From patchwork Wed May 25 10:31:58 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Riku Voipio <riku.voipio@linaro.org>
X-Patchwork-Id: 9135145
Return-Path: 
 <qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	2EEC96075C for <patchwork-qemu-devel@patchwork.kernel.org>;
	Wed, 25 May 2016 10:55:48 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1EB4428164
	for <patchwork-qemu-devel@patchwork.kernel.org>;
	Wed, 25 May 2016 10:55:48 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 135A12824F; Wed, 25 May 2016 10:55:48 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-5.8 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	FSL_HELO_HOME, RCVD_IN_DNSWL_HI,
	T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from lists.gnu.org (lists.gnu.org [208.118.235.17])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id E4F1028164
	for <patchwork-qemu-devel@patchwork.kernel.org>;
	Wed, 25 May 2016 10:55:46 +0000 (UTC)
Received: from localhost ([::1]:58913 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from
	<qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>)
	id 1b5WTZ-0005VX-L5 for patchwork-qemu-devel@patchwork.kernel.org;
	Wed, 25 May 2016 06:55:45 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:41807)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <riku.voipio@linaro.org>) id 1b5W7K-0001Pa-JE
	for qemu-devel@nongnu.org; Wed, 25 May 2016 06:32:57 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <riku.voipio@linaro.org>) id 1b5W79-0003Jj-Tx
	for qemu-devel@nongnu.org; Wed, 25 May 2016 06:32:46 -0400
Received: from mail-lb0-x235.google.com ([2a00:1450:4010:c04::235]:35114)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <riku.voipio@linaro.org>) id 1b5W79-0003JN-NK
	for qemu-devel@nongnu.org; Wed, 25 May 2016 06:32:35 -0400
Received: by mail-lb0-x235.google.com with SMTP id ww9so14020641lbc.2
	for <qemu-devel@nongnu.org>; Wed, 25 May 2016 03:32:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=Tbei6IG8h5I924NP3mK+3E9bICEU7FWrBVLc8Y85LqI=;
	b=jEiiXIf+3gDF8m50HO6pew3LKF0heVUiOpDv8Oq9/JD75lMbOWLiBEq/Fv28uzVBgZ
	OilyWVTEDBhfGC9fKVj5J0YvZ+PiuVwaQuZAU+ROZt6LEbhxoK+w6ZYNuq2eWzsw0BKe
	r3ethqoh30zHL/mN/uLgg1U0jt0Xb5gRbFc5E=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=Tbei6IG8h5I924NP3mK+3E9bICEU7FWrBVLc8Y85LqI=;
	b=WJQBxCWPBbvuyviTA0lqKO8Z8SzSgcEwQ3OloOpssxaT4dHZRtxtMFhz90wINQO2xZ
	fVXUe37RLknJiUHZpg2vjCYuaE8+huto16t8ABXYkI3WnxZM4nmHRHq+C6mtGy0QE2Rt
	vkLmi8ZwJufdPegvdQRbk56LaJwUPLJ8GDvj29vmd5RYj0Q0B2RcDWW+GbWX6LJhJC4O
	r7TsuVNEVyKffmJ/6m5y+pu2x3IhbRXwxsPMXCD36f4oG5a/vObeeZc6YhIiB00ZBAUT
	nWkekDyni9JSDTojWOXbhzw9SlhVJ4/KsmZjGHr/Y1q+kB0k+hQmgH1m5NGM0AkUN0AY
	wHNQ==
X-Gm-Message-State: 
 ALyK8tKDK9PtLbnw97bIBaSPdwEFEpA3gIAD2k0AtWPh72lQ8XiYEqvB7/zWqjUH3E6AYprI
X-Received: by 10.112.170.38 with SMTP id aj6mr945771lbc.29.1464172354919;
	Wed, 25 May 2016 03:32:34 -0700 (PDT)
Received: from beaming.home (91-157-168-132.elisa-laajakaista.fi.
	[91.157.168.132]) by smtp.gmail.com with ESMTPSA id
	o75sm1379610lfi.9.2016.05.25.03.32.31
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Wed, 25 May 2016 03:32:32 -0700 (PDT)
From: riku.voipio@linaro.org
To: qemu-devel@nongnu.org
Date: Wed, 25 May 2016 13:31:58 +0300
Message-Id: 
 <4c34cee95eec717558c1239ef4e54d0e7464272d.1464153942.git.riku.voipio@linaro.org>
X-Mailer: git-send-email 2.1.4
In-Reply-To: <cover.1464153942.git.riku.voipio@linaro.org>
References: <cover.1464153942.git.riku.voipio@linaro.org>
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 2a00:1450:4010:c04::235
Subject: [Qemu-devel] [PULL 26/38] linux-user: Use safe_syscall for execve
	syscall
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: Timothy E Baldwin <T.E.Baldwin99@members.leeds.ac.uk>
Errors-To: 
 qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org
Sender: "Qemu-devel"
	<qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>
X-Virus-Scanned: ClamAV using ClamSMTP

From: Timothy E Baldwin <T.E.Baldwin99@members.leeds.ac.uk>

Wrap execve() in the safe-syscall handling. Although execve() is not
an interruptible syscall, it is a special case: if we allow a signal
to happen before we make the host$ syscall then we will 'lose' it,
because at the point of execve the process leaves QEMU's control.  So
we use the safe syscall wrapper to ensure that we either take the
signal as a guest signal, or else it does not happen before the
execve completes and makes it the other program's problem.

The practical upshot is that without this SIGTERM could fail to
terminate the process.

Signed-off-by: Timothy Edward Baldwin <T.E.Baldwin99@members.leeds.ac.uk>
Message-id: 1441497448-32489-25-git-send-email-T.E.Baldwin99@members.leeds.ac.uk
[PMM: expanded commit message to explain in more detail why this is
 needed, and add comment about it too]
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
---
 linux-user/syscall.c | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index d9f4695..dea827f 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -703,6 +703,7 @@ safe_syscall4(pid_t, wait4, pid_t, pid, int *, status, int, options, \
               struct rusage *, rusage)
 safe_syscall5(int, waitid, idtype_t, idtype, id_t, id, siginfo_t *, infop, \
               int, options, struct rusage *, rusage)
+safe_syscall3(int, execve, const char *, filename, char **, argv, char **, envp)
 
 static inline int host_to_target_sock_type(int host_type)
 {
@@ -6179,7 +6180,17 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
 
             if (!(p = lock_user_string(arg1)))
                 goto execve_efault;
-            ret = get_errno(execve(p, argp, envp));
+            /* Although execve() is not an interruptible syscall it is
+             * a special case where we must use the safe_syscall wrapper:
+             * if we allow a signal to happen before we make the host
+             * syscall then we will 'lose' it, because at the point of
+             * execve the process leaves QEMU's control. So we use the
+             * safe syscall wrapper to ensure that we either take the
+             * signal as a guest signal, or else it does not happen
+             * before the execve completes and makes it the other
+             * program's problem.
+             */
+            ret = get_errno(safe_execve(p, argp, envp));
             unlock_user(p, arg1, 0);
 
             goto execve_end;