From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:56850)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <tommusta@gmail.com>) id 1XHHDQ-0003dc-KF
	for qemu-devel@nongnu.org; Tue, 12 Aug 2014 14:54:45 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <tommusta@gmail.com>) id 1XHHDH-00078n-K2
	for qemu-devel@nongnu.org; Tue, 12 Aug 2014 14:54:36 -0400
From: Tom Musta <tommusta@gmail.com>
Date: Tue, 12 Aug 2014 13:53:33 -0500
Message-Id: <1407869623-11185-3-git-send-email-tommusta@gmail.com>
In-Reply-To: <1407869623-11185-1-git-send-email-tommusta@gmail.com>
References: <1407869623-11185-1-git-send-email-tommusta@gmail.com>
Subject: [Qemu-devel] [V2 PATCH 02/12] linux-user: Dereference Pointer
	Argument to ipc/semctl Sys Call
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org, qemu-ppc@nongnu.org
Cc: peter.maydell@linaro.org, riku.voipio@linaro.org, agraf@suse.de, Tom Musta <tommusta@gmail.com>

When the ipc system call is used to wrap a semctl system call,
the ptr argument to ipc needs to be dereferenced prior to passing
it to the semctl handler.  This is because the fourth argument to
semctl is a union and not a pointer to a union.

Signed-off-by: Tom Musta <tommusta@gmail.com>
---

V2:  This is unchanged from V1.  I briefly reviewew the QEMU, glibc and kernel code
looking for some problems but did not find anything.  I also did fairly comprehesive
testing of semctl on 4 targets (ppc-linux-user, ppc64-linux-user, ppc64le-linux-user,
x86_64-linux-user) on 3 different host platforms (x86-64 Ubuntu, PPC64 RHEL 6 (BE) and
PPC64 Ubuntu 14.04 (LE)); this provided a broad coverage of co-endian and cross endian
situations.

 linux-user/syscall.c |   10 ++++++++--
 1 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 540001c..229c482 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -3135,9 +3135,15 @@ static abi_long do_ipc(unsigned int call, int first,
         ret = get_errno(semget(first, second, third));
         break;
 
-    case IPCOP_semctl:
-        ret = do_semctl(first, second, third, (union target_semun)(abi_ulong) ptr);
+    case IPCOP_semctl: {
+        /* The semun argument to semctl is passed by value, so dereference the
+         * ptr argument. */
+        abi_ulong atptr;
+        get_user_ual(atptr, (abi_ulong)ptr);
+        ret = do_semctl(first, second, third,
+                (union target_semun)(abi_ulong) atptr);
         break;
+    }
 
     case IPCOP_msgget:
         ret = get_errno(msgget(first, second));
-- 
1.7.1