From: Chen Gang S <gang.chen@sunrus.com.cn>
Date: Fri, 23 Jan 2015 10:01:09 +0000 (+0800)
Subject: linux-user/syscall.c: lock_iovec: unlock vec[i] in failure processing code block
X-Git-Tag: TizenStudio_2.0_p2.3.2~208^2~350^2~36
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=7eff518b6c91bdd62710dd9868ec7a17bd6f1434;p=sdk%2Femulator%2Fqemu.git

linux-user/syscall.c: lock_iovec: unlock vec[i] in failure processing code block

When failure occurs during locking of vec[i], we also need to unlock all
already locked vec[i] in failure processing code block before return.

Code in unlock_user() checks vec[i].iov_base for NULL, so there's no
need not check it .

If error is EFAULT when "i == 0", vec[i].iov_base is NULL, we can just
skip it, so can still use "while (--i >= 0)" loop condition.

Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
---

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index d4398b9..7b6f482 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -1883,6 +1883,11 @@ static struct iovec *lock_iovec(int type, abi_ulong target_addr,
     return vec;
 
  fail:
+    while (--i >= 0) {
+        if (tswapal(target_vec[i].iov_len) > 0) {
+            unlock_user(vec[i].iov_base, tswapal(target_vec[i].iov_base), 0);
+        }
+    }
     unlock_user(target_vec, target_addr, 0);
  fail2:
     free(vec);