gwj / at91sam9263 · Commits

Commit 2f6196984b98fe2a852b1b5254756f1614eb7635

Authored by bellard
1 parent 67276f53

suppressed tgetx and tputx (initial patch by Thayne Harbaugh) 


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3653 c046a42c-6fe2-441c-8c8c-71466251a162
Inline Side-by-side
Showing 10 changed files with 473 additions and 248 deletions
arm-semi.c
  View file @2f61969
... ... @@ -165,8 +165,14 @@ static void arm_semi_flen_cb(CPUState *env, target_ulong ret, target_ulong err)
165 165 #endif
166 166 }
167 167  
168   -#define ARG(n) tget32(args + (n) * 4)
169   -#define SET_ARG(n, val) tput32(args + (n) * 4,val)
  168 +#define ARG(n) \
  169 +({ \
  170 + target_ulong __arg; \
  171 + /* FIXME - handle get_user() failure */ \
  172 + get_user_ual(__arg, args + (n) * 4); \
  173 + __arg; \
  174 +})
  175 +#define SET_ARG(n, val) put_user_ual(val, args + (n) * 4)
170 176 uint32_t do_arm_semihosting(CPUState *env)
171 177 {
172 178 target_ulong args;
... ... @@ -213,7 +219,11 @@ uint32_t do_arm_semihosting(CPUState *env)
213 219 }
214 220 case SYS_WRITEC:
215 221 {
216   - char c = tget8(args);
  222 + char c;
  223 +
  224 + if (get_user_u8(c, args))
  225 + /* FIXME - should this error code be -TARGET_EFAULT ? */
  226 + return (uint32_t)-1;
217 227 /* Write to debug console. stderr is near enough. */
218 228 if (use_gdb_syscalls()) {
219 229 gdb_do_syscall(arm_semi_cb, "write,2,%x,1", args);
... ...
linux-user/elfload.c
  View file @2f61969
... ... @@ -179,8 +179,9 @@ static inline void init_thread(struct target_pt_regs *regs, struct image_info *i
179 179 regs->ARM_cpsr |= CPSR_T;
180 180 regs->ARM_pc = infop->entry & 0xfffffffe;
181 181 regs->ARM_sp = infop->start_stack;
182   - regs->ARM_r2 = tgetl(stack + 8); /* envp */
183   - regs->ARM_r1 = tgetl(stack + 4); /* envp */
  182 + /* FIXME - what to for failure of get_user()? */
  183 + get_user_ual(regs->ARM_r2, stack + 8); /* envp */
  184 + get_user_ual(regs->ARM_r1, stack + 4); /* envp */
184 185 /* XXX: it seems that r0 is zeroed after ! */
185 186 regs->ARM_r0 = 0;
186 187 /* For uClinux PIC binaries. */
... ... @@ -341,7 +342,8 @@ static inline void init_thread(struct target_pt_regs *_regs, struct image_info *
341 342 * but this is what the ABI wants and is needed to allow
342 343 * execution of PPC BSD programs.
343 344 */
344   - _regs->gpr[3] = tgetl(pos);
  345 + /* FIXME - what to for failure of get_user()? */
  346 + get_user_ual(_regs->gpr[3], pos);
345 347 pos += sizeof(abi_ulong);
346 348 _regs->gpr[4] = pos;
347 349 for (tmp = 1; tmp != 0; pos += sizeof(abi_ulong))
... ... @@ -733,7 +735,8 @@ static void padzero(abi_ulong elf_bss, abi_ulong last_bss)
733 735 if (nbyte) {
734 736 nbyte = qemu_host_page_size - nbyte;
735 737 do {
736   - tput8(elf_bss, 0);
  738 + /* FIXME - what to do if put_user() fails? */
  739 + put_user_u8(0, elf_bss);
737 740 elf_bss++;
738 741 } while (--nbyte);
739 742 }
... ... @@ -782,17 +785,11 @@ static abi_ulong create_elf_tables(abi_ulong p, int argc, int envc,
782 785 /* This is correct because Linux defines
783 786 * elf_addr_t as Elf32_Off / Elf64_Off
784 787 */
785   -#if ELF_CLASS == ELFCLASS32
786   -#define NEW_AUX_ENT(id, val) do { \
787   - sp -= n; tput32(sp, val); \
788   - sp -= n; tput32(sp, id); \
  788 +#define NEW_AUX_ENT(id, val) do { \
  789 + sp -= n; put_user_ual(val, sp); \
  790 + sp -= n; put_user_ual(id, sp); \
789 791 } while(0)
790   -#else
791   -#define NEW_AUX_ENT(id, val) do { \
792   - sp -= n; tput64(sp, val); \
793   - sp -= n; tput64(sp, id); \
794   - } while(0)
795   -#endif
  792 +
796 793 NEW_AUX_ENT (AT_NULL, 0);
797 794  
798 795 /* There must be exactly DLINFO_ITEMS entries here. */
... ...
linux-user/flatload.c
  View file @2f61969
... ... @@ -598,14 +598,16 @@ static int load_flat_file(struct linux_binprm * bprm,
598 598 rp = datapos;
599 599 while (1) {
600 600 abi_ulong addr;
601   - addr = tgetl(rp);
  601 + if (get_user_ual(addr, rp))
  602 + return -EFAULT;
602 603 if (addr == -1)
603 604 break;
604 605 if (addr) {
605 606 addr = calc_reloc(addr, libinfo, id, 0);
606 607 if (addr == RELOC_FAILED)
607 608 return -ENOEXEC;
608   - tputl(rp, addr);
  609 + if (put_user_ual(addr, rp))
  610 + return -EFAULT;
609 611 }
610 612 rp += sizeof(abi_ulong);
611 613 }
... ... @@ -629,14 +631,16 @@ static int load_flat_file(struct linux_binprm * bprm,
629 631 /* Get the address of the pointer to be
630 632 relocated (of course, the address has to be
631 633 relocated first). */
632   - relval = tgetl(reloc + i * sizeof (abi_ulong));
  634 + if (get_user_ual(relval, reloc + i * sizeof(abi_ulong)))
  635 + return -EFAULT;
633 636 addr = flat_get_relocate_addr(relval);
634 637 rp = calc_reloc(addr, libinfo, id, 1);
635 638 if (rp == RELOC_FAILED)
636 639 return -ENOEXEC;
637 640  
638 641 /* Get the pointer's value. */
639   - addr = tgetl(rp);
  642 + if (get_user_ual(addr, rp))
  643 + return -EFAULT;
640 644 if (addr != 0) {
641 645 /*
642 646 * Do the relocation. PIC relocs in the data section are
... ... @@ -652,13 +656,15 @@ static int load_flat_file(struct linux_binprm * bprm,
652 656 return -ENOEXEC;
653 657  
654 658 /* Write back the relocated pointer. */
655   - tputl(rp, addr);
  659 + if (put_user_ual(addr, rp))
  660 + return -EFAULT;
656 661 }
657 662 }
658 663 } else {
659 664 for (i = 0; i < relocs; i++) {
660 665 abi_ulong relval;
661   - relval = tgetl(reloc + i * sizeof (abi_ulong));
  666 + if (get_user_ual(relval, reloc + i * sizeof(abi_ulong)))
  667 + return -EFAULT;
662 668 old_reloc(&libinfo[0], relval);
663 669 }
664 670 }
... ... @@ -744,9 +750,12 @@ int load_flt_binary(struct linux_binprm * bprm, struct target_pt_regs * regs,
744 750 p = libinfo[i].start_data;
745 751 for (j=0; j<MAX_SHARED_LIBS; j++) {
746 752 p -= 4;
747   - tput32(p, libinfo[j].loaded
748   - ? libinfo[j].start_data
749   - : UNLOADED_LIB);
  753 + /* FIXME - handle put_user() failures */
  754 + if (put_user_ual(libinfo[j].loaded
  755 + ? libinfo[j].start_data
  756 + : UNLOADED_LIB,
  757 + p))
  758 + return -EFAULT;
750 759 }
751 760 }
752 761 }
... ... @@ -779,7 +788,9 @@ int load_flt_binary(struct linux_binprm * bprm, struct target_pt_regs * regs,
779 788 for (i = MAX_SHARED_LIBS-1; i>0; i--) {
780 789 if (libinfo[i].loaded) {
781 790 /* Push previos first to call address */
782   - --sp; put_user(start_addr, sp);
  791 + --sp;
  792 + if (put_user_ual(start_addr, sp))
  793 + return -EFAULT;
783 794 start_addr = libinfo[i].entry;
784 795 }
785 796 }
... ...
linux-user/linuxload.c
  View file @2f61969
... ... @@ -124,21 +124,32 @@ abi_ulong loader_build_argptr(int envc, int argc, abi_ulong sp,
124 124 sp -= (argc + 1) * n;
125 125 argv = sp;
126 126 if (push_ptr) {
127   - sp -= n; tputl(sp, envp);
128   - sp -= n; tputl(sp, argv);
  127 + /* FIXME - handle put_user() failures */
  128 + sp -= n;
  129 + put_user_ual(envp, sp);
  130 + sp -= n;
  131 + put_user_ual(argv, sp);
129 132 }
130   - sp -= n; tputl(sp, argc);
  133 + sp -= n;
  134 + /* FIXME - handle put_user() failures */
  135 + put_user_ual(argc, sp);
131 136  
132 137 while (argc-- > 0) {
133   - tputl(argv, stringp); argv += n;
  138 + /* FIXME - handle put_user() failures */
  139 + put_user_ual(stringp, argv);
  140 + argv += n;
134 141 stringp += target_strlen(stringp) + 1;
135 142 }
136   - tputl(argv, 0);
  143 + /* FIXME - handle put_user() failures */
  144 + put_user_ual(0, argv);
137 145 while (envc-- > 0) {
138   - tputl(envp, stringp); envp += n;
  146 + /* FIXME - handle put_user() failures */
  147 + put_user_ual(stringp, envp);
  148 + envp += n;
139 149 stringp += target_strlen(stringp) + 1;
140 150 }
141   - tputl(envp, 0);
  151 + /* FIXME - handle put_user() failures */
  152 + put_user_ual(0, envp);
142 153  
143 154 return sp;
144 155 }
... ...
linux-user/main.c
  View file @2f61969
... ... @@ -380,7 +380,8 @@ void cpu_loop(CPUARMState *env)
380 380  
381 381 /* we handle the FPU emulation here, as Linux */
382 382 /* we get the opcode */
383   - opcode = tget32(env->regs[15]);
  383 + /* FIXME - what to do if get_user() fails? */
  384 + get_user_u32(opcode, env->regs[15]);
384 385  
385 386 if (EmulateAll(opcode, &ts->fpa, env) == 0) {
386 387 info.si_signo = SIGILL;
... ... @@ -401,20 +402,24 @@ void cpu_loop(CPUARMState *env)
401 402 /* system call */
402 403 if (trapnr == EXCP_BKPT) {
403 404 if (env->thumb) {
404   - insn = tget16(env->regs[15]);
  405 + /* FIXME - what to do if get_user() fails? */
  406 + get_user_u16(insn, env->regs[15]);
405 407 n = insn & 0xff;
406 408 env->regs[15] += 2;
407 409 } else {
408   - insn = tget32(env->regs[15]);
  410 + /* FIXME - what to do if get_user() fails? */
  411 + get_user_u32(insn, env->regs[15]);
409 412 n = (insn & 0xf) | ((insn >> 4) & 0xff0);
410 413 env->regs[15] += 4;
411 414 }
412 415 } else {
413 416 if (env->thumb) {
414   - insn = tget16(env->regs[15] - 2);
  417 + /* FIXME - what to do if get_user() fails? */
  418 + get_user_u16(insn, env->regs[15] - 2);
415 419 n = insn & 0xff;
416 420 } else {
417   - insn = tget32(env->regs[15] - 4);
  421 + /* FIXME - what to do if get_user() fails? */
  422 + get_user_u32(insn, env->regs[15] - 4);
418 423 n = insn & 0xffffff;
419 424 }
420 425 }
... ... @@ -520,7 +525,8 @@ static inline void save_window_offset(CPUSPARCState *env, int cwp1)
520 525 (int)sp_ptr, cwp1);
521 526 #endif
522 527 for(i = 0; i < 16; i++) {
523   - tputl(sp_ptr, env->regbase[get_reg_index(env, cwp1, 8 + i)]);
  528 + /* FIXME - what to do if put_user() fails? */
  529 + put_user_ual(env->regbase[get_reg_index(env, cwp1, 8 + i)], sp_ptr);
524 530 sp_ptr += sizeof(abi_ulong);
525 531 }
526 532 }
... ... @@ -556,7 +562,8 @@ static void restore_window(CPUSPARCState *env)
556 562 (int)sp_ptr, cwp1);
557 563 #endif
558 564 for(i = 0; i < 16; i++) {
559   - env->regbase[get_reg_index(env, cwp1, 8 + i)] = tgetl(sp_ptr);
  565 + /* FIXME - what to do if get_user() fails? */
  566 + get_user_ual(env->regbase[get_reg_index(env, cwp1, 8 + i)], sp_ptr);
560 567 sp_ptr += sizeof(abi_ulong);
561 568 }
562 569 env->wim = new_wim;
... ... @@ -1533,10 +1540,11 @@ void cpu_loop(CPUMIPSState *env)
1533 1540 sp_reg = env->gpr[29][env->current_tc];
1534 1541 switch (nb_args) {
1535 1542 /* these arguments are taken from the stack */
1536   - case 8: arg8 = tgetl(sp_reg + 28);
1537   - case 7: arg7 = tgetl(sp_reg + 24);
1538   - case 6: arg6 = tgetl(sp_reg + 20);
1539   - case 5: arg5 = tgetl(sp_reg + 16);
  1543 + /* FIXME - what to do if get_user() fails? */
  1544 + case 8: get_user_ual(arg8, sp_reg + 28);
  1545 + case 7: get_user_ual(arg7, sp_reg + 24);
  1546 + case 6: get_user_ual(arg6, sp_reg + 20);
  1547 + case 5: get_user_ual(arg5, sp_reg + 16);
1540 1548 default:
1541 1549 break;
1542 1550 }
... ...
linux-user/qemu.h
  View file @2f61969
... ... @@ -226,7 +226,7 @@ static inline int access_ok(int type, abi_ulong addr, abi_ulong size)
226 226 int size = sizeof(*hptr);\
227 227 switch(size) {\
228 228 case 1:\
229   - *(uint8_t *)(hptr) = (typeof(*hptr))(x);\
  229 + *(uint8_t *)(hptr) = (uint8_t)(typeof(*hptr))(x);\
230 230 break;\
231 231 case 2:\
232 232 *(uint16_t *)(hptr) = tswap16((typeof(*hptr))(x));\
... ... @@ -260,6 +260,8 @@ static inline int access_ok(int type, abi_ulong addr, abi_ulong size)
260 260 x = (typeof(*hptr))tswap64(*(uint64_t *)(hptr));\
261 261 break;\
262 262 default:\
  263 + /* avoid warning */\
  264 + x = 0;\
263 265 abort();\
264 266 }\
265 267 0;\
... ... @@ -291,11 +293,36 @@ static inline int access_ok(int type, abi_ulong addr, abi_ulong size)
291 293 if ((__hptr = lock_user(VERIFY_READ, __gaddr, sizeof(target_type), 1))) { \
292 294 __ret = __get_user((x), __hptr); \
293 295 unlock_user(__hptr, __gaddr, 0); \
294   - } else \
  296 + } else { \
  297 + /* avoid warning */ \
  298 + (x) = 0; \
295 299 __ret = -TARGET_EFAULT; \
  300 + } \
296 301 __ret; \
297 302 })
298 303  
  304 +#define put_user_ual(x, gaddr) put_user((x), (gaddr), abi_ulong)
  305 +#define put_user_sal(x, gaddr) put_user((x), (gaddr), abi_long)
  306 +#define put_user_u64(x, gaddr) put_user((x), (gaddr), uint64_t)
  307 +#define put_user_s64(x, gaddr) put_user((x), (gaddr), int64_t)
  308 +#define put_user_u32(x, gaddr) put_user((x), (gaddr), uint32_t)
  309 +#define put_user_s32(x, gaddr) put_user((x), (gaddr), int32_t)
  310 +#define put_user_u16(x, gaddr) put_user((x), (gaddr), uint16_t)
  311 +#define put_user_s16(x, gaddr) put_user((x), (gaddr), int16_t)
  312 +#define put_user_u8(x, gaddr) put_user((x), (gaddr), uint8_t)
  313 +#define put_user_s8(x, gaddr) put_user((x), (gaddr), int8_t)
  314 +
  315 +#define get_user_ual(x, gaddr) get_user((x), (gaddr), abi_ulong)
  316 +#define get_user_sal(x, gaddr) get_user((x), (gaddr), abi_long)
  317 +#define get_user_u64(x, gaddr) get_user((x), (gaddr), uint64_t)
  318 +#define get_user_s64(x, gaddr) get_user((x), (gaddr), int64_t)
  319 +#define get_user_u32(x, gaddr) get_user((x), (gaddr), uint32_t)
  320 +#define get_user_s32(x, gaddr) get_user((x), (gaddr), int32_t)
  321 +#define get_user_u16(x, gaddr) get_user((x), (gaddr), uint16_t)
  322 +#define get_user_s16(x, gaddr) get_user((x), (gaddr), int16_t)
  323 +#define get_user_u8(x, gaddr) get_user((x), (gaddr), uint8_t)
  324 +#define get_user_s8(x, gaddr) get_user((x), (gaddr), int8_t)
  325 +
299 326 /* copy_from_user() and copy_to_user() are usually used to copy data
300 327 * buffers between the target and host. These internally perform
301 328 * locking/unlocking of the memory.
... ... @@ -368,20 +395,4 @@ static inline void *lock_user_string(abi_ulong guest_addr)
368 395 #define unlock_user_struct(host_ptr, guest_addr, copy) \
369 396 unlock_user(host_ptr, guest_addr, (copy) ? sizeof(*host_ptr) : 0)
370 397  
371   -#define tget8(addr) ldub(addr)
372   -#define tput8(addr, val) stb(addr, val)
373   -#define tget16(addr) lduw(addr)
374   -#define tput16(addr, val) stw(addr, val)
375   -#define tget32(addr) ldl(addr)
376   -#define tput32(addr, val) stl(addr, val)
377   -#define tget64(addr) ldq(addr)
378   -#define tput64(addr, val) stq(addr, val)
379   -#if TARGET_ABI_BITS == 64
380   -#define tgetl(addr) ldq(addr)
381   -#define tputl(addr, val) stq(addr, val)
382   -#else
383   -#define tgetl(addr) ldl(addr)
384   -#define tputl(addr, val) stl(addr, val)
385   -#endif
386   -
387 398 #endif /* QEMU_H */
... ...
linux-user/syscall.c
  View file @2f61969
... ... @@ -783,7 +783,7 @@ static inline abi_long host_to_target_cmsg(struct target_msghdr *target_msgh,
783 783  
784 784 /* do_setsockopt() Must return target values and target errnos. */
785 785 static abi_long do_setsockopt(int sockfd, int level, int optname,
786   - abi_ulong optval, socklen_t optlen)
  786 + abi_ulong optval_addr, socklen_t optlen)
787 787 {
788 788 abi_long ret;
789 789 int val;
... ... @@ -794,7 +794,8 @@ static abi_long do_setsockopt(int sockfd, int level, int optname,
794 794 if (optlen < sizeof(uint32_t))
795 795 return -TARGET_EINVAL;
796 796  
797   - val = tget32(optval);
  797 + if (get_user_u32(val, optval_addr))
  798 + return -TARGET_EFAULT;
798 799 ret = get_errno(setsockopt(sockfd, level, optname, &val, sizeof(val)));
799 800 break;
800 801 case SOL_IP:
... ... @@ -816,9 +817,11 @@ static abi_long do_setsockopt(int sockfd, int level, int optname,
816 817 case IP_MULTICAST_LOOP:
817 818 val = 0;
818 819 if (optlen >= sizeof(uint32_t)) {
819   - val = tget32(optval);
  820 + if (get_user_u32(val, optval_addr))
  821 + return -TARGET_EFAULT;
820 822 } else if (optlen >= 1) {
821   - val = tget8(optval);
  823 + if (get_user_u8(val, optval_addr))
  824 + return -TARGET_EFAULT;
822 825 }
823 826 ret = get_errno(setsockopt(sockfd, level, optname, &val, sizeof(val)));
824 827 break;
... ... @@ -890,9 +893,10 @@ static abi_long do_setsockopt(int sockfd, int level, int optname,
890 893 goto unimplemented;
891 894 }
892 895 if (optlen < sizeof(uint32_t))
893   - return -TARGET_EINVAL;
  896 + return -TARGET_EINVAL;
894 897  
895   - val = tget32(optval);
  898 + if (get_user_u32(val, optval_addr))
  899 + return -TARGET_EFAULT;
896 900 ret = get_errno(setsockopt(sockfd, SOL_SOCKET, optname, &val, sizeof(val)));
897 901 break;
898 902 default:
... ... @@ -905,7 +909,7 @@ static abi_long do_setsockopt(int sockfd, int level, int optname,
905 909  
906 910 /* do_getsockopt() Must return target values and target errnos. */
907 911 static abi_long do_getsockopt(int sockfd, int level, int optname,
908   - abi_ulong optval, abi_ulong optlen)
  912 + abi_ulong optval_addr, abi_ulong optlen)
909 913 {
910 914 abi_long ret;
911 915 int len, lv, val;
... ... @@ -928,7 +932,8 @@ static abi_long do_getsockopt(int sockfd, int level, int optname,
928 932 case SOL_TCP:
929 933 /* TCP options all take an 'int' value. */
930 934 int_case:
931   - len = tget32(optlen);
  935 + if (get_user_u32(len, optlen))
  936 + return -TARGET_EFAULT;
932 937 if (len < 0)
933 938 return -TARGET_EINVAL;
934 939 lv = sizeof(int);
... ... @@ -938,11 +943,15 @@ static abi_long do_getsockopt(int sockfd, int level, int optname,
938 943 val = tswap32(val);
939 944 if (len > lv)
940 945 len = lv;
941   - if (len == 4)
942   - tput32(optval, val);
943   - else
944   - tput8(optval, val);
945   - tput32(optlen, len);
  946 + if (len == 4) {
  947 + if (put_user_u32(val, optval_addr))
  948 + return -TARGET_EFAULT;
  949 + } else {
  950 + if (put_user_u8(val, optval_addr))
  951 + return -TARGET_EFAULT;
  952 + }
  953 + if (put_user_u32(len, optlen))
  954 + return -TARGET_EFAULT;
946 955 break;
947 956 case SOL_IP:
948 957 switch(optname) {
... ... @@ -961,7 +970,8 @@ static abi_long do_getsockopt(int sockfd, int level, int optname,
961 970 #endif
962 971 case IP_MULTICAST_TTL:
963 972 case IP_MULTICAST_LOOP:
964   - len = tget32(optlen);
  973 + if (get_user_u32(len, optlen))
  974 + return -TARGET_EFAULT;
965 975 if (len < 0)
966 976 return -TARGET_EINVAL;
967 977 lv = sizeof(int);
... ... @@ -970,13 +980,15 @@ static abi_long do_getsockopt(int sockfd, int level, int optname,
970 980 return ret;
971 981 if (len < sizeof(int) && len > 0 && val >= 0 && val < 255) {
972 982 len = 1;
973   - tput32(optlen, len);
974   - tput8(optval, val);
  983 + if (put_user_u32(len, optlen)
  984 + || put_user_u8(val, optval_addr))
  985 + return -TARGET_EFAULT;
975 986 } else {
976 987 if (len > sizeof(int))
977 988 len = sizeof(int);
978   - tput32(optlen, len);
979   - tput32(optval, val);
  989 + if (put_user_u32(len, optlen)
  990 + || put_user_u32(val, optval_addr))
  991 + return -TARGET_EFAULT;
980 992 }
981 993 break;
982 994 default:
... ... @@ -1148,63 +1160,82 @@ static abi_long do_sendrecvmsg(int fd, abi_ulong target_msg,
1148 1160  
1149 1161 /* do_accept() Must return target values and target errnos. */
1150 1162 static abi_long do_accept(int fd, abi_ulong target_addr,
1151   - abi_ulong target_addrlen)
  1163 + abi_ulong target_addrlen_addr)
1152 1164 {
1153   - socklen_t addrlen = tget32(target_addrlen);
1154   - void *addr = alloca(addrlen);
  1165 + socklen_t addrlen;
  1166 + void *addr;
1155 1167 abi_long ret;
1156 1168  
  1169 + if (get_user_u32(addrlen, target_addrlen_addr))
  1170 + return -TARGET_EFAULT;
  1171 +
  1172 + addr = alloca(addrlen);
  1173 +
1157 1174 ret = get_errno(accept(fd, addr, &addrlen));
1158 1175 if (!is_error(ret)) {
1159 1176 host_to_target_sockaddr(target_addr, addr, addrlen);
1160   - tput32(target_addrlen, addrlen);
  1177 + if (put_user_u32(addrlen, target_addrlen_addr))
  1178 + ret = -TARGET_EFAULT;
1161 1179 }
1162 1180 return ret;
1163 1181 }
1164 1182  
1165 1183 /* do_getpeername() Must return target values and target errnos. */
1166 1184 static abi_long do_getpeername(int fd, abi_ulong target_addr,
1167   - abi_ulong target_addrlen)
  1185 + abi_ulong target_addrlen_addr)
1168 1186 {
1169   - socklen_t addrlen = tget32(target_addrlen);
1170   - void *addr = alloca(addrlen);
  1187 + socklen_t addrlen;
  1188 + void *addr;
1171 1189 abi_long ret;
1172 1190  
  1191 + if (get_user_u32(addrlen, target_addrlen_addr))
  1192 + return -TARGET_EFAULT;
  1193 +
  1194 + addr = alloca(addrlen);
  1195 +
1173 1196 ret = get_errno(getpeername(fd, addr, &addrlen));
1174 1197 if (!is_error(ret)) {
1175 1198 host_to_target_sockaddr(target_addr, addr, addrlen);
1176   - tput32(target_addrlen, addrlen);
  1199 + if (put_user_u32(addrlen, target_addrlen_addr))
  1200 + ret = -TARGET_EFAULT;
1177 1201 }
1178 1202 return ret;
1179 1203 }
1180 1204  
1181 1205 /* do_getsockname() Must return target values and target errnos. */
1182 1206 static abi_long do_getsockname(int fd, abi_ulong target_addr,
1183   - abi_ulong target_addrlen)
  1207 + abi_ulong target_addrlen_addr)
1184 1208 {
1185   - socklen_t addrlen = tget32(target_addrlen);
1186   - void *addr = alloca(addrlen);
  1209 + socklen_t addrlen;
  1210 + void *addr;
1187 1211 abi_long ret;
1188 1212  
  1213 + if (get_user_u32(addrlen, target_addrlen_addr))
  1214 + return -TARGET_EFAULT;
  1215 +
  1216 + addr = alloca(addrlen);
  1217 +
1189 1218 ret = get_errno(getsockname(fd, addr, &addrlen));
1190 1219 if (!is_error(ret)) {
1191 1220 host_to_target_sockaddr(target_addr, addr, addrlen);
1192   - tput32(target_addrlen, addrlen);
  1221 + if (put_user_u32(addrlen, target_addrlen_addr))
  1222 + ret = -TARGET_EFAULT;
1193 1223 }
1194 1224 return ret;
1195 1225 }
1196 1226  
1197 1227 /* do_socketpair() Must return target values and target errnos. */
1198 1228 static abi_long do_socketpair(int domain, int type, int protocol,
1199   - abi_ulong target_tab)
  1229 + abi_ulong target_tab_addr)
1200 1230 {
1201 1231 int tab[2];
1202 1232 abi_long ret;
1203 1233  
1204 1234 ret = get_errno(socketpair(domain, type, protocol, tab));
1205 1235 if (!is_error(ret)) {
1206   - tput32(target_tab, tab[0]);
1207   - tput32(target_tab + 4, tab[1]);
  1236 + if (put_user_s32(tab[0], target_tab_addr)
  1237 + || put_user_s32(tab[1], target_tab_addr + sizeof(tab[0])))
  1238 + ret = -TARGET_EFAULT;
1208 1239 }
1209 1240 return ret;
1210 1241 }
... ... @@ -1245,7 +1276,10 @@ static abi_long do_recvfrom(int fd, abi_ulong msg, size_t len, int flags,
1245 1276 if (!host_msg)
1246 1277 return -TARGET_EFAULT;
1247 1278 if (target_addr) {
1248   - addrlen = tget32(target_addrlen);
  1279 + if (get_user_u32(addrlen, target_addrlen)) {
  1280 + ret = -TARGET_EFAULT;
  1281 + goto fail;
  1282 + }
1249 1283 addr = alloca(addrlen);
1250 1284 ret = get_errno(recvfrom(fd, host_msg, len, flags, addr, &addrlen));
1251 1285 } else {
... ... @@ -1255,10 +1289,14 @@ static abi_long do_recvfrom(int fd, abi_ulong msg, size_t len, int flags,
1255 1289 if (!is_error(ret)) {
1256 1290 if (target_addr) {
1257 1291 host_to_target_sockaddr(target_addr, addr, addrlen);
1258   - tput32(target_addrlen, addrlen);
  1292 + if (put_user_u32(addrlen, target_addrlen)) {
  1293 + ret = -TARGET_EFAULT;
  1294 + goto fail;
  1295 + }
1259 1296 }
1260 1297 unlock_user(host_msg, msg, len);
1261 1298 } else {
  1299 +fail:
1262 1300 unlock_user(host_msg, msg, 0);
1263 1301 }
1264 1302 return ret;
... ... @@ -1274,112 +1312,187 @@ static abi_long do_socketcall(int num, abi_ulong vptr)
1274 1312 switch(num) {
1275 1313 case SOCKOP_socket:
1276 1314 {
1277   - int domain = tgetl(vptr);
1278   - int type = tgetl(vptr + n);
1279   - int protocol = tgetl(vptr + 2 * n);
  1315 + int domain, type, protocol;
  1316 +
  1317 + if (get_user_s32(domain, vptr)
  1318 + || get_user_s32(type, vptr + n)
  1319 + || get_user_s32(protocol, vptr + 2 * n))
  1320 + return -TARGET_EFAULT;
  1321 +
1280 1322 ret = do_socket(domain, type, protocol);
1281 1323 }
1282 1324 break;
1283 1325 case SOCKOP_bind:
1284 1326 {
1285   - int sockfd = tgetl(vptr);
1286   - abi_ulong target_addr = tgetl(vptr + n);
1287   - socklen_t addrlen = tgetl(vptr + 2 * n);
  1327 + int sockfd;
  1328 + abi_ulong target_addr;
  1329 + socklen_t addrlen;
  1330 +
  1331 + if (get_user_s32(sockfd, vptr)
  1332 + || get_user_ual(target_addr, vptr + n)
  1333 + || get_user_u32(addrlen, vptr + 2 * n))
  1334 + return -TARGET_EFAULT;
  1335 +
1288 1336 ret = do_bind(sockfd, target_addr, addrlen);
1289 1337 }
1290 1338 break;
1291 1339 case SOCKOP_connect:
1292 1340 {
1293   - int sockfd = tgetl(vptr);
1294   - abi_ulong target_addr = tgetl(vptr + n);
1295   - socklen_t addrlen = tgetl(vptr + 2 * n);
  1341 + int sockfd;
  1342 + abi_ulong target_addr;
  1343 + socklen_t addrlen;
  1344 +
  1345 + if (get_user_s32(sockfd, vptr)
  1346 + || get_user_ual(target_addr, vptr + n)
  1347 + || get_user_u32(addrlen, vptr + 2 * n))
  1348 + return -TARGET_EFAULT;
  1349 +
1296 1350 ret = do_connect(sockfd, target_addr, addrlen);
1297 1351 }
1298 1352 break;
1299 1353 case SOCKOP_listen:
1300 1354 {
1301   - int sockfd = tgetl(vptr);
1302   - int backlog = tgetl(vptr + n);
  1355 + int sockfd, backlog;
  1356 +
  1357 + if (get_user_s32(sockfd, vptr)
  1358 + || get_user_s32(backlog, vptr + n))
  1359 + return -TARGET_EFAULT;
  1360 +
1303 1361 ret = get_errno(listen(sockfd, backlog));
1304 1362 }
1305 1363 break;
1306 1364 case SOCKOP_accept:
1307 1365 {
1308   - int sockfd = tgetl(vptr);
1309   - abi_ulong target_addr = tgetl(vptr + n);
1310   - abi_ulong target_addrlen = tgetl(vptr + 2 * n);
  1366 + int sockfd;
  1367 + abi_ulong target_addr, target_addrlen;
  1368 +
  1369 + if (get_user_s32(sockfd, vptr)
  1370 + || get_user_ual(target_addr, vptr + n)
  1371 + || get_user_u32(target_addrlen, vptr + 2 * n))
  1372 + return -TARGET_EFAULT;
  1373 +
1311 1374 ret = do_accept(sockfd, target_addr, target_addrlen);
1312 1375 }
1313 1376 break;
1314 1377 case SOCKOP_getsockname:
1315 1378 {
1316   - int sockfd = tgetl(vptr);
1317   - abi_ulong target_addr = tgetl(vptr + n);
1318   - abi_ulong target_addrlen = tgetl(vptr + 2 * n);
  1379 + int sockfd;
  1380 + abi_ulong target_addr, target_addrlen;
  1381 +
  1382 + if (get_user_s32(sockfd, vptr)
  1383 + || get_user_ual(target_addr, vptr + n)
  1384 + || get_user_u32(target_addrlen, vptr + 2 * n))
  1385 + return -TARGET_EFAULT;
  1386 +
1319 1387 ret = do_getsockname(sockfd, target_addr, target_addrlen);
1320 1388 }
1321 1389 break;
1322 1390 case SOCKOP_getpeername:
1323 1391 {
1324   - int sockfd = tgetl(vptr);
1325   - abi_ulong target_addr = tgetl(vptr + n);
1326   - abi_ulong target_addrlen = tgetl(vptr + 2 * n);
  1392 + int sockfd;
  1393 + abi_ulong target_addr, target_addrlen;
  1394 +
  1395 + if (get_user_s32(sockfd, vptr)
  1396 + || get_user_ual(target_addr, vptr + n)
  1397 + || get_user_u32(target_addrlen, vptr + 2 * n))
  1398 + return -TARGET_EFAULT;
  1399 +
1327 1400 ret = do_getpeername(sockfd, target_addr, target_addrlen);
1328 1401 }
1329 1402 break;
1330 1403 case SOCKOP_socketpair:
1331 1404 {
1332   - int domain = tgetl(vptr);
1333   - int type = tgetl(vptr + n);
1334   - int protocol = tgetl(vptr + 2 * n);
1335   - abi_ulong tab = tgetl(vptr + 3 * n);
  1405 + int domain, type, protocol;
  1406 + abi_ulong tab;
  1407 +
  1408 + if (get_user_s32(domain, vptr)
  1409 + || get_user_s32(type, vptr + n)
  1410 + || get_user_s32(protocol, vptr + 2 * n)
  1411 + || get_user_ual(tab, vptr + 3 * n))
  1412 + return -TARGET_EFAULT;
  1413 +
1336 1414 ret = do_socketpair(domain, type, protocol, tab);
1337 1415 }
1338 1416 break;
1339 1417 case SOCKOP_send:
1340 1418 {
1341   - int sockfd = tgetl(vptr);
1342   - abi_ulong msg = tgetl(vptr + n);
1343   - size_t len = tgetl(vptr + 2 * n);
1344   - int flags = tgetl(vptr + 3 * n);
  1419 + int sockfd;
  1420 + abi_ulong msg;
  1421 + size_t len;
  1422 + int flags;
  1423 +
  1424 + if (get_user_s32(sockfd, vptr)
  1425 + || get_user_ual(msg, vptr + n)
  1426 + || get_user_ual(len, vptr + 2 * n)
  1427 + || get_user_s32(flags, vptr + 3 * n))
  1428 + return -TARGET_EFAULT;
  1429 +
1345 1430 ret = do_sendto(sockfd, msg, len, flags, 0, 0);
1346 1431 }
1347 1432 break;
1348 1433 case SOCKOP_recv:
1349 1434 {
1350   - int sockfd = tgetl(vptr);
1351   - abi_ulong msg = tgetl(vptr + n);
1352   - size_t len = tgetl(vptr + 2 * n);
1353   - int flags = tgetl(vptr + 3 * n);
  1435 + int sockfd;
  1436 + abi_ulong msg;
  1437 + size_t len;
  1438 + int flags;
  1439 +
  1440 + if (get_user_s32(sockfd, vptr)
  1441 + || get_user_ual(msg, vptr + n)
  1442 + || get_user_ual(len, vptr + 2 * n)
  1443 + || get_user_s32(flags, vptr + 3 * n))
  1444 + return -TARGET_EFAULT;
  1445 +
1354 1446 ret = do_recvfrom(sockfd, msg, len, flags, 0, 0);
1355 1447 }
1356 1448 break;
1357 1449 case SOCKOP_sendto:
1358 1450 {
1359   - int sockfd = tgetl(vptr);
1360   - abi_ulong msg = tgetl(vptr + n);
1361   - size_t len = tgetl(vptr + 2 * n);
1362   - int flags = tgetl(vptr + 3 * n);
1363   - abi_ulong addr = tgetl(vptr + 4 * n);
1364   - socklen_t addrlen = tgetl(vptr + 5 * n);
  1451 + int sockfd;
  1452 + abi_ulong msg;
  1453 + size_t len;
  1454 + int flags;
  1455 + abi_ulong addr;
  1456 + socklen_t addrlen;
  1457 +
  1458 + if (get_user_s32(sockfd, vptr)
  1459 + || get_user_ual(msg, vptr + n)
  1460 + || get_user_ual(len, vptr + 2 * n)
  1461 + || get_user_s32(flags, vptr + 3 * n)
  1462 + || get_user_ual(addr, vptr + 4 * n)
  1463 + || get_user_u32(addrlen, vptr + 5 * n))
  1464 + return -TARGET_EFAULT;
  1465 +
1365 1466 ret = do_sendto(sockfd, msg, len, flags, addr, addrlen);
1366 1467 }
1367 1468 break;
1368 1469 case SOCKOP_recvfrom:
1369 1470 {
1370   - int sockfd = tgetl(vptr);
1371   - abi_ulong msg = tgetl(vptr + n);
1372   - size_t len = tgetl(vptr + 2 * n);
1373   - int flags = tgetl(vptr + 3 * n);
1374   - abi_ulong addr = tgetl(vptr + 4 * n);
1375   - abi_ulong addrlen = tgetl(vptr + 5 * n);
  1471 + int sockfd;
  1472 + abi_ulong msg;
  1473 + size_t len;
  1474 + int flags;
  1475 + abi_ulong addr;
  1476 + socklen_t addrlen;
  1477 +
  1478 + if (get_user_s32(sockfd, vptr)
  1479 + || get_user_ual(msg, vptr + n)
  1480 + || get_user_ual(len, vptr + 2 * n)
  1481 + || get_user_s32(flags, vptr + 3 * n)
  1482 + || get_user_ual(addr, vptr + 4 * n)
  1483 + || get_user_u32(addrlen, vptr + 5 * n))
  1484 + return -TARGET_EFAULT;
  1485 +
1376 1486 ret = do_recvfrom(sockfd, msg, len, flags, addr, addrlen);
1377 1487 }
1378 1488 break;
1379 1489 case SOCKOP_shutdown:
1380 1490 {
1381   - int sockfd = tgetl(vptr);
1382   - int how = tgetl(vptr + n);
  1491 + int sockfd, how;
  1492 +
  1493 + if (get_user_s32(sockfd, vptr)
  1494 + || get_user_s32(how, vptr + n))
  1495 + return -TARGET_EFAULT;
1383 1496  
1384 1497 ret = get_errno(shutdown(sockfd, how));
1385 1498 }
... ... @@ -1391,9 +1504,10 @@ static abi_long do_socketcall(int num, abi_ulong vptr)
1391 1504 abi_ulong target_msg;
1392 1505 int flags;
1393 1506  
1394   - fd = tgetl(vptr);
1395   - target_msg = tgetl(vptr + n);
1396   - flags = tgetl(vptr + 2 * n);
  1507 + if (get_user_s32(fd, vptr)
  1508 + || get_user_ual(target_msg, vptr + n)
  1509 + || get_user_s32(flags, vptr + 2 * n))
  1510 + return -TARGET_EFAULT;
1397 1511  
1398 1512 ret = do_sendrecvmsg(fd, target_msg, flags,
1399 1513 (num == SOCKOP_sendmsg));
... ... @@ -1401,24 +1515,38 @@ static abi_long do_socketcall(int num, abi_ulong vptr)
1401 1515 break;
1402 1516 case SOCKOP_setsockopt:
1403 1517 {
1404   - int sockfd = tgetl(vptr);
1405   - int level = tgetl(vptr + n);
1406   - int optname = tgetl(vptr + 2 * n);
1407   - abi_ulong optval = tgetl(vptr + 3 * n);
1408   - socklen_t optlen = tgetl(vptr + 4 * n);
  1518 + int sockfd;
  1519 + int level;
  1520 + int optname;
  1521 + abi_ulong optval;
  1522 + socklen_t optlen;
  1523 +
  1524 + if (get_user_s32(sockfd, vptr)
  1525 + || get_user_s32(level, vptr + n)
  1526 + || get_user_s32(optname, vptr + 2 * n)
  1527 + || get_user_ual(optval, vptr + 3 * n)
  1528 + || get_user_u32(optlen, vptr + 4 * n))
  1529 + return -TARGET_EFAULT;
1409 1530  
1410 1531 ret = do_setsockopt(sockfd, level, optname, optval, optlen);
1411 1532 }
1412 1533 break;
1413 1534 case SOCKOP_getsockopt:
1414 1535 {
1415   - int sockfd = tgetl(vptr);
1416   - int level = tgetl(vptr + n);
1417   - int optname = tgetl(vptr + 2 * n);
1418   - abi_ulong optval = tgetl(vptr + 3 * n);
1419   - abi_ulong poptlen = tgetl(vptr + 4 * n);
  1536 + int sockfd;
  1537 + int level;
  1538 + int optname;
  1539 + abi_ulong optval;
  1540 + socklen_t optlen;
  1541 +
  1542 + if (get_user_s32(sockfd, vptr)
  1543 + || get_user_s32(level, vptr + n)
  1544 + || get_user_s32(optname, vptr + 2 * n)
  1545 + || get_user_ual(optval, vptr + 3 * n)
  1546 + || get_user_u32(optlen, vptr + 4 * n))
  1547 + return -TARGET_EFAULT;
1420 1548  
1421   - ret = do_getsockopt(sockfd, level, optname, optval, poptlen);
  1549 + ret = do_getsockopt(sockfd, level, optname, optval, optlen);
1422 1550 }
1423 1551 break;
1424 1552 default:
... ... @@ -1883,7 +2011,7 @@ static abi_long do_ipc(unsigned int call, int first,
1883 2011 break;
1884 2012 }
1885 2013 }
1886   - if (put_user(raddr, third, abi_ulong))
  2014 + if (put_user_ual(raddr, third))
1887 2015 return -TARGET_EFAULT;
1888 2016 ret = 0;
1889 2017 }
... ... @@ -2957,10 +3085,8 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
2957 3085 unlock_user(p, arg2, 0);
2958 3086 break;
2959 3087 case TARGET_NR_open:
2960   - if (!(p = lock_user_string(arg1))) {
2961   - return -TARGET_EFAULT;
2962   - goto fail;
2963   - }
  3088 + if (!(p = lock_user_string(arg1)))
  3089 + goto efault;
2964 3090 ret = get_errno(open(path(p),
2965 3091 target_to_host_bitmask(arg2, fcntl_flags_tbl),
2966 3092 arg3));
... ... @@ -2991,8 +3117,9 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
2991 3117 {
2992 3118 int status;
2993 3119 ret = get_errno(waitpid(arg1, &status, arg3));
2994   - if (!is_error(ret) && arg2)
2995   - tput32(arg2, status);
  3120 + if (!is_error(ret) && arg2
  3121 + && put_user_s32(status, arg2))
  3122 + goto efault;
2996 3123 }
2997 3124 break;
2998 3125 #endif
... ... @@ -3059,56 +3186,71 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
3059 3186  
3060 3187 argc = 0;
3061 3188 guest_argp = arg2;
3062   - for (gp = guest_argp; tgetl(gp); gp++)
  3189 + for (gp = guest_argp; ; gp++) {
  3190 + if (get_user_ual(guest_argp, gp))
  3191 + goto efault;
  3192 + if (!guest_argp)
  3193 + break;
3063 3194 argc++;
  3195 + }
3064 3196 envc = 0;
3065 3197 guest_envp = arg3;
3066   - for (gp = guest_envp; tgetl(gp); gp++)
  3198 + for (gp = guest_envp; ; gp++) {
  3199 + if (get_user_ual(guest_envp, gp))
  3200 + goto efault;
  3201 + if (!guest_envp)
  3202 + break;
3067 3203 envc++;
  3204 + }
3068 3205  
3069 3206 argp = alloca((argc + 1) * sizeof(void *));
3070 3207 envp = alloca((envc + 1) * sizeof(void *));
3071 3208  
3072 3209 for (gp = guest_argp, q = argp; ;
3073 3210 gp += sizeof(abi_ulong), q++) {
3074   - addr = tgetl(gp);
  3211 + if (get_user_ual(addr, gp))
  3212 + goto execve_efault;
3075 3213 if (!addr)
3076 3214 break;
3077   - if (!(*q = lock_user_string(addr))) {
3078   - ret = -TARGET_EFAULT;
3079   - goto execve_fail;
3080   - }
  3215 + if (!(*q = lock_user_string(addr)))
  3216 + goto execve_efault;
3081 3217 }
3082 3218 *q = NULL;
3083 3219  
3084 3220 for (gp = guest_envp, q = envp; ;
3085 3221 gp += sizeof(abi_ulong), q++) {
3086   - addr = tgetl(gp);
  3222 + if (get_user_ual(addr, gp))
  3223 + goto execve_efault;
3087 3224 if (!addr)
3088 3225 break;
3089   - if (!(*q = lock_user_string(addr))) {
3090   - ret = -TARGET_EFAULT;
3091   - goto execve_fail;
3092   - }
  3226 + if (!(*q = lock_user_string(addr)))
  3227 + goto execve_efault;
3093 3228 }
3094 3229 *q = NULL;
3095 3230  
3096   - if (!(p = lock_user_string(arg1))) {
3097   - ret = -TARGET_EFAULT;
3098   - goto execve_fail;
3099   - }
  3231 + if (!(p = lock_user_string(arg1)))
  3232 + goto execve_efault;
3100 3233 ret = get_errno(execve(p, argp, envp));
3101 3234 unlock_user(p, arg1, 0);
3102 3235  
3103   - execve_fail:
  3236 + goto execve_end;
  3237 +
  3238 + execve_efault:
  3239 + ret = -TARGET_EFAULT;
  3240 +
  3241 + execve_end:
3104 3242 for (gp = guest_argp, q = argp; *q;
3105 3243 gp += sizeof(abi_ulong), q++) {
3106   - addr = tgetl(gp);
  3244 + if (get_user_ual(addr, gp)
  3245 + || !addr)
  3246 + break;
3107 3247 unlock_user(*q, addr, 0);
3108 3248 }
3109 3249 for (gp = guest_envp, q = envp; *q;
3110 3250 gp += sizeof(abi_ulong), q++) {
3111   - addr = tgetl(gp);
  3251 + if (get_user_ual(addr, gp)
  3252 + || !addr)
  3253 + break;
3112 3254 unlock_user(*q, addr, 0);
3113 3255 }
3114 3256 }
... ... @@ -3124,8 +3266,10 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
3124 3266 {
3125 3267 time_t host_time;
3126 3268 ret = get_errno(time(&host_time));
3127   - if (!is_error(ret) && arg1)
3128   - tputl(arg1, host_time);
  3269 + if (!is_error(ret)
  3270 + && arg1
  3271 + && put_user_sal(host_time, arg1))
  3272 + goto efault;
3129 3273 }
3130 3274 break;
3131 3275 #endif
... ... @@ -3199,7 +3343,8 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
3199 3343 case TARGET_NR_stime:
3200 3344 {
3201 3345 time_t host_time;
3202   - host_time = tgetl(arg1);
  3346 + if (get_user_sal(host_time, arg1))
  3347 + goto efault;
3203 3348 ret = get_errno(stime(&host_time));
3204 3349 }
3205 3350 break;
... ... @@ -3358,8 +3503,9 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
3358 3503 env->gpr[3][env->current_tc] = host_pipe[1];
3359 3504 ret = host_pipe[0];
3360 3505 #else
3361   - tput32(arg1, host_pipe[0]);
3362   - tput32(arg1 + 4, host_pipe[1]);
  3506 + if (put_user_s32(host_pipe[0], arg1)
  3507 + || put_user_s32(host_pipe[1], arg1 + sizeof(host_pipe[0])))
  3508 + goto efault;
3363 3509 #endif
3364 3510 }
3365 3511 }
... ... @@ -4267,11 +4413,12 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
4267 4413 rusage_ptr = NULL;
4268 4414 ret = get_errno(wait4(arg1, &status, arg3, rusage_ptr));
4269 4415 if (!is_error(ret)) {
4270   - if (status_ptr)
4271   - tputl(status_ptr, status);
4272   - if (target_rusage) {
4273   - host_to_target_rusage(target_rusage, &rusage);
  4416 + if (status_ptr) {
  4417 + if (put_user_s32(status, status_ptr))
  4418 + goto efault;
4274 4419 }
  4420 + if (target_rusage)
  4421 + host_to_target_rusage(target_rusage, &rusage);
4275 4422 }
4276 4423 }
4277 4424 break;
... ... @@ -4404,11 +4551,13 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
4404 4551 {
4405 4552 #if defined (__x86_64__)
4406 4553 ret = get_errno(lseek(arg1, ((uint64_t )arg2 << 32) | arg3, arg5));
4407   - tput64(arg4, ret);
  4554 + if (put_user_s64(ret, arg4))
  4555 + goto efault;
4408 4556 #else
4409 4557 int64_t res;
4410 4558 ret = get_errno(_llseek(arg1, arg2, arg3, &res, arg5));
4411   - tput64(arg4, res);
  4559 + if (put_user_s64(res, arg4))
  4560 + goto efault;
4412 4561 #endif
4413 4562 }
4414 4563 break;
... ... @@ -4674,8 +4823,9 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
4674 4823 {
4675 4824 int deathsig;
4676 4825 ret = get_errno(prctl(arg1, &deathsig, arg3, arg4, arg5));
4677   - if (!is_error(ret) && arg2)
4678   - tput32(arg2, deathsig);
  4826 + if (!is_error(ret) && arg2
  4827 + && put_user_ual(deathsig, arg2))
  4828 + goto efault;
4679 4829 }
4680 4830 break;
4681 4831 default:
... ... @@ -4932,9 +5082,10 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
4932 5082 uid_t ruid, euid, suid;
4933 5083 ret = get_errno(getresuid(&ruid, &euid, &suid));
4934 5084 if (!is_error(ret)) {
4935   - tput16(arg1, tswap16(high2lowuid(ruid)));
4936   - tput16(arg2, tswap16(high2lowuid(euid)));
4937   - tput16(arg3, tswap16(high2lowuid(suid)));
  5085 + if (put_user_u16(high2lowuid(ruid), arg1)
  5086 + || put_user_u16(high2lowuid(euid), arg2)
  5087 + || put_user_u16(high2lowuid(suid), arg3))
  5088 + goto efault;
4938 5089 }
4939 5090 }
4940 5091 break;
... ... @@ -4952,9 +5103,10 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
4952 5103 gid_t rgid, egid, sgid;
4953 5104 ret = get_errno(getresgid(&rgid, &egid, &sgid));
4954 5105 if (!is_error(ret)) {
4955   - tput16(arg1, tswap16(high2lowgid(rgid)));
4956   - tput16(arg2, tswap16(high2lowgid(egid)));
4957   - tput16(arg3, tswap16(high2lowgid(sgid)));
  5106 + if (put_user_u16(high2lowgid(rgid), arg1)
  5107 + || put_user_u16(high2lowgid(egid), arg2)
  5108 + || put_user_u16(high2lowgid(sgid), arg3))
  5109 + goto efault;
4958 5110 }
4959 5111 }
4960 5112 break;
... ... @@ -5077,9 +5229,10 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
5077 5229 uid_t ruid, euid, suid;
5078 5230 ret = get_errno(getresuid(&ruid, &euid, &suid));
5079 5231 if (!is_error(ret)) {
5080   - tput32(arg1, tswap32(ruid));
5081   - tput32(arg2, tswap32(euid));
5082   - tput32(arg3, tswap32(suid));
  5232 + if (put_user_u32(ruid, arg1)
  5233 + || put_user_u32(euid, arg2)
  5234 + || put_user_u32(suid, arg3))
  5235 + goto efault;
5083 5236 }
5084 5237 }
5085 5238 break;
... ... @@ -5095,9 +5248,10 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
5095 5248 gid_t rgid, egid, sgid;
5096 5249 ret = get_errno(getresgid(&rgid, &egid, &sgid));
5097 5250 if (!is_error(ret)) {
5098   - tput32(arg1, tswap32(rgid));
5099   - tput32(arg2, tswap32(egid));
5100   - tput32(arg3, tswap32(sgid));
  5251 + if (put_user_u32(rgid, arg1)
  5252 + || put_user_u32(egid, arg2)
  5253 + || put_user_u32(sgid, arg3))
  5254 + goto efault;
5101 5255 }
5102 5256 }
5103 5257 break;
... ...
m68k-semi.c
  View file @2f61969
... ... @@ -142,15 +142,23 @@ static void m68k_semi_cb(CPUState *env, target_ulong ret, target_ulong err)
142 142 if (m68k_semi_is_fseek) {
143 143 /* FIXME: We've already lost the high bits of the fseek
144 144 return value. */
145   - tput32(args, 0);
  145 + /* FIXME - handle put_user() failure */
  146 + put_user_u32(0, args);
146 147 args += 4;
147 148 m68k_semi_is_fseek = 0;
148 149 }
149   - tput32(args, ret);
150   - tput32(args + 4, errno);
  150 + /* FIXME - handle put_user() failure */
  151 + put_user_u32(ret, args);
  152 + put_user_u32(errno, args + 4);
151 153 }
152 154  
153   -#define ARG(x) tget32(args + (x) * 4)
  155 +#define ARG(n) \
  156 +({ \
  157 + target_ulong __arg; \
  158 + /* FIXME - handle get_user() failure */ \
  159 + get_user_ual(__arg, args + (n) * 4); \
  160 + __arg; \
  161 +})
154 162 #define PARG(x) ((unsigned long)ARG(x))
155 163 void do_m68k_semihosting(CPUM68KState *env, int nr)
156 164 {
... ... @@ -237,9 +245,10 @@ void do_m68k_semihosting(CPUM68KState *env, int nr)
237 245 ARG(0), off, ARG(3));
238 246 } else {
239 247 off = lseek(ARG(0), off, ARG(3));
240   - tput32(args, off >> 32);
241   - tput32(args + 4, off);
242   - tput32(args + 8, errno);
  248 + /* FIXME - handle put_user() failure */
  249 + put_user_u32(off >> 32, args);
  250 + put_user_u32(off, args + 4);
  251 + put_user_u32(errno, args + 8);
243 252 }
244 253 return;
245 254 }
... ... @@ -390,6 +399,7 @@ void do_m68k_semihosting(CPUM68KState *env, int nr)
390 399 cpu_abort(env, "Unsupported semihosting syscall %d\n", nr);
391 400 result = 0;
392 401 }
393   - tput32(args, result);
394   - tput32(args + 4, errno);
  402 + /* FIXME - handle put_user() failure */
  403 + put_user_u32(result, args);
  404 + put_user_u32(errno, args + 4);
395 405 }
... ...
softmmu-semi.h
  View file @2f61969
... ... @@ -21,15 +21,18 @@ static inline uint32_t softmmu_tget8(CPUState *env, uint32_t addr)
21 21 cpu_memory_rw_debug(env, addr, &val, 1, 0);
22 22 return val;
23 23 }
24   -#define tget32(p) softmmu_tget32(env, p)
25   -#define tget8(p) softmmu_tget8(env, p)
  24 +
  25 +#define get_user_u32(arg, p) ({ arg = softmmu_tget32(env, p) ; 0; })
  26 +#define get_user_u8(arg, p) ({ arg = softmmu_tget8(env, p) ; 0; })
  27 +#define get_user_ual(arg, p) get_user_u32(arg, p)
26 28  
27 29 static inline void softmmu_tput32(CPUState *env, uint32_t addr, uint32_t val)
28 30 {
29 31 val = tswap32(val);
30 32 cpu_memory_rw_debug(env, addr, (uint8_t *)&val, 4, 1);
31 33 }
32   -#define tput32(p, val) softmmu_tput32(env, p, val)
  34 +#define put_user_u32(arg, p) ({ softmmu_tput32(env, p, arg) ; 0; })
  35 +#define put_user_ual(arg, p) put_user_u32(arg, p)
33 36  
34 37 static void *softmmu_lock_user(CPUState *env, uint32_t addr, uint32_t len,
35 38 int copy)
... ...
target-arm/nwfpe/fpa11_cpdt.c
  View file @2f61969
... ... @@ -34,7 +34,8 @@ void loadSingle(const unsigned int Fn,const unsigned int *pMem)
34 34 target_ulong addr = (target_ulong)(long)pMem;
35 35 FPA11 *fpa11 = GET_FPA11();
36 36 fpa11->fType[Fn] = typeSingle;
37   - fpa11->fpreg[Fn].fSingle = tget32(addr);
  37 + /* FIXME - handle failure of get_user() */
  38 + get_user_u32(fpa11->fpreg[Fn].fSingle, addr);
38 39 }
39 40  
40 41 static inline
... ... @@ -46,11 +47,13 @@ void loadDouble(const unsigned int Fn,const unsigned int *pMem)
46 47 p = (unsigned int*)&fpa11->fpreg[Fn].fDouble;
47 48 fpa11->fType[Fn] = typeDouble;
48 49 #ifdef WORDS_BIGENDIAN
49   - p[0] = tget32(addr); /* sign & exponent */
50   - p[1] = tget32(addr + 4);
  50 + /* FIXME - handle failure of get_user() */
  51 + get_user_u32(p[0], addr); /* sign & exponent */
  52 + get_user_u32(p[1], addr + 4);
51 53 #else
52   - p[0] = tget32(addr + 4);
53   - p[1] = tget32(addr); /* sign & exponent */
  54 + /* FIXME - handle failure of get_user() */
  55 + get_user_u32(p[0], addr + 4);
  56 + get_user_u32(p[1], addr); /* sign & exponent */
54 57 #endif
55 58 }
56 59  
... ... @@ -62,9 +65,10 @@ void loadExtended(const unsigned int Fn,const unsigned int *pMem)
62 65 unsigned int *p;
63 66 p = (unsigned int*)&fpa11->fpreg[Fn].fExtended;
64 67 fpa11->fType[Fn] = typeExtended;
65   - p[0] = tget32(addr); /* sign & exponent */
66   - p[1] = tget32(addr + 8); /* ls bits */
67   - p[2] = tget32(addr + 4); /* ms bits */
  68 + /* FIXME - handle failure of get_user() */
  69 + get_user_u32(p[0], addr); /* sign & exponent */
  70 + get_user_u32(p[1], addr + 8); /* ls bits */
  71 + get_user_u32(p[2], addr + 4); /* ms bits */
68 72 }
69 73  
70 74 static inline
... ... @@ -76,7 +80,8 @@ void loadMultiple(const unsigned int Fn,const unsigned int *pMem)
76 80 unsigned long x;
77 81  
78 82 p = (unsigned int*)&(fpa11->fpreg[Fn]);
79   - x = tget32(addr);
  83 + /* FIXME - handle failure of get_user() */
  84 + get_user_u32(x, addr);
80 85 fpa11->fType[Fn] = (x >> 14) & 0x00000003;
81 86  
82 87 switch (fpa11->fType[Fn])
... ... @@ -84,16 +89,18 @@ void loadMultiple(const unsigned int Fn,const unsigned int *pMem)
84 89 case typeSingle:
85 90 case typeDouble:
86 91 {
87   - p[0] = tget32(addr + 8); /* Single */
88   - p[1] = tget32(addr + 4); /* double msw */
  92 + /* FIXME - handle failure of get_user() */
  93 + get_user_u32(p[0], addr + 8); /* Single */
  94 + get_user_u32(p[1], addr + 4); /* double msw */
89 95 p[2] = 0; /* empty */
90 96 }
91 97 break;
92 98  
93 99 case typeExtended:
94 100 {
95   - p[1] = tget32(addr + 8);
96   - p[2] = tget32(addr + 4); /* msw */
  101 + /* FIXME - handle failure of get_user() */
  102 + get_user_u32(p[1], addr + 8);
  103 + get_user_u32(p[2], addr + 4); /* msw */
97 104 p[0] = (x & 0x80003fff);
98 105 }
99 106 break;
... ... @@ -121,7 +128,8 @@ void storeSingle(const unsigned int Fn,unsigned int *pMem)
121 128 default: val = fpa11->fpreg[Fn].fSingle;
122 129 }
123 130  
124   - tput32(addr, p[0]);
  131 + /* FIXME - handle put_user() failures */
  132 + put_user_u32(p[0], addr);
125 133 }
126 134  
127 135 static inline
... ... @@ -144,12 +152,13 @@ void storeDouble(const unsigned int Fn,unsigned int *pMem)
144 152  
145 153 default: val = fpa11->fpreg[Fn].fDouble;
146 154 }
  155 + /* FIXME - handle put_user() failures */
147 156 #ifdef WORDS_BIGENDIAN
148   - tput32(addr, p[0]); /* msw */
149   - tput32(addr + 4, p[1]); /* lsw */
  157 + put_user_u32(p[0], addr); /* msw */
  158 + put_user_u32(p[1], addr + 4); /* lsw */
150 159 #else
151   - tput32(addr, p[1]); /* msw */
152   - tput32(addr + 4, p[0]); /* lsw */
  160 + put_user_u32(p[1], addr); /* msw */
  161 + put_user_u32(p[0], addr + 4); /* lsw */
153 162 #endif
154 163 }
155 164  
... ... @@ -174,9 +183,10 @@ void storeExtended(const unsigned int Fn,unsigned int *pMem)
174 183 default: val = fpa11->fpreg[Fn].fExtended;
175 184 }
176 185  
177   - tput32(addr, p[0]); /* sign & exp */
178   - tput32(addr + 8, p[1]);
179   - tput32(addr + 4, p[2]); /* msw */
  186 + /* FIXME - handle put_user() failures */
  187 + put_user_u32(p[0], addr); /* sign & exp */
  188 + put_user_u32(p[1], addr + 8);
  189 + put_user_u32(p[2], addr + 4); /* msw */
180 190 }
181 191  
182 192 static inline
... ... @@ -194,17 +204,17 @@ void storeMultiple(const unsigned int Fn,unsigned int *pMem)
194 204 case typeSingle:
195 205 case typeDouble:
196 206 {
197   - tput32(addr + 8, p[0]); /* single */
198   - tput32(addr + 4, p[1]); /* double msw */
199   - tput32(addr, nType << 14);
  207 + put_user_u32(p[0], addr + 8); /* single */
  208 + put_user_u32(p[1], addr + 4); /* double msw */
  209 + put_user_u32(nType << 14, addr);
200 210 }
201 211 break;
202 212  
203 213 case typeExtended:
204 214 {
205   - tput32(addr + 4, p[2]); /* msw */
206   - tput32(addr + 8, p[1]);
207   - tput32(addr, (p[0] & 0x80003fff) | (nType << 14));
  215 + put_user_u32(p[2], addr + 4); /* msw */
  216 + put_user_u32(p[1], addr + 8);
  217 + put_user_u32((p[0] & 0x80003fff) | (nType << 14), addr);
208 218 }
209 219 break;
210 220 }
... ...