|
From: | Richard Henderson |
Subject: | Re: [PATCH 7/9] bsd-user: do_freebsd_sysctl helper for sysctl(2) |
Date: | Sat, 11 Feb 2023 13:09:22 -1000 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.7.1 |
On 2/10/23 13:18, Warner Losh wrote:
+abi_long do_freebsd_sysctl(CPUArchState *env, abi_ulong namep, int32_t namelen, + abi_ulong oldp, abi_ulong oldlenp, abi_ulong newp, abi_ulong newlen) +{ + abi_long ret; + void *hnamep, *holdp = NULL, *hnewp = NULL; + size_t holdlen; + abi_ulong oldlen = 0; + int32_t *snamep = g_malloc(sizeof(int32_t) * namelen), *p, *q, i; + + if (oldlenp) { + if (get_user_ual(oldlen, oldlenp)) { + return -TARGET_EFAULT; + } + }
You need to check for write early. Either access_ok, or lock_user.
+ for (p = hnamep, q = snamep, i = 0; i < namelen; p++, i++) { + *q++ = tswap32(*p); + }
Why the inconsistent increments?
+ unlock_user(holdp, oldp, holdlen);
Usually we don't want writeback on error. r~
[Prev in Thread] | Current Thread | [Next in Thread] |