From patchwork Fri May 27 13:00:20 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Riku Voipio X-Patchwork-Id: 68746 Delivered-To: patch@linaro.org Received: by 10.140.92.199 with SMTP id b65csp94470qge; Fri, 27 May 2016 06:37:58 -0700 (PDT) X-Received: by 10.55.132.3 with SMTP id g3mr14197739qkd.126.1464356276812; Fri, 27 May 2016 06:37:56 -0700 (PDT) Return-Path: Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11]) by mx.google.com with ESMTPS id y91si8425209qgy.35.2016.05.27.06.37.56 for (version=TLS1 cipher=AES128-SHA bits=128/128); Fri, 27 May 2016 06:37:56 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) client-ip=2001:4830:134:3::11; Authentication-Results: mx.google.com; dkim=fail header.i=@linaro.org; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:45867 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b6Hxc-0000vC-BA for patch@linaro.org; Fri, 27 May 2016 09:37:56 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:37530) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b6HO7-0007qb-Ir for qemu-devel@nongnu.org; Fri, 27 May 2016 09:01:16 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1b6HO2-0001Jr-7P for qemu-devel@nongnu.org; Fri, 27 May 2016 09:01:15 -0400 Received: from mail-lf0-x229.google.com ([2a00:1450:4010:c07::229]:34353) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b6HO2-0001Jc-01 for qemu-devel@nongnu.org; Fri, 27 May 2016 09:01:10 -0400 Received: by mail-lf0-x229.google.com with SMTP id k98so45670792lfi.1 for ; Fri, 27 May 2016 06:01:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=S5qvATMqH1n3nkm4VTfD//P/nLP70ojFEJEfclNsedo=; b=Ftx/2LgFFgBvq+UmD0OMGqXdGPvAZdouJXtI1H0pL/+qFsPdcyCrTUFjVvzMGBkJ3Q t113LFzNzyJpOU492WdRtA+Amq2X5cEarwHRLafC0VF5kzF/qCBaExa/QTr439zXdwQX qgx2dktnI/2BbQ0Bk4EAmnezaafQEc1FzBFhE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=S5qvATMqH1n3nkm4VTfD//P/nLP70ojFEJEfclNsedo=; b=Lnc4u+p2vdEQvnDtiwNXcSVww0x2m5GCIlDsRWtWirn0XrWCDeSyWevls4ZDvprCdx XYu+ZCSch19eEGARISrM4yiTAWF+LnRKdsWeS5+11DYBAsvo55mBiZX/MG2GWWvzKZ47 rq4pyXMux2BWTy2T2XSPjlSZ8ODExAUKVNQQ4N+tp3FWtAtWrEP4UBIEdmc8q2hCiyMi +MOtwS+Bb6T7F26uBCeWjLL1lOe3Y2/Yeg719xkVfQlTiZeiPCYX+KsGunyDuoJSArBE t6e3B436LmFF6fuBnAIauJrcIOQ8py+62rJDEvoot4Eu1TRtiB64p6rJo+6N038bxqf6 f3DA== X-Gm-Message-State: ALyK8tIznGC3xcgHi3euHffk/OBYHDOve75ZHQbWe006L2sjAvNlXm5O9XLslsAZ2TWREnaE X-Received: by 10.46.71.213 with SMTP id u204mr1549159lja.15.1464354069169; Fri, 27 May 2016 06:01:09 -0700 (PDT) Received: from beaming.home (91-157-168-132.elisa-laajakaista.fi. [91.157.168.132]) by smtp.gmail.com with ESMTPSA id n16sm2281066lfg.31.2016.05.27.06.01.08 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 27 May 2016 06:01:08 -0700 (PDT) From: riku.voipio@linaro.org To: qemu-devel@nongnu.org Date: Fri, 27 May 2016 16:00:20 +0300 Message-Id: X-Mailer: git-send-email 2.1.4 In-Reply-To: References: X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2a00:1450:4010:c07::229 Subject: [Qemu-devel] [PULL v2 29/38] linux-user: Handle negative values in timespec conversion X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" From: Peter Maydell In a struct timespec, both fields are signed longs. Converting them from guest to host with code like host_ts->tv_sec = tswapal(target_ts->tv_sec); mishandles negative values if the guest has 32-bit longs and the host has 64-bit longs because tswapal()'s return type is abi_ulong: the assignment will zero-extend into the host long type rather than sign-extending it. Make the conversion routines use __get_user() and __set_user() instead: this automatically picks up the signedness of the field type and does the correct kind of sign or zero extension. It also handles the possibility that the target struct is not sufficiently aligned for the host's requirements. In particular, this fixes a hang when running the Linux Test Project mq_timedsend01 and mq_timedreceive01 tests: one of the test cases sets the timeout to -1 and expects an EINVAL failure, but we were setting a very long timeout instead. Signed-off-by: Peter Maydell Signed-off-by: Riku Voipio --- linux-user/syscall.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) -- 2.1.4 diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 4e419fb..6c4f5c6 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -5194,8 +5194,8 @@ static inline abi_long target_to_host_timespec(struct timespec *host_ts, if (!lock_user_struct(VERIFY_READ, target_ts, target_addr, 1)) return -TARGET_EFAULT; - host_ts->tv_sec = tswapal(target_ts->tv_sec); - host_ts->tv_nsec = tswapal(target_ts->tv_nsec); + __get_user(host_ts->tv_sec, &target_ts->tv_sec); + __get_user(host_ts->tv_nsec, &target_ts->tv_nsec); unlock_user_struct(target_ts, target_addr, 0); return 0; } @@ -5207,8 +5207,8 @@ static inline abi_long host_to_target_timespec(abi_ulong target_addr, if (!lock_user_struct(VERIFY_WRITE, target_ts, target_addr, 0)) return -TARGET_EFAULT; - target_ts->tv_sec = tswapal(host_ts->tv_sec); - target_ts->tv_nsec = tswapal(host_ts->tv_nsec); + __put_user(host_ts->tv_sec, &target_ts->tv_sec); + __put_user(host_ts->tv_nsec, &target_ts->tv_nsec); unlock_user_struct(target_ts, target_addr, 1); return 0; }