linux-user: Correct type for BLKSSZGET

The BLKSSZGET ioctl takes an argument which is a pointer to an int. We were incorrectly declaring it to take a pointer to a long, which meant that we would incorrectly write to memory which we should not if the guest is a 64-bit architecture. In particular, kpartx uses this ioctl to write to an int on the stack, which tends to result in it crashing immediately. Reported-by: N Chanho Park <chanho61.park@samsung.com> Reviewed-by: N Laurent Vivier <laurent@vivier.eu> Signed-off-by: N Peter Maydell <peter.maydell@linaro.org> Signed-off-by: N Riku Voipio <riku.voipio@linaro.org>

linux-user: Correct type for BLKSSZGET
The BLKSSZGET ioctl takes an argument which is a pointer to an int. We were incorrectly declaring it to take a pointer to a long, which meant that we would incorrectly write to memory which we should not if the guest is a 64-bit architecture. In particular, kpartx uses this ioctl to write to an int on the stack, which tends to result in it crashing immediately. Reported-by: N Chanho Park <chanho61.park@samsung.com> Reviewed-by: N Laurent Vivier <laurent@vivier.eu> Signed-off-by: N Peter Maydell <peter.maydell@linaro.org> Signed-off-by: N Riku Voipio <riku.voipio@linaro.org>
a4a2c51f · Peter Maydell · Riku Voipio · 884cdc48 · a4a2c51f
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

linux-user/ioctls.h linux-user/ioctls.h +1 -1

未找到文件。
--- a/linux-user/ioctls.h
+++ b/linux-user/ioctls.h
@@ -76,7 +76,7 @@
     IOCTL(BLKFLSBUF, 0, TYPE_NULL)
     IOCTL(BLKRASET, 0, TYPE_INT)
     IOCTL(BLKRAGET, IOC_R, MK_PTR(TYPE_LONG))
-     IOCTL(BLKSSZGET, IOC_R, MK_PTR(TYPE_LONG))
+     IOCTL(BLKSSZGET, IOC_R, MK_PTR(TYPE_INT))
     IOCTL(BLKBSZGET, IOC_R, MK_PTR(TYPE_INT))
     IOCTL_SPECIAL(BLKPG, IOC_W, do_ioctl_blkpg,
                   MK_PTR(MK_STRUCT(STRUCT_blkpg_ioctl_arg)))