diff options
author | Richard Henderson <richard.henderson@linaro.org> | 2022-07-08 20:45:32 +0530 |
---|---|---|
committer | Peter Maydell <peter.maydell@linaro.org> | 2022-07-11 13:43:51 +0100 |
commit | affb1a50b95b0d523868db759038bb0ff915a906 (patch) | |
tree | 1e123460f918a47d03bd21b99550497e0b8188ca /linux-user/aarch64 | |
parent | 5726597c3bab1653c8707ec964832eac46bdea37 (diff) | |
download | qemu-affb1a50b95b0d523868db759038bb0ff915a906.zip qemu-affb1a50b95b0d523868db759038bb0ff915a906.tar.gz qemu-affb1a50b95b0d523868db759038bb0ff915a906.tar.bz2 |
linux-user/aarch64: Do not allow duplicate or short sve records
In parse_user_sigframe, the kernel rejects duplicate sve records,
or records that are smaller than the header. We were silently
allowing these cases to pass, dropping the record.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220708151540.18136-38-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'linux-user/aarch64')
-rw-r--r-- | linux-user/aarch64/signal.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/linux-user/aarch64/signal.c b/linux-user/aarch64/signal.c index 8b352ab..8fbe98d 100644 --- a/linux-user/aarch64/signal.c +++ b/linux-user/aarch64/signal.c @@ -318,10 +318,13 @@ static int target_restore_sigframe(CPUARMState *env, break; case TARGET_SVE_MAGIC: + if (sve || size < sizeof(struct target_sve_context)) { + goto err; + } if (cpu_isar_feature(aa64_sve, env_archcpu(env))) { vq = sve_vq(env); sve_size = QEMU_ALIGN_UP(TARGET_SVE_SIG_CONTEXT_SIZE(vq), 16); - if (!sve && size == sve_size) { + if (size == sve_size) { sve = (struct target_sve_context *)ctx; break; } |