xref: /openbmc/qemu/linux-user/syscall.c (revision 136cb9cc)
1 /*
2  *  Linux syscalls
3  *
4  *  Copyright (c) 2003 Fabrice Bellard
5  *
6  *  This program is free software; you can redistribute it and/or modify
7  *  it under the terms of the GNU General Public License as published by
8  *  the Free Software Foundation; either version 2 of the License, or
9  *  (at your option) any later version.
10  *
11  *  This program is distributed in the hope that it will be useful,
12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  *  GNU General Public License for more details.
15  *
16  *  You should have received a copy of the GNU General Public License
17  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
18  */
19 #define _ATFILE_SOURCE
20 #include "qemu/osdep.h"
21 #include "qemu/cutils.h"
22 #include "qemu/path.h"
23 #include "qemu/memfd.h"
24 #include "qemu/queue.h"
25 #include "qemu/plugin.h"
26 #include "target_mman.h"
27 #include <elf.h>
28 #include <endian.h>
29 #include <grp.h>
30 #include <sys/ipc.h>
31 #include <sys/msg.h>
32 #include <sys/wait.h>
33 #include <sys/mount.h>
34 #include <sys/file.h>
35 #include <sys/fsuid.h>
36 #include <sys/personality.h>
37 #include <sys/prctl.h>
38 #include <sys/resource.h>
39 #include <sys/swap.h>
40 #include <linux/capability.h>
41 #include <sched.h>
42 #include <sys/timex.h>
43 #include <sys/socket.h>
44 #include <linux/sockios.h>
45 #include <sys/un.h>
46 #include <sys/uio.h>
47 #include <poll.h>
48 #include <sys/times.h>
49 #include <sys/shm.h>
50 #include <sys/sem.h>
51 #include <sys/statfs.h>
52 #include <utime.h>
53 #include <sys/sysinfo.h>
54 #include <sys/signalfd.h>
55 //#include <sys/user.h>
56 #include <netinet/in.h>
57 #include <netinet/ip.h>
58 #include <netinet/tcp.h>
59 #include <netinet/udp.h>
60 #include <linux/wireless.h>
61 #include <linux/icmp.h>
62 #include <linux/icmpv6.h>
63 #include <linux/if_tun.h>
64 #include <linux/in6.h>
65 #include <linux/errqueue.h>
66 #include <linux/random.h>
67 #ifdef CONFIG_TIMERFD
68 #include <sys/timerfd.h>
69 #endif
70 #ifdef CONFIG_EVENTFD
71 #include <sys/eventfd.h>
72 #endif
73 #ifdef CONFIG_EPOLL
74 #include <sys/epoll.h>
75 #endif
76 #ifdef CONFIG_ATTR
77 #include "qemu/xattr.h"
78 #endif
79 #ifdef CONFIG_SENDFILE
80 #include <sys/sendfile.h>
81 #endif
82 #ifdef HAVE_SYS_KCOV_H
83 #include <sys/kcov.h>
84 #endif
85 
86 #define termios host_termios
87 #define winsize host_winsize
88 #define termio host_termio
89 #define sgttyb host_sgttyb /* same as target */
90 #define tchars host_tchars /* same as target */
91 #define ltchars host_ltchars /* same as target */
92 
93 #include <linux/termios.h>
94 #include <linux/unistd.h>
95 #include <linux/cdrom.h>
96 #include <linux/hdreg.h>
97 #include <linux/soundcard.h>
98 #include <linux/kd.h>
99 #include <linux/mtio.h>
100 #include <linux/fs.h>
101 #include <linux/fd.h>
102 #if defined(CONFIG_FIEMAP)
103 #include <linux/fiemap.h>
104 #endif
105 #include <linux/fb.h>
106 #if defined(CONFIG_USBFS)
107 #include <linux/usbdevice_fs.h>
108 #include <linux/usb/ch9.h>
109 #endif
110 #include <linux/vt.h>
111 #include <linux/dm-ioctl.h>
112 #include <linux/reboot.h>
113 #include <linux/route.h>
114 #include <linux/filter.h>
115 #include <linux/blkpg.h>
116 #include <netpacket/packet.h>
117 #include <linux/netlink.h>
118 #include <linux/if_alg.h>
119 #include <linux/rtc.h>
120 #include <sound/asound.h>
121 #ifdef HAVE_BTRFS_H
122 #include <linux/btrfs.h>
123 #endif
124 #ifdef HAVE_DRM_H
125 #include <libdrm/drm.h>
126 #include <libdrm/i915_drm.h>
127 #endif
128 #include "linux_loop.h"
129 #include "uname.h"
130 
131 #include "qemu.h"
132 #include "user-internals.h"
133 #include "strace.h"
134 #include "signal-common.h"
135 #include "loader.h"
136 #include "user-mmap.h"
137 #include "user/safe-syscall.h"
138 #include "qemu/guest-random.h"
139 #include "qemu/selfmap.h"
140 #include "user/syscall-trace.h"
141 #include "special-errno.h"
142 #include "qapi/error.h"
143 #include "fd-trans.h"
144 #include "tcg/tcg.h"
145 #include "cpu_loop-common.h"
146 
147 #ifndef CLONE_IO
148 #define CLONE_IO                0x80000000      /* Clone io context */
149 #endif
150 
151 /* We can't directly call the host clone syscall, because this will
152  * badly confuse libc (breaking mutexes, for example). So we must
153  * divide clone flags into:
154  *  * flag combinations that look like pthread_create()
155  *  * flag combinations that look like fork()
156  *  * flags we can implement within QEMU itself
157  *  * flags we can't support and will return an error for
158  */
159 /* For thread creation, all these flags must be present; for
160  * fork, none must be present.
161  */
162 #define CLONE_THREAD_FLAGS                              \
163     (CLONE_VM | CLONE_FS | CLONE_FILES |                \
164      CLONE_SIGHAND | CLONE_THREAD | CLONE_SYSVSEM)
165 
166 /* These flags are ignored:
167  * CLONE_DETACHED is now ignored by the kernel;
168  * CLONE_IO is just an optimisation hint to the I/O scheduler
169  */
170 #define CLONE_IGNORED_FLAGS                     \
171     (CLONE_DETACHED | CLONE_IO)
172 
173 #ifndef CLONE_PIDFD
174 # define CLONE_PIDFD 0x00001000
175 #endif
176 
177 /* Flags for fork which we can implement within QEMU itself */
178 #define CLONE_OPTIONAL_FORK_FLAGS               \
179     (CLONE_SETTLS | CLONE_PARENT_SETTID | CLONE_PIDFD | \
180      CLONE_CHILD_CLEARTID | CLONE_CHILD_SETTID)
181 
182 /* Flags for thread creation which we can implement within QEMU itself */
183 #define CLONE_OPTIONAL_THREAD_FLAGS                             \
184     (CLONE_SETTLS | CLONE_PARENT_SETTID |                       \
185      CLONE_CHILD_CLEARTID | CLONE_CHILD_SETTID | CLONE_PARENT)
186 
187 #define CLONE_INVALID_FORK_FLAGS                                        \
188     (~(CSIGNAL | CLONE_OPTIONAL_FORK_FLAGS | CLONE_IGNORED_FLAGS))
189 
190 #define CLONE_INVALID_THREAD_FLAGS                                      \
191     (~(CSIGNAL | CLONE_THREAD_FLAGS | CLONE_OPTIONAL_THREAD_FLAGS |     \
192        CLONE_IGNORED_FLAGS))
193 
194 /* CLONE_VFORK is special cased early in do_fork(). The other flag bits
195  * have almost all been allocated. We cannot support any of
196  * CLONE_NEWNS, CLONE_NEWCGROUP, CLONE_NEWUTS, CLONE_NEWIPC,
197  * CLONE_NEWUSER, CLONE_NEWPID, CLONE_NEWNET, CLONE_PTRACE, CLONE_UNTRACED.
198  * The checks against the invalid thread masks above will catch these.
199  * (The one remaining unallocated bit is 0x1000 which used to be CLONE_PID.)
200  */
201 
202 /* Define DEBUG_ERESTARTSYS to force every syscall to be restarted
203  * once. This exercises the codepaths for restart.
204  */
205 //#define DEBUG_ERESTARTSYS
206 
207 //#include <linux/msdos_fs.h>
208 #define VFAT_IOCTL_READDIR_BOTH \
209     _IOC(_IOC_READ, 'r', 1, (sizeof(struct linux_dirent) + 256) * 2)
210 #define VFAT_IOCTL_READDIR_SHORT \
211     _IOC(_IOC_READ, 'r', 2, (sizeof(struct linux_dirent) + 256) * 2)
212 
213 #undef _syscall0
214 #undef _syscall1
215 #undef _syscall2
216 #undef _syscall3
217 #undef _syscall4
218 #undef _syscall5
219 #undef _syscall6
220 
221 #define _syscall0(type,name)		\
222 static type name (void)			\
223 {					\
224 	return syscall(__NR_##name);	\
225 }
226 
227 #define _syscall1(type,name,type1,arg1)		\
228 static type name (type1 arg1)			\
229 {						\
230 	return syscall(__NR_##name, arg1);	\
231 }
232 
233 #define _syscall2(type,name,type1,arg1,type2,arg2)	\
234 static type name (type1 arg1,type2 arg2)		\
235 {							\
236 	return syscall(__NR_##name, arg1, arg2);	\
237 }
238 
239 #define _syscall3(type,name,type1,arg1,type2,arg2,type3,arg3)	\
240 static type name (type1 arg1,type2 arg2,type3 arg3)		\
241 {								\
242 	return syscall(__NR_##name, arg1, arg2, arg3);		\
243 }
244 
245 #define _syscall4(type,name,type1,arg1,type2,arg2,type3,arg3,type4,arg4)	\
246 static type name (type1 arg1,type2 arg2,type3 arg3,type4 arg4)			\
247 {										\
248 	return syscall(__NR_##name, arg1, arg2, arg3, arg4);			\
249 }
250 
251 #define _syscall5(type,name,type1,arg1,type2,arg2,type3,arg3,type4,arg4,	\
252 		  type5,arg5)							\
253 static type name (type1 arg1,type2 arg2,type3 arg3,type4 arg4,type5 arg5)	\
254 {										\
255 	return syscall(__NR_##name, arg1, arg2, arg3, arg4, arg5);		\
256 }
257 
258 
259 #define _syscall6(type,name,type1,arg1,type2,arg2,type3,arg3,type4,arg4,	\
260 		  type5,arg5,type6,arg6)					\
261 static type name (type1 arg1,type2 arg2,type3 arg3,type4 arg4,type5 arg5,	\
262                   type6 arg6)							\
263 {										\
264 	return syscall(__NR_##name, arg1, arg2, arg3, arg4, arg5, arg6);	\
265 }
266 
267 
268 #define __NR_sys_uname __NR_uname
269 #define __NR_sys_getcwd1 __NR_getcwd
270 #define __NR_sys_getdents __NR_getdents
271 #define __NR_sys_getdents64 __NR_getdents64
272 #define __NR_sys_getpriority __NR_getpriority
273 #define __NR_sys_rt_sigqueueinfo __NR_rt_sigqueueinfo
274 #define __NR_sys_rt_tgsigqueueinfo __NR_rt_tgsigqueueinfo
275 #define __NR_sys_syslog __NR_syslog
276 #if defined(__NR_futex)
277 # define __NR_sys_futex __NR_futex
278 #endif
279 #if defined(__NR_futex_time64)
280 # define __NR_sys_futex_time64 __NR_futex_time64
281 #endif
282 #define __NR_sys_statx __NR_statx
283 
284 #if defined(__alpha__) || defined(__x86_64__) || defined(__s390x__)
285 #define __NR__llseek __NR_lseek
286 #endif
287 
288 /* Newer kernel ports have llseek() instead of _llseek() */
289 #if defined(TARGET_NR_llseek) && !defined(TARGET_NR__llseek)
290 #define TARGET_NR__llseek TARGET_NR_llseek
291 #endif
292 
293 /* some platforms need to mask more bits than just TARGET_O_NONBLOCK */
294 #ifndef TARGET_O_NONBLOCK_MASK
295 #define TARGET_O_NONBLOCK_MASK TARGET_O_NONBLOCK
296 #endif
297 
298 #define __NR_sys_gettid __NR_gettid
299 _syscall0(int, sys_gettid)
300 
301 /* For the 64-bit guest on 32-bit host case we must emulate
302  * getdents using getdents64, because otherwise the host
303  * might hand us back more dirent records than we can fit
304  * into the guest buffer after structure format conversion.
305  * Otherwise we emulate getdents with getdents if the host has it.
306  */
307 #if defined(__NR_getdents) && HOST_LONG_BITS >= TARGET_ABI_BITS
308 #define EMULATE_GETDENTS_WITH_GETDENTS
309 #endif
310 
311 #if defined(TARGET_NR_getdents) && defined(EMULATE_GETDENTS_WITH_GETDENTS)
312 _syscall3(int, sys_getdents, unsigned int, fd, struct linux_dirent *, dirp, unsigned int, count);
313 #endif
314 #if (defined(TARGET_NR_getdents) && \
315       !defined(EMULATE_GETDENTS_WITH_GETDENTS)) || \
316     (defined(TARGET_NR_getdents64) && defined(__NR_getdents64))
317 _syscall3(int, sys_getdents64, unsigned int, fd, struct linux_dirent64 *, dirp, unsigned int, count);
318 #endif
319 #if defined(TARGET_NR__llseek) && defined(__NR_llseek)
320 _syscall5(int, _llseek,  unsigned int,  fd, unsigned long, hi, unsigned long, lo,
321           loff_t *, res, unsigned int, wh);
322 #endif
323 _syscall3(int, sys_rt_sigqueueinfo, pid_t, pid, int, sig, siginfo_t *, uinfo)
324 _syscall4(int, sys_rt_tgsigqueueinfo, pid_t, pid, pid_t, tid, int, sig,
325           siginfo_t *, uinfo)
326 _syscall3(int,sys_syslog,int,type,char*,bufp,int,len)
327 #ifdef __NR_exit_group
328 _syscall1(int,exit_group,int,error_code)
329 #endif
330 #if defined(__NR_close_range) && defined(TARGET_NR_close_range)
331 #define __NR_sys_close_range __NR_close_range
332 _syscall3(int,sys_close_range,int,first,int,last,int,flags)
333 #ifndef CLOSE_RANGE_CLOEXEC
334 #define CLOSE_RANGE_CLOEXEC     (1U << 2)
335 #endif
336 #endif
337 #if defined(__NR_futex)
338 _syscall6(int,sys_futex,int *,uaddr,int,op,int,val,
339           const struct timespec *,timeout,int *,uaddr2,int,val3)
340 #endif
341 #if defined(__NR_futex_time64)
342 _syscall6(int,sys_futex_time64,int *,uaddr,int,op,int,val,
343           const struct timespec *,timeout,int *,uaddr2,int,val3)
344 #endif
345 #if defined(__NR_pidfd_open) && defined(TARGET_NR_pidfd_open)
346 _syscall2(int, pidfd_open, pid_t, pid, unsigned int, flags);
347 #endif
348 #if defined(__NR_pidfd_send_signal) && defined(TARGET_NR_pidfd_send_signal)
349 _syscall4(int, pidfd_send_signal, int, pidfd, int, sig, siginfo_t *, info,
350                              unsigned int, flags);
351 #endif
352 #if defined(__NR_pidfd_getfd) && defined(TARGET_NR_pidfd_getfd)
353 _syscall3(int, pidfd_getfd, int, pidfd, int, targetfd, unsigned int, flags);
354 #endif
355 #define __NR_sys_sched_getaffinity __NR_sched_getaffinity
356 _syscall3(int, sys_sched_getaffinity, pid_t, pid, unsigned int, len,
357           unsigned long *, user_mask_ptr);
358 #define __NR_sys_sched_setaffinity __NR_sched_setaffinity
359 _syscall3(int, sys_sched_setaffinity, pid_t, pid, unsigned int, len,
360           unsigned long *, user_mask_ptr);
361 /* sched_attr is not defined in glibc */
362 struct sched_attr {
363     uint32_t size;
364     uint32_t sched_policy;
365     uint64_t sched_flags;
366     int32_t sched_nice;
367     uint32_t sched_priority;
368     uint64_t sched_runtime;
369     uint64_t sched_deadline;
370     uint64_t sched_period;
371     uint32_t sched_util_min;
372     uint32_t sched_util_max;
373 };
374 #define __NR_sys_sched_getattr __NR_sched_getattr
375 _syscall4(int, sys_sched_getattr, pid_t, pid, struct sched_attr *, attr,
376           unsigned int, size, unsigned int, flags);
377 #define __NR_sys_sched_setattr __NR_sched_setattr
378 _syscall3(int, sys_sched_setattr, pid_t, pid, struct sched_attr *, attr,
379           unsigned int, flags);
380 #define __NR_sys_sched_getscheduler __NR_sched_getscheduler
381 _syscall1(int, sys_sched_getscheduler, pid_t, pid);
382 #define __NR_sys_sched_setscheduler __NR_sched_setscheduler
383 _syscall3(int, sys_sched_setscheduler, pid_t, pid, int, policy,
384           const struct sched_param *, param);
385 #define __NR_sys_sched_getparam __NR_sched_getparam
386 _syscall2(int, sys_sched_getparam, pid_t, pid,
387           struct sched_param *, param);
388 #define __NR_sys_sched_setparam __NR_sched_setparam
389 _syscall2(int, sys_sched_setparam, pid_t, pid,
390           const struct sched_param *, param);
391 #define __NR_sys_getcpu __NR_getcpu
392 _syscall3(int, sys_getcpu, unsigned *, cpu, unsigned *, node, void *, tcache);
393 _syscall4(int, reboot, int, magic1, int, magic2, unsigned int, cmd,
394           void *, arg);
395 _syscall2(int, capget, struct __user_cap_header_struct *, header,
396           struct __user_cap_data_struct *, data);
397 _syscall2(int, capset, struct __user_cap_header_struct *, header,
398           struct __user_cap_data_struct *, data);
399 #if defined(TARGET_NR_ioprio_get) && defined(__NR_ioprio_get)
400 _syscall2(int, ioprio_get, int, which, int, who)
401 #endif
402 #if defined(TARGET_NR_ioprio_set) && defined(__NR_ioprio_set)
403 _syscall3(int, ioprio_set, int, which, int, who, int, ioprio)
404 #endif
405 #if defined(TARGET_NR_getrandom) && defined(__NR_getrandom)
406 _syscall3(int, getrandom, void *, buf, size_t, buflen, unsigned int, flags)
407 #endif
408 
409 #if defined(TARGET_NR_kcmp) && defined(__NR_kcmp)
410 _syscall5(int, kcmp, pid_t, pid1, pid_t, pid2, int, type,
411           unsigned long, idx1, unsigned long, idx2)
412 #endif
413 
414 /*
415  * It is assumed that struct statx is architecture independent.
416  */
417 #if defined(TARGET_NR_statx) && defined(__NR_statx)
418 _syscall5(int, sys_statx, int, dirfd, const char *, pathname, int, flags,
419           unsigned int, mask, struct target_statx *, statxbuf)
420 #endif
421 #if defined(TARGET_NR_membarrier) && defined(__NR_membarrier)
422 _syscall2(int, membarrier, int, cmd, int, flags)
423 #endif
424 
425 static const bitmask_transtbl fcntl_flags_tbl[] = {
426   { TARGET_O_ACCMODE,   TARGET_O_WRONLY,    O_ACCMODE,   O_WRONLY,    },
427   { TARGET_O_ACCMODE,   TARGET_O_RDWR,      O_ACCMODE,   O_RDWR,      },
428   { TARGET_O_CREAT,     TARGET_O_CREAT,     O_CREAT,     O_CREAT,     },
429   { TARGET_O_EXCL,      TARGET_O_EXCL,      O_EXCL,      O_EXCL,      },
430   { TARGET_O_NOCTTY,    TARGET_O_NOCTTY,    O_NOCTTY,    O_NOCTTY,    },
431   { TARGET_O_TRUNC,     TARGET_O_TRUNC,     O_TRUNC,     O_TRUNC,     },
432   { TARGET_O_APPEND,    TARGET_O_APPEND,    O_APPEND,    O_APPEND,    },
433   { TARGET_O_NONBLOCK,  TARGET_O_NONBLOCK,  O_NONBLOCK,  O_NONBLOCK,  },
434   { TARGET_O_SYNC,      TARGET_O_DSYNC,     O_SYNC,      O_DSYNC,     },
435   { TARGET_O_SYNC,      TARGET_O_SYNC,      O_SYNC,      O_SYNC,      },
436   { TARGET_FASYNC,      TARGET_FASYNC,      FASYNC,      FASYNC,      },
437   { TARGET_O_DIRECTORY, TARGET_O_DIRECTORY, O_DIRECTORY, O_DIRECTORY, },
438   { TARGET_O_NOFOLLOW,  TARGET_O_NOFOLLOW,  O_NOFOLLOW,  O_NOFOLLOW,  },
439 #if defined(O_DIRECT)
440   { TARGET_O_DIRECT,    TARGET_O_DIRECT,    O_DIRECT,    O_DIRECT,    },
441 #endif
442 #if defined(O_NOATIME)
443   { TARGET_O_NOATIME,   TARGET_O_NOATIME,   O_NOATIME,   O_NOATIME    },
444 #endif
445 #if defined(O_CLOEXEC)
446   { TARGET_O_CLOEXEC,   TARGET_O_CLOEXEC,   O_CLOEXEC,   O_CLOEXEC    },
447 #endif
448 #if defined(O_PATH)
449   { TARGET_O_PATH,      TARGET_O_PATH,      O_PATH,      O_PATH       },
450 #endif
451 #if defined(O_TMPFILE)
452   { TARGET_O_TMPFILE,   TARGET_O_TMPFILE,   O_TMPFILE,   O_TMPFILE    },
453 #endif
454   /* Don't terminate the list prematurely on 64-bit host+guest.  */
455 #if TARGET_O_LARGEFILE != 0 || O_LARGEFILE != 0
456   { TARGET_O_LARGEFILE, TARGET_O_LARGEFILE, O_LARGEFILE, O_LARGEFILE, },
457 #endif
458 };
459 
460 _syscall2(int, sys_getcwd1, char *, buf, size_t, size)
461 
462 #if defined(TARGET_NR_utimensat) || defined(TARGET_NR_utimensat_time64)
463 #if defined(__NR_utimensat)
464 #define __NR_sys_utimensat __NR_utimensat
465 _syscall4(int,sys_utimensat,int,dirfd,const char *,pathname,
466           const struct timespec *,tsp,int,flags)
467 #else
468 static int sys_utimensat(int dirfd, const char *pathname,
469                          const struct timespec times[2], int flags)
470 {
471     errno = ENOSYS;
472     return -1;
473 }
474 #endif
475 #endif /* TARGET_NR_utimensat */
476 
477 #ifdef TARGET_NR_renameat2
478 #if defined(__NR_renameat2)
479 #define __NR_sys_renameat2 __NR_renameat2
480 _syscall5(int, sys_renameat2, int, oldfd, const char *, old, int, newfd,
481           const char *, new, unsigned int, flags)
482 #else
483 static int sys_renameat2(int oldfd, const char *old,
484                          int newfd, const char *new, int flags)
485 {
486     if (flags == 0) {
487         return renameat(oldfd, old, newfd, new);
488     }
489     errno = ENOSYS;
490     return -1;
491 }
492 #endif
493 #endif /* TARGET_NR_renameat2 */
494 
495 #ifdef CONFIG_INOTIFY
496 #include <sys/inotify.h>
497 #else
498 /* Userspace can usually survive runtime without inotify */
499 #undef TARGET_NR_inotify_init
500 #undef TARGET_NR_inotify_init1
501 #undef TARGET_NR_inotify_add_watch
502 #undef TARGET_NR_inotify_rm_watch
503 #endif /* CONFIG_INOTIFY  */
504 
505 #if defined(TARGET_NR_prlimit64)
506 #ifndef __NR_prlimit64
507 # define __NR_prlimit64 -1
508 #endif
509 #define __NR_sys_prlimit64 __NR_prlimit64
510 /* The glibc rlimit structure may not be that used by the underlying syscall */
511 struct host_rlimit64 {
512     uint64_t rlim_cur;
513     uint64_t rlim_max;
514 };
515 _syscall4(int, sys_prlimit64, pid_t, pid, int, resource,
516           const struct host_rlimit64 *, new_limit,
517           struct host_rlimit64 *, old_limit)
518 #endif
519 
520 
521 #if defined(TARGET_NR_timer_create)
522 /* Maximum of 32 active POSIX timers allowed at any one time. */
523 #define GUEST_TIMER_MAX 32
524 static timer_t g_posix_timers[GUEST_TIMER_MAX];
525 static int g_posix_timer_allocated[GUEST_TIMER_MAX];
526 
527 static inline int next_free_host_timer(void)
528 {
529     int k;
530     for (k = 0; k < ARRAY_SIZE(g_posix_timer_allocated); k++) {
531         if (qatomic_xchg(g_posix_timer_allocated + k, 1) == 0) {
532             return k;
533         }
534     }
535     return -1;
536 }
537 
538 static inline void free_host_timer_slot(int id)
539 {
540     qatomic_store_release(g_posix_timer_allocated + id, 0);
541 }
542 #endif
543 
544 static inline int host_to_target_errno(int host_errno)
545 {
546     switch (host_errno) {
547 #define E(X)  case X: return TARGET_##X;
548 #include "errnos.c.inc"
549 #undef E
550     default:
551         return host_errno;
552     }
553 }
554 
555 static inline int target_to_host_errno(int target_errno)
556 {
557     switch (target_errno) {
558 #define E(X)  case TARGET_##X: return X;
559 #include "errnos.c.inc"
560 #undef E
561     default:
562         return target_errno;
563     }
564 }
565 
566 abi_long get_errno(abi_long ret)
567 {
568     if (ret == -1)
569         return -host_to_target_errno(errno);
570     else
571         return ret;
572 }
573 
574 const char *target_strerror(int err)
575 {
576     if (err == QEMU_ERESTARTSYS) {
577         return "To be restarted";
578     }
579     if (err == QEMU_ESIGRETURN) {
580         return "Successful exit from sigreturn";
581     }
582 
583     return strerror(target_to_host_errno(err));
584 }
585 
586 static int check_zeroed_user(abi_long addr, size_t ksize, size_t usize)
587 {
588     int i;
589     uint8_t b;
590     if (usize <= ksize) {
591         return 1;
592     }
593     for (i = ksize; i < usize; i++) {
594         if (get_user_u8(b, addr + i)) {
595             return -TARGET_EFAULT;
596         }
597         if (b != 0) {
598             return 0;
599         }
600     }
601     return 1;
602 }
603 
604 #define safe_syscall0(type, name) \
605 static type safe_##name(void) \
606 { \
607     return safe_syscall(__NR_##name); \
608 }
609 
610 #define safe_syscall1(type, name, type1, arg1) \
611 static type safe_##name(type1 arg1) \
612 { \
613     return safe_syscall(__NR_##name, arg1); \
614 }
615 
616 #define safe_syscall2(type, name, type1, arg1, type2, arg2) \
617 static type safe_##name(type1 arg1, type2 arg2) \
618 { \
619     return safe_syscall(__NR_##name, arg1, arg2); \
620 }
621 
622 #define safe_syscall3(type, name, type1, arg1, type2, arg2, type3, arg3) \
623 static type safe_##name(type1 arg1, type2 arg2, type3 arg3) \
624 { \
625     return safe_syscall(__NR_##name, arg1, arg2, arg3); \
626 }
627 
628 #define safe_syscall4(type, name, type1, arg1, type2, arg2, type3, arg3, \
629     type4, arg4) \
630 static type safe_##name(type1 arg1, type2 arg2, type3 arg3, type4 arg4) \
631 { \
632     return safe_syscall(__NR_##name, arg1, arg2, arg3, arg4); \
633 }
634 
635 #define safe_syscall5(type, name, type1, arg1, type2, arg2, type3, arg3, \
636     type4, arg4, type5, arg5) \
637 static type safe_##name(type1 arg1, type2 arg2, type3 arg3, type4 arg4, \
638     type5 arg5) \
639 { \
640     return safe_syscall(__NR_##name, arg1, arg2, arg3, arg4, arg5); \
641 }
642 
643 #define safe_syscall6(type, name, type1, arg1, type2, arg2, type3, arg3, \
644     type4, arg4, type5, arg5, type6, arg6) \
645 static type safe_##name(type1 arg1, type2 arg2, type3 arg3, type4 arg4, \
646     type5 arg5, type6 arg6) \
647 { \
648     return safe_syscall(__NR_##name, arg1, arg2, arg3, arg4, arg5, arg6); \
649 }
650 
651 safe_syscall3(ssize_t, read, int, fd, void *, buff, size_t, count)
652 safe_syscall3(ssize_t, write, int, fd, const void *, buff, size_t, count)
653 safe_syscall4(int, openat, int, dirfd, const char *, pathname, \
654               int, flags, mode_t, mode)
655 #if defined(TARGET_NR_wait4) || defined(TARGET_NR_waitpid)
656 safe_syscall4(pid_t, wait4, pid_t, pid, int *, status, int, options, \
657               struct rusage *, rusage)
658 #endif
659 safe_syscall5(int, waitid, idtype_t, idtype, id_t, id, siginfo_t *, infop, \
660               int, options, struct rusage *, rusage)
661 safe_syscall3(int, execve, const char *, filename, char **, argv, char **, envp)
662 safe_syscall5(int, execveat, int, dirfd, const char *, filename,
663               char **, argv, char **, envp, int, flags)
664 #if defined(TARGET_NR_select) || defined(TARGET_NR__newselect) || \
665     defined(TARGET_NR_pselect6) || defined(TARGET_NR_pselect6_time64)
666 safe_syscall6(int, pselect6, int, nfds, fd_set *, readfds, fd_set *, writefds, \
667               fd_set *, exceptfds, struct timespec *, timeout, void *, sig)
668 #endif
669 #if defined(TARGET_NR_ppoll) || defined(TARGET_NR_ppoll_time64)
670 safe_syscall5(int, ppoll, struct pollfd *, ufds, unsigned int, nfds,
671               struct timespec *, tsp, const sigset_t *, sigmask,
672               size_t, sigsetsize)
673 #endif
674 safe_syscall6(int, epoll_pwait, int, epfd, struct epoll_event *, events,
675               int, maxevents, int, timeout, const sigset_t *, sigmask,
676               size_t, sigsetsize)
677 #if defined(__NR_futex)
678 safe_syscall6(int,futex,int *,uaddr,int,op,int,val, \
679               const struct timespec *,timeout,int *,uaddr2,int,val3)
680 #endif
681 #if defined(__NR_futex_time64)
682 safe_syscall6(int,futex_time64,int *,uaddr,int,op,int,val, \
683               const struct timespec *,timeout,int *,uaddr2,int,val3)
684 #endif
685 safe_syscall2(int, rt_sigsuspend, sigset_t *, newset, size_t, sigsetsize)
686 safe_syscall2(int, kill, pid_t, pid, int, sig)
687 safe_syscall2(int, tkill, int, tid, int, sig)
688 safe_syscall3(int, tgkill, int, tgid, int, pid, int, sig)
689 safe_syscall3(ssize_t, readv, int, fd, const struct iovec *, iov, int, iovcnt)
690 safe_syscall3(ssize_t, writev, int, fd, const struct iovec *, iov, int, iovcnt)
691 safe_syscall5(ssize_t, preadv, int, fd, const struct iovec *, iov, int, iovcnt,
692               unsigned long, pos_l, unsigned long, pos_h)
693 safe_syscall5(ssize_t, pwritev, int, fd, const struct iovec *, iov, int, iovcnt,
694               unsigned long, pos_l, unsigned long, pos_h)
695 safe_syscall3(int, connect, int, fd, const struct sockaddr *, addr,
696               socklen_t, addrlen)
697 safe_syscall6(ssize_t, sendto, int, fd, const void *, buf, size_t, len,
698               int, flags, const struct sockaddr *, addr, socklen_t, addrlen)
699 safe_syscall6(ssize_t, recvfrom, int, fd, void *, buf, size_t, len,
700               int, flags, struct sockaddr *, addr, socklen_t *, addrlen)
701 safe_syscall3(ssize_t, sendmsg, int, fd, const struct msghdr *, msg, int, flags)
702 safe_syscall3(ssize_t, recvmsg, int, fd, struct msghdr *, msg, int, flags)
703 safe_syscall2(int, flock, int, fd, int, operation)
704 #if defined(TARGET_NR_rt_sigtimedwait) || defined(TARGET_NR_rt_sigtimedwait_time64)
705 safe_syscall4(int, rt_sigtimedwait, const sigset_t *, these, siginfo_t *, uinfo,
706               const struct timespec *, uts, size_t, sigsetsize)
707 #endif
708 safe_syscall4(int, accept4, int, fd, struct sockaddr *, addr, socklen_t *, len,
709               int, flags)
710 #if defined(TARGET_NR_nanosleep)
711 safe_syscall2(int, nanosleep, const struct timespec *, req,
712               struct timespec *, rem)
713 #endif
714 #if defined(TARGET_NR_clock_nanosleep) || \
715     defined(TARGET_NR_clock_nanosleep_time64)
716 safe_syscall4(int, clock_nanosleep, const clockid_t, clock, int, flags,
717               const struct timespec *, req, struct timespec *, rem)
718 #endif
719 #ifdef __NR_ipc
720 #ifdef __s390x__
721 safe_syscall5(int, ipc, int, call, long, first, long, second, long, third,
722               void *, ptr)
723 #else
724 safe_syscall6(int, ipc, int, call, long, first, long, second, long, third,
725               void *, ptr, long, fifth)
726 #endif
727 #endif
728 #ifdef __NR_msgsnd
729 safe_syscall4(int, msgsnd, int, msgid, const void *, msgp, size_t, sz,
730               int, flags)
731 #endif
732 #ifdef __NR_msgrcv
733 safe_syscall5(int, msgrcv, int, msgid, void *, msgp, size_t, sz,
734               long, msgtype, int, flags)
735 #endif
736 #ifdef __NR_semtimedop
737 safe_syscall4(int, semtimedop, int, semid, struct sembuf *, tsops,
738               unsigned, nsops, const struct timespec *, timeout)
739 #endif
740 #if defined(TARGET_NR_mq_timedsend) || \
741     defined(TARGET_NR_mq_timedsend_time64)
742 safe_syscall5(int, mq_timedsend, int, mqdes, const char *, msg_ptr,
743               size_t, len, unsigned, prio, const struct timespec *, timeout)
744 #endif
745 #if defined(TARGET_NR_mq_timedreceive) || \
746     defined(TARGET_NR_mq_timedreceive_time64)
747 safe_syscall5(int, mq_timedreceive, int, mqdes, char *, msg_ptr,
748               size_t, len, unsigned *, prio, const struct timespec *, timeout)
749 #endif
750 #if defined(TARGET_NR_copy_file_range) && defined(__NR_copy_file_range)
751 safe_syscall6(ssize_t, copy_file_range, int, infd, loff_t *, pinoff,
752               int, outfd, loff_t *, poutoff, size_t, length,
753               unsigned int, flags)
754 #endif
755 
756 /* We do ioctl like this rather than via safe_syscall3 to preserve the
757  * "third argument might be integer or pointer or not present" behaviour of
758  * the libc function.
759  */
760 #define safe_ioctl(...) safe_syscall(__NR_ioctl, __VA_ARGS__)
761 /* Similarly for fcntl. Note that callers must always:
762  *  pass the F_GETLK64 etc constants rather than the unsuffixed F_GETLK
763  *  use the flock64 struct rather than unsuffixed flock
764  * This will then work and use a 64-bit offset for both 32-bit and 64-bit hosts.
765  */
766 #ifdef __NR_fcntl64
767 #define safe_fcntl(...) safe_syscall(__NR_fcntl64, __VA_ARGS__)
768 #else
769 #define safe_fcntl(...) safe_syscall(__NR_fcntl, __VA_ARGS__)
770 #endif
771 
772 static inline int host_to_target_sock_type(int host_type)
773 {
774     int target_type;
775 
776     switch (host_type & 0xf /* SOCK_TYPE_MASK */) {
777     case SOCK_DGRAM:
778         target_type = TARGET_SOCK_DGRAM;
779         break;
780     case SOCK_STREAM:
781         target_type = TARGET_SOCK_STREAM;
782         break;
783     default:
784         target_type = host_type & 0xf /* SOCK_TYPE_MASK */;
785         break;
786     }
787 
788 #if defined(SOCK_CLOEXEC)
789     if (host_type & SOCK_CLOEXEC) {
790         target_type |= TARGET_SOCK_CLOEXEC;
791     }
792 #endif
793 
794 #if defined(SOCK_NONBLOCK)
795     if (host_type & SOCK_NONBLOCK) {
796         target_type |= TARGET_SOCK_NONBLOCK;
797     }
798 #endif
799 
800     return target_type;
801 }
802 
803 static abi_ulong target_brk, initial_target_brk;
804 
805 void target_set_brk(abi_ulong new_brk)
806 {
807     target_brk = TARGET_PAGE_ALIGN(new_brk);
808     initial_target_brk = target_brk;
809 }
810 
811 /* do_brk() must return target values and target errnos. */
812 abi_long do_brk(abi_ulong brk_val)
813 {
814     abi_long mapped_addr;
815     abi_ulong new_brk;
816     abi_ulong old_brk;
817 
818     /* brk pointers are always untagged */
819 
820     /* do not allow to shrink below initial brk value */
821     if (brk_val < initial_target_brk) {
822         return target_brk;
823     }
824 
825     new_brk = TARGET_PAGE_ALIGN(brk_val);
826     old_brk = TARGET_PAGE_ALIGN(target_brk);
827 
828     /* new and old target_brk might be on the same page */
829     if (new_brk == old_brk) {
830         target_brk = brk_val;
831         return target_brk;
832     }
833 
834     /* Release heap if necesary */
835     if (new_brk < old_brk) {
836         target_munmap(new_brk, old_brk - new_brk);
837 
838         target_brk = brk_val;
839         return target_brk;
840     }
841 
842     mapped_addr = target_mmap(old_brk, new_brk - old_brk,
843                               PROT_READ | PROT_WRITE,
844                               MAP_FIXED_NOREPLACE | MAP_ANON | MAP_PRIVATE,
845                               -1, 0);
846 
847     if (mapped_addr == old_brk) {
848         target_brk = brk_val;
849         return target_brk;
850     }
851 
852 #if defined(TARGET_ALPHA)
853     /* We (partially) emulate OSF/1 on Alpha, which requires we
854        return a proper errno, not an unchanged brk value.  */
855     return -TARGET_ENOMEM;
856 #endif
857     /* For everything else, return the previous break. */
858     return target_brk;
859 }
860 
861 #if defined(TARGET_NR_select) || defined(TARGET_NR__newselect) || \
862     defined(TARGET_NR_pselect6) || defined(TARGET_NR_pselect6_time64)
863 static inline abi_long copy_from_user_fdset(fd_set *fds,
864                                             abi_ulong target_fds_addr,
865                                             int n)
866 {
867     int i, nw, j, k;
868     abi_ulong b, *target_fds;
869 
870     nw = DIV_ROUND_UP(n, TARGET_ABI_BITS);
871     if (!(target_fds = lock_user(VERIFY_READ,
872                                  target_fds_addr,
873                                  sizeof(abi_ulong) * nw,
874                                  1)))
875         return -TARGET_EFAULT;
876 
877     FD_ZERO(fds);
878     k = 0;
879     for (i = 0; i < nw; i++) {
880         /* grab the abi_ulong */
881         __get_user(b, &target_fds[i]);
882         for (j = 0; j < TARGET_ABI_BITS; j++) {
883             /* check the bit inside the abi_ulong */
884             if ((b >> j) & 1)
885                 FD_SET(k, fds);
886             k++;
887         }
888     }
889 
890     unlock_user(target_fds, target_fds_addr, 0);
891 
892     return 0;
893 }
894 
895 static inline abi_ulong copy_from_user_fdset_ptr(fd_set *fds, fd_set **fds_ptr,
896                                                  abi_ulong target_fds_addr,
897                                                  int n)
898 {
899     if (target_fds_addr) {
900         if (copy_from_user_fdset(fds, target_fds_addr, n))
901             return -TARGET_EFAULT;
902         *fds_ptr = fds;
903     } else {
904         *fds_ptr = NULL;
905     }
906     return 0;
907 }
908 
909 static inline abi_long copy_to_user_fdset(abi_ulong target_fds_addr,
910                                           const fd_set *fds,
911                                           int n)
912 {
913     int i, nw, j, k;
914     abi_long v;
915     abi_ulong *target_fds;
916 
917     nw = DIV_ROUND_UP(n, TARGET_ABI_BITS);
918     if (!(target_fds = lock_user(VERIFY_WRITE,
919                                  target_fds_addr,
920                                  sizeof(abi_ulong) * nw,
921                                  0)))
922         return -TARGET_EFAULT;
923 
924     k = 0;
925     for (i = 0; i < nw; i++) {
926         v = 0;
927         for (j = 0; j < TARGET_ABI_BITS; j++) {
928             v |= ((abi_ulong)(FD_ISSET(k, fds) != 0) << j);
929             k++;
930         }
931         __put_user(v, &target_fds[i]);
932     }
933 
934     unlock_user(target_fds, target_fds_addr, sizeof(abi_ulong) * nw);
935 
936     return 0;
937 }
938 #endif
939 
940 #if defined(__alpha__)
941 #define HOST_HZ 1024
942 #else
943 #define HOST_HZ 100
944 #endif
945 
946 static inline abi_long host_to_target_clock_t(long ticks)
947 {
948 #if HOST_HZ == TARGET_HZ
949     return ticks;
950 #else
951     return ((int64_t)ticks * TARGET_HZ) / HOST_HZ;
952 #endif
953 }
954 
955 static inline abi_long host_to_target_rusage(abi_ulong target_addr,
956                                              const struct rusage *rusage)
957 {
958     struct target_rusage *target_rusage;
959 
960     if (!lock_user_struct(VERIFY_WRITE, target_rusage, target_addr, 0))
961         return -TARGET_EFAULT;
962     target_rusage->ru_utime.tv_sec = tswapal(rusage->ru_utime.tv_sec);
963     target_rusage->ru_utime.tv_usec = tswapal(rusage->ru_utime.tv_usec);
964     target_rusage->ru_stime.tv_sec = tswapal(rusage->ru_stime.tv_sec);
965     target_rusage->ru_stime.tv_usec = tswapal(rusage->ru_stime.tv_usec);
966     target_rusage->ru_maxrss = tswapal(rusage->ru_maxrss);
967     target_rusage->ru_ixrss = tswapal(rusage->ru_ixrss);
968     target_rusage->ru_idrss = tswapal(rusage->ru_idrss);
969     target_rusage->ru_isrss = tswapal(rusage->ru_isrss);
970     target_rusage->ru_minflt = tswapal(rusage->ru_minflt);
971     target_rusage->ru_majflt = tswapal(rusage->ru_majflt);
972     target_rusage->ru_nswap = tswapal(rusage->ru_nswap);
973     target_rusage->ru_inblock = tswapal(rusage->ru_inblock);
974     target_rusage->ru_oublock = tswapal(rusage->ru_oublock);
975     target_rusage->ru_msgsnd = tswapal(rusage->ru_msgsnd);
976     target_rusage->ru_msgrcv = tswapal(rusage->ru_msgrcv);
977     target_rusage->ru_nsignals = tswapal(rusage->ru_nsignals);
978     target_rusage->ru_nvcsw = tswapal(rusage->ru_nvcsw);
979     target_rusage->ru_nivcsw = tswapal(rusage->ru_nivcsw);
980     unlock_user_struct(target_rusage, target_addr, 1);
981 
982     return 0;
983 }
984 
985 #ifdef TARGET_NR_setrlimit
986 static inline rlim_t target_to_host_rlim(abi_ulong target_rlim)
987 {
988     abi_ulong target_rlim_swap;
989     rlim_t result;
990 
991     target_rlim_swap = tswapal(target_rlim);
992     if (target_rlim_swap == TARGET_RLIM_INFINITY)
993         return RLIM_INFINITY;
994 
995     result = target_rlim_swap;
996     if (target_rlim_swap != (rlim_t)result)
997         return RLIM_INFINITY;
998 
999     return result;
1000 }
1001 #endif
1002 
1003 #if defined(TARGET_NR_getrlimit) || defined(TARGET_NR_ugetrlimit)
1004 static inline abi_ulong host_to_target_rlim(rlim_t rlim)
1005 {
1006     abi_ulong target_rlim_swap;
1007     abi_ulong result;
1008 
1009     if (rlim == RLIM_INFINITY || rlim != (abi_long)rlim)
1010         target_rlim_swap = TARGET_RLIM_INFINITY;
1011     else
1012         target_rlim_swap = rlim;
1013     result = tswapal(target_rlim_swap);
1014 
1015     return result;
1016 }
1017 #endif
1018 
1019 static inline int target_to_host_resource(int code)
1020 {
1021     switch (code) {
1022     case TARGET_RLIMIT_AS:
1023         return RLIMIT_AS;
1024     case TARGET_RLIMIT_CORE:
1025         return RLIMIT_CORE;
1026     case TARGET_RLIMIT_CPU:
1027         return RLIMIT_CPU;
1028     case TARGET_RLIMIT_DATA:
1029         return RLIMIT_DATA;
1030     case TARGET_RLIMIT_FSIZE:
1031         return RLIMIT_FSIZE;
1032     case TARGET_RLIMIT_LOCKS:
1033         return RLIMIT_LOCKS;
1034     case TARGET_RLIMIT_MEMLOCK:
1035         return RLIMIT_MEMLOCK;
1036     case TARGET_RLIMIT_MSGQUEUE:
1037         return RLIMIT_MSGQUEUE;
1038     case TARGET_RLIMIT_NICE:
1039         return RLIMIT_NICE;
1040     case TARGET_RLIMIT_NOFILE:
1041         return RLIMIT_NOFILE;
1042     case TARGET_RLIMIT_NPROC:
1043         return RLIMIT_NPROC;
1044     case TARGET_RLIMIT_RSS:
1045         return RLIMIT_RSS;
1046     case TARGET_RLIMIT_RTPRIO:
1047         return RLIMIT_RTPRIO;
1048 #ifdef RLIMIT_RTTIME
1049     case TARGET_RLIMIT_RTTIME:
1050         return RLIMIT_RTTIME;
1051 #endif
1052     case TARGET_RLIMIT_SIGPENDING:
1053         return RLIMIT_SIGPENDING;
1054     case TARGET_RLIMIT_STACK:
1055         return RLIMIT_STACK;
1056     default:
1057         return code;
1058     }
1059 }
1060 
1061 static inline abi_long copy_from_user_timeval(struct timeval *tv,
1062                                               abi_ulong target_tv_addr)
1063 {
1064     struct target_timeval *target_tv;
1065 
1066     if (!lock_user_struct(VERIFY_READ, target_tv, target_tv_addr, 1)) {
1067         return -TARGET_EFAULT;
1068     }
1069 
1070     __get_user(tv->tv_sec, &target_tv->tv_sec);
1071     __get_user(tv->tv_usec, &target_tv->tv_usec);
1072 
1073     unlock_user_struct(target_tv, target_tv_addr, 0);
1074 
1075     return 0;
1076 }
1077 
1078 static inline abi_long copy_to_user_timeval(abi_ulong target_tv_addr,
1079                                             const struct timeval *tv)
1080 {
1081     struct target_timeval *target_tv;
1082 
1083     if (!lock_user_struct(VERIFY_WRITE, target_tv, target_tv_addr, 0)) {
1084         return -TARGET_EFAULT;
1085     }
1086 
1087     __put_user(tv->tv_sec, &target_tv->tv_sec);
1088     __put_user(tv->tv_usec, &target_tv->tv_usec);
1089 
1090     unlock_user_struct(target_tv, target_tv_addr, 1);
1091 
1092     return 0;
1093 }
1094 
1095 #if defined(TARGET_NR_clock_adjtime64) && defined(CONFIG_CLOCK_ADJTIME)
1096 static inline abi_long copy_from_user_timeval64(struct timeval *tv,
1097                                                 abi_ulong target_tv_addr)
1098 {
1099     struct target__kernel_sock_timeval *target_tv;
1100 
1101     if (!lock_user_struct(VERIFY_READ, target_tv, target_tv_addr, 1)) {
1102         return -TARGET_EFAULT;
1103     }
1104 
1105     __get_user(tv->tv_sec, &target_tv->tv_sec);
1106     __get_user(tv->tv_usec, &target_tv->tv_usec);
1107 
1108     unlock_user_struct(target_tv, target_tv_addr, 0);
1109 
1110     return 0;
1111 }
1112 #endif
1113 
1114 static inline abi_long copy_to_user_timeval64(abi_ulong target_tv_addr,
1115                                               const struct timeval *tv)
1116 {
1117     struct target__kernel_sock_timeval *target_tv;
1118 
1119     if (!lock_user_struct(VERIFY_WRITE, target_tv, target_tv_addr, 0)) {
1120         return -TARGET_EFAULT;
1121     }
1122 
1123     __put_user(tv->tv_sec, &target_tv->tv_sec);
1124     __put_user(tv->tv_usec, &target_tv->tv_usec);
1125 
1126     unlock_user_struct(target_tv, target_tv_addr, 1);
1127 
1128     return 0;
1129 }
1130 
1131 #if defined(TARGET_NR_futex) || \
1132     defined(TARGET_NR_rt_sigtimedwait) || \
1133     defined(TARGET_NR_pselect6) || defined(TARGET_NR_pselect6) || \
1134     defined(TARGET_NR_nanosleep) || defined(TARGET_NR_clock_settime) || \
1135     defined(TARGET_NR_utimensat) || defined(TARGET_NR_mq_timedsend) || \
1136     defined(TARGET_NR_mq_timedreceive) || defined(TARGET_NR_ipc) || \
1137     defined(TARGET_NR_semop) || defined(TARGET_NR_semtimedop) || \
1138     defined(TARGET_NR_timer_settime) || \
1139     (defined(TARGET_NR_timerfd_settime) && defined(CONFIG_TIMERFD))
1140 static inline abi_long target_to_host_timespec(struct timespec *host_ts,
1141                                                abi_ulong target_addr)
1142 {
1143     struct target_timespec *target_ts;
1144 
1145     if (!lock_user_struct(VERIFY_READ, target_ts, target_addr, 1)) {
1146         return -TARGET_EFAULT;
1147     }
1148     __get_user(host_ts->tv_sec, &target_ts->tv_sec);
1149     __get_user(host_ts->tv_nsec, &target_ts->tv_nsec);
1150     unlock_user_struct(target_ts, target_addr, 0);
1151     return 0;
1152 }
1153 #endif
1154 
1155 #if defined(TARGET_NR_clock_settime64) || defined(TARGET_NR_futex_time64) || \
1156     defined(TARGET_NR_timer_settime64) || \
1157     defined(TARGET_NR_mq_timedsend_time64) || \
1158     defined(TARGET_NR_mq_timedreceive_time64) || \
1159     (defined(TARGET_NR_timerfd_settime64) && defined(CONFIG_TIMERFD)) || \
1160     defined(TARGET_NR_clock_nanosleep_time64) || \
1161     defined(TARGET_NR_rt_sigtimedwait_time64) || \
1162     defined(TARGET_NR_utimensat) || \
1163     defined(TARGET_NR_utimensat_time64) || \
1164     defined(TARGET_NR_semtimedop_time64) || \
1165     defined(TARGET_NR_pselect6_time64) || defined(TARGET_NR_ppoll_time64)
1166 static inline abi_long target_to_host_timespec64(struct timespec *host_ts,
1167                                                  abi_ulong target_addr)
1168 {
1169     struct target__kernel_timespec *target_ts;
1170 
1171     if (!lock_user_struct(VERIFY_READ, target_ts, target_addr, 1)) {
1172         return -TARGET_EFAULT;
1173     }
1174     __get_user(host_ts->tv_sec, &target_ts->tv_sec);
1175     __get_user(host_ts->tv_nsec, &target_ts->tv_nsec);
1176     /* in 32bit mode, this drops the padding */
1177     host_ts->tv_nsec = (long)(abi_long)host_ts->tv_nsec;
1178     unlock_user_struct(target_ts, target_addr, 0);
1179     return 0;
1180 }
1181 #endif
1182 
1183 static inline abi_long host_to_target_timespec(abi_ulong target_addr,
1184                                                struct timespec *host_ts)
1185 {
1186     struct target_timespec *target_ts;
1187 
1188     if (!lock_user_struct(VERIFY_WRITE, target_ts, target_addr, 0)) {
1189         return -TARGET_EFAULT;
1190     }
1191     __put_user(host_ts->tv_sec, &target_ts->tv_sec);
1192     __put_user(host_ts->tv_nsec, &target_ts->tv_nsec);
1193     unlock_user_struct(target_ts, target_addr, 1);
1194     return 0;
1195 }
1196 
1197 static inline abi_long host_to_target_timespec64(abi_ulong target_addr,
1198                                                  struct timespec *host_ts)
1199 {
1200     struct target__kernel_timespec *target_ts;
1201 
1202     if (!lock_user_struct(VERIFY_WRITE, target_ts, target_addr, 0)) {
1203         return -TARGET_EFAULT;
1204     }
1205     __put_user(host_ts->tv_sec, &target_ts->tv_sec);
1206     __put_user(host_ts->tv_nsec, &target_ts->tv_nsec);
1207     unlock_user_struct(target_ts, target_addr, 1);
1208     return 0;
1209 }
1210 
1211 #if defined(TARGET_NR_gettimeofday)
1212 static inline abi_long copy_to_user_timezone(abi_ulong target_tz_addr,
1213                                              struct timezone *tz)
1214 {
1215     struct target_timezone *target_tz;
1216 
1217     if (!lock_user_struct(VERIFY_WRITE, target_tz, target_tz_addr, 1)) {
1218         return -TARGET_EFAULT;
1219     }
1220 
1221     __put_user(tz->tz_minuteswest, &target_tz->tz_minuteswest);
1222     __put_user(tz->tz_dsttime, &target_tz->tz_dsttime);
1223 
1224     unlock_user_struct(target_tz, target_tz_addr, 1);
1225 
1226     return 0;
1227 }
1228 #endif
1229 
1230 #if defined(TARGET_NR_settimeofday)
1231 static inline abi_long copy_from_user_timezone(struct timezone *tz,
1232                                                abi_ulong target_tz_addr)
1233 {
1234     struct target_timezone *target_tz;
1235 
1236     if (!lock_user_struct(VERIFY_READ, target_tz, target_tz_addr, 1)) {
1237         return -TARGET_EFAULT;
1238     }
1239 
1240     __get_user(tz->tz_minuteswest, &target_tz->tz_minuteswest);
1241     __get_user(tz->tz_dsttime, &target_tz->tz_dsttime);
1242 
1243     unlock_user_struct(target_tz, target_tz_addr, 0);
1244 
1245     return 0;
1246 }
1247 #endif
1248 
1249 #if defined(TARGET_NR_mq_open) && defined(__NR_mq_open)
1250 #include <mqueue.h>
1251 
1252 static inline abi_long copy_from_user_mq_attr(struct mq_attr *attr,
1253                                               abi_ulong target_mq_attr_addr)
1254 {
1255     struct target_mq_attr *target_mq_attr;
1256 
1257     if (!lock_user_struct(VERIFY_READ, target_mq_attr,
1258                           target_mq_attr_addr, 1))
1259         return -TARGET_EFAULT;
1260 
1261     __get_user(attr->mq_flags, &target_mq_attr->mq_flags);
1262     __get_user(attr->mq_maxmsg, &target_mq_attr->mq_maxmsg);
1263     __get_user(attr->mq_msgsize, &target_mq_attr->mq_msgsize);
1264     __get_user(attr->mq_curmsgs, &target_mq_attr->mq_curmsgs);
1265 
1266     unlock_user_struct(target_mq_attr, target_mq_attr_addr, 0);
1267 
1268     return 0;
1269 }
1270 
1271 static inline abi_long copy_to_user_mq_attr(abi_ulong target_mq_attr_addr,
1272                                             const struct mq_attr *attr)
1273 {
1274     struct target_mq_attr *target_mq_attr;
1275 
1276     if (!lock_user_struct(VERIFY_WRITE, target_mq_attr,
1277                           target_mq_attr_addr, 0))
1278         return -TARGET_EFAULT;
1279 
1280     __put_user(attr->mq_flags, &target_mq_attr->mq_flags);
1281     __put_user(attr->mq_maxmsg, &target_mq_attr->mq_maxmsg);
1282     __put_user(attr->mq_msgsize, &target_mq_attr->mq_msgsize);
1283     __put_user(attr->mq_curmsgs, &target_mq_attr->mq_curmsgs);
1284 
1285     unlock_user_struct(target_mq_attr, target_mq_attr_addr, 1);
1286 
1287     return 0;
1288 }
1289 #endif
1290 
1291 #if defined(TARGET_NR_select) || defined(TARGET_NR__newselect)
1292 /* do_select() must return target values and target errnos. */
1293 static abi_long do_select(int n,
1294                           abi_ulong rfd_addr, abi_ulong wfd_addr,
1295                           abi_ulong efd_addr, abi_ulong target_tv_addr)
1296 {
1297     fd_set rfds, wfds, efds;
1298     fd_set *rfds_ptr, *wfds_ptr, *efds_ptr;
1299     struct timeval tv;
1300     struct timespec ts, *ts_ptr;
1301     abi_long ret;
1302 
1303     ret = copy_from_user_fdset_ptr(&rfds, &rfds_ptr, rfd_addr, n);
1304     if (ret) {
1305         return ret;
1306     }
1307     ret = copy_from_user_fdset_ptr(&wfds, &wfds_ptr, wfd_addr, n);
1308     if (ret) {
1309         return ret;
1310     }
1311     ret = copy_from_user_fdset_ptr(&efds, &efds_ptr, efd_addr, n);
1312     if (ret) {
1313         return ret;
1314     }
1315 
1316     if (target_tv_addr) {
1317         if (copy_from_user_timeval(&tv, target_tv_addr))
1318             return -TARGET_EFAULT;
1319         ts.tv_sec = tv.tv_sec;
1320         ts.tv_nsec = tv.tv_usec * 1000;
1321         ts_ptr = &ts;
1322     } else {
1323         ts_ptr = NULL;
1324     }
1325 
1326     ret = get_errno(safe_pselect6(n, rfds_ptr, wfds_ptr, efds_ptr,
1327                                   ts_ptr, NULL));
1328 
1329     if (!is_error(ret)) {
1330         if (rfd_addr && copy_to_user_fdset(rfd_addr, &rfds, n))
1331             return -TARGET_EFAULT;
1332         if (wfd_addr && copy_to_user_fdset(wfd_addr, &wfds, n))
1333             return -TARGET_EFAULT;
1334         if (efd_addr && copy_to_user_fdset(efd_addr, &efds, n))
1335             return -TARGET_EFAULT;
1336 
1337         if (target_tv_addr) {
1338             tv.tv_sec = ts.tv_sec;
1339             tv.tv_usec = ts.tv_nsec / 1000;
1340             if (copy_to_user_timeval(target_tv_addr, &tv)) {
1341                 return -TARGET_EFAULT;
1342             }
1343         }
1344     }
1345 
1346     return ret;
1347 }
1348 
1349 #if defined(TARGET_WANT_OLD_SYS_SELECT)
1350 static abi_long do_old_select(abi_ulong arg1)
1351 {
1352     struct target_sel_arg_struct *sel;
1353     abi_ulong inp, outp, exp, tvp;
1354     long nsel;
1355 
1356     if (!lock_user_struct(VERIFY_READ, sel, arg1, 1)) {
1357         return -TARGET_EFAULT;
1358     }
1359 
1360     nsel = tswapal(sel->n);
1361     inp = tswapal(sel->inp);
1362     outp = tswapal(sel->outp);
1363     exp = tswapal(sel->exp);
1364     tvp = tswapal(sel->tvp);
1365 
1366     unlock_user_struct(sel, arg1, 0);
1367 
1368     return do_select(nsel, inp, outp, exp, tvp);
1369 }
1370 #endif
1371 #endif
1372 
1373 #if defined(TARGET_NR_pselect6) || defined(TARGET_NR_pselect6_time64)
1374 static abi_long do_pselect6(abi_long arg1, abi_long arg2, abi_long arg3,
1375                             abi_long arg4, abi_long arg5, abi_long arg6,
1376                             bool time64)
1377 {
1378     abi_long rfd_addr, wfd_addr, efd_addr, n, ts_addr;
1379     fd_set rfds, wfds, efds;
1380     fd_set *rfds_ptr, *wfds_ptr, *efds_ptr;
1381     struct timespec ts, *ts_ptr;
1382     abi_long ret;
1383 
1384     /*
1385      * The 6th arg is actually two args smashed together,
1386      * so we cannot use the C library.
1387      */
1388     struct {
1389         sigset_t *set;
1390         size_t size;
1391     } sig, *sig_ptr;
1392 
1393     abi_ulong arg_sigset, arg_sigsize, *arg7;
1394 
1395     n = arg1;
1396     rfd_addr = arg2;
1397     wfd_addr = arg3;
1398     efd_addr = arg4;
1399     ts_addr = arg5;
1400 
1401     ret = copy_from_user_fdset_ptr(&rfds, &rfds_ptr, rfd_addr, n);
1402     if (ret) {
1403         return ret;
1404     }
1405     ret = copy_from_user_fdset_ptr(&wfds, &wfds_ptr, wfd_addr, n);
1406     if (ret) {
1407         return ret;
1408     }
1409     ret = copy_from_user_fdset_ptr(&efds, &efds_ptr, efd_addr, n);
1410     if (ret) {
1411         return ret;
1412     }
1413 
1414     /*
1415      * This takes a timespec, and not a timeval, so we cannot
1416      * use the do_select() helper ...
1417      */
1418     if (ts_addr) {
1419         if (time64) {
1420             if (target_to_host_timespec64(&ts, ts_addr)) {
1421                 return -TARGET_EFAULT;
1422             }
1423         } else {
1424             if (target_to_host_timespec(&ts, ts_addr)) {
1425                 return -TARGET_EFAULT;
1426             }
1427         }
1428             ts_ptr = &ts;
1429     } else {
1430         ts_ptr = NULL;
1431     }
1432 
1433     /* Extract the two packed args for the sigset */
1434     sig_ptr = NULL;
1435     if (arg6) {
1436         arg7 = lock_user(VERIFY_READ, arg6, sizeof(*arg7) * 2, 1);
1437         if (!arg7) {
1438             return -TARGET_EFAULT;
1439         }
1440         arg_sigset = tswapal(arg7[0]);
1441         arg_sigsize = tswapal(arg7[1]);
1442         unlock_user(arg7, arg6, 0);
1443 
1444         if (arg_sigset) {
1445             ret = process_sigsuspend_mask(&sig.set, arg_sigset, arg_sigsize);
1446             if (ret != 0) {
1447                 return ret;
1448             }
1449             sig_ptr = &sig;
1450             sig.size = SIGSET_T_SIZE;
1451         }
1452     }
1453 
1454     ret = get_errno(safe_pselect6(n, rfds_ptr, wfds_ptr, efds_ptr,
1455                                   ts_ptr, sig_ptr));
1456 
1457     if (sig_ptr) {
1458         finish_sigsuspend_mask(ret);
1459     }
1460 
1461     if (!is_error(ret)) {
1462         if (rfd_addr && copy_to_user_fdset(rfd_addr, &rfds, n)) {
1463             return -TARGET_EFAULT;
1464         }
1465         if (wfd_addr && copy_to_user_fdset(wfd_addr, &wfds, n)) {
1466             return -TARGET_EFAULT;
1467         }
1468         if (efd_addr && copy_to_user_fdset(efd_addr, &efds, n)) {
1469             return -TARGET_EFAULT;
1470         }
1471         if (time64) {
1472             if (ts_addr && host_to_target_timespec64(ts_addr, &ts)) {
1473                 return -TARGET_EFAULT;
1474             }
1475         } else {
1476             if (ts_addr && host_to_target_timespec(ts_addr, &ts)) {
1477                 return -TARGET_EFAULT;
1478             }
1479         }
1480     }
1481     return ret;
1482 }
1483 #endif
1484 
1485 #if defined(TARGET_NR_poll) || defined(TARGET_NR_ppoll) || \
1486     defined(TARGET_NR_ppoll_time64)
1487 static abi_long do_ppoll(abi_long arg1, abi_long arg2, abi_long arg3,
1488                          abi_long arg4, abi_long arg5, bool ppoll, bool time64)
1489 {
1490     struct target_pollfd *target_pfd;
1491     unsigned int nfds = arg2;
1492     struct pollfd *pfd;
1493     unsigned int i;
1494     abi_long ret;
1495 
1496     pfd = NULL;
1497     target_pfd = NULL;
1498     if (nfds) {
1499         if (nfds > (INT_MAX / sizeof(struct target_pollfd))) {
1500             return -TARGET_EINVAL;
1501         }
1502         target_pfd = lock_user(VERIFY_WRITE, arg1,
1503                                sizeof(struct target_pollfd) * nfds, 1);
1504         if (!target_pfd) {
1505             return -TARGET_EFAULT;
1506         }
1507 
1508         pfd = alloca(sizeof(struct pollfd) * nfds);
1509         for (i = 0; i < nfds; i++) {
1510             pfd[i].fd = tswap32(target_pfd[i].fd);
1511             pfd[i].events = tswap16(target_pfd[i].events);
1512         }
1513     }
1514     if (ppoll) {
1515         struct timespec _timeout_ts, *timeout_ts = &_timeout_ts;
1516         sigset_t *set = NULL;
1517 
1518         if (arg3) {
1519             if (time64) {
1520                 if (target_to_host_timespec64(timeout_ts, arg3)) {
1521                     unlock_user(target_pfd, arg1, 0);
1522                     return -TARGET_EFAULT;
1523                 }
1524             } else {
1525                 if (target_to_host_timespec(timeout_ts, arg3)) {
1526                     unlock_user(target_pfd, arg1, 0);
1527                     return -TARGET_EFAULT;
1528                 }
1529             }
1530         } else {
1531             timeout_ts = NULL;
1532         }
1533 
1534         if (arg4) {
1535             ret = process_sigsuspend_mask(&set, arg4, arg5);
1536             if (ret != 0) {
1537                 unlock_user(target_pfd, arg1, 0);
1538                 return ret;
1539             }
1540         }
1541 
1542         ret = get_errno(safe_ppoll(pfd, nfds, timeout_ts,
1543                                    set, SIGSET_T_SIZE));
1544 
1545         if (set) {
1546             finish_sigsuspend_mask(ret);
1547         }
1548         if (!is_error(ret) && arg3) {
1549             if (time64) {
1550                 if (host_to_target_timespec64(arg3, timeout_ts)) {
1551                     return -TARGET_EFAULT;
1552                 }
1553             } else {
1554                 if (host_to_target_timespec(arg3, timeout_ts)) {
1555                     return -TARGET_EFAULT;
1556                 }
1557             }
1558         }
1559     } else {
1560           struct timespec ts, *pts;
1561 
1562           if (arg3 >= 0) {
1563               /* Convert ms to secs, ns */
1564               ts.tv_sec = arg3 / 1000;
1565               ts.tv_nsec = (arg3 % 1000) * 1000000LL;
1566               pts = &ts;
1567           } else {
1568               /* -ve poll() timeout means "infinite" */
1569               pts = NULL;
1570           }
1571           ret = get_errno(safe_ppoll(pfd, nfds, pts, NULL, 0));
1572     }
1573 
1574     if (!is_error(ret)) {
1575         for (i = 0; i < nfds; i++) {
1576             target_pfd[i].revents = tswap16(pfd[i].revents);
1577         }
1578     }
1579     unlock_user(target_pfd, arg1, sizeof(struct target_pollfd) * nfds);
1580     return ret;
1581 }
1582 #endif
1583 
1584 static abi_long do_pipe(CPUArchState *cpu_env, abi_ulong pipedes,
1585                         int flags, int is_pipe2)
1586 {
1587     int host_pipe[2];
1588     abi_long ret;
1589     ret = pipe2(host_pipe, flags);
1590 
1591     if (is_error(ret))
1592         return get_errno(ret);
1593 
1594     /* Several targets have special calling conventions for the original
1595        pipe syscall, but didn't replicate this into the pipe2 syscall.  */
1596     if (!is_pipe2) {
1597 #if defined(TARGET_ALPHA)
1598         cpu_env->ir[IR_A4] = host_pipe[1];
1599         return host_pipe[0];
1600 #elif defined(TARGET_MIPS)
1601         cpu_env->active_tc.gpr[3] = host_pipe[1];
1602         return host_pipe[0];
1603 #elif defined(TARGET_SH4)
1604         cpu_env->gregs[1] = host_pipe[1];
1605         return host_pipe[0];
1606 #elif defined(TARGET_SPARC)
1607         cpu_env->regwptr[1] = host_pipe[1];
1608         return host_pipe[0];
1609 #endif
1610     }
1611 
1612     if (put_user_s32(host_pipe[0], pipedes)
1613         || put_user_s32(host_pipe[1], pipedes + sizeof(abi_int)))
1614         return -TARGET_EFAULT;
1615     return get_errno(ret);
1616 }
1617 
1618 static inline abi_long target_to_host_ip_mreq(struct ip_mreqn *mreqn,
1619                                               abi_ulong target_addr,
1620                                               socklen_t len)
1621 {
1622     struct target_ip_mreqn *target_smreqn;
1623 
1624     target_smreqn = lock_user(VERIFY_READ, target_addr, len, 1);
1625     if (!target_smreqn)
1626         return -TARGET_EFAULT;
1627     mreqn->imr_multiaddr.s_addr = target_smreqn->imr_multiaddr.s_addr;
1628     mreqn->imr_address.s_addr = target_smreqn->imr_address.s_addr;
1629     if (len == sizeof(struct target_ip_mreqn))
1630         mreqn->imr_ifindex = tswapal(target_smreqn->imr_ifindex);
1631     unlock_user(target_smreqn, target_addr, 0);
1632 
1633     return 0;
1634 }
1635 
1636 static inline abi_long target_to_host_sockaddr(int fd, struct sockaddr *addr,
1637                                                abi_ulong target_addr,
1638                                                socklen_t len)
1639 {
1640     const socklen_t unix_maxlen = sizeof (struct sockaddr_un);
1641     sa_family_t sa_family;
1642     struct target_sockaddr *target_saddr;
1643 
1644     if (fd_trans_target_to_host_addr(fd)) {
1645         return fd_trans_target_to_host_addr(fd)(addr, target_addr, len);
1646     }
1647 
1648     target_saddr = lock_user(VERIFY_READ, target_addr, len, 1);
1649     if (!target_saddr)
1650         return -TARGET_EFAULT;
1651 
1652     sa_family = tswap16(target_saddr->sa_family);
1653 
1654     /* Oops. The caller might send a incomplete sun_path; sun_path
1655      * must be terminated by \0 (see the manual page), but
1656      * unfortunately it is quite common to specify sockaddr_un
1657      * length as "strlen(x->sun_path)" while it should be
1658      * "strlen(...) + 1". We'll fix that here if needed.
1659      * Linux kernel has a similar feature.
1660      */
1661 
1662     if (sa_family == AF_UNIX) {
1663         if (len < unix_maxlen && len > 0) {
1664             char *cp = (char*)target_saddr;
1665 
1666             if ( cp[len-1] && !cp[len] )
1667                 len++;
1668         }
1669         if (len > unix_maxlen)
1670             len = unix_maxlen;
1671     }
1672 
1673     memcpy(addr, target_saddr, len);
1674     addr->sa_family = sa_family;
1675     if (sa_family == AF_NETLINK) {
1676         struct sockaddr_nl *nladdr;
1677 
1678         nladdr = (struct sockaddr_nl *)addr;
1679         nladdr->nl_pid = tswap32(nladdr->nl_pid);
1680         nladdr->nl_groups = tswap32(nladdr->nl_groups);
1681     } else if (sa_family == AF_PACKET) {
1682 	struct target_sockaddr_ll *lladdr;
1683 
1684 	lladdr = (struct target_sockaddr_ll *)addr;
1685 	lladdr->sll_ifindex = tswap32(lladdr->sll_ifindex);
1686 	lladdr->sll_hatype = tswap16(lladdr->sll_hatype);
1687     } else if (sa_family == AF_INET6) {
1688         struct sockaddr_in6 *in6addr;
1689 
1690         in6addr = (struct sockaddr_in6 *)addr;
1691         in6addr->sin6_scope_id = tswap32(in6addr->sin6_scope_id);
1692     }
1693     unlock_user(target_saddr, target_addr, 0);
1694 
1695     return 0;
1696 }
1697 
1698 static inline abi_long host_to_target_sockaddr(abi_ulong target_addr,
1699                                                struct sockaddr *addr,
1700                                                socklen_t len)
1701 {
1702     struct target_sockaddr *target_saddr;
1703 
1704     if (len == 0) {
1705         return 0;
1706     }
1707     assert(addr);
1708 
1709     target_saddr = lock_user(VERIFY_WRITE, target_addr, len, 0);
1710     if (!target_saddr)
1711         return -TARGET_EFAULT;
1712     memcpy(target_saddr, addr, len);
1713     if (len >= offsetof(struct target_sockaddr, sa_family) +
1714         sizeof(target_saddr->sa_family)) {
1715         target_saddr->sa_family = tswap16(addr->sa_family);
1716     }
1717     if (addr->sa_family == AF_NETLINK &&
1718         len >= sizeof(struct target_sockaddr_nl)) {
1719         struct target_sockaddr_nl *target_nl =
1720                (struct target_sockaddr_nl *)target_saddr;
1721         target_nl->nl_pid = tswap32(target_nl->nl_pid);
1722         target_nl->nl_groups = tswap32(target_nl->nl_groups);
1723     } else if (addr->sa_family == AF_PACKET) {
1724         struct sockaddr_ll *target_ll = (struct sockaddr_ll *)target_saddr;
1725         target_ll->sll_ifindex = tswap32(target_ll->sll_ifindex);
1726         target_ll->sll_hatype = tswap16(target_ll->sll_hatype);
1727     } else if (addr->sa_family == AF_INET6 &&
1728                len >= sizeof(struct target_sockaddr_in6)) {
1729         struct target_sockaddr_in6 *target_in6 =
1730                (struct target_sockaddr_in6 *)target_saddr;
1731         target_in6->sin6_scope_id = tswap16(target_in6->sin6_scope_id);
1732     }
1733     unlock_user(target_saddr, target_addr, len);
1734 
1735     return 0;
1736 }
1737 
1738 static inline abi_long target_to_host_cmsg(struct msghdr *msgh,
1739                                            struct target_msghdr *target_msgh)
1740 {
1741     struct cmsghdr *cmsg = CMSG_FIRSTHDR(msgh);
1742     abi_long msg_controllen;
1743     abi_ulong target_cmsg_addr;
1744     struct target_cmsghdr *target_cmsg, *target_cmsg_start;
1745     socklen_t space = 0;
1746 
1747     msg_controllen = tswapal(target_msgh->msg_controllen);
1748     if (msg_controllen < sizeof (struct target_cmsghdr))
1749         goto the_end;
1750     target_cmsg_addr = tswapal(target_msgh->msg_control);
1751     target_cmsg = lock_user(VERIFY_READ, target_cmsg_addr, msg_controllen, 1);
1752     target_cmsg_start = target_cmsg;
1753     if (!target_cmsg)
1754         return -TARGET_EFAULT;
1755 
1756     while (cmsg && target_cmsg) {
1757         void *data = CMSG_DATA(cmsg);
1758         void *target_data = TARGET_CMSG_DATA(target_cmsg);
1759 
1760         int len = tswapal(target_cmsg->cmsg_len)
1761             - sizeof(struct target_cmsghdr);
1762 
1763         space += CMSG_SPACE(len);
1764         if (space > msgh->msg_controllen) {
1765             space -= CMSG_SPACE(len);
1766             /* This is a QEMU bug, since we allocated the payload
1767              * area ourselves (unlike overflow in host-to-target
1768              * conversion, which is just the guest giving us a buffer
1769              * that's too small). It can't happen for the payload types
1770              * we currently support; if it becomes an issue in future
1771              * we would need to improve our allocation strategy to
1772              * something more intelligent than "twice the size of the
1773              * target buffer we're reading from".
1774              */
1775             qemu_log_mask(LOG_UNIMP,
1776                           ("Unsupported ancillary data %d/%d: "
1777                            "unhandled msg size\n"),
1778                           tswap32(target_cmsg->cmsg_level),
1779                           tswap32(target_cmsg->cmsg_type));
1780             break;
1781         }
1782 
1783         if (tswap32(target_cmsg->cmsg_level) == TARGET_SOL_SOCKET) {
1784             cmsg->cmsg_level = SOL_SOCKET;
1785         } else {
1786             cmsg->cmsg_level = tswap32(target_cmsg->cmsg_level);
1787         }
1788         cmsg->cmsg_type = tswap32(target_cmsg->cmsg_type);
1789         cmsg->cmsg_len = CMSG_LEN(len);
1790 
1791         if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {
1792             int *fd = (int *)data;
1793             int *target_fd = (int *)target_data;
1794             int i, numfds = len / sizeof(int);
1795 
1796             for (i = 0; i < numfds; i++) {
1797                 __get_user(fd[i], target_fd + i);
1798             }
1799         } else if (cmsg->cmsg_level == SOL_SOCKET
1800                &&  cmsg->cmsg_type == SCM_CREDENTIALS) {
1801             struct ucred *cred = (struct ucred *)data;
1802             struct target_ucred *target_cred =
1803                 (struct target_ucred *)target_data;
1804 
1805             __get_user(cred->pid, &target_cred->pid);
1806             __get_user(cred->uid, &target_cred->uid);
1807             __get_user(cred->gid, &target_cred->gid);
1808         } else if (cmsg->cmsg_level == SOL_ALG) {
1809             uint32_t *dst = (uint32_t *)data;
1810 
1811             memcpy(dst, target_data, len);
1812             /* fix endianess of first 32-bit word */
1813             if (len >= sizeof(uint32_t)) {
1814                 *dst = tswap32(*dst);
1815             }
1816         } else {
1817             qemu_log_mask(LOG_UNIMP, "Unsupported ancillary data: %d/%d\n",
1818                           cmsg->cmsg_level, cmsg->cmsg_type);
1819             memcpy(data, target_data, len);
1820         }
1821 
1822         cmsg = CMSG_NXTHDR(msgh, cmsg);
1823         target_cmsg = TARGET_CMSG_NXTHDR(target_msgh, target_cmsg,
1824                                          target_cmsg_start);
1825     }
1826     unlock_user(target_cmsg, target_cmsg_addr, 0);
1827  the_end:
1828     msgh->msg_controllen = space;
1829     return 0;
1830 }
1831 
1832 static inline abi_long host_to_target_cmsg(struct target_msghdr *target_msgh,
1833                                            struct msghdr *msgh)
1834 {
1835     struct cmsghdr *cmsg = CMSG_FIRSTHDR(msgh);
1836     abi_long msg_controllen;
1837     abi_ulong target_cmsg_addr;
1838     struct target_cmsghdr *target_cmsg, *target_cmsg_start;
1839     socklen_t space = 0;
1840 
1841     msg_controllen = tswapal(target_msgh->msg_controllen);
1842     if (msg_controllen < sizeof (struct target_cmsghdr))
1843         goto the_end;
1844     target_cmsg_addr = tswapal(target_msgh->msg_control);
1845     target_cmsg = lock_user(VERIFY_WRITE, target_cmsg_addr, msg_controllen, 0);
1846     target_cmsg_start = target_cmsg;
1847     if (!target_cmsg)
1848         return -TARGET_EFAULT;
1849 
1850     while (cmsg && target_cmsg) {
1851         void *data = CMSG_DATA(cmsg);
1852         void *target_data = TARGET_CMSG_DATA(target_cmsg);
1853 
1854         int len = cmsg->cmsg_len - sizeof(struct cmsghdr);
1855         int tgt_len, tgt_space;
1856 
1857         /* We never copy a half-header but may copy half-data;
1858          * this is Linux's behaviour in put_cmsg(). Note that
1859          * truncation here is a guest problem (which we report
1860          * to the guest via the CTRUNC bit), unlike truncation
1861          * in target_to_host_cmsg, which is a QEMU bug.
1862          */
1863         if (msg_controllen < sizeof(struct target_cmsghdr)) {
1864             target_msgh->msg_flags |= tswap32(MSG_CTRUNC);
1865             break;
1866         }
1867 
1868         if (cmsg->cmsg_level == SOL_SOCKET) {
1869             target_cmsg->cmsg_level = tswap32(TARGET_SOL_SOCKET);
1870         } else {
1871             target_cmsg->cmsg_level = tswap32(cmsg->cmsg_level);
1872         }
1873         target_cmsg->cmsg_type = tswap32(cmsg->cmsg_type);
1874 
1875         /* Payload types which need a different size of payload on
1876          * the target must adjust tgt_len here.
1877          */
1878         tgt_len = len;
1879         switch (cmsg->cmsg_level) {
1880         case SOL_SOCKET:
1881             switch (cmsg->cmsg_type) {
1882             case SO_TIMESTAMP:
1883                 tgt_len = sizeof(struct target_timeval);
1884                 break;
1885             default:
1886                 break;
1887             }
1888             break;
1889         default:
1890             break;
1891         }
1892 
1893         if (msg_controllen < TARGET_CMSG_LEN(tgt_len)) {
1894             target_msgh->msg_flags |= tswap32(MSG_CTRUNC);
1895             tgt_len = msg_controllen - sizeof(struct target_cmsghdr);
1896         }
1897 
1898         /* We must now copy-and-convert len bytes of payload
1899          * into tgt_len bytes of destination space. Bear in mind
1900          * that in both source and destination we may be dealing
1901          * with a truncated value!
1902          */
1903         switch (cmsg->cmsg_level) {
1904         case SOL_SOCKET:
1905             switch (cmsg->cmsg_type) {
1906             case SCM_RIGHTS:
1907             {
1908                 int *fd = (int *)data;
1909                 int *target_fd = (int *)target_data;
1910                 int i, numfds = tgt_len / sizeof(int);
1911 
1912                 for (i = 0; i < numfds; i++) {
1913                     __put_user(fd[i], target_fd + i);
1914                 }
1915                 break;
1916             }
1917             case SO_TIMESTAMP:
1918             {
1919                 struct timeval *tv = (struct timeval *)data;
1920                 struct target_timeval *target_tv =
1921                     (struct target_timeval *)target_data;
1922 
1923                 if (len != sizeof(struct timeval) ||
1924                     tgt_len != sizeof(struct target_timeval)) {
1925                     goto unimplemented;
1926                 }
1927 
1928                 /* copy struct timeval to target */
1929                 __put_user(tv->tv_sec, &target_tv->tv_sec);
1930                 __put_user(tv->tv_usec, &target_tv->tv_usec);
1931                 break;
1932             }
1933             case SCM_CREDENTIALS:
1934             {
1935                 struct ucred *cred = (struct ucred *)data;
1936                 struct target_ucred *target_cred =
1937                     (struct target_ucred *)target_data;
1938 
1939                 __put_user(cred->pid, &target_cred->pid);
1940                 __put_user(cred->uid, &target_cred->uid);
1941                 __put_user(cred->gid, &target_cred->gid);
1942                 break;
1943             }
1944             default:
1945                 goto unimplemented;
1946             }
1947             break;
1948 
1949         case SOL_IP:
1950             switch (cmsg->cmsg_type) {
1951             case IP_TTL:
1952             {
1953                 uint32_t *v = (uint32_t *)data;
1954                 uint32_t *t_int = (uint32_t *)target_data;
1955 
1956                 if (len != sizeof(uint32_t) ||
1957                     tgt_len != sizeof(uint32_t)) {
1958                     goto unimplemented;
1959                 }
1960                 __put_user(*v, t_int);
1961                 break;
1962             }
1963             case IP_RECVERR:
1964             {
1965                 struct errhdr_t {
1966                    struct sock_extended_err ee;
1967                    struct sockaddr_in offender;
1968                 };
1969                 struct errhdr_t *errh = (struct errhdr_t *)data;
1970                 struct errhdr_t *target_errh =
1971                     (struct errhdr_t *)target_data;
1972 
1973                 if (len != sizeof(struct errhdr_t) ||
1974                     tgt_len != sizeof(struct errhdr_t)) {
1975                     goto unimplemented;
1976                 }
1977                 __put_user(errh->ee.ee_errno, &target_errh->ee.ee_errno);
1978                 __put_user(errh->ee.ee_origin, &target_errh->ee.ee_origin);
1979                 __put_user(errh->ee.ee_type,  &target_errh->ee.ee_type);
1980                 __put_user(errh->ee.ee_code, &target_errh->ee.ee_code);
1981                 __put_user(errh->ee.ee_pad, &target_errh->ee.ee_pad);
1982                 __put_user(errh->ee.ee_info, &target_errh->ee.ee_info);
1983                 __put_user(errh->ee.ee_data, &target_errh->ee.ee_data);
1984                 host_to_target_sockaddr((unsigned long) &target_errh->offender,
1985                     (void *) &errh->offender, sizeof(errh->offender));
1986                 break;
1987             }
1988             default:
1989                 goto unimplemented;
1990             }
1991             break;
1992 
1993         case SOL_IPV6:
1994             switch (cmsg->cmsg_type) {
1995             case IPV6_HOPLIMIT:
1996             {
1997                 uint32_t *v = (uint32_t *)data;
1998                 uint32_t *t_int = (uint32_t *)target_data;
1999 
2000                 if (len != sizeof(uint32_t) ||
2001                     tgt_len != sizeof(uint32_t)) {
2002                     goto unimplemented;
2003                 }
2004                 __put_user(*v, t_int);
2005                 break;
2006             }
2007             case IPV6_RECVERR:
2008             {
2009                 struct errhdr6_t {
2010                    struct sock_extended_err ee;
2011                    struct sockaddr_in6 offender;
2012                 };
2013                 struct errhdr6_t *errh = (struct errhdr6_t *)data;
2014                 struct errhdr6_t *target_errh =
2015                     (struct errhdr6_t *)target_data;
2016 
2017                 if (len != sizeof(struct errhdr6_t) ||
2018                     tgt_len != sizeof(struct errhdr6_t)) {
2019                     goto unimplemented;
2020                 }
2021                 __put_user(errh->ee.ee_errno, &target_errh->ee.ee_errno);
2022                 __put_user(errh->ee.ee_origin, &target_errh->ee.ee_origin);
2023                 __put_user(errh->ee.ee_type,  &target_errh->ee.ee_type);
2024                 __put_user(errh->ee.ee_code, &target_errh->ee.ee_code);
2025                 __put_user(errh->ee.ee_pad, &target_errh->ee.ee_pad);
2026                 __put_user(errh->ee.ee_info, &target_errh->ee.ee_info);
2027                 __put_user(errh->ee.ee_data, &target_errh->ee.ee_data);
2028                 host_to_target_sockaddr((unsigned long) &target_errh->offender,
2029                     (void *) &errh->offender, sizeof(errh->offender));
2030                 break;
2031             }
2032             default:
2033                 goto unimplemented;
2034             }
2035             break;
2036 
2037         default:
2038         unimplemented:
2039             qemu_log_mask(LOG_UNIMP, "Unsupported ancillary data: %d/%d\n",
2040                           cmsg->cmsg_level, cmsg->cmsg_type);
2041             memcpy(target_data, data, MIN(len, tgt_len));
2042             if (tgt_len > len) {
2043                 memset(target_data + len, 0, tgt_len - len);
2044             }
2045         }
2046 
2047         target_cmsg->cmsg_len = tswapal(TARGET_CMSG_LEN(tgt_len));
2048         tgt_space = TARGET_CMSG_SPACE(tgt_len);
2049         if (msg_controllen < tgt_space) {
2050             tgt_space = msg_controllen;
2051         }
2052         msg_controllen -= tgt_space;
2053         space += tgt_space;
2054         cmsg = CMSG_NXTHDR(msgh, cmsg);
2055         target_cmsg = TARGET_CMSG_NXTHDR(target_msgh, target_cmsg,
2056                                          target_cmsg_start);
2057     }
2058     unlock_user(target_cmsg, target_cmsg_addr, space);
2059  the_end:
2060     target_msgh->msg_controllen = tswapal(space);
2061     return 0;
2062 }
2063 
2064 /* do_setsockopt() Must return target values and target errnos. */
2065 static abi_long do_setsockopt(int sockfd, int level, int optname,
2066                               abi_ulong optval_addr, socklen_t optlen)
2067 {
2068     abi_long ret;
2069     int val;
2070     struct ip_mreqn *ip_mreq;
2071     struct ip_mreq_source *ip_mreq_source;
2072 
2073     switch(level) {
2074     case SOL_TCP:
2075     case SOL_UDP:
2076         /* TCP and UDP options all take an 'int' value.  */
2077         if (optlen < sizeof(uint32_t))
2078             return -TARGET_EINVAL;
2079 
2080         if (get_user_u32(val, optval_addr))
2081             return -TARGET_EFAULT;
2082         ret = get_errno(setsockopt(sockfd, level, optname, &val, sizeof(val)));
2083         break;
2084     case SOL_IP:
2085         switch(optname) {
2086         case IP_TOS:
2087         case IP_TTL:
2088         case IP_HDRINCL:
2089         case IP_ROUTER_ALERT:
2090         case IP_RECVOPTS:
2091         case IP_RETOPTS:
2092         case IP_PKTINFO:
2093         case IP_MTU_DISCOVER:
2094         case IP_RECVERR:
2095         case IP_RECVTTL:
2096         case IP_RECVTOS:
2097 #ifdef IP_FREEBIND
2098         case IP_FREEBIND:
2099 #endif
2100         case IP_MULTICAST_TTL:
2101         case IP_MULTICAST_LOOP:
2102             val = 0;
2103             if (optlen >= sizeof(uint32_t)) {
2104                 if (get_user_u32(val, optval_addr))
2105                     return -TARGET_EFAULT;
2106             } else if (optlen >= 1) {
2107                 if (get_user_u8(val, optval_addr))
2108                     return -TARGET_EFAULT;
2109             }
2110             ret = get_errno(setsockopt(sockfd, level, optname, &val, sizeof(val)));
2111             break;
2112         case IP_ADD_MEMBERSHIP:
2113         case IP_DROP_MEMBERSHIP:
2114             if (optlen < sizeof (struct target_ip_mreq) ||
2115                 optlen > sizeof (struct target_ip_mreqn))
2116                 return -TARGET_EINVAL;
2117 
2118             ip_mreq = (struct ip_mreqn *) alloca(optlen);
2119             target_to_host_ip_mreq(ip_mreq, optval_addr, optlen);
2120             ret = get_errno(setsockopt(sockfd, level, optname, ip_mreq, optlen));
2121             break;
2122 
2123         case IP_BLOCK_SOURCE:
2124         case IP_UNBLOCK_SOURCE:
2125         case IP_ADD_SOURCE_MEMBERSHIP:
2126         case IP_DROP_SOURCE_MEMBERSHIP:
2127             if (optlen != sizeof (struct target_ip_mreq_source))
2128                 return -TARGET_EINVAL;
2129 
2130             ip_mreq_source = lock_user(VERIFY_READ, optval_addr, optlen, 1);
2131             if (!ip_mreq_source) {
2132                 return -TARGET_EFAULT;
2133             }
2134             ret = get_errno(setsockopt(sockfd, level, optname, ip_mreq_source, optlen));
2135             unlock_user (ip_mreq_source, optval_addr, 0);
2136             break;
2137 
2138         default:
2139             goto unimplemented;
2140         }
2141         break;
2142     case SOL_IPV6:
2143         switch (optname) {
2144         case IPV6_MTU_DISCOVER:
2145         case IPV6_MTU:
2146         case IPV6_V6ONLY:
2147         case IPV6_RECVPKTINFO:
2148         case IPV6_UNICAST_HOPS:
2149         case IPV6_MULTICAST_HOPS:
2150         case IPV6_MULTICAST_LOOP:
2151         case IPV6_RECVERR:
2152         case IPV6_RECVHOPLIMIT:
2153         case IPV6_2292HOPLIMIT:
2154         case IPV6_CHECKSUM:
2155         case IPV6_ADDRFORM:
2156         case IPV6_2292PKTINFO:
2157         case IPV6_RECVTCLASS:
2158         case IPV6_RECVRTHDR:
2159         case IPV6_2292RTHDR:
2160         case IPV6_RECVHOPOPTS:
2161         case IPV6_2292HOPOPTS:
2162         case IPV6_RECVDSTOPTS:
2163         case IPV6_2292DSTOPTS:
2164         case IPV6_TCLASS:
2165         case IPV6_ADDR_PREFERENCES:
2166 #ifdef IPV6_RECVPATHMTU
2167         case IPV6_RECVPATHMTU:
2168 #endif
2169 #ifdef IPV6_TRANSPARENT
2170         case IPV6_TRANSPARENT:
2171 #endif
2172 #ifdef IPV6_FREEBIND
2173         case IPV6_FREEBIND:
2174 #endif
2175 #ifdef IPV6_RECVORIGDSTADDR
2176         case IPV6_RECVORIGDSTADDR:
2177 #endif
2178             val = 0;
2179             if (optlen < sizeof(uint32_t)) {
2180                 return -TARGET_EINVAL;
2181             }
2182             if (get_user_u32(val, optval_addr)) {
2183                 return -TARGET_EFAULT;
2184             }
2185             ret = get_errno(setsockopt(sockfd, level, optname,
2186                                        &val, sizeof(val)));
2187             break;
2188         case IPV6_PKTINFO:
2189         {
2190             struct in6_pktinfo pki;
2191 
2192             if (optlen < sizeof(pki)) {
2193                 return -TARGET_EINVAL;
2194             }
2195 
2196             if (copy_from_user(&pki, optval_addr, sizeof(pki))) {
2197                 return -TARGET_EFAULT;
2198             }
2199 
2200             pki.ipi6_ifindex = tswap32(pki.ipi6_ifindex);
2201 
2202             ret = get_errno(setsockopt(sockfd, level, optname,
2203                                        &pki, sizeof(pki)));
2204             break;
2205         }
2206         case IPV6_ADD_MEMBERSHIP:
2207         case IPV6_DROP_MEMBERSHIP:
2208         {
2209             struct ipv6_mreq ipv6mreq;
2210 
2211             if (optlen < sizeof(ipv6mreq)) {
2212                 return -TARGET_EINVAL;
2213             }
2214 
2215             if (copy_from_user(&ipv6mreq, optval_addr, sizeof(ipv6mreq))) {
2216                 return -TARGET_EFAULT;
2217             }
2218 
2219             ipv6mreq.ipv6mr_interface = tswap32(ipv6mreq.ipv6mr_interface);
2220 
2221             ret = get_errno(setsockopt(sockfd, level, optname,
2222                                        &ipv6mreq, sizeof(ipv6mreq)));
2223             break;
2224         }
2225         default:
2226             goto unimplemented;
2227         }
2228         break;
2229     case SOL_ICMPV6:
2230         switch (optname) {
2231         case ICMPV6_FILTER:
2232         {
2233             struct icmp6_filter icmp6f;
2234 
2235             if (optlen > sizeof(icmp6f)) {
2236                 optlen = sizeof(icmp6f);
2237             }
2238 
2239             if (copy_from_user(&icmp6f, optval_addr, optlen)) {
2240                 return -TARGET_EFAULT;
2241             }
2242 
2243             for (val = 0; val < 8; val++) {
2244                 icmp6f.data[val] = tswap32(icmp6f.data[val]);
2245             }
2246 
2247             ret = get_errno(setsockopt(sockfd, level, optname,
2248                                        &icmp6f, optlen));
2249             break;
2250         }
2251         default:
2252             goto unimplemented;
2253         }
2254         break;
2255     case SOL_RAW:
2256         switch (optname) {
2257         case ICMP_FILTER:
2258         case IPV6_CHECKSUM:
2259             /* those take an u32 value */
2260             if (optlen < sizeof(uint32_t)) {
2261                 return -TARGET_EINVAL;
2262             }
2263 
2264             if (get_user_u32(val, optval_addr)) {
2265                 return -TARGET_EFAULT;
2266             }
2267             ret = get_errno(setsockopt(sockfd, level, optname,
2268                                        &val, sizeof(val)));
2269             break;
2270 
2271         default:
2272             goto unimplemented;
2273         }
2274         break;
2275 #if defined(SOL_ALG) && defined(ALG_SET_KEY) && defined(ALG_SET_AEAD_AUTHSIZE)
2276     case SOL_ALG:
2277         switch (optname) {
2278         case ALG_SET_KEY:
2279         {
2280             char *alg_key = g_malloc(optlen);
2281 
2282             if (!alg_key) {
2283                 return -TARGET_ENOMEM;
2284             }
2285             if (copy_from_user(alg_key, optval_addr, optlen)) {
2286                 g_free(alg_key);
2287                 return -TARGET_EFAULT;
2288             }
2289             ret = get_errno(setsockopt(sockfd, level, optname,
2290                                        alg_key, optlen));
2291             g_free(alg_key);
2292             break;
2293         }
2294         case ALG_SET_AEAD_AUTHSIZE:
2295         {
2296             ret = get_errno(setsockopt(sockfd, level, optname,
2297                                        NULL, optlen));
2298             break;
2299         }
2300         default:
2301             goto unimplemented;
2302         }
2303         break;
2304 #endif
2305     case TARGET_SOL_SOCKET:
2306         switch (optname) {
2307         case TARGET_SO_RCVTIMEO:
2308         {
2309                 struct timeval tv;
2310 
2311                 optname = SO_RCVTIMEO;
2312 
2313 set_timeout:
2314                 if (optlen != sizeof(struct target_timeval)) {
2315                     return -TARGET_EINVAL;
2316                 }
2317 
2318                 if (copy_from_user_timeval(&tv, optval_addr)) {
2319                     return -TARGET_EFAULT;
2320                 }
2321 
2322                 ret = get_errno(setsockopt(sockfd, SOL_SOCKET, optname,
2323                                 &tv, sizeof(tv)));
2324                 return ret;
2325         }
2326         case TARGET_SO_SNDTIMEO:
2327                 optname = SO_SNDTIMEO;
2328                 goto set_timeout;
2329         case TARGET_SO_ATTACH_FILTER:
2330         {
2331                 struct target_sock_fprog *tfprog;
2332                 struct target_sock_filter *tfilter;
2333                 struct sock_fprog fprog;
2334                 struct sock_filter *filter;
2335                 int i;
2336 
2337                 if (optlen != sizeof(*tfprog)) {
2338                     return -TARGET_EINVAL;
2339                 }
2340                 if (!lock_user_struct(VERIFY_READ, tfprog, optval_addr, 0)) {
2341                     return -TARGET_EFAULT;
2342                 }
2343                 if (!lock_user_struct(VERIFY_READ, tfilter,
2344                                       tswapal(tfprog->filter), 0)) {
2345                     unlock_user_struct(tfprog, optval_addr, 1);
2346                     return -TARGET_EFAULT;
2347                 }
2348 
2349                 fprog.len = tswap16(tfprog->len);
2350                 filter = g_try_new(struct sock_filter, fprog.len);
2351                 if (filter == NULL) {
2352                     unlock_user_struct(tfilter, tfprog->filter, 1);
2353                     unlock_user_struct(tfprog, optval_addr, 1);
2354                     return -TARGET_ENOMEM;
2355                 }
2356                 for (i = 0; i < fprog.len; i++) {
2357                     filter[i].code = tswap16(tfilter[i].code);
2358                     filter[i].jt = tfilter[i].jt;
2359                     filter[i].jf = tfilter[i].jf;
2360                     filter[i].k = tswap32(tfilter[i].k);
2361                 }
2362                 fprog.filter = filter;
2363 
2364                 ret = get_errno(setsockopt(sockfd, SOL_SOCKET,
2365                                 SO_ATTACH_FILTER, &fprog, sizeof(fprog)));
2366                 g_free(filter);
2367 
2368                 unlock_user_struct(tfilter, tfprog->filter, 1);
2369                 unlock_user_struct(tfprog, optval_addr, 1);
2370                 return ret;
2371         }
2372 	case TARGET_SO_BINDTODEVICE:
2373 	{
2374 		char *dev_ifname, *addr_ifname;
2375 
2376 		if (optlen > IFNAMSIZ - 1) {
2377 		    optlen = IFNAMSIZ - 1;
2378 		}
2379 		dev_ifname = lock_user(VERIFY_READ, optval_addr, optlen, 1);
2380 		if (!dev_ifname) {
2381 		    return -TARGET_EFAULT;
2382 		}
2383 		optname = SO_BINDTODEVICE;
2384 		addr_ifname = alloca(IFNAMSIZ);
2385 		memcpy(addr_ifname, dev_ifname, optlen);
2386 		addr_ifname[optlen] = 0;
2387 		ret = get_errno(setsockopt(sockfd, SOL_SOCKET, optname,
2388                                            addr_ifname, optlen));
2389 		unlock_user (dev_ifname, optval_addr, 0);
2390 		return ret;
2391 	}
2392         case TARGET_SO_LINGER:
2393         {
2394                 struct linger lg;
2395                 struct target_linger *tlg;
2396 
2397                 if (optlen != sizeof(struct target_linger)) {
2398                     return -TARGET_EINVAL;
2399                 }
2400                 if (!lock_user_struct(VERIFY_READ, tlg, optval_addr, 1)) {
2401                     return -TARGET_EFAULT;
2402                 }
2403                 __get_user(lg.l_onoff, &tlg->l_onoff);
2404                 __get_user(lg.l_linger, &tlg->l_linger);
2405                 ret = get_errno(setsockopt(sockfd, SOL_SOCKET, SO_LINGER,
2406                                 &lg, sizeof(lg)));
2407                 unlock_user_struct(tlg, optval_addr, 0);
2408                 return ret;
2409         }
2410             /* Options with 'int' argument.  */
2411         case TARGET_SO_DEBUG:
2412 		optname = SO_DEBUG;
2413 		break;
2414         case TARGET_SO_REUSEADDR:
2415 		optname = SO_REUSEADDR;
2416 		break;
2417 #ifdef SO_REUSEPORT
2418         case TARGET_SO_REUSEPORT:
2419                 optname = SO_REUSEPORT;
2420                 break;
2421 #endif
2422         case TARGET_SO_TYPE:
2423 		optname = SO_TYPE;
2424 		break;
2425         case TARGET_SO_ERROR:
2426 		optname = SO_ERROR;
2427 		break;
2428         case TARGET_SO_DONTROUTE:
2429 		optname = SO_DONTROUTE;
2430 		break;
2431         case TARGET_SO_BROADCAST:
2432 		optname = SO_BROADCAST;
2433 		break;
2434         case TARGET_SO_SNDBUF:
2435 		optname = SO_SNDBUF;
2436 		break;
2437         case TARGET_SO_SNDBUFFORCE:
2438                 optname = SO_SNDBUFFORCE;
2439                 break;
2440         case TARGET_SO_RCVBUF:
2441 		optname = SO_RCVBUF;
2442 		break;
2443         case TARGET_SO_RCVBUFFORCE:
2444                 optname = SO_RCVBUFFORCE;
2445                 break;
2446         case TARGET_SO_KEEPALIVE:
2447 		optname = SO_KEEPALIVE;
2448 		break;
2449         case TARGET_SO_OOBINLINE:
2450 		optname = SO_OOBINLINE;
2451 		break;
2452         case TARGET_SO_NO_CHECK:
2453 		optname = SO_NO_CHECK;
2454 		break;
2455         case TARGET_SO_PRIORITY:
2456 		optname = SO_PRIORITY;
2457 		break;
2458 #ifdef SO_BSDCOMPAT
2459         case TARGET_SO_BSDCOMPAT:
2460 		optname = SO_BSDCOMPAT;
2461 		break;
2462 #endif
2463         case TARGET_SO_PASSCRED:
2464 		optname = SO_PASSCRED;
2465 		break;
2466         case TARGET_SO_PASSSEC:
2467                 optname = SO_PASSSEC;
2468                 break;
2469         case TARGET_SO_TIMESTAMP:
2470 		optname = SO_TIMESTAMP;
2471 		break;
2472         case TARGET_SO_RCVLOWAT:
2473 		optname = SO_RCVLOWAT;
2474 		break;
2475         default:
2476             goto unimplemented;
2477         }
2478 	if (optlen < sizeof(uint32_t))
2479             return -TARGET_EINVAL;
2480 
2481 	if (get_user_u32(val, optval_addr))
2482             return -TARGET_EFAULT;
2483 	ret = get_errno(setsockopt(sockfd, SOL_SOCKET, optname, &val, sizeof(val)));
2484         break;
2485 #ifdef SOL_NETLINK
2486     case SOL_NETLINK:
2487         switch (optname) {
2488         case NETLINK_PKTINFO:
2489         case NETLINK_ADD_MEMBERSHIP:
2490         case NETLINK_DROP_MEMBERSHIP:
2491         case NETLINK_BROADCAST_ERROR:
2492         case NETLINK_NO_ENOBUFS:
2493 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 2, 0)
2494         case NETLINK_LISTEN_ALL_NSID:
2495         case NETLINK_CAP_ACK:
2496 #endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(4, 2, 0) */
2497 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 12, 0)
2498         case NETLINK_EXT_ACK:
2499 #endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(4, 12, 0) */
2500 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 20, 0)
2501         case NETLINK_GET_STRICT_CHK:
2502 #endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(4, 12, 0) */
2503             break;
2504         default:
2505             goto unimplemented;
2506         }
2507         val = 0;
2508         if (optlen < sizeof(uint32_t)) {
2509             return -TARGET_EINVAL;
2510         }
2511         if (get_user_u32(val, optval_addr)) {
2512             return -TARGET_EFAULT;
2513         }
2514         ret = get_errno(setsockopt(sockfd, SOL_NETLINK, optname, &val,
2515                                    sizeof(val)));
2516         break;
2517 #endif /* SOL_NETLINK */
2518     default:
2519     unimplemented:
2520         qemu_log_mask(LOG_UNIMP, "Unsupported setsockopt level=%d optname=%d\n",
2521                       level, optname);
2522         ret = -TARGET_ENOPROTOOPT;
2523     }
2524     return ret;
2525 }
2526 
2527 /* do_getsockopt() Must return target values and target errnos. */
2528 static abi_long do_getsockopt(int sockfd, int level, int optname,
2529                               abi_ulong optval_addr, abi_ulong optlen)
2530 {
2531     abi_long ret;
2532     int len, val;
2533     socklen_t lv;
2534 
2535     switch(level) {
2536     case TARGET_SOL_SOCKET:
2537         level = SOL_SOCKET;
2538         switch (optname) {
2539         /* These don't just return a single integer */
2540         case TARGET_SO_PEERNAME:
2541             goto unimplemented;
2542         case TARGET_SO_RCVTIMEO: {
2543             struct timeval tv;
2544             socklen_t tvlen;
2545 
2546             optname = SO_RCVTIMEO;
2547 
2548 get_timeout:
2549             if (get_user_u32(len, optlen)) {
2550                 return -TARGET_EFAULT;
2551             }
2552             if (len < 0) {
2553                 return -TARGET_EINVAL;
2554             }
2555 
2556             tvlen = sizeof(tv);
2557             ret = get_errno(getsockopt(sockfd, level, optname,
2558                                        &tv, &tvlen));
2559             if (ret < 0) {
2560                 return ret;
2561             }
2562             if (len > sizeof(struct target_timeval)) {
2563                 len = sizeof(struct target_timeval);
2564             }
2565             if (copy_to_user_timeval(optval_addr, &tv)) {
2566                 return -TARGET_EFAULT;
2567             }
2568             if (put_user_u32(len, optlen)) {
2569                 return -TARGET_EFAULT;
2570             }
2571             break;
2572         }
2573         case TARGET_SO_SNDTIMEO:
2574             optname = SO_SNDTIMEO;
2575             goto get_timeout;
2576         case TARGET_SO_PEERCRED: {
2577             struct ucred cr;
2578             socklen_t crlen;
2579             struct target_ucred *tcr;
2580 
2581             if (get_user_u32(len, optlen)) {
2582                 return -TARGET_EFAULT;
2583             }
2584             if (len < 0) {
2585                 return -TARGET_EINVAL;
2586             }
2587 
2588             crlen = sizeof(cr);
2589             ret = get_errno(getsockopt(sockfd, level, SO_PEERCRED,
2590                                        &cr, &crlen));
2591             if (ret < 0) {
2592                 return ret;
2593             }
2594             if (len > crlen) {
2595                 len = crlen;
2596             }
2597             if (!lock_user_struct(VERIFY_WRITE, tcr, optval_addr, 0)) {
2598                 return -TARGET_EFAULT;
2599             }
2600             __put_user(cr.pid, &tcr->pid);
2601             __put_user(cr.uid, &tcr->uid);
2602             __put_user(cr.gid, &tcr->gid);
2603             unlock_user_struct(tcr, optval_addr, 1);
2604             if (put_user_u32(len, optlen)) {
2605                 return -TARGET_EFAULT;
2606             }
2607             break;
2608         }
2609         case TARGET_SO_PEERSEC: {
2610             char *name;
2611 
2612             if (get_user_u32(len, optlen)) {
2613                 return -TARGET_EFAULT;
2614             }
2615             if (len < 0) {
2616                 return -TARGET_EINVAL;
2617             }
2618             name = lock_user(VERIFY_WRITE, optval_addr, len, 0);
2619             if (!name) {
2620                 return -TARGET_EFAULT;
2621             }
2622             lv = len;
2623             ret = get_errno(getsockopt(sockfd, level, SO_PEERSEC,
2624                                        name, &lv));
2625             if (put_user_u32(lv, optlen)) {
2626                 ret = -TARGET_EFAULT;
2627             }
2628             unlock_user(name, optval_addr, lv);
2629             break;
2630         }
2631         case TARGET_SO_LINGER:
2632         {
2633             struct linger lg;
2634             socklen_t lglen;
2635             struct target_linger *tlg;
2636 
2637             if (get_user_u32(len, optlen)) {
2638                 return -TARGET_EFAULT;
2639             }
2640             if (len < 0) {
2641                 return -TARGET_EINVAL;
2642             }
2643 
2644             lglen = sizeof(lg);
2645             ret = get_errno(getsockopt(sockfd, level, SO_LINGER,
2646                                        &lg, &lglen));
2647             if (ret < 0) {
2648                 return ret;
2649             }
2650             if (len > lglen) {
2651                 len = lglen;
2652             }
2653             if (!lock_user_struct(VERIFY_WRITE, tlg, optval_addr, 0)) {
2654                 return -TARGET_EFAULT;
2655             }
2656             __put_user(lg.l_onoff, &tlg->l_onoff);
2657             __put_user(lg.l_linger, &tlg->l_linger);
2658             unlock_user_struct(tlg, optval_addr, 1);
2659             if (put_user_u32(len, optlen)) {
2660                 return -TARGET_EFAULT;
2661             }
2662             break;
2663         }
2664         /* Options with 'int' argument.  */
2665         case TARGET_SO_DEBUG:
2666             optname = SO_DEBUG;
2667             goto int_case;
2668         case TARGET_SO_REUSEADDR:
2669             optname = SO_REUSEADDR;
2670             goto int_case;
2671 #ifdef SO_REUSEPORT
2672         case TARGET_SO_REUSEPORT:
2673             optname = SO_REUSEPORT;
2674             goto int_case;
2675 #endif
2676         case TARGET_SO_TYPE:
2677             optname = SO_TYPE;
2678             goto int_case;
2679         case TARGET_SO_ERROR:
2680             optname = SO_ERROR;
2681             goto int_case;
2682         case TARGET_SO_DONTROUTE:
2683             optname = SO_DONTROUTE;
2684             goto int_case;
2685         case TARGET_SO_BROADCAST:
2686             optname = SO_BROADCAST;
2687             goto int_case;
2688         case TARGET_SO_SNDBUF:
2689             optname = SO_SNDBUF;
2690             goto int_case;
2691         case TARGET_SO_RCVBUF:
2692             optname = SO_RCVBUF;
2693             goto int_case;
2694         case TARGET_SO_KEEPALIVE:
2695             optname = SO_KEEPALIVE;
2696             goto int_case;
2697         case TARGET_SO_OOBINLINE:
2698             optname = SO_OOBINLINE;
2699             goto int_case;
2700         case TARGET_SO_NO_CHECK:
2701             optname = SO_NO_CHECK;
2702             goto int_case;
2703         case TARGET_SO_PRIORITY:
2704             optname = SO_PRIORITY;
2705             goto int_case;
2706 #ifdef SO_BSDCOMPAT
2707         case TARGET_SO_BSDCOMPAT:
2708             optname = SO_BSDCOMPAT;
2709             goto int_case;
2710 #endif
2711         case TARGET_SO_PASSCRED:
2712             optname = SO_PASSCRED;
2713             goto int_case;
2714         case TARGET_SO_TIMESTAMP:
2715             optname = SO_TIMESTAMP;
2716             goto int_case;
2717         case TARGET_SO_RCVLOWAT:
2718             optname = SO_RCVLOWAT;
2719             goto int_case;
2720         case TARGET_SO_ACCEPTCONN:
2721             optname = SO_ACCEPTCONN;
2722             goto int_case;
2723         case TARGET_SO_PROTOCOL:
2724             optname = SO_PROTOCOL;
2725             goto int_case;
2726         case TARGET_SO_DOMAIN:
2727             optname = SO_DOMAIN;
2728             goto int_case;
2729         default:
2730             goto int_case;
2731         }
2732         break;
2733     case SOL_TCP:
2734     case SOL_UDP:
2735         /* TCP and UDP options all take an 'int' value.  */
2736     int_case:
2737         if (get_user_u32(len, optlen))
2738             return -TARGET_EFAULT;
2739         if (len < 0)
2740             return -TARGET_EINVAL;
2741         lv = sizeof(lv);
2742         ret = get_errno(getsockopt(sockfd, level, optname, &val, &lv));
2743         if (ret < 0)
2744             return ret;
2745         switch (optname) {
2746         case SO_TYPE:
2747             val = host_to_target_sock_type(val);
2748             break;
2749         case SO_ERROR:
2750             val = host_to_target_errno(val);
2751             break;
2752         }
2753         if (len > lv)
2754             len = lv;
2755         if (len == 4) {
2756             if (put_user_u32(val, optval_addr))
2757                 return -TARGET_EFAULT;
2758         } else {
2759             if (put_user_u8(val, optval_addr))
2760                 return -TARGET_EFAULT;
2761         }
2762         if (put_user_u32(len, optlen))
2763             return -TARGET_EFAULT;
2764         break;
2765     case SOL_IP:
2766         switch(optname) {
2767         case IP_TOS:
2768         case IP_TTL:
2769         case IP_HDRINCL:
2770         case IP_ROUTER_ALERT:
2771         case IP_RECVOPTS:
2772         case IP_RETOPTS:
2773         case IP_PKTINFO:
2774         case IP_MTU_DISCOVER:
2775         case IP_RECVERR:
2776         case IP_RECVTOS:
2777 #ifdef IP_FREEBIND
2778         case IP_FREEBIND:
2779 #endif
2780         case IP_MULTICAST_TTL:
2781         case IP_MULTICAST_LOOP:
2782             if (get_user_u32(len, optlen))
2783                 return -TARGET_EFAULT;
2784             if (len < 0)
2785                 return -TARGET_EINVAL;
2786             lv = sizeof(lv);
2787             ret = get_errno(getsockopt(sockfd, level, optname, &val, &lv));
2788             if (ret < 0)
2789                 return ret;
2790             if (len < sizeof(int) && len > 0 && val >= 0 && val < 255) {
2791                 len = 1;
2792                 if (put_user_u32(len, optlen)
2793                     || put_user_u8(val, optval_addr))
2794                     return -TARGET_EFAULT;
2795             } else {
2796                 if (len > sizeof(int))
2797                     len = sizeof(int);
2798                 if (put_user_u32(len, optlen)
2799                     || put_user_u32(val, optval_addr))
2800                     return -TARGET_EFAULT;
2801             }
2802             break;
2803         default:
2804             ret = -TARGET_ENOPROTOOPT;
2805             break;
2806         }
2807         break;
2808     case SOL_IPV6:
2809         switch (optname) {
2810         case IPV6_MTU_DISCOVER:
2811         case IPV6_MTU:
2812         case IPV6_V6ONLY:
2813         case IPV6_RECVPKTINFO:
2814         case IPV6_UNICAST_HOPS:
2815         case IPV6_MULTICAST_HOPS:
2816         case IPV6_MULTICAST_LOOP:
2817         case IPV6_RECVERR:
2818         case IPV6_RECVHOPLIMIT:
2819         case IPV6_2292HOPLIMIT:
2820         case IPV6_CHECKSUM:
2821         case IPV6_ADDRFORM:
2822         case IPV6_2292PKTINFO:
2823         case IPV6_RECVTCLASS:
2824         case IPV6_RECVRTHDR:
2825         case IPV6_2292RTHDR:
2826         case IPV6_RECVHOPOPTS:
2827         case IPV6_2292HOPOPTS:
2828         case IPV6_RECVDSTOPTS:
2829         case IPV6_2292DSTOPTS:
2830         case IPV6_TCLASS:
2831         case IPV6_ADDR_PREFERENCES:
2832 #ifdef IPV6_RECVPATHMTU
2833         case IPV6_RECVPATHMTU:
2834 #endif
2835 #ifdef IPV6_TRANSPARENT
2836         case IPV6_TRANSPARENT:
2837 #endif
2838 #ifdef IPV6_FREEBIND
2839         case IPV6_FREEBIND:
2840 #endif
2841 #ifdef IPV6_RECVORIGDSTADDR
2842         case IPV6_RECVORIGDSTADDR:
2843 #endif
2844             if (get_user_u32(len, optlen))
2845                 return -TARGET_EFAULT;
2846             if (len < 0)
2847                 return -TARGET_EINVAL;
2848             lv = sizeof(lv);
2849             ret = get_errno(getsockopt(sockfd, level, optname, &val, &lv));
2850             if (ret < 0)
2851                 return ret;
2852             if (len < sizeof(int) && len > 0 && val >= 0 && val < 255) {
2853                 len = 1;
2854                 if (put_user_u32(len, optlen)
2855                     || put_user_u8(val, optval_addr))
2856                     return -TARGET_EFAULT;
2857             } else {
2858                 if (len > sizeof(int))
2859                     len = sizeof(int);
2860                 if (put_user_u32(len, optlen)
2861                     || put_user_u32(val, optval_addr))
2862                     return -TARGET_EFAULT;
2863             }
2864             break;
2865         default:
2866             ret = -TARGET_ENOPROTOOPT;
2867             break;
2868         }
2869         break;
2870 #ifdef SOL_NETLINK
2871     case SOL_NETLINK:
2872         switch (optname) {
2873         case NETLINK_PKTINFO:
2874         case NETLINK_BROADCAST_ERROR:
2875         case NETLINK_NO_ENOBUFS:
2876 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 2, 0)
2877         case NETLINK_LISTEN_ALL_NSID:
2878         case NETLINK_CAP_ACK:
2879 #endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(4, 2, 0) */
2880 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 12, 0)
2881         case NETLINK_EXT_ACK:
2882 #endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(4, 12, 0) */
2883 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 20, 0)
2884         case NETLINK_GET_STRICT_CHK:
2885 #endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(4, 12, 0) */
2886             if (get_user_u32(len, optlen)) {
2887                 return -TARGET_EFAULT;
2888             }
2889             if (len != sizeof(val)) {
2890                 return -TARGET_EINVAL;
2891             }
2892             lv = len;
2893             ret = get_errno(getsockopt(sockfd, level, optname, &val, &lv));
2894             if (ret < 0) {
2895                 return ret;
2896             }
2897             if (put_user_u32(lv, optlen)
2898                 || put_user_u32(val, optval_addr)) {
2899                 return -TARGET_EFAULT;
2900             }
2901             break;
2902 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 2, 0)
2903         case NETLINK_LIST_MEMBERSHIPS:
2904         {
2905             uint32_t *results;
2906             int i;
2907             if (get_user_u32(len, optlen)) {
2908                 return -TARGET_EFAULT;
2909             }
2910             if (len < 0) {
2911                 return -TARGET_EINVAL;
2912             }
2913             results = lock_user(VERIFY_WRITE, optval_addr, len, 1);
2914             if (!results && len > 0) {
2915                 return -TARGET_EFAULT;
2916             }
2917             lv = len;
2918             ret = get_errno(getsockopt(sockfd, level, optname, results, &lv));
2919             if (ret < 0) {
2920                 unlock_user(results, optval_addr, 0);
2921                 return ret;
2922             }
2923             /* swap host endianess to target endianess. */
2924             for (i = 0; i < (len / sizeof(uint32_t)); i++) {
2925                 results[i] = tswap32(results[i]);
2926             }
2927             if (put_user_u32(lv, optlen)) {
2928                 return -TARGET_EFAULT;
2929             }
2930             unlock_user(results, optval_addr, 0);
2931             break;
2932         }
2933 #endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(4, 2, 0) */
2934         default:
2935             goto unimplemented;
2936         }
2937         break;
2938 #endif /* SOL_NETLINK */
2939     default:
2940     unimplemented:
2941         qemu_log_mask(LOG_UNIMP,
2942                       "getsockopt level=%d optname=%d not yet supported\n",
2943                       level, optname);
2944         ret = -TARGET_EOPNOTSUPP;
2945         break;
2946     }
2947     return ret;
2948 }
2949 
2950 /* Convert target low/high pair representing file offset into the host
2951  * low/high pair. This function doesn't handle offsets bigger than 64 bits
2952  * as the kernel doesn't handle them either.
2953  */
2954 static void target_to_host_low_high(abi_ulong tlow,
2955                                     abi_ulong thigh,
2956                                     unsigned long *hlow,
2957                                     unsigned long *hhigh)
2958 {
2959     uint64_t off = tlow |
2960         ((unsigned long long)thigh << TARGET_LONG_BITS / 2) <<
2961         TARGET_LONG_BITS / 2;
2962 
2963     *hlow = off;
2964     *hhigh = (off >> HOST_LONG_BITS / 2) >> HOST_LONG_BITS / 2;
2965 }
2966 
2967 static struct iovec *lock_iovec(int type, abi_ulong target_addr,
2968                                 abi_ulong count, int copy)
2969 {
2970     struct target_iovec *target_vec;
2971     struct iovec *vec;
2972     abi_ulong total_len, max_len;
2973     int i;
2974     int err = 0;
2975     bool bad_address = false;
2976 
2977     if (count == 0) {
2978         errno = 0;
2979         return NULL;
2980     }
2981     if (count > IOV_MAX) {
2982         errno = EINVAL;
2983         return NULL;
2984     }
2985 
2986     vec = g_try_new0(struct iovec, count);
2987     if (vec == NULL) {
2988         errno = ENOMEM;
2989         return NULL;
2990     }
2991 
2992     target_vec = lock_user(VERIFY_READ, target_addr,
2993                            count * sizeof(struct target_iovec), 1);
2994     if (target_vec == NULL) {
2995         err = EFAULT;
2996         goto fail2;
2997     }
2998 
2999     /* ??? If host page size > target page size, this will result in a
3000        value larger than what we can actually support.  */
3001     max_len = 0x7fffffff & TARGET_PAGE_MASK;
3002     total_len = 0;
3003 
3004     for (i = 0; i < count; i++) {
3005         abi_ulong base = tswapal(target_vec[i].iov_base);
3006         abi_long len = tswapal(target_vec[i].iov_len);
3007 
3008         if (len < 0) {
3009             err = EINVAL;
3010             goto fail;
3011         } else if (len == 0) {
3012             /* Zero length pointer is ignored.  */
3013             vec[i].iov_base = 0;
3014         } else {
3015             vec[i].iov_base = lock_user(type, base, len, copy);
3016             /* If the first buffer pointer is bad, this is a fault.  But
3017              * subsequent bad buffers will result in a partial write; this
3018              * is realized by filling the vector with null pointers and
3019              * zero lengths. */
3020             if (!vec[i].iov_base) {
3021                 if (i == 0) {
3022                     err = EFAULT;
3023                     goto fail;
3024                 } else {
3025                     bad_address = true;
3026                 }
3027             }
3028             if (bad_address) {
3029                 len = 0;
3030             }
3031             if (len > max_len - total_len) {
3032                 len = max_len - total_len;
3033             }
3034         }
3035         vec[i].iov_len = len;
3036         total_len += len;
3037     }
3038 
3039     unlock_user(target_vec, target_addr, 0);
3040     return vec;
3041 
3042  fail:
3043     while (--i >= 0) {
3044         if (tswapal(target_vec[i].iov_len) > 0) {
3045             unlock_user(vec[i].iov_base, tswapal(target_vec[i].iov_base), 0);
3046         }
3047     }
3048     unlock_user(target_vec, target_addr, 0);
3049  fail2:
3050     g_free(vec);
3051     errno = err;
3052     return NULL;
3053 }
3054 
3055 static void unlock_iovec(struct iovec *vec, abi_ulong target_addr,
3056                          abi_ulong count, int copy)
3057 {
3058     struct target_iovec *target_vec;
3059     int i;
3060 
3061     target_vec = lock_user(VERIFY_READ, target_addr,
3062                            count * sizeof(struct target_iovec), 1);
3063     if (target_vec) {
3064         for (i = 0; i < count; i++) {
3065             abi_ulong base = tswapal(target_vec[i].iov_base);
3066             abi_long len = tswapal(target_vec[i].iov_len);
3067             if (len < 0) {
3068                 break;
3069             }
3070             unlock_user(vec[i].iov_base, base, copy ? vec[i].iov_len : 0);
3071         }
3072         unlock_user(target_vec, target_addr, 0);
3073     }
3074 
3075     g_free(vec);
3076 }
3077 
3078 static inline int target_to_host_sock_type(int *type)
3079 {
3080     int host_type = 0;
3081     int target_type = *type;
3082 
3083     switch (target_type & TARGET_SOCK_TYPE_MASK) {
3084     case TARGET_SOCK_DGRAM:
3085         host_type = SOCK_DGRAM;
3086         break;
3087     case TARGET_SOCK_STREAM:
3088         host_type = SOCK_STREAM;
3089         break;
3090     default:
3091         host_type = target_type & TARGET_SOCK_TYPE_MASK;
3092         break;
3093     }
3094     if (target_type & TARGET_SOCK_CLOEXEC) {
3095 #if defined(SOCK_CLOEXEC)
3096         host_type |= SOCK_CLOEXEC;
3097 #else
3098         return -TARGET_EINVAL;
3099 #endif
3100     }
3101     if (target_type & TARGET_SOCK_NONBLOCK) {
3102 #if defined(SOCK_NONBLOCK)
3103         host_type |= SOCK_NONBLOCK;
3104 #elif !defined(O_NONBLOCK)
3105         return -TARGET_EINVAL;
3106 #endif
3107     }
3108     *type = host_type;
3109     return 0;
3110 }
3111 
3112 /* Try to emulate socket type flags after socket creation.  */
3113 static int sock_flags_fixup(int fd, int target_type)
3114 {
3115 #if !defined(SOCK_NONBLOCK) && defined(O_NONBLOCK)
3116     if (target_type & TARGET_SOCK_NONBLOCK) {
3117         int flags = fcntl(fd, F_GETFL);
3118         if (fcntl(fd, F_SETFL, O_NONBLOCK | flags) == -1) {
3119             close(fd);
3120             return -TARGET_EINVAL;
3121         }
3122     }
3123 #endif
3124     return fd;
3125 }
3126 
3127 /* do_socket() Must return target values and target errnos. */
3128 static abi_long do_socket(int domain, int type, int protocol)
3129 {
3130     int target_type = type;
3131     int ret;
3132 
3133     ret = target_to_host_sock_type(&type);
3134     if (ret) {
3135         return ret;
3136     }
3137 
3138     if (domain == PF_NETLINK && !(
3139 #ifdef CONFIG_RTNETLINK
3140          protocol == NETLINK_ROUTE ||
3141 #endif
3142          protocol == NETLINK_KOBJECT_UEVENT ||
3143          protocol == NETLINK_AUDIT)) {
3144         return -TARGET_EPROTONOSUPPORT;
3145     }
3146 
3147     if (domain == AF_PACKET ||
3148         (domain == AF_INET && type == SOCK_PACKET)) {
3149         protocol = tswap16(protocol);
3150     }
3151 
3152     ret = get_errno(socket(domain, type, protocol));
3153     if (ret >= 0) {
3154         ret = sock_flags_fixup(ret, target_type);
3155         if (type == SOCK_PACKET) {
3156             /* Manage an obsolete case :
3157              * if socket type is SOCK_PACKET, bind by name
3158              */
3159             fd_trans_register(ret, &target_packet_trans);
3160         } else if (domain == PF_NETLINK) {
3161             switch (protocol) {
3162 #ifdef CONFIG_RTNETLINK
3163             case NETLINK_ROUTE:
3164                 fd_trans_register(ret, &target_netlink_route_trans);
3165                 break;
3166 #endif
3167             case NETLINK_KOBJECT_UEVENT:
3168                 /* nothing to do: messages are strings */
3169                 break;
3170             case NETLINK_AUDIT:
3171                 fd_trans_register(ret, &target_netlink_audit_trans);
3172                 break;
3173             default:
3174                 g_assert_not_reached();
3175             }
3176         }
3177     }
3178     return ret;
3179 }
3180 
3181 /* do_bind() Must return target values and target errnos. */
3182 static abi_long do_bind(int sockfd, abi_ulong target_addr,
3183                         socklen_t addrlen)
3184 {
3185     void *addr;
3186     abi_long ret;
3187 
3188     if ((int)addrlen < 0) {
3189         return -TARGET_EINVAL;
3190     }
3191 
3192     addr = alloca(addrlen+1);
3193 
3194     ret = target_to_host_sockaddr(sockfd, addr, target_addr, addrlen);
3195     if (ret)
3196         return ret;
3197 
3198     return get_errno(bind(sockfd, addr, addrlen));
3199 }
3200 
3201 /* do_connect() Must return target values and target errnos. */
3202 static abi_long do_connect(int sockfd, abi_ulong target_addr,
3203                            socklen_t addrlen)
3204 {
3205     void *addr;
3206     abi_long ret;
3207 
3208     if ((int)addrlen < 0) {
3209         return -TARGET_EINVAL;
3210     }
3211 
3212     addr = alloca(addrlen+1);
3213 
3214     ret = target_to_host_sockaddr(sockfd, addr, target_addr, addrlen);
3215     if (ret)
3216         return ret;
3217 
3218     return get_errno(safe_connect(sockfd, addr, addrlen));
3219 }
3220 
3221 /* do_sendrecvmsg_locked() Must return target values and target errnos. */
3222 static abi_long do_sendrecvmsg_locked(int fd, struct target_msghdr *msgp,
3223                                       int flags, int send)
3224 {
3225     abi_long ret, len;
3226     struct msghdr msg;
3227     abi_ulong count;
3228     struct iovec *vec;
3229     abi_ulong target_vec;
3230 
3231     if (msgp->msg_name) {
3232         msg.msg_namelen = tswap32(msgp->msg_namelen);
3233         msg.msg_name = alloca(msg.msg_namelen+1);
3234         ret = target_to_host_sockaddr(fd, msg.msg_name,
3235                                       tswapal(msgp->msg_name),
3236                                       msg.msg_namelen);
3237         if (ret == -TARGET_EFAULT) {
3238             /* For connected sockets msg_name and msg_namelen must
3239              * be ignored, so returning EFAULT immediately is wrong.
3240              * Instead, pass a bad msg_name to the host kernel, and
3241              * let it decide whether to return EFAULT or not.
3242              */
3243             msg.msg_name = (void *)-1;
3244         } else if (ret) {
3245             goto out2;
3246         }
3247     } else {
3248         msg.msg_name = NULL;
3249         msg.msg_namelen = 0;
3250     }
3251     msg.msg_controllen = 2 * tswapal(msgp->msg_controllen);
3252     msg.msg_control = alloca(msg.msg_controllen);
3253     memset(msg.msg_control, 0, msg.msg_controllen);
3254 
3255     msg.msg_flags = tswap32(msgp->msg_flags);
3256 
3257     count = tswapal(msgp->msg_iovlen);
3258     target_vec = tswapal(msgp->msg_iov);
3259 
3260     if (count > IOV_MAX) {
3261         /* sendrcvmsg returns a different errno for this condition than
3262          * readv/writev, so we must catch it here before lock_iovec() does.
3263          */
3264         ret = -TARGET_EMSGSIZE;
3265         goto out2;
3266     }
3267 
3268     vec = lock_iovec(send ? VERIFY_READ : VERIFY_WRITE,
3269                      target_vec, count, send);
3270     if (vec == NULL) {
3271         ret = -host_to_target_errno(errno);
3272         /* allow sending packet without any iov, e.g. with MSG_MORE flag */
3273         if (!send || ret) {
3274             goto out2;
3275         }
3276     }
3277     msg.msg_iovlen = count;
3278     msg.msg_iov = vec;
3279 
3280     if (send) {
3281         if (fd_trans_target_to_host_data(fd)) {
3282             void *host_msg;
3283 
3284             host_msg = g_malloc(msg.msg_iov->iov_len);
3285             memcpy(host_msg, msg.msg_iov->iov_base, msg.msg_iov->iov_len);
3286             ret = fd_trans_target_to_host_data(fd)(host_msg,
3287                                                    msg.msg_iov->iov_len);
3288             if (ret >= 0) {
3289                 msg.msg_iov->iov_base = host_msg;
3290                 ret = get_errno(safe_sendmsg(fd, &msg, flags));
3291             }
3292             g_free(host_msg);
3293         } else {
3294             ret = target_to_host_cmsg(&msg, msgp);
3295             if (ret == 0) {
3296                 ret = get_errno(safe_sendmsg(fd, &msg, flags));
3297             }
3298         }
3299     } else {
3300         ret = get_errno(safe_recvmsg(fd, &msg, flags));
3301         if (!is_error(ret)) {
3302             len = ret;
3303             if (fd_trans_host_to_target_data(fd)) {
3304                 ret = fd_trans_host_to_target_data(fd)(msg.msg_iov->iov_base,
3305                                                MIN(msg.msg_iov->iov_len, len));
3306             }
3307             if (!is_error(ret)) {
3308                 ret = host_to_target_cmsg(msgp, &msg);
3309             }
3310             if (!is_error(ret)) {
3311                 msgp->msg_namelen = tswap32(msg.msg_namelen);
3312                 msgp->msg_flags = tswap32(msg.msg_flags);
3313                 if (msg.msg_name != NULL && msg.msg_name != (void *)-1) {
3314                     ret = host_to_target_sockaddr(tswapal(msgp->msg_name),
3315                                     msg.msg_name, msg.msg_namelen);
3316                     if (ret) {
3317                         goto out;
3318                     }
3319                 }
3320 
3321                 ret = len;
3322             }
3323         }
3324     }
3325 
3326 out:
3327     if (vec) {
3328         unlock_iovec(vec, target_vec, count, !send);
3329     }
3330 out2:
3331     return ret;
3332 }
3333 
3334 static abi_long do_sendrecvmsg(int fd, abi_ulong target_msg,
3335                                int flags, int send)
3336 {
3337     abi_long ret;
3338     struct target_msghdr *msgp;
3339 
3340     if (!lock_user_struct(send ? VERIFY_READ : VERIFY_WRITE,
3341                           msgp,
3342                           target_msg,
3343                           send ? 1 : 0)) {
3344         return -TARGET_EFAULT;
3345     }
3346     ret = do_sendrecvmsg_locked(fd, msgp, flags, send);
3347     unlock_user_struct(msgp, target_msg, send ? 0 : 1);
3348     return ret;
3349 }
3350 
3351 /* We don't rely on the C library to have sendmmsg/recvmmsg support,
3352  * so it might not have this *mmsg-specific flag either.
3353  */
3354 #ifndef MSG_WAITFORONE
3355 #define MSG_WAITFORONE 0x10000
3356 #endif
3357 
3358 static abi_long do_sendrecvmmsg(int fd, abi_ulong target_msgvec,
3359                                 unsigned int vlen, unsigned int flags,
3360                                 int send)
3361 {
3362     struct target_mmsghdr *mmsgp;
3363     abi_long ret = 0;
3364     int i;
3365 
3366     if (vlen > UIO_MAXIOV) {
3367         vlen = UIO_MAXIOV;
3368     }
3369 
3370     mmsgp = lock_user(VERIFY_WRITE, target_msgvec, sizeof(*mmsgp) * vlen, 1);
3371     if (!mmsgp) {
3372         return -TARGET_EFAULT;
3373     }
3374 
3375     for (i = 0; i < vlen; i++) {
3376         ret = do_sendrecvmsg_locked(fd, &mmsgp[i].msg_hdr, flags, send);
3377         if (is_error(ret)) {
3378             break;
3379         }
3380         mmsgp[i].msg_len = tswap32(ret);
3381         /* MSG_WAITFORONE turns on MSG_DONTWAIT after one packet */
3382         if (flags & MSG_WAITFORONE) {
3383             flags |= MSG_DONTWAIT;
3384         }
3385     }
3386 
3387     unlock_user(mmsgp, target_msgvec, sizeof(*mmsgp) * i);
3388 
3389     /* Return number of datagrams sent if we sent any at all;
3390      * otherwise return the error.
3391      */
3392     if (i) {
3393         return i;
3394     }
3395     return ret;
3396 }
3397 
3398 /* do_accept4() Must return target values and target errnos. */
3399 static abi_long do_accept4(int fd, abi_ulong target_addr,
3400                            abi_ulong target_addrlen_addr, int flags)
3401 {
3402     socklen_t addrlen, ret_addrlen;
3403     void *addr;
3404     abi_long ret;
3405     int host_flags;
3406 
3407     if (flags & ~(TARGET_SOCK_CLOEXEC | TARGET_SOCK_NONBLOCK)) {
3408         return -TARGET_EINVAL;
3409     }
3410 
3411     host_flags = 0;
3412     if (flags & TARGET_SOCK_NONBLOCK) {
3413         host_flags |= SOCK_NONBLOCK;
3414     }
3415     if (flags & TARGET_SOCK_CLOEXEC) {
3416         host_flags |= SOCK_CLOEXEC;
3417     }
3418 
3419     if (target_addr == 0) {
3420         return get_errno(safe_accept4(fd, NULL, NULL, host_flags));
3421     }
3422 
3423     /* linux returns EFAULT if addrlen pointer is invalid */
3424     if (get_user_u32(addrlen, target_addrlen_addr))
3425         return -TARGET_EFAULT;
3426 
3427     if ((int)addrlen < 0) {
3428         return -TARGET_EINVAL;
3429     }
3430 
3431     if (!access_ok(thread_cpu, VERIFY_WRITE, target_addr, addrlen)) {
3432         return -TARGET_EFAULT;
3433     }
3434 
3435     addr = alloca(addrlen);
3436 
3437     ret_addrlen = addrlen;
3438     ret = get_errno(safe_accept4(fd, addr, &ret_addrlen, host_flags));
3439     if (!is_error(ret)) {
3440         host_to_target_sockaddr(target_addr, addr, MIN(addrlen, ret_addrlen));
3441         if (put_user_u32(ret_addrlen, target_addrlen_addr)) {
3442             ret = -TARGET_EFAULT;
3443         }
3444     }
3445     return ret;
3446 }
3447 
3448 /* do_getpeername() Must return target values and target errnos. */
3449 static abi_long do_getpeername(int fd, abi_ulong target_addr,
3450                                abi_ulong target_addrlen_addr)
3451 {
3452     socklen_t addrlen, ret_addrlen;
3453     void *addr;
3454     abi_long ret;
3455 
3456     if (get_user_u32(addrlen, target_addrlen_addr))
3457         return -TARGET_EFAULT;
3458 
3459     if ((int)addrlen < 0) {
3460         return -TARGET_EINVAL;
3461     }
3462 
3463     if (!access_ok(thread_cpu, VERIFY_WRITE, target_addr, addrlen)) {
3464         return -TARGET_EFAULT;
3465     }
3466 
3467     addr = alloca(addrlen);
3468 
3469     ret_addrlen = addrlen;
3470     ret = get_errno(getpeername(fd, addr, &ret_addrlen));
3471     if (!is_error(ret)) {
3472         host_to_target_sockaddr(target_addr, addr, MIN(addrlen, ret_addrlen));
3473         if (put_user_u32(ret_addrlen, target_addrlen_addr)) {
3474             ret = -TARGET_EFAULT;
3475         }
3476     }
3477     return ret;
3478 }
3479 
3480 /* do_getsockname() Must return target values and target errnos. */
3481 static abi_long do_getsockname(int fd, abi_ulong target_addr,
3482                                abi_ulong target_addrlen_addr)
3483 {
3484     socklen_t addrlen, ret_addrlen;
3485     void *addr;
3486     abi_long ret;
3487 
3488     if (get_user_u32(addrlen, target_addrlen_addr))
3489         return -TARGET_EFAULT;
3490 
3491     if ((int)addrlen < 0) {
3492         return -TARGET_EINVAL;
3493     }
3494 
3495     if (!access_ok(thread_cpu, VERIFY_WRITE, target_addr, addrlen)) {
3496         return -TARGET_EFAULT;
3497     }
3498 
3499     addr = alloca(addrlen);
3500 
3501     ret_addrlen = addrlen;
3502     ret = get_errno(getsockname(fd, addr, &ret_addrlen));
3503     if (!is_error(ret)) {
3504         host_to_target_sockaddr(target_addr, addr, MIN(addrlen, ret_addrlen));
3505         if (put_user_u32(ret_addrlen, target_addrlen_addr)) {
3506             ret = -TARGET_EFAULT;
3507         }
3508     }
3509     return ret;
3510 }
3511 
3512 /* do_socketpair() Must return target values and target errnos. */
3513 static abi_long do_socketpair(int domain, int type, int protocol,
3514                               abi_ulong target_tab_addr)
3515 {
3516     int tab[2];
3517     abi_long ret;
3518 
3519     target_to_host_sock_type(&type);
3520 
3521     ret = get_errno(socketpair(domain, type, protocol, tab));
3522     if (!is_error(ret)) {
3523         if (put_user_s32(tab[0], target_tab_addr)
3524             || put_user_s32(tab[1], target_tab_addr + sizeof(tab[0])))
3525             ret = -TARGET_EFAULT;
3526     }
3527     return ret;
3528 }
3529 
3530 /* do_sendto() Must return target values and target errnos. */
3531 static abi_long do_sendto(int fd, abi_ulong msg, size_t len, int flags,
3532                           abi_ulong target_addr, socklen_t addrlen)
3533 {
3534     void *addr;
3535     void *host_msg;
3536     void *copy_msg = NULL;
3537     abi_long ret;
3538 
3539     if ((int)addrlen < 0) {
3540         return -TARGET_EINVAL;
3541     }
3542 
3543     host_msg = lock_user(VERIFY_READ, msg, len, 1);
3544     if (!host_msg)
3545         return -TARGET_EFAULT;
3546     if (fd_trans_target_to_host_data(fd)) {
3547         copy_msg = host_msg;
3548         host_msg = g_malloc(len);
3549         memcpy(host_msg, copy_msg, len);
3550         ret = fd_trans_target_to_host_data(fd)(host_msg, len);
3551         if (ret < 0) {
3552             goto fail;
3553         }
3554     }
3555     if (target_addr) {
3556         addr = alloca(addrlen+1);
3557         ret = target_to_host_sockaddr(fd, addr, target_addr, addrlen);
3558         if (ret) {
3559             goto fail;
3560         }
3561         ret = get_errno(safe_sendto(fd, host_msg, len, flags, addr, addrlen));
3562     } else {
3563         ret = get_errno(safe_sendto(fd, host_msg, len, flags, NULL, 0));
3564     }
3565 fail:
3566     if (copy_msg) {
3567         g_free(host_msg);
3568         host_msg = copy_msg;
3569     }
3570     unlock_user(host_msg, msg, 0);
3571     return ret;
3572 }
3573 
3574 /* do_recvfrom() Must return target values and target errnos. */
3575 static abi_long do_recvfrom(int fd, abi_ulong msg, size_t len, int flags,
3576                             abi_ulong target_addr,
3577                             abi_ulong target_addrlen)
3578 {
3579     socklen_t addrlen, ret_addrlen;
3580     void *addr;
3581     void *host_msg;
3582     abi_long ret;
3583 
3584     if (!msg) {
3585         host_msg = NULL;
3586     } else {
3587         host_msg = lock_user(VERIFY_WRITE, msg, len, 0);
3588         if (!host_msg) {
3589             return -TARGET_EFAULT;
3590         }
3591     }
3592     if (target_addr) {
3593         if (get_user_u32(addrlen, target_addrlen)) {
3594             ret = -TARGET_EFAULT;
3595             goto fail;
3596         }
3597         if ((int)addrlen < 0) {
3598             ret = -TARGET_EINVAL;
3599             goto fail;
3600         }
3601         addr = alloca(addrlen);
3602         ret_addrlen = addrlen;
3603         ret = get_errno(safe_recvfrom(fd, host_msg, len, flags,
3604                                       addr, &ret_addrlen));
3605     } else {
3606         addr = NULL; /* To keep compiler quiet.  */
3607         addrlen = 0; /* To keep compiler quiet.  */
3608         ret = get_errno(safe_recvfrom(fd, host_msg, len, flags, NULL, 0));
3609     }
3610     if (!is_error(ret)) {
3611         if (fd_trans_host_to_target_data(fd)) {
3612             abi_long trans;
3613             trans = fd_trans_host_to_target_data(fd)(host_msg, MIN(ret, len));
3614             if (is_error(trans)) {
3615                 ret = trans;
3616                 goto fail;
3617             }
3618         }
3619         if (target_addr) {
3620             host_to_target_sockaddr(target_addr, addr,
3621                                     MIN(addrlen, ret_addrlen));
3622             if (put_user_u32(ret_addrlen, target_addrlen)) {
3623                 ret = -TARGET_EFAULT;
3624                 goto fail;
3625             }
3626         }
3627         unlock_user(host_msg, msg, len);
3628     } else {
3629 fail:
3630         unlock_user(host_msg, msg, 0);
3631     }
3632     return ret;
3633 }
3634 
3635 #ifdef TARGET_NR_socketcall
3636 /* do_socketcall() must return target values and target errnos. */
3637 static abi_long do_socketcall(int num, abi_ulong vptr)
3638 {
3639     static const unsigned nargs[] = { /* number of arguments per operation */
3640         [TARGET_SYS_SOCKET] = 3,      /* domain, type, protocol */
3641         [TARGET_SYS_BIND] = 3,        /* fd, addr, addrlen */
3642         [TARGET_SYS_CONNECT] = 3,     /* fd, addr, addrlen */
3643         [TARGET_SYS_LISTEN] = 2,      /* fd, backlog */
3644         [TARGET_SYS_ACCEPT] = 3,      /* fd, addr, addrlen */
3645         [TARGET_SYS_GETSOCKNAME] = 3, /* fd, addr, addrlen */
3646         [TARGET_SYS_GETPEERNAME] = 3, /* fd, addr, addrlen */
3647         [TARGET_SYS_SOCKETPAIR] = 4,  /* domain, type, protocol, tab */
3648         [TARGET_SYS_SEND] = 4,        /* fd, msg, len, flags */
3649         [TARGET_SYS_RECV] = 4,        /* fd, msg, len, flags */
3650         [TARGET_SYS_SENDTO] = 6,      /* fd, msg, len, flags, addr, addrlen */
3651         [TARGET_SYS_RECVFROM] = 6,    /* fd, msg, len, flags, addr, addrlen */
3652         [TARGET_SYS_SHUTDOWN] = 2,    /* fd, how */
3653         [TARGET_SYS_SETSOCKOPT] = 5,  /* fd, level, optname, optval, optlen */
3654         [TARGET_SYS_GETSOCKOPT] = 5,  /* fd, level, optname, optval, optlen */
3655         [TARGET_SYS_SENDMSG] = 3,     /* fd, msg, flags */
3656         [TARGET_SYS_RECVMSG] = 3,     /* fd, msg, flags */
3657         [TARGET_SYS_ACCEPT4] = 4,     /* fd, addr, addrlen, flags */
3658         [TARGET_SYS_RECVMMSG] = 4,    /* fd, msgvec, vlen, flags */
3659         [TARGET_SYS_SENDMMSG] = 4,    /* fd, msgvec, vlen, flags */
3660     };
3661     abi_long a[6]; /* max 6 args */
3662     unsigned i;
3663 
3664     /* check the range of the first argument num */
3665     /* (TARGET_SYS_SENDMMSG is the highest among TARGET_SYS_xxx) */
3666     if (num < 1 || num > TARGET_SYS_SENDMMSG) {
3667         return -TARGET_EINVAL;
3668     }
3669     /* ensure we have space for args */
3670     if (nargs[num] > ARRAY_SIZE(a)) {
3671         return -TARGET_EINVAL;
3672     }
3673     /* collect the arguments in a[] according to nargs[] */
3674     for (i = 0; i < nargs[num]; ++i) {
3675         if (get_user_ual(a[i], vptr + i * sizeof(abi_long)) != 0) {
3676             return -TARGET_EFAULT;
3677         }
3678     }
3679     /* now when we have the args, invoke the appropriate underlying function */
3680     switch (num) {
3681     case TARGET_SYS_SOCKET: /* domain, type, protocol */
3682         return do_socket(a[0], a[1], a[2]);
3683     case TARGET_SYS_BIND: /* sockfd, addr, addrlen */
3684         return do_bind(a[0], a[1], a[2]);
3685     case TARGET_SYS_CONNECT: /* sockfd, addr, addrlen */
3686         return do_connect(a[0], a[1], a[2]);
3687     case TARGET_SYS_LISTEN: /* sockfd, backlog */
3688         return get_errno(listen(a[0], a[1]));
3689     case TARGET_SYS_ACCEPT: /* sockfd, addr, addrlen */
3690         return do_accept4(a[0], a[1], a[2], 0);
3691     case TARGET_SYS_GETSOCKNAME: /* sockfd, addr, addrlen */
3692         return do_getsockname(a[0], a[1], a[2]);
3693     case TARGET_SYS_GETPEERNAME: /* sockfd, addr, addrlen */
3694         return do_getpeername(a[0], a[1], a[2]);
3695     case TARGET_SYS_SOCKETPAIR: /* domain, type, protocol, tab */
3696         return do_socketpair(a[0], a[1], a[2], a[3]);
3697     case TARGET_SYS_SEND: /* sockfd, msg, len, flags */
3698         return do_sendto(a[0], a[1], a[2], a[3], 0, 0);
3699     case TARGET_SYS_RECV: /* sockfd, msg, len, flags */
3700         return do_recvfrom(a[0], a[1], a[2], a[3], 0, 0);
3701     case TARGET_SYS_SENDTO: /* sockfd, msg, len, flags, addr, addrlen */
3702         return do_sendto(a[0], a[1], a[2], a[3], a[4], a[5]);
3703     case TARGET_SYS_RECVFROM: /* sockfd, msg, len, flags, addr, addrlen */
3704         return do_recvfrom(a[0], a[1], a[2], a[3], a[4], a[5]);
3705     case TARGET_SYS_SHUTDOWN: /* sockfd, how */
3706         return get_errno(shutdown(a[0], a[1]));
3707     case TARGET_SYS_SETSOCKOPT: /* sockfd, level, optname, optval, optlen */
3708         return do_setsockopt(a[0], a[1], a[2], a[3], a[4]);
3709     case TARGET_SYS_GETSOCKOPT: /* sockfd, level, optname, optval, optlen */
3710         return do_getsockopt(a[0], a[1], a[2], a[3], a[4]);
3711     case TARGET_SYS_SENDMSG: /* sockfd, msg, flags */
3712         return do_sendrecvmsg(a[0], a[1], a[2], 1);
3713     case TARGET_SYS_RECVMSG: /* sockfd, msg, flags */
3714         return do_sendrecvmsg(a[0], a[1], a[2], 0);
3715     case TARGET_SYS_ACCEPT4: /* sockfd, addr, addrlen, flags */
3716         return do_accept4(a[0], a[1], a[2], a[3]);
3717     case TARGET_SYS_RECVMMSG: /* sockfd, msgvec, vlen, flags */
3718         return do_sendrecvmmsg(a[0], a[1], a[2], a[3], 0);
3719     case TARGET_SYS_SENDMMSG: /* sockfd, msgvec, vlen, flags */
3720         return do_sendrecvmmsg(a[0], a[1], a[2], a[3], 1);
3721     default:
3722         qemu_log_mask(LOG_UNIMP, "Unsupported socketcall: %d\n", num);
3723         return -TARGET_EINVAL;
3724     }
3725 }
3726 #endif
3727 
3728 #define N_SHM_REGIONS	32
3729 
3730 static struct shm_region {
3731     abi_ulong start;
3732     abi_ulong size;
3733     bool in_use;
3734 } shm_regions[N_SHM_REGIONS];
3735 
3736 #ifndef TARGET_SEMID64_DS
3737 /* asm-generic version of this struct */
3738 struct target_semid64_ds
3739 {
3740   struct target_ipc_perm sem_perm;
3741   abi_ulong sem_otime;
3742 #if TARGET_ABI_BITS == 32
3743   abi_ulong __unused1;
3744 #endif
3745   abi_ulong sem_ctime;
3746 #if TARGET_ABI_BITS == 32
3747   abi_ulong __unused2;
3748 #endif
3749   abi_ulong sem_nsems;
3750   abi_ulong __unused3;
3751   abi_ulong __unused4;
3752 };
3753 #endif
3754 
3755 static inline abi_long target_to_host_ipc_perm(struct ipc_perm *host_ip,
3756                                                abi_ulong target_addr)
3757 {
3758     struct target_ipc_perm *target_ip;
3759     struct target_semid64_ds *target_sd;
3760 
3761     if (!lock_user_struct(VERIFY_READ, target_sd, target_addr, 1))
3762         return -TARGET_EFAULT;
3763     target_ip = &(target_sd->sem_perm);
3764     host_ip->__key = tswap32(target_ip->__key);
3765     host_ip->uid = tswap32(target_ip->uid);
3766     host_ip->gid = tswap32(target_ip->gid);
3767     host_ip->cuid = tswap32(target_ip->cuid);
3768     host_ip->cgid = tswap32(target_ip->cgid);
3769 #if defined(TARGET_ALPHA) || defined(TARGET_MIPS) || defined(TARGET_PPC)
3770     host_ip->mode = tswap32(target_ip->mode);
3771 #else
3772     host_ip->mode = tswap16(target_ip->mode);
3773 #endif
3774 #if defined(TARGET_PPC)
3775     host_ip->__seq = tswap32(target_ip->__seq);
3776 #else
3777     host_ip->__seq = tswap16(target_ip->__seq);
3778 #endif
3779     unlock_user_struct(target_sd, target_addr, 0);
3780     return 0;
3781 }
3782 
3783 static inline abi_long host_to_target_ipc_perm(abi_ulong target_addr,
3784                                                struct ipc_perm *host_ip)
3785 {
3786     struct target_ipc_perm *target_ip;
3787     struct target_semid64_ds *target_sd;
3788 
3789     if (!lock_user_struct(VERIFY_WRITE, target_sd, target_addr, 0))
3790         return -TARGET_EFAULT;
3791     target_ip = &(target_sd->sem_perm);
3792     target_ip->__key = tswap32(host_ip->__key);
3793     target_ip->uid = tswap32(host_ip->uid);
3794     target_ip->gid = tswap32(host_ip->gid);
3795     target_ip->cuid = tswap32(host_ip->cuid);
3796     target_ip->cgid = tswap32(host_ip->cgid);
3797 #if defined(TARGET_ALPHA) || defined(TARGET_MIPS) || defined(TARGET_PPC)
3798     target_ip->mode = tswap32(host_ip->mode);
3799 #else
3800     target_ip->mode = tswap16(host_ip->mode);
3801 #endif
3802 #if defined(TARGET_PPC)
3803     target_ip->__seq = tswap32(host_ip->__seq);
3804 #else
3805     target_ip->__seq = tswap16(host_ip->__seq);
3806 #endif
3807     unlock_user_struct(target_sd, target_addr, 1);
3808     return 0;
3809 }
3810 
3811 static inline abi_long target_to_host_semid_ds(struct semid_ds *host_sd,
3812                                                abi_ulong target_addr)
3813 {
3814     struct target_semid64_ds *target_sd;
3815 
3816     if (!lock_user_struct(VERIFY_READ, target_sd, target_addr, 1))
3817         return -TARGET_EFAULT;
3818     if (target_to_host_ipc_perm(&(host_sd->sem_perm),target_addr))
3819         return -TARGET_EFAULT;
3820     host_sd->sem_nsems = tswapal(target_sd->sem_nsems);
3821     host_sd->sem_otime = tswapal(target_sd->sem_otime);
3822     host_sd->sem_ctime = tswapal(target_sd->sem_ctime);
3823     unlock_user_struct(target_sd, target_addr, 0);
3824     return 0;
3825 }
3826 
3827 static inline abi_long host_to_target_semid_ds(abi_ulong target_addr,
3828                                                struct semid_ds *host_sd)
3829 {
3830     struct target_semid64_ds *target_sd;
3831 
3832     if (!lock_user_struct(VERIFY_WRITE, target_sd, target_addr, 0))
3833         return -TARGET_EFAULT;
3834     if (host_to_target_ipc_perm(target_addr,&(host_sd->sem_perm)))
3835         return -TARGET_EFAULT;
3836     target_sd->sem_nsems = tswapal(host_sd->sem_nsems);
3837     target_sd->sem_otime = tswapal(host_sd->sem_otime);
3838     target_sd->sem_ctime = tswapal(host_sd->sem_ctime);
3839     unlock_user_struct(target_sd, target_addr, 1);
3840     return 0;
3841 }
3842 
3843 struct target_seminfo {
3844     int semmap;
3845     int semmni;
3846     int semmns;
3847     int semmnu;
3848     int semmsl;
3849     int semopm;
3850     int semume;
3851     int semusz;
3852     int semvmx;
3853     int semaem;
3854 };
3855 
3856 static inline abi_long host_to_target_seminfo(abi_ulong target_addr,
3857                                               struct seminfo *host_seminfo)
3858 {
3859     struct target_seminfo *target_seminfo;
3860     if (!lock_user_struct(VERIFY_WRITE, target_seminfo, target_addr, 0))
3861         return -TARGET_EFAULT;
3862     __put_user(host_seminfo->semmap, &target_seminfo->semmap);
3863     __put_user(host_seminfo->semmni, &target_seminfo->semmni);
3864     __put_user(host_seminfo->semmns, &target_seminfo->semmns);
3865     __put_user(host_seminfo->semmnu, &target_seminfo->semmnu);
3866     __put_user(host_seminfo->semmsl, &target_seminfo->semmsl);
3867     __put_user(host_seminfo->semopm, &target_seminfo->semopm);
3868     __put_user(host_seminfo->semume, &target_seminfo->semume);
3869     __put_user(host_seminfo->semusz, &target_seminfo->semusz);
3870     __put_user(host_seminfo->semvmx, &target_seminfo->semvmx);
3871     __put_user(host_seminfo->semaem, &target_seminfo->semaem);
3872     unlock_user_struct(target_seminfo, target_addr, 1);
3873     return 0;
3874 }
3875 
3876 union semun {
3877 	int val;
3878 	struct semid_ds *buf;
3879 	unsigned short *array;
3880 	struct seminfo *__buf;
3881 };
3882 
3883 union target_semun {
3884 	int val;
3885 	abi_ulong buf;
3886 	abi_ulong array;
3887 	abi_ulong __buf;
3888 };
3889 
3890 static inline abi_long target_to_host_semarray(int semid, unsigned short **host_array,
3891                                                abi_ulong target_addr)
3892 {
3893     int nsems;
3894     unsigned short *array;
3895     union semun semun;
3896     struct semid_ds semid_ds;
3897     int i, ret;
3898 
3899     semun.buf = &semid_ds;
3900 
3901     ret = semctl(semid, 0, IPC_STAT, semun);
3902     if (ret == -1)
3903         return get_errno(ret);
3904 
3905     nsems = semid_ds.sem_nsems;
3906 
3907     *host_array = g_try_new(unsigned short, nsems);
3908     if (!*host_array) {
3909         return -TARGET_ENOMEM;
3910     }
3911     array = lock_user(VERIFY_READ, target_addr,
3912                       nsems*sizeof(unsigned short), 1);
3913     if (!array) {
3914         g_free(*host_array);
3915         return -TARGET_EFAULT;
3916     }
3917 
3918     for(i=0; i<nsems; i++) {
3919         __get_user((*host_array)[i], &array[i]);
3920     }
3921     unlock_user(array, target_addr, 0);
3922 
3923     return 0;
3924 }
3925 
3926 static inline abi_long host_to_target_semarray(int semid, abi_ulong target_addr,
3927                                                unsigned short **host_array)
3928 {
3929     int nsems;
3930     unsigned short *array;
3931     union semun semun;
3932     struct semid_ds semid_ds;
3933     int i, ret;
3934 
3935     semun.buf = &semid_ds;
3936 
3937     ret = semctl(semid, 0, IPC_STAT, semun);
3938     if (ret == -1)
3939         return get_errno(ret);
3940 
3941     nsems = semid_ds.sem_nsems;
3942 
3943     array = lock_user(VERIFY_WRITE, target_addr,
3944                       nsems*sizeof(unsigned short), 0);
3945     if (!array)
3946         return -TARGET_EFAULT;
3947 
3948     for(i=0; i<nsems; i++) {
3949         __put_user((*host_array)[i], &array[i]);
3950     }
3951     g_free(*host_array);
3952     unlock_user(array, target_addr, 1);
3953 
3954     return 0;
3955 }
3956 
3957 static inline abi_long do_semctl(int semid, int semnum, int cmd,
3958                                  abi_ulong target_arg)
3959 {
3960     union target_semun target_su = { .buf = target_arg };
3961     union semun arg;
3962     struct semid_ds dsarg;
3963     unsigned short *array = NULL;
3964     struct seminfo seminfo;
3965     abi_long ret = -TARGET_EINVAL;
3966     abi_long err;
3967     cmd &= 0xff;
3968 
3969     switch( cmd ) {
3970 	case GETVAL:
3971 	case SETVAL:
3972             /* In 64 bit cross-endian situations, we will erroneously pick up
3973              * the wrong half of the union for the "val" element.  To rectify
3974              * this, the entire 8-byte structure is byteswapped, followed by
3975 	     * a swap of the 4 byte val field. In other cases, the data is
3976 	     * already in proper host byte order. */
3977 	    if (sizeof(target_su.val) != (sizeof(target_su.buf))) {
3978 		target_su.buf = tswapal(target_su.buf);
3979 		arg.val = tswap32(target_su.val);
3980 	    } else {
3981 		arg.val = target_su.val;
3982 	    }
3983             ret = get_errno(semctl(semid, semnum, cmd, arg));
3984             break;
3985 	case GETALL:
3986 	case SETALL:
3987             err = target_to_host_semarray(semid, &array, target_su.array);
3988             if (err)
3989                 return err;
3990             arg.array = array;
3991             ret = get_errno(semctl(semid, semnum, cmd, arg));
3992             err = host_to_target_semarray(semid, target_su.array, &array);
3993             if (err)
3994                 return err;
3995             break;
3996 	case IPC_STAT:
3997 	case IPC_SET:
3998 	case SEM_STAT:
3999             err = target_to_host_semid_ds(&dsarg, target_su.buf);
4000             if (err)
4001                 return err;
4002             arg.buf = &dsarg;
4003             ret = get_errno(semctl(semid, semnum, cmd, arg));
4004             err = host_to_target_semid_ds(target_su.buf, &dsarg);
4005             if (err)
4006                 return err;
4007             break;
4008 	case IPC_INFO:
4009 	case SEM_INFO:
4010             arg.__buf = &seminfo;
4011             ret = get_errno(semctl(semid, semnum, cmd, arg));
4012             err = host_to_target_seminfo(target_su.__buf, &seminfo);
4013             if (err)
4014                 return err;
4015             break;
4016 	case IPC_RMID:
4017 	case GETPID:
4018 	case GETNCNT:
4019 	case GETZCNT:
4020             ret = get_errno(semctl(semid, semnum, cmd, NULL));
4021             break;
4022     }
4023 
4024     return ret;
4025 }
4026 
4027 struct target_sembuf {
4028     unsigned short sem_num;
4029     short sem_op;
4030     short sem_flg;
4031 };
4032 
4033 static inline abi_long target_to_host_sembuf(struct sembuf *host_sembuf,
4034                                              abi_ulong target_addr,
4035                                              unsigned nsops)
4036 {
4037     struct target_sembuf *target_sembuf;
4038     int i;
4039 
4040     target_sembuf = lock_user(VERIFY_READ, target_addr,
4041                               nsops*sizeof(struct target_sembuf), 1);
4042     if (!target_sembuf)
4043         return -TARGET_EFAULT;
4044 
4045     for(i=0; i<nsops; i++) {
4046         __get_user(host_sembuf[i].sem_num, &target_sembuf[i].sem_num);
4047         __get_user(host_sembuf[i].sem_op, &target_sembuf[i].sem_op);
4048         __get_user(host_sembuf[i].sem_flg, &target_sembuf[i].sem_flg);
4049     }
4050 
4051     unlock_user(target_sembuf, target_addr, 0);
4052 
4053     return 0;
4054 }
4055 
4056 #if defined(TARGET_NR_ipc) || defined(TARGET_NR_semop) || \
4057     defined(TARGET_NR_semtimedop) || defined(TARGET_NR_semtimedop_time64)
4058 
4059 /*
4060  * This macro is required to handle the s390 variants, which passes the
4061  * arguments in a different order than default.
4062  */
4063 #ifdef __s390x__
4064 #define SEMTIMEDOP_IPC_ARGS(__nsops, __sops, __timeout) \
4065   (__nsops), (__timeout), (__sops)
4066 #else
4067 #define SEMTIMEDOP_IPC_ARGS(__nsops, __sops, __timeout) \
4068   (__nsops), 0, (__sops), (__timeout)
4069 #endif
4070 
4071 static inline abi_long do_semtimedop(int semid,
4072                                      abi_long ptr,
4073                                      unsigned nsops,
4074                                      abi_long timeout, bool time64)
4075 {
4076     struct sembuf *sops;
4077     struct timespec ts, *pts = NULL;
4078     abi_long ret;
4079 
4080     if (timeout) {
4081         pts = &ts;
4082         if (time64) {
4083             if (target_to_host_timespec64(pts, timeout)) {
4084                 return -TARGET_EFAULT;
4085             }
4086         } else {
4087             if (target_to_host_timespec(pts, timeout)) {
4088                 return -TARGET_EFAULT;
4089             }
4090         }
4091     }
4092 
4093     if (nsops > TARGET_SEMOPM) {
4094         return -TARGET_E2BIG;
4095     }
4096 
4097     sops = g_new(struct sembuf, nsops);
4098 
4099     if (target_to_host_sembuf(sops, ptr, nsops)) {
4100         g_free(sops);
4101         return -TARGET_EFAULT;
4102     }
4103 
4104     ret = -TARGET_ENOSYS;
4105 #ifdef __NR_semtimedop
4106     ret = get_errno(safe_semtimedop(semid, sops, nsops, pts));
4107 #endif
4108 #ifdef __NR_ipc
4109     if (ret == -TARGET_ENOSYS) {
4110         ret = get_errno(safe_ipc(IPCOP_semtimedop, semid,
4111                                  SEMTIMEDOP_IPC_ARGS(nsops, sops, (long)pts)));
4112     }
4113 #endif
4114     g_free(sops);
4115     return ret;
4116 }
4117 #endif
4118 
4119 struct target_msqid_ds
4120 {
4121     struct target_ipc_perm msg_perm;
4122     abi_ulong msg_stime;
4123 #if TARGET_ABI_BITS == 32
4124     abi_ulong __unused1;
4125 #endif
4126     abi_ulong msg_rtime;
4127 #if TARGET_ABI_BITS == 32
4128     abi_ulong __unused2;
4129 #endif
4130     abi_ulong msg_ctime;
4131 #if TARGET_ABI_BITS == 32
4132     abi_ulong __unused3;
4133 #endif
4134     abi_ulong __msg_cbytes;
4135     abi_ulong msg_qnum;
4136     abi_ulong msg_qbytes;
4137     abi_ulong msg_lspid;
4138     abi_ulong msg_lrpid;
4139     abi_ulong __unused4;
4140     abi_ulong __unused5;
4141 };
4142 
4143 static inline abi_long target_to_host_msqid_ds(struct msqid_ds *host_md,
4144                                                abi_ulong target_addr)
4145 {
4146     struct target_msqid_ds *target_md;
4147 
4148     if (!lock_user_struct(VERIFY_READ, target_md, target_addr, 1))
4149         return -TARGET_EFAULT;
4150     if (target_to_host_ipc_perm(&(host_md->msg_perm),target_addr))
4151         return -TARGET_EFAULT;
4152     host_md->msg_stime = tswapal(target_md->msg_stime);
4153     host_md->msg_rtime = tswapal(target_md->msg_rtime);
4154     host_md->msg_ctime = tswapal(target_md->msg_ctime);
4155     host_md->__msg_cbytes = tswapal(target_md->__msg_cbytes);
4156     host_md->msg_qnum = tswapal(target_md->msg_qnum);
4157     host_md->msg_qbytes = tswapal(target_md->msg_qbytes);
4158     host_md->msg_lspid = tswapal(target_md->msg_lspid);
4159     host_md->msg_lrpid = tswapal(target_md->msg_lrpid);
4160     unlock_user_struct(target_md, target_addr, 0);
4161     return 0;
4162 }
4163 
4164 static inline abi_long host_to_target_msqid_ds(abi_ulong target_addr,
4165                                                struct msqid_ds *host_md)
4166 {
4167     struct target_msqid_ds *target_md;
4168 
4169     if (!lock_user_struct(VERIFY_WRITE, target_md, target_addr, 0))
4170         return -TARGET_EFAULT;
4171     if (host_to_target_ipc_perm(target_addr,&(host_md->msg_perm)))
4172         return -TARGET_EFAULT;
4173     target_md->msg_stime = tswapal(host_md->msg_stime);
4174     target_md->msg_rtime = tswapal(host_md->msg_rtime);
4175     target_md->msg_ctime = tswapal(host_md->msg_ctime);
4176     target_md->__msg_cbytes = tswapal(host_md->__msg_cbytes);
4177     target_md->msg_qnum = tswapal(host_md->msg_qnum);
4178     target_md->msg_qbytes = tswapal(host_md->msg_qbytes);
4179     target_md->msg_lspid = tswapal(host_md->msg_lspid);
4180     target_md->msg_lrpid = tswapal(host_md->msg_lrpid);
4181     unlock_user_struct(target_md, target_addr, 1);
4182     return 0;
4183 }
4184 
4185 struct target_msginfo {
4186     int msgpool;
4187     int msgmap;
4188     int msgmax;
4189     int msgmnb;
4190     int msgmni;
4191     int msgssz;
4192     int msgtql;
4193     unsigned short int msgseg;
4194 };
4195 
4196 static inline abi_long host_to_target_msginfo(abi_ulong target_addr,
4197                                               struct msginfo *host_msginfo)
4198 {
4199     struct target_msginfo *target_msginfo;
4200     if (!lock_user_struct(VERIFY_WRITE, target_msginfo, target_addr, 0))
4201         return -TARGET_EFAULT;
4202     __put_user(host_msginfo->msgpool, &target_msginfo->msgpool);
4203     __put_user(host_msginfo->msgmap, &target_msginfo->msgmap);
4204     __put_user(host_msginfo->msgmax, &target_msginfo->msgmax);
4205     __put_user(host_msginfo->msgmnb, &target_msginfo->msgmnb);
4206     __put_user(host_msginfo->msgmni, &target_msginfo->msgmni);
4207     __put_user(host_msginfo->msgssz, &target_msginfo->msgssz);
4208     __put_user(host_msginfo->msgtql, &target_msginfo->msgtql);
4209     __put_user(host_msginfo->msgseg, &target_msginfo->msgseg);
4210     unlock_user_struct(target_msginfo, target_addr, 1);
4211     return 0;
4212 }
4213 
4214 static inline abi_long do_msgctl(int msgid, int cmd, abi_long ptr)
4215 {
4216     struct msqid_ds dsarg;
4217     struct msginfo msginfo;
4218     abi_long ret = -TARGET_EINVAL;
4219 
4220     cmd &= 0xff;
4221 
4222     switch (cmd) {
4223     case IPC_STAT:
4224     case IPC_SET:
4225     case MSG_STAT:
4226         if (target_to_host_msqid_ds(&dsarg,ptr))
4227             return -TARGET_EFAULT;
4228         ret = get_errno(msgctl(msgid, cmd, &dsarg));
4229         if (host_to_target_msqid_ds(ptr,&dsarg))
4230             return -TARGET_EFAULT;
4231         break;
4232     case IPC_RMID:
4233         ret = get_errno(msgctl(msgid, cmd, NULL));
4234         break;
4235     case IPC_INFO:
4236     case MSG_INFO:
4237         ret = get_errno(msgctl(msgid, cmd, (struct msqid_ds *)&msginfo));
4238         if (host_to_target_msginfo(ptr, &msginfo))
4239             return -TARGET_EFAULT;
4240         break;
4241     }
4242 
4243     return ret;
4244 }
4245 
4246 struct target_msgbuf {
4247     abi_long mtype;
4248     char	mtext[1];
4249 };
4250 
4251 static inline abi_long do_msgsnd(int msqid, abi_long msgp,
4252                                  ssize_t msgsz, int msgflg)
4253 {
4254     struct target_msgbuf *target_mb;
4255     struct msgbuf *host_mb;
4256     abi_long ret = 0;
4257 
4258     if (msgsz < 0) {
4259         return -TARGET_EINVAL;
4260     }
4261 
4262     if (!lock_user_struct(VERIFY_READ, target_mb, msgp, 0))
4263         return -TARGET_EFAULT;
4264     host_mb = g_try_malloc(msgsz + sizeof(long));
4265     if (!host_mb) {
4266         unlock_user_struct(target_mb, msgp, 0);
4267         return -TARGET_ENOMEM;
4268     }
4269     host_mb->mtype = (abi_long) tswapal(target_mb->mtype);
4270     memcpy(host_mb->mtext, target_mb->mtext, msgsz);
4271     ret = -TARGET_ENOSYS;
4272 #ifdef __NR_msgsnd
4273     ret = get_errno(safe_msgsnd(msqid, host_mb, msgsz, msgflg));
4274 #endif
4275 #ifdef __NR_ipc
4276     if (ret == -TARGET_ENOSYS) {
4277 #ifdef __s390x__
4278         ret = get_errno(safe_ipc(IPCOP_msgsnd, msqid, msgsz, msgflg,
4279                                  host_mb));
4280 #else
4281         ret = get_errno(safe_ipc(IPCOP_msgsnd, msqid, msgsz, msgflg,
4282                                  host_mb, 0));
4283 #endif
4284     }
4285 #endif
4286     g_free(host_mb);
4287     unlock_user_struct(target_mb, msgp, 0);
4288 
4289     return ret;
4290 }
4291 
4292 #ifdef __NR_ipc
4293 #if defined(__sparc__)
4294 /* SPARC for msgrcv it does not use the kludge on final 2 arguments.  */
4295 #define MSGRCV_ARGS(__msgp, __msgtyp) __msgp, __msgtyp
4296 #elif defined(__s390x__)
4297 /* The s390 sys_ipc variant has only five parameters.  */
4298 #define MSGRCV_ARGS(__msgp, __msgtyp) \
4299     ((long int[]){(long int)__msgp, __msgtyp})
4300 #else
4301 #define MSGRCV_ARGS(__msgp, __msgtyp) \
4302     ((long int[]){(long int)__msgp, __msgtyp}), 0
4303 #endif
4304 #endif
4305 
4306 static inline abi_long do_msgrcv(int msqid, abi_long msgp,
4307                                  ssize_t msgsz, abi_long msgtyp,
4308                                  int msgflg)
4309 {
4310     struct target_msgbuf *target_mb;
4311     char *target_mtext;
4312     struct msgbuf *host_mb;
4313     abi_long ret = 0;
4314 
4315     if (msgsz < 0) {
4316         return -TARGET_EINVAL;
4317     }
4318 
4319     if (!lock_user_struct(VERIFY_WRITE, target_mb, msgp, 0))
4320         return -TARGET_EFAULT;
4321 
4322     host_mb = g_try_malloc(msgsz + sizeof(long));
4323     if (!host_mb) {
4324         ret = -TARGET_ENOMEM;
4325         goto end;
4326     }
4327     ret = -TARGET_ENOSYS;
4328 #ifdef __NR_msgrcv
4329     ret = get_errno(safe_msgrcv(msqid, host_mb, msgsz, msgtyp, msgflg));
4330 #endif
4331 #ifdef __NR_ipc
4332     if (ret == -TARGET_ENOSYS) {
4333         ret = get_errno(safe_ipc(IPCOP_CALL(1, IPCOP_msgrcv), msqid, msgsz,
4334                         msgflg, MSGRCV_ARGS(host_mb, msgtyp)));
4335     }
4336 #endif
4337 
4338     if (ret > 0) {
4339         abi_ulong target_mtext_addr = msgp + sizeof(abi_ulong);
4340         target_mtext = lock_user(VERIFY_WRITE, target_mtext_addr, ret, 0);
4341         if (!target_mtext) {
4342             ret = -TARGET_EFAULT;
4343             goto end;
4344         }
4345         memcpy(target_mb->mtext, host_mb->mtext, ret);
4346         unlock_user(target_mtext, target_mtext_addr, ret);
4347     }
4348 
4349     target_mb->mtype = tswapal(host_mb->mtype);
4350 
4351 end:
4352     if (target_mb)
4353         unlock_user_struct(target_mb, msgp, 1);
4354     g_free(host_mb);
4355     return ret;
4356 }
4357 
4358 static inline abi_long target_to_host_shmid_ds(struct shmid_ds *host_sd,
4359                                                abi_ulong target_addr)
4360 {
4361     struct target_shmid_ds *target_sd;
4362 
4363     if (!lock_user_struct(VERIFY_READ, target_sd, target_addr, 1))
4364         return -TARGET_EFAULT;
4365     if (target_to_host_ipc_perm(&(host_sd->shm_perm), target_addr))
4366         return -TARGET_EFAULT;
4367     __get_user(host_sd->shm_segsz, &target_sd->shm_segsz);
4368     __get_user(host_sd->shm_atime, &target_sd->shm_atime);
4369     __get_user(host_sd->shm_dtime, &target_sd->shm_dtime);
4370     __get_user(host_sd->shm_ctime, &target_sd->shm_ctime);
4371     __get_user(host_sd->shm_cpid, &target_sd->shm_cpid);
4372     __get_user(host_sd->shm_lpid, &target_sd->shm_lpid);
4373     __get_user(host_sd->shm_nattch, &target_sd->shm_nattch);
4374     unlock_user_struct(target_sd, target_addr, 0);
4375     return 0;
4376 }
4377 
4378 static inline abi_long host_to_target_shmid_ds(abi_ulong target_addr,
4379                                                struct shmid_ds *host_sd)
4380 {
4381     struct target_shmid_ds *target_sd;
4382 
4383     if (!lock_user_struct(VERIFY_WRITE, target_sd, target_addr, 0))
4384         return -TARGET_EFAULT;
4385     if (host_to_target_ipc_perm(target_addr, &(host_sd->shm_perm)))
4386         return -TARGET_EFAULT;
4387     __put_user(host_sd->shm_segsz, &target_sd->shm_segsz);
4388     __put_user(host_sd->shm_atime, &target_sd->shm_atime);
4389     __put_user(host_sd->shm_dtime, &target_sd->shm_dtime);
4390     __put_user(host_sd->shm_ctime, &target_sd->shm_ctime);
4391     __put_user(host_sd->shm_cpid, &target_sd->shm_cpid);
4392     __put_user(host_sd->shm_lpid, &target_sd->shm_lpid);
4393     __put_user(host_sd->shm_nattch, &target_sd->shm_nattch);
4394     unlock_user_struct(target_sd, target_addr, 1);
4395     return 0;
4396 }
4397 
4398 struct  target_shminfo {
4399     abi_ulong shmmax;
4400     abi_ulong shmmin;
4401     abi_ulong shmmni;
4402     abi_ulong shmseg;
4403     abi_ulong shmall;
4404 };
4405 
4406 static inline abi_long host_to_target_shminfo(abi_ulong target_addr,
4407                                               struct shminfo *host_shminfo)
4408 {
4409     struct target_shminfo *target_shminfo;
4410     if (!lock_user_struct(VERIFY_WRITE, target_shminfo, target_addr, 0))
4411         return -TARGET_EFAULT;
4412     __put_user(host_shminfo->shmmax, &target_shminfo->shmmax);
4413     __put_user(host_shminfo->shmmin, &target_shminfo->shmmin);
4414     __put_user(host_shminfo->shmmni, &target_shminfo->shmmni);
4415     __put_user(host_shminfo->shmseg, &target_shminfo->shmseg);
4416     __put_user(host_shminfo->shmall, &target_shminfo->shmall);
4417     unlock_user_struct(target_shminfo, target_addr, 1);
4418     return 0;
4419 }
4420 
4421 struct target_shm_info {
4422     int used_ids;
4423     abi_ulong shm_tot;
4424     abi_ulong shm_rss;
4425     abi_ulong shm_swp;
4426     abi_ulong swap_attempts;
4427     abi_ulong swap_successes;
4428 };
4429 
4430 static inline abi_long host_to_target_shm_info(abi_ulong target_addr,
4431                                                struct shm_info *host_shm_info)
4432 {
4433     struct target_shm_info *target_shm_info;
4434     if (!lock_user_struct(VERIFY_WRITE, target_shm_info, target_addr, 0))
4435         return -TARGET_EFAULT;
4436     __put_user(host_shm_info->used_ids, &target_shm_info->used_ids);
4437     __put_user(host_shm_info->shm_tot, &target_shm_info->shm_tot);
4438     __put_user(host_shm_info->shm_rss, &target_shm_info->shm_rss);
4439     __put_user(host_shm_info->shm_swp, &target_shm_info->shm_swp);
4440     __put_user(host_shm_info->swap_attempts, &target_shm_info->swap_attempts);
4441     __put_user(host_shm_info->swap_successes, &target_shm_info->swap_successes);
4442     unlock_user_struct(target_shm_info, target_addr, 1);
4443     return 0;
4444 }
4445 
4446 static inline abi_long do_shmctl(int shmid, int cmd, abi_long buf)
4447 {
4448     struct shmid_ds dsarg;
4449     struct shminfo shminfo;
4450     struct shm_info shm_info;
4451     abi_long ret = -TARGET_EINVAL;
4452 
4453     cmd &= 0xff;
4454 
4455     switch(cmd) {
4456     case IPC_STAT:
4457     case IPC_SET:
4458     case SHM_STAT:
4459         if (target_to_host_shmid_ds(&dsarg, buf))
4460             return -TARGET_EFAULT;
4461         ret = get_errno(shmctl(shmid, cmd, &dsarg));
4462         if (host_to_target_shmid_ds(buf, &dsarg))
4463             return -TARGET_EFAULT;
4464         break;
4465     case IPC_INFO:
4466         ret = get_errno(shmctl(shmid, cmd, (struct shmid_ds *)&shminfo));
4467         if (host_to_target_shminfo(buf, &shminfo))
4468             return -TARGET_EFAULT;
4469         break;
4470     case SHM_INFO:
4471         ret = get_errno(shmctl(shmid, cmd, (struct shmid_ds *)&shm_info));
4472         if (host_to_target_shm_info(buf, &shm_info))
4473             return -TARGET_EFAULT;
4474         break;
4475     case IPC_RMID:
4476     case SHM_LOCK:
4477     case SHM_UNLOCK:
4478         ret = get_errno(shmctl(shmid, cmd, NULL));
4479         break;
4480     }
4481 
4482     return ret;
4483 }
4484 
4485 #ifndef TARGET_FORCE_SHMLBA
4486 /* For most architectures, SHMLBA is the same as the page size;
4487  * some architectures have larger values, in which case they should
4488  * define TARGET_FORCE_SHMLBA and provide a target_shmlba() function.
4489  * This corresponds to the kernel arch code defining __ARCH_FORCE_SHMLBA
4490  * and defining its own value for SHMLBA.
4491  *
4492  * The kernel also permits SHMLBA to be set by the architecture to a
4493  * value larger than the page size without setting __ARCH_FORCE_SHMLBA;
4494  * this means that addresses are rounded to the large size if
4495  * SHM_RND is set but addresses not aligned to that size are not rejected
4496  * as long as they are at least page-aligned. Since the only architecture
4497  * which uses this is ia64 this code doesn't provide for that oddity.
4498  */
4499 static inline abi_ulong target_shmlba(CPUArchState *cpu_env)
4500 {
4501     return TARGET_PAGE_SIZE;
4502 }
4503 #endif
4504 
4505 static abi_ulong do_shmat(CPUArchState *cpu_env, int shmid,
4506                           abi_ulong shmaddr, int shmflg)
4507 {
4508     CPUState *cpu = env_cpu(cpu_env);
4509     abi_ulong raddr;
4510     void *host_raddr;
4511     struct shmid_ds shm_info;
4512     int i, ret;
4513     abi_ulong shmlba;
4514 
4515     /* shmat pointers are always untagged */
4516 
4517     /* find out the length of the shared memory segment */
4518     ret = get_errno(shmctl(shmid, IPC_STAT, &shm_info));
4519     if (is_error(ret)) {
4520         /* can't get length, bail out */
4521         return ret;
4522     }
4523 
4524     shmlba = target_shmlba(cpu_env);
4525 
4526     if (shmaddr & (shmlba - 1)) {
4527         if (shmflg & SHM_RND) {
4528             shmaddr &= ~(shmlba - 1);
4529         } else {
4530             return -TARGET_EINVAL;
4531         }
4532     }
4533     if (!guest_range_valid_untagged(shmaddr, shm_info.shm_segsz)) {
4534         return -TARGET_EINVAL;
4535     }
4536 
4537     mmap_lock();
4538 
4539     /*
4540      * We're mapping shared memory, so ensure we generate code for parallel
4541      * execution and flush old translations.  This will work up to the level
4542      * supported by the host -- anything that requires EXCP_ATOMIC will not
4543      * be atomic with respect to an external process.
4544      */
4545     if (!(cpu->tcg_cflags & CF_PARALLEL)) {
4546         cpu->tcg_cflags |= CF_PARALLEL;
4547         tb_flush(cpu);
4548     }
4549 
4550     if (shmaddr)
4551         host_raddr = shmat(shmid, (void *)g2h_untagged(shmaddr), shmflg);
4552     else {
4553         abi_ulong mmap_start;
4554 
4555         /* In order to use the host shmat, we need to honor host SHMLBA.  */
4556         mmap_start = mmap_find_vma(0, shm_info.shm_segsz, MAX(SHMLBA, shmlba));
4557 
4558         if (mmap_start == -1) {
4559             errno = ENOMEM;
4560             host_raddr = (void *)-1;
4561         } else
4562             host_raddr = shmat(shmid, g2h_untagged(mmap_start),
4563                                shmflg | SHM_REMAP);
4564     }
4565 
4566     if (host_raddr == (void *)-1) {
4567         mmap_unlock();
4568         return get_errno((intptr_t)host_raddr);
4569     }
4570     raddr = h2g((uintptr_t)host_raddr);
4571 
4572     page_set_flags(raddr, raddr + shm_info.shm_segsz - 1,
4573                    PAGE_VALID | PAGE_RESET | PAGE_READ |
4574                    (shmflg & SHM_RDONLY ? 0 : PAGE_WRITE));
4575 
4576     for (i = 0; i < N_SHM_REGIONS; i++) {
4577         if (!shm_regions[i].in_use) {
4578             shm_regions[i].in_use = true;
4579             shm_regions[i].start = raddr;
4580             shm_regions[i].size = shm_info.shm_segsz;
4581             break;
4582         }
4583     }
4584 
4585     mmap_unlock();
4586     return raddr;
4587 }
4588 
4589 static inline abi_long do_shmdt(abi_ulong shmaddr)
4590 {
4591     int i;
4592     abi_long rv;
4593 
4594     /* shmdt pointers are always untagged */
4595 
4596     mmap_lock();
4597 
4598     for (i = 0; i < N_SHM_REGIONS; ++i) {
4599         if (shm_regions[i].in_use && shm_regions[i].start == shmaddr) {
4600             shm_regions[i].in_use = false;
4601             page_set_flags(shmaddr, shmaddr + shm_regions[i].size - 1, 0);
4602             break;
4603         }
4604     }
4605     rv = get_errno(shmdt(g2h_untagged(shmaddr)));
4606 
4607     mmap_unlock();
4608 
4609     return rv;
4610 }
4611 
4612 #ifdef TARGET_NR_ipc
4613 /* ??? This only works with linear mappings.  */
4614 /* do_ipc() must return target values and target errnos. */
4615 static abi_long do_ipc(CPUArchState *cpu_env,
4616                        unsigned int call, abi_long first,
4617                        abi_long second, abi_long third,
4618                        abi_long ptr, abi_long fifth)
4619 {
4620     int version;
4621     abi_long ret = 0;
4622 
4623     version = call >> 16;
4624     call &= 0xffff;
4625 
4626     switch (call) {
4627     case IPCOP_semop:
4628         ret = do_semtimedop(first, ptr, second, 0, false);
4629         break;
4630     case IPCOP_semtimedop:
4631     /*
4632      * The s390 sys_ipc variant has only five parameters instead of six
4633      * (as for default variant) and the only difference is the handling of
4634      * SEMTIMEDOP where on s390 the third parameter is used as a pointer
4635      * to a struct timespec where the generic variant uses fifth parameter.
4636      */
4637 #if defined(TARGET_S390X)
4638         ret = do_semtimedop(first, ptr, second, third, TARGET_ABI_BITS == 64);
4639 #else
4640         ret = do_semtimedop(first, ptr, second, fifth, TARGET_ABI_BITS == 64);
4641 #endif
4642         break;
4643 
4644     case IPCOP_semget:
4645         ret = get_errno(semget(first, second, third));
4646         break;
4647 
4648     case IPCOP_semctl: {
4649         /* The semun argument to semctl is passed by value, so dereference the
4650          * ptr argument. */
4651         abi_ulong atptr;
4652         get_user_ual(atptr, ptr);
4653         ret = do_semctl(first, second, third, atptr);
4654         break;
4655     }
4656 
4657     case IPCOP_msgget:
4658         ret = get_errno(msgget(first, second));
4659         break;
4660 
4661     case IPCOP_msgsnd:
4662         ret = do_msgsnd(first, ptr, second, third);
4663         break;
4664 
4665     case IPCOP_msgctl:
4666         ret = do_msgctl(first, second, ptr);
4667         break;
4668 
4669     case IPCOP_msgrcv:
4670         switch (version) {
4671         case 0:
4672             {
4673                 struct target_ipc_kludge {
4674                     abi_long msgp;
4675                     abi_long msgtyp;
4676                 } *tmp;
4677 
4678                 if (!lock_user_struct(VERIFY_READ, tmp, ptr, 1)) {
4679                     ret = -TARGET_EFAULT;
4680                     break;
4681                 }
4682 
4683                 ret = do_msgrcv(first, tswapal(tmp->msgp), second, tswapal(tmp->msgtyp), third);
4684 
4685                 unlock_user_struct(tmp, ptr, 0);
4686                 break;
4687             }
4688         default:
4689             ret = do_msgrcv(first, ptr, second, fifth, third);
4690         }
4691         break;
4692 
4693     case IPCOP_shmat:
4694         switch (version) {
4695         default:
4696         {
4697             abi_ulong raddr;
4698             raddr = do_shmat(cpu_env, first, ptr, second);
4699             if (is_error(raddr))
4700                 return get_errno(raddr);
4701             if (put_user_ual(raddr, third))
4702                 return -TARGET_EFAULT;
4703             break;
4704         }
4705         case 1:
4706             ret = -TARGET_EINVAL;
4707             break;
4708         }
4709 	break;
4710     case IPCOP_shmdt:
4711         ret = do_shmdt(ptr);
4712 	break;
4713 
4714     case IPCOP_shmget:
4715 	/* IPC_* flag values are the same on all linux platforms */
4716 	ret = get_errno(shmget(first, second, third));
4717 	break;
4718 
4719 	/* IPC_* and SHM_* command values are the same on all linux platforms */
4720     case IPCOP_shmctl:
4721         ret = do_shmctl(first, second, ptr);
4722         break;
4723     default:
4724         qemu_log_mask(LOG_UNIMP, "Unsupported ipc call: %d (version %d)\n",
4725                       call, version);
4726 	ret = -TARGET_ENOSYS;
4727 	break;
4728     }
4729     return ret;
4730 }
4731 #endif
4732 
4733 /* kernel structure types definitions */
4734 
4735 #define STRUCT(name, ...) STRUCT_ ## name,
4736 #define STRUCT_SPECIAL(name) STRUCT_ ## name,
4737 enum {
4738 #include "syscall_types.h"
4739 STRUCT_MAX
4740 };
4741 #undef STRUCT
4742 #undef STRUCT_SPECIAL
4743 
4744 #define STRUCT(name, ...) static const argtype struct_ ## name ## _def[] = {  __VA_ARGS__, TYPE_NULL };
4745 #define STRUCT_SPECIAL(name)
4746 #include "syscall_types.h"
4747 #undef STRUCT
4748 #undef STRUCT_SPECIAL
4749 
4750 #define MAX_STRUCT_SIZE 4096
4751 
4752 #ifdef CONFIG_FIEMAP
4753 /* So fiemap access checks don't overflow on 32 bit systems.
4754  * This is very slightly smaller than the limit imposed by
4755  * the underlying kernel.
4756  */
4757 #define FIEMAP_MAX_EXTENTS ((UINT_MAX - sizeof(struct fiemap))  \
4758                             / sizeof(struct fiemap_extent))
4759 
4760 static abi_long do_ioctl_fs_ioc_fiemap(const IOCTLEntry *ie, uint8_t *buf_temp,
4761                                        int fd, int cmd, abi_long arg)
4762 {
4763     /* The parameter for this ioctl is a struct fiemap followed
4764      * by an array of struct fiemap_extent whose size is set
4765      * in fiemap->fm_extent_count. The array is filled in by the
4766      * ioctl.
4767      */
4768     int target_size_in, target_size_out;
4769     struct fiemap *fm;
4770     const argtype *arg_type = ie->arg_type;
4771     const argtype extent_arg_type[] = { MK_STRUCT(STRUCT_fiemap_extent) };
4772     void *argptr, *p;
4773     abi_long ret;
4774     int i, extent_size = thunk_type_size(extent_arg_type, 0);
4775     uint32_t outbufsz;
4776     int free_fm = 0;
4777 
4778     assert(arg_type[0] == TYPE_PTR);
4779     assert(ie->access == IOC_RW);
4780     arg_type++;
4781     target_size_in = thunk_type_size(arg_type, 0);
4782     argptr = lock_user(VERIFY_READ, arg, target_size_in, 1);
4783     if (!argptr) {
4784         return -TARGET_EFAULT;
4785     }
4786     thunk_convert(buf_temp, argptr, arg_type, THUNK_HOST);
4787     unlock_user(argptr, arg, 0);
4788     fm = (struct fiemap *)buf_temp;
4789     if (fm->fm_extent_count > FIEMAP_MAX_EXTENTS) {
4790         return -TARGET_EINVAL;
4791     }
4792 
4793     outbufsz = sizeof (*fm) +
4794         (sizeof(struct fiemap_extent) * fm->fm_extent_count);
4795 
4796     if (outbufsz > MAX_STRUCT_SIZE) {
4797         /* We can't fit all the extents into the fixed size buffer.
4798          * Allocate one that is large enough and use it instead.
4799          */
4800         fm = g_try_malloc(outbufsz);
4801         if (!fm) {
4802             return -TARGET_ENOMEM;
4803         }
4804         memcpy(fm, buf_temp, sizeof(struct fiemap));
4805         free_fm = 1;
4806     }
4807     ret = get_errno(safe_ioctl(fd, ie->host_cmd, fm));
4808     if (!is_error(ret)) {
4809         target_size_out = target_size_in;
4810         /* An extent_count of 0 means we were only counting the extents
4811          * so there are no structs to copy
4812          */
4813         if (fm->fm_extent_count != 0) {
4814             target_size_out += fm->fm_mapped_extents * extent_size;
4815         }
4816         argptr = lock_user(VERIFY_WRITE, arg, target_size_out, 0);
4817         if (!argptr) {
4818             ret = -TARGET_EFAULT;
4819         } else {
4820             /* Convert the struct fiemap */
4821             thunk_convert(argptr, fm, arg_type, THUNK_TARGET);
4822             if (fm->fm_extent_count != 0) {
4823                 p = argptr + target_size_in;
4824                 /* ...and then all the struct fiemap_extents */
4825                 for (i = 0; i < fm->fm_mapped_extents; i++) {
4826                     thunk_convert(p, &fm->fm_extents[i], extent_arg_type,
4827                                   THUNK_TARGET);
4828                     p += extent_size;
4829                 }
4830             }
4831             unlock_user(argptr, arg, target_size_out);
4832         }
4833     }
4834     if (free_fm) {
4835         g_free(fm);
4836     }
4837     return ret;
4838 }
4839 #endif
4840 
4841 static abi_long do_ioctl_ifconf(const IOCTLEntry *ie, uint8_t *buf_temp,
4842                                 int fd, int cmd, abi_long arg)
4843 {
4844     const argtype *arg_type = ie->arg_type;
4845     int target_size;
4846     void *argptr;
4847     int ret;
4848     struct ifconf *host_ifconf;
4849     uint32_t outbufsz;
4850     const argtype ifreq_arg_type[] = { MK_STRUCT(STRUCT_sockaddr_ifreq) };
4851     const argtype ifreq_max_type[] = { MK_STRUCT(STRUCT_ifmap_ifreq) };
4852     int target_ifreq_size;
4853     int nb_ifreq;
4854     int free_buf = 0;
4855     int i;
4856     int target_ifc_len;
4857     abi_long target_ifc_buf;
4858     int host_ifc_len;
4859     char *host_ifc_buf;
4860 
4861     assert(arg_type[0] == TYPE_PTR);
4862     assert(ie->access == IOC_RW);
4863 
4864     arg_type++;
4865     target_size = thunk_type_size(arg_type, 0);
4866 
4867     argptr = lock_user(VERIFY_READ, arg, target_size, 1);
4868     if (!argptr)
4869         return -TARGET_EFAULT;
4870     thunk_convert(buf_temp, argptr, arg_type, THUNK_HOST);
4871     unlock_user(argptr, arg, 0);
4872 
4873     host_ifconf = (struct ifconf *)(unsigned long)buf_temp;
4874     target_ifc_buf = (abi_long)(unsigned long)host_ifconf->ifc_buf;
4875     target_ifreq_size = thunk_type_size(ifreq_max_type, 0);
4876 
4877     if (target_ifc_buf != 0) {
4878         target_ifc_len = host_ifconf->ifc_len;
4879         nb_ifreq = target_ifc_len / target_ifreq_size;
4880         host_ifc_len = nb_ifreq * sizeof(struct ifreq);
4881 
4882         outbufsz = sizeof(*host_ifconf) + host_ifc_len;
4883         if (outbufsz > MAX_STRUCT_SIZE) {
4884             /*
4885              * We can't fit all the extents into the fixed size buffer.
4886              * Allocate one that is large enough and use it instead.
4887              */
4888             host_ifconf = g_try_malloc(outbufsz);
4889             if (!host_ifconf) {
4890                 return -TARGET_ENOMEM;
4891             }
4892             memcpy(host_ifconf, buf_temp, sizeof(*host_ifconf));
4893             free_buf = 1;
4894         }
4895         host_ifc_buf = (char *)host_ifconf + sizeof(*host_ifconf);
4896 
4897         host_ifconf->ifc_len = host_ifc_len;
4898     } else {
4899       host_ifc_buf = NULL;
4900     }
4901     host_ifconf->ifc_buf = host_ifc_buf;
4902 
4903     ret = get_errno(safe_ioctl(fd, ie->host_cmd, host_ifconf));
4904     if (!is_error(ret)) {
4905 	/* convert host ifc_len to target ifc_len */
4906 
4907         nb_ifreq = host_ifconf->ifc_len / sizeof(struct ifreq);
4908         target_ifc_len = nb_ifreq * target_ifreq_size;
4909         host_ifconf->ifc_len = target_ifc_len;
4910 
4911 	/* restore target ifc_buf */
4912 
4913         host_ifconf->ifc_buf = (char *)(unsigned long)target_ifc_buf;
4914 
4915 	/* copy struct ifconf to target user */
4916 
4917         argptr = lock_user(VERIFY_WRITE, arg, target_size, 0);
4918         if (!argptr)
4919             return -TARGET_EFAULT;
4920         thunk_convert(argptr, host_ifconf, arg_type, THUNK_TARGET);
4921         unlock_user(argptr, arg, target_size);
4922 
4923         if (target_ifc_buf != 0) {
4924             /* copy ifreq[] to target user */
4925             argptr = lock_user(VERIFY_WRITE, target_ifc_buf, target_ifc_len, 0);
4926             for (i = 0; i < nb_ifreq ; i++) {
4927                 thunk_convert(argptr + i * target_ifreq_size,
4928                               host_ifc_buf + i * sizeof(struct ifreq),
4929                               ifreq_arg_type, THUNK_TARGET);
4930             }
4931             unlock_user(argptr, target_ifc_buf, target_ifc_len);
4932         }
4933     }
4934 
4935     if (free_buf) {
4936         g_free(host_ifconf);
4937     }
4938 
4939     return ret;
4940 }
4941 
4942 #if defined(CONFIG_USBFS)
4943 #if HOST_LONG_BITS > 64
4944 #error USBDEVFS thunks do not support >64 bit hosts yet.
4945 #endif
4946 struct live_urb {
4947     uint64_t target_urb_adr;
4948     uint64_t target_buf_adr;
4949     char *target_buf_ptr;
4950     struct usbdevfs_urb host_urb;
4951 };
4952 
4953 static GHashTable *usbdevfs_urb_hashtable(void)
4954 {
4955     static GHashTable *urb_hashtable;
4956 
4957     if (!urb_hashtable) {
4958         urb_hashtable = g_hash_table_new(g_int64_hash, g_int64_equal);
4959     }
4960     return urb_hashtable;
4961 }
4962 
4963 static void urb_hashtable_insert(struct live_urb *urb)
4964 {
4965     GHashTable *urb_hashtable = usbdevfs_urb_hashtable();
4966     g_hash_table_insert(urb_hashtable, urb, urb);
4967 }
4968 
4969 static struct live_urb *urb_hashtable_lookup(uint64_t target_urb_adr)
4970 {
4971     GHashTable *urb_hashtable = usbdevfs_urb_hashtable();
4972     return g_hash_table_lookup(urb_hashtable, &target_urb_adr);
4973 }
4974 
4975 static void urb_hashtable_remove(struct live_urb *urb)
4976 {
4977     GHashTable *urb_hashtable = usbdevfs_urb_hashtable();
4978     g_hash_table_remove(urb_hashtable, urb);
4979 }
4980 
4981 static abi_long
4982 do_ioctl_usbdevfs_reapurb(const IOCTLEntry *ie, uint8_t *buf_temp,
4983                           int fd, int cmd, abi_long arg)
4984 {
4985     const argtype usbfsurb_arg_type[] = { MK_STRUCT(STRUCT_usbdevfs_urb) };
4986     const argtype ptrvoid_arg_type[] = { TYPE_PTRVOID, 0, 0 };
4987     struct live_urb *lurb;
4988     void *argptr;
4989     uint64_t hurb;
4990     int target_size;
4991     uintptr_t target_urb_adr;
4992     abi_long ret;
4993 
4994     target_size = thunk_type_size(usbfsurb_arg_type, THUNK_TARGET);
4995 
4996     memset(buf_temp, 0, sizeof(uint64_t));
4997     ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp));
4998     if (is_error(ret)) {
4999         return ret;
5000     }
5001 
5002     memcpy(&hurb, buf_temp, sizeof(uint64_t));
5003     lurb = (void *)((uintptr_t)hurb - offsetof(struct live_urb, host_urb));
5004     if (!lurb->target_urb_adr) {
5005         return -TARGET_EFAULT;
5006     }
5007     urb_hashtable_remove(lurb);
5008     unlock_user(lurb->target_buf_ptr, lurb->target_buf_adr,
5009         lurb->host_urb.buffer_length);
5010     lurb->target_buf_ptr = NULL;
5011 
5012     /* restore the guest buffer pointer */
5013     lurb->host_urb.buffer = (void *)(uintptr_t)lurb->target_buf_adr;
5014 
5015     /* update the guest urb struct */
5016     argptr = lock_user(VERIFY_WRITE, lurb->target_urb_adr, target_size, 0);
5017     if (!argptr) {
5018         g_free(lurb);
5019         return -TARGET_EFAULT;
5020     }
5021     thunk_convert(argptr, &lurb->host_urb, usbfsurb_arg_type, THUNK_TARGET);
5022     unlock_user(argptr, lurb->target_urb_adr, target_size);
5023 
5024     target_size = thunk_type_size(ptrvoid_arg_type, THUNK_TARGET);
5025     /* write back the urb handle */
5026     argptr = lock_user(VERIFY_WRITE, arg, target_size, 0);
5027     if (!argptr) {
5028         g_free(lurb);
5029         return -TARGET_EFAULT;
5030     }
5031 
5032     /* GHashTable uses 64-bit keys but thunk_convert expects uintptr_t */
5033     target_urb_adr = lurb->target_urb_adr;
5034     thunk_convert(argptr, &target_urb_adr, ptrvoid_arg_type, THUNK_TARGET);
5035     unlock_user(argptr, arg, target_size);
5036 
5037     g_free(lurb);
5038     return ret;
5039 }
5040 
5041 static abi_long
5042 do_ioctl_usbdevfs_discardurb(const IOCTLEntry *ie,
5043                              uint8_t *buf_temp __attribute__((unused)),
5044                              int fd, int cmd, abi_long arg)
5045 {
5046     struct live_urb *lurb;
5047 
5048     /* map target address back to host URB with metadata. */
5049     lurb = urb_hashtable_lookup(arg);
5050     if (!lurb) {
5051         return -TARGET_EFAULT;
5052     }
5053     return get_errno(safe_ioctl(fd, ie->host_cmd, &lurb->host_urb));
5054 }
5055 
5056 static abi_long
5057 do_ioctl_usbdevfs_submiturb(const IOCTLEntry *ie, uint8_t *buf_temp,
5058                             int fd, int cmd, abi_long arg)
5059 {
5060     const argtype *arg_type = ie->arg_type;
5061     int target_size;
5062     abi_long ret;
5063     void *argptr;
5064     int rw_dir;
5065     struct live_urb *lurb;
5066 
5067     /*
5068      * each submitted URB needs to map to a unique ID for the
5069      * kernel, and that unique ID needs to be a pointer to
5070      * host memory.  hence, we need to malloc for each URB.
5071      * isochronous transfers have a variable length struct.
5072      */
5073     arg_type++;
5074     target_size = thunk_type_size(arg_type, THUNK_TARGET);
5075 
5076     /* construct host copy of urb and metadata */
5077     lurb = g_try_new0(struct live_urb, 1);
5078     if (!lurb) {
5079         return -TARGET_ENOMEM;
5080     }
5081 
5082     argptr = lock_user(VERIFY_READ, arg, target_size, 1);
5083     if (!argptr) {
5084         g_free(lurb);
5085         return -TARGET_EFAULT;
5086     }
5087     thunk_convert(&lurb->host_urb, argptr, arg_type, THUNK_HOST);
5088     unlock_user(argptr, arg, 0);
5089 
5090     lurb->target_urb_adr = arg;
5091     lurb->target_buf_adr = (uintptr_t)lurb->host_urb.buffer;
5092 
5093     /* buffer space used depends on endpoint type so lock the entire buffer */
5094     /* control type urbs should check the buffer contents for true direction */
5095     rw_dir = lurb->host_urb.endpoint & USB_DIR_IN ? VERIFY_WRITE : VERIFY_READ;
5096     lurb->target_buf_ptr = lock_user(rw_dir, lurb->target_buf_adr,
5097         lurb->host_urb.buffer_length, 1);
5098     if (lurb->target_buf_ptr == NULL) {
5099         g_free(lurb);
5100         return -TARGET_EFAULT;
5101     }
5102 
5103     /* update buffer pointer in host copy */
5104     lurb->host_urb.buffer = lurb->target_buf_ptr;
5105 
5106     ret = get_errno(safe_ioctl(fd, ie->host_cmd, &lurb->host_urb));
5107     if (is_error(ret)) {
5108         unlock_user(lurb->target_buf_ptr, lurb->target_buf_adr, 0);
5109         g_free(lurb);
5110     } else {
5111         urb_hashtable_insert(lurb);
5112     }
5113 
5114     return ret;
5115 }
5116 #endif /* CONFIG_USBFS */
5117 
5118 static abi_long do_ioctl_dm(const IOCTLEntry *ie, uint8_t *buf_temp, int fd,
5119                             int cmd, abi_long arg)
5120 {
5121     void *argptr;
5122     struct dm_ioctl *host_dm;
5123     abi_long guest_data;
5124     uint32_t guest_data_size;
5125     int target_size;
5126     const argtype *arg_type = ie->arg_type;
5127     abi_long ret;
5128     void *big_buf = NULL;
5129     char *host_data;
5130 
5131     arg_type++;
5132     target_size = thunk_type_size(arg_type, 0);
5133     argptr = lock_user(VERIFY_READ, arg, target_size, 1);
5134     if (!argptr) {
5135         ret = -TARGET_EFAULT;
5136         goto out;
5137     }
5138     thunk_convert(buf_temp, argptr, arg_type, THUNK_HOST);
5139     unlock_user(argptr, arg, 0);
5140 
5141     /* buf_temp is too small, so fetch things into a bigger buffer */
5142     big_buf = g_malloc0(((struct dm_ioctl*)buf_temp)->data_size * 2);
5143     memcpy(big_buf, buf_temp, target_size);
5144     buf_temp = big_buf;
5145     host_dm = big_buf;
5146 
5147     guest_data = arg + host_dm->data_start;
5148     if ((guest_data - arg) < 0) {
5149         ret = -TARGET_EINVAL;
5150         goto out;
5151     }
5152     guest_data_size = host_dm->data_size - host_dm->data_start;
5153     host_data = (char*)host_dm + host_dm->data_start;
5154 
5155     argptr = lock_user(VERIFY_READ, guest_data, guest_data_size, 1);
5156     if (!argptr) {
5157         ret = -TARGET_EFAULT;
5158         goto out;
5159     }
5160 
5161     switch (ie->host_cmd) {
5162     case DM_REMOVE_ALL:
5163     case DM_LIST_DEVICES:
5164     case DM_DEV_CREATE:
5165     case DM_DEV_REMOVE:
5166     case DM_DEV_SUSPEND:
5167     case DM_DEV_STATUS:
5168     case DM_DEV_WAIT:
5169     case DM_TABLE_STATUS:
5170     case DM_TABLE_CLEAR:
5171     case DM_TABLE_DEPS:
5172     case DM_LIST_VERSIONS:
5173         /* no input data */
5174         break;
5175     case DM_DEV_RENAME:
5176     case DM_DEV_SET_GEOMETRY:
5177         /* data contains only strings */
5178         memcpy(host_data, argptr, guest_data_size);
5179         break;
5180     case DM_TARGET_MSG:
5181         memcpy(host_data, argptr, guest_data_size);
5182         *(uint64_t*)host_data = tswap64(*(uint64_t*)argptr);
5183         break;
5184     case DM_TABLE_LOAD:
5185     {
5186         void *gspec = argptr;
5187         void *cur_data = host_data;
5188         const argtype arg_type[] = { MK_STRUCT(STRUCT_dm_target_spec) };
5189         int spec_size = thunk_type_size(arg_type, 0);
5190         int i;
5191 
5192         for (i = 0; i < host_dm->target_count; i++) {
5193             struct dm_target_spec *spec = cur_data;
5194             uint32_t next;
5195             int slen;
5196 
5197             thunk_convert(spec, gspec, arg_type, THUNK_HOST);
5198             slen = strlen((char*)gspec + spec_size) + 1;
5199             next = spec->next;
5200             spec->next = sizeof(*spec) + slen;
5201             strcpy((char*)&spec[1], gspec + spec_size);
5202             gspec += next;
5203             cur_data += spec->next;
5204         }
5205         break;
5206     }
5207     default:
5208         ret = -TARGET_EINVAL;
5209         unlock_user(argptr, guest_data, 0);
5210         goto out;
5211     }
5212     unlock_user(argptr, guest_data, 0);
5213 
5214     ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp));
5215     if (!is_error(ret)) {
5216         guest_data = arg + host_dm->data_start;
5217         guest_data_size = host_dm->data_size - host_dm->data_start;
5218         argptr = lock_user(VERIFY_WRITE, guest_data, guest_data_size, 0);
5219         switch (ie->host_cmd) {
5220         case DM_REMOVE_ALL:
5221         case DM_DEV_CREATE:
5222         case DM_DEV_REMOVE:
5223         case DM_DEV_RENAME:
5224         case DM_DEV_SUSPEND:
5225         case DM_DEV_STATUS:
5226         case DM_TABLE_LOAD:
5227         case DM_TABLE_CLEAR:
5228         case DM_TARGET_MSG:
5229         case DM_DEV_SET_GEOMETRY:
5230             /* no return data */
5231             break;
5232         case DM_LIST_DEVICES:
5233         {
5234             struct dm_name_list *nl = (void*)host_dm + host_dm->data_start;
5235             uint32_t remaining_data = guest_data_size;
5236             void *cur_data = argptr;
5237             const argtype arg_type[] = { MK_STRUCT(STRUCT_dm_name_list) };
5238             int nl_size = 12; /* can't use thunk_size due to alignment */
5239 
5240             while (1) {
5241                 uint32_t next = nl->next;
5242                 if (next) {
5243                     nl->next = nl_size + (strlen(nl->name) + 1);
5244                 }
5245                 if (remaining_data < nl->next) {
5246                     host_dm->flags |= DM_BUFFER_FULL_FLAG;
5247                     break;
5248                 }
5249                 thunk_convert(cur_data, nl, arg_type, THUNK_TARGET);
5250                 strcpy(cur_data + nl_size, nl->name);
5251                 cur_data += nl->next;
5252                 remaining_data -= nl->next;
5253                 if (!next) {
5254                     break;
5255                 }
5256                 nl = (void*)nl + next;
5257             }
5258             break;
5259         }
5260         case DM_DEV_WAIT:
5261         case DM_TABLE_STATUS:
5262         {
5263             struct dm_target_spec *spec = (void*)host_dm + host_dm->data_start;
5264             void *cur_data = argptr;
5265             const argtype arg_type[] = { MK_STRUCT(STRUCT_dm_target_spec) };
5266             int spec_size = thunk_type_size(arg_type, 0);
5267             int i;
5268 
5269             for (i = 0; i < host_dm->target_count; i++) {
5270                 uint32_t next = spec->next;
5271                 int slen = strlen((char*)&spec[1]) + 1;
5272                 spec->next = (cur_data - argptr) + spec_size + slen;
5273                 if (guest_data_size < spec->next) {
5274                     host_dm->flags |= DM_BUFFER_FULL_FLAG;
5275                     break;
5276                 }
5277                 thunk_convert(cur_data, spec, arg_type, THUNK_TARGET);
5278                 strcpy(cur_data + spec_size, (char*)&spec[1]);
5279                 cur_data = argptr + spec->next;
5280                 spec = (void*)host_dm + host_dm->data_start + next;
5281             }
5282             break;
5283         }
5284         case DM_TABLE_DEPS:
5285         {
5286             void *hdata = (void*)host_dm + host_dm->data_start;
5287             int count = *(uint32_t*)hdata;
5288             uint64_t *hdev = hdata + 8;
5289             uint64_t *gdev = argptr + 8;
5290             int i;
5291 
5292             *(uint32_t*)argptr = tswap32(count);
5293             for (i = 0; i < count; i++) {
5294                 *gdev = tswap64(*hdev);
5295                 gdev++;
5296                 hdev++;
5297             }
5298             break;
5299         }
5300         case DM_LIST_VERSIONS:
5301         {
5302             struct dm_target_versions *vers = (void*)host_dm + host_dm->data_start;
5303             uint32_t remaining_data = guest_data_size;
5304             void *cur_data = argptr;
5305             const argtype arg_type[] = { MK_STRUCT(STRUCT_dm_target_versions) };
5306             int vers_size = thunk_type_size(arg_type, 0);
5307 
5308             while (1) {
5309                 uint32_t next = vers->next;
5310                 if (next) {
5311                     vers->next = vers_size + (strlen(vers->name) + 1);
5312                 }
5313                 if (remaining_data < vers->next) {
5314                     host_dm->flags |= DM_BUFFER_FULL_FLAG;
5315                     break;
5316                 }
5317                 thunk_convert(cur_data, vers, arg_type, THUNK_TARGET);
5318                 strcpy(cur_data + vers_size, vers->name);
5319                 cur_data += vers->next;
5320                 remaining_data -= vers->next;
5321                 if (!next) {
5322                     break;
5323                 }
5324                 vers = (void*)vers + next;
5325             }
5326             break;
5327         }
5328         default:
5329             unlock_user(argptr, guest_data, 0);
5330             ret = -TARGET_EINVAL;
5331             goto out;
5332         }
5333         unlock_user(argptr, guest_data, guest_data_size);
5334 
5335         argptr = lock_user(VERIFY_WRITE, arg, target_size, 0);
5336         if (!argptr) {
5337             ret = -TARGET_EFAULT;
5338             goto out;
5339         }
5340         thunk_convert(argptr, buf_temp, arg_type, THUNK_TARGET);
5341         unlock_user(argptr, arg, target_size);
5342     }
5343 out:
5344     g_free(big_buf);
5345     return ret;
5346 }
5347 
5348 static abi_long do_ioctl_blkpg(const IOCTLEntry *ie, uint8_t *buf_temp, int fd,
5349                                int cmd, abi_long arg)
5350 {
5351     void *argptr;
5352     int target_size;
5353     const argtype *arg_type = ie->arg_type;
5354     const argtype part_arg_type[] = { MK_STRUCT(STRUCT_blkpg_partition) };
5355     abi_long ret;
5356 
5357     struct blkpg_ioctl_arg *host_blkpg = (void*)buf_temp;
5358     struct blkpg_partition host_part;
5359 
5360     /* Read and convert blkpg */
5361     arg_type++;
5362     target_size = thunk_type_size(arg_type, 0);
5363     argptr = lock_user(VERIFY_READ, arg, target_size, 1);
5364     if (!argptr) {
5365         ret = -TARGET_EFAULT;
5366         goto out;
5367     }
5368     thunk_convert(buf_temp, argptr, arg_type, THUNK_HOST);
5369     unlock_user(argptr, arg, 0);
5370 
5371     switch (host_blkpg->op) {
5372     case BLKPG_ADD_PARTITION:
5373     case BLKPG_DEL_PARTITION:
5374         /* payload is struct blkpg_partition */
5375         break;
5376     default:
5377         /* Unknown opcode */
5378         ret = -TARGET_EINVAL;
5379         goto out;
5380     }
5381 
5382     /* Read and convert blkpg->data */
5383     arg = (abi_long)(uintptr_t)host_blkpg->data;
5384     target_size = thunk_type_size(part_arg_type, 0);
5385     argptr = lock_user(VERIFY_READ, arg, target_size, 1);
5386     if (!argptr) {
5387         ret = -TARGET_EFAULT;
5388         goto out;
5389     }
5390     thunk_convert(&host_part, argptr, part_arg_type, THUNK_HOST);
5391     unlock_user(argptr, arg, 0);
5392 
5393     /* Swizzle the data pointer to our local copy and call! */
5394     host_blkpg->data = &host_part;
5395     ret = get_errno(safe_ioctl(fd, ie->host_cmd, host_blkpg));
5396 
5397 out:
5398     return ret;
5399 }
5400 
5401 static abi_long do_ioctl_rt(const IOCTLEntry *ie, uint8_t *buf_temp,
5402                                 int fd, int cmd, abi_long arg)
5403 {
5404     const argtype *arg_type = ie->arg_type;
5405     const StructEntry *se;
5406     const argtype *field_types;
5407     const int *dst_offsets, *src_offsets;
5408     int target_size;
5409     void *argptr;
5410     abi_ulong *target_rt_dev_ptr = NULL;
5411     unsigned long *host_rt_dev_ptr = NULL;
5412     abi_long ret;
5413     int i;
5414 
5415     assert(ie->access == IOC_W);
5416     assert(*arg_type == TYPE_PTR);
5417     arg_type++;
5418     assert(*arg_type == TYPE_STRUCT);
5419     target_size = thunk_type_size(arg_type, 0);
5420     argptr = lock_user(VERIFY_READ, arg, target_size, 1);
5421     if (!argptr) {
5422         return -TARGET_EFAULT;
5423     }
5424     arg_type++;
5425     assert(*arg_type == (int)STRUCT_rtentry);
5426     se = struct_entries + *arg_type++;
5427     assert(se->convert[0] == NULL);
5428     /* convert struct here to be able to catch rt_dev string */
5429     field_types = se->field_types;
5430     dst_offsets = se->field_offsets[THUNK_HOST];
5431     src_offsets = se->field_offsets[THUNK_TARGET];
5432     for (i = 0; i < se->nb_fields; i++) {
5433         if (dst_offsets[i] == offsetof(struct rtentry, rt_dev)) {
5434             assert(*field_types == TYPE_PTRVOID);
5435             target_rt_dev_ptr = argptr + src_offsets[i];
5436             host_rt_dev_ptr = (unsigned long *)(buf_temp + dst_offsets[i]);
5437             if (*target_rt_dev_ptr != 0) {
5438                 *host_rt_dev_ptr = (unsigned long)lock_user_string(
5439                                                   tswapal(*target_rt_dev_ptr));
5440                 if (!*host_rt_dev_ptr) {
5441                     unlock_user(argptr, arg, 0);
5442                     return -TARGET_EFAULT;
5443                 }
5444             } else {
5445                 *host_rt_dev_ptr = 0;
5446             }
5447             field_types++;
5448             continue;
5449         }
5450         field_types = thunk_convert(buf_temp + dst_offsets[i],
5451                                     argptr + src_offsets[i],
5452                                     field_types, THUNK_HOST);
5453     }
5454     unlock_user(argptr, arg, 0);
5455 
5456     ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp));
5457 
5458     assert(host_rt_dev_ptr != NULL);
5459     assert(target_rt_dev_ptr != NULL);
5460     if (*host_rt_dev_ptr != 0) {
5461         unlock_user((void *)*host_rt_dev_ptr,
5462                     *target_rt_dev_ptr, 0);
5463     }
5464     return ret;
5465 }
5466 
5467 static abi_long do_ioctl_kdsigaccept(const IOCTLEntry *ie, uint8_t *buf_temp,
5468                                      int fd, int cmd, abi_long arg)
5469 {
5470     int sig = target_to_host_signal(arg);
5471     return get_errno(safe_ioctl(fd, ie->host_cmd, sig));
5472 }
5473 
5474 static abi_long do_ioctl_SIOCGSTAMP(const IOCTLEntry *ie, uint8_t *buf_temp,
5475                                     int fd, int cmd, abi_long arg)
5476 {
5477     struct timeval tv;
5478     abi_long ret;
5479 
5480     ret = get_errno(safe_ioctl(fd, SIOCGSTAMP, &tv));
5481     if (is_error(ret)) {
5482         return ret;
5483     }
5484 
5485     if (cmd == (int)TARGET_SIOCGSTAMP_OLD) {
5486         if (copy_to_user_timeval(arg, &tv)) {
5487             return -TARGET_EFAULT;
5488         }
5489     } else {
5490         if (copy_to_user_timeval64(arg, &tv)) {
5491             return -TARGET_EFAULT;
5492         }
5493     }
5494 
5495     return ret;
5496 }
5497 
5498 static abi_long do_ioctl_SIOCGSTAMPNS(const IOCTLEntry *ie, uint8_t *buf_temp,
5499                                       int fd, int cmd, abi_long arg)
5500 {
5501     struct timespec ts;
5502     abi_long ret;
5503 
5504     ret = get_errno(safe_ioctl(fd, SIOCGSTAMPNS, &ts));
5505     if (is_error(ret)) {
5506         return ret;
5507     }
5508 
5509     if (cmd == (int)TARGET_SIOCGSTAMPNS_OLD) {
5510         if (host_to_target_timespec(arg, &ts)) {
5511             return -TARGET_EFAULT;
5512         }
5513     } else{
5514         if (host_to_target_timespec64(arg, &ts)) {
5515             return -TARGET_EFAULT;
5516         }
5517     }
5518 
5519     return ret;
5520 }
5521 
5522 #ifdef TIOCGPTPEER
5523 static abi_long do_ioctl_tiocgptpeer(const IOCTLEntry *ie, uint8_t *buf_temp,
5524                                      int fd, int cmd, abi_long arg)
5525 {
5526     int flags = target_to_host_bitmask(arg, fcntl_flags_tbl);
5527     return get_errno(safe_ioctl(fd, ie->host_cmd, flags));
5528 }
5529 #endif
5530 
5531 #ifdef HAVE_DRM_H
5532 
5533 static void unlock_drm_version(struct drm_version *host_ver,
5534                                struct target_drm_version *target_ver,
5535                                bool copy)
5536 {
5537     unlock_user(host_ver->name, target_ver->name,
5538                                 copy ? host_ver->name_len : 0);
5539     unlock_user(host_ver->date, target_ver->date,
5540                                 copy ? host_ver->date_len : 0);
5541     unlock_user(host_ver->desc, target_ver->desc,
5542                                 copy ? host_ver->desc_len : 0);
5543 }
5544 
5545 static inline abi_long target_to_host_drmversion(struct drm_version *host_ver,
5546                                           struct target_drm_version *target_ver)
5547 {
5548     memset(host_ver, 0, sizeof(*host_ver));
5549 
5550     __get_user(host_ver->name_len, &target_ver->name_len);
5551     if (host_ver->name_len) {
5552         host_ver->name = lock_user(VERIFY_WRITE, target_ver->name,
5553                                    target_ver->name_len, 0);
5554         if (!host_ver->name) {
5555             return -EFAULT;
5556         }
5557     }
5558 
5559     __get_user(host_ver->date_len, &target_ver->date_len);
5560     if (host_ver->date_len) {
5561         host_ver->date = lock_user(VERIFY_WRITE, target_ver->date,
5562                                    target_ver->date_len, 0);
5563         if (!host_ver->date) {
5564             goto err;
5565         }
5566     }
5567 
5568     __get_user(host_ver->desc_len, &target_ver->desc_len);
5569     if (host_ver->desc_len) {
5570         host_ver->desc = lock_user(VERIFY_WRITE, target_ver->desc,
5571                                    target_ver->desc_len, 0);
5572         if (!host_ver->desc) {
5573             goto err;
5574         }
5575     }
5576 
5577     return 0;
5578 err:
5579     unlock_drm_version(host_ver, target_ver, false);
5580     return -EFAULT;
5581 }
5582 
5583 static inline void host_to_target_drmversion(
5584                                           struct target_drm_version *target_ver,
5585                                           struct drm_version *host_ver)
5586 {
5587     __put_user(host_ver->version_major, &target_ver->version_major);
5588     __put_user(host_ver->version_minor, &target_ver->version_minor);
5589     __put_user(host_ver->version_patchlevel, &target_ver->version_patchlevel);
5590     __put_user(host_ver->name_len, &target_ver->name_len);
5591     __put_user(host_ver->date_len, &target_ver->date_len);
5592     __put_user(host_ver->desc_len, &target_ver->desc_len);
5593     unlock_drm_version(host_ver, target_ver, true);
5594 }
5595 
5596 static abi_long do_ioctl_drm(const IOCTLEntry *ie, uint8_t *buf_temp,
5597                              int fd, int cmd, abi_long arg)
5598 {
5599     struct drm_version *ver;
5600     struct target_drm_version *target_ver;
5601     abi_long ret;
5602 
5603     switch (ie->host_cmd) {
5604     case DRM_IOCTL_VERSION:
5605         if (!lock_user_struct(VERIFY_WRITE, target_ver, arg, 0)) {
5606             return -TARGET_EFAULT;
5607         }
5608         ver = (struct drm_version *)buf_temp;
5609         ret = target_to_host_drmversion(ver, target_ver);
5610         if (!is_error(ret)) {
5611             ret = get_errno(safe_ioctl(fd, ie->host_cmd, ver));
5612             if (is_error(ret)) {
5613                 unlock_drm_version(ver, target_ver, false);
5614             } else {
5615                 host_to_target_drmversion(target_ver, ver);
5616             }
5617         }
5618         unlock_user_struct(target_ver, arg, 0);
5619         return ret;
5620     }
5621     return -TARGET_ENOSYS;
5622 }
5623 
5624 static abi_long do_ioctl_drm_i915_getparam(const IOCTLEntry *ie,
5625                                            struct drm_i915_getparam *gparam,
5626                                            int fd, abi_long arg)
5627 {
5628     abi_long ret;
5629     int value;
5630     struct target_drm_i915_getparam *target_gparam;
5631 
5632     if (!lock_user_struct(VERIFY_READ, target_gparam, arg, 0)) {
5633         return -TARGET_EFAULT;
5634     }
5635 
5636     __get_user(gparam->param, &target_gparam->param);
5637     gparam->value = &value;
5638     ret = get_errno(safe_ioctl(fd, ie->host_cmd, gparam));
5639     put_user_s32(value, target_gparam->value);
5640 
5641     unlock_user_struct(target_gparam, arg, 0);
5642     return ret;
5643 }
5644 
5645 static abi_long do_ioctl_drm_i915(const IOCTLEntry *ie, uint8_t *buf_temp,
5646                                   int fd, int cmd, abi_long arg)
5647 {
5648     switch (ie->host_cmd) {
5649     case DRM_IOCTL_I915_GETPARAM:
5650         return do_ioctl_drm_i915_getparam(ie,
5651                                           (struct drm_i915_getparam *)buf_temp,
5652                                           fd, arg);
5653     default:
5654         return -TARGET_ENOSYS;
5655     }
5656 }
5657 
5658 #endif
5659 
5660 static abi_long do_ioctl_TUNSETTXFILTER(const IOCTLEntry *ie, uint8_t *buf_temp,
5661                                         int fd, int cmd, abi_long arg)
5662 {
5663     struct tun_filter *filter = (struct tun_filter *)buf_temp;
5664     struct tun_filter *target_filter;
5665     char *target_addr;
5666 
5667     assert(ie->access == IOC_W);
5668 
5669     target_filter = lock_user(VERIFY_READ, arg, sizeof(*target_filter), 1);
5670     if (!target_filter) {
5671         return -TARGET_EFAULT;
5672     }
5673     filter->flags = tswap16(target_filter->flags);
5674     filter->count = tswap16(target_filter->count);
5675     unlock_user(target_filter, arg, 0);
5676 
5677     if (filter->count) {
5678         if (offsetof(struct tun_filter, addr) + filter->count * ETH_ALEN >
5679             MAX_STRUCT_SIZE) {
5680             return -TARGET_EFAULT;
5681         }
5682 
5683         target_addr = lock_user(VERIFY_READ,
5684                                 arg + offsetof(struct tun_filter, addr),
5685                                 filter->count * ETH_ALEN, 1);
5686         if (!target_addr) {
5687             return -TARGET_EFAULT;
5688         }
5689         memcpy(filter->addr, target_addr, filter->count * ETH_ALEN);
5690         unlock_user(target_addr, arg + offsetof(struct tun_filter, addr), 0);
5691     }
5692 
5693     return get_errno(safe_ioctl(fd, ie->host_cmd, filter));
5694 }
5695 
5696 IOCTLEntry ioctl_entries[] = {
5697 #define IOCTL(cmd, access, ...) \
5698     { TARGET_ ## cmd, cmd, #cmd, access, 0, {  __VA_ARGS__ } },
5699 #define IOCTL_SPECIAL(cmd, access, dofn, ...)                      \
5700     { TARGET_ ## cmd, cmd, #cmd, access, dofn, {  __VA_ARGS__ } },
5701 #define IOCTL_IGNORE(cmd) \
5702     { TARGET_ ## cmd, 0, #cmd },
5703 #include "ioctls.h"
5704     { 0, 0, },
5705 };
5706 
5707 /* ??? Implement proper locking for ioctls.  */
5708 /* do_ioctl() Must return target values and target errnos. */
5709 static abi_long do_ioctl(int fd, int cmd, abi_long arg)
5710 {
5711     const IOCTLEntry *ie;
5712     const argtype *arg_type;
5713     abi_long ret;
5714     uint8_t buf_temp[MAX_STRUCT_SIZE];
5715     int target_size;
5716     void *argptr;
5717 
5718     ie = ioctl_entries;
5719     for(;;) {
5720         if (ie->target_cmd == 0) {
5721             qemu_log_mask(
5722                 LOG_UNIMP, "Unsupported ioctl: cmd=0x%04lx\n", (long)cmd);
5723             return -TARGET_ENOTTY;
5724         }
5725         if (ie->target_cmd == cmd)
5726             break;
5727         ie++;
5728     }
5729     arg_type = ie->arg_type;
5730     if (ie->do_ioctl) {
5731         return ie->do_ioctl(ie, buf_temp, fd, cmd, arg);
5732     } else if (!ie->host_cmd) {
5733         /* Some architectures define BSD ioctls in their headers
5734            that are not implemented in Linux.  */
5735         return -TARGET_ENOTTY;
5736     }
5737 
5738     switch(arg_type[0]) {
5739     case TYPE_NULL:
5740         /* no argument */
5741         ret = get_errno(safe_ioctl(fd, ie->host_cmd));
5742         break;
5743     case TYPE_PTRVOID:
5744     case TYPE_INT:
5745     case TYPE_LONG:
5746     case TYPE_ULONG:
5747         ret = get_errno(safe_ioctl(fd, ie->host_cmd, arg));
5748         break;
5749     case TYPE_PTR:
5750         arg_type++;
5751         target_size = thunk_type_size(arg_type, 0);
5752         switch(ie->access) {
5753         case IOC_R:
5754             ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp));
5755             if (!is_error(ret)) {
5756                 argptr = lock_user(VERIFY_WRITE, arg, target_size, 0);
5757                 if (!argptr)
5758                     return -TARGET_EFAULT;
5759                 thunk_convert(argptr, buf_temp, arg_type, THUNK_TARGET);
5760                 unlock_user(argptr, arg, target_size);
5761             }
5762             break;
5763         case IOC_W:
5764             argptr = lock_user(VERIFY_READ, arg, target_size, 1);
5765             if (!argptr)
5766                 return -TARGET_EFAULT;
5767             thunk_convert(buf_temp, argptr, arg_type, THUNK_HOST);
5768             unlock_user(argptr, arg, 0);
5769             ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp));
5770             break;
5771         default:
5772         case IOC_RW:
5773             argptr = lock_user(VERIFY_READ, arg, target_size, 1);
5774             if (!argptr)
5775                 return -TARGET_EFAULT;
5776             thunk_convert(buf_temp, argptr, arg_type, THUNK_HOST);
5777             unlock_user(argptr, arg, 0);
5778             ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp));
5779             if (!is_error(ret)) {
5780                 argptr = lock_user(VERIFY_WRITE, arg, target_size, 0);
5781                 if (!argptr)
5782                     return -TARGET_EFAULT;
5783                 thunk_convert(argptr, buf_temp, arg_type, THUNK_TARGET);
5784                 unlock_user(argptr, arg, target_size);
5785             }
5786             break;
5787         }
5788         break;
5789     default:
5790         qemu_log_mask(LOG_UNIMP,
5791                       "Unsupported ioctl type: cmd=0x%04lx type=%d\n",
5792                       (long)cmd, arg_type[0]);
5793         ret = -TARGET_ENOTTY;
5794         break;
5795     }
5796     return ret;
5797 }
5798 
5799 static const bitmask_transtbl iflag_tbl[] = {
5800         { TARGET_IGNBRK, TARGET_IGNBRK, IGNBRK, IGNBRK },
5801         { TARGET_BRKINT, TARGET_BRKINT, BRKINT, BRKINT },
5802         { TARGET_IGNPAR, TARGET_IGNPAR, IGNPAR, IGNPAR },
5803         { TARGET_PARMRK, TARGET_PARMRK, PARMRK, PARMRK },
5804         { TARGET_INPCK, TARGET_INPCK, INPCK, INPCK },
5805         { TARGET_ISTRIP, TARGET_ISTRIP, ISTRIP, ISTRIP },
5806         { TARGET_INLCR, TARGET_INLCR, INLCR, INLCR },
5807         { TARGET_IGNCR, TARGET_IGNCR, IGNCR, IGNCR },
5808         { TARGET_ICRNL, TARGET_ICRNL, ICRNL, ICRNL },
5809         { TARGET_IUCLC, TARGET_IUCLC, IUCLC, IUCLC },
5810         { TARGET_IXON, TARGET_IXON, IXON, IXON },
5811         { TARGET_IXANY, TARGET_IXANY, IXANY, IXANY },
5812         { TARGET_IXOFF, TARGET_IXOFF, IXOFF, IXOFF },
5813         { TARGET_IMAXBEL, TARGET_IMAXBEL, IMAXBEL, IMAXBEL },
5814         { TARGET_IUTF8, TARGET_IUTF8, IUTF8, IUTF8},
5815 };
5816 
5817 static const bitmask_transtbl oflag_tbl[] = {
5818 	{ TARGET_OPOST, TARGET_OPOST, OPOST, OPOST },
5819 	{ TARGET_OLCUC, TARGET_OLCUC, OLCUC, OLCUC },
5820 	{ TARGET_ONLCR, TARGET_ONLCR, ONLCR, ONLCR },
5821 	{ TARGET_OCRNL, TARGET_OCRNL, OCRNL, OCRNL },
5822 	{ TARGET_ONOCR, TARGET_ONOCR, ONOCR, ONOCR },
5823 	{ TARGET_ONLRET, TARGET_ONLRET, ONLRET, ONLRET },
5824 	{ TARGET_OFILL, TARGET_OFILL, OFILL, OFILL },
5825 	{ TARGET_OFDEL, TARGET_OFDEL, OFDEL, OFDEL },
5826 	{ TARGET_NLDLY, TARGET_NL0, NLDLY, NL0 },
5827 	{ TARGET_NLDLY, TARGET_NL1, NLDLY, NL1 },
5828 	{ TARGET_CRDLY, TARGET_CR0, CRDLY, CR0 },
5829 	{ TARGET_CRDLY, TARGET_CR1, CRDLY, CR1 },
5830 	{ TARGET_CRDLY, TARGET_CR2, CRDLY, CR2 },
5831 	{ TARGET_CRDLY, TARGET_CR3, CRDLY, CR3 },
5832 	{ TARGET_TABDLY, TARGET_TAB0, TABDLY, TAB0 },
5833 	{ TARGET_TABDLY, TARGET_TAB1, TABDLY, TAB1 },
5834 	{ TARGET_TABDLY, TARGET_TAB2, TABDLY, TAB2 },
5835 	{ TARGET_TABDLY, TARGET_TAB3, TABDLY, TAB3 },
5836 	{ TARGET_BSDLY, TARGET_BS0, BSDLY, BS0 },
5837 	{ TARGET_BSDLY, TARGET_BS1, BSDLY, BS1 },
5838 	{ TARGET_VTDLY, TARGET_VT0, VTDLY, VT0 },
5839 	{ TARGET_VTDLY, TARGET_VT1, VTDLY, VT1 },
5840 	{ TARGET_FFDLY, TARGET_FF0, FFDLY, FF0 },
5841 	{ TARGET_FFDLY, TARGET_FF1, FFDLY, FF1 },
5842 };
5843 
5844 static const bitmask_transtbl cflag_tbl[] = {
5845 	{ TARGET_CBAUD, TARGET_B0, CBAUD, B0 },
5846 	{ TARGET_CBAUD, TARGET_B50, CBAUD, B50 },
5847 	{ TARGET_CBAUD, TARGET_B75, CBAUD, B75 },
5848 	{ TARGET_CBAUD, TARGET_B110, CBAUD, B110 },
5849 	{ TARGET_CBAUD, TARGET_B134, CBAUD, B134 },
5850 	{ TARGET_CBAUD, TARGET_B150, CBAUD, B150 },
5851 	{ TARGET_CBAUD, TARGET_B200, CBAUD, B200 },
5852 	{ TARGET_CBAUD, TARGET_B300, CBAUD, B300 },
5853 	{ TARGET_CBAUD, TARGET_B600, CBAUD, B600 },
5854 	{ TARGET_CBAUD, TARGET_B1200, CBAUD, B1200 },
5855 	{ TARGET_CBAUD, TARGET_B1800, CBAUD, B1800 },
5856 	{ TARGET_CBAUD, TARGET_B2400, CBAUD, B2400 },
5857 	{ TARGET_CBAUD, TARGET_B4800, CBAUD, B4800 },
5858 	{ TARGET_CBAUD, TARGET_B9600, CBAUD, B9600 },
5859 	{ TARGET_CBAUD, TARGET_B19200, CBAUD, B19200 },
5860 	{ TARGET_CBAUD, TARGET_B38400, CBAUD, B38400 },
5861 	{ TARGET_CBAUD, TARGET_B57600, CBAUD, B57600 },
5862 	{ TARGET_CBAUD, TARGET_B115200, CBAUD, B115200 },
5863 	{ TARGET_CBAUD, TARGET_B230400, CBAUD, B230400 },
5864 	{ TARGET_CBAUD, TARGET_B460800, CBAUD, B460800 },
5865 	{ TARGET_CSIZE, TARGET_CS5, CSIZE, CS5 },
5866 	{ TARGET_CSIZE, TARGET_CS6, CSIZE, CS6 },
5867 	{ TARGET_CSIZE, TARGET_CS7, CSIZE, CS7 },
5868 	{ TARGET_CSIZE, TARGET_CS8, CSIZE, CS8 },
5869 	{ TARGET_CSTOPB, TARGET_CSTOPB, CSTOPB, CSTOPB },
5870 	{ TARGET_CREAD, TARGET_CREAD, CREAD, CREAD },
5871 	{ TARGET_PARENB, TARGET_PARENB, PARENB, PARENB },
5872 	{ TARGET_PARODD, TARGET_PARODD, PARODD, PARODD },
5873 	{ TARGET_HUPCL, TARGET_HUPCL, HUPCL, HUPCL },
5874 	{ TARGET_CLOCAL, TARGET_CLOCAL, CLOCAL, CLOCAL },
5875 	{ TARGET_CRTSCTS, TARGET_CRTSCTS, CRTSCTS, CRTSCTS },
5876 };
5877 
5878 static const bitmask_transtbl lflag_tbl[] = {
5879   { TARGET_ISIG, TARGET_ISIG, ISIG, ISIG },
5880   { TARGET_ICANON, TARGET_ICANON, ICANON, ICANON },
5881   { TARGET_XCASE, TARGET_XCASE, XCASE, XCASE },
5882   { TARGET_ECHO, TARGET_ECHO, ECHO, ECHO },
5883   { TARGET_ECHOE, TARGET_ECHOE, ECHOE, ECHOE },
5884   { TARGET_ECHOK, TARGET_ECHOK, ECHOK, ECHOK },
5885   { TARGET_ECHONL, TARGET_ECHONL, ECHONL, ECHONL },
5886   { TARGET_NOFLSH, TARGET_NOFLSH, NOFLSH, NOFLSH },
5887   { TARGET_TOSTOP, TARGET_TOSTOP, TOSTOP, TOSTOP },
5888   { TARGET_ECHOCTL, TARGET_ECHOCTL, ECHOCTL, ECHOCTL },
5889   { TARGET_ECHOPRT, TARGET_ECHOPRT, ECHOPRT, ECHOPRT },
5890   { TARGET_ECHOKE, TARGET_ECHOKE, ECHOKE, ECHOKE },
5891   { TARGET_FLUSHO, TARGET_FLUSHO, FLUSHO, FLUSHO },
5892   { TARGET_PENDIN, TARGET_PENDIN, PENDIN, PENDIN },
5893   { TARGET_IEXTEN, TARGET_IEXTEN, IEXTEN, IEXTEN },
5894   { TARGET_EXTPROC, TARGET_EXTPROC, EXTPROC, EXTPROC},
5895 };
5896 
5897 static void target_to_host_termios (void *dst, const void *src)
5898 {
5899     struct host_termios *host = dst;
5900     const struct target_termios *target = src;
5901 
5902     host->c_iflag =
5903         target_to_host_bitmask(tswap32(target->c_iflag), iflag_tbl);
5904     host->c_oflag =
5905         target_to_host_bitmask(tswap32(target->c_oflag), oflag_tbl);
5906     host->c_cflag =
5907         target_to_host_bitmask(tswap32(target->c_cflag), cflag_tbl);
5908     host->c_lflag =
5909         target_to_host_bitmask(tswap32(target->c_lflag), lflag_tbl);
5910     host->c_line = target->c_line;
5911 
5912     memset(host->c_cc, 0, sizeof(host->c_cc));
5913     host->c_cc[VINTR] = target->c_cc[TARGET_VINTR];
5914     host->c_cc[VQUIT] = target->c_cc[TARGET_VQUIT];
5915     host->c_cc[VERASE] = target->c_cc[TARGET_VERASE];
5916     host->c_cc[VKILL] = target->c_cc[TARGET_VKILL];
5917     host->c_cc[VEOF] = target->c_cc[TARGET_VEOF];
5918     host->c_cc[VTIME] = target->c_cc[TARGET_VTIME];
5919     host->c_cc[VMIN] = target->c_cc[TARGET_VMIN];
5920     host->c_cc[VSWTC] = target->c_cc[TARGET_VSWTC];
5921     host->c_cc[VSTART] = target->c_cc[TARGET_VSTART];
5922     host->c_cc[VSTOP] = target->c_cc[TARGET_VSTOP];
5923     host->c_cc[VSUSP] = target->c_cc[TARGET_VSUSP];
5924     host->c_cc[VEOL] = target->c_cc[TARGET_VEOL];
5925     host->c_cc[VREPRINT] = target->c_cc[TARGET_VREPRINT];
5926     host->c_cc[VDISCARD] = target->c_cc[TARGET_VDISCARD];
5927     host->c_cc[VWERASE] = target->c_cc[TARGET_VWERASE];
5928     host->c_cc[VLNEXT] = target->c_cc[TARGET_VLNEXT];
5929     host->c_cc[VEOL2] = target->c_cc[TARGET_VEOL2];
5930 }
5931 
5932 static void host_to_target_termios (void *dst, const void *src)
5933 {
5934     struct target_termios *target = dst;
5935     const struct host_termios *host = src;
5936 
5937     target->c_iflag =
5938         tswap32(host_to_target_bitmask(host->c_iflag, iflag_tbl));
5939     target->c_oflag =
5940         tswap32(host_to_target_bitmask(host->c_oflag, oflag_tbl));
5941     target->c_cflag =
5942         tswap32(host_to_target_bitmask(host->c_cflag, cflag_tbl));
5943     target->c_lflag =
5944         tswap32(host_to_target_bitmask(host->c_lflag, lflag_tbl));
5945     target->c_line = host->c_line;
5946 
5947     memset(target->c_cc, 0, sizeof(target->c_cc));
5948     target->c_cc[TARGET_VINTR] = host->c_cc[VINTR];
5949     target->c_cc[TARGET_VQUIT] = host->c_cc[VQUIT];
5950     target->c_cc[TARGET_VERASE] = host->c_cc[VERASE];
5951     target->c_cc[TARGET_VKILL] = host->c_cc[VKILL];
5952     target->c_cc[TARGET_VEOF] = host->c_cc[VEOF];
5953     target->c_cc[TARGET_VTIME] = host->c_cc[VTIME];
5954     target->c_cc[TARGET_VMIN] = host->c_cc[VMIN];
5955     target->c_cc[TARGET_VSWTC] = host->c_cc[VSWTC];
5956     target->c_cc[TARGET_VSTART] = host->c_cc[VSTART];
5957     target->c_cc[TARGET_VSTOP] = host->c_cc[VSTOP];
5958     target->c_cc[TARGET_VSUSP] = host->c_cc[VSUSP];
5959     target->c_cc[TARGET_VEOL] = host->c_cc[VEOL];
5960     target->c_cc[TARGET_VREPRINT] = host->c_cc[VREPRINT];
5961     target->c_cc[TARGET_VDISCARD] = host->c_cc[VDISCARD];
5962     target->c_cc[TARGET_VWERASE] = host->c_cc[VWERASE];
5963     target->c_cc[TARGET_VLNEXT] = host->c_cc[VLNEXT];
5964     target->c_cc[TARGET_VEOL2] = host->c_cc[VEOL2];
5965 }
5966 
5967 static const StructEntry struct_termios_def = {
5968     .convert = { host_to_target_termios, target_to_host_termios },
5969     .size = { sizeof(struct target_termios), sizeof(struct host_termios) },
5970     .align = { __alignof__(struct target_termios), __alignof__(struct host_termios) },
5971     .print = print_termios,
5972 };
5973 
5974 /* If the host does not provide these bits, they may be safely discarded. */
5975 #ifndef MAP_SYNC
5976 #define MAP_SYNC 0
5977 #endif
5978 #ifndef MAP_UNINITIALIZED
5979 #define MAP_UNINITIALIZED 0
5980 #endif
5981 
5982 static const bitmask_transtbl mmap_flags_tbl[] = {
5983     { TARGET_MAP_FIXED, TARGET_MAP_FIXED, MAP_FIXED, MAP_FIXED },
5984     { TARGET_MAP_ANONYMOUS, TARGET_MAP_ANONYMOUS,
5985       MAP_ANONYMOUS, MAP_ANONYMOUS },
5986     { TARGET_MAP_GROWSDOWN, TARGET_MAP_GROWSDOWN,
5987       MAP_GROWSDOWN, MAP_GROWSDOWN },
5988     { TARGET_MAP_DENYWRITE, TARGET_MAP_DENYWRITE,
5989       MAP_DENYWRITE, MAP_DENYWRITE },
5990     { TARGET_MAP_EXECUTABLE, TARGET_MAP_EXECUTABLE,
5991       MAP_EXECUTABLE, MAP_EXECUTABLE },
5992     { TARGET_MAP_LOCKED, TARGET_MAP_LOCKED, MAP_LOCKED, MAP_LOCKED },
5993     { TARGET_MAP_NORESERVE, TARGET_MAP_NORESERVE,
5994       MAP_NORESERVE, MAP_NORESERVE },
5995     { TARGET_MAP_HUGETLB, TARGET_MAP_HUGETLB, MAP_HUGETLB, MAP_HUGETLB },
5996     /* MAP_STACK had been ignored by the kernel for quite some time.
5997        Recognize it for the target insofar as we do not want to pass
5998        it through to the host.  */
5999     { TARGET_MAP_STACK, TARGET_MAP_STACK, 0, 0 },
6000     { TARGET_MAP_NONBLOCK, TARGET_MAP_NONBLOCK, MAP_NONBLOCK, MAP_NONBLOCK },
6001     { TARGET_MAP_POPULATE, TARGET_MAP_POPULATE, MAP_POPULATE, MAP_POPULATE },
6002     { TARGET_MAP_FIXED_NOREPLACE, TARGET_MAP_FIXED_NOREPLACE,
6003       MAP_FIXED_NOREPLACE, MAP_FIXED_NOREPLACE },
6004     { TARGET_MAP_UNINITIALIZED, TARGET_MAP_UNINITIALIZED,
6005       MAP_UNINITIALIZED, MAP_UNINITIALIZED },
6006 };
6007 
6008 /*
6009  * Arrange for legacy / undefined architecture specific flags to be
6010  * ignored by mmap handling code.
6011  */
6012 #ifndef TARGET_MAP_32BIT
6013 #define TARGET_MAP_32BIT 0
6014 #endif
6015 #ifndef TARGET_MAP_HUGE_2MB
6016 #define TARGET_MAP_HUGE_2MB 0
6017 #endif
6018 #ifndef TARGET_MAP_HUGE_1GB
6019 #define TARGET_MAP_HUGE_1GB 0
6020 #endif
6021 
6022 static abi_long do_mmap(abi_ulong addr, abi_ulong len, int prot,
6023                         int target_flags, int fd, off_t offset)
6024 {
6025     /*
6026      * The historical set of flags that all mmap types implicitly support.
6027      */
6028     enum {
6029         TARGET_LEGACY_MAP_MASK = TARGET_MAP_SHARED
6030                                | TARGET_MAP_PRIVATE
6031                                | TARGET_MAP_FIXED
6032                                | TARGET_MAP_ANONYMOUS
6033                                | TARGET_MAP_DENYWRITE
6034                                | TARGET_MAP_EXECUTABLE
6035                                | TARGET_MAP_UNINITIALIZED
6036                                | TARGET_MAP_GROWSDOWN
6037                                | TARGET_MAP_LOCKED
6038                                | TARGET_MAP_NORESERVE
6039                                | TARGET_MAP_POPULATE
6040                                | TARGET_MAP_NONBLOCK
6041                                | TARGET_MAP_STACK
6042                                | TARGET_MAP_HUGETLB
6043                                | TARGET_MAP_32BIT
6044                                | TARGET_MAP_HUGE_2MB
6045                                | TARGET_MAP_HUGE_1GB
6046     };
6047     int host_flags;
6048 
6049     switch (target_flags & TARGET_MAP_TYPE) {
6050     case TARGET_MAP_PRIVATE:
6051         host_flags = MAP_PRIVATE;
6052         break;
6053     case TARGET_MAP_SHARED:
6054         host_flags = MAP_SHARED;
6055         break;
6056     case TARGET_MAP_SHARED_VALIDATE:
6057         /*
6058          * MAP_SYNC is only supported for MAP_SHARED_VALIDATE, and is
6059          * therefore omitted from mmap_flags_tbl and TARGET_LEGACY_MAP_MASK.
6060          */
6061         if (target_flags & ~(TARGET_LEGACY_MAP_MASK | TARGET_MAP_SYNC)) {
6062             return -TARGET_EOPNOTSUPP;
6063         }
6064         host_flags = MAP_SHARED_VALIDATE;
6065         if (target_flags & TARGET_MAP_SYNC) {
6066             host_flags |= MAP_SYNC;
6067         }
6068         break;
6069     default:
6070         return -TARGET_EINVAL;
6071     }
6072     host_flags |= target_to_host_bitmask(target_flags, mmap_flags_tbl);
6073 
6074     return get_errno(target_mmap(addr, len, prot, host_flags, fd, offset));
6075 }
6076 
6077 /*
6078  * NOTE: TARGET_ABI32 is defined for TARGET_I386 (but not for TARGET_X86_64)
6079  *       TARGET_I386 is defined if TARGET_X86_64 is defined
6080  */
6081 #if defined(TARGET_I386)
6082 
6083 /* NOTE: there is really one LDT for all the threads */
6084 static uint8_t *ldt_table;
6085 
6086 static abi_long read_ldt(abi_ulong ptr, unsigned long bytecount)
6087 {
6088     int size;
6089     void *p;
6090 
6091     if (!ldt_table)
6092         return 0;
6093     size = TARGET_LDT_ENTRIES * TARGET_LDT_ENTRY_SIZE;
6094     if (size > bytecount)
6095         size = bytecount;
6096     p = lock_user(VERIFY_WRITE, ptr, size, 0);
6097     if (!p)
6098         return -TARGET_EFAULT;
6099     /* ??? Should this by byteswapped?  */
6100     memcpy(p, ldt_table, size);
6101     unlock_user(p, ptr, size);
6102     return size;
6103 }
6104 
6105 /* XXX: add locking support */
6106 static abi_long write_ldt(CPUX86State *env,
6107                           abi_ulong ptr, unsigned long bytecount, int oldmode)
6108 {
6109     struct target_modify_ldt_ldt_s ldt_info;
6110     struct target_modify_ldt_ldt_s *target_ldt_info;
6111     int seg_32bit, contents, read_exec_only, limit_in_pages;
6112     int seg_not_present, useable, lm;
6113     uint32_t *lp, entry_1, entry_2;
6114 
6115     if (bytecount != sizeof(ldt_info))
6116         return -TARGET_EINVAL;
6117     if (!lock_user_struct(VERIFY_READ, target_ldt_info, ptr, 1))
6118         return -TARGET_EFAULT;
6119     ldt_info.entry_number = tswap32(target_ldt_info->entry_number);
6120     ldt_info.base_addr = tswapal(target_ldt_info->base_addr);
6121     ldt_info.limit = tswap32(target_ldt_info->limit);
6122     ldt_info.flags = tswap32(target_ldt_info->flags);
6123     unlock_user_struct(target_ldt_info, ptr, 0);
6124 
6125     if (ldt_info.entry_number >= TARGET_LDT_ENTRIES)
6126         return -TARGET_EINVAL;
6127     seg_32bit = ldt_info.flags & 1;
6128     contents = (ldt_info.flags >> 1) & 3;
6129     read_exec_only = (ldt_info.flags >> 3) & 1;
6130     limit_in_pages = (ldt_info.flags >> 4) & 1;
6131     seg_not_present = (ldt_info.flags >> 5) & 1;
6132     useable = (ldt_info.flags >> 6) & 1;
6133 #ifdef TARGET_ABI32
6134     lm = 0;
6135 #else
6136     lm = (ldt_info.flags >> 7) & 1;
6137 #endif
6138     if (contents == 3) {
6139         if (oldmode)
6140             return -TARGET_EINVAL;
6141         if (seg_not_present == 0)
6142             return -TARGET_EINVAL;
6143     }
6144     /* allocate the LDT */
6145     if (!ldt_table) {
6146         env->ldt.base = target_mmap(0,
6147                                     TARGET_LDT_ENTRIES * TARGET_LDT_ENTRY_SIZE,
6148                                     PROT_READ|PROT_WRITE,
6149                                     MAP_ANONYMOUS|MAP_PRIVATE, -1, 0);
6150         if (env->ldt.base == -1)
6151             return -TARGET_ENOMEM;
6152         memset(g2h_untagged(env->ldt.base), 0,
6153                TARGET_LDT_ENTRIES * TARGET_LDT_ENTRY_SIZE);
6154         env->ldt.limit = 0xffff;
6155         ldt_table = g2h_untagged(env->ldt.base);
6156     }
6157 
6158     /* NOTE: same code as Linux kernel */
6159     /* Allow LDTs to be cleared by the user. */
6160     if (ldt_info.base_addr == 0 && ldt_info.limit == 0) {
6161         if (oldmode ||
6162             (contents == 0		&&
6163              read_exec_only == 1	&&
6164              seg_32bit == 0		&&
6165              limit_in_pages == 0	&&
6166              seg_not_present == 1	&&
6167              useable == 0 )) {
6168             entry_1 = 0;
6169             entry_2 = 0;
6170             goto install;
6171         }
6172     }
6173 
6174     entry_1 = ((ldt_info.base_addr & 0x0000ffff) << 16) |
6175         (ldt_info.limit & 0x0ffff);
6176     entry_2 = (ldt_info.base_addr & 0xff000000) |
6177         ((ldt_info.base_addr & 0x00ff0000) >> 16) |
6178         (ldt_info.limit & 0xf0000) |
6179         ((read_exec_only ^ 1) << 9) |
6180         (contents << 10) |
6181         ((seg_not_present ^ 1) << 15) |
6182         (seg_32bit << 22) |
6183         (limit_in_pages << 23) |
6184         (lm << 21) |
6185         0x7000;
6186     if (!oldmode)
6187         entry_2 |= (useable << 20);
6188 
6189     /* Install the new entry ...  */
6190 install:
6191     lp = (uint32_t *)(ldt_table + (ldt_info.entry_number << 3));
6192     lp[0] = tswap32(entry_1);
6193     lp[1] = tswap32(entry_2);
6194     return 0;
6195 }
6196 
6197 /* specific and weird i386 syscalls */
6198 static abi_long do_modify_ldt(CPUX86State *env, int func, abi_ulong ptr,
6199                               unsigned long bytecount)
6200 {
6201     abi_long ret;
6202 
6203     switch (func) {
6204     case 0:
6205         ret = read_ldt(ptr, bytecount);
6206         break;
6207     case 1:
6208         ret = write_ldt(env, ptr, bytecount, 1);
6209         break;
6210     case 0x11:
6211         ret = write_ldt(env, ptr, bytecount, 0);
6212         break;
6213     default:
6214         ret = -TARGET_ENOSYS;
6215         break;
6216     }
6217     return ret;
6218 }
6219 
6220 #if defined(TARGET_ABI32)
6221 abi_long do_set_thread_area(CPUX86State *env, abi_ulong ptr)
6222 {
6223     uint64_t *gdt_table = g2h_untagged(env->gdt.base);
6224     struct target_modify_ldt_ldt_s ldt_info;
6225     struct target_modify_ldt_ldt_s *target_ldt_info;
6226     int seg_32bit, contents, read_exec_only, limit_in_pages;
6227     int seg_not_present, useable, lm;
6228     uint32_t *lp, entry_1, entry_2;
6229     int i;
6230 
6231     lock_user_struct(VERIFY_WRITE, target_ldt_info, ptr, 1);
6232     if (!target_ldt_info)
6233         return -TARGET_EFAULT;
6234     ldt_info.entry_number = tswap32(target_ldt_info->entry_number);
6235     ldt_info.base_addr = tswapal(target_ldt_info->base_addr);
6236     ldt_info.limit = tswap32(target_ldt_info->limit);
6237     ldt_info.flags = tswap32(target_ldt_info->flags);
6238     if (ldt_info.entry_number == -1) {
6239         for (i=TARGET_GDT_ENTRY_TLS_MIN; i<=TARGET_GDT_ENTRY_TLS_MAX; i++) {
6240             if (gdt_table[i] == 0) {
6241                 ldt_info.entry_number = i;
6242                 target_ldt_info->entry_number = tswap32(i);
6243                 break;
6244             }
6245         }
6246     }
6247     unlock_user_struct(target_ldt_info, ptr, 1);
6248 
6249     if (ldt_info.entry_number < TARGET_GDT_ENTRY_TLS_MIN ||
6250         ldt_info.entry_number > TARGET_GDT_ENTRY_TLS_MAX)
6251            return -TARGET_EINVAL;
6252     seg_32bit = ldt_info.flags & 1;
6253     contents = (ldt_info.flags >> 1) & 3;
6254     read_exec_only = (ldt_info.flags >> 3) & 1;
6255     limit_in_pages = (ldt_info.flags >> 4) & 1;
6256     seg_not_present = (ldt_info.flags >> 5) & 1;
6257     useable = (ldt_info.flags >> 6) & 1;
6258 #ifdef TARGET_ABI32
6259     lm = 0;
6260 #else
6261     lm = (ldt_info.flags >> 7) & 1;
6262 #endif
6263 
6264     if (contents == 3) {
6265         if (seg_not_present == 0)
6266             return -TARGET_EINVAL;
6267     }
6268 
6269     /* NOTE: same code as Linux kernel */
6270     /* Allow LDTs to be cleared by the user. */
6271     if (ldt_info.base_addr == 0 && ldt_info.limit == 0) {
6272         if ((contents == 0             &&
6273              read_exec_only == 1       &&
6274              seg_32bit == 0            &&
6275              limit_in_pages == 0       &&
6276              seg_not_present == 1      &&
6277              useable == 0 )) {
6278             entry_1 = 0;
6279             entry_2 = 0;
6280             goto install;
6281         }
6282     }
6283 
6284     entry_1 = ((ldt_info.base_addr & 0x0000ffff) << 16) |
6285         (ldt_info.limit & 0x0ffff);
6286     entry_2 = (ldt_info.base_addr & 0xff000000) |
6287         ((ldt_info.base_addr & 0x00ff0000) >> 16) |
6288         (ldt_info.limit & 0xf0000) |
6289         ((read_exec_only ^ 1) << 9) |
6290         (contents << 10) |
6291         ((seg_not_present ^ 1) << 15) |
6292         (seg_32bit << 22) |
6293         (limit_in_pages << 23) |
6294         (useable << 20) |
6295         (lm << 21) |
6296         0x7000;
6297 
6298     /* Install the new entry ...  */
6299 install:
6300     lp = (uint32_t *)(gdt_table + ldt_info.entry_number);
6301     lp[0] = tswap32(entry_1);
6302     lp[1] = tswap32(entry_2);
6303     return 0;
6304 }
6305 
6306 static abi_long do_get_thread_area(CPUX86State *env, abi_ulong ptr)
6307 {
6308     struct target_modify_ldt_ldt_s *target_ldt_info;
6309     uint64_t *gdt_table = g2h_untagged(env->gdt.base);
6310     uint32_t base_addr, limit, flags;
6311     int seg_32bit, contents, read_exec_only, limit_in_pages, idx;
6312     int seg_not_present, useable, lm;
6313     uint32_t *lp, entry_1, entry_2;
6314 
6315     lock_user_struct(VERIFY_WRITE, target_ldt_info, ptr, 1);
6316     if (!target_ldt_info)
6317         return -TARGET_EFAULT;
6318     idx = tswap32(target_ldt_info->entry_number);
6319     if (idx < TARGET_GDT_ENTRY_TLS_MIN ||
6320         idx > TARGET_GDT_ENTRY_TLS_MAX) {
6321         unlock_user_struct(target_ldt_info, ptr, 1);
6322         return -TARGET_EINVAL;
6323     }
6324     lp = (uint32_t *)(gdt_table + idx);
6325     entry_1 = tswap32(lp[0]);
6326     entry_2 = tswap32(lp[1]);
6327 
6328     read_exec_only = ((entry_2 >> 9) & 1) ^ 1;
6329     contents = (entry_2 >> 10) & 3;
6330     seg_not_present = ((entry_2 >> 15) & 1) ^ 1;
6331     seg_32bit = (entry_2 >> 22) & 1;
6332     limit_in_pages = (entry_2 >> 23) & 1;
6333     useable = (entry_2 >> 20) & 1;
6334 #ifdef TARGET_ABI32
6335     lm = 0;
6336 #else
6337     lm = (entry_2 >> 21) & 1;
6338 #endif
6339     flags = (seg_32bit << 0) | (contents << 1) |
6340         (read_exec_only << 3) | (limit_in_pages << 4) |
6341         (seg_not_present << 5) | (useable << 6) | (lm << 7);
6342     limit = (entry_1 & 0xffff) | (entry_2  & 0xf0000);
6343     base_addr = (entry_1 >> 16) |
6344         (entry_2 & 0xff000000) |
6345         ((entry_2 & 0xff) << 16);
6346     target_ldt_info->base_addr = tswapal(base_addr);
6347     target_ldt_info->limit = tswap32(limit);
6348     target_ldt_info->flags = tswap32(flags);
6349     unlock_user_struct(target_ldt_info, ptr, 1);
6350     return 0;
6351 }
6352 
6353 abi_long do_arch_prctl(CPUX86State *env, int code, abi_ulong addr)
6354 {
6355     return -TARGET_ENOSYS;
6356 }
6357 #else
6358 abi_long do_arch_prctl(CPUX86State *env, int code, abi_ulong addr)
6359 {
6360     abi_long ret = 0;
6361     abi_ulong val;
6362     int idx;
6363 
6364     switch(code) {
6365     case TARGET_ARCH_SET_GS:
6366     case TARGET_ARCH_SET_FS:
6367         if (code == TARGET_ARCH_SET_GS)
6368             idx = R_GS;
6369         else
6370             idx = R_FS;
6371         cpu_x86_load_seg(env, idx, 0);
6372         env->segs[idx].base = addr;
6373         break;
6374     case TARGET_ARCH_GET_GS:
6375     case TARGET_ARCH_GET_FS:
6376         if (code == TARGET_ARCH_GET_GS)
6377             idx = R_GS;
6378         else
6379             idx = R_FS;
6380         val = env->segs[idx].base;
6381         if (put_user(val, addr, abi_ulong))
6382             ret = -TARGET_EFAULT;
6383         break;
6384     default:
6385         ret = -TARGET_EINVAL;
6386         break;
6387     }
6388     return ret;
6389 }
6390 #endif /* defined(TARGET_ABI32 */
6391 #endif /* defined(TARGET_I386) */
6392 
6393 /*
6394  * These constants are generic.  Supply any that are missing from the host.
6395  */
6396 #ifndef PR_SET_NAME
6397 # define PR_SET_NAME    15
6398 # define PR_GET_NAME    16
6399 #endif
6400 #ifndef PR_SET_FP_MODE
6401 # define PR_SET_FP_MODE 45
6402 # define PR_GET_FP_MODE 46
6403 # define PR_FP_MODE_FR   (1 << 0)
6404 # define PR_FP_MODE_FRE  (1 << 1)
6405 #endif
6406 #ifndef PR_SVE_SET_VL
6407 # define PR_SVE_SET_VL  50
6408 # define PR_SVE_GET_VL  51
6409 # define PR_SVE_VL_LEN_MASK  0xffff
6410 # define PR_SVE_VL_INHERIT   (1 << 17)
6411 #endif
6412 #ifndef PR_PAC_RESET_KEYS
6413 # define PR_PAC_RESET_KEYS  54
6414 # define PR_PAC_APIAKEY   (1 << 0)
6415 # define PR_PAC_APIBKEY   (1 << 1)
6416 # define PR_PAC_APDAKEY   (1 << 2)
6417 # define PR_PAC_APDBKEY   (1 << 3)
6418 # define PR_PAC_APGAKEY   (1 << 4)
6419 #endif
6420 #ifndef PR_SET_TAGGED_ADDR_CTRL
6421 # define PR_SET_TAGGED_ADDR_CTRL 55
6422 # define PR_GET_TAGGED_ADDR_CTRL 56
6423 # define PR_TAGGED_ADDR_ENABLE  (1UL << 0)
6424 #endif
6425 #ifndef PR_MTE_TCF_SHIFT
6426 # define PR_MTE_TCF_SHIFT       1
6427 # define PR_MTE_TCF_NONE        (0UL << PR_MTE_TCF_SHIFT)
6428 # define PR_MTE_TCF_SYNC        (1UL << PR_MTE_TCF_SHIFT)
6429 # define PR_MTE_TCF_ASYNC       (2UL << PR_MTE_TCF_SHIFT)
6430 # define PR_MTE_TCF_MASK        (3UL << PR_MTE_TCF_SHIFT)
6431 # define PR_MTE_TAG_SHIFT       3
6432 # define PR_MTE_TAG_MASK        (0xffffUL << PR_MTE_TAG_SHIFT)
6433 #endif
6434 #ifndef PR_SET_IO_FLUSHER
6435 # define PR_SET_IO_FLUSHER 57
6436 # define PR_GET_IO_FLUSHER 58
6437 #endif
6438 #ifndef PR_SET_SYSCALL_USER_DISPATCH
6439 # define PR_SET_SYSCALL_USER_DISPATCH 59
6440 #endif
6441 #ifndef PR_SME_SET_VL
6442 # define PR_SME_SET_VL  63
6443 # define PR_SME_GET_VL  64
6444 # define PR_SME_VL_LEN_MASK  0xffff
6445 # define PR_SME_VL_INHERIT   (1 << 17)
6446 #endif
6447 
6448 #include "target_prctl.h"
6449 
6450 static abi_long do_prctl_inval0(CPUArchState *env)
6451 {
6452     return -TARGET_EINVAL;
6453 }
6454 
6455 static abi_long do_prctl_inval1(CPUArchState *env, abi_long arg2)
6456 {
6457     return -TARGET_EINVAL;
6458 }
6459 
6460 #ifndef do_prctl_get_fp_mode
6461 #define do_prctl_get_fp_mode do_prctl_inval0
6462 #endif
6463 #ifndef do_prctl_set_fp_mode
6464 #define do_prctl_set_fp_mode do_prctl_inval1
6465 #endif
6466 #ifndef do_prctl_sve_get_vl
6467 #define do_prctl_sve_get_vl do_prctl_inval0
6468 #endif
6469 #ifndef do_prctl_sve_set_vl
6470 #define do_prctl_sve_set_vl do_prctl_inval1
6471 #endif
6472 #ifndef do_prctl_reset_keys
6473 #define do_prctl_reset_keys do_prctl_inval1
6474 #endif
6475 #ifndef do_prctl_set_tagged_addr_ctrl
6476 #define do_prctl_set_tagged_addr_ctrl do_prctl_inval1
6477 #endif
6478 #ifndef do_prctl_get_tagged_addr_ctrl
6479 #define do_prctl_get_tagged_addr_ctrl do_prctl_inval0
6480 #endif
6481 #ifndef do_prctl_get_unalign
6482 #define do_prctl_get_unalign do_prctl_inval1
6483 #endif
6484 #ifndef do_prctl_set_unalign
6485 #define do_prctl_set_unalign do_prctl_inval1
6486 #endif
6487 #ifndef do_prctl_sme_get_vl
6488 #define do_prctl_sme_get_vl do_prctl_inval0
6489 #endif
6490 #ifndef do_prctl_sme_set_vl
6491 #define do_prctl_sme_set_vl do_prctl_inval1
6492 #endif
6493 
6494 static abi_long do_prctl(CPUArchState *env, abi_long option, abi_long arg2,
6495                          abi_long arg3, abi_long arg4, abi_long arg5)
6496 {
6497     abi_long ret;
6498 
6499     switch (option) {
6500     case PR_GET_PDEATHSIG:
6501         {
6502             int deathsig;
6503             ret = get_errno(prctl(PR_GET_PDEATHSIG, &deathsig,
6504                                   arg3, arg4, arg5));
6505             if (!is_error(ret) &&
6506                 put_user_s32(host_to_target_signal(deathsig), arg2)) {
6507                 return -TARGET_EFAULT;
6508             }
6509             return ret;
6510         }
6511     case PR_SET_PDEATHSIG:
6512         return get_errno(prctl(PR_SET_PDEATHSIG, target_to_host_signal(arg2),
6513                                arg3, arg4, arg5));
6514     case PR_GET_NAME:
6515         {
6516             void *name = lock_user(VERIFY_WRITE, arg2, 16, 1);
6517             if (!name) {
6518                 return -TARGET_EFAULT;
6519             }
6520             ret = get_errno(prctl(PR_GET_NAME, (uintptr_t)name,
6521                                   arg3, arg4, arg5));
6522             unlock_user(name, arg2, 16);
6523             return ret;
6524         }
6525     case PR_SET_NAME:
6526         {
6527             void *name = lock_user(VERIFY_READ, arg2, 16, 1);
6528             if (!name) {
6529                 return -TARGET_EFAULT;
6530             }
6531             ret = get_errno(prctl(PR_SET_NAME, (uintptr_t)name,
6532                                   arg3, arg4, arg5));
6533             unlock_user(name, arg2, 0);
6534             return ret;
6535         }
6536     case PR_GET_FP_MODE:
6537         return do_prctl_get_fp_mode(env);
6538     case PR_SET_FP_MODE:
6539         return do_prctl_set_fp_mode(env, arg2);
6540     case PR_SVE_GET_VL:
6541         return do_prctl_sve_get_vl(env);
6542     case PR_SVE_SET_VL:
6543         return do_prctl_sve_set_vl(env, arg2);
6544     case PR_SME_GET_VL:
6545         return do_prctl_sme_get_vl(env);
6546     case PR_SME_SET_VL:
6547         return do_prctl_sme_set_vl(env, arg2);
6548     case PR_PAC_RESET_KEYS:
6549         if (arg3 || arg4 || arg5) {
6550             return -TARGET_EINVAL;
6551         }
6552         return do_prctl_reset_keys(env, arg2);
6553     case PR_SET_TAGGED_ADDR_CTRL:
6554         if (arg3 || arg4 || arg5) {
6555             return -TARGET_EINVAL;
6556         }
6557         return do_prctl_set_tagged_addr_ctrl(env, arg2);
6558     case PR_GET_TAGGED_ADDR_CTRL:
6559         if (arg2 || arg3 || arg4 || arg5) {
6560             return -TARGET_EINVAL;
6561         }
6562         return do_prctl_get_tagged_addr_ctrl(env);
6563 
6564     case PR_GET_UNALIGN:
6565         return do_prctl_get_unalign(env, arg2);
6566     case PR_SET_UNALIGN:
6567         return do_prctl_set_unalign(env, arg2);
6568 
6569     case PR_CAP_AMBIENT:
6570     case PR_CAPBSET_READ:
6571     case PR_CAPBSET_DROP:
6572     case PR_GET_DUMPABLE:
6573     case PR_SET_DUMPABLE:
6574     case PR_GET_KEEPCAPS:
6575     case PR_SET_KEEPCAPS:
6576     case PR_GET_SECUREBITS:
6577     case PR_SET_SECUREBITS:
6578     case PR_GET_TIMING:
6579     case PR_SET_TIMING:
6580     case PR_GET_TIMERSLACK:
6581     case PR_SET_TIMERSLACK:
6582     case PR_MCE_KILL:
6583     case PR_MCE_KILL_GET:
6584     case PR_GET_NO_NEW_PRIVS:
6585     case PR_SET_NO_NEW_PRIVS:
6586     case PR_GET_IO_FLUSHER:
6587     case PR_SET_IO_FLUSHER:
6588         /* Some prctl options have no pointer arguments and we can pass on. */
6589         return get_errno(prctl(option, arg2, arg3, arg4, arg5));
6590 
6591     case PR_GET_CHILD_SUBREAPER:
6592     case PR_SET_CHILD_SUBREAPER:
6593     case PR_GET_SPECULATION_CTRL:
6594     case PR_SET_SPECULATION_CTRL:
6595     case PR_GET_TID_ADDRESS:
6596         /* TODO */
6597         return -TARGET_EINVAL;
6598 
6599     case PR_GET_FPEXC:
6600     case PR_SET_FPEXC:
6601         /* Was used for SPE on PowerPC. */
6602         return -TARGET_EINVAL;
6603 
6604     case PR_GET_ENDIAN:
6605     case PR_SET_ENDIAN:
6606     case PR_GET_FPEMU:
6607     case PR_SET_FPEMU:
6608     case PR_SET_MM:
6609     case PR_GET_SECCOMP:
6610     case PR_SET_SECCOMP:
6611     case PR_SET_SYSCALL_USER_DISPATCH:
6612     case PR_GET_THP_DISABLE:
6613     case PR_SET_THP_DISABLE:
6614     case PR_GET_TSC:
6615     case PR_SET_TSC:
6616         /* Disable to prevent the target disabling stuff we need. */
6617         return -TARGET_EINVAL;
6618 
6619     default:
6620         qemu_log_mask(LOG_UNIMP, "Unsupported prctl: " TARGET_ABI_FMT_ld "\n",
6621                       option);
6622         return -TARGET_EINVAL;
6623     }
6624 }
6625 
6626 #define NEW_STACK_SIZE 0x40000
6627 
6628 
6629 static pthread_mutex_t clone_lock = PTHREAD_MUTEX_INITIALIZER;
6630 typedef struct {
6631     CPUArchState *env;
6632     pthread_mutex_t mutex;
6633     pthread_cond_t cond;
6634     pthread_t thread;
6635     uint32_t tid;
6636     abi_ulong child_tidptr;
6637     abi_ulong parent_tidptr;
6638     sigset_t sigmask;
6639 } new_thread_info;
6640 
6641 static void *clone_func(void *arg)
6642 {
6643     new_thread_info *info = arg;
6644     CPUArchState *env;
6645     CPUState *cpu;
6646     TaskState *ts;
6647 
6648     rcu_register_thread();
6649     tcg_register_thread();
6650     env = info->env;
6651     cpu = env_cpu(env);
6652     thread_cpu = cpu;
6653     ts = (TaskState *)cpu->opaque;
6654     info->tid = sys_gettid();
6655     task_settid(ts);
6656     if (info->child_tidptr)
6657         put_user_u32(info->tid, info->child_tidptr);
6658     if (info->parent_tidptr)
6659         put_user_u32(info->tid, info->parent_tidptr);
6660     qemu_guest_random_seed_thread_part2(cpu->random_seed);
6661     /* Enable signals.  */
6662     sigprocmask(SIG_SETMASK, &info->sigmask, NULL);
6663     /* Signal to the parent that we're ready.  */
6664     pthread_mutex_lock(&info->mutex);
6665     pthread_cond_broadcast(&info->cond);
6666     pthread_mutex_unlock(&info->mutex);
6667     /* Wait until the parent has finished initializing the tls state.  */
6668     pthread_mutex_lock(&clone_lock);
6669     pthread_mutex_unlock(&clone_lock);
6670     cpu_loop(env);
6671     /* never exits */
6672     return NULL;
6673 }
6674 
6675 /* do_fork() Must return host values and target errnos (unlike most
6676    do_*() functions). */
6677 static int do_fork(CPUArchState *env, unsigned int flags, abi_ulong newsp,
6678                    abi_ulong parent_tidptr, target_ulong newtls,
6679                    abi_ulong child_tidptr)
6680 {
6681     CPUState *cpu = env_cpu(env);
6682     int ret;
6683     TaskState *ts;
6684     CPUState *new_cpu;
6685     CPUArchState *new_env;
6686     sigset_t sigmask;
6687 
6688     flags &= ~CLONE_IGNORED_FLAGS;
6689 
6690     /* Emulate vfork() with fork() */
6691     if (flags & CLONE_VFORK)
6692         flags &= ~(CLONE_VFORK | CLONE_VM);
6693 
6694     if (flags & CLONE_VM) {
6695         TaskState *parent_ts = (TaskState *)cpu->opaque;
6696         new_thread_info info;
6697         pthread_attr_t attr;
6698 
6699         if (((flags & CLONE_THREAD_FLAGS) != CLONE_THREAD_FLAGS) ||
6700             (flags & CLONE_INVALID_THREAD_FLAGS)) {
6701             return -TARGET_EINVAL;
6702         }
6703 
6704         ts = g_new0(TaskState, 1);
6705         init_task_state(ts);
6706 
6707         /* Grab a mutex so that thread setup appears atomic.  */
6708         pthread_mutex_lock(&clone_lock);
6709 
6710         /*
6711          * If this is our first additional thread, we need to ensure we
6712          * generate code for parallel execution and flush old translations.
6713          * Do this now so that the copy gets CF_PARALLEL too.
6714          */
6715         if (!(cpu->tcg_cflags & CF_PARALLEL)) {
6716             cpu->tcg_cflags |= CF_PARALLEL;
6717             tb_flush(cpu);
6718         }
6719 
6720         /* we create a new CPU instance. */
6721         new_env = cpu_copy(env);
6722         /* Init regs that differ from the parent.  */
6723         cpu_clone_regs_child(new_env, newsp, flags);
6724         cpu_clone_regs_parent(env, flags);
6725         new_cpu = env_cpu(new_env);
6726         new_cpu->opaque = ts;
6727         ts->bprm = parent_ts->bprm;
6728         ts->info = parent_ts->info;
6729         ts->signal_mask = parent_ts->signal_mask;
6730 
6731         if (flags & CLONE_CHILD_CLEARTID) {
6732             ts->child_tidptr = child_tidptr;
6733         }
6734 
6735         if (flags & CLONE_SETTLS) {
6736             cpu_set_tls (new_env, newtls);
6737         }
6738 
6739         memset(&info, 0, sizeof(info));
6740         pthread_mutex_init(&info.mutex, NULL);
6741         pthread_mutex_lock(&info.mutex);
6742         pthread_cond_init(&info.cond, NULL);
6743         info.env = new_env;
6744         if (flags & CLONE_CHILD_SETTID) {
6745             info.child_tidptr = child_tidptr;
6746         }
6747         if (flags & CLONE_PARENT_SETTID) {
6748             info.parent_tidptr = parent_tidptr;
6749         }
6750 
6751         ret = pthread_attr_init(&attr);
6752         ret = pthread_attr_setstacksize(&attr, NEW_STACK_SIZE);
6753         ret = pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
6754         /* It is not safe to deliver signals until the child has finished
6755            initializing, so temporarily block all signals.  */
6756         sigfillset(&sigmask);
6757         sigprocmask(SIG_BLOCK, &sigmask, &info.sigmask);
6758         cpu->random_seed = qemu_guest_random_seed_thread_part1();
6759 
6760         ret = pthread_create(&info.thread, &attr, clone_func, &info);
6761         /* TODO: Free new CPU state if thread creation failed.  */
6762 
6763         sigprocmask(SIG_SETMASK, &info.sigmask, NULL);
6764         pthread_attr_destroy(&attr);
6765         if (ret == 0) {
6766             /* Wait for the child to initialize.  */
6767             pthread_cond_wait(&info.cond, &info.mutex);
6768             ret = info.tid;
6769         } else {
6770             ret = -1;
6771         }
6772         pthread_mutex_unlock(&info.mutex);
6773         pthread_cond_destroy(&info.cond);
6774         pthread_mutex_destroy(&info.mutex);
6775         pthread_mutex_unlock(&clone_lock);
6776     } else {
6777         /* if no CLONE_VM, we consider it is a fork */
6778         if (flags & CLONE_INVALID_FORK_FLAGS) {
6779             return -TARGET_EINVAL;
6780         }
6781 
6782         /* We can't support custom termination signals */
6783         if ((flags & CSIGNAL) != TARGET_SIGCHLD) {
6784             return -TARGET_EINVAL;
6785         }
6786 
6787 #if !defined(__NR_pidfd_open) || !defined(TARGET_NR_pidfd_open)
6788         if (flags & CLONE_PIDFD) {
6789             return -TARGET_EINVAL;
6790         }
6791 #endif
6792 
6793         /* Can not allow CLONE_PIDFD with CLONE_PARENT_SETTID */
6794         if ((flags & CLONE_PIDFD) && (flags & CLONE_PARENT_SETTID)) {
6795             return -TARGET_EINVAL;
6796         }
6797 
6798         if (block_signals()) {
6799             return -QEMU_ERESTARTSYS;
6800         }
6801 
6802         fork_start();
6803         ret = fork();
6804         if (ret == 0) {
6805             /* Child Process.  */
6806             cpu_clone_regs_child(env, newsp, flags);
6807             fork_end(1);
6808             /* There is a race condition here.  The parent process could
6809                theoretically read the TID in the child process before the child
6810                tid is set.  This would require using either ptrace
6811                (not implemented) or having *_tidptr to point at a shared memory
6812                mapping.  We can't repeat the spinlock hack used above because
6813                the child process gets its own copy of the lock.  */
6814             if (flags & CLONE_CHILD_SETTID)
6815                 put_user_u32(sys_gettid(), child_tidptr);
6816             if (flags & CLONE_PARENT_SETTID)
6817                 put_user_u32(sys_gettid(), parent_tidptr);
6818             ts = (TaskState *)cpu->opaque;
6819             if (flags & CLONE_SETTLS)
6820                 cpu_set_tls (env, newtls);
6821             if (flags & CLONE_CHILD_CLEARTID)
6822                 ts->child_tidptr = child_tidptr;
6823         } else {
6824             cpu_clone_regs_parent(env, flags);
6825             if (flags & CLONE_PIDFD) {
6826                 int pid_fd = 0;
6827 #if defined(__NR_pidfd_open) && defined(TARGET_NR_pidfd_open)
6828                 int pid_child = ret;
6829                 pid_fd = pidfd_open(pid_child, 0);
6830                 if (pid_fd >= 0) {
6831                         fcntl(pid_fd, F_SETFD, fcntl(pid_fd, F_GETFL)
6832                                                | FD_CLOEXEC);
6833                 } else {
6834                         pid_fd = 0;
6835                 }
6836 #endif
6837                 put_user_u32(pid_fd, parent_tidptr);
6838                 }
6839             fork_end(0);
6840         }
6841         g_assert(!cpu_in_exclusive_context(cpu));
6842     }
6843     return ret;
6844 }
6845 
6846 /* warning : doesn't handle linux specific flags... */
6847 static int target_to_host_fcntl_cmd(int cmd)
6848 {
6849     int ret;
6850 
6851     switch(cmd) {
6852     case TARGET_F_DUPFD:
6853     case TARGET_F_GETFD:
6854     case TARGET_F_SETFD:
6855     case TARGET_F_GETFL:
6856     case TARGET_F_SETFL:
6857     case TARGET_F_OFD_GETLK:
6858     case TARGET_F_OFD_SETLK:
6859     case TARGET_F_OFD_SETLKW:
6860         ret = cmd;
6861         break;
6862     case TARGET_F_GETLK:
6863         ret = F_GETLK64;
6864         break;
6865     case TARGET_F_SETLK:
6866         ret = F_SETLK64;
6867         break;
6868     case TARGET_F_SETLKW:
6869         ret = F_SETLKW64;
6870         break;
6871     case TARGET_F_GETOWN:
6872         ret = F_GETOWN;
6873         break;
6874     case TARGET_F_SETOWN:
6875         ret = F_SETOWN;
6876         break;
6877     case TARGET_F_GETSIG:
6878         ret = F_GETSIG;
6879         break;
6880     case TARGET_F_SETSIG:
6881         ret = F_SETSIG;
6882         break;
6883 #if TARGET_ABI_BITS == 32
6884     case TARGET_F_GETLK64:
6885         ret = F_GETLK64;
6886         break;
6887     case TARGET_F_SETLK64:
6888         ret = F_SETLK64;
6889         break;
6890     case TARGET_F_SETLKW64:
6891         ret = F_SETLKW64;
6892         break;
6893 #endif
6894     case TARGET_F_SETLEASE:
6895         ret = F_SETLEASE;
6896         break;
6897     case TARGET_F_GETLEASE:
6898         ret = F_GETLEASE;
6899         break;
6900 #ifdef F_DUPFD_CLOEXEC
6901     case TARGET_F_DUPFD_CLOEXEC:
6902         ret = F_DUPFD_CLOEXEC;
6903         break;
6904 #endif
6905     case TARGET_F_NOTIFY:
6906         ret = F_NOTIFY;
6907         break;
6908 #ifdef F_GETOWN_EX
6909     case TARGET_F_GETOWN_EX:
6910         ret = F_GETOWN_EX;
6911         break;
6912 #endif
6913 #ifdef F_SETOWN_EX
6914     case TARGET_F_SETOWN_EX:
6915         ret = F_SETOWN_EX;
6916         break;
6917 #endif
6918 #ifdef F_SETPIPE_SZ
6919     case TARGET_F_SETPIPE_SZ:
6920         ret = F_SETPIPE_SZ;
6921         break;
6922     case TARGET_F_GETPIPE_SZ:
6923         ret = F_GETPIPE_SZ;
6924         break;
6925 #endif
6926 #ifdef F_ADD_SEALS
6927     case TARGET_F_ADD_SEALS:
6928         ret = F_ADD_SEALS;
6929         break;
6930     case TARGET_F_GET_SEALS:
6931         ret = F_GET_SEALS;
6932         break;
6933 #endif
6934     default:
6935         ret = -TARGET_EINVAL;
6936         break;
6937     }
6938 
6939 #if defined(__powerpc64__)
6940     /* On PPC64, glibc headers has the F_*LK* defined to 12, 13 and 14 and
6941      * is not supported by kernel. The glibc fcntl call actually adjusts
6942      * them to 5, 6 and 7 before making the syscall(). Since we make the
6943      * syscall directly, adjust to what is supported by the kernel.
6944      */
6945     if (ret >= F_GETLK64 && ret <= F_SETLKW64) {
6946         ret -= F_GETLK64 - 5;
6947     }
6948 #endif
6949 
6950     return ret;
6951 }
6952 
6953 #define FLOCK_TRANSTBL \
6954     switch (type) { \
6955     TRANSTBL_CONVERT(F_RDLCK); \
6956     TRANSTBL_CONVERT(F_WRLCK); \
6957     TRANSTBL_CONVERT(F_UNLCK); \
6958     }
6959 
6960 static int target_to_host_flock(int type)
6961 {
6962 #define TRANSTBL_CONVERT(a) case TARGET_##a: return a
6963     FLOCK_TRANSTBL
6964 #undef  TRANSTBL_CONVERT
6965     return -TARGET_EINVAL;
6966 }
6967 
6968 static int host_to_target_flock(int type)
6969 {
6970 #define TRANSTBL_CONVERT(a) case a: return TARGET_##a
6971     FLOCK_TRANSTBL
6972 #undef  TRANSTBL_CONVERT
6973     /* if we don't know how to convert the value coming
6974      * from the host we copy to the target field as-is
6975      */
6976     return type;
6977 }
6978 
6979 static inline abi_long copy_from_user_flock(struct flock64 *fl,
6980                                             abi_ulong target_flock_addr)
6981 {
6982     struct target_flock *target_fl;
6983     int l_type;
6984 
6985     if (!lock_user_struct(VERIFY_READ, target_fl, target_flock_addr, 1)) {
6986         return -TARGET_EFAULT;
6987     }
6988 
6989     __get_user(l_type, &target_fl->l_type);
6990     l_type = target_to_host_flock(l_type);
6991     if (l_type < 0) {
6992         return l_type;
6993     }
6994     fl->l_type = l_type;
6995     __get_user(fl->l_whence, &target_fl->l_whence);
6996     __get_user(fl->l_start, &target_fl->l_start);
6997     __get_user(fl->l_len, &target_fl->l_len);
6998     __get_user(fl->l_pid, &target_fl->l_pid);
6999     unlock_user_struct(target_fl, target_flock_addr, 0);
7000     return 0;
7001 }
7002 
7003 static inline abi_long copy_to_user_flock(abi_ulong target_flock_addr,
7004                                           const struct flock64 *fl)
7005 {
7006     struct target_flock *target_fl;
7007     short l_type;
7008 
7009     if (!lock_user_struct(VERIFY_WRITE, target_fl, target_flock_addr, 0)) {
7010         return -TARGET_EFAULT;
7011     }
7012 
7013     l_type = host_to_target_flock(fl->l_type);
7014     __put_user(l_type, &target_fl->l_type);
7015     __put_user(fl->l_whence, &target_fl->l_whence);
7016     __put_user(fl->l_start, &target_fl->l_start);
7017     __put_user(fl->l_len, &target_fl->l_len);
7018     __put_user(fl->l_pid, &target_fl->l_pid);
7019     unlock_user_struct(target_fl, target_flock_addr, 1);
7020     return 0;
7021 }
7022 
7023 typedef abi_long from_flock64_fn(struct flock64 *fl, abi_ulong target_addr);
7024 typedef abi_long to_flock64_fn(abi_ulong target_addr, const struct flock64 *fl);
7025 
7026 #if defined(TARGET_ARM) && TARGET_ABI_BITS == 32
7027 struct target_oabi_flock64 {
7028     abi_short l_type;
7029     abi_short l_whence;
7030     abi_llong l_start;
7031     abi_llong l_len;
7032     abi_int   l_pid;
7033 } QEMU_PACKED;
7034 
7035 static inline abi_long copy_from_user_oabi_flock64(struct flock64 *fl,
7036                                                    abi_ulong target_flock_addr)
7037 {
7038     struct target_oabi_flock64 *target_fl;
7039     int l_type;
7040 
7041     if (!lock_user_struct(VERIFY_READ, target_fl, target_flock_addr, 1)) {
7042         return -TARGET_EFAULT;
7043     }
7044 
7045     __get_user(l_type, &target_fl->l_type);
7046     l_type = target_to_host_flock(l_type);
7047     if (l_type < 0) {
7048         return l_type;
7049     }
7050     fl->l_type = l_type;
7051     __get_user(fl->l_whence, &target_fl->l_whence);
7052     __get_user(fl->l_start, &target_fl->l_start);
7053     __get_user(fl->l_len, &target_fl->l_len);
7054     __get_user(fl->l_pid, &target_fl->l_pid);
7055     unlock_user_struct(target_fl, target_flock_addr, 0);
7056     return 0;
7057 }
7058 
7059 static inline abi_long copy_to_user_oabi_flock64(abi_ulong target_flock_addr,
7060                                                  const struct flock64 *fl)
7061 {
7062     struct target_oabi_flock64 *target_fl;
7063     short l_type;
7064 
7065     if (!lock_user_struct(VERIFY_WRITE, target_fl, target_flock_addr, 0)) {
7066         return -TARGET_EFAULT;
7067     }
7068 
7069     l_type = host_to_target_flock(fl->l_type);
7070     __put_user(l_type, &target_fl->l_type);
7071     __put_user(fl->l_whence, &target_fl->l_whence);
7072     __put_user(fl->l_start, &target_fl->l_start);
7073     __put_user(fl->l_len, &target_fl->l_len);
7074     __put_user(fl->l_pid, &target_fl->l_pid);
7075     unlock_user_struct(target_fl, target_flock_addr, 1);
7076     return 0;
7077 }
7078 #endif
7079 
7080 static inline abi_long copy_from_user_flock64(struct flock64 *fl,
7081                                               abi_ulong target_flock_addr)
7082 {
7083     struct target_flock64 *target_fl;
7084     int l_type;
7085 
7086     if (!lock_user_struct(VERIFY_READ, target_fl, target_flock_addr, 1)) {
7087         return -TARGET_EFAULT;
7088     }
7089 
7090     __get_user(l_type, &target_fl->l_type);
7091     l_type = target_to_host_flock(l_type);
7092     if (l_type < 0) {
7093         return l_type;
7094     }
7095     fl->l_type = l_type;
7096     __get_user(fl->l_whence, &target_fl->l_whence);
7097     __get_user(fl->l_start, &target_fl->l_start);
7098     __get_user(fl->l_len, &target_fl->l_len);
7099     __get_user(fl->l_pid, &target_fl->l_pid);
7100     unlock_user_struct(target_fl, target_flock_addr, 0);
7101     return 0;
7102 }
7103 
7104 static inline abi_long copy_to_user_flock64(abi_ulong target_flock_addr,
7105                                             const struct flock64 *fl)
7106 {
7107     struct target_flock64 *target_fl;
7108     short l_type;
7109 
7110     if (!lock_user_struct(VERIFY_WRITE, target_fl, target_flock_addr, 0)) {
7111         return -TARGET_EFAULT;
7112     }
7113 
7114     l_type = host_to_target_flock(fl->l_type);
7115     __put_user(l_type, &target_fl->l_type);
7116     __put_user(fl->l_whence, &target_fl->l_whence);
7117     __put_user(fl->l_start, &target_fl->l_start);
7118     __put_user(fl->l_len, &target_fl->l_len);
7119     __put_user(fl->l_pid, &target_fl->l_pid);
7120     unlock_user_struct(target_fl, target_flock_addr, 1);
7121     return 0;
7122 }
7123 
7124 static abi_long do_fcntl(int fd, int cmd, abi_ulong arg)
7125 {
7126     struct flock64 fl64;
7127 #ifdef F_GETOWN_EX
7128     struct f_owner_ex fox;
7129     struct target_f_owner_ex *target_fox;
7130 #endif
7131     abi_long ret;
7132     int host_cmd = target_to_host_fcntl_cmd(cmd);
7133 
7134     if (host_cmd == -TARGET_EINVAL)
7135 	    return host_cmd;
7136 
7137     switch(cmd) {
7138     case TARGET_F_GETLK:
7139         ret = copy_from_user_flock(&fl64, arg);
7140         if (ret) {
7141             return ret;
7142         }
7143         ret = get_errno(safe_fcntl(fd, host_cmd, &fl64));
7144         if (ret == 0) {
7145             ret = copy_to_user_flock(arg, &fl64);
7146         }
7147         break;
7148 
7149     case TARGET_F_SETLK:
7150     case TARGET_F_SETLKW:
7151         ret = copy_from_user_flock(&fl64, arg);
7152         if (ret) {
7153             return ret;
7154         }
7155         ret = get_errno(safe_fcntl(fd, host_cmd, &fl64));
7156         break;
7157 
7158     case TARGET_F_GETLK64:
7159     case TARGET_F_OFD_GETLK:
7160         ret = copy_from_user_flock64(&fl64, arg);
7161         if (ret) {
7162             return ret;
7163         }
7164         ret = get_errno(safe_fcntl(fd, host_cmd, &fl64));
7165         if (ret == 0) {
7166             ret = copy_to_user_flock64(arg, &fl64);
7167         }
7168         break;
7169     case TARGET_F_SETLK64:
7170     case TARGET_F_SETLKW64:
7171     case TARGET_F_OFD_SETLK:
7172     case TARGET_F_OFD_SETLKW:
7173         ret = copy_from_user_flock64(&fl64, arg);
7174         if (ret) {
7175             return ret;
7176         }
7177         ret = get_errno(safe_fcntl(fd, host_cmd, &fl64));
7178         break;
7179 
7180     case TARGET_F_GETFL:
7181         ret = get_errno(safe_fcntl(fd, host_cmd, arg));
7182         if (ret >= 0) {
7183             ret = host_to_target_bitmask(ret, fcntl_flags_tbl);
7184             /* tell 32-bit guests it uses largefile on 64-bit hosts: */
7185             if (O_LARGEFILE == 0 && HOST_LONG_BITS == 64) {
7186                 ret |= TARGET_O_LARGEFILE;
7187             }
7188         }
7189         break;
7190 
7191     case TARGET_F_SETFL:
7192         ret = get_errno(safe_fcntl(fd, host_cmd,
7193                                    target_to_host_bitmask(arg,
7194                                                           fcntl_flags_tbl)));
7195         break;
7196 
7197 #ifdef F_GETOWN_EX
7198     case TARGET_F_GETOWN_EX:
7199         ret = get_errno(safe_fcntl(fd, host_cmd, &fox));
7200         if (ret >= 0) {
7201             if (!lock_user_struct(VERIFY_WRITE, target_fox, arg, 0))
7202                 return -TARGET_EFAULT;
7203             target_fox->type = tswap32(fox.type);
7204             target_fox->pid = tswap32(fox.pid);
7205             unlock_user_struct(target_fox, arg, 1);
7206         }
7207         break;
7208 #endif
7209 
7210 #ifdef F_SETOWN_EX
7211     case TARGET_F_SETOWN_EX:
7212         if (!lock_user_struct(VERIFY_READ, target_fox, arg, 1))
7213             return -TARGET_EFAULT;
7214         fox.type = tswap32(target_fox->type);
7215         fox.pid = tswap32(target_fox->pid);
7216         unlock_user_struct(target_fox, arg, 0);
7217         ret = get_errno(safe_fcntl(fd, host_cmd, &fox));
7218         break;
7219 #endif
7220 
7221     case TARGET_F_SETSIG:
7222         ret = get_errno(safe_fcntl(fd, host_cmd, target_to_host_signal(arg)));
7223         break;
7224 
7225     case TARGET_F_GETSIG:
7226         ret = host_to_target_signal(get_errno(safe_fcntl(fd, host_cmd, arg)));
7227         break;
7228 
7229     case TARGET_F_SETOWN:
7230     case TARGET_F_GETOWN:
7231     case TARGET_F_SETLEASE:
7232     case TARGET_F_GETLEASE:
7233     case TARGET_F_SETPIPE_SZ:
7234     case TARGET_F_GETPIPE_SZ:
7235     case TARGET_F_ADD_SEALS:
7236     case TARGET_F_GET_SEALS:
7237         ret = get_errno(safe_fcntl(fd, host_cmd, arg));
7238         break;
7239 
7240     default:
7241         ret = get_errno(safe_fcntl(fd, cmd, arg));
7242         break;
7243     }
7244     return ret;
7245 }
7246 
7247 #ifdef USE_UID16
7248 
7249 static inline int high2lowuid(int uid)
7250 {
7251     if (uid > 65535)
7252         return 65534;
7253     else
7254         return uid;
7255 }
7256 
7257 static inline int high2lowgid(int gid)
7258 {
7259     if (gid > 65535)
7260         return 65534;
7261     else
7262         return gid;
7263 }
7264 
7265 static inline int low2highuid(int uid)
7266 {
7267     if ((int16_t)uid == -1)
7268         return -1;
7269     else
7270         return uid;
7271 }
7272 
7273 static inline int low2highgid(int gid)
7274 {
7275     if ((int16_t)gid == -1)
7276         return -1;
7277     else
7278         return gid;
7279 }
7280 static inline int tswapid(int id)
7281 {
7282     return tswap16(id);
7283 }
7284 
7285 #define put_user_id(x, gaddr) put_user_u16(x, gaddr)
7286 
7287 #else /* !USE_UID16 */
7288 static inline int high2lowuid(int uid)
7289 {
7290     return uid;
7291 }
7292 static inline int high2lowgid(int gid)
7293 {
7294     return gid;
7295 }
7296 static inline int low2highuid(int uid)
7297 {
7298     return uid;
7299 }
7300 static inline int low2highgid(int gid)
7301 {
7302     return gid;
7303 }
7304 static inline int tswapid(int id)
7305 {
7306     return tswap32(id);
7307 }
7308 
7309 #define put_user_id(x, gaddr) put_user_u32(x, gaddr)
7310 
7311 #endif /* USE_UID16 */
7312 
7313 /* We must do direct syscalls for setting UID/GID, because we want to
7314  * implement the Linux system call semantics of "change only for this thread",
7315  * not the libc/POSIX semantics of "change for all threads in process".
7316  * (See http://ewontfix.com/17/ for more details.)
7317  * We use the 32-bit version of the syscalls if present; if it is not
7318  * then either the host architecture supports 32-bit UIDs natively with
7319  * the standard syscall, or the 16-bit UID is the best we can do.
7320  */
7321 #ifdef __NR_setuid32
7322 #define __NR_sys_setuid __NR_setuid32
7323 #else
7324 #define __NR_sys_setuid __NR_setuid
7325 #endif
7326 #ifdef __NR_setgid32
7327 #define __NR_sys_setgid __NR_setgid32
7328 #else
7329 #define __NR_sys_setgid __NR_setgid
7330 #endif
7331 #ifdef __NR_setresuid32
7332 #define __NR_sys_setresuid __NR_setresuid32
7333 #else
7334 #define __NR_sys_setresuid __NR_setresuid
7335 #endif
7336 #ifdef __NR_setresgid32
7337 #define __NR_sys_setresgid __NR_setresgid32
7338 #else
7339 #define __NR_sys_setresgid __NR_setresgid
7340 #endif
7341 
7342 _syscall1(int, sys_setuid, uid_t, uid)
7343 _syscall1(int, sys_setgid, gid_t, gid)
7344 _syscall3(int, sys_setresuid, uid_t, ruid, uid_t, euid, uid_t, suid)
7345 _syscall3(int, sys_setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid)
7346 
7347 void syscall_init(void)
7348 {
7349     IOCTLEntry *ie;
7350     const argtype *arg_type;
7351     int size;
7352 
7353     thunk_init(STRUCT_MAX);
7354 
7355 #define STRUCT(name, ...) thunk_register_struct(STRUCT_ ## name, #name, struct_ ## name ## _def);
7356 #define STRUCT_SPECIAL(name) thunk_register_struct_direct(STRUCT_ ## name, #name, &struct_ ## name ## _def);
7357 #include "syscall_types.h"
7358 #undef STRUCT
7359 #undef STRUCT_SPECIAL
7360 
7361     /* we patch the ioctl size if necessary. We rely on the fact that
7362        no ioctl has all the bits at '1' in the size field */
7363     ie = ioctl_entries;
7364     while (ie->target_cmd != 0) {
7365         if (((ie->target_cmd >> TARGET_IOC_SIZESHIFT) & TARGET_IOC_SIZEMASK) ==
7366             TARGET_IOC_SIZEMASK) {
7367             arg_type = ie->arg_type;
7368             if (arg_type[0] != TYPE_PTR) {
7369                 fprintf(stderr, "cannot patch size for ioctl 0x%x\n",
7370                         ie->target_cmd);
7371                 exit(1);
7372             }
7373             arg_type++;
7374             size = thunk_type_size(arg_type, 0);
7375             ie->target_cmd = (ie->target_cmd &
7376                               ~(TARGET_IOC_SIZEMASK << TARGET_IOC_SIZESHIFT)) |
7377                 (size << TARGET_IOC_SIZESHIFT);
7378         }
7379 
7380         /* automatic consistency check if same arch */
7381 #if (defined(__i386__) && defined(TARGET_I386) && defined(TARGET_ABI32)) || \
7382     (defined(__x86_64__) && defined(TARGET_X86_64))
7383         if (unlikely(ie->target_cmd != ie->host_cmd)) {
7384             fprintf(stderr, "ERROR: ioctl(%s): target=0x%x host=0x%x\n",
7385                     ie->name, ie->target_cmd, ie->host_cmd);
7386         }
7387 #endif
7388         ie++;
7389     }
7390 }
7391 
7392 #ifdef TARGET_NR_truncate64
7393 static inline abi_long target_truncate64(CPUArchState *cpu_env, const char *arg1,
7394                                          abi_long arg2,
7395                                          abi_long arg3,
7396                                          abi_long arg4)
7397 {
7398     if (regpairs_aligned(cpu_env, TARGET_NR_truncate64)) {
7399         arg2 = arg3;
7400         arg3 = arg4;
7401     }
7402     return get_errno(truncate64(arg1, target_offset64(arg2, arg3)));
7403 }
7404 #endif
7405 
7406 #ifdef TARGET_NR_ftruncate64
7407 static inline abi_long target_ftruncate64(CPUArchState *cpu_env, abi_long arg1,
7408                                           abi_long arg2,
7409                                           abi_long arg3,
7410                                           abi_long arg4)
7411 {
7412     if (regpairs_aligned(cpu_env, TARGET_NR_ftruncate64)) {
7413         arg2 = arg3;
7414         arg3 = arg4;
7415     }
7416     return get_errno(ftruncate64(arg1, target_offset64(arg2, arg3)));
7417 }
7418 #endif
7419 
7420 #if defined(TARGET_NR_timer_settime) || \
7421     (defined(TARGET_NR_timerfd_settime) && defined(CONFIG_TIMERFD))
7422 static inline abi_long target_to_host_itimerspec(struct itimerspec *host_its,
7423                                                  abi_ulong target_addr)
7424 {
7425     if (target_to_host_timespec(&host_its->it_interval, target_addr +
7426                                 offsetof(struct target_itimerspec,
7427                                          it_interval)) ||
7428         target_to_host_timespec(&host_its->it_value, target_addr +
7429                                 offsetof(struct target_itimerspec,
7430                                          it_value))) {
7431         return -TARGET_EFAULT;
7432     }
7433 
7434     return 0;
7435 }
7436 #endif
7437 
7438 #if defined(TARGET_NR_timer_settime64) || \
7439     (defined(TARGET_NR_timerfd_settime64) && defined(CONFIG_TIMERFD))
7440 static inline abi_long target_to_host_itimerspec64(struct itimerspec *host_its,
7441                                                    abi_ulong target_addr)
7442 {
7443     if (target_to_host_timespec64(&host_its->it_interval, target_addr +
7444                                   offsetof(struct target__kernel_itimerspec,
7445                                            it_interval)) ||
7446         target_to_host_timespec64(&host_its->it_value, target_addr +
7447                                   offsetof(struct target__kernel_itimerspec,
7448                                            it_value))) {
7449         return -TARGET_EFAULT;
7450     }
7451 
7452     return 0;
7453 }
7454 #endif
7455 
7456 #if ((defined(TARGET_NR_timerfd_gettime) || \
7457       defined(TARGET_NR_timerfd_settime)) && defined(CONFIG_TIMERFD)) || \
7458       defined(TARGET_NR_timer_gettime) || defined(TARGET_NR_timer_settime)
7459 static inline abi_long host_to_target_itimerspec(abi_ulong target_addr,
7460                                                  struct itimerspec *host_its)
7461 {
7462     if (host_to_target_timespec(target_addr + offsetof(struct target_itimerspec,
7463                                                        it_interval),
7464                                 &host_its->it_interval) ||
7465         host_to_target_timespec(target_addr + offsetof(struct target_itimerspec,
7466                                                        it_value),
7467                                 &host_its->it_value)) {
7468         return -TARGET_EFAULT;
7469     }
7470     return 0;
7471 }
7472 #endif
7473 
7474 #if ((defined(TARGET_NR_timerfd_gettime64) || \
7475       defined(TARGET_NR_timerfd_settime64)) && defined(CONFIG_TIMERFD)) || \
7476       defined(TARGET_NR_timer_gettime64) || defined(TARGET_NR_timer_settime64)
7477 static inline abi_long host_to_target_itimerspec64(abi_ulong target_addr,
7478                                                    struct itimerspec *host_its)
7479 {
7480     if (host_to_target_timespec64(target_addr +
7481                                   offsetof(struct target__kernel_itimerspec,
7482                                            it_interval),
7483                                   &host_its->it_interval) ||
7484         host_to_target_timespec64(target_addr +
7485                                   offsetof(struct target__kernel_itimerspec,
7486                                            it_value),
7487                                   &host_its->it_value)) {
7488         return -TARGET_EFAULT;
7489     }
7490     return 0;
7491 }
7492 #endif
7493 
7494 #if defined(TARGET_NR_adjtimex) || \
7495     (defined(TARGET_NR_clock_adjtime) && defined(CONFIG_CLOCK_ADJTIME))
7496 static inline abi_long target_to_host_timex(struct timex *host_tx,
7497                                             abi_long target_addr)
7498 {
7499     struct target_timex *target_tx;
7500 
7501     if (!lock_user_struct(VERIFY_READ, target_tx, target_addr, 1)) {
7502         return -TARGET_EFAULT;
7503     }
7504 
7505     __get_user(host_tx->modes, &target_tx->modes);
7506     __get_user(host_tx->offset, &target_tx->offset);
7507     __get_user(host_tx->freq, &target_tx->freq);
7508     __get_user(host_tx->maxerror, &target_tx->maxerror);
7509     __get_user(host_tx->esterror, &target_tx->esterror);
7510     __get_user(host_tx->status, &target_tx->status);
7511     __get_user(host_tx->constant, &target_tx->constant);
7512     __get_user(host_tx->precision, &target_tx->precision);
7513     __get_user(host_tx->tolerance, &target_tx->tolerance);
7514     __get_user(host_tx->time.tv_sec, &target_tx->time.tv_sec);
7515     __get_user(host_tx->time.tv_usec, &target_tx->time.tv_usec);
7516     __get_user(host_tx->tick, &target_tx->tick);
7517     __get_user(host_tx->ppsfreq, &target_tx->ppsfreq);
7518     __get_user(host_tx->jitter, &target_tx->jitter);
7519     __get_user(host_tx->shift, &target_tx->shift);
7520     __get_user(host_tx->stabil, &target_tx->stabil);
7521     __get_user(host_tx->jitcnt, &target_tx->jitcnt);
7522     __get_user(host_tx->calcnt, &target_tx->calcnt);
7523     __get_user(host_tx->errcnt, &target_tx->errcnt);
7524     __get_user(host_tx->stbcnt, &target_tx->stbcnt);
7525     __get_user(host_tx->tai, &target_tx->tai);
7526 
7527     unlock_user_struct(target_tx, target_addr, 0);
7528     return 0;
7529 }
7530 
7531 static inline abi_long host_to_target_timex(abi_long target_addr,
7532                                             struct timex *host_tx)
7533 {
7534     struct target_timex *target_tx;
7535 
7536     if (!lock_user_struct(VERIFY_WRITE, target_tx, target_addr, 0)) {
7537         return -TARGET_EFAULT;
7538     }
7539 
7540     __put_user(host_tx->modes, &target_tx->modes);
7541     __put_user(host_tx->offset, &target_tx->offset);
7542     __put_user(host_tx->freq, &target_tx->freq);
7543     __put_user(host_tx->maxerror, &target_tx->maxerror);
7544     __put_user(host_tx->esterror, &target_tx->esterror);
7545     __put_user(host_tx->status, &target_tx->status);
7546     __put_user(host_tx->constant, &target_tx->constant);
7547     __put_user(host_tx->precision, &target_tx->precision);
7548     __put_user(host_tx->tolerance, &target_tx->tolerance);
7549     __put_user(host_tx->time.tv_sec, &target_tx->time.tv_sec);
7550     __put_user(host_tx->time.tv_usec, &target_tx->time.tv_usec);
7551     __put_user(host_tx->tick, &target_tx->tick);
7552     __put_user(host_tx->ppsfreq, &target_tx->ppsfreq);
7553     __put_user(host_tx->jitter, &target_tx->jitter);
7554     __put_user(host_tx->shift, &target_tx->shift);
7555     __put_user(host_tx->stabil, &target_tx->stabil);
7556     __put_user(host_tx->jitcnt, &target_tx->jitcnt);
7557     __put_user(host_tx->calcnt, &target_tx->calcnt);
7558     __put_user(host_tx->errcnt, &target_tx->errcnt);
7559     __put_user(host_tx->stbcnt, &target_tx->stbcnt);
7560     __put_user(host_tx->tai, &target_tx->tai);
7561 
7562     unlock_user_struct(target_tx, target_addr, 1);
7563     return 0;
7564 }
7565 #endif
7566 
7567 
7568 #if defined(TARGET_NR_clock_adjtime64) && defined(CONFIG_CLOCK_ADJTIME)
7569 static inline abi_long target_to_host_timex64(struct timex *host_tx,
7570                                               abi_long target_addr)
7571 {
7572     struct target__kernel_timex *target_tx;
7573 
7574     if (copy_from_user_timeval64(&host_tx->time, target_addr +
7575                                  offsetof(struct target__kernel_timex,
7576                                           time))) {
7577         return -TARGET_EFAULT;
7578     }
7579 
7580     if (!lock_user_struct(VERIFY_READ, target_tx, target_addr, 1)) {
7581         return -TARGET_EFAULT;
7582     }
7583 
7584     __get_user(host_tx->modes, &target_tx->modes);
7585     __get_user(host_tx->offset, &target_tx->offset);
7586     __get_user(host_tx->freq, &target_tx->freq);
7587     __get_user(host_tx->maxerror, &target_tx->maxerror);
7588     __get_user(host_tx->esterror, &target_tx->esterror);
7589     __get_user(host_tx->status, &target_tx->status);
7590     __get_user(host_tx->constant, &target_tx->constant);
7591     __get_user(host_tx->precision, &target_tx->precision);
7592     __get_user(host_tx->tolerance, &target_tx->tolerance);
7593     __get_user(host_tx->tick, &target_tx->tick);
7594     __get_user(host_tx->ppsfreq, &target_tx->ppsfreq);
7595     __get_user(host_tx->jitter, &target_tx->jitter);
7596     __get_user(host_tx->shift, &target_tx->shift);
7597     __get_user(host_tx->stabil, &target_tx->stabil);
7598     __get_user(host_tx->jitcnt, &target_tx->jitcnt);
7599     __get_user(host_tx->calcnt, &target_tx->calcnt);
7600     __get_user(host_tx->errcnt, &target_tx->errcnt);
7601     __get_user(host_tx->stbcnt, &target_tx->stbcnt);
7602     __get_user(host_tx->tai, &target_tx->tai);
7603 
7604     unlock_user_struct(target_tx, target_addr, 0);
7605     return 0;
7606 }
7607 
7608 static inline abi_long host_to_target_timex64(abi_long target_addr,
7609                                               struct timex *host_tx)
7610 {
7611     struct target__kernel_timex *target_tx;
7612 
7613    if (copy_to_user_timeval64(target_addr +
7614                               offsetof(struct target__kernel_timex, time),
7615                               &host_tx->time)) {
7616         return -TARGET_EFAULT;
7617     }
7618 
7619     if (!lock_user_struct(VERIFY_WRITE, target_tx, target_addr, 0)) {
7620         return -TARGET_EFAULT;
7621     }
7622 
7623     __put_user(host_tx->modes, &target_tx->modes);
7624     __put_user(host_tx->offset, &target_tx->offset);
7625     __put_user(host_tx->freq, &target_tx->freq);
7626     __put_user(host_tx->maxerror, &target_tx->maxerror);
7627     __put_user(host_tx->esterror, &target_tx->esterror);
7628     __put_user(host_tx->status, &target_tx->status);
7629     __put_user(host_tx->constant, &target_tx->constant);
7630     __put_user(host_tx->precision, &target_tx->precision);
7631     __put_user(host_tx->tolerance, &target_tx->tolerance);
7632     __put_user(host_tx->tick, &target_tx->tick);
7633     __put_user(host_tx->ppsfreq, &target_tx->ppsfreq);
7634     __put_user(host_tx->jitter, &target_tx->jitter);
7635     __put_user(host_tx->shift, &target_tx->shift);
7636     __put_user(host_tx->stabil, &target_tx->stabil);
7637     __put_user(host_tx->jitcnt, &target_tx->jitcnt);
7638     __put_user(host_tx->calcnt, &target_tx->calcnt);
7639     __put_user(host_tx->errcnt, &target_tx->errcnt);
7640     __put_user(host_tx->stbcnt, &target_tx->stbcnt);
7641     __put_user(host_tx->tai, &target_tx->tai);
7642 
7643     unlock_user_struct(target_tx, target_addr, 1);
7644     return 0;
7645 }
7646 #endif
7647 
7648 #ifndef HAVE_SIGEV_NOTIFY_THREAD_ID
7649 #define sigev_notify_thread_id _sigev_un._tid
7650 #endif
7651 
7652 static inline abi_long target_to_host_sigevent(struct sigevent *host_sevp,
7653                                                abi_ulong target_addr)
7654 {
7655     struct target_sigevent *target_sevp;
7656 
7657     if (!lock_user_struct(VERIFY_READ, target_sevp, target_addr, 1)) {
7658         return -TARGET_EFAULT;
7659     }
7660 
7661     /* This union is awkward on 64 bit systems because it has a 32 bit
7662      * integer and a pointer in it; we follow the conversion approach
7663      * used for handling sigval types in signal.c so the guest should get
7664      * the correct value back even if we did a 64 bit byteswap and it's
7665      * using the 32 bit integer.
7666      */
7667     host_sevp->sigev_value.sival_ptr =
7668         (void *)(uintptr_t)tswapal(target_sevp->sigev_value.sival_ptr);
7669     host_sevp->sigev_signo =
7670         target_to_host_signal(tswap32(target_sevp->sigev_signo));
7671     host_sevp->sigev_notify = tswap32(target_sevp->sigev_notify);
7672     host_sevp->sigev_notify_thread_id = tswap32(target_sevp->_sigev_un._tid);
7673 
7674     unlock_user_struct(target_sevp, target_addr, 1);
7675     return 0;
7676 }
7677 
7678 #if defined(TARGET_NR_mlockall)
7679 static inline int target_to_host_mlockall_arg(int arg)
7680 {
7681     int result = 0;
7682 
7683     if (arg & TARGET_MCL_CURRENT) {
7684         result |= MCL_CURRENT;
7685     }
7686     if (arg & TARGET_MCL_FUTURE) {
7687         result |= MCL_FUTURE;
7688     }
7689 #ifdef MCL_ONFAULT
7690     if (arg & TARGET_MCL_ONFAULT) {
7691         result |= MCL_ONFAULT;
7692     }
7693 #endif
7694 
7695     return result;
7696 }
7697 #endif
7698 
7699 static inline int target_to_host_msync_arg(abi_long arg)
7700 {
7701     return ((arg & TARGET_MS_ASYNC) ? MS_ASYNC : 0) |
7702            ((arg & TARGET_MS_INVALIDATE) ? MS_INVALIDATE : 0) |
7703            ((arg & TARGET_MS_SYNC) ? MS_SYNC : 0) |
7704            (arg & ~(TARGET_MS_ASYNC | TARGET_MS_INVALIDATE | TARGET_MS_SYNC));
7705 }
7706 
7707 #if (defined(TARGET_NR_stat64) || defined(TARGET_NR_lstat64) ||     \
7708      defined(TARGET_NR_fstat64) || defined(TARGET_NR_fstatat64) ||  \
7709      defined(TARGET_NR_newfstatat))
7710 static inline abi_long host_to_target_stat64(CPUArchState *cpu_env,
7711                                              abi_ulong target_addr,
7712                                              struct stat *host_st)
7713 {
7714 #if defined(TARGET_ARM) && defined(TARGET_ABI32)
7715     if (cpu_env->eabi) {
7716         struct target_eabi_stat64 *target_st;
7717 
7718         if (!lock_user_struct(VERIFY_WRITE, target_st, target_addr, 0))
7719             return -TARGET_EFAULT;
7720         memset(target_st, 0, sizeof(struct target_eabi_stat64));
7721         __put_user(host_st->st_dev, &target_st->st_dev);
7722         __put_user(host_st->st_ino, &target_st->st_ino);
7723 #ifdef TARGET_STAT64_HAS_BROKEN_ST_INO
7724         __put_user(host_st->st_ino, &target_st->__st_ino);
7725 #endif
7726         __put_user(host_st->st_mode, &target_st->st_mode);
7727         __put_user(host_st->st_nlink, &target_st->st_nlink);
7728         __put_user(host_st->st_uid, &target_st->st_uid);
7729         __put_user(host_st->st_gid, &target_st->st_gid);
7730         __put_user(host_st->st_rdev, &target_st->st_rdev);
7731         __put_user(host_st->st_size, &target_st->st_size);
7732         __put_user(host_st->st_blksize, &target_st->st_blksize);
7733         __put_user(host_st->st_blocks, &target_st->st_blocks);
7734         __put_user(host_st->st_atime, &target_st->target_st_atime);
7735         __put_user(host_st->st_mtime, &target_st->target_st_mtime);
7736         __put_user(host_st->st_ctime, &target_st->target_st_ctime);
7737 #ifdef HAVE_STRUCT_STAT_ST_ATIM
7738         __put_user(host_st->st_atim.tv_nsec, &target_st->target_st_atime_nsec);
7739         __put_user(host_st->st_mtim.tv_nsec, &target_st->target_st_mtime_nsec);
7740         __put_user(host_st->st_ctim.tv_nsec, &target_st->target_st_ctime_nsec);
7741 #endif
7742         unlock_user_struct(target_st, target_addr, 1);
7743     } else
7744 #endif
7745     {
7746 #if defined(TARGET_HAS_STRUCT_STAT64)
7747         struct target_stat64 *target_st;
7748 #else
7749         struct target_stat *target_st;
7750 #endif
7751 
7752         if (!lock_user_struct(VERIFY_WRITE, target_st, target_addr, 0))
7753             return -TARGET_EFAULT;
7754         memset(target_st, 0, sizeof(*target_st));
7755         __put_user(host_st->st_dev, &target_st->st_dev);
7756         __put_user(host_st->st_ino, &target_st->st_ino);
7757 #ifdef TARGET_STAT64_HAS_BROKEN_ST_INO
7758         __put_user(host_st->st_ino, &target_st->__st_ino);
7759 #endif
7760         __put_user(host_st->st_mode, &target_st->st_mode);
7761         __put_user(host_st->st_nlink, &target_st->st_nlink);
7762         __put_user(host_st->st_uid, &target_st->st_uid);
7763         __put_user(host_st->st_gid, &target_st->st_gid);
7764         __put_user(host_st->st_rdev, &target_st->st_rdev);
7765         /* XXX: better use of kernel struct */
7766         __put_user(host_st->st_size, &target_st->st_size);
7767         __put_user(host_st->st_blksize, &target_st->st_blksize);
7768         __put_user(host_st->st_blocks, &target_st->st_blocks);
7769         __put_user(host_st->st_atime, &target_st->target_st_atime);
7770         __put_user(host_st->st_mtime, &target_st->target_st_mtime);
7771         __put_user(host_st->st_ctime, &target_st->target_st_ctime);
7772 #ifdef HAVE_STRUCT_STAT_ST_ATIM
7773         __put_user(host_st->st_atim.tv_nsec, &target_st->target_st_atime_nsec);
7774         __put_user(host_st->st_mtim.tv_nsec, &target_st->target_st_mtime_nsec);
7775         __put_user(host_st->st_ctim.tv_nsec, &target_st->target_st_ctime_nsec);
7776 #endif
7777         unlock_user_struct(target_st, target_addr, 1);
7778     }
7779 
7780     return 0;
7781 }
7782 #endif
7783 
7784 #if defined(TARGET_NR_statx) && defined(__NR_statx)
7785 static inline abi_long host_to_target_statx(struct target_statx *host_stx,
7786                                             abi_ulong target_addr)
7787 {
7788     struct target_statx *target_stx;
7789 
7790     if (!lock_user_struct(VERIFY_WRITE, target_stx, target_addr,  0)) {
7791         return -TARGET_EFAULT;
7792     }
7793     memset(target_stx, 0, sizeof(*target_stx));
7794 
7795     __put_user(host_stx->stx_mask, &target_stx->stx_mask);
7796     __put_user(host_stx->stx_blksize, &target_stx->stx_blksize);
7797     __put_user(host_stx->stx_attributes, &target_stx->stx_attributes);
7798     __put_user(host_stx->stx_nlink, &target_stx->stx_nlink);
7799     __put_user(host_stx->stx_uid, &target_stx->stx_uid);
7800     __put_user(host_stx->stx_gid, &target_stx->stx_gid);
7801     __put_user(host_stx->stx_mode, &target_stx->stx_mode);
7802     __put_user(host_stx->stx_ino, &target_stx->stx_ino);
7803     __put_user(host_stx->stx_size, &target_stx->stx_size);
7804     __put_user(host_stx->stx_blocks, &target_stx->stx_blocks);
7805     __put_user(host_stx->stx_attributes_mask, &target_stx->stx_attributes_mask);
7806     __put_user(host_stx->stx_atime.tv_sec, &target_stx->stx_atime.tv_sec);
7807     __put_user(host_stx->stx_atime.tv_nsec, &target_stx->stx_atime.tv_nsec);
7808     __put_user(host_stx->stx_btime.tv_sec, &target_stx->stx_btime.tv_sec);
7809     __put_user(host_stx->stx_btime.tv_nsec, &target_stx->stx_btime.tv_nsec);
7810     __put_user(host_stx->stx_ctime.tv_sec, &target_stx->stx_ctime.tv_sec);
7811     __put_user(host_stx->stx_ctime.tv_nsec, &target_stx->stx_ctime.tv_nsec);
7812     __put_user(host_stx->stx_mtime.tv_sec, &target_stx->stx_mtime.tv_sec);
7813     __put_user(host_stx->stx_mtime.tv_nsec, &target_stx->stx_mtime.tv_nsec);
7814     __put_user(host_stx->stx_rdev_major, &target_stx->stx_rdev_major);
7815     __put_user(host_stx->stx_rdev_minor, &target_stx->stx_rdev_minor);
7816     __put_user(host_stx->stx_dev_major, &target_stx->stx_dev_major);
7817     __put_user(host_stx->stx_dev_minor, &target_stx->stx_dev_minor);
7818 
7819     unlock_user_struct(target_stx, target_addr, 1);
7820 
7821     return 0;
7822 }
7823 #endif
7824 
7825 static int do_sys_futex(int *uaddr, int op, int val,
7826                          const struct timespec *timeout, int *uaddr2,
7827                          int val3)
7828 {
7829 #if HOST_LONG_BITS == 64
7830 #if defined(__NR_futex)
7831     /* always a 64-bit time_t, it doesn't define _time64 version  */
7832     return sys_futex(uaddr, op, val, timeout, uaddr2, val3);
7833 
7834 #endif
7835 #else /* HOST_LONG_BITS == 64 */
7836 #if defined(__NR_futex_time64)
7837     if (sizeof(timeout->tv_sec) == 8) {
7838         /* _time64 function on 32bit arch */
7839         return sys_futex_time64(uaddr, op, val, timeout, uaddr2, val3);
7840     }
7841 #endif
7842 #if defined(__NR_futex)
7843     /* old function on 32bit arch */
7844     return sys_futex(uaddr, op, val, timeout, uaddr2, val3);
7845 #endif
7846 #endif /* HOST_LONG_BITS == 64 */
7847     g_assert_not_reached();
7848 }
7849 
7850 static int do_safe_futex(int *uaddr, int op, int val,
7851                          const struct timespec *timeout, int *uaddr2,
7852                          int val3)
7853 {
7854 #if HOST_LONG_BITS == 64
7855 #if defined(__NR_futex)
7856     /* always a 64-bit time_t, it doesn't define _time64 version  */
7857     return get_errno(safe_futex(uaddr, op, val, timeout, uaddr2, val3));
7858 #endif
7859 #else /* HOST_LONG_BITS == 64 */
7860 #if defined(__NR_futex_time64)
7861     if (sizeof(timeout->tv_sec) == 8) {
7862         /* _time64 function on 32bit arch */
7863         return get_errno(safe_futex_time64(uaddr, op, val, timeout, uaddr2,
7864                                            val3));
7865     }
7866 #endif
7867 #if defined(__NR_futex)
7868     /* old function on 32bit arch */
7869     return get_errno(safe_futex(uaddr, op, val, timeout, uaddr2, val3));
7870 #endif
7871 #endif /* HOST_LONG_BITS == 64 */
7872     return -TARGET_ENOSYS;
7873 }
7874 
7875 /* ??? Using host futex calls even when target atomic operations
7876    are not really atomic probably breaks things.  However implementing
7877    futexes locally would make futexes shared between multiple processes
7878    tricky.  However they're probably useless because guest atomic
7879    operations won't work either.  */
7880 #if defined(TARGET_NR_futex) || defined(TARGET_NR_futex_time64)
7881 static int do_futex(CPUState *cpu, bool time64, target_ulong uaddr,
7882                     int op, int val, target_ulong timeout,
7883                     target_ulong uaddr2, int val3)
7884 {
7885     struct timespec ts, *pts = NULL;
7886     void *haddr2 = NULL;
7887     int base_op;
7888 
7889     /* We assume FUTEX_* constants are the same on both host and target. */
7890 #ifdef FUTEX_CMD_MASK
7891     base_op = op & FUTEX_CMD_MASK;
7892 #else
7893     base_op = op;
7894 #endif
7895     switch (base_op) {
7896     case FUTEX_WAIT:
7897     case FUTEX_WAIT_BITSET:
7898         val = tswap32(val);
7899         break;
7900     case FUTEX_WAIT_REQUEUE_PI:
7901         val = tswap32(val);
7902         haddr2 = g2h(cpu, uaddr2);
7903         break;
7904     case FUTEX_LOCK_PI:
7905     case FUTEX_LOCK_PI2:
7906         break;
7907     case FUTEX_WAKE:
7908     case FUTEX_WAKE_BITSET:
7909     case FUTEX_TRYLOCK_PI:
7910     case FUTEX_UNLOCK_PI:
7911         timeout = 0;
7912         break;
7913     case FUTEX_FD:
7914         val = target_to_host_signal(val);
7915         timeout = 0;
7916         break;
7917     case FUTEX_CMP_REQUEUE:
7918     case FUTEX_CMP_REQUEUE_PI:
7919         val3 = tswap32(val3);
7920         /* fall through */
7921     case FUTEX_REQUEUE:
7922     case FUTEX_WAKE_OP:
7923         /*
7924          * For these, the 4th argument is not TIMEOUT, but VAL2.
7925          * But the prototype of do_safe_futex takes a pointer, so
7926          * insert casts to satisfy the compiler.  We do not need
7927          * to tswap VAL2 since it's not compared to guest memory.
7928           */
7929         pts = (struct timespec *)(uintptr_t)timeout;
7930         timeout = 0;
7931         haddr2 = g2h(cpu, uaddr2);
7932         break;
7933     default:
7934         return -TARGET_ENOSYS;
7935     }
7936     if (timeout) {
7937         pts = &ts;
7938         if (time64
7939             ? target_to_host_timespec64(pts, timeout)
7940             : target_to_host_timespec(pts, timeout)) {
7941             return -TARGET_EFAULT;
7942         }
7943     }
7944     return do_safe_futex(g2h(cpu, uaddr), op, val, pts, haddr2, val3);
7945 }
7946 #endif
7947 
7948 #if defined(TARGET_NR_name_to_handle_at) && defined(CONFIG_OPEN_BY_HANDLE)
7949 static abi_long do_name_to_handle_at(abi_long dirfd, abi_long pathname,
7950                                      abi_long handle, abi_long mount_id,
7951                                      abi_long flags)
7952 {
7953     struct file_handle *target_fh;
7954     struct file_handle *fh;
7955     int mid = 0;
7956     abi_long ret;
7957     char *name;
7958     unsigned int size, total_size;
7959 
7960     if (get_user_s32(size, handle)) {
7961         return -TARGET_EFAULT;
7962     }
7963 
7964     name = lock_user_string(pathname);
7965     if (!name) {
7966         return -TARGET_EFAULT;
7967     }
7968 
7969     total_size = sizeof(struct file_handle) + size;
7970     target_fh = lock_user(VERIFY_WRITE, handle, total_size, 0);
7971     if (!target_fh) {
7972         unlock_user(name, pathname, 0);
7973         return -TARGET_EFAULT;
7974     }
7975 
7976     fh = g_malloc0(total_size);
7977     fh->handle_bytes = size;
7978 
7979     ret = get_errno(name_to_handle_at(dirfd, path(name), fh, &mid, flags));
7980     unlock_user(name, pathname, 0);
7981 
7982     /* man name_to_handle_at(2):
7983      * Other than the use of the handle_bytes field, the caller should treat
7984      * the file_handle structure as an opaque data type
7985      */
7986 
7987     memcpy(target_fh, fh, total_size);
7988     target_fh->handle_bytes = tswap32(fh->handle_bytes);
7989     target_fh->handle_type = tswap32(fh->handle_type);
7990     g_free(fh);
7991     unlock_user(target_fh, handle, total_size);
7992 
7993     if (put_user_s32(mid, mount_id)) {
7994         return -TARGET_EFAULT;
7995     }
7996 
7997     return ret;
7998 
7999 }
8000 #endif
8001 
8002 #if defined(TARGET_NR_open_by_handle_at) && defined(CONFIG_OPEN_BY_HANDLE)
8003 static abi_long do_open_by_handle_at(abi_long mount_fd, abi_long handle,
8004                                      abi_long flags)
8005 {
8006     struct file_handle *target_fh;
8007     struct file_handle *fh;
8008     unsigned int size, total_size;
8009     abi_long ret;
8010 
8011     if (get_user_s32(size, handle)) {
8012         return -TARGET_EFAULT;
8013     }
8014 
8015     total_size = sizeof(struct file_handle) + size;
8016     target_fh = lock_user(VERIFY_READ, handle, total_size, 1);
8017     if (!target_fh) {
8018         return -TARGET_EFAULT;
8019     }
8020 
8021     fh = g_memdup(target_fh, total_size);
8022     fh->handle_bytes = size;
8023     fh->handle_type = tswap32(target_fh->handle_type);
8024 
8025     ret = get_errno(open_by_handle_at(mount_fd, fh,
8026                     target_to_host_bitmask(flags, fcntl_flags_tbl)));
8027 
8028     g_free(fh);
8029 
8030     unlock_user(target_fh, handle, total_size);
8031 
8032     return ret;
8033 }
8034 #endif
8035 
8036 #if defined(TARGET_NR_signalfd) || defined(TARGET_NR_signalfd4)
8037 
8038 static abi_long do_signalfd4(int fd, abi_long mask, int flags)
8039 {
8040     int host_flags;
8041     target_sigset_t *target_mask;
8042     sigset_t host_mask;
8043     abi_long ret;
8044 
8045     if (flags & ~(TARGET_O_NONBLOCK_MASK | TARGET_O_CLOEXEC)) {
8046         return -TARGET_EINVAL;
8047     }
8048     if (!lock_user_struct(VERIFY_READ, target_mask, mask, 1)) {
8049         return -TARGET_EFAULT;
8050     }
8051 
8052     target_to_host_sigset(&host_mask, target_mask);
8053 
8054     host_flags = target_to_host_bitmask(flags, fcntl_flags_tbl);
8055 
8056     ret = get_errno(signalfd(fd, &host_mask, host_flags));
8057     if (ret >= 0) {
8058         fd_trans_register(ret, &target_signalfd_trans);
8059     }
8060 
8061     unlock_user_struct(target_mask, mask, 0);
8062 
8063     return ret;
8064 }
8065 #endif
8066 
8067 /* Map host to target signal numbers for the wait family of syscalls.
8068    Assume all other status bits are the same.  */
8069 int host_to_target_waitstatus(int status)
8070 {
8071     if (WIFSIGNALED(status)) {
8072         return host_to_target_signal(WTERMSIG(status)) | (status & ~0x7f);
8073     }
8074     if (WIFSTOPPED(status)) {
8075         return (host_to_target_signal(WSTOPSIG(status)) << 8)
8076                | (status & 0xff);
8077     }
8078     return status;
8079 }
8080 
8081 static int open_self_cmdline(CPUArchState *cpu_env, int fd)
8082 {
8083     CPUState *cpu = env_cpu(cpu_env);
8084     struct linux_binprm *bprm = ((TaskState *)cpu->opaque)->bprm;
8085     int i;
8086 
8087     for (i = 0; i < bprm->argc; i++) {
8088         size_t len = strlen(bprm->argv[i]) + 1;
8089 
8090         if (write(fd, bprm->argv[i], len) != len) {
8091             return -1;
8092         }
8093     }
8094 
8095     return 0;
8096 }
8097 
8098 static void show_smaps(int fd, unsigned long size)
8099 {
8100     unsigned long page_size_kb = TARGET_PAGE_SIZE >> 10;
8101     unsigned long size_kb = size >> 10;
8102 
8103     dprintf(fd, "Size:                  %lu kB\n"
8104                 "KernelPageSize:        %lu kB\n"
8105                 "MMUPageSize:           %lu kB\n"
8106                 "Rss:                   0 kB\n"
8107                 "Pss:                   0 kB\n"
8108                 "Pss_Dirty:             0 kB\n"
8109                 "Shared_Clean:          0 kB\n"
8110                 "Shared_Dirty:          0 kB\n"
8111                 "Private_Clean:         0 kB\n"
8112                 "Private_Dirty:         0 kB\n"
8113                 "Referenced:            0 kB\n"
8114                 "Anonymous:             0 kB\n"
8115                 "LazyFree:              0 kB\n"
8116                 "AnonHugePages:         0 kB\n"
8117                 "ShmemPmdMapped:        0 kB\n"
8118                 "FilePmdMapped:         0 kB\n"
8119                 "Shared_Hugetlb:        0 kB\n"
8120                 "Private_Hugetlb:       0 kB\n"
8121                 "Swap:                  0 kB\n"
8122                 "SwapPss:               0 kB\n"
8123                 "Locked:                0 kB\n"
8124                 "THPeligible:    0\n", size_kb, page_size_kb, page_size_kb);
8125 }
8126 
8127 static int open_self_maps_1(CPUArchState *cpu_env, int fd, bool smaps)
8128 {
8129     CPUState *cpu = env_cpu(cpu_env);
8130     TaskState *ts = cpu->opaque;
8131     IntervalTreeRoot *map_info = read_self_maps();
8132     IntervalTreeNode *s;
8133     int count;
8134 
8135     for (s = interval_tree_iter_first(map_info, 0, -1); s;
8136          s = interval_tree_iter_next(s, 0, -1)) {
8137         MapInfo *e = container_of(s, MapInfo, itree);
8138 
8139         if (h2g_valid(e->itree.start)) {
8140             unsigned long min = e->itree.start;
8141             unsigned long max = e->itree.last + 1;
8142             int flags = page_get_flags(h2g(min));
8143             const char *path;
8144 
8145             max = h2g_valid(max - 1) ?
8146                 max : (uintptr_t) g2h_untagged(GUEST_ADDR_MAX) + 1;
8147 
8148             if (!page_check_range(h2g(min), max - min, flags)) {
8149                 continue;
8150             }
8151 
8152 #ifdef TARGET_HPPA
8153             if (h2g(max) == ts->info->stack_limit) {
8154 #else
8155             if (h2g(min) == ts->info->stack_limit) {
8156 #endif
8157                 path = "[stack]";
8158             } else {
8159                 path = e->path;
8160             }
8161 
8162             count = dprintf(fd, TARGET_ABI_FMT_ptr "-" TARGET_ABI_FMT_ptr
8163                             " %c%c%c%c %08" PRIx64 " %s %"PRId64,
8164                             h2g(min), h2g(max - 1) + 1,
8165                             (flags & PAGE_READ) ? 'r' : '-',
8166                             (flags & PAGE_WRITE_ORG) ? 'w' : '-',
8167                             (flags & PAGE_EXEC) ? 'x' : '-',
8168                             e->is_priv ? 'p' : 's',
8169                             (uint64_t) e->offset, e->dev, e->inode);
8170             if (path) {
8171                 dprintf(fd, "%*s%s\n", 73 - count, "", path);
8172             } else {
8173                 dprintf(fd, "\n");
8174             }
8175             if (smaps) {
8176                 show_smaps(fd, max - min);
8177                 dprintf(fd, "VmFlags:%s%s%s%s%s%s%s%s\n",
8178                         (flags & PAGE_READ) ? " rd" : "",
8179                         (flags & PAGE_WRITE_ORG) ? " wr" : "",
8180                         (flags & PAGE_EXEC) ? " ex" : "",
8181                         e->is_priv ? "" : " sh",
8182                         (flags & PAGE_READ) ? " mr" : "",
8183                         (flags & PAGE_WRITE_ORG) ? " mw" : "",
8184                         (flags & PAGE_EXEC) ? " me" : "",
8185                         e->is_priv ? "" : " ms");
8186             }
8187         }
8188     }
8189 
8190     free_self_maps(map_info);
8191 
8192 #ifdef TARGET_VSYSCALL_PAGE
8193     /*
8194      * We only support execution from the vsyscall page.
8195      * This is as if CONFIG_LEGACY_VSYSCALL_XONLY=y from v5.3.
8196      */
8197     count = dprintf(fd, TARGET_FMT_lx "-" TARGET_FMT_lx
8198                     " --xp 00000000 00:00 0",
8199                     TARGET_VSYSCALL_PAGE, TARGET_VSYSCALL_PAGE + TARGET_PAGE_SIZE);
8200     dprintf(fd, "%*s%s\n", 73 - count, "",  "[vsyscall]");
8201     if (smaps) {
8202         show_smaps(fd, TARGET_PAGE_SIZE);
8203         dprintf(fd, "VmFlags: ex\n");
8204     }
8205 #endif
8206 
8207     return 0;
8208 }
8209 
8210 static int open_self_maps(CPUArchState *cpu_env, int fd)
8211 {
8212     return open_self_maps_1(cpu_env, fd, false);
8213 }
8214 
8215 static int open_self_smaps(CPUArchState *cpu_env, int fd)
8216 {
8217     return open_self_maps_1(cpu_env, fd, true);
8218 }
8219 
8220 static int open_self_stat(CPUArchState *cpu_env, int fd)
8221 {
8222     CPUState *cpu = env_cpu(cpu_env);
8223     TaskState *ts = cpu->opaque;
8224     g_autoptr(GString) buf = g_string_new(NULL);
8225     int i;
8226 
8227     for (i = 0; i < 44; i++) {
8228         if (i == 0) {
8229             /* pid */
8230             g_string_printf(buf, FMT_pid " ", getpid());
8231         } else if (i == 1) {
8232             /* app name */
8233             gchar *bin = g_strrstr(ts->bprm->argv[0], "/");
8234             bin = bin ? bin + 1 : ts->bprm->argv[0];
8235             g_string_printf(buf, "(%.15s) ", bin);
8236         } else if (i == 2) {
8237             /* task state */
8238             g_string_assign(buf, "R "); /* we are running right now */
8239         } else if (i == 3) {
8240             /* ppid */
8241             g_string_printf(buf, FMT_pid " ", getppid());
8242         } else if (i == 21) {
8243             /* starttime */
8244             g_string_printf(buf, "%" PRIu64 " ", ts->start_boottime);
8245         } else if (i == 27) {
8246             /* stack bottom */
8247             g_string_printf(buf, TARGET_ABI_FMT_ld " ", ts->info->start_stack);
8248         } else {
8249             /* for the rest, there is MasterCard */
8250             g_string_printf(buf, "0%c", i == 43 ? '\n' : ' ');
8251         }
8252 
8253         if (write(fd, buf->str, buf->len) != buf->len) {
8254             return -1;
8255         }
8256     }
8257 
8258     return 0;
8259 }
8260 
8261 static int open_self_auxv(CPUArchState *cpu_env, int fd)
8262 {
8263     CPUState *cpu = env_cpu(cpu_env);
8264     TaskState *ts = cpu->opaque;
8265     abi_ulong auxv = ts->info->saved_auxv;
8266     abi_ulong len = ts->info->auxv_len;
8267     char *ptr;
8268 
8269     /*
8270      * Auxiliary vector is stored in target process stack.
8271      * read in whole auxv vector and copy it to file
8272      */
8273     ptr = lock_user(VERIFY_READ, auxv, len, 0);
8274     if (ptr != NULL) {
8275         while (len > 0) {
8276             ssize_t r;
8277             r = write(fd, ptr, len);
8278             if (r <= 0) {
8279                 break;
8280             }
8281             len -= r;
8282             ptr += r;
8283         }
8284         lseek(fd, 0, SEEK_SET);
8285         unlock_user(ptr, auxv, len);
8286     }
8287 
8288     return 0;
8289 }
8290 
8291 static int is_proc_myself(const char *filename, const char *entry)
8292 {
8293     if (!strncmp(filename, "/proc/", strlen("/proc/"))) {
8294         filename += strlen("/proc/");
8295         if (!strncmp(filename, "self/", strlen("self/"))) {
8296             filename += strlen("self/");
8297         } else if (*filename >= '1' && *filename <= '9') {
8298             char myself[80];
8299             snprintf(myself, sizeof(myself), "%d/", getpid());
8300             if (!strncmp(filename, myself, strlen(myself))) {
8301                 filename += strlen(myself);
8302             } else {
8303                 return 0;
8304             }
8305         } else {
8306             return 0;
8307         }
8308         if (!strcmp(filename, entry)) {
8309             return 1;
8310         }
8311     }
8312     return 0;
8313 }
8314 
8315 static void excp_dump_file(FILE *logfile, CPUArchState *env,
8316                       const char *fmt, int code)
8317 {
8318     if (logfile) {
8319         CPUState *cs = env_cpu(env);
8320 
8321         fprintf(logfile, fmt, code);
8322         fprintf(logfile, "Failing executable: %s\n", exec_path);
8323         cpu_dump_state(cs, logfile, 0);
8324         open_self_maps(env, fileno(logfile));
8325     }
8326 }
8327 
8328 void target_exception_dump(CPUArchState *env, const char *fmt, int code)
8329 {
8330     /* dump to console */
8331     excp_dump_file(stderr, env, fmt, code);
8332 
8333     /* dump to log file */
8334     if (qemu_log_separate()) {
8335         FILE *logfile = qemu_log_trylock();
8336 
8337         excp_dump_file(logfile, env, fmt, code);
8338         qemu_log_unlock(logfile);
8339     }
8340 }
8341 
8342 #if HOST_BIG_ENDIAN != TARGET_BIG_ENDIAN || \
8343     defined(TARGET_SPARC) || defined(TARGET_M68K) || defined(TARGET_HPPA) || \
8344     defined(TARGET_RISCV) || defined(TARGET_S390X)
8345 static int is_proc(const char *filename, const char *entry)
8346 {
8347     return strcmp(filename, entry) == 0;
8348 }
8349 #endif
8350 
8351 #if HOST_BIG_ENDIAN != TARGET_BIG_ENDIAN
8352 static int open_net_route(CPUArchState *cpu_env, int fd)
8353 {
8354     FILE *fp;
8355     char *line = NULL;
8356     size_t len = 0;
8357     ssize_t read;
8358 
8359     fp = fopen("/proc/net/route", "r");
8360     if (fp == NULL) {
8361         return -1;
8362     }
8363 
8364     /* read header */
8365 
8366     read = getline(&line, &len, fp);
8367     dprintf(fd, "%s", line);
8368 
8369     /* read routes */
8370 
8371     while ((read = getline(&line, &len, fp)) != -1) {
8372         char iface[16];
8373         uint32_t dest, gw, mask;
8374         unsigned int flags, refcnt, use, metric, mtu, window, irtt;
8375         int fields;
8376 
8377         fields = sscanf(line,
8378                         "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n",
8379                         iface, &dest, &gw, &flags, &refcnt, &use, &metric,
8380                         &mask, &mtu, &window, &irtt);
8381         if (fields != 11) {
8382             continue;
8383         }
8384         dprintf(fd, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n",
8385                 iface, tswap32(dest), tswap32(gw), flags, refcnt, use,
8386                 metric, tswap32(mask), mtu, window, irtt);
8387     }
8388 
8389     free(line);
8390     fclose(fp);
8391 
8392     return 0;
8393 }
8394 #endif
8395 
8396 #if defined(TARGET_SPARC)
8397 static int open_cpuinfo(CPUArchState *cpu_env, int fd)
8398 {
8399     dprintf(fd, "type\t\t: sun4u\n");
8400     return 0;
8401 }
8402 #endif
8403 
8404 #if defined(TARGET_HPPA)
8405 static int open_cpuinfo(CPUArchState *cpu_env, int fd)
8406 {
8407     int i, num_cpus;
8408 
8409     num_cpus = sysconf(_SC_NPROCESSORS_ONLN);
8410     for (i = 0; i < num_cpus; i++) {
8411         dprintf(fd, "processor\t: %d\n", i);
8412         dprintf(fd, "cpu family\t: PA-RISC 1.1e\n");
8413         dprintf(fd, "cpu\t\t: PA7300LC (PCX-L2)\n");
8414         dprintf(fd, "capabilities\t: os32\n");
8415         dprintf(fd, "model\t\t: 9000/778/B160L - "
8416                     "Merlin L2 160 QEMU (9000/778/B160L)\n\n");
8417     }
8418     return 0;
8419 }
8420 #endif
8421 
8422 #if defined(TARGET_RISCV)
8423 static int open_cpuinfo(CPUArchState *cpu_env, int fd)
8424 {
8425     int i;
8426     int num_cpus = sysconf(_SC_NPROCESSORS_ONLN);
8427     RISCVCPU *cpu = env_archcpu(cpu_env);
8428     const RISCVCPUConfig *cfg = riscv_cpu_cfg((CPURISCVState *) cpu_env);
8429     char *isa_string = riscv_isa_string(cpu);
8430     const char *mmu;
8431 
8432     if (cfg->mmu) {
8433         mmu = (cpu_env->xl == MXL_RV32) ? "sv32"  : "sv48";
8434     } else {
8435         mmu = "none";
8436     }
8437 
8438     for (i = 0; i < num_cpus; i++) {
8439         dprintf(fd, "processor\t: %d\n", i);
8440         dprintf(fd, "hart\t\t: %d\n", i);
8441         dprintf(fd, "isa\t\t: %s\n", isa_string);
8442         dprintf(fd, "mmu\t\t: %s\n", mmu);
8443         dprintf(fd, "uarch\t\t: qemu\n\n");
8444     }
8445 
8446     g_free(isa_string);
8447     return 0;
8448 }
8449 #endif
8450 
8451 #if defined(TARGET_S390X)
8452 /*
8453  * Emulate what a Linux kernel running in qemu-system-s390x -M accel=tcg would
8454  * show in /proc/cpuinfo.
8455  *
8456  * Skip the following in order to match the missing support in op_ecag():
8457  * - show_cacheinfo().
8458  * - show_cpu_topology().
8459  * - show_cpu_mhz().
8460  *
8461  * Use fixed values for certain fields:
8462  * - bogomips per cpu - from a qemu-system-s390x run.
8463  * - max thread id = 0, since SMT / SIGP_SET_MULTI_THREADING is not supported.
8464  *
8465  * Keep the code structure close to arch/s390/kernel/processor.c.
8466  */
8467 
8468 static void show_facilities(int fd)
8469 {
8470     size_t sizeof_stfl_bytes = 2048;
8471     g_autofree uint8_t *stfl_bytes = g_new0(uint8_t, sizeof_stfl_bytes);
8472     unsigned int bit;
8473 
8474     dprintf(fd, "facilities      :");
8475     s390_get_feat_block(S390_FEAT_TYPE_STFL, stfl_bytes);
8476     for (bit = 0; bit < sizeof_stfl_bytes * 8; bit++) {
8477         if (test_be_bit(bit, stfl_bytes)) {
8478             dprintf(fd, " %d", bit);
8479         }
8480     }
8481     dprintf(fd, "\n");
8482 }
8483 
8484 static int cpu_ident(unsigned long n)
8485 {
8486     return deposit32(0, CPU_ID_BITS - CPU_PHYS_ADDR_BITS, CPU_PHYS_ADDR_BITS,
8487                      n);
8488 }
8489 
8490 static void show_cpu_summary(CPUArchState *cpu_env, int fd)
8491 {
8492     S390CPUModel *model = env_archcpu(cpu_env)->model;
8493     int num_cpus = sysconf(_SC_NPROCESSORS_ONLN);
8494     uint32_t elf_hwcap = get_elf_hwcap();
8495     const char *hwcap_str;
8496     int i;
8497 
8498     dprintf(fd, "vendor_id       : IBM/S390\n"
8499                 "# processors    : %i\n"
8500                 "bogomips per cpu: 13370.00\n",
8501             num_cpus);
8502     dprintf(fd, "max thread id   : 0\n");
8503     dprintf(fd, "features\t: ");
8504     for (i = 0; i < sizeof(elf_hwcap) * 8; i++) {
8505         if (!(elf_hwcap & (1 << i))) {
8506             continue;
8507         }
8508         hwcap_str = elf_hwcap_str(i);
8509         if (hwcap_str) {
8510             dprintf(fd, "%s ", hwcap_str);
8511         }
8512     }
8513     dprintf(fd, "\n");
8514     show_facilities(fd);
8515     for (i = 0; i < num_cpus; i++) {
8516         dprintf(fd, "processor %d: "
8517                "version = %02X,  "
8518                "identification = %06X,  "
8519                "machine = %04X\n",
8520                i, model->cpu_ver, cpu_ident(i), model->def->type);
8521     }
8522 }
8523 
8524 static void show_cpu_ids(CPUArchState *cpu_env, int fd, unsigned long n)
8525 {
8526     S390CPUModel *model = env_archcpu(cpu_env)->model;
8527 
8528     dprintf(fd, "version         : %02X\n", model->cpu_ver);
8529     dprintf(fd, "identification  : %06X\n", cpu_ident(n));
8530     dprintf(fd, "machine         : %04X\n", model->def->type);
8531 }
8532 
8533 static void show_cpuinfo(CPUArchState *cpu_env, int fd, unsigned long n)
8534 {
8535     dprintf(fd, "\ncpu number      : %ld\n", n);
8536     show_cpu_ids(cpu_env, fd, n);
8537 }
8538 
8539 static int open_cpuinfo(CPUArchState *cpu_env, int fd)
8540 {
8541     int num_cpus = sysconf(_SC_NPROCESSORS_ONLN);
8542     int i;
8543 
8544     show_cpu_summary(cpu_env, fd);
8545     for (i = 0; i < num_cpus; i++) {
8546         show_cpuinfo(cpu_env, fd, i);
8547     }
8548     return 0;
8549 }
8550 #endif
8551 
8552 #if defined(TARGET_M68K)
8553 static int open_hardware(CPUArchState *cpu_env, int fd)
8554 {
8555     dprintf(fd, "Model:\t\tqemu-m68k\n");
8556     return 0;
8557 }
8558 #endif
8559 
8560 
8561 int do_guest_openat(CPUArchState *cpu_env, int dirfd, const char *fname,
8562                     int flags, mode_t mode, bool safe)
8563 {
8564     g_autofree char *proc_name = NULL;
8565     const char *pathname;
8566     struct fake_open {
8567         const char *filename;
8568         int (*fill)(CPUArchState *cpu_env, int fd);
8569         int (*cmp)(const char *s1, const char *s2);
8570     };
8571     const struct fake_open *fake_open;
8572     static const struct fake_open fakes[] = {
8573         { "maps", open_self_maps, is_proc_myself },
8574         { "smaps", open_self_smaps, is_proc_myself },
8575         { "stat", open_self_stat, is_proc_myself },
8576         { "auxv", open_self_auxv, is_proc_myself },
8577         { "cmdline", open_self_cmdline, is_proc_myself },
8578 #if HOST_BIG_ENDIAN != TARGET_BIG_ENDIAN
8579         { "/proc/net/route", open_net_route, is_proc },
8580 #endif
8581 #if defined(TARGET_SPARC) || defined(TARGET_HPPA) || \
8582     defined(TARGET_RISCV) || defined(TARGET_S390X)
8583         { "/proc/cpuinfo", open_cpuinfo, is_proc },
8584 #endif
8585 #if defined(TARGET_M68K)
8586         { "/proc/hardware", open_hardware, is_proc },
8587 #endif
8588         { NULL, NULL, NULL }
8589     };
8590 
8591     /* if this is a file from /proc/ filesystem, expand full name */
8592     proc_name = realpath(fname, NULL);
8593     if (proc_name && strncmp(proc_name, "/proc/", 6) == 0) {
8594         pathname = proc_name;
8595     } else {
8596         pathname = fname;
8597     }
8598 
8599     if (is_proc_myself(pathname, "exe")) {
8600         if (safe) {
8601             return safe_openat(dirfd, exec_path, flags, mode);
8602         } else {
8603             return openat(dirfd, exec_path, flags, mode);
8604         }
8605     }
8606 
8607     for (fake_open = fakes; fake_open->filename; fake_open++) {
8608         if (fake_open->cmp(pathname, fake_open->filename)) {
8609             break;
8610         }
8611     }
8612 
8613     if (fake_open->filename) {
8614         const char *tmpdir;
8615         char filename[PATH_MAX];
8616         int fd, r;
8617 
8618         fd = memfd_create("qemu-open", 0);
8619         if (fd < 0) {
8620             if (errno != ENOSYS) {
8621                 return fd;
8622             }
8623             /* create temporary file to map stat to */
8624             tmpdir = getenv("TMPDIR");
8625             if (!tmpdir)
8626                 tmpdir = "/tmp";
8627             snprintf(filename, sizeof(filename), "%s/qemu-open.XXXXXX", tmpdir);
8628             fd = mkstemp(filename);
8629             if (fd < 0) {
8630                 return fd;
8631             }
8632             unlink(filename);
8633         }
8634 
8635         if ((r = fake_open->fill(cpu_env, fd))) {
8636             int e = errno;
8637             close(fd);
8638             errno = e;
8639             return r;
8640         }
8641         lseek(fd, 0, SEEK_SET);
8642 
8643         return fd;
8644     }
8645 
8646     if (safe) {
8647         return safe_openat(dirfd, path(pathname), flags, mode);
8648     } else {
8649         return openat(dirfd, path(pathname), flags, mode);
8650     }
8651 }
8652 
8653 ssize_t do_guest_readlink(const char *pathname, char *buf, size_t bufsiz)
8654 {
8655     ssize_t ret;
8656 
8657     if (!pathname || !buf) {
8658         errno = EFAULT;
8659         return -1;
8660     }
8661 
8662     if (!bufsiz) {
8663         /* Short circuit this for the magic exe check. */
8664         errno = EINVAL;
8665         return -1;
8666     }
8667 
8668     if (is_proc_myself((const char *)pathname, "exe")) {
8669         /*
8670          * Don't worry about sign mismatch as earlier mapping
8671          * logic would have thrown a bad address error.
8672          */
8673         ret = MIN(strlen(exec_path), bufsiz);
8674         /* We cannot NUL terminate the string. */
8675         memcpy(buf, exec_path, ret);
8676     } else {
8677         ret = readlink(path(pathname), buf, bufsiz);
8678     }
8679 
8680     return ret;
8681 }
8682 
8683 static int do_execv(CPUArchState *cpu_env, int dirfd,
8684                     abi_long pathname, abi_long guest_argp,
8685                     abi_long guest_envp, int flags, bool is_execveat)
8686 {
8687     int ret;
8688     char **argp, **envp;
8689     int argc, envc;
8690     abi_ulong gp;
8691     abi_ulong addr;
8692     char **q;
8693     void *p;
8694 
8695     argc = 0;
8696 
8697     for (gp = guest_argp; gp; gp += sizeof(abi_ulong)) {
8698         if (get_user_ual(addr, gp)) {
8699             return -TARGET_EFAULT;
8700         }
8701         if (!addr) {
8702             break;
8703         }
8704         argc++;
8705     }
8706     envc = 0;
8707     for (gp = guest_envp; gp; gp += sizeof(abi_ulong)) {
8708         if (get_user_ual(addr, gp)) {
8709             return -TARGET_EFAULT;
8710         }
8711         if (!addr) {
8712             break;
8713         }
8714         envc++;
8715     }
8716 
8717     argp = g_new0(char *, argc + 1);
8718     envp = g_new0(char *, envc + 1);
8719 
8720     for (gp = guest_argp, q = argp; gp; gp += sizeof(abi_ulong), q++) {
8721         if (get_user_ual(addr, gp)) {
8722             goto execve_efault;
8723         }
8724         if (!addr) {
8725             break;
8726         }
8727         *q = lock_user_string(addr);
8728         if (!*q) {
8729             goto execve_efault;
8730         }
8731     }
8732     *q = NULL;
8733 
8734     for (gp = guest_envp, q = envp; gp; gp += sizeof(abi_ulong), q++) {
8735         if (get_user_ual(addr, gp)) {
8736             goto execve_efault;
8737         }
8738         if (!addr) {
8739             break;
8740         }
8741         *q = lock_user_string(addr);
8742         if (!*q) {
8743             goto execve_efault;
8744         }
8745     }
8746     *q = NULL;
8747 
8748     /*
8749      * Although execve() is not an interruptible syscall it is
8750      * a special case where we must use the safe_syscall wrapper:
8751      * if we allow a signal to happen before we make the host
8752      * syscall then we will 'lose' it, because at the point of
8753      * execve the process leaves QEMU's control. So we use the
8754      * safe syscall wrapper to ensure that we either take the
8755      * signal as a guest signal, or else it does not happen
8756      * before the execve completes and makes it the other
8757      * program's problem.
8758      */
8759     p = lock_user_string(pathname);
8760     if (!p) {
8761         goto execve_efault;
8762     }
8763 
8764     const char *exe = p;
8765     if (is_proc_myself(p, "exe")) {
8766         exe = exec_path;
8767     }
8768     ret = is_execveat
8769         ? safe_execveat(dirfd, exe, argp, envp, flags)
8770         : safe_execve(exe, argp, envp);
8771     ret = get_errno(ret);
8772 
8773     unlock_user(p, pathname, 0);
8774 
8775     goto execve_end;
8776 
8777 execve_efault:
8778     ret = -TARGET_EFAULT;
8779 
8780 execve_end:
8781     for (gp = guest_argp, q = argp; *q; gp += sizeof(abi_ulong), q++) {
8782         if (get_user_ual(addr, gp) || !addr) {
8783             break;
8784         }
8785         unlock_user(*q, addr, 0);
8786     }
8787     for (gp = guest_envp, q = envp; *q; gp += sizeof(abi_ulong), q++) {
8788         if (get_user_ual(addr, gp) || !addr) {
8789             break;
8790         }
8791         unlock_user(*q, addr, 0);
8792     }
8793 
8794     g_free(argp);
8795     g_free(envp);
8796     return ret;
8797 }
8798 
8799 #define TIMER_MAGIC 0x0caf0000
8800 #define TIMER_MAGIC_MASK 0xffff0000
8801 
8802 /* Convert QEMU provided timer ID back to internal 16bit index format */
8803 static target_timer_t get_timer_id(abi_long arg)
8804 {
8805     target_timer_t timerid = arg;
8806 
8807     if ((timerid & TIMER_MAGIC_MASK) != TIMER_MAGIC) {
8808         return -TARGET_EINVAL;
8809     }
8810 
8811     timerid &= 0xffff;
8812 
8813     if (timerid >= ARRAY_SIZE(g_posix_timers)) {
8814         return -TARGET_EINVAL;
8815     }
8816 
8817     return timerid;
8818 }
8819 
8820 static int target_to_host_cpu_mask(unsigned long *host_mask,
8821                                    size_t host_size,
8822                                    abi_ulong target_addr,
8823                                    size_t target_size)
8824 {
8825     unsigned target_bits = sizeof(abi_ulong) * 8;
8826     unsigned host_bits = sizeof(*host_mask) * 8;
8827     abi_ulong *target_mask;
8828     unsigned i, j;
8829 
8830     assert(host_size >= target_size);
8831 
8832     target_mask = lock_user(VERIFY_READ, target_addr, target_size, 1);
8833     if (!target_mask) {
8834         return -TARGET_EFAULT;
8835     }
8836     memset(host_mask, 0, host_size);
8837 
8838     for (i = 0 ; i < target_size / sizeof(abi_ulong); i++) {
8839         unsigned bit = i * target_bits;
8840         abi_ulong val;
8841 
8842         __get_user(val, &target_mask[i]);
8843         for (j = 0; j < target_bits; j++, bit++) {
8844             if (val & (1UL << j)) {
8845                 host_mask[bit / host_bits] |= 1UL << (bit % host_bits);
8846             }
8847         }
8848     }
8849 
8850     unlock_user(target_mask, target_addr, 0);
8851     return 0;
8852 }
8853 
8854 static int host_to_target_cpu_mask(const unsigned long *host_mask,
8855                                    size_t host_size,
8856                                    abi_ulong target_addr,
8857                                    size_t target_size)
8858 {
8859     unsigned target_bits = sizeof(abi_ulong) * 8;
8860     unsigned host_bits = sizeof(*host_mask) * 8;
8861     abi_ulong *target_mask;
8862     unsigned i, j;
8863 
8864     assert(host_size >= target_size);
8865 
8866     target_mask = lock_user(VERIFY_WRITE, target_addr, target_size, 0);
8867     if (!target_mask) {
8868         return -TARGET_EFAULT;
8869     }
8870 
8871     for (i = 0 ; i < target_size / sizeof(abi_ulong); i++) {
8872         unsigned bit = i * target_bits;
8873         abi_ulong val = 0;
8874 
8875         for (j = 0; j < target_bits; j++, bit++) {
8876             if (host_mask[bit / host_bits] & (1UL << (bit % host_bits))) {
8877                 val |= 1UL << j;
8878             }
8879         }
8880         __put_user(val, &target_mask[i]);
8881     }
8882 
8883     unlock_user(target_mask, target_addr, target_size);
8884     return 0;
8885 }
8886 
8887 #ifdef TARGET_NR_getdents
8888 static int do_getdents(abi_long dirfd, abi_long arg2, abi_long count)
8889 {
8890     g_autofree void *hdirp = NULL;
8891     void *tdirp;
8892     int hlen, hoff, toff;
8893     int hreclen, treclen;
8894     off64_t prev_diroff = 0;
8895 
8896     hdirp = g_try_malloc(count);
8897     if (!hdirp) {
8898         return -TARGET_ENOMEM;
8899     }
8900 
8901 #ifdef EMULATE_GETDENTS_WITH_GETDENTS
8902     hlen = sys_getdents(dirfd, hdirp, count);
8903 #else
8904     hlen = sys_getdents64(dirfd, hdirp, count);
8905 #endif
8906 
8907     hlen = get_errno(hlen);
8908     if (is_error(hlen)) {
8909         return hlen;
8910     }
8911 
8912     tdirp = lock_user(VERIFY_WRITE, arg2, count, 0);
8913     if (!tdirp) {
8914         return -TARGET_EFAULT;
8915     }
8916 
8917     for (hoff = toff = 0; hoff < hlen; hoff += hreclen, toff += treclen) {
8918 #ifdef EMULATE_GETDENTS_WITH_GETDENTS
8919         struct linux_dirent *hde = hdirp + hoff;
8920 #else
8921         struct linux_dirent64 *hde = hdirp + hoff;
8922 #endif
8923         struct target_dirent *tde = tdirp + toff;
8924         int namelen;
8925         uint8_t type;
8926 
8927         namelen = strlen(hde->d_name);
8928         hreclen = hde->d_reclen;
8929         treclen = offsetof(struct target_dirent, d_name) + namelen + 2;
8930         treclen = QEMU_ALIGN_UP(treclen, __alignof(struct target_dirent));
8931 
8932         if (toff + treclen > count) {
8933             /*
8934              * If the host struct is smaller than the target struct, or
8935              * requires less alignment and thus packs into less space,
8936              * then the host can return more entries than we can pass
8937              * on to the guest.
8938              */
8939             if (toff == 0) {
8940                 toff = -TARGET_EINVAL; /* result buffer is too small */
8941                 break;
8942             }
8943             /*
8944              * Return what we have, resetting the file pointer to the
8945              * location of the first record not returned.
8946              */
8947             lseek64(dirfd, prev_diroff, SEEK_SET);
8948             break;
8949         }
8950 
8951         prev_diroff = hde->d_off;
8952         tde->d_ino = tswapal(hde->d_ino);
8953         tde->d_off = tswapal(hde->d_off);
8954         tde->d_reclen = tswap16(treclen);
8955         memcpy(tde->d_name, hde->d_name, namelen + 1);
8956 
8957         /*
8958          * The getdents type is in what was formerly a padding byte at the
8959          * end of the structure.
8960          */
8961 #ifdef EMULATE_GETDENTS_WITH_GETDENTS
8962         type = *((uint8_t *)hde + hreclen - 1);
8963 #else
8964         type = hde->d_type;
8965 #endif
8966         *((uint8_t *)tde + treclen - 1) = type;
8967     }
8968 
8969     unlock_user(tdirp, arg2, toff);
8970     return toff;
8971 }
8972 #endif /* TARGET_NR_getdents */
8973 
8974 #if defined(TARGET_NR_getdents64) && defined(__NR_getdents64)
8975 static int do_getdents64(abi_long dirfd, abi_long arg2, abi_long count)
8976 {
8977     g_autofree void *hdirp = NULL;
8978     void *tdirp;
8979     int hlen, hoff, toff;
8980     int hreclen, treclen;
8981     off64_t prev_diroff = 0;
8982 
8983     hdirp = g_try_malloc(count);
8984     if (!hdirp) {
8985         return -TARGET_ENOMEM;
8986     }
8987 
8988     hlen = get_errno(sys_getdents64(dirfd, hdirp, count));
8989     if (is_error(hlen)) {
8990         return hlen;
8991     }
8992 
8993     tdirp = lock_user(VERIFY_WRITE, arg2, count, 0);
8994     if (!tdirp) {
8995         return -TARGET_EFAULT;
8996     }
8997 
8998     for (hoff = toff = 0; hoff < hlen; hoff += hreclen, toff += treclen) {
8999         struct linux_dirent64 *hde = hdirp + hoff;
9000         struct target_dirent64 *tde = tdirp + toff;
9001         int namelen;
9002 
9003         namelen = strlen(hde->d_name) + 1;
9004         hreclen = hde->d_reclen;
9005         treclen = offsetof(struct target_dirent64, d_name) + namelen;
9006         treclen = QEMU_ALIGN_UP(treclen, __alignof(struct target_dirent64));
9007 
9008         if (toff + treclen > count) {
9009             /*
9010              * If the host struct is smaller than the target struct, or
9011              * requires less alignment and thus packs into less space,
9012              * then the host can return more entries than we can pass
9013              * on to the guest.
9014              */
9015             if (toff == 0) {
9016                 toff = -TARGET_EINVAL; /* result buffer is too small */
9017                 break;
9018             }
9019             /*
9020              * Return what we have, resetting the file pointer to the
9021              * location of the first record not returned.
9022              */
9023             lseek64(dirfd, prev_diroff, SEEK_SET);
9024             break;
9025         }
9026 
9027         prev_diroff = hde->d_off;
9028         tde->d_ino = tswap64(hde->d_ino);
9029         tde->d_off = tswap64(hde->d_off);
9030         tde->d_reclen = tswap16(treclen);
9031         tde->d_type = hde->d_type;
9032         memcpy(tde->d_name, hde->d_name, namelen);
9033     }
9034 
9035     unlock_user(tdirp, arg2, toff);
9036     return toff;
9037 }
9038 #endif /* TARGET_NR_getdents64 */
9039 
9040 #if defined(TARGET_NR_riscv_hwprobe)
9041 
9042 #define RISCV_HWPROBE_KEY_MVENDORID     0
9043 #define RISCV_HWPROBE_KEY_MARCHID       1
9044 #define RISCV_HWPROBE_KEY_MIMPID        2
9045 
9046 #define RISCV_HWPROBE_KEY_BASE_BEHAVIOR 3
9047 #define     RISCV_HWPROBE_BASE_BEHAVIOR_IMA (1 << 0)
9048 
9049 #define RISCV_HWPROBE_KEY_IMA_EXT_0     4
9050 #define     RISCV_HWPROBE_IMA_FD       (1 << 0)
9051 #define     RISCV_HWPROBE_IMA_C        (1 << 1)
9052 
9053 #define RISCV_HWPROBE_KEY_CPUPERF_0     5
9054 #define     RISCV_HWPROBE_MISALIGNED_UNKNOWN     (0 << 0)
9055 #define     RISCV_HWPROBE_MISALIGNED_EMULATED    (1 << 0)
9056 #define     RISCV_HWPROBE_MISALIGNED_SLOW        (2 << 0)
9057 #define     RISCV_HWPROBE_MISALIGNED_FAST        (3 << 0)
9058 #define     RISCV_HWPROBE_MISALIGNED_UNSUPPORTED (4 << 0)
9059 #define     RISCV_HWPROBE_MISALIGNED_MASK        (7 << 0)
9060 
9061 struct riscv_hwprobe {
9062     abi_llong  key;
9063     abi_ullong value;
9064 };
9065 
9066 static void risc_hwprobe_fill_pairs(CPURISCVState *env,
9067                                     struct riscv_hwprobe *pair,
9068                                     size_t pair_count)
9069 {
9070     const RISCVCPUConfig *cfg = riscv_cpu_cfg(env);
9071 
9072     for (; pair_count > 0; pair_count--, pair++) {
9073         abi_llong key;
9074         abi_ullong value;
9075         __put_user(0, &pair->value);
9076         __get_user(key, &pair->key);
9077         switch (key) {
9078         case RISCV_HWPROBE_KEY_MVENDORID:
9079             __put_user(cfg->mvendorid, &pair->value);
9080             break;
9081         case RISCV_HWPROBE_KEY_MARCHID:
9082             __put_user(cfg->marchid, &pair->value);
9083             break;
9084         case RISCV_HWPROBE_KEY_MIMPID:
9085             __put_user(cfg->mimpid, &pair->value);
9086             break;
9087         case RISCV_HWPROBE_KEY_BASE_BEHAVIOR:
9088             value = riscv_has_ext(env, RVI) &&
9089                     riscv_has_ext(env, RVM) &&
9090                     riscv_has_ext(env, RVA) ?
9091                     RISCV_HWPROBE_BASE_BEHAVIOR_IMA : 0;
9092             __put_user(value, &pair->value);
9093             break;
9094         case RISCV_HWPROBE_KEY_IMA_EXT_0:
9095             value = riscv_has_ext(env, RVF) &&
9096                     riscv_has_ext(env, RVD) ?
9097                     RISCV_HWPROBE_IMA_FD : 0;
9098             value |= riscv_has_ext(env, RVC) ?
9099                      RISCV_HWPROBE_IMA_C : pair->value;
9100             __put_user(value, &pair->value);
9101             break;
9102         case RISCV_HWPROBE_KEY_CPUPERF_0:
9103             __put_user(RISCV_HWPROBE_MISALIGNED_FAST, &pair->value);
9104             break;
9105         default:
9106             __put_user(-1, &pair->key);
9107             break;
9108         }
9109     }
9110 }
9111 
9112 static int cpu_set_valid(abi_long arg3, abi_long arg4)
9113 {
9114     int ret, i, tmp;
9115     size_t host_mask_size, target_mask_size;
9116     unsigned long *host_mask;
9117 
9118     /*
9119      * cpu_set_t represent CPU masks as bit masks of type unsigned long *.
9120      * arg3 contains the cpu count.
9121      */
9122     tmp = (8 * sizeof(abi_ulong));
9123     target_mask_size = ((arg3 + tmp - 1) / tmp) * sizeof(abi_ulong);
9124     host_mask_size = (target_mask_size + (sizeof(*host_mask) - 1)) &
9125                      ~(sizeof(*host_mask) - 1);
9126 
9127     host_mask = alloca(host_mask_size);
9128 
9129     ret = target_to_host_cpu_mask(host_mask, host_mask_size,
9130                                   arg4, target_mask_size);
9131     if (ret != 0) {
9132         return ret;
9133     }
9134 
9135     for (i = 0 ; i < host_mask_size / sizeof(*host_mask); i++) {
9136         if (host_mask[i] != 0) {
9137             return 0;
9138         }
9139     }
9140     return -TARGET_EINVAL;
9141 }
9142 
9143 static abi_long do_riscv_hwprobe(CPUArchState *cpu_env, abi_long arg1,
9144                                  abi_long arg2, abi_long arg3,
9145                                  abi_long arg4, abi_long arg5)
9146 {
9147     int ret;
9148     struct riscv_hwprobe *host_pairs;
9149 
9150     /* flags must be 0 */
9151     if (arg5 != 0) {
9152         return -TARGET_EINVAL;
9153     }
9154 
9155     /* check cpu_set */
9156     if (arg3 != 0) {
9157         ret = cpu_set_valid(arg3, arg4);
9158         if (ret != 0) {
9159             return ret;
9160         }
9161     } else if (arg4 != 0) {
9162         return -TARGET_EINVAL;
9163     }
9164 
9165     /* no pairs */
9166     if (arg2 == 0) {
9167         return 0;
9168     }
9169 
9170     host_pairs = lock_user(VERIFY_WRITE, arg1,
9171                            sizeof(*host_pairs) * (size_t)arg2, 0);
9172     if (host_pairs == NULL) {
9173         return -TARGET_EFAULT;
9174     }
9175     risc_hwprobe_fill_pairs(cpu_env, host_pairs, arg2);
9176     unlock_user(host_pairs, arg1, sizeof(*host_pairs) * (size_t)arg2);
9177     return 0;
9178 }
9179 #endif /* TARGET_NR_riscv_hwprobe */
9180 
9181 #if defined(TARGET_NR_pivot_root) && defined(__NR_pivot_root)
9182 _syscall2(int, pivot_root, const char *, new_root, const char *, put_old)
9183 #endif
9184 
9185 #if defined(TARGET_NR_open_tree) && defined(__NR_open_tree)
9186 #define __NR_sys_open_tree __NR_open_tree
9187 _syscall3(int, sys_open_tree, int, __dfd, const char *, __filename,
9188           unsigned int, __flags)
9189 #endif
9190 
9191 #if defined(TARGET_NR_move_mount) && defined(__NR_move_mount)
9192 #define __NR_sys_move_mount __NR_move_mount
9193 _syscall5(int, sys_move_mount, int, __from_dfd, const char *, __from_pathname,
9194            int, __to_dfd, const char *, __to_pathname, unsigned int, flag)
9195 #endif
9196 
9197 /* This is an internal helper for do_syscall so that it is easier
9198  * to have a single return point, so that actions, such as logging
9199  * of syscall results, can be performed.
9200  * All errnos that do_syscall() returns must be -TARGET_<errcode>.
9201  */
9202 static abi_long do_syscall1(CPUArchState *cpu_env, int num, abi_long arg1,
9203                             abi_long arg2, abi_long arg3, abi_long arg4,
9204                             abi_long arg5, abi_long arg6, abi_long arg7,
9205                             abi_long arg8)
9206 {
9207     CPUState *cpu = env_cpu(cpu_env);
9208     abi_long ret;
9209 #if defined(TARGET_NR_stat) || defined(TARGET_NR_stat64) \
9210     || defined(TARGET_NR_lstat) || defined(TARGET_NR_lstat64) \
9211     || defined(TARGET_NR_fstat) || defined(TARGET_NR_fstat64) \
9212     || defined(TARGET_NR_statx)
9213     struct stat st;
9214 #endif
9215 #if defined(TARGET_NR_statfs) || defined(TARGET_NR_statfs64) \
9216     || defined(TARGET_NR_fstatfs)
9217     struct statfs stfs;
9218 #endif
9219     void *p;
9220 
9221     switch(num) {
9222     case TARGET_NR_exit:
9223         /* In old applications this may be used to implement _exit(2).
9224            However in threaded applications it is used for thread termination,
9225            and _exit_group is used for application termination.
9226            Do thread termination if we have more then one thread.  */
9227 
9228         if (block_signals()) {
9229             return -QEMU_ERESTARTSYS;
9230         }
9231 
9232         pthread_mutex_lock(&clone_lock);
9233 
9234         if (CPU_NEXT(first_cpu)) {
9235             TaskState *ts = cpu->opaque;
9236 
9237             if (ts->child_tidptr) {
9238                 put_user_u32(0, ts->child_tidptr);
9239                 do_sys_futex(g2h(cpu, ts->child_tidptr),
9240                              FUTEX_WAKE, INT_MAX, NULL, NULL, 0);
9241             }
9242 
9243             object_unparent(OBJECT(cpu));
9244             object_unref(OBJECT(cpu));
9245             /*
9246              * At this point the CPU should be unrealized and removed
9247              * from cpu lists. We can clean-up the rest of the thread
9248              * data without the lock held.
9249              */
9250 
9251             pthread_mutex_unlock(&clone_lock);
9252 
9253             thread_cpu = NULL;
9254             g_free(ts);
9255             rcu_unregister_thread();
9256             pthread_exit(NULL);
9257         }
9258 
9259         pthread_mutex_unlock(&clone_lock);
9260         preexit_cleanup(cpu_env, arg1);
9261         _exit(arg1);
9262         return 0; /* avoid warning */
9263     case TARGET_NR_read:
9264         if (arg2 == 0 && arg3 == 0) {
9265             return get_errno(safe_read(arg1, 0, 0));
9266         } else {
9267             if (!(p = lock_user(VERIFY_WRITE, arg2, arg3, 0)))
9268                 return -TARGET_EFAULT;
9269             ret = get_errno(safe_read(arg1, p, arg3));
9270             if (ret >= 0 &&
9271                 fd_trans_host_to_target_data(arg1)) {
9272                 ret = fd_trans_host_to_target_data(arg1)(p, ret);
9273             }
9274             unlock_user(p, arg2, ret);
9275         }
9276         return ret;
9277     case TARGET_NR_write:
9278         if (arg2 == 0 && arg3 == 0) {
9279             return get_errno(safe_write(arg1, 0, 0));
9280         }
9281         if (!(p = lock_user(VERIFY_READ, arg2, arg3, 1)))
9282             return -TARGET_EFAULT;
9283         if (fd_trans_target_to_host_data(arg1)) {
9284             void *copy = g_malloc(arg3);
9285             memcpy(copy, p, arg3);
9286             ret = fd_trans_target_to_host_data(arg1)(copy, arg3);
9287             if (ret >= 0) {
9288                 ret = get_errno(safe_write(arg1, copy, ret));
9289             }
9290             g_free(copy);
9291         } else {
9292             ret = get_errno(safe_write(arg1, p, arg3));
9293         }
9294         unlock_user(p, arg2, 0);
9295         return ret;
9296 
9297 #ifdef TARGET_NR_open
9298     case TARGET_NR_open:
9299         if (!(p = lock_user_string(arg1)))
9300             return -TARGET_EFAULT;
9301         ret = get_errno(do_guest_openat(cpu_env, AT_FDCWD, p,
9302                                   target_to_host_bitmask(arg2, fcntl_flags_tbl),
9303                                   arg3, true));
9304         fd_trans_unregister(ret);
9305         unlock_user(p, arg1, 0);
9306         return ret;
9307 #endif
9308     case TARGET_NR_openat:
9309         if (!(p = lock_user_string(arg2)))
9310             return -TARGET_EFAULT;
9311         ret = get_errno(do_guest_openat(cpu_env, arg1, p,
9312                                   target_to_host_bitmask(arg3, fcntl_flags_tbl),
9313                                   arg4, true));
9314         fd_trans_unregister(ret);
9315         unlock_user(p, arg2, 0);
9316         return ret;
9317 #if defined(TARGET_NR_name_to_handle_at) && defined(CONFIG_OPEN_BY_HANDLE)
9318     case TARGET_NR_name_to_handle_at:
9319         ret = do_name_to_handle_at(arg1, arg2, arg3, arg4, arg5);
9320         return ret;
9321 #endif
9322 #if defined(TARGET_NR_open_by_handle_at) && defined(CONFIG_OPEN_BY_HANDLE)
9323     case TARGET_NR_open_by_handle_at:
9324         ret = do_open_by_handle_at(arg1, arg2, arg3);
9325         fd_trans_unregister(ret);
9326         return ret;
9327 #endif
9328 #if defined(__NR_pidfd_open) && defined(TARGET_NR_pidfd_open)
9329     case TARGET_NR_pidfd_open:
9330         return get_errno(pidfd_open(arg1, arg2));
9331 #endif
9332 #if defined(__NR_pidfd_send_signal) && defined(TARGET_NR_pidfd_send_signal)
9333     case TARGET_NR_pidfd_send_signal:
9334         {
9335             siginfo_t uinfo, *puinfo;
9336 
9337             if (arg3) {
9338                 p = lock_user(VERIFY_READ, arg3, sizeof(target_siginfo_t), 1);
9339                 if (!p) {
9340                     return -TARGET_EFAULT;
9341                  }
9342                  target_to_host_siginfo(&uinfo, p);
9343                  unlock_user(p, arg3, 0);
9344                  puinfo = &uinfo;
9345             } else {
9346                  puinfo = NULL;
9347             }
9348             ret = get_errno(pidfd_send_signal(arg1, target_to_host_signal(arg2),
9349                                               puinfo, arg4));
9350         }
9351         return ret;
9352 #endif
9353 #if defined(__NR_pidfd_getfd) && defined(TARGET_NR_pidfd_getfd)
9354     case TARGET_NR_pidfd_getfd:
9355         return get_errno(pidfd_getfd(arg1, arg2, arg3));
9356 #endif
9357     case TARGET_NR_close:
9358         fd_trans_unregister(arg1);
9359         return get_errno(close(arg1));
9360 #if defined(__NR_close_range) && defined(TARGET_NR_close_range)
9361     case TARGET_NR_close_range:
9362         ret = get_errno(sys_close_range(arg1, arg2, arg3));
9363         if (ret == 0 && !(arg3 & CLOSE_RANGE_CLOEXEC)) {
9364             abi_long fd, maxfd;
9365             maxfd = MIN(arg2, target_fd_max);
9366             for (fd = arg1; fd < maxfd; fd++) {
9367                 fd_trans_unregister(fd);
9368             }
9369         }
9370         return ret;
9371 #endif
9372 
9373     case TARGET_NR_brk:
9374         return do_brk(arg1);
9375 #ifdef TARGET_NR_fork
9376     case TARGET_NR_fork:
9377         return get_errno(do_fork(cpu_env, TARGET_SIGCHLD, 0, 0, 0, 0));
9378 #endif
9379 #ifdef TARGET_NR_waitpid
9380     case TARGET_NR_waitpid:
9381         {
9382             int status;
9383             ret = get_errno(safe_wait4(arg1, &status, arg3, 0));
9384             if (!is_error(ret) && arg2 && ret
9385                 && put_user_s32(host_to_target_waitstatus(status), arg2))
9386                 return -TARGET_EFAULT;
9387         }
9388         return ret;
9389 #endif
9390 #ifdef TARGET_NR_waitid
9391     case TARGET_NR_waitid:
9392         {
9393             siginfo_t info;
9394             info.si_pid = 0;
9395             ret = get_errno(safe_waitid(arg1, arg2, &info, arg4, NULL));
9396             if (!is_error(ret) && arg3 && info.si_pid != 0) {
9397                 if (!(p = lock_user(VERIFY_WRITE, arg3, sizeof(target_siginfo_t), 0)))
9398                     return -TARGET_EFAULT;
9399                 host_to_target_siginfo(p, &info);
9400                 unlock_user(p, arg3, sizeof(target_siginfo_t));
9401             }
9402         }
9403         return ret;
9404 #endif
9405 #ifdef TARGET_NR_creat /* not on alpha */
9406     case TARGET_NR_creat:
9407         if (!(p = lock_user_string(arg1)))
9408             return -TARGET_EFAULT;
9409         ret = get_errno(creat(p, arg2));
9410         fd_trans_unregister(ret);
9411         unlock_user(p, arg1, 0);
9412         return ret;
9413 #endif
9414 #ifdef TARGET_NR_link
9415     case TARGET_NR_link:
9416         {
9417             void * p2;
9418             p = lock_user_string(arg1);
9419             p2 = lock_user_string(arg2);
9420             if (!p || !p2)
9421                 ret = -TARGET_EFAULT;
9422             else
9423                 ret = get_errno(link(p, p2));
9424             unlock_user(p2, arg2, 0);
9425             unlock_user(p, arg1, 0);
9426         }
9427         return ret;
9428 #endif
9429 #if defined(TARGET_NR_linkat)
9430     case TARGET_NR_linkat:
9431         {
9432             void * p2 = NULL;
9433             if (!arg2 || !arg4)
9434                 return -TARGET_EFAULT;
9435             p  = lock_user_string(arg2);
9436             p2 = lock_user_string(arg4);
9437             if (!p || !p2)
9438                 ret = -TARGET_EFAULT;
9439             else
9440                 ret = get_errno(linkat(arg1, p, arg3, p2, arg5));
9441             unlock_user(p, arg2, 0);
9442             unlock_user(p2, arg4, 0);
9443         }
9444         return ret;
9445 #endif
9446 #ifdef TARGET_NR_unlink
9447     case TARGET_NR_unlink:
9448         if (!(p = lock_user_string(arg1)))
9449             return -TARGET_EFAULT;
9450         ret = get_errno(unlink(p));
9451         unlock_user(p, arg1, 0);
9452         return ret;
9453 #endif
9454 #if defined(TARGET_NR_unlinkat)
9455     case TARGET_NR_unlinkat:
9456         if (!(p = lock_user_string(arg2)))
9457             return -TARGET_EFAULT;
9458         ret = get_errno(unlinkat(arg1, p, arg3));
9459         unlock_user(p, arg2, 0);
9460         return ret;
9461 #endif
9462     case TARGET_NR_execveat:
9463         return do_execv(cpu_env, arg1, arg2, arg3, arg4, arg5, true);
9464     case TARGET_NR_execve:
9465         return do_execv(cpu_env, AT_FDCWD, arg1, arg2, arg3, 0, false);
9466     case TARGET_NR_chdir:
9467         if (!(p = lock_user_string(arg1)))
9468             return -TARGET_EFAULT;
9469         ret = get_errno(chdir(p));
9470         unlock_user(p, arg1, 0);
9471         return ret;
9472 #ifdef TARGET_NR_time
9473     case TARGET_NR_time:
9474         {
9475             time_t host_time;
9476             ret = get_errno(time(&host_time));
9477             if (!is_error(ret)
9478                 && arg1
9479                 && put_user_sal(host_time, arg1))
9480                 return -TARGET_EFAULT;
9481         }
9482         return ret;
9483 #endif
9484 #ifdef TARGET_NR_mknod
9485     case TARGET_NR_mknod:
9486         if (!(p = lock_user_string(arg1)))
9487             return -TARGET_EFAULT;
9488         ret = get_errno(mknod(p, arg2, arg3));
9489         unlock_user(p, arg1, 0);
9490         return ret;
9491 #endif
9492 #if defined(TARGET_NR_mknodat)
9493     case TARGET_NR_mknodat:
9494         if (!(p = lock_user_string(arg2)))
9495             return -TARGET_EFAULT;
9496         ret = get_errno(mknodat(arg1, p, arg3, arg4));
9497         unlock_user(p, arg2, 0);
9498         return ret;
9499 #endif
9500 #ifdef TARGET_NR_chmod
9501     case TARGET_NR_chmod:
9502         if (!(p = lock_user_string(arg1)))
9503             return -TARGET_EFAULT;
9504         ret = get_errno(chmod(p, arg2));
9505         unlock_user(p, arg1, 0);
9506         return ret;
9507 #endif
9508 #ifdef TARGET_NR_lseek
9509     case TARGET_NR_lseek:
9510         return get_errno(lseek(arg1, arg2, arg3));
9511 #endif
9512 #if defined(TARGET_NR_getxpid) && defined(TARGET_ALPHA)
9513     /* Alpha specific */
9514     case TARGET_NR_getxpid:
9515         cpu_env->ir[IR_A4] = getppid();
9516         return get_errno(getpid());
9517 #endif
9518 #ifdef TARGET_NR_getpid
9519     case TARGET_NR_getpid:
9520         return get_errno(getpid());
9521 #endif
9522     case TARGET_NR_mount:
9523         {
9524             /* need to look at the data field */
9525             void *p2, *p3;
9526 
9527             if (arg1) {
9528                 p = lock_user_string(arg1);
9529                 if (!p) {
9530                     return -TARGET_EFAULT;
9531                 }
9532             } else {
9533                 p = NULL;
9534             }
9535 
9536             p2 = lock_user_string(arg2);
9537             if (!p2) {
9538                 if (arg1) {
9539                     unlock_user(p, arg1, 0);
9540                 }
9541                 return -TARGET_EFAULT;
9542             }
9543 
9544             if (arg3) {
9545                 p3 = lock_user_string(arg3);
9546                 if (!p3) {
9547                     if (arg1) {
9548                         unlock_user(p, arg1, 0);
9549                     }
9550                     unlock_user(p2, arg2, 0);
9551                     return -TARGET_EFAULT;
9552                 }
9553             } else {
9554                 p3 = NULL;
9555             }
9556 
9557             /* FIXME - arg5 should be locked, but it isn't clear how to
9558              * do that since it's not guaranteed to be a NULL-terminated
9559              * string.
9560              */
9561             if (!arg5) {
9562                 ret = mount(p, p2, p3, (unsigned long)arg4, NULL);
9563             } else {
9564                 ret = mount(p, p2, p3, (unsigned long)arg4, g2h(cpu, arg5));
9565             }
9566             ret = get_errno(ret);
9567 
9568             if (arg1) {
9569                 unlock_user(p, arg1, 0);
9570             }
9571             unlock_user(p2, arg2, 0);
9572             if (arg3) {
9573                 unlock_user(p3, arg3, 0);
9574             }
9575         }
9576         return ret;
9577 #if defined(TARGET_NR_umount) || defined(TARGET_NR_oldumount)
9578 #if defined(TARGET_NR_umount)
9579     case TARGET_NR_umount:
9580 #endif
9581 #if defined(TARGET_NR_oldumount)
9582     case TARGET_NR_oldumount:
9583 #endif
9584         if (!(p = lock_user_string(arg1)))
9585             return -TARGET_EFAULT;
9586         ret = get_errno(umount(p));
9587         unlock_user(p, arg1, 0);
9588         return ret;
9589 #endif
9590 #if defined(TARGET_NR_move_mount) && defined(__NR_move_mount)
9591     case TARGET_NR_move_mount:
9592         {
9593             void *p2, *p4;
9594 
9595             if (!arg2 || !arg4) {
9596                 return -TARGET_EFAULT;
9597             }
9598 
9599             p2 = lock_user_string(arg2);
9600             if (!p2) {
9601                 return -TARGET_EFAULT;
9602             }
9603 
9604             p4 = lock_user_string(arg4);
9605             if (!p4) {
9606                 unlock_user(p2, arg2, 0);
9607                 return -TARGET_EFAULT;
9608             }
9609             ret = get_errno(sys_move_mount(arg1, p2, arg3, p4, arg5));
9610 
9611             unlock_user(p2, arg2, 0);
9612             unlock_user(p4, arg4, 0);
9613 
9614             return ret;
9615         }
9616 #endif
9617 #if defined(TARGET_NR_open_tree) && defined(__NR_open_tree)
9618     case TARGET_NR_open_tree:
9619         {
9620             void *p2;
9621             int host_flags;
9622 
9623             if (!arg2) {
9624                 return -TARGET_EFAULT;
9625             }
9626 
9627             p2 = lock_user_string(arg2);
9628             if (!p2) {
9629                 return -TARGET_EFAULT;
9630             }
9631 
9632             host_flags = arg3 & ~TARGET_O_CLOEXEC;
9633             if (arg3 & TARGET_O_CLOEXEC) {
9634                 host_flags |= O_CLOEXEC;
9635             }
9636 
9637             ret = get_errno(sys_open_tree(arg1, p2, host_flags));
9638 
9639             unlock_user(p2, arg2, 0);
9640 
9641             return ret;
9642         }
9643 #endif
9644 #ifdef TARGET_NR_stime /* not on alpha */
9645     case TARGET_NR_stime:
9646         {
9647             struct timespec ts;
9648             ts.tv_nsec = 0;
9649             if (get_user_sal(ts.tv_sec, arg1)) {
9650                 return -TARGET_EFAULT;
9651             }
9652             return get_errno(clock_settime(CLOCK_REALTIME, &ts));
9653         }
9654 #endif
9655 #ifdef TARGET_NR_alarm /* not on alpha */
9656     case TARGET_NR_alarm:
9657         return alarm(arg1);
9658 #endif
9659 #ifdef TARGET_NR_pause /* not on alpha */
9660     case TARGET_NR_pause:
9661         if (!block_signals()) {
9662             sigsuspend(&((TaskState *)cpu->opaque)->signal_mask);
9663         }
9664         return -TARGET_EINTR;
9665 #endif
9666 #ifdef TARGET_NR_utime
9667     case TARGET_NR_utime:
9668         {
9669             struct utimbuf tbuf, *host_tbuf;
9670             struct target_utimbuf *target_tbuf;
9671             if (arg2) {
9672                 if (!lock_user_struct(VERIFY_READ, target_tbuf, arg2, 1))
9673                     return -TARGET_EFAULT;
9674                 tbuf.actime = tswapal(target_tbuf->actime);
9675                 tbuf.modtime = tswapal(target_tbuf->modtime);
9676                 unlock_user_struct(target_tbuf, arg2, 0);
9677                 host_tbuf = &tbuf;
9678             } else {
9679                 host_tbuf = NULL;
9680             }
9681             if (!(p = lock_user_string(arg1)))
9682                 return -TARGET_EFAULT;
9683             ret = get_errno(utime(p, host_tbuf));
9684             unlock_user(p, arg1, 0);
9685         }
9686         return ret;
9687 #endif
9688 #ifdef TARGET_NR_utimes
9689     case TARGET_NR_utimes:
9690         {
9691             struct timeval *tvp, tv[2];
9692             if (arg2) {
9693                 if (copy_from_user_timeval(&tv[0], arg2)
9694                     || copy_from_user_timeval(&tv[1],
9695                                               arg2 + sizeof(struct target_timeval)))
9696                     return -TARGET_EFAULT;
9697                 tvp = tv;
9698             } else {
9699                 tvp = NULL;
9700             }
9701             if (!(p = lock_user_string(arg1)))
9702                 return -TARGET_EFAULT;
9703             ret = get_errno(utimes(p, tvp));
9704             unlock_user(p, arg1, 0);
9705         }
9706         return ret;
9707 #endif
9708 #if defined(TARGET_NR_futimesat)
9709     case TARGET_NR_futimesat:
9710         {
9711             struct timeval *tvp, tv[2];
9712             if (arg3) {
9713                 if (copy_from_user_timeval(&tv[0], arg3)
9714                     || copy_from_user_timeval(&tv[1],
9715                                               arg3 + sizeof(struct target_timeval)))
9716                     return -TARGET_EFAULT;
9717                 tvp = tv;
9718             } else {
9719                 tvp = NULL;
9720             }
9721             if (!(p = lock_user_string(arg2))) {
9722                 return -TARGET_EFAULT;
9723             }
9724             ret = get_errno(futimesat(arg1, path(p), tvp));
9725             unlock_user(p, arg2, 0);
9726         }
9727         return ret;
9728 #endif
9729 #ifdef TARGET_NR_access
9730     case TARGET_NR_access:
9731         if (!(p = lock_user_string(arg1))) {
9732             return -TARGET_EFAULT;
9733         }
9734         ret = get_errno(access(path(p), arg2));
9735         unlock_user(p, arg1, 0);
9736         return ret;
9737 #endif
9738 #if defined(TARGET_NR_faccessat) && defined(__NR_faccessat)
9739     case TARGET_NR_faccessat:
9740         if (!(p = lock_user_string(arg2))) {
9741             return -TARGET_EFAULT;
9742         }
9743         ret = get_errno(faccessat(arg1, p, arg3, 0));
9744         unlock_user(p, arg2, 0);
9745         return ret;
9746 #endif
9747 #if defined(TARGET_NR_faccessat2)
9748     case TARGET_NR_faccessat2:
9749         if (!(p = lock_user_string(arg2))) {
9750             return -TARGET_EFAULT;
9751         }
9752         ret = get_errno(faccessat(arg1, p, arg3, arg4));
9753         unlock_user(p, arg2, 0);
9754         return ret;
9755 #endif
9756 #ifdef TARGET_NR_nice /* not on alpha */
9757     case TARGET_NR_nice:
9758         return get_errno(nice(arg1));
9759 #endif
9760     case TARGET_NR_sync:
9761         sync();
9762         return 0;
9763 #if defined(TARGET_NR_syncfs) && defined(CONFIG_SYNCFS)
9764     case TARGET_NR_syncfs:
9765         return get_errno(syncfs(arg1));
9766 #endif
9767     case TARGET_NR_kill:
9768         return get_errno(safe_kill(arg1, target_to_host_signal(arg2)));
9769 #ifdef TARGET_NR_rename
9770     case TARGET_NR_rename:
9771         {
9772             void *p2;
9773             p = lock_user_string(arg1);
9774             p2 = lock_user_string(arg2);
9775             if (!p || !p2)
9776                 ret = -TARGET_EFAULT;
9777             else
9778                 ret = get_errno(rename(p, p2));
9779             unlock_user(p2, arg2, 0);
9780             unlock_user(p, arg1, 0);
9781         }
9782         return ret;
9783 #endif
9784 #if defined(TARGET_NR_renameat)
9785     case TARGET_NR_renameat:
9786         {
9787             void *p2;
9788             p  = lock_user_string(arg2);
9789             p2 = lock_user_string(arg4);
9790             if (!p || !p2)
9791                 ret = -TARGET_EFAULT;
9792             else
9793                 ret = get_errno(renameat(arg1, p, arg3, p2));
9794             unlock_user(p2, arg4, 0);
9795             unlock_user(p, arg2, 0);
9796         }
9797         return ret;
9798 #endif
9799 #if defined(TARGET_NR_renameat2)
9800     case TARGET_NR_renameat2:
9801         {
9802             void *p2;
9803             p  = lock_user_string(arg2);
9804             p2 = lock_user_string(arg4);
9805             if (!p || !p2) {
9806                 ret = -TARGET_EFAULT;
9807             } else {
9808                 ret = get_errno(sys_renameat2(arg1, p, arg3, p2, arg5));
9809             }
9810             unlock_user(p2, arg4, 0);
9811             unlock_user(p, arg2, 0);
9812         }
9813         return ret;
9814 #endif
9815 #ifdef TARGET_NR_mkdir
9816     case TARGET_NR_mkdir:
9817         if (!(p = lock_user_string(arg1)))
9818             return -TARGET_EFAULT;
9819         ret = get_errno(mkdir(p, arg2));
9820         unlock_user(p, arg1, 0);
9821         return ret;
9822 #endif
9823 #if defined(TARGET_NR_mkdirat)
9824     case TARGET_NR_mkdirat:
9825         if (!(p = lock_user_string(arg2)))
9826             return -TARGET_EFAULT;
9827         ret = get_errno(mkdirat(arg1, p, arg3));
9828         unlock_user(p, arg2, 0);
9829         return ret;
9830 #endif
9831 #ifdef TARGET_NR_rmdir
9832     case TARGET_NR_rmdir:
9833         if (!(p = lock_user_string(arg1)))
9834             return -TARGET_EFAULT;
9835         ret = get_errno(rmdir(p));
9836         unlock_user(p, arg1, 0);
9837         return ret;
9838 #endif
9839     case TARGET_NR_dup:
9840         ret = get_errno(dup(arg1));
9841         if (ret >= 0) {
9842             fd_trans_dup(arg1, ret);
9843         }
9844         return ret;
9845 #ifdef TARGET_NR_pipe
9846     case TARGET_NR_pipe:
9847         return do_pipe(cpu_env, arg1, 0, 0);
9848 #endif
9849 #ifdef TARGET_NR_pipe2
9850     case TARGET_NR_pipe2:
9851         return do_pipe(cpu_env, arg1,
9852                        target_to_host_bitmask(arg2, fcntl_flags_tbl), 1);
9853 #endif
9854     case TARGET_NR_times:
9855         {
9856             struct target_tms *tmsp;
9857             struct tms tms;
9858             ret = get_errno(times(&tms));
9859             if (arg1) {
9860                 tmsp = lock_user(VERIFY_WRITE, arg1, sizeof(struct target_tms), 0);
9861                 if (!tmsp)
9862                     return -TARGET_EFAULT;
9863                 tmsp->tms_utime = tswapal(host_to_target_clock_t(tms.tms_utime));
9864                 tmsp->tms_stime = tswapal(host_to_target_clock_t(tms.tms_stime));
9865                 tmsp->tms_cutime = tswapal(host_to_target_clock_t(tms.tms_cutime));
9866                 tmsp->tms_cstime = tswapal(host_to_target_clock_t(tms.tms_cstime));
9867             }
9868             if (!is_error(ret))
9869                 ret = host_to_target_clock_t(ret);
9870         }
9871         return ret;
9872     case TARGET_NR_acct:
9873         if (arg1 == 0) {
9874             ret = get_errno(acct(NULL));
9875         } else {
9876             if (!(p = lock_user_string(arg1))) {
9877                 return -TARGET_EFAULT;
9878             }
9879             ret = get_errno(acct(path(p)));
9880             unlock_user(p, arg1, 0);
9881         }
9882         return ret;
9883 #ifdef TARGET_NR_umount2
9884     case TARGET_NR_umount2:
9885         if (!(p = lock_user_string(arg1)))
9886             return -TARGET_EFAULT;
9887         ret = get_errno(umount2(p, arg2));
9888         unlock_user(p, arg1, 0);
9889         return ret;
9890 #endif
9891     case TARGET_NR_ioctl:
9892         return do_ioctl(arg1, arg2, arg3);
9893 #ifdef TARGET_NR_fcntl
9894     case TARGET_NR_fcntl:
9895         return do_fcntl(arg1, arg2, arg3);
9896 #endif
9897     case TARGET_NR_setpgid:
9898         return get_errno(setpgid(arg1, arg2));
9899     case TARGET_NR_umask:
9900         return get_errno(umask(arg1));
9901     case TARGET_NR_chroot:
9902         if (!(p = lock_user_string(arg1)))
9903             return -TARGET_EFAULT;
9904         ret = get_errno(chroot(p));
9905         unlock_user(p, arg1, 0);
9906         return ret;
9907 #ifdef TARGET_NR_dup2
9908     case TARGET_NR_dup2:
9909         ret = get_errno(dup2(arg1, arg2));
9910         if (ret >= 0) {
9911             fd_trans_dup(arg1, arg2);
9912         }
9913         return ret;
9914 #endif
9915 #if defined(CONFIG_DUP3) && defined(TARGET_NR_dup3)
9916     case TARGET_NR_dup3:
9917     {
9918         int host_flags;
9919 
9920         if ((arg3 & ~TARGET_O_CLOEXEC) != 0) {
9921             return -EINVAL;
9922         }
9923         host_flags = target_to_host_bitmask(arg3, fcntl_flags_tbl);
9924         ret = get_errno(dup3(arg1, arg2, host_flags));
9925         if (ret >= 0) {
9926             fd_trans_dup(arg1, arg2);
9927         }
9928         return ret;
9929     }
9930 #endif
9931 #ifdef TARGET_NR_getppid /* not on alpha */
9932     case TARGET_NR_getppid:
9933         return get_errno(getppid());
9934 #endif
9935 #ifdef TARGET_NR_getpgrp
9936     case TARGET_NR_getpgrp:
9937         return get_errno(getpgrp());
9938 #endif
9939     case TARGET_NR_setsid:
9940         return get_errno(setsid());
9941 #ifdef TARGET_NR_sigaction
9942     case TARGET_NR_sigaction:
9943         {
9944 #if defined(TARGET_MIPS)
9945 	    struct target_sigaction act, oact, *pact, *old_act;
9946 
9947 	    if (arg2) {
9948                 if (!lock_user_struct(VERIFY_READ, old_act, arg2, 1))
9949                     return -TARGET_EFAULT;
9950 		act._sa_handler = old_act->_sa_handler;
9951 		target_siginitset(&act.sa_mask, old_act->sa_mask.sig[0]);
9952 		act.sa_flags = old_act->sa_flags;
9953 		unlock_user_struct(old_act, arg2, 0);
9954 		pact = &act;
9955 	    } else {
9956 		pact = NULL;
9957 	    }
9958 
9959         ret = get_errno(do_sigaction(arg1, pact, &oact, 0));
9960 
9961 	    if (!is_error(ret) && arg3) {
9962                 if (!lock_user_struct(VERIFY_WRITE, old_act, arg3, 0))
9963                     return -TARGET_EFAULT;
9964 		old_act->_sa_handler = oact._sa_handler;
9965 		old_act->sa_flags = oact.sa_flags;
9966 		old_act->sa_mask.sig[0] = oact.sa_mask.sig[0];
9967 		old_act->sa_mask.sig[1] = 0;
9968 		old_act->sa_mask.sig[2] = 0;
9969 		old_act->sa_mask.sig[3] = 0;
9970 		unlock_user_struct(old_act, arg3, 1);
9971 	    }
9972 #else
9973             struct target_old_sigaction *old_act;
9974             struct target_sigaction act, oact, *pact;
9975             if (arg2) {
9976                 if (!lock_user_struct(VERIFY_READ, old_act, arg2, 1))
9977                     return -TARGET_EFAULT;
9978                 act._sa_handler = old_act->_sa_handler;
9979                 target_siginitset(&act.sa_mask, old_act->sa_mask);
9980                 act.sa_flags = old_act->sa_flags;
9981 #ifdef TARGET_ARCH_HAS_SA_RESTORER
9982                 act.sa_restorer = old_act->sa_restorer;
9983 #endif
9984                 unlock_user_struct(old_act, arg2, 0);
9985                 pact = &act;
9986             } else {
9987                 pact = NULL;
9988             }
9989             ret = get_errno(do_sigaction(arg1, pact, &oact, 0));
9990             if (!is_error(ret) && arg3) {
9991                 if (!lock_user_struct(VERIFY_WRITE, old_act, arg3, 0))
9992                     return -TARGET_EFAULT;
9993                 old_act->_sa_handler = oact._sa_handler;
9994                 old_act->sa_mask = oact.sa_mask.sig[0];
9995                 old_act->sa_flags = oact.sa_flags;
9996 #ifdef TARGET_ARCH_HAS_SA_RESTORER
9997                 old_act->sa_restorer = oact.sa_restorer;
9998 #endif
9999                 unlock_user_struct(old_act, arg3, 1);
10000             }
10001 #endif
10002         }
10003         return ret;
10004 #endif
10005     case TARGET_NR_rt_sigaction:
10006         {
10007             /*
10008              * For Alpha and SPARC this is a 5 argument syscall, with
10009              * a 'restorer' parameter which must be copied into the
10010              * sa_restorer field of the sigaction struct.
10011              * For Alpha that 'restorer' is arg5; for SPARC it is arg4,
10012              * and arg5 is the sigsetsize.
10013              */
10014 #if defined(TARGET_ALPHA)
10015             target_ulong sigsetsize = arg4;
10016             target_ulong restorer = arg5;
10017 #elif defined(TARGET_SPARC)
10018             target_ulong restorer = arg4;
10019             target_ulong sigsetsize = arg5;
10020 #else
10021             target_ulong sigsetsize = arg4;
10022             target_ulong restorer = 0;
10023 #endif
10024             struct target_sigaction *act = NULL;
10025             struct target_sigaction *oact = NULL;
10026 
10027             if (sigsetsize != sizeof(target_sigset_t)) {
10028                 return -TARGET_EINVAL;
10029             }
10030             if (arg2 && !lock_user_struct(VERIFY_READ, act, arg2, 1)) {
10031                 return -TARGET_EFAULT;
10032             }
10033             if (arg3 && !lock_user_struct(VERIFY_WRITE, oact, arg3, 0)) {
10034                 ret = -TARGET_EFAULT;
10035             } else {
10036                 ret = get_errno(do_sigaction(arg1, act, oact, restorer));
10037                 if (oact) {
10038                     unlock_user_struct(oact, arg3, 1);
10039                 }
10040             }
10041             if (act) {
10042                 unlock_user_struct(act, arg2, 0);
10043             }
10044         }
10045         return ret;
10046 #ifdef TARGET_NR_sgetmask /* not on alpha */
10047     case TARGET_NR_sgetmask:
10048         {
10049             sigset_t cur_set;
10050             abi_ulong target_set;
10051             ret = do_sigprocmask(0, NULL, &cur_set);
10052             if (!ret) {
10053                 host_to_target_old_sigset(&target_set, &cur_set);
10054                 ret = target_set;
10055             }
10056         }
10057         return ret;
10058 #endif
10059 #ifdef TARGET_NR_ssetmask /* not on alpha */
10060     case TARGET_NR_ssetmask:
10061         {
10062             sigset_t set, oset;
10063             abi_ulong target_set = arg1;
10064             target_to_host_old_sigset(&set, &target_set);
10065             ret = do_sigprocmask(SIG_SETMASK, &set, &oset);
10066             if (!ret) {
10067                 host_to_target_old_sigset(&target_set, &oset);
10068                 ret = target_set;
10069             }
10070         }
10071         return ret;
10072 #endif
10073 #ifdef TARGET_NR_sigprocmask
10074     case TARGET_NR_sigprocmask:
10075         {
10076 #if defined(TARGET_ALPHA)
10077             sigset_t set, oldset;
10078             abi_ulong mask;
10079             int how;
10080 
10081             switch (arg1) {
10082             case TARGET_SIG_BLOCK:
10083                 how = SIG_BLOCK;
10084                 break;
10085             case TARGET_SIG_UNBLOCK:
10086                 how = SIG_UNBLOCK;
10087                 break;
10088             case TARGET_SIG_SETMASK:
10089                 how = SIG_SETMASK;
10090                 break;
10091             default:
10092                 return -TARGET_EINVAL;
10093             }
10094             mask = arg2;
10095             target_to_host_old_sigset(&set, &mask);
10096 
10097             ret = do_sigprocmask(how, &set, &oldset);
10098             if (!is_error(ret)) {
10099                 host_to_target_old_sigset(&mask, &oldset);
10100                 ret = mask;
10101                 cpu_env->ir[IR_V0] = 0; /* force no error */
10102             }
10103 #else
10104             sigset_t set, oldset, *set_ptr;
10105             int how;
10106 
10107             if (arg2) {
10108                 p = lock_user(VERIFY_READ, arg2, sizeof(target_sigset_t), 1);
10109                 if (!p) {
10110                     return -TARGET_EFAULT;
10111                 }
10112                 target_to_host_old_sigset(&set, p);
10113                 unlock_user(p, arg2, 0);
10114                 set_ptr = &set;
10115                 switch (arg1) {
10116                 case TARGET_SIG_BLOCK:
10117                     how = SIG_BLOCK;
10118                     break;
10119                 case TARGET_SIG_UNBLOCK:
10120                     how = SIG_UNBLOCK;
10121                     break;
10122                 case TARGET_SIG_SETMASK:
10123                     how = SIG_SETMASK;
10124                     break;
10125                 default:
10126                     return -TARGET_EINVAL;
10127                 }
10128             } else {
10129                 how = 0;
10130                 set_ptr = NULL;
10131             }
10132             ret = do_sigprocmask(how, set_ptr, &oldset);
10133             if (!is_error(ret) && arg3) {
10134                 if (!(p = lock_user(VERIFY_WRITE, arg3, sizeof(target_sigset_t), 0)))
10135                     return -TARGET_EFAULT;
10136                 host_to_target_old_sigset(p, &oldset);
10137                 unlock_user(p, arg3, sizeof(target_sigset_t));
10138             }
10139 #endif
10140         }
10141         return ret;
10142 #endif
10143     case TARGET_NR_rt_sigprocmask:
10144         {
10145             int how = arg1;
10146             sigset_t set, oldset, *set_ptr;
10147 
10148             if (arg4 != sizeof(target_sigset_t)) {
10149                 return -TARGET_EINVAL;
10150             }
10151 
10152             if (arg2) {
10153                 p = lock_user(VERIFY_READ, arg2, sizeof(target_sigset_t), 1);
10154                 if (!p) {
10155                     return -TARGET_EFAULT;
10156                 }
10157                 target_to_host_sigset(&set, p);
10158                 unlock_user(p, arg2, 0);
10159                 set_ptr = &set;
10160                 switch(how) {
10161                 case TARGET_SIG_BLOCK:
10162                     how = SIG_BLOCK;
10163                     break;
10164                 case TARGET_SIG_UNBLOCK:
10165                     how = SIG_UNBLOCK;
10166                     break;
10167                 case TARGET_SIG_SETMASK:
10168                     how = SIG_SETMASK;
10169                     break;
10170                 default:
10171                     return -TARGET_EINVAL;
10172                 }
10173             } else {
10174                 how = 0;
10175                 set_ptr = NULL;
10176             }
10177             ret = do_sigprocmask(how, set_ptr, &oldset);
10178             if (!is_error(ret) && arg3) {
10179                 if (!(p = lock_user(VERIFY_WRITE, arg3, sizeof(target_sigset_t), 0)))
10180                     return -TARGET_EFAULT;
10181                 host_to_target_sigset(p, &oldset);
10182                 unlock_user(p, arg3, sizeof(target_sigset_t));
10183             }
10184         }
10185         return ret;
10186 #ifdef TARGET_NR_sigpending
10187     case TARGET_NR_sigpending:
10188         {
10189             sigset_t set;
10190             ret = get_errno(sigpending(&set));
10191             if (!is_error(ret)) {
10192                 if (!(p = lock_user(VERIFY_WRITE, arg1, sizeof(target_sigset_t), 0)))
10193                     return -TARGET_EFAULT;
10194                 host_to_target_old_sigset(p, &set);
10195                 unlock_user(p, arg1, sizeof(target_sigset_t));
10196             }
10197         }
10198         return ret;
10199 #endif
10200     case TARGET_NR_rt_sigpending:
10201         {
10202             sigset_t set;
10203 
10204             /* Yes, this check is >, not != like most. We follow the kernel's
10205              * logic and it does it like this because it implements
10206              * NR_sigpending through the same code path, and in that case
10207              * the old_sigset_t is smaller in size.
10208              */
10209             if (arg2 > sizeof(target_sigset_t)) {
10210                 return -TARGET_EINVAL;
10211             }
10212 
10213             ret = get_errno(sigpending(&set));
10214             if (!is_error(ret)) {
10215                 if (!(p = lock_user(VERIFY_WRITE, arg1, sizeof(target_sigset_t), 0)))
10216                     return -TARGET_EFAULT;
10217                 host_to_target_sigset(p, &set);
10218                 unlock_user(p, arg1, sizeof(target_sigset_t));
10219             }
10220         }
10221         return ret;
10222 #ifdef TARGET_NR_sigsuspend
10223     case TARGET_NR_sigsuspend:
10224         {
10225             sigset_t *set;
10226 
10227 #if defined(TARGET_ALPHA)
10228             TaskState *ts = cpu->opaque;
10229             /* target_to_host_old_sigset will bswap back */
10230             abi_ulong mask = tswapal(arg1);
10231             set = &ts->sigsuspend_mask;
10232             target_to_host_old_sigset(set, &mask);
10233 #else
10234             ret = process_sigsuspend_mask(&set, arg1, sizeof(target_sigset_t));
10235             if (ret != 0) {
10236                 return ret;
10237             }
10238 #endif
10239             ret = get_errno(safe_rt_sigsuspend(set, SIGSET_T_SIZE));
10240             finish_sigsuspend_mask(ret);
10241         }
10242         return ret;
10243 #endif
10244     case TARGET_NR_rt_sigsuspend:
10245         {
10246             sigset_t *set;
10247 
10248             ret = process_sigsuspend_mask(&set, arg1, arg2);
10249             if (ret != 0) {
10250                 return ret;
10251             }
10252             ret = get_errno(safe_rt_sigsuspend(set, SIGSET_T_SIZE));
10253             finish_sigsuspend_mask(ret);
10254         }
10255         return ret;
10256 #ifdef TARGET_NR_rt_sigtimedwait
10257     case TARGET_NR_rt_sigtimedwait:
10258         {
10259             sigset_t set;
10260             struct timespec uts, *puts;
10261             siginfo_t uinfo;
10262 
10263             if (arg4 != sizeof(target_sigset_t)) {
10264                 return -TARGET_EINVAL;
10265             }
10266 
10267             if (!(p = lock_user(VERIFY_READ, arg1, sizeof(target_sigset_t), 1)))
10268                 return -TARGET_EFAULT;
10269             target_to_host_sigset(&set, p);
10270             unlock_user(p, arg1, 0);
10271             if (arg3) {
10272                 puts = &uts;
10273                 if (target_to_host_timespec(puts, arg3)) {
10274                     return -TARGET_EFAULT;
10275                 }
10276             } else {
10277                 puts = NULL;
10278             }
10279             ret = get_errno(safe_rt_sigtimedwait(&set, &uinfo, puts,
10280                                                  SIGSET_T_SIZE));
10281             if (!is_error(ret)) {
10282                 if (arg2) {
10283                     p = lock_user(VERIFY_WRITE, arg2, sizeof(target_siginfo_t),
10284                                   0);
10285                     if (!p) {
10286                         return -TARGET_EFAULT;
10287                     }
10288                     host_to_target_siginfo(p, &uinfo);
10289                     unlock_user(p, arg2, sizeof(target_siginfo_t));
10290                 }
10291                 ret = host_to_target_signal(ret);
10292             }
10293         }
10294         return ret;
10295 #endif
10296 #ifdef TARGET_NR_rt_sigtimedwait_time64
10297     case TARGET_NR_rt_sigtimedwait_time64:
10298         {
10299             sigset_t set;
10300             struct timespec uts, *puts;
10301             siginfo_t uinfo;
10302 
10303             if (arg4 != sizeof(target_sigset_t)) {
10304                 return -TARGET_EINVAL;
10305             }
10306 
10307             p = lock_user(VERIFY_READ, arg1, sizeof(target_sigset_t), 1);
10308             if (!p) {
10309                 return -TARGET_EFAULT;
10310             }
10311             target_to_host_sigset(&set, p);
10312             unlock_user(p, arg1, 0);
10313             if (arg3) {
10314                 puts = &uts;
10315                 if (target_to_host_timespec64(puts, arg3)) {
10316                     return -TARGET_EFAULT;
10317                 }
10318             } else {
10319                 puts = NULL;
10320             }
10321             ret = get_errno(safe_rt_sigtimedwait(&set, &uinfo, puts,
10322                                                  SIGSET_T_SIZE));
10323             if (!is_error(ret)) {
10324                 if (arg2) {
10325                     p = lock_user(VERIFY_WRITE, arg2,
10326                                   sizeof(target_siginfo_t), 0);
10327                     if (!p) {
10328                         return -TARGET_EFAULT;
10329                     }
10330                     host_to_target_siginfo(p, &uinfo);
10331                     unlock_user(p, arg2, sizeof(target_siginfo_t));
10332                 }
10333                 ret = host_to_target_signal(ret);
10334             }
10335         }
10336         return ret;
10337 #endif
10338     case TARGET_NR_rt_sigqueueinfo:
10339         {
10340             siginfo_t uinfo;
10341 
10342             p = lock_user(VERIFY_READ, arg3, sizeof(target_siginfo_t), 1);
10343             if (!p) {
10344                 return -TARGET_EFAULT;
10345             }
10346             target_to_host_siginfo(&uinfo, p);
10347             unlock_user(p, arg3, 0);
10348             ret = get_errno(sys_rt_sigqueueinfo(arg1, target_to_host_signal(arg2), &uinfo));
10349         }
10350         return ret;
10351     case TARGET_NR_rt_tgsigqueueinfo:
10352         {
10353             siginfo_t uinfo;
10354 
10355             p = lock_user(VERIFY_READ, arg4, sizeof(target_siginfo_t), 1);
10356             if (!p) {
10357                 return -TARGET_EFAULT;
10358             }
10359             target_to_host_siginfo(&uinfo, p);
10360             unlock_user(p, arg4, 0);
10361             ret = get_errno(sys_rt_tgsigqueueinfo(arg1, arg2, target_to_host_signal(arg3), &uinfo));
10362         }
10363         return ret;
10364 #ifdef TARGET_NR_sigreturn
10365     case TARGET_NR_sigreturn:
10366         if (block_signals()) {
10367             return -QEMU_ERESTARTSYS;
10368         }
10369         return do_sigreturn(cpu_env);
10370 #endif
10371     case TARGET_NR_rt_sigreturn:
10372         if (block_signals()) {
10373             return -QEMU_ERESTARTSYS;
10374         }
10375         return do_rt_sigreturn(cpu_env);
10376     case TARGET_NR_sethostname:
10377         if (!(p = lock_user_string(arg1)))
10378             return -TARGET_EFAULT;
10379         ret = get_errno(sethostname(p, arg2));
10380         unlock_user(p, arg1, 0);
10381         return ret;
10382 #ifdef TARGET_NR_setrlimit
10383     case TARGET_NR_setrlimit:
10384         {
10385             int resource = target_to_host_resource(arg1);
10386             struct target_rlimit *target_rlim;
10387             struct rlimit rlim;
10388             if (!lock_user_struct(VERIFY_READ, target_rlim, arg2, 1))
10389                 return -TARGET_EFAULT;
10390             rlim.rlim_cur = target_to_host_rlim(target_rlim->rlim_cur);
10391             rlim.rlim_max = target_to_host_rlim(target_rlim->rlim_max);
10392             unlock_user_struct(target_rlim, arg2, 0);
10393             /*
10394              * If we just passed through resource limit settings for memory then
10395              * they would also apply to QEMU's own allocations, and QEMU will
10396              * crash or hang or die if its allocations fail. Ideally we would
10397              * track the guest allocations in QEMU and apply the limits ourselves.
10398              * For now, just tell the guest the call succeeded but don't actually
10399              * limit anything.
10400              */
10401             if (resource != RLIMIT_AS &&
10402                 resource != RLIMIT_DATA &&
10403                 resource != RLIMIT_STACK) {
10404                 return get_errno(setrlimit(resource, &rlim));
10405             } else {
10406                 return 0;
10407             }
10408         }
10409 #endif
10410 #ifdef TARGET_NR_getrlimit
10411     case TARGET_NR_getrlimit:
10412         {
10413             int resource = target_to_host_resource(arg1);
10414             struct target_rlimit *target_rlim;
10415             struct rlimit rlim;
10416 
10417             ret = get_errno(getrlimit(resource, &rlim));
10418             if (!is_error(ret)) {
10419                 if (!lock_user_struct(VERIFY_WRITE, target_rlim, arg2, 0))
10420                     return -TARGET_EFAULT;
10421                 target_rlim->rlim_cur = host_to_target_rlim(rlim.rlim_cur);
10422                 target_rlim->rlim_max = host_to_target_rlim(rlim.rlim_max);
10423                 unlock_user_struct(target_rlim, arg2, 1);
10424             }
10425         }
10426         return ret;
10427 #endif
10428     case TARGET_NR_getrusage:
10429         {
10430             struct rusage rusage;
10431             ret = get_errno(getrusage(arg1, &rusage));
10432             if (!is_error(ret)) {
10433                 ret = host_to_target_rusage(arg2, &rusage);
10434             }
10435         }
10436         return ret;
10437 #if defined(TARGET_NR_gettimeofday)
10438     case TARGET_NR_gettimeofday:
10439         {
10440             struct timeval tv;
10441             struct timezone tz;
10442 
10443             ret = get_errno(gettimeofday(&tv, &tz));
10444             if (!is_error(ret)) {
10445                 if (arg1 && copy_to_user_timeval(arg1, &tv)) {
10446                     return -TARGET_EFAULT;
10447                 }
10448                 if (arg2 && copy_to_user_timezone(arg2, &tz)) {
10449                     return -TARGET_EFAULT;
10450                 }
10451             }
10452         }
10453         return ret;
10454 #endif
10455 #if defined(TARGET_NR_settimeofday)
10456     case TARGET_NR_settimeofday:
10457         {
10458             struct timeval tv, *ptv = NULL;
10459             struct timezone tz, *ptz = NULL;
10460 
10461             if (arg1) {
10462                 if (copy_from_user_timeval(&tv, arg1)) {
10463                     return -TARGET_EFAULT;
10464                 }
10465                 ptv = &tv;
10466             }
10467 
10468             if (arg2) {
10469                 if (copy_from_user_timezone(&tz, arg2)) {
10470                     return -TARGET_EFAULT;
10471                 }
10472                 ptz = &tz;
10473             }
10474 
10475             return get_errno(settimeofday(ptv, ptz));
10476         }
10477 #endif
10478 #if defined(TARGET_NR_select)
10479     case TARGET_NR_select:
10480 #if defined(TARGET_WANT_NI_OLD_SELECT)
10481         /* some architectures used to have old_select here
10482          * but now ENOSYS it.
10483          */
10484         ret = -TARGET_ENOSYS;
10485 #elif defined(TARGET_WANT_OLD_SYS_SELECT)
10486         ret = do_old_select(arg1);
10487 #else
10488         ret = do_select(arg1, arg2, arg3, arg4, arg5);
10489 #endif
10490         return ret;
10491 #endif
10492 #ifdef TARGET_NR_pselect6
10493     case TARGET_NR_pselect6:
10494         return do_pselect6(arg1, arg2, arg3, arg4, arg5, arg6, false);
10495 #endif
10496 #ifdef TARGET_NR_pselect6_time64
10497     case TARGET_NR_pselect6_time64:
10498         return do_pselect6(arg1, arg2, arg3, arg4, arg5, arg6, true);
10499 #endif
10500 #ifdef TARGET_NR_symlink
10501     case TARGET_NR_symlink:
10502         {
10503             void *p2;
10504             p = lock_user_string(arg1);
10505             p2 = lock_user_string(arg2);
10506             if (!p || !p2)
10507                 ret = -TARGET_EFAULT;
10508             else
10509                 ret = get_errno(symlink(p, p2));
10510             unlock_user(p2, arg2, 0);
10511             unlock_user(p, arg1, 0);
10512         }
10513         return ret;
10514 #endif
10515 #if defined(TARGET_NR_symlinkat)
10516     case TARGET_NR_symlinkat:
10517         {
10518             void *p2;
10519             p  = lock_user_string(arg1);
10520             p2 = lock_user_string(arg3);
10521             if (!p || !p2)
10522                 ret = -TARGET_EFAULT;
10523             else
10524                 ret = get_errno(symlinkat(p, arg2, p2));
10525             unlock_user(p2, arg3, 0);
10526             unlock_user(p, arg1, 0);
10527         }
10528         return ret;
10529 #endif
10530 #ifdef TARGET_NR_readlink
10531     case TARGET_NR_readlink:
10532         {
10533             void *p2;
10534             p = lock_user_string(arg1);
10535             p2 = lock_user(VERIFY_WRITE, arg2, arg3, 0);
10536             ret = get_errno(do_guest_readlink(p, p2, arg3));
10537             unlock_user(p2, arg2, ret);
10538             unlock_user(p, arg1, 0);
10539         }
10540         return ret;
10541 #endif
10542 #if defined(TARGET_NR_readlinkat)
10543     case TARGET_NR_readlinkat:
10544         {
10545             void *p2;
10546             p  = lock_user_string(arg2);
10547             p2 = lock_user(VERIFY_WRITE, arg3, arg4, 0);
10548             if (!p || !p2) {
10549                 ret = -TARGET_EFAULT;
10550             } else if (!arg4) {
10551                 /* Short circuit this for the magic exe check. */
10552                 ret = -TARGET_EINVAL;
10553             } else if (is_proc_myself((const char *)p, "exe")) {
10554                 /*
10555                  * Don't worry about sign mismatch as earlier mapping
10556                  * logic would have thrown a bad address error.
10557                  */
10558                 ret = MIN(strlen(exec_path), arg4);
10559                 /* We cannot NUL terminate the string. */
10560                 memcpy(p2, exec_path, ret);
10561             } else {
10562                 ret = get_errno(readlinkat(arg1, path(p), p2, arg4));
10563             }
10564             unlock_user(p2, arg3, ret);
10565             unlock_user(p, arg2, 0);
10566         }
10567         return ret;
10568 #endif
10569 #ifdef TARGET_NR_swapon
10570     case TARGET_NR_swapon:
10571         if (!(p = lock_user_string(arg1)))
10572             return -TARGET_EFAULT;
10573         ret = get_errno(swapon(p, arg2));
10574         unlock_user(p, arg1, 0);
10575         return ret;
10576 #endif
10577     case TARGET_NR_reboot:
10578         if (arg3 == LINUX_REBOOT_CMD_RESTART2) {
10579            /* arg4 must be ignored in all other cases */
10580            p = lock_user_string(arg4);
10581            if (!p) {
10582                return -TARGET_EFAULT;
10583            }
10584            ret = get_errno(reboot(arg1, arg2, arg3, p));
10585            unlock_user(p, arg4, 0);
10586         } else {
10587            ret = get_errno(reboot(arg1, arg2, arg3, NULL));
10588         }
10589         return ret;
10590 #ifdef TARGET_NR_mmap
10591     case TARGET_NR_mmap:
10592 #if (defined(TARGET_I386) && defined(TARGET_ABI32)) || \
10593     (defined(TARGET_ARM) && defined(TARGET_ABI32)) || \
10594     defined(TARGET_M68K) || defined(TARGET_CRIS) || defined(TARGET_MICROBLAZE) \
10595     || defined(TARGET_S390X)
10596         {
10597             abi_ulong *v;
10598             abi_ulong v1, v2, v3, v4, v5, v6;
10599             if (!(v = lock_user(VERIFY_READ, arg1, 6 * sizeof(abi_ulong), 1)))
10600                 return -TARGET_EFAULT;
10601             v1 = tswapal(v[0]);
10602             v2 = tswapal(v[1]);
10603             v3 = tswapal(v[2]);
10604             v4 = tswapal(v[3]);
10605             v5 = tswapal(v[4]);
10606             v6 = tswapal(v[5]);
10607             unlock_user(v, arg1, 0);
10608             return do_mmap(v1, v2, v3, v4, v5, v6);
10609         }
10610 #else
10611         /* mmap pointers are always untagged */
10612         return do_mmap(arg1, arg2, arg3, arg4, arg5, arg6);
10613 #endif
10614 #endif
10615 #ifdef TARGET_NR_mmap2
10616     case TARGET_NR_mmap2:
10617 #ifndef MMAP_SHIFT
10618 #define MMAP_SHIFT 12
10619 #endif
10620         return do_mmap(arg1, arg2, arg3, arg4, arg5,
10621                        (off_t)(abi_ulong)arg6 << MMAP_SHIFT);
10622 #endif
10623     case TARGET_NR_munmap:
10624         arg1 = cpu_untagged_addr(cpu, arg1);
10625         return get_errno(target_munmap(arg1, arg2));
10626     case TARGET_NR_mprotect:
10627         arg1 = cpu_untagged_addr(cpu, arg1);
10628         {
10629             TaskState *ts = cpu->opaque;
10630             /* Special hack to detect libc making the stack executable.  */
10631             if ((arg3 & PROT_GROWSDOWN)
10632                 && arg1 >= ts->info->stack_limit
10633                 && arg1 <= ts->info->start_stack) {
10634                 arg3 &= ~PROT_GROWSDOWN;
10635                 arg2 = arg2 + arg1 - ts->info->stack_limit;
10636                 arg1 = ts->info->stack_limit;
10637             }
10638         }
10639         return get_errno(target_mprotect(arg1, arg2, arg3));
10640 #ifdef TARGET_NR_mremap
10641     case TARGET_NR_mremap:
10642         arg1 = cpu_untagged_addr(cpu, arg1);
10643         /* mremap new_addr (arg5) is always untagged */
10644         return get_errno(target_mremap(arg1, arg2, arg3, arg4, arg5));
10645 #endif
10646         /* ??? msync/mlock/munlock are broken for softmmu.  */
10647 #ifdef TARGET_NR_msync
10648     case TARGET_NR_msync:
10649         return get_errno(msync(g2h(cpu, arg1), arg2,
10650                                target_to_host_msync_arg(arg3)));
10651 #endif
10652 #ifdef TARGET_NR_mlock
10653     case TARGET_NR_mlock:
10654         return get_errno(mlock(g2h(cpu, arg1), arg2));
10655 #endif
10656 #ifdef TARGET_NR_munlock
10657     case TARGET_NR_munlock:
10658         return get_errno(munlock(g2h(cpu, arg1), arg2));
10659 #endif
10660 #ifdef TARGET_NR_mlockall
10661     case TARGET_NR_mlockall:
10662         return get_errno(mlockall(target_to_host_mlockall_arg(arg1)));
10663 #endif
10664 #ifdef TARGET_NR_munlockall
10665     case TARGET_NR_munlockall:
10666         return get_errno(munlockall());
10667 #endif
10668 #ifdef TARGET_NR_truncate
10669     case TARGET_NR_truncate:
10670         if (!(p = lock_user_string(arg1)))
10671             return -TARGET_EFAULT;
10672         ret = get_errno(truncate(p, arg2));
10673         unlock_user(p, arg1, 0);
10674         return ret;
10675 #endif
10676 #ifdef TARGET_NR_ftruncate
10677     case TARGET_NR_ftruncate:
10678         return get_errno(ftruncate(arg1, arg2));
10679 #endif
10680     case TARGET_NR_fchmod:
10681         return get_errno(fchmod(arg1, arg2));
10682 #if defined(TARGET_NR_fchmodat)
10683     case TARGET_NR_fchmodat:
10684         if (!(p = lock_user_string(arg2)))
10685             return -TARGET_EFAULT;
10686         ret = get_errno(fchmodat(arg1, p, arg3, 0));
10687         unlock_user(p, arg2, 0);
10688         return ret;
10689 #endif
10690     case TARGET_NR_getpriority:
10691         /* Note that negative values are valid for getpriority, so we must
10692            differentiate based on errno settings.  */
10693         errno = 0;
10694         ret = getpriority(arg1, arg2);
10695         if (ret == -1 && errno != 0) {
10696             return -host_to_target_errno(errno);
10697         }
10698 #ifdef TARGET_ALPHA
10699         /* Return value is the unbiased priority.  Signal no error.  */
10700         cpu_env->ir[IR_V0] = 0;
10701 #else
10702         /* Return value is a biased priority to avoid negative numbers.  */
10703         ret = 20 - ret;
10704 #endif
10705         return ret;
10706     case TARGET_NR_setpriority:
10707         return get_errno(setpriority(arg1, arg2, arg3));
10708 #ifdef TARGET_NR_statfs
10709     case TARGET_NR_statfs:
10710         if (!(p = lock_user_string(arg1))) {
10711             return -TARGET_EFAULT;
10712         }
10713         ret = get_errno(statfs(path(p), &stfs));
10714         unlock_user(p, arg1, 0);
10715     convert_statfs:
10716         if (!is_error(ret)) {
10717             struct target_statfs *target_stfs;
10718 
10719             if (!lock_user_struct(VERIFY_WRITE, target_stfs, arg2, 0))
10720                 return -TARGET_EFAULT;
10721             __put_user(stfs.f_type, &target_stfs->f_type);
10722             __put_user(stfs.f_bsize, &target_stfs->f_bsize);
10723             __put_user(stfs.f_blocks, &target_stfs->f_blocks);
10724             __put_user(stfs.f_bfree, &target_stfs->f_bfree);
10725             __put_user(stfs.f_bavail, &target_stfs->f_bavail);
10726             __put_user(stfs.f_files, &target_stfs->f_files);
10727             __put_user(stfs.f_ffree, &target_stfs->f_ffree);
10728             __put_user(stfs.f_fsid.__val[0], &target_stfs->f_fsid.val[0]);
10729             __put_user(stfs.f_fsid.__val[1], &target_stfs->f_fsid.val[1]);
10730             __put_user(stfs.f_namelen, &target_stfs->f_namelen);
10731             __put_user(stfs.f_frsize, &target_stfs->f_frsize);
10732 #ifdef _STATFS_F_FLAGS
10733             __put_user(stfs.f_flags, &target_stfs->f_flags);
10734 #else
10735             __put_user(0, &target_stfs->f_flags);
10736 #endif
10737             memset(target_stfs->f_spare, 0, sizeof(target_stfs->f_spare));
10738             unlock_user_struct(target_stfs, arg2, 1);
10739         }
10740         return ret;
10741 #endif
10742 #ifdef TARGET_NR_fstatfs
10743     case TARGET_NR_fstatfs:
10744         ret = get_errno(fstatfs(arg1, &stfs));
10745         goto convert_statfs;
10746 #endif
10747 #ifdef TARGET_NR_statfs64
10748     case TARGET_NR_statfs64:
10749         if (!(p = lock_user_string(arg1))) {
10750             return -TARGET_EFAULT;
10751         }
10752         ret = get_errno(statfs(path(p), &stfs));
10753         unlock_user(p, arg1, 0);
10754     convert_statfs64:
10755         if (!is_error(ret)) {
10756             struct target_statfs64 *target_stfs;
10757 
10758             if (!lock_user_struct(VERIFY_WRITE, target_stfs, arg3, 0))
10759                 return -TARGET_EFAULT;
10760             __put_user(stfs.f_type, &target_stfs->f_type);
10761             __put_user(stfs.f_bsize, &target_stfs->f_bsize);
10762             __put_user(stfs.f_blocks, &target_stfs->f_blocks);
10763             __put_user(stfs.f_bfree, &target_stfs->f_bfree);
10764             __put_user(stfs.f_bavail, &target_stfs->f_bavail);
10765             __put_user(stfs.f_files, &target_stfs->f_files);
10766             __put_user(stfs.f_ffree, &target_stfs->f_ffree);
10767             __put_user(stfs.f_fsid.__val[0], &target_stfs->f_fsid.val[0]);
10768             __put_user(stfs.f_fsid.__val[1], &target_stfs->f_fsid.val[1]);
10769             __put_user(stfs.f_namelen, &target_stfs->f_namelen);
10770             __put_user(stfs.f_frsize, &target_stfs->f_frsize);
10771 #ifdef _STATFS_F_FLAGS
10772             __put_user(stfs.f_flags, &target_stfs->f_flags);
10773 #else
10774             __put_user(0, &target_stfs->f_flags);
10775 #endif
10776             memset(target_stfs->f_spare, 0, sizeof(target_stfs->f_spare));
10777             unlock_user_struct(target_stfs, arg3, 1);
10778         }
10779         return ret;
10780     case TARGET_NR_fstatfs64:
10781         ret = get_errno(fstatfs(arg1, &stfs));
10782         goto convert_statfs64;
10783 #endif
10784 #ifdef TARGET_NR_socketcall
10785     case TARGET_NR_socketcall:
10786         return do_socketcall(arg1, arg2);
10787 #endif
10788 #ifdef TARGET_NR_accept
10789     case TARGET_NR_accept:
10790         return do_accept4(arg1, arg2, arg3, 0);
10791 #endif
10792 #ifdef TARGET_NR_accept4
10793     case TARGET_NR_accept4:
10794         return do_accept4(arg1, arg2, arg3, arg4);
10795 #endif
10796 #ifdef TARGET_NR_bind
10797     case TARGET_NR_bind:
10798         return do_bind(arg1, arg2, arg3);
10799 #endif
10800 #ifdef TARGET_NR_connect
10801     case TARGET_NR_connect:
10802         return do_connect(arg1, arg2, arg3);
10803 #endif
10804 #ifdef TARGET_NR_getpeername
10805     case TARGET_NR_getpeername:
10806         return do_getpeername(arg1, arg2, arg3);
10807 #endif
10808 #ifdef TARGET_NR_getsockname
10809     case TARGET_NR_getsockname:
10810         return do_getsockname(arg1, arg2, arg3);
10811 #endif
10812 #ifdef TARGET_NR_getsockopt
10813     case TARGET_NR_getsockopt:
10814         return do_getsockopt(arg1, arg2, arg3, arg4, arg5);
10815 #endif
10816 #ifdef TARGET_NR_listen
10817     case TARGET_NR_listen:
10818         return get_errno(listen(arg1, arg2));
10819 #endif
10820 #ifdef TARGET_NR_recv
10821     case TARGET_NR_recv:
10822         return do_recvfrom(arg1, arg2, arg3, arg4, 0, 0);
10823 #endif
10824 #ifdef TARGET_NR_recvfrom
10825     case TARGET_NR_recvfrom:
10826         return do_recvfrom(arg1, arg2, arg3, arg4, arg5, arg6);
10827 #endif
10828 #ifdef TARGET_NR_recvmsg
10829     case TARGET_NR_recvmsg:
10830         return do_sendrecvmsg(arg1, arg2, arg3, 0);
10831 #endif
10832 #ifdef TARGET_NR_send
10833     case TARGET_NR_send:
10834         return do_sendto(arg1, arg2, arg3, arg4, 0, 0);
10835 #endif
10836 #ifdef TARGET_NR_sendmsg
10837     case TARGET_NR_sendmsg:
10838         return do_sendrecvmsg(arg1, arg2, arg3, 1);
10839 #endif
10840 #ifdef TARGET_NR_sendmmsg
10841     case TARGET_NR_sendmmsg:
10842         return do_sendrecvmmsg(arg1, arg2, arg3, arg4, 1);
10843 #endif
10844 #ifdef TARGET_NR_recvmmsg
10845     case TARGET_NR_recvmmsg:
10846         return do_sendrecvmmsg(arg1, arg2, arg3, arg4, 0);
10847 #endif
10848 #ifdef TARGET_NR_sendto
10849     case TARGET_NR_sendto:
10850         return do_sendto(arg1, arg2, arg3, arg4, arg5, arg6);
10851 #endif
10852 #ifdef TARGET_NR_shutdown
10853     case TARGET_NR_shutdown:
10854         return get_errno(shutdown(arg1, arg2));
10855 #endif
10856 #if defined(TARGET_NR_getrandom) && defined(__NR_getrandom)
10857     case TARGET_NR_getrandom:
10858         p = lock_user(VERIFY_WRITE, arg1, arg2, 0);
10859         if (!p) {
10860             return -TARGET_EFAULT;
10861         }
10862         ret = get_errno(getrandom(p, arg2, arg3));
10863         unlock_user(p, arg1, ret);
10864         return ret;
10865 #endif
10866 #ifdef TARGET_NR_socket
10867     case TARGET_NR_socket:
10868         return do_socket(arg1, arg2, arg3);
10869 #endif
10870 #ifdef TARGET_NR_socketpair
10871     case TARGET_NR_socketpair:
10872         return do_socketpair(arg1, arg2, arg3, arg4);
10873 #endif
10874 #ifdef TARGET_NR_setsockopt
10875     case TARGET_NR_setsockopt:
10876         return do_setsockopt(arg1, arg2, arg3, arg4, (socklen_t) arg5);
10877 #endif
10878 #if defined(TARGET_NR_syslog)
10879     case TARGET_NR_syslog:
10880         {
10881             int len = arg2;
10882 
10883             switch (arg1) {
10884             case TARGET_SYSLOG_ACTION_CLOSE:         /* Close log */
10885             case TARGET_SYSLOG_ACTION_OPEN:          /* Open log */
10886             case TARGET_SYSLOG_ACTION_CLEAR:         /* Clear ring buffer */
10887             case TARGET_SYSLOG_ACTION_CONSOLE_OFF:   /* Disable logging */
10888             case TARGET_SYSLOG_ACTION_CONSOLE_ON:    /* Enable logging */
10889             case TARGET_SYSLOG_ACTION_CONSOLE_LEVEL: /* Set messages level */
10890             case TARGET_SYSLOG_ACTION_SIZE_UNREAD:   /* Number of chars */
10891             case TARGET_SYSLOG_ACTION_SIZE_BUFFER:   /* Size of the buffer */
10892                 return get_errno(sys_syslog((int)arg1, NULL, (int)arg3));
10893             case TARGET_SYSLOG_ACTION_READ:          /* Read from log */
10894             case TARGET_SYSLOG_ACTION_READ_CLEAR:    /* Read/clear msgs */
10895             case TARGET_SYSLOG_ACTION_READ_ALL:      /* Read last messages */
10896                 {
10897                     if (len < 0) {
10898                         return -TARGET_EINVAL;
10899                     }
10900                     if (len == 0) {
10901                         return 0;
10902                     }
10903                     p = lock_user(VERIFY_WRITE, arg2, arg3, 0);
10904                     if (!p) {
10905                         return -TARGET_EFAULT;
10906                     }
10907                     ret = get_errno(sys_syslog((int)arg1, p, (int)arg3));
10908                     unlock_user(p, arg2, arg3);
10909                 }
10910                 return ret;
10911             default:
10912                 return -TARGET_EINVAL;
10913             }
10914         }
10915         break;
10916 #endif
10917     case TARGET_NR_setitimer:
10918         {
10919             struct itimerval value, ovalue, *pvalue;
10920 
10921             if (arg2) {
10922                 pvalue = &value;
10923                 if (copy_from_user_timeval(&pvalue->it_interval, arg2)
10924                     || copy_from_user_timeval(&pvalue->it_value,
10925                                               arg2 + sizeof(struct target_timeval)))
10926                     return -TARGET_EFAULT;
10927             } else {
10928                 pvalue = NULL;
10929             }
10930             ret = get_errno(setitimer(arg1, pvalue, &ovalue));
10931             if (!is_error(ret) && arg3) {
10932                 if (copy_to_user_timeval(arg3,
10933                                          &ovalue.it_interval)
10934                     || copy_to_user_timeval(arg3 + sizeof(struct target_timeval),
10935                                             &ovalue.it_value))
10936                     return -TARGET_EFAULT;
10937             }
10938         }
10939         return ret;
10940     case TARGET_NR_getitimer:
10941         {
10942             struct itimerval value;
10943 
10944             ret = get_errno(getitimer(arg1, &value));
10945             if (!is_error(ret) && arg2) {
10946                 if (copy_to_user_timeval(arg2,
10947                                          &value.it_interval)
10948                     || copy_to_user_timeval(arg2 + sizeof(struct target_timeval),
10949                                             &value.it_value))
10950                     return -TARGET_EFAULT;
10951             }
10952         }
10953         return ret;
10954 #ifdef TARGET_NR_stat
10955     case TARGET_NR_stat:
10956         if (!(p = lock_user_string(arg1))) {
10957             return -TARGET_EFAULT;
10958         }
10959         ret = get_errno(stat(path(p), &st));
10960         unlock_user(p, arg1, 0);
10961         goto do_stat;
10962 #endif
10963 #ifdef TARGET_NR_lstat
10964     case TARGET_NR_lstat:
10965         if (!(p = lock_user_string(arg1))) {
10966             return -TARGET_EFAULT;
10967         }
10968         ret = get_errno(lstat(path(p), &st));
10969         unlock_user(p, arg1, 0);
10970         goto do_stat;
10971 #endif
10972 #ifdef TARGET_NR_fstat
10973     case TARGET_NR_fstat:
10974         {
10975             ret = get_errno(fstat(arg1, &st));
10976 #if defined(TARGET_NR_stat) || defined(TARGET_NR_lstat)
10977         do_stat:
10978 #endif
10979             if (!is_error(ret)) {
10980                 struct target_stat *target_st;
10981 
10982                 if (!lock_user_struct(VERIFY_WRITE, target_st, arg2, 0))
10983                     return -TARGET_EFAULT;
10984                 memset(target_st, 0, sizeof(*target_st));
10985                 __put_user(st.st_dev, &target_st->st_dev);
10986                 __put_user(st.st_ino, &target_st->st_ino);
10987                 __put_user(st.st_mode, &target_st->st_mode);
10988                 __put_user(st.st_uid, &target_st->st_uid);
10989                 __put_user(st.st_gid, &target_st->st_gid);
10990                 __put_user(st.st_nlink, &target_st->st_nlink);
10991                 __put_user(st.st_rdev, &target_st->st_rdev);
10992                 __put_user(st.st_size, &target_st->st_size);
10993                 __put_user(st.st_blksize, &target_st->st_blksize);
10994                 __put_user(st.st_blocks, &target_st->st_blocks);
10995                 __put_user(st.st_atime, &target_st->target_st_atime);
10996                 __put_user(st.st_mtime, &target_st->target_st_mtime);
10997                 __put_user(st.st_ctime, &target_st->target_st_ctime);
10998 #if defined(HAVE_STRUCT_STAT_ST_ATIM) && defined(TARGET_STAT_HAVE_NSEC)
10999                 __put_user(st.st_atim.tv_nsec,
11000                            &target_st->target_st_atime_nsec);
11001                 __put_user(st.st_mtim.tv_nsec,
11002                            &target_st->target_st_mtime_nsec);
11003                 __put_user(st.st_ctim.tv_nsec,
11004                            &target_st->target_st_ctime_nsec);
11005 #endif
11006                 unlock_user_struct(target_st, arg2, 1);
11007             }
11008         }
11009         return ret;
11010 #endif
11011     case TARGET_NR_vhangup:
11012         return get_errno(vhangup());
11013 #ifdef TARGET_NR_syscall
11014     case TARGET_NR_syscall:
11015         return do_syscall(cpu_env, arg1 & 0xffff, arg2, arg3, arg4, arg5,
11016                           arg6, arg7, arg8, 0);
11017 #endif
11018 #if defined(TARGET_NR_wait4)
11019     case TARGET_NR_wait4:
11020         {
11021             int status;
11022             abi_long status_ptr = arg2;
11023             struct rusage rusage, *rusage_ptr;
11024             abi_ulong target_rusage = arg4;
11025             abi_long rusage_err;
11026             if (target_rusage)
11027                 rusage_ptr = &rusage;
11028             else
11029                 rusage_ptr = NULL;
11030             ret = get_errno(safe_wait4(arg1, &status, arg3, rusage_ptr));
11031             if (!is_error(ret)) {
11032                 if (status_ptr && ret) {
11033                     status = host_to_target_waitstatus(status);
11034                     if (put_user_s32(status, status_ptr))
11035                         return -TARGET_EFAULT;
11036                 }
11037                 if (target_rusage) {
11038                     rusage_err = host_to_target_rusage(target_rusage, &rusage);
11039                     if (rusage_err) {
11040                         ret = rusage_err;
11041                     }
11042                 }
11043             }
11044         }
11045         return ret;
11046 #endif
11047 #ifdef TARGET_NR_swapoff
11048     case TARGET_NR_swapoff:
11049         if (!(p = lock_user_string(arg1)))
11050             return -TARGET_EFAULT;
11051         ret = get_errno(swapoff(p));
11052         unlock_user(p, arg1, 0);
11053         return ret;
11054 #endif
11055     case TARGET_NR_sysinfo:
11056         {
11057             struct target_sysinfo *target_value;
11058             struct sysinfo value;
11059             ret = get_errno(sysinfo(&value));
11060             if (!is_error(ret) && arg1)
11061             {
11062                 if (!lock_user_struct(VERIFY_WRITE, target_value, arg1, 0))
11063                     return -TARGET_EFAULT;
11064                 __put_user(value.uptime, &target_value->uptime);
11065                 __put_user(value.loads[0], &target_value->loads[0]);
11066                 __put_user(value.loads[1], &target_value->loads[1]);
11067                 __put_user(value.loads[2], &target_value->loads[2]);
11068                 __put_user(value.totalram, &target_value->totalram);
11069                 __put_user(value.freeram, &target_value->freeram);
11070                 __put_user(value.sharedram, &target_value->sharedram);
11071                 __put_user(value.bufferram, &target_value->bufferram);
11072                 __put_user(value.totalswap, &target_value->totalswap);
11073                 __put_user(value.freeswap, &target_value->freeswap);
11074                 __put_user(value.procs, &target_value->procs);
11075                 __put_user(value.totalhigh, &target_value->totalhigh);
11076                 __put_user(value.freehigh, &target_value->freehigh);
11077                 __put_user(value.mem_unit, &target_value->mem_unit);
11078                 unlock_user_struct(target_value, arg1, 1);
11079             }
11080         }
11081         return ret;
11082 #ifdef TARGET_NR_ipc
11083     case TARGET_NR_ipc:
11084         return do_ipc(cpu_env, arg1, arg2, arg3, arg4, arg5, arg6);
11085 #endif
11086 #ifdef TARGET_NR_semget
11087     case TARGET_NR_semget:
11088         return get_errno(semget(arg1, arg2, arg3));
11089 #endif
11090 #ifdef TARGET_NR_semop
11091     case TARGET_NR_semop:
11092         return do_semtimedop(arg1, arg2, arg3, 0, false);
11093 #endif
11094 #ifdef TARGET_NR_semtimedop
11095     case TARGET_NR_semtimedop:
11096         return do_semtimedop(arg1, arg2, arg3, arg4, false);
11097 #endif
11098 #ifdef TARGET_NR_semtimedop_time64
11099     case TARGET_NR_semtimedop_time64:
11100         return do_semtimedop(arg1, arg2, arg3, arg4, true);
11101 #endif
11102 #ifdef TARGET_NR_semctl
11103     case TARGET_NR_semctl:
11104         return do_semctl(arg1, arg2, arg3, arg4);
11105 #endif
11106 #ifdef TARGET_NR_msgctl
11107     case TARGET_NR_msgctl:
11108         return do_msgctl(arg1, arg2, arg3);
11109 #endif
11110 #ifdef TARGET_NR_msgget
11111     case TARGET_NR_msgget:
11112         return get_errno(msgget(arg1, arg2));
11113 #endif
11114 #ifdef TARGET_NR_msgrcv
11115     case TARGET_NR_msgrcv:
11116         return do_msgrcv(arg1, arg2, arg3, arg4, arg5);
11117 #endif
11118 #ifdef TARGET_NR_msgsnd
11119     case TARGET_NR_msgsnd:
11120         return do_msgsnd(arg1, arg2, arg3, arg4);
11121 #endif
11122 #ifdef TARGET_NR_shmget
11123     case TARGET_NR_shmget:
11124         return get_errno(shmget(arg1, arg2, arg3));
11125 #endif
11126 #ifdef TARGET_NR_shmctl
11127     case TARGET_NR_shmctl:
11128         return do_shmctl(arg1, arg2, arg3);
11129 #endif
11130 #ifdef TARGET_NR_shmat
11131     case TARGET_NR_shmat:
11132         return do_shmat(cpu_env, arg1, arg2, arg3);
11133 #endif
11134 #ifdef TARGET_NR_shmdt
11135     case TARGET_NR_shmdt:
11136         return do_shmdt(arg1);
11137 #endif
11138     case TARGET_NR_fsync:
11139         return get_errno(fsync(arg1));
11140     case TARGET_NR_clone:
11141         /* Linux manages to have three different orderings for its
11142          * arguments to clone(); the BACKWARDS and BACKWARDS2 defines
11143          * match the kernel's CONFIG_CLONE_* settings.
11144          * Microblaze is further special in that it uses a sixth
11145          * implicit argument to clone for the TLS pointer.
11146          */
11147 #if defined(TARGET_MICROBLAZE)
11148         ret = get_errno(do_fork(cpu_env, arg1, arg2, arg4, arg6, arg5));
11149 #elif defined(TARGET_CLONE_BACKWARDS)
11150         ret = get_errno(do_fork(cpu_env, arg1, arg2, arg3, arg4, arg5));
11151 #elif defined(TARGET_CLONE_BACKWARDS2)
11152         ret = get_errno(do_fork(cpu_env, arg2, arg1, arg3, arg5, arg4));
11153 #else
11154         ret = get_errno(do_fork(cpu_env, arg1, arg2, arg3, arg5, arg4));
11155 #endif
11156         return ret;
11157 #ifdef __NR_exit_group
11158         /* new thread calls */
11159     case TARGET_NR_exit_group:
11160         preexit_cleanup(cpu_env, arg1);
11161         return get_errno(exit_group(arg1));
11162 #endif
11163     case TARGET_NR_setdomainname:
11164         if (!(p = lock_user_string(arg1)))
11165             return -TARGET_EFAULT;
11166         ret = get_errno(setdomainname(p, arg2));
11167         unlock_user(p, arg1, 0);
11168         return ret;
11169     case TARGET_NR_uname:
11170         /* no need to transcode because we use the linux syscall */
11171         {
11172             struct new_utsname * buf;
11173 
11174             if (!lock_user_struct(VERIFY_WRITE, buf, arg1, 0))
11175                 return -TARGET_EFAULT;
11176             ret = get_errno(sys_uname(buf));
11177             if (!is_error(ret)) {
11178                 /* Overwrite the native machine name with whatever is being
11179                    emulated. */
11180                 g_strlcpy(buf->machine, cpu_to_uname_machine(cpu_env),
11181                           sizeof(buf->machine));
11182                 /* Allow the user to override the reported release.  */
11183                 if (qemu_uname_release && *qemu_uname_release) {
11184                     g_strlcpy(buf->release, qemu_uname_release,
11185                               sizeof(buf->release));
11186                 }
11187             }
11188             unlock_user_struct(buf, arg1, 1);
11189         }
11190         return ret;
11191 #ifdef TARGET_I386
11192     case TARGET_NR_modify_ldt:
11193         return do_modify_ldt(cpu_env, arg1, arg2, arg3);
11194 #if !defined(TARGET_X86_64)
11195     case TARGET_NR_vm86:
11196         return do_vm86(cpu_env, arg1, arg2);
11197 #endif
11198 #endif
11199 #if defined(TARGET_NR_adjtimex)
11200     case TARGET_NR_adjtimex:
11201         {
11202             struct timex host_buf;
11203 
11204             if (target_to_host_timex(&host_buf, arg1) != 0) {
11205                 return -TARGET_EFAULT;
11206             }
11207             ret = get_errno(adjtimex(&host_buf));
11208             if (!is_error(ret)) {
11209                 if (host_to_target_timex(arg1, &host_buf) != 0) {
11210                     return -TARGET_EFAULT;
11211                 }
11212             }
11213         }
11214         return ret;
11215 #endif
11216 #if defined(TARGET_NR_clock_adjtime) && defined(CONFIG_CLOCK_ADJTIME)
11217     case TARGET_NR_clock_adjtime:
11218         {
11219             struct timex htx;
11220 
11221             if (target_to_host_timex(&htx, arg2) != 0) {
11222                 return -TARGET_EFAULT;
11223             }
11224             ret = get_errno(clock_adjtime(arg1, &htx));
11225             if (!is_error(ret) && host_to_target_timex(arg2, &htx)) {
11226                 return -TARGET_EFAULT;
11227             }
11228         }
11229         return ret;
11230 #endif
11231 #if defined(TARGET_NR_clock_adjtime64) && defined(CONFIG_CLOCK_ADJTIME)
11232     case TARGET_NR_clock_adjtime64:
11233         {
11234             struct timex htx;
11235 
11236             if (target_to_host_timex64(&htx, arg2) != 0) {
11237                 return -TARGET_EFAULT;
11238             }
11239             ret = get_errno(clock_adjtime(arg1, &htx));
11240             if (!is_error(ret) && host_to_target_timex64(arg2, &htx)) {
11241                     return -TARGET_EFAULT;
11242             }
11243         }
11244         return ret;
11245 #endif
11246     case TARGET_NR_getpgid:
11247         return get_errno(getpgid(arg1));
11248     case TARGET_NR_fchdir:
11249         return get_errno(fchdir(arg1));
11250     case TARGET_NR_personality:
11251         return get_errno(personality(arg1));
11252 #ifdef TARGET_NR__llseek /* Not on alpha */
11253     case TARGET_NR__llseek:
11254         {
11255             int64_t res;
11256 #if !defined(__NR_llseek)
11257             res = lseek(arg1, ((uint64_t)arg2 << 32) | (abi_ulong)arg3, arg5);
11258             if (res == -1) {
11259                 ret = get_errno(res);
11260             } else {
11261                 ret = 0;
11262             }
11263 #else
11264             ret = get_errno(_llseek(arg1, arg2, arg3, &res, arg5));
11265 #endif
11266             if ((ret == 0) && put_user_s64(res, arg4)) {
11267                 return -TARGET_EFAULT;
11268             }
11269         }
11270         return ret;
11271 #endif
11272 #ifdef TARGET_NR_getdents
11273     case TARGET_NR_getdents:
11274         return do_getdents(arg1, arg2, arg3);
11275 #endif /* TARGET_NR_getdents */
11276 #if defined(TARGET_NR_getdents64) && defined(__NR_getdents64)
11277     case TARGET_NR_getdents64:
11278         return do_getdents64(arg1, arg2, arg3);
11279 #endif /* TARGET_NR_getdents64 */
11280 #if defined(TARGET_NR__newselect)
11281     case TARGET_NR__newselect:
11282         return do_select(arg1, arg2, arg3, arg4, arg5);
11283 #endif
11284 #ifdef TARGET_NR_poll
11285     case TARGET_NR_poll:
11286         return do_ppoll(arg1, arg2, arg3, arg4, arg5, false, false);
11287 #endif
11288 #ifdef TARGET_NR_ppoll
11289     case TARGET_NR_ppoll:
11290         return do_ppoll(arg1, arg2, arg3, arg4, arg5, true, false);
11291 #endif
11292 #ifdef TARGET_NR_ppoll_time64
11293     case TARGET_NR_ppoll_time64:
11294         return do_ppoll(arg1, arg2, arg3, arg4, arg5, true, true);
11295 #endif
11296     case TARGET_NR_flock:
11297         /* NOTE: the flock constant seems to be the same for every
11298            Linux platform */
11299         return get_errno(safe_flock(arg1, arg2));
11300     case TARGET_NR_readv:
11301         {
11302             struct iovec *vec = lock_iovec(VERIFY_WRITE, arg2, arg3, 0);
11303             if (vec != NULL) {
11304                 ret = get_errno(safe_readv(arg1, vec, arg3));
11305                 unlock_iovec(vec, arg2, arg3, 1);
11306             } else {
11307                 ret = -host_to_target_errno(errno);
11308             }
11309         }
11310         return ret;
11311     case TARGET_NR_writev:
11312         {
11313             struct iovec *vec = lock_iovec(VERIFY_READ, arg2, arg3, 1);
11314             if (vec != NULL) {
11315                 ret = get_errno(safe_writev(arg1, vec, arg3));
11316                 unlock_iovec(vec, arg2, arg3, 0);
11317             } else {
11318                 ret = -host_to_target_errno(errno);
11319             }
11320         }
11321         return ret;
11322 #if defined(TARGET_NR_preadv)
11323     case TARGET_NR_preadv:
11324         {
11325             struct iovec *vec = lock_iovec(VERIFY_WRITE, arg2, arg3, 0);
11326             if (vec != NULL) {
11327                 unsigned long low, high;
11328 
11329                 target_to_host_low_high(arg4, arg5, &low, &high);
11330                 ret = get_errno(safe_preadv(arg1, vec, arg3, low, high));
11331                 unlock_iovec(vec, arg2, arg3, 1);
11332             } else {
11333                 ret = -host_to_target_errno(errno);
11334            }
11335         }
11336         return ret;
11337 #endif
11338 #if defined(TARGET_NR_pwritev)
11339     case TARGET_NR_pwritev:
11340         {
11341             struct iovec *vec = lock_iovec(VERIFY_READ, arg2, arg3, 1);
11342             if (vec != NULL) {
11343                 unsigned long low, high;
11344 
11345                 target_to_host_low_high(arg4, arg5, &low, &high);
11346                 ret = get_errno(safe_pwritev(arg1, vec, arg3, low, high));
11347                 unlock_iovec(vec, arg2, arg3, 0);
11348             } else {
11349                 ret = -host_to_target_errno(errno);
11350            }
11351         }
11352         return ret;
11353 #endif
11354     case TARGET_NR_getsid:
11355         return get_errno(getsid(arg1));
11356 #if defined(TARGET_NR_fdatasync) /* Not on alpha (osf_datasync ?) */
11357     case TARGET_NR_fdatasync:
11358         return get_errno(fdatasync(arg1));
11359 #endif
11360     case TARGET_NR_sched_getaffinity:
11361         {
11362             unsigned int mask_size;
11363             unsigned long *mask;
11364 
11365             /*
11366              * sched_getaffinity needs multiples of ulong, so need to take
11367              * care of mismatches between target ulong and host ulong sizes.
11368              */
11369             if (arg2 & (sizeof(abi_ulong) - 1)) {
11370                 return -TARGET_EINVAL;
11371             }
11372             mask_size = (arg2 + (sizeof(*mask) - 1)) & ~(sizeof(*mask) - 1);
11373 
11374             mask = alloca(mask_size);
11375             memset(mask, 0, mask_size);
11376             ret = get_errno(sys_sched_getaffinity(arg1, mask_size, mask));
11377 
11378             if (!is_error(ret)) {
11379                 if (ret > arg2) {
11380                     /* More data returned than the caller's buffer will fit.
11381                      * This only happens if sizeof(abi_long) < sizeof(long)
11382                      * and the caller passed us a buffer holding an odd number
11383                      * of abi_longs. If the host kernel is actually using the
11384                      * extra 4 bytes then fail EINVAL; otherwise we can just
11385                      * ignore them and only copy the interesting part.
11386                      */
11387                     int numcpus = sysconf(_SC_NPROCESSORS_CONF);
11388                     if (numcpus > arg2 * 8) {
11389                         return -TARGET_EINVAL;
11390                     }
11391                     ret = arg2;
11392                 }
11393 
11394                 if (host_to_target_cpu_mask(mask, mask_size, arg3, ret)) {
11395                     return -TARGET_EFAULT;
11396                 }
11397             }
11398         }
11399         return ret;
11400     case TARGET_NR_sched_setaffinity:
11401         {
11402             unsigned int mask_size;
11403             unsigned long *mask;
11404 
11405             /*
11406              * sched_setaffinity needs multiples of ulong, so need to take
11407              * care of mismatches between target ulong and host ulong sizes.
11408              */
11409             if (arg2 & (sizeof(abi_ulong) - 1)) {
11410                 return -TARGET_EINVAL;
11411             }
11412             mask_size = (arg2 + (sizeof(*mask) - 1)) & ~(sizeof(*mask) - 1);
11413             mask = alloca(mask_size);
11414 
11415             ret = target_to_host_cpu_mask(mask, mask_size, arg3, arg2);
11416             if (ret) {
11417                 return ret;
11418             }
11419 
11420             return get_errno(sys_sched_setaffinity(arg1, mask_size, mask));
11421         }
11422     case TARGET_NR_getcpu:
11423         {
11424             unsigned cpu, node;
11425             ret = get_errno(sys_getcpu(arg1 ? &cpu : NULL,
11426                                        arg2 ? &node : NULL,
11427                                        NULL));
11428             if (is_error(ret)) {
11429                 return ret;
11430             }
11431             if (arg1 && put_user_u32(cpu, arg1)) {
11432                 return -TARGET_EFAULT;
11433             }
11434             if (arg2 && put_user_u32(node, arg2)) {
11435                 return -TARGET_EFAULT;
11436             }
11437         }
11438         return ret;
11439     case TARGET_NR_sched_setparam:
11440         {
11441             struct target_sched_param *target_schp;
11442             struct sched_param schp;
11443 
11444             if (arg2 == 0) {
11445                 return -TARGET_EINVAL;
11446             }
11447             if (!lock_user_struct(VERIFY_READ, target_schp, arg2, 1)) {
11448                 return -TARGET_EFAULT;
11449             }
11450             schp.sched_priority = tswap32(target_schp->sched_priority);
11451             unlock_user_struct(target_schp, arg2, 0);
11452             return get_errno(sys_sched_setparam(arg1, &schp));
11453         }
11454     case TARGET_NR_sched_getparam:
11455         {
11456             struct target_sched_param *target_schp;
11457             struct sched_param schp;
11458 
11459             if (arg2 == 0) {
11460                 return -TARGET_EINVAL;
11461             }
11462             ret = get_errno(sys_sched_getparam(arg1, &schp));
11463             if (!is_error(ret)) {
11464                 if (!lock_user_struct(VERIFY_WRITE, target_schp, arg2, 0)) {
11465                     return -TARGET_EFAULT;
11466                 }
11467                 target_schp->sched_priority = tswap32(schp.sched_priority);
11468                 unlock_user_struct(target_schp, arg2, 1);
11469             }
11470         }
11471         return ret;
11472     case TARGET_NR_sched_setscheduler:
11473         {
11474             struct target_sched_param *target_schp;
11475             struct sched_param schp;
11476             if (arg3 == 0) {
11477                 return -TARGET_EINVAL;
11478             }
11479             if (!lock_user_struct(VERIFY_READ, target_schp, arg3, 1)) {
11480                 return -TARGET_EFAULT;
11481             }
11482             schp.sched_priority = tswap32(target_schp->sched_priority);
11483             unlock_user_struct(target_schp, arg3, 0);
11484             return get_errno(sys_sched_setscheduler(arg1, arg2, &schp));
11485         }
11486     case TARGET_NR_sched_getscheduler:
11487         return get_errno(sys_sched_getscheduler(arg1));
11488     case TARGET_NR_sched_getattr:
11489         {
11490             struct target_sched_attr *target_scha;
11491             struct sched_attr scha;
11492             if (arg2 == 0) {
11493                 return -TARGET_EINVAL;
11494             }
11495             if (arg3 > sizeof(scha)) {
11496                 arg3 = sizeof(scha);
11497             }
11498             ret = get_errno(sys_sched_getattr(arg1, &scha, arg3, arg4));
11499             if (!is_error(ret)) {
11500                 target_scha = lock_user(VERIFY_WRITE, arg2, arg3, 0);
11501                 if (!target_scha) {
11502                     return -TARGET_EFAULT;
11503                 }
11504                 target_scha->size = tswap32(scha.size);
11505                 target_scha->sched_policy = tswap32(scha.sched_policy);
11506                 target_scha->sched_flags = tswap64(scha.sched_flags);
11507                 target_scha->sched_nice = tswap32(scha.sched_nice);
11508                 target_scha->sched_priority = tswap32(scha.sched_priority);
11509                 target_scha->sched_runtime = tswap64(scha.sched_runtime);
11510                 target_scha->sched_deadline = tswap64(scha.sched_deadline);
11511                 target_scha->sched_period = tswap64(scha.sched_period);
11512                 if (scha.size > offsetof(struct sched_attr, sched_util_min)) {
11513                     target_scha->sched_util_min = tswap32(scha.sched_util_min);
11514                     target_scha->sched_util_max = tswap32(scha.sched_util_max);
11515                 }
11516                 unlock_user(target_scha, arg2, arg3);
11517             }
11518             return ret;
11519         }
11520     case TARGET_NR_sched_setattr:
11521         {
11522             struct target_sched_attr *target_scha;
11523             struct sched_attr scha;
11524             uint32_t size;
11525             int zeroed;
11526             if (arg2 == 0) {
11527                 return -TARGET_EINVAL;
11528             }
11529             if (get_user_u32(size, arg2)) {
11530                 return -TARGET_EFAULT;
11531             }
11532             if (!size) {
11533                 size = offsetof(struct target_sched_attr, sched_util_min);
11534             }
11535             if (size < offsetof(struct target_sched_attr, sched_util_min)) {
11536                 if (put_user_u32(sizeof(struct target_sched_attr), arg2)) {
11537                     return -TARGET_EFAULT;
11538                 }
11539                 return -TARGET_E2BIG;
11540             }
11541 
11542             zeroed = check_zeroed_user(arg2, sizeof(struct target_sched_attr), size);
11543             if (zeroed < 0) {
11544                 return zeroed;
11545             } else if (zeroed == 0) {
11546                 if (put_user_u32(sizeof(struct target_sched_attr), arg2)) {
11547                     return -TARGET_EFAULT;
11548                 }
11549                 return -TARGET_E2BIG;
11550             }
11551             if (size > sizeof(struct target_sched_attr)) {
11552                 size = sizeof(struct target_sched_attr);
11553             }
11554 
11555             target_scha = lock_user(VERIFY_READ, arg2, size, 1);
11556             if (!target_scha) {
11557                 return -TARGET_EFAULT;
11558             }
11559             scha.size = size;
11560             scha.sched_policy = tswap32(target_scha->sched_policy);
11561             scha.sched_flags = tswap64(target_scha->sched_flags);
11562             scha.sched_nice = tswap32(target_scha->sched_nice);
11563             scha.sched_priority = tswap32(target_scha->sched_priority);
11564             scha.sched_runtime = tswap64(target_scha->sched_runtime);
11565             scha.sched_deadline = tswap64(target_scha->sched_deadline);
11566             scha.sched_period = tswap64(target_scha->sched_period);
11567             if (size > offsetof(struct target_sched_attr, sched_util_min)) {
11568                 scha.sched_util_min = tswap32(target_scha->sched_util_min);
11569                 scha.sched_util_max = tswap32(target_scha->sched_util_max);
11570             }
11571             unlock_user(target_scha, arg2, 0);
11572             return get_errno(sys_sched_setattr(arg1, &scha, arg3));
11573         }
11574     case TARGET_NR_sched_yield:
11575         return get_errno(sched_yield());
11576     case TARGET_NR_sched_get_priority_max:
11577         return get_errno(sched_get_priority_max(arg1));
11578     case TARGET_NR_sched_get_priority_min:
11579         return get_errno(sched_get_priority_min(arg1));
11580 #ifdef TARGET_NR_sched_rr_get_interval
11581     case TARGET_NR_sched_rr_get_interval:
11582         {
11583             struct timespec ts;
11584             ret = get_errno(sched_rr_get_interval(arg1, &ts));
11585             if (!is_error(ret)) {
11586                 ret = host_to_target_timespec(arg2, &ts);
11587             }
11588         }
11589         return ret;
11590 #endif
11591 #ifdef TARGET_NR_sched_rr_get_interval_time64
11592     case TARGET_NR_sched_rr_get_interval_time64:
11593         {
11594             struct timespec ts;
11595             ret = get_errno(sched_rr_get_interval(arg1, &ts));
11596             if (!is_error(ret)) {
11597                 ret = host_to_target_timespec64(arg2, &ts);
11598             }
11599         }
11600         return ret;
11601 #endif
11602 #if defined(TARGET_NR_nanosleep)
11603     case TARGET_NR_nanosleep:
11604         {
11605             struct timespec req, rem;
11606             target_to_host_timespec(&req, arg1);
11607             ret = get_errno(safe_nanosleep(&req, &rem));
11608             if (is_error(ret) && arg2) {
11609                 host_to_target_timespec(arg2, &rem);
11610             }
11611         }
11612         return ret;
11613 #endif
11614     case TARGET_NR_prctl:
11615         return do_prctl(cpu_env, arg1, arg2, arg3, arg4, arg5);
11616         break;
11617 #ifdef TARGET_NR_arch_prctl
11618     case TARGET_NR_arch_prctl:
11619         return do_arch_prctl(cpu_env, arg1, arg2);
11620 #endif
11621 #ifdef TARGET_NR_pread64
11622     case TARGET_NR_pread64:
11623         if (regpairs_aligned(cpu_env, num)) {
11624             arg4 = arg5;
11625             arg5 = arg6;
11626         }
11627         if (arg2 == 0 && arg3 == 0) {
11628             /* Special-case NULL buffer and zero length, which should succeed */
11629             p = 0;
11630         } else {
11631             p = lock_user(VERIFY_WRITE, arg2, arg3, 0);
11632             if (!p) {
11633                 return -TARGET_EFAULT;
11634             }
11635         }
11636         ret = get_errno(pread64(arg1, p, arg3, target_offset64(arg4, arg5)));
11637         unlock_user(p, arg2, ret);
11638         return ret;
11639     case TARGET_NR_pwrite64:
11640         if (regpairs_aligned(cpu_env, num)) {
11641             arg4 = arg5;
11642             arg5 = arg6;
11643         }
11644         if (arg2 == 0 && arg3 == 0) {
11645             /* Special-case NULL buffer and zero length, which should succeed */
11646             p = 0;
11647         } else {
11648             p = lock_user(VERIFY_READ, arg2, arg3, 1);
11649             if (!p) {
11650                 return -TARGET_EFAULT;
11651             }
11652         }
11653         ret = get_errno(pwrite64(arg1, p, arg3, target_offset64(arg4, arg5)));
11654         unlock_user(p, arg2, 0);
11655         return ret;
11656 #endif
11657     case TARGET_NR_getcwd:
11658         if (!(p = lock_user(VERIFY_WRITE, arg1, arg2, 0)))
11659             return -TARGET_EFAULT;
11660         ret = get_errno(sys_getcwd1(p, arg2));
11661         unlock_user(p, arg1, ret);
11662         return ret;
11663     case TARGET_NR_capget:
11664     case TARGET_NR_capset:
11665     {
11666         struct target_user_cap_header *target_header;
11667         struct target_user_cap_data *target_data = NULL;
11668         struct __user_cap_header_struct header;
11669         struct __user_cap_data_struct data[2];
11670         struct __user_cap_data_struct *dataptr = NULL;
11671         int i, target_datalen;
11672         int data_items = 1;
11673 
11674         if (!lock_user_struct(VERIFY_WRITE, target_header, arg1, 1)) {
11675             return -TARGET_EFAULT;
11676         }
11677         header.version = tswap32(target_header->version);
11678         header.pid = tswap32(target_header->pid);
11679 
11680         if (header.version != _LINUX_CAPABILITY_VERSION) {
11681             /* Version 2 and up takes pointer to two user_data structs */
11682             data_items = 2;
11683         }
11684 
11685         target_datalen = sizeof(*target_data) * data_items;
11686 
11687         if (arg2) {
11688             if (num == TARGET_NR_capget) {
11689                 target_data = lock_user(VERIFY_WRITE, arg2, target_datalen, 0);
11690             } else {
11691                 target_data = lock_user(VERIFY_READ, arg2, target_datalen, 1);
11692             }
11693             if (!target_data) {
11694                 unlock_user_struct(target_header, arg1, 0);
11695                 return -TARGET_EFAULT;
11696             }
11697 
11698             if (num == TARGET_NR_capset) {
11699                 for (i = 0; i < data_items; i++) {
11700                     data[i].effective = tswap32(target_data[i].effective);
11701                     data[i].permitted = tswap32(target_data[i].permitted);
11702                     data[i].inheritable = tswap32(target_data[i].inheritable);
11703                 }
11704             }
11705 
11706             dataptr = data;
11707         }
11708 
11709         if (num == TARGET_NR_capget) {
11710             ret = get_errno(capget(&header, dataptr));
11711         } else {
11712             ret = get_errno(capset(&header, dataptr));
11713         }
11714 
11715         /* The kernel always updates version for both capget and capset */
11716         target_header->version = tswap32(header.version);
11717         unlock_user_struct(target_header, arg1, 1);
11718 
11719         if (arg2) {
11720             if (num == TARGET_NR_capget) {
11721                 for (i = 0; i < data_items; i++) {
11722                     target_data[i].effective = tswap32(data[i].effective);
11723                     target_data[i].permitted = tswap32(data[i].permitted);
11724                     target_data[i].inheritable = tswap32(data[i].inheritable);
11725                 }
11726                 unlock_user(target_data, arg2, target_datalen);
11727             } else {
11728                 unlock_user(target_data, arg2, 0);
11729             }
11730         }
11731         return ret;
11732     }
11733     case TARGET_NR_sigaltstack:
11734         return do_sigaltstack(arg1, arg2, cpu_env);
11735 
11736 #ifdef CONFIG_SENDFILE
11737 #ifdef TARGET_NR_sendfile
11738     case TARGET_NR_sendfile:
11739     {
11740         off_t *offp = NULL;
11741         off_t off;
11742         if (arg3) {
11743             ret = get_user_sal(off, arg3);
11744             if (is_error(ret)) {
11745                 return ret;
11746             }
11747             offp = &off;
11748         }
11749         ret = get_errno(sendfile(arg1, arg2, offp, arg4));
11750         if (!is_error(ret) && arg3) {
11751             abi_long ret2 = put_user_sal(off, arg3);
11752             if (is_error(ret2)) {
11753                 ret = ret2;
11754             }
11755         }
11756         return ret;
11757     }
11758 #endif
11759 #ifdef TARGET_NR_sendfile64
11760     case TARGET_NR_sendfile64:
11761     {
11762         off_t *offp = NULL;
11763         off_t off;
11764         if (arg3) {
11765             ret = get_user_s64(off, arg3);
11766             if (is_error(ret)) {
11767                 return ret;
11768             }
11769             offp = &off;
11770         }
11771         ret = get_errno(sendfile(arg1, arg2, offp, arg4));
11772         if (!is_error(ret) && arg3) {
11773             abi_long ret2 = put_user_s64(off, arg3);
11774             if (is_error(ret2)) {
11775                 ret = ret2;
11776             }
11777         }
11778         return ret;
11779     }
11780 #endif
11781 #endif
11782 #ifdef TARGET_NR_vfork
11783     case TARGET_NR_vfork:
11784         return get_errno(do_fork(cpu_env,
11785                          CLONE_VFORK | CLONE_VM | TARGET_SIGCHLD,
11786                          0, 0, 0, 0));
11787 #endif
11788 #ifdef TARGET_NR_ugetrlimit
11789     case TARGET_NR_ugetrlimit:
11790     {
11791 	struct rlimit rlim;
11792 	int resource = target_to_host_resource(arg1);
11793 	ret = get_errno(getrlimit(resource, &rlim));
11794 	if (!is_error(ret)) {
11795 	    struct target_rlimit *target_rlim;
11796             if (!lock_user_struct(VERIFY_WRITE, target_rlim, arg2, 0))
11797                 return -TARGET_EFAULT;
11798 	    target_rlim->rlim_cur = host_to_target_rlim(rlim.rlim_cur);
11799 	    target_rlim->rlim_max = host_to_target_rlim(rlim.rlim_max);
11800             unlock_user_struct(target_rlim, arg2, 1);
11801 	}
11802         return ret;
11803     }
11804 #endif
11805 #ifdef TARGET_NR_truncate64
11806     case TARGET_NR_truncate64:
11807         if (!(p = lock_user_string(arg1)))
11808             return -TARGET_EFAULT;
11809 	ret = target_truncate64(cpu_env, p, arg2, arg3, arg4);
11810         unlock_user(p, arg1, 0);
11811         return ret;
11812 #endif
11813 #ifdef TARGET_NR_ftruncate64
11814     case TARGET_NR_ftruncate64:
11815         return target_ftruncate64(cpu_env, arg1, arg2, arg3, arg4);
11816 #endif
11817 #ifdef TARGET_NR_stat64
11818     case TARGET_NR_stat64:
11819         if (!(p = lock_user_string(arg1))) {
11820             return -TARGET_EFAULT;
11821         }
11822         ret = get_errno(stat(path(p), &st));
11823         unlock_user(p, arg1, 0);
11824         if (!is_error(ret))
11825             ret = host_to_target_stat64(cpu_env, arg2, &st);
11826         return ret;
11827 #endif
11828 #ifdef TARGET_NR_lstat64
11829     case TARGET_NR_lstat64:
11830         if (!(p = lock_user_string(arg1))) {
11831             return -TARGET_EFAULT;
11832         }
11833         ret = get_errno(lstat(path(p), &st));
11834         unlock_user(p, arg1, 0);
11835         if (!is_error(ret))
11836             ret = host_to_target_stat64(cpu_env, arg2, &st);
11837         return ret;
11838 #endif
11839 #ifdef TARGET_NR_fstat64
11840     case TARGET_NR_fstat64:
11841         ret = get_errno(fstat(arg1, &st));
11842         if (!is_error(ret))
11843             ret = host_to_target_stat64(cpu_env, arg2, &st);
11844         return ret;
11845 #endif
11846 #if (defined(TARGET_NR_fstatat64) || defined(TARGET_NR_newfstatat))
11847 #ifdef TARGET_NR_fstatat64
11848     case TARGET_NR_fstatat64:
11849 #endif
11850 #ifdef TARGET_NR_newfstatat
11851     case TARGET_NR_newfstatat:
11852 #endif
11853         if (!(p = lock_user_string(arg2))) {
11854             return -TARGET_EFAULT;
11855         }
11856         ret = get_errno(fstatat(arg1, path(p), &st, arg4));
11857         unlock_user(p, arg2, 0);
11858         if (!is_error(ret))
11859             ret = host_to_target_stat64(cpu_env, arg3, &st);
11860         return ret;
11861 #endif
11862 #if defined(TARGET_NR_statx)
11863     case TARGET_NR_statx:
11864         {
11865             struct target_statx *target_stx;
11866             int dirfd = arg1;
11867             int flags = arg3;
11868 
11869             p = lock_user_string(arg2);
11870             if (p == NULL) {
11871                 return -TARGET_EFAULT;
11872             }
11873 #if defined(__NR_statx)
11874             {
11875                 /*
11876                  * It is assumed that struct statx is architecture independent.
11877                  */
11878                 struct target_statx host_stx;
11879                 int mask = arg4;
11880 
11881                 ret = get_errno(sys_statx(dirfd, p, flags, mask, &host_stx));
11882                 if (!is_error(ret)) {
11883                     if (host_to_target_statx(&host_stx, arg5) != 0) {
11884                         unlock_user(p, arg2, 0);
11885                         return -TARGET_EFAULT;
11886                     }
11887                 }
11888 
11889                 if (ret != -TARGET_ENOSYS) {
11890                     unlock_user(p, arg2, 0);
11891                     return ret;
11892                 }
11893             }
11894 #endif
11895             ret = get_errno(fstatat(dirfd, path(p), &st, flags));
11896             unlock_user(p, arg2, 0);
11897 
11898             if (!is_error(ret)) {
11899                 if (!lock_user_struct(VERIFY_WRITE, target_stx, arg5, 0)) {
11900                     return -TARGET_EFAULT;
11901                 }
11902                 memset(target_stx, 0, sizeof(*target_stx));
11903                 __put_user(major(st.st_dev), &target_stx->stx_dev_major);
11904                 __put_user(minor(st.st_dev), &target_stx->stx_dev_minor);
11905                 __put_user(st.st_ino, &target_stx->stx_ino);
11906                 __put_user(st.st_mode, &target_stx->stx_mode);
11907                 __put_user(st.st_uid, &target_stx->stx_uid);
11908                 __put_user(st.st_gid, &target_stx->stx_gid);
11909                 __put_user(st.st_nlink, &target_stx->stx_nlink);
11910                 __put_user(major(st.st_rdev), &target_stx->stx_rdev_major);
11911                 __put_user(minor(st.st_rdev), &target_stx->stx_rdev_minor);
11912                 __put_user(st.st_size, &target_stx->stx_size);
11913                 __put_user(st.st_blksize, &target_stx->stx_blksize);
11914                 __put_user(st.st_blocks, &target_stx->stx_blocks);
11915                 __put_user(st.st_atime, &target_stx->stx_atime.tv_sec);
11916                 __put_user(st.st_mtime, &target_stx->stx_mtime.tv_sec);
11917                 __put_user(st.st_ctime, &target_stx->stx_ctime.tv_sec);
11918                 unlock_user_struct(target_stx, arg5, 1);
11919             }
11920         }
11921         return ret;
11922 #endif
11923 #ifdef TARGET_NR_lchown
11924     case TARGET_NR_lchown:
11925         if (!(p = lock_user_string(arg1)))
11926             return -TARGET_EFAULT;
11927         ret = get_errno(lchown(p, low2highuid(arg2), low2highgid(arg3)));
11928         unlock_user(p, arg1, 0);
11929         return ret;
11930 #endif
11931 #ifdef TARGET_NR_getuid
11932     case TARGET_NR_getuid:
11933         return get_errno(high2lowuid(getuid()));
11934 #endif
11935 #ifdef TARGET_NR_getgid
11936     case TARGET_NR_getgid:
11937         return get_errno(high2lowgid(getgid()));
11938 #endif
11939 #ifdef TARGET_NR_geteuid
11940     case TARGET_NR_geteuid:
11941         return get_errno(high2lowuid(geteuid()));
11942 #endif
11943 #ifdef TARGET_NR_getegid
11944     case TARGET_NR_getegid:
11945         return get_errno(high2lowgid(getegid()));
11946 #endif
11947     case TARGET_NR_setreuid:
11948         return get_errno(setreuid(low2highuid(arg1), low2highuid(arg2)));
11949     case TARGET_NR_setregid:
11950         return get_errno(setregid(low2highgid(arg1), low2highgid(arg2)));
11951     case TARGET_NR_getgroups:
11952         { /* the same code as for TARGET_NR_getgroups32 */
11953             int gidsetsize = arg1;
11954             target_id *target_grouplist;
11955             g_autofree gid_t *grouplist = NULL;
11956             int i;
11957 
11958             if (gidsetsize > NGROUPS_MAX || gidsetsize < 0) {
11959                 return -TARGET_EINVAL;
11960             }
11961             if (gidsetsize > 0) {
11962                 grouplist = g_try_new(gid_t, gidsetsize);
11963                 if (!grouplist) {
11964                     return -TARGET_ENOMEM;
11965                 }
11966             }
11967             ret = get_errno(getgroups(gidsetsize, grouplist));
11968             if (!is_error(ret) && gidsetsize > 0) {
11969                 target_grouplist = lock_user(VERIFY_WRITE, arg2,
11970                                              gidsetsize * sizeof(target_id), 0);
11971                 if (!target_grouplist) {
11972                     return -TARGET_EFAULT;
11973                 }
11974                 for (i = 0; i < ret; i++) {
11975                     target_grouplist[i] = tswapid(high2lowgid(grouplist[i]));
11976                 }
11977                 unlock_user(target_grouplist, arg2,
11978                             gidsetsize * sizeof(target_id));
11979             }
11980             return ret;
11981         }
11982     case TARGET_NR_setgroups:
11983         { /* the same code as for TARGET_NR_setgroups32 */
11984             int gidsetsize = arg1;
11985             target_id *target_grouplist;
11986             g_autofree gid_t *grouplist = NULL;
11987             int i;
11988 
11989             if (gidsetsize > NGROUPS_MAX || gidsetsize < 0) {
11990                 return -TARGET_EINVAL;
11991             }
11992             if (gidsetsize > 0) {
11993                 grouplist = g_try_new(gid_t, gidsetsize);
11994                 if (!grouplist) {
11995                     return -TARGET_ENOMEM;
11996                 }
11997                 target_grouplist = lock_user(VERIFY_READ, arg2,
11998                                              gidsetsize * sizeof(target_id), 1);
11999                 if (!target_grouplist) {
12000                     return -TARGET_EFAULT;
12001                 }
12002                 for (i = 0; i < gidsetsize; i++) {
12003                     grouplist[i] = low2highgid(tswapid(target_grouplist[i]));
12004                 }
12005                 unlock_user(target_grouplist, arg2,
12006                             gidsetsize * sizeof(target_id));
12007             }
12008             return get_errno(setgroups(gidsetsize, grouplist));
12009         }
12010     case TARGET_NR_fchown:
12011         return get_errno(fchown(arg1, low2highuid(arg2), low2highgid(arg3)));
12012 #if defined(TARGET_NR_fchownat)
12013     case TARGET_NR_fchownat:
12014         if (!(p = lock_user_string(arg2)))
12015             return -TARGET_EFAULT;
12016         ret = get_errno(fchownat(arg1, p, low2highuid(arg3),
12017                                  low2highgid(arg4), arg5));
12018         unlock_user(p, arg2, 0);
12019         return ret;
12020 #endif
12021 #ifdef TARGET_NR_setresuid
12022     case TARGET_NR_setresuid:
12023         return get_errno(sys_setresuid(low2highuid(arg1),
12024                                        low2highuid(arg2),
12025                                        low2highuid(arg3)));
12026 #endif
12027 #ifdef TARGET_NR_getresuid
12028     case TARGET_NR_getresuid:
12029         {
12030             uid_t ruid, euid, suid;
12031             ret = get_errno(getresuid(&ruid, &euid, &suid));
12032             if (!is_error(ret)) {
12033                 if (put_user_id(high2lowuid(ruid), arg1)
12034                     || put_user_id(high2lowuid(euid), arg2)
12035                     || put_user_id(high2lowuid(suid), arg3))
12036                     return -TARGET_EFAULT;
12037             }
12038         }
12039         return ret;
12040 #endif
12041 #ifdef TARGET_NR_getresgid
12042     case TARGET_NR_setresgid:
12043         return get_errno(sys_setresgid(low2highgid(arg1),
12044                                        low2highgid(arg2),
12045                                        low2highgid(arg3)));
12046 #endif
12047 #ifdef TARGET_NR_getresgid
12048     case TARGET_NR_getresgid:
12049         {
12050             gid_t rgid, egid, sgid;
12051             ret = get_errno(getresgid(&rgid, &egid, &sgid));
12052             if (!is_error(ret)) {
12053                 if (put_user_id(high2lowgid(rgid), arg1)
12054                     || put_user_id(high2lowgid(egid), arg2)
12055                     || put_user_id(high2lowgid(sgid), arg3))
12056                     return -TARGET_EFAULT;
12057             }
12058         }
12059         return ret;
12060 #endif
12061 #ifdef TARGET_NR_chown
12062     case TARGET_NR_chown:
12063         if (!(p = lock_user_string(arg1)))
12064             return -TARGET_EFAULT;
12065         ret = get_errno(chown(p, low2highuid(arg2), low2highgid(arg3)));
12066         unlock_user(p, arg1, 0);
12067         return ret;
12068 #endif
12069     case TARGET_NR_setuid:
12070         return get_errno(sys_setuid(low2highuid(arg1)));
12071     case TARGET_NR_setgid:
12072         return get_errno(sys_setgid(low2highgid(arg1)));
12073     case TARGET_NR_setfsuid:
12074         return get_errno(setfsuid(arg1));
12075     case TARGET_NR_setfsgid:
12076         return get_errno(setfsgid(arg1));
12077 
12078 #ifdef TARGET_NR_lchown32
12079     case TARGET_NR_lchown32:
12080         if (!(p = lock_user_string(arg1)))
12081             return -TARGET_EFAULT;
12082         ret = get_errno(lchown(p, arg2, arg3));
12083         unlock_user(p, arg1, 0);
12084         return ret;
12085 #endif
12086 #ifdef TARGET_NR_getuid32
12087     case TARGET_NR_getuid32:
12088         return get_errno(getuid());
12089 #endif
12090 
12091 #if defined(TARGET_NR_getxuid) && defined(TARGET_ALPHA)
12092    /* Alpha specific */
12093     case TARGET_NR_getxuid:
12094          {
12095             uid_t euid;
12096             euid=geteuid();
12097             cpu_env->ir[IR_A4]=euid;
12098          }
12099         return get_errno(getuid());
12100 #endif
12101 #if defined(TARGET_NR_getxgid) && defined(TARGET_ALPHA)
12102    /* Alpha specific */
12103     case TARGET_NR_getxgid:
12104          {
12105             uid_t egid;
12106             egid=getegid();
12107             cpu_env->ir[IR_A4]=egid;
12108          }
12109         return get_errno(getgid());
12110 #endif
12111 #if defined(TARGET_NR_osf_getsysinfo) && defined(TARGET_ALPHA)
12112     /* Alpha specific */
12113     case TARGET_NR_osf_getsysinfo:
12114         ret = -TARGET_EOPNOTSUPP;
12115         switch (arg1) {
12116           case TARGET_GSI_IEEE_FP_CONTROL:
12117             {
12118                 uint64_t fpcr = cpu_alpha_load_fpcr(cpu_env);
12119                 uint64_t swcr = cpu_env->swcr;
12120 
12121                 swcr &= ~SWCR_STATUS_MASK;
12122                 swcr |= (fpcr >> 35) & SWCR_STATUS_MASK;
12123 
12124                 if (put_user_u64 (swcr, arg2))
12125                         return -TARGET_EFAULT;
12126                 ret = 0;
12127             }
12128             break;
12129 
12130           /* case GSI_IEEE_STATE_AT_SIGNAL:
12131              -- Not implemented in linux kernel.
12132              case GSI_UACPROC:
12133              -- Retrieves current unaligned access state; not much used.
12134              case GSI_PROC_TYPE:
12135              -- Retrieves implver information; surely not used.
12136              case GSI_GET_HWRPB:
12137              -- Grabs a copy of the HWRPB; surely not used.
12138           */
12139         }
12140         return ret;
12141 #endif
12142 #if defined(TARGET_NR_osf_setsysinfo) && defined(TARGET_ALPHA)
12143     /* Alpha specific */
12144     case TARGET_NR_osf_setsysinfo:
12145         ret = -TARGET_EOPNOTSUPP;
12146         switch (arg1) {
12147           case TARGET_SSI_IEEE_FP_CONTROL:
12148             {
12149                 uint64_t swcr, fpcr;
12150 
12151                 if (get_user_u64 (swcr, arg2)) {
12152                     return -TARGET_EFAULT;
12153                 }
12154 
12155                 /*
12156                  * The kernel calls swcr_update_status to update the
12157                  * status bits from the fpcr at every point that it
12158                  * could be queried.  Therefore, we store the status
12159                  * bits only in FPCR.
12160                  */
12161                 cpu_env->swcr = swcr & (SWCR_TRAP_ENABLE_MASK | SWCR_MAP_MASK);
12162 
12163                 fpcr = cpu_alpha_load_fpcr(cpu_env);
12164                 fpcr &= ((uint64_t)FPCR_DYN_MASK << 32);
12165                 fpcr |= alpha_ieee_swcr_to_fpcr(swcr);
12166                 cpu_alpha_store_fpcr(cpu_env, fpcr);
12167                 ret = 0;
12168             }
12169             break;
12170 
12171           case TARGET_SSI_IEEE_RAISE_EXCEPTION:
12172             {
12173                 uint64_t exc, fpcr, fex;
12174 
12175                 if (get_user_u64(exc, arg2)) {
12176                     return -TARGET_EFAULT;
12177                 }
12178                 exc &= SWCR_STATUS_MASK;
12179                 fpcr = cpu_alpha_load_fpcr(cpu_env);
12180 
12181                 /* Old exceptions are not signaled.  */
12182                 fex = alpha_ieee_fpcr_to_swcr(fpcr);
12183                 fex = exc & ~fex;
12184                 fex >>= SWCR_STATUS_TO_EXCSUM_SHIFT;
12185                 fex &= (cpu_env)->swcr;
12186 
12187                 /* Update the hardware fpcr.  */
12188                 fpcr |= alpha_ieee_swcr_to_fpcr(exc);
12189                 cpu_alpha_store_fpcr(cpu_env, fpcr);
12190 
12191                 if (fex) {
12192                     int si_code = TARGET_FPE_FLTUNK;
12193                     target_siginfo_t info;
12194 
12195                     if (fex & SWCR_TRAP_ENABLE_DNO) {
12196                         si_code = TARGET_FPE_FLTUND;
12197                     }
12198                     if (fex & SWCR_TRAP_ENABLE_INE) {
12199                         si_code = TARGET_FPE_FLTRES;
12200                     }
12201                     if (fex & SWCR_TRAP_ENABLE_UNF) {
12202                         si_code = TARGET_FPE_FLTUND;
12203                     }
12204                     if (fex & SWCR_TRAP_ENABLE_OVF) {
12205                         si_code = TARGET_FPE_FLTOVF;
12206                     }
12207                     if (fex & SWCR_TRAP_ENABLE_DZE) {
12208                         si_code = TARGET_FPE_FLTDIV;
12209                     }
12210                     if (fex & SWCR_TRAP_ENABLE_INV) {
12211                         si_code = TARGET_FPE_FLTINV;
12212                     }
12213 
12214                     info.si_signo = SIGFPE;
12215                     info.si_errno = 0;
12216                     info.si_code = si_code;
12217                     info._sifields._sigfault._addr = (cpu_env)->pc;
12218                     queue_signal(cpu_env, info.si_signo,
12219                                  QEMU_SI_FAULT, &info);
12220                 }
12221                 ret = 0;
12222             }
12223             break;
12224 
12225           /* case SSI_NVPAIRS:
12226              -- Used with SSIN_UACPROC to enable unaligned accesses.
12227              case SSI_IEEE_STATE_AT_SIGNAL:
12228              case SSI_IEEE_IGNORE_STATE_AT_SIGNAL:
12229              -- Not implemented in linux kernel
12230           */
12231         }
12232         return ret;
12233 #endif
12234 #ifdef TARGET_NR_osf_sigprocmask
12235     /* Alpha specific.  */
12236     case TARGET_NR_osf_sigprocmask:
12237         {
12238             abi_ulong mask;
12239             int how;
12240             sigset_t set, oldset;
12241 
12242             switch(arg1) {
12243             case TARGET_SIG_BLOCK:
12244                 how = SIG_BLOCK;
12245                 break;
12246             case TARGET_SIG_UNBLOCK:
12247                 how = SIG_UNBLOCK;
12248                 break;
12249             case TARGET_SIG_SETMASK:
12250                 how = SIG_SETMASK;
12251                 break;
12252             default:
12253                 return -TARGET_EINVAL;
12254             }
12255             mask = arg2;
12256             target_to_host_old_sigset(&set, &mask);
12257             ret = do_sigprocmask(how, &set, &oldset);
12258             if (!ret) {
12259                 host_to_target_old_sigset(&mask, &oldset);
12260                 ret = mask;
12261             }
12262         }
12263         return ret;
12264 #endif
12265 
12266 #ifdef TARGET_NR_getgid32
12267     case TARGET_NR_getgid32:
12268         return get_errno(getgid());
12269 #endif
12270 #ifdef TARGET_NR_geteuid32
12271     case TARGET_NR_geteuid32:
12272         return get_errno(geteuid());
12273 #endif
12274 #ifdef TARGET_NR_getegid32
12275     case TARGET_NR_getegid32:
12276         return get_errno(getegid());
12277 #endif
12278 #ifdef TARGET_NR_setreuid32
12279     case TARGET_NR_setreuid32:
12280         return get_errno(setreuid(arg1, arg2));
12281 #endif
12282 #ifdef TARGET_NR_setregid32
12283     case TARGET_NR_setregid32:
12284         return get_errno(setregid(arg1, arg2));
12285 #endif
12286 #ifdef TARGET_NR_getgroups32
12287     case TARGET_NR_getgroups32:
12288         { /* the same code as for TARGET_NR_getgroups */
12289             int gidsetsize = arg1;
12290             uint32_t *target_grouplist;
12291             g_autofree gid_t *grouplist = NULL;
12292             int i;
12293 
12294             if (gidsetsize > NGROUPS_MAX || gidsetsize < 0) {
12295                 return -TARGET_EINVAL;
12296             }
12297             if (gidsetsize > 0) {
12298                 grouplist = g_try_new(gid_t, gidsetsize);
12299                 if (!grouplist) {
12300                     return -TARGET_ENOMEM;
12301                 }
12302             }
12303             ret = get_errno(getgroups(gidsetsize, grouplist));
12304             if (!is_error(ret) && gidsetsize > 0) {
12305                 target_grouplist = lock_user(VERIFY_WRITE, arg2,
12306                                              gidsetsize * 4, 0);
12307                 if (!target_grouplist) {
12308                     return -TARGET_EFAULT;
12309                 }
12310                 for (i = 0; i < ret; i++) {
12311                     target_grouplist[i] = tswap32(grouplist[i]);
12312                 }
12313                 unlock_user(target_grouplist, arg2, gidsetsize * 4);
12314             }
12315             return ret;
12316         }
12317 #endif
12318 #ifdef TARGET_NR_setgroups32
12319     case TARGET_NR_setgroups32:
12320         { /* the same code as for TARGET_NR_setgroups */
12321             int gidsetsize = arg1;
12322             uint32_t *target_grouplist;
12323             g_autofree gid_t *grouplist = NULL;
12324             int i;
12325 
12326             if (gidsetsize > NGROUPS_MAX || gidsetsize < 0) {
12327                 return -TARGET_EINVAL;
12328             }
12329             if (gidsetsize > 0) {
12330                 grouplist = g_try_new(gid_t, gidsetsize);
12331                 if (!grouplist) {
12332                     return -TARGET_ENOMEM;
12333                 }
12334                 target_grouplist = lock_user(VERIFY_READ, arg2,
12335                                              gidsetsize * 4, 1);
12336                 if (!target_grouplist) {
12337                     return -TARGET_EFAULT;
12338                 }
12339                 for (i = 0; i < gidsetsize; i++) {
12340                     grouplist[i] = tswap32(target_grouplist[i]);
12341                 }
12342                 unlock_user(target_grouplist, arg2, 0);
12343             }
12344             return get_errno(setgroups(gidsetsize, grouplist));
12345         }
12346 #endif
12347 #ifdef TARGET_NR_fchown32
12348     case TARGET_NR_fchown32:
12349         return get_errno(fchown(arg1, arg2, arg3));
12350 #endif
12351 #ifdef TARGET_NR_setresuid32
12352     case TARGET_NR_setresuid32:
12353         return get_errno(sys_setresuid(arg1, arg2, arg3));
12354 #endif
12355 #ifdef TARGET_NR_getresuid32
12356     case TARGET_NR_getresuid32:
12357         {
12358             uid_t ruid, euid, suid;
12359             ret = get_errno(getresuid(&ruid, &euid, &suid));
12360             if (!is_error(ret)) {
12361                 if (put_user_u32(ruid, arg1)
12362                     || put_user_u32(euid, arg2)
12363                     || put_user_u32(suid, arg3))
12364                     return -TARGET_EFAULT;
12365             }
12366         }
12367         return ret;
12368 #endif
12369 #ifdef TARGET_NR_setresgid32
12370     case TARGET_NR_setresgid32:
12371         return get_errno(sys_setresgid(arg1, arg2, arg3));
12372 #endif
12373 #ifdef TARGET_NR_getresgid32
12374     case TARGET_NR_getresgid32:
12375         {
12376             gid_t rgid, egid, sgid;
12377             ret = get_errno(getresgid(&rgid, &egid, &sgid));
12378             if (!is_error(ret)) {
12379                 if (put_user_u32(rgid, arg1)
12380                     || put_user_u32(egid, arg2)
12381                     || put_user_u32(sgid, arg3))
12382                     return -TARGET_EFAULT;
12383             }
12384         }
12385         return ret;
12386 #endif
12387 #ifdef TARGET_NR_chown32
12388     case TARGET_NR_chown32:
12389         if (!(p = lock_user_string(arg1)))
12390             return -TARGET_EFAULT;
12391         ret = get_errno(chown(p, arg2, arg3));
12392         unlock_user(p, arg1, 0);
12393         return ret;
12394 #endif
12395 #ifdef TARGET_NR_setuid32
12396     case TARGET_NR_setuid32:
12397         return get_errno(sys_setuid(arg1));
12398 #endif
12399 #ifdef TARGET_NR_setgid32
12400     case TARGET_NR_setgid32:
12401         return get_errno(sys_setgid(arg1));
12402 #endif
12403 #ifdef TARGET_NR_setfsuid32
12404     case TARGET_NR_setfsuid32:
12405         return get_errno(setfsuid(arg1));
12406 #endif
12407 #ifdef TARGET_NR_setfsgid32
12408     case TARGET_NR_setfsgid32:
12409         return get_errno(setfsgid(arg1));
12410 #endif
12411 #ifdef TARGET_NR_mincore
12412     case TARGET_NR_mincore:
12413         {
12414             void *a = lock_user(VERIFY_NONE, arg1, arg2, 0);
12415             if (!a) {
12416                 return -TARGET_ENOMEM;
12417             }
12418             p = lock_user_string(arg3);
12419             if (!p) {
12420                 ret = -TARGET_EFAULT;
12421             } else {
12422                 ret = get_errno(mincore(a, arg2, p));
12423                 unlock_user(p, arg3, ret);
12424             }
12425             unlock_user(a, arg1, 0);
12426         }
12427         return ret;
12428 #endif
12429 #ifdef TARGET_NR_arm_fadvise64_64
12430     case TARGET_NR_arm_fadvise64_64:
12431         /* arm_fadvise64_64 looks like fadvise64_64 but
12432          * with different argument order: fd, advice, offset, len
12433          * rather than the usual fd, offset, len, advice.
12434          * Note that offset and len are both 64-bit so appear as
12435          * pairs of 32-bit registers.
12436          */
12437         ret = posix_fadvise(arg1, target_offset64(arg3, arg4),
12438                             target_offset64(arg5, arg6), arg2);
12439         return -host_to_target_errno(ret);
12440 #endif
12441 
12442 #if TARGET_ABI_BITS == 32 && !defined(TARGET_ABI_MIPSN32)
12443 
12444 #ifdef TARGET_NR_fadvise64_64
12445     case TARGET_NR_fadvise64_64:
12446 #if defined(TARGET_PPC) || defined(TARGET_XTENSA)
12447         /* 6 args: fd, advice, offset (high, low), len (high, low) */
12448         ret = arg2;
12449         arg2 = arg3;
12450         arg3 = arg4;
12451         arg4 = arg5;
12452         arg5 = arg6;
12453         arg6 = ret;
12454 #else
12455         /* 6 args: fd, offset (high, low), len (high, low), advice */
12456         if (regpairs_aligned(cpu_env, num)) {
12457             /* offset is in (3,4), len in (5,6) and advice in 7 */
12458             arg2 = arg3;
12459             arg3 = arg4;
12460             arg4 = arg5;
12461             arg5 = arg6;
12462             arg6 = arg7;
12463         }
12464 #endif
12465         ret = posix_fadvise(arg1, target_offset64(arg2, arg3),
12466                             target_offset64(arg4, arg5), arg6);
12467         return -host_to_target_errno(ret);
12468 #endif
12469 
12470 #ifdef TARGET_NR_fadvise64
12471     case TARGET_NR_fadvise64:
12472         /* 5 args: fd, offset (high, low), len, advice */
12473         if (regpairs_aligned(cpu_env, num)) {
12474             /* offset is in (3,4), len in 5 and advice in 6 */
12475             arg2 = arg3;
12476             arg3 = arg4;
12477             arg4 = arg5;
12478             arg5 = arg6;
12479         }
12480         ret = posix_fadvise(arg1, target_offset64(arg2, arg3), arg4, arg5);
12481         return -host_to_target_errno(ret);
12482 #endif
12483 
12484 #else /* not a 32-bit ABI */
12485 #if defined(TARGET_NR_fadvise64_64) || defined(TARGET_NR_fadvise64)
12486 #ifdef TARGET_NR_fadvise64_64
12487     case TARGET_NR_fadvise64_64:
12488 #endif
12489 #ifdef TARGET_NR_fadvise64
12490     case TARGET_NR_fadvise64:
12491 #endif
12492 #ifdef TARGET_S390X
12493         switch (arg4) {
12494         case 4: arg4 = POSIX_FADV_NOREUSE + 1; break; /* make sure it's an invalid value */
12495         case 5: arg4 = POSIX_FADV_NOREUSE + 2; break; /* ditto */
12496         case 6: arg4 = POSIX_FADV_DONTNEED; break;
12497         case 7: arg4 = POSIX_FADV_NOREUSE; break;
12498         default: break;
12499         }
12500 #endif
12501         return -host_to_target_errno(posix_fadvise(arg1, arg2, arg3, arg4));
12502 #endif
12503 #endif /* end of 64-bit ABI fadvise handling */
12504 
12505 #ifdef TARGET_NR_madvise
12506     case TARGET_NR_madvise:
12507         return target_madvise(arg1, arg2, arg3);
12508 #endif
12509 #ifdef TARGET_NR_fcntl64
12510     case TARGET_NR_fcntl64:
12511     {
12512         int cmd;
12513         struct flock64 fl;
12514         from_flock64_fn *copyfrom = copy_from_user_flock64;
12515         to_flock64_fn *copyto = copy_to_user_flock64;
12516 
12517 #ifdef TARGET_ARM
12518         if (!cpu_env->eabi) {
12519             copyfrom = copy_from_user_oabi_flock64;
12520             copyto = copy_to_user_oabi_flock64;
12521         }
12522 #endif
12523 
12524         cmd = target_to_host_fcntl_cmd(arg2);
12525         if (cmd == -TARGET_EINVAL) {
12526             return cmd;
12527         }
12528 
12529         switch(arg2) {
12530         case TARGET_F_GETLK64:
12531             ret = copyfrom(&fl, arg3);
12532             if (ret) {
12533                 break;
12534             }
12535             ret = get_errno(safe_fcntl(arg1, cmd, &fl));
12536             if (ret == 0) {
12537                 ret = copyto(arg3, &fl);
12538             }
12539 	    break;
12540 
12541         case TARGET_F_SETLK64:
12542         case TARGET_F_SETLKW64:
12543             ret = copyfrom(&fl, arg3);
12544             if (ret) {
12545                 break;
12546             }
12547             ret = get_errno(safe_fcntl(arg1, cmd, &fl));
12548 	    break;
12549         default:
12550             ret = do_fcntl(arg1, arg2, arg3);
12551             break;
12552         }
12553         return ret;
12554     }
12555 #endif
12556 #ifdef TARGET_NR_cacheflush
12557     case TARGET_NR_cacheflush:
12558         /* self-modifying code is handled automatically, so nothing needed */
12559         return 0;
12560 #endif
12561 #ifdef TARGET_NR_getpagesize
12562     case TARGET_NR_getpagesize:
12563         return TARGET_PAGE_SIZE;
12564 #endif
12565     case TARGET_NR_gettid:
12566         return get_errno(sys_gettid());
12567 #ifdef TARGET_NR_readahead
12568     case TARGET_NR_readahead:
12569 #if TARGET_ABI_BITS == 32 && !defined(TARGET_ABI_MIPSN32)
12570         if (regpairs_aligned(cpu_env, num)) {
12571             arg2 = arg3;
12572             arg3 = arg4;
12573             arg4 = arg5;
12574         }
12575         ret = get_errno(readahead(arg1, target_offset64(arg2, arg3) , arg4));
12576 #else
12577         ret = get_errno(readahead(arg1, arg2, arg3));
12578 #endif
12579         return ret;
12580 #endif
12581 #ifdef CONFIG_ATTR
12582 #ifdef TARGET_NR_setxattr
12583     case TARGET_NR_listxattr:
12584     case TARGET_NR_llistxattr:
12585     {
12586         void *p, *b = 0;
12587         if (arg2) {
12588             b = lock_user(VERIFY_WRITE, arg2, arg3, 0);
12589             if (!b) {
12590                 return -TARGET_EFAULT;
12591             }
12592         }
12593         p = lock_user_string(arg1);
12594         if (p) {
12595             if (num == TARGET_NR_listxattr) {
12596                 ret = get_errno(listxattr(p, b, arg3));
12597             } else {
12598                 ret = get_errno(llistxattr(p, b, arg3));
12599             }
12600         } else {
12601             ret = -TARGET_EFAULT;
12602         }
12603         unlock_user(p, arg1, 0);
12604         unlock_user(b, arg2, arg3);
12605         return ret;
12606     }
12607     case TARGET_NR_flistxattr:
12608     {
12609         void *b = 0;
12610         if (arg2) {
12611             b = lock_user(VERIFY_WRITE, arg2, arg3, 0);
12612             if (!b) {
12613                 return -TARGET_EFAULT;
12614             }
12615         }
12616         ret = get_errno(flistxattr(arg1, b, arg3));
12617         unlock_user(b, arg2, arg3);
12618         return ret;
12619     }
12620     case TARGET_NR_setxattr:
12621     case TARGET_NR_lsetxattr:
12622         {
12623             void *p, *n, *v = 0;
12624             if (arg3) {
12625                 v = lock_user(VERIFY_READ, arg3, arg4, 1);
12626                 if (!v) {
12627                     return -TARGET_EFAULT;
12628                 }
12629             }
12630             p = lock_user_string(arg1);
12631             n = lock_user_string(arg2);
12632             if (p && n) {
12633                 if (num == TARGET_NR_setxattr) {
12634                     ret = get_errno(setxattr(p, n, v, arg4, arg5));
12635                 } else {
12636                     ret = get_errno(lsetxattr(p, n, v, arg4, arg5));
12637                 }
12638             } else {
12639                 ret = -TARGET_EFAULT;
12640             }
12641             unlock_user(p, arg1, 0);
12642             unlock_user(n, arg2, 0);
12643             unlock_user(v, arg3, 0);
12644         }
12645         return ret;
12646     case TARGET_NR_fsetxattr:
12647         {
12648             void *n, *v = 0;
12649             if (arg3) {
12650                 v = lock_user(VERIFY_READ, arg3, arg4, 1);
12651                 if (!v) {
12652                     return -TARGET_EFAULT;
12653                 }
12654             }
12655             n = lock_user_string(arg2);
12656             if (n) {
12657                 ret = get_errno(fsetxattr(arg1, n, v, arg4, arg5));
12658             } else {
12659                 ret = -TARGET_EFAULT;
12660             }
12661             unlock_user(n, arg2, 0);
12662             unlock_user(v, arg3, 0);
12663         }
12664         return ret;
12665     case TARGET_NR_getxattr:
12666     case TARGET_NR_lgetxattr:
12667         {
12668             void *p, *n, *v = 0;
12669             if (arg3) {
12670                 v = lock_user(VERIFY_WRITE, arg3, arg4, 0);
12671                 if (!v) {
12672                     return -TARGET_EFAULT;
12673                 }
12674             }
12675             p = lock_user_string(arg1);
12676             n = lock_user_string(arg2);
12677             if (p && n) {
12678                 if (num == TARGET_NR_getxattr) {
12679                     ret = get_errno(getxattr(p, n, v, arg4));
12680                 } else {
12681                     ret = get_errno(lgetxattr(p, n, v, arg4));
12682                 }
12683             } else {
12684                 ret = -TARGET_EFAULT;
12685             }
12686             unlock_user(p, arg1, 0);
12687             unlock_user(n, arg2, 0);
12688             unlock_user(v, arg3, arg4);
12689         }
12690         return ret;
12691     case TARGET_NR_fgetxattr:
12692         {
12693             void *n, *v = 0;
12694             if (arg3) {
12695                 v = lock_user(VERIFY_WRITE, arg3, arg4, 0);
12696                 if (!v) {
12697                     return -TARGET_EFAULT;
12698                 }
12699             }
12700             n = lock_user_string(arg2);
12701             if (n) {
12702                 ret = get_errno(fgetxattr(arg1, n, v, arg4));
12703             } else {
12704                 ret = -TARGET_EFAULT;
12705             }
12706             unlock_user(n, arg2, 0);
12707             unlock_user(v, arg3, arg4);
12708         }
12709         return ret;
12710     case TARGET_NR_removexattr:
12711     case TARGET_NR_lremovexattr:
12712         {
12713             void *p, *n;
12714             p = lock_user_string(arg1);
12715             n = lock_user_string(arg2);
12716             if (p && n) {
12717                 if (num == TARGET_NR_removexattr) {
12718                     ret = get_errno(removexattr(p, n));
12719                 } else {
12720                     ret = get_errno(lremovexattr(p, n));
12721                 }
12722             } else {
12723                 ret = -TARGET_EFAULT;
12724             }
12725             unlock_user(p, arg1, 0);
12726             unlock_user(n, arg2, 0);
12727         }
12728         return ret;
12729     case TARGET_NR_fremovexattr:
12730         {
12731             void *n;
12732             n = lock_user_string(arg2);
12733             if (n) {
12734                 ret = get_errno(fremovexattr(arg1, n));
12735             } else {
12736                 ret = -TARGET_EFAULT;
12737             }
12738             unlock_user(n, arg2, 0);
12739         }
12740         return ret;
12741 #endif
12742 #endif /* CONFIG_ATTR */
12743 #ifdef TARGET_NR_set_thread_area
12744     case TARGET_NR_set_thread_area:
12745 #if defined(TARGET_MIPS)
12746       cpu_env->active_tc.CP0_UserLocal = arg1;
12747       return 0;
12748 #elif defined(TARGET_CRIS)
12749       if (arg1 & 0xff)
12750           ret = -TARGET_EINVAL;
12751       else {
12752           cpu_env->pregs[PR_PID] = arg1;
12753           ret = 0;
12754       }
12755       return ret;
12756 #elif defined(TARGET_I386) && defined(TARGET_ABI32)
12757       return do_set_thread_area(cpu_env, arg1);
12758 #elif defined(TARGET_M68K)
12759       {
12760           TaskState *ts = cpu->opaque;
12761           ts->tp_value = arg1;
12762           return 0;
12763       }
12764 #else
12765       return -TARGET_ENOSYS;
12766 #endif
12767 #endif
12768 #ifdef TARGET_NR_get_thread_area
12769     case TARGET_NR_get_thread_area:
12770 #if defined(TARGET_I386) && defined(TARGET_ABI32)
12771         return do_get_thread_area(cpu_env, arg1);
12772 #elif defined(TARGET_M68K)
12773         {
12774             TaskState *ts = cpu->opaque;
12775             return ts->tp_value;
12776         }
12777 #else
12778         return -TARGET_ENOSYS;
12779 #endif
12780 #endif
12781 #ifdef TARGET_NR_getdomainname
12782     case TARGET_NR_getdomainname:
12783         return -TARGET_ENOSYS;
12784 #endif
12785 
12786 #ifdef TARGET_NR_clock_settime
12787     case TARGET_NR_clock_settime:
12788     {
12789         struct timespec ts;
12790 
12791         ret = target_to_host_timespec(&ts, arg2);
12792         if (!is_error(ret)) {
12793             ret = get_errno(clock_settime(arg1, &ts));
12794         }
12795         return ret;
12796     }
12797 #endif
12798 #ifdef TARGET_NR_clock_settime64
12799     case TARGET_NR_clock_settime64:
12800     {
12801         struct timespec ts;
12802 
12803         ret = target_to_host_timespec64(&ts, arg2);
12804         if (!is_error(ret)) {
12805             ret = get_errno(clock_settime(arg1, &ts));
12806         }
12807         return ret;
12808     }
12809 #endif
12810 #ifdef TARGET_NR_clock_gettime
12811     case TARGET_NR_clock_gettime:
12812     {
12813         struct timespec ts;
12814         ret = get_errno(clock_gettime(arg1, &ts));
12815         if (!is_error(ret)) {
12816             ret = host_to_target_timespec(arg2, &ts);
12817         }
12818         return ret;
12819     }
12820 #endif
12821 #ifdef TARGET_NR_clock_gettime64
12822     case TARGET_NR_clock_gettime64:
12823     {
12824         struct timespec ts;
12825         ret = get_errno(clock_gettime(arg1, &ts));
12826         if (!is_error(ret)) {
12827             ret = host_to_target_timespec64(arg2, &ts);
12828         }
12829         return ret;
12830     }
12831 #endif
12832 #ifdef TARGET_NR_clock_getres
12833     case TARGET_NR_clock_getres:
12834     {
12835         struct timespec ts;
12836         ret = get_errno(clock_getres(arg1, &ts));
12837         if (!is_error(ret)) {
12838             host_to_target_timespec(arg2, &ts);
12839         }
12840         return ret;
12841     }
12842 #endif
12843 #ifdef TARGET_NR_clock_getres_time64
12844     case TARGET_NR_clock_getres_time64:
12845     {
12846         struct timespec ts;
12847         ret = get_errno(clock_getres(arg1, &ts));
12848         if (!is_error(ret)) {
12849             host_to_target_timespec64(arg2, &ts);
12850         }
12851         return ret;
12852     }
12853 #endif
12854 #ifdef TARGET_NR_clock_nanosleep
12855     case TARGET_NR_clock_nanosleep:
12856     {
12857         struct timespec ts;
12858         if (target_to_host_timespec(&ts, arg3)) {
12859             return -TARGET_EFAULT;
12860         }
12861         ret = get_errno(safe_clock_nanosleep(arg1, arg2,
12862                                              &ts, arg4 ? &ts : NULL));
12863         /*
12864          * if the call is interrupted by a signal handler, it fails
12865          * with error -TARGET_EINTR and if arg4 is not NULL and arg2 is not
12866          * TIMER_ABSTIME, it returns the remaining unslept time in arg4.
12867          */
12868         if (ret == -TARGET_EINTR && arg4 && arg2 != TIMER_ABSTIME &&
12869             host_to_target_timespec(arg4, &ts)) {
12870               return -TARGET_EFAULT;
12871         }
12872 
12873         return ret;
12874     }
12875 #endif
12876 #ifdef TARGET_NR_clock_nanosleep_time64
12877     case TARGET_NR_clock_nanosleep_time64:
12878     {
12879         struct timespec ts;
12880 
12881         if (target_to_host_timespec64(&ts, arg3)) {
12882             return -TARGET_EFAULT;
12883         }
12884 
12885         ret = get_errno(safe_clock_nanosleep(arg1, arg2,
12886                                              &ts, arg4 ? &ts : NULL));
12887 
12888         if (ret == -TARGET_EINTR && arg4 && arg2 != TIMER_ABSTIME &&
12889             host_to_target_timespec64(arg4, &ts)) {
12890             return -TARGET_EFAULT;
12891         }
12892         return ret;
12893     }
12894 #endif
12895 
12896 #if defined(TARGET_NR_set_tid_address)
12897     case TARGET_NR_set_tid_address:
12898     {
12899         TaskState *ts = cpu->opaque;
12900         ts->child_tidptr = arg1;
12901         /* do not call host set_tid_address() syscall, instead return tid() */
12902         return get_errno(sys_gettid());
12903     }
12904 #endif
12905 
12906     case TARGET_NR_tkill:
12907         return get_errno(safe_tkill((int)arg1, target_to_host_signal(arg2)));
12908 
12909     case TARGET_NR_tgkill:
12910         return get_errno(safe_tgkill((int)arg1, (int)arg2,
12911                          target_to_host_signal(arg3)));
12912 
12913 #ifdef TARGET_NR_set_robust_list
12914     case TARGET_NR_set_robust_list:
12915     case TARGET_NR_get_robust_list:
12916         /* The ABI for supporting robust futexes has userspace pass
12917          * the kernel a pointer to a linked list which is updated by
12918          * userspace after the syscall; the list is walked by the kernel
12919          * when the thread exits. Since the linked list in QEMU guest
12920          * memory isn't a valid linked list for the host and we have
12921          * no way to reliably intercept the thread-death event, we can't
12922          * support these. Silently return ENOSYS so that guest userspace
12923          * falls back to a non-robust futex implementation (which should
12924          * be OK except in the corner case of the guest crashing while
12925          * holding a mutex that is shared with another process via
12926          * shared memory).
12927          */
12928         return -TARGET_ENOSYS;
12929 #endif
12930 
12931 #if defined(TARGET_NR_utimensat)
12932     case TARGET_NR_utimensat:
12933         {
12934             struct timespec *tsp, ts[2];
12935             if (!arg3) {
12936                 tsp = NULL;
12937             } else {
12938                 if (target_to_host_timespec(ts, arg3)) {
12939                     return -TARGET_EFAULT;
12940                 }
12941                 if (target_to_host_timespec(ts + 1, arg3 +
12942                                             sizeof(struct target_timespec))) {
12943                     return -TARGET_EFAULT;
12944                 }
12945                 tsp = ts;
12946             }
12947             if (!arg2)
12948                 ret = get_errno(sys_utimensat(arg1, NULL, tsp, arg4));
12949             else {
12950                 if (!(p = lock_user_string(arg2))) {
12951                     return -TARGET_EFAULT;
12952                 }
12953                 ret = get_errno(sys_utimensat(arg1, path(p), tsp, arg4));
12954                 unlock_user(p, arg2, 0);
12955             }
12956         }
12957         return ret;
12958 #endif
12959 #ifdef TARGET_NR_utimensat_time64
12960     case TARGET_NR_utimensat_time64:
12961         {
12962             struct timespec *tsp, ts[2];
12963             if (!arg3) {
12964                 tsp = NULL;
12965             } else {
12966                 if (target_to_host_timespec64(ts, arg3)) {
12967                     return -TARGET_EFAULT;
12968                 }
12969                 if (target_to_host_timespec64(ts + 1, arg3 +
12970                                      sizeof(struct target__kernel_timespec))) {
12971                     return -TARGET_EFAULT;
12972                 }
12973                 tsp = ts;
12974             }
12975             if (!arg2)
12976                 ret = get_errno(sys_utimensat(arg1, NULL, tsp, arg4));
12977             else {
12978                 p = lock_user_string(arg2);
12979                 if (!p) {
12980                     return -TARGET_EFAULT;
12981                 }
12982                 ret = get_errno(sys_utimensat(arg1, path(p), tsp, arg4));
12983                 unlock_user(p, arg2, 0);
12984             }
12985         }
12986         return ret;
12987 #endif
12988 #ifdef TARGET_NR_futex
12989     case TARGET_NR_futex:
12990         return do_futex(cpu, false, arg1, arg2, arg3, arg4, arg5, arg6);
12991 #endif
12992 #ifdef TARGET_NR_futex_time64
12993     case TARGET_NR_futex_time64:
12994         return do_futex(cpu, true, arg1, arg2, arg3, arg4, arg5, arg6);
12995 #endif
12996 #ifdef CONFIG_INOTIFY
12997 #if defined(TARGET_NR_inotify_init)
12998     case TARGET_NR_inotify_init:
12999         ret = get_errno(inotify_init());
13000         if (ret >= 0) {
13001             fd_trans_register(ret, &target_inotify_trans);
13002         }
13003         return ret;
13004 #endif
13005 #if defined(TARGET_NR_inotify_init1) && defined(CONFIG_INOTIFY1)
13006     case TARGET_NR_inotify_init1:
13007         ret = get_errno(inotify_init1(target_to_host_bitmask(arg1,
13008                                           fcntl_flags_tbl)));
13009         if (ret >= 0) {
13010             fd_trans_register(ret, &target_inotify_trans);
13011         }
13012         return ret;
13013 #endif
13014 #if defined(TARGET_NR_inotify_add_watch)
13015     case TARGET_NR_inotify_add_watch:
13016         p = lock_user_string(arg2);
13017         ret = get_errno(inotify_add_watch(arg1, path(p), arg3));
13018         unlock_user(p, arg2, 0);
13019         return ret;
13020 #endif
13021 #if defined(TARGET_NR_inotify_rm_watch)
13022     case TARGET_NR_inotify_rm_watch:
13023         return get_errno(inotify_rm_watch(arg1, arg2));
13024 #endif
13025 #endif
13026 
13027 #if defined(TARGET_NR_mq_open) && defined(__NR_mq_open)
13028     case TARGET_NR_mq_open:
13029         {
13030             struct mq_attr posix_mq_attr;
13031             struct mq_attr *pposix_mq_attr;
13032             int host_flags;
13033 
13034             host_flags = target_to_host_bitmask(arg2, fcntl_flags_tbl);
13035             pposix_mq_attr = NULL;
13036             if (arg4) {
13037                 if (copy_from_user_mq_attr(&posix_mq_attr, arg4) != 0) {
13038                     return -TARGET_EFAULT;
13039                 }
13040                 pposix_mq_attr = &posix_mq_attr;
13041             }
13042             p = lock_user_string(arg1 - 1);
13043             if (!p) {
13044                 return -TARGET_EFAULT;
13045             }
13046             ret = get_errno(mq_open(p, host_flags, arg3, pposix_mq_attr));
13047             unlock_user (p, arg1, 0);
13048         }
13049         return ret;
13050 
13051     case TARGET_NR_mq_unlink:
13052         p = lock_user_string(arg1 - 1);
13053         if (!p) {
13054             return -TARGET_EFAULT;
13055         }
13056         ret = get_errno(mq_unlink(p));
13057         unlock_user (p, arg1, 0);
13058         return ret;
13059 
13060 #ifdef TARGET_NR_mq_timedsend
13061     case TARGET_NR_mq_timedsend:
13062         {
13063             struct timespec ts;
13064 
13065             p = lock_user (VERIFY_READ, arg2, arg3, 1);
13066             if (arg5 != 0) {
13067                 if (target_to_host_timespec(&ts, arg5)) {
13068                     return -TARGET_EFAULT;
13069                 }
13070                 ret = get_errno(safe_mq_timedsend(arg1, p, arg3, arg4, &ts));
13071                 if (!is_error(ret) && host_to_target_timespec(arg5, &ts)) {
13072                     return -TARGET_EFAULT;
13073                 }
13074             } else {
13075                 ret = get_errno(safe_mq_timedsend(arg1, p, arg3, arg4, NULL));
13076             }
13077             unlock_user (p, arg2, arg3);
13078         }
13079         return ret;
13080 #endif
13081 #ifdef TARGET_NR_mq_timedsend_time64
13082     case TARGET_NR_mq_timedsend_time64:
13083         {
13084             struct timespec ts;
13085 
13086             p = lock_user(VERIFY_READ, arg2, arg3, 1);
13087             if (arg5 != 0) {
13088                 if (target_to_host_timespec64(&ts, arg5)) {
13089                     return -TARGET_EFAULT;
13090                 }
13091                 ret = get_errno(safe_mq_timedsend(arg1, p, arg3, arg4, &ts));
13092                 if (!is_error(ret) && host_to_target_timespec64(arg5, &ts)) {
13093                     return -TARGET_EFAULT;
13094                 }
13095             } else {
13096                 ret = get_errno(safe_mq_timedsend(arg1, p, arg3, arg4, NULL));
13097             }
13098             unlock_user(p, arg2, arg3);
13099         }
13100         return ret;
13101 #endif
13102 
13103 #ifdef TARGET_NR_mq_timedreceive
13104     case TARGET_NR_mq_timedreceive:
13105         {
13106             struct timespec ts;
13107             unsigned int prio;
13108 
13109             p = lock_user (VERIFY_READ, arg2, arg3, 1);
13110             if (arg5 != 0) {
13111                 if (target_to_host_timespec(&ts, arg5)) {
13112                     return -TARGET_EFAULT;
13113                 }
13114                 ret = get_errno(safe_mq_timedreceive(arg1, p, arg3,
13115                                                      &prio, &ts));
13116                 if (!is_error(ret) && host_to_target_timespec(arg5, &ts)) {
13117                     return -TARGET_EFAULT;
13118                 }
13119             } else {
13120                 ret = get_errno(safe_mq_timedreceive(arg1, p, arg3,
13121                                                      &prio, NULL));
13122             }
13123             unlock_user (p, arg2, arg3);
13124             if (arg4 != 0)
13125                 put_user_u32(prio, arg4);
13126         }
13127         return ret;
13128 #endif
13129 #ifdef TARGET_NR_mq_timedreceive_time64
13130     case TARGET_NR_mq_timedreceive_time64:
13131         {
13132             struct timespec ts;
13133             unsigned int prio;
13134 
13135             p = lock_user(VERIFY_READ, arg2, arg3, 1);
13136             if (arg5 != 0) {
13137                 if (target_to_host_timespec64(&ts, arg5)) {
13138                     return -TARGET_EFAULT;
13139                 }
13140                 ret = get_errno(safe_mq_timedreceive(arg1, p, arg3,
13141                                                      &prio, &ts));
13142                 if (!is_error(ret) && host_to_target_timespec64(arg5, &ts)) {
13143                     return -TARGET_EFAULT;
13144                 }
13145             } else {
13146                 ret = get_errno(safe_mq_timedreceive(arg1, p, arg3,
13147                                                      &prio, NULL));
13148             }
13149             unlock_user(p, arg2, arg3);
13150             if (arg4 != 0) {
13151                 put_user_u32(prio, arg4);
13152             }
13153         }
13154         return ret;
13155 #endif
13156 
13157     /* Not implemented for now... */
13158 /*     case TARGET_NR_mq_notify: */
13159 /*         break; */
13160 
13161     case TARGET_NR_mq_getsetattr:
13162         {
13163             struct mq_attr posix_mq_attr_in, posix_mq_attr_out;
13164             ret = 0;
13165             if (arg2 != 0) {
13166                 copy_from_user_mq_attr(&posix_mq_attr_in, arg2);
13167                 ret = get_errno(mq_setattr(arg1, &posix_mq_attr_in,
13168                                            &posix_mq_attr_out));
13169             } else if (arg3 != 0) {
13170                 ret = get_errno(mq_getattr(arg1, &posix_mq_attr_out));
13171             }
13172             if (ret == 0 && arg3 != 0) {
13173                 copy_to_user_mq_attr(arg3, &posix_mq_attr_out);
13174             }
13175         }
13176         return ret;
13177 #endif
13178 
13179 #ifdef CONFIG_SPLICE
13180 #ifdef TARGET_NR_tee
13181     case TARGET_NR_tee:
13182         {
13183             ret = get_errno(tee(arg1,arg2,arg3,arg4));
13184         }
13185         return ret;
13186 #endif
13187 #ifdef TARGET_NR_splice
13188     case TARGET_NR_splice:
13189         {
13190             loff_t loff_in, loff_out;
13191             loff_t *ploff_in = NULL, *ploff_out = NULL;
13192             if (arg2) {
13193                 if (get_user_u64(loff_in, arg2)) {
13194                     return -TARGET_EFAULT;
13195                 }
13196                 ploff_in = &loff_in;
13197             }
13198             if (arg4) {
13199                 if (get_user_u64(loff_out, arg4)) {
13200                     return -TARGET_EFAULT;
13201                 }
13202                 ploff_out = &loff_out;
13203             }
13204             ret = get_errno(splice(arg1, ploff_in, arg3, ploff_out, arg5, arg6));
13205             if (arg2) {
13206                 if (put_user_u64(loff_in, arg2)) {
13207                     return -TARGET_EFAULT;
13208                 }
13209             }
13210             if (arg4) {
13211                 if (put_user_u64(loff_out, arg4)) {
13212                     return -TARGET_EFAULT;
13213                 }
13214             }
13215         }
13216         return ret;
13217 #endif
13218 #ifdef TARGET_NR_vmsplice
13219 	case TARGET_NR_vmsplice:
13220         {
13221             struct iovec *vec = lock_iovec(VERIFY_READ, arg2, arg3, 1);
13222             if (vec != NULL) {
13223                 ret = get_errno(vmsplice(arg1, vec, arg3, arg4));
13224                 unlock_iovec(vec, arg2, arg3, 0);
13225             } else {
13226                 ret = -host_to_target_errno(errno);
13227             }
13228         }
13229         return ret;
13230 #endif
13231 #endif /* CONFIG_SPLICE */
13232 #ifdef CONFIG_EVENTFD
13233 #if defined(TARGET_NR_eventfd)
13234     case TARGET_NR_eventfd:
13235         ret = get_errno(eventfd(arg1, 0));
13236         if (ret >= 0) {
13237             fd_trans_register(ret, &target_eventfd_trans);
13238         }
13239         return ret;
13240 #endif
13241 #if defined(TARGET_NR_eventfd2)
13242     case TARGET_NR_eventfd2:
13243     {
13244         int host_flags = arg2 & (~(TARGET_O_NONBLOCK_MASK | TARGET_O_CLOEXEC));
13245         if (arg2 & TARGET_O_NONBLOCK) {
13246             host_flags |= O_NONBLOCK;
13247         }
13248         if (arg2 & TARGET_O_CLOEXEC) {
13249             host_flags |= O_CLOEXEC;
13250         }
13251         ret = get_errno(eventfd(arg1, host_flags));
13252         if (ret >= 0) {
13253             fd_trans_register(ret, &target_eventfd_trans);
13254         }
13255         return ret;
13256     }
13257 #endif
13258 #endif /* CONFIG_EVENTFD  */
13259 #if defined(CONFIG_FALLOCATE) && defined(TARGET_NR_fallocate)
13260     case TARGET_NR_fallocate:
13261 #if TARGET_ABI_BITS == 32 && !defined(TARGET_ABI_MIPSN32)
13262         ret = get_errno(fallocate(arg1, arg2, target_offset64(arg3, arg4),
13263                                   target_offset64(arg5, arg6)));
13264 #else
13265         ret = get_errno(fallocate(arg1, arg2, arg3, arg4));
13266 #endif
13267         return ret;
13268 #endif
13269 #if defined(CONFIG_SYNC_FILE_RANGE)
13270 #if defined(TARGET_NR_sync_file_range)
13271     case TARGET_NR_sync_file_range:
13272 #if TARGET_ABI_BITS == 32 && !defined(TARGET_ABI_MIPSN32)
13273 #if defined(TARGET_MIPS)
13274         ret = get_errno(sync_file_range(arg1, target_offset64(arg3, arg4),
13275                                         target_offset64(arg5, arg6), arg7));
13276 #else
13277         ret = get_errno(sync_file_range(arg1, target_offset64(arg2, arg3),
13278                                         target_offset64(arg4, arg5), arg6));
13279 #endif /* !TARGET_MIPS */
13280 #else
13281         ret = get_errno(sync_file_range(arg1, arg2, arg3, arg4));
13282 #endif
13283         return ret;
13284 #endif
13285 #if defined(TARGET_NR_sync_file_range2) || \
13286     defined(TARGET_NR_arm_sync_file_range)
13287 #if defined(TARGET_NR_sync_file_range2)
13288     case TARGET_NR_sync_file_range2:
13289 #endif
13290 #if defined(TARGET_NR_arm_sync_file_range)
13291     case TARGET_NR_arm_sync_file_range:
13292 #endif
13293         /* This is like sync_file_range but the arguments are reordered */
13294 #if TARGET_ABI_BITS == 32 && !defined(TARGET_ABI_MIPSN32)
13295         ret = get_errno(sync_file_range(arg1, target_offset64(arg3, arg4),
13296                                         target_offset64(arg5, arg6), arg2));
13297 #else
13298         ret = get_errno(sync_file_range(arg1, arg3, arg4, arg2));
13299 #endif
13300         return ret;
13301 #endif
13302 #endif
13303 #if defined(TARGET_NR_signalfd4)
13304     case TARGET_NR_signalfd4:
13305         return do_signalfd4(arg1, arg2, arg4);
13306 #endif
13307 #if defined(TARGET_NR_signalfd)
13308     case TARGET_NR_signalfd:
13309         return do_signalfd4(arg1, arg2, 0);
13310 #endif
13311 #if defined(CONFIG_EPOLL)
13312 #if defined(TARGET_NR_epoll_create)
13313     case TARGET_NR_epoll_create:
13314         return get_errno(epoll_create(arg1));
13315 #endif
13316 #if defined(TARGET_NR_epoll_create1) && defined(CONFIG_EPOLL_CREATE1)
13317     case TARGET_NR_epoll_create1:
13318         return get_errno(epoll_create1(target_to_host_bitmask(arg1, fcntl_flags_tbl)));
13319 #endif
13320 #if defined(TARGET_NR_epoll_ctl)
13321     case TARGET_NR_epoll_ctl:
13322     {
13323         struct epoll_event ep;
13324         struct epoll_event *epp = 0;
13325         if (arg4) {
13326             if (arg2 != EPOLL_CTL_DEL) {
13327                 struct target_epoll_event *target_ep;
13328                 if (!lock_user_struct(VERIFY_READ, target_ep, arg4, 1)) {
13329                     return -TARGET_EFAULT;
13330                 }
13331                 ep.events = tswap32(target_ep->events);
13332                 /*
13333                  * The epoll_data_t union is just opaque data to the kernel,
13334                  * so we transfer all 64 bits across and need not worry what
13335                  * actual data type it is.
13336                  */
13337                 ep.data.u64 = tswap64(target_ep->data.u64);
13338                 unlock_user_struct(target_ep, arg4, 0);
13339             }
13340             /*
13341              * before kernel 2.6.9, EPOLL_CTL_DEL operation required a
13342              * non-null pointer, even though this argument is ignored.
13343              *
13344              */
13345             epp = &ep;
13346         }
13347         return get_errno(epoll_ctl(arg1, arg2, arg3, epp));
13348     }
13349 #endif
13350 
13351 #if defined(TARGET_NR_epoll_wait) || defined(TARGET_NR_epoll_pwait)
13352 #if defined(TARGET_NR_epoll_wait)
13353     case TARGET_NR_epoll_wait:
13354 #endif
13355 #if defined(TARGET_NR_epoll_pwait)
13356     case TARGET_NR_epoll_pwait:
13357 #endif
13358     {
13359         struct target_epoll_event *target_ep;
13360         struct epoll_event *ep;
13361         int epfd = arg1;
13362         int maxevents = arg3;
13363         int timeout = arg4;
13364 
13365         if (maxevents <= 0 || maxevents > TARGET_EP_MAX_EVENTS) {
13366             return -TARGET_EINVAL;
13367         }
13368 
13369         target_ep = lock_user(VERIFY_WRITE, arg2,
13370                               maxevents * sizeof(struct target_epoll_event), 1);
13371         if (!target_ep) {
13372             return -TARGET_EFAULT;
13373         }
13374 
13375         ep = g_try_new(struct epoll_event, maxevents);
13376         if (!ep) {
13377             unlock_user(target_ep, arg2, 0);
13378             return -TARGET_ENOMEM;
13379         }
13380 
13381         switch (num) {
13382 #if defined(TARGET_NR_epoll_pwait)
13383         case TARGET_NR_epoll_pwait:
13384         {
13385             sigset_t *set = NULL;
13386 
13387             if (arg5) {
13388                 ret = process_sigsuspend_mask(&set, arg5, arg6);
13389                 if (ret != 0) {
13390                     break;
13391                 }
13392             }
13393 
13394             ret = get_errno(safe_epoll_pwait(epfd, ep, maxevents, timeout,
13395                                              set, SIGSET_T_SIZE));
13396 
13397             if (set) {
13398                 finish_sigsuspend_mask(ret);
13399             }
13400             break;
13401         }
13402 #endif
13403 #if defined(TARGET_NR_epoll_wait)
13404         case TARGET_NR_epoll_wait:
13405             ret = get_errno(safe_epoll_pwait(epfd, ep, maxevents, timeout,
13406                                              NULL, 0));
13407             break;
13408 #endif
13409         default:
13410             ret = -TARGET_ENOSYS;
13411         }
13412         if (!is_error(ret)) {
13413             int i;
13414             for (i = 0; i < ret; i++) {
13415                 target_ep[i].events = tswap32(ep[i].events);
13416                 target_ep[i].data.u64 = tswap64(ep[i].data.u64);
13417             }
13418             unlock_user(target_ep, arg2,
13419                         ret * sizeof(struct target_epoll_event));
13420         } else {
13421             unlock_user(target_ep, arg2, 0);
13422         }
13423         g_free(ep);
13424         return ret;
13425     }
13426 #endif
13427 #endif
13428 #ifdef TARGET_NR_prlimit64
13429     case TARGET_NR_prlimit64:
13430     {
13431         /* args: pid, resource number, ptr to new rlimit, ptr to old rlimit */
13432         struct target_rlimit64 *target_rnew, *target_rold;
13433         struct host_rlimit64 rnew, rold, *rnewp = 0;
13434         int resource = target_to_host_resource(arg2);
13435 
13436         if (arg3 && (resource != RLIMIT_AS &&
13437                      resource != RLIMIT_DATA &&
13438                      resource != RLIMIT_STACK)) {
13439             if (!lock_user_struct(VERIFY_READ, target_rnew, arg3, 1)) {
13440                 return -TARGET_EFAULT;
13441             }
13442             __get_user(rnew.rlim_cur, &target_rnew->rlim_cur);
13443             __get_user(rnew.rlim_max, &target_rnew->rlim_max);
13444             unlock_user_struct(target_rnew, arg3, 0);
13445             rnewp = &rnew;
13446         }
13447 
13448         ret = get_errno(sys_prlimit64(arg1, resource, rnewp, arg4 ? &rold : 0));
13449         if (!is_error(ret) && arg4) {
13450             if (!lock_user_struct(VERIFY_WRITE, target_rold, arg4, 1)) {
13451                 return -TARGET_EFAULT;
13452             }
13453             __put_user(rold.rlim_cur, &target_rold->rlim_cur);
13454             __put_user(rold.rlim_max, &target_rold->rlim_max);
13455             unlock_user_struct(target_rold, arg4, 1);
13456         }
13457         return ret;
13458     }
13459 #endif
13460 #ifdef TARGET_NR_gethostname
13461     case TARGET_NR_gethostname:
13462     {
13463         char *name = lock_user(VERIFY_WRITE, arg1, arg2, 0);
13464         if (name) {
13465             ret = get_errno(gethostname(name, arg2));
13466             unlock_user(name, arg1, arg2);
13467         } else {
13468             ret = -TARGET_EFAULT;
13469         }
13470         return ret;
13471     }
13472 #endif
13473 #ifdef TARGET_NR_atomic_cmpxchg_32
13474     case TARGET_NR_atomic_cmpxchg_32:
13475     {
13476         /* should use start_exclusive from main.c */
13477         abi_ulong mem_value;
13478         if (get_user_u32(mem_value, arg6)) {
13479             target_siginfo_t info;
13480             info.si_signo = SIGSEGV;
13481             info.si_errno = 0;
13482             info.si_code = TARGET_SEGV_MAPERR;
13483             info._sifields._sigfault._addr = arg6;
13484             queue_signal(cpu_env, info.si_signo, QEMU_SI_FAULT, &info);
13485             ret = 0xdeadbeef;
13486 
13487         }
13488         if (mem_value == arg2)
13489             put_user_u32(arg1, arg6);
13490         return mem_value;
13491     }
13492 #endif
13493 #ifdef TARGET_NR_atomic_barrier
13494     case TARGET_NR_atomic_barrier:
13495         /* Like the kernel implementation and the
13496            qemu arm barrier, no-op this? */
13497         return 0;
13498 #endif
13499 
13500 #ifdef TARGET_NR_timer_create
13501     case TARGET_NR_timer_create:
13502     {
13503         /* args: clockid_t clockid, struct sigevent *sevp, timer_t *timerid */
13504 
13505         struct sigevent host_sevp = { {0}, }, *phost_sevp = NULL;
13506 
13507         int clkid = arg1;
13508         int timer_index = next_free_host_timer();
13509 
13510         if (timer_index < 0) {
13511             ret = -TARGET_EAGAIN;
13512         } else {
13513             timer_t *phtimer = g_posix_timers  + timer_index;
13514 
13515             if (arg2) {
13516                 phost_sevp = &host_sevp;
13517                 ret = target_to_host_sigevent(phost_sevp, arg2);
13518                 if (ret != 0) {
13519                     free_host_timer_slot(timer_index);
13520                     return ret;
13521                 }
13522             }
13523 
13524             ret = get_errno(timer_create(clkid, phost_sevp, phtimer));
13525             if (ret) {
13526                 free_host_timer_slot(timer_index);
13527             } else {
13528                 if (put_user(TIMER_MAGIC | timer_index, arg3, target_timer_t)) {
13529                     timer_delete(*phtimer);
13530                     free_host_timer_slot(timer_index);
13531                     return -TARGET_EFAULT;
13532                 }
13533             }
13534         }
13535         return ret;
13536     }
13537 #endif
13538 
13539 #ifdef TARGET_NR_timer_settime
13540     case TARGET_NR_timer_settime:
13541     {
13542         /* args: timer_t timerid, int flags, const struct itimerspec *new_value,
13543          * struct itimerspec * old_value */
13544         target_timer_t timerid = get_timer_id(arg1);
13545 
13546         if (timerid < 0) {
13547             ret = timerid;
13548         } else if (arg3 == 0) {
13549             ret = -TARGET_EINVAL;
13550         } else {
13551             timer_t htimer = g_posix_timers[timerid];
13552             struct itimerspec hspec_new = {{0},}, hspec_old = {{0},};
13553 
13554             if (target_to_host_itimerspec(&hspec_new, arg3)) {
13555                 return -TARGET_EFAULT;
13556             }
13557             ret = get_errno(
13558                           timer_settime(htimer, arg2, &hspec_new, &hspec_old));
13559             if (arg4 && host_to_target_itimerspec(arg4, &hspec_old)) {
13560                 return -TARGET_EFAULT;
13561             }
13562         }
13563         return ret;
13564     }
13565 #endif
13566 
13567 #ifdef TARGET_NR_timer_settime64
13568     case TARGET_NR_timer_settime64:
13569     {
13570         target_timer_t timerid = get_timer_id(arg1);
13571 
13572         if (timerid < 0) {
13573             ret = timerid;
13574         } else if (arg3 == 0) {
13575             ret = -TARGET_EINVAL;
13576         } else {
13577             timer_t htimer = g_posix_timers[timerid];
13578             struct itimerspec hspec_new = {{0},}, hspec_old = {{0},};
13579 
13580             if (target_to_host_itimerspec64(&hspec_new, arg3)) {
13581                 return -TARGET_EFAULT;
13582             }
13583             ret = get_errno(
13584                           timer_settime(htimer, arg2, &hspec_new, &hspec_old));
13585             if (arg4 && host_to_target_itimerspec64(arg4, &hspec_old)) {
13586                 return -TARGET_EFAULT;
13587             }
13588         }
13589         return ret;
13590     }
13591 #endif
13592 
13593 #ifdef TARGET_NR_timer_gettime
13594     case TARGET_NR_timer_gettime:
13595     {
13596         /* args: timer_t timerid, struct itimerspec *curr_value */
13597         target_timer_t timerid = get_timer_id(arg1);
13598 
13599         if (timerid < 0) {
13600             ret = timerid;
13601         } else if (!arg2) {
13602             ret = -TARGET_EFAULT;
13603         } else {
13604             timer_t htimer = g_posix_timers[timerid];
13605             struct itimerspec hspec;
13606             ret = get_errno(timer_gettime(htimer, &hspec));
13607 
13608             if (host_to_target_itimerspec(arg2, &hspec)) {
13609                 ret = -TARGET_EFAULT;
13610             }
13611         }
13612         return ret;
13613     }
13614 #endif
13615 
13616 #ifdef TARGET_NR_timer_gettime64
13617     case TARGET_NR_timer_gettime64:
13618     {
13619         /* args: timer_t timerid, struct itimerspec64 *curr_value */
13620         target_timer_t timerid = get_timer_id(arg1);
13621 
13622         if (timerid < 0) {
13623             ret = timerid;
13624         } else if (!arg2) {
13625             ret = -TARGET_EFAULT;
13626         } else {
13627             timer_t htimer = g_posix_timers[timerid];
13628             struct itimerspec hspec;
13629             ret = get_errno(timer_gettime(htimer, &hspec));
13630 
13631             if (host_to_target_itimerspec64(arg2, &hspec)) {
13632                 ret = -TARGET_EFAULT;
13633             }
13634         }
13635         return ret;
13636     }
13637 #endif
13638 
13639 #ifdef TARGET_NR_timer_getoverrun
13640     case TARGET_NR_timer_getoverrun:
13641     {
13642         /* args: timer_t timerid */
13643         target_timer_t timerid = get_timer_id(arg1);
13644 
13645         if (timerid < 0) {
13646             ret = timerid;
13647         } else {
13648             timer_t htimer = g_posix_timers[timerid];
13649             ret = get_errno(timer_getoverrun(htimer));
13650         }
13651         return ret;
13652     }
13653 #endif
13654 
13655 #ifdef TARGET_NR_timer_delete
13656     case TARGET_NR_timer_delete:
13657     {
13658         /* args: timer_t timerid */
13659         target_timer_t timerid = get_timer_id(arg1);
13660 
13661         if (timerid < 0) {
13662             ret = timerid;
13663         } else {
13664             timer_t htimer = g_posix_timers[timerid];
13665             ret = get_errno(timer_delete(htimer));
13666             free_host_timer_slot(timerid);
13667         }
13668         return ret;
13669     }
13670 #endif
13671 
13672 #if defined(TARGET_NR_timerfd_create) && defined(CONFIG_TIMERFD)
13673     case TARGET_NR_timerfd_create:
13674         ret = get_errno(timerfd_create(arg1,
13675                         target_to_host_bitmask(arg2, fcntl_flags_tbl)));
13676         if (ret >= 0) {
13677             fd_trans_register(ret, &target_timerfd_trans);
13678         }
13679         return ret;
13680 #endif
13681 
13682 #if defined(TARGET_NR_timerfd_gettime) && defined(CONFIG_TIMERFD)
13683     case TARGET_NR_timerfd_gettime:
13684         {
13685             struct itimerspec its_curr;
13686 
13687             ret = get_errno(timerfd_gettime(arg1, &its_curr));
13688 
13689             if (arg2 && host_to_target_itimerspec(arg2, &its_curr)) {
13690                 return -TARGET_EFAULT;
13691             }
13692         }
13693         return ret;
13694 #endif
13695 
13696 #if defined(TARGET_NR_timerfd_gettime64) && defined(CONFIG_TIMERFD)
13697     case TARGET_NR_timerfd_gettime64:
13698         {
13699             struct itimerspec its_curr;
13700 
13701             ret = get_errno(timerfd_gettime(arg1, &its_curr));
13702 
13703             if (arg2 && host_to_target_itimerspec64(arg2, &its_curr)) {
13704                 return -TARGET_EFAULT;
13705             }
13706         }
13707         return ret;
13708 #endif
13709 
13710 #if defined(TARGET_NR_timerfd_settime) && defined(CONFIG_TIMERFD)
13711     case TARGET_NR_timerfd_settime:
13712         {
13713             struct itimerspec its_new, its_old, *p_new;
13714 
13715             if (arg3) {
13716                 if (target_to_host_itimerspec(&its_new, arg3)) {
13717                     return -TARGET_EFAULT;
13718                 }
13719                 p_new = &its_new;
13720             } else {
13721                 p_new = NULL;
13722             }
13723 
13724             ret = get_errno(timerfd_settime(arg1, arg2, p_new, &its_old));
13725 
13726             if (arg4 && host_to_target_itimerspec(arg4, &its_old)) {
13727                 return -TARGET_EFAULT;
13728             }
13729         }
13730         return ret;
13731 #endif
13732 
13733 #if defined(TARGET_NR_timerfd_settime64) && defined(CONFIG_TIMERFD)
13734     case TARGET_NR_timerfd_settime64:
13735         {
13736             struct itimerspec its_new, its_old, *p_new;
13737 
13738             if (arg3) {
13739                 if (target_to_host_itimerspec64(&its_new, arg3)) {
13740                     return -TARGET_EFAULT;
13741                 }
13742                 p_new = &its_new;
13743             } else {
13744                 p_new = NULL;
13745             }
13746 
13747             ret = get_errno(timerfd_settime(arg1, arg2, p_new, &its_old));
13748 
13749             if (arg4 && host_to_target_itimerspec64(arg4, &its_old)) {
13750                 return -TARGET_EFAULT;
13751             }
13752         }
13753         return ret;
13754 #endif
13755 
13756 #if defined(TARGET_NR_ioprio_get) && defined(__NR_ioprio_get)
13757     case TARGET_NR_ioprio_get:
13758         return get_errno(ioprio_get(arg1, arg2));
13759 #endif
13760 
13761 #if defined(TARGET_NR_ioprio_set) && defined(__NR_ioprio_set)
13762     case TARGET_NR_ioprio_set:
13763         return get_errno(ioprio_set(arg1, arg2, arg3));
13764 #endif
13765 
13766 #if defined(TARGET_NR_setns) && defined(CONFIG_SETNS)
13767     case TARGET_NR_setns:
13768         return get_errno(setns(arg1, arg2));
13769 #endif
13770 #if defined(TARGET_NR_unshare) && defined(CONFIG_SETNS)
13771     case TARGET_NR_unshare:
13772         return get_errno(unshare(arg1));
13773 #endif
13774 #if defined(TARGET_NR_kcmp) && defined(__NR_kcmp)
13775     case TARGET_NR_kcmp:
13776         return get_errno(kcmp(arg1, arg2, arg3, arg4, arg5));
13777 #endif
13778 #ifdef TARGET_NR_swapcontext
13779     case TARGET_NR_swapcontext:
13780         /* PowerPC specific.  */
13781         return do_swapcontext(cpu_env, arg1, arg2, arg3);
13782 #endif
13783 #ifdef TARGET_NR_memfd_create
13784     case TARGET_NR_memfd_create:
13785         p = lock_user_string(arg1);
13786         if (!p) {
13787             return -TARGET_EFAULT;
13788         }
13789         ret = get_errno(memfd_create(p, arg2));
13790         fd_trans_unregister(ret);
13791         unlock_user(p, arg1, 0);
13792         return ret;
13793 #endif
13794 #if defined TARGET_NR_membarrier && defined __NR_membarrier
13795     case TARGET_NR_membarrier:
13796         return get_errno(membarrier(arg1, arg2));
13797 #endif
13798 
13799 #if defined(TARGET_NR_copy_file_range) && defined(__NR_copy_file_range)
13800     case TARGET_NR_copy_file_range:
13801         {
13802             loff_t inoff, outoff;
13803             loff_t *pinoff = NULL, *poutoff = NULL;
13804 
13805             if (arg2) {
13806                 if (get_user_u64(inoff, arg2)) {
13807                     return -TARGET_EFAULT;
13808                 }
13809                 pinoff = &inoff;
13810             }
13811             if (arg4) {
13812                 if (get_user_u64(outoff, arg4)) {
13813                     return -TARGET_EFAULT;
13814                 }
13815                 poutoff = &outoff;
13816             }
13817             /* Do not sign-extend the count parameter. */
13818             ret = get_errno(safe_copy_file_range(arg1, pinoff, arg3, poutoff,
13819                                                  (abi_ulong)arg5, arg6));
13820             if (!is_error(ret) && ret > 0) {
13821                 if (arg2) {
13822                     if (put_user_u64(inoff, arg2)) {
13823                         return -TARGET_EFAULT;
13824                     }
13825                 }
13826                 if (arg4) {
13827                     if (put_user_u64(outoff, arg4)) {
13828                         return -TARGET_EFAULT;
13829                     }
13830                 }
13831             }
13832         }
13833         return ret;
13834 #endif
13835 
13836 #if defined(TARGET_NR_pivot_root)
13837     case TARGET_NR_pivot_root:
13838         {
13839             void *p2;
13840             p = lock_user_string(arg1); /* new_root */
13841             p2 = lock_user_string(arg2); /* put_old */
13842             if (!p || !p2) {
13843                 ret = -TARGET_EFAULT;
13844             } else {
13845                 ret = get_errno(pivot_root(p, p2));
13846             }
13847             unlock_user(p2, arg2, 0);
13848             unlock_user(p, arg1, 0);
13849         }
13850         return ret;
13851 #endif
13852 
13853 #if defined(TARGET_NR_riscv_hwprobe)
13854     case TARGET_NR_riscv_hwprobe:
13855         return do_riscv_hwprobe(cpu_env, arg1, arg2, arg3, arg4, arg5);
13856 #endif
13857 
13858     default:
13859         qemu_log_mask(LOG_UNIMP, "Unsupported syscall: %d\n", num);
13860         return -TARGET_ENOSYS;
13861     }
13862     return ret;
13863 }
13864 
13865 abi_long do_syscall(CPUArchState *cpu_env, int num, abi_long arg1,
13866                     abi_long arg2, abi_long arg3, abi_long arg4,
13867                     abi_long arg5, abi_long arg6, abi_long arg7,
13868                     abi_long arg8)
13869 {
13870     CPUState *cpu = env_cpu(cpu_env);
13871     abi_long ret;
13872 
13873 #ifdef DEBUG_ERESTARTSYS
13874     /* Debug-only code for exercising the syscall-restart code paths
13875      * in the per-architecture cpu main loops: restart every syscall
13876      * the guest makes once before letting it through.
13877      */
13878     {
13879         static bool flag;
13880         flag = !flag;
13881         if (flag) {
13882             return -QEMU_ERESTARTSYS;
13883         }
13884     }
13885 #endif
13886 
13887     record_syscall_start(cpu, num, arg1,
13888                          arg2, arg3, arg4, arg5, arg6, arg7, arg8);
13889 
13890     if (unlikely(qemu_loglevel_mask(LOG_STRACE))) {
13891         print_syscall(cpu_env, num, arg1, arg2, arg3, arg4, arg5, arg6);
13892     }
13893 
13894     ret = do_syscall1(cpu_env, num, arg1, arg2, arg3, arg4,
13895                       arg5, arg6, arg7, arg8);
13896 
13897     if (unlikely(qemu_loglevel_mask(LOG_STRACE))) {
13898         print_syscall_ret(cpu_env, num, ret, arg1, arg2,
13899                           arg3, arg4, arg5, arg6);
13900     }
13901 
13902     record_syscall_return(cpu, num, ret);
13903     return ret;
13904 }
13905