Don't allow programs calling fnctl on valgrind's own file descriptors

Add a call to ML_(fd_allowed) in the PRE handler of fcntl and fcntl64
and block syscalls with EBADF when the file descriptor isn't allowed
to be used by the program.

https://bugs.kde.org/show_bug.cgi?id=337388

diff --git a/NEWS b/NEWS
index 49d055bee09a6a76eb48cc9148198e0997b479a4..9c828068fbcb70a7c389988085f8791faccbb2d2 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -31,6 +31,7 @@ are not entered into bugzilla tend to get forgotten about or ignored.
         valgrind: vex x86->IR: unhandled instruction bytes:
         0x66 0xF 0x3A 0x2
 311655  --log-file=FILE leads to apparent fd leak
+337388  fcntl works on Valgrind's own file descriptors
 377966  arm64 unhandled instruction dc zva392146  aarch64: unhandled
         instruction 0xD5380001 (MRS rT, midr_el1)
 392146  aarch64: unhandled instruction 0xD5380001 (MRS rT, midr_el1)

diff --git a/coregrind/m_syswrap/syswrap-linux.c b/coregrind/m_syswrap/syswrap-linux.c
index 45413fdd9ef5e5f36d72edb634ee03929345e653..9f3c51c17948378e501f2200be8b141aa13016b6 100644 (file)
--- a/coregrind/m_syswrap/syswrap-linux.c
+++ b/coregrind/m_syswrap/syswrap-linux.c
@@ -6978,6 +6978,10 @@ PRE(sys_fcntl)
    if (ARG2 == VKI_F_SETLKW)
 #  endif
       *flags |= SfMayBlock;
+
+   if (!ML_(fd_allowed)(ARG1, "fcntl", tid, False)) {
+     SET_STATUS_Failure (VKI_EBADF);
+   }
 }
 
 POST(sys_fcntl)
@@ -7088,6 +7092,10 @@ PRE(sys_fcntl64)
    if (ARG2 == VKI_F_SETLKW)
 #  endif
       *flags |= SfMayBlock;
+
+   if (!ML_(fd_allowed)(ARG1, "fcntl64", tid, False)) {
+     SET_STATUS_Failure (VKI_EBADF);
+   }
 }
 
 POST(sys_fcntl64)