From nobody Sat May 11 12:15:55 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as
 permitted sender) client-ip=208.118.235.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted
 sender)  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by
 mx.zohomail.com
	with SMTPS id 1524608544660874.3217823774994;
 Tue, 24 Apr 2018 15:22:24 -0700 (PDT)
Received: from localhost ([::1]:32855 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <qemu-devel-bounces+importer=patchew.org@nongnu.org>)
	id 1fB6KN-0002Oz-PC
	for importer@patchew.org; Tue, 24 Apr 2018 18:22:23 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:41242)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <philippe.mathieu.daude@gmail.com>)
	id 1fB6JP-00022E-ID
	for qemu-devel@nongnu.org; Tue, 24 Apr 2018 18:21:25 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <philippe.mathieu.daude@gmail.com>)
	id 1fB6JM-0001je-DY
	for qemu-devel@nongnu.org; Tue, 24 Apr 2018 18:21:23 -0400
Received: from mail-qt0-x242.google.com ([2607:f8b0:400d:c0d::242]:36306)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <philippe.mathieu.daude@gmail.com>)
	id 1fB6JM-0001jH-9S
	for qemu-devel@nongnu.org; Tue, 24 Apr 2018 18:21:20 -0400
Received: by mail-qt0-x242.google.com with SMTP id q13-v6so24350056qtl.3
	for <qemu-devel@nongnu.org>; Tue, 24 Apr 2018 15:21:20 -0700 (PDT)
Received: from x1.lan ([138.117.48.222]) by smtp.gmail.com with ESMTPSA id
	n89sm2031524qkl.34.2018.04.24.15.21.15
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Tue, 24 Apr 2018 15:21:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=sender:from:to:cc:subject:date:message-id:mime-version
	:content-transfer-encoding;
	bh=bHj5Q6rK5+YOTRdOO9+KzmINfonvcImbIVZNKDF6uWY=;
	b=Fe2huvLP57O7+ulnaYNfSH+C4nKDbHk0XjTeoQcRNmAdot6AXR6pF8N/RzipCKnCLC
	KjFdiZcEGEVu/3K492wVglirpSJAWGtaMbSgMVowENGleMKmJxIcgJUwYuVNTmWkHuY/
	dM3OUgQe3MAs3CKMglrusGFSPoMsi+57etKMSczh4llDRdhlVfaqFx710PEeoB1zAfXr
	ff0nZAXNZKS2pyH7zqR4HFbDT2rRXLuI7jbnk+9XKnp5VqhpeiQL40qr+ZCoiSYEgXAD
	oOJuzo15QtG8+I52zTikzPCK/MJ0Km4czUVcRzgzFR2q5M3ZCbhcgOnZaEUwfz6ij2sh
	1hLg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:sender:from:to:cc:subject:date:message-id
	:mime-version:content-transfer-encoding;
	bh=bHj5Q6rK5+YOTRdOO9+KzmINfonvcImbIVZNKDF6uWY=;
	b=D8HHqxSlninoIq2JtrlceMZKd/lG530+emy6DMVGu//Muu7Z32cziW0iXreqbTBJsm
	0TlytRPbwaMT0K0E8J5K71esIoSXDI/FAHYzO/f1ssOHzRx9L7LQ6wpMLFHubO5KdzH7
	Glne3qS3CRakah+xX3spzhdHATXa2WExnrTmVdQIKOKmWnTtLY+0uwbM0V3jZsZDhIp4
	uvkrqp37FizFuQrqdb8Vbt+gIKtJZZJ0XXfHdE2P+a0BFhNRB8HAPBucVmxCD79C5/Jc
	heKJdbPIbNvTt/i6C9ATtXP0SYQpNqLHb/91LyXF57uocrew4i3kH6md28WMAJfk03mS
	Fx/g==
X-Gm-Message-State: ALQs6tATQcH1AewuHhkD4az7RTQGKtm3WtCscweRPXnqrR0EjiZUAMQk
	Z3f+lUOUcCawHLfH3YuAMO0=
X-Google-Smtp-Source: 
 AB8JxZqYlb++vNaPtiIOGP9Z0fZ7X2tdT2NMdZ3Bau0yksub1SjNpsBZDbue6ldEcFeOccNO5G1v6w==
X-Received: by 2002:ac8:6753:: with SMTP id
	n19-v6mr25162894qtp.68.1524608479759;
	Tue, 24 Apr 2018 15:21:19 -0700 (PDT)
From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <f4bug@amsat.org>
To: David Gibson <david@gibson.dropbear.id.au>,
	Peter Maydell <peter.maydell@linaro.org>,
	Richard Henderson <richard.henderson@linaro.org>
Date: Tue, 24 Apr 2018 19:21:03 -0300
Message-Id: <20180424222103.19946-1-f4bug@amsat.org>
X-Mailer: git-send-email 2.17.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
	recognized.
X-Received-From: 2607:f8b0:400d:c0d::242
Subject: [Qemu-devel] [PATCH v4] loader: Fix misaligned member access
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>,
	Paul Burton <paul.burton@mips.com>,
	=?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <f4bug@amsat.org>,
	qemu-devel@nongnu.org
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+importer=patchew.org@nongnu.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZohoMail: RDKM_2  RSF_0  Z_629925259 SPT_0

The libfdt does not guarantee than fdt_getprop() returns a pointer
aligned to the property size.

Assuming the base of the fdt is aligned, a 32-bit property returns
a 32-bit aligned pointer. This is however not guaranteed for 64-bit
properties, where 64-bit loads might trigger unaligned access.

Fix the 64-bit access using the ldst (host) API, which uses a local
copy on the stack, thus guaranteeing a safe aligned access.

This fixes the following ASan warning:

  $ qemu-system-mips64el -M boston -kernel vmlinux.gz.itb -nographic
  hw/core/loader-fit.c:108:17: runtime error: load of misaligned address 0x=
7f95cd7e4264 for type 'fdt64_t', which requires 8 byte alignment
  0x7f95cd7e4264: note: pointer points here
    00 00 00 3e ff ff ff ff  80 7d 2a c0 00 00 00 01  68 61 73 68 40 30 00 =
00  00 00 00 03 00 00 00 14
                ^

Reported-by: AddressSanitizer
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daud=C3=A9 <f4bug@amsat.org>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
---
v4: do not change the 32-bit access, use ldq_he_p() for the 64-bit access
v3: do not use memcpy(), incorrectly change ldl_he_p()
v2: do not change the 32-bit access, use memcpy(), add comments (David Gibs=
on)
v1: use memcpy()

 hw/core/loader-fit.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/hw/core/loader-fit.c b/hw/core/loader-fit.c
index 0c4a7207f4..ed4140061b 100644
--- a/hw/core/loader-fit.c
+++ b/hw/core/loader-fit.c
@@ -102,10 +102,17 @@ static int fit_image_addr(const void *itb, int img, c=
onst char *name,
=20
     switch (len) {
     case 4:
+        /* Assuming the base of the fdt is aligned, then fdt_getprop()
+         * returns 32-bit aligned properties, so this load is guaranteed
+         * to be 32-bit aligned.
+         */
         *addr =3D fdt32_to_cpu(*(fdt32_t *)prop);
         return 0;
     case 8:
-        *addr =3D fdt64_to_cpu(*(fdt64_t *)prop);
+        /* Since the property is not guaranteed to be 64-bit aligned,
+         * use ldq_he_p()'s stack to avoid an unaligned load.
+         */
+        *addr =3D fdt64_to_cpu(ldq_he_p(prop));
         return 0;
     default:
         error_printf("invalid %s address length %d\n", name, len);
--=20
2.17.0