] acpi: xsdt support
Next by Date: Re: [Qemu-devel] [PATCH] q35: Remove old machine versions
Previous by thread: [Qemu-devel] [PATCH] linux-user: fix host_to_target_cmsg in case of multiple headers
Next by thread: Re: [Qemu-devel] [PATCH] linux-user: fix host_to_target_cmsg in case of multiple headers
Index(es):
- Date
- Thread