From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:41963)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <j.neuschaefer@gmx.net>) id 1ZUyVv-0004Fr-RE
	for qemu-devel@nongnu.org; Thu, 27 Aug 2015 10:50:52 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <j.neuschaefer@gmx.net>) id 1ZUyVs-0001Ww-MI
	for qemu-devel@nongnu.org; Thu, 27 Aug 2015 10:50:51 -0400
Received: from mout.gmx.net ([212.227.17.22]:54389)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <j.neuschaefer@gmx.net>) id 1ZUyVs-0001Vr-26
	for qemu-devel@nongnu.org; Thu, 27 Aug 2015 10:50:48 -0400
Date: Thu, 27 Aug 2015 16:50:35 +0200
From: Jonathan =?utf-8?Q?Neusch=C3=A4fer?= <j.neuschaefer@gmx.net>
Message-ID: <20150827145035.GA13532@latitude>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Subject: [Qemu-devel] [PATCH] linux-user: fix host_to_target_cmsg in case of
 multiple headers
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: Riku Voipio <riku.voipio@iki.fi>

In the current implementation, __target_cmsg_nxthdr compares a pointer
derived from target_cmsg against the msg_control field of target_msgh
(through subtraction).  This failed for me when emulating i386 code
under x86_64, because pointers in the host address space and pointers in
the guest address space were not the same.  This patch adds a g2h()
address translation around the msg_control value.

Signed-off-by: Jonathan Neuschäfer <j.neuschaefer@gmx.net>
---
 linux-user/syscall_defs.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h
index edd5f3c..1eaaf2a 100644
--- a/linux-user/syscall_defs.h
+++ b/linux-user/syscall_defs.h
@@ -248,7 +248,7 @@ __target_cmsg_nxthdr (struct target_msghdr *__mhdr, struct target_cmsghdr *__cms
 
   __ptr = (struct target_cmsghdr *)((unsigned char *) __cmsg
                                     + TARGET_CMSG_ALIGN (tswapal(__cmsg->cmsg_len)));
-  if ((unsigned long)((char *)(__ptr+1) - (char *)(size_t)tswapal(__mhdr->msg_control))
+  if ((unsigned long)((char *)(__ptr+1) - (char *)g2h(tswapal(__mhdr->msg_control)))
       > tswapal(__mhdr->msg_controllen))
     /* No more entries.  */
     return (struct target_cmsghdr *)0;
-- 
2.5.0