On 8/19/23 02:48, Karim Taha wrote:
+/* mincore(2) */
+static inline abi_long do_bsd_mincore(abi_ulong target_addr, abi_ulong len,
+ abi_ulong target_vec)
+{
+ abi_long ret;
+ void *p, *a;
+
+ a = lock_user(VERIFY_WRITE, target_addr, len, 0);
+ if (a == NULL) {
+ return -TARGET_EFAULT;
+ }
+ p = lock_user_string(target_vec);
+ if (p == NULL) {
+ unlock_user(a, target_addr, 0);
+ return -TARGET_EFAULT;
+ }
+ ret = get_errno(mincore(a, len, p));
+ unlock_user(p, target_vec, ret);
+ unlock_user(a, target_addr, 0);
+
+ return ret;
This is wrong.
(1) VERIFY_WRITE is incorrect. Here you need a combination of guest_range_valid_untagged
and page_check_range(addr, len, PAGE_VALID).
(2) vec is not a string, it is an array of size DIV_ROUND_UP(len, TARGET_PAGE_SIZE). For
that, you do want lock_user(VERIFY_WRITE).
r~
