From 9b6cb4d27fdffbd89783037f3314dd8277f317c3 Mon Sep 17 00:00:00 2001
From: Qi Zheng <huaiqing.zq@antgroup.com>
Date: Fri, 29 Dec 2023 16:55:57 +0800
Subject: [PATCH] [libos] Add iov buffer check for readv and writev

Signed-off-by: Qi Zheng <huaiqing.zq@antgroup.com>
---
 src/libos/src/fs/syscalls.rs | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/src/libos/src/fs/syscalls.rs b/src/libos/src/fs/syscalls.rs
index 526c162c..3e21aece 100644
--- a/src/libos/src/fs/syscalls.rs
+++ b/src/libos/src/fs/syscalls.rs
@@ -167,8 +167,11 @@ fn do_writev_offset(
         for iov_i in 0..count {
             let iov_ptr = unsafe { iov.offset(iov_i as isize) };
             let iov = unsafe { &*iov_ptr };
-            let buf = unsafe { std::slice::from_raw_parts(iov.base as *const u8, iov.len) };
-            bufs_vec.push(buf);
+            if iov.len != 0 {
+                from_user::check_array(iov.base as *const u8, iov.len)?;
+                let buf = unsafe { std::slice::from_raw_parts(iov.base as *const u8, iov.len) };
+                bufs_vec.push(buf);
+            }
         }
         bufs_vec
     };
@@ -206,8 +209,11 @@ fn do_readv_offset(
         for iov_i in 0..count {
             let iov_ptr = unsafe { iov.offset(iov_i as isize) };
             let iov = unsafe { &*iov_ptr };
-            let buf = unsafe { std::slice::from_raw_parts_mut(iov.base as *mut u8, iov.len) };
-            bufs_vec.push(buf);
+            if iov.len != 0 {
+                from_user::check_mut_array(iov.base as *mut u8, iov.len)?;
+                let buf = unsafe { std::slice::from_raw_parts_mut(iov.base as *mut u8, iov.len) };
+                bufs_vec.push(buf);
+            }
         }
         bufs_vec
     };