diff mbox series

[PULL,4/4] linux-user: always translate cmsg when recvmsg

Message ID 20221103084925.3860524-5-laurent@vivier.eu (mailing list archive)
State New, archived
Headers show
Series [PULL,1/4] linux-user/hppa: Detect glibc ABORT_INSTRUCTION and EXCP_BREAK handler | expand

Commit Message

Laurent Vivier Nov. 3, 2022, 8:49 a.m. UTC 
From: Icenowy Zheng <uwu@icenowy.me>

It's possible that a message contains both normal payload and ancillary
data in the same message, and even if no ancillary data is available
this information should be passed to the target, otherwise the target
cmsghdr will be left uninitialized and the target is going to access
uninitialized memory if it expects cmsg.

Always call the function that translate cmsg when recvmsg, because that
function should be empty-cmsg-safe (it creates an empty cmsg in the
target).

Signed-off-by: Icenowy Zheng <uwu@icenowy.me>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20221028081220.1604244-1-uwu@icenowy.me>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
---
 linux-user/syscall.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 8b18adfba894..24b25759beab 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -3353,7 +3353,8 @@  static abi_long do_sendrecvmsg_locked(int fd, struct target_msghdr *msgp,
             if (fd_trans_host_to_target_data(fd)) {
                 ret = fd_trans_host_to_target_data(fd)(msg.msg_iov->iov_base,
                                                MIN(msg.msg_iov->iov_len, len));
-            } else {
+            }
+            if (!is_error(ret)) {
                 ret = host_to_target_cmsg(msgp, &msg);
             }
             if (!is_error(ret)) {