aboutsummaryrefslogtreecommitdiff
path: root/linux-user/syscall.c
diff options
context:
space:
mode:
authorFilip Bozuta <Filip.Bozuta@syrmia.com>2020-08-18 20:07:22 +0200
committerLaurent Vivier <laurent@vivier.eu>2020-08-27 12:29:49 +0200
commit0a7ec8493d506d82aa17bf0ab84231e0a92f8975 (patch)
tree10636c6a8a4c5191e4d70f6fda8b5a2b2c1121d2 /linux-user/syscall.c
parent25f6dc28a3a8dd231c2c092a0e65bd796353c769 (diff)
downloadqemu-0a7ec8493d506d82aa17bf0ab84231e0a92f8975.zip
qemu-0a7ec8493d506d82aa17bf0ab84231e0a92f8975.tar.gz
qemu-0a7ec8493d506d82aa17bf0ab84231e0a92f8975.tar.bz2
linux-user: Fix 'semop()' and 'semtimedop()' implementation
The implementations of syscalls 'semop()' and 'semtimedop()' in file 'syscall.c' use function 'target_to_host_sembuf()' to convert values of 'struct sembuf' from host to target. However, before this conversion it should be check whether the number of semaphore operations 'nsops' is not bigger than maximum allowed semaphor operations per syscall: 'SEMOPM'. In these cases, errno 'E2BIG' ("Arg list too long") should be set. But the implementation will set errno 'EFAULT' ("Bad address") in this case since the conversion from target to host in this case fails. This was confirmed with the LTP test for 'semop()' ('ipc/semop/semop02') in test case where 'nsops' is greater than SEMOPM with unaproppriate errno EFAULT: semop02.c:130: FAIL: semop failed unexpectedly; expected: E2BIG: EFAULT (14) This patch changes this by adding a check whether 'nsops' is bigger than 'SEMOPM' before the conversion function 'target_to_host_sembuf()' is called. After the changes from this patch, the test works fine along with the other LTP testcases for 'semop()'): semop02.c:126: PASS: semop failed as expected: E2BIG (7) Implementation notes: A target value ('TARGET_SEMOPM') was added for 'SEMOPM' as to be sure in case the value is not available for some targets. Signed-off-by: Filip Bozuta <Filip.Bozuta@syrmia.com> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20200818180722.45089-1-Filip.Bozuta@syrmia.com> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Diffstat (limited to 'linux-user/syscall.c')
-rw-r--r--linux-user/syscall.c13
1 files changed, 11 insertions, 2 deletions
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index b4a7b60..5b3fce3 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -3901,7 +3901,7 @@ static inline abi_long do_semtimedop(int semid,
unsigned nsops,
abi_long timeout)
{
- struct sembuf sops[nsops];
+ struct sembuf *sops;
struct timespec ts, *pts = NULL;
abi_long ret;
@@ -3912,8 +3912,16 @@ static inline abi_long do_semtimedop(int semid,
}
}
- if (target_to_host_sembuf(sops, ptr, nsops))
+ if (nsops > TARGET_SEMOPM) {
+ return -TARGET_E2BIG;
+ }
+
+ sops = g_new(struct sembuf, nsops);
+
+ if (target_to_host_sembuf(sops, ptr, nsops)) {
+ g_free(sops);
return -TARGET_EFAULT;
+ }
ret = -TARGET_ENOSYS;
#ifdef __NR_semtimedop
@@ -3925,6 +3933,7 @@ static inline abi_long do_semtimedop(int semid,
SEMTIMEDOP_IPC_ARGS(nsops, sops, (long)pts)));
}
#endif
+ g_free(sops);
return ret;
}
#endif