We properly computed the capped mask size to be put to the application
buffer, but didn't actually it. Also, we need to return the capped mask
size instead of 0 on success.

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
---
 linux-user/syscall.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 74378947f0..cf2369aac2 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -10496,10 +10496,15 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
                         ret = -TARGET_EINVAL;
                         break;
                     }
-                    ret = arg2;
+                } else if (arg2 > ret) {
+                    arg2 = ret;
                 }
 
                 ret = host_to_target_cpu_mask(mask, mask_size, arg3, arg2);
+
+                if (ret == 0) {
+                    ret = arg2;
+                }
             }
         }
         break;
-- 
2.15.1

Le 26/01/2018 à 19:36, Samuel Thibault a écrit :
> We properly computed the capped mask size to be put to the application
> buffer, but didn't actually it. Also, we need to return the capped mask
> size instead of 0 on success.
> 
> Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
> ---
>  linux-user/syscall.c | 7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index 74378947f0..cf2369aac2 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -10496,10 +10496,15 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
>                          ret = -TARGET_EINVAL;
>                          break;
>                      }
> -                    ret = arg2;
> +                } else if (arg2 > ret) {
> +                    arg2 = ret;
>                  }
>  
>                  ret = host_to_target_cpu_mask(mask, mask_size, arg3, arg2);
> +
> +                if (ret == 0) {
> +                    ret = arg2;
> +                }
>              }
>          }
>          break;
> 

Modified code was:

    if (copy_to_user(arg3, mask, ret)) {
        goto efault;
    }

so the change should only be:

    if (host_to_target_cpu_mask(mask, mask_size, arg3, ret)) {
        goto efault;
    }

Thanks,
Laurent

Laurent Vivier, on ven. 26 janv. 2018 21:34:38 +0100, wrote:
> Le 26/01/2018 à 19:36, Samuel Thibault a écrit :
> > We properly computed the capped mask size to be put to the application
> > buffer, but didn't actually it. Also, we need to return the capped mask
> > size instead of 0 on success.
> > 
> > Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
> > ---
> >  linux-user/syscall.c | 7 ++++++-
> >  1 file changed, 6 insertions(+), 1 deletion(-)
> > 
> > diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> > index 74378947f0..cf2369aac2 100644
> > --- a/linux-user/syscall.c
> > +++ b/linux-user/syscall.c
> > @@ -10496,10 +10496,15 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
> >                          ret = -TARGET_EINVAL;
> >                          break;
> >                      }
> > -                    ret = arg2;
> > +                } else if (arg2 > ret) {
> > +                    arg2 = ret;
> >                  }
> >  
> >                  ret = host_to_target_cpu_mask(mask, mask_size, arg3, arg2);
> > +
> > +                if (ret == 0) {
> > +                    ret = arg2;
> > +                }
> >              }
> >          }
> >          break;
> > 
> 
> Modified code was:
> 
>     if (copy_to_user(arg3, mask, ret)) {
>         goto efault;
>     }
> 
> so the change should only be:
> 
>     if (host_to_target_cpu_mask(mask, mask_size, arg3, ret)) {
>         goto efault;
>     }

That depends whether host_to_target_cpu_mask wants to return something
else than -TARGET_EFAULT, but at some point I don't care about
bikeshedding.

Samuel