From: Thayne Harbaugh <thayne@c2.net>
To: qemu-devel <qemu-devel@nongnu.org>
Subject: [Qemu-devel] Re: [PATCH] 06_efault.4.patch - timeval
Date: Tue, 20 Nov 2007 21:09:23 -0700 [thread overview]
Message-ID: <1195618163.5187.14.camel@phantasm.home.enterpriseandprosperity.com> (raw)
In-Reply-To: <1195585207.5240.5.camel@phantasm.home.enterpriseandprosperity.com>
[-- Attachment #1: Type: text/plain, Size: 156 bytes --]
This is the EFAULT for copy_{to,from}_user_timeval(). This updates to
use __get_user()/__put_user(), check return values of
copy_{to,from}_user_timeval().
[-- Attachment #2: 06_efault.4.patch --]
[-- Type: text/x-patch, Size: 5769 bytes --]
Index: qemu/linux-user/syscall.c
===================================================================
--- qemu.orig/linux-user/syscall.c 2007-11-20 12:52:33.000000000 -0700
+++ qemu/linux-user/syscall.c 2007-11-20 12:52:47.000000000 -0700
@@ -552,30 +552,34 @@
return 0;
}
-static inline abi_long target_to_host_timeval(struct timeval *tv,
- abi_ulong target_addr)
+static inline abi_long copy_from_user_timeval(struct timeval *tv,
+ abi_ulong target_tv_addr)
{
struct target_timeval *target_tv;
- if (!lock_user_struct(VERIFY_READ, target_tv, target_addr, 1))
+ if (!lock_user_struct(VERIFY_READ, target_tv, target_tv_addr, 1))
return -TARGET_EFAULT;
- tv->tv_sec = tswapl(target_tv->tv_sec);
- tv->tv_usec = tswapl(target_tv->tv_usec);
- unlock_user_struct(target_tv, target_addr, 0);
+
+ __get_user(tv->tv_sec, &target_tv->tv_sec);
+ __get_user(tv->tv_usec, &target_tv->tv_usec);
+
+ unlock_user_struct(target_tv, target_tv_addr, 0);
return 0;
}
-static inline abi_long host_to_target_timeval(abi_ulong target_addr,
- const struct timeval *tv)
+static inline abi_long copy_to_user_timeval(abi_ulong target_tv_addr,
+ const struct timeval *tv)
{
struct target_timeval *target_tv;
- if (!lock_user_struct(VERIFY_WRITE, target_tv, target_addr, 0))
+ if (!lock_user_struct(VERIFY_WRITE, target_tv, target_tv_addr, 0))
return -TARGET_EFAULT;
- target_tv->tv_sec = tswapl(tv->tv_sec);
- target_tv->tv_usec = tswapl(tv->tv_usec);
- unlock_user_struct(target_tv, target_addr, 1);
+
+ __put_user(tv->tv_sec, &target_tv->tv_sec);
+ __put_user(tv->tv_usec, &target_tv->tv_usec);
+
+ unlock_user_struct(target_tv, target_tv_addr, 1);
return 0;
}
@@ -614,7 +618,8 @@
}
if (target_tv_addr) {
- target_to_host_timeval(&tv, target_tv_addr);
+ if (copy_from_user_timeval(&tv, target_tv_addr))
+ return -TARGET_EFAULT;
tv_ptr = &tv;
} else {
tv_ptr = NULL;
@@ -630,8 +635,8 @@
if (efd_addr && copy_to_user_fdset(efd_addr, &efds, n))
return -TARGET_EFAULT;
- if (target_tv_addr)
- host_to_target_timeval(target_tv_addr, &tv);
+ if (target_tv_addr && copy_to_user_timeval(target_tv_addr, &tv))
+ return -TARGET_EFAULT;
}
return ret;
@@ -3392,9 +3397,10 @@
{
struct timeval *tvp, tv[2];
if (arg2) {
- target_to_host_timeval(&tv[0], arg2);
- target_to_host_timeval(&tv[1],
- arg2 + sizeof (struct target_timeval));
+ if (copy_from_user_timeval(&tv[0], arg2)
+ || copy_from_user_timeval(&tv[1],
+ arg2 + sizeof(struct target_timeval)))
+ goto efault;
tvp = tv;
} else {
tvp = NULL;
@@ -3934,14 +3940,16 @@
struct timeval tv;
ret = get_errno(gettimeofday(&tv, NULL));
if (!is_error(ret)) {
- host_to_target_timeval(arg1, &tv);
+ if (copy_to_user_timeval(arg1, &tv))
+ goto efault;
}
}
break;
case TARGET_NR_settimeofday:
{
struct timeval tv;
- target_to_host_timeval(&tv, arg1);
+ if (copy_from_user_timeval(&tv, arg1))
+ goto efault;
ret = get_errno(settimeofday(&tv, NULL));
}
break;
@@ -4316,19 +4324,20 @@
if (arg2) {
pvalue = &value;
- target_to_host_timeval(&pvalue->it_interval,
- arg2);
- target_to_host_timeval(&pvalue->it_value,
- arg2 + sizeof(struct target_timeval));
+ if (copy_from_user_timeval(&pvalue->it_interval, arg2)
+ || copy_from_user_timeval(&pvalue->it_value,
+ arg2 + sizeof(struct target_timeval)))
+ goto efault;
} else {
pvalue = NULL;
}
ret = get_errno(setitimer(arg1, pvalue, &ovalue));
if (!is_error(ret) && arg3) {
- host_to_target_timeval(arg3,
- &ovalue.it_interval);
- host_to_target_timeval(arg3 + sizeof(struct target_timeval),
- &ovalue.it_value);
+ if (copy_to_user_timeval(arg3,
+ &ovalue.it_interval)
+ || copy_to_user_timeval(arg3 + sizeof(struct target_timeval),
+ &ovalue.it_value))
+ goto efault;
}
}
break;
@@ -4338,10 +4347,11 @@
ret = get_errno(getitimer(arg1, &value));
if (!is_error(ret) && arg2) {
- host_to_target_timeval(arg2,
- &value.it_interval);
- host_to_target_timeval(arg2 + sizeof(struct target_timeval),
- &value.it_value);
+ if (copy_to_user_timeval(arg2,
+ &value.it_interval)
+ || copy_to_user_timeval(arg2 + sizeof(struct target_timeval),
+ &value.it_value))
+ goto efault;
}
}
break;
next prev parent reply other threads:[~2007-11-21 4:17 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-11-20 19:00 [Qemu-devel] [PATCH] additional EFAULT patches Thayne Harbaugh
2007-11-20 19:08 ` [Qemu-devel] Re: [PATCH] 06_efault.3.patch - copy_from_user_fdset() Thayne Harbaugh
2007-11-20 19:30 ` Thayne Harbaugh
2007-11-21 4:09 ` Thayne Harbaugh [this message]
2007-11-21 4:11 ` [Qemu-devel] Re: [PATCH] 06_efault.5.timespec.patch Thayne Harbaugh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1195618163.5187.14.camel@phantasm.home.enterpriseandprosperity.com \
--to=thayne@c2.net \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).