From: "Alex Bennée" <alex.bennee@linaro.org>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: "Philippe Mathieu-Daudé" <philmd@redhat.com>,
"QEMU Developers" <qemu-devel@nongnu.org>
Subject: Re: [PATCH] gdbstub: Correct misparsing of vCont C/S requests
Date: Fri, 11 Dec 2020 15:48:28 +0000 [thread overview]
Message-ID: <87r1nwbaxz.fsf@linaro.org> (raw)
In-Reply-To: <CAFEAcA-yqaXOkw8dXJdR8dthXfVqKVR4yGR9VVQ3BP5U_Gyg9w@mail.gmail.com>
Peter Maydell <peter.maydell@linaro.org> writes:
> On Mon, 23 Nov 2020 at 13:41, Alex Bennée <alex.bennee@linaro.org> wrote:
>>
>>
>> Peter Maydell <peter.maydell@linaro.org> writes:
>>
>> > In the vCont packet, two of the command actions (C and S) take an
>> > argument specifying the signal to be sent to the process/thread, which is
>> > sent as an ASCII string of two hex digits which immediately follow the
>> > 'C' or 'S' character.
>> >
>> > Our code for parsing this packet accidentally skipped the first of the
>> > two bytes of the signal value, because it started parsing the hex string
>> > at 'p + 1' when the preceding code had already moved past the 'C' or
>> > 'S' with "cur_action = *p++".
>> >
>> > This meant that we would only do the right thing for signals below
>> > 10, and would misinterpret the rest. For instance, when the debugger
>> > wants to send the process a SIGPROF (27 on x86-64) we mangle this into
>> > a SIGSEGV (11).
>> >
>> > Remove the accidental double increment.
>> >
>> > Fixes: https://bugs.launchpad.net/qemu/+bug/1773743
>> > Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
>>
>> LGTM
>>
>> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
>>
>> > ---
>> > Haven't really given this enough testing to want to put it into 5.2,
>> > I think (though it does fix the repro in the bug report).
>> > The bug has been present since commit 544177ad1cfd78 from 2017.
>>
>> I'd be happy including it. I don't have any gdbstub patches queued at
>> the moment but I could put together one if you want or you could just
>> include it directly if you are now happy to.
>
> Now that 6.0 has opened up, I'll put this in via target-arm.next
> unless you'd prefer to take it.
Go for it, I have nothing else at the moment.
>
> -- PMM
--
Alex Bennée
prev parent reply other threads:[~2020-12-11 15:56 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-21 21:03 [PATCH] gdbstub: Correct misparsing of vCont C/S requests Peter Maydell
2020-11-23 10:39 ` Philippe Mathieu-Daudé
2020-11-23 13:41 ` Alex Bennée
2020-12-11 14:12 ` Peter Maydell
2020-12-11 15:48 ` Alex Bennée [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87r1nwbaxz.fsf@linaro.org \
--to=alex.bennee@linaro.org \
--cc=peter.maydell@linaro.org \
--cc=philmd@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.