From: Richard Henderson Date: Mon, 26 Apr 2021 02:53:30 +0000 (-0700) Subject: linux-user/sparc: Minor corrections to do_sigreturn X-Git-Tag: v6.1.0-rc0~116^2~31 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1176e57a8b34c845a89b2b0f86e424a825d40faa;p=thirdparty%2Fqemu.git linux-user/sparc: Minor corrections to do_sigreturn Check that the input sp is 16 byte aligned, not 4. Do that before the lock_user_struct check. Validate the saved sp is 8 byte aligned. Signed-off-by: Richard Henderson Message-Id: <20210426025334.1168495-22-richard.henderson@linaro.org> Signed-off-by: Laurent Vivier --- diff --git a/linux-user/sparc/signal.c b/linux-user/sparc/signal.c index f0f614a3af7..0ff57af43d1 100644 --- a/linux-user/sparc/signal.c +++ b/linux-user/sparc/signal.c @@ -254,7 +254,7 @@ void setup_rt_frame(int sig, struct target_sigaction *ka, long do_sigreturn(CPUSPARCState *env) { abi_ulong sf_addr; - struct target_signal_frame *sf; + struct target_signal_frame *sf = NULL; abi_ulong pc, npc, ptr; target_sigset_t set; sigset_t host_set; @@ -262,18 +262,21 @@ long do_sigreturn(CPUSPARCState *env) sf_addr = env->regwptr[WREG_SP]; trace_user_do_sigreturn(env, sf_addr); - if (!lock_user_struct(VERIFY_READ, sf, sf_addr, 1)) { - goto segv_and_exit; - } /* 1. Make sure we are not getting garbage from the user */ + if ((sf_addr & 15) || !lock_user_struct(VERIFY_READ, sf, sf_addr, 1)) { + goto segv_and_exit; + } - if (sf_addr & 3) + /* Make sure stack pointer is aligned. */ + __get_user(ptr, &sf->regs.u_regs[14]); + if (ptr & 7) { goto segv_and_exit; + } - __get_user(pc, &sf->regs.pc); + /* Make sure instruction pointers are aligned. */ + __get_user(pc, &sf->regs.pc); __get_user(npc, &sf->regs.npc); - if ((pc | npc) & 3) { goto segv_and_exit; } @@ -309,7 +312,7 @@ long do_sigreturn(CPUSPARCState *env) unlock_user_struct(sf, sf_addr, 0); return -TARGET_QEMU_ESIGRETURN; -segv_and_exit: + segv_and_exit: unlock_user_struct(sf, sf_addr, 0); force_sig(TARGET_SIGSEGV); return -TARGET_QEMU_ESIGRETURN;