Revision 579a97f7

b/Makefile.target
260 260

  
261 261
ifdef CONFIG_LINUX_USER
262 262
OBJS= main.o syscall.o strace.o mmap.o signal.o path.o osdep.o thunk.o \
263
      elfload.o linuxload.o
263
      elfload.o linuxload.o uaccess.o
264 264
LIBS+= $(AIOLIBS)
265 265
ifdef TARGET_HAS_BFLT
266 266
OBJS+= flatload.o
b/arm-semi.c
184 184
    args = env->regs[1];
185 185
    switch (nr) {
186 186
    case SYS_OPEN:
187
        s = lock_user_string(ARG(0));
187
        if (!(s = lock_user_string(ARG(0))))
188
            /* FIXME - should this error code be -TARGET_EFAULT ? */
189
            return (uint32_t)-1;
188 190
        if (ARG(1) >= 12)
189
          return (uint32_t)-1;
191
            return (uint32_t)-1;
190 192
        if (strcmp(s, ":tt") == 0) {
191 193
            if (ARG(1) < 4)
192 194
                return STDIN_FILENO;
......
221 223
          }
222 224
        }
223 225
    case SYS_WRITE0:
224
        s = lock_user_string(args);
226
        if (!(s = lock_user_string(args)))
227
            /* FIXME - should this error code be -TARGET_EFAULT ? */
228
            return (uint32_t)-1;
225 229
        len = strlen(s);
226 230
        if (use_gdb_syscalls()) {
227 231
            gdb_do_syscall(arm_semi_cb, "write,2,%x,%x\n", args, len);
......
238 242
            gdb_do_syscall(arm_semi_cb, "write,%x,%x,%x", ARG(0), ARG(1), len);
239 243
            return env->regs[0];
240 244
        } else {
241
            s = lock_user(ARG(1), len, 1);
245
            if (!(s = lock_user(VERIFY_READ, ARG(1), len, 1)))
246
                /* FIXME - should this error code be -TARGET_EFAULT ? */
247
                return (uint32_t)-1;
242 248
            ret = set_swi_errno(ts, write(ARG(0), s, len));
243 249
            unlock_user(s, ARG(1), 0);
244 250
            if (ret == (uint32_t)-1)
......
252 258
            gdb_do_syscall(arm_semi_cb, "read,%x,%x,%x", ARG(0), ARG(1), len);
253 259
            return env->regs[0];
254 260
        } else {
255
            s = lock_user(ARG(1), len, 0);
261
            if (!(s = lock_user(VERIFY_WRITE, ARG(1), len, 0)))
262
                /* FIXME - should this error code be -TARGET_EFAULT ? */
263
                return (uint32_t)-1;
256 264
            do
257 265
              ret = set_swi_errno(ts, read(ARG(0), s, len));
258 266
            while (ret == -1 && errno == EINTR);
......
301 309
            gdb_do_syscall(arm_semi_cb, "unlink,%s", ARG(0), (int)ARG(1)+1);
302 310
            ret = env->regs[0];
303 311
        } else {
304
            s = lock_user_string(ARG(0));
312
            if (!(s = lock_user_string(ARG(0))))
313
                /* FIXME - should this error code be -TARGET_EFAULT ? */
314
                return (uint32_t)-1;
305 315
            ret =  set_swi_errno(ts, remove(s));
306 316
            unlock_user(s, ARG(0), 0);
307 317
        }
......
315 325
            char *s2;
316 326
            s = lock_user_string(ARG(0));
317 327
            s2 = lock_user_string(ARG(2));
318
            ret = set_swi_errno(ts, rename(s, s2));
319
            unlock_user(s2, ARG(2), 0);
320
            unlock_user(s, ARG(0), 0);
328
            if (!s || !s2)
329
                /* FIXME - should this error code be -TARGET_EFAULT ? */
330
                ret = (uint32_t)-1;
331
            else
332
                ret = set_swi_errno(ts, rename(s, s2));
333
            if (s2)
334
                unlock_user(s2, ARG(2), 0);
335
            if (s)
336
                unlock_user(s, ARG(0), 0);
321 337
            return ret;
322 338
        }
323 339
    case SYS_CLOCK:
......
329 345
            gdb_do_syscall(arm_semi_cb, "system,%s", ARG(0), (int)ARG(1)+1);
330 346
            return env->regs[0];
331 347
        } else {
332
            s = lock_user_string(ARG(0));
348
            if (!(s = lock_user_string(ARG(0))))
349
                /* FIXME - should this error code be -TARGET_EFAULT ? */
350
                return (uint32_t)-1;
333 351
            ret = set_swi_errno(ts, system(s));
334 352
            unlock_user(s, ARG(0), 0);
335 353
        }
......
346 364
            char **arg = ts->info->host_argv;
347 365
            int len = ARG(1);
348 366
            /* lock the buffer on the ARM side */
349
            char *cmdline_buffer = (char*)lock_user(ARG(0), len, 0);
367
            char *cmdline_buffer = (char*)lock_user(VERIFY_WRITE, ARG(0), len, 0);
368

  
369
            if (!cmdline_buffer)
370
                /* FIXME - should this error code be -TARGET_EFAULT ? */
371
                return (uint32_t)-1;
350 372

  
351 373
            s = cmdline_buffer;
352 374
            while (*arg && len > 2) {
......
402 424
                ts->heap_limit = limit;
403 425
            }
404 426

  
405
            ptr = lock_user(ARG(0), 16, 0);
427
            if (!(ptr = lock_user(VERIFY_WRITE, ARG(0), 16, 0)))
428
                /* FIXME - should this error code be -TARGET_EFAULT ? */
429
                return (uint32_t)-1;
406 430
            ptr[0] = tswap32(ts->heap_base);
407 431
            ptr[1] = tswap32(ts->heap_limit);
408 432
            ptr[2] = tswap32(ts->stack_base);
......
410 434
            unlock_user(ptr, ARG(0), 16);
411 435
#else
412 436
            limit = ram_size;
413
            ptr = lock_user(ARG(0), 16, 0);
437
            if (!(ptr = lock_user(VERIFY_WRITE, ARG(0), 16, 0)))
438
                /* FIXME - should this error code be -TARGET_EFAULT ? */
439
                return (uint32_t)-1;
414 440
            /* TODO: Make this use the limit of the loaded application.  */
415 441
            ptr[0] = tswap32(limit / 2);
416 442
            ptr[1] = tswap32(limit);
b/exec.c
2510 2510
        if (is_write) {
2511 2511
            if (!(flags & PAGE_WRITE))
2512 2512
                return;
2513
            p = lock_user(addr, len, 0);
2513
            /* XXX: this code should not depend on lock_user */
2514
            if (!(p = lock_user(VERIFY_WRITE, addr, len, 0)))
2515
                /* FIXME - should this return an error rather than just fail? */
2516
                return;
2514 2517
            memcpy(p, buf, len);
2515 2518
            unlock_user(p, addr, len);
2516 2519
        } else {
2517 2520
            if (!(flags & PAGE_READ))
2518 2521
                return;
2519
            p = lock_user(addr, len, 1);
2522
            /* XXX: this code should not depend on lock_user */
2523
            if (!(p = lock_user(VERIFY_READ, addr, len, 1)))
2524
                /* FIXME - should this return an error rather than just fail? */
2525
                return;
2520 2526
            memcpy(buf, p, len);
2521 2527
            unlock_user(p, addr, 0);
2522 2528
        }
b/linux-user/elfload.c
677 677
    for (i = 0 ; i < MAX_ARG_PAGES ; i++) {
678 678
	if (bprm->page[i]) {
679 679
	    info->rss++;
680

  
680
            /* FIXME - check return value of memcpy_to_target() for failure */
681 681
	    memcpy_to_target(stack_base, bprm->page[i], TARGET_PAGE_SIZE);
682 682
	    free(bprm->page[i]);
683 683
	}
......
760 760
            size_t len = strlen(k_platform) + 1;
761 761
            sp -= (len + n - 1) & ~(n - 1);
762 762
            u_platform = sp;
763
            /* FIXME - check return value of memcpy_to_target() for failure */
763 764
            memcpy_to_target(sp, k_platform, len);
764 765
        }
765 766
	/*
b/linux-user/flatload.c
108 108
    void *buf;
109 109
    int ret;
110 110

  
111
    buf = lock_user(ptr, len, 0);
111
    buf = lock_user(VERIFY_WRITE, ptr, len, 0);
112 112
    ret = pread(fd, buf, len, offset);
113 113
    unlock_user(buf, ptr, len);
114 114
    return ret;
b/linux-user/linuxload.c
13 13
#define NGROUPS 32
14 14

  
15 15
/* ??? This should really be somewhere else.  */
16
void memcpy_to_target(abi_ulong dest, const void *src,
17
                      unsigned long len)
16
abi_long memcpy_to_target(abi_ulong dest, const void *src,
17
                          unsigned long len)
18 18
{
19 19
    void *host_ptr;
20 20

  
21
    host_ptr = lock_user(dest, len, 0);
21
    host_ptr = lock_user(VERIFY_WRITE, dest, len, 0);
22
    if (!host_ptr)
23
        return -TARGET_EFAULT;
22 24
    memcpy(host_ptr, src, len);
23 25
    unlock_user(host_ptr, dest, 1);
26
    return 0;
24 27
}
25 28

  
26 29
static int in_group_p(gid_t g)
b/linux-user/qemu.h
146 146
                          struct image_info *info);
147 147
#endif
148 148

  
149
void memcpy_to_target(abi_ulong dest, const void *src,
150
                      unsigned long len);
149
abi_long memcpy_to_target(abi_ulong dest, const void *src,
150
                          unsigned long len);
151 151
void target_set_brk(abi_ulong new_brk);
152 152
abi_long do_brk(abi_ulong new_brk);
153 153
void syscall_init(void);
......
179 179
void target_to_host_siginfo(siginfo_t *info, const target_siginfo_t *tinfo);
180 180
long do_sigreturn(CPUState *env);
181 181
long do_rt_sigreturn(CPUState *env);
182
int do_sigaltstack(const struct target_sigaltstack *uss,
183
                   struct target_sigaltstack *uoss,
184
                   abi_ulong sp);
182
abi_long do_sigaltstack(abi_ulong uss_addr, abi_ulong uoss_addr, abi_ulong sp);
185 183

  
186 184
#ifdef TARGET_I386
187 185
/* vm86.c */
......
207 205
/* user access */
208 206

  
209 207
#define VERIFY_READ 0
210
#define VERIFY_WRITE 1
208
#define VERIFY_WRITE 1 /* implies read access */
211 209

  
212 210
#define access_ok(type,addr,size) \
213 211
    (page_check_range((target_ulong)addr,size,(type==VERIFY_READ)?PAGE_READ:PAGE_WRITE)==0)
214 212

  
215 213
/* NOTE __get_user and __put_user use host pointers and don't check access. */
214
/* These are usually used to access struct data members once the
215
 * struct has been locked - usually with lock_user_struct().
216
 */
216 217
#define __put_user(x, hptr)\
217 218
({\
218 219
    int size = sizeof(*hptr);\
......
257 258
    0;\
258 259
})
259 260

  
260
#define put_user(x,ptr)\
261
({\
262
    int __ret;\
263
    if (access_ok(VERIFY_WRITE, ptr, sizeof(*ptr)))\
264
        __ret = __put_user(x, ptr);\
265
    else\
266
        __ret = -EFAULT;\
267
    __ret;\
261
/* put_user()/get_user() take a guest address and check access */
262
/* These are usually used to access an atomic data type, such as an int,
263
 * that has been passed by address.  These internally perform locking
264
 * and unlocking on the data type.
265
 */
266
#define put_user(x, gaddr, target_type)					\
267
({									\
268
    abi_ulong __gaddr = (gaddr);					\
269
    target_type *__hptr;						\
270
    abi_long __ret;							\
271
    if ((__hptr = lock_user(VERIFY_WRITE, __gaddr, sizeof(target_type), 0))) { \
272
        __ret = __put_user((x), __hptr);				\
273
        unlock_user(__hptr, __gaddr, sizeof(target_type));		\
274
    } else								\
275
        __ret = -TARGET_EFAULT;						\
276
    __ret;								\
268 277
})
269 278

  
270
#define get_user(x,ptr)\
271
({\
272
    int __ret;\
273
    if (access_ok(VERIFY_READ, ptr, sizeof(*ptr)))\
274
        __ret = __get_user(x, ptr);\
275
    else\
276
        __ret = -EFAULT;\
277
    __ret;\
279
#define get_user(x, gaddr, target_type)					\
280
({									\
281
    abi_ulong __gaddr = (gaddr);					\
282
    target_type *__hptr;						\
283
    abi_long __ret;							\
284
    if ((__hptr = lock_user(VERIFY_READ, __gaddr, sizeof(target_type), 1))) { \
285
        __ret = __get_user((x), __hptr);				\
286
        unlock_user(__hptr, __gaddr, 0);				\
287
    } else								\
288
        __ret = -TARGET_EFAULT;						\
289
    __ret;								\
278 290
})
279 291

  
292
/* copy_from_user() and copy_to_user() are usually used to copy data
293
 * buffers between the target and host.  These internally perform
294
 * locking/unlocking of the memory.
295
 */
296
abi_long copy_from_user(void *hptr, abi_ulong gaddr, size_t len);
297
abi_long copy_to_user(abi_ulong gaddr, void *hptr, size_t len);
298

  
280 299
/* Functions for accessing guest memory.  The tget and tput functions
281 300
   read/write single values, byteswapping as neccessary.  The lock_user
282 301
   gets a pointer to a contiguous area of guest memory, but does not perform
......
285 304

  
286 305
/* Lock an area of guest memory into the host.  If copy is true then the
287 306
   host area will have the same contents as the guest.  */
288
static inline void *lock_user(abi_ulong guest_addr, long len, int copy)
307
static inline void *lock_user(int type, abi_ulong guest_addr, long len, int copy)
289 308
{
309
    if (!access_ok(type, guest_addr, len))
310
        return NULL;
290 311
#ifdef DEBUG_REMAP
291
    void *addr;
292
    addr = malloc(len);
293
    if (copy)
294
        memcpy(addr, g2h(guest_addr), len);
295
    else
296
        memset(addr, 0, len);
297
    return addr;
312
    {
313
        void *addr;
314
        addr = malloc(len);
315
        if (copy)
316
            memcpy(addr, g2h(guest_addr), len);
317
        else
318
            memset(addr, 0, len);
319
        return addr;
320
    }
298 321
#else
299 322
    return g2h(guest_addr);
300 323
#endif
301 324
}
302 325

  
303
/* Unlock an area of guest memory.  The first LEN bytes must be flushed back
304
   to guest memory.  */
305
static inline void unlock_user(void *host_addr, abi_ulong guest_addr,
326
/* Unlock an area of guest memory.  The first LEN bytes must be
327
   flushed back to guest memory. host_ptr = NULL is explicitely
328
   allowed and does nothing. */
329
static inline void unlock_user(void *host_ptr, abi_ulong guest_addr,
306 330
                               long len)
307 331
{
332

  
308 333
#ifdef DEBUG_REMAP
309
    if (host_addr == g2h(guest_addr))
334
    if (!host_ptr)
335
        return;
336
    if (host_ptr == g2h(guest_addr))
310 337
        return;
311 338
    if (len > 0)
312
        memcpy(g2h(guest_addr), host_addr, len);
313
    free(host_addr);
339
        memcpy(g2h(guest_ptr), host_ptr, len);
340
    free(host_ptr);
314 341
#endif
315 342
}
316 343

  
317
/* Return the length of a string in target memory.  */
318
static inline int target_strlen(abi_ulong ptr)
319
{
320
  return strlen(g2h(ptr));
321
}
344
/* Return the length of a string in target memory or -TARGET_EFAULT if
345
   access error. */
346
abi_long target_strlen(abi_ulong gaddr);
322 347

  
323 348
/* Like lock_user but for null terminated strings.  */
324 349
static inline void *lock_user_string(abi_ulong guest_addr)
325 350
{
326
    long len;
327
    len = target_strlen(guest_addr) + 1;
328
    return lock_user(guest_addr, len, 1);
351
    abi_long len;
352
    len = target_strlen(guest_addr);
353
    if (len < 0)
354
        return NULL;
355
    return lock_user(VERIFY_READ, guest_addr, (long)(len + 1), 1);
329 356
}
330 357

  
331 358
/* Helper macros for locking/ulocking a target struct.  */
332
#define lock_user_struct(host_ptr, guest_addr, copy) \
333
    host_ptr = lock_user(guest_addr, sizeof(*host_ptr), copy)
334
#define unlock_user_struct(host_ptr, guest_addr, copy) \
359
#define lock_user_struct(type, host_ptr, guest_addr, copy)	\
360
    (host_ptr = lock_user(type, guest_addr, sizeof(*host_ptr), copy))
361
#define unlock_user_struct(host_ptr, guest_addr, copy)		\
335 362
    unlock_user(host_ptr, guest_addr, (copy) ? sizeof(*host_ptr) : 0)
336 363

  
337 364
#define tget8(addr) ldub(addr)
b/linux-user/signal.c
435 435
}
436 436

  
437 437
/* do_sigaltstack() returns target values and errnos. */
438
int do_sigaltstack(const struct target_sigaltstack *uss,
439
                   struct target_sigaltstack *uoss,
440
                   abi_ulong sp)
438
/* compare linux/kernel/signal.c:do_sigaltstack() */
439
abi_long do_sigaltstack(abi_ulong uss_addr, abi_ulong uoss_addr, abi_ulong sp)
441 440
{
442 441
    int ret;
443 442
    struct target_sigaltstack oss;
444 443

  
445 444
    /* XXX: test errors */
446
    if(uoss)
445
    if(uoss_addr)
447 446
    {
448 447
        __put_user(target_sigaltstack_used.ss_sp, &oss.ss_sp);
449 448
        __put_user(target_sigaltstack_used.ss_size, &oss.ss_size);
450 449
        __put_user(sas_ss_flags(sp), &oss.ss_flags);
451 450
    }
452 451

  
453
    if(uss)
452
    if(uss_addr)
454 453
    {
455
	struct target_sigaltstack ss;
454
        struct target_sigaltstack *uss;
455
        struct target_sigaltstack ss;
456 456

  
457 457
	ret = -TARGET_EFAULT;
458
	if (!access_ok(VERIFY_READ, uss, sizeof(*uss))
458
        if (!lock_user_struct(VERIFY_READ, uss, uss_addr, 1)
459 459
	    || __get_user(ss.ss_sp, &uss->ss_sp)
460 460
	    || __get_user(ss.ss_size, &uss->ss_size)
461 461
	    || __get_user(ss.ss_flags, &uss->ss_flags))
462 462
            goto out;
463
        unlock_user_struct(uss, uss_addr, 0);
463 464

  
464 465
	ret = -TARGET_EPERM;
465 466
	if (on_sig_stack(sp))
......
484 485
        target_sigaltstack_used.ss_size = ss.ss_size;
485 486
    }
486 487

  
487
    if (uoss) {
488
    if (uoss_addr) {
488 489
        ret = -TARGET_EFAULT;
489
        if (!access_ok(VERIFY_WRITE, uoss, sizeof(oss)))
490
        if (copy_to_user(uoss_addr, &oss, sizeof(oss)))
490 491
            goto out;
491
        memcpy(uoss, &oss, sizeof(oss));
492 492
    }
493 493

  
494 494
    ret = 0;
......
671 671
{
672 672
	int err = 0;
673 673

  
674
	/* already locked in setup_frame() */
674 675
	err |= __put_user(env->segs[R_GS].selector, (unsigned int *)&sc->gs);
675 676
	err |= __put_user(env->segs[R_FS].selector, (unsigned int *)&sc->fs);
676 677
	err |= __put_user(env->segs[R_ES].selector, (unsigned int *)&sc->es);
......
706 707
 * Determine which stack to use..
707 708
 */
708 709

  
709
static inline void *
710
static inline abi_ulong
710 711
get_sigframe(struct emulated_sigaction *ka, CPUX86State *env, size_t frame_size)
711 712
{
712 713
	unsigned long esp;
......
726 727
            ka->sa.sa_restorer) {
727 728
            esp = (unsigned long) ka->sa.sa_restorer;
728 729
	}
729
        return g2h((esp - frame_size) & -8ul);
730
        return (esp - frame_size) & -8ul;
730 731
}
731 732

  
733
/* compare linux/arch/i386/kernel/signal.c:setup_frame() */
732 734
static void setup_frame(int sig, struct emulated_sigaction *ka,
733 735
			target_sigset_t *set, CPUX86State *env)
734 736
{
737
	abi_ulong frame_addr;
735 738
	struct sigframe *frame;
736 739
	int i, err = 0;
737 740

  
738
	frame = get_sigframe(ka, env, sizeof(*frame));
741
	frame_addr = get_sigframe(ka, env, sizeof(*frame));
739 742

  
740
	if (!access_ok(VERIFY_WRITE, frame, sizeof(*frame)))
743
	if (!lock_user_struct(VERIFY_WRITE, frame, frame_addr, 0))
741 744
		goto give_sigsegv;
745

  
742 746
	err |= __put_user((/*current->exec_domain
743 747
		           && current->exec_domain->signal_invmap
744 748
		           && sig < 32
......
786 790
        cpu_x86_load_seg(env, R_CS, __USER_CS);
787 791
	env->eflags &= ~TF_MASK;
788 792

  
793
	unlock_user_struct(frame, frame_addr, 1);
794

  
789 795
	return;
790 796

  
791 797
give_sigsegv:
798
	unlock_user_struct(frame, frame_addr, 1);
792 799
	if (sig == TARGET_SIGSEGV)
793 800
		ka->sa._sa_handler = TARGET_SIG_DFL;
794 801
	force_sig(TARGET_SIGSEGV /* , current */);
795 802
}
796 803

  
804
/* compare linux/arch/i386/kernel/signal.c:setup_rt_frame() */
797 805
static void setup_rt_frame(int sig, struct emulated_sigaction *ka,
798 806
                           target_siginfo_t *info,
799 807
			   target_sigset_t *set, CPUX86State *env)
800 808
{
809
	abi_ulong frame_addr;
801 810
	struct rt_sigframe *frame;
802 811
	int i, err = 0;
803 812

  
804
	frame = get_sigframe(ka, env, sizeof(*frame));
813
	frame_addr = get_sigframe(ka, env, sizeof(*frame));
805 814

  
806
	if (!access_ok(VERIFY_WRITE, frame, sizeof(*frame)))
815
	if (!lock_user_struct(VERIFY_WRITE, frame, frame_addr, 0))
807 816
		goto give_sigsegv;
808 817

  
809 818
	err |= __put_user((/*current->exec_domain
......
859 868
        cpu_x86_load_seg(env, R_CS, __USER_CS);
860 869
	env->eflags &= ~TF_MASK;
861 870

  
871
	unlock_user_struct(frame, frame_addr, 1);
872

  
862 873
	return;
863 874

  
864 875
give_sigsegv:
876
	unlock_user_struct(frame, frame_addr, 1);
865 877
	if (sig == TARGET_SIGSEGV)
866 878
		ka->sa._sa_handler = TARGET_SIG_DFL;
867 879
	force_sig(TARGET_SIGSEGV /* , current */);
......
918 930

  
919 931
long do_sigreturn(CPUX86State *env)
920 932
{
921
    struct sigframe *frame = (struct sigframe *)g2h(env->regs[R_ESP] - 8);
933
    struct sigframe *frame;
934
    abi_ulong frame_addr = env->regs[R_ESP] - 8;
922 935
    target_sigset_t target_set;
923 936
    sigset_t set;
924 937
    int eax, i;
......
926 939
#if defined(DEBUG_SIGNAL)
927 940
    fprintf(stderr, "do_sigreturn\n");
928 941
#endif
942
    if (!lock_user_struct(VERIFY_READ, frame, frame_addr, 1))
943
        goto badframe;
929 944
    /* set blocked signals */
930 945
    if (__get_user(target_set.sig[0], &frame->sc.oldmask))
931 946
        goto badframe;
......
940 955
    /* restore registers */
941 956
    if (restore_sigcontext(env, &frame->sc, &eax))
942 957
        goto badframe;
958
    unlock_user_struct(frame, frame_addr, 0);
943 959
    return eax;
944 960

  
945 961
badframe:
962
    unlock_user_struct(frame, frame_addr, 0);
946 963
    force_sig(TARGET_SIGSEGV);
947 964
    return 0;
948 965
}
......
963 980
	if (restore_sigcontext(env, &frame->uc.tuc_mcontext, &eax))
964 981
		goto badframe;
965 982

  
966
	if (do_sigaltstack(&frame->uc.tuc_stack, NULL, get_sp_from_cpustate(env)) == -EFAULT)
983
	if (do_sigaltstack(h2g(&frame->uc.tuc_stack), 0, get_sp_from_cpustate(env)) == -EFAULT)
967 984
		goto badframe;
968 985

  
969 986
	return eax;
......
1086 1103
	return err;
1087 1104
}
1088 1105

  
1089
static inline void *
1106
static inline abi_ulong
1090 1107
get_sigframe(struct emulated_sigaction *ka, CPUState *regs, int framesize)
1091 1108
{
1092 1109
	unsigned long sp = regs->regs[13];
......
1099 1116
	/*
1100 1117
	 * ATPCS B01 mandates 8-byte alignment
1101 1118
	 */
1102
	return g2h((sp - framesize) & ~7);
1119
	return (sp - framesize) & ~7;
1103 1120
}
1104 1121

  
1105 1122
static int
......
1167 1184
	return 0;
1168 1185
}
1169 1186

  
1187
/* compare linux/arch/arm/kernel/signal.c:setup_frame() */
1170 1188
static void setup_frame(int usig, struct emulated_sigaction *ka,
1171 1189
			target_sigset_t *set, CPUState *regs)
1172 1190
{
1173
	struct sigframe *frame = get_sigframe(ka, regs, sizeof(*frame));
1191
	struct sigframe *frame;
1192
	abi_ulong frame_addr = get_sigframe(ka, regs, sizeof(*frame));
1174 1193
	int i, err = 0;
1175 1194

  
1195
	if (!lock_user_struct(VERIFY_WRITE, frame, frame_addr, 0))
1196
		return;
1197

  
1176 1198
	err |= setup_sigcontext(&frame->sc, /*&frame->fpstate,*/ regs, set->sig[0]);
1177 1199

  
1178 1200
        for(i = 1; i < TARGET_NSIG_WORDS; i++) {
1179 1201
            if (__put_user(set->sig[i], &frame->extramask[i - 1]))
1180
                return;
1202
                goto end;
1181 1203
	}
1182 1204

  
1183 1205
	if (err == 0)
1184 1206
            err = setup_return(regs, ka, &frame->retcode, frame, usig);
1207

  
1208
end:
1209
	unlock_user_struct(frame, frame_addr, 1);
1185 1210
        //	return err;
1186 1211
}
1187 1212

  
1213
/* compare linux/arch/arm/kernel/signal.c:setup_rt_frame() */
1188 1214
static void setup_rt_frame(int usig, struct emulated_sigaction *ka,
1189 1215
                           target_siginfo_t *info,
1190 1216
			   target_sigset_t *set, CPUState *env)
1191 1217
{
1192
	struct rt_sigframe *frame = get_sigframe(ka, env, sizeof(*frame));
1218
	struct rt_sigframe *frame;
1219
	abi_ulong frame_addr = get_sigframe(ka, env, sizeof(*frame));
1193 1220
	struct target_sigaltstack stack;
1194 1221
	int i, err = 0;
1195 1222

  
1196
	if (!access_ok(VERIFY_WRITE, frame, sizeof (*frame)))
1223
	if (!lock_user_struct(VERIFY_WRITE, frame, frame_addr, 0))
1197 1224
            return /* 1 */;
1198 1225

  
1199 1226
	__put_user_error(&frame->info, (abi_ulong *)&frame->pinfo, err);
......
1207 1234
        __put_user(target_sigaltstack_used.ss_sp, &stack.ss_sp);
1208 1235
        __put_user(target_sigaltstack_used.ss_size, &stack.ss_size);
1209 1236
        __put_user(sas_ss_flags(get_sp_from_cpustate(env)), &stack.ss_flags);
1210
        if (!access_ok(VERIFY_WRITE, &frame->uc.tuc_stack, sizeof(stack)))
1211
            err = 1;
1212
        else
1213
            memcpy(&frame->uc.tuc_stack, &stack, sizeof(stack));
1237
        err |= copy_to_user(&frame->uc.tuc_stack, &stack, sizeof(stack));
1214 1238

  
1215 1239
	err |= setup_sigcontext(&frame->uc.tuc_mcontext, /*&frame->fpstate,*/
1216 1240
				env, set->sig[0]);
1217 1241
        for(i = 0; i < TARGET_NSIG_WORDS; i++) {
1218 1242
            if (__put_user(set->sig[i], &frame->uc.tuc_sigmask.sig[i]))
1219
                return;
1243
                goto end;
1220 1244
        }
1221 1245

  
1222 1246
	if (err == 0)
......
1232 1256
            env->regs[2] = (abi_ulong)frame->puc;
1233 1257
	}
1234 1258

  
1259
end:
1260
	unlock_user_struct(frame, frame_addr, 1);
1261

  
1235 1262
        //	return err;
1236 1263
}
1237 1264

  
......
1338 1365
	if (restore_sigcontext(env, &frame->uc.tuc_mcontext))
1339 1366
		goto badframe;
1340 1367

  
1341
	if (do_sigaltstack(&frame->uc.tuc_stack, NULL, get_sp_from_cpustate(env)) == -EFAULT)
1368
	if (do_sigaltstack(h2g(&frame->uc.tuc_stack), 0, get_sp_from_cpustate(env)) == -EFAULT)
1342 1369
		goto badframe;
1343 1370

  
1344 1371
#if 0
......
1788 1815
    abi_ulong *src, *dst;
1789 1816

  
1790 1817
    grp  = &ucp->uc_mcontext.mc_gregs;
1791
    err  = get_user(pc, &((*grp)[MC_PC]));
1792
    err |= get_user(npc, &((*grp)[MC_NPC]));
1818
    err  = __get_user(pc, &((*grp)[MC_PC]));
1819
    err |= __get_user(npc, &((*grp)[MC_NPC]));
1793 1820
    if (err || ((pc | npc) & 3))
1794 1821
        goto do_sigsegv;
1795 1822
    if (env->regwptr[UREG_I1]) {
......
1797 1824
        sigset_t set;
1798 1825

  
1799 1826
        if (TARGET_NSIG_WORDS == 1) {
1800
            if (get_user(target_set.sig[0], &ucp->uc_sigmask.sig[0]))
1827
            if (__get_user(target_set.sig[0], &ucp->uc_sigmask.sig[0]))
1801 1828
                goto do_sigsegv;
1802 1829
        } else {
1803 1830
            src = &ucp->uc_sigmask;
1804 1831
            dst = &target_set;
1805 1832
            for (i = 0; i < sizeof(target_sigset_t) / sizeof(abi_ulong);
1806 1833
                 i++, dst++, src++)
1807
                err |= get_user(dst, src);
1834
                err |= __get_user(dst, src);
1808 1835
            if (err)
1809 1836
                goto do_sigsegv;
1810 1837
        }
......
1813 1840
    }
1814 1841
    env->pc = pc;
1815 1842
    env->npc = npc;
1816
    err |= get_user(env->y, &((*grp)[MC_Y]));
1817
    err |= get_user(tstate, &((*grp)[MC_TSTATE]));
1843
    err |= __get_user(env->y, &((*grp)[MC_Y]));
1844
    err |= __get_user(tstate, &((*grp)[MC_TSTATE]));
1818 1845
    env->asi = (tstate >> 24) & 0xff;
1819 1846
    PUT_CCR(env, tstate >> 32);
1820 1847
    PUT_CWP64(env, tstate & 0x1f);
1821
    err |= get_user(env->gregs[1], (&(*grp)[MC_G1]));
1822
    err |= get_user(env->gregs[2], (&(*grp)[MC_G2]));
1823
    err |= get_user(env->gregs[3], (&(*grp)[MC_G3]));
1824
    err |= get_user(env->gregs[4], (&(*grp)[MC_G4]));
1825
    err |= get_user(env->gregs[5], (&(*grp)[MC_G5]));
1826
    err |= get_user(env->gregs[6], (&(*grp)[MC_G6]));
1827
    err |= get_user(env->gregs[7], (&(*grp)[MC_G7]));
1828
    err |= get_user(env->regwptr[UREG_I0], (&(*grp)[MC_O0]));
1829
    err |= get_user(env->regwptr[UREG_I1], (&(*grp)[MC_O1]));
1830
    err |= get_user(env->regwptr[UREG_I2], (&(*grp)[MC_O2]));
1831
    err |= get_user(env->regwptr[UREG_I3], (&(*grp)[MC_O3]));
1832
    err |= get_user(env->regwptr[UREG_I4], (&(*grp)[MC_O4]));
1833
    err |= get_user(env->regwptr[UREG_I5], (&(*grp)[MC_O5]));
1834
    err |= get_user(env->regwptr[UREG_I6], (&(*grp)[MC_O6]));
1835
    err |= get_user(env->regwptr[UREG_I7], (&(*grp)[MC_O7]));
1836

  
1837
    err |= get_user(fp, &(ucp->uc_mcontext.mc_fp));
1838
    err |= get_user(i7, &(ucp->uc_mcontext.mc_i7));
1839
    err |= put_user(fp,
1840
                    (&(((struct target_reg_window *)(TARGET_STACK_BIAS+env->regwptr[UREG_I6]))->ins[6])));
1841
    err |= put_user(i7,
1842
                    (&(((struct target_reg_window *)(TARGET_STACK_BIAS+env->regwptr[UREG_I6]))->ins[7])));
1843

  
1844
    err |= get_user(fenab, &(ucp->uc_mcontext.mc_fpregs.mcfpu_enab));
1845
    err |= get_user(env->fprs, &(ucp->uc_mcontext.mc_fpregs.mcfpu_fprs));
1848
    err |= __get_user(env->gregs[1], (&(*grp)[MC_G1]));
1849
    err |= __get_user(env->gregs[2], (&(*grp)[MC_G2]));
1850
    err |= __get_user(env->gregs[3], (&(*grp)[MC_G3]));
1851
    err |= __get_user(env->gregs[4], (&(*grp)[MC_G4]));
1852
    err |= __get_user(env->gregs[5], (&(*grp)[MC_G5]));
1853
    err |= __get_user(env->gregs[6], (&(*grp)[MC_G6]));
1854
    err |= __get_user(env->gregs[7], (&(*grp)[MC_G7]));
1855
    err |= __get_user(env->regwptr[UREG_I0], (&(*grp)[MC_O0]));
1856
    err |= __get_user(env->regwptr[UREG_I1], (&(*grp)[MC_O1]));
1857
    err |= __get_user(env->regwptr[UREG_I2], (&(*grp)[MC_O2]));
1858
    err |= __get_user(env->regwptr[UREG_I3], (&(*grp)[MC_O3]));
1859
    err |= __get_user(env->regwptr[UREG_I4], (&(*grp)[MC_O4]));
1860
    err |= __get_user(env->regwptr[UREG_I5], (&(*grp)[MC_O5]));
1861
    err |= __get_user(env->regwptr[UREG_I6], (&(*grp)[MC_O6]));
1862
    err |= __get_user(env->regwptr[UREG_I7], (&(*grp)[MC_O7]));
1863

  
1864
    err |= __get_user(fp, &(ucp->uc_mcontext.mc_fp));
1865
    err |= __get_user(i7, &(ucp->uc_mcontext.mc_i7));
1866
    err |= __put_user(fp,
1867
                      (&(((struct target_reg_window *)(TARGET_STACK_BIAS+env->regwptr[UREG_I6]))->ins[6])));
1868
    err |= __put_user(i7,
1869
                      (&(((struct target_reg_window *)(TARGET_STACK_BIAS+env->regwptr[UREG_I6]))->ins[7])));
1870

  
1871
    err |= __get_user(fenab, &(ucp->uc_mcontext.mc_fpregs.mcfpu_enab));
1872
    err |= __get_user(env->fprs, &(ucp->uc_mcontext.mc_fpregs.mcfpu_fprs));
1846 1873
    src = &(ucp->uc_mcontext.mc_fpregs.mcfpu_fregs);
1847 1874
    dst = &env->fpr;
1848 1875
    for (i = 0; i < 64; i++, dst++, src++)
1849
        err |= get_user(dst, src);
1850
    err |= get_user(env->fsr,
1851
                    &(ucp->uc_mcontext.mc_fpregs.mcfpu_fsr));
1852
    err |= get_user(env->gsr,
1853
                    &(ucp->uc_mcontext.mc_fpregs.mcfpu_gsr));
1876
        err |= __get_user(dst, src);
1877
    err |= __get_user(env->fsr,
1878
                      &(ucp->uc_mcontext.mc_fpregs.mcfpu_fsr));
1879
    err |= __get_user(env->gsr,
1880
                      &(ucp->uc_mcontext.mc_fpregs.mcfpu_gsr));
1854 1881
    if (err)
1855 1882
        goto do_sigsegv;
1856 1883

  
......
1884 1911
    sigprocmask(0, NULL, &set);
1885 1912
    host_to_target_sigset_internal(&target_set, &set);
1886 1913
    if (TARGET_NSIG_WORDS == 1)
1887
        err |= put_user(target_set.sig[0],
1888
                        (abi_ulong *)&ucp->uc_sigmask);
1914
        err |= __put_user(target_set.sig[0],
1915
                          (abi_ulong *)&ucp->uc_sigmask);
1889 1916
    else {
1890 1917
        src = &target_set;
1891 1918
        dst = &ucp->uc_sigmask;
1892 1919
        for (i = 0; i < sizeof(target_sigset_t) / sizeof(abi_ulong);
1893 1920
             i++, dst++, src++)
1894
            err |= put_user(src, dst);
1921
            err |= __put_user(src, dst);
1895 1922
        if (err)
1896 1923
            goto do_sigsegv;
1897 1924
    }
1898 1925

  
1899
    err |= put_user(env->tstate, &((*grp)[MC_TSTATE]));
1900
    err |= put_user(env->pc, &((*grp)[MC_PC]));
1901
    err |= put_user(env->npc, &((*grp)[MC_NPC]));
1902
    err |= put_user(env->y, &((*grp)[MC_Y]));
1903
    err |= put_user(env->gregs[1], &((*grp)[MC_G1]));
1904
    err |= put_user(env->gregs[2], &((*grp)[MC_G2]));
1905
    err |= put_user(env->gregs[3], &((*grp)[MC_G3]));
1906
    err |= put_user(env->gregs[4], &((*grp)[MC_G4]));
1907
    err |= put_user(env->gregs[5], &((*grp)[MC_G5]));
1908
    err |= put_user(env->gregs[6], &((*grp)[MC_G6]));
1909
    err |= put_user(env->gregs[7], &((*grp)[MC_G7]));
1910
    err |= put_user(env->regwptr[UREG_I0], &((*grp)[MC_O0]));
1911
    err |= put_user(env->regwptr[UREG_I1], &((*grp)[MC_O1]));
1912
    err |= put_user(env->regwptr[UREG_I2], &((*grp)[MC_O2]));
1913
    err |= put_user(env->regwptr[UREG_I3], &((*grp)[MC_O3]));
1914
    err |= put_user(env->regwptr[UREG_I4], &((*grp)[MC_O4]));
1915
    err |= put_user(env->regwptr[UREG_I5], &((*grp)[MC_O5]));
1916
    err |= put_user(env->regwptr[UREG_I6], &((*grp)[MC_O6]));
1917
    err |= put_user(env->regwptr[UREG_I7], &((*grp)[MC_O7]));
1918

  
1919
    err |= get_user(fp,
1920
                    (&(((struct target_reg_window *)(TARGET_STACK_BIAS+env->regwptr[UREG_I6]))->ins[6])));
1921
    err |= get_user(i7,
1922
                    (&(((struct target_reg_window *)(TARGET_STACK_BIAS+env->regwptr[UREG_I6]))->ins[7])));
1923
    err |= put_user(fp, &(mcp->mc_fp));
1924
    err |= put_user(i7, &(mcp->mc_i7));
1926
    err |= __put_user(env->tstate, &((*grp)[MC_TSTATE]));
1927
    err |= __put_user(env->pc, &((*grp)[MC_PC]));
1928
    err |= __put_user(env->npc, &((*grp)[MC_NPC]));
1929
    err |= __put_user(env->y, &((*grp)[MC_Y]));
1930
    err |= __put_user(env->gregs[1], &((*grp)[MC_G1]));
1931
    err |= __put_user(env->gregs[2], &((*grp)[MC_G2]));
1932
    err |= __put_user(env->gregs[3], &((*grp)[MC_G3]));
1933
    err |= __put_user(env->gregs[4], &((*grp)[MC_G4]));
1934
    err |= __put_user(env->gregs[5], &((*grp)[MC_G5]));
1935
    err |= __put_user(env->gregs[6], &((*grp)[MC_G6]));
1936
    err |= __put_user(env->gregs[7], &((*grp)[MC_G7]));
1937
    err |= __put_user(env->regwptr[UREG_I0], &((*grp)[MC_O0]));
1938
    err |= __put_user(env->regwptr[UREG_I1], &((*grp)[MC_O1]));
1939
    err |= __put_user(env->regwptr[UREG_I2], &((*grp)[MC_O2]));
1940
    err |= __put_user(env->regwptr[UREG_I3], &((*grp)[MC_O3]));
1941
    err |= __put_user(env->regwptr[UREG_I4], &((*grp)[MC_O4]));
1942
    err |= __put_user(env->regwptr[UREG_I5], &((*grp)[MC_O5]));
1943
    err |= __put_user(env->regwptr[UREG_I6], &((*grp)[MC_O6]));
1944
    err |= __put_user(env->regwptr[UREG_I7], &((*grp)[MC_O7]));
1945

  
1946
    err |= __get_user(fp,
1947
                      (&(((struct target_reg_window *)(TARGET_STACK_BIAS+env->regwptr[UREG_I6]))->ins[6])));
1948
    err |= __get_user(i7,
1949
                      (&(((struct target_reg_window *)(TARGET_STACK_BIAS+env->regwptr[UREG_I6]))->ins[7])));
1950
    err |= __put_user(fp, &(mcp->mc_fp));
1951
    err |= __put_user(i7, &(mcp->mc_i7));
1925 1952

  
1926 1953
    src = &env->fpr;
1927 1954
    dst = &(ucp->uc_mcontext.mc_fpregs.mcfpu_fregs);
1928 1955
    for (i = 0; i < 64; i++, dst++, src++)
1929
        err |= put_user(src, dst);
1930
    err |= put_user(env->fsr, &(mcp->mc_fpregs.mcfpu_fsr));
1931
    err |= put_user(env->gsr, &(mcp->mc_fpregs.mcfpu_gsr));
1932
    err |= put_user(env->fprs, &(mcp->mc_fpregs.mcfpu_fprs));
1956
        err |= __put_user(src, dst);
1957
    err |= __put_user(env->fsr, &(mcp->mc_fpregs.mcfpu_fsr));
1958
    err |= __put_user(env->gsr, &(mcp->mc_fpregs.mcfpu_gsr));
1959
    err |= __put_user(env->fprs, &(mcp->mc_fpregs.mcfpu_fprs));
1933 1960

  
1934 1961
    if (err)
1935 1962
        goto do_sigsegv;
......
2191 2218
/*
2192 2219
 * Determine which stack to use..
2193 2220
 */
2194
static inline void *
2221
static inline abi_ulong
2195 2222
get_sigframe(struct emulated_sigaction *ka, CPUState *regs, size_t frame_size)
2196 2223
{
2197 2224
    unsigned long sp;
......
2211 2238
        sp = target_sigaltstack_used.ss_sp + target_sigaltstack_used.ss_size;
2212 2239
    }
2213 2240

  
2214
    return g2h((sp - frame_size) & ~7);
2241
    return (sp - frame_size) & ~7;
2215 2242
}
2216 2243

  
2244
/* compare linux/arch/mips/kernel/signal.c:setup_frame() */
2217 2245
static void setup_frame(int sig, struct emulated_sigaction * ka,
2218
   		target_sigset_t *set, CPUState *regs)
2246
                        target_sigset_t *set, CPUState *regs)
2219 2247
{
2220 2248
    struct sigframe *frame;
2249
    abi_ulong frame_addr;
2221 2250
    int i;
2222 2251

  
2223
    frame = get_sigframe(ka, regs, sizeof(*frame));
2224
    if (!access_ok(VERIFY_WRITE, frame, sizeof (*frame)))
2252
    frame_addr = get_sigframe(ka, regs, sizeof(*frame));
2253
    if (!lock_user_struct(VERIFY_WRITE, frame, frame_addr, 0))
2225 2254
	goto give_sigsegv;
2226 2255

  
2227 2256
    install_sigtramp(frame->sf_code, TARGET_NR_sigreturn);
......
2253 2282
    * since it returns to userland using eret
2254 2283
    * we cannot do this here, and we must set PC directly */
2255 2284
    regs->PC[regs->current_tc] = regs->gpr[25][regs->current_tc] = ka->sa._sa_handler;
2285
    unlock_user_struct(frame, frame_addr, 1);
2256 2286
    return;
2257 2287

  
2258 2288
give_sigsegv:
2289
    unlock_user_struct(frame, frame_addr, 1);
2259 2290
    force_sig(TARGET_SIGSEGV/*, current*/);
2260 2291
    return;
2261 2292
}
......
2263 2294
long do_sigreturn(CPUState *regs)
2264 2295
{
2265 2296
    struct sigframe *frame;
2297
    abi_ulong frame_addr;
2266 2298
    sigset_t blocked;
2267 2299
    target_sigset_t target_set;
2268 2300
    int i;
......
2270 2302
#if defined(DEBUG_SIGNAL)
2271 2303
    fprintf(stderr, "do_sigreturn\n");
2272 2304
#endif
2273
    frame = (struct sigframe *) regs->gpr[29][regs->current_tc];
2274
    if (!access_ok(VERIFY_READ, frame, sizeof(*frame)))
2305
    frame_addr = regs->gpr[29][regs->current_tc];
2306
    if (!lock_user_struct(VERIFY_READ, frame, frame_addr, 1))
2275 2307
   	goto badframe;
2276 2308

  
2277 2309
    for(i = 0; i < TARGET_NSIG_WORDS; i++) {
b/linux-user/strace.c
81 81

  
82 82
    gemu_log("[");
83 83
    if( target_fds_addr ) {
84
        target_long *target_fds;
84
        abi_long *target_fds;
85 85

  
86
        if (!access_ok(VERIFY_READ, target_fds_addr, sizeof(*target_fds)*(n / TARGET_LONG_BITS + 1)))
86
        target_fds = lock_user(VERIFY_READ,
87
                               target_fds_addr,
88
                               sizeof(*target_fds)*(n / TARGET_ABI_BITS + 1),
89
                               1);
90

  
91
        if (!target_fds)
87 92
            return;
88 93

  
89
        target_fds = lock_user(target_fds_addr, sizeof(*target_fds)*(n / TARGET_LONG_BITS + 1), 1);
90 94
        for (i=n; i>=0; i--) {
91
            if ((tswapl(target_fds[i / TARGET_LONG_BITS]) >> (i & (TARGET_LONG_BITS - 1))) & 1)
95
            if ((tswapl(target_fds[i / TARGET_ABI_BITS]) >> (i & (TARGET_ABI_BITS - 1))) & 1)
92 96
                gemu_log("%d,", i );
93 97
            }
94 98
        unlock_user(target_fds, target_fds_addr, 0);
......
102 106
    if( tv_addr ) {
103 107
        struct target_timeval *tv;
104 108

  
105
	if (!access_ok(VERIFY_READ, tv_addr, sizeof(*tv)))
109
        tv = lock_user(VERIFY_READ, tv_addr, sizeof(*tv), 1);
110
        if (!tv)
106 111
            return;
107

  
108
	tv = lock_user(tv_addr, sizeof(*tv), 1);
109 112
        gemu_log("{" TARGET_ABI_FMT_ld "," TARGET_ABI_FMT_ld "}",
110 113
        	 tv->tv_sec, tv->tv_usec);
111 114
        unlock_user(tv, tv_addr, 0);
......
165 168
    target_ulong arg_ptr_addr;
166 169
    char *s;
167 170

  
168
    if (!access_ok(VERIFY_READ, arg1, 1))
171
    if (!(s = lock_user_string(arg1)))
169 172
        return;
170

  
171
    s = lock_user_string(arg1);
172 173
    gemu_log("%s(\"%s\",{", name->name, s);
173 174
    unlock_user(s, arg1, 0);
174 175

  
175 176
    for (arg_ptr_addr = arg2; ; arg_ptr_addr += sizeof(target_ulong)) {
176 177
        target_ulong *arg_ptr, arg_addr, s_addr;
177 178

  
178
        if (!access_ok(VERIFY_READ, arg_ptr_addr, sizeof(target_ulong)))
179
	arg_ptr = lock_user(VERIFY_READ, arg_ptr_addr, sizeof(target_ulong), 1);
180
        if (!arg_ptr)
179 181
            return;
180

  
181
	arg_ptr = lock_user(arg_ptr_addr, sizeof(target_ulong), 1);
182 182
	arg_addr = tswapl(*arg_ptr);
183 183
	unlock_user(arg_ptr, arg_ptr_addr, 0);
184 184
        if (!arg_addr)
185 185
            break;
186
        s = lock_user_string(arg_addr);
187
        gemu_log("\"%s\",", s);
188
        unlock_user(s, s_addr, 0);
186
        if ((s = lock_user_string(arg_addr))) {
187
            gemu_log("\"%s\",", s);
188
            unlock_user(s, s_addr, 0);
189
        }
189 190
    }
190 191

  
191 192
    gemu_log("NULL})");
b/linux-user/syscall.c
504 504
#endif
505 505
}
506 506

  
507
static inline void host_to_target_rusage(abi_ulong target_addr,
508
                                         const struct rusage *rusage)
507
static inline abi_long host_to_target_rusage(abi_ulong target_addr,
508
                                             const struct rusage *rusage)
509 509
{
510 510
    struct target_rusage *target_rusage;
511 511

  
512
    lock_user_struct(target_rusage, target_addr, 0);
512
    if (!lock_user_struct(VERIFY_WRITE, target_rusage, target_addr, 0))
513
        return -TARGET_EFAULT;
513 514
    target_rusage->ru_utime.tv_sec = tswapl(rusage->ru_utime.tv_sec);
514 515
    target_rusage->ru_utime.tv_usec = tswapl(rusage->ru_utime.tv_usec);
515 516
    target_rusage->ru_stime.tv_sec = tswapl(rusage->ru_stime.tv_sec);
......
529 530
    target_rusage->ru_nvcsw = tswapl(rusage->ru_nvcsw);
530 531
    target_rusage->ru_nivcsw = tswapl(rusage->ru_nivcsw);
531 532
    unlock_user_struct(target_rusage, target_addr, 1);
533

  
534
    return 0;
532 535
}
533 536

  
534
static inline void target_to_host_timeval(struct timeval *tv,
535
                                          abi_ulong target_addr)
537
static inline abi_long target_to_host_timeval(struct timeval *tv,
538
                                              abi_ulong target_addr)
536 539
{
537 540
    struct target_timeval *target_tv;
538 541

  
539
    lock_user_struct(target_tv, target_addr, 1);
542
    if (!lock_user_struct(VERIFY_READ, target_tv, target_addr, 1))
543
        return -TARGET_EFAULT;
540 544
    tv->tv_sec = tswapl(target_tv->tv_sec);
541 545
    tv->tv_usec = tswapl(target_tv->tv_usec);
542 546
    unlock_user_struct(target_tv, target_addr, 0);
547

  
548
    return 0;
543 549
}
544 550

  
545
static inline void host_to_target_timeval(abi_ulong target_addr,
546
                                          const struct timeval *tv)
551
static inline abi_long host_to_target_timeval(abi_ulong target_addr,
552
                                              const struct timeval *tv)
547 553
{
548 554
    struct target_timeval *target_tv;
549 555

  
550
    lock_user_struct(target_tv, target_addr, 0);
556
    if (!lock_user_struct(VERIFY_WRITE, target_tv, target_addr, 0))
557
        return -TARGET_EFAULT;
551 558
    target_tv->tv_sec = tswapl(tv->tv_sec);
552 559
    target_tv->tv_usec = tswapl(tv->tv_usec);
553 560
    unlock_user_struct(target_tv, target_addr, 1);
561

  
562
    return 0;
554 563
}
555 564

  
556 565

  
......
567 576
    int ok;
568 577

  
569 578
    if (rfd_p) {
570
        target_rfds = lock_user(rfd_p, sizeof(abi_long) * n, 1);
579
        target_rfds = lock_user(VERIFY_WRITE, rfd_p, sizeof(abi_long) * n, 1);
580
        if (!target_rfds) {
581
            ret = -TARGET_EFAULT;
582
            goto end;
583
        }
571 584
        rfds_ptr = target_to_host_fds(&rfds, target_rfds, n);
572 585
    } else {
573 586
        target_rfds = NULL;
574 587
        rfds_ptr = NULL;
575 588
    }
576 589
    if (wfd_p) {
577
        target_wfds = lock_user(wfd_p, sizeof(abi_long) * n, 1);
590
        target_wfds = lock_user(VERIFY_WRITE, wfd_p, sizeof(abi_long) * n, 1);
591
        if (!target_wfds) {
592
            ret = -TARGET_EFAULT;
593
            goto end;
594
        }
578 595
        wfds_ptr = target_to_host_fds(&wfds, target_wfds, n);
579 596
    } else {
580 597
        target_wfds = NULL;
581 598
        wfds_ptr = NULL;
582 599
    }
583 600
    if (efd_p) {
584
        target_efds = lock_user(efd_p, sizeof(abi_long) * n, 1);
601
        target_efds = lock_user(VERIFY_WRITE, efd_p, sizeof(abi_long) * n, 1);
602
        if (!target_efds) {
603
            ret = -TARGET_EFAULT;
604
            goto end;
605
        }
585 606
        efds_ptr = target_to_host_fds(&efds, target_efds, n);
586 607
    } else {
587 608
        target_efds = NULL;
......
606 627
            host_to_target_timeval(target_tv, &tv);
607 628
        }
608 629
    }
609
    if (target_rfds)
610
        unlock_user(target_rfds, rfd_p, ok ? sizeof(abi_long) * n : 0);
611
    if (target_wfds)
612
        unlock_user(target_wfds, wfd_p, ok ? sizeof(abi_long) * n : 0);
613
    if (target_efds)
614
        unlock_user(target_efds, efd_p, ok ? sizeof(abi_long) * n : 0);
630

  
631
end:
632
    unlock_user(target_rfds, rfd_p, ok ? sizeof(abi_long) * n : 0);
633
    unlock_user(target_wfds, wfd_p, ok ? sizeof(abi_long) * n : 0);
634
    unlock_user(target_efds, efd_p, ok ? sizeof(abi_long) * n : 0);
615 635

  
616 636
    return ret;
617 637
}
618 638

  
619
static inline void target_to_host_sockaddr(struct sockaddr *addr,
620
                                           abi_ulong target_addr,
621
                                           socklen_t len)
639
static inline abi_long target_to_host_sockaddr(struct sockaddr *addr,
640
                                               abi_ulong target_addr,
641
                                               socklen_t len)
622 642
{
623 643
    struct target_sockaddr *target_saddr;
624 644

  
625
    target_saddr = lock_user(target_addr, len, 1);
645
    target_saddr = lock_user(VERIFY_READ, target_addr, len, 1);
646
    if (!target_saddr)
647
        return -TARGET_EFAULT;
626 648
    memcpy(addr, target_saddr, len);
627 649
    addr->sa_family = tswap16(target_saddr->sa_family);
628 650
    unlock_user(target_saddr, target_addr, 0);
651

  
652
    return 0;
629 653
}
630 654

  
631
static inline void host_to_target_sockaddr(abi_ulong target_addr,
632
                                           struct sockaddr *addr,
633
                                           socklen_t len)
655
static inline abi_long host_to_target_sockaddr(abi_ulong target_addr,
656
                                               struct sockaddr *addr,
657
                                               socklen_t len)
634 658
{
635 659
    struct target_sockaddr *target_saddr;
636 660

  
637
    target_saddr = lock_user(target_addr, len, 0);
661
    target_saddr = lock_user(VERIFY_WRITE, target_addr, len, 0);
662
    if (!target_saddr)
663
        return -TARGET_EFAULT;
638 664
    memcpy(target_saddr, addr, len);
639 665
    target_saddr->sa_family = tswap16(addr->sa_family);
640 666
    unlock_user(target_saddr, target_addr, len);
667

  
668
    return 0;
641 669
}
642 670

  
643 671
/* ??? Should this also swap msgh->name?  */
......
941 969
    return ret;
942 970
}
943 971

  
944
static void lock_iovec(struct iovec *vec, abi_ulong target_addr,
945
                       int count, int copy)
972
/* FIXME
973
 * lock_iovec()/unlock_iovec() have a return code of 0 for success where
974
 * other lock functions have a return code of 0 for failure.
975
 */
976
static abi_long lock_iovec(int type, struct iovec *vec, abi_ulong target_addr,
977
                           int count, int copy)
946 978
{
947 979
    struct target_iovec *target_vec;
948 980
    abi_ulong base;
949
    int i;
981
    int i, j;
950 982

  
951
    target_vec = lock_user(target_addr, count * sizeof(struct target_iovec), 1);
983
    target_vec = lock_user(VERIFY_READ, target_addr, count * sizeof(struct target_iovec), 1);
984
    if (!target_vec)
985
        return -TARGET_EFAULT;
952 986
    for(i = 0;i < count; i++) {
953 987
        base = tswapl(target_vec[i].iov_base);
954 988
        vec[i].iov_len = tswapl(target_vec[i].iov_len);
955
        vec[i].iov_base = lock_user(base, vec[i].iov_len, copy);
989
        vec[i].iov_base = lock_user(type, base, vec[i].iov_len, copy);
990
	if (!vec[i].iov_base) 
991
            goto fail;
992
    }
993
    unlock_user (target_vec, target_addr, 0);
994
    return 0;
995
 fail:
996
    /* failure - unwind locks */
997
    for (j = 0; j < i; j++) {
998
        base = tswapl(target_vec[j].iov_base);
999
        unlock_user(vec[j].iov_base, base, 0);
956 1000
    }
957 1001
    unlock_user (target_vec, target_addr, 0);
1002
    return -TARGET_EFAULT;
958 1003
}
959 1004

  
960
static void unlock_iovec(struct iovec *vec, abi_ulong target_addr,
961
                         int count, int copy)
1005
static abi_long unlock_iovec(struct iovec *vec, abi_ulong target_addr,
1006
                             int count, int copy)
962 1007
{
963 1008
    struct target_iovec *target_vec;
964 1009
    abi_ulong base;
965 1010
    int i;
966 1011

  
967
    target_vec = lock_user(target_addr, count * sizeof(struct target_iovec), 1);
1012
    target_vec = lock_user(VERIFY_READ, target_addr, count * sizeof(struct target_iovec), 1);
1013
    if (!target_vec)
1014
        return -TARGET_EFAULT;
968 1015
    for(i = 0;i < count; i++) {
969 1016
        base = tswapl(target_vec[i].iov_base);
970 1017
        unlock_user(vec[i].iov_base, base, copy ? vec[i].iov_len : 0);
971 1018
    }
972 1019
    unlock_user (target_vec, target_addr, 0);
1020

  
1021
    return 0;
973 1022
}
974 1023

  
975 1024
/* do_socket() Must return target values and target errnos. */
......
1033 1082
    struct iovec *vec;
1034 1083
    abi_ulong target_vec;
1035 1084

  
1036
    lock_user_struct(msgp, target_msg, 1);
1085
    /* FIXME */
1086
    if (!lock_user_struct(send ? VERIFY_READ : VERIFY_WRITE,
1087
                          msgp,
1088
                          target_msg,
1089
                          send ? 1 : 0))
1090
        return -TARGET_EFAULT;
1037 1091
    if (msgp->msg_name) {
1038 1092
        msg.msg_namelen = tswap32(msgp->msg_namelen);
1039 1093
        msg.msg_name = alloca(msg.msg_namelen);
......
1050 1104
    count = tswapl(msgp->msg_iovlen);
1051 1105
    vec = alloca(count * sizeof(struct iovec));
1052 1106
    target_vec = tswapl(msgp->msg_iov);
1053
    lock_iovec(vec, target_vec, count, send);
1107
    lock_iovec(send ? VERIFY_READ : VERIFY_WRITE, vec, target_vec, count, send);
1054 1108
    msg.msg_iovlen = count;
1055 1109
    msg.msg_iov = vec;
1056 1110

  
......
1063 1117
            host_to_target_cmsg(msgp, &msg);
1064 1118
    }
1065 1119
    unlock_iovec(vec, target_vec, count, !send);
1120
    unlock_user_struct(msgp, target_msg, send ? 0 : 1);
1066 1121
    return ret;
1067 1122
}
1068 1123

  
......
1137 1192
    void *host_msg;
1138 1193
    abi_long ret;
1139 1194

  
1140
    host_msg = lock_user(msg, len, 1);
1195
    host_msg = lock_user(VERIFY_READ, msg, len, 1);
1196
    if (!host_msg)
1197
        return -TARGET_EFAULT;
1141 1198
    if (target_addr) {
1142 1199
        addr = alloca(addrlen);
1143 1200
        target_to_host_sockaddr(addr, target_addr, addrlen);
......
1159 1216
    void *host_msg;
1160 1217
    abi_long ret;
1161 1218

  
1162
    host_msg = lock_user(msg, len, 0);
1219
    host_msg = lock_user(VERIFY_WRITE, msg, len, 0);
1220
    if (!host_msg)
1221
        return -TARGET_EFAULT;
1163 1222
    if (target_addr) {
1164 1223
        addrlen = tget32(target_addrlen);
1165 1224
        addr = alloca(addrlen);
......
1381 1440
  abi_ulong __unused4;
1382 1441
};
1383 1442

  
1384
static inline void target_to_host_ipc_perm(struct ipc_perm *host_ip,
1385
                                           abi_ulong target_addr)
1443
static inline abi_long target_to_host_ipc_perm(struct ipc_perm *host_ip,
1444
                                               abi_ulong target_addr)
1386 1445
{
1387 1446
    struct target_ipc_perm *target_ip;
1388 1447
    struct target_semid_ds *target_sd;
1389 1448

  
1390
    lock_user_struct(target_sd, target_addr, 1);
1449
    if (!lock_user_struct(VERIFY_READ, target_sd, target_addr, 1))
1450
        return -TARGET_EFAULT;
1391 1451
    target_ip=&(target_sd->sem_perm);
1392 1452
    host_ip->__key = tswapl(target_ip->__key);
1393 1453
    host_ip->uid = tswapl(target_ip->uid);
......
1396 1456
    host_ip->cgid = tswapl(target_ip->cgid);
1397 1457
    host_ip->mode = tswapl(target_ip->mode);
1398 1458
    unlock_user_struct(target_sd, target_addr, 0);
1459
    return 0;
1399 1460
}
1400 1461

  
1401
static inline void host_to_target_ipc_perm(abi_ulong target_addr,
1402
                                           struct ipc_perm *host_ip)
1462
static inline abi_long host_to_target_ipc_perm(abi_ulong target_addr,
1463
                                               struct ipc_perm *host_ip)
1403 1464
{
1404 1465
    struct target_ipc_perm *target_ip;
1405 1466
    struct target_semid_ds *target_sd;
1406 1467

  
1407
    lock_user_struct(target_sd, target_addr, 0);
1468
    if (!lock_user_struct(VERIFY_WRITE, target_sd, target_addr, 0))
1469
        return -TARGET_EFAULT;
1408 1470
    target_ip = &(target_sd->sem_perm);
1409 1471
    target_ip->__key = tswapl(host_ip->__key);
1410 1472
    target_ip->uid = tswapl(host_ip->uid);
......
1413 1475
    target_ip->cgid = tswapl(host_ip->cgid);
1414 1476
    target_ip->mode = tswapl(host_ip->mode);
1415 1477
    unlock_user_struct(target_sd, target_addr, 1);
1478
    return 0;
1416 1479
}
1417 1480

  
1418
static inline void target_to_host_semid_ds(struct semid_ds *host_sd,
1419
                                          abi_ulong target_addr)
1481
static inline abi_long target_to_host_semid_ds(struct semid_ds *host_sd,
1482
                                               abi_ulong target_addr)
1420 1483
{
1421 1484
    struct target_semid_ds *target_sd;
1422 1485

  
1423
    lock_user_struct(target_sd, target_addr, 1);
1486
    if (!lock_user_struct(VERIFY_READ, target_sd, target_addr, 1))
1487
        return -TARGET_EFAULT;
1424 1488
    target_to_host_ipc_perm(&(host_sd->sem_perm),target_addr);
1425 1489
    host_sd->sem_nsems = tswapl(target_sd->sem_nsems);
1426 1490
    host_sd->sem_otime = tswapl(target_sd->sem_otime);
1427 1491
    host_sd->sem_ctime = tswapl(target_sd->sem_ctime);
1428 1492
    unlock_user_struct(target_sd, target_addr, 0);
1493
    return 0;
1429 1494
}
1430 1495

  
1431
static inline void host_to_target_semid_ds(abi_ulong target_addr,
1432
                                           struct semid_ds *host_sd)
1496
static inline abi_long host_to_target_semid_ds(abi_ulong target_addr,
1497
                                               struct semid_ds *host_sd)
1433 1498
{
1434 1499
    struct target_semid_ds *target_sd;
1435 1500

  
1436
    lock_user_struct(target_sd, target_addr, 0);
1501
    if (!lock_user_struct(VERIFY_WRITE, target_sd, target_addr, 0))
1502
        return -TARGET_EFAULT;
1437 1503
    host_to_target_ipc_perm(target_addr,&(host_sd->sem_perm));
1438 1504
    target_sd->sem_nsems = tswapl(host_sd->sem_nsems);
1439 1505
    target_sd->sem_otime = tswapl(host_sd->sem_otime);
1440 1506
    target_sd->sem_ctime = tswapl(host_sd->sem_ctime);
1441 1507
    unlock_user_struct(target_sd, target_addr, 1);
1508
    return 0;
1442 1509
}
1443 1510

  
1444 1511
union semun {
......
1453 1520
	unsigned short int *array;
1454 1521
};
1455 1522

  
1456
static inline void target_to_host_semun(int cmd,
1457
                                        union semun *host_su,
1458
                                        abi_ulong target_addr,
1459
                                        struct semid_ds *ds)
1523
static inline abi_long target_to_host_semun(int cmd,
1524
                                            union semun *host_su,
1525
                                            abi_ulong target_addr,
1526
                                            struct semid_ds *ds)
1460 1527
{
1461 1528
    union target_semun *target_su;
1462 1529

  
1463 1530
    switch( cmd ) {
1464 1531
	case IPC_STAT:
1465 1532
	case IPC_SET:
1466
           lock_user_struct(target_su, target_addr, 1);
1533
           if (!lock_user_struct(VERIFY_READ, target_su, target_addr, 1))
1534
               return -TARGET_EFAULT;
1467 1535
	   target_to_host_semid_ds(ds,target_su->buf);
1468 1536
	   host_su->buf = ds;
1469 1537
           unlock_user_struct(target_su, target_addr, 0);
1470 1538
	   break;
1471 1539
	case GETVAL:
1472 1540
	case SETVAL:
1473
           lock_user_struct(target_su, target_addr, 1);
1541
           if (!lock_user_struct(VERIFY_READ, target_su, target_addr, 1))
1542
               return -TARGET_EFAULT;
1474 1543
	   host_su->val = tswapl(target_su->val);
1475 1544
           unlock_user_struct(target_su, target_addr, 0);
1476 1545
	   break;
1477 1546
	case GETALL:
1478 1547
	case SETALL:
1479
           lock_user_struct(target_su, target_addr, 1);
1548
           if (!lock_user_struct(VERIFY_READ, target_su, target_addr, 1))
1549
               return -TARGET_EFAULT;
1480 1550
	   *host_su->array = tswap16(*target_su->array);
1481 1551
           unlock_user_struct(target_su, target_addr, 0);
1482 1552
	   break;
1483 1553
	default:
1484 1554
           gemu_log("semun operation not fully supported: %d\n", (int)cmd);
1485 1555
    }
1556
    return 0;
1486 1557
}
1487 1558

  
1488
static inline void host_to_target_semun(int cmd,
1489
                                        abi_ulong target_addr,
1490
                                        union semun *host_su,
1491
                                        struct semid_ds *ds)
1559
static inline abi_long host_to_target_semun(int cmd,
1560
                                            abi_ulong target_addr,
1561
                                            union semun *host_su,
1562
                                            struct semid_ds *ds)
1492 1563
{
1493 1564
    union target_semun *target_su;
1494 1565

  
1495 1566
    switch( cmd ) {
1496 1567
	case IPC_STAT:
1497 1568
	case IPC_SET:
1498
           lock_user_struct(target_su, target_addr, 0);
1569
           if (lock_user_struct(VERIFY_WRITE, target_su, target_addr, 0))
1570
               return -TARGET_EFAULT;
1499 1571
	   host_to_target_semid_ds(target_su->buf,ds);
1500 1572
           unlock_user_struct(target_su, target_addr, 1);
1501 1573
	   break;
1502 1574
	case GETVAL:
1503 1575
	case SETVAL:
1504
           lock_user_struct(target_su, target_addr, 0);
1576
           if (lock_user_struct(VERIFY_WRITE, target_su, target_addr, 0))
1577
               return -TARGET_EFAULT;
1505 1578
	   target_su->val = tswapl(host_su->val);
1506 1579
           unlock_user_struct(target_su, target_addr, 1);
1507 1580
	   break;
1508 1581
	case GETALL:
1509 1582
	case SETALL:
1510
           lock_user_struct(target_su, target_addr, 0);
1583
           if (lock_user_struct(VERIFY_WRITE, target_su, target_addr, 0))
1584
               return -TARGET_EFAULT;
1511 1585
	   *target_su->array = tswap16(*host_su->array);
1512 1586
           unlock_user_struct(target_su, target_addr, 1);
1513 1587
	   break;
1514 1588
        default:
1515 1589
           gemu_log("semun operation not fully supported: %d\n", (int)cmd);
1516 1590
    }
1591
    return 0;
1517 1592
}
1518 1593

  
1519 1594
static inline abi_long do_semctl(int first, int second, int third,
......
1580 1655
  abi_ulong __unused5;
1581 1656
};
1582 1657

  
... This diff was truncated because it exceeds the maximum size that can be displayed.

Also available in: Unified diff