[Qemu-devel] Fix writev syscall emulation

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

* [Qemu-devel] Fix writev syscall emulation
@ 2008-02-04 20:03 Richard Purdie
  2008-02-04 20:36 ` Kirill A. Shutemov
  0 siblings, 1 reply; 2+ messages in thread
From: Richard Purdie @ 2008-02-04 20:03 UTC (permalink / raw)
  To: qemu-devel

Hi,

OpenEmbedded/Poky use qemu for locale generation when cross compiling.
When we upgraded to qemu 0.9.1 it started giving locale generation
errors on all 64 bit machines and some 32 bit ones.

I've traced it to the writev syscall failing. localedef passes several
{ NULL, 0 } iovec entries which trip up lock_iovec(). That function is
returning an error for these but the return value isn't checked. The
syscall is therefore always made but sometimes with a iovec that has
only been half copied. If the total writes exceed size_t, EINVAL is
returned by the kernel and glibc code emulates the call with a write
which is most likely to happen on 32 bit so it sometimes works. size_t
is unlikely to be exceeded on 64 bit so that returns an EFAULT and
always corrupts/fails.

Anyhow, it seems 0 length iovec entries are allowed and we shouldn't
care about the addresses in those cases. The patch below is one way to
fix this. Ideally the return value of lock_iovec() needs be be checked
too.

Regards,

Richard

---
 linux-user/syscall.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Index: qemu-0.9.1/linux-user/syscall.c
===================================================================
--- qemu-0.9.1.orig/linux-user/syscall.c	2008-02-03 00:00:00.000000000 +0000
+++ qemu-0.9.1/linux-user/syscall.c	2008-02-03 00:00:38.000000000 +0000
@@ -1048,7 +1048,7 @@ static abi_long lock_iovec(int type, str
         base = tswapl(target_vec[i].iov_base);
         vec[i].iov_len = tswapl(target_vec[i].iov_len);
         vec[i].iov_base = lock_user(type, base, vec[i].iov_len, copy);
-	if (!vec[i].iov_base) 
+	if (!vec[i].iov_base && vec[i].iov_len) 
             goto fail;
     }
     unlock_user (target_vec, target_addr, 0);

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [Qemu-devel] Fix writev syscall emulation
  2008-02-04 20:03 [Qemu-devel] Fix writev syscall emulation Richard Purdie
@ 2008-02-04 20:36 ` Kirill A. Shutemov
  0 siblings, 0 replies; 2+ messages in thread
From: Kirill A. Shutemov @ 2008-02-04 20:36 UTC (permalink / raw)
  To: qemu-devel

[-- Attachment #1: Type: text/plain, Size: 2100 bytes --]

On [Mon, 04.02.2008 20:03], Richard Purdie wrote:
> Hi,
> 
> OpenEmbedded/Poky use qemu for locale generation when cross compiling.
> When we upgraded to qemu 0.9.1 it started giving locale generation
> errors on all 64 bit machines and some 32 bit ones.
> 
> I've traced it to the writev syscall failing. localedef passes several
> { NULL, 0 } iovec entries which trip up lock_iovec(). That function is
> returning an error for these but the return value isn't checked. The
> syscall is therefore always made but sometimes with a iovec that has
> only been half copied. If the total writes exceed size_t, EINVAL is
> returned by the kernel and glibc code emulates the call with a write
> which is most likely to happen on 32 bit so it sometimes works. size_t
> is unlikely to be exceeded on 64 bit so that returns an EFAULT and
> always corrupts/fails.
> 
> Anyhow, it seems 0 length iovec entries are allowed and we shouldn't
> care about the addresses in those cases. The patch below is one way to
> fix this. Ideally the return value of lock_iovec() needs be be checked
> too.
> 
> Regards,
> 
> Richard
> 
> ---
>  linux-user/syscall.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> Index: qemu-0.9.1/linux-user/syscall.c
> ===================================================================
> --- qemu-0.9.1.orig/linux-user/syscall.c	2008-02-03 00:00:00.000000000 +0000
> +++ qemu-0.9.1/linux-user/syscall.c	2008-02-03 00:00:38.000000000 +0000
> @@ -1048,7 +1048,7 @@ static abi_long lock_iovec(int type, str
>          base = tswapl(target_vec[i].iov_base);
>          vec[i].iov_len = tswapl(target_vec[i].iov_len);
>          vec[i].iov_base = lock_user(type, base, vec[i].iov_len, copy);
> -	if (!vec[i].iov_base) 
> +	if (!vec[i].iov_base && vec[i].iov_len) 
>              goto fail;
>      }
>      unlock_user (target_vec, target_addr, 0);

I have post similar patch some days ago.

-- 
Regards,  Kirill A. Shutemov
 + Belarus, Minsk
 + Velesys Ltd, http://www.velesys.com/
 + ALT Linux Team, http://www.altlinux.com/

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 197 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2008-02-04 20:34 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-02-04 20:03 [Qemu-devel] Fix writev syscall emulation Richard Purdie
2008-02-04 20:36 ` Kirill A. Shutemov

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).