From patchwork Tue May  3 19:47:54 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Richard Henderson <richard.henderson@linaro.org>
X-Patchwork-Id: 568984
Delivered-To: patch@linaro.org
Received: by 2002:a05:7000:6886:0:0:0:0 with SMTP id m6csp9790922map;
 Tue, 3 May 2022 13:21:41 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJym7/Mp4eP2Iud3GBpRJTWFuq5b3IvQ4Q7BGK1X0B8+9iTi+LreG172XxiMaNYRUr/H2wyR
X-Received: by 2002:a05:620a:25cd:b0:699:c467:fab0 with SMTP id
 y13-20020a05620a25cd00b00699c467fab0mr13531077qko.395.1651609301701;
 Tue, 03 May 2022 13:21:41 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1651609301; cv=none;
 d=google.com; s=arc-20160816;
 b=wn+I0cKl9ulBXtpF6j8M1LG8JQQnVG2ieLB8CD0x/S+z6CNmShaWa2CGAKD/8Uk2zu
 WVioA8nbim2k/E3T/uz9qVl/ZSLWtxFxw/ZZwhZK8wMwCQ3dnjca6U8NWlTCzKUfeUMA
 TtUx9ZcUxIceGF1T+ZQ6RxSS2V0RW2fmXGekea3jo7jsh3KxXPxvNFT8kNHiu1/t42ru
 nnXs+AOKsf6v9i1e4E9jsMtB/qZxAmu9jNaZcotN+GdfXLUD+ohX3mGcEPXYAVbP9Fao
 R9nPzPL4DdQE6GTEpclOPxH4DQEtZoe6XffcllBKQYiKdjsrM6CISb2FLypkUjZKiske
 aZqw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
 h=sender:errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:content-transfer-encoding
 :mime-version:references:in-reply-to:message-id:date:subject:to:from
 :dkim-signature;
 bh=vqBv2QVKsobJpocmgNSatxx08hnrv6y9/ePykNgKyQg=;
 b=Yh8/wuj3DgD8Eu4/vMcN3QVT6wNC83a8aIiU11yS7WQvWRmEMjfn1ajBsI2Rl6ll5n
 DkQlYKJZqT6V2jaHAHZivwpp9KBALzOktklzc2DB7a14DJHm75O0UTrHaZrwM3nc2OsI
 qmuyUPxO1erys2goSL54k3DQlc/Q0UgyVT0CJIufxlkkwG7GBWQcKtw3xWcWa4CUruiL
 xjq2dNNOiHIxt6ADj0VuaANt0vUTWp9lwXDlD3IiC0uBwxZmReHfglNIg1yRbjZ2+6Ts
 OXztVdrxOHDsjRB2b2dJUIGFzwOv3c9B9KdBIhA7JR8674Xsh/M+STr/hPNDskc/e79s
 oWGA==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=fail header.i=@linaro.org header.s=google header.b=YWJbCzWZ;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17])
 by mx.google.com with ESMTPS id
 v21-20020a05622a189500b002f39edec499si5116896qtc.454.2022.05.03.13.21.41
 for <patch@linaro.org>
 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
 Tue, 03 May 2022 13:21:41 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender) client-ip=209.51.188.17;
Authentication-Results: mx.google.com;
 dkim=fail header.i=@linaro.org header.s=google header.b=YWJbCzWZ;
 spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: from localhost ([::1]:55762 helo=lists1p.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <qemu-devel-bounces+patch=linaro.org@nongnu.org>)
 id 1nlz1h-00012o-3t
 for patch@linaro.org; Tue, 03 May 2022 16:21:41 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:39282)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <richard.henderson@linaro.org>)
 id 1nlyWL-00022D-Hq
 for qemu-devel@nongnu.org; Tue, 03 May 2022 15:49:19 -0400
Received: from mail-pf1-x42a.google.com ([2607:f8b0:4864:20::42a]:33769)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <richard.henderson@linaro.org>)
 id 1nlyWH-0003bP-Jb
 for qemu-devel@nongnu.org; Tue, 03 May 2022 15:49:15 -0400
Received: by mail-pf1-x42a.google.com with SMTP id p12so15616324pfn.0
 for <qemu-devel@nongnu.org>; Tue, 03 May 2022 12:49:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; 
 h=from:to:subject:date:message-id:in-reply-to:references:mime-version
 :content-transfer-encoding;
 bh=vqBv2QVKsobJpocmgNSatxx08hnrv6y9/ePykNgKyQg=;
 b=YWJbCzWZlYhjajRmYRSdmX5daSLcNOj8DJ5lI5inURV8z2D4/2BfbiWwNR5zD5/m/U
 Hv0FO4JtgZkTVdaiwt9ySv5sCoZXSdkw2N8dQOPOUbIANoqMQb3gaapXBtAtP6u1O5X0
 Y3n9KhfRBgbkFxLXNAIoOXu1xG9fHAcD35GOyGXr0mHjchBBpkpEqaame3nI5zeVS5MG
 lEYYPe8utXWQ4Vyepz/1jhCFwb0IPeBJmse+rtHSmVYEnqd67XNSbx6P8YlGqHvuTfyH
 ciBpLbSfNKTMG4nvk1yTrXnyxG1+/pObfB0dZ0EPUlGK5/AZrSUkz/rSeGIro4MgZ9o/
 lR/w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=vqBv2QVKsobJpocmgNSatxx08hnrv6y9/ePykNgKyQg=;
 b=htTGoqY8pqtlqbPUe+H1bOucSlAbMFzc2xAISm/5yqozVJgspRCzkuFJ0qTeYIMnfy
 N27fTuPAm/U2Q91N/dGDj32wSNtiu3Xxn+XFqhFxtvsRyRUrNWxo4hHifYZmKd5jeeaV
 NMwcb08v57avBAUJsim0zhz3sLtyKQq7PGdJU3P79wwaVEIpSULzWaF0+H1q4nli24Oq
 6phk6c0vVAln5e+if7ZPzYLqzmdMCCoSlxClrShP2z4NdnVg5UVzRJemXJCPk1ZTE3p1
 SPNI93CYoxJkAlajGy8nuwDqu3lRvob1kfReqGppoFi4hw0FlecBUZYm2QgrV1EX8Hi4
 cX6g==
X-Gm-Message-State: AOAM533NO3RObNUGArjzm+2zmm/06JtOTBZVN2EWdVZGxEwosKLAj1CT
 MtPSPFCg/DmebXiQDaExU9zWri1kPsNGlA==
X-Received: by 2002:a63:90ca:0:b0:3aa:fff3:6f76 with SMTP id
 a193-20020a6390ca000000b003aafff36f76mr14966943pge.206.1651607350643;
 Tue, 03 May 2022 12:49:10 -0700 (PDT)
Received: from stoup.. ([71.212.142.129]) by smtp.gmail.com with ESMTPSA id
 p11-20020a17090ad30b00b001cd4989fed3sm1712383pju.31.2022.05.03.12.49.09
 for <qemu-devel@nongnu.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 03 May 2022 12:49:10 -0700 (PDT)
From: Richard Henderson <richard.henderson@linaro.org>
To: qemu-devel@nongnu.org
Subject: [PATCH v2 25/74] semihosting: Bound length for semihost_sys_{read,
 write}
Date: Tue,  3 May 2022 12:47:54 -0700
Message-Id: <20220503194843.1379101-26-richard.henderson@linaro.org>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20220503194843.1379101-1-richard.henderson@linaro.org>
References: <20220503194843.1379101-1-richard.henderson@linaro.org>
MIME-Version: 1.0
Received-SPF: pass client-ip=2607:f8b0:4864:20::42a;
 envelope-from=richard.henderson@linaro.org; helo=mail-pf1-x42a.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: "Qemu-devel" <qemu-devel-bounces+patch=linaro.org@nongnu.org>

Fixes a minor bug in which a 64-bit guest on a 32-bit host could
truncate the length.  This would only ever cause a problem if
there were no bits set in the low 32, so that it truncates to 0.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
 semihosting/syscalls.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/semihosting/syscalls.c b/semihosting/syscalls.c
index db4561b798..a5623ebf0f 100644
--- a/semihosting/syscalls.c
+++ b/semihosting/syscalls.c
@@ -313,6 +313,14 @@ void semihost_sys_close(CPUState *cs, gdb_syscall_complete_cb complete, int fd)
 void semihost_sys_read_gf(CPUState *cs, gdb_syscall_complete_cb complete,
                           GuestFD *gf, target_ulong buf, target_ulong len)
 {
+    /*
+     * Bound length for 64-bit guests on 32-bit hosts, not overlowing ssize_t.
+     * Note the Linux kernel does this with MAX_RW_COUNT, so it's not a bad
+     * idea to do this unconditionally.
+     */
+    if (len > INT32_MAX) {
+        len = INT32_MAX;
+    }
     switch (gf->type) {
     case GuestFDGDB:
         gdb_read(cs, complete, gf, buf, len);
@@ -343,6 +351,14 @@ void semihost_sys_read(CPUState *cs, gdb_syscall_complete_cb complete,
 void semihost_sys_write_gf(CPUState *cs, gdb_syscall_complete_cb complete,
                            GuestFD *gf, target_ulong buf, target_ulong len)
 {
+    /*
+     * Bound length for 64-bit guests on 32-bit hosts, not overlowing ssize_t.
+     * Note the Linux kernel does this with MAX_RW_COUNT, so it's not a bad
+     * idea to do this unconditionally.
+     */
+    if (len > INT32_MAX) {
+        len = INT32_MAX;
+    }
     switch (gf->type) {
     case GuestFDGDB:
         gdb_write(cs, complete, gf, buf, len);