From 24894f39c677a3fd28d0868010a0d50639d49095 Mon Sep 17 00:00:00 2001 From: Andreas Schwab Date: Tue, 12 Feb 2019 17:34:35 +0100 Subject: linux-user: fix recvmsg emulation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Set msg_flags in the returned struct msghdr. Signed-off-by: Andreas Schwab Reviewed-by: Laurent Vivier Reviewed-by: Philippe Mathieu-Daudé Message-Id: Signed-off-by: Laurent Vivier --- linux-user/syscall.c | 1 + 1 file changed, 1 insertion(+) (limited to 'linux-user/syscall.c') diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 5bbb72f3d5..f380048cbd 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -2759,6 +2759,7 @@ static abi_long do_sendrecvmsg_locked(int fd, struct target_msghdr *msgp, } if (!is_error(ret)) { msgp->msg_namelen = tswap32(msg.msg_namelen); + msgp->msg_flags = tswap32(msg.msg_flags); if (msg.msg_name != NULL && msg.msg_name != (void *)-1) { ret = host_to_target_sockaddr(tswapal(msgp->msg_name), msg.msg_name, msg.msg_namelen); -- cgit v1.2.3 From cd8133679f7e0e2c292f631f1c78b2452d2435c7 Mon Sep 17 00:00:00 2001 From: Andreas Schwab Date: Thu, 14 Feb 2019 12:43:40 +0100 Subject: linux-user: fix emulation of accept4/getpeername/getsockname/recvfrom syscalls System calls that return a socket address do so by writing the (possibly truncated) address into the provided buffer space, but setting the addrlen parameter to the actual size of the address. To determine how much to copy back to the target memory the emulation needs to remember the incoming value of the addrlen parameter, so that it doesn't write past the buffer limits. Signed-off-by: Andreas Schwab Reviewed-by: Laurent Vivier Message-Id: Signed-off-by: Laurent Vivier --- linux-user/syscall.c | 41 +++++++++++++++++++++++++---------------- 1 file changed, 25 insertions(+), 16 deletions(-) (limited to 'linux-user/syscall.c') diff --git a/linux-user/syscall.c b/linux-user/syscall.c index f380048cbd..5f72209deb 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -2847,7 +2847,7 @@ static abi_long do_sendrecvmmsg(int fd, abi_ulong target_msgvec, static abi_long do_accept4(int fd, abi_ulong target_addr, abi_ulong target_addrlen_addr, int flags) { - socklen_t addrlen; + socklen_t addrlen, ret_addrlen; void *addr; abi_long ret; int host_flags; @@ -2871,11 +2871,13 @@ static abi_long do_accept4(int fd, abi_ulong target_addr, addr = alloca(addrlen); - ret = get_errno(safe_accept4(fd, addr, &addrlen, host_flags)); + ret_addrlen = addrlen; + ret = get_errno(safe_accept4(fd, addr, &ret_addrlen, host_flags)); if (!is_error(ret)) { - host_to_target_sockaddr(target_addr, addr, addrlen); - if (put_user_u32(addrlen, target_addrlen_addr)) + host_to_target_sockaddr(target_addr, addr, MIN(addrlen, ret_addrlen)); + if (put_user_u32(ret_addrlen, target_addrlen_addr)) { ret = -TARGET_EFAULT; + } } return ret; } @@ -2884,7 +2886,7 @@ static abi_long do_accept4(int fd, abi_ulong target_addr, static abi_long do_getpeername(int fd, abi_ulong target_addr, abi_ulong target_addrlen_addr) { - socklen_t addrlen; + socklen_t addrlen, ret_addrlen; void *addr; abi_long ret; @@ -2900,11 +2902,13 @@ static abi_long do_getpeername(int fd, abi_ulong target_addr, addr = alloca(addrlen); - ret = get_errno(getpeername(fd, addr, &addrlen)); + ret_addrlen = addrlen; + ret = get_errno(getpeername(fd, addr, &ret_addrlen)); if (!is_error(ret)) { - host_to_target_sockaddr(target_addr, addr, addrlen); - if (put_user_u32(addrlen, target_addrlen_addr)) + host_to_target_sockaddr(target_addr, addr, MIN(addrlen, ret_addrlen)); + if (put_user_u32(ret_addrlen, target_addrlen_addr)) { ret = -TARGET_EFAULT; + } } return ret; } @@ -2913,7 +2917,7 @@ static abi_long do_getpeername(int fd, abi_ulong target_addr, static abi_long do_getsockname(int fd, abi_ulong target_addr, abi_ulong target_addrlen_addr) { - socklen_t addrlen; + socklen_t addrlen, ret_addrlen; void *addr; abi_long ret; @@ -2929,11 +2933,13 @@ static abi_long do_getsockname(int fd, abi_ulong target_addr, addr = alloca(addrlen); - ret = get_errno(getsockname(fd, addr, &addrlen)); + ret_addrlen = addrlen; + ret = get_errno(getsockname(fd, addr, &ret_addrlen)); if (!is_error(ret)) { - host_to_target_sockaddr(target_addr, addr, addrlen); - if (put_user_u32(addrlen, target_addrlen_addr)) + host_to_target_sockaddr(target_addr, addr, MIN(addrlen, ret_addrlen)); + if (put_user_u32(ret_addrlen, target_addrlen_addr)) { ret = -TARGET_EFAULT; + } } return ret; } @@ -3005,7 +3011,7 @@ static abi_long do_recvfrom(int fd, abi_ulong msg, size_t len, int flags, abi_ulong target_addr, abi_ulong target_addrlen) { - socklen_t addrlen; + socklen_t addrlen, ret_addrlen; void *addr; void *host_msg; abi_long ret; @@ -3023,10 +3029,12 @@ static abi_long do_recvfrom(int fd, abi_ulong msg, size_t len, int flags, goto fail; } addr = alloca(addrlen); + ret_addrlen = addrlen; ret = get_errno(safe_recvfrom(fd, host_msg, len, flags, - addr, &addrlen)); + addr, &ret_addrlen)); } else { addr = NULL; /* To keep compiler quiet. */ + addrlen = 0; /* To keep compiler quiet. */ ret = get_errno(safe_recvfrom(fd, host_msg, len, flags, NULL, 0)); } if (!is_error(ret)) { @@ -3039,8 +3047,9 @@ static abi_long do_recvfrom(int fd, abi_ulong msg, size_t len, int flags, } } if (target_addr) { - host_to_target_sockaddr(target_addr, addr, addrlen); - if (put_user_u32(addrlen, target_addrlen)) { + host_to_target_sockaddr(target_addr, addr, + MIN(addrlen, ret_addrlen)); + if (put_user_u32(ret_addrlen, target_addrlen)) { ret = -TARGET_EFAULT; goto fail; } -- cgit v1.2.3 From ba584f1de30e58b0d93cd81bd437271b894eefbf Mon Sep 17 00:00:00 2001 From: Andreas Schwab Date: Tue, 5 Mar 2019 17:45:05 +0100 Subject: linux-user: don't short-circuit read with zero length A zero-length read still needs to do the usual checks, thus it may return errors like EBADF. This makes the read syscall emulation consistent with the pread64 syscall emulation. Signed-off-by: Andreas Schwab Reviewed-by: Laurent Vivier Message-Id: Signed-off-by: Laurent Vivier --- linux-user/syscall.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'linux-user/syscall.c') diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 5f72209deb..9f7eb7d7a8 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -7009,8 +7009,8 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1, _exit(arg1); return 0; /* avoid warning */ case TARGET_NR_read: - if (arg3 == 0) { - return 0; + if (arg2 == 0 && arg3 == 0) { + return get_errno(safe_read(arg1, 0, 0)); } else { if (!(p = lock_user(VERIFY_WRITE, arg2, arg3, 0))) return -TARGET_EFAULT; -- cgit v1.2.3 From b78c522ab949582b5e580e15d6ebf979845ccc94 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= Date: Tue, 5 Mar 2019 16:15:00 +0100 Subject: linux-user: fix "may be used uninitialized" warnings MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes: /home/elmarco/src/qemu/linux-user/syscall.c: In function ‘do_ioctl_rt’: /home/elmarco/src/qemu/linux-user/syscall.c:4773:9: error: ‘host_rt_dev_ptr’ may be used uninitialized in this function [-Werror=maybe-uninitialized] if (*host_rt_dev_ptr != 0) { ^~~~~~~~~~~~~~~~ /home/elmarco/src/qemu/linux-user/syscall.c:4774:9: error: ‘target_rt_dev_ptr’ may be used uninitialized in this function [-Werror=maybe-uninitialized] unlock_user((void *)*host_rt_dev_ptr, ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ *target_rt_dev_ptr, 0); ~~~~~~~~~~~~~~~~~~~~~~ Based on previous discussion from patch "linux-users/syscall: make do_ioctl_rt safer" by Alex Bennée. Signed-off-by: Marc-André Lureau Reviewed-by: Laurent Vivier Message-Id: <20190305151500.25038-1-marcandre.lureau@redhat.com> Signed-off-by: Laurent Vivier --- linux-user/syscall.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'linux-user/syscall.c') diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 9f7eb7d7a8..208fd1813d 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -4733,8 +4733,8 @@ static abi_long do_ioctl_rt(const IOCTLEntry *ie, uint8_t *buf_temp, const int *dst_offsets, *src_offsets; int target_size; void *argptr; - abi_ulong *target_rt_dev_ptr; - unsigned long *host_rt_dev_ptr; + abi_ulong *target_rt_dev_ptr = NULL; + unsigned long *host_rt_dev_ptr = NULL; abi_long ret; int i; @@ -4780,6 +4780,9 @@ static abi_long do_ioctl_rt(const IOCTLEntry *ie, uint8_t *buf_temp, unlock_user(argptr, arg, 0); ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp)); + + assert(host_rt_dev_ptr != NULL); + assert(target_rt_dev_ptr != NULL); if (*host_rt_dev_ptr != 0) { unlock_user((void *)*host_rt_dev_ptr, *target_rt_dev_ptr, 0); -- cgit v1.2.3