On Sun, Sep 17, 2023 at 10:39 PM Karim Taha <kariem.taha...@gmail.com>
wrote:
> From: Stacey Son <s...@freebsd.org>
>
> Signed-off-by: Stacey Son <s...@freebsd.org>
> Signed-off-by: Karim Taha <kariem.taha...@gmail.com>
> Reviewed-by: Richard Henderson <richard.hender...@linaro.org>
> ---
> bsd-user/bsd-proc.h | 39 +++++++++++++++++++++++++++++++++++
> bsd-user/freebsd/os-syscall.c | 12 +++++++++++
> 2 files changed, 51 insertions(+)
>
> diff --git a/bsd-user/bsd-proc.h b/bsd-user/bsd-proc.h
> index 7b25aa1982..fd05422d9a 100644
> --- a/bsd-user/bsd-proc.h
> +++ b/bsd-user/bsd-proc.h
> @@ -26,6 +26,7 @@
> #include "gdbstub/syscalls.h"
> #include "qemu/plugin.h"
>
> +extern int _getlogin(char*, int);
> int bsd_get_ncpu(void);
>
> /* exit(2) */
> @@ -85,4 +86,42 @@ static inline abi_long do_bsd_setgroups(abi_long
> gidsetsize, abi_long arg2)
> return get_errno(setgroups(gidsetsize, grouplist));
> }
>
> +/* umask(2) */
> +static inline abi_long do_bsd_umask(abi_long arg1)
> +{
> + return get_errno(umask(arg1));
> +}
> +
> +/* setlogin(2) */
> +static inline abi_long do_bsd_setlogin(abi_long arg1)
> +{
> + abi_long ret;
> + void *p;
> +
> + p = lock_user_string(arg1);
> + if (p == NULL) {
> + return -TARGET_EFAULT;
> + }
> + ret = get_errno(setlogin(p));
> + unlock_user(p, arg1, 0);
> +
> + return ret;
> +}
> +
> +/* getlogin(2) */
> +static inline abi_long do_bsd_getlogin(abi_long arg1, abi_long arg2)
> +{
> + abi_long ret;
> + void *p;
> +
> + p = lock_user_string(arg1);
> + if (p == NULL) {
> + return -TARGET_EFAULT;
> + }
>
This looks backwards. We're calling the kernel to get this string, so the
target_strlen() tht lock_user_string() does is on the receiving buffer, not
the length of the string that we'd like to write.
I think we want
p = lock_user(VERIFY_READ, arg1, arg2, 0);
for this. sys_getlogin in sys/kern/kern_prot.c does a copyout. This is
clearly
broken in the 'blitz' branch.
Warner
