On 2020/6/2 下午9:40, Laurent Vivier wrote:
>> +static inline abi_long target_to_host_drmversion(struct drm_version
>> *host_ver,
>> + abi_long target_addr)
>> +{
>> + struct target_drm_version *target_ver;
>> +
>> + if (!lock_user_struct(VERIFY_READ, target_ver, target_addr, 0)) {
>> + return -TARGET_EFAULT;
>> + }
>> + __get_user(host_ver->name_len, &target_ver->name_len);
>> + host_ver->name = host_ver->name_len ? g2h(target_ver->name) : NULL;
>> + __get_user(host_ver->date_len, &target_ver->date_len);
>> + host_ver->date = host_ver->date_len ? g2h(target_ver->date) : NULL;
>> + __get_user(host_ver->desc_len, &target_ver->desc_len);
>> + host_ver->desc = host_ver->desc_len ? g2h(target_ver->desc) : NULL;
>
> but I think the string buffers must be locked and access rights must be
> checked.
>
> So I think you should have something like:
>
> host_ver->name = lock_user(VERIFY_WRITE, target_ver->name,
> target_ver->name_len, 0);
> ...
>
OK, thanks.
>> + unlock_user_struct(target_ver, target_addr, 0);
>> + return 0;
>> +}
>> +
>> +static inline abi_long host_to_target_drmversion(abi_ulong target_addr,
>> + struct drm_version
>> *host_ver)
>> +{
>> + struct target_drm_version *target_ver;
>> +
>> + if (!lock_user_struct(VERIFY_WRITE, target_ver, target_addr, 0)) {
>> + return -TARGET_EFAULT;
>> + }
>> + __put_user(host_ver->version_major, &target_ver->version_major);
>> + __put_user(host_ver->version_minor, &target_ver->version_minor);
>> + __put_user(host_ver->version_patchlevel,
>> &target_ver->version_patchlevel);
>> + __put_user(host_ver->name_len, &target_ver->name_len);
>
> unlock_user(host_ver->name, target_ver->name, host_ver->name_len);
> ...
>
OK, thanks.
I'll send patch v5.
