From: Thayne Harbaugh <thayne@c2.net>
To: qemu-devel <qemu-devel@nongnu.org>
Subject: [Qemu-devel] Re: [PATCH] 06_efault.5.timespec.patch
Date: Tue, 20 Nov 2007 21:11:13 -0700 [thread overview]
Message-ID: <1195618273.5187.17.camel@phantasm.home.enterpriseandprosperity.com> (raw)
In-Reply-To: <1195585207.5240.5.camel@phantasm.home.enterpriseandprosperity.com>
[-- Attachment #1: Type: text/plain, Size: 109 bytes --]
This uses __get_user()/__put_user() for copy_{to,from}_user_timespec().
It checks and handles return values.
[-- Attachment #2: 06_efault.5.timespec.patch --]
[-- Type: text/x-patch, Size: 4377 bytes --]
Index: qemu/linux-user/syscall.c
===================================================================
--- qemu.orig/linux-user/syscall.c 2007-11-20 13:21:38.000000000 -0700
+++ qemu/linux-user/syscall.c 2007-11-20 13:51:28.000000000 -0700
@@ -3026,28 +3026,36 @@
}
#endif
-static inline abi_long target_to_host_timespec(struct timespec *host_ts,
- abi_ulong target_addr)
+static inline abi_long copy_from_user_timespec(struct timespec *host_ts,
+ abi_ulong target_ts_addr)
{
struct target_timespec *target_ts;
- if (!lock_user_struct(VERIFY_READ, target_ts, target_addr, 1))
+ if (!lock_user_struct(VERIFY_READ, target_ts, target_ts_addr, 1))
return -TARGET_EFAULT;
- host_ts->tv_sec = tswapl(target_ts->tv_sec);
- host_ts->tv_nsec = tswapl(target_ts->tv_nsec);
- unlock_user_struct(target_ts, target_addr, 0);
+
+ __get_user(host_ts->tv_sec, &target_ts->tv_sec);
+ __get_user(host_ts->tv_nsec, &target_ts->tv_nsec);
+
+ unlock_user_struct(target_ts, target_ts_addr, 0);
+
+ return 0;
}
-static inline abi_long host_to_target_timespec(abi_ulong target_addr,
- struct timespec *host_ts)
+static inline abi_long copy_to_user_timespec(abi_ulong target_ts_addr,
+ const struct timespec *host_ts)
{
struct target_timespec *target_ts;
- if (!lock_user_struct(VERIFY_WRITE, target_ts, target_addr, 0))
+ if (!lock_user_struct(VERIFY_WRITE, target_ts, target_ts_addr, 0))
return -TARGET_EFAULT;
- target_ts->tv_sec = tswapl(host_ts->tv_sec);
- target_ts->tv_nsec = tswapl(host_ts->tv_nsec);
- unlock_user_struct(target_ts, target_addr, 1);
+
+ __put_user(host_ts->tv_sec, &target_ts->tv_sec);
+ __put_user(host_ts->tv_nsec, &target_ts->tv_nsec);
+
+ unlock_user_struct(target_ts, target_ts_addr, 1);
+
+ return 0;
}
/* do_syscall() should always have a single exit point at the end so
@@ -3855,7 +3863,8 @@
unlock_user(p, arg1, 0);
if (arg3) {
puts = &uts;
- target_to_host_timespec(puts, arg3);
+ if (copy_from_user_timespec(puts, arg3))
+ goto efault;
} else {
puts = NULL;
}
@@ -4807,17 +4816,21 @@
struct timespec ts;
ret = get_errno(sched_rr_get_interval(arg1, &ts));
if (!is_error(ret)) {
- host_to_target_timespec(arg2, &ts);
+ if (copy_to_user_timespec(arg2, &ts))
+ goto efault;
}
}
break;
case TARGET_NR_nanosleep:
{
struct timespec req, rem;
- target_to_host_timespec(&req, arg1);
+
+ if (copy_from_user_timespec(&req, arg1))
+ goto efault;
ret = get_errno(nanosleep(&req, &rem));
- if (is_error(ret) && arg2) {
- host_to_target_timespec(arg2, &rem);
+ if (!is_error(ret) && arg2) {
+ if (copy_to_user_timespec(arg2, &rem))
+ goto efault;
}
}
break;
@@ -5491,7 +5504,8 @@
struct timespec ts;
ret = get_errno(clock_gettime(arg1, &ts));
if (!is_error(ret)) {
- host_to_target_timespec(arg2, &ts);
+ if (copy_to_user_timespec(arg2, &ts))
+ goto efault;
}
break;
}
@@ -5502,7 +5516,8 @@
struct timespec ts;
ret = get_errno(clock_getres(arg1, &ts));
if (!is_error(ret)) {
- host_to_target_timespec(arg2, &ts);
+ if (copy_to_user_timespec(arg2, &ts))
+ goto efault;
}
break;
}
@@ -5535,8 +5550,10 @@
case TARGET_NR_utimensat:
{
struct timespec ts[2];
- target_to_host_timespec(ts, arg3);
- target_to_host_timespec(ts+1, arg3+sizeof(struct target_timespec));
+
+ if (copy_from_user_timespec(ts, arg3)
+ || copy_from_user_timespec(ts+1, arg3+sizeof(struct target_timespec)))
+ goto efault;
if (!arg2)
ret = get_errno(sys_utimensat(arg1, NULL, ts, arg4));
else {
prev parent reply other threads:[~2007-11-21 4:19 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-11-20 19:00 [Qemu-devel] [PATCH] additional EFAULT patches Thayne Harbaugh
2007-11-20 19:08 ` [Qemu-devel] Re: [PATCH] 06_efault.3.patch - copy_from_user_fdset() Thayne Harbaugh
2007-11-20 19:30 ` Thayne Harbaugh
2007-11-21 4:09 ` [Qemu-devel] Re: [PATCH] 06_efault.4.patch - timeval Thayne Harbaugh
2007-11-21 4:11 ` Thayne Harbaugh [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1195618273.5187.17.camel@phantasm.home.enterpriseandprosperity.com \
--to=thayne@c2.net \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).