From patchwork Fri Feb 10 11:34:05 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Hajnoczi X-Patchwork-Id: 140565 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [140.186.70.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTPS id 0F142B6F13 for ; Fri, 10 Feb 2012 22:34:44 +1100 (EST) Received: from localhost ([::1]:43705 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RvokQ-0001DR-8J for incoming@patchwork.ozlabs.org; Fri, 10 Feb 2012 06:34:38 -0500 Received: from eggs.gnu.org ([140.186.70.92]:60525) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RvokG-0001Cz-GY for qemu-devel@nongnu.org; Fri, 10 Feb 2012 06:34:32 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1RvokC-0006yB-4z for qemu-devel@nongnu.org; Fri, 10 Feb 2012 06:34:28 -0500 Received: from e06smtp13.uk.ibm.com ([195.75.94.109]:41664) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RvokB-0006xl-Q9 for qemu-devel@nongnu.org; Fri, 10 Feb 2012 06:34:24 -0500 Received: from /spool/local by e06smtp13.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Fri, 10 Feb 2012 11:34:21 -0000 Received: from d06nrmr1507.portsmouth.uk.ibm.com (9.149.38.233) by e06smtp13.uk.ibm.com (192.168.101.143) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Fri, 10 Feb 2012 11:34:20 -0000 Received: from d06av07.portsmouth.uk.ibm.com (d06av07.portsmouth.uk.ibm.com [9.149.37.248]) by d06nrmr1507.portsmouth.uk.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id q1ABYJBm2105522 for ; Fri, 10 Feb 2012 11:34:19 GMT Received: from d06av07.portsmouth.uk.ibm.com (loopback [127.0.0.1]) by d06av07.portsmouth.uk.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id q1ABYJfR021400 for ; Fri, 10 Feb 2012 04:34:19 -0700 Received: from localhost (stefanha-thinkpad.manchester-maybrook.uk.ibm.com [9.174.219.31] (may be forged)) by d06av07.portsmouth.uk.ibm.com (8.14.4/8.13.1/NCO v10.0 AVin) with ESMTP id q1ABYJfN021395; Fri, 10 Feb 2012 04:34:19 -0700 From: Stefan Hajnoczi To: Anthony Liguori Date: Fri, 10 Feb 2012 11:34:05 +0000 Message-Id: <1328873653-10554-2-git-send-email-stefanha@linux.vnet.ibm.com> X-Mailer: git-send-email 1.7.8.3 In-Reply-To: <1328873653-10554-1-git-send-email-stefanha@linux.vnet.ibm.com> References: <1328873653-10554-1-git-send-email-stefanha@linux.vnet.ibm.com> x-cbid: 12021011-2966-0000-0000-0000032F643A X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 195.75.94.109 Cc: qemu-devel@nongnu.org, Stefan Hajnoczi Subject: [Qemu-devel] [PATCH 1/9] linux-user: fail execve() if env/args too big X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org From: Ulrich Hecht If the host's page size is equal to or smaller than the target's, native execve() will fail appropriately with E2BIG if called with too big an environment for the target to handle. It may falsely succeed, however, if the host's page size is bigger, and feed the executed target process an environment that is too big for it to handle, at which point QEMU barfs and exits, confusing procmail's autoconf script and causing the build to fail. This patch makes sure that execve() will return E2BIG if the environment is too large for the target. Signed-off-by: Ulrich Hecht Signed-off-by: Stefan Hajnoczi --- linux-user/syscall.c | 9 +++++++++ 1 files changed, 9 insertions(+), 0 deletions(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index ee8899e..e868ec6 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -4949,6 +4949,7 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, abi_ulong guest_envp; abi_ulong addr; char **q; + int total_size = 0; argc = 0; guest_argp = arg2; @@ -4980,6 +4981,7 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, break; if (!(*q = lock_user_string(addr))) goto execve_efault; + total_size += strlen(*q) + 1; } *q = NULL; @@ -4991,9 +4993,16 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, break; if (!(*q = lock_user_string(addr))) goto execve_efault; + total_size += strlen(*q) + 1; } *q = NULL; + /* This case will not be caught by the host's execve() if its + page size is bigger than the target's. */ + if (total_size > MAX_ARG_PAGES * TARGET_PAGE_SIZE) { + ret = -TARGET_E2BIG; + goto execve_end; + } if (!(p = lock_user_string(arg1))) goto execve_efault; ret = get_errno(execve(p, argp, envp));