From patchwork Fri Oct  2 13:01:00 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Riku Voipio <riku.voipio@linaro.org>
X-Patchwork-Id: 54433
Return-Path: <patchwork-forward+bncBC4MBBM76YMRBZEVXKYAKGQESSGKMEY@linaro.org>
X-Original-To: linaro@patches.linaro.org
Delivered-To: linaro@patches.linaro.org
Received: from mail-lb0-f197.google.com (mail-lb0-f197.google.com
 [209.85.217.197])
 by patches.linaro.org (Postfix) with ESMTPS id 5ECCA23009
 for <linaro@patches.linaro.org>; Fri,  2 Oct 2015 13:47:17 +0000 (UTC)
Received: by lbbmp1 with SMTP id mp1sf16636821lbb.2
 for <linaro@patches.linaro.org>; Fri, 02 Oct 2015 06:47:16 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:delivered-to:from:to:date:message-id:in-reply-to
 :references:mime-version:content-type:content-transfer-encoding:cc
 :subject:precedence:list-id:list-unsubscribe:list-archive:list-post
 :list-help:list-subscribe:errors-to:sender:x-original-sender
 :x-original-authentication-results:mailing-list;
 bh=j3nq8+jRI/grWbBL87dOZpNTJsVL4rqDuF+ZIEN2Ifw=;
 b=Gm89tW0gW8yF0fNiU3mgq7hKWe7IuS2HeW1/ItSpY4W/r/7ewYjq9U7f6zVD7gXoWK
 hxdSsIsq77cxvY/ycTWFBbXCiABF4zZtCcCvJTRSs1mXLQbWgBRirM5QeXsfQKYgXc+S
 2ylUq4iQ6SS1ZPhQAKWrQM2vTlmiUVnmINtVPnYh/Ujby1IIOquHUxP5XrkMveHGN/C4
 s52TUfXA1Lun2Cf1YGTggU4MOh7Ntot7lsR62kdWAjDbzeHCp6yt8ZUK/Vvf61AKECsI
 kGXEp6LJrlpMzsTaEQ0SIp8xqptqBPA92Z077/f2IIhf2aEldX969bEVRUkL8WtcMYlj
 W3iw==
X-Gm-Message-State: ALoCoQnxOou103QXuIK3VUULdXhRp7rBRtEYp023vG4mA9VRrbTkXuHaWoijeq6t0yLpBtq1qLb/
X-Received: by 10.180.10.202 with SMTP id k10mr979260wib.2.1443793636214;
 Fri, 02 Oct 2015 06:47:16 -0700 (PDT)
X-BeenThere: patchwork-forward@linaro.org
Received: by 10.25.149.7 with SMTP id x7ls223700lfd.51.gmail;
 Fri, 02 Oct 2015 06:47:16 -0700 (PDT)
X-Received: by 10.25.213.8 with SMTP id m8mr3624564lfg.114.1443793636056;
 Fri, 02 Oct 2015 06:47:16 -0700 (PDT)
Received: from mail-lb0-f182.google.com (mail-lb0-f182.google.com.
 [209.85.217.182]) by mx.google.com with ESMTPS id
 ub8si6293733lbb.49.2015.10.02.06.47.15
 for <patchwork-forward@linaro.org>
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Fri, 02 Oct 2015 06:47:15 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.217.182 as permitted sender) client-ip=209.85.217.182; 
Received: by lbbmp1 with SMTP id mp1so26791763lbb.1
 for <patchwork-forward@linaro.org>;
 Fri, 02 Oct 2015 06:47:15 -0700 (PDT)
X-Received: by 10.25.150.199 with SMTP id y190mr3813622lfd.35.1443793635893; 
 Fri, 02 Oct 2015 06:47:15 -0700 (PDT)
X-Forwarded-To: patchwork-forward@linaro.org
X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org
Delivered-To: patch@linaro.org
Received: by 10.112.59.35 with SMTP id w3csp1256345lbq;
 Fri, 2 Oct 2015 06:47:14 -0700 (PDT)
X-Received: by 10.140.83.202 with SMTP id j68mr20304812qgd.46.1443793634691; 
 Fri, 02 Oct 2015 06:47:14 -0700 (PDT)
Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11])
 by mx.google.com with ESMTPS id
 w15si10327982qha.59.2015.10.02.06.47.14 for <patch@linaro.org>
 (version=TLSv1 cipher=RC4-SHA bits=128/128);
 Fri, 02 Oct 2015 06:47:14 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates
 2001:4830:134:3::11 as permitted sender)
 client-ip=2001:4830:134:3::11; 
Received: from localhost ([::1]:59886 helo=lists.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <qemu-devel-bounces+patch=linaro.org@nongnu.org>)
 id 1Zi0g6-0004ts-5U
 for patch@linaro.org; Fri, 02 Oct 2015 09:47:14 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:37344)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <riku.voipio@linaro.org>) id 1Zhzxk-0005PG-2y
 for qemu-devel@nongnu.org; Fri, 02 Oct 2015 09:01:25 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <riku.voipio@linaro.org>) id 1Zhzxf-0000e3-9y
 for qemu-devel@nongnu.org; Fri, 02 Oct 2015 09:01:23 -0400
Received: from mail-lb0-f174.google.com ([209.85.217.174]:36719)
 by eggs.gnu.org with esmtp (Exim 4.71)
 (envelope-from <riku.voipio@linaro.org>) id 1Zhzxe-0000dW-Vm
 for qemu-devel@nongnu.org; Fri, 02 Oct 2015 09:01:19 -0400
Received: by lbcao8 with SMTP id ao8so26017503lbc.3
 for <qemu-devel@nongnu.org>; Fri, 02 Oct 2015 06:01:18 -0700 (PDT)
X-Received: by 10.25.20.167 with SMTP id 39mr3622552lfu.28.1443790878272;
 Fri, 02 Oct 2015 06:01:18 -0700 (PDT)
Received: from localhost.localdomain (91-157-196-38.elisa-laajakaista.fi.
 [91.157.196.38]) by smtp.gmail.com with ESMTPSA id
 w143sm1514751lfd.2.2015.10.02.06.01.17
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
 Fri, 02 Oct 2015 06:01:17 -0700 (PDT)
From: riku.voipio@linaro.org
To: qemu-devel@nongnu.org
Date: Fri,  2 Oct 2015 16:01:00 +0300
Message-Id: <ee1045877a7e226945c7cec2bda80039bd2d0c8e.1443790691.git.riku.voipio@linaro.org>
X-Mailer: git-send-email 2.5.3
In-Reply-To: <cover.1443790691.git.riku.voipio@linaro.org>
References: <cover.1443790691.git.riku.voipio@linaro.org>
MIME-Version: 1.0
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
 [fuzzy]
X-Received-From: 209.85.217.174
Cc: =?UTF-8?q?Jonathan=20Neusch=C3=A4fer?= <j.neuschaefer@gmx.net>
Subject: [Qemu-devel] [PULL 08/13] linux-user: fix cmsg conversion in case
 of multiple headers
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: <patchwork-forward.linaro.org>
List-Unsubscribe: <mailto:googlegroups-manage+836684582541+unsubscribe@googlegroups.com>, 
 <http://groups.google.com/a/linaro.org/group/patchwork-forward/subscribe>
List-Archive: <http://groups.google.com/a/linaro.org/group/patchwork-forward/>
List-Post: <http://groups.google.com/a/linaro.org/group/patchwork-forward/post>, 
 <mailto:patchwork-forward@linaro.org>
List-Help: <http://support.google.com/a/linaro.org/bin/topic.py?topic=25838>, 
 <mailto:patchwork-forward+help@linaro.org>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org
X-Removed-Original-Auth: Dkim didn't pass.
X-Original-Sender: riku.voipio@linaro.org
X-Original-Authentication-Results: mx.google.com; spf=pass (google.com:
 domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org designates
 209.85.217.182 as permitted sender)
 smtp.mailfrom=patch+caf_=patchwork-forward=linaro.org@linaro.org
Mailing-list: list patchwork-forward@linaro.org;
 contact patchwork-forward+owners@linaro.org
X-Google-Group-Id: 836684582541

From: Jonathan Neuschäfer <j.neuschaefer@gmx.net>

Currently, __target_cmsg_nxthdr compares a pointer derived from
target_cmsg against the msg_control field of target_msgh (through
subtraction).  This failed for me when emulating i386 code under x86_64,
because pointers in the host address space and pointers in the guest
address space were not the same.  This patch passes the initial value of
target_cmsg into __target_cmsg_nxthdr.

I found and fixed two more related bugs:
- __target_cmsg_nxthdr now returns the new cmsg pointer instead of the
  old one.
- tgt_space (in host_to_target_cmsg) doesn't count "sizeof (struct
  target_cmsghdr)" twice anymore.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
---
 linux-user/syscall.c      | 14 +++++++++-----
 linux-user/syscall_defs.h | 14 +++++++++-----
 2 files changed, 18 insertions(+), 10 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 7fbaa8b..75ac32c 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -1181,7 +1181,7 @@ static inline abi_long target_to_host_cmsg(struct msghdr *msgh,
     struct cmsghdr *cmsg = CMSG_FIRSTHDR(msgh);
     abi_long msg_controllen;
     abi_ulong target_cmsg_addr;
-    struct target_cmsghdr *target_cmsg;
+    struct target_cmsghdr *target_cmsg, *target_cmsg_start;
     socklen_t space = 0;
     
     msg_controllen = tswapal(target_msgh->msg_controllen);
@@ -1189,6 +1189,7 @@ static inline abi_long target_to_host_cmsg(struct msghdr *msgh,
         goto the_end;
     target_cmsg_addr = tswapal(target_msgh->msg_control);
     target_cmsg = lock_user(VERIFY_READ, target_cmsg_addr, msg_controllen, 1);
+    target_cmsg_start = target_cmsg;
     if (!target_cmsg)
         return -TARGET_EFAULT;
 
@@ -1247,7 +1248,8 @@ static inline abi_long target_to_host_cmsg(struct msghdr *msgh,
         }
 
         cmsg = CMSG_NXTHDR(msgh, cmsg);
-        target_cmsg = TARGET_CMSG_NXTHDR(target_msgh, target_cmsg);
+        target_cmsg = TARGET_CMSG_NXTHDR(target_msgh, target_cmsg,
+                                         target_cmsg_start);
     }
     unlock_user(target_cmsg, target_cmsg_addr, 0);
  the_end:
@@ -1261,7 +1263,7 @@ static inline abi_long host_to_target_cmsg(struct target_msghdr *target_msgh,
     struct cmsghdr *cmsg = CMSG_FIRSTHDR(msgh);
     abi_long msg_controllen;
     abi_ulong target_cmsg_addr;
-    struct target_cmsghdr *target_cmsg;
+    struct target_cmsghdr *target_cmsg, *target_cmsg_start;
     socklen_t space = 0;
 
     msg_controllen = tswapal(target_msgh->msg_controllen);
@@ -1269,6 +1271,7 @@ static inline abi_long host_to_target_cmsg(struct target_msghdr *target_msgh,
         goto the_end;
     target_cmsg_addr = tswapal(target_msgh->msg_control);
     target_cmsg = lock_user(VERIFY_WRITE, target_cmsg_addr, msg_controllen, 0);
+    target_cmsg_start = target_cmsg;
     if (!target_cmsg)
         return -TARGET_EFAULT;
 
@@ -1382,14 +1385,15 @@ static inline abi_long host_to_target_cmsg(struct target_msghdr *target_msgh,
         }
 
         target_cmsg->cmsg_len = tswapal(tgt_len);
-        tgt_space = TARGET_CMSG_SPACE(tgt_len);
+        tgt_space = TARGET_CMSG_SPACE(len);
         if (msg_controllen < tgt_space) {
             tgt_space = msg_controllen;
         }
         msg_controllen -= tgt_space;
         space += tgt_space;
         cmsg = CMSG_NXTHDR(msgh, cmsg);
-        target_cmsg = TARGET_CMSG_NXTHDR(target_msgh, target_cmsg);
+        target_cmsg = TARGET_CMSG_NXTHDR(target_msgh, target_cmsg,
+                                         target_cmsg_start);
     }
     unlock_user(target_cmsg, target_cmsg_addr, space);
  the_end:
diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h
index cdc8db4..7ca33a6 100644
--- a/linux-user/syscall_defs.h
+++ b/linux-user/syscall_defs.h
@@ -235,7 +235,8 @@ struct target_cmsghdr {
 };
 
 #define TARGET_CMSG_DATA(cmsg) ((unsigned char *) ((struct target_cmsghdr *) (cmsg) + 1))
-#define TARGET_CMSG_NXTHDR(mhdr, cmsg) __target_cmsg_nxthdr (mhdr, cmsg)
+#define TARGET_CMSG_NXTHDR(mhdr, cmsg, cmsg_start) \
+                               __target_cmsg_nxthdr(mhdr, cmsg, cmsg_start)
 #define TARGET_CMSG_ALIGN(len) (((len) + sizeof (abi_long) - 1) \
                                & (size_t) ~(sizeof (abi_long) - 1))
 #define TARGET_CMSG_SPACE(len) (TARGET_CMSG_ALIGN (len) \
@@ -243,17 +244,20 @@ struct target_cmsghdr {
 #define TARGET_CMSG_LEN(len)   (TARGET_CMSG_ALIGN (sizeof (struct target_cmsghdr)) + (len))
 
 static __inline__ struct target_cmsghdr *
-__target_cmsg_nxthdr (struct target_msghdr *__mhdr, struct target_cmsghdr *__cmsg)
+__target_cmsg_nxthdr(struct target_msghdr *__mhdr,
+                     struct target_cmsghdr *__cmsg,
+                     struct target_cmsghdr *__cmsg_start)
 {
   struct target_cmsghdr *__ptr;
 
   __ptr = (struct target_cmsghdr *)((unsigned char *) __cmsg
                                     + TARGET_CMSG_ALIGN (tswapal(__cmsg->cmsg_len)));
-  if ((unsigned long)((char *)(__ptr+1) - (char *)(size_t)tswapal(__mhdr->msg_control))
-      > tswapal(__mhdr->msg_controllen))
+  if ((unsigned long)((char *)(__ptr+1) - (char *)__cmsg_start)
+      > tswapal(__mhdr->msg_controllen)) {
     /* No more entries.  */
     return (struct target_cmsghdr *)0;
-  return __cmsg;
+  }
+  return __ptr;
 }
 
 struct target_mmsghdr {