virtio-devices: fix UB getting tty size

TIOCGWINSZ modifies its argument, so it needs to mutably borrow it.
Unfortunately, ioctl()'s signature is not able to enforce this, and
the write happens in the kernel, so I don't think anything like miri,
valgrind, UBSan, etc. would have been able to catch this.

The UB passing an immutable reference caused resulted, for me, in
get_win_size() returning (0, 0) since LLVM commit
9a09c737a052 ("[BasicAA] Make isNotCapturedBeforeOrAt() check for
calls more precise (#69931)").

I've had a look through the other ioctl() calls in Cloud Hypervisor,
and I don't think any others have the same problem.

Signed-off-by: Alyssa Ross <hi@alyssa.is>
This commit is contained in:
Alyssa Ross 2024-07-03 22:30:02 +02:00 committed by Liu Wei
parent b5cce0d371
commit e7c7a304e8

View File

@ -608,11 +608,11 @@ fn get_win_size(tty: &dyn AsRawFd) -> (u16, u16) {
xpixel: u16, xpixel: u16,
ypixel: u16, ypixel: u16,
} }
let ws: WindowSize = WindowSize::default(); let mut ws: WindowSize = WindowSize::default();
// SAFETY: FFI call with correct arguments // SAFETY: FFI call with correct arguments
unsafe { unsafe {
libc::ioctl(tty.as_raw_fd(), TIOCGWINSZ, &ws); libc::ioctl(tty.as_raw_fd(), TIOCGWINSZ, &mut ws);
} }
(ws.cols, ws.rows) (ws.cols, ws.rows)