From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:52199)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <riku.voipio@linaro.org>) id 1Ya2pW-0004Hq-Fq
	for qemu-devel@nongnu.org; Mon, 23 Mar 2015 09:55:47 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <riku.voipio@linaro.org>) id 1Ya2pP-000131-Tq
	for qemu-devel@nongnu.org; Mon, 23 Mar 2015 09:55:46 -0400
Received: from mail-lb0-f178.google.com ([209.85.217.178]:34404)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <riku.voipio@linaro.org>) id 1Ya2pP-00012Z-Nj
	for qemu-devel@nongnu.org; Mon, 23 Mar 2015 09:55:39 -0400
Received: by lbbsy1 with SMTP id sy1so118883597lbb.1
	for <qemu-devel@nongnu.org>; Mon, 23 Mar 2015 06:55:38 -0700 (PDT)
From: riku.voipio@linaro.org
Date: Mon, 23 Mar 2015 15:54:54 +0200
Message-Id: <17644b362746c400f45b0d2b0a3ce8a52fed13fb.1427118794.git.riku.voipio@linaro.org>
In-Reply-To: <cover.1427118794.git.riku.voipio@linaro.org>
References: <cover.1427118794.git.riku.voipio@linaro.org>
Subject: [Qemu-devel] [PULL 2/3] linux-user: fix emulation of splice syscall
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: Andreas Schwab <schwab@suse.de>

From: Andreas Schwab <schwab@suse.de>

The second and fourth argument are in/out parameters, store them back
after the syscall.  Also, the fourth argument was mishandled, and EFAULT
handling was missing.

Signed-off-by: Andreas Schwab <schwab@suse.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
---
 linux-user/syscall.c | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 5720195..4bd9543 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -9351,15 +9351,29 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
         {
             loff_t loff_in, loff_out;
             loff_t *ploff_in = NULL, *ploff_out = NULL;
-            if(arg2) {
-                get_user_u64(loff_in, arg2);
+            if (arg2) {
+                if (get_user_u64(loff_in, arg2)) {
+                    goto efault;
+                }
                 ploff_in = &loff_in;
             }
-            if(arg4) {
-                get_user_u64(loff_out, arg2);
+            if (arg4) {
+                if (get_user_u64(loff_out, arg4)) {
+                    goto efault;
+                }
                 ploff_out = &loff_out;
             }
             ret = get_errno(splice(arg1, ploff_in, arg3, ploff_out, arg5, arg6));
+            if (arg2) {
+                if (put_user_u64(loff_in, arg2)) {
+                    goto efault;
+                }
+            }
+            if (arg4) {
+                if (put_user_u64(loff_out, arg4)) {
+                    goto efault;
+                }
+            }
         }
         break;
 #endif
-- 
2.1.4