From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:60881) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b3LiC-0007Go-LR for qemu-devel@nongnu.org; Thu, 19 May 2016 07:01:56 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1b3LiB-0007fD-LS for qemu-devel@nongnu.org; Thu, 19 May 2016 07:01:52 -0400 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:57160) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b3LiB-0007dJ-EN for qemu-devel@nongnu.org; Thu, 19 May 2016 07:01:51 -0400 From: Peter Maydell Date: Thu, 19 May 2016 12:01:40 +0100 Message-Id: <1463655700-4559-1-git-send-email-peter.maydell@linaro.org> Subject: [Qemu-devel] [PATCH] linux-user: Handle negative values in timespec conversion List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: patches@linaro.org, Riku Voipio In a struct timespec, both fields are signed longs. Converting them from guest to host with code like host_ts->tv_sec = tswapal(target_ts->tv_sec); mishandles negative values if the guest has 32-bit longs and the host has 64-bit longs because tswapal()'s return type is abi_ulong: the assignment will zero-extend into the host long type rather than sign-extending it. Make the conversion routines use __get_user() and __set_user() instead: this automatically picks up the signedness of the field type and does the correct kind of sign or zero extension. It also handles the possibility that the target struct is not sufficiently aligned for the host's requirements. In particular, this fixes a hang when running the Linux Test Project mq_timedsend01 and mq_timedreceive01 tests: one of the test cases sets the timeout to -1 and expects an EINVAL failure, but we were setting a very long timeout instead. Signed-off-by: Peter Maydell --- I suspect many of the uses of tswap*() in syscall.c should really be using the get/put user functions instead, but don't propose to audit them all now. --- linux-user/syscall.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 032d338..077175f 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -5137,8 +5137,8 @@ static inline abi_long target_to_host_timespec(struct timespec *host_ts, if (!lock_user_struct(VERIFY_READ, target_ts, target_addr, 1)) return -TARGET_EFAULT; - host_ts->tv_sec = tswapal(target_ts->tv_sec); - host_ts->tv_nsec = tswapal(target_ts->tv_nsec); + __get_user(host_ts->tv_sec, &target_ts->tv_sec); + __get_user(host_ts->tv_nsec, &target_ts->tv_nsec); unlock_user_struct(target_ts, target_addr, 0); return 0; } @@ -5150,8 +5150,8 @@ static inline abi_long host_to_target_timespec(abi_ulong target_addr, if (!lock_user_struct(VERIFY_WRITE, target_ts, target_addr, 0)) return -TARGET_EFAULT; - target_ts->tv_sec = tswapal(host_ts->tv_sec); - target_ts->tv_nsec = tswapal(host_ts->tv_nsec); + __put_user(host_ts->tv_sec, &target_ts->tv_sec); + __put_user(host_ts->tv_nsec, &target_ts->tv_nsec); unlock_user_struct(target_ts, target_addr, 1); return 0; } -- 1.9.1