From dab32b321f4d510ed5171b12f68bd5aa7a02cffe Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Fri, 15 Jul 2016 14:57:26 +0100 Subject: linux-user: Fix handling of iovec counts In the kernel the length of an iovec is generally handled as an unsigned long, not an integer; fix the parameter to lock_iovec() accordingly. Signed-off-by: Peter Maydell Signed-off-by: Riku Voipio --- linux-user/syscall.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'linux-user/syscall.c') diff --git a/linux-user/syscall.c b/linux-user/syscall.c index ca06943f3b..71f40e3ab8 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -3119,7 +3119,7 @@ static abi_long do_getsockopt(int sockfd, int level, int optname, } static struct iovec *lock_iovec(int type, abi_ulong target_addr, - int count, int copy) + abi_ulong count, int copy) { struct target_iovec *target_vec; struct iovec *vec; @@ -3132,7 +3132,7 @@ static struct iovec *lock_iovec(int type, abi_ulong target_addr, errno = 0; return NULL; } - if (count < 0 || count > IOV_MAX) { + if (count > IOV_MAX) { errno = EINVAL; return NULL; } @@ -3207,7 +3207,7 @@ static struct iovec *lock_iovec(int type, abi_ulong target_addr, } static void unlock_iovec(struct iovec *vec, abi_ulong target_addr, - int count, int copy) + abi_ulong count, int copy) { struct target_iovec *target_vec; int i; @@ -3462,7 +3462,7 @@ static abi_long do_sendrecvmsg_locked(int fd, struct target_msghdr *msgp, { abi_long ret, len; struct msghdr msg; - int count; + abi_ulong count; struct iovec *vec; abi_ulong target_vec; -- cgit v1.2.3-55-g7522 From 97b079703350ec0f6625788fb380f1fa14d0e2c4 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Fri, 15 Jul 2016 14:57:27 +0100 Subject: linux-user: Fix errno for sendrecvmsg with large iovec length The sendmsg and recvmsg syscalls use a different errno to indicate an overlarge iovec length from readv and writev. Handle this special case in do_sendrcvmsg_locked() to avoid getting the default errno returned by lock_iovec(). Signed-off-by: Peter Maydell Signed-off-by: Riku Voipio --- linux-user/syscall.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'linux-user/syscall.c') diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 71f40e3ab8..9d18326467 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -3485,6 +3485,15 @@ static abi_long do_sendrecvmsg_locked(int fd, struct target_msghdr *msgp, count = tswapal(msgp->msg_iovlen); target_vec = tswapal(msgp->msg_iov); + + if (count > IOV_MAX) { + /* sendrcvmsg returns a different errno for this condition than + * readv/writev, so we must catch it here before lock_iovec() does. + */ + ret = -TARGET_EMSGSIZE; + goto out2; + } + vec = lock_iovec(send ? VERIFY_READ : VERIFY_WRITE, target_vec, count, send); if (vec == NULL) { -- cgit v1.2.3-55-g7522 From 26a6fc96e0ca7522b855c2164bc6098240c286f6 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Fri, 15 Jul 2016 14:57:28 +0100 Subject: linux-user: Allow bad msg_name for recvfrom on connected socket The POSIX standard mandates that for a connected socket recvfrom() must ignore the msg_name and msg_namelen fields. This is awkward for QEMU because we will attempt to copy them from guest address space. Handle this by not immediately returning a TARGET_EFAULT if the copy failed, but instead passing a known-bad address to the host kernel, which can then return EFAULT or ignore the value appropriately. Signed-off-by: Peter Maydell Signed-off-by: Riku Voipio --- linux-user/syscall.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'linux-user/syscall.c') diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 9d18326467..51f558d47d 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -3472,7 +3472,14 @@ static abi_long do_sendrecvmsg_locked(int fd, struct target_msghdr *msgp, ret = target_to_host_sockaddr(fd, msg.msg_name, tswapal(msgp->msg_name), msg.msg_namelen); - if (ret) { + if (ret == -TARGET_EFAULT) { + /* For connected sockets msg_name and msg_namelen must + * be ignored, so returning EFAULT immediately is wrong. + * Instead, pass a bad msg_name to the host kernel, and + * let it decide whether to return EFAULT or not. + */ + msg.msg_name = (void *)-1; + } else if (ret) { goto out2; } } else { @@ -3534,7 +3541,7 @@ static abi_long do_sendrecvmsg_locked(int fd, struct target_msghdr *msgp, } if (!is_error(ret)) { msgp->msg_namelen = tswap32(msg.msg_namelen); - if (msg.msg_name != NULL) { + if (msg.msg_name != NULL && msg.msg_name != (void *)-1) { ret = host_to_target_sockaddr(tswapal(msgp->msg_name), msg.msg_name, msg.msg_namelen); if (ret) { -- cgit v1.2.3-55-g7522 From 700fa58e4b9100d6bd77df06d2e5d1f457720c4d Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Mon, 18 Jul 2016 11:47:55 +0100 Subject: linux-user: Use direct syscall for utimensat The linux utimensat syscall differs in semantics from the libc function because the syscall combines the features of utimensat() and futimens(). Rather than trying to split these apart in order to call the two libc functions which then call the same underlying syscall, just always directly make the host syscall. This fixes bugs in some of the corner cases which should return errors from the syscall but which we were incorrectly directing to futimens(). This doesn't reduce the set of hosts that our syscall implementation will work on, because if the direct syscall fails ENOSYS then the libc functions would also fail ENOSYS. (The system call has been in the kernel since 2.6.22 anyway.) Signed-off-by: Peter Maydell Signed-off-by: Riku Voipio --- linux-user/syscall.c | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) (limited to 'linux-user/syscall.c') diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 51f558d47d..21ae996dd1 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -520,16 +520,7 @@ static int sys_getcwd1(char *buf, size_t size) } #ifdef TARGET_NR_utimensat -#ifdef CONFIG_UTIMENSAT -static int sys_utimensat(int dirfd, const char *pathname, - const struct timespec times[2], int flags) -{ - if (pathname == NULL) - return futimens(dirfd, times); - else - return utimensat(dirfd, pathname, times, flags); -} -#elif defined(__NR_utimensat) +#if defined(__NR_utimensat) #define __NR_sys_utimensat __NR_utimensat _syscall4(int,sys_utimensat,int,dirfd,const char *,pathname, const struct timespec *,tsp,int,flags) -- cgit v1.2.3-55-g7522 From 2ba7fae3bd688f5bb6cb08defc731d77e6bd943c Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Mon, 18 Jul 2016 15:35:59 +0100 Subject: linux-user: Check for bad event numbers in epoll_wait The kernel checks that the maxevents parameter to epoll_wait is non-negative and not larger than EP_MAX_EVENTS. Add this check to our implementation, so that: * we fail these cases EINVAL rather than EFAULT * we don't pass negative or overflowing values to the lock_user() size calculation Signed-off-by: Peter Maydell Signed-off-by: Riku Voipio --- linux-user/syscall.c | 5 +++++ linux-user/syscall_defs.h | 3 +++ 2 files changed, 8 insertions(+) (limited to 'linux-user/syscall.c') diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 21ae996dd1..eecccbb25c 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -11501,6 +11501,11 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, int maxevents = arg3; int timeout = arg4; + if (maxevents <= 0 || maxevents > TARGET_EP_MAX_EVENTS) { + ret = -TARGET_EINVAL; + break; + } + target_ep = lock_user(VERIFY_WRITE, arg2, maxevents * sizeof(struct target_epoll_event), 1); if (!target_ep) { diff --git a/linux-user/syscall_defs.h b/linux-user/syscall_defs.h index c0e5cb0010..5c19c5ca19 100644 --- a/linux-user/syscall_defs.h +++ b/linux-user/syscall_defs.h @@ -2585,6 +2585,9 @@ struct target_epoll_event { abi_uint events; target_epoll_data_t data; } TARGET_EPOLL_PACKED; + +#define TARGET_EP_MAX_EVENTS (INT_MAX / sizeof(struct target_epoll_event)) + #endif struct target_rlimit64 { uint64_t rlim_cur; -- cgit v1.2.3-55-g7522 From ce9c139d93db03e464341385976606b7568b768f Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Mon, 18 Jul 2016 16:30:36 +0100 Subject: linux-user: Range check the nfds argument to ppoll syscall Do an initial range check on the ppoll syscall's nfds argument, to avoid possible overflow in the calculation of the lock_user() size argument. The host kernel will later apply the rather lower limit based on RLIMIT_NOFILE as appropriate. Signed-off-by: Peter Maydell Signed-off-by: Riku Voipio --- linux-user/syscall.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'linux-user/syscall.c') diff --git a/linux-user/syscall.c b/linux-user/syscall.c index eecccbb25c..7a50a57d4b 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -9661,6 +9661,11 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, pfd = NULL; target_pfd = NULL; if (nfds) { + if (nfds > (INT_MAX / sizeof(struct target_pollfd))) { + ret = -TARGET_EINVAL; + break; + } + target_pfd = lock_user(VERIFY_WRITE, arg1, sizeof(struct target_pollfd) * nfds, 1); if (!target_pfd) { -- cgit v1.2.3-55-g7522 From 3211215e741f6e4824ddfc4919428e8d1b82a3c2 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 12 Jul 2016 13:02:13 +0100 Subject: linux-user: Check lock_user() return value for NULL lock_user() can return NULL, which typically means the syscall should fail with EFAULT. Add checks in various places where Coverity spotted that we were missing them. Signed-off-by: Peter Maydell Signed-off-by: Riku Voipio --- linux-user/syscall.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'linux-user/syscall.c') diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 7a50a57d4b..efcc17a3b0 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -5008,6 +5008,11 @@ static abi_long do_ioctl_dm(const IOCTLEntry *ie, uint8_t *buf_temp, int fd, host_data = (char*)host_dm + host_dm->data_start; argptr = lock_user(VERIFY_READ, guest_data, guest_data_size, 1); + if (!argptr) { + ret = -TARGET_EFAULT; + goto out; + } + switch (ie->host_cmd) { case DM_REMOVE_ALL: case DM_LIST_DEVICES: @@ -11271,6 +11276,10 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, case TARGET_NR_mq_unlink: p = lock_user_string(arg1 - 1); + if (!p) { + ret = -TARGET_EFAULT; + break; + } ret = get_errno(mq_unlink(p)); unlock_user (p, arg1, 0); break; -- cgit v1.2.3-55-g7522 From f9757b1d9649cb739ecf544c7137c0885281f6e8 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 12 Jul 2016 13:02:14 +0100 Subject: linux-user: Fix incorrect use of host errno in do_ioctl_dm() do_ioctl_dm() should return target errno values, not host ones; correct an accidental use of a host errno in an error path. Signed-off-by: Peter Maydell Signed-off-by: Riku Voipio --- linux-user/syscall.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'linux-user/syscall.c') diff --git a/linux-user/syscall.c b/linux-user/syscall.c index efcc17a3b0..e28690713a 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -5001,7 +5001,7 @@ static abi_long do_ioctl_dm(const IOCTLEntry *ie, uint8_t *buf_temp, int fd, guest_data = arg + host_dm->data_start; if ((guest_data - arg) < 0) { - ret = -EINVAL; + ret = -TARGET_EINVAL; goto out; } guest_data_size = host_dm->data_size - host_dm->data_start; -- cgit v1.2.3-55-g7522 From ee8e76141b4dd00f8e97fda274876a17f9a46bbe Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Mon, 11 Jul 2016 16:48:11 +0100 Subject: linux-user: Use correct target SHMLBA in shmat() The shmat() handling needs to do target-specific handling of the attach address for shmat(): * if the SHM_RND flag is passed, the address is rounded down to a SHMLBA boundary * if SHM_RND is not passed, then the call is failed EINVAL if the address is not a multiple of SHMLBA Since SHMLBA is target-specific, we need to do this checking and rounding in QEMU and can't leave it up to the host syscall. Allow targets to define TARGET_FORCE_SHMLBA and provide a target_shmlba() function if appropriate, and update do_shmat() to honour them. Signed-off-by: Peter Maydell Signed-off-by: Riku Voipio --- linux-user/arm/target_syscall.h | 7 ++++++ linux-user/mips/target_syscall.h | 7 ++++++ linux-user/mips64/target_syscall.h | 7 ++++++ linux-user/sh4/target_syscall.h | 7 ++++++ linux-user/sparc/target_syscall.h | 16 ++++++++++++++ linux-user/syscall.c | 45 +++++++++++++++++++++++++++++++++----- 6 files changed, 83 insertions(+), 6 deletions(-) (limited to 'linux-user/syscall.c') diff --git a/linux-user/arm/target_syscall.h b/linux-user/arm/target_syscall.h index cd021ff598..0879b4d4a8 100644 --- a/linux-user/arm/target_syscall.h +++ b/linux-user/arm/target_syscall.h @@ -33,4 +33,11 @@ struct target_pt_regs { #define TARGET_MLOCKALL_MCL_CURRENT 1 #define TARGET_MLOCKALL_MCL_FUTURE 2 +#define TARGET_FORCE_SHMLBA + +static inline abi_ulong target_shmlba(CPUARMState *env) +{ + return 4 * 4096; +} + #endif /* ARM_TARGET_SYSCALL_H */ diff --git a/linux-user/mips/target_syscall.h b/linux-user/mips/target_syscall.h index 2b4f390729..6c666dcb73 100644 --- a/linux-user/mips/target_syscall.h +++ b/linux-user/mips/target_syscall.h @@ -230,4 +230,11 @@ struct target_pt_regs { #define TARGET_MLOCKALL_MCL_CURRENT 1 #define TARGET_MLOCKALL_MCL_FUTURE 2 +#define TARGET_FORCE_SHMLBA + +static inline abi_ulong target_shmlba(CPUMIPSState *env) +{ + return 0x40000; +} + #endif /* MIPS_TARGET_SYSCALL_H */ diff --git a/linux-user/mips64/target_syscall.h b/linux-user/mips64/target_syscall.h index 8da9c1f9cc..a9c17f7edf 100644 --- a/linux-user/mips64/target_syscall.h +++ b/linux-user/mips64/target_syscall.h @@ -227,4 +227,11 @@ struct target_pt_regs { #define TARGET_MLOCKALL_MCL_CURRENT 1 #define TARGET_MLOCKALL_MCL_FUTURE 2 +#define TARGET_FORCE_SHMLBA + +static inline abi_ulong target_shmlba(CPUMIPSState *env) +{ + return 0x40000; +} + #endif /* MIPS64_TARGET_SYSCALL_H */ diff --git a/linux-user/sh4/target_syscall.h b/linux-user/sh4/target_syscall.h index 78d5557124..2b5f75be13 100644 --- a/linux-user/sh4/target_syscall.h +++ b/linux-user/sh4/target_syscall.h @@ -19,4 +19,11 @@ struct target_pt_regs { #define TARGET_MLOCKALL_MCL_CURRENT 1 #define TARGET_MLOCKALL_MCL_FUTURE 2 +#define TARGET_FORCE_SHMLBA + +static inline abi_ulong target_shmlba(CPUSH4State *env) +{ + return 0x4000; +} + #endif /* SH4_TARGET_SYSCALL_H */ diff --git a/linux-user/sparc/target_syscall.h b/linux-user/sparc/target_syscall.h index 326f674b4e..f97aa6b075 100644 --- a/linux-user/sparc/target_syscall.h +++ b/linux-user/sparc/target_syscall.h @@ -22,4 +22,20 @@ struct target_pt_regs { #define TARGET_MLOCKALL_MCL_CURRENT 0x2000 #define TARGET_MLOCKALL_MCL_FUTURE 0x4000 +/* For SPARC SHMLBA is determined at runtime in the kernel, and + * libc has to runtime-detect it using the hwcaps (see glibc + * sysdeps/unix/sysv/linux/sparc/getshmlba; we follow the same + * logic here, though we know we're not the sparc v9 64-bit case). + */ +#define TARGET_FORCE_SHMLBA + +static inline abi_ulong target_shmlba(CPUSPARCState *env) +{ + if (!(env->def->features & CPU_FEATURE_FLUSH)) { + return 64 * 1024; + } else { + return 256 * 1024; + } +} + #endif /* SPARC_TARGET_SYSCALL_H */ diff --git a/linux-user/syscall.c b/linux-user/syscall.c index e28690713a..85699f9f31 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -4575,12 +4575,34 @@ static inline abi_long do_shmctl(int shmid, int cmd, abi_long buf) return ret; } -static inline abi_ulong do_shmat(int shmid, abi_ulong shmaddr, int shmflg) +#ifndef TARGET_FORCE_SHMLBA +/* For most architectures, SHMLBA is the same as the page size; + * some architectures have larger values, in which case they should + * define TARGET_FORCE_SHMLBA and provide a target_shmlba() function. + * This corresponds to the kernel arch code defining __ARCH_FORCE_SHMLBA + * and defining its own value for SHMLBA. + * + * The kernel also permits SHMLBA to be set by the architecture to a + * value larger than the page size without setting __ARCH_FORCE_SHMLBA; + * this means that addresses are rounded to the large size if + * SHM_RND is set but addresses not aligned to that size are not rejected + * as long as they are at least page-aligned. Since the only architecture + * which uses this is ia64 this code doesn't provide for that oddity. + */ +static inline abi_ulong target_shmlba(CPUArchState *cpu_env) +{ + return TARGET_PAGE_SIZE; +} +#endif + +static inline abi_ulong do_shmat(CPUArchState *cpu_env, + int shmid, abi_ulong shmaddr, int shmflg) { abi_long raddr; void *host_raddr; struct shmid_ds shm_info; int i,ret; + abi_ulong shmlba; /* find out the length of the shared memory segment */ ret = get_errno(shmctl(shmid, IPC_STAT, &shm_info)); @@ -4589,6 +4611,16 @@ static inline abi_ulong do_shmat(int shmid, abi_ulong shmaddr, int shmflg) return ret; } + shmlba = target_shmlba(cpu_env); + + if (shmaddr & (shmlba - 1)) { + if (shmflg & SHM_RND) { + shmaddr &= ~(shmlba - 1); + } else { + return -TARGET_EINVAL; + } + } + mmap_lock(); if (shmaddr) @@ -4647,7 +4679,8 @@ static inline abi_long do_shmdt(abi_ulong shmaddr) #ifdef TARGET_NR_ipc /* ??? This only works with linear mappings. */ /* do_ipc() must return target values and target errnos. */ -static abi_long do_ipc(unsigned int call, abi_long first, +static abi_long do_ipc(CPUArchState *cpu_env, + unsigned int call, abi_long first, abi_long second, abi_long third, abi_long ptr, abi_long fifth) { @@ -4716,7 +4749,7 @@ static abi_long do_ipc(unsigned int call, abi_long first, default: { abi_ulong raddr; - raddr = do_shmat(first, ptr, second); + raddr = do_shmat(cpu_env, first, ptr, second); if (is_error(raddr)) return get_errno(raddr); if (put_user_ual(raddr, third)) @@ -9304,8 +9337,8 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, break; #ifdef TARGET_NR_ipc case TARGET_NR_ipc: - ret = do_ipc(arg1, arg2, arg3, arg4, arg5, arg6); - break; + ret = do_ipc(cpu_env, arg1, arg2, arg3, arg4, arg5, arg6); + break; #endif #ifdef TARGET_NR_semget case TARGET_NR_semget: @@ -9354,7 +9387,7 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, #endif #ifdef TARGET_NR_shmat case TARGET_NR_shmat: - ret = do_shmat(arg1, arg2, arg3); + ret = do_shmat(cpu_env, arg1, arg2, arg3); break; #endif #ifdef TARGET_NR_shmdt -- cgit v1.2.3-55-g7522 From 9d2803f720d5b71937c0f564bb2c16d8f5e18c8c Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Thu, 28 Jul 2016 16:44:46 +0100 Subject: linux-user: Pass si_type information to queue_signal() explicitly Instead of assuming in queue_signal() that all callers are passing a siginfo structure which uses the _sifields._sigfault part of the union (and thus a si_type of QEMU_SI_FAULT), make callers pass the si_type they require in as an argument. [RV adjusted to apply] Reviewed-by: Richard Henderson Signed-off-by: Peter Maydell Signed-off-by: Riku Voipio --- linux-user/main.c | 124 +++++++++++++++++++++++++-------------------------- linux-user/qemu.h | 3 +- linux-user/signal.c | 10 ++--- linux-user/syscall.c | 6 ++- 4 files changed, 71 insertions(+), 72 deletions(-) (limited to 'linux-user/syscall.c') diff --git a/linux-user/main.c b/linux-user/main.c index 2aeda8a10d..aba58c78bc 100644 --- a/linux-user/main.c +++ b/linux-user/main.c @@ -339,7 +339,7 @@ void cpu_loop(CPUX86State *env) info.si_errno = 0; info.si_code = TARGET_SI_KERNEL; info._sifields._sigfault._addr = 0; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); break; case EXCP0D_GPF: /* XXX: potential problem if ABI32 */ @@ -353,7 +353,7 @@ void cpu_loop(CPUX86State *env) info.si_errno = 0; info.si_code = TARGET_SI_KERNEL; info._sifields._sigfault._addr = 0; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); } break; case EXCP0E_PAGE: @@ -364,7 +364,7 @@ void cpu_loop(CPUX86State *env) else info.si_code = TARGET_SEGV_ACCERR; info._sifields._sigfault._addr = env->cr[2]; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); break; case EXCP00_DIVZ: #ifndef TARGET_X86_64 @@ -378,7 +378,7 @@ void cpu_loop(CPUX86State *env) info.si_errno = 0; info.si_code = TARGET_FPE_INTDIV; info._sifields._sigfault._addr = env->eip; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); } break; case EXCP01_DB: @@ -398,7 +398,7 @@ void cpu_loop(CPUX86State *env) info.si_code = TARGET_SI_KERNEL; info._sifields._sigfault._addr = 0; } - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); } break; case EXCP04_INTO: @@ -413,7 +413,7 @@ void cpu_loop(CPUX86State *env) info.si_errno = 0; info.si_code = TARGET_SI_KERNEL; info._sifields._sigfault._addr = 0; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); } break; case EXCP06_ILLOP: @@ -421,7 +421,7 @@ void cpu_loop(CPUX86State *env) info.si_errno = 0; info.si_code = TARGET_ILL_ILLOPN; info._sifields._sigfault._addr = env->eip; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); break; case EXCP_INTERRUPT: /* just indicate that signals should be handled asap */ @@ -436,7 +436,7 @@ void cpu_loop(CPUX86State *env) info.si_signo = sig; info.si_errno = 0; info.si_code = TARGET_TRAP_BRKPT; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); } } break; @@ -576,7 +576,7 @@ segv: /* XXX: check env->error_code */ info.si_code = TARGET_SEGV_MAPERR; info._sifields._sigfault._addr = env->exception.vaddress; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); } /* Handle a jump to the kernel code page. */ @@ -755,7 +755,7 @@ void cpu_loop(CPUARMState *env) info.si_errno = 0; info.si_code = TARGET_ILL_ILLOPN; info._sifields._sigfault._addr = env->regs[15]; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); } else if (rc < 0) { /* FP exception */ int arm_fpe=0; @@ -786,7 +786,7 @@ void cpu_loop(CPUARMState *env) if (arm_fpe & BIT_IOC) info.si_code = TARGET_FPE_FLTINV; info._sifields._sigfault._addr = env->regs[15]; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); } else { env->regs[15] += 4; } @@ -907,7 +907,7 @@ void cpu_loop(CPUARMState *env) /* XXX: check env->error_code */ info.si_code = TARGET_SEGV_MAPERR; info._sifields._sigfault._addr = addr; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); } break; case EXCP_DEBUG: @@ -921,7 +921,7 @@ void cpu_loop(CPUARMState *env) info.si_signo = sig; info.si_errno = 0; info.si_code = TARGET_TRAP_BRKPT; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); } } break; @@ -1099,7 +1099,7 @@ void cpu_loop(CPUARMState *env) info.si_errno = 0; info.si_code = TARGET_ILL_ILLOPN; info._sifields._sigfault._addr = env->pc; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); break; case EXCP_STREX: if (!do_strex_a64(env)) { @@ -1113,7 +1113,7 @@ void cpu_loop(CPUARMState *env) /* XXX: check env->error_code */ info.si_code = TARGET_SEGV_MAPERR; info._sifields._sigfault._addr = env->exception.vaddress; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); break; case EXCP_DEBUG: case EXCP_BKPT: @@ -1122,7 +1122,7 @@ void cpu_loop(CPUARMState *env) info.si_signo = sig; info.si_errno = 0; info.si_code = TARGET_TRAP_BRKPT; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); } break; case EXCP_SEMIHOST: @@ -1202,7 +1202,7 @@ void cpu_loop(CPUUniCore32State *env) /* XXX: check env->error_code */ info.si_code = TARGET_SEGV_MAPERR; info._sifields._sigfault._addr = env->cp0.c4_faultaddr; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); break; case EXCP_INTERRUPT: /* just indicate that signals should be handled asap */ @@ -1216,7 +1216,7 @@ void cpu_loop(CPUUniCore32State *env) info.si_signo = sig; info.si_errno = 0; info.si_code = TARGET_TRAP_BRKPT; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); } } break; @@ -1431,7 +1431,7 @@ void cpu_loop (CPUSPARCState *env) /* XXX: check env->error_code */ info.si_code = TARGET_SEGV_MAPERR; info._sifields._sigfault._addr = env->mmuregs[4]; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); } break; #else @@ -1452,7 +1452,7 @@ void cpu_loop (CPUSPARCState *env) info._sifields._sigfault._addr = env->dmmuregs[4]; else info._sifields._sigfault._addr = cpu_tsptr(env)->tpc; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); } break; #ifndef TARGET_ABI32 @@ -1475,7 +1475,7 @@ void cpu_loop (CPUSPARCState *env) info.si_errno = 0; info.si_code = TARGET_ILL_ILLOPC; info._sifields._sigfault._addr = env->pc; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); } break; case EXCP_DEBUG: @@ -1488,7 +1488,7 @@ void cpu_loop (CPUSPARCState *env) info.si_signo = sig; info.si_errno = 0; info.si_code = TARGET_TRAP_BRKPT; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); } } break; @@ -1679,7 +1679,7 @@ void cpu_loop(CPUPPCState *env) break; } info._sifields._sigfault._addr = env->nip; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); break; case POWERPC_EXCP_ISI: /* Instruction storage exception */ /* XXX: check this */ @@ -1705,7 +1705,7 @@ void cpu_loop(CPUPPCState *env) break; } info._sifields._sigfault._addr = env->nip - 4; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); break; case POWERPC_EXCP_EXTERNAL: /* External input */ cpu_abort(cs, "External interrupt while in user mode. " @@ -1717,7 +1717,7 @@ void cpu_loop(CPUPPCState *env) info.si_errno = 0; info.si_code = TARGET_BUS_ADRALN; info._sifields._sigfault._addr = env->nip; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); break; case POWERPC_EXCP_PROGRAM: /* Program exception */ case POWERPC_EXCP_HV_EMU: /* HV emulation */ @@ -1808,14 +1808,14 @@ void cpu_loop(CPUPPCState *env) break; } info._sifields._sigfault._addr = env->nip; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); break; case POWERPC_EXCP_FPU: /* Floating-point unavailable exception */ info.si_signo = TARGET_SIGILL; info.si_errno = 0; info.si_code = TARGET_ILL_COPROC; info._sifields._sigfault._addr = env->nip; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); break; case POWERPC_EXCP_SYSCALL: /* System call exception */ cpu_abort(cs, "Syscall exception while in user mode. " @@ -1826,7 +1826,7 @@ void cpu_loop(CPUPPCState *env) info.si_errno = 0; info.si_code = TARGET_ILL_COPROC; info._sifields._sigfault._addr = env->nip; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); break; case POWERPC_EXCP_DECR: /* Decrementer exception */ cpu_abort(cs, "Decrementer interrupt while in user mode. " @@ -1853,7 +1853,7 @@ void cpu_loop(CPUPPCState *env) info.si_errno = 0; info.si_code = TARGET_ILL_COPROC; info._sifields._sigfault._addr = env->nip; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); break; case POWERPC_EXCP_EFPDI: /* Embedded floating-point data IRQ */ cpu_abort(cs, "Embedded floating-point data IRQ not handled\n"); @@ -1916,7 +1916,7 @@ void cpu_loop(CPUPPCState *env) info.si_errno = 0; info.si_code = TARGET_ILL_COPROC; info._sifields._sigfault._addr = env->nip; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); break; case POWERPC_EXCP_PIT: /* Programmable interval timer IRQ */ cpu_abort(cs, "Programmable interval timer interrupt " @@ -2010,7 +2010,7 @@ void cpu_loop(CPUPPCState *env) info.si_errno = 0; info.si_code = TARGET_SEGV_MAPERR; info._sifields._sigfault._addr = env->nip; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); } break; case EXCP_DEBUG: @@ -2022,7 +2022,7 @@ void cpu_loop(CPUPPCState *env) info.si_signo = sig; info.si_errno = 0; info.si_code = TARGET_TRAP_BRKPT; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); } } break; @@ -2456,13 +2456,13 @@ static int do_break(CPUMIPSState *env, target_siginfo_t *info, info->si_signo = TARGET_SIGFPE; info->si_errno = 0; info->si_code = (code == BRK_OVERFLOW) ? FPE_INTOVF : FPE_INTDIV; - queue_signal(env, info->si_signo, &*info); + queue_signal(env, info->si_signo, QEMU_SI_FAULT, &*info); ret = 0; break; default: info->si_signo = TARGET_SIGTRAP; info->si_errno = 0; - queue_signal(env, info->si_signo, &*info); + queue_signal(env, info->si_signo, QEMU_SI_FAULT, &*info); ret = 0; break; } @@ -2560,14 +2560,14 @@ done_syscall: /* XXX: check env->error_code */ info.si_code = TARGET_SEGV_MAPERR; info._sifields._sigfault._addr = env->CP0_BadVAddr; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); break; case EXCP_CpU: case EXCP_RI: info.si_signo = TARGET_SIGILL; info.si_errno = 0; info.si_code = 0; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); break; case EXCP_INTERRUPT: /* just indicate that signals should be handled asap */ @@ -2582,7 +2582,7 @@ done_syscall: info.si_signo = sig; info.si_errno = 0; info.si_code = TARGET_TRAP_BRKPT; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); } } break; @@ -2592,14 +2592,14 @@ done_syscall: info.si_errno = 0; info.si_code = TARGET_SEGV_MAPERR; info._sifields._sigfault._addr = env->active_tc.PC; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); } break; case EXCP_DSPDIS: info.si_signo = TARGET_SIGILL; info.si_errno = 0; info.si_code = TARGET_ILL_ILLOPC; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); break; /* The code below was inspired by the MIPS Linux kernel trap * handling code in arch/mips/kernel/traps.c. @@ -2850,7 +2850,7 @@ void cpu_loop(CPUSH4State *env) info.si_signo = sig; info.si_errno = 0; info.si_code = TARGET_TRAP_BRKPT; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); } } break; @@ -2860,7 +2860,7 @@ void cpu_loop(CPUSH4State *env) info.si_errno = 0; info.si_code = TARGET_SEGV_MAPERR; info._sifields._sigfault._addr = env->tea; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); break; default: @@ -2892,7 +2892,7 @@ void cpu_loop(CPUCRISState *env) /* XXX: check env->error_code */ info.si_code = TARGET_SEGV_MAPERR; info._sifields._sigfault._addr = env->pregs[PR_EDA]; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); } break; case EXCP_INTERRUPT: @@ -2924,7 +2924,7 @@ void cpu_loop(CPUCRISState *env) info.si_signo = sig; info.si_errno = 0; info.si_code = TARGET_TRAP_BRKPT; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); } } break; @@ -2957,7 +2957,7 @@ void cpu_loop(CPUMBState *env) /* XXX: check env->error_code */ info.si_code = TARGET_SEGV_MAPERR; info._sifields._sigfault._addr = 0; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); } break; case EXCP_INTERRUPT: @@ -3006,7 +3006,7 @@ void cpu_loop(CPUMBState *env) info.si_errno = 0; info.si_code = TARGET_FPE_FLTDIV; info._sifields._sigfault._addr = 0; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); break; case ESR_EC_FPU: info.si_signo = TARGET_SIGFPE; @@ -3018,7 +3018,7 @@ void cpu_loop(CPUMBState *env) info.si_code = TARGET_FPE_FLTDIV; } info._sifields._sigfault._addr = 0; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); break; default: printf ("Unhandled hw-exception: 0x%x\n", @@ -3038,7 +3038,7 @@ void cpu_loop(CPUMBState *env) info.si_signo = sig; info.si_errno = 0; info.si_code = TARGET_TRAP_BRKPT; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); } } break; @@ -3092,7 +3092,7 @@ void cpu_loop(CPUM68KState *env) info.si_errno = 0; info.si_code = TARGET_ILL_ILLOPN; info._sifields._sigfault._addr = env->pc; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); break; case EXCP_TRAP0: { @@ -3126,7 +3126,7 @@ void cpu_loop(CPUM68KState *env) /* XXX: check env->error_code */ info.si_code = TARGET_SEGV_MAPERR; info._sifields._sigfault._addr = env->mmu.ar; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); } break; case EXCP_DEBUG: @@ -3139,7 +3139,7 @@ void cpu_loop(CPUM68KState *env) info.si_signo = sig; info.si_errno = 0; info.si_code = TARGET_TRAP_BRKPT; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); } } break; @@ -3195,7 +3195,7 @@ static void do_store_exclusive(CPUAlphaState *env, int reg, int quad) info.si_errno = 0; info.si_code = TARGET_SEGV_MAPERR; info._sifields._sigfault._addr = addr; - queue_signal(env, TARGET_SIGSEGV, &info); + queue_signal(env, TARGET_SIGSEGV, QEMU_SI_FAULT, &info); } void cpu_loop(CPUAlphaState *env) @@ -3237,7 +3237,7 @@ void cpu_loop(CPUAlphaState *env) info.si_code = (page_get_flags(env->trap_arg0) & PAGE_VALID ? TARGET_SEGV_ACCERR : TARGET_SEGV_MAPERR); info._sifields._sigfault._addr = env->trap_arg0; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); break; case EXCP_UNALIGN: env->lock_addr = -1; @@ -3245,7 +3245,7 @@ void cpu_loop(CPUAlphaState *env) info.si_errno = 0; info.si_code = TARGET_BUS_ADRALN; info._sifields._sigfault._addr = env->trap_arg0; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); break; case EXCP_OPCDEC: do_sigill: @@ -3254,7 +3254,7 @@ void cpu_loop(CPUAlphaState *env) info.si_errno = 0; info.si_code = TARGET_ILL_ILLOPC; info._sifields._sigfault._addr = env->pc; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); break; case EXCP_ARITH: env->lock_addr = -1; @@ -3262,7 +3262,7 @@ void cpu_loop(CPUAlphaState *env) info.si_errno = 0; info.si_code = TARGET_FPE_FLTINV; info._sifields._sigfault._addr = env->pc; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); break; case EXCP_FEN: /* No-op. Linux simply re-enables the FPU. */ @@ -3276,7 +3276,7 @@ void cpu_loop(CPUAlphaState *env) info.si_errno = 0; info.si_code = TARGET_TRAP_BRKPT; info._sifields._sigfault._addr = env->pc; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); break; case 0x81: /* BUGCHK */ @@ -3284,7 +3284,7 @@ void cpu_loop(CPUAlphaState *env) info.si_errno = 0; info.si_code = 0; info._sifields._sigfault._addr = env->pc; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); break; case 0x83: /* CALLSYS */ @@ -3356,7 +3356,7 @@ void cpu_loop(CPUAlphaState *env) } info.si_errno = 0; info._sifields._sigfault._addr = env->pc; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); break; default: goto do_sigill; @@ -3368,7 +3368,7 @@ void cpu_loop(CPUAlphaState *env) env->lock_addr = -1; info.si_errno = 0; info.si_code = TARGET_TRAP_BRKPT; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); } break; case EXCP_STL_C: @@ -3502,7 +3502,7 @@ void cpu_loop(CPUS390XState *env) info.si_errno = 0; info.si_code = n; info._sifields._sigfault._addr = addr; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); break; default: @@ -3526,7 +3526,7 @@ static void gen_sigill_reg(CPUTLGState *env) info.si_errno = 0; info.si_code = TARGET_ILL_PRVREG; info._sifields._sigfault._addr = env->pc; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); } static void do_signal(CPUTLGState *env, int signo, int sigcode) @@ -3550,7 +3550,7 @@ static void do_signal(CPUTLGState *env, int signo, int sigcode) } info.si_code = sigcode; - queue_signal(env, info.si_signo, &info); + queue_signal(env, info.si_signo, QEMU_SI_FAULT, &info); } static void gen_sigsegv_maperr(CPUTLGState *env, target_ulong addr) diff --git a/linux-user/qemu.h b/linux-user/qemu.h index 61808f6f35..da73a01106 100644 --- a/linux-user/qemu.h +++ b/linux-user/qemu.h @@ -377,7 +377,8 @@ extern int do_strace; /* signal.c */ void process_pending_signals(CPUArchState *cpu_env); void signal_init(void); -int queue_signal(CPUArchState *env, int sig, target_siginfo_t *info); +int queue_signal(CPUArchState *env, int sig, int si_type, + target_siginfo_t *info); void host_to_target_siginfo(target_siginfo_t *tinfo, const siginfo_t *info); void target_to_host_siginfo(siginfo_t *info, const target_siginfo_t *tinfo); int target_to_host_signal(int sig); diff --git a/linux-user/signal.c b/linux-user/signal.c index f2c9f8e474..93a9293641 100644 --- a/linux-user/signal.c +++ b/linux-user/signal.c @@ -569,19 +569,15 @@ static void QEMU_NORETURN force_sig(int target_sig) /* queue a signal so that it will be send to the virtual CPU as soon as possible */ -int queue_signal(CPUArchState *env, int sig, target_siginfo_t *info) +int queue_signal(CPUArchState *env, int sig, int si_type, + target_siginfo_t *info) { CPUState *cpu = ENV_GET_CPU(env); TaskState *ts = cpu->opaque; trace_user_queue_signal(env, sig); - /* Currently all callers define siginfo structures which - * use the _sifields._sigfault union member, so we can - * set the type here. If that changes we should push this - * out so the si_type is passed in by callers. - */ - info->si_code = deposit32(info->si_code, 16, 16, QEMU_SI_FAULT); + info->si_code = deposit32(info->si_code, 16, 16, si_type); ts->sync_signal.info = *info; ts->sync_signal.pending = sig; diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 85699f9f31..27ad6a2a6c 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -10577,7 +10577,8 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, info.si_code = si_code; info._sifields._sigfault._addr = ((CPUArchState *)cpu_env)->pc; - queue_signal((CPUArchState *)cpu_env, info.si_signo, &info); + queue_signal((CPUArchState *)cpu_env, info.si_signo, + QEMU_SI_FAULT, &info); } } break; @@ -11665,7 +11666,8 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, info.si_errno = 0; info.si_code = TARGET_SEGV_MAPERR; info._sifields._sigfault._addr = arg6; - queue_signal((CPUArchState *)cpu_env, info.si_signo, &info); + queue_signal((CPUArchState *)cpu_env, info.si_signo, + QEMU_SI_FAULT, &info); ret = 0xdeadbeef; } -- cgit v1.2.3-55-g7522 From 7cfbd386b92e93fbfae033b9ac89a20d1fe72573 Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 2 Aug 2016 18:41:26 +0100 Subject: linux-user: Remove unnecessary nptl_flags variable from do_fork() The 'nptl_flags' variable in do_fork() is set to a copy of 'flags', and then the CLONE_NPTL_FLAGS are cleared out of 'flags'. However the only effect of this is that the later check on "if (flags & CLONE_PARENT_SETTID)" is never true. Since we will already have done the setting of parent_tidptr in clone_func() in the child thread, we don't need to do it again. Delete the dead if() and the clearing of CLONE_NPTL_FLAGS from 'flags', and then use 'flags' where we were previously using 'nptl_flags', so we can delete the unnecessary variable. Signed-off-by: Peter Maydell Signed-off-by: Riku Voipio --- linux-user/syscall.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) (limited to 'linux-user/syscall.c') diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 27ad6a2a6c..3b7b51f6c7 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -6011,7 +6011,6 @@ static int do_fork(CPUArchState *env, unsigned int flags, abi_ulong newsp, TaskState *ts; CPUState *new_cpu; CPUArchState *new_env; - unsigned int nptl_flags; sigset_t sigmask; /* Emulate vfork() with fork() */ @@ -6034,15 +6033,14 @@ static int do_fork(CPUArchState *env, unsigned int flags, abi_ulong newsp, ts->bprm = parent_ts->bprm; ts->info = parent_ts->info; ts->signal_mask = parent_ts->signal_mask; - nptl_flags = flags; - flags &= ~CLONE_NPTL_FLAGS2; - if (nptl_flags & CLONE_CHILD_CLEARTID) { + if (flags & CLONE_CHILD_CLEARTID) { ts->child_tidptr = child_tidptr; } - if (nptl_flags & CLONE_SETTLS) + if (flags & CLONE_SETTLS) { cpu_set_tls (new_env, newtls); + } /* Grab a mutex so that thread setup appears atomic. */ pthread_mutex_lock(&clone_lock); @@ -6052,10 +6050,12 @@ static int do_fork(CPUArchState *env, unsigned int flags, abi_ulong newsp, pthread_mutex_lock(&info.mutex); pthread_cond_init(&info.cond, NULL); info.env = new_env; - if (nptl_flags & CLONE_CHILD_SETTID) + if (flags & CLONE_CHILD_SETTID) { info.child_tidptr = child_tidptr; - if (nptl_flags & CLONE_PARENT_SETTID) + } + if (flags & CLONE_PARENT_SETTID) { info.parent_tidptr = parent_tidptr; + } ret = pthread_attr_init(&attr); ret = pthread_attr_setstacksize(&attr, NEW_STACK_SIZE); @@ -6074,8 +6074,6 @@ static int do_fork(CPUArchState *env, unsigned int flags, abi_ulong newsp, /* Wait for the child to initialize. */ pthread_cond_wait(&info.cond, &info.mutex); ret = info.tid; - if (flags & CLONE_PARENT_SETTID) - put_user_u32(ret, parent_tidptr); } else { ret = -1; } -- cgit v1.2.3-55-g7522 From 5ea2fc84da1bffce749c9d0848f5336def2818bb Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Tue, 2 Aug 2016 18:41:27 +0100 Subject: linux-user: Sanity check clone flags We currently make no checks on the flags passed to the clone syscall, which means we will not fail clone attempts which ask for features that we can't implement. Add sanity checking of the flags to clone (which we were already doing in the "this is a fork" path, but not for the "this is a new thread" path), tidy up the checking in the fork path to match it, and check that the fork case isn't trying to specify a custom termination signal. This is helpful in causing some LTP test cases to fail cleanly rather than behaving bizarrely when we let the clone succeed but didn't provide the semantics requested by the flags. Signed-off-by: Peter Maydell Signed-off-by: Riku Voipio --- linux-user/syscall.c | 66 +++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 63 insertions(+), 3 deletions(-) (limited to 'linux-user/syscall.c') diff --git a/linux-user/syscall.c b/linux-user/syscall.c index 3b7b51f6c7..d7e4d9ff2f 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -112,8 +112,56 @@ int __clone2(int (*fn)(void *), void *child_stack_base, #include "qemu.h" -#define CLONE_NPTL_FLAGS2 (CLONE_SETTLS | \ - CLONE_PARENT_SETTID | CLONE_CHILD_SETTID | CLONE_CHILD_CLEARTID) +#ifndef CLONE_IO +#define CLONE_IO 0x80000000 /* Clone io context */ +#endif + +/* We can't directly call the host clone syscall, because this will + * badly confuse libc (breaking mutexes, for example). So we must + * divide clone flags into: + * * flag combinations that look like pthread_create() + * * flag combinations that look like fork() + * * flags we can implement within QEMU itself + * * flags we can't support and will return an error for + */ +/* For thread creation, all these flags must be present; for + * fork, none must be present. + */ +#define CLONE_THREAD_FLAGS \ + (CLONE_VM | CLONE_FS | CLONE_FILES | \ + CLONE_SIGHAND | CLONE_THREAD | CLONE_SYSVSEM) + +/* These flags are ignored: + * CLONE_DETACHED is now ignored by the kernel; + * CLONE_IO is just an optimisation hint to the I/O scheduler + */ +#define CLONE_IGNORED_FLAGS \ + (CLONE_DETACHED | CLONE_IO) + +/* Flags for fork which we can implement within QEMU itself */ +#define CLONE_OPTIONAL_FORK_FLAGS \ + (CLONE_SETTLS | CLONE_PARENT_SETTID | \ + CLONE_CHILD_CLEARTID | CLONE_CHILD_SETTID) + +/* Flags for thread creation which we can implement within QEMU itself */ +#define CLONE_OPTIONAL_THREAD_FLAGS \ + (CLONE_SETTLS | CLONE_PARENT_SETTID | \ + CLONE_CHILD_CLEARTID | CLONE_CHILD_SETTID | CLONE_PARENT) + +#define CLONE_INVALID_FORK_FLAGS \ + (~(CSIGNAL | CLONE_OPTIONAL_FORK_FLAGS | CLONE_IGNORED_FLAGS)) + +#define CLONE_INVALID_THREAD_FLAGS \ + (~(CSIGNAL | CLONE_THREAD_FLAGS | CLONE_OPTIONAL_THREAD_FLAGS | \ + CLONE_IGNORED_FLAGS)) + +/* CLONE_VFORK is special cased early in do_fork(). The other flag bits + * have almost all been allocated. We cannot support any of + * CLONE_NEWNS, CLONE_NEWCGROUP, CLONE_NEWUTS, CLONE_NEWIPC, + * CLONE_NEWUSER, CLONE_NEWPID, CLONE_NEWNET, CLONE_PTRACE, CLONE_UNTRACED. + * The checks against the invalid thread masks above will catch these. + * (The one remaining unallocated bit is 0x1000 which used to be CLONE_PID.) + */ //#define DEBUG /* Define DEBUG_ERESTARTSYS to force every syscall to be restarted @@ -6013,6 +6061,8 @@ static int do_fork(CPUArchState *env, unsigned int flags, abi_ulong newsp, CPUArchState *new_env; sigset_t sigmask; + flags &= ~CLONE_IGNORED_FLAGS; + /* Emulate vfork() with fork() */ if (flags & CLONE_VFORK) flags &= ~(CLONE_VFORK | CLONE_VM); @@ -6022,6 +6072,11 @@ static int do_fork(CPUArchState *env, unsigned int flags, abi_ulong newsp, new_thread_info info; pthread_attr_t attr; + if (((flags & CLONE_THREAD_FLAGS) != CLONE_THREAD_FLAGS) || + (flags & CLONE_INVALID_THREAD_FLAGS)) { + return -TARGET_EINVAL; + } + ts = g_new0(TaskState, 1); init_task_state(ts); /* we create a new CPU instance. */ @@ -6083,7 +6138,12 @@ static int do_fork(CPUArchState *env, unsigned int flags, abi_ulong newsp, pthread_mutex_unlock(&clone_lock); } else { /* if no CLONE_VM, we consider it is a fork */ - if ((flags & ~(CSIGNAL | CLONE_NPTL_FLAGS2)) != 0) { + if (flags & CLONE_INVALID_FORK_FLAGS) { + return -TARGET_EINVAL; + } + + /* We can't support custom termination signals */ + if ((flags & CSIGNAL) != TARGET_SIGCHLD) { return -TARGET_EINVAL; } -- cgit v1.2.3-55-g7522 From 5457dc9e37fe0a29989bd64306c63941074864ce Mon Sep 17 00:00:00 2001 From: Laurent Vivier Date: Fri, 8 Jul 2016 01:17:27 +0200 Subject: linux-user: fix TARGET_NR_select TARGET_NR_select can have three different implementations: 1- to always return -ENOSYS microblaze, ppc, ppc64 -> TARGET_WANT_NI_OLD_SELECT 2- to take parameters from a structure pointed by arg1 (kernel sys_old_select) i386, arm, m68k -> TARGET_WANT_OLD_SYS_SELECT 3- to take parameters from arg[1-5] (kernel sys_select) x86_64, alpha, s390x, cris, sparc, sparc64 Some (new) architectures don't define NR_select, 4- but only NR__newselect with sys_select: mips, mips64, sh 5- don't define NR__newselect, and use pselect6 syscall: aarch64, openrisc, tilegx, unicore32 Reported-by: Timothy Pearson Reported-by: Allan Wirth Suggested-by: Peter Maydell Reviewed-by: Peter Maydell Signed-off-by: Laurent Vivier Signed-off-by: Riku Voipio --- linux-user/arm/target_syscall.h | 1 + linux-user/i386/target_syscall.h | 1 + linux-user/m68k/target_syscall.h | 2 ++ linux-user/microblaze/target_syscall.h | 2 ++ linux-user/openrisc/syscall_nr.h | 2 -- linux-user/ppc/target_syscall.h | 1 + linux-user/sh4/syscall_nr.h | 2 +- linux-user/syscall.c | 48 ++++++++++++++++++++++------------ linux-user/tilegx/syscall_nr.h | 1 - 9 files changed, 39 insertions(+), 21 deletions(-) (limited to 'linux-user/syscall.c') diff --git a/linux-user/arm/target_syscall.h b/linux-user/arm/target_syscall.h index 0879b4d4a8..94e2a42cb2 100644 --- a/linux-user/arm/target_syscall.h +++ b/linux-user/arm/target_syscall.h @@ -32,6 +32,7 @@ struct target_pt_regs { #define TARGET_MINSIGSTKSZ 2048 #define TARGET_MLOCKALL_MCL_CURRENT 1 #define TARGET_MLOCKALL_MCL_FUTURE 2 +#define TARGET_WANT_OLD_SYS_SELECT #define TARGET_FORCE_SHMLBA diff --git a/linux-user/i386/target_syscall.h b/linux-user/i386/target_syscall.h index b4e895fd9c..2854758134 100644 --- a/linux-user/i386/target_syscall.h +++ b/linux-user/i386/target_syscall.h @@ -153,5 +153,6 @@ struct target_vm86plus_struct { #define TARGET_MINSIGSTKSZ 2048 #define TARGET_MLOCKALL_MCL_CURRENT 1 #define TARGET_MLOCKALL_MCL_FUTURE 2 +#define TARGET_WANT_OLD_SYS_SELECT #endif /* I386_TARGET_SYSCALL_H */ diff --git a/linux-user/m68k/target_syscall.h b/linux-user/m68k/target_syscall.h index db2be4f101..632ee4fcf8 100644 --- a/linux-user/m68k/target_syscall.h +++ b/linux-user/m68k/target_syscall.h @@ -24,6 +24,8 @@ struct target_pt_regs { #define TARGET_MLOCKALL_MCL_CURRENT 1 #define TARGET_MLOCKALL_MCL_FUTURE 2 +#define TARGET_WANT_OLD_SYS_SELECT + void do_m68k_simcall(CPUM68KState *, int); #endif /* M68K_TARGET_SYSCALL_H */ diff --git a/linux-user/microblaze/target_syscall.h b/linux-user/microblaze/target_syscall.h index 0b6980c899..4141cbaa5e 100644 --- a/linux-user/microblaze/target_syscall.h +++ b/linux-user/microblaze/target_syscall.h @@ -53,4 +53,6 @@ struct target_pt_regs { #define TARGET_MLOCKALL_MCL_CURRENT 1 #define TARGET_MLOCKALL_MCL_FUTURE 2 +#define TARGET_WANT_NI_OLD_SELECT + #endif diff --git a/linux-user/openrisc/syscall_nr.h b/linux-user/openrisc/syscall_nr.h index 6b1c7d265e..04059d020c 100644 --- a/linux-user/openrisc/syscall_nr.h +++ b/linux-user/openrisc/syscall_nr.h @@ -459,8 +459,6 @@ #define TARGET_NR_getdents 1065 #define __ARCH_WANT_SYS_GETDENTS #define TARGET_NR_futimesat 1066 -#define TARGET_NR_select 1067 -#define __ARCH_WANT_SYS_SELECT #define TARGET_NR_poll 1068 #define TARGET_NR_epoll_wait 1069 #define TARGET_NR_ustat 1070 diff --git a/linux-user/ppc/target_syscall.h b/linux-user/ppc/target_syscall.h index a8662f4856..afc0570410 100644 --- a/linux-user/ppc/target_syscall.h +++ b/linux-user/ppc/target_syscall.h @@ -74,5 +74,6 @@ struct target_revectored_struct { #define TARGET_MINSIGSTKSZ 2048 #define TARGET_MLOCKALL_MCL_CURRENT 0x2000 #define TARGET_MLOCKALL_MCL_FUTURE 0x4000 +#define TARGET_WANT_NI_OLD_SELECT #endif /* PPC_TARGET_SYSCALL_H */ diff --git a/linux-user/sh4/syscall_nr.h b/linux-user/sh4/syscall_nr.h index 50099846d2..e99f73589d 100644 --- a/linux-user/sh4/syscall_nr.h +++ b/linux-user/sh4/syscall_nr.h @@ -84,7 +84,7 @@ #define TARGET_NR_settimeofday 79 #define TARGET_NR_getgroups 80 #define TARGET_NR_setgroups 81 -#define TARGET_NR_select 82 + /* 82 was sys_oldselect */ #define TARGET_NR_symlink 83 #define TARGET_NR_oldlstat 84 #define TARGET_NR_readlink 85 diff --git a/linux-user/syscall.c b/linux-user/syscall.c index d7e4d9ff2f..7aa2c1d720 100644 --- a/linux-user/syscall.c +++ b/linux-user/syscall.c @@ -1444,6 +1444,29 @@ static abi_long do_select(int n, return ret; } + +#if defined(TARGET_WANT_OLD_SYS_SELECT) +static abi_long do_old_select(abi_ulong arg1) +{ + struct target_sel_arg_struct *sel; + abi_ulong inp, outp, exp, tvp; + long nsel; + + if (!lock_user_struct(VERIFY_READ, sel, arg1, 1)) { + return -TARGET_EFAULT; + } + + nsel = tswapal(sel->n); + inp = tswapal(sel->inp); + outp = tswapal(sel->outp); + exp = tswapal(sel->exp); + tvp = tswapal(sel->tvp); + + unlock_user_struct(sel, arg1, 0); + + return do_select(nsel, inp, outp, exp, tvp); +} +#endif #endif static abi_long do_pipe2(int host_pipe[], int flags) @@ -8668,24 +8691,15 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, break; #if defined(TARGET_NR_select) case TARGET_NR_select: -#if defined(TARGET_S390X) || defined(TARGET_ALPHA) - ret = do_select(arg1, arg2, arg3, arg4, arg5); +#if defined(TARGET_WANT_NI_OLD_SELECT) + /* some architectures used to have old_select here + * but now ENOSYS it. + */ + ret = -TARGET_ENOSYS; +#elif defined(TARGET_WANT_OLD_SYS_SELECT) + ret = do_old_select(arg1); #else - { - struct target_sel_arg_struct *sel; - abi_ulong inp, outp, exp, tvp; - long nsel; - - if (!lock_user_struct(VERIFY_READ, sel, arg1, 1)) - goto efault; - nsel = tswapal(sel->n); - inp = tswapal(sel->inp); - outp = tswapal(sel->outp); - exp = tswapal(sel->exp); - tvp = tswapal(sel->tvp); - unlock_user_struct(sel, arg1, 0); - ret = do_select(nsel, inp, outp, exp, tvp); - } + ret = do_select(arg1, arg2, arg3, arg4, arg5); #endif break; #endif diff --git a/linux-user/tilegx/syscall_nr.h b/linux-user/tilegx/syscall_nr.h index 8e30cd1ae9..c104b94230 100644 --- a/linux-user/tilegx/syscall_nr.h +++ b/linux-user/tilegx/syscall_nr.h @@ -311,7 +311,6 @@ #define TARGET_NR_creat 1064 #define TARGET_NR_getdents 1065 #define TARGET_NR_futimesat 1066 -#define TARGET_NR_select 1067 #define TARGET_NR_poll 1068 #define TARGET_NR_epoll_wait 1069 #define TARGET_NR_ustat 1070 -- cgit v1.2.3-55-g7522