[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v4 31/53] semihosting: Bound length for semihost_sys_{read, w
|
From: |
Luc Michel |
|
Subject: |
Re: [PATCH v4 31/53] semihosting: Bound length for semihost_sys_{read, write} |
|
Date: |
Wed, 22 Jun 2022 21:30:14 +0200 |
|
User-agent: |
Mutt/1.9.4 (2018-02-28) |
On 13:45 Tue 07 Jun , Richard Henderson wrote:
> Fixes a minor bug in which a 64-bit guest on a 32-bit host could
> truncate the length. This would only ever cause a problem if
> there were no bits set in the low 32, so that it truncates to 0.
>
> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Luc Michel <lmichel@kalray.eu>
> ---
> semihosting/syscalls.c | 16 ++++++++++++++++
> 1 file changed, 16 insertions(+)
>
> diff --git a/semihosting/syscalls.c b/semihosting/syscalls.c
> index 5cb12d6adc..eefbae74f1 100644
> --- a/semihosting/syscalls.c
> +++ b/semihosting/syscalls.c
> @@ -283,6 +283,14 @@ void semihost_sys_close(CPUState *cs,
> gdb_syscall_complete_cb complete, int fd)
> void semihost_sys_read_gf(CPUState *cs, gdb_syscall_complete_cb complete,
> GuestFD *gf, target_ulong buf, target_ulong len)
> {
> + /*
> + * Bound length for 64-bit guests on 32-bit hosts, not overlowing
> ssize_t.
> + * Note the Linux kernel does this with MAX_RW_COUNT, so it's not a bad
> + * idea to do this unconditionally.
> + */
> + if (len > INT32_MAX) {
> + len = INT32_MAX;
> + }
> switch (gf->type) {
> case GuestFDGDB:
> gdb_read(cs, complete, gf, buf, len);
> @@ -313,6 +321,14 @@ void semihost_sys_read(CPUState *cs,
> gdb_syscall_complete_cb complete,
> void semihost_sys_write_gf(CPUState *cs, gdb_syscall_complete_cb complete,
> GuestFD *gf, target_ulong buf, target_ulong len)
> {
> + /*
> + * Bound length for 64-bit guests on 32-bit hosts, not overlowing
> ssize_t.
> + * Note the Linux kernel does this with MAX_RW_COUNT, so it's not a bad
> + * idea to do this unconditionally.
> + */
> + if (len > INT32_MAX) {
> + len = INT32_MAX;
> + }
> switch (gf->type) {
> case GuestFDGDB:
> gdb_write(cs, complete, gf, buf, len);
> --
> 2.34.1
>
>
>
>
> To declare a filtering error, please use the following link :
> https://www.security-mail.net/reporter.php?mid=17321.629fcd3b.c73a0.0&r=lmichel%40kalrayinc.com&s=qemu-devel-bounces%2Blmichel%3Dkalrayinc.com%40nongnu.org&o=%5BPATCH+v4+31%2F53%5D+semihosting%3A+Bound+length+for+semihost_sys_%7Bread%2C+write%7D&verdict=C&c=7f9ee3dfa94cc38c566bd57258d2a28de21afd3e
>
--
- [PATCH v4 14/53] semihosting: Move common-semi.h to include/semihosting/, (continued)
- [PATCH v4 14/53] semihosting: Move common-semi.h to include/semihosting/, Richard Henderson, 2022/06/07
- [PATCH v4 16/53] include/exec: Move gdb open flags to gdbstub.h, Richard Henderson, 2022/06/07
- [PATCH v4 23/53] semihosting: Split out common_semi_has_synccache, Richard Henderson, 2022/06/07
- [PATCH v4 25/53] semihosting: Use env more often in do_common_semihosting, Richard Henderson, 2022/06/07
- [PATCH v4 27/53] semihosting: Split out semihost_sys_open, Richard Henderson, 2022/06/07
- [PATCH v4 31/53] semihosting: Bound length for semihost_sys_{read, write}, Richard Henderson, 2022/06/07
- Re: [PATCH v4 31/53] semihosting: Bound length for semihost_sys_{read, write},
Luc Michel <=
- [PATCH v4 35/53] semihosting: Split out semihost_sys_remove, Richard Henderson, 2022/06/07
- [PATCH v4 37/53] semihosting: Split out semihost_sys_system, Richard Henderson, 2022/06/07
- [PATCH v4 38/53] semihosting: Create semihost_sys_{stat,fstat}, Richard Henderson, 2022/06/07
- [PATCH v4 19/53] gdbstub: Convert GDB error numbers to host error numbers, Richard Henderson, 2022/06/07
- [PATCH v4 20/53] semihosting: Use struct gdb_stat in common_semi_flen_cb, Richard Henderson, 2022/06/07