From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HUVR4-0003YL-J8 for qemu-devel@nongnu.org; Thu, 22 Mar 2007 18:07:06 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HUVR3-0003Y8-SQ for qemu-devel@nongnu.org; Thu, 22 Mar 2007 18:07:06 -0400 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HUVR3-0003Y5-Pv for qemu-devel@nongnu.org; Thu, 22 Mar 2007 17:07:05 -0500 Received: from grayson.netsweng.com ([207.235.77.11]) by monty-python.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1HUVPD-0003v4-6e for qemu-devel@nongnu.org; Thu, 22 Mar 2007 18:05:11 -0400 Received: from amavis by grayson.netsweng.com with scanned-ok (Exim 3.36 #1 (Debian)) id 1HUVPC-0003Zn-00 for ; Thu, 22 Mar 2007 18:05:10 -0400 Received: from grayson.netsweng.com ([127.0.0.1]) by localhost (grayson.netsweng.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z+F9aB1WiLMt for ; Thu, 22 Mar 2007 18:04:52 -0400 (EDT) Received: from h211.241.141.67.ip.alltel.net ([67.141.241.211] helo=trantor.stuart.netsweng.com) by grayson.netsweng.com with esmtp (Exim 3.36 #1 (Debian)) id 1HUVOu-0003Tv-00 for ; Thu, 22 Mar 2007 18:04:52 -0400 Date: Thu, 22 Mar 2007 18:04:29 -0400 (EDT) From: Stuart Anderson Message-ID: MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="-1463811327-214056360-1174601069=:12505" Subject: [Qemu-devel] generating EFAULT in linux-user Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. ---1463811327-214056360-1174601069=:12505 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed With a little help from Paul yesterday, I was able to come up with a scheme for detecting bad pointers passed to system calls in linux-user mode. This is used to return EFAULT as would be done on a real kernel. The attached patch is very preliminary, but shows how it can be done. I'm sending it now to solicit comments. The patch currently just add a seperate call to validate the address. Per yesterdays discussion, the checking should be folded into lock_user(), but it's not a trivial drop in as lock_user() and lock_user_struct() are used in different ways in different places, and none of them are actually checking a return value. I'm still thinking on how best to accomplish this part. The end result, is that the tests in LTPs msg* tests that try to generate EFAULT can now do so (and thus PASS). Stuart Stuart R. Anderson anderson@netsweng.com Network & Software Engineering http://www.netsweng.com/ 1024D/37A79149: 0791 D3B8 9A4C 2CDC A31F BD03 0A62 E534 37A7 9149 ---1463811327-214056360-1174601069=:12505 Content-Type: TEXT/x-diff; charset=US-ASCII; name=06_efault.patch Content-Transfer-Encoding: BASE64 Content-ID: Content-Description: efault patch Content-Disposition: attachment; filename=06_efault.patch SW5kZXg6IHFlbXUvZXhlYy5jDQo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09DQot LS0gcWVtdS5vcmlnL2V4ZWMuYwkyMDA3LTAzLTIyIDE3OjE4OjMyLjAwMDAw MDAwMCAtMDQwMA0KKysrIHFlbXUvZXhlYy5jCTIwMDctMDMtMjIgMTc6NDI6 MzAuMDAwMDAwMDAwIC0wNDAwDQpAQCAtMTc4NSw2ICsxNzg1LDI5IEBADQog ICAgIHNwaW5fdW5sb2NrKCZ0Yl9sb2NrKTsNCiB9DQogDQoraW50IHBhZ2Vf Y2hlY2tfcmFuZ2UodGFyZ2V0X3Vsb25nIHN0YXJ0LCB0YXJnZXRfdWxvbmcg bGVuLCBpbnQgZmxhZ3MpDQorew0KKyAgICBQYWdlRGVzYyAqcDsNCisgICAg dGFyZ2V0X3Vsb25nIGVuZDsNCisgICAgdGFyZ2V0X3Vsb25nIGFkZHI7DQor DQorICAgIGVuZCA9IFRBUkdFVF9QQUdFX0FMSUdOKHN0YXJ0K2xlbik7IC8q IG11c3QgZG8gYmVmb3JlIHdlIGxvb3NlIGJpdHMgaW4gdGhlIG5leHQgc3Rl cCAqLw0KKyAgICBzdGFydCA9IHN0YXJ0ICYgVEFSR0VUX1BBR0VfTUFTSzsN CisNCisgICAgaWYoIGVuZCA8IHN0YXJ0ICkgcmV0dXJuIEVGQVVMVDsgIC8q IHdlJ3ZlIHdyYXBwZWQgYXJvdW5kICovDQorICAgIGZvcihhZGRyID0gc3Rh cnQ7IGFkZHIgPCBlbmQ7IGFkZHIgKz0gVEFSR0VUX1BBR0VfU0laRSkgew0K KyAgICAgICAgcCA9IHBhZ2VfZmluZChhZGRyID4+IFRBUkdFVF9QQUdFX0JJ VFMpOw0KKwlpZiggIXAgKSByZXR1cm4gRUZBVUxUOw0KKwlpZiggIShwLT5m bGFncyAmIFBBR0VfVkFMSUQpICkgcmV0dXJuIEVGQVVMVDsNCisNCisgICAg ICAgIGlmICghKHAtPmZsYWdzICYgUEFHRV9SRUFEKSAmJg0KKyAgICAgICAg ICAgIChmbGFncyAmIFBBR0VfUkVBRCkgKSByZXR1cm4gRUZBVUxUOw0KKyAg ICAgICAgaWYgKCEocC0+ZmxhZ3MgJiBQQUdFX1dSSVRFKSAmJg0KKyAgICAg ICAgICAgIChmbGFncyAmIFBBR0VfV1JJVEUpICkgcmV0dXJuIEVGQVVMVDsN CisgICAgfQ0KKyAgICByZXR1cm4gMDsNCit9DQorDQogLyogY2FsbGVkIGZy b20gc2lnbmFsIGhhbmRsZXI6IGludmFsaWRhdGUgdGhlIGNvZGUgYW5kIHVu cHJvdGVjdCB0aGUNCiAgICBwYWdlLiBSZXR1cm4gVFJVRSBpZiB0aGUgZmF1 bHQgd2FzIHN1Y2Nlc2Z1bGx5IGhhbmRsZWQuICovDQogaW50IHBhZ2VfdW5w cm90ZWN0KHRhcmdldF91bG9uZyBhZGRyZXNzLCB1bnNpZ25lZCBsb25nIHBj LCB2b2lkICpwdWMpDQpJbmRleDogcWVtdS9jcHUtYWxsLmgNCj09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT0NCi0tLSBxZW11Lm9yaWcvY3B1LWFsbC5oCTIwMDct MDMtMjIgMTc6MTg6MzIuMDAwMDAwMDAwIC0wNDAwDQorKysgcWVtdS9jcHUt YWxsLmgJMjAwNy0wMy0yMiAxNzoxOToxMC4wMDAwMDAwMDAgLTA0MDANCkBA IC02ODksNiArNjg5LDcgQEANCiBpbnQgcGFnZV9nZXRfZmxhZ3ModGFyZ2V0 X3Vsb25nIGFkZHJlc3MpOw0KIHZvaWQgcGFnZV9zZXRfZmxhZ3ModGFyZ2V0 X3Vsb25nIHN0YXJ0LCB0YXJnZXRfdWxvbmcgZW5kLCBpbnQgZmxhZ3MpOw0K IHZvaWQgcGFnZV91bnByb3RlY3RfcmFuZ2UodGFyZ2V0X3Vsb25nIGRhdGEs IHRhcmdldF91bG9uZyBkYXRhX3NpemUpOw0KK2ludCBwYWdlX2NoZWNrX3Jh bmdlKHRhcmdldF91bG9uZyBzdGFydCwgdGFyZ2V0X3Vsb25nIGxlbiwgaW50 IGZsYWdzKTsNCiANCiAjZGVmaW5lIFNJTkdMRV9DUFVfREVGSU5FUw0KICNp ZmRlZiBTSU5HTEVfQ1BVX0RFRklORVMNCkluZGV4OiBxZW11L2xpbnV4LXVz ZXIvc3lzY2FsbC5jDQo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09DQotLS0gcWVt dS5vcmlnL2xpbnV4LXVzZXIvc3lzY2FsbC5jCTIwMDctMDMtMjIgMTc6MTk6 MDAuMDAwMDAwMDAwIC0wNDAwDQorKysgcWVtdS9saW51eC11c2VyL3N5c2Nh bGwuYwkyMDA3LTAzLTIyIDE3OjI2OjE3LjAwMDAwMDAwMCAtMDQwMA0KQEAg LTEyODcsMTIgKzEyODcsMTUgQEANCiAgIHRhcmdldF91bG9uZyBfX3VudXNl ZDU7DQogfTsNCiANCi1zdGF0aWMgaW5saW5lIHZvaWQgdGFyZ2V0X3RvX2hv c3RfbXNxaWRfZHMoc3RydWN0IG1zcWlkX2RzICpob3N0X21kLA0KLSAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRhcmdldF91 bG9uZyB0YXJnZXRfYWRkcikNCisvKiBzdGF0aWMgaW5saW5lICovIGxvbmcg dGFyZ2V0X3RvX2hvc3RfbXNxaWRfZHMoc3RydWN0IG1zcWlkX2RzICpob3N0 X21kLA0KKyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgIHRhcmdldF91bG9uZyB0YXJnZXRfYWRkciwNCisgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICBpbnQgcGdfYWNjZXNzKQ0K IHsNCisgICAgbG9uZyByZXQgPSAwOw0KICAgICBzdHJ1Y3QgdGFyZ2V0X21z cWlkX2RzICp0YXJnZXRfbWQ7DQogDQogICAgIGxvY2tfdXNlcl9zdHJ1Y3Qo dGFyZ2V0X21kLCB0YXJnZXRfYWRkciwgMSk7DQorICAgIGlmKCByZXQ9cGFn ZV9jaGVja19yYW5nZSh0YXJnZXRfbWQsc2l6ZW9mKCp0YXJnZXRfbWQpLHBn X2FjY2VzcykgKSByZXR1cm4gLXJldDsNCiAgICAgdGFyZ2V0X3RvX2hvc3Rf aXBjX3Blcm0oJihob3N0X21kLT5tc2dfcGVybSksdGFyZ2V0X2FkZHIpOw0K ICAgICBob3N0X21kLT5tc2dfc3RpbWUgPSB0c3dhcGwodGFyZ2V0X21kLT5t c2dfc3RpbWUpOw0KICAgICBob3N0X21kLT5tc2dfcnRpbWUgPSB0c3dhcGwo dGFyZ2V0X21kLT5tc2dfcnRpbWUpOw0KQEAgLTEzMDMsOSArMTMwNiwxMCBA QA0KICAgICBob3N0X21kLT5tc2dfbHNwaWQgPSB0c3dhcGwodGFyZ2V0X21k LT5tc2dfbHNwaWQpOw0KICAgICBob3N0X21kLT5tc2dfbHJwaWQgPSB0c3dh cGwodGFyZ2V0X21kLT5tc2dfbHJwaWQpOw0KICAgICB1bmxvY2tfdXNlcl9z dHJ1Y3QodGFyZ2V0X21kLCB0YXJnZXRfYWRkciwgMCk7DQorICAgIHJldHVy biByZXQ7DQogfQ0KIA0KLXN0YXRpYyBpbmxpbmUgdm9pZCBob3N0X3RvX3Rh cmdldF9tc3FpZF9kcyh0YXJnZXRfdWxvbmcgdGFyZ2V0X2FkZHIsDQorLyog c3RhdGljIGlubGluZSAqLyB2b2lkIGhvc3RfdG9fdGFyZ2V0X21zcWlkX2Rz KHRhcmdldF91bG9uZyB0YXJnZXRfYWRkciwNCiAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgc3RydWN0IG1zcWlkX2RzICpo b3N0X21kKQ0KIHsNCiAgICAgc3RydWN0IHRhcmdldF9tc3FpZF9kcyAqdGFy Z2V0X21kOw0KQEAgLTEzMjMsMTcgKzEzMjcsMjIgQEANCiAgICAgdW5sb2Nr X3VzZXJfc3RydWN0KHRhcmdldF9tZCwgdGFyZ2V0X2FkZHIsIDEpOw0KIH0N CiANCi1zdGF0aWMgaW5saW5lIGxvbmcgZG9fbXNnY3RsKGxvbmcgZmlyc3Qs IGxvbmcgc2Vjb25kLCBsb25nIHB0cikNCisvKiBzdGF0aWMgaW5saW5lICov IGxvbmcgZG9fbXNnY3RsKGxvbmcgZmlyc3QsIGxvbmcgc2Vjb25kLCBsb25n IHB0cikNCiB7DQogICAgIHN0cnVjdCBtc3FpZF9kcyBkc2FyZzsNCiAgICAg aW50IGNtZCA9IHNlY29uZCYweGZmOw0KICAgICBsb25nIHJldCA9IDA7DQog ICAgIHN3aXRjaCggY21kICkgew0KICAgICBjYXNlIElQQ19TVEFUOg0KKyAg ICAgICAgaWYoIHJldD10YXJnZXRfdG9faG9zdF9tc3FpZF9kcygmZHNhcmcs cHRyLFBBR0VfV1JJVEUpICkgcmV0dXJuIC1yZXQ7DQorICAgICAgICByZXQg PSBnZXRfZXJybm8obXNnY3RsKGZpcnN0LCBjbWQsICZkc2FyZykpOw0KKyAg ICAgICAgaG9zdF90b190YXJnZXRfbXNxaWRfZHMocHRyLCZkc2FyZyk7DQor CWJyZWFrOw0KICAgICBjYXNlIElQQ19TRVQ6DQotICAgICAgICB0YXJnZXRf dG9faG9zdF9tc3FpZF9kcygmZHNhcmcscHRyKTsNCisgICAgICAgIGlmKCBy ZXQ9dGFyZ2V0X3RvX2hvc3RfbXNxaWRfZHMoJmRzYXJnLHB0cixQQUdFX1JF QUQpICkgcmV0dXJuIC1yZXQ7DQogICAgICAgICByZXQgPSBnZXRfZXJybm8o bXNnY3RsKGZpcnN0LCBjbWQsICZkc2FyZykpOw0KICAgICAgICAgaG9zdF90 b190YXJnZXRfbXNxaWRfZHMocHRyLCZkc2FyZyk7DQorCWJyZWFrOw0KICAg ICBkZWZhdWx0Og0KICAgICAgICAgcmV0ID0gZ2V0X2Vycm5vKG1zZ2N0bChm aXJzdCwgY21kLCAmZHNhcmcpKTsNCiAgICAgfQ0KQEAgLTEzNDUsMTMgKzEz NTQsMTQgQEANCiAJY2hhcgltdGV4dFsxXTsNCiB9Ow0KIA0KLXN0YXRpYyBp bmxpbmUgbG9uZyBkb19tc2dzbmQobG9uZyBtc3FpZCwgbG9uZyBtc2dwLCBs b25nIG1zZ3N6LCBsb25nIG1zZ2ZsZykNCisvKiBzdGF0aWMgaW5saW5lICov IGxvbmcgZG9fbXNnc25kKGxvbmcgbXNxaWQsIGxvbmcgbXNncCwgbG9uZyBt c2dzeiwgbG9uZyBtc2dmbGcpDQogew0KICAgICBzdHJ1Y3QgdGFyZ2V0X21z Z2J1ZiAqdGFyZ2V0X21iOw0KICAgICBzdHJ1Y3QgbXNnYnVmICpob3N0X21i Ow0KICAgICBsb25nIHJldCA9IDA7DQogDQogICAgIGxvY2tfdXNlcl9zdHJ1 Y3QodGFyZ2V0X21iLG1zZ3AsMCk7DQorICAgIGlmKCByZXQ9cGFnZV9jaGVj a19yYW5nZSh0YXJnZXRfbWIsc2l6ZW9mKGxvbmcpK21zZ3N6LFBBR0VfUkVB RCkgKSByZXR1cm4gLXJldDsNCiAgICAgaG9zdF9tYiA9IG1hbGxvYyhtc2dz eitzaXplb2YobG9uZykpOw0KICAgICBob3N0X21iLT5tdHlwZSA9IHRzd2Fw bCh0YXJnZXRfbWItPm10eXBlKTsNCiAgICAgbWVtY3B5KGhvc3RfbWItPm10 ZXh0LHRhcmdldF9tYi0+bXRleHQsbXNnc3opOw0KQEAgLTEzNjIsMTMgKzEz NzIsMTQgQEANCiAgICAgcmV0dXJuIHJldDsNCiB9DQogDQotc3RhdGljIGlu bGluZSBsb25nIGRvX21zZ3Jjdihsb25nIG1zcWlkLCBsb25nIG1zZ3AsIGxv bmcgbXNnc3osIGxvbmcgbXNndHlwZSwgbG9uZyBtc2dmbGcpDQorLyogc3Rh dGljIGlubGluZSAqLyBsb25nIGRvX21zZ3Jjdihsb25nIG1zcWlkLCBsb25n IG1zZ3AsIGxvbmcgbXNnc3osIGxvbmcgbXNndHlwZSwgbG9uZyBtc2dmbGcp DQogew0KICAgICBzdHJ1Y3QgdGFyZ2V0X21zZ2J1ZiAqdGFyZ2V0X21iOw0K ICAgICBzdHJ1Y3QgbXNnYnVmICpob3N0X21iOw0KICAgICBsb25nIHJldCA9 IDA7DQogDQogICAgIGxvY2tfdXNlcl9zdHJ1Y3QodGFyZ2V0X21iLG1zZ3As MCk7DQorICAgIGlmKCByZXQ9cGFnZV9jaGVja19yYW5nZSh0YXJnZXRfbWIs c2l6ZW9mKGxvbmcpK21zZ3N6LFBBR0VfV1JJVEUpICkgcmV0dXJuIC1yZXQ7 DQogICAgIGhvc3RfbWIgPSBtYWxsb2MobXNnc3orc2l6ZW9mKGxvbmcpKTsN CiAgICAgcmV0ID0gZ2V0X2Vycm5vKG1zZ3Jjdihtc3FpZCwgaG9zdF9tYiwg bXNnc3osIDEsIG1zZ2ZsZykpOw0KICAgICBpZiggcmV0ID4gMCApDQpAQCAt MTM4MSw3ICsxMzkyLDcgQEANCiB9DQogDQogLyogPz8/IFRoaXMgb25seSB3 b3JrcyB3aXRoIGxpbmVhciBtYXBwaW5ncy4gICovDQotc3RhdGljIGxvbmcg ZG9faXBjKGxvbmcgY2FsbCwgbG9uZyBmaXJzdCwgbG9uZyBzZWNvbmQsIGxv bmcgdGhpcmQsDQorLyogc3RhdGljICovIGxvbmcgZG9faXBjKGxvbmcgY2Fs bCwgbG9uZyBmaXJzdCwgbG9uZyBzZWNvbmQsIGxvbmcgdGhpcmQsDQogCQkg ICBsb25nIHB0ciwgbG9uZyBmaWZ0aCkNCiB7DQogICAgIGludCB2ZXJzaW9u Ow0K ---1463811327-214056360-1174601069=:12505--