From: Laurent Vivier <Laurent@vivier.eu>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: Riku Voipio <riku.voipio@iki.fi>, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH][v2] linux-user: correct semctl() and shmctl()
Date: Sun, 20 Jan 2013 00:28:40 +0100 [thread overview]
Message-ID: <1358638120.3091.1.camel@Quad> (raw)
In-Reply-To: <1357159110-13853-1-git-send-email-laurent@vivier.eu>
ping ?
Le mercredi 02 janvier 2013 à 21:38 +0100, Laurent Vivier a écrit :
> The parameter "union semun" of semctl() is not a value
> but a pointer to the value.
>
> Moreover, all fields of target_su must be swapped (if needed).
>
> The third argument of shmctl is a pointer.
>
> WITHOUT this patch:
>
> $ ipcs
>
> kernel not configured for shared memory
>
> qemu: uncaught target signal 11 (Segmentation fault) - core dumped
>
> WITH this patch:
>
> $ ipcs
>
> ------ Shared Memory Segments --------
> key shmid owner perms bytes nattch status
> 0x4e545030 0 root 600 96 1
> 0x4e545031 32769 root 600 96 1
> 0x4e545032 65538 root 666 96 1
> 0x4e545033 98307 root 666 96 1
> 0x47505344 131076 root 666 8240 1
> 0x3c81b7f5 163845 laurent 666 4096 0
> 0x00000000 729513990 laurent 600 393216 2 dest
> 0x00000000 729546759 laurent 600 393216 2 dest
> 0x00000000 1879179273 laurent 600 393216 2 dest
>
> ------ Semaphore Arrays --------
> key semid owner perms nsems
> 0x3c81b7f6 32768 laurent 666 1
> 0x1c44ac47 6586369 laurent 600 1
>
> ------ Message Queues --------
> key msqid owner perms used-bytes messages
> 0x1c44ac45 458752 laurent 600 0 0
> 0x1c44ac46 491521 laurent 600 0 0
>
> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
> ---
> [v2] move lock_user_struct() in do_semctl()
>
> linux-user/syscall.c | 39 ++++++++++++++++++++-------------------
> 1 file changed, 20 insertions(+), 19 deletions(-)
>
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index e99adab..b2687e1 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -2637,8 +2637,9 @@ static inline abi_long host_to_target_semarray(int semid, abi_ulong target_addr,
> }
>
> static inline abi_long do_semctl(int semid, int semnum, int cmd,
> - union target_semun target_su)
> + abi_ulong ptr)
> {
> + union target_semun *target_su;
> union semun arg;
> struct semid_ds dsarg;
> unsigned short *array = NULL;
> @@ -2647,43 +2648,42 @@ static inline abi_long do_semctl(int semid, int semnum, int cmd,
> abi_long err;
> cmd &= 0xff;
>
> + if (!lock_user_struct(VERIFY_READ, target_su, ptr, 1)) {
> + return -TARGET_EFAULT;
> + }
> switch( cmd ) {
> case GETVAL:
> case SETVAL:
> - arg.val = tswap32(target_su.val);
> + arg.val = tswap32(target_su->val);
> ret = get_errno(semctl(semid, semnum, cmd, arg));
> - target_su.val = tswap32(arg.val);
> + target_su->val = tswap32(arg.val);
> break;
> case GETALL:
> case SETALL:
> - err = target_to_host_semarray(semid, &array, target_su.array);
> + err = target_to_host_semarray(semid, &array,
> + tswapal(target_su->array));
> if (err)
> - return err;
> + break;
> arg.array = array;
> ret = get_errno(semctl(semid, semnum, cmd, arg));
> - err = host_to_target_semarray(semid, target_su.array, &array);
> - if (err)
> - return err;
> + err = host_to_target_semarray(semid, tswapal(target_su->array),
> + &array);
> break;
> case IPC_STAT:
> case IPC_SET:
> case SEM_STAT:
> - err = target_to_host_semid_ds(&dsarg, target_su.buf);
> + err = target_to_host_semid_ds(&dsarg, tswapal(target_su->buf));
> if (err)
> - return err;
> + break;
> arg.buf = &dsarg;
> ret = get_errno(semctl(semid, semnum, cmd, arg));
> - err = host_to_target_semid_ds(target_su.buf, &dsarg);
> - if (err)
> - return err;
> + err = host_to_target_semid_ds(tswapal(target_su->buf), &dsarg);
> break;
> case IPC_INFO:
> case SEM_INFO:
> arg.__buf = &seminfo;
> ret = get_errno(semctl(semid, semnum, cmd, arg));
> - err = host_to_target_seminfo(target_su.__buf, &seminfo);
> - if (err)
> - return err;
> + err = host_to_target_seminfo(tswapal(target_su->__buf), &seminfo);
> break;
> case IPC_RMID:
> case GETPID:
> @@ -2692,6 +2692,7 @@ static inline abi_long do_semctl(int semid, int semnum, int cmd,
> ret = get_errno(semctl(semid, semnum, cmd, NULL));
> break;
> }
> + unlock_user_struct(target_su, ptr, 0);
>
> return ret;
> }
> @@ -3162,7 +3163,7 @@ static abi_long do_ipc(unsigned int call, int first,
> break;
>
> case IPCOP_semctl:
> - ret = do_semctl(first, second, third, (union target_semun)(abi_ulong) ptr);
> + ret = do_semctl(first, second, third, ptr);
> break;
>
> case IPCOP_msgget:
> @@ -3229,7 +3230,7 @@ static abi_long do_ipc(unsigned int call, int first,
>
> /* IPC_* and SHM_* command values are the same on all linux platforms */
> case IPCOP_shmctl:
> - ret = do_shmctl(first, second, third);
> + ret = do_shmctl(first, second, ptr);
> break;
> default:
> gemu_log("Unsupported ipc call: %d (version %d)\n", call, version);
> @@ -6891,7 +6892,7 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
> #endif
> #ifdef TARGET_NR_semctl
> case TARGET_NR_semctl:
> - ret = do_semctl(arg1, arg2, arg3, (union target_semun)(abi_ulong)arg4);
> + ret = do_semctl(arg1, arg2, arg3, arg4);
> break;
> #endif
> #ifdef TARGET_NR_msgctl
--
"Just play. Have fun. Enjoy the game."
- Michael Jordan
"Just play. Have fun. Enjoy the game."
- Michael Jordan
next prev parent reply other threads:[~2013-01-19 23:28 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-12-20 20:58 [Qemu-devel] [PATCH] linux-user: correct semctl() and shmctl() Laurent Vivier
2013-01-01 23:10 ` Laurent Vivier
2013-01-02 0:00 ` Peter Maydell
2013-01-02 20:38 ` [Qemu-devel] [PATCH][v2] " Laurent Vivier
2013-01-19 23:28 ` Laurent Vivier [this message]
2013-01-20 11:24 ` Peter Maydell
2013-01-20 21:12 ` [Qemu-devel] [PATCH] " Laurent Vivier
2013-01-20 21:45 ` Peter Maydell
2013-01-21 6:25 ` [Qemu-devel] [PATCH][v3] " Laurent Vivier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1358638120.3091.1.camel@Quad \
--to=laurent@vivier.eu \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=riku.voipio@iki.fi \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.