From: Laurent Vivier <laurent@vivier.eu>
To: Filip Bozuta <Filip.Bozuta@syrmia.com>, qemu-devel@nongnu.org
Subject: Re: [PATCH] linux-user: Fix 'semop()' and 'semtimedop()' implementation
Date: Wed, 12 Aug 2020 17:45:44 +0200 [thread overview]
Message-ID: <d2c73d12-25a9-e882-3ae3-aba5376fab0f@vivier.eu> (raw)
In-Reply-To: <20200812140704.46242-1-Filip.Bozuta@syrmia.com>
Le 12/08/2020 à 16:07, Filip Bozuta a écrit :
> The implementations of syscalls 'semop()' and 'semtimedop()' in
> file 'syscall.c' use function 'target_to_host_sembuf()' to convert
> values of 'struct sembuf' from host to target. However, before this
> conversion it should be check whether the number of semaphore operations
> 'nsops' is not bigger than maximum allowed semaphor operations per
> syscall: 'SEMOPM'. In these cases, errno 'E2BIG' ("Arg list too long")
> should be set. But the implementation will set errno 'EFAULT' ("Bad address")
> in this case since the conversion from target to host fails.
>
> This was confirmed with the LTP test for 'semop()' ('ipc/semop/semop02') in
> test case where 'nsops' is greater than SEMOPM with unaproppriate errno EFAULT:
>
> semop02.c:130: FAIL: semop failed unexpectedly; expected: E2BIG: EFAULT (14)
>
> This patch changes this by adding a check whether 'nsops' is bigger than
> 'SEMOPM' before the conversion function 'target_to_host_sembuf()' is called.
> After the changes from this patch, the test works fine along with the other
> LTP testcases for 'semop()'):
>
> semop02.c:126: PASS: semop failed as expected: E2BIG (7)
>
> Implementation notes:
>
> A target value ('TARGET_SEMOPM') was added for 'SEMOPM' as to be sure
> in case the value is not available for some targets.
>
> Signed-off-by: Filip Bozuta <Filip.Bozuta@syrmia.com>
> ---
> linux-user/syscall.c | 9 ++++++++-
> 1 file changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index 1211e759c2..4743a5bef2 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -3899,6 +3899,8 @@ static inline abi_long target_to_host_sembuf(struct sembuf *host_sembuf,
> (__nsops), 0, (__sops), (__timeout)
> #endif
>
> +#define TARGET_SEMOPM 500
> +
I think you could use directly SEMOPM as it is the same everywhere.
> static inline abi_long do_semtimedop(int semid,
> abi_long ptr,
> unsigned nsops,
> @@ -3915,8 +3917,13 @@ static inline abi_long do_semtimedop(int semid,
> }
> }
>
> - if (target_to_host_sembuf(sops, ptr, nsops))
> + if (nsops > TARGET_SEMOPM) {
You might move the check before allocation of the memory for sops.
> + return -TARGET_E2BIG;
> + }
> +
> + if (target_to_host_sembuf(sops, ptr, nsops)) {
> return -TARGET_EFAULT;
> + }
>
> ret = -TARGET_ENOSYS;
> #ifdef __NR_semtimedop
>
Thanks,
Laurent
prev parent reply other threads:[~2020-08-12 15:46 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-12 14:07 [PATCH] linux-user: Fix 'semop()' and 'semtimedop()' implementation Filip Bozuta
2020-08-12 15:45 ` Laurent Vivier [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d2c73d12-25a9-e882-3ae3-aba5376fab0f@vivier.eu \
--to=laurent@vivier.eu \
--cc=Filip.Bozuta@syrmia.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).