[PULL 0/1] Linux user for 6.0 patches

[PULL 0/1] Linux user for 6.0 patches

[Laurent Vivier]

The following changes since commit d0d3dd401b70168a353450e031727affee828527:

  Update version for v6.0.0-rc2 release (2021-04-06 18:34:34 +0100)

are available in the Git repository at:

  git://github.com/vivier/qemu.git tags/linux-user-for-6.0-pull-request

for you to fetch changes up to 360f0abdc51652b06a3718ed43a8688562e69ca4:

  linux-user: Use signed lengths in uaccess.c (2021-04-07 18:55:27 +0200)

----------------------------------------------------------------
linux-user pull request 20210409

Fix lock_user()/unlock_user()

----------------------------------------------------------------

Richard Henderson (1):
  linux-user: Use signed lengths in uaccess.c

 linux-user/qemu.h    | 15 +++++++++------
 linux-user/uaccess.c | 12 ++++++------
 2 files changed, 15 insertions(+), 12 deletions(-)

-- 
2.30.2

[PULL 1/1] linux-user: Use signed lengths in uaccess.c

[Laurent Vivier]

From: Richard Henderson <richard.henderson@linaro.org>

Partially revert 09f679b62dff, but only for the length arguments.
Instead of reverting to long, use ssize_t.  Reinstate the > 0 check
in unlock_user.

Fixes: 09f679b62dff
Reported-by: Coverity (CID 1446711)
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20210315204004.2025219-1-richard.henderson@linaro.org>
[lv: remove superfluous semicolon]
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
---
 linux-user/qemu.h    | 15 +++++++++------
 linux-user/uaccess.c | 12 ++++++------
 2 files changed, 15 insertions(+), 12 deletions(-)

diff --git a/linux-user/qemu.h b/linux-user/qemu.h
index 52c981710b4c..74e06e7121c5 100644
--- a/linux-user/qemu.h
+++ b/linux-user/qemu.h
@@ -627,8 +627,8 @@ static inline bool access_ok(CPUState *cpu, int type,
  * buffers between the target and host.  These internally perform
  * locking/unlocking of the memory.
  */
-int copy_from_user(void *hptr, abi_ulong gaddr, size_t len);
-int copy_to_user(abi_ulong gaddr, void *hptr, size_t len);
+int copy_from_user(void *hptr, abi_ulong gaddr, ssize_t len);
+int copy_to_user(abi_ulong gaddr, void *hptr, ssize_t len);
 
 /* Functions for accessing guest memory.  The tget and tput functions
    read/write single values, byteswapping as necessary.  The lock_user function
@@ -638,16 +638,19 @@ int copy_to_user(abi_ulong gaddr, void *hptr, size_t len);
 
 /* Lock an area of guest memory into the host.  If copy is true then the
    host area will have the same contents as the guest.  */
-void *lock_user(int type, abi_ulong guest_addr, size_t len, bool copy);
+void *lock_user(int type, abi_ulong guest_addr, ssize_t len, bool copy);
 
 /* Unlock an area of guest memory.  The first LEN bytes must be
    flushed back to guest memory. host_ptr = NULL is explicitly
    allowed and does nothing. */
 #ifndef DEBUG_REMAP
-static inline void unlock_user(void *host_ptr, abi_ulong guest_addr, size_t len)
-{ }
+static inline void unlock_user(void *host_ptr, abi_ulong guest_addr,
+                               ssize_t len)
+{
+    /* no-op */
+}
 #else
-void unlock_user(void *host_ptr, abi_ulong guest_addr, long len);
+void unlock_user(void *host_ptr, abi_ulong guest_addr, ssize_t len);
 #endif
 
 /* Return the length of a string in target memory or -TARGET_EFAULT if
diff --git a/linux-user/uaccess.c b/linux-user/uaccess.c
index c69691301637..6a5b029607c6 100644
--- a/linux-user/uaccess.c
+++ b/linux-user/uaccess.c
@@ -4,7 +4,7 @@
 
 #include "qemu.h"
 
-void *lock_user(int type, abi_ulong guest_addr, size_t len, bool copy)
+void *lock_user(int type, abi_ulong guest_addr, ssize_t len, bool copy)
 {
     void *host_addr;
 
@@ -24,7 +24,7 @@ void *lock_user(int type, abi_ulong guest_addr, size_t len, bool copy)
 }
 
 #ifdef DEBUG_REMAP
-void unlock_user(void *host_ptr, abi_ulong guest_addr, size_t len);
+void unlock_user(void *host_ptr, abi_ulong guest_addr, ssize_t len)
 {
     void *host_ptr_conv;
 
@@ -35,7 +35,7 @@ void unlock_user(void *host_ptr, abi_ulong guest_addr, size_t len);
     if (host_ptr == host_ptr_conv) {
         return;
     }
-    if (len != 0) {
+    if (len > 0) {
         memcpy(host_ptr_conv, host_ptr, len);
     }
     g_free(host_ptr);
@@ -48,14 +48,14 @@ void *lock_user_string(abi_ulong guest_addr)
     if (len < 0) {
         return NULL;
     }
-    return lock_user(VERIFY_READ, guest_addr, (size_t)len + 1, 1);
+    return lock_user(VERIFY_READ, guest_addr, len + 1, 1);
 }
 
 /* copy_from_user() and copy_to_user() are usually used to copy data
  * buffers between the target and host.  These internally perform
  * locking/unlocking of the memory.
  */
-int copy_from_user(void *hptr, abi_ulong gaddr, size_t len)
+int copy_from_user(void *hptr, abi_ulong gaddr, ssize_t len)
 {
     int ret = 0;
     void *ghptr = lock_user(VERIFY_READ, gaddr, len, 1);
@@ -69,7 +69,7 @@ int copy_from_user(void *hptr, abi_ulong gaddr, size_t len)
     return ret;
 }
 
-int copy_to_user(abi_ulong gaddr, void *hptr, size_t len)
+int copy_to_user(abi_ulong gaddr, void *hptr, ssize_t len)
 {
     int ret = 0;
     void *ghptr = lock_user(VERIFY_WRITE, gaddr, len, 0);
-- 
2.30.2

Re: [PULL 0/1] Linux user for 6.0 patches

[Peter Maydell]

On Fri, 9 Apr 2021 at 14:11, Laurent Vivier <laurent@vivier.eu> wrote:
>
> The following changes since commit d0d3dd401b70168a353450e031727affee828527:
>
>   Update version for v6.0.0-rc2 release (2021-04-06 18:34:34 +0100)
>
> are available in the Git repository at:
>
>   git://github.com/vivier/qemu.git tags/linux-user-for-6.0-pull-request
>
> for you to fetch changes up to 360f0abdc51652b06a3718ed43a8688562e69ca4:
>
>   linux-user: Use signed lengths in uaccess.c (2021-04-07 18:55:27 +0200)
>
> ----------------------------------------------------------------
> linux-user pull request 20210409
>
> Fix lock_user()/unlock_user()
>
> ----------------------------------------------------------------


Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/6.0
for any user-visible changes.

-- PMM

Re: [PULL 0/1] Linux user for 6.0 patches

[Peter Maydell]

On Tue, 30 Mar 2021 at 15:49, Laurent Vivier <laurent@vivier.eu> wrote:
>
> The following changes since commit ec2e6e016d24bd429792d08cf607e4c5350dcdaa:
>
>   Merge remote-tracking branch 'remotes/vivier2/tags/linux-user-for-6.0-pull-=
> request' into staging (2021-03-28 19:49:57 +0100)
>
> are available in the Git repository at:
>
>   git://github.com/vivier/qemu.git tags/linux-user-for-6.0-pull-request
>
> for you to fetch changes up to 13e340c886679fb17df02a35e7d82cb8beb6e9f4:
>
>   linux-user: NETLINK_LIST_MEMBERSHIPS: Allow bad ptr if its length is 0 (202=
> 1-03-29 21:56:18 +0200)
>
> ----------------------------------------------------------------
> linux-user Pull request 20210330
>
> Fix NETLINK_LIST_MEMBERSHIPS with NULL/invalid pointer and 0 length
>
> ----------------------------------------------------------------


Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/6.0
for any user-visible changes.

-- PMM

Re: [PULL 0/1] Linux user for 6.0 patches

[Peter Maydell]

On Tue, 30 Mar 2021 at 15:49, Laurent Vivier <laurent@vivier.eu> wrote:
>
> The following changes since commit ec2e6e016d24bd429792d08cf607e4c5350dcdaa:
>
>   Merge remote-tracking branch 'remotes/vivier2/tags/linux-user-for-6.0-pull-=
> request' into staging (2021-03-28 19:49:57 +0100)
>
> are available in the Git repository at:
>
>   git://github.com/vivier/qemu.git tags/linux-user-for-6.0-pull-request
>
> for you to fetch changes up to 13e340c886679fb17df02a35e7d82cb8beb6e9f4:
>
>   linux-user: NETLINK_LIST_MEMBERSHIPS: Allow bad ptr if its length is 0 (202=
> 1-03-29 21:56:18 +0200)
>
> ----------------------------------------------------------------
> linux-user Pull request 20210330
>
> Fix NETLINK_LIST_MEMBERSHIPS with NULL/invalid pointer and 0 length
>
> ----------------------------------------------------------------
>
> Fr=C3=A9d=C3=A9ric Fortier (1):
>   linux-user: NETLINK_LIST_MEMBERSHIPS: Allow bad ptr if its length is 0
>
>  linux-user/syscall.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

This didn't quite make it in time for rc1, but it's only one patch;
it's still on my to-process queue and I'll apply it tomorrow.

thanks
-- PMM

[PULL 0/1] Linux user for 6.0 patches

[Laurent Vivier]

The following changes since commit ec2e6e016d24bd429792d08cf607e4c5350dcdaa:

  Merge remote-tracking branch 'remotes/vivier2/tags/linux-user-for-6.0-pull-=
request' into staging (2021-03-28 19:49:57 +0100)

are available in the Git repository at:

  git://github.com/vivier/qemu.git tags/linux-user-for-6.0-pull-request

for you to fetch changes up to 13e340c886679fb17df02a35e7d82cb8beb6e9f4:

  linux-user: NETLINK_LIST_MEMBERSHIPS: Allow bad ptr if its length is 0 (202=
1-03-29 21:56:18 +0200)

----------------------------------------------------------------
linux-user Pull request 20210330

Fix NETLINK_LIST_MEMBERSHIPS with NULL/invalid pointer and 0 length

----------------------------------------------------------------

Fr=C3=A9d=C3=A9ric Fortier (1):
  linux-user: NETLINK_LIST_MEMBERSHIPS: Allow bad ptr if its length is 0

 linux-user/syscall.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--=20
2.30.2