diff options
| author | Richard Henderson <richard.henderson@linaro.org> | 2024-04-08 18:04:19 -1000 |
|---|---|---|
| committer | Richard Henderson <richard.henderson@linaro.org> | 2024-05-26 15:49:58 -0700 |
| commit | 701890bdd09b289fd9cb852e714e91373088b0f3 (patch) | |
| tree | 423f6606e9f4d9252aba71e38bedaa153fd423de /linux-user/i386/signal.c | |
| parent | 9c2fb9e1d589fbda266d8db611b9d3a38ab96a3c (diff) | |
| download | focaccia-qemu-701890bdd09b289fd9cb852e714e91373088b0f3.tar.gz focaccia-qemu-701890bdd09b289fd9cb852e714e91373088b0f3.zip | |
target/i386: Pass host pointer and size to cpu_x86_{xsave,xrstor}
We have already validated the memory region in the course of validating the signal frame. No need to do it again within the helper function. In addition, return failure when the header contains invalid xstate_bv. The kernel handles this via exception handling within XSTATE_OP within xrstor_from_user_sigframe. Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Diffstat (limited to 'linux-user/i386/signal.c')
| -rw-r--r-- | linux-user/i386/signal.c | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/linux-user/i386/signal.c b/linux-user/i386/signal.c index 2e2972002b..cb90711834 100644 --- a/linux-user/i386/signal.c +++ b/linux-user/i386/signal.c @@ -326,7 +326,7 @@ static void xsave_sigcontext(CPUX86State *env, /* Zero the header, XSAVE *adds* features to an existing save state. */ memset(fxstate + 1, 0, sizeof(X86XSaveHeader)); - cpu_x86_xsave(env, xstate_addr, env->xcr0); + cpu_x86_xsave(env, fxstate, fpend_addr - xstate_addr, env->xcr0); __put_user(TARGET_FP_XSTATE_MAGIC1, &sw->magic1); __put_user(extended_size, &sw->extended_size); @@ -611,6 +611,8 @@ static bool xrstor_sigcontext(CPUX86State *env, FPStateKind fpkind, uint32_t magic1, magic2; uint32_t extended_size, xstate_size, min_size, max_size; uint64_t xfeatures; + void *xstate; + bool ok; switch (fpkind) { case FPSTATE_XSAVE: @@ -641,8 +643,10 @@ static bool xrstor_sigcontext(CPUX86State *env, FPStateKind fpkind, return false; } - if (!access_ok(env_cpu(env), VERIFY_READ, fxstate_addr, - xstate_size + TARGET_FP_XSTATE_MAGIC2_SIZE)) { + /* Re-lock the entire xstate area, with the extensions and magic. */ + xstate = lock_user(VERIFY_READ, fxstate_addr, + xstate_size + TARGET_FP_XSTATE_MAGIC2_SIZE, 1); + if (!xstate) { return false; } @@ -652,15 +656,15 @@ static bool xrstor_sigcontext(CPUX86State *env, FPStateKind fpkind, * fpstate layout with out copying the extended state information * in the memory layout. */ - if (get_user_u32(magic2, fxstate_addr + xstate_size)) { - return false; - } + magic2 = tswap32(*(uint32_t *)(xstate + xstate_size)); if (magic2 != TARGET_FP_XSTATE_MAGIC2) { + unlock_user(xstate, fxstate_addr, 0); break; } - cpu_x86_xrstor(env, fxstate_addr, xfeatures); - return true; + ok = cpu_x86_xrstor(env, xstate, xstate_size, xfeatures); + unlock_user(xstate, fxstate_addr, 0); + return ok; default: break; |