Commit 2f6196984b98fe2a852b1b5254756f1614eb7635
1 parent
67276f53
suppressed tgetx and tputx (initial patch by Thayne Harbaugh)
git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3653 c046a42c-6fe2-441c-8c8c-71466251a162
Showing
10 changed files
with
473 additions
and
248 deletions
arm-semi.c
@@ -165,8 +165,14 @@ static void arm_semi_flen_cb(CPUState *env, target_ulong ret, target_ulong err) | @@ -165,8 +165,14 @@ static void arm_semi_flen_cb(CPUState *env, target_ulong ret, target_ulong err) | ||
165 | #endif | 165 | #endif |
166 | } | 166 | } |
167 | 167 | ||
168 | -#define ARG(n) tget32(args + (n) * 4) | ||
169 | -#define SET_ARG(n, val) tput32(args + (n) * 4,val) | 168 | +#define ARG(n) \ |
169 | +({ \ | ||
170 | + target_ulong __arg; \ | ||
171 | + /* FIXME - handle get_user() failure */ \ | ||
172 | + get_user_ual(__arg, args + (n) * 4); \ | ||
173 | + __arg; \ | ||
174 | +}) | ||
175 | +#define SET_ARG(n, val) put_user_ual(val, args + (n) * 4) | ||
170 | uint32_t do_arm_semihosting(CPUState *env) | 176 | uint32_t do_arm_semihosting(CPUState *env) |
171 | { | 177 | { |
172 | target_ulong args; | 178 | target_ulong args; |
@@ -213,7 +219,11 @@ uint32_t do_arm_semihosting(CPUState *env) | @@ -213,7 +219,11 @@ uint32_t do_arm_semihosting(CPUState *env) | ||
213 | } | 219 | } |
214 | case SYS_WRITEC: | 220 | case SYS_WRITEC: |
215 | { | 221 | { |
216 | - char c = tget8(args); | 222 | + char c; |
223 | + | ||
224 | + if (get_user_u8(c, args)) | ||
225 | + /* FIXME - should this error code be -TARGET_EFAULT ? */ | ||
226 | + return (uint32_t)-1; | ||
217 | /* Write to debug console. stderr is near enough. */ | 227 | /* Write to debug console. stderr is near enough. */ |
218 | if (use_gdb_syscalls()) { | 228 | if (use_gdb_syscalls()) { |
219 | gdb_do_syscall(arm_semi_cb, "write,2,%x,1", args); | 229 | gdb_do_syscall(arm_semi_cb, "write,2,%x,1", args); |
linux-user/elfload.c
@@ -179,8 +179,9 @@ static inline void init_thread(struct target_pt_regs *regs, struct image_info *i | @@ -179,8 +179,9 @@ static inline void init_thread(struct target_pt_regs *regs, struct image_info *i | ||
179 | regs->ARM_cpsr |= CPSR_T; | 179 | regs->ARM_cpsr |= CPSR_T; |
180 | regs->ARM_pc = infop->entry & 0xfffffffe; | 180 | regs->ARM_pc = infop->entry & 0xfffffffe; |
181 | regs->ARM_sp = infop->start_stack; | 181 | regs->ARM_sp = infop->start_stack; |
182 | - regs->ARM_r2 = tgetl(stack + 8); /* envp */ | ||
183 | - regs->ARM_r1 = tgetl(stack + 4); /* envp */ | 182 | + /* FIXME - what to for failure of get_user()? */ |
183 | + get_user_ual(regs->ARM_r2, stack + 8); /* envp */ | ||
184 | + get_user_ual(regs->ARM_r1, stack + 4); /* envp */ | ||
184 | /* XXX: it seems that r0 is zeroed after ! */ | 185 | /* XXX: it seems that r0 is zeroed after ! */ |
185 | regs->ARM_r0 = 0; | 186 | regs->ARM_r0 = 0; |
186 | /* For uClinux PIC binaries. */ | 187 | /* For uClinux PIC binaries. */ |
@@ -341,7 +342,8 @@ static inline void init_thread(struct target_pt_regs *_regs, struct image_info * | @@ -341,7 +342,8 @@ static inline void init_thread(struct target_pt_regs *_regs, struct image_info * | ||
341 | * but this is what the ABI wants and is needed to allow | 342 | * but this is what the ABI wants and is needed to allow |
342 | * execution of PPC BSD programs. | 343 | * execution of PPC BSD programs. |
343 | */ | 344 | */ |
344 | - _regs->gpr[3] = tgetl(pos); | 345 | + /* FIXME - what to for failure of get_user()? */ |
346 | + get_user_ual(_regs->gpr[3], pos); | ||
345 | pos += sizeof(abi_ulong); | 347 | pos += sizeof(abi_ulong); |
346 | _regs->gpr[4] = pos; | 348 | _regs->gpr[4] = pos; |
347 | for (tmp = 1; tmp != 0; pos += sizeof(abi_ulong)) | 349 | for (tmp = 1; tmp != 0; pos += sizeof(abi_ulong)) |
@@ -733,7 +735,8 @@ static void padzero(abi_ulong elf_bss, abi_ulong last_bss) | @@ -733,7 +735,8 @@ static void padzero(abi_ulong elf_bss, abi_ulong last_bss) | ||
733 | if (nbyte) { | 735 | if (nbyte) { |
734 | nbyte = qemu_host_page_size - nbyte; | 736 | nbyte = qemu_host_page_size - nbyte; |
735 | do { | 737 | do { |
736 | - tput8(elf_bss, 0); | 738 | + /* FIXME - what to do if put_user() fails? */ |
739 | + put_user_u8(0, elf_bss); | ||
737 | elf_bss++; | 740 | elf_bss++; |
738 | } while (--nbyte); | 741 | } while (--nbyte); |
739 | } | 742 | } |
@@ -782,17 +785,11 @@ static abi_ulong create_elf_tables(abi_ulong p, int argc, int envc, | @@ -782,17 +785,11 @@ static abi_ulong create_elf_tables(abi_ulong p, int argc, int envc, | ||
782 | /* This is correct because Linux defines | 785 | /* This is correct because Linux defines |
783 | * elf_addr_t as Elf32_Off / Elf64_Off | 786 | * elf_addr_t as Elf32_Off / Elf64_Off |
784 | */ | 787 | */ |
785 | -#if ELF_CLASS == ELFCLASS32 | ||
786 | -#define NEW_AUX_ENT(id, val) do { \ | ||
787 | - sp -= n; tput32(sp, val); \ | ||
788 | - sp -= n; tput32(sp, id); \ | 788 | +#define NEW_AUX_ENT(id, val) do { \ |
789 | + sp -= n; put_user_ual(val, sp); \ | ||
790 | + sp -= n; put_user_ual(id, sp); \ | ||
789 | } while(0) | 791 | } while(0) |
790 | -#else | ||
791 | -#define NEW_AUX_ENT(id, val) do { \ | ||
792 | - sp -= n; tput64(sp, val); \ | ||
793 | - sp -= n; tput64(sp, id); \ | ||
794 | - } while(0) | ||
795 | -#endif | 792 | + |
796 | NEW_AUX_ENT (AT_NULL, 0); | 793 | NEW_AUX_ENT (AT_NULL, 0); |
797 | 794 | ||
798 | /* There must be exactly DLINFO_ITEMS entries here. */ | 795 | /* There must be exactly DLINFO_ITEMS entries here. */ |
linux-user/flatload.c
@@ -598,14 +598,16 @@ static int load_flat_file(struct linux_binprm * bprm, | @@ -598,14 +598,16 @@ static int load_flat_file(struct linux_binprm * bprm, | ||
598 | rp = datapos; | 598 | rp = datapos; |
599 | while (1) { | 599 | while (1) { |
600 | abi_ulong addr; | 600 | abi_ulong addr; |
601 | - addr = tgetl(rp); | 601 | + if (get_user_ual(addr, rp)) |
602 | + return -EFAULT; | ||
602 | if (addr == -1) | 603 | if (addr == -1) |
603 | break; | 604 | break; |
604 | if (addr) { | 605 | if (addr) { |
605 | addr = calc_reloc(addr, libinfo, id, 0); | 606 | addr = calc_reloc(addr, libinfo, id, 0); |
606 | if (addr == RELOC_FAILED) | 607 | if (addr == RELOC_FAILED) |
607 | return -ENOEXEC; | 608 | return -ENOEXEC; |
608 | - tputl(rp, addr); | 609 | + if (put_user_ual(addr, rp)) |
610 | + return -EFAULT; | ||
609 | } | 611 | } |
610 | rp += sizeof(abi_ulong); | 612 | rp += sizeof(abi_ulong); |
611 | } | 613 | } |
@@ -629,14 +631,16 @@ static int load_flat_file(struct linux_binprm * bprm, | @@ -629,14 +631,16 @@ static int load_flat_file(struct linux_binprm * bprm, | ||
629 | /* Get the address of the pointer to be | 631 | /* Get the address of the pointer to be |
630 | relocated (of course, the address has to be | 632 | relocated (of course, the address has to be |
631 | relocated first). */ | 633 | relocated first). */ |
632 | - relval = tgetl(reloc + i * sizeof (abi_ulong)); | 634 | + if (get_user_ual(relval, reloc + i * sizeof(abi_ulong))) |
635 | + return -EFAULT; | ||
633 | addr = flat_get_relocate_addr(relval); | 636 | addr = flat_get_relocate_addr(relval); |
634 | rp = calc_reloc(addr, libinfo, id, 1); | 637 | rp = calc_reloc(addr, libinfo, id, 1); |
635 | if (rp == RELOC_FAILED) | 638 | if (rp == RELOC_FAILED) |
636 | return -ENOEXEC; | 639 | return -ENOEXEC; |
637 | 640 | ||
638 | /* Get the pointer's value. */ | 641 | /* Get the pointer's value. */ |
639 | - addr = tgetl(rp); | 642 | + if (get_user_ual(addr, rp)) |
643 | + return -EFAULT; | ||
640 | if (addr != 0) { | 644 | if (addr != 0) { |
641 | /* | 645 | /* |
642 | * Do the relocation. PIC relocs in the data section are | 646 | * Do the relocation. PIC relocs in the data section are |
@@ -652,13 +656,15 @@ static int load_flat_file(struct linux_binprm * bprm, | @@ -652,13 +656,15 @@ static int load_flat_file(struct linux_binprm * bprm, | ||
652 | return -ENOEXEC; | 656 | return -ENOEXEC; |
653 | 657 | ||
654 | /* Write back the relocated pointer. */ | 658 | /* Write back the relocated pointer. */ |
655 | - tputl(rp, addr); | 659 | + if (put_user_ual(addr, rp)) |
660 | + return -EFAULT; | ||
656 | } | 661 | } |
657 | } | 662 | } |
658 | } else { | 663 | } else { |
659 | for (i = 0; i < relocs; i++) { | 664 | for (i = 0; i < relocs; i++) { |
660 | abi_ulong relval; | 665 | abi_ulong relval; |
661 | - relval = tgetl(reloc + i * sizeof (abi_ulong)); | 666 | + if (get_user_ual(relval, reloc + i * sizeof(abi_ulong))) |
667 | + return -EFAULT; | ||
662 | old_reloc(&libinfo[0], relval); | 668 | old_reloc(&libinfo[0], relval); |
663 | } | 669 | } |
664 | } | 670 | } |
@@ -744,9 +750,12 @@ int load_flt_binary(struct linux_binprm * bprm, struct target_pt_regs * regs, | @@ -744,9 +750,12 @@ int load_flt_binary(struct linux_binprm * bprm, struct target_pt_regs * regs, | ||
744 | p = libinfo[i].start_data; | 750 | p = libinfo[i].start_data; |
745 | for (j=0; j<MAX_SHARED_LIBS; j++) { | 751 | for (j=0; j<MAX_SHARED_LIBS; j++) { |
746 | p -= 4; | 752 | p -= 4; |
747 | - tput32(p, libinfo[j].loaded | ||
748 | - ? libinfo[j].start_data | ||
749 | - : UNLOADED_LIB); | 753 | + /* FIXME - handle put_user() failures */ |
754 | + if (put_user_ual(libinfo[j].loaded | ||
755 | + ? libinfo[j].start_data | ||
756 | + : UNLOADED_LIB, | ||
757 | + p)) | ||
758 | + return -EFAULT; | ||
750 | } | 759 | } |
751 | } | 760 | } |
752 | } | 761 | } |
@@ -779,7 +788,9 @@ int load_flt_binary(struct linux_binprm * bprm, struct target_pt_regs * regs, | @@ -779,7 +788,9 @@ int load_flt_binary(struct linux_binprm * bprm, struct target_pt_regs * regs, | ||
779 | for (i = MAX_SHARED_LIBS-1; i>0; i--) { | 788 | for (i = MAX_SHARED_LIBS-1; i>0; i--) { |
780 | if (libinfo[i].loaded) { | 789 | if (libinfo[i].loaded) { |
781 | /* Push previos first to call address */ | 790 | /* Push previos first to call address */ |
782 | - --sp; put_user(start_addr, sp); | 791 | + --sp; |
792 | + if (put_user_ual(start_addr, sp)) | ||
793 | + return -EFAULT; | ||
783 | start_addr = libinfo[i].entry; | 794 | start_addr = libinfo[i].entry; |
784 | } | 795 | } |
785 | } | 796 | } |
linux-user/linuxload.c
@@ -124,21 +124,32 @@ abi_ulong loader_build_argptr(int envc, int argc, abi_ulong sp, | @@ -124,21 +124,32 @@ abi_ulong loader_build_argptr(int envc, int argc, abi_ulong sp, | ||
124 | sp -= (argc + 1) * n; | 124 | sp -= (argc + 1) * n; |
125 | argv = sp; | 125 | argv = sp; |
126 | if (push_ptr) { | 126 | if (push_ptr) { |
127 | - sp -= n; tputl(sp, envp); | ||
128 | - sp -= n; tputl(sp, argv); | 127 | + /* FIXME - handle put_user() failures */ |
128 | + sp -= n; | ||
129 | + put_user_ual(envp, sp); | ||
130 | + sp -= n; | ||
131 | + put_user_ual(argv, sp); | ||
129 | } | 132 | } |
130 | - sp -= n; tputl(sp, argc); | 133 | + sp -= n; |
134 | + /* FIXME - handle put_user() failures */ | ||
135 | + put_user_ual(argc, sp); | ||
131 | 136 | ||
132 | while (argc-- > 0) { | 137 | while (argc-- > 0) { |
133 | - tputl(argv, stringp); argv += n; | 138 | + /* FIXME - handle put_user() failures */ |
139 | + put_user_ual(stringp, argv); | ||
140 | + argv += n; | ||
134 | stringp += target_strlen(stringp) + 1; | 141 | stringp += target_strlen(stringp) + 1; |
135 | } | 142 | } |
136 | - tputl(argv, 0); | 143 | + /* FIXME - handle put_user() failures */ |
144 | + put_user_ual(0, argv); | ||
137 | while (envc-- > 0) { | 145 | while (envc-- > 0) { |
138 | - tputl(envp, stringp); envp += n; | 146 | + /* FIXME - handle put_user() failures */ |
147 | + put_user_ual(stringp, envp); | ||
148 | + envp += n; | ||
139 | stringp += target_strlen(stringp) + 1; | 149 | stringp += target_strlen(stringp) + 1; |
140 | } | 150 | } |
141 | - tputl(envp, 0); | 151 | + /* FIXME - handle put_user() failures */ |
152 | + put_user_ual(0, envp); | ||
142 | 153 | ||
143 | return sp; | 154 | return sp; |
144 | } | 155 | } |
linux-user/main.c
@@ -380,7 +380,8 @@ void cpu_loop(CPUARMState *env) | @@ -380,7 +380,8 @@ void cpu_loop(CPUARMState *env) | ||
380 | 380 | ||
381 | /* we handle the FPU emulation here, as Linux */ | 381 | /* we handle the FPU emulation here, as Linux */ |
382 | /* we get the opcode */ | 382 | /* we get the opcode */ |
383 | - opcode = tget32(env->regs[15]); | 383 | + /* FIXME - what to do if get_user() fails? */ |
384 | + get_user_u32(opcode, env->regs[15]); | ||
384 | 385 | ||
385 | if (EmulateAll(opcode, &ts->fpa, env) == 0) { | 386 | if (EmulateAll(opcode, &ts->fpa, env) == 0) { |
386 | info.si_signo = SIGILL; | 387 | info.si_signo = SIGILL; |
@@ -401,20 +402,24 @@ void cpu_loop(CPUARMState *env) | @@ -401,20 +402,24 @@ void cpu_loop(CPUARMState *env) | ||
401 | /* system call */ | 402 | /* system call */ |
402 | if (trapnr == EXCP_BKPT) { | 403 | if (trapnr == EXCP_BKPT) { |
403 | if (env->thumb) { | 404 | if (env->thumb) { |
404 | - insn = tget16(env->regs[15]); | 405 | + /* FIXME - what to do if get_user() fails? */ |
406 | + get_user_u16(insn, env->regs[15]); | ||
405 | n = insn & 0xff; | 407 | n = insn & 0xff; |
406 | env->regs[15] += 2; | 408 | env->regs[15] += 2; |
407 | } else { | 409 | } else { |
408 | - insn = tget32(env->regs[15]); | 410 | + /* FIXME - what to do if get_user() fails? */ |
411 | + get_user_u32(insn, env->regs[15]); | ||
409 | n = (insn & 0xf) | ((insn >> 4) & 0xff0); | 412 | n = (insn & 0xf) | ((insn >> 4) & 0xff0); |
410 | env->regs[15] += 4; | 413 | env->regs[15] += 4; |
411 | } | 414 | } |
412 | } else { | 415 | } else { |
413 | if (env->thumb) { | 416 | if (env->thumb) { |
414 | - insn = tget16(env->regs[15] - 2); | 417 | + /* FIXME - what to do if get_user() fails? */ |
418 | + get_user_u16(insn, env->regs[15] - 2); | ||
415 | n = insn & 0xff; | 419 | n = insn & 0xff; |
416 | } else { | 420 | } else { |
417 | - insn = tget32(env->regs[15] - 4); | 421 | + /* FIXME - what to do if get_user() fails? */ |
422 | + get_user_u32(insn, env->regs[15] - 4); | ||
418 | n = insn & 0xffffff; | 423 | n = insn & 0xffffff; |
419 | } | 424 | } |
420 | } | 425 | } |
@@ -520,7 +525,8 @@ static inline void save_window_offset(CPUSPARCState *env, int cwp1) | @@ -520,7 +525,8 @@ static inline void save_window_offset(CPUSPARCState *env, int cwp1) | ||
520 | (int)sp_ptr, cwp1); | 525 | (int)sp_ptr, cwp1); |
521 | #endif | 526 | #endif |
522 | for(i = 0; i < 16; i++) { | 527 | for(i = 0; i < 16; i++) { |
523 | - tputl(sp_ptr, env->regbase[get_reg_index(env, cwp1, 8 + i)]); | 528 | + /* FIXME - what to do if put_user() fails? */ |
529 | + put_user_ual(env->regbase[get_reg_index(env, cwp1, 8 + i)], sp_ptr); | ||
524 | sp_ptr += sizeof(abi_ulong); | 530 | sp_ptr += sizeof(abi_ulong); |
525 | } | 531 | } |
526 | } | 532 | } |
@@ -556,7 +562,8 @@ static void restore_window(CPUSPARCState *env) | @@ -556,7 +562,8 @@ static void restore_window(CPUSPARCState *env) | ||
556 | (int)sp_ptr, cwp1); | 562 | (int)sp_ptr, cwp1); |
557 | #endif | 563 | #endif |
558 | for(i = 0; i < 16; i++) { | 564 | for(i = 0; i < 16; i++) { |
559 | - env->regbase[get_reg_index(env, cwp1, 8 + i)] = tgetl(sp_ptr); | 565 | + /* FIXME - what to do if get_user() fails? */ |
566 | + get_user_ual(env->regbase[get_reg_index(env, cwp1, 8 + i)], sp_ptr); | ||
560 | sp_ptr += sizeof(abi_ulong); | 567 | sp_ptr += sizeof(abi_ulong); |
561 | } | 568 | } |
562 | env->wim = new_wim; | 569 | env->wim = new_wim; |
@@ -1533,10 +1540,11 @@ void cpu_loop(CPUMIPSState *env) | @@ -1533,10 +1540,11 @@ void cpu_loop(CPUMIPSState *env) | ||
1533 | sp_reg = env->gpr[29][env->current_tc]; | 1540 | sp_reg = env->gpr[29][env->current_tc]; |
1534 | switch (nb_args) { | 1541 | switch (nb_args) { |
1535 | /* these arguments are taken from the stack */ | 1542 | /* these arguments are taken from the stack */ |
1536 | - case 8: arg8 = tgetl(sp_reg + 28); | ||
1537 | - case 7: arg7 = tgetl(sp_reg + 24); | ||
1538 | - case 6: arg6 = tgetl(sp_reg + 20); | ||
1539 | - case 5: arg5 = tgetl(sp_reg + 16); | 1543 | + /* FIXME - what to do if get_user() fails? */ |
1544 | + case 8: get_user_ual(arg8, sp_reg + 28); | ||
1545 | + case 7: get_user_ual(arg7, sp_reg + 24); | ||
1546 | + case 6: get_user_ual(arg6, sp_reg + 20); | ||
1547 | + case 5: get_user_ual(arg5, sp_reg + 16); | ||
1540 | default: | 1548 | default: |
1541 | break; | 1549 | break; |
1542 | } | 1550 | } |
linux-user/qemu.h
@@ -226,7 +226,7 @@ static inline int access_ok(int type, abi_ulong addr, abi_ulong size) | @@ -226,7 +226,7 @@ static inline int access_ok(int type, abi_ulong addr, abi_ulong size) | ||
226 | int size = sizeof(*hptr);\ | 226 | int size = sizeof(*hptr);\ |
227 | switch(size) {\ | 227 | switch(size) {\ |
228 | case 1:\ | 228 | case 1:\ |
229 | - *(uint8_t *)(hptr) = (typeof(*hptr))(x);\ | 229 | + *(uint8_t *)(hptr) = (uint8_t)(typeof(*hptr))(x);\ |
230 | break;\ | 230 | break;\ |
231 | case 2:\ | 231 | case 2:\ |
232 | *(uint16_t *)(hptr) = tswap16((typeof(*hptr))(x));\ | 232 | *(uint16_t *)(hptr) = tswap16((typeof(*hptr))(x));\ |
@@ -260,6 +260,8 @@ static inline int access_ok(int type, abi_ulong addr, abi_ulong size) | @@ -260,6 +260,8 @@ static inline int access_ok(int type, abi_ulong addr, abi_ulong size) | ||
260 | x = (typeof(*hptr))tswap64(*(uint64_t *)(hptr));\ | 260 | x = (typeof(*hptr))tswap64(*(uint64_t *)(hptr));\ |
261 | break;\ | 261 | break;\ |
262 | default:\ | 262 | default:\ |
263 | + /* avoid warning */\ | ||
264 | + x = 0;\ | ||
263 | abort();\ | 265 | abort();\ |
264 | }\ | 266 | }\ |
265 | 0;\ | 267 | 0;\ |
@@ -291,11 +293,36 @@ static inline int access_ok(int type, abi_ulong addr, abi_ulong size) | @@ -291,11 +293,36 @@ static inline int access_ok(int type, abi_ulong addr, abi_ulong size) | ||
291 | if ((__hptr = lock_user(VERIFY_READ, __gaddr, sizeof(target_type), 1))) { \ | 293 | if ((__hptr = lock_user(VERIFY_READ, __gaddr, sizeof(target_type), 1))) { \ |
292 | __ret = __get_user((x), __hptr); \ | 294 | __ret = __get_user((x), __hptr); \ |
293 | unlock_user(__hptr, __gaddr, 0); \ | 295 | unlock_user(__hptr, __gaddr, 0); \ |
294 | - } else \ | 296 | + } else { \ |
297 | + /* avoid warning */ \ | ||
298 | + (x) = 0; \ | ||
295 | __ret = -TARGET_EFAULT; \ | 299 | __ret = -TARGET_EFAULT; \ |
300 | + } \ | ||
296 | __ret; \ | 301 | __ret; \ |
297 | }) | 302 | }) |
298 | 303 | ||
304 | +#define put_user_ual(x, gaddr) put_user((x), (gaddr), abi_ulong) | ||
305 | +#define put_user_sal(x, gaddr) put_user((x), (gaddr), abi_long) | ||
306 | +#define put_user_u64(x, gaddr) put_user((x), (gaddr), uint64_t) | ||
307 | +#define put_user_s64(x, gaddr) put_user((x), (gaddr), int64_t) | ||
308 | +#define put_user_u32(x, gaddr) put_user((x), (gaddr), uint32_t) | ||
309 | +#define put_user_s32(x, gaddr) put_user((x), (gaddr), int32_t) | ||
310 | +#define put_user_u16(x, gaddr) put_user((x), (gaddr), uint16_t) | ||
311 | +#define put_user_s16(x, gaddr) put_user((x), (gaddr), int16_t) | ||
312 | +#define put_user_u8(x, gaddr) put_user((x), (gaddr), uint8_t) | ||
313 | +#define put_user_s8(x, gaddr) put_user((x), (gaddr), int8_t) | ||
314 | + | ||
315 | +#define get_user_ual(x, gaddr) get_user((x), (gaddr), abi_ulong) | ||
316 | +#define get_user_sal(x, gaddr) get_user((x), (gaddr), abi_long) | ||
317 | +#define get_user_u64(x, gaddr) get_user((x), (gaddr), uint64_t) | ||
318 | +#define get_user_s64(x, gaddr) get_user((x), (gaddr), int64_t) | ||
319 | +#define get_user_u32(x, gaddr) get_user((x), (gaddr), uint32_t) | ||
320 | +#define get_user_s32(x, gaddr) get_user((x), (gaddr), int32_t) | ||
321 | +#define get_user_u16(x, gaddr) get_user((x), (gaddr), uint16_t) | ||
322 | +#define get_user_s16(x, gaddr) get_user((x), (gaddr), int16_t) | ||
323 | +#define get_user_u8(x, gaddr) get_user((x), (gaddr), uint8_t) | ||
324 | +#define get_user_s8(x, gaddr) get_user((x), (gaddr), int8_t) | ||
325 | + | ||
299 | /* copy_from_user() and copy_to_user() are usually used to copy data | 326 | /* copy_from_user() and copy_to_user() are usually used to copy data |
300 | * buffers between the target and host. These internally perform | 327 | * buffers between the target and host. These internally perform |
301 | * locking/unlocking of the memory. | 328 | * locking/unlocking of the memory. |
@@ -368,20 +395,4 @@ static inline void *lock_user_string(abi_ulong guest_addr) | @@ -368,20 +395,4 @@ static inline void *lock_user_string(abi_ulong guest_addr) | ||
368 | #define unlock_user_struct(host_ptr, guest_addr, copy) \ | 395 | #define unlock_user_struct(host_ptr, guest_addr, copy) \ |
369 | unlock_user(host_ptr, guest_addr, (copy) ? sizeof(*host_ptr) : 0) | 396 | unlock_user(host_ptr, guest_addr, (copy) ? sizeof(*host_ptr) : 0) |
370 | 397 | ||
371 | -#define tget8(addr) ldub(addr) | ||
372 | -#define tput8(addr, val) stb(addr, val) | ||
373 | -#define tget16(addr) lduw(addr) | ||
374 | -#define tput16(addr, val) stw(addr, val) | ||
375 | -#define tget32(addr) ldl(addr) | ||
376 | -#define tput32(addr, val) stl(addr, val) | ||
377 | -#define tget64(addr) ldq(addr) | ||
378 | -#define tput64(addr, val) stq(addr, val) | ||
379 | -#if TARGET_ABI_BITS == 64 | ||
380 | -#define tgetl(addr) ldq(addr) | ||
381 | -#define tputl(addr, val) stq(addr, val) | ||
382 | -#else | ||
383 | -#define tgetl(addr) ldl(addr) | ||
384 | -#define tputl(addr, val) stl(addr, val) | ||
385 | -#endif | ||
386 | - | ||
387 | #endif /* QEMU_H */ | 398 | #endif /* QEMU_H */ |
linux-user/syscall.c
@@ -783,7 +783,7 @@ static inline abi_long host_to_target_cmsg(struct target_msghdr *target_msgh, | @@ -783,7 +783,7 @@ static inline abi_long host_to_target_cmsg(struct target_msghdr *target_msgh, | ||
783 | 783 | ||
784 | /* do_setsockopt() Must return target values and target errnos. */ | 784 | /* do_setsockopt() Must return target values and target errnos. */ |
785 | static abi_long do_setsockopt(int sockfd, int level, int optname, | 785 | static abi_long do_setsockopt(int sockfd, int level, int optname, |
786 | - abi_ulong optval, socklen_t optlen) | 786 | + abi_ulong optval_addr, socklen_t optlen) |
787 | { | 787 | { |
788 | abi_long ret; | 788 | abi_long ret; |
789 | int val; | 789 | int val; |
@@ -794,7 +794,8 @@ static abi_long do_setsockopt(int sockfd, int level, int optname, | @@ -794,7 +794,8 @@ static abi_long do_setsockopt(int sockfd, int level, int optname, | ||
794 | if (optlen < sizeof(uint32_t)) | 794 | if (optlen < sizeof(uint32_t)) |
795 | return -TARGET_EINVAL; | 795 | return -TARGET_EINVAL; |
796 | 796 | ||
797 | - val = tget32(optval); | 797 | + if (get_user_u32(val, optval_addr)) |
798 | + return -TARGET_EFAULT; | ||
798 | ret = get_errno(setsockopt(sockfd, level, optname, &val, sizeof(val))); | 799 | ret = get_errno(setsockopt(sockfd, level, optname, &val, sizeof(val))); |
799 | break; | 800 | break; |
800 | case SOL_IP: | 801 | case SOL_IP: |
@@ -816,9 +817,11 @@ static abi_long do_setsockopt(int sockfd, int level, int optname, | @@ -816,9 +817,11 @@ static abi_long do_setsockopt(int sockfd, int level, int optname, | ||
816 | case IP_MULTICAST_LOOP: | 817 | case IP_MULTICAST_LOOP: |
817 | val = 0; | 818 | val = 0; |
818 | if (optlen >= sizeof(uint32_t)) { | 819 | if (optlen >= sizeof(uint32_t)) { |
819 | - val = tget32(optval); | 820 | + if (get_user_u32(val, optval_addr)) |
821 | + return -TARGET_EFAULT; | ||
820 | } else if (optlen >= 1) { | 822 | } else if (optlen >= 1) { |
821 | - val = tget8(optval); | 823 | + if (get_user_u8(val, optval_addr)) |
824 | + return -TARGET_EFAULT; | ||
822 | } | 825 | } |
823 | ret = get_errno(setsockopt(sockfd, level, optname, &val, sizeof(val))); | 826 | ret = get_errno(setsockopt(sockfd, level, optname, &val, sizeof(val))); |
824 | break; | 827 | break; |
@@ -890,9 +893,10 @@ static abi_long do_setsockopt(int sockfd, int level, int optname, | @@ -890,9 +893,10 @@ static abi_long do_setsockopt(int sockfd, int level, int optname, | ||
890 | goto unimplemented; | 893 | goto unimplemented; |
891 | } | 894 | } |
892 | if (optlen < sizeof(uint32_t)) | 895 | if (optlen < sizeof(uint32_t)) |
893 | - return -TARGET_EINVAL; | 896 | + return -TARGET_EINVAL; |
894 | 897 | ||
895 | - val = tget32(optval); | 898 | + if (get_user_u32(val, optval_addr)) |
899 | + return -TARGET_EFAULT; | ||
896 | ret = get_errno(setsockopt(sockfd, SOL_SOCKET, optname, &val, sizeof(val))); | 900 | ret = get_errno(setsockopt(sockfd, SOL_SOCKET, optname, &val, sizeof(val))); |
897 | break; | 901 | break; |
898 | default: | 902 | default: |
@@ -905,7 +909,7 @@ static abi_long do_setsockopt(int sockfd, int level, int optname, | @@ -905,7 +909,7 @@ static abi_long do_setsockopt(int sockfd, int level, int optname, | ||
905 | 909 | ||
906 | /* do_getsockopt() Must return target values and target errnos. */ | 910 | /* do_getsockopt() Must return target values and target errnos. */ |
907 | static abi_long do_getsockopt(int sockfd, int level, int optname, | 911 | static abi_long do_getsockopt(int sockfd, int level, int optname, |
908 | - abi_ulong optval, abi_ulong optlen) | 912 | + abi_ulong optval_addr, abi_ulong optlen) |
909 | { | 913 | { |
910 | abi_long ret; | 914 | abi_long ret; |
911 | int len, lv, val; | 915 | int len, lv, val; |
@@ -928,7 +932,8 @@ static abi_long do_getsockopt(int sockfd, int level, int optname, | @@ -928,7 +932,8 @@ static abi_long do_getsockopt(int sockfd, int level, int optname, | ||
928 | case SOL_TCP: | 932 | case SOL_TCP: |
929 | /* TCP options all take an 'int' value. */ | 933 | /* TCP options all take an 'int' value. */ |
930 | int_case: | 934 | int_case: |
931 | - len = tget32(optlen); | 935 | + if (get_user_u32(len, optlen)) |
936 | + return -TARGET_EFAULT; | ||
932 | if (len < 0) | 937 | if (len < 0) |
933 | return -TARGET_EINVAL; | 938 | return -TARGET_EINVAL; |
934 | lv = sizeof(int); | 939 | lv = sizeof(int); |
@@ -938,11 +943,15 @@ static abi_long do_getsockopt(int sockfd, int level, int optname, | @@ -938,11 +943,15 @@ static abi_long do_getsockopt(int sockfd, int level, int optname, | ||
938 | val = tswap32(val); | 943 | val = tswap32(val); |
939 | if (len > lv) | 944 | if (len > lv) |
940 | len = lv; | 945 | len = lv; |
941 | - if (len == 4) | ||
942 | - tput32(optval, val); | ||
943 | - else | ||
944 | - tput8(optval, val); | ||
945 | - tput32(optlen, len); | 946 | + if (len == 4) { |
947 | + if (put_user_u32(val, optval_addr)) | ||
948 | + return -TARGET_EFAULT; | ||
949 | + } else { | ||
950 | + if (put_user_u8(val, optval_addr)) | ||
951 | + return -TARGET_EFAULT; | ||
952 | + } | ||
953 | + if (put_user_u32(len, optlen)) | ||
954 | + return -TARGET_EFAULT; | ||
946 | break; | 955 | break; |
947 | case SOL_IP: | 956 | case SOL_IP: |
948 | switch(optname) { | 957 | switch(optname) { |
@@ -961,7 +970,8 @@ static abi_long do_getsockopt(int sockfd, int level, int optname, | @@ -961,7 +970,8 @@ static abi_long do_getsockopt(int sockfd, int level, int optname, | ||
961 | #endif | 970 | #endif |
962 | case IP_MULTICAST_TTL: | 971 | case IP_MULTICAST_TTL: |
963 | case IP_MULTICAST_LOOP: | 972 | case IP_MULTICAST_LOOP: |
964 | - len = tget32(optlen); | 973 | + if (get_user_u32(len, optlen)) |
974 | + return -TARGET_EFAULT; | ||
965 | if (len < 0) | 975 | if (len < 0) |
966 | return -TARGET_EINVAL; | 976 | return -TARGET_EINVAL; |
967 | lv = sizeof(int); | 977 | lv = sizeof(int); |
@@ -970,13 +980,15 @@ static abi_long do_getsockopt(int sockfd, int level, int optname, | @@ -970,13 +980,15 @@ static abi_long do_getsockopt(int sockfd, int level, int optname, | ||
970 | return ret; | 980 | return ret; |
971 | if (len < sizeof(int) && len > 0 && val >= 0 && val < 255) { | 981 | if (len < sizeof(int) && len > 0 && val >= 0 && val < 255) { |
972 | len = 1; | 982 | len = 1; |
973 | - tput32(optlen, len); | ||
974 | - tput8(optval, val); | 983 | + if (put_user_u32(len, optlen) |
984 | + || put_user_u8(val, optval_addr)) | ||
985 | + return -TARGET_EFAULT; | ||
975 | } else { | 986 | } else { |
976 | if (len > sizeof(int)) | 987 | if (len > sizeof(int)) |
977 | len = sizeof(int); | 988 | len = sizeof(int); |
978 | - tput32(optlen, len); | ||
979 | - tput32(optval, val); | 989 | + if (put_user_u32(len, optlen) |
990 | + || put_user_u32(val, optval_addr)) | ||
991 | + return -TARGET_EFAULT; | ||
980 | } | 992 | } |
981 | break; | 993 | break; |
982 | default: | 994 | default: |
@@ -1148,63 +1160,82 @@ static abi_long do_sendrecvmsg(int fd, abi_ulong target_msg, | @@ -1148,63 +1160,82 @@ static abi_long do_sendrecvmsg(int fd, abi_ulong target_msg, | ||
1148 | 1160 | ||
1149 | /* do_accept() Must return target values and target errnos. */ | 1161 | /* do_accept() Must return target values and target errnos. */ |
1150 | static abi_long do_accept(int fd, abi_ulong target_addr, | 1162 | static abi_long do_accept(int fd, abi_ulong target_addr, |
1151 | - abi_ulong target_addrlen) | 1163 | + abi_ulong target_addrlen_addr) |
1152 | { | 1164 | { |
1153 | - socklen_t addrlen = tget32(target_addrlen); | ||
1154 | - void *addr = alloca(addrlen); | 1165 | + socklen_t addrlen; |
1166 | + void *addr; | ||
1155 | abi_long ret; | 1167 | abi_long ret; |
1156 | 1168 | ||
1169 | + if (get_user_u32(addrlen, target_addrlen_addr)) | ||
1170 | + return -TARGET_EFAULT; | ||
1171 | + | ||
1172 | + addr = alloca(addrlen); | ||
1173 | + | ||
1157 | ret = get_errno(accept(fd, addr, &addrlen)); | 1174 | ret = get_errno(accept(fd, addr, &addrlen)); |
1158 | if (!is_error(ret)) { | 1175 | if (!is_error(ret)) { |
1159 | host_to_target_sockaddr(target_addr, addr, addrlen); | 1176 | host_to_target_sockaddr(target_addr, addr, addrlen); |
1160 | - tput32(target_addrlen, addrlen); | 1177 | + if (put_user_u32(addrlen, target_addrlen_addr)) |
1178 | + ret = -TARGET_EFAULT; | ||
1161 | } | 1179 | } |
1162 | return ret; | 1180 | return ret; |
1163 | } | 1181 | } |
1164 | 1182 | ||
1165 | /* do_getpeername() Must return target values and target errnos. */ | 1183 | /* do_getpeername() Must return target values and target errnos. */ |
1166 | static abi_long do_getpeername(int fd, abi_ulong target_addr, | 1184 | static abi_long do_getpeername(int fd, abi_ulong target_addr, |
1167 | - abi_ulong target_addrlen) | 1185 | + abi_ulong target_addrlen_addr) |
1168 | { | 1186 | { |
1169 | - socklen_t addrlen = tget32(target_addrlen); | ||
1170 | - void *addr = alloca(addrlen); | 1187 | + socklen_t addrlen; |
1188 | + void *addr; | ||
1171 | abi_long ret; | 1189 | abi_long ret; |
1172 | 1190 | ||
1191 | + if (get_user_u32(addrlen, target_addrlen_addr)) | ||
1192 | + return -TARGET_EFAULT; | ||
1193 | + | ||
1194 | + addr = alloca(addrlen); | ||
1195 | + | ||
1173 | ret = get_errno(getpeername(fd, addr, &addrlen)); | 1196 | ret = get_errno(getpeername(fd, addr, &addrlen)); |
1174 | if (!is_error(ret)) { | 1197 | if (!is_error(ret)) { |
1175 | host_to_target_sockaddr(target_addr, addr, addrlen); | 1198 | host_to_target_sockaddr(target_addr, addr, addrlen); |
1176 | - tput32(target_addrlen, addrlen); | 1199 | + if (put_user_u32(addrlen, target_addrlen_addr)) |
1200 | + ret = -TARGET_EFAULT; | ||
1177 | } | 1201 | } |
1178 | return ret; | 1202 | return ret; |
1179 | } | 1203 | } |
1180 | 1204 | ||
1181 | /* do_getsockname() Must return target values and target errnos. */ | 1205 | /* do_getsockname() Must return target values and target errnos. */ |
1182 | static abi_long do_getsockname(int fd, abi_ulong target_addr, | 1206 | static abi_long do_getsockname(int fd, abi_ulong target_addr, |
1183 | - abi_ulong target_addrlen) | 1207 | + abi_ulong target_addrlen_addr) |
1184 | { | 1208 | { |
1185 | - socklen_t addrlen = tget32(target_addrlen); | ||
1186 | - void *addr = alloca(addrlen); | 1209 | + socklen_t addrlen; |
1210 | + void *addr; | ||
1187 | abi_long ret; | 1211 | abi_long ret; |
1188 | 1212 | ||
1213 | + if (get_user_u32(addrlen, target_addrlen_addr)) | ||
1214 | + return -TARGET_EFAULT; | ||
1215 | + | ||
1216 | + addr = alloca(addrlen); | ||
1217 | + | ||
1189 | ret = get_errno(getsockname(fd, addr, &addrlen)); | 1218 | ret = get_errno(getsockname(fd, addr, &addrlen)); |
1190 | if (!is_error(ret)) { | 1219 | if (!is_error(ret)) { |
1191 | host_to_target_sockaddr(target_addr, addr, addrlen); | 1220 | host_to_target_sockaddr(target_addr, addr, addrlen); |
1192 | - tput32(target_addrlen, addrlen); | 1221 | + if (put_user_u32(addrlen, target_addrlen_addr)) |
1222 | + ret = -TARGET_EFAULT; | ||
1193 | } | 1223 | } |
1194 | return ret; | 1224 | return ret; |
1195 | } | 1225 | } |
1196 | 1226 | ||
1197 | /* do_socketpair() Must return target values and target errnos. */ | 1227 | /* do_socketpair() Must return target values and target errnos. */ |
1198 | static abi_long do_socketpair(int domain, int type, int protocol, | 1228 | static abi_long do_socketpair(int domain, int type, int protocol, |
1199 | - abi_ulong target_tab) | 1229 | + abi_ulong target_tab_addr) |
1200 | { | 1230 | { |
1201 | int tab[2]; | 1231 | int tab[2]; |
1202 | abi_long ret; | 1232 | abi_long ret; |
1203 | 1233 | ||
1204 | ret = get_errno(socketpair(domain, type, protocol, tab)); | 1234 | ret = get_errno(socketpair(domain, type, protocol, tab)); |
1205 | if (!is_error(ret)) { | 1235 | if (!is_error(ret)) { |
1206 | - tput32(target_tab, tab[0]); | ||
1207 | - tput32(target_tab + 4, tab[1]); | 1236 | + if (put_user_s32(tab[0], target_tab_addr) |
1237 | + || put_user_s32(tab[1], target_tab_addr + sizeof(tab[0]))) | ||
1238 | + ret = -TARGET_EFAULT; | ||
1208 | } | 1239 | } |
1209 | return ret; | 1240 | return ret; |
1210 | } | 1241 | } |
@@ -1245,7 +1276,10 @@ static abi_long do_recvfrom(int fd, abi_ulong msg, size_t len, int flags, | @@ -1245,7 +1276,10 @@ static abi_long do_recvfrom(int fd, abi_ulong msg, size_t len, int flags, | ||
1245 | if (!host_msg) | 1276 | if (!host_msg) |
1246 | return -TARGET_EFAULT; | 1277 | return -TARGET_EFAULT; |
1247 | if (target_addr) { | 1278 | if (target_addr) { |
1248 | - addrlen = tget32(target_addrlen); | 1279 | + if (get_user_u32(addrlen, target_addrlen)) { |
1280 | + ret = -TARGET_EFAULT; | ||
1281 | + goto fail; | ||
1282 | + } | ||
1249 | addr = alloca(addrlen); | 1283 | addr = alloca(addrlen); |
1250 | ret = get_errno(recvfrom(fd, host_msg, len, flags, addr, &addrlen)); | 1284 | ret = get_errno(recvfrom(fd, host_msg, len, flags, addr, &addrlen)); |
1251 | } else { | 1285 | } else { |
@@ -1255,10 +1289,14 @@ static abi_long do_recvfrom(int fd, abi_ulong msg, size_t len, int flags, | @@ -1255,10 +1289,14 @@ static abi_long do_recvfrom(int fd, abi_ulong msg, size_t len, int flags, | ||
1255 | if (!is_error(ret)) { | 1289 | if (!is_error(ret)) { |
1256 | if (target_addr) { | 1290 | if (target_addr) { |
1257 | host_to_target_sockaddr(target_addr, addr, addrlen); | 1291 | host_to_target_sockaddr(target_addr, addr, addrlen); |
1258 | - tput32(target_addrlen, addrlen); | 1292 | + if (put_user_u32(addrlen, target_addrlen)) { |
1293 | + ret = -TARGET_EFAULT; | ||
1294 | + goto fail; | ||
1295 | + } | ||
1259 | } | 1296 | } |
1260 | unlock_user(host_msg, msg, len); | 1297 | unlock_user(host_msg, msg, len); |
1261 | } else { | 1298 | } else { |
1299 | +fail: | ||
1262 | unlock_user(host_msg, msg, 0); | 1300 | unlock_user(host_msg, msg, 0); |
1263 | } | 1301 | } |
1264 | return ret; | 1302 | return ret; |
@@ -1274,112 +1312,187 @@ static abi_long do_socketcall(int num, abi_ulong vptr) | @@ -1274,112 +1312,187 @@ static abi_long do_socketcall(int num, abi_ulong vptr) | ||
1274 | switch(num) { | 1312 | switch(num) { |
1275 | case SOCKOP_socket: | 1313 | case SOCKOP_socket: |
1276 | { | 1314 | { |
1277 | - int domain = tgetl(vptr); | ||
1278 | - int type = tgetl(vptr + n); | ||
1279 | - int protocol = tgetl(vptr + 2 * n); | 1315 | + int domain, type, protocol; |
1316 | + | ||
1317 | + if (get_user_s32(domain, vptr) | ||
1318 | + || get_user_s32(type, vptr + n) | ||
1319 | + || get_user_s32(protocol, vptr + 2 * n)) | ||
1320 | + return -TARGET_EFAULT; | ||
1321 | + | ||
1280 | ret = do_socket(domain, type, protocol); | 1322 | ret = do_socket(domain, type, protocol); |
1281 | } | 1323 | } |
1282 | break; | 1324 | break; |
1283 | case SOCKOP_bind: | 1325 | case SOCKOP_bind: |
1284 | { | 1326 | { |
1285 | - int sockfd = tgetl(vptr); | ||
1286 | - abi_ulong target_addr = tgetl(vptr + n); | ||
1287 | - socklen_t addrlen = tgetl(vptr + 2 * n); | 1327 | + int sockfd; |
1328 | + abi_ulong target_addr; | ||
1329 | + socklen_t addrlen; | ||
1330 | + | ||
1331 | + if (get_user_s32(sockfd, vptr) | ||
1332 | + || get_user_ual(target_addr, vptr + n) | ||
1333 | + || get_user_u32(addrlen, vptr + 2 * n)) | ||
1334 | + return -TARGET_EFAULT; | ||
1335 | + | ||
1288 | ret = do_bind(sockfd, target_addr, addrlen); | 1336 | ret = do_bind(sockfd, target_addr, addrlen); |
1289 | } | 1337 | } |
1290 | break; | 1338 | break; |
1291 | case SOCKOP_connect: | 1339 | case SOCKOP_connect: |
1292 | { | 1340 | { |
1293 | - int sockfd = tgetl(vptr); | ||
1294 | - abi_ulong target_addr = tgetl(vptr + n); | ||
1295 | - socklen_t addrlen = tgetl(vptr + 2 * n); | 1341 | + int sockfd; |
1342 | + abi_ulong target_addr; | ||
1343 | + socklen_t addrlen; | ||
1344 | + | ||
1345 | + if (get_user_s32(sockfd, vptr) | ||
1346 | + || get_user_ual(target_addr, vptr + n) | ||
1347 | + || get_user_u32(addrlen, vptr + 2 * n)) | ||
1348 | + return -TARGET_EFAULT; | ||
1349 | + | ||
1296 | ret = do_connect(sockfd, target_addr, addrlen); | 1350 | ret = do_connect(sockfd, target_addr, addrlen); |
1297 | } | 1351 | } |
1298 | break; | 1352 | break; |
1299 | case SOCKOP_listen: | 1353 | case SOCKOP_listen: |
1300 | { | 1354 | { |
1301 | - int sockfd = tgetl(vptr); | ||
1302 | - int backlog = tgetl(vptr + n); | 1355 | + int sockfd, backlog; |
1356 | + | ||
1357 | + if (get_user_s32(sockfd, vptr) | ||
1358 | + || get_user_s32(backlog, vptr + n)) | ||
1359 | + return -TARGET_EFAULT; | ||
1360 | + | ||
1303 | ret = get_errno(listen(sockfd, backlog)); | 1361 | ret = get_errno(listen(sockfd, backlog)); |
1304 | } | 1362 | } |
1305 | break; | 1363 | break; |
1306 | case SOCKOP_accept: | 1364 | case SOCKOP_accept: |
1307 | { | 1365 | { |
1308 | - int sockfd = tgetl(vptr); | ||
1309 | - abi_ulong target_addr = tgetl(vptr + n); | ||
1310 | - abi_ulong target_addrlen = tgetl(vptr + 2 * n); | 1366 | + int sockfd; |
1367 | + abi_ulong target_addr, target_addrlen; | ||
1368 | + | ||
1369 | + if (get_user_s32(sockfd, vptr) | ||
1370 | + || get_user_ual(target_addr, vptr + n) | ||
1371 | + || get_user_u32(target_addrlen, vptr + 2 * n)) | ||
1372 | + return -TARGET_EFAULT; | ||
1373 | + | ||
1311 | ret = do_accept(sockfd, target_addr, target_addrlen); | 1374 | ret = do_accept(sockfd, target_addr, target_addrlen); |
1312 | } | 1375 | } |
1313 | break; | 1376 | break; |
1314 | case SOCKOP_getsockname: | 1377 | case SOCKOP_getsockname: |
1315 | { | 1378 | { |
1316 | - int sockfd = tgetl(vptr); | ||
1317 | - abi_ulong target_addr = tgetl(vptr + n); | ||
1318 | - abi_ulong target_addrlen = tgetl(vptr + 2 * n); | 1379 | + int sockfd; |
1380 | + abi_ulong target_addr, target_addrlen; | ||
1381 | + | ||
1382 | + if (get_user_s32(sockfd, vptr) | ||
1383 | + || get_user_ual(target_addr, vptr + n) | ||
1384 | + || get_user_u32(target_addrlen, vptr + 2 * n)) | ||
1385 | + return -TARGET_EFAULT; | ||
1386 | + | ||
1319 | ret = do_getsockname(sockfd, target_addr, target_addrlen); | 1387 | ret = do_getsockname(sockfd, target_addr, target_addrlen); |
1320 | } | 1388 | } |
1321 | break; | 1389 | break; |
1322 | case SOCKOP_getpeername: | 1390 | case SOCKOP_getpeername: |
1323 | { | 1391 | { |
1324 | - int sockfd = tgetl(vptr); | ||
1325 | - abi_ulong target_addr = tgetl(vptr + n); | ||
1326 | - abi_ulong target_addrlen = tgetl(vptr + 2 * n); | 1392 | + int sockfd; |
1393 | + abi_ulong target_addr, target_addrlen; | ||
1394 | + | ||
1395 | + if (get_user_s32(sockfd, vptr) | ||
1396 | + || get_user_ual(target_addr, vptr + n) | ||
1397 | + || get_user_u32(target_addrlen, vptr + 2 * n)) | ||
1398 | + return -TARGET_EFAULT; | ||
1399 | + | ||
1327 | ret = do_getpeername(sockfd, target_addr, target_addrlen); | 1400 | ret = do_getpeername(sockfd, target_addr, target_addrlen); |
1328 | } | 1401 | } |
1329 | break; | 1402 | break; |
1330 | case SOCKOP_socketpair: | 1403 | case SOCKOP_socketpair: |
1331 | { | 1404 | { |
1332 | - int domain = tgetl(vptr); | ||
1333 | - int type = tgetl(vptr + n); | ||
1334 | - int protocol = tgetl(vptr + 2 * n); | ||
1335 | - abi_ulong tab = tgetl(vptr + 3 * n); | 1405 | + int domain, type, protocol; |
1406 | + abi_ulong tab; | ||
1407 | + | ||
1408 | + if (get_user_s32(domain, vptr) | ||
1409 | + || get_user_s32(type, vptr + n) | ||
1410 | + || get_user_s32(protocol, vptr + 2 * n) | ||
1411 | + || get_user_ual(tab, vptr + 3 * n)) | ||
1412 | + return -TARGET_EFAULT; | ||
1413 | + | ||
1336 | ret = do_socketpair(domain, type, protocol, tab); | 1414 | ret = do_socketpair(domain, type, protocol, tab); |
1337 | } | 1415 | } |
1338 | break; | 1416 | break; |
1339 | case SOCKOP_send: | 1417 | case SOCKOP_send: |
1340 | { | 1418 | { |
1341 | - int sockfd = tgetl(vptr); | ||
1342 | - abi_ulong msg = tgetl(vptr + n); | ||
1343 | - size_t len = tgetl(vptr + 2 * n); | ||
1344 | - int flags = tgetl(vptr + 3 * n); | 1419 | + int sockfd; |
1420 | + abi_ulong msg; | ||
1421 | + size_t len; | ||
1422 | + int flags; | ||
1423 | + | ||
1424 | + if (get_user_s32(sockfd, vptr) | ||
1425 | + || get_user_ual(msg, vptr + n) | ||
1426 | + || get_user_ual(len, vptr + 2 * n) | ||
1427 | + || get_user_s32(flags, vptr + 3 * n)) | ||
1428 | + return -TARGET_EFAULT; | ||
1429 | + | ||
1345 | ret = do_sendto(sockfd, msg, len, flags, 0, 0); | 1430 | ret = do_sendto(sockfd, msg, len, flags, 0, 0); |
1346 | } | 1431 | } |
1347 | break; | 1432 | break; |
1348 | case SOCKOP_recv: | 1433 | case SOCKOP_recv: |
1349 | { | 1434 | { |
1350 | - int sockfd = tgetl(vptr); | ||
1351 | - abi_ulong msg = tgetl(vptr + n); | ||
1352 | - size_t len = tgetl(vptr + 2 * n); | ||
1353 | - int flags = tgetl(vptr + 3 * n); | 1435 | + int sockfd; |
1436 | + abi_ulong msg; | ||
1437 | + size_t len; | ||
1438 | + int flags; | ||
1439 | + | ||
1440 | + if (get_user_s32(sockfd, vptr) | ||
1441 | + || get_user_ual(msg, vptr + n) | ||
1442 | + || get_user_ual(len, vptr + 2 * n) | ||
1443 | + || get_user_s32(flags, vptr + 3 * n)) | ||
1444 | + return -TARGET_EFAULT; | ||
1445 | + | ||
1354 | ret = do_recvfrom(sockfd, msg, len, flags, 0, 0); | 1446 | ret = do_recvfrom(sockfd, msg, len, flags, 0, 0); |
1355 | } | 1447 | } |
1356 | break; | 1448 | break; |
1357 | case SOCKOP_sendto: | 1449 | case SOCKOP_sendto: |
1358 | { | 1450 | { |
1359 | - int sockfd = tgetl(vptr); | ||
1360 | - abi_ulong msg = tgetl(vptr + n); | ||
1361 | - size_t len = tgetl(vptr + 2 * n); | ||
1362 | - int flags = tgetl(vptr + 3 * n); | ||
1363 | - abi_ulong addr = tgetl(vptr + 4 * n); | ||
1364 | - socklen_t addrlen = tgetl(vptr + 5 * n); | 1451 | + int sockfd; |
1452 | + abi_ulong msg; | ||
1453 | + size_t len; | ||
1454 | + int flags; | ||
1455 | + abi_ulong addr; | ||
1456 | + socklen_t addrlen; | ||
1457 | + | ||
1458 | + if (get_user_s32(sockfd, vptr) | ||
1459 | + || get_user_ual(msg, vptr + n) | ||
1460 | + || get_user_ual(len, vptr + 2 * n) | ||
1461 | + || get_user_s32(flags, vptr + 3 * n) | ||
1462 | + || get_user_ual(addr, vptr + 4 * n) | ||
1463 | + || get_user_u32(addrlen, vptr + 5 * n)) | ||
1464 | + return -TARGET_EFAULT; | ||
1465 | + | ||
1365 | ret = do_sendto(sockfd, msg, len, flags, addr, addrlen); | 1466 | ret = do_sendto(sockfd, msg, len, flags, addr, addrlen); |
1366 | } | 1467 | } |
1367 | break; | 1468 | break; |
1368 | case SOCKOP_recvfrom: | 1469 | case SOCKOP_recvfrom: |
1369 | { | 1470 | { |
1370 | - int sockfd = tgetl(vptr); | ||
1371 | - abi_ulong msg = tgetl(vptr + n); | ||
1372 | - size_t len = tgetl(vptr + 2 * n); | ||
1373 | - int flags = tgetl(vptr + 3 * n); | ||
1374 | - abi_ulong addr = tgetl(vptr + 4 * n); | ||
1375 | - abi_ulong addrlen = tgetl(vptr + 5 * n); | 1471 | + int sockfd; |
1472 | + abi_ulong msg; | ||
1473 | + size_t len; | ||
1474 | + int flags; | ||
1475 | + abi_ulong addr; | ||
1476 | + socklen_t addrlen; | ||
1477 | + | ||
1478 | + if (get_user_s32(sockfd, vptr) | ||
1479 | + || get_user_ual(msg, vptr + n) | ||
1480 | + || get_user_ual(len, vptr + 2 * n) | ||
1481 | + || get_user_s32(flags, vptr + 3 * n) | ||
1482 | + || get_user_ual(addr, vptr + 4 * n) | ||
1483 | + || get_user_u32(addrlen, vptr + 5 * n)) | ||
1484 | + return -TARGET_EFAULT; | ||
1485 | + | ||
1376 | ret = do_recvfrom(sockfd, msg, len, flags, addr, addrlen); | 1486 | ret = do_recvfrom(sockfd, msg, len, flags, addr, addrlen); |
1377 | } | 1487 | } |
1378 | break; | 1488 | break; |
1379 | case SOCKOP_shutdown: | 1489 | case SOCKOP_shutdown: |
1380 | { | 1490 | { |
1381 | - int sockfd = tgetl(vptr); | ||
1382 | - int how = tgetl(vptr + n); | 1491 | + int sockfd, how; |
1492 | + | ||
1493 | + if (get_user_s32(sockfd, vptr) | ||
1494 | + || get_user_s32(how, vptr + n)) | ||
1495 | + return -TARGET_EFAULT; | ||
1383 | 1496 | ||
1384 | ret = get_errno(shutdown(sockfd, how)); | 1497 | ret = get_errno(shutdown(sockfd, how)); |
1385 | } | 1498 | } |
@@ -1391,9 +1504,10 @@ static abi_long do_socketcall(int num, abi_ulong vptr) | @@ -1391,9 +1504,10 @@ static abi_long do_socketcall(int num, abi_ulong vptr) | ||
1391 | abi_ulong target_msg; | 1504 | abi_ulong target_msg; |
1392 | int flags; | 1505 | int flags; |
1393 | 1506 | ||
1394 | - fd = tgetl(vptr); | ||
1395 | - target_msg = tgetl(vptr + n); | ||
1396 | - flags = tgetl(vptr + 2 * n); | 1507 | + if (get_user_s32(fd, vptr) |
1508 | + || get_user_ual(target_msg, vptr + n) | ||
1509 | + || get_user_s32(flags, vptr + 2 * n)) | ||
1510 | + return -TARGET_EFAULT; | ||
1397 | 1511 | ||
1398 | ret = do_sendrecvmsg(fd, target_msg, flags, | 1512 | ret = do_sendrecvmsg(fd, target_msg, flags, |
1399 | (num == SOCKOP_sendmsg)); | 1513 | (num == SOCKOP_sendmsg)); |
@@ -1401,24 +1515,38 @@ static abi_long do_socketcall(int num, abi_ulong vptr) | @@ -1401,24 +1515,38 @@ static abi_long do_socketcall(int num, abi_ulong vptr) | ||
1401 | break; | 1515 | break; |
1402 | case SOCKOP_setsockopt: | 1516 | case SOCKOP_setsockopt: |
1403 | { | 1517 | { |
1404 | - int sockfd = tgetl(vptr); | ||
1405 | - int level = tgetl(vptr + n); | ||
1406 | - int optname = tgetl(vptr + 2 * n); | ||
1407 | - abi_ulong optval = tgetl(vptr + 3 * n); | ||
1408 | - socklen_t optlen = tgetl(vptr + 4 * n); | 1518 | + int sockfd; |
1519 | + int level; | ||
1520 | + int optname; | ||
1521 | + abi_ulong optval; | ||
1522 | + socklen_t optlen; | ||
1523 | + | ||
1524 | + if (get_user_s32(sockfd, vptr) | ||
1525 | + || get_user_s32(level, vptr + n) | ||
1526 | + || get_user_s32(optname, vptr + 2 * n) | ||
1527 | + || get_user_ual(optval, vptr + 3 * n) | ||
1528 | + || get_user_u32(optlen, vptr + 4 * n)) | ||
1529 | + return -TARGET_EFAULT; | ||
1409 | 1530 | ||
1410 | ret = do_setsockopt(sockfd, level, optname, optval, optlen); | 1531 | ret = do_setsockopt(sockfd, level, optname, optval, optlen); |
1411 | } | 1532 | } |
1412 | break; | 1533 | break; |
1413 | case SOCKOP_getsockopt: | 1534 | case SOCKOP_getsockopt: |
1414 | { | 1535 | { |
1415 | - int sockfd = tgetl(vptr); | ||
1416 | - int level = tgetl(vptr + n); | ||
1417 | - int optname = tgetl(vptr + 2 * n); | ||
1418 | - abi_ulong optval = tgetl(vptr + 3 * n); | ||
1419 | - abi_ulong poptlen = tgetl(vptr + 4 * n); | 1536 | + int sockfd; |
1537 | + int level; | ||
1538 | + int optname; | ||
1539 | + abi_ulong optval; | ||
1540 | + socklen_t optlen; | ||
1541 | + | ||
1542 | + if (get_user_s32(sockfd, vptr) | ||
1543 | + || get_user_s32(level, vptr + n) | ||
1544 | + || get_user_s32(optname, vptr + 2 * n) | ||
1545 | + || get_user_ual(optval, vptr + 3 * n) | ||
1546 | + || get_user_u32(optlen, vptr + 4 * n)) | ||
1547 | + return -TARGET_EFAULT; | ||
1420 | 1548 | ||
1421 | - ret = do_getsockopt(sockfd, level, optname, optval, poptlen); | 1549 | + ret = do_getsockopt(sockfd, level, optname, optval, optlen); |
1422 | } | 1550 | } |
1423 | break; | 1551 | break; |
1424 | default: | 1552 | default: |
@@ -1883,7 +2011,7 @@ static abi_long do_ipc(unsigned int call, int first, | @@ -1883,7 +2011,7 @@ static abi_long do_ipc(unsigned int call, int first, | ||
1883 | break; | 2011 | break; |
1884 | } | 2012 | } |
1885 | } | 2013 | } |
1886 | - if (put_user(raddr, third, abi_ulong)) | 2014 | + if (put_user_ual(raddr, third)) |
1887 | return -TARGET_EFAULT; | 2015 | return -TARGET_EFAULT; |
1888 | ret = 0; | 2016 | ret = 0; |
1889 | } | 2017 | } |
@@ -2957,10 +3085,8 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, | @@ -2957,10 +3085,8 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, | ||
2957 | unlock_user(p, arg2, 0); | 3085 | unlock_user(p, arg2, 0); |
2958 | break; | 3086 | break; |
2959 | case TARGET_NR_open: | 3087 | case TARGET_NR_open: |
2960 | - if (!(p = lock_user_string(arg1))) { | ||
2961 | - return -TARGET_EFAULT; | ||
2962 | - goto fail; | ||
2963 | - } | 3088 | + if (!(p = lock_user_string(arg1))) |
3089 | + goto efault; | ||
2964 | ret = get_errno(open(path(p), | 3090 | ret = get_errno(open(path(p), |
2965 | target_to_host_bitmask(arg2, fcntl_flags_tbl), | 3091 | target_to_host_bitmask(arg2, fcntl_flags_tbl), |
2966 | arg3)); | 3092 | arg3)); |
@@ -2991,8 +3117,9 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, | @@ -2991,8 +3117,9 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, | ||
2991 | { | 3117 | { |
2992 | int status; | 3118 | int status; |
2993 | ret = get_errno(waitpid(arg1, &status, arg3)); | 3119 | ret = get_errno(waitpid(arg1, &status, arg3)); |
2994 | - if (!is_error(ret) && arg2) | ||
2995 | - tput32(arg2, status); | 3120 | + if (!is_error(ret) && arg2 |
3121 | + && put_user_s32(status, arg2)) | ||
3122 | + goto efault; | ||
2996 | } | 3123 | } |
2997 | break; | 3124 | break; |
2998 | #endif | 3125 | #endif |
@@ -3059,56 +3186,71 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, | @@ -3059,56 +3186,71 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, | ||
3059 | 3186 | ||
3060 | argc = 0; | 3187 | argc = 0; |
3061 | guest_argp = arg2; | 3188 | guest_argp = arg2; |
3062 | - for (gp = guest_argp; tgetl(gp); gp++) | 3189 | + for (gp = guest_argp; ; gp++) { |
3190 | + if (get_user_ual(guest_argp, gp)) | ||
3191 | + goto efault; | ||
3192 | + if (!guest_argp) | ||
3193 | + break; | ||
3063 | argc++; | 3194 | argc++; |
3195 | + } | ||
3064 | envc = 0; | 3196 | envc = 0; |
3065 | guest_envp = arg3; | 3197 | guest_envp = arg3; |
3066 | - for (gp = guest_envp; tgetl(gp); gp++) | 3198 | + for (gp = guest_envp; ; gp++) { |
3199 | + if (get_user_ual(guest_envp, gp)) | ||
3200 | + goto efault; | ||
3201 | + if (!guest_envp) | ||
3202 | + break; | ||
3067 | envc++; | 3203 | envc++; |
3204 | + } | ||
3068 | 3205 | ||
3069 | argp = alloca((argc + 1) * sizeof(void *)); | 3206 | argp = alloca((argc + 1) * sizeof(void *)); |
3070 | envp = alloca((envc + 1) * sizeof(void *)); | 3207 | envp = alloca((envc + 1) * sizeof(void *)); |
3071 | 3208 | ||
3072 | for (gp = guest_argp, q = argp; ; | 3209 | for (gp = guest_argp, q = argp; ; |
3073 | gp += sizeof(abi_ulong), q++) { | 3210 | gp += sizeof(abi_ulong), q++) { |
3074 | - addr = tgetl(gp); | 3211 | + if (get_user_ual(addr, gp)) |
3212 | + goto execve_efault; | ||
3075 | if (!addr) | 3213 | if (!addr) |
3076 | break; | 3214 | break; |
3077 | - if (!(*q = lock_user_string(addr))) { | ||
3078 | - ret = -TARGET_EFAULT; | ||
3079 | - goto execve_fail; | ||
3080 | - } | 3215 | + if (!(*q = lock_user_string(addr))) |
3216 | + goto execve_efault; | ||
3081 | } | 3217 | } |
3082 | *q = NULL; | 3218 | *q = NULL; |
3083 | 3219 | ||
3084 | for (gp = guest_envp, q = envp; ; | 3220 | for (gp = guest_envp, q = envp; ; |
3085 | gp += sizeof(abi_ulong), q++) { | 3221 | gp += sizeof(abi_ulong), q++) { |
3086 | - addr = tgetl(gp); | 3222 | + if (get_user_ual(addr, gp)) |
3223 | + goto execve_efault; | ||
3087 | if (!addr) | 3224 | if (!addr) |
3088 | break; | 3225 | break; |
3089 | - if (!(*q = lock_user_string(addr))) { | ||
3090 | - ret = -TARGET_EFAULT; | ||
3091 | - goto execve_fail; | ||
3092 | - } | 3226 | + if (!(*q = lock_user_string(addr))) |
3227 | + goto execve_efault; | ||
3093 | } | 3228 | } |
3094 | *q = NULL; | 3229 | *q = NULL; |
3095 | 3230 | ||
3096 | - if (!(p = lock_user_string(arg1))) { | ||
3097 | - ret = -TARGET_EFAULT; | ||
3098 | - goto execve_fail; | ||
3099 | - } | 3231 | + if (!(p = lock_user_string(arg1))) |
3232 | + goto execve_efault; | ||
3100 | ret = get_errno(execve(p, argp, envp)); | 3233 | ret = get_errno(execve(p, argp, envp)); |
3101 | unlock_user(p, arg1, 0); | 3234 | unlock_user(p, arg1, 0); |
3102 | 3235 | ||
3103 | - execve_fail: | 3236 | + goto execve_end; |
3237 | + | ||
3238 | + execve_efault: | ||
3239 | + ret = -TARGET_EFAULT; | ||
3240 | + | ||
3241 | + execve_end: | ||
3104 | for (gp = guest_argp, q = argp; *q; | 3242 | for (gp = guest_argp, q = argp; *q; |
3105 | gp += sizeof(abi_ulong), q++) { | 3243 | gp += sizeof(abi_ulong), q++) { |
3106 | - addr = tgetl(gp); | 3244 | + if (get_user_ual(addr, gp) |
3245 | + || !addr) | ||
3246 | + break; | ||
3107 | unlock_user(*q, addr, 0); | 3247 | unlock_user(*q, addr, 0); |
3108 | } | 3248 | } |
3109 | for (gp = guest_envp, q = envp; *q; | 3249 | for (gp = guest_envp, q = envp; *q; |
3110 | gp += sizeof(abi_ulong), q++) { | 3250 | gp += sizeof(abi_ulong), q++) { |
3111 | - addr = tgetl(gp); | 3251 | + if (get_user_ual(addr, gp) |
3252 | + || !addr) | ||
3253 | + break; | ||
3112 | unlock_user(*q, addr, 0); | 3254 | unlock_user(*q, addr, 0); |
3113 | } | 3255 | } |
3114 | } | 3256 | } |
@@ -3124,8 +3266,10 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, | @@ -3124,8 +3266,10 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, | ||
3124 | { | 3266 | { |
3125 | time_t host_time; | 3267 | time_t host_time; |
3126 | ret = get_errno(time(&host_time)); | 3268 | ret = get_errno(time(&host_time)); |
3127 | - if (!is_error(ret) && arg1) | ||
3128 | - tputl(arg1, host_time); | 3269 | + if (!is_error(ret) |
3270 | + && arg1 | ||
3271 | + && put_user_sal(host_time, arg1)) | ||
3272 | + goto efault; | ||
3129 | } | 3273 | } |
3130 | break; | 3274 | break; |
3131 | #endif | 3275 | #endif |
@@ -3199,7 +3343,8 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, | @@ -3199,7 +3343,8 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, | ||
3199 | case TARGET_NR_stime: | 3343 | case TARGET_NR_stime: |
3200 | { | 3344 | { |
3201 | time_t host_time; | 3345 | time_t host_time; |
3202 | - host_time = tgetl(arg1); | 3346 | + if (get_user_sal(host_time, arg1)) |
3347 | + goto efault; | ||
3203 | ret = get_errno(stime(&host_time)); | 3348 | ret = get_errno(stime(&host_time)); |
3204 | } | 3349 | } |
3205 | break; | 3350 | break; |
@@ -3358,8 +3503,9 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, | @@ -3358,8 +3503,9 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, | ||
3358 | env->gpr[3][env->current_tc] = host_pipe[1]; | 3503 | env->gpr[3][env->current_tc] = host_pipe[1]; |
3359 | ret = host_pipe[0]; | 3504 | ret = host_pipe[0]; |
3360 | #else | 3505 | #else |
3361 | - tput32(arg1, host_pipe[0]); | ||
3362 | - tput32(arg1 + 4, host_pipe[1]); | 3506 | + if (put_user_s32(host_pipe[0], arg1) |
3507 | + || put_user_s32(host_pipe[1], arg1 + sizeof(host_pipe[0]))) | ||
3508 | + goto efault; | ||
3363 | #endif | 3509 | #endif |
3364 | } | 3510 | } |
3365 | } | 3511 | } |
@@ -4267,11 +4413,12 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, | @@ -4267,11 +4413,12 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, | ||
4267 | rusage_ptr = NULL; | 4413 | rusage_ptr = NULL; |
4268 | ret = get_errno(wait4(arg1, &status, arg3, rusage_ptr)); | 4414 | ret = get_errno(wait4(arg1, &status, arg3, rusage_ptr)); |
4269 | if (!is_error(ret)) { | 4415 | if (!is_error(ret)) { |
4270 | - if (status_ptr) | ||
4271 | - tputl(status_ptr, status); | ||
4272 | - if (target_rusage) { | ||
4273 | - host_to_target_rusage(target_rusage, &rusage); | 4416 | + if (status_ptr) { |
4417 | + if (put_user_s32(status, status_ptr)) | ||
4418 | + goto efault; | ||
4274 | } | 4419 | } |
4420 | + if (target_rusage) | ||
4421 | + host_to_target_rusage(target_rusage, &rusage); | ||
4275 | } | 4422 | } |
4276 | } | 4423 | } |
4277 | break; | 4424 | break; |
@@ -4404,11 +4551,13 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, | @@ -4404,11 +4551,13 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, | ||
4404 | { | 4551 | { |
4405 | #if defined (__x86_64__) | 4552 | #if defined (__x86_64__) |
4406 | ret = get_errno(lseek(arg1, ((uint64_t )arg2 << 32) | arg3, arg5)); | 4553 | ret = get_errno(lseek(arg1, ((uint64_t )arg2 << 32) | arg3, arg5)); |
4407 | - tput64(arg4, ret); | 4554 | + if (put_user_s64(ret, arg4)) |
4555 | + goto efault; | ||
4408 | #else | 4556 | #else |
4409 | int64_t res; | 4557 | int64_t res; |
4410 | ret = get_errno(_llseek(arg1, arg2, arg3, &res, arg5)); | 4558 | ret = get_errno(_llseek(arg1, arg2, arg3, &res, arg5)); |
4411 | - tput64(arg4, res); | 4559 | + if (put_user_s64(res, arg4)) |
4560 | + goto efault; | ||
4412 | #endif | 4561 | #endif |
4413 | } | 4562 | } |
4414 | break; | 4563 | break; |
@@ -4674,8 +4823,9 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, | @@ -4674,8 +4823,9 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, | ||
4674 | { | 4823 | { |
4675 | int deathsig; | 4824 | int deathsig; |
4676 | ret = get_errno(prctl(arg1, &deathsig, arg3, arg4, arg5)); | 4825 | ret = get_errno(prctl(arg1, &deathsig, arg3, arg4, arg5)); |
4677 | - if (!is_error(ret) && arg2) | ||
4678 | - tput32(arg2, deathsig); | 4826 | + if (!is_error(ret) && arg2 |
4827 | + && put_user_ual(deathsig, arg2)) | ||
4828 | + goto efault; | ||
4679 | } | 4829 | } |
4680 | break; | 4830 | break; |
4681 | default: | 4831 | default: |
@@ -4932,9 +5082,10 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, | @@ -4932,9 +5082,10 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, | ||
4932 | uid_t ruid, euid, suid; | 5082 | uid_t ruid, euid, suid; |
4933 | ret = get_errno(getresuid(&ruid, &euid, &suid)); | 5083 | ret = get_errno(getresuid(&ruid, &euid, &suid)); |
4934 | if (!is_error(ret)) { | 5084 | if (!is_error(ret)) { |
4935 | - tput16(arg1, tswap16(high2lowuid(ruid))); | ||
4936 | - tput16(arg2, tswap16(high2lowuid(euid))); | ||
4937 | - tput16(arg3, tswap16(high2lowuid(suid))); | 5085 | + if (put_user_u16(high2lowuid(ruid), arg1) |
5086 | + || put_user_u16(high2lowuid(euid), arg2) | ||
5087 | + || put_user_u16(high2lowuid(suid), arg3)) | ||
5088 | + goto efault; | ||
4938 | } | 5089 | } |
4939 | } | 5090 | } |
4940 | break; | 5091 | break; |
@@ -4952,9 +5103,10 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, | @@ -4952,9 +5103,10 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, | ||
4952 | gid_t rgid, egid, sgid; | 5103 | gid_t rgid, egid, sgid; |
4953 | ret = get_errno(getresgid(&rgid, &egid, &sgid)); | 5104 | ret = get_errno(getresgid(&rgid, &egid, &sgid)); |
4954 | if (!is_error(ret)) { | 5105 | if (!is_error(ret)) { |
4955 | - tput16(arg1, tswap16(high2lowgid(rgid))); | ||
4956 | - tput16(arg2, tswap16(high2lowgid(egid))); | ||
4957 | - tput16(arg3, tswap16(high2lowgid(sgid))); | 5106 | + if (put_user_u16(high2lowgid(rgid), arg1) |
5107 | + || put_user_u16(high2lowgid(egid), arg2) | ||
5108 | + || put_user_u16(high2lowgid(sgid), arg3)) | ||
5109 | + goto efault; | ||
4958 | } | 5110 | } |
4959 | } | 5111 | } |
4960 | break; | 5112 | break; |
@@ -5077,9 +5229,10 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, | @@ -5077,9 +5229,10 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, | ||
5077 | uid_t ruid, euid, suid; | 5229 | uid_t ruid, euid, suid; |
5078 | ret = get_errno(getresuid(&ruid, &euid, &suid)); | 5230 | ret = get_errno(getresuid(&ruid, &euid, &suid)); |
5079 | if (!is_error(ret)) { | 5231 | if (!is_error(ret)) { |
5080 | - tput32(arg1, tswap32(ruid)); | ||
5081 | - tput32(arg2, tswap32(euid)); | ||
5082 | - tput32(arg3, tswap32(suid)); | 5232 | + if (put_user_u32(ruid, arg1) |
5233 | + || put_user_u32(euid, arg2) | ||
5234 | + || put_user_u32(suid, arg3)) | ||
5235 | + goto efault; | ||
5083 | } | 5236 | } |
5084 | } | 5237 | } |
5085 | break; | 5238 | break; |
@@ -5095,9 +5248,10 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, | @@ -5095,9 +5248,10 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, | ||
5095 | gid_t rgid, egid, sgid; | 5248 | gid_t rgid, egid, sgid; |
5096 | ret = get_errno(getresgid(&rgid, &egid, &sgid)); | 5249 | ret = get_errno(getresgid(&rgid, &egid, &sgid)); |
5097 | if (!is_error(ret)) { | 5250 | if (!is_error(ret)) { |
5098 | - tput32(arg1, tswap32(rgid)); | ||
5099 | - tput32(arg2, tswap32(egid)); | ||
5100 | - tput32(arg3, tswap32(sgid)); | 5251 | + if (put_user_u32(rgid, arg1) |
5252 | + || put_user_u32(egid, arg2) | ||
5253 | + || put_user_u32(sgid, arg3)) | ||
5254 | + goto efault; | ||
5101 | } | 5255 | } |
5102 | } | 5256 | } |
5103 | break; | 5257 | break; |
m68k-semi.c
@@ -142,15 +142,23 @@ static void m68k_semi_cb(CPUState *env, target_ulong ret, target_ulong err) | @@ -142,15 +142,23 @@ static void m68k_semi_cb(CPUState *env, target_ulong ret, target_ulong err) | ||
142 | if (m68k_semi_is_fseek) { | 142 | if (m68k_semi_is_fseek) { |
143 | /* FIXME: We've already lost the high bits of the fseek | 143 | /* FIXME: We've already lost the high bits of the fseek |
144 | return value. */ | 144 | return value. */ |
145 | - tput32(args, 0); | 145 | + /* FIXME - handle put_user() failure */ |
146 | + put_user_u32(0, args); | ||
146 | args += 4; | 147 | args += 4; |
147 | m68k_semi_is_fseek = 0; | 148 | m68k_semi_is_fseek = 0; |
148 | } | 149 | } |
149 | - tput32(args, ret); | ||
150 | - tput32(args + 4, errno); | 150 | + /* FIXME - handle put_user() failure */ |
151 | + put_user_u32(ret, args); | ||
152 | + put_user_u32(errno, args + 4); | ||
151 | } | 153 | } |
152 | 154 | ||
153 | -#define ARG(x) tget32(args + (x) * 4) | 155 | +#define ARG(n) \ |
156 | +({ \ | ||
157 | + target_ulong __arg; \ | ||
158 | + /* FIXME - handle get_user() failure */ \ | ||
159 | + get_user_ual(__arg, args + (n) * 4); \ | ||
160 | + __arg; \ | ||
161 | +}) | ||
154 | #define PARG(x) ((unsigned long)ARG(x)) | 162 | #define PARG(x) ((unsigned long)ARG(x)) |
155 | void do_m68k_semihosting(CPUM68KState *env, int nr) | 163 | void do_m68k_semihosting(CPUM68KState *env, int nr) |
156 | { | 164 | { |
@@ -237,9 +245,10 @@ void do_m68k_semihosting(CPUM68KState *env, int nr) | @@ -237,9 +245,10 @@ void do_m68k_semihosting(CPUM68KState *env, int nr) | ||
237 | ARG(0), off, ARG(3)); | 245 | ARG(0), off, ARG(3)); |
238 | } else { | 246 | } else { |
239 | off = lseek(ARG(0), off, ARG(3)); | 247 | off = lseek(ARG(0), off, ARG(3)); |
240 | - tput32(args, off >> 32); | ||
241 | - tput32(args + 4, off); | ||
242 | - tput32(args + 8, errno); | 248 | + /* FIXME - handle put_user() failure */ |
249 | + put_user_u32(off >> 32, args); | ||
250 | + put_user_u32(off, args + 4); | ||
251 | + put_user_u32(errno, args + 8); | ||
243 | } | 252 | } |
244 | return; | 253 | return; |
245 | } | 254 | } |
@@ -390,6 +399,7 @@ void do_m68k_semihosting(CPUM68KState *env, int nr) | @@ -390,6 +399,7 @@ void do_m68k_semihosting(CPUM68KState *env, int nr) | ||
390 | cpu_abort(env, "Unsupported semihosting syscall %d\n", nr); | 399 | cpu_abort(env, "Unsupported semihosting syscall %d\n", nr); |
391 | result = 0; | 400 | result = 0; |
392 | } | 401 | } |
393 | - tput32(args, result); | ||
394 | - tput32(args + 4, errno); | 402 | + /* FIXME - handle put_user() failure */ |
403 | + put_user_u32(result, args); | ||
404 | + put_user_u32(errno, args + 4); | ||
395 | } | 405 | } |
softmmu-semi.h
@@ -21,15 +21,18 @@ static inline uint32_t softmmu_tget8(CPUState *env, uint32_t addr) | @@ -21,15 +21,18 @@ static inline uint32_t softmmu_tget8(CPUState *env, uint32_t addr) | ||
21 | cpu_memory_rw_debug(env, addr, &val, 1, 0); | 21 | cpu_memory_rw_debug(env, addr, &val, 1, 0); |
22 | return val; | 22 | return val; |
23 | } | 23 | } |
24 | -#define tget32(p) softmmu_tget32(env, p) | ||
25 | -#define tget8(p) softmmu_tget8(env, p) | 24 | + |
25 | +#define get_user_u32(arg, p) ({ arg = softmmu_tget32(env, p) ; 0; }) | ||
26 | +#define get_user_u8(arg, p) ({ arg = softmmu_tget8(env, p) ; 0; }) | ||
27 | +#define get_user_ual(arg, p) get_user_u32(arg, p) | ||
26 | 28 | ||
27 | static inline void softmmu_tput32(CPUState *env, uint32_t addr, uint32_t val) | 29 | static inline void softmmu_tput32(CPUState *env, uint32_t addr, uint32_t val) |
28 | { | 30 | { |
29 | val = tswap32(val); | 31 | val = tswap32(val); |
30 | cpu_memory_rw_debug(env, addr, (uint8_t *)&val, 4, 1); | 32 | cpu_memory_rw_debug(env, addr, (uint8_t *)&val, 4, 1); |
31 | } | 33 | } |
32 | -#define tput32(p, val) softmmu_tput32(env, p, val) | 34 | +#define put_user_u32(arg, p) ({ softmmu_tput32(env, p, arg) ; 0; }) |
35 | +#define put_user_ual(arg, p) put_user_u32(arg, p) | ||
33 | 36 | ||
34 | static void *softmmu_lock_user(CPUState *env, uint32_t addr, uint32_t len, | 37 | static void *softmmu_lock_user(CPUState *env, uint32_t addr, uint32_t len, |
35 | int copy) | 38 | int copy) |
target-arm/nwfpe/fpa11_cpdt.c
@@ -34,7 +34,8 @@ void loadSingle(const unsigned int Fn,const unsigned int *pMem) | @@ -34,7 +34,8 @@ void loadSingle(const unsigned int Fn,const unsigned int *pMem) | ||
34 | target_ulong addr = (target_ulong)(long)pMem; | 34 | target_ulong addr = (target_ulong)(long)pMem; |
35 | FPA11 *fpa11 = GET_FPA11(); | 35 | FPA11 *fpa11 = GET_FPA11(); |
36 | fpa11->fType[Fn] = typeSingle; | 36 | fpa11->fType[Fn] = typeSingle; |
37 | - fpa11->fpreg[Fn].fSingle = tget32(addr); | 37 | + /* FIXME - handle failure of get_user() */ |
38 | + get_user_u32(fpa11->fpreg[Fn].fSingle, addr); | ||
38 | } | 39 | } |
39 | 40 | ||
40 | static inline | 41 | static inline |
@@ -46,11 +47,13 @@ void loadDouble(const unsigned int Fn,const unsigned int *pMem) | @@ -46,11 +47,13 @@ void loadDouble(const unsigned int Fn,const unsigned int *pMem) | ||
46 | p = (unsigned int*)&fpa11->fpreg[Fn].fDouble; | 47 | p = (unsigned int*)&fpa11->fpreg[Fn].fDouble; |
47 | fpa11->fType[Fn] = typeDouble; | 48 | fpa11->fType[Fn] = typeDouble; |
48 | #ifdef WORDS_BIGENDIAN | 49 | #ifdef WORDS_BIGENDIAN |
49 | - p[0] = tget32(addr); /* sign & exponent */ | ||
50 | - p[1] = tget32(addr + 4); | 50 | + /* FIXME - handle failure of get_user() */ |
51 | + get_user_u32(p[0], addr); /* sign & exponent */ | ||
52 | + get_user_u32(p[1], addr + 4); | ||
51 | #else | 53 | #else |
52 | - p[0] = tget32(addr + 4); | ||
53 | - p[1] = tget32(addr); /* sign & exponent */ | 54 | + /* FIXME - handle failure of get_user() */ |
55 | + get_user_u32(p[0], addr + 4); | ||
56 | + get_user_u32(p[1], addr); /* sign & exponent */ | ||
54 | #endif | 57 | #endif |
55 | } | 58 | } |
56 | 59 | ||
@@ -62,9 +65,10 @@ void loadExtended(const unsigned int Fn,const unsigned int *pMem) | @@ -62,9 +65,10 @@ void loadExtended(const unsigned int Fn,const unsigned int *pMem) | ||
62 | unsigned int *p; | 65 | unsigned int *p; |
63 | p = (unsigned int*)&fpa11->fpreg[Fn].fExtended; | 66 | p = (unsigned int*)&fpa11->fpreg[Fn].fExtended; |
64 | fpa11->fType[Fn] = typeExtended; | 67 | fpa11->fType[Fn] = typeExtended; |
65 | - p[0] = tget32(addr); /* sign & exponent */ | ||
66 | - p[1] = tget32(addr + 8); /* ls bits */ | ||
67 | - p[2] = tget32(addr + 4); /* ms bits */ | 68 | + /* FIXME - handle failure of get_user() */ |
69 | + get_user_u32(p[0], addr); /* sign & exponent */ | ||
70 | + get_user_u32(p[1], addr + 8); /* ls bits */ | ||
71 | + get_user_u32(p[2], addr + 4); /* ms bits */ | ||
68 | } | 72 | } |
69 | 73 | ||
70 | static inline | 74 | static inline |
@@ -76,7 +80,8 @@ void loadMultiple(const unsigned int Fn,const unsigned int *pMem) | @@ -76,7 +80,8 @@ void loadMultiple(const unsigned int Fn,const unsigned int *pMem) | ||
76 | unsigned long x; | 80 | unsigned long x; |
77 | 81 | ||
78 | p = (unsigned int*)&(fpa11->fpreg[Fn]); | 82 | p = (unsigned int*)&(fpa11->fpreg[Fn]); |
79 | - x = tget32(addr); | 83 | + /* FIXME - handle failure of get_user() */ |
84 | + get_user_u32(x, addr); | ||
80 | fpa11->fType[Fn] = (x >> 14) & 0x00000003; | 85 | fpa11->fType[Fn] = (x >> 14) & 0x00000003; |
81 | 86 | ||
82 | switch (fpa11->fType[Fn]) | 87 | switch (fpa11->fType[Fn]) |
@@ -84,16 +89,18 @@ void loadMultiple(const unsigned int Fn,const unsigned int *pMem) | @@ -84,16 +89,18 @@ void loadMultiple(const unsigned int Fn,const unsigned int *pMem) | ||
84 | case typeSingle: | 89 | case typeSingle: |
85 | case typeDouble: | 90 | case typeDouble: |
86 | { | 91 | { |
87 | - p[0] = tget32(addr + 8); /* Single */ | ||
88 | - p[1] = tget32(addr + 4); /* double msw */ | 92 | + /* FIXME - handle failure of get_user() */ |
93 | + get_user_u32(p[0], addr + 8); /* Single */ | ||
94 | + get_user_u32(p[1], addr + 4); /* double msw */ | ||
89 | p[2] = 0; /* empty */ | 95 | p[2] = 0; /* empty */ |
90 | } | 96 | } |
91 | break; | 97 | break; |
92 | 98 | ||
93 | case typeExtended: | 99 | case typeExtended: |
94 | { | 100 | { |
95 | - p[1] = tget32(addr + 8); | ||
96 | - p[2] = tget32(addr + 4); /* msw */ | 101 | + /* FIXME - handle failure of get_user() */ |
102 | + get_user_u32(p[1], addr + 8); | ||
103 | + get_user_u32(p[2], addr + 4); /* msw */ | ||
97 | p[0] = (x & 0x80003fff); | 104 | p[0] = (x & 0x80003fff); |
98 | } | 105 | } |
99 | break; | 106 | break; |
@@ -121,7 +128,8 @@ void storeSingle(const unsigned int Fn,unsigned int *pMem) | @@ -121,7 +128,8 @@ void storeSingle(const unsigned int Fn,unsigned int *pMem) | ||
121 | default: val = fpa11->fpreg[Fn].fSingle; | 128 | default: val = fpa11->fpreg[Fn].fSingle; |
122 | } | 129 | } |
123 | 130 | ||
124 | - tput32(addr, p[0]); | 131 | + /* FIXME - handle put_user() failures */ |
132 | + put_user_u32(p[0], addr); | ||
125 | } | 133 | } |
126 | 134 | ||
127 | static inline | 135 | static inline |
@@ -144,12 +152,13 @@ void storeDouble(const unsigned int Fn,unsigned int *pMem) | @@ -144,12 +152,13 @@ void storeDouble(const unsigned int Fn,unsigned int *pMem) | ||
144 | 152 | ||
145 | default: val = fpa11->fpreg[Fn].fDouble; | 153 | default: val = fpa11->fpreg[Fn].fDouble; |
146 | } | 154 | } |
155 | + /* FIXME - handle put_user() failures */ | ||
147 | #ifdef WORDS_BIGENDIAN | 156 | #ifdef WORDS_BIGENDIAN |
148 | - tput32(addr, p[0]); /* msw */ | ||
149 | - tput32(addr + 4, p[1]); /* lsw */ | 157 | + put_user_u32(p[0], addr); /* msw */ |
158 | + put_user_u32(p[1], addr + 4); /* lsw */ | ||
150 | #else | 159 | #else |
151 | - tput32(addr, p[1]); /* msw */ | ||
152 | - tput32(addr + 4, p[0]); /* lsw */ | 160 | + put_user_u32(p[1], addr); /* msw */ |
161 | + put_user_u32(p[0], addr + 4); /* lsw */ | ||
153 | #endif | 162 | #endif |
154 | } | 163 | } |
155 | 164 | ||
@@ -174,9 +183,10 @@ void storeExtended(const unsigned int Fn,unsigned int *pMem) | @@ -174,9 +183,10 @@ void storeExtended(const unsigned int Fn,unsigned int *pMem) | ||
174 | default: val = fpa11->fpreg[Fn].fExtended; | 183 | default: val = fpa11->fpreg[Fn].fExtended; |
175 | } | 184 | } |
176 | 185 | ||
177 | - tput32(addr, p[0]); /* sign & exp */ | ||
178 | - tput32(addr + 8, p[1]); | ||
179 | - tput32(addr + 4, p[2]); /* msw */ | 186 | + /* FIXME - handle put_user() failures */ |
187 | + put_user_u32(p[0], addr); /* sign & exp */ | ||
188 | + put_user_u32(p[1], addr + 8); | ||
189 | + put_user_u32(p[2], addr + 4); /* msw */ | ||
180 | } | 190 | } |
181 | 191 | ||
182 | static inline | 192 | static inline |
@@ -194,17 +204,17 @@ void storeMultiple(const unsigned int Fn,unsigned int *pMem) | @@ -194,17 +204,17 @@ void storeMultiple(const unsigned int Fn,unsigned int *pMem) | ||
194 | case typeSingle: | 204 | case typeSingle: |
195 | case typeDouble: | 205 | case typeDouble: |
196 | { | 206 | { |
197 | - tput32(addr + 8, p[0]); /* single */ | ||
198 | - tput32(addr + 4, p[1]); /* double msw */ | ||
199 | - tput32(addr, nType << 14); | 207 | + put_user_u32(p[0], addr + 8); /* single */ |
208 | + put_user_u32(p[1], addr + 4); /* double msw */ | ||
209 | + put_user_u32(nType << 14, addr); | ||
200 | } | 210 | } |
201 | break; | 211 | break; |
202 | 212 | ||
203 | case typeExtended: | 213 | case typeExtended: |
204 | { | 214 | { |
205 | - tput32(addr + 4, p[2]); /* msw */ | ||
206 | - tput32(addr + 8, p[1]); | ||
207 | - tput32(addr, (p[0] & 0x80003fff) | (nType << 14)); | 215 | + put_user_u32(p[2], addr + 4); /* msw */ |
216 | + put_user_u32(p[1], addr + 8); | ||
217 | + put_user_u32((p[0] & 0x80003fff) | (nType << 14), addr); | ||
208 | } | 218 | } |
209 | break; | 219 | break; |
210 | } | 220 | } |