From nobody Wed Nov 5 02:34:12 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1532958282456574.5435796284331; Mon, 30 Jul 2018 06:44:42 -0700 (PDT) Received: from localhost ([::1]:52714 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fk8TZ-0006up-FY for importer@patchew.org; Mon, 30 Jul 2018 09:44:41 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:49608) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fk8SN-0006KN-Jp for qemu-devel@nongnu.org; Mon, 30 Jul 2018 09:43:28 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fk8SL-0000yW-6I for qemu-devel@nongnu.org; Mon, 30 Jul 2018 09:43:27 -0400 Received: from mail-wr1-x441.google.com ([2a00:1450:4864:20::441]:40108) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fk8SK-0000y0-WD for qemu-devel@nongnu.org; Mon, 30 Jul 2018 09:43:25 -0400 Received: by mail-wr1-x441.google.com with SMTP id h15-v6so12938764wrs.7 for ; Mon, 30 Jul 2018 06:43:24 -0700 (PDT) Received: from zen.linaro.local ([81.128.185.34]) by smtp.gmail.com with ESMTPSA id i3-v6sm3407918wmi.35.2018.07.30.06.43.22 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 30 Jul 2018 06:43:22 -0700 (PDT) Received: from zen.linaroharston (localhost [127.0.0.1]) by zen.linaro.local (Postfix) with ESMTP id 035443E0633; Mon, 30 Jul 2018 14:43:22 +0100 (BST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=KmBsghCKr5X2jN/mrFwzD702jj7W+Fyscw2MOMpX3Ys=; b=L4QBY/S3t4rsEPGdGgEF5RayNFmQfROI4bryB9LB5jyyTLZJ47dVPLsw3+tlKANoV9 uYI2fru3p68uzTBonRzmWaTi9rA871NkB8Th2NBs1KnCUBQkCuJfIzuPJ6jbMlfvLQ13 GBkhg/EtBjD+bYJSYwz5C8lmxFvL/xGk+DBWY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=KmBsghCKr5X2jN/mrFwzD702jj7W+Fyscw2MOMpX3Ys=; b=WRfMlL3NBZUKiPq003ydvgWB09WQ8nQr5wivQV18oZ/u+kiNxa8HGDk+88tMgu1gGf UkeW+k2VF8P0JFeiX8jhUINY04WRTfP0Mj6rRMJcdtXkBAzxL0xra10IoJN1JZunGCF+ O1Gf6a2eIQnIUOskSlpYKNrzcmzD+2Xc/d9cobTWHAlI9NYNfhbe5SWnbYUAtI08VT97 HJjCIgkK/wBKA6Tr6wjaXyR/cGfX9NUBum+1zIRP5lTDLTAGKm5sn8lpdLUffRZ+v5XY TE2T2SRPkQX3oG1FVb7fKdJEUGDlRLxD82YVvRPH0ujDbcM62YbaBYe1YAXdpwBrHdcF iwmA== X-Gm-Message-State: AOUpUlEtq/3M/glUADMuYDu6oUiiwD3rj6/kvqZVxjL8izo+XTG9/iVx n2VTtS5x0TKHsbszKr2DggUBzA== X-Google-Smtp-Source: AAOMgpdCi61m4F21uz8R9rsiXgcZhlw9CKlrdGUWVMFryWWMZ3BKcMTUOnMe+QFF2UEwOO7zN1OoCw== X-Received: by 2002:adf:a49a:: with SMTP id g26-v6mr18123096wrb.91.1532958203897; Mon, 30 Jul 2018 06:43:23 -0700 (PDT) From: =?UTF-8?q?Alex=20Benn=C3=A9e?= To: qemu-devel@nongnu.org Date: Mon, 30 Jul 2018 14:43:20 +0100 Message-Id: <20180730134321.19898-2-alex.bennee@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180730134321.19898-1-alex.bennee@linaro.org> References: <20180730134321.19898-1-alex.bennee@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4864:20::441 Subject: [Qemu-devel] [PATCH v2 for 3.0 1/2] linux-user/mmap.c: handle invalid len maps correctly X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?UTF-8?q?Alex=20Benn=C3=A9e?= , Riku Voipio , 1783362@bugs.launchpad.net, Laurent Vivier Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 I've slightly re-organised the check to more closely match the sequence that the kernel uses in do_mmap(). We check for both the zero case (EINVAL) and the overflow length case (ENOMEM). Signed-off-by: Alex Benn=C3=A9e Cc: umarcor <1783362@bugs.launchpad.net> Reviewed-by: Laurent Vivier Reviewed-by: Richard Henderson --- v2 - add comment on overflow --- linux-user/mmap.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/linux-user/mmap.c b/linux-user/mmap.c index d0c50e4888..41e0983ce8 100644 --- a/linux-user/mmap.c +++ b/linux-user/mmap.c @@ -391,14 +391,23 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, = int prot, } #endif =20 - if (offset & ~TARGET_PAGE_MASK) { + if (!len) { errno =3D EINVAL; goto fail; } =20 + /* Also check for overflows... */ len =3D TARGET_PAGE_ALIGN(len); - if (len =3D=3D 0) - goto the_end; + if (!len) { + errno =3D ENOMEM; + goto fail; + } + + if (offset & ~TARGET_PAGE_MASK) { + errno =3D EINVAL; + goto fail; + } + real_start =3D start & qemu_host_page_mask; host_offset =3D offset & qemu_host_page_mask; =20 --=20 2.17.1 From nobody Wed Nov 5 02:34:12 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 153295838170550.13513772780118; Mon, 30 Jul 2018 06:46:21 -0700 (PDT) Received: from localhost ([::1]:52725 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fk8VA-000861-KY for importer@patchew.org; Mon, 30 Jul 2018 09:46:20 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:49609) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fk8SN-0006KO-K2 for qemu-devel@nongnu.org; Mon, 30 Jul 2018 09:43:28 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fk8SM-0000yx-Fp for qemu-devel@nongnu.org; Mon, 30 Jul 2018 09:43:27 -0400 Received: from mail-wr1-x42d.google.com ([2a00:1450:4864:20::42d]:32936) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fk8SM-0000ye-7s for qemu-devel@nongnu.org; Mon, 30 Jul 2018 09:43:26 -0400 Received: by mail-wr1-x42d.google.com with SMTP id g6-v6so12964578wrp.0 for ; Mon, 30 Jul 2018 06:43:26 -0700 (PDT) Received: from zen.linaro.local ([81.128.185.34]) by smtp.gmail.com with ESMTPSA id i1-v6sm14704425wrq.69.2018.07.30.06.43.22 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 30 Jul 2018 06:43:23 -0700 (PDT) Received: from zen.linaroharston (localhost [127.0.0.1]) by zen.linaro.local (Postfix) with ESMTP id 1693F3E063A; Mon, 30 Jul 2018 14:43:22 +0100 (BST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=59nLyPd3CzoisaAlF3cdVhDkR3UCyvG+9CHnnPl/Tso=; b=LKjz8BdTOevBbe8EzaEziu77MOLBGgav9Z97JR8qeYIJjmwEb9bObv1A2YiizuDMMa QJqVlHMzrKZFO9dEGD6+zwbJWFPfMO+CfE1x1h6gZCvyP9QxI1b2r9hMCnScjBUxNYO5 8ciE4GHxI4ExoGesznLAoj6UPDnP2SnpZk2LI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=59nLyPd3CzoisaAlF3cdVhDkR3UCyvG+9CHnnPl/Tso=; b=R/NRIpV32/TEAnPPMycCaKF4/0WafpQRIwCNKI4hgpTXncK0Y29k5D7OCZPo4dxgS9 YIlZ8mN+gotmHEs93qbiixWPsNOaSGt8ZgJ6SyBVJkGrFxxJZ7nnAORr8CacTWodhhJR h9L2W0jMpS2J5kyC/rFocYFyrHbfcuYhuMyddRA0k9Mv5+M5KfaZZJB++oeTyS2a4z0C RRT7qdYewL3fBGrsPCJGvSZgEISK8+FvQI71K2OWVyWHNuI6A1tQYmdUQFo2ya92Ra3J rT5NILOsW/Q13By1CIzJbLSFAAi+zM5y0IFkkDQ+zYOzZUM7odPrVVGJ1PtF5xv8s7we /z1A== X-Gm-Message-State: AOUpUlEyXxaHz1pHgrPZWCSBLBywGo5C99nll/HhlsCeolBAQoiDzIaG 9ZcRGjKlhgfEKZaSWUJyXAZPHtBp/o0= X-Google-Smtp-Source: AAOMgpcabosjy1+G99g/r8x/qv423KgsVITTLOx5arTCu9CUsAsY6Ve4kyYCKF4gqP3A6vbTNcEQzQ== X-Received: by 2002:adf:8919:: with SMTP id s25-v6mr18398527wrs.89.1532958205119; Mon, 30 Jul 2018 06:43:25 -0700 (PDT) From: =?UTF-8?q?Alex=20Benn=C3=A9e?= To: qemu-devel@nongnu.org Date: Mon, 30 Jul 2018 14:43:21 +0100 Message-Id: <20180730134321.19898-3-alex.bennee@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180730134321.19898-1-alex.bennee@linaro.org> References: <20180730134321.19898-1-alex.bennee@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4864:20::42d Subject: [Qemu-devel] [PATCH v2 for 3.0 2/2] tests: add check_invalid_maps to test-mmap X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?UTF-8?q?Alex=20Benn=C3=A9e?= , 1783362@bugs.launchpad.net Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 This adds a test to make sure we fail properly for a 0 length mmap. There are most likely other failure conditions we should also check. Signed-off-by: Alex Benn=C3=A9e Reviewed-by: Richard Henderson Cc: umarcor <1783362@bugs.launchpad.net> --- v2 - add test for overflow --- tests/tcg/multiarch/test-mmap.c | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/tests/tcg/multiarch/test-mmap.c b/tests/tcg/multiarch/test-mma= p.c index 5c0afe6e49..11d0e777b1 100644 --- a/tests/tcg/multiarch/test-mmap.c +++ b/tests/tcg/multiarch/test-mmap.c @@ -27,7 +27,7 @@ #include #include #include - +#include #include =20 #define D(x) @@ -435,6 +435,25 @@ void checked_write(int fd, const void *buf, size_t cou= nt) fail_unless(rc =3D=3D count); } =20 +void check_invalid_mmaps(void) +{ + unsigned char *addr; + + /* Attempt to map a zero length page. */ + addr =3D mmap(NULL, 0, PROT_READ, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); + fprintf(stdout, "%s addr=3D%p", __func__, (void *)addr); + fail_unless(addr =3D=3D MAP_FAILED); + fail_unless(errno =3D=3D EINVAL); + + /* Attempt to map a over length page. */ + addr =3D mmap(NULL, -4, PROT_READ, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); + fprintf(stdout, "%s addr=3D%p", __func__, (void *)addr); + fail_unless(addr =3D=3D MAP_FAILED); + fail_unless(errno =3D=3D ENOMEM); + + fprintf(stdout, " passed\n"); +} + int main(int argc, char **argv) { char tempname[] =3D "/tmp/.cmmapXXXXXX"; @@ -476,6 +495,7 @@ int main(int argc, char **argv) check_file_fixed_mmaps(); check_file_fixed_eof_mmaps(); check_file_unfixed_eof_mmaps(); + check_invalid_mmaps(); =20 /* Fails at the moment. */ /* check_aligned_anonymous_fixed_mmaps_collide_with_host(); */ --=20 2.17.1