Patchwork Resend: linux-user/syscall.c - don't add GUEST_BASE to NULL pointer

login
register
mail settings
Submitter Jan-Simon Möller
Date Oct. 16, 2009, 9:55 p.m.
Message ID <200910162355.45511.dl9pf@gmx.de>
Download mbox | patch
Permalink /patch/36276/
State New
Headers show

Comments

Jan-Simon Möller - Oct. 16, 2009, 9:55 p.m.
This patch fixes the mount call. GUEST_BASE shouldn't be added to a NULL 
pointer on arg5 .
failing call: 
mount("rootfs", "/", 0x47a78, MS_MGC_VAL|MS_REMOUNT, 0x10000) = -1 EFAULT (Bad 
address)

correct call:
mount("rootfs", "/", 0x37ab0, MS_MGC_VAL|MS_REMOUNT, NULL) = 0


Signed-off-by:  Jan-Simon Möller  <dl9pf@gmx.de>
---
 linux-user/syscall.c |    8 ++++++--
 1 files changed, 6 insertions(+), 2 deletions(-)

+                                ret = get_errno(mount(p, p2, p3, (unsigned 
long)arg4, g2h(arg5)));
+                        }
                         unlock_user(p, arg1, 0);
                         unlock_user(p2, arg2, 0);
                         unlock_user(p3, arg3, 0);
Riku Voipio - Oct. 17, 2009, 8:36 a.m.
On Fri, Oct 16, 2009 at 11:55:45PM +0200, Jan-Simon Möller wrote:
> This patch fixes the mount call. GUEST_BASE shouldn't be added to a NULL 
> pointer on arg5 .
> failing call: 
> mount("rootfs", "/", 0x47a78, MS_MGC_VAL|MS_REMOUNT, 0x10000) = -1 EFAULT (Bad 
> address)

> correct call:
> mount("rootfs", "/", 0x37ab0, MS_MGC_VAL|MS_REMOUNT, NULL) = 0

The patch looks functionally correct, but your mailer has mangled it.

> Signed-off-by:  Jan-Simon Möller  <dl9pf@gmx.de>
> ---
>  linux-user/syscall.c |    8 ++++++--
>  1 files changed, 6 insertions(+), 2 deletions(-)
> 
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index 673eed4..5b2ec4f 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -4445,12 +4445,16 @@ abi_long do_syscall(void *cpu_env, int num, abi_long 
> arg1,
>                         p3 = lock_user_string(arg3);
>                          if (!p || !p2 || !p3)
>                              ret = -TARGET_EFAULT;
> -                        else
> +                        else {
>                              /* FIXME - arg5 should be locked, but it isn't 
> clear how to
>                               * do that since it's not guaranteed to be a 
> NULL-terminated
>                               * string.
>                               */
> -                            ret = get_errno(mount(p, p2, p3, (unsigned 
> long)arg4, g2h(arg5)));
> +                            if ( ! arg5 )
> +                                ret = get_errno(mount(p, p2, p3, (unsigned 
> long)arg4, NULL));
> +                            else
> +                                ret = get_errno(mount(p, p2, p3, (unsigned 
> long)arg4, g2h(arg5)));
> +                        }
>                          unlock_user(p, arg1, 0);
>                          unlock_user(p2, arg2, 0);
>                          unlock_user(p3, arg3, 0);
>

Patch

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 673eed4..5b2ec4f 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -4445,12 +4445,16 @@  abi_long do_syscall(void *cpu_env, int num, abi_long 
arg1,
                        p3 = lock_user_string(arg3);
                         if (!p || !p2 || !p3)
                             ret = -TARGET_EFAULT;
-                        else
+                        else {
                             /* FIXME - arg5 should be locked, but it isn't 
clear how to
                              * do that since it's not guaranteed to be a 
NULL-terminated
                              * string.
                              */
-                            ret = get_errno(mount(p, p2, p3, (unsigned 
long)arg4, g2h(arg5)));
+                            if ( ! arg5 )
+                                ret = get_errno(mount(p, p2, p3, (unsigned 
long)arg4, NULL));
+                            else