From nobody Wed Nov  5 13:02:32 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as
 permitted sender) client-ip=208.118.235.17;
 envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org;
 helo=lists.gnu.org;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted
 sender)  smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org
Return-Path: <qemu-devel-bounces+importer=patchew.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by
 mx.zohomail.com
	with SMTPS id 1534267983939400.99842220242715;
 Tue, 14 Aug 2018 10:33:03 -0700 (PDT)
Received: from localhost ([::1]:45246 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <qemu-devel-bounces+importer=patchew.org@nongnu.org>)
	id 1fpdBm-0003DH-Mx
	for importer@patchew.org; Tue, 14 Aug 2018 13:33:02 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:36881)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <laurent@vivier.eu>) id 1fpd98-0001Db-1Y
	for qemu-devel@nongnu.org; Tue, 14 Aug 2018 13:30:37 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <laurent@vivier.eu>) id 1fpd8k-0001SP-32
	for qemu-devel@nongnu.org; Tue, 14 Aug 2018 13:30:17 -0400
Received: from mout.kundenserver.de ([212.227.17.10]:50043)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <laurent@vivier.eu>) id 1fpd8j-0001Pp-QH
	for qemu-devel@nongnu.org; Tue, 14 Aug 2018 13:29:54 -0400
Received: from localhost.localdomain ([78.238.229.36]) by
	mrelayeu.kundenserver.de (mreue101 [212.227.15.183]) with ESMTPSA
	(Nemesis)
	id 0LhNR2-1gBncj1v7Y-00mZsw; Tue, 14 Aug 2018 18:19:09 +0200
From: Laurent Vivier <laurent@vivier.eu>
To: qemu-devel@nongnu.org
Date: Tue, 14 Aug 2018 18:19:02 +0200
Message-Id: <20180814161904.12216-2-laurent@vivier.eu>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180814161904.12216-1-laurent@vivier.eu>
References: <20180814161904.12216-1-laurent@vivier.eu>
X-Provags-ID: V03:K1:exlB7uyUNqMydCQYUW+xrGelXPFMneZSahhEoghaHSzxgHeuuhN
	cW5PSukV0Pg3jqvoi4fPKBMGHfL3IBLcCfejI2CAvNKB+iCZa6v7U7TRiXpFDLtDQQ7rqn/
	Iuzpx99Tj9E5hr4QCX2Z1K7uGB9kbobqWDr4pkWA6Ine/UySsCkQUjv/xk+3Pbg/xZV77Pj
	3wx6KavbQ+8z5B80lOFUg==
X-UI-Out-Filterresults: notjunk:1;V01:K0:VBoKP0LOUPw=:/3FqoM7NLFw7NrtvqESd6L
	F353wqCEKmF27kXmkw5eEWdJ3gyT9y6BeKDb4HjLByHXJwVm8P/Kt7WvE6ExpM9rwKeRE4r6H
	te0VvzlIS7aOf3LryiI6QGyfA/6BaeLR5yhjjCtrFqpUOLJ8qEtVbcJL1+5C/YZ9Cwyemw9sC
	KxMUyL2ol+FwLk4b1KMxuTCTWAg5EMYJ5C7F2n+KqACNU7GLueQ8Z2BQawu5Jg/TuPMLAJRl3
	k2OgJoWibQgetQ2Hfyz7bMmp9lViOYsZ8ZZPUngdy4MMfrzWknLmsy4AH9ulcs3AuYZGgKlhR
	t1CQm7jtYtxlNYtRepQ/DoT6PcY0IXrLyD+ygZHlRYwC/Jd4RrhRZGRT3+K4xaiE633eCeP2E
	mIwR4Gxbh5+0iAKCcIkJJFe78rp5SJnbi09TMFXI28jLacnEloiEQx2IamdGg4r0GSEEiwZde
	YYzYWDJiGY7R7RY0TWM1sGIz6RqL2XS5A+yynmtcCuIBAqW1M12bDYnSgdtwVAxzUzUIrRgJI
	2TaGKSQXOPHVOTP2KEkJA1GvJH/eWblzrgmoII5zcm3CFz2K/n6Gz9JuxA22pQTA9gSEJiamg
	V1lwWvyLxhbOioyIKeWHbT+lMXn0IubhNfqvolITGMIcrqBvITjuyKU9qvpjwpW2QgSTh4LjB
	xz/iWl9L6ZRjOIy/4AEMamyWR0EgnaNcngSz2mUd50wCad5GYPuo1SV/ffjNQhdsJr7Y=
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 212.227.17.10
Subject: [Qemu-devel] [PATCH 1/3] linux-user: fix recvmsg()/recvfrom() with
 netlink and MSG_TRUNC
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: Riku Voipio <riku.voipio@iki.fi>, Laurent Vivier <laurent@vivier.eu>
Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+importer=patchew.org@nongnu.org>
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"

If recvmsg()/recvfrom() are used with the MSG_TRUNC flag, they return the
real length even if it was longer than the passed buffer.
So when we translate the buffer we must check we don't go beyond the
end of the buffer.

Bug: https://github.com/vivier/qemu-m68k/issues/33
Reported-by: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
---
 linux-user/syscall.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index dfc851cc35..399da09f38 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -3892,7 +3892,7 @@ static abi_long do_sendrecvmsg_locked(int fd, struct =
target_msghdr *msgp,
             len =3D ret;
             if (fd_trans_host_to_target_data(fd)) {
                 ret =3D fd_trans_host_to_target_data(fd)(msg.msg_iov->iov_=
base,
-                                                       len);
+                                               MIN(msg.msg_iov->iov_len, l=
en));
             } else {
                 ret =3D host_to_target_cmsg(msgp, &msg);
             }
@@ -4169,7 +4169,12 @@ static abi_long do_recvfrom(int fd, abi_ulong msg, s=
ize_t len, int flags,
     }
     if (!is_error(ret)) {
         if (fd_trans_host_to_target_data(fd)) {
-            ret =3D fd_trans_host_to_target_data(fd)(host_msg, ret);
+            abi_long trans;
+            trans =3D fd_trans_host_to_target_data(fd)(host_msg, MIN(ret, =
len));
+            if (is_error(trans)) {
+                ret =3D trans;
+                goto fail;
+            }
         }
         if (target_addr) {
             host_to_target_sockaddr(target_addr, addr, addrlen);
--=20
2.17.1