Re: [PATCH v3 1/2] linux-user: Fix 'mq_timedsend()' and 'mq_timedreceive()'

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Laurent Vivier <laurent@vivier.eu>
To: Filip Bozuta <Filip.Bozuta@syrmia.com>, qemu-devel@nongnu.org
Cc: Riku Voipio <riku.voipio@iki.fi>
Subject: Re: [PATCH v3 1/2] linux-user: Fix 'mq_timedsend()' and 'mq_timedreceive()'
Date: Mon, 24 Aug 2020 22:15:10 +0200	[thread overview]
Message-ID: <ebfec51a-0ab6-a8f3-07b1-ceeffccffa33@vivier.eu> (raw)
In-Reply-To: <20200824193752.67950-2-Filip.Bozuta@syrmia.com>

Le 24/08/2020 à 21:37, Filip Bozuta a écrit :
> Implementations of syscalls 'mq_timedsend()' and 'mq_timedreceive()'
> in 'syscall.c' use functions 'target_to_host_timespec()' and
> 'host_to_target_timespec()' to transfer the value of 'struct timespec'
> between target and host. However, the implementations don't check whether
> this conversion succeeds and thus can cause an unaproppriate error instead
> of the 'EFAULT (Bad address)' which is supposed to be set if the conversion
> from target to host fails. This was confirmed with the modified LTP
> test suite where test cases with a bad adress for 'timespec' were
> added. This modified test suite can be found at:
> https://github.com/bozutaf/ltp
> 
> Without the changes from this patch the bad adress testcase for 'mq_timedsend()'
> succeds unexpectedly, while the test returns errno 'ETIMEOUT' for
> 'mq_timedreceive()':
> 
> mq_timedsend01.c:190: FAIL: mq_timedsend() returned 0, expected -1: SUCCESS (0)
> mq_timedreceive01.c:178: FAIL: mq_timedreceive() failed unexpectedly,
> expected EFAULT: ETIMEDOUT (110)
> 
> After the changes from this patch, testcases for both syscalls fail with EFAULT
> as expected, which is the same test result that is received with native execution:
> 
> mq_timedsend01.c:187: PASS: mq_timedsend() failed expectedly: EFAULT (14)
> mq_timedreceive01.c:180: PASS: mq_timedreceive() failed expectedly: EFAULT (14)
> 
> (Patch with this new test case will be sent to LTP mailing list soon)
> 
> Signed-off-by: Filip Bozuta <Filip.Bozuta@syrmia.com>
> ---
>  linux-user/syscall.c | 16 ++++++++++++----
>  1 file changed, 12 insertions(+), 4 deletions(-)
> 
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index 05f03919ff..4ee1de6e65 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -11817,9 +11817,13 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
>  
>              p = lock_user (VERIFY_READ, arg2, arg3, 1);
>              if (arg5 != 0) {
> -                target_to_host_timespec(&ts, arg5);
> +                if (target_to_host_timespec(&ts, arg5)) {
> +                    return -TARGET_EFAULT;
> +                }
>                  ret = get_errno(safe_mq_timedsend(arg1, p, arg3, arg4, &ts));
> -                host_to_target_timespec(arg5, &ts);
> +                if (!is_error(ret) && host_to_target_timespec(arg5, &ts)) {
> +                    return -TARGET_EFAULT;
> +                }
>              } else {
>                  ret = get_errno(safe_mq_timedsend(arg1, p, arg3, arg4, NULL));
>              }
> @@ -11836,10 +11840,14 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
>  
>              p = lock_user (VERIFY_READ, arg2, arg3, 1);
>              if (arg5 != 0) {
> -                target_to_host_timespec(&ts, arg5);
> +                if (target_to_host_timespec(&ts, arg5)) {
> +                    return -TARGET_EFAULT;
> +                }
>                  ret = get_errno(safe_mq_timedreceive(arg1, p, arg3,
>                                                       &prio, &ts));
> -                host_to_target_timespec(arg5, &ts);
> +                if (!is_error(ret) && host_to_target_timespec(arg5, &ts)) {
> +                    return -TARGET_EFAULT;
> +                }
>              } else {
>                  ret = get_errno(safe_mq_timedreceive(arg1, p, arg3,
>                                                       &prio, NULL));
> 

Reviewed-by: Laurent Vivier <laurent@vivier.eu>

next prev parent reply	other threads:[~2020-08-24 20:16 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-08-24 19:37 [PATCH v3 0/2] linux-user: Introducing functionality for two time64 syscalls Filip Bozuta
2020-08-24 19:37 ` [PATCH v3 1/2] linux-user: Fix 'mq_timedsend()' and 'mq_timedreceive()' Filip Bozuta
2020-08-24 20:15   ` Laurent Vivier [this message]
2020-08-24 20:59   ` Laurent Vivier
2020-08-24 19:37 ` [PATCH v3 2/2] linux-user: Add support for 'mq_timedsend_time64()' and 'mq_timedreceive_time64()' Filip Bozuta
2020-08-24 21:12   ` Laurent Vivier

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ebfec51a-0ab6-a8f3-07b1-ceeffccffa33@vivier.eu \
    --to=laurent@vivier.eu \
    --cc=Filip.Bozuta@syrmia.com \
    --cc=qemu-devel@nongnu.org \
    --cc=riku.voipio@iki.fi \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).