27 lines
872 B
Diff
27 lines
872 B
Diff
|
Index: qemu/linux-user/syscall.c
|
||
|
|
===================================================================
|
||
|
|
--- qemu.orig/linux-user/syscall.c
|
||
|
|
+++ qemu/linux-user/syscall.c
|
||
|
|
@@ -1573,9 +1732,19 @@ static long do_ipc(long call, long first
|
||
|
|
|
||
|
|
switch (call) {
|
||
|
|
case IPCOP_semop:
|
||
|
|
- ret = get_errno(semop(first,(struct sembuf *) ptr, second));
|
||
|
|
+ {
|
||
|
|
+ struct sembuf *target_sops;
|
||
|
|
+ int i;
|
||
|
|
+ lock_user_struct(target_sops, ptr, 0);
|
||
|
|
+ for(i=0; i<second; i++) {
|
||
|
|
+ target_sops[i].sem_num = tswap16(target_sops[i].sem_num);
|
||
|
|
+ target_sops[i].sem_op = tswap16(target_sops[i].sem_op);
|
||
|
|
+ target_sops[i].sem_flg = tswap16(target_sops[i].sem_flg);
|
||
|
|
+ }
|
||
|
|
+ ret = get_errno(semop(first, target_sops, second));
|
||
|
|
+ unlock_user_struct(target_sops, ptr, 0);
|
||
|
|
break;
|
||
|
|
-
|
||
|
|
+ }
|
||
|
|
case IPCOP_semget:
|
||
|
|
ret = get_errno(semget(first, second, third));
|
||
|
|
break;
|