From patchwork Wed May 25 10:32:01 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Riku Voipio X-Patchwork-Id: 68575 Delivered-To: patch@linaro.org Received: by 10.140.92.199 with SMTP id b65csp1148288qge; Wed, 25 May 2016 04:13:27 -0700 (PDT) X-Received: by 10.55.123.130 with SMTP id w124mr2967888qkc.164.1464174807675; Wed, 25 May 2016 04:13:27 -0700 (PDT) Return-Path: Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11]) by mx.google.com with ESMTPS id l19si7329396qke.121.2016.05.25.04.13.27 for (version=TLS1 cipher=AES128-SHA bits=128/128); Wed, 25 May 2016 04:13:27 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) client-ip=2001:4830:134:3::11; Authentication-Results: mx.google.com; dkim=fail header.i=@linaro.org; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org; dmarc=fail (p=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:59004 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b5Wkh-0004HW-23 for patch@linaro.org; Wed, 25 May 2016 07:13:27 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:41835) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b5W7M-0001R0-2Q for qemu-devel@nongnu.org; Wed, 25 May 2016 06:33:01 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1b5W7E-0003Mx-2f for qemu-devel@nongnu.org; Wed, 25 May 2016 06:32:47 -0400 Received: from mail-lf0-x22b.google.com ([2a00:1450:4010:c07::22b]:32990) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b5W7D-0003MJ-9U for qemu-devel@nongnu.org; Wed, 25 May 2016 06:32:40 -0400 Received: by mail-lf0-x22b.google.com with SMTP id e131so16312914lfb.0 for ; Wed, 25 May 2016 03:32:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=S5qvATMqH1n3nkm4VTfD//P/nLP70ojFEJEfclNsedo=; b=c9nfKXKhtjgYZt0N/Jsg96bXa8oWlZAcgxCBgFnqPJ1E2LNxChURb3ZxQfiZQC6F5S KPDKYgs+h6AZT9PnldcB+DY5lfXhwH2tA5hkyFcGJPFjMp9zXWRAfdlN4ZfXMLMUmUYL PTPKNbCNLbcxGEBOu+paodKdd8zphLoYFxpQU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=S5qvATMqH1n3nkm4VTfD//P/nLP70ojFEJEfclNsedo=; b=MYTdSEsmtfpPb7nmcWBS+rpY+xB2a3k3iN0PUJ/JJsA9h0xgm8pJmtRkBFIvycZnfJ u2neF846GiHmjAZLCcMt6+0ja7JqLU0L5RUjq5+y60QaCbfHISuXKPVd+OEHIPsQHr9r HFp1b5TECJePte9UknE8QZ94RODc1ENwzKI6kpm0eWlMvaimRz6wAvSod2qb4N1a1VYk pbq+k8ePLjfHgsJjHISO0gxvPwWnax9aTMrAih2KE1dWRxUn4kLjlVQVC4tnYdIELehM k7e72pbr4+hIdiyhpai/E26aep9Nca1e9SPBayuTX86ge6e+rp6siOyPAakOmQ4BSSR6 C/LA== X-Gm-Message-State: ALyK8tIXWPz72dEN8Pw+17yYRq1VPCvlVlY5hRSFgROSAxrS+PPhLd+9ip17stl3n5bKdTu+ X-Received: by 10.25.91.140 with SMTP id p134mr576747lfb.181.1464172358543; Wed, 25 May 2016 03:32:38 -0700 (PDT) Received: from beaming.home (91-157-168-132.elisa-laajakaista.fi. [91.157.168.132]) by smtp.gmail.com with ESMTPSA id o75sm1379610lfi.9.2016.05.25.03.32.37 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 25 May 2016 03:32:37 -0700 (PDT) From: riku.voipio@linaro.org To: qemu-devel@nongnu.org Date: Wed, 25 May 2016 13:32:01 +0300 Message-Id: X-Mailer: git-send-email 2.1.4 In-Reply-To: References: X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2a00:1450:4010:c07::22b Subject: [Qemu-devel] [PULL 29/38] linux-user: Handle negative values in timespec conversion X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Peter Maydell Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" From: Peter Maydell In a struct timespec, both fields are signed longs. Converting them from guest to host with code like host_ts->tv_sec = tswapal(target_ts->tv_sec); mishandles negative values if the guest has 32-bit longs and the host has 64-bit longs because tswapal()'s return type is abi_ulong: the assignment will zero-extend into the host long type rather than sign-extending it. Make the conversion routines use __get_user() and __set_user() instead: this automatically picks up the signedness of the field type and does the correct kind of sign or zero extension. It also handles the possibility that the target struct is not sufficiently aligned for the host's requirements. In particular, this fixes a hang when running the Linux Test Project mq_timedsend01 and mq_timedreceive01 tests: one of the test cases sets the timeout to -1 and expects an EINVAL failure, but we were setting a very long timeout instead. Signed-off-by: Peter Maydell Signed-off-by: Riku Voipio --- linux-user/syscall.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) -- 2.1.4 diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 4e419fb..6c4f5c6 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -5194,8 +5194,8 @@ static inline abi_long target_to_host_timespec(struct timespec *host_ts, if (!lock_user_struct(VERIFY_READ, target_ts, target_addr, 1)) return -TARGET_EFAULT; - host_ts->tv_sec = tswapal(target_ts->tv_sec); - host_ts->tv_nsec = tswapal(target_ts->tv_nsec); + __get_user(host_ts->tv_sec, &target_ts->tv_sec); + __get_user(host_ts->tv_nsec, &target_ts->tv_nsec); unlock_user_struct(target_ts, target_addr, 0); return 0; } @@ -5207,8 +5207,8 @@ static inline abi_long host_to_target_timespec(abi_ulong target_addr, if (!lock_user_struct(VERIFY_WRITE, target_ts, target_addr, 0)) return -TARGET_EFAULT; - target_ts->tv_sec = tswapal(host_ts->tv_sec); - target_ts->tv_nsec = tswapal(host_ts->tv_nsec); + __put_user(host_ts->tv_sec, &target_ts->tv_sec); + __put_user(host_ts->tv_nsec, &target_ts->tv_nsec); unlock_user_struct(target_ts, target_addr, 1); return 0; }