| Message ID | 20200827070449.2386007-1-laurent@vivier.eu (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | linux-user: fix target_to_host_timespec64() | expand |
On 27.8.20. 09:04, Laurent Vivier wrote: > in 32 bit mode, drop the padding in tv_nsec. If host is 64bit and target > is 32bit, the padding bytes will be copied from the target and as the > kernel checks the value, the syscall exits with EINVAL. > > Signed-off-by: Laurent Vivier <laurent@vivier.eu> > --- > linux-user/syscall.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/linux-user/syscall.c b/linux-user/syscall.c > index c82b73e03234..9d7376734ad4 100644 > --- a/linux-user/syscall.c > +++ b/linux-user/syscall.c > @@ -1253,6 +1253,8 @@ static inline abi_long target_to_host_timespec64(struct timespec *host_ts, > } > __get_user(host_ts->tv_sec, &target_ts->tv_sec); > __get_user(host_ts->tv_nsec, &target_ts->tv_nsec); > + /* in 32bit mode, this drops the padding */ > + host_ts->tv_nsec = (long)(abi_long)host_ts->tv_nsec; I tested this with sh4 and the nsec conversion seems to be working fine now. Just curious, why a double cast is needed '(long)(abi_long)', why not just '(abi_long)'? > unlock_user_struct(target_ts, target_addr, 0); > return 0; > }
diff --git a/linux-user/syscall.c b/linux-user/syscall.c index c82b73e03234..9d7376734ad4 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -1253,6 +1253,8 @@ static inline abi_long target_to_host_timespec64(struct timespec *host_ts, } __get_user(host_ts->tv_sec, &target_ts->tv_sec); __get_user(host_ts->tv_nsec, &target_ts->tv_nsec); + /* in 32bit mode, this drops the padding */ + host_ts->tv_nsec = (long)(abi_long)host_ts->tv_nsec; unlock_user_struct(target_ts, target_addr, 0); return 0; }
in 32 bit mode, drop the padding in tv_nsec. If host is 64bit and target is 32bit, the padding bytes will be copied from the target and as the kernel checks the value, the syscall exits with EINVAL. Signed-off-by: Laurent Vivier <laurent@vivier.eu> --- linux-user/syscall.c | 2 ++ 1 file changed, 2 insertions(+)