From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:51733) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WzDNW-000564-Ad for qemu-devel@nongnu.org; Mon, 23 Jun 2014 19:10:27 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WzDNP-0002yD-4S for qemu-devel@nongnu.org; Mon, 23 Jun 2014 19:10:22 -0400 Received: from mail-wi0-x230.google.com ([2a00:1450:400c:c05::230]:57227) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WzDNO-0002y3-TH for qemu-devel@nongnu.org; Mon, 23 Jun 2014 19:10:15 -0400 Received: by mail-wi0-f176.google.com with SMTP id n3so5054727wiv.15 for ; Mon, 23 Jun 2014 16:10:14 -0700 (PDT) Sender: Paul Burton Date: Tue, 24 Jun 2014 00:10:10 +0100 From: Paul Burton Message-ID: <20140623231010.GF4377@gmail.com> References: <1403559614-4096-1-git-send-email-paul@archlinuxmips.org> <20140623221825.GC4377@gmail.com> <20140623223658.GD4377@gmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="HWvPVVuAAfuRc6SZ" Content-Disposition: inline In-Reply-To: Subject: Re: [Qemu-devel] [PATCH] linux-user: fix ipc(SEMCTL, ...) argument handling List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Peter Maydell Cc: Riku Voipio , QEMU Developers , Paul Burton --HWvPVVuAAfuRc6SZ Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jun 23, 2014 at 11:42:14PM +0100, Peter Maydell wrote: > On 23 June 2014 23:36, Paul Burton wrote: > > Actually no, I don't think you're right about that afterall. The > > argument union itself is never modified. I imagine if it were then it > > would be painful in the case of the semctl syscall where the union is > > passed directly as an argument, rather than as a pointer as it is for > > the ipc syscall. > > > > What may be modified is the data pointed to by the pointers within union > > semun. That is already handled by do_semctl & the translate functions it > > calls. >=20 > Except if you look at do_semctl you see code like: > case GETVAL: > case SETVAL: > arg.val =3D tswap32(target_su.val); > ret =3D get_errno(semctl(semid, semnum, cmd, arg)); > target_su.val =3D tswap32(arg.val); > break; >=20 > which clearly is just modifying fields in the target_semun union. > So something's wrong (probably that code)... Yes, both Linux & man semctl agree that GETVAL returns the value of the semaphore as the return value of the syscall. So I believe the assignment to target_su.val there is (functionally harmless) garbage. Thanks, Paul --HWvPVVuAAfuRc6SZ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJTqLPSAAoJENzvn0paErs5Y68P+wSJ3WxwP0bUJpKzvvWV6MIb IOjn+FpDzPhG64zwEKLXdlGT6CQRGF9jg5Gxeqhc3jW6mzFQXG/97IZzlUp1JMtK y/EeXwU/FLTpk7Kl9aa0oKBuMgmP8Y8OoK+tpSHi0He703aJQ+0bjGjHNrBtkZbR ZgOCb4VlM8ZX+nHPjsOZ1u0AjAxlFe5aMlEuA6si2NJeHMebUBCnE+u6OkX51hO6 JZD1qz7yOFSznjPWexdLZbCKsgO8Xomdt20tV6pZ+s2pGOzHcPlJOzbTYj6Y3n/I iUvoC5XQoGYnMsLOZfusJIqm0rlkFwb+gZ8VfJoYS4Hup+ajU5SVn9ZCGfjnHEII c33p4qAsIuDbnPzlUZO0gmGaymChxqXrbPM0b8ewvd0alCgNJIw31ZTzmPRnUaKW 9yeBqcdmxK8eSYt1bHxZMlS88exdeDyN0UU+Mp7fVjtbma+gvh111vg4ah8W+We3 kZNEwNqrLqeeZwEBZ6Ch6gRk7H8qscBeCsL3ysR6CmlpZLDJTjfj9R6UxMiD7HBp rPkAZDI8jfpQSDgINMexLZ+2u7otYZbPbDWGTELQ3xI5jZZh5DjTnDkt+UWj6xtO aTb5FAEwaxSD9EvayRYgZSYKqw8aV8Td5OtBq+yBqeU0R0dE48gw33U1Uqx8Uwsg FdIxzF0gv+gtuxDKBu8G =1TuR -----END PGP SIGNATURE----- --HWvPVVuAAfuRc6SZ--