From patchwork Tue Jun 20 14:44:45 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 778364 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3wsVyN1BGQz9s4s for ; Wed, 21 Jun 2017 00:45:48 +1000 (AEST) Received: from localhost ([::1]:49187 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dNKPZ-0002fa-QM for incoming@patchwork.ozlabs.org; Tue, 20 Jun 2017 10:45:45 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:49257) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dNKOu-0002aZ-Hq for qemu-devel@nongnu.org; Tue, 20 Jun 2017 10:45:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dNKOo-0002Fo-O6 for qemu-devel@nongnu.org; Tue, 20 Jun 2017 10:45:04 -0400 Received: from orth.archaic.org.uk ([2001:8b0:1d0::2]:37303) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dNKOo-0002C4-Gd for qemu-devel@nongnu.org; Tue, 20 Jun 2017 10:44:58 -0400 Received: from pm215 by orth.archaic.org.uk with local (Exim 4.84_2) (envelope-from ) id 1dNKOe-0006k7-1g; Tue, 20 Jun 2017 15:44:48 +0100 From: Peter Maydell To: qemu-devel@nongnu.org Date: Tue, 20 Jun 2017 15:44:45 +0100 Message-Id: <1497969886-17773-2-git-send-email-peter.maydell@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1497969886-17773-1-git-send-email-peter.maydell@linaro.org> References: <1497969886-17773-1-git-send-email-peter.maydell@linaro.org> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:8b0:1d0::2 Subject: [Qemu-devel] [PATCH 1/2] risu_reginfo_arm.c: Fix handling of size values in sigframe X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?UTF-8?q?Alex=20Benn=C3=A9e?= , patches@linaro.org Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: "Qemu-devel" The code in reginfo_init_vfp() to parse the signal frame was mishandling the size counts: * the size includes the bytes for the magic and size fields, so the code to skip forward over unknown or undersize blocks was adding 4 more than it should * the size is in bytes but the "is this block too small" test was checking against an expected size in words This didn't cause any problems because the kernel happens to generate signal frames with the VFP section first. Signed-off-by: Peter Maydell Reviewed-by: Alex Bennée --- risu_reginfo_arm.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/risu_reginfo_arm.c b/risu_reginfo_arm.c index 0cb9087..b0d5da7 100644 --- a/risu_reginfo_arm.c +++ b/risu_reginfo_arm.c @@ -36,7 +36,12 @@ static void reginfo_init_vfp(struct reginfo *ri, ucontext_t *uc) unsigned long *rs = uc->uc_regspace; for (;;) { - switch (*rs++) { + unsigned long magic = *rs++; + unsigned long size = *rs++; + + size -= 8; /* Account for the magic/size fields */ + + switch (magic) { case 0: { /* We didn't find any VFP at all (probably a no-VFP @@ -57,11 +62,11 @@ static void reginfo_init_vfp(struct reginfo *ri, ucontext_t *uc) */ int i; /* Skip if it's smaller than we expected (should never happen!) */ - if (*rs < ((32 * 2) + 1)) { - rs += (*rs / 4); + if (size < ((32 * 2) + 1) * 4) { + rs += size / 4; break; } - rs++; + for (i = 0; i < 32; i++) { ri->fpregs[i] = *rs++; ri->fpregs[i] |= (uint64_t) (*rs++) << 32; @@ -86,7 +91,7 @@ static void reginfo_init_vfp(struct reginfo *ri, ucontext_t *uc) } default: /* Some other kind of block, ignore it */ - rs += (*rs / 4); + rs += size / 4; break; } }