Patchwork Don't zero out buffer in sched_getaffinity

login
register
mail settings
Submitter Mike McCormack
Date April 18, 2011, 7:03 a.m.
Message ID <4DABE25F.8000203@samsung.com>
Download mbox | patch
Permalink /patch/91696/
State New
Headers show

Comments

Mike McCormack - April 18, 2011, 7:03 a.m.
The kernel doesn't fill the buffer provided to sched_getaffinity
with zero bytes, so neither should QEMU.

Depends on sched_getaffinity buffer overrun fix, but submitted
separately to make rollback easier.

---
 linux-user/syscall.c |   13 +------------
 1 files changed, 1 insertions(+), 12 deletions(-)
Stefan Hajnoczi - April 18, 2011, 9:17 a.m.
On Mon, Apr 18, 2011 at 8:03 AM, Mike McCormack
<mj.mccormack@samsung.com> wrote:
> The kernel doesn't fill the buffer provided to sched_getaffinity
> with zero bytes, so neither should QEMU.
>
> Depends on sched_getaffinity buffer overrun fix, but submitted
> separately to make rollback easier.
>
> ---
>  linux-user/syscall.c |   13 +------------
>  1 files changed, 1 insertions(+), 12 deletions(-)

Reviewed-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>

Patch

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 19209a2..e2a5fd9 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -6382,20 +6382,9 @@  abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
             ret = get_errno(sys_sched_getaffinity(arg1, mask_size, mask));
 
             if (!is_error(ret)) {
-                if (arg2 > ret) {
-                    /* Zero out any extra space kernel didn't fill */
-                    unsigned long zero = arg2 - ret;
-                    p = alloca(zero);
-                    memset(p, 0, zero);
-                    if (copy_to_user(arg3 + ret, p, zero)) {
-                        goto efault;
-                    }
-                    arg2 = ret;
-                }
-                if (copy_to_user(arg3, mask, arg2)) {
+                if (copy_to_user(arg3, mask, ret)) {
                     goto efault;
                 }
-                ret = arg2;
             }
         }
         break;