| Message ID | 54C20C26.6010204@sunrus.com.cn |
|---|---|
| State | New |
| Headers | show |
On 23 January 2015 at 08:53, Chen Gang S <gang.chen@sunrus.com.cn> wrote: > In abi_long do_ioctl_dm(), after calls lock_user(), it does not call > unlock_user() before go to failure return in default case. > > Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com> > --- > linux-user/syscall.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/linux-user/syscall.c b/linux-user/syscall.c > index aaac6a2..290fdea 100644 > --- a/linux-user/syscall.c > +++ b/linux-user/syscall.c > @@ -3681,6 +3681,7 @@ static abi_long do_ioctl_dm(const IOCTLEntry *ie, uint8_t *buf_temp, int fd, > } > default: > ret = -TARGET_EINVAL; > + unlock_user(argptr, guest_data, 0); > goto out; > } > unlock_user(argptr, guest_data, guest_data_size); > -- > 1.9.3 (Apple Git-50) Correct as far as it goes, but notice that we have the identical bug in the other switch (ie->host_cmd) as well... thanks -- PMM
On 1/23/15 18:01, Peter Maydell wrote: > On 23 January 2015 at 08:53, Chen Gang S <gang.chen@sunrus.com.cn> wrote: >> In abi_long do_ioctl_dm(), after calls lock_user(), it does not call >> unlock_user() before go to failure return in default case. >> >> Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com> >> --- >> linux-user/syscall.c | 1 + >> 1 file changed, 1 insertion(+) >> >> diff --git a/linux-user/syscall.c b/linux-user/syscall.c >> index aaac6a2..290fdea 100644 >> --- a/linux-user/syscall.c >> +++ b/linux-user/syscall.c >> @@ -3681,6 +3681,7 @@ static abi_long do_ioctl_dm(const IOCTLEntry *ie, uint8_t *buf_temp, int fd, >> } >> default: >> ret = -TARGET_EINVAL; >> + unlock_user(argptr, guest_data, 0); >> goto out; >> } >> unlock_user(argptr, guest_data, guest_data_size); >> -- >> 1.9.3 (Apple Git-50) > > Correct as far as it goes, but notice that we have the identical > bug in the other switch (ie->host_cmd) as well... > Oh, really, thanks. I shall send patch v2 for it, if no additional reply within 2 days. Thanks.
diff --git a/linux-user/syscall.c b/linux-user/syscall.c index aaac6a2..290fdea 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -3681,6 +3681,7 @@ static abi_long do_ioctl_dm(const IOCTLEntry *ie, uint8_t *buf_temp, int fd, } default: ret = -TARGET_EINVAL; + unlock_user(argptr, guest_data, 0); goto out; } unlock_user(argptr, guest_data, guest_data_size);
In abi_long do_ioctl_dm(), after calls lock_user(), it does not call unlock_user() before go to failure return in default case. Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com> --- linux-user/syscall.c | 1 + 1 file changed, 1 insertion(+)