linux-user/syscall.c: Prevent acquiring clone_lock while fork()

By the spec, fork() copies only the thread which executes it.
So it may happen, what while one thread is doing a fork,
another thread

linux-user/syscall.c: Prevent acquiring clone_lock while fork()

By the spec, fork() copies only the thread which executes it.
So it may happen, what while one thread is doing a fork,
another thread is holding `clone_lock` mutex
(e.g. doing a `fork()` or `exit()`).
So the child process is born with the mutex being held,
and there are nobody to release it.

As the thread executing do_syscall() is not considered running,
start_exclusive() does not protect us from the case.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3226
Signed-off-by: Aleksandr Sergeev <sergeev0xef@gmail.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20260126151612.2176451-1-sergeev0xef@gmail.com>
(cherry picked from commit d22e9aec572396836782e993cb18d598e6012688)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

show more ...

linux-user: fixup termios2 related things on PowerPC

The termios things on PowerPC equal to termios2 things otherwhere.

Use some simple #define's to allow both termios and termios2 to map to
termio

linux-user: fixup termios2 related things on PowerPC

The termios things on PowerPC equal to termios2 things otherwhere.

Use some simple #define's to allow both termios and termios2 to map to
termios on PowerPC.

Signed-off-by: Icenowy Zheng <uwu@icenowy.me>
Link: https://github.com/AOSC-Dev/aosc-os-abbs/blob/8d77eeaa76e9b159c3f35adaf73c875751aa7d17/app-virtualization/qemu/01-shared/patches/0005-AOSCOS-linux-user-fixup-termios2-related-things-on-P.patch
Link: https://lore.kernel.org/qemu-devel/4403eb94ddbb2934f1f75d94ce921f0f1078ad9f.camel@icenowy.me
Reviewed-by: Helge Deller <deller@gmx.de>
(cherry picked from commit d68f0e2e906939bef076d0cd52f902d433c8c3da)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

show more ...

linux-user: Add missing termios baud rates

Add several missing baud rates and inputs baud rates in cflag_tbl.

Add these missing definitions in termbits.h:

- TARGET_BOTHER for alpha, hppa, ppc, sh4

linux-user: Add missing termios baud rates

Add several missing baud rates and inputs baud rates in cflag_tbl.

Add these missing definitions in termbits.h:

- TARGET_BOTHER for alpha, hppa, ppc, sh4, sparc
- TARGET_IBSHIFT for hppa, mips, ppc, sh4, sparc
- Missing standard baud rates for hppa

These are required for the glibc test tst-termios-linux.

Link: https://lore.kernel.org/qemu-devel/20251203-linux-user-higher-baud-rates-v2-1-e45b35224437@iscas.ac.cn
Signed-off-by: Vivian Wang <wangruikang@iscas.ac.cn>
Reviewed-by: Helge Deller <deller@gmx.de>
(cherry picked from commit 4f22fcb5c67f40a36e6654f6cfaee23f9f9e93d1)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

show more ...

linux-user: Add termios2 support to sparc target

Signed-off-by: Luca Bonissi <qemu@bonslack.org>
Link: https://lore.kernel.org/qemu-devel/909d9d68-c6fe-4368-825c-6aa8fdbd3bbc@bonslack.org
Reviewed-b

linux-user: Add termios2 support to sparc target

Signed-off-by: Luca Bonissi <qemu@bonslack.org>
Link: https://lore.kernel.org/qemu-devel/909d9d68-c6fe-4368-825c-6aa8fdbd3bbc@bonslack.org
Reviewed-by: Helge Deller <deller@gmx.de>
(cherry picked from commit 947b971cad90375040f399899909a3f1f32b483f)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

show more ...

linux-user: Add termios2 support to sh4 target

Signed-off-by: Luca Bonissi <qemu@bonslack.org>
Link: https://lore.kernel.org/qemu-devel/642b32de-2985-45d2-bbdf-c0b2e3ea0551@bonslack.org
Reviewed-by:

linux-user: Add termios2 support to sh4 target

Signed-off-by: Luca Bonissi <qemu@bonslack.org>
Link: https://lore.kernel.org/qemu-devel/642b32de-2985-45d2-bbdf-c0b2e3ea0551@bonslack.org
Reviewed-by: Helge Deller <deller@gmx.de>
(cherry picked from commit afbe0ff81c29d674b9c18a588bcaab34ddcb8a7b)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

show more ...

linux-user: Add termios2 support to mips target

Signed-off-by: Luca Bonissi <qemu@bonslack.org>
Link: https://lore.kernel.org/qemu-devel/361aa9c5-4464-4d27-8a2c-9ab767324530@bonslack.org
Reviewed-by

linux-user: Add termios2 support to mips target

Signed-off-by: Luca Bonissi <qemu@bonslack.org>
Link: https://lore.kernel.org/qemu-devel/361aa9c5-4464-4d27-8a2c-9ab767324530@bonslack.org
Reviewed-by: Helge Deller <deller@gmx.de>
(cherry picked from commit edf9184f4feb691b0f70dc544443db2380891598)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

show more ...

linux-user: Add termios2 support to hppa target

Signed-off-by: Luca Bonissi <qemu@bonslack.org>
Link: https://lore.kernel.org/qemu-devel/ccf1be5c-9e2e-46f6-b303-d29888371fb0@bonslack.org
Reviewed-by

linux-user: Add termios2 support to hppa target

Signed-off-by: Luca Bonissi <qemu@bonslack.org>
Link: https://lore.kernel.org/qemu-devel/ccf1be5c-9e2e-46f6-b303-d29888371fb0@bonslack.org
Reviewed-by: Helge Deller <deller@gmx.de>
(cherry picked from commit edc741710acedd61011f937967b960d154794258)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

show more ...

linux-user: Add termios2 support to alpha target

Signed-off-by: Luca Bonissi <qemu@bonslack.org>
Link: https://lore.kernel.org/qemu-devel/02dba951-1bcf-4c74-8a6a-f4f4aa5ce909@bonslack.org
Reviewed-b

linux-user: Add termios2 support to alpha target

Signed-off-by: Luca Bonissi <qemu@bonslack.org>
Link: https://lore.kernel.org/qemu-devel/02dba951-1bcf-4c74-8a6a-f4f4aa5ce909@bonslack.org
Reviewed-by: Helge Deller <deller@gmx.de>
(cherry picked from commit 8d8c6aeee8599a099e49ec4411f3d1e087ae40ad)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

show more ...

linux-user: Add termios2 support

Signed-off-by: Luca Bonissi <qemu@bonslack.org>
Link: https://lore.kernel.org/qemu-devel/745f18b6-ee62-4903-9a56-dcb903b610cf@bonslack.org
Reviewed-by: Helge Deller

linux-user: Add termios2 support

Signed-off-by: Luca Bonissi <qemu@bonslack.org>
Link: https://lore.kernel.org/qemu-devel/745f18b6-ee62-4903-9a56-dcb903b610cf@bonslack.org
Reviewed-by: Helge Deller <deller@gmx.de>
Tested-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
(cherry picked from commit e9a8a10e84c1bf6e2e8be000e4dd5c83ba0d8470)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

show more ...

linux-user/aarch64/target_fcntl.h: add missing TARGET_O_LARGEFILE definition

This caused a failure with program using openat2, where O_LARGEFILE was
replaced by O_NOFOLLOW.
This issue is only visibl

linux-user/aarch64/target_fcntl.h: add missing TARGET_O_LARGEFILE definition

This caused a failure with program using openat2, where O_LARGEFILE was
replaced by O_NOFOLLOW.
This issue is only visible when QEMU is compiled with musl libc, where
O_LARGEFILE is different from 0 (vs glibc).

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3262
Cc: qemu-stable@nongnu.org
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit 83017c4aaa9e3ef80161443019764196dffdb654)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

show more ...

linux-user: fix reserved_va page leak in do_munmap

The old logic had an off-by-one bug. For instance, assuming 4k pages on
host and guest, if 'len' is '4097' (indicating to unmap 2 pages), then
'las

linux-user: fix reserved_va page leak in do_munmap

The old logic had an off-by-one bug. For instance, assuming 4k pages on
host and guest, if 'len' is '4097' (indicating to unmap 2 pages), then
'last = start + 4096', so 'real_last = start + 4095', so ultimately
'real_len = 4096'. I do not believe this could cause any observable bugs
in guests, because `target_munmap` page-aligns the length it passes in.
However, calls to this function in `target_mremap` do not page-align the
length, so those calls could "drop" pages, leading to a part of the
reserved region becoming unmapped. At worst, a host allocation could get
mapped into that hole, then clobbered by a new guest mapping.

Signed-off-by: Matthew Lugg <mlugg@mlugg.co.uk>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20251117170954.31451-4-mlugg@mlugg.co.uk>
(cherry picked from commit 81ceab30492ed251addae8539f7b69a069b0f984)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

show more ...

linux-user: fix mremap errors for invalid ranges

If an address range given to `mremap` is invalid (exceeds addressing
bounds on the guest), we were previously returning `ENOMEM`, which is
not correc

linux-user: fix mremap errors for invalid ranges

If an address range given to `mremap` is invalid (exceeds addressing
bounds on the guest), we were previously returning `ENOMEM`, which is
not correct. The manpage and the Linux kernel implementation both agree
that if `old_addr`/`old_size` refer to an invalid address, `EFAULT` is
returned, and if `new_addr`/`new_size` refer to an invalid address,
`EINVAL` is returned.

Signed-off-by: Matthew Lugg <mlugg@mlugg.co.uk>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20251117170954.31451-3-mlugg@mlugg.co.uk>
(cherry picked from commit 2422884ec5a12037d2378f45ca1411d3f37c7081)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

show more ...

linux-user: fix mremap unmapping adjacent region

This typo meant that calls to `mremap` which shrink a mapping by some N
bytes would, when the virtual address space was pre-reserved (e.g.
32-bit gue

linux-user: fix mremap unmapping adjacent region

This typo meant that calls to `mremap` which shrink a mapping by some N
bytes would, when the virtual address space was pre-reserved (e.g.
32-bit guest on 64-bit host), unmap the N bytes following the *original*
mapping.

Signed-off-by: Matthew Lugg <mlugg@mlugg.co.uk>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20251117170954.31451-2-mlugg@mlugg.co.uk>
(cherry picked from commit aaed9ca1797d70a507371aea688c5cd60b074e2d)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

show more ...

linux-user/elfload.c: Correction to HWCAP2 accessor

get_elf_hwcap was used when get_elf_hwcap2 should have been.

Cc: qemu-stable@nongnu.org
Fixes: fcac98d0ba8b ("linux-user: Remove ELF_HWCAP2")
Res

linux-user/elfload.c: Correction to HWCAP2 accessor

get_elf_hwcap was used when get_elf_hwcap2 should have been.

Cc: qemu-stable@nongnu.org
Fixes: fcac98d0ba8b ("linux-user: Remove ELF_HWCAP2")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3259
Signed-off-by: Jim MacArthur <jim.macarthur@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20260106-fix-hwcap2-sve2-v1-1-1d70dff63370@linaro.org>
(cherry picked from commit c333f9c4ee212297f3b9a8a6ef62396a63c48e61)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

show more ...

linux-user: allow null `pathname` for statx()/fstatat()

Since Linux 6.11, the path argument may be NULL.

Before this patch, qemu-*-linux-user failed with EFAULT when `pathname` was
specified as NUL

linux-user: allow null `pathname` for statx()/fstatat()

Since Linux 6.11, the path argument may be NULL.

Before this patch, qemu-*-linux-user failed with EFAULT when `pathname` was
specified as NULL, even for Linux kernel hosts > 6.10. This patch fixes this
issue by checking whether `arg2` is 0. If so, don't return EFAULT, but instead
perform the appropiate syscall and let the host's kernel handle null `pathname`.

Cc: qemu-stable@nongnu.org
Signed-off-by: Jean-Christian CÎRSTEA <jean.christian.cirstea@gmail.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20251229121416.2209295-1-jean.christian.cirstea@gmail.com>
(cherry picked from commit 82ae60c8b5cb98d610056a1e2d0ba72e9ef7907c)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

show more ...

linux-user: permit sendto() with NULL buf and 0 len

If you pass sendto() a NULL buffer, this is usually an error
(causing an EFAULT return); however if you pass a 0 length then
we should not try to

linux-user: permit sendto() with NULL buf and 0 len

If you pass sendto() a NULL buffer, this is usually an error
(causing an EFAULT return); however if you pass a 0 length then
we should not try to validate the buffer provided. Instead we
skip the copying of the user data and possible processing
through fd_trans_target_to_host_data, and call the host syscall
with NULL, 0.

(unlock_user() permits a NULL buffer pointer for "do nothing"
so we don't need to special case the unlock code.)

Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3102
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20251028142001.3011630-1-peter.maydell@linaro.org>

show more ...

linux-user: Use correct type for FIBMAP and FIGETBSZ emulation

Both the FIBMAP and FIGETBSZ ioctl get "int *" (pointer to 32bit
integer) as argument, not "long *" as specified in qemu. Using the
co

linux-user: Use correct type for FIBMAP and FIGETBSZ emulation

Both the FIBMAP and FIGETBSZ ioctl get "int *" (pointer to 32bit
integer) as argument, not "long *" as specified in qemu. Using the
correct type makes the emulation work in cross endian context.

Both ioctl does not seem to be documented. However the kernel
implementation has always used "int *".

Signed-off-by: Bastian Blank <waldi@debian.org>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3185
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Helge Deller <deller@gmx.de>
Reviwed-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>

show more ...

linux-user/hexagon: Use an array for GPRs

Link: https://lore.kernel.org/qemu-devel/023e01dc389c$faf84320$f0e8c960$@gmail.com/
Suggested-by: Taylor Simpson <ltaylorsimpson@gmail.com>
Reviewed-by: Tay

linux-user/hexagon: Use an array for GPRs

Link: https://lore.kernel.org/qemu-devel/023e01dc389c$faf84320$f0e8c960$@gmail.com/
Suggested-by: Taylor Simpson <ltaylorsimpson@gmail.com>
Reviewed-by: Taylor Simpson <ltaylorsimpson@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Brian Cain <brian.cain@oss.qualcomm.com>

show more ...

linux-user/hexagon: use abi_ulong

Change the user_regs_struct to use abi_ulong instead of
target_ulong.

Link: https://lore.kernel.org/qemu-devel/7bf3d8c5-df07-4cbd-ba62-4c7246a5f96b@linaro.org/
Sug

linux-user/hexagon: use abi_ulong

Change the user_regs_struct to use abi_ulong instead of
target_ulong.

Link: https://lore.kernel.org/qemu-devel/7bf3d8c5-df07-4cbd-ba62-4c7246a5f96b@linaro.org/
Suggested-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Taylor Simpson <ltaylorsimpson@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Brian Cain <brian.cain@oss.qualcomm.com>

show more ...

linux-user/hexagon: Fix sigcontext

In order to correspond with the kernel, we've now (1) moved the
preds[] to the right offset and combined the representation as a single
ulong "p3_0", (2), added th

linux-user/hexagon: Fix sigcontext

In order to correspond with the kernel, we've now (1) moved the
preds[] to the right offset and combined the representation as a single
ulong "p3_0", (2), added the cs{0,1} registers, (3) added a pad for 48
words, (4) added the user regs structure to an 8-byte aligned
target_sigcontext structure.

Co-authored-by: Alex Rønne Petersen <alex@alexrp.com>
Reviewed-by: Taylor Simpson <ltaylorsimpson@gmail.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Brian Cain <brian.cain@oss.qualcomm.com>

show more ...

linux-user/microblaze: Fix little-endianness binary

MicroBlaze CPU model has a "little-endian" property, pointing to
the @endi internal field. Commit c36ec3a9655 ("hw/microblaze:
Explicit CPU endian

linux-user/microblaze: Fix little-endianness binary

MicroBlaze CPU model has a "little-endian" property, pointing to
the @endi internal field. Commit c36ec3a9655 ("hw/microblaze:
Explicit CPU endianness") took care of having all MicroBlaze
boards with an explicit default endianness, so later commit
415aae543ed ("target/microblaze: Consider endianness while
translating code") could infer the endianness at runtime from
the @endi field, and not a compile time via the TARGET_BIG_ENDIAN
definition. Doing so, we forgot to make the endianness explicit
on user emulation, so there all CPUs are started with the default
"little-endian=off" value, leading to breaking support for little
endian binaries:

$ readelf -h ./hello-world-mbel
ELF Header:
Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
Class: ELF32
Data: 2's complement, little endian

$ qemu-microblazeel ./hello-world-mbel
qemu: uncaught target signal 11 (Segmentation fault) - core dumped
Segmentation fault (core dumped)

Fix by restoring the previous behavior of starting with the
builtin endianness of the binary:

$ qemu-microblazeel ./hello-world-mbel
Hello World

Cc: qemu-stable@nongnu.org
Fixes: 415aae543ed ("target/microblaze: Consider endianness while translating code")
Reported-by: Edgar E. Iglesias <edgar.iglesias@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar.iglesias@amd.com>
Message-Id: <20251006173350.17455-1-philmd@linaro.org>

show more ...

linux-user: Support MADV_DONTDUMP, MADV_DODUMP

Set and clear PAGE_DONTDUMP, and honor that in vma_dump_size.

Signed-off-by: Jon Wilson <jonwilson030981@gmail.com>
[rth: Use new page_set_flags seman

linux-user: Support MADV_DONTDUMP, MADV_DODUMP

Set and clear PAGE_DONTDUMP, and honor that in vma_dump_size.

Signed-off-by: Jon Wilson <jonwilson030981@gmail.com>
[rth: Use new page_set_flags semantics; also handle DODUMP]
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

accel/tcg: Add clear_flags argument to page_set_flags

Expand the interface of page_set_flags to separate the
set of flags to be set and the set of flags to be cleared.

This allows us to replace PAG

accel/tcg: Add clear_flags argument to page_set_flags

Expand the interface of page_set_flags to separate the
set of flags to be set and the set of flags to be cleared.

This allows us to replace PAGE_RESET with the PAGE_VALID
bit within clear_flags.

Replace PAGE_TARGET_STICKY with TARGET_PAGE_NOTSTICKY;
aarch64-linux-user is the only user.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

show more ...

linux-user/aarch64: Enable GCS in HWCAP

Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20251008215613.300150-

linux-user/aarch64: Enable GCS in HWCAP

Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20251008215613.300150-71-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...

linux-user/aarch64: Generate GCS signal records

Here we must push and pop a cap on the GCS stack as
well as the gcs record on the normal stack.

Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linar

linux-user/aarch64: Generate GCS signal records

Here we must push and pop a cap on the GCS stack as
well as the gcs record on the normal stack.

Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20251008215613.300150-70-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

show more ...