From: Helge Deller <deller@kernel.org>
To: qemu-devel@nongnu.org, Stefan Hajnoczi <stefanha@gmail.com>
Cc: Pierrick Bouvier <pierrick.bouvier@oss.qualcomm.com>,
Laurent Vivier <laurent@vivier.eu>,
deller@gmx.de, Matt Turner <mattst88@gmail.com>,
qemu-stable@nongnu.org
Subject: [PULL 4/4] linux-user/xtensa: fix unlock of uninitialized frame pointer on sigreturn
Date: Thu, 18 Jun 2026 23:54:11 +0200 [thread overview]
Message-ID: <20260618215411.22057-5-deller@kernel.org> (raw)
In-Reply-To: <20260618215411.22057-1-deller@kernel.org>
From: Matt Turner <mattst88@gmail.com>
If lock_user_struct fails, frame is uninitialized but the badframe
label unconditionally calls unlock_user_struct on it. Handle the
lock failure inline so badframe is only reached with a valid lock.
Signed-off-by: Matt Turner <mattst88@gmail.com>
Cc: qemu-stable@nongnu.org
Reviewed-by: Helge Deller <deller@gmx.de>
Signed-off-by: Helge Deller <deller@gmx.de>
---
linux-user/xtensa/signal.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/linux-user/xtensa/signal.c b/linux-user/xtensa/signal.c
index e3f9da322b..4990c50045 100644
--- a/linux-user/xtensa/signal.c
+++ b/linux-user/xtensa/signal.c
@@ -355,7 +355,8 @@ long do_rt_sigreturn(CPUXtensaState *env)
trace_user_do_rt_sigreturn(env, frame_addr);
if (!lock_user_struct(VERIFY_READ, frame, frame_addr, 1)) {
- goto badframe;
+ force_sig(TARGET_SIGSEGV);
+ return -QEMU_ESIGRETURN;
}
target_to_host_sigset(&set, &frame->uc.tuc_sigmask);
set_sigmask(&set);
--
2.54.0
prev parent reply other threads:[~2026-06-18 21:55 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-18 21:54 [PULL 0/4] Linux user patches Helge Deller
2026-06-18 21:54 ` [PULL 1/4] linux-user: Fix AT_PHDR when program headers are relocated into their own segment Helge Deller
2026-06-18 21:54 ` [PULL 2/4] linux-user: Implement /proc/cpuinfo for loongarch cpus Helge Deller
2026-06-18 21:54 ` [PULL 3/4] linux-user: Implement /proc/cpuinfo for m68k CPU Helge Deller
2026-06-18 21:54 ` Helge Deller [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260618215411.22057-5-deller@kernel.org \
--to=deller@kernel.org \
--cc=deller@gmx.de \
--cc=laurent@vivier.eu \
--cc=mattst88@gmail.com \
--cc=pierrick.bouvier@oss.qualcomm.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-stable@nongnu.org \
--cc=stefanha@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.