[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] ef759f: linux-user: fd_trans_*_data() returns
|
From: |
GitHub |
|
Subject: |
[Qemu-commits] [qemu/qemu] ef759f: linux-user: fd_trans_*_data() returns the length |
|
Date: |
Wed, 20 Jul 2016 05:00:07 -0700 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: ef759f6fcc8ee892178e087f99e731bbedada4fb
https://github.com/qemu/qemu/commit/ef759f6fcc8ee892178e087f99e731bbedada4fb
Author: Laurent Vivier <address@hidden>
Date: 2016-07-19 (Tue, 19 Jul 2016)
Changed paths:
M linux-user/syscall.c
Log Message:
-----------
linux-user: fd_trans_*_data() returns the length
fd_trans_target_to_host_data() and fd_trans_host_to_target_data() must
return the length of processed data.
Signed-off-by: Laurent Vivier <address@hidden>
Signed-off-by: Riku Voipio <address@hidden>
Commit: 7d61d892327d803ae43d14500601e48031b4632c
https://github.com/qemu/qemu/commit/7d61d892327d803ae43d14500601e48031b4632c
Author: Laurent Vivier <address@hidden>
Date: 2016-07-19 (Tue, 19 Jul 2016)
Changed paths:
M linux-user/syscall.c
Log Message:
-----------
linux-user: fix netlink memory corruption
Netlink is byte-swapping data in the guest memory (it's bad).
It's ok when the data come from the host as they are generated by the
host.
But it doesn't work when data come from the guest: the guest can
try to reuse these data whereas they have been byte-swapped.
This is what happens in glibc:
glibc generates a sequence number in nlh.nlmsg_seq and calls
sendto() with this nlh. In sendto(), we byte-swap nlmsg.seq.
Later, after the recvmsg(), glibc compares nlh.nlmsg_seq with
sequence number given in return, and of course it fails (hangs),
because nlh.nlmsg_seq is not valid anymore.
The involved code in glibc is:
sysdeps/unix/sysv/linux/check_pf.c:make_request()
...
req.nlh.nlmsg_seq = time (NULL);
...
if (TEMP_FAILURE_RETRY (__sendto (fd, (void *) &req, sizeof (req), 0,
(struct sockaddr *) &nladdr,
sizeof (nladdr))) < 0)
<here req.nlh.nlmsg_seq has been byte-swapped>
...
do
{
...
ssize_t read_len = TEMP_FAILURE_RETRY (__recvmsg (fd, &msg, 0));
...
struct nlmsghdr *nlmh;
for (nlmh = (struct nlmsghdr *) buf;
NLMSG_OK (nlmh, (size_t) read_len);
nlmh = (struct nlmsghdr *) NLMSG_NEXT (nlmh, read_len))
{
<we compare nlmh->nlmsg_seq with corrupted req.nlh.nlmsg_seq>
if (nladdr.nl_pid != 0 || (pid_t) nlmh->nlmsg_pid != pid
|| nlmh->nlmsg_seq != req.nlh.nlmsg_seq)
continue;
...
else if (nlmh->nlmsg_type == NLMSG_DONE)
/* We found the end, leave the loop. */
done = true;
}
}
while (! done);
As we have a continue on "nlmh->nlmsg_seq != req.nlh.nlmsg_seq",
"done" cannot be set to "true" and we have an infinite loop.
It's why commands like "apt-get update" or "dnf update hangs".
Signed-off-by: Laurent Vivier <address@hidden>
Signed-off-by: Riku Voipio <address@hidden>
Commit: c35e1f9c87ca57b126cec1bdd56298f63939c420
https://github.com/qemu/qemu/commit/c35e1f9c87ca57b126cec1bdd56298f63939c420
Author: Laurent Vivier <address@hidden>
Date: 2016-07-19 (Tue, 19 Jul 2016)
Changed paths:
M linux-user/syscall.c
Log Message:
-----------
linux-user: add fd_trans helper in do_recvfrom()
Fix passwd using netlink audit.
Signed-off-by: Laurent Vivier <address@hidden>
Signed-off-by: Riku Voipio <address@hidden>
Commit: a82ea9393df18276f36e3202d2cc3ad73b980e92
https://github.com/qemu/qemu/commit/a82ea9393df18276f36e3202d2cc3ad73b980e92
Author: Laurent Vivier <address@hidden>
Date: 2016-07-19 (Tue, 19 Jul 2016)
Changed paths:
M linux-user/syscall.c
Log Message:
-----------
linux-user: convert sockaddr_ll from host to target
As we convert sockaddr for AF_PACKET family for sendto() (target to
host) we need also to convert this for getsockname() (host to target).
arping uses getsockname() to get the the interface address and uses
this address with sendto().
Tested with:
/sbin/arping -D -q -c2 -I eno1 192.168.122.88
...
getsockname(3, {sa_family=AF_PACKET, proto=0x806, if2,
pkttype=PACKET_HOST, addr(6)={1, 10c37b6b9a76}, [18]) = 0
...
sendto(3, "..." 28, 0,
{sa_family=AF_PACKET, proto=0x806, if2, pkttype=PACKET_HOST,
addr(6)={1, ffffffffffff}, 20) = 28
...
Signed-off-by: Laurent Vivier <address@hidden>
Signed-off-by: Riku Voipio <address@hidden>
Commit: c5dff280b8131b14a96b99c13c6a98d497c23271
https://github.com/qemu/qemu/commit/c5dff280b8131b14a96b99c13c6a98d497c23271
Author: Laurent Vivier <address@hidden>
Date: 2016-07-19 (Tue, 19 Jul 2016)
Changed paths:
M linux-user/syscall.c
Log Message:
-----------
linux-user: add nested netlink types
Nested types are used by the kernel to send link information and
protocol properties.
We can see following errors with "ip link show":
Unimplemented nested type 26
Unimplemented nested type 26
Unimplemented nested type 18
Unimplemented nested type 26
Unimplemented nested type 18
Unimplemented nested type 26
This patch implements nested types 18 (IFLA_LINKINFO) and
26 (IFLA_AF_SPEC).
Signed-off-by: Laurent Vivier <address@hidden>
Signed-off-by: Riku Voipio <address@hidden>
Commit: c815701e8169d25ae6f84183f4b593b9335a9798
https://github.com/qemu/qemu/commit/c815701e8169d25ae6f84183f4b593b9335a9798
Author: Peter Maydell <address@hidden>
Date: 2016-07-19 (Tue, 19 Jul 2016)
Changed paths:
M linux-user/syscall.c
Log Message:
-----------
linux-user: Check sigsetsize argument to syscalls
Many syscalls which take a sigset_t argument also take an argument
giving the size of the sigset_t. The kernel insists that this
matches its idea of the type size and fails EINVAL if it is not.
Implement this logic in QEMU. (This mostly just means some LTP test
cases which check error cases now pass.)
Signed-off-by: Peter Maydell <address@hidden>
Signed-off-by: Riku Voipio <address@hidden>
Reviewed-by: Laurent Vivier <address@hidden>
Commit: 884cdc48a98fca7d758a5934af526cd1fcedcc9e
https://github.com/qemu/qemu/commit/884cdc48a98fca7d758a5934af526cd1fcedcc9e
Author: Peter Maydell <address@hidden>
Date: 2016-07-19 (Tue, 19 Jul 2016)
Changed paths:
M linux-user/ioctls.h
M linux-user/linux_loop.h
M linux-user/syscall_defs.h
Log Message:
-----------
linux-user: Add loop control ioctls
Add support for the /dev/loop-control ioctls:
LOOP_CTL_ADD
LOOP_CTL_REMOVE
LOOP_CTL_GET_FREE
[RV: fixed to apply to new header guards]
Signed-off-by: Peter Maydell <address@hidden>
Reviewed-by: Laurent Vivier <address@hidden>
Signed-off-by: Riku Voipio <address@hidden>
Commit: a4a2c51f9006b9e6ee3b94f5ce87aed066f3446a
https://github.com/qemu/qemu/commit/a4a2c51f9006b9e6ee3b94f5ce87aed066f3446a
Author: Peter Maydell <address@hidden>
Date: 2016-07-19 (Tue, 19 Jul 2016)
Changed paths:
M linux-user/ioctls.h
Log Message:
-----------
linux-user: Correct type for BLKSSZGET
The BLKSSZGET ioctl takes an argument which is a pointer to an int.
We were incorrectly declaring it to take a pointer to a long, which
meant that we would incorrectly write to memory which we should not
if the guest is a 64-bit architecture.
In particular, kpartx uses this ioctl to write to an int on the
stack, which tends to result in it crashing immediately.
Reported-by: Chanho Park <address@hidden>
Reviewed-by: Laurent Vivier <address@hidden>
Signed-off-by: Peter Maydell <address@hidden>
Signed-off-by: Riku Voipio <address@hidden>
Commit: f2c2fb50be13aca9c449d9156817c915d9cd2acb
https://github.com/qemu/qemu/commit/f2c2fb50be13aca9c449d9156817c915d9cd2acb
Author: Peter Maydell <address@hidden>
Date: 2016-07-19 (Tue, 19 Jul 2016)
Changed paths:
M linux-user/ioctls.h
M linux-user/syscall_types.h
Log Message:
-----------
linux-user: Correct type for LOOP_GET_STATUS{,64} ioctls
The LOOP_GET_STATUS and LOOP_GET_STATUS64 ioctls were incorrectly
defined as IOC_W rather than IOC_R, which meant we weren't
correctly copying the information back from the kernel to the guest.
The loop_info64 structure definition was also missing a member
and using the wrong type for several 32-bit fields.
In particular, this meant that "kpartx -d image.img" didn't work
and "losetup -a" behaved strangely. Correct the ioctl type definitions.
Reported-by: Chanho Park <address@hidden>
Reviewed-by: Laurent Vivier <address@hidden>
Signed-off-by: Peter Maydell <address@hidden>
Signed-off-by: Riku Voipio <address@hidden>
Commit: 31efaef1d9b80b7803e22ef28ffc51df04db60ab
https://github.com/qemu/qemu/commit/31efaef1d9b80b7803e22ef28ffc51df04db60ab
Author: Peter Maydell <address@hidden>
Date: 2016-07-19 (Tue, 19 Jul 2016)
Changed paths:
M linux-user/signal.c
Log Message:
-----------
linux-user: Forget about synchronous signal once it is delivered
Commit 655ed67c2a248cf which switched synchronous signals to
benig recorded in ts->sync_signal rather than in a queue
with every other signal had a bug: we failed to clear
the flag indicating that a synchronous signal was pending
when we delivered it. This meant that we would take the signal
again and again every time the guest made a syscall.
(This is a bug introduced in my refactoring of Timothy Baldwin's
original code.)
Fix this by passing in the struct emulated_sigtable* to
handle_pending_signal(), so that we clear the pending flag
in the ts->sync_signal struct when handling a synchronous signal.
Signed-off-by: Peter Maydell <address@hidden>
Signed-off-by: Riku Voipio <address@hidden>
Commit: a1e221929f570cc84661158421f942b3328a9fd1
https://github.com/qemu/qemu/commit/a1e221929f570cc84661158421f942b3328a9fd1
Author: Peter Maydell <address@hidden>
Date: 2016-07-19 (Tue, 19 Jul 2016)
Changed paths:
M linux-user/syscall.c
Log Message:
-----------
linux-user: Handle short lengths in host_to_target_sockaddr()
If userspace specifies a short buffer for a target sockaddr,
the kernel will only copy in as much as it has space for
(or none at all if the length is zero) -- see the kernel
move_addr_to_user() function. Mimic this in QEMU's
host_to_target_sockaddr() routine.
In particular, this fixes a segfault running the LTP
recvfrom01 test, where the guest makes a recvfrom()
call with a bad buffer pointer and other parameters which
cause the kernel to set the addrlen to zero; because we
did not skip the attempt to swap the sa_family field we
segfaulted on the bad address.
Signed-off-by: Peter Maydell <address@hidden>
Signed-off-by: Riku Voipio <address@hidden>
Commit: 4715856a68b3bf868aca05f34f8f9edde64d7d6f
https://github.com/qemu/qemu/commit/4715856a68b3bf868aca05f34f8f9edde64d7d6f
Author: Peter Maydell <address@hidden>
Date: 2016-07-19 (Tue, 19 Jul 2016)
Changed paths:
M linux-user/ioctls.h
M linux-user/syscall_defs.h
Log Message:
-----------
linux-user: Add some new blk ioctls
Add some new blk ioctls (these are 0x12,119 through
to 0x12,127). Several of these are used by mke2fs; this silences
the warnings:
mke2fs 1.42.12 (29-Aug-2014)
Unsupported ioctl: cmd=0x127b
Unsupported ioctl: cmd=0x127a
warning: Unable to get device geometry for /dev/loop5
Unsupported ioctl: cmd=0x127c
Unsupported ioctl: cmd=0x127c
Unsupported ioctl: cmd=0x1277
Signed-off-by: Peter Maydell <address@hidden>
Signed-off-by: Riku Voipio <address@hidden>
Commit: 5b7f7bb39e1e517bd5c5e2d112549a7947b08ce0
https://github.com/qemu/qemu/commit/5b7f7bb39e1e517bd5c5e2d112549a7947b08ce0
Author: Timothy Pearson <address@hidden>
Date: 2016-07-19 (Tue, 19 Jul 2016)
Changed paths:
M linux-user/x86_64/termbits.h
Log Message:
-----------
linux-user: Fix terminal control ioctls
TIOCGPTN and related terminal control ioctls were not converted to the guest
ioctl format on x86_64 targets. Convert these ioctls to enable terminal
functionality on x86_64 guests.
Signed-off-by: Timothy Pearson <address@hidden>
Reviewed-by: Peter Maydell <address@hidden>
Signed-off-by: Riku Voipio <address@hidden>
Commit: 74642d091a9e7d5ece11ced18193e1f37d7e0553
https://github.com/qemu/qemu/commit/74642d091a9e7d5ece11ced18193e1f37d7e0553
Author: Laurent Vivier <address@hidden>
Date: 2016-07-19 (Tue, 19 Jul 2016)
Changed paths:
M linux-user/sparc/syscall_nr.h
Log Message:
-----------
linux-user: define missing sparc syscalls
NR_lookup_dcookie, NR_fadvise64, NR_fadvise64_64
Signed-off-by: Laurent Vivier <address@hidden>
Reviewed-by: Peter Maydell <address@hidden>
Signed-off-by: Riku Voipio <address@hidden>
Commit: a57f1f8f52aec5c83e63ddf274fd18e2eece5f2b
https://github.com/qemu/qemu/commit/a57f1f8f52aec5c83e63ddf274fd18e2eece5f2b
Author: Peter Maydell <address@hidden>
Date: 2016-07-19 (Tue, 19 Jul 2016)
Changed paths:
M linux-user/ioctls.h
Log Message:
-----------
linux-user: Fix type for SIOCATMARK ioctl
The SIOCATMARK ioctl takes an argument which should be a
pointer to an integer where the kernel will write the result.
We were incorrectly declaring it as TYPE_NULL which would mean
it would always fail (with EFAULT) when it should succeed.
Correct the type.
Signed-off-by: Peter Maydell <address@hidden>
Signed-off-by: Riku Voipio <address@hidden>
Commit: c4e1cbd437776f99d45d7d2ddd7543ee3883ac98
https://github.com/qemu/qemu/commit/c4e1cbd437776f99d45d7d2ddd7543ee3883ac98
Author: Peter Maydell <address@hidden>
Date: 2016-07-19 (Tue, 19 Jul 2016)
Changed paths:
M linux-user/aarch64/syscall_nr.h
Log Message:
-----------
linux-user: AArch64 has sync_file_range, not sync_file_range2
The AArch64 Linux ABI syscall 84 is sync_file_range, not
sync_file_range2 (in the kernel it uses the asm-generic
headers and does not define __ARCH_WANT_SYNC_FILE_RANGE2).
Update our TARGET_NR_* definitions accordingly.
This fixes the sync_file_range syscall which otherwise
gets its arguments in the wrong order.
Signed-off-by: Peter Maydell <address@hidden>
Signed-off-by: Riku Voipio <address@hidden>
Commit: 1ecfb24da987b862fd46a5b37292879952ea9e7d
https://github.com/qemu/qemu/commit/1ecfb24da987b862fd46a5b37292879952ea9e7d
Author: Peter Maydell <address@hidden>
Date: 2016-07-20 (Wed, 20 Jul 2016)
Changed paths:
M linux-user/aarch64/syscall_nr.h
M linux-user/ioctls.h
M linux-user/linux_loop.h
M linux-user/signal.c
M linux-user/sparc/syscall_nr.h
M linux-user/syscall.c
M linux-user/syscall_defs.h
M linux-user/syscall_types.h
M linux-user/x86_64/termbits.h
Log Message:
-----------
Merge remote-tracking branch 'remotes/riku/tags/pull-linux-user-20160719-2'
into staging
linux-user fixes before 2.7 freeze, fix commit message
# gpg: Signature made Tue 19 Jul 2016 14:18:54 BST
# gpg: using RSA key 0xB44890DEDE3C9BC0
# gpg: Good signature from "Riku Voipio <address@hidden>"
# gpg: aka "Riku Voipio <address@hidden>"
# Primary key fingerprint: FF82 03C8 C391 98AE 0581 41EF B448 90DE DE3C 9BC0
* remotes/riku/tags/pull-linux-user-20160719-2:
linux-user: AArch64 has sync_file_range, not sync_file_range2
linux-user: Fix type for SIOCATMARK ioctl
linux-user: define missing sparc syscalls
linux-user: Fix terminal control ioctls
linux-user: Add some new blk ioctls
linux-user: Handle short lengths in host_to_target_sockaddr()
linux-user: Forget about synchronous signal once it is delivered
linux-user: Correct type for LOOP_GET_STATUS{,64} ioctls
linux-user: Correct type for BLKSSZGET
linux-user: Add loop control ioctls
linux-user: Check sigsetsize argument to syscalls
linux-user: add nested netlink types
linux-user: convert sockaddr_ll from host to target
linux-user: add fd_trans helper in do_recvfrom()
linux-user: fix netlink memory corruption
linux-user: fd_trans_*_data() returns the length
Signed-off-by: Peter Maydell <address@hidden>
Compare: https://github.com/qemu/qemu/compare/5d3217340adc...1ecfb24da987
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] ef759f: linux-user: fd_trans_*_data() returns the length,
GitHub <=