From nobody Wed Apr 1 22:37:16 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=linaro.org ARC-Seal: i=1; a=rsa-sha256; t=1775036959; cv=none; d=zohomail.com; s=zohoarc; b=mhC8DU4DbCFIhVdMUNZjJnpEIH5RMsl/IVH9MPV8KosRSBEiFJredGeYuFQ76y0xRU0VLt6CtF+lSinlojFH2mVhy7eCbvwkcQm519UFH445Xe3KG21cd4OQg3uKgcR8L77RS638kRJnJyipjAXIEodbo/6ZFpHukhLJePG8YIk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1775036959; h=Content-Type:Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To:Cc; bh=Ul3pTRZ9ii612LV0EoDdvHEyXRX21gyOxJ37kH6REiI=; b=miT9ZCluAlJ7U/ZAbae+9gLVE+rdrKzKq0Qk+UDuIbgWC0ClCjbfi0RjYmUV1XWaDvAXgZXQFXLNUroyhNO9WG00yHmmWv6Ec9k2pXvafUORelR2mgmZWGe4tADxn+kyV2zpkkwiueAfJh755/SUcsaDvnULcmhuKnl144jg/jQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1775036959660951.0946462168514; Wed, 1 Apr 2026 02:49:19 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1w7sBy-0008BX-WC; Wed, 01 Apr 2026 05:48:55 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1w7sBx-0008B8-TK for qemu-devel@nongnu.org; Wed, 01 Apr 2026 05:48:53 -0400 Received: from mail-wm1-x32d.google.com ([2a00:1450:4864:20::32d]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1w7sBw-0000LM-FE for qemu-devel@nongnu.org; Wed, 01 Apr 2026 05:48:53 -0400 Received: by mail-wm1-x32d.google.com with SMTP id 5b1f17b1804b1-486507134e4so75420805e9.0 for ; Wed, 01 Apr 2026 02:48:51 -0700 (PDT) Received: from lanath.. (wildly.archaic.org.uk. [81.2.115.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4887eb5aff3sm146945685e9.15.2026.04.01.02.48.49 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Apr 2026 02:48:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1775036931; x=1775641731; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Ul3pTRZ9ii612LV0EoDdvHEyXRX21gyOxJ37kH6REiI=; b=qdhKjR6fJ5MBf1H2lMiH70QZUVNhN2Ck7gvhNz0szeJLEj3QBPEEakloGF4O7VTr8m T4Np8dKMGs1qwvGrxTm3XCXl3Y4ivcRSIopkBOzuWCYdm4ZdmOLDwaCX0Bi64hLE7Pi1 wMAmhUxADUnkz7Nz1d2GKH7SocKe/ulETlRUPTy+g0UoYaqj8oWct4WNHh/QGZ2gX39W xCFdwXLb/USLOiPDBWy1LZ/BiV0pZ2a9rqEL4Up/+q6/PxEiJrNptgzdZ6/ixX671psZ A3U9uTqUGyho7GLWjsyzXOdanxGgqUwXatPEwdkF9F3+zU6Y2+w43XtxIKZDERfXnK2w UNsg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775036931; x=1775641731; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=Ul3pTRZ9ii612LV0EoDdvHEyXRX21gyOxJ37kH6REiI=; b=Iu7ccLiRwupoO+4b6U1CC7JOKooFYEvOggGy32iOVzfbaeoz75qcKoP62HZw5PKOTW XwUXidQLN1caOfM8PIG/An5fI2MNAmp4iAp+3mmrXMCaqCJyGR7OkbS8flvUCqdA7Wss CsQR60LCKd33T9KIxOl/ROOxisMMzaS0lgHf90fBguqMzWjmqqg0NiJqXxlKVhfKYPiG gRY3hNzY4e9iXtp3jaNwv8gLrni9XNiqyqjb1I7s9XcZ9FlAl7U1Bn5t8RSj0li7vuEV j0DoEZqNQOCKwFOhv0cyu9cE7zqHQSJB4LlioObxEmOpBNs8ZTLDDvHFhcyD1wp+XLRU rLhw== X-Gm-Message-State: AOJu0YywEah4scacOlghqE5NctPdZiuAcydERq6fIRCyga3h9UTq4YIx iChGx2dmcRfVTsO8V5w+rfUTrQlLIzr5nK6H6DV289SukoRz/CnQFb5zL6BHvRcIRfvYN5OrMv8 tqTQpqAg= X-Gm-Gg: ATEYQzxjze73j5MoANc3rfxlYC7rxm1N5qwMddGlJw91VLkZaWAjJCKPDvzMxzDPK1k A9Wt8S/XB1DQaZ3UF3UvhEqG92r+x1VqYjTKloQSfzohY0+csA1mckeAlkYeqTSPnm+E/CLt9lB wNClgH5uxaHtx29eT/WY+BIy6nM9Ii38zvpapV40ieEBu3nUqkpNPF8SSGehX1VgN+OappbVcWR 99DH4r0wWpzkbw7UC2fdL5lFzL7rbpRRjBaVwRp8oZotWu0Sr5SEVdrkNBKTC23do9fmW4diM/7 KRi5zRzSXw3Nusu/Ndr5qZq1pG9mCfW9XU90X07SFAgQLPW8L0AofdBXbMb29TCsH4z3+/Ty4q1 3oWzWxzINIqinCIBJTLqK7NIJE1z44U3aAhhbyyOFw1nuIAaI3x2yQxLdgtON7HP2lqDmGOHN3m jKasBTg9Tx52T560tTA50GYPjY4ppsNksB4NttyHAU+atktX8tKHwvkB0A/P8eryUS9oCoM6j5P OvPEqt90vO56m91x8sif/WmnwXWo6E= X-Received: by 2002:a05:600c:3515:b0:477:76bf:e1fb with SMTP id 5b1f17b1804b1-4888359cee3mr48983755e9.16.1775036930652; Wed, 01 Apr 2026 02:48:50 -0700 (PDT) From: Peter Maydell To: qemu-devel@nongnu.org Subject: [PULL 1/6] include: Don't include guest-host.h in cpu-ldst.h Date: Wed, 1 Apr 2026 10:48:43 +0100 Message-ID: <20260401094848.2661985-2-peter.maydell@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260401094848.2661985-1-peter.maydell@linaro.org> References: <20260401094848.2661985-1-peter.maydell@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::32d; envelope-from=peter.maydell@linaro.org; helo=mail-wm1-x32d.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @linaro.org) X-ZM-MESSAGEID: 1775036961021154100 We currently include user/guest-host.h from accel/tcg/cpu-ldst.h. However that file doesn't need anything from guest-host.h, since we removed the uses of g2h() in commit 9b74d403b30e ("accel/tcg: Move user-only tlb_vaddr_to_host out of line"). Move the include of guest-host.h to where it's actually needed. Signed-off-by: Peter Maydell Reviewed-by: Laurent Vivier Reviewed-by: Richard Henderson Message-id: 20260330143123.1685142-2-peter.maydell@linaro.org Reviewed-by: Philippe Mathieu-Daud=C3=A9 --- bsd-user/qemu.h | 1 + include/accel/tcg/cpu-ldst.h | 4 ---- linux-user/qemu.h | 1 + 3 files changed, 2 insertions(+), 4 deletions(-) diff --git a/bsd-user/qemu.h b/bsd-user/qemu.h index 2c586e546f..b0b2c249fb 100644 --- a/bsd-user/qemu.h +++ b/bsd-user/qemu.h @@ -27,6 +27,7 @@ #include "user/abitypes.h" #include "user/cpu_loop.h" #include "user/page-protection.h" +#include "user/guest-host.h" =20 extern char **environ; =20 diff --git a/include/accel/tcg/cpu-ldst.h b/include/accel/tcg/cpu-ldst.h index a5711bc15a..ea2cbf40fe 100644 --- a/include/accel/tcg/cpu-ldst.h +++ b/include/accel/tcg/cpu-ldst.h @@ -71,10 +71,6 @@ #include "accel/tcg/cpu-mmu-index.h" #include "exec/abi_ptr.h" =20 -#if defined(CONFIG_USER_ONLY) -#include "user/guest-host.h" -#endif /* CONFIG_USER_ONLY */ - static inline uint32_t cpu_ldub_mmuidx_ra(CPUArchState *env, abi_ptr addr, int mmu_idx, uintptr_t= ra) { diff --git a/linux-user/qemu.h b/linux-user/qemu.h index 85e68eff7b..cfe5f45fc4 100644 --- a/linux-user/qemu.h +++ b/linux-user/qemu.h @@ -10,6 +10,7 @@ #include "syscall_defs.h" #include "target_syscall.h" #include "accel/tcg/vcpu-state.h" +#include "user/guest-host.h" =20 /* * This is the size of the host kernel's sigset_t, needed where we make --=20 2.43.0 From nobody Wed Apr 1 22:37:16 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=linaro.org ARC-Seal: i=1; a=rsa-sha256; t=1775037000; cv=none; d=zohomail.com; s=zohoarc; b=ewnPtolDGQBLN3acwDjpR5iw/exRss7md0bMta3g5Dzfe0DriIVL7WpzgpzVEgM4DrAl4oxsq/0pxy0JwEbiBJHxTPRI8QoKP4wWanUL7UkiEOIWO2y7wpC5dtq3jJ3tsoUslsUZx4vl6frmC187pD7A623y5Tm1zanJOr7BwFM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1775037000; h=Content-Type:Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To:Cc; bh=uIZEE+sx/dcoMgQcb8y9kigPvKc3VYNpYx1tt/b19UE=; b=SAoVKvgs2KlX8IOwjut8e18JHbyZoyp6hkawnT0iePV71xKZOmheMJCoHYo9TJByY3MZ3is1ip1CF9FLVPWbIwDsDVd9On0CWu6SitV9pVIEw9CL7VchtMODBwiuYqoP7u+mJnhKnyB/KubScZ8226fAEt9GnWGPIRu3IGAjtWQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1775037000099238.74515662156364; Wed, 1 Apr 2026 02:50:00 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1w7sC2-0008DF-C2; Wed, 01 Apr 2026 05:48:58 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1w7sBz-0008Bv-Hz for qemu-devel@nongnu.org; Wed, 01 Apr 2026 05:48:55 -0400 Received: from mail-wr1-x435.google.com ([2a00:1450:4864:20::435]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1w7sBx-0000Lf-Ge for qemu-devel@nongnu.org; Wed, 01 Apr 2026 05:48:55 -0400 Received: by mail-wr1-x435.google.com with SMTP id ffacd0b85a97d-43cf5d14d6eso3029789f8f.0 for ; Wed, 01 Apr 2026 02:48:53 -0700 (PDT) Received: from lanath.. (wildly.archaic.org.uk. [81.2.115.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4887eb5aff3sm146945685e9.15.2026.04.01.02.48.50 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Apr 2026 02:48:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1775036932; x=1775641732; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=uIZEE+sx/dcoMgQcb8y9kigPvKc3VYNpYx1tt/b19UE=; b=H+VaKn+VO9MJurdPGDegFiz9E8z9MNnyYpezCGj4HFWKd+4bWNgFuVKvGhoikDrJMg teBx0Uj1VY3l0md7Bp46WXY2O8/vJ6EJ5IpPHWiugVQQdw0pRMyb48aqyjlksQturO3U SFp9oiTclTjcsbiXIGNErGCNKdr+cKrmNNYE3VImJpgSLrBo9xkhAP53Kifm5HWE7B0Q bRKfFOjuGDgfaa5J4XDrRqdFOpDtcgggnJvbx5PrETSTd7GPdfCiO158Om9b592DybHp fXDD5g2LoNnA7etnwOg86aLKsr0gyScIaILcYw65x6TG/T9bnPJVO3QYkNoB6WSn7oMu DVgw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775036932; x=1775641732; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=uIZEE+sx/dcoMgQcb8y9kigPvKc3VYNpYx1tt/b19UE=; b=BwfAYsOJIrBs/Im27fmAUzgw3wbbkVZwq7uxgMVVOQA46S+ECazOmg/qSAdcfLmTUv s1vkaGc5E4PImyqx2QHbyEUiIG13RIfdmYQbYxF0AomK9CbYEcy4KxteKZldwlmZH0D9 NZsnM3UiEvVxyhHXNtnOJGOu494s5QCKjPnQ/gcNmci6pOT15w4I+RTRRxgLbo49s6Re QZEPcn5uK3gk4WsRCmaDfJcTZ9xpP8pdFRsG3yEqspmCdAhbOyZLFtr7Gef3oTtMW+gT Rs35yWBltccARkpgPlu/P+dP0R1G13zY4CQSKPiUBd3MKgmuRPjAv8ukJLfjvFCVrNZ+ Bw6w== X-Gm-Message-State: AOJu0YyiKSMcDrKavJIIoKa/defMY02jU7GgoNbeiHX8Fd2oaQ7SIgGz pY9tQZVU3Y8IWcwFPTEIk1CiK9O0ztPfDKj/zR0/Bor1Map2RqyDVAleZrntTr5CjPrYD2uAMoR f8+T8fd8= X-Gm-Gg: ATEYQzxCbiv7owb6+/pe2HlrkVkz8lc0f4QlMo/ES3B+hbMOcbXeyNFSKL9DU2v1iv2 zdMJzIjm6l7HzU+sw1Q7vpvwyAzdBg+vxE25iK9WuzEjtrmOoeNFuu4vi7qq/6+dQJ6ILsXtLsX 1e8uJNL1+UMUj7Q/YzeL3+9RcKLoccB7ojO9O8YPQ6WsPt1aWJFkd+8SySoSMTRuGc47IyFYeeT HMqi7yC0fyPy+BsP26fsbYoASEtkQvWPPb2AH4L31LWySkSHJmy8JO/eyAvVDJCZu/abH9Q0kdo OpyoTX3wr1F/uj0RWjZjIKzBlW19ePkngn5SSGWqxjoRFv3xsI6Y6xi6KTpABUaPFPnWu6xft8E 2BZD3pH0UI/EJvjPHHyQFzgkBv/yfK1BWj3ohUKWENzSBwkXBXBfEmTWd5dY6AxA3I/TnUp6IDC uDNhYHvku7sHS+V9OLBeNxJnUAL3jUZD9F7zX6QA7rbkzJjHUv1LQInuPnB+epjXxwanS7aFYLl YWOfSF+GYhPynlVDLp/o8DQ1q+dEus= X-Received: by 2002:a05:600c:a406:b0:485:40fd:8390 with SMTP id 5b1f17b1804b1-488835ccc61mr36578795e9.26.1775036931778; Wed, 01 Apr 2026 02:48:51 -0700 (PDT) From: Peter Maydell To: qemu-devel@nongnu.org Subject: [PULL 2/6] include/user/guest-host.h: Provide g2h etc for both abi_ptr and vaddr Date: Wed, 1 Apr 2026 10:48:44 +0100 Message-ID: <20260401094848.2661985-3-peter.maydell@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260401094848.2661985-1-peter.maydell@linaro.org> References: <20260401094848.2661985-1-peter.maydell@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::435; envelope-from=peter.maydell@linaro.org; helo=mail-wr1-x435.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @linaro.org) X-ZM-MESSAGEID: 1775037001626154100 In commit 7804c84a ("include/user: Use vaddr in guest-host.h") we changed all the functions in guest-host.h that took or returned their guest address argument in type abi_ptr to instead use vaddr. This introduced regressions for the case of a 32-bit guest and an address above 2GB for the common situation where the address is a syscall argument stored in a variable of type 'abi_long'. With abi_ptr (which will be an unsigned 32-bit type for 32-bit guests), the address is cast to unsigned 32-bit, and then zero-extended to 64-bits in g2h_untagged_vaddr(). With the switch to vaddr (which is always a 64-bit unsigned type), the guest address will instead be sign-extended to 64 bits, which gives the wrong answer. Fix this by providing two versions of the affected functions: the standard names (g2h(), g2h_untagged(), guest_addr_valid_untagged(), guest_range_valid_untagged(), cpu_untagged_addr()) return to using the logically-correct abi_ptr type; new versions with a _vaddr() prefix use the vaddr type. accel/tcg/user-exec.c must change to use the _vaddr() versions; this is the only file that uses guest-host.h that we want to compile once. All the other uses are in linux-user and bsd-user code that inherently has to know the sizes of target-ABI types. Cc: qemu-stable@nongnu.org Fixes: 7804c84a ("include/user: Use vaddr in guest-host.h") Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3333 Signed-off-by: Peter Maydell Reviewed-by: Laurent Vivier Reviewed-by: Richard Henderson Message-id: 20260330143123.1685142-3-peter.maydell@linaro.org Reviewed-by: Philippe Mathieu-Daud=C3=A9 --- accel/tcg/user-exec.c | 26 ++++++++-------- include/user/guest-host.h | 62 +++++++++++++++++++++++++++++++++++---- 2 files changed, 69 insertions(+), 19 deletions(-) diff --git a/accel/tcg/user-exec.c b/accel/tcg/user-exec.c index f8b4a26711..d283d3cc72 100644 --- a/accel/tcg/user-exec.c +++ b/accel/tcg/user-exec.c @@ -647,7 +647,7 @@ void tb_lock_page0(tb_page_addr_t address) =20 if (prot & PAGE_WRITE) { pageflags_set_clear(start, last, 0, PAGE_WRITE); - mprotect(g2h_untagged(start), last - start + 1, + mprotect(g2h_untagged_vaddr(start), last - start + 1, prot & (PAGE_READ | PAGE_EXEC) ? PROT_READ : PROT_NONE); } } @@ -734,7 +734,7 @@ int page_unprotect(CPUState *cpu, tb_page_addr_t addres= s, uintptr_t pc) if (prot & PAGE_EXEC) { prot =3D (prot & ~PAGE_EXEC) | PAGE_READ; } - mprotect((void *)g2h_untagged(start), len, prot & PAGE_RWX); + mprotect((void *)g2h_untagged_vaddr(start), len, prot & PAGE_RWX); } mmap_unlock(); =20 @@ -763,7 +763,7 @@ static int probe_access_internal(CPUArchState *env, vad= dr addr, g_assert_not_reached(); } =20 - if (guest_addr_valid_untagged(addr)) { + if (guest_addr_valid_untagged_vaddr(addr)) { int page_flags =3D page_get_flags(addr); if (page_flags & acc_flag) { if (access_type !=3D MMU_INST_FETCH @@ -792,7 +792,7 @@ int probe_access_flags(CPUArchState *env, vaddr addr, i= nt size, =20 g_assert(-(addr | TARGET_PAGE_MASK) >=3D size); flags =3D probe_access_internal(env, addr, size, access_type, nonfault= , ra); - *phost =3D (flags & TLB_INVALID_MASK) ? NULL : g2h(env_cpu(env), addr); + *phost =3D (flags & TLB_INVALID_MASK) ? NULL : g2h_vaddr(env_cpu(env),= addr); return flags; } =20 @@ -805,13 +805,13 @@ void *probe_access(CPUArchState *env, vaddr addr, int= size, flags =3D probe_access_internal(env, addr, size, access_type, false, r= a); g_assert((flags & ~TLB_MMIO) =3D=3D 0); =20 - return size ? g2h(env_cpu(env), addr) : NULL; + return size ? g2h_vaddr(env_cpu(env), addr) : NULL; } =20 void *tlb_vaddr_to_host(CPUArchState *env, vaddr addr, MMUAccessType access_type, int mmu_idx) { - return g2h(env_cpu(env), addr); + return g2h_vaddr(env_cpu(env), addr); } =20 tb_page_addr_t get_page_addr_code_hostp(CPUArchState *env, vaddr addr, @@ -822,7 +822,7 @@ tb_page_addr_t get_page_addr_code_hostp(CPUArchState *e= nv, vaddr addr, flags =3D probe_access_internal(env, addr, 1, MMU_INST_FETCH, false, 0= ); g_assert(flags =3D=3D 0); =20 - *hostp =3D g2h_untagged(addr); + *hostp =3D g2h_untagged_vaddr(addr); return addr; } =20 @@ -938,7 +938,7 @@ static void *cpu_mmu_lookup(CPUState *cpu, vaddr addr, cpu_loop_exit_sigbus(cpu, addr, type, ra); } =20 - ret =3D g2h(cpu, addr); + ret =3D g2h_vaddr(cpu, addr); set_helper_retaddr(ra); return ret; } @@ -968,7 +968,7 @@ int cpu_memory_rw_debug(CPUState *cpu, vaddr addr, } if (is_write) { if (flags & PAGE_WRITE) { - memcpy(g2h(cpu, addr), buf, l); + memcpy(g2h_vaddr(cpu, addr), buf, l); } else { /* Bypass the host page protection using ptrace. */ if (fd =3D=3D -1) { @@ -987,13 +987,13 @@ int cpu_memory_rw_debug(CPUState *cpu, vaddr addr, */ tb_invalidate_phys_range(NULL, addr, addr + l - 1); written =3D pwrite(fd, buf, l, - (off_t)(uintptr_t)g2h_untagged(addr)); + (off_t)(uintptr_t)g2h_untagged_vaddr(addr= )); if (written !=3D l) { goto out_close; } } } else if (flags & PAGE_READ) { - memcpy(buf, g2h(cpu, addr), l); + memcpy(buf, g2h_vaddr(cpu, addr), l); } else { /* Bypass the host page protection using ptrace. */ if (fd =3D=3D -1) { @@ -1003,7 +1003,7 @@ int cpu_memory_rw_debug(CPUState *cpu, vaddr addr, } } if (pread(fd, buf, l, - (off_t)(uintptr_t)g2h_untagged(addr)) !=3D l) { + (off_t)(uintptr_t)g2h_untagged_vaddr(addr)) !=3D l) { goto out_close; } } @@ -1231,7 +1231,7 @@ static void *atomic_mmu_lookup(CPUState *cpu, vaddr a= ddr, MemOpIdx oi, cpu_loop_exit_atomic(cpu, retaddr); } =20 - ret =3D g2h(cpu, addr); + ret =3D g2h_vaddr(cpu, addr); set_helper_retaddr(retaddr); return ret; } diff --git a/include/user/guest-host.h b/include/user/guest-host.h index 8f7ef75896..ef83ad8a18 100644 --- a/include/user/guest-host.h +++ b/include/user/guest-host.h @@ -29,7 +29,12 @@ extern unsigned long reserved_va; */ extern unsigned long guest_addr_max; =20 -static inline vaddr cpu_untagged_addr(CPUState *cs, vaddr x) +/* + * These functions take the guest virtual address as a vaddr, + * and are suitable for use from target-independent code. + */ + +static inline vaddr cpu_untagged_addr_vaddr(CPUState *cs, vaddr x) { const TCGCPUOps *tcg_ops =3D cs->cc->tcg_ops; if (tcg_ops->untagged_addr) { @@ -39,22 +44,22 @@ static inline vaddr cpu_untagged_addr(CPUState *cs, vad= dr x) } =20 /* All direct uses of g2h and h2g need to go away for usermode softmmu. */ -static inline void *g2h_untagged(vaddr x) +static inline void *g2h_untagged_vaddr(vaddr x) { return (void *)((uintptr_t)(x) + guest_base); } =20 -static inline void *g2h(CPUState *cs, vaddr x) +static inline void *g2h_vaddr(CPUState *cs, vaddr x) { - return g2h_untagged(cpu_untagged_addr(cs, x)); + return g2h_untagged_vaddr(cpu_untagged_addr_vaddr(cs, x)); } =20 -static inline bool guest_addr_valid_untagged(vaddr x) +static inline bool guest_addr_valid_untagged_vaddr(vaddr x) { return x <=3D guest_addr_max; } =20 -static inline bool guest_range_valid_untagged(vaddr start, vaddr len) +static inline bool guest_range_valid_untagged_vaddr(vaddr start, vaddr len) { return len - 1 <=3D guest_addr_max && start <=3D guest_addr_max - len = + 1; } @@ -73,4 +78,49 @@ static inline bool guest_range_valid_untagged(vaddr star= t, vaddr len) h2g_nocheck(x); \ }) =20 +#ifdef COMPILING_PER_TARGET + +/* + * These functions take the guest virtual address as an abi_ptr. This + * is an important difference from a vaddr for the common case where + * the address is a syscall argument in a variable of type abi_long, + * which may be smaller than the vaddr type. If you pass an address in + * an abi_long to these functions then the value will be converted to + * an unsigned type and then zero extended to give the vaddr. If you + * use the g2h_vaddr() and similar functions which take an argument of + * type vaddr, then the value will be sign-extended, giving the wrong + * answer for addresses above the 2GB mark on 32-bit guests. + * + * Providing these functions with their traditional QEMU semantics is + * less bug-prone than requiring many callsites to remember to cast + * their abi_long variable to an abi_ptr before calling. + */ + +static inline void *g2h(CPUState *cs, abi_ptr x) +{ + return g2h_vaddr(cs, x); +} + +static inline void *g2h_untagged(abi_ptr x) +{ + return g2h_untagged_vaddr(x); +} + +static inline bool guest_addr_valid_untagged(abi_ptr x) +{ + return guest_addr_valid_untagged_vaddr(x); +} + +static inline bool guest_range_valid_untagged(abi_ptr start, abi_ptr len) +{ + return guest_range_valid_untagged_vaddr(start, len); +} + +static inline abi_ptr cpu_untagged_addr(CPUState *cs, abi_ptr x) +{ + return cpu_untagged_addr_vaddr(cs, x); +} + +#endif + #endif --=20 2.43.0 From nobody Wed Apr 1 22:37:16 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=linaro.org ARC-Seal: i=1; a=rsa-sha256; t=1775036959; cv=none; d=zohomail.com; s=zohoarc; b=AHUE9hNsfq1ZmdpqjgtC+/EspRjn08+/+H2HvPJbV/w5TjJvdv2lcXpJR9BR2J20Cv/tuqxKjCD+grLTe+VugAGMHZP0hhKlIejSDth1d/jtKW9Ryc5Y8iXWAyVb29wZEBFqZRFDJtEIpGN77xJREh/WOqe4rQWQcK0E9eSKW/Q= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1775036959; h=Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To:Cc; bh=YWUWvyYmwxpesYfMxCSgCLmRDVhk6kKfDEQRKBjiWeY=; b=bPdNuIMWN78tHFlW2K/GDCFLqmyzEW/uo8Gr679Z+onktedWFXIizblDFliN8/5G1RsnkNtuLOV/eX63nRuUJbyvPI1cXBojelVGZjsHseAY9yhyAWcGifyG8Sfwmi16v44Qu0bMz2yXqHSpxQVQ12RFkOREZ/qWMiYndaBfUsI= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1775036959678496.9234255003887; Wed, 1 Apr 2026 02:49:19 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1w7sC0-0008CN-Ug; Wed, 01 Apr 2026 05:48:56 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1w7sBz-0008C3-UB for qemu-devel@nongnu.org; Wed, 01 Apr 2026 05:48:55 -0400 Received: from mail-wm1-x331.google.com ([2a00:1450:4864:20::331]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1w7sBy-0000Lp-AB for qemu-devel@nongnu.org; Wed, 01 Apr 2026 05:48:55 -0400 Received: by mail-wm1-x331.google.com with SMTP id 5b1f17b1804b1-4888244e9f9so10270355e9.0 for ; Wed, 01 Apr 2026 02:48:53 -0700 (PDT) Received: from lanath.. (wildly.archaic.org.uk. [81.2.115.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4887eb5aff3sm146945685e9.15.2026.04.01.02.48.51 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Apr 2026 02:48:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1775036933; x=1775641733; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=YWUWvyYmwxpesYfMxCSgCLmRDVhk6kKfDEQRKBjiWeY=; b=Hvueo9C+hETRmrW3KRa6scNG80f/NICdSJab8VHF9EyW/rCF8sTIehHeTEadnJY2Co ygCsORtoWjTcCJGo34za50tzbTwqr472LLAa/ExrXRRXfccshotxsSjU7W3wamorprZL 2bvOUPZQilduExptZaoJkrF1TexSdNRoMWNIgW+M7vwB4Rzm+rc54VVLaw942JvES/gq QXdIclfG/62xZyTM3JSWatz51blX5Vez4MJQ7bevinsEHoXUUIuqUVskWzUb6bk9obYw 6L+J6BZzuqdEsbkw6LI78YYDnwicwHNVNsiQ48IeXnKLuD7SX5Jotv2NafoenFLPnbiW 3LVQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775036933; x=1775641733; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=YWUWvyYmwxpesYfMxCSgCLmRDVhk6kKfDEQRKBjiWeY=; b=KXJquaXxhTp+Z4uU9Tw1a1RZ9hWzLVEBJXGlxq+PBABp6CBChwgmwli6x3+ddxz22m TaUg61ICQr4nYnua7Ua4K/r3QCvYwuIY7yOnfKuZDNs3I+f7zRHMJ8EE+Di3OThg0Tk2 PH/EULU2dGUND2K8nPyQCyxgXAfzD7KO712YyIu6SCQoNQMrR5HxRRlZsVS2Af+d3/7V sbY4SQYM/S8PQ/oxX3TQuhzufiTHHVnXLQKokxb+N6oUYiDLsQBBXk+8U8NzhAjpURyK 1oX8Bd/y9viLqvuWKe5l2zYxAzm5qMKhQpmYEhIW5rjfkVIA0LW5oXU38JG7EzxUX3Ct y6Xw== X-Gm-Message-State: AOJu0YzdfjGRvQBCVdL2mLYUXzAVXF4jtRxkiF/ixSIDb9TWCW15Lv2L 3JxSaSumoeeghar2q0fnF3Q58VMEP4ZRYX7yDoyHjEKLLqCrU45IIFqD29fiZTk8BGNtFTjSWAM xp69mEU0= X-Gm-Gg: ATEYQzzkL2lLiePqS2yVyUwYjT60gHT+/PtbmlEd+u0wCu5yTHpXyA3TdERwGg9jQRH FTrGbl4p3sqTPNDp0xA0luCID3qEPL5nKDiXxkw16v6vkAn4cfzg14JPAUCDmiOTKXkPJb2VDOI f5iZ/J+y4IzULxKI9kCa7nwo4cpXBjlqvh6xvMI8PQyFedXbOSPQlC3sMWl2HEil9HyleliJY0d mLDLZCIcL6sHjEQBZTxAdu9xs51a2gbYUW63lWd8AouDCkD5DVJIyG44giCzu9qQGuU1ov3FvDa XYZnl0MHp8G5kqm8xeRGTgbeH2wECrPfqFpgN2cSJVP4wjj0kSpyyiqdM+9aHqgKqXN5xoG7N+q 8bbfY/viGUD2pWh3wJwDfonxv+mCOoD+IsD3zmoYfq8iVAwaR9jKYt3uCjpnv1jqpLwSnYOLOJ6 e466+UNulXsBI5xx3lvIedLb46/91ACuLIqbiZhFldSJ1ESTnu4hUr4QpF+GTnondj4HN5+ZTyR FXnVrGFip/FhsARdXTuZOHzOi10JjFgT2FOQfN8xA== X-Received: by 2002:a05:600c:444e:b0:485:35ee:f836 with SMTP id 5b1f17b1804b1-48883569e3dmr44289365e9.2.1775036932697; Wed, 01 Apr 2026 02:48:52 -0700 (PDT) From: Peter Maydell To: qemu-devel@nongnu.org Subject: [PULL 3/6] linux-user: fix name_to_handle_at when AT_HANDLE_MNT_ID_UNIQUE flag is set Date: Wed, 1 Apr 2026 10:48:45 +0100 Message-ID: <20260401094848.2661985-4-peter.maydell@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260401094848.2661985-1-peter.maydell@linaro.org> References: <20260401094848.2661985-1-peter.maydell@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::331; envelope-from=peter.maydell@linaro.org; helo=mail-wm1-x331.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @linaro.org) X-ZM-MESSAGEID: 1775036961032154100 Content-Type: text/plain; charset="utf-8" From: Clayton Craft Linux 6.12 added AT_HANDLE_MNT_ID_UNIQUE, which indicates that mount_id is 64-bits. If name_to_handle_at is called with this flag set then qemu passes a 4 byte int to the kernel, which then tries to store 8 bytes in a 4 byte variable, causing a SIGSEGV[1][2]. This stores mount_id in a 64-bit var if the flag is set. 1. https://gitlab.postmarketos.org/postmarketOS/pmaports/-/work_items/4431 2. https://github.com/systemd/systemd/issues/41279 Signed-off-by: Clayton Craft Reviewed-by: Helge Deller Message-id: 20260325-fix-name-to-handle-at-v1-1-49fb922e6fd3@craftyguy.net Signed-off-by: Peter Maydell --- linux-user/syscall.c | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 7832a1aba5..3cb00c643e 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -8166,6 +8166,9 @@ static int do_futex(CPUState *cpu, bool time64, targe= t_ulong uaddr, #endif =20 #if defined(TARGET_NR_name_to_handle_at) && defined(CONFIG_OPEN_BY_HANDLE) +#ifndef AT_HANDLE_MNT_ID_UNIQUE +#define AT_HANDLE_MNT_ID_UNIQUE 0x001 +#endif static abi_long do_name_to_handle_at(abi_long dirfd, abi_long pathname, abi_long handle, abi_long mount_id, abi_long flags) @@ -8173,6 +8176,7 @@ static abi_long do_name_to_handle_at(abi_long dirfd, = abi_long pathname, struct file_handle *target_fh; struct file_handle *fh; int mid =3D 0; + uint64_t mid64 =3D 0; abi_long ret; char *name; unsigned int size, total_size; @@ -8196,7 +8200,12 @@ static abi_long do_name_to_handle_at(abi_long dirfd,= abi_long pathname, fh =3D g_malloc0(total_size); fh->handle_bytes =3D size; =20 - ret =3D get_errno(name_to_handle_at(dirfd, path(name), fh, &mid, flags= )); + if (flags & AT_HANDLE_MNT_ID_UNIQUE) { + ret =3D get_errno(name_to_handle_at(dirfd, path(name), fh, + (int *)&mid64, flags)); + } else { + ret =3D get_errno(name_to_handle_at(dirfd, path(name), fh, &mid, f= lags)); + } unlock_user(name, pathname, 0); =20 /* man name_to_handle_at(2): @@ -8210,8 +8219,14 @@ static abi_long do_name_to_handle_at(abi_long dirfd,= abi_long pathname, g_free(fh); unlock_user(target_fh, handle, total_size); =20 - if (put_user_s32(mid, mount_id)) { - return -TARGET_EFAULT; + if (flags & AT_HANDLE_MNT_ID_UNIQUE) { + if (put_user_u64(mid64, mount_id)) { + return -TARGET_EFAULT; + } + } else { + if (put_user_s32(mid, mount_id)) { + return -TARGET_EFAULT; + } } =20 return ret; --=20 2.43.0 From nobody Wed Apr 1 22:37:16 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=linaro.org ARC-Seal: i=1; a=rsa-sha256; t=1775037005; cv=none; d=zohomail.com; s=zohoarc; b=a8pH/7pq4uS9tcuFSelCvHWHQh67lLLO+6z6Ob8ktiA3IkDNIWuBShE9huY6l7WyCn8ADay5Ys7zVzj2yoCuuuZ7BN7h+mNr3vR84HIHPLuymognFLvk0wqKYFETyy27+lMUHVyyfEbOwosVFa+xmUbjoCXg7ydxUh/swrrdt3g= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1775037005; h=Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To:Cc; bh=Vo0Efkf+YcZGXah/Y2zvFCSLiebUyzsrMT4TVvGFS2Q=; b=UI4QgspJLNHEloC9ln8GdC13huZSJM1+0wYiHht9VrGvxNHK1Wi11YaUKxWUgvA7MhhrnYqRAL3ycpiFgFxuoUPR5WAxRaA3JSSgS+C5YeFkYBdEAZ4OxrSj0xOqp7yzwvUheHbiJEy5hxnRdN5GpFrkUvhmkPXD97nH6Zr6uEk= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1775037005141800.9000527013177; Wed, 1 Apr 2026 02:50:05 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1w7sC2-0008DB-5q; Wed, 01 Apr 2026 05:48:58 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1w7sC1-0008CO-1A for qemu-devel@nongnu.org; Wed, 01 Apr 2026 05:48:57 -0400 Received: from mail-wm1-x32d.google.com ([2a00:1450:4864:20::32d]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1w7sBz-0000M0-9s for qemu-devel@nongnu.org; Wed, 01 Apr 2026 05:48:56 -0400 Received: by mail-wm1-x32d.google.com with SMTP id 5b1f17b1804b1-48374014a77so79623365e9.3 for ; Wed, 01 Apr 2026 02:48:54 -0700 (PDT) Received: from lanath.. (wildly.archaic.org.uk. [81.2.115.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4887eb5aff3sm146945685e9.15.2026.04.01.02.48.52 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Apr 2026 02:48:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1775036934; x=1775641734; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Vo0Efkf+YcZGXah/Y2zvFCSLiebUyzsrMT4TVvGFS2Q=; b=HWDJiXn6EpNHl1Dwtz2uD7fFySTyVhi/TfZKQFVczbqfcHaeb1ytjO3tZDdXMaDGUp km22LW2QCXvnsKqchUeDT1vufNL0zzITrHlCYfTIZoYbb2l8Xtt3NSlu0tUAskGn0xxc hYhlKj/Yiep2tW0J7PJ/Wiarl3dZ2/SFCUCGan68YufBnvmdbIqRahQuFz3EzsM1iJsO nb/e4wUlk4bPTHlV84Phc6qDmBoTN+n70F6vgR2gGMzxXHcIt15QI8vSD/5brIGn+RXN rJLQw8ugL/9sHwgmW75zSOe6w/I7d6d05im7nLwXwIVWHNGbyBWZN60FfuLXh4CYFlX/ X5NQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775036934; x=1775641734; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=Vo0Efkf+YcZGXah/Y2zvFCSLiebUyzsrMT4TVvGFS2Q=; b=Tb2Zb+hlE0srNsHxH+xkcDR4+En2rBrvpTDehX2qmbxqemLLe+ZD6J9QmU1J1m/8q6 zWvIwzaUqAxCMM4snQAJ3+MOXMLeORu8mmUNN1v3mkNMGIqjrrg0bGm0PaRyE2lz+0PA JVzQAUKt0Muu3I++mZuHsYxeKAIGBx76bhG+shMoVCvNQKve5zB038bx4m+SViZEP6J1 R9+pwcKABxc6J0yA5KZ6HCS2YaV+/FJDWmnUpdxH9uBmuKiDvtDinK3GzmTmkrmC1SbA wte2980t6C4uv8RMRO5s25RiW9X4c2tTomhM6hSsBCXSYgjOYgDKQS/m8cro34SenqzR wDMg== X-Gm-Message-State: AOJu0YxWADabyzOloRIWkP/8jT2CJbVd7yuXqhHK721VQ04yjlVkctqZ mgUXMZqgYwyN/IBTNOcHYTYPGwPXRSFvrFrs/ky7Gt2aR1yx+7iD94PSlnjXis40AorbikjbHEb m4dHEXcM= X-Gm-Gg: ATEYQzyXdXS5GqZV8IuDiMqc11IW40x7vdDSTmGHRt5zxapWuXcUlgnW3q3jOpGOln5 oAzzWbYN2S4YDU+qYp/dAFuxx8QozH4qpn+P1XaAP/ByKL0kd2NJk32S4wv7EnjPJG5LA1ZZtpI eDTe5ojCiw1DuueYRH07XIZuSIyeAAkCWfG5ezflVkWcVah0TnjmJ5L4CS25XaPWBCvj7cyNAAp r7tJcNrFjrmyhRCXYwI0QrOuLx/AMm1xRqCL6MPjs8IGssPH1a9ZL4fsMB//VPg+fjS0hZqIR/e nSAUYhuF8L26z8Q2zDfoCC4MiGOznEmOKznaNCgrobkr/3F0XIg2p5uDXm/5nNeGHwwdDnkBxvM cfL+uUnlbuxWhqj2XnmxR6lDS4bDnycPuEKxDlxfq0+bf5Qnc9/I3D3Js5C+qvavAJGIXs89RPw obKATXI+112Luw0U6JHWBwtxCE4Mg/aGUAoA5ET4BG6LhWbkuU1FKVzXxVJGK98dgRKZJZFLbw9 P9MF3RcfF4mkZtSV4vVSEO9CljvZuI= X-Received: by 2002:a05:600c:3f07:b0:486:ff92:63e5 with SMTP id 5b1f17b1804b1-4888355df4emr50657825e9.6.1775036933753; Wed, 01 Apr 2026 02:48:53 -0700 (PDT) From: Peter Maydell To: qemu-devel@nongnu.org Subject: [PULL 4/6] linux-user: update select timeout writeback Date: Wed, 1 Apr 2026 10:48:46 +0100 Message-ID: <20260401094848.2661985-5-peter.maydell@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260401094848.2661985-1-peter.maydell@linaro.org> References: <20260401094848.2661985-1-peter.maydell@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::32d; envelope-from=peter.maydell@linaro.org; helo=mail-wm1-x32d.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @linaro.org) X-ZM-MESSAGEID: 1775037007634154100 Content-Type: text/plain; charset="utf-8" From: Sun Haoyu The Linux kernel writes back the remaining timeout for select-family syscalls in poll_select_finish(). If that writeback fails, it keeps the original return value. However, QEMU only writes back the timeout on success. If the writeback fails, QEMU returns -TARGET_EFAULT. This can lose the remaining timeout and change the return value. Update do_select(), do_pselect6(), and do_ppoll() to always write back the timeout to match the Linux kernel's behavior. If the timeout writeback fails, keep the original return value. Tested with the issue reproducer. Resolves: https://gitlab.com/qemu-project/qemu/-/work_items/3343 Signed-off-by: Sun Haoyu Reviewed-by: Peter Maydell Message-id: 20260320111647.138984-1-shyliuli@aosc.io Signed-off-by: Peter Maydell --- linux-user/syscall.c | 45 +++++++++++++++++++++++--------------------- 1 file changed, 24 insertions(+), 21 deletions(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 3cb00c643e..bb95b96f29 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -1384,14 +1384,15 @@ static abi_long do_select(int n, return -TARGET_EFAULT; if (efd_addr && copy_to_user_fdset(efd_addr, &efds, n)) return -TARGET_EFAULT; - - if (target_tv_addr) { - tv.tv_sec =3D ts.tv_sec; - tv.tv_usec =3D ts.tv_nsec / 1000; - if (copy_to_user_timeval(target_tv_addr, &tv)) { - return -TARGET_EFAULT; - } - } + } + if (target_tv_addr) { + tv.tv_sec =3D ts.tv_sec; + tv.tv_usec =3D ts.tv_nsec / 1000; + /* + * Like the kernel, we deliberately ignore possible + * failures writing back to the timeout struct. + */ + copy_to_user_timeval(target_tv_addr, &tv); } =20 return ret; @@ -1519,14 +1520,16 @@ static abi_long do_pselect6(abi_long arg1, abi_long= arg2, abi_long arg3, if (efd_addr && copy_to_user_fdset(efd_addr, &efds, n)) { return -TARGET_EFAULT; } + } + if (ts_addr) { + /* + * Like the kernel, we deliberately ignore possible + * failures writing back to the timeout struct. + */ if (time64) { - if (ts_addr && host_to_target_timespec64(ts_addr, &ts)) { - return -TARGET_EFAULT; - } + host_to_target_timespec64(ts_addr, &ts); } else { - if (ts_addr && host_to_target_timespec(ts_addr, &ts)) { - return -TARGET_EFAULT; - } + host_to_target_timespec(ts_addr, &ts); } } return ret; @@ -1596,15 +1599,15 @@ static abi_long do_ppoll(abi_long arg1, abi_long ar= g2, abi_long arg3, if (set) { finish_sigsuspend_mask(ret); } - if (!is_error(ret) && arg3) { + if (arg3) { + /* + * Like the kernel, we deliberately ignore possible + * failures writing back to the timeout struct. + */ if (time64) { - if (host_to_target_timespec64(arg3, timeout_ts)) { - return -TARGET_EFAULT; - } + host_to_target_timespec64(arg3, timeout_ts); } else { - if (host_to_target_timespec(arg3, timeout_ts)) { - return -TARGET_EFAULT; - } + host_to_target_timespec(arg3, timeout_ts); } } } else { --=20 2.43.0 From nobody Wed Apr 1 22:37:16 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=linaro.org ARC-Seal: i=1; a=rsa-sha256; t=1775036978; cv=none; d=zohomail.com; s=zohoarc; b=jsTfLK7rFAEsXLy4AAJhvea4kB9pCJWIcGvUnBIfIXTUn+mAh5hQ8OUBH4JzfGIcNyzB1iEpvcN8O98UXnxUWYv8mQ3lkBmyrymo7H7mJ8ku9/R+i0LZf70CYLsbqIFPPAVZXPTXC1f7dKYDrz88l/yiPKTsHWWZ6Jpjf8erUws= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1775036978; h=Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To:Cc; bh=DPj6a/ykJ3QrXSxGp0eou5I3hh9GvFUes+i3F2z0gV8=; b=j6xSYOFeHWJNajRfWwyuq7Mnv0Ntmtd77403yOwcCKUfNgF0vTRtVofxgZ5YkhASpFar9ouXXWbJVJF/uvUph8j1CX/t7I2Mr502/a8Pb5tVtg+vWAiUEEBJ0csA0NRXkLysj2LNqGzi19kxDOmp/wkU2c0FuGXpqTgGYXWEUyQ= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1775036978454744.9136992234344; Wed, 1 Apr 2026 02:49:38 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1w7sC4-0008E7-3y; Wed, 01 Apr 2026 05:49:00 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1w7sC2-0008D6-0T for qemu-devel@nongnu.org; Wed, 01 Apr 2026 05:48:58 -0400 Received: from mail-wr1-x436.google.com ([2a00:1450:4864:20::436]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1w7sC0-0000M5-EE for qemu-devel@nongnu.org; Wed, 01 Apr 2026 05:48:57 -0400 Received: by mail-wr1-x436.google.com with SMTP id ffacd0b85a97d-43cfbd17589so3253064f8f.0 for ; Wed, 01 Apr 2026 02:48:56 -0700 (PDT) Received: from lanath.. (wildly.archaic.org.uk. [81.2.115.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4887eb5aff3sm146945685e9.15.2026.04.01.02.48.53 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Apr 2026 02:48:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1775036935; x=1775641735; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=DPj6a/ykJ3QrXSxGp0eou5I3hh9GvFUes+i3F2z0gV8=; b=F6zUkkjlzjQwZ3HlA9DQ5bWE6ShKPL547OK9YUQyNetp8I6gBccX9uP0RH3hC0Fhng OkprcZCvmcAPVcgERx8DEoRSUVCMNaSYpGurDcztCOVr9aslso/mZuBgng9wP39LD3GU JjD5AU1Pllj13H1OAGCDXWF/+zcSk/9ZUhy1DywUDTot2Bz/C2lbQY6/u00wvmOj6Loq yoY2LSy3nSdsWAR801Y0q2esQO8dieR0nHlHwQGo2GbFfJ7Y+dR6/NBNsuyViLgHSSex v/Sis8MDn7FWWetCN0vGS6UdYih4Sc1aZV73jtnffZ16x6wUi8I1J9KAsuzG8Z20HNHE RhQA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775036935; x=1775641735; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=DPj6a/ykJ3QrXSxGp0eou5I3hh9GvFUes+i3F2z0gV8=; b=DcMAn1EIzucm8MvPHUSas5blpFvUp0kSMHZ4QXvVRpWME7V1MoFsfFTQ1cnT0v02YF biw9Qq5WXIf93+IgnVZ4t2JpdklvJf3z31OmjpNJfnb6JppTHHs0zy7XYG23Z1BvwzVc ep/8FbX+/JbP5UZiC+k0qxP9ByMldi2W5upyy51TcyG36wdgSGKsgyEB0K16P7kIv2Cz BXYl5Mibq87jRwi9+/knO3zkNJ2SARs+V1kSPBBQMcRRaGJAcPIna1Gw11+R0CBKS3G9 HIdVB0VchNuTy7ENiPvGOmkwI1qhzl6SEeu3HypwwvWLiZK90uLSsPHmdX30WLsYwA+A xD2A== X-Gm-Message-State: AOJu0YwyAQpciJJbgQ747uxA49goG0OFZrXbGfT48pGS2eXn5Hiu1JZp VqEhyfAqQUOGMkFNDPlehTXwPGekU5xN+xk8mUenzXkDeZOh/bObxNH2i1DLUoE/uuuetOy3n7C qpB+oJR4= X-Gm-Gg: ATEYQzw53H4mA4/1Okk4UgK0XfY47rhHskurjReRCgNpdSHLe6K9Jntt95pE0pJ1E1a bQ4TLW/0//KsSTL2BJ9JaxjlM3cDC0Trrd4Gqk+/Aj0LGz5s9gUx3VCNdt7n+EnjjcPAWfccnl2 CHSa86+Tcp+nd7IqdqCffmUDutFuGpt1Zvf/vbkUH64OEabtKHW3bNWb36oCxYAMUKFphDeXf2M 2INhAh5+FShmylIL2e+41K7jD3mJ2VtBJLL+2xfKLeQYabfyoFMpe3Ki5N5VOxGTLdAetY94s75 3zp9bJQj6Hu3C3hLfG5HooMmZkqNtIOcX1RGdKovU+PK9ExFf3uNzj6EsxjHCyq1vesToIu2dnK u26Wgd6Hrk67YdlGnfffFmoFuKRZ0tr4zaj69ZkTig6Mw6i+HiiT2ZLMeCbCsJRePyE4dyguJbI +HXSde15YjHvOSwrzX3iSVYutiW9e8MmAv+kTNaPe2pbC9aGc83AWvv6F27d75f8CENXvFh69E1 PFX+1eKyWq1ysOChuuH/dH5+yCHC5c= X-Received: by 2002:a05:600c:3f19:b0:487:e2d:f649 with SMTP id 5b1f17b1804b1-4888359a8dcmr41518015e9.26.1775036934626; Wed, 01 Apr 2026 02:48:54 -0700 (PDT) From: Peter Maydell To: qemu-devel@nongnu.org Subject: [PULL 5/6] linux-user: Make openat2() use -L for absolute paths Date: Wed, 1 Apr 2026 10:48:47 +0100 Message-ID: <20260401094848.2661985-6-peter.maydell@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260401094848.2661985-1-peter.maydell@linaro.org> References: <20260401094848.2661985-1-peter.maydell@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::436; envelope-from=peter.maydell@linaro.org; helo=mail-wr1-x436.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @linaro.org) X-ZM-MESSAGEID: 1775036981224154100 Content-Type: text/plain; charset="utf-8" From: Sun Haoyu openat2() ignored the -L prefix and opened host files directly. For example, openat2("/tmp/file") opened /tmp/file on the host, not QEMU_LD_PREFIX/tmp/file like openat() does. Fix this by using path() to rewrite absolute paths. Skip this when RESOLVE_BENEATH or RESOLVE_IN_ROOT is set: - RESOLVE_BENEATH rejects absolute paths anyway - RESOLVE_IN_ROOT resolves relative to dirfd Now openat() and openat2() work in the same way. Link: https://gitlab.com/qemu-project/qemu/-/work_items/3341 Signed-off-by: Sun Haoyu Reviewed-by: Peter Maydell Message-id: 20260317053827.25051-1-shyliuli@aosc.io Signed-off-by: Peter Maydell --- linux-user/syscall.c | 11 ++++++++++- linux-user/syscall_defs.h | 7 ++++++- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index bb95b96f29..f4b74ad350 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -8856,7 +8856,16 @@ static int do_openat2(CPUArchState *cpu_env, abi_lon= g dirfd, if (fd > -2) { ret =3D get_errno(fd); } else { - ret =3D get_errno(safe_openat2(dirfd, pathname, &how, + const char *host_pathname =3D pathname; + if (pathname[0] =3D=3D '/' && + !(how.resolve & (RESOLVE_IN_ROOT | RESOLVE_BENEATH))) { + /* + * RESOLVE_BENEATH rejects absolute paths; RESOLVE_IN_ROOT + * resolves them relative to dirfd. + */ + host_pathname =3D path(pathname); + } + ret =3D get_errno(safe_openat2(dirfd, host_pathname, &how, sizeof(struct open_how_ver0))); } =20 diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h index aac8b0c574..679af640c0 100644 --- a/linux-user/syscall_defs.h +++ b/linux-user/syscall_defs.h @@ -2774,7 +2774,12 @@ struct target_open_how_ver0 { #ifndef RESOLVE_NO_SYMLINKS #define RESOLVE_NO_SYMLINKS 0x04 #endif - +#ifndef RESOLVE_BENEATH +#define RESOLVE_BENEATH 0x08 +#endif +#ifndef RESOLVE_IN_ROOT +#define RESOLVE_IN_ROOT 0x10 +#endif #if (defined(TARGET_I386) && defined(TARGET_ABI32)) || \ (defined(TARGET_ARM) && defined(TARGET_ABI32)) || \ defined(TARGET_M68K) || defined(TARGET_MICROBLAZE) || \ --=20 2.43.0 From nobody Wed Apr 1 22:37:16 2026 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=linaro.org ARC-Seal: i=1; a=rsa-sha256; t=1775036973; cv=none; d=zohomail.com; s=zohoarc; b=S5O82WCT25uGUjwTjdU+xJVIGiQXzyjKqs4iyDJ6RPN09YqW1BdN6PBJhd5PYk9vUGPHRf3dLXESyAXgdo7G9I0N4BVk9Xm27a7L+fi6QIoH/a9M1VSEj6MMSPcEWO2MTlW2jRatvPXVeO5OM5rBYjDEp44VXi8SKrxOjEoNsF4= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1775036973; h=Content-Transfer-Encoding:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:Subject:To:To:Message-Id:Reply-To:Cc; bh=mgYPJpXjZl3FWnFp/mDCN39gvvpK4oUEly1SjLxTN7o=; b=Oz5Kk1AWX3NVopebVD2/107UyeJt/9M+3ugmsQkPjXK7mfe+GoaiGLPxj64ozUOoJloOWkhMiNla3iKYeEOVO4frxCxlaNsFygcwhE9lNmiYT3pkri8IgpM9Z4O8R1s7KwigZGtccy9gDKQwM+cy4ejQv9mwsHSTBAM0Jzy0DLw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1775036973457400.8850868036101; Wed, 1 Apr 2026 02:49:33 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1w7sC4-0008EJ-Gr; Wed, 01 Apr 2026 05:49:00 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1w7sC2-0008DK-O6 for qemu-devel@nongnu.org; Wed, 01 Apr 2026 05:48:58 -0400 Received: from mail-wm1-x335.google.com ([2a00:1450:4864:20::335]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1w7sC1-0000MM-7q for qemu-devel@nongnu.org; Wed, 01 Apr 2026 05:48:58 -0400 Received: by mail-wm1-x335.google.com with SMTP id 5b1f17b1804b1-48704db565eso82329475e9.1 for ; Wed, 01 Apr 2026 02:48:56 -0700 (PDT) Received: from lanath.. (wildly.archaic.org.uk. [81.2.115.145]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4887eb5aff3sm146945685e9.15.2026.04.01.02.48.54 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 Apr 2026 02:48:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1775036936; x=1775641736; darn=nongnu.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=mgYPJpXjZl3FWnFp/mDCN39gvvpK4oUEly1SjLxTN7o=; b=FlkHXdhp203ViG2d/XZjTh4VCM9jzY4tZjrm4Rzkj2KuaeIxyLli+YINgh3iWrVI3k 4F0Ev9Vu4m/osqWup8Es1hRY+7G7yZf8pJlh8wSv7CuvSGMkYH57I1YZbdq5u3hS+eY8 UZjygSIj7l0aIsxnySUHLGGLz7E/uJiRZE0qG3fkNSRXAg4BOC8efqDlJf+Rp8jMcOHi qj1GmETsvEBW7IbtFHrZMcxl+by2dxckBuFTmrMWmwWvVeKBYH4AXWIdSGyLmqMYNR9e YED/M4V9bxAvlG3dkOiH1sE1i2aa8rYZYeRXwNm1IBW3nQv7Jf6haJa1lYv2yDD2cOD6 wVKA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775036936; x=1775641736; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=mgYPJpXjZl3FWnFp/mDCN39gvvpK4oUEly1SjLxTN7o=; b=JSb60IGyk8/JGQO6hDaCNfnKeRimjC6SdX1RJzWTvBQ9etDljcQkILqFE6gAoD6p8f 6mz8hyAMWqppsmrQ6uiMSE12bBDKFwC8Klq9C2Y7MPI8YuMBgX3dfiJFKyo42G7nTQzh QtbcMb+xxBW3DKEoPKXiBT5BAX773H0z0+gmSP0R4/Fy/pLsrHaVCgIkflhXbLgf3HvR lZjbVZrcg4KWJj/MraN8dP9qOlG8m6xaZMz1eo21aA0iDQ9JZ0rSEsAtT7c5x9RjrrF9 EsT21alUwZ8vVs3cuOU2wS3C2cYIAdlGotUUVYR1SES/Tz0kD2YQZqnY7RoUKV9ITPkC 7rEQ== X-Gm-Message-State: AOJu0Yxj/G0EW9GrXBthmxdb0ziSTC7XeqYVArj/PZPmjWN8hQTC2o+p 7s8axcI0ByJIMNpA/j8FDV+mmt1FZLDzMXjhUUwRfp/9trKWUUyyp9wqpQHM4maojkLjwWiU5/j OZWg3fsg= X-Gm-Gg: ATEYQzwM2HYrFW0vz8hNxn3yPdsr9CDj4XpBez02prfDJLirkUJaxnAH7M2XgEemrUx T0A591ITt8J9YC56glt1tqwI9D7KcoWGMIA1qjGZ+h5tEYjf3fJYU+u37/knG0v0pxhvhsYwxRI gWRulB9GT9RYfFaXvVjRyk+kYHEMxL0TZaW/83TjgbE1xgC+71kXQejYoWsnh6N5u9HjdP/4TeX qyyJKtmPKzVHM6a6xcts8Q9RmUtHpjGp1bPSpld8OI14u+jkYoq1zPh0CANuimo5JujXuWn/0QD J3L1VJdDHaw7R2PQV5CpmHRAsy8UzxZAeuAO198lAxdA4MphoSkpUSTArNK1nJsEuL3RfSLiw+W bpzCCB9xwggQpX3WvwD/H3RhJi0aQKkT5BnhTQiZ0eZGnDReV5/R9husXFotwbMVdZY/g2LnDPp WJzDB2DuE5OOPY3jBe4fh65q49ZnQSSCxZE2z1bQbJkg+fpmiG7v3bhA8ezDGNwLBOcoFH7AgiR PsKGeIUEeA0ZHyfSO593Db+3AX/bYY= X-Received: by 2002:a05:600c:8b85:b0:485:40db:d40c with SMTP id 5b1f17b1804b1-4888355df3emr49861845e9.3.1775036935589; Wed, 01 Apr 2026 02:48:55 -0700 (PDT) From: Peter Maydell To: qemu-devel@nongnu.org Subject: [PULL 6/6] bsd-user, linux-user: signal: recursive signal delivery fix Date: Wed, 1 Apr 2026 10:48:48 +0100 Message-ID: <20260401094848.2661985-7-peter.maydell@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260401094848.2661985-1-peter.maydell@linaro.org> References: <20260401094848.2661985-1-peter.maydell@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=2a00:1450:4864:20::335; envelope-from=peter.maydell@linaro.org; helo=mail-wm1-x335.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: qemu development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZohoMail-DKIM: pass (identity @linaro.org) X-ZM-MESSAGEID: 1775036975183154100 Content-Type: text/plain; charset="utf-8" From: Nicholas Piggin Synchronous signals must accommodate a synchronous signal being raised during delivery, as asynchronous ones do. For example badframe errors during delivery will cause SIGSEGV to be raised. Without this fix, cpu_loop() runs process_pending_signals() which delivers the first synchronous signal (e.g., SIGILL) which fails to set the handler and forces SIGSEGV, but that is not picked up. process_pending_signals() returns. Then cpu_loop() runs cpu_exec() again, which attempts to execute the same instruction, another SIGILL. Signed-off-by: Nicholas Piggin Reviewed-by: Warner Losh Reviewed-by: Peter Maydell Message-id: 20260321135624.581398-3-npiggin@gmail.com Signed-off-by: Peter Maydell --- bsd-user/signal.c | 10 ++++++---- linux-user/signal.c | 9 ++++++--- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/bsd-user/signal.c b/bsd-user/signal.c index dadcc037dc..3e5e41e1b1 100644 --- a/bsd-user/signal.c +++ b/bsd-user/signal.c @@ -998,7 +998,12 @@ void process_pending_signals(CPUArchState *env) sigdelset(&ts->signal_mask, target_to_host_signal(sig)); sigact_table[sig - 1]._sa_handler =3D TARGET_SIG_DFL; } + /* + * Restart scan from the beginning, as handle_pending_signal + * might have resulted in a new synchronous signal (eg SIGSEGV= ). + */ handle_pending_signal(env, sig, &ts->sync_signal); + goto restart_scan; } =20 k =3D ts->sigtab; @@ -1008,10 +1013,7 @@ void process_pending_signals(CPUArchState *env) if (k->pending && !sigismember(blocked_set, target_to_host_signal(sig))) { handle_pending_signal(env, sig, k); - /* - * Restart scan from the beginning, as handle_pending_sign= al - * might have resulted in a new synchronous signal (eg SIG= SEGV). - */ + /* Restart scan, explained above. */ goto restart_scan; } } diff --git a/linux-user/signal.c b/linux-user/signal.c index 804096bd44..f0a22577e5 100644 --- a/linux-user/signal.c +++ b/linux-user/signal.c @@ -1384,6 +1384,11 @@ void process_pending_signals(CPUArchState *cpu_env) } =20 handle_pending_signal(cpu_env, sig, &ts->sync_signal); + /* + * Restart scan from the beginning, as handle_pending_signal + * might have resulted in a new synchronous signal (eg SIGSEGV= ). + */ + goto restart_scan; } =20 for (sig =3D 1; sig <=3D TARGET_NSIG; sig++) { @@ -1394,9 +1399,7 @@ void process_pending_signals(CPUArchState *cpu_env) (!sigismember(blocked_set, target_to_host_signal_table[sig]))) { handle_pending_signal(cpu_env, sig, &ts->sigtab[sig - 1]); - /* Restart scan from the beginning, as handle_pending_sign= al - * might have resulted in a new synchronous signal (eg SIG= SEGV). - */ + /* Restart scan, explained above. */ goto restart_scan; } } --=20 2.43.0