If not handled, QEMU will execve itself instead of the emulated
process. The function do_openat already solves the /proc/self/exe
problem, so we can use it to get the executable file descriptor. We
then make a safe call to execveat.
Note that safe_execve has been replaced by safe_execveat, since the
former is now useless.
Signed-off-by: Olivier Dion <olivier.d...@polymtl.ca>
---
linux-user/syscall.c | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index e2af3c1494..68340bcb67 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -736,7 +736,7 @@ safe_syscall4(pid_t, wait4, pid_t, pid, int *, status, int,
options, \
struct rusage *, rusage)
safe_syscall5(int, waitid, idtype_t, idtype, id_t, id, siginfo_t *, infop, \
int, options, struct rusage *, rusage)
-safe_syscall3(int, execve, const char *, filename, char **, argv, char **,
envp)
+safe_syscall5(int, execveat, int, dirfd, const char *, pathname, char **,
argv, char **, envp, int, flags)
safe_syscall6(int, pselect6, int, nfds, fd_set *, readfds, fd_set *, writefds,
\
fd_set *, exceptfds, struct timespec *, timeout, void *, sig)
safe_syscall5(int, ppoll, struct pollfd *, ufds, unsigned int, nfds,
@@ -7507,8 +7507,18 @@ static abi_long do_syscall1(void *cpu_env, int num,
abi_long arg1,
* before the execve completes and makes it the other
* program's problem.
*/
- ret = get_errno(safe_execve(p, argp, envp));
- unlock_user(p, arg1, 0);
+ {
+ int execfd = get_errno(do_openat(cpu_env, AT_FDCWD, p, O_PATH,
0));
+ unlock_user(p, arg1, 0);
+ if (is_error(execfd)) {
+ ret = execfd;
+ goto execve_end;
+ }
+ ret = get_errno(safe_execveat(execfd, "",
+ argp, envp,
+ AT_EMPTY_PATH));
+ close(execfd);
+ }
goto execve_end;
--
2.23.0
