From: Laurent Vivier <laurent@vivier.eu>
To: Chen Gang <chengang@emindsoft.com.cn>, riku.voipio@iki.fi
Cc: qemu-devel@nongnu.org
Subject: Re: [PATCH v5] linux-user: syscall: ioctls: support DRM_IOCTL_VERSION
Date: Wed, 3 Jun 2020 14:03:41 +0200 [thread overview]
Message-ID: <1e1a2b6d-39ea-04aa-80ea-bcccdfd84a49@vivier.eu> (raw)
In-Reply-To: <ce96cb20-80e7-e561-1eee-fcdca38d376f@emindsoft.com.cn>
Le 03/06/2020 à 13:05, Chen Gang a écrit :
> On 2020/6/3 下午5:49, Laurent Vivier wrote:
>> Le 03/06/2020 à 03:08, chengang@emindsoft.com.cn a écrit :
>>> +#ifdef HAVE_DRM_H
>>> +
>>> +static void unlock_drm_version(struct drm_version *host_ver)
>>> +{
>>> + if (host_ver->name) {
>>> + unlock_user(host_ver->name, 0UL, 0);
>>
>> unlock_user() allows to have a NULL host pointer parameter, so you don't
>> need to check. But you must provide the target pointer, with the length.
>> The same below.
>>
>
> As far as I know, the unlock_user is defined in
> include/exec/softmmu-semi.h, which only checks the len before calling
> cpu_memory_rw_debug, and only calls free() for the host pointer.
>
> So we have to be sure that the host pointer must be valid. When we pass
> 0 length to unlock_user, we want it to free host pointer only.
No, it is defined in our case in linux-user/qemu.h, and associated
comment is:
/* Unlock an area of guest memory. The first LEN bytes must be
flushed back to guest memory. host_ptr = NULL is explicitly
allowed and does nothing. */
>
>>> + if (host_ver->desc_len) {
>>> + host_ver->desc = lock_user(VERIFY_WRITE, target_ver->desc,
>>> + target_ver->desc_len, 0);
>>> + if (!host_ver->desc) {
>>> + goto err;
>>> + }
>>> + }
>>> +
>>> + unlock_user_struct(target_ver, target_addr, 0);
>>> + return 0;
>>> +err:
>>> + unlock_drm_version(host_ver);
>>> + unlock_user_struct(target_ver, target_addr, 0);
>>> + return -ENOMEM;
>>
>> In fact it should be -TARGET_EFAULT: it has failed because of access rights.
>>
>
> As far as I know, the lock_user is defined in
> include/exec/softmmu-semi.h. If the parameter 'copy' is 0 (in our case),
> lock_user will only malloc a host pointer and return it.
No, in linux-user/qemu.h:
/* Lock an area of guest memory into the host. If copy is true then the
host area will have the same contents as the guest. */
> In our case, I guess the only failure from malloc() is "no memory".
See use-cases in syscall.c, they all fail with -TARGET_EFAULT.
Thanks,
Laurent
next prev parent reply other threads:[~2020-06-03 12:04 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-03 1:08 [PATCH v5] linux-user: syscall: ioctls: support DRM_IOCTL_VERSION chengang
2020-06-03 9:49 ` Laurent Vivier
2020-06-03 11:05 ` Chen Gang
2020-06-03 12:03 ` Laurent Vivier [this message]
2020-06-04 1:04 ` Chen Gang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1e1a2b6d-39ea-04aa-80ea-bcccdfd84a49@vivier.eu \
--to=laurent@vivier.eu \
--cc=chengang@emindsoft.com.cn \
--cc=qemu-devel@nongnu.org \
--cc=riku.voipio@iki.fi \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).