From: Peter Maydell <[email protected]> Linux returns success if pwrite64() or pread64() are called with a zero length NULL buffer, but QEMU was returning -TARGET_EFAULT.
This is the same bug that we fixed in commit 58cfa6c2e6eb51b23cc9 for the write syscall, and long before that in 38d840e6790c29f59 for the read syscall. Fixes: https://bugs.launchpad.net/qemu/+bug/1810433 Signed-off-by: Peter Maydell <[email protected]> Reviewed-by: Laurent Vivier <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Message-Id: <[email protected]> Signed-off-by: Laurent Vivier <[email protected]> (cherry picked from commit 2bd3f8998e1e7dcd9afc29fab252fb9936f9e956) *drop functional dep. on 2852aafd9d Signed-off-by: Michael Roth <[email protected]> --- linux-user/syscall.c | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 1477509cf2..0859739e9d 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -10910,8 +10910,15 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, arg4 = arg5; arg5 = arg6; } - if (!(p = lock_user(VERIFY_WRITE, arg2, arg3, 0))) - goto efault; + if (arg2 == 0 && arg3 == 0) { + /* Special-case NULL buffer and zero length, which should succeed */ + p = 0; + } else { + p = lock_user(VERIFY_WRITE, arg2, arg3, 0); + if (!p) { + goto efault; + } + } ret = get_errno(pread64(arg1, p, arg3, target_offset64(arg4, arg5))); unlock_user(p, arg2, ret); break; @@ -10920,8 +10927,15 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, arg4 = arg5; arg5 = arg6; } - if (!(p = lock_user(VERIFY_READ, arg2, arg3, 1))) - goto efault; + if (arg2 == 0 && arg3 == 0) { + /* Special-case NULL buffer and zero length, which should succeed */ + p = 0; + } else { + p = lock_user(VERIFY_READ, arg2, arg3, 1); + if (!p) { + goto efault; + } + } ret = get_errno(pwrite64(arg1, p, arg3, target_offset64(arg4, arg5))); unlock_user(p, arg2, 0); break; -- 2.17.1
