https://bugs.kde.org/show_bug.cgi?id=509566
--- Comment #4 from Mark Wielaard <[email protected]> --- Comment on attachment 185101 --> https://bugs.kde.org/attachment.cgi?id=185101 updated patch or an entire mount tree. If pathname is a rela‐ tive pathname, then it ^ +PRE(sys_mount_setattr) +{ + // int syscall(SYS_mount_setattr, int dirfd, const char *pathname, + // unsigned int flags, struct mount_attr *attr, size_t size); + *flags |= SfMayBlock; + PRINT("sys_mount_setattr ( %d, %#" FMT_REGWORD "x, %" FMT_REGWORD "u, %#" + FMT_REGWORD "x, %" FMT_REGWORD "u )", (Int)ARG1, ARG2, + ARG3, ARG4, ARG5); + if (!ML_(fd_allowed)(ARG1, "mount_setattr", tid, False)) + SET_STATUS_Failure( VKI_EBADF ); + PRE_MEM_READ("mount(attr)", ARG5, ARG6); + ML_(fd_at_check_allowed)(SARG1, (const HChar*)ARG2, "mount_setattr", tid, status); +} dirfd (ARG1) is checked twice, I think the first using ML(fd_allowed) is wrong, the second using ML_(fd_at_check_allowed) seems correct. + PRE_MEM_RASCIIZ( "move_mount(from_pathname)", ARG4); /* For absolute filenames, to_dfd is ignored. If to_dfd is AT_FDCWD, to_pathname is relative to cwd. When comparing to_dfd against AT_FDCWD, be sure only to compare the bottom 32 bits. */ - if (ML_(safe_to_deref)( (void*)(Addr)ARG4, 1 ) - && *(Char *)(Addr)ARG4 != '/' - && ((Int)ARG4) != ((Int)VKI_AT_FDCWD) - && !ML_(fd_allowed)(ARG3, "mount_move", tid, False)) - SET_STATUS_Failure( VKI_EBADF ); + ML_(fd_at_check_allowed)(SARG3, (const HChar*)ARG4, "sys_move_mount[to_pathname]", tid, status); } The PRE_MEM_RASCIIZ should also be to_pathname. We aren't totally consistent with the syscall/param name. Lets go with "syscall_name(param_name)" So drop the "sys_" prefix and use round '()' brackets instead of square '[]' ones whenever possible. -- You are receiving this mail because: You are watching all bug changes.
