[Qemu-devel] [PATCH] linux-user: check valid address in access

All of lore.kernel.org
 help / color / mirror / Atom feed

* [Qemu-devel] [PATCH] linux-user: check valid address in access_ok()
@ 2019-02-08 17:35 Rémi Denis-Courmont
  2019-02-08 18:33 ` Laurent Vivier
  0 siblings, 1 reply; 5+ messages in thread
From: Rémi Denis-Courmont @ 2019-02-08 17:35 UTC (permalink / raw)
  To: qemu-devel

This works around the LTP crash, but there are problably better ways to
go about it.

Signed-off-by: Rémi Denis-Courmont <remi@remlab.net>
Cc: <lvivier@redhat.com>
---
 linux-user/qemu.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/linux-user/qemu.h b/linux-user/qemu.h
index ef400cb78a..1d222a0cce 100644
--- a/linux-user/qemu.h
+++ b/linux-user/qemu.h
@@ -457,7 +457,8 @@ extern unsigned long guest_stack_size;
 
 static inline int access_ok(int type, abi_ulong addr, abi_ulong size)
 {
-    return page_check_range((target_ulong)addr, size,
+    return guest_addr_valid(addr) && guest_addr_valid(addr + size) &&
+           page_check_range((target_ulong)addr, size,
                             (type == VERIFY_READ) ? PAGE_READ : (PAGE_READ | PAGE_WRITE)) == 0;
 }
 
-- 
2.20.1

^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [Qemu-devel] [PATCH] linux-user: check valid address in access_ok()
  2019-02-08 17:35 [Qemu-devel] [PATCH] linux-user: check valid address in access_ok() Rémi Denis-Courmont
@ 2019-02-08 18:33 ` Laurent Vivier
  2019-02-14  9:22   ` Laurent Vivier
  0 siblings, 1 reply; 5+ messages in thread
From: Laurent Vivier @ 2019-02-08 18:33 UTC (permalink / raw)
  To: Rémi Denis-Courmont, qemu-devel

On 08/02/2019 18:35, Rémi Denis-Courmont wrote:
> This works around the LTP crash, but there are problably better ways to
> go about it.
> 
> Signed-off-by: Rémi Denis-Courmont <remi@remlab.net>
> Cc: <lvivier@redhat.com>
> ---
>  linux-user/qemu.h | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/linux-user/qemu.h b/linux-user/qemu.h
> index ef400cb78a..1d222a0cce 100644
> --- a/linux-user/qemu.h
> +++ b/linux-user/qemu.h
> @@ -457,7 +457,8 @@ extern unsigned long guest_stack_size;
>  
>  static inline int access_ok(int type, abi_ulong addr, abi_ulong size)
>  {
> -    return page_check_range((target_ulong)addr, size,
> +    return guest_addr_valid(addr) && guest_addr_valid(addr + size) &&

I think it should be guest_addr_valid(addr + size - 1).

Except that, it looks good.

Thanks,
Laurent

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [Qemu-devel] [PATCH] linux-user: check valid address in access_ok()
  2019-02-08 18:33 ` Laurent Vivier
@ 2019-02-14  9:22   ` Laurent Vivier
  2019-02-18 12:56     ` Remi Denis Courmont
  0 siblings, 1 reply; 5+ messages in thread
From: Laurent Vivier @ 2019-02-14  9:22 UTC (permalink / raw)
  To: Rémi Denis-Courmont, qemu-devel; +Cc: remi.denis.courmont

On 08/02/2019 19:33, Laurent Vivier wrote:
> On 08/02/2019 18:35, Rémi Denis-Courmont wrote:
>> This works around the LTP crash, but there are problably better ways to
>> go about it.
>>
>> Signed-off-by: Rémi Denis-Courmont <remi@remlab.net>
>> Cc: <lvivier@redhat.com>
>> ---
>>  linux-user/qemu.h | 3 ++-
>>  1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/linux-user/qemu.h b/linux-user/qemu.h
>> index ef400cb78a..1d222a0cce 100644
>> --- a/linux-user/qemu.h
>> +++ b/linux-user/qemu.h
>> @@ -457,7 +457,8 @@ extern unsigned long guest_stack_size;
>>  
>>  static inline int access_ok(int type, abi_ulong addr, abi_ulong size)
>>  {
>> -    return page_check_range((target_ulong)addr, size,
>> +    return guest_addr_valid(addr) && guest_addr_valid(addr + size) &&
> 
> I think it should be guest_addr_valid(addr + size - 1).

In fact (len == 0 || guest_addr_valid(addr + size - 1)).

Could you send a new version of your patch?

I've received several mail delivery system errors regarding your email
address remi@remlab.net.

Thanks,
Laurent

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [Qemu-devel] [PATCH] linux-user: check valid address in access_ok()
  2019-02-14  9:22   ` Laurent Vivier
@ 2019-02-18 12:56     ` Remi Denis Courmont
  0 siblings, 0 replies; 5+ messages in thread
From: Remi Denis Courmont @ 2019-02-18 12:56 UTC (permalink / raw)
  To: Laurent Vivier, Rémi Denis-Courmont, qemu-devel

Hi,

I don't think that len == 0 is a sufficient condition to eliminate integer overflow. It only ensures that size - 1 is a positive quantity.

________________________________________
De : Laurent Vivier [laurent@vivier.eu]
Envoyé : jeudi 14 février 2019 11:22
À : Rémi Denis-Courmont; qemu-devel@nongnu.org
Cc : Remi Denis Courmont
Objet : Re: [Qemu-devel] [PATCH] linux-user: check valid address in access_ok()

On 08/02/2019 19:33, Laurent Vivier wrote:
> On 08/02/2019 18:35, Rémi Denis-Courmont wrote:
>> This works around the LTP crash, but there are problably better ways to
>> go about it.
>>
>> Signed-off-by: Rémi Denis-Courmont <remi@remlab.net>
>> Cc: <lvivier@redhat.com>
>> ---
>>  linux-user/qemu.h | 3 ++-
>>  1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/linux-user/qemu.h b/linux-user/qemu.h
>> index ef400cb78a..1d222a0cce 100644
>> --- a/linux-user/qemu.h
>> +++ b/linux-user/qemu.h
>> @@ -457,7 +457,8 @@ extern unsigned long guest_stack_size;
>>
>>  static inline int access_ok(int type, abi_ulong addr, abi_ulong size)
>>  {
>> -    return page_check_range((target_ulong)addr, size,
>> +    return guest_addr_valid(addr) && guest_addr_valid(addr + size) &&
>
> I think it should be guest_addr_valid(addr + size - 1).

In fact (len == 0 || guest_addr_valid(addr + size - 1)).

Could you send a new version of your patch?

I've received several mail delivery system errors regarding your email
address remi@remlab.net.

Thanks,
Laurent


^ permalink raw reply	[flat|nested] 5+ messages in thread

* [Qemu-devel] [PATCH] linux-user: check valid address in access_ok()
@ 2019-07-04  8:41 Laurent Vivier
  0 siblings, 0 replies; 5+ messages in thread
From: Laurent Vivier @ 2019-07-04  8:41 UTC (permalink / raw)
  To: qemu-devel
  Cc: Laurent Vivier, Rémi Denis-Courmont, Riku Voipio,
	Laurent Vivier, Paolo Bonzini, Richard Henderson

From: Rémi Denis-Courmont <remi@remlab.net>

Fix a crash with LTP testsuite and aarch64:

  tst_test.c:1015: INFO: Timeout per run is 0h 05m 00s
  qemu-aarch64: .../qemu/accel/tcg/translate-all.c:2522: page_check_range: Assertion `start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS)' failed.
  qemu:handle_cpu_signal received signal outside vCPU context @ pc=0x60001554

page_check_range() should never be called with address outside the guest
address space. This patch adds a guest_addr_valid() check in access_ok()
to only call page_check_range() with a valid address.

Fixes: f6768aa1b4c6 ("target/arm: fix AArch64 virtual address space size")
Signed-off-by: Rémi Denis-Courmont <remi@remlab.net>
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
---

Notes:
    v2: Check addr + size - 1
        guest_addr_valid() is always true if
        HOST_LONG_BITS <= TARGET_VIRT_ADDR_SPACE_BITS

 include/exec/cpu_ldst.h | 4 ++++
 linux-user/qemu.h       | 4 +++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h
index a08b11bd2c07..06080d27ba15 100644
--- a/include/exec/cpu_ldst.h
+++ b/include/exec/cpu_ldst.h
@@ -62,7 +62,11 @@ typedef uint64_t abi_ptr;
 /* All direct uses of g2h and h2g need to go away for usermode softmmu.  */
 #define g2h(x) ((void *)((unsigned long)(abi_ptr)(x) + guest_base))
 
+#if HOST_LONG_BITS <= TARGET_VIRT_ADDR_SPACE_BITS
+#define guest_addr_valid(x) (1)
+#else
 #define guest_addr_valid(x) ((x) <= GUEST_ADDR_MAX)
+#endif
 #define h2g_valid(x) guest_addr_valid((unsigned long)(x) - guest_base)
 
 static inline int guest_range_valid(unsigned long start, unsigned long len)
diff --git a/linux-user/qemu.h b/linux-user/qemu.h
index fab287b7ec50..4258e4162d26 100644
--- a/linux-user/qemu.h
+++ b/linux-user/qemu.h
@@ -456,7 +456,9 @@ extern unsigned long guest_stack_size;
 
 static inline int access_ok(int type, abi_ulong addr, abi_ulong size)
 {
-    return page_check_range((target_ulong)addr, size,
+    return guest_addr_valid(addr) &&
+           (size == 0 || guest_addr_valid(addr + size - 1)) &&
+           page_check_range((target_ulong)addr, size,
                             (type == VERIFY_READ) ? PAGE_READ : (PAGE_READ | PAGE_WRITE)) == 0;
 }
 
-- 
2.21.0



^ permalink raw reply related	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2019-07-04  8:42 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-02-08 17:35 [Qemu-devel] [PATCH] linux-user: check valid address in access_ok() Rémi Denis-Courmont
2019-02-08 18:33 ` Laurent Vivier
2019-02-14  9:22   ` Laurent Vivier
2019-02-18 12:56     ` Remi Denis Courmont
2019-07-04  8:41 Laurent Vivier

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.