On 01/23/2018 12:00 PM, Laurent Vivier wrote: > Le 23/01/2018 à 15:52, Philippe Mathieu-Daudé a écrit : >> Currently recvfrom() is restricted to handle 32-bit pointers, >> remove this limit for 64-bit hosts. >> >> This fixes: >> >> 31572 socket(AF_NETLINK, SOCK_RAW, NETLINK_AUDIT) = 3 >> ... >> 31572 sendto(3, {{len=124, type=0x454 /* NLMSG_??? */, >> flags=NLM_F_REQUEST|NLM_F_ACK, seq=1, pid=0}, "op=test:message acct=\"?\" >> exe=\"/tmp/nl-bad-addr\" hostname=localhost addr=? terminal=/dev/pts/2 >> res=success\0\0\0"}, 124, 0, 0xfffffa3897d0, 0) = 124 >> 31572 ppoll([{fd=3, events=POLLIN}], 1, {tv_sec=0, tv_nsec=500000000}, >> NULL, 0) = 1 ([{fd=3, revents=POLLIN}], left {tv_sec=0, tv_nsec=499993180}) >> 31572 recvfrom(3, 0x112a50eb4, 8988, MSG_PEEK|MSG_DONTWAIT, >> 0xfffffa3897e0, 0x42) = -1 EFAULT (Bad address) >> >> Reported-by: Guido Günther <a...@sigxcpu.org> >> Message-id: 20180123120541.ga14...@bogon.m.sigxcpu.org >> Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org> >> --- >> linux-user/syscall.c | 4 ++-- >> 1 file changed, 2 insertions(+), 2 deletions(-) >> >> diff --git a/linux-user/syscall.c b/linux-user/syscall.c >> index 11c9116c4a..28805b1785 100644 >> --- a/linux-user/syscall.c >> +++ b/linux-user/syscall.c >> @@ -4032,7 +4032,7 @@ static abi_long do_recvfrom(int fd, abi_ulong msg, >> size_t len, int flags, >> if (!host_msg) >> return -TARGET_EFAULT; >> if (target_addr) { >> - if (get_user_u32(addrlen, target_addrlen)) { >> + if (get_user_ual(addrlen, target_addrlen)) { >> ret = -TARGET_EFAULT; >> goto fail; >> } >> @@ -4053,7 +4053,7 @@ static abi_long do_recvfrom(int fd, abi_ulong msg, >> size_t len, int flags, >> } >> if (target_addr) { >> host_to_target_sockaddr(target_addr, addr, addrlen); >> - if (put_user_u32(addrlen, target_addrlen)) { >> + if (put_user_ual(addrlen, target_addrlen)) { >> ret = -TARGET_EFAULT; >> goto fail; >> } >> > > I think there are more problems like that (accept4(), do_getpeername(), > do_getsockname()). > > Could you check and fix?
I'm currently reviewing those ;) I sent this patch first so Guido could start trying. > > Thanks, > Laurent >