[PATCH] linux-user: properly check flags in openat2

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] linux-user: properly check flags in openat2
@ 2026-02-10  9:26 Andreas Schwab
  2026-02-10 15:41 ` Helge Deller
  0 siblings, 1 reply; 2+ messages in thread
From: Andreas Schwab @ 2026-02-10  9:26 UTC (permalink / raw)
  To: Laurent Vivier; +Cc: Pierrick Bouvier, qemu-devel

target_to_host_bitmask truncates the bitmask to int.  Check that the upper
half of the flags do not have any bits set.

Signed-off-by: Andreas Schwab <schwab@suse.de>
---
 linux-user/syscall.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 8469b81878..667aea6a03 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -8822,6 +8822,10 @@ static int do_openat2(CPUArchState *cpu_env, abi_long dirfd,
         }
         return ret;
     }
+    if (tswap64(how.flags) >> 32) {
+        return -TARGET_EINVAL;
+    }
+
     pathname = lock_user_string(guest_pathname);
     if (!pathname) {
         return -TARGET_EFAULT;
-- 
2.53.0


-- 
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH] linux-user: properly check flags in openat2
  2026-02-10  9:26 [PATCH] linux-user: properly check flags in openat2 Andreas Schwab
@ 2026-02-10 15:41 ` Helge Deller
  0 siblings, 0 replies; 2+ messages in thread
From: Helge Deller @ 2026-02-10 15:41 UTC (permalink / raw)
  To: Andreas Schwab, Laurent Vivier (odd fixer:Linux user)
  Cc: Pierrick Bouvier, qemu-devel

On 2/10/26 10:26, Andreas Schwab wrote:
> target_to_host_bitmask truncates the bitmask to int.  Check that the upper
> half of the flags do not have any bits set.
> 
> Signed-off-by: Andreas Schwab <schwab@suse.de>
> ---
>   linux-user/syscall.c | 4 ++++
>   1 file changed, 4 insertions(+)
> 
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index 8469b81878..667aea6a03 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -8822,6 +8822,10 @@ static int do_openat2(CPUArchState *cpu_env, abi_long dirfd,
>           }
>           return ret;
>       }
> +    if (tswap64(how.flags) >> 32) {
> +        return -TARGET_EINVAL;
> +    }

Seems a little hackish. Basically target_to_host_bitmask()
could be extended to handle 64bit values too.
But as long as all values which we test fits into 32-bits,
I think this is a valid patch.

Reviewed-by: Helge Deller <deller@gmx.de>

Helge

> +
>       pathname = lock_user_string(guest_pathname);
>       if (!pathname) {
>           return -TARGET_EFAULT;



^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2026-02-10 15:41 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-02-10  9:26 [PATCH] linux-user: properly check flags in openat2 Andreas Schwab
2026-02-10 15:41 ` Helge Deller

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.