linux-user/aarch64: Do not allow duplicate or short sve records

In parse_user_sigframe, the kernel rejects duplicate sve records, or records that are smaller than the header. We were silently allowing these cases to pass, dropping the record. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20220708151540.18136-38-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
author: Richard Henderson <richard.henderson@linaro.org> 2022-07-08 20:45:32 +0530
committer: Peter Maydell <peter.maydell@linaro.org> 2022-07-11 13:43:51 +0100
commit: affb1a50b95b0d523868db759038bb0ff915a906 (patch)
tree: 1e123460f918a47d03bd21b99550497e0b8188ca
parent: 5726597c3bab1653c8707ec964832eac46bdea37 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/linux-user/aarch64/signal.c b/linux-user/aarch64/signal.c
index 8b352abb97..8fbe98d72f 100644
--- a/linux-user/aarch64/signal.c
+++ b/linux-user/aarch64/signal.c
@@ -318,10 +318,13 @@ static int target_restore_sigframe(CPUARMState *env,
             break;
 
         case TARGET_SVE_MAGIC:
+            if (sve || size < sizeof(struct target_sve_context)) {
+                goto err;
+            }
             if (cpu_isar_feature(aa64_sve, env_archcpu(env))) {
                 vq = sve_vq(env);
                 sve_size = QEMU_ALIGN_UP(TARGET_SVE_SIG_CONTEXT_SIZE(vq), 16);
-                if (!sve && size == sve_size) {
+                if (size == sve_size) {
                     sve = (struct target_sve_context *)ctx;
                     break;
                 }
author	Richard Henderson <richard.henderson@linaro.org>	2022-07-08 20:45:32 +0530
committer	Peter Maydell <peter.maydell@linaro.org>	2022-07-11 13:43:51 +0100
commit	affb1a50b95b0d523868db759038bb0ff915a906 (patch)
tree	1e123460f918a47d03bd21b99550497e0b8188ca
parent	5726597c3bab1653c8707ec964832eac46bdea37 (diff)