[Qemu-devel] [PATCH] linux-user: Safety belt for h2g

[Qemu-devel] [PATCH] linux-user: Safety belt for h2g

[Jan Kiszka]

h2g can only work on 64-bit hosts if the provided address is mappable to
the guest range. Neglecting this was already the source for several
bugs. Instrument the macro so that it will trigger earlier in the
future (at least as long as we have this kind of mapping mechanism).

Signed-off-by: Jan Kiszka <jan.kiszka@web.de>
---
 cpu-all.h |    8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

Index: b/cpu-all.h
===================================================================
--- a/cpu-all.h
+++ b/cpu-all.h
@@ -659,6 +659,8 @@ static inline void stfq_be_p(void *ptr,
 /* MMU memory access macros */
 
 #if defined(CONFIG_USER_ONLY)
+#include <assert.h>
+
 /* On some host systems the guest address space is reserved on the host.
  * This allows the guest address space to be offset to a convenient location.
  */
@@ -667,7 +669,11 @@ static inline void stfq_be_p(void *ptr,
 
 /* All direct uses of g2h and h2g need to go away for usermode softmmu.  */
 #define g2h(x) ((void *)((unsigned long)(x) + GUEST_BASE))
-#define h2g(x) ((target_ulong)((unsigned long)(x) - GUEST_BASE))
+#define h2g(x) ({ \
+    unsigned long __ret = (unsigned long)(x) - GUEST_BASE; \
+    assert(__ret == (target_ulong)__ret); \
+    __ret; \
+})
 
 #define saddr(x) g2h(x)
 #define laddr(x) g2h(x)

[Qemu-devel] [PATCH] Introduce --enable-binfmt-misc configure option

[Kirill A. Shutemov]

It makes qemu compatible with binfmt_misc's flags 'P' and 'O'.

'P' - preserve-argv[0].  Legacy behavior of binfmt_misc is to overwrite the
      original argv[0] with the full path to the binary.  When this flag is
      included, binfmt_misc will add an argument to the argument vector for
      this purpose, thus preserving the original argv[0].

'O' - open-binary. Legacy behavior of binfmt_misc is to pass the full path
      of the binary to the interpreter as an argument. When this flag is
      included, binfmt_misc will open the file for reading and pass its
      descriptor as an argument, instead of the full path, thus allowing
      the interpreter to execute non-readable binaries.

Signed-off-by: Kirill A. Shutemov <kirill@shutemov.name>
---
 configure              |   90 ++++++++++++++++++++++++++----------------------
 linux-user/linuxload.c |    7 +---
 linux-user/main.c      |   39 ++++++++++++++++++++-
 linux-user/qemu.h      |    2 +-
 4 files changed, 89 insertions(+), 49 deletions(-)

diff --git a/configure b/configure
index 57b3b5a..aeeae72 100755
--- a/configure
+++ b/configure
@@ -122,6 +122,7 @@ kvm="yes"
 kerneldir=""
 aix="no"
 blobs="yes"
+binfmt_misc="no"
 
 # OS specific
 targetos=`uname -s`
@@ -380,6 +381,8 @@ for opt do
   ;;
   --kerneldir=*) kerneldir="$optarg"
   ;;
+  --enable-binfmt-misc) binfmt_misc="yes"
+  ;;
   *) echo "ERROR: unknown option $opt"; show_help="yes"
   ;;
   esac
@@ -491,6 +494,7 @@ echo "  --disable-vde            disable support for vde network"
 echo "  --disable-aio            disable AIO support"
 echo "  --disable-blobs          disable installing provided firmware blobs"
 echo "  --kerneldir=PATH         look for kernel includes in PATH"
+echo "  --enable-binfmt-misc     makes usermode compatible with binfmt_misc's flags 'P' and 'O'"
 echo ""
 echo "NOTE: The object files are built at the place where configure is launched"
 exit 1
@@ -1041,57 +1045,58 @@ else
   binsuffix="/bin"
 fi
 
-echo "Install prefix    $prefix"
-echo "BIOS directory    $prefix$datasuffix"
-echo "binary directory  $prefix$binsuffix"
+echo "Install prefix      $prefix"
+echo "BIOS directory      $prefix$datasuffix"
+echo "binary directory    $prefix$binsuffix"
 if test "$mingw32" = "no" ; then
-echo "Manual directory  $prefix$mansuffix"
-echo "ELF interp prefix $interp_prefix"
-fi
-echo "Source path       $source_path"
-echo "C compiler        $cc"
-echo "Host C compiler   $host_cc"
-echo "ARCH_CFLAGS       $ARCH_CFLAGS"
-echo "make              $make"
-echo "install           $install"
-echo "host CPU          $cpu"
-echo "host big endian   $bigendian"
-echo "target list       $target_list"
-echo "gprof enabled     $gprof"
-echo "sparse enabled    $sparse"
-echo "profiler          $profiler"
-echo "static build      $static"
-echo "-Werror enabled   $werror"
+echo "Manual directory    $prefix$mansuffix"
+echo "ELF interp prefix   $interp_prefix"
+fi
+echo "Source path         $source_path"
+echo "C compiler          $cc"
+echo "Host C compiler     $host_cc"
+echo "ARCH_CFLAGS         $ARCH_CFLAGS"
+echo "make                $make"
+echo "install             $install"
+echo "host CPU            $cpu"
+echo "host big endian     $bigendian"
+echo "target list         $target_list"
+echo "gprof enabled       $gprof"
+echo "sparse enabled      $sparse"
+echo "profiler            $profiler"
+echo "static build        $static"
+echo "-Werror enabled     $werror"
 if test "$darwin" = "yes" ; then
-    echo "Cocoa support     $cocoa"
+    echo "Cocoa support       $cocoa"
 fi
 echo "SDL support       $sdl"
 if test "$sdl" != "no" ; then
-    echo "SDL static link   $sdl_static"
-fi
-echo "curses support    $curses"
-echo "mingw32 support   $mingw32"
-echo "Audio drivers     $audio_drv_list"
-echo "Extra audio cards $audio_card_list"
-echo "Mixer emulation   $mixemu"
-echo "VNC TLS support   $vnc_tls"
+    echo "SDL static link     $sdl_static"
+fi
+echo "curses support      $curses"
+echo "mingw32 support     $mingw32"
+echo "Audio drivers       $audio_drv_list"
+echo "Extra audio cards   $audio_card_list"
+echo "Mixer emulation     $mixemu"
+echo "VNC TLS support     $vnc_tls"
 if test "$vnc_tls" = "yes" ; then
-    echo "    TLS CFLAGS    $vnc_tls_cflags"
-    echo "    TLS LIBS      $vnc_tls_libs"
+    echo "    TLS CFLAGS      $vnc_tls_cflags"
+    echo "    TLS LIBS        $vnc_tls_libs"
 fi
 if test -n "$sparc_cpu"; then
-    echo "Target Sparc Arch $sparc_cpu"
+    echo "Target Sparc Arch   $sparc_cpu"
 fi
-echo "kqemu support     $kqemu"
-echo "brlapi support    $brlapi"
-echo "Documentation     $build_docs"
+echo "kqemu support       $kqemu"
+echo "brlapi support      $brlapi"
+echo "Documentation       $build_docs"
 [ ! -z "$uname_release" ] && \
-echo "uname -r          $uname_release"
-echo "NPTL support      $nptl"
-echo "vde support       $vde"
-echo "AIO support       $aio"
-echo "Install blobs     $blobs"
-echo "KVM support       $kvm"
+echo "uname -r            $uname_release"
+echo "NPTL support        $nptl"
+echo "vde support         $vde"
+echo "AIO support         $aio"
+echo "Install blobs       $blobs"
+echo "KVM support         $kvm"
+echo "binfmt_misc support $binfmt_misc"
 
 if test $sdl_too_old = "yes"; then
 echo "-> Your SDL version is too old - please upgrade to have SDL support"
@@ -1709,6 +1714,9 @@ if test "$target_bsd_user" = "yes" ; then
   echo "CONFIG_BSD_USER=yes" >> $config_mak
   echo "#define CONFIG_BSD_USER 1" >> $config_h
 fi
+if test "$target_user_only" = "yes" -a "$binfmt_misc" = "yes"; then
+  echo "#define BINFMT_MISC 1" >> $config_h
+fi
 
 test -f ${config_h}~ && cmp -s $config_h ${config_h}~ && mv ${config_h}~ $config_h
 
diff --git a/linux-user/linuxload.c b/linux-user/linuxload.c
index ada7c69..cbd90f7 100644
--- a/linux-user/linuxload.c
+++ b/linux-user/linuxload.c
@@ -154,7 +154,7 @@ abi_ulong loader_build_argptr(int envc, int argc, abi_ulong sp,
     return sp;
 }
 
-int loader_exec(const char * filename, char ** argv, char ** envp,
+int loader_exec(int fd, const char * filename, char ** argv, char ** envp,
              struct target_pt_regs * regs, struct image_info *infop)
 {
     struct linux_binprm bprm;
@@ -164,10 +164,7 @@ int loader_exec(const char * filename, char ** argv, char ** envp,
     bprm.p = TARGET_PAGE_SIZE*MAX_ARG_PAGES-sizeof(unsigned int);
     for (i=0 ; i<MAX_ARG_PAGES ; i++)       /* clear page-table */
             bprm.page[i] = 0;
-    retval = open(filename, O_RDONLY);
-    if (retval < 0)
-        return retval;
-    bprm.fd = retval;
+    bprm.fd = fd;
     bprm.filename = (char *)filename;
     bprm.argc = count(argv);
     bprm.argv = argv;
diff --git a/linux-user/main.c b/linux-user/main.c
index 66be107..6ed9247 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -27,6 +27,7 @@
 
 #include "qemu.h"
 #include "qemu-common.h"
+#include "elf.h"
 /* For tb_lock */
 #include "exec-all.h"
 
@@ -2214,9 +2215,10 @@ void init_task_state(TaskState *ts)
     ts->sigqueue_table[i].next = NULL;
 }
  
-int main(int argc, char **argv)
+int main(int argc, char **argv, char **envp)
 {
     const char *filename;
+    int fd = -1;
     const char *cpu_model;
     struct target_pt_regs regs1, *regs = &regs1;
     struct image_info info1, *info = &info1;
@@ -2377,7 +2379,40 @@ int main(int argc, char **argv)
     }
     *dst = NULL; /* NULL terminate target_environ */
 
-    if (loader_exec(filename, argv+optind, target_environ, regs, info) != 0) {
+#ifdef BINFMT_MISC
+#if HOST_LONG_BITS == 32
+#define Elf_Dyn Elf32_Dyn
+#else
+#define Elf_Dyn Elf64_Dyn
+#endif
+    {
+        Elf_Dyn *auxv;
+
+        optind++; /* Handle binfmt_misc's option 'P' */
+
+        /* Handle binfmt_misc's option 'O' */
+        while(*envp++ != NULL); /* skip envp. we are on auxv now */
+        for(auxv = (Elf_Dyn *)envp; auxv->d_tag != AT_NULL; auxv++) {
+            if( auxv->d_tag == AT_EXECFD) {
+                fd = auxv->d_un.d_val;
+                break;
+            }
+        }
+
+        if (fd < 0) {
+            printf("Cannot find binary file descriptor\n");
+            _exit(1);
+        }
+    }
+#else
+    fd = open(filename, O_RDONLY);
+    if (fd < 0) {
+        printf("Cannot open file %s: %s\n", filename, strerror(errno));
+        _exit(1);
+    }
+#endif
+
+    if (loader_exec(fd, filename, argv+optind, target_environ, regs, info) != 0) {
         printf("Error loading %s\n", filename);
         _exit(1);
     }
diff --git a/linux-user/qemu.h b/linux-user/qemu.h
index a2abe51..52835ec 100644
--- a/linux-user/qemu.h
+++ b/linux-user/qemu.h
@@ -168,7 +168,7 @@ struct linux_binprm {
 void do_init_thread(struct target_pt_regs *regs, struct image_info *infop);
 abi_ulong loader_build_argptr(int envc, int argc, abi_ulong sp,
                               abi_ulong stringp, int push_ptr);
-int loader_exec(const char * filename, char ** argv, char ** envp,
+int loader_exec(int fd, const char * filename, char ** argv, char ** envp,
              struct target_pt_regs * regs, struct image_info *infop);
 
 int load_elf_binary(struct linux_binprm * bprm, struct target_pt_regs * regs,
-- 
1.6.0.2.GIT

[Qemu-devel] [PATCH] Fix fstatat64()/newfstatat() syscall implementation

[Kirill A. Shutemov]

There are two different syscall names for the same goal.

On systems with sizeof(long) == 64 it calls newfstatat.
On systems with sizeof(long) == 32 it calls fstatat64.

Signed-off-by: Kirill A. Shutemov <kirill@shutemov.name>
---
 linux-user/syscall.c |   29 +++++++++++++++++++++++++----
 1 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 4065917..dc65a77 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -169,6 +169,7 @@ static type name (type1 arg1,type2 arg2,type3 arg3,type4 arg4,type5 arg5,	\
 #define __NR_sys_linkat __NR_linkat
 #define __NR_sys_mkdirat __NR_mkdirat
 #define __NR_sys_mknodat __NR_mknodat
+#define __NR_sys_newfstatat __NR_newfstatat
 #define __NR_sys_openat __NR_openat
 #define __NR_sys_readlinkat __NR_readlinkat
 #define __NR_sys_renameat __NR_renameat
@@ -210,7 +211,8 @@ _syscall4(int,sys_fchmodat,int,dirfd,const char *,pathname,
 _syscall5(int,sys_fchownat,int,dirfd,const char *,pathname,
           uid_t,owner,gid_t,group,int,flags)
 #endif
-#if defined(TARGET_NR_fstatat64) && defined(__NR_fstatat64)
+#if (defined(TARGET_NR_fstatat64) || defined(TARGET_NR_newfstatat)) && \
+        defined(__NR_fstatat64)
 _syscall4(int,sys_fstatat64,int,dirfd,const char *,pathname,
           struct stat *,buf,int,flags)
 #endif
@@ -241,6 +243,11 @@ _syscall3(int,sys_mkdirat,int,dirfd,const char *,pathname,mode_t,mode)
 _syscall4(int,sys_mknodat,int,dirfd,const char *,pathname,
           mode_t,mode,dev_t,dev)
 #endif
+#if (defined(TARGET_NR_newfstatat) || defined(TARGET_NR_fstatat64) ) && \
+        defined(__NR_newfstatat)
+_syscall4(int,sys_newfstatat,int,dirfd,const char *,pathname,
+          struct stat *,buf,int,flags)
+#endif
 #if defined(TARGET_NR_openat) && defined(__NR_openat)
 _syscall4(int,sys_openat,int,dirfd,const char *,pathname,int,flags,mode_t,mode)
 #endif
@@ -3246,7 +3253,7 @@ static inline abi_long host_to_target_timespec(abi_ulong target_addr,
     return 0;
 }
 
-#ifdef TARGET_NR_stat64
+#if defined(TARGET_NR_stat64) || defined(TARGET_NR_newfstatat)
 static inline abi_long host_to_target_stat64(void *cpu_env,
                                              abi_ulong target_addr,
                                              struct stat *host_st)
@@ -3278,11 +3285,15 @@ static inline abi_long host_to_target_stat64(void *cpu_env,
     } else
 #endif
     {
+#if TARGET_LONG_BITS == 64
+        struct target_stat *target_st;
+#else
         struct target_stat64 *target_st;
+#endif
 
         if (!lock_user_struct(VERIFY_WRITE, target_st, target_addr, 0))
             return -TARGET_EFAULT;
-        memset(target_st, 0, sizeof(struct target_stat64));
+        memset(target_st, 0, sizeof(*target_st));
         __put_user(host_st->st_dev, &target_st->st_dev);
         __put_user(host_st->st_ino, &target_st->st_ino);
 #ifdef TARGET_STAT64_HAS_BROKEN_ST_INO
@@ -5373,11 +5384,21 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
             ret = host_to_target_stat64(cpu_env, arg2, &st);
         break;
 #endif
-#if defined(TARGET_NR_fstatat64) && defined(__NR_fstatat64)
+#if (defined(TARGET_NR_fstatat64) || defined(TARGET_NR_newfstatat)) && \
+        (defined(__NR_fstatat64) || defined(__NR_newfstatat))
+#ifdef TARGET_NR_fstatat64
     case TARGET_NR_fstatat64:
+#endif
+#ifdef TARGET_NR_newfstatat
+    case TARGET_NR_newfstatat:
+#endif
         if (!(p = lock_user_string(arg2)))
             goto efault;
+#ifdef __NR_fstatat64
         ret = get_errno(sys_fstatat64(arg1, path(p), &st, arg4));
+#else
+        ret = get_errno(sys_newfstatat(arg1, path(p), &st, arg4));
+#endif
         if (!is_error(ret))
             ret = host_to_target_stat64(cpu_env, arg3, &st);
         break;
-- 
1.6.0.2.GIT

[Qemu-devel] [PATCH] Move abi_* typedefs into qemu-types.h

[Kirill A. Shutemov]

Signed-off-by: Kirill A. Shutemov <kirill@shutemov.name>
---
 bsd-user/qemu-types.h   |   24 ++++++++++++++++++++++++
 bsd-user/qemu.h         |   20 +-------------------
 linux-user/qemu-types.h |   24 ++++++++++++++++++++++++
 linux-user/qemu.h       |   20 +-------------------
 4 files changed, 50 insertions(+), 38 deletions(-)
 create mode 100644 bsd-user/qemu-types.h
 create mode 100644 linux-user/qemu-types.h

diff --git a/bsd-user/qemu-types.h b/bsd-user/qemu-types.h
new file mode 100644
index 0000000..1adda9f
--- /dev/null
+++ b/bsd-user/qemu-types.h
@@ -0,0 +1,24 @@
+#ifndef QEMU_TYPES_H
+#define QEMU_TYPES_H
+#include "cpu.h"
+
+#ifdef TARGET_ABI32
+typedef uint32_t abi_ulong;
+typedef int32_t abi_long;
+#define TARGET_ABI_FMT_lx "%08x"
+#define TARGET_ABI_FMT_ld "%d"
+#define TARGET_ABI_FMT_lu "%u"
+#define TARGET_ABI_BITS 32
+#else
+typedef target_ulong abi_ulong;
+typedef target_long abi_long;
+#define TARGET_ABI_FMT_lx TARGET_FMT_lx
+#define TARGET_ABI_FMT_ld TARGET_FMT_ld
+#define TARGET_ABI_FMT_lu TARGET_FMT_lu
+#define TARGET_ABI_BITS TARGET_LONG_BITS
+/* for consistency, define ABI32 too */
+#if TARGET_ABI_BITS == 32
+#define TARGET_ABI32 1
+#endif
+#endif
+#endif
diff --git a/bsd-user/qemu.h b/bsd-user/qemu.h
index 0a55ac3..3ea0044 100644
--- a/bsd-user/qemu.h
+++ b/bsd-user/qemu.h
@@ -11,25 +11,7 @@
 #include <stdlib.h>
 #endif /* DEBUG_REMAP */
 
-#ifdef TARGET_ABI32
-typedef uint32_t abi_ulong;
-typedef int32_t abi_long;
-#define TARGET_ABI_FMT_lx "%08x"
-#define TARGET_ABI_FMT_ld "%d"
-#define TARGET_ABI_FMT_lu "%u"
-#define TARGET_ABI_BITS 32
-#else
-typedef target_ulong abi_ulong;
-typedef target_long abi_long;
-#define TARGET_ABI_FMT_lx TARGET_FMT_lx
-#define TARGET_ABI_FMT_ld TARGET_FMT_ld
-#define TARGET_ABI_FMT_lu TARGET_FMT_lu
-#define TARGET_ABI_BITS TARGET_LONG_BITS
-/* for consistency, define ABI32 too */
-#if TARGET_ABI_BITS == 32
-#define TARGET_ABI32 1
-#endif
-#endif
+#include "qemu-types.h"
 
 enum BSDType {
     target_freebsd,
diff --git a/linux-user/qemu-types.h b/linux-user/qemu-types.h
new file mode 100644
index 0000000..1adda9f
--- /dev/null
+++ b/linux-user/qemu-types.h
@@ -0,0 +1,24 @@
+#ifndef QEMU_TYPES_H
+#define QEMU_TYPES_H
+#include "cpu.h"
+
+#ifdef TARGET_ABI32
+typedef uint32_t abi_ulong;
+typedef int32_t abi_long;
+#define TARGET_ABI_FMT_lx "%08x"
+#define TARGET_ABI_FMT_ld "%d"
+#define TARGET_ABI_FMT_lu "%u"
+#define TARGET_ABI_BITS 32
+#else
+typedef target_ulong abi_ulong;
+typedef target_long abi_long;
+#define TARGET_ABI_FMT_lx TARGET_FMT_lx
+#define TARGET_ABI_FMT_ld TARGET_FMT_ld
+#define TARGET_ABI_FMT_lu TARGET_FMT_lu
+#define TARGET_ABI_BITS TARGET_LONG_BITS
+/* for consistency, define ABI32 too */
+#if TARGET_ABI_BITS == 32
+#define TARGET_ABI32 1
+#endif
+#endif
+#endif
diff --git a/linux-user/qemu.h b/linux-user/qemu.h
index 52835ec..b620c97 100644
--- a/linux-user/qemu.h
+++ b/linux-user/qemu.h
@@ -11,25 +11,7 @@
 #include <stdlib.h>
 #endif /* DEBUG_REMAP */
 
-#ifdef TARGET_ABI32
-typedef uint32_t abi_ulong;
-typedef int32_t abi_long;
-#define TARGET_ABI_FMT_lx "%08x"
-#define TARGET_ABI_FMT_ld "%d"
-#define TARGET_ABI_FMT_lu "%u"
-#define TARGET_ABI_BITS 32
-#else
-typedef target_ulong abi_ulong;
-typedef target_long abi_long;
-#define TARGET_ABI_FMT_lx TARGET_FMT_lx
-#define TARGET_ABI_FMT_ld TARGET_FMT_ld
-#define TARGET_ABI_FMT_lu TARGET_FMT_lu
-#define TARGET_ABI_BITS TARGET_LONG_BITS
-/* for consistency, define ABI32 too */
-#if TARGET_ABI_BITS == 32
-#define TARGET_ABI32 1
-#endif
-#endif
+#include "qemu-types.h"
 
 #include "thunk.h"
 #include "syscall_defs.h"
-- 
1.6.0.2.GIT

[Qemu-devel] [PATCH] linux-user: Safety belt for h2g

[Kirill A. Shutemov]

From: Jan Kiszka <jan.kiszka@web.de>

h2g can only work on 64-bit hosts if the provided address is mappable to
the guest range. Neglecting this was already the source for several
bugs. Instrument the macro so that it will trigger earlier in the
future (at least as long as we have this kind of mapping mechanism).

Signed-off-by: Jan Kiszka <jan.kiszka@web.de>
Signed-off-by: Kirill A. Shutemov <kirill@shutemov.name>
---
 cpu-all.h |   10 +++++++++-
 1 files changed, 9 insertions(+), 1 deletions(-)

diff --git a/cpu-all.h b/cpu-all.h
index 73c7b4c..526ace2 100644
--- a/cpu-all.h
+++ b/cpu-all.h
@@ -621,6 +621,9 @@ static inline void stfq_be_p(void *ptr, float64 v)
 /* MMU memory access macros */
 
 #if defined(CONFIG_USER_ONLY)
+#include <assert.h>
+#include "qemu-types.h"
+
 /* On some host systems the guest address space is reserved on the host.
  * This allows the guest address space to be offset to a convenient location.
  */
@@ -629,7 +632,12 @@ static inline void stfq_be_p(void *ptr, float64 v)
 
 /* All direct uses of g2h and h2g need to go away for usermode softmmu.  */
 #define g2h(x) ((void *)((unsigned long)(x) + GUEST_BASE))
-#define h2g(x) ((target_ulong)((unsigned long)(x) - GUEST_BASE))
+#define h2g(x) ({ \
+    unsigned long __ret = (unsigned long)(x) - GUEST_BASE; \
+    /* Check if given address fits target address space */ \
+    assert(__ret == (abi_ulong)__ret); \
+    (abi_ulong)__ret; \
+})
 
 #define saddr(x) g2h(x)
 #define laddr(x) g2h(x)
-- 
1.6.0.2.GIT

Re: [Qemu-devel] [PATCH] linux-user: Safety belt for h2g

[Edgar E. Iglesias]

On Wed, Dec 03, 2008 at 01:29:39PM +0200, Kirill A. Shutemov wrote:
> From: Jan Kiszka <jan.kiszka@web.de>
> 
> h2g can only work on 64-bit hosts if the provided address is mappable to
> the guest range. Neglecting this was already the source for several
> bugs. Instrument the macro so that it will trigger earlier in the
> future (at least as long as we have this kind of mapping mechanism).
> 
> Signed-off-by: Jan Kiszka <jan.kiszka@web.de>
> Signed-off-by: Kirill A. Shutemov <kirill@shutemov.name>

Acked-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>

> ---
>  cpu-all.h |   10 +++++++++-
>  1 files changed, 9 insertions(+), 1 deletions(-)
> 
> diff --git a/cpu-all.h b/cpu-all.h
> index 73c7b4c..526ace2 100644
> --- a/cpu-all.h
> +++ b/cpu-all.h
> @@ -621,6 +621,9 @@ static inline void stfq_be_p(void *ptr, float64 v)
>  /* MMU memory access macros */
>  
>  #if defined(CONFIG_USER_ONLY)
> +#include <assert.h>
> +#include "qemu-types.h"
> +
>  /* On some host systems the guest address space is reserved on the host.
>   * This allows the guest address space to be offset to a convenient location.
>   */
> @@ -629,7 +632,12 @@ static inline void stfq_be_p(void *ptr, float64 v)
>  
>  /* All direct uses of g2h and h2g need to go away for usermode softmmu.  */
>  #define g2h(x) ((void *)((unsigned long)(x) + GUEST_BASE))
> -#define h2g(x) ((target_ulong)((unsigned long)(x) - GUEST_BASE))
> +#define h2g(x) ({ \
> +    unsigned long __ret = (unsigned long)(x) - GUEST_BASE; \
> +    /* Check if given address fits target address space */ \
> +    assert(__ret == (abi_ulong)__ret); \
> +    (abi_ulong)__ret; \
> +})
>  
>  #define saddr(x) g2h(x)
>  #define laddr(x) g2h(x)
> -- 
> 1.6.0.2.GIT

Re: [Qemu-devel] [PATCH] linux-user: Safety belt for h2g

[Aurelien Jarno]

On Wed, Dec 03, 2008 at 01:29:39PM +0200, Kirill A. Shutemov wrote:
> From: Jan Kiszka <jan.kiszka@web.de>
> 
> h2g can only work on 64-bit hosts if the provided address is mappable to
> the guest range. Neglecting this was already the source for several
> bugs. Instrument the macro so that it will trigger earlier in the
> future (at least as long as we have this kind of mapping mechanism).
> 
> Signed-off-by: Jan Kiszka <jan.kiszka@web.de>
> Signed-off-by: Kirill A. Shutemov <kirill@shutemov.name>

Applied. I have seen the patch has been modified since Jan Kiszka posted
it to the mailing list. Not sure a Signed-off-by still applies in that
case.

> ---
>  cpu-all.h |   10 +++++++++-
>  1 files changed, 9 insertions(+), 1 deletions(-)
> 
> diff --git a/cpu-all.h b/cpu-all.h
> index 73c7b4c..526ace2 100644
> --- a/cpu-all.h
> +++ b/cpu-all.h
> @@ -621,6 +621,9 @@ static inline void stfq_be_p(void *ptr, float64 v)
>  /* MMU memory access macros */
>  
>  #if defined(CONFIG_USER_ONLY)
> +#include <assert.h>
> +#include "qemu-types.h"
> +
>  /* On some host systems the guest address space is reserved on the host.
>   * This allows the guest address space to be offset to a convenient location.
>   */
> @@ -629,7 +632,12 @@ static inline void stfq_be_p(void *ptr, float64 v)
>  
>  /* All direct uses of g2h and h2g need to go away for usermode softmmu.  */
>  #define g2h(x) ((void *)((unsigned long)(x) + GUEST_BASE))
> -#define h2g(x) ((target_ulong)((unsigned long)(x) - GUEST_BASE))
> +#define h2g(x) ({ \
> +    unsigned long __ret = (unsigned long)(x) - GUEST_BASE; \
> +    /* Check if given address fits target address space */ \
> +    assert(__ret == (abi_ulong)__ret); \
> +    (abi_ulong)__ret; \
> +})
>  
>  #define saddr(x) g2h(x)
>  #define laddr(x) g2h(x)
> -- 
> 1.6.0.2.GIT
> 
> 
> 
> 

-- 
  .''`.  Aurelien Jarno	            | GPG: 1024D/F1BCDB73
 : :' :  Debian developer           | Electrical Engineer
 `. `'   aurel32@debian.org         | aurelien@aurel32.net
   `-    people.debian.org/~aurel32 | www.aurel32.net

Re: [Qemu-devel] [PATCH] linux-user: Safety belt for h2g

[Andreas Färber]

Am 08.12.2008 um 19:15 schrieb Aurelien Jarno:

> On Wed, Dec 03, 2008 at 01:29:39PM +0200, Kirill A. Shutemov wrote:
>> From: Jan Kiszka <jan.kiszka@web.de>
>>
>> h2g can only work on 64-bit hosts if the provided address is  
>> mappable to
>> the guest range. Neglecting this was already the source for several
>> bugs. Instrument the macro so that it will trigger earlier in the
>> future (at least as long as we have this kind of mapping mechanism).
>>
>> Signed-off-by: Jan Kiszka <jan.kiszka@web.de>
>> Signed-off-by: Kirill A. Shutemov <kirill@shutemov.name>
>
> Applied. I have seen the patch has been modified since Jan Kiszka  
> posted
> it to the mailing list. Not sure a Signed-off-by still applies in that
> case.

Removing a Signed-off-by for code that is kept is a no-go to my  
knowledge. It's supposed to track through whom all the code went  
copyright- and GPL-wise, according to Kerneltrap.

Andreas

Re: [Qemu-devel] [PATCH] linux-user: Safety belt for h2g

[Jan Kiszka]

[-- Attachment #1: Type: text/plain, Size: 2123 bytes --]

Aurelien Jarno wrote:
> On Wed, Dec 03, 2008 at 01:29:39PM +0200, Kirill A. Shutemov wrote:
>> From: Jan Kiszka <jan.kiszka@web.de>
>>
>> h2g can only work on 64-bit hosts if the provided address is mappable to
>> the guest range. Neglecting this was already the source for several
>> bugs. Instrument the macro so that it will trigger earlier in the
>> future (at least as long as we have this kind of mapping mechanism).
>>
>> Signed-off-by: Jan Kiszka <jan.kiszka@web.de>
>> Signed-off-by: Kirill A. Shutemov <kirill@shutemov.name>
> 
> Applied. I have seen the patch has been modified since Jan Kiszka posted
> it to the mailing list. Not sure a Signed-off-by still applies in that
> case.

Kirill correctly pointed out to me that target_ulong should rather be
abi_ulong here and in the other patch.

Good to see these changes finally merged!

Jan

> 
>> ---
>>  cpu-all.h |   10 +++++++++-
>>  1 files changed, 9 insertions(+), 1 deletions(-)
>>
>> diff --git a/cpu-all.h b/cpu-all.h
>> index 73c7b4c..526ace2 100644
>> --- a/cpu-all.h
>> +++ b/cpu-all.h
>> @@ -621,6 +621,9 @@ static inline void stfq_be_p(void *ptr, float64 v)
>>  /* MMU memory access macros */
>>  
>>  #if defined(CONFIG_USER_ONLY)
>> +#include <assert.h>
>> +#include "qemu-types.h"
>> +
>>  /* On some host systems the guest address space is reserved on the host.
>>   * This allows the guest address space to be offset to a convenient location.
>>   */
>> @@ -629,7 +632,12 @@ static inline void stfq_be_p(void *ptr, float64 v)
>>  
>>  /* All direct uses of g2h and h2g need to go away for usermode softmmu.  */
>>  #define g2h(x) ((void *)((unsigned long)(x) + GUEST_BASE))
>> -#define h2g(x) ((target_ulong)((unsigned long)(x) - GUEST_BASE))
>> +#define h2g(x) ({ \
>> +    unsigned long __ret = (unsigned long)(x) - GUEST_BASE; \
>> +    /* Check if given address fits target address space */ \
>> +    assert(__ret == (abi_ulong)__ret); \
>> +    (abi_ulong)__ret; \
>> +})
>>  
>>  #define saddr(x) g2h(x)
>>  #define laddr(x) g2h(x)
>> -- 
>> 1.6.0.2.GIT
>>
>>
>>
>>
> 



[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 258 bytes --]