From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1KzPik-0002uy-GD
	for qemu-devel@nongnu.org; Mon, 10 Nov 2008 00:53:54 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1KzPij-0002tx-QQ
	for qemu-devel@nongnu.org; Mon, 10 Nov 2008 00:53:54 -0500
Received: from [199.232.76.173] (port=46371 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1KzPij-0002to-NE
	for qemu-devel@nongnu.org; Mon, 10 Nov 2008 00:53:53 -0500
Received: from ey-out-1920.google.com ([74.125.78.147]:64744)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <kirill@shutemov.name>) id 1KzPij-0006Yo-6q
	for qemu-devel@nongnu.org; Mon, 10 Nov 2008 00:53:53 -0500
Received: by ey-out-1920.google.com with SMTP id 4so876953eyk.4
	for <qemu-devel@nongnu.org>; Sun, 09 Nov 2008 21:53:50 -0800 (PST)
Date: Mon, 10 Nov 2008 07:55:40 +0200
From: "Kirill A. Shutemov" <kirill@shutemov.name>
Subject: Re: [Qemu-devel] [PATCH] mmap: add check if requested memory area
	fits target address space
Message-ID: <20081110055540.GA2423@localhost.localdomain>
References: <1223892640-15545-13-git-send-email-kirill@shutemov.name>
	<1224225264-8483-1-git-send-email-kirill@shutemov.name>
	<fb249edb0810270608x64a351fav83ddcd26d58a9780@mail.gmail.com>
	<20081027154835.GA10763@localhost.localdomain>
	<fb249edb0810271237n3165107dtbeb11bcf84b02e43@mail.gmail.com>
	<20081027200654.GC10763@localhost.localdomain>
	<fb249edb0811091930h142dc9f3l39052fd48214201c@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="vkogqOf2sHV7VnPd"
Content-Disposition: inline
In-Reply-To: <fb249edb0811091930h142dc9f3l39052fd48214201c@mail.gmail.com>
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: andrzej zaborowski <balrogg@gmail.com>
Cc: qemu-devel@nongnu.org


--vkogqOf2sHV7VnPd
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Nov 10, 2008 at 04:30:39AM +0100, andrzej zaborowski wrote:
> Sorry to resurrect this old thread, I still can't convince myself.
>=20
> 2008/10/27 Kirill A. Shutemov <kirill@shutemov.name>:
> > On Mon, Oct 27, 2008 at 08:37:39PM +0100, andrzej zaborowski wrote:
> >> 2008/10/27 Kirill A. Shutemov <kirill@shutemov.name>:
> >> > On Mon, Oct 27, 2008 at 02:08:52PM +0100, andrzej zaborowski wrote:
> >> >> On 17/10/2008, Kirill A. Shutemov <kirill@shutemov.name> wrote:
> >> >> > Signed-off-by: Kirill A. Shutemov <kirill@shutemov.name>
> >> >> >  ---
> >> >> >   linux-user/mmap.c |    5 +++++
> >> >> >   1 files changed, 5 insertions(+), 0 deletions(-)
> >> >> >
> >> >> >  diff --git a/linux-user/mmap.c b/linux-user/mmap.c
> >> >> >  index bc20f4b..9a2f355 100644
> >> >> >  --- a/linux-user/mmap.c
> >> >> >  +++ b/linux-user/mmap.c
> >> >> >  @@ -388,6 +388,11 @@ abi_long target_mmap(abi_ulong start, abi_u=
long len, int prot,
> >> >> >          end =3D start + len;
> >> >> >          real_end =3D HOST_PAGE_ALIGN(end);
> >> >> >
> >> >> >  +        if ((unsigned long)start + len > (abi_ulong) -1) {
> >> >> >  +            errno =3D EINVAL;
> >> >> >  +            goto fail;
> >> >> >  +        }
> >> >>
> >> >> I'm being picky but this would prevent the last byte from being use=
d?
> >> >> :p  (or the last page because len is aligned?)
> >> >
> >> > No, it returns error if start + len is more than 0xFFFFFFFF (32-bit
> >> > target).
> >> >
> >> >>
> >> >> I'm not sure unsigned long is the best choice.
> >> >
> >> > Why?
> >>
> >> I may be misunderstanding but I think the range of valid addresses
> >> should depend on target word size, not host (even if the combination
> >> where it matters is not yet supported).
> >
> > start + len can be more than 0xFFFFFFFF ((abi_ulong) -1) on 32-bit targ=
ets,
> > so we should use host's long.
> >
> >> On a 32-bit host the condition is always false.
> >
> > It's ok. It can be true, only on 64-bit host.
>=20
> Let's say we have a 32-bit host and target, the call receives start =3D=3D
> 0xffff0050 and len =3D=3D 0x100000, the check passes, when it shouldn't
> (?).  On a 64-bit host it would fail, but this check should be
> independent of the host type.
> (It'll probably fail later in the host mmap() -- but in the meantime
> mmap_frag() might succeed for example)

mmap_frag() will not be called if host mmap() fail. mmap can fail on many
conditions, it's one of them.

Probably, I should add comment to this check, that it's for 64-bit host
only. Ok?

--=20
Regards,  Kirill A. Shutemov
 + Belarus, Minsk
 + ALT Linux Team, http://www.altlinux.com/

--vkogqOf2sHV7VnPd
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkkXzNwACgkQbWYnhzC5v6pChgCgiYzwtw/s/tQkli8o9x4je8TY
kEQAn14uQssIHioad/GwzGzMAwUNMw6M
=Xeu1
-----END PGP SIGNATURE-----

--vkogqOf2sHV7VnPd--