• Alic3r3L1cwhk's avatar
    fix(la-glibc): complete frame-UAF cross-page audit + fcntl14/64 LA timeout whitelist · fffff13b
    Alic3r3L1cwhk authored
    - mm frame-UAF audit: route remaining multi-byte-struct user derefs through
      page-safe read_user_struct/write_user_struct (pty Termios w/r, futex
      FutexWaitv, aio Iocb, mqueue MqAttr). try_translated_ref(mut)::<T> returns a
      single-frame pointer; deref of a struct straddling a page overflows into the
      physically-adjacent frame (read garbage / write-corrupt a freed-or-pagetable
      frame -> addr=0x8 family / latent UAF). Page-safe path copies per-page.
    - runner: grant 30s LA per-case timeout to fcntl14/fcntl14_64 (block-2
      mandatory locking is alarm/blocking-wait bound, not TCG-bound) -> glibc-la
      45->96 each, +102 TPASS, cases now complete (rc=0) instead of rc=137.
    - scripts: static runner/disk guards (test_ltp_runner_skip, workdir).
    
    Verified SMP=1: RV basic/busybox55/libctest174, LA basic/busybox55 (0 panic);
    glibc-la LTP 53 cases 0 panic, fcntl14/64=96; iozone+netperf glibc-rv clean.
    runner budget caps unchanged (1...
    fffff13b