From: Laurent Vivier <laurent@vivier.eu>
To: qemu-devel@nongnu.org
Cc: "Laurent Vivier" <lvivier@redhat.com>,
"Rémi Denis-Courmont" <remi@remlab.net>,
"Aleksandar Rikalo" <arikalo@wavecomp.com>,
"Riku Voipio" <riku.voipio@iki.fi>,
"Laurent Vivier" <laurent@vivier.eu>,
"Aleksandar Markovic" <amarkovic@wavecomp.com>,
"Paolo Bonzini" <pbonzini@redhat.com>,
"Aurelien Jarno" <aurelien@aurel32.net>,
"Richard Henderson" <rth@twiddle.net>
Subject: [Qemu-devel] [PULL v2 2/3] linux-user: check valid address in access_ok()
Date: Fri, 19 Jul 2019 10:06:09 +0200 [thread overview]
Message-ID: <20190719080610.1607-3-laurent@vivier.eu> (raw)
In-Reply-To: <20190719080610.1607-1-laurent@vivier.eu>
From: Rémi Denis-Courmont <remi@remlab.net>
Fix a crash with LTP testsuite and aarch64:
tst_test.c:1015: INFO: Timeout per run is 0h 05m 00s
qemu-aarch64: .../qemu/accel/tcg/translate-all.c:2522: page_check_range: Assertion `start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS)' failed.
qemu:handle_cpu_signal received signal outside vCPU context @ pc=0x60001554
page_check_range() should never be called with address outside the guest
address space. This patch adds a guest_addr_valid() check in access_ok()
to only call page_check_range() with a valid address.
Fixes: f6768aa1b4c6 ("target/arm: fix AArch64 virtual address space size")
Signed-off-by: Rémi Denis-Courmont <remi@remlab.net>
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Message-Id: <20190704084115.24713-1-lvivier@redhat.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
---
include/exec/cpu_ldst.h | 4 ++++
linux-user/qemu.h | 4 +++-
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/include/exec/cpu_ldst.h b/include/exec/cpu_ldst.h
index 9de8c933031b..9151fdb042c4 100644
--- a/include/exec/cpu_ldst.h
+++ b/include/exec/cpu_ldst.h
@@ -62,7 +62,11 @@ typedef uint64_t abi_ptr;
/* All direct uses of g2h and h2g need to go away for usermode softmmu. */
#define g2h(x) ((void *)((unsigned long)(abi_ptr)(x) + guest_base))
+#if HOST_LONG_BITS <= TARGET_VIRT_ADDR_SPACE_BITS
+#define guest_addr_valid(x) (1)
+#else
#define guest_addr_valid(x) ((x) <= GUEST_ADDR_MAX)
+#endif
#define h2g_valid(x) guest_addr_valid((unsigned long)(x) - guest_base)
static inline int guest_range_valid(unsigned long start, unsigned long len)
diff --git a/linux-user/qemu.h b/linux-user/qemu.h
index fab287b7ec50..4258e4162d26 100644
--- a/linux-user/qemu.h
+++ b/linux-user/qemu.h
@@ -456,7 +456,9 @@ extern unsigned long guest_stack_size;
static inline int access_ok(int type, abi_ulong addr, abi_ulong size)
{
- return page_check_range((target_ulong)addr, size,
+ return guest_addr_valid(addr) &&
+ (size == 0 || guest_addr_valid(addr + size - 1)) &&
+ page_check_range((target_ulong)addr, size,
(type == VERIFY_READ) ? PAGE_READ : (PAGE_READ | PAGE_WRITE)) == 0;
}
--
2.21.0
next prev parent reply other threads:[~2019-07-19 8:06 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-19 8:06 [Qemu-devel] [PULL v2 0/3] Linux user for 4.1 patches Laurent Vivier
2019-07-19 8:06 ` [Qemu-devel] [PULL v2 1/3] linux-user: Fix structure target_ucontext for MIPS Laurent Vivier
2019-07-19 8:06 ` Laurent Vivier [this message]
2019-07-19 8:06 ` [Qemu-devel] [PULL v2 3/3] linux-user: fix to handle variably sized SIOCGSTAMP with new kernels Laurent Vivier
2019-07-19 9:26 ` [Qemu-devel] [PULL v2 0/3] Linux user for 4.1 patches Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190719080610.1607-3-laurent@vivier.eu \
--to=laurent@vivier.eu \
--cc=amarkovic@wavecomp.com \
--cc=arikalo@wavecomp.com \
--cc=aurelien@aurel32.net \
--cc=lvivier@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=remi@remlab.net \
--cc=riku.voipio@iki.fi \
--cc=rth@twiddle.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).