Re: [Qemu-devel] [PATCH v2 1/3] linux-user: Avoid possible misalignment in host_to_target_siginfo()

From: Laurent Vivier <laurent@vivier.eu>
To: Peter Maydell <peter.maydell@linaro.org>, qemu-devel@nongnu.org
Cc: patches@linaro.org, Riku Voipio <riku.voipio@linaro.org>
Subject: Re: [Qemu-devel] [PATCH v2 1/3] linux-user: Avoid possible misalignment in host_to_target_siginfo()
Date: Thu, 9 Jun 2016 21:27:39 +0200	[thread overview]
Message-ID: <442bc295-44f4-6a10-32e5-6ff165542f1b@vivier.eu> (raw)
In-Reply-To: <1465481378-20662-2-git-send-email-peter.maydell@linaro.org>


Le 09/06/2016 à 16:09, Peter Maydell a écrit :
> host_to_target_siginfo() is implemented by a combination of
> host_to_target_siginfo_noswap() followed by tswap_siginfo().
> The first of these two functions assumes that the target_siginfo_t
> it is writing to is correctly aligned, but the pointer passed
> into host_to_target_siginfo() is directly from the guest and
> might be misaligned. Use a local variable to avoid this problem.
> (tswap_siginfo() does now correctly handle a misaligned destination.)
> 
> We have to add a memset() to host_to_target_siginfo_noswap()
> to avoid some false positive "may be used uninitialized" warnings
> from gcc about subfields of the _sifields union if it chooses to
> inline both tswap_siginfo() and host_to_target_siginfo_noswap()
> into host_to_target_siginfo().
> 
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Reviewed-by: Laurent Vivier <laurent@vivier.eu>

> ---
>  linux-user/signal.c | 13 +++++++++++--
>  1 file changed, 11 insertions(+), 2 deletions(-)
> 
> diff --git a/linux-user/signal.c b/linux-user/signal.c
> index 61c1145..37fb60f 100644
> --- a/linux-user/signal.c
> +++ b/linux-user/signal.c
> @@ -281,6 +281,14 @@ static inline void host_to_target_siginfo_noswap(target_siginfo_t *tinfo,
>      tinfo->si_errno = 0;
>      tinfo->si_code = info->si_code;
>  
> +    /* This memset serves two purposes:
> +     * (1) ensure we don't leak random junk to the guest later
> +     * (2) placate false positives from gcc about fields
> +     *     being used uninitialized if it chooses to inline both this
> +     *     function and tswap_siginfo() into host_to_target_siginfo().
> +     */
> +    memset(tinfo->_sifields._pad, 0, sizeof(tinfo->_sifields._pad));
> +
>      /* This is awkward, because we have to use a combination of
>       * the si_code and si_signo to figure out which of the union's
>       * members are valid. (Within the host kernel it is always possible
> @@ -400,8 +408,9 @@ static void tswap_siginfo(target_siginfo_t *tinfo,
>  
>  void host_to_target_siginfo(target_siginfo_t *tinfo, const siginfo_t *info)
>  {
> -    host_to_target_siginfo_noswap(tinfo, info);
> -    tswap_siginfo(tinfo, tinfo);
> +    target_siginfo_t tgt_tmp;
> +    host_to_target_siginfo_noswap(&tgt_tmp, info);
> +    tswap_siginfo(tinfo, &tgt_tmp);
>  }
>  
>  /* XXX: we support only POSIX RT signals are used. */
>