Le 26/01/2022 à 22:25, Patrick Venture a écrit :
Linux kernel now checks the read permissions before validating `how`Suggested-by: Laurent Vivier <laur...@vivier.eu> Signed-off-by: Patrick Venture <vent...@google.com> Reviewed-by: Laurent Vivier <laur...@vivier.eu> --- linux-user/syscall.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 34bd819e38..210483d4e4 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -9465,6 +9465,13 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1, int how;if (arg2) {+ p = lock_user(VERIFY_READ, arg2, sizeof(target_sigset_t), 1)); + if (!p) { + return -TARGET_EFAULT; + } + target_to_host_old_sigset(&set, p); + unlock_user(p, arg2, 0); + set_ptr = &set; switch (arg1) { case TARGET_SIG_BLOCK: how = SIG_BLOCK; @@ -9478,11 +9485,6 @@ static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1, default: return -TARGET_EINVAL; } - if (!(p = lock_user(VERIFY_READ, arg2, sizeof(target_sigset_t), 1))) - return -TARGET_EFAULT; - target_to_host_old_sigset(&set, p); - unlock_user(p, arg2, 0); - set_ptr = &set; } else { how = 0; set_ptr = NULL;
Applied to my linux-user-for-7.0 branch. Thanks, Laurent
