[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 01/18] linux-user: Fix 'semop()' and 'semtimedop()' implementation
From: |
Laurent Vivier |
Subject: |
[PULL 01/18] linux-user: Fix 'semop()' and 'semtimedop()' implementation |
Date: |
Fri, 28 Aug 2020 15:37:36 +0200 |
From: Filip Bozuta <Filip.Bozuta@syrmia.com>
The implementations of syscalls 'semop()' and 'semtimedop()' in
file 'syscall.c' use function 'target_to_host_sembuf()' to convert
values of 'struct sembuf' from host to target. However, before this
conversion it should be check whether the number of semaphore operations
'nsops' is not bigger than maximum allowed semaphor operations per
syscall: 'SEMOPM'. In these cases, errno 'E2BIG' ("Arg list too long")
should be set. But the implementation will set errno 'EFAULT' ("Bad address")
in this case since the conversion from target to host in this case fails.
This was confirmed with the LTP test for 'semop()' ('ipc/semop/semop02') in
test case where 'nsops' is greater than SEMOPM with unaproppriate errno EFAULT:
semop02.c:130: FAIL: semop failed unexpectedly; expected: E2BIG: EFAULT (14)
This patch changes this by adding a check whether 'nsops' is bigger than
'SEMOPM' before the conversion function 'target_to_host_sembuf()' is called.
After the changes from this patch, the test works fine along with the other
LTP testcases for 'semop()'):
semop02.c:126: PASS: semop failed as expected: E2BIG (7)
Implementation notes:
A target value ('TARGET_SEMOPM') was added for 'SEMOPM' as to be sure
in case the value is not available for some targets.
Signed-off-by: Filip Bozuta <Filip.Bozuta@syrmia.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20200818180722.45089-1-Filip.Bozuta@syrmia.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
---
linux-user/syscall.c | 13 +++++++++++--
linux-user/syscall_defs.h | 2 ++
2 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index b4a7b605f3d4..5b3fce3dc0cb 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -3901,7 +3901,7 @@ static inline abi_long do_semtimedop(int semid,
unsigned nsops,
abi_long timeout)
{
- struct sembuf sops[nsops];
+ struct sembuf *sops;
struct timespec ts, *pts = NULL;
abi_long ret;
@@ -3912,8 +3912,16 @@ static inline abi_long do_semtimedop(int semid,
}
}
- if (target_to_host_sembuf(sops, ptr, nsops))
+ if (nsops > TARGET_SEMOPM) {
+ return -TARGET_E2BIG;
+ }
+
+ sops = g_new(struct sembuf, nsops);
+
+ if (target_to_host_sembuf(sops, ptr, nsops)) {
+ g_free(sops);
return -TARGET_EFAULT;
+ }
ret = -TARGET_ENOSYS;
#ifdef __NR_semtimedop
@@ -3925,6 +3933,7 @@ static inline abi_long do_semtimedop(int semid,
SEMTIMEDOP_IPC_ARGS(nsops, sops, (long)pts)));
}
#endif
+ g_free(sops);
return ret;
}
#endif
diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h
index 427a25f5bce5..9aa3bd724f0c 100644
--- a/linux-user/syscall_defs.h
+++ b/linux-user/syscall_defs.h
@@ -46,6 +46,8 @@
#define IPCOP_shmget 23
#define IPCOP_shmctl 24
+#define TARGET_SEMOPM 500
+
/*
* The following is for compatibility across the various Linux
* platforms. The i386 ioctl numbering scheme doesn't really enforce
--
2.26.2
- [PULL 11/18] linux-user: Add strace support for printing arguments for ioctls used for terminals and serial lines, (continued)
- [PULL 11/18] linux-user: Add strace support for printing arguments for ioctls used for terminals and serial lines, Laurent Vivier, 2020/08/27
- [PULL 16/18] linux-user: Add support for 'clock_nanosleep_time64()' and 'clock_adjtime64()', Laurent Vivier, 2020/08/27
- [PULL 10/18] linux-user: Add missing termbits types and values definitions, Laurent Vivier, 2020/08/27
- [PULL 13/18] linux-user: Fix 'mq_timedsend()' and 'mq_timedreceive()', Laurent Vivier, 2020/08/27
- [PULL 18/18] linux-user: Add support for utimensat_time64() and semtimedop_time64(), Laurent Vivier, 2020/08/27
- Re: [PULL 00/18] Linux user for 5.2 patches, Peter Maydell, 2020/08/28
- [PULL 00/18] Linux user for 5.2 patches, Laurent Vivier, 2020/08/28
- [PULL 07/18] linux-user: Add an api to print enumareted argument values with strace, Laurent Vivier, 2020/08/28
- [PULL 04/18] linux-user: Make cpu_env accessible in strace.c, Laurent Vivier, 2020/08/28
- [PULL 01/18] linux-user: Fix 'semop()' and 'semtimedop()' implementation,
Laurent Vivier <=
- [PULL 02/18] linux-user: Fix 'clock_nanosleep()' implementation, Laurent Vivier, 2020/08/28
- [PULL 09/18] linux-user: Add generic 'termbits.h' for some archs, Laurent Vivier, 2020/08/28
- [PULL 06/18] linux-user: Add strace support for printing arguments of syscalls used to lock and unlock memory, Laurent Vivier, 2020/08/28
- [PULL 03/18] linux-user: syscall: ioctls: support DRM_IOCTL_I915_GETPARAM, Laurent Vivier, 2020/08/28
- [PULL 08/18] linux-user: Add strace support for printing arguments of some clock and time functions, Laurent Vivier, 2020/08/28
- [PULL 05/18] linux-user: Add strace support for printing arguments of truncate()/ftruncate() and getsid(), Laurent Vivier, 2020/08/28
- [PULL 17/18] linux-user: Add support for 'rt_sigtimedwait_time64()' and 'sched_rr_get_interval_time64()', Laurent Vivier, 2020/08/28
- [PULL 12/18] linux-user: detect mismatched ELF ABI in qemu-mips[n32][el], Laurent Vivier, 2020/08/28
- [PULL 11/18] linux-user: Add strace support for printing arguments for ioctls used for terminals and serial lines, Laurent Vivier, 2020/08/28
- [PULL 16/18] linux-user: Add support for 'clock_nanosleep_time64()' and 'clock_adjtime64()', Laurent Vivier, 2020/08/28