Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/2194946/?format=api
{ "id": 2194946, "url": "http://patchwork.ozlabs.org/api/patches/2194946/?format=api", "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/patch/mvmpl6d9cgl.fsf@suse.de/", "project": { "id": 14, "url": "http://patchwork.ozlabs.org/api/projects/14/?format=api", "name": "QEMU Development", "link_name": "qemu-devel", "list_id": "qemu-devel.nongnu.org", "list_email": "qemu-devel@nongnu.org", "web_url": "", "scm_url": "", "webscm_url": "", "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<mvmpl6d9cgl.fsf@suse.de>", "list_archive_url": null, "date": "2026-02-10T09:26:02", "name": "linux-user: properly check flags in openat2", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "9f521832b8d52d3c228a6c9b9474b6b08024d6fb", "submitter": { "id": 37, "url": "http://patchwork.ozlabs.org/api/people/37/?format=api", "name": "Andreas Schwab", "email": "schwab@suse.de" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/qemu-devel/patch/mvmpl6d9cgl.fsf@suse.de/mbox/", "series": [ { "id": 491631, "url": "http://patchwork.ozlabs.org/api/series/491631/?format=api", "web_url": "http://patchwork.ozlabs.org/project/qemu-devel/list/?series=491631", "date": "2026-02-10T09:26:02", "name": "linux-user: properly check flags in openat2", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/491631/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2194946/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2194946/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=suse.de header.i=@suse.de header.a=rsa-sha256\n header.s=susede2_rsa header.b=gBrjMKoE;\n\tdkim=pass header.d=suse.de header.i=@suse.de header.a=ed25519-sha256\n header.s=susede2_ed25519 header.b=U0Jthf00;\n\tdkim=pass (1024-bit key) header.d=suse.de header.i=@suse.de\n header.a=rsa-sha256 header.s=susede2_rsa header.b=gBrjMKoE;\n\tdkim=neutral header.d=suse.de header.i=@suse.de header.a=ed25519-sha256\n header.s=susede2_ed25519 header.b=U0Jthf00;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=nongnu.org\n (client-ip=209.51.188.17; helo=lists.gnu.org;\n envelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n receiver=patchwork.ozlabs.org)", "smtp-out2.suse.de;\n\tnone" ], "Received": [ "from lists.gnu.org (lists.gnu.org [209.51.188.17])\n\t(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4f9GRD1N9fz1xtV\n\tfor <incoming@patchwork.ozlabs.org>; Tue, 10 Feb 2026 20:26:48 +1100 (AEDT)", "from localhost ([::1] helo=lists1p.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.90_1)\n\t(envelope-from <qemu-devel-bounces@nongnu.org>)\n\tid 1vpk0m-0000vB-18; Tue, 10 Feb 2026 04:26:24 -0500", "from eggs.gnu.org ([2001:470:142:3::10])\n by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)\n (Exim 4.90_1) (envelope-from <schwab@suse.de>) id 1vpk0a-0000cK-BN\n for qemu-devel@nongnu.org; Tue, 10 Feb 2026 04:26:12 -0500", "from smtp-out2.suse.de ([2a07:de40:b251:101:10:150:64:2])\n by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)\n (Exim 4.90_1) (envelope-from <schwab@suse.de>) id 1vpk0R-0001Dt-QE\n for qemu-devel@nongnu.org; Tue, 10 Feb 2026 04:26:11 -0500", "from hawking.nue2.suse.org (unknown [10.168.4.11])\n by smtp-out2.suse.de (Postfix) with ESMTP id 31C135BCD3;\n Tue, 10 Feb 2026 09:26:02 +0000 (UTC)", "by hawking.nue2.suse.org (Postfix, from userid 17005)\n id 231A04A0A2A; Tue, 10 Feb 2026 10:26:02 +0100 (CET)" ], "DKIM-Signature": [ "v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de;\n s=susede2_rsa;\n t=1770715562;\n h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:\n mime-version:mime-version:content-type:content-type;\n bh=PHWDImYY74MKpc3uiLbl38IhGD6EmOsNvNmAikAZizc=;\n b=gBrjMKoEmm2LI/EiopOqdNKslbz1yKGU8GV+S5IpyquO+dSJTv/viCsYbyK3zP3SqIt1sq\n 5Vr9PHkQMT15ZlojOB8qHY9+0ViIbiVagwmxmNh75Cm+xvxer+/7doYwNLYOd7c2J2qSXx\n MxzWVR8rTj/nn6Wuqd5eGTCO+KDLs8g=", "v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;\n s=susede2_ed25519; t=1770715562;\n h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:\n mime-version:mime-version:content-type:content-type;\n bh=PHWDImYY74MKpc3uiLbl38IhGD6EmOsNvNmAikAZizc=;\n b=U0Jthf00lKX203CrJUf2+BPm9aJ0RtdZgOercnYYWQm2APdqnCt+yhwU+8C8sLyBejKHYY\n CNPOR9EJXWi6frCg==", "v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de;\n s=susede2_rsa;\n t=1770715562;\n h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:\n mime-version:mime-version:content-type:content-type;\n bh=PHWDImYY74MKpc3uiLbl38IhGD6EmOsNvNmAikAZizc=;\n b=gBrjMKoEmm2LI/EiopOqdNKslbz1yKGU8GV+S5IpyquO+dSJTv/viCsYbyK3zP3SqIt1sq\n 5Vr9PHkQMT15ZlojOB8qHY9+0ViIbiVagwmxmNh75Cm+xvxer+/7doYwNLYOd7c2J2qSXx\n MxzWVR8rTj/nn6Wuqd5eGTCO+KDLs8g=", "v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;\n s=susede2_ed25519; t=1770715562;\n h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:\n mime-version:mime-version:content-type:content-type;\n bh=PHWDImYY74MKpc3uiLbl38IhGD6EmOsNvNmAikAZizc=;\n b=U0Jthf00lKX203CrJUf2+BPm9aJ0RtdZgOercnYYWQm2APdqnCt+yhwU+8C8sLyBejKHYY\n CNPOR9EJXWi6frCg==" ], "From": "Andreas Schwab <schwab@suse.de>", "To": "Laurent Vivier <laurent@vivier.eu> (odd fixer:Linux user)", "Subject": "[PATCH] linux-user: properly check flags in openat2", "CC": "Pierrick Bouvier <pierrick.bouvier@linaro.org>, qemu-devel@nongnu.org", "Date": "Tue, 10 Feb 2026 10:26:02 +0100", "Message-ID": "<mvmpl6d9cgl.fsf@suse.de>", "User-Agent": "Gnus/5.13 (Gnus v5.13)", "MIME-Version": "1.0", "Content-Type": "text/plain", "X-Spamd-Result": "default: False [-4.19 / 50.00]; BAYES_HAM(-3.00)[99.99%];\n NEURAL_HAM_LONG(-1.00)[-1.000];\n NEURAL_HAM_SHORT(-0.19)[-0.975]; RCVD_NO_TLS_LAST(0.10)[];\n MIME_GOOD(-0.10)[text/plain];\n DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519];\n FROM_HAS_DN(0.00)[]; FUZZY_RATELIMITED(0.00)[rspamd.com];\n MIME_TRACE(0.00)[0:+]; ARC_NA(0.00)[];\n URIBL_BLOCKED(0.00)[suse.de:mid,suse.de:email];\n RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[];\n FROM_EQ_ENVFROM(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[];\n MID_RHS_MATCH_FROM(0.00)[]; RCVD_COUNT_ONE(0.00)[1];\n DBL_BLOCKED_OPENRESOLVER(0.00)[suse.de:mid,suse.de:email]", "X-Spam-Score": "-4.19", "Received-SPF": "pass client-ip=2a07:de40:b251:101:10:150:64:2;\n envelope-from=schwab@suse.de; helo=smtp-out2.suse.de", "X-Spam_score_int": "-20", "X-Spam_score": "-2.1", "X-Spam_bar": "--", "X-Spam_report": "(-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,\n DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001,\n SPF_PASS=-0.001 autolearn=ham autolearn_force=no", "X-Spam_action": "no action", "X-BeenThere": "qemu-devel@nongnu.org", "X-Mailman-Version": "2.1.29", "Precedence": "list", "List-Id": "qemu development <qemu-devel.nongnu.org>", "List-Unsubscribe": "<https://lists.nongnu.org/mailman/options/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>", "List-Archive": "<https://lists.nongnu.org/archive/html/qemu-devel>", "List-Post": "<mailto:qemu-devel@nongnu.org>", "List-Help": "<mailto:qemu-devel-request@nongnu.org?subject=help>", "List-Subscribe": "<https://lists.nongnu.org/mailman/listinfo/qemu-devel>,\n <mailto:qemu-devel-request@nongnu.org?subject=subscribe>", "Errors-To": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org", "Sender": "qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org" }, "content": "target_to_host_bitmask truncates the bitmask to int. Check that the upper\nhalf of the flags do not have any bits set.\n\nSigned-off-by: Andreas Schwab <schwab@suse.de>\n---\n linux-user/syscall.c | 4 ++++\n 1 file changed, 4 insertions(+)", "diff": "diff --git a/linux-user/syscall.c b/linux-user/syscall.c\nindex 8469b81878..667aea6a03 100644\n--- a/linux-user/syscall.c\n+++ b/linux-user/syscall.c\n@@ -8822,6 +8822,10 @@ static int do_openat2(CPUArchState *cpu_env, abi_long dirfd,\n }\n return ret;\n }\n+ if (tswap64(how.flags) >> 32) {\n+ return -TARGET_EINVAL;\n+ }\n+\n pathname = lock_user_string(guest_pathname);\n if (!pathname) {\n return -TARGET_EFAULT;\n", "prefixes": [] }