From patchwork Fri Feb 21 08:17:24 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Roth X-Patchwork-Id: 322491 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 141742C033B for ; Fri, 21 Feb 2014 19:42:37 +1100 (EST) Received: from localhost ([::1]:43065 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WGlgo-0003ns-UI for incoming@patchwork.ozlabs.org; Fri, 21 Feb 2014 03:42:34 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:47299) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WGlKH-0006eQ-S4 for qemu-devel@nongnu.org; Fri, 21 Feb 2014 03:19:27 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WGlK6-0001vB-18 for qemu-devel@nongnu.org; Fri, 21 Feb 2014 03:19:17 -0500 Received: from e37.co.us.ibm.com ([32.97.110.158]:58503) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WGlK5-0001v0-Qf for qemu-devel@nongnu.org; Fri, 21 Feb 2014 03:19:05 -0500 Received: from /spool/local by e37.co.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Fri, 21 Feb 2014 01:19:05 -0700 Received: from d03dlp02.boulder.ibm.com (9.17.202.178) by e37.co.us.ibm.com (192.168.1.137) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Fri, 21 Feb 2014 01:19:04 -0700 Received: from b03cxnp07028.gho.boulder.ibm.com (b03cxnp07028.gho.boulder.ibm.com [9.17.130.15]) by d03dlp02.boulder.ibm.com (Postfix) with ESMTP id 75CE83E4004E; Fri, 21 Feb 2014 01:19:03 -0700 (MST) Received: from d03av04.boulder.ibm.com (d03av04.boulder.ibm.com [9.17.195.170]) by b03cxnp07028.gho.boulder.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id s1L8IWiE8782246; Fri, 21 Feb 2014 09:18:32 +0100 Received: from d03av04.boulder.ibm.com (loopback [127.0.0.1]) by d03av04.boulder.ibm.com (8.14.4/8.14.4/NCO v10.0 AVout) with ESMTP id s1L8J3pm001271; Fri, 21 Feb 2014 01:19:03 -0700 Received: from localhost ([9.80.9.18]) by d03av04.boulder.ibm.com (8.14.4/8.14.4/NCO v10.0 AVin) with ESMTP id s1L8J2ov001229; Fri, 21 Feb 2014 01:19:02 -0700 From: Michael Roth To: qemu-devel@nongnu.org Date: Fri, 21 Feb 2014 02:17:24 -0600 Message-Id: <1392970647-21528-49-git-send-email-mdroth@linux.vnet.ibm.com> X-Mailer: git-send-email 1.7.9.5 In-Reply-To: <1392970647-21528-1-git-send-email-mdroth@linux.vnet.ibm.com> References: <1392970647-21528-1-git-send-email-mdroth@linux.vnet.ibm.com> X-TM-AS-MML: disable X-Content-Scanned: Fidelis XPS MAILER x-cbid: 14022108-7164-0000-0000-00000649011E X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.4.x-2.6.x [generic] X-Received-From: 32.97.110.158 Cc: lersek@redhat.com, qemu-stable@nongnu.org, Petar.Jovanovic@imgtec.com Subject: [Qemu-devel] [PATCH 48/51] linux-user: Fix trampoline code for CRIS X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org From: Stefan Weil __put_user can write bytes, words (2 bytes) or longwords (4 bytes). Here obviously words should have been written, but bytes were written, so values like 0x9c5f were truncated to 0x5f. Fix this by changing retcode from uint8_t to to uint16_t in target_signal_frame and also in the unused rt_signal_frame. This problem was reported by static code analysis (smatch). Cc: qemu-stable@nongnu.org Signed-off-by: Stefan Weil Acked-by: Riku Voipio Reviewed-by: Peter Maydell Tested-by: Edgar E. Iglesias Reviewed-by: Edgar E. Iglesias Signed-off-by: Edgar E. Iglesias (cherry picked from commit 8cfc114a2f293c40077d1bdb7500b29db359ca22) Signed-off-by: Michael Roth --- linux-user/signal.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/linux-user/signal.c b/linux-user/signal.c index 7751c47..544e77e 100644 --- a/linux-user/signal.c +++ b/linux-user/signal.c @@ -3653,7 +3653,7 @@ struct target_sigcontext { struct target_signal_frame { struct target_sigcontext sc; uint32_t extramask[TARGET_NSIG_WORDS - 1]; - uint8_t retcode[8]; /* Trampoline code. */ + uint16_t retcode[4]; /* Trampoline code. */ }; struct rt_signal_frame { @@ -3661,7 +3661,7 @@ struct rt_signal_frame { void *puc; siginfo_t info; struct ucontext uc; - uint8_t retcode[8]; /* Trampoline code. */ + uint16_t retcode[4]; /* Trampoline code. */ }; static void setup_sigcontext(struct target_sigcontext *sc, CPUCRISState *env) @@ -3739,8 +3739,8 @@ static void setup_frame(int sig, struct target_sigaction *ka, */ err |= __put_user(0x9c5f, frame->retcode+0); err |= __put_user(TARGET_NR_sigreturn, - frame->retcode+2); - err |= __put_user(0xe93d, frame->retcode+4); + frame->retcode + 1); + err |= __put_user(0xe93d, frame->retcode + 2); /* Save the mask. */ err |= __put_user(set->sig[0], &frame->sc.oldmask);