umoven: detect invalid addresses

Do not silently truncate tracee addresses to current_wordsize.
After transition from long to kernel_ulong_t there should be no sign
extension issues with tracee addresses, and invalid addresses should
be printed properly.

* util.c (umoven): Check [SIZEOF_KERNEL_LONG_T > 4] instead
of [SIZEOF_LONG > 4], reject addresses that do not fit into
current_wordsize.
* tests/umoven-illptr.c: New file.
* tests/umoven-illptr.test: New test.
* tests/.gitignore: Add umoven-illptr.
* tests/Makefile.am (check_PROGRAMS): Likewise.
(DECODER_TESTS): Add umoven-illptr.test.

tests/.gitignore

@@ -338,6 +338,7 @@ uio
 umask
 umount
 umount2
+umoven-illptr
 umovestr
 umovestr-illptr
 umovestr2

tests/Makefile.am

@@ -398,6 +398,7 @@ check_PROGRAMS = \
 	umask \
 	umount \
 	umount2 \
+	umoven-illptr \
 	umovestr \
 	umovestr-illptr \
 	umovestr2 \
@@ -778,6 +779,7 @@ DECODER_TESTS = \
 	umask.test \
 	umount.test \
 	umount2.test \
+	umoven-illptr.test \
 	umovestr.test \
 	umovestr-illptr.test \
 	umovestr2.test \

tests/umoven-illptr.c

@@ -0,0 +1,57 @@
+/*
+ * Check decoding of invalid pointer by umoven.
+ *
+ * Copyright (c) 2016 Dmitry V. Levin <ldv@altlinux.org>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ *    derived from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "tests.h"
+#include <stdio.h>
+#include <time.h>
+#include <unistd.h>
+#include <asm/unistd.h>
+
+int
+main(void)
+{
+	if (F8ILL_KULONG_SUPPORTED) {
+		struct timespec ts = { 0, 0 };
+		const void *const p = tail_memdup(&ts, sizeof(ts));
+
+		long rc = syscall(__NR_nanosleep, p, NULL);
+		printf("nanosleep({tv_sec=0, tv_nsec=0}, NULL) = %s\n",
+		       sprintrc(rc));
+
+		const kernel_ulong_t ill = f8ill_ptr_to_kulong(p);
+		rc = syscall(__NR_nanosleep, ill, NULL);
+		printf("nanosleep(%#llx, NULL) = %s\n",
+		       (unsigned long long) ill, sprintrc(rc));
+
+		puts("+++ exited with 0 +++");
+		return 0;
+	} else {
+		return 77;
+	}
+}

tests/umoven-illptr.test

@@ -0,0 +1,6 @@
+#!/bin/sh
+
+# Check decoding of invalid pointer by umoven.
+. "${srcdir=.}/init.sh"
+
+run_strace_match_diff -a36 -e trace=nanosleep

util.c

@@ -1117,9 +1117,12 @@ umoven(struct tcb *const tcp, kernel_ulong_t addr, unsigned int len,
 		char x[sizeof(long)];
 	} u;
 
-#if SUPPORTED_PERSONALITIES > 1 && SIZEOF_LONG > 4
-	if (current_wordsize < sizeof(addr))
-		addr &= (1ul << 8 * current_wordsize) - 1;
+#if SIZEOF_KERNEL_LONG_T > 4 \
+ && (SIZEOF_LONG < SIZEOF_KERNEL_LONG_T || !defined current_wordsize)
+	if (current_wordsize < sizeof(addr)
+	    && (addr & (~ (kernel_ulong_t) -1U))) {
+		return -1;
+	}
 #endif
 
 	if (!process_vm_readv_not_supported) {