From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:37530) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b6HO7-0007qb-Ir for qemu-devel@nongnu.org; Fri, 27 May 2016 09:01:16 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1b6HO2-0001Jr-7P for qemu-devel@nongnu.org; Fri, 27 May 2016 09:01:15 -0400 Received: from mail-lf0-x229.google.com ([2a00:1450:4010:c07::229]:34353) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b6HO2-0001Jc-01 for qemu-devel@nongnu.org; Fri, 27 May 2016 09:01:10 -0400 Received: by mail-lf0-x229.google.com with SMTP id k98so45670792lfi.1 for ; Fri, 27 May 2016 06:01:09 -0700 (PDT) From: riku.voipio@linaro.org Date: Fri, 27 May 2016 16:00:20 +0300 Message-Id: In-Reply-To: References: Subject: [Qemu-devel] [PULL v2 29/38] linux-user: Handle negative values in timespec conversion List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: Peter Maydell From: Peter Maydell In a struct timespec, both fields are signed longs. Converting them from guest to host with code like host_ts->tv_sec = tswapal(target_ts->tv_sec); mishandles negative values if the guest has 32-bit longs and the host has 64-bit longs because tswapal()'s return type is abi_ulong: the assignment will zero-extend into the host long type rather than sign-extending it. Make the conversion routines use __get_user() and __set_user() instead: this automatically picks up the signedness of the field type and does the correct kind of sign or zero extension. It also handles the possibility that the target struct is not sufficiently aligned for the host's requirements. In particular, this fixes a hang when running the Linux Test Project mq_timedsend01 and mq_timedreceive01 tests: one of the test cases sets the timeout to -1 and expects an EINVAL failure, but we were setting a very long timeout instead. Signed-off-by: Peter Maydell Signed-off-by: Riku Voipio --- linux-user/syscall.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 4e419fb..6c4f5c6 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -5194,8 +5194,8 @@ static inline abi_long target_to_host_timespec(struct timespec *host_ts, if (!lock_user_struct(VERIFY_READ, target_ts, target_addr, 1)) return -TARGET_EFAULT; - host_ts->tv_sec = tswapal(target_ts->tv_sec); - host_ts->tv_nsec = tswapal(target_ts->tv_nsec); + __get_user(host_ts->tv_sec, &target_ts->tv_sec); + __get_user(host_ts->tv_nsec, &target_ts->tv_nsec); unlock_user_struct(target_ts, target_addr, 0); return 0; } @@ -5207,8 +5207,8 @@ static inline abi_long host_to_target_timespec(abi_ulong target_addr, if (!lock_user_struct(VERIFY_WRITE, target_ts, target_addr, 0)) return -TARGET_EFAULT; - target_ts->tv_sec = tswapal(host_ts->tv_sec); - target_ts->tv_nsec = tswapal(host_ts->tv_nsec); + __put_user(host_ts->tv_sec, &target_ts->tv_sec); + __put_user(host_ts->tv_nsec, &target_ts->tv_nsec); unlock_user_struct(target_ts, target_addr, 1); return 0; } -- 2.1.4