From 94c19610a6973ad917d9c154eabfc2ee27bc4f59 Mon Sep 17 00:00:00 2001 From: An-Cheng Huang Date: Tue, 9 Aug 2011 12:32:38 -0700 Subject: [PATCH] linux-user: Verify MIPS syscall arguments On MIPS, some syscall arguments are taken from the stack. This patch adds verification such that do_syscall() is only invoked if all arguments have been successfully taken from the stack. Signed-off-by: Riku Voipio Reviewed-by: Peter Maydell Signed-off-by: An-Cheng Huang --- linux-user/main.c | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/linux-user/main.c b/linux-user/main.c index 3df91f388a..0cc9148a80 100644 --- a/linux-user/main.c +++ b/linux-user/main.c @@ -2170,11 +2170,22 @@ void cpu_loop(CPUMIPSState *env) sp_reg = env->active_tc.gpr[29]; switch (nb_args) { /* these arguments are taken from the stack */ - /* FIXME - what to do if get_user() fails? */ - case 8: get_user_ual(arg8, sp_reg + 28); - case 7: get_user_ual(arg7, sp_reg + 24); - case 6: get_user_ual(arg6, sp_reg + 20); - case 5: get_user_ual(arg5, sp_reg + 16); + case 8: + if ((ret = get_user_ual(arg8, sp_reg + 28)) != 0) { + goto done_syscall; + } + case 7: + if ((ret = get_user_ual(arg7, sp_reg + 24)) != 0) { + goto done_syscall; + } + case 6: + if ((ret = get_user_ual(arg6, sp_reg + 20)) != 0) { + goto done_syscall; + } + case 5: + if ((ret = get_user_ual(arg5, sp_reg + 16)) != 0) { + goto done_syscall; + } default: break; } @@ -2185,6 +2196,7 @@ void cpu_loop(CPUMIPSState *env) env->active_tc.gpr[7], arg5, arg6, arg7, arg8); } +done_syscall: if (ret == -TARGET_QEMU_ESIGRETURN) { /* Returning from a successful sigreturn syscall. Avoid clobbering register state. */