From: "Alex Bennée" <alex.bennee@linaro.org>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-devel@nongnu.org, patches@linaro.org
Subject: Re: [Qemu-devel] [PATCH 1/2] risu_reginfo_arm.c: Fix handling of size values in sigframe
Date: Tue, 20 Jun 2017 16:03:35 +0100 [thread overview]
Message-ID: <87r2yeu2ew.fsf@linaro.org> (raw)
In-Reply-To: <1497969886-17773-2-git-send-email-peter.maydell@linaro.org>
Peter Maydell <peter.maydell@linaro.org> writes:
> The code in reginfo_init_vfp() to parse the signal frame
> was mishandling the size counts:
> * the size includes the bytes for the magic and size fields,
> so the code to skip forward over unknown or undersize blocks
> was adding 4 more than it should
> * the size is in bytes but the "is this block too small"
> test was checking against an expected size in words
>
> This didn't cause any problems because the kernel happens
> to generate signal frames with the VFP section first.
>
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
I guess this would have tripped up once the kernel started dumping SVE
registers in the context?
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
> ---
> risu_reginfo_arm.c | 15 ++++++++++-----
> 1 file changed, 10 insertions(+), 5 deletions(-)
>
> diff --git a/risu_reginfo_arm.c b/risu_reginfo_arm.c
> index 0cb9087..b0d5da7 100644
> --- a/risu_reginfo_arm.c
> +++ b/risu_reginfo_arm.c
> @@ -36,7 +36,12 @@ static void reginfo_init_vfp(struct reginfo *ri, ucontext_t *uc)
> unsigned long *rs = uc->uc_regspace;
>
> for (;;) {
> - switch (*rs++) {
> + unsigned long magic = *rs++;
> + unsigned long size = *rs++;
> +
> + size -= 8; /* Account for the magic/size fields */
> +
> + switch (magic) {
> case 0:
> {
> /* We didn't find any VFP at all (probably a no-VFP
> @@ -57,11 +62,11 @@ static void reginfo_init_vfp(struct reginfo *ri, ucontext_t *uc)
> */
> int i;
> /* Skip if it's smaller than we expected (should never happen!) */
> - if (*rs < ((32 * 2) + 1)) {
> - rs += (*rs / 4);
> + if (size < ((32 * 2) + 1) * 4) {
> + rs += size / 4;
> break;
> }
> - rs++;
> +
> for (i = 0; i < 32; i++) {
> ri->fpregs[i] = *rs++;
> ri->fpregs[i] |= (uint64_t) (*rs++) << 32;
> @@ -86,7 +91,7 @@ static void reginfo_init_vfp(struct reginfo *ri, ucontext_t *uc)
> }
> default:
> /* Some other kind of block, ignore it */
> - rs += (*rs / 4);
> + rs += size / 4;
> break;
> }
> }
--
Alex Bennée
next prev parent reply other threads:[~2017-06-20 15:02 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-20 14:44 [Qemu-devel] [PATCH risu 0/2] risu: Fix handling of ARM sigframe Peter Maydell
2017-06-20 14:44 ` [Qemu-devel] [PATCH 1/2] risu_reginfo_arm.c: Fix handling of size values in sigframe Peter Maydell
2017-06-20 15:03 ` Alex Bennée [this message]
2017-06-20 15:43 ` Peter Maydell
2017-06-20 14:44 ` [Qemu-devel] [PATCH 2/2] risu_reginfo_arm.c: Move orphan comment to risu.h Peter Maydell
2017-06-20 14:59 ` Alex Bennée
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87r2yeu2ew.fsf@linaro.org \
--to=alex.bennee@linaro.org \
--cc=patches@linaro.org \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.