From: Laurent Vivier <laurent@vivier.eu>
To: "Guido Günther" <agx@sigxcpu.org>,
"Philippe Mathieu-Daudé" <f4bug@amsat.org>
Cc: Riku Voipio <riku.voipio@iki.fi>,
qemu-devel@nongnu.org, qemu-arm@nongnu.org
Subject: Re: [Qemu-devel] [PATCH] linux-user/syscall: let recvfrom(struct sockaddr *) use abi_ulong
Date: Tue, 23 Jan 2018 17:12:26 +0100 [thread overview]
Message-ID: <6d55a3e7-9d70-1ea1-2d22-65e136bda06b@vivier.eu> (raw)
In-Reply-To: <20180123152339.GA23245@bogon.m.sigxcpu.org>
Le 23/01/2018 à 16:23, Guido Günther a écrit :
> Hi,
> Thanks for having a look!
>
> On Tue, Jan 23, 2018 at 11:52:22AM -0300, Philippe Mathieu-Daudé wrote:
>> Currently recvfrom() is restricted to handle 32-bit pointers,
>> remove this limit for 64-bit hosts.
>>
>> This fixes:
>>
>> 31572 socket(AF_NETLINK, SOCK_RAW, NETLINK_AUDIT) = 3
>> ...
>> 31572 sendto(3, {{len=124, type=0x454 /* NLMSG_??? */, flags=NLM_F_REQUEST|NLM_F_ACK, seq=1, pid=0}, "op=test:message acct=\"?\" exe=\"/tmp/nl-bad-addr\" hostname=localhost addr=? terminal=/dev/pts/2 res=success\0\0\0"}, 124, 0, 0xfffffa3897d0, 0) = 124
>> 31572 ppoll([{fd=3, events=POLLIN}], 1, {tv_sec=0, tv_nsec=500000000}, NULL, 0) = 1 ([{fd=3, revents=POLLIN}], left {tv_sec=0, tv_nsec=499993180})
>> 31572 recvfrom(3, 0x112a50eb4, 8988, MSG_PEEK|MSG_DONTWAIT, 0xfffffa3897e0, 0x42) = -1 EFAULT (Bad address)
>>
>> Reported-by: Guido Günther <agx@sigxcpu.org>
>> Message-id: 20180123120541.GA14216@bogon.m.sigxcpu.org
>> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
>> ---
>> linux-user/syscall.c | 4 ++--
>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
>> index 11c9116c4a..28805b1785 100644
>> --- a/linux-user/syscall.c
>> +++ b/linux-user/syscall.c
>> @@ -4032,7 +4032,7 @@ static abi_long do_recvfrom(int fd, abi_ulong msg, size_t len, int flags,
>> if (!host_msg)
>> return -TARGET_EFAULT;
>> if (target_addr) {
>> - if (get_user_u32(addrlen, target_addrlen)) {
>> + if (get_user_ual(addrlen, target_addrlen)) {
>> ret = -TARGET_EFAULT;
>> goto fail;
>> }
>> @@ -4053,7 +4053,7 @@ static abi_long do_recvfrom(int fd, abi_ulong msg, size_t len, int flags,
>> }
>> if (target_addr) {
>> host_to_target_sockaddr(target_addr, addr, addrlen);
>> - if (put_user_u32(addrlen, target_addrlen)) {
>> + if (put_user_ual(addrlen, target_addrlen)) {
>> ret = -TARGET_EFAULT;
>> goto fail;
>> }
>
> Ahh...I saw these and was wondering how this would work on
> 64bit. Unfortunately the patch doesn't change things:
>
> 4824 recvfrom(3, 0x1401f8eb4, 8988, MSG_PEEK|MSG_DONTWAIT, 0xffffe10a8620, 0x42) = -1 EFAULT (Bad address)
>
> If you want me to report qemu -strace or s.th. please let me know.
> Cheers,
> -- Guido
>
Could you try:
strace -f chroot . /usr/bin/qemu-arm-static tmp/nl-bad-addr
to see if the fault comes from the kernel or from QEMU.
Thanks,
Laurent
next prev parent reply other threads:[~2018-01-23 16:12 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-23 14:52 [Qemu-devel] [PATCH] linux-user/syscall: let recvfrom(struct sockaddr *) use abi_ulong Philippe Mathieu-Daudé
2018-01-23 15:00 ` Laurent Vivier
2018-01-23 15:05 ` Philippe Mathieu-Daudé
2018-01-23 15:23 ` Guido Günther
2018-01-23 16:10 ` Laurent Vivier
2018-01-23 16:12 ` Laurent Vivier [this message]
2018-01-23 16:27 ` Guido Günther
2018-01-23 16:38 ` Laurent Vivier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6d55a3e7-9d70-1ea1-2d22-65e136bda06b@vivier.eu \
--to=laurent@vivier.eu \
--cc=agx@sigxcpu.org \
--cc=f4bug@amsat.org \
--cc=qemu-arm@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=riku.voipio@iki.fi \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).