aboutsummaryrefslogtreecommitdiff
path: root/linux-user/syscall.c
diff options
context:
space:
mode:
Diffstat (limited to 'linux-user/syscall.c')
-rw-r--r--linux-user/syscall.c182
1 files changed, 104 insertions, 78 deletions
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 11564fd0bc..000962328e 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -953,7 +953,7 @@ static abi_long do_pipe2(int host_pipe[], int flags)
#endif
}
-static abi_long do_pipe(void *cpu_env, int pipedes, int flags)
+static abi_long do_pipe(void *cpu_env, abi_ulong pipedes, int flags)
{
int host_pipe[2];
abi_long ret;
@@ -1498,13 +1498,17 @@ static abi_long do_bind(int sockfd, abi_ulong target_addr,
socklen_t addrlen)
{
void *addr;
+ abi_long ret;
if (addrlen < 0)
return -TARGET_EINVAL;
addr = alloca(addrlen+1);
- target_to_host_sockaddr(addr, target_addr, addrlen);
+ ret = target_to_host_sockaddr(addr, target_addr, addrlen);
+ if (ret)
+ return ret;
+
return get_errno(bind(sockfd, addr, addrlen));
}
@@ -1513,13 +1517,17 @@ static abi_long do_connect(int sockfd, abi_ulong target_addr,
socklen_t addrlen)
{
void *addr;
+ abi_long ret;
if (addrlen < 0)
return -TARGET_EINVAL;
addr = alloca(addrlen);
- target_to_host_sockaddr(addr, target_addr, addrlen);
+ ret = target_to_host_sockaddr(addr, target_addr, addrlen);
+ if (ret)
+ return ret;
+
return get_errno(connect(sockfd, addr, addrlen));
}
@@ -1543,8 +1551,12 @@ static abi_long do_sendrecvmsg(int fd, abi_ulong target_msg,
if (msgp->msg_name) {
msg.msg_namelen = tswap32(msgp->msg_namelen);
msg.msg_name = alloca(msg.msg_namelen);
- target_to_host_sockaddr(msg.msg_name, tswapl(msgp->msg_name),
+ ret = target_to_host_sockaddr(msg.msg_name, tswapl(msgp->msg_name),
msg.msg_namelen);
+ if (ret) {
+ unlock_user_struct(msgp, target_msg, send ? 0 : 1);
+ return ret;
+ }
} else {
msg.msg_name = NULL;
msg.msg_namelen = 0;
@@ -1586,12 +1598,19 @@ static abi_long do_accept(int fd, abi_ulong target_addr,
void *addr;
abi_long ret;
+ if (target_addr == 0)
+ return get_errno(accept(fd, NULL, NULL));
+
+ /* linux returns EINVAL if addrlen pointer is invalid */
if (get_user_u32(addrlen, target_addrlen_addr))
- return -TARGET_EFAULT;
+ return -TARGET_EINVAL;
if (addrlen < 0)
return -TARGET_EINVAL;
+ if (!access_ok(VERIFY_WRITE, target_addr, addrlen))
+ return -TARGET_EINVAL;
+
addr = alloca(addrlen);
ret = get_errno(accept(fd, addr, &addrlen));
@@ -1617,6 +1636,9 @@ static abi_long do_getpeername(int fd, abi_ulong target_addr,
if (addrlen < 0)
return -TARGET_EINVAL;
+ if (!access_ok(VERIFY_WRITE, target_addr, addrlen))
+ return -TARGET_EFAULT;
+
addr = alloca(addrlen);
ret = get_errno(getpeername(fd, addr, &addrlen));
@@ -1636,15 +1658,15 @@ static abi_long do_getsockname(int fd, abi_ulong target_addr,
void *addr;
abi_long ret;
- if (target_addr == 0)
- return get_errno(accept(fd, NULL, NULL));
-
if (get_user_u32(addrlen, target_addrlen_addr))
return -TARGET_EFAULT;
if (addrlen < 0)
return -TARGET_EINVAL;
+ if (!access_ok(VERIFY_WRITE, target_addr, addrlen))
+ return -TARGET_EFAULT;
+
addr = alloca(addrlen);
ret = get_errno(getsockname(fd, addr, &addrlen));
@@ -1688,7 +1710,11 @@ static abi_long do_sendto(int fd, abi_ulong msg, size_t len, int flags,
return -TARGET_EFAULT;
if (target_addr) {
addr = alloca(addrlen);
- target_to_host_sockaddr(addr, target_addr, addrlen);
+ ret = target_to_host_sockaddr(addr, target_addr, addrlen);
+ if (ret) {
+ unlock_user(host_msg, msg, 0);
+ return ret;
+ }
ret = get_errno(sendto(fd, host_msg, len, flags, addr, addrlen));
} else {
ret = get_errno(send(fd, host_msg, len, flags));
@@ -1751,11 +1777,11 @@ static abi_long do_socketcall(int num, abi_ulong vptr)
switch(num) {
case SOCKOP_socket:
{
- int domain, type, protocol;
+ abi_ulong domain, type, protocol;
- if (get_user_s32(domain, vptr)
- || get_user_s32(type, vptr + n)
- || get_user_s32(protocol, vptr + 2 * n))
+ if (get_user_ual(domain, vptr)
+ || get_user_ual(type, vptr + n)
+ || get_user_ual(protocol, vptr + 2 * n))
return -TARGET_EFAULT;
ret = do_socket(domain, type, protocol);
@@ -1763,13 +1789,13 @@ static abi_long do_socketcall(int num, abi_ulong vptr)
break;
case SOCKOP_bind:
{
- int sockfd;
+ abi_ulong sockfd;
abi_ulong target_addr;
socklen_t addrlen;
- if (get_user_s32(sockfd, vptr)
+ if (get_user_ual(sockfd, vptr)
|| get_user_ual(target_addr, vptr + n)
- || get_user_u32(addrlen, vptr + 2 * n))
+ || get_user_ual(addrlen, vptr + 2 * n))
return -TARGET_EFAULT;
ret = do_bind(sockfd, target_addr, addrlen);
@@ -1777,13 +1803,13 @@ static abi_long do_socketcall(int num, abi_ulong vptr)
break;
case SOCKOP_connect:
{
- int sockfd;
+ abi_ulong sockfd;
abi_ulong target_addr;
socklen_t addrlen;
- if (get_user_s32(sockfd, vptr)
+ if (get_user_ual(sockfd, vptr)
|| get_user_ual(target_addr, vptr + n)
- || get_user_u32(addrlen, vptr + 2 * n))
+ || get_user_ual(addrlen, vptr + 2 * n))
return -TARGET_EFAULT;
ret = do_connect(sockfd, target_addr, addrlen);
@@ -1791,10 +1817,10 @@ static abi_long do_socketcall(int num, abi_ulong vptr)
break;
case SOCKOP_listen:
{
- int sockfd, backlog;
+ abi_ulong sockfd, backlog;
- if (get_user_s32(sockfd, vptr)
- || get_user_s32(backlog, vptr + n))
+ if (get_user_ual(sockfd, vptr)
+ || get_user_ual(backlog, vptr + n))
return -TARGET_EFAULT;
ret = get_errno(listen(sockfd, backlog));
@@ -1802,12 +1828,12 @@ static abi_long do_socketcall(int num, abi_ulong vptr)
break;
case SOCKOP_accept:
{
- int sockfd;
+ abi_ulong sockfd;
abi_ulong target_addr, target_addrlen;
- if (get_user_s32(sockfd, vptr)
+ if (get_user_ual(sockfd, vptr)
|| get_user_ual(target_addr, vptr + n)
- || get_user_u32(target_addrlen, vptr + 2 * n))
+ || get_user_ual(target_addrlen, vptr + 2 * n))
return -TARGET_EFAULT;
ret = do_accept(sockfd, target_addr, target_addrlen);
@@ -1815,12 +1841,12 @@ static abi_long do_socketcall(int num, abi_ulong vptr)
break;
case SOCKOP_getsockname:
{
- int sockfd;
+ abi_ulong sockfd;
abi_ulong target_addr, target_addrlen;
- if (get_user_s32(sockfd, vptr)
+ if (get_user_ual(sockfd, vptr)
|| get_user_ual(target_addr, vptr + n)
- || get_user_u32(target_addrlen, vptr + 2 * n))
+ || get_user_ual(target_addrlen, vptr + 2 * n))
return -TARGET_EFAULT;
ret = do_getsockname(sockfd, target_addr, target_addrlen);
@@ -1828,12 +1854,12 @@ static abi_long do_socketcall(int num, abi_ulong vptr)
break;
case SOCKOP_getpeername:
{
- int sockfd;
+ abi_ulong sockfd;
abi_ulong target_addr, target_addrlen;
- if (get_user_s32(sockfd, vptr)
+ if (get_user_ual(sockfd, vptr)
|| get_user_ual(target_addr, vptr + n)
- || get_user_u32(target_addrlen, vptr + 2 * n))
+ || get_user_ual(target_addrlen, vptr + 2 * n))
return -TARGET_EFAULT;
ret = do_getpeername(sockfd, target_addr, target_addrlen);
@@ -1841,12 +1867,12 @@ static abi_long do_socketcall(int num, abi_ulong vptr)
break;
case SOCKOP_socketpair:
{
- int domain, type, protocol;
+ abi_ulong domain, type, protocol;
abi_ulong tab;
- if (get_user_s32(domain, vptr)
- || get_user_s32(type, vptr + n)
- || get_user_s32(protocol, vptr + 2 * n)
+ if (get_user_ual(domain, vptr)
+ || get_user_ual(type, vptr + n)
+ || get_user_ual(protocol, vptr + 2 * n)
|| get_user_ual(tab, vptr + 3 * n))
return -TARGET_EFAULT;
@@ -1855,15 +1881,15 @@ static abi_long do_socketcall(int num, abi_ulong vptr)
break;
case SOCKOP_send:
{
- int sockfd;
+ abi_ulong sockfd;
abi_ulong msg;
size_t len;
- int flags;
+ abi_ulong flags;
- if (get_user_s32(sockfd, vptr)
+ if (get_user_ual(sockfd, vptr)
|| get_user_ual(msg, vptr + n)
|| get_user_ual(len, vptr + 2 * n)
- || get_user_s32(flags, vptr + 3 * n))
+ || get_user_ual(flags, vptr + 3 * n))
return -TARGET_EFAULT;
ret = do_sendto(sockfd, msg, len, flags, 0, 0);
@@ -1871,15 +1897,15 @@ static abi_long do_socketcall(int num, abi_ulong vptr)
break;
case SOCKOP_recv:
{
- int sockfd;
+ abi_ulong sockfd;
abi_ulong msg;
size_t len;
- int flags;
+ abi_ulong flags;
- if (get_user_s32(sockfd, vptr)
+ if (get_user_ual(sockfd, vptr)
|| get_user_ual(msg, vptr + n)
|| get_user_ual(len, vptr + 2 * n)
- || get_user_s32(flags, vptr + 3 * n))
+ || get_user_ual(flags, vptr + 3 * n))
return -TARGET_EFAULT;
ret = do_recvfrom(sockfd, msg, len, flags, 0, 0);
@@ -1887,19 +1913,19 @@ static abi_long do_socketcall(int num, abi_ulong vptr)
break;
case SOCKOP_sendto:
{
- int sockfd;
+ abi_ulong sockfd;
abi_ulong msg;
size_t len;
- int flags;
+ abi_ulong flags;
abi_ulong addr;
socklen_t addrlen;
- if (get_user_s32(sockfd, vptr)
+ if (get_user_ual(sockfd, vptr)
|| get_user_ual(msg, vptr + n)
|| get_user_ual(len, vptr + 2 * n)
- || get_user_s32(flags, vptr + 3 * n)
+ || get_user_ual(flags, vptr + 3 * n)
|| get_user_ual(addr, vptr + 4 * n)
- || get_user_u32(addrlen, vptr + 5 * n))
+ || get_user_ual(addrlen, vptr + 5 * n))
return -TARGET_EFAULT;
ret = do_sendto(sockfd, msg, len, flags, addr, addrlen);
@@ -1907,19 +1933,19 @@ static abi_long do_socketcall(int num, abi_ulong vptr)
break;
case SOCKOP_recvfrom:
{
- int sockfd;
+ abi_ulong sockfd;
abi_ulong msg;
size_t len;
- int flags;
+ abi_ulong flags;
abi_ulong addr;
socklen_t addrlen;
- if (get_user_s32(sockfd, vptr)
+ if (get_user_ual(sockfd, vptr)
|| get_user_ual(msg, vptr + n)
|| get_user_ual(len, vptr + 2 * n)
- || get_user_s32(flags, vptr + 3 * n)
+ || get_user_ual(flags, vptr + 3 * n)
|| get_user_ual(addr, vptr + 4 * n)
- || get_user_u32(addrlen, vptr + 5 * n))
+ || get_user_ual(addrlen, vptr + 5 * n))
return -TARGET_EFAULT;
ret = do_recvfrom(sockfd, msg, len, flags, addr, addrlen);
@@ -1927,10 +1953,10 @@ static abi_long do_socketcall(int num, abi_ulong vptr)
break;
case SOCKOP_shutdown:
{
- int sockfd, how;
+ abi_ulong sockfd, how;
- if (get_user_s32(sockfd, vptr)
- || get_user_s32(how, vptr + n))
+ if (get_user_ual(sockfd, vptr)
+ || get_user_ual(how, vptr + n))
return -TARGET_EFAULT;
ret = get_errno(shutdown(sockfd, how));
@@ -1939,13 +1965,13 @@ static abi_long do_socketcall(int num, abi_ulong vptr)
case SOCKOP_sendmsg:
case SOCKOP_recvmsg:
{
- int fd;
+ abi_ulong fd;
abi_ulong target_msg;
- int flags;
+ abi_ulong flags;
- if (get_user_s32(fd, vptr)
+ if (get_user_ual(fd, vptr)
|| get_user_ual(target_msg, vptr + n)
- || get_user_s32(flags, vptr + 2 * n))
+ || get_user_ual(flags, vptr + 2 * n))
return -TARGET_EFAULT;
ret = do_sendrecvmsg(fd, target_msg, flags,
@@ -1954,17 +1980,17 @@ static abi_long do_socketcall(int num, abi_ulong vptr)
break;
case SOCKOP_setsockopt:
{
- int sockfd;
- int level;
- int optname;
+ abi_ulong sockfd;
+ abi_ulong level;
+ abi_ulong optname;
abi_ulong optval;
socklen_t optlen;
- if (get_user_s32(sockfd, vptr)
- || get_user_s32(level, vptr + n)
- || get_user_s32(optname, vptr + 2 * n)
+ if (get_user_ual(sockfd, vptr)
+ || get_user_ual(level, vptr + n)
+ || get_user_ual(optname, vptr + 2 * n)
|| get_user_ual(optval, vptr + 3 * n)
- || get_user_u32(optlen, vptr + 4 * n))
+ || get_user_ual(optlen, vptr + 4 * n))
return -TARGET_EFAULT;
ret = do_setsockopt(sockfd, level, optname, optval, optlen);
@@ -1972,17 +1998,17 @@ static abi_long do_socketcall(int num, abi_ulong vptr)
break;
case SOCKOP_getsockopt:
{
- int sockfd;
- int level;
- int optname;
+ abi_ulong sockfd;
+ abi_ulong level;
+ abi_ulong optname;
abi_ulong optval;
socklen_t optlen;
- if (get_user_s32(sockfd, vptr)
- || get_user_s32(level, vptr + n)
- || get_user_s32(optname, vptr + 2 * n)
+ if (get_user_ual(sockfd, vptr)
+ || get_user_ual(level, vptr + n)
+ || get_user_ual(optname, vptr + 2 * n)
|| get_user_ual(optval, vptr + 3 * n)
- || get_user_u32(optlen, vptr + 4 * n))
+ || get_user_ual(optlen, vptr + 4 * n))
return -TARGET_EFAULT;
ret = do_getsockopt(sockfd, level, optname, optval, optlen);
@@ -2215,7 +2241,7 @@ static inline abi_long do_semctl(int semid, int semnum, int cmd,
{
union semun arg;
struct semid_ds dsarg;
- unsigned short *array;
+ unsigned short *array = NULL;
struct seminfo seminfo;
abi_long ret = -TARGET_EINVAL;
abi_long err;
@@ -4529,7 +4555,7 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
case TARGET_NR_access:
if (!(p = lock_user_string(arg1)))
goto efault;
- ret = get_errno(access(p, arg2));
+ ret = get_errno(access(path(p), arg2));
unlock_user(p, arg1, 0);
break;
#if defined(TARGET_NR_faccessat) && defined(__NR_faccessat)
@@ -5021,8 +5047,8 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
if (!is_error(ret)) {
if (!lock_user_struct(VERIFY_WRITE, target_rlim, arg2, 0))
goto efault;
- rlim.rlim_cur = tswapl(target_rlim->rlim_cur);
- rlim.rlim_max = tswapl(target_rlim->rlim_max);
+ target_rlim->rlim_cur = tswapl(rlim.rlim_cur);
+ target_rlim->rlim_max = tswapl(rlim.rlim_max);
unlock_user_struct(target_rlim, arg2, 1);
}
}