[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v7 06/31] linux-user: Check for overflow in access_ok
From: |
Richard Henderson |
Subject: |
[PATCH v7 06/31] linux-user: Check for overflow in access_ok |
Date: |
Fri, 12 Feb 2021 10:48:37 -0800 |
Verify that addr + size - 1 does not wrap around.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
---
linux-user/qemu.h | 17 ++++++++++++-----
1 file changed, 12 insertions(+), 5 deletions(-)
diff --git a/linux-user/qemu.h b/linux-user/qemu.h
index 17aa992165..441ba6a78b 100644
--- a/linux-user/qemu.h
+++ b/linux-user/qemu.h
@@ -491,12 +491,19 @@ extern unsigned long guest_stack_size;
#define VERIFY_READ 0
#define VERIFY_WRITE 1 /* implies read access */
-static inline int access_ok(int type, abi_ulong addr, abi_ulong size)
+static inline bool access_ok(int type, abi_ulong addr, abi_ulong size)
{
- return guest_addr_valid(addr) &&
- (size == 0 || guest_addr_valid(addr + size - 1)) &&
- page_check_range((target_ulong)addr, size,
- (type == VERIFY_READ) ? PAGE_READ : (PAGE_READ |
PAGE_WRITE)) == 0;
+ if (!guest_addr_valid(addr)) {
+ return false;
+ }
+ if (size != 0 &&
+ (addr + size - 1 < addr ||
+ !guest_addr_valid(addr + size - 1))) {
+ return false;
+ }
+ return page_check_range((target_ulong)addr, size,
+ (type == VERIFY_READ) ? PAGE_READ :
+ (PAGE_READ | PAGE_WRITE)) == 0;
}
/* NOTE __get_user and __put_user use host pointers and don't check access.
--
2.25.1
- [PATCH v7 08/31] bsd-user: Tidy VERIFY_READ/VERIFY_WRITE, (continued)
- [PATCH v7 08/31] bsd-user: Tidy VERIFY_READ/VERIFY_WRITE, Richard Henderson, 2021/02/12
- [PATCH v7 13/31] linux-user: Explicitly untag memory management syscalls, Richard Henderson, 2021/02/12
- [PATCH v7 09/31] linux-user: Do not use guest_addr_valid for h2g_valid, Richard Henderson, 2021/02/12
- [PATCH v7 07/31] linux-user: Tidy VERIFY_READ/VERIFY_WRITE, Richard Henderson, 2021/02/12
- [PATCH v7 12/31] exec: Use cpu_untagged_addr in g2h; split out g2h_untagged, Richard Henderson, 2021/02/12
- [PATCH v7 15/31] exec: Rename guest_{addr,range}_valid to *_untagged, Richard Henderson, 2021/02/12
- [PATCH v7 11/31] exec: Introduce cpu_untagged_addr, Richard Henderson, 2021/02/12
- [PATCH v7 10/31] linux-user: Fix guest_addr_valid vs reserved_va, Richard Henderson, 2021/02/12
- [PATCH v7 22/31] target/arm: Use the proper TBI settings for linux-user, Richard Henderson, 2021/02/12
- [PATCH v7 19/31] linux-user: Handle tags in lock_user/unlock_user, Richard Henderson, 2021/02/12
- [PATCH v7 06/31] linux-user: Check for overflow in access_ok,
Richard Henderson <=
- [PATCH v7 16/31] linux-user: Use cpu_untagged_addr in access_ok; split out *_untagged, Richard Henderson, 2021/02/12
- [PATCH v7 17/31] linux-user: Move lock_user et al out of line, Richard Henderson, 2021/02/12
- [PATCH v7 14/31] linux-user: Use guest_range_valid in access_ok, Richard Henderson, 2021/02/12
- [PATCH v7 20/31] linux-user/aarch64: Implement PR_TAGGED_ADDR_ENABLE, Richard Henderson, 2021/02/12
- [PATCH v7 18/31] linux-user: Fix types in uaccess.c, Richard Henderson, 2021/02/12
- [PATCH v7 24/31] linux-user/aarch64: Implement PROT_MTE, Richard Henderson, 2021/02/12
- [PATCH v7 27/31] linux-user/aarch64: Signal SEGV_MTESERR for sync tag check fault, Richard Henderson, 2021/02/12