From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:35801)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paulburton89@gmail.com>) id 1WzByp-0006Ct-G9
	for qemu-devel@nongnu.org; Mon, 23 Jun 2014 17:40:53 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <paulburton89@gmail.com>) id 1WzByh-0000FS-Js
	for qemu-devel@nongnu.org; Mon, 23 Jun 2014 17:40:47 -0400
Received: from mail-wi0-x22d.google.com ([2a00:1450:400c:c05::22d]:57068)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <paulburton89@gmail.com>) id 1WzByh-0000E7-EB
	for qemu-devel@nongnu.org; Mon, 23 Jun 2014 17:40:39 -0400
Received: by mail-wi0-f173.google.com with SMTP id cc10so4861085wib.12
	for <qemu-devel@nongnu.org>; Mon, 23 Jun 2014 14:40:38 -0700 (PDT)
Sender: Paul Burton <paulburton89@gmail.com>
From: Paul Burton <paul@archlinuxmips.org>
Date: Mon, 23 Jun 2014 22:40:14 +0100
Message-Id: <1403559614-4096-1-git-send-email-paul@archlinuxmips.org>
Subject: [Qemu-devel] [PATCH] linux-user: fix ipc(SEMCTL,
	...) argument handling
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: Riku Voipio <riku.voipio@iki.fi>, Paul Burton <paul@archlinuxmips.org>

The ptr argument to the ipc syscall was incorrectly being used as the
value of the argument union for the SEMCTL call. It is actually, as its
name would suggest, a pointer to that union. Fix by dereferencing the
pointer to obtain the target argument union.

This fixes fakeroot, or at least version 1.20 for the MIPS target.
Previously it would hang waiting on a semaphore which was not being
initialised to the correct value.

Signed-off-by: Paul Burton <paul@archlinuxmips.org>
---
 linux-user/syscall.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 92be371..c70d9d0 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -3272,8 +3272,16 @@ static abi_long do_ipc(unsigned int call, int first,
         ret = get_errno(semget(first, second, third));
         break;
 
-    case IPCOP_semctl:
-        ret = do_semctl(first, second, third, (union target_semun)(abi_ulong) ptr);
+    case IPCOP_semctl: {
+            union target_semun *arg;
+
+            if (!lock_user_struct(VERIFY_READ, arg, ptr, 1)) {
+                return -TARGET_EFAULT;
+            }
+
+            ret = do_semctl(first, second, third, *arg);
+            unlock_user_struct(arg, ptr, 0);
+        }
         break;
 
     case IPCOP_msgget:
-- 
2.0.0