From patchwork Fri May 27 13:00:21 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Riku Voipio X-Patchwork-Id: 9138391 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id CBF4760467 for ; Fri, 27 May 2016 13:39:44 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B1FAE25819 for ; Fri, 27 May 2016 13:39:44 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A64FA280A3; Fri, 27 May 2016 13:39:44 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, FSL_HELO_HOME, RCVD_IN_DNSWL_HI, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 19A0E25819 for ; Fri, 27 May 2016 13:39:43 +0000 (UTC) Received: from localhost ([::1]:45875 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b6HzK-000385-Jk for patchwork-qemu-devel@patchwork.kernel.org; Fri, 27 May 2016 09:39:42 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:37555) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b6HOA-0007sf-D7 for qemu-devel@nongnu.org; Fri, 27 May 2016 09:01:23 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1b6HO4-0001Kl-1e for qemu-devel@nongnu.org; Fri, 27 May 2016 09:01:17 -0400 Received: from mail-lf0-x22a.google.com ([2a00:1450:4010:c07::22a]:36716) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b6HO3-0001KD-5d for qemu-devel@nongnu.org; Fri, 27 May 2016 09:01:11 -0400 Received: by mail-lf0-x22a.google.com with SMTP id b73so23109074lfb.3 for ; Fri, 27 May 2016 06:01:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=+clAu9B3sDWN53uRQEb7vQbRv2BiBwftB3sKMALIdaM=; b=HdD7pb9ZlBnnMSGMU1L7GhT8FFcV1DMZUlWEYrxwW7byYqLe5VBXfARaEpfGxE8os6 0ioo4Mg6Eo+kC6E7eSJKXxvXSPIOlULVgBhJCpilXqm5dulJv/2/CYUXku6+YOC6McxR agac+zxP8f5uK3ONko51G3EkCVUdAKTsvA310= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=+clAu9B3sDWN53uRQEb7vQbRv2BiBwftB3sKMALIdaM=; b=XZsNUGswl+1igz0isEJFWbnThsFPQX6CX4NVX+j5aljx9MBVThbBucetr+OU0BGZGX AXAwwMnAigTqBZ3aN+G5KCRS0IbLE8z9AFUUqJhutFmt8MJpXH0dfwONFJ17OfFvO1oE DJySRlprR7twF00CCMMg6mu3b21czOo0Wi/n8BBZvi4X/GsITOeaKipx7nEMGXnG8Ge8 BWiLngC4vkdi8m38xOkz9ySQLithNQQVrQXACZvsmxPFWnhCzkcZ5PX7IQobMSCoIHfl yWbFCOklLsdsFkdaHD1ixBOXTW2XQsKuu0ZXfJXr3SVfHNZtMvfEyi6AQ+qjxYrSX+Nw TJ7Q== X-Gm-Message-State: ALyK8tLqPGBFaeeJO++aoEC9fAItbLKMkKB8mTruFQVHQ4jTxtzZMMcg6AAMbrW5qGGoNPoT X-Received: by 10.46.9.129 with SMTP id 123mr1658162ljj.1.1464354070332; Fri, 27 May 2016 06:01:10 -0700 (PDT) Received: from beaming.home (91-157-168-132.elisa-laajakaista.fi. [91.157.168.132]) by smtp.gmail.com with ESMTPSA id n16sm2281066lfg.31.2016.05.27.06.01.09 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 27 May 2016 06:01:09 -0700 (PDT) From: riku.voipio@linaro.org To: qemu-devel@nongnu.org Date: Fri, 27 May 2016 16:00:21 +0300 Message-Id: <99874f65526ed7827202c6e17c62f30d47652bdd.1464353863.git.riku.voipio@linaro.org> X-Mailer: git-send-email 2.1.4 In-Reply-To: References: X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2a00:1450:4010:c07::22a Subject: [Qemu-devel] [PULL v2 30/38] linux-user: Handle msgrcv error case correctly X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP From: Peter Maydell The msgrcv ABI is a bit odd -- the msgsz argument is a size_t, which is unsigned, but it must fail EINVAL if the value is negative when cast to a long. We were incorrectly passing the value through an "unsigned int", which meant that if the guest was 32-bit longs and the host was 64-bit longs an input of 0xffffffff (which should trigger EINVAL) would simply be passed to the host msgrcv() as 0xffffffff, where it does not cause the host kernel to reject it. Follow the same approach as do_msgsnd() in using a ssize_t and doing the check for negative values by hand, so we correctly fail in this corner case. This fixes the msgrcv03 Linux Test Project test case, which otherwise hangs. Signed-off-by: Peter Maydell Signed-off-by: Riku Voipio --- linux-user/syscall.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 6c4f5c6..cec5b80 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -3152,7 +3152,7 @@ static inline abi_long do_msgsnd(int msqid, abi_long msgp, } static inline abi_long do_msgrcv(int msqid, abi_long msgp, - unsigned int msgsz, abi_long msgtyp, + ssize_t msgsz, abi_long msgtyp, int msgflg) { struct target_msgbuf *target_mb; @@ -3160,6 +3160,10 @@ static inline abi_long do_msgrcv(int msqid, abi_long msgp, struct msgbuf *host_mb; abi_long ret = 0; + if (msgsz < 0) { + return -TARGET_EINVAL; + } + if (!lock_user_struct(VERIFY_WRITE, target_mb, msgp, 0)) return -TARGET_EFAULT;