From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:47840)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Laurent@vivier.eu>) id 1TwhqE-00020s-VY
	for qemu-devel@nongnu.org; Sat, 19 Jan 2013 18:28:52 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Laurent@vivier.eu>) id 1TwhqD-0006Vg-NR
	for qemu-devel@nongnu.org; Sat, 19 Jan 2013 18:28:50 -0500
Received: from moutng.kundenserver.de ([212.227.126.186]:65507)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Laurent@vivier.eu>) id 1TwhqD-0006VM-EW
	for qemu-devel@nongnu.org; Sat, 19 Jan 2013 18:28:49 -0500
Message-ID: <1358638120.3091.1.camel@Quad>
From: Laurent Vivier <Laurent@vivier.eu>
Date: Sun, 20 Jan 2013 00:28:40 +0100
In-Reply-To: <1357159110-13853-1-git-send-email-laurent@vivier.eu>
References: <1356037136-19479-1-git-send-email-laurent@vivier.eu>
	<1357159110-13853-1-git-send-email-laurent@vivier.eu>
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Subject: Re: [Qemu-devel] [PATCH][v2] linux-user: correct semctl() and
 shmctl()
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: Riku Voipio <riku.voipio@iki.fi>, qemu-devel@nongnu.org

ping ?

Le mercredi 02 janvier 2013 =C3=A0 21:38 +0100, Laurent Vivier a =C3=A9crit=
 :
> The parameter "union semun" of semctl() is not a value
> but a pointer to the value.
>=20
> Moreover, all fields of target_su must be swapped (if needed).
>=20
> The third argument of shmctl is a pointer.
>=20
> WITHOUT this patch:
>=20
> $ ipcs
>=20
> kernel not configured for shared memory
>=20
> qemu: uncaught target signal 11 (Segmentation fault) - core dumped
>=20
> WITH this patch:
>=20
> $ ipcs
>=20
> ------ Shared Memory Segments --------
> key        shmid      owner      perms      bytes      nattch     status
> 0x4e545030 0          root      600        96         1
> 0x4e545031 32769      root      600        96         1
> 0x4e545032 65538      root      666        96         1
> 0x4e545033 98307      root      666        96         1
> 0x47505344 131076     root      666        8240       1
> 0x3c81b7f5 163845     laurent   666        4096       0
> 0x00000000 729513990  laurent   600        393216     2          dest
> 0x00000000 729546759  laurent   600        393216     2          dest
> 0x00000000 1879179273 laurent   600        393216     2          dest
>=20
> ------ Semaphore Arrays --------
> key        semid      owner      perms      nsems
> 0x3c81b7f6 32768      laurent   666        1
> 0x1c44ac47 6586369    laurent   600        1
>=20
> ------ Message Queues --------
> key        msqid      owner      perms      used-bytes   messages
> 0x1c44ac45 458752     laurent    600        0            0
> 0x1c44ac46 491521     laurent    600        0            0
>=20
> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
> ---
> [v2] move lock_user_struct() in do_semctl()
>=20
>  linux-user/syscall.c |   39 ++++++++++++++++++++-------------------
>  1 file changed, 20 insertions(+), 19 deletions(-)
>=20
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index e99adab..b2687e1 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -2637,8 +2637,9 @@ static inline abi_long host_to_target_semarray(int =
semid, abi_ulong target_addr,
>  }
> =20
>  static inline abi_long do_semctl(int semid, int semnum, int cmd,
> -                                 union target_semun target_su)
> +                                 abi_ulong ptr)
>  {
> +    union target_semun *target_su;
>      union semun arg;
>      struct semid_ds dsarg;
>      unsigned short *array =3D NULL;
> @@ -2647,43 +2648,42 @@ static inline abi_long do_semctl(int semid, int s=
emnum, int cmd,
>      abi_long err;
>      cmd &=3D 0xff;
> =20
> +    if (!lock_user_struct(VERIFY_READ, target_su, ptr, 1)) {
> +        return -TARGET_EFAULT;
> +    }
>      switch( cmd ) {
>  	case GETVAL:
>  	case SETVAL:
> -            arg.val =3D tswap32(target_su.val);
> +            arg.val =3D tswap32(target_su->val);
>              ret =3D get_errno(semctl(semid, semnum, cmd, arg));
> -            target_su.val =3D tswap32(arg.val);
> +            target_su->val =3D tswap32(arg.val);
>              break;
>  	case GETALL:
>  	case SETALL:
> -            err =3D target_to_host_semarray(semid, &array, target_su.arr=
ay);
> +            err =3D target_to_host_semarray(semid, &array,
> +                                          tswapal(target_su->array));
>              if (err)
> -                return err;
> +                break;
>              arg.array =3D array;
>              ret =3D get_errno(semctl(semid, semnum, cmd, arg));
> -            err =3D host_to_target_semarray(semid, target_su.array, &arr=
ay);
> -            if (err)
> -                return err;
> +            err =3D host_to_target_semarray(semid, tswapal(target_su->ar=
ray),
> +                                          &array);
>              break;
>  	case IPC_STAT:
>  	case IPC_SET:
>  	case SEM_STAT:
> -            err =3D target_to_host_semid_ds(&dsarg, target_su.buf);
> +            err =3D target_to_host_semid_ds(&dsarg, tswapal(target_su->b=
uf));
>              if (err)
> -                return err;
> +                break;
>              arg.buf =3D &dsarg;
>              ret =3D get_errno(semctl(semid, semnum, cmd, arg));
> -            err =3D host_to_target_semid_ds(target_su.buf, &dsarg);
> -            if (err)
> -                return err;
> +            err =3D host_to_target_semid_ds(tswapal(target_su->buf), &ds=
arg);
>              break;
>  	case IPC_INFO:
>  	case SEM_INFO:
>              arg.__buf =3D &seminfo;
>              ret =3D get_errno(semctl(semid, semnum, cmd, arg));
> -            err =3D host_to_target_seminfo(target_su.__buf, &seminfo);
> -            if (err)
> -                return err;
> +            err =3D host_to_target_seminfo(tswapal(target_su->__buf), &s=
eminfo);
>              break;
>  	case IPC_RMID:
>  	case GETPID:
> @@ -2692,6 +2692,7 @@ static inline abi_long do_semctl(int semid, int sem=
num, int cmd,
>              ret =3D get_errno(semctl(semid, semnum, cmd, NULL));
>              break;
>      }
> +    unlock_user_struct(target_su, ptr, 0);
> =20
>      return ret;
>  }
> @@ -3162,7 +3163,7 @@ static abi_long do_ipc(unsigned int call, int first=
,
>          break;
> =20
>      case IPCOP_semctl:
> -        ret =3D do_semctl(first, second, third, (union target_semun)(abi=
_ulong) ptr);
> +        ret =3D do_semctl(first, second, third, ptr);
>          break;
> =20
>      case IPCOP_msgget:
> @@ -3229,7 +3230,7 @@ static abi_long do_ipc(unsigned int call, int first=
,
> =20
>  	/* IPC_* and SHM_* command values are the same on all linux platforms *=
/
>      case IPCOP_shmctl:
> -        ret =3D do_shmctl(first, second, third);
> +        ret =3D do_shmctl(first, second, ptr);
>          break;
>      default:
>  	gemu_log("Unsupported ipc call: %d (version %d)\n", call, version);
> @@ -6891,7 +6892,7 @@ abi_long do_syscall(void *cpu_env, int num, abi_lon=
g arg1,
>  #endif
>  #ifdef TARGET_NR_semctl
>      case TARGET_NR_semctl:
> -        ret =3D do_semctl(arg1, arg2, arg3, (union target_semun)(abi_ulo=
ng)arg4);
> +        ret =3D do_semctl(arg1, arg2, arg3, arg4);
>          break;
>  #endif
>  #ifdef TARGET_NR_msgctl

--=20
"Just play. Have fun. Enjoy the game."
- Michael Jordan
"Just play. Have fun. Enjoy the game."
- Michael Jordan