qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v3 1/2] linux-user: Fix 'mq_timedsend()' and 'mq_timedreceive

From: Laurent Vivier
Subject: Re: [PATCH v3 1/2] linux-user: Fix 'mq_timedsend()' and 'mq_timedreceive()'
Date: Mon, 24 Aug 2020 22:59:02 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 
Le 24/08/2020 à 21:37, Filip Bozuta a écrit :
> Implementations of syscalls 'mq_timedsend()' and 'mq_timedreceive()'
> in 'syscall.c' use functions 'target_to_host_timespec()' and
> 'host_to_target_timespec()' to transfer the value of 'struct timespec'
> between target and host. However, the implementations don't check whether
> this conversion succeeds and thus can cause an unaproppriate error instead
> of the 'EFAULT (Bad address)' which is supposed to be set if the conversion
> from target to host fails. This was confirmed with the modified LTP
> test suite where test cases with a bad adress for 'timespec' were
> added. This modified test suite can be found at:
> https://github.com/bozutaf/ltp
> 
> Without the changes from this patch the bad adress testcase for 
> 'mq_timedsend()'
> succeds unexpectedly, while the test returns errno 'ETIMEOUT' for
> 'mq_timedreceive()':
> 
> mq_timedsend01.c:190: FAIL: mq_timedsend() returned 0, expected -1: SUCCESS 
> (0)
> mq_timedreceive01.c:178: FAIL: mq_timedreceive() failed unexpectedly,
> expected EFAULT: ETIMEDOUT (110)
> 
> After the changes from this patch, testcases for both syscalls fail with 
> EFAULT
> as expected, which is the same test result that is received with native 
> execution:
> 
> mq_timedsend01.c:187: PASS: mq_timedsend() failed expectedly: EFAULT (14)
> mq_timedreceive01.c:180: PASS: mq_timedreceive() failed expectedly: EFAULT 
> (14)
> 
> (Patch with this new test case will be sent to LTP mailing list soon)
> 
> Signed-off-by: Filip Bozuta <Filip.Bozuta@syrmia.com>
> ---
>  linux-user/syscall.c | 16 ++++++++++++----
>  1 file changed, 12 insertions(+), 4 deletions(-)
> 
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index 05f03919ff..4ee1de6e65 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -11817,9 +11817,13 @@ static abi_long do_syscall1(void *cpu_env, int num, 
> abi_long arg1,
>  
>              p = lock_user (VERIFY_READ, arg2, arg3, 1);
>              if (arg5 != 0) {
> -                target_to_host_timespec(&ts, arg5);
> +                if (target_to_host_timespec(&ts, arg5)) {
> +                    return -TARGET_EFAULT;
> +                }
>                  ret = get_errno(safe_mq_timedsend(arg1, p, arg3, arg4, &ts));
> -                host_to_target_timespec(arg5, &ts);
> +                if (!is_error(ret) && host_to_target_timespec(arg5, &ts)) {
> +                    return -TARGET_EFAULT;
> +                }
>              } else {
>                  ret = get_errno(safe_mq_timedsend(arg1, p, arg3, arg4, 
> NULL));
>              }
> @@ -11836,10 +11840,14 @@ static abi_long do_syscall1(void *cpu_env, int num, 
> abi_long arg1,
>  
>              p = lock_user (VERIFY_READ, arg2, arg3, 1);
>              if (arg5 != 0) {
> -                target_to_host_timespec(&ts, arg5);
> +                if (target_to_host_timespec(&ts, arg5)) {
> +                    return -TARGET_EFAULT;
> +                }
>                  ret = get_errno(safe_mq_timedreceive(arg1, p, arg3,
>                                                       &prio, &ts));
> -                host_to_target_timespec(arg5, &ts);
> +                if (!is_error(ret) && host_to_target_timespec(arg5, &ts)) {
> +                    return -TARGET_EFAULT;
> +                }
>              } else {
>                  ret = get_errno(safe_mq_timedreceive(arg1, p, arg3,
>                                                       &prio, NULL));
> 

Applied to my linux-user-for-5.2 branch.

Thanks,
Laurent
reply via email to
[Prev in Thread] Current Thread [Next in Thread]