[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 08/13] linux-user: fix cmsg conversion in case of mul
From: |
riku . voipio |
Subject: |
[Qemu-devel] [PULL 08/13] linux-user: fix cmsg conversion in case of multiple headers |
Date: |
Fri, 2 Oct 2015 16:01:00 +0300 |
From: Jonathan Neuschäfer <address@hidden>
Currently, __target_cmsg_nxthdr compares a pointer derived from
target_cmsg against the msg_control field of target_msgh (through
subtraction). This failed for me when emulating i386 code under x86_64,
because pointers in the host address space and pointers in the guest
address space were not the same. This patch passes the initial value of
target_cmsg into __target_cmsg_nxthdr.
I found and fixed two more related bugs:
- __target_cmsg_nxthdr now returns the new cmsg pointer instead of the
old one.
- tgt_space (in host_to_target_cmsg) doesn't count "sizeof (struct
target_cmsghdr)" twice anymore.
Reviewed-by: Peter Maydell <address@hidden>
Signed-off-by: Jonathan Neuschäfer <address@hidden>
Signed-off-by: Riku Voipio <address@hidden>
---
linux-user/syscall.c | 14 +++++++++-----
linux-user/syscall_defs.h | 14 +++++++++-----
2 files changed, 18 insertions(+), 10 deletions(-)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 7fbaa8b..75ac32c 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -1181,7 +1181,7 @@ static inline abi_long target_to_host_cmsg(struct msghdr
*msgh,
struct cmsghdr *cmsg = CMSG_FIRSTHDR(msgh);
abi_long msg_controllen;
abi_ulong target_cmsg_addr;
- struct target_cmsghdr *target_cmsg;
+ struct target_cmsghdr *target_cmsg, *target_cmsg_start;
socklen_t space = 0;
msg_controllen = tswapal(target_msgh->msg_controllen);
@@ -1189,6 +1189,7 @@ static inline abi_long target_to_host_cmsg(struct msghdr
*msgh,
goto the_end;
target_cmsg_addr = tswapal(target_msgh->msg_control);
target_cmsg = lock_user(VERIFY_READ, target_cmsg_addr, msg_controllen, 1);
+ target_cmsg_start = target_cmsg;
if (!target_cmsg)
return -TARGET_EFAULT;
@@ -1247,7 +1248,8 @@ static inline abi_long target_to_host_cmsg(struct msghdr
*msgh,
}
cmsg = CMSG_NXTHDR(msgh, cmsg);
- target_cmsg = TARGET_CMSG_NXTHDR(target_msgh, target_cmsg);
+ target_cmsg = TARGET_CMSG_NXTHDR(target_msgh, target_cmsg,
+ target_cmsg_start);
}
unlock_user(target_cmsg, target_cmsg_addr, 0);
the_end:
@@ -1261,7 +1263,7 @@ static inline abi_long host_to_target_cmsg(struct
target_msghdr *target_msgh,
struct cmsghdr *cmsg = CMSG_FIRSTHDR(msgh);
abi_long msg_controllen;
abi_ulong target_cmsg_addr;
- struct target_cmsghdr *target_cmsg;
+ struct target_cmsghdr *target_cmsg, *target_cmsg_start;
socklen_t space = 0;
msg_controllen = tswapal(target_msgh->msg_controllen);
@@ -1269,6 +1271,7 @@ static inline abi_long host_to_target_cmsg(struct
target_msghdr *target_msgh,
goto the_end;
target_cmsg_addr = tswapal(target_msgh->msg_control);
target_cmsg = lock_user(VERIFY_WRITE, target_cmsg_addr, msg_controllen, 0);
+ target_cmsg_start = target_cmsg;
if (!target_cmsg)
return -TARGET_EFAULT;
@@ -1382,14 +1385,15 @@ static inline abi_long host_to_target_cmsg(struct
target_msghdr *target_msgh,
}
target_cmsg->cmsg_len = tswapal(tgt_len);
- tgt_space = TARGET_CMSG_SPACE(tgt_len);
+ tgt_space = TARGET_CMSG_SPACE(len);
if (msg_controllen < tgt_space) {
tgt_space = msg_controllen;
}
msg_controllen -= tgt_space;
space += tgt_space;
cmsg = CMSG_NXTHDR(msgh, cmsg);
- target_cmsg = TARGET_CMSG_NXTHDR(target_msgh, target_cmsg);
+ target_cmsg = TARGET_CMSG_NXTHDR(target_msgh, target_cmsg,
+ target_cmsg_start);
}
unlock_user(target_cmsg, target_cmsg_addr, space);
the_end:
diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h
index cdc8db4..7ca33a6 100644
--- a/linux-user/syscall_defs.h
+++ b/linux-user/syscall_defs.h
@@ -235,7 +235,8 @@ struct target_cmsghdr {
};
#define TARGET_CMSG_DATA(cmsg) ((unsigned char *) ((struct target_cmsghdr *)
(cmsg) + 1))
-#define TARGET_CMSG_NXTHDR(mhdr, cmsg) __target_cmsg_nxthdr (mhdr, cmsg)
+#define TARGET_CMSG_NXTHDR(mhdr, cmsg, cmsg_start) \
+ __target_cmsg_nxthdr(mhdr, cmsg, cmsg_start)
#define TARGET_CMSG_ALIGN(len) (((len) + sizeof (abi_long) - 1) \
& (size_t) ~(sizeof (abi_long) - 1))
#define TARGET_CMSG_SPACE(len) (TARGET_CMSG_ALIGN (len) \
@@ -243,17 +244,20 @@ struct target_cmsghdr {
#define TARGET_CMSG_LEN(len) (TARGET_CMSG_ALIGN (sizeof (struct
target_cmsghdr)) + (len))
static __inline__ struct target_cmsghdr *
-__target_cmsg_nxthdr (struct target_msghdr *__mhdr, struct target_cmsghdr
*__cmsg)
+__target_cmsg_nxthdr(struct target_msghdr *__mhdr,
+ struct target_cmsghdr *__cmsg,
+ struct target_cmsghdr *__cmsg_start)
{
struct target_cmsghdr *__ptr;
__ptr = (struct target_cmsghdr *)((unsigned char *) __cmsg
+ TARGET_CMSG_ALIGN
(tswapal(__cmsg->cmsg_len)));
- if ((unsigned long)((char *)(__ptr+1) - (char
*)(size_t)tswapal(__mhdr->msg_control))
- > tswapal(__mhdr->msg_controllen))
+ if ((unsigned long)((char *)(__ptr+1) - (char *)__cmsg_start)
+ > tswapal(__mhdr->msg_controllen)) {
/* No more entries. */
return (struct target_cmsghdr *)0;
- return __cmsg;
+ }
+ return __ptr;
}
struct target_mmsghdr {
--
2.5.3
- [Qemu-devel] [PULL 09/13] linux-user: Return target error number in do_fork(), (continued)
- [Qemu-devel] [PULL 09/13] linux-user: Return target error number in do_fork(), riku . voipio, 2015/10/08
- [Qemu-devel] [PULL 11/13] linux-user/syscall.c: Add EAGAIN to host_to_target_errno_table for, riku . voipio, 2015/10/08
- [Qemu-devel] [PULL 12/13] linux-user/signal.c: Use setup_rt_frame() instead of setup_frame() for target openrisc, riku . voipio, 2015/10/08
- [Qemu-devel] [PULL 05/13] linux-user: Treat --foo options the same as -foo, riku . voipio, 2015/10/08
- [Qemu-devel] [PULL 13/13] linux-user: assert that target_mprotect cannot fail, riku . voipio, 2015/10/08
- [Qemu-devel] [PULL 01/13] linux-user: Exit 0 when -h is used, riku . voipio, 2015/10/08
- Re: [Qemu-devel] [PULL 00/13] linux-user queque, Peter Maydell, 2015/10/08
- [Qemu-devel] [PULL 02/13] linux-user: Add -help, riku . voipio, 2015/10/08
- [Qemu-devel] [PULL 03/13] linux-user: Add proper error messages for bad options, riku . voipio, 2015/10/08
- [Qemu-devel] [PULL 07/13] linux-user: remove MAX_ARG_PAGES limit, riku . voipio, 2015/10/08
- [Qemu-devel] [PULL 08/13] linux-user: fix cmsg conversion in case of multiple headers,
riku . voipio <=
- [Qemu-devel] [PULL 06/13] linux-user: remove unused image_info members, riku . voipio, 2015/10/08
- [Qemu-devel] [PULL 04/13] linux-user: use EXIT_SUCCESS and EXIT_FAILURE, riku . voipio, 2015/10/08