[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PULL 30/38] linux-user: Handle msgrcv error case correctly
From: |
riku . voipio |
Subject: |
[Qemu-devel] [PULL 30/38] linux-user: Handle msgrcv error case correctly |
Date: |
Wed, 25 May 2016 13:32:02 +0300 |
From: Peter Maydell <address@hidden>
The msgrcv ABI is a bit odd -- the msgsz argument is a size_t, which is
unsigned, but it must fail EINVAL if the value is negative when cast
to a long. We were incorrectly passing the value through an
"unsigned int", which meant that if the guest was 32-bit longs and
the host was 64-bit longs an input of 0xffffffff (which should trigger
EINVAL) would simply be passed to the host msgrcv() as 0xffffffff,
where it does not cause the host kernel to reject it.
Follow the same approach as do_msgsnd() in using a ssize_t and
doing the check for negative values by hand, so we correctly fail
in this corner case.
This fixes the msgrcv03 Linux Test Project test case, which otherwise
hangs.
Signed-off-by: Peter Maydell <address@hidden>
Signed-off-by: Riku Voipio <address@hidden>
---
linux-user/syscall.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 6c4f5c6..cec5b80 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -3152,7 +3152,7 @@ static inline abi_long do_msgsnd(int msqid, abi_long msgp,
}
static inline abi_long do_msgrcv(int msqid, abi_long msgp,
- unsigned int msgsz, abi_long msgtyp,
+ ssize_t msgsz, abi_long msgtyp,
int msgflg)
{
struct target_msgbuf *target_mb;
@@ -3160,6 +3160,10 @@ static inline abi_long do_msgrcv(int msqid, abi_long
msgp,
struct msgbuf *host_mb;
abi_long ret = 0;
+ if (msgsz < 0) {
+ return -TARGET_EINVAL;
+ }
+
if (!lock_user_struct(VERIFY_WRITE, target_mb, msgp, 0))
return -TARGET_EFAULT;
--
2.1.4
- [Qemu-devel] [PULL 23/38] linux-user: Use safe_syscall for read and write system calls, (continued)
- [Qemu-devel] [PULL 23/38] linux-user: Use safe_syscall for read and write system calls, riku . voipio, 2016/05/25
- [Qemu-devel] [PULL 22/38] linux-user: Provide safe_syscall for fixing races between signals and syscalls, riku . voipio, 2016/05/25
- [Qemu-devel] [PULL 25/38] linux-user: Use safe_syscall for wait system calls, riku . voipio, 2016/05/25
- [Qemu-devel] [PULL 24/38] linux-user: Use safe_syscall for open and openat system calls, riku . voipio, 2016/05/25
- [Qemu-devel] [PULL 28/38] linux-user: Use safe_syscall for futex syscall, riku . voipio, 2016/05/25
- [Qemu-devel] [PULL 26/38] linux-user: Use safe_syscall for execve syscall, riku . voipio, 2016/05/25
- [Qemu-devel] [PULL 27/38] linux-user: Use safe_syscall for pselect, select syscalls, riku . voipio, 2016/05/25
- [Qemu-devel] [PULL 29/38] linux-user: Handle negative values in timespec conversion, riku . voipio, 2016/05/25
- [Qemu-devel] [PULL 31/38] linux-user: Use g_try_malloc() in do_msgrcv(), riku . voipio, 2016/05/25
- [Qemu-devel] [PULL 35/38] linux-user/signal.c: Generate opcode data for restorer in setup_rt_frame, riku . voipio, 2016/05/25
- [Qemu-devel] [PULL 30/38] linux-user: Handle msgrcv error case correctly,
riku . voipio <=
- [Qemu-devel] [PULL 32/38] linux-user: x86_64: Don't use 16-bit UIDs, riku . voipio, 2016/05/25
- [Qemu-devel] [PULL 34/38] linux-user: arm: Remove ARM_cpsr and similar #defines, riku . voipio, 2016/05/25
- [Qemu-devel] [PULL 33/38] linux-user: Use direct syscalls for setuid(), etc, riku . voipio, 2016/05/25
- [Qemu-devel] [PULL 36/38] linux-user/signal.c: Use target address instead of host address for microblaze restorer, riku . voipio, 2016/05/25
- [Qemu-devel] [PULL 37/38] linux-user/signal.c: Use s390 target space address instead of host space, riku . voipio, 2016/05/25
- [Qemu-devel] [PULL 38/38] linux-user, target-ppc: fix use of MSR_LE, riku . voipio, 2016/05/25
- Re: [Qemu-devel] [PULL 00/38] linux-user update, Peter Maydell, 2016/05/25