From b9a0be9239ef58630c6b436ac7ed2cf0bc3a028d Mon Sep 17 00:00:00 2001 From: Riku Voipio Date: Wed, 28 Sep 2016 00:25:19 +0300 Subject: linux-user: remove ifdef __USER_MISC This preprocessor macro isn't set anywhere. Remove the check so -strace can show these options. Signed-off-by: Riku Voipio --- linux-user/strace.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/linux-user/strace.c b/linux-user/strace.c index 489dbc9583..8fb1b6e252 100644 --- a/linux-user/strace.c +++ b/linux-user/strace.c @@ -90,10 +90,8 @@ if( cmd == val ) { \ output_cmd( IPC_STAT ); output_cmd( IPC_INFO ); /* msgctl() commands */ - #ifdef __USER_MISC output_cmd( MSG_STAT ); output_cmd( MSG_INFO ); - #endif /* shmctl() commands */ output_cmd( SHM_LOCK ); output_cmd( SHM_UNLOCK ); -- cgit v1.2.3 From 5fbf66e6a12314655f341d1b0b482215a68e2842 Mon Sep 17 00:00:00 2001 From: Riku Voipio Date: Wed, 28 Sep 2016 01:05:22 +0300 Subject: linux-user: drop __cygwin__ ifdef linux-user doesn't work on cygwin anyways. Cc: Richard Henderson Signed-off-by: Riku Voipio --- linux-user/mmap.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/linux-user/mmap.c b/linux-user/mmap.c index 61685bf79e..4ed9cad412 100644 --- a/linux-user/mmap.c +++ b/linux-user/mmap.c @@ -193,9 +193,6 @@ static int mmap_frag(abi_ulong real_start, #if HOST_LONG_BITS == 64 && TARGET_ABI_BITS == 64 # define TASK_UNMAPPED_BASE (1ul << 38) -#elif defined(__CYGWIN__) -/* Cygwin doesn't have a whole lot of address space. */ -# define TASK_UNMAPPED_BASE 0x18000000 #else # define TASK_UNMAPPED_BASE 0x40000000 #endif -- cgit v1.2.3 From 6cde51769e75d41cade0a5b3755da0c20a96309a Mon Sep 17 00:00:00 2001 From: Richard Henderson Date: Wed, 26 Oct 2016 12:08:52 -0700 Subject: linux-user: Fix s390x safe-syscall for z900 The LT instruction was added in the extended immediate facility introduced with the z9-109 processor. Cc: Riku Voipio Reported-by: Michael Tokarev Fixes: c9bc3437a905b660561a26cd4ecc64579843267b Suggested-by: Aurelien Jarno Reviewed-by: Thomas Huth Signed-off-by: Richard Henderson Signed-off-by: Riku Voipio --- linux-user/host/s390x/safe-syscall.inc.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linux-user/host/s390x/safe-syscall.inc.S b/linux-user/host/s390x/safe-syscall.inc.S index f1b446abf6..414b44ad38 100644 --- a/linux-user/host/s390x/safe-syscall.inc.S +++ b/linux-user/host/s390x/safe-syscall.inc.S @@ -72,7 +72,7 @@ safe_syscall_base: */ safe_syscall_start: /* if signal_pending is non-zero, don't do the call */ - lt %r0,0(%r8) + icm %r0,15,0(%r8) jne 2f svc 0 safe_syscall_end: -- cgit v1.2.3 From fea243e90a3647d8616317a5834497fa30a63700 Mon Sep 17 00:00:00 2001 From: Lena Djokic Date: Thu, 24 Nov 2016 17:08:53 +0100 Subject: linux-user: Fix inotify_init1 support This commit adds necessary conversion of argument passed to inotify_init1. inotify_init1 flags can be IN_NONBLOCK and IN_CLOEXEC which rely on O_NONBLOCK and O_CLOEXEC and those can have different values on different platforms. Signed-off-by: Lena Djokic Reviewed-by: Peter Maydell Signed-off-by: Riku Voipio --- linux-user/syscall.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 9be8e9530e..fccd6312ad 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -11561,7 +11561,8 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, #ifdef CONFIG_INOTIFY1 #if defined(TARGET_NR_inotify_init1) && defined(__NR_inotify_init1) case TARGET_NR_inotify_init1: - ret = get_errno(sys_inotify_init1(arg1)); + ret = get_errno(sys_inotify_init1(target_to_host_bitmask(arg1, + fcntl_flags_tbl))); break; #endif #endif -- cgit v1.2.3 From 77c6850fd7412289122bc21f3b01310c014d98d4 Mon Sep 17 00:00:00 2001 From: Lena Djokic Date: Thu, 24 Nov 2016 17:08:56 +0100 Subject: linux-user: Fix readahead Calculation of 64-bit offset was not correct for all cases. Signed-off-by: Lena Djokic Reviewed-by: Peter Maydell Signed-off-by: Riku Voipio --- linux-user/syscall.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index fccd6312ad..3e88dd129c 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -11228,7 +11228,7 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, arg3 = arg4; arg4 = arg5; } - ret = get_errno(readahead(arg1, ((off64_t)arg3 << 32) | arg2, arg4)); + ret = get_errno(readahead(arg1, target_offset64(arg2, arg3) , arg4)); #else ret = get_errno(readahead(arg1, arg2, arg3)); #endif -- cgit v1.2.3 From 2640077527aef6f799215b336e1ed212843d3753 Mon Sep 17 00:00:00 2001 From: Lena Djokic Date: Thu, 24 Nov 2016 17:08:58 +0100 Subject: linux-user: Fix mq_open If fourth argument is NULL it should be passed without using lock_user function which would, in that case, return EFAULT, and system call supports passing NULL as fourth argument. Signed-off-by: Lena Djokic Reviewed-by: Peter Maydell Signed-off-by: Riku Voipio --- linux-user/syscall.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 3e88dd129c..c1d6f76814 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -11583,17 +11583,22 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, case TARGET_NR_mq_open: { struct mq_attr posix_mq_attr; + struct mq_attr *pposix_mq_attr; int host_flags; host_flags = target_to_host_bitmask(arg2, fcntl_flags_tbl); - if (copy_from_user_mq_attr(&posix_mq_attr, arg4) != 0) { - goto efault; + pposix_mq_attr = NULL; + if (arg4) { + if (copy_from_user_mq_attr(&posix_mq_attr, arg4) != 0) { + goto efault; + } + pposix_mq_attr = &posix_mq_attr; } p = lock_user_string(arg1 - 1); if (!p) { goto efault; } - ret = get_errno(mq_open(p, host_flags, arg3, &posix_mq_attr)); + ret = get_errno(mq_open(p, host_flags, arg3, pposix_mq_attr)); unlock_user (p, arg1, 0); } break; -- cgit v1.2.3 From a1488b8661a26a44ef132d973cbd11baa840a2dc Mon Sep 17 00:00:00 2001 From: Laurent Vivier Date: Thu, 27 Oct 2016 03:00:49 +0200 Subject: linux-user: manage two new IFLA host message types Add QEMU_IFLA_GSO_MAX_SEGS and QEMU_IFLA_GSO_MAX_SIZE in host_to_target_data_link_rtattr(). These two messages are sent by the host kernel when we use "sudo". Found with qemu-m68k and Debian etch-m68k (sudo 1.6.8p12-4) and host kernel 4.7.6-200.fc24.x86_64 Signed-off-by: Laurent Vivier Message-Id: <1477530049-15676-1-git-send-email-laurent@vivier.eu> --- linux-user/syscall.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index c1d6f76814..d982a27a0c 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -2326,6 +2326,8 @@ static abi_long host_to_target_data_link_rtattr(struct rtattr *rtattr) case QEMU_IFLA_GROUP: case QEMU_IFLA_MASTER: case QEMU_IFLA_NUM_VF: + case QEMU_IFLA_GSO_MAX_SEGS: + case QEMU_IFLA_GSO_MAX_SIZE: u32 = RTA_DATA(rtattr); *u32 = tswap32(*u32); break; -- cgit v1.2.3 From 3148ff84044bd909c10b9ffe511157b774fc709b Mon Sep 17 00:00:00 2001 From: John Paul Adrian Glaubitz Date: Mon, 16 Jan 2017 23:31:40 +0100 Subject: linux-user: Update sh4 syscall definitions to match Linux 4.8 Signed-off-by: John Paul Adrian Glaubitz Reviewed-by: Laurent Vivier Message-Id: <20170116223140.18634-2-glaubitz@physik.fu-berlin.de> Signed-off-by: Laurent Vivier --- linux-user/sh4/syscall_nr.h | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/linux-user/sh4/syscall_nr.h b/linux-user/sh4/syscall_nr.h index e99f73589d..d6c1e059f6 100644 --- a/linux-user/sh4/syscall_nr.h +++ b/linux-user/sh4/syscall_nr.h @@ -372,3 +372,17 @@ #define TARGET_NR_process_vm_writev 366 #define TARGET_NR_kcmp 367 #define TARGET_NR_finit_module 368 +#define TARGET_NR_sched_getattr 369 +#define TARGET_NR_sched_setattr 370 +#define TARGET_NR_renameat2 371 +#define TARGET_NR_seccomp 372 +#define TARGET_NR_getrandom 373 +#define TARGET_NR_memfd_create 374 +#define TARGET_NR_bpf 375 +#define TARGET_NR_execveat 376 +#define TARGET_NR_userfaultfd 377 +#define TARGET_NR_membarrier 378 +#define TARGET_NR_mlock2 379 +#define TARGET_NR_copy_file_range 380 +#define TARGET_NR_preadv2 381 +#define TARGET_NR_pwritev2 382 -- cgit v1.2.3 From 23d208ce6da11679e8fa9ef69bae21d77bdc026e Mon Sep 17 00:00:00 2001 From: John Paul Adrian Glaubitz Date: Mon, 16 Jan 2017 23:49:15 +0100 Subject: linux-user: Update m68k syscall definitions to match Linux 4.6 Signed-off-by: John Paul Adrian Glaubitz Reviewed-by: Laurent Vivier Message-Id: <20170116224915.19430-2-glaubitz@physik.fu-berlin.de> Signed-off-by: Laurent Vivier --- linux-user/m68k/syscall_nr.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/linux-user/m68k/syscall_nr.h b/linux-user/m68k/syscall_nr.h index 4b50fb29b6..d239551b34 100644 --- a/linux-user/m68k/syscall_nr.h +++ b/linux-user/m68k/syscall_nr.h @@ -376,3 +376,6 @@ #define TARGET_NR_userfaultfd 373 #define TARGET_NR_membarrier 374 #define TARGET_NR_mlock2 375 +#define TARGET_NR_copy_file_range 376 +#define TARGET_NR_preadv2 377 +#define TARGET_NR_pwritev2 378 -- cgit v1.2.3 From 40c80b5e9e44dcf89a672ff02952368c75a3b07b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Thu, 19 Jan 2017 10:15:32 -0500 Subject: linux-user: fix settime old value location MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit old_value is the 4th argument of timer_settime(), not the 2nd. Signed-off-by: Marc-André Lureau Signed-off-by: Pranith Kumar Reviewed-by: Laurent Vivier Message-Id: <20170119151533.29328-1-bobby.prani@gmail.com> Signed-off-by: Laurent Vivier --- linux-user/syscall.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index d982a27a0c..f569f827fc 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -12043,10 +12043,14 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, timer_t htimer = g_posix_timers[timerid]; struct itimerspec hspec_new = {{0},}, hspec_old = {{0},}; - target_to_host_itimerspec(&hspec_new, arg3); + if (target_to_host_itimerspec(&hspec_new, arg3)) { + goto efault; + } ret = get_errno( timer_settime(htimer, arg2, &hspec_new, &hspec_old)); - host_to_target_itimerspec(arg2, &hspec_old); + if (arg4 && host_to_target_itimerspec(arg4, &hspec_old)) { + goto efault; + } } break; } -- cgit v1.2.3 From 35f2fd04ce8bd3eaad4b7790abb19fa2a56d7314 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Thu, 19 Jan 2017 10:15:33 -0500 Subject: linux-user: fix tcg/mmap test MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit tests/tcg/mmap test fails with values other than default target page size. When creating a map beyond EOF, extra anonymous pages are added up to the target page boundary. Currently, this operation is performed only when qemu_real_host_page_size < TARGET_PAGE_SIZE, but it should be performed if the configured page size (qemu -p) is larger than qemu_real_host_page_size too. Signed-off-by: Marc-André Lureau [pranith: dropped checkpatch changes] Signed-off-by: Pranith Kumar Reviewed-by: Alex Bennée Reviewed-by: Laurent Vivier Message-Id: <20170119151533.29328-2-bobby.prani@gmail.com> Signed-off-by: Laurent Vivier --- linux-user/mmap.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/linux-user/mmap.c b/linux-user/mmap.c index 4ed9cad412..4888f53139 100644 --- a/linux-user/mmap.c +++ b/linux-user/mmap.c @@ -426,9 +426,9 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int prot, may need to truncate file maps at EOF and add extra anonymous pages up to the targets page boundary. */ - if ((qemu_real_host_page_size < TARGET_PAGE_SIZE) - && !(flags & MAP_ANONYMOUS)) { - struct stat sb; + if ((qemu_real_host_page_size < qemu_host_page_size) && + !(flags & MAP_ANONYMOUS)) { + struct stat sb; if (fstat (fd, &sb) == -1) goto fail; -- cgit v1.2.3 From 26920a2961f7cc86bfbdb2184c0ec261d5629c2f Mon Sep 17 00:00:00 2001 From: Jose Ricardo Ziviani Date: Tue, 31 Jan 2017 20:05:17 -0200 Subject: linux-user: fill target sigcontext struct accordingly A segfault is noticed when an emulated program uses any of ucontext regs fields. Risu detected this issue in the following operation when handling a signal: ucontext_t *uc = (ucontext_t*)uc; uc->uc_mcontext.regs->nip += 4; but this works fine: uc->uc_mcontext.gp_regs[PT_NIP] += 4; This patch set regs to a valid location as well as other sigcontext fields. Signed-off-by: Jose Ricardo Ziviani Reviewed-by: Laurent Vivier Message-Id: <1485900317-3256-1-git-send-email-joserz@linux.vnet.ibm.com> Signed-off-by: Laurent Vivier --- linux-user/signal.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/linux-user/signal.c b/linux-user/signal.c index 5064de0c08..8209539555 100644 --- a/linux-user/signal.c +++ b/linux-user/signal.c @@ -5155,6 +5155,7 @@ static void setup_rt_frame(int sig, struct target_sigaction *ka, target_ulong rt_sf_addr, newsp = 0; int i, err = 0; #if defined(TARGET_PPC64) + struct target_sigcontext *sc = 0; struct image_info *image = ((TaskState *)thread_cpu->opaque)->info; #endif @@ -5183,6 +5184,10 @@ static void setup_rt_frame(int sig, struct target_sigaction *ka, #if defined(TARGET_PPC64) mctx = &rt_sf->uc.tuc_sigcontext.mcontext; trampptr = &rt_sf->trampoline[0]; + + sc = &rt_sf->uc.tuc_sigcontext; + __put_user(h2g(mctx), &sc->regs); + __put_user(sig, &sc->signal); #else mctx = &rt_sf->uc.tuc_mcontext; trampptr = (uint32_t *)&rt_sf->uc.tuc_mcontext.tramp; -- cgit v1.2.3 From 1e06262da615fcc0ddd658f96c5673a73b856fb6 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Sat, 4 Feb 2017 23:05:33 +0000 Subject: linux-user: Use correct types in load_symbols() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Coverity doesn't like the code in load_symbols() which assumes it can use 'int' for a variable that might hold an offset into the guest ELF file, because in a 64-bit guest that could overflow. Guest binaries with 2GB sections aren't very likely and this isn't a security issue because we fully trust the guest linux-user binary anyway, but we might as well use the right types, which will placate Coverity. Use uint64_t to hold section sizes, and bail out if the symbol table is too large rather than just overflowing an int. (Coverity issue CID1005776) Signed-off-by: Peter Maydell Reviewed-by: Laurent Vivier Reviewed-by: Philippe Mathieu-Daudé Message-Id: <1486249533-5260-1-git-send-email-peter.maydell@linaro.org> Signed-off-by: Laurent Vivier --- linux-user/elfload.c | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/linux-user/elfload.c b/linux-user/elfload.c index 8271227339..f520d7723c 100644 --- a/linux-user/elfload.c +++ b/linux-user/elfload.c @@ -2262,6 +2262,7 @@ static int symcmp(const void *s0, const void *s1) static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias) { int i, shnum, nsyms, sym_idx = 0, str_idx = 0; + uint64_t segsz; struct elf_shdr *shdr; char *strings = NULL; struct syminfo *s = NULL; @@ -2293,19 +2294,26 @@ static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias) goto give_up; } - i = shdr[str_idx].sh_size; - s->disas_strtab = strings = g_try_malloc(i); - if (!strings || pread(fd, strings, i, shdr[str_idx].sh_offset) != i) { + segsz = shdr[str_idx].sh_size; + s->disas_strtab = strings = g_try_malloc(segsz); + if (!strings || + pread(fd, strings, segsz, shdr[str_idx].sh_offset) != segsz) { goto give_up; } - i = shdr[sym_idx].sh_size; - syms = g_try_malloc(i); - if (!syms || pread(fd, syms, i, shdr[sym_idx].sh_offset) != i) { + segsz = shdr[sym_idx].sh_size; + syms = g_try_malloc(segsz); + if (!syms || pread(fd, syms, segsz, shdr[sym_idx].sh_offset) != segsz) { goto give_up; } - nsyms = i / sizeof(struct elf_sym); + if (segsz / sizeof(struct elf_sym) > INT_MAX) { + /* Implausibly large symbol table: give up rather than ploughing + * on with the number of symbols calculation overflowing + */ + goto give_up; + } + nsyms = segsz / sizeof(struct elf_sym); for (i = 0; i < nsyms; ) { bswap_sym(syms + i); /* Throw away entries which we do not need. */ -- cgit v1.2.3 From 21992cb6794a5f8edb0cee01bdfe0b03d0438dac Mon Sep 17 00:00:00 2001 From: Helge Deller Date: Sat, 11 Feb 2017 23:26:02 +0100 Subject: linux-user: Add FICLONE and FICLONERANGE ioctls Add missing FICLONE and FICLONERANGE ioctls. Signed-off-by: Helge Deller Reviewed-by: Laurent Vivier Message-Id: <20170211222602.GA6399@ls3530.fritz.box> Signed-off-by: Laurent Vivier --- linux-user/ioctls.h | 5 +++++ linux-user/syscall_defs.h | 4 ++++ linux-user/syscall_types.h | 6 ++++++ 3 files changed, 15 insertions(+) diff --git a/linux-user/ioctls.h b/linux-user/ioctls.h index 2f6e85bd78..e6997ff230 100644 --- a/linux-user/ioctls.h +++ b/linux-user/ioctls.h @@ -112,6 +112,11 @@ #ifdef FIBMAP IOCTL(FIBMAP, IOC_W | IOC_R, MK_PTR(TYPE_LONG)) #endif +#ifdef FICLONE + IOCTL(FICLONE, IOC_W, TYPE_INT) + IOCTL(FICLONERANGE, IOC_W, MK_PTR(MK_STRUCT(STRUCT_file_clone_range))) +#endif + #ifdef FIGETBSZ IOCTL(FIGETBSZ, IOC_R, MK_PTR(TYPE_LONG)) #endif diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h index 4442c22bc3..72ca5b11d6 100644 --- a/linux-user/syscall_defs.h +++ b/linux-user/syscall_defs.h @@ -1086,6 +1086,10 @@ struct target_pollfd { #define TARGET_FIBMAP TARGET_IO(0x00,1) /* bmap access */ #define TARGET_FIGETBSZ TARGET_IO(0x00,2) /* get the block size used for bmap */ + +#define TARGET_FICLONE TARGET_IOW(0x94, 9, int) +#define TARGET_FICLONERANGE TARGET_IOW(0x94, 13, struct file_clone_range) + /* Note that the ioctl numbers claim type "long" but the actual type * used by the kernel is "int". */ diff --git a/linux-user/syscall_types.h b/linux-user/syscall_types.h index 2b8c0c6df6..24631b09be 100644 --- a/linux-user/syscall_types.h +++ b/linux-user/syscall_types.h @@ -232,6 +232,12 @@ STRUCT(dm_target_versions, STRUCT(dm_target_msg, TYPE_ULONGLONG) /* sector */ +STRUCT(file_clone_range, + TYPE_LONGLONG, /* src_fd */ + TYPE_ULONGLONG, /* src_offset */ + TYPE_ULONGLONG, /* src_length */ + TYPE_ULONGLONG) /* dest_offset */ + STRUCT(fiemap_extent, TYPE_ULONGLONG, /* fe_logical */ TYPE_ULONGLONG, /* fe_physical */ -- cgit v1.2.3