Commit 2f6196984b98fe2a852b1b5254756f1614eb7635

Authored by bellard
1 parent 67276f53

suppressed tgetx and tputx (initial patch by Thayne Harbaugh)


git-svn-id: svn://svn.savannah.nongnu.org/qemu/trunk@3653 c046a42c-6fe2-441c-8c8c-71466251a162
arm-semi.c
@@ -165,8 +165,14 @@ static void arm_semi_flen_cb(CPUState *env, target_ulong ret, target_ulong err) @@ -165,8 +165,14 @@ static void arm_semi_flen_cb(CPUState *env, target_ulong ret, target_ulong err)
165 #endif 165 #endif
166 } 166 }
167 167
168 -#define ARG(n) tget32(args + (n) * 4)  
169 -#define SET_ARG(n, val) tput32(args + (n) * 4,val) 168 +#define ARG(n) \
  169 +({ \
  170 + target_ulong __arg; \
  171 + /* FIXME - handle get_user() failure */ \
  172 + get_user_ual(__arg, args + (n) * 4); \
  173 + __arg; \
  174 +})
  175 +#define SET_ARG(n, val) put_user_ual(val, args + (n) * 4)
170 uint32_t do_arm_semihosting(CPUState *env) 176 uint32_t do_arm_semihosting(CPUState *env)
171 { 177 {
172 target_ulong args; 178 target_ulong args;
@@ -213,7 +219,11 @@ uint32_t do_arm_semihosting(CPUState *env) @@ -213,7 +219,11 @@ uint32_t do_arm_semihosting(CPUState *env)
213 } 219 }
214 case SYS_WRITEC: 220 case SYS_WRITEC:
215 { 221 {
216 - char c = tget8(args); 222 + char c;
  223 +
  224 + if (get_user_u8(c, args))
  225 + /* FIXME - should this error code be -TARGET_EFAULT ? */
  226 + return (uint32_t)-1;
217 /* Write to debug console. stderr is near enough. */ 227 /* Write to debug console. stderr is near enough. */
218 if (use_gdb_syscalls()) { 228 if (use_gdb_syscalls()) {
219 gdb_do_syscall(arm_semi_cb, "write,2,%x,1", args); 229 gdb_do_syscall(arm_semi_cb, "write,2,%x,1", args);
linux-user/elfload.c
@@ -179,8 +179,9 @@ static inline void init_thread(struct target_pt_regs *regs, struct image_info *i @@ -179,8 +179,9 @@ static inline void init_thread(struct target_pt_regs *regs, struct image_info *i
179 regs->ARM_cpsr |= CPSR_T; 179 regs->ARM_cpsr |= CPSR_T;
180 regs->ARM_pc = infop->entry & 0xfffffffe; 180 regs->ARM_pc = infop->entry & 0xfffffffe;
181 regs->ARM_sp = infop->start_stack; 181 regs->ARM_sp = infop->start_stack;
182 - regs->ARM_r2 = tgetl(stack + 8); /* envp */  
183 - regs->ARM_r1 = tgetl(stack + 4); /* envp */ 182 + /* FIXME - what to for failure of get_user()? */
  183 + get_user_ual(regs->ARM_r2, stack + 8); /* envp */
  184 + get_user_ual(regs->ARM_r1, stack + 4); /* envp */
184 /* XXX: it seems that r0 is zeroed after ! */ 185 /* XXX: it seems that r0 is zeroed after ! */
185 regs->ARM_r0 = 0; 186 regs->ARM_r0 = 0;
186 /* For uClinux PIC binaries. */ 187 /* For uClinux PIC binaries. */
@@ -341,7 +342,8 @@ static inline void init_thread(struct target_pt_regs *_regs, struct image_info * @@ -341,7 +342,8 @@ static inline void init_thread(struct target_pt_regs *_regs, struct image_info *
341 * but this is what the ABI wants and is needed to allow 342 * but this is what the ABI wants and is needed to allow
342 * execution of PPC BSD programs. 343 * execution of PPC BSD programs.
343 */ 344 */
344 - _regs->gpr[3] = tgetl(pos); 345 + /* FIXME - what to for failure of get_user()? */
  346 + get_user_ual(_regs->gpr[3], pos);
345 pos += sizeof(abi_ulong); 347 pos += sizeof(abi_ulong);
346 _regs->gpr[4] = pos; 348 _regs->gpr[4] = pos;
347 for (tmp = 1; tmp != 0; pos += sizeof(abi_ulong)) 349 for (tmp = 1; tmp != 0; pos += sizeof(abi_ulong))
@@ -733,7 +735,8 @@ static void padzero(abi_ulong elf_bss, abi_ulong last_bss) @@ -733,7 +735,8 @@ static void padzero(abi_ulong elf_bss, abi_ulong last_bss)
733 if (nbyte) { 735 if (nbyte) {
734 nbyte = qemu_host_page_size - nbyte; 736 nbyte = qemu_host_page_size - nbyte;
735 do { 737 do {
736 - tput8(elf_bss, 0); 738 + /* FIXME - what to do if put_user() fails? */
  739 + put_user_u8(0, elf_bss);
737 elf_bss++; 740 elf_bss++;
738 } while (--nbyte); 741 } while (--nbyte);
739 } 742 }
@@ -782,17 +785,11 @@ static abi_ulong create_elf_tables(abi_ulong p, int argc, int envc, @@ -782,17 +785,11 @@ static abi_ulong create_elf_tables(abi_ulong p, int argc, int envc,
782 /* This is correct because Linux defines 785 /* This is correct because Linux defines
783 * elf_addr_t as Elf32_Off / Elf64_Off 786 * elf_addr_t as Elf32_Off / Elf64_Off
784 */ 787 */
785 -#if ELF_CLASS == ELFCLASS32  
786 -#define NEW_AUX_ENT(id, val) do { \  
787 - sp -= n; tput32(sp, val); \  
788 - sp -= n; tput32(sp, id); \ 788 +#define NEW_AUX_ENT(id, val) do { \
  789 + sp -= n; put_user_ual(val, sp); \
  790 + sp -= n; put_user_ual(id, sp); \
789 } while(0) 791 } while(0)
790 -#else  
791 -#define NEW_AUX_ENT(id, val) do { \  
792 - sp -= n; tput64(sp, val); \  
793 - sp -= n; tput64(sp, id); \  
794 - } while(0)  
795 -#endif 792 +
796 NEW_AUX_ENT (AT_NULL, 0); 793 NEW_AUX_ENT (AT_NULL, 0);
797 794
798 /* There must be exactly DLINFO_ITEMS entries here. */ 795 /* There must be exactly DLINFO_ITEMS entries here. */
linux-user/flatload.c
@@ -598,14 +598,16 @@ static int load_flat_file(struct linux_binprm * bprm, @@ -598,14 +598,16 @@ static int load_flat_file(struct linux_binprm * bprm,
598 rp = datapos; 598 rp = datapos;
599 while (1) { 599 while (1) {
600 abi_ulong addr; 600 abi_ulong addr;
601 - addr = tgetl(rp); 601 + if (get_user_ual(addr, rp))
  602 + return -EFAULT;
602 if (addr == -1) 603 if (addr == -1)
603 break; 604 break;
604 if (addr) { 605 if (addr) {
605 addr = calc_reloc(addr, libinfo, id, 0); 606 addr = calc_reloc(addr, libinfo, id, 0);
606 if (addr == RELOC_FAILED) 607 if (addr == RELOC_FAILED)
607 return -ENOEXEC; 608 return -ENOEXEC;
608 - tputl(rp, addr); 609 + if (put_user_ual(addr, rp))
  610 + return -EFAULT;
609 } 611 }
610 rp += sizeof(abi_ulong); 612 rp += sizeof(abi_ulong);
611 } 613 }
@@ -629,14 +631,16 @@ static int load_flat_file(struct linux_binprm * bprm, @@ -629,14 +631,16 @@ static int load_flat_file(struct linux_binprm * bprm,
629 /* Get the address of the pointer to be 631 /* Get the address of the pointer to be
630 relocated (of course, the address has to be 632 relocated (of course, the address has to be
631 relocated first). */ 633 relocated first). */
632 - relval = tgetl(reloc + i * sizeof (abi_ulong)); 634 + if (get_user_ual(relval, reloc + i * sizeof(abi_ulong)))
  635 + return -EFAULT;
633 addr = flat_get_relocate_addr(relval); 636 addr = flat_get_relocate_addr(relval);
634 rp = calc_reloc(addr, libinfo, id, 1); 637 rp = calc_reloc(addr, libinfo, id, 1);
635 if (rp == RELOC_FAILED) 638 if (rp == RELOC_FAILED)
636 return -ENOEXEC; 639 return -ENOEXEC;
637 640
638 /* Get the pointer's value. */ 641 /* Get the pointer's value. */
639 - addr = tgetl(rp); 642 + if (get_user_ual(addr, rp))
  643 + return -EFAULT;
640 if (addr != 0) { 644 if (addr != 0) {
641 /* 645 /*
642 * Do the relocation. PIC relocs in the data section are 646 * Do the relocation. PIC relocs in the data section are
@@ -652,13 +656,15 @@ static int load_flat_file(struct linux_binprm * bprm, @@ -652,13 +656,15 @@ static int load_flat_file(struct linux_binprm * bprm,
652 return -ENOEXEC; 656 return -ENOEXEC;
653 657
654 /* Write back the relocated pointer. */ 658 /* Write back the relocated pointer. */
655 - tputl(rp, addr); 659 + if (put_user_ual(addr, rp))
  660 + return -EFAULT;
656 } 661 }
657 } 662 }
658 } else { 663 } else {
659 for (i = 0; i < relocs; i++) { 664 for (i = 0; i < relocs; i++) {
660 abi_ulong relval; 665 abi_ulong relval;
661 - relval = tgetl(reloc + i * sizeof (abi_ulong)); 666 + if (get_user_ual(relval, reloc + i * sizeof(abi_ulong)))
  667 + return -EFAULT;
662 old_reloc(&libinfo[0], relval); 668 old_reloc(&libinfo[0], relval);
663 } 669 }
664 } 670 }
@@ -744,9 +750,12 @@ int load_flt_binary(struct linux_binprm * bprm, struct target_pt_regs * regs, @@ -744,9 +750,12 @@ int load_flt_binary(struct linux_binprm * bprm, struct target_pt_regs * regs,
744 p = libinfo[i].start_data; 750 p = libinfo[i].start_data;
745 for (j=0; j<MAX_SHARED_LIBS; j++) { 751 for (j=0; j<MAX_SHARED_LIBS; j++) {
746 p -= 4; 752 p -= 4;
747 - tput32(p, libinfo[j].loaded  
748 - ? libinfo[j].start_data  
749 - : UNLOADED_LIB); 753 + /* FIXME - handle put_user() failures */
  754 + if (put_user_ual(libinfo[j].loaded
  755 + ? libinfo[j].start_data
  756 + : UNLOADED_LIB,
  757 + p))
  758 + return -EFAULT;
750 } 759 }
751 } 760 }
752 } 761 }
@@ -779,7 +788,9 @@ int load_flt_binary(struct linux_binprm * bprm, struct target_pt_regs * regs, @@ -779,7 +788,9 @@ int load_flt_binary(struct linux_binprm * bprm, struct target_pt_regs * regs,
779 for (i = MAX_SHARED_LIBS-1; i>0; i--) { 788 for (i = MAX_SHARED_LIBS-1; i>0; i--) {
780 if (libinfo[i].loaded) { 789 if (libinfo[i].loaded) {
781 /* Push previos first to call address */ 790 /* Push previos first to call address */
782 - --sp; put_user(start_addr, sp); 791 + --sp;
  792 + if (put_user_ual(start_addr, sp))
  793 + return -EFAULT;
783 start_addr = libinfo[i].entry; 794 start_addr = libinfo[i].entry;
784 } 795 }
785 } 796 }
linux-user/linuxload.c
@@ -124,21 +124,32 @@ abi_ulong loader_build_argptr(int envc, int argc, abi_ulong sp, @@ -124,21 +124,32 @@ abi_ulong loader_build_argptr(int envc, int argc, abi_ulong sp,
124 sp -= (argc + 1) * n; 124 sp -= (argc + 1) * n;
125 argv = sp; 125 argv = sp;
126 if (push_ptr) { 126 if (push_ptr) {
127 - sp -= n; tputl(sp, envp);  
128 - sp -= n; tputl(sp, argv); 127 + /* FIXME - handle put_user() failures */
  128 + sp -= n;
  129 + put_user_ual(envp, sp);
  130 + sp -= n;
  131 + put_user_ual(argv, sp);
129 } 132 }
130 - sp -= n; tputl(sp, argc); 133 + sp -= n;
  134 + /* FIXME - handle put_user() failures */
  135 + put_user_ual(argc, sp);
131 136
132 while (argc-- > 0) { 137 while (argc-- > 0) {
133 - tputl(argv, stringp); argv += n; 138 + /* FIXME - handle put_user() failures */
  139 + put_user_ual(stringp, argv);
  140 + argv += n;
134 stringp += target_strlen(stringp) + 1; 141 stringp += target_strlen(stringp) + 1;
135 } 142 }
136 - tputl(argv, 0); 143 + /* FIXME - handle put_user() failures */
  144 + put_user_ual(0, argv);
137 while (envc-- > 0) { 145 while (envc-- > 0) {
138 - tputl(envp, stringp); envp += n; 146 + /* FIXME - handle put_user() failures */
  147 + put_user_ual(stringp, envp);
  148 + envp += n;
139 stringp += target_strlen(stringp) + 1; 149 stringp += target_strlen(stringp) + 1;
140 } 150 }
141 - tputl(envp, 0); 151 + /* FIXME - handle put_user() failures */
  152 + put_user_ual(0, envp);
142 153
143 return sp; 154 return sp;
144 } 155 }
linux-user/main.c
@@ -380,7 +380,8 @@ void cpu_loop(CPUARMState *env) @@ -380,7 +380,8 @@ void cpu_loop(CPUARMState *env)
380 380
381 /* we handle the FPU emulation here, as Linux */ 381 /* we handle the FPU emulation here, as Linux */
382 /* we get the opcode */ 382 /* we get the opcode */
383 - opcode = tget32(env->regs[15]); 383 + /* FIXME - what to do if get_user() fails? */
  384 + get_user_u32(opcode, env->regs[15]);
384 385
385 if (EmulateAll(opcode, &ts->fpa, env) == 0) { 386 if (EmulateAll(opcode, &ts->fpa, env) == 0) {
386 info.si_signo = SIGILL; 387 info.si_signo = SIGILL;
@@ -401,20 +402,24 @@ void cpu_loop(CPUARMState *env) @@ -401,20 +402,24 @@ void cpu_loop(CPUARMState *env)
401 /* system call */ 402 /* system call */
402 if (trapnr == EXCP_BKPT) { 403 if (trapnr == EXCP_BKPT) {
403 if (env->thumb) { 404 if (env->thumb) {
404 - insn = tget16(env->regs[15]); 405 + /* FIXME - what to do if get_user() fails? */
  406 + get_user_u16(insn, env->regs[15]);
405 n = insn & 0xff; 407 n = insn & 0xff;
406 env->regs[15] += 2; 408 env->regs[15] += 2;
407 } else { 409 } else {
408 - insn = tget32(env->regs[15]); 410 + /* FIXME - what to do if get_user() fails? */
  411 + get_user_u32(insn, env->regs[15]);
409 n = (insn & 0xf) | ((insn >> 4) & 0xff0); 412 n = (insn & 0xf) | ((insn >> 4) & 0xff0);
410 env->regs[15] += 4; 413 env->regs[15] += 4;
411 } 414 }
412 } else { 415 } else {
413 if (env->thumb) { 416 if (env->thumb) {
414 - insn = tget16(env->regs[15] - 2); 417 + /* FIXME - what to do if get_user() fails? */
  418 + get_user_u16(insn, env->regs[15] - 2);
415 n = insn & 0xff; 419 n = insn & 0xff;
416 } else { 420 } else {
417 - insn = tget32(env->regs[15] - 4); 421 + /* FIXME - what to do if get_user() fails? */
  422 + get_user_u32(insn, env->regs[15] - 4);
418 n = insn & 0xffffff; 423 n = insn & 0xffffff;
419 } 424 }
420 } 425 }
@@ -520,7 +525,8 @@ static inline void save_window_offset(CPUSPARCState *env, int cwp1) @@ -520,7 +525,8 @@ static inline void save_window_offset(CPUSPARCState *env, int cwp1)
520 (int)sp_ptr, cwp1); 525 (int)sp_ptr, cwp1);
521 #endif 526 #endif
522 for(i = 0; i < 16; i++) { 527 for(i = 0; i < 16; i++) {
523 - tputl(sp_ptr, env->regbase[get_reg_index(env, cwp1, 8 + i)]); 528 + /* FIXME - what to do if put_user() fails? */
  529 + put_user_ual(env->regbase[get_reg_index(env, cwp1, 8 + i)], sp_ptr);
524 sp_ptr += sizeof(abi_ulong); 530 sp_ptr += sizeof(abi_ulong);
525 } 531 }
526 } 532 }
@@ -556,7 +562,8 @@ static void restore_window(CPUSPARCState *env) @@ -556,7 +562,8 @@ static void restore_window(CPUSPARCState *env)
556 (int)sp_ptr, cwp1); 562 (int)sp_ptr, cwp1);
557 #endif 563 #endif
558 for(i = 0; i < 16; i++) { 564 for(i = 0; i < 16; i++) {
559 - env->regbase[get_reg_index(env, cwp1, 8 + i)] = tgetl(sp_ptr); 565 + /* FIXME - what to do if get_user() fails? */
  566 + get_user_ual(env->regbase[get_reg_index(env, cwp1, 8 + i)], sp_ptr);
560 sp_ptr += sizeof(abi_ulong); 567 sp_ptr += sizeof(abi_ulong);
561 } 568 }
562 env->wim = new_wim; 569 env->wim = new_wim;
@@ -1533,10 +1540,11 @@ void cpu_loop(CPUMIPSState *env) @@ -1533,10 +1540,11 @@ void cpu_loop(CPUMIPSState *env)
1533 sp_reg = env->gpr[29][env->current_tc]; 1540 sp_reg = env->gpr[29][env->current_tc];
1534 switch (nb_args) { 1541 switch (nb_args) {
1535 /* these arguments are taken from the stack */ 1542 /* these arguments are taken from the stack */
1536 - case 8: arg8 = tgetl(sp_reg + 28);  
1537 - case 7: arg7 = tgetl(sp_reg + 24);  
1538 - case 6: arg6 = tgetl(sp_reg + 20);  
1539 - case 5: arg5 = tgetl(sp_reg + 16); 1543 + /* FIXME - what to do if get_user() fails? */
  1544 + case 8: get_user_ual(arg8, sp_reg + 28);
  1545 + case 7: get_user_ual(arg7, sp_reg + 24);
  1546 + case 6: get_user_ual(arg6, sp_reg + 20);
  1547 + case 5: get_user_ual(arg5, sp_reg + 16);
1540 default: 1548 default:
1541 break; 1549 break;
1542 } 1550 }
linux-user/qemu.h
@@ -226,7 +226,7 @@ static inline int access_ok(int type, abi_ulong addr, abi_ulong size) @@ -226,7 +226,7 @@ static inline int access_ok(int type, abi_ulong addr, abi_ulong size)
226 int size = sizeof(*hptr);\ 226 int size = sizeof(*hptr);\
227 switch(size) {\ 227 switch(size) {\
228 case 1:\ 228 case 1:\
229 - *(uint8_t *)(hptr) = (typeof(*hptr))(x);\ 229 + *(uint8_t *)(hptr) = (uint8_t)(typeof(*hptr))(x);\
230 break;\ 230 break;\
231 case 2:\ 231 case 2:\
232 *(uint16_t *)(hptr) = tswap16((typeof(*hptr))(x));\ 232 *(uint16_t *)(hptr) = tswap16((typeof(*hptr))(x));\
@@ -260,6 +260,8 @@ static inline int access_ok(int type, abi_ulong addr, abi_ulong size) @@ -260,6 +260,8 @@ static inline int access_ok(int type, abi_ulong addr, abi_ulong size)
260 x = (typeof(*hptr))tswap64(*(uint64_t *)(hptr));\ 260 x = (typeof(*hptr))tswap64(*(uint64_t *)(hptr));\
261 break;\ 261 break;\
262 default:\ 262 default:\
  263 + /* avoid warning */\
  264 + x = 0;\
263 abort();\ 265 abort();\
264 }\ 266 }\
265 0;\ 267 0;\
@@ -291,11 +293,36 @@ static inline int access_ok(int type, abi_ulong addr, abi_ulong size) @@ -291,11 +293,36 @@ static inline int access_ok(int type, abi_ulong addr, abi_ulong size)
291 if ((__hptr = lock_user(VERIFY_READ, __gaddr, sizeof(target_type), 1))) { \ 293 if ((__hptr = lock_user(VERIFY_READ, __gaddr, sizeof(target_type), 1))) { \
292 __ret = __get_user((x), __hptr); \ 294 __ret = __get_user((x), __hptr); \
293 unlock_user(__hptr, __gaddr, 0); \ 295 unlock_user(__hptr, __gaddr, 0); \
294 - } else \ 296 + } else { \
  297 + /* avoid warning */ \
  298 + (x) = 0; \
295 __ret = -TARGET_EFAULT; \ 299 __ret = -TARGET_EFAULT; \
  300 + } \
296 __ret; \ 301 __ret; \
297 }) 302 })
298 303
  304 +#define put_user_ual(x, gaddr) put_user((x), (gaddr), abi_ulong)
  305 +#define put_user_sal(x, gaddr) put_user((x), (gaddr), abi_long)
  306 +#define put_user_u64(x, gaddr) put_user((x), (gaddr), uint64_t)
  307 +#define put_user_s64(x, gaddr) put_user((x), (gaddr), int64_t)
  308 +#define put_user_u32(x, gaddr) put_user((x), (gaddr), uint32_t)
  309 +#define put_user_s32(x, gaddr) put_user((x), (gaddr), int32_t)
  310 +#define put_user_u16(x, gaddr) put_user((x), (gaddr), uint16_t)
  311 +#define put_user_s16(x, gaddr) put_user((x), (gaddr), int16_t)
  312 +#define put_user_u8(x, gaddr) put_user((x), (gaddr), uint8_t)
  313 +#define put_user_s8(x, gaddr) put_user((x), (gaddr), int8_t)
  314 +
  315 +#define get_user_ual(x, gaddr) get_user((x), (gaddr), abi_ulong)
  316 +#define get_user_sal(x, gaddr) get_user((x), (gaddr), abi_long)
  317 +#define get_user_u64(x, gaddr) get_user((x), (gaddr), uint64_t)
  318 +#define get_user_s64(x, gaddr) get_user((x), (gaddr), int64_t)
  319 +#define get_user_u32(x, gaddr) get_user((x), (gaddr), uint32_t)
  320 +#define get_user_s32(x, gaddr) get_user((x), (gaddr), int32_t)
  321 +#define get_user_u16(x, gaddr) get_user((x), (gaddr), uint16_t)
  322 +#define get_user_s16(x, gaddr) get_user((x), (gaddr), int16_t)
  323 +#define get_user_u8(x, gaddr) get_user((x), (gaddr), uint8_t)
  324 +#define get_user_s8(x, gaddr) get_user((x), (gaddr), int8_t)
  325 +
299 /* copy_from_user() and copy_to_user() are usually used to copy data 326 /* copy_from_user() and copy_to_user() are usually used to copy data
300 * buffers between the target and host. These internally perform 327 * buffers between the target and host. These internally perform
301 * locking/unlocking of the memory. 328 * locking/unlocking of the memory.
@@ -368,20 +395,4 @@ static inline void *lock_user_string(abi_ulong guest_addr) @@ -368,20 +395,4 @@ static inline void *lock_user_string(abi_ulong guest_addr)
368 #define unlock_user_struct(host_ptr, guest_addr, copy) \ 395 #define unlock_user_struct(host_ptr, guest_addr, copy) \
369 unlock_user(host_ptr, guest_addr, (copy) ? sizeof(*host_ptr) : 0) 396 unlock_user(host_ptr, guest_addr, (copy) ? sizeof(*host_ptr) : 0)
370 397
371 -#define tget8(addr) ldub(addr)  
372 -#define tput8(addr, val) stb(addr, val)  
373 -#define tget16(addr) lduw(addr)  
374 -#define tput16(addr, val) stw(addr, val)  
375 -#define tget32(addr) ldl(addr)  
376 -#define tput32(addr, val) stl(addr, val)  
377 -#define tget64(addr) ldq(addr)  
378 -#define tput64(addr, val) stq(addr, val)  
379 -#if TARGET_ABI_BITS == 64  
380 -#define tgetl(addr) ldq(addr)  
381 -#define tputl(addr, val) stq(addr, val)  
382 -#else  
383 -#define tgetl(addr) ldl(addr)  
384 -#define tputl(addr, val) stl(addr, val)  
385 -#endif  
386 -  
387 #endif /* QEMU_H */ 398 #endif /* QEMU_H */
linux-user/syscall.c
@@ -783,7 +783,7 @@ static inline abi_long host_to_target_cmsg(struct target_msghdr *target_msgh, @@ -783,7 +783,7 @@ static inline abi_long host_to_target_cmsg(struct target_msghdr *target_msgh,
783 783
784 /* do_setsockopt() Must return target values and target errnos. */ 784 /* do_setsockopt() Must return target values and target errnos. */
785 static abi_long do_setsockopt(int sockfd, int level, int optname, 785 static abi_long do_setsockopt(int sockfd, int level, int optname,
786 - abi_ulong optval, socklen_t optlen) 786 + abi_ulong optval_addr, socklen_t optlen)
787 { 787 {
788 abi_long ret; 788 abi_long ret;
789 int val; 789 int val;
@@ -794,7 +794,8 @@ static abi_long do_setsockopt(int sockfd, int level, int optname, @@ -794,7 +794,8 @@ static abi_long do_setsockopt(int sockfd, int level, int optname,
794 if (optlen < sizeof(uint32_t)) 794 if (optlen < sizeof(uint32_t))
795 return -TARGET_EINVAL; 795 return -TARGET_EINVAL;
796 796
797 - val = tget32(optval); 797 + if (get_user_u32(val, optval_addr))
  798 + return -TARGET_EFAULT;
798 ret = get_errno(setsockopt(sockfd, level, optname, &val, sizeof(val))); 799 ret = get_errno(setsockopt(sockfd, level, optname, &val, sizeof(val)));
799 break; 800 break;
800 case SOL_IP: 801 case SOL_IP:
@@ -816,9 +817,11 @@ static abi_long do_setsockopt(int sockfd, int level, int optname, @@ -816,9 +817,11 @@ static abi_long do_setsockopt(int sockfd, int level, int optname,
816 case IP_MULTICAST_LOOP: 817 case IP_MULTICAST_LOOP:
817 val = 0; 818 val = 0;
818 if (optlen >= sizeof(uint32_t)) { 819 if (optlen >= sizeof(uint32_t)) {
819 - val = tget32(optval); 820 + if (get_user_u32(val, optval_addr))
  821 + return -TARGET_EFAULT;
820 } else if (optlen >= 1) { 822 } else if (optlen >= 1) {
821 - val = tget8(optval); 823 + if (get_user_u8(val, optval_addr))
  824 + return -TARGET_EFAULT;
822 } 825 }
823 ret = get_errno(setsockopt(sockfd, level, optname, &val, sizeof(val))); 826 ret = get_errno(setsockopt(sockfd, level, optname, &val, sizeof(val)));
824 break; 827 break;
@@ -890,9 +893,10 @@ static abi_long do_setsockopt(int sockfd, int level, int optname, @@ -890,9 +893,10 @@ static abi_long do_setsockopt(int sockfd, int level, int optname,
890 goto unimplemented; 893 goto unimplemented;
891 } 894 }
892 if (optlen < sizeof(uint32_t)) 895 if (optlen < sizeof(uint32_t))
893 - return -TARGET_EINVAL; 896 + return -TARGET_EINVAL;
894 897
895 - val = tget32(optval); 898 + if (get_user_u32(val, optval_addr))
  899 + return -TARGET_EFAULT;
896 ret = get_errno(setsockopt(sockfd, SOL_SOCKET, optname, &val, sizeof(val))); 900 ret = get_errno(setsockopt(sockfd, SOL_SOCKET, optname, &val, sizeof(val)));
897 break; 901 break;
898 default: 902 default:
@@ -905,7 +909,7 @@ static abi_long do_setsockopt(int sockfd, int level, int optname, @@ -905,7 +909,7 @@ static abi_long do_setsockopt(int sockfd, int level, int optname,
905 909
906 /* do_getsockopt() Must return target values and target errnos. */ 910 /* do_getsockopt() Must return target values and target errnos. */
907 static abi_long do_getsockopt(int sockfd, int level, int optname, 911 static abi_long do_getsockopt(int sockfd, int level, int optname,
908 - abi_ulong optval, abi_ulong optlen) 912 + abi_ulong optval_addr, abi_ulong optlen)
909 { 913 {
910 abi_long ret; 914 abi_long ret;
911 int len, lv, val; 915 int len, lv, val;
@@ -928,7 +932,8 @@ static abi_long do_getsockopt(int sockfd, int level, int optname, @@ -928,7 +932,8 @@ static abi_long do_getsockopt(int sockfd, int level, int optname,
928 case SOL_TCP: 932 case SOL_TCP:
929 /* TCP options all take an 'int' value. */ 933 /* TCP options all take an 'int' value. */
930 int_case: 934 int_case:
931 - len = tget32(optlen); 935 + if (get_user_u32(len, optlen))
  936 + return -TARGET_EFAULT;
932 if (len < 0) 937 if (len < 0)
933 return -TARGET_EINVAL; 938 return -TARGET_EINVAL;
934 lv = sizeof(int); 939 lv = sizeof(int);
@@ -938,11 +943,15 @@ static abi_long do_getsockopt(int sockfd, int level, int optname, @@ -938,11 +943,15 @@ static abi_long do_getsockopt(int sockfd, int level, int optname,
938 val = tswap32(val); 943 val = tswap32(val);
939 if (len > lv) 944 if (len > lv)
940 len = lv; 945 len = lv;
941 - if (len == 4)  
942 - tput32(optval, val);  
943 - else  
944 - tput8(optval, val);  
945 - tput32(optlen, len); 946 + if (len == 4) {
  947 + if (put_user_u32(val, optval_addr))
  948 + return -TARGET_EFAULT;
  949 + } else {
  950 + if (put_user_u8(val, optval_addr))
  951 + return -TARGET_EFAULT;
  952 + }
  953 + if (put_user_u32(len, optlen))
  954 + return -TARGET_EFAULT;
946 break; 955 break;
947 case SOL_IP: 956 case SOL_IP:
948 switch(optname) { 957 switch(optname) {
@@ -961,7 +970,8 @@ static abi_long do_getsockopt(int sockfd, int level, int optname, @@ -961,7 +970,8 @@ static abi_long do_getsockopt(int sockfd, int level, int optname,
961 #endif 970 #endif
962 case IP_MULTICAST_TTL: 971 case IP_MULTICAST_TTL:
963 case IP_MULTICAST_LOOP: 972 case IP_MULTICAST_LOOP:
964 - len = tget32(optlen); 973 + if (get_user_u32(len, optlen))
  974 + return -TARGET_EFAULT;
965 if (len < 0) 975 if (len < 0)
966 return -TARGET_EINVAL; 976 return -TARGET_EINVAL;
967 lv = sizeof(int); 977 lv = sizeof(int);
@@ -970,13 +980,15 @@ static abi_long do_getsockopt(int sockfd, int level, int optname, @@ -970,13 +980,15 @@ static abi_long do_getsockopt(int sockfd, int level, int optname,
970 return ret; 980 return ret;
971 if (len < sizeof(int) && len > 0 && val >= 0 && val < 255) { 981 if (len < sizeof(int) && len > 0 && val >= 0 && val < 255) {
972 len = 1; 982 len = 1;
973 - tput32(optlen, len);  
974 - tput8(optval, val); 983 + if (put_user_u32(len, optlen)
  984 + || put_user_u8(val, optval_addr))
  985 + return -TARGET_EFAULT;
975 } else { 986 } else {
976 if (len > sizeof(int)) 987 if (len > sizeof(int))
977 len = sizeof(int); 988 len = sizeof(int);
978 - tput32(optlen, len);  
979 - tput32(optval, val); 989 + if (put_user_u32(len, optlen)
  990 + || put_user_u32(val, optval_addr))
  991 + return -TARGET_EFAULT;
980 } 992 }
981 break; 993 break;
982 default: 994 default:
@@ -1148,63 +1160,82 @@ static abi_long do_sendrecvmsg(int fd, abi_ulong target_msg, @@ -1148,63 +1160,82 @@ static abi_long do_sendrecvmsg(int fd, abi_ulong target_msg,
1148 1160
1149 /* do_accept() Must return target values and target errnos. */ 1161 /* do_accept() Must return target values and target errnos. */
1150 static abi_long do_accept(int fd, abi_ulong target_addr, 1162 static abi_long do_accept(int fd, abi_ulong target_addr,
1151 - abi_ulong target_addrlen) 1163 + abi_ulong target_addrlen_addr)
1152 { 1164 {
1153 - socklen_t addrlen = tget32(target_addrlen);  
1154 - void *addr = alloca(addrlen); 1165 + socklen_t addrlen;
  1166 + void *addr;
1155 abi_long ret; 1167 abi_long ret;
1156 1168
  1169 + if (get_user_u32(addrlen, target_addrlen_addr))
  1170 + return -TARGET_EFAULT;
  1171 +
  1172 + addr = alloca(addrlen);
  1173 +
1157 ret = get_errno(accept(fd, addr, &addrlen)); 1174 ret = get_errno(accept(fd, addr, &addrlen));
1158 if (!is_error(ret)) { 1175 if (!is_error(ret)) {
1159 host_to_target_sockaddr(target_addr, addr, addrlen); 1176 host_to_target_sockaddr(target_addr, addr, addrlen);
1160 - tput32(target_addrlen, addrlen); 1177 + if (put_user_u32(addrlen, target_addrlen_addr))
  1178 + ret = -TARGET_EFAULT;
1161 } 1179 }
1162 return ret; 1180 return ret;
1163 } 1181 }
1164 1182
1165 /* do_getpeername() Must return target values and target errnos. */ 1183 /* do_getpeername() Must return target values and target errnos. */
1166 static abi_long do_getpeername(int fd, abi_ulong target_addr, 1184 static abi_long do_getpeername(int fd, abi_ulong target_addr,
1167 - abi_ulong target_addrlen) 1185 + abi_ulong target_addrlen_addr)
1168 { 1186 {
1169 - socklen_t addrlen = tget32(target_addrlen);  
1170 - void *addr = alloca(addrlen); 1187 + socklen_t addrlen;
  1188 + void *addr;
1171 abi_long ret; 1189 abi_long ret;
1172 1190
  1191 + if (get_user_u32(addrlen, target_addrlen_addr))
  1192 + return -TARGET_EFAULT;
  1193 +
  1194 + addr = alloca(addrlen);
  1195 +
1173 ret = get_errno(getpeername(fd, addr, &addrlen)); 1196 ret = get_errno(getpeername(fd, addr, &addrlen));
1174 if (!is_error(ret)) { 1197 if (!is_error(ret)) {
1175 host_to_target_sockaddr(target_addr, addr, addrlen); 1198 host_to_target_sockaddr(target_addr, addr, addrlen);
1176 - tput32(target_addrlen, addrlen); 1199 + if (put_user_u32(addrlen, target_addrlen_addr))
  1200 + ret = -TARGET_EFAULT;
1177 } 1201 }
1178 return ret; 1202 return ret;
1179 } 1203 }
1180 1204
1181 /* do_getsockname() Must return target values and target errnos. */ 1205 /* do_getsockname() Must return target values and target errnos. */
1182 static abi_long do_getsockname(int fd, abi_ulong target_addr, 1206 static abi_long do_getsockname(int fd, abi_ulong target_addr,
1183 - abi_ulong target_addrlen) 1207 + abi_ulong target_addrlen_addr)
1184 { 1208 {
1185 - socklen_t addrlen = tget32(target_addrlen);  
1186 - void *addr = alloca(addrlen); 1209 + socklen_t addrlen;
  1210 + void *addr;
1187 abi_long ret; 1211 abi_long ret;
1188 1212
  1213 + if (get_user_u32(addrlen, target_addrlen_addr))
  1214 + return -TARGET_EFAULT;
  1215 +
  1216 + addr = alloca(addrlen);
  1217 +
1189 ret = get_errno(getsockname(fd, addr, &addrlen)); 1218 ret = get_errno(getsockname(fd, addr, &addrlen));
1190 if (!is_error(ret)) { 1219 if (!is_error(ret)) {
1191 host_to_target_sockaddr(target_addr, addr, addrlen); 1220 host_to_target_sockaddr(target_addr, addr, addrlen);
1192 - tput32(target_addrlen, addrlen); 1221 + if (put_user_u32(addrlen, target_addrlen_addr))
  1222 + ret = -TARGET_EFAULT;
1193 } 1223 }
1194 return ret; 1224 return ret;
1195 } 1225 }
1196 1226
1197 /* do_socketpair() Must return target values and target errnos. */ 1227 /* do_socketpair() Must return target values and target errnos. */
1198 static abi_long do_socketpair(int domain, int type, int protocol, 1228 static abi_long do_socketpair(int domain, int type, int protocol,
1199 - abi_ulong target_tab) 1229 + abi_ulong target_tab_addr)
1200 { 1230 {
1201 int tab[2]; 1231 int tab[2];
1202 abi_long ret; 1232 abi_long ret;
1203 1233
1204 ret = get_errno(socketpair(domain, type, protocol, tab)); 1234 ret = get_errno(socketpair(domain, type, protocol, tab));
1205 if (!is_error(ret)) { 1235 if (!is_error(ret)) {
1206 - tput32(target_tab, tab[0]);  
1207 - tput32(target_tab + 4, tab[1]); 1236 + if (put_user_s32(tab[0], target_tab_addr)
  1237 + || put_user_s32(tab[1], target_tab_addr + sizeof(tab[0])))
  1238 + ret = -TARGET_EFAULT;
1208 } 1239 }
1209 return ret; 1240 return ret;
1210 } 1241 }
@@ -1245,7 +1276,10 @@ static abi_long do_recvfrom(int fd, abi_ulong msg, size_t len, int flags, @@ -1245,7 +1276,10 @@ static abi_long do_recvfrom(int fd, abi_ulong msg, size_t len, int flags,
1245 if (!host_msg) 1276 if (!host_msg)
1246 return -TARGET_EFAULT; 1277 return -TARGET_EFAULT;
1247 if (target_addr) { 1278 if (target_addr) {
1248 - addrlen = tget32(target_addrlen); 1279 + if (get_user_u32(addrlen, target_addrlen)) {
  1280 + ret = -TARGET_EFAULT;
  1281 + goto fail;
  1282 + }
1249 addr = alloca(addrlen); 1283 addr = alloca(addrlen);
1250 ret = get_errno(recvfrom(fd, host_msg, len, flags, addr, &addrlen)); 1284 ret = get_errno(recvfrom(fd, host_msg, len, flags, addr, &addrlen));
1251 } else { 1285 } else {
@@ -1255,10 +1289,14 @@ static abi_long do_recvfrom(int fd, abi_ulong msg, size_t len, int flags, @@ -1255,10 +1289,14 @@ static abi_long do_recvfrom(int fd, abi_ulong msg, size_t len, int flags,
1255 if (!is_error(ret)) { 1289 if (!is_error(ret)) {
1256 if (target_addr) { 1290 if (target_addr) {
1257 host_to_target_sockaddr(target_addr, addr, addrlen); 1291 host_to_target_sockaddr(target_addr, addr, addrlen);
1258 - tput32(target_addrlen, addrlen); 1292 + if (put_user_u32(addrlen, target_addrlen)) {
  1293 + ret = -TARGET_EFAULT;
  1294 + goto fail;
  1295 + }
1259 } 1296 }
1260 unlock_user(host_msg, msg, len); 1297 unlock_user(host_msg, msg, len);
1261 } else { 1298 } else {
  1299 +fail:
1262 unlock_user(host_msg, msg, 0); 1300 unlock_user(host_msg, msg, 0);
1263 } 1301 }
1264 return ret; 1302 return ret;
@@ -1274,112 +1312,187 @@ static abi_long do_socketcall(int num, abi_ulong vptr) @@ -1274,112 +1312,187 @@ static abi_long do_socketcall(int num, abi_ulong vptr)
1274 switch(num) { 1312 switch(num) {
1275 case SOCKOP_socket: 1313 case SOCKOP_socket:
1276 { 1314 {
1277 - int domain = tgetl(vptr);  
1278 - int type = tgetl(vptr + n);  
1279 - int protocol = tgetl(vptr + 2 * n); 1315 + int domain, type, protocol;
  1316 +
  1317 + if (get_user_s32(domain, vptr)
  1318 + || get_user_s32(type, vptr + n)
  1319 + || get_user_s32(protocol, vptr + 2 * n))
  1320 + return -TARGET_EFAULT;
  1321 +
1280 ret = do_socket(domain, type, protocol); 1322 ret = do_socket(domain, type, protocol);
1281 } 1323 }
1282 break; 1324 break;
1283 case SOCKOP_bind: 1325 case SOCKOP_bind:
1284 { 1326 {
1285 - int sockfd = tgetl(vptr);  
1286 - abi_ulong target_addr = tgetl(vptr + n);  
1287 - socklen_t addrlen = tgetl(vptr + 2 * n); 1327 + int sockfd;
  1328 + abi_ulong target_addr;
  1329 + socklen_t addrlen;
  1330 +
  1331 + if (get_user_s32(sockfd, vptr)
  1332 + || get_user_ual(target_addr, vptr + n)
  1333 + || get_user_u32(addrlen, vptr + 2 * n))
  1334 + return -TARGET_EFAULT;
  1335 +
1288 ret = do_bind(sockfd, target_addr, addrlen); 1336 ret = do_bind(sockfd, target_addr, addrlen);
1289 } 1337 }
1290 break; 1338 break;
1291 case SOCKOP_connect: 1339 case SOCKOP_connect:
1292 { 1340 {
1293 - int sockfd = tgetl(vptr);  
1294 - abi_ulong target_addr = tgetl(vptr + n);  
1295 - socklen_t addrlen = tgetl(vptr + 2 * n); 1341 + int sockfd;
  1342 + abi_ulong target_addr;
  1343 + socklen_t addrlen;
  1344 +
  1345 + if (get_user_s32(sockfd, vptr)
  1346 + || get_user_ual(target_addr, vptr + n)
  1347 + || get_user_u32(addrlen, vptr + 2 * n))
  1348 + return -TARGET_EFAULT;
  1349 +
1296 ret = do_connect(sockfd, target_addr, addrlen); 1350 ret = do_connect(sockfd, target_addr, addrlen);
1297 } 1351 }
1298 break; 1352 break;
1299 case SOCKOP_listen: 1353 case SOCKOP_listen:
1300 { 1354 {
1301 - int sockfd = tgetl(vptr);  
1302 - int backlog = tgetl(vptr + n); 1355 + int sockfd, backlog;
  1356 +
  1357 + if (get_user_s32(sockfd, vptr)
  1358 + || get_user_s32(backlog, vptr + n))
  1359 + return -TARGET_EFAULT;
  1360 +
1303 ret = get_errno(listen(sockfd, backlog)); 1361 ret = get_errno(listen(sockfd, backlog));
1304 } 1362 }
1305 break; 1363 break;
1306 case SOCKOP_accept: 1364 case SOCKOP_accept:
1307 { 1365 {
1308 - int sockfd = tgetl(vptr);  
1309 - abi_ulong target_addr = tgetl(vptr + n);  
1310 - abi_ulong target_addrlen = tgetl(vptr + 2 * n); 1366 + int sockfd;
  1367 + abi_ulong target_addr, target_addrlen;
  1368 +
  1369 + if (get_user_s32(sockfd, vptr)
  1370 + || get_user_ual(target_addr, vptr + n)
  1371 + || get_user_u32(target_addrlen, vptr + 2 * n))
  1372 + return -TARGET_EFAULT;
  1373 +
1311 ret = do_accept(sockfd, target_addr, target_addrlen); 1374 ret = do_accept(sockfd, target_addr, target_addrlen);
1312 } 1375 }
1313 break; 1376 break;
1314 case SOCKOP_getsockname: 1377 case SOCKOP_getsockname:
1315 { 1378 {
1316 - int sockfd = tgetl(vptr);  
1317 - abi_ulong target_addr = tgetl(vptr + n);  
1318 - abi_ulong target_addrlen = tgetl(vptr + 2 * n); 1379 + int sockfd;
  1380 + abi_ulong target_addr, target_addrlen;
  1381 +
  1382 + if (get_user_s32(sockfd, vptr)
  1383 + || get_user_ual(target_addr, vptr + n)
  1384 + || get_user_u32(target_addrlen, vptr + 2 * n))
  1385 + return -TARGET_EFAULT;
  1386 +
1319 ret = do_getsockname(sockfd, target_addr, target_addrlen); 1387 ret = do_getsockname(sockfd, target_addr, target_addrlen);
1320 } 1388 }
1321 break; 1389 break;
1322 case SOCKOP_getpeername: 1390 case SOCKOP_getpeername:
1323 { 1391 {
1324 - int sockfd = tgetl(vptr);  
1325 - abi_ulong target_addr = tgetl(vptr + n);  
1326 - abi_ulong target_addrlen = tgetl(vptr + 2 * n); 1392 + int sockfd;
  1393 + abi_ulong target_addr, target_addrlen;
  1394 +
  1395 + if (get_user_s32(sockfd, vptr)
  1396 + || get_user_ual(target_addr, vptr + n)
  1397 + || get_user_u32(target_addrlen, vptr + 2 * n))
  1398 + return -TARGET_EFAULT;
  1399 +
1327 ret = do_getpeername(sockfd, target_addr, target_addrlen); 1400 ret = do_getpeername(sockfd, target_addr, target_addrlen);
1328 } 1401 }
1329 break; 1402 break;
1330 case SOCKOP_socketpair: 1403 case SOCKOP_socketpair:
1331 { 1404 {
1332 - int domain = tgetl(vptr);  
1333 - int type = tgetl(vptr + n);  
1334 - int protocol = tgetl(vptr + 2 * n);  
1335 - abi_ulong tab = tgetl(vptr + 3 * n); 1405 + int domain, type, protocol;
  1406 + abi_ulong tab;
  1407 +
  1408 + if (get_user_s32(domain, vptr)
  1409 + || get_user_s32(type, vptr + n)
  1410 + || get_user_s32(protocol, vptr + 2 * n)
  1411 + || get_user_ual(tab, vptr + 3 * n))
  1412 + return -TARGET_EFAULT;
  1413 +
1336 ret = do_socketpair(domain, type, protocol, tab); 1414 ret = do_socketpair(domain, type, protocol, tab);
1337 } 1415 }
1338 break; 1416 break;
1339 case SOCKOP_send: 1417 case SOCKOP_send:
1340 { 1418 {
1341 - int sockfd = tgetl(vptr);  
1342 - abi_ulong msg = tgetl(vptr + n);  
1343 - size_t len = tgetl(vptr + 2 * n);  
1344 - int flags = tgetl(vptr + 3 * n); 1419 + int sockfd;
  1420 + abi_ulong msg;
  1421 + size_t len;
  1422 + int flags;
  1423 +
  1424 + if (get_user_s32(sockfd, vptr)
  1425 + || get_user_ual(msg, vptr + n)
  1426 + || get_user_ual(len, vptr + 2 * n)
  1427 + || get_user_s32(flags, vptr + 3 * n))
  1428 + return -TARGET_EFAULT;
  1429 +
1345 ret = do_sendto(sockfd, msg, len, flags, 0, 0); 1430 ret = do_sendto(sockfd, msg, len, flags, 0, 0);
1346 } 1431 }
1347 break; 1432 break;
1348 case SOCKOP_recv: 1433 case SOCKOP_recv:
1349 { 1434 {
1350 - int sockfd = tgetl(vptr);  
1351 - abi_ulong msg = tgetl(vptr + n);  
1352 - size_t len = tgetl(vptr + 2 * n);  
1353 - int flags = tgetl(vptr + 3 * n); 1435 + int sockfd;
  1436 + abi_ulong msg;
  1437 + size_t len;
  1438 + int flags;
  1439 +
  1440 + if (get_user_s32(sockfd, vptr)
  1441 + || get_user_ual(msg, vptr + n)
  1442 + || get_user_ual(len, vptr + 2 * n)
  1443 + || get_user_s32(flags, vptr + 3 * n))
  1444 + return -TARGET_EFAULT;
  1445 +
1354 ret = do_recvfrom(sockfd, msg, len, flags, 0, 0); 1446 ret = do_recvfrom(sockfd, msg, len, flags, 0, 0);
1355 } 1447 }
1356 break; 1448 break;
1357 case SOCKOP_sendto: 1449 case SOCKOP_sendto:
1358 { 1450 {
1359 - int sockfd = tgetl(vptr);  
1360 - abi_ulong msg = tgetl(vptr + n);  
1361 - size_t len = tgetl(vptr + 2 * n);  
1362 - int flags = tgetl(vptr + 3 * n);  
1363 - abi_ulong addr = tgetl(vptr + 4 * n);  
1364 - socklen_t addrlen = tgetl(vptr + 5 * n); 1451 + int sockfd;
  1452 + abi_ulong msg;
  1453 + size_t len;
  1454 + int flags;
  1455 + abi_ulong addr;
  1456 + socklen_t addrlen;
  1457 +
  1458 + if (get_user_s32(sockfd, vptr)
  1459 + || get_user_ual(msg, vptr + n)
  1460 + || get_user_ual(len, vptr + 2 * n)
  1461 + || get_user_s32(flags, vptr + 3 * n)
  1462 + || get_user_ual(addr, vptr + 4 * n)
  1463 + || get_user_u32(addrlen, vptr + 5 * n))
  1464 + return -TARGET_EFAULT;
  1465 +
1365 ret = do_sendto(sockfd, msg, len, flags, addr, addrlen); 1466 ret = do_sendto(sockfd, msg, len, flags, addr, addrlen);
1366 } 1467 }
1367 break; 1468 break;
1368 case SOCKOP_recvfrom: 1469 case SOCKOP_recvfrom:
1369 { 1470 {
1370 - int sockfd = tgetl(vptr);  
1371 - abi_ulong msg = tgetl(vptr + n);  
1372 - size_t len = tgetl(vptr + 2 * n);  
1373 - int flags = tgetl(vptr + 3 * n);  
1374 - abi_ulong addr = tgetl(vptr + 4 * n);  
1375 - abi_ulong addrlen = tgetl(vptr + 5 * n); 1471 + int sockfd;
  1472 + abi_ulong msg;
  1473 + size_t len;
  1474 + int flags;
  1475 + abi_ulong addr;
  1476 + socklen_t addrlen;
  1477 +
  1478 + if (get_user_s32(sockfd, vptr)
  1479 + || get_user_ual(msg, vptr + n)
  1480 + || get_user_ual(len, vptr + 2 * n)
  1481 + || get_user_s32(flags, vptr + 3 * n)
  1482 + || get_user_ual(addr, vptr + 4 * n)
  1483 + || get_user_u32(addrlen, vptr + 5 * n))
  1484 + return -TARGET_EFAULT;
  1485 +
1376 ret = do_recvfrom(sockfd, msg, len, flags, addr, addrlen); 1486 ret = do_recvfrom(sockfd, msg, len, flags, addr, addrlen);
1377 } 1487 }
1378 break; 1488 break;
1379 case SOCKOP_shutdown: 1489 case SOCKOP_shutdown:
1380 { 1490 {
1381 - int sockfd = tgetl(vptr);  
1382 - int how = tgetl(vptr + n); 1491 + int sockfd, how;
  1492 +
  1493 + if (get_user_s32(sockfd, vptr)
  1494 + || get_user_s32(how, vptr + n))
  1495 + return -TARGET_EFAULT;
1383 1496
1384 ret = get_errno(shutdown(sockfd, how)); 1497 ret = get_errno(shutdown(sockfd, how));
1385 } 1498 }
@@ -1391,9 +1504,10 @@ static abi_long do_socketcall(int num, abi_ulong vptr) @@ -1391,9 +1504,10 @@ static abi_long do_socketcall(int num, abi_ulong vptr)
1391 abi_ulong target_msg; 1504 abi_ulong target_msg;
1392 int flags; 1505 int flags;
1393 1506
1394 - fd = tgetl(vptr);  
1395 - target_msg = tgetl(vptr + n);  
1396 - flags = tgetl(vptr + 2 * n); 1507 + if (get_user_s32(fd, vptr)
  1508 + || get_user_ual(target_msg, vptr + n)
  1509 + || get_user_s32(flags, vptr + 2 * n))
  1510 + return -TARGET_EFAULT;
1397 1511
1398 ret = do_sendrecvmsg(fd, target_msg, flags, 1512 ret = do_sendrecvmsg(fd, target_msg, flags,
1399 (num == SOCKOP_sendmsg)); 1513 (num == SOCKOP_sendmsg));
@@ -1401,24 +1515,38 @@ static abi_long do_socketcall(int num, abi_ulong vptr) @@ -1401,24 +1515,38 @@ static abi_long do_socketcall(int num, abi_ulong vptr)
1401 break; 1515 break;
1402 case SOCKOP_setsockopt: 1516 case SOCKOP_setsockopt:
1403 { 1517 {
1404 - int sockfd = tgetl(vptr);  
1405 - int level = tgetl(vptr + n);  
1406 - int optname = tgetl(vptr + 2 * n);  
1407 - abi_ulong optval = tgetl(vptr + 3 * n);  
1408 - socklen_t optlen = tgetl(vptr + 4 * n); 1518 + int sockfd;
  1519 + int level;
  1520 + int optname;
  1521 + abi_ulong optval;
  1522 + socklen_t optlen;
  1523 +
  1524 + if (get_user_s32(sockfd, vptr)
  1525 + || get_user_s32(level, vptr + n)
  1526 + || get_user_s32(optname, vptr + 2 * n)
  1527 + || get_user_ual(optval, vptr + 3 * n)
  1528 + || get_user_u32(optlen, vptr + 4 * n))
  1529 + return -TARGET_EFAULT;
1409 1530
1410 ret = do_setsockopt(sockfd, level, optname, optval, optlen); 1531 ret = do_setsockopt(sockfd, level, optname, optval, optlen);
1411 } 1532 }
1412 break; 1533 break;
1413 case SOCKOP_getsockopt: 1534 case SOCKOP_getsockopt:
1414 { 1535 {
1415 - int sockfd = tgetl(vptr);  
1416 - int level = tgetl(vptr + n);  
1417 - int optname = tgetl(vptr + 2 * n);  
1418 - abi_ulong optval = tgetl(vptr + 3 * n);  
1419 - abi_ulong poptlen = tgetl(vptr + 4 * n); 1536 + int sockfd;
  1537 + int level;
  1538 + int optname;
  1539 + abi_ulong optval;
  1540 + socklen_t optlen;
  1541 +
  1542 + if (get_user_s32(sockfd, vptr)
  1543 + || get_user_s32(level, vptr + n)
  1544 + || get_user_s32(optname, vptr + 2 * n)
  1545 + || get_user_ual(optval, vptr + 3 * n)
  1546 + || get_user_u32(optlen, vptr + 4 * n))
  1547 + return -TARGET_EFAULT;
1420 1548
1421 - ret = do_getsockopt(sockfd, level, optname, optval, poptlen); 1549 + ret = do_getsockopt(sockfd, level, optname, optval, optlen);
1422 } 1550 }
1423 break; 1551 break;
1424 default: 1552 default:
@@ -1883,7 +2011,7 @@ static abi_long do_ipc(unsigned int call, int first, @@ -1883,7 +2011,7 @@ static abi_long do_ipc(unsigned int call, int first,
1883 break; 2011 break;
1884 } 2012 }
1885 } 2013 }
1886 - if (put_user(raddr, third, abi_ulong)) 2014 + if (put_user_ual(raddr, third))
1887 return -TARGET_EFAULT; 2015 return -TARGET_EFAULT;
1888 ret = 0; 2016 ret = 0;
1889 } 2017 }
@@ -2957,10 +3085,8 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, @@ -2957,10 +3085,8 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
2957 unlock_user(p, arg2, 0); 3085 unlock_user(p, arg2, 0);
2958 break; 3086 break;
2959 case TARGET_NR_open: 3087 case TARGET_NR_open:
2960 - if (!(p = lock_user_string(arg1))) {  
2961 - return -TARGET_EFAULT;  
2962 - goto fail;  
2963 - } 3088 + if (!(p = lock_user_string(arg1)))
  3089 + goto efault;
2964 ret = get_errno(open(path(p), 3090 ret = get_errno(open(path(p),
2965 target_to_host_bitmask(arg2, fcntl_flags_tbl), 3091 target_to_host_bitmask(arg2, fcntl_flags_tbl),
2966 arg3)); 3092 arg3));
@@ -2991,8 +3117,9 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, @@ -2991,8 +3117,9 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
2991 { 3117 {
2992 int status; 3118 int status;
2993 ret = get_errno(waitpid(arg1, &status, arg3)); 3119 ret = get_errno(waitpid(arg1, &status, arg3));
2994 - if (!is_error(ret) && arg2)  
2995 - tput32(arg2, status); 3120 + if (!is_error(ret) && arg2
  3121 + && put_user_s32(status, arg2))
  3122 + goto efault;
2996 } 3123 }
2997 break; 3124 break;
2998 #endif 3125 #endif
@@ -3059,56 +3186,71 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, @@ -3059,56 +3186,71 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
3059 3186
3060 argc = 0; 3187 argc = 0;
3061 guest_argp = arg2; 3188 guest_argp = arg2;
3062 - for (gp = guest_argp; tgetl(gp); gp++) 3189 + for (gp = guest_argp; ; gp++) {
  3190 + if (get_user_ual(guest_argp, gp))
  3191 + goto efault;
  3192 + if (!guest_argp)
  3193 + break;
3063 argc++; 3194 argc++;
  3195 + }
3064 envc = 0; 3196 envc = 0;
3065 guest_envp = arg3; 3197 guest_envp = arg3;
3066 - for (gp = guest_envp; tgetl(gp); gp++) 3198 + for (gp = guest_envp; ; gp++) {
  3199 + if (get_user_ual(guest_envp, gp))
  3200 + goto efault;
  3201 + if (!guest_envp)
  3202 + break;
3067 envc++; 3203 envc++;
  3204 + }
3068 3205
3069 argp = alloca((argc + 1) * sizeof(void *)); 3206 argp = alloca((argc + 1) * sizeof(void *));
3070 envp = alloca((envc + 1) * sizeof(void *)); 3207 envp = alloca((envc + 1) * sizeof(void *));
3071 3208
3072 for (gp = guest_argp, q = argp; ; 3209 for (gp = guest_argp, q = argp; ;
3073 gp += sizeof(abi_ulong), q++) { 3210 gp += sizeof(abi_ulong), q++) {
3074 - addr = tgetl(gp); 3211 + if (get_user_ual(addr, gp))
  3212 + goto execve_efault;
3075 if (!addr) 3213 if (!addr)
3076 break; 3214 break;
3077 - if (!(*q = lock_user_string(addr))) {  
3078 - ret = -TARGET_EFAULT;  
3079 - goto execve_fail;  
3080 - } 3215 + if (!(*q = lock_user_string(addr)))
  3216 + goto execve_efault;
3081 } 3217 }
3082 *q = NULL; 3218 *q = NULL;
3083 3219
3084 for (gp = guest_envp, q = envp; ; 3220 for (gp = guest_envp, q = envp; ;
3085 gp += sizeof(abi_ulong), q++) { 3221 gp += sizeof(abi_ulong), q++) {
3086 - addr = tgetl(gp); 3222 + if (get_user_ual(addr, gp))
  3223 + goto execve_efault;
3087 if (!addr) 3224 if (!addr)
3088 break; 3225 break;
3089 - if (!(*q = lock_user_string(addr))) {  
3090 - ret = -TARGET_EFAULT;  
3091 - goto execve_fail;  
3092 - } 3226 + if (!(*q = lock_user_string(addr)))
  3227 + goto execve_efault;
3093 } 3228 }
3094 *q = NULL; 3229 *q = NULL;
3095 3230
3096 - if (!(p = lock_user_string(arg1))) {  
3097 - ret = -TARGET_EFAULT;  
3098 - goto execve_fail;  
3099 - } 3231 + if (!(p = lock_user_string(arg1)))
  3232 + goto execve_efault;
3100 ret = get_errno(execve(p, argp, envp)); 3233 ret = get_errno(execve(p, argp, envp));
3101 unlock_user(p, arg1, 0); 3234 unlock_user(p, arg1, 0);
3102 3235
3103 - execve_fail: 3236 + goto execve_end;
  3237 +
  3238 + execve_efault:
  3239 + ret = -TARGET_EFAULT;
  3240 +
  3241 + execve_end:
3104 for (gp = guest_argp, q = argp; *q; 3242 for (gp = guest_argp, q = argp; *q;
3105 gp += sizeof(abi_ulong), q++) { 3243 gp += sizeof(abi_ulong), q++) {
3106 - addr = tgetl(gp); 3244 + if (get_user_ual(addr, gp)
  3245 + || !addr)
  3246 + break;
3107 unlock_user(*q, addr, 0); 3247 unlock_user(*q, addr, 0);
3108 } 3248 }
3109 for (gp = guest_envp, q = envp; *q; 3249 for (gp = guest_envp, q = envp; *q;
3110 gp += sizeof(abi_ulong), q++) { 3250 gp += sizeof(abi_ulong), q++) {
3111 - addr = tgetl(gp); 3251 + if (get_user_ual(addr, gp)
  3252 + || !addr)
  3253 + break;
3112 unlock_user(*q, addr, 0); 3254 unlock_user(*q, addr, 0);
3113 } 3255 }
3114 } 3256 }
@@ -3124,8 +3266,10 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, @@ -3124,8 +3266,10 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
3124 { 3266 {
3125 time_t host_time; 3267 time_t host_time;
3126 ret = get_errno(time(&host_time)); 3268 ret = get_errno(time(&host_time));
3127 - if (!is_error(ret) && arg1)  
3128 - tputl(arg1, host_time); 3269 + if (!is_error(ret)
  3270 + && arg1
  3271 + && put_user_sal(host_time, arg1))
  3272 + goto efault;
3129 } 3273 }
3130 break; 3274 break;
3131 #endif 3275 #endif
@@ -3199,7 +3343,8 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, @@ -3199,7 +3343,8 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
3199 case TARGET_NR_stime: 3343 case TARGET_NR_stime:
3200 { 3344 {
3201 time_t host_time; 3345 time_t host_time;
3202 - host_time = tgetl(arg1); 3346 + if (get_user_sal(host_time, arg1))
  3347 + goto efault;
3203 ret = get_errno(stime(&host_time)); 3348 ret = get_errno(stime(&host_time));
3204 } 3349 }
3205 break; 3350 break;
@@ -3358,8 +3503,9 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, @@ -3358,8 +3503,9 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
3358 env->gpr[3][env->current_tc] = host_pipe[1]; 3503 env->gpr[3][env->current_tc] = host_pipe[1];
3359 ret = host_pipe[0]; 3504 ret = host_pipe[0];
3360 #else 3505 #else
3361 - tput32(arg1, host_pipe[0]);  
3362 - tput32(arg1 + 4, host_pipe[1]); 3506 + if (put_user_s32(host_pipe[0], arg1)
  3507 + || put_user_s32(host_pipe[1], arg1 + sizeof(host_pipe[0])))
  3508 + goto efault;
3363 #endif 3509 #endif
3364 } 3510 }
3365 } 3511 }
@@ -4267,11 +4413,12 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, @@ -4267,11 +4413,12 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
4267 rusage_ptr = NULL; 4413 rusage_ptr = NULL;
4268 ret = get_errno(wait4(arg1, &status, arg3, rusage_ptr)); 4414 ret = get_errno(wait4(arg1, &status, arg3, rusage_ptr));
4269 if (!is_error(ret)) { 4415 if (!is_error(ret)) {
4270 - if (status_ptr)  
4271 - tputl(status_ptr, status);  
4272 - if (target_rusage) {  
4273 - host_to_target_rusage(target_rusage, &rusage); 4416 + if (status_ptr) {
  4417 + if (put_user_s32(status, status_ptr))
  4418 + goto efault;
4274 } 4419 }
  4420 + if (target_rusage)
  4421 + host_to_target_rusage(target_rusage, &rusage);
4275 } 4422 }
4276 } 4423 }
4277 break; 4424 break;
@@ -4404,11 +4551,13 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, @@ -4404,11 +4551,13 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
4404 { 4551 {
4405 #if defined (__x86_64__) 4552 #if defined (__x86_64__)
4406 ret = get_errno(lseek(arg1, ((uint64_t )arg2 << 32) | arg3, arg5)); 4553 ret = get_errno(lseek(arg1, ((uint64_t )arg2 << 32) | arg3, arg5));
4407 - tput64(arg4, ret); 4554 + if (put_user_s64(ret, arg4))
  4555 + goto efault;
4408 #else 4556 #else
4409 int64_t res; 4557 int64_t res;
4410 ret = get_errno(_llseek(arg1, arg2, arg3, &res, arg5)); 4558 ret = get_errno(_llseek(arg1, arg2, arg3, &res, arg5));
4411 - tput64(arg4, res); 4559 + if (put_user_s64(res, arg4))
  4560 + goto efault;
4412 #endif 4561 #endif
4413 } 4562 }
4414 break; 4563 break;
@@ -4674,8 +4823,9 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, @@ -4674,8 +4823,9 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
4674 { 4823 {
4675 int deathsig; 4824 int deathsig;
4676 ret = get_errno(prctl(arg1, &deathsig, arg3, arg4, arg5)); 4825 ret = get_errno(prctl(arg1, &deathsig, arg3, arg4, arg5));
4677 - if (!is_error(ret) && arg2)  
4678 - tput32(arg2, deathsig); 4826 + if (!is_error(ret) && arg2
  4827 + && put_user_ual(deathsig, arg2))
  4828 + goto efault;
4679 } 4829 }
4680 break; 4830 break;
4681 default: 4831 default:
@@ -4932,9 +5082,10 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, @@ -4932,9 +5082,10 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
4932 uid_t ruid, euid, suid; 5082 uid_t ruid, euid, suid;
4933 ret = get_errno(getresuid(&ruid, &euid, &suid)); 5083 ret = get_errno(getresuid(&ruid, &euid, &suid));
4934 if (!is_error(ret)) { 5084 if (!is_error(ret)) {
4935 - tput16(arg1, tswap16(high2lowuid(ruid)));  
4936 - tput16(arg2, tswap16(high2lowuid(euid)));  
4937 - tput16(arg3, tswap16(high2lowuid(suid))); 5085 + if (put_user_u16(high2lowuid(ruid), arg1)
  5086 + || put_user_u16(high2lowuid(euid), arg2)
  5087 + || put_user_u16(high2lowuid(suid), arg3))
  5088 + goto efault;
4938 } 5089 }
4939 } 5090 }
4940 break; 5091 break;
@@ -4952,9 +5103,10 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, @@ -4952,9 +5103,10 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
4952 gid_t rgid, egid, sgid; 5103 gid_t rgid, egid, sgid;
4953 ret = get_errno(getresgid(&rgid, &egid, &sgid)); 5104 ret = get_errno(getresgid(&rgid, &egid, &sgid));
4954 if (!is_error(ret)) { 5105 if (!is_error(ret)) {
4955 - tput16(arg1, tswap16(high2lowgid(rgid)));  
4956 - tput16(arg2, tswap16(high2lowgid(egid)));  
4957 - tput16(arg3, tswap16(high2lowgid(sgid))); 5106 + if (put_user_u16(high2lowgid(rgid), arg1)
  5107 + || put_user_u16(high2lowgid(egid), arg2)
  5108 + || put_user_u16(high2lowgid(sgid), arg3))
  5109 + goto efault;
4958 } 5110 }
4959 } 5111 }
4960 break; 5112 break;
@@ -5077,9 +5229,10 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, @@ -5077,9 +5229,10 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
5077 uid_t ruid, euid, suid; 5229 uid_t ruid, euid, suid;
5078 ret = get_errno(getresuid(&ruid, &euid, &suid)); 5230 ret = get_errno(getresuid(&ruid, &euid, &suid));
5079 if (!is_error(ret)) { 5231 if (!is_error(ret)) {
5080 - tput32(arg1, tswap32(ruid));  
5081 - tput32(arg2, tswap32(euid));  
5082 - tput32(arg3, tswap32(suid)); 5232 + if (put_user_u32(ruid, arg1)
  5233 + || put_user_u32(euid, arg2)
  5234 + || put_user_u32(suid, arg3))
  5235 + goto efault;
5083 } 5236 }
5084 } 5237 }
5085 break; 5238 break;
@@ -5095,9 +5248,10 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, @@ -5095,9 +5248,10 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
5095 gid_t rgid, egid, sgid; 5248 gid_t rgid, egid, sgid;
5096 ret = get_errno(getresgid(&rgid, &egid, &sgid)); 5249 ret = get_errno(getresgid(&rgid, &egid, &sgid));
5097 if (!is_error(ret)) { 5250 if (!is_error(ret)) {
5098 - tput32(arg1, tswap32(rgid));  
5099 - tput32(arg2, tswap32(egid));  
5100 - tput32(arg3, tswap32(sgid)); 5251 + if (put_user_u32(rgid, arg1)
  5252 + || put_user_u32(egid, arg2)
  5253 + || put_user_u32(sgid, arg3))
  5254 + goto efault;
5101 } 5255 }
5102 } 5256 }
5103 break; 5257 break;
m68k-semi.c
@@ -142,15 +142,23 @@ static void m68k_semi_cb(CPUState *env, target_ulong ret, target_ulong err) @@ -142,15 +142,23 @@ static void m68k_semi_cb(CPUState *env, target_ulong ret, target_ulong err)
142 if (m68k_semi_is_fseek) { 142 if (m68k_semi_is_fseek) {
143 /* FIXME: We've already lost the high bits of the fseek 143 /* FIXME: We've already lost the high bits of the fseek
144 return value. */ 144 return value. */
145 - tput32(args, 0); 145 + /* FIXME - handle put_user() failure */
  146 + put_user_u32(0, args);
146 args += 4; 147 args += 4;
147 m68k_semi_is_fseek = 0; 148 m68k_semi_is_fseek = 0;
148 } 149 }
149 - tput32(args, ret);  
150 - tput32(args + 4, errno); 150 + /* FIXME - handle put_user() failure */
  151 + put_user_u32(ret, args);
  152 + put_user_u32(errno, args + 4);
151 } 153 }
152 154
153 -#define ARG(x) tget32(args + (x) * 4) 155 +#define ARG(n) \
  156 +({ \
  157 + target_ulong __arg; \
  158 + /* FIXME - handle get_user() failure */ \
  159 + get_user_ual(__arg, args + (n) * 4); \
  160 + __arg; \
  161 +})
154 #define PARG(x) ((unsigned long)ARG(x)) 162 #define PARG(x) ((unsigned long)ARG(x))
155 void do_m68k_semihosting(CPUM68KState *env, int nr) 163 void do_m68k_semihosting(CPUM68KState *env, int nr)
156 { 164 {
@@ -237,9 +245,10 @@ void do_m68k_semihosting(CPUM68KState *env, int nr) @@ -237,9 +245,10 @@ void do_m68k_semihosting(CPUM68KState *env, int nr)
237 ARG(0), off, ARG(3)); 245 ARG(0), off, ARG(3));
238 } else { 246 } else {
239 off = lseek(ARG(0), off, ARG(3)); 247 off = lseek(ARG(0), off, ARG(3));
240 - tput32(args, off >> 32);  
241 - tput32(args + 4, off);  
242 - tput32(args + 8, errno); 248 + /* FIXME - handle put_user() failure */
  249 + put_user_u32(off >> 32, args);
  250 + put_user_u32(off, args + 4);
  251 + put_user_u32(errno, args + 8);
243 } 252 }
244 return; 253 return;
245 } 254 }
@@ -390,6 +399,7 @@ void do_m68k_semihosting(CPUM68KState *env, int nr) @@ -390,6 +399,7 @@ void do_m68k_semihosting(CPUM68KState *env, int nr)
390 cpu_abort(env, "Unsupported semihosting syscall %d\n", nr); 399 cpu_abort(env, "Unsupported semihosting syscall %d\n", nr);
391 result = 0; 400 result = 0;
392 } 401 }
393 - tput32(args, result);  
394 - tput32(args + 4, errno); 402 + /* FIXME - handle put_user() failure */
  403 + put_user_u32(result, args);
  404 + put_user_u32(errno, args + 4);
395 } 405 }
softmmu-semi.h
@@ -21,15 +21,18 @@ static inline uint32_t softmmu_tget8(CPUState *env, uint32_t addr) @@ -21,15 +21,18 @@ static inline uint32_t softmmu_tget8(CPUState *env, uint32_t addr)
21 cpu_memory_rw_debug(env, addr, &val, 1, 0); 21 cpu_memory_rw_debug(env, addr, &val, 1, 0);
22 return val; 22 return val;
23 } 23 }
24 -#define tget32(p) softmmu_tget32(env, p)  
25 -#define tget8(p) softmmu_tget8(env, p) 24 +
  25 +#define get_user_u32(arg, p) ({ arg = softmmu_tget32(env, p) ; 0; })
  26 +#define get_user_u8(arg, p) ({ arg = softmmu_tget8(env, p) ; 0; })
  27 +#define get_user_ual(arg, p) get_user_u32(arg, p)
26 28
27 static inline void softmmu_tput32(CPUState *env, uint32_t addr, uint32_t val) 29 static inline void softmmu_tput32(CPUState *env, uint32_t addr, uint32_t val)
28 { 30 {
29 val = tswap32(val); 31 val = tswap32(val);
30 cpu_memory_rw_debug(env, addr, (uint8_t *)&val, 4, 1); 32 cpu_memory_rw_debug(env, addr, (uint8_t *)&val, 4, 1);
31 } 33 }
32 -#define tput32(p, val) softmmu_tput32(env, p, val) 34 +#define put_user_u32(arg, p) ({ softmmu_tput32(env, p, arg) ; 0; })
  35 +#define put_user_ual(arg, p) put_user_u32(arg, p)
33 36
34 static void *softmmu_lock_user(CPUState *env, uint32_t addr, uint32_t len, 37 static void *softmmu_lock_user(CPUState *env, uint32_t addr, uint32_t len,
35 int copy) 38 int copy)
target-arm/nwfpe/fpa11_cpdt.c
@@ -34,7 +34,8 @@ void loadSingle(const unsigned int Fn,const unsigned int *pMem) @@ -34,7 +34,8 @@ void loadSingle(const unsigned int Fn,const unsigned int *pMem)
34 target_ulong addr = (target_ulong)(long)pMem; 34 target_ulong addr = (target_ulong)(long)pMem;
35 FPA11 *fpa11 = GET_FPA11(); 35 FPA11 *fpa11 = GET_FPA11();
36 fpa11->fType[Fn] = typeSingle; 36 fpa11->fType[Fn] = typeSingle;
37 - fpa11->fpreg[Fn].fSingle = tget32(addr); 37 + /* FIXME - handle failure of get_user() */
  38 + get_user_u32(fpa11->fpreg[Fn].fSingle, addr);
38 } 39 }
39 40
40 static inline 41 static inline
@@ -46,11 +47,13 @@ void loadDouble(const unsigned int Fn,const unsigned int *pMem) @@ -46,11 +47,13 @@ void loadDouble(const unsigned int Fn,const unsigned int *pMem)
46 p = (unsigned int*)&fpa11->fpreg[Fn].fDouble; 47 p = (unsigned int*)&fpa11->fpreg[Fn].fDouble;
47 fpa11->fType[Fn] = typeDouble; 48 fpa11->fType[Fn] = typeDouble;
48 #ifdef WORDS_BIGENDIAN 49 #ifdef WORDS_BIGENDIAN
49 - p[0] = tget32(addr); /* sign & exponent */  
50 - p[1] = tget32(addr + 4); 50 + /* FIXME - handle failure of get_user() */
  51 + get_user_u32(p[0], addr); /* sign & exponent */
  52 + get_user_u32(p[1], addr + 4);
51 #else 53 #else
52 - p[0] = tget32(addr + 4);  
53 - p[1] = tget32(addr); /* sign & exponent */ 54 + /* FIXME - handle failure of get_user() */
  55 + get_user_u32(p[0], addr + 4);
  56 + get_user_u32(p[1], addr); /* sign & exponent */
54 #endif 57 #endif
55 } 58 }
56 59
@@ -62,9 +65,10 @@ void loadExtended(const unsigned int Fn,const unsigned int *pMem) @@ -62,9 +65,10 @@ void loadExtended(const unsigned int Fn,const unsigned int *pMem)
62 unsigned int *p; 65 unsigned int *p;
63 p = (unsigned int*)&fpa11->fpreg[Fn].fExtended; 66 p = (unsigned int*)&fpa11->fpreg[Fn].fExtended;
64 fpa11->fType[Fn] = typeExtended; 67 fpa11->fType[Fn] = typeExtended;
65 - p[0] = tget32(addr); /* sign & exponent */  
66 - p[1] = tget32(addr + 8); /* ls bits */  
67 - p[2] = tget32(addr + 4); /* ms bits */ 68 + /* FIXME - handle failure of get_user() */
  69 + get_user_u32(p[0], addr); /* sign & exponent */
  70 + get_user_u32(p[1], addr + 8); /* ls bits */
  71 + get_user_u32(p[2], addr + 4); /* ms bits */
68 } 72 }
69 73
70 static inline 74 static inline
@@ -76,7 +80,8 @@ void loadMultiple(const unsigned int Fn,const unsigned int *pMem) @@ -76,7 +80,8 @@ void loadMultiple(const unsigned int Fn,const unsigned int *pMem)
76 unsigned long x; 80 unsigned long x;
77 81
78 p = (unsigned int*)&(fpa11->fpreg[Fn]); 82 p = (unsigned int*)&(fpa11->fpreg[Fn]);
79 - x = tget32(addr); 83 + /* FIXME - handle failure of get_user() */
  84 + get_user_u32(x, addr);
80 fpa11->fType[Fn] = (x >> 14) & 0x00000003; 85 fpa11->fType[Fn] = (x >> 14) & 0x00000003;
81 86
82 switch (fpa11->fType[Fn]) 87 switch (fpa11->fType[Fn])
@@ -84,16 +89,18 @@ void loadMultiple(const unsigned int Fn,const unsigned int *pMem) @@ -84,16 +89,18 @@ void loadMultiple(const unsigned int Fn,const unsigned int *pMem)
84 case typeSingle: 89 case typeSingle:
85 case typeDouble: 90 case typeDouble:
86 { 91 {
87 - p[0] = tget32(addr + 8); /* Single */  
88 - p[1] = tget32(addr + 4); /* double msw */ 92 + /* FIXME - handle failure of get_user() */
  93 + get_user_u32(p[0], addr + 8); /* Single */
  94 + get_user_u32(p[1], addr + 4); /* double msw */
89 p[2] = 0; /* empty */ 95 p[2] = 0; /* empty */
90 } 96 }
91 break; 97 break;
92 98
93 case typeExtended: 99 case typeExtended:
94 { 100 {
95 - p[1] = tget32(addr + 8);  
96 - p[2] = tget32(addr + 4); /* msw */ 101 + /* FIXME - handle failure of get_user() */
  102 + get_user_u32(p[1], addr + 8);
  103 + get_user_u32(p[2], addr + 4); /* msw */
97 p[0] = (x & 0x80003fff); 104 p[0] = (x & 0x80003fff);
98 } 105 }
99 break; 106 break;
@@ -121,7 +128,8 @@ void storeSingle(const unsigned int Fn,unsigned int *pMem) @@ -121,7 +128,8 @@ void storeSingle(const unsigned int Fn,unsigned int *pMem)
121 default: val = fpa11->fpreg[Fn].fSingle; 128 default: val = fpa11->fpreg[Fn].fSingle;
122 } 129 }
123 130
124 - tput32(addr, p[0]); 131 + /* FIXME - handle put_user() failures */
  132 + put_user_u32(p[0], addr);
125 } 133 }
126 134
127 static inline 135 static inline
@@ -144,12 +152,13 @@ void storeDouble(const unsigned int Fn,unsigned int *pMem) @@ -144,12 +152,13 @@ void storeDouble(const unsigned int Fn,unsigned int *pMem)
144 152
145 default: val = fpa11->fpreg[Fn].fDouble; 153 default: val = fpa11->fpreg[Fn].fDouble;
146 } 154 }
  155 + /* FIXME - handle put_user() failures */
147 #ifdef WORDS_BIGENDIAN 156 #ifdef WORDS_BIGENDIAN
148 - tput32(addr, p[0]); /* msw */  
149 - tput32(addr + 4, p[1]); /* lsw */ 157 + put_user_u32(p[0], addr); /* msw */
  158 + put_user_u32(p[1], addr + 4); /* lsw */
150 #else 159 #else
151 - tput32(addr, p[1]); /* msw */  
152 - tput32(addr + 4, p[0]); /* lsw */ 160 + put_user_u32(p[1], addr); /* msw */
  161 + put_user_u32(p[0], addr + 4); /* lsw */
153 #endif 162 #endif
154 } 163 }
155 164
@@ -174,9 +183,10 @@ void storeExtended(const unsigned int Fn,unsigned int *pMem) @@ -174,9 +183,10 @@ void storeExtended(const unsigned int Fn,unsigned int *pMem)
174 default: val = fpa11->fpreg[Fn].fExtended; 183 default: val = fpa11->fpreg[Fn].fExtended;
175 } 184 }
176 185
177 - tput32(addr, p[0]); /* sign & exp */  
178 - tput32(addr + 8, p[1]);  
179 - tput32(addr + 4, p[2]); /* msw */ 186 + /* FIXME - handle put_user() failures */
  187 + put_user_u32(p[0], addr); /* sign & exp */
  188 + put_user_u32(p[1], addr + 8);
  189 + put_user_u32(p[2], addr + 4); /* msw */
180 } 190 }
181 191
182 static inline 192 static inline
@@ -194,17 +204,17 @@ void storeMultiple(const unsigned int Fn,unsigned int *pMem) @@ -194,17 +204,17 @@ void storeMultiple(const unsigned int Fn,unsigned int *pMem)
194 case typeSingle: 204 case typeSingle:
195 case typeDouble: 205 case typeDouble:
196 { 206 {
197 - tput32(addr + 8, p[0]); /* single */  
198 - tput32(addr + 4, p[1]); /* double msw */  
199 - tput32(addr, nType << 14); 207 + put_user_u32(p[0], addr + 8); /* single */
  208 + put_user_u32(p[1], addr + 4); /* double msw */
  209 + put_user_u32(nType << 14, addr);
200 } 210 }
201 break; 211 break;
202 212
203 case typeExtended: 213 case typeExtended:
204 { 214 {
205 - tput32(addr + 4, p[2]); /* msw */  
206 - tput32(addr + 8, p[1]);  
207 - tput32(addr, (p[0] & 0x80003fff) | (nType << 14)); 215 + put_user_u32(p[2], addr + 4); /* msw */
  216 + put_user_u32(p[1], addr + 8);
  217 + put_user_u32((p[0] & 0x80003fff) | (nType << 14), addr);
208 } 218 }
209 break; 219 break;
210 } 220 }