From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:47532)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <riku.voipio@linaro.org>) id 1ZgYd9-00043c-8e
	for qemu-devel@nongnu.org; Mon, 28 Sep 2015 09:38:12 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <riku.voipio@linaro.org>) id 1ZgYd4-0004xy-8w
	for qemu-devel@nongnu.org; Mon, 28 Sep 2015 09:38:11 -0400
Received: from jessie.kos.to ([212.47.231.226]:45119 helo=pilvi.kos.to)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <riku.voipio@linaro.org>) id 1ZgYd3-0004xT-Ue
	for qemu-devel@nongnu.org; Mon, 28 Sep 2015 09:38:06 -0400
Date: Mon, 28 Sep 2015 16:38:03 +0300
From: Riku Voipio <riku.voipio@iki.fi>
Message-ID: <20150928133803.GD20506@kos.to>
References: <CAFEAcA_NfPiiz5sKp6pvQzs-yr_zd2bsJx+d__d7MxoutJdRTA@mail.gmail.com>
	<20150903052726.GD1761@latitude>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <20150903052726.GD1761@latitude>
Content-Transfer-Encoding: quoted-printable
Subject: Re: [Qemu-devel] [PATCH] linux-user: fix cmsg conversion in case of
 multiple headers
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Jonathan =?utf-8?Q?Neusch=C3=A4fer?= <j.neuschaefer@gmx.net>
Cc: Peter Maydell <peter.maydell@linaro.org>, QEMU Developers <qemu-devel@nongnu.org>

Hi,

On Thu, Sep 03, 2015 at 07:27:26AM +0200, Jonathan Neusch=C3=A4fer wrote:
> Currently, __target_cmsg_nxthdr compares a pointer derived from
> target_cmsg against the msg_control field of target_msgh (through
> subtraction).  This failed for me when emulating i386 code under x86_64=
,
> because pointers in the host address space and pointers in the guest
> address space were not the same.  This patch passes the initial value o=
f
> target_cmsg into __target_cmsg_nxthdr.
>=20
> I found and fixed two more related bugs:
> - __target_cmsg_nxthdr now returns the new cmsg pointer instead of the
>   old one.
> - tgt_space (in host_to_target_cmsg) doesn't count "sizeof (struct
>   target_cmsghdr)" twice anymore.

Applied to linux-user tree, thanks.

> Signed-off-by: Jonathan Neusch=C3=A4fer <j.neuschaefer@gmx.net>
> --

For next time, use three dashes "---" to separate version-to-version
change descriptions from commit messages. This way git will
automatically leave them out when doing git am.

> Changes since v2:
> - The patch is now clean WRT checkpatch.pl
> Changes since v1:
> - Follow Peter Maydell's advice on how to fix the first bug
> - The "two more related bugs"
> ---
>  linux-user/syscall.c      | 14 +++++++++-----
>  linux-user/syscall_defs.h | 14 +++++++++-----
>  2 files changed, 18 insertions(+), 10 deletions(-)
>=20
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index f62c698..12a6cd2 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -1181,7 +1181,7 @@ static inline abi_long target_to_host_cmsg(struct=
 msghdr *msgh,
>      struct cmsghdr *cmsg =3D CMSG_FIRSTHDR(msgh);
>      abi_long msg_controllen;
>      abi_ulong target_cmsg_addr;
> -    struct target_cmsghdr *target_cmsg;
> +    struct target_cmsghdr *target_cmsg, *target_cmsg_start;
>      socklen_t space =3D 0;
>     =20
>      msg_controllen =3D tswapal(target_msgh->msg_controllen);
> @@ -1189,6 +1189,7 @@ static inline abi_long target_to_host_cmsg(struct=
 msghdr *msgh,
>          goto the_end;
>      target_cmsg_addr =3D tswapal(target_msgh->msg_control);
>      target_cmsg =3D lock_user(VERIFY_READ, target_cmsg_addr, msg_contr=
ollen, 1);
> +    target_cmsg_start =3D target_cmsg;
>      if (!target_cmsg)
>          return -TARGET_EFAULT;
> =20
> @@ -1247,7 +1248,8 @@ static inline abi_long target_to_host_cmsg(struct=
 msghdr *msgh,
>          }
> =20
>          cmsg =3D CMSG_NXTHDR(msgh, cmsg);
> -        target_cmsg =3D TARGET_CMSG_NXTHDR(target_msgh, target_cmsg);
> +        target_cmsg =3D TARGET_CMSG_NXTHDR(target_msgh, target_cmsg,
> +                                         target_cmsg_start);
>      }
>      unlock_user(target_cmsg, target_cmsg_addr, 0);
>   the_end:
> @@ -1261,7 +1263,7 @@ static inline abi_long host_to_target_cmsg(struct=
 target_msghdr *target_msgh,
>      struct cmsghdr *cmsg =3D CMSG_FIRSTHDR(msgh);
>      abi_long msg_controllen;
>      abi_ulong target_cmsg_addr;
> -    struct target_cmsghdr *target_cmsg;
> +    struct target_cmsghdr *target_cmsg, *target_cmsg_start;
>      socklen_t space =3D 0;
> =20
>      msg_controllen =3D tswapal(target_msgh->msg_controllen);
> @@ -1269,6 +1271,7 @@ static inline abi_long host_to_target_cmsg(struct=
 target_msghdr *target_msgh,
>          goto the_end;
>      target_cmsg_addr =3D tswapal(target_msgh->msg_control);
>      target_cmsg =3D lock_user(VERIFY_WRITE, target_cmsg_addr, msg_cont=
rollen, 0);
> +    target_cmsg_start =3D target_cmsg;
>      if (!target_cmsg)
>          return -TARGET_EFAULT;
> =20
> @@ -1382,14 +1385,15 @@ static inline abi_long host_to_target_cmsg(stru=
ct target_msghdr *target_msgh,
>          }
> =20
>          target_cmsg->cmsg_len =3D tswapal(tgt_len);
> -        tgt_space =3D TARGET_CMSG_SPACE(tgt_len);
> +        tgt_space =3D TARGET_CMSG_SPACE(len);
>          if (msg_controllen < tgt_space) {
>              tgt_space =3D msg_controllen;
>          }
>          msg_controllen -=3D tgt_space;
>          space +=3D tgt_space;
>          cmsg =3D CMSG_NXTHDR(msgh, cmsg);
> -        target_cmsg =3D TARGET_CMSG_NXTHDR(target_msgh, target_cmsg);
> +        target_cmsg =3D TARGET_CMSG_NXTHDR(target_msgh, target_cmsg,
> +                                         target_cmsg_start);
>      }
>      unlock_user(target_cmsg, target_cmsg_addr, space);
>   the_end:
> diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h
> index edd5f3c..9d3c537 100644
> --- a/linux-user/syscall_defs.h
> +++ b/linux-user/syscall_defs.h
> @@ -234,7 +234,8 @@ struct target_cmsghdr {
>  };
> =20
>  #define TARGET_CMSG_DATA(cmsg) ((unsigned char *) ((struct target_cmsg=
hdr *) (cmsg) + 1))
> -#define TARGET_CMSG_NXTHDR(mhdr, cmsg) __target_cmsg_nxthdr (mhdr, cms=
g)
> +#define TARGET_CMSG_NXTHDR(mhdr, cmsg, cmsg_start) \
> +                               __target_cmsg_nxthdr(mhdr, cmsg, cmsg_s=
tart)
>  #define TARGET_CMSG_ALIGN(len) (((len) + sizeof (abi_long) - 1) \
>                                 & (size_t) ~(sizeof (abi_long) - 1))
>  #define TARGET_CMSG_SPACE(len) (TARGET_CMSG_ALIGN (len) \
> @@ -242,17 +243,20 @@ struct target_cmsghdr {
>  #define TARGET_CMSG_LEN(len)   (TARGET_CMSG_ALIGN (sizeof (struct targ=
et_cmsghdr)) + (len))
> =20
>  static __inline__ struct target_cmsghdr *
> -__target_cmsg_nxthdr (struct target_msghdr *__mhdr, struct target_cmsg=
hdr *__cmsg)
> +__target_cmsg_nxthdr(struct target_msghdr *__mhdr,
> +                     struct target_cmsghdr *__cmsg,
> +                     struct target_cmsghdr *__cmsg_start)
>  {
>    struct target_cmsghdr *__ptr;
> =20
>    __ptr =3D (struct target_cmsghdr *)((unsigned char *) __cmsg
>                                      + TARGET_CMSG_ALIGN (tswapal(__cms=
g->cmsg_len)));
> -  if ((unsigned long)((char *)(__ptr+1) - (char *)(size_t)tswapal(__mh=
dr->msg_control))
> -      > tswapal(__mhdr->msg_controllen))
> +  if ((unsigned long)((char *)(__ptr+1) - (char *)__cmsg_start)
> +      > tswapal(__mhdr->msg_controllen)) {
>      /* No more entries.  */
>      return (struct target_cmsghdr *)0;
> -  return __cmsg;
> +  }
> +  return __ptr;
>  }
> =20
>  struct target_mmsghdr {
> --=20
> 2.5.0
>=20