* [Qemu-devel] [PATCH] linux-user: check valid address in access_ok()
@ 2019-02-08 17:35 Rémi Denis-Courmont
2019-02-08 18:33 ` Laurent Vivier
0 siblings, 1 reply; 5+ messages in thread
From: Rémi Denis-Courmont @ 2019-02-08 17:35 UTC (permalink / raw)
To: qemu-devel
This works around the LTP crash, but there are problably better ways to
go about it.
Signed-off-by: Rémi Denis-Courmont <remi@remlab.net>
Cc: <lvivier@redhat.com>
---
linux-user/qemu.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/linux-user/qemu.h b/linux-user/qemu.h
index ef400cb78a..1d222a0cce 100644
--- a/linux-user/qemu.h
+++ b/linux-user/qemu.h
@@ -457,7 +457,8 @@ extern unsigned long guest_stack_size;
static inline int access_ok(int type, abi_ulong addr, abi_ulong size)
{
- return page_check_range((target_ulong)addr, size,
+ return guest_addr_valid(addr) && guest_addr_valid(addr + size) &&
+ page_check_range((target_ulong)addr, size,
(type == VERIFY_READ) ? PAGE_READ : (PAGE_READ | PAGE_WRITE)) == 0;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [Qemu-devel] [PATCH] linux-user: check valid address in access_ok()
2019-02-08 17:35 [Qemu-devel] [PATCH] linux-user: check valid address in access_ok() Rémi Denis-Courmont
@ 2019-02-08 18:33 ` Laurent Vivier
2019-02-14 9:22 ` Laurent Vivier
0 siblings, 1 reply; 5+ messages in thread
From: Laurent Vivier @ 2019-02-08 18:33 UTC (permalink / raw)
To: Rémi Denis-Courmont, qemu-devel
On 08/02/2019 18:35, Rémi Denis-Courmont wrote:
> This works around the LTP crash, but there are problably better ways to
> go about it.
>
> Signed-off-by: Rémi Denis-Courmont <remi@remlab.net>
> Cc: <lvivier@redhat.com>
> ---
> linux-user/qemu.h | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/linux-user/qemu.h b/linux-user/qemu.h
> index ef400cb78a..1d222a0cce 100644
> --- a/linux-user/qemu.h
> +++ b/linux-user/qemu.h
> @@ -457,7 +457,8 @@ extern unsigned long guest_stack_size;
>
> static inline int access_ok(int type, abi_ulong addr, abi_ulong size)
> {
> - return page_check_range((target_ulong)addr, size,
> + return guest_addr_valid(addr) && guest_addr_valid(addr + size) &&
I think it should be guest_addr_valid(addr + size - 1).
Except that, it looks good.
Thanks,
Laurent
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Qemu-devel] [PATCH] linux-user: check valid address in access_ok()
2019-02-08 18:33 ` Laurent Vivier
@ 2019-02-14 9:22 ` Laurent Vivier
2019-02-18 12:56 ` Remi Denis Courmont
0 siblings, 1 reply; 5+ messages in thread
From: Laurent Vivier @ 2019-02-14 9:22 UTC (permalink / raw)
To: Rémi Denis-Courmont, qemu-devel; +Cc: remi.denis.courmont
On 08/02/2019 19:33, Laurent Vivier wrote:
> On 08/02/2019 18:35, Rémi Denis-Courmont wrote:
>> This works around the LTP crash, but there are problably better ways to
>> go about it.
>>
>> Signed-off-by: Rémi Denis-Courmont <remi@remlab.net>
>> Cc: <lvivier@redhat.com>
>> ---
>> linux-user/qemu.h | 3 ++-
>> 1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/linux-user/qemu.h b/linux-user/qemu.h
>> index ef400cb78a..1d222a0cce 100644
>> --- a/linux-user/qemu.h
>> +++ b/linux-user/qemu.h
>> @@ -457,7 +457,8 @@ extern unsigned long guest_stack_size;
>>
>> static inline int access_ok(int type, abi_ulong addr, abi_ulong size)
>> {
>> - return page_check_range((target_ulong)addr, size,
>> + return guest_addr_valid(addr) && guest_addr_valid(addr + size) &&
>
> I think it should be guest_addr_valid(addr + size - 1).
In fact (len == 0 || guest_addr_valid(addr + size - 1)).
Could you send a new version of your patch?
I've received several mail delivery system errors regarding your email
address remi@remlab.net.
Thanks,
Laurent
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Qemu-devel] [PATCH] linux-user: check valid address in access_ok()
2019-02-14 9:22 ` Laurent Vivier
@ 2019-02-18 12:56 ` Remi Denis Courmont
0 siblings, 0 replies; 5+ messages in thread
From: Remi Denis Courmont @ 2019-02-18 12:56 UTC (permalink / raw)
To: Laurent Vivier, Rémi Denis-Courmont, qemu-devel
Hi,
I don't think that len == 0 is a sufficient condition to eliminate integer overflow. It only ensures that size - 1 is a positive quantity.
________________________________________
De : Laurent Vivier [laurent@vivier.eu]
Envoyé : jeudi 14 février 2019 11:22
À : Rémi Denis-Courmont; qemu-devel@nongnu.org
Cc : Remi Denis Courmont
Objet : Re: [Qemu-devel] [PATCH] linux-user: check valid address in access_ok()
On 08/02/2019 19:33, Laurent Vivier wrote:
> On 08/02/2019 18:35, Rémi Denis-Courmont wrote:
>> This works around the LTP crash, but there are problably better ways to
>> go about it.
>>
>> Signed-off-by: Rémi Denis-Courmont <remi@remlab.net>
>> Cc: <lvivier@redhat.com>
>> ---
>> linux-user/qemu.h | 3 ++-
>> 1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/linux-user/qemu.h b/linux-user/qemu.h
>> index ef400cb78a..1d222a0cce 100644
>> --- a/linux-user/qemu.h
>> +++ b/linux-user/qemu.h
>> @@ -457,7 +457,8 @@ extern unsigned long guest_stack_size;
>>
>> static inline int access_ok(int type, abi_ulong addr, abi_ulong size)
>> {
>> - return page_check_range((target_ulong)addr, size,
>> + return guest_addr_valid(addr) && guest_addr_valid(addr + size) &&
>
> I think it should be guest_addr_valid(addr + size - 1).
In fact (len == 0 || guest_addr_valid(addr + size - 1)).
Could you send a new version of your patch?
I've received several mail delivery system errors regarding your email
address remi@remlab.net.
Thanks,
Laurent
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Qemu-devel] [PATCH] linux-user: check valid address in access_ok()
@ 2019-07-04 8:41 Laurent Vivier
0 siblings, 0 replies; 5+ messages in thread
From: Laurent Vivier @ 2019-07-04 8:41 UTC (permalink / raw)
To: qemu-devel
Cc: Laurent Vivier, Rémi Denis-Courmont, Riku Voipio,
Laurent Vivier, Paolo Bonzini, Richard Henderson
From: Rémi Denis-Courmont <remi@remlab.net>
Fix a crash with LTP testsuite and aarch64:
tst_test.c:1015: INFO: Timeout per run is 0h 05m 00s
qemu-aarch64: .../qemu/accel/tcg/translate-all.c:2522: page_check_range: Assertion `start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS)' failed.
qemu:handle_cpu_signal received signal outside vCPU context @ pc=0x60001554
page_check_range() should never be called with address outside the guest
address space. This patch adds a guest_addr_valid() check in access_ok()
to only call page_check_range() with a valid address.
Fixes: f6768aa1b4c6 ("target/arm: fix AArch64 virtual address space size")
Signed-off-by: Rémi Denis-Courmont <remi@remlab.net>
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
---
Notes:
v2: Check addr + size - 1
guest_addr_valid() is always true if
HOST_LONG_BITS <= TARGET_VIRT_ADDR_SPACE_BITS
include/exec/cpu_ldst.h | 4 ++++
linux-user/qemu.h | 4 +++-
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h
index a08b11bd2c07..06080d27ba15 100644
--- a/include/exec/cpu_ldst.h
+++ b/include/exec/cpu_ldst.h
@@ -62,7 +62,11 @@ typedef uint64_t abi_ptr;
/* All direct uses of g2h and h2g need to go away for usermode softmmu. */
#define g2h(x) ((void *)((unsigned long)(abi_ptr)(x) + guest_base))
+#if HOST_LONG_BITS <= TARGET_VIRT_ADDR_SPACE_BITS
+#define guest_addr_valid(x) (1)
+#else
#define guest_addr_valid(x) ((x) <= GUEST_ADDR_MAX)
+#endif
#define h2g_valid(x) guest_addr_valid((unsigned long)(x) - guest_base)
static inline int guest_range_valid(unsigned long start, unsigned long len)
diff --git a/linux-user/qemu.h b/linux-user/qemu.h
index fab287b7ec50..4258e4162d26 100644
--- a/linux-user/qemu.h
+++ b/linux-user/qemu.h
@@ -456,7 +456,9 @@ extern unsigned long guest_stack_size;
static inline int access_ok(int type, abi_ulong addr, abi_ulong size)
{
- return page_check_range((target_ulong)addr, size,
+ return guest_addr_valid(addr) &&
+ (size == 0 || guest_addr_valid(addr + size - 1)) &&
+ page_check_range((target_ulong)addr, size,
(type == VERIFY_READ) ? PAGE_READ : (PAGE_READ | PAGE_WRITE)) == 0;
}
--
2.21.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
end of thread, other threads:[~2019-07-04 8:42 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-02-08 17:35 [Qemu-devel] [PATCH] linux-user: check valid address in access_ok() Rémi Denis-Courmont
2019-02-08 18:33 ` Laurent Vivier
2019-02-14 9:22 ` Laurent Vivier
2019-02-18 12:56 ` Remi Denis Courmont
2019-07-04 8:41 Laurent Vivier
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.