[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PULL 28/59] linux-user/sparc: Minor corrections to do_sigreturn
From: |
Laurent Vivier |
Subject: |
[PULL 28/59] linux-user/sparc: Minor corrections to do_sigreturn |
Date: |
Tue, 18 May 2021 07:31:00 +0200 |
From: Richard Henderson <richard.henderson@linaro.org>
Check that the input sp is 16 byte aligned, not 4.
Do that before the lock_user_struct check.
Validate the saved sp is 8 byte aligned.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210426025334.1168495-22-richard.henderson@linaro.org>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
---
linux-user/sparc/signal.c | 19 +++++++++++--------
1 file changed, 11 insertions(+), 8 deletions(-)
diff --git a/linux-user/sparc/signal.c b/linux-user/sparc/signal.c
index f0f614a3af7a..0ff57af43d1e 100644
--- a/linux-user/sparc/signal.c
+++ b/linux-user/sparc/signal.c
@@ -254,7 +254,7 @@ void setup_rt_frame(int sig, struct target_sigaction *ka,
long do_sigreturn(CPUSPARCState *env)
{
abi_ulong sf_addr;
- struct target_signal_frame *sf;
+ struct target_signal_frame *sf = NULL;
abi_ulong pc, npc, ptr;
target_sigset_t set;
sigset_t host_set;
@@ -262,18 +262,21 @@ long do_sigreturn(CPUSPARCState *env)
sf_addr = env->regwptr[WREG_SP];
trace_user_do_sigreturn(env, sf_addr);
- if (!lock_user_struct(VERIFY_READ, sf, sf_addr, 1)) {
- goto segv_and_exit;
- }
/* 1. Make sure we are not getting garbage from the user */
+ if ((sf_addr & 15) || !lock_user_struct(VERIFY_READ, sf, sf_addr, 1)) {
+ goto segv_and_exit;
+ }
- if (sf_addr & 3)
+ /* Make sure stack pointer is aligned. */
+ __get_user(ptr, &sf->regs.u_regs[14]);
+ if (ptr & 7) {
goto segv_and_exit;
+ }
- __get_user(pc, &sf->regs.pc);
+ /* Make sure instruction pointers are aligned. */
+ __get_user(pc, &sf->regs.pc);
__get_user(npc, &sf->regs.npc);
-
if ((pc | npc) & 3) {
goto segv_and_exit;
}
@@ -309,7 +312,7 @@ long do_sigreturn(CPUSPARCState *env)
unlock_user_struct(sf, sf_addr, 0);
return -TARGET_QEMU_ESIGRETURN;
-segv_and_exit:
+ segv_and_exit:
unlock_user_struct(sf, sf_addr, 0);
force_sig(TARGET_SIGSEGV);
return -TARGET_QEMU_ESIGRETURN;
--
2.31.1
- [PULL 08/59] linux-user: Split out target_restore_altstack, (continued)
- [PULL 08/59] linux-user: Split out target_restore_altstack, Laurent Vivier, 2021/05/18
- [PULL 14/59] linux-user/sparc: Merge sparc64 target_syscall.h, Laurent Vivier, 2021/05/18
- [PULL 19/59] linux-user/sparc: Remove target_sigcontext as unused, Laurent Vivier, 2021/05/18
- [PULL 18/59] linux-user/sparc: Merge sparc64/ into sparc/, Laurent Vivier, 2021/05/18
- [PULL 24/59] linux-user/sparc: Clean up get_sigframe, Laurent Vivier, 2021/05/18
- [PULL 21/59] linux-user/sparc: Fix the stackframe structure, Laurent Vivier, 2021/05/18
- [PULL 25/59] linux-user/sparc: Save and restore fpu in signal frame, Laurent Vivier, 2021/05/18
- [PULL 29/59] linux-user/sparc: Add 64-bit support to fpu save/restore, Laurent Vivier, 2021/05/18
- [PULL 26/59] linux-user/sparc: Add rwin_save to signal frame, Laurent Vivier, 2021/05/18
- [PULL 22/59] linux-user/sparc: Use target_pt_regs, Laurent Vivier, 2021/05/18
- [PULL 28/59] linux-user/sparc: Minor corrections to do_sigreturn,
Laurent Vivier <=
- [PULL 30/59] linux-user/sparc: Implement sparc32 rt signals, Laurent Vivier, 2021/05/18
- [PULL 20/59] linux-user/sparc: Remove target_rt_signal_frame as unused, Laurent Vivier, 2021/05/18
- [PULL 33/59] linux-user/s390x: Fix sigframe types, Laurent Vivier, 2021/05/18
- [PULL 23/59] linux-user/sparc: Split out save_reg_win, Laurent Vivier, 2021/05/18
- [PULL 37/59] linux-user/s390x: Fix trace in restore_regs, Laurent Vivier, 2021/05/18
- [PULL 32/59] tests/tcg/sparc64: Re-enable linux-test, Laurent Vivier, 2021/05/18
- [PULL 34/59] linux-user/s390x: Use uint16_t for signal retcode, Laurent Vivier, 2021/05/18
- [PULL 44/59] linux-user/s390x: Fix frame_addr corruption in setup_frame, Laurent Vivier, 2021/05/18
- [PULL 45/59] linux-user/s390x: Add build asserts for sigset sizes, Laurent Vivier, 2021/05/18
- [PULL 49/59] linux-user: Fix erroneous conversion in copy_file_range, Laurent Vivier, 2021/05/18