From patchwork Mon Jul 30 13:43:20 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Alex_Benn=C3=A9e?= X-Patchwork-Id: 143138 Delivered-To: patch@linaro.org Received: by 2002:a2e:9754:0:0:0:0:0 with SMTP id f20-v6csp4097477ljj; Mon, 30 Jul 2018 06:45:11 -0700 (PDT) X-Google-Smtp-Source: AAOMgpcR+NoXF7OiEHUeXRYFQ9r8sm3k+vUWQA18MIVq2uPBF/+EKQ+Kq7wQmF2kVWTUOqGyH3/O X-Received: by 2002:ac8:6647:: with SMTP id j7-v6mr16357660qtp.231.1532958311356; Mon, 30 Jul 2018 06:45:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1532958311; cv=none; d=google.com; s=arc-20160816; b=a17Gsn8x9VpEGjLtIcV8QmAD5viBSi8U9/hL/ZNYgZv16ezQCrMFqvzGFomoUU05RG B2UDWVxeiZVf3TVB1lOIcYUGTeIzMufGtMv3qmsC41vCIb/QK8O48pQ1GN5iO/AdgsYk uJY664g60DvHQoIie9eHRaY6CEb0kfdb5ZcdGoYptbJhLwhnvOUYQlPDZSwjmPeaAx3U rzQ4Iux/QlQWVM/+qrNQkoOdybWqTnrZR49g8JkV7hBb+wfTbw09Vmnq0+GX0co9kn+g otD3J9m6mkYhA2Jl2TIeKn5ETk/lZsqaIuULfBxn8VaBs256OmFse+rh7/Z05VF+BqIK d/0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject :content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:to:from:dkim-signature:arc-authentication-results; bh=KmBsghCKr5X2jN/mrFwzD702jj7W+Fyscw2MOMpX3Ys=; b=eKahnvmLOBzEEY2/lllJuPBzJL+oRERZxPxH/7Y4JFJF+FWvOutQ4eLVhidVDLwoKs EBCCKQf0PMxbEd0JDS7w8MJp3s9xkOktdpDDJKY9KUNG1OHjJ9aAkgeyigDla0J3doRF b3KiBMXa/6lo82xSSQQ6L0VmKRFf3o8+zIPTehuhzJNjzNeMtCpk431pVPf+WCPvfGHS IAQ4BNfrHKYWAKISp3hfpZEuZO/vJ9RhNBi2Z7ZmDlG1GOR2qPICX3gqNvv+RybvuPmE 7cc9ZzIU/I2osGtZPSXUjnjHCuMbVsmy8nUvTA3kDDFvWMtR3cUAXDKDKcxKNraFShJs WBJg== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@linaro.org header.s=google header.b="L4QBY/S3"; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11]) by mx.google.com with ESMTPS id r15-v6si5129627qte.383.2018.07.30.06.45.11 for (version=TLS1 cipher=AES128-SHA bits=128/128); Mon, 30 Jul 2018 06:45:11 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) client-ip=2001:4830:134:3::11; Authentication-Results: mx.google.com; dkim=fail header.i=@linaro.org header.s=google header.b="L4QBY/S3"; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:52714 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fk8U2-0006up-TQ for patch@linaro.org; Mon, 30 Jul 2018 09:45:10 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:49608) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fk8SN-0006KN-Jp for qemu-devel@nongnu.org; Mon, 30 Jul 2018 09:43:28 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fk8SL-0000yW-6I for qemu-devel@nongnu.org; Mon, 30 Jul 2018 09:43:27 -0400 Received: from mail-wr1-x441.google.com ([2a00:1450:4864:20::441]:40108) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fk8SK-0000y0-WD for qemu-devel@nongnu.org; Mon, 30 Jul 2018 09:43:25 -0400 Received: by mail-wr1-x441.google.com with SMTP id h15-v6so12938764wrs.7 for ; Mon, 30 Jul 2018 06:43:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=KmBsghCKr5X2jN/mrFwzD702jj7W+Fyscw2MOMpX3Ys=; b=L4QBY/S3t4rsEPGdGgEF5RayNFmQfROI4bryB9LB5jyyTLZJ47dVPLsw3+tlKANoV9 uYI2fru3p68uzTBonRzmWaTi9rA871NkB8Th2NBs1KnCUBQkCuJfIzuPJ6jbMlfvLQ13 GBkhg/EtBjD+bYJSYwz5C8lmxFvL/xGk+DBWY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=KmBsghCKr5X2jN/mrFwzD702jj7W+Fyscw2MOMpX3Ys=; b=WRfMlL3NBZUKiPq003ydvgWB09WQ8nQr5wivQV18oZ/u+kiNxa8HGDk+88tMgu1gGf UkeW+k2VF8P0JFeiX8jhUINY04WRTfP0Mj6rRMJcdtXkBAzxL0xra10IoJN1JZunGCF+ O1Gf6a2eIQnIUOskSlpYKNrzcmzD+2Xc/d9cobTWHAlI9NYNfhbe5SWnbYUAtI08VT97 HJjCIgkK/wBKA6Tr6wjaXyR/cGfX9NUBum+1zIRP5lTDLTAGKm5sn8lpdLUffRZ+v5XY TE2T2SRPkQX3oG1FVb7fKdJEUGDlRLxD82YVvRPH0ujDbcM62YbaBYe1YAXdpwBrHdcF iwmA== X-Gm-Message-State: AOUpUlEtq/3M/glUADMuYDu6oUiiwD3rj6/kvqZVxjL8izo+XTG9/iVx n2VTtS5x0TKHsbszKr2DggUBzA== X-Received: by 2002:adf:a49a:: with SMTP id g26-v6mr18123096wrb.91.1532958203897; Mon, 30 Jul 2018 06:43:23 -0700 (PDT) Received: from zen.linaro.local ([81.128.185.34]) by smtp.gmail.com with ESMTPSA id i3-v6sm3407918wmi.35.2018.07.30.06.43.22 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 30 Jul 2018 06:43:22 -0700 (PDT) Received: from zen.linaroharston (localhost [127.0.0.1]) by zen.linaro.local (Postfix) with ESMTP id 035443E0633; Mon, 30 Jul 2018 14:43:22 +0100 (BST) From: =?utf-8?q?Alex_Benn=C3=A9e?= To: qemu-devel@nongnu.org Date: Mon, 30 Jul 2018 14:43:20 +0100 Message-Id: <20180730134321.19898-2-alex.bennee@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180730134321.19898-1-alex.bennee@linaro.org> References: <20180730134321.19898-1-alex.bennee@linaro.org> MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4864:20::441 Subject: [Qemu-devel] [PATCH v2 for 3.0 1/2] linux-user/mmap.c: handle invalid len maps correctly X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?Alex_Benn=C3=A9e?= , Riku Voipio , 1783362@bugs.launchpad.net, Laurent Vivier Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" I've slightly re-organised the check to more closely match the sequence that the kernel uses in do_mmap(). We check for both the zero case (EINVAL) and the overflow length case (ENOMEM). Signed-off-by: Alex Bennée Cc: umarcor <1783362@bugs.launchpad.net> --- v2 - add comment on overflow --- linux-user/mmap.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) -- 2.17.1 Reviewed-by: Laurent Vivier Reviewed-by: Richard Henderson diff --git a/linux-user/mmap.c b/linux-user/mmap.c index d0c50e4888..41e0983ce8 100644 --- a/linux-user/mmap.c +++ b/linux-user/mmap.c @@ -391,14 +391,23 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int prot, } #endif - if (offset & ~TARGET_PAGE_MASK) { + if (!len) { errno = EINVAL; goto fail; } + /* Also check for overflows... */ len = TARGET_PAGE_ALIGN(len); - if (len == 0) - goto the_end; + if (!len) { + errno = ENOMEM; + goto fail; + } + + if (offset & ~TARGET_PAGE_MASK) { + errno = EINVAL; + goto fail; + } + real_start = start & qemu_host_page_mask; host_offset = offset & qemu_host_page_mask; From patchwork Mon Jul 30 13:43:21 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Alex_Benn=C3=A9e?= X-Patchwork-Id: 143139 Delivered-To: patch@linaro.org Received: by 2002:a2e:9754:0:0:0:0:0 with SMTP id f20-v6csp4097713ljj; Mon, 30 Jul 2018 06:45:25 -0700 (PDT) X-Google-Smtp-Source: AAOMgpf/y1uaiuUNJwPrPHqfUMRFP5nyzycUzHcmBx8ryMPE996WRrl2ki3b2bix4rWogWFopU1U X-Received: by 2002:a37:c445:: with SMTP id h5-v6mr15116289qkm.392.1532958325137; Mon, 30 Jul 2018 06:45:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1532958325; cv=none; d=google.com; s=arc-20160816; b=DA6TR9ZVIG9Dmj1RlIx0RTXfcSZkSHf8/18W8zCE/X1rFjFj3/MB4k1+634nK9dYkG Wq9wNWeeUKZAbghLFwFR/mcbyikNxfn7sTTASQIGUv2UOGVff5rR9Jqjy9kqZkIMwS/Q 8AgK2kuWTdg+mMYj30MbdFurYq+Rmb5o73/W5qI9LBTGEgf6IG+b8apqKdenvug76YBZ Q/Xu8EAV4QOpYklcWIsGmFPhWK1Dp0RA3gmm8Z1OYbbo7ffF2xDFu2w4qGBsHq7rJPby JyglrDG9smfszxAy2h1pEZ0WzDMME6nc4+I95orEWM71LeLB2zuprFjU6Q0pr+xW/N/n OzqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject :content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:to:from:dkim-signature:arc-authentication-results; bh=59nLyPd3CzoisaAlF3cdVhDkR3UCyvG+9CHnnPl/Tso=; b=pTFYm9RZtdNJKypc1+z77+HqHYF5AcwP2cGzY4opJYMnSMY7x+fFwRcq+LDlPTrHY7 OdxgwZvxKypAnV4k06htP936inuQWGDL2/KMpYfH7nBJNPmx8U+mqJtye/+JMitP/nrr B7dr/WZya9qudrGvDjqksOGoCFg9tVBMsD2TaRNKyCsKrSV8O5GwL+IBVZ9VUAPCCW3W Gi6cjMLu4S6yihkdzNuG2f1vAJxtwxbrnFnKP01tbx+KRFd9xalIf70YLoWSy5NHFa9I CHGV6qu3LBBtdHe6ENpPMpvW/Hph0+MFae5UadUb4juN45eQW1/JXV6qfYhE29SP2+J+ CqWA== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@linaro.org header.s=google header.b=LKjz8BdT; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11]) by mx.google.com with ESMTPS id k85-v6si8974310qkh.357.2018.07.30.06.45.24 for (version=TLS1 cipher=AES128-SHA bits=128/128); Mon, 30 Jul 2018 06:45:25 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) client-ip=2001:4830:134:3::11; Authentication-Results: mx.google.com; dkim=fail header.i=@linaro.org header.s=google header.b=LKjz8BdT; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from localhost ([::1]:52719 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fk8UG-0007ZH-ME for patch@linaro.org; Mon, 30 Jul 2018 09:45:24 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:49609) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fk8SN-0006KO-K2 for qemu-devel@nongnu.org; Mon, 30 Jul 2018 09:43:28 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fk8SM-0000yx-Fp for qemu-devel@nongnu.org; Mon, 30 Jul 2018 09:43:27 -0400 Received: from mail-wr1-x42d.google.com ([2a00:1450:4864:20::42d]:32936) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fk8SM-0000ye-7s for qemu-devel@nongnu.org; Mon, 30 Jul 2018 09:43:26 -0400 Received: by mail-wr1-x42d.google.com with SMTP id g6-v6so12964578wrp.0 for ; Mon, 30 Jul 2018 06:43:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=59nLyPd3CzoisaAlF3cdVhDkR3UCyvG+9CHnnPl/Tso=; b=LKjz8BdTOevBbe8EzaEziu77MOLBGgav9Z97JR8qeYIJjmwEb9bObv1A2YiizuDMMa QJqVlHMzrKZFO9dEGD6+zwbJWFPfMO+CfE1x1h6gZCvyP9QxI1b2r9hMCnScjBUxNYO5 8ciE4GHxI4ExoGesznLAoj6UPDnP2SnpZk2LI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=59nLyPd3CzoisaAlF3cdVhDkR3UCyvG+9CHnnPl/Tso=; b=R/NRIpV32/TEAnPPMycCaKF4/0WafpQRIwCNKI4hgpTXncK0Y29k5D7OCZPo4dxgS9 YIlZ8mN+gotmHEs93qbiixWPsNOaSGt8ZgJ6SyBVJkGrFxxJZ7nnAORr8CacTWodhhJR h9L2W0jMpS2J5kyC/rFocYFyrHbfcuYhuMyddRA0k9Mv5+M5KfaZZJB++oeTyS2a4z0C RRT7qdYewL3fBGrsPCJGvSZgEISK8+FvQI71K2OWVyWHNuI6A1tQYmdUQFo2ya92Ra3J rT5NILOsW/Q13By1CIzJbLSFAAi+zM5y0IFkkDQ+zYOzZUM7odPrVVGJ1PtF5xv8s7we /z1A== X-Gm-Message-State: AOUpUlEyXxaHz1pHgrPZWCSBLBywGo5C99nll/HhlsCeolBAQoiDzIaG 9ZcRGjKlhgfEKZaSWUJyXAZPHtBp/o0= X-Received: by 2002:adf:8919:: with SMTP id s25-v6mr18398527wrs.89.1532958205119; Mon, 30 Jul 2018 06:43:25 -0700 (PDT) Received: from zen.linaro.local ([81.128.185.34]) by smtp.gmail.com with ESMTPSA id i1-v6sm14704425wrq.69.2018.07.30.06.43.22 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 30 Jul 2018 06:43:23 -0700 (PDT) Received: from zen.linaroharston (localhost [127.0.0.1]) by zen.linaro.local (Postfix) with ESMTP id 1693F3E063A; Mon, 30 Jul 2018 14:43:22 +0100 (BST) From: =?utf-8?q?Alex_Benn=C3=A9e?= To: qemu-devel@nongnu.org Date: Mon, 30 Jul 2018 14:43:21 +0100 Message-Id: <20180730134321.19898-3-alex.bennee@linaro.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20180730134321.19898-1-alex.bennee@linaro.org> References: <20180730134321.19898-1-alex.bennee@linaro.org> MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a00:1450:4864:20::42d Subject: [Qemu-devel] [PATCH v2 for 3.0 2/2] tests: add check_invalid_maps to test-mmap X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?Alex_Benn=C3=A9e?= , 1783362@bugs.launchpad.net Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" This adds a test to make sure we fail properly for a 0 length mmap. There are most likely other failure conditions we should also check. Signed-off-by: Alex Bennée Reviewed-by: Richard Henderson Cc: umarcor <1783362@bugs.launchpad.net> --- v2 - add test for overflow --- tests/tcg/multiarch/test-mmap.c | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) -- 2.17.1 diff --git a/tests/tcg/multiarch/test-mmap.c b/tests/tcg/multiarch/test-mmap.c index 5c0afe6e49..11d0e777b1 100644 --- a/tests/tcg/multiarch/test-mmap.c +++ b/tests/tcg/multiarch/test-mmap.c @@ -27,7 +27,7 @@ #include #include #include - +#include #include #define D(x) @@ -435,6 +435,25 @@ void checked_write(int fd, const void *buf, size_t count) fail_unless(rc == count); } +void check_invalid_mmaps(void) +{ + unsigned char *addr; + + /* Attempt to map a zero length page. */ + addr = mmap(NULL, 0, PROT_READ, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); + fprintf(stdout, "%s addr=%p", __func__, (void *)addr); + fail_unless(addr == MAP_FAILED); + fail_unless(errno == EINVAL); + + /* Attempt to map a over length page. */ + addr = mmap(NULL, -4, PROT_READ, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); + fprintf(stdout, "%s addr=%p", __func__, (void *)addr); + fail_unless(addr == MAP_FAILED); + fail_unless(errno == ENOMEM); + + fprintf(stdout, " passed\n"); +} + int main(int argc, char **argv) { char tempname[] = "/tmp/.cmmapXXXXXX"; @@ -476,6 +495,7 @@ int main(int argc, char **argv) check_file_fixed_mmaps(); check_file_fixed_eof_mmaps(); check_file_unfixed_eof_mmaps(); + check_invalid_mmaps(); /* Fails at the moment. */ /* check_aligned_anonymous_fixed_mmaps_collide_with_host(); */