From patchwork Thu May 3 18:32:15 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 8380 Return-Path: X-Original-To: patchwork@peony.canonical.com Delivered-To: patchwork@peony.canonical.com Received: from fiordland.canonical.com (fiordland.canonical.com [91.189.94.145]) by peony.canonical.com (Postfix) with ESMTP id 7A69023E00 for ; Thu, 3 May 2012 18:32:23 +0000 (UTC) Received: from mail-pz0-f52.google.com (mail-pz0-f52.google.com [209.85.210.52]) by fiordland.canonical.com (Postfix) with ESMTP id 0EFAFA1819E for ; Thu, 3 May 2012 18:32:22 +0000 (UTC) Received: by dadz9 with SMTP id z9so2159646dad.25 for ; Thu, 03 May 2012 11:32:22 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-forwarded-to:x-forwarded-for:delivered-to:received-spf:from:to:cc :subject:date:message-id:x-mailer:x-gm-message-state; bh=JtrT1RbhNBzMmkYQbJCrnyL9TtdO25tDv87orDjvXe0=; b=msNlTKoYGf57X7uuc7s+/n0QCk7EyHzHsi2Jzwt8CcQW108/oh9IF/LOuH/+xG6+sP lP6d5ShxKYcvBVNep112BXUR7OavTXrRoVta2RNU+pROXwwYUBhOM2Rzd900W0AYHpkp I3DaXWT7rjvGDXuWwYF0F4sDCDeaKHg8Zk4rudfdrWPhIBfIVW+IycqWTZNYpM5iCzOF QUnWYPWqLUsVL4oXhCPLv5nhhAkZLG2YkGXH+SVIeS1EVzfTcznJ/L4AilshxhWhMBqD r3TL/aWMNxZpmH8A/ITQN7gHEl4NmOxYyGLJan1VZowM4dBX8RJatlPwJVP6yu+oE9S+ I3Aw== Received: by 10.50.160.225 with SMTP id xn1mr1355146igb.3.1336069942111; Thu, 03 May 2012 11:32:22 -0700 (PDT) X-Forwarded-To: linaro-patchwork@canonical.com X-Forwarded-For: patch@linaro.org linaro-patchwork@canonical.com Delivered-To: patches@linaro.org Received: by 10.231.137.198 with SMTP id x6csp39407ibt; Thu, 3 May 2012 11:32:21 -0700 (PDT) Received: by 10.180.94.33 with SMTP id cz1mr5774665wib.13.1336069940428; Thu, 03 May 2012 11:32:20 -0700 (PDT) Received: from mnementh.archaic.org.uk (mnementh.archaic.org.uk. [81.2.115.146]) by mx.google.com with ESMTPS id 83si6991768wet.137.2012.05.03.11.32.19 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 03 May 2012 11:32:20 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 81.2.115.146 as permitted sender) client-ip=81.2.115.146; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of pm215@archaic.org.uk designates 81.2.115.146 as permitted sender) smtp.mail=pm215@archaic.org.uk Received: from pm215 by mnementh.archaic.org.uk with local (Exim 4.72) (envelope-from ) id 1SQ0p5-0000YR-F1; Thu, 03 May 2012 19:32:15 +0100 From: Peter Maydell To: qemu-devel@nongnu.org Cc: patches@linaro.org, Alexander Graf , Riku Voipio Subject: [PATCH for-1.1] user-exec.c: Don't assert on segfaults for non-valid addresses Date: Thu, 3 May 2012 19:32:15 +0100 Message-Id: <1336069935-2106-1-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 1.7.2.5 X-Gm-Message-State: ALoCoQnwTe7o5zicNgzkWV4OQwE7keYJpJgmpw1Hpw+JnImcPEE7zMNoT6C/drpdA2O47pJsg7sA h2g() will assert if passed an address that's not a valid guest address, so handle_cpu_signal() needs to check before passing "data address which caused a segfault" to it, since for a misbehaving guest that could be anything. If the address isn't a valid guest address then we can simply skip the attempt to unprotect a guest page which was made read-only to catch self-modifying code. This assertion probably fires more readily now than it used to do because of recent changes to default to reserving guest address space. Signed-off-by: Peter Maydell Acked-by: Alexander Graf --- I've tentatively marked this as for-1.1 as it's pretty safe, although it doesn't buy you a great deal: misbehaving guest binaries will die cleanly with a segfault rather than qemu asserting and then locking up (assert() in qemu's linux-user code doesn't really behave very nicely...) user-exec.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/user-exec.c b/user-exec.c index be6bc4f..d8c2ad9 100644 --- a/user-exec.c +++ b/user-exec.c @@ -97,7 +97,8 @@ static inline int handle_cpu_signal(uintptr_t pc, unsigned long address, pc, address, is_write, *(unsigned long *)old_set); #endif /* XXX: locking issue */ - if (is_write && page_unprotect(h2g(address), pc, puc)) { + if (is_write && h2g_valid(address) + && page_unprotect(h2g(address), pc, puc)) { return 1; }