From patchwork Mon Jul 30 13:43:20 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Alex_Benn=C3=A9e?= X-Patchwork-Id: 143138 Delivered-To: patch@linaro.org Received: by 2002:a2e:9754:0:0:0:0:0 with SMTP id f20-v6csp4097477ljj; Mon, 30 Jul 2018 06:45:11 -0700 (PDT) X-Google-Smtp-Source: AAOMgpcR+NoXF7OiEHUeXRYFQ9r8sm3k+vUWQA18MIVq2uPBF/+EKQ+Kq7wQmF2kVWTUOqGyH3/O X-Received: by 2002:ac8:6647:: with SMTP id j7-v6mr16357660qtp.231.1532958311356; Mon, 30 Jul 2018 06:45:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1532958311; cv=none; d=google.com; s=arc-20160816; b=a17Gsn8x9VpEGjLtIcV8QmAD5viBSi8U9/hL/ZNYgZv16ezQCrMFqvzGFomoUU05RG B2UDWVxeiZVf3TVB1lOIcYUGTeIzMufGtMv3qmsC41vCIb/QK8O48pQ1GN5iO/AdgsYk uJY664g60DvHQoIie9eHRaY6CEb0kfdb5ZcdGoYptbJhLwhnvOUYQlPDZSwjmPeaAx3U rzQ4Iux/QlQWVM/+qrNQkoOdybWqTnrZR49g8JkV7hBb+wfTbw09Vmnq0+GX0co9kn+g otD3J9m6mkYhA2Jl2TIeKn5ETk/lZsqaIuULfBxn8VaBs256OmFse+rh7/Z05VF+BqIK d/0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject :content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:to:from:dkim-signature:arc-authentication-results; bh=KmBsghCKr5X2jN/mrFwzD702jj7W+Fyscw2MOMpX3Ys=; b=eKahnvmLOBzEEY2/lllJuPBzJL+oRERZxPxH/7Y4JFJF+FWvOutQ4eLVhidVDLwoKs EBCCKQf0PMxbEd0JDS7w8MJp3s9xkOktdpDDJKY9KUNG1OHjJ9aAkgeyigDla0J3doRF b3KiBMXa/6lo82xSSQQ6L0VmKRFf3o8+zIPTehuhzJNjzNeMtCpk431pVPf+WCPvfGHS IAQ4BNfrHKYWAKISp3hfpZEuZO/vJ9RhNBi2Z7ZmDlG1GOR2qPICX3gqNvv+RybvuPmE 7cc9ZzIU/I2osGtZPSXUjnjHCuMbVsmy8nUvTA3kDDFvWMtR3cUAXDKDKcxKNraFShJs WBJg== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@linaro.org header.s=google header.b="L4QBY/S3"; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11]) by mx.google.com with ESMTPS id r15-v6si5129627qte.383.2018.07.30.06.45.11 for (version=TLS1 cipher=AES128-SHA bits=128/128); Mon, 30 Jul 2018 06:45:11 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) client-ip=2001:4830:134:3::11; Authentication-Results: mx.google.com; dkim=fail header.i=@linaro.org header.s=google header.b="L4QBY/S3"; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:52714 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fk8U2-0006up-TQ for patch@linaro.org; Mon, 30 Jul 2018 09:45:10 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:49608) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fk8SN-0006KN-Jp for qemu-devel@nongnu.org; Mon, 30 Jul 2018 09:43:28 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fk8SL-0000yW-6I for qemu-devel@nongnu.org; Mon, 30 Jul 2018 09:43:27 -0400 Received: from mail-wr1-x441.google.com ([2a00:1450:4864:20::441]:40108) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fk8SK-0000y0-WD for qemu-devel@nongnu.org; Mon, 30 Jul 2018 09:43:25 -0400 Received: by mail-wr1-x441.google.com with SMTP id h15-v6so12938764wrs.7 for ; Mon, 30 Jul 2018 06:43:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=KmBsghCKr5X2jN/mrFwzD702jj7W+Fyscw2MOMpX3Ys=; b=L4QBY/S3t4rsEPGdGgEF5RayNFmQfROI4bryB9LB5jyyTLZJ47dVPLsw3+tlKANoV9 uYI2fru3p68uzTBonRzmWaTi9rA871NkB8Th2NBs1KnCUBQkCuJfIzuPJ6jbMlfvLQ13 GBkhg/EtBjD+bYJSYwz5C8lmxFvL/xGk+DBWY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=KmBsghCKr5X2jN/mrFwzD702jj7W+Fyscw2MOMpX3Ys=; b=WRfMlL3NBZUKiPq003ydvgWB09WQ8nQr5wivQV18oZ/u+kiNxa8HGDk+88tMgu1gGf UkeW+k2VF8P0JFeiX8jhUINY04WRTfP0Mj6rRMJcdtXkBAzxL0xra10IoJN1JZunGCF+ O1Gf6a2eIQnIUOskSlpYKNrzcmzD+2Xc/d9cobTWHAlI9NYNfhbe5SWnbYUAtI08VT97 HJjCIgkK/wBKA6Tr6wjaXyR/cGfX9NUBum+1zIRP5lTDLTAGKm5sn8lpdLUffRZ+v5XY TE2T2SRPkQX3oG1FVb7fKdJEUGDlRLxD82YVvRPH0ujDbcM62YbaBYe1YAXdpwBrHdcF iwmA== X-Gm-Message-State: AOUpUlEtq/3M/glUADMuYDu6oUiiwD3rj6/kvqZVxjL8izo+XTG9/iVx n2VTtS5x0TKHsbszKr2DggUBzA== X-Received: by 2002:adf:a49a:: with SMTP id g26-v6mr18123096wrb.91.1532958203897; Mon, 30 Jul 2018 06:43:23 -0700 (PDT) Received: from zen.linaro.local ([81.128.185.34]) by smtp.gmail.com with ESMTPSA id i3-v6sm3407918wmi.35.2018.07.30.06.43.22 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 30 Jul 2018 06:43:22 -0700 (PDT) Received: from zen.linaroharston (localhost [127.0.0.1]) by zen.linaro.local (Postfix) with ESMTP id 035443E0633; Mon, 30 Jul 2018 14:43:22 +0100 (BST) From: =?utf-8?q?Alex_Benn=C3=A9e?= To: qemu-devel@nongnu.org Date: Mon, 30 Jul 2018 14:43:20 +0100 Message-Id: <20180730134321.19898-2-alex.bennee@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180730134321.19898-1-alex.bennee@linaro.org> References: <20180730134321.19898-1-alex.bennee@linaro.org> MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4864:20::441 Subject: [Qemu-devel] [PATCH v2 for 3.0 1/2] linux-user/mmap.c: handle invalid len maps correctly X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?Alex_Benn=C3=A9e?= , Riku Voipio , 1783362@bugs.launchpad.net, Laurent Vivier Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" I've slightly re-organised the check to more closely match the sequence that the kernel uses in do_mmap(). We check for both the zero case (EINVAL) and the overflow length case (ENOMEM). Signed-off-by: Alex Bennée Cc: umarcor <1783362@bugs.launchpad.net> --- v2 - add comment on overflow --- linux-user/mmap.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) -- 2.17.1 Reviewed-by: Laurent Vivier Reviewed-by: Richard Henderson diff --git a/linux-user/mmap.c b/linux-user/mmap.c index d0c50e4888..41e0983ce8 100644 --- a/linux-user/mmap.c +++ b/linux-user/mmap.c @@ -391,14 +391,23 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int prot, } #endif - if (offset & ~TARGET_PAGE_MASK) { + if (!len) { errno = EINVAL; goto fail; } + /* Also check for overflows... */ len = TARGET_PAGE_ALIGN(len); - if (len == 0) - goto the_end; + if (!len) { + errno = ENOMEM; + goto fail; + } + + if (offset & ~TARGET_PAGE_MASK) { + errno = EINVAL; + goto fail; + } + real_start = start & qemu_host_page_mask; host_offset = offset & qemu_host_page_mask;