From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:32982)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <schwab@suse.de>) id 1YJ2xW-0000Lc-Qa
	for qemu-devel@nongnu.org; Wed, 04 Feb 2015 11:37:51 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <schwab@suse.de>) id 1YJ2xQ-0008Oy-Uy
	for qemu-devel@nongnu.org; Wed, 04 Feb 2015 11:37:46 -0500
Received: from cantor2.suse.de ([195.135.220.15]:51101 helo=mx2.suse.de)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <schwab@suse.de>) id 1YJ2xQ-0008Nz-Jb
	for qemu-devel@nongnu.org; Wed, 04 Feb 2015 11:37:40 -0500
Received: from relay1.suse.de (charybdis-ext.suse.de [195.135.220.254])
	by mx2.suse.de (Postfix) with ESMTP id 7D174ADB4
	for <qemu-devel@nongnu.org>; Wed,  4 Feb 2015 16:37:38 +0000 (UTC)
From: Andreas Schwab <schwab@suse.de>
Date: Wed, 04 Feb 2015 17:37:38 +0100
Message-ID: <mvmsieliqel.fsf@hawking.suse.de>
MIME-Version: 1.0
Content-Type: text/plain
Subject: [Qemu-devel] [PATCH] Fix emulation of splice syscall
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

The second and fourth argument are in/out parameters, store them back
after the syscall.  Also, the fourth argument was mishandled, and EFAULT
handling was missing.

Signed-off-by: Andreas Schwab <schwab@suse.de>
---
 linux-user/syscall.c | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index d4398b9..db2f5c7 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -9345,14 +9345,24 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
             loff_t loff_in, loff_out;
             loff_t *ploff_in = NULL, *ploff_out = NULL;
             if(arg2) {
-                get_user_u64(loff_in, arg2);
+                if (get_user_u64(loff_in, arg2))
+                    goto efault;
                 ploff_in = &loff_in;
             }
-            if(arg4) {
-                get_user_u64(loff_out, arg2);
+            if (arg4) {
+                if (get_user_u64(loff_out, arg4))
+                    goto efault;
                 ploff_out = &loff_out;
             }
             ret = get_errno(splice(arg1, ploff_in, arg3, ploff_out, arg5, arg6));
+            if (arg2) {
+                if (put_user_u64(loff_in, arg2))
+                    goto efault;
+            }
+            if (arg4) {
+                if (put_user_u64(loff_out, arg4))
+                    goto efault;
+	    }
         }
         break;
 #endif
-- 
2.2.2

-- 
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."