[Qemu-devel] [PATCH] linux-user: fix ipc(SEMCTL, ...) argument handling

[Paul Burton]

The ptr argument to the ipc syscall was incorrectly being used as the
value of the argument union for the SEMCTL call. It is actually, as its
name would suggest, a pointer to that union. Fix by dereferencing the
pointer to obtain the target argument union.

This fixes fakeroot, or at least version 1.20 for the MIPS target.
Previously it would hang waiting on a semaphore which was not being
initialised to the correct value.

Signed-off-by: Paul Burton <address@hidden>
---
 linux-user/syscall.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 92be371..c70d9d0 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -3272,8 +3272,16 @@ static abi_long do_ipc(unsigned int call, int first,
         ret = get_errno(semget(first, second, third));
         break;
 
-    case IPCOP_semctl:
-        ret = do_semctl(first, second, third, (union target_semun)(abi_ulong) 
ptr);
+    case IPCOP_semctl: {
+            union target_semun *arg;
+
+            if (!lock_user_struct(VERIFY_READ, arg, ptr, 1)) {
+                return -TARGET_EFAULT;
+            }
+
+            ret = do_semctl(first, second, third, *arg);
+            unlock_user_struct(arg, ptr, 0);
+        }
         break;
 
     case IPCOP_msgget:
-- 
2.0.0