[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 06/40] linux-user: Check for overflow in access_ok
From: |
Peter Maydell |
Subject: |
[PULL 06/40] linux-user: Check for overflow in access_ok |
Date: |
Tue, 16 Feb 2021 16:16:24 +0000 |
From: Richard Henderson <richard.henderson@linaro.org>
Verify that addr + size - 1 does not wrap around.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210212184902.1251044-7-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
linux-user/qemu.h | 17 ++++++++++++-----
1 file changed, 12 insertions(+), 5 deletions(-)
diff --git a/linux-user/qemu.h b/linux-user/qemu.h
index 17aa9921657..441ba6a78bb 100644
--- a/linux-user/qemu.h
+++ b/linux-user/qemu.h
@@ -491,12 +491,19 @@ extern unsigned long guest_stack_size;
#define VERIFY_READ 0
#define VERIFY_WRITE 1 /* implies read access */
-static inline int access_ok(int type, abi_ulong addr, abi_ulong size)
+static inline bool access_ok(int type, abi_ulong addr, abi_ulong size)
{
- return guest_addr_valid(addr) &&
- (size == 0 || guest_addr_valid(addr + size - 1)) &&
- page_check_range((target_ulong)addr, size,
- (type == VERIFY_READ) ? PAGE_READ : (PAGE_READ |
PAGE_WRITE)) == 0;
+ if (!guest_addr_valid(addr)) {
+ return false;
+ }
+ if (size != 0 &&
+ (addr + size - 1 < addr ||
+ !guest_addr_valid(addr + size - 1))) {
+ return false;
+ }
+ return page_check_range((target_ulong)addr, size,
+ (type == VERIFY_READ) ? PAGE_READ :
+ (PAGE_READ | PAGE_WRITE)) == 0;
}
/* NOTE __get_user and __put_user use host pointers and don't check access.
--
2.20.1
- [PULL 00/40] target-arm queue, Peter Maydell, 2021/02/16
- [PULL 01/40] tcg: Introduce target-specific page data for user-only, Peter Maydell, 2021/02/16
- [PULL 03/40] exec: Use uintptr_t for guest_base, Peter Maydell, 2021/02/16
- [PULL 04/40] exec: Use uintptr_t in cpu_ldst.h, Peter Maydell, 2021/02/16
- [PULL 02/40] linux-user: Introduce PAGE_ANON, Peter Maydell, 2021/02/16
- [PULL 08/40] bsd-user: Tidy VERIFY_READ/VERIFY_WRITE, Peter Maydell, 2021/02/16
- [PULL 09/40] linux-user: Do not use guest_addr_valid for h2g_valid, Peter Maydell, 2021/02/16
- [PULL 05/40] exec: Improve types for guest_addr_valid, Peter Maydell, 2021/02/16
- [PULL 06/40] linux-user: Check for overflow in access_ok,
Peter Maydell <=
- [PULL 10/40] linux-user: Fix guest_addr_valid vs reserved_va, Peter Maydell, 2021/02/16
- [PULL 07/40] linux-user: Tidy VERIFY_READ/VERIFY_WRITE, Peter Maydell, 2021/02/16
- [PULL 11/40] exec: Introduce cpu_untagged_addr, Peter Maydell, 2021/02/16
- [PULL 12/40] exec: Use cpu_untagged_addr in g2h; split out g2h_untagged, Peter Maydell, 2021/02/16
- [PULL 13/40] linux-user: Explicitly untag memory management syscalls, Peter Maydell, 2021/02/16
- [PULL 14/40] linux-user: Use guest_range_valid in access_ok, Peter Maydell, 2021/02/16
- [PULL 15/40] exec: Rename guest_{addr,range}_valid to *_untagged, Peter Maydell, 2021/02/16
- [PULL 16/40] linux-user: Use cpu_untagged_addr in access_ok; split out *_untagged, Peter Maydell, 2021/02/16
- [PULL 17/40] linux-user: Move lock_user et al out of line, Peter Maydell, 2021/02/16
- [PULL 18/40] linux-user: Fix types in uaccess.c, Peter Maydell, 2021/02/16