[Qemu-devel] [PULL 0/3] Linux user for 4.0 patches

[Qemu-devel] [PULL 0/3] Linux user for 4.0 patches

[Laurent Vivier]

The following changes since commit 47994e16b1d66411953623e7c0bf0cdcd50bd507:

  Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20190205' into staging (2019-02-05 18:25:07 +0000)

are available in the Git repository at:

  git://github.com/vivier/qemu.git tags/linux-user-for-4.0-pull-request

for you to fetch changes up to 0c1beacdb528319fd446b8d44bc540d4d8fb7504:

  linux-user: add new netlink types (2019-02-07 11:51:13 +0100)

----------------------------------------------------------------
- add new netlink type from linux v4.18 and v4.19
- fix coverity warning (CID 1390634)
- fix ioctl(SIOCGIFCONF) crash

----------------------------------------------------------------

Kan Li (1):
  Fix linux-user crashes in ioctl(SIOCGIFCONF) when ifc_buf is NULL.

Laurent Vivier (1):
  linux-user: add new netlink types

Peter Maydell (1):
  linux-user: Check sscanf return value in open_net_route()

 linux-user/fd-trans.c |  8 ++++++
 linux-user/syscall.c  | 67 +++++++++++++++++++++++++------------------
 2 files changed, 47 insertions(+), 28 deletions(-)

-- 
2.20.1

[Qemu-devel] [PULL 1/3] Fix linux-user crashes in ioctl(SIOCGIFCONF) when ifc_buf is NULL.

[Laurent Vivier]

From: Kan Li <likan_999.student@sina.com>

Summary:
This is to fix bug https://bugs.launchpad.net/qemu/+bug/1796754.
It is valid for ifc_buf to be NULL according to
http://man7.org/linux/man-pages/man7/netdevice.7.html.

Signed-off-by: Kan Li <likan_999.student@sina.com>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Message-Id: <20181024201303.114-1-likan_999.student@sina.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
---
 linux-user/syscall.c | 55 ++++++++++++++++++++++++--------------------
 1 file changed, 30 insertions(+), 25 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index bf076cbf8c..5b9d75fbb4 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -4187,28 +4187,32 @@ static abi_long do_ioctl_ifconf(const IOCTLEntry *ie, uint8_t *buf_temp,
     unlock_user(argptr, arg, 0);
 
     host_ifconf = (struct ifconf *)(unsigned long)buf_temp;
-    target_ifc_len = host_ifconf->ifc_len;
     target_ifc_buf = (abi_long)(unsigned long)host_ifconf->ifc_buf;
-
     target_ifreq_size = thunk_type_size(ifreq_arg_type, 0);
-    nb_ifreq = target_ifc_len / target_ifreq_size;
-    host_ifc_len = nb_ifreq * sizeof(struct ifreq);
 
-    outbufsz = sizeof(*host_ifconf) + host_ifc_len;
-    if (outbufsz > MAX_STRUCT_SIZE) {
-        /* We can't fit all the extents into the fixed size buffer.
-         * Allocate one that is large enough and use it instead.
-         */
-        host_ifconf = malloc(outbufsz);
-        if (!host_ifconf) {
-            return -TARGET_ENOMEM;
+    if (target_ifc_buf != 0) {
+        target_ifc_len = host_ifconf->ifc_len;
+        nb_ifreq = target_ifc_len / target_ifreq_size;
+        host_ifc_len = nb_ifreq * sizeof(struct ifreq);
+
+        outbufsz = sizeof(*host_ifconf) + host_ifc_len;
+        if (outbufsz > MAX_STRUCT_SIZE) {
+            /* We can't fit all the extents into the fixed size buffer.
+             * Allocate one that is large enough and use it instead.
+             */
+            host_ifconf = malloc(outbufsz);
+            if (!host_ifconf) {
+                return -TARGET_ENOMEM;
+            }
+            memcpy(host_ifconf, buf_temp, sizeof(*host_ifconf));
+            free_buf = 1;
         }
-        memcpy(host_ifconf, buf_temp, sizeof(*host_ifconf));
-        free_buf = 1;
-    }
-    host_ifc_buf = (char*)host_ifconf + sizeof(*host_ifconf);
+        host_ifc_buf = (char*)host_ifconf + sizeof(*host_ifconf);
 
-    host_ifconf->ifc_len = host_ifc_len;
+        host_ifconf->ifc_len = host_ifc_len;
+    } else {
+      host_ifc_buf = NULL;
+    }
     host_ifconf->ifc_buf = host_ifc_buf;
 
     ret = get_errno(safe_ioctl(fd, ie->host_cmd, host_ifconf));
@@ -4231,15 +4235,16 @@ static abi_long do_ioctl_ifconf(const IOCTLEntry *ie, uint8_t *buf_temp,
         thunk_convert(argptr, host_ifconf, arg_type, THUNK_TARGET);
         unlock_user(argptr, arg, target_size);
 
-	/* copy ifreq[] to target user */
-
-        argptr = lock_user(VERIFY_WRITE, target_ifc_buf, target_ifc_len, 0);
-        for (i = 0; i < nb_ifreq ; i++) {
-            thunk_convert(argptr + i * target_ifreq_size,
-                          host_ifc_buf + i * sizeof(struct ifreq),
-                          ifreq_arg_type, THUNK_TARGET);
+        if (target_ifc_buf != 0) {
+            /* copy ifreq[] to target user */
+            argptr = lock_user(VERIFY_WRITE, target_ifc_buf, target_ifc_len, 0);
+            for (i = 0; i < nb_ifreq ; i++) {
+                thunk_convert(argptr + i * target_ifreq_size,
+                              host_ifc_buf + i * sizeof(struct ifreq),
+                              ifreq_arg_type, THUNK_TARGET);
+            }
+            unlock_user(argptr, target_ifc_buf, target_ifc_len);
         }
-        unlock_user(argptr, target_ifc_buf, target_ifc_len);
     }
 
     if (free_buf) {
-- 
2.20.1

[Qemu-devel] [PULL 2/3] linux-user: Check sscanf return value in open_net_route()

[Laurent Vivier]

From: Peter Maydell <peter.maydell@linaro.org>

Coverity warns (CID 1390634) that open_net_route() is not
checking the return value from sscanf(), which means that
it might then use values that aren't initialized.

Errors here should in general not happen since we're passing
an assumed-good /proc/net/route from the host kernel, but
if we do fail to parse a line then just skip it in the output
we pass to the guest.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20190205174207.9278-1-peter.maydell@linaro.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
---
 linux-user/syscall.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 5b9d75fbb4..a69c734aa0 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -6767,9 +6767,15 @@ static int open_net_route(void *cpu_env, int fd)
         char iface[16];
         uint32_t dest, gw, mask;
         unsigned int flags, refcnt, use, metric, mtu, window, irtt;
-        sscanf(line, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n",
-                     iface, &dest, &gw, &flags, &refcnt, &use, &metric,
-                     &mask, &mtu, &window, &irtt);
+        int fields;
+
+        fields = sscanf(line,
+                        "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n",
+                        iface, &dest, &gw, &flags, &refcnt, &use, &metric,
+                        &mask, &mtu, &window, &irtt);
+        if (fields != 11) {
+            continue;
+        }
         dprintf(fd, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n",
                 iface, tswap32(dest), tswap32(gw), flags, refcnt, use,
                 metric, tswap32(mask), mtu, window, irtt);
-- 
2.20.1

[Qemu-devel] [PULL 3/3] linux-user: add new netlink types

[Laurent Vivier]

Add QEMU_IFLA_MIN_MTU, QEMU_IFLA_MAX_MTU (from linux v4.19)
    QEMU_IFLA_BRPORT_ISOLATED (from linux v4.18) and
    QEMU_IFLA_BRPORT_BACKUP_PORT (from linux v4.19).

These new types fix this error flow with sudo:
...
Unknown host QEMU_IFLA type: 50
Unknown host QEMU_IFLA type: 51
Unknown QEMU_IFLA_BRPORT type 33
...

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20190206193211.6683-1-laurent@vivier.eu>
---
 linux-user/fd-trans.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/linux-user/fd-trans.c b/linux-user/fd-trans.c
index 216b9f0614..30425c9df6 100644
--- a/linux-user/fd-trans.c
+++ b/linux-user/fd-trans.c
@@ -129,6 +129,8 @@ enum {
     QEMU_IFLA_CARRIER_UP_COUNT,
     QEMU_IFLA_CARRIER_DOWN_COUNT,
     QEMU_IFLA_NEW_IFINDEX,
+    QEMU_IFLA_MIN_MTU,
+    QEMU_IFLA_MAX_MTU,
     QEMU___IFLA_MAX
 };
 
@@ -166,6 +168,8 @@ enum {
     QEMU_IFLA_BRPORT_BCAST_FLOOD,
     QEMU_IFLA_BRPORT_GROUP_FWD_MASK,
     QEMU_IFLA_BRPORT_NEIGH_SUPPRESS,
+    QEMU_IFLA_BRPORT_ISOLATED,
+    QEMU_IFLA_BRPORT_BACKUP_PORT,
     QEMU___IFLA_BRPORT_MAX
 };
 
@@ -510,6 +514,7 @@ static abi_long host_to_target_slave_data_bridge_nlattr(struct nlattr *nlattr,
     case QEMU_IFLA_BRPORT_VLAN_TUNNEL:
     case QEMU_IFLA_BRPORT_BCAST_FLOOD:
     case QEMU_IFLA_BRPORT_NEIGH_SUPPRESS:
+    case QEMU_IFLA_BRPORT_ISOLATED:
         break;
     /* uint16_t */
     case QEMU_IFLA_BRPORT_PRIORITY:
@@ -523,6 +528,7 @@ static abi_long host_to_target_slave_data_bridge_nlattr(struct nlattr *nlattr,
         break;
     /* uin32_t */
     case QEMU_IFLA_BRPORT_COST:
+    case QEMU_IFLA_BRPORT_BACKUP_PORT:
         u32 = NLA_DATA(nlattr);
         *u32 = tswap32(*u32);
         break;
@@ -787,6 +793,8 @@ static abi_long host_to_target_data_link_rtattr(struct rtattr *rtattr)
     case QEMU_IFLA_GSO_MAX_SIZE:
     case QEMU_IFLA_CARRIER_UP_COUNT:
     case QEMU_IFLA_CARRIER_DOWN_COUNT:
+    case QEMU_IFLA_MIN_MTU:
+    case QEMU_IFLA_MAX_MTU:
         u32 = RTA_DATA(rtattr);
         *u32 = tswap32(*u32);
         break;
-- 
2.20.1

Re: [Qemu-devel] [PULL 0/3] Linux user for 4.0 patches

[no-reply]

Patchew URL: https://patchew.org/QEMU/20190207105347.22337-1-laurent@vivier.eu/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Subject: [Qemu-devel] [PULL 0/3] Linux user for 4.0 patches
Type: series
Message-id: 20190207105347.22337-1-laurent@vivier.eu

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 t [tag update]            patchew/20190206181725.14337-1-armbru@redhat.com -> patchew/20190206181725.14337-1-armbru@redhat.com
 * [new tag]               patchew/20190207105347.22337-1-laurent@vivier.eu -> patchew/20190207105347.22337-1-laurent@vivier.eu
Switched to a new branch 'test'
11efd0b554 linux-user: add new netlink types
a7c0a6a696 linux-user: Check sscanf return value in open_net_route()
e1edb0bc04 Fix linux-user crashes in ioctl(SIOCGIFCONF) when ifc_buf is NULL.

=== OUTPUT BEGIN ===
1/3 Checking commit e1edb0bc04af (Fix linux-user crashes in ioctl(SIOCGIFCONF) when ifc_buf is NULL.)
WARNING: Block comments use a leading /* on a separate line
#48: FILE: linux-user/syscall.c:4200:
+            /* We can't fit all the extents into the fixed size buffer.

ERROR: "(foo*)" should be "(foo *)"
#62: FILE: linux-user/syscall.c:4210:
+        host_ifc_buf = (char*)host_ifconf + sizeof(*host_ifconf);

total: 1 errors, 1 warnings, 73 lines checked

Patch 1/3 has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.

2/3 Checking commit a7c0a6a696f8 (linux-user: Check sscanf return value in open_net_route())
3/3 Checking commit 11efd0b55422 (linux-user: add new netlink types)
=== OUTPUT END ===

Test command exited with code: 1


The full log is available at
http://patchew.org/logs/20190207105347.22337-1-laurent@vivier.eu/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [http://patchew.org/].
Please send your feedback to patchew-devel@redhat.com

Re: [Qemu-devel] [PULL 0/3] Linux user for 4.0 patches

[Laurent Vivier]

I'm going to resend an updated series.

Thanks,
Laurent

On 07/02/2019 12:37, no-reply@patchew.org wrote:
> Patchew URL: https://patchew.org/QEMU/20190207105347.22337-1-laurent@vivier.eu/
> 
> 
> 
> Hi,
> 
> This series seems to have some coding style problems. See output below for
> more information:
> 
> Subject: [Qemu-devel] [PULL 0/3] Linux user for 4.0 patches
> Type: series
> Message-id: 20190207105347.22337-1-laurent@vivier.eu
> 
> === TEST SCRIPT BEGIN ===
> #!/bin/bash
> git config --local diff.renamelimit 0
> git config --local diff.renames True
> git config --local diff.algorithm histogram
> ./scripts/checkpatch.pl --mailback base..
> === TEST SCRIPT END ===
> 
> Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
> From https://github.com/patchew-project/qemu
>  t [tag update]            patchew/20190206181725.14337-1-armbru@redhat.com -> patchew/20190206181725.14337-1-armbru@redhat.com
>  * [new tag]               patchew/20190207105347.22337-1-laurent@vivier.eu -> patchew/20190207105347.22337-1-laurent@vivier.eu
> Switched to a new branch 'test'
> 11efd0b554 linux-user: add new netlink types
> a7c0a6a696 linux-user: Check sscanf return value in open_net_route()
> e1edb0bc04 Fix linux-user crashes in ioctl(SIOCGIFCONF) when ifc_buf is NULL.
> 
> === OUTPUT BEGIN ===
> 1/3 Checking commit e1edb0bc04af (Fix linux-user crashes in ioctl(SIOCGIFCONF) when ifc_buf is NULL.)
> WARNING: Block comments use a leading /* on a separate line
> #48: FILE: linux-user/syscall.c:4200:
> +            /* We can't fit all the extents into the fixed size buffer.
> 
> ERROR: "(foo*)" should be "(foo *)"
> #62: FILE: linux-user/syscall.c:4210:
> +        host_ifc_buf = (char*)host_ifconf + sizeof(*host_ifconf);
> 
> total: 1 errors, 1 warnings, 73 lines checked
> 
> Patch 1/3 has style problems, please review.  If any of these errors
> are false positives report them to the maintainer, see
> CHECKPATCH in MAINTAINERS.
> 
> 2/3 Checking commit a7c0a6a696f8 (linux-user: Check sscanf return value in open_net_route())
> 3/3 Checking commit 11efd0b55422 (linux-user: add new netlink types)
> === OUTPUT END ===
> 
> Test command exited with code: 1
> 
> 
> The full log is available at
> http://patchew.org/logs/20190207105347.22337-1-laurent@vivier.eu/testing.checkpatch/?type=message.
> ---
> Email generated automatically by Patchew [http://patchew.org/].
> Please send your feedback to patchew-devel@redhat.com
>