diff options
Diffstat (limited to 'linux-user/syscall.c')
| -rw-r--r-- | linux-user/syscall.c | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/linux-user/syscall.c b/linux-user/syscall.c index b4f7b14fbe..f7ebe6233b 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -4900,6 +4900,9 @@ static inline abi_ulong do_shmat(CPUArchState *cpu_env, return -TARGET_EINVAL; } } + if (!guest_range_valid(shmaddr, shm_info.shm_segsz)) { + return -TARGET_EINVAL; + } mmap_lock(); @@ -4944,6 +4947,9 @@ static inline abi_ulong do_shmat(CPUArchState *cpu_env, static inline abi_long do_shmdt(abi_ulong shmaddr) { int i; + abi_long rv; + + mmap_lock(); for (i = 0; i < N_SHM_REGIONS; ++i) { if (shm_regions[i].in_use && shm_regions[i].start == shmaddr) { @@ -4952,8 +4958,11 @@ static inline abi_long do_shmdt(abi_ulong shmaddr) break; } } + rv = get_errno(shmdt(g2h(shmaddr))); - return get_errno(shmdt(g2h(shmaddr))); + mmap_unlock(); + + return rv; } #ifdef TARGET_NR_ipc @@ -7468,7 +7477,7 @@ static int open_self_maps(void *cpu_env, int fd) } if (h2g_valid(min)) { int flags = page_get_flags(h2g(min)); - max = h2g_valid(max - 1) ? max : (uintptr_t)g2h(GUEST_ADDR_MAX); + max = h2g_valid(max - 1) ? max : (uintptr_t)g2h(GUEST_ADDR_MAX) + 1; if (page_check_range(h2g(min), max - min, flags) == -1) { continue; } @@ -9545,6 +9554,11 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, __put_user(stfs.f_fsid.__val[1], &target_stfs->f_fsid.val[1]); __put_user(stfs.f_namelen, &target_stfs->f_namelen); __put_user(stfs.f_frsize, &target_stfs->f_frsize); +#ifdef _STATFS_F_FLAGS + __put_user(stfs.f_flags, &target_stfs->f_flags); +#else + __put_user(0, &target_stfs->f_flags); +#endif memset(target_stfs->f_spare, 0, sizeof(target_stfs->f_spare)); unlock_user_struct(target_stfs, arg2, 1); } |