xref: /openbmc/qemu/linux-user/syscall.c (revision 0ed93f4c)
1 /*
2  *  Linux syscalls
3  *
4  *  Copyright (c) 2003 Fabrice Bellard
5  *
6  *  This program is free software; you can redistribute it and/or modify
7  *  it under the terms of the GNU General Public License as published by
8  *  the Free Software Foundation; either version 2 of the License, or
9  *  (at your option) any later version.
10  *
11  *  This program is distributed in the hope that it will be useful,
12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  *  GNU General Public License for more details.
15  *
16  *  You should have received a copy of the GNU General Public License
17  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
18  */
19 #define _ATFILE_SOURCE
20 #include "qemu/osdep.h"
21 #include "qemu/cutils.h"
22 #include "qemu/path.h"
23 #include "qemu/memfd.h"
24 #include "qemu/queue.h"
25 #include <elf.h>
26 #include <endian.h>
27 #include <grp.h>
28 #include <sys/ipc.h>
29 #include <sys/msg.h>
30 #include <sys/wait.h>
31 #include <sys/mount.h>
32 #include <sys/file.h>
33 #include <sys/fsuid.h>
34 #include <sys/personality.h>
35 #include <sys/prctl.h>
36 #include <sys/resource.h>
37 #include <sys/swap.h>
38 #include <linux/capability.h>
39 #include <sched.h>
40 #include <sys/timex.h>
41 #include <sys/socket.h>
42 #include <linux/sockios.h>
43 #include <sys/un.h>
44 #include <sys/uio.h>
45 #include <poll.h>
46 #include <sys/times.h>
47 #include <sys/shm.h>
48 #include <sys/sem.h>
49 #include <sys/statfs.h>
50 #include <utime.h>
51 #include <sys/sysinfo.h>
52 #include <sys/signalfd.h>
53 //#include <sys/user.h>
54 #include <netinet/ip.h>
55 #include <netinet/tcp.h>
56 #include <linux/wireless.h>
57 #include <linux/icmp.h>
58 #include <linux/icmpv6.h>
59 #include <linux/errqueue.h>
60 #include <linux/random.h>
61 #ifdef CONFIG_TIMERFD
62 #include <sys/timerfd.h>
63 #endif
64 #ifdef CONFIG_EVENTFD
65 #include <sys/eventfd.h>
66 #endif
67 #ifdef CONFIG_EPOLL
68 #include <sys/epoll.h>
69 #endif
70 #ifdef CONFIG_ATTR
71 #include "qemu/xattr.h"
72 #endif
73 #ifdef CONFIG_SENDFILE
74 #include <sys/sendfile.h>
75 #endif
76 #ifdef CONFIG_KCOV
77 #include <sys/kcov.h>
78 #endif
79 
80 #define termios host_termios
81 #define winsize host_winsize
82 #define termio host_termio
83 #define sgttyb host_sgttyb /* same as target */
84 #define tchars host_tchars /* same as target */
85 #define ltchars host_ltchars /* same as target */
86 
87 #include <linux/termios.h>
88 #include <linux/unistd.h>
89 #include <linux/cdrom.h>
90 #include <linux/hdreg.h>
91 #include <linux/soundcard.h>
92 #include <linux/kd.h>
93 #include <linux/mtio.h>
94 #include <linux/fs.h>
95 #include <linux/fd.h>
96 #if defined(CONFIG_FIEMAP)
97 #include <linux/fiemap.h>
98 #endif
99 #include <linux/fb.h>
100 #if defined(CONFIG_USBFS)
101 #include <linux/usbdevice_fs.h>
102 #include <linux/usb/ch9.h>
103 #endif
104 #include <linux/vt.h>
105 #include <linux/dm-ioctl.h>
106 #include <linux/reboot.h>
107 #include <linux/route.h>
108 #include <linux/filter.h>
109 #include <linux/blkpg.h>
110 #include <netpacket/packet.h>
111 #include <linux/netlink.h>
112 #include <linux/if_alg.h>
113 #include <linux/rtc.h>
114 #include <sound/asound.h>
115 #ifdef CONFIG_BTRFS
116 #include <linux/btrfs.h>
117 #endif
118 #ifdef HAVE_DRM_H
119 #include <libdrm/drm.h>
120 #include <libdrm/i915_drm.h>
121 #endif
122 #include "linux_loop.h"
123 #include "uname.h"
124 
125 #include "qemu.h"
126 #include "qemu/guest-random.h"
127 #include "qemu/selfmap.h"
128 #include "user/syscall-trace.h"
129 #include "qapi/error.h"
130 #include "fd-trans.h"
131 #include "tcg/tcg.h"
132 
133 #ifndef CLONE_IO
134 #define CLONE_IO                0x80000000      /* Clone io context */
135 #endif
136 
137 /* We can't directly call the host clone syscall, because this will
138  * badly confuse libc (breaking mutexes, for example). So we must
139  * divide clone flags into:
140  *  * flag combinations that look like pthread_create()
141  *  * flag combinations that look like fork()
142  *  * flags we can implement within QEMU itself
143  *  * flags we can't support and will return an error for
144  */
145 /* For thread creation, all these flags must be present; for
146  * fork, none must be present.
147  */
148 #define CLONE_THREAD_FLAGS                              \
149     (CLONE_VM | CLONE_FS | CLONE_FILES |                \
150      CLONE_SIGHAND | CLONE_THREAD | CLONE_SYSVSEM)
151 
152 /* These flags are ignored:
153  * CLONE_DETACHED is now ignored by the kernel;
154  * CLONE_IO is just an optimisation hint to the I/O scheduler
155  */
156 #define CLONE_IGNORED_FLAGS                     \
157     (CLONE_DETACHED | CLONE_IO)
158 
159 /* Flags for fork which we can implement within QEMU itself */
160 #define CLONE_OPTIONAL_FORK_FLAGS               \
161     (CLONE_SETTLS | CLONE_PARENT_SETTID |       \
162      CLONE_CHILD_CLEARTID | CLONE_CHILD_SETTID)
163 
164 /* Flags for thread creation which we can implement within QEMU itself */
165 #define CLONE_OPTIONAL_THREAD_FLAGS                             \
166     (CLONE_SETTLS | CLONE_PARENT_SETTID |                       \
167      CLONE_CHILD_CLEARTID | CLONE_CHILD_SETTID | CLONE_PARENT)
168 
169 #define CLONE_INVALID_FORK_FLAGS                                        \
170     (~(CSIGNAL | CLONE_OPTIONAL_FORK_FLAGS | CLONE_IGNORED_FLAGS))
171 
172 #define CLONE_INVALID_THREAD_FLAGS                                      \
173     (~(CSIGNAL | CLONE_THREAD_FLAGS | CLONE_OPTIONAL_THREAD_FLAGS |     \
174        CLONE_IGNORED_FLAGS))
175 
176 /* CLONE_VFORK is special cased early in do_fork(). The other flag bits
177  * have almost all been allocated. We cannot support any of
178  * CLONE_NEWNS, CLONE_NEWCGROUP, CLONE_NEWUTS, CLONE_NEWIPC,
179  * CLONE_NEWUSER, CLONE_NEWPID, CLONE_NEWNET, CLONE_PTRACE, CLONE_UNTRACED.
180  * The checks against the invalid thread masks above will catch these.
181  * (The one remaining unallocated bit is 0x1000 which used to be CLONE_PID.)
182  */
183 
184 /* Define DEBUG_ERESTARTSYS to force every syscall to be restarted
185  * once. This exercises the codepaths for restart.
186  */
187 //#define DEBUG_ERESTARTSYS
188 
189 //#include <linux/msdos_fs.h>
190 #define	VFAT_IOCTL_READDIR_BOTH		_IOR('r', 1, struct linux_dirent [2])
191 #define	VFAT_IOCTL_READDIR_SHORT	_IOR('r', 2, struct linux_dirent [2])
192 
193 #undef _syscall0
194 #undef _syscall1
195 #undef _syscall2
196 #undef _syscall3
197 #undef _syscall4
198 #undef _syscall5
199 #undef _syscall6
200 
201 #define _syscall0(type,name)		\
202 static type name (void)			\
203 {					\
204 	return syscall(__NR_##name);	\
205 }
206 
207 #define _syscall1(type,name,type1,arg1)		\
208 static type name (type1 arg1)			\
209 {						\
210 	return syscall(__NR_##name, arg1);	\
211 }
212 
213 #define _syscall2(type,name,type1,arg1,type2,arg2)	\
214 static type name (type1 arg1,type2 arg2)		\
215 {							\
216 	return syscall(__NR_##name, arg1, arg2);	\
217 }
218 
219 #define _syscall3(type,name,type1,arg1,type2,arg2,type3,arg3)	\
220 static type name (type1 arg1,type2 arg2,type3 arg3)		\
221 {								\
222 	return syscall(__NR_##name, arg1, arg2, arg3);		\
223 }
224 
225 #define _syscall4(type,name,type1,arg1,type2,arg2,type3,arg3,type4,arg4)	\
226 static type name (type1 arg1,type2 arg2,type3 arg3,type4 arg4)			\
227 {										\
228 	return syscall(__NR_##name, arg1, arg2, arg3, arg4);			\
229 }
230 
231 #define _syscall5(type,name,type1,arg1,type2,arg2,type3,arg3,type4,arg4,	\
232 		  type5,arg5)							\
233 static type name (type1 arg1,type2 arg2,type3 arg3,type4 arg4,type5 arg5)	\
234 {										\
235 	return syscall(__NR_##name, arg1, arg2, arg3, arg4, arg5);		\
236 }
237 
238 
239 #define _syscall6(type,name,type1,arg1,type2,arg2,type3,arg3,type4,arg4,	\
240 		  type5,arg5,type6,arg6)					\
241 static type name (type1 arg1,type2 arg2,type3 arg3,type4 arg4,type5 arg5,	\
242                   type6 arg6)							\
243 {										\
244 	return syscall(__NR_##name, arg1, arg2, arg3, arg4, arg5, arg6);	\
245 }
246 
247 
248 #define __NR_sys_uname __NR_uname
249 #define __NR_sys_getcwd1 __NR_getcwd
250 #define __NR_sys_getdents __NR_getdents
251 #define __NR_sys_getdents64 __NR_getdents64
252 #define __NR_sys_getpriority __NR_getpriority
253 #define __NR_sys_rt_sigqueueinfo __NR_rt_sigqueueinfo
254 #define __NR_sys_rt_tgsigqueueinfo __NR_rt_tgsigqueueinfo
255 #define __NR_sys_syslog __NR_syslog
256 #if defined(__NR_futex)
257 # define __NR_sys_futex __NR_futex
258 #endif
259 #if defined(__NR_futex_time64)
260 # define __NR_sys_futex_time64 __NR_futex_time64
261 #endif
262 #define __NR_sys_inotify_init __NR_inotify_init
263 #define __NR_sys_inotify_add_watch __NR_inotify_add_watch
264 #define __NR_sys_inotify_rm_watch __NR_inotify_rm_watch
265 #define __NR_sys_statx __NR_statx
266 
267 #if defined(__alpha__) || defined(__x86_64__) || defined(__s390x__)
268 #define __NR__llseek __NR_lseek
269 #endif
270 
271 /* Newer kernel ports have llseek() instead of _llseek() */
272 #if defined(TARGET_NR_llseek) && !defined(TARGET_NR__llseek)
273 #define TARGET_NR__llseek TARGET_NR_llseek
274 #endif
275 
276 #define __NR_sys_gettid __NR_gettid
277 _syscall0(int, sys_gettid)
278 
279 /* For the 64-bit guest on 32-bit host case we must emulate
280  * getdents using getdents64, because otherwise the host
281  * might hand us back more dirent records than we can fit
282  * into the guest buffer after structure format conversion.
283  * Otherwise we emulate getdents with getdents if the host has it.
284  */
285 #if defined(__NR_getdents) && HOST_LONG_BITS >= TARGET_ABI_BITS
286 #define EMULATE_GETDENTS_WITH_GETDENTS
287 #endif
288 
289 #if defined(TARGET_NR_getdents) && defined(EMULATE_GETDENTS_WITH_GETDENTS)
290 _syscall3(int, sys_getdents, uint, fd, struct linux_dirent *, dirp, uint, count);
291 #endif
292 #if (defined(TARGET_NR_getdents) && \
293       !defined(EMULATE_GETDENTS_WITH_GETDENTS)) || \
294     (defined(TARGET_NR_getdents64) && defined(__NR_getdents64))
295 _syscall3(int, sys_getdents64, uint, fd, struct linux_dirent64 *, dirp, uint, count);
296 #endif
297 #if defined(TARGET_NR__llseek) && defined(__NR_llseek)
298 _syscall5(int, _llseek,  uint,  fd, ulong, hi, ulong, lo,
299           loff_t *, res, uint, wh);
300 #endif
301 _syscall3(int, sys_rt_sigqueueinfo, pid_t, pid, int, sig, siginfo_t *, uinfo)
302 _syscall4(int, sys_rt_tgsigqueueinfo, pid_t, pid, pid_t, tid, int, sig,
303           siginfo_t *, uinfo)
304 _syscall3(int,sys_syslog,int,type,char*,bufp,int,len)
305 #ifdef __NR_exit_group
306 _syscall1(int,exit_group,int,error_code)
307 #endif
308 #if defined(TARGET_NR_set_tid_address) && defined(__NR_set_tid_address)
309 _syscall1(int,set_tid_address,int *,tidptr)
310 #endif
311 #if defined(__NR_futex)
312 _syscall6(int,sys_futex,int *,uaddr,int,op,int,val,
313           const struct timespec *,timeout,int *,uaddr2,int,val3)
314 #endif
315 #if defined(__NR_futex_time64)
316 _syscall6(int,sys_futex_time64,int *,uaddr,int,op,int,val,
317           const struct timespec *,timeout,int *,uaddr2,int,val3)
318 #endif
319 #define __NR_sys_sched_getaffinity __NR_sched_getaffinity
320 _syscall3(int, sys_sched_getaffinity, pid_t, pid, unsigned int, len,
321           unsigned long *, user_mask_ptr);
322 #define __NR_sys_sched_setaffinity __NR_sched_setaffinity
323 _syscall3(int, sys_sched_setaffinity, pid_t, pid, unsigned int, len,
324           unsigned long *, user_mask_ptr);
325 #define __NR_sys_getcpu __NR_getcpu
326 _syscall3(int, sys_getcpu, unsigned *, cpu, unsigned *, node, void *, tcache);
327 _syscall4(int, reboot, int, magic1, int, magic2, unsigned int, cmd,
328           void *, arg);
329 _syscall2(int, capget, struct __user_cap_header_struct *, header,
330           struct __user_cap_data_struct *, data);
331 _syscall2(int, capset, struct __user_cap_header_struct *, header,
332           struct __user_cap_data_struct *, data);
333 #if defined(TARGET_NR_ioprio_get) && defined(__NR_ioprio_get)
334 _syscall2(int, ioprio_get, int, which, int, who)
335 #endif
336 #if defined(TARGET_NR_ioprio_set) && defined(__NR_ioprio_set)
337 _syscall3(int, ioprio_set, int, which, int, who, int, ioprio)
338 #endif
339 #if defined(TARGET_NR_getrandom) && defined(__NR_getrandom)
340 _syscall3(int, getrandom, void *, buf, size_t, buflen, unsigned int, flags)
341 #endif
342 
343 #if defined(TARGET_NR_kcmp) && defined(__NR_kcmp)
344 _syscall5(int, kcmp, pid_t, pid1, pid_t, pid2, int, type,
345           unsigned long, idx1, unsigned long, idx2)
346 #endif
347 
348 /*
349  * It is assumed that struct statx is architecture independent.
350  */
351 #if defined(TARGET_NR_statx) && defined(__NR_statx)
352 _syscall5(int, sys_statx, int, dirfd, const char *, pathname, int, flags,
353           unsigned int, mask, struct target_statx *, statxbuf)
354 #endif
355 #if defined(TARGET_NR_membarrier) && defined(__NR_membarrier)
356 _syscall2(int, membarrier, int, cmd, int, flags)
357 #endif
358 
359 static bitmask_transtbl fcntl_flags_tbl[] = {
360   { TARGET_O_ACCMODE,   TARGET_O_WRONLY,    O_ACCMODE,   O_WRONLY,    },
361   { TARGET_O_ACCMODE,   TARGET_O_RDWR,      O_ACCMODE,   O_RDWR,      },
362   { TARGET_O_CREAT,     TARGET_O_CREAT,     O_CREAT,     O_CREAT,     },
363   { TARGET_O_EXCL,      TARGET_O_EXCL,      O_EXCL,      O_EXCL,      },
364   { TARGET_O_NOCTTY,    TARGET_O_NOCTTY,    O_NOCTTY,    O_NOCTTY,    },
365   { TARGET_O_TRUNC,     TARGET_O_TRUNC,     O_TRUNC,     O_TRUNC,     },
366   { TARGET_O_APPEND,    TARGET_O_APPEND,    O_APPEND,    O_APPEND,    },
367   { TARGET_O_NONBLOCK,  TARGET_O_NONBLOCK,  O_NONBLOCK,  O_NONBLOCK,  },
368   { TARGET_O_SYNC,      TARGET_O_DSYNC,     O_SYNC,      O_DSYNC,     },
369   { TARGET_O_SYNC,      TARGET_O_SYNC,      O_SYNC,      O_SYNC,      },
370   { TARGET_FASYNC,      TARGET_FASYNC,      FASYNC,      FASYNC,      },
371   { TARGET_O_DIRECTORY, TARGET_O_DIRECTORY, O_DIRECTORY, O_DIRECTORY, },
372   { TARGET_O_NOFOLLOW,  TARGET_O_NOFOLLOW,  O_NOFOLLOW,  O_NOFOLLOW,  },
373 #if defined(O_DIRECT)
374   { TARGET_O_DIRECT,    TARGET_O_DIRECT,    O_DIRECT,    O_DIRECT,    },
375 #endif
376 #if defined(O_NOATIME)
377   { TARGET_O_NOATIME,   TARGET_O_NOATIME,   O_NOATIME,   O_NOATIME    },
378 #endif
379 #if defined(O_CLOEXEC)
380   { TARGET_O_CLOEXEC,   TARGET_O_CLOEXEC,   O_CLOEXEC,   O_CLOEXEC    },
381 #endif
382 #if defined(O_PATH)
383   { TARGET_O_PATH,      TARGET_O_PATH,      O_PATH,      O_PATH       },
384 #endif
385 #if defined(O_TMPFILE)
386   { TARGET_O_TMPFILE,   TARGET_O_TMPFILE,   O_TMPFILE,   O_TMPFILE    },
387 #endif
388   /* Don't terminate the list prematurely on 64-bit host+guest.  */
389 #if TARGET_O_LARGEFILE != 0 || O_LARGEFILE != 0
390   { TARGET_O_LARGEFILE, TARGET_O_LARGEFILE, O_LARGEFILE, O_LARGEFILE, },
391 #endif
392   { 0, 0, 0, 0 }
393 };
394 
395 _syscall2(int, sys_getcwd1, char *, buf, size_t, size)
396 
397 #if defined(TARGET_NR_utimensat) || defined(TARGET_NR_utimensat_time64)
398 #if defined(__NR_utimensat)
399 #define __NR_sys_utimensat __NR_utimensat
400 _syscall4(int,sys_utimensat,int,dirfd,const char *,pathname,
401           const struct timespec *,tsp,int,flags)
402 #else
403 static int sys_utimensat(int dirfd, const char *pathname,
404                          const struct timespec times[2], int flags)
405 {
406     errno = ENOSYS;
407     return -1;
408 }
409 #endif
410 #endif /* TARGET_NR_utimensat */
411 
412 #ifdef TARGET_NR_renameat2
413 #if defined(__NR_renameat2)
414 #define __NR_sys_renameat2 __NR_renameat2
415 _syscall5(int, sys_renameat2, int, oldfd, const char *, old, int, newfd,
416           const char *, new, unsigned int, flags)
417 #else
418 static int sys_renameat2(int oldfd, const char *old,
419                          int newfd, const char *new, int flags)
420 {
421     if (flags == 0) {
422         return renameat(oldfd, old, newfd, new);
423     }
424     errno = ENOSYS;
425     return -1;
426 }
427 #endif
428 #endif /* TARGET_NR_renameat2 */
429 
430 #ifdef CONFIG_INOTIFY
431 #include <sys/inotify.h>
432 
433 #if defined(TARGET_NR_inotify_init) && defined(__NR_inotify_init)
434 static int sys_inotify_init(void)
435 {
436   return (inotify_init());
437 }
438 #endif
439 #if defined(TARGET_NR_inotify_add_watch) && defined(__NR_inotify_add_watch)
440 static int sys_inotify_add_watch(int fd,const char *pathname, int32_t mask)
441 {
442   return (inotify_add_watch(fd, pathname, mask));
443 }
444 #endif
445 #if defined(TARGET_NR_inotify_rm_watch) && defined(__NR_inotify_rm_watch)
446 static int sys_inotify_rm_watch(int fd, int32_t wd)
447 {
448   return (inotify_rm_watch(fd, wd));
449 }
450 #endif
451 #ifdef CONFIG_INOTIFY1
452 #if defined(TARGET_NR_inotify_init1) && defined(__NR_inotify_init1)
453 static int sys_inotify_init1(int flags)
454 {
455   return (inotify_init1(flags));
456 }
457 #endif
458 #endif
459 #else
460 /* Userspace can usually survive runtime without inotify */
461 #undef TARGET_NR_inotify_init
462 #undef TARGET_NR_inotify_init1
463 #undef TARGET_NR_inotify_add_watch
464 #undef TARGET_NR_inotify_rm_watch
465 #endif /* CONFIG_INOTIFY  */
466 
467 #if defined(TARGET_NR_prlimit64)
468 #ifndef __NR_prlimit64
469 # define __NR_prlimit64 -1
470 #endif
471 #define __NR_sys_prlimit64 __NR_prlimit64
472 /* The glibc rlimit structure may not be that used by the underlying syscall */
473 struct host_rlimit64 {
474     uint64_t rlim_cur;
475     uint64_t rlim_max;
476 };
477 _syscall4(int, sys_prlimit64, pid_t, pid, int, resource,
478           const struct host_rlimit64 *, new_limit,
479           struct host_rlimit64 *, old_limit)
480 #endif
481 
482 
483 #if defined(TARGET_NR_timer_create)
484 /* Maximum of 32 active POSIX timers allowed at any one time. */
485 static timer_t g_posix_timers[32] = { 0, } ;
486 
487 static inline int next_free_host_timer(void)
488 {
489     int k ;
490     /* FIXME: Does finding the next free slot require a lock? */
491     for (k = 0; k < ARRAY_SIZE(g_posix_timers); k++) {
492         if (g_posix_timers[k] == 0) {
493             g_posix_timers[k] = (timer_t) 1;
494             return k;
495         }
496     }
497     return -1;
498 }
499 #endif
500 
501 #define ERRNO_TABLE_SIZE 1200
502 
503 /* target_to_host_errno_table[] is initialized from
504  * host_to_target_errno_table[] in syscall_init(). */
505 static uint16_t target_to_host_errno_table[ERRNO_TABLE_SIZE] = {
506 };
507 
508 /*
509  * This list is the union of errno values overridden in asm-<arch>/errno.h
510  * minus the errnos that are not actually generic to all archs.
511  */
512 static uint16_t host_to_target_errno_table[ERRNO_TABLE_SIZE] = {
513     [EAGAIN]		= TARGET_EAGAIN,
514     [EIDRM]		= TARGET_EIDRM,
515     [ECHRNG]		= TARGET_ECHRNG,
516     [EL2NSYNC]		= TARGET_EL2NSYNC,
517     [EL3HLT]		= TARGET_EL3HLT,
518     [EL3RST]		= TARGET_EL3RST,
519     [ELNRNG]		= TARGET_ELNRNG,
520     [EUNATCH]		= TARGET_EUNATCH,
521     [ENOCSI]		= TARGET_ENOCSI,
522     [EL2HLT]		= TARGET_EL2HLT,
523     [EDEADLK]		= TARGET_EDEADLK,
524     [ENOLCK]		= TARGET_ENOLCK,
525     [EBADE]		= TARGET_EBADE,
526     [EBADR]		= TARGET_EBADR,
527     [EXFULL]		= TARGET_EXFULL,
528     [ENOANO]		= TARGET_ENOANO,
529     [EBADRQC]		= TARGET_EBADRQC,
530     [EBADSLT]		= TARGET_EBADSLT,
531     [EBFONT]		= TARGET_EBFONT,
532     [ENOSTR]		= TARGET_ENOSTR,
533     [ENODATA]		= TARGET_ENODATA,
534     [ETIME]		= TARGET_ETIME,
535     [ENOSR]		= TARGET_ENOSR,
536     [ENONET]		= TARGET_ENONET,
537     [ENOPKG]		= TARGET_ENOPKG,
538     [EREMOTE]		= TARGET_EREMOTE,
539     [ENOLINK]		= TARGET_ENOLINK,
540     [EADV]		= TARGET_EADV,
541     [ESRMNT]		= TARGET_ESRMNT,
542     [ECOMM]		= TARGET_ECOMM,
543     [EPROTO]		= TARGET_EPROTO,
544     [EDOTDOT]		= TARGET_EDOTDOT,
545     [EMULTIHOP]		= TARGET_EMULTIHOP,
546     [EBADMSG]		= TARGET_EBADMSG,
547     [ENAMETOOLONG]	= TARGET_ENAMETOOLONG,
548     [EOVERFLOW]		= TARGET_EOVERFLOW,
549     [ENOTUNIQ]		= TARGET_ENOTUNIQ,
550     [EBADFD]		= TARGET_EBADFD,
551     [EREMCHG]		= TARGET_EREMCHG,
552     [ELIBACC]		= TARGET_ELIBACC,
553     [ELIBBAD]		= TARGET_ELIBBAD,
554     [ELIBSCN]		= TARGET_ELIBSCN,
555     [ELIBMAX]		= TARGET_ELIBMAX,
556     [ELIBEXEC]		= TARGET_ELIBEXEC,
557     [EILSEQ]		= TARGET_EILSEQ,
558     [ENOSYS]		= TARGET_ENOSYS,
559     [ELOOP]		= TARGET_ELOOP,
560     [ERESTART]		= TARGET_ERESTART,
561     [ESTRPIPE]		= TARGET_ESTRPIPE,
562     [ENOTEMPTY]		= TARGET_ENOTEMPTY,
563     [EUSERS]		= TARGET_EUSERS,
564     [ENOTSOCK]		= TARGET_ENOTSOCK,
565     [EDESTADDRREQ]	= TARGET_EDESTADDRREQ,
566     [EMSGSIZE]		= TARGET_EMSGSIZE,
567     [EPROTOTYPE]	= TARGET_EPROTOTYPE,
568     [ENOPROTOOPT]	= TARGET_ENOPROTOOPT,
569     [EPROTONOSUPPORT]	= TARGET_EPROTONOSUPPORT,
570     [ESOCKTNOSUPPORT]	= TARGET_ESOCKTNOSUPPORT,
571     [EOPNOTSUPP]	= TARGET_EOPNOTSUPP,
572     [EPFNOSUPPORT]	= TARGET_EPFNOSUPPORT,
573     [EAFNOSUPPORT]	= TARGET_EAFNOSUPPORT,
574     [EADDRINUSE]	= TARGET_EADDRINUSE,
575     [EADDRNOTAVAIL]	= TARGET_EADDRNOTAVAIL,
576     [ENETDOWN]		= TARGET_ENETDOWN,
577     [ENETUNREACH]	= TARGET_ENETUNREACH,
578     [ENETRESET]		= TARGET_ENETRESET,
579     [ECONNABORTED]	= TARGET_ECONNABORTED,
580     [ECONNRESET]	= TARGET_ECONNRESET,
581     [ENOBUFS]		= TARGET_ENOBUFS,
582     [EISCONN]		= TARGET_EISCONN,
583     [ENOTCONN]		= TARGET_ENOTCONN,
584     [EUCLEAN]		= TARGET_EUCLEAN,
585     [ENOTNAM]		= TARGET_ENOTNAM,
586     [ENAVAIL]		= TARGET_ENAVAIL,
587     [EISNAM]		= TARGET_EISNAM,
588     [EREMOTEIO]		= TARGET_EREMOTEIO,
589     [EDQUOT]            = TARGET_EDQUOT,
590     [ESHUTDOWN]		= TARGET_ESHUTDOWN,
591     [ETOOMANYREFS]	= TARGET_ETOOMANYREFS,
592     [ETIMEDOUT]		= TARGET_ETIMEDOUT,
593     [ECONNREFUSED]	= TARGET_ECONNREFUSED,
594     [EHOSTDOWN]		= TARGET_EHOSTDOWN,
595     [EHOSTUNREACH]	= TARGET_EHOSTUNREACH,
596     [EALREADY]		= TARGET_EALREADY,
597     [EINPROGRESS]	= TARGET_EINPROGRESS,
598     [ESTALE]		= TARGET_ESTALE,
599     [ECANCELED]		= TARGET_ECANCELED,
600     [ENOMEDIUM]		= TARGET_ENOMEDIUM,
601     [EMEDIUMTYPE]	= TARGET_EMEDIUMTYPE,
602 #ifdef ENOKEY
603     [ENOKEY]		= TARGET_ENOKEY,
604 #endif
605 #ifdef EKEYEXPIRED
606     [EKEYEXPIRED]	= TARGET_EKEYEXPIRED,
607 #endif
608 #ifdef EKEYREVOKED
609     [EKEYREVOKED]	= TARGET_EKEYREVOKED,
610 #endif
611 #ifdef EKEYREJECTED
612     [EKEYREJECTED]	= TARGET_EKEYREJECTED,
613 #endif
614 #ifdef EOWNERDEAD
615     [EOWNERDEAD]	= TARGET_EOWNERDEAD,
616 #endif
617 #ifdef ENOTRECOVERABLE
618     [ENOTRECOVERABLE]	= TARGET_ENOTRECOVERABLE,
619 #endif
620 #ifdef ENOMSG
621     [ENOMSG]            = TARGET_ENOMSG,
622 #endif
623 #ifdef ERKFILL
624     [ERFKILL]           = TARGET_ERFKILL,
625 #endif
626 #ifdef EHWPOISON
627     [EHWPOISON]         = TARGET_EHWPOISON,
628 #endif
629 };
630 
631 static inline int host_to_target_errno(int err)
632 {
633     if (err >= 0 && err < ERRNO_TABLE_SIZE &&
634         host_to_target_errno_table[err]) {
635         return host_to_target_errno_table[err];
636     }
637     return err;
638 }
639 
640 static inline int target_to_host_errno(int err)
641 {
642     if (err >= 0 && err < ERRNO_TABLE_SIZE &&
643         target_to_host_errno_table[err]) {
644         return target_to_host_errno_table[err];
645     }
646     return err;
647 }
648 
649 static inline abi_long get_errno(abi_long ret)
650 {
651     if (ret == -1)
652         return -host_to_target_errno(errno);
653     else
654         return ret;
655 }
656 
657 const char *target_strerror(int err)
658 {
659     if (err == TARGET_ERESTARTSYS) {
660         return "To be restarted";
661     }
662     if (err == TARGET_QEMU_ESIGRETURN) {
663         return "Successful exit from sigreturn";
664     }
665 
666     if ((err >= ERRNO_TABLE_SIZE) || (err < 0)) {
667         return NULL;
668     }
669     return strerror(target_to_host_errno(err));
670 }
671 
672 #define safe_syscall0(type, name) \
673 static type safe_##name(void) \
674 { \
675     return safe_syscall(__NR_##name); \
676 }
677 
678 #define safe_syscall1(type, name, type1, arg1) \
679 static type safe_##name(type1 arg1) \
680 { \
681     return safe_syscall(__NR_##name, arg1); \
682 }
683 
684 #define safe_syscall2(type, name, type1, arg1, type2, arg2) \
685 static type safe_##name(type1 arg1, type2 arg2) \
686 { \
687     return safe_syscall(__NR_##name, arg1, arg2); \
688 }
689 
690 #define safe_syscall3(type, name, type1, arg1, type2, arg2, type3, arg3) \
691 static type safe_##name(type1 arg1, type2 arg2, type3 arg3) \
692 { \
693     return safe_syscall(__NR_##name, arg1, arg2, arg3); \
694 }
695 
696 #define safe_syscall4(type, name, type1, arg1, type2, arg2, type3, arg3, \
697     type4, arg4) \
698 static type safe_##name(type1 arg1, type2 arg2, type3 arg3, type4 arg4) \
699 { \
700     return safe_syscall(__NR_##name, arg1, arg2, arg3, arg4); \
701 }
702 
703 #define safe_syscall5(type, name, type1, arg1, type2, arg2, type3, arg3, \
704     type4, arg4, type5, arg5) \
705 static type safe_##name(type1 arg1, type2 arg2, type3 arg3, type4 arg4, \
706     type5 arg5) \
707 { \
708     return safe_syscall(__NR_##name, arg1, arg2, arg3, arg4, arg5); \
709 }
710 
711 #define safe_syscall6(type, name, type1, arg1, type2, arg2, type3, arg3, \
712     type4, arg4, type5, arg5, type6, arg6) \
713 static type safe_##name(type1 arg1, type2 arg2, type3 arg3, type4 arg4, \
714     type5 arg5, type6 arg6) \
715 { \
716     return safe_syscall(__NR_##name, arg1, arg2, arg3, arg4, arg5, arg6); \
717 }
718 
719 safe_syscall3(ssize_t, read, int, fd, void *, buff, size_t, count)
720 safe_syscall3(ssize_t, write, int, fd, const void *, buff, size_t, count)
721 safe_syscall4(int, openat, int, dirfd, const char *, pathname, \
722               int, flags, mode_t, mode)
723 #if defined(TARGET_NR_wait4) || defined(TARGET_NR_waitpid)
724 safe_syscall4(pid_t, wait4, pid_t, pid, int *, status, int, options, \
725               struct rusage *, rusage)
726 #endif
727 safe_syscall5(int, waitid, idtype_t, idtype, id_t, id, siginfo_t *, infop, \
728               int, options, struct rusage *, rusage)
729 safe_syscall3(int, execve, const char *, filename, char **, argv, char **, envp)
730 #if defined(TARGET_NR_select) || defined(TARGET_NR__newselect) || \
731     defined(TARGET_NR_pselect6) || defined(TARGET_NR_pselect6_time64)
732 safe_syscall6(int, pselect6, int, nfds, fd_set *, readfds, fd_set *, writefds, \
733               fd_set *, exceptfds, struct timespec *, timeout, void *, sig)
734 #endif
735 #if defined(TARGET_NR_ppoll) || defined(TARGET_NR_ppoll_time64)
736 safe_syscall5(int, ppoll, struct pollfd *, ufds, unsigned int, nfds,
737               struct timespec *, tsp, const sigset_t *, sigmask,
738               size_t, sigsetsize)
739 #endif
740 safe_syscall6(int, epoll_pwait, int, epfd, struct epoll_event *, events,
741               int, maxevents, int, timeout, const sigset_t *, sigmask,
742               size_t, sigsetsize)
743 #if defined(__NR_futex)
744 safe_syscall6(int,futex,int *,uaddr,int,op,int,val, \
745               const struct timespec *,timeout,int *,uaddr2,int,val3)
746 #endif
747 #if defined(__NR_futex_time64)
748 safe_syscall6(int,futex_time64,int *,uaddr,int,op,int,val, \
749               const struct timespec *,timeout,int *,uaddr2,int,val3)
750 #endif
751 safe_syscall2(int, rt_sigsuspend, sigset_t *, newset, size_t, sigsetsize)
752 safe_syscall2(int, kill, pid_t, pid, int, sig)
753 safe_syscall2(int, tkill, int, tid, int, sig)
754 safe_syscall3(int, tgkill, int, tgid, int, pid, int, sig)
755 safe_syscall3(ssize_t, readv, int, fd, const struct iovec *, iov, int, iovcnt)
756 safe_syscall3(ssize_t, writev, int, fd, const struct iovec *, iov, int, iovcnt)
757 safe_syscall5(ssize_t, preadv, int, fd, const struct iovec *, iov, int, iovcnt,
758               unsigned long, pos_l, unsigned long, pos_h)
759 safe_syscall5(ssize_t, pwritev, int, fd, const struct iovec *, iov, int, iovcnt,
760               unsigned long, pos_l, unsigned long, pos_h)
761 safe_syscall3(int, connect, int, fd, const struct sockaddr *, addr,
762               socklen_t, addrlen)
763 safe_syscall6(ssize_t, sendto, int, fd, const void *, buf, size_t, len,
764               int, flags, const struct sockaddr *, addr, socklen_t, addrlen)
765 safe_syscall6(ssize_t, recvfrom, int, fd, void *, buf, size_t, len,
766               int, flags, struct sockaddr *, addr, socklen_t *, addrlen)
767 safe_syscall3(ssize_t, sendmsg, int, fd, const struct msghdr *, msg, int, flags)
768 safe_syscall3(ssize_t, recvmsg, int, fd, struct msghdr *, msg, int, flags)
769 safe_syscall2(int, flock, int, fd, int, operation)
770 #if defined(TARGET_NR_rt_sigtimedwait) || defined(TARGET_NR_rt_sigtimedwait_time64)
771 safe_syscall4(int, rt_sigtimedwait, const sigset_t *, these, siginfo_t *, uinfo,
772               const struct timespec *, uts, size_t, sigsetsize)
773 #endif
774 safe_syscall4(int, accept4, int, fd, struct sockaddr *, addr, socklen_t *, len,
775               int, flags)
776 #if defined(TARGET_NR_nanosleep)
777 safe_syscall2(int, nanosleep, const struct timespec *, req,
778               struct timespec *, rem)
779 #endif
780 #if defined(TARGET_NR_clock_nanosleep) || \
781     defined(TARGET_NR_clock_nanosleep_time64)
782 safe_syscall4(int, clock_nanosleep, const clockid_t, clock, int, flags,
783               const struct timespec *, req, struct timespec *, rem)
784 #endif
785 #ifdef __NR_ipc
786 #ifdef __s390x__
787 safe_syscall5(int, ipc, int, call, long, first, long, second, long, third,
788               void *, ptr)
789 #else
790 safe_syscall6(int, ipc, int, call, long, first, long, second, long, third,
791               void *, ptr, long, fifth)
792 #endif
793 #endif
794 #ifdef __NR_msgsnd
795 safe_syscall4(int, msgsnd, int, msgid, const void *, msgp, size_t, sz,
796               int, flags)
797 #endif
798 #ifdef __NR_msgrcv
799 safe_syscall5(int, msgrcv, int, msgid, void *, msgp, size_t, sz,
800               long, msgtype, int, flags)
801 #endif
802 #ifdef __NR_semtimedop
803 safe_syscall4(int, semtimedop, int, semid, struct sembuf *, tsops,
804               unsigned, nsops, const struct timespec *, timeout)
805 #endif
806 #if defined(TARGET_NR_mq_timedsend) || \
807     defined(TARGET_NR_mq_timedsend_time64)
808 safe_syscall5(int, mq_timedsend, int, mqdes, const char *, msg_ptr,
809               size_t, len, unsigned, prio, const struct timespec *, timeout)
810 #endif
811 #if defined(TARGET_NR_mq_timedreceive) || \
812     defined(TARGET_NR_mq_timedreceive_time64)
813 safe_syscall5(int, mq_timedreceive, int, mqdes, char *, msg_ptr,
814               size_t, len, unsigned *, prio, const struct timespec *, timeout)
815 #endif
816 /* We do ioctl like this rather than via safe_syscall3 to preserve the
817  * "third argument might be integer or pointer or not present" behaviour of
818  * the libc function.
819  */
820 #define safe_ioctl(...) safe_syscall(__NR_ioctl, __VA_ARGS__)
821 /* Similarly for fcntl. Note that callers must always:
822  *  pass the F_GETLK64 etc constants rather than the unsuffixed F_GETLK
823  *  use the flock64 struct rather than unsuffixed flock
824  * This will then work and use a 64-bit offset for both 32-bit and 64-bit hosts.
825  */
826 #ifdef __NR_fcntl64
827 #define safe_fcntl(...) safe_syscall(__NR_fcntl64, __VA_ARGS__)
828 #else
829 #define safe_fcntl(...) safe_syscall(__NR_fcntl, __VA_ARGS__)
830 #endif
831 
832 static inline int host_to_target_sock_type(int host_type)
833 {
834     int target_type;
835 
836     switch (host_type & 0xf /* SOCK_TYPE_MASK */) {
837     case SOCK_DGRAM:
838         target_type = TARGET_SOCK_DGRAM;
839         break;
840     case SOCK_STREAM:
841         target_type = TARGET_SOCK_STREAM;
842         break;
843     default:
844         target_type = host_type & 0xf /* SOCK_TYPE_MASK */;
845         break;
846     }
847 
848 #if defined(SOCK_CLOEXEC)
849     if (host_type & SOCK_CLOEXEC) {
850         target_type |= TARGET_SOCK_CLOEXEC;
851     }
852 #endif
853 
854 #if defined(SOCK_NONBLOCK)
855     if (host_type & SOCK_NONBLOCK) {
856         target_type |= TARGET_SOCK_NONBLOCK;
857     }
858 #endif
859 
860     return target_type;
861 }
862 
863 static abi_ulong target_brk;
864 static abi_ulong target_original_brk;
865 static abi_ulong brk_page;
866 
867 void target_set_brk(abi_ulong new_brk)
868 {
869     target_original_brk = target_brk = HOST_PAGE_ALIGN(new_brk);
870     brk_page = HOST_PAGE_ALIGN(target_brk);
871 }
872 
873 //#define DEBUGF_BRK(message, args...) do { fprintf(stderr, (message), ## args); } while (0)
874 #define DEBUGF_BRK(message, args...)
875 
876 /* do_brk() must return target values and target errnos. */
877 abi_long do_brk(abi_ulong new_brk)
878 {
879     abi_long mapped_addr;
880     abi_ulong new_alloc_size;
881 
882     DEBUGF_BRK("do_brk(" TARGET_ABI_FMT_lx ") -> ", new_brk);
883 
884     if (!new_brk) {
885         DEBUGF_BRK(TARGET_ABI_FMT_lx " (!new_brk)\n", target_brk);
886         return target_brk;
887     }
888     if (new_brk < target_original_brk) {
889         DEBUGF_BRK(TARGET_ABI_FMT_lx " (new_brk < target_original_brk)\n",
890                    target_brk);
891         return target_brk;
892     }
893 
894     /* If the new brk is less than the highest page reserved to the
895      * target heap allocation, set it and we're almost done...  */
896     if (new_brk <= brk_page) {
897         /* Heap contents are initialized to zero, as for anonymous
898          * mapped pages.  */
899         if (new_brk > target_brk) {
900             memset(g2h(target_brk), 0, new_brk - target_brk);
901         }
902 	target_brk = new_brk;
903         DEBUGF_BRK(TARGET_ABI_FMT_lx " (new_brk <= brk_page)\n", target_brk);
904 	return target_brk;
905     }
906 
907     /* We need to allocate more memory after the brk... Note that
908      * we don't use MAP_FIXED because that will map over the top of
909      * any existing mapping (like the one with the host libc or qemu
910      * itself); instead we treat "mapped but at wrong address" as
911      * a failure and unmap again.
912      */
913     new_alloc_size = HOST_PAGE_ALIGN(new_brk - brk_page);
914     mapped_addr = get_errno(target_mmap(brk_page, new_alloc_size,
915                                         PROT_READ|PROT_WRITE,
916                                         MAP_ANON|MAP_PRIVATE, 0, 0));
917 
918     if (mapped_addr == brk_page) {
919         /* Heap contents are initialized to zero, as for anonymous
920          * mapped pages.  Technically the new pages are already
921          * initialized to zero since they *are* anonymous mapped
922          * pages, however we have to take care with the contents that
923          * come from the remaining part of the previous page: it may
924          * contains garbage data due to a previous heap usage (grown
925          * then shrunken).  */
926         memset(g2h(target_brk), 0, brk_page - target_brk);
927 
928         target_brk = new_brk;
929         brk_page = HOST_PAGE_ALIGN(target_brk);
930         DEBUGF_BRK(TARGET_ABI_FMT_lx " (mapped_addr == brk_page)\n",
931             target_brk);
932         return target_brk;
933     } else if (mapped_addr != -1) {
934         /* Mapped but at wrong address, meaning there wasn't actually
935          * enough space for this brk.
936          */
937         target_munmap(mapped_addr, new_alloc_size);
938         mapped_addr = -1;
939         DEBUGF_BRK(TARGET_ABI_FMT_lx " (mapped_addr != -1)\n", target_brk);
940     }
941     else {
942         DEBUGF_BRK(TARGET_ABI_FMT_lx " (otherwise)\n", target_brk);
943     }
944 
945 #if defined(TARGET_ALPHA)
946     /* We (partially) emulate OSF/1 on Alpha, which requires we
947        return a proper errno, not an unchanged brk value.  */
948     return -TARGET_ENOMEM;
949 #endif
950     /* For everything else, return the previous break. */
951     return target_brk;
952 }
953 
954 #if defined(TARGET_NR_select) || defined(TARGET_NR__newselect) || \
955     defined(TARGET_NR_pselect6) || defined(TARGET_NR_pselect6_time64)
956 static inline abi_long copy_from_user_fdset(fd_set *fds,
957                                             abi_ulong target_fds_addr,
958                                             int n)
959 {
960     int i, nw, j, k;
961     abi_ulong b, *target_fds;
962 
963     nw = DIV_ROUND_UP(n, TARGET_ABI_BITS);
964     if (!(target_fds = lock_user(VERIFY_READ,
965                                  target_fds_addr,
966                                  sizeof(abi_ulong) * nw,
967                                  1)))
968         return -TARGET_EFAULT;
969 
970     FD_ZERO(fds);
971     k = 0;
972     for (i = 0; i < nw; i++) {
973         /* grab the abi_ulong */
974         __get_user(b, &target_fds[i]);
975         for (j = 0; j < TARGET_ABI_BITS; j++) {
976             /* check the bit inside the abi_ulong */
977             if ((b >> j) & 1)
978                 FD_SET(k, fds);
979             k++;
980         }
981     }
982 
983     unlock_user(target_fds, target_fds_addr, 0);
984 
985     return 0;
986 }
987 
988 static inline abi_ulong copy_from_user_fdset_ptr(fd_set *fds, fd_set **fds_ptr,
989                                                  abi_ulong target_fds_addr,
990                                                  int n)
991 {
992     if (target_fds_addr) {
993         if (copy_from_user_fdset(fds, target_fds_addr, n))
994             return -TARGET_EFAULT;
995         *fds_ptr = fds;
996     } else {
997         *fds_ptr = NULL;
998     }
999     return 0;
1000 }
1001 
1002 static inline abi_long copy_to_user_fdset(abi_ulong target_fds_addr,
1003                                           const fd_set *fds,
1004                                           int n)
1005 {
1006     int i, nw, j, k;
1007     abi_long v;
1008     abi_ulong *target_fds;
1009 
1010     nw = DIV_ROUND_UP(n, TARGET_ABI_BITS);
1011     if (!(target_fds = lock_user(VERIFY_WRITE,
1012                                  target_fds_addr,
1013                                  sizeof(abi_ulong) * nw,
1014                                  0)))
1015         return -TARGET_EFAULT;
1016 
1017     k = 0;
1018     for (i = 0; i < nw; i++) {
1019         v = 0;
1020         for (j = 0; j < TARGET_ABI_BITS; j++) {
1021             v |= ((abi_ulong)(FD_ISSET(k, fds) != 0) << j);
1022             k++;
1023         }
1024         __put_user(v, &target_fds[i]);
1025     }
1026 
1027     unlock_user(target_fds, target_fds_addr, sizeof(abi_ulong) * nw);
1028 
1029     return 0;
1030 }
1031 #endif
1032 
1033 #if defined(__alpha__)
1034 #define HOST_HZ 1024
1035 #else
1036 #define HOST_HZ 100
1037 #endif
1038 
1039 static inline abi_long host_to_target_clock_t(long ticks)
1040 {
1041 #if HOST_HZ == TARGET_HZ
1042     return ticks;
1043 #else
1044     return ((int64_t)ticks * TARGET_HZ) / HOST_HZ;
1045 #endif
1046 }
1047 
1048 static inline abi_long host_to_target_rusage(abi_ulong target_addr,
1049                                              const struct rusage *rusage)
1050 {
1051     struct target_rusage *target_rusage;
1052 
1053     if (!lock_user_struct(VERIFY_WRITE, target_rusage, target_addr, 0))
1054         return -TARGET_EFAULT;
1055     target_rusage->ru_utime.tv_sec = tswapal(rusage->ru_utime.tv_sec);
1056     target_rusage->ru_utime.tv_usec = tswapal(rusage->ru_utime.tv_usec);
1057     target_rusage->ru_stime.tv_sec = tswapal(rusage->ru_stime.tv_sec);
1058     target_rusage->ru_stime.tv_usec = tswapal(rusage->ru_stime.tv_usec);
1059     target_rusage->ru_maxrss = tswapal(rusage->ru_maxrss);
1060     target_rusage->ru_ixrss = tswapal(rusage->ru_ixrss);
1061     target_rusage->ru_idrss = tswapal(rusage->ru_idrss);
1062     target_rusage->ru_isrss = tswapal(rusage->ru_isrss);
1063     target_rusage->ru_minflt = tswapal(rusage->ru_minflt);
1064     target_rusage->ru_majflt = tswapal(rusage->ru_majflt);
1065     target_rusage->ru_nswap = tswapal(rusage->ru_nswap);
1066     target_rusage->ru_inblock = tswapal(rusage->ru_inblock);
1067     target_rusage->ru_oublock = tswapal(rusage->ru_oublock);
1068     target_rusage->ru_msgsnd = tswapal(rusage->ru_msgsnd);
1069     target_rusage->ru_msgrcv = tswapal(rusage->ru_msgrcv);
1070     target_rusage->ru_nsignals = tswapal(rusage->ru_nsignals);
1071     target_rusage->ru_nvcsw = tswapal(rusage->ru_nvcsw);
1072     target_rusage->ru_nivcsw = tswapal(rusage->ru_nivcsw);
1073     unlock_user_struct(target_rusage, target_addr, 1);
1074 
1075     return 0;
1076 }
1077 
1078 #ifdef TARGET_NR_setrlimit
1079 static inline rlim_t target_to_host_rlim(abi_ulong target_rlim)
1080 {
1081     abi_ulong target_rlim_swap;
1082     rlim_t result;
1083 
1084     target_rlim_swap = tswapal(target_rlim);
1085     if (target_rlim_swap == TARGET_RLIM_INFINITY)
1086         return RLIM_INFINITY;
1087 
1088     result = target_rlim_swap;
1089     if (target_rlim_swap != (rlim_t)result)
1090         return RLIM_INFINITY;
1091 
1092     return result;
1093 }
1094 #endif
1095 
1096 #if defined(TARGET_NR_getrlimit) || defined(TARGET_NR_ugetrlimit)
1097 static inline abi_ulong host_to_target_rlim(rlim_t rlim)
1098 {
1099     abi_ulong target_rlim_swap;
1100     abi_ulong result;
1101 
1102     if (rlim == RLIM_INFINITY || rlim != (abi_long)rlim)
1103         target_rlim_swap = TARGET_RLIM_INFINITY;
1104     else
1105         target_rlim_swap = rlim;
1106     result = tswapal(target_rlim_swap);
1107 
1108     return result;
1109 }
1110 #endif
1111 
1112 static inline int target_to_host_resource(int code)
1113 {
1114     switch (code) {
1115     case TARGET_RLIMIT_AS:
1116         return RLIMIT_AS;
1117     case TARGET_RLIMIT_CORE:
1118         return RLIMIT_CORE;
1119     case TARGET_RLIMIT_CPU:
1120         return RLIMIT_CPU;
1121     case TARGET_RLIMIT_DATA:
1122         return RLIMIT_DATA;
1123     case TARGET_RLIMIT_FSIZE:
1124         return RLIMIT_FSIZE;
1125     case TARGET_RLIMIT_LOCKS:
1126         return RLIMIT_LOCKS;
1127     case TARGET_RLIMIT_MEMLOCK:
1128         return RLIMIT_MEMLOCK;
1129     case TARGET_RLIMIT_MSGQUEUE:
1130         return RLIMIT_MSGQUEUE;
1131     case TARGET_RLIMIT_NICE:
1132         return RLIMIT_NICE;
1133     case TARGET_RLIMIT_NOFILE:
1134         return RLIMIT_NOFILE;
1135     case TARGET_RLIMIT_NPROC:
1136         return RLIMIT_NPROC;
1137     case TARGET_RLIMIT_RSS:
1138         return RLIMIT_RSS;
1139     case TARGET_RLIMIT_RTPRIO:
1140         return RLIMIT_RTPRIO;
1141     case TARGET_RLIMIT_SIGPENDING:
1142         return RLIMIT_SIGPENDING;
1143     case TARGET_RLIMIT_STACK:
1144         return RLIMIT_STACK;
1145     default:
1146         return code;
1147     }
1148 }
1149 
1150 static inline abi_long copy_from_user_timeval(struct timeval *tv,
1151                                               abi_ulong target_tv_addr)
1152 {
1153     struct target_timeval *target_tv;
1154 
1155     if (!lock_user_struct(VERIFY_READ, target_tv, target_tv_addr, 1)) {
1156         return -TARGET_EFAULT;
1157     }
1158 
1159     __get_user(tv->tv_sec, &target_tv->tv_sec);
1160     __get_user(tv->tv_usec, &target_tv->tv_usec);
1161 
1162     unlock_user_struct(target_tv, target_tv_addr, 0);
1163 
1164     return 0;
1165 }
1166 
1167 static inline abi_long copy_to_user_timeval(abi_ulong target_tv_addr,
1168                                             const struct timeval *tv)
1169 {
1170     struct target_timeval *target_tv;
1171 
1172     if (!lock_user_struct(VERIFY_WRITE, target_tv, target_tv_addr, 0)) {
1173         return -TARGET_EFAULT;
1174     }
1175 
1176     __put_user(tv->tv_sec, &target_tv->tv_sec);
1177     __put_user(tv->tv_usec, &target_tv->tv_usec);
1178 
1179     unlock_user_struct(target_tv, target_tv_addr, 1);
1180 
1181     return 0;
1182 }
1183 
1184 #if defined(TARGET_NR_clock_adjtime64) && defined(CONFIG_CLOCK_ADJTIME)
1185 static inline abi_long copy_from_user_timeval64(struct timeval *tv,
1186                                                 abi_ulong target_tv_addr)
1187 {
1188     struct target__kernel_sock_timeval *target_tv;
1189 
1190     if (!lock_user_struct(VERIFY_READ, target_tv, target_tv_addr, 1)) {
1191         return -TARGET_EFAULT;
1192     }
1193 
1194     __get_user(tv->tv_sec, &target_tv->tv_sec);
1195     __get_user(tv->tv_usec, &target_tv->tv_usec);
1196 
1197     unlock_user_struct(target_tv, target_tv_addr, 0);
1198 
1199     return 0;
1200 }
1201 #endif
1202 
1203 static inline abi_long copy_to_user_timeval64(abi_ulong target_tv_addr,
1204                                               const struct timeval *tv)
1205 {
1206     struct target__kernel_sock_timeval *target_tv;
1207 
1208     if (!lock_user_struct(VERIFY_WRITE, target_tv, target_tv_addr, 0)) {
1209         return -TARGET_EFAULT;
1210     }
1211 
1212     __put_user(tv->tv_sec, &target_tv->tv_sec);
1213     __put_user(tv->tv_usec, &target_tv->tv_usec);
1214 
1215     unlock_user_struct(target_tv, target_tv_addr, 1);
1216 
1217     return 0;
1218 }
1219 
1220 #if defined(TARGET_NR_futex) || \
1221     defined(TARGET_NR_rt_sigtimedwait) || \
1222     defined(TARGET_NR_pselect6) || defined(TARGET_NR_pselect6) || \
1223     defined(TARGET_NR_nanosleep) || defined(TARGET_NR_clock_settime) || \
1224     defined(TARGET_NR_utimensat) || defined(TARGET_NR_mq_timedsend) || \
1225     defined(TARGET_NR_mq_timedreceive) || defined(TARGET_NR_ipc) || \
1226     defined(TARGET_NR_semop) || defined(TARGET_NR_semtimedop) || \
1227     defined(TARGET_NR_timer_settime) || \
1228     (defined(TARGET_NR_timerfd_settime) && defined(CONFIG_TIMERFD))
1229 static inline abi_long target_to_host_timespec(struct timespec *host_ts,
1230                                                abi_ulong target_addr)
1231 {
1232     struct target_timespec *target_ts;
1233 
1234     if (!lock_user_struct(VERIFY_READ, target_ts, target_addr, 1)) {
1235         return -TARGET_EFAULT;
1236     }
1237     __get_user(host_ts->tv_sec, &target_ts->tv_sec);
1238     __get_user(host_ts->tv_nsec, &target_ts->tv_nsec);
1239     unlock_user_struct(target_ts, target_addr, 0);
1240     return 0;
1241 }
1242 #endif
1243 
1244 #if defined(TARGET_NR_clock_settime64) || defined(TARGET_NR_futex_time64) || \
1245     defined(TARGET_NR_timer_settime64) || \
1246     defined(TARGET_NR_mq_timedsend_time64) || \
1247     defined(TARGET_NR_mq_timedreceive_time64) || \
1248     (defined(TARGET_NR_timerfd_settime64) && defined(CONFIG_TIMERFD)) || \
1249     defined(TARGET_NR_clock_nanosleep_time64) || \
1250     defined(TARGET_NR_rt_sigtimedwait_time64) || \
1251     defined(TARGET_NR_utimensat) || \
1252     defined(TARGET_NR_utimensat_time64) || \
1253     defined(TARGET_NR_semtimedop_time64) || \
1254     defined(TARGET_NR_pselect6_time64) || defined(TARGET_NR_ppoll_time64)
1255 static inline abi_long target_to_host_timespec64(struct timespec *host_ts,
1256                                                  abi_ulong target_addr)
1257 {
1258     struct target__kernel_timespec *target_ts;
1259 
1260     if (!lock_user_struct(VERIFY_READ, target_ts, target_addr, 1)) {
1261         return -TARGET_EFAULT;
1262     }
1263     __get_user(host_ts->tv_sec, &target_ts->tv_sec);
1264     __get_user(host_ts->tv_nsec, &target_ts->tv_nsec);
1265     /* in 32bit mode, this drops the padding */
1266     host_ts->tv_nsec = (long)(abi_long)host_ts->tv_nsec;
1267     unlock_user_struct(target_ts, target_addr, 0);
1268     return 0;
1269 }
1270 #endif
1271 
1272 static inline abi_long host_to_target_timespec(abi_ulong target_addr,
1273                                                struct timespec *host_ts)
1274 {
1275     struct target_timespec *target_ts;
1276 
1277     if (!lock_user_struct(VERIFY_WRITE, target_ts, target_addr, 0)) {
1278         return -TARGET_EFAULT;
1279     }
1280     __put_user(host_ts->tv_sec, &target_ts->tv_sec);
1281     __put_user(host_ts->tv_nsec, &target_ts->tv_nsec);
1282     unlock_user_struct(target_ts, target_addr, 1);
1283     return 0;
1284 }
1285 
1286 static inline abi_long host_to_target_timespec64(abi_ulong target_addr,
1287                                                  struct timespec *host_ts)
1288 {
1289     struct target__kernel_timespec *target_ts;
1290 
1291     if (!lock_user_struct(VERIFY_WRITE, target_ts, target_addr, 0)) {
1292         return -TARGET_EFAULT;
1293     }
1294     __put_user(host_ts->tv_sec, &target_ts->tv_sec);
1295     __put_user(host_ts->tv_nsec, &target_ts->tv_nsec);
1296     unlock_user_struct(target_ts, target_addr, 1);
1297     return 0;
1298 }
1299 
1300 #if defined(TARGET_NR_gettimeofday)
1301 static inline abi_long copy_to_user_timezone(abi_ulong target_tz_addr,
1302                                              struct timezone *tz)
1303 {
1304     struct target_timezone *target_tz;
1305 
1306     if (!lock_user_struct(VERIFY_WRITE, target_tz, target_tz_addr, 1)) {
1307         return -TARGET_EFAULT;
1308     }
1309 
1310     __put_user(tz->tz_minuteswest, &target_tz->tz_minuteswest);
1311     __put_user(tz->tz_dsttime, &target_tz->tz_dsttime);
1312 
1313     unlock_user_struct(target_tz, target_tz_addr, 1);
1314 
1315     return 0;
1316 }
1317 #endif
1318 
1319 #if defined(TARGET_NR_settimeofday)
1320 static inline abi_long copy_from_user_timezone(struct timezone *tz,
1321                                                abi_ulong target_tz_addr)
1322 {
1323     struct target_timezone *target_tz;
1324 
1325     if (!lock_user_struct(VERIFY_READ, target_tz, target_tz_addr, 1)) {
1326         return -TARGET_EFAULT;
1327     }
1328 
1329     __get_user(tz->tz_minuteswest, &target_tz->tz_minuteswest);
1330     __get_user(tz->tz_dsttime, &target_tz->tz_dsttime);
1331 
1332     unlock_user_struct(target_tz, target_tz_addr, 0);
1333 
1334     return 0;
1335 }
1336 #endif
1337 
1338 #if defined(TARGET_NR_mq_open) && defined(__NR_mq_open)
1339 #include <mqueue.h>
1340 
1341 static inline abi_long copy_from_user_mq_attr(struct mq_attr *attr,
1342                                               abi_ulong target_mq_attr_addr)
1343 {
1344     struct target_mq_attr *target_mq_attr;
1345 
1346     if (!lock_user_struct(VERIFY_READ, target_mq_attr,
1347                           target_mq_attr_addr, 1))
1348         return -TARGET_EFAULT;
1349 
1350     __get_user(attr->mq_flags, &target_mq_attr->mq_flags);
1351     __get_user(attr->mq_maxmsg, &target_mq_attr->mq_maxmsg);
1352     __get_user(attr->mq_msgsize, &target_mq_attr->mq_msgsize);
1353     __get_user(attr->mq_curmsgs, &target_mq_attr->mq_curmsgs);
1354 
1355     unlock_user_struct(target_mq_attr, target_mq_attr_addr, 0);
1356 
1357     return 0;
1358 }
1359 
1360 static inline abi_long copy_to_user_mq_attr(abi_ulong target_mq_attr_addr,
1361                                             const struct mq_attr *attr)
1362 {
1363     struct target_mq_attr *target_mq_attr;
1364 
1365     if (!lock_user_struct(VERIFY_WRITE, target_mq_attr,
1366                           target_mq_attr_addr, 0))
1367         return -TARGET_EFAULT;
1368 
1369     __put_user(attr->mq_flags, &target_mq_attr->mq_flags);
1370     __put_user(attr->mq_maxmsg, &target_mq_attr->mq_maxmsg);
1371     __put_user(attr->mq_msgsize, &target_mq_attr->mq_msgsize);
1372     __put_user(attr->mq_curmsgs, &target_mq_attr->mq_curmsgs);
1373 
1374     unlock_user_struct(target_mq_attr, target_mq_attr_addr, 1);
1375 
1376     return 0;
1377 }
1378 #endif
1379 
1380 #if defined(TARGET_NR_select) || defined(TARGET_NR__newselect)
1381 /* do_select() must return target values and target errnos. */
1382 static abi_long do_select(int n,
1383                           abi_ulong rfd_addr, abi_ulong wfd_addr,
1384                           abi_ulong efd_addr, abi_ulong target_tv_addr)
1385 {
1386     fd_set rfds, wfds, efds;
1387     fd_set *rfds_ptr, *wfds_ptr, *efds_ptr;
1388     struct timeval tv;
1389     struct timespec ts, *ts_ptr;
1390     abi_long ret;
1391 
1392     ret = copy_from_user_fdset_ptr(&rfds, &rfds_ptr, rfd_addr, n);
1393     if (ret) {
1394         return ret;
1395     }
1396     ret = copy_from_user_fdset_ptr(&wfds, &wfds_ptr, wfd_addr, n);
1397     if (ret) {
1398         return ret;
1399     }
1400     ret = copy_from_user_fdset_ptr(&efds, &efds_ptr, efd_addr, n);
1401     if (ret) {
1402         return ret;
1403     }
1404 
1405     if (target_tv_addr) {
1406         if (copy_from_user_timeval(&tv, target_tv_addr))
1407             return -TARGET_EFAULT;
1408         ts.tv_sec = tv.tv_sec;
1409         ts.tv_nsec = tv.tv_usec * 1000;
1410         ts_ptr = &ts;
1411     } else {
1412         ts_ptr = NULL;
1413     }
1414 
1415     ret = get_errno(safe_pselect6(n, rfds_ptr, wfds_ptr, efds_ptr,
1416                                   ts_ptr, NULL));
1417 
1418     if (!is_error(ret)) {
1419         if (rfd_addr && copy_to_user_fdset(rfd_addr, &rfds, n))
1420             return -TARGET_EFAULT;
1421         if (wfd_addr && copy_to_user_fdset(wfd_addr, &wfds, n))
1422             return -TARGET_EFAULT;
1423         if (efd_addr && copy_to_user_fdset(efd_addr, &efds, n))
1424             return -TARGET_EFAULT;
1425 
1426         if (target_tv_addr) {
1427             tv.tv_sec = ts.tv_sec;
1428             tv.tv_usec = ts.tv_nsec / 1000;
1429             if (copy_to_user_timeval(target_tv_addr, &tv)) {
1430                 return -TARGET_EFAULT;
1431             }
1432         }
1433     }
1434 
1435     return ret;
1436 }
1437 
1438 #if defined(TARGET_WANT_OLD_SYS_SELECT)
1439 static abi_long do_old_select(abi_ulong arg1)
1440 {
1441     struct target_sel_arg_struct *sel;
1442     abi_ulong inp, outp, exp, tvp;
1443     long nsel;
1444 
1445     if (!lock_user_struct(VERIFY_READ, sel, arg1, 1)) {
1446         return -TARGET_EFAULT;
1447     }
1448 
1449     nsel = tswapal(sel->n);
1450     inp = tswapal(sel->inp);
1451     outp = tswapal(sel->outp);
1452     exp = tswapal(sel->exp);
1453     tvp = tswapal(sel->tvp);
1454 
1455     unlock_user_struct(sel, arg1, 0);
1456 
1457     return do_select(nsel, inp, outp, exp, tvp);
1458 }
1459 #endif
1460 #endif
1461 
1462 #if defined(TARGET_NR_pselect6) || defined(TARGET_NR_pselect6_time64)
1463 static abi_long do_pselect6(abi_long arg1, abi_long arg2, abi_long arg3,
1464                             abi_long arg4, abi_long arg5, abi_long arg6,
1465                             bool time64)
1466 {
1467     abi_long rfd_addr, wfd_addr, efd_addr, n, ts_addr;
1468     fd_set rfds, wfds, efds;
1469     fd_set *rfds_ptr, *wfds_ptr, *efds_ptr;
1470     struct timespec ts, *ts_ptr;
1471     abi_long ret;
1472 
1473     /*
1474      * The 6th arg is actually two args smashed together,
1475      * so we cannot use the C library.
1476      */
1477     sigset_t set;
1478     struct {
1479         sigset_t *set;
1480         size_t size;
1481     } sig, *sig_ptr;
1482 
1483     abi_ulong arg_sigset, arg_sigsize, *arg7;
1484     target_sigset_t *target_sigset;
1485 
1486     n = arg1;
1487     rfd_addr = arg2;
1488     wfd_addr = arg3;
1489     efd_addr = arg4;
1490     ts_addr = arg5;
1491 
1492     ret = copy_from_user_fdset_ptr(&rfds, &rfds_ptr, rfd_addr, n);
1493     if (ret) {
1494         return ret;
1495     }
1496     ret = copy_from_user_fdset_ptr(&wfds, &wfds_ptr, wfd_addr, n);
1497     if (ret) {
1498         return ret;
1499     }
1500     ret = copy_from_user_fdset_ptr(&efds, &efds_ptr, efd_addr, n);
1501     if (ret) {
1502         return ret;
1503     }
1504 
1505     /*
1506      * This takes a timespec, and not a timeval, so we cannot
1507      * use the do_select() helper ...
1508      */
1509     if (ts_addr) {
1510         if (time64) {
1511             if (target_to_host_timespec64(&ts, ts_addr)) {
1512                 return -TARGET_EFAULT;
1513             }
1514         } else {
1515             if (target_to_host_timespec(&ts, ts_addr)) {
1516                 return -TARGET_EFAULT;
1517             }
1518         }
1519             ts_ptr = &ts;
1520     } else {
1521         ts_ptr = NULL;
1522     }
1523 
1524     /* Extract the two packed args for the sigset */
1525     if (arg6) {
1526         sig_ptr = &sig;
1527         sig.size = SIGSET_T_SIZE;
1528 
1529         arg7 = lock_user(VERIFY_READ, arg6, sizeof(*arg7) * 2, 1);
1530         if (!arg7) {
1531             return -TARGET_EFAULT;
1532         }
1533         arg_sigset = tswapal(arg7[0]);
1534         arg_sigsize = tswapal(arg7[1]);
1535         unlock_user(arg7, arg6, 0);
1536 
1537         if (arg_sigset) {
1538             sig.set = &set;
1539             if (arg_sigsize != sizeof(*target_sigset)) {
1540                 /* Like the kernel, we enforce correct size sigsets */
1541                 return -TARGET_EINVAL;
1542             }
1543             target_sigset = lock_user(VERIFY_READ, arg_sigset,
1544                                       sizeof(*target_sigset), 1);
1545             if (!target_sigset) {
1546                 return -TARGET_EFAULT;
1547             }
1548             target_to_host_sigset(&set, target_sigset);
1549             unlock_user(target_sigset, arg_sigset, 0);
1550         } else {
1551             sig.set = NULL;
1552         }
1553     } else {
1554         sig_ptr = NULL;
1555     }
1556 
1557     ret = get_errno(safe_pselect6(n, rfds_ptr, wfds_ptr, efds_ptr,
1558                                   ts_ptr, sig_ptr));
1559 
1560     if (!is_error(ret)) {
1561         if (rfd_addr && copy_to_user_fdset(rfd_addr, &rfds, n)) {
1562             return -TARGET_EFAULT;
1563         }
1564         if (wfd_addr && copy_to_user_fdset(wfd_addr, &wfds, n)) {
1565             return -TARGET_EFAULT;
1566         }
1567         if (efd_addr && copy_to_user_fdset(efd_addr, &efds, n)) {
1568             return -TARGET_EFAULT;
1569         }
1570         if (time64) {
1571             if (ts_addr && host_to_target_timespec64(ts_addr, &ts)) {
1572                 return -TARGET_EFAULT;
1573             }
1574         } else {
1575             if (ts_addr && host_to_target_timespec(ts_addr, &ts)) {
1576                 return -TARGET_EFAULT;
1577             }
1578         }
1579     }
1580     return ret;
1581 }
1582 #endif
1583 
1584 #if defined(TARGET_NR_poll) || defined(TARGET_NR_ppoll) || \
1585     defined(TARGET_NR_ppoll_time64)
1586 static abi_long do_ppoll(abi_long arg1, abi_long arg2, abi_long arg3,
1587                          abi_long arg4, abi_long arg5, bool ppoll, bool time64)
1588 {
1589     struct target_pollfd *target_pfd;
1590     unsigned int nfds = arg2;
1591     struct pollfd *pfd;
1592     unsigned int i;
1593     abi_long ret;
1594 
1595     pfd = NULL;
1596     target_pfd = NULL;
1597     if (nfds) {
1598         if (nfds > (INT_MAX / sizeof(struct target_pollfd))) {
1599             return -TARGET_EINVAL;
1600         }
1601         target_pfd = lock_user(VERIFY_WRITE, arg1,
1602                                sizeof(struct target_pollfd) * nfds, 1);
1603         if (!target_pfd) {
1604             return -TARGET_EFAULT;
1605         }
1606 
1607         pfd = alloca(sizeof(struct pollfd) * nfds);
1608         for (i = 0; i < nfds; i++) {
1609             pfd[i].fd = tswap32(target_pfd[i].fd);
1610             pfd[i].events = tswap16(target_pfd[i].events);
1611         }
1612     }
1613     if (ppoll) {
1614         struct timespec _timeout_ts, *timeout_ts = &_timeout_ts;
1615         target_sigset_t *target_set;
1616         sigset_t _set, *set = &_set;
1617 
1618         if (arg3) {
1619             if (time64) {
1620                 if (target_to_host_timespec64(timeout_ts, arg3)) {
1621                     unlock_user(target_pfd, arg1, 0);
1622                     return -TARGET_EFAULT;
1623                 }
1624             } else {
1625                 if (target_to_host_timespec(timeout_ts, arg3)) {
1626                     unlock_user(target_pfd, arg1, 0);
1627                     return -TARGET_EFAULT;
1628                 }
1629             }
1630         } else {
1631             timeout_ts = NULL;
1632         }
1633 
1634         if (arg4) {
1635             if (arg5 != sizeof(target_sigset_t)) {
1636                 unlock_user(target_pfd, arg1, 0);
1637                 return -TARGET_EINVAL;
1638             }
1639 
1640             target_set = lock_user(VERIFY_READ, arg4,
1641                                    sizeof(target_sigset_t), 1);
1642             if (!target_set) {
1643                 unlock_user(target_pfd, arg1, 0);
1644                 return -TARGET_EFAULT;
1645             }
1646             target_to_host_sigset(set, target_set);
1647         } else {
1648             set = NULL;
1649         }
1650 
1651         ret = get_errno(safe_ppoll(pfd, nfds, timeout_ts,
1652                                    set, SIGSET_T_SIZE));
1653 
1654         if (!is_error(ret) && arg3) {
1655             if (time64) {
1656                 if (host_to_target_timespec64(arg3, timeout_ts)) {
1657                     return -TARGET_EFAULT;
1658                 }
1659             } else {
1660                 if (host_to_target_timespec(arg3, timeout_ts)) {
1661                     return -TARGET_EFAULT;
1662                 }
1663             }
1664         }
1665         if (arg4) {
1666             unlock_user(target_set, arg4, 0);
1667         }
1668     } else {
1669           struct timespec ts, *pts;
1670 
1671           if (arg3 >= 0) {
1672               /* Convert ms to secs, ns */
1673               ts.tv_sec = arg3 / 1000;
1674               ts.tv_nsec = (arg3 % 1000) * 1000000LL;
1675               pts = &ts;
1676           } else {
1677               /* -ve poll() timeout means "infinite" */
1678               pts = NULL;
1679           }
1680           ret = get_errno(safe_ppoll(pfd, nfds, pts, NULL, 0));
1681     }
1682 
1683     if (!is_error(ret)) {
1684         for (i = 0; i < nfds; i++) {
1685             target_pfd[i].revents = tswap16(pfd[i].revents);
1686         }
1687     }
1688     unlock_user(target_pfd, arg1, sizeof(struct target_pollfd) * nfds);
1689     return ret;
1690 }
1691 #endif
1692 
1693 static abi_long do_pipe2(int host_pipe[], int flags)
1694 {
1695 #ifdef CONFIG_PIPE2
1696     return pipe2(host_pipe, flags);
1697 #else
1698     return -ENOSYS;
1699 #endif
1700 }
1701 
1702 static abi_long do_pipe(void *cpu_env, abi_ulong pipedes,
1703                         int flags, int is_pipe2)
1704 {
1705     int host_pipe[2];
1706     abi_long ret;
1707     ret = flags ? do_pipe2(host_pipe, flags) : pipe(host_pipe);
1708 
1709     if (is_error(ret))
1710         return get_errno(ret);
1711 
1712     /* Several targets have special calling conventions for the original
1713        pipe syscall, but didn't replicate this into the pipe2 syscall.  */
1714     if (!is_pipe2) {
1715 #if defined(TARGET_ALPHA)
1716         ((CPUAlphaState *)cpu_env)->ir[IR_A4] = host_pipe[1];
1717         return host_pipe[0];
1718 #elif defined(TARGET_MIPS)
1719         ((CPUMIPSState*)cpu_env)->active_tc.gpr[3] = host_pipe[1];
1720         return host_pipe[0];
1721 #elif defined(TARGET_SH4)
1722         ((CPUSH4State*)cpu_env)->gregs[1] = host_pipe[1];
1723         return host_pipe[0];
1724 #elif defined(TARGET_SPARC)
1725         ((CPUSPARCState*)cpu_env)->regwptr[1] = host_pipe[1];
1726         return host_pipe[0];
1727 #endif
1728     }
1729 
1730     if (put_user_s32(host_pipe[0], pipedes)
1731         || put_user_s32(host_pipe[1], pipedes + sizeof(host_pipe[0])))
1732         return -TARGET_EFAULT;
1733     return get_errno(ret);
1734 }
1735 
1736 static inline abi_long target_to_host_ip_mreq(struct ip_mreqn *mreqn,
1737                                               abi_ulong target_addr,
1738                                               socklen_t len)
1739 {
1740     struct target_ip_mreqn *target_smreqn;
1741 
1742     target_smreqn = lock_user(VERIFY_READ, target_addr, len, 1);
1743     if (!target_smreqn)
1744         return -TARGET_EFAULT;
1745     mreqn->imr_multiaddr.s_addr = target_smreqn->imr_multiaddr.s_addr;
1746     mreqn->imr_address.s_addr = target_smreqn->imr_address.s_addr;
1747     if (len == sizeof(struct target_ip_mreqn))
1748         mreqn->imr_ifindex = tswapal(target_smreqn->imr_ifindex);
1749     unlock_user(target_smreqn, target_addr, 0);
1750 
1751     return 0;
1752 }
1753 
1754 static inline abi_long target_to_host_sockaddr(int fd, struct sockaddr *addr,
1755                                                abi_ulong target_addr,
1756                                                socklen_t len)
1757 {
1758     const socklen_t unix_maxlen = sizeof (struct sockaddr_un);
1759     sa_family_t sa_family;
1760     struct target_sockaddr *target_saddr;
1761 
1762     if (fd_trans_target_to_host_addr(fd)) {
1763         return fd_trans_target_to_host_addr(fd)(addr, target_addr, len);
1764     }
1765 
1766     target_saddr = lock_user(VERIFY_READ, target_addr, len, 1);
1767     if (!target_saddr)
1768         return -TARGET_EFAULT;
1769 
1770     sa_family = tswap16(target_saddr->sa_family);
1771 
1772     /* Oops. The caller might send a incomplete sun_path; sun_path
1773      * must be terminated by \0 (see the manual page), but
1774      * unfortunately it is quite common to specify sockaddr_un
1775      * length as "strlen(x->sun_path)" while it should be
1776      * "strlen(...) + 1". We'll fix that here if needed.
1777      * Linux kernel has a similar feature.
1778      */
1779 
1780     if (sa_family == AF_UNIX) {
1781         if (len < unix_maxlen && len > 0) {
1782             char *cp = (char*)target_saddr;
1783 
1784             if ( cp[len-1] && !cp[len] )
1785                 len++;
1786         }
1787         if (len > unix_maxlen)
1788             len = unix_maxlen;
1789     }
1790 
1791     memcpy(addr, target_saddr, len);
1792     addr->sa_family = sa_family;
1793     if (sa_family == AF_NETLINK) {
1794         struct sockaddr_nl *nladdr;
1795 
1796         nladdr = (struct sockaddr_nl *)addr;
1797         nladdr->nl_pid = tswap32(nladdr->nl_pid);
1798         nladdr->nl_groups = tswap32(nladdr->nl_groups);
1799     } else if (sa_family == AF_PACKET) {
1800 	struct target_sockaddr_ll *lladdr;
1801 
1802 	lladdr = (struct target_sockaddr_ll *)addr;
1803 	lladdr->sll_ifindex = tswap32(lladdr->sll_ifindex);
1804 	lladdr->sll_hatype = tswap16(lladdr->sll_hatype);
1805     }
1806     unlock_user(target_saddr, target_addr, 0);
1807 
1808     return 0;
1809 }
1810 
1811 static inline abi_long host_to_target_sockaddr(abi_ulong target_addr,
1812                                                struct sockaddr *addr,
1813                                                socklen_t len)
1814 {
1815     struct target_sockaddr *target_saddr;
1816 
1817     if (len == 0) {
1818         return 0;
1819     }
1820     assert(addr);
1821 
1822     target_saddr = lock_user(VERIFY_WRITE, target_addr, len, 0);
1823     if (!target_saddr)
1824         return -TARGET_EFAULT;
1825     memcpy(target_saddr, addr, len);
1826     if (len >= offsetof(struct target_sockaddr, sa_family) +
1827         sizeof(target_saddr->sa_family)) {
1828         target_saddr->sa_family = tswap16(addr->sa_family);
1829     }
1830     if (addr->sa_family == AF_NETLINK &&
1831         len >= sizeof(struct target_sockaddr_nl)) {
1832         struct target_sockaddr_nl *target_nl =
1833                (struct target_sockaddr_nl *)target_saddr;
1834         target_nl->nl_pid = tswap32(target_nl->nl_pid);
1835         target_nl->nl_groups = tswap32(target_nl->nl_groups);
1836     } else if (addr->sa_family == AF_PACKET) {
1837         struct sockaddr_ll *target_ll = (struct sockaddr_ll *)target_saddr;
1838         target_ll->sll_ifindex = tswap32(target_ll->sll_ifindex);
1839         target_ll->sll_hatype = tswap16(target_ll->sll_hatype);
1840     } else if (addr->sa_family == AF_INET6 &&
1841                len >= sizeof(struct target_sockaddr_in6)) {
1842         struct target_sockaddr_in6 *target_in6 =
1843                (struct target_sockaddr_in6 *)target_saddr;
1844         target_in6->sin6_scope_id = tswap16(target_in6->sin6_scope_id);
1845     }
1846     unlock_user(target_saddr, target_addr, len);
1847 
1848     return 0;
1849 }
1850 
1851 static inline abi_long target_to_host_cmsg(struct msghdr *msgh,
1852                                            struct target_msghdr *target_msgh)
1853 {
1854     struct cmsghdr *cmsg = CMSG_FIRSTHDR(msgh);
1855     abi_long msg_controllen;
1856     abi_ulong target_cmsg_addr;
1857     struct target_cmsghdr *target_cmsg, *target_cmsg_start;
1858     socklen_t space = 0;
1859 
1860     msg_controllen = tswapal(target_msgh->msg_controllen);
1861     if (msg_controllen < sizeof (struct target_cmsghdr))
1862         goto the_end;
1863     target_cmsg_addr = tswapal(target_msgh->msg_control);
1864     target_cmsg = lock_user(VERIFY_READ, target_cmsg_addr, msg_controllen, 1);
1865     target_cmsg_start = target_cmsg;
1866     if (!target_cmsg)
1867         return -TARGET_EFAULT;
1868 
1869     while (cmsg && target_cmsg) {
1870         void *data = CMSG_DATA(cmsg);
1871         void *target_data = TARGET_CMSG_DATA(target_cmsg);
1872 
1873         int len = tswapal(target_cmsg->cmsg_len)
1874             - sizeof(struct target_cmsghdr);
1875 
1876         space += CMSG_SPACE(len);
1877         if (space > msgh->msg_controllen) {
1878             space -= CMSG_SPACE(len);
1879             /* This is a QEMU bug, since we allocated the payload
1880              * area ourselves (unlike overflow in host-to-target
1881              * conversion, which is just the guest giving us a buffer
1882              * that's too small). It can't happen for the payload types
1883              * we currently support; if it becomes an issue in future
1884              * we would need to improve our allocation strategy to
1885              * something more intelligent than "twice the size of the
1886              * target buffer we're reading from".
1887              */
1888             qemu_log_mask(LOG_UNIMP,
1889                           ("Unsupported ancillary data %d/%d: "
1890                            "unhandled msg size\n"),
1891                           tswap32(target_cmsg->cmsg_level),
1892                           tswap32(target_cmsg->cmsg_type));
1893             break;
1894         }
1895 
1896         if (tswap32(target_cmsg->cmsg_level) == TARGET_SOL_SOCKET) {
1897             cmsg->cmsg_level = SOL_SOCKET;
1898         } else {
1899             cmsg->cmsg_level = tswap32(target_cmsg->cmsg_level);
1900         }
1901         cmsg->cmsg_type = tswap32(target_cmsg->cmsg_type);
1902         cmsg->cmsg_len = CMSG_LEN(len);
1903 
1904         if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {
1905             int *fd = (int *)data;
1906             int *target_fd = (int *)target_data;
1907             int i, numfds = len / sizeof(int);
1908 
1909             for (i = 0; i < numfds; i++) {
1910                 __get_user(fd[i], target_fd + i);
1911             }
1912         } else if (cmsg->cmsg_level == SOL_SOCKET
1913                &&  cmsg->cmsg_type == SCM_CREDENTIALS) {
1914             struct ucred *cred = (struct ucred *)data;
1915             struct target_ucred *target_cred =
1916                 (struct target_ucred *)target_data;
1917 
1918             __get_user(cred->pid, &target_cred->pid);
1919             __get_user(cred->uid, &target_cred->uid);
1920             __get_user(cred->gid, &target_cred->gid);
1921         } else {
1922             qemu_log_mask(LOG_UNIMP, "Unsupported ancillary data: %d/%d\n",
1923                           cmsg->cmsg_level, cmsg->cmsg_type);
1924             memcpy(data, target_data, len);
1925         }
1926 
1927         cmsg = CMSG_NXTHDR(msgh, cmsg);
1928         target_cmsg = TARGET_CMSG_NXTHDR(target_msgh, target_cmsg,
1929                                          target_cmsg_start);
1930     }
1931     unlock_user(target_cmsg, target_cmsg_addr, 0);
1932  the_end:
1933     msgh->msg_controllen = space;
1934     return 0;
1935 }
1936 
1937 static inline abi_long host_to_target_cmsg(struct target_msghdr *target_msgh,
1938                                            struct msghdr *msgh)
1939 {
1940     struct cmsghdr *cmsg = CMSG_FIRSTHDR(msgh);
1941     abi_long msg_controllen;
1942     abi_ulong target_cmsg_addr;
1943     struct target_cmsghdr *target_cmsg, *target_cmsg_start;
1944     socklen_t space = 0;
1945 
1946     msg_controllen = tswapal(target_msgh->msg_controllen);
1947     if (msg_controllen < sizeof (struct target_cmsghdr))
1948         goto the_end;
1949     target_cmsg_addr = tswapal(target_msgh->msg_control);
1950     target_cmsg = lock_user(VERIFY_WRITE, target_cmsg_addr, msg_controllen, 0);
1951     target_cmsg_start = target_cmsg;
1952     if (!target_cmsg)
1953         return -TARGET_EFAULT;
1954 
1955     while (cmsg && target_cmsg) {
1956         void *data = CMSG_DATA(cmsg);
1957         void *target_data = TARGET_CMSG_DATA(target_cmsg);
1958 
1959         int len = cmsg->cmsg_len - sizeof(struct cmsghdr);
1960         int tgt_len, tgt_space;
1961 
1962         /* We never copy a half-header but may copy half-data;
1963          * this is Linux's behaviour in put_cmsg(). Note that
1964          * truncation here is a guest problem (which we report
1965          * to the guest via the CTRUNC bit), unlike truncation
1966          * in target_to_host_cmsg, which is a QEMU bug.
1967          */
1968         if (msg_controllen < sizeof(struct target_cmsghdr)) {
1969             target_msgh->msg_flags |= tswap32(MSG_CTRUNC);
1970             break;
1971         }
1972 
1973         if (cmsg->cmsg_level == SOL_SOCKET) {
1974             target_cmsg->cmsg_level = tswap32(TARGET_SOL_SOCKET);
1975         } else {
1976             target_cmsg->cmsg_level = tswap32(cmsg->cmsg_level);
1977         }
1978         target_cmsg->cmsg_type = tswap32(cmsg->cmsg_type);
1979 
1980         /* Payload types which need a different size of payload on
1981          * the target must adjust tgt_len here.
1982          */
1983         tgt_len = len;
1984         switch (cmsg->cmsg_level) {
1985         case SOL_SOCKET:
1986             switch (cmsg->cmsg_type) {
1987             case SO_TIMESTAMP:
1988                 tgt_len = sizeof(struct target_timeval);
1989                 break;
1990             default:
1991                 break;
1992             }
1993             break;
1994         default:
1995             break;
1996         }
1997 
1998         if (msg_controllen < TARGET_CMSG_LEN(tgt_len)) {
1999             target_msgh->msg_flags |= tswap32(MSG_CTRUNC);
2000             tgt_len = msg_controllen - sizeof(struct target_cmsghdr);
2001         }
2002 
2003         /* We must now copy-and-convert len bytes of payload
2004          * into tgt_len bytes of destination space. Bear in mind
2005          * that in both source and destination we may be dealing
2006          * with a truncated value!
2007          */
2008         switch (cmsg->cmsg_level) {
2009         case SOL_SOCKET:
2010             switch (cmsg->cmsg_type) {
2011             case SCM_RIGHTS:
2012             {
2013                 int *fd = (int *)data;
2014                 int *target_fd = (int *)target_data;
2015                 int i, numfds = tgt_len / sizeof(int);
2016 
2017                 for (i = 0; i < numfds; i++) {
2018                     __put_user(fd[i], target_fd + i);
2019                 }
2020                 break;
2021             }
2022             case SO_TIMESTAMP:
2023             {
2024                 struct timeval *tv = (struct timeval *)data;
2025                 struct target_timeval *target_tv =
2026                     (struct target_timeval *)target_data;
2027 
2028                 if (len != sizeof(struct timeval) ||
2029                     tgt_len != sizeof(struct target_timeval)) {
2030                     goto unimplemented;
2031                 }
2032 
2033                 /* copy struct timeval to target */
2034                 __put_user(tv->tv_sec, &target_tv->tv_sec);
2035                 __put_user(tv->tv_usec, &target_tv->tv_usec);
2036                 break;
2037             }
2038             case SCM_CREDENTIALS:
2039             {
2040                 struct ucred *cred = (struct ucred *)data;
2041                 struct target_ucred *target_cred =
2042                     (struct target_ucred *)target_data;
2043 
2044                 __put_user(cred->pid, &target_cred->pid);
2045                 __put_user(cred->uid, &target_cred->uid);
2046                 __put_user(cred->gid, &target_cred->gid);
2047                 break;
2048             }
2049             default:
2050                 goto unimplemented;
2051             }
2052             break;
2053 
2054         case SOL_IP:
2055             switch (cmsg->cmsg_type) {
2056             case IP_TTL:
2057             {
2058                 uint32_t *v = (uint32_t *)data;
2059                 uint32_t *t_int = (uint32_t *)target_data;
2060 
2061                 if (len != sizeof(uint32_t) ||
2062                     tgt_len != sizeof(uint32_t)) {
2063                     goto unimplemented;
2064                 }
2065                 __put_user(*v, t_int);
2066                 break;
2067             }
2068             case IP_RECVERR:
2069             {
2070                 struct errhdr_t {
2071                    struct sock_extended_err ee;
2072                    struct sockaddr_in offender;
2073                 };
2074                 struct errhdr_t *errh = (struct errhdr_t *)data;
2075                 struct errhdr_t *target_errh =
2076                     (struct errhdr_t *)target_data;
2077 
2078                 if (len != sizeof(struct errhdr_t) ||
2079                     tgt_len != sizeof(struct errhdr_t)) {
2080                     goto unimplemented;
2081                 }
2082                 __put_user(errh->ee.ee_errno, &target_errh->ee.ee_errno);
2083                 __put_user(errh->ee.ee_origin, &target_errh->ee.ee_origin);
2084                 __put_user(errh->ee.ee_type,  &target_errh->ee.ee_type);
2085                 __put_user(errh->ee.ee_code, &target_errh->ee.ee_code);
2086                 __put_user(errh->ee.ee_pad, &target_errh->ee.ee_pad);
2087                 __put_user(errh->ee.ee_info, &target_errh->ee.ee_info);
2088                 __put_user(errh->ee.ee_data, &target_errh->ee.ee_data);
2089                 host_to_target_sockaddr((unsigned long) &target_errh->offender,
2090                     (void *) &errh->offender, sizeof(errh->offender));
2091                 break;
2092             }
2093             default:
2094                 goto unimplemented;
2095             }
2096             break;
2097 
2098         case SOL_IPV6:
2099             switch (cmsg->cmsg_type) {
2100             case IPV6_HOPLIMIT:
2101             {
2102                 uint32_t *v = (uint32_t *)data;
2103                 uint32_t *t_int = (uint32_t *)target_data;
2104 
2105                 if (len != sizeof(uint32_t) ||
2106                     tgt_len != sizeof(uint32_t)) {
2107                     goto unimplemented;
2108                 }
2109                 __put_user(*v, t_int);
2110                 break;
2111             }
2112             case IPV6_RECVERR:
2113             {
2114                 struct errhdr6_t {
2115                    struct sock_extended_err ee;
2116                    struct sockaddr_in6 offender;
2117                 };
2118                 struct errhdr6_t *errh = (struct errhdr6_t *)data;
2119                 struct errhdr6_t *target_errh =
2120                     (struct errhdr6_t *)target_data;
2121 
2122                 if (len != sizeof(struct errhdr6_t) ||
2123                     tgt_len != sizeof(struct errhdr6_t)) {
2124                     goto unimplemented;
2125                 }
2126                 __put_user(errh->ee.ee_errno, &target_errh->ee.ee_errno);
2127                 __put_user(errh->ee.ee_origin, &target_errh->ee.ee_origin);
2128                 __put_user(errh->ee.ee_type,  &target_errh->ee.ee_type);
2129                 __put_user(errh->ee.ee_code, &target_errh->ee.ee_code);
2130                 __put_user(errh->ee.ee_pad, &target_errh->ee.ee_pad);
2131                 __put_user(errh->ee.ee_info, &target_errh->ee.ee_info);
2132                 __put_user(errh->ee.ee_data, &target_errh->ee.ee_data);
2133                 host_to_target_sockaddr((unsigned long) &target_errh->offender,
2134                     (void *) &errh->offender, sizeof(errh->offender));
2135                 break;
2136             }
2137             default:
2138                 goto unimplemented;
2139             }
2140             break;
2141 
2142         default:
2143         unimplemented:
2144             qemu_log_mask(LOG_UNIMP, "Unsupported ancillary data: %d/%d\n",
2145                           cmsg->cmsg_level, cmsg->cmsg_type);
2146             memcpy(target_data, data, MIN(len, tgt_len));
2147             if (tgt_len > len) {
2148                 memset(target_data + len, 0, tgt_len - len);
2149             }
2150         }
2151 
2152         target_cmsg->cmsg_len = tswapal(TARGET_CMSG_LEN(tgt_len));
2153         tgt_space = TARGET_CMSG_SPACE(tgt_len);
2154         if (msg_controllen < tgt_space) {
2155             tgt_space = msg_controllen;
2156         }
2157         msg_controllen -= tgt_space;
2158         space += tgt_space;
2159         cmsg = CMSG_NXTHDR(msgh, cmsg);
2160         target_cmsg = TARGET_CMSG_NXTHDR(target_msgh, target_cmsg,
2161                                          target_cmsg_start);
2162     }
2163     unlock_user(target_cmsg, target_cmsg_addr, space);
2164  the_end:
2165     target_msgh->msg_controllen = tswapal(space);
2166     return 0;
2167 }
2168 
2169 /* do_setsockopt() Must return target values and target errnos. */
2170 static abi_long do_setsockopt(int sockfd, int level, int optname,
2171                               abi_ulong optval_addr, socklen_t optlen)
2172 {
2173     abi_long ret;
2174     int val;
2175     struct ip_mreqn *ip_mreq;
2176     struct ip_mreq_source *ip_mreq_source;
2177 
2178     switch(level) {
2179     case SOL_TCP:
2180         /* TCP options all take an 'int' value.  */
2181         if (optlen < sizeof(uint32_t))
2182             return -TARGET_EINVAL;
2183 
2184         if (get_user_u32(val, optval_addr))
2185             return -TARGET_EFAULT;
2186         ret = get_errno(setsockopt(sockfd, level, optname, &val, sizeof(val)));
2187         break;
2188     case SOL_IP:
2189         switch(optname) {
2190         case IP_TOS:
2191         case IP_TTL:
2192         case IP_HDRINCL:
2193         case IP_ROUTER_ALERT:
2194         case IP_RECVOPTS:
2195         case IP_RETOPTS:
2196         case IP_PKTINFO:
2197         case IP_MTU_DISCOVER:
2198         case IP_RECVERR:
2199         case IP_RECVTTL:
2200         case IP_RECVTOS:
2201 #ifdef IP_FREEBIND
2202         case IP_FREEBIND:
2203 #endif
2204         case IP_MULTICAST_TTL:
2205         case IP_MULTICAST_LOOP:
2206             val = 0;
2207             if (optlen >= sizeof(uint32_t)) {
2208                 if (get_user_u32(val, optval_addr))
2209                     return -TARGET_EFAULT;
2210             } else if (optlen >= 1) {
2211                 if (get_user_u8(val, optval_addr))
2212                     return -TARGET_EFAULT;
2213             }
2214             ret = get_errno(setsockopt(sockfd, level, optname, &val, sizeof(val)));
2215             break;
2216         case IP_ADD_MEMBERSHIP:
2217         case IP_DROP_MEMBERSHIP:
2218             if (optlen < sizeof (struct target_ip_mreq) ||
2219                 optlen > sizeof (struct target_ip_mreqn))
2220                 return -TARGET_EINVAL;
2221 
2222             ip_mreq = (struct ip_mreqn *) alloca(optlen);
2223             target_to_host_ip_mreq(ip_mreq, optval_addr, optlen);
2224             ret = get_errno(setsockopt(sockfd, level, optname, ip_mreq, optlen));
2225             break;
2226 
2227         case IP_BLOCK_SOURCE:
2228         case IP_UNBLOCK_SOURCE:
2229         case IP_ADD_SOURCE_MEMBERSHIP:
2230         case IP_DROP_SOURCE_MEMBERSHIP:
2231             if (optlen != sizeof (struct target_ip_mreq_source))
2232                 return -TARGET_EINVAL;
2233 
2234             ip_mreq_source = lock_user(VERIFY_READ, optval_addr, optlen, 1);
2235             ret = get_errno(setsockopt(sockfd, level, optname, ip_mreq_source, optlen));
2236             unlock_user (ip_mreq_source, optval_addr, 0);
2237             break;
2238 
2239         default:
2240             goto unimplemented;
2241         }
2242         break;
2243     case SOL_IPV6:
2244         switch (optname) {
2245         case IPV6_MTU_DISCOVER:
2246         case IPV6_MTU:
2247         case IPV6_V6ONLY:
2248         case IPV6_RECVPKTINFO:
2249         case IPV6_UNICAST_HOPS:
2250         case IPV6_MULTICAST_HOPS:
2251         case IPV6_MULTICAST_LOOP:
2252         case IPV6_RECVERR:
2253         case IPV6_RECVHOPLIMIT:
2254         case IPV6_2292HOPLIMIT:
2255         case IPV6_CHECKSUM:
2256         case IPV6_ADDRFORM:
2257         case IPV6_2292PKTINFO:
2258         case IPV6_RECVTCLASS:
2259         case IPV6_RECVRTHDR:
2260         case IPV6_2292RTHDR:
2261         case IPV6_RECVHOPOPTS:
2262         case IPV6_2292HOPOPTS:
2263         case IPV6_RECVDSTOPTS:
2264         case IPV6_2292DSTOPTS:
2265         case IPV6_TCLASS:
2266 #ifdef IPV6_RECVPATHMTU
2267         case IPV6_RECVPATHMTU:
2268 #endif
2269 #ifdef IPV6_TRANSPARENT
2270         case IPV6_TRANSPARENT:
2271 #endif
2272 #ifdef IPV6_FREEBIND
2273         case IPV6_FREEBIND:
2274 #endif
2275 #ifdef IPV6_RECVORIGDSTADDR
2276         case IPV6_RECVORIGDSTADDR:
2277 #endif
2278             val = 0;
2279             if (optlen < sizeof(uint32_t)) {
2280                 return -TARGET_EINVAL;
2281             }
2282             if (get_user_u32(val, optval_addr)) {
2283                 return -TARGET_EFAULT;
2284             }
2285             ret = get_errno(setsockopt(sockfd, level, optname,
2286                                        &val, sizeof(val)));
2287             break;
2288         case IPV6_PKTINFO:
2289         {
2290             struct in6_pktinfo pki;
2291 
2292             if (optlen < sizeof(pki)) {
2293                 return -TARGET_EINVAL;
2294             }
2295 
2296             if (copy_from_user(&pki, optval_addr, sizeof(pki))) {
2297                 return -TARGET_EFAULT;
2298             }
2299 
2300             pki.ipi6_ifindex = tswap32(pki.ipi6_ifindex);
2301 
2302             ret = get_errno(setsockopt(sockfd, level, optname,
2303                                        &pki, sizeof(pki)));
2304             break;
2305         }
2306         case IPV6_ADD_MEMBERSHIP:
2307         case IPV6_DROP_MEMBERSHIP:
2308         {
2309             struct ipv6_mreq ipv6mreq;
2310 
2311             if (optlen < sizeof(ipv6mreq)) {
2312                 return -TARGET_EINVAL;
2313             }
2314 
2315             if (copy_from_user(&ipv6mreq, optval_addr, sizeof(ipv6mreq))) {
2316                 return -TARGET_EFAULT;
2317             }
2318 
2319             ipv6mreq.ipv6mr_interface = tswap32(ipv6mreq.ipv6mr_interface);
2320 
2321             ret = get_errno(setsockopt(sockfd, level, optname,
2322                                        &ipv6mreq, sizeof(ipv6mreq)));
2323             break;
2324         }
2325         default:
2326             goto unimplemented;
2327         }
2328         break;
2329     case SOL_ICMPV6:
2330         switch (optname) {
2331         case ICMPV6_FILTER:
2332         {
2333             struct icmp6_filter icmp6f;
2334 
2335             if (optlen > sizeof(icmp6f)) {
2336                 optlen = sizeof(icmp6f);
2337             }
2338 
2339             if (copy_from_user(&icmp6f, optval_addr, optlen)) {
2340                 return -TARGET_EFAULT;
2341             }
2342 
2343             for (val = 0; val < 8; val++) {
2344                 icmp6f.data[val] = tswap32(icmp6f.data[val]);
2345             }
2346 
2347             ret = get_errno(setsockopt(sockfd, level, optname,
2348                                        &icmp6f, optlen));
2349             break;
2350         }
2351         default:
2352             goto unimplemented;
2353         }
2354         break;
2355     case SOL_RAW:
2356         switch (optname) {
2357         case ICMP_FILTER:
2358         case IPV6_CHECKSUM:
2359             /* those take an u32 value */
2360             if (optlen < sizeof(uint32_t)) {
2361                 return -TARGET_EINVAL;
2362             }
2363 
2364             if (get_user_u32(val, optval_addr)) {
2365                 return -TARGET_EFAULT;
2366             }
2367             ret = get_errno(setsockopt(sockfd, level, optname,
2368                                        &val, sizeof(val)));
2369             break;
2370 
2371         default:
2372             goto unimplemented;
2373         }
2374         break;
2375 #if defined(SOL_ALG) && defined(ALG_SET_KEY) && defined(ALG_SET_AEAD_AUTHSIZE)
2376     case SOL_ALG:
2377         switch (optname) {
2378         case ALG_SET_KEY:
2379         {
2380             char *alg_key = g_malloc(optlen);
2381 
2382             if (!alg_key) {
2383                 return -TARGET_ENOMEM;
2384             }
2385             if (copy_from_user(alg_key, optval_addr, optlen)) {
2386                 g_free(alg_key);
2387                 return -TARGET_EFAULT;
2388             }
2389             ret = get_errno(setsockopt(sockfd, level, optname,
2390                                        alg_key, optlen));
2391             g_free(alg_key);
2392             break;
2393         }
2394         case ALG_SET_AEAD_AUTHSIZE:
2395         {
2396             ret = get_errno(setsockopt(sockfd, level, optname,
2397                                        NULL, optlen));
2398             break;
2399         }
2400         default:
2401             goto unimplemented;
2402         }
2403         break;
2404 #endif
2405     case TARGET_SOL_SOCKET:
2406         switch (optname) {
2407         case TARGET_SO_RCVTIMEO:
2408         {
2409                 struct timeval tv;
2410 
2411                 optname = SO_RCVTIMEO;
2412 
2413 set_timeout:
2414                 if (optlen != sizeof(struct target_timeval)) {
2415                     return -TARGET_EINVAL;
2416                 }
2417 
2418                 if (copy_from_user_timeval(&tv, optval_addr)) {
2419                     return -TARGET_EFAULT;
2420                 }
2421 
2422                 ret = get_errno(setsockopt(sockfd, SOL_SOCKET, optname,
2423                                 &tv, sizeof(tv)));
2424                 return ret;
2425         }
2426         case TARGET_SO_SNDTIMEO:
2427                 optname = SO_SNDTIMEO;
2428                 goto set_timeout;
2429         case TARGET_SO_ATTACH_FILTER:
2430         {
2431                 struct target_sock_fprog *tfprog;
2432                 struct target_sock_filter *tfilter;
2433                 struct sock_fprog fprog;
2434                 struct sock_filter *filter;
2435                 int i;
2436 
2437                 if (optlen != sizeof(*tfprog)) {
2438                     return -TARGET_EINVAL;
2439                 }
2440                 if (!lock_user_struct(VERIFY_READ, tfprog, optval_addr, 0)) {
2441                     return -TARGET_EFAULT;
2442                 }
2443                 if (!lock_user_struct(VERIFY_READ, tfilter,
2444                                       tswapal(tfprog->filter), 0)) {
2445                     unlock_user_struct(tfprog, optval_addr, 1);
2446                     return -TARGET_EFAULT;
2447                 }
2448 
2449                 fprog.len = tswap16(tfprog->len);
2450                 filter = g_try_new(struct sock_filter, fprog.len);
2451                 if (filter == NULL) {
2452                     unlock_user_struct(tfilter, tfprog->filter, 1);
2453                     unlock_user_struct(tfprog, optval_addr, 1);
2454                     return -TARGET_ENOMEM;
2455                 }
2456                 for (i = 0; i < fprog.len; i++) {
2457                     filter[i].code = tswap16(tfilter[i].code);
2458                     filter[i].jt = tfilter[i].jt;
2459                     filter[i].jf = tfilter[i].jf;
2460                     filter[i].k = tswap32(tfilter[i].k);
2461                 }
2462                 fprog.filter = filter;
2463 
2464                 ret = get_errno(setsockopt(sockfd, SOL_SOCKET,
2465                                 SO_ATTACH_FILTER, &fprog, sizeof(fprog)));
2466                 g_free(filter);
2467 
2468                 unlock_user_struct(tfilter, tfprog->filter, 1);
2469                 unlock_user_struct(tfprog, optval_addr, 1);
2470                 return ret;
2471         }
2472 	case TARGET_SO_BINDTODEVICE:
2473 	{
2474 		char *dev_ifname, *addr_ifname;
2475 
2476 		if (optlen > IFNAMSIZ - 1) {
2477 		    optlen = IFNAMSIZ - 1;
2478 		}
2479 		dev_ifname = lock_user(VERIFY_READ, optval_addr, optlen, 1);
2480 		if (!dev_ifname) {
2481 		    return -TARGET_EFAULT;
2482 		}
2483 		optname = SO_BINDTODEVICE;
2484 		addr_ifname = alloca(IFNAMSIZ);
2485 		memcpy(addr_ifname, dev_ifname, optlen);
2486 		addr_ifname[optlen] = 0;
2487 		ret = get_errno(setsockopt(sockfd, SOL_SOCKET, optname,
2488                                            addr_ifname, optlen));
2489 		unlock_user (dev_ifname, optval_addr, 0);
2490 		return ret;
2491 	}
2492         case TARGET_SO_LINGER:
2493         {
2494                 struct linger lg;
2495                 struct target_linger *tlg;
2496 
2497                 if (optlen != sizeof(struct target_linger)) {
2498                     return -TARGET_EINVAL;
2499                 }
2500                 if (!lock_user_struct(VERIFY_READ, tlg, optval_addr, 1)) {
2501                     return -TARGET_EFAULT;
2502                 }
2503                 __get_user(lg.l_onoff, &tlg->l_onoff);
2504                 __get_user(lg.l_linger, &tlg->l_linger);
2505                 ret = get_errno(setsockopt(sockfd, SOL_SOCKET, SO_LINGER,
2506                                 &lg, sizeof(lg)));
2507                 unlock_user_struct(tlg, optval_addr, 0);
2508                 return ret;
2509         }
2510             /* Options with 'int' argument.  */
2511         case TARGET_SO_DEBUG:
2512 		optname = SO_DEBUG;
2513 		break;
2514         case TARGET_SO_REUSEADDR:
2515 		optname = SO_REUSEADDR;
2516 		break;
2517 #ifdef SO_REUSEPORT
2518         case TARGET_SO_REUSEPORT:
2519                 optname = SO_REUSEPORT;
2520                 break;
2521 #endif
2522         case TARGET_SO_TYPE:
2523 		optname = SO_TYPE;
2524 		break;
2525         case TARGET_SO_ERROR:
2526 		optname = SO_ERROR;
2527 		break;
2528         case TARGET_SO_DONTROUTE:
2529 		optname = SO_DONTROUTE;
2530 		break;
2531         case TARGET_SO_BROADCAST:
2532 		optname = SO_BROADCAST;
2533 		break;
2534         case TARGET_SO_SNDBUF:
2535 		optname = SO_SNDBUF;
2536 		break;
2537         case TARGET_SO_SNDBUFFORCE:
2538                 optname = SO_SNDBUFFORCE;
2539                 break;
2540         case TARGET_SO_RCVBUF:
2541 		optname = SO_RCVBUF;
2542 		break;
2543         case TARGET_SO_RCVBUFFORCE:
2544                 optname = SO_RCVBUFFORCE;
2545                 break;
2546         case TARGET_SO_KEEPALIVE:
2547 		optname = SO_KEEPALIVE;
2548 		break;
2549         case TARGET_SO_OOBINLINE:
2550 		optname = SO_OOBINLINE;
2551 		break;
2552         case TARGET_SO_NO_CHECK:
2553 		optname = SO_NO_CHECK;
2554 		break;
2555         case TARGET_SO_PRIORITY:
2556 		optname = SO_PRIORITY;
2557 		break;
2558 #ifdef SO_BSDCOMPAT
2559         case TARGET_SO_BSDCOMPAT:
2560 		optname = SO_BSDCOMPAT;
2561 		break;
2562 #endif
2563         case TARGET_SO_PASSCRED:
2564 		optname = SO_PASSCRED;
2565 		break;
2566         case TARGET_SO_PASSSEC:
2567                 optname = SO_PASSSEC;
2568                 break;
2569         case TARGET_SO_TIMESTAMP:
2570 		optname = SO_TIMESTAMP;
2571 		break;
2572         case TARGET_SO_RCVLOWAT:
2573 		optname = SO_RCVLOWAT;
2574 		break;
2575         default:
2576             goto unimplemented;
2577         }
2578 	if (optlen < sizeof(uint32_t))
2579             return -TARGET_EINVAL;
2580 
2581 	if (get_user_u32(val, optval_addr))
2582             return -TARGET_EFAULT;
2583 	ret = get_errno(setsockopt(sockfd, SOL_SOCKET, optname, &val, sizeof(val)));
2584         break;
2585 #ifdef SOL_NETLINK
2586     case SOL_NETLINK:
2587         switch (optname) {
2588         case NETLINK_PKTINFO:
2589         case NETLINK_ADD_MEMBERSHIP:
2590         case NETLINK_DROP_MEMBERSHIP:
2591         case NETLINK_BROADCAST_ERROR:
2592         case NETLINK_NO_ENOBUFS:
2593 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 2, 0)
2594         case NETLINK_LISTEN_ALL_NSID:
2595         case NETLINK_CAP_ACK:
2596 #endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(4, 2, 0) */
2597 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 12, 0)
2598         case NETLINK_EXT_ACK:
2599 #endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(4, 12, 0) */
2600 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 20, 0)
2601         case NETLINK_GET_STRICT_CHK:
2602 #endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(4, 12, 0) */
2603             break;
2604         default:
2605             goto unimplemented;
2606         }
2607         val = 0;
2608         if (optlen < sizeof(uint32_t)) {
2609             return -TARGET_EINVAL;
2610         }
2611         if (get_user_u32(val, optval_addr)) {
2612             return -TARGET_EFAULT;
2613         }
2614         ret = get_errno(setsockopt(sockfd, SOL_NETLINK, optname, &val,
2615                                    sizeof(val)));
2616         break;
2617 #endif /* SOL_NETLINK */
2618     default:
2619     unimplemented:
2620         qemu_log_mask(LOG_UNIMP, "Unsupported setsockopt level=%d optname=%d\n",
2621                       level, optname);
2622         ret = -TARGET_ENOPROTOOPT;
2623     }
2624     return ret;
2625 }
2626 
2627 /* do_getsockopt() Must return target values and target errnos. */
2628 static abi_long do_getsockopt(int sockfd, int level, int optname,
2629                               abi_ulong optval_addr, abi_ulong optlen)
2630 {
2631     abi_long ret;
2632     int len, val;
2633     socklen_t lv;
2634 
2635     switch(level) {
2636     case TARGET_SOL_SOCKET:
2637         level = SOL_SOCKET;
2638         switch (optname) {
2639         /* These don't just return a single integer */
2640         case TARGET_SO_PEERNAME:
2641             goto unimplemented;
2642         case TARGET_SO_RCVTIMEO: {
2643             struct timeval tv;
2644             socklen_t tvlen;
2645 
2646             optname = SO_RCVTIMEO;
2647 
2648 get_timeout:
2649             if (get_user_u32(len, optlen)) {
2650                 return -TARGET_EFAULT;
2651             }
2652             if (len < 0) {
2653                 return -TARGET_EINVAL;
2654             }
2655 
2656             tvlen = sizeof(tv);
2657             ret = get_errno(getsockopt(sockfd, level, optname,
2658                                        &tv, &tvlen));
2659             if (ret < 0) {
2660                 return ret;
2661             }
2662             if (len > sizeof(struct target_timeval)) {
2663                 len = sizeof(struct target_timeval);
2664             }
2665             if (copy_to_user_timeval(optval_addr, &tv)) {
2666                 return -TARGET_EFAULT;
2667             }
2668             if (put_user_u32(len, optlen)) {
2669                 return -TARGET_EFAULT;
2670             }
2671             break;
2672         }
2673         case TARGET_SO_SNDTIMEO:
2674             optname = SO_SNDTIMEO;
2675             goto get_timeout;
2676         case TARGET_SO_PEERCRED: {
2677             struct ucred cr;
2678             socklen_t crlen;
2679             struct target_ucred *tcr;
2680 
2681             if (get_user_u32(len, optlen)) {
2682                 return -TARGET_EFAULT;
2683             }
2684             if (len < 0) {
2685                 return -TARGET_EINVAL;
2686             }
2687 
2688             crlen = sizeof(cr);
2689             ret = get_errno(getsockopt(sockfd, level, SO_PEERCRED,
2690                                        &cr, &crlen));
2691             if (ret < 0) {
2692                 return ret;
2693             }
2694             if (len > crlen) {
2695                 len = crlen;
2696             }
2697             if (!lock_user_struct(VERIFY_WRITE, tcr, optval_addr, 0)) {
2698                 return -TARGET_EFAULT;
2699             }
2700             __put_user(cr.pid, &tcr->pid);
2701             __put_user(cr.uid, &tcr->uid);
2702             __put_user(cr.gid, &tcr->gid);
2703             unlock_user_struct(tcr, optval_addr, 1);
2704             if (put_user_u32(len, optlen)) {
2705                 return -TARGET_EFAULT;
2706             }
2707             break;
2708         }
2709         case TARGET_SO_PEERSEC: {
2710             char *name;
2711 
2712             if (get_user_u32(len, optlen)) {
2713                 return -TARGET_EFAULT;
2714             }
2715             if (len < 0) {
2716                 return -TARGET_EINVAL;
2717             }
2718             name = lock_user(VERIFY_WRITE, optval_addr, len, 0);
2719             if (!name) {
2720                 return -TARGET_EFAULT;
2721             }
2722             lv = len;
2723             ret = get_errno(getsockopt(sockfd, level, SO_PEERSEC,
2724                                        name, &lv));
2725             if (put_user_u32(lv, optlen)) {
2726                 ret = -TARGET_EFAULT;
2727             }
2728             unlock_user(name, optval_addr, lv);
2729             break;
2730         }
2731         case TARGET_SO_LINGER:
2732         {
2733             struct linger lg;
2734             socklen_t lglen;
2735             struct target_linger *tlg;
2736 
2737             if (get_user_u32(len, optlen)) {
2738                 return -TARGET_EFAULT;
2739             }
2740             if (len < 0) {
2741                 return -TARGET_EINVAL;
2742             }
2743 
2744             lglen = sizeof(lg);
2745             ret = get_errno(getsockopt(sockfd, level, SO_LINGER,
2746                                        &lg, &lglen));
2747             if (ret < 0) {
2748                 return ret;
2749             }
2750             if (len > lglen) {
2751                 len = lglen;
2752             }
2753             if (!lock_user_struct(VERIFY_WRITE, tlg, optval_addr, 0)) {
2754                 return -TARGET_EFAULT;
2755             }
2756             __put_user(lg.l_onoff, &tlg->l_onoff);
2757             __put_user(lg.l_linger, &tlg->l_linger);
2758             unlock_user_struct(tlg, optval_addr, 1);
2759             if (put_user_u32(len, optlen)) {
2760                 return -TARGET_EFAULT;
2761             }
2762             break;
2763         }
2764         /* Options with 'int' argument.  */
2765         case TARGET_SO_DEBUG:
2766             optname = SO_DEBUG;
2767             goto int_case;
2768         case TARGET_SO_REUSEADDR:
2769             optname = SO_REUSEADDR;
2770             goto int_case;
2771 #ifdef SO_REUSEPORT
2772         case TARGET_SO_REUSEPORT:
2773             optname = SO_REUSEPORT;
2774             goto int_case;
2775 #endif
2776         case TARGET_SO_TYPE:
2777             optname = SO_TYPE;
2778             goto int_case;
2779         case TARGET_SO_ERROR:
2780             optname = SO_ERROR;
2781             goto int_case;
2782         case TARGET_SO_DONTROUTE:
2783             optname = SO_DONTROUTE;
2784             goto int_case;
2785         case TARGET_SO_BROADCAST:
2786             optname = SO_BROADCAST;
2787             goto int_case;
2788         case TARGET_SO_SNDBUF:
2789             optname = SO_SNDBUF;
2790             goto int_case;
2791         case TARGET_SO_RCVBUF:
2792             optname = SO_RCVBUF;
2793             goto int_case;
2794         case TARGET_SO_KEEPALIVE:
2795             optname = SO_KEEPALIVE;
2796             goto int_case;
2797         case TARGET_SO_OOBINLINE:
2798             optname = SO_OOBINLINE;
2799             goto int_case;
2800         case TARGET_SO_NO_CHECK:
2801             optname = SO_NO_CHECK;
2802             goto int_case;
2803         case TARGET_SO_PRIORITY:
2804             optname = SO_PRIORITY;
2805             goto int_case;
2806 #ifdef SO_BSDCOMPAT
2807         case TARGET_SO_BSDCOMPAT:
2808             optname = SO_BSDCOMPAT;
2809             goto int_case;
2810 #endif
2811         case TARGET_SO_PASSCRED:
2812             optname = SO_PASSCRED;
2813             goto int_case;
2814         case TARGET_SO_TIMESTAMP:
2815             optname = SO_TIMESTAMP;
2816             goto int_case;
2817         case TARGET_SO_RCVLOWAT:
2818             optname = SO_RCVLOWAT;
2819             goto int_case;
2820         case TARGET_SO_ACCEPTCONN:
2821             optname = SO_ACCEPTCONN;
2822             goto int_case;
2823         default:
2824             goto int_case;
2825         }
2826         break;
2827     case SOL_TCP:
2828         /* TCP options all take an 'int' value.  */
2829     int_case:
2830         if (get_user_u32(len, optlen))
2831             return -TARGET_EFAULT;
2832         if (len < 0)
2833             return -TARGET_EINVAL;
2834         lv = sizeof(lv);
2835         ret = get_errno(getsockopt(sockfd, level, optname, &val, &lv));
2836         if (ret < 0)
2837             return ret;
2838         if (optname == SO_TYPE) {
2839             val = host_to_target_sock_type(val);
2840         }
2841         if (len > lv)
2842             len = lv;
2843         if (len == 4) {
2844             if (put_user_u32(val, optval_addr))
2845                 return -TARGET_EFAULT;
2846         } else {
2847             if (put_user_u8(val, optval_addr))
2848                 return -TARGET_EFAULT;
2849         }
2850         if (put_user_u32(len, optlen))
2851             return -TARGET_EFAULT;
2852         break;
2853     case SOL_IP:
2854         switch(optname) {
2855         case IP_TOS:
2856         case IP_TTL:
2857         case IP_HDRINCL:
2858         case IP_ROUTER_ALERT:
2859         case IP_RECVOPTS:
2860         case IP_RETOPTS:
2861         case IP_PKTINFO:
2862         case IP_MTU_DISCOVER:
2863         case IP_RECVERR:
2864         case IP_RECVTOS:
2865 #ifdef IP_FREEBIND
2866         case IP_FREEBIND:
2867 #endif
2868         case IP_MULTICAST_TTL:
2869         case IP_MULTICAST_LOOP:
2870             if (get_user_u32(len, optlen))
2871                 return -TARGET_EFAULT;
2872             if (len < 0)
2873                 return -TARGET_EINVAL;
2874             lv = sizeof(lv);
2875             ret = get_errno(getsockopt(sockfd, level, optname, &val, &lv));
2876             if (ret < 0)
2877                 return ret;
2878             if (len < sizeof(int) && len > 0 && val >= 0 && val < 255) {
2879                 len = 1;
2880                 if (put_user_u32(len, optlen)
2881                     || put_user_u8(val, optval_addr))
2882                     return -TARGET_EFAULT;
2883             } else {
2884                 if (len > sizeof(int))
2885                     len = sizeof(int);
2886                 if (put_user_u32(len, optlen)
2887                     || put_user_u32(val, optval_addr))
2888                     return -TARGET_EFAULT;
2889             }
2890             break;
2891         default:
2892             ret = -TARGET_ENOPROTOOPT;
2893             break;
2894         }
2895         break;
2896     case SOL_IPV6:
2897         switch (optname) {
2898         case IPV6_MTU_DISCOVER:
2899         case IPV6_MTU:
2900         case IPV6_V6ONLY:
2901         case IPV6_RECVPKTINFO:
2902         case IPV6_UNICAST_HOPS:
2903         case IPV6_MULTICAST_HOPS:
2904         case IPV6_MULTICAST_LOOP:
2905         case IPV6_RECVERR:
2906         case IPV6_RECVHOPLIMIT:
2907         case IPV6_2292HOPLIMIT:
2908         case IPV6_CHECKSUM:
2909         case IPV6_ADDRFORM:
2910         case IPV6_2292PKTINFO:
2911         case IPV6_RECVTCLASS:
2912         case IPV6_RECVRTHDR:
2913         case IPV6_2292RTHDR:
2914         case IPV6_RECVHOPOPTS:
2915         case IPV6_2292HOPOPTS:
2916         case IPV6_RECVDSTOPTS:
2917         case IPV6_2292DSTOPTS:
2918         case IPV6_TCLASS:
2919 #ifdef IPV6_RECVPATHMTU
2920         case IPV6_RECVPATHMTU:
2921 #endif
2922 #ifdef IPV6_TRANSPARENT
2923         case IPV6_TRANSPARENT:
2924 #endif
2925 #ifdef IPV6_FREEBIND
2926         case IPV6_FREEBIND:
2927 #endif
2928 #ifdef IPV6_RECVORIGDSTADDR
2929         case IPV6_RECVORIGDSTADDR:
2930 #endif
2931             if (get_user_u32(len, optlen))
2932                 return -TARGET_EFAULT;
2933             if (len < 0)
2934                 return -TARGET_EINVAL;
2935             lv = sizeof(lv);
2936             ret = get_errno(getsockopt(sockfd, level, optname, &val, &lv));
2937             if (ret < 0)
2938                 return ret;
2939             if (len < sizeof(int) && len > 0 && val >= 0 && val < 255) {
2940                 len = 1;
2941                 if (put_user_u32(len, optlen)
2942                     || put_user_u8(val, optval_addr))
2943                     return -TARGET_EFAULT;
2944             } else {
2945                 if (len > sizeof(int))
2946                     len = sizeof(int);
2947                 if (put_user_u32(len, optlen)
2948                     || put_user_u32(val, optval_addr))
2949                     return -TARGET_EFAULT;
2950             }
2951             break;
2952         default:
2953             ret = -TARGET_ENOPROTOOPT;
2954             break;
2955         }
2956         break;
2957 #ifdef SOL_NETLINK
2958     case SOL_NETLINK:
2959         switch (optname) {
2960         case NETLINK_PKTINFO:
2961         case NETLINK_BROADCAST_ERROR:
2962         case NETLINK_NO_ENOBUFS:
2963 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 2, 0)
2964         case NETLINK_LISTEN_ALL_NSID:
2965         case NETLINK_CAP_ACK:
2966 #endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(4, 2, 0) */
2967 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 12, 0)
2968         case NETLINK_EXT_ACK:
2969 #endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(4, 12, 0) */
2970 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 20, 0)
2971         case NETLINK_GET_STRICT_CHK:
2972 #endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(4, 12, 0) */
2973             if (get_user_u32(len, optlen)) {
2974                 return -TARGET_EFAULT;
2975             }
2976             if (len != sizeof(val)) {
2977                 return -TARGET_EINVAL;
2978             }
2979             lv = len;
2980             ret = get_errno(getsockopt(sockfd, level, optname, &val, &lv));
2981             if (ret < 0) {
2982                 return ret;
2983             }
2984             if (put_user_u32(lv, optlen)
2985                 || put_user_u32(val, optval_addr)) {
2986                 return -TARGET_EFAULT;
2987             }
2988             break;
2989 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 2, 0)
2990         case NETLINK_LIST_MEMBERSHIPS:
2991         {
2992             uint32_t *results;
2993             int i;
2994             if (get_user_u32(len, optlen)) {
2995                 return -TARGET_EFAULT;
2996             }
2997             if (len < 0) {
2998                 return -TARGET_EINVAL;
2999             }
3000             results = lock_user(VERIFY_WRITE, optval_addr, len, 1);
3001             if (!results) {
3002                 return -TARGET_EFAULT;
3003             }
3004             lv = len;
3005             ret = get_errno(getsockopt(sockfd, level, optname, results, &lv));
3006             if (ret < 0) {
3007                 unlock_user(results, optval_addr, 0);
3008                 return ret;
3009             }
3010             /* swap host endianess to target endianess. */
3011             for (i = 0; i < (len / sizeof(uint32_t)); i++) {
3012                 results[i] = tswap32(results[i]);
3013             }
3014             if (put_user_u32(lv, optlen)) {
3015                 return -TARGET_EFAULT;
3016             }
3017             unlock_user(results, optval_addr, 0);
3018             break;
3019         }
3020 #endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(4, 2, 0) */
3021         default:
3022             goto unimplemented;
3023         }
3024         break;
3025 #endif /* SOL_NETLINK */
3026     default:
3027     unimplemented:
3028         qemu_log_mask(LOG_UNIMP,
3029                       "getsockopt level=%d optname=%d not yet supported\n",
3030                       level, optname);
3031         ret = -TARGET_EOPNOTSUPP;
3032         break;
3033     }
3034     return ret;
3035 }
3036 
3037 /* Convert target low/high pair representing file offset into the host
3038  * low/high pair. This function doesn't handle offsets bigger than 64 bits
3039  * as the kernel doesn't handle them either.
3040  */
3041 static void target_to_host_low_high(abi_ulong tlow,
3042                                     abi_ulong thigh,
3043                                     unsigned long *hlow,
3044                                     unsigned long *hhigh)
3045 {
3046     uint64_t off = tlow |
3047         ((unsigned long long)thigh << TARGET_LONG_BITS / 2) <<
3048         TARGET_LONG_BITS / 2;
3049 
3050     *hlow = off;
3051     *hhigh = (off >> HOST_LONG_BITS / 2) >> HOST_LONG_BITS / 2;
3052 }
3053 
3054 static struct iovec *lock_iovec(int type, abi_ulong target_addr,
3055                                 abi_ulong count, int copy)
3056 {
3057     struct target_iovec *target_vec;
3058     struct iovec *vec;
3059     abi_ulong total_len, max_len;
3060     int i;
3061     int err = 0;
3062     bool bad_address = false;
3063 
3064     if (count == 0) {
3065         errno = 0;
3066         return NULL;
3067     }
3068     if (count > IOV_MAX) {
3069         errno = EINVAL;
3070         return NULL;
3071     }
3072 
3073     vec = g_try_new0(struct iovec, count);
3074     if (vec == NULL) {
3075         errno = ENOMEM;
3076         return NULL;
3077     }
3078 
3079     target_vec = lock_user(VERIFY_READ, target_addr,
3080                            count * sizeof(struct target_iovec), 1);
3081     if (target_vec == NULL) {
3082         err = EFAULT;
3083         goto fail2;
3084     }
3085 
3086     /* ??? If host page size > target page size, this will result in a
3087        value larger than what we can actually support.  */
3088     max_len = 0x7fffffff & TARGET_PAGE_MASK;
3089     total_len = 0;
3090 
3091     for (i = 0; i < count; i++) {
3092         abi_ulong base = tswapal(target_vec[i].iov_base);
3093         abi_long len = tswapal(target_vec[i].iov_len);
3094 
3095         if (len < 0) {
3096             err = EINVAL;
3097             goto fail;
3098         } else if (len == 0) {
3099             /* Zero length pointer is ignored.  */
3100             vec[i].iov_base = 0;
3101         } else {
3102             vec[i].iov_base = lock_user(type, base, len, copy);
3103             /* If the first buffer pointer is bad, this is a fault.  But
3104              * subsequent bad buffers will result in a partial write; this
3105              * is realized by filling the vector with null pointers and
3106              * zero lengths. */
3107             if (!vec[i].iov_base) {
3108                 if (i == 0) {
3109                     err = EFAULT;
3110                     goto fail;
3111                 } else {
3112                     bad_address = true;
3113                 }
3114             }
3115             if (bad_address) {
3116                 len = 0;
3117             }
3118             if (len > max_len - total_len) {
3119                 len = max_len - total_len;
3120             }
3121         }
3122         vec[i].iov_len = len;
3123         total_len += len;
3124     }
3125 
3126     unlock_user(target_vec, target_addr, 0);
3127     return vec;
3128 
3129  fail:
3130     while (--i >= 0) {
3131         if (tswapal(target_vec[i].iov_len) > 0) {
3132             unlock_user(vec[i].iov_base, tswapal(target_vec[i].iov_base), 0);
3133         }
3134     }
3135     unlock_user(target_vec, target_addr, 0);
3136  fail2:
3137     g_free(vec);
3138     errno = err;
3139     return NULL;
3140 }
3141 
3142 static void unlock_iovec(struct iovec *vec, abi_ulong target_addr,
3143                          abi_ulong count, int copy)
3144 {
3145     struct target_iovec *target_vec;
3146     int i;
3147 
3148     target_vec = lock_user(VERIFY_READ, target_addr,
3149                            count * sizeof(struct target_iovec), 1);
3150     if (target_vec) {
3151         for (i = 0; i < count; i++) {
3152             abi_ulong base = tswapal(target_vec[i].iov_base);
3153             abi_long len = tswapal(target_vec[i].iov_len);
3154             if (len < 0) {
3155                 break;
3156             }
3157             unlock_user(vec[i].iov_base, base, copy ? vec[i].iov_len : 0);
3158         }
3159         unlock_user(target_vec, target_addr, 0);
3160     }
3161 
3162     g_free(vec);
3163 }
3164 
3165 static inline int target_to_host_sock_type(int *type)
3166 {
3167     int host_type = 0;
3168     int target_type = *type;
3169 
3170     switch (target_type & TARGET_SOCK_TYPE_MASK) {
3171     case TARGET_SOCK_DGRAM:
3172         host_type = SOCK_DGRAM;
3173         break;
3174     case TARGET_SOCK_STREAM:
3175         host_type = SOCK_STREAM;
3176         break;
3177     default:
3178         host_type = target_type & TARGET_SOCK_TYPE_MASK;
3179         break;
3180     }
3181     if (target_type & TARGET_SOCK_CLOEXEC) {
3182 #if defined(SOCK_CLOEXEC)
3183         host_type |= SOCK_CLOEXEC;
3184 #else
3185         return -TARGET_EINVAL;
3186 #endif
3187     }
3188     if (target_type & TARGET_SOCK_NONBLOCK) {
3189 #if defined(SOCK_NONBLOCK)
3190         host_type |= SOCK_NONBLOCK;
3191 #elif !defined(O_NONBLOCK)
3192         return -TARGET_EINVAL;
3193 #endif
3194     }
3195     *type = host_type;
3196     return 0;
3197 }
3198 
3199 /* Try to emulate socket type flags after socket creation.  */
3200 static int sock_flags_fixup(int fd, int target_type)
3201 {
3202 #if !defined(SOCK_NONBLOCK) && defined(O_NONBLOCK)
3203     if (target_type & TARGET_SOCK_NONBLOCK) {
3204         int flags = fcntl(fd, F_GETFL);
3205         if (fcntl(fd, F_SETFL, O_NONBLOCK | flags) == -1) {
3206             close(fd);
3207             return -TARGET_EINVAL;
3208         }
3209     }
3210 #endif
3211     return fd;
3212 }
3213 
3214 /* do_socket() Must return target values and target errnos. */
3215 static abi_long do_socket(int domain, int type, int protocol)
3216 {
3217     int target_type = type;
3218     int ret;
3219 
3220     ret = target_to_host_sock_type(&type);
3221     if (ret) {
3222         return ret;
3223     }
3224 
3225     if (domain == PF_NETLINK && !(
3226 #ifdef CONFIG_RTNETLINK
3227          protocol == NETLINK_ROUTE ||
3228 #endif
3229          protocol == NETLINK_KOBJECT_UEVENT ||
3230          protocol == NETLINK_AUDIT)) {
3231         return -TARGET_EPROTONOSUPPORT;
3232     }
3233 
3234     if (domain == AF_PACKET ||
3235         (domain == AF_INET && type == SOCK_PACKET)) {
3236         protocol = tswap16(protocol);
3237     }
3238 
3239     ret = get_errno(socket(domain, type, protocol));
3240     if (ret >= 0) {
3241         ret = sock_flags_fixup(ret, target_type);
3242         if (type == SOCK_PACKET) {
3243             /* Manage an obsolete case :
3244              * if socket type is SOCK_PACKET, bind by name
3245              */
3246             fd_trans_register(ret, &target_packet_trans);
3247         } else if (domain == PF_NETLINK) {
3248             switch (protocol) {
3249 #ifdef CONFIG_RTNETLINK
3250             case NETLINK_ROUTE:
3251                 fd_trans_register(ret, &target_netlink_route_trans);
3252                 break;
3253 #endif
3254             case NETLINK_KOBJECT_UEVENT:
3255                 /* nothing to do: messages are strings */
3256                 break;
3257             case NETLINK_AUDIT:
3258                 fd_trans_register(ret, &target_netlink_audit_trans);
3259                 break;
3260             default:
3261                 g_assert_not_reached();
3262             }
3263         }
3264     }
3265     return ret;
3266 }
3267 
3268 /* do_bind() Must return target values and target errnos. */
3269 static abi_long do_bind(int sockfd, abi_ulong target_addr,
3270                         socklen_t addrlen)
3271 {
3272     void *addr;
3273     abi_long ret;
3274 
3275     if ((int)addrlen < 0) {
3276         return -TARGET_EINVAL;
3277     }
3278 
3279     addr = alloca(addrlen+1);
3280 
3281     ret = target_to_host_sockaddr(sockfd, addr, target_addr, addrlen);
3282     if (ret)
3283         return ret;
3284 
3285     return get_errno(bind(sockfd, addr, addrlen));
3286 }
3287 
3288 /* do_connect() Must return target values and target errnos. */
3289 static abi_long do_connect(int sockfd, abi_ulong target_addr,
3290                            socklen_t addrlen)
3291 {
3292     void *addr;
3293     abi_long ret;
3294 
3295     if ((int)addrlen < 0) {
3296         return -TARGET_EINVAL;
3297     }
3298 
3299     addr = alloca(addrlen+1);
3300 
3301     ret = target_to_host_sockaddr(sockfd, addr, target_addr, addrlen);
3302     if (ret)
3303         return ret;
3304 
3305     return get_errno(safe_connect(sockfd, addr, addrlen));
3306 }
3307 
3308 /* do_sendrecvmsg_locked() Must return target values and target errnos. */
3309 static abi_long do_sendrecvmsg_locked(int fd, struct target_msghdr *msgp,
3310                                       int flags, int send)
3311 {
3312     abi_long ret, len;
3313     struct msghdr msg;
3314     abi_ulong count;
3315     struct iovec *vec;
3316     abi_ulong target_vec;
3317 
3318     if (msgp->msg_name) {
3319         msg.msg_namelen = tswap32(msgp->msg_namelen);
3320         msg.msg_name = alloca(msg.msg_namelen+1);
3321         ret = target_to_host_sockaddr(fd, msg.msg_name,
3322                                       tswapal(msgp->msg_name),
3323                                       msg.msg_namelen);
3324         if (ret == -TARGET_EFAULT) {
3325             /* For connected sockets msg_name and msg_namelen must
3326              * be ignored, so returning EFAULT immediately is wrong.
3327              * Instead, pass a bad msg_name to the host kernel, and
3328              * let it decide whether to return EFAULT or not.
3329              */
3330             msg.msg_name = (void *)-1;
3331         } else if (ret) {
3332             goto out2;
3333         }
3334     } else {
3335         msg.msg_name = NULL;
3336         msg.msg_namelen = 0;
3337     }
3338     msg.msg_controllen = 2 * tswapal(msgp->msg_controllen);
3339     msg.msg_control = alloca(msg.msg_controllen);
3340     memset(msg.msg_control, 0, msg.msg_controllen);
3341 
3342     msg.msg_flags = tswap32(msgp->msg_flags);
3343 
3344     count = tswapal(msgp->msg_iovlen);
3345     target_vec = tswapal(msgp->msg_iov);
3346 
3347     if (count > IOV_MAX) {
3348         /* sendrcvmsg returns a different errno for this condition than
3349          * readv/writev, so we must catch it here before lock_iovec() does.
3350          */
3351         ret = -TARGET_EMSGSIZE;
3352         goto out2;
3353     }
3354 
3355     vec = lock_iovec(send ? VERIFY_READ : VERIFY_WRITE,
3356                      target_vec, count, send);
3357     if (vec == NULL) {
3358         ret = -host_to_target_errno(errno);
3359         goto out2;
3360     }
3361     msg.msg_iovlen = count;
3362     msg.msg_iov = vec;
3363 
3364     if (send) {
3365         if (fd_trans_target_to_host_data(fd)) {
3366             void *host_msg;
3367 
3368             host_msg = g_malloc(msg.msg_iov->iov_len);
3369             memcpy(host_msg, msg.msg_iov->iov_base, msg.msg_iov->iov_len);
3370             ret = fd_trans_target_to_host_data(fd)(host_msg,
3371                                                    msg.msg_iov->iov_len);
3372             if (ret >= 0) {
3373                 msg.msg_iov->iov_base = host_msg;
3374                 ret = get_errno(safe_sendmsg(fd, &msg, flags));
3375             }
3376             g_free(host_msg);
3377         } else {
3378             ret = target_to_host_cmsg(&msg, msgp);
3379             if (ret == 0) {
3380                 ret = get_errno(safe_sendmsg(fd, &msg, flags));
3381             }
3382         }
3383     } else {
3384         ret = get_errno(safe_recvmsg(fd, &msg, flags));
3385         if (!is_error(ret)) {
3386             len = ret;
3387             if (fd_trans_host_to_target_data(fd)) {
3388                 ret = fd_trans_host_to_target_data(fd)(msg.msg_iov->iov_base,
3389                                                MIN(msg.msg_iov->iov_len, len));
3390             } else {
3391                 ret = host_to_target_cmsg(msgp, &msg);
3392             }
3393             if (!is_error(ret)) {
3394                 msgp->msg_namelen = tswap32(msg.msg_namelen);
3395                 msgp->msg_flags = tswap32(msg.msg_flags);
3396                 if (msg.msg_name != NULL && msg.msg_name != (void *)-1) {
3397                     ret = host_to_target_sockaddr(tswapal(msgp->msg_name),
3398                                     msg.msg_name, msg.msg_namelen);
3399                     if (ret) {
3400                         goto out;
3401                     }
3402                 }
3403 
3404                 ret = len;
3405             }
3406         }
3407     }
3408 
3409 out:
3410     unlock_iovec(vec, target_vec, count, !send);
3411 out2:
3412     return ret;
3413 }
3414 
3415 static abi_long do_sendrecvmsg(int fd, abi_ulong target_msg,
3416                                int flags, int send)
3417 {
3418     abi_long ret;
3419     struct target_msghdr *msgp;
3420 
3421     if (!lock_user_struct(send ? VERIFY_READ : VERIFY_WRITE,
3422                           msgp,
3423                           target_msg,
3424                           send ? 1 : 0)) {
3425         return -TARGET_EFAULT;
3426     }
3427     ret = do_sendrecvmsg_locked(fd, msgp, flags, send);
3428     unlock_user_struct(msgp, target_msg, send ? 0 : 1);
3429     return ret;
3430 }
3431 
3432 /* We don't rely on the C library to have sendmmsg/recvmmsg support,
3433  * so it might not have this *mmsg-specific flag either.
3434  */
3435 #ifndef MSG_WAITFORONE
3436 #define MSG_WAITFORONE 0x10000
3437 #endif
3438 
3439 static abi_long do_sendrecvmmsg(int fd, abi_ulong target_msgvec,
3440                                 unsigned int vlen, unsigned int flags,
3441                                 int send)
3442 {
3443     struct target_mmsghdr *mmsgp;
3444     abi_long ret = 0;
3445     int i;
3446 
3447     if (vlen > UIO_MAXIOV) {
3448         vlen = UIO_MAXIOV;
3449     }
3450 
3451     mmsgp = lock_user(VERIFY_WRITE, target_msgvec, sizeof(*mmsgp) * vlen, 1);
3452     if (!mmsgp) {
3453         return -TARGET_EFAULT;
3454     }
3455 
3456     for (i = 0; i < vlen; i++) {
3457         ret = do_sendrecvmsg_locked(fd, &mmsgp[i].msg_hdr, flags, send);
3458         if (is_error(ret)) {
3459             break;
3460         }
3461         mmsgp[i].msg_len = tswap32(ret);
3462         /* MSG_WAITFORONE turns on MSG_DONTWAIT after one packet */
3463         if (flags & MSG_WAITFORONE) {
3464             flags |= MSG_DONTWAIT;
3465         }
3466     }
3467 
3468     unlock_user(mmsgp, target_msgvec, sizeof(*mmsgp) * i);
3469 
3470     /* Return number of datagrams sent if we sent any at all;
3471      * otherwise return the error.
3472      */
3473     if (i) {
3474         return i;
3475     }
3476     return ret;
3477 }
3478 
3479 /* do_accept4() Must return target values and target errnos. */
3480 static abi_long do_accept4(int fd, abi_ulong target_addr,
3481                            abi_ulong target_addrlen_addr, int flags)
3482 {
3483     socklen_t addrlen, ret_addrlen;
3484     void *addr;
3485     abi_long ret;
3486     int host_flags;
3487 
3488     host_flags = target_to_host_bitmask(flags, fcntl_flags_tbl);
3489 
3490     if (target_addr == 0) {
3491         return get_errno(safe_accept4(fd, NULL, NULL, host_flags));
3492     }
3493 
3494     /* linux returns EINVAL if addrlen pointer is invalid */
3495     if (get_user_u32(addrlen, target_addrlen_addr))
3496         return -TARGET_EINVAL;
3497 
3498     if ((int)addrlen < 0) {
3499         return -TARGET_EINVAL;
3500     }
3501 
3502     if (!access_ok(VERIFY_WRITE, target_addr, addrlen))
3503         return -TARGET_EINVAL;
3504 
3505     addr = alloca(addrlen);
3506 
3507     ret_addrlen = addrlen;
3508     ret = get_errno(safe_accept4(fd, addr, &ret_addrlen, host_flags));
3509     if (!is_error(ret)) {
3510         host_to_target_sockaddr(target_addr, addr, MIN(addrlen, ret_addrlen));
3511         if (put_user_u32(ret_addrlen, target_addrlen_addr)) {
3512             ret = -TARGET_EFAULT;
3513         }
3514     }
3515     return ret;
3516 }
3517 
3518 /* do_getpeername() Must return target values and target errnos. */
3519 static abi_long do_getpeername(int fd, abi_ulong target_addr,
3520                                abi_ulong target_addrlen_addr)
3521 {
3522     socklen_t addrlen, ret_addrlen;
3523     void *addr;
3524     abi_long ret;
3525 
3526     if (get_user_u32(addrlen, target_addrlen_addr))
3527         return -TARGET_EFAULT;
3528 
3529     if ((int)addrlen < 0) {
3530         return -TARGET_EINVAL;
3531     }
3532 
3533     if (!access_ok(VERIFY_WRITE, target_addr, addrlen))
3534         return -TARGET_EFAULT;
3535 
3536     addr = alloca(addrlen);
3537 
3538     ret_addrlen = addrlen;
3539     ret = get_errno(getpeername(fd, addr, &ret_addrlen));
3540     if (!is_error(ret)) {
3541         host_to_target_sockaddr(target_addr, addr, MIN(addrlen, ret_addrlen));
3542         if (put_user_u32(ret_addrlen, target_addrlen_addr)) {
3543             ret = -TARGET_EFAULT;
3544         }
3545     }
3546     return ret;
3547 }
3548 
3549 /* do_getsockname() Must return target values and target errnos. */
3550 static abi_long do_getsockname(int fd, abi_ulong target_addr,
3551                                abi_ulong target_addrlen_addr)
3552 {
3553     socklen_t addrlen, ret_addrlen;
3554     void *addr;
3555     abi_long ret;
3556 
3557     if (get_user_u32(addrlen, target_addrlen_addr))
3558         return -TARGET_EFAULT;
3559 
3560     if ((int)addrlen < 0) {
3561         return -TARGET_EINVAL;
3562     }
3563 
3564     if (!access_ok(VERIFY_WRITE, target_addr, addrlen))
3565         return -TARGET_EFAULT;
3566 
3567     addr = alloca(addrlen);
3568 
3569     ret_addrlen = addrlen;
3570     ret = get_errno(getsockname(fd, addr, &ret_addrlen));
3571     if (!is_error(ret)) {
3572         host_to_target_sockaddr(target_addr, addr, MIN(addrlen, ret_addrlen));
3573         if (put_user_u32(ret_addrlen, target_addrlen_addr)) {
3574             ret = -TARGET_EFAULT;
3575         }
3576     }
3577     return ret;
3578 }
3579 
3580 /* do_socketpair() Must return target values and target errnos. */
3581 static abi_long do_socketpair(int domain, int type, int protocol,
3582                               abi_ulong target_tab_addr)
3583 {
3584     int tab[2];
3585     abi_long ret;
3586 
3587     target_to_host_sock_type(&type);
3588 
3589     ret = get_errno(socketpair(domain, type, protocol, tab));
3590     if (!is_error(ret)) {
3591         if (put_user_s32(tab[0], target_tab_addr)
3592             || put_user_s32(tab[1], target_tab_addr + sizeof(tab[0])))
3593             ret = -TARGET_EFAULT;
3594     }
3595     return ret;
3596 }
3597 
3598 /* do_sendto() Must return target values and target errnos. */
3599 static abi_long do_sendto(int fd, abi_ulong msg, size_t len, int flags,
3600                           abi_ulong target_addr, socklen_t addrlen)
3601 {
3602     void *addr;
3603     void *host_msg;
3604     void *copy_msg = NULL;
3605     abi_long ret;
3606 
3607     if ((int)addrlen < 0) {
3608         return -TARGET_EINVAL;
3609     }
3610 
3611     host_msg = lock_user(VERIFY_READ, msg, len, 1);
3612     if (!host_msg)
3613         return -TARGET_EFAULT;
3614     if (fd_trans_target_to_host_data(fd)) {
3615         copy_msg = host_msg;
3616         host_msg = g_malloc(len);
3617         memcpy(host_msg, copy_msg, len);
3618         ret = fd_trans_target_to_host_data(fd)(host_msg, len);
3619         if (ret < 0) {
3620             goto fail;
3621         }
3622     }
3623     if (target_addr) {
3624         addr = alloca(addrlen+1);
3625         ret = target_to_host_sockaddr(fd, addr, target_addr, addrlen);
3626         if (ret) {
3627             goto fail;
3628         }
3629         ret = get_errno(safe_sendto(fd, host_msg, len, flags, addr, addrlen));
3630     } else {
3631         ret = get_errno(safe_sendto(fd, host_msg, len, flags, NULL, 0));
3632     }
3633 fail:
3634     if (copy_msg) {
3635         g_free(host_msg);
3636         host_msg = copy_msg;
3637     }
3638     unlock_user(host_msg, msg, 0);
3639     return ret;
3640 }
3641 
3642 /* do_recvfrom() Must return target values and target errnos. */
3643 static abi_long do_recvfrom(int fd, abi_ulong msg, size_t len, int flags,
3644                             abi_ulong target_addr,
3645                             abi_ulong target_addrlen)
3646 {
3647     socklen_t addrlen, ret_addrlen;
3648     void *addr;
3649     void *host_msg;
3650     abi_long ret;
3651 
3652     host_msg = lock_user(VERIFY_WRITE, msg, len, 0);
3653     if (!host_msg)
3654         return -TARGET_EFAULT;
3655     if (target_addr) {
3656         if (get_user_u32(addrlen, target_addrlen)) {
3657             ret = -TARGET_EFAULT;
3658             goto fail;
3659         }
3660         if ((int)addrlen < 0) {
3661             ret = -TARGET_EINVAL;
3662             goto fail;
3663         }
3664         addr = alloca(addrlen);
3665         ret_addrlen = addrlen;
3666         ret = get_errno(safe_recvfrom(fd, host_msg, len, flags,
3667                                       addr, &ret_addrlen));
3668     } else {
3669         addr = NULL; /* To keep compiler quiet.  */
3670         addrlen = 0; /* To keep compiler quiet.  */
3671         ret = get_errno(safe_recvfrom(fd, host_msg, len, flags, NULL, 0));
3672     }
3673     if (!is_error(ret)) {
3674         if (fd_trans_host_to_target_data(fd)) {
3675             abi_long trans;
3676             trans = fd_trans_host_to_target_data(fd)(host_msg, MIN(ret, len));
3677             if (is_error(trans)) {
3678                 ret = trans;
3679                 goto fail;
3680             }
3681         }
3682         if (target_addr) {
3683             host_to_target_sockaddr(target_addr, addr,
3684                                     MIN(addrlen, ret_addrlen));
3685             if (put_user_u32(ret_addrlen, target_addrlen)) {
3686                 ret = -TARGET_EFAULT;
3687                 goto fail;
3688             }
3689         }
3690         unlock_user(host_msg, msg, len);
3691     } else {
3692 fail:
3693         unlock_user(host_msg, msg, 0);
3694     }
3695     return ret;
3696 }
3697 
3698 #ifdef TARGET_NR_socketcall
3699 /* do_socketcall() must return target values and target errnos. */
3700 static abi_long do_socketcall(int num, abi_ulong vptr)
3701 {
3702     static const unsigned nargs[] = { /* number of arguments per operation */
3703         [TARGET_SYS_SOCKET] = 3,      /* domain, type, protocol */
3704         [TARGET_SYS_BIND] = 3,        /* fd, addr, addrlen */
3705         [TARGET_SYS_CONNECT] = 3,     /* fd, addr, addrlen */
3706         [TARGET_SYS_LISTEN] = 2,      /* fd, backlog */
3707         [TARGET_SYS_ACCEPT] = 3,      /* fd, addr, addrlen */
3708         [TARGET_SYS_GETSOCKNAME] = 3, /* fd, addr, addrlen */
3709         [TARGET_SYS_GETPEERNAME] = 3, /* fd, addr, addrlen */
3710         [TARGET_SYS_SOCKETPAIR] = 4,  /* domain, type, protocol, tab */
3711         [TARGET_SYS_SEND] = 4,        /* fd, msg, len, flags */
3712         [TARGET_SYS_RECV] = 4,        /* fd, msg, len, flags */
3713         [TARGET_SYS_SENDTO] = 6,      /* fd, msg, len, flags, addr, addrlen */
3714         [TARGET_SYS_RECVFROM] = 6,    /* fd, msg, len, flags, addr, addrlen */
3715         [TARGET_SYS_SHUTDOWN] = 2,    /* fd, how */
3716         [TARGET_SYS_SETSOCKOPT] = 5,  /* fd, level, optname, optval, optlen */
3717         [TARGET_SYS_GETSOCKOPT] = 5,  /* fd, level, optname, optval, optlen */
3718         [TARGET_SYS_SENDMSG] = 3,     /* fd, msg, flags */
3719         [TARGET_SYS_RECVMSG] = 3,     /* fd, msg, flags */
3720         [TARGET_SYS_ACCEPT4] = 4,     /* fd, addr, addrlen, flags */
3721         [TARGET_SYS_RECVMMSG] = 4,    /* fd, msgvec, vlen, flags */
3722         [TARGET_SYS_SENDMMSG] = 4,    /* fd, msgvec, vlen, flags */
3723     };
3724     abi_long a[6]; /* max 6 args */
3725     unsigned i;
3726 
3727     /* check the range of the first argument num */
3728     /* (TARGET_SYS_SENDMMSG is the highest among TARGET_SYS_xxx) */
3729     if (num < 1 || num > TARGET_SYS_SENDMMSG) {
3730         return -TARGET_EINVAL;
3731     }
3732     /* ensure we have space for args */
3733     if (nargs[num] > ARRAY_SIZE(a)) {
3734         return -TARGET_EINVAL;
3735     }
3736     /* collect the arguments in a[] according to nargs[] */
3737     for (i = 0; i < nargs[num]; ++i) {
3738         if (get_user_ual(a[i], vptr + i * sizeof(abi_long)) != 0) {
3739             return -TARGET_EFAULT;
3740         }
3741     }
3742     /* now when we have the args, invoke the appropriate underlying function */
3743     switch (num) {
3744     case TARGET_SYS_SOCKET: /* domain, type, protocol */
3745         return do_socket(a[0], a[1], a[2]);
3746     case TARGET_SYS_BIND: /* sockfd, addr, addrlen */
3747         return do_bind(a[0], a[1], a[2]);
3748     case TARGET_SYS_CONNECT: /* sockfd, addr, addrlen */
3749         return do_connect(a[0], a[1], a[2]);
3750     case TARGET_SYS_LISTEN: /* sockfd, backlog */
3751         return get_errno(listen(a[0], a[1]));
3752     case TARGET_SYS_ACCEPT: /* sockfd, addr, addrlen */
3753         return do_accept4(a[0], a[1], a[2], 0);
3754     case TARGET_SYS_GETSOCKNAME: /* sockfd, addr, addrlen */
3755         return do_getsockname(a[0], a[1], a[2]);
3756     case TARGET_SYS_GETPEERNAME: /* sockfd, addr, addrlen */
3757         return do_getpeername(a[0], a[1], a[2]);
3758     case TARGET_SYS_SOCKETPAIR: /* domain, type, protocol, tab */
3759         return do_socketpair(a[0], a[1], a[2], a[3]);
3760     case TARGET_SYS_SEND: /* sockfd, msg, len, flags */
3761         return do_sendto(a[0], a[1], a[2], a[3], 0, 0);
3762     case TARGET_SYS_RECV: /* sockfd, msg, len, flags */
3763         return do_recvfrom(a[0], a[1], a[2], a[3], 0, 0);
3764     case TARGET_SYS_SENDTO: /* sockfd, msg, len, flags, addr, addrlen */
3765         return do_sendto(a[0], a[1], a[2], a[3], a[4], a[5]);
3766     case TARGET_SYS_RECVFROM: /* sockfd, msg, len, flags, addr, addrlen */
3767         return do_recvfrom(a[0], a[1], a[2], a[3], a[4], a[5]);
3768     case TARGET_SYS_SHUTDOWN: /* sockfd, how */
3769         return get_errno(shutdown(a[0], a[1]));
3770     case TARGET_SYS_SETSOCKOPT: /* sockfd, level, optname, optval, optlen */
3771         return do_setsockopt(a[0], a[1], a[2], a[3], a[4]);
3772     case TARGET_SYS_GETSOCKOPT: /* sockfd, level, optname, optval, optlen */
3773         return do_getsockopt(a[0], a[1], a[2], a[3], a[4]);
3774     case TARGET_SYS_SENDMSG: /* sockfd, msg, flags */
3775         return do_sendrecvmsg(a[0], a[1], a[2], 1);
3776     case TARGET_SYS_RECVMSG: /* sockfd, msg, flags */
3777         return do_sendrecvmsg(a[0], a[1], a[2], 0);
3778     case TARGET_SYS_ACCEPT4: /* sockfd, addr, addrlen, flags */
3779         return do_accept4(a[0], a[1], a[2], a[3]);
3780     case TARGET_SYS_RECVMMSG: /* sockfd, msgvec, vlen, flags */
3781         return do_sendrecvmmsg(a[0], a[1], a[2], a[3], 0);
3782     case TARGET_SYS_SENDMMSG: /* sockfd, msgvec, vlen, flags */
3783         return do_sendrecvmmsg(a[0], a[1], a[2], a[3], 1);
3784     default:
3785         qemu_log_mask(LOG_UNIMP, "Unsupported socketcall: %d\n", num);
3786         return -TARGET_EINVAL;
3787     }
3788 }
3789 #endif
3790 
3791 #define N_SHM_REGIONS	32
3792 
3793 static struct shm_region {
3794     abi_ulong start;
3795     abi_ulong size;
3796     bool in_use;
3797 } shm_regions[N_SHM_REGIONS];
3798 
3799 #ifndef TARGET_SEMID64_DS
3800 /* asm-generic version of this struct */
3801 struct target_semid64_ds
3802 {
3803   struct target_ipc_perm sem_perm;
3804   abi_ulong sem_otime;
3805 #if TARGET_ABI_BITS == 32
3806   abi_ulong __unused1;
3807 #endif
3808   abi_ulong sem_ctime;
3809 #if TARGET_ABI_BITS == 32
3810   abi_ulong __unused2;
3811 #endif
3812   abi_ulong sem_nsems;
3813   abi_ulong __unused3;
3814   abi_ulong __unused4;
3815 };
3816 #endif
3817 
3818 static inline abi_long target_to_host_ipc_perm(struct ipc_perm *host_ip,
3819                                                abi_ulong target_addr)
3820 {
3821     struct target_ipc_perm *target_ip;
3822     struct target_semid64_ds *target_sd;
3823 
3824     if (!lock_user_struct(VERIFY_READ, target_sd, target_addr, 1))
3825         return -TARGET_EFAULT;
3826     target_ip = &(target_sd->sem_perm);
3827     host_ip->__key = tswap32(target_ip->__key);
3828     host_ip->uid = tswap32(target_ip->uid);
3829     host_ip->gid = tswap32(target_ip->gid);
3830     host_ip->cuid = tswap32(target_ip->cuid);
3831     host_ip->cgid = tswap32(target_ip->cgid);
3832 #if defined(TARGET_ALPHA) || defined(TARGET_MIPS) || defined(TARGET_PPC)
3833     host_ip->mode = tswap32(target_ip->mode);
3834 #else
3835     host_ip->mode = tswap16(target_ip->mode);
3836 #endif
3837 #if defined(TARGET_PPC)
3838     host_ip->__seq = tswap32(target_ip->__seq);
3839 #else
3840     host_ip->__seq = tswap16(target_ip->__seq);
3841 #endif
3842     unlock_user_struct(target_sd, target_addr, 0);
3843     return 0;
3844 }
3845 
3846 static inline abi_long host_to_target_ipc_perm(abi_ulong target_addr,
3847                                                struct ipc_perm *host_ip)
3848 {
3849     struct target_ipc_perm *target_ip;
3850     struct target_semid64_ds *target_sd;
3851 
3852     if (!lock_user_struct(VERIFY_WRITE, target_sd, target_addr, 0))
3853         return -TARGET_EFAULT;
3854     target_ip = &(target_sd->sem_perm);
3855     target_ip->__key = tswap32(host_ip->__key);
3856     target_ip->uid = tswap32(host_ip->uid);
3857     target_ip->gid = tswap32(host_ip->gid);
3858     target_ip->cuid = tswap32(host_ip->cuid);
3859     target_ip->cgid = tswap32(host_ip->cgid);
3860 #if defined(TARGET_ALPHA) || defined(TARGET_MIPS) || defined(TARGET_PPC)
3861     target_ip->mode = tswap32(host_ip->mode);
3862 #else
3863     target_ip->mode = tswap16(host_ip->mode);
3864 #endif
3865 #if defined(TARGET_PPC)
3866     target_ip->__seq = tswap32(host_ip->__seq);
3867 #else
3868     target_ip->__seq = tswap16(host_ip->__seq);
3869 #endif
3870     unlock_user_struct(target_sd, target_addr, 1);
3871     return 0;
3872 }
3873 
3874 static inline abi_long target_to_host_semid_ds(struct semid_ds *host_sd,
3875                                                abi_ulong target_addr)
3876 {
3877     struct target_semid64_ds *target_sd;
3878 
3879     if (!lock_user_struct(VERIFY_READ, target_sd, target_addr, 1))
3880         return -TARGET_EFAULT;
3881     if (target_to_host_ipc_perm(&(host_sd->sem_perm),target_addr))
3882         return -TARGET_EFAULT;
3883     host_sd->sem_nsems = tswapal(target_sd->sem_nsems);
3884     host_sd->sem_otime = tswapal(target_sd->sem_otime);
3885     host_sd->sem_ctime = tswapal(target_sd->sem_ctime);
3886     unlock_user_struct(target_sd, target_addr, 0);
3887     return 0;
3888 }
3889 
3890 static inline abi_long host_to_target_semid_ds(abi_ulong target_addr,
3891                                                struct semid_ds *host_sd)
3892 {
3893     struct target_semid64_ds *target_sd;
3894 
3895     if (!lock_user_struct(VERIFY_WRITE, target_sd, target_addr, 0))
3896         return -TARGET_EFAULT;
3897     if (host_to_target_ipc_perm(target_addr,&(host_sd->sem_perm)))
3898         return -TARGET_EFAULT;
3899     target_sd->sem_nsems = tswapal(host_sd->sem_nsems);
3900     target_sd->sem_otime = tswapal(host_sd->sem_otime);
3901     target_sd->sem_ctime = tswapal(host_sd->sem_ctime);
3902     unlock_user_struct(target_sd, target_addr, 1);
3903     return 0;
3904 }
3905 
3906 struct target_seminfo {
3907     int semmap;
3908     int semmni;
3909     int semmns;
3910     int semmnu;
3911     int semmsl;
3912     int semopm;
3913     int semume;
3914     int semusz;
3915     int semvmx;
3916     int semaem;
3917 };
3918 
3919 static inline abi_long host_to_target_seminfo(abi_ulong target_addr,
3920                                               struct seminfo *host_seminfo)
3921 {
3922     struct target_seminfo *target_seminfo;
3923     if (!lock_user_struct(VERIFY_WRITE, target_seminfo, target_addr, 0))
3924         return -TARGET_EFAULT;
3925     __put_user(host_seminfo->semmap, &target_seminfo->semmap);
3926     __put_user(host_seminfo->semmni, &target_seminfo->semmni);
3927     __put_user(host_seminfo->semmns, &target_seminfo->semmns);
3928     __put_user(host_seminfo->semmnu, &target_seminfo->semmnu);
3929     __put_user(host_seminfo->semmsl, &target_seminfo->semmsl);
3930     __put_user(host_seminfo->semopm, &target_seminfo->semopm);
3931     __put_user(host_seminfo->semume, &target_seminfo->semume);
3932     __put_user(host_seminfo->semusz, &target_seminfo->semusz);
3933     __put_user(host_seminfo->semvmx, &target_seminfo->semvmx);
3934     __put_user(host_seminfo->semaem, &target_seminfo->semaem);
3935     unlock_user_struct(target_seminfo, target_addr, 1);
3936     return 0;
3937 }
3938 
3939 union semun {
3940 	int val;
3941 	struct semid_ds *buf;
3942 	unsigned short *array;
3943 	struct seminfo *__buf;
3944 };
3945 
3946 union target_semun {
3947 	int val;
3948 	abi_ulong buf;
3949 	abi_ulong array;
3950 	abi_ulong __buf;
3951 };
3952 
3953 static inline abi_long target_to_host_semarray(int semid, unsigned short **host_array,
3954                                                abi_ulong target_addr)
3955 {
3956     int nsems;
3957     unsigned short *array;
3958     union semun semun;
3959     struct semid_ds semid_ds;
3960     int i, ret;
3961 
3962     semun.buf = &semid_ds;
3963 
3964     ret = semctl(semid, 0, IPC_STAT, semun);
3965     if (ret == -1)
3966         return get_errno(ret);
3967 
3968     nsems = semid_ds.sem_nsems;
3969 
3970     *host_array = g_try_new(unsigned short, nsems);
3971     if (!*host_array) {
3972         return -TARGET_ENOMEM;
3973     }
3974     array = lock_user(VERIFY_READ, target_addr,
3975                       nsems*sizeof(unsigned short), 1);
3976     if (!array) {
3977         g_free(*host_array);
3978         return -TARGET_EFAULT;
3979     }
3980 
3981     for(i=0; i<nsems; i++) {
3982         __get_user((*host_array)[i], &array[i]);
3983     }
3984     unlock_user(array, target_addr, 0);
3985 
3986     return 0;
3987 }
3988 
3989 static inline abi_long host_to_target_semarray(int semid, abi_ulong target_addr,
3990                                                unsigned short **host_array)
3991 {
3992     int nsems;
3993     unsigned short *array;
3994     union semun semun;
3995     struct semid_ds semid_ds;
3996     int i, ret;
3997 
3998     semun.buf = &semid_ds;
3999 
4000     ret = semctl(semid, 0, IPC_STAT, semun);
4001     if (ret == -1)
4002         return get_errno(ret);
4003 
4004     nsems = semid_ds.sem_nsems;
4005 
4006     array = lock_user(VERIFY_WRITE, target_addr,
4007                       nsems*sizeof(unsigned short), 0);
4008     if (!array)
4009         return -TARGET_EFAULT;
4010 
4011     for(i=0; i<nsems; i++) {
4012         __put_user((*host_array)[i], &array[i]);
4013     }
4014     g_free(*host_array);
4015     unlock_user(array, target_addr, 1);
4016 
4017     return 0;
4018 }
4019 
4020 static inline abi_long do_semctl(int semid, int semnum, int cmd,
4021                                  abi_ulong target_arg)
4022 {
4023     union target_semun target_su = { .buf = target_arg };
4024     union semun arg;
4025     struct semid_ds dsarg;
4026     unsigned short *array = NULL;
4027     struct seminfo seminfo;
4028     abi_long ret = -TARGET_EINVAL;
4029     abi_long err;
4030     cmd &= 0xff;
4031 
4032     switch( cmd ) {
4033 	case GETVAL:
4034 	case SETVAL:
4035             /* In 64 bit cross-endian situations, we will erroneously pick up
4036              * the wrong half of the union for the "val" element.  To rectify
4037              * this, the entire 8-byte structure is byteswapped, followed by
4038 	     * a swap of the 4 byte val field. In other cases, the data is
4039 	     * already in proper host byte order. */
4040 	    if (sizeof(target_su.val) != (sizeof(target_su.buf))) {
4041 		target_su.buf = tswapal(target_su.buf);
4042 		arg.val = tswap32(target_su.val);
4043 	    } else {
4044 		arg.val = target_su.val;
4045 	    }
4046             ret = get_errno(semctl(semid, semnum, cmd, arg));
4047             break;
4048 	case GETALL:
4049 	case SETALL:
4050             err = target_to_host_semarray(semid, &array, target_su.array);
4051             if (err)
4052                 return err;
4053             arg.array = array;
4054             ret = get_errno(semctl(semid, semnum, cmd, arg));
4055             err = host_to_target_semarray(semid, target_su.array, &array);
4056             if (err)
4057                 return err;
4058             break;
4059 	case IPC_STAT:
4060 	case IPC_SET:
4061 	case SEM_STAT:
4062             err = target_to_host_semid_ds(&dsarg, target_su.buf);
4063             if (err)
4064                 return err;
4065             arg.buf = &dsarg;
4066             ret = get_errno(semctl(semid, semnum, cmd, arg));
4067             err = host_to_target_semid_ds(target_su.buf, &dsarg);
4068             if (err)
4069                 return err;
4070             break;
4071 	case IPC_INFO:
4072 	case SEM_INFO:
4073             arg.__buf = &seminfo;
4074             ret = get_errno(semctl(semid, semnum, cmd, arg));
4075             err = host_to_target_seminfo(target_su.__buf, &seminfo);
4076             if (err)
4077                 return err;
4078             break;
4079 	case IPC_RMID:
4080 	case GETPID:
4081 	case GETNCNT:
4082 	case GETZCNT:
4083             ret = get_errno(semctl(semid, semnum, cmd, NULL));
4084             break;
4085     }
4086 
4087     return ret;
4088 }
4089 
4090 struct target_sembuf {
4091     unsigned short sem_num;
4092     short sem_op;
4093     short sem_flg;
4094 };
4095 
4096 static inline abi_long target_to_host_sembuf(struct sembuf *host_sembuf,
4097                                              abi_ulong target_addr,
4098                                              unsigned nsops)
4099 {
4100     struct target_sembuf *target_sembuf;
4101     int i;
4102 
4103     target_sembuf = lock_user(VERIFY_READ, target_addr,
4104                               nsops*sizeof(struct target_sembuf), 1);
4105     if (!target_sembuf)
4106         return -TARGET_EFAULT;
4107 
4108     for(i=0; i<nsops; i++) {
4109         __get_user(host_sembuf[i].sem_num, &target_sembuf[i].sem_num);
4110         __get_user(host_sembuf[i].sem_op, &target_sembuf[i].sem_op);
4111         __get_user(host_sembuf[i].sem_flg, &target_sembuf[i].sem_flg);
4112     }
4113 
4114     unlock_user(target_sembuf, target_addr, 0);
4115 
4116     return 0;
4117 }
4118 
4119 #if defined(TARGET_NR_ipc) || defined(TARGET_NR_semop) || \
4120     defined(TARGET_NR_semtimedop) || defined(TARGET_NR_semtimedop_time64)
4121 
4122 /*
4123  * This macro is required to handle the s390 variants, which passes the
4124  * arguments in a different order than default.
4125  */
4126 #ifdef __s390x__
4127 #define SEMTIMEDOP_IPC_ARGS(__nsops, __sops, __timeout) \
4128   (__nsops), (__timeout), (__sops)
4129 #else
4130 #define SEMTIMEDOP_IPC_ARGS(__nsops, __sops, __timeout) \
4131   (__nsops), 0, (__sops), (__timeout)
4132 #endif
4133 
4134 static inline abi_long do_semtimedop(int semid,
4135                                      abi_long ptr,
4136                                      unsigned nsops,
4137                                      abi_long timeout, bool time64)
4138 {
4139     struct sembuf *sops;
4140     struct timespec ts, *pts = NULL;
4141     abi_long ret;
4142 
4143     if (timeout) {
4144         pts = &ts;
4145         if (time64) {
4146             if (target_to_host_timespec64(pts, timeout)) {
4147                 return -TARGET_EFAULT;
4148             }
4149         } else {
4150             if (target_to_host_timespec(pts, timeout)) {
4151                 return -TARGET_EFAULT;
4152             }
4153         }
4154     }
4155 
4156     if (nsops > TARGET_SEMOPM) {
4157         return -TARGET_E2BIG;
4158     }
4159 
4160     sops = g_new(struct sembuf, nsops);
4161 
4162     if (target_to_host_sembuf(sops, ptr, nsops)) {
4163         g_free(sops);
4164         return -TARGET_EFAULT;
4165     }
4166 
4167     ret = -TARGET_ENOSYS;
4168 #ifdef __NR_semtimedop
4169     ret = get_errno(safe_semtimedop(semid, sops, nsops, pts));
4170 #endif
4171 #ifdef __NR_ipc
4172     if (ret == -TARGET_ENOSYS) {
4173         ret = get_errno(safe_ipc(IPCOP_semtimedop, semid,
4174                                  SEMTIMEDOP_IPC_ARGS(nsops, sops, (long)pts)));
4175     }
4176 #endif
4177     g_free(sops);
4178     return ret;
4179 }
4180 #endif
4181 
4182 struct target_msqid_ds
4183 {
4184     struct target_ipc_perm msg_perm;
4185     abi_ulong msg_stime;
4186 #if TARGET_ABI_BITS == 32
4187     abi_ulong __unused1;
4188 #endif
4189     abi_ulong msg_rtime;
4190 #if TARGET_ABI_BITS == 32
4191     abi_ulong __unused2;
4192 #endif
4193     abi_ulong msg_ctime;
4194 #if TARGET_ABI_BITS == 32
4195     abi_ulong __unused3;
4196 #endif
4197     abi_ulong __msg_cbytes;
4198     abi_ulong msg_qnum;
4199     abi_ulong msg_qbytes;
4200     abi_ulong msg_lspid;
4201     abi_ulong msg_lrpid;
4202     abi_ulong __unused4;
4203     abi_ulong __unused5;
4204 };
4205 
4206 static inline abi_long target_to_host_msqid_ds(struct msqid_ds *host_md,
4207                                                abi_ulong target_addr)
4208 {
4209     struct target_msqid_ds *target_md;
4210 
4211     if (!lock_user_struct(VERIFY_READ, target_md, target_addr, 1))
4212         return -TARGET_EFAULT;
4213     if (target_to_host_ipc_perm(&(host_md->msg_perm),target_addr))
4214         return -TARGET_EFAULT;
4215     host_md->msg_stime = tswapal(target_md->msg_stime);
4216     host_md->msg_rtime = tswapal(target_md->msg_rtime);
4217     host_md->msg_ctime = tswapal(target_md->msg_ctime);
4218     host_md->__msg_cbytes = tswapal(target_md->__msg_cbytes);
4219     host_md->msg_qnum = tswapal(target_md->msg_qnum);
4220     host_md->msg_qbytes = tswapal(target_md->msg_qbytes);
4221     host_md->msg_lspid = tswapal(target_md->msg_lspid);
4222     host_md->msg_lrpid = tswapal(target_md->msg_lrpid);
4223     unlock_user_struct(target_md, target_addr, 0);
4224     return 0;
4225 }
4226 
4227 static inline abi_long host_to_target_msqid_ds(abi_ulong target_addr,
4228                                                struct msqid_ds *host_md)
4229 {
4230     struct target_msqid_ds *target_md;
4231 
4232     if (!lock_user_struct(VERIFY_WRITE, target_md, target_addr, 0))
4233         return -TARGET_EFAULT;
4234     if (host_to_target_ipc_perm(target_addr,&(host_md->msg_perm)))
4235         return -TARGET_EFAULT;
4236     target_md->msg_stime = tswapal(host_md->msg_stime);
4237     target_md->msg_rtime = tswapal(host_md->msg_rtime);
4238     target_md->msg_ctime = tswapal(host_md->msg_ctime);
4239     target_md->__msg_cbytes = tswapal(host_md->__msg_cbytes);
4240     target_md->msg_qnum = tswapal(host_md->msg_qnum);
4241     target_md->msg_qbytes = tswapal(host_md->msg_qbytes);
4242     target_md->msg_lspid = tswapal(host_md->msg_lspid);
4243     target_md->msg_lrpid = tswapal(host_md->msg_lrpid);
4244     unlock_user_struct(target_md, target_addr, 1);
4245     return 0;
4246 }
4247 
4248 struct target_msginfo {
4249     int msgpool;
4250     int msgmap;
4251     int msgmax;
4252     int msgmnb;
4253     int msgmni;
4254     int msgssz;
4255     int msgtql;
4256     unsigned short int msgseg;
4257 };
4258 
4259 static inline abi_long host_to_target_msginfo(abi_ulong target_addr,
4260                                               struct msginfo *host_msginfo)
4261 {
4262     struct target_msginfo *target_msginfo;
4263     if (!lock_user_struct(VERIFY_WRITE, target_msginfo, target_addr, 0))
4264         return -TARGET_EFAULT;
4265     __put_user(host_msginfo->msgpool, &target_msginfo->msgpool);
4266     __put_user(host_msginfo->msgmap, &target_msginfo->msgmap);
4267     __put_user(host_msginfo->msgmax, &target_msginfo->msgmax);
4268     __put_user(host_msginfo->msgmnb, &target_msginfo->msgmnb);
4269     __put_user(host_msginfo->msgmni, &target_msginfo->msgmni);
4270     __put_user(host_msginfo->msgssz, &target_msginfo->msgssz);
4271     __put_user(host_msginfo->msgtql, &target_msginfo->msgtql);
4272     __put_user(host_msginfo->msgseg, &target_msginfo->msgseg);
4273     unlock_user_struct(target_msginfo, target_addr, 1);
4274     return 0;
4275 }
4276 
4277 static inline abi_long do_msgctl(int msgid, int cmd, abi_long ptr)
4278 {
4279     struct msqid_ds dsarg;
4280     struct msginfo msginfo;
4281     abi_long ret = -TARGET_EINVAL;
4282 
4283     cmd &= 0xff;
4284 
4285     switch (cmd) {
4286     case IPC_STAT:
4287     case IPC_SET:
4288     case MSG_STAT:
4289         if (target_to_host_msqid_ds(&dsarg,ptr))
4290             return -TARGET_EFAULT;
4291         ret = get_errno(msgctl(msgid, cmd, &dsarg));
4292         if (host_to_target_msqid_ds(ptr,&dsarg))
4293             return -TARGET_EFAULT;
4294         break;
4295     case IPC_RMID:
4296         ret = get_errno(msgctl(msgid, cmd, NULL));
4297         break;
4298     case IPC_INFO:
4299     case MSG_INFO:
4300         ret = get_errno(msgctl(msgid, cmd, (struct msqid_ds *)&msginfo));
4301         if (host_to_target_msginfo(ptr, &msginfo))
4302             return -TARGET_EFAULT;
4303         break;
4304     }
4305 
4306     return ret;
4307 }
4308 
4309 struct target_msgbuf {
4310     abi_long mtype;
4311     char	mtext[1];
4312 };
4313 
4314 static inline abi_long do_msgsnd(int msqid, abi_long msgp,
4315                                  ssize_t msgsz, int msgflg)
4316 {
4317     struct target_msgbuf *target_mb;
4318     struct msgbuf *host_mb;
4319     abi_long ret = 0;
4320 
4321     if (msgsz < 0) {
4322         return -TARGET_EINVAL;
4323     }
4324 
4325     if (!lock_user_struct(VERIFY_READ, target_mb, msgp, 0))
4326         return -TARGET_EFAULT;
4327     host_mb = g_try_malloc(msgsz + sizeof(long));
4328     if (!host_mb) {
4329         unlock_user_struct(target_mb, msgp, 0);
4330         return -TARGET_ENOMEM;
4331     }
4332     host_mb->mtype = (abi_long) tswapal(target_mb->mtype);
4333     memcpy(host_mb->mtext, target_mb->mtext, msgsz);
4334     ret = -TARGET_ENOSYS;
4335 #ifdef __NR_msgsnd
4336     ret = get_errno(safe_msgsnd(msqid, host_mb, msgsz, msgflg));
4337 #endif
4338 #ifdef __NR_ipc
4339     if (ret == -TARGET_ENOSYS) {
4340 #ifdef __s390x__
4341         ret = get_errno(safe_ipc(IPCOP_msgsnd, msqid, msgsz, msgflg,
4342                                  host_mb));
4343 #else
4344         ret = get_errno(safe_ipc(IPCOP_msgsnd, msqid, msgsz, msgflg,
4345                                  host_mb, 0));
4346 #endif
4347     }
4348 #endif
4349     g_free(host_mb);
4350     unlock_user_struct(target_mb, msgp, 0);
4351 
4352     return ret;
4353 }
4354 
4355 #ifdef __NR_ipc
4356 #if defined(__sparc__)
4357 /* SPARC for msgrcv it does not use the kludge on final 2 arguments.  */
4358 #define MSGRCV_ARGS(__msgp, __msgtyp) __msgp, __msgtyp
4359 #elif defined(__s390x__)
4360 /* The s390 sys_ipc variant has only five parameters.  */
4361 #define MSGRCV_ARGS(__msgp, __msgtyp) \
4362     ((long int[]){(long int)__msgp, __msgtyp})
4363 #else
4364 #define MSGRCV_ARGS(__msgp, __msgtyp) \
4365     ((long int[]){(long int)__msgp, __msgtyp}), 0
4366 #endif
4367 #endif
4368 
4369 static inline abi_long do_msgrcv(int msqid, abi_long msgp,
4370                                  ssize_t msgsz, abi_long msgtyp,
4371                                  int msgflg)
4372 {
4373     struct target_msgbuf *target_mb;
4374     char *target_mtext;
4375     struct msgbuf *host_mb;
4376     abi_long ret = 0;
4377 
4378     if (msgsz < 0) {
4379         return -TARGET_EINVAL;
4380     }
4381 
4382     if (!lock_user_struct(VERIFY_WRITE, target_mb, msgp, 0))
4383         return -TARGET_EFAULT;
4384 
4385     host_mb = g_try_malloc(msgsz + sizeof(long));
4386     if (!host_mb) {
4387         ret = -TARGET_ENOMEM;
4388         goto end;
4389     }
4390     ret = -TARGET_ENOSYS;
4391 #ifdef __NR_msgrcv
4392     ret = get_errno(safe_msgrcv(msqid, host_mb, msgsz, msgtyp, msgflg));
4393 #endif
4394 #ifdef __NR_ipc
4395     if (ret == -TARGET_ENOSYS) {
4396         ret = get_errno(safe_ipc(IPCOP_CALL(1, IPCOP_msgrcv), msqid, msgsz,
4397                         msgflg, MSGRCV_ARGS(host_mb, msgtyp)));
4398     }
4399 #endif
4400 
4401     if (ret > 0) {
4402         abi_ulong target_mtext_addr = msgp + sizeof(abi_ulong);
4403         target_mtext = lock_user(VERIFY_WRITE, target_mtext_addr, ret, 0);
4404         if (!target_mtext) {
4405             ret = -TARGET_EFAULT;
4406             goto end;
4407         }
4408         memcpy(target_mb->mtext, host_mb->mtext, ret);
4409         unlock_user(target_mtext, target_mtext_addr, ret);
4410     }
4411 
4412     target_mb->mtype = tswapal(host_mb->mtype);
4413 
4414 end:
4415     if (target_mb)
4416         unlock_user_struct(target_mb, msgp, 1);
4417     g_free(host_mb);
4418     return ret;
4419 }
4420 
4421 static inline abi_long target_to_host_shmid_ds(struct shmid_ds *host_sd,
4422                                                abi_ulong target_addr)
4423 {
4424     struct target_shmid_ds *target_sd;
4425 
4426     if (!lock_user_struct(VERIFY_READ, target_sd, target_addr, 1))
4427         return -TARGET_EFAULT;
4428     if (target_to_host_ipc_perm(&(host_sd->shm_perm), target_addr))
4429         return -TARGET_EFAULT;
4430     __get_user(host_sd->shm_segsz, &target_sd->shm_segsz);
4431     __get_user(host_sd->shm_atime, &target_sd->shm_atime);
4432     __get_user(host_sd->shm_dtime, &target_sd->shm_dtime);
4433     __get_user(host_sd->shm_ctime, &target_sd->shm_ctime);
4434     __get_user(host_sd->shm_cpid, &target_sd->shm_cpid);
4435     __get_user(host_sd->shm_lpid, &target_sd->shm_lpid);
4436     __get_user(host_sd->shm_nattch, &target_sd->shm_nattch);
4437     unlock_user_struct(target_sd, target_addr, 0);
4438     return 0;
4439 }
4440 
4441 static inline abi_long host_to_target_shmid_ds(abi_ulong target_addr,
4442                                                struct shmid_ds *host_sd)
4443 {
4444     struct target_shmid_ds *target_sd;
4445 
4446     if (!lock_user_struct(VERIFY_WRITE, target_sd, target_addr, 0))
4447         return -TARGET_EFAULT;
4448     if (host_to_target_ipc_perm(target_addr, &(host_sd->shm_perm)))
4449         return -TARGET_EFAULT;
4450     __put_user(host_sd->shm_segsz, &target_sd->shm_segsz);
4451     __put_user(host_sd->shm_atime, &target_sd->shm_atime);
4452     __put_user(host_sd->shm_dtime, &target_sd->shm_dtime);
4453     __put_user(host_sd->shm_ctime, &target_sd->shm_ctime);
4454     __put_user(host_sd->shm_cpid, &target_sd->shm_cpid);
4455     __put_user(host_sd->shm_lpid, &target_sd->shm_lpid);
4456     __put_user(host_sd->shm_nattch, &target_sd->shm_nattch);
4457     unlock_user_struct(target_sd, target_addr, 1);
4458     return 0;
4459 }
4460 
4461 struct  target_shminfo {
4462     abi_ulong shmmax;
4463     abi_ulong shmmin;
4464     abi_ulong shmmni;
4465     abi_ulong shmseg;
4466     abi_ulong shmall;
4467 };
4468 
4469 static inline abi_long host_to_target_shminfo(abi_ulong target_addr,
4470                                               struct shminfo *host_shminfo)
4471 {
4472     struct target_shminfo *target_shminfo;
4473     if (!lock_user_struct(VERIFY_WRITE, target_shminfo, target_addr, 0))
4474         return -TARGET_EFAULT;
4475     __put_user(host_shminfo->shmmax, &target_shminfo->shmmax);
4476     __put_user(host_shminfo->shmmin, &target_shminfo->shmmin);
4477     __put_user(host_shminfo->shmmni, &target_shminfo->shmmni);
4478     __put_user(host_shminfo->shmseg, &target_shminfo->shmseg);
4479     __put_user(host_shminfo->shmall, &target_shminfo->shmall);
4480     unlock_user_struct(target_shminfo, target_addr, 1);
4481     return 0;
4482 }
4483 
4484 struct target_shm_info {
4485     int used_ids;
4486     abi_ulong shm_tot;
4487     abi_ulong shm_rss;
4488     abi_ulong shm_swp;
4489     abi_ulong swap_attempts;
4490     abi_ulong swap_successes;
4491 };
4492 
4493 static inline abi_long host_to_target_shm_info(abi_ulong target_addr,
4494                                                struct shm_info *host_shm_info)
4495 {
4496     struct target_shm_info *target_shm_info;
4497     if (!lock_user_struct(VERIFY_WRITE, target_shm_info, target_addr, 0))
4498         return -TARGET_EFAULT;
4499     __put_user(host_shm_info->used_ids, &target_shm_info->used_ids);
4500     __put_user(host_shm_info->shm_tot, &target_shm_info->shm_tot);
4501     __put_user(host_shm_info->shm_rss, &target_shm_info->shm_rss);
4502     __put_user(host_shm_info->shm_swp, &target_shm_info->shm_swp);
4503     __put_user(host_shm_info->swap_attempts, &target_shm_info->swap_attempts);
4504     __put_user(host_shm_info->swap_successes, &target_shm_info->swap_successes);
4505     unlock_user_struct(target_shm_info, target_addr, 1);
4506     return 0;
4507 }
4508 
4509 static inline abi_long do_shmctl(int shmid, int cmd, abi_long buf)
4510 {
4511     struct shmid_ds dsarg;
4512     struct shminfo shminfo;
4513     struct shm_info shm_info;
4514     abi_long ret = -TARGET_EINVAL;
4515 
4516     cmd &= 0xff;
4517 
4518     switch(cmd) {
4519     case IPC_STAT:
4520     case IPC_SET:
4521     case SHM_STAT:
4522         if (target_to_host_shmid_ds(&dsarg, buf))
4523             return -TARGET_EFAULT;
4524         ret = get_errno(shmctl(shmid, cmd, &dsarg));
4525         if (host_to_target_shmid_ds(buf, &dsarg))
4526             return -TARGET_EFAULT;
4527         break;
4528     case IPC_INFO:
4529         ret = get_errno(shmctl(shmid, cmd, (struct shmid_ds *)&shminfo));
4530         if (host_to_target_shminfo(buf, &shminfo))
4531             return -TARGET_EFAULT;
4532         break;
4533     case SHM_INFO:
4534         ret = get_errno(shmctl(shmid, cmd, (struct shmid_ds *)&shm_info));
4535         if (host_to_target_shm_info(buf, &shm_info))
4536             return -TARGET_EFAULT;
4537         break;
4538     case IPC_RMID:
4539     case SHM_LOCK:
4540     case SHM_UNLOCK:
4541         ret = get_errno(shmctl(shmid, cmd, NULL));
4542         break;
4543     }
4544 
4545     return ret;
4546 }
4547 
4548 #ifndef TARGET_FORCE_SHMLBA
4549 /* For most architectures, SHMLBA is the same as the page size;
4550  * some architectures have larger values, in which case they should
4551  * define TARGET_FORCE_SHMLBA and provide a target_shmlba() function.
4552  * This corresponds to the kernel arch code defining __ARCH_FORCE_SHMLBA
4553  * and defining its own value for SHMLBA.
4554  *
4555  * The kernel also permits SHMLBA to be set by the architecture to a
4556  * value larger than the page size without setting __ARCH_FORCE_SHMLBA;
4557  * this means that addresses are rounded to the large size if
4558  * SHM_RND is set but addresses not aligned to that size are not rejected
4559  * as long as they are at least page-aligned. Since the only architecture
4560  * which uses this is ia64 this code doesn't provide for that oddity.
4561  */
4562 static inline abi_ulong target_shmlba(CPUArchState *cpu_env)
4563 {
4564     return TARGET_PAGE_SIZE;
4565 }
4566 #endif
4567 
4568 static inline abi_ulong do_shmat(CPUArchState *cpu_env,
4569                                  int shmid, abi_ulong shmaddr, int shmflg)
4570 {
4571     abi_long raddr;
4572     void *host_raddr;
4573     struct shmid_ds shm_info;
4574     int i,ret;
4575     abi_ulong shmlba;
4576 
4577     /* find out the length of the shared memory segment */
4578     ret = get_errno(shmctl(shmid, IPC_STAT, &shm_info));
4579     if (is_error(ret)) {
4580         /* can't get length, bail out */
4581         return ret;
4582     }
4583 
4584     shmlba = target_shmlba(cpu_env);
4585 
4586     if (shmaddr & (shmlba - 1)) {
4587         if (shmflg & SHM_RND) {
4588             shmaddr &= ~(shmlba - 1);
4589         } else {
4590             return -TARGET_EINVAL;
4591         }
4592     }
4593     if (!guest_range_valid(shmaddr, shm_info.shm_segsz)) {
4594         return -TARGET_EINVAL;
4595     }
4596 
4597     mmap_lock();
4598 
4599     if (shmaddr)
4600         host_raddr = shmat(shmid, (void *)g2h(shmaddr), shmflg);
4601     else {
4602         abi_ulong mmap_start;
4603 
4604         /* In order to use the host shmat, we need to honor host SHMLBA.  */
4605         mmap_start = mmap_find_vma(0, shm_info.shm_segsz, MAX(SHMLBA, shmlba));
4606 
4607         if (mmap_start == -1) {
4608             errno = ENOMEM;
4609             host_raddr = (void *)-1;
4610         } else
4611             host_raddr = shmat(shmid, g2h(mmap_start), shmflg | SHM_REMAP);
4612     }
4613 
4614     if (host_raddr == (void *)-1) {
4615         mmap_unlock();
4616         return get_errno((long)host_raddr);
4617     }
4618     raddr=h2g((unsigned long)host_raddr);
4619 
4620     page_set_flags(raddr, raddr + shm_info.shm_segsz,
4621                    PAGE_VALID | PAGE_READ |
4622                    ((shmflg & SHM_RDONLY)? 0 : PAGE_WRITE));
4623 
4624     for (i = 0; i < N_SHM_REGIONS; i++) {
4625         if (!shm_regions[i].in_use) {
4626             shm_regions[i].in_use = true;
4627             shm_regions[i].start = raddr;
4628             shm_regions[i].size = shm_info.shm_segsz;
4629             break;
4630         }
4631     }
4632 
4633     mmap_unlock();
4634     return raddr;
4635 
4636 }
4637 
4638 static inline abi_long do_shmdt(abi_ulong shmaddr)
4639 {
4640     int i;
4641     abi_long rv;
4642 
4643     mmap_lock();
4644 
4645     for (i = 0; i < N_SHM_REGIONS; ++i) {
4646         if (shm_regions[i].in_use && shm_regions[i].start == shmaddr) {
4647             shm_regions[i].in_use = false;
4648             page_set_flags(shmaddr, shmaddr + shm_regions[i].size, 0);
4649             break;
4650         }
4651     }
4652     rv = get_errno(shmdt(g2h(shmaddr)));
4653 
4654     mmap_unlock();
4655 
4656     return rv;
4657 }
4658 
4659 #ifdef TARGET_NR_ipc
4660 /* ??? This only works with linear mappings.  */
4661 /* do_ipc() must return target values and target errnos. */
4662 static abi_long do_ipc(CPUArchState *cpu_env,
4663                        unsigned int call, abi_long first,
4664                        abi_long second, abi_long third,
4665                        abi_long ptr, abi_long fifth)
4666 {
4667     int version;
4668     abi_long ret = 0;
4669 
4670     version = call >> 16;
4671     call &= 0xffff;
4672 
4673     switch (call) {
4674     case IPCOP_semop:
4675         ret = do_semtimedop(first, ptr, second, 0, false);
4676         break;
4677     case IPCOP_semtimedop:
4678     /*
4679      * The s390 sys_ipc variant has only five parameters instead of six
4680      * (as for default variant) and the only difference is the handling of
4681      * SEMTIMEDOP where on s390 the third parameter is used as a pointer
4682      * to a struct timespec where the generic variant uses fifth parameter.
4683      */
4684 #if defined(TARGET_S390X)
4685         ret = do_semtimedop(first, ptr, second, third, TARGET_ABI_BITS == 64);
4686 #else
4687         ret = do_semtimedop(first, ptr, second, fifth, TARGET_ABI_BITS == 64);
4688 #endif
4689         break;
4690 
4691     case IPCOP_semget:
4692         ret = get_errno(semget(first, second, third));
4693         break;
4694 
4695     case IPCOP_semctl: {
4696         /* The semun argument to semctl is passed by value, so dereference the
4697          * ptr argument. */
4698         abi_ulong atptr;
4699         get_user_ual(atptr, ptr);
4700         ret = do_semctl(first, second, third, atptr);
4701         break;
4702     }
4703 
4704     case IPCOP_msgget:
4705         ret = get_errno(msgget(first, second));
4706         break;
4707 
4708     case IPCOP_msgsnd:
4709         ret = do_msgsnd(first, ptr, second, third);
4710         break;
4711 
4712     case IPCOP_msgctl:
4713         ret = do_msgctl(first, second, ptr);
4714         break;
4715 
4716     case IPCOP_msgrcv:
4717         switch (version) {
4718         case 0:
4719             {
4720                 struct target_ipc_kludge {
4721                     abi_long msgp;
4722                     abi_long msgtyp;
4723                 } *tmp;
4724 
4725                 if (!lock_user_struct(VERIFY_READ, tmp, ptr, 1)) {
4726                     ret = -TARGET_EFAULT;
4727                     break;
4728                 }
4729 
4730                 ret = do_msgrcv(first, tswapal(tmp->msgp), second, tswapal(tmp->msgtyp), third);
4731 
4732                 unlock_user_struct(tmp, ptr, 0);
4733                 break;
4734             }
4735         default:
4736             ret = do_msgrcv(first, ptr, second, fifth, third);
4737         }
4738         break;
4739 
4740     case IPCOP_shmat:
4741         switch (version) {
4742         default:
4743         {
4744             abi_ulong raddr;
4745             raddr = do_shmat(cpu_env, first, ptr, second);
4746             if (is_error(raddr))
4747                 return get_errno(raddr);
4748             if (put_user_ual(raddr, third))
4749                 return -TARGET_EFAULT;
4750             break;
4751         }
4752         case 1:
4753             ret = -TARGET_EINVAL;
4754             break;
4755         }
4756 	break;
4757     case IPCOP_shmdt:
4758         ret = do_shmdt(ptr);
4759 	break;
4760 
4761     case IPCOP_shmget:
4762 	/* IPC_* flag values are the same on all linux platforms */
4763 	ret = get_errno(shmget(first, second, third));
4764 	break;
4765 
4766 	/* IPC_* and SHM_* command values are the same on all linux platforms */
4767     case IPCOP_shmctl:
4768         ret = do_shmctl(first, second, ptr);
4769         break;
4770     default:
4771         qemu_log_mask(LOG_UNIMP, "Unsupported ipc call: %d (version %d)\n",
4772                       call, version);
4773 	ret = -TARGET_ENOSYS;
4774 	break;
4775     }
4776     return ret;
4777 }
4778 #endif
4779 
4780 /* kernel structure types definitions */
4781 
4782 #define STRUCT(name, ...) STRUCT_ ## name,
4783 #define STRUCT_SPECIAL(name) STRUCT_ ## name,
4784 enum {
4785 #include "syscall_types.h"
4786 STRUCT_MAX
4787 };
4788 #undef STRUCT
4789 #undef STRUCT_SPECIAL
4790 
4791 #define STRUCT(name, ...) static const argtype struct_ ## name ## _def[] = {  __VA_ARGS__, TYPE_NULL };
4792 #define STRUCT_SPECIAL(name)
4793 #include "syscall_types.h"
4794 #undef STRUCT
4795 #undef STRUCT_SPECIAL
4796 
4797 #define MAX_STRUCT_SIZE 4096
4798 
4799 #ifdef CONFIG_FIEMAP
4800 /* So fiemap access checks don't overflow on 32 bit systems.
4801  * This is very slightly smaller than the limit imposed by
4802  * the underlying kernel.
4803  */
4804 #define FIEMAP_MAX_EXTENTS ((UINT_MAX - sizeof(struct fiemap))  \
4805                             / sizeof(struct fiemap_extent))
4806 
4807 static abi_long do_ioctl_fs_ioc_fiemap(const IOCTLEntry *ie, uint8_t *buf_temp,
4808                                        int fd, int cmd, abi_long arg)
4809 {
4810     /* The parameter for this ioctl is a struct fiemap followed
4811      * by an array of struct fiemap_extent whose size is set
4812      * in fiemap->fm_extent_count. The array is filled in by the
4813      * ioctl.
4814      */
4815     int target_size_in, target_size_out;
4816     struct fiemap *fm;
4817     const argtype *arg_type = ie->arg_type;
4818     const argtype extent_arg_type[] = { MK_STRUCT(STRUCT_fiemap_extent) };
4819     void *argptr, *p;
4820     abi_long ret;
4821     int i, extent_size = thunk_type_size(extent_arg_type, 0);
4822     uint32_t outbufsz;
4823     int free_fm = 0;
4824 
4825     assert(arg_type[0] == TYPE_PTR);
4826     assert(ie->access == IOC_RW);
4827     arg_type++;
4828     target_size_in = thunk_type_size(arg_type, 0);
4829     argptr = lock_user(VERIFY_READ, arg, target_size_in, 1);
4830     if (!argptr) {
4831         return -TARGET_EFAULT;
4832     }
4833     thunk_convert(buf_temp, argptr, arg_type, THUNK_HOST);
4834     unlock_user(argptr, arg, 0);
4835     fm = (struct fiemap *)buf_temp;
4836     if (fm->fm_extent_count > FIEMAP_MAX_EXTENTS) {
4837         return -TARGET_EINVAL;
4838     }
4839 
4840     outbufsz = sizeof (*fm) +
4841         (sizeof(struct fiemap_extent) * fm->fm_extent_count);
4842 
4843     if (outbufsz > MAX_STRUCT_SIZE) {
4844         /* We can't fit all the extents into the fixed size buffer.
4845          * Allocate one that is large enough and use it instead.
4846          */
4847         fm = g_try_malloc(outbufsz);
4848         if (!fm) {
4849             return -TARGET_ENOMEM;
4850         }
4851         memcpy(fm, buf_temp, sizeof(struct fiemap));
4852         free_fm = 1;
4853     }
4854     ret = get_errno(safe_ioctl(fd, ie->host_cmd, fm));
4855     if (!is_error(ret)) {
4856         target_size_out = target_size_in;
4857         /* An extent_count of 0 means we were only counting the extents
4858          * so there are no structs to copy
4859          */
4860         if (fm->fm_extent_count != 0) {
4861             target_size_out += fm->fm_mapped_extents * extent_size;
4862         }
4863         argptr = lock_user(VERIFY_WRITE, arg, target_size_out, 0);
4864         if (!argptr) {
4865             ret = -TARGET_EFAULT;
4866         } else {
4867             /* Convert the struct fiemap */
4868             thunk_convert(argptr, fm, arg_type, THUNK_TARGET);
4869             if (fm->fm_extent_count != 0) {
4870                 p = argptr + target_size_in;
4871                 /* ...and then all the struct fiemap_extents */
4872                 for (i = 0; i < fm->fm_mapped_extents; i++) {
4873                     thunk_convert(p, &fm->fm_extents[i], extent_arg_type,
4874                                   THUNK_TARGET);
4875                     p += extent_size;
4876                 }
4877             }
4878             unlock_user(argptr, arg, target_size_out);
4879         }
4880     }
4881     if (free_fm) {
4882         g_free(fm);
4883     }
4884     return ret;
4885 }
4886 #endif
4887 
4888 static abi_long do_ioctl_ifconf(const IOCTLEntry *ie, uint8_t *buf_temp,
4889                                 int fd, int cmd, abi_long arg)
4890 {
4891     const argtype *arg_type = ie->arg_type;
4892     int target_size;
4893     void *argptr;
4894     int ret;
4895     struct ifconf *host_ifconf;
4896     uint32_t outbufsz;
4897     const argtype ifreq_arg_type[] = { MK_STRUCT(STRUCT_sockaddr_ifreq) };
4898     int target_ifreq_size;
4899     int nb_ifreq;
4900     int free_buf = 0;
4901     int i;
4902     int target_ifc_len;
4903     abi_long target_ifc_buf;
4904     int host_ifc_len;
4905     char *host_ifc_buf;
4906 
4907     assert(arg_type[0] == TYPE_PTR);
4908     assert(ie->access == IOC_RW);
4909 
4910     arg_type++;
4911     target_size = thunk_type_size(arg_type, 0);
4912 
4913     argptr = lock_user(VERIFY_READ, arg, target_size, 1);
4914     if (!argptr)
4915         return -TARGET_EFAULT;
4916     thunk_convert(buf_temp, argptr, arg_type, THUNK_HOST);
4917     unlock_user(argptr, arg, 0);
4918 
4919     host_ifconf = (struct ifconf *)(unsigned long)buf_temp;
4920     target_ifc_buf = (abi_long)(unsigned long)host_ifconf->ifc_buf;
4921     target_ifreq_size = thunk_type_size(ifreq_arg_type, 0);
4922 
4923     if (target_ifc_buf != 0) {
4924         target_ifc_len = host_ifconf->ifc_len;
4925         nb_ifreq = target_ifc_len / target_ifreq_size;
4926         host_ifc_len = nb_ifreq * sizeof(struct ifreq);
4927 
4928         outbufsz = sizeof(*host_ifconf) + host_ifc_len;
4929         if (outbufsz > MAX_STRUCT_SIZE) {
4930             /*
4931              * We can't fit all the extents into the fixed size buffer.
4932              * Allocate one that is large enough and use it instead.
4933              */
4934             host_ifconf = malloc(outbufsz);
4935             if (!host_ifconf) {
4936                 return -TARGET_ENOMEM;
4937             }
4938             memcpy(host_ifconf, buf_temp, sizeof(*host_ifconf));
4939             free_buf = 1;
4940         }
4941         host_ifc_buf = (char *)host_ifconf + sizeof(*host_ifconf);
4942 
4943         host_ifconf->ifc_len = host_ifc_len;
4944     } else {
4945       host_ifc_buf = NULL;
4946     }
4947     host_ifconf->ifc_buf = host_ifc_buf;
4948 
4949     ret = get_errno(safe_ioctl(fd, ie->host_cmd, host_ifconf));
4950     if (!is_error(ret)) {
4951 	/* convert host ifc_len to target ifc_len */
4952 
4953         nb_ifreq = host_ifconf->ifc_len / sizeof(struct ifreq);
4954         target_ifc_len = nb_ifreq * target_ifreq_size;
4955         host_ifconf->ifc_len = target_ifc_len;
4956 
4957 	/* restore target ifc_buf */
4958 
4959         host_ifconf->ifc_buf = (char *)(unsigned long)target_ifc_buf;
4960 
4961 	/* copy struct ifconf to target user */
4962 
4963         argptr = lock_user(VERIFY_WRITE, arg, target_size, 0);
4964         if (!argptr)
4965             return -TARGET_EFAULT;
4966         thunk_convert(argptr, host_ifconf, arg_type, THUNK_TARGET);
4967         unlock_user(argptr, arg, target_size);
4968 
4969         if (target_ifc_buf != 0) {
4970             /* copy ifreq[] to target user */
4971             argptr = lock_user(VERIFY_WRITE, target_ifc_buf, target_ifc_len, 0);
4972             for (i = 0; i < nb_ifreq ; i++) {
4973                 thunk_convert(argptr + i * target_ifreq_size,
4974                               host_ifc_buf + i * sizeof(struct ifreq),
4975                               ifreq_arg_type, THUNK_TARGET);
4976             }
4977             unlock_user(argptr, target_ifc_buf, target_ifc_len);
4978         }
4979     }
4980 
4981     if (free_buf) {
4982         free(host_ifconf);
4983     }
4984 
4985     return ret;
4986 }
4987 
4988 #if defined(CONFIG_USBFS)
4989 #if HOST_LONG_BITS > 64
4990 #error USBDEVFS thunks do not support >64 bit hosts yet.
4991 #endif
4992 struct live_urb {
4993     uint64_t target_urb_adr;
4994     uint64_t target_buf_adr;
4995     char *target_buf_ptr;
4996     struct usbdevfs_urb host_urb;
4997 };
4998 
4999 static GHashTable *usbdevfs_urb_hashtable(void)
5000 {
5001     static GHashTable *urb_hashtable;
5002 
5003     if (!urb_hashtable) {
5004         urb_hashtable = g_hash_table_new(g_int64_hash, g_int64_equal);
5005     }
5006     return urb_hashtable;
5007 }
5008 
5009 static void urb_hashtable_insert(struct live_urb *urb)
5010 {
5011     GHashTable *urb_hashtable = usbdevfs_urb_hashtable();
5012     g_hash_table_insert(urb_hashtable, urb, urb);
5013 }
5014 
5015 static struct live_urb *urb_hashtable_lookup(uint64_t target_urb_adr)
5016 {
5017     GHashTable *urb_hashtable = usbdevfs_urb_hashtable();
5018     return g_hash_table_lookup(urb_hashtable, &target_urb_adr);
5019 }
5020 
5021 static void urb_hashtable_remove(struct live_urb *urb)
5022 {
5023     GHashTable *urb_hashtable = usbdevfs_urb_hashtable();
5024     g_hash_table_remove(urb_hashtable, urb);
5025 }
5026 
5027 static abi_long
5028 do_ioctl_usbdevfs_reapurb(const IOCTLEntry *ie, uint8_t *buf_temp,
5029                           int fd, int cmd, abi_long arg)
5030 {
5031     const argtype usbfsurb_arg_type[] = { MK_STRUCT(STRUCT_usbdevfs_urb) };
5032     const argtype ptrvoid_arg_type[] = { TYPE_PTRVOID, 0, 0 };
5033     struct live_urb *lurb;
5034     void *argptr;
5035     uint64_t hurb;
5036     int target_size;
5037     uintptr_t target_urb_adr;
5038     abi_long ret;
5039 
5040     target_size = thunk_type_size(usbfsurb_arg_type, THUNK_TARGET);
5041 
5042     memset(buf_temp, 0, sizeof(uint64_t));
5043     ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp));
5044     if (is_error(ret)) {
5045         return ret;
5046     }
5047 
5048     memcpy(&hurb, buf_temp, sizeof(uint64_t));
5049     lurb = (void *)((uintptr_t)hurb - offsetof(struct live_urb, host_urb));
5050     if (!lurb->target_urb_adr) {
5051         return -TARGET_EFAULT;
5052     }
5053     urb_hashtable_remove(lurb);
5054     unlock_user(lurb->target_buf_ptr, lurb->target_buf_adr,
5055         lurb->host_urb.buffer_length);
5056     lurb->target_buf_ptr = NULL;
5057 
5058     /* restore the guest buffer pointer */
5059     lurb->host_urb.buffer = (void *)(uintptr_t)lurb->target_buf_adr;
5060 
5061     /* update the guest urb struct */
5062     argptr = lock_user(VERIFY_WRITE, lurb->target_urb_adr, target_size, 0);
5063     if (!argptr) {
5064         g_free(lurb);
5065         return -TARGET_EFAULT;
5066     }
5067     thunk_convert(argptr, &lurb->host_urb, usbfsurb_arg_type, THUNK_TARGET);
5068     unlock_user(argptr, lurb->target_urb_adr, target_size);
5069 
5070     target_size = thunk_type_size(ptrvoid_arg_type, THUNK_TARGET);
5071     /* write back the urb handle */
5072     argptr = lock_user(VERIFY_WRITE, arg, target_size, 0);
5073     if (!argptr) {
5074         g_free(lurb);
5075         return -TARGET_EFAULT;
5076     }
5077 
5078     /* GHashTable uses 64-bit keys but thunk_convert expects uintptr_t */
5079     target_urb_adr = lurb->target_urb_adr;
5080     thunk_convert(argptr, &target_urb_adr, ptrvoid_arg_type, THUNK_TARGET);
5081     unlock_user(argptr, arg, target_size);
5082 
5083     g_free(lurb);
5084     return ret;
5085 }
5086 
5087 static abi_long
5088 do_ioctl_usbdevfs_discardurb(const IOCTLEntry *ie,
5089                              uint8_t *buf_temp __attribute__((unused)),
5090                              int fd, int cmd, abi_long arg)
5091 {
5092     struct live_urb *lurb;
5093 
5094     /* map target address back to host URB with metadata. */
5095     lurb = urb_hashtable_lookup(arg);
5096     if (!lurb) {
5097         return -TARGET_EFAULT;
5098     }
5099     return get_errno(safe_ioctl(fd, ie->host_cmd, &lurb->host_urb));
5100 }
5101 
5102 static abi_long
5103 do_ioctl_usbdevfs_submiturb(const IOCTLEntry *ie, uint8_t *buf_temp,
5104                             int fd, int cmd, abi_long arg)
5105 {
5106     const argtype *arg_type = ie->arg_type;
5107     int target_size;
5108     abi_long ret;
5109     void *argptr;
5110     int rw_dir;
5111     struct live_urb *lurb;
5112 
5113     /*
5114      * each submitted URB needs to map to a unique ID for the
5115      * kernel, and that unique ID needs to be a pointer to
5116      * host memory.  hence, we need to malloc for each URB.
5117      * isochronous transfers have a variable length struct.
5118      */
5119     arg_type++;
5120     target_size = thunk_type_size(arg_type, THUNK_TARGET);
5121 
5122     /* construct host copy of urb and metadata */
5123     lurb = g_try_malloc0(sizeof(struct live_urb));
5124     if (!lurb) {
5125         return -TARGET_ENOMEM;
5126     }
5127 
5128     argptr = lock_user(VERIFY_READ, arg, target_size, 1);
5129     if (!argptr) {
5130         g_free(lurb);
5131         return -TARGET_EFAULT;
5132     }
5133     thunk_convert(&lurb->host_urb, argptr, arg_type, THUNK_HOST);
5134     unlock_user(argptr, arg, 0);
5135 
5136     lurb->target_urb_adr = arg;
5137     lurb->target_buf_adr = (uintptr_t)lurb->host_urb.buffer;
5138 
5139     /* buffer space used depends on endpoint type so lock the entire buffer */
5140     /* control type urbs should check the buffer contents for true direction */
5141     rw_dir = lurb->host_urb.endpoint & USB_DIR_IN ? VERIFY_WRITE : VERIFY_READ;
5142     lurb->target_buf_ptr = lock_user(rw_dir, lurb->target_buf_adr,
5143         lurb->host_urb.buffer_length, 1);
5144     if (lurb->target_buf_ptr == NULL) {
5145         g_free(lurb);
5146         return -TARGET_EFAULT;
5147     }
5148 
5149     /* update buffer pointer in host copy */
5150     lurb->host_urb.buffer = lurb->target_buf_ptr;
5151 
5152     ret = get_errno(safe_ioctl(fd, ie->host_cmd, &lurb->host_urb));
5153     if (is_error(ret)) {
5154         unlock_user(lurb->target_buf_ptr, lurb->target_buf_adr, 0);
5155         g_free(lurb);
5156     } else {
5157         urb_hashtable_insert(lurb);
5158     }
5159 
5160     return ret;
5161 }
5162 #endif /* CONFIG_USBFS */
5163 
5164 static abi_long do_ioctl_dm(const IOCTLEntry *ie, uint8_t *buf_temp, int fd,
5165                             int cmd, abi_long arg)
5166 {
5167     void *argptr;
5168     struct dm_ioctl *host_dm;
5169     abi_long guest_data;
5170     uint32_t guest_data_size;
5171     int target_size;
5172     const argtype *arg_type = ie->arg_type;
5173     abi_long ret;
5174     void *big_buf = NULL;
5175     char *host_data;
5176 
5177     arg_type++;
5178     target_size = thunk_type_size(arg_type, 0);
5179     argptr = lock_user(VERIFY_READ, arg, target_size, 1);
5180     if (!argptr) {
5181         ret = -TARGET_EFAULT;
5182         goto out;
5183     }
5184     thunk_convert(buf_temp, argptr, arg_type, THUNK_HOST);
5185     unlock_user(argptr, arg, 0);
5186 
5187     /* buf_temp is too small, so fetch things into a bigger buffer */
5188     big_buf = g_malloc0(((struct dm_ioctl*)buf_temp)->data_size * 2);
5189     memcpy(big_buf, buf_temp, target_size);
5190     buf_temp = big_buf;
5191     host_dm = big_buf;
5192 
5193     guest_data = arg + host_dm->data_start;
5194     if ((guest_data - arg) < 0) {
5195         ret = -TARGET_EINVAL;
5196         goto out;
5197     }
5198     guest_data_size = host_dm->data_size - host_dm->data_start;
5199     host_data = (char*)host_dm + host_dm->data_start;
5200 
5201     argptr = lock_user(VERIFY_READ, guest_data, guest_data_size, 1);
5202     if (!argptr) {
5203         ret = -TARGET_EFAULT;
5204         goto out;
5205     }
5206 
5207     switch (ie->host_cmd) {
5208     case DM_REMOVE_ALL:
5209     case DM_LIST_DEVICES:
5210     case DM_DEV_CREATE:
5211     case DM_DEV_REMOVE:
5212     case DM_DEV_SUSPEND:
5213     case DM_DEV_STATUS:
5214     case DM_DEV_WAIT:
5215     case DM_TABLE_STATUS:
5216     case DM_TABLE_CLEAR:
5217     case DM_TABLE_DEPS:
5218     case DM_LIST_VERSIONS:
5219         /* no input data */
5220         break;
5221     case DM_DEV_RENAME:
5222     case DM_DEV_SET_GEOMETRY:
5223         /* data contains only strings */
5224         memcpy(host_data, argptr, guest_data_size);
5225         break;
5226     case DM_TARGET_MSG:
5227         memcpy(host_data, argptr, guest_data_size);
5228         *(uint64_t*)host_data = tswap64(*(uint64_t*)argptr);
5229         break;
5230     case DM_TABLE_LOAD:
5231     {
5232         void *gspec = argptr;
5233         void *cur_data = host_data;
5234         const argtype arg_type[] = { MK_STRUCT(STRUCT_dm_target_spec) };
5235         int spec_size = thunk_type_size(arg_type, 0);
5236         int i;
5237 
5238         for (i = 0; i < host_dm->target_count; i++) {
5239             struct dm_target_spec *spec = cur_data;
5240             uint32_t next;
5241             int slen;
5242 
5243             thunk_convert(spec, gspec, arg_type, THUNK_HOST);
5244             slen = strlen((char*)gspec + spec_size) + 1;
5245             next = spec->next;
5246             spec->next = sizeof(*spec) + slen;
5247             strcpy((char*)&spec[1], gspec + spec_size);
5248             gspec += next;
5249             cur_data += spec->next;
5250         }
5251         break;
5252     }
5253     default:
5254         ret = -TARGET_EINVAL;
5255         unlock_user(argptr, guest_data, 0);
5256         goto out;
5257     }
5258     unlock_user(argptr, guest_data, 0);
5259 
5260     ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp));
5261     if (!is_error(ret)) {
5262         guest_data = arg + host_dm->data_start;
5263         guest_data_size = host_dm->data_size - host_dm->data_start;
5264         argptr = lock_user(VERIFY_WRITE, guest_data, guest_data_size, 0);
5265         switch (ie->host_cmd) {
5266         case DM_REMOVE_ALL:
5267         case DM_DEV_CREATE:
5268         case DM_DEV_REMOVE:
5269         case DM_DEV_RENAME:
5270         case DM_DEV_SUSPEND:
5271         case DM_DEV_STATUS:
5272         case DM_TABLE_LOAD:
5273         case DM_TABLE_CLEAR:
5274         case DM_TARGET_MSG:
5275         case DM_DEV_SET_GEOMETRY:
5276             /* no return data */
5277             break;
5278         case DM_LIST_DEVICES:
5279         {
5280             struct dm_name_list *nl = (void*)host_dm + host_dm->data_start;
5281             uint32_t remaining_data = guest_data_size;
5282             void *cur_data = argptr;
5283             const argtype arg_type[] = { MK_STRUCT(STRUCT_dm_name_list) };
5284             int nl_size = 12; /* can't use thunk_size due to alignment */
5285 
5286             while (1) {
5287                 uint32_t next = nl->next;
5288                 if (next) {
5289                     nl->next = nl_size + (strlen(nl->name) + 1);
5290                 }
5291                 if (remaining_data < nl->next) {
5292                     host_dm->flags |= DM_BUFFER_FULL_FLAG;
5293                     break;
5294                 }
5295                 thunk_convert(cur_data, nl, arg_type, THUNK_TARGET);
5296                 strcpy(cur_data + nl_size, nl->name);
5297                 cur_data += nl->next;
5298                 remaining_data -= nl->next;
5299                 if (!next) {
5300                     break;
5301                 }
5302                 nl = (void*)nl + next;
5303             }
5304             break;
5305         }
5306         case DM_DEV_WAIT:
5307         case DM_TABLE_STATUS:
5308         {
5309             struct dm_target_spec *spec = (void*)host_dm + host_dm->data_start;
5310             void *cur_data = argptr;
5311             const argtype arg_type[] = { MK_STRUCT(STRUCT_dm_target_spec) };
5312             int spec_size = thunk_type_size(arg_type, 0);
5313             int i;
5314 
5315             for (i = 0; i < host_dm->target_count; i++) {
5316                 uint32_t next = spec->next;
5317                 int slen = strlen((char*)&spec[1]) + 1;
5318                 spec->next = (cur_data - argptr) + spec_size + slen;
5319                 if (guest_data_size < spec->next) {
5320                     host_dm->flags |= DM_BUFFER_FULL_FLAG;
5321                     break;
5322                 }
5323                 thunk_convert(cur_data, spec, arg_type, THUNK_TARGET);
5324                 strcpy(cur_data + spec_size, (char*)&spec[1]);
5325                 cur_data = argptr + spec->next;
5326                 spec = (void*)host_dm + host_dm->data_start + next;
5327             }
5328             break;
5329         }
5330         case DM_TABLE_DEPS:
5331         {
5332             void *hdata = (void*)host_dm + host_dm->data_start;
5333             int count = *(uint32_t*)hdata;
5334             uint64_t *hdev = hdata + 8;
5335             uint64_t *gdev = argptr + 8;
5336             int i;
5337 
5338             *(uint32_t*)argptr = tswap32(count);
5339             for (i = 0; i < count; i++) {
5340                 *gdev = tswap64(*hdev);
5341                 gdev++;
5342                 hdev++;
5343             }
5344             break;
5345         }
5346         case DM_LIST_VERSIONS:
5347         {
5348             struct dm_target_versions *vers = (void*)host_dm + host_dm->data_start;
5349             uint32_t remaining_data = guest_data_size;
5350             void *cur_data = argptr;
5351             const argtype arg_type[] = { MK_STRUCT(STRUCT_dm_target_versions) };
5352             int vers_size = thunk_type_size(arg_type, 0);
5353 
5354             while (1) {
5355                 uint32_t next = vers->next;
5356                 if (next) {
5357                     vers->next = vers_size + (strlen(vers->name) + 1);
5358                 }
5359                 if (remaining_data < vers->next) {
5360                     host_dm->flags |= DM_BUFFER_FULL_FLAG;
5361                     break;
5362                 }
5363                 thunk_convert(cur_data, vers, arg_type, THUNK_TARGET);
5364                 strcpy(cur_data + vers_size, vers->name);
5365                 cur_data += vers->next;
5366                 remaining_data -= vers->next;
5367                 if (!next) {
5368                     break;
5369                 }
5370                 vers = (void*)vers + next;
5371             }
5372             break;
5373         }
5374         default:
5375             unlock_user(argptr, guest_data, 0);
5376             ret = -TARGET_EINVAL;
5377             goto out;
5378         }
5379         unlock_user(argptr, guest_data, guest_data_size);
5380 
5381         argptr = lock_user(VERIFY_WRITE, arg, target_size, 0);
5382         if (!argptr) {
5383             ret = -TARGET_EFAULT;
5384             goto out;
5385         }
5386         thunk_convert(argptr, buf_temp, arg_type, THUNK_TARGET);
5387         unlock_user(argptr, arg, target_size);
5388     }
5389 out:
5390     g_free(big_buf);
5391     return ret;
5392 }
5393 
5394 static abi_long do_ioctl_blkpg(const IOCTLEntry *ie, uint8_t *buf_temp, int fd,
5395                                int cmd, abi_long arg)
5396 {
5397     void *argptr;
5398     int target_size;
5399     const argtype *arg_type = ie->arg_type;
5400     const argtype part_arg_type[] = { MK_STRUCT(STRUCT_blkpg_partition) };
5401     abi_long ret;
5402 
5403     struct blkpg_ioctl_arg *host_blkpg = (void*)buf_temp;
5404     struct blkpg_partition host_part;
5405 
5406     /* Read and convert blkpg */
5407     arg_type++;
5408     target_size = thunk_type_size(arg_type, 0);
5409     argptr = lock_user(VERIFY_READ, arg, target_size, 1);
5410     if (!argptr) {
5411         ret = -TARGET_EFAULT;
5412         goto out;
5413     }
5414     thunk_convert(buf_temp, argptr, arg_type, THUNK_HOST);
5415     unlock_user(argptr, arg, 0);
5416 
5417     switch (host_blkpg->op) {
5418     case BLKPG_ADD_PARTITION:
5419     case BLKPG_DEL_PARTITION:
5420         /* payload is struct blkpg_partition */
5421         break;
5422     default:
5423         /* Unknown opcode */
5424         ret = -TARGET_EINVAL;
5425         goto out;
5426     }
5427 
5428     /* Read and convert blkpg->data */
5429     arg = (abi_long)(uintptr_t)host_blkpg->data;
5430     target_size = thunk_type_size(part_arg_type, 0);
5431     argptr = lock_user(VERIFY_READ, arg, target_size, 1);
5432     if (!argptr) {
5433         ret = -TARGET_EFAULT;
5434         goto out;
5435     }
5436     thunk_convert(&host_part, argptr, part_arg_type, THUNK_HOST);
5437     unlock_user(argptr, arg, 0);
5438 
5439     /* Swizzle the data pointer to our local copy and call! */
5440     host_blkpg->data = &host_part;
5441     ret = get_errno(safe_ioctl(fd, ie->host_cmd, host_blkpg));
5442 
5443 out:
5444     return ret;
5445 }
5446 
5447 static abi_long do_ioctl_rt(const IOCTLEntry *ie, uint8_t *buf_temp,
5448                                 int fd, int cmd, abi_long arg)
5449 {
5450     const argtype *arg_type = ie->arg_type;
5451     const StructEntry *se;
5452     const argtype *field_types;
5453     const int *dst_offsets, *src_offsets;
5454     int target_size;
5455     void *argptr;
5456     abi_ulong *target_rt_dev_ptr = NULL;
5457     unsigned long *host_rt_dev_ptr = NULL;
5458     abi_long ret;
5459     int i;
5460 
5461     assert(ie->access == IOC_W);
5462     assert(*arg_type == TYPE_PTR);
5463     arg_type++;
5464     assert(*arg_type == TYPE_STRUCT);
5465     target_size = thunk_type_size(arg_type, 0);
5466     argptr = lock_user(VERIFY_READ, arg, target_size, 1);
5467     if (!argptr) {
5468         return -TARGET_EFAULT;
5469     }
5470     arg_type++;
5471     assert(*arg_type == (int)STRUCT_rtentry);
5472     se = struct_entries + *arg_type++;
5473     assert(se->convert[0] == NULL);
5474     /* convert struct here to be able to catch rt_dev string */
5475     field_types = se->field_types;
5476     dst_offsets = se->field_offsets[THUNK_HOST];
5477     src_offsets = se->field_offsets[THUNK_TARGET];
5478     for (i = 0; i < se->nb_fields; i++) {
5479         if (dst_offsets[i] == offsetof(struct rtentry, rt_dev)) {
5480             assert(*field_types == TYPE_PTRVOID);
5481             target_rt_dev_ptr = (abi_ulong *)(argptr + src_offsets[i]);
5482             host_rt_dev_ptr = (unsigned long *)(buf_temp + dst_offsets[i]);
5483             if (*target_rt_dev_ptr != 0) {
5484                 *host_rt_dev_ptr = (unsigned long)lock_user_string(
5485                                                   tswapal(*target_rt_dev_ptr));
5486                 if (!*host_rt_dev_ptr) {
5487                     unlock_user(argptr, arg, 0);
5488                     return -TARGET_EFAULT;
5489                 }
5490             } else {
5491                 *host_rt_dev_ptr = 0;
5492             }
5493             field_types++;
5494             continue;
5495         }
5496         field_types = thunk_convert(buf_temp + dst_offsets[i],
5497                                     argptr + src_offsets[i],
5498                                     field_types, THUNK_HOST);
5499     }
5500     unlock_user(argptr, arg, 0);
5501 
5502     ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp));
5503 
5504     assert(host_rt_dev_ptr != NULL);
5505     assert(target_rt_dev_ptr != NULL);
5506     if (*host_rt_dev_ptr != 0) {
5507         unlock_user((void *)*host_rt_dev_ptr,
5508                     *target_rt_dev_ptr, 0);
5509     }
5510     return ret;
5511 }
5512 
5513 static abi_long do_ioctl_kdsigaccept(const IOCTLEntry *ie, uint8_t *buf_temp,
5514                                      int fd, int cmd, abi_long arg)
5515 {
5516     int sig = target_to_host_signal(arg);
5517     return get_errno(safe_ioctl(fd, ie->host_cmd, sig));
5518 }
5519 
5520 static abi_long do_ioctl_SIOCGSTAMP(const IOCTLEntry *ie, uint8_t *buf_temp,
5521                                     int fd, int cmd, abi_long arg)
5522 {
5523     struct timeval tv;
5524     abi_long ret;
5525 
5526     ret = get_errno(safe_ioctl(fd, SIOCGSTAMP, &tv));
5527     if (is_error(ret)) {
5528         return ret;
5529     }
5530 
5531     if (cmd == (int)TARGET_SIOCGSTAMP_OLD) {
5532         if (copy_to_user_timeval(arg, &tv)) {
5533             return -TARGET_EFAULT;
5534         }
5535     } else {
5536         if (copy_to_user_timeval64(arg, &tv)) {
5537             return -TARGET_EFAULT;
5538         }
5539     }
5540 
5541     return ret;
5542 }
5543 
5544 static abi_long do_ioctl_SIOCGSTAMPNS(const IOCTLEntry *ie, uint8_t *buf_temp,
5545                                       int fd, int cmd, abi_long arg)
5546 {
5547     struct timespec ts;
5548     abi_long ret;
5549 
5550     ret = get_errno(safe_ioctl(fd, SIOCGSTAMPNS, &ts));
5551     if (is_error(ret)) {
5552         return ret;
5553     }
5554 
5555     if (cmd == (int)TARGET_SIOCGSTAMPNS_OLD) {
5556         if (host_to_target_timespec(arg, &ts)) {
5557             return -TARGET_EFAULT;
5558         }
5559     } else{
5560         if (host_to_target_timespec64(arg, &ts)) {
5561             return -TARGET_EFAULT;
5562         }
5563     }
5564 
5565     return ret;
5566 }
5567 
5568 #ifdef TIOCGPTPEER
5569 static abi_long do_ioctl_tiocgptpeer(const IOCTLEntry *ie, uint8_t *buf_temp,
5570                                      int fd, int cmd, abi_long arg)
5571 {
5572     int flags = target_to_host_bitmask(arg, fcntl_flags_tbl);
5573     return get_errno(safe_ioctl(fd, ie->host_cmd, flags));
5574 }
5575 #endif
5576 
5577 #ifdef HAVE_DRM_H
5578 
5579 static void unlock_drm_version(struct drm_version *host_ver,
5580                                struct target_drm_version *target_ver,
5581                                bool copy)
5582 {
5583     unlock_user(host_ver->name, target_ver->name,
5584                                 copy ? host_ver->name_len : 0);
5585     unlock_user(host_ver->date, target_ver->date,
5586                                 copy ? host_ver->date_len : 0);
5587     unlock_user(host_ver->desc, target_ver->desc,
5588                                 copy ? host_ver->desc_len : 0);
5589 }
5590 
5591 static inline abi_long target_to_host_drmversion(struct drm_version *host_ver,
5592                                           struct target_drm_version *target_ver)
5593 {
5594     memset(host_ver, 0, sizeof(*host_ver));
5595 
5596     __get_user(host_ver->name_len, &target_ver->name_len);
5597     if (host_ver->name_len) {
5598         host_ver->name = lock_user(VERIFY_WRITE, target_ver->name,
5599                                    target_ver->name_len, 0);
5600         if (!host_ver->name) {
5601             return -EFAULT;
5602         }
5603     }
5604 
5605     __get_user(host_ver->date_len, &target_ver->date_len);
5606     if (host_ver->date_len) {
5607         host_ver->date = lock_user(VERIFY_WRITE, target_ver->date,
5608                                    target_ver->date_len, 0);
5609         if (!host_ver->date) {
5610             goto err;
5611         }
5612     }
5613 
5614     __get_user(host_ver->desc_len, &target_ver->desc_len);
5615     if (host_ver->desc_len) {
5616         host_ver->desc = lock_user(VERIFY_WRITE, target_ver->desc,
5617                                    target_ver->desc_len, 0);
5618         if (!host_ver->desc) {
5619             goto err;
5620         }
5621     }
5622 
5623     return 0;
5624 err:
5625     unlock_drm_version(host_ver, target_ver, false);
5626     return -EFAULT;
5627 }
5628 
5629 static inline void host_to_target_drmversion(
5630                                           struct target_drm_version *target_ver,
5631                                           struct drm_version *host_ver)
5632 {
5633     __put_user(host_ver->version_major, &target_ver->version_major);
5634     __put_user(host_ver->version_minor, &target_ver->version_minor);
5635     __put_user(host_ver->version_patchlevel, &target_ver->version_patchlevel);
5636     __put_user(host_ver->name_len, &target_ver->name_len);
5637     __put_user(host_ver->date_len, &target_ver->date_len);
5638     __put_user(host_ver->desc_len, &target_ver->desc_len);
5639     unlock_drm_version(host_ver, target_ver, true);
5640 }
5641 
5642 static abi_long do_ioctl_drm(const IOCTLEntry *ie, uint8_t *buf_temp,
5643                              int fd, int cmd, abi_long arg)
5644 {
5645     struct drm_version *ver;
5646     struct target_drm_version *target_ver;
5647     abi_long ret;
5648 
5649     switch (ie->host_cmd) {
5650     case DRM_IOCTL_VERSION:
5651         if (!lock_user_struct(VERIFY_WRITE, target_ver, arg, 0)) {
5652             return -TARGET_EFAULT;
5653         }
5654         ver = (struct drm_version *)buf_temp;
5655         ret = target_to_host_drmversion(ver, target_ver);
5656         if (!is_error(ret)) {
5657             ret = get_errno(safe_ioctl(fd, ie->host_cmd, ver));
5658             if (is_error(ret)) {
5659                 unlock_drm_version(ver, target_ver, false);
5660             } else {
5661                 host_to_target_drmversion(target_ver, ver);
5662             }
5663         }
5664         unlock_user_struct(target_ver, arg, 0);
5665         return ret;
5666     }
5667     return -TARGET_ENOSYS;
5668 }
5669 
5670 static abi_long do_ioctl_drm_i915_getparam(const IOCTLEntry *ie,
5671                                            struct drm_i915_getparam *gparam,
5672                                            int fd, abi_long arg)
5673 {
5674     abi_long ret;
5675     int value;
5676     struct target_drm_i915_getparam *target_gparam;
5677 
5678     if (!lock_user_struct(VERIFY_READ, target_gparam, arg, 0)) {
5679         return -TARGET_EFAULT;
5680     }
5681 
5682     __get_user(gparam->param, &target_gparam->param);
5683     gparam->value = &value;
5684     ret = get_errno(safe_ioctl(fd, ie->host_cmd, gparam));
5685     put_user_s32(value, target_gparam->value);
5686 
5687     unlock_user_struct(target_gparam, arg, 0);
5688     return ret;
5689 }
5690 
5691 static abi_long do_ioctl_drm_i915(const IOCTLEntry *ie, uint8_t *buf_temp,
5692                                   int fd, int cmd, abi_long arg)
5693 {
5694     switch (ie->host_cmd) {
5695     case DRM_IOCTL_I915_GETPARAM:
5696         return do_ioctl_drm_i915_getparam(ie,
5697                                           (struct drm_i915_getparam *)buf_temp,
5698                                           fd, arg);
5699     default:
5700         return -TARGET_ENOSYS;
5701     }
5702 }
5703 
5704 #endif
5705 
5706 IOCTLEntry ioctl_entries[] = {
5707 #define IOCTL(cmd, access, ...) \
5708     { TARGET_ ## cmd, cmd, #cmd, access, 0, {  __VA_ARGS__ } },
5709 #define IOCTL_SPECIAL(cmd, access, dofn, ...)                      \
5710     { TARGET_ ## cmd, cmd, #cmd, access, dofn, {  __VA_ARGS__ } },
5711 #define IOCTL_IGNORE(cmd) \
5712     { TARGET_ ## cmd, 0, #cmd },
5713 #include "ioctls.h"
5714     { 0, 0, },
5715 };
5716 
5717 /* ??? Implement proper locking for ioctls.  */
5718 /* do_ioctl() Must return target values and target errnos. */
5719 static abi_long do_ioctl(int fd, int cmd, abi_long arg)
5720 {
5721     const IOCTLEntry *ie;
5722     const argtype *arg_type;
5723     abi_long ret;
5724     uint8_t buf_temp[MAX_STRUCT_SIZE];
5725     int target_size;
5726     void *argptr;
5727 
5728     ie = ioctl_entries;
5729     for(;;) {
5730         if (ie->target_cmd == 0) {
5731             qemu_log_mask(
5732                 LOG_UNIMP, "Unsupported ioctl: cmd=0x%04lx\n", (long)cmd);
5733             return -TARGET_ENOSYS;
5734         }
5735         if (ie->target_cmd == cmd)
5736             break;
5737         ie++;
5738     }
5739     arg_type = ie->arg_type;
5740     if (ie->do_ioctl) {
5741         return ie->do_ioctl(ie, buf_temp, fd, cmd, arg);
5742     } else if (!ie->host_cmd) {
5743         /* Some architectures define BSD ioctls in their headers
5744            that are not implemented in Linux.  */
5745         return -TARGET_ENOSYS;
5746     }
5747 
5748     switch(arg_type[0]) {
5749     case TYPE_NULL:
5750         /* no argument */
5751         ret = get_errno(safe_ioctl(fd, ie->host_cmd));
5752         break;
5753     case TYPE_PTRVOID:
5754     case TYPE_INT:
5755     case TYPE_LONG:
5756     case TYPE_ULONG:
5757         ret = get_errno(safe_ioctl(fd, ie->host_cmd, arg));
5758         break;
5759     case TYPE_PTR:
5760         arg_type++;
5761         target_size = thunk_type_size(arg_type, 0);
5762         switch(ie->access) {
5763         case IOC_R:
5764             ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp));
5765             if (!is_error(ret)) {
5766                 argptr = lock_user(VERIFY_WRITE, arg, target_size, 0);
5767                 if (!argptr)
5768                     return -TARGET_EFAULT;
5769                 thunk_convert(argptr, buf_temp, arg_type, THUNK_TARGET);
5770                 unlock_user(argptr, arg, target_size);
5771             }
5772             break;
5773         case IOC_W:
5774             argptr = lock_user(VERIFY_READ, arg, target_size, 1);
5775             if (!argptr)
5776                 return -TARGET_EFAULT;
5777             thunk_convert(buf_temp, argptr, arg_type, THUNK_HOST);
5778             unlock_user(argptr, arg, 0);
5779             ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp));
5780             break;
5781         default:
5782         case IOC_RW:
5783             argptr = lock_user(VERIFY_READ, arg, target_size, 1);
5784             if (!argptr)
5785                 return -TARGET_EFAULT;
5786             thunk_convert(buf_temp, argptr, arg_type, THUNK_HOST);
5787             unlock_user(argptr, arg, 0);
5788             ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp));
5789             if (!is_error(ret)) {
5790                 argptr = lock_user(VERIFY_WRITE, arg, target_size, 0);
5791                 if (!argptr)
5792                     return -TARGET_EFAULT;
5793                 thunk_convert(argptr, buf_temp, arg_type, THUNK_TARGET);
5794                 unlock_user(argptr, arg, target_size);
5795             }
5796             break;
5797         }
5798         break;
5799     default:
5800         qemu_log_mask(LOG_UNIMP,
5801                       "Unsupported ioctl type: cmd=0x%04lx type=%d\n",
5802                       (long)cmd, arg_type[0]);
5803         ret = -TARGET_ENOSYS;
5804         break;
5805     }
5806     return ret;
5807 }
5808 
5809 static const bitmask_transtbl iflag_tbl[] = {
5810         { TARGET_IGNBRK, TARGET_IGNBRK, IGNBRK, IGNBRK },
5811         { TARGET_BRKINT, TARGET_BRKINT, BRKINT, BRKINT },
5812         { TARGET_IGNPAR, TARGET_IGNPAR, IGNPAR, IGNPAR },
5813         { TARGET_PARMRK, TARGET_PARMRK, PARMRK, PARMRK },
5814         { TARGET_INPCK, TARGET_INPCK, INPCK, INPCK },
5815         { TARGET_ISTRIP, TARGET_ISTRIP, ISTRIP, ISTRIP },
5816         { TARGET_INLCR, TARGET_INLCR, INLCR, INLCR },
5817         { TARGET_IGNCR, TARGET_IGNCR, IGNCR, IGNCR },
5818         { TARGET_ICRNL, TARGET_ICRNL, ICRNL, ICRNL },
5819         { TARGET_IUCLC, TARGET_IUCLC, IUCLC, IUCLC },
5820         { TARGET_IXON, TARGET_IXON, IXON, IXON },
5821         { TARGET_IXANY, TARGET_IXANY, IXANY, IXANY },
5822         { TARGET_IXOFF, TARGET_IXOFF, IXOFF, IXOFF },
5823         { TARGET_IMAXBEL, TARGET_IMAXBEL, IMAXBEL, IMAXBEL },
5824         { TARGET_IUTF8, TARGET_IUTF8, IUTF8, IUTF8},
5825         { 0, 0, 0, 0 }
5826 };
5827 
5828 static const bitmask_transtbl oflag_tbl[] = {
5829 	{ TARGET_OPOST, TARGET_OPOST, OPOST, OPOST },
5830 	{ TARGET_OLCUC, TARGET_OLCUC, OLCUC, OLCUC },
5831 	{ TARGET_ONLCR, TARGET_ONLCR, ONLCR, ONLCR },
5832 	{ TARGET_OCRNL, TARGET_OCRNL, OCRNL, OCRNL },
5833 	{ TARGET_ONOCR, TARGET_ONOCR, ONOCR, ONOCR },
5834 	{ TARGET_ONLRET, TARGET_ONLRET, ONLRET, ONLRET },
5835 	{ TARGET_OFILL, TARGET_OFILL, OFILL, OFILL },
5836 	{ TARGET_OFDEL, TARGET_OFDEL, OFDEL, OFDEL },
5837 	{ TARGET_NLDLY, TARGET_NL0, NLDLY, NL0 },
5838 	{ TARGET_NLDLY, TARGET_NL1, NLDLY, NL1 },
5839 	{ TARGET_CRDLY, TARGET_CR0, CRDLY, CR0 },
5840 	{ TARGET_CRDLY, TARGET_CR1, CRDLY, CR1 },
5841 	{ TARGET_CRDLY, TARGET_CR2, CRDLY, CR2 },
5842 	{ TARGET_CRDLY, TARGET_CR3, CRDLY, CR3 },
5843 	{ TARGET_TABDLY, TARGET_TAB0, TABDLY, TAB0 },
5844 	{ TARGET_TABDLY, TARGET_TAB1, TABDLY, TAB1 },
5845 	{ TARGET_TABDLY, TARGET_TAB2, TABDLY, TAB2 },
5846 	{ TARGET_TABDLY, TARGET_TAB3, TABDLY, TAB3 },
5847 	{ TARGET_BSDLY, TARGET_BS0, BSDLY, BS0 },
5848 	{ TARGET_BSDLY, TARGET_BS1, BSDLY, BS1 },
5849 	{ TARGET_VTDLY, TARGET_VT0, VTDLY, VT0 },
5850 	{ TARGET_VTDLY, TARGET_VT1, VTDLY, VT1 },
5851 	{ TARGET_FFDLY, TARGET_FF0, FFDLY, FF0 },
5852 	{ TARGET_FFDLY, TARGET_FF1, FFDLY, FF1 },
5853 	{ 0, 0, 0, 0 }
5854 };
5855 
5856 static const bitmask_transtbl cflag_tbl[] = {
5857 	{ TARGET_CBAUD, TARGET_B0, CBAUD, B0 },
5858 	{ TARGET_CBAUD, TARGET_B50, CBAUD, B50 },
5859 	{ TARGET_CBAUD, TARGET_B75, CBAUD, B75 },
5860 	{ TARGET_CBAUD, TARGET_B110, CBAUD, B110 },
5861 	{ TARGET_CBAUD, TARGET_B134, CBAUD, B134 },
5862 	{ TARGET_CBAUD, TARGET_B150, CBAUD, B150 },
5863 	{ TARGET_CBAUD, TARGET_B200, CBAUD, B200 },
5864 	{ TARGET_CBAUD, TARGET_B300, CBAUD, B300 },
5865 	{ TARGET_CBAUD, TARGET_B600, CBAUD, B600 },
5866 	{ TARGET_CBAUD, TARGET_B1200, CBAUD, B1200 },
5867 	{ TARGET_CBAUD, TARGET_B1800, CBAUD, B1800 },
5868 	{ TARGET_CBAUD, TARGET_B2400, CBAUD, B2400 },
5869 	{ TARGET_CBAUD, TARGET_B4800, CBAUD, B4800 },
5870 	{ TARGET_CBAUD, TARGET_B9600, CBAUD, B9600 },
5871 	{ TARGET_CBAUD, TARGET_B19200, CBAUD, B19200 },
5872 	{ TARGET_CBAUD, TARGET_B38400, CBAUD, B38400 },
5873 	{ TARGET_CBAUD, TARGET_B57600, CBAUD, B57600 },
5874 	{ TARGET_CBAUD, TARGET_B115200, CBAUD, B115200 },
5875 	{ TARGET_CBAUD, TARGET_B230400, CBAUD, B230400 },
5876 	{ TARGET_CBAUD, TARGET_B460800, CBAUD, B460800 },
5877 	{ TARGET_CSIZE, TARGET_CS5, CSIZE, CS5 },
5878 	{ TARGET_CSIZE, TARGET_CS6, CSIZE, CS6 },
5879 	{ TARGET_CSIZE, TARGET_CS7, CSIZE, CS7 },
5880 	{ TARGET_CSIZE, TARGET_CS8, CSIZE, CS8 },
5881 	{ TARGET_CSTOPB, TARGET_CSTOPB, CSTOPB, CSTOPB },
5882 	{ TARGET_CREAD, TARGET_CREAD, CREAD, CREAD },
5883 	{ TARGET_PARENB, TARGET_PARENB, PARENB, PARENB },
5884 	{ TARGET_PARODD, TARGET_PARODD, PARODD, PARODD },
5885 	{ TARGET_HUPCL, TARGET_HUPCL, HUPCL, HUPCL },
5886 	{ TARGET_CLOCAL, TARGET_CLOCAL, CLOCAL, CLOCAL },
5887 	{ TARGET_CRTSCTS, TARGET_CRTSCTS, CRTSCTS, CRTSCTS },
5888 	{ 0, 0, 0, 0 }
5889 };
5890 
5891 static const bitmask_transtbl lflag_tbl[] = {
5892   { TARGET_ISIG, TARGET_ISIG, ISIG, ISIG },
5893   { TARGET_ICANON, TARGET_ICANON, ICANON, ICANON },
5894   { TARGET_XCASE, TARGET_XCASE, XCASE, XCASE },
5895   { TARGET_ECHO, TARGET_ECHO, ECHO, ECHO },
5896   { TARGET_ECHOE, TARGET_ECHOE, ECHOE, ECHOE },
5897   { TARGET_ECHOK, TARGET_ECHOK, ECHOK, ECHOK },
5898   { TARGET_ECHONL, TARGET_ECHONL, ECHONL, ECHONL },
5899   { TARGET_NOFLSH, TARGET_NOFLSH, NOFLSH, NOFLSH },
5900   { TARGET_TOSTOP, TARGET_TOSTOP, TOSTOP, TOSTOP },
5901   { TARGET_ECHOCTL, TARGET_ECHOCTL, ECHOCTL, ECHOCTL },
5902   { TARGET_ECHOPRT, TARGET_ECHOPRT, ECHOPRT, ECHOPRT },
5903   { TARGET_ECHOKE, TARGET_ECHOKE, ECHOKE, ECHOKE },
5904   { TARGET_FLUSHO, TARGET_FLUSHO, FLUSHO, FLUSHO },
5905   { TARGET_PENDIN, TARGET_PENDIN, PENDIN, PENDIN },
5906   { TARGET_IEXTEN, TARGET_IEXTEN, IEXTEN, IEXTEN },
5907   { TARGET_EXTPROC, TARGET_EXTPROC, EXTPROC, EXTPROC},
5908   { 0, 0, 0, 0 }
5909 };
5910 
5911 static void target_to_host_termios (void *dst, const void *src)
5912 {
5913     struct host_termios *host = dst;
5914     const struct target_termios *target = src;
5915 
5916     host->c_iflag =
5917         target_to_host_bitmask(tswap32(target->c_iflag), iflag_tbl);
5918     host->c_oflag =
5919         target_to_host_bitmask(tswap32(target->c_oflag), oflag_tbl);
5920     host->c_cflag =
5921         target_to_host_bitmask(tswap32(target->c_cflag), cflag_tbl);
5922     host->c_lflag =
5923         target_to_host_bitmask(tswap32(target->c_lflag), lflag_tbl);
5924     host->c_line = target->c_line;
5925 
5926     memset(host->c_cc, 0, sizeof(host->c_cc));
5927     host->c_cc[VINTR] = target->c_cc[TARGET_VINTR];
5928     host->c_cc[VQUIT] = target->c_cc[TARGET_VQUIT];
5929     host->c_cc[VERASE] = target->c_cc[TARGET_VERASE];
5930     host->c_cc[VKILL] = target->c_cc[TARGET_VKILL];
5931     host->c_cc[VEOF] = target->c_cc[TARGET_VEOF];
5932     host->c_cc[VTIME] = target->c_cc[TARGET_VTIME];
5933     host->c_cc[VMIN] = target->c_cc[TARGET_VMIN];
5934     host->c_cc[VSWTC] = target->c_cc[TARGET_VSWTC];
5935     host->c_cc[VSTART] = target->c_cc[TARGET_VSTART];
5936     host->c_cc[VSTOP] = target->c_cc[TARGET_VSTOP];
5937     host->c_cc[VSUSP] = target->c_cc[TARGET_VSUSP];
5938     host->c_cc[VEOL] = target->c_cc[TARGET_VEOL];
5939     host->c_cc[VREPRINT] = target->c_cc[TARGET_VREPRINT];
5940     host->c_cc[VDISCARD] = target->c_cc[TARGET_VDISCARD];
5941     host->c_cc[VWERASE] = target->c_cc[TARGET_VWERASE];
5942     host->c_cc[VLNEXT] = target->c_cc[TARGET_VLNEXT];
5943     host->c_cc[VEOL2] = target->c_cc[TARGET_VEOL2];
5944 }
5945 
5946 static void host_to_target_termios (void *dst, const void *src)
5947 {
5948     struct target_termios *target = dst;
5949     const struct host_termios *host = src;
5950 
5951     target->c_iflag =
5952         tswap32(host_to_target_bitmask(host->c_iflag, iflag_tbl));
5953     target->c_oflag =
5954         tswap32(host_to_target_bitmask(host->c_oflag, oflag_tbl));
5955     target->c_cflag =
5956         tswap32(host_to_target_bitmask(host->c_cflag, cflag_tbl));
5957     target->c_lflag =
5958         tswap32(host_to_target_bitmask(host->c_lflag, lflag_tbl));
5959     target->c_line = host->c_line;
5960 
5961     memset(target->c_cc, 0, sizeof(target->c_cc));
5962     target->c_cc[TARGET_VINTR] = host->c_cc[VINTR];
5963     target->c_cc[TARGET_VQUIT] = host->c_cc[VQUIT];
5964     target->c_cc[TARGET_VERASE] = host->c_cc[VERASE];
5965     target->c_cc[TARGET_VKILL] = host->c_cc[VKILL];
5966     target->c_cc[TARGET_VEOF] = host->c_cc[VEOF];
5967     target->c_cc[TARGET_VTIME] = host->c_cc[VTIME];
5968     target->c_cc[TARGET_VMIN] = host->c_cc[VMIN];
5969     target->c_cc[TARGET_VSWTC] = host->c_cc[VSWTC];
5970     target->c_cc[TARGET_VSTART] = host->c_cc[VSTART];
5971     target->c_cc[TARGET_VSTOP] = host->c_cc[VSTOP];
5972     target->c_cc[TARGET_VSUSP] = host->c_cc[VSUSP];
5973     target->c_cc[TARGET_VEOL] = host->c_cc[VEOL];
5974     target->c_cc[TARGET_VREPRINT] = host->c_cc[VREPRINT];
5975     target->c_cc[TARGET_VDISCARD] = host->c_cc[VDISCARD];
5976     target->c_cc[TARGET_VWERASE] = host->c_cc[VWERASE];
5977     target->c_cc[TARGET_VLNEXT] = host->c_cc[VLNEXT];
5978     target->c_cc[TARGET_VEOL2] = host->c_cc[VEOL2];
5979 }
5980 
5981 static const StructEntry struct_termios_def = {
5982     .convert = { host_to_target_termios, target_to_host_termios },
5983     .size = { sizeof(struct target_termios), sizeof(struct host_termios) },
5984     .align = { __alignof__(struct target_termios), __alignof__(struct host_termios) },
5985     .print = print_termios,
5986 };
5987 
5988 static bitmask_transtbl mmap_flags_tbl[] = {
5989     { TARGET_MAP_SHARED, TARGET_MAP_SHARED, MAP_SHARED, MAP_SHARED },
5990     { TARGET_MAP_PRIVATE, TARGET_MAP_PRIVATE, MAP_PRIVATE, MAP_PRIVATE },
5991     { TARGET_MAP_FIXED, TARGET_MAP_FIXED, MAP_FIXED, MAP_FIXED },
5992     { TARGET_MAP_ANONYMOUS, TARGET_MAP_ANONYMOUS,
5993       MAP_ANONYMOUS, MAP_ANONYMOUS },
5994     { TARGET_MAP_GROWSDOWN, TARGET_MAP_GROWSDOWN,
5995       MAP_GROWSDOWN, MAP_GROWSDOWN },
5996     { TARGET_MAP_DENYWRITE, TARGET_MAP_DENYWRITE,
5997       MAP_DENYWRITE, MAP_DENYWRITE },
5998     { TARGET_MAP_EXECUTABLE, TARGET_MAP_EXECUTABLE,
5999       MAP_EXECUTABLE, MAP_EXECUTABLE },
6000     { TARGET_MAP_LOCKED, TARGET_MAP_LOCKED, MAP_LOCKED, MAP_LOCKED },
6001     { TARGET_MAP_NORESERVE, TARGET_MAP_NORESERVE,
6002       MAP_NORESERVE, MAP_NORESERVE },
6003     { TARGET_MAP_HUGETLB, TARGET_MAP_HUGETLB, MAP_HUGETLB, MAP_HUGETLB },
6004     /* MAP_STACK had been ignored by the kernel for quite some time.
6005        Recognize it for the target insofar as we do not want to pass
6006        it through to the host.  */
6007     { TARGET_MAP_STACK, TARGET_MAP_STACK, 0, 0 },
6008     { 0, 0, 0, 0 }
6009 };
6010 
6011 /*
6012  * NOTE: TARGET_ABI32 is defined for TARGET_I386 (but not for TARGET_X86_64)
6013  *       TARGET_I386 is defined if TARGET_X86_64 is defined
6014  */
6015 #if defined(TARGET_I386)
6016 
6017 /* NOTE: there is really one LDT for all the threads */
6018 static uint8_t *ldt_table;
6019 
6020 static abi_long read_ldt(abi_ulong ptr, unsigned long bytecount)
6021 {
6022     int size;
6023     void *p;
6024 
6025     if (!ldt_table)
6026         return 0;
6027     size = TARGET_LDT_ENTRIES * TARGET_LDT_ENTRY_SIZE;
6028     if (size > bytecount)
6029         size = bytecount;
6030     p = lock_user(VERIFY_WRITE, ptr, size, 0);
6031     if (!p)
6032         return -TARGET_EFAULT;
6033     /* ??? Should this by byteswapped?  */
6034     memcpy(p, ldt_table, size);
6035     unlock_user(p, ptr, size);
6036     return size;
6037 }
6038 
6039 /* XXX: add locking support */
6040 static abi_long write_ldt(CPUX86State *env,
6041                           abi_ulong ptr, unsigned long bytecount, int oldmode)
6042 {
6043     struct target_modify_ldt_ldt_s ldt_info;
6044     struct target_modify_ldt_ldt_s *target_ldt_info;
6045     int seg_32bit, contents, read_exec_only, limit_in_pages;
6046     int seg_not_present, useable, lm;
6047     uint32_t *lp, entry_1, entry_2;
6048 
6049     if (bytecount != sizeof(ldt_info))
6050         return -TARGET_EINVAL;
6051     if (!lock_user_struct(VERIFY_READ, target_ldt_info, ptr, 1))
6052         return -TARGET_EFAULT;
6053     ldt_info.entry_number = tswap32(target_ldt_info->entry_number);
6054     ldt_info.base_addr = tswapal(target_ldt_info->base_addr);
6055     ldt_info.limit = tswap32(target_ldt_info->limit);
6056     ldt_info.flags = tswap32(target_ldt_info->flags);
6057     unlock_user_struct(target_ldt_info, ptr, 0);
6058 
6059     if (ldt_info.entry_number >= TARGET_LDT_ENTRIES)
6060         return -TARGET_EINVAL;
6061     seg_32bit = ldt_info.flags & 1;
6062     contents = (ldt_info.flags >> 1) & 3;
6063     read_exec_only = (ldt_info.flags >> 3) & 1;
6064     limit_in_pages = (ldt_info.flags >> 4) & 1;
6065     seg_not_present = (ldt_info.flags >> 5) & 1;
6066     useable = (ldt_info.flags >> 6) & 1;
6067 #ifdef TARGET_ABI32
6068     lm = 0;
6069 #else
6070     lm = (ldt_info.flags >> 7) & 1;
6071 #endif
6072     if (contents == 3) {
6073         if (oldmode)
6074             return -TARGET_EINVAL;
6075         if (seg_not_present == 0)
6076             return -TARGET_EINVAL;
6077     }
6078     /* allocate the LDT */
6079     if (!ldt_table) {
6080         env->ldt.base = target_mmap(0,
6081                                     TARGET_LDT_ENTRIES * TARGET_LDT_ENTRY_SIZE,
6082                                     PROT_READ|PROT_WRITE,
6083                                     MAP_ANONYMOUS|MAP_PRIVATE, -1, 0);
6084         if (env->ldt.base == -1)
6085             return -TARGET_ENOMEM;
6086         memset(g2h(env->ldt.base), 0,
6087                TARGET_LDT_ENTRIES * TARGET_LDT_ENTRY_SIZE);
6088         env->ldt.limit = 0xffff;
6089         ldt_table = g2h(env->ldt.base);
6090     }
6091 
6092     /* NOTE: same code as Linux kernel */
6093     /* Allow LDTs to be cleared by the user. */
6094     if (ldt_info.base_addr == 0 && ldt_info.limit == 0) {
6095         if (oldmode ||
6096             (contents == 0		&&
6097              read_exec_only == 1	&&
6098              seg_32bit == 0		&&
6099              limit_in_pages == 0	&&
6100              seg_not_present == 1	&&
6101              useable == 0 )) {
6102             entry_1 = 0;
6103             entry_2 = 0;
6104             goto install;
6105         }
6106     }
6107 
6108     entry_1 = ((ldt_info.base_addr & 0x0000ffff) << 16) |
6109         (ldt_info.limit & 0x0ffff);
6110     entry_2 = (ldt_info.base_addr & 0xff000000) |
6111         ((ldt_info.base_addr & 0x00ff0000) >> 16) |
6112         (ldt_info.limit & 0xf0000) |
6113         ((read_exec_only ^ 1) << 9) |
6114         (contents << 10) |
6115         ((seg_not_present ^ 1) << 15) |
6116         (seg_32bit << 22) |
6117         (limit_in_pages << 23) |
6118         (lm << 21) |
6119         0x7000;
6120     if (!oldmode)
6121         entry_2 |= (useable << 20);
6122 
6123     /* Install the new entry ...  */
6124 install:
6125     lp = (uint32_t *)(ldt_table + (ldt_info.entry_number << 3));
6126     lp[0] = tswap32(entry_1);
6127     lp[1] = tswap32(entry_2);
6128     return 0;
6129 }
6130 
6131 /* specific and weird i386 syscalls */
6132 static abi_long do_modify_ldt(CPUX86State *env, int func, abi_ulong ptr,
6133                               unsigned long bytecount)
6134 {
6135     abi_long ret;
6136 
6137     switch (func) {
6138     case 0:
6139         ret = read_ldt(ptr, bytecount);
6140         break;
6141     case 1:
6142         ret = write_ldt(env, ptr, bytecount, 1);
6143         break;
6144     case 0x11:
6145         ret = write_ldt(env, ptr, bytecount, 0);
6146         break;
6147     default:
6148         ret = -TARGET_ENOSYS;
6149         break;
6150     }
6151     return ret;
6152 }
6153 
6154 #if defined(TARGET_ABI32)
6155 abi_long do_set_thread_area(CPUX86State *env, abi_ulong ptr)
6156 {
6157     uint64_t *gdt_table = g2h(env->gdt.base);
6158     struct target_modify_ldt_ldt_s ldt_info;
6159     struct target_modify_ldt_ldt_s *target_ldt_info;
6160     int seg_32bit, contents, read_exec_only, limit_in_pages;
6161     int seg_not_present, useable, lm;
6162     uint32_t *lp, entry_1, entry_2;
6163     int i;
6164 
6165     lock_user_struct(VERIFY_WRITE, target_ldt_info, ptr, 1);
6166     if (!target_ldt_info)
6167         return -TARGET_EFAULT;
6168     ldt_info.entry_number = tswap32(target_ldt_info->entry_number);
6169     ldt_info.base_addr = tswapal(target_ldt_info->base_addr);
6170     ldt_info.limit = tswap32(target_ldt_info->limit);
6171     ldt_info.flags = tswap32(target_ldt_info->flags);
6172     if (ldt_info.entry_number == -1) {
6173         for (i=TARGET_GDT_ENTRY_TLS_MIN; i<=TARGET_GDT_ENTRY_TLS_MAX; i++) {
6174             if (gdt_table[i] == 0) {
6175                 ldt_info.entry_number = i;
6176                 target_ldt_info->entry_number = tswap32(i);
6177                 break;
6178             }
6179         }
6180     }
6181     unlock_user_struct(target_ldt_info, ptr, 1);
6182 
6183     if (ldt_info.entry_number < TARGET_GDT_ENTRY_TLS_MIN ||
6184         ldt_info.entry_number > TARGET_GDT_ENTRY_TLS_MAX)
6185            return -TARGET_EINVAL;
6186     seg_32bit = ldt_info.flags & 1;
6187     contents = (ldt_info.flags >> 1) & 3;
6188     read_exec_only = (ldt_info.flags >> 3) & 1;
6189     limit_in_pages = (ldt_info.flags >> 4) & 1;
6190     seg_not_present = (ldt_info.flags >> 5) & 1;
6191     useable = (ldt_info.flags >> 6) & 1;
6192 #ifdef TARGET_ABI32
6193     lm = 0;
6194 #else
6195     lm = (ldt_info.flags >> 7) & 1;
6196 #endif
6197 
6198     if (contents == 3) {
6199         if (seg_not_present == 0)
6200             return -TARGET_EINVAL;
6201     }
6202 
6203     /* NOTE: same code as Linux kernel */
6204     /* Allow LDTs to be cleared by the user. */
6205     if (ldt_info.base_addr == 0 && ldt_info.limit == 0) {
6206         if ((contents == 0             &&
6207              read_exec_only == 1       &&
6208              seg_32bit == 0            &&
6209              limit_in_pages == 0       &&
6210              seg_not_present == 1      &&
6211              useable == 0 )) {
6212             entry_1 = 0;
6213             entry_2 = 0;
6214             goto install;
6215         }
6216     }
6217 
6218     entry_1 = ((ldt_info.base_addr & 0x0000ffff) << 16) |
6219         (ldt_info.limit & 0x0ffff);
6220     entry_2 = (ldt_info.base_addr & 0xff000000) |
6221         ((ldt_info.base_addr & 0x00ff0000) >> 16) |
6222         (ldt_info.limit & 0xf0000) |
6223         ((read_exec_only ^ 1) << 9) |
6224         (contents << 10) |
6225         ((seg_not_present ^ 1) << 15) |
6226         (seg_32bit << 22) |
6227         (limit_in_pages << 23) |
6228         (useable << 20) |
6229         (lm << 21) |
6230         0x7000;
6231 
6232     /* Install the new entry ...  */
6233 install:
6234     lp = (uint32_t *)(gdt_table + ldt_info.entry_number);
6235     lp[0] = tswap32(entry_1);
6236     lp[1] = tswap32(entry_2);
6237     return 0;
6238 }
6239 
6240 static abi_long do_get_thread_area(CPUX86State *env, abi_ulong ptr)
6241 {
6242     struct target_modify_ldt_ldt_s *target_ldt_info;
6243     uint64_t *gdt_table = g2h(env->gdt.base);
6244     uint32_t base_addr, limit, flags;
6245     int seg_32bit, contents, read_exec_only, limit_in_pages, idx;
6246     int seg_not_present, useable, lm;
6247     uint32_t *lp, entry_1, entry_2;
6248 
6249     lock_user_struct(VERIFY_WRITE, target_ldt_info, ptr, 1);
6250     if (!target_ldt_info)
6251         return -TARGET_EFAULT;
6252     idx = tswap32(target_ldt_info->entry_number);
6253     if (idx < TARGET_GDT_ENTRY_TLS_MIN ||
6254         idx > TARGET_GDT_ENTRY_TLS_MAX) {
6255         unlock_user_struct(target_ldt_info, ptr, 1);
6256         return -TARGET_EINVAL;
6257     }
6258     lp = (uint32_t *)(gdt_table + idx);
6259     entry_1 = tswap32(lp[0]);
6260     entry_2 = tswap32(lp[1]);
6261 
6262     read_exec_only = ((entry_2 >> 9) & 1) ^ 1;
6263     contents = (entry_2 >> 10) & 3;
6264     seg_not_present = ((entry_2 >> 15) & 1) ^ 1;
6265     seg_32bit = (entry_2 >> 22) & 1;
6266     limit_in_pages = (entry_2 >> 23) & 1;
6267     useable = (entry_2 >> 20) & 1;
6268 #ifdef TARGET_ABI32
6269     lm = 0;
6270 #else
6271     lm = (entry_2 >> 21) & 1;
6272 #endif
6273     flags = (seg_32bit << 0) | (contents << 1) |
6274         (read_exec_only << 3) | (limit_in_pages << 4) |
6275         (seg_not_present << 5) | (useable << 6) | (lm << 7);
6276     limit = (entry_1 & 0xffff) | (entry_2  & 0xf0000);
6277     base_addr = (entry_1 >> 16) |
6278         (entry_2 & 0xff000000) |
6279         ((entry_2 & 0xff) << 16);
6280     target_ldt_info->base_addr = tswapal(base_addr);
6281     target_ldt_info->limit = tswap32(limit);
6282     target_ldt_info->flags = tswap32(flags);
6283     unlock_user_struct(target_ldt_info, ptr, 1);
6284     return 0;
6285 }
6286 
6287 abi_long do_arch_prctl(CPUX86State *env, int code, abi_ulong addr)
6288 {
6289     return -TARGET_ENOSYS;
6290 }
6291 #else
6292 abi_long do_arch_prctl(CPUX86State *env, int code, abi_ulong addr)
6293 {
6294     abi_long ret = 0;
6295     abi_ulong val;
6296     int idx;
6297 
6298     switch(code) {
6299     case TARGET_ARCH_SET_GS:
6300     case TARGET_ARCH_SET_FS:
6301         if (code == TARGET_ARCH_SET_GS)
6302             idx = R_GS;
6303         else
6304             idx = R_FS;
6305         cpu_x86_load_seg(env, idx, 0);
6306         env->segs[idx].base = addr;
6307         break;
6308     case TARGET_ARCH_GET_GS:
6309     case TARGET_ARCH_GET_FS:
6310         if (code == TARGET_ARCH_GET_GS)
6311             idx = R_GS;
6312         else
6313             idx = R_FS;
6314         val = env->segs[idx].base;
6315         if (put_user(val, addr, abi_ulong))
6316             ret = -TARGET_EFAULT;
6317         break;
6318     default:
6319         ret = -TARGET_EINVAL;
6320         break;
6321     }
6322     return ret;
6323 }
6324 #endif /* defined(TARGET_ABI32 */
6325 
6326 #endif /* defined(TARGET_I386) */
6327 
6328 #define NEW_STACK_SIZE 0x40000
6329 
6330 
6331 static pthread_mutex_t clone_lock = PTHREAD_MUTEX_INITIALIZER;
6332 typedef struct {
6333     CPUArchState *env;
6334     pthread_mutex_t mutex;
6335     pthread_cond_t cond;
6336     pthread_t thread;
6337     uint32_t tid;
6338     abi_ulong child_tidptr;
6339     abi_ulong parent_tidptr;
6340     sigset_t sigmask;
6341 } new_thread_info;
6342 
6343 static void *clone_func(void *arg)
6344 {
6345     new_thread_info *info = arg;
6346     CPUArchState *env;
6347     CPUState *cpu;
6348     TaskState *ts;
6349 
6350     rcu_register_thread();
6351     tcg_register_thread();
6352     env = info->env;
6353     cpu = env_cpu(env);
6354     thread_cpu = cpu;
6355     ts = (TaskState *)cpu->opaque;
6356     info->tid = sys_gettid();
6357     task_settid(ts);
6358     if (info->child_tidptr)
6359         put_user_u32(info->tid, info->child_tidptr);
6360     if (info->parent_tidptr)
6361         put_user_u32(info->tid, info->parent_tidptr);
6362     qemu_guest_random_seed_thread_part2(cpu->random_seed);
6363     /* Enable signals.  */
6364     sigprocmask(SIG_SETMASK, &info->sigmask, NULL);
6365     /* Signal to the parent that we're ready.  */
6366     pthread_mutex_lock(&info->mutex);
6367     pthread_cond_broadcast(&info->cond);
6368     pthread_mutex_unlock(&info->mutex);
6369     /* Wait until the parent has finished initializing the tls state.  */
6370     pthread_mutex_lock(&clone_lock);
6371     pthread_mutex_unlock(&clone_lock);
6372     cpu_loop(env);
6373     /* never exits */
6374     return NULL;
6375 }
6376 
6377 /* do_fork() Must return host values and target errnos (unlike most
6378    do_*() functions). */
6379 static int do_fork(CPUArchState *env, unsigned int flags, abi_ulong newsp,
6380                    abi_ulong parent_tidptr, target_ulong newtls,
6381                    abi_ulong child_tidptr)
6382 {
6383     CPUState *cpu = env_cpu(env);
6384     int ret;
6385     TaskState *ts;
6386     CPUState *new_cpu;
6387     CPUArchState *new_env;
6388     sigset_t sigmask;
6389 
6390     flags &= ~CLONE_IGNORED_FLAGS;
6391 
6392     /* Emulate vfork() with fork() */
6393     if (flags & CLONE_VFORK)
6394         flags &= ~(CLONE_VFORK | CLONE_VM);
6395 
6396     if (flags & CLONE_VM) {
6397         TaskState *parent_ts = (TaskState *)cpu->opaque;
6398         new_thread_info info;
6399         pthread_attr_t attr;
6400 
6401         if (((flags & CLONE_THREAD_FLAGS) != CLONE_THREAD_FLAGS) ||
6402             (flags & CLONE_INVALID_THREAD_FLAGS)) {
6403             return -TARGET_EINVAL;
6404         }
6405 
6406         ts = g_new0(TaskState, 1);
6407         init_task_state(ts);
6408 
6409         /* Grab a mutex so that thread setup appears atomic.  */
6410         pthread_mutex_lock(&clone_lock);
6411 
6412         /* we create a new CPU instance. */
6413         new_env = cpu_copy(env);
6414         /* Init regs that differ from the parent.  */
6415         cpu_clone_regs_child(new_env, newsp, flags);
6416         cpu_clone_regs_parent(env, flags);
6417         new_cpu = env_cpu(new_env);
6418         new_cpu->opaque = ts;
6419         ts->bprm = parent_ts->bprm;
6420         ts->info = parent_ts->info;
6421         ts->signal_mask = parent_ts->signal_mask;
6422 
6423         if (flags & CLONE_CHILD_CLEARTID) {
6424             ts->child_tidptr = child_tidptr;
6425         }
6426 
6427         if (flags & CLONE_SETTLS) {
6428             cpu_set_tls (new_env, newtls);
6429         }
6430 
6431         memset(&info, 0, sizeof(info));
6432         pthread_mutex_init(&info.mutex, NULL);
6433         pthread_mutex_lock(&info.mutex);
6434         pthread_cond_init(&info.cond, NULL);
6435         info.env = new_env;
6436         if (flags & CLONE_CHILD_SETTID) {
6437             info.child_tidptr = child_tidptr;
6438         }
6439         if (flags & CLONE_PARENT_SETTID) {
6440             info.parent_tidptr = parent_tidptr;
6441         }
6442 
6443         ret = pthread_attr_init(&attr);
6444         ret = pthread_attr_setstacksize(&attr, NEW_STACK_SIZE);
6445         ret = pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
6446         /* It is not safe to deliver signals until the child has finished
6447            initializing, so temporarily block all signals.  */
6448         sigfillset(&sigmask);
6449         sigprocmask(SIG_BLOCK, &sigmask, &info.sigmask);
6450         cpu->random_seed = qemu_guest_random_seed_thread_part1();
6451 
6452         /* If this is our first additional thread, we need to ensure we
6453          * generate code for parallel execution and flush old translations.
6454          */
6455         if (!parallel_cpus) {
6456             parallel_cpus = true;
6457             tb_flush(cpu);
6458         }
6459 
6460         ret = pthread_create(&info.thread, &attr, clone_func, &info);
6461         /* TODO: Free new CPU state if thread creation failed.  */
6462 
6463         sigprocmask(SIG_SETMASK, &info.sigmask, NULL);
6464         pthread_attr_destroy(&attr);
6465         if (ret == 0) {
6466             /* Wait for the child to initialize.  */
6467             pthread_cond_wait(&info.cond, &info.mutex);
6468             ret = info.tid;
6469         } else {
6470             ret = -1;
6471         }
6472         pthread_mutex_unlock(&info.mutex);
6473         pthread_cond_destroy(&info.cond);
6474         pthread_mutex_destroy(&info.mutex);
6475         pthread_mutex_unlock(&clone_lock);
6476     } else {
6477         /* if no CLONE_VM, we consider it is a fork */
6478         if (flags & CLONE_INVALID_FORK_FLAGS) {
6479             return -TARGET_EINVAL;
6480         }
6481 
6482         /* We can't support custom termination signals */
6483         if ((flags & CSIGNAL) != TARGET_SIGCHLD) {
6484             return -TARGET_EINVAL;
6485         }
6486 
6487         if (block_signals()) {
6488             return -TARGET_ERESTARTSYS;
6489         }
6490 
6491         fork_start();
6492         ret = fork();
6493         if (ret == 0) {
6494             /* Child Process.  */
6495             cpu_clone_regs_child(env, newsp, flags);
6496             fork_end(1);
6497             /* There is a race condition here.  The parent process could
6498                theoretically read the TID in the child process before the child
6499                tid is set.  This would require using either ptrace
6500                (not implemented) or having *_tidptr to point at a shared memory
6501                mapping.  We can't repeat the spinlock hack used above because
6502                the child process gets its own copy of the lock.  */
6503             if (flags & CLONE_CHILD_SETTID)
6504                 put_user_u32(sys_gettid(), child_tidptr);
6505             if (flags & CLONE_PARENT_SETTID)
6506                 put_user_u32(sys_gettid(), parent_tidptr);
6507             ts = (TaskState *)cpu->opaque;
6508             if (flags & CLONE_SETTLS)
6509                 cpu_set_tls (env, newtls);
6510             if (flags & CLONE_CHILD_CLEARTID)
6511                 ts->child_tidptr = child_tidptr;
6512         } else {
6513             cpu_clone_regs_parent(env, flags);
6514             fork_end(0);
6515         }
6516     }
6517     return ret;
6518 }
6519 
6520 /* warning : doesn't handle linux specific flags... */
6521 static int target_to_host_fcntl_cmd(int cmd)
6522 {
6523     int ret;
6524 
6525     switch(cmd) {
6526     case TARGET_F_DUPFD:
6527     case TARGET_F_GETFD:
6528     case TARGET_F_SETFD:
6529     case TARGET_F_GETFL:
6530     case TARGET_F_SETFL:
6531     case TARGET_F_OFD_GETLK:
6532     case TARGET_F_OFD_SETLK:
6533     case TARGET_F_OFD_SETLKW:
6534         ret = cmd;
6535         break;
6536     case TARGET_F_GETLK:
6537         ret = F_GETLK64;
6538         break;
6539     case TARGET_F_SETLK:
6540         ret = F_SETLK64;
6541         break;
6542     case TARGET_F_SETLKW:
6543         ret = F_SETLKW64;
6544         break;
6545     case TARGET_F_GETOWN:
6546         ret = F_GETOWN;
6547         break;
6548     case TARGET_F_SETOWN:
6549         ret = F_SETOWN;
6550         break;
6551     case TARGET_F_GETSIG:
6552         ret = F_GETSIG;
6553         break;
6554     case TARGET_F_SETSIG:
6555         ret = F_SETSIG;
6556         break;
6557 #if TARGET_ABI_BITS == 32
6558     case TARGET_F_GETLK64:
6559         ret = F_GETLK64;
6560         break;
6561     case TARGET_F_SETLK64:
6562         ret = F_SETLK64;
6563         break;
6564     case TARGET_F_SETLKW64:
6565         ret = F_SETLKW64;
6566         break;
6567 #endif
6568     case TARGET_F_SETLEASE:
6569         ret = F_SETLEASE;
6570         break;
6571     case TARGET_F_GETLEASE:
6572         ret = F_GETLEASE;
6573         break;
6574 #ifdef F_DUPFD_CLOEXEC
6575     case TARGET_F_DUPFD_CLOEXEC:
6576         ret = F_DUPFD_CLOEXEC;
6577         break;
6578 #endif
6579     case TARGET_F_NOTIFY:
6580         ret = F_NOTIFY;
6581         break;
6582 #ifdef F_GETOWN_EX
6583     case TARGET_F_GETOWN_EX:
6584         ret = F_GETOWN_EX;
6585         break;
6586 #endif
6587 #ifdef F_SETOWN_EX
6588     case TARGET_F_SETOWN_EX:
6589         ret = F_SETOWN_EX;
6590         break;
6591 #endif
6592 #ifdef F_SETPIPE_SZ
6593     case TARGET_F_SETPIPE_SZ:
6594         ret = F_SETPIPE_SZ;
6595         break;
6596     case TARGET_F_GETPIPE_SZ:
6597         ret = F_GETPIPE_SZ;
6598         break;
6599 #endif
6600     default:
6601         ret = -TARGET_EINVAL;
6602         break;
6603     }
6604 
6605 #if defined(__powerpc64__)
6606     /* On PPC64, glibc headers has the F_*LK* defined to 12, 13 and 14 and
6607      * is not supported by kernel. The glibc fcntl call actually adjusts
6608      * them to 5, 6 and 7 before making the syscall(). Since we make the
6609      * syscall directly, adjust to what is supported by the kernel.
6610      */
6611     if (ret >= F_GETLK64 && ret <= F_SETLKW64) {
6612         ret -= F_GETLK64 - 5;
6613     }
6614 #endif
6615 
6616     return ret;
6617 }
6618 
6619 #define FLOCK_TRANSTBL \
6620     switch (type) { \
6621     TRANSTBL_CONVERT(F_RDLCK); \
6622     TRANSTBL_CONVERT(F_WRLCK); \
6623     TRANSTBL_CONVERT(F_UNLCK); \
6624     TRANSTBL_CONVERT(F_EXLCK); \
6625     TRANSTBL_CONVERT(F_SHLCK); \
6626     }
6627 
6628 static int target_to_host_flock(int type)
6629 {
6630 #define TRANSTBL_CONVERT(a) case TARGET_##a: return a
6631     FLOCK_TRANSTBL
6632 #undef  TRANSTBL_CONVERT
6633     return -TARGET_EINVAL;
6634 }
6635 
6636 static int host_to_target_flock(int type)
6637 {
6638 #define TRANSTBL_CONVERT(a) case a: return TARGET_##a
6639     FLOCK_TRANSTBL
6640 #undef  TRANSTBL_CONVERT
6641     /* if we don't know how to convert the value coming
6642      * from the host we copy to the target field as-is
6643      */
6644     return type;
6645 }
6646 
6647 static inline abi_long copy_from_user_flock(struct flock64 *fl,
6648                                             abi_ulong target_flock_addr)
6649 {
6650     struct target_flock *target_fl;
6651     int l_type;
6652 
6653     if (!lock_user_struct(VERIFY_READ, target_fl, target_flock_addr, 1)) {
6654         return -TARGET_EFAULT;
6655     }
6656 
6657     __get_user(l_type, &target_fl->l_type);
6658     l_type = target_to_host_flock(l_type);
6659     if (l_type < 0) {
6660         return l_type;
6661     }
6662     fl->l_type = l_type;
6663     __get_user(fl->l_whence, &target_fl->l_whence);
6664     __get_user(fl->l_start, &target_fl->l_start);
6665     __get_user(fl->l_len, &target_fl->l_len);
6666     __get_user(fl->l_pid, &target_fl->l_pid);
6667     unlock_user_struct(target_fl, target_flock_addr, 0);
6668     return 0;
6669 }
6670 
6671 static inline abi_long copy_to_user_flock(abi_ulong target_flock_addr,
6672                                           const struct flock64 *fl)
6673 {
6674     struct target_flock *target_fl;
6675     short l_type;
6676 
6677     if (!lock_user_struct(VERIFY_WRITE, target_fl, target_flock_addr, 0)) {
6678         return -TARGET_EFAULT;
6679     }
6680 
6681     l_type = host_to_target_flock(fl->l_type);
6682     __put_user(l_type, &target_fl->l_type);
6683     __put_user(fl->l_whence, &target_fl->l_whence);
6684     __put_user(fl->l_start, &target_fl->l_start);
6685     __put_user(fl->l_len, &target_fl->l_len);
6686     __put_user(fl->l_pid, &target_fl->l_pid);
6687     unlock_user_struct(target_fl, target_flock_addr, 1);
6688     return 0;
6689 }
6690 
6691 typedef abi_long from_flock64_fn(struct flock64 *fl, abi_ulong target_addr);
6692 typedef abi_long to_flock64_fn(abi_ulong target_addr, const struct flock64 *fl);
6693 
6694 #if defined(TARGET_ARM) && TARGET_ABI_BITS == 32
6695 static inline abi_long copy_from_user_oabi_flock64(struct flock64 *fl,
6696                                                    abi_ulong target_flock_addr)
6697 {
6698     struct target_oabi_flock64 *target_fl;
6699     int l_type;
6700 
6701     if (!lock_user_struct(VERIFY_READ, target_fl, target_flock_addr, 1)) {
6702         return -TARGET_EFAULT;
6703     }
6704 
6705     __get_user(l_type, &target_fl->l_type);
6706     l_type = target_to_host_flock(l_type);
6707     if (l_type < 0) {
6708         return l_type;
6709     }
6710     fl->l_type = l_type;
6711     __get_user(fl->l_whence, &target_fl->l_whence);
6712     __get_user(fl->l_start, &target_fl->l_start);
6713     __get_user(fl->l_len, &target_fl->l_len);
6714     __get_user(fl->l_pid, &target_fl->l_pid);
6715     unlock_user_struct(target_fl, target_flock_addr, 0);
6716     return 0;
6717 }
6718 
6719 static inline abi_long copy_to_user_oabi_flock64(abi_ulong target_flock_addr,
6720                                                  const struct flock64 *fl)
6721 {
6722     struct target_oabi_flock64 *target_fl;
6723     short l_type;
6724 
6725     if (!lock_user_struct(VERIFY_WRITE, target_fl, target_flock_addr, 0)) {
6726         return -TARGET_EFAULT;
6727     }
6728 
6729     l_type = host_to_target_flock(fl->l_type);
6730     __put_user(l_type, &target_fl->l_type);
6731     __put_user(fl->l_whence, &target_fl->l_whence);
6732     __put_user(fl->l_start, &target_fl->l_start);
6733     __put_user(fl->l_len, &target_fl->l_len);
6734     __put_user(fl->l_pid, &target_fl->l_pid);
6735     unlock_user_struct(target_fl, target_flock_addr, 1);
6736     return 0;
6737 }
6738 #endif
6739 
6740 static inline abi_long copy_from_user_flock64(struct flock64 *fl,
6741                                               abi_ulong target_flock_addr)
6742 {
6743     struct target_flock64 *target_fl;
6744     int l_type;
6745 
6746     if (!lock_user_struct(VERIFY_READ, target_fl, target_flock_addr, 1)) {
6747         return -TARGET_EFAULT;
6748     }
6749 
6750     __get_user(l_type, &target_fl->l_type);
6751     l_type = target_to_host_flock(l_type);
6752     if (l_type < 0) {
6753         return l_type;
6754     }
6755     fl->l_type = l_type;
6756     __get_user(fl->l_whence, &target_fl->l_whence);
6757     __get_user(fl->l_start, &target_fl->l_start);
6758     __get_user(fl->l_len, &target_fl->l_len);
6759     __get_user(fl->l_pid, &target_fl->l_pid);
6760     unlock_user_struct(target_fl, target_flock_addr, 0);
6761     return 0;
6762 }
6763 
6764 static inline abi_long copy_to_user_flock64(abi_ulong target_flock_addr,
6765                                             const struct flock64 *fl)
6766 {
6767     struct target_flock64 *target_fl;
6768     short l_type;
6769 
6770     if (!lock_user_struct(VERIFY_WRITE, target_fl, target_flock_addr, 0)) {
6771         return -TARGET_EFAULT;
6772     }
6773 
6774     l_type = host_to_target_flock(fl->l_type);
6775     __put_user(l_type, &target_fl->l_type);
6776     __put_user(fl->l_whence, &target_fl->l_whence);
6777     __put_user(fl->l_start, &target_fl->l_start);
6778     __put_user(fl->l_len, &target_fl->l_len);
6779     __put_user(fl->l_pid, &target_fl->l_pid);
6780     unlock_user_struct(target_fl, target_flock_addr, 1);
6781     return 0;
6782 }
6783 
6784 static abi_long do_fcntl(int fd, int cmd, abi_ulong arg)
6785 {
6786     struct flock64 fl64;
6787 #ifdef F_GETOWN_EX
6788     struct f_owner_ex fox;
6789     struct target_f_owner_ex *target_fox;
6790 #endif
6791     abi_long ret;
6792     int host_cmd = target_to_host_fcntl_cmd(cmd);
6793 
6794     if (host_cmd == -TARGET_EINVAL)
6795 	    return host_cmd;
6796 
6797     switch(cmd) {
6798     case TARGET_F_GETLK:
6799         ret = copy_from_user_flock(&fl64, arg);
6800         if (ret) {
6801             return ret;
6802         }
6803         ret = get_errno(safe_fcntl(fd, host_cmd, &fl64));
6804         if (ret == 0) {
6805             ret = copy_to_user_flock(arg, &fl64);
6806         }
6807         break;
6808 
6809     case TARGET_F_SETLK:
6810     case TARGET_F_SETLKW:
6811         ret = copy_from_user_flock(&fl64, arg);
6812         if (ret) {
6813             return ret;
6814         }
6815         ret = get_errno(safe_fcntl(fd, host_cmd, &fl64));
6816         break;
6817 
6818     case TARGET_F_GETLK64:
6819     case TARGET_F_OFD_GETLK:
6820         ret = copy_from_user_flock64(&fl64, arg);
6821         if (ret) {
6822             return ret;
6823         }
6824         ret = get_errno(safe_fcntl(fd, host_cmd, &fl64));
6825         if (ret == 0) {
6826             ret = copy_to_user_flock64(arg, &fl64);
6827         }
6828         break;
6829     case TARGET_F_SETLK64:
6830     case TARGET_F_SETLKW64:
6831     case TARGET_F_OFD_SETLK:
6832     case TARGET_F_OFD_SETLKW:
6833         ret = copy_from_user_flock64(&fl64, arg);
6834         if (ret) {
6835             return ret;
6836         }
6837         ret = get_errno(safe_fcntl(fd, host_cmd, &fl64));
6838         break;
6839 
6840     case TARGET_F_GETFL:
6841         ret = get_errno(safe_fcntl(fd, host_cmd, arg));
6842         if (ret >= 0) {
6843             ret = host_to_target_bitmask(ret, fcntl_flags_tbl);
6844         }
6845         break;
6846 
6847     case TARGET_F_SETFL:
6848         ret = get_errno(safe_fcntl(fd, host_cmd,
6849                                    target_to_host_bitmask(arg,
6850                                                           fcntl_flags_tbl)));
6851         break;
6852 
6853 #ifdef F_GETOWN_EX
6854     case TARGET_F_GETOWN_EX:
6855         ret = get_errno(safe_fcntl(fd, host_cmd, &fox));
6856         if (ret >= 0) {
6857             if (!lock_user_struct(VERIFY_WRITE, target_fox, arg, 0))
6858                 return -TARGET_EFAULT;
6859             target_fox->type = tswap32(fox.type);
6860             target_fox->pid = tswap32(fox.pid);
6861             unlock_user_struct(target_fox, arg, 1);
6862         }
6863         break;
6864 #endif
6865 
6866 #ifdef F_SETOWN_EX
6867     case TARGET_F_SETOWN_EX:
6868         if (!lock_user_struct(VERIFY_READ, target_fox, arg, 1))
6869             return -TARGET_EFAULT;
6870         fox.type = tswap32(target_fox->type);
6871         fox.pid = tswap32(target_fox->pid);
6872         unlock_user_struct(target_fox, arg, 0);
6873         ret = get_errno(safe_fcntl(fd, host_cmd, &fox));
6874         break;
6875 #endif
6876 
6877     case TARGET_F_SETSIG:
6878         ret = get_errno(safe_fcntl(fd, host_cmd, target_to_host_signal(arg)));
6879         break;
6880 
6881     case TARGET_F_GETSIG:
6882         ret = host_to_target_signal(get_errno(safe_fcntl(fd, host_cmd, arg)));
6883         break;
6884 
6885     case TARGET_F_SETOWN:
6886     case TARGET_F_GETOWN:
6887     case TARGET_F_SETLEASE:
6888     case TARGET_F_GETLEASE:
6889     case TARGET_F_SETPIPE_SZ:
6890     case TARGET_F_GETPIPE_SZ:
6891         ret = get_errno(safe_fcntl(fd, host_cmd, arg));
6892         break;
6893 
6894     default:
6895         ret = get_errno(safe_fcntl(fd, cmd, arg));
6896         break;
6897     }
6898     return ret;
6899 }
6900 
6901 #ifdef USE_UID16
6902 
6903 static inline int high2lowuid(int uid)
6904 {
6905     if (uid > 65535)
6906         return 65534;
6907     else
6908         return uid;
6909 }
6910 
6911 static inline int high2lowgid(int gid)
6912 {
6913     if (gid > 65535)
6914         return 65534;
6915     else
6916         return gid;
6917 }
6918 
6919 static inline int low2highuid(int uid)
6920 {
6921     if ((int16_t)uid == -1)
6922         return -1;
6923     else
6924         return uid;
6925 }
6926 
6927 static inline int low2highgid(int gid)
6928 {
6929     if ((int16_t)gid == -1)
6930         return -1;
6931     else
6932         return gid;
6933 }
6934 static inline int tswapid(int id)
6935 {
6936     return tswap16(id);
6937 }
6938 
6939 #define put_user_id(x, gaddr) put_user_u16(x, gaddr)
6940 
6941 #else /* !USE_UID16 */
6942 static inline int high2lowuid(int uid)
6943 {
6944     return uid;
6945 }
6946 static inline int high2lowgid(int gid)
6947 {
6948     return gid;
6949 }
6950 static inline int low2highuid(int uid)
6951 {
6952     return uid;
6953 }
6954 static inline int low2highgid(int gid)
6955 {
6956     return gid;
6957 }
6958 static inline int tswapid(int id)
6959 {
6960     return tswap32(id);
6961 }
6962 
6963 #define put_user_id(x, gaddr) put_user_u32(x, gaddr)
6964 
6965 #endif /* USE_UID16 */
6966 
6967 /* We must do direct syscalls for setting UID/GID, because we want to
6968  * implement the Linux system call semantics of "change only for this thread",
6969  * not the libc/POSIX semantics of "change for all threads in process".
6970  * (See http://ewontfix.com/17/ for more details.)
6971  * We use the 32-bit version of the syscalls if present; if it is not
6972  * then either the host architecture supports 32-bit UIDs natively with
6973  * the standard syscall, or the 16-bit UID is the best we can do.
6974  */
6975 #ifdef __NR_setuid32
6976 #define __NR_sys_setuid __NR_setuid32
6977 #else
6978 #define __NR_sys_setuid __NR_setuid
6979 #endif
6980 #ifdef __NR_setgid32
6981 #define __NR_sys_setgid __NR_setgid32
6982 #else
6983 #define __NR_sys_setgid __NR_setgid
6984 #endif
6985 #ifdef __NR_setresuid32
6986 #define __NR_sys_setresuid __NR_setresuid32
6987 #else
6988 #define __NR_sys_setresuid __NR_setresuid
6989 #endif
6990 #ifdef __NR_setresgid32
6991 #define __NR_sys_setresgid __NR_setresgid32
6992 #else
6993 #define __NR_sys_setresgid __NR_setresgid
6994 #endif
6995 
6996 _syscall1(int, sys_setuid, uid_t, uid)
6997 _syscall1(int, sys_setgid, gid_t, gid)
6998 _syscall3(int, sys_setresuid, uid_t, ruid, uid_t, euid, uid_t, suid)
6999 _syscall3(int, sys_setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid)
7000 
7001 void syscall_init(void)
7002 {
7003     IOCTLEntry *ie;
7004     const argtype *arg_type;
7005     int size;
7006     int i;
7007 
7008     thunk_init(STRUCT_MAX);
7009 
7010 #define STRUCT(name, ...) thunk_register_struct(STRUCT_ ## name, #name, struct_ ## name ## _def);
7011 #define STRUCT_SPECIAL(name) thunk_register_struct_direct(STRUCT_ ## name, #name, &struct_ ## name ## _def);
7012 #include "syscall_types.h"
7013 #undef STRUCT
7014 #undef STRUCT_SPECIAL
7015 
7016     /* Build target_to_host_errno_table[] table from
7017      * host_to_target_errno_table[]. */
7018     for (i = 0; i < ERRNO_TABLE_SIZE; i++) {
7019         target_to_host_errno_table[host_to_target_errno_table[i]] = i;
7020     }
7021 
7022     /* we patch the ioctl size if necessary. We rely on the fact that
7023        no ioctl has all the bits at '1' in the size field */
7024     ie = ioctl_entries;
7025     while (ie->target_cmd != 0) {
7026         if (((ie->target_cmd >> TARGET_IOC_SIZESHIFT) & TARGET_IOC_SIZEMASK) ==
7027             TARGET_IOC_SIZEMASK) {
7028             arg_type = ie->arg_type;
7029             if (arg_type[0] != TYPE_PTR) {
7030                 fprintf(stderr, "cannot patch size for ioctl 0x%x\n",
7031                         ie->target_cmd);
7032                 exit(1);
7033             }
7034             arg_type++;
7035             size = thunk_type_size(arg_type, 0);
7036             ie->target_cmd = (ie->target_cmd &
7037                               ~(TARGET_IOC_SIZEMASK << TARGET_IOC_SIZESHIFT)) |
7038                 (size << TARGET_IOC_SIZESHIFT);
7039         }
7040 
7041         /* automatic consistency check if same arch */
7042 #if (defined(__i386__) && defined(TARGET_I386) && defined(TARGET_ABI32)) || \
7043     (defined(__x86_64__) && defined(TARGET_X86_64))
7044         if (unlikely(ie->target_cmd != ie->host_cmd)) {
7045             fprintf(stderr, "ERROR: ioctl(%s): target=0x%x host=0x%x\n",
7046                     ie->name, ie->target_cmd, ie->host_cmd);
7047         }
7048 #endif
7049         ie++;
7050     }
7051 }
7052 
7053 #ifdef TARGET_NR_truncate64
7054 static inline abi_long target_truncate64(void *cpu_env, const char *arg1,
7055                                          abi_long arg2,
7056                                          abi_long arg3,
7057                                          abi_long arg4)
7058 {
7059     if (regpairs_aligned(cpu_env, TARGET_NR_truncate64)) {
7060         arg2 = arg3;
7061         arg3 = arg4;
7062     }
7063     return get_errno(truncate64(arg1, target_offset64(arg2, arg3)));
7064 }
7065 #endif
7066 
7067 #ifdef TARGET_NR_ftruncate64
7068 static inline abi_long target_ftruncate64(void *cpu_env, abi_long arg1,
7069                                           abi_long arg2,
7070                                           abi_long arg3,
7071                                           abi_long arg4)
7072 {
7073     if (regpairs_aligned(cpu_env, TARGET_NR_ftruncate64)) {
7074         arg2 = arg3;
7075         arg3 = arg4;
7076     }
7077     return get_errno(ftruncate64(arg1, target_offset64(arg2, arg3)));
7078 }
7079 #endif
7080 
7081 #if defined(TARGET_NR_timer_settime) || \
7082     (defined(TARGET_NR_timerfd_settime) && defined(CONFIG_TIMERFD))
7083 static inline abi_long target_to_host_itimerspec(struct itimerspec *host_its,
7084                                                  abi_ulong target_addr)
7085 {
7086     if (target_to_host_timespec(&host_its->it_interval, target_addr +
7087                                 offsetof(struct target_itimerspec,
7088                                          it_interval)) ||
7089         target_to_host_timespec(&host_its->it_value, target_addr +
7090                                 offsetof(struct target_itimerspec,
7091                                          it_value))) {
7092         return -TARGET_EFAULT;
7093     }
7094 
7095     return 0;
7096 }
7097 #endif
7098 
7099 #if defined(TARGET_NR_timer_settime64) || \
7100     (defined(TARGET_NR_timerfd_settime64) && defined(CONFIG_TIMERFD))
7101 static inline abi_long target_to_host_itimerspec64(struct itimerspec *host_its,
7102                                                    abi_ulong target_addr)
7103 {
7104     if (target_to_host_timespec64(&host_its->it_interval, target_addr +
7105                                   offsetof(struct target__kernel_itimerspec,
7106                                            it_interval)) ||
7107         target_to_host_timespec64(&host_its->it_value, target_addr +
7108                                   offsetof(struct target__kernel_itimerspec,
7109                                            it_value))) {
7110         return -TARGET_EFAULT;
7111     }
7112 
7113     return 0;
7114 }
7115 #endif
7116 
7117 #if ((defined(TARGET_NR_timerfd_gettime) || \
7118       defined(TARGET_NR_timerfd_settime)) && defined(CONFIG_TIMERFD)) || \
7119       defined(TARGET_NR_timer_gettime) || defined(TARGET_NR_timer_settime)
7120 static inline abi_long host_to_target_itimerspec(abi_ulong target_addr,
7121                                                  struct itimerspec *host_its)
7122 {
7123     if (host_to_target_timespec(target_addr + offsetof(struct target_itimerspec,
7124                                                        it_interval),
7125                                 &host_its->it_interval) ||
7126         host_to_target_timespec(target_addr + offsetof(struct target_itimerspec,
7127                                                        it_value),
7128                                 &host_its->it_value)) {
7129         return -TARGET_EFAULT;
7130     }
7131     return 0;
7132 }
7133 #endif
7134 
7135 #if ((defined(TARGET_NR_timerfd_gettime64) || \
7136       defined(TARGET_NR_timerfd_settime64)) && defined(CONFIG_TIMERFD)) || \
7137       defined(TARGET_NR_timer_gettime64) || defined(TARGET_NR_timer_settime64)
7138 static inline abi_long host_to_target_itimerspec64(abi_ulong target_addr,
7139                                                    struct itimerspec *host_its)
7140 {
7141     if (host_to_target_timespec64(target_addr +
7142                                   offsetof(struct target__kernel_itimerspec,
7143                                            it_interval),
7144                                   &host_its->it_interval) ||
7145         host_to_target_timespec64(target_addr +
7146                                   offsetof(struct target__kernel_itimerspec,
7147                                            it_value),
7148                                   &host_its->it_value)) {
7149         return -TARGET_EFAULT;
7150     }
7151     return 0;
7152 }
7153 #endif
7154 
7155 #if defined(TARGET_NR_adjtimex) || \
7156     (defined(TARGET_NR_clock_adjtime) && defined(CONFIG_CLOCK_ADJTIME))
7157 static inline abi_long target_to_host_timex(struct timex *host_tx,
7158                                             abi_long target_addr)
7159 {
7160     struct target_timex *target_tx;
7161 
7162     if (!lock_user_struct(VERIFY_READ, target_tx, target_addr, 1)) {
7163         return -TARGET_EFAULT;
7164     }
7165 
7166     __get_user(host_tx->modes, &target_tx->modes);
7167     __get_user(host_tx->offset, &target_tx->offset);
7168     __get_user(host_tx->freq, &target_tx->freq);
7169     __get_user(host_tx->maxerror, &target_tx->maxerror);
7170     __get_user(host_tx->esterror, &target_tx->esterror);
7171     __get_user(host_tx->status, &target_tx->status);
7172     __get_user(host_tx->constant, &target_tx->constant);
7173     __get_user(host_tx->precision, &target_tx->precision);
7174     __get_user(host_tx->tolerance, &target_tx->tolerance);
7175     __get_user(host_tx->time.tv_sec, &target_tx->time.tv_sec);
7176     __get_user(host_tx->time.tv_usec, &target_tx->time.tv_usec);
7177     __get_user(host_tx->tick, &target_tx->tick);
7178     __get_user(host_tx->ppsfreq, &target_tx->ppsfreq);
7179     __get_user(host_tx->jitter, &target_tx->jitter);
7180     __get_user(host_tx->shift, &target_tx->shift);
7181     __get_user(host_tx->stabil, &target_tx->stabil);
7182     __get_user(host_tx->jitcnt, &target_tx->jitcnt);
7183     __get_user(host_tx->calcnt, &target_tx->calcnt);
7184     __get_user(host_tx->errcnt, &target_tx->errcnt);
7185     __get_user(host_tx->stbcnt, &target_tx->stbcnt);
7186     __get_user(host_tx->tai, &target_tx->tai);
7187 
7188     unlock_user_struct(target_tx, target_addr, 0);
7189     return 0;
7190 }
7191 
7192 static inline abi_long host_to_target_timex(abi_long target_addr,
7193                                             struct timex *host_tx)
7194 {
7195     struct target_timex *target_tx;
7196 
7197     if (!lock_user_struct(VERIFY_WRITE, target_tx, target_addr, 0)) {
7198         return -TARGET_EFAULT;
7199     }
7200 
7201     __put_user(host_tx->modes, &target_tx->modes);
7202     __put_user(host_tx->offset, &target_tx->offset);
7203     __put_user(host_tx->freq, &target_tx->freq);
7204     __put_user(host_tx->maxerror, &target_tx->maxerror);
7205     __put_user(host_tx->esterror, &target_tx->esterror);
7206     __put_user(host_tx->status, &target_tx->status);
7207     __put_user(host_tx->constant, &target_tx->constant);
7208     __put_user(host_tx->precision, &target_tx->precision);
7209     __put_user(host_tx->tolerance, &target_tx->tolerance);
7210     __put_user(host_tx->time.tv_sec, &target_tx->time.tv_sec);
7211     __put_user(host_tx->time.tv_usec, &target_tx->time.tv_usec);
7212     __put_user(host_tx->tick, &target_tx->tick);
7213     __put_user(host_tx->ppsfreq, &target_tx->ppsfreq);
7214     __put_user(host_tx->jitter, &target_tx->jitter);
7215     __put_user(host_tx->shift, &target_tx->shift);
7216     __put_user(host_tx->stabil, &target_tx->stabil);
7217     __put_user(host_tx->jitcnt, &target_tx->jitcnt);
7218     __put_user(host_tx->calcnt, &target_tx->calcnt);
7219     __put_user(host_tx->errcnt, &target_tx->errcnt);
7220     __put_user(host_tx->stbcnt, &target_tx->stbcnt);
7221     __put_user(host_tx->tai, &target_tx->tai);
7222 
7223     unlock_user_struct(target_tx, target_addr, 1);
7224     return 0;
7225 }
7226 #endif
7227 
7228 
7229 #if defined(TARGET_NR_clock_adjtime64) && defined(CONFIG_CLOCK_ADJTIME)
7230 static inline abi_long target_to_host_timex64(struct timex *host_tx,
7231                                               abi_long target_addr)
7232 {
7233     struct target__kernel_timex *target_tx;
7234 
7235     if (copy_from_user_timeval64(&host_tx->time, target_addr +
7236                                  offsetof(struct target__kernel_timex,
7237                                           time))) {
7238         return -TARGET_EFAULT;
7239     }
7240 
7241     if (!lock_user_struct(VERIFY_READ, target_tx, target_addr, 1)) {
7242         return -TARGET_EFAULT;
7243     }
7244 
7245     __get_user(host_tx->modes, &target_tx->modes);
7246     __get_user(host_tx->offset, &target_tx->offset);
7247     __get_user(host_tx->freq, &target_tx->freq);
7248     __get_user(host_tx->maxerror, &target_tx->maxerror);
7249     __get_user(host_tx->esterror, &target_tx->esterror);
7250     __get_user(host_tx->status, &target_tx->status);
7251     __get_user(host_tx->constant, &target_tx->constant);
7252     __get_user(host_tx->precision, &target_tx->precision);
7253     __get_user(host_tx->tolerance, &target_tx->tolerance);
7254     __get_user(host_tx->tick, &target_tx->tick);
7255     __get_user(host_tx->ppsfreq, &target_tx->ppsfreq);
7256     __get_user(host_tx->jitter, &target_tx->jitter);
7257     __get_user(host_tx->shift, &target_tx->shift);
7258     __get_user(host_tx->stabil, &target_tx->stabil);
7259     __get_user(host_tx->jitcnt, &target_tx->jitcnt);
7260     __get_user(host_tx->calcnt, &target_tx->calcnt);
7261     __get_user(host_tx->errcnt, &target_tx->errcnt);
7262     __get_user(host_tx->stbcnt, &target_tx->stbcnt);
7263     __get_user(host_tx->tai, &target_tx->tai);
7264 
7265     unlock_user_struct(target_tx, target_addr, 0);
7266     return 0;
7267 }
7268 
7269 static inline abi_long host_to_target_timex64(abi_long target_addr,
7270                                               struct timex *host_tx)
7271 {
7272     struct target__kernel_timex *target_tx;
7273 
7274    if (copy_to_user_timeval64(target_addr +
7275                               offsetof(struct target__kernel_timex, time),
7276                               &host_tx->time)) {
7277         return -TARGET_EFAULT;
7278     }
7279 
7280     if (!lock_user_struct(VERIFY_WRITE, target_tx, target_addr, 0)) {
7281         return -TARGET_EFAULT;
7282     }
7283 
7284     __put_user(host_tx->modes, &target_tx->modes);
7285     __put_user(host_tx->offset, &target_tx->offset);
7286     __put_user(host_tx->freq, &target_tx->freq);
7287     __put_user(host_tx->maxerror, &target_tx->maxerror);
7288     __put_user(host_tx->esterror, &target_tx->esterror);
7289     __put_user(host_tx->status, &target_tx->status);
7290     __put_user(host_tx->constant, &target_tx->constant);
7291     __put_user(host_tx->precision, &target_tx->precision);
7292     __put_user(host_tx->tolerance, &target_tx->tolerance);
7293     __put_user(host_tx->tick, &target_tx->tick);
7294     __put_user(host_tx->ppsfreq, &target_tx->ppsfreq);
7295     __put_user(host_tx->jitter, &target_tx->jitter);
7296     __put_user(host_tx->shift, &target_tx->shift);
7297     __put_user(host_tx->stabil, &target_tx->stabil);
7298     __put_user(host_tx->jitcnt, &target_tx->jitcnt);
7299     __put_user(host_tx->calcnt, &target_tx->calcnt);
7300     __put_user(host_tx->errcnt, &target_tx->errcnt);
7301     __put_user(host_tx->stbcnt, &target_tx->stbcnt);
7302     __put_user(host_tx->tai, &target_tx->tai);
7303 
7304     unlock_user_struct(target_tx, target_addr, 1);
7305     return 0;
7306 }
7307 #endif
7308 
7309 static inline abi_long target_to_host_sigevent(struct sigevent *host_sevp,
7310                                                abi_ulong target_addr)
7311 {
7312     struct target_sigevent *target_sevp;
7313 
7314     if (!lock_user_struct(VERIFY_READ, target_sevp, target_addr, 1)) {
7315         return -TARGET_EFAULT;
7316     }
7317 
7318     /* This union is awkward on 64 bit systems because it has a 32 bit
7319      * integer and a pointer in it; we follow the conversion approach
7320      * used for handling sigval types in signal.c so the guest should get
7321      * the correct value back even if we did a 64 bit byteswap and it's
7322      * using the 32 bit integer.
7323      */
7324     host_sevp->sigev_value.sival_ptr =
7325         (void *)(uintptr_t)tswapal(target_sevp->sigev_value.sival_ptr);
7326     host_sevp->sigev_signo =
7327         target_to_host_signal(tswap32(target_sevp->sigev_signo));
7328     host_sevp->sigev_notify = tswap32(target_sevp->sigev_notify);
7329     host_sevp->_sigev_un._tid = tswap32(target_sevp->_sigev_un._tid);
7330 
7331     unlock_user_struct(target_sevp, target_addr, 1);
7332     return 0;
7333 }
7334 
7335 #if defined(TARGET_NR_mlockall)
7336 static inline int target_to_host_mlockall_arg(int arg)
7337 {
7338     int result = 0;
7339 
7340     if (arg & TARGET_MCL_CURRENT) {
7341         result |= MCL_CURRENT;
7342     }
7343     if (arg & TARGET_MCL_FUTURE) {
7344         result |= MCL_FUTURE;
7345     }
7346 #ifdef MCL_ONFAULT
7347     if (arg & TARGET_MCL_ONFAULT) {
7348         result |= MCL_ONFAULT;
7349     }
7350 #endif
7351 
7352     return result;
7353 }
7354 #endif
7355 
7356 #if (defined(TARGET_NR_stat64) || defined(TARGET_NR_lstat64) ||     \
7357      defined(TARGET_NR_fstat64) || defined(TARGET_NR_fstatat64) ||  \
7358      defined(TARGET_NR_newfstatat))
7359 static inline abi_long host_to_target_stat64(void *cpu_env,
7360                                              abi_ulong target_addr,
7361                                              struct stat *host_st)
7362 {
7363 #if defined(TARGET_ARM) && defined(TARGET_ABI32)
7364     if (((CPUARMState *)cpu_env)->eabi) {
7365         struct target_eabi_stat64 *target_st;
7366 
7367         if (!lock_user_struct(VERIFY_WRITE, target_st, target_addr, 0))
7368             return -TARGET_EFAULT;
7369         memset(target_st, 0, sizeof(struct target_eabi_stat64));
7370         __put_user(host_st->st_dev, &target_st->st_dev);
7371         __put_user(host_st->st_ino, &target_st->st_ino);
7372 #ifdef TARGET_STAT64_HAS_BROKEN_ST_INO
7373         __put_user(host_st->st_ino, &target_st->__st_ino);
7374 #endif
7375         __put_user(host_st->st_mode, &target_st->st_mode);
7376         __put_user(host_st->st_nlink, &target_st->st_nlink);
7377         __put_user(host_st->st_uid, &target_st->st_uid);
7378         __put_user(host_st->st_gid, &target_st->st_gid);
7379         __put_user(host_st->st_rdev, &target_st->st_rdev);
7380         __put_user(host_st->st_size, &target_st->st_size);
7381         __put_user(host_st->st_blksize, &target_st->st_blksize);
7382         __put_user(host_st->st_blocks, &target_st->st_blocks);
7383         __put_user(host_st->st_atime, &target_st->target_st_atime);
7384         __put_user(host_st->st_mtime, &target_st->target_st_mtime);
7385         __put_user(host_st->st_ctime, &target_st->target_st_ctime);
7386 #if _POSIX_C_SOURCE >= 200809L || _XOPEN_SOURCE >= 700
7387         __put_user(host_st->st_atim.tv_nsec, &target_st->target_st_atime_nsec);
7388         __put_user(host_st->st_mtim.tv_nsec, &target_st->target_st_mtime_nsec);
7389         __put_user(host_st->st_ctim.tv_nsec, &target_st->target_st_ctime_nsec);
7390 #endif
7391         unlock_user_struct(target_st, target_addr, 1);
7392     } else
7393 #endif
7394     {
7395 #if defined(TARGET_HAS_STRUCT_STAT64)
7396         struct target_stat64 *target_st;
7397 #else
7398         struct target_stat *target_st;
7399 #endif
7400 
7401         if (!lock_user_struct(VERIFY_WRITE, target_st, target_addr, 0))
7402             return -TARGET_EFAULT;
7403         memset(target_st, 0, sizeof(*target_st));
7404         __put_user(host_st->st_dev, &target_st->st_dev);
7405         __put_user(host_st->st_ino, &target_st->st_ino);
7406 #ifdef TARGET_STAT64_HAS_BROKEN_ST_INO
7407         __put_user(host_st->st_ino, &target_st->__st_ino);
7408 #endif
7409         __put_user(host_st->st_mode, &target_st->st_mode);
7410         __put_user(host_st->st_nlink, &target_st->st_nlink);
7411         __put_user(host_st->st_uid, &target_st->st_uid);
7412         __put_user(host_st->st_gid, &target_st->st_gid);
7413         __put_user(host_st->st_rdev, &target_st->st_rdev);
7414         /* XXX: better use of kernel struct */
7415         __put_user(host_st->st_size, &target_st->st_size);
7416         __put_user(host_st->st_blksize, &target_st->st_blksize);
7417         __put_user(host_st->st_blocks, &target_st->st_blocks);
7418         __put_user(host_st->st_atime, &target_st->target_st_atime);
7419         __put_user(host_st->st_mtime, &target_st->target_st_mtime);
7420         __put_user(host_st->st_ctime, &target_st->target_st_ctime);
7421 #if _POSIX_C_SOURCE >= 200809L || _XOPEN_SOURCE >= 700
7422         __put_user(host_st->st_atim.tv_nsec, &target_st->target_st_atime_nsec);
7423         __put_user(host_st->st_mtim.tv_nsec, &target_st->target_st_mtime_nsec);
7424         __put_user(host_st->st_ctim.tv_nsec, &target_st->target_st_ctime_nsec);
7425 #endif
7426         unlock_user_struct(target_st, target_addr, 1);
7427     }
7428 
7429     return 0;
7430 }
7431 #endif
7432 
7433 #if defined(TARGET_NR_statx) && defined(__NR_statx)
7434 static inline abi_long host_to_target_statx(struct target_statx *host_stx,
7435                                             abi_ulong target_addr)
7436 {
7437     struct target_statx *target_stx;
7438 
7439     if (!lock_user_struct(VERIFY_WRITE, target_stx, target_addr,  0)) {
7440         return -TARGET_EFAULT;
7441     }
7442     memset(target_stx, 0, sizeof(*target_stx));
7443 
7444     __put_user(host_stx->stx_mask, &target_stx->stx_mask);
7445     __put_user(host_stx->stx_blksize, &target_stx->stx_blksize);
7446     __put_user(host_stx->stx_attributes, &target_stx->stx_attributes);
7447     __put_user(host_stx->stx_nlink, &target_stx->stx_nlink);
7448     __put_user(host_stx->stx_uid, &target_stx->stx_uid);
7449     __put_user(host_stx->stx_gid, &target_stx->stx_gid);
7450     __put_user(host_stx->stx_mode, &target_stx->stx_mode);
7451     __put_user(host_stx->stx_ino, &target_stx->stx_ino);
7452     __put_user(host_stx->stx_size, &target_stx->stx_size);
7453     __put_user(host_stx->stx_blocks, &target_stx->stx_blocks);
7454     __put_user(host_stx->stx_attributes_mask, &target_stx->stx_attributes_mask);
7455     __put_user(host_stx->stx_atime.tv_sec, &target_stx->stx_atime.tv_sec);
7456     __put_user(host_stx->stx_atime.tv_nsec, &target_stx->stx_atime.tv_nsec);
7457     __put_user(host_stx->stx_btime.tv_sec, &target_stx->stx_btime.tv_sec);
7458     __put_user(host_stx->stx_btime.tv_nsec, &target_stx->stx_btime.tv_nsec);
7459     __put_user(host_stx->stx_ctime.tv_sec, &target_stx->stx_ctime.tv_sec);
7460     __put_user(host_stx->stx_ctime.tv_nsec, &target_stx->stx_ctime.tv_nsec);
7461     __put_user(host_stx->stx_mtime.tv_sec, &target_stx->stx_mtime.tv_sec);
7462     __put_user(host_stx->stx_mtime.tv_nsec, &target_stx->stx_mtime.tv_nsec);
7463     __put_user(host_stx->stx_rdev_major, &target_stx->stx_rdev_major);
7464     __put_user(host_stx->stx_rdev_minor, &target_stx->stx_rdev_minor);
7465     __put_user(host_stx->stx_dev_major, &target_stx->stx_dev_major);
7466     __put_user(host_stx->stx_dev_minor, &target_stx->stx_dev_minor);
7467 
7468     unlock_user_struct(target_stx, target_addr, 1);
7469 
7470     return 0;
7471 }
7472 #endif
7473 
7474 static int do_sys_futex(int *uaddr, int op, int val,
7475                          const struct timespec *timeout, int *uaddr2,
7476                          int val3)
7477 {
7478 #if HOST_LONG_BITS == 64
7479 #if defined(__NR_futex)
7480     /* always a 64-bit time_t, it doesn't define _time64 version  */
7481     return sys_futex(uaddr, op, val, timeout, uaddr2, val3);
7482 
7483 #endif
7484 #else /* HOST_LONG_BITS == 64 */
7485 #if defined(__NR_futex_time64)
7486     if (sizeof(timeout->tv_sec) == 8) {
7487         /* _time64 function on 32bit arch */
7488         return sys_futex_time64(uaddr, op, val, timeout, uaddr2, val3);
7489     }
7490 #endif
7491 #if defined(__NR_futex)
7492     /* old function on 32bit arch */
7493     return sys_futex(uaddr, op, val, timeout, uaddr2, val3);
7494 #endif
7495 #endif /* HOST_LONG_BITS == 64 */
7496     g_assert_not_reached();
7497 }
7498 
7499 static int do_safe_futex(int *uaddr, int op, int val,
7500                          const struct timespec *timeout, int *uaddr2,
7501                          int val3)
7502 {
7503 #if HOST_LONG_BITS == 64
7504 #if defined(__NR_futex)
7505     /* always a 64-bit time_t, it doesn't define _time64 version  */
7506     return get_errno(safe_futex(uaddr, op, val, timeout, uaddr2, val3));
7507 #endif
7508 #else /* HOST_LONG_BITS == 64 */
7509 #if defined(__NR_futex_time64)
7510     if (sizeof(timeout->tv_sec) == 8) {
7511         /* _time64 function on 32bit arch */
7512         return get_errno(safe_futex_time64(uaddr, op, val, timeout, uaddr2,
7513                                            val3));
7514     }
7515 #endif
7516 #if defined(__NR_futex)
7517     /* old function on 32bit arch */
7518     return get_errno(safe_futex(uaddr, op, val, timeout, uaddr2, val3));
7519 #endif
7520 #endif /* HOST_LONG_BITS == 64 */
7521     return -TARGET_ENOSYS;
7522 }
7523 
7524 /* ??? Using host futex calls even when target atomic operations
7525    are not really atomic probably breaks things.  However implementing
7526    futexes locally would make futexes shared between multiple processes
7527    tricky.  However they're probably useless because guest atomic
7528    operations won't work either.  */
7529 #if defined(TARGET_NR_futex)
7530 static int do_futex(target_ulong uaddr, int op, int val, target_ulong timeout,
7531                     target_ulong uaddr2, int val3)
7532 {
7533     struct timespec ts, *pts;
7534     int base_op;
7535 
7536     /* ??? We assume FUTEX_* constants are the same on both host
7537        and target.  */
7538 #ifdef FUTEX_CMD_MASK
7539     base_op = op & FUTEX_CMD_MASK;
7540 #else
7541     base_op = op;
7542 #endif
7543     switch (base_op) {
7544     case FUTEX_WAIT:
7545     case FUTEX_WAIT_BITSET:
7546         if (timeout) {
7547             pts = &ts;
7548             target_to_host_timespec(pts, timeout);
7549         } else {
7550             pts = NULL;
7551         }
7552         return do_safe_futex(g2h(uaddr), op, tswap32(val), pts, NULL, val3);
7553     case FUTEX_WAKE:
7554         return do_safe_futex(g2h(uaddr), op, val, NULL, NULL, 0);
7555     case FUTEX_FD:
7556         return do_safe_futex(g2h(uaddr), op, val, NULL, NULL, 0);
7557     case FUTEX_REQUEUE:
7558     case FUTEX_CMP_REQUEUE:
7559     case FUTEX_WAKE_OP:
7560         /* For FUTEX_REQUEUE, FUTEX_CMP_REQUEUE, and FUTEX_WAKE_OP, the
7561            TIMEOUT parameter is interpreted as a uint32_t by the kernel.
7562            But the prototype takes a `struct timespec *'; insert casts
7563            to satisfy the compiler.  We do not need to tswap TIMEOUT
7564            since it's not compared to guest memory.  */
7565         pts = (struct timespec *)(uintptr_t) timeout;
7566         return do_safe_futex(g2h(uaddr), op, val, pts, g2h(uaddr2),
7567                              (base_op == FUTEX_CMP_REQUEUE
7568                                       ? tswap32(val3)
7569                                       : val3));
7570     default:
7571         return -TARGET_ENOSYS;
7572     }
7573 }
7574 #endif
7575 
7576 #if defined(TARGET_NR_futex_time64)
7577 static int do_futex_time64(target_ulong uaddr, int op, int val, target_ulong timeout,
7578                            target_ulong uaddr2, int val3)
7579 {
7580     struct timespec ts, *pts;
7581     int base_op;
7582 
7583     /* ??? We assume FUTEX_* constants are the same on both host
7584        and target.  */
7585 #ifdef FUTEX_CMD_MASK
7586     base_op = op & FUTEX_CMD_MASK;
7587 #else
7588     base_op = op;
7589 #endif
7590     switch (base_op) {
7591     case FUTEX_WAIT:
7592     case FUTEX_WAIT_BITSET:
7593         if (timeout) {
7594             pts = &ts;
7595             target_to_host_timespec64(pts, timeout);
7596         } else {
7597             pts = NULL;
7598         }
7599         return do_safe_futex(g2h(uaddr), op, tswap32(val), pts, NULL, val3);
7600     case FUTEX_WAKE:
7601         return do_safe_futex(g2h(uaddr), op, val, NULL, NULL, 0);
7602     case FUTEX_FD:
7603         return do_safe_futex(g2h(uaddr), op, val, NULL, NULL, 0);
7604     case FUTEX_REQUEUE:
7605     case FUTEX_CMP_REQUEUE:
7606     case FUTEX_WAKE_OP:
7607         /* For FUTEX_REQUEUE, FUTEX_CMP_REQUEUE, and FUTEX_WAKE_OP, the
7608            TIMEOUT parameter is interpreted as a uint32_t by the kernel.
7609            But the prototype takes a `struct timespec *'; insert casts
7610            to satisfy the compiler.  We do not need to tswap TIMEOUT
7611            since it's not compared to guest memory.  */
7612         pts = (struct timespec *)(uintptr_t) timeout;
7613         return do_safe_futex(g2h(uaddr), op, val, pts, g2h(uaddr2),
7614                              (base_op == FUTEX_CMP_REQUEUE
7615                                       ? tswap32(val3)
7616                                       : val3));
7617     default:
7618         return -TARGET_ENOSYS;
7619     }
7620 }
7621 #endif
7622 
7623 #if defined(TARGET_NR_name_to_handle_at) && defined(CONFIG_OPEN_BY_HANDLE)
7624 static abi_long do_name_to_handle_at(abi_long dirfd, abi_long pathname,
7625                                      abi_long handle, abi_long mount_id,
7626                                      abi_long flags)
7627 {
7628     struct file_handle *target_fh;
7629     struct file_handle *fh;
7630     int mid = 0;
7631     abi_long ret;
7632     char *name;
7633     unsigned int size, total_size;
7634 
7635     if (get_user_s32(size, handle)) {
7636         return -TARGET_EFAULT;
7637     }
7638 
7639     name = lock_user_string(pathname);
7640     if (!name) {
7641         return -TARGET_EFAULT;
7642     }
7643 
7644     total_size = sizeof(struct file_handle) + size;
7645     target_fh = lock_user(VERIFY_WRITE, handle, total_size, 0);
7646     if (!target_fh) {
7647         unlock_user(name, pathname, 0);
7648         return -TARGET_EFAULT;
7649     }
7650 
7651     fh = g_malloc0(total_size);
7652     fh->handle_bytes = size;
7653 
7654     ret = get_errno(name_to_handle_at(dirfd, path(name), fh, &mid, flags));
7655     unlock_user(name, pathname, 0);
7656 
7657     /* man name_to_handle_at(2):
7658      * Other than the use of the handle_bytes field, the caller should treat
7659      * the file_handle structure as an opaque data type
7660      */
7661 
7662     memcpy(target_fh, fh, total_size);
7663     target_fh->handle_bytes = tswap32(fh->handle_bytes);
7664     target_fh->handle_type = tswap32(fh->handle_type);
7665     g_free(fh);
7666     unlock_user(target_fh, handle, total_size);
7667 
7668     if (put_user_s32(mid, mount_id)) {
7669         return -TARGET_EFAULT;
7670     }
7671 
7672     return ret;
7673 
7674 }
7675 #endif
7676 
7677 #if defined(TARGET_NR_open_by_handle_at) && defined(CONFIG_OPEN_BY_HANDLE)
7678 static abi_long do_open_by_handle_at(abi_long mount_fd, abi_long handle,
7679                                      abi_long flags)
7680 {
7681     struct file_handle *target_fh;
7682     struct file_handle *fh;
7683     unsigned int size, total_size;
7684     abi_long ret;
7685 
7686     if (get_user_s32(size, handle)) {
7687         return -TARGET_EFAULT;
7688     }
7689 
7690     total_size = sizeof(struct file_handle) + size;
7691     target_fh = lock_user(VERIFY_READ, handle, total_size, 1);
7692     if (!target_fh) {
7693         return -TARGET_EFAULT;
7694     }
7695 
7696     fh = g_memdup(target_fh, total_size);
7697     fh->handle_bytes = size;
7698     fh->handle_type = tswap32(target_fh->handle_type);
7699 
7700     ret = get_errno(open_by_handle_at(mount_fd, fh,
7701                     target_to_host_bitmask(flags, fcntl_flags_tbl)));
7702 
7703     g_free(fh);
7704 
7705     unlock_user(target_fh, handle, total_size);
7706 
7707     return ret;
7708 }
7709 #endif
7710 
7711 #if defined(TARGET_NR_signalfd) || defined(TARGET_NR_signalfd4)
7712 
7713 static abi_long do_signalfd4(int fd, abi_long mask, int flags)
7714 {
7715     int host_flags;
7716     target_sigset_t *target_mask;
7717     sigset_t host_mask;
7718     abi_long ret;
7719 
7720     if (flags & ~(TARGET_O_NONBLOCK | TARGET_O_CLOEXEC)) {
7721         return -TARGET_EINVAL;
7722     }
7723     if (!lock_user_struct(VERIFY_READ, target_mask, mask, 1)) {
7724         return -TARGET_EFAULT;
7725     }
7726 
7727     target_to_host_sigset(&host_mask, target_mask);
7728 
7729     host_flags = target_to_host_bitmask(flags, fcntl_flags_tbl);
7730 
7731     ret = get_errno(signalfd(fd, &host_mask, host_flags));
7732     if (ret >= 0) {
7733         fd_trans_register(ret, &target_signalfd_trans);
7734     }
7735 
7736     unlock_user_struct(target_mask, mask, 0);
7737 
7738     return ret;
7739 }
7740 #endif
7741 
7742 /* Map host to target signal numbers for the wait family of syscalls.
7743    Assume all other status bits are the same.  */
7744 int host_to_target_waitstatus(int status)
7745 {
7746     if (WIFSIGNALED(status)) {
7747         return host_to_target_signal(WTERMSIG(status)) | (status & ~0x7f);
7748     }
7749     if (WIFSTOPPED(status)) {
7750         return (host_to_target_signal(WSTOPSIG(status)) << 8)
7751                | (status & 0xff);
7752     }
7753     return status;
7754 }
7755 
7756 static int open_self_cmdline(void *cpu_env, int fd)
7757 {
7758     CPUState *cpu = env_cpu((CPUArchState *)cpu_env);
7759     struct linux_binprm *bprm = ((TaskState *)cpu->opaque)->bprm;
7760     int i;
7761 
7762     for (i = 0; i < bprm->argc; i++) {
7763         size_t len = strlen(bprm->argv[i]) + 1;
7764 
7765         if (write(fd, bprm->argv[i], len) != len) {
7766             return -1;
7767         }
7768     }
7769 
7770     return 0;
7771 }
7772 
7773 static int open_self_maps(void *cpu_env, int fd)
7774 {
7775     CPUState *cpu = env_cpu((CPUArchState *)cpu_env);
7776     TaskState *ts = cpu->opaque;
7777     GSList *map_info = read_self_maps();
7778     GSList *s;
7779     int count;
7780 
7781     for (s = map_info; s; s = g_slist_next(s)) {
7782         MapInfo *e = (MapInfo *) s->data;
7783 
7784         if (h2g_valid(e->start)) {
7785             unsigned long min = e->start;
7786             unsigned long max = e->end;
7787             int flags = page_get_flags(h2g(min));
7788             const char *path;
7789 
7790             max = h2g_valid(max - 1) ?
7791                 max : (uintptr_t) g2h(GUEST_ADDR_MAX) + 1;
7792 
7793             if (page_check_range(h2g(min), max - min, flags) == -1) {
7794                 continue;
7795             }
7796 
7797             if (h2g(min) == ts->info->stack_limit) {
7798                 path = "[stack]";
7799             } else {
7800                 path = e->path;
7801             }
7802 
7803             count = dprintf(fd, TARGET_ABI_FMT_ptr "-" TARGET_ABI_FMT_ptr
7804                             " %c%c%c%c %08" PRIx64 " %s %"PRId64,
7805                             h2g(min), h2g(max - 1) + 1,
7806                             e->is_read ? 'r' : '-',
7807                             e->is_write ? 'w' : '-',
7808                             e->is_exec ? 'x' : '-',
7809                             e->is_priv ? 'p' : '-',
7810                             (uint64_t) e->offset, e->dev, e->inode);
7811             if (path) {
7812                 dprintf(fd, "%*s%s\n", 73 - count, "", path);
7813             } else {
7814                 dprintf(fd, "\n");
7815             }
7816         }
7817     }
7818 
7819     free_self_maps(map_info);
7820 
7821 #ifdef TARGET_VSYSCALL_PAGE
7822     /*
7823      * We only support execution from the vsyscall page.
7824      * This is as if CONFIG_LEGACY_VSYSCALL_XONLY=y from v5.3.
7825      */
7826     count = dprintf(fd, TARGET_FMT_lx "-" TARGET_FMT_lx
7827                     " --xp 00000000 00:00 0",
7828                     TARGET_VSYSCALL_PAGE, TARGET_VSYSCALL_PAGE + TARGET_PAGE_SIZE);
7829     dprintf(fd, "%*s%s\n", 73 - count, "",  "[vsyscall]");
7830 #endif
7831 
7832     return 0;
7833 }
7834 
7835 static int open_self_stat(void *cpu_env, int fd)
7836 {
7837     CPUState *cpu = env_cpu((CPUArchState *)cpu_env);
7838     TaskState *ts = cpu->opaque;
7839     g_autoptr(GString) buf = g_string_new(NULL);
7840     int i;
7841 
7842     for (i = 0; i < 44; i++) {
7843         if (i == 0) {
7844             /* pid */
7845             g_string_printf(buf, FMT_pid " ", getpid());
7846         } else if (i == 1) {
7847             /* app name */
7848             gchar *bin = g_strrstr(ts->bprm->argv[0], "/");
7849             bin = bin ? bin + 1 : ts->bprm->argv[0];
7850             g_string_printf(buf, "(%.15s) ", bin);
7851         } else if (i == 27) {
7852             /* stack bottom */
7853             g_string_printf(buf, TARGET_ABI_FMT_ld " ", ts->info->start_stack);
7854         } else {
7855             /* for the rest, there is MasterCard */
7856             g_string_printf(buf, "0%c", i == 43 ? '\n' : ' ');
7857         }
7858 
7859         if (write(fd, buf->str, buf->len) != buf->len) {
7860             return -1;
7861         }
7862     }
7863 
7864     return 0;
7865 }
7866 
7867 static int open_self_auxv(void *cpu_env, int fd)
7868 {
7869     CPUState *cpu = env_cpu((CPUArchState *)cpu_env);
7870     TaskState *ts = cpu->opaque;
7871     abi_ulong auxv = ts->info->saved_auxv;
7872     abi_ulong len = ts->info->auxv_len;
7873     char *ptr;
7874 
7875     /*
7876      * Auxiliary vector is stored in target process stack.
7877      * read in whole auxv vector and copy it to file
7878      */
7879     ptr = lock_user(VERIFY_READ, auxv, len, 0);
7880     if (ptr != NULL) {
7881         while (len > 0) {
7882             ssize_t r;
7883             r = write(fd, ptr, len);
7884             if (r <= 0) {
7885                 break;
7886             }
7887             len -= r;
7888             ptr += r;
7889         }
7890         lseek(fd, 0, SEEK_SET);
7891         unlock_user(ptr, auxv, len);
7892     }
7893 
7894     return 0;
7895 }
7896 
7897 static int is_proc_myself(const char *filename, const char *entry)
7898 {
7899     if (!strncmp(filename, "/proc/", strlen("/proc/"))) {
7900         filename += strlen("/proc/");
7901         if (!strncmp(filename, "self/", strlen("self/"))) {
7902             filename += strlen("self/");
7903         } else if (*filename >= '1' && *filename <= '9') {
7904             char myself[80];
7905             snprintf(myself, sizeof(myself), "%d/", getpid());
7906             if (!strncmp(filename, myself, strlen(myself))) {
7907                 filename += strlen(myself);
7908             } else {
7909                 return 0;
7910             }
7911         } else {
7912             return 0;
7913         }
7914         if (!strcmp(filename, entry)) {
7915             return 1;
7916         }
7917     }
7918     return 0;
7919 }
7920 
7921 #if defined(HOST_WORDS_BIGENDIAN) != defined(TARGET_WORDS_BIGENDIAN) || \
7922     defined(TARGET_SPARC) || defined(TARGET_M68K) || defined(TARGET_HPPA)
7923 static int is_proc(const char *filename, const char *entry)
7924 {
7925     return strcmp(filename, entry) == 0;
7926 }
7927 #endif
7928 
7929 #if defined(HOST_WORDS_BIGENDIAN) != defined(TARGET_WORDS_BIGENDIAN)
7930 static int open_net_route(void *cpu_env, int fd)
7931 {
7932     FILE *fp;
7933     char *line = NULL;
7934     size_t len = 0;
7935     ssize_t read;
7936 
7937     fp = fopen("/proc/net/route", "r");
7938     if (fp == NULL) {
7939         return -1;
7940     }
7941 
7942     /* read header */
7943 
7944     read = getline(&line, &len, fp);
7945     dprintf(fd, "%s", line);
7946 
7947     /* read routes */
7948 
7949     while ((read = getline(&line, &len, fp)) != -1) {
7950         char iface[16];
7951         uint32_t dest, gw, mask;
7952         unsigned int flags, refcnt, use, metric, mtu, window, irtt;
7953         int fields;
7954 
7955         fields = sscanf(line,
7956                         "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n",
7957                         iface, &dest, &gw, &flags, &refcnt, &use, &metric,
7958                         &mask, &mtu, &window, &irtt);
7959         if (fields != 11) {
7960             continue;
7961         }
7962         dprintf(fd, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n",
7963                 iface, tswap32(dest), tswap32(gw), flags, refcnt, use,
7964                 metric, tswap32(mask), mtu, window, irtt);
7965     }
7966 
7967     free(line);
7968     fclose(fp);
7969 
7970     return 0;
7971 }
7972 #endif
7973 
7974 #if defined(TARGET_SPARC)
7975 static int open_cpuinfo(void *cpu_env, int fd)
7976 {
7977     dprintf(fd, "type\t\t: sun4u\n");
7978     return 0;
7979 }
7980 #endif
7981 
7982 #if defined(TARGET_HPPA)
7983 static int open_cpuinfo(void *cpu_env, int fd)
7984 {
7985     dprintf(fd, "cpu family\t: PA-RISC 1.1e\n");
7986     dprintf(fd, "cpu\t\t: PA7300LC (PCX-L2)\n");
7987     dprintf(fd, "capabilities\t: os32\n");
7988     dprintf(fd, "model\t\t: 9000/778/B160L\n");
7989     dprintf(fd, "model name\t: Merlin L2 160 QEMU (9000/778/B160L)\n");
7990     return 0;
7991 }
7992 #endif
7993 
7994 #if defined(TARGET_M68K)
7995 static int open_hardware(void *cpu_env, int fd)
7996 {
7997     dprintf(fd, "Model:\t\tqemu-m68k\n");
7998     return 0;
7999 }
8000 #endif
8001 
8002 static int do_openat(void *cpu_env, int dirfd, const char *pathname, int flags, mode_t mode)
8003 {
8004     struct fake_open {
8005         const char *filename;
8006         int (*fill)(void *cpu_env, int fd);
8007         int (*cmp)(const char *s1, const char *s2);
8008     };
8009     const struct fake_open *fake_open;
8010     static const struct fake_open fakes[] = {
8011         { "maps", open_self_maps, is_proc_myself },
8012         { "stat", open_self_stat, is_proc_myself },
8013         { "auxv", open_self_auxv, is_proc_myself },
8014         { "cmdline", open_self_cmdline, is_proc_myself },
8015 #if defined(HOST_WORDS_BIGENDIAN) != defined(TARGET_WORDS_BIGENDIAN)
8016         { "/proc/net/route", open_net_route, is_proc },
8017 #endif
8018 #if defined(TARGET_SPARC) || defined(TARGET_HPPA)
8019         { "/proc/cpuinfo", open_cpuinfo, is_proc },
8020 #endif
8021 #if defined(TARGET_M68K)
8022         { "/proc/hardware", open_hardware, is_proc },
8023 #endif
8024         { NULL, NULL, NULL }
8025     };
8026 
8027     if (is_proc_myself(pathname, "exe")) {
8028         int execfd = qemu_getauxval(AT_EXECFD);
8029         return execfd ? execfd : safe_openat(dirfd, exec_path, flags, mode);
8030     }
8031 
8032     for (fake_open = fakes; fake_open->filename; fake_open++) {
8033         if (fake_open->cmp(pathname, fake_open->filename)) {
8034             break;
8035         }
8036     }
8037 
8038     if (fake_open->filename) {
8039         const char *tmpdir;
8040         char filename[PATH_MAX];
8041         int fd, r;
8042 
8043         /* create temporary file to map stat to */
8044         tmpdir = getenv("TMPDIR");
8045         if (!tmpdir)
8046             tmpdir = "/tmp";
8047         snprintf(filename, sizeof(filename), "%s/qemu-open.XXXXXX", tmpdir);
8048         fd = mkstemp(filename);
8049         if (fd < 0) {
8050             return fd;
8051         }
8052         unlink(filename);
8053 
8054         if ((r = fake_open->fill(cpu_env, fd))) {
8055             int e = errno;
8056             close(fd);
8057             errno = e;
8058             return r;
8059         }
8060         lseek(fd, 0, SEEK_SET);
8061 
8062         return fd;
8063     }
8064 
8065     return safe_openat(dirfd, path(pathname), flags, mode);
8066 }
8067 
8068 #define TIMER_MAGIC 0x0caf0000
8069 #define TIMER_MAGIC_MASK 0xffff0000
8070 
8071 /* Convert QEMU provided timer ID back to internal 16bit index format */
8072 static target_timer_t get_timer_id(abi_long arg)
8073 {
8074     target_timer_t timerid = arg;
8075 
8076     if ((timerid & TIMER_MAGIC_MASK) != TIMER_MAGIC) {
8077         return -TARGET_EINVAL;
8078     }
8079 
8080     timerid &= 0xffff;
8081 
8082     if (timerid >= ARRAY_SIZE(g_posix_timers)) {
8083         return -TARGET_EINVAL;
8084     }
8085 
8086     return timerid;
8087 }
8088 
8089 static int target_to_host_cpu_mask(unsigned long *host_mask,
8090                                    size_t host_size,
8091                                    abi_ulong target_addr,
8092                                    size_t target_size)
8093 {
8094     unsigned target_bits = sizeof(abi_ulong) * 8;
8095     unsigned host_bits = sizeof(*host_mask) * 8;
8096     abi_ulong *target_mask;
8097     unsigned i, j;
8098 
8099     assert(host_size >= target_size);
8100 
8101     target_mask = lock_user(VERIFY_READ, target_addr, target_size, 1);
8102     if (!target_mask) {
8103         return -TARGET_EFAULT;
8104     }
8105     memset(host_mask, 0, host_size);
8106 
8107     for (i = 0 ; i < target_size / sizeof(abi_ulong); i++) {
8108         unsigned bit = i * target_bits;
8109         abi_ulong val;
8110 
8111         __get_user(val, &target_mask[i]);
8112         for (j = 0; j < target_bits; j++, bit++) {
8113             if (val & (1UL << j)) {
8114                 host_mask[bit / host_bits] |= 1UL << (bit % host_bits);
8115             }
8116         }
8117     }
8118 
8119     unlock_user(target_mask, target_addr, 0);
8120     return 0;
8121 }
8122 
8123 static int host_to_target_cpu_mask(const unsigned long *host_mask,
8124                                    size_t host_size,
8125                                    abi_ulong target_addr,
8126                                    size_t target_size)
8127 {
8128     unsigned target_bits = sizeof(abi_ulong) * 8;
8129     unsigned host_bits = sizeof(*host_mask) * 8;
8130     abi_ulong *target_mask;
8131     unsigned i, j;
8132 
8133     assert(host_size >= target_size);
8134 
8135     target_mask = lock_user(VERIFY_WRITE, target_addr, target_size, 0);
8136     if (!target_mask) {
8137         return -TARGET_EFAULT;
8138     }
8139 
8140     for (i = 0 ; i < target_size / sizeof(abi_ulong); i++) {
8141         unsigned bit = i * target_bits;
8142         abi_ulong val = 0;
8143 
8144         for (j = 0; j < target_bits; j++, bit++) {
8145             if (host_mask[bit / host_bits] & (1UL << (bit % host_bits))) {
8146                 val |= 1UL << j;
8147             }
8148         }
8149         __put_user(val, &target_mask[i]);
8150     }
8151 
8152     unlock_user(target_mask, target_addr, target_size);
8153     return 0;
8154 }
8155 
8156 /* This is an internal helper for do_syscall so that it is easier
8157  * to have a single return point, so that actions, such as logging
8158  * of syscall results, can be performed.
8159  * All errnos that do_syscall() returns must be -TARGET_<errcode>.
8160  */
8161 static abi_long do_syscall1(void *cpu_env, int num, abi_long arg1,
8162                             abi_long arg2, abi_long arg3, abi_long arg4,
8163                             abi_long arg5, abi_long arg6, abi_long arg7,
8164                             abi_long arg8)
8165 {
8166     CPUState *cpu = env_cpu(cpu_env);
8167     abi_long ret;
8168 #if defined(TARGET_NR_stat) || defined(TARGET_NR_stat64) \
8169     || defined(TARGET_NR_lstat) || defined(TARGET_NR_lstat64) \
8170     || defined(TARGET_NR_fstat) || defined(TARGET_NR_fstat64) \
8171     || defined(TARGET_NR_statx)
8172     struct stat st;
8173 #endif
8174 #if defined(TARGET_NR_statfs) || defined(TARGET_NR_statfs64) \
8175     || defined(TARGET_NR_fstatfs)
8176     struct statfs stfs;
8177 #endif
8178     void *p;
8179 
8180     switch(num) {
8181     case TARGET_NR_exit:
8182         /* In old applications this may be used to implement _exit(2).
8183            However in threaded applications it is used for thread termination,
8184            and _exit_group is used for application termination.
8185            Do thread termination if we have more then one thread.  */
8186 
8187         if (block_signals()) {
8188             return -TARGET_ERESTARTSYS;
8189         }
8190 
8191         pthread_mutex_lock(&clone_lock);
8192 
8193         if (CPU_NEXT(first_cpu)) {
8194             TaskState *ts = cpu->opaque;
8195 
8196             object_property_set_bool(OBJECT(cpu), "realized", false, NULL);
8197             object_unref(OBJECT(cpu));
8198             /*
8199              * At this point the CPU should be unrealized and removed
8200              * from cpu lists. We can clean-up the rest of the thread
8201              * data without the lock held.
8202              */
8203 
8204             pthread_mutex_unlock(&clone_lock);
8205 
8206             if (ts->child_tidptr) {
8207                 put_user_u32(0, ts->child_tidptr);
8208                 do_sys_futex(g2h(ts->child_tidptr), FUTEX_WAKE, INT_MAX,
8209                           NULL, NULL, 0);
8210             }
8211             thread_cpu = NULL;
8212             g_free(ts);
8213             rcu_unregister_thread();
8214             pthread_exit(NULL);
8215         }
8216 
8217         pthread_mutex_unlock(&clone_lock);
8218         preexit_cleanup(cpu_env, arg1);
8219         _exit(arg1);
8220         return 0; /* avoid warning */
8221     case TARGET_NR_read:
8222         if (arg2 == 0 && arg3 == 0) {
8223             return get_errno(safe_read(arg1, 0, 0));
8224         } else {
8225             if (!(p = lock_user(VERIFY_WRITE, arg2, arg3, 0)))
8226                 return -TARGET_EFAULT;
8227             ret = get_errno(safe_read(arg1, p, arg3));
8228             if (ret >= 0 &&
8229                 fd_trans_host_to_target_data(arg1)) {
8230                 ret = fd_trans_host_to_target_data(arg1)(p, ret);
8231             }
8232             unlock_user(p, arg2, ret);
8233         }
8234         return ret;
8235     case TARGET_NR_write:
8236         if (arg2 == 0 && arg3 == 0) {
8237             return get_errno(safe_write(arg1, 0, 0));
8238         }
8239         if (!(p = lock_user(VERIFY_READ, arg2, arg3, 1)))
8240             return -TARGET_EFAULT;
8241         if (fd_trans_target_to_host_data(arg1)) {
8242             void *copy = g_malloc(arg3);
8243             memcpy(copy, p, arg3);
8244             ret = fd_trans_target_to_host_data(arg1)(copy, arg3);
8245             if (ret >= 0) {
8246                 ret = get_errno(safe_write(arg1, copy, ret));
8247             }
8248             g_free(copy);
8249         } else {
8250             ret = get_errno(safe_write(arg1, p, arg3));
8251         }
8252         unlock_user(p, arg2, 0);
8253         return ret;
8254 
8255 #ifdef TARGET_NR_open
8256     case TARGET_NR_open:
8257         if (!(p = lock_user_string(arg1)))
8258             return -TARGET_EFAULT;
8259         ret = get_errno(do_openat(cpu_env, AT_FDCWD, p,
8260                                   target_to_host_bitmask(arg2, fcntl_flags_tbl),
8261                                   arg3));
8262         fd_trans_unregister(ret);
8263         unlock_user(p, arg1, 0);
8264         return ret;
8265 #endif
8266     case TARGET_NR_openat:
8267         if (!(p = lock_user_string(arg2)))
8268             return -TARGET_EFAULT;
8269         ret = get_errno(do_openat(cpu_env, arg1, p,
8270                                   target_to_host_bitmask(arg3, fcntl_flags_tbl),
8271                                   arg4));
8272         fd_trans_unregister(ret);
8273         unlock_user(p, arg2, 0);
8274         return ret;
8275 #if defined(TARGET_NR_name_to_handle_at) && defined(CONFIG_OPEN_BY_HANDLE)
8276     case TARGET_NR_name_to_handle_at:
8277         ret = do_name_to_handle_at(arg1, arg2, arg3, arg4, arg5);
8278         return ret;
8279 #endif
8280 #if defined(TARGET_NR_open_by_handle_at) && defined(CONFIG_OPEN_BY_HANDLE)
8281     case TARGET_NR_open_by_handle_at:
8282         ret = do_open_by_handle_at(arg1, arg2, arg3);
8283         fd_trans_unregister(ret);
8284         return ret;
8285 #endif
8286     case TARGET_NR_close:
8287         fd_trans_unregister(arg1);
8288         return get_errno(close(arg1));
8289 
8290     case TARGET_NR_brk:
8291         return do_brk(arg1);
8292 #ifdef TARGET_NR_fork
8293     case TARGET_NR_fork:
8294         return get_errno(do_fork(cpu_env, TARGET_SIGCHLD, 0, 0, 0, 0));
8295 #endif
8296 #ifdef TARGET_NR_waitpid
8297     case TARGET_NR_waitpid:
8298         {
8299             int status;
8300             ret = get_errno(safe_wait4(arg1, &status, arg3, 0));
8301             if (!is_error(ret) && arg2 && ret
8302                 && put_user_s32(host_to_target_waitstatus(status), arg2))
8303                 return -TARGET_EFAULT;
8304         }
8305         return ret;
8306 #endif
8307 #ifdef TARGET_NR_waitid
8308     case TARGET_NR_waitid:
8309         {
8310             siginfo_t info;
8311             info.si_pid = 0;
8312             ret = get_errno(safe_waitid(arg1, arg2, &info, arg4, NULL));
8313             if (!is_error(ret) && arg3 && info.si_pid != 0) {
8314                 if (!(p = lock_user(VERIFY_WRITE, arg3, sizeof(target_siginfo_t), 0)))
8315                     return -TARGET_EFAULT;
8316                 host_to_target_siginfo(p, &info);
8317                 unlock_user(p, arg3, sizeof(target_siginfo_t));
8318             }
8319         }
8320         return ret;
8321 #endif
8322 #ifdef TARGET_NR_creat /* not on alpha */
8323     case TARGET_NR_creat:
8324         if (!(p = lock_user_string(arg1)))
8325             return -TARGET_EFAULT;
8326         ret = get_errno(creat(p, arg2));
8327         fd_trans_unregister(ret);
8328         unlock_user(p, arg1, 0);
8329         return ret;
8330 #endif
8331 #ifdef TARGET_NR_link
8332     case TARGET_NR_link:
8333         {
8334             void * p2;
8335             p = lock_user_string(arg1);
8336             p2 = lock_user_string(arg2);
8337             if (!p || !p2)
8338                 ret = -TARGET_EFAULT;
8339             else
8340                 ret = get_errno(link(p, p2));
8341             unlock_user(p2, arg2, 0);
8342             unlock_user(p, arg1, 0);
8343         }
8344         return ret;
8345 #endif
8346 #if defined(TARGET_NR_linkat)
8347     case TARGET_NR_linkat:
8348         {
8349             void * p2 = NULL;
8350             if (!arg2 || !arg4)
8351                 return -TARGET_EFAULT;
8352             p  = lock_user_string(arg2);
8353             p2 = lock_user_string(arg4);
8354             if (!p || !p2)
8355                 ret = -TARGET_EFAULT;
8356             else
8357                 ret = get_errno(linkat(arg1, p, arg3, p2, arg5));
8358             unlock_user(p, arg2, 0);
8359             unlock_user(p2, arg4, 0);
8360         }
8361         return ret;
8362 #endif
8363 #ifdef TARGET_NR_unlink
8364     case TARGET_NR_unlink:
8365         if (!(p = lock_user_string(arg1)))
8366             return -TARGET_EFAULT;
8367         ret = get_errno(unlink(p));
8368         unlock_user(p, arg1, 0);
8369         return ret;
8370 #endif
8371 #if defined(TARGET_NR_unlinkat)
8372     case TARGET_NR_unlinkat:
8373         if (!(p = lock_user_string(arg2)))
8374             return -TARGET_EFAULT;
8375         ret = get_errno(unlinkat(arg1, p, arg3));
8376         unlock_user(p, arg2, 0);
8377         return ret;
8378 #endif
8379     case TARGET_NR_execve:
8380         {
8381             char **argp, **envp;
8382             int argc, envc;
8383             abi_ulong gp;
8384             abi_ulong guest_argp;
8385             abi_ulong guest_envp;
8386             abi_ulong addr;
8387             char **q;
8388             int total_size = 0;
8389 
8390             argc = 0;
8391             guest_argp = arg2;
8392             for (gp = guest_argp; gp; gp += sizeof(abi_ulong)) {
8393                 if (get_user_ual(addr, gp))
8394                     return -TARGET_EFAULT;
8395                 if (!addr)
8396                     break;
8397                 argc++;
8398             }
8399             envc = 0;
8400             guest_envp = arg3;
8401             for (gp = guest_envp; gp; gp += sizeof(abi_ulong)) {
8402                 if (get_user_ual(addr, gp))
8403                     return -TARGET_EFAULT;
8404                 if (!addr)
8405                     break;
8406                 envc++;
8407             }
8408 
8409             argp = g_new0(char *, argc + 1);
8410             envp = g_new0(char *, envc + 1);
8411 
8412             for (gp = guest_argp, q = argp; gp;
8413                   gp += sizeof(abi_ulong), q++) {
8414                 if (get_user_ual(addr, gp))
8415                     goto execve_efault;
8416                 if (!addr)
8417                     break;
8418                 if (!(*q = lock_user_string(addr)))
8419                     goto execve_efault;
8420                 total_size += strlen(*q) + 1;
8421             }
8422             *q = NULL;
8423 
8424             for (gp = guest_envp, q = envp; gp;
8425                   gp += sizeof(abi_ulong), q++) {
8426                 if (get_user_ual(addr, gp))
8427                     goto execve_efault;
8428                 if (!addr)
8429                     break;
8430                 if (!(*q = lock_user_string(addr)))
8431                     goto execve_efault;
8432                 total_size += strlen(*q) + 1;
8433             }
8434             *q = NULL;
8435 
8436             if (!(p = lock_user_string(arg1)))
8437                 goto execve_efault;
8438             /* Although execve() is not an interruptible syscall it is
8439              * a special case where we must use the safe_syscall wrapper:
8440              * if we allow a signal to happen before we make the host
8441              * syscall then we will 'lose' it, because at the point of
8442              * execve the process leaves QEMU's control. So we use the
8443              * safe syscall wrapper to ensure that we either take the
8444              * signal as a guest signal, or else it does not happen
8445              * before the execve completes and makes it the other
8446              * program's problem.
8447              */
8448             ret = get_errno(safe_execve(p, argp, envp));
8449             unlock_user(p, arg1, 0);
8450 
8451             goto execve_end;
8452 
8453         execve_efault:
8454             ret = -TARGET_EFAULT;
8455 
8456         execve_end:
8457             for (gp = guest_argp, q = argp; *q;
8458                   gp += sizeof(abi_ulong), q++) {
8459                 if (get_user_ual(addr, gp)
8460                     || !addr)
8461                     break;
8462                 unlock_user(*q, addr, 0);
8463             }
8464             for (gp = guest_envp, q = envp; *q;
8465                   gp += sizeof(abi_ulong), q++) {
8466                 if (get_user_ual(addr, gp)
8467                     || !addr)
8468                     break;
8469                 unlock_user(*q, addr, 0);
8470             }
8471 
8472             g_free(argp);
8473             g_free(envp);
8474         }
8475         return ret;
8476     case TARGET_NR_chdir:
8477         if (!(p = lock_user_string(arg1)))
8478             return -TARGET_EFAULT;
8479         ret = get_errno(chdir(p));
8480         unlock_user(p, arg1, 0);
8481         return ret;
8482 #ifdef TARGET_NR_time
8483     case TARGET_NR_time:
8484         {
8485             time_t host_time;
8486             ret = get_errno(time(&host_time));
8487             if (!is_error(ret)
8488                 && arg1
8489                 && put_user_sal(host_time, arg1))
8490                 return -TARGET_EFAULT;
8491         }
8492         return ret;
8493 #endif
8494 #ifdef TARGET_NR_mknod
8495     case TARGET_NR_mknod:
8496         if (!(p = lock_user_string(arg1)))
8497             return -TARGET_EFAULT;
8498         ret = get_errno(mknod(p, arg2, arg3));
8499         unlock_user(p, arg1, 0);
8500         return ret;
8501 #endif
8502 #if defined(TARGET_NR_mknodat)
8503     case TARGET_NR_mknodat:
8504         if (!(p = lock_user_string(arg2)))
8505             return -TARGET_EFAULT;
8506         ret = get_errno(mknodat(arg1, p, arg3, arg4));
8507         unlock_user(p, arg2, 0);
8508         return ret;
8509 #endif
8510 #ifdef TARGET_NR_chmod
8511     case TARGET_NR_chmod:
8512         if (!(p = lock_user_string(arg1)))
8513             return -TARGET_EFAULT;
8514         ret = get_errno(chmod(p, arg2));
8515         unlock_user(p, arg1, 0);
8516         return ret;
8517 #endif
8518 #ifdef TARGET_NR_lseek
8519     case TARGET_NR_lseek:
8520         return get_errno(lseek(arg1, arg2, arg3));
8521 #endif
8522 #if defined(TARGET_NR_getxpid) && defined(TARGET_ALPHA)
8523     /* Alpha specific */
8524     case TARGET_NR_getxpid:
8525         ((CPUAlphaState *)cpu_env)->ir[IR_A4] = getppid();
8526         return get_errno(getpid());
8527 #endif
8528 #ifdef TARGET_NR_getpid
8529     case TARGET_NR_getpid:
8530         return get_errno(getpid());
8531 #endif
8532     case TARGET_NR_mount:
8533         {
8534             /* need to look at the data field */
8535             void *p2, *p3;
8536 
8537             if (arg1) {
8538                 p = lock_user_string(arg1);
8539                 if (!p) {
8540                     return -TARGET_EFAULT;
8541                 }
8542             } else {
8543                 p = NULL;
8544             }
8545 
8546             p2 = lock_user_string(arg2);
8547             if (!p2) {
8548                 if (arg1) {
8549                     unlock_user(p, arg1, 0);
8550                 }
8551                 return -TARGET_EFAULT;
8552             }
8553 
8554             if (arg3) {
8555                 p3 = lock_user_string(arg3);
8556                 if (!p3) {
8557                     if (arg1) {
8558                         unlock_user(p, arg1, 0);
8559                     }
8560                     unlock_user(p2, arg2, 0);
8561                     return -TARGET_EFAULT;
8562                 }
8563             } else {
8564                 p3 = NULL;
8565             }
8566 
8567             /* FIXME - arg5 should be locked, but it isn't clear how to
8568              * do that since it's not guaranteed to be a NULL-terminated
8569              * string.
8570              */
8571             if (!arg5) {
8572                 ret = mount(p, p2, p3, (unsigned long)arg4, NULL);
8573             } else {
8574                 ret = mount(p, p2, p3, (unsigned long)arg4, g2h(arg5));
8575             }
8576             ret = get_errno(ret);
8577 
8578             if (arg1) {
8579                 unlock_user(p, arg1, 0);
8580             }
8581             unlock_user(p2, arg2, 0);
8582             if (arg3) {
8583                 unlock_user(p3, arg3, 0);
8584             }
8585         }
8586         return ret;
8587 #if defined(TARGET_NR_umount) || defined(TARGET_NR_oldumount)
8588 #if defined(TARGET_NR_umount)
8589     case TARGET_NR_umount:
8590 #endif
8591 #if defined(TARGET_NR_oldumount)
8592     case TARGET_NR_oldumount:
8593 #endif
8594         if (!(p = lock_user_string(arg1)))
8595             return -TARGET_EFAULT;
8596         ret = get_errno(umount(p));
8597         unlock_user(p, arg1, 0);
8598         return ret;
8599 #endif
8600 #ifdef TARGET_NR_stime /* not on alpha */
8601     case TARGET_NR_stime:
8602         {
8603             struct timespec ts;
8604             ts.tv_nsec = 0;
8605             if (get_user_sal(ts.tv_sec, arg1)) {
8606                 return -TARGET_EFAULT;
8607             }
8608             return get_errno(clock_settime(CLOCK_REALTIME, &ts));
8609         }
8610 #endif
8611 #ifdef TARGET_NR_alarm /* not on alpha */
8612     case TARGET_NR_alarm:
8613         return alarm(arg1);
8614 #endif
8615 #ifdef TARGET_NR_pause /* not on alpha */
8616     case TARGET_NR_pause:
8617         if (!block_signals()) {
8618             sigsuspend(&((TaskState *)cpu->opaque)->signal_mask);
8619         }
8620         return -TARGET_EINTR;
8621 #endif
8622 #ifdef TARGET_NR_utime
8623     case TARGET_NR_utime:
8624         {
8625             struct utimbuf tbuf, *host_tbuf;
8626             struct target_utimbuf *target_tbuf;
8627             if (arg2) {
8628                 if (!lock_user_struct(VERIFY_READ, target_tbuf, arg2, 1))
8629                     return -TARGET_EFAULT;
8630                 tbuf.actime = tswapal(target_tbuf->actime);
8631                 tbuf.modtime = tswapal(target_tbuf->modtime);
8632                 unlock_user_struct(target_tbuf, arg2, 0);
8633                 host_tbuf = &tbuf;
8634             } else {
8635                 host_tbuf = NULL;
8636             }
8637             if (!(p = lock_user_string(arg1)))
8638                 return -TARGET_EFAULT;
8639             ret = get_errno(utime(p, host_tbuf));
8640             unlock_user(p, arg1, 0);
8641         }
8642         return ret;
8643 #endif
8644 #ifdef TARGET_NR_utimes
8645     case TARGET_NR_utimes:
8646         {
8647             struct timeval *tvp, tv[2];
8648             if (arg2) {
8649                 if (copy_from_user_timeval(&tv[0], arg2)
8650                     || copy_from_user_timeval(&tv[1],
8651                                               arg2 + sizeof(struct target_timeval)))
8652                     return -TARGET_EFAULT;
8653                 tvp = tv;
8654             } else {
8655                 tvp = NULL;
8656             }
8657             if (!(p = lock_user_string(arg1)))
8658                 return -TARGET_EFAULT;
8659             ret = get_errno(utimes(p, tvp));
8660             unlock_user(p, arg1, 0);
8661         }
8662         return ret;
8663 #endif
8664 #if defined(TARGET_NR_futimesat)
8665     case TARGET_NR_futimesat:
8666         {
8667             struct timeval *tvp, tv[2];
8668             if (arg3) {
8669                 if (copy_from_user_timeval(&tv[0], arg3)
8670                     || copy_from_user_timeval(&tv[1],
8671                                               arg3 + sizeof(struct target_timeval)))
8672                     return -TARGET_EFAULT;
8673                 tvp = tv;
8674             } else {
8675                 tvp = NULL;
8676             }
8677             if (!(p = lock_user_string(arg2))) {
8678                 return -TARGET_EFAULT;
8679             }
8680             ret = get_errno(futimesat(arg1, path(p), tvp));
8681             unlock_user(p, arg2, 0);
8682         }
8683         return ret;
8684 #endif
8685 #ifdef TARGET_NR_access
8686     case TARGET_NR_access:
8687         if (!(p = lock_user_string(arg1))) {
8688             return -TARGET_EFAULT;
8689         }
8690         ret = get_errno(access(path(p), arg2));
8691         unlock_user(p, arg1, 0);
8692         return ret;
8693 #endif
8694 #if defined(TARGET_NR_faccessat) && defined(__NR_faccessat)
8695     case TARGET_NR_faccessat:
8696         if (!(p = lock_user_string(arg2))) {
8697             return -TARGET_EFAULT;
8698         }
8699         ret = get_errno(faccessat(arg1, p, arg3, 0));
8700         unlock_user(p, arg2, 0);
8701         return ret;
8702 #endif
8703 #ifdef TARGET_NR_nice /* not on alpha */
8704     case TARGET_NR_nice:
8705         return get_errno(nice(arg1));
8706 #endif
8707     case TARGET_NR_sync:
8708         sync();
8709         return 0;
8710 #if defined(TARGET_NR_syncfs) && defined(CONFIG_SYNCFS)
8711     case TARGET_NR_syncfs:
8712         return get_errno(syncfs(arg1));
8713 #endif
8714     case TARGET_NR_kill:
8715         return get_errno(safe_kill(arg1, target_to_host_signal(arg2)));
8716 #ifdef TARGET_NR_rename
8717     case TARGET_NR_rename:
8718         {
8719             void *p2;
8720             p = lock_user_string(arg1);
8721             p2 = lock_user_string(arg2);
8722             if (!p || !p2)
8723                 ret = -TARGET_EFAULT;
8724             else
8725                 ret = get_errno(rename(p, p2));
8726             unlock_user(p2, arg2, 0);
8727             unlock_user(p, arg1, 0);
8728         }
8729         return ret;
8730 #endif
8731 #if defined(TARGET_NR_renameat)
8732     case TARGET_NR_renameat:
8733         {
8734             void *p2;
8735             p  = lock_user_string(arg2);
8736             p2 = lock_user_string(arg4);
8737             if (!p || !p2)
8738                 ret = -TARGET_EFAULT;
8739             else
8740                 ret = get_errno(renameat(arg1, p, arg3, p2));
8741             unlock_user(p2, arg4, 0);
8742             unlock_user(p, arg2, 0);
8743         }
8744         return ret;
8745 #endif
8746 #if defined(TARGET_NR_renameat2)
8747     case TARGET_NR_renameat2:
8748         {
8749             void *p2;
8750             p  = lock_user_string(arg2);
8751             p2 = lock_user_string(arg4);
8752             if (!p || !p2) {
8753                 ret = -TARGET_EFAULT;
8754             } else {
8755                 ret = get_errno(sys_renameat2(arg1, p, arg3, p2, arg5));
8756             }
8757             unlock_user(p2, arg4, 0);
8758             unlock_user(p, arg2, 0);
8759         }
8760         return ret;
8761 #endif
8762 #ifdef TARGET_NR_mkdir
8763     case TARGET_NR_mkdir:
8764         if (!(p = lock_user_string(arg1)))
8765             return -TARGET_EFAULT;
8766         ret = get_errno(mkdir(p, arg2));
8767         unlock_user(p, arg1, 0);
8768         return ret;
8769 #endif
8770 #if defined(TARGET_NR_mkdirat)
8771     case TARGET_NR_mkdirat:
8772         if (!(p = lock_user_string(arg2)))
8773             return -TARGET_EFAULT;
8774         ret = get_errno(mkdirat(arg1, p, arg3));
8775         unlock_user(p, arg2, 0);
8776         return ret;
8777 #endif
8778 #ifdef TARGET_NR_rmdir
8779     case TARGET_NR_rmdir:
8780         if (!(p = lock_user_string(arg1)))
8781             return -TARGET_EFAULT;
8782         ret = get_errno(rmdir(p));
8783         unlock_user(p, arg1, 0);
8784         return ret;
8785 #endif
8786     case TARGET_NR_dup:
8787         ret = get_errno(dup(arg1));
8788         if (ret >= 0) {
8789             fd_trans_dup(arg1, ret);
8790         }
8791         return ret;
8792 #ifdef TARGET_NR_pipe
8793     case TARGET_NR_pipe:
8794         return do_pipe(cpu_env, arg1, 0, 0);
8795 #endif
8796 #ifdef TARGET_NR_pipe2
8797     case TARGET_NR_pipe2:
8798         return do_pipe(cpu_env, arg1,
8799                        target_to_host_bitmask(arg2, fcntl_flags_tbl), 1);
8800 #endif
8801     case TARGET_NR_times:
8802         {
8803             struct target_tms *tmsp;
8804             struct tms tms;
8805             ret = get_errno(times(&tms));
8806             if (arg1) {
8807                 tmsp = lock_user(VERIFY_WRITE, arg1, sizeof(struct target_tms), 0);
8808                 if (!tmsp)
8809                     return -TARGET_EFAULT;
8810                 tmsp->tms_utime = tswapal(host_to_target_clock_t(tms.tms_utime));
8811                 tmsp->tms_stime = tswapal(host_to_target_clock_t(tms.tms_stime));
8812                 tmsp->tms_cutime = tswapal(host_to_target_clock_t(tms.tms_cutime));
8813                 tmsp->tms_cstime = tswapal(host_to_target_clock_t(tms.tms_cstime));
8814             }
8815             if (!is_error(ret))
8816                 ret = host_to_target_clock_t(ret);
8817         }
8818         return ret;
8819     case TARGET_NR_acct:
8820         if (arg1 == 0) {
8821             ret = get_errno(acct(NULL));
8822         } else {
8823             if (!(p = lock_user_string(arg1))) {
8824                 return -TARGET_EFAULT;
8825             }
8826             ret = get_errno(acct(path(p)));
8827             unlock_user(p, arg1, 0);
8828         }
8829         return ret;
8830 #ifdef TARGET_NR_umount2
8831     case TARGET_NR_umount2:
8832         if (!(p = lock_user_string(arg1)))
8833             return -TARGET_EFAULT;
8834         ret = get_errno(umount2(p, arg2));
8835         unlock_user(p, arg1, 0);
8836         return ret;
8837 #endif
8838     case TARGET_NR_ioctl:
8839         return do_ioctl(arg1, arg2, arg3);
8840 #ifdef TARGET_NR_fcntl
8841     case TARGET_NR_fcntl:
8842         return do_fcntl(arg1, arg2, arg3);
8843 #endif
8844     case TARGET_NR_setpgid:
8845         return get_errno(setpgid(arg1, arg2));
8846     case TARGET_NR_umask:
8847         return get_errno(umask(arg1));
8848     case TARGET_NR_chroot:
8849         if (!(p = lock_user_string(arg1)))
8850             return -TARGET_EFAULT;
8851         ret = get_errno(chroot(p));
8852         unlock_user(p, arg1, 0);
8853         return ret;
8854 #ifdef TARGET_NR_dup2
8855     case TARGET_NR_dup2:
8856         ret = get_errno(dup2(arg1, arg2));
8857         if (ret >= 0) {
8858             fd_trans_dup(arg1, arg2);
8859         }
8860         return ret;
8861 #endif
8862 #if defined(CONFIG_DUP3) && defined(TARGET_NR_dup3)
8863     case TARGET_NR_dup3:
8864     {
8865         int host_flags;
8866 
8867         if ((arg3 & ~TARGET_O_CLOEXEC) != 0) {
8868             return -EINVAL;
8869         }
8870         host_flags = target_to_host_bitmask(arg3, fcntl_flags_tbl);
8871         ret = get_errno(dup3(arg1, arg2, host_flags));
8872         if (ret >= 0) {
8873             fd_trans_dup(arg1, arg2);
8874         }
8875         return ret;
8876     }
8877 #endif
8878 #ifdef TARGET_NR_getppid /* not on alpha */
8879     case TARGET_NR_getppid:
8880         return get_errno(getppid());
8881 #endif
8882 #ifdef TARGET_NR_getpgrp
8883     case TARGET_NR_getpgrp:
8884         return get_errno(getpgrp());
8885 #endif
8886     case TARGET_NR_setsid:
8887         return get_errno(setsid());
8888 #ifdef TARGET_NR_sigaction
8889     case TARGET_NR_sigaction:
8890         {
8891 #if defined(TARGET_ALPHA)
8892             struct target_sigaction act, oact, *pact = 0;
8893             struct target_old_sigaction *old_act;
8894             if (arg2) {
8895                 if (!lock_user_struct(VERIFY_READ, old_act, arg2, 1))
8896                     return -TARGET_EFAULT;
8897                 act._sa_handler = old_act->_sa_handler;
8898                 target_siginitset(&act.sa_mask, old_act->sa_mask);
8899                 act.sa_flags = old_act->sa_flags;
8900                 act.sa_restorer = 0;
8901                 unlock_user_struct(old_act, arg2, 0);
8902                 pact = &act;
8903             }
8904             ret = get_errno(do_sigaction(arg1, pact, &oact));
8905             if (!is_error(ret) && arg3) {
8906                 if (!lock_user_struct(VERIFY_WRITE, old_act, arg3, 0))
8907                     return -TARGET_EFAULT;
8908                 old_act->_sa_handler = oact._sa_handler;
8909                 old_act->sa_mask = oact.sa_mask.sig[0];
8910                 old_act->sa_flags = oact.sa_flags;
8911                 unlock_user_struct(old_act, arg3, 1);
8912             }
8913 #elif defined(TARGET_MIPS)
8914 	    struct target_sigaction act, oact, *pact, *old_act;
8915 
8916 	    if (arg2) {
8917                 if (!lock_user_struct(VERIFY_READ, old_act, arg2, 1))
8918                     return -TARGET_EFAULT;
8919 		act._sa_handler = old_act->_sa_handler;
8920 		target_siginitset(&act.sa_mask, old_act->sa_mask.sig[0]);
8921 		act.sa_flags = old_act->sa_flags;
8922 		unlock_user_struct(old_act, arg2, 0);
8923 		pact = &act;
8924 	    } else {
8925 		pact = NULL;
8926 	    }
8927 
8928 	    ret = get_errno(do_sigaction(arg1, pact, &oact));
8929 
8930 	    if (!is_error(ret) && arg3) {
8931                 if (!lock_user_struct(VERIFY_WRITE, old_act, arg3, 0))
8932                     return -TARGET_EFAULT;
8933 		old_act->_sa_handler = oact._sa_handler;
8934 		old_act->sa_flags = oact.sa_flags;
8935 		old_act->sa_mask.sig[0] = oact.sa_mask.sig[0];
8936 		old_act->sa_mask.sig[1] = 0;
8937 		old_act->sa_mask.sig[2] = 0;
8938 		old_act->sa_mask.sig[3] = 0;
8939 		unlock_user_struct(old_act, arg3, 1);
8940 	    }
8941 #else
8942             struct target_old_sigaction *old_act;
8943             struct target_sigaction act, oact, *pact;
8944             if (arg2) {
8945                 if (!lock_user_struct(VERIFY_READ, old_act, arg2, 1))
8946                     return -TARGET_EFAULT;
8947                 act._sa_handler = old_act->_sa_handler;
8948                 target_siginitset(&act.sa_mask, old_act->sa_mask);
8949                 act.sa_flags = old_act->sa_flags;
8950                 act.sa_restorer = old_act->sa_restorer;
8951 #ifdef TARGET_ARCH_HAS_KA_RESTORER
8952                 act.ka_restorer = 0;
8953 #endif
8954                 unlock_user_struct(old_act, arg2, 0);
8955                 pact = &act;
8956             } else {
8957                 pact = NULL;
8958             }
8959             ret = get_errno(do_sigaction(arg1, pact, &oact));
8960             if (!is_error(ret) && arg3) {
8961                 if (!lock_user_struct(VERIFY_WRITE, old_act, arg3, 0))
8962                     return -TARGET_EFAULT;
8963                 old_act->_sa_handler = oact._sa_handler;
8964                 old_act->sa_mask = oact.sa_mask.sig[0];
8965                 old_act->sa_flags = oact.sa_flags;
8966                 old_act->sa_restorer = oact.sa_restorer;
8967                 unlock_user_struct(old_act, arg3, 1);
8968             }
8969 #endif
8970         }
8971         return ret;
8972 #endif
8973     case TARGET_NR_rt_sigaction:
8974         {
8975 #if defined(TARGET_ALPHA)
8976             /* For Alpha and SPARC this is a 5 argument syscall, with
8977              * a 'restorer' parameter which must be copied into the
8978              * sa_restorer field of the sigaction struct.
8979              * For Alpha that 'restorer' is arg5; for SPARC it is arg4,
8980              * and arg5 is the sigsetsize.
8981              * Alpha also has a separate rt_sigaction struct that it uses
8982              * here; SPARC uses the usual sigaction struct.
8983              */
8984             struct target_rt_sigaction *rt_act;
8985             struct target_sigaction act, oact, *pact = 0;
8986 
8987             if (arg4 != sizeof(target_sigset_t)) {
8988                 return -TARGET_EINVAL;
8989             }
8990             if (arg2) {
8991                 if (!lock_user_struct(VERIFY_READ, rt_act, arg2, 1))
8992                     return -TARGET_EFAULT;
8993                 act._sa_handler = rt_act->_sa_handler;
8994                 act.sa_mask = rt_act->sa_mask;
8995                 act.sa_flags = rt_act->sa_flags;
8996                 act.sa_restorer = arg5;
8997                 unlock_user_struct(rt_act, arg2, 0);
8998                 pact = &act;
8999             }
9000             ret = get_errno(do_sigaction(arg1, pact, &oact));
9001             if (!is_error(ret) && arg3) {
9002                 if (!lock_user_struct(VERIFY_WRITE, rt_act, arg3, 0))
9003                     return -TARGET_EFAULT;
9004                 rt_act->_sa_handler = oact._sa_handler;
9005                 rt_act->sa_mask = oact.sa_mask;
9006                 rt_act->sa_flags = oact.sa_flags;
9007                 unlock_user_struct(rt_act, arg3, 1);
9008             }
9009 #else
9010 #ifdef TARGET_SPARC
9011             target_ulong restorer = arg4;
9012             target_ulong sigsetsize = arg5;
9013 #else
9014             target_ulong sigsetsize = arg4;
9015 #endif
9016             struct target_sigaction *act;
9017             struct target_sigaction *oact;
9018 
9019             if (sigsetsize != sizeof(target_sigset_t)) {
9020                 return -TARGET_EINVAL;
9021             }
9022             if (arg2) {
9023                 if (!lock_user_struct(VERIFY_READ, act, arg2, 1)) {
9024                     return -TARGET_EFAULT;
9025                 }
9026 #ifdef TARGET_ARCH_HAS_KA_RESTORER
9027                 act->ka_restorer = restorer;
9028 #endif
9029             } else {
9030                 act = NULL;
9031             }
9032             if (arg3) {
9033                 if (!lock_user_struct(VERIFY_WRITE, oact, arg3, 0)) {
9034                     ret = -TARGET_EFAULT;
9035                     goto rt_sigaction_fail;
9036                 }
9037             } else
9038                 oact = NULL;
9039             ret = get_errno(do_sigaction(arg1, act, oact));
9040 	rt_sigaction_fail:
9041             if (act)
9042                 unlock_user_struct(act, arg2, 0);
9043             if (oact)
9044                 unlock_user_struct(oact, arg3, 1);
9045 #endif
9046         }
9047         return ret;
9048 #ifdef TARGET_NR_sgetmask /* not on alpha */
9049     case TARGET_NR_sgetmask:
9050         {
9051             sigset_t cur_set;
9052             abi_ulong target_set;
9053             ret = do_sigprocmask(0, NULL, &cur_set);
9054             if (!ret) {
9055                 host_to_target_old_sigset(&target_set, &cur_set);
9056                 ret = target_set;
9057             }
9058         }
9059         return ret;
9060 #endif
9061 #ifdef TARGET_NR_ssetmask /* not on alpha */
9062     case TARGET_NR_ssetmask:
9063         {
9064             sigset_t set, oset;
9065             abi_ulong target_set = arg1;
9066             target_to_host_old_sigset(&set, &target_set);
9067             ret = do_sigprocmask(SIG_SETMASK, &set, &oset);
9068             if (!ret) {
9069                 host_to_target_old_sigset(&target_set, &oset);
9070                 ret = target_set;
9071             }
9072         }
9073         return ret;
9074 #endif
9075 #ifdef TARGET_NR_sigprocmask
9076     case TARGET_NR_sigprocmask:
9077         {
9078 #if defined(TARGET_ALPHA)
9079             sigset_t set, oldset;
9080             abi_ulong mask;
9081             int how;
9082 
9083             switch (arg1) {
9084             case TARGET_SIG_BLOCK:
9085                 how = SIG_BLOCK;
9086                 break;
9087             case TARGET_SIG_UNBLOCK:
9088                 how = SIG_UNBLOCK;
9089                 break;
9090             case TARGET_SIG_SETMASK:
9091                 how = SIG_SETMASK;
9092                 break;
9093             default:
9094                 return -TARGET_EINVAL;
9095             }
9096             mask = arg2;
9097             target_to_host_old_sigset(&set, &mask);
9098 
9099             ret = do_sigprocmask(how, &set, &oldset);
9100             if (!is_error(ret)) {
9101                 host_to_target_old_sigset(&mask, &oldset);
9102                 ret = mask;
9103                 ((CPUAlphaState *)cpu_env)->ir[IR_V0] = 0; /* force no error */
9104             }
9105 #else
9106             sigset_t set, oldset, *set_ptr;
9107             int how;
9108 
9109             if (arg2) {
9110                 switch (arg1) {
9111                 case TARGET_SIG_BLOCK:
9112                     how = SIG_BLOCK;
9113                     break;
9114                 case TARGET_SIG_UNBLOCK:
9115                     how = SIG_UNBLOCK;
9116                     break;
9117                 case TARGET_SIG_SETMASK:
9118                     how = SIG_SETMASK;
9119                     break;
9120                 default:
9121                     return -TARGET_EINVAL;
9122                 }
9123                 if (!(p = lock_user(VERIFY_READ, arg2, sizeof(target_sigset_t), 1)))
9124                     return -TARGET_EFAULT;
9125                 target_to_host_old_sigset(&set, p);
9126                 unlock_user(p, arg2, 0);
9127                 set_ptr = &set;
9128             } else {
9129                 how = 0;
9130                 set_ptr = NULL;
9131             }
9132             ret = do_sigprocmask(how, set_ptr, &oldset);
9133             if (!is_error(ret) && arg3) {
9134                 if (!(p = lock_user(VERIFY_WRITE, arg3, sizeof(target_sigset_t), 0)))
9135                     return -TARGET_EFAULT;
9136                 host_to_target_old_sigset(p, &oldset);
9137                 unlock_user(p, arg3, sizeof(target_sigset_t));
9138             }
9139 #endif
9140         }
9141         return ret;
9142 #endif
9143     case TARGET_NR_rt_sigprocmask:
9144         {
9145             int how = arg1;
9146             sigset_t set, oldset, *set_ptr;
9147 
9148             if (arg4 != sizeof(target_sigset_t)) {
9149                 return -TARGET_EINVAL;
9150             }
9151 
9152             if (arg2) {
9153                 switch(how) {
9154                 case TARGET_SIG_BLOCK:
9155                     how = SIG_BLOCK;
9156                     break;
9157                 case TARGET_SIG_UNBLOCK:
9158                     how = SIG_UNBLOCK;
9159                     break;
9160                 case TARGET_SIG_SETMASK:
9161                     how = SIG_SETMASK;
9162                     break;
9163                 default:
9164                     return -TARGET_EINVAL;
9165                 }
9166                 if (!(p = lock_user(VERIFY_READ, arg2, sizeof(target_sigset_t), 1)))
9167                     return -TARGET_EFAULT;
9168                 target_to_host_sigset(&set, p);
9169                 unlock_user(p, arg2, 0);
9170                 set_ptr = &set;
9171             } else {
9172                 how = 0;
9173                 set_ptr = NULL;
9174             }
9175             ret = do_sigprocmask(how, set_ptr, &oldset);
9176             if (!is_error(ret) && arg3) {
9177                 if (!(p = lock_user(VERIFY_WRITE, arg3, sizeof(target_sigset_t), 0)))
9178                     return -TARGET_EFAULT;
9179                 host_to_target_sigset(p, &oldset);
9180                 unlock_user(p, arg3, sizeof(target_sigset_t));
9181             }
9182         }
9183         return ret;
9184 #ifdef TARGET_NR_sigpending
9185     case TARGET_NR_sigpending:
9186         {
9187             sigset_t set;
9188             ret = get_errno(sigpending(&set));
9189             if (!is_error(ret)) {
9190                 if (!(p = lock_user(VERIFY_WRITE, arg1, sizeof(target_sigset_t), 0)))
9191                     return -TARGET_EFAULT;
9192                 host_to_target_old_sigset(p, &set);
9193                 unlock_user(p, arg1, sizeof(target_sigset_t));
9194             }
9195         }
9196         return ret;
9197 #endif
9198     case TARGET_NR_rt_sigpending:
9199         {
9200             sigset_t set;
9201 
9202             /* Yes, this check is >, not != like most. We follow the kernel's
9203              * logic and it does it like this because it implements
9204              * NR_sigpending through the same code path, and in that case
9205              * the old_sigset_t is smaller in size.
9206              */
9207             if (arg2 > sizeof(target_sigset_t)) {
9208                 return -TARGET_EINVAL;
9209             }
9210 
9211             ret = get_errno(sigpending(&set));
9212             if (!is_error(ret)) {
9213                 if (!(p = lock_user(VERIFY_WRITE, arg1, sizeof(target_sigset_t), 0)))
9214                     return -TARGET_EFAULT;
9215                 host_to_target_sigset(p, &set);
9216                 unlock_user(p, arg1, sizeof(target_sigset_t));
9217             }
9218         }
9219         return ret;
9220 #ifdef TARGET_NR_sigsuspend
9221     case TARGET_NR_sigsuspend:
9222         {
9223             TaskState *ts = cpu->opaque;
9224 #if defined(TARGET_ALPHA)
9225             abi_ulong mask = arg1;
9226             target_to_host_old_sigset(&ts->sigsuspend_mask, &mask);
9227 #else
9228             if (!(p = lock_user(VERIFY_READ, arg1, sizeof(target_sigset_t), 1)))
9229                 return -TARGET_EFAULT;
9230             target_to_host_old_sigset(&ts->sigsuspend_mask, p);
9231             unlock_user(p, arg1, 0);
9232 #endif
9233             ret = get_errno(safe_rt_sigsuspend(&ts->sigsuspend_mask,
9234                                                SIGSET_T_SIZE));
9235             if (ret != -TARGET_ERESTARTSYS) {
9236                 ts->in_sigsuspend = 1;
9237             }
9238         }
9239         return ret;
9240 #endif
9241     case TARGET_NR_rt_sigsuspend:
9242         {
9243             TaskState *ts = cpu->opaque;
9244 
9245             if (arg2 != sizeof(target_sigset_t)) {
9246                 return -TARGET_EINVAL;
9247             }
9248             if (!(p = lock_user(VERIFY_READ, arg1, sizeof(target_sigset_t), 1)))
9249                 return -TARGET_EFAULT;
9250             target_to_host_sigset(&ts->sigsuspend_mask, p);
9251             unlock_user(p, arg1, 0);
9252             ret = get_errno(safe_rt_sigsuspend(&ts->sigsuspend_mask,
9253                                                SIGSET_T_SIZE));
9254             if (ret != -TARGET_ERESTARTSYS) {
9255                 ts->in_sigsuspend = 1;
9256             }
9257         }
9258         return ret;
9259 #ifdef TARGET_NR_rt_sigtimedwait
9260     case TARGET_NR_rt_sigtimedwait:
9261         {
9262             sigset_t set;
9263             struct timespec uts, *puts;
9264             siginfo_t uinfo;
9265 
9266             if (arg4 != sizeof(target_sigset_t)) {
9267                 return -TARGET_EINVAL;
9268             }
9269 
9270             if (!(p = lock_user(VERIFY_READ, arg1, sizeof(target_sigset_t), 1)))
9271                 return -TARGET_EFAULT;
9272             target_to_host_sigset(&set, p);
9273             unlock_user(p, arg1, 0);
9274             if (arg3) {
9275                 puts = &uts;
9276                 if (target_to_host_timespec(puts, arg3)) {
9277                     return -TARGET_EFAULT;
9278                 }
9279             } else {
9280                 puts = NULL;
9281             }
9282             ret = get_errno(safe_rt_sigtimedwait(&set, &uinfo, puts,
9283                                                  SIGSET_T_SIZE));
9284             if (!is_error(ret)) {
9285                 if (arg2) {
9286                     p = lock_user(VERIFY_WRITE, arg2, sizeof(target_siginfo_t),
9287                                   0);
9288                     if (!p) {
9289                         return -TARGET_EFAULT;
9290                     }
9291                     host_to_target_siginfo(p, &uinfo);
9292                     unlock_user(p, arg2, sizeof(target_siginfo_t));
9293                 }
9294                 ret = host_to_target_signal(ret);
9295             }
9296         }
9297         return ret;
9298 #endif
9299 #ifdef TARGET_NR_rt_sigtimedwait_time64
9300     case TARGET_NR_rt_sigtimedwait_time64:
9301         {
9302             sigset_t set;
9303             struct timespec uts, *puts;
9304             siginfo_t uinfo;
9305 
9306             if (arg4 != sizeof(target_sigset_t)) {
9307                 return -TARGET_EINVAL;
9308             }
9309 
9310             p = lock_user(VERIFY_READ, arg1, sizeof(target_sigset_t), 1);
9311             if (!p) {
9312                 return -TARGET_EFAULT;
9313             }
9314             target_to_host_sigset(&set, p);
9315             unlock_user(p, arg1, 0);
9316             if (arg3) {
9317                 puts = &uts;
9318                 if (target_to_host_timespec64(puts, arg3)) {
9319                     return -TARGET_EFAULT;
9320                 }
9321             } else {
9322                 puts = NULL;
9323             }
9324             ret = get_errno(safe_rt_sigtimedwait(&set, &uinfo, puts,
9325                                                  SIGSET_T_SIZE));
9326             if (!is_error(ret)) {
9327                 if (arg2) {
9328                     p = lock_user(VERIFY_WRITE, arg2,
9329                                   sizeof(target_siginfo_t), 0);
9330                     if (!p) {
9331                         return -TARGET_EFAULT;
9332                     }
9333                     host_to_target_siginfo(p, &uinfo);
9334                     unlock_user(p, arg2, sizeof(target_siginfo_t));
9335                 }
9336                 ret = host_to_target_signal(ret);
9337             }
9338         }
9339         return ret;
9340 #endif
9341     case TARGET_NR_rt_sigqueueinfo:
9342         {
9343             siginfo_t uinfo;
9344 
9345             p = lock_user(VERIFY_READ, arg3, sizeof(target_siginfo_t), 1);
9346             if (!p) {
9347                 return -TARGET_EFAULT;
9348             }
9349             target_to_host_siginfo(&uinfo, p);
9350             unlock_user(p, arg3, 0);
9351             ret = get_errno(sys_rt_sigqueueinfo(arg1, arg2, &uinfo));
9352         }
9353         return ret;
9354     case TARGET_NR_rt_tgsigqueueinfo:
9355         {
9356             siginfo_t uinfo;
9357 
9358             p = lock_user(VERIFY_READ, arg4, sizeof(target_siginfo_t), 1);
9359             if (!p) {
9360                 return -TARGET_EFAULT;
9361             }
9362             target_to_host_siginfo(&uinfo, p);
9363             unlock_user(p, arg4, 0);
9364             ret = get_errno(sys_rt_tgsigqueueinfo(arg1, arg2, arg3, &uinfo));
9365         }
9366         return ret;
9367 #ifdef TARGET_NR_sigreturn
9368     case TARGET_NR_sigreturn:
9369         if (block_signals()) {
9370             return -TARGET_ERESTARTSYS;
9371         }
9372         return do_sigreturn(cpu_env);
9373 #endif
9374     case TARGET_NR_rt_sigreturn:
9375         if (block_signals()) {
9376             return -TARGET_ERESTARTSYS;
9377         }
9378         return do_rt_sigreturn(cpu_env);
9379     case TARGET_NR_sethostname:
9380         if (!(p = lock_user_string(arg1)))
9381             return -TARGET_EFAULT;
9382         ret = get_errno(sethostname(p, arg2));
9383         unlock_user(p, arg1, 0);
9384         return ret;
9385 #ifdef TARGET_NR_setrlimit
9386     case TARGET_NR_setrlimit:
9387         {
9388             int resource = target_to_host_resource(arg1);
9389             struct target_rlimit *target_rlim;
9390             struct rlimit rlim;
9391             if (!lock_user_struct(VERIFY_READ, target_rlim, arg2, 1))
9392                 return -TARGET_EFAULT;
9393             rlim.rlim_cur = target_to_host_rlim(target_rlim->rlim_cur);
9394             rlim.rlim_max = target_to_host_rlim(target_rlim->rlim_max);
9395             unlock_user_struct(target_rlim, arg2, 0);
9396             /*
9397              * If we just passed through resource limit settings for memory then
9398              * they would also apply to QEMU's own allocations, and QEMU will
9399              * crash or hang or die if its allocations fail. Ideally we would
9400              * track the guest allocations in QEMU and apply the limits ourselves.
9401              * For now, just tell the guest the call succeeded but don't actually
9402              * limit anything.
9403              */
9404             if (resource != RLIMIT_AS &&
9405                 resource != RLIMIT_DATA &&
9406                 resource != RLIMIT_STACK) {
9407                 return get_errno(setrlimit(resource, &rlim));
9408             } else {
9409                 return 0;
9410             }
9411         }
9412 #endif
9413 #ifdef TARGET_NR_getrlimit
9414     case TARGET_NR_getrlimit:
9415         {
9416             int resource = target_to_host_resource(arg1);
9417             struct target_rlimit *target_rlim;
9418             struct rlimit rlim;
9419 
9420             ret = get_errno(getrlimit(resource, &rlim));
9421             if (!is_error(ret)) {
9422                 if (!lock_user_struct(VERIFY_WRITE, target_rlim, arg2, 0))
9423                     return -TARGET_EFAULT;
9424                 target_rlim->rlim_cur = host_to_target_rlim(rlim.rlim_cur);
9425                 target_rlim->rlim_max = host_to_target_rlim(rlim.rlim_max);
9426                 unlock_user_struct(target_rlim, arg2, 1);
9427             }
9428         }
9429         return ret;
9430 #endif
9431     case TARGET_NR_getrusage:
9432         {
9433             struct rusage rusage;
9434             ret = get_errno(getrusage(arg1, &rusage));
9435             if (!is_error(ret)) {
9436                 ret = host_to_target_rusage(arg2, &rusage);
9437             }
9438         }
9439         return ret;
9440 #if defined(TARGET_NR_gettimeofday)
9441     case TARGET_NR_gettimeofday:
9442         {
9443             struct timeval tv;
9444             struct timezone tz;
9445 
9446             ret = get_errno(gettimeofday(&tv, &tz));
9447             if (!is_error(ret)) {
9448                 if (arg1 && copy_to_user_timeval(arg1, &tv)) {
9449                     return -TARGET_EFAULT;
9450                 }
9451                 if (arg2 && copy_to_user_timezone(arg2, &tz)) {
9452                     return -TARGET_EFAULT;
9453                 }
9454             }
9455         }
9456         return ret;
9457 #endif
9458 #if defined(TARGET_NR_settimeofday)
9459     case TARGET_NR_settimeofday:
9460         {
9461             struct timeval tv, *ptv = NULL;
9462             struct timezone tz, *ptz = NULL;
9463 
9464             if (arg1) {
9465                 if (copy_from_user_timeval(&tv, arg1)) {
9466                     return -TARGET_EFAULT;
9467                 }
9468                 ptv = &tv;
9469             }
9470 
9471             if (arg2) {
9472                 if (copy_from_user_timezone(&tz, arg2)) {
9473                     return -TARGET_EFAULT;
9474                 }
9475                 ptz = &tz;
9476             }
9477 
9478             return get_errno(settimeofday(ptv, ptz));
9479         }
9480 #endif
9481 #if defined(TARGET_NR_select)
9482     case TARGET_NR_select:
9483 #if defined(TARGET_WANT_NI_OLD_SELECT)
9484         /* some architectures used to have old_select here
9485          * but now ENOSYS it.
9486          */
9487         ret = -TARGET_ENOSYS;
9488 #elif defined(TARGET_WANT_OLD_SYS_SELECT)
9489         ret = do_old_select(arg1);
9490 #else
9491         ret = do_select(arg1, arg2, arg3, arg4, arg5);
9492 #endif
9493         return ret;
9494 #endif
9495 #ifdef TARGET_NR_pselect6
9496     case TARGET_NR_pselect6:
9497         return do_pselect6(arg1, arg2, arg3, arg4, arg5, arg6, false);
9498 #endif
9499 #ifdef TARGET_NR_pselect6_time64
9500     case TARGET_NR_pselect6_time64:
9501         return do_pselect6(arg1, arg2, arg3, arg4, arg5, arg6, true);
9502 #endif
9503 #ifdef TARGET_NR_symlink
9504     case TARGET_NR_symlink:
9505         {
9506             void *p2;
9507             p = lock_user_string(arg1);
9508             p2 = lock_user_string(arg2);
9509             if (!p || !p2)
9510                 ret = -TARGET_EFAULT;
9511             else
9512                 ret = get_errno(symlink(p, p2));
9513             unlock_user(p2, arg2, 0);
9514             unlock_user(p, arg1, 0);
9515         }
9516         return ret;
9517 #endif
9518 #if defined(TARGET_NR_symlinkat)
9519     case TARGET_NR_symlinkat:
9520         {
9521             void *p2;
9522             p  = lock_user_string(arg1);
9523             p2 = lock_user_string(arg3);
9524             if (!p || !p2)
9525                 ret = -TARGET_EFAULT;
9526             else
9527                 ret = get_errno(symlinkat(p, arg2, p2));
9528             unlock_user(p2, arg3, 0);
9529             unlock_user(p, arg1, 0);
9530         }
9531         return ret;
9532 #endif
9533 #ifdef TARGET_NR_readlink
9534     case TARGET_NR_readlink:
9535         {
9536             void *p2;
9537             p = lock_user_string(arg1);
9538             p2 = lock_user(VERIFY_WRITE, arg2, arg3, 0);
9539             if (!p || !p2) {
9540                 ret = -TARGET_EFAULT;
9541             } else if (!arg3) {
9542                 /* Short circuit this for the magic exe check. */
9543                 ret = -TARGET_EINVAL;
9544             } else if (is_proc_myself((const char *)p, "exe")) {
9545                 char real[PATH_MAX], *temp;
9546                 temp = realpath(exec_path, real);
9547                 /* Return value is # of bytes that we wrote to the buffer. */
9548                 if (temp == NULL) {
9549                     ret = get_errno(-1);
9550                 } else {
9551                     /* Don't worry about sign mismatch as earlier mapping
9552                      * logic would have thrown a bad address error. */
9553                     ret = MIN(strlen(real), arg3);
9554                     /* We cannot NUL terminate the string. */
9555                     memcpy(p2, real, ret);
9556                 }
9557             } else {
9558                 ret = get_errno(readlink(path(p), p2, arg3));
9559             }
9560             unlock_user(p2, arg2, ret);
9561             unlock_user(p, arg1, 0);
9562         }
9563         return ret;
9564 #endif
9565 #if defined(TARGET_NR_readlinkat)
9566     case TARGET_NR_readlinkat:
9567         {
9568             void *p2;
9569             p  = lock_user_string(arg2);
9570             p2 = lock_user(VERIFY_WRITE, arg3, arg4, 0);
9571             if (!p || !p2) {
9572                 ret = -TARGET_EFAULT;
9573             } else if (is_proc_myself((const char *)p, "exe")) {
9574                 char real[PATH_MAX], *temp;
9575                 temp = realpath(exec_path, real);
9576                 ret = temp == NULL ? get_errno(-1) : strlen(real) ;
9577                 snprintf((char *)p2, arg4, "%s", real);
9578             } else {
9579                 ret = get_errno(readlinkat(arg1, path(p), p2, arg4));
9580             }
9581             unlock_user(p2, arg3, ret);
9582             unlock_user(p, arg2, 0);
9583         }
9584         return ret;
9585 #endif
9586 #ifdef TARGET_NR_swapon
9587     case TARGET_NR_swapon:
9588         if (!(p = lock_user_string(arg1)))
9589             return -TARGET_EFAULT;
9590         ret = get_errno(swapon(p, arg2));
9591         unlock_user(p, arg1, 0);
9592         return ret;
9593 #endif
9594     case TARGET_NR_reboot:
9595         if (arg3 == LINUX_REBOOT_CMD_RESTART2) {
9596            /* arg4 must be ignored in all other cases */
9597            p = lock_user_string(arg4);
9598            if (!p) {
9599                return -TARGET_EFAULT;
9600            }
9601            ret = get_errno(reboot(arg1, arg2, arg3, p));
9602            unlock_user(p, arg4, 0);
9603         } else {
9604            ret = get_errno(reboot(arg1, arg2, arg3, NULL));
9605         }
9606         return ret;
9607 #ifdef TARGET_NR_mmap
9608     case TARGET_NR_mmap:
9609 #if (defined(TARGET_I386) && defined(TARGET_ABI32)) || \
9610     (defined(TARGET_ARM) && defined(TARGET_ABI32)) || \
9611     defined(TARGET_M68K) || defined(TARGET_CRIS) || defined(TARGET_MICROBLAZE) \
9612     || defined(TARGET_S390X)
9613         {
9614             abi_ulong *v;
9615             abi_ulong v1, v2, v3, v4, v5, v6;
9616             if (!(v = lock_user(VERIFY_READ, arg1, 6 * sizeof(abi_ulong), 1)))
9617                 return -TARGET_EFAULT;
9618             v1 = tswapal(v[0]);
9619             v2 = tswapal(v[1]);
9620             v3 = tswapal(v[2]);
9621             v4 = tswapal(v[3]);
9622             v5 = tswapal(v[4]);
9623             v6 = tswapal(v[5]);
9624             unlock_user(v, arg1, 0);
9625             ret = get_errno(target_mmap(v1, v2, v3,
9626                                         target_to_host_bitmask(v4, mmap_flags_tbl),
9627                                         v5, v6));
9628         }
9629 #else
9630         ret = get_errno(target_mmap(arg1, arg2, arg3,
9631                                     target_to_host_bitmask(arg4, mmap_flags_tbl),
9632                                     arg5,
9633                                     arg6));
9634 #endif
9635         return ret;
9636 #endif
9637 #ifdef TARGET_NR_mmap2
9638     case TARGET_NR_mmap2:
9639 #ifndef MMAP_SHIFT
9640 #define MMAP_SHIFT 12
9641 #endif
9642         ret = target_mmap(arg1, arg2, arg3,
9643                           target_to_host_bitmask(arg4, mmap_flags_tbl),
9644                           arg5, arg6 << MMAP_SHIFT);
9645         return get_errno(ret);
9646 #endif
9647     case TARGET_NR_munmap:
9648         return get_errno(target_munmap(arg1, arg2));
9649     case TARGET_NR_mprotect:
9650         {
9651             TaskState *ts = cpu->opaque;
9652             /* Special hack to detect libc making the stack executable.  */
9653             if ((arg3 & PROT_GROWSDOWN)
9654                 && arg1 >= ts->info->stack_limit
9655                 && arg1 <= ts->info->start_stack) {
9656                 arg3 &= ~PROT_GROWSDOWN;
9657                 arg2 = arg2 + arg1 - ts->info->stack_limit;
9658                 arg1 = ts->info->stack_limit;
9659             }
9660         }
9661         return get_errno(target_mprotect(arg1, arg2, arg3));
9662 #ifdef TARGET_NR_mremap
9663     case TARGET_NR_mremap:
9664         return get_errno(target_mremap(arg1, arg2, arg3, arg4, arg5));
9665 #endif
9666         /* ??? msync/mlock/munlock are broken for softmmu.  */
9667 #ifdef TARGET_NR_msync
9668     case TARGET_NR_msync:
9669         return get_errno(msync(g2h(arg1), arg2, arg3));
9670 #endif
9671 #ifdef TARGET_NR_mlock
9672     case TARGET_NR_mlock:
9673         return get_errno(mlock(g2h(arg1), arg2));
9674 #endif
9675 #ifdef TARGET_NR_munlock
9676     case TARGET_NR_munlock:
9677         return get_errno(munlock(g2h(arg1), arg2));
9678 #endif
9679 #ifdef TARGET_NR_mlockall
9680     case TARGET_NR_mlockall:
9681         return get_errno(mlockall(target_to_host_mlockall_arg(arg1)));
9682 #endif
9683 #ifdef TARGET_NR_munlockall
9684     case TARGET_NR_munlockall:
9685         return get_errno(munlockall());
9686 #endif
9687 #ifdef TARGET_NR_truncate
9688     case TARGET_NR_truncate:
9689         if (!(p = lock_user_string(arg1)))
9690             return -TARGET_EFAULT;
9691         ret = get_errno(truncate(p, arg2));
9692         unlock_user(p, arg1, 0);
9693         return ret;
9694 #endif
9695 #ifdef TARGET_NR_ftruncate
9696     case TARGET_NR_ftruncate:
9697         return get_errno(ftruncate(arg1, arg2));
9698 #endif
9699     case TARGET_NR_fchmod:
9700         return get_errno(fchmod(arg1, arg2));
9701 #if defined(TARGET_NR_fchmodat)
9702     case TARGET_NR_fchmodat:
9703         if (!(p = lock_user_string(arg2)))
9704             return -TARGET_EFAULT;
9705         ret = get_errno(fchmodat(arg1, p, arg3, 0));
9706         unlock_user(p, arg2, 0);
9707         return ret;
9708 #endif
9709     case TARGET_NR_getpriority:
9710         /* Note that negative values are valid for getpriority, so we must
9711            differentiate based on errno settings.  */
9712         errno = 0;
9713         ret = getpriority(arg1, arg2);
9714         if (ret == -1 && errno != 0) {
9715             return -host_to_target_errno(errno);
9716         }
9717 #ifdef TARGET_ALPHA
9718         /* Return value is the unbiased priority.  Signal no error.  */
9719         ((CPUAlphaState *)cpu_env)->ir[IR_V0] = 0;
9720 #else
9721         /* Return value is a biased priority to avoid negative numbers.  */
9722         ret = 20 - ret;
9723 #endif
9724         return ret;
9725     case TARGET_NR_setpriority:
9726         return get_errno(setpriority(arg1, arg2, arg3));
9727 #ifdef TARGET_NR_statfs
9728     case TARGET_NR_statfs:
9729         if (!(p = lock_user_string(arg1))) {
9730             return -TARGET_EFAULT;
9731         }
9732         ret = get_errno(statfs(path(p), &stfs));
9733         unlock_user(p, arg1, 0);
9734     convert_statfs:
9735         if (!is_error(ret)) {
9736             struct target_statfs *target_stfs;
9737 
9738             if (!lock_user_struct(VERIFY_WRITE, target_stfs, arg2, 0))
9739                 return -TARGET_EFAULT;
9740             __put_user(stfs.f_type, &target_stfs->f_type);
9741             __put_user(stfs.f_bsize, &target_stfs->f_bsize);
9742             __put_user(stfs.f_blocks, &target_stfs->f_blocks);
9743             __put_user(stfs.f_bfree, &target_stfs->f_bfree);
9744             __put_user(stfs.f_bavail, &target_stfs->f_bavail);
9745             __put_user(stfs.f_files, &target_stfs->f_files);
9746             __put_user(stfs.f_ffree, &target_stfs->f_ffree);
9747             __put_user(stfs.f_fsid.__val[0], &target_stfs->f_fsid.val[0]);
9748             __put_user(stfs.f_fsid.__val[1], &target_stfs->f_fsid.val[1]);
9749             __put_user(stfs.f_namelen, &target_stfs->f_namelen);
9750             __put_user(stfs.f_frsize, &target_stfs->f_frsize);
9751 #ifdef _STATFS_F_FLAGS
9752             __put_user(stfs.f_flags, &target_stfs->f_flags);
9753 #else
9754             __put_user(0, &target_stfs->f_flags);
9755 #endif
9756             memset(target_stfs->f_spare, 0, sizeof(target_stfs->f_spare));
9757             unlock_user_struct(target_stfs, arg2, 1);
9758         }
9759         return ret;
9760 #endif
9761 #ifdef TARGET_NR_fstatfs
9762     case TARGET_NR_fstatfs:
9763         ret = get_errno(fstatfs(arg1, &stfs));
9764         goto convert_statfs;
9765 #endif
9766 #ifdef TARGET_NR_statfs64
9767     case TARGET_NR_statfs64:
9768         if (!(p = lock_user_string(arg1))) {
9769             return -TARGET_EFAULT;
9770         }
9771         ret = get_errno(statfs(path(p), &stfs));
9772         unlock_user(p, arg1, 0);
9773     convert_statfs64:
9774         if (!is_error(ret)) {
9775             struct target_statfs64 *target_stfs;
9776 
9777             if (!lock_user_struct(VERIFY_WRITE, target_stfs, arg3, 0))
9778                 return -TARGET_EFAULT;
9779             __put_user(stfs.f_type, &target_stfs->f_type);
9780             __put_user(stfs.f_bsize, &target_stfs->f_bsize);
9781             __put_user(stfs.f_blocks, &target_stfs->f_blocks);
9782             __put_user(stfs.f_bfree, &target_stfs->f_bfree);
9783             __put_user(stfs.f_bavail, &target_stfs->f_bavail);
9784             __put_user(stfs.f_files, &target_stfs->f_files);
9785             __put_user(stfs.f_ffree, &target_stfs->f_ffree);
9786             __put_user(stfs.f_fsid.__val[0], &target_stfs->f_fsid.val[0]);
9787             __put_user(stfs.f_fsid.__val[1], &target_stfs->f_fsid.val[1]);
9788             __put_user(stfs.f_namelen, &target_stfs->f_namelen);
9789             __put_user(stfs.f_frsize, &target_stfs->f_frsize);
9790             memset(target_stfs->f_spare, 0, sizeof(target_stfs->f_spare));
9791             unlock_user_struct(target_stfs, arg3, 1);
9792         }
9793         return ret;
9794     case TARGET_NR_fstatfs64:
9795         ret = get_errno(fstatfs(arg1, &stfs));
9796         goto convert_statfs64;
9797 #endif
9798 #ifdef TARGET_NR_socketcall
9799     case TARGET_NR_socketcall:
9800         return do_socketcall(arg1, arg2);
9801 #endif
9802 #ifdef TARGET_NR_accept
9803     case TARGET_NR_accept:
9804         return do_accept4(arg1, arg2, arg3, 0);
9805 #endif
9806 #ifdef TARGET_NR_accept4
9807     case TARGET_NR_accept4:
9808         return do_accept4(arg1, arg2, arg3, arg4);
9809 #endif
9810 #ifdef TARGET_NR_bind
9811     case TARGET_NR_bind:
9812         return do_bind(arg1, arg2, arg3);
9813 #endif
9814 #ifdef TARGET_NR_connect
9815     case TARGET_NR_connect:
9816         return do_connect(arg1, arg2, arg3);
9817 #endif
9818 #ifdef TARGET_NR_getpeername
9819     case TARGET_NR_getpeername:
9820         return do_getpeername(arg1, arg2, arg3);
9821 #endif
9822 #ifdef TARGET_NR_getsockname
9823     case TARGET_NR_getsockname:
9824         return do_getsockname(arg1, arg2, arg3);
9825 #endif
9826 #ifdef TARGET_NR_getsockopt
9827     case TARGET_NR_getsockopt:
9828         return do_getsockopt(arg1, arg2, arg3, arg4, arg5);
9829 #endif
9830 #ifdef TARGET_NR_listen
9831     case TARGET_NR_listen:
9832         return get_errno(listen(arg1, arg2));
9833 #endif
9834 #ifdef TARGET_NR_recv
9835     case TARGET_NR_recv:
9836         return do_recvfrom(arg1, arg2, arg3, arg4, 0, 0);
9837 #endif
9838 #ifdef TARGET_NR_recvfrom
9839     case TARGET_NR_recvfrom:
9840         return do_recvfrom(arg1, arg2, arg3, arg4, arg5, arg6);
9841 #endif
9842 #ifdef TARGET_NR_recvmsg
9843     case TARGET_NR_recvmsg:
9844         return do_sendrecvmsg(arg1, arg2, arg3, 0);
9845 #endif
9846 #ifdef TARGET_NR_send
9847     case TARGET_NR_send:
9848         return do_sendto(arg1, arg2, arg3, arg4, 0, 0);
9849 #endif
9850 #ifdef TARGET_NR_sendmsg
9851     case TARGET_NR_sendmsg:
9852         return do_sendrecvmsg(arg1, arg2, arg3, 1);
9853 #endif
9854 #ifdef TARGET_NR_sendmmsg
9855     case TARGET_NR_sendmmsg:
9856         return do_sendrecvmmsg(arg1, arg2, arg3, arg4, 1);
9857 #endif
9858 #ifdef TARGET_NR_recvmmsg
9859     case TARGET_NR_recvmmsg:
9860         return do_sendrecvmmsg(arg1, arg2, arg3, arg4, 0);
9861 #endif
9862 #ifdef TARGET_NR_sendto
9863     case TARGET_NR_sendto:
9864         return do_sendto(arg1, arg2, arg3, arg4, arg5, arg6);
9865 #endif
9866 #ifdef TARGET_NR_shutdown
9867     case TARGET_NR_shutdown:
9868         return get_errno(shutdown(arg1, arg2));
9869 #endif
9870 #if defined(TARGET_NR_getrandom) && defined(__NR_getrandom)
9871     case TARGET_NR_getrandom:
9872         p = lock_user(VERIFY_WRITE, arg1, arg2, 0);
9873         if (!p) {
9874             return -TARGET_EFAULT;
9875         }
9876         ret = get_errno(getrandom(p, arg2, arg3));
9877         unlock_user(p, arg1, ret);
9878         return ret;
9879 #endif
9880 #ifdef TARGET_NR_socket
9881     case TARGET_NR_socket:
9882         return do_socket(arg1, arg2, arg3);
9883 #endif
9884 #ifdef TARGET_NR_socketpair
9885     case TARGET_NR_socketpair:
9886         return do_socketpair(arg1, arg2, arg3, arg4);
9887 #endif
9888 #ifdef TARGET_NR_setsockopt
9889     case TARGET_NR_setsockopt:
9890         return do_setsockopt(arg1, arg2, arg3, arg4, (socklen_t) arg5);
9891 #endif
9892 #if defined(TARGET_NR_syslog)
9893     case TARGET_NR_syslog:
9894         {
9895             int len = arg2;
9896 
9897             switch (arg1) {
9898             case TARGET_SYSLOG_ACTION_CLOSE:         /* Close log */
9899             case TARGET_SYSLOG_ACTION_OPEN:          /* Open log */
9900             case TARGET_SYSLOG_ACTION_CLEAR:         /* Clear ring buffer */
9901             case TARGET_SYSLOG_ACTION_CONSOLE_OFF:   /* Disable logging */
9902             case TARGET_SYSLOG_ACTION_CONSOLE_ON:    /* Enable logging */
9903             case TARGET_SYSLOG_ACTION_CONSOLE_LEVEL: /* Set messages level */
9904             case TARGET_SYSLOG_ACTION_SIZE_UNREAD:   /* Number of chars */
9905             case TARGET_SYSLOG_ACTION_SIZE_BUFFER:   /* Size of the buffer */
9906                 return get_errno(sys_syslog((int)arg1, NULL, (int)arg3));
9907             case TARGET_SYSLOG_ACTION_READ:          /* Read from log */
9908             case TARGET_SYSLOG_ACTION_READ_CLEAR:    /* Read/clear msgs */
9909             case TARGET_SYSLOG_ACTION_READ_ALL:      /* Read last messages */
9910                 {
9911                     if (len < 0) {
9912                         return -TARGET_EINVAL;
9913                     }
9914                     if (len == 0) {
9915                         return 0;
9916                     }
9917                     p = lock_user(VERIFY_WRITE, arg2, arg3, 0);
9918                     if (!p) {
9919                         return -TARGET_EFAULT;
9920                     }
9921                     ret = get_errno(sys_syslog((int)arg1, p, (int)arg3));
9922                     unlock_user(p, arg2, arg3);
9923                 }
9924                 return ret;
9925             default:
9926                 return -TARGET_EINVAL;
9927             }
9928         }
9929         break;
9930 #endif
9931     case TARGET_NR_setitimer:
9932         {
9933             struct itimerval value, ovalue, *pvalue;
9934 
9935             if (arg2) {
9936                 pvalue = &value;
9937                 if (copy_from_user_timeval(&pvalue->it_interval, arg2)
9938                     || copy_from_user_timeval(&pvalue->it_value,
9939                                               arg2 + sizeof(struct target_timeval)))
9940                     return -TARGET_EFAULT;
9941             } else {
9942                 pvalue = NULL;
9943             }
9944             ret = get_errno(setitimer(arg1, pvalue, &ovalue));
9945             if (!is_error(ret) && arg3) {
9946                 if (copy_to_user_timeval(arg3,
9947                                          &ovalue.it_interval)
9948                     || copy_to_user_timeval(arg3 + sizeof(struct target_timeval),
9949                                             &ovalue.it_value))
9950                     return -TARGET_EFAULT;
9951             }
9952         }
9953         return ret;
9954     case TARGET_NR_getitimer:
9955         {
9956             struct itimerval value;
9957 
9958             ret = get_errno(getitimer(arg1, &value));
9959             if (!is_error(ret) && arg2) {
9960                 if (copy_to_user_timeval(arg2,
9961                                          &value.it_interval)
9962                     || copy_to_user_timeval(arg2 + sizeof(struct target_timeval),
9963                                             &value.it_value))
9964                     return -TARGET_EFAULT;
9965             }
9966         }
9967         return ret;
9968 #ifdef TARGET_NR_stat
9969     case TARGET_NR_stat:
9970         if (!(p = lock_user_string(arg1))) {
9971             return -TARGET_EFAULT;
9972         }
9973         ret = get_errno(stat(path(p), &st));
9974         unlock_user(p, arg1, 0);
9975         goto do_stat;
9976 #endif
9977 #ifdef TARGET_NR_lstat
9978     case TARGET_NR_lstat:
9979         if (!(p = lock_user_string(arg1))) {
9980             return -TARGET_EFAULT;
9981         }
9982         ret = get_errno(lstat(path(p), &st));
9983         unlock_user(p, arg1, 0);
9984         goto do_stat;
9985 #endif
9986 #ifdef TARGET_NR_fstat
9987     case TARGET_NR_fstat:
9988         {
9989             ret = get_errno(fstat(arg1, &st));
9990 #if defined(TARGET_NR_stat) || defined(TARGET_NR_lstat)
9991         do_stat:
9992 #endif
9993             if (!is_error(ret)) {
9994                 struct target_stat *target_st;
9995 
9996                 if (!lock_user_struct(VERIFY_WRITE, target_st, arg2, 0))
9997                     return -TARGET_EFAULT;
9998                 memset(target_st, 0, sizeof(*target_st));
9999                 __put_user(st.st_dev, &target_st->st_dev);
10000                 __put_user(st.st_ino, &target_st->st_ino);
10001                 __put_user(st.st_mode, &target_st->st_mode);
10002                 __put_user(st.st_uid, &target_st->st_uid);
10003                 __put_user(st.st_gid, &target_st->st_gid);
10004                 __put_user(st.st_nlink, &target_st->st_nlink);
10005                 __put_user(st.st_rdev, &target_st->st_rdev);
10006                 __put_user(st.st_size, &target_st->st_size);
10007                 __put_user(st.st_blksize, &target_st->st_blksize);
10008                 __put_user(st.st_blocks, &target_st->st_blocks);
10009                 __put_user(st.st_atime, &target_st->target_st_atime);
10010                 __put_user(st.st_mtime, &target_st->target_st_mtime);
10011                 __put_user(st.st_ctime, &target_st->target_st_ctime);
10012 #if (_POSIX_C_SOURCE >= 200809L || _XOPEN_SOURCE >= 700) && \
10013     defined(TARGET_STAT_HAVE_NSEC)
10014                 __put_user(st.st_atim.tv_nsec,
10015                            &target_st->target_st_atime_nsec);
10016                 __put_user(st.st_mtim.tv_nsec,
10017                            &target_st->target_st_mtime_nsec);
10018                 __put_user(st.st_ctim.tv_nsec,
10019                            &target_st->target_st_ctime_nsec);
10020 #endif
10021                 unlock_user_struct(target_st, arg2, 1);
10022             }
10023         }
10024         return ret;
10025 #endif
10026     case TARGET_NR_vhangup:
10027         return get_errno(vhangup());
10028 #ifdef TARGET_NR_syscall
10029     case TARGET_NR_syscall:
10030         return do_syscall(cpu_env, arg1 & 0xffff, arg2, arg3, arg4, arg5,
10031                           arg6, arg7, arg8, 0);
10032 #endif
10033 #if defined(TARGET_NR_wait4)
10034     case TARGET_NR_wait4:
10035         {
10036             int status;
10037             abi_long status_ptr = arg2;
10038             struct rusage rusage, *rusage_ptr;
10039             abi_ulong target_rusage = arg4;
10040             abi_long rusage_err;
10041             if (target_rusage)
10042                 rusage_ptr = &rusage;
10043             else
10044                 rusage_ptr = NULL;
10045             ret = get_errno(safe_wait4(arg1, &status, arg3, rusage_ptr));
10046             if (!is_error(ret)) {
10047                 if (status_ptr && ret) {
10048                     status = host_to_target_waitstatus(status);
10049                     if (put_user_s32(status, status_ptr))
10050                         return -TARGET_EFAULT;
10051                 }
10052                 if (target_rusage) {
10053                     rusage_err = host_to_target_rusage(target_rusage, &rusage);
10054                     if (rusage_err) {
10055                         ret = rusage_err;
10056                     }
10057                 }
10058             }
10059         }
10060         return ret;
10061 #endif
10062 #ifdef TARGET_NR_swapoff
10063     case TARGET_NR_swapoff:
10064         if (!(p = lock_user_string(arg1)))
10065             return -TARGET_EFAULT;
10066         ret = get_errno(swapoff(p));
10067         unlock_user(p, arg1, 0);
10068         return ret;
10069 #endif
10070     case TARGET_NR_sysinfo:
10071         {
10072             struct target_sysinfo *target_value;
10073             struct sysinfo value;
10074             ret = get_errno(sysinfo(&value));
10075             if (!is_error(ret) && arg1)
10076             {
10077                 if (!lock_user_struct(VERIFY_WRITE, target_value, arg1, 0))
10078                     return -TARGET_EFAULT;
10079                 __put_user(value.uptime, &target_value->uptime);
10080                 __put_user(value.loads[0], &target_value->loads[0]);
10081                 __put_user(value.loads[1], &target_value->loads[1]);
10082                 __put_user(value.loads[2], &target_value->loads[2]);
10083                 __put_user(value.totalram, &target_value->totalram);
10084                 __put_user(value.freeram, &target_value->freeram);
10085                 __put_user(value.sharedram, &target_value->sharedram);
10086                 __put_user(value.bufferram, &target_value->bufferram);
10087                 __put_user(value.totalswap, &target_value->totalswap);
10088                 __put_user(value.freeswap, &target_value->freeswap);
10089                 __put_user(value.procs, &target_value->procs);
10090                 __put_user(value.totalhigh, &target_value->totalhigh);
10091                 __put_user(value.freehigh, &target_value->freehigh);
10092                 __put_user(value.mem_unit, &target_value->mem_unit);
10093                 unlock_user_struct(target_value, arg1, 1);
10094             }
10095         }
10096         return ret;
10097 #ifdef TARGET_NR_ipc
10098     case TARGET_NR_ipc:
10099         return do_ipc(cpu_env, arg1, arg2, arg3, arg4, arg5, arg6);
10100 #endif
10101 #ifdef TARGET_NR_semget
10102     case TARGET_NR_semget:
10103         return get_errno(semget(arg1, arg2, arg3));
10104 #endif
10105 #ifdef TARGET_NR_semop
10106     case TARGET_NR_semop:
10107         return do_semtimedop(arg1, arg2, arg3, 0, false);
10108 #endif
10109 #ifdef TARGET_NR_semtimedop
10110     case TARGET_NR_semtimedop:
10111         return do_semtimedop(arg1, arg2, arg3, arg4, false);
10112 #endif
10113 #ifdef TARGET_NR_semtimedop_time64
10114     case TARGET_NR_semtimedop_time64:
10115         return do_semtimedop(arg1, arg2, arg3, arg4, true);
10116 #endif
10117 #ifdef TARGET_NR_semctl
10118     case TARGET_NR_semctl:
10119         return do_semctl(arg1, arg2, arg3, arg4);
10120 #endif
10121 #ifdef TARGET_NR_msgctl
10122     case TARGET_NR_msgctl:
10123         return do_msgctl(arg1, arg2, arg3);
10124 #endif
10125 #ifdef TARGET_NR_msgget
10126     case TARGET_NR_msgget:
10127         return get_errno(msgget(arg1, arg2));
10128 #endif
10129 #ifdef TARGET_NR_msgrcv
10130     case TARGET_NR_msgrcv:
10131         return do_msgrcv(arg1, arg2, arg3, arg4, arg5);
10132 #endif
10133 #ifdef TARGET_NR_msgsnd
10134     case TARGET_NR_msgsnd:
10135         return do_msgsnd(arg1, arg2, arg3, arg4);
10136 #endif
10137 #ifdef TARGET_NR_shmget
10138     case TARGET_NR_shmget:
10139         return get_errno(shmget(arg1, arg2, arg3));
10140 #endif
10141 #ifdef TARGET_NR_shmctl
10142     case TARGET_NR_shmctl:
10143         return do_shmctl(arg1, arg2, arg3);
10144 #endif
10145 #ifdef TARGET_NR_shmat
10146     case TARGET_NR_shmat:
10147         return do_shmat(cpu_env, arg1, arg2, arg3);
10148 #endif
10149 #ifdef TARGET_NR_shmdt
10150     case TARGET_NR_shmdt:
10151         return do_shmdt(arg1);
10152 #endif
10153     case TARGET_NR_fsync:
10154         return get_errno(fsync(arg1));
10155     case TARGET_NR_clone:
10156         /* Linux manages to have three different orderings for its
10157          * arguments to clone(); the BACKWARDS and BACKWARDS2 defines
10158          * match the kernel's CONFIG_CLONE_* settings.
10159          * Microblaze is further special in that it uses a sixth
10160          * implicit argument to clone for the TLS pointer.
10161          */
10162 #if defined(TARGET_MICROBLAZE)
10163         ret = get_errno(do_fork(cpu_env, arg1, arg2, arg4, arg6, arg5));
10164 #elif defined(TARGET_CLONE_BACKWARDS)
10165         ret = get_errno(do_fork(cpu_env, arg1, arg2, arg3, arg4, arg5));
10166 #elif defined(TARGET_CLONE_BACKWARDS2)
10167         ret = get_errno(do_fork(cpu_env, arg2, arg1, arg3, arg5, arg4));
10168 #else
10169         ret = get_errno(do_fork(cpu_env, arg1, arg2, arg3, arg5, arg4));
10170 #endif
10171         return ret;
10172 #ifdef __NR_exit_group
10173         /* new thread calls */
10174     case TARGET_NR_exit_group:
10175         preexit_cleanup(cpu_env, arg1);
10176         return get_errno(exit_group(arg1));
10177 #endif
10178     case TARGET_NR_setdomainname:
10179         if (!(p = lock_user_string(arg1)))
10180             return -TARGET_EFAULT;
10181         ret = get_errno(setdomainname(p, arg2));
10182         unlock_user(p, arg1, 0);
10183         return ret;
10184     case TARGET_NR_uname:
10185         /* no need to transcode because we use the linux syscall */
10186         {
10187             struct new_utsname * buf;
10188 
10189             if (!lock_user_struct(VERIFY_WRITE, buf, arg1, 0))
10190                 return -TARGET_EFAULT;
10191             ret = get_errno(sys_uname(buf));
10192             if (!is_error(ret)) {
10193                 /* Overwrite the native machine name with whatever is being
10194                    emulated. */
10195                 g_strlcpy(buf->machine, cpu_to_uname_machine(cpu_env),
10196                           sizeof(buf->machine));
10197                 /* Allow the user to override the reported release.  */
10198                 if (qemu_uname_release && *qemu_uname_release) {
10199                     g_strlcpy(buf->release, qemu_uname_release,
10200                               sizeof(buf->release));
10201                 }
10202             }
10203             unlock_user_struct(buf, arg1, 1);
10204         }
10205         return ret;
10206 #ifdef TARGET_I386
10207     case TARGET_NR_modify_ldt:
10208         return do_modify_ldt(cpu_env, arg1, arg2, arg3);
10209 #if !defined(TARGET_X86_64)
10210     case TARGET_NR_vm86:
10211         return do_vm86(cpu_env, arg1, arg2);
10212 #endif
10213 #endif
10214 #if defined(TARGET_NR_adjtimex)
10215     case TARGET_NR_adjtimex:
10216         {
10217             struct timex host_buf;
10218 
10219             if (target_to_host_timex(&host_buf, arg1) != 0) {
10220                 return -TARGET_EFAULT;
10221             }
10222             ret = get_errno(adjtimex(&host_buf));
10223             if (!is_error(ret)) {
10224                 if (host_to_target_timex(arg1, &host_buf) != 0) {
10225                     return -TARGET_EFAULT;
10226                 }
10227             }
10228         }
10229         return ret;
10230 #endif
10231 #if defined(TARGET_NR_clock_adjtime) && defined(CONFIG_CLOCK_ADJTIME)
10232     case TARGET_NR_clock_adjtime:
10233         {
10234             struct timex htx, *phtx = &htx;
10235 
10236             if (target_to_host_timex(phtx, arg2) != 0) {
10237                 return -TARGET_EFAULT;
10238             }
10239             ret = get_errno(clock_adjtime(arg1, phtx));
10240             if (!is_error(ret) && phtx) {
10241                 if (host_to_target_timex(arg2, phtx) != 0) {
10242                     return -TARGET_EFAULT;
10243                 }
10244             }
10245         }
10246         return ret;
10247 #endif
10248 #if defined(TARGET_NR_clock_adjtime64) && defined(CONFIG_CLOCK_ADJTIME)
10249     case TARGET_NR_clock_adjtime64:
10250         {
10251             struct timex htx;
10252 
10253             if (target_to_host_timex64(&htx, arg2) != 0) {
10254                 return -TARGET_EFAULT;
10255             }
10256             ret = get_errno(clock_adjtime(arg1, &htx));
10257             if (!is_error(ret) && host_to_target_timex64(arg2, &htx)) {
10258                     return -TARGET_EFAULT;
10259             }
10260         }
10261         return ret;
10262 #endif
10263     case TARGET_NR_getpgid:
10264         return get_errno(getpgid(arg1));
10265     case TARGET_NR_fchdir:
10266         return get_errno(fchdir(arg1));
10267     case TARGET_NR_personality:
10268         return get_errno(personality(arg1));
10269 #ifdef TARGET_NR__llseek /* Not on alpha */
10270     case TARGET_NR__llseek:
10271         {
10272             int64_t res;
10273 #if !defined(__NR_llseek)
10274             res = lseek(arg1, ((uint64_t)arg2 << 32) | (abi_ulong)arg3, arg5);
10275             if (res == -1) {
10276                 ret = get_errno(res);
10277             } else {
10278                 ret = 0;
10279             }
10280 #else
10281             ret = get_errno(_llseek(arg1, arg2, arg3, &res, arg5));
10282 #endif
10283             if ((ret == 0) && put_user_s64(res, arg4)) {
10284                 return -TARGET_EFAULT;
10285             }
10286         }
10287         return ret;
10288 #endif
10289 #ifdef TARGET_NR_getdents
10290     case TARGET_NR_getdents:
10291 #ifdef EMULATE_GETDENTS_WITH_GETDENTS
10292 #if TARGET_ABI_BITS == 32 && HOST_LONG_BITS == 64
10293         {
10294             struct target_dirent *target_dirp;
10295             struct linux_dirent *dirp;
10296             abi_long count = arg3;
10297 
10298             dirp = g_try_malloc(count);
10299             if (!dirp) {
10300                 return -TARGET_ENOMEM;
10301             }
10302 
10303             ret = get_errno(sys_getdents(arg1, dirp, count));
10304             if (!is_error(ret)) {
10305                 struct linux_dirent *de;
10306 		struct target_dirent *tde;
10307                 int len = ret;
10308                 int reclen, treclen;
10309 		int count1, tnamelen;
10310 
10311 		count1 = 0;
10312                 de = dirp;
10313                 if (!(target_dirp = lock_user(VERIFY_WRITE, arg2, count, 0)))
10314                     return -TARGET_EFAULT;
10315 		tde = target_dirp;
10316                 while (len > 0) {
10317                     reclen = de->d_reclen;
10318                     tnamelen = reclen - offsetof(struct linux_dirent, d_name);
10319                     assert(tnamelen >= 0);
10320                     treclen = tnamelen + offsetof(struct target_dirent, d_name);
10321                     assert(count1 + treclen <= count);
10322                     tde->d_reclen = tswap16(treclen);
10323                     tde->d_ino = tswapal(de->d_ino);
10324                     tde->d_off = tswapal(de->d_off);
10325                     memcpy(tde->d_name, de->d_name, tnamelen);
10326                     de = (struct linux_dirent *)((char *)de + reclen);
10327                     len -= reclen;
10328                     tde = (struct target_dirent *)((char *)tde + treclen);
10329 		    count1 += treclen;
10330                 }
10331 		ret = count1;
10332                 unlock_user(target_dirp, arg2, ret);
10333             }
10334             g_free(dirp);
10335         }
10336 #else
10337         {
10338             struct linux_dirent *dirp;
10339             abi_long count = arg3;
10340 
10341             if (!(dirp = lock_user(VERIFY_WRITE, arg2, count, 0)))
10342                 return -TARGET_EFAULT;
10343             ret = get_errno(sys_getdents(arg1, dirp, count));
10344             if (!is_error(ret)) {
10345                 struct linux_dirent *de;
10346                 int len = ret;
10347                 int reclen;
10348                 de = dirp;
10349                 while (len > 0) {
10350                     reclen = de->d_reclen;
10351                     if (reclen > len)
10352                         break;
10353                     de->d_reclen = tswap16(reclen);
10354                     tswapls(&de->d_ino);
10355                     tswapls(&de->d_off);
10356                     de = (struct linux_dirent *)((char *)de + reclen);
10357                     len -= reclen;
10358                 }
10359             }
10360             unlock_user(dirp, arg2, ret);
10361         }
10362 #endif
10363 #else
10364         /* Implement getdents in terms of getdents64 */
10365         {
10366             struct linux_dirent64 *dirp;
10367             abi_long count = arg3;
10368 
10369             dirp = lock_user(VERIFY_WRITE, arg2, count, 0);
10370             if (!dirp) {
10371                 return -TARGET_EFAULT;
10372             }
10373             ret = get_errno(sys_getdents64(arg1, dirp, count));
10374             if (!is_error(ret)) {
10375                 /* Convert the dirent64 structs to target dirent.  We do this
10376                  * in-place, since we can guarantee that a target_dirent is no
10377                  * larger than a dirent64; however this means we have to be
10378                  * careful to read everything before writing in the new format.
10379                  */
10380                 struct linux_dirent64 *de;
10381                 struct target_dirent *tde;
10382                 int len = ret;
10383                 int tlen = 0;
10384 
10385                 de = dirp;
10386                 tde = (struct target_dirent *)dirp;
10387                 while (len > 0) {
10388                     int namelen, treclen;
10389                     int reclen = de->d_reclen;
10390                     uint64_t ino = de->d_ino;
10391                     int64_t off = de->d_off;
10392                     uint8_t type = de->d_type;
10393 
10394                     namelen = strlen(de->d_name);
10395                     treclen = offsetof(struct target_dirent, d_name)
10396                         + namelen + 2;
10397                     treclen = QEMU_ALIGN_UP(treclen, sizeof(abi_long));
10398 
10399                     memmove(tde->d_name, de->d_name, namelen + 1);
10400                     tde->d_ino = tswapal(ino);
10401                     tde->d_off = tswapal(off);
10402                     tde->d_reclen = tswap16(treclen);
10403                     /* The target_dirent type is in what was formerly a padding
10404                      * byte at the end of the structure:
10405                      */
10406                     *(((char *)tde) + treclen - 1) = type;
10407 
10408                     de = (struct linux_dirent64 *)((char *)de + reclen);
10409                     tde = (struct target_dirent *)((char *)tde + treclen);
10410                     len -= reclen;
10411                     tlen += treclen;
10412                 }
10413                 ret = tlen;
10414             }
10415             unlock_user(dirp, arg2, ret);
10416         }
10417 #endif
10418         return ret;
10419 #endif /* TARGET_NR_getdents */
10420 #if defined(TARGET_NR_getdents64) && defined(__NR_getdents64)
10421     case TARGET_NR_getdents64:
10422         {
10423             struct linux_dirent64 *dirp;
10424             abi_long count = arg3;
10425             if (!(dirp = lock_user(VERIFY_WRITE, arg2, count, 0)))
10426                 return -TARGET_EFAULT;
10427             ret = get_errno(sys_getdents64(arg1, dirp, count));
10428             if (!is_error(ret)) {
10429                 struct linux_dirent64 *de;
10430                 int len = ret;
10431                 int reclen;
10432                 de = dirp;
10433                 while (len > 0) {
10434                     reclen = de->d_reclen;
10435                     if (reclen > len)
10436                         break;
10437                     de->d_reclen = tswap16(reclen);
10438                     tswap64s((uint64_t *)&de->d_ino);
10439                     tswap64s((uint64_t *)&de->d_off);
10440                     de = (struct linux_dirent64 *)((char *)de + reclen);
10441                     len -= reclen;
10442                 }
10443             }
10444             unlock_user(dirp, arg2, ret);
10445         }
10446         return ret;
10447 #endif /* TARGET_NR_getdents64 */
10448 #if defined(TARGET_NR__newselect)
10449     case TARGET_NR__newselect:
10450         return do_select(arg1, arg2, arg3, arg4, arg5);
10451 #endif
10452 #ifdef TARGET_NR_poll
10453     case TARGET_NR_poll:
10454         return do_ppoll(arg1, arg2, arg3, arg4, arg5, false, false);
10455 #endif
10456 #ifdef TARGET_NR_ppoll
10457     case TARGET_NR_ppoll:
10458         return do_ppoll(arg1, arg2, arg3, arg4, arg5, true, false);
10459 #endif
10460 #ifdef TARGET_NR_ppoll_time64
10461     case TARGET_NR_ppoll_time64:
10462         return do_ppoll(arg1, arg2, arg3, arg4, arg5, true, true);
10463 #endif
10464     case TARGET_NR_flock:
10465         /* NOTE: the flock constant seems to be the same for every
10466            Linux platform */
10467         return get_errno(safe_flock(arg1, arg2));
10468     case TARGET_NR_readv:
10469         {
10470             struct iovec *vec = lock_iovec(VERIFY_WRITE, arg2, arg3, 0);
10471             if (vec != NULL) {
10472                 ret = get_errno(safe_readv(arg1, vec, arg3));
10473                 unlock_iovec(vec, arg2, arg3, 1);
10474             } else {
10475                 ret = -host_to_target_errno(errno);
10476             }
10477         }
10478         return ret;
10479     case TARGET_NR_writev:
10480         {
10481             struct iovec *vec = lock_iovec(VERIFY_READ, arg2, arg3, 1);
10482             if (vec != NULL) {
10483                 ret = get_errno(safe_writev(arg1, vec, arg3));
10484                 unlock_iovec(vec, arg2, arg3, 0);
10485             } else {
10486                 ret = -host_to_target_errno(errno);
10487             }
10488         }
10489         return ret;
10490 #if defined(TARGET_NR_preadv)
10491     case TARGET_NR_preadv:
10492         {
10493             struct iovec *vec = lock_iovec(VERIFY_WRITE, arg2, arg3, 0);
10494             if (vec != NULL) {
10495                 unsigned long low, high;
10496 
10497                 target_to_host_low_high(arg4, arg5, &low, &high);
10498                 ret = get_errno(safe_preadv(arg1, vec, arg3, low, high));
10499                 unlock_iovec(vec, arg2, arg3, 1);
10500             } else {
10501                 ret = -host_to_target_errno(errno);
10502            }
10503         }
10504         return ret;
10505 #endif
10506 #if defined(TARGET_NR_pwritev)
10507     case TARGET_NR_pwritev:
10508         {
10509             struct iovec *vec = lock_iovec(VERIFY_READ, arg2, arg3, 1);
10510             if (vec != NULL) {
10511                 unsigned long low, high;
10512 
10513                 target_to_host_low_high(arg4, arg5, &low, &high);
10514                 ret = get_errno(safe_pwritev(arg1, vec, arg3, low, high));
10515                 unlock_iovec(vec, arg2, arg3, 0);
10516             } else {
10517                 ret = -host_to_target_errno(errno);
10518            }
10519         }
10520         return ret;
10521 #endif
10522     case TARGET_NR_getsid:
10523         return get_errno(getsid(arg1));
10524 #if defined(TARGET_NR_fdatasync) /* Not on alpha (osf_datasync ?) */
10525     case TARGET_NR_fdatasync:
10526         return get_errno(fdatasync(arg1));
10527 #endif
10528 #ifdef TARGET_NR__sysctl
10529     case TARGET_NR__sysctl:
10530         /* We don't implement this, but ENOTDIR is always a safe
10531            return value. */
10532         return -TARGET_ENOTDIR;
10533 #endif
10534     case TARGET_NR_sched_getaffinity:
10535         {
10536             unsigned int mask_size;
10537             unsigned long *mask;
10538 
10539             /*
10540              * sched_getaffinity needs multiples of ulong, so need to take
10541              * care of mismatches between target ulong and host ulong sizes.
10542              */
10543             if (arg2 & (sizeof(abi_ulong) - 1)) {
10544                 return -TARGET_EINVAL;
10545             }
10546             mask_size = (arg2 + (sizeof(*mask) - 1)) & ~(sizeof(*mask) - 1);
10547 
10548             mask = alloca(mask_size);
10549             memset(mask, 0, mask_size);
10550             ret = get_errno(sys_sched_getaffinity(arg1, mask_size, mask));
10551 
10552             if (!is_error(ret)) {
10553                 if (ret > arg2) {
10554                     /* More data returned than the caller's buffer will fit.
10555                      * This only happens if sizeof(abi_long) < sizeof(long)
10556                      * and the caller passed us a buffer holding an odd number
10557                      * of abi_longs. If the host kernel is actually using the
10558                      * extra 4 bytes then fail EINVAL; otherwise we can just
10559                      * ignore them and only copy the interesting part.
10560                      */
10561                     int numcpus = sysconf(_SC_NPROCESSORS_CONF);
10562                     if (numcpus > arg2 * 8) {
10563                         return -TARGET_EINVAL;
10564                     }
10565                     ret = arg2;
10566                 }
10567 
10568                 if (host_to_target_cpu_mask(mask, mask_size, arg3, ret)) {
10569                     return -TARGET_EFAULT;
10570                 }
10571             }
10572         }
10573         return ret;
10574     case TARGET_NR_sched_setaffinity:
10575         {
10576             unsigned int mask_size;
10577             unsigned long *mask;
10578 
10579             /*
10580              * sched_setaffinity needs multiples of ulong, so need to take
10581              * care of mismatches between target ulong and host ulong sizes.
10582              */
10583             if (arg2 & (sizeof(abi_ulong) - 1)) {
10584                 return -TARGET_EINVAL;
10585             }
10586             mask_size = (arg2 + (sizeof(*mask) - 1)) & ~(sizeof(*mask) - 1);
10587             mask = alloca(mask_size);
10588 
10589             ret = target_to_host_cpu_mask(mask, mask_size, arg3, arg2);
10590             if (ret) {
10591                 return ret;
10592             }
10593 
10594             return get_errno(sys_sched_setaffinity(arg1, mask_size, mask));
10595         }
10596     case TARGET_NR_getcpu:
10597         {
10598             unsigned cpu, node;
10599             ret = get_errno(sys_getcpu(arg1 ? &cpu : NULL,
10600                                        arg2 ? &node : NULL,
10601                                        NULL));
10602             if (is_error(ret)) {
10603                 return ret;
10604             }
10605             if (arg1 && put_user_u32(cpu, arg1)) {
10606                 return -TARGET_EFAULT;
10607             }
10608             if (arg2 && put_user_u32(node, arg2)) {
10609                 return -TARGET_EFAULT;
10610             }
10611         }
10612         return ret;
10613     case TARGET_NR_sched_setparam:
10614         {
10615             struct sched_param *target_schp;
10616             struct sched_param schp;
10617 
10618             if (arg2 == 0) {
10619                 return -TARGET_EINVAL;
10620             }
10621             if (!lock_user_struct(VERIFY_READ, target_schp, arg2, 1))
10622                 return -TARGET_EFAULT;
10623             schp.sched_priority = tswap32(target_schp->sched_priority);
10624             unlock_user_struct(target_schp, arg2, 0);
10625             return get_errno(sched_setparam(arg1, &schp));
10626         }
10627     case TARGET_NR_sched_getparam:
10628         {
10629             struct sched_param *target_schp;
10630             struct sched_param schp;
10631 
10632             if (arg2 == 0) {
10633                 return -TARGET_EINVAL;
10634             }
10635             ret = get_errno(sched_getparam(arg1, &schp));
10636             if (!is_error(ret)) {
10637                 if (!lock_user_struct(VERIFY_WRITE, target_schp, arg2, 0))
10638                     return -TARGET_EFAULT;
10639                 target_schp->sched_priority = tswap32(schp.sched_priority);
10640                 unlock_user_struct(target_schp, arg2, 1);
10641             }
10642         }
10643         return ret;
10644     case TARGET_NR_sched_setscheduler:
10645         {
10646             struct sched_param *target_schp;
10647             struct sched_param schp;
10648             if (arg3 == 0) {
10649                 return -TARGET_EINVAL;
10650             }
10651             if (!lock_user_struct(VERIFY_READ, target_schp, arg3, 1))
10652                 return -TARGET_EFAULT;
10653             schp.sched_priority = tswap32(target_schp->sched_priority);
10654             unlock_user_struct(target_schp, arg3, 0);
10655             return get_errno(sched_setscheduler(arg1, arg2, &schp));
10656         }
10657     case TARGET_NR_sched_getscheduler:
10658         return get_errno(sched_getscheduler(arg1));
10659     case TARGET_NR_sched_yield:
10660         return get_errno(sched_yield());
10661     case TARGET_NR_sched_get_priority_max:
10662         return get_errno(sched_get_priority_max(arg1));
10663     case TARGET_NR_sched_get_priority_min:
10664         return get_errno(sched_get_priority_min(arg1));
10665 #ifdef TARGET_NR_sched_rr_get_interval
10666     case TARGET_NR_sched_rr_get_interval:
10667         {
10668             struct timespec ts;
10669             ret = get_errno(sched_rr_get_interval(arg1, &ts));
10670             if (!is_error(ret)) {
10671                 ret = host_to_target_timespec(arg2, &ts);
10672             }
10673         }
10674         return ret;
10675 #endif
10676 #ifdef TARGET_NR_sched_rr_get_interval_time64
10677     case TARGET_NR_sched_rr_get_interval_time64:
10678         {
10679             struct timespec ts;
10680             ret = get_errno(sched_rr_get_interval(arg1, &ts));
10681             if (!is_error(ret)) {
10682                 ret = host_to_target_timespec64(arg2, &ts);
10683             }
10684         }
10685         return ret;
10686 #endif
10687 #if defined(TARGET_NR_nanosleep)
10688     case TARGET_NR_nanosleep:
10689         {
10690             struct timespec req, rem;
10691             target_to_host_timespec(&req, arg1);
10692             ret = get_errno(safe_nanosleep(&req, &rem));
10693             if (is_error(ret) && arg2) {
10694                 host_to_target_timespec(arg2, &rem);
10695             }
10696         }
10697         return ret;
10698 #endif
10699     case TARGET_NR_prctl:
10700         switch (arg1) {
10701         case PR_GET_PDEATHSIG:
10702         {
10703             int deathsig;
10704             ret = get_errno(prctl(arg1, &deathsig, arg3, arg4, arg5));
10705             if (!is_error(ret) && arg2
10706                 && put_user_ual(deathsig, arg2)) {
10707                 return -TARGET_EFAULT;
10708             }
10709             return ret;
10710         }
10711 #ifdef PR_GET_NAME
10712         case PR_GET_NAME:
10713         {
10714             void *name = lock_user(VERIFY_WRITE, arg2, 16, 1);
10715             if (!name) {
10716                 return -TARGET_EFAULT;
10717             }
10718             ret = get_errno(prctl(arg1, (unsigned long)name,
10719                                   arg3, arg4, arg5));
10720             unlock_user(name, arg2, 16);
10721             return ret;
10722         }
10723         case PR_SET_NAME:
10724         {
10725             void *name = lock_user(VERIFY_READ, arg2, 16, 1);
10726             if (!name) {
10727                 return -TARGET_EFAULT;
10728             }
10729             ret = get_errno(prctl(arg1, (unsigned long)name,
10730                                   arg3, arg4, arg5));
10731             unlock_user(name, arg2, 0);
10732             return ret;
10733         }
10734 #endif
10735 #ifdef TARGET_MIPS
10736         case TARGET_PR_GET_FP_MODE:
10737         {
10738             CPUMIPSState *env = ((CPUMIPSState *)cpu_env);
10739             ret = 0;
10740             if (env->CP0_Status & (1 << CP0St_FR)) {
10741                 ret |= TARGET_PR_FP_MODE_FR;
10742             }
10743             if (env->CP0_Config5 & (1 << CP0C5_FRE)) {
10744                 ret |= TARGET_PR_FP_MODE_FRE;
10745             }
10746             return ret;
10747         }
10748         case TARGET_PR_SET_FP_MODE:
10749         {
10750             CPUMIPSState *env = ((CPUMIPSState *)cpu_env);
10751             bool old_fr = env->CP0_Status & (1 << CP0St_FR);
10752             bool old_fre = env->CP0_Config5 & (1 << CP0C5_FRE);
10753             bool new_fr = arg2 & TARGET_PR_FP_MODE_FR;
10754             bool new_fre = arg2 & TARGET_PR_FP_MODE_FRE;
10755 
10756             const unsigned int known_bits = TARGET_PR_FP_MODE_FR |
10757                                             TARGET_PR_FP_MODE_FRE;
10758 
10759             /* If nothing to change, return right away, successfully.  */
10760             if (old_fr == new_fr && old_fre == new_fre) {
10761                 return 0;
10762             }
10763             /* Check the value is valid */
10764             if (arg2 & ~known_bits) {
10765                 return -TARGET_EOPNOTSUPP;
10766             }
10767             /* Setting FRE without FR is not supported.  */
10768             if (new_fre && !new_fr) {
10769                 return -TARGET_EOPNOTSUPP;
10770             }
10771             if (new_fr && !(env->active_fpu.fcr0 & (1 << FCR0_F64))) {
10772                 /* FR1 is not supported */
10773                 return -TARGET_EOPNOTSUPP;
10774             }
10775             if (!new_fr && (env->active_fpu.fcr0 & (1 << FCR0_F64))
10776                 && !(env->CP0_Status_rw_bitmask & (1 << CP0St_FR))) {
10777                 /* cannot set FR=0 */
10778                 return -TARGET_EOPNOTSUPP;
10779             }
10780             if (new_fre && !(env->active_fpu.fcr0 & (1 << FCR0_FREP))) {
10781                 /* Cannot set FRE=1 */
10782                 return -TARGET_EOPNOTSUPP;
10783             }
10784 
10785             int i;
10786             fpr_t *fpr = env->active_fpu.fpr;
10787             for (i = 0; i < 32 ; i += 2) {
10788                 if (!old_fr && new_fr) {
10789                     fpr[i].w[!FP_ENDIAN_IDX] = fpr[i + 1].w[FP_ENDIAN_IDX];
10790                 } else if (old_fr && !new_fr) {
10791                     fpr[i + 1].w[FP_ENDIAN_IDX] = fpr[i].w[!FP_ENDIAN_IDX];
10792                 }
10793             }
10794 
10795             if (new_fr) {
10796                 env->CP0_Status |= (1 << CP0St_FR);
10797                 env->hflags |= MIPS_HFLAG_F64;
10798             } else {
10799                 env->CP0_Status &= ~(1 << CP0St_FR);
10800                 env->hflags &= ~MIPS_HFLAG_F64;
10801             }
10802             if (new_fre) {
10803                 env->CP0_Config5 |= (1 << CP0C5_FRE);
10804                 if (env->active_fpu.fcr0 & (1 << FCR0_FREP)) {
10805                     env->hflags |= MIPS_HFLAG_FRE;
10806                 }
10807             } else {
10808                 env->CP0_Config5 &= ~(1 << CP0C5_FRE);
10809                 env->hflags &= ~MIPS_HFLAG_FRE;
10810             }
10811 
10812             return 0;
10813         }
10814 #endif /* MIPS */
10815 #ifdef TARGET_AARCH64
10816         case TARGET_PR_SVE_SET_VL:
10817             /*
10818              * We cannot support either PR_SVE_SET_VL_ONEXEC or
10819              * PR_SVE_VL_INHERIT.  Note the kernel definition
10820              * of sve_vl_valid allows for VQ=512, i.e. VL=8192,
10821              * even though the current architectural maximum is VQ=16.
10822              */
10823             ret = -TARGET_EINVAL;
10824             if (cpu_isar_feature(aa64_sve, env_archcpu(cpu_env))
10825                 && arg2 >= 0 && arg2 <= 512 * 16 && !(arg2 & 15)) {
10826                 CPUARMState *env = cpu_env;
10827                 ARMCPU *cpu = env_archcpu(env);
10828                 uint32_t vq, old_vq;
10829 
10830                 old_vq = (env->vfp.zcr_el[1] & 0xf) + 1;
10831                 vq = MAX(arg2 / 16, 1);
10832                 vq = MIN(vq, cpu->sve_max_vq);
10833 
10834                 if (vq < old_vq) {
10835                     aarch64_sve_narrow_vq(env, vq);
10836                 }
10837                 env->vfp.zcr_el[1] = vq - 1;
10838                 arm_rebuild_hflags(env);
10839                 ret = vq * 16;
10840             }
10841             return ret;
10842         case TARGET_PR_SVE_GET_VL:
10843             ret = -TARGET_EINVAL;
10844             {
10845                 ARMCPU *cpu = env_archcpu(cpu_env);
10846                 if (cpu_isar_feature(aa64_sve, cpu)) {
10847                     ret = ((cpu->env.vfp.zcr_el[1] & 0xf) + 1) * 16;
10848                 }
10849             }
10850             return ret;
10851         case TARGET_PR_PAC_RESET_KEYS:
10852             {
10853                 CPUARMState *env = cpu_env;
10854                 ARMCPU *cpu = env_archcpu(env);
10855 
10856                 if (arg3 || arg4 || arg5) {
10857                     return -TARGET_EINVAL;
10858                 }
10859                 if (cpu_isar_feature(aa64_pauth, cpu)) {
10860                     int all = (TARGET_PR_PAC_APIAKEY | TARGET_PR_PAC_APIBKEY |
10861                                TARGET_PR_PAC_APDAKEY | TARGET_PR_PAC_APDBKEY |
10862                                TARGET_PR_PAC_APGAKEY);
10863                     int ret = 0;
10864                     Error *err = NULL;
10865 
10866                     if (arg2 == 0) {
10867                         arg2 = all;
10868                     } else if (arg2 & ~all) {
10869                         return -TARGET_EINVAL;
10870                     }
10871                     if (arg2 & TARGET_PR_PAC_APIAKEY) {
10872                         ret |= qemu_guest_getrandom(&env->keys.apia,
10873                                                     sizeof(ARMPACKey), &err);
10874                     }
10875                     if (arg2 & TARGET_PR_PAC_APIBKEY) {
10876                         ret |= qemu_guest_getrandom(&env->keys.apib,
10877                                                     sizeof(ARMPACKey), &err);
10878                     }
10879                     if (arg2 & TARGET_PR_PAC_APDAKEY) {
10880                         ret |= qemu_guest_getrandom(&env->keys.apda,
10881                                                     sizeof(ARMPACKey), &err);
10882                     }
10883                     if (arg2 & TARGET_PR_PAC_APDBKEY) {
10884                         ret |= qemu_guest_getrandom(&env->keys.apdb,
10885                                                     sizeof(ARMPACKey), &err);
10886                     }
10887                     if (arg2 & TARGET_PR_PAC_APGAKEY) {
10888                         ret |= qemu_guest_getrandom(&env->keys.apga,
10889                                                     sizeof(ARMPACKey), &err);
10890                     }
10891                     if (ret != 0) {
10892                         /*
10893                          * Some unknown failure in the crypto.  The best
10894                          * we can do is log it and fail the syscall.
10895                          * The real syscall cannot fail this way.
10896                          */
10897                         qemu_log_mask(LOG_UNIMP,
10898                                       "PR_PAC_RESET_KEYS: Crypto failure: %s",
10899                                       error_get_pretty(err));
10900                         error_free(err);
10901                         return -TARGET_EIO;
10902                     }
10903                     return 0;
10904                 }
10905             }
10906             return -TARGET_EINVAL;
10907 #endif /* AARCH64 */
10908         case PR_GET_SECCOMP:
10909         case PR_SET_SECCOMP:
10910             /* Disable seccomp to prevent the target disabling syscalls we
10911              * need. */
10912             return -TARGET_EINVAL;
10913         default:
10914             /* Most prctl options have no pointer arguments */
10915             return get_errno(prctl(arg1, arg2, arg3, arg4, arg5));
10916         }
10917         break;
10918 #ifdef TARGET_NR_arch_prctl
10919     case TARGET_NR_arch_prctl:
10920         return do_arch_prctl(cpu_env, arg1, arg2);
10921 #endif
10922 #ifdef TARGET_NR_pread64
10923     case TARGET_NR_pread64:
10924         if (regpairs_aligned(cpu_env, num)) {
10925             arg4 = arg5;
10926             arg5 = arg6;
10927         }
10928         if (arg2 == 0 && arg3 == 0) {
10929             /* Special-case NULL buffer and zero length, which should succeed */
10930             p = 0;
10931         } else {
10932             p = lock_user(VERIFY_WRITE, arg2, arg3, 0);
10933             if (!p) {
10934                 return -TARGET_EFAULT;
10935             }
10936         }
10937         ret = get_errno(pread64(arg1, p, arg3, target_offset64(arg4, arg5)));
10938         unlock_user(p, arg2, ret);
10939         return ret;
10940     case TARGET_NR_pwrite64:
10941         if (regpairs_aligned(cpu_env, num)) {
10942             arg4 = arg5;
10943             arg5 = arg6;
10944         }
10945         if (arg2 == 0 && arg3 == 0) {
10946             /* Special-case NULL buffer and zero length, which should succeed */
10947             p = 0;
10948         } else {
10949             p = lock_user(VERIFY_READ, arg2, arg3, 1);
10950             if (!p) {
10951                 return -TARGET_EFAULT;
10952             }
10953         }
10954         ret = get_errno(pwrite64(arg1, p, arg3, target_offset64(arg4, arg5)));
10955         unlock_user(p, arg2, 0);
10956         return ret;
10957 #endif
10958     case TARGET_NR_getcwd:
10959         if (!(p = lock_user(VERIFY_WRITE, arg1, arg2, 0)))
10960             return -TARGET_EFAULT;
10961         ret = get_errno(sys_getcwd1(p, arg2));
10962         unlock_user(p, arg1, ret);
10963         return ret;
10964     case TARGET_NR_capget:
10965     case TARGET_NR_capset:
10966     {
10967         struct target_user_cap_header *target_header;
10968         struct target_user_cap_data *target_data = NULL;
10969         struct __user_cap_header_struct header;
10970         struct __user_cap_data_struct data[2];
10971         struct __user_cap_data_struct *dataptr = NULL;
10972         int i, target_datalen;
10973         int data_items = 1;
10974 
10975         if (!lock_user_struct(VERIFY_WRITE, target_header, arg1, 1)) {
10976             return -TARGET_EFAULT;
10977         }
10978         header.version = tswap32(target_header->version);
10979         header.pid = tswap32(target_header->pid);
10980 
10981         if (header.version != _LINUX_CAPABILITY_VERSION) {
10982             /* Version 2 and up takes pointer to two user_data structs */
10983             data_items = 2;
10984         }
10985 
10986         target_datalen = sizeof(*target_data) * data_items;
10987 
10988         if (arg2) {
10989             if (num == TARGET_NR_capget) {
10990                 target_data = lock_user(VERIFY_WRITE, arg2, target_datalen, 0);
10991             } else {
10992                 target_data = lock_user(VERIFY_READ, arg2, target_datalen, 1);
10993             }
10994             if (!target_data) {
10995                 unlock_user_struct(target_header, arg1, 0);
10996                 return -TARGET_EFAULT;
10997             }
10998 
10999             if (num == TARGET_NR_capset) {
11000                 for (i = 0; i < data_items; i++) {
11001                     data[i].effective = tswap32(target_data[i].effective);
11002                     data[i].permitted = tswap32(target_data[i].permitted);
11003                     data[i].inheritable = tswap32(target_data[i].inheritable);
11004                 }
11005             }
11006 
11007             dataptr = data;
11008         }
11009 
11010         if (num == TARGET_NR_capget) {
11011             ret = get_errno(capget(&header, dataptr));
11012         } else {
11013             ret = get_errno(capset(&header, dataptr));
11014         }
11015 
11016         /* The kernel always updates version for both capget and capset */
11017         target_header->version = tswap32(header.version);
11018         unlock_user_struct(target_header, arg1, 1);
11019 
11020         if (arg2) {
11021             if (num == TARGET_NR_capget) {
11022                 for (i = 0; i < data_items; i++) {
11023                     target_data[i].effective = tswap32(data[i].effective);
11024                     target_data[i].permitted = tswap32(data[i].permitted);
11025                     target_data[i].inheritable = tswap32(data[i].inheritable);
11026                 }
11027                 unlock_user(target_data, arg2, target_datalen);
11028             } else {
11029                 unlock_user(target_data, arg2, 0);
11030             }
11031         }
11032         return ret;
11033     }
11034     case TARGET_NR_sigaltstack:
11035         return do_sigaltstack(arg1, arg2,
11036                               get_sp_from_cpustate((CPUArchState *)cpu_env));
11037 
11038 #ifdef CONFIG_SENDFILE
11039 #ifdef TARGET_NR_sendfile
11040     case TARGET_NR_sendfile:
11041     {
11042         off_t *offp = NULL;
11043         off_t off;
11044         if (arg3) {
11045             ret = get_user_sal(off, arg3);
11046             if (is_error(ret)) {
11047                 return ret;
11048             }
11049             offp = &off;
11050         }
11051         ret = get_errno(sendfile(arg1, arg2, offp, arg4));
11052         if (!is_error(ret) && arg3) {
11053             abi_long ret2 = put_user_sal(off, arg3);
11054             if (is_error(ret2)) {
11055                 ret = ret2;
11056             }
11057         }
11058         return ret;
11059     }
11060 #endif
11061 #ifdef TARGET_NR_sendfile64
11062     case TARGET_NR_sendfile64:
11063     {
11064         off_t *offp = NULL;
11065         off_t off;
11066         if (arg3) {
11067             ret = get_user_s64(off, arg3);
11068             if (is_error(ret)) {
11069                 return ret;
11070             }
11071             offp = &off;
11072         }
11073         ret = get_errno(sendfile(arg1, arg2, offp, arg4));
11074         if (!is_error(ret) && arg3) {
11075             abi_long ret2 = put_user_s64(off, arg3);
11076             if (is_error(ret2)) {
11077                 ret = ret2;
11078             }
11079         }
11080         return ret;
11081     }
11082 #endif
11083 #endif
11084 #ifdef TARGET_NR_vfork
11085     case TARGET_NR_vfork:
11086         return get_errno(do_fork(cpu_env,
11087                          CLONE_VFORK | CLONE_VM | TARGET_SIGCHLD,
11088                          0, 0, 0, 0));
11089 #endif
11090 #ifdef TARGET_NR_ugetrlimit
11091     case TARGET_NR_ugetrlimit:
11092     {
11093 	struct rlimit rlim;
11094 	int resource = target_to_host_resource(arg1);
11095 	ret = get_errno(getrlimit(resource, &rlim));
11096 	if (!is_error(ret)) {
11097 	    struct target_rlimit *target_rlim;
11098             if (!lock_user_struct(VERIFY_WRITE, target_rlim, arg2, 0))
11099                 return -TARGET_EFAULT;
11100 	    target_rlim->rlim_cur = host_to_target_rlim(rlim.rlim_cur);
11101 	    target_rlim->rlim_max = host_to_target_rlim(rlim.rlim_max);
11102             unlock_user_struct(target_rlim, arg2, 1);
11103 	}
11104         return ret;
11105     }
11106 #endif
11107 #ifdef TARGET_NR_truncate64
11108     case TARGET_NR_truncate64:
11109         if (!(p = lock_user_string(arg1)))
11110             return -TARGET_EFAULT;
11111 	ret = target_truncate64(cpu_env, p, arg2, arg3, arg4);
11112         unlock_user(p, arg1, 0);
11113         return ret;
11114 #endif
11115 #ifdef TARGET_NR_ftruncate64
11116     case TARGET_NR_ftruncate64:
11117         return target_ftruncate64(cpu_env, arg1, arg2, arg3, arg4);
11118 #endif
11119 #ifdef TARGET_NR_stat64
11120     case TARGET_NR_stat64:
11121         if (!(p = lock_user_string(arg1))) {
11122             return -TARGET_EFAULT;
11123         }
11124         ret = get_errno(stat(path(p), &st));
11125         unlock_user(p, arg1, 0);
11126         if (!is_error(ret))
11127             ret = host_to_target_stat64(cpu_env, arg2, &st);
11128         return ret;
11129 #endif
11130 #ifdef TARGET_NR_lstat64
11131     case TARGET_NR_lstat64:
11132         if (!(p = lock_user_string(arg1))) {
11133             return -TARGET_EFAULT;
11134         }
11135         ret = get_errno(lstat(path(p), &st));
11136         unlock_user(p, arg1, 0);
11137         if (!is_error(ret))
11138             ret = host_to_target_stat64(cpu_env, arg2, &st);
11139         return ret;
11140 #endif
11141 #ifdef TARGET_NR_fstat64
11142     case TARGET_NR_fstat64:
11143         ret = get_errno(fstat(arg1, &st));
11144         if (!is_error(ret))
11145             ret = host_to_target_stat64(cpu_env, arg2, &st);
11146         return ret;
11147 #endif
11148 #if (defined(TARGET_NR_fstatat64) || defined(TARGET_NR_newfstatat))
11149 #ifdef TARGET_NR_fstatat64
11150     case TARGET_NR_fstatat64:
11151 #endif
11152 #ifdef TARGET_NR_newfstatat
11153     case TARGET_NR_newfstatat:
11154 #endif
11155         if (!(p = lock_user_string(arg2))) {
11156             return -TARGET_EFAULT;
11157         }
11158         ret = get_errno(fstatat(arg1, path(p), &st, arg4));
11159         unlock_user(p, arg2, 0);
11160         if (!is_error(ret))
11161             ret = host_to_target_stat64(cpu_env, arg3, &st);
11162         return ret;
11163 #endif
11164 #if defined(TARGET_NR_statx)
11165     case TARGET_NR_statx:
11166         {
11167             struct target_statx *target_stx;
11168             int dirfd = arg1;
11169             int flags = arg3;
11170 
11171             p = lock_user_string(arg2);
11172             if (p == NULL) {
11173                 return -TARGET_EFAULT;
11174             }
11175 #if defined(__NR_statx)
11176             {
11177                 /*
11178                  * It is assumed that struct statx is architecture independent.
11179                  */
11180                 struct target_statx host_stx;
11181                 int mask = arg4;
11182 
11183                 ret = get_errno(sys_statx(dirfd, p, flags, mask, &host_stx));
11184                 if (!is_error(ret)) {
11185                     if (host_to_target_statx(&host_stx, arg5) != 0) {
11186                         unlock_user(p, arg2, 0);
11187                         return -TARGET_EFAULT;
11188                     }
11189                 }
11190 
11191                 if (ret != -TARGET_ENOSYS) {
11192                     unlock_user(p, arg2, 0);
11193                     return ret;
11194                 }
11195             }
11196 #endif
11197             ret = get_errno(fstatat(dirfd, path(p), &st, flags));
11198             unlock_user(p, arg2, 0);
11199 
11200             if (!is_error(ret)) {
11201                 if (!lock_user_struct(VERIFY_WRITE, target_stx, arg5, 0)) {
11202                     return -TARGET_EFAULT;
11203                 }
11204                 memset(target_stx, 0, sizeof(*target_stx));
11205                 __put_user(major(st.st_dev), &target_stx->stx_dev_major);
11206                 __put_user(minor(st.st_dev), &target_stx->stx_dev_minor);
11207                 __put_user(st.st_ino, &target_stx->stx_ino);
11208                 __put_user(st.st_mode, &target_stx->stx_mode);
11209                 __put_user(st.st_uid, &target_stx->stx_uid);
11210                 __put_user(st.st_gid, &target_stx->stx_gid);
11211                 __put_user(st.st_nlink, &target_stx->stx_nlink);
11212                 __put_user(major(st.st_rdev), &target_stx->stx_rdev_major);
11213                 __put_user(minor(st.st_rdev), &target_stx->stx_rdev_minor);
11214                 __put_user(st.st_size, &target_stx->stx_size);
11215                 __put_user(st.st_blksize, &target_stx->stx_blksize);
11216                 __put_user(st.st_blocks, &target_stx->stx_blocks);
11217                 __put_user(st.st_atime, &target_stx->stx_atime.tv_sec);
11218                 __put_user(st.st_mtime, &target_stx->stx_mtime.tv_sec);
11219                 __put_user(st.st_ctime, &target_stx->stx_ctime.tv_sec);
11220                 unlock_user_struct(target_stx, arg5, 1);
11221             }
11222         }
11223         return ret;
11224 #endif
11225 #ifdef TARGET_NR_lchown
11226     case TARGET_NR_lchown:
11227         if (!(p = lock_user_string(arg1)))
11228             return -TARGET_EFAULT;
11229         ret = get_errno(lchown(p, low2highuid(arg2), low2highgid(arg3)));
11230         unlock_user(p, arg1, 0);
11231         return ret;
11232 #endif
11233 #ifdef TARGET_NR_getuid
11234     case TARGET_NR_getuid:
11235         return get_errno(high2lowuid(getuid()));
11236 #endif
11237 #ifdef TARGET_NR_getgid
11238     case TARGET_NR_getgid:
11239         return get_errno(high2lowgid(getgid()));
11240 #endif
11241 #ifdef TARGET_NR_geteuid
11242     case TARGET_NR_geteuid:
11243         return get_errno(high2lowuid(geteuid()));
11244 #endif
11245 #ifdef TARGET_NR_getegid
11246     case TARGET_NR_getegid:
11247         return get_errno(high2lowgid(getegid()));
11248 #endif
11249     case TARGET_NR_setreuid:
11250         return get_errno(setreuid(low2highuid(arg1), low2highuid(arg2)));
11251     case TARGET_NR_setregid:
11252         return get_errno(setregid(low2highgid(arg1), low2highgid(arg2)));
11253     case TARGET_NR_getgroups:
11254         {
11255             int gidsetsize = arg1;
11256             target_id *target_grouplist;
11257             gid_t *grouplist;
11258             int i;
11259 
11260             grouplist = alloca(gidsetsize * sizeof(gid_t));
11261             ret = get_errno(getgroups(gidsetsize, grouplist));
11262             if (gidsetsize == 0)
11263                 return ret;
11264             if (!is_error(ret)) {
11265                 target_grouplist = lock_user(VERIFY_WRITE, arg2, gidsetsize * sizeof(target_id), 0);
11266                 if (!target_grouplist)
11267                     return -TARGET_EFAULT;
11268                 for(i = 0;i < ret; i++)
11269                     target_grouplist[i] = tswapid(high2lowgid(grouplist[i]));
11270                 unlock_user(target_grouplist, arg2, gidsetsize * sizeof(target_id));
11271             }
11272         }
11273         return ret;
11274     case TARGET_NR_setgroups:
11275         {
11276             int gidsetsize = arg1;
11277             target_id *target_grouplist;
11278             gid_t *grouplist = NULL;
11279             int i;
11280             if (gidsetsize) {
11281                 grouplist = alloca(gidsetsize * sizeof(gid_t));
11282                 target_grouplist = lock_user(VERIFY_READ, arg2, gidsetsize * sizeof(target_id), 1);
11283                 if (!target_grouplist) {
11284                     return -TARGET_EFAULT;
11285                 }
11286                 for (i = 0; i < gidsetsize; i++) {
11287                     grouplist[i] = low2highgid(tswapid(target_grouplist[i]));
11288                 }
11289                 unlock_user(target_grouplist, arg2, 0);
11290             }
11291             return get_errno(setgroups(gidsetsize, grouplist));
11292         }
11293     case TARGET_NR_fchown:
11294         return get_errno(fchown(arg1, low2highuid(arg2), low2highgid(arg3)));
11295 #if defined(TARGET_NR_fchownat)
11296     case TARGET_NR_fchownat:
11297         if (!(p = lock_user_string(arg2)))
11298             return -TARGET_EFAULT;
11299         ret = get_errno(fchownat(arg1, p, low2highuid(arg3),
11300                                  low2highgid(arg4), arg5));
11301         unlock_user(p, arg2, 0);
11302         return ret;
11303 #endif
11304 #ifdef TARGET_NR_setresuid
11305     case TARGET_NR_setresuid:
11306         return get_errno(sys_setresuid(low2highuid(arg1),
11307                                        low2highuid(arg2),
11308                                        low2highuid(arg3)));
11309 #endif
11310 #ifdef TARGET_NR_getresuid
11311     case TARGET_NR_getresuid:
11312         {
11313             uid_t ruid, euid, suid;
11314             ret = get_errno(getresuid(&ruid, &euid, &suid));
11315             if (!is_error(ret)) {
11316                 if (put_user_id(high2lowuid(ruid), arg1)
11317                     || put_user_id(high2lowuid(euid), arg2)
11318                     || put_user_id(high2lowuid(suid), arg3))
11319                     return -TARGET_EFAULT;
11320             }
11321         }
11322         return ret;
11323 #endif
11324 #ifdef TARGET_NR_getresgid
11325     case TARGET_NR_setresgid:
11326         return get_errno(sys_setresgid(low2highgid(arg1),
11327                                        low2highgid(arg2),
11328                                        low2highgid(arg3)));
11329 #endif
11330 #ifdef TARGET_NR_getresgid
11331     case TARGET_NR_getresgid:
11332         {
11333             gid_t rgid, egid, sgid;
11334             ret = get_errno(getresgid(&rgid, &egid, &sgid));
11335             if (!is_error(ret)) {
11336                 if (put_user_id(high2lowgid(rgid), arg1)
11337                     || put_user_id(high2lowgid(egid), arg2)
11338                     || put_user_id(high2lowgid(sgid), arg3))
11339                     return -TARGET_EFAULT;
11340             }
11341         }
11342         return ret;
11343 #endif
11344 #ifdef TARGET_NR_chown
11345     case TARGET_NR_chown:
11346         if (!(p = lock_user_string(arg1)))
11347             return -TARGET_EFAULT;
11348         ret = get_errno(chown(p, low2highuid(arg2), low2highgid(arg3)));
11349         unlock_user(p, arg1, 0);
11350         return ret;
11351 #endif
11352     case TARGET_NR_setuid:
11353         return get_errno(sys_setuid(low2highuid(arg1)));
11354     case TARGET_NR_setgid:
11355         return get_errno(sys_setgid(low2highgid(arg1)));
11356     case TARGET_NR_setfsuid:
11357         return get_errno(setfsuid(arg1));
11358     case TARGET_NR_setfsgid:
11359         return get_errno(setfsgid(arg1));
11360 
11361 #ifdef TARGET_NR_lchown32
11362     case TARGET_NR_lchown32:
11363         if (!(p = lock_user_string(arg1)))
11364             return -TARGET_EFAULT;
11365         ret = get_errno(lchown(p, arg2, arg3));
11366         unlock_user(p, arg1, 0);
11367         return ret;
11368 #endif
11369 #ifdef TARGET_NR_getuid32
11370     case TARGET_NR_getuid32:
11371         return get_errno(getuid());
11372 #endif
11373 
11374 #if defined(TARGET_NR_getxuid) && defined(TARGET_ALPHA)
11375    /* Alpha specific */
11376     case TARGET_NR_getxuid:
11377          {
11378             uid_t euid;
11379             euid=geteuid();
11380             ((CPUAlphaState *)cpu_env)->ir[IR_A4]=euid;
11381          }
11382         return get_errno(getuid());
11383 #endif
11384 #if defined(TARGET_NR_getxgid) && defined(TARGET_ALPHA)
11385    /* Alpha specific */
11386     case TARGET_NR_getxgid:
11387          {
11388             uid_t egid;
11389             egid=getegid();
11390             ((CPUAlphaState *)cpu_env)->ir[IR_A4]=egid;
11391          }
11392         return get_errno(getgid());
11393 #endif
11394 #if defined(TARGET_NR_osf_getsysinfo) && defined(TARGET_ALPHA)
11395     /* Alpha specific */
11396     case TARGET_NR_osf_getsysinfo:
11397         ret = -TARGET_EOPNOTSUPP;
11398         switch (arg1) {
11399           case TARGET_GSI_IEEE_FP_CONTROL:
11400             {
11401                 uint64_t fpcr = cpu_alpha_load_fpcr(cpu_env);
11402                 uint64_t swcr = ((CPUAlphaState *)cpu_env)->swcr;
11403 
11404                 swcr &= ~SWCR_STATUS_MASK;
11405                 swcr |= (fpcr >> 35) & SWCR_STATUS_MASK;
11406 
11407                 if (put_user_u64 (swcr, arg2))
11408                         return -TARGET_EFAULT;
11409                 ret = 0;
11410             }
11411             break;
11412 
11413           /* case GSI_IEEE_STATE_AT_SIGNAL:
11414              -- Not implemented in linux kernel.
11415              case GSI_UACPROC:
11416              -- Retrieves current unaligned access state; not much used.
11417              case GSI_PROC_TYPE:
11418              -- Retrieves implver information; surely not used.
11419              case GSI_GET_HWRPB:
11420              -- Grabs a copy of the HWRPB; surely not used.
11421           */
11422         }
11423         return ret;
11424 #endif
11425 #if defined(TARGET_NR_osf_setsysinfo) && defined(TARGET_ALPHA)
11426     /* Alpha specific */
11427     case TARGET_NR_osf_setsysinfo:
11428         ret = -TARGET_EOPNOTSUPP;
11429         switch (arg1) {
11430           case TARGET_SSI_IEEE_FP_CONTROL:
11431             {
11432                 uint64_t swcr, fpcr;
11433 
11434                 if (get_user_u64 (swcr, arg2)) {
11435                     return -TARGET_EFAULT;
11436                 }
11437 
11438                 /*
11439                  * The kernel calls swcr_update_status to update the
11440                  * status bits from the fpcr at every point that it
11441                  * could be queried.  Therefore, we store the status
11442                  * bits only in FPCR.
11443                  */
11444                 ((CPUAlphaState *)cpu_env)->swcr
11445                     = swcr & (SWCR_TRAP_ENABLE_MASK | SWCR_MAP_MASK);
11446 
11447                 fpcr = cpu_alpha_load_fpcr(cpu_env);
11448                 fpcr &= ((uint64_t)FPCR_DYN_MASK << 32);
11449                 fpcr |= alpha_ieee_swcr_to_fpcr(swcr);
11450                 cpu_alpha_store_fpcr(cpu_env, fpcr);
11451                 ret = 0;
11452             }
11453             break;
11454 
11455           case TARGET_SSI_IEEE_RAISE_EXCEPTION:
11456             {
11457                 uint64_t exc, fpcr, fex;
11458 
11459                 if (get_user_u64(exc, arg2)) {
11460                     return -TARGET_EFAULT;
11461                 }
11462                 exc &= SWCR_STATUS_MASK;
11463                 fpcr = cpu_alpha_load_fpcr(cpu_env);
11464 
11465                 /* Old exceptions are not signaled.  */
11466                 fex = alpha_ieee_fpcr_to_swcr(fpcr);
11467                 fex = exc & ~fex;
11468                 fex >>= SWCR_STATUS_TO_EXCSUM_SHIFT;
11469                 fex &= ((CPUArchState *)cpu_env)->swcr;
11470 
11471                 /* Update the hardware fpcr.  */
11472                 fpcr |= alpha_ieee_swcr_to_fpcr(exc);
11473                 cpu_alpha_store_fpcr(cpu_env, fpcr);
11474 
11475                 if (fex) {
11476                     int si_code = TARGET_FPE_FLTUNK;
11477                     target_siginfo_t info;
11478 
11479                     if (fex & SWCR_TRAP_ENABLE_DNO) {
11480                         si_code = TARGET_FPE_FLTUND;
11481                     }
11482                     if (fex & SWCR_TRAP_ENABLE_INE) {
11483                         si_code = TARGET_FPE_FLTRES;
11484                     }
11485                     if (fex & SWCR_TRAP_ENABLE_UNF) {
11486                         si_code = TARGET_FPE_FLTUND;
11487                     }
11488                     if (fex & SWCR_TRAP_ENABLE_OVF) {
11489                         si_code = TARGET_FPE_FLTOVF;
11490                     }
11491                     if (fex & SWCR_TRAP_ENABLE_DZE) {
11492                         si_code = TARGET_FPE_FLTDIV;
11493                     }
11494                     if (fex & SWCR_TRAP_ENABLE_INV) {
11495                         si_code = TARGET_FPE_FLTINV;
11496                     }
11497 
11498                     info.si_signo = SIGFPE;
11499                     info.si_errno = 0;
11500                     info.si_code = si_code;
11501                     info._sifields._sigfault._addr
11502                         = ((CPUArchState *)cpu_env)->pc;
11503                     queue_signal((CPUArchState *)cpu_env, info.si_signo,
11504                                  QEMU_SI_FAULT, &info);
11505                 }
11506                 ret = 0;
11507             }
11508             break;
11509 
11510           /* case SSI_NVPAIRS:
11511              -- Used with SSIN_UACPROC to enable unaligned accesses.
11512              case SSI_IEEE_STATE_AT_SIGNAL:
11513              case SSI_IEEE_IGNORE_STATE_AT_SIGNAL:
11514              -- Not implemented in linux kernel
11515           */
11516         }
11517         return ret;
11518 #endif
11519 #ifdef TARGET_NR_osf_sigprocmask
11520     /* Alpha specific.  */
11521     case TARGET_NR_osf_sigprocmask:
11522         {
11523             abi_ulong mask;
11524             int how;
11525             sigset_t set, oldset;
11526 
11527             switch(arg1) {
11528             case TARGET_SIG_BLOCK:
11529                 how = SIG_BLOCK;
11530                 break;
11531             case TARGET_SIG_UNBLOCK:
11532                 how = SIG_UNBLOCK;
11533                 break;
11534             case TARGET_SIG_SETMASK:
11535                 how = SIG_SETMASK;
11536                 break;
11537             default:
11538                 return -TARGET_EINVAL;
11539             }
11540             mask = arg2;
11541             target_to_host_old_sigset(&set, &mask);
11542             ret = do_sigprocmask(how, &set, &oldset);
11543             if (!ret) {
11544                 host_to_target_old_sigset(&mask, &oldset);
11545                 ret = mask;
11546             }
11547         }
11548         return ret;
11549 #endif
11550 
11551 #ifdef TARGET_NR_getgid32
11552     case TARGET_NR_getgid32:
11553         return get_errno(getgid());
11554 #endif
11555 #ifdef TARGET_NR_geteuid32
11556     case TARGET_NR_geteuid32:
11557         return get_errno(geteuid());
11558 #endif
11559 #ifdef TARGET_NR_getegid32
11560     case TARGET_NR_getegid32:
11561         return get_errno(getegid());
11562 #endif
11563 #ifdef TARGET_NR_setreuid32
11564     case TARGET_NR_setreuid32:
11565         return get_errno(setreuid(arg1, arg2));
11566 #endif
11567 #ifdef TARGET_NR_setregid32
11568     case TARGET_NR_setregid32:
11569         return get_errno(setregid(arg1, arg2));
11570 #endif
11571 #ifdef TARGET_NR_getgroups32
11572     case TARGET_NR_getgroups32:
11573         {
11574             int gidsetsize = arg1;
11575             uint32_t *target_grouplist;
11576             gid_t *grouplist;
11577             int i;
11578 
11579             grouplist = alloca(gidsetsize * sizeof(gid_t));
11580             ret = get_errno(getgroups(gidsetsize, grouplist));
11581             if (gidsetsize == 0)
11582                 return ret;
11583             if (!is_error(ret)) {
11584                 target_grouplist = lock_user(VERIFY_WRITE, arg2, gidsetsize * 4, 0);
11585                 if (!target_grouplist) {
11586                     return -TARGET_EFAULT;
11587                 }
11588                 for(i = 0;i < ret; i++)
11589                     target_grouplist[i] = tswap32(grouplist[i]);
11590                 unlock_user(target_grouplist, arg2, gidsetsize * 4);
11591             }
11592         }
11593         return ret;
11594 #endif
11595 #ifdef TARGET_NR_setgroups32
11596     case TARGET_NR_setgroups32:
11597         {
11598             int gidsetsize = arg1;
11599             uint32_t *target_grouplist;
11600             gid_t *grouplist;
11601             int i;
11602 
11603             grouplist = alloca(gidsetsize * sizeof(gid_t));
11604             target_grouplist = lock_user(VERIFY_READ, arg2, gidsetsize * 4, 1);
11605             if (!target_grouplist) {
11606                 return -TARGET_EFAULT;
11607             }
11608             for(i = 0;i < gidsetsize; i++)
11609                 grouplist[i] = tswap32(target_grouplist[i]);
11610             unlock_user(target_grouplist, arg2, 0);
11611             return get_errno(setgroups(gidsetsize, grouplist));
11612         }
11613 #endif
11614 #ifdef TARGET_NR_fchown32
11615     case TARGET_NR_fchown32:
11616         return get_errno(fchown(arg1, arg2, arg3));
11617 #endif
11618 #ifdef TARGET_NR_setresuid32
11619     case TARGET_NR_setresuid32:
11620         return get_errno(sys_setresuid(arg1, arg2, arg3));
11621 #endif
11622 #ifdef TARGET_NR_getresuid32
11623     case TARGET_NR_getresuid32:
11624         {
11625             uid_t ruid, euid, suid;
11626             ret = get_errno(getresuid(&ruid, &euid, &suid));
11627             if (!is_error(ret)) {
11628                 if (put_user_u32(ruid, arg1)
11629                     || put_user_u32(euid, arg2)
11630                     || put_user_u32(suid, arg3))
11631                     return -TARGET_EFAULT;
11632             }
11633         }
11634         return ret;
11635 #endif
11636 #ifdef TARGET_NR_setresgid32
11637     case TARGET_NR_setresgid32:
11638         return get_errno(sys_setresgid(arg1, arg2, arg3));
11639 #endif
11640 #ifdef TARGET_NR_getresgid32
11641     case TARGET_NR_getresgid32:
11642         {
11643             gid_t rgid, egid, sgid;
11644             ret = get_errno(getresgid(&rgid, &egid, &sgid));
11645             if (!is_error(ret)) {
11646                 if (put_user_u32(rgid, arg1)
11647                     || put_user_u32(egid, arg2)
11648                     || put_user_u32(sgid, arg3))
11649                     return -TARGET_EFAULT;
11650             }
11651         }
11652         return ret;
11653 #endif
11654 #ifdef TARGET_NR_chown32
11655     case TARGET_NR_chown32:
11656         if (!(p = lock_user_string(arg1)))
11657             return -TARGET_EFAULT;
11658         ret = get_errno(chown(p, arg2, arg3));
11659         unlock_user(p, arg1, 0);
11660         return ret;
11661 #endif
11662 #ifdef TARGET_NR_setuid32
11663     case TARGET_NR_setuid32:
11664         return get_errno(sys_setuid(arg1));
11665 #endif
11666 #ifdef TARGET_NR_setgid32
11667     case TARGET_NR_setgid32:
11668         return get_errno(sys_setgid(arg1));
11669 #endif
11670 #ifdef TARGET_NR_setfsuid32
11671     case TARGET_NR_setfsuid32:
11672         return get_errno(setfsuid(arg1));
11673 #endif
11674 #ifdef TARGET_NR_setfsgid32
11675     case TARGET_NR_setfsgid32:
11676         return get_errno(setfsgid(arg1));
11677 #endif
11678 #ifdef TARGET_NR_mincore
11679     case TARGET_NR_mincore:
11680         {
11681             void *a = lock_user(VERIFY_READ, arg1, arg2, 0);
11682             if (!a) {
11683                 return -TARGET_ENOMEM;
11684             }
11685             p = lock_user_string(arg3);
11686             if (!p) {
11687                 ret = -TARGET_EFAULT;
11688             } else {
11689                 ret = get_errno(mincore(a, arg2, p));
11690                 unlock_user(p, arg3, ret);
11691             }
11692             unlock_user(a, arg1, 0);
11693         }
11694         return ret;
11695 #endif
11696 #ifdef TARGET_NR_arm_fadvise64_64
11697     case TARGET_NR_arm_fadvise64_64:
11698         /* arm_fadvise64_64 looks like fadvise64_64 but
11699          * with different argument order: fd, advice, offset, len
11700          * rather than the usual fd, offset, len, advice.
11701          * Note that offset and len are both 64-bit so appear as
11702          * pairs of 32-bit registers.
11703          */
11704         ret = posix_fadvise(arg1, target_offset64(arg3, arg4),
11705                             target_offset64(arg5, arg6), arg2);
11706         return -host_to_target_errno(ret);
11707 #endif
11708 
11709 #if TARGET_ABI_BITS == 32
11710 
11711 #ifdef TARGET_NR_fadvise64_64
11712     case TARGET_NR_fadvise64_64:
11713 #if defined(TARGET_PPC) || defined(TARGET_XTENSA)
11714         /* 6 args: fd, advice, offset (high, low), len (high, low) */
11715         ret = arg2;
11716         arg2 = arg3;
11717         arg3 = arg4;
11718         arg4 = arg5;
11719         arg5 = arg6;
11720         arg6 = ret;
11721 #else
11722         /* 6 args: fd, offset (high, low), len (high, low), advice */
11723         if (regpairs_aligned(cpu_env, num)) {
11724             /* offset is in (3,4), len in (5,6) and advice in 7 */
11725             arg2 = arg3;
11726             arg3 = arg4;
11727             arg4 = arg5;
11728             arg5 = arg6;
11729             arg6 = arg7;
11730         }
11731 #endif
11732         ret = posix_fadvise(arg1, target_offset64(arg2, arg3),
11733                             target_offset64(arg4, arg5), arg6);
11734         return -host_to_target_errno(ret);
11735 #endif
11736 
11737 #ifdef TARGET_NR_fadvise64
11738     case TARGET_NR_fadvise64:
11739         /* 5 args: fd, offset (high, low), len, advice */
11740         if (regpairs_aligned(cpu_env, num)) {
11741             /* offset is in (3,4), len in 5 and advice in 6 */
11742             arg2 = arg3;
11743             arg3 = arg4;
11744             arg4 = arg5;
11745             arg5 = arg6;
11746         }
11747         ret = posix_fadvise(arg1, target_offset64(arg2, arg3), arg4, arg5);
11748         return -host_to_target_errno(ret);
11749 #endif
11750 
11751 #else /* not a 32-bit ABI */
11752 #if defined(TARGET_NR_fadvise64_64) || defined(TARGET_NR_fadvise64)
11753 #ifdef TARGET_NR_fadvise64_64
11754     case TARGET_NR_fadvise64_64:
11755 #endif
11756 #ifdef TARGET_NR_fadvise64
11757     case TARGET_NR_fadvise64:
11758 #endif
11759 #ifdef TARGET_S390X
11760         switch (arg4) {
11761         case 4: arg4 = POSIX_FADV_NOREUSE + 1; break; /* make sure it's an invalid value */
11762         case 5: arg4 = POSIX_FADV_NOREUSE + 2; break; /* ditto */
11763         case 6: arg4 = POSIX_FADV_DONTNEED; break;
11764         case 7: arg4 = POSIX_FADV_NOREUSE; break;
11765         default: break;
11766         }
11767 #endif
11768         return -host_to_target_errno(posix_fadvise(arg1, arg2, arg3, arg4));
11769 #endif
11770 #endif /* end of 64-bit ABI fadvise handling */
11771 
11772 #ifdef TARGET_NR_madvise
11773     case TARGET_NR_madvise:
11774         /* A straight passthrough may not be safe because qemu sometimes
11775            turns private file-backed mappings into anonymous mappings.
11776            This will break MADV_DONTNEED.
11777            This is a hint, so ignoring and returning success is ok.  */
11778         return 0;
11779 #endif
11780 #ifdef TARGET_NR_fcntl64
11781     case TARGET_NR_fcntl64:
11782     {
11783         int cmd;
11784         struct flock64 fl;
11785         from_flock64_fn *copyfrom = copy_from_user_flock64;
11786         to_flock64_fn *copyto = copy_to_user_flock64;
11787 
11788 #ifdef TARGET_ARM
11789         if (!((CPUARMState *)cpu_env)->eabi) {
11790             copyfrom = copy_from_user_oabi_flock64;
11791             copyto = copy_to_user_oabi_flock64;
11792         }
11793 #endif
11794 
11795         cmd = target_to_host_fcntl_cmd(arg2);
11796         if (cmd == -TARGET_EINVAL) {
11797             return cmd;
11798         }
11799 
11800         switch(arg2) {
11801         case TARGET_F_GETLK64:
11802             ret = copyfrom(&fl, arg3);
11803             if (ret) {
11804                 break;
11805             }
11806             ret = get_errno(safe_fcntl(arg1, cmd, &fl));
11807             if (ret == 0) {
11808                 ret = copyto(arg3, &fl);
11809             }
11810 	    break;
11811 
11812         case TARGET_F_SETLK64:
11813         case TARGET_F_SETLKW64:
11814             ret = copyfrom(&fl, arg3);
11815             if (ret) {
11816                 break;
11817             }
11818             ret = get_errno(safe_fcntl(arg1, cmd, &fl));
11819 	    break;
11820         default:
11821             ret = do_fcntl(arg1, arg2, arg3);
11822             break;
11823         }
11824         return ret;
11825     }
11826 #endif
11827 #ifdef TARGET_NR_cacheflush
11828     case TARGET_NR_cacheflush:
11829         /* self-modifying code is handled automatically, so nothing needed */
11830         return 0;
11831 #endif
11832 #ifdef TARGET_NR_getpagesize
11833     case TARGET_NR_getpagesize:
11834         return TARGET_PAGE_SIZE;
11835 #endif
11836     case TARGET_NR_gettid:
11837         return get_errno(sys_gettid());
11838 #ifdef TARGET_NR_readahead
11839     case TARGET_NR_readahead:
11840 #if TARGET_ABI_BITS == 32
11841         if (regpairs_aligned(cpu_env, num)) {
11842             arg2 = arg3;
11843             arg3 = arg4;
11844             arg4 = arg5;
11845         }
11846         ret = get_errno(readahead(arg1, target_offset64(arg2, arg3) , arg4));
11847 #else
11848         ret = get_errno(readahead(arg1, arg2, arg3));
11849 #endif
11850         return ret;
11851 #endif
11852 #ifdef CONFIG_ATTR
11853 #ifdef TARGET_NR_setxattr
11854     case TARGET_NR_listxattr:
11855     case TARGET_NR_llistxattr:
11856     {
11857         void *p, *b = 0;
11858         if (arg2) {
11859             b = lock_user(VERIFY_WRITE, arg2, arg3, 0);
11860             if (!b) {
11861                 return -TARGET_EFAULT;
11862             }
11863         }
11864         p = lock_user_string(arg1);
11865         if (p) {
11866             if (num == TARGET_NR_listxattr) {
11867                 ret = get_errno(listxattr(p, b, arg3));
11868             } else {
11869                 ret = get_errno(llistxattr(p, b, arg3));
11870             }
11871         } else {
11872             ret = -TARGET_EFAULT;
11873         }
11874         unlock_user(p, arg1, 0);
11875         unlock_user(b, arg2, arg3);
11876         return ret;
11877     }
11878     case TARGET_NR_flistxattr:
11879     {
11880         void *b = 0;
11881         if (arg2) {
11882             b = lock_user(VERIFY_WRITE, arg2, arg3, 0);
11883             if (!b) {
11884                 return -TARGET_EFAULT;
11885             }
11886         }
11887         ret = get_errno(flistxattr(arg1, b, arg3));
11888         unlock_user(b, arg2, arg3);
11889         return ret;
11890     }
11891     case TARGET_NR_setxattr:
11892     case TARGET_NR_lsetxattr:
11893         {
11894             void *p, *n, *v = 0;
11895             if (arg3) {
11896                 v = lock_user(VERIFY_READ, arg3, arg4, 1);
11897                 if (!v) {
11898                     return -TARGET_EFAULT;
11899                 }
11900             }
11901             p = lock_user_string(arg1);
11902             n = lock_user_string(arg2);
11903             if (p && n) {
11904                 if (num == TARGET_NR_setxattr) {
11905                     ret = get_errno(setxattr(p, n, v, arg4, arg5));
11906                 } else {
11907                     ret = get_errno(lsetxattr(p, n, v, arg4, arg5));
11908                 }
11909             } else {
11910                 ret = -TARGET_EFAULT;
11911             }
11912             unlock_user(p, arg1, 0);
11913             unlock_user(n, arg2, 0);
11914             unlock_user(v, arg3, 0);
11915         }
11916         return ret;
11917     case TARGET_NR_fsetxattr:
11918         {
11919             void *n, *v = 0;
11920             if (arg3) {
11921                 v = lock_user(VERIFY_READ, arg3, arg4, 1);
11922                 if (!v) {
11923                     return -TARGET_EFAULT;
11924                 }
11925             }
11926             n = lock_user_string(arg2);
11927             if (n) {
11928                 ret = get_errno(fsetxattr(arg1, n, v, arg4, arg5));
11929             } else {
11930                 ret = -TARGET_EFAULT;
11931             }
11932             unlock_user(n, arg2, 0);
11933             unlock_user(v, arg3, 0);
11934         }
11935         return ret;
11936     case TARGET_NR_getxattr:
11937     case TARGET_NR_lgetxattr:
11938         {
11939             void *p, *n, *v = 0;
11940             if (arg3) {
11941                 v = lock_user(VERIFY_WRITE, arg3, arg4, 0);
11942                 if (!v) {
11943                     return -TARGET_EFAULT;
11944                 }
11945             }
11946             p = lock_user_string(arg1);
11947             n = lock_user_string(arg2);
11948             if (p && n) {
11949                 if (num == TARGET_NR_getxattr) {
11950                     ret = get_errno(getxattr(p, n, v, arg4));
11951                 } else {
11952                     ret = get_errno(lgetxattr(p, n, v, arg4));
11953                 }
11954             } else {
11955                 ret = -TARGET_EFAULT;
11956             }
11957             unlock_user(p, arg1, 0);
11958             unlock_user(n, arg2, 0);
11959             unlock_user(v, arg3, arg4);
11960         }
11961         return ret;
11962     case TARGET_NR_fgetxattr:
11963         {
11964             void *n, *v = 0;
11965             if (arg3) {
11966                 v = lock_user(VERIFY_WRITE, arg3, arg4, 0);
11967                 if (!v) {
11968                     return -TARGET_EFAULT;
11969                 }
11970             }
11971             n = lock_user_string(arg2);
11972             if (n) {
11973                 ret = get_errno(fgetxattr(arg1, n, v, arg4));
11974             } else {
11975                 ret = -TARGET_EFAULT;
11976             }
11977             unlock_user(n, arg2, 0);
11978             unlock_user(v, arg3, arg4);
11979         }
11980         return ret;
11981     case TARGET_NR_removexattr:
11982     case TARGET_NR_lremovexattr:
11983         {
11984             void *p, *n;
11985             p = lock_user_string(arg1);
11986             n = lock_user_string(arg2);
11987             if (p && n) {
11988                 if (num == TARGET_NR_removexattr) {
11989                     ret = get_errno(removexattr(p, n));
11990                 } else {
11991                     ret = get_errno(lremovexattr(p, n));
11992                 }
11993             } else {
11994                 ret = -TARGET_EFAULT;
11995             }
11996             unlock_user(p, arg1, 0);
11997             unlock_user(n, arg2, 0);
11998         }
11999         return ret;
12000     case TARGET_NR_fremovexattr:
12001         {
12002             void *n;
12003             n = lock_user_string(arg2);
12004             if (n) {
12005                 ret = get_errno(fremovexattr(arg1, n));
12006             } else {
12007                 ret = -TARGET_EFAULT;
12008             }
12009             unlock_user(n, arg2, 0);
12010         }
12011         return ret;
12012 #endif
12013 #endif /* CONFIG_ATTR */
12014 #ifdef TARGET_NR_set_thread_area
12015     case TARGET_NR_set_thread_area:
12016 #if defined(TARGET_MIPS)
12017       ((CPUMIPSState *) cpu_env)->active_tc.CP0_UserLocal = arg1;
12018       return 0;
12019 #elif defined(TARGET_CRIS)
12020       if (arg1 & 0xff)
12021           ret = -TARGET_EINVAL;
12022       else {
12023           ((CPUCRISState *) cpu_env)->pregs[PR_PID] = arg1;
12024           ret = 0;
12025       }
12026       return ret;
12027 #elif defined(TARGET_I386) && defined(TARGET_ABI32)
12028       return do_set_thread_area(cpu_env, arg1);
12029 #elif defined(TARGET_M68K)
12030       {
12031           TaskState *ts = cpu->opaque;
12032           ts->tp_value = arg1;
12033           return 0;
12034       }
12035 #else
12036       return -TARGET_ENOSYS;
12037 #endif
12038 #endif
12039 #ifdef TARGET_NR_get_thread_area
12040     case TARGET_NR_get_thread_area:
12041 #if defined(TARGET_I386) && defined(TARGET_ABI32)
12042         return do_get_thread_area(cpu_env, arg1);
12043 #elif defined(TARGET_M68K)
12044         {
12045             TaskState *ts = cpu->opaque;
12046             return ts->tp_value;
12047         }
12048 #else
12049         return -TARGET_ENOSYS;
12050 #endif
12051 #endif
12052 #ifdef TARGET_NR_getdomainname
12053     case TARGET_NR_getdomainname:
12054         return -TARGET_ENOSYS;
12055 #endif
12056 
12057 #ifdef TARGET_NR_clock_settime
12058     case TARGET_NR_clock_settime:
12059     {
12060         struct timespec ts;
12061 
12062         ret = target_to_host_timespec(&ts, arg2);
12063         if (!is_error(ret)) {
12064             ret = get_errno(clock_settime(arg1, &ts));
12065         }
12066         return ret;
12067     }
12068 #endif
12069 #ifdef TARGET_NR_clock_settime64
12070     case TARGET_NR_clock_settime64:
12071     {
12072         struct timespec ts;
12073 
12074         ret = target_to_host_timespec64(&ts, arg2);
12075         if (!is_error(ret)) {
12076             ret = get_errno(clock_settime(arg1, &ts));
12077         }
12078         return ret;
12079     }
12080 #endif
12081 #ifdef TARGET_NR_clock_gettime
12082     case TARGET_NR_clock_gettime:
12083     {
12084         struct timespec ts;
12085         ret = get_errno(clock_gettime(arg1, &ts));
12086         if (!is_error(ret)) {
12087             ret = host_to_target_timespec(arg2, &ts);
12088         }
12089         return ret;
12090     }
12091 #endif
12092 #ifdef TARGET_NR_clock_gettime64
12093     case TARGET_NR_clock_gettime64:
12094     {
12095         struct timespec ts;
12096         ret = get_errno(clock_gettime(arg1, &ts));
12097         if (!is_error(ret)) {
12098             ret = host_to_target_timespec64(arg2, &ts);
12099         }
12100         return ret;
12101     }
12102 #endif
12103 #ifdef TARGET_NR_clock_getres
12104     case TARGET_NR_clock_getres:
12105     {
12106         struct timespec ts;
12107         ret = get_errno(clock_getres(arg1, &ts));
12108         if (!is_error(ret)) {
12109             host_to_target_timespec(arg2, &ts);
12110         }
12111         return ret;
12112     }
12113 #endif
12114 #ifdef TARGET_NR_clock_getres_time64
12115     case TARGET_NR_clock_getres_time64:
12116     {
12117         struct timespec ts;
12118         ret = get_errno(clock_getres(arg1, &ts));
12119         if (!is_error(ret)) {
12120             host_to_target_timespec64(arg2, &ts);
12121         }
12122         return ret;
12123     }
12124 #endif
12125 #ifdef TARGET_NR_clock_nanosleep
12126     case TARGET_NR_clock_nanosleep:
12127     {
12128         struct timespec ts;
12129         if (target_to_host_timespec(&ts, arg3)) {
12130             return -TARGET_EFAULT;
12131         }
12132         ret = get_errno(safe_clock_nanosleep(arg1, arg2,
12133                                              &ts, arg4 ? &ts : NULL));
12134         /*
12135          * if the call is interrupted by a signal handler, it fails
12136          * with error -TARGET_EINTR and if arg4 is not NULL and arg2 is not
12137          * TIMER_ABSTIME, it returns the remaining unslept time in arg4.
12138          */
12139         if (ret == -TARGET_EINTR && arg4 && arg2 != TIMER_ABSTIME &&
12140             host_to_target_timespec(arg4, &ts)) {
12141               return -TARGET_EFAULT;
12142         }
12143 
12144         return ret;
12145     }
12146 #endif
12147 #ifdef TARGET_NR_clock_nanosleep_time64
12148     case TARGET_NR_clock_nanosleep_time64:
12149     {
12150         struct timespec ts;
12151 
12152         if (target_to_host_timespec64(&ts, arg3)) {
12153             return -TARGET_EFAULT;
12154         }
12155 
12156         ret = get_errno(safe_clock_nanosleep(arg1, arg2,
12157                                              &ts, arg4 ? &ts : NULL));
12158 
12159         if (ret == -TARGET_EINTR && arg4 && arg2 != TIMER_ABSTIME &&
12160             host_to_target_timespec64(arg4, &ts)) {
12161             return -TARGET_EFAULT;
12162         }
12163         return ret;
12164     }
12165 #endif
12166 
12167 #if defined(TARGET_NR_set_tid_address) && defined(__NR_set_tid_address)
12168     case TARGET_NR_set_tid_address:
12169         return get_errno(set_tid_address((int *)g2h(arg1)));
12170 #endif
12171 
12172     case TARGET_NR_tkill:
12173         return get_errno(safe_tkill((int)arg1, target_to_host_signal(arg2)));
12174 
12175     case TARGET_NR_tgkill:
12176         return get_errno(safe_tgkill((int)arg1, (int)arg2,
12177                          target_to_host_signal(arg3)));
12178 
12179 #ifdef TARGET_NR_set_robust_list
12180     case TARGET_NR_set_robust_list:
12181     case TARGET_NR_get_robust_list:
12182         /* The ABI for supporting robust futexes has userspace pass
12183          * the kernel a pointer to a linked list which is updated by
12184          * userspace after the syscall; the list is walked by the kernel
12185          * when the thread exits. Since the linked list in QEMU guest
12186          * memory isn't a valid linked list for the host and we have
12187          * no way to reliably intercept the thread-death event, we can't
12188          * support these. Silently return ENOSYS so that guest userspace
12189          * falls back to a non-robust futex implementation (which should
12190          * be OK except in the corner case of the guest crashing while
12191          * holding a mutex that is shared with another process via
12192          * shared memory).
12193          */
12194         return -TARGET_ENOSYS;
12195 #endif
12196 
12197 #if defined(TARGET_NR_utimensat)
12198     case TARGET_NR_utimensat:
12199         {
12200             struct timespec *tsp, ts[2];
12201             if (!arg3) {
12202                 tsp = NULL;
12203             } else {
12204                 if (target_to_host_timespec(ts, arg3)) {
12205                     return -TARGET_EFAULT;
12206                 }
12207                 if (target_to_host_timespec(ts + 1, arg3 +
12208                                             sizeof(struct target_timespec))) {
12209                     return -TARGET_EFAULT;
12210                 }
12211                 tsp = ts;
12212             }
12213             if (!arg2)
12214                 ret = get_errno(sys_utimensat(arg1, NULL, tsp, arg4));
12215             else {
12216                 if (!(p = lock_user_string(arg2))) {
12217                     return -TARGET_EFAULT;
12218                 }
12219                 ret = get_errno(sys_utimensat(arg1, path(p), tsp, arg4));
12220                 unlock_user(p, arg2, 0);
12221             }
12222         }
12223         return ret;
12224 #endif
12225 #ifdef TARGET_NR_utimensat_time64
12226     case TARGET_NR_utimensat_time64:
12227         {
12228             struct timespec *tsp, ts[2];
12229             if (!arg3) {
12230                 tsp = NULL;
12231             } else {
12232                 if (target_to_host_timespec64(ts, arg3)) {
12233                     return -TARGET_EFAULT;
12234                 }
12235                 if (target_to_host_timespec64(ts + 1, arg3 +
12236                                      sizeof(struct target__kernel_timespec))) {
12237                     return -TARGET_EFAULT;
12238                 }
12239                 tsp = ts;
12240             }
12241             if (!arg2)
12242                 ret = get_errno(sys_utimensat(arg1, NULL, tsp, arg4));
12243             else {
12244                 p = lock_user_string(arg2);
12245                 if (!p) {
12246                     return -TARGET_EFAULT;
12247                 }
12248                 ret = get_errno(sys_utimensat(arg1, path(p), tsp, arg4));
12249                 unlock_user(p, arg2, 0);
12250             }
12251         }
12252         return ret;
12253 #endif
12254 #ifdef TARGET_NR_futex
12255     case TARGET_NR_futex:
12256         return do_futex(arg1, arg2, arg3, arg4, arg5, arg6);
12257 #endif
12258 #ifdef TARGET_NR_futex_time64
12259     case TARGET_NR_futex_time64:
12260         return do_futex_time64(arg1, arg2, arg3, arg4, arg5, arg6);
12261 #endif
12262 #if defined(TARGET_NR_inotify_init) && defined(__NR_inotify_init)
12263     case TARGET_NR_inotify_init:
12264         ret = get_errno(sys_inotify_init());
12265         if (ret >= 0) {
12266             fd_trans_register(ret, &target_inotify_trans);
12267         }
12268         return ret;
12269 #endif
12270 #ifdef CONFIG_INOTIFY1
12271 #if defined(TARGET_NR_inotify_init1) && defined(__NR_inotify_init1)
12272     case TARGET_NR_inotify_init1:
12273         ret = get_errno(sys_inotify_init1(target_to_host_bitmask(arg1,
12274                                           fcntl_flags_tbl)));
12275         if (ret >= 0) {
12276             fd_trans_register(ret, &target_inotify_trans);
12277         }
12278         return ret;
12279 #endif
12280 #endif
12281 #if defined(TARGET_NR_inotify_add_watch) && defined(__NR_inotify_add_watch)
12282     case TARGET_NR_inotify_add_watch:
12283         p = lock_user_string(arg2);
12284         ret = get_errno(sys_inotify_add_watch(arg1, path(p), arg3));
12285         unlock_user(p, arg2, 0);
12286         return ret;
12287 #endif
12288 #if defined(TARGET_NR_inotify_rm_watch) && defined(__NR_inotify_rm_watch)
12289     case TARGET_NR_inotify_rm_watch:
12290         return get_errno(sys_inotify_rm_watch(arg1, arg2));
12291 #endif
12292 
12293 #if defined(TARGET_NR_mq_open) && defined(__NR_mq_open)
12294     case TARGET_NR_mq_open:
12295         {
12296             struct mq_attr posix_mq_attr;
12297             struct mq_attr *pposix_mq_attr;
12298             int host_flags;
12299 
12300             host_flags = target_to_host_bitmask(arg2, fcntl_flags_tbl);
12301             pposix_mq_attr = NULL;
12302             if (arg4) {
12303                 if (copy_from_user_mq_attr(&posix_mq_attr, arg4) != 0) {
12304                     return -TARGET_EFAULT;
12305                 }
12306                 pposix_mq_attr = &posix_mq_attr;
12307             }
12308             p = lock_user_string(arg1 - 1);
12309             if (!p) {
12310                 return -TARGET_EFAULT;
12311             }
12312             ret = get_errno(mq_open(p, host_flags, arg3, pposix_mq_attr));
12313             unlock_user (p, arg1, 0);
12314         }
12315         return ret;
12316 
12317     case TARGET_NR_mq_unlink:
12318         p = lock_user_string(arg1 - 1);
12319         if (!p) {
12320             return -TARGET_EFAULT;
12321         }
12322         ret = get_errno(mq_unlink(p));
12323         unlock_user (p, arg1, 0);
12324         return ret;
12325 
12326 #ifdef TARGET_NR_mq_timedsend
12327     case TARGET_NR_mq_timedsend:
12328         {
12329             struct timespec ts;
12330 
12331             p = lock_user (VERIFY_READ, arg2, arg3, 1);
12332             if (arg5 != 0) {
12333                 if (target_to_host_timespec(&ts, arg5)) {
12334                     return -TARGET_EFAULT;
12335                 }
12336                 ret = get_errno(safe_mq_timedsend(arg1, p, arg3, arg4, &ts));
12337                 if (!is_error(ret) && host_to_target_timespec(arg5, &ts)) {
12338                     return -TARGET_EFAULT;
12339                 }
12340             } else {
12341                 ret = get_errno(safe_mq_timedsend(arg1, p, arg3, arg4, NULL));
12342             }
12343             unlock_user (p, arg2, arg3);
12344         }
12345         return ret;
12346 #endif
12347 #ifdef TARGET_NR_mq_timedsend_time64
12348     case TARGET_NR_mq_timedsend_time64:
12349         {
12350             struct timespec ts;
12351 
12352             p = lock_user(VERIFY_READ, arg2, arg3, 1);
12353             if (arg5 != 0) {
12354                 if (target_to_host_timespec64(&ts, arg5)) {
12355                     return -TARGET_EFAULT;
12356                 }
12357                 ret = get_errno(safe_mq_timedsend(arg1, p, arg3, arg4, &ts));
12358                 if (!is_error(ret) && host_to_target_timespec64(arg5, &ts)) {
12359                     return -TARGET_EFAULT;
12360                 }
12361             } else {
12362                 ret = get_errno(safe_mq_timedsend(arg1, p, arg3, arg4, NULL));
12363             }
12364             unlock_user(p, arg2, arg3);
12365         }
12366         return ret;
12367 #endif
12368 
12369 #ifdef TARGET_NR_mq_timedreceive
12370     case TARGET_NR_mq_timedreceive:
12371         {
12372             struct timespec ts;
12373             unsigned int prio;
12374 
12375             p = lock_user (VERIFY_READ, arg2, arg3, 1);
12376             if (arg5 != 0) {
12377                 if (target_to_host_timespec(&ts, arg5)) {
12378                     return -TARGET_EFAULT;
12379                 }
12380                 ret = get_errno(safe_mq_timedreceive(arg1, p, arg3,
12381                                                      &prio, &ts));
12382                 if (!is_error(ret) && host_to_target_timespec(arg5, &ts)) {
12383                     return -TARGET_EFAULT;
12384                 }
12385             } else {
12386                 ret = get_errno(safe_mq_timedreceive(arg1, p, arg3,
12387                                                      &prio, NULL));
12388             }
12389             unlock_user (p, arg2, arg3);
12390             if (arg4 != 0)
12391                 put_user_u32(prio, arg4);
12392         }
12393         return ret;
12394 #endif
12395 #ifdef TARGET_NR_mq_timedreceive_time64
12396     case TARGET_NR_mq_timedreceive_time64:
12397         {
12398             struct timespec ts;
12399             unsigned int prio;
12400 
12401             p = lock_user(VERIFY_READ, arg2, arg3, 1);
12402             if (arg5 != 0) {
12403                 if (target_to_host_timespec64(&ts, arg5)) {
12404                     return -TARGET_EFAULT;
12405                 }
12406                 ret = get_errno(safe_mq_timedreceive(arg1, p, arg3,
12407                                                      &prio, &ts));
12408                 if (!is_error(ret) && host_to_target_timespec64(arg5, &ts)) {
12409                     return -TARGET_EFAULT;
12410                 }
12411             } else {
12412                 ret = get_errno(safe_mq_timedreceive(arg1, p, arg3,
12413                                                      &prio, NULL));
12414             }
12415             unlock_user(p, arg2, arg3);
12416             if (arg4 != 0) {
12417                 put_user_u32(prio, arg4);
12418             }
12419         }
12420         return ret;
12421 #endif
12422 
12423     /* Not implemented for now... */
12424 /*     case TARGET_NR_mq_notify: */
12425 /*         break; */
12426 
12427     case TARGET_NR_mq_getsetattr:
12428         {
12429             struct mq_attr posix_mq_attr_in, posix_mq_attr_out;
12430             ret = 0;
12431             if (arg2 != 0) {
12432                 copy_from_user_mq_attr(&posix_mq_attr_in, arg2);
12433                 ret = get_errno(mq_setattr(arg1, &posix_mq_attr_in,
12434                                            &posix_mq_attr_out));
12435             } else if (arg3 != 0) {
12436                 ret = get_errno(mq_getattr(arg1, &posix_mq_attr_out));
12437             }
12438             if (ret == 0 && arg3 != 0) {
12439                 copy_to_user_mq_attr(arg3, &posix_mq_attr_out);
12440             }
12441         }
12442         return ret;
12443 #endif
12444 
12445 #ifdef CONFIG_SPLICE
12446 #ifdef TARGET_NR_tee
12447     case TARGET_NR_tee:
12448         {
12449             ret = get_errno(tee(arg1,arg2,arg3,arg4));
12450         }
12451         return ret;
12452 #endif
12453 #ifdef TARGET_NR_splice
12454     case TARGET_NR_splice:
12455         {
12456             loff_t loff_in, loff_out;
12457             loff_t *ploff_in = NULL, *ploff_out = NULL;
12458             if (arg2) {
12459                 if (get_user_u64(loff_in, arg2)) {
12460                     return -TARGET_EFAULT;
12461                 }
12462                 ploff_in = &loff_in;
12463             }
12464             if (arg4) {
12465                 if (get_user_u64(loff_out, arg4)) {
12466                     return -TARGET_EFAULT;
12467                 }
12468                 ploff_out = &loff_out;
12469             }
12470             ret = get_errno(splice(arg1, ploff_in, arg3, ploff_out, arg5, arg6));
12471             if (arg2) {
12472                 if (put_user_u64(loff_in, arg2)) {
12473                     return -TARGET_EFAULT;
12474                 }
12475             }
12476             if (arg4) {
12477                 if (put_user_u64(loff_out, arg4)) {
12478                     return -TARGET_EFAULT;
12479                 }
12480             }
12481         }
12482         return ret;
12483 #endif
12484 #ifdef TARGET_NR_vmsplice
12485 	case TARGET_NR_vmsplice:
12486         {
12487             struct iovec *vec = lock_iovec(VERIFY_READ, arg2, arg3, 1);
12488             if (vec != NULL) {
12489                 ret = get_errno(vmsplice(arg1, vec, arg3, arg4));
12490                 unlock_iovec(vec, arg2, arg3, 0);
12491             } else {
12492                 ret = -host_to_target_errno(errno);
12493             }
12494         }
12495         return ret;
12496 #endif
12497 #endif /* CONFIG_SPLICE */
12498 #ifdef CONFIG_EVENTFD
12499 #if defined(TARGET_NR_eventfd)
12500     case TARGET_NR_eventfd:
12501         ret = get_errno(eventfd(arg1, 0));
12502         if (ret >= 0) {
12503             fd_trans_register(ret, &target_eventfd_trans);
12504         }
12505         return ret;
12506 #endif
12507 #if defined(TARGET_NR_eventfd2)
12508     case TARGET_NR_eventfd2:
12509     {
12510         int host_flags = arg2 & (~(TARGET_O_NONBLOCK | TARGET_O_CLOEXEC));
12511         if (arg2 & TARGET_O_NONBLOCK) {
12512             host_flags |= O_NONBLOCK;
12513         }
12514         if (arg2 & TARGET_O_CLOEXEC) {
12515             host_flags |= O_CLOEXEC;
12516         }
12517         ret = get_errno(eventfd(arg1, host_flags));
12518         if (ret >= 0) {
12519             fd_trans_register(ret, &target_eventfd_trans);
12520         }
12521         return ret;
12522     }
12523 #endif
12524 #endif /* CONFIG_EVENTFD  */
12525 #if defined(CONFIG_FALLOCATE) && defined(TARGET_NR_fallocate)
12526     case TARGET_NR_fallocate:
12527 #if TARGET_ABI_BITS == 32
12528         ret = get_errno(fallocate(arg1, arg2, target_offset64(arg3, arg4),
12529                                   target_offset64(arg5, arg6)));
12530 #else
12531         ret = get_errno(fallocate(arg1, arg2, arg3, arg4));
12532 #endif
12533         return ret;
12534 #endif
12535 #if defined(CONFIG_SYNC_FILE_RANGE)
12536 #if defined(TARGET_NR_sync_file_range)
12537     case TARGET_NR_sync_file_range:
12538 #if TARGET_ABI_BITS == 32
12539 #if defined(TARGET_MIPS)
12540         ret = get_errno(sync_file_range(arg1, target_offset64(arg3, arg4),
12541                                         target_offset64(arg5, arg6), arg7));
12542 #else
12543         ret = get_errno(sync_file_range(arg1, target_offset64(arg2, arg3),
12544                                         target_offset64(arg4, arg5), arg6));
12545 #endif /* !TARGET_MIPS */
12546 #else
12547         ret = get_errno(sync_file_range(arg1, arg2, arg3, arg4));
12548 #endif
12549         return ret;
12550 #endif
12551 #if defined(TARGET_NR_sync_file_range2) || \
12552     defined(TARGET_NR_arm_sync_file_range)
12553 #if defined(TARGET_NR_sync_file_range2)
12554     case TARGET_NR_sync_file_range2:
12555 #endif
12556 #if defined(TARGET_NR_arm_sync_file_range)
12557     case TARGET_NR_arm_sync_file_range:
12558 #endif
12559         /* This is like sync_file_range but the arguments are reordered */
12560 #if TARGET_ABI_BITS == 32
12561         ret = get_errno(sync_file_range(arg1, target_offset64(arg3, arg4),
12562                                         target_offset64(arg5, arg6), arg2));
12563 #else
12564         ret = get_errno(sync_file_range(arg1, arg3, arg4, arg2));
12565 #endif
12566         return ret;
12567 #endif
12568 #endif
12569 #if defined(TARGET_NR_signalfd4)
12570     case TARGET_NR_signalfd4:
12571         return do_signalfd4(arg1, arg2, arg4);
12572 #endif
12573 #if defined(TARGET_NR_signalfd)
12574     case TARGET_NR_signalfd:
12575         return do_signalfd4(arg1, arg2, 0);
12576 #endif
12577 #if defined(CONFIG_EPOLL)
12578 #if defined(TARGET_NR_epoll_create)
12579     case TARGET_NR_epoll_create:
12580         return get_errno(epoll_create(arg1));
12581 #endif
12582 #if defined(TARGET_NR_epoll_create1) && defined(CONFIG_EPOLL_CREATE1)
12583     case TARGET_NR_epoll_create1:
12584         return get_errno(epoll_create1(target_to_host_bitmask(arg1, fcntl_flags_tbl)));
12585 #endif
12586 #if defined(TARGET_NR_epoll_ctl)
12587     case TARGET_NR_epoll_ctl:
12588     {
12589         struct epoll_event ep;
12590         struct epoll_event *epp = 0;
12591         if (arg4) {
12592             struct target_epoll_event *target_ep;
12593             if (!lock_user_struct(VERIFY_READ, target_ep, arg4, 1)) {
12594                 return -TARGET_EFAULT;
12595             }
12596             ep.events = tswap32(target_ep->events);
12597             /* The epoll_data_t union is just opaque data to the kernel,
12598              * so we transfer all 64 bits across and need not worry what
12599              * actual data type it is.
12600              */
12601             ep.data.u64 = tswap64(target_ep->data.u64);
12602             unlock_user_struct(target_ep, arg4, 0);
12603             epp = &ep;
12604         }
12605         return get_errno(epoll_ctl(arg1, arg2, arg3, epp));
12606     }
12607 #endif
12608 
12609 #if defined(TARGET_NR_epoll_wait) || defined(TARGET_NR_epoll_pwait)
12610 #if defined(TARGET_NR_epoll_wait)
12611     case TARGET_NR_epoll_wait:
12612 #endif
12613 #if defined(TARGET_NR_epoll_pwait)
12614     case TARGET_NR_epoll_pwait:
12615 #endif
12616     {
12617         struct target_epoll_event *target_ep;
12618         struct epoll_event *ep;
12619         int epfd = arg1;
12620         int maxevents = arg3;
12621         int timeout = arg4;
12622 
12623         if (maxevents <= 0 || maxevents > TARGET_EP_MAX_EVENTS) {
12624             return -TARGET_EINVAL;
12625         }
12626 
12627         target_ep = lock_user(VERIFY_WRITE, arg2,
12628                               maxevents * sizeof(struct target_epoll_event), 1);
12629         if (!target_ep) {
12630             return -TARGET_EFAULT;
12631         }
12632 
12633         ep = g_try_new(struct epoll_event, maxevents);
12634         if (!ep) {
12635             unlock_user(target_ep, arg2, 0);
12636             return -TARGET_ENOMEM;
12637         }
12638 
12639         switch (num) {
12640 #if defined(TARGET_NR_epoll_pwait)
12641         case TARGET_NR_epoll_pwait:
12642         {
12643             target_sigset_t *target_set;
12644             sigset_t _set, *set = &_set;
12645 
12646             if (arg5) {
12647                 if (arg6 != sizeof(target_sigset_t)) {
12648                     ret = -TARGET_EINVAL;
12649                     break;
12650                 }
12651 
12652                 target_set = lock_user(VERIFY_READ, arg5,
12653                                        sizeof(target_sigset_t), 1);
12654                 if (!target_set) {
12655                     ret = -TARGET_EFAULT;
12656                     break;
12657                 }
12658                 target_to_host_sigset(set, target_set);
12659                 unlock_user(target_set, arg5, 0);
12660             } else {
12661                 set = NULL;
12662             }
12663 
12664             ret = get_errno(safe_epoll_pwait(epfd, ep, maxevents, timeout,
12665                                              set, SIGSET_T_SIZE));
12666             break;
12667         }
12668 #endif
12669 #if defined(TARGET_NR_epoll_wait)
12670         case TARGET_NR_epoll_wait:
12671             ret = get_errno(safe_epoll_pwait(epfd, ep, maxevents, timeout,
12672                                              NULL, 0));
12673             break;
12674 #endif
12675         default:
12676             ret = -TARGET_ENOSYS;
12677         }
12678         if (!is_error(ret)) {
12679             int i;
12680             for (i = 0; i < ret; i++) {
12681                 target_ep[i].events = tswap32(ep[i].events);
12682                 target_ep[i].data.u64 = tswap64(ep[i].data.u64);
12683             }
12684             unlock_user(target_ep, arg2,
12685                         ret * sizeof(struct target_epoll_event));
12686         } else {
12687             unlock_user(target_ep, arg2, 0);
12688         }
12689         g_free(ep);
12690         return ret;
12691     }
12692 #endif
12693 #endif
12694 #ifdef TARGET_NR_prlimit64
12695     case TARGET_NR_prlimit64:
12696     {
12697         /* args: pid, resource number, ptr to new rlimit, ptr to old rlimit */
12698         struct target_rlimit64 *target_rnew, *target_rold;
12699         struct host_rlimit64 rnew, rold, *rnewp = 0;
12700         int resource = target_to_host_resource(arg2);
12701 
12702         if (arg3 && (resource != RLIMIT_AS &&
12703                      resource != RLIMIT_DATA &&
12704                      resource != RLIMIT_STACK)) {
12705             if (!lock_user_struct(VERIFY_READ, target_rnew, arg3, 1)) {
12706                 return -TARGET_EFAULT;
12707             }
12708             rnew.rlim_cur = tswap64(target_rnew->rlim_cur);
12709             rnew.rlim_max = tswap64(target_rnew->rlim_max);
12710             unlock_user_struct(target_rnew, arg3, 0);
12711             rnewp = &rnew;
12712         }
12713 
12714         ret = get_errno(sys_prlimit64(arg1, resource, rnewp, arg4 ? &rold : 0));
12715         if (!is_error(ret) && arg4) {
12716             if (!lock_user_struct(VERIFY_WRITE, target_rold, arg4, 1)) {
12717                 return -TARGET_EFAULT;
12718             }
12719             target_rold->rlim_cur = tswap64(rold.rlim_cur);
12720             target_rold->rlim_max = tswap64(rold.rlim_max);
12721             unlock_user_struct(target_rold, arg4, 1);
12722         }
12723         return ret;
12724     }
12725 #endif
12726 #ifdef TARGET_NR_gethostname
12727     case TARGET_NR_gethostname:
12728     {
12729         char *name = lock_user(VERIFY_WRITE, arg1, arg2, 0);
12730         if (name) {
12731             ret = get_errno(gethostname(name, arg2));
12732             unlock_user(name, arg1, arg2);
12733         } else {
12734             ret = -TARGET_EFAULT;
12735         }
12736         return ret;
12737     }
12738 #endif
12739 #ifdef TARGET_NR_atomic_cmpxchg_32
12740     case TARGET_NR_atomic_cmpxchg_32:
12741     {
12742         /* should use start_exclusive from main.c */
12743         abi_ulong mem_value;
12744         if (get_user_u32(mem_value, arg6)) {
12745             target_siginfo_t info;
12746             info.si_signo = SIGSEGV;
12747             info.si_errno = 0;
12748             info.si_code = TARGET_SEGV_MAPERR;
12749             info._sifields._sigfault._addr = arg6;
12750             queue_signal((CPUArchState *)cpu_env, info.si_signo,
12751                          QEMU_SI_FAULT, &info);
12752             ret = 0xdeadbeef;
12753 
12754         }
12755         if (mem_value == arg2)
12756             put_user_u32(arg1, arg6);
12757         return mem_value;
12758     }
12759 #endif
12760 #ifdef TARGET_NR_atomic_barrier
12761     case TARGET_NR_atomic_barrier:
12762         /* Like the kernel implementation and the
12763            qemu arm barrier, no-op this? */
12764         return 0;
12765 #endif
12766 
12767 #ifdef TARGET_NR_timer_create
12768     case TARGET_NR_timer_create:
12769     {
12770         /* args: clockid_t clockid, struct sigevent *sevp, timer_t *timerid */
12771 
12772         struct sigevent host_sevp = { {0}, }, *phost_sevp = NULL;
12773 
12774         int clkid = arg1;
12775         int timer_index = next_free_host_timer();
12776 
12777         if (timer_index < 0) {
12778             ret = -TARGET_EAGAIN;
12779         } else {
12780             timer_t *phtimer = g_posix_timers  + timer_index;
12781 
12782             if (arg2) {
12783                 phost_sevp = &host_sevp;
12784                 ret = target_to_host_sigevent(phost_sevp, arg2);
12785                 if (ret != 0) {
12786                     return ret;
12787                 }
12788             }
12789 
12790             ret = get_errno(timer_create(clkid, phost_sevp, phtimer));
12791             if (ret) {
12792                 phtimer = NULL;
12793             } else {
12794                 if (put_user(TIMER_MAGIC | timer_index, arg3, target_timer_t)) {
12795                     return -TARGET_EFAULT;
12796                 }
12797             }
12798         }
12799         return ret;
12800     }
12801 #endif
12802 
12803 #ifdef TARGET_NR_timer_settime
12804     case TARGET_NR_timer_settime:
12805     {
12806         /* args: timer_t timerid, int flags, const struct itimerspec *new_value,
12807          * struct itimerspec * old_value */
12808         target_timer_t timerid = get_timer_id(arg1);
12809 
12810         if (timerid < 0) {
12811             ret = timerid;
12812         } else if (arg3 == 0) {
12813             ret = -TARGET_EINVAL;
12814         } else {
12815             timer_t htimer = g_posix_timers[timerid];
12816             struct itimerspec hspec_new = {{0},}, hspec_old = {{0},};
12817 
12818             if (target_to_host_itimerspec(&hspec_new, arg3)) {
12819                 return -TARGET_EFAULT;
12820             }
12821             ret = get_errno(
12822                           timer_settime(htimer, arg2, &hspec_new, &hspec_old));
12823             if (arg4 && host_to_target_itimerspec(arg4, &hspec_old)) {
12824                 return -TARGET_EFAULT;
12825             }
12826         }
12827         return ret;
12828     }
12829 #endif
12830 
12831 #ifdef TARGET_NR_timer_settime64
12832     case TARGET_NR_timer_settime64:
12833     {
12834         target_timer_t timerid = get_timer_id(arg1);
12835 
12836         if (timerid < 0) {
12837             ret = timerid;
12838         } else if (arg3 == 0) {
12839             ret = -TARGET_EINVAL;
12840         } else {
12841             timer_t htimer = g_posix_timers[timerid];
12842             struct itimerspec hspec_new = {{0},}, hspec_old = {{0},};
12843 
12844             if (target_to_host_itimerspec64(&hspec_new, arg3)) {
12845                 return -TARGET_EFAULT;
12846             }
12847             ret = get_errno(
12848                           timer_settime(htimer, arg2, &hspec_new, &hspec_old));
12849             if (arg4 && host_to_target_itimerspec64(arg4, &hspec_old)) {
12850                 return -TARGET_EFAULT;
12851             }
12852         }
12853         return ret;
12854     }
12855 #endif
12856 
12857 #ifdef TARGET_NR_timer_gettime
12858     case TARGET_NR_timer_gettime:
12859     {
12860         /* args: timer_t timerid, struct itimerspec *curr_value */
12861         target_timer_t timerid = get_timer_id(arg1);
12862 
12863         if (timerid < 0) {
12864             ret = timerid;
12865         } else if (!arg2) {
12866             ret = -TARGET_EFAULT;
12867         } else {
12868             timer_t htimer = g_posix_timers[timerid];
12869             struct itimerspec hspec;
12870             ret = get_errno(timer_gettime(htimer, &hspec));
12871 
12872             if (host_to_target_itimerspec(arg2, &hspec)) {
12873                 ret = -TARGET_EFAULT;
12874             }
12875         }
12876         return ret;
12877     }
12878 #endif
12879 
12880 #ifdef TARGET_NR_timer_gettime64
12881     case TARGET_NR_timer_gettime64:
12882     {
12883         /* args: timer_t timerid, struct itimerspec64 *curr_value */
12884         target_timer_t timerid = get_timer_id(arg1);
12885 
12886         if (timerid < 0) {
12887             ret = timerid;
12888         } else if (!arg2) {
12889             ret = -TARGET_EFAULT;
12890         } else {
12891             timer_t htimer = g_posix_timers[timerid];
12892             struct itimerspec hspec;
12893             ret = get_errno(timer_gettime(htimer, &hspec));
12894 
12895             if (host_to_target_itimerspec64(arg2, &hspec)) {
12896                 ret = -TARGET_EFAULT;
12897             }
12898         }
12899         return ret;
12900     }
12901 #endif
12902 
12903 #ifdef TARGET_NR_timer_getoverrun
12904     case TARGET_NR_timer_getoverrun:
12905     {
12906         /* args: timer_t timerid */
12907         target_timer_t timerid = get_timer_id(arg1);
12908 
12909         if (timerid < 0) {
12910             ret = timerid;
12911         } else {
12912             timer_t htimer = g_posix_timers[timerid];
12913             ret = get_errno(timer_getoverrun(htimer));
12914         }
12915         return ret;
12916     }
12917 #endif
12918 
12919 #ifdef TARGET_NR_timer_delete
12920     case TARGET_NR_timer_delete:
12921     {
12922         /* args: timer_t timerid */
12923         target_timer_t timerid = get_timer_id(arg1);
12924 
12925         if (timerid < 0) {
12926             ret = timerid;
12927         } else {
12928             timer_t htimer = g_posix_timers[timerid];
12929             ret = get_errno(timer_delete(htimer));
12930             g_posix_timers[timerid] = 0;
12931         }
12932         return ret;
12933     }
12934 #endif
12935 
12936 #if defined(TARGET_NR_timerfd_create) && defined(CONFIG_TIMERFD)
12937     case TARGET_NR_timerfd_create:
12938         return get_errno(timerfd_create(arg1,
12939                           target_to_host_bitmask(arg2, fcntl_flags_tbl)));
12940 #endif
12941 
12942 #if defined(TARGET_NR_timerfd_gettime) && defined(CONFIG_TIMERFD)
12943     case TARGET_NR_timerfd_gettime:
12944         {
12945             struct itimerspec its_curr;
12946 
12947             ret = get_errno(timerfd_gettime(arg1, &its_curr));
12948 
12949             if (arg2 && host_to_target_itimerspec(arg2, &its_curr)) {
12950                 return -TARGET_EFAULT;
12951             }
12952         }
12953         return ret;
12954 #endif
12955 
12956 #if defined(TARGET_NR_timerfd_gettime64) && defined(CONFIG_TIMERFD)
12957     case TARGET_NR_timerfd_gettime64:
12958         {
12959             struct itimerspec its_curr;
12960 
12961             ret = get_errno(timerfd_gettime(arg1, &its_curr));
12962 
12963             if (arg2 && host_to_target_itimerspec64(arg2, &its_curr)) {
12964                 return -TARGET_EFAULT;
12965             }
12966         }
12967         return ret;
12968 #endif
12969 
12970 #if defined(TARGET_NR_timerfd_settime) && defined(CONFIG_TIMERFD)
12971     case TARGET_NR_timerfd_settime:
12972         {
12973             struct itimerspec its_new, its_old, *p_new;
12974 
12975             if (arg3) {
12976                 if (target_to_host_itimerspec(&its_new, arg3)) {
12977                     return -TARGET_EFAULT;
12978                 }
12979                 p_new = &its_new;
12980             } else {
12981                 p_new = NULL;
12982             }
12983 
12984             ret = get_errno(timerfd_settime(arg1, arg2, p_new, &its_old));
12985 
12986             if (arg4 && host_to_target_itimerspec(arg4, &its_old)) {
12987                 return -TARGET_EFAULT;
12988             }
12989         }
12990         return ret;
12991 #endif
12992 
12993 #if defined(TARGET_NR_timerfd_settime64) && defined(CONFIG_TIMERFD)
12994     case TARGET_NR_timerfd_settime64:
12995         {
12996             struct itimerspec its_new, its_old, *p_new;
12997 
12998             if (arg3) {
12999                 if (target_to_host_itimerspec64(&its_new, arg3)) {
13000                     return -TARGET_EFAULT;
13001                 }
13002                 p_new = &its_new;
13003             } else {
13004                 p_new = NULL;
13005             }
13006 
13007             ret = get_errno(timerfd_settime(arg1, arg2, p_new, &its_old));
13008 
13009             if (arg4 && host_to_target_itimerspec64(arg4, &its_old)) {
13010                 return -TARGET_EFAULT;
13011             }
13012         }
13013         return ret;
13014 #endif
13015 
13016 #if defined(TARGET_NR_ioprio_get) && defined(__NR_ioprio_get)
13017     case TARGET_NR_ioprio_get:
13018         return get_errno(ioprio_get(arg1, arg2));
13019 #endif
13020 
13021 #if defined(TARGET_NR_ioprio_set) && defined(__NR_ioprio_set)
13022     case TARGET_NR_ioprio_set:
13023         return get_errno(ioprio_set(arg1, arg2, arg3));
13024 #endif
13025 
13026 #if defined(TARGET_NR_setns) && defined(CONFIG_SETNS)
13027     case TARGET_NR_setns:
13028         return get_errno(setns(arg1, arg2));
13029 #endif
13030 #if defined(TARGET_NR_unshare) && defined(CONFIG_SETNS)
13031     case TARGET_NR_unshare:
13032         return get_errno(unshare(arg1));
13033 #endif
13034 #if defined(TARGET_NR_kcmp) && defined(__NR_kcmp)
13035     case TARGET_NR_kcmp:
13036         return get_errno(kcmp(arg1, arg2, arg3, arg4, arg5));
13037 #endif
13038 #ifdef TARGET_NR_swapcontext
13039     case TARGET_NR_swapcontext:
13040         /* PowerPC specific.  */
13041         return do_swapcontext(cpu_env, arg1, arg2, arg3);
13042 #endif
13043 #ifdef TARGET_NR_memfd_create
13044     case TARGET_NR_memfd_create:
13045         p = lock_user_string(arg1);
13046         if (!p) {
13047             return -TARGET_EFAULT;
13048         }
13049         ret = get_errno(memfd_create(p, arg2));
13050         fd_trans_unregister(ret);
13051         unlock_user(p, arg1, 0);
13052         return ret;
13053 #endif
13054 #if defined TARGET_NR_membarrier && defined __NR_membarrier
13055     case TARGET_NR_membarrier:
13056         return get_errno(membarrier(arg1, arg2));
13057 #endif
13058 
13059     default:
13060         qemu_log_mask(LOG_UNIMP, "Unsupported syscall: %d\n", num);
13061         return -TARGET_ENOSYS;
13062     }
13063     return ret;
13064 }
13065 
13066 abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
13067                     abi_long arg2, abi_long arg3, abi_long arg4,
13068                     abi_long arg5, abi_long arg6, abi_long arg7,
13069                     abi_long arg8)
13070 {
13071     CPUState *cpu = env_cpu(cpu_env);
13072     abi_long ret;
13073 
13074 #ifdef DEBUG_ERESTARTSYS
13075     /* Debug-only code for exercising the syscall-restart code paths
13076      * in the per-architecture cpu main loops: restart every syscall
13077      * the guest makes once before letting it through.
13078      */
13079     {
13080         static bool flag;
13081         flag = !flag;
13082         if (flag) {
13083             return -TARGET_ERESTARTSYS;
13084         }
13085     }
13086 #endif
13087 
13088     record_syscall_start(cpu, num, arg1,
13089                          arg2, arg3, arg4, arg5, arg6, arg7, arg8);
13090 
13091     if (unlikely(qemu_loglevel_mask(LOG_STRACE))) {
13092         print_syscall(cpu_env, num, arg1, arg2, arg3, arg4, arg5, arg6);
13093     }
13094 
13095     ret = do_syscall1(cpu_env, num, arg1, arg2, arg3, arg4,
13096                       arg5, arg6, arg7, arg8);
13097 
13098     if (unlikely(qemu_loglevel_mask(LOG_STRACE))) {
13099         print_syscall_ret(cpu_env, num, ret, arg1, arg2,
13100                           arg3, arg4, arg5, arg6);
13101     }
13102 
13103     record_syscall_return(cpu, num, ret);
13104     return ret;
13105 }
13106