* [Qemu-devel] [PULL 0/3] Linux user for 4.0 patches
@ 2019-02-07 10:53 Laurent Vivier
2019-02-07 10:53 ` [Qemu-devel] [PULL 1/3] Fix linux-user crashes in ioctl(SIOCGIFCONF) when ifc_buf is NULL Laurent Vivier
` (3 more replies)
0 siblings, 4 replies; 6+ messages in thread
From: Laurent Vivier @ 2019-02-07 10:53 UTC (permalink / raw)
To: qemu-devel; +Cc: Laurent Vivier, Riku Voipio
The following changes since commit 47994e16b1d66411953623e7c0bf0cdcd50bd507:
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20190205' into staging (2019-02-05 18:25:07 +0000)
are available in the Git repository at:
git://github.com/vivier/qemu.git tags/linux-user-for-4.0-pull-request
for you to fetch changes up to 0c1beacdb528319fd446b8d44bc540d4d8fb7504:
linux-user: add new netlink types (2019-02-07 11:51:13 +0100)
----------------------------------------------------------------
- add new netlink type from linux v4.18 and v4.19
- fix coverity warning (CID 1390634)
- fix ioctl(SIOCGIFCONF) crash
----------------------------------------------------------------
Kan Li (1):
Fix linux-user crashes in ioctl(SIOCGIFCONF) when ifc_buf is NULL.
Laurent Vivier (1):
linux-user: add new netlink types
Peter Maydell (1):
linux-user: Check sscanf return value in open_net_route()
linux-user/fd-trans.c | 8 ++++++
linux-user/syscall.c | 67 +++++++++++++++++++++++++------------------
2 files changed, 47 insertions(+), 28 deletions(-)
--
2.20.1
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Qemu-devel] [PULL 1/3] Fix linux-user crashes in ioctl(SIOCGIFCONF) when ifc_buf is NULL.
2019-02-07 10:53 [Qemu-devel] [PULL 0/3] Linux user for 4.0 patches Laurent Vivier
@ 2019-02-07 10:53 ` Laurent Vivier
2019-02-07 10:53 ` [Qemu-devel] [PULL 2/3] linux-user: Check sscanf return value in open_net_route() Laurent Vivier
` (2 subsequent siblings)
3 siblings, 0 replies; 6+ messages in thread
From: Laurent Vivier @ 2019-02-07 10:53 UTC (permalink / raw)
To: qemu-devel; +Cc: Laurent Vivier, Riku Voipio, Kan Li, Laurent Vivier
From: Kan Li <likan_999.student@sina.com>
Summary:
This is to fix bug https://bugs.launchpad.net/qemu/+bug/1796754.
It is valid for ifc_buf to be NULL according to
http://man7.org/linux/man-pages/man7/netdevice.7.html.
Signed-off-by: Kan Li <likan_999.student@sina.com>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Message-Id: <20181024201303.114-1-likan_999.student@sina.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
---
linux-user/syscall.c | 55 ++++++++++++++++++++++++--------------------
1 file changed, 30 insertions(+), 25 deletions(-)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index bf076cbf8c..5b9d75fbb4 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -4187,28 +4187,32 @@ static abi_long do_ioctl_ifconf(const IOCTLEntry *ie, uint8_t *buf_temp,
unlock_user(argptr, arg, 0);
host_ifconf = (struct ifconf *)(unsigned long)buf_temp;
- target_ifc_len = host_ifconf->ifc_len;
target_ifc_buf = (abi_long)(unsigned long)host_ifconf->ifc_buf;
-
target_ifreq_size = thunk_type_size(ifreq_arg_type, 0);
- nb_ifreq = target_ifc_len / target_ifreq_size;
- host_ifc_len = nb_ifreq * sizeof(struct ifreq);
- outbufsz = sizeof(*host_ifconf) + host_ifc_len;
- if (outbufsz > MAX_STRUCT_SIZE) {
- /* We can't fit all the extents into the fixed size buffer.
- * Allocate one that is large enough and use it instead.
- */
- host_ifconf = malloc(outbufsz);
- if (!host_ifconf) {
- return -TARGET_ENOMEM;
+ if (target_ifc_buf != 0) {
+ target_ifc_len = host_ifconf->ifc_len;
+ nb_ifreq = target_ifc_len / target_ifreq_size;
+ host_ifc_len = nb_ifreq * sizeof(struct ifreq);
+
+ outbufsz = sizeof(*host_ifconf) + host_ifc_len;
+ if (outbufsz > MAX_STRUCT_SIZE) {
+ /* We can't fit all the extents into the fixed size buffer.
+ * Allocate one that is large enough and use it instead.
+ */
+ host_ifconf = malloc(outbufsz);
+ if (!host_ifconf) {
+ return -TARGET_ENOMEM;
+ }
+ memcpy(host_ifconf, buf_temp, sizeof(*host_ifconf));
+ free_buf = 1;
}
- memcpy(host_ifconf, buf_temp, sizeof(*host_ifconf));
- free_buf = 1;
- }
- host_ifc_buf = (char*)host_ifconf + sizeof(*host_ifconf);
+ host_ifc_buf = (char*)host_ifconf + sizeof(*host_ifconf);
- host_ifconf->ifc_len = host_ifc_len;
+ host_ifconf->ifc_len = host_ifc_len;
+ } else {
+ host_ifc_buf = NULL;
+ }
host_ifconf->ifc_buf = host_ifc_buf;
ret = get_errno(safe_ioctl(fd, ie->host_cmd, host_ifconf));
@@ -4231,15 +4235,16 @@ static abi_long do_ioctl_ifconf(const IOCTLEntry *ie, uint8_t *buf_temp,
thunk_convert(argptr, host_ifconf, arg_type, THUNK_TARGET);
unlock_user(argptr, arg, target_size);
- /* copy ifreq[] to target user */
-
- argptr = lock_user(VERIFY_WRITE, target_ifc_buf, target_ifc_len, 0);
- for (i = 0; i < nb_ifreq ; i++) {
- thunk_convert(argptr + i * target_ifreq_size,
- host_ifc_buf + i * sizeof(struct ifreq),
- ifreq_arg_type, THUNK_TARGET);
+ if (target_ifc_buf != 0) {
+ /* copy ifreq[] to target user */
+ argptr = lock_user(VERIFY_WRITE, target_ifc_buf, target_ifc_len, 0);
+ for (i = 0; i < nb_ifreq ; i++) {
+ thunk_convert(argptr + i * target_ifreq_size,
+ host_ifc_buf + i * sizeof(struct ifreq),
+ ifreq_arg_type, THUNK_TARGET);
+ }
+ unlock_user(argptr, target_ifc_buf, target_ifc_len);
}
- unlock_user(argptr, target_ifc_buf, target_ifc_len);
}
if (free_buf) {
--
2.20.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [Qemu-devel] [PULL 2/3] linux-user: Check sscanf return value in open_net_route()
2019-02-07 10:53 [Qemu-devel] [PULL 0/3] Linux user for 4.0 patches Laurent Vivier
2019-02-07 10:53 ` [Qemu-devel] [PULL 1/3] Fix linux-user crashes in ioctl(SIOCGIFCONF) when ifc_buf is NULL Laurent Vivier
@ 2019-02-07 10:53 ` Laurent Vivier
2019-02-07 10:53 ` [Qemu-devel] [PULL 3/3] linux-user: add new netlink types Laurent Vivier
2019-02-07 11:37 ` [Qemu-devel] [PULL 0/3] Linux user for 4.0 patches no-reply
3 siblings, 0 replies; 6+ messages in thread
From: Laurent Vivier @ 2019-02-07 10:53 UTC (permalink / raw)
To: qemu-devel
Cc: Laurent Vivier, Riku Voipio, Peter Maydell,
Philippe Mathieu-Daudé,
Stefano Garzarella
From: Peter Maydell <peter.maydell@linaro.org>
Coverity warns (CID 1390634) that open_net_route() is not
checking the return value from sscanf(), which means that
it might then use values that aren't initialized.
Errors here should in general not happen since we're passing
an assumed-good /proc/net/route from the host kernel, but
if we do fail to parse a line then just skip it in the output
we pass to the guest.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20190205174207.9278-1-peter.maydell@linaro.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
---
linux-user/syscall.c | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 5b9d75fbb4..a69c734aa0 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -6767,9 +6767,15 @@ static int open_net_route(void *cpu_env, int fd)
char iface[16];
uint32_t dest, gw, mask;
unsigned int flags, refcnt, use, metric, mtu, window, irtt;
- sscanf(line, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n",
- iface, &dest, &gw, &flags, &refcnt, &use, &metric,
- &mask, &mtu, &window, &irtt);
+ int fields;
+
+ fields = sscanf(line,
+ "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n",
+ iface, &dest, &gw, &flags, &refcnt, &use, &metric,
+ &mask, &mtu, &window, &irtt);
+ if (fields != 11) {
+ continue;
+ }
dprintf(fd, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n",
iface, tswap32(dest), tswap32(gw), flags, refcnt, use,
metric, tswap32(mask), mtu, window, irtt);
--
2.20.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [Qemu-devel] [PULL 3/3] linux-user: add new netlink types
2019-02-07 10:53 [Qemu-devel] [PULL 0/3] Linux user for 4.0 patches Laurent Vivier
2019-02-07 10:53 ` [Qemu-devel] [PULL 1/3] Fix linux-user crashes in ioctl(SIOCGIFCONF) when ifc_buf is NULL Laurent Vivier
2019-02-07 10:53 ` [Qemu-devel] [PULL 2/3] linux-user: Check sscanf return value in open_net_route() Laurent Vivier
@ 2019-02-07 10:53 ` Laurent Vivier
2019-02-07 11:37 ` [Qemu-devel] [PULL 0/3] Linux user for 4.0 patches no-reply
3 siblings, 0 replies; 6+ messages in thread
From: Laurent Vivier @ 2019-02-07 10:53 UTC (permalink / raw)
To: qemu-devel; +Cc: Laurent Vivier, Riku Voipio
Add QEMU_IFLA_MIN_MTU, QEMU_IFLA_MAX_MTU (from linux v4.19)
QEMU_IFLA_BRPORT_ISOLATED (from linux v4.18) and
QEMU_IFLA_BRPORT_BACKUP_PORT (from linux v4.19).
These new types fix this error flow with sudo:
...
Unknown host QEMU_IFLA type: 50
Unknown host QEMU_IFLA type: 51
Unknown QEMU_IFLA_BRPORT type 33
...
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20190206193211.6683-1-laurent@vivier.eu>
---
linux-user/fd-trans.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/linux-user/fd-trans.c b/linux-user/fd-trans.c
index 216b9f0614..30425c9df6 100644
--- a/linux-user/fd-trans.c
+++ b/linux-user/fd-trans.c
@@ -129,6 +129,8 @@ enum {
QEMU_IFLA_CARRIER_UP_COUNT,
QEMU_IFLA_CARRIER_DOWN_COUNT,
QEMU_IFLA_NEW_IFINDEX,
+ QEMU_IFLA_MIN_MTU,
+ QEMU_IFLA_MAX_MTU,
QEMU___IFLA_MAX
};
@@ -166,6 +168,8 @@ enum {
QEMU_IFLA_BRPORT_BCAST_FLOOD,
QEMU_IFLA_BRPORT_GROUP_FWD_MASK,
QEMU_IFLA_BRPORT_NEIGH_SUPPRESS,
+ QEMU_IFLA_BRPORT_ISOLATED,
+ QEMU_IFLA_BRPORT_BACKUP_PORT,
QEMU___IFLA_BRPORT_MAX
};
@@ -510,6 +514,7 @@ static abi_long host_to_target_slave_data_bridge_nlattr(struct nlattr *nlattr,
case QEMU_IFLA_BRPORT_VLAN_TUNNEL:
case QEMU_IFLA_BRPORT_BCAST_FLOOD:
case QEMU_IFLA_BRPORT_NEIGH_SUPPRESS:
+ case QEMU_IFLA_BRPORT_ISOLATED:
break;
/* uint16_t */
case QEMU_IFLA_BRPORT_PRIORITY:
@@ -523,6 +528,7 @@ static abi_long host_to_target_slave_data_bridge_nlattr(struct nlattr *nlattr,
break;
/* uin32_t */
case QEMU_IFLA_BRPORT_COST:
+ case QEMU_IFLA_BRPORT_BACKUP_PORT:
u32 = NLA_DATA(nlattr);
*u32 = tswap32(*u32);
break;
@@ -787,6 +793,8 @@ static abi_long host_to_target_data_link_rtattr(struct rtattr *rtattr)
case QEMU_IFLA_GSO_MAX_SIZE:
case QEMU_IFLA_CARRIER_UP_COUNT:
case QEMU_IFLA_CARRIER_DOWN_COUNT:
+ case QEMU_IFLA_MIN_MTU:
+ case QEMU_IFLA_MAX_MTU:
u32 = RTA_DATA(rtattr);
*u32 = tswap32(*u32);
break;
--
2.20.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [Qemu-devel] [PULL 0/3] Linux user for 4.0 patches
2019-02-07 10:53 [Qemu-devel] [PULL 0/3] Linux user for 4.0 patches Laurent Vivier
` (2 preceding siblings ...)
2019-02-07 10:53 ` [Qemu-devel] [PULL 3/3] linux-user: add new netlink types Laurent Vivier
@ 2019-02-07 11:37 ` no-reply
2019-02-07 13:01 ` Laurent Vivier
3 siblings, 1 reply; 6+ messages in thread
From: no-reply @ 2019-02-07 11:37 UTC (permalink / raw)
To: laurent; +Cc: fam, qemu-devel, riku.voipio
Patchew URL: https://patchew.org/QEMU/20190207105347.22337-1-laurent@vivier.eu/
Hi,
This series seems to have some coding style problems. See output below for
more information:
Subject: [Qemu-devel] [PULL 0/3] Linux user for 4.0 patches
Type: series
Message-id: 20190207105347.22337-1-laurent@vivier.eu
=== TEST SCRIPT BEGIN ===
#!/bin/bash
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===
Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
t [tag update] patchew/20190206181725.14337-1-armbru@redhat.com -> patchew/20190206181725.14337-1-armbru@redhat.com
* [new tag] patchew/20190207105347.22337-1-laurent@vivier.eu -> patchew/20190207105347.22337-1-laurent@vivier.eu
Switched to a new branch 'test'
11efd0b554 linux-user: add new netlink types
a7c0a6a696 linux-user: Check sscanf return value in open_net_route()
e1edb0bc04 Fix linux-user crashes in ioctl(SIOCGIFCONF) when ifc_buf is NULL.
=== OUTPUT BEGIN ===
1/3 Checking commit e1edb0bc04af (Fix linux-user crashes in ioctl(SIOCGIFCONF) when ifc_buf is NULL.)
WARNING: Block comments use a leading /* on a separate line
#48: FILE: linux-user/syscall.c:4200:
+ /* We can't fit all the extents into the fixed size buffer.
ERROR: "(foo*)" should be "(foo *)"
#62: FILE: linux-user/syscall.c:4210:
+ host_ifc_buf = (char*)host_ifconf + sizeof(*host_ifconf);
total: 1 errors, 1 warnings, 73 lines checked
Patch 1/3 has style problems, please review. If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
2/3 Checking commit a7c0a6a696f8 (linux-user: Check sscanf return value in open_net_route())
3/3 Checking commit 11efd0b55422 (linux-user: add new netlink types)
=== OUTPUT END ===
Test command exited with code: 1
The full log is available at
http://patchew.org/logs/20190207105347.22337-1-laurent@vivier.eu/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-devel@redhat.com
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Qemu-devel] [PULL 0/3] Linux user for 4.0 patches
2019-02-07 11:37 ` [Qemu-devel] [PULL 0/3] Linux user for 4.0 patches no-reply
@ 2019-02-07 13:01 ` Laurent Vivier
0 siblings, 0 replies; 6+ messages in thread
From: Laurent Vivier @ 2019-02-07 13:01 UTC (permalink / raw)
To: qemu-devel; +Cc: fam, riku.voipio, Peter Maydell
I'm going to resend an updated series.
Thanks,
Laurent
On 07/02/2019 12:37, no-reply@patchew.org wrote:
> Patchew URL: https://patchew.org/QEMU/20190207105347.22337-1-laurent@vivier.eu/
>
>
>
> Hi,
>
> This series seems to have some coding style problems. See output below for
> more information:
>
> Subject: [Qemu-devel] [PULL 0/3] Linux user for 4.0 patches
> Type: series
> Message-id: 20190207105347.22337-1-laurent@vivier.eu
>
> === TEST SCRIPT BEGIN ===
> #!/bin/bash
> git config --local diff.renamelimit 0
> git config --local diff.renames True
> git config --local diff.algorithm histogram
> ./scripts/checkpatch.pl --mailback base..
> === TEST SCRIPT END ===
>
> Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
> From https://github.com/patchew-project/qemu
> t [tag update] patchew/20190206181725.14337-1-armbru@redhat.com -> patchew/20190206181725.14337-1-armbru@redhat.com
> * [new tag] patchew/20190207105347.22337-1-laurent@vivier.eu -> patchew/20190207105347.22337-1-laurent@vivier.eu
> Switched to a new branch 'test'
> 11efd0b554 linux-user: add new netlink types
> a7c0a6a696 linux-user: Check sscanf return value in open_net_route()
> e1edb0bc04 Fix linux-user crashes in ioctl(SIOCGIFCONF) when ifc_buf is NULL.
>
> === OUTPUT BEGIN ===
> 1/3 Checking commit e1edb0bc04af (Fix linux-user crashes in ioctl(SIOCGIFCONF) when ifc_buf is NULL.)
> WARNING: Block comments use a leading /* on a separate line
> #48: FILE: linux-user/syscall.c:4200:
> + /* We can't fit all the extents into the fixed size buffer.
>
> ERROR: "(foo*)" should be "(foo *)"
> #62: FILE: linux-user/syscall.c:4210:
> + host_ifc_buf = (char*)host_ifconf + sizeof(*host_ifconf);
>
> total: 1 errors, 1 warnings, 73 lines checked
>
> Patch 1/3 has style problems, please review. If any of these errors
> are false positives report them to the maintainer, see
> CHECKPATCH in MAINTAINERS.
>
> 2/3 Checking commit a7c0a6a696f8 (linux-user: Check sscanf return value in open_net_route())
> 3/3 Checking commit 11efd0b55422 (linux-user: add new netlink types)
> === OUTPUT END ===
>
> Test command exited with code: 1
>
>
> The full log is available at
> http://patchew.org/logs/20190207105347.22337-1-laurent@vivier.eu/testing.checkpatch/?type=message.
> ---
> Email generated automatically by Patchew [http://patchew.org/].
> Please send your feedback to patchew-devel@redhat.com
>
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2019-02-07 13:02 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-02-07 10:53 [Qemu-devel] [PULL 0/3] Linux user for 4.0 patches Laurent Vivier
2019-02-07 10:53 ` [Qemu-devel] [PULL 1/3] Fix linux-user crashes in ioctl(SIOCGIFCONF) when ifc_buf is NULL Laurent Vivier
2019-02-07 10:53 ` [Qemu-devel] [PULL 2/3] linux-user: Check sscanf return value in open_net_route() Laurent Vivier
2019-02-07 10:53 ` [Qemu-devel] [PULL 3/3] linux-user: add new netlink types Laurent Vivier
2019-02-07 11:37 ` [Qemu-devel] [PULL 0/3] Linux user for 4.0 patches no-reply
2019-02-07 13:01 ` Laurent Vivier
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.