From patchwork Mon Oct  6 19:11:21 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Riku Voipio <riku.voipio@linaro.org>
X-Patchwork-Id: 38380
Return-Path: <patchwork-forward+bncBC4MBBM76YMRBJGTZOQQKGQENT76ZCY@linaro.org>
X-Original-To: linaro@patches.linaro.org
Delivered-To: linaro@patches.linaro.org
Received: from mail-wi0-f199.google.com (mail-wi0-f199.google.com
 [209.85.212.199])
 by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id 915AC2054E
 for <linaro@patches.linaro.org>; Mon,  6 Oct 2014 19:12:37 +0000 (UTC)
Received: by mail-wi0-f199.google.com with SMTP id d1sf2006892wiv.2
 for <linaro@patches.linaro.org>; Mon, 06 Oct 2014 12:12:36 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:delivered-to:from:to:date
 :message-id:in-reply-to:references:cc:subject:precedence:list-id
 :list-unsubscribe:list-archive:list-post:list-help:list-subscribe
 :errors-to:sender:x-original-sender
 :x-original-authentication-results:mailing-list;
 bh=M9r6/iqgo9QN0qRlhZ5gJzRow3KyQCP4laIOKG6cdOg=;
 b=buN0OOMmrSKhwshbzfBqMjfETl7wnW4htcVv5Qa3YJoxP3JXDQkCVdIXZKSNbLwRxk
 a+GIzq6KW6p0k+/pxsjCdyV5vtjGybTbL6zhhHQUmmfRNFeDurrOiGzYTVcMq2gQqK6v
 NTFsSLTsalC1jH1wYJLlnSib7Twy+Be5GeVsfSMa1pWqjjrAhVTZRg9x/B9r7UsSwQyw
 GDNMLbaKwXViA7IkV4dzJOEpTay+O/tFWPgwZd64oahCFs+fMsu2NhkoaaYd4Id4D3Kf
 YpG3EJ22u+rfrI/glRhKgavRQryt90KnGoeZMtyswzU63Ih0FMduLiFBRU2cADCzRmk0
 nN5w==
X-Gm-Message-State: ALoCoQmXWgK5y+LYQPiM/5uddKIxdp9evOgxb9PkITc2nBrHxx60+yMOhdZ/WsgWn+wk5Tk/zsuL
X-Received: by 10.194.249.134 with SMTP id yu6mr4030093wjc.1.1412622756707; 
 Mon, 06 Oct 2014 12:12:36 -0700 (PDT)
MIME-Version: 1.0
X-BeenThere: patchwork-forward@linaro.org
Received: by 10.152.42.171 with SMTP id p11ls511652lal.68.gmail; Mon, 06 Oct
 2014 12:12:36 -0700 (PDT)
X-Received: by 10.112.135.230 with SMTP id pv6mr5072009lbb.105.1412622756530; 
 Mon, 06 Oct 2014 12:12:36 -0700 (PDT)
Received: from mail-la0-f50.google.com (mail-la0-f50.google.com
 [209.85.215.50]) by mx.google.com with ESMTPS id
 q13si25343804lal.108.2014.10.06.12.12.36
 for <patchwork-forward@linaro.org>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Mon, 06 Oct 2014 12:12:36 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.215.50 as permitted sender) client-ip=209.85.215.50; 
Received: by mail-la0-f50.google.com with SMTP id s18so4987574lam.37
 for <patchwork-forward@linaro.org>;
 Mon, 06 Oct 2014 12:12:36 -0700 (PDT)
X-Received: by 10.112.134.229 with SMTP id pn5mr26033021lbb.22.1412622755484; 
 Mon, 06 Oct 2014 12:12:35 -0700 (PDT)
X-Forwarded-To: patchwork-forward@linaro.org
X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org
Delivered-To: patch@linaro.org
Received: by 10.112.130.169 with SMTP id of9csp239703lbb;
 Mon, 6 Oct 2014 12:12:34 -0700 (PDT)
X-Received: by 10.224.99.7 with SMTP id s7mr32477149qan.73.1412622753951;
 Mon, 06 Oct 2014 12:12:33 -0700 (PDT)
Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11])
 by mx.google.com with ESMTPS id
 g5si26749342qaf.123.2014.10.06.12.12.33 for <patch@linaro.org>
 (version=TLSv1 cipher=RC4-SHA bits=128/128);
 Mon, 06 Oct 2014 12:12:33 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 2001:4830:134:3::11 as permitted sender)
 client-ip=2001:4830:134:3::11; 
Received: from localhost ([::1]:53843 helo=lists.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <qemu-devel-bounces+patch=linaro.org@nongnu.org>)
 id 1XbDhw-0002r9-QZ
 for patch@linaro.org; Mon, 06 Oct 2014 15:12:32 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:57412)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <riku.voipio@linaro.org>) id 1XbDgw-00024j-6n
 for qemu-devel@nongnu.org; Mon, 06 Oct 2014 15:11:34 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <riku.voipio@linaro.org>) id 1XbDgr-0007cA-DG
 for qemu-devel@nongnu.org; Mon, 06 Oct 2014 15:11:30 -0400
Received: from afflict.kos.to ([92.243.29.197]:33862)
 by eggs.gnu.org with esmtp (Exim 4.71)
 (envelope-from <riku.voipio@linaro.org>) id 1XbDgr-0007bD-3K
 for qemu-devel@nongnu.org; Mon, 06 Oct 2014 15:11:25 -0400
Received: from afflict.kos.to (afflict [92.243.29.197])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
 bits)) (No client certificate requested)
 by afflict.kos.to (Postfix) with ESMTPSA id 2651B26512;
 Mon,  6 Oct 2014 21:11:24 +0200 (CEST)
From: riku.voipio@linaro.org
To: qemu-devel@nongnu.org
Date: Mon,  6 Oct 2014 22:11:21 +0300
Message-Id: <e52a99f756eff14935edd1893dc9ec7660078f82.1412622515.git.riku.voipio@linaro.org>
X-Mailer: git-send-email 1.7.10.4
In-Reply-To: <cover.1412622515.git.riku.voipio@linaro.org>
References: <cover.1412622515.git.riku.voipio@linaro.org>
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x
X-Received-From: 92.243.29.197
Cc: Alexander Graf <agraf@suse.de>
Subject: [Qemu-devel] [PULL v2 3/5] linux-user: Simplify timerid checks on
 g_posix_timers range
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: <patchwork-forward.linaro.org>
List-Unsubscribe: <mailto:googlegroups-manage+836684582541+unsubscribe@googlegroups.com>, 
 <http://groups.google.com/a/linaro.org/group/patchwork-forward/subscribe>
List-Archive: <http://groups.google.com/a/linaro.org/group/patchwork-forward/>
List-Post: <http://groups.google.com/a/linaro.org/group/patchwork-forward/post>, 
 <mailto:patchwork-forward@linaro.org>
List-Help: <http://support.google.com/a/linaro.org/bin/topic.py?topic=25838>, 
 <mailto:patchwork-forward+help@linaro.org>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org
X-Removed-Original-Auth: Dkim didn't pass.
X-Original-Sender: riku.voipio@linaro.org
X-Original-Authentication-Results: mx.google.com; spf=pass (google.com:
 domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.215.50 as permitted sender)
 smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org
Mailing-list: list patchwork-forward@linaro.org;
 contact patchwork-forward+owners@linaro.org
X-Google-Group-Id: 836684582541

From: Alexander Graf <agraf@suse.de>

We check whether the passed in timer id is negative on all calls
that involve g_posix_timers.

However, these checks are bogus. First off we limit the timer_id to
16 bits which is not what Linux does. Then we check whether it's negative
which it can't be because we masked it.

We can safely remove the masking. For the negativity check we can just
treat the timerid as unsigned and only check for upper boundaries.

Signed-off-by: Alexander Graf <agraf@suse.de>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
---
 linux-user/syscall.c | 30 +++++++++++++++++-------------
 1 file changed, 17 insertions(+), 13 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index dcb9df9..7087a56 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -9615,11 +9615,12 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
     {
         /* args: timer_t timerid, int flags, const struct itimerspec *new_value,
          * struct itimerspec * old_value */
-        arg1 &= 0xffff;
-        if (arg3 == 0 || arg1 < 0 || arg1 >= ARRAY_SIZE(g_posix_timers)) {
+        target_ulong timerid = arg1;
+
+        if (arg3 == 0 || timerid >= ARRAY_SIZE(g_posix_timers)) {
             ret = -TARGET_EINVAL;
         } else {
-            timer_t htimer = g_posix_timers[arg1];
+            timer_t htimer = g_posix_timers[timerid];
             struct itimerspec hspec_new = {{0},}, hspec_old = {{0},};
 
             target_to_host_itimerspec(&hspec_new, arg3);
@@ -9635,13 +9636,14 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
     case TARGET_NR_timer_gettime:
     {
         /* args: timer_t timerid, struct itimerspec *curr_value */
-        arg1 &= 0xffff;
+        target_ulong timerid = arg1;
+
         if (!arg2) {
             return -TARGET_EFAULT;
-        } else if (arg1 < 0 || arg1 >= ARRAY_SIZE(g_posix_timers)) {
+        } else if (timerid >= ARRAY_SIZE(g_posix_timers)) {
             ret = -TARGET_EINVAL;
         } else {
-            timer_t htimer = g_posix_timers[arg1];
+            timer_t htimer = g_posix_timers[timerid];
             struct itimerspec hspec;
             ret = get_errno(timer_gettime(htimer, &hspec));
 
@@ -9657,11 +9659,12 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
     case TARGET_NR_timer_getoverrun:
     {
         /* args: timer_t timerid */
-        arg1 &= 0xffff;
-        if (arg1 < 0 || arg1 >= ARRAY_SIZE(g_posix_timers)) {
+        target_ulong timerid = arg1;
+
+        if (timerid >= ARRAY_SIZE(g_posix_timers)) {
             ret = -TARGET_EINVAL;
         } else {
-            timer_t htimer = g_posix_timers[arg1];
+            timer_t htimer = g_posix_timers[timerid];
             ret = get_errno(timer_getoverrun(htimer));
         }
         break;
@@ -9672,13 +9675,14 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
     case TARGET_NR_timer_delete:
     {
         /* args: timer_t timerid */
-        arg1 &= 0xffff;
-        if (arg1 < 0 || arg1 >= ARRAY_SIZE(g_posix_timers)) {
+        target_ulong timerid = arg1;
+
+        if (timerid >= ARRAY_SIZE(g_posix_timers)) {
             ret = -TARGET_EINVAL;
         } else {
-            timer_t htimer = g_posix_timers[arg1];
+            timer_t htimer = g_posix_timers[timerid];
             ret = get_errno(timer_delete(htimer));
-            g_posix_timers[arg1] = 0;
+            g_posix_timers[timerid] = 0;
         }
         break;
     }