From nobody Wed Nov 5 04:32:15 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1533026702402129.85458309404237; Tue, 31 Jul 2018 01:45:02 -0700 (PDT) Received: from localhost ([::1]:57629 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fkQH7-0004ab-7u for importer@patchew.org; Tue, 31 Jul 2018 04:45:01 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:37609) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fkQFD-0003QX-Ej for qemu-devel@nongnu.org; Tue, 31 Jul 2018 04:43:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fkQFA-0006et-0L for qemu-devel@nongnu.org; Tue, 31 Jul 2018 04:43:03 -0400 Received: from mout.kundenserver.de ([212.227.126.187]:38217) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fkQF9-0006di-NN for qemu-devel@nongnu.org; Tue, 31 Jul 2018 04:42:59 -0400 Received: from localhost.localdomain ([78.238.229.36]) by mrelayeu.kundenserver.de (mreue007 [212.227.15.167]) with ESMTPSA (Nemesis) id 0Ln0mX-1gRlKw2hnZ-00hJRF; Tue, 31 Jul 2018 10:42:19 +0200 From: Laurent Vivier To: qemu-devel@nongnu.org Date: Tue, 31 Jul 2018 10:42:01 +0200 Message-Id: <20180731084203.29959-2-laurent@vivier.eu> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180731084203.29959-1-laurent@vivier.eu> References: <20180731084203.29959-1-laurent@vivier.eu> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Provags-ID: V03:K1:AYph8q12/f2lP2Jnrh1mxlkrPuDAetQ+FXH/BGYWE/xZTHZ5OWN t70Ily+YohzXNa+V3nAmmww8GpNgIieYT4pboA5r5rX42gfNPz89cwVP/QRCIFJyqkOzwjl ItXbzqjNo19wjmeRp0uzigF4mkzYDYkj3r0ohJADWw4OWq1ECAbROvKiSf5fTXXen59hOHs YLqEZjwhb3lqHpAXvT+6Q== X-UI-Out-Filterresults: notjunk:1;V01:K0:CNmPF70UGZg=:xf5bIuZzSW8OetEABtl4Ql z//MX9G1JUESOuL3YlYrf1oZMIbHmm8K6dd8/+MypyPrwsiOrKvQXnmlGZDXfhoriefbysgEs 6XcPCOWkTPtCDuYe4fwbG+t14mDgzAQTwu/rrSLP/1CvVFmyd0vrvqy8PZZUHfuCX5pQkYn3W I5AfyveIYc9uStocMiiFCEiBWJ4oLfJ5qbf+j0Ds0y8xfPdi2v03it9pP7OmoV2t3rpPr1CXs KejpHofQPPuzwjGHCRfOmkVcBC5hGiiyXvRO43UdvyZ8EO7Q2JOPBwbGuoOe5/qbWSOPve5Fk DaPvdurTh9IDUHn/sKKP3DsfBsH9z7xX+Gou7NSWOhhH3sCK887GUQvbtQcGX7mYDftWSdDwY SozxMRTOe8CzPERgR2fa/HvJrkls5qIQ++fAkDcQaFqql+NF7cFpVfGt1rb3gPBcjhbeZV72D iEGiU/vGojZPyYLB/zrtoqeLYDBWgUkPO8gnsrjuouytNSNSzRKtg0mfwSvMpDjMeQ/MhHAEY J/KG+PIWy0CR6Ei8Sw9x54U2OcsYDrsW+XcQDFTDuENTqPNtEdmdGc62GTQ/OkaJ5S+tNyYME mHz/Dhy0YOkOFI/42NHNPvepwoZ/wyUvi+m3cVkOMMXWPn9eVRFW6Q0MQqvysqWHppgPpmg5E rUvv5sNdkv/R944xzT0Q07e6qpv+80IiD/620ufDgI+6b41+EeubaBv7p1DF26IhWiCYmAlIA ZSCmdBnBcNM91JsG X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 212.227.126.187 Subject: [Qemu-devel] [PULL 1/3] linux-user/mmap.c: handle invalid len maps correctly X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: umarcor <1783362@bugs.launchpad.net>, Riku Voipio , =?UTF-8?q?Alex=20Benn=C3=A9e?= , Laurent Vivier Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 From: Alex Benn=C3=A9e I've slightly re-organised the check to more closely match the sequence that the kernel uses in do_mmap(). We check for both the zero case (EINVAL) and the overflow length case (ENOMEM). Signed-off-by: Alex Benn=C3=A9e Cc: umarcor <1783362@bugs.launchpad.net> Reviewed-by: Laurent Vivier Message-Id: <20180730134321.19898-2-alex.bennee@linaro.org> Signed-off-by: Laurent Vivier --- linux-user/mmap.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/linux-user/mmap.c b/linux-user/mmap.c index d0c50e4888..41e0983ce8 100644 --- a/linux-user/mmap.c +++ b/linux-user/mmap.c @@ -391,14 +391,23 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, = int prot, } #endif =20 - if (offset & ~TARGET_PAGE_MASK) { + if (!len) { errno =3D EINVAL; goto fail; } =20 + /* Also check for overflows... */ len =3D TARGET_PAGE_ALIGN(len); - if (len =3D=3D 0) - goto the_end; + if (!len) { + errno =3D ENOMEM; + goto fail; + } + + if (offset & ~TARGET_PAGE_MASK) { + errno =3D EINVAL; + goto fail; + } + real_start =3D start & qemu_host_page_mask; host_offset =3D offset & qemu_host_page_mask; =20 --=20 2.17.1 From nobody Wed Nov 5 04:32:15 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1533026643189744.7722813962043; Tue, 31 Jul 2018 01:44:03 -0700 (PDT) Received: from localhost ([::1]:57626 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fkQG0-0003dI-OO for importer@patchew.org; Tue, 31 Jul 2018 04:43:52 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:37498) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fkQEj-0003B9-3c for qemu-devel@nongnu.org; Tue, 31 Jul 2018 04:42:34 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fkQEg-0005pm-12 for qemu-devel@nongnu.org; Tue, 31 Jul 2018 04:42:33 -0400 Received: from mout.kundenserver.de ([212.227.126.187]:59171) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fkQEf-0005ns-Ix for qemu-devel@nongnu.org; Tue, 31 Jul 2018 04:42:29 -0400 Received: from localhost.localdomain ([78.238.229.36]) by mrelayeu.kundenserver.de (mreue007 [212.227.15.167]) with ESMTPSA (Nemesis) id 0LmRkt-1gKaKd0xVL-00aBtr; Tue, 31 Jul 2018 10:42:20 +0200 From: Laurent Vivier To: qemu-devel@nongnu.org Date: Tue, 31 Jul 2018 10:42:02 +0200 Message-Id: <20180731084203.29959-3-laurent@vivier.eu> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180731084203.29959-1-laurent@vivier.eu> References: <20180731084203.29959-1-laurent@vivier.eu> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Provags-ID: V03:K1:l52YK29W4RcdRtgSZYR/3yl72ugWcqgsGCQT1WYtd8JtO+gcOSB dEzSIluOvcRIIMyGKhS5qaIchqjOubU3ukFEoLBbrl1jJk4/icvlG01LS0xzgGHL4+2TpbP NYpY1uYdvuP84kUulPyAUUYsn8yKTOOPgsAgFp9TJM3JA/+4SeJEu4qi+wC0QIitduFnCUg u32j4ihZI6/tH1Eh3KjiQ== X-UI-Out-Filterresults: notjunk:1;V01:K0:MLtbDN/5A/I=:E29OnVJkI7z2eMzCrV375E i+StIgnvDPk0ihLBBVAJBI06SSJk7llvvkyA318XUwmcg6b5x40OD/akw/SfM8mad0edNxk9n sWWKKW2iElhMSu1krg9e2gSvbziVK8yf++vnpqHQliKP/Bp9XOB4N5mpkh1Jcl3eWWBj9W7Ko bFXxZkTXspjcCj80uw304Z1RuYhHxJRpoJAsIMOTUkiGbI5KiqnuOZEMKucW2SgQZL9i4kA1p aDV0gNVoaFcxwX/icevJGkzPQ0vLtuwp809JFcYvdR1D5PqFG/3/74dIAOkwu4FxTrljdZ5s3 Yn9YVSgaoa29bp4LmDpOHOELe3Joi0m5yHnhfCtw17Rrzx91+L4M4UwgYwuAYssPpYGop9s44 gdtp+KnkDurIDgrJe7QZ0cW1PaynJiK+Z0zszUG6mKx8j7S/XrddWObUnolZv8LzK+KkKTlJ/ uHPNHi6pPoBXE3y95ZEMITptriIONJi+9g80eUWUvZT8oWMfZn3slqxtWwCdub8B6ywah4VpO H//AYKEcm51dQFedDkR5G6AIAeIA5rxwpIqCtmaudOam8CkT1zBOxxauDuVRJacYRZen0LgcL Wquv9JivckMY2BqKk/ixzkjpI56dEg4Gm/z4qM+/eMd2MrFkBU8SNwOTUEwvPfXa3kduLyRkS b3yfgMYXP4SyJntWf8MdlIqMGpDTmJIZq81ozyN2E97DStcA5Gg3s7Wv/Pf1z50w8DUQbmheK uYQ+Ti407l+O1VK8 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 212.227.126.187 Subject: [Qemu-devel] [PULL 2/3] tests: add check_invalid_maps to test-mmap X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: umarcor <1783362@bugs.launchpad.net>, Riku Voipio , =?UTF-8?q?Alex=20Benn=C3=A9e?= , Laurent Vivier Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 From: Alex Benn=C3=A9e This adds a test to make sure we fail properly for a 0 length mmap. There are most likely other failure conditions we should also check. Signed-off-by: Alex Benn=C3=A9e Reviewed-by: Richard Henderson Cc: umarcor <1783362@bugs.launchpad.net> Message-Id: <20180730134321.19898-3-alex.bennee@linaro.org> Signed-off-by: Laurent Vivier --- tests/tcg/multiarch/test-mmap.c | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/tests/tcg/multiarch/test-mmap.c b/tests/tcg/multiarch/test-mma= p.c index 5c0afe6e49..11d0e777b1 100644 --- a/tests/tcg/multiarch/test-mmap.c +++ b/tests/tcg/multiarch/test-mmap.c @@ -27,7 +27,7 @@ #include #include #include - +#include #include =20 #define D(x) @@ -435,6 +435,25 @@ void checked_write(int fd, const void *buf, size_t cou= nt) fail_unless(rc =3D=3D count); } =20 +void check_invalid_mmaps(void) +{ + unsigned char *addr; + + /* Attempt to map a zero length page. */ + addr =3D mmap(NULL, 0, PROT_READ, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); + fprintf(stdout, "%s addr=3D%p", __func__, (void *)addr); + fail_unless(addr =3D=3D MAP_FAILED); + fail_unless(errno =3D=3D EINVAL); + + /* Attempt to map a over length page. */ + addr =3D mmap(NULL, -4, PROT_READ, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); + fprintf(stdout, "%s addr=3D%p", __func__, (void *)addr); + fail_unless(addr =3D=3D MAP_FAILED); + fail_unless(errno =3D=3D ENOMEM); + + fprintf(stdout, " passed\n"); +} + int main(int argc, char **argv) { char tempname[] =3D "/tmp/.cmmapXXXXXX"; @@ -476,6 +495,7 @@ int main(int argc, char **argv) check_file_fixed_mmaps(); check_file_fixed_eof_mmaps(); check_file_unfixed_eof_mmaps(); + check_invalid_mmaps(); =20 /* Fails at the moment. */ /* check_aligned_anonymous_fixed_mmaps_collide_with_host(); */ --=20 2.17.1 From nobody Wed Nov 5 04:32:15 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1533026786703664.2094021181078; Tue, 31 Jul 2018 01:46:26 -0700 (PDT) Received: from localhost ([::1]:57643 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fkQIT-0006Lp-No for importer@patchew.org; Tue, 31 Jul 2018 04:46:25 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:37610) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fkQFD-0003QY-Ev for qemu-devel@nongnu.org; Tue, 31 Jul 2018 04:43:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fkQFA-0006fS-KM for qemu-devel@nongnu.org; Tue, 31 Jul 2018 04:43:03 -0400 Received: from mout.kundenserver.de ([212.227.126.187]:50368) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fkQFA-0006eC-7Z for qemu-devel@nongnu.org; Tue, 31 Jul 2018 04:43:00 -0400 Received: from localhost.localdomain ([78.238.229.36]) by mrelayeu.kundenserver.de (mreue007 [212.227.15.167]) with ESMTPSA (Nemesis) id 0MZ6Kl-1fPIqN3Z47-00VjuN; Tue, 31 Jul 2018 10:42:21 +0200 From: Laurent Vivier To: qemu-devel@nongnu.org Date: Tue, 31 Jul 2018 10:42:03 +0200 Message-Id: <20180731084203.29959-4-laurent@vivier.eu> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180731084203.29959-1-laurent@vivier.eu> References: <20180731084203.29959-1-laurent@vivier.eu> X-Provags-ID: V03:K1:SXeW0ln5CqWhvWDC6pq6qKBzrbATvlJ94XxR+30m3BhO9IF1/ZY ew4F0K/I0pflaff6bQW587GCD7w7W8HKpOEdPAPiqYdwK3QDtRdbfhvL+1VlyJhn9Um+jSi WGvqrpplvnsgWIIvGzKwJWVBuYt3s+aQKPLFzHSE+kgriR5urPxHzOybqLH8lTK+oqcfqE6 WWRsWHcnOB88m5V5EWEeg== X-UI-Out-Filterresults: notjunk:1;V01:K0:hyVXeOejetE=:kqOBbFdt4o2qBpXuwi+J7p PW8PMdhVAqr61B8vkQtB2Nl3EiYX3orKY6LKtildBzcN4HowTYBy3UJYb+QxoFd3I2cBK7yGg IKWHrvUM96G42y+uFgYBkzvVrNe4Ldk5/mfNCYD3mmYFA9z0zftyaXlmRNpxdX69WwwncMf/Q r1aj2uqAxVCDOLoO5NgMIa0388+tWidygu5fs83SV4OL3QbM3+QoN0U1XmNkoe6+lxPpdINR9 4Iqr7DSc6TNMKNYsB8gSw/JLmubdGbkIaKombOfJY2O+3kYyT+aeD7lxyY0d5Qj9C3Ask4n8a DqezAgX/jPeyA0VwVZ3Pt3ep7rP3f7HCXIy8VG6DDW6mk7+x8UAUxzJy6t/zhlErZx6NSDA8B LrAPi+AOupbTQZpclJADSUWkGqw9Yf9PrJKJUlW2hDrf+FTmRliVehRYwlsnBhlu3m3QmNLRi QlgyRLSJRI7QdOxcm6vcqiYA8q4/U0xGpldH7t7MfcR319cNlNONzUkN8qH5yHvSpC2lGgXDm r08mb0v1fykMJ5NAX4JgBJCgvGsOie4jI0X2cS3kHxvD/CnAX4Cyh0+EInGD6fueBJoc0IXuQ K7/Er1z2I11temv7oHtrduPe1EFn8V/+1+UhsjVzydhdvm/s8vTGB8ofr4VWI6vOkcs0AQ7ha VqpZJYb3FV1Bh9jvl91G70A/6H25TOaLGJS8VVyfLmdXY5IykmYe1RdFZW1JdNKQ64pc= X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 212.227.126.187 Subject: [Qemu-devel] [PULL 3/3] linux-user: ppc64: don't use volatile register during safe_syscall X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Shivaprasad G Bhat , Riku Voipio , =?UTF-8?q?Alex=20Benn=C3=A9e?= , Laurent Vivier Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Shivaprasad G Bhat r11 is a volatile register on PPC as per calling conventions. The safe_syscall code uses it to check if the signal_pending is set during the safe_syscall. When a syscall is interrupted on return from signal handling, the r11 might be corrupted before we retry the syscall leading to a crash. The registers r0-r13 are not to be used here as they have volatile/designated/reserved usages. Change the code to use r14 which is non-volatile. Use SP+16 which is a slot for LR, for save/restore of previous value of r14. SP+16 can be used, as LR is preserved across the syscall. Steps to reproduce: On PPC host, issue `qemu-x86_64 /usr/bin/cc -E -` Attempt Ctrl-C, the issue is reproduced. Reference: https://refspecs.linuxfoundation.org/ELF/ppc64/PPC-elf64abi-1.9.html#REG https://openpowerfoundation.org/wp-content/uploads/2016/03/ABI64BitOpenPOWE= Rv1.1_16July2015_pub4.pdf Signed-off-by: Shivaprasad G Bhat Tested-by: Richard Henderson Tested-by: Laurent Vivier Reviewed-by: Richard Henderson Reviewed-by: Laurent Vivier Message-Id: <153301568965.30312.10498134581068746871.stgit@dhcp-9-109-246-1= 6> Signed-off-by: Laurent Vivier --- linux-user/host/ppc64/safe-syscall.inc.S | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/linux-user/host/ppc64/safe-syscall.inc.S b/linux-user/host/ppc= 64/safe-syscall.inc.S index d30050a67c..8ed73a5b86 100644 --- a/linux-user/host/ppc64/safe-syscall.inc.S +++ b/linux-user/host/ppc64/safe-syscall.inc.S @@ -49,7 +49,9 @@ safe_syscall_base: * and returns the result in r3 * Shuffle everything around appropriately. */ - mr 11, 3 /* signal_pending */ + std 14, 16(1) /* Preserve r14 in SP+16 */ + .cfi_offset 14, 16 + mr 14, 3 /* signal_pending */ mr 0, 4 /* syscall number */ mr 3, 5 /* syscall arguments */ mr 4, 6 @@ -67,12 +69,13 @@ safe_syscall_base: */ safe_syscall_start: /* if signal_pending is non-zero, don't do the call */ - lwz 12, 0(11) + lwz 12, 0(14) cmpwi 0, 12, 0 bne- 0f sc safe_syscall_end: /* code path when we did execute the syscall */ + ld 14, 16(1) /* restore r14 to its original value */ bnslr+ =20 /* syscall failed; return negative errno */ @@ -81,6 +84,7 @@ safe_syscall_end: =20 /* code path when we didn't execute the syscall */ 0: addi 3, 0, -TARGET_ERESTARTSYS + ld 14, 16(1) /* restore r14 to its orginal value */ blr .cfi_endproc =20 --=20 2.17.1