From patchwork Tue Feb 24 21:48:04 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Roth <mdroth@linux.vnet.ibm.com>
X-Patchwork-Id: 44997
Return-Path: <patchwork-forward+bncBCX5ZQEZUQNBBP7JWOTQKGQEVIGM6JA@linaro.org>
X-Original-To: linaro@patches.linaro.org
Delivered-To: linaro@patches.linaro.org
Received: from mail-lb0-f198.google.com (mail-lb0-f198.google.com
 [209.85.217.198])
 by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id DA5402029F
 for <linaro@patches.linaro.org>; Tue, 24 Feb 2015 22:01:36 +0000 (UTC)
Received: by lbvp9 with SMTP id p9sf19254026lbv.1
 for <linaro@patches.linaro.org>; Tue, 24 Feb 2015 14:01:35 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:delivered-to:from:to:date
 :message-id:in-reply-to:references:cc:subject:precedence:list-id
 :list-unsubscribe:list-archive:list-post:list-help:list-subscribe
 :errors-to:sender:x-original-sender
 :x-original-authentication-results:mailing-list;
 bh=qxxksbkXd2uHx7+/POPjNZClo3eNmebiMyUJTMg3LMQ=;
 b=IWhe9Mbo4yr/y0hrmWYng2gYSvz7gJQ9m5zYB0frowlnFxSUAv2+/Ms6JVtZH9eWDy
 q4C4aB+7NaS+An80GEpJhYNJJWB5Adlx39/2lOE5ogjKFsmHuYN0CbKEPL1yKcjhfc0M
 ErO64wfo80FbCZbw3pW0NvndD5wNtas8ZvbP5XWbq0qJiTpy4VNkZ6rpPLHKtYJdLMsR
 6rJnRRHuUcOvVDVBRzmDA3fp2dTV/bpuHHLJsf/tY614XKZhNgInwxOLdkHMl0aNYpHp
 VWhvmykhsGB91WQrAwmAQqx90DfaRgr9f7SL11LGcbLjqmW13eU4hOiHRMm8krAUolP6
 3Sjg==
X-Gm-Message-State: ALoCoQlNhxScDk3s+RrGLXItKHkF8uK5otoYOCRG9lZ5eUA2/CxjLFdhfCbfqmmcC9oopbKz66J5
X-Received: by 10.112.35.135 with SMTP id h7mr9224lbj.23.1424815295755;
 Tue, 24 Feb 2015 14:01:35 -0800 (PST)
MIME-Version: 1.0
X-BeenThere: patchwork-forward@linaro.org
Received: by 10.152.204.12 with SMTP id ku12ls597195lac.105.gmail;
 Tue, 24 Feb 2015 14:01:35 -0800 (PST)
X-Received: by 10.152.246.41 with SMTP id xt9mr36982lac.110.1424815295580;
 Tue, 24 Feb 2015 14:01:35 -0800 (PST)
Received: from mail-la0-f46.google.com (mail-la0-f46.google.com.
 [209.85.215.46]) by mx.google.com with ESMTPS id
 we7si21041104lbb.171.2015.02.24.14.01.35
 for <patchwork-forward@linaro.org>
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Tue, 24 Feb 2015 14:01:35 -0800 (PST)
Received-SPF: pass (google.com: domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.215.46 as permitted sender) client-ip=209.85.215.46; 
Received: by labhs14 with SMTP id hs14so6268668lab.4
 for <patchwork-forward@linaro.org>;
 Tue, 24 Feb 2015 14:01:35 -0800 (PST)
X-Received: by 10.152.87.3 with SMTP id t3mr9581laz.19.1424815295443;
 Tue, 24 Feb 2015 14:01:35 -0800 (PST)
X-Forwarded-To: patchwork-forward@linaro.org
X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org
Delivered-To: patch@linaro.org
Received: by 10.112.35.133 with SMTP id h5csp2202329lbj;
 Tue, 24 Feb 2015 14:01:34 -0800 (PST)
X-Received: by 10.140.95.179 with SMTP id i48mr317655qge.4.1424815294087;
 Tue, 24 Feb 2015 14:01:34 -0800 (PST)
Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11])
 by mx.google.com with ESMTPS id
 l77si30500645qgl.47.2015.02.24.14.01.33 for <patch@linaro.org>
 (version=TLSv1 cipher=RC4-SHA bits=128/128);
 Tue, 24 Feb 2015 14:01:34 -0800 (PST)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 2001:4830:134:3::11 as permitted sender)
 client-ip=2001:4830:134:3::11; 
Received: from localhost ([::1]:51695 helo=lists.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <qemu-devel-bounces+patch=linaro.org@nongnu.org>)
 id 1YQNXp-0005z5-66
 for patch@linaro.org; Tue, 24 Feb 2015 17:01:33 -0500
Received: from eggs.gnu.org ([2001:4830:134:3::10]:48511)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <mdroth@linux.vnet.ibm.com>) id 1YQNPK-0005pi-OC
 for qemu-devel@nongnu.org; Tue, 24 Feb 2015 16:52:50 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <mdroth@linux.vnet.ibm.com>) id 1YQNPG-0007Bm-0P
 for qemu-devel@nongnu.org; Tue, 24 Feb 2015 16:52:46 -0500
Received: from e7.ny.us.ibm.com ([32.97.182.137]:51900)
 by eggs.gnu.org with esmtp (Exim 4.71)
 (envelope-from <mdroth@linux.vnet.ibm.com>) id 1YQNPF-0007Az-SC
 for qemu-devel@nongnu.org; Tue, 24 Feb 2015 16:52:41 -0500
Received: from /spool/local
 by e7.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only!
 Violators will be prosecuted
 for <qemu-devel@nongnu.org> from <mdroth@linux.vnet.ibm.com>;
 Tue, 24 Feb 2015 16:52:41 -0500
Received: from d01dlp03.pok.ibm.com (9.56.250.168)
 by e7.ny.us.ibm.com (192.168.1.107) with IBM ESMTP SMTP Gateway:
 Authorized Use Only! Violators will be prosecuted; 
 Tue, 24 Feb 2015 16:52:38 -0500
Received: from b01cxnp23033.gho.pok.ibm.com (b01cxnp23033.gho.pok.ibm.com
 [9.57.198.28])
 by d01dlp03.pok.ibm.com (Postfix) with ESMTP id 0171DC9003E;
 Tue, 24 Feb 2015 16:43:49 -0500 (EST)
Received: from d01av03.pok.ibm.com (d01av03.pok.ibm.com [9.56.224.217])
 by b01cxnp23033.gho.pok.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP
 id t1OLqchu22675532; Tue, 24 Feb 2015 21:52:38 GMT
Received: from d01av03.pok.ibm.com (localhost [127.0.0.1])
 by d01av03.pok.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with ESMTP id
 t1OLqb4i000522; Tue, 24 Feb 2015 16:52:37 -0500
Received: from localhost (morrigu.austin.ibm.com [9.41.105.45])
 by d01av03.pok.ibm.com (8.14.4/8.14.4/NCO v10.0 AVin) with ESMTP id
 t1OLqbUu000486; Tue, 24 Feb 2015 16:52:37 -0500
From: Michael Roth <mdroth@linux.vnet.ibm.com>
To: qemu-devel@nongnu.org
Date: Tue, 24 Feb 2015 15:48:04 -0600
Message-Id: <1424814498-6993-30-git-send-email-mdroth@linux.vnet.ibm.com>
X-Mailer: git-send-email 1.9.1
In-Reply-To: <1424814498-6993-1-git-send-email-mdroth@linux.vnet.ibm.com>
References: <1424814498-6993-1-git-send-email-mdroth@linux.vnet.ibm.com>
X-TM-AS-MML: disable
X-Content-Scanned: Fidelis XPS MAILER
x-cbid: 15022421-0037-0000-0000-000000B59416
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x
X-Received-From: 32.97.182.137
Cc: Peter Maydell <peter.maydell@linaro.org>,
 Riku Voipio <riku.voipio@linaro.org>, qemu-stable@nongnu.org
Subject: [Qemu-devel] [PATCH 29/43] linux-user: Fix broken m68k signal
 handling on 64 bit hosts
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: <patchwork-forward.linaro.org>
List-Unsubscribe: <mailto:googlegroups-manage+836684582541+unsubscribe@googlegroups.com>, 
 <http://groups.google.com/a/linaro.org/group/patchwork-forward/subscribe>
List-Archive: <http://groups.google.com/a/linaro.org/group/patchwork-forward/>
List-Post: <http://groups.google.com/a/linaro.org/group/patchwork-forward/post>, 
 <mailto:patchwork-forward@linaro.org>
List-Help: <http://support.google.com/a/linaro.org/bin/topic.py?topic=25838>, 
 <mailto:patchwork-forward+help@linaro.org>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org
X-Removed-Original-Auth: Dkim didn't pass.
X-Original-Sender: mdroth@linux.vnet.ibm.com
X-Original-Authentication-Results: mx.google.com; spf=pass (google.com:
 domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.215.46 as permitted sender)
 smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org
Mailing-list: list patchwork-forward@linaro.org;
 contact patchwork-forward+owners@linaro.org
X-Google-Group-Id: 836684582541

From: Peter Maydell <peter.maydell@linaro.org>

The m68k signal frame setup code which writes the signal return
trampoline code to the stack was assuming that a 'long' was 32 bits;
on 64 bit systems this meant we would end up writing the 32 bit
(2 insn) trampoline sequence to retaddr+4,retaddr+6 instead of
the intended retaddr+0,retaddr+2, resulting in a guest crash when
it tried to execute the invalid zero-bytes at retaddr+0.
Fix by using uint32_t instead; also use uint16_t rather than short
for consistency. This fixes bug LP:1404690.

Reported-by: Michel Boaventura
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
(cherry picked from commit 1669add752d9f29283f8ebf6a863d7b1e2d0f146)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
---
 linux-user/signal.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/linux-user/signal.c b/linux-user/signal.c
index e11b208..a324fd1 100644
--- a/linux-user/signal.c
+++ b/linux-user/signal.c
@@ -5091,7 +5091,7 @@ static void setup_frame(int sig, struct target_sigaction *ka,
     /* moveq #,d0; trap #0 */
 
     __put_user(0x70004e40 + (TARGET_NR_sigreturn << 16),
-                      (long *)(frame->retcode));
+                      (uint32_t *)(frame->retcode));
 
     /* Set up to return from userspace */
 
@@ -5225,8 +5225,8 @@ static void setup_rt_frame(int sig, struct target_sigaction *ka,
     /* moveq #,d0; notb d0; trap #0 */
 
     __put_user(0x70004600 + ((TARGET_NR_rt_sigreturn ^ 0xff) << 16),
-               (long *)(frame->retcode + 0));
-    __put_user(0x4e40, (short *)(frame->retcode + 4));
+               (uint32_t *)(frame->retcode + 0));
+    __put_user(0x4e40, (uint16_t *)(frame->retcode + 4));
 
     if (err)
         goto give_sigsegv;