From patchwork Sun Mar 28 00:53:53 2010
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: Fix page_check_range() wrap-around check when len=0.
Date: Sat, 27 Mar 2010 14:53:53 -0000
From: takasi-y@ops.dti.ne.jp
X-Patchwork-Id: 48766
Message-Id: <201003280053.o2S0rrvk014831@smtp12.dti.ne.jp>
To: qemu-devel@nongnu.org
Cc: Richard Henderson <rth@twiddle.net>

Fix page_check_range() wrap-around check when len=0.

write(1,"",0) on linux-user emulation should be OK, but fails.
This is a regression brought by 376a7909.

This patch fixes it at the last of the calling path shown below,
  do_syscall:write -> access_ok() -> page_check_range(),
as linux-kernel does. For example, x86 does it at follows,
  sys_write() -> access_ok() -> __range_not_ok().
This implies calling page_check_range() with len=0 is valid.

Signed-off-by: Takashi YOSHII <takasi-y@ops.dti.ne.jp>

---
exec.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/exec.c b/exec.c
index 14767b7..26cd8b9 100644
--- a/exec.c
+++ b/exec.c
@@ -2410,7 +2410,7 @@ int page_check_range(target_ulong start, target_ulong len, int flags)
     assert(start < ((abi_ulong)1 << L1_MAP_ADDR_SPACE_BITS));
 #endif
 
-    if (start + len - 1 < start) {
+    if (len > 0 && start + len -1 < start) {
         /* We've wrapped around.  */
         return -1;
     }