xref: /openbmc/qemu/linux-user/syscall.c (revision 1d48474d)
1 /*
2  *  Linux syscalls
3  *
4  *  Copyright (c) 2003 Fabrice Bellard
5  *
6  *  This program is free software; you can redistribute it and/or modify
7  *  it under the terms of the GNU General Public License as published by
8  *  the Free Software Foundation; either version 2 of the License, or
9  *  (at your option) any later version.
10  *
11  *  This program is distributed in the hope that it will be useful,
12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  *  GNU General Public License for more details.
15  *
16  *  You should have received a copy of the GNU General Public License
17  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
18  */
19 #define _ATFILE_SOURCE
20 #include "qemu/osdep.h"
21 #include "qemu/cutils.h"
22 #include "qemu/path.h"
23 #include <elf.h>
24 #include <endian.h>
25 #include <grp.h>
26 #include <sys/ipc.h>
27 #include <sys/msg.h>
28 #include <sys/wait.h>
29 #include <sys/mount.h>
30 #include <sys/file.h>
31 #include <sys/fsuid.h>
32 #include <sys/personality.h>
33 #include <sys/prctl.h>
34 #include <sys/resource.h>
35 #include <sys/swap.h>
36 #include <linux/capability.h>
37 #include <sched.h>
38 #include <sys/timex.h>
39 #ifdef __ia64__
40 int __clone2(int (*fn)(void *), void *child_stack_base,
41              size_t stack_size, int flags, void *arg, ...);
42 #endif
43 #include <sys/socket.h>
44 #include <sys/un.h>
45 #include <sys/uio.h>
46 #include <poll.h>
47 #include <sys/times.h>
48 #include <sys/shm.h>
49 #include <sys/sem.h>
50 #include <sys/statfs.h>
51 #include <time.h>
52 #include <utime.h>
53 #include <sys/sysinfo.h>
54 #include <sys/signalfd.h>
55 //#include <sys/user.h>
56 #include <netinet/ip.h>
57 #include <netinet/tcp.h>
58 #include <linux/wireless.h>
59 #include <linux/icmp.h>
60 #include <linux/icmpv6.h>
61 #include <linux/errqueue.h>
62 #include <linux/random.h>
63 #include "qemu-common.h"
64 #ifdef CONFIG_TIMERFD
65 #include <sys/timerfd.h>
66 #endif
67 #ifdef TARGET_GPROF
68 #include <sys/gmon.h>
69 #endif
70 #ifdef CONFIG_EVENTFD
71 #include <sys/eventfd.h>
72 #endif
73 #ifdef CONFIG_EPOLL
74 #include <sys/epoll.h>
75 #endif
76 #ifdef CONFIG_ATTR
77 #include "qemu/xattr.h"
78 #endif
79 #ifdef CONFIG_SENDFILE
80 #include <sys/sendfile.h>
81 #endif
82 
83 #define termios host_termios
84 #define winsize host_winsize
85 #define termio host_termio
86 #define sgttyb host_sgttyb /* same as target */
87 #define tchars host_tchars /* same as target */
88 #define ltchars host_ltchars /* same as target */
89 
90 #include <linux/termios.h>
91 #include <linux/unistd.h>
92 #include <linux/cdrom.h>
93 #include <linux/hdreg.h>
94 #include <linux/soundcard.h>
95 #include <linux/kd.h>
96 #include <linux/mtio.h>
97 #include <linux/fs.h>
98 #if defined(CONFIG_FIEMAP)
99 #include <linux/fiemap.h>
100 #endif
101 #include <linux/fb.h>
102 #include <linux/vt.h>
103 #include <linux/dm-ioctl.h>
104 #include <linux/reboot.h>
105 #include <linux/route.h>
106 #include <linux/filter.h>
107 #include <linux/blkpg.h>
108 #include <netpacket/packet.h>
109 #include <linux/netlink.h>
110 #ifdef CONFIG_RTNETLINK
111 #include <linux/rtnetlink.h>
112 #include <linux/if_bridge.h>
113 #endif
114 #include <linux/audit.h>
115 #include "linux_loop.h"
116 #include "uname.h"
117 
118 #include "qemu.h"
119 
120 #ifndef CLONE_IO
121 #define CLONE_IO                0x80000000      /* Clone io context */
122 #endif
123 
124 /* We can't directly call the host clone syscall, because this will
125  * badly confuse libc (breaking mutexes, for example). So we must
126  * divide clone flags into:
127  *  * flag combinations that look like pthread_create()
128  *  * flag combinations that look like fork()
129  *  * flags we can implement within QEMU itself
130  *  * flags we can't support and will return an error for
131  */
132 /* For thread creation, all these flags must be present; for
133  * fork, none must be present.
134  */
135 #define CLONE_THREAD_FLAGS                              \
136     (CLONE_VM | CLONE_FS | CLONE_FILES |                \
137      CLONE_SIGHAND | CLONE_THREAD | CLONE_SYSVSEM)
138 
139 /* These flags are ignored:
140  * CLONE_DETACHED is now ignored by the kernel;
141  * CLONE_IO is just an optimisation hint to the I/O scheduler
142  */
143 #define CLONE_IGNORED_FLAGS                     \
144     (CLONE_DETACHED | CLONE_IO)
145 
146 /* Flags for fork which we can implement within QEMU itself */
147 #define CLONE_OPTIONAL_FORK_FLAGS               \
148     (CLONE_SETTLS | CLONE_PARENT_SETTID |       \
149      CLONE_CHILD_CLEARTID | CLONE_CHILD_SETTID)
150 
151 /* Flags for thread creation which we can implement within QEMU itself */
152 #define CLONE_OPTIONAL_THREAD_FLAGS                             \
153     (CLONE_SETTLS | CLONE_PARENT_SETTID |                       \
154      CLONE_CHILD_CLEARTID | CLONE_CHILD_SETTID | CLONE_PARENT)
155 
156 #define CLONE_INVALID_FORK_FLAGS                                        \
157     (~(CSIGNAL | CLONE_OPTIONAL_FORK_FLAGS | CLONE_IGNORED_FLAGS))
158 
159 #define CLONE_INVALID_THREAD_FLAGS                                      \
160     (~(CSIGNAL | CLONE_THREAD_FLAGS | CLONE_OPTIONAL_THREAD_FLAGS |     \
161        CLONE_IGNORED_FLAGS))
162 
163 /* CLONE_VFORK is special cased early in do_fork(). The other flag bits
164  * have almost all been allocated. We cannot support any of
165  * CLONE_NEWNS, CLONE_NEWCGROUP, CLONE_NEWUTS, CLONE_NEWIPC,
166  * CLONE_NEWUSER, CLONE_NEWPID, CLONE_NEWNET, CLONE_PTRACE, CLONE_UNTRACED.
167  * The checks against the invalid thread masks above will catch these.
168  * (The one remaining unallocated bit is 0x1000 which used to be CLONE_PID.)
169  */
170 
171 //#define DEBUG
172 /* Define DEBUG_ERESTARTSYS to force every syscall to be restarted
173  * once. This exercises the codepaths for restart.
174  */
175 //#define DEBUG_ERESTARTSYS
176 
177 //#include <linux/msdos_fs.h>
178 #define	VFAT_IOCTL_READDIR_BOTH		_IOR('r', 1, struct linux_dirent [2])
179 #define	VFAT_IOCTL_READDIR_SHORT	_IOR('r', 2, struct linux_dirent [2])
180 
181 #undef _syscall0
182 #undef _syscall1
183 #undef _syscall2
184 #undef _syscall3
185 #undef _syscall4
186 #undef _syscall5
187 #undef _syscall6
188 
189 #define _syscall0(type,name)		\
190 static type name (void)			\
191 {					\
192 	return syscall(__NR_##name);	\
193 }
194 
195 #define _syscall1(type,name,type1,arg1)		\
196 static type name (type1 arg1)			\
197 {						\
198 	return syscall(__NR_##name, arg1);	\
199 }
200 
201 #define _syscall2(type,name,type1,arg1,type2,arg2)	\
202 static type name (type1 arg1,type2 arg2)		\
203 {							\
204 	return syscall(__NR_##name, arg1, arg2);	\
205 }
206 
207 #define _syscall3(type,name,type1,arg1,type2,arg2,type3,arg3)	\
208 static type name (type1 arg1,type2 arg2,type3 arg3)		\
209 {								\
210 	return syscall(__NR_##name, arg1, arg2, arg3);		\
211 }
212 
213 #define _syscall4(type,name,type1,arg1,type2,arg2,type3,arg3,type4,arg4)	\
214 static type name (type1 arg1,type2 arg2,type3 arg3,type4 arg4)			\
215 {										\
216 	return syscall(__NR_##name, arg1, arg2, arg3, arg4);			\
217 }
218 
219 #define _syscall5(type,name,type1,arg1,type2,arg2,type3,arg3,type4,arg4,	\
220 		  type5,arg5)							\
221 static type name (type1 arg1,type2 arg2,type3 arg3,type4 arg4,type5 arg5)	\
222 {										\
223 	return syscall(__NR_##name, arg1, arg2, arg3, arg4, arg5);		\
224 }
225 
226 
227 #define _syscall6(type,name,type1,arg1,type2,arg2,type3,arg3,type4,arg4,	\
228 		  type5,arg5,type6,arg6)					\
229 static type name (type1 arg1,type2 arg2,type3 arg3,type4 arg4,type5 arg5,	\
230                   type6 arg6)							\
231 {										\
232 	return syscall(__NR_##name, arg1, arg2, arg3, arg4, arg5, arg6);	\
233 }
234 
235 
236 #define __NR_sys_uname __NR_uname
237 #define __NR_sys_getcwd1 __NR_getcwd
238 #define __NR_sys_getdents __NR_getdents
239 #define __NR_sys_getdents64 __NR_getdents64
240 #define __NR_sys_getpriority __NR_getpriority
241 #define __NR_sys_rt_sigqueueinfo __NR_rt_sigqueueinfo
242 #define __NR_sys_rt_tgsigqueueinfo __NR_rt_tgsigqueueinfo
243 #define __NR_sys_syslog __NR_syslog
244 #define __NR_sys_futex __NR_futex
245 #define __NR_sys_inotify_init __NR_inotify_init
246 #define __NR_sys_inotify_add_watch __NR_inotify_add_watch
247 #define __NR_sys_inotify_rm_watch __NR_inotify_rm_watch
248 
249 #if defined(__alpha__) || defined (__ia64__) || defined(__x86_64__) || \
250     defined(__s390x__)
251 #define __NR__llseek __NR_lseek
252 #endif
253 
254 /* Newer kernel ports have llseek() instead of _llseek() */
255 #if defined(TARGET_NR_llseek) && !defined(TARGET_NR__llseek)
256 #define TARGET_NR__llseek TARGET_NR_llseek
257 #endif
258 
259 #ifdef __NR_gettid
260 _syscall0(int, gettid)
261 #else
262 /* This is a replacement for the host gettid() and must return a host
263    errno. */
264 static int gettid(void) {
265     return -ENOSYS;
266 }
267 #endif
268 #if defined(TARGET_NR_getdents) && defined(__NR_getdents)
269 _syscall3(int, sys_getdents, uint, fd, struct linux_dirent *, dirp, uint, count);
270 #endif
271 #if !defined(__NR_getdents) || \
272     (defined(TARGET_NR_getdents64) && defined(__NR_getdents64))
273 _syscall3(int, sys_getdents64, uint, fd, struct linux_dirent64 *, dirp, uint, count);
274 #endif
275 #if defined(TARGET_NR__llseek) && defined(__NR_llseek)
276 _syscall5(int, _llseek,  uint,  fd, ulong, hi, ulong, lo,
277           loff_t *, res, uint, wh);
278 #endif
279 _syscall3(int, sys_rt_sigqueueinfo, pid_t, pid, int, sig, siginfo_t *, uinfo)
280 _syscall4(int, sys_rt_tgsigqueueinfo, pid_t, pid, pid_t, tid, int, sig,
281           siginfo_t *, uinfo)
282 _syscall3(int,sys_syslog,int,type,char*,bufp,int,len)
283 #ifdef __NR_exit_group
284 _syscall1(int,exit_group,int,error_code)
285 #endif
286 #if defined(TARGET_NR_set_tid_address) && defined(__NR_set_tid_address)
287 _syscall1(int,set_tid_address,int *,tidptr)
288 #endif
289 #if defined(TARGET_NR_futex) && defined(__NR_futex)
290 _syscall6(int,sys_futex,int *,uaddr,int,op,int,val,
291           const struct timespec *,timeout,int *,uaddr2,int,val3)
292 #endif
293 #define __NR_sys_sched_getaffinity __NR_sched_getaffinity
294 _syscall3(int, sys_sched_getaffinity, pid_t, pid, unsigned int, len,
295           unsigned long *, user_mask_ptr);
296 #define __NR_sys_sched_setaffinity __NR_sched_setaffinity
297 _syscall3(int, sys_sched_setaffinity, pid_t, pid, unsigned int, len,
298           unsigned long *, user_mask_ptr);
299 _syscall4(int, reboot, int, magic1, int, magic2, unsigned int, cmd,
300           void *, arg);
301 _syscall2(int, capget, struct __user_cap_header_struct *, header,
302           struct __user_cap_data_struct *, data);
303 _syscall2(int, capset, struct __user_cap_header_struct *, header,
304           struct __user_cap_data_struct *, data);
305 #if defined(TARGET_NR_ioprio_get) && defined(__NR_ioprio_get)
306 _syscall2(int, ioprio_get, int, which, int, who)
307 #endif
308 #if defined(TARGET_NR_ioprio_set) && defined(__NR_ioprio_set)
309 _syscall3(int, ioprio_set, int, which, int, who, int, ioprio)
310 #endif
311 #if defined(TARGET_NR_getrandom) && defined(__NR_getrandom)
312 _syscall3(int, getrandom, void *, buf, size_t, buflen, unsigned int, flags)
313 #endif
314 
315 #if defined(TARGET_NR_kcmp) && defined(__NR_kcmp)
316 _syscall5(int, kcmp, pid_t, pid1, pid_t, pid2, int, type,
317           unsigned long, idx1, unsigned long, idx2)
318 #endif
319 
320 static bitmask_transtbl fcntl_flags_tbl[] = {
321   { TARGET_O_ACCMODE,   TARGET_O_WRONLY,    O_ACCMODE,   O_WRONLY,    },
322   { TARGET_O_ACCMODE,   TARGET_O_RDWR,      O_ACCMODE,   O_RDWR,      },
323   { TARGET_O_CREAT,     TARGET_O_CREAT,     O_CREAT,     O_CREAT,     },
324   { TARGET_O_EXCL,      TARGET_O_EXCL,      O_EXCL,      O_EXCL,      },
325   { TARGET_O_NOCTTY,    TARGET_O_NOCTTY,    O_NOCTTY,    O_NOCTTY,    },
326   { TARGET_O_TRUNC,     TARGET_O_TRUNC,     O_TRUNC,     O_TRUNC,     },
327   { TARGET_O_APPEND,    TARGET_O_APPEND,    O_APPEND,    O_APPEND,    },
328   { TARGET_O_NONBLOCK,  TARGET_O_NONBLOCK,  O_NONBLOCK,  O_NONBLOCK,  },
329   { TARGET_O_SYNC,      TARGET_O_DSYNC,     O_SYNC,      O_DSYNC,     },
330   { TARGET_O_SYNC,      TARGET_O_SYNC,      O_SYNC,      O_SYNC,      },
331   { TARGET_FASYNC,      TARGET_FASYNC,      FASYNC,      FASYNC,      },
332   { TARGET_O_DIRECTORY, TARGET_O_DIRECTORY, O_DIRECTORY, O_DIRECTORY, },
333   { TARGET_O_NOFOLLOW,  TARGET_O_NOFOLLOW,  O_NOFOLLOW,  O_NOFOLLOW,  },
334 #if defined(O_DIRECT)
335   { TARGET_O_DIRECT,    TARGET_O_DIRECT,    O_DIRECT,    O_DIRECT,    },
336 #endif
337 #if defined(O_NOATIME)
338   { TARGET_O_NOATIME,   TARGET_O_NOATIME,   O_NOATIME,   O_NOATIME    },
339 #endif
340 #if defined(O_CLOEXEC)
341   { TARGET_O_CLOEXEC,   TARGET_O_CLOEXEC,   O_CLOEXEC,   O_CLOEXEC    },
342 #endif
343 #if defined(O_PATH)
344   { TARGET_O_PATH,      TARGET_O_PATH,      O_PATH,      O_PATH       },
345 #endif
346 #if defined(O_TMPFILE)
347   { TARGET_O_TMPFILE,   TARGET_O_TMPFILE,   O_TMPFILE,   O_TMPFILE    },
348 #endif
349   /* Don't terminate the list prematurely on 64-bit host+guest.  */
350 #if TARGET_O_LARGEFILE != 0 || O_LARGEFILE != 0
351   { TARGET_O_LARGEFILE, TARGET_O_LARGEFILE, O_LARGEFILE, O_LARGEFILE, },
352 #endif
353   { 0, 0, 0, 0 }
354 };
355 
356 enum {
357     QEMU_IFLA_BR_UNSPEC,
358     QEMU_IFLA_BR_FORWARD_DELAY,
359     QEMU_IFLA_BR_HELLO_TIME,
360     QEMU_IFLA_BR_MAX_AGE,
361     QEMU_IFLA_BR_AGEING_TIME,
362     QEMU_IFLA_BR_STP_STATE,
363     QEMU_IFLA_BR_PRIORITY,
364     QEMU_IFLA_BR_VLAN_FILTERING,
365     QEMU_IFLA_BR_VLAN_PROTOCOL,
366     QEMU_IFLA_BR_GROUP_FWD_MASK,
367     QEMU_IFLA_BR_ROOT_ID,
368     QEMU_IFLA_BR_BRIDGE_ID,
369     QEMU_IFLA_BR_ROOT_PORT,
370     QEMU_IFLA_BR_ROOT_PATH_COST,
371     QEMU_IFLA_BR_TOPOLOGY_CHANGE,
372     QEMU_IFLA_BR_TOPOLOGY_CHANGE_DETECTED,
373     QEMU_IFLA_BR_HELLO_TIMER,
374     QEMU_IFLA_BR_TCN_TIMER,
375     QEMU_IFLA_BR_TOPOLOGY_CHANGE_TIMER,
376     QEMU_IFLA_BR_GC_TIMER,
377     QEMU_IFLA_BR_GROUP_ADDR,
378     QEMU_IFLA_BR_FDB_FLUSH,
379     QEMU_IFLA_BR_MCAST_ROUTER,
380     QEMU_IFLA_BR_MCAST_SNOOPING,
381     QEMU_IFLA_BR_MCAST_QUERY_USE_IFADDR,
382     QEMU_IFLA_BR_MCAST_QUERIER,
383     QEMU_IFLA_BR_MCAST_HASH_ELASTICITY,
384     QEMU_IFLA_BR_MCAST_HASH_MAX,
385     QEMU_IFLA_BR_MCAST_LAST_MEMBER_CNT,
386     QEMU_IFLA_BR_MCAST_STARTUP_QUERY_CNT,
387     QEMU_IFLA_BR_MCAST_LAST_MEMBER_INTVL,
388     QEMU_IFLA_BR_MCAST_MEMBERSHIP_INTVL,
389     QEMU_IFLA_BR_MCAST_QUERIER_INTVL,
390     QEMU_IFLA_BR_MCAST_QUERY_INTVL,
391     QEMU_IFLA_BR_MCAST_QUERY_RESPONSE_INTVL,
392     QEMU_IFLA_BR_MCAST_STARTUP_QUERY_INTVL,
393     QEMU_IFLA_BR_NF_CALL_IPTABLES,
394     QEMU_IFLA_BR_NF_CALL_IP6TABLES,
395     QEMU_IFLA_BR_NF_CALL_ARPTABLES,
396     QEMU_IFLA_BR_VLAN_DEFAULT_PVID,
397     QEMU_IFLA_BR_PAD,
398     QEMU_IFLA_BR_VLAN_STATS_ENABLED,
399     QEMU_IFLA_BR_MCAST_STATS_ENABLED,
400     QEMU___IFLA_BR_MAX,
401 };
402 
403 enum {
404     QEMU_IFLA_UNSPEC,
405     QEMU_IFLA_ADDRESS,
406     QEMU_IFLA_BROADCAST,
407     QEMU_IFLA_IFNAME,
408     QEMU_IFLA_MTU,
409     QEMU_IFLA_LINK,
410     QEMU_IFLA_QDISC,
411     QEMU_IFLA_STATS,
412     QEMU_IFLA_COST,
413     QEMU_IFLA_PRIORITY,
414     QEMU_IFLA_MASTER,
415     QEMU_IFLA_WIRELESS,
416     QEMU_IFLA_PROTINFO,
417     QEMU_IFLA_TXQLEN,
418     QEMU_IFLA_MAP,
419     QEMU_IFLA_WEIGHT,
420     QEMU_IFLA_OPERSTATE,
421     QEMU_IFLA_LINKMODE,
422     QEMU_IFLA_LINKINFO,
423     QEMU_IFLA_NET_NS_PID,
424     QEMU_IFLA_IFALIAS,
425     QEMU_IFLA_NUM_VF,
426     QEMU_IFLA_VFINFO_LIST,
427     QEMU_IFLA_STATS64,
428     QEMU_IFLA_VF_PORTS,
429     QEMU_IFLA_PORT_SELF,
430     QEMU_IFLA_AF_SPEC,
431     QEMU_IFLA_GROUP,
432     QEMU_IFLA_NET_NS_FD,
433     QEMU_IFLA_EXT_MASK,
434     QEMU_IFLA_PROMISCUITY,
435     QEMU_IFLA_NUM_TX_QUEUES,
436     QEMU_IFLA_NUM_RX_QUEUES,
437     QEMU_IFLA_CARRIER,
438     QEMU_IFLA_PHYS_PORT_ID,
439     QEMU_IFLA_CARRIER_CHANGES,
440     QEMU_IFLA_PHYS_SWITCH_ID,
441     QEMU_IFLA_LINK_NETNSID,
442     QEMU_IFLA_PHYS_PORT_NAME,
443     QEMU_IFLA_PROTO_DOWN,
444     QEMU_IFLA_GSO_MAX_SEGS,
445     QEMU_IFLA_GSO_MAX_SIZE,
446     QEMU_IFLA_PAD,
447     QEMU_IFLA_XDP,
448     QEMU___IFLA_MAX
449 };
450 
451 enum {
452     QEMU_IFLA_BRPORT_UNSPEC,
453     QEMU_IFLA_BRPORT_STATE,
454     QEMU_IFLA_BRPORT_PRIORITY,
455     QEMU_IFLA_BRPORT_COST,
456     QEMU_IFLA_BRPORT_MODE,
457     QEMU_IFLA_BRPORT_GUARD,
458     QEMU_IFLA_BRPORT_PROTECT,
459     QEMU_IFLA_BRPORT_FAST_LEAVE,
460     QEMU_IFLA_BRPORT_LEARNING,
461     QEMU_IFLA_BRPORT_UNICAST_FLOOD,
462     QEMU_IFLA_BRPORT_PROXYARP,
463     QEMU_IFLA_BRPORT_LEARNING_SYNC,
464     QEMU_IFLA_BRPORT_PROXYARP_WIFI,
465     QEMU_IFLA_BRPORT_ROOT_ID,
466     QEMU_IFLA_BRPORT_BRIDGE_ID,
467     QEMU_IFLA_BRPORT_DESIGNATED_PORT,
468     QEMU_IFLA_BRPORT_DESIGNATED_COST,
469     QEMU_IFLA_BRPORT_ID,
470     QEMU_IFLA_BRPORT_NO,
471     QEMU_IFLA_BRPORT_TOPOLOGY_CHANGE_ACK,
472     QEMU_IFLA_BRPORT_CONFIG_PENDING,
473     QEMU_IFLA_BRPORT_MESSAGE_AGE_TIMER,
474     QEMU_IFLA_BRPORT_FORWARD_DELAY_TIMER,
475     QEMU_IFLA_BRPORT_HOLD_TIMER,
476     QEMU_IFLA_BRPORT_FLUSH,
477     QEMU_IFLA_BRPORT_MULTICAST_ROUTER,
478     QEMU_IFLA_BRPORT_PAD,
479     QEMU___IFLA_BRPORT_MAX
480 };
481 
482 enum {
483     QEMU_IFLA_INFO_UNSPEC,
484     QEMU_IFLA_INFO_KIND,
485     QEMU_IFLA_INFO_DATA,
486     QEMU_IFLA_INFO_XSTATS,
487     QEMU_IFLA_INFO_SLAVE_KIND,
488     QEMU_IFLA_INFO_SLAVE_DATA,
489     QEMU___IFLA_INFO_MAX,
490 };
491 
492 enum {
493     QEMU_IFLA_INET_UNSPEC,
494     QEMU_IFLA_INET_CONF,
495     QEMU___IFLA_INET_MAX,
496 };
497 
498 enum {
499     QEMU_IFLA_INET6_UNSPEC,
500     QEMU_IFLA_INET6_FLAGS,
501     QEMU_IFLA_INET6_CONF,
502     QEMU_IFLA_INET6_STATS,
503     QEMU_IFLA_INET6_MCAST,
504     QEMU_IFLA_INET6_CACHEINFO,
505     QEMU_IFLA_INET6_ICMP6STATS,
506     QEMU_IFLA_INET6_TOKEN,
507     QEMU_IFLA_INET6_ADDR_GEN_MODE,
508     QEMU___IFLA_INET6_MAX
509 };
510 
511 typedef abi_long (*TargetFdDataFunc)(void *, size_t);
512 typedef abi_long (*TargetFdAddrFunc)(void *, abi_ulong, socklen_t);
513 typedef struct TargetFdTrans {
514     TargetFdDataFunc host_to_target_data;
515     TargetFdDataFunc target_to_host_data;
516     TargetFdAddrFunc target_to_host_addr;
517 } TargetFdTrans;
518 
519 static TargetFdTrans **target_fd_trans;
520 
521 static unsigned int target_fd_max;
522 
523 static TargetFdDataFunc fd_trans_target_to_host_data(int fd)
524 {
525     if (fd >= 0 && fd < target_fd_max && target_fd_trans[fd]) {
526         return target_fd_trans[fd]->target_to_host_data;
527     }
528     return NULL;
529 }
530 
531 static TargetFdDataFunc fd_trans_host_to_target_data(int fd)
532 {
533     if (fd >= 0 && fd < target_fd_max && target_fd_trans[fd]) {
534         return target_fd_trans[fd]->host_to_target_data;
535     }
536     return NULL;
537 }
538 
539 static TargetFdAddrFunc fd_trans_target_to_host_addr(int fd)
540 {
541     if (fd >= 0 && fd < target_fd_max && target_fd_trans[fd]) {
542         return target_fd_trans[fd]->target_to_host_addr;
543     }
544     return NULL;
545 }
546 
547 static void fd_trans_register(int fd, TargetFdTrans *trans)
548 {
549     unsigned int oldmax;
550 
551     if (fd >= target_fd_max) {
552         oldmax = target_fd_max;
553         target_fd_max = ((fd >> 6) + 1) << 6; /* by slice of 64 entries */
554         target_fd_trans = g_renew(TargetFdTrans *,
555                                   target_fd_trans, target_fd_max);
556         memset((void *)(target_fd_trans + oldmax), 0,
557                (target_fd_max - oldmax) * sizeof(TargetFdTrans *));
558     }
559     target_fd_trans[fd] = trans;
560 }
561 
562 static void fd_trans_unregister(int fd)
563 {
564     if (fd >= 0 && fd < target_fd_max) {
565         target_fd_trans[fd] = NULL;
566     }
567 }
568 
569 static void fd_trans_dup(int oldfd, int newfd)
570 {
571     fd_trans_unregister(newfd);
572     if (oldfd < target_fd_max && target_fd_trans[oldfd]) {
573         fd_trans_register(newfd, target_fd_trans[oldfd]);
574     }
575 }
576 
577 static int sys_getcwd1(char *buf, size_t size)
578 {
579   if (getcwd(buf, size) == NULL) {
580       /* getcwd() sets errno */
581       return (-1);
582   }
583   return strlen(buf)+1;
584 }
585 
586 #ifdef TARGET_NR_utimensat
587 #if defined(__NR_utimensat)
588 #define __NR_sys_utimensat __NR_utimensat
589 _syscall4(int,sys_utimensat,int,dirfd,const char *,pathname,
590           const struct timespec *,tsp,int,flags)
591 #else
592 static int sys_utimensat(int dirfd, const char *pathname,
593                          const struct timespec times[2], int flags)
594 {
595     errno = ENOSYS;
596     return -1;
597 }
598 #endif
599 #endif /* TARGET_NR_utimensat */
600 
601 #ifdef CONFIG_INOTIFY
602 #include <sys/inotify.h>
603 
604 #if defined(TARGET_NR_inotify_init) && defined(__NR_inotify_init)
605 static int sys_inotify_init(void)
606 {
607   return (inotify_init());
608 }
609 #endif
610 #if defined(TARGET_NR_inotify_add_watch) && defined(__NR_inotify_add_watch)
611 static int sys_inotify_add_watch(int fd,const char *pathname, int32_t mask)
612 {
613   return (inotify_add_watch(fd, pathname, mask));
614 }
615 #endif
616 #if defined(TARGET_NR_inotify_rm_watch) && defined(__NR_inotify_rm_watch)
617 static int sys_inotify_rm_watch(int fd, int32_t wd)
618 {
619   return (inotify_rm_watch(fd, wd));
620 }
621 #endif
622 #ifdef CONFIG_INOTIFY1
623 #if defined(TARGET_NR_inotify_init1) && defined(__NR_inotify_init1)
624 static int sys_inotify_init1(int flags)
625 {
626   return (inotify_init1(flags));
627 }
628 #endif
629 #endif
630 #else
631 /* Userspace can usually survive runtime without inotify */
632 #undef TARGET_NR_inotify_init
633 #undef TARGET_NR_inotify_init1
634 #undef TARGET_NR_inotify_add_watch
635 #undef TARGET_NR_inotify_rm_watch
636 #endif /* CONFIG_INOTIFY  */
637 
638 #if defined(TARGET_NR_prlimit64)
639 #ifndef __NR_prlimit64
640 # define __NR_prlimit64 -1
641 #endif
642 #define __NR_sys_prlimit64 __NR_prlimit64
643 /* The glibc rlimit structure may not be that used by the underlying syscall */
644 struct host_rlimit64 {
645     uint64_t rlim_cur;
646     uint64_t rlim_max;
647 };
648 _syscall4(int, sys_prlimit64, pid_t, pid, int, resource,
649           const struct host_rlimit64 *, new_limit,
650           struct host_rlimit64 *, old_limit)
651 #endif
652 
653 
654 #if defined(TARGET_NR_timer_create)
655 /* Maxiumum of 32 active POSIX timers allowed at any one time. */
656 static timer_t g_posix_timers[32] = { 0, } ;
657 
658 static inline int next_free_host_timer(void)
659 {
660     int k ;
661     /* FIXME: Does finding the next free slot require a lock? */
662     for (k = 0; k < ARRAY_SIZE(g_posix_timers); k++) {
663         if (g_posix_timers[k] == 0) {
664             g_posix_timers[k] = (timer_t) 1;
665             return k;
666         }
667     }
668     return -1;
669 }
670 #endif
671 
672 /* ARM EABI and MIPS expect 64bit types aligned even on pairs or registers */
673 #ifdef TARGET_ARM
674 static inline int regpairs_aligned(void *cpu_env) {
675     return ((((CPUARMState *)cpu_env)->eabi) == 1) ;
676 }
677 #elif defined(TARGET_MIPS) && (TARGET_ABI_BITS == 32)
678 static inline int regpairs_aligned(void *cpu_env) { return 1; }
679 #elif defined(TARGET_PPC) && !defined(TARGET_PPC64)
680 /* SysV AVI for PPC32 expects 64bit parameters to be passed on odd/even pairs
681  * of registers which translates to the same as ARM/MIPS, because we start with
682  * r3 as arg1 */
683 static inline int regpairs_aligned(void *cpu_env) { return 1; }
684 #else
685 static inline int regpairs_aligned(void *cpu_env) { return 0; }
686 #endif
687 
688 #define ERRNO_TABLE_SIZE 1200
689 
690 /* target_to_host_errno_table[] is initialized from
691  * host_to_target_errno_table[] in syscall_init(). */
692 static uint16_t target_to_host_errno_table[ERRNO_TABLE_SIZE] = {
693 };
694 
695 /*
696  * This list is the union of errno values overridden in asm-<arch>/errno.h
697  * minus the errnos that are not actually generic to all archs.
698  */
699 static uint16_t host_to_target_errno_table[ERRNO_TABLE_SIZE] = {
700     [EAGAIN]		= TARGET_EAGAIN,
701     [EIDRM]		= TARGET_EIDRM,
702     [ECHRNG]		= TARGET_ECHRNG,
703     [EL2NSYNC]		= TARGET_EL2NSYNC,
704     [EL3HLT]		= TARGET_EL3HLT,
705     [EL3RST]		= TARGET_EL3RST,
706     [ELNRNG]		= TARGET_ELNRNG,
707     [EUNATCH]		= TARGET_EUNATCH,
708     [ENOCSI]		= TARGET_ENOCSI,
709     [EL2HLT]		= TARGET_EL2HLT,
710     [EDEADLK]		= TARGET_EDEADLK,
711     [ENOLCK]		= TARGET_ENOLCK,
712     [EBADE]		= TARGET_EBADE,
713     [EBADR]		= TARGET_EBADR,
714     [EXFULL]		= TARGET_EXFULL,
715     [ENOANO]		= TARGET_ENOANO,
716     [EBADRQC]		= TARGET_EBADRQC,
717     [EBADSLT]		= TARGET_EBADSLT,
718     [EBFONT]		= TARGET_EBFONT,
719     [ENOSTR]		= TARGET_ENOSTR,
720     [ENODATA]		= TARGET_ENODATA,
721     [ETIME]		= TARGET_ETIME,
722     [ENOSR]		= TARGET_ENOSR,
723     [ENONET]		= TARGET_ENONET,
724     [ENOPKG]		= TARGET_ENOPKG,
725     [EREMOTE]		= TARGET_EREMOTE,
726     [ENOLINK]		= TARGET_ENOLINK,
727     [EADV]		= TARGET_EADV,
728     [ESRMNT]		= TARGET_ESRMNT,
729     [ECOMM]		= TARGET_ECOMM,
730     [EPROTO]		= TARGET_EPROTO,
731     [EDOTDOT]		= TARGET_EDOTDOT,
732     [EMULTIHOP]		= TARGET_EMULTIHOP,
733     [EBADMSG]		= TARGET_EBADMSG,
734     [ENAMETOOLONG]	= TARGET_ENAMETOOLONG,
735     [EOVERFLOW]		= TARGET_EOVERFLOW,
736     [ENOTUNIQ]		= TARGET_ENOTUNIQ,
737     [EBADFD]		= TARGET_EBADFD,
738     [EREMCHG]		= TARGET_EREMCHG,
739     [ELIBACC]		= TARGET_ELIBACC,
740     [ELIBBAD]		= TARGET_ELIBBAD,
741     [ELIBSCN]		= TARGET_ELIBSCN,
742     [ELIBMAX]		= TARGET_ELIBMAX,
743     [ELIBEXEC]		= TARGET_ELIBEXEC,
744     [EILSEQ]		= TARGET_EILSEQ,
745     [ENOSYS]		= TARGET_ENOSYS,
746     [ELOOP]		= TARGET_ELOOP,
747     [ERESTART]		= TARGET_ERESTART,
748     [ESTRPIPE]		= TARGET_ESTRPIPE,
749     [ENOTEMPTY]		= TARGET_ENOTEMPTY,
750     [EUSERS]		= TARGET_EUSERS,
751     [ENOTSOCK]		= TARGET_ENOTSOCK,
752     [EDESTADDRREQ]	= TARGET_EDESTADDRREQ,
753     [EMSGSIZE]		= TARGET_EMSGSIZE,
754     [EPROTOTYPE]	= TARGET_EPROTOTYPE,
755     [ENOPROTOOPT]	= TARGET_ENOPROTOOPT,
756     [EPROTONOSUPPORT]	= TARGET_EPROTONOSUPPORT,
757     [ESOCKTNOSUPPORT]	= TARGET_ESOCKTNOSUPPORT,
758     [EOPNOTSUPP]	= TARGET_EOPNOTSUPP,
759     [EPFNOSUPPORT]	= TARGET_EPFNOSUPPORT,
760     [EAFNOSUPPORT]	= TARGET_EAFNOSUPPORT,
761     [EADDRINUSE]	= TARGET_EADDRINUSE,
762     [EADDRNOTAVAIL]	= TARGET_EADDRNOTAVAIL,
763     [ENETDOWN]		= TARGET_ENETDOWN,
764     [ENETUNREACH]	= TARGET_ENETUNREACH,
765     [ENETRESET]		= TARGET_ENETRESET,
766     [ECONNABORTED]	= TARGET_ECONNABORTED,
767     [ECONNRESET]	= TARGET_ECONNRESET,
768     [ENOBUFS]		= TARGET_ENOBUFS,
769     [EISCONN]		= TARGET_EISCONN,
770     [ENOTCONN]		= TARGET_ENOTCONN,
771     [EUCLEAN]		= TARGET_EUCLEAN,
772     [ENOTNAM]		= TARGET_ENOTNAM,
773     [ENAVAIL]		= TARGET_ENAVAIL,
774     [EISNAM]		= TARGET_EISNAM,
775     [EREMOTEIO]		= TARGET_EREMOTEIO,
776     [EDQUOT]            = TARGET_EDQUOT,
777     [ESHUTDOWN]		= TARGET_ESHUTDOWN,
778     [ETOOMANYREFS]	= TARGET_ETOOMANYREFS,
779     [ETIMEDOUT]		= TARGET_ETIMEDOUT,
780     [ECONNREFUSED]	= TARGET_ECONNREFUSED,
781     [EHOSTDOWN]		= TARGET_EHOSTDOWN,
782     [EHOSTUNREACH]	= TARGET_EHOSTUNREACH,
783     [EALREADY]		= TARGET_EALREADY,
784     [EINPROGRESS]	= TARGET_EINPROGRESS,
785     [ESTALE]		= TARGET_ESTALE,
786     [ECANCELED]		= TARGET_ECANCELED,
787     [ENOMEDIUM]		= TARGET_ENOMEDIUM,
788     [EMEDIUMTYPE]	= TARGET_EMEDIUMTYPE,
789 #ifdef ENOKEY
790     [ENOKEY]		= TARGET_ENOKEY,
791 #endif
792 #ifdef EKEYEXPIRED
793     [EKEYEXPIRED]	= TARGET_EKEYEXPIRED,
794 #endif
795 #ifdef EKEYREVOKED
796     [EKEYREVOKED]	= TARGET_EKEYREVOKED,
797 #endif
798 #ifdef EKEYREJECTED
799     [EKEYREJECTED]	= TARGET_EKEYREJECTED,
800 #endif
801 #ifdef EOWNERDEAD
802     [EOWNERDEAD]	= TARGET_EOWNERDEAD,
803 #endif
804 #ifdef ENOTRECOVERABLE
805     [ENOTRECOVERABLE]	= TARGET_ENOTRECOVERABLE,
806 #endif
807 #ifdef ENOMSG
808     [ENOMSG]            = TARGET_ENOMSG,
809 #endif
810 #ifdef ERKFILL
811     [ERFKILL]           = TARGET_ERFKILL,
812 #endif
813 #ifdef EHWPOISON
814     [EHWPOISON]         = TARGET_EHWPOISON,
815 #endif
816 };
817 
818 static inline int host_to_target_errno(int err)
819 {
820     if (err >= 0 && err < ERRNO_TABLE_SIZE &&
821         host_to_target_errno_table[err]) {
822         return host_to_target_errno_table[err];
823     }
824     return err;
825 }
826 
827 static inline int target_to_host_errno(int err)
828 {
829     if (err >= 0 && err < ERRNO_TABLE_SIZE &&
830         target_to_host_errno_table[err]) {
831         return target_to_host_errno_table[err];
832     }
833     return err;
834 }
835 
836 static inline abi_long get_errno(abi_long ret)
837 {
838     if (ret == -1)
839         return -host_to_target_errno(errno);
840     else
841         return ret;
842 }
843 
844 static inline int is_error(abi_long ret)
845 {
846     return (abi_ulong)ret >= (abi_ulong)(-4096);
847 }
848 
849 const char *target_strerror(int err)
850 {
851     if (err == TARGET_ERESTARTSYS) {
852         return "To be restarted";
853     }
854     if (err == TARGET_QEMU_ESIGRETURN) {
855         return "Successful exit from sigreturn";
856     }
857 
858     if ((err >= ERRNO_TABLE_SIZE) || (err < 0)) {
859         return NULL;
860     }
861     return strerror(target_to_host_errno(err));
862 }
863 
864 #define safe_syscall0(type, name) \
865 static type safe_##name(void) \
866 { \
867     return safe_syscall(__NR_##name); \
868 }
869 
870 #define safe_syscall1(type, name, type1, arg1) \
871 static type safe_##name(type1 arg1) \
872 { \
873     return safe_syscall(__NR_##name, arg1); \
874 }
875 
876 #define safe_syscall2(type, name, type1, arg1, type2, arg2) \
877 static type safe_##name(type1 arg1, type2 arg2) \
878 { \
879     return safe_syscall(__NR_##name, arg1, arg2); \
880 }
881 
882 #define safe_syscall3(type, name, type1, arg1, type2, arg2, type3, arg3) \
883 static type safe_##name(type1 arg1, type2 arg2, type3 arg3) \
884 { \
885     return safe_syscall(__NR_##name, arg1, arg2, arg3); \
886 }
887 
888 #define safe_syscall4(type, name, type1, arg1, type2, arg2, type3, arg3, \
889     type4, arg4) \
890 static type safe_##name(type1 arg1, type2 arg2, type3 arg3, type4 arg4) \
891 { \
892     return safe_syscall(__NR_##name, arg1, arg2, arg3, arg4); \
893 }
894 
895 #define safe_syscall5(type, name, type1, arg1, type2, arg2, type3, arg3, \
896     type4, arg4, type5, arg5) \
897 static type safe_##name(type1 arg1, type2 arg2, type3 arg3, type4 arg4, \
898     type5 arg5) \
899 { \
900     return safe_syscall(__NR_##name, arg1, arg2, arg3, arg4, arg5); \
901 }
902 
903 #define safe_syscall6(type, name, type1, arg1, type2, arg2, type3, arg3, \
904     type4, arg4, type5, arg5, type6, arg6) \
905 static type safe_##name(type1 arg1, type2 arg2, type3 arg3, type4 arg4, \
906     type5 arg5, type6 arg6) \
907 { \
908     return safe_syscall(__NR_##name, arg1, arg2, arg3, arg4, arg5, arg6); \
909 }
910 
911 safe_syscall3(ssize_t, read, int, fd, void *, buff, size_t, count)
912 safe_syscall3(ssize_t, write, int, fd, const void *, buff, size_t, count)
913 safe_syscall4(int, openat, int, dirfd, const char *, pathname, \
914               int, flags, mode_t, mode)
915 safe_syscall4(pid_t, wait4, pid_t, pid, int *, status, int, options, \
916               struct rusage *, rusage)
917 safe_syscall5(int, waitid, idtype_t, idtype, id_t, id, siginfo_t *, infop, \
918               int, options, struct rusage *, rusage)
919 safe_syscall3(int, execve, const char *, filename, char **, argv, char **, envp)
920 safe_syscall6(int, pselect6, int, nfds, fd_set *, readfds, fd_set *, writefds, \
921               fd_set *, exceptfds, struct timespec *, timeout, void *, sig)
922 safe_syscall5(int, ppoll, struct pollfd *, ufds, unsigned int, nfds,
923               struct timespec *, tsp, const sigset_t *, sigmask,
924               size_t, sigsetsize)
925 safe_syscall6(int, epoll_pwait, int, epfd, struct epoll_event *, events,
926               int, maxevents, int, timeout, const sigset_t *, sigmask,
927               size_t, sigsetsize)
928 safe_syscall6(int,futex,int *,uaddr,int,op,int,val, \
929               const struct timespec *,timeout,int *,uaddr2,int,val3)
930 safe_syscall2(int, rt_sigsuspend, sigset_t *, newset, size_t, sigsetsize)
931 safe_syscall2(int, kill, pid_t, pid, int, sig)
932 safe_syscall2(int, tkill, int, tid, int, sig)
933 safe_syscall3(int, tgkill, int, tgid, int, pid, int, sig)
934 safe_syscall3(ssize_t, readv, int, fd, const struct iovec *, iov, int, iovcnt)
935 safe_syscall3(ssize_t, writev, int, fd, const struct iovec *, iov, int, iovcnt)
936 safe_syscall5(ssize_t, preadv, int, fd, const struct iovec *, iov, int, iovcnt,
937               unsigned long, pos_l, unsigned long, pos_h)
938 safe_syscall5(ssize_t, pwritev, int, fd, const struct iovec *, iov, int, iovcnt,
939               unsigned long, pos_l, unsigned long, pos_h)
940 safe_syscall3(int, connect, int, fd, const struct sockaddr *, addr,
941               socklen_t, addrlen)
942 safe_syscall6(ssize_t, sendto, int, fd, const void *, buf, size_t, len,
943               int, flags, const struct sockaddr *, addr, socklen_t, addrlen)
944 safe_syscall6(ssize_t, recvfrom, int, fd, void *, buf, size_t, len,
945               int, flags, struct sockaddr *, addr, socklen_t *, addrlen)
946 safe_syscall3(ssize_t, sendmsg, int, fd, const struct msghdr *, msg, int, flags)
947 safe_syscall3(ssize_t, recvmsg, int, fd, struct msghdr *, msg, int, flags)
948 safe_syscall2(int, flock, int, fd, int, operation)
949 safe_syscall4(int, rt_sigtimedwait, const sigset_t *, these, siginfo_t *, uinfo,
950               const struct timespec *, uts, size_t, sigsetsize)
951 safe_syscall4(int, accept4, int, fd, struct sockaddr *, addr, socklen_t *, len,
952               int, flags)
953 safe_syscall2(int, nanosleep, const struct timespec *, req,
954               struct timespec *, rem)
955 #ifdef TARGET_NR_clock_nanosleep
956 safe_syscall4(int, clock_nanosleep, const clockid_t, clock, int, flags,
957               const struct timespec *, req, struct timespec *, rem)
958 #endif
959 #ifdef __NR_msgsnd
960 safe_syscall4(int, msgsnd, int, msgid, const void *, msgp, size_t, sz,
961               int, flags)
962 safe_syscall5(int, msgrcv, int, msgid, void *, msgp, size_t, sz,
963               long, msgtype, int, flags)
964 safe_syscall4(int, semtimedop, int, semid, struct sembuf *, tsops,
965               unsigned, nsops, const struct timespec *, timeout)
966 #else
967 /* This host kernel architecture uses a single ipc syscall; fake up
968  * wrappers for the sub-operations to hide this implementation detail.
969  * Annoyingly we can't include linux/ipc.h to get the constant definitions
970  * for the call parameter because some structs in there conflict with the
971  * sys/ipc.h ones. So we just define them here, and rely on them being
972  * the same for all host architectures.
973  */
974 #define Q_SEMTIMEDOP 4
975 #define Q_MSGSND 11
976 #define Q_MSGRCV 12
977 #define Q_IPCCALL(VERSION, OP) ((VERSION) << 16 | (OP))
978 
979 safe_syscall6(int, ipc, int, call, long, first, long, second, long, third,
980               void *, ptr, long, fifth)
981 static int safe_msgsnd(int msgid, const void *msgp, size_t sz, int flags)
982 {
983     return safe_ipc(Q_IPCCALL(0, Q_MSGSND), msgid, sz, flags, (void *)msgp, 0);
984 }
985 static int safe_msgrcv(int msgid, void *msgp, size_t sz, long type, int flags)
986 {
987     return safe_ipc(Q_IPCCALL(1, Q_MSGRCV), msgid, sz, flags, msgp, type);
988 }
989 static int safe_semtimedop(int semid, struct sembuf *tsops, unsigned nsops,
990                            const struct timespec *timeout)
991 {
992     return safe_ipc(Q_IPCCALL(0, Q_SEMTIMEDOP), semid, nsops, 0, tsops,
993                     (long)timeout);
994 }
995 #endif
996 #if defined(TARGET_NR_mq_open) && defined(__NR_mq_open)
997 safe_syscall5(int, mq_timedsend, int, mqdes, const char *, msg_ptr,
998               size_t, len, unsigned, prio, const struct timespec *, timeout)
999 safe_syscall5(int, mq_timedreceive, int, mqdes, char *, msg_ptr,
1000               size_t, len, unsigned *, prio, const struct timespec *, timeout)
1001 #endif
1002 /* We do ioctl like this rather than via safe_syscall3 to preserve the
1003  * "third argument might be integer or pointer or not present" behaviour of
1004  * the libc function.
1005  */
1006 #define safe_ioctl(...) safe_syscall(__NR_ioctl, __VA_ARGS__)
1007 /* Similarly for fcntl. Note that callers must always:
1008  *  pass the F_GETLK64 etc constants rather than the unsuffixed F_GETLK
1009  *  use the flock64 struct rather than unsuffixed flock
1010  * This will then work and use a 64-bit offset for both 32-bit and 64-bit hosts.
1011  */
1012 #ifdef __NR_fcntl64
1013 #define safe_fcntl(...) safe_syscall(__NR_fcntl64, __VA_ARGS__)
1014 #else
1015 #define safe_fcntl(...) safe_syscall(__NR_fcntl, __VA_ARGS__)
1016 #endif
1017 
1018 static inline int host_to_target_sock_type(int host_type)
1019 {
1020     int target_type;
1021 
1022     switch (host_type & 0xf /* SOCK_TYPE_MASK */) {
1023     case SOCK_DGRAM:
1024         target_type = TARGET_SOCK_DGRAM;
1025         break;
1026     case SOCK_STREAM:
1027         target_type = TARGET_SOCK_STREAM;
1028         break;
1029     default:
1030         target_type = host_type & 0xf /* SOCK_TYPE_MASK */;
1031         break;
1032     }
1033 
1034 #if defined(SOCK_CLOEXEC)
1035     if (host_type & SOCK_CLOEXEC) {
1036         target_type |= TARGET_SOCK_CLOEXEC;
1037     }
1038 #endif
1039 
1040 #if defined(SOCK_NONBLOCK)
1041     if (host_type & SOCK_NONBLOCK) {
1042         target_type |= TARGET_SOCK_NONBLOCK;
1043     }
1044 #endif
1045 
1046     return target_type;
1047 }
1048 
1049 static abi_ulong target_brk;
1050 static abi_ulong target_original_brk;
1051 static abi_ulong brk_page;
1052 
1053 void target_set_brk(abi_ulong new_brk)
1054 {
1055     target_original_brk = target_brk = HOST_PAGE_ALIGN(new_brk);
1056     brk_page = HOST_PAGE_ALIGN(target_brk);
1057 }
1058 
1059 //#define DEBUGF_BRK(message, args...) do { fprintf(stderr, (message), ## args); } while (0)
1060 #define DEBUGF_BRK(message, args...)
1061 
1062 /* do_brk() must return target values and target errnos. */
1063 abi_long do_brk(abi_ulong new_brk)
1064 {
1065     abi_long mapped_addr;
1066     abi_ulong new_alloc_size;
1067 
1068     DEBUGF_BRK("do_brk(" TARGET_ABI_FMT_lx ") -> ", new_brk);
1069 
1070     if (!new_brk) {
1071         DEBUGF_BRK(TARGET_ABI_FMT_lx " (!new_brk)\n", target_brk);
1072         return target_brk;
1073     }
1074     if (new_brk < target_original_brk) {
1075         DEBUGF_BRK(TARGET_ABI_FMT_lx " (new_brk < target_original_brk)\n",
1076                    target_brk);
1077         return target_brk;
1078     }
1079 
1080     /* If the new brk is less than the highest page reserved to the
1081      * target heap allocation, set it and we're almost done...  */
1082     if (new_brk <= brk_page) {
1083         /* Heap contents are initialized to zero, as for anonymous
1084          * mapped pages.  */
1085         if (new_brk > target_brk) {
1086             memset(g2h(target_brk), 0, new_brk - target_brk);
1087         }
1088 	target_brk = new_brk;
1089         DEBUGF_BRK(TARGET_ABI_FMT_lx " (new_brk <= brk_page)\n", target_brk);
1090     	return target_brk;
1091     }
1092 
1093     /* We need to allocate more memory after the brk... Note that
1094      * we don't use MAP_FIXED because that will map over the top of
1095      * any existing mapping (like the one with the host libc or qemu
1096      * itself); instead we treat "mapped but at wrong address" as
1097      * a failure and unmap again.
1098      */
1099     new_alloc_size = HOST_PAGE_ALIGN(new_brk - brk_page);
1100     mapped_addr = get_errno(target_mmap(brk_page, new_alloc_size,
1101                                         PROT_READ|PROT_WRITE,
1102                                         MAP_ANON|MAP_PRIVATE, 0, 0));
1103 
1104     if (mapped_addr == brk_page) {
1105         /* Heap contents are initialized to zero, as for anonymous
1106          * mapped pages.  Technically the new pages are already
1107          * initialized to zero since they *are* anonymous mapped
1108          * pages, however we have to take care with the contents that
1109          * come from the remaining part of the previous page: it may
1110          * contains garbage data due to a previous heap usage (grown
1111          * then shrunken).  */
1112         memset(g2h(target_brk), 0, brk_page - target_brk);
1113 
1114         target_brk = new_brk;
1115         brk_page = HOST_PAGE_ALIGN(target_brk);
1116         DEBUGF_BRK(TARGET_ABI_FMT_lx " (mapped_addr == brk_page)\n",
1117             target_brk);
1118         return target_brk;
1119     } else if (mapped_addr != -1) {
1120         /* Mapped but at wrong address, meaning there wasn't actually
1121          * enough space for this brk.
1122          */
1123         target_munmap(mapped_addr, new_alloc_size);
1124         mapped_addr = -1;
1125         DEBUGF_BRK(TARGET_ABI_FMT_lx " (mapped_addr != -1)\n", target_brk);
1126     }
1127     else {
1128         DEBUGF_BRK(TARGET_ABI_FMT_lx " (otherwise)\n", target_brk);
1129     }
1130 
1131 #if defined(TARGET_ALPHA)
1132     /* We (partially) emulate OSF/1 on Alpha, which requires we
1133        return a proper errno, not an unchanged brk value.  */
1134     return -TARGET_ENOMEM;
1135 #endif
1136     /* For everything else, return the previous break. */
1137     return target_brk;
1138 }
1139 
1140 static inline abi_long copy_from_user_fdset(fd_set *fds,
1141                                             abi_ulong target_fds_addr,
1142                                             int n)
1143 {
1144     int i, nw, j, k;
1145     abi_ulong b, *target_fds;
1146 
1147     nw = DIV_ROUND_UP(n, TARGET_ABI_BITS);
1148     if (!(target_fds = lock_user(VERIFY_READ,
1149                                  target_fds_addr,
1150                                  sizeof(abi_ulong) * nw,
1151                                  1)))
1152         return -TARGET_EFAULT;
1153 
1154     FD_ZERO(fds);
1155     k = 0;
1156     for (i = 0; i < nw; i++) {
1157         /* grab the abi_ulong */
1158         __get_user(b, &target_fds[i]);
1159         for (j = 0; j < TARGET_ABI_BITS; j++) {
1160             /* check the bit inside the abi_ulong */
1161             if ((b >> j) & 1)
1162                 FD_SET(k, fds);
1163             k++;
1164         }
1165     }
1166 
1167     unlock_user(target_fds, target_fds_addr, 0);
1168 
1169     return 0;
1170 }
1171 
1172 static inline abi_ulong copy_from_user_fdset_ptr(fd_set *fds, fd_set **fds_ptr,
1173                                                  abi_ulong target_fds_addr,
1174                                                  int n)
1175 {
1176     if (target_fds_addr) {
1177         if (copy_from_user_fdset(fds, target_fds_addr, n))
1178             return -TARGET_EFAULT;
1179         *fds_ptr = fds;
1180     } else {
1181         *fds_ptr = NULL;
1182     }
1183     return 0;
1184 }
1185 
1186 static inline abi_long copy_to_user_fdset(abi_ulong target_fds_addr,
1187                                           const fd_set *fds,
1188                                           int n)
1189 {
1190     int i, nw, j, k;
1191     abi_long v;
1192     abi_ulong *target_fds;
1193 
1194     nw = DIV_ROUND_UP(n, TARGET_ABI_BITS);
1195     if (!(target_fds = lock_user(VERIFY_WRITE,
1196                                  target_fds_addr,
1197                                  sizeof(abi_ulong) * nw,
1198                                  0)))
1199         return -TARGET_EFAULT;
1200 
1201     k = 0;
1202     for (i = 0; i < nw; i++) {
1203         v = 0;
1204         for (j = 0; j < TARGET_ABI_BITS; j++) {
1205             v |= ((abi_ulong)(FD_ISSET(k, fds) != 0) << j);
1206             k++;
1207         }
1208         __put_user(v, &target_fds[i]);
1209     }
1210 
1211     unlock_user(target_fds, target_fds_addr, sizeof(abi_ulong) * nw);
1212 
1213     return 0;
1214 }
1215 
1216 #if defined(__alpha__)
1217 #define HOST_HZ 1024
1218 #else
1219 #define HOST_HZ 100
1220 #endif
1221 
1222 static inline abi_long host_to_target_clock_t(long ticks)
1223 {
1224 #if HOST_HZ == TARGET_HZ
1225     return ticks;
1226 #else
1227     return ((int64_t)ticks * TARGET_HZ) / HOST_HZ;
1228 #endif
1229 }
1230 
1231 static inline abi_long host_to_target_rusage(abi_ulong target_addr,
1232                                              const struct rusage *rusage)
1233 {
1234     struct target_rusage *target_rusage;
1235 
1236     if (!lock_user_struct(VERIFY_WRITE, target_rusage, target_addr, 0))
1237         return -TARGET_EFAULT;
1238     target_rusage->ru_utime.tv_sec = tswapal(rusage->ru_utime.tv_sec);
1239     target_rusage->ru_utime.tv_usec = tswapal(rusage->ru_utime.tv_usec);
1240     target_rusage->ru_stime.tv_sec = tswapal(rusage->ru_stime.tv_sec);
1241     target_rusage->ru_stime.tv_usec = tswapal(rusage->ru_stime.tv_usec);
1242     target_rusage->ru_maxrss = tswapal(rusage->ru_maxrss);
1243     target_rusage->ru_ixrss = tswapal(rusage->ru_ixrss);
1244     target_rusage->ru_idrss = tswapal(rusage->ru_idrss);
1245     target_rusage->ru_isrss = tswapal(rusage->ru_isrss);
1246     target_rusage->ru_minflt = tswapal(rusage->ru_minflt);
1247     target_rusage->ru_majflt = tswapal(rusage->ru_majflt);
1248     target_rusage->ru_nswap = tswapal(rusage->ru_nswap);
1249     target_rusage->ru_inblock = tswapal(rusage->ru_inblock);
1250     target_rusage->ru_oublock = tswapal(rusage->ru_oublock);
1251     target_rusage->ru_msgsnd = tswapal(rusage->ru_msgsnd);
1252     target_rusage->ru_msgrcv = tswapal(rusage->ru_msgrcv);
1253     target_rusage->ru_nsignals = tswapal(rusage->ru_nsignals);
1254     target_rusage->ru_nvcsw = tswapal(rusage->ru_nvcsw);
1255     target_rusage->ru_nivcsw = tswapal(rusage->ru_nivcsw);
1256     unlock_user_struct(target_rusage, target_addr, 1);
1257 
1258     return 0;
1259 }
1260 
1261 static inline rlim_t target_to_host_rlim(abi_ulong target_rlim)
1262 {
1263     abi_ulong target_rlim_swap;
1264     rlim_t result;
1265 
1266     target_rlim_swap = tswapal(target_rlim);
1267     if (target_rlim_swap == TARGET_RLIM_INFINITY)
1268         return RLIM_INFINITY;
1269 
1270     result = target_rlim_swap;
1271     if (target_rlim_swap != (rlim_t)result)
1272         return RLIM_INFINITY;
1273 
1274     return result;
1275 }
1276 
1277 static inline abi_ulong host_to_target_rlim(rlim_t rlim)
1278 {
1279     abi_ulong target_rlim_swap;
1280     abi_ulong result;
1281 
1282     if (rlim == RLIM_INFINITY || rlim != (abi_long)rlim)
1283         target_rlim_swap = TARGET_RLIM_INFINITY;
1284     else
1285         target_rlim_swap = rlim;
1286     result = tswapal(target_rlim_swap);
1287 
1288     return result;
1289 }
1290 
1291 static inline int target_to_host_resource(int code)
1292 {
1293     switch (code) {
1294     case TARGET_RLIMIT_AS:
1295         return RLIMIT_AS;
1296     case TARGET_RLIMIT_CORE:
1297         return RLIMIT_CORE;
1298     case TARGET_RLIMIT_CPU:
1299         return RLIMIT_CPU;
1300     case TARGET_RLIMIT_DATA:
1301         return RLIMIT_DATA;
1302     case TARGET_RLIMIT_FSIZE:
1303         return RLIMIT_FSIZE;
1304     case TARGET_RLIMIT_LOCKS:
1305         return RLIMIT_LOCKS;
1306     case TARGET_RLIMIT_MEMLOCK:
1307         return RLIMIT_MEMLOCK;
1308     case TARGET_RLIMIT_MSGQUEUE:
1309         return RLIMIT_MSGQUEUE;
1310     case TARGET_RLIMIT_NICE:
1311         return RLIMIT_NICE;
1312     case TARGET_RLIMIT_NOFILE:
1313         return RLIMIT_NOFILE;
1314     case TARGET_RLIMIT_NPROC:
1315         return RLIMIT_NPROC;
1316     case TARGET_RLIMIT_RSS:
1317         return RLIMIT_RSS;
1318     case TARGET_RLIMIT_RTPRIO:
1319         return RLIMIT_RTPRIO;
1320     case TARGET_RLIMIT_SIGPENDING:
1321         return RLIMIT_SIGPENDING;
1322     case TARGET_RLIMIT_STACK:
1323         return RLIMIT_STACK;
1324     default:
1325         return code;
1326     }
1327 }
1328 
1329 static inline abi_long copy_from_user_timeval(struct timeval *tv,
1330                                               abi_ulong target_tv_addr)
1331 {
1332     struct target_timeval *target_tv;
1333 
1334     if (!lock_user_struct(VERIFY_READ, target_tv, target_tv_addr, 1))
1335         return -TARGET_EFAULT;
1336 
1337     __get_user(tv->tv_sec, &target_tv->tv_sec);
1338     __get_user(tv->tv_usec, &target_tv->tv_usec);
1339 
1340     unlock_user_struct(target_tv, target_tv_addr, 0);
1341 
1342     return 0;
1343 }
1344 
1345 static inline abi_long copy_to_user_timeval(abi_ulong target_tv_addr,
1346                                             const struct timeval *tv)
1347 {
1348     struct target_timeval *target_tv;
1349 
1350     if (!lock_user_struct(VERIFY_WRITE, target_tv, target_tv_addr, 0))
1351         return -TARGET_EFAULT;
1352 
1353     __put_user(tv->tv_sec, &target_tv->tv_sec);
1354     __put_user(tv->tv_usec, &target_tv->tv_usec);
1355 
1356     unlock_user_struct(target_tv, target_tv_addr, 1);
1357 
1358     return 0;
1359 }
1360 
1361 static inline abi_long copy_from_user_timezone(struct timezone *tz,
1362                                                abi_ulong target_tz_addr)
1363 {
1364     struct target_timezone *target_tz;
1365 
1366     if (!lock_user_struct(VERIFY_READ, target_tz, target_tz_addr, 1)) {
1367         return -TARGET_EFAULT;
1368     }
1369 
1370     __get_user(tz->tz_minuteswest, &target_tz->tz_minuteswest);
1371     __get_user(tz->tz_dsttime, &target_tz->tz_dsttime);
1372 
1373     unlock_user_struct(target_tz, target_tz_addr, 0);
1374 
1375     return 0;
1376 }
1377 
1378 #if defined(TARGET_NR_mq_open) && defined(__NR_mq_open)
1379 #include <mqueue.h>
1380 
1381 static inline abi_long copy_from_user_mq_attr(struct mq_attr *attr,
1382                                               abi_ulong target_mq_attr_addr)
1383 {
1384     struct target_mq_attr *target_mq_attr;
1385 
1386     if (!lock_user_struct(VERIFY_READ, target_mq_attr,
1387                           target_mq_attr_addr, 1))
1388         return -TARGET_EFAULT;
1389 
1390     __get_user(attr->mq_flags, &target_mq_attr->mq_flags);
1391     __get_user(attr->mq_maxmsg, &target_mq_attr->mq_maxmsg);
1392     __get_user(attr->mq_msgsize, &target_mq_attr->mq_msgsize);
1393     __get_user(attr->mq_curmsgs, &target_mq_attr->mq_curmsgs);
1394 
1395     unlock_user_struct(target_mq_attr, target_mq_attr_addr, 0);
1396 
1397     return 0;
1398 }
1399 
1400 static inline abi_long copy_to_user_mq_attr(abi_ulong target_mq_attr_addr,
1401                                             const struct mq_attr *attr)
1402 {
1403     struct target_mq_attr *target_mq_attr;
1404 
1405     if (!lock_user_struct(VERIFY_WRITE, target_mq_attr,
1406                           target_mq_attr_addr, 0))
1407         return -TARGET_EFAULT;
1408 
1409     __put_user(attr->mq_flags, &target_mq_attr->mq_flags);
1410     __put_user(attr->mq_maxmsg, &target_mq_attr->mq_maxmsg);
1411     __put_user(attr->mq_msgsize, &target_mq_attr->mq_msgsize);
1412     __put_user(attr->mq_curmsgs, &target_mq_attr->mq_curmsgs);
1413 
1414     unlock_user_struct(target_mq_attr, target_mq_attr_addr, 1);
1415 
1416     return 0;
1417 }
1418 #endif
1419 
1420 #if defined(TARGET_NR_select) || defined(TARGET_NR__newselect)
1421 /* do_select() must return target values and target errnos. */
1422 static abi_long do_select(int n,
1423                           abi_ulong rfd_addr, abi_ulong wfd_addr,
1424                           abi_ulong efd_addr, abi_ulong target_tv_addr)
1425 {
1426     fd_set rfds, wfds, efds;
1427     fd_set *rfds_ptr, *wfds_ptr, *efds_ptr;
1428     struct timeval tv;
1429     struct timespec ts, *ts_ptr;
1430     abi_long ret;
1431 
1432     ret = copy_from_user_fdset_ptr(&rfds, &rfds_ptr, rfd_addr, n);
1433     if (ret) {
1434         return ret;
1435     }
1436     ret = copy_from_user_fdset_ptr(&wfds, &wfds_ptr, wfd_addr, n);
1437     if (ret) {
1438         return ret;
1439     }
1440     ret = copy_from_user_fdset_ptr(&efds, &efds_ptr, efd_addr, n);
1441     if (ret) {
1442         return ret;
1443     }
1444 
1445     if (target_tv_addr) {
1446         if (copy_from_user_timeval(&tv, target_tv_addr))
1447             return -TARGET_EFAULT;
1448         ts.tv_sec = tv.tv_sec;
1449         ts.tv_nsec = tv.tv_usec * 1000;
1450         ts_ptr = &ts;
1451     } else {
1452         ts_ptr = NULL;
1453     }
1454 
1455     ret = get_errno(safe_pselect6(n, rfds_ptr, wfds_ptr, efds_ptr,
1456                                   ts_ptr, NULL));
1457 
1458     if (!is_error(ret)) {
1459         if (rfd_addr && copy_to_user_fdset(rfd_addr, &rfds, n))
1460             return -TARGET_EFAULT;
1461         if (wfd_addr && copy_to_user_fdset(wfd_addr, &wfds, n))
1462             return -TARGET_EFAULT;
1463         if (efd_addr && copy_to_user_fdset(efd_addr, &efds, n))
1464             return -TARGET_EFAULT;
1465 
1466         if (target_tv_addr) {
1467             tv.tv_sec = ts.tv_sec;
1468             tv.tv_usec = ts.tv_nsec / 1000;
1469             if (copy_to_user_timeval(target_tv_addr, &tv)) {
1470                 return -TARGET_EFAULT;
1471             }
1472         }
1473     }
1474 
1475     return ret;
1476 }
1477 
1478 #if defined(TARGET_WANT_OLD_SYS_SELECT)
1479 static abi_long do_old_select(abi_ulong arg1)
1480 {
1481     struct target_sel_arg_struct *sel;
1482     abi_ulong inp, outp, exp, tvp;
1483     long nsel;
1484 
1485     if (!lock_user_struct(VERIFY_READ, sel, arg1, 1)) {
1486         return -TARGET_EFAULT;
1487     }
1488 
1489     nsel = tswapal(sel->n);
1490     inp = tswapal(sel->inp);
1491     outp = tswapal(sel->outp);
1492     exp = tswapal(sel->exp);
1493     tvp = tswapal(sel->tvp);
1494 
1495     unlock_user_struct(sel, arg1, 0);
1496 
1497     return do_select(nsel, inp, outp, exp, tvp);
1498 }
1499 #endif
1500 #endif
1501 
1502 static abi_long do_pipe2(int host_pipe[], int flags)
1503 {
1504 #ifdef CONFIG_PIPE2
1505     return pipe2(host_pipe, flags);
1506 #else
1507     return -ENOSYS;
1508 #endif
1509 }
1510 
1511 static abi_long do_pipe(void *cpu_env, abi_ulong pipedes,
1512                         int flags, int is_pipe2)
1513 {
1514     int host_pipe[2];
1515     abi_long ret;
1516     ret = flags ? do_pipe2(host_pipe, flags) : pipe(host_pipe);
1517 
1518     if (is_error(ret))
1519         return get_errno(ret);
1520 
1521     /* Several targets have special calling conventions for the original
1522        pipe syscall, but didn't replicate this into the pipe2 syscall.  */
1523     if (!is_pipe2) {
1524 #if defined(TARGET_ALPHA)
1525         ((CPUAlphaState *)cpu_env)->ir[IR_A4] = host_pipe[1];
1526         return host_pipe[0];
1527 #elif defined(TARGET_MIPS)
1528         ((CPUMIPSState*)cpu_env)->active_tc.gpr[3] = host_pipe[1];
1529         return host_pipe[0];
1530 #elif defined(TARGET_SH4)
1531         ((CPUSH4State*)cpu_env)->gregs[1] = host_pipe[1];
1532         return host_pipe[0];
1533 #elif defined(TARGET_SPARC)
1534         ((CPUSPARCState*)cpu_env)->regwptr[1] = host_pipe[1];
1535         return host_pipe[0];
1536 #endif
1537     }
1538 
1539     if (put_user_s32(host_pipe[0], pipedes)
1540         || put_user_s32(host_pipe[1], pipedes + sizeof(host_pipe[0])))
1541         return -TARGET_EFAULT;
1542     return get_errno(ret);
1543 }
1544 
1545 static inline abi_long target_to_host_ip_mreq(struct ip_mreqn *mreqn,
1546                                               abi_ulong target_addr,
1547                                               socklen_t len)
1548 {
1549     struct target_ip_mreqn *target_smreqn;
1550 
1551     target_smreqn = lock_user(VERIFY_READ, target_addr, len, 1);
1552     if (!target_smreqn)
1553         return -TARGET_EFAULT;
1554     mreqn->imr_multiaddr.s_addr = target_smreqn->imr_multiaddr.s_addr;
1555     mreqn->imr_address.s_addr = target_smreqn->imr_address.s_addr;
1556     if (len == sizeof(struct target_ip_mreqn))
1557         mreqn->imr_ifindex = tswapal(target_smreqn->imr_ifindex);
1558     unlock_user(target_smreqn, target_addr, 0);
1559 
1560     return 0;
1561 }
1562 
1563 static inline abi_long target_to_host_sockaddr(int fd, struct sockaddr *addr,
1564                                                abi_ulong target_addr,
1565                                                socklen_t len)
1566 {
1567     const socklen_t unix_maxlen = sizeof (struct sockaddr_un);
1568     sa_family_t sa_family;
1569     struct target_sockaddr *target_saddr;
1570 
1571     if (fd_trans_target_to_host_addr(fd)) {
1572         return fd_trans_target_to_host_addr(fd)(addr, target_addr, len);
1573     }
1574 
1575     target_saddr = lock_user(VERIFY_READ, target_addr, len, 1);
1576     if (!target_saddr)
1577         return -TARGET_EFAULT;
1578 
1579     sa_family = tswap16(target_saddr->sa_family);
1580 
1581     /* Oops. The caller might send a incomplete sun_path; sun_path
1582      * must be terminated by \0 (see the manual page), but
1583      * unfortunately it is quite common to specify sockaddr_un
1584      * length as "strlen(x->sun_path)" while it should be
1585      * "strlen(...) + 1". We'll fix that here if needed.
1586      * Linux kernel has a similar feature.
1587      */
1588 
1589     if (sa_family == AF_UNIX) {
1590         if (len < unix_maxlen && len > 0) {
1591             char *cp = (char*)target_saddr;
1592 
1593             if ( cp[len-1] && !cp[len] )
1594                 len++;
1595         }
1596         if (len > unix_maxlen)
1597             len = unix_maxlen;
1598     }
1599 
1600     memcpy(addr, target_saddr, len);
1601     addr->sa_family = sa_family;
1602     if (sa_family == AF_NETLINK) {
1603         struct sockaddr_nl *nladdr;
1604 
1605         nladdr = (struct sockaddr_nl *)addr;
1606         nladdr->nl_pid = tswap32(nladdr->nl_pid);
1607         nladdr->nl_groups = tswap32(nladdr->nl_groups);
1608     } else if (sa_family == AF_PACKET) {
1609 	struct target_sockaddr_ll *lladdr;
1610 
1611 	lladdr = (struct target_sockaddr_ll *)addr;
1612 	lladdr->sll_ifindex = tswap32(lladdr->sll_ifindex);
1613 	lladdr->sll_hatype = tswap16(lladdr->sll_hatype);
1614     }
1615     unlock_user(target_saddr, target_addr, 0);
1616 
1617     return 0;
1618 }
1619 
1620 static inline abi_long host_to_target_sockaddr(abi_ulong target_addr,
1621                                                struct sockaddr *addr,
1622                                                socklen_t len)
1623 {
1624     struct target_sockaddr *target_saddr;
1625 
1626     if (len == 0) {
1627         return 0;
1628     }
1629     assert(addr);
1630 
1631     target_saddr = lock_user(VERIFY_WRITE, target_addr, len, 0);
1632     if (!target_saddr)
1633         return -TARGET_EFAULT;
1634     memcpy(target_saddr, addr, len);
1635     if (len >= offsetof(struct target_sockaddr, sa_family) +
1636         sizeof(target_saddr->sa_family)) {
1637         target_saddr->sa_family = tswap16(addr->sa_family);
1638     }
1639     if (addr->sa_family == AF_NETLINK && len >= sizeof(struct sockaddr_nl)) {
1640         struct sockaddr_nl *target_nl = (struct sockaddr_nl *)target_saddr;
1641         target_nl->nl_pid = tswap32(target_nl->nl_pid);
1642         target_nl->nl_groups = tswap32(target_nl->nl_groups);
1643     } else if (addr->sa_family == AF_PACKET) {
1644         struct sockaddr_ll *target_ll = (struct sockaddr_ll *)target_saddr;
1645         target_ll->sll_ifindex = tswap32(target_ll->sll_ifindex);
1646         target_ll->sll_hatype = tswap16(target_ll->sll_hatype);
1647     } else if (addr->sa_family == AF_INET6 &&
1648                len >= sizeof(struct target_sockaddr_in6)) {
1649         struct target_sockaddr_in6 *target_in6 =
1650                (struct target_sockaddr_in6 *)target_saddr;
1651         target_in6->sin6_scope_id = tswap16(target_in6->sin6_scope_id);
1652     }
1653     unlock_user(target_saddr, target_addr, len);
1654 
1655     return 0;
1656 }
1657 
1658 static inline abi_long target_to_host_cmsg(struct msghdr *msgh,
1659                                            struct target_msghdr *target_msgh)
1660 {
1661     struct cmsghdr *cmsg = CMSG_FIRSTHDR(msgh);
1662     abi_long msg_controllen;
1663     abi_ulong target_cmsg_addr;
1664     struct target_cmsghdr *target_cmsg, *target_cmsg_start;
1665     socklen_t space = 0;
1666 
1667     msg_controllen = tswapal(target_msgh->msg_controllen);
1668     if (msg_controllen < sizeof (struct target_cmsghdr))
1669         goto the_end;
1670     target_cmsg_addr = tswapal(target_msgh->msg_control);
1671     target_cmsg = lock_user(VERIFY_READ, target_cmsg_addr, msg_controllen, 1);
1672     target_cmsg_start = target_cmsg;
1673     if (!target_cmsg)
1674         return -TARGET_EFAULT;
1675 
1676     while (cmsg && target_cmsg) {
1677         void *data = CMSG_DATA(cmsg);
1678         void *target_data = TARGET_CMSG_DATA(target_cmsg);
1679 
1680         int len = tswapal(target_cmsg->cmsg_len)
1681                   - TARGET_CMSG_ALIGN(sizeof (struct target_cmsghdr));
1682 
1683         space += CMSG_SPACE(len);
1684         if (space > msgh->msg_controllen) {
1685             space -= CMSG_SPACE(len);
1686             /* This is a QEMU bug, since we allocated the payload
1687              * area ourselves (unlike overflow in host-to-target
1688              * conversion, which is just the guest giving us a buffer
1689              * that's too small). It can't happen for the payload types
1690              * we currently support; if it becomes an issue in future
1691              * we would need to improve our allocation strategy to
1692              * something more intelligent than "twice the size of the
1693              * target buffer we're reading from".
1694              */
1695             gemu_log("Host cmsg overflow\n");
1696             break;
1697         }
1698 
1699         if (tswap32(target_cmsg->cmsg_level) == TARGET_SOL_SOCKET) {
1700             cmsg->cmsg_level = SOL_SOCKET;
1701         } else {
1702             cmsg->cmsg_level = tswap32(target_cmsg->cmsg_level);
1703         }
1704         cmsg->cmsg_type = tswap32(target_cmsg->cmsg_type);
1705         cmsg->cmsg_len = CMSG_LEN(len);
1706 
1707         if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {
1708             int *fd = (int *)data;
1709             int *target_fd = (int *)target_data;
1710             int i, numfds = len / sizeof(int);
1711 
1712             for (i = 0; i < numfds; i++) {
1713                 __get_user(fd[i], target_fd + i);
1714             }
1715         } else if (cmsg->cmsg_level == SOL_SOCKET
1716                &&  cmsg->cmsg_type == SCM_CREDENTIALS) {
1717             struct ucred *cred = (struct ucred *)data;
1718             struct target_ucred *target_cred =
1719                 (struct target_ucred *)target_data;
1720 
1721             __get_user(cred->pid, &target_cred->pid);
1722             __get_user(cred->uid, &target_cred->uid);
1723             __get_user(cred->gid, &target_cred->gid);
1724         } else {
1725             gemu_log("Unsupported ancillary data: %d/%d\n",
1726                                         cmsg->cmsg_level, cmsg->cmsg_type);
1727             memcpy(data, target_data, len);
1728         }
1729 
1730         cmsg = CMSG_NXTHDR(msgh, cmsg);
1731         target_cmsg = TARGET_CMSG_NXTHDR(target_msgh, target_cmsg,
1732                                          target_cmsg_start);
1733     }
1734     unlock_user(target_cmsg, target_cmsg_addr, 0);
1735  the_end:
1736     msgh->msg_controllen = space;
1737     return 0;
1738 }
1739 
1740 static inline abi_long host_to_target_cmsg(struct target_msghdr *target_msgh,
1741                                            struct msghdr *msgh)
1742 {
1743     struct cmsghdr *cmsg = CMSG_FIRSTHDR(msgh);
1744     abi_long msg_controllen;
1745     abi_ulong target_cmsg_addr;
1746     struct target_cmsghdr *target_cmsg, *target_cmsg_start;
1747     socklen_t space = 0;
1748 
1749     msg_controllen = tswapal(target_msgh->msg_controllen);
1750     if (msg_controllen < sizeof (struct target_cmsghdr))
1751         goto the_end;
1752     target_cmsg_addr = tswapal(target_msgh->msg_control);
1753     target_cmsg = lock_user(VERIFY_WRITE, target_cmsg_addr, msg_controllen, 0);
1754     target_cmsg_start = target_cmsg;
1755     if (!target_cmsg)
1756         return -TARGET_EFAULT;
1757 
1758     while (cmsg && target_cmsg) {
1759         void *data = CMSG_DATA(cmsg);
1760         void *target_data = TARGET_CMSG_DATA(target_cmsg);
1761 
1762         int len = cmsg->cmsg_len - CMSG_ALIGN(sizeof (struct cmsghdr));
1763         int tgt_len, tgt_space;
1764 
1765         /* We never copy a half-header but may copy half-data;
1766          * this is Linux's behaviour in put_cmsg(). Note that
1767          * truncation here is a guest problem (which we report
1768          * to the guest via the CTRUNC bit), unlike truncation
1769          * in target_to_host_cmsg, which is a QEMU bug.
1770          */
1771         if (msg_controllen < sizeof(struct cmsghdr)) {
1772             target_msgh->msg_flags |= tswap32(MSG_CTRUNC);
1773             break;
1774         }
1775 
1776         if (cmsg->cmsg_level == SOL_SOCKET) {
1777             target_cmsg->cmsg_level = tswap32(TARGET_SOL_SOCKET);
1778         } else {
1779             target_cmsg->cmsg_level = tswap32(cmsg->cmsg_level);
1780         }
1781         target_cmsg->cmsg_type = tswap32(cmsg->cmsg_type);
1782 
1783         tgt_len = TARGET_CMSG_LEN(len);
1784 
1785         /* Payload types which need a different size of payload on
1786          * the target must adjust tgt_len here.
1787          */
1788         switch (cmsg->cmsg_level) {
1789         case SOL_SOCKET:
1790             switch (cmsg->cmsg_type) {
1791             case SO_TIMESTAMP:
1792                 tgt_len = sizeof(struct target_timeval);
1793                 break;
1794             default:
1795                 break;
1796             }
1797         default:
1798             break;
1799         }
1800 
1801         if (msg_controllen < tgt_len) {
1802             target_msgh->msg_flags |= tswap32(MSG_CTRUNC);
1803             tgt_len = msg_controllen;
1804         }
1805 
1806         /* We must now copy-and-convert len bytes of payload
1807          * into tgt_len bytes of destination space. Bear in mind
1808          * that in both source and destination we may be dealing
1809          * with a truncated value!
1810          */
1811         switch (cmsg->cmsg_level) {
1812         case SOL_SOCKET:
1813             switch (cmsg->cmsg_type) {
1814             case SCM_RIGHTS:
1815             {
1816                 int *fd = (int *)data;
1817                 int *target_fd = (int *)target_data;
1818                 int i, numfds = tgt_len / sizeof(int);
1819 
1820                 for (i = 0; i < numfds; i++) {
1821                     __put_user(fd[i], target_fd + i);
1822                 }
1823                 break;
1824             }
1825             case SO_TIMESTAMP:
1826             {
1827                 struct timeval *tv = (struct timeval *)data;
1828                 struct target_timeval *target_tv =
1829                     (struct target_timeval *)target_data;
1830 
1831                 if (len != sizeof(struct timeval) ||
1832                     tgt_len != sizeof(struct target_timeval)) {
1833                     goto unimplemented;
1834                 }
1835 
1836                 /* copy struct timeval to target */
1837                 __put_user(tv->tv_sec, &target_tv->tv_sec);
1838                 __put_user(tv->tv_usec, &target_tv->tv_usec);
1839                 break;
1840             }
1841             case SCM_CREDENTIALS:
1842             {
1843                 struct ucred *cred = (struct ucred *)data;
1844                 struct target_ucred *target_cred =
1845                     (struct target_ucred *)target_data;
1846 
1847                 __put_user(cred->pid, &target_cred->pid);
1848                 __put_user(cred->uid, &target_cred->uid);
1849                 __put_user(cred->gid, &target_cred->gid);
1850                 break;
1851             }
1852             default:
1853                 goto unimplemented;
1854             }
1855             break;
1856 
1857         case SOL_IP:
1858             switch (cmsg->cmsg_type) {
1859             case IP_TTL:
1860             {
1861                 uint32_t *v = (uint32_t *)data;
1862                 uint32_t *t_int = (uint32_t *)target_data;
1863 
1864                 __put_user(*v, t_int);
1865                 break;
1866             }
1867             case IP_RECVERR:
1868             {
1869                 struct errhdr_t {
1870                    struct sock_extended_err ee;
1871                    struct sockaddr_in offender;
1872                 };
1873                 struct errhdr_t *errh = (struct errhdr_t *)data;
1874                 struct errhdr_t *target_errh =
1875                     (struct errhdr_t *)target_data;
1876 
1877                 __put_user(errh->ee.ee_errno, &target_errh->ee.ee_errno);
1878                 __put_user(errh->ee.ee_origin, &target_errh->ee.ee_origin);
1879                 __put_user(errh->ee.ee_type,  &target_errh->ee.ee_type);
1880                 __put_user(errh->ee.ee_code, &target_errh->ee.ee_code);
1881                 __put_user(errh->ee.ee_pad, &target_errh->ee.ee_pad);
1882                 __put_user(errh->ee.ee_info, &target_errh->ee.ee_info);
1883                 __put_user(errh->ee.ee_data, &target_errh->ee.ee_data);
1884                 host_to_target_sockaddr((unsigned long) &target_errh->offender,
1885                     (void *) &errh->offender, sizeof(errh->offender));
1886                 break;
1887             }
1888             default:
1889                 goto unimplemented;
1890             }
1891             break;
1892 
1893         case SOL_IPV6:
1894             switch (cmsg->cmsg_type) {
1895             case IPV6_HOPLIMIT:
1896             {
1897                 uint32_t *v = (uint32_t *)data;
1898                 uint32_t *t_int = (uint32_t *)target_data;
1899 
1900                 __put_user(*v, t_int);
1901                 break;
1902             }
1903             case IPV6_RECVERR:
1904             {
1905                 struct errhdr6_t {
1906                    struct sock_extended_err ee;
1907                    struct sockaddr_in6 offender;
1908                 };
1909                 struct errhdr6_t *errh = (struct errhdr6_t *)data;
1910                 struct errhdr6_t *target_errh =
1911                     (struct errhdr6_t *)target_data;
1912 
1913                 __put_user(errh->ee.ee_errno, &target_errh->ee.ee_errno);
1914                 __put_user(errh->ee.ee_origin, &target_errh->ee.ee_origin);
1915                 __put_user(errh->ee.ee_type,  &target_errh->ee.ee_type);
1916                 __put_user(errh->ee.ee_code, &target_errh->ee.ee_code);
1917                 __put_user(errh->ee.ee_pad, &target_errh->ee.ee_pad);
1918                 __put_user(errh->ee.ee_info, &target_errh->ee.ee_info);
1919                 __put_user(errh->ee.ee_data, &target_errh->ee.ee_data);
1920                 host_to_target_sockaddr((unsigned long) &target_errh->offender,
1921                     (void *) &errh->offender, sizeof(errh->offender));
1922                 break;
1923             }
1924             default:
1925                 goto unimplemented;
1926             }
1927             break;
1928 
1929         default:
1930         unimplemented:
1931             gemu_log("Unsupported ancillary data: %d/%d\n",
1932                                         cmsg->cmsg_level, cmsg->cmsg_type);
1933             memcpy(target_data, data, MIN(len, tgt_len));
1934             if (tgt_len > len) {
1935                 memset(target_data + len, 0, tgt_len - len);
1936             }
1937         }
1938 
1939         target_cmsg->cmsg_len = tswapal(tgt_len);
1940         tgt_space = TARGET_CMSG_SPACE(len);
1941         if (msg_controllen < tgt_space) {
1942             tgt_space = msg_controllen;
1943         }
1944         msg_controllen -= tgt_space;
1945         space += tgt_space;
1946         cmsg = CMSG_NXTHDR(msgh, cmsg);
1947         target_cmsg = TARGET_CMSG_NXTHDR(target_msgh, target_cmsg,
1948                                          target_cmsg_start);
1949     }
1950     unlock_user(target_cmsg, target_cmsg_addr, space);
1951  the_end:
1952     target_msgh->msg_controllen = tswapal(space);
1953     return 0;
1954 }
1955 
1956 static void tswap_nlmsghdr(struct nlmsghdr *nlh)
1957 {
1958     nlh->nlmsg_len = tswap32(nlh->nlmsg_len);
1959     nlh->nlmsg_type = tswap16(nlh->nlmsg_type);
1960     nlh->nlmsg_flags = tswap16(nlh->nlmsg_flags);
1961     nlh->nlmsg_seq = tswap32(nlh->nlmsg_seq);
1962     nlh->nlmsg_pid = tswap32(nlh->nlmsg_pid);
1963 }
1964 
1965 static abi_long host_to_target_for_each_nlmsg(struct nlmsghdr *nlh,
1966                                               size_t len,
1967                                               abi_long (*host_to_target_nlmsg)
1968                                                        (struct nlmsghdr *))
1969 {
1970     uint32_t nlmsg_len;
1971     abi_long ret;
1972 
1973     while (len > sizeof(struct nlmsghdr)) {
1974 
1975         nlmsg_len = nlh->nlmsg_len;
1976         if (nlmsg_len < sizeof(struct nlmsghdr) ||
1977             nlmsg_len > len) {
1978             break;
1979         }
1980 
1981         switch (nlh->nlmsg_type) {
1982         case NLMSG_DONE:
1983             tswap_nlmsghdr(nlh);
1984             return 0;
1985         case NLMSG_NOOP:
1986             break;
1987         case NLMSG_ERROR:
1988         {
1989             struct nlmsgerr *e = NLMSG_DATA(nlh);
1990             e->error = tswap32(e->error);
1991             tswap_nlmsghdr(&e->msg);
1992             tswap_nlmsghdr(nlh);
1993             return 0;
1994         }
1995         default:
1996             ret = host_to_target_nlmsg(nlh);
1997             if (ret < 0) {
1998                 tswap_nlmsghdr(nlh);
1999                 return ret;
2000             }
2001             break;
2002         }
2003         tswap_nlmsghdr(nlh);
2004         len -= NLMSG_ALIGN(nlmsg_len);
2005         nlh = (struct nlmsghdr *)(((char*)nlh) + NLMSG_ALIGN(nlmsg_len));
2006     }
2007     return 0;
2008 }
2009 
2010 static abi_long target_to_host_for_each_nlmsg(struct nlmsghdr *nlh,
2011                                               size_t len,
2012                                               abi_long (*target_to_host_nlmsg)
2013                                                        (struct nlmsghdr *))
2014 {
2015     int ret;
2016 
2017     while (len > sizeof(struct nlmsghdr)) {
2018         if (tswap32(nlh->nlmsg_len) < sizeof(struct nlmsghdr) ||
2019             tswap32(nlh->nlmsg_len) > len) {
2020             break;
2021         }
2022         tswap_nlmsghdr(nlh);
2023         switch (nlh->nlmsg_type) {
2024         case NLMSG_DONE:
2025             return 0;
2026         case NLMSG_NOOP:
2027             break;
2028         case NLMSG_ERROR:
2029         {
2030             struct nlmsgerr *e = NLMSG_DATA(nlh);
2031             e->error = tswap32(e->error);
2032             tswap_nlmsghdr(&e->msg);
2033             return 0;
2034         }
2035         default:
2036             ret = target_to_host_nlmsg(nlh);
2037             if (ret < 0) {
2038                 return ret;
2039             }
2040         }
2041         len -= NLMSG_ALIGN(nlh->nlmsg_len);
2042         nlh = (struct nlmsghdr *)(((char *)nlh) + NLMSG_ALIGN(nlh->nlmsg_len));
2043     }
2044     return 0;
2045 }
2046 
2047 #ifdef CONFIG_RTNETLINK
2048 static abi_long host_to_target_for_each_nlattr(struct nlattr *nlattr,
2049                                                size_t len, void *context,
2050                                                abi_long (*host_to_target_nlattr)
2051                                                         (struct nlattr *,
2052                                                          void *context))
2053 {
2054     unsigned short nla_len;
2055     abi_long ret;
2056 
2057     while (len > sizeof(struct nlattr)) {
2058         nla_len = nlattr->nla_len;
2059         if (nla_len < sizeof(struct nlattr) ||
2060             nla_len > len) {
2061             break;
2062         }
2063         ret = host_to_target_nlattr(nlattr, context);
2064         nlattr->nla_len = tswap16(nlattr->nla_len);
2065         nlattr->nla_type = tswap16(nlattr->nla_type);
2066         if (ret < 0) {
2067             return ret;
2068         }
2069         len -= NLA_ALIGN(nla_len);
2070         nlattr = (struct nlattr *)(((char *)nlattr) + NLA_ALIGN(nla_len));
2071     }
2072     return 0;
2073 }
2074 
2075 static abi_long host_to_target_for_each_rtattr(struct rtattr *rtattr,
2076                                                size_t len,
2077                                                abi_long (*host_to_target_rtattr)
2078                                                         (struct rtattr *))
2079 {
2080     unsigned short rta_len;
2081     abi_long ret;
2082 
2083     while (len > sizeof(struct rtattr)) {
2084         rta_len = rtattr->rta_len;
2085         if (rta_len < sizeof(struct rtattr) ||
2086             rta_len > len) {
2087             break;
2088         }
2089         ret = host_to_target_rtattr(rtattr);
2090         rtattr->rta_len = tswap16(rtattr->rta_len);
2091         rtattr->rta_type = tswap16(rtattr->rta_type);
2092         if (ret < 0) {
2093             return ret;
2094         }
2095         len -= RTA_ALIGN(rta_len);
2096         rtattr = (struct rtattr *)(((char *)rtattr) + RTA_ALIGN(rta_len));
2097     }
2098     return 0;
2099 }
2100 
2101 #define NLA_DATA(nla) ((void *)((char *)(nla)) + NLA_HDRLEN)
2102 
2103 static abi_long host_to_target_data_bridge_nlattr(struct nlattr *nlattr,
2104                                                   void *context)
2105 {
2106     uint16_t *u16;
2107     uint32_t *u32;
2108     uint64_t *u64;
2109 
2110     switch (nlattr->nla_type) {
2111     /* no data */
2112     case QEMU_IFLA_BR_FDB_FLUSH:
2113         break;
2114     /* binary */
2115     case QEMU_IFLA_BR_GROUP_ADDR:
2116         break;
2117     /* uint8_t */
2118     case QEMU_IFLA_BR_VLAN_FILTERING:
2119     case QEMU_IFLA_BR_TOPOLOGY_CHANGE:
2120     case QEMU_IFLA_BR_TOPOLOGY_CHANGE_DETECTED:
2121     case QEMU_IFLA_BR_MCAST_ROUTER:
2122     case QEMU_IFLA_BR_MCAST_SNOOPING:
2123     case QEMU_IFLA_BR_MCAST_QUERY_USE_IFADDR:
2124     case QEMU_IFLA_BR_MCAST_QUERIER:
2125     case QEMU_IFLA_BR_NF_CALL_IPTABLES:
2126     case QEMU_IFLA_BR_NF_CALL_IP6TABLES:
2127     case QEMU_IFLA_BR_NF_CALL_ARPTABLES:
2128         break;
2129     /* uint16_t */
2130     case QEMU_IFLA_BR_PRIORITY:
2131     case QEMU_IFLA_BR_VLAN_PROTOCOL:
2132     case QEMU_IFLA_BR_GROUP_FWD_MASK:
2133     case QEMU_IFLA_BR_ROOT_PORT:
2134     case QEMU_IFLA_BR_VLAN_DEFAULT_PVID:
2135         u16 = NLA_DATA(nlattr);
2136         *u16 = tswap16(*u16);
2137         break;
2138     /* uint32_t */
2139     case QEMU_IFLA_BR_FORWARD_DELAY:
2140     case QEMU_IFLA_BR_HELLO_TIME:
2141     case QEMU_IFLA_BR_MAX_AGE:
2142     case QEMU_IFLA_BR_AGEING_TIME:
2143     case QEMU_IFLA_BR_STP_STATE:
2144     case QEMU_IFLA_BR_ROOT_PATH_COST:
2145     case QEMU_IFLA_BR_MCAST_HASH_ELASTICITY:
2146     case QEMU_IFLA_BR_MCAST_HASH_MAX:
2147     case QEMU_IFLA_BR_MCAST_LAST_MEMBER_CNT:
2148     case QEMU_IFLA_BR_MCAST_STARTUP_QUERY_CNT:
2149         u32 = NLA_DATA(nlattr);
2150         *u32 = tswap32(*u32);
2151         break;
2152     /* uint64_t */
2153     case QEMU_IFLA_BR_HELLO_TIMER:
2154     case QEMU_IFLA_BR_TCN_TIMER:
2155     case QEMU_IFLA_BR_GC_TIMER:
2156     case QEMU_IFLA_BR_TOPOLOGY_CHANGE_TIMER:
2157     case QEMU_IFLA_BR_MCAST_LAST_MEMBER_INTVL:
2158     case QEMU_IFLA_BR_MCAST_MEMBERSHIP_INTVL:
2159     case QEMU_IFLA_BR_MCAST_QUERIER_INTVL:
2160     case QEMU_IFLA_BR_MCAST_QUERY_INTVL:
2161     case QEMU_IFLA_BR_MCAST_QUERY_RESPONSE_INTVL:
2162     case QEMU_IFLA_BR_MCAST_STARTUP_QUERY_INTVL:
2163         u64 = NLA_DATA(nlattr);
2164         *u64 = tswap64(*u64);
2165         break;
2166     /* ifla_bridge_id: uin8_t[] */
2167     case QEMU_IFLA_BR_ROOT_ID:
2168     case QEMU_IFLA_BR_BRIDGE_ID:
2169         break;
2170     default:
2171         gemu_log("Unknown QEMU_IFLA_BR type %d\n", nlattr->nla_type);
2172         break;
2173     }
2174     return 0;
2175 }
2176 
2177 static abi_long host_to_target_slave_data_bridge_nlattr(struct nlattr *nlattr,
2178                                                         void *context)
2179 {
2180     uint16_t *u16;
2181     uint32_t *u32;
2182     uint64_t *u64;
2183 
2184     switch (nlattr->nla_type) {
2185     /* uint8_t */
2186     case QEMU_IFLA_BRPORT_STATE:
2187     case QEMU_IFLA_BRPORT_MODE:
2188     case QEMU_IFLA_BRPORT_GUARD:
2189     case QEMU_IFLA_BRPORT_PROTECT:
2190     case QEMU_IFLA_BRPORT_FAST_LEAVE:
2191     case QEMU_IFLA_BRPORT_LEARNING:
2192     case QEMU_IFLA_BRPORT_UNICAST_FLOOD:
2193     case QEMU_IFLA_BRPORT_PROXYARP:
2194     case QEMU_IFLA_BRPORT_LEARNING_SYNC:
2195     case QEMU_IFLA_BRPORT_PROXYARP_WIFI:
2196     case QEMU_IFLA_BRPORT_TOPOLOGY_CHANGE_ACK:
2197     case QEMU_IFLA_BRPORT_CONFIG_PENDING:
2198     case QEMU_IFLA_BRPORT_MULTICAST_ROUTER:
2199         break;
2200     /* uint16_t */
2201     case QEMU_IFLA_BRPORT_PRIORITY:
2202     case QEMU_IFLA_BRPORT_DESIGNATED_PORT:
2203     case QEMU_IFLA_BRPORT_DESIGNATED_COST:
2204     case QEMU_IFLA_BRPORT_ID:
2205     case QEMU_IFLA_BRPORT_NO:
2206         u16 = NLA_DATA(nlattr);
2207         *u16 = tswap16(*u16);
2208         break;
2209     /* uin32_t */
2210     case QEMU_IFLA_BRPORT_COST:
2211         u32 = NLA_DATA(nlattr);
2212         *u32 = tswap32(*u32);
2213         break;
2214     /* uint64_t */
2215     case QEMU_IFLA_BRPORT_MESSAGE_AGE_TIMER:
2216     case QEMU_IFLA_BRPORT_FORWARD_DELAY_TIMER:
2217     case QEMU_IFLA_BRPORT_HOLD_TIMER:
2218         u64 = NLA_DATA(nlattr);
2219         *u64 = tswap64(*u64);
2220         break;
2221     /* ifla_bridge_id: uint8_t[] */
2222     case QEMU_IFLA_BRPORT_ROOT_ID:
2223     case QEMU_IFLA_BRPORT_BRIDGE_ID:
2224         break;
2225     default:
2226         gemu_log("Unknown QEMU_IFLA_BRPORT type %d\n", nlattr->nla_type);
2227         break;
2228     }
2229     return 0;
2230 }
2231 
2232 struct linkinfo_context {
2233     int len;
2234     char *name;
2235     int slave_len;
2236     char *slave_name;
2237 };
2238 
2239 static abi_long host_to_target_data_linkinfo_nlattr(struct nlattr *nlattr,
2240                                                     void *context)
2241 {
2242     struct linkinfo_context *li_context = context;
2243 
2244     switch (nlattr->nla_type) {
2245     /* string */
2246     case QEMU_IFLA_INFO_KIND:
2247         li_context->name = NLA_DATA(nlattr);
2248         li_context->len = nlattr->nla_len - NLA_HDRLEN;
2249         break;
2250     case QEMU_IFLA_INFO_SLAVE_KIND:
2251         li_context->slave_name = NLA_DATA(nlattr);
2252         li_context->slave_len = nlattr->nla_len - NLA_HDRLEN;
2253         break;
2254     /* stats */
2255     case QEMU_IFLA_INFO_XSTATS:
2256         /* FIXME: only used by CAN */
2257         break;
2258     /* nested */
2259     case QEMU_IFLA_INFO_DATA:
2260         if (strncmp(li_context->name, "bridge",
2261                     li_context->len) == 0) {
2262             return host_to_target_for_each_nlattr(NLA_DATA(nlattr),
2263                                                   nlattr->nla_len,
2264                                                   NULL,
2265                                              host_to_target_data_bridge_nlattr);
2266         } else {
2267             gemu_log("Unknown QEMU_IFLA_INFO_KIND %s\n", li_context->name);
2268         }
2269         break;
2270     case QEMU_IFLA_INFO_SLAVE_DATA:
2271         if (strncmp(li_context->slave_name, "bridge",
2272                     li_context->slave_len) == 0) {
2273             return host_to_target_for_each_nlattr(NLA_DATA(nlattr),
2274                                                   nlattr->nla_len,
2275                                                   NULL,
2276                                        host_to_target_slave_data_bridge_nlattr);
2277         } else {
2278             gemu_log("Unknown QEMU_IFLA_INFO_SLAVE_KIND %s\n",
2279                      li_context->slave_name);
2280         }
2281         break;
2282     default:
2283         gemu_log("Unknown host QEMU_IFLA_INFO type: %d\n", nlattr->nla_type);
2284         break;
2285     }
2286 
2287     return 0;
2288 }
2289 
2290 static abi_long host_to_target_data_inet_nlattr(struct nlattr *nlattr,
2291                                                 void *context)
2292 {
2293     uint32_t *u32;
2294     int i;
2295 
2296     switch (nlattr->nla_type) {
2297     case QEMU_IFLA_INET_CONF:
2298         u32 = NLA_DATA(nlattr);
2299         for (i = 0; i < (nlattr->nla_len - NLA_HDRLEN) / sizeof(*u32);
2300              i++) {
2301             u32[i] = tswap32(u32[i]);
2302         }
2303         break;
2304     default:
2305         gemu_log("Unknown host AF_INET type: %d\n", nlattr->nla_type);
2306     }
2307     return 0;
2308 }
2309 
2310 static abi_long host_to_target_data_inet6_nlattr(struct nlattr *nlattr,
2311                                                 void *context)
2312 {
2313     uint32_t *u32;
2314     uint64_t *u64;
2315     struct ifla_cacheinfo *ci;
2316     int i;
2317 
2318     switch (nlattr->nla_type) {
2319     /* binaries */
2320     case QEMU_IFLA_INET6_TOKEN:
2321         break;
2322     /* uint8_t */
2323     case QEMU_IFLA_INET6_ADDR_GEN_MODE:
2324         break;
2325     /* uint32_t */
2326     case QEMU_IFLA_INET6_FLAGS:
2327         u32 = NLA_DATA(nlattr);
2328         *u32 = tswap32(*u32);
2329         break;
2330     /* uint32_t[] */
2331     case QEMU_IFLA_INET6_CONF:
2332         u32 = NLA_DATA(nlattr);
2333         for (i = 0; i < (nlattr->nla_len - NLA_HDRLEN) / sizeof(*u32);
2334              i++) {
2335             u32[i] = tswap32(u32[i]);
2336         }
2337         break;
2338     /* ifla_cacheinfo */
2339     case QEMU_IFLA_INET6_CACHEINFO:
2340         ci = NLA_DATA(nlattr);
2341         ci->max_reasm_len = tswap32(ci->max_reasm_len);
2342         ci->tstamp = tswap32(ci->tstamp);
2343         ci->reachable_time = tswap32(ci->reachable_time);
2344         ci->retrans_time = tswap32(ci->retrans_time);
2345         break;
2346     /* uint64_t[] */
2347     case QEMU_IFLA_INET6_STATS:
2348     case QEMU_IFLA_INET6_ICMP6STATS:
2349         u64 = NLA_DATA(nlattr);
2350         for (i = 0; i < (nlattr->nla_len - NLA_HDRLEN) / sizeof(*u64);
2351              i++) {
2352             u64[i] = tswap64(u64[i]);
2353         }
2354         break;
2355     default:
2356         gemu_log("Unknown host AF_INET6 type: %d\n", nlattr->nla_type);
2357     }
2358     return 0;
2359 }
2360 
2361 static abi_long host_to_target_data_spec_nlattr(struct nlattr *nlattr,
2362                                                     void *context)
2363 {
2364     switch (nlattr->nla_type) {
2365     case AF_INET:
2366         return host_to_target_for_each_nlattr(NLA_DATA(nlattr), nlattr->nla_len,
2367                                               NULL,
2368                                              host_to_target_data_inet_nlattr);
2369     case AF_INET6:
2370         return host_to_target_for_each_nlattr(NLA_DATA(nlattr), nlattr->nla_len,
2371                                               NULL,
2372                                              host_to_target_data_inet6_nlattr);
2373     default:
2374         gemu_log("Unknown host AF_SPEC type: %d\n", nlattr->nla_type);
2375         break;
2376     }
2377     return 0;
2378 }
2379 
2380 static abi_long host_to_target_data_link_rtattr(struct rtattr *rtattr)
2381 {
2382     uint32_t *u32;
2383     struct rtnl_link_stats *st;
2384     struct rtnl_link_stats64 *st64;
2385     struct rtnl_link_ifmap *map;
2386     struct linkinfo_context li_context;
2387 
2388     switch (rtattr->rta_type) {
2389     /* binary stream */
2390     case QEMU_IFLA_ADDRESS:
2391     case QEMU_IFLA_BROADCAST:
2392     /* string */
2393     case QEMU_IFLA_IFNAME:
2394     case QEMU_IFLA_QDISC:
2395         break;
2396     /* uin8_t */
2397     case QEMU_IFLA_OPERSTATE:
2398     case QEMU_IFLA_LINKMODE:
2399     case QEMU_IFLA_CARRIER:
2400     case QEMU_IFLA_PROTO_DOWN:
2401         break;
2402     /* uint32_t */
2403     case QEMU_IFLA_MTU:
2404     case QEMU_IFLA_LINK:
2405     case QEMU_IFLA_WEIGHT:
2406     case QEMU_IFLA_TXQLEN:
2407     case QEMU_IFLA_CARRIER_CHANGES:
2408     case QEMU_IFLA_NUM_RX_QUEUES:
2409     case QEMU_IFLA_NUM_TX_QUEUES:
2410     case QEMU_IFLA_PROMISCUITY:
2411     case QEMU_IFLA_EXT_MASK:
2412     case QEMU_IFLA_LINK_NETNSID:
2413     case QEMU_IFLA_GROUP:
2414     case QEMU_IFLA_MASTER:
2415     case QEMU_IFLA_NUM_VF:
2416     case QEMU_IFLA_GSO_MAX_SEGS:
2417     case QEMU_IFLA_GSO_MAX_SIZE:
2418         u32 = RTA_DATA(rtattr);
2419         *u32 = tswap32(*u32);
2420         break;
2421     /* struct rtnl_link_stats */
2422     case QEMU_IFLA_STATS:
2423         st = RTA_DATA(rtattr);
2424         st->rx_packets = tswap32(st->rx_packets);
2425         st->tx_packets = tswap32(st->tx_packets);
2426         st->rx_bytes = tswap32(st->rx_bytes);
2427         st->tx_bytes = tswap32(st->tx_bytes);
2428         st->rx_errors = tswap32(st->rx_errors);
2429         st->tx_errors = tswap32(st->tx_errors);
2430         st->rx_dropped = tswap32(st->rx_dropped);
2431         st->tx_dropped = tswap32(st->tx_dropped);
2432         st->multicast = tswap32(st->multicast);
2433         st->collisions = tswap32(st->collisions);
2434 
2435         /* detailed rx_errors: */
2436         st->rx_length_errors = tswap32(st->rx_length_errors);
2437         st->rx_over_errors = tswap32(st->rx_over_errors);
2438         st->rx_crc_errors = tswap32(st->rx_crc_errors);
2439         st->rx_frame_errors = tswap32(st->rx_frame_errors);
2440         st->rx_fifo_errors = tswap32(st->rx_fifo_errors);
2441         st->rx_missed_errors = tswap32(st->rx_missed_errors);
2442 
2443         /* detailed tx_errors */
2444         st->tx_aborted_errors = tswap32(st->tx_aborted_errors);
2445         st->tx_carrier_errors = tswap32(st->tx_carrier_errors);
2446         st->tx_fifo_errors = tswap32(st->tx_fifo_errors);
2447         st->tx_heartbeat_errors = tswap32(st->tx_heartbeat_errors);
2448         st->tx_window_errors = tswap32(st->tx_window_errors);
2449 
2450         /* for cslip etc */
2451         st->rx_compressed = tswap32(st->rx_compressed);
2452         st->tx_compressed = tswap32(st->tx_compressed);
2453         break;
2454     /* struct rtnl_link_stats64 */
2455     case QEMU_IFLA_STATS64:
2456         st64 = RTA_DATA(rtattr);
2457         st64->rx_packets = tswap64(st64->rx_packets);
2458         st64->tx_packets = tswap64(st64->tx_packets);
2459         st64->rx_bytes = tswap64(st64->rx_bytes);
2460         st64->tx_bytes = tswap64(st64->tx_bytes);
2461         st64->rx_errors = tswap64(st64->rx_errors);
2462         st64->tx_errors = tswap64(st64->tx_errors);
2463         st64->rx_dropped = tswap64(st64->rx_dropped);
2464         st64->tx_dropped = tswap64(st64->tx_dropped);
2465         st64->multicast = tswap64(st64->multicast);
2466         st64->collisions = tswap64(st64->collisions);
2467 
2468         /* detailed rx_errors: */
2469         st64->rx_length_errors = tswap64(st64->rx_length_errors);
2470         st64->rx_over_errors = tswap64(st64->rx_over_errors);
2471         st64->rx_crc_errors = tswap64(st64->rx_crc_errors);
2472         st64->rx_frame_errors = tswap64(st64->rx_frame_errors);
2473         st64->rx_fifo_errors = tswap64(st64->rx_fifo_errors);
2474         st64->rx_missed_errors = tswap64(st64->rx_missed_errors);
2475 
2476         /* detailed tx_errors */
2477         st64->tx_aborted_errors = tswap64(st64->tx_aborted_errors);
2478         st64->tx_carrier_errors = tswap64(st64->tx_carrier_errors);
2479         st64->tx_fifo_errors = tswap64(st64->tx_fifo_errors);
2480         st64->tx_heartbeat_errors = tswap64(st64->tx_heartbeat_errors);
2481         st64->tx_window_errors = tswap64(st64->tx_window_errors);
2482 
2483         /* for cslip etc */
2484         st64->rx_compressed = tswap64(st64->rx_compressed);
2485         st64->tx_compressed = tswap64(st64->tx_compressed);
2486         break;
2487     /* struct rtnl_link_ifmap */
2488     case QEMU_IFLA_MAP:
2489         map = RTA_DATA(rtattr);
2490         map->mem_start = tswap64(map->mem_start);
2491         map->mem_end = tswap64(map->mem_end);
2492         map->base_addr = tswap64(map->base_addr);
2493         map->irq = tswap16(map->irq);
2494         break;
2495     /* nested */
2496     case QEMU_IFLA_LINKINFO:
2497         memset(&li_context, 0, sizeof(li_context));
2498         return host_to_target_for_each_nlattr(RTA_DATA(rtattr), rtattr->rta_len,
2499                                               &li_context,
2500                                            host_to_target_data_linkinfo_nlattr);
2501     case QEMU_IFLA_AF_SPEC:
2502         return host_to_target_for_each_nlattr(RTA_DATA(rtattr), rtattr->rta_len,
2503                                               NULL,
2504                                              host_to_target_data_spec_nlattr);
2505     default:
2506         gemu_log("Unknown host QEMU_IFLA type: %d\n", rtattr->rta_type);
2507         break;
2508     }
2509     return 0;
2510 }
2511 
2512 static abi_long host_to_target_data_addr_rtattr(struct rtattr *rtattr)
2513 {
2514     uint32_t *u32;
2515     struct ifa_cacheinfo *ci;
2516 
2517     switch (rtattr->rta_type) {
2518     /* binary: depends on family type */
2519     case IFA_ADDRESS:
2520     case IFA_LOCAL:
2521         break;
2522     /* string */
2523     case IFA_LABEL:
2524         break;
2525     /* u32 */
2526     case IFA_FLAGS:
2527     case IFA_BROADCAST:
2528         u32 = RTA_DATA(rtattr);
2529         *u32 = tswap32(*u32);
2530         break;
2531     /* struct ifa_cacheinfo */
2532     case IFA_CACHEINFO:
2533         ci = RTA_DATA(rtattr);
2534         ci->ifa_prefered = tswap32(ci->ifa_prefered);
2535         ci->ifa_valid = tswap32(ci->ifa_valid);
2536         ci->cstamp = tswap32(ci->cstamp);
2537         ci->tstamp = tswap32(ci->tstamp);
2538         break;
2539     default:
2540         gemu_log("Unknown host IFA type: %d\n", rtattr->rta_type);
2541         break;
2542     }
2543     return 0;
2544 }
2545 
2546 static abi_long host_to_target_data_route_rtattr(struct rtattr *rtattr)
2547 {
2548     uint32_t *u32;
2549     switch (rtattr->rta_type) {
2550     /* binary: depends on family type */
2551     case RTA_GATEWAY:
2552     case RTA_DST:
2553     case RTA_PREFSRC:
2554         break;
2555     /* u32 */
2556     case RTA_PRIORITY:
2557     case RTA_TABLE:
2558     case RTA_OIF:
2559         u32 = RTA_DATA(rtattr);
2560         *u32 = tswap32(*u32);
2561         break;
2562     default:
2563         gemu_log("Unknown host RTA type: %d\n", rtattr->rta_type);
2564         break;
2565     }
2566     return 0;
2567 }
2568 
2569 static abi_long host_to_target_link_rtattr(struct rtattr *rtattr,
2570                                          uint32_t rtattr_len)
2571 {
2572     return host_to_target_for_each_rtattr(rtattr, rtattr_len,
2573                                           host_to_target_data_link_rtattr);
2574 }
2575 
2576 static abi_long host_to_target_addr_rtattr(struct rtattr *rtattr,
2577                                          uint32_t rtattr_len)
2578 {
2579     return host_to_target_for_each_rtattr(rtattr, rtattr_len,
2580                                           host_to_target_data_addr_rtattr);
2581 }
2582 
2583 static abi_long host_to_target_route_rtattr(struct rtattr *rtattr,
2584                                          uint32_t rtattr_len)
2585 {
2586     return host_to_target_for_each_rtattr(rtattr, rtattr_len,
2587                                           host_to_target_data_route_rtattr);
2588 }
2589 
2590 static abi_long host_to_target_data_route(struct nlmsghdr *nlh)
2591 {
2592     uint32_t nlmsg_len;
2593     struct ifinfomsg *ifi;
2594     struct ifaddrmsg *ifa;
2595     struct rtmsg *rtm;
2596 
2597     nlmsg_len = nlh->nlmsg_len;
2598     switch (nlh->nlmsg_type) {
2599     case RTM_NEWLINK:
2600     case RTM_DELLINK:
2601     case RTM_GETLINK:
2602         if (nlh->nlmsg_len >= NLMSG_LENGTH(sizeof(*ifi))) {
2603             ifi = NLMSG_DATA(nlh);
2604             ifi->ifi_type = tswap16(ifi->ifi_type);
2605             ifi->ifi_index = tswap32(ifi->ifi_index);
2606             ifi->ifi_flags = tswap32(ifi->ifi_flags);
2607             ifi->ifi_change = tswap32(ifi->ifi_change);
2608             host_to_target_link_rtattr(IFLA_RTA(ifi),
2609                                        nlmsg_len - NLMSG_LENGTH(sizeof(*ifi)));
2610         }
2611         break;
2612     case RTM_NEWADDR:
2613     case RTM_DELADDR:
2614     case RTM_GETADDR:
2615         if (nlh->nlmsg_len >= NLMSG_LENGTH(sizeof(*ifa))) {
2616             ifa = NLMSG_DATA(nlh);
2617             ifa->ifa_index = tswap32(ifa->ifa_index);
2618             host_to_target_addr_rtattr(IFA_RTA(ifa),
2619                                        nlmsg_len - NLMSG_LENGTH(sizeof(*ifa)));
2620         }
2621         break;
2622     case RTM_NEWROUTE:
2623     case RTM_DELROUTE:
2624     case RTM_GETROUTE:
2625         if (nlh->nlmsg_len >= NLMSG_LENGTH(sizeof(*rtm))) {
2626             rtm = NLMSG_DATA(nlh);
2627             rtm->rtm_flags = tswap32(rtm->rtm_flags);
2628             host_to_target_route_rtattr(RTM_RTA(rtm),
2629                                         nlmsg_len - NLMSG_LENGTH(sizeof(*rtm)));
2630         }
2631         break;
2632     default:
2633         return -TARGET_EINVAL;
2634     }
2635     return 0;
2636 }
2637 
2638 static inline abi_long host_to_target_nlmsg_route(struct nlmsghdr *nlh,
2639                                                   size_t len)
2640 {
2641     return host_to_target_for_each_nlmsg(nlh, len, host_to_target_data_route);
2642 }
2643 
2644 static abi_long target_to_host_for_each_rtattr(struct rtattr *rtattr,
2645                                                size_t len,
2646                                                abi_long (*target_to_host_rtattr)
2647                                                         (struct rtattr *))
2648 {
2649     abi_long ret;
2650 
2651     while (len >= sizeof(struct rtattr)) {
2652         if (tswap16(rtattr->rta_len) < sizeof(struct rtattr) ||
2653             tswap16(rtattr->rta_len) > len) {
2654             break;
2655         }
2656         rtattr->rta_len = tswap16(rtattr->rta_len);
2657         rtattr->rta_type = tswap16(rtattr->rta_type);
2658         ret = target_to_host_rtattr(rtattr);
2659         if (ret < 0) {
2660             return ret;
2661         }
2662         len -= RTA_ALIGN(rtattr->rta_len);
2663         rtattr = (struct rtattr *)(((char *)rtattr) +
2664                  RTA_ALIGN(rtattr->rta_len));
2665     }
2666     return 0;
2667 }
2668 
2669 static abi_long target_to_host_data_link_rtattr(struct rtattr *rtattr)
2670 {
2671     switch (rtattr->rta_type) {
2672     default:
2673         gemu_log("Unknown target QEMU_IFLA type: %d\n", rtattr->rta_type);
2674         break;
2675     }
2676     return 0;
2677 }
2678 
2679 static abi_long target_to_host_data_addr_rtattr(struct rtattr *rtattr)
2680 {
2681     switch (rtattr->rta_type) {
2682     /* binary: depends on family type */
2683     case IFA_LOCAL:
2684     case IFA_ADDRESS:
2685         break;
2686     default:
2687         gemu_log("Unknown target IFA type: %d\n", rtattr->rta_type);
2688         break;
2689     }
2690     return 0;
2691 }
2692 
2693 static abi_long target_to_host_data_route_rtattr(struct rtattr *rtattr)
2694 {
2695     uint32_t *u32;
2696     switch (rtattr->rta_type) {
2697     /* binary: depends on family type */
2698     case RTA_DST:
2699     case RTA_SRC:
2700     case RTA_GATEWAY:
2701         break;
2702     /* u32 */
2703     case RTA_PRIORITY:
2704     case RTA_OIF:
2705         u32 = RTA_DATA(rtattr);
2706         *u32 = tswap32(*u32);
2707         break;
2708     default:
2709         gemu_log("Unknown target RTA type: %d\n", rtattr->rta_type);
2710         break;
2711     }
2712     return 0;
2713 }
2714 
2715 static void target_to_host_link_rtattr(struct rtattr *rtattr,
2716                                        uint32_t rtattr_len)
2717 {
2718     target_to_host_for_each_rtattr(rtattr, rtattr_len,
2719                                    target_to_host_data_link_rtattr);
2720 }
2721 
2722 static void target_to_host_addr_rtattr(struct rtattr *rtattr,
2723                                      uint32_t rtattr_len)
2724 {
2725     target_to_host_for_each_rtattr(rtattr, rtattr_len,
2726                                    target_to_host_data_addr_rtattr);
2727 }
2728 
2729 static void target_to_host_route_rtattr(struct rtattr *rtattr,
2730                                      uint32_t rtattr_len)
2731 {
2732     target_to_host_for_each_rtattr(rtattr, rtattr_len,
2733                                    target_to_host_data_route_rtattr);
2734 }
2735 
2736 static abi_long target_to_host_data_route(struct nlmsghdr *nlh)
2737 {
2738     struct ifinfomsg *ifi;
2739     struct ifaddrmsg *ifa;
2740     struct rtmsg *rtm;
2741 
2742     switch (nlh->nlmsg_type) {
2743     case RTM_GETLINK:
2744         break;
2745     case RTM_NEWLINK:
2746     case RTM_DELLINK:
2747         if (nlh->nlmsg_len >= NLMSG_LENGTH(sizeof(*ifi))) {
2748             ifi = NLMSG_DATA(nlh);
2749             ifi->ifi_type = tswap16(ifi->ifi_type);
2750             ifi->ifi_index = tswap32(ifi->ifi_index);
2751             ifi->ifi_flags = tswap32(ifi->ifi_flags);
2752             ifi->ifi_change = tswap32(ifi->ifi_change);
2753             target_to_host_link_rtattr(IFLA_RTA(ifi), nlh->nlmsg_len -
2754                                        NLMSG_LENGTH(sizeof(*ifi)));
2755         }
2756         break;
2757     case RTM_GETADDR:
2758     case RTM_NEWADDR:
2759     case RTM_DELADDR:
2760         if (nlh->nlmsg_len >= NLMSG_LENGTH(sizeof(*ifa))) {
2761             ifa = NLMSG_DATA(nlh);
2762             ifa->ifa_index = tswap32(ifa->ifa_index);
2763             target_to_host_addr_rtattr(IFA_RTA(ifa), nlh->nlmsg_len -
2764                                        NLMSG_LENGTH(sizeof(*ifa)));
2765         }
2766         break;
2767     case RTM_GETROUTE:
2768         break;
2769     case RTM_NEWROUTE:
2770     case RTM_DELROUTE:
2771         if (nlh->nlmsg_len >= NLMSG_LENGTH(sizeof(*rtm))) {
2772             rtm = NLMSG_DATA(nlh);
2773             rtm->rtm_flags = tswap32(rtm->rtm_flags);
2774             target_to_host_route_rtattr(RTM_RTA(rtm), nlh->nlmsg_len -
2775                                         NLMSG_LENGTH(sizeof(*rtm)));
2776         }
2777         break;
2778     default:
2779         return -TARGET_EOPNOTSUPP;
2780     }
2781     return 0;
2782 }
2783 
2784 static abi_long target_to_host_nlmsg_route(struct nlmsghdr *nlh, size_t len)
2785 {
2786     return target_to_host_for_each_nlmsg(nlh, len, target_to_host_data_route);
2787 }
2788 #endif /* CONFIG_RTNETLINK */
2789 
2790 static abi_long host_to_target_data_audit(struct nlmsghdr *nlh)
2791 {
2792     switch (nlh->nlmsg_type) {
2793     default:
2794         gemu_log("Unknown host audit message type %d\n",
2795                  nlh->nlmsg_type);
2796         return -TARGET_EINVAL;
2797     }
2798     return 0;
2799 }
2800 
2801 static inline abi_long host_to_target_nlmsg_audit(struct nlmsghdr *nlh,
2802                                                   size_t len)
2803 {
2804     return host_to_target_for_each_nlmsg(nlh, len, host_to_target_data_audit);
2805 }
2806 
2807 static abi_long target_to_host_data_audit(struct nlmsghdr *nlh)
2808 {
2809     switch (nlh->nlmsg_type) {
2810     case AUDIT_USER:
2811     case AUDIT_FIRST_USER_MSG ... AUDIT_LAST_USER_MSG:
2812     case AUDIT_FIRST_USER_MSG2 ... AUDIT_LAST_USER_MSG2:
2813         break;
2814     default:
2815         gemu_log("Unknown target audit message type %d\n",
2816                  nlh->nlmsg_type);
2817         return -TARGET_EINVAL;
2818     }
2819 
2820     return 0;
2821 }
2822 
2823 static abi_long target_to_host_nlmsg_audit(struct nlmsghdr *nlh, size_t len)
2824 {
2825     return target_to_host_for_each_nlmsg(nlh, len, target_to_host_data_audit);
2826 }
2827 
2828 /* do_setsockopt() Must return target values and target errnos. */
2829 static abi_long do_setsockopt(int sockfd, int level, int optname,
2830                               abi_ulong optval_addr, socklen_t optlen)
2831 {
2832     abi_long ret;
2833     int val;
2834     struct ip_mreqn *ip_mreq;
2835     struct ip_mreq_source *ip_mreq_source;
2836 
2837     switch(level) {
2838     case SOL_TCP:
2839         /* TCP options all take an 'int' value.  */
2840         if (optlen < sizeof(uint32_t))
2841             return -TARGET_EINVAL;
2842 
2843         if (get_user_u32(val, optval_addr))
2844             return -TARGET_EFAULT;
2845         ret = get_errno(setsockopt(sockfd, level, optname, &val, sizeof(val)));
2846         break;
2847     case SOL_IP:
2848         switch(optname) {
2849         case IP_TOS:
2850         case IP_TTL:
2851         case IP_HDRINCL:
2852         case IP_ROUTER_ALERT:
2853         case IP_RECVOPTS:
2854         case IP_RETOPTS:
2855         case IP_PKTINFO:
2856         case IP_MTU_DISCOVER:
2857         case IP_RECVERR:
2858         case IP_RECVTTL:
2859         case IP_RECVTOS:
2860 #ifdef IP_FREEBIND
2861         case IP_FREEBIND:
2862 #endif
2863         case IP_MULTICAST_TTL:
2864         case IP_MULTICAST_LOOP:
2865             val = 0;
2866             if (optlen >= sizeof(uint32_t)) {
2867                 if (get_user_u32(val, optval_addr))
2868                     return -TARGET_EFAULT;
2869             } else if (optlen >= 1) {
2870                 if (get_user_u8(val, optval_addr))
2871                     return -TARGET_EFAULT;
2872             }
2873             ret = get_errno(setsockopt(sockfd, level, optname, &val, sizeof(val)));
2874             break;
2875         case IP_ADD_MEMBERSHIP:
2876         case IP_DROP_MEMBERSHIP:
2877             if (optlen < sizeof (struct target_ip_mreq) ||
2878                 optlen > sizeof (struct target_ip_mreqn))
2879                 return -TARGET_EINVAL;
2880 
2881             ip_mreq = (struct ip_mreqn *) alloca(optlen);
2882             target_to_host_ip_mreq(ip_mreq, optval_addr, optlen);
2883             ret = get_errno(setsockopt(sockfd, level, optname, ip_mreq, optlen));
2884             break;
2885 
2886         case IP_BLOCK_SOURCE:
2887         case IP_UNBLOCK_SOURCE:
2888         case IP_ADD_SOURCE_MEMBERSHIP:
2889         case IP_DROP_SOURCE_MEMBERSHIP:
2890             if (optlen != sizeof (struct target_ip_mreq_source))
2891                 return -TARGET_EINVAL;
2892 
2893             ip_mreq_source = lock_user(VERIFY_READ, optval_addr, optlen, 1);
2894             ret = get_errno(setsockopt(sockfd, level, optname, ip_mreq_source, optlen));
2895             unlock_user (ip_mreq_source, optval_addr, 0);
2896             break;
2897 
2898         default:
2899             goto unimplemented;
2900         }
2901         break;
2902     case SOL_IPV6:
2903         switch (optname) {
2904         case IPV6_MTU_DISCOVER:
2905         case IPV6_MTU:
2906         case IPV6_V6ONLY:
2907         case IPV6_RECVPKTINFO:
2908         case IPV6_UNICAST_HOPS:
2909         case IPV6_RECVERR:
2910         case IPV6_RECVHOPLIMIT:
2911         case IPV6_2292HOPLIMIT:
2912         case IPV6_CHECKSUM:
2913             val = 0;
2914             if (optlen < sizeof(uint32_t)) {
2915                 return -TARGET_EINVAL;
2916             }
2917             if (get_user_u32(val, optval_addr)) {
2918                 return -TARGET_EFAULT;
2919             }
2920             ret = get_errno(setsockopt(sockfd, level, optname,
2921                                        &val, sizeof(val)));
2922             break;
2923         case IPV6_PKTINFO:
2924         {
2925             struct in6_pktinfo pki;
2926 
2927             if (optlen < sizeof(pki)) {
2928                 return -TARGET_EINVAL;
2929             }
2930 
2931             if (copy_from_user(&pki, optval_addr, sizeof(pki))) {
2932                 return -TARGET_EFAULT;
2933             }
2934 
2935             pki.ipi6_ifindex = tswap32(pki.ipi6_ifindex);
2936 
2937             ret = get_errno(setsockopt(sockfd, level, optname,
2938                                        &pki, sizeof(pki)));
2939             break;
2940         }
2941         default:
2942             goto unimplemented;
2943         }
2944         break;
2945     case SOL_ICMPV6:
2946         switch (optname) {
2947         case ICMPV6_FILTER:
2948         {
2949             struct icmp6_filter icmp6f;
2950 
2951             if (optlen > sizeof(icmp6f)) {
2952                 optlen = sizeof(icmp6f);
2953             }
2954 
2955             if (copy_from_user(&icmp6f, optval_addr, optlen)) {
2956                 return -TARGET_EFAULT;
2957             }
2958 
2959             for (val = 0; val < 8; val++) {
2960                 icmp6f.data[val] = tswap32(icmp6f.data[val]);
2961             }
2962 
2963             ret = get_errno(setsockopt(sockfd, level, optname,
2964                                        &icmp6f, optlen));
2965             break;
2966         }
2967         default:
2968             goto unimplemented;
2969         }
2970         break;
2971     case SOL_RAW:
2972         switch (optname) {
2973         case ICMP_FILTER:
2974         case IPV6_CHECKSUM:
2975             /* those take an u32 value */
2976             if (optlen < sizeof(uint32_t)) {
2977                 return -TARGET_EINVAL;
2978             }
2979 
2980             if (get_user_u32(val, optval_addr)) {
2981                 return -TARGET_EFAULT;
2982             }
2983             ret = get_errno(setsockopt(sockfd, level, optname,
2984                                        &val, sizeof(val)));
2985             break;
2986 
2987         default:
2988             goto unimplemented;
2989         }
2990         break;
2991     case TARGET_SOL_SOCKET:
2992         switch (optname) {
2993         case TARGET_SO_RCVTIMEO:
2994         {
2995                 struct timeval tv;
2996 
2997                 optname = SO_RCVTIMEO;
2998 
2999 set_timeout:
3000                 if (optlen != sizeof(struct target_timeval)) {
3001                     return -TARGET_EINVAL;
3002                 }
3003 
3004                 if (copy_from_user_timeval(&tv, optval_addr)) {
3005                     return -TARGET_EFAULT;
3006                 }
3007 
3008                 ret = get_errno(setsockopt(sockfd, SOL_SOCKET, optname,
3009                                 &tv, sizeof(tv)));
3010                 return ret;
3011         }
3012         case TARGET_SO_SNDTIMEO:
3013                 optname = SO_SNDTIMEO;
3014                 goto set_timeout;
3015         case TARGET_SO_ATTACH_FILTER:
3016         {
3017                 struct target_sock_fprog *tfprog;
3018                 struct target_sock_filter *tfilter;
3019                 struct sock_fprog fprog;
3020                 struct sock_filter *filter;
3021                 int i;
3022 
3023                 if (optlen != sizeof(*tfprog)) {
3024                     return -TARGET_EINVAL;
3025                 }
3026                 if (!lock_user_struct(VERIFY_READ, tfprog, optval_addr, 0)) {
3027                     return -TARGET_EFAULT;
3028                 }
3029                 if (!lock_user_struct(VERIFY_READ, tfilter,
3030                                       tswapal(tfprog->filter), 0)) {
3031                     unlock_user_struct(tfprog, optval_addr, 1);
3032                     return -TARGET_EFAULT;
3033                 }
3034 
3035                 fprog.len = tswap16(tfprog->len);
3036                 filter = g_try_new(struct sock_filter, fprog.len);
3037                 if (filter == NULL) {
3038                     unlock_user_struct(tfilter, tfprog->filter, 1);
3039                     unlock_user_struct(tfprog, optval_addr, 1);
3040                     return -TARGET_ENOMEM;
3041                 }
3042                 for (i = 0; i < fprog.len; i++) {
3043                     filter[i].code = tswap16(tfilter[i].code);
3044                     filter[i].jt = tfilter[i].jt;
3045                     filter[i].jf = tfilter[i].jf;
3046                     filter[i].k = tswap32(tfilter[i].k);
3047                 }
3048                 fprog.filter = filter;
3049 
3050                 ret = get_errno(setsockopt(sockfd, SOL_SOCKET,
3051                                 SO_ATTACH_FILTER, &fprog, sizeof(fprog)));
3052                 g_free(filter);
3053 
3054                 unlock_user_struct(tfilter, tfprog->filter, 1);
3055                 unlock_user_struct(tfprog, optval_addr, 1);
3056                 return ret;
3057         }
3058 	case TARGET_SO_BINDTODEVICE:
3059 	{
3060 		char *dev_ifname, *addr_ifname;
3061 
3062 		if (optlen > IFNAMSIZ - 1) {
3063 		    optlen = IFNAMSIZ - 1;
3064 		}
3065 		dev_ifname = lock_user(VERIFY_READ, optval_addr, optlen, 1);
3066 		if (!dev_ifname) {
3067 		    return -TARGET_EFAULT;
3068 		}
3069 		optname = SO_BINDTODEVICE;
3070 		addr_ifname = alloca(IFNAMSIZ);
3071 		memcpy(addr_ifname, dev_ifname, optlen);
3072 		addr_ifname[optlen] = 0;
3073 		ret = get_errno(setsockopt(sockfd, SOL_SOCKET, optname,
3074                                            addr_ifname, optlen));
3075 		unlock_user (dev_ifname, optval_addr, 0);
3076 		return ret;
3077 	}
3078             /* Options with 'int' argument.  */
3079         case TARGET_SO_DEBUG:
3080 		optname = SO_DEBUG;
3081 		break;
3082         case TARGET_SO_REUSEADDR:
3083 		optname = SO_REUSEADDR;
3084 		break;
3085         case TARGET_SO_TYPE:
3086 		optname = SO_TYPE;
3087 		break;
3088         case TARGET_SO_ERROR:
3089 		optname = SO_ERROR;
3090 		break;
3091         case TARGET_SO_DONTROUTE:
3092 		optname = SO_DONTROUTE;
3093 		break;
3094         case TARGET_SO_BROADCAST:
3095 		optname = SO_BROADCAST;
3096 		break;
3097         case TARGET_SO_SNDBUF:
3098 		optname = SO_SNDBUF;
3099 		break;
3100         case TARGET_SO_SNDBUFFORCE:
3101                 optname = SO_SNDBUFFORCE;
3102                 break;
3103         case TARGET_SO_RCVBUF:
3104 		optname = SO_RCVBUF;
3105 		break;
3106         case TARGET_SO_RCVBUFFORCE:
3107                 optname = SO_RCVBUFFORCE;
3108                 break;
3109         case TARGET_SO_KEEPALIVE:
3110 		optname = SO_KEEPALIVE;
3111 		break;
3112         case TARGET_SO_OOBINLINE:
3113 		optname = SO_OOBINLINE;
3114 		break;
3115         case TARGET_SO_NO_CHECK:
3116 		optname = SO_NO_CHECK;
3117 		break;
3118         case TARGET_SO_PRIORITY:
3119 		optname = SO_PRIORITY;
3120 		break;
3121 #ifdef SO_BSDCOMPAT
3122         case TARGET_SO_BSDCOMPAT:
3123 		optname = SO_BSDCOMPAT;
3124 		break;
3125 #endif
3126         case TARGET_SO_PASSCRED:
3127 		optname = SO_PASSCRED;
3128 		break;
3129         case TARGET_SO_PASSSEC:
3130                 optname = SO_PASSSEC;
3131                 break;
3132         case TARGET_SO_TIMESTAMP:
3133 		optname = SO_TIMESTAMP;
3134 		break;
3135         case TARGET_SO_RCVLOWAT:
3136 		optname = SO_RCVLOWAT;
3137 		break;
3138         default:
3139             goto unimplemented;
3140         }
3141 	if (optlen < sizeof(uint32_t))
3142             return -TARGET_EINVAL;
3143 
3144 	if (get_user_u32(val, optval_addr))
3145             return -TARGET_EFAULT;
3146 	ret = get_errno(setsockopt(sockfd, SOL_SOCKET, optname, &val, sizeof(val)));
3147         break;
3148     default:
3149     unimplemented:
3150         gemu_log("Unsupported setsockopt level=%d optname=%d\n", level, optname);
3151         ret = -TARGET_ENOPROTOOPT;
3152     }
3153     return ret;
3154 }
3155 
3156 /* do_getsockopt() Must return target values and target errnos. */
3157 static abi_long do_getsockopt(int sockfd, int level, int optname,
3158                               abi_ulong optval_addr, abi_ulong optlen)
3159 {
3160     abi_long ret;
3161     int len, val;
3162     socklen_t lv;
3163 
3164     switch(level) {
3165     case TARGET_SOL_SOCKET:
3166         level = SOL_SOCKET;
3167         switch (optname) {
3168         /* These don't just return a single integer */
3169         case TARGET_SO_LINGER:
3170         case TARGET_SO_RCVTIMEO:
3171         case TARGET_SO_SNDTIMEO:
3172         case TARGET_SO_PEERNAME:
3173             goto unimplemented;
3174         case TARGET_SO_PEERCRED: {
3175             struct ucred cr;
3176             socklen_t crlen;
3177             struct target_ucred *tcr;
3178 
3179             if (get_user_u32(len, optlen)) {
3180                 return -TARGET_EFAULT;
3181             }
3182             if (len < 0) {
3183                 return -TARGET_EINVAL;
3184             }
3185 
3186             crlen = sizeof(cr);
3187             ret = get_errno(getsockopt(sockfd, level, SO_PEERCRED,
3188                                        &cr, &crlen));
3189             if (ret < 0) {
3190                 return ret;
3191             }
3192             if (len > crlen) {
3193                 len = crlen;
3194             }
3195             if (!lock_user_struct(VERIFY_WRITE, tcr, optval_addr, 0)) {
3196                 return -TARGET_EFAULT;
3197             }
3198             __put_user(cr.pid, &tcr->pid);
3199             __put_user(cr.uid, &tcr->uid);
3200             __put_user(cr.gid, &tcr->gid);
3201             unlock_user_struct(tcr, optval_addr, 1);
3202             if (put_user_u32(len, optlen)) {
3203                 return -TARGET_EFAULT;
3204             }
3205             break;
3206         }
3207         /* Options with 'int' argument.  */
3208         case TARGET_SO_DEBUG:
3209             optname = SO_DEBUG;
3210             goto int_case;
3211         case TARGET_SO_REUSEADDR:
3212             optname = SO_REUSEADDR;
3213             goto int_case;
3214         case TARGET_SO_TYPE:
3215             optname = SO_TYPE;
3216             goto int_case;
3217         case TARGET_SO_ERROR:
3218             optname = SO_ERROR;
3219             goto int_case;
3220         case TARGET_SO_DONTROUTE:
3221             optname = SO_DONTROUTE;
3222             goto int_case;
3223         case TARGET_SO_BROADCAST:
3224             optname = SO_BROADCAST;
3225             goto int_case;
3226         case TARGET_SO_SNDBUF:
3227             optname = SO_SNDBUF;
3228             goto int_case;
3229         case TARGET_SO_RCVBUF:
3230             optname = SO_RCVBUF;
3231             goto int_case;
3232         case TARGET_SO_KEEPALIVE:
3233             optname = SO_KEEPALIVE;
3234             goto int_case;
3235         case TARGET_SO_OOBINLINE:
3236             optname = SO_OOBINLINE;
3237             goto int_case;
3238         case TARGET_SO_NO_CHECK:
3239             optname = SO_NO_CHECK;
3240             goto int_case;
3241         case TARGET_SO_PRIORITY:
3242             optname = SO_PRIORITY;
3243             goto int_case;
3244 #ifdef SO_BSDCOMPAT
3245         case TARGET_SO_BSDCOMPAT:
3246             optname = SO_BSDCOMPAT;
3247             goto int_case;
3248 #endif
3249         case TARGET_SO_PASSCRED:
3250             optname = SO_PASSCRED;
3251             goto int_case;
3252         case TARGET_SO_TIMESTAMP:
3253             optname = SO_TIMESTAMP;
3254             goto int_case;
3255         case TARGET_SO_RCVLOWAT:
3256             optname = SO_RCVLOWAT;
3257             goto int_case;
3258         case TARGET_SO_ACCEPTCONN:
3259             optname = SO_ACCEPTCONN;
3260             goto int_case;
3261         default:
3262             goto int_case;
3263         }
3264         break;
3265     case SOL_TCP:
3266         /* TCP options all take an 'int' value.  */
3267     int_case:
3268         if (get_user_u32(len, optlen))
3269             return -TARGET_EFAULT;
3270         if (len < 0)
3271             return -TARGET_EINVAL;
3272         lv = sizeof(lv);
3273         ret = get_errno(getsockopt(sockfd, level, optname, &val, &lv));
3274         if (ret < 0)
3275             return ret;
3276         if (optname == SO_TYPE) {
3277             val = host_to_target_sock_type(val);
3278         }
3279         if (len > lv)
3280             len = lv;
3281         if (len == 4) {
3282             if (put_user_u32(val, optval_addr))
3283                 return -TARGET_EFAULT;
3284         } else {
3285             if (put_user_u8(val, optval_addr))
3286                 return -TARGET_EFAULT;
3287         }
3288         if (put_user_u32(len, optlen))
3289             return -TARGET_EFAULT;
3290         break;
3291     case SOL_IP:
3292         switch(optname) {
3293         case IP_TOS:
3294         case IP_TTL:
3295         case IP_HDRINCL:
3296         case IP_ROUTER_ALERT:
3297         case IP_RECVOPTS:
3298         case IP_RETOPTS:
3299         case IP_PKTINFO:
3300         case IP_MTU_DISCOVER:
3301         case IP_RECVERR:
3302         case IP_RECVTOS:
3303 #ifdef IP_FREEBIND
3304         case IP_FREEBIND:
3305 #endif
3306         case IP_MULTICAST_TTL:
3307         case IP_MULTICAST_LOOP:
3308             if (get_user_u32(len, optlen))
3309                 return -TARGET_EFAULT;
3310             if (len < 0)
3311                 return -TARGET_EINVAL;
3312             lv = sizeof(lv);
3313             ret = get_errno(getsockopt(sockfd, level, optname, &val, &lv));
3314             if (ret < 0)
3315                 return ret;
3316             if (len < sizeof(int) && len > 0 && val >= 0 && val < 255) {
3317                 len = 1;
3318                 if (put_user_u32(len, optlen)
3319                     || put_user_u8(val, optval_addr))
3320                     return -TARGET_EFAULT;
3321             } else {
3322                 if (len > sizeof(int))
3323                     len = sizeof(int);
3324                 if (put_user_u32(len, optlen)
3325                     || put_user_u32(val, optval_addr))
3326                     return -TARGET_EFAULT;
3327             }
3328             break;
3329         default:
3330             ret = -TARGET_ENOPROTOOPT;
3331             break;
3332         }
3333         break;
3334     default:
3335     unimplemented:
3336         gemu_log("getsockopt level=%d optname=%d not yet supported\n",
3337                  level, optname);
3338         ret = -TARGET_EOPNOTSUPP;
3339         break;
3340     }
3341     return ret;
3342 }
3343 
3344 static struct iovec *lock_iovec(int type, abi_ulong target_addr,
3345                                 abi_ulong count, int copy)
3346 {
3347     struct target_iovec *target_vec;
3348     struct iovec *vec;
3349     abi_ulong total_len, max_len;
3350     int i;
3351     int err = 0;
3352     bool bad_address = false;
3353 
3354     if (count == 0) {
3355         errno = 0;
3356         return NULL;
3357     }
3358     if (count > IOV_MAX) {
3359         errno = EINVAL;
3360         return NULL;
3361     }
3362 
3363     vec = g_try_new0(struct iovec, count);
3364     if (vec == NULL) {
3365         errno = ENOMEM;
3366         return NULL;
3367     }
3368 
3369     target_vec = lock_user(VERIFY_READ, target_addr,
3370                            count * sizeof(struct target_iovec), 1);
3371     if (target_vec == NULL) {
3372         err = EFAULT;
3373         goto fail2;
3374     }
3375 
3376     /* ??? If host page size > target page size, this will result in a
3377        value larger than what we can actually support.  */
3378     max_len = 0x7fffffff & TARGET_PAGE_MASK;
3379     total_len = 0;
3380 
3381     for (i = 0; i < count; i++) {
3382         abi_ulong base = tswapal(target_vec[i].iov_base);
3383         abi_long len = tswapal(target_vec[i].iov_len);
3384 
3385         if (len < 0) {
3386             err = EINVAL;
3387             goto fail;
3388         } else if (len == 0) {
3389             /* Zero length pointer is ignored.  */
3390             vec[i].iov_base = 0;
3391         } else {
3392             vec[i].iov_base = lock_user(type, base, len, copy);
3393             /* If the first buffer pointer is bad, this is a fault.  But
3394              * subsequent bad buffers will result in a partial write; this
3395              * is realized by filling the vector with null pointers and
3396              * zero lengths. */
3397             if (!vec[i].iov_base) {
3398                 if (i == 0) {
3399                     err = EFAULT;
3400                     goto fail;
3401                 } else {
3402                     bad_address = true;
3403                 }
3404             }
3405             if (bad_address) {
3406                 len = 0;
3407             }
3408             if (len > max_len - total_len) {
3409                 len = max_len - total_len;
3410             }
3411         }
3412         vec[i].iov_len = len;
3413         total_len += len;
3414     }
3415 
3416     unlock_user(target_vec, target_addr, 0);
3417     return vec;
3418 
3419  fail:
3420     while (--i >= 0) {
3421         if (tswapal(target_vec[i].iov_len) > 0) {
3422             unlock_user(vec[i].iov_base, tswapal(target_vec[i].iov_base), 0);
3423         }
3424     }
3425     unlock_user(target_vec, target_addr, 0);
3426  fail2:
3427     g_free(vec);
3428     errno = err;
3429     return NULL;
3430 }
3431 
3432 static void unlock_iovec(struct iovec *vec, abi_ulong target_addr,
3433                          abi_ulong count, int copy)
3434 {
3435     struct target_iovec *target_vec;
3436     int i;
3437 
3438     target_vec = lock_user(VERIFY_READ, target_addr,
3439                            count * sizeof(struct target_iovec), 1);
3440     if (target_vec) {
3441         for (i = 0; i < count; i++) {
3442             abi_ulong base = tswapal(target_vec[i].iov_base);
3443             abi_long len = tswapal(target_vec[i].iov_len);
3444             if (len < 0) {
3445                 break;
3446             }
3447             unlock_user(vec[i].iov_base, base, copy ? vec[i].iov_len : 0);
3448         }
3449         unlock_user(target_vec, target_addr, 0);
3450     }
3451 
3452     g_free(vec);
3453 }
3454 
3455 static inline int target_to_host_sock_type(int *type)
3456 {
3457     int host_type = 0;
3458     int target_type = *type;
3459 
3460     switch (target_type & TARGET_SOCK_TYPE_MASK) {
3461     case TARGET_SOCK_DGRAM:
3462         host_type = SOCK_DGRAM;
3463         break;
3464     case TARGET_SOCK_STREAM:
3465         host_type = SOCK_STREAM;
3466         break;
3467     default:
3468         host_type = target_type & TARGET_SOCK_TYPE_MASK;
3469         break;
3470     }
3471     if (target_type & TARGET_SOCK_CLOEXEC) {
3472 #if defined(SOCK_CLOEXEC)
3473         host_type |= SOCK_CLOEXEC;
3474 #else
3475         return -TARGET_EINVAL;
3476 #endif
3477     }
3478     if (target_type & TARGET_SOCK_NONBLOCK) {
3479 #if defined(SOCK_NONBLOCK)
3480         host_type |= SOCK_NONBLOCK;
3481 #elif !defined(O_NONBLOCK)
3482         return -TARGET_EINVAL;
3483 #endif
3484     }
3485     *type = host_type;
3486     return 0;
3487 }
3488 
3489 /* Try to emulate socket type flags after socket creation.  */
3490 static int sock_flags_fixup(int fd, int target_type)
3491 {
3492 #if !defined(SOCK_NONBLOCK) && defined(O_NONBLOCK)
3493     if (target_type & TARGET_SOCK_NONBLOCK) {
3494         int flags = fcntl(fd, F_GETFL);
3495         if (fcntl(fd, F_SETFL, O_NONBLOCK | flags) == -1) {
3496             close(fd);
3497             return -TARGET_EINVAL;
3498         }
3499     }
3500 #endif
3501     return fd;
3502 }
3503 
3504 static abi_long packet_target_to_host_sockaddr(void *host_addr,
3505                                                abi_ulong target_addr,
3506                                                socklen_t len)
3507 {
3508     struct sockaddr *addr = host_addr;
3509     struct target_sockaddr *target_saddr;
3510 
3511     target_saddr = lock_user(VERIFY_READ, target_addr, len, 1);
3512     if (!target_saddr) {
3513         return -TARGET_EFAULT;
3514     }
3515 
3516     memcpy(addr, target_saddr, len);
3517     addr->sa_family = tswap16(target_saddr->sa_family);
3518     /* spkt_protocol is big-endian */
3519 
3520     unlock_user(target_saddr, target_addr, 0);
3521     return 0;
3522 }
3523 
3524 static TargetFdTrans target_packet_trans = {
3525     .target_to_host_addr = packet_target_to_host_sockaddr,
3526 };
3527 
3528 #ifdef CONFIG_RTNETLINK
3529 static abi_long netlink_route_target_to_host(void *buf, size_t len)
3530 {
3531     abi_long ret;
3532 
3533     ret = target_to_host_nlmsg_route(buf, len);
3534     if (ret < 0) {
3535         return ret;
3536     }
3537 
3538     return len;
3539 }
3540 
3541 static abi_long netlink_route_host_to_target(void *buf, size_t len)
3542 {
3543     abi_long ret;
3544 
3545     ret = host_to_target_nlmsg_route(buf, len);
3546     if (ret < 0) {
3547         return ret;
3548     }
3549 
3550     return len;
3551 }
3552 
3553 static TargetFdTrans target_netlink_route_trans = {
3554     .target_to_host_data = netlink_route_target_to_host,
3555     .host_to_target_data = netlink_route_host_to_target,
3556 };
3557 #endif /* CONFIG_RTNETLINK */
3558 
3559 static abi_long netlink_audit_target_to_host(void *buf, size_t len)
3560 {
3561     abi_long ret;
3562 
3563     ret = target_to_host_nlmsg_audit(buf, len);
3564     if (ret < 0) {
3565         return ret;
3566     }
3567 
3568     return len;
3569 }
3570 
3571 static abi_long netlink_audit_host_to_target(void *buf, size_t len)
3572 {
3573     abi_long ret;
3574 
3575     ret = host_to_target_nlmsg_audit(buf, len);
3576     if (ret < 0) {
3577         return ret;
3578     }
3579 
3580     return len;
3581 }
3582 
3583 static TargetFdTrans target_netlink_audit_trans = {
3584     .target_to_host_data = netlink_audit_target_to_host,
3585     .host_to_target_data = netlink_audit_host_to_target,
3586 };
3587 
3588 /* do_socket() Must return target values and target errnos. */
3589 static abi_long do_socket(int domain, int type, int protocol)
3590 {
3591     int target_type = type;
3592     int ret;
3593 
3594     ret = target_to_host_sock_type(&type);
3595     if (ret) {
3596         return ret;
3597     }
3598 
3599     if (domain == PF_NETLINK && !(
3600 #ifdef CONFIG_RTNETLINK
3601          protocol == NETLINK_ROUTE ||
3602 #endif
3603          protocol == NETLINK_KOBJECT_UEVENT ||
3604          protocol == NETLINK_AUDIT)) {
3605         return -EPFNOSUPPORT;
3606     }
3607 
3608     if (domain == AF_PACKET ||
3609         (domain == AF_INET && type == SOCK_PACKET)) {
3610         protocol = tswap16(protocol);
3611     }
3612 
3613     ret = get_errno(socket(domain, type, protocol));
3614     if (ret >= 0) {
3615         ret = sock_flags_fixup(ret, target_type);
3616         if (type == SOCK_PACKET) {
3617             /* Manage an obsolete case :
3618              * if socket type is SOCK_PACKET, bind by name
3619              */
3620             fd_trans_register(ret, &target_packet_trans);
3621         } else if (domain == PF_NETLINK) {
3622             switch (protocol) {
3623 #ifdef CONFIG_RTNETLINK
3624             case NETLINK_ROUTE:
3625                 fd_trans_register(ret, &target_netlink_route_trans);
3626                 break;
3627 #endif
3628             case NETLINK_KOBJECT_UEVENT:
3629                 /* nothing to do: messages are strings */
3630                 break;
3631             case NETLINK_AUDIT:
3632                 fd_trans_register(ret, &target_netlink_audit_trans);
3633                 break;
3634             default:
3635                 g_assert_not_reached();
3636             }
3637         }
3638     }
3639     return ret;
3640 }
3641 
3642 /* do_bind() Must return target values and target errnos. */
3643 static abi_long do_bind(int sockfd, abi_ulong target_addr,
3644                         socklen_t addrlen)
3645 {
3646     void *addr;
3647     abi_long ret;
3648 
3649     if ((int)addrlen < 0) {
3650         return -TARGET_EINVAL;
3651     }
3652 
3653     addr = alloca(addrlen+1);
3654 
3655     ret = target_to_host_sockaddr(sockfd, addr, target_addr, addrlen);
3656     if (ret)
3657         return ret;
3658 
3659     return get_errno(bind(sockfd, addr, addrlen));
3660 }
3661 
3662 /* do_connect() Must return target values and target errnos. */
3663 static abi_long do_connect(int sockfd, abi_ulong target_addr,
3664                            socklen_t addrlen)
3665 {
3666     void *addr;
3667     abi_long ret;
3668 
3669     if ((int)addrlen < 0) {
3670         return -TARGET_EINVAL;
3671     }
3672 
3673     addr = alloca(addrlen+1);
3674 
3675     ret = target_to_host_sockaddr(sockfd, addr, target_addr, addrlen);
3676     if (ret)
3677         return ret;
3678 
3679     return get_errno(safe_connect(sockfd, addr, addrlen));
3680 }
3681 
3682 /* do_sendrecvmsg_locked() Must return target values and target errnos. */
3683 static abi_long do_sendrecvmsg_locked(int fd, struct target_msghdr *msgp,
3684                                       int flags, int send)
3685 {
3686     abi_long ret, len;
3687     struct msghdr msg;
3688     abi_ulong count;
3689     struct iovec *vec;
3690     abi_ulong target_vec;
3691 
3692     if (msgp->msg_name) {
3693         msg.msg_namelen = tswap32(msgp->msg_namelen);
3694         msg.msg_name = alloca(msg.msg_namelen+1);
3695         ret = target_to_host_sockaddr(fd, msg.msg_name,
3696                                       tswapal(msgp->msg_name),
3697                                       msg.msg_namelen);
3698         if (ret == -TARGET_EFAULT) {
3699             /* For connected sockets msg_name and msg_namelen must
3700              * be ignored, so returning EFAULT immediately is wrong.
3701              * Instead, pass a bad msg_name to the host kernel, and
3702              * let it decide whether to return EFAULT or not.
3703              */
3704             msg.msg_name = (void *)-1;
3705         } else if (ret) {
3706             goto out2;
3707         }
3708     } else {
3709         msg.msg_name = NULL;
3710         msg.msg_namelen = 0;
3711     }
3712     msg.msg_controllen = 2 * tswapal(msgp->msg_controllen);
3713     msg.msg_control = alloca(msg.msg_controllen);
3714     msg.msg_flags = tswap32(msgp->msg_flags);
3715 
3716     count = tswapal(msgp->msg_iovlen);
3717     target_vec = tswapal(msgp->msg_iov);
3718 
3719     if (count > IOV_MAX) {
3720         /* sendrcvmsg returns a different errno for this condition than
3721          * readv/writev, so we must catch it here before lock_iovec() does.
3722          */
3723         ret = -TARGET_EMSGSIZE;
3724         goto out2;
3725     }
3726 
3727     vec = lock_iovec(send ? VERIFY_READ : VERIFY_WRITE,
3728                      target_vec, count, send);
3729     if (vec == NULL) {
3730         ret = -host_to_target_errno(errno);
3731         goto out2;
3732     }
3733     msg.msg_iovlen = count;
3734     msg.msg_iov = vec;
3735 
3736     if (send) {
3737         if (fd_trans_target_to_host_data(fd)) {
3738             void *host_msg;
3739 
3740             host_msg = g_malloc(msg.msg_iov->iov_len);
3741             memcpy(host_msg, msg.msg_iov->iov_base, msg.msg_iov->iov_len);
3742             ret = fd_trans_target_to_host_data(fd)(host_msg,
3743                                                    msg.msg_iov->iov_len);
3744             if (ret >= 0) {
3745                 msg.msg_iov->iov_base = host_msg;
3746                 ret = get_errno(safe_sendmsg(fd, &msg, flags));
3747             }
3748             g_free(host_msg);
3749         } else {
3750             ret = target_to_host_cmsg(&msg, msgp);
3751             if (ret == 0) {
3752                 ret = get_errno(safe_sendmsg(fd, &msg, flags));
3753             }
3754         }
3755     } else {
3756         ret = get_errno(safe_recvmsg(fd, &msg, flags));
3757         if (!is_error(ret)) {
3758             len = ret;
3759             if (fd_trans_host_to_target_data(fd)) {
3760                 ret = fd_trans_host_to_target_data(fd)(msg.msg_iov->iov_base,
3761                                                        len);
3762             } else {
3763                 ret = host_to_target_cmsg(msgp, &msg);
3764             }
3765             if (!is_error(ret)) {
3766                 msgp->msg_namelen = tswap32(msg.msg_namelen);
3767                 if (msg.msg_name != NULL && msg.msg_name != (void *)-1) {
3768                     ret = host_to_target_sockaddr(tswapal(msgp->msg_name),
3769                                     msg.msg_name, msg.msg_namelen);
3770                     if (ret) {
3771                         goto out;
3772                     }
3773                 }
3774 
3775                 ret = len;
3776             }
3777         }
3778     }
3779 
3780 out:
3781     unlock_iovec(vec, target_vec, count, !send);
3782 out2:
3783     return ret;
3784 }
3785 
3786 static abi_long do_sendrecvmsg(int fd, abi_ulong target_msg,
3787                                int flags, int send)
3788 {
3789     abi_long ret;
3790     struct target_msghdr *msgp;
3791 
3792     if (!lock_user_struct(send ? VERIFY_READ : VERIFY_WRITE,
3793                           msgp,
3794                           target_msg,
3795                           send ? 1 : 0)) {
3796         return -TARGET_EFAULT;
3797     }
3798     ret = do_sendrecvmsg_locked(fd, msgp, flags, send);
3799     unlock_user_struct(msgp, target_msg, send ? 0 : 1);
3800     return ret;
3801 }
3802 
3803 /* We don't rely on the C library to have sendmmsg/recvmmsg support,
3804  * so it might not have this *mmsg-specific flag either.
3805  */
3806 #ifndef MSG_WAITFORONE
3807 #define MSG_WAITFORONE 0x10000
3808 #endif
3809 
3810 static abi_long do_sendrecvmmsg(int fd, abi_ulong target_msgvec,
3811                                 unsigned int vlen, unsigned int flags,
3812                                 int send)
3813 {
3814     struct target_mmsghdr *mmsgp;
3815     abi_long ret = 0;
3816     int i;
3817 
3818     if (vlen > UIO_MAXIOV) {
3819         vlen = UIO_MAXIOV;
3820     }
3821 
3822     mmsgp = lock_user(VERIFY_WRITE, target_msgvec, sizeof(*mmsgp) * vlen, 1);
3823     if (!mmsgp) {
3824         return -TARGET_EFAULT;
3825     }
3826 
3827     for (i = 0; i < vlen; i++) {
3828         ret = do_sendrecvmsg_locked(fd, &mmsgp[i].msg_hdr, flags, send);
3829         if (is_error(ret)) {
3830             break;
3831         }
3832         mmsgp[i].msg_len = tswap32(ret);
3833         /* MSG_WAITFORONE turns on MSG_DONTWAIT after one packet */
3834         if (flags & MSG_WAITFORONE) {
3835             flags |= MSG_DONTWAIT;
3836         }
3837     }
3838 
3839     unlock_user(mmsgp, target_msgvec, sizeof(*mmsgp) * i);
3840 
3841     /* Return number of datagrams sent if we sent any at all;
3842      * otherwise return the error.
3843      */
3844     if (i) {
3845         return i;
3846     }
3847     return ret;
3848 }
3849 
3850 /* do_accept4() Must return target values and target errnos. */
3851 static abi_long do_accept4(int fd, abi_ulong target_addr,
3852                            abi_ulong target_addrlen_addr, int flags)
3853 {
3854     socklen_t addrlen;
3855     void *addr;
3856     abi_long ret;
3857     int host_flags;
3858 
3859     host_flags = target_to_host_bitmask(flags, fcntl_flags_tbl);
3860 
3861     if (target_addr == 0) {
3862         return get_errno(safe_accept4(fd, NULL, NULL, host_flags));
3863     }
3864 
3865     /* linux returns EINVAL if addrlen pointer is invalid */
3866     if (get_user_u32(addrlen, target_addrlen_addr))
3867         return -TARGET_EINVAL;
3868 
3869     if ((int)addrlen < 0) {
3870         return -TARGET_EINVAL;
3871     }
3872 
3873     if (!access_ok(VERIFY_WRITE, target_addr, addrlen))
3874         return -TARGET_EINVAL;
3875 
3876     addr = alloca(addrlen);
3877 
3878     ret = get_errno(safe_accept4(fd, addr, &addrlen, host_flags));
3879     if (!is_error(ret)) {
3880         host_to_target_sockaddr(target_addr, addr, addrlen);
3881         if (put_user_u32(addrlen, target_addrlen_addr))
3882             ret = -TARGET_EFAULT;
3883     }
3884     return ret;
3885 }
3886 
3887 /* do_getpeername() Must return target values and target errnos. */
3888 static abi_long do_getpeername(int fd, abi_ulong target_addr,
3889                                abi_ulong target_addrlen_addr)
3890 {
3891     socklen_t addrlen;
3892     void *addr;
3893     abi_long ret;
3894 
3895     if (get_user_u32(addrlen, target_addrlen_addr))
3896         return -TARGET_EFAULT;
3897 
3898     if ((int)addrlen < 0) {
3899         return -TARGET_EINVAL;
3900     }
3901 
3902     if (!access_ok(VERIFY_WRITE, target_addr, addrlen))
3903         return -TARGET_EFAULT;
3904 
3905     addr = alloca(addrlen);
3906 
3907     ret = get_errno(getpeername(fd, addr, &addrlen));
3908     if (!is_error(ret)) {
3909         host_to_target_sockaddr(target_addr, addr, addrlen);
3910         if (put_user_u32(addrlen, target_addrlen_addr))
3911             ret = -TARGET_EFAULT;
3912     }
3913     return ret;
3914 }
3915 
3916 /* do_getsockname() Must return target values and target errnos. */
3917 static abi_long do_getsockname(int fd, abi_ulong target_addr,
3918                                abi_ulong target_addrlen_addr)
3919 {
3920     socklen_t addrlen;
3921     void *addr;
3922     abi_long ret;
3923 
3924     if (get_user_u32(addrlen, target_addrlen_addr))
3925         return -TARGET_EFAULT;
3926 
3927     if ((int)addrlen < 0) {
3928         return -TARGET_EINVAL;
3929     }
3930 
3931     if (!access_ok(VERIFY_WRITE, target_addr, addrlen))
3932         return -TARGET_EFAULT;
3933 
3934     addr = alloca(addrlen);
3935 
3936     ret = get_errno(getsockname(fd, addr, &addrlen));
3937     if (!is_error(ret)) {
3938         host_to_target_sockaddr(target_addr, addr, addrlen);
3939         if (put_user_u32(addrlen, target_addrlen_addr))
3940             ret = -TARGET_EFAULT;
3941     }
3942     return ret;
3943 }
3944 
3945 /* do_socketpair() Must return target values and target errnos. */
3946 static abi_long do_socketpair(int domain, int type, int protocol,
3947                               abi_ulong target_tab_addr)
3948 {
3949     int tab[2];
3950     abi_long ret;
3951 
3952     target_to_host_sock_type(&type);
3953 
3954     ret = get_errno(socketpair(domain, type, protocol, tab));
3955     if (!is_error(ret)) {
3956         if (put_user_s32(tab[0], target_tab_addr)
3957             || put_user_s32(tab[1], target_tab_addr + sizeof(tab[0])))
3958             ret = -TARGET_EFAULT;
3959     }
3960     return ret;
3961 }
3962 
3963 /* do_sendto() Must return target values and target errnos. */
3964 static abi_long do_sendto(int fd, abi_ulong msg, size_t len, int flags,
3965                           abi_ulong target_addr, socklen_t addrlen)
3966 {
3967     void *addr;
3968     void *host_msg;
3969     void *copy_msg = NULL;
3970     abi_long ret;
3971 
3972     if ((int)addrlen < 0) {
3973         return -TARGET_EINVAL;
3974     }
3975 
3976     host_msg = lock_user(VERIFY_READ, msg, len, 1);
3977     if (!host_msg)
3978         return -TARGET_EFAULT;
3979     if (fd_trans_target_to_host_data(fd)) {
3980         copy_msg = host_msg;
3981         host_msg = g_malloc(len);
3982         memcpy(host_msg, copy_msg, len);
3983         ret = fd_trans_target_to_host_data(fd)(host_msg, len);
3984         if (ret < 0) {
3985             goto fail;
3986         }
3987     }
3988     if (target_addr) {
3989         addr = alloca(addrlen+1);
3990         ret = target_to_host_sockaddr(fd, addr, target_addr, addrlen);
3991         if (ret) {
3992             goto fail;
3993         }
3994         ret = get_errno(safe_sendto(fd, host_msg, len, flags, addr, addrlen));
3995     } else {
3996         ret = get_errno(safe_sendto(fd, host_msg, len, flags, NULL, 0));
3997     }
3998 fail:
3999     if (copy_msg) {
4000         g_free(host_msg);
4001         host_msg = copy_msg;
4002     }
4003     unlock_user(host_msg, msg, 0);
4004     return ret;
4005 }
4006 
4007 /* do_recvfrom() Must return target values and target errnos. */
4008 static abi_long do_recvfrom(int fd, abi_ulong msg, size_t len, int flags,
4009                             abi_ulong target_addr,
4010                             abi_ulong target_addrlen)
4011 {
4012     socklen_t addrlen;
4013     void *addr;
4014     void *host_msg;
4015     abi_long ret;
4016 
4017     host_msg = lock_user(VERIFY_WRITE, msg, len, 0);
4018     if (!host_msg)
4019         return -TARGET_EFAULT;
4020     if (target_addr) {
4021         if (get_user_u32(addrlen, target_addrlen)) {
4022             ret = -TARGET_EFAULT;
4023             goto fail;
4024         }
4025         if ((int)addrlen < 0) {
4026             ret = -TARGET_EINVAL;
4027             goto fail;
4028         }
4029         addr = alloca(addrlen);
4030         ret = get_errno(safe_recvfrom(fd, host_msg, len, flags,
4031                                       addr, &addrlen));
4032     } else {
4033         addr = NULL; /* To keep compiler quiet.  */
4034         ret = get_errno(safe_recvfrom(fd, host_msg, len, flags, NULL, 0));
4035     }
4036     if (!is_error(ret)) {
4037         if (fd_trans_host_to_target_data(fd)) {
4038             ret = fd_trans_host_to_target_data(fd)(host_msg, ret);
4039         }
4040         if (target_addr) {
4041             host_to_target_sockaddr(target_addr, addr, addrlen);
4042             if (put_user_u32(addrlen, target_addrlen)) {
4043                 ret = -TARGET_EFAULT;
4044                 goto fail;
4045             }
4046         }
4047         unlock_user(host_msg, msg, len);
4048     } else {
4049 fail:
4050         unlock_user(host_msg, msg, 0);
4051     }
4052     return ret;
4053 }
4054 
4055 #ifdef TARGET_NR_socketcall
4056 /* do_socketcall() must return target values and target errnos. */
4057 static abi_long do_socketcall(int num, abi_ulong vptr)
4058 {
4059     static const unsigned nargs[] = { /* number of arguments per operation */
4060         [TARGET_SYS_SOCKET] = 3,      /* domain, type, protocol */
4061         [TARGET_SYS_BIND] = 3,        /* fd, addr, addrlen */
4062         [TARGET_SYS_CONNECT] = 3,     /* fd, addr, addrlen */
4063         [TARGET_SYS_LISTEN] = 2,      /* fd, backlog */
4064         [TARGET_SYS_ACCEPT] = 3,      /* fd, addr, addrlen */
4065         [TARGET_SYS_GETSOCKNAME] = 3, /* fd, addr, addrlen */
4066         [TARGET_SYS_GETPEERNAME] = 3, /* fd, addr, addrlen */
4067         [TARGET_SYS_SOCKETPAIR] = 4,  /* domain, type, protocol, tab */
4068         [TARGET_SYS_SEND] = 4,        /* fd, msg, len, flags */
4069         [TARGET_SYS_RECV] = 4,        /* fd, msg, len, flags */
4070         [TARGET_SYS_SENDTO] = 6,      /* fd, msg, len, flags, addr, addrlen */
4071         [TARGET_SYS_RECVFROM] = 6,    /* fd, msg, len, flags, addr, addrlen */
4072         [TARGET_SYS_SHUTDOWN] = 2,    /* fd, how */
4073         [TARGET_SYS_SETSOCKOPT] = 5,  /* fd, level, optname, optval, optlen */
4074         [TARGET_SYS_GETSOCKOPT] = 5,  /* fd, level, optname, optval, optlen */
4075         [TARGET_SYS_SENDMSG] = 3,     /* fd, msg, flags */
4076         [TARGET_SYS_RECVMSG] = 3,     /* fd, msg, flags */
4077         [TARGET_SYS_ACCEPT4] = 4,     /* fd, addr, addrlen, flags */
4078         [TARGET_SYS_RECVMMSG] = 4,    /* fd, msgvec, vlen, flags */
4079         [TARGET_SYS_SENDMMSG] = 4,    /* fd, msgvec, vlen, flags */
4080     };
4081     abi_long a[6]; /* max 6 args */
4082     unsigned i;
4083 
4084     /* check the range of the first argument num */
4085     /* (TARGET_SYS_SENDMMSG is the highest among TARGET_SYS_xxx) */
4086     if (num < 1 || num > TARGET_SYS_SENDMMSG) {
4087         return -TARGET_EINVAL;
4088     }
4089     /* ensure we have space for args */
4090     if (nargs[num] > ARRAY_SIZE(a)) {
4091         return -TARGET_EINVAL;
4092     }
4093     /* collect the arguments in a[] according to nargs[] */
4094     for (i = 0; i < nargs[num]; ++i) {
4095         if (get_user_ual(a[i], vptr + i * sizeof(abi_long)) != 0) {
4096             return -TARGET_EFAULT;
4097         }
4098     }
4099     /* now when we have the args, invoke the appropriate underlying function */
4100     switch (num) {
4101     case TARGET_SYS_SOCKET: /* domain, type, protocol */
4102         return do_socket(a[0], a[1], a[2]);
4103     case TARGET_SYS_BIND: /* sockfd, addr, addrlen */
4104         return do_bind(a[0], a[1], a[2]);
4105     case TARGET_SYS_CONNECT: /* sockfd, addr, addrlen */
4106         return do_connect(a[0], a[1], a[2]);
4107     case TARGET_SYS_LISTEN: /* sockfd, backlog */
4108         return get_errno(listen(a[0], a[1]));
4109     case TARGET_SYS_ACCEPT: /* sockfd, addr, addrlen */
4110         return do_accept4(a[0], a[1], a[2], 0);
4111     case TARGET_SYS_GETSOCKNAME: /* sockfd, addr, addrlen */
4112         return do_getsockname(a[0], a[1], a[2]);
4113     case TARGET_SYS_GETPEERNAME: /* sockfd, addr, addrlen */
4114         return do_getpeername(a[0], a[1], a[2]);
4115     case TARGET_SYS_SOCKETPAIR: /* domain, type, protocol, tab */
4116         return do_socketpair(a[0], a[1], a[2], a[3]);
4117     case TARGET_SYS_SEND: /* sockfd, msg, len, flags */
4118         return do_sendto(a[0], a[1], a[2], a[3], 0, 0);
4119     case TARGET_SYS_RECV: /* sockfd, msg, len, flags */
4120         return do_recvfrom(a[0], a[1], a[2], a[3], 0, 0);
4121     case TARGET_SYS_SENDTO: /* sockfd, msg, len, flags, addr, addrlen */
4122         return do_sendto(a[0], a[1], a[2], a[3], a[4], a[5]);
4123     case TARGET_SYS_RECVFROM: /* sockfd, msg, len, flags, addr, addrlen */
4124         return do_recvfrom(a[0], a[1], a[2], a[3], a[4], a[5]);
4125     case TARGET_SYS_SHUTDOWN: /* sockfd, how */
4126         return get_errno(shutdown(a[0], a[1]));
4127     case TARGET_SYS_SETSOCKOPT: /* sockfd, level, optname, optval, optlen */
4128         return do_setsockopt(a[0], a[1], a[2], a[3], a[4]);
4129     case TARGET_SYS_GETSOCKOPT: /* sockfd, level, optname, optval, optlen */
4130         return do_getsockopt(a[0], a[1], a[2], a[3], a[4]);
4131     case TARGET_SYS_SENDMSG: /* sockfd, msg, flags */
4132         return do_sendrecvmsg(a[0], a[1], a[2], 1);
4133     case TARGET_SYS_RECVMSG: /* sockfd, msg, flags */
4134         return do_sendrecvmsg(a[0], a[1], a[2], 0);
4135     case TARGET_SYS_ACCEPT4: /* sockfd, addr, addrlen, flags */
4136         return do_accept4(a[0], a[1], a[2], a[3]);
4137     case TARGET_SYS_RECVMMSG: /* sockfd, msgvec, vlen, flags */
4138         return do_sendrecvmmsg(a[0], a[1], a[2], a[3], 0);
4139     case TARGET_SYS_SENDMMSG: /* sockfd, msgvec, vlen, flags */
4140         return do_sendrecvmmsg(a[0], a[1], a[2], a[3], 1);
4141     default:
4142         gemu_log("Unsupported socketcall: %d\n", num);
4143         return -TARGET_EINVAL;
4144     }
4145 }
4146 #endif
4147 
4148 #define N_SHM_REGIONS	32
4149 
4150 static struct shm_region {
4151     abi_ulong start;
4152     abi_ulong size;
4153     bool in_use;
4154 } shm_regions[N_SHM_REGIONS];
4155 
4156 #ifndef TARGET_SEMID64_DS
4157 /* asm-generic version of this struct */
4158 struct target_semid64_ds
4159 {
4160   struct target_ipc_perm sem_perm;
4161   abi_ulong sem_otime;
4162 #if TARGET_ABI_BITS == 32
4163   abi_ulong __unused1;
4164 #endif
4165   abi_ulong sem_ctime;
4166 #if TARGET_ABI_BITS == 32
4167   abi_ulong __unused2;
4168 #endif
4169   abi_ulong sem_nsems;
4170   abi_ulong __unused3;
4171   abi_ulong __unused4;
4172 };
4173 #endif
4174 
4175 static inline abi_long target_to_host_ipc_perm(struct ipc_perm *host_ip,
4176                                                abi_ulong target_addr)
4177 {
4178     struct target_ipc_perm *target_ip;
4179     struct target_semid64_ds *target_sd;
4180 
4181     if (!lock_user_struct(VERIFY_READ, target_sd, target_addr, 1))
4182         return -TARGET_EFAULT;
4183     target_ip = &(target_sd->sem_perm);
4184     host_ip->__key = tswap32(target_ip->__key);
4185     host_ip->uid = tswap32(target_ip->uid);
4186     host_ip->gid = tswap32(target_ip->gid);
4187     host_ip->cuid = tswap32(target_ip->cuid);
4188     host_ip->cgid = tswap32(target_ip->cgid);
4189 #if defined(TARGET_ALPHA) || defined(TARGET_MIPS) || defined(TARGET_PPC)
4190     host_ip->mode = tswap32(target_ip->mode);
4191 #else
4192     host_ip->mode = tswap16(target_ip->mode);
4193 #endif
4194 #if defined(TARGET_PPC)
4195     host_ip->__seq = tswap32(target_ip->__seq);
4196 #else
4197     host_ip->__seq = tswap16(target_ip->__seq);
4198 #endif
4199     unlock_user_struct(target_sd, target_addr, 0);
4200     return 0;
4201 }
4202 
4203 static inline abi_long host_to_target_ipc_perm(abi_ulong target_addr,
4204                                                struct ipc_perm *host_ip)
4205 {
4206     struct target_ipc_perm *target_ip;
4207     struct target_semid64_ds *target_sd;
4208 
4209     if (!lock_user_struct(VERIFY_WRITE, target_sd, target_addr, 0))
4210         return -TARGET_EFAULT;
4211     target_ip = &(target_sd->sem_perm);
4212     target_ip->__key = tswap32(host_ip->__key);
4213     target_ip->uid = tswap32(host_ip->uid);
4214     target_ip->gid = tswap32(host_ip->gid);
4215     target_ip->cuid = tswap32(host_ip->cuid);
4216     target_ip->cgid = tswap32(host_ip->cgid);
4217 #if defined(TARGET_ALPHA) || defined(TARGET_MIPS) || defined(TARGET_PPC)
4218     target_ip->mode = tswap32(host_ip->mode);
4219 #else
4220     target_ip->mode = tswap16(host_ip->mode);
4221 #endif
4222 #if defined(TARGET_PPC)
4223     target_ip->__seq = tswap32(host_ip->__seq);
4224 #else
4225     target_ip->__seq = tswap16(host_ip->__seq);
4226 #endif
4227     unlock_user_struct(target_sd, target_addr, 1);
4228     return 0;
4229 }
4230 
4231 static inline abi_long target_to_host_semid_ds(struct semid_ds *host_sd,
4232                                                abi_ulong target_addr)
4233 {
4234     struct target_semid64_ds *target_sd;
4235 
4236     if (!lock_user_struct(VERIFY_READ, target_sd, target_addr, 1))
4237         return -TARGET_EFAULT;
4238     if (target_to_host_ipc_perm(&(host_sd->sem_perm),target_addr))
4239         return -TARGET_EFAULT;
4240     host_sd->sem_nsems = tswapal(target_sd->sem_nsems);
4241     host_sd->sem_otime = tswapal(target_sd->sem_otime);
4242     host_sd->sem_ctime = tswapal(target_sd->sem_ctime);
4243     unlock_user_struct(target_sd, target_addr, 0);
4244     return 0;
4245 }
4246 
4247 static inline abi_long host_to_target_semid_ds(abi_ulong target_addr,
4248                                                struct semid_ds *host_sd)
4249 {
4250     struct target_semid64_ds *target_sd;
4251 
4252     if (!lock_user_struct(VERIFY_WRITE, target_sd, target_addr, 0))
4253         return -TARGET_EFAULT;
4254     if (host_to_target_ipc_perm(target_addr,&(host_sd->sem_perm)))
4255         return -TARGET_EFAULT;
4256     target_sd->sem_nsems = tswapal(host_sd->sem_nsems);
4257     target_sd->sem_otime = tswapal(host_sd->sem_otime);
4258     target_sd->sem_ctime = tswapal(host_sd->sem_ctime);
4259     unlock_user_struct(target_sd, target_addr, 1);
4260     return 0;
4261 }
4262 
4263 struct target_seminfo {
4264     int semmap;
4265     int semmni;
4266     int semmns;
4267     int semmnu;
4268     int semmsl;
4269     int semopm;
4270     int semume;
4271     int semusz;
4272     int semvmx;
4273     int semaem;
4274 };
4275 
4276 static inline abi_long host_to_target_seminfo(abi_ulong target_addr,
4277                                               struct seminfo *host_seminfo)
4278 {
4279     struct target_seminfo *target_seminfo;
4280     if (!lock_user_struct(VERIFY_WRITE, target_seminfo, target_addr, 0))
4281         return -TARGET_EFAULT;
4282     __put_user(host_seminfo->semmap, &target_seminfo->semmap);
4283     __put_user(host_seminfo->semmni, &target_seminfo->semmni);
4284     __put_user(host_seminfo->semmns, &target_seminfo->semmns);
4285     __put_user(host_seminfo->semmnu, &target_seminfo->semmnu);
4286     __put_user(host_seminfo->semmsl, &target_seminfo->semmsl);
4287     __put_user(host_seminfo->semopm, &target_seminfo->semopm);
4288     __put_user(host_seminfo->semume, &target_seminfo->semume);
4289     __put_user(host_seminfo->semusz, &target_seminfo->semusz);
4290     __put_user(host_seminfo->semvmx, &target_seminfo->semvmx);
4291     __put_user(host_seminfo->semaem, &target_seminfo->semaem);
4292     unlock_user_struct(target_seminfo, target_addr, 1);
4293     return 0;
4294 }
4295 
4296 union semun {
4297 	int val;
4298 	struct semid_ds *buf;
4299 	unsigned short *array;
4300 	struct seminfo *__buf;
4301 };
4302 
4303 union target_semun {
4304 	int val;
4305 	abi_ulong buf;
4306 	abi_ulong array;
4307 	abi_ulong __buf;
4308 };
4309 
4310 static inline abi_long target_to_host_semarray(int semid, unsigned short **host_array,
4311                                                abi_ulong target_addr)
4312 {
4313     int nsems;
4314     unsigned short *array;
4315     union semun semun;
4316     struct semid_ds semid_ds;
4317     int i, ret;
4318 
4319     semun.buf = &semid_ds;
4320 
4321     ret = semctl(semid, 0, IPC_STAT, semun);
4322     if (ret == -1)
4323         return get_errno(ret);
4324 
4325     nsems = semid_ds.sem_nsems;
4326 
4327     *host_array = g_try_new(unsigned short, nsems);
4328     if (!*host_array) {
4329         return -TARGET_ENOMEM;
4330     }
4331     array = lock_user(VERIFY_READ, target_addr,
4332                       nsems*sizeof(unsigned short), 1);
4333     if (!array) {
4334         g_free(*host_array);
4335         return -TARGET_EFAULT;
4336     }
4337 
4338     for(i=0; i<nsems; i++) {
4339         __get_user((*host_array)[i], &array[i]);
4340     }
4341     unlock_user(array, target_addr, 0);
4342 
4343     return 0;
4344 }
4345 
4346 static inline abi_long host_to_target_semarray(int semid, abi_ulong target_addr,
4347                                                unsigned short **host_array)
4348 {
4349     int nsems;
4350     unsigned short *array;
4351     union semun semun;
4352     struct semid_ds semid_ds;
4353     int i, ret;
4354 
4355     semun.buf = &semid_ds;
4356 
4357     ret = semctl(semid, 0, IPC_STAT, semun);
4358     if (ret == -1)
4359         return get_errno(ret);
4360 
4361     nsems = semid_ds.sem_nsems;
4362 
4363     array = lock_user(VERIFY_WRITE, target_addr,
4364                       nsems*sizeof(unsigned short), 0);
4365     if (!array)
4366         return -TARGET_EFAULT;
4367 
4368     for(i=0; i<nsems; i++) {
4369         __put_user((*host_array)[i], &array[i]);
4370     }
4371     g_free(*host_array);
4372     unlock_user(array, target_addr, 1);
4373 
4374     return 0;
4375 }
4376 
4377 static inline abi_long do_semctl(int semid, int semnum, int cmd,
4378                                  abi_ulong target_arg)
4379 {
4380     union target_semun target_su = { .buf = target_arg };
4381     union semun arg;
4382     struct semid_ds dsarg;
4383     unsigned short *array = NULL;
4384     struct seminfo seminfo;
4385     abi_long ret = -TARGET_EINVAL;
4386     abi_long err;
4387     cmd &= 0xff;
4388 
4389     switch( cmd ) {
4390 	case GETVAL:
4391 	case SETVAL:
4392             /* In 64 bit cross-endian situations, we will erroneously pick up
4393              * the wrong half of the union for the "val" element.  To rectify
4394              * this, the entire 8-byte structure is byteswapped, followed by
4395 	     * a swap of the 4 byte val field. In other cases, the data is
4396 	     * already in proper host byte order. */
4397 	    if (sizeof(target_su.val) != (sizeof(target_su.buf))) {
4398 		target_su.buf = tswapal(target_su.buf);
4399 		arg.val = tswap32(target_su.val);
4400 	    } else {
4401 		arg.val = target_su.val;
4402 	    }
4403             ret = get_errno(semctl(semid, semnum, cmd, arg));
4404             break;
4405 	case GETALL:
4406 	case SETALL:
4407             err = target_to_host_semarray(semid, &array, target_su.array);
4408             if (err)
4409                 return err;
4410             arg.array = array;
4411             ret = get_errno(semctl(semid, semnum, cmd, arg));
4412             err = host_to_target_semarray(semid, target_su.array, &array);
4413             if (err)
4414                 return err;
4415             break;
4416 	case IPC_STAT:
4417 	case IPC_SET:
4418 	case SEM_STAT:
4419             err = target_to_host_semid_ds(&dsarg, target_su.buf);
4420             if (err)
4421                 return err;
4422             arg.buf = &dsarg;
4423             ret = get_errno(semctl(semid, semnum, cmd, arg));
4424             err = host_to_target_semid_ds(target_su.buf, &dsarg);
4425             if (err)
4426                 return err;
4427             break;
4428 	case IPC_INFO:
4429 	case SEM_INFO:
4430             arg.__buf = &seminfo;
4431             ret = get_errno(semctl(semid, semnum, cmd, arg));
4432             err = host_to_target_seminfo(target_su.__buf, &seminfo);
4433             if (err)
4434                 return err;
4435             break;
4436 	case IPC_RMID:
4437 	case GETPID:
4438 	case GETNCNT:
4439 	case GETZCNT:
4440             ret = get_errno(semctl(semid, semnum, cmd, NULL));
4441             break;
4442     }
4443 
4444     return ret;
4445 }
4446 
4447 struct target_sembuf {
4448     unsigned short sem_num;
4449     short sem_op;
4450     short sem_flg;
4451 };
4452 
4453 static inline abi_long target_to_host_sembuf(struct sembuf *host_sembuf,
4454                                              abi_ulong target_addr,
4455                                              unsigned nsops)
4456 {
4457     struct target_sembuf *target_sembuf;
4458     int i;
4459 
4460     target_sembuf = lock_user(VERIFY_READ, target_addr,
4461                               nsops*sizeof(struct target_sembuf), 1);
4462     if (!target_sembuf)
4463         return -TARGET_EFAULT;
4464 
4465     for(i=0; i<nsops; i++) {
4466         __get_user(host_sembuf[i].sem_num, &target_sembuf[i].sem_num);
4467         __get_user(host_sembuf[i].sem_op, &target_sembuf[i].sem_op);
4468         __get_user(host_sembuf[i].sem_flg, &target_sembuf[i].sem_flg);
4469     }
4470 
4471     unlock_user(target_sembuf, target_addr, 0);
4472 
4473     return 0;
4474 }
4475 
4476 static inline abi_long do_semop(int semid, abi_long ptr, unsigned nsops)
4477 {
4478     struct sembuf sops[nsops];
4479 
4480     if (target_to_host_sembuf(sops, ptr, nsops))
4481         return -TARGET_EFAULT;
4482 
4483     return get_errno(safe_semtimedop(semid, sops, nsops, NULL));
4484 }
4485 
4486 struct target_msqid_ds
4487 {
4488     struct target_ipc_perm msg_perm;
4489     abi_ulong msg_stime;
4490 #if TARGET_ABI_BITS == 32
4491     abi_ulong __unused1;
4492 #endif
4493     abi_ulong msg_rtime;
4494 #if TARGET_ABI_BITS == 32
4495     abi_ulong __unused2;
4496 #endif
4497     abi_ulong msg_ctime;
4498 #if TARGET_ABI_BITS == 32
4499     abi_ulong __unused3;
4500 #endif
4501     abi_ulong __msg_cbytes;
4502     abi_ulong msg_qnum;
4503     abi_ulong msg_qbytes;
4504     abi_ulong msg_lspid;
4505     abi_ulong msg_lrpid;
4506     abi_ulong __unused4;
4507     abi_ulong __unused5;
4508 };
4509 
4510 static inline abi_long target_to_host_msqid_ds(struct msqid_ds *host_md,
4511                                                abi_ulong target_addr)
4512 {
4513     struct target_msqid_ds *target_md;
4514 
4515     if (!lock_user_struct(VERIFY_READ, target_md, target_addr, 1))
4516         return -TARGET_EFAULT;
4517     if (target_to_host_ipc_perm(&(host_md->msg_perm),target_addr))
4518         return -TARGET_EFAULT;
4519     host_md->msg_stime = tswapal(target_md->msg_stime);
4520     host_md->msg_rtime = tswapal(target_md->msg_rtime);
4521     host_md->msg_ctime = tswapal(target_md->msg_ctime);
4522     host_md->__msg_cbytes = tswapal(target_md->__msg_cbytes);
4523     host_md->msg_qnum = tswapal(target_md->msg_qnum);
4524     host_md->msg_qbytes = tswapal(target_md->msg_qbytes);
4525     host_md->msg_lspid = tswapal(target_md->msg_lspid);
4526     host_md->msg_lrpid = tswapal(target_md->msg_lrpid);
4527     unlock_user_struct(target_md, target_addr, 0);
4528     return 0;
4529 }
4530 
4531 static inline abi_long host_to_target_msqid_ds(abi_ulong target_addr,
4532                                                struct msqid_ds *host_md)
4533 {
4534     struct target_msqid_ds *target_md;
4535 
4536     if (!lock_user_struct(VERIFY_WRITE, target_md, target_addr, 0))
4537         return -TARGET_EFAULT;
4538     if (host_to_target_ipc_perm(target_addr,&(host_md->msg_perm)))
4539         return -TARGET_EFAULT;
4540     target_md->msg_stime = tswapal(host_md->msg_stime);
4541     target_md->msg_rtime = tswapal(host_md->msg_rtime);
4542     target_md->msg_ctime = tswapal(host_md->msg_ctime);
4543     target_md->__msg_cbytes = tswapal(host_md->__msg_cbytes);
4544     target_md->msg_qnum = tswapal(host_md->msg_qnum);
4545     target_md->msg_qbytes = tswapal(host_md->msg_qbytes);
4546     target_md->msg_lspid = tswapal(host_md->msg_lspid);
4547     target_md->msg_lrpid = tswapal(host_md->msg_lrpid);
4548     unlock_user_struct(target_md, target_addr, 1);
4549     return 0;
4550 }
4551 
4552 struct target_msginfo {
4553     int msgpool;
4554     int msgmap;
4555     int msgmax;
4556     int msgmnb;
4557     int msgmni;
4558     int msgssz;
4559     int msgtql;
4560     unsigned short int msgseg;
4561 };
4562 
4563 static inline abi_long host_to_target_msginfo(abi_ulong target_addr,
4564                                               struct msginfo *host_msginfo)
4565 {
4566     struct target_msginfo *target_msginfo;
4567     if (!lock_user_struct(VERIFY_WRITE, target_msginfo, target_addr, 0))
4568         return -TARGET_EFAULT;
4569     __put_user(host_msginfo->msgpool, &target_msginfo->msgpool);
4570     __put_user(host_msginfo->msgmap, &target_msginfo->msgmap);
4571     __put_user(host_msginfo->msgmax, &target_msginfo->msgmax);
4572     __put_user(host_msginfo->msgmnb, &target_msginfo->msgmnb);
4573     __put_user(host_msginfo->msgmni, &target_msginfo->msgmni);
4574     __put_user(host_msginfo->msgssz, &target_msginfo->msgssz);
4575     __put_user(host_msginfo->msgtql, &target_msginfo->msgtql);
4576     __put_user(host_msginfo->msgseg, &target_msginfo->msgseg);
4577     unlock_user_struct(target_msginfo, target_addr, 1);
4578     return 0;
4579 }
4580 
4581 static inline abi_long do_msgctl(int msgid, int cmd, abi_long ptr)
4582 {
4583     struct msqid_ds dsarg;
4584     struct msginfo msginfo;
4585     abi_long ret = -TARGET_EINVAL;
4586 
4587     cmd &= 0xff;
4588 
4589     switch (cmd) {
4590     case IPC_STAT:
4591     case IPC_SET:
4592     case MSG_STAT:
4593         if (target_to_host_msqid_ds(&dsarg,ptr))
4594             return -TARGET_EFAULT;
4595         ret = get_errno(msgctl(msgid, cmd, &dsarg));
4596         if (host_to_target_msqid_ds(ptr,&dsarg))
4597             return -TARGET_EFAULT;
4598         break;
4599     case IPC_RMID:
4600         ret = get_errno(msgctl(msgid, cmd, NULL));
4601         break;
4602     case IPC_INFO:
4603     case MSG_INFO:
4604         ret = get_errno(msgctl(msgid, cmd, (struct msqid_ds *)&msginfo));
4605         if (host_to_target_msginfo(ptr, &msginfo))
4606             return -TARGET_EFAULT;
4607         break;
4608     }
4609 
4610     return ret;
4611 }
4612 
4613 struct target_msgbuf {
4614     abi_long mtype;
4615     char	mtext[1];
4616 };
4617 
4618 static inline abi_long do_msgsnd(int msqid, abi_long msgp,
4619                                  ssize_t msgsz, int msgflg)
4620 {
4621     struct target_msgbuf *target_mb;
4622     struct msgbuf *host_mb;
4623     abi_long ret = 0;
4624 
4625     if (msgsz < 0) {
4626         return -TARGET_EINVAL;
4627     }
4628 
4629     if (!lock_user_struct(VERIFY_READ, target_mb, msgp, 0))
4630         return -TARGET_EFAULT;
4631     host_mb = g_try_malloc(msgsz + sizeof(long));
4632     if (!host_mb) {
4633         unlock_user_struct(target_mb, msgp, 0);
4634         return -TARGET_ENOMEM;
4635     }
4636     host_mb->mtype = (abi_long) tswapal(target_mb->mtype);
4637     memcpy(host_mb->mtext, target_mb->mtext, msgsz);
4638     ret = get_errno(safe_msgsnd(msqid, host_mb, msgsz, msgflg));
4639     g_free(host_mb);
4640     unlock_user_struct(target_mb, msgp, 0);
4641 
4642     return ret;
4643 }
4644 
4645 static inline abi_long do_msgrcv(int msqid, abi_long msgp,
4646                                  ssize_t msgsz, abi_long msgtyp,
4647                                  int msgflg)
4648 {
4649     struct target_msgbuf *target_mb;
4650     char *target_mtext;
4651     struct msgbuf *host_mb;
4652     abi_long ret = 0;
4653 
4654     if (msgsz < 0) {
4655         return -TARGET_EINVAL;
4656     }
4657 
4658     if (!lock_user_struct(VERIFY_WRITE, target_mb, msgp, 0))
4659         return -TARGET_EFAULT;
4660 
4661     host_mb = g_try_malloc(msgsz + sizeof(long));
4662     if (!host_mb) {
4663         ret = -TARGET_ENOMEM;
4664         goto end;
4665     }
4666     ret = get_errno(safe_msgrcv(msqid, host_mb, msgsz, msgtyp, msgflg));
4667 
4668     if (ret > 0) {
4669         abi_ulong target_mtext_addr = msgp + sizeof(abi_ulong);
4670         target_mtext = lock_user(VERIFY_WRITE, target_mtext_addr, ret, 0);
4671         if (!target_mtext) {
4672             ret = -TARGET_EFAULT;
4673             goto end;
4674         }
4675         memcpy(target_mb->mtext, host_mb->mtext, ret);
4676         unlock_user(target_mtext, target_mtext_addr, ret);
4677     }
4678 
4679     target_mb->mtype = tswapal(host_mb->mtype);
4680 
4681 end:
4682     if (target_mb)
4683         unlock_user_struct(target_mb, msgp, 1);
4684     g_free(host_mb);
4685     return ret;
4686 }
4687 
4688 static inline abi_long target_to_host_shmid_ds(struct shmid_ds *host_sd,
4689                                                abi_ulong target_addr)
4690 {
4691     struct target_shmid_ds *target_sd;
4692 
4693     if (!lock_user_struct(VERIFY_READ, target_sd, target_addr, 1))
4694         return -TARGET_EFAULT;
4695     if (target_to_host_ipc_perm(&(host_sd->shm_perm), target_addr))
4696         return -TARGET_EFAULT;
4697     __get_user(host_sd->shm_segsz, &target_sd->shm_segsz);
4698     __get_user(host_sd->shm_atime, &target_sd->shm_atime);
4699     __get_user(host_sd->shm_dtime, &target_sd->shm_dtime);
4700     __get_user(host_sd->shm_ctime, &target_sd->shm_ctime);
4701     __get_user(host_sd->shm_cpid, &target_sd->shm_cpid);
4702     __get_user(host_sd->shm_lpid, &target_sd->shm_lpid);
4703     __get_user(host_sd->shm_nattch, &target_sd->shm_nattch);
4704     unlock_user_struct(target_sd, target_addr, 0);
4705     return 0;
4706 }
4707 
4708 static inline abi_long host_to_target_shmid_ds(abi_ulong target_addr,
4709                                                struct shmid_ds *host_sd)
4710 {
4711     struct target_shmid_ds *target_sd;
4712 
4713     if (!lock_user_struct(VERIFY_WRITE, target_sd, target_addr, 0))
4714         return -TARGET_EFAULT;
4715     if (host_to_target_ipc_perm(target_addr, &(host_sd->shm_perm)))
4716         return -TARGET_EFAULT;
4717     __put_user(host_sd->shm_segsz, &target_sd->shm_segsz);
4718     __put_user(host_sd->shm_atime, &target_sd->shm_atime);
4719     __put_user(host_sd->shm_dtime, &target_sd->shm_dtime);
4720     __put_user(host_sd->shm_ctime, &target_sd->shm_ctime);
4721     __put_user(host_sd->shm_cpid, &target_sd->shm_cpid);
4722     __put_user(host_sd->shm_lpid, &target_sd->shm_lpid);
4723     __put_user(host_sd->shm_nattch, &target_sd->shm_nattch);
4724     unlock_user_struct(target_sd, target_addr, 1);
4725     return 0;
4726 }
4727 
4728 struct  target_shminfo {
4729     abi_ulong shmmax;
4730     abi_ulong shmmin;
4731     abi_ulong shmmni;
4732     abi_ulong shmseg;
4733     abi_ulong shmall;
4734 };
4735 
4736 static inline abi_long host_to_target_shminfo(abi_ulong target_addr,
4737                                               struct shminfo *host_shminfo)
4738 {
4739     struct target_shminfo *target_shminfo;
4740     if (!lock_user_struct(VERIFY_WRITE, target_shminfo, target_addr, 0))
4741         return -TARGET_EFAULT;
4742     __put_user(host_shminfo->shmmax, &target_shminfo->shmmax);
4743     __put_user(host_shminfo->shmmin, &target_shminfo->shmmin);
4744     __put_user(host_shminfo->shmmni, &target_shminfo->shmmni);
4745     __put_user(host_shminfo->shmseg, &target_shminfo->shmseg);
4746     __put_user(host_shminfo->shmall, &target_shminfo->shmall);
4747     unlock_user_struct(target_shminfo, target_addr, 1);
4748     return 0;
4749 }
4750 
4751 struct target_shm_info {
4752     int used_ids;
4753     abi_ulong shm_tot;
4754     abi_ulong shm_rss;
4755     abi_ulong shm_swp;
4756     abi_ulong swap_attempts;
4757     abi_ulong swap_successes;
4758 };
4759 
4760 static inline abi_long host_to_target_shm_info(abi_ulong target_addr,
4761                                                struct shm_info *host_shm_info)
4762 {
4763     struct target_shm_info *target_shm_info;
4764     if (!lock_user_struct(VERIFY_WRITE, target_shm_info, target_addr, 0))
4765         return -TARGET_EFAULT;
4766     __put_user(host_shm_info->used_ids, &target_shm_info->used_ids);
4767     __put_user(host_shm_info->shm_tot, &target_shm_info->shm_tot);
4768     __put_user(host_shm_info->shm_rss, &target_shm_info->shm_rss);
4769     __put_user(host_shm_info->shm_swp, &target_shm_info->shm_swp);
4770     __put_user(host_shm_info->swap_attempts, &target_shm_info->swap_attempts);
4771     __put_user(host_shm_info->swap_successes, &target_shm_info->swap_successes);
4772     unlock_user_struct(target_shm_info, target_addr, 1);
4773     return 0;
4774 }
4775 
4776 static inline abi_long do_shmctl(int shmid, int cmd, abi_long buf)
4777 {
4778     struct shmid_ds dsarg;
4779     struct shminfo shminfo;
4780     struct shm_info shm_info;
4781     abi_long ret = -TARGET_EINVAL;
4782 
4783     cmd &= 0xff;
4784 
4785     switch(cmd) {
4786     case IPC_STAT:
4787     case IPC_SET:
4788     case SHM_STAT:
4789         if (target_to_host_shmid_ds(&dsarg, buf))
4790             return -TARGET_EFAULT;
4791         ret = get_errno(shmctl(shmid, cmd, &dsarg));
4792         if (host_to_target_shmid_ds(buf, &dsarg))
4793             return -TARGET_EFAULT;
4794         break;
4795     case IPC_INFO:
4796         ret = get_errno(shmctl(shmid, cmd, (struct shmid_ds *)&shminfo));
4797         if (host_to_target_shminfo(buf, &shminfo))
4798             return -TARGET_EFAULT;
4799         break;
4800     case SHM_INFO:
4801         ret = get_errno(shmctl(shmid, cmd, (struct shmid_ds *)&shm_info));
4802         if (host_to_target_shm_info(buf, &shm_info))
4803             return -TARGET_EFAULT;
4804         break;
4805     case IPC_RMID:
4806     case SHM_LOCK:
4807     case SHM_UNLOCK:
4808         ret = get_errno(shmctl(shmid, cmd, NULL));
4809         break;
4810     }
4811 
4812     return ret;
4813 }
4814 
4815 #ifndef TARGET_FORCE_SHMLBA
4816 /* For most architectures, SHMLBA is the same as the page size;
4817  * some architectures have larger values, in which case they should
4818  * define TARGET_FORCE_SHMLBA and provide a target_shmlba() function.
4819  * This corresponds to the kernel arch code defining __ARCH_FORCE_SHMLBA
4820  * and defining its own value for SHMLBA.
4821  *
4822  * The kernel also permits SHMLBA to be set by the architecture to a
4823  * value larger than the page size without setting __ARCH_FORCE_SHMLBA;
4824  * this means that addresses are rounded to the large size if
4825  * SHM_RND is set but addresses not aligned to that size are not rejected
4826  * as long as they are at least page-aligned. Since the only architecture
4827  * which uses this is ia64 this code doesn't provide for that oddity.
4828  */
4829 static inline abi_ulong target_shmlba(CPUArchState *cpu_env)
4830 {
4831     return TARGET_PAGE_SIZE;
4832 }
4833 #endif
4834 
4835 static inline abi_ulong do_shmat(CPUArchState *cpu_env,
4836                                  int shmid, abi_ulong shmaddr, int shmflg)
4837 {
4838     abi_long raddr;
4839     void *host_raddr;
4840     struct shmid_ds shm_info;
4841     int i,ret;
4842     abi_ulong shmlba;
4843 
4844     /* find out the length of the shared memory segment */
4845     ret = get_errno(shmctl(shmid, IPC_STAT, &shm_info));
4846     if (is_error(ret)) {
4847         /* can't get length, bail out */
4848         return ret;
4849     }
4850 
4851     shmlba = target_shmlba(cpu_env);
4852 
4853     if (shmaddr & (shmlba - 1)) {
4854         if (shmflg & SHM_RND) {
4855             shmaddr &= ~(shmlba - 1);
4856         } else {
4857             return -TARGET_EINVAL;
4858         }
4859     }
4860 
4861     mmap_lock();
4862 
4863     if (shmaddr)
4864         host_raddr = shmat(shmid, (void *)g2h(shmaddr), shmflg);
4865     else {
4866         abi_ulong mmap_start;
4867 
4868         mmap_start = mmap_find_vma(0, shm_info.shm_segsz);
4869 
4870         if (mmap_start == -1) {
4871             errno = ENOMEM;
4872             host_raddr = (void *)-1;
4873         } else
4874             host_raddr = shmat(shmid, g2h(mmap_start), shmflg | SHM_REMAP);
4875     }
4876 
4877     if (host_raddr == (void *)-1) {
4878         mmap_unlock();
4879         return get_errno((long)host_raddr);
4880     }
4881     raddr=h2g((unsigned long)host_raddr);
4882 
4883     page_set_flags(raddr, raddr + shm_info.shm_segsz,
4884                    PAGE_VALID | PAGE_READ |
4885                    ((shmflg & SHM_RDONLY)? 0 : PAGE_WRITE));
4886 
4887     for (i = 0; i < N_SHM_REGIONS; i++) {
4888         if (!shm_regions[i].in_use) {
4889             shm_regions[i].in_use = true;
4890             shm_regions[i].start = raddr;
4891             shm_regions[i].size = shm_info.shm_segsz;
4892             break;
4893         }
4894     }
4895 
4896     mmap_unlock();
4897     return raddr;
4898 
4899 }
4900 
4901 static inline abi_long do_shmdt(abi_ulong shmaddr)
4902 {
4903     int i;
4904 
4905     for (i = 0; i < N_SHM_REGIONS; ++i) {
4906         if (shm_regions[i].in_use && shm_regions[i].start == shmaddr) {
4907             shm_regions[i].in_use = false;
4908             page_set_flags(shmaddr, shmaddr + shm_regions[i].size, 0);
4909             break;
4910         }
4911     }
4912 
4913     return get_errno(shmdt(g2h(shmaddr)));
4914 }
4915 
4916 #ifdef TARGET_NR_ipc
4917 /* ??? This only works with linear mappings.  */
4918 /* do_ipc() must return target values and target errnos. */
4919 static abi_long do_ipc(CPUArchState *cpu_env,
4920                        unsigned int call, abi_long first,
4921                        abi_long second, abi_long third,
4922                        abi_long ptr, abi_long fifth)
4923 {
4924     int version;
4925     abi_long ret = 0;
4926 
4927     version = call >> 16;
4928     call &= 0xffff;
4929 
4930     switch (call) {
4931     case IPCOP_semop:
4932         ret = do_semop(first, ptr, second);
4933         break;
4934 
4935     case IPCOP_semget:
4936         ret = get_errno(semget(first, second, third));
4937         break;
4938 
4939     case IPCOP_semctl: {
4940         /* The semun argument to semctl is passed by value, so dereference the
4941          * ptr argument. */
4942         abi_ulong atptr;
4943         get_user_ual(atptr, ptr);
4944         ret = do_semctl(first, second, third, atptr);
4945         break;
4946     }
4947 
4948     case IPCOP_msgget:
4949         ret = get_errno(msgget(first, second));
4950         break;
4951 
4952     case IPCOP_msgsnd:
4953         ret = do_msgsnd(first, ptr, second, third);
4954         break;
4955 
4956     case IPCOP_msgctl:
4957         ret = do_msgctl(first, second, ptr);
4958         break;
4959 
4960     case IPCOP_msgrcv:
4961         switch (version) {
4962         case 0:
4963             {
4964                 struct target_ipc_kludge {
4965                     abi_long msgp;
4966                     abi_long msgtyp;
4967                 } *tmp;
4968 
4969                 if (!lock_user_struct(VERIFY_READ, tmp, ptr, 1)) {
4970                     ret = -TARGET_EFAULT;
4971                     break;
4972                 }
4973 
4974                 ret = do_msgrcv(first, tswapal(tmp->msgp), second, tswapal(tmp->msgtyp), third);
4975 
4976                 unlock_user_struct(tmp, ptr, 0);
4977                 break;
4978             }
4979         default:
4980             ret = do_msgrcv(first, ptr, second, fifth, third);
4981         }
4982         break;
4983 
4984     case IPCOP_shmat:
4985         switch (version) {
4986         default:
4987         {
4988             abi_ulong raddr;
4989             raddr = do_shmat(cpu_env, first, ptr, second);
4990             if (is_error(raddr))
4991                 return get_errno(raddr);
4992             if (put_user_ual(raddr, third))
4993                 return -TARGET_EFAULT;
4994             break;
4995         }
4996         case 1:
4997             ret = -TARGET_EINVAL;
4998             break;
4999         }
5000 	break;
5001     case IPCOP_shmdt:
5002         ret = do_shmdt(ptr);
5003 	break;
5004 
5005     case IPCOP_shmget:
5006 	/* IPC_* flag values are the same on all linux platforms */
5007 	ret = get_errno(shmget(first, second, third));
5008 	break;
5009 
5010 	/* IPC_* and SHM_* command values are the same on all linux platforms */
5011     case IPCOP_shmctl:
5012         ret = do_shmctl(first, second, ptr);
5013         break;
5014     default:
5015 	gemu_log("Unsupported ipc call: %d (version %d)\n", call, version);
5016 	ret = -TARGET_ENOSYS;
5017 	break;
5018     }
5019     return ret;
5020 }
5021 #endif
5022 
5023 /* kernel structure types definitions */
5024 
5025 #define STRUCT(name, ...) STRUCT_ ## name,
5026 #define STRUCT_SPECIAL(name) STRUCT_ ## name,
5027 enum {
5028 #include "syscall_types.h"
5029 STRUCT_MAX
5030 };
5031 #undef STRUCT
5032 #undef STRUCT_SPECIAL
5033 
5034 #define STRUCT(name, ...) static const argtype struct_ ## name ## _def[] = {  __VA_ARGS__, TYPE_NULL };
5035 #define STRUCT_SPECIAL(name)
5036 #include "syscall_types.h"
5037 #undef STRUCT
5038 #undef STRUCT_SPECIAL
5039 
5040 typedef struct IOCTLEntry IOCTLEntry;
5041 
5042 typedef abi_long do_ioctl_fn(const IOCTLEntry *ie, uint8_t *buf_temp,
5043                              int fd, int cmd, abi_long arg);
5044 
5045 struct IOCTLEntry {
5046     int target_cmd;
5047     unsigned int host_cmd;
5048     const char *name;
5049     int access;
5050     do_ioctl_fn *do_ioctl;
5051     const argtype arg_type[5];
5052 };
5053 
5054 #define IOC_R 0x0001
5055 #define IOC_W 0x0002
5056 #define IOC_RW (IOC_R | IOC_W)
5057 
5058 #define MAX_STRUCT_SIZE 4096
5059 
5060 #ifdef CONFIG_FIEMAP
5061 /* So fiemap access checks don't overflow on 32 bit systems.
5062  * This is very slightly smaller than the limit imposed by
5063  * the underlying kernel.
5064  */
5065 #define FIEMAP_MAX_EXTENTS ((UINT_MAX - sizeof(struct fiemap))  \
5066                             / sizeof(struct fiemap_extent))
5067 
5068 static abi_long do_ioctl_fs_ioc_fiemap(const IOCTLEntry *ie, uint8_t *buf_temp,
5069                                        int fd, int cmd, abi_long arg)
5070 {
5071     /* The parameter for this ioctl is a struct fiemap followed
5072      * by an array of struct fiemap_extent whose size is set
5073      * in fiemap->fm_extent_count. The array is filled in by the
5074      * ioctl.
5075      */
5076     int target_size_in, target_size_out;
5077     struct fiemap *fm;
5078     const argtype *arg_type = ie->arg_type;
5079     const argtype extent_arg_type[] = { MK_STRUCT(STRUCT_fiemap_extent) };
5080     void *argptr, *p;
5081     abi_long ret;
5082     int i, extent_size = thunk_type_size(extent_arg_type, 0);
5083     uint32_t outbufsz;
5084     int free_fm = 0;
5085 
5086     assert(arg_type[0] == TYPE_PTR);
5087     assert(ie->access == IOC_RW);
5088     arg_type++;
5089     target_size_in = thunk_type_size(arg_type, 0);
5090     argptr = lock_user(VERIFY_READ, arg, target_size_in, 1);
5091     if (!argptr) {
5092         return -TARGET_EFAULT;
5093     }
5094     thunk_convert(buf_temp, argptr, arg_type, THUNK_HOST);
5095     unlock_user(argptr, arg, 0);
5096     fm = (struct fiemap *)buf_temp;
5097     if (fm->fm_extent_count > FIEMAP_MAX_EXTENTS) {
5098         return -TARGET_EINVAL;
5099     }
5100 
5101     outbufsz = sizeof (*fm) +
5102         (sizeof(struct fiemap_extent) * fm->fm_extent_count);
5103 
5104     if (outbufsz > MAX_STRUCT_SIZE) {
5105         /* We can't fit all the extents into the fixed size buffer.
5106          * Allocate one that is large enough and use it instead.
5107          */
5108         fm = g_try_malloc(outbufsz);
5109         if (!fm) {
5110             return -TARGET_ENOMEM;
5111         }
5112         memcpy(fm, buf_temp, sizeof(struct fiemap));
5113         free_fm = 1;
5114     }
5115     ret = get_errno(safe_ioctl(fd, ie->host_cmd, fm));
5116     if (!is_error(ret)) {
5117         target_size_out = target_size_in;
5118         /* An extent_count of 0 means we were only counting the extents
5119          * so there are no structs to copy
5120          */
5121         if (fm->fm_extent_count != 0) {
5122             target_size_out += fm->fm_mapped_extents * extent_size;
5123         }
5124         argptr = lock_user(VERIFY_WRITE, arg, target_size_out, 0);
5125         if (!argptr) {
5126             ret = -TARGET_EFAULT;
5127         } else {
5128             /* Convert the struct fiemap */
5129             thunk_convert(argptr, fm, arg_type, THUNK_TARGET);
5130             if (fm->fm_extent_count != 0) {
5131                 p = argptr + target_size_in;
5132                 /* ...and then all the struct fiemap_extents */
5133                 for (i = 0; i < fm->fm_mapped_extents; i++) {
5134                     thunk_convert(p, &fm->fm_extents[i], extent_arg_type,
5135                                   THUNK_TARGET);
5136                     p += extent_size;
5137                 }
5138             }
5139             unlock_user(argptr, arg, target_size_out);
5140         }
5141     }
5142     if (free_fm) {
5143         g_free(fm);
5144     }
5145     return ret;
5146 }
5147 #endif
5148 
5149 static abi_long do_ioctl_ifconf(const IOCTLEntry *ie, uint8_t *buf_temp,
5150                                 int fd, int cmd, abi_long arg)
5151 {
5152     const argtype *arg_type = ie->arg_type;
5153     int target_size;
5154     void *argptr;
5155     int ret;
5156     struct ifconf *host_ifconf;
5157     uint32_t outbufsz;
5158     const argtype ifreq_arg_type[] = { MK_STRUCT(STRUCT_sockaddr_ifreq) };
5159     int target_ifreq_size;
5160     int nb_ifreq;
5161     int free_buf = 0;
5162     int i;
5163     int target_ifc_len;
5164     abi_long target_ifc_buf;
5165     int host_ifc_len;
5166     char *host_ifc_buf;
5167 
5168     assert(arg_type[0] == TYPE_PTR);
5169     assert(ie->access == IOC_RW);
5170 
5171     arg_type++;
5172     target_size = thunk_type_size(arg_type, 0);
5173 
5174     argptr = lock_user(VERIFY_READ, arg, target_size, 1);
5175     if (!argptr)
5176         return -TARGET_EFAULT;
5177     thunk_convert(buf_temp, argptr, arg_type, THUNK_HOST);
5178     unlock_user(argptr, arg, 0);
5179 
5180     host_ifconf = (struct ifconf *)(unsigned long)buf_temp;
5181     target_ifc_len = host_ifconf->ifc_len;
5182     target_ifc_buf = (abi_long)(unsigned long)host_ifconf->ifc_buf;
5183 
5184     target_ifreq_size = thunk_type_size(ifreq_arg_type, 0);
5185     nb_ifreq = target_ifc_len / target_ifreq_size;
5186     host_ifc_len = nb_ifreq * sizeof(struct ifreq);
5187 
5188     outbufsz = sizeof(*host_ifconf) + host_ifc_len;
5189     if (outbufsz > MAX_STRUCT_SIZE) {
5190         /* We can't fit all the extents into the fixed size buffer.
5191          * Allocate one that is large enough and use it instead.
5192          */
5193         host_ifconf = malloc(outbufsz);
5194         if (!host_ifconf) {
5195             return -TARGET_ENOMEM;
5196         }
5197         memcpy(host_ifconf, buf_temp, sizeof(*host_ifconf));
5198         free_buf = 1;
5199     }
5200     host_ifc_buf = (char*)host_ifconf + sizeof(*host_ifconf);
5201 
5202     host_ifconf->ifc_len = host_ifc_len;
5203     host_ifconf->ifc_buf = host_ifc_buf;
5204 
5205     ret = get_errno(safe_ioctl(fd, ie->host_cmd, host_ifconf));
5206     if (!is_error(ret)) {
5207 	/* convert host ifc_len to target ifc_len */
5208 
5209         nb_ifreq = host_ifconf->ifc_len / sizeof(struct ifreq);
5210         target_ifc_len = nb_ifreq * target_ifreq_size;
5211         host_ifconf->ifc_len = target_ifc_len;
5212 
5213 	/* restore target ifc_buf */
5214 
5215         host_ifconf->ifc_buf = (char *)(unsigned long)target_ifc_buf;
5216 
5217 	/* copy struct ifconf to target user */
5218 
5219         argptr = lock_user(VERIFY_WRITE, arg, target_size, 0);
5220         if (!argptr)
5221             return -TARGET_EFAULT;
5222         thunk_convert(argptr, host_ifconf, arg_type, THUNK_TARGET);
5223         unlock_user(argptr, arg, target_size);
5224 
5225 	/* copy ifreq[] to target user */
5226 
5227         argptr = lock_user(VERIFY_WRITE, target_ifc_buf, target_ifc_len, 0);
5228         for (i = 0; i < nb_ifreq ; i++) {
5229             thunk_convert(argptr + i * target_ifreq_size,
5230                           host_ifc_buf + i * sizeof(struct ifreq),
5231                           ifreq_arg_type, THUNK_TARGET);
5232         }
5233         unlock_user(argptr, target_ifc_buf, target_ifc_len);
5234     }
5235 
5236     if (free_buf) {
5237         free(host_ifconf);
5238     }
5239 
5240     return ret;
5241 }
5242 
5243 static abi_long do_ioctl_dm(const IOCTLEntry *ie, uint8_t *buf_temp, int fd,
5244                             int cmd, abi_long arg)
5245 {
5246     void *argptr;
5247     struct dm_ioctl *host_dm;
5248     abi_long guest_data;
5249     uint32_t guest_data_size;
5250     int target_size;
5251     const argtype *arg_type = ie->arg_type;
5252     abi_long ret;
5253     void *big_buf = NULL;
5254     char *host_data;
5255 
5256     arg_type++;
5257     target_size = thunk_type_size(arg_type, 0);
5258     argptr = lock_user(VERIFY_READ, arg, target_size, 1);
5259     if (!argptr) {
5260         ret = -TARGET_EFAULT;
5261         goto out;
5262     }
5263     thunk_convert(buf_temp, argptr, arg_type, THUNK_HOST);
5264     unlock_user(argptr, arg, 0);
5265 
5266     /* buf_temp is too small, so fetch things into a bigger buffer */
5267     big_buf = g_malloc0(((struct dm_ioctl*)buf_temp)->data_size * 2);
5268     memcpy(big_buf, buf_temp, target_size);
5269     buf_temp = big_buf;
5270     host_dm = big_buf;
5271 
5272     guest_data = arg + host_dm->data_start;
5273     if ((guest_data - arg) < 0) {
5274         ret = -TARGET_EINVAL;
5275         goto out;
5276     }
5277     guest_data_size = host_dm->data_size - host_dm->data_start;
5278     host_data = (char*)host_dm + host_dm->data_start;
5279 
5280     argptr = lock_user(VERIFY_READ, guest_data, guest_data_size, 1);
5281     if (!argptr) {
5282         ret = -TARGET_EFAULT;
5283         goto out;
5284     }
5285 
5286     switch (ie->host_cmd) {
5287     case DM_REMOVE_ALL:
5288     case DM_LIST_DEVICES:
5289     case DM_DEV_CREATE:
5290     case DM_DEV_REMOVE:
5291     case DM_DEV_SUSPEND:
5292     case DM_DEV_STATUS:
5293     case DM_DEV_WAIT:
5294     case DM_TABLE_STATUS:
5295     case DM_TABLE_CLEAR:
5296     case DM_TABLE_DEPS:
5297     case DM_LIST_VERSIONS:
5298         /* no input data */
5299         break;
5300     case DM_DEV_RENAME:
5301     case DM_DEV_SET_GEOMETRY:
5302         /* data contains only strings */
5303         memcpy(host_data, argptr, guest_data_size);
5304         break;
5305     case DM_TARGET_MSG:
5306         memcpy(host_data, argptr, guest_data_size);
5307         *(uint64_t*)host_data = tswap64(*(uint64_t*)argptr);
5308         break;
5309     case DM_TABLE_LOAD:
5310     {
5311         void *gspec = argptr;
5312         void *cur_data = host_data;
5313         const argtype arg_type[] = { MK_STRUCT(STRUCT_dm_target_spec) };
5314         int spec_size = thunk_type_size(arg_type, 0);
5315         int i;
5316 
5317         for (i = 0; i < host_dm->target_count; i++) {
5318             struct dm_target_spec *spec = cur_data;
5319             uint32_t next;
5320             int slen;
5321 
5322             thunk_convert(spec, gspec, arg_type, THUNK_HOST);
5323             slen = strlen((char*)gspec + spec_size) + 1;
5324             next = spec->next;
5325             spec->next = sizeof(*spec) + slen;
5326             strcpy((char*)&spec[1], gspec + spec_size);
5327             gspec += next;
5328             cur_data += spec->next;
5329         }
5330         break;
5331     }
5332     default:
5333         ret = -TARGET_EINVAL;
5334         unlock_user(argptr, guest_data, 0);
5335         goto out;
5336     }
5337     unlock_user(argptr, guest_data, 0);
5338 
5339     ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp));
5340     if (!is_error(ret)) {
5341         guest_data = arg + host_dm->data_start;
5342         guest_data_size = host_dm->data_size - host_dm->data_start;
5343         argptr = lock_user(VERIFY_WRITE, guest_data, guest_data_size, 0);
5344         switch (ie->host_cmd) {
5345         case DM_REMOVE_ALL:
5346         case DM_DEV_CREATE:
5347         case DM_DEV_REMOVE:
5348         case DM_DEV_RENAME:
5349         case DM_DEV_SUSPEND:
5350         case DM_DEV_STATUS:
5351         case DM_TABLE_LOAD:
5352         case DM_TABLE_CLEAR:
5353         case DM_TARGET_MSG:
5354         case DM_DEV_SET_GEOMETRY:
5355             /* no return data */
5356             break;
5357         case DM_LIST_DEVICES:
5358         {
5359             struct dm_name_list *nl = (void*)host_dm + host_dm->data_start;
5360             uint32_t remaining_data = guest_data_size;
5361             void *cur_data = argptr;
5362             const argtype arg_type[] = { MK_STRUCT(STRUCT_dm_name_list) };
5363             int nl_size = 12; /* can't use thunk_size due to alignment */
5364 
5365             while (1) {
5366                 uint32_t next = nl->next;
5367                 if (next) {
5368                     nl->next = nl_size + (strlen(nl->name) + 1);
5369                 }
5370                 if (remaining_data < nl->next) {
5371                     host_dm->flags |= DM_BUFFER_FULL_FLAG;
5372                     break;
5373                 }
5374                 thunk_convert(cur_data, nl, arg_type, THUNK_TARGET);
5375                 strcpy(cur_data + nl_size, nl->name);
5376                 cur_data += nl->next;
5377                 remaining_data -= nl->next;
5378                 if (!next) {
5379                     break;
5380                 }
5381                 nl = (void*)nl + next;
5382             }
5383             break;
5384         }
5385         case DM_DEV_WAIT:
5386         case DM_TABLE_STATUS:
5387         {
5388             struct dm_target_spec *spec = (void*)host_dm + host_dm->data_start;
5389             void *cur_data = argptr;
5390             const argtype arg_type[] = { MK_STRUCT(STRUCT_dm_target_spec) };
5391             int spec_size = thunk_type_size(arg_type, 0);
5392             int i;
5393 
5394             for (i = 0; i < host_dm->target_count; i++) {
5395                 uint32_t next = spec->next;
5396                 int slen = strlen((char*)&spec[1]) + 1;
5397                 spec->next = (cur_data - argptr) + spec_size + slen;
5398                 if (guest_data_size < spec->next) {
5399                     host_dm->flags |= DM_BUFFER_FULL_FLAG;
5400                     break;
5401                 }
5402                 thunk_convert(cur_data, spec, arg_type, THUNK_TARGET);
5403                 strcpy(cur_data + spec_size, (char*)&spec[1]);
5404                 cur_data = argptr + spec->next;
5405                 spec = (void*)host_dm + host_dm->data_start + next;
5406             }
5407             break;
5408         }
5409         case DM_TABLE_DEPS:
5410         {
5411             void *hdata = (void*)host_dm + host_dm->data_start;
5412             int count = *(uint32_t*)hdata;
5413             uint64_t *hdev = hdata + 8;
5414             uint64_t *gdev = argptr + 8;
5415             int i;
5416 
5417             *(uint32_t*)argptr = tswap32(count);
5418             for (i = 0; i < count; i++) {
5419                 *gdev = tswap64(*hdev);
5420                 gdev++;
5421                 hdev++;
5422             }
5423             break;
5424         }
5425         case DM_LIST_VERSIONS:
5426         {
5427             struct dm_target_versions *vers = (void*)host_dm + host_dm->data_start;
5428             uint32_t remaining_data = guest_data_size;
5429             void *cur_data = argptr;
5430             const argtype arg_type[] = { MK_STRUCT(STRUCT_dm_target_versions) };
5431             int vers_size = thunk_type_size(arg_type, 0);
5432 
5433             while (1) {
5434                 uint32_t next = vers->next;
5435                 if (next) {
5436                     vers->next = vers_size + (strlen(vers->name) + 1);
5437                 }
5438                 if (remaining_data < vers->next) {
5439                     host_dm->flags |= DM_BUFFER_FULL_FLAG;
5440                     break;
5441                 }
5442                 thunk_convert(cur_data, vers, arg_type, THUNK_TARGET);
5443                 strcpy(cur_data + vers_size, vers->name);
5444                 cur_data += vers->next;
5445                 remaining_data -= vers->next;
5446                 if (!next) {
5447                     break;
5448                 }
5449                 vers = (void*)vers + next;
5450             }
5451             break;
5452         }
5453         default:
5454             unlock_user(argptr, guest_data, 0);
5455             ret = -TARGET_EINVAL;
5456             goto out;
5457         }
5458         unlock_user(argptr, guest_data, guest_data_size);
5459 
5460         argptr = lock_user(VERIFY_WRITE, arg, target_size, 0);
5461         if (!argptr) {
5462             ret = -TARGET_EFAULT;
5463             goto out;
5464         }
5465         thunk_convert(argptr, buf_temp, arg_type, THUNK_TARGET);
5466         unlock_user(argptr, arg, target_size);
5467     }
5468 out:
5469     g_free(big_buf);
5470     return ret;
5471 }
5472 
5473 static abi_long do_ioctl_blkpg(const IOCTLEntry *ie, uint8_t *buf_temp, int fd,
5474                                int cmd, abi_long arg)
5475 {
5476     void *argptr;
5477     int target_size;
5478     const argtype *arg_type = ie->arg_type;
5479     const argtype part_arg_type[] = { MK_STRUCT(STRUCT_blkpg_partition) };
5480     abi_long ret;
5481 
5482     struct blkpg_ioctl_arg *host_blkpg = (void*)buf_temp;
5483     struct blkpg_partition host_part;
5484 
5485     /* Read and convert blkpg */
5486     arg_type++;
5487     target_size = thunk_type_size(arg_type, 0);
5488     argptr = lock_user(VERIFY_READ, arg, target_size, 1);
5489     if (!argptr) {
5490         ret = -TARGET_EFAULT;
5491         goto out;
5492     }
5493     thunk_convert(buf_temp, argptr, arg_type, THUNK_HOST);
5494     unlock_user(argptr, arg, 0);
5495 
5496     switch (host_blkpg->op) {
5497     case BLKPG_ADD_PARTITION:
5498     case BLKPG_DEL_PARTITION:
5499         /* payload is struct blkpg_partition */
5500         break;
5501     default:
5502         /* Unknown opcode */
5503         ret = -TARGET_EINVAL;
5504         goto out;
5505     }
5506 
5507     /* Read and convert blkpg->data */
5508     arg = (abi_long)(uintptr_t)host_blkpg->data;
5509     target_size = thunk_type_size(part_arg_type, 0);
5510     argptr = lock_user(VERIFY_READ, arg, target_size, 1);
5511     if (!argptr) {
5512         ret = -TARGET_EFAULT;
5513         goto out;
5514     }
5515     thunk_convert(&host_part, argptr, part_arg_type, THUNK_HOST);
5516     unlock_user(argptr, arg, 0);
5517 
5518     /* Swizzle the data pointer to our local copy and call! */
5519     host_blkpg->data = &host_part;
5520     ret = get_errno(safe_ioctl(fd, ie->host_cmd, host_blkpg));
5521 
5522 out:
5523     return ret;
5524 }
5525 
5526 static abi_long do_ioctl_rt(const IOCTLEntry *ie, uint8_t *buf_temp,
5527                                 int fd, int cmd, abi_long arg)
5528 {
5529     const argtype *arg_type = ie->arg_type;
5530     const StructEntry *se;
5531     const argtype *field_types;
5532     const int *dst_offsets, *src_offsets;
5533     int target_size;
5534     void *argptr;
5535     abi_ulong *target_rt_dev_ptr;
5536     unsigned long *host_rt_dev_ptr;
5537     abi_long ret;
5538     int i;
5539 
5540     assert(ie->access == IOC_W);
5541     assert(*arg_type == TYPE_PTR);
5542     arg_type++;
5543     assert(*arg_type == TYPE_STRUCT);
5544     target_size = thunk_type_size(arg_type, 0);
5545     argptr = lock_user(VERIFY_READ, arg, target_size, 1);
5546     if (!argptr) {
5547         return -TARGET_EFAULT;
5548     }
5549     arg_type++;
5550     assert(*arg_type == (int)STRUCT_rtentry);
5551     se = struct_entries + *arg_type++;
5552     assert(se->convert[0] == NULL);
5553     /* convert struct here to be able to catch rt_dev string */
5554     field_types = se->field_types;
5555     dst_offsets = se->field_offsets[THUNK_HOST];
5556     src_offsets = se->field_offsets[THUNK_TARGET];
5557     for (i = 0; i < se->nb_fields; i++) {
5558         if (dst_offsets[i] == offsetof(struct rtentry, rt_dev)) {
5559             assert(*field_types == TYPE_PTRVOID);
5560             target_rt_dev_ptr = (abi_ulong *)(argptr + src_offsets[i]);
5561             host_rt_dev_ptr = (unsigned long *)(buf_temp + dst_offsets[i]);
5562             if (*target_rt_dev_ptr != 0) {
5563                 *host_rt_dev_ptr = (unsigned long)lock_user_string(
5564                                                   tswapal(*target_rt_dev_ptr));
5565                 if (!*host_rt_dev_ptr) {
5566                     unlock_user(argptr, arg, 0);
5567                     return -TARGET_EFAULT;
5568                 }
5569             } else {
5570                 *host_rt_dev_ptr = 0;
5571             }
5572             field_types++;
5573             continue;
5574         }
5575         field_types = thunk_convert(buf_temp + dst_offsets[i],
5576                                     argptr + src_offsets[i],
5577                                     field_types, THUNK_HOST);
5578     }
5579     unlock_user(argptr, arg, 0);
5580 
5581     ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp));
5582     if (*host_rt_dev_ptr != 0) {
5583         unlock_user((void *)*host_rt_dev_ptr,
5584                     *target_rt_dev_ptr, 0);
5585     }
5586     return ret;
5587 }
5588 
5589 static abi_long do_ioctl_kdsigaccept(const IOCTLEntry *ie, uint8_t *buf_temp,
5590                                      int fd, int cmd, abi_long arg)
5591 {
5592     int sig = target_to_host_signal(arg);
5593     return get_errno(safe_ioctl(fd, ie->host_cmd, sig));
5594 }
5595 
5596 static IOCTLEntry ioctl_entries[] = {
5597 #define IOCTL(cmd, access, ...) \
5598     { TARGET_ ## cmd, cmd, #cmd, access, 0, {  __VA_ARGS__ } },
5599 #define IOCTL_SPECIAL(cmd, access, dofn, ...)                      \
5600     { TARGET_ ## cmd, cmd, #cmd, access, dofn, {  __VA_ARGS__ } },
5601 #define IOCTL_IGNORE(cmd) \
5602     { TARGET_ ## cmd, 0, #cmd },
5603 #include "ioctls.h"
5604     { 0, 0, },
5605 };
5606 
5607 /* ??? Implement proper locking for ioctls.  */
5608 /* do_ioctl() Must return target values and target errnos. */
5609 static abi_long do_ioctl(int fd, int cmd, abi_long arg)
5610 {
5611     const IOCTLEntry *ie;
5612     const argtype *arg_type;
5613     abi_long ret;
5614     uint8_t buf_temp[MAX_STRUCT_SIZE];
5615     int target_size;
5616     void *argptr;
5617 
5618     ie = ioctl_entries;
5619     for(;;) {
5620         if (ie->target_cmd == 0) {
5621             gemu_log("Unsupported ioctl: cmd=0x%04lx\n", (long)cmd);
5622             return -TARGET_ENOSYS;
5623         }
5624         if (ie->target_cmd == cmd)
5625             break;
5626         ie++;
5627     }
5628     arg_type = ie->arg_type;
5629 #if defined(DEBUG)
5630     gemu_log("ioctl: cmd=0x%04lx (%s)\n", (long)cmd, ie->name);
5631 #endif
5632     if (ie->do_ioctl) {
5633         return ie->do_ioctl(ie, buf_temp, fd, cmd, arg);
5634     } else if (!ie->host_cmd) {
5635         /* Some architectures define BSD ioctls in their headers
5636            that are not implemented in Linux.  */
5637         return -TARGET_ENOSYS;
5638     }
5639 
5640     switch(arg_type[0]) {
5641     case TYPE_NULL:
5642         /* no argument */
5643         ret = get_errno(safe_ioctl(fd, ie->host_cmd));
5644         break;
5645     case TYPE_PTRVOID:
5646     case TYPE_INT:
5647         ret = get_errno(safe_ioctl(fd, ie->host_cmd, arg));
5648         break;
5649     case TYPE_PTR:
5650         arg_type++;
5651         target_size = thunk_type_size(arg_type, 0);
5652         switch(ie->access) {
5653         case IOC_R:
5654             ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp));
5655             if (!is_error(ret)) {
5656                 argptr = lock_user(VERIFY_WRITE, arg, target_size, 0);
5657                 if (!argptr)
5658                     return -TARGET_EFAULT;
5659                 thunk_convert(argptr, buf_temp, arg_type, THUNK_TARGET);
5660                 unlock_user(argptr, arg, target_size);
5661             }
5662             break;
5663         case IOC_W:
5664             argptr = lock_user(VERIFY_READ, arg, target_size, 1);
5665             if (!argptr)
5666                 return -TARGET_EFAULT;
5667             thunk_convert(buf_temp, argptr, arg_type, THUNK_HOST);
5668             unlock_user(argptr, arg, 0);
5669             ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp));
5670             break;
5671         default:
5672         case IOC_RW:
5673             argptr = lock_user(VERIFY_READ, arg, target_size, 1);
5674             if (!argptr)
5675                 return -TARGET_EFAULT;
5676             thunk_convert(buf_temp, argptr, arg_type, THUNK_HOST);
5677             unlock_user(argptr, arg, 0);
5678             ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp));
5679             if (!is_error(ret)) {
5680                 argptr = lock_user(VERIFY_WRITE, arg, target_size, 0);
5681                 if (!argptr)
5682                     return -TARGET_EFAULT;
5683                 thunk_convert(argptr, buf_temp, arg_type, THUNK_TARGET);
5684                 unlock_user(argptr, arg, target_size);
5685             }
5686             break;
5687         }
5688         break;
5689     default:
5690         gemu_log("Unsupported ioctl type: cmd=0x%04lx type=%d\n",
5691                  (long)cmd, arg_type[0]);
5692         ret = -TARGET_ENOSYS;
5693         break;
5694     }
5695     return ret;
5696 }
5697 
5698 static const bitmask_transtbl iflag_tbl[] = {
5699         { TARGET_IGNBRK, TARGET_IGNBRK, IGNBRK, IGNBRK },
5700         { TARGET_BRKINT, TARGET_BRKINT, BRKINT, BRKINT },
5701         { TARGET_IGNPAR, TARGET_IGNPAR, IGNPAR, IGNPAR },
5702         { TARGET_PARMRK, TARGET_PARMRK, PARMRK, PARMRK },
5703         { TARGET_INPCK, TARGET_INPCK, INPCK, INPCK },
5704         { TARGET_ISTRIP, TARGET_ISTRIP, ISTRIP, ISTRIP },
5705         { TARGET_INLCR, TARGET_INLCR, INLCR, INLCR },
5706         { TARGET_IGNCR, TARGET_IGNCR, IGNCR, IGNCR },
5707         { TARGET_ICRNL, TARGET_ICRNL, ICRNL, ICRNL },
5708         { TARGET_IUCLC, TARGET_IUCLC, IUCLC, IUCLC },
5709         { TARGET_IXON, TARGET_IXON, IXON, IXON },
5710         { TARGET_IXANY, TARGET_IXANY, IXANY, IXANY },
5711         { TARGET_IXOFF, TARGET_IXOFF, IXOFF, IXOFF },
5712         { TARGET_IMAXBEL, TARGET_IMAXBEL, IMAXBEL, IMAXBEL },
5713         { 0, 0, 0, 0 }
5714 };
5715 
5716 static const bitmask_transtbl oflag_tbl[] = {
5717 	{ TARGET_OPOST, TARGET_OPOST, OPOST, OPOST },
5718 	{ TARGET_OLCUC, TARGET_OLCUC, OLCUC, OLCUC },
5719 	{ TARGET_ONLCR, TARGET_ONLCR, ONLCR, ONLCR },
5720 	{ TARGET_OCRNL, TARGET_OCRNL, OCRNL, OCRNL },
5721 	{ TARGET_ONOCR, TARGET_ONOCR, ONOCR, ONOCR },
5722 	{ TARGET_ONLRET, TARGET_ONLRET, ONLRET, ONLRET },
5723 	{ TARGET_OFILL, TARGET_OFILL, OFILL, OFILL },
5724 	{ TARGET_OFDEL, TARGET_OFDEL, OFDEL, OFDEL },
5725 	{ TARGET_NLDLY, TARGET_NL0, NLDLY, NL0 },
5726 	{ TARGET_NLDLY, TARGET_NL1, NLDLY, NL1 },
5727 	{ TARGET_CRDLY, TARGET_CR0, CRDLY, CR0 },
5728 	{ TARGET_CRDLY, TARGET_CR1, CRDLY, CR1 },
5729 	{ TARGET_CRDLY, TARGET_CR2, CRDLY, CR2 },
5730 	{ TARGET_CRDLY, TARGET_CR3, CRDLY, CR3 },
5731 	{ TARGET_TABDLY, TARGET_TAB0, TABDLY, TAB0 },
5732 	{ TARGET_TABDLY, TARGET_TAB1, TABDLY, TAB1 },
5733 	{ TARGET_TABDLY, TARGET_TAB2, TABDLY, TAB2 },
5734 	{ TARGET_TABDLY, TARGET_TAB3, TABDLY, TAB3 },
5735 	{ TARGET_BSDLY, TARGET_BS0, BSDLY, BS0 },
5736 	{ TARGET_BSDLY, TARGET_BS1, BSDLY, BS1 },
5737 	{ TARGET_VTDLY, TARGET_VT0, VTDLY, VT0 },
5738 	{ TARGET_VTDLY, TARGET_VT1, VTDLY, VT1 },
5739 	{ TARGET_FFDLY, TARGET_FF0, FFDLY, FF0 },
5740 	{ TARGET_FFDLY, TARGET_FF1, FFDLY, FF1 },
5741 	{ 0, 0, 0, 0 }
5742 };
5743 
5744 static const bitmask_transtbl cflag_tbl[] = {
5745 	{ TARGET_CBAUD, TARGET_B0, CBAUD, B0 },
5746 	{ TARGET_CBAUD, TARGET_B50, CBAUD, B50 },
5747 	{ TARGET_CBAUD, TARGET_B75, CBAUD, B75 },
5748 	{ TARGET_CBAUD, TARGET_B110, CBAUD, B110 },
5749 	{ TARGET_CBAUD, TARGET_B134, CBAUD, B134 },
5750 	{ TARGET_CBAUD, TARGET_B150, CBAUD, B150 },
5751 	{ TARGET_CBAUD, TARGET_B200, CBAUD, B200 },
5752 	{ TARGET_CBAUD, TARGET_B300, CBAUD, B300 },
5753 	{ TARGET_CBAUD, TARGET_B600, CBAUD, B600 },
5754 	{ TARGET_CBAUD, TARGET_B1200, CBAUD, B1200 },
5755 	{ TARGET_CBAUD, TARGET_B1800, CBAUD, B1800 },
5756 	{ TARGET_CBAUD, TARGET_B2400, CBAUD, B2400 },
5757 	{ TARGET_CBAUD, TARGET_B4800, CBAUD, B4800 },
5758 	{ TARGET_CBAUD, TARGET_B9600, CBAUD, B9600 },
5759 	{ TARGET_CBAUD, TARGET_B19200, CBAUD, B19200 },
5760 	{ TARGET_CBAUD, TARGET_B38400, CBAUD, B38400 },
5761 	{ TARGET_CBAUD, TARGET_B57600, CBAUD, B57600 },
5762 	{ TARGET_CBAUD, TARGET_B115200, CBAUD, B115200 },
5763 	{ TARGET_CBAUD, TARGET_B230400, CBAUD, B230400 },
5764 	{ TARGET_CBAUD, TARGET_B460800, CBAUD, B460800 },
5765 	{ TARGET_CSIZE, TARGET_CS5, CSIZE, CS5 },
5766 	{ TARGET_CSIZE, TARGET_CS6, CSIZE, CS6 },
5767 	{ TARGET_CSIZE, TARGET_CS7, CSIZE, CS7 },
5768 	{ TARGET_CSIZE, TARGET_CS8, CSIZE, CS8 },
5769 	{ TARGET_CSTOPB, TARGET_CSTOPB, CSTOPB, CSTOPB },
5770 	{ TARGET_CREAD, TARGET_CREAD, CREAD, CREAD },
5771 	{ TARGET_PARENB, TARGET_PARENB, PARENB, PARENB },
5772 	{ TARGET_PARODD, TARGET_PARODD, PARODD, PARODD },
5773 	{ TARGET_HUPCL, TARGET_HUPCL, HUPCL, HUPCL },
5774 	{ TARGET_CLOCAL, TARGET_CLOCAL, CLOCAL, CLOCAL },
5775 	{ TARGET_CRTSCTS, TARGET_CRTSCTS, CRTSCTS, CRTSCTS },
5776 	{ 0, 0, 0, 0 }
5777 };
5778 
5779 static const bitmask_transtbl lflag_tbl[] = {
5780 	{ TARGET_ISIG, TARGET_ISIG, ISIG, ISIG },
5781 	{ TARGET_ICANON, TARGET_ICANON, ICANON, ICANON },
5782 	{ TARGET_XCASE, TARGET_XCASE, XCASE, XCASE },
5783 	{ TARGET_ECHO, TARGET_ECHO, ECHO, ECHO },
5784 	{ TARGET_ECHOE, TARGET_ECHOE, ECHOE, ECHOE },
5785 	{ TARGET_ECHOK, TARGET_ECHOK, ECHOK, ECHOK },
5786 	{ TARGET_ECHONL, TARGET_ECHONL, ECHONL, ECHONL },
5787 	{ TARGET_NOFLSH, TARGET_NOFLSH, NOFLSH, NOFLSH },
5788 	{ TARGET_TOSTOP, TARGET_TOSTOP, TOSTOP, TOSTOP },
5789 	{ TARGET_ECHOCTL, TARGET_ECHOCTL, ECHOCTL, ECHOCTL },
5790 	{ TARGET_ECHOPRT, TARGET_ECHOPRT, ECHOPRT, ECHOPRT },
5791 	{ TARGET_ECHOKE, TARGET_ECHOKE, ECHOKE, ECHOKE },
5792 	{ TARGET_FLUSHO, TARGET_FLUSHO, FLUSHO, FLUSHO },
5793 	{ TARGET_PENDIN, TARGET_PENDIN, PENDIN, PENDIN },
5794 	{ TARGET_IEXTEN, TARGET_IEXTEN, IEXTEN, IEXTEN },
5795 	{ 0, 0, 0, 0 }
5796 };
5797 
5798 static void target_to_host_termios (void *dst, const void *src)
5799 {
5800     struct host_termios *host = dst;
5801     const struct target_termios *target = src;
5802 
5803     host->c_iflag =
5804         target_to_host_bitmask(tswap32(target->c_iflag), iflag_tbl);
5805     host->c_oflag =
5806         target_to_host_bitmask(tswap32(target->c_oflag), oflag_tbl);
5807     host->c_cflag =
5808         target_to_host_bitmask(tswap32(target->c_cflag), cflag_tbl);
5809     host->c_lflag =
5810         target_to_host_bitmask(tswap32(target->c_lflag), lflag_tbl);
5811     host->c_line = target->c_line;
5812 
5813     memset(host->c_cc, 0, sizeof(host->c_cc));
5814     host->c_cc[VINTR] = target->c_cc[TARGET_VINTR];
5815     host->c_cc[VQUIT] = target->c_cc[TARGET_VQUIT];
5816     host->c_cc[VERASE] = target->c_cc[TARGET_VERASE];
5817     host->c_cc[VKILL] = target->c_cc[TARGET_VKILL];
5818     host->c_cc[VEOF] = target->c_cc[TARGET_VEOF];
5819     host->c_cc[VTIME] = target->c_cc[TARGET_VTIME];
5820     host->c_cc[VMIN] = target->c_cc[TARGET_VMIN];
5821     host->c_cc[VSWTC] = target->c_cc[TARGET_VSWTC];
5822     host->c_cc[VSTART] = target->c_cc[TARGET_VSTART];
5823     host->c_cc[VSTOP] = target->c_cc[TARGET_VSTOP];
5824     host->c_cc[VSUSP] = target->c_cc[TARGET_VSUSP];
5825     host->c_cc[VEOL] = target->c_cc[TARGET_VEOL];
5826     host->c_cc[VREPRINT] = target->c_cc[TARGET_VREPRINT];
5827     host->c_cc[VDISCARD] = target->c_cc[TARGET_VDISCARD];
5828     host->c_cc[VWERASE] = target->c_cc[TARGET_VWERASE];
5829     host->c_cc[VLNEXT] = target->c_cc[TARGET_VLNEXT];
5830     host->c_cc[VEOL2] = target->c_cc[TARGET_VEOL2];
5831 }
5832 
5833 static void host_to_target_termios (void *dst, const void *src)
5834 {
5835     struct target_termios *target = dst;
5836     const struct host_termios *host = src;
5837 
5838     target->c_iflag =
5839         tswap32(host_to_target_bitmask(host->c_iflag, iflag_tbl));
5840     target->c_oflag =
5841         tswap32(host_to_target_bitmask(host->c_oflag, oflag_tbl));
5842     target->c_cflag =
5843         tswap32(host_to_target_bitmask(host->c_cflag, cflag_tbl));
5844     target->c_lflag =
5845         tswap32(host_to_target_bitmask(host->c_lflag, lflag_tbl));
5846     target->c_line = host->c_line;
5847 
5848     memset(target->c_cc, 0, sizeof(target->c_cc));
5849     target->c_cc[TARGET_VINTR] = host->c_cc[VINTR];
5850     target->c_cc[TARGET_VQUIT] = host->c_cc[VQUIT];
5851     target->c_cc[TARGET_VERASE] = host->c_cc[VERASE];
5852     target->c_cc[TARGET_VKILL] = host->c_cc[VKILL];
5853     target->c_cc[TARGET_VEOF] = host->c_cc[VEOF];
5854     target->c_cc[TARGET_VTIME] = host->c_cc[VTIME];
5855     target->c_cc[TARGET_VMIN] = host->c_cc[VMIN];
5856     target->c_cc[TARGET_VSWTC] = host->c_cc[VSWTC];
5857     target->c_cc[TARGET_VSTART] = host->c_cc[VSTART];
5858     target->c_cc[TARGET_VSTOP] = host->c_cc[VSTOP];
5859     target->c_cc[TARGET_VSUSP] = host->c_cc[VSUSP];
5860     target->c_cc[TARGET_VEOL] = host->c_cc[VEOL];
5861     target->c_cc[TARGET_VREPRINT] = host->c_cc[VREPRINT];
5862     target->c_cc[TARGET_VDISCARD] = host->c_cc[VDISCARD];
5863     target->c_cc[TARGET_VWERASE] = host->c_cc[VWERASE];
5864     target->c_cc[TARGET_VLNEXT] = host->c_cc[VLNEXT];
5865     target->c_cc[TARGET_VEOL2] = host->c_cc[VEOL2];
5866 }
5867 
5868 static const StructEntry struct_termios_def = {
5869     .convert = { host_to_target_termios, target_to_host_termios },
5870     .size = { sizeof(struct target_termios), sizeof(struct host_termios) },
5871     .align = { __alignof__(struct target_termios), __alignof__(struct host_termios) },
5872 };
5873 
5874 static bitmask_transtbl mmap_flags_tbl[] = {
5875 	{ TARGET_MAP_SHARED, TARGET_MAP_SHARED, MAP_SHARED, MAP_SHARED },
5876 	{ TARGET_MAP_PRIVATE, TARGET_MAP_PRIVATE, MAP_PRIVATE, MAP_PRIVATE },
5877 	{ TARGET_MAP_FIXED, TARGET_MAP_FIXED, MAP_FIXED, MAP_FIXED },
5878 	{ TARGET_MAP_ANONYMOUS, TARGET_MAP_ANONYMOUS, MAP_ANONYMOUS, MAP_ANONYMOUS },
5879 	{ TARGET_MAP_GROWSDOWN, TARGET_MAP_GROWSDOWN, MAP_GROWSDOWN, MAP_GROWSDOWN },
5880 	{ TARGET_MAP_DENYWRITE, TARGET_MAP_DENYWRITE, MAP_DENYWRITE, MAP_DENYWRITE },
5881 	{ TARGET_MAP_EXECUTABLE, TARGET_MAP_EXECUTABLE, MAP_EXECUTABLE, MAP_EXECUTABLE },
5882 	{ TARGET_MAP_LOCKED, TARGET_MAP_LOCKED, MAP_LOCKED, MAP_LOCKED },
5883         { TARGET_MAP_NORESERVE, TARGET_MAP_NORESERVE, MAP_NORESERVE,
5884           MAP_NORESERVE },
5885 	{ 0, 0, 0, 0 }
5886 };
5887 
5888 #if defined(TARGET_I386)
5889 
5890 /* NOTE: there is really one LDT for all the threads */
5891 static uint8_t *ldt_table;
5892 
5893 static abi_long read_ldt(abi_ulong ptr, unsigned long bytecount)
5894 {
5895     int size;
5896     void *p;
5897 
5898     if (!ldt_table)
5899         return 0;
5900     size = TARGET_LDT_ENTRIES * TARGET_LDT_ENTRY_SIZE;
5901     if (size > bytecount)
5902         size = bytecount;
5903     p = lock_user(VERIFY_WRITE, ptr, size, 0);
5904     if (!p)
5905         return -TARGET_EFAULT;
5906     /* ??? Should this by byteswapped?  */
5907     memcpy(p, ldt_table, size);
5908     unlock_user(p, ptr, size);
5909     return size;
5910 }
5911 
5912 /* XXX: add locking support */
5913 static abi_long write_ldt(CPUX86State *env,
5914                           abi_ulong ptr, unsigned long bytecount, int oldmode)
5915 {
5916     struct target_modify_ldt_ldt_s ldt_info;
5917     struct target_modify_ldt_ldt_s *target_ldt_info;
5918     int seg_32bit, contents, read_exec_only, limit_in_pages;
5919     int seg_not_present, useable, lm;
5920     uint32_t *lp, entry_1, entry_2;
5921 
5922     if (bytecount != sizeof(ldt_info))
5923         return -TARGET_EINVAL;
5924     if (!lock_user_struct(VERIFY_READ, target_ldt_info, ptr, 1))
5925         return -TARGET_EFAULT;
5926     ldt_info.entry_number = tswap32(target_ldt_info->entry_number);
5927     ldt_info.base_addr = tswapal(target_ldt_info->base_addr);
5928     ldt_info.limit = tswap32(target_ldt_info->limit);
5929     ldt_info.flags = tswap32(target_ldt_info->flags);
5930     unlock_user_struct(target_ldt_info, ptr, 0);
5931 
5932     if (ldt_info.entry_number >= TARGET_LDT_ENTRIES)
5933         return -TARGET_EINVAL;
5934     seg_32bit = ldt_info.flags & 1;
5935     contents = (ldt_info.flags >> 1) & 3;
5936     read_exec_only = (ldt_info.flags >> 3) & 1;
5937     limit_in_pages = (ldt_info.flags >> 4) & 1;
5938     seg_not_present = (ldt_info.flags >> 5) & 1;
5939     useable = (ldt_info.flags >> 6) & 1;
5940 #ifdef TARGET_ABI32
5941     lm = 0;
5942 #else
5943     lm = (ldt_info.flags >> 7) & 1;
5944 #endif
5945     if (contents == 3) {
5946         if (oldmode)
5947             return -TARGET_EINVAL;
5948         if (seg_not_present == 0)
5949             return -TARGET_EINVAL;
5950     }
5951     /* allocate the LDT */
5952     if (!ldt_table) {
5953         env->ldt.base = target_mmap(0,
5954                                     TARGET_LDT_ENTRIES * TARGET_LDT_ENTRY_SIZE,
5955                                     PROT_READ|PROT_WRITE,
5956                                     MAP_ANONYMOUS|MAP_PRIVATE, -1, 0);
5957         if (env->ldt.base == -1)
5958             return -TARGET_ENOMEM;
5959         memset(g2h(env->ldt.base), 0,
5960                TARGET_LDT_ENTRIES * TARGET_LDT_ENTRY_SIZE);
5961         env->ldt.limit = 0xffff;
5962         ldt_table = g2h(env->ldt.base);
5963     }
5964 
5965     /* NOTE: same code as Linux kernel */
5966     /* Allow LDTs to be cleared by the user. */
5967     if (ldt_info.base_addr == 0 && ldt_info.limit == 0) {
5968         if (oldmode ||
5969             (contents == 0		&&
5970              read_exec_only == 1	&&
5971              seg_32bit == 0		&&
5972              limit_in_pages == 0	&&
5973              seg_not_present == 1	&&
5974              useable == 0 )) {
5975             entry_1 = 0;
5976             entry_2 = 0;
5977             goto install;
5978         }
5979     }
5980 
5981     entry_1 = ((ldt_info.base_addr & 0x0000ffff) << 16) |
5982         (ldt_info.limit & 0x0ffff);
5983     entry_2 = (ldt_info.base_addr & 0xff000000) |
5984         ((ldt_info.base_addr & 0x00ff0000) >> 16) |
5985         (ldt_info.limit & 0xf0000) |
5986         ((read_exec_only ^ 1) << 9) |
5987         (contents << 10) |
5988         ((seg_not_present ^ 1) << 15) |
5989         (seg_32bit << 22) |
5990         (limit_in_pages << 23) |
5991         (lm << 21) |
5992         0x7000;
5993     if (!oldmode)
5994         entry_2 |= (useable << 20);
5995 
5996     /* Install the new entry ...  */
5997 install:
5998     lp = (uint32_t *)(ldt_table + (ldt_info.entry_number << 3));
5999     lp[0] = tswap32(entry_1);
6000     lp[1] = tswap32(entry_2);
6001     return 0;
6002 }
6003 
6004 /* specific and weird i386 syscalls */
6005 static abi_long do_modify_ldt(CPUX86State *env, int func, abi_ulong ptr,
6006                               unsigned long bytecount)
6007 {
6008     abi_long ret;
6009 
6010     switch (func) {
6011     case 0:
6012         ret = read_ldt(ptr, bytecount);
6013         break;
6014     case 1:
6015         ret = write_ldt(env, ptr, bytecount, 1);
6016         break;
6017     case 0x11:
6018         ret = write_ldt(env, ptr, bytecount, 0);
6019         break;
6020     default:
6021         ret = -TARGET_ENOSYS;
6022         break;
6023     }
6024     return ret;
6025 }
6026 
6027 #if defined(TARGET_I386) && defined(TARGET_ABI32)
6028 abi_long do_set_thread_area(CPUX86State *env, abi_ulong ptr)
6029 {
6030     uint64_t *gdt_table = g2h(env->gdt.base);
6031     struct target_modify_ldt_ldt_s ldt_info;
6032     struct target_modify_ldt_ldt_s *target_ldt_info;
6033     int seg_32bit, contents, read_exec_only, limit_in_pages;
6034     int seg_not_present, useable, lm;
6035     uint32_t *lp, entry_1, entry_2;
6036     int i;
6037 
6038     lock_user_struct(VERIFY_WRITE, target_ldt_info, ptr, 1);
6039     if (!target_ldt_info)
6040         return -TARGET_EFAULT;
6041     ldt_info.entry_number = tswap32(target_ldt_info->entry_number);
6042     ldt_info.base_addr = tswapal(target_ldt_info->base_addr);
6043     ldt_info.limit = tswap32(target_ldt_info->limit);
6044     ldt_info.flags = tswap32(target_ldt_info->flags);
6045     if (ldt_info.entry_number == -1) {
6046         for (i=TARGET_GDT_ENTRY_TLS_MIN; i<=TARGET_GDT_ENTRY_TLS_MAX; i++) {
6047             if (gdt_table[i] == 0) {
6048                 ldt_info.entry_number = i;
6049                 target_ldt_info->entry_number = tswap32(i);
6050                 break;
6051             }
6052         }
6053     }
6054     unlock_user_struct(target_ldt_info, ptr, 1);
6055 
6056     if (ldt_info.entry_number < TARGET_GDT_ENTRY_TLS_MIN ||
6057         ldt_info.entry_number > TARGET_GDT_ENTRY_TLS_MAX)
6058            return -TARGET_EINVAL;
6059     seg_32bit = ldt_info.flags & 1;
6060     contents = (ldt_info.flags >> 1) & 3;
6061     read_exec_only = (ldt_info.flags >> 3) & 1;
6062     limit_in_pages = (ldt_info.flags >> 4) & 1;
6063     seg_not_present = (ldt_info.flags >> 5) & 1;
6064     useable = (ldt_info.flags >> 6) & 1;
6065 #ifdef TARGET_ABI32
6066     lm = 0;
6067 #else
6068     lm = (ldt_info.flags >> 7) & 1;
6069 #endif
6070 
6071     if (contents == 3) {
6072         if (seg_not_present == 0)
6073             return -TARGET_EINVAL;
6074     }
6075 
6076     /* NOTE: same code as Linux kernel */
6077     /* Allow LDTs to be cleared by the user. */
6078     if (ldt_info.base_addr == 0 && ldt_info.limit == 0) {
6079         if ((contents == 0             &&
6080              read_exec_only == 1       &&
6081              seg_32bit == 0            &&
6082              limit_in_pages == 0       &&
6083              seg_not_present == 1      &&
6084              useable == 0 )) {
6085             entry_1 = 0;
6086             entry_2 = 0;
6087             goto install;
6088         }
6089     }
6090 
6091     entry_1 = ((ldt_info.base_addr & 0x0000ffff) << 16) |
6092         (ldt_info.limit & 0x0ffff);
6093     entry_2 = (ldt_info.base_addr & 0xff000000) |
6094         ((ldt_info.base_addr & 0x00ff0000) >> 16) |
6095         (ldt_info.limit & 0xf0000) |
6096         ((read_exec_only ^ 1) << 9) |
6097         (contents << 10) |
6098         ((seg_not_present ^ 1) << 15) |
6099         (seg_32bit << 22) |
6100         (limit_in_pages << 23) |
6101         (useable << 20) |
6102         (lm << 21) |
6103         0x7000;
6104 
6105     /* Install the new entry ...  */
6106 install:
6107     lp = (uint32_t *)(gdt_table + ldt_info.entry_number);
6108     lp[0] = tswap32(entry_1);
6109     lp[1] = tswap32(entry_2);
6110     return 0;
6111 }
6112 
6113 static abi_long do_get_thread_area(CPUX86State *env, abi_ulong ptr)
6114 {
6115     struct target_modify_ldt_ldt_s *target_ldt_info;
6116     uint64_t *gdt_table = g2h(env->gdt.base);
6117     uint32_t base_addr, limit, flags;
6118     int seg_32bit, contents, read_exec_only, limit_in_pages, idx;
6119     int seg_not_present, useable, lm;
6120     uint32_t *lp, entry_1, entry_2;
6121 
6122     lock_user_struct(VERIFY_WRITE, target_ldt_info, ptr, 1);
6123     if (!target_ldt_info)
6124         return -TARGET_EFAULT;
6125     idx = tswap32(target_ldt_info->entry_number);
6126     if (idx < TARGET_GDT_ENTRY_TLS_MIN ||
6127         idx > TARGET_GDT_ENTRY_TLS_MAX) {
6128         unlock_user_struct(target_ldt_info, ptr, 1);
6129         return -TARGET_EINVAL;
6130     }
6131     lp = (uint32_t *)(gdt_table + idx);
6132     entry_1 = tswap32(lp[0]);
6133     entry_2 = tswap32(lp[1]);
6134 
6135     read_exec_only = ((entry_2 >> 9) & 1) ^ 1;
6136     contents = (entry_2 >> 10) & 3;
6137     seg_not_present = ((entry_2 >> 15) & 1) ^ 1;
6138     seg_32bit = (entry_2 >> 22) & 1;
6139     limit_in_pages = (entry_2 >> 23) & 1;
6140     useable = (entry_2 >> 20) & 1;
6141 #ifdef TARGET_ABI32
6142     lm = 0;
6143 #else
6144     lm = (entry_2 >> 21) & 1;
6145 #endif
6146     flags = (seg_32bit << 0) | (contents << 1) |
6147         (read_exec_only << 3) | (limit_in_pages << 4) |
6148         (seg_not_present << 5) | (useable << 6) | (lm << 7);
6149     limit = (entry_1 & 0xffff) | (entry_2  & 0xf0000);
6150     base_addr = (entry_1 >> 16) |
6151         (entry_2 & 0xff000000) |
6152         ((entry_2 & 0xff) << 16);
6153     target_ldt_info->base_addr = tswapal(base_addr);
6154     target_ldt_info->limit = tswap32(limit);
6155     target_ldt_info->flags = tswap32(flags);
6156     unlock_user_struct(target_ldt_info, ptr, 1);
6157     return 0;
6158 }
6159 #endif /* TARGET_I386 && TARGET_ABI32 */
6160 
6161 #ifndef TARGET_ABI32
6162 abi_long do_arch_prctl(CPUX86State *env, int code, abi_ulong addr)
6163 {
6164     abi_long ret = 0;
6165     abi_ulong val;
6166     int idx;
6167 
6168     switch(code) {
6169     case TARGET_ARCH_SET_GS:
6170     case TARGET_ARCH_SET_FS:
6171         if (code == TARGET_ARCH_SET_GS)
6172             idx = R_GS;
6173         else
6174             idx = R_FS;
6175         cpu_x86_load_seg(env, idx, 0);
6176         env->segs[idx].base = addr;
6177         break;
6178     case TARGET_ARCH_GET_GS:
6179     case TARGET_ARCH_GET_FS:
6180         if (code == TARGET_ARCH_GET_GS)
6181             idx = R_GS;
6182         else
6183             idx = R_FS;
6184         val = env->segs[idx].base;
6185         if (put_user(val, addr, abi_ulong))
6186             ret = -TARGET_EFAULT;
6187         break;
6188     default:
6189         ret = -TARGET_EINVAL;
6190         break;
6191     }
6192     return ret;
6193 }
6194 #endif
6195 
6196 #endif /* defined(TARGET_I386) */
6197 
6198 #define NEW_STACK_SIZE 0x40000
6199 
6200 
6201 static pthread_mutex_t clone_lock = PTHREAD_MUTEX_INITIALIZER;
6202 typedef struct {
6203     CPUArchState *env;
6204     pthread_mutex_t mutex;
6205     pthread_cond_t cond;
6206     pthread_t thread;
6207     uint32_t tid;
6208     abi_ulong child_tidptr;
6209     abi_ulong parent_tidptr;
6210     sigset_t sigmask;
6211 } new_thread_info;
6212 
6213 static void *clone_func(void *arg)
6214 {
6215     new_thread_info *info = arg;
6216     CPUArchState *env;
6217     CPUState *cpu;
6218     TaskState *ts;
6219 
6220     rcu_register_thread();
6221     env = info->env;
6222     cpu = ENV_GET_CPU(env);
6223     thread_cpu = cpu;
6224     ts = (TaskState *)cpu->opaque;
6225     info->tid = gettid();
6226     task_settid(ts);
6227     if (info->child_tidptr)
6228         put_user_u32(info->tid, info->child_tidptr);
6229     if (info->parent_tidptr)
6230         put_user_u32(info->tid, info->parent_tidptr);
6231     /* Enable signals.  */
6232     sigprocmask(SIG_SETMASK, &info->sigmask, NULL);
6233     /* Signal to the parent that we're ready.  */
6234     pthread_mutex_lock(&info->mutex);
6235     pthread_cond_broadcast(&info->cond);
6236     pthread_mutex_unlock(&info->mutex);
6237     /* Wait until the parent has finshed initializing the tls state.  */
6238     pthread_mutex_lock(&clone_lock);
6239     pthread_mutex_unlock(&clone_lock);
6240     cpu_loop(env);
6241     /* never exits */
6242     return NULL;
6243 }
6244 
6245 /* do_fork() Must return host values and target errnos (unlike most
6246    do_*() functions). */
6247 static int do_fork(CPUArchState *env, unsigned int flags, abi_ulong newsp,
6248                    abi_ulong parent_tidptr, target_ulong newtls,
6249                    abi_ulong child_tidptr)
6250 {
6251     CPUState *cpu = ENV_GET_CPU(env);
6252     int ret;
6253     TaskState *ts;
6254     CPUState *new_cpu;
6255     CPUArchState *new_env;
6256     sigset_t sigmask;
6257 
6258     flags &= ~CLONE_IGNORED_FLAGS;
6259 
6260     /* Emulate vfork() with fork() */
6261     if (flags & CLONE_VFORK)
6262         flags &= ~(CLONE_VFORK | CLONE_VM);
6263 
6264     if (flags & CLONE_VM) {
6265         TaskState *parent_ts = (TaskState *)cpu->opaque;
6266         new_thread_info info;
6267         pthread_attr_t attr;
6268 
6269         if (((flags & CLONE_THREAD_FLAGS) != CLONE_THREAD_FLAGS) ||
6270             (flags & CLONE_INVALID_THREAD_FLAGS)) {
6271             return -TARGET_EINVAL;
6272         }
6273 
6274         ts = g_new0(TaskState, 1);
6275         init_task_state(ts);
6276         /* we create a new CPU instance. */
6277         new_env = cpu_copy(env);
6278         /* Init regs that differ from the parent.  */
6279         cpu_clone_regs(new_env, newsp);
6280         new_cpu = ENV_GET_CPU(new_env);
6281         new_cpu->opaque = ts;
6282         ts->bprm = parent_ts->bprm;
6283         ts->info = parent_ts->info;
6284         ts->signal_mask = parent_ts->signal_mask;
6285 
6286         if (flags & CLONE_CHILD_CLEARTID) {
6287             ts->child_tidptr = child_tidptr;
6288         }
6289 
6290         if (flags & CLONE_SETTLS) {
6291             cpu_set_tls (new_env, newtls);
6292         }
6293 
6294         /* Grab a mutex so that thread setup appears atomic.  */
6295         pthread_mutex_lock(&clone_lock);
6296 
6297         memset(&info, 0, sizeof(info));
6298         pthread_mutex_init(&info.mutex, NULL);
6299         pthread_mutex_lock(&info.mutex);
6300         pthread_cond_init(&info.cond, NULL);
6301         info.env = new_env;
6302         if (flags & CLONE_CHILD_SETTID) {
6303             info.child_tidptr = child_tidptr;
6304         }
6305         if (flags & CLONE_PARENT_SETTID) {
6306             info.parent_tidptr = parent_tidptr;
6307         }
6308 
6309         ret = pthread_attr_init(&attr);
6310         ret = pthread_attr_setstacksize(&attr, NEW_STACK_SIZE);
6311         ret = pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
6312         /* It is not safe to deliver signals until the child has finished
6313            initializing, so temporarily block all signals.  */
6314         sigfillset(&sigmask);
6315         sigprocmask(SIG_BLOCK, &sigmask, &info.sigmask);
6316 
6317         /* If this is our first additional thread, we need to ensure we
6318          * generate code for parallel execution and flush old translations.
6319          */
6320         if (!parallel_cpus) {
6321             parallel_cpus = true;
6322             tb_flush(cpu);
6323         }
6324 
6325         ret = pthread_create(&info.thread, &attr, clone_func, &info);
6326         /* TODO: Free new CPU state if thread creation failed.  */
6327 
6328         sigprocmask(SIG_SETMASK, &info.sigmask, NULL);
6329         pthread_attr_destroy(&attr);
6330         if (ret == 0) {
6331             /* Wait for the child to initialize.  */
6332             pthread_cond_wait(&info.cond, &info.mutex);
6333             ret = info.tid;
6334         } else {
6335             ret = -1;
6336         }
6337         pthread_mutex_unlock(&info.mutex);
6338         pthread_cond_destroy(&info.cond);
6339         pthread_mutex_destroy(&info.mutex);
6340         pthread_mutex_unlock(&clone_lock);
6341     } else {
6342         /* if no CLONE_VM, we consider it is a fork */
6343         if (flags & CLONE_INVALID_FORK_FLAGS) {
6344             return -TARGET_EINVAL;
6345         }
6346 
6347         /* We can't support custom termination signals */
6348         if ((flags & CSIGNAL) != TARGET_SIGCHLD) {
6349             return -TARGET_EINVAL;
6350         }
6351 
6352         if (block_signals()) {
6353             return -TARGET_ERESTARTSYS;
6354         }
6355 
6356         fork_start();
6357         ret = fork();
6358         if (ret == 0) {
6359             /* Child Process.  */
6360             cpu_clone_regs(env, newsp);
6361             fork_end(1);
6362             /* There is a race condition here.  The parent process could
6363                theoretically read the TID in the child process before the child
6364                tid is set.  This would require using either ptrace
6365                (not implemented) or having *_tidptr to point at a shared memory
6366                mapping.  We can't repeat the spinlock hack used above because
6367                the child process gets its own copy of the lock.  */
6368             if (flags & CLONE_CHILD_SETTID)
6369                 put_user_u32(gettid(), child_tidptr);
6370             if (flags & CLONE_PARENT_SETTID)
6371                 put_user_u32(gettid(), parent_tidptr);
6372             ts = (TaskState *)cpu->opaque;
6373             if (flags & CLONE_SETTLS)
6374                 cpu_set_tls (env, newtls);
6375             if (flags & CLONE_CHILD_CLEARTID)
6376                 ts->child_tidptr = child_tidptr;
6377         } else {
6378             fork_end(0);
6379         }
6380     }
6381     return ret;
6382 }
6383 
6384 /* warning : doesn't handle linux specific flags... */
6385 static int target_to_host_fcntl_cmd(int cmd)
6386 {
6387     switch(cmd) {
6388 	case TARGET_F_DUPFD:
6389 	case TARGET_F_GETFD:
6390 	case TARGET_F_SETFD:
6391 	case TARGET_F_GETFL:
6392 	case TARGET_F_SETFL:
6393             return cmd;
6394         case TARGET_F_GETLK:
6395             return F_GETLK64;
6396         case TARGET_F_SETLK:
6397             return F_SETLK64;
6398         case TARGET_F_SETLKW:
6399             return F_SETLKW64;
6400 	case TARGET_F_GETOWN:
6401 	    return F_GETOWN;
6402 	case TARGET_F_SETOWN:
6403 	    return F_SETOWN;
6404 	case TARGET_F_GETSIG:
6405 	    return F_GETSIG;
6406 	case TARGET_F_SETSIG:
6407 	    return F_SETSIG;
6408 #if TARGET_ABI_BITS == 32
6409         case TARGET_F_GETLK64:
6410 	    return F_GETLK64;
6411 	case TARGET_F_SETLK64:
6412 	    return F_SETLK64;
6413 	case TARGET_F_SETLKW64:
6414 	    return F_SETLKW64;
6415 #endif
6416         case TARGET_F_SETLEASE:
6417             return F_SETLEASE;
6418         case TARGET_F_GETLEASE:
6419             return F_GETLEASE;
6420 #ifdef F_DUPFD_CLOEXEC
6421         case TARGET_F_DUPFD_CLOEXEC:
6422             return F_DUPFD_CLOEXEC;
6423 #endif
6424         case TARGET_F_NOTIFY:
6425             return F_NOTIFY;
6426 #ifdef F_GETOWN_EX
6427 	case TARGET_F_GETOWN_EX:
6428 	    return F_GETOWN_EX;
6429 #endif
6430 #ifdef F_SETOWN_EX
6431 	case TARGET_F_SETOWN_EX:
6432 	    return F_SETOWN_EX;
6433 #endif
6434 #ifdef F_SETPIPE_SZ
6435         case TARGET_F_SETPIPE_SZ:
6436             return F_SETPIPE_SZ;
6437         case TARGET_F_GETPIPE_SZ:
6438             return F_GETPIPE_SZ;
6439 #endif
6440 	default:
6441             return -TARGET_EINVAL;
6442     }
6443     return -TARGET_EINVAL;
6444 }
6445 
6446 #define TRANSTBL_CONVERT(a) { -1, TARGET_##a, -1, a }
6447 static const bitmask_transtbl flock_tbl[] = {
6448     TRANSTBL_CONVERT(F_RDLCK),
6449     TRANSTBL_CONVERT(F_WRLCK),
6450     TRANSTBL_CONVERT(F_UNLCK),
6451     TRANSTBL_CONVERT(F_EXLCK),
6452     TRANSTBL_CONVERT(F_SHLCK),
6453     { 0, 0, 0, 0 }
6454 };
6455 
6456 static inline abi_long copy_from_user_flock(struct flock64 *fl,
6457                                             abi_ulong target_flock_addr)
6458 {
6459     struct target_flock *target_fl;
6460     short l_type;
6461 
6462     if (!lock_user_struct(VERIFY_READ, target_fl, target_flock_addr, 1)) {
6463         return -TARGET_EFAULT;
6464     }
6465 
6466     __get_user(l_type, &target_fl->l_type);
6467     fl->l_type = target_to_host_bitmask(l_type, flock_tbl);
6468     __get_user(fl->l_whence, &target_fl->l_whence);
6469     __get_user(fl->l_start, &target_fl->l_start);
6470     __get_user(fl->l_len, &target_fl->l_len);
6471     __get_user(fl->l_pid, &target_fl->l_pid);
6472     unlock_user_struct(target_fl, target_flock_addr, 0);
6473     return 0;
6474 }
6475 
6476 static inline abi_long copy_to_user_flock(abi_ulong target_flock_addr,
6477                                           const struct flock64 *fl)
6478 {
6479     struct target_flock *target_fl;
6480     short l_type;
6481 
6482     if (!lock_user_struct(VERIFY_WRITE, target_fl, target_flock_addr, 0)) {
6483         return -TARGET_EFAULT;
6484     }
6485 
6486     l_type = host_to_target_bitmask(fl->l_type, flock_tbl);
6487     __put_user(l_type, &target_fl->l_type);
6488     __put_user(fl->l_whence, &target_fl->l_whence);
6489     __put_user(fl->l_start, &target_fl->l_start);
6490     __put_user(fl->l_len, &target_fl->l_len);
6491     __put_user(fl->l_pid, &target_fl->l_pid);
6492     unlock_user_struct(target_fl, target_flock_addr, 1);
6493     return 0;
6494 }
6495 
6496 typedef abi_long from_flock64_fn(struct flock64 *fl, abi_ulong target_addr);
6497 typedef abi_long to_flock64_fn(abi_ulong target_addr, const struct flock64 *fl);
6498 
6499 #if defined(TARGET_ARM) && TARGET_ABI_BITS == 32
6500 static inline abi_long copy_from_user_eabi_flock64(struct flock64 *fl,
6501                                                    abi_ulong target_flock_addr)
6502 {
6503     struct target_eabi_flock64 *target_fl;
6504     short l_type;
6505 
6506     if (!lock_user_struct(VERIFY_READ, target_fl, target_flock_addr, 1)) {
6507         return -TARGET_EFAULT;
6508     }
6509 
6510     __get_user(l_type, &target_fl->l_type);
6511     fl->l_type = target_to_host_bitmask(l_type, flock_tbl);
6512     __get_user(fl->l_whence, &target_fl->l_whence);
6513     __get_user(fl->l_start, &target_fl->l_start);
6514     __get_user(fl->l_len, &target_fl->l_len);
6515     __get_user(fl->l_pid, &target_fl->l_pid);
6516     unlock_user_struct(target_fl, target_flock_addr, 0);
6517     return 0;
6518 }
6519 
6520 static inline abi_long copy_to_user_eabi_flock64(abi_ulong target_flock_addr,
6521                                                  const struct flock64 *fl)
6522 {
6523     struct target_eabi_flock64 *target_fl;
6524     short l_type;
6525 
6526     if (!lock_user_struct(VERIFY_WRITE, target_fl, target_flock_addr, 0)) {
6527         return -TARGET_EFAULT;
6528     }
6529 
6530     l_type = host_to_target_bitmask(fl->l_type, flock_tbl);
6531     __put_user(l_type, &target_fl->l_type);
6532     __put_user(fl->l_whence, &target_fl->l_whence);
6533     __put_user(fl->l_start, &target_fl->l_start);
6534     __put_user(fl->l_len, &target_fl->l_len);
6535     __put_user(fl->l_pid, &target_fl->l_pid);
6536     unlock_user_struct(target_fl, target_flock_addr, 1);
6537     return 0;
6538 }
6539 #endif
6540 
6541 static inline abi_long copy_from_user_flock64(struct flock64 *fl,
6542                                               abi_ulong target_flock_addr)
6543 {
6544     struct target_flock64 *target_fl;
6545     short l_type;
6546 
6547     if (!lock_user_struct(VERIFY_READ, target_fl, target_flock_addr, 1)) {
6548         return -TARGET_EFAULT;
6549     }
6550 
6551     __get_user(l_type, &target_fl->l_type);
6552     fl->l_type = target_to_host_bitmask(l_type, flock_tbl);
6553     __get_user(fl->l_whence, &target_fl->l_whence);
6554     __get_user(fl->l_start, &target_fl->l_start);
6555     __get_user(fl->l_len, &target_fl->l_len);
6556     __get_user(fl->l_pid, &target_fl->l_pid);
6557     unlock_user_struct(target_fl, target_flock_addr, 0);
6558     return 0;
6559 }
6560 
6561 static inline abi_long copy_to_user_flock64(abi_ulong target_flock_addr,
6562                                             const struct flock64 *fl)
6563 {
6564     struct target_flock64 *target_fl;
6565     short l_type;
6566 
6567     if (!lock_user_struct(VERIFY_WRITE, target_fl, target_flock_addr, 0)) {
6568         return -TARGET_EFAULT;
6569     }
6570 
6571     l_type = host_to_target_bitmask(fl->l_type, flock_tbl);
6572     __put_user(l_type, &target_fl->l_type);
6573     __put_user(fl->l_whence, &target_fl->l_whence);
6574     __put_user(fl->l_start, &target_fl->l_start);
6575     __put_user(fl->l_len, &target_fl->l_len);
6576     __put_user(fl->l_pid, &target_fl->l_pid);
6577     unlock_user_struct(target_fl, target_flock_addr, 1);
6578     return 0;
6579 }
6580 
6581 static abi_long do_fcntl(int fd, int cmd, abi_ulong arg)
6582 {
6583     struct flock64 fl64;
6584 #ifdef F_GETOWN_EX
6585     struct f_owner_ex fox;
6586     struct target_f_owner_ex *target_fox;
6587 #endif
6588     abi_long ret;
6589     int host_cmd = target_to_host_fcntl_cmd(cmd);
6590 
6591     if (host_cmd == -TARGET_EINVAL)
6592 	    return host_cmd;
6593 
6594     switch(cmd) {
6595     case TARGET_F_GETLK:
6596         ret = copy_from_user_flock(&fl64, arg);
6597         if (ret) {
6598             return ret;
6599         }
6600         ret = get_errno(safe_fcntl(fd, host_cmd, &fl64));
6601         if (ret == 0) {
6602             ret = copy_to_user_flock(arg, &fl64);
6603         }
6604         break;
6605 
6606     case TARGET_F_SETLK:
6607     case TARGET_F_SETLKW:
6608         ret = copy_from_user_flock(&fl64, arg);
6609         if (ret) {
6610             return ret;
6611         }
6612         ret = get_errno(safe_fcntl(fd, host_cmd, &fl64));
6613         break;
6614 
6615     case TARGET_F_GETLK64:
6616         ret = copy_from_user_flock64(&fl64, arg);
6617         if (ret) {
6618             return ret;
6619         }
6620         ret = get_errno(safe_fcntl(fd, host_cmd, &fl64));
6621         if (ret == 0) {
6622             ret = copy_to_user_flock64(arg, &fl64);
6623         }
6624         break;
6625     case TARGET_F_SETLK64:
6626     case TARGET_F_SETLKW64:
6627         ret = copy_from_user_flock64(&fl64, arg);
6628         if (ret) {
6629             return ret;
6630         }
6631         ret = get_errno(safe_fcntl(fd, host_cmd, &fl64));
6632         break;
6633 
6634     case TARGET_F_GETFL:
6635         ret = get_errno(safe_fcntl(fd, host_cmd, arg));
6636         if (ret >= 0) {
6637             ret = host_to_target_bitmask(ret, fcntl_flags_tbl);
6638         }
6639         break;
6640 
6641     case TARGET_F_SETFL:
6642         ret = get_errno(safe_fcntl(fd, host_cmd,
6643                                    target_to_host_bitmask(arg,
6644                                                           fcntl_flags_tbl)));
6645         break;
6646 
6647 #ifdef F_GETOWN_EX
6648     case TARGET_F_GETOWN_EX:
6649         ret = get_errno(safe_fcntl(fd, host_cmd, &fox));
6650         if (ret >= 0) {
6651             if (!lock_user_struct(VERIFY_WRITE, target_fox, arg, 0))
6652                 return -TARGET_EFAULT;
6653             target_fox->type = tswap32(fox.type);
6654             target_fox->pid = tswap32(fox.pid);
6655             unlock_user_struct(target_fox, arg, 1);
6656         }
6657         break;
6658 #endif
6659 
6660 #ifdef F_SETOWN_EX
6661     case TARGET_F_SETOWN_EX:
6662         if (!lock_user_struct(VERIFY_READ, target_fox, arg, 1))
6663             return -TARGET_EFAULT;
6664         fox.type = tswap32(target_fox->type);
6665         fox.pid = tswap32(target_fox->pid);
6666         unlock_user_struct(target_fox, arg, 0);
6667         ret = get_errno(safe_fcntl(fd, host_cmd, &fox));
6668         break;
6669 #endif
6670 
6671     case TARGET_F_SETOWN:
6672     case TARGET_F_GETOWN:
6673     case TARGET_F_SETSIG:
6674     case TARGET_F_GETSIG:
6675     case TARGET_F_SETLEASE:
6676     case TARGET_F_GETLEASE:
6677     case TARGET_F_SETPIPE_SZ:
6678     case TARGET_F_GETPIPE_SZ:
6679         ret = get_errno(safe_fcntl(fd, host_cmd, arg));
6680         break;
6681 
6682     default:
6683         ret = get_errno(safe_fcntl(fd, cmd, arg));
6684         break;
6685     }
6686     return ret;
6687 }
6688 
6689 #ifdef USE_UID16
6690 
6691 static inline int high2lowuid(int uid)
6692 {
6693     if (uid > 65535)
6694         return 65534;
6695     else
6696         return uid;
6697 }
6698 
6699 static inline int high2lowgid(int gid)
6700 {
6701     if (gid > 65535)
6702         return 65534;
6703     else
6704         return gid;
6705 }
6706 
6707 static inline int low2highuid(int uid)
6708 {
6709     if ((int16_t)uid == -1)
6710         return -1;
6711     else
6712         return uid;
6713 }
6714 
6715 static inline int low2highgid(int gid)
6716 {
6717     if ((int16_t)gid == -1)
6718         return -1;
6719     else
6720         return gid;
6721 }
6722 static inline int tswapid(int id)
6723 {
6724     return tswap16(id);
6725 }
6726 
6727 #define put_user_id(x, gaddr) put_user_u16(x, gaddr)
6728 
6729 #else /* !USE_UID16 */
6730 static inline int high2lowuid(int uid)
6731 {
6732     return uid;
6733 }
6734 static inline int high2lowgid(int gid)
6735 {
6736     return gid;
6737 }
6738 static inline int low2highuid(int uid)
6739 {
6740     return uid;
6741 }
6742 static inline int low2highgid(int gid)
6743 {
6744     return gid;
6745 }
6746 static inline int tswapid(int id)
6747 {
6748     return tswap32(id);
6749 }
6750 
6751 #define put_user_id(x, gaddr) put_user_u32(x, gaddr)
6752 
6753 #endif /* USE_UID16 */
6754 
6755 /* We must do direct syscalls for setting UID/GID, because we want to
6756  * implement the Linux system call semantics of "change only for this thread",
6757  * not the libc/POSIX semantics of "change for all threads in process".
6758  * (See http://ewontfix.com/17/ for more details.)
6759  * We use the 32-bit version of the syscalls if present; if it is not
6760  * then either the host architecture supports 32-bit UIDs natively with
6761  * the standard syscall, or the 16-bit UID is the best we can do.
6762  */
6763 #ifdef __NR_setuid32
6764 #define __NR_sys_setuid __NR_setuid32
6765 #else
6766 #define __NR_sys_setuid __NR_setuid
6767 #endif
6768 #ifdef __NR_setgid32
6769 #define __NR_sys_setgid __NR_setgid32
6770 #else
6771 #define __NR_sys_setgid __NR_setgid
6772 #endif
6773 #ifdef __NR_setresuid32
6774 #define __NR_sys_setresuid __NR_setresuid32
6775 #else
6776 #define __NR_sys_setresuid __NR_setresuid
6777 #endif
6778 #ifdef __NR_setresgid32
6779 #define __NR_sys_setresgid __NR_setresgid32
6780 #else
6781 #define __NR_sys_setresgid __NR_setresgid
6782 #endif
6783 
6784 _syscall1(int, sys_setuid, uid_t, uid)
6785 _syscall1(int, sys_setgid, gid_t, gid)
6786 _syscall3(int, sys_setresuid, uid_t, ruid, uid_t, euid, uid_t, suid)
6787 _syscall3(int, sys_setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid)
6788 
6789 void syscall_init(void)
6790 {
6791     IOCTLEntry *ie;
6792     const argtype *arg_type;
6793     int size;
6794     int i;
6795 
6796     thunk_init(STRUCT_MAX);
6797 
6798 #define STRUCT(name, ...) thunk_register_struct(STRUCT_ ## name, #name, struct_ ## name ## _def);
6799 #define STRUCT_SPECIAL(name) thunk_register_struct_direct(STRUCT_ ## name, #name, &struct_ ## name ## _def);
6800 #include "syscall_types.h"
6801 #undef STRUCT
6802 #undef STRUCT_SPECIAL
6803 
6804     /* Build target_to_host_errno_table[] table from
6805      * host_to_target_errno_table[]. */
6806     for (i = 0; i < ERRNO_TABLE_SIZE; i++) {
6807         target_to_host_errno_table[host_to_target_errno_table[i]] = i;
6808     }
6809 
6810     /* we patch the ioctl size if necessary. We rely on the fact that
6811        no ioctl has all the bits at '1' in the size field */
6812     ie = ioctl_entries;
6813     while (ie->target_cmd != 0) {
6814         if (((ie->target_cmd >> TARGET_IOC_SIZESHIFT) & TARGET_IOC_SIZEMASK) ==
6815             TARGET_IOC_SIZEMASK) {
6816             arg_type = ie->arg_type;
6817             if (arg_type[0] != TYPE_PTR) {
6818                 fprintf(stderr, "cannot patch size for ioctl 0x%x\n",
6819                         ie->target_cmd);
6820                 exit(1);
6821             }
6822             arg_type++;
6823             size = thunk_type_size(arg_type, 0);
6824             ie->target_cmd = (ie->target_cmd &
6825                               ~(TARGET_IOC_SIZEMASK << TARGET_IOC_SIZESHIFT)) |
6826                 (size << TARGET_IOC_SIZESHIFT);
6827         }
6828 
6829         /* automatic consistency check if same arch */
6830 #if (defined(__i386__) && defined(TARGET_I386) && defined(TARGET_ABI32)) || \
6831     (defined(__x86_64__) && defined(TARGET_X86_64))
6832         if (unlikely(ie->target_cmd != ie->host_cmd)) {
6833             fprintf(stderr, "ERROR: ioctl(%s): target=0x%x host=0x%x\n",
6834                     ie->name, ie->target_cmd, ie->host_cmd);
6835         }
6836 #endif
6837         ie++;
6838     }
6839 }
6840 
6841 #if TARGET_ABI_BITS == 32
6842 static inline uint64_t target_offset64(uint32_t word0, uint32_t word1)
6843 {
6844 #ifdef TARGET_WORDS_BIGENDIAN
6845     return ((uint64_t)word0 << 32) | word1;
6846 #else
6847     return ((uint64_t)word1 << 32) | word0;
6848 #endif
6849 }
6850 #else /* TARGET_ABI_BITS == 32 */
6851 static inline uint64_t target_offset64(uint64_t word0, uint64_t word1)
6852 {
6853     return word0;
6854 }
6855 #endif /* TARGET_ABI_BITS != 32 */
6856 
6857 #ifdef TARGET_NR_truncate64
6858 static inline abi_long target_truncate64(void *cpu_env, const char *arg1,
6859                                          abi_long arg2,
6860                                          abi_long arg3,
6861                                          abi_long arg4)
6862 {
6863     if (regpairs_aligned(cpu_env)) {
6864         arg2 = arg3;
6865         arg3 = arg4;
6866     }
6867     return get_errno(truncate64(arg1, target_offset64(arg2, arg3)));
6868 }
6869 #endif
6870 
6871 #ifdef TARGET_NR_ftruncate64
6872 static inline abi_long target_ftruncate64(void *cpu_env, abi_long arg1,
6873                                           abi_long arg2,
6874                                           abi_long arg3,
6875                                           abi_long arg4)
6876 {
6877     if (regpairs_aligned(cpu_env)) {
6878         arg2 = arg3;
6879         arg3 = arg4;
6880     }
6881     return get_errno(ftruncate64(arg1, target_offset64(arg2, arg3)));
6882 }
6883 #endif
6884 
6885 static inline abi_long target_to_host_timespec(struct timespec *host_ts,
6886                                                abi_ulong target_addr)
6887 {
6888     struct target_timespec *target_ts;
6889 
6890     if (!lock_user_struct(VERIFY_READ, target_ts, target_addr, 1))
6891         return -TARGET_EFAULT;
6892     __get_user(host_ts->tv_sec, &target_ts->tv_sec);
6893     __get_user(host_ts->tv_nsec, &target_ts->tv_nsec);
6894     unlock_user_struct(target_ts, target_addr, 0);
6895     return 0;
6896 }
6897 
6898 static inline abi_long host_to_target_timespec(abi_ulong target_addr,
6899                                                struct timespec *host_ts)
6900 {
6901     struct target_timespec *target_ts;
6902 
6903     if (!lock_user_struct(VERIFY_WRITE, target_ts, target_addr, 0))
6904         return -TARGET_EFAULT;
6905     __put_user(host_ts->tv_sec, &target_ts->tv_sec);
6906     __put_user(host_ts->tv_nsec, &target_ts->tv_nsec);
6907     unlock_user_struct(target_ts, target_addr, 1);
6908     return 0;
6909 }
6910 
6911 static inline abi_long target_to_host_itimerspec(struct itimerspec *host_itspec,
6912                                                  abi_ulong target_addr)
6913 {
6914     struct target_itimerspec *target_itspec;
6915 
6916     if (!lock_user_struct(VERIFY_READ, target_itspec, target_addr, 1)) {
6917         return -TARGET_EFAULT;
6918     }
6919 
6920     host_itspec->it_interval.tv_sec =
6921                             tswapal(target_itspec->it_interval.tv_sec);
6922     host_itspec->it_interval.tv_nsec =
6923                             tswapal(target_itspec->it_interval.tv_nsec);
6924     host_itspec->it_value.tv_sec = tswapal(target_itspec->it_value.tv_sec);
6925     host_itspec->it_value.tv_nsec = tswapal(target_itspec->it_value.tv_nsec);
6926 
6927     unlock_user_struct(target_itspec, target_addr, 1);
6928     return 0;
6929 }
6930 
6931 static inline abi_long host_to_target_itimerspec(abi_ulong target_addr,
6932                                                struct itimerspec *host_its)
6933 {
6934     struct target_itimerspec *target_itspec;
6935 
6936     if (!lock_user_struct(VERIFY_WRITE, target_itspec, target_addr, 0)) {
6937         return -TARGET_EFAULT;
6938     }
6939 
6940     target_itspec->it_interval.tv_sec = tswapal(host_its->it_interval.tv_sec);
6941     target_itspec->it_interval.tv_nsec = tswapal(host_its->it_interval.tv_nsec);
6942 
6943     target_itspec->it_value.tv_sec = tswapal(host_its->it_value.tv_sec);
6944     target_itspec->it_value.tv_nsec = tswapal(host_its->it_value.tv_nsec);
6945 
6946     unlock_user_struct(target_itspec, target_addr, 0);
6947     return 0;
6948 }
6949 
6950 static inline abi_long target_to_host_timex(struct timex *host_tx,
6951                                             abi_long target_addr)
6952 {
6953     struct target_timex *target_tx;
6954 
6955     if (!lock_user_struct(VERIFY_READ, target_tx, target_addr, 1)) {
6956         return -TARGET_EFAULT;
6957     }
6958 
6959     __get_user(host_tx->modes, &target_tx->modes);
6960     __get_user(host_tx->offset, &target_tx->offset);
6961     __get_user(host_tx->freq, &target_tx->freq);
6962     __get_user(host_tx->maxerror, &target_tx->maxerror);
6963     __get_user(host_tx->esterror, &target_tx->esterror);
6964     __get_user(host_tx->status, &target_tx->status);
6965     __get_user(host_tx->constant, &target_tx->constant);
6966     __get_user(host_tx->precision, &target_tx->precision);
6967     __get_user(host_tx->tolerance, &target_tx->tolerance);
6968     __get_user(host_tx->time.tv_sec, &target_tx->time.tv_sec);
6969     __get_user(host_tx->time.tv_usec, &target_tx->time.tv_usec);
6970     __get_user(host_tx->tick, &target_tx->tick);
6971     __get_user(host_tx->ppsfreq, &target_tx->ppsfreq);
6972     __get_user(host_tx->jitter, &target_tx->jitter);
6973     __get_user(host_tx->shift, &target_tx->shift);
6974     __get_user(host_tx->stabil, &target_tx->stabil);
6975     __get_user(host_tx->jitcnt, &target_tx->jitcnt);
6976     __get_user(host_tx->calcnt, &target_tx->calcnt);
6977     __get_user(host_tx->errcnt, &target_tx->errcnt);
6978     __get_user(host_tx->stbcnt, &target_tx->stbcnt);
6979     __get_user(host_tx->tai, &target_tx->tai);
6980 
6981     unlock_user_struct(target_tx, target_addr, 0);
6982     return 0;
6983 }
6984 
6985 static inline abi_long host_to_target_timex(abi_long target_addr,
6986                                             struct timex *host_tx)
6987 {
6988     struct target_timex *target_tx;
6989 
6990     if (!lock_user_struct(VERIFY_WRITE, target_tx, target_addr, 0)) {
6991         return -TARGET_EFAULT;
6992     }
6993 
6994     __put_user(host_tx->modes, &target_tx->modes);
6995     __put_user(host_tx->offset, &target_tx->offset);
6996     __put_user(host_tx->freq, &target_tx->freq);
6997     __put_user(host_tx->maxerror, &target_tx->maxerror);
6998     __put_user(host_tx->esterror, &target_tx->esterror);
6999     __put_user(host_tx->status, &target_tx->status);
7000     __put_user(host_tx->constant, &target_tx->constant);
7001     __put_user(host_tx->precision, &target_tx->precision);
7002     __put_user(host_tx->tolerance, &target_tx->tolerance);
7003     __put_user(host_tx->time.tv_sec, &target_tx->time.tv_sec);
7004     __put_user(host_tx->time.tv_usec, &target_tx->time.tv_usec);
7005     __put_user(host_tx->tick, &target_tx->tick);
7006     __put_user(host_tx->ppsfreq, &target_tx->ppsfreq);
7007     __put_user(host_tx->jitter, &target_tx->jitter);
7008     __put_user(host_tx->shift, &target_tx->shift);
7009     __put_user(host_tx->stabil, &target_tx->stabil);
7010     __put_user(host_tx->jitcnt, &target_tx->jitcnt);
7011     __put_user(host_tx->calcnt, &target_tx->calcnt);
7012     __put_user(host_tx->errcnt, &target_tx->errcnt);
7013     __put_user(host_tx->stbcnt, &target_tx->stbcnt);
7014     __put_user(host_tx->tai, &target_tx->tai);
7015 
7016     unlock_user_struct(target_tx, target_addr, 1);
7017     return 0;
7018 }
7019 
7020 
7021 static inline abi_long target_to_host_sigevent(struct sigevent *host_sevp,
7022                                                abi_ulong target_addr)
7023 {
7024     struct target_sigevent *target_sevp;
7025 
7026     if (!lock_user_struct(VERIFY_READ, target_sevp, target_addr, 1)) {
7027         return -TARGET_EFAULT;
7028     }
7029 
7030     /* This union is awkward on 64 bit systems because it has a 32 bit
7031      * integer and a pointer in it; we follow the conversion approach
7032      * used for handling sigval types in signal.c so the guest should get
7033      * the correct value back even if we did a 64 bit byteswap and it's
7034      * using the 32 bit integer.
7035      */
7036     host_sevp->sigev_value.sival_ptr =
7037         (void *)(uintptr_t)tswapal(target_sevp->sigev_value.sival_ptr);
7038     host_sevp->sigev_signo =
7039         target_to_host_signal(tswap32(target_sevp->sigev_signo));
7040     host_sevp->sigev_notify = tswap32(target_sevp->sigev_notify);
7041     host_sevp->_sigev_un._tid = tswap32(target_sevp->_sigev_un._tid);
7042 
7043     unlock_user_struct(target_sevp, target_addr, 1);
7044     return 0;
7045 }
7046 
7047 #if defined(TARGET_NR_mlockall)
7048 static inline int target_to_host_mlockall_arg(int arg)
7049 {
7050     int result = 0;
7051 
7052     if (arg & TARGET_MLOCKALL_MCL_CURRENT) {
7053         result |= MCL_CURRENT;
7054     }
7055     if (arg & TARGET_MLOCKALL_MCL_FUTURE) {
7056         result |= MCL_FUTURE;
7057     }
7058     return result;
7059 }
7060 #endif
7061 
7062 static inline abi_long host_to_target_stat64(void *cpu_env,
7063                                              abi_ulong target_addr,
7064                                              struct stat *host_st)
7065 {
7066 #if defined(TARGET_ARM) && defined(TARGET_ABI32)
7067     if (((CPUARMState *)cpu_env)->eabi) {
7068         struct target_eabi_stat64 *target_st;
7069 
7070         if (!lock_user_struct(VERIFY_WRITE, target_st, target_addr, 0))
7071             return -TARGET_EFAULT;
7072         memset(target_st, 0, sizeof(struct target_eabi_stat64));
7073         __put_user(host_st->st_dev, &target_st->st_dev);
7074         __put_user(host_st->st_ino, &target_st->st_ino);
7075 #ifdef TARGET_STAT64_HAS_BROKEN_ST_INO
7076         __put_user(host_st->st_ino, &target_st->__st_ino);
7077 #endif
7078         __put_user(host_st->st_mode, &target_st->st_mode);
7079         __put_user(host_st->st_nlink, &target_st->st_nlink);
7080         __put_user(host_st->st_uid, &target_st->st_uid);
7081         __put_user(host_st->st_gid, &target_st->st_gid);
7082         __put_user(host_st->st_rdev, &target_st->st_rdev);
7083         __put_user(host_st->st_size, &target_st->st_size);
7084         __put_user(host_st->st_blksize, &target_st->st_blksize);
7085         __put_user(host_st->st_blocks, &target_st->st_blocks);
7086         __put_user(host_st->st_atime, &target_st->target_st_atime);
7087         __put_user(host_st->st_mtime, &target_st->target_st_mtime);
7088         __put_user(host_st->st_ctime, &target_st->target_st_ctime);
7089         unlock_user_struct(target_st, target_addr, 1);
7090     } else
7091 #endif
7092     {
7093 #if defined(TARGET_HAS_STRUCT_STAT64)
7094         struct target_stat64 *target_st;
7095 #else
7096         struct target_stat *target_st;
7097 #endif
7098 
7099         if (!lock_user_struct(VERIFY_WRITE, target_st, target_addr, 0))
7100             return -TARGET_EFAULT;
7101         memset(target_st, 0, sizeof(*target_st));
7102         __put_user(host_st->st_dev, &target_st->st_dev);
7103         __put_user(host_st->st_ino, &target_st->st_ino);
7104 #ifdef TARGET_STAT64_HAS_BROKEN_ST_INO
7105         __put_user(host_st->st_ino, &target_st->__st_ino);
7106 #endif
7107         __put_user(host_st->st_mode, &target_st->st_mode);
7108         __put_user(host_st->st_nlink, &target_st->st_nlink);
7109         __put_user(host_st->st_uid, &target_st->st_uid);
7110         __put_user(host_st->st_gid, &target_st->st_gid);
7111         __put_user(host_st->st_rdev, &target_st->st_rdev);
7112         /* XXX: better use of kernel struct */
7113         __put_user(host_st->st_size, &target_st->st_size);
7114         __put_user(host_st->st_blksize, &target_st->st_blksize);
7115         __put_user(host_st->st_blocks, &target_st->st_blocks);
7116         __put_user(host_st->st_atime, &target_st->target_st_atime);
7117         __put_user(host_st->st_mtime, &target_st->target_st_mtime);
7118         __put_user(host_st->st_ctime, &target_st->target_st_ctime);
7119         unlock_user_struct(target_st, target_addr, 1);
7120     }
7121 
7122     return 0;
7123 }
7124 
7125 /* ??? Using host futex calls even when target atomic operations
7126    are not really atomic probably breaks things.  However implementing
7127    futexes locally would make futexes shared between multiple processes
7128    tricky.  However they're probably useless because guest atomic
7129    operations won't work either.  */
7130 static int do_futex(target_ulong uaddr, int op, int val, target_ulong timeout,
7131                     target_ulong uaddr2, int val3)
7132 {
7133     struct timespec ts, *pts;
7134     int base_op;
7135 
7136     /* ??? We assume FUTEX_* constants are the same on both host
7137        and target.  */
7138 #ifdef FUTEX_CMD_MASK
7139     base_op = op & FUTEX_CMD_MASK;
7140 #else
7141     base_op = op;
7142 #endif
7143     switch (base_op) {
7144     case FUTEX_WAIT:
7145     case FUTEX_WAIT_BITSET:
7146         if (timeout) {
7147             pts = &ts;
7148             target_to_host_timespec(pts, timeout);
7149         } else {
7150             pts = NULL;
7151         }
7152         return get_errno(safe_futex(g2h(uaddr), op, tswap32(val),
7153                          pts, NULL, val3));
7154     case FUTEX_WAKE:
7155         return get_errno(safe_futex(g2h(uaddr), op, val, NULL, NULL, 0));
7156     case FUTEX_FD:
7157         return get_errno(safe_futex(g2h(uaddr), op, val, NULL, NULL, 0));
7158     case FUTEX_REQUEUE:
7159     case FUTEX_CMP_REQUEUE:
7160     case FUTEX_WAKE_OP:
7161         /* For FUTEX_REQUEUE, FUTEX_CMP_REQUEUE, and FUTEX_WAKE_OP, the
7162            TIMEOUT parameter is interpreted as a uint32_t by the kernel.
7163            But the prototype takes a `struct timespec *'; insert casts
7164            to satisfy the compiler.  We do not need to tswap TIMEOUT
7165            since it's not compared to guest memory.  */
7166         pts = (struct timespec *)(uintptr_t) timeout;
7167         return get_errno(safe_futex(g2h(uaddr), op, val, pts,
7168                                     g2h(uaddr2),
7169                                     (base_op == FUTEX_CMP_REQUEUE
7170                                      ? tswap32(val3)
7171                                      : val3)));
7172     default:
7173         return -TARGET_ENOSYS;
7174     }
7175 }
7176 #if defined(TARGET_NR_name_to_handle_at) && defined(CONFIG_OPEN_BY_HANDLE)
7177 static abi_long do_name_to_handle_at(abi_long dirfd, abi_long pathname,
7178                                      abi_long handle, abi_long mount_id,
7179                                      abi_long flags)
7180 {
7181     struct file_handle *target_fh;
7182     struct file_handle *fh;
7183     int mid = 0;
7184     abi_long ret;
7185     char *name;
7186     unsigned int size, total_size;
7187 
7188     if (get_user_s32(size, handle)) {
7189         return -TARGET_EFAULT;
7190     }
7191 
7192     name = lock_user_string(pathname);
7193     if (!name) {
7194         return -TARGET_EFAULT;
7195     }
7196 
7197     total_size = sizeof(struct file_handle) + size;
7198     target_fh = lock_user(VERIFY_WRITE, handle, total_size, 0);
7199     if (!target_fh) {
7200         unlock_user(name, pathname, 0);
7201         return -TARGET_EFAULT;
7202     }
7203 
7204     fh = g_malloc0(total_size);
7205     fh->handle_bytes = size;
7206 
7207     ret = get_errno(name_to_handle_at(dirfd, path(name), fh, &mid, flags));
7208     unlock_user(name, pathname, 0);
7209 
7210     /* man name_to_handle_at(2):
7211      * Other than the use of the handle_bytes field, the caller should treat
7212      * the file_handle structure as an opaque data type
7213      */
7214 
7215     memcpy(target_fh, fh, total_size);
7216     target_fh->handle_bytes = tswap32(fh->handle_bytes);
7217     target_fh->handle_type = tswap32(fh->handle_type);
7218     g_free(fh);
7219     unlock_user(target_fh, handle, total_size);
7220 
7221     if (put_user_s32(mid, mount_id)) {
7222         return -TARGET_EFAULT;
7223     }
7224 
7225     return ret;
7226 
7227 }
7228 #endif
7229 
7230 #if defined(TARGET_NR_open_by_handle_at) && defined(CONFIG_OPEN_BY_HANDLE)
7231 static abi_long do_open_by_handle_at(abi_long mount_fd, abi_long handle,
7232                                      abi_long flags)
7233 {
7234     struct file_handle *target_fh;
7235     struct file_handle *fh;
7236     unsigned int size, total_size;
7237     abi_long ret;
7238 
7239     if (get_user_s32(size, handle)) {
7240         return -TARGET_EFAULT;
7241     }
7242 
7243     total_size = sizeof(struct file_handle) + size;
7244     target_fh = lock_user(VERIFY_READ, handle, total_size, 1);
7245     if (!target_fh) {
7246         return -TARGET_EFAULT;
7247     }
7248 
7249     fh = g_memdup(target_fh, total_size);
7250     fh->handle_bytes = size;
7251     fh->handle_type = tswap32(target_fh->handle_type);
7252 
7253     ret = get_errno(open_by_handle_at(mount_fd, fh,
7254                     target_to_host_bitmask(flags, fcntl_flags_tbl)));
7255 
7256     g_free(fh);
7257 
7258     unlock_user(target_fh, handle, total_size);
7259 
7260     return ret;
7261 }
7262 #endif
7263 
7264 #if defined(TARGET_NR_signalfd) || defined(TARGET_NR_signalfd4)
7265 
7266 /* signalfd siginfo conversion */
7267 
7268 static void
7269 host_to_target_signalfd_siginfo(struct signalfd_siginfo *tinfo,
7270                                 const struct signalfd_siginfo *info)
7271 {
7272     int sig = host_to_target_signal(info->ssi_signo);
7273 
7274     /* linux/signalfd.h defines a ssi_addr_lsb
7275      * not defined in sys/signalfd.h but used by some kernels
7276      */
7277 
7278 #ifdef BUS_MCEERR_AO
7279     if (tinfo->ssi_signo == SIGBUS &&
7280         (tinfo->ssi_code == BUS_MCEERR_AR ||
7281          tinfo->ssi_code == BUS_MCEERR_AO)) {
7282         uint16_t *ssi_addr_lsb = (uint16_t *)(&info->ssi_addr + 1);
7283         uint16_t *tssi_addr_lsb = (uint16_t *)(&tinfo->ssi_addr + 1);
7284         *tssi_addr_lsb = tswap16(*ssi_addr_lsb);
7285     }
7286 #endif
7287 
7288     tinfo->ssi_signo = tswap32(sig);
7289     tinfo->ssi_errno = tswap32(tinfo->ssi_errno);
7290     tinfo->ssi_code = tswap32(info->ssi_code);
7291     tinfo->ssi_pid = tswap32(info->ssi_pid);
7292     tinfo->ssi_uid = tswap32(info->ssi_uid);
7293     tinfo->ssi_fd = tswap32(info->ssi_fd);
7294     tinfo->ssi_tid = tswap32(info->ssi_tid);
7295     tinfo->ssi_band = tswap32(info->ssi_band);
7296     tinfo->ssi_overrun = tswap32(info->ssi_overrun);
7297     tinfo->ssi_trapno = tswap32(info->ssi_trapno);
7298     tinfo->ssi_status = tswap32(info->ssi_status);
7299     tinfo->ssi_int = tswap32(info->ssi_int);
7300     tinfo->ssi_ptr = tswap64(info->ssi_ptr);
7301     tinfo->ssi_utime = tswap64(info->ssi_utime);
7302     tinfo->ssi_stime = tswap64(info->ssi_stime);
7303     tinfo->ssi_addr = tswap64(info->ssi_addr);
7304 }
7305 
7306 static abi_long host_to_target_data_signalfd(void *buf, size_t len)
7307 {
7308     int i;
7309 
7310     for (i = 0; i < len; i += sizeof(struct signalfd_siginfo)) {
7311         host_to_target_signalfd_siginfo(buf + i, buf + i);
7312     }
7313 
7314     return len;
7315 }
7316 
7317 static TargetFdTrans target_signalfd_trans = {
7318     .host_to_target_data = host_to_target_data_signalfd,
7319 };
7320 
7321 static abi_long do_signalfd4(int fd, abi_long mask, int flags)
7322 {
7323     int host_flags;
7324     target_sigset_t *target_mask;
7325     sigset_t host_mask;
7326     abi_long ret;
7327 
7328     if (flags & ~(TARGET_O_NONBLOCK | TARGET_O_CLOEXEC)) {
7329         return -TARGET_EINVAL;
7330     }
7331     if (!lock_user_struct(VERIFY_READ, target_mask, mask, 1)) {
7332         return -TARGET_EFAULT;
7333     }
7334 
7335     target_to_host_sigset(&host_mask, target_mask);
7336 
7337     host_flags = target_to_host_bitmask(flags, fcntl_flags_tbl);
7338 
7339     ret = get_errno(signalfd(fd, &host_mask, host_flags));
7340     if (ret >= 0) {
7341         fd_trans_register(ret, &target_signalfd_trans);
7342     }
7343 
7344     unlock_user_struct(target_mask, mask, 0);
7345 
7346     return ret;
7347 }
7348 #endif
7349 
7350 /* Map host to target signal numbers for the wait family of syscalls.
7351    Assume all other status bits are the same.  */
7352 int host_to_target_waitstatus(int status)
7353 {
7354     if (WIFSIGNALED(status)) {
7355         return host_to_target_signal(WTERMSIG(status)) | (status & ~0x7f);
7356     }
7357     if (WIFSTOPPED(status)) {
7358         return (host_to_target_signal(WSTOPSIG(status)) << 8)
7359                | (status & 0xff);
7360     }
7361     return status;
7362 }
7363 
7364 static int open_self_cmdline(void *cpu_env, int fd)
7365 {
7366     CPUState *cpu = ENV_GET_CPU((CPUArchState *)cpu_env);
7367     struct linux_binprm *bprm = ((TaskState *)cpu->opaque)->bprm;
7368     int i;
7369 
7370     for (i = 0; i < bprm->argc; i++) {
7371         size_t len = strlen(bprm->argv[i]) + 1;
7372 
7373         if (write(fd, bprm->argv[i], len) != len) {
7374             return -1;
7375         }
7376     }
7377 
7378     return 0;
7379 }
7380 
7381 static int open_self_maps(void *cpu_env, int fd)
7382 {
7383     CPUState *cpu = ENV_GET_CPU((CPUArchState *)cpu_env);
7384     TaskState *ts = cpu->opaque;
7385     FILE *fp;
7386     char *line = NULL;
7387     size_t len = 0;
7388     ssize_t read;
7389 
7390     fp = fopen("/proc/self/maps", "r");
7391     if (fp == NULL) {
7392         return -1;
7393     }
7394 
7395     while ((read = getline(&line, &len, fp)) != -1) {
7396         int fields, dev_maj, dev_min, inode;
7397         uint64_t min, max, offset;
7398         char flag_r, flag_w, flag_x, flag_p;
7399         char path[512] = "";
7400         fields = sscanf(line, "%"PRIx64"-%"PRIx64" %c%c%c%c %"PRIx64" %x:%x %d"
7401                         " %512s", &min, &max, &flag_r, &flag_w, &flag_x,
7402                         &flag_p, &offset, &dev_maj, &dev_min, &inode, path);
7403 
7404         if ((fields < 10) || (fields > 11)) {
7405             continue;
7406         }
7407         if (h2g_valid(min)) {
7408             int flags = page_get_flags(h2g(min));
7409             max = h2g_valid(max - 1) ? max : (uintptr_t)g2h(GUEST_ADDR_MAX);
7410             if (page_check_range(h2g(min), max - min, flags) == -1) {
7411                 continue;
7412             }
7413             if (h2g(min) == ts->info->stack_limit) {
7414                 pstrcpy(path, sizeof(path), "      [stack]");
7415             }
7416             dprintf(fd, TARGET_ABI_FMT_lx "-" TARGET_ABI_FMT_lx
7417                     " %c%c%c%c %08" PRIx64 " %02x:%02x %d %s%s\n",
7418                     h2g(min), h2g(max - 1) + 1, flag_r, flag_w,
7419                     flag_x, flag_p, offset, dev_maj, dev_min, inode,
7420                     path[0] ? "         " : "", path);
7421         }
7422     }
7423 
7424     free(line);
7425     fclose(fp);
7426 
7427     return 0;
7428 }
7429 
7430 static int open_self_stat(void *cpu_env, int fd)
7431 {
7432     CPUState *cpu = ENV_GET_CPU((CPUArchState *)cpu_env);
7433     TaskState *ts = cpu->opaque;
7434     abi_ulong start_stack = ts->info->start_stack;
7435     int i;
7436 
7437     for (i = 0; i < 44; i++) {
7438       char buf[128];
7439       int len;
7440       uint64_t val = 0;
7441 
7442       if (i == 0) {
7443         /* pid */
7444         val = getpid();
7445         snprintf(buf, sizeof(buf), "%"PRId64 " ", val);
7446       } else if (i == 1) {
7447         /* app name */
7448         snprintf(buf, sizeof(buf), "(%s) ", ts->bprm->argv[0]);
7449       } else if (i == 27) {
7450         /* stack bottom */
7451         val = start_stack;
7452         snprintf(buf, sizeof(buf), "%"PRId64 " ", val);
7453       } else {
7454         /* for the rest, there is MasterCard */
7455         snprintf(buf, sizeof(buf), "0%c", i == 43 ? '\n' : ' ');
7456       }
7457 
7458       len = strlen(buf);
7459       if (write(fd, buf, len) != len) {
7460           return -1;
7461       }
7462     }
7463 
7464     return 0;
7465 }
7466 
7467 static int open_self_auxv(void *cpu_env, int fd)
7468 {
7469     CPUState *cpu = ENV_GET_CPU((CPUArchState *)cpu_env);
7470     TaskState *ts = cpu->opaque;
7471     abi_ulong auxv = ts->info->saved_auxv;
7472     abi_ulong len = ts->info->auxv_len;
7473     char *ptr;
7474 
7475     /*
7476      * Auxiliary vector is stored in target process stack.
7477      * read in whole auxv vector and copy it to file
7478      */
7479     ptr = lock_user(VERIFY_READ, auxv, len, 0);
7480     if (ptr != NULL) {
7481         while (len > 0) {
7482             ssize_t r;
7483             r = write(fd, ptr, len);
7484             if (r <= 0) {
7485                 break;
7486             }
7487             len -= r;
7488             ptr += r;
7489         }
7490         lseek(fd, 0, SEEK_SET);
7491         unlock_user(ptr, auxv, len);
7492     }
7493 
7494     return 0;
7495 }
7496 
7497 static int is_proc_myself(const char *filename, const char *entry)
7498 {
7499     if (!strncmp(filename, "/proc/", strlen("/proc/"))) {
7500         filename += strlen("/proc/");
7501         if (!strncmp(filename, "self/", strlen("self/"))) {
7502             filename += strlen("self/");
7503         } else if (*filename >= '1' && *filename <= '9') {
7504             char myself[80];
7505             snprintf(myself, sizeof(myself), "%d/", getpid());
7506             if (!strncmp(filename, myself, strlen(myself))) {
7507                 filename += strlen(myself);
7508             } else {
7509                 return 0;
7510             }
7511         } else {
7512             return 0;
7513         }
7514         if (!strcmp(filename, entry)) {
7515             return 1;
7516         }
7517     }
7518     return 0;
7519 }
7520 
7521 #if defined(HOST_WORDS_BIGENDIAN) != defined(TARGET_WORDS_BIGENDIAN)
7522 static int is_proc(const char *filename, const char *entry)
7523 {
7524     return strcmp(filename, entry) == 0;
7525 }
7526 
7527 static int open_net_route(void *cpu_env, int fd)
7528 {
7529     FILE *fp;
7530     char *line = NULL;
7531     size_t len = 0;
7532     ssize_t read;
7533 
7534     fp = fopen("/proc/net/route", "r");
7535     if (fp == NULL) {
7536         return -1;
7537     }
7538 
7539     /* read header */
7540 
7541     read = getline(&line, &len, fp);
7542     dprintf(fd, "%s", line);
7543 
7544     /* read routes */
7545 
7546     while ((read = getline(&line, &len, fp)) != -1) {
7547         char iface[16];
7548         uint32_t dest, gw, mask;
7549         unsigned int flags, refcnt, use, metric, mtu, window, irtt;
7550         sscanf(line, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n",
7551                      iface, &dest, &gw, &flags, &refcnt, &use, &metric,
7552                      &mask, &mtu, &window, &irtt);
7553         dprintf(fd, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n",
7554                 iface, tswap32(dest), tswap32(gw), flags, refcnt, use,
7555                 metric, tswap32(mask), mtu, window, irtt);
7556     }
7557 
7558     free(line);
7559     fclose(fp);
7560 
7561     return 0;
7562 }
7563 #endif
7564 
7565 static int do_openat(void *cpu_env, int dirfd, const char *pathname, int flags, mode_t mode)
7566 {
7567     struct fake_open {
7568         const char *filename;
7569         int (*fill)(void *cpu_env, int fd);
7570         int (*cmp)(const char *s1, const char *s2);
7571     };
7572     const struct fake_open *fake_open;
7573     static const struct fake_open fakes[] = {
7574         { "maps", open_self_maps, is_proc_myself },
7575         { "stat", open_self_stat, is_proc_myself },
7576         { "auxv", open_self_auxv, is_proc_myself },
7577         { "cmdline", open_self_cmdline, is_proc_myself },
7578 #if defined(HOST_WORDS_BIGENDIAN) != defined(TARGET_WORDS_BIGENDIAN)
7579         { "/proc/net/route", open_net_route, is_proc },
7580 #endif
7581         { NULL, NULL, NULL }
7582     };
7583 
7584     if (is_proc_myself(pathname, "exe")) {
7585         int execfd = qemu_getauxval(AT_EXECFD);
7586         return execfd ? execfd : safe_openat(dirfd, exec_path, flags, mode);
7587     }
7588 
7589     for (fake_open = fakes; fake_open->filename; fake_open++) {
7590         if (fake_open->cmp(pathname, fake_open->filename)) {
7591             break;
7592         }
7593     }
7594 
7595     if (fake_open->filename) {
7596         const char *tmpdir;
7597         char filename[PATH_MAX];
7598         int fd, r;
7599 
7600         /* create temporary file to map stat to */
7601         tmpdir = getenv("TMPDIR");
7602         if (!tmpdir)
7603             tmpdir = "/tmp";
7604         snprintf(filename, sizeof(filename), "%s/qemu-open.XXXXXX", tmpdir);
7605         fd = mkstemp(filename);
7606         if (fd < 0) {
7607             return fd;
7608         }
7609         unlink(filename);
7610 
7611         if ((r = fake_open->fill(cpu_env, fd))) {
7612             int e = errno;
7613             close(fd);
7614             errno = e;
7615             return r;
7616         }
7617         lseek(fd, 0, SEEK_SET);
7618 
7619         return fd;
7620     }
7621 
7622     return safe_openat(dirfd, path(pathname), flags, mode);
7623 }
7624 
7625 #define TIMER_MAGIC 0x0caf0000
7626 #define TIMER_MAGIC_MASK 0xffff0000
7627 
7628 /* Convert QEMU provided timer ID back to internal 16bit index format */
7629 static target_timer_t get_timer_id(abi_long arg)
7630 {
7631     target_timer_t timerid = arg;
7632 
7633     if ((timerid & TIMER_MAGIC_MASK) != TIMER_MAGIC) {
7634         return -TARGET_EINVAL;
7635     }
7636 
7637     timerid &= 0xffff;
7638 
7639     if (timerid >= ARRAY_SIZE(g_posix_timers)) {
7640         return -TARGET_EINVAL;
7641     }
7642 
7643     return timerid;
7644 }
7645 
7646 static abi_long swap_data_eventfd(void *buf, size_t len)
7647 {
7648     uint64_t *counter = buf;
7649     int i;
7650 
7651     if (len < sizeof(uint64_t)) {
7652         return -EINVAL;
7653     }
7654 
7655     for (i = 0; i < len; i += sizeof(uint64_t)) {
7656         *counter = tswap64(*counter);
7657         counter++;
7658     }
7659 
7660     return len;
7661 }
7662 
7663 static TargetFdTrans target_eventfd_trans = {
7664     .host_to_target_data = swap_data_eventfd,
7665     .target_to_host_data = swap_data_eventfd,
7666 };
7667 
7668 #if (defined(TARGET_NR_inotify_init) && defined(__NR_inotify_init)) || \
7669     (defined(CONFIG_INOTIFY1) && defined(TARGET_NR_inotify_init1) && \
7670      defined(__NR_inotify_init1))
7671 static abi_long host_to_target_data_inotify(void *buf, size_t len)
7672 {
7673     struct inotify_event *ev;
7674     int i;
7675     uint32_t name_len;
7676 
7677     for (i = 0; i < len; i += sizeof(struct inotify_event) + name_len) {
7678         ev = (struct inotify_event *)((char *)buf + i);
7679         name_len = ev->len;
7680 
7681         ev->wd = tswap32(ev->wd);
7682         ev->mask = tswap32(ev->mask);
7683         ev->cookie = tswap32(ev->cookie);
7684         ev->len = tswap32(name_len);
7685     }
7686 
7687     return len;
7688 }
7689 
7690 static TargetFdTrans target_inotify_trans = {
7691     .host_to_target_data = host_to_target_data_inotify,
7692 };
7693 #endif
7694 
7695 /* do_syscall() should always have a single exit point at the end so
7696    that actions, such as logging of syscall results, can be performed.
7697    All errnos that do_syscall() returns must be -TARGET_<errcode>. */
7698 abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
7699                     abi_long arg2, abi_long arg3, abi_long arg4,
7700                     abi_long arg5, abi_long arg6, abi_long arg7,
7701                     abi_long arg8)
7702 {
7703     CPUState *cpu = ENV_GET_CPU(cpu_env);
7704     abi_long ret;
7705     struct stat st;
7706     struct statfs stfs;
7707     void *p;
7708 
7709 #if defined(DEBUG_ERESTARTSYS)
7710     /* Debug-only code for exercising the syscall-restart code paths
7711      * in the per-architecture cpu main loops: restart every syscall
7712      * the guest makes once before letting it through.
7713      */
7714     {
7715         static int flag;
7716 
7717         flag = !flag;
7718         if (flag) {
7719             return -TARGET_ERESTARTSYS;
7720         }
7721     }
7722 #endif
7723 
7724 #ifdef DEBUG
7725     gemu_log("syscall %d", num);
7726 #endif
7727     trace_guest_user_syscall(cpu, num, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8);
7728     if(do_strace)
7729         print_syscall(num, arg1, arg2, arg3, arg4, arg5, arg6);
7730 
7731     switch(num) {
7732     case TARGET_NR_exit:
7733         /* In old applications this may be used to implement _exit(2).
7734            However in threaded applictions it is used for thread termination,
7735            and _exit_group is used for application termination.
7736            Do thread termination if we have more then one thread.  */
7737 
7738         if (block_signals()) {
7739             ret = -TARGET_ERESTARTSYS;
7740             break;
7741         }
7742 
7743         cpu_list_lock();
7744 
7745         if (CPU_NEXT(first_cpu)) {
7746             TaskState *ts;
7747 
7748             /* Remove the CPU from the list.  */
7749             QTAILQ_REMOVE(&cpus, cpu, node);
7750 
7751             cpu_list_unlock();
7752 
7753             ts = cpu->opaque;
7754             if (ts->child_tidptr) {
7755                 put_user_u32(0, ts->child_tidptr);
7756                 sys_futex(g2h(ts->child_tidptr), FUTEX_WAKE, INT_MAX,
7757                           NULL, NULL, 0);
7758             }
7759             thread_cpu = NULL;
7760             object_unref(OBJECT(cpu));
7761             g_free(ts);
7762             rcu_unregister_thread();
7763             pthread_exit(NULL);
7764         }
7765 
7766         cpu_list_unlock();
7767 #ifdef TARGET_GPROF
7768         _mcleanup();
7769 #endif
7770         gdb_exit(cpu_env, arg1);
7771         _exit(arg1);
7772         ret = 0; /* avoid warning */
7773         break;
7774     case TARGET_NR_read:
7775         if (arg3 == 0)
7776             ret = 0;
7777         else {
7778             if (!(p = lock_user(VERIFY_WRITE, arg2, arg3, 0)))
7779                 goto efault;
7780             ret = get_errno(safe_read(arg1, p, arg3));
7781             if (ret >= 0 &&
7782                 fd_trans_host_to_target_data(arg1)) {
7783                 ret = fd_trans_host_to_target_data(arg1)(p, ret);
7784             }
7785             unlock_user(p, arg2, ret);
7786         }
7787         break;
7788     case TARGET_NR_write:
7789         if (!(p = lock_user(VERIFY_READ, arg2, arg3, 1)))
7790             goto efault;
7791         if (fd_trans_target_to_host_data(arg1)) {
7792             void *copy = g_malloc(arg3);
7793             memcpy(copy, p, arg3);
7794             ret = fd_trans_target_to_host_data(arg1)(copy, arg3);
7795             if (ret >= 0) {
7796                 ret = get_errno(safe_write(arg1, copy, ret));
7797             }
7798             g_free(copy);
7799         } else {
7800             ret = get_errno(safe_write(arg1, p, arg3));
7801         }
7802         unlock_user(p, arg2, 0);
7803         break;
7804 #ifdef TARGET_NR_open
7805     case TARGET_NR_open:
7806         if (!(p = lock_user_string(arg1)))
7807             goto efault;
7808         ret = get_errno(do_openat(cpu_env, AT_FDCWD, p,
7809                                   target_to_host_bitmask(arg2, fcntl_flags_tbl),
7810                                   arg3));
7811         fd_trans_unregister(ret);
7812         unlock_user(p, arg1, 0);
7813         break;
7814 #endif
7815     case TARGET_NR_openat:
7816         if (!(p = lock_user_string(arg2)))
7817             goto efault;
7818         ret = get_errno(do_openat(cpu_env, arg1, p,
7819                                   target_to_host_bitmask(arg3, fcntl_flags_tbl),
7820                                   arg4));
7821         fd_trans_unregister(ret);
7822         unlock_user(p, arg2, 0);
7823         break;
7824 #if defined(TARGET_NR_name_to_handle_at) && defined(CONFIG_OPEN_BY_HANDLE)
7825     case TARGET_NR_name_to_handle_at:
7826         ret = do_name_to_handle_at(arg1, arg2, arg3, arg4, arg5);
7827         break;
7828 #endif
7829 #if defined(TARGET_NR_open_by_handle_at) && defined(CONFIG_OPEN_BY_HANDLE)
7830     case TARGET_NR_open_by_handle_at:
7831         ret = do_open_by_handle_at(arg1, arg2, arg3);
7832         fd_trans_unregister(ret);
7833         break;
7834 #endif
7835     case TARGET_NR_close:
7836         fd_trans_unregister(arg1);
7837         ret = get_errno(close(arg1));
7838         break;
7839     case TARGET_NR_brk:
7840         ret = do_brk(arg1);
7841         break;
7842 #ifdef TARGET_NR_fork
7843     case TARGET_NR_fork:
7844         ret = get_errno(do_fork(cpu_env, TARGET_SIGCHLD, 0, 0, 0, 0));
7845         break;
7846 #endif
7847 #ifdef TARGET_NR_waitpid
7848     case TARGET_NR_waitpid:
7849         {
7850             int status;
7851             ret = get_errno(safe_wait4(arg1, &status, arg3, 0));
7852             if (!is_error(ret) && arg2 && ret
7853                 && put_user_s32(host_to_target_waitstatus(status), arg2))
7854                 goto efault;
7855         }
7856         break;
7857 #endif
7858 #ifdef TARGET_NR_waitid
7859     case TARGET_NR_waitid:
7860         {
7861             siginfo_t info;
7862             info.si_pid = 0;
7863             ret = get_errno(safe_waitid(arg1, arg2, &info, arg4, NULL));
7864             if (!is_error(ret) && arg3 && info.si_pid != 0) {
7865                 if (!(p = lock_user(VERIFY_WRITE, arg3, sizeof(target_siginfo_t), 0)))
7866                     goto efault;
7867                 host_to_target_siginfo(p, &info);
7868                 unlock_user(p, arg3, sizeof(target_siginfo_t));
7869             }
7870         }
7871         break;
7872 #endif
7873 #ifdef TARGET_NR_creat /* not on alpha */
7874     case TARGET_NR_creat:
7875         if (!(p = lock_user_string(arg1)))
7876             goto efault;
7877         ret = get_errno(creat(p, arg2));
7878         fd_trans_unregister(ret);
7879         unlock_user(p, arg1, 0);
7880         break;
7881 #endif
7882 #ifdef TARGET_NR_link
7883     case TARGET_NR_link:
7884         {
7885             void * p2;
7886             p = lock_user_string(arg1);
7887             p2 = lock_user_string(arg2);
7888             if (!p || !p2)
7889                 ret = -TARGET_EFAULT;
7890             else
7891                 ret = get_errno(link(p, p2));
7892             unlock_user(p2, arg2, 0);
7893             unlock_user(p, arg1, 0);
7894         }
7895         break;
7896 #endif
7897 #if defined(TARGET_NR_linkat)
7898     case TARGET_NR_linkat:
7899         {
7900             void * p2 = NULL;
7901             if (!arg2 || !arg4)
7902                 goto efault;
7903             p  = lock_user_string(arg2);
7904             p2 = lock_user_string(arg4);
7905             if (!p || !p2)
7906                 ret = -TARGET_EFAULT;
7907             else
7908                 ret = get_errno(linkat(arg1, p, arg3, p2, arg5));
7909             unlock_user(p, arg2, 0);
7910             unlock_user(p2, arg4, 0);
7911         }
7912         break;
7913 #endif
7914 #ifdef TARGET_NR_unlink
7915     case TARGET_NR_unlink:
7916         if (!(p = lock_user_string(arg1)))
7917             goto efault;
7918         ret = get_errno(unlink(p));
7919         unlock_user(p, arg1, 0);
7920         break;
7921 #endif
7922 #if defined(TARGET_NR_unlinkat)
7923     case TARGET_NR_unlinkat:
7924         if (!(p = lock_user_string(arg2)))
7925             goto efault;
7926         ret = get_errno(unlinkat(arg1, p, arg3));
7927         unlock_user(p, arg2, 0);
7928         break;
7929 #endif
7930     case TARGET_NR_execve:
7931         {
7932             char **argp, **envp;
7933             int argc, envc;
7934             abi_ulong gp;
7935             abi_ulong guest_argp;
7936             abi_ulong guest_envp;
7937             abi_ulong addr;
7938             char **q;
7939             int total_size = 0;
7940 
7941             argc = 0;
7942             guest_argp = arg2;
7943             for (gp = guest_argp; gp; gp += sizeof(abi_ulong)) {
7944                 if (get_user_ual(addr, gp))
7945                     goto efault;
7946                 if (!addr)
7947                     break;
7948                 argc++;
7949             }
7950             envc = 0;
7951             guest_envp = arg3;
7952             for (gp = guest_envp; gp; gp += sizeof(abi_ulong)) {
7953                 if (get_user_ual(addr, gp))
7954                     goto efault;
7955                 if (!addr)
7956                     break;
7957                 envc++;
7958             }
7959 
7960             argp = g_new0(char *, argc + 1);
7961             envp = g_new0(char *, envc + 1);
7962 
7963             for (gp = guest_argp, q = argp; gp;
7964                   gp += sizeof(abi_ulong), q++) {
7965                 if (get_user_ual(addr, gp))
7966                     goto execve_efault;
7967                 if (!addr)
7968                     break;
7969                 if (!(*q = lock_user_string(addr)))
7970                     goto execve_efault;
7971                 total_size += strlen(*q) + 1;
7972             }
7973             *q = NULL;
7974 
7975             for (gp = guest_envp, q = envp; gp;
7976                   gp += sizeof(abi_ulong), q++) {
7977                 if (get_user_ual(addr, gp))
7978                     goto execve_efault;
7979                 if (!addr)
7980                     break;
7981                 if (!(*q = lock_user_string(addr)))
7982                     goto execve_efault;
7983                 total_size += strlen(*q) + 1;
7984             }
7985             *q = NULL;
7986 
7987             if (!(p = lock_user_string(arg1)))
7988                 goto execve_efault;
7989             /* Although execve() is not an interruptible syscall it is
7990              * a special case where we must use the safe_syscall wrapper:
7991              * if we allow a signal to happen before we make the host
7992              * syscall then we will 'lose' it, because at the point of
7993              * execve the process leaves QEMU's control. So we use the
7994              * safe syscall wrapper to ensure that we either take the
7995              * signal as a guest signal, or else it does not happen
7996              * before the execve completes and makes it the other
7997              * program's problem.
7998              */
7999             ret = get_errno(safe_execve(p, argp, envp));
8000             unlock_user(p, arg1, 0);
8001 
8002             goto execve_end;
8003 
8004         execve_efault:
8005             ret = -TARGET_EFAULT;
8006 
8007         execve_end:
8008             for (gp = guest_argp, q = argp; *q;
8009                   gp += sizeof(abi_ulong), q++) {
8010                 if (get_user_ual(addr, gp)
8011                     || !addr)
8012                     break;
8013                 unlock_user(*q, addr, 0);
8014             }
8015             for (gp = guest_envp, q = envp; *q;
8016                   gp += sizeof(abi_ulong), q++) {
8017                 if (get_user_ual(addr, gp)
8018                     || !addr)
8019                     break;
8020                 unlock_user(*q, addr, 0);
8021             }
8022 
8023             g_free(argp);
8024             g_free(envp);
8025         }
8026         break;
8027     case TARGET_NR_chdir:
8028         if (!(p = lock_user_string(arg1)))
8029             goto efault;
8030         ret = get_errno(chdir(p));
8031         unlock_user(p, arg1, 0);
8032         break;
8033 #ifdef TARGET_NR_time
8034     case TARGET_NR_time:
8035         {
8036             time_t host_time;
8037             ret = get_errno(time(&host_time));
8038             if (!is_error(ret)
8039                 && arg1
8040                 && put_user_sal(host_time, arg1))
8041                 goto efault;
8042         }
8043         break;
8044 #endif
8045 #ifdef TARGET_NR_mknod
8046     case TARGET_NR_mknod:
8047         if (!(p = lock_user_string(arg1)))
8048             goto efault;
8049         ret = get_errno(mknod(p, arg2, arg3));
8050         unlock_user(p, arg1, 0);
8051         break;
8052 #endif
8053 #if defined(TARGET_NR_mknodat)
8054     case TARGET_NR_mknodat:
8055         if (!(p = lock_user_string(arg2)))
8056             goto efault;
8057         ret = get_errno(mknodat(arg1, p, arg3, arg4));
8058         unlock_user(p, arg2, 0);
8059         break;
8060 #endif
8061 #ifdef TARGET_NR_chmod
8062     case TARGET_NR_chmod:
8063         if (!(p = lock_user_string(arg1)))
8064             goto efault;
8065         ret = get_errno(chmod(p, arg2));
8066         unlock_user(p, arg1, 0);
8067         break;
8068 #endif
8069 #ifdef TARGET_NR_break
8070     case TARGET_NR_break:
8071         goto unimplemented;
8072 #endif
8073 #ifdef TARGET_NR_oldstat
8074     case TARGET_NR_oldstat:
8075         goto unimplemented;
8076 #endif
8077     case TARGET_NR_lseek:
8078         ret = get_errno(lseek(arg1, arg2, arg3));
8079         break;
8080 #if defined(TARGET_NR_getxpid) && defined(TARGET_ALPHA)
8081     /* Alpha specific */
8082     case TARGET_NR_getxpid:
8083         ((CPUAlphaState *)cpu_env)->ir[IR_A4] = getppid();
8084         ret = get_errno(getpid());
8085         break;
8086 #endif
8087 #ifdef TARGET_NR_getpid
8088     case TARGET_NR_getpid:
8089         ret = get_errno(getpid());
8090         break;
8091 #endif
8092     case TARGET_NR_mount:
8093         {
8094             /* need to look at the data field */
8095             void *p2, *p3;
8096 
8097             if (arg1) {
8098                 p = lock_user_string(arg1);
8099                 if (!p) {
8100                     goto efault;
8101                 }
8102             } else {
8103                 p = NULL;
8104             }
8105 
8106             p2 = lock_user_string(arg2);
8107             if (!p2) {
8108                 if (arg1) {
8109                     unlock_user(p, arg1, 0);
8110                 }
8111                 goto efault;
8112             }
8113 
8114             if (arg3) {
8115                 p3 = lock_user_string(arg3);
8116                 if (!p3) {
8117                     if (arg1) {
8118                         unlock_user(p, arg1, 0);
8119                     }
8120                     unlock_user(p2, arg2, 0);
8121                     goto efault;
8122                 }
8123             } else {
8124                 p3 = NULL;
8125             }
8126 
8127             /* FIXME - arg5 should be locked, but it isn't clear how to
8128              * do that since it's not guaranteed to be a NULL-terminated
8129              * string.
8130              */
8131             if (!arg5) {
8132                 ret = mount(p, p2, p3, (unsigned long)arg4, NULL);
8133             } else {
8134                 ret = mount(p, p2, p3, (unsigned long)arg4, g2h(arg5));
8135             }
8136             ret = get_errno(ret);
8137 
8138             if (arg1) {
8139                 unlock_user(p, arg1, 0);
8140             }
8141             unlock_user(p2, arg2, 0);
8142             if (arg3) {
8143                 unlock_user(p3, arg3, 0);
8144             }
8145         }
8146         break;
8147 #ifdef TARGET_NR_umount
8148     case TARGET_NR_umount:
8149         if (!(p = lock_user_string(arg1)))
8150             goto efault;
8151         ret = get_errno(umount(p));
8152         unlock_user(p, arg1, 0);
8153         break;
8154 #endif
8155 #ifdef TARGET_NR_stime /* not on alpha */
8156     case TARGET_NR_stime:
8157         {
8158             time_t host_time;
8159             if (get_user_sal(host_time, arg1))
8160                 goto efault;
8161             ret = get_errno(stime(&host_time));
8162         }
8163         break;
8164 #endif
8165     case TARGET_NR_ptrace:
8166         goto unimplemented;
8167 #ifdef TARGET_NR_alarm /* not on alpha */
8168     case TARGET_NR_alarm:
8169         ret = alarm(arg1);
8170         break;
8171 #endif
8172 #ifdef TARGET_NR_oldfstat
8173     case TARGET_NR_oldfstat:
8174         goto unimplemented;
8175 #endif
8176 #ifdef TARGET_NR_pause /* not on alpha */
8177     case TARGET_NR_pause:
8178         if (!block_signals()) {
8179             sigsuspend(&((TaskState *)cpu->opaque)->signal_mask);
8180         }
8181         ret = -TARGET_EINTR;
8182         break;
8183 #endif
8184 #ifdef TARGET_NR_utime
8185     case TARGET_NR_utime:
8186         {
8187             struct utimbuf tbuf, *host_tbuf;
8188             struct target_utimbuf *target_tbuf;
8189             if (arg2) {
8190                 if (!lock_user_struct(VERIFY_READ, target_tbuf, arg2, 1))
8191                     goto efault;
8192                 tbuf.actime = tswapal(target_tbuf->actime);
8193                 tbuf.modtime = tswapal(target_tbuf->modtime);
8194                 unlock_user_struct(target_tbuf, arg2, 0);
8195                 host_tbuf = &tbuf;
8196             } else {
8197                 host_tbuf = NULL;
8198             }
8199             if (!(p = lock_user_string(arg1)))
8200                 goto efault;
8201             ret = get_errno(utime(p, host_tbuf));
8202             unlock_user(p, arg1, 0);
8203         }
8204         break;
8205 #endif
8206 #ifdef TARGET_NR_utimes
8207     case TARGET_NR_utimes:
8208         {
8209             struct timeval *tvp, tv[2];
8210             if (arg2) {
8211                 if (copy_from_user_timeval(&tv[0], arg2)
8212                     || copy_from_user_timeval(&tv[1],
8213                                               arg2 + sizeof(struct target_timeval)))
8214                     goto efault;
8215                 tvp = tv;
8216             } else {
8217                 tvp = NULL;
8218             }
8219             if (!(p = lock_user_string(arg1)))
8220                 goto efault;
8221             ret = get_errno(utimes(p, tvp));
8222             unlock_user(p, arg1, 0);
8223         }
8224         break;
8225 #endif
8226 #if defined(TARGET_NR_futimesat)
8227     case TARGET_NR_futimesat:
8228         {
8229             struct timeval *tvp, tv[2];
8230             if (arg3) {
8231                 if (copy_from_user_timeval(&tv[0], arg3)
8232                     || copy_from_user_timeval(&tv[1],
8233                                               arg3 + sizeof(struct target_timeval)))
8234                     goto efault;
8235                 tvp = tv;
8236             } else {
8237                 tvp = NULL;
8238             }
8239             if (!(p = lock_user_string(arg2)))
8240                 goto efault;
8241             ret = get_errno(futimesat(arg1, path(p), tvp));
8242             unlock_user(p, arg2, 0);
8243         }
8244         break;
8245 #endif
8246 #ifdef TARGET_NR_stty
8247     case TARGET_NR_stty:
8248         goto unimplemented;
8249 #endif
8250 #ifdef TARGET_NR_gtty
8251     case TARGET_NR_gtty:
8252         goto unimplemented;
8253 #endif
8254 #ifdef TARGET_NR_access
8255     case TARGET_NR_access:
8256         if (!(p = lock_user_string(arg1)))
8257             goto efault;
8258         ret = get_errno(access(path(p), arg2));
8259         unlock_user(p, arg1, 0);
8260         break;
8261 #endif
8262 #if defined(TARGET_NR_faccessat) && defined(__NR_faccessat)
8263     case TARGET_NR_faccessat:
8264         if (!(p = lock_user_string(arg2)))
8265             goto efault;
8266         ret = get_errno(faccessat(arg1, p, arg3, 0));
8267         unlock_user(p, arg2, 0);
8268         break;
8269 #endif
8270 #ifdef TARGET_NR_nice /* not on alpha */
8271     case TARGET_NR_nice:
8272         ret = get_errno(nice(arg1));
8273         break;
8274 #endif
8275 #ifdef TARGET_NR_ftime
8276     case TARGET_NR_ftime:
8277         goto unimplemented;
8278 #endif
8279     case TARGET_NR_sync:
8280         sync();
8281         ret = 0;
8282         break;
8283 #if defined(TARGET_NR_syncfs) && defined(CONFIG_SYNCFS)
8284     case TARGET_NR_syncfs:
8285         ret = get_errno(syncfs(arg1));
8286         break;
8287 #endif
8288     case TARGET_NR_kill:
8289         ret = get_errno(safe_kill(arg1, target_to_host_signal(arg2)));
8290         break;
8291 #ifdef TARGET_NR_rename
8292     case TARGET_NR_rename:
8293         {
8294             void *p2;
8295             p = lock_user_string(arg1);
8296             p2 = lock_user_string(arg2);
8297             if (!p || !p2)
8298                 ret = -TARGET_EFAULT;
8299             else
8300                 ret = get_errno(rename(p, p2));
8301             unlock_user(p2, arg2, 0);
8302             unlock_user(p, arg1, 0);
8303         }
8304         break;
8305 #endif
8306 #if defined(TARGET_NR_renameat)
8307     case TARGET_NR_renameat:
8308         {
8309             void *p2;
8310             p  = lock_user_string(arg2);
8311             p2 = lock_user_string(arg4);
8312             if (!p || !p2)
8313                 ret = -TARGET_EFAULT;
8314             else
8315                 ret = get_errno(renameat(arg1, p, arg3, p2));
8316             unlock_user(p2, arg4, 0);
8317             unlock_user(p, arg2, 0);
8318         }
8319         break;
8320 #endif
8321 #ifdef TARGET_NR_mkdir
8322     case TARGET_NR_mkdir:
8323         if (!(p = lock_user_string(arg1)))
8324             goto efault;
8325         ret = get_errno(mkdir(p, arg2));
8326         unlock_user(p, arg1, 0);
8327         break;
8328 #endif
8329 #if defined(TARGET_NR_mkdirat)
8330     case TARGET_NR_mkdirat:
8331         if (!(p = lock_user_string(arg2)))
8332             goto efault;
8333         ret = get_errno(mkdirat(arg1, p, arg3));
8334         unlock_user(p, arg2, 0);
8335         break;
8336 #endif
8337 #ifdef TARGET_NR_rmdir
8338     case TARGET_NR_rmdir:
8339         if (!(p = lock_user_string(arg1)))
8340             goto efault;
8341         ret = get_errno(rmdir(p));
8342         unlock_user(p, arg1, 0);
8343         break;
8344 #endif
8345     case TARGET_NR_dup:
8346         ret = get_errno(dup(arg1));
8347         if (ret >= 0) {
8348             fd_trans_dup(arg1, ret);
8349         }
8350         break;
8351 #ifdef TARGET_NR_pipe
8352     case TARGET_NR_pipe:
8353         ret = do_pipe(cpu_env, arg1, 0, 0);
8354         break;
8355 #endif
8356 #ifdef TARGET_NR_pipe2
8357     case TARGET_NR_pipe2:
8358         ret = do_pipe(cpu_env, arg1,
8359                       target_to_host_bitmask(arg2, fcntl_flags_tbl), 1);
8360         break;
8361 #endif
8362     case TARGET_NR_times:
8363         {
8364             struct target_tms *tmsp;
8365             struct tms tms;
8366             ret = get_errno(times(&tms));
8367             if (arg1) {
8368                 tmsp = lock_user(VERIFY_WRITE, arg1, sizeof(struct target_tms), 0);
8369                 if (!tmsp)
8370                     goto efault;
8371                 tmsp->tms_utime = tswapal(host_to_target_clock_t(tms.tms_utime));
8372                 tmsp->tms_stime = tswapal(host_to_target_clock_t(tms.tms_stime));
8373                 tmsp->tms_cutime = tswapal(host_to_target_clock_t(tms.tms_cutime));
8374                 tmsp->tms_cstime = tswapal(host_to_target_clock_t(tms.tms_cstime));
8375             }
8376             if (!is_error(ret))
8377                 ret = host_to_target_clock_t(ret);
8378         }
8379         break;
8380 #ifdef TARGET_NR_prof
8381     case TARGET_NR_prof:
8382         goto unimplemented;
8383 #endif
8384 #ifdef TARGET_NR_signal
8385     case TARGET_NR_signal:
8386         goto unimplemented;
8387 #endif
8388     case TARGET_NR_acct:
8389         if (arg1 == 0) {
8390             ret = get_errno(acct(NULL));
8391         } else {
8392             if (!(p = lock_user_string(arg1)))
8393                 goto efault;
8394             ret = get_errno(acct(path(p)));
8395             unlock_user(p, arg1, 0);
8396         }
8397         break;
8398 #ifdef TARGET_NR_umount2
8399     case TARGET_NR_umount2:
8400         if (!(p = lock_user_string(arg1)))
8401             goto efault;
8402         ret = get_errno(umount2(p, arg2));
8403         unlock_user(p, arg1, 0);
8404         break;
8405 #endif
8406 #ifdef TARGET_NR_lock
8407     case TARGET_NR_lock:
8408         goto unimplemented;
8409 #endif
8410     case TARGET_NR_ioctl:
8411         ret = do_ioctl(arg1, arg2, arg3);
8412         break;
8413     case TARGET_NR_fcntl:
8414         ret = do_fcntl(arg1, arg2, arg3);
8415         break;
8416 #ifdef TARGET_NR_mpx
8417     case TARGET_NR_mpx:
8418         goto unimplemented;
8419 #endif
8420     case TARGET_NR_setpgid:
8421         ret = get_errno(setpgid(arg1, arg2));
8422         break;
8423 #ifdef TARGET_NR_ulimit
8424     case TARGET_NR_ulimit:
8425         goto unimplemented;
8426 #endif
8427 #ifdef TARGET_NR_oldolduname
8428     case TARGET_NR_oldolduname:
8429         goto unimplemented;
8430 #endif
8431     case TARGET_NR_umask:
8432         ret = get_errno(umask(arg1));
8433         break;
8434     case TARGET_NR_chroot:
8435         if (!(p = lock_user_string(arg1)))
8436             goto efault;
8437         ret = get_errno(chroot(p));
8438         unlock_user(p, arg1, 0);
8439         break;
8440 #ifdef TARGET_NR_ustat
8441     case TARGET_NR_ustat:
8442         goto unimplemented;
8443 #endif
8444 #ifdef TARGET_NR_dup2
8445     case TARGET_NR_dup2:
8446         ret = get_errno(dup2(arg1, arg2));
8447         if (ret >= 0) {
8448             fd_trans_dup(arg1, arg2);
8449         }
8450         break;
8451 #endif
8452 #if defined(CONFIG_DUP3) && defined(TARGET_NR_dup3)
8453     case TARGET_NR_dup3:
8454         ret = get_errno(dup3(arg1, arg2, arg3));
8455         if (ret >= 0) {
8456             fd_trans_dup(arg1, arg2);
8457         }
8458         break;
8459 #endif
8460 #ifdef TARGET_NR_getppid /* not on alpha */
8461     case TARGET_NR_getppid:
8462         ret = get_errno(getppid());
8463         break;
8464 #endif
8465 #ifdef TARGET_NR_getpgrp
8466     case TARGET_NR_getpgrp:
8467         ret = get_errno(getpgrp());
8468         break;
8469 #endif
8470     case TARGET_NR_setsid:
8471         ret = get_errno(setsid());
8472         break;
8473 #ifdef TARGET_NR_sigaction
8474     case TARGET_NR_sigaction:
8475         {
8476 #if defined(TARGET_ALPHA)
8477             struct target_sigaction act, oact, *pact = 0;
8478             struct target_old_sigaction *old_act;
8479             if (arg2) {
8480                 if (!lock_user_struct(VERIFY_READ, old_act, arg2, 1))
8481                     goto efault;
8482                 act._sa_handler = old_act->_sa_handler;
8483                 target_siginitset(&act.sa_mask, old_act->sa_mask);
8484                 act.sa_flags = old_act->sa_flags;
8485                 act.sa_restorer = 0;
8486                 unlock_user_struct(old_act, arg2, 0);
8487                 pact = &act;
8488             }
8489             ret = get_errno(do_sigaction(arg1, pact, &oact));
8490             if (!is_error(ret) && arg3) {
8491                 if (!lock_user_struct(VERIFY_WRITE, old_act, arg3, 0))
8492                     goto efault;
8493                 old_act->_sa_handler = oact._sa_handler;
8494                 old_act->sa_mask = oact.sa_mask.sig[0];
8495                 old_act->sa_flags = oact.sa_flags;
8496                 unlock_user_struct(old_act, arg3, 1);
8497             }
8498 #elif defined(TARGET_MIPS)
8499 	    struct target_sigaction act, oact, *pact, *old_act;
8500 
8501 	    if (arg2) {
8502                 if (!lock_user_struct(VERIFY_READ, old_act, arg2, 1))
8503                     goto efault;
8504 		act._sa_handler = old_act->_sa_handler;
8505 		target_siginitset(&act.sa_mask, old_act->sa_mask.sig[0]);
8506 		act.sa_flags = old_act->sa_flags;
8507 		unlock_user_struct(old_act, arg2, 0);
8508 		pact = &act;
8509 	    } else {
8510 		pact = NULL;
8511 	    }
8512 
8513 	    ret = get_errno(do_sigaction(arg1, pact, &oact));
8514 
8515 	    if (!is_error(ret) && arg3) {
8516                 if (!lock_user_struct(VERIFY_WRITE, old_act, arg3, 0))
8517                     goto efault;
8518 		old_act->_sa_handler = oact._sa_handler;
8519 		old_act->sa_flags = oact.sa_flags;
8520 		old_act->sa_mask.sig[0] = oact.sa_mask.sig[0];
8521 		old_act->sa_mask.sig[1] = 0;
8522 		old_act->sa_mask.sig[2] = 0;
8523 		old_act->sa_mask.sig[3] = 0;
8524 		unlock_user_struct(old_act, arg3, 1);
8525 	    }
8526 #else
8527             struct target_old_sigaction *old_act;
8528             struct target_sigaction act, oact, *pact;
8529             if (arg2) {
8530                 if (!lock_user_struct(VERIFY_READ, old_act, arg2, 1))
8531                     goto efault;
8532                 act._sa_handler = old_act->_sa_handler;
8533                 target_siginitset(&act.sa_mask, old_act->sa_mask);
8534                 act.sa_flags = old_act->sa_flags;
8535                 act.sa_restorer = old_act->sa_restorer;
8536                 unlock_user_struct(old_act, arg2, 0);
8537                 pact = &act;
8538             } else {
8539                 pact = NULL;
8540             }
8541             ret = get_errno(do_sigaction(arg1, pact, &oact));
8542             if (!is_error(ret) && arg3) {
8543                 if (!lock_user_struct(VERIFY_WRITE, old_act, arg3, 0))
8544                     goto efault;
8545                 old_act->_sa_handler = oact._sa_handler;
8546                 old_act->sa_mask = oact.sa_mask.sig[0];
8547                 old_act->sa_flags = oact.sa_flags;
8548                 old_act->sa_restorer = oact.sa_restorer;
8549                 unlock_user_struct(old_act, arg3, 1);
8550             }
8551 #endif
8552         }
8553         break;
8554 #endif
8555     case TARGET_NR_rt_sigaction:
8556         {
8557 #if defined(TARGET_ALPHA)
8558             struct target_sigaction act, oact, *pact = 0;
8559             struct target_rt_sigaction *rt_act;
8560 
8561             if (arg4 != sizeof(target_sigset_t)) {
8562                 ret = -TARGET_EINVAL;
8563                 break;
8564             }
8565             if (arg2) {
8566                 if (!lock_user_struct(VERIFY_READ, rt_act, arg2, 1))
8567                     goto efault;
8568                 act._sa_handler = rt_act->_sa_handler;
8569                 act.sa_mask = rt_act->sa_mask;
8570                 act.sa_flags = rt_act->sa_flags;
8571                 act.sa_restorer = arg5;
8572                 unlock_user_struct(rt_act, arg2, 0);
8573                 pact = &act;
8574             }
8575             ret = get_errno(do_sigaction(arg1, pact, &oact));
8576             if (!is_error(ret) && arg3) {
8577                 if (!lock_user_struct(VERIFY_WRITE, rt_act, arg3, 0))
8578                     goto efault;
8579                 rt_act->_sa_handler = oact._sa_handler;
8580                 rt_act->sa_mask = oact.sa_mask;
8581                 rt_act->sa_flags = oact.sa_flags;
8582                 unlock_user_struct(rt_act, arg3, 1);
8583             }
8584 #else
8585             struct target_sigaction *act;
8586             struct target_sigaction *oact;
8587 
8588             if (arg4 != sizeof(target_sigset_t)) {
8589                 ret = -TARGET_EINVAL;
8590                 break;
8591             }
8592             if (arg2) {
8593                 if (!lock_user_struct(VERIFY_READ, act, arg2, 1))
8594                     goto efault;
8595             } else
8596                 act = NULL;
8597             if (arg3) {
8598                 if (!lock_user_struct(VERIFY_WRITE, oact, arg3, 0)) {
8599                     ret = -TARGET_EFAULT;
8600                     goto rt_sigaction_fail;
8601                 }
8602             } else
8603                 oact = NULL;
8604             ret = get_errno(do_sigaction(arg1, act, oact));
8605 	rt_sigaction_fail:
8606             if (act)
8607                 unlock_user_struct(act, arg2, 0);
8608             if (oact)
8609                 unlock_user_struct(oact, arg3, 1);
8610 #endif
8611         }
8612         break;
8613 #ifdef TARGET_NR_sgetmask /* not on alpha */
8614     case TARGET_NR_sgetmask:
8615         {
8616             sigset_t cur_set;
8617             abi_ulong target_set;
8618             ret = do_sigprocmask(0, NULL, &cur_set);
8619             if (!ret) {
8620                 host_to_target_old_sigset(&target_set, &cur_set);
8621                 ret = target_set;
8622             }
8623         }
8624         break;
8625 #endif
8626 #ifdef TARGET_NR_ssetmask /* not on alpha */
8627     case TARGET_NR_ssetmask:
8628         {
8629             sigset_t set, oset;
8630             abi_ulong target_set = arg1;
8631             target_to_host_old_sigset(&set, &target_set);
8632             ret = do_sigprocmask(SIG_SETMASK, &set, &oset);
8633             if (!ret) {
8634                 host_to_target_old_sigset(&target_set, &oset);
8635                 ret = target_set;
8636             }
8637         }
8638         break;
8639 #endif
8640 #ifdef TARGET_NR_sigprocmask
8641     case TARGET_NR_sigprocmask:
8642         {
8643 #if defined(TARGET_ALPHA)
8644             sigset_t set, oldset;
8645             abi_ulong mask;
8646             int how;
8647 
8648             switch (arg1) {
8649             case TARGET_SIG_BLOCK:
8650                 how = SIG_BLOCK;
8651                 break;
8652             case TARGET_SIG_UNBLOCK:
8653                 how = SIG_UNBLOCK;
8654                 break;
8655             case TARGET_SIG_SETMASK:
8656                 how = SIG_SETMASK;
8657                 break;
8658             default:
8659                 ret = -TARGET_EINVAL;
8660                 goto fail;
8661             }
8662             mask = arg2;
8663             target_to_host_old_sigset(&set, &mask);
8664 
8665             ret = do_sigprocmask(how, &set, &oldset);
8666             if (!is_error(ret)) {
8667                 host_to_target_old_sigset(&mask, &oldset);
8668                 ret = mask;
8669                 ((CPUAlphaState *)cpu_env)->ir[IR_V0] = 0; /* force no error */
8670             }
8671 #else
8672             sigset_t set, oldset, *set_ptr;
8673             int how;
8674 
8675             if (arg2) {
8676                 switch (arg1) {
8677                 case TARGET_SIG_BLOCK:
8678                     how = SIG_BLOCK;
8679                     break;
8680                 case TARGET_SIG_UNBLOCK:
8681                     how = SIG_UNBLOCK;
8682                     break;
8683                 case TARGET_SIG_SETMASK:
8684                     how = SIG_SETMASK;
8685                     break;
8686                 default:
8687                     ret = -TARGET_EINVAL;
8688                     goto fail;
8689                 }
8690                 if (!(p = lock_user(VERIFY_READ, arg2, sizeof(target_sigset_t), 1)))
8691                     goto efault;
8692                 target_to_host_old_sigset(&set, p);
8693                 unlock_user(p, arg2, 0);
8694                 set_ptr = &set;
8695             } else {
8696                 how = 0;
8697                 set_ptr = NULL;
8698             }
8699             ret = do_sigprocmask(how, set_ptr, &oldset);
8700             if (!is_error(ret) && arg3) {
8701                 if (!(p = lock_user(VERIFY_WRITE, arg3, sizeof(target_sigset_t), 0)))
8702                     goto efault;
8703                 host_to_target_old_sigset(p, &oldset);
8704                 unlock_user(p, arg3, sizeof(target_sigset_t));
8705             }
8706 #endif
8707         }
8708         break;
8709 #endif
8710     case TARGET_NR_rt_sigprocmask:
8711         {
8712             int how = arg1;
8713             sigset_t set, oldset, *set_ptr;
8714 
8715             if (arg4 != sizeof(target_sigset_t)) {
8716                 ret = -TARGET_EINVAL;
8717                 break;
8718             }
8719 
8720             if (arg2) {
8721                 switch(how) {
8722                 case TARGET_SIG_BLOCK:
8723                     how = SIG_BLOCK;
8724                     break;
8725                 case TARGET_SIG_UNBLOCK:
8726                     how = SIG_UNBLOCK;
8727                     break;
8728                 case TARGET_SIG_SETMASK:
8729                     how = SIG_SETMASK;
8730                     break;
8731                 default:
8732                     ret = -TARGET_EINVAL;
8733                     goto fail;
8734                 }
8735                 if (!(p = lock_user(VERIFY_READ, arg2, sizeof(target_sigset_t), 1)))
8736                     goto efault;
8737                 target_to_host_sigset(&set, p);
8738                 unlock_user(p, arg2, 0);
8739                 set_ptr = &set;
8740             } else {
8741                 how = 0;
8742                 set_ptr = NULL;
8743             }
8744             ret = do_sigprocmask(how, set_ptr, &oldset);
8745             if (!is_error(ret) && arg3) {
8746                 if (!(p = lock_user(VERIFY_WRITE, arg3, sizeof(target_sigset_t), 0)))
8747                     goto efault;
8748                 host_to_target_sigset(p, &oldset);
8749                 unlock_user(p, arg3, sizeof(target_sigset_t));
8750             }
8751         }
8752         break;
8753 #ifdef TARGET_NR_sigpending
8754     case TARGET_NR_sigpending:
8755         {
8756             sigset_t set;
8757             ret = get_errno(sigpending(&set));
8758             if (!is_error(ret)) {
8759                 if (!(p = lock_user(VERIFY_WRITE, arg1, sizeof(target_sigset_t), 0)))
8760                     goto efault;
8761                 host_to_target_old_sigset(p, &set);
8762                 unlock_user(p, arg1, sizeof(target_sigset_t));
8763             }
8764         }
8765         break;
8766 #endif
8767     case TARGET_NR_rt_sigpending:
8768         {
8769             sigset_t set;
8770 
8771             /* Yes, this check is >, not != like most. We follow the kernel's
8772              * logic and it does it like this because it implements
8773              * NR_sigpending through the same code path, and in that case
8774              * the old_sigset_t is smaller in size.
8775              */
8776             if (arg2 > sizeof(target_sigset_t)) {
8777                 ret = -TARGET_EINVAL;
8778                 break;
8779             }
8780 
8781             ret = get_errno(sigpending(&set));
8782             if (!is_error(ret)) {
8783                 if (!(p = lock_user(VERIFY_WRITE, arg1, sizeof(target_sigset_t), 0)))
8784                     goto efault;
8785                 host_to_target_sigset(p, &set);
8786                 unlock_user(p, arg1, sizeof(target_sigset_t));
8787             }
8788         }
8789         break;
8790 #ifdef TARGET_NR_sigsuspend
8791     case TARGET_NR_sigsuspend:
8792         {
8793             TaskState *ts = cpu->opaque;
8794 #if defined(TARGET_ALPHA)
8795             abi_ulong mask = arg1;
8796             target_to_host_old_sigset(&ts->sigsuspend_mask, &mask);
8797 #else
8798             if (!(p = lock_user(VERIFY_READ, arg1, sizeof(target_sigset_t), 1)))
8799                 goto efault;
8800             target_to_host_old_sigset(&ts->sigsuspend_mask, p);
8801             unlock_user(p, arg1, 0);
8802 #endif
8803             ret = get_errno(safe_rt_sigsuspend(&ts->sigsuspend_mask,
8804                                                SIGSET_T_SIZE));
8805             if (ret != -TARGET_ERESTARTSYS) {
8806                 ts->in_sigsuspend = 1;
8807             }
8808         }
8809         break;
8810 #endif
8811     case TARGET_NR_rt_sigsuspend:
8812         {
8813             TaskState *ts = cpu->opaque;
8814 
8815             if (arg2 != sizeof(target_sigset_t)) {
8816                 ret = -TARGET_EINVAL;
8817                 break;
8818             }
8819             if (!(p = lock_user(VERIFY_READ, arg1, sizeof(target_sigset_t), 1)))
8820                 goto efault;
8821             target_to_host_sigset(&ts->sigsuspend_mask, p);
8822             unlock_user(p, arg1, 0);
8823             ret = get_errno(safe_rt_sigsuspend(&ts->sigsuspend_mask,
8824                                                SIGSET_T_SIZE));
8825             if (ret != -TARGET_ERESTARTSYS) {
8826                 ts->in_sigsuspend = 1;
8827             }
8828         }
8829         break;
8830     case TARGET_NR_rt_sigtimedwait:
8831         {
8832             sigset_t set;
8833             struct timespec uts, *puts;
8834             siginfo_t uinfo;
8835 
8836             if (arg4 != sizeof(target_sigset_t)) {
8837                 ret = -TARGET_EINVAL;
8838                 break;
8839             }
8840 
8841             if (!(p = lock_user(VERIFY_READ, arg1, sizeof(target_sigset_t), 1)))
8842                 goto efault;
8843             target_to_host_sigset(&set, p);
8844             unlock_user(p, arg1, 0);
8845             if (arg3) {
8846                 puts = &uts;
8847                 target_to_host_timespec(puts, arg3);
8848             } else {
8849                 puts = NULL;
8850             }
8851             ret = get_errno(safe_rt_sigtimedwait(&set, &uinfo, puts,
8852                                                  SIGSET_T_SIZE));
8853             if (!is_error(ret)) {
8854                 if (arg2) {
8855                     p = lock_user(VERIFY_WRITE, arg2, sizeof(target_siginfo_t),
8856                                   0);
8857                     if (!p) {
8858                         goto efault;
8859                     }
8860                     host_to_target_siginfo(p, &uinfo);
8861                     unlock_user(p, arg2, sizeof(target_siginfo_t));
8862                 }
8863                 ret = host_to_target_signal(ret);
8864             }
8865         }
8866         break;
8867     case TARGET_NR_rt_sigqueueinfo:
8868         {
8869             siginfo_t uinfo;
8870 
8871             p = lock_user(VERIFY_READ, arg3, sizeof(target_siginfo_t), 1);
8872             if (!p) {
8873                 goto efault;
8874             }
8875             target_to_host_siginfo(&uinfo, p);
8876             unlock_user(p, arg3, 0);
8877             ret = get_errno(sys_rt_sigqueueinfo(arg1, arg2, &uinfo));
8878         }
8879         break;
8880     case TARGET_NR_rt_tgsigqueueinfo:
8881         {
8882             siginfo_t uinfo;
8883 
8884             p = lock_user(VERIFY_READ, arg4, sizeof(target_siginfo_t), 1);
8885             if (!p) {
8886                 goto efault;
8887             }
8888             target_to_host_siginfo(&uinfo, p);
8889             unlock_user(p, arg4, 0);
8890             ret = get_errno(sys_rt_tgsigqueueinfo(arg1, arg2, arg3, &uinfo));
8891         }
8892         break;
8893 #ifdef TARGET_NR_sigreturn
8894     case TARGET_NR_sigreturn:
8895         if (block_signals()) {
8896             ret = -TARGET_ERESTARTSYS;
8897         } else {
8898             ret = do_sigreturn(cpu_env);
8899         }
8900         break;
8901 #endif
8902     case TARGET_NR_rt_sigreturn:
8903         if (block_signals()) {
8904             ret = -TARGET_ERESTARTSYS;
8905         } else {
8906             ret = do_rt_sigreturn(cpu_env);
8907         }
8908         break;
8909     case TARGET_NR_sethostname:
8910         if (!(p = lock_user_string(arg1)))
8911             goto efault;
8912         ret = get_errno(sethostname(p, arg2));
8913         unlock_user(p, arg1, 0);
8914         break;
8915     case TARGET_NR_setrlimit:
8916         {
8917             int resource = target_to_host_resource(arg1);
8918             struct target_rlimit *target_rlim;
8919             struct rlimit rlim;
8920             if (!lock_user_struct(VERIFY_READ, target_rlim, arg2, 1))
8921                 goto efault;
8922             rlim.rlim_cur = target_to_host_rlim(target_rlim->rlim_cur);
8923             rlim.rlim_max = target_to_host_rlim(target_rlim->rlim_max);
8924             unlock_user_struct(target_rlim, arg2, 0);
8925             ret = get_errno(setrlimit(resource, &rlim));
8926         }
8927         break;
8928     case TARGET_NR_getrlimit:
8929         {
8930             int resource = target_to_host_resource(arg1);
8931             struct target_rlimit *target_rlim;
8932             struct rlimit rlim;
8933 
8934             ret = get_errno(getrlimit(resource, &rlim));
8935             if (!is_error(ret)) {
8936                 if (!lock_user_struct(VERIFY_WRITE, target_rlim, arg2, 0))
8937                     goto efault;
8938                 target_rlim->rlim_cur = host_to_target_rlim(rlim.rlim_cur);
8939                 target_rlim->rlim_max = host_to_target_rlim(rlim.rlim_max);
8940                 unlock_user_struct(target_rlim, arg2, 1);
8941             }
8942         }
8943         break;
8944     case TARGET_NR_getrusage:
8945         {
8946             struct rusage rusage;
8947             ret = get_errno(getrusage(arg1, &rusage));
8948             if (!is_error(ret)) {
8949                 ret = host_to_target_rusage(arg2, &rusage);
8950             }
8951         }
8952         break;
8953     case TARGET_NR_gettimeofday:
8954         {
8955             struct timeval tv;
8956             ret = get_errno(gettimeofday(&tv, NULL));
8957             if (!is_error(ret)) {
8958                 if (copy_to_user_timeval(arg1, &tv))
8959                     goto efault;
8960             }
8961         }
8962         break;
8963     case TARGET_NR_settimeofday:
8964         {
8965             struct timeval tv, *ptv = NULL;
8966             struct timezone tz, *ptz = NULL;
8967 
8968             if (arg1) {
8969                 if (copy_from_user_timeval(&tv, arg1)) {
8970                     goto efault;
8971                 }
8972                 ptv = &tv;
8973             }
8974 
8975             if (arg2) {
8976                 if (copy_from_user_timezone(&tz, arg2)) {
8977                     goto efault;
8978                 }
8979                 ptz = &tz;
8980             }
8981 
8982             ret = get_errno(settimeofday(ptv, ptz));
8983         }
8984         break;
8985 #if defined(TARGET_NR_select)
8986     case TARGET_NR_select:
8987 #if defined(TARGET_WANT_NI_OLD_SELECT)
8988         /* some architectures used to have old_select here
8989          * but now ENOSYS it.
8990          */
8991         ret = -TARGET_ENOSYS;
8992 #elif defined(TARGET_WANT_OLD_SYS_SELECT)
8993         ret = do_old_select(arg1);
8994 #else
8995         ret = do_select(arg1, arg2, arg3, arg4, arg5);
8996 #endif
8997         break;
8998 #endif
8999 #ifdef TARGET_NR_pselect6
9000     case TARGET_NR_pselect6:
9001         {
9002             abi_long rfd_addr, wfd_addr, efd_addr, n, ts_addr;
9003             fd_set rfds, wfds, efds;
9004             fd_set *rfds_ptr, *wfds_ptr, *efds_ptr;
9005             struct timespec ts, *ts_ptr;
9006 
9007             /*
9008              * The 6th arg is actually two args smashed together,
9009              * so we cannot use the C library.
9010              */
9011             sigset_t set;
9012             struct {
9013                 sigset_t *set;
9014                 size_t size;
9015             } sig, *sig_ptr;
9016 
9017             abi_ulong arg_sigset, arg_sigsize, *arg7;
9018             target_sigset_t *target_sigset;
9019 
9020             n = arg1;
9021             rfd_addr = arg2;
9022             wfd_addr = arg3;
9023             efd_addr = arg4;
9024             ts_addr = arg5;
9025 
9026             ret = copy_from_user_fdset_ptr(&rfds, &rfds_ptr, rfd_addr, n);
9027             if (ret) {
9028                 goto fail;
9029             }
9030             ret = copy_from_user_fdset_ptr(&wfds, &wfds_ptr, wfd_addr, n);
9031             if (ret) {
9032                 goto fail;
9033             }
9034             ret = copy_from_user_fdset_ptr(&efds, &efds_ptr, efd_addr, n);
9035             if (ret) {
9036                 goto fail;
9037             }
9038 
9039             /*
9040              * This takes a timespec, and not a timeval, so we cannot
9041              * use the do_select() helper ...
9042              */
9043             if (ts_addr) {
9044                 if (target_to_host_timespec(&ts, ts_addr)) {
9045                     goto efault;
9046                 }
9047                 ts_ptr = &ts;
9048             } else {
9049                 ts_ptr = NULL;
9050             }
9051 
9052             /* Extract the two packed args for the sigset */
9053             if (arg6) {
9054                 sig_ptr = &sig;
9055                 sig.size = SIGSET_T_SIZE;
9056 
9057                 arg7 = lock_user(VERIFY_READ, arg6, sizeof(*arg7) * 2, 1);
9058                 if (!arg7) {
9059                     goto efault;
9060                 }
9061                 arg_sigset = tswapal(arg7[0]);
9062                 arg_sigsize = tswapal(arg7[1]);
9063                 unlock_user(arg7, arg6, 0);
9064 
9065                 if (arg_sigset) {
9066                     sig.set = &set;
9067                     if (arg_sigsize != sizeof(*target_sigset)) {
9068                         /* Like the kernel, we enforce correct size sigsets */
9069                         ret = -TARGET_EINVAL;
9070                         goto fail;
9071                     }
9072                     target_sigset = lock_user(VERIFY_READ, arg_sigset,
9073                                               sizeof(*target_sigset), 1);
9074                     if (!target_sigset) {
9075                         goto efault;
9076                     }
9077                     target_to_host_sigset(&set, target_sigset);
9078                     unlock_user(target_sigset, arg_sigset, 0);
9079                 } else {
9080                     sig.set = NULL;
9081                 }
9082             } else {
9083                 sig_ptr = NULL;
9084             }
9085 
9086             ret = get_errno(safe_pselect6(n, rfds_ptr, wfds_ptr, efds_ptr,
9087                                           ts_ptr, sig_ptr));
9088 
9089             if (!is_error(ret)) {
9090                 if (rfd_addr && copy_to_user_fdset(rfd_addr, &rfds, n))
9091                     goto efault;
9092                 if (wfd_addr && copy_to_user_fdset(wfd_addr, &wfds, n))
9093                     goto efault;
9094                 if (efd_addr && copy_to_user_fdset(efd_addr, &efds, n))
9095                     goto efault;
9096 
9097                 if (ts_addr && host_to_target_timespec(ts_addr, &ts))
9098                     goto efault;
9099             }
9100         }
9101         break;
9102 #endif
9103 #ifdef TARGET_NR_symlink
9104     case TARGET_NR_symlink:
9105         {
9106             void *p2;
9107             p = lock_user_string(arg1);
9108             p2 = lock_user_string(arg2);
9109             if (!p || !p2)
9110                 ret = -TARGET_EFAULT;
9111             else
9112                 ret = get_errno(symlink(p, p2));
9113             unlock_user(p2, arg2, 0);
9114             unlock_user(p, arg1, 0);
9115         }
9116         break;
9117 #endif
9118 #if defined(TARGET_NR_symlinkat)
9119     case TARGET_NR_symlinkat:
9120         {
9121             void *p2;
9122             p  = lock_user_string(arg1);
9123             p2 = lock_user_string(arg3);
9124             if (!p || !p2)
9125                 ret = -TARGET_EFAULT;
9126             else
9127                 ret = get_errno(symlinkat(p, arg2, p2));
9128             unlock_user(p2, arg3, 0);
9129             unlock_user(p, arg1, 0);
9130         }
9131         break;
9132 #endif
9133 #ifdef TARGET_NR_oldlstat
9134     case TARGET_NR_oldlstat:
9135         goto unimplemented;
9136 #endif
9137 #ifdef TARGET_NR_readlink
9138     case TARGET_NR_readlink:
9139         {
9140             void *p2;
9141             p = lock_user_string(arg1);
9142             p2 = lock_user(VERIFY_WRITE, arg2, arg3, 0);
9143             if (!p || !p2) {
9144                 ret = -TARGET_EFAULT;
9145             } else if (!arg3) {
9146                 /* Short circuit this for the magic exe check. */
9147                 ret = -TARGET_EINVAL;
9148             } else if (is_proc_myself((const char *)p, "exe")) {
9149                 char real[PATH_MAX], *temp;
9150                 temp = realpath(exec_path, real);
9151                 /* Return value is # of bytes that we wrote to the buffer. */
9152                 if (temp == NULL) {
9153                     ret = get_errno(-1);
9154                 } else {
9155                     /* Don't worry about sign mismatch as earlier mapping
9156                      * logic would have thrown a bad address error. */
9157                     ret = MIN(strlen(real), arg3);
9158                     /* We cannot NUL terminate the string. */
9159                     memcpy(p2, real, ret);
9160                 }
9161             } else {
9162                 ret = get_errno(readlink(path(p), p2, arg3));
9163             }
9164             unlock_user(p2, arg2, ret);
9165             unlock_user(p, arg1, 0);
9166         }
9167         break;
9168 #endif
9169 #if defined(TARGET_NR_readlinkat)
9170     case TARGET_NR_readlinkat:
9171         {
9172             void *p2;
9173             p  = lock_user_string(arg2);
9174             p2 = lock_user(VERIFY_WRITE, arg3, arg4, 0);
9175             if (!p || !p2) {
9176                 ret = -TARGET_EFAULT;
9177             } else if (is_proc_myself((const char *)p, "exe")) {
9178                 char real[PATH_MAX], *temp;
9179                 temp = realpath(exec_path, real);
9180                 ret = temp == NULL ? get_errno(-1) : strlen(real) ;
9181                 snprintf((char *)p2, arg4, "%s", real);
9182             } else {
9183                 ret = get_errno(readlinkat(arg1, path(p), p2, arg4));
9184             }
9185             unlock_user(p2, arg3, ret);
9186             unlock_user(p, arg2, 0);
9187         }
9188         break;
9189 #endif
9190 #ifdef TARGET_NR_uselib
9191     case TARGET_NR_uselib:
9192         goto unimplemented;
9193 #endif
9194 #ifdef TARGET_NR_swapon
9195     case TARGET_NR_swapon:
9196         if (!(p = lock_user_string(arg1)))
9197             goto efault;
9198         ret = get_errno(swapon(p, arg2));
9199         unlock_user(p, arg1, 0);
9200         break;
9201 #endif
9202     case TARGET_NR_reboot:
9203         if (arg3 == LINUX_REBOOT_CMD_RESTART2) {
9204            /* arg4 must be ignored in all other cases */
9205            p = lock_user_string(arg4);
9206            if (!p) {
9207               goto efault;
9208            }
9209            ret = get_errno(reboot(arg1, arg2, arg3, p));
9210            unlock_user(p, arg4, 0);
9211         } else {
9212            ret = get_errno(reboot(arg1, arg2, arg3, NULL));
9213         }
9214         break;
9215 #ifdef TARGET_NR_readdir
9216     case TARGET_NR_readdir:
9217         goto unimplemented;
9218 #endif
9219 #ifdef TARGET_NR_mmap
9220     case TARGET_NR_mmap:
9221 #if (defined(TARGET_I386) && defined(TARGET_ABI32)) || \
9222     (defined(TARGET_ARM) && defined(TARGET_ABI32)) || \
9223     defined(TARGET_M68K) || defined(TARGET_CRIS) || defined(TARGET_MICROBLAZE) \
9224     || defined(TARGET_S390X)
9225         {
9226             abi_ulong *v;
9227             abi_ulong v1, v2, v3, v4, v5, v6;
9228             if (!(v = lock_user(VERIFY_READ, arg1, 6 * sizeof(abi_ulong), 1)))
9229                 goto efault;
9230             v1 = tswapal(v[0]);
9231             v2 = tswapal(v[1]);
9232             v3 = tswapal(v[2]);
9233             v4 = tswapal(v[3]);
9234             v5 = tswapal(v[4]);
9235             v6 = tswapal(v[5]);
9236             unlock_user(v, arg1, 0);
9237             ret = get_errno(target_mmap(v1, v2, v3,
9238                                         target_to_host_bitmask(v4, mmap_flags_tbl),
9239                                         v5, v6));
9240         }
9241 #else
9242         ret = get_errno(target_mmap(arg1, arg2, arg3,
9243                                     target_to_host_bitmask(arg4, mmap_flags_tbl),
9244                                     arg5,
9245                                     arg6));
9246 #endif
9247         break;
9248 #endif
9249 #ifdef TARGET_NR_mmap2
9250     case TARGET_NR_mmap2:
9251 #ifndef MMAP_SHIFT
9252 #define MMAP_SHIFT 12
9253 #endif
9254         ret = get_errno(target_mmap(arg1, arg2, arg3,
9255                                     target_to_host_bitmask(arg4, mmap_flags_tbl),
9256                                     arg5,
9257                                     arg6 << MMAP_SHIFT));
9258         break;
9259 #endif
9260     case TARGET_NR_munmap:
9261         ret = get_errno(target_munmap(arg1, arg2));
9262         break;
9263     case TARGET_NR_mprotect:
9264         {
9265             TaskState *ts = cpu->opaque;
9266             /* Special hack to detect libc making the stack executable.  */
9267             if ((arg3 & PROT_GROWSDOWN)
9268                 && arg1 >= ts->info->stack_limit
9269                 && arg1 <= ts->info->start_stack) {
9270                 arg3 &= ~PROT_GROWSDOWN;
9271                 arg2 = arg2 + arg1 - ts->info->stack_limit;
9272                 arg1 = ts->info->stack_limit;
9273             }
9274         }
9275         ret = get_errno(target_mprotect(arg1, arg2, arg3));
9276         break;
9277 #ifdef TARGET_NR_mremap
9278     case TARGET_NR_mremap:
9279         ret = get_errno(target_mremap(arg1, arg2, arg3, arg4, arg5));
9280         break;
9281 #endif
9282         /* ??? msync/mlock/munlock are broken for softmmu.  */
9283 #ifdef TARGET_NR_msync
9284     case TARGET_NR_msync:
9285         ret = get_errno(msync(g2h(arg1), arg2, arg3));
9286         break;
9287 #endif
9288 #ifdef TARGET_NR_mlock
9289     case TARGET_NR_mlock:
9290         ret = get_errno(mlock(g2h(arg1), arg2));
9291         break;
9292 #endif
9293 #ifdef TARGET_NR_munlock
9294     case TARGET_NR_munlock:
9295         ret = get_errno(munlock(g2h(arg1), arg2));
9296         break;
9297 #endif
9298 #ifdef TARGET_NR_mlockall
9299     case TARGET_NR_mlockall:
9300         ret = get_errno(mlockall(target_to_host_mlockall_arg(arg1)));
9301         break;
9302 #endif
9303 #ifdef TARGET_NR_munlockall
9304     case TARGET_NR_munlockall:
9305         ret = get_errno(munlockall());
9306         break;
9307 #endif
9308     case TARGET_NR_truncate:
9309         if (!(p = lock_user_string(arg1)))
9310             goto efault;
9311         ret = get_errno(truncate(p, arg2));
9312         unlock_user(p, arg1, 0);
9313         break;
9314     case TARGET_NR_ftruncate:
9315         ret = get_errno(ftruncate(arg1, arg2));
9316         break;
9317     case TARGET_NR_fchmod:
9318         ret = get_errno(fchmod(arg1, arg2));
9319         break;
9320 #if defined(TARGET_NR_fchmodat)
9321     case TARGET_NR_fchmodat:
9322         if (!(p = lock_user_string(arg2)))
9323             goto efault;
9324         ret = get_errno(fchmodat(arg1, p, arg3, 0));
9325         unlock_user(p, arg2, 0);
9326         break;
9327 #endif
9328     case TARGET_NR_getpriority:
9329         /* Note that negative values are valid for getpriority, so we must
9330            differentiate based on errno settings.  */
9331         errno = 0;
9332         ret = getpriority(arg1, arg2);
9333         if (ret == -1 && errno != 0) {
9334             ret = -host_to_target_errno(errno);
9335             break;
9336         }
9337 #ifdef TARGET_ALPHA
9338         /* Return value is the unbiased priority.  Signal no error.  */
9339         ((CPUAlphaState *)cpu_env)->ir[IR_V0] = 0;
9340 #else
9341         /* Return value is a biased priority to avoid negative numbers.  */
9342         ret = 20 - ret;
9343 #endif
9344         break;
9345     case TARGET_NR_setpriority:
9346         ret = get_errno(setpriority(arg1, arg2, arg3));
9347         break;
9348 #ifdef TARGET_NR_profil
9349     case TARGET_NR_profil:
9350         goto unimplemented;
9351 #endif
9352     case TARGET_NR_statfs:
9353         if (!(p = lock_user_string(arg1)))
9354             goto efault;
9355         ret = get_errno(statfs(path(p), &stfs));
9356         unlock_user(p, arg1, 0);
9357     convert_statfs:
9358         if (!is_error(ret)) {
9359             struct target_statfs *target_stfs;
9360 
9361             if (!lock_user_struct(VERIFY_WRITE, target_stfs, arg2, 0))
9362                 goto efault;
9363             __put_user(stfs.f_type, &target_stfs->f_type);
9364             __put_user(stfs.f_bsize, &target_stfs->f_bsize);
9365             __put_user(stfs.f_blocks, &target_stfs->f_blocks);
9366             __put_user(stfs.f_bfree, &target_stfs->f_bfree);
9367             __put_user(stfs.f_bavail, &target_stfs->f_bavail);
9368             __put_user(stfs.f_files, &target_stfs->f_files);
9369             __put_user(stfs.f_ffree, &target_stfs->f_ffree);
9370             __put_user(stfs.f_fsid.__val[0], &target_stfs->f_fsid.val[0]);
9371             __put_user(stfs.f_fsid.__val[1], &target_stfs->f_fsid.val[1]);
9372             __put_user(stfs.f_namelen, &target_stfs->f_namelen);
9373             __put_user(stfs.f_frsize, &target_stfs->f_frsize);
9374             memset(target_stfs->f_spare, 0, sizeof(target_stfs->f_spare));
9375             unlock_user_struct(target_stfs, arg2, 1);
9376         }
9377         break;
9378     case TARGET_NR_fstatfs:
9379         ret = get_errno(fstatfs(arg1, &stfs));
9380         goto convert_statfs;
9381 #ifdef TARGET_NR_statfs64
9382     case TARGET_NR_statfs64:
9383         if (!(p = lock_user_string(arg1)))
9384             goto efault;
9385         ret = get_errno(statfs(path(p), &stfs));
9386         unlock_user(p, arg1, 0);
9387     convert_statfs64:
9388         if (!is_error(ret)) {
9389             struct target_statfs64 *target_stfs;
9390 
9391             if (!lock_user_struct(VERIFY_WRITE, target_stfs, arg3, 0))
9392                 goto efault;
9393             __put_user(stfs.f_type, &target_stfs->f_type);
9394             __put_user(stfs.f_bsize, &target_stfs->f_bsize);
9395             __put_user(stfs.f_blocks, &target_stfs->f_blocks);
9396             __put_user(stfs.f_bfree, &target_stfs->f_bfree);
9397             __put_user(stfs.f_bavail, &target_stfs->f_bavail);
9398             __put_user(stfs.f_files, &target_stfs->f_files);
9399             __put_user(stfs.f_ffree, &target_stfs->f_ffree);
9400             __put_user(stfs.f_fsid.__val[0], &target_stfs->f_fsid.val[0]);
9401             __put_user(stfs.f_fsid.__val[1], &target_stfs->f_fsid.val[1]);
9402             __put_user(stfs.f_namelen, &target_stfs->f_namelen);
9403             __put_user(stfs.f_frsize, &target_stfs->f_frsize);
9404             memset(target_stfs->f_spare, 0, sizeof(target_stfs->f_spare));
9405             unlock_user_struct(target_stfs, arg3, 1);
9406         }
9407         break;
9408     case TARGET_NR_fstatfs64:
9409         ret = get_errno(fstatfs(arg1, &stfs));
9410         goto convert_statfs64;
9411 #endif
9412 #ifdef TARGET_NR_ioperm
9413     case TARGET_NR_ioperm:
9414         goto unimplemented;
9415 #endif
9416 #ifdef TARGET_NR_socketcall
9417     case TARGET_NR_socketcall:
9418         ret = do_socketcall(arg1, arg2);
9419         break;
9420 #endif
9421 #ifdef TARGET_NR_accept
9422     case TARGET_NR_accept:
9423         ret = do_accept4(arg1, arg2, arg3, 0);
9424         break;
9425 #endif
9426 #ifdef TARGET_NR_accept4
9427     case TARGET_NR_accept4:
9428         ret = do_accept4(arg1, arg2, arg3, arg4);
9429         break;
9430 #endif
9431 #ifdef TARGET_NR_bind
9432     case TARGET_NR_bind:
9433         ret = do_bind(arg1, arg2, arg3);
9434         break;
9435 #endif
9436 #ifdef TARGET_NR_connect
9437     case TARGET_NR_connect:
9438         ret = do_connect(arg1, arg2, arg3);
9439         break;
9440 #endif
9441 #ifdef TARGET_NR_getpeername
9442     case TARGET_NR_getpeername:
9443         ret = do_getpeername(arg1, arg2, arg3);
9444         break;
9445 #endif
9446 #ifdef TARGET_NR_getsockname
9447     case TARGET_NR_getsockname:
9448         ret = do_getsockname(arg1, arg2, arg3);
9449         break;
9450 #endif
9451 #ifdef TARGET_NR_getsockopt
9452     case TARGET_NR_getsockopt:
9453         ret = do_getsockopt(arg1, arg2, arg3, arg4, arg5);
9454         break;
9455 #endif
9456 #ifdef TARGET_NR_listen
9457     case TARGET_NR_listen:
9458         ret = get_errno(listen(arg1, arg2));
9459         break;
9460 #endif
9461 #ifdef TARGET_NR_recv
9462     case TARGET_NR_recv:
9463         ret = do_recvfrom(arg1, arg2, arg3, arg4, 0, 0);
9464         break;
9465 #endif
9466 #ifdef TARGET_NR_recvfrom
9467     case TARGET_NR_recvfrom:
9468         ret = do_recvfrom(arg1, arg2, arg3, arg4, arg5, arg6);
9469         break;
9470 #endif
9471 #ifdef TARGET_NR_recvmsg
9472     case TARGET_NR_recvmsg:
9473         ret = do_sendrecvmsg(arg1, arg2, arg3, 0);
9474         break;
9475 #endif
9476 #ifdef TARGET_NR_send
9477     case TARGET_NR_send:
9478         ret = do_sendto(arg1, arg2, arg3, arg4, 0, 0);
9479         break;
9480 #endif
9481 #ifdef TARGET_NR_sendmsg
9482     case TARGET_NR_sendmsg:
9483         ret = do_sendrecvmsg(arg1, arg2, arg3, 1);
9484         break;
9485 #endif
9486 #ifdef TARGET_NR_sendmmsg
9487     case TARGET_NR_sendmmsg:
9488         ret = do_sendrecvmmsg(arg1, arg2, arg3, arg4, 1);
9489         break;
9490     case TARGET_NR_recvmmsg:
9491         ret = do_sendrecvmmsg(arg1, arg2, arg3, arg4, 0);
9492         break;
9493 #endif
9494 #ifdef TARGET_NR_sendto
9495     case TARGET_NR_sendto:
9496         ret = do_sendto(arg1, arg2, arg3, arg4, arg5, arg6);
9497         break;
9498 #endif
9499 #ifdef TARGET_NR_shutdown
9500     case TARGET_NR_shutdown:
9501         ret = get_errno(shutdown(arg1, arg2));
9502         break;
9503 #endif
9504 #if defined(TARGET_NR_getrandom) && defined(__NR_getrandom)
9505     case TARGET_NR_getrandom:
9506         p = lock_user(VERIFY_WRITE, arg1, arg2, 0);
9507         if (!p) {
9508             goto efault;
9509         }
9510         ret = get_errno(getrandom(p, arg2, arg3));
9511         unlock_user(p, arg1, ret);
9512         break;
9513 #endif
9514 #ifdef TARGET_NR_socket
9515     case TARGET_NR_socket:
9516         ret = do_socket(arg1, arg2, arg3);
9517         break;
9518 #endif
9519 #ifdef TARGET_NR_socketpair
9520     case TARGET_NR_socketpair:
9521         ret = do_socketpair(arg1, arg2, arg3, arg4);
9522         break;
9523 #endif
9524 #ifdef TARGET_NR_setsockopt
9525     case TARGET_NR_setsockopt:
9526         ret = do_setsockopt(arg1, arg2, arg3, arg4, (socklen_t) arg5);
9527         break;
9528 #endif
9529 #if defined(TARGET_NR_syslog)
9530     case TARGET_NR_syslog:
9531         {
9532             int len = arg2;
9533 
9534             switch (arg1) {
9535             case TARGET_SYSLOG_ACTION_CLOSE:         /* Close log */
9536             case TARGET_SYSLOG_ACTION_OPEN:          /* Open log */
9537             case TARGET_SYSLOG_ACTION_CLEAR:         /* Clear ring buffer */
9538             case TARGET_SYSLOG_ACTION_CONSOLE_OFF:   /* Disable logging */
9539             case TARGET_SYSLOG_ACTION_CONSOLE_ON:    /* Enable logging */
9540             case TARGET_SYSLOG_ACTION_CONSOLE_LEVEL: /* Set messages level */
9541             case TARGET_SYSLOG_ACTION_SIZE_UNREAD:   /* Number of chars */
9542             case TARGET_SYSLOG_ACTION_SIZE_BUFFER:   /* Size of the buffer */
9543                 {
9544                     ret = get_errno(sys_syslog((int)arg1, NULL, (int)arg3));
9545                 }
9546                 break;
9547             case TARGET_SYSLOG_ACTION_READ:          /* Read from log */
9548             case TARGET_SYSLOG_ACTION_READ_CLEAR:    /* Read/clear msgs */
9549             case TARGET_SYSLOG_ACTION_READ_ALL:      /* Read last messages */
9550                 {
9551                     ret = -TARGET_EINVAL;
9552                     if (len < 0) {
9553                         goto fail;
9554                     }
9555                     ret = 0;
9556                     if (len == 0) {
9557                         break;
9558                     }
9559                     p = lock_user(VERIFY_WRITE, arg2, arg3, 0);
9560                     if (!p) {
9561                         ret = -TARGET_EFAULT;
9562                         goto fail;
9563                     }
9564                     ret = get_errno(sys_syslog((int)arg1, p, (int)arg3));
9565                     unlock_user(p, arg2, arg3);
9566                 }
9567                 break;
9568             default:
9569                 ret = -EINVAL;
9570                 break;
9571             }
9572         }
9573         break;
9574 #endif
9575     case TARGET_NR_setitimer:
9576         {
9577             struct itimerval value, ovalue, *pvalue;
9578 
9579             if (arg2) {
9580                 pvalue = &value;
9581                 if (copy_from_user_timeval(&pvalue->it_interval, arg2)
9582                     || copy_from_user_timeval(&pvalue->it_value,
9583                                               arg2 + sizeof(struct target_timeval)))
9584                     goto efault;
9585             } else {
9586                 pvalue = NULL;
9587             }
9588             ret = get_errno(setitimer(arg1, pvalue, &ovalue));
9589             if (!is_error(ret) && arg3) {
9590                 if (copy_to_user_timeval(arg3,
9591                                          &ovalue.it_interval)
9592                     || copy_to_user_timeval(arg3 + sizeof(struct target_timeval),
9593                                             &ovalue.it_value))
9594                     goto efault;
9595             }
9596         }
9597         break;
9598     case TARGET_NR_getitimer:
9599         {
9600             struct itimerval value;
9601 
9602             ret = get_errno(getitimer(arg1, &value));
9603             if (!is_error(ret) && arg2) {
9604                 if (copy_to_user_timeval(arg2,
9605                                          &value.it_interval)
9606                     || copy_to_user_timeval(arg2 + sizeof(struct target_timeval),
9607                                             &value.it_value))
9608                     goto efault;
9609             }
9610         }
9611         break;
9612 #ifdef TARGET_NR_stat
9613     case TARGET_NR_stat:
9614         if (!(p = lock_user_string(arg1)))
9615             goto efault;
9616         ret = get_errno(stat(path(p), &st));
9617         unlock_user(p, arg1, 0);
9618         goto do_stat;
9619 #endif
9620 #ifdef TARGET_NR_lstat
9621     case TARGET_NR_lstat:
9622         if (!(p = lock_user_string(arg1)))
9623             goto efault;
9624         ret = get_errno(lstat(path(p), &st));
9625         unlock_user(p, arg1, 0);
9626         goto do_stat;
9627 #endif
9628     case TARGET_NR_fstat:
9629         {
9630             ret = get_errno(fstat(arg1, &st));
9631 #if defined(TARGET_NR_stat) || defined(TARGET_NR_lstat)
9632         do_stat:
9633 #endif
9634             if (!is_error(ret)) {
9635                 struct target_stat *target_st;
9636 
9637                 if (!lock_user_struct(VERIFY_WRITE, target_st, arg2, 0))
9638                     goto efault;
9639                 memset(target_st, 0, sizeof(*target_st));
9640                 __put_user(st.st_dev, &target_st->st_dev);
9641                 __put_user(st.st_ino, &target_st->st_ino);
9642                 __put_user(st.st_mode, &target_st->st_mode);
9643                 __put_user(st.st_uid, &target_st->st_uid);
9644                 __put_user(st.st_gid, &target_st->st_gid);
9645                 __put_user(st.st_nlink, &target_st->st_nlink);
9646                 __put_user(st.st_rdev, &target_st->st_rdev);
9647                 __put_user(st.st_size, &target_st->st_size);
9648                 __put_user(st.st_blksize, &target_st->st_blksize);
9649                 __put_user(st.st_blocks, &target_st->st_blocks);
9650                 __put_user(st.st_atime, &target_st->target_st_atime);
9651                 __put_user(st.st_mtime, &target_st->target_st_mtime);
9652                 __put_user(st.st_ctime, &target_st->target_st_ctime);
9653                 unlock_user_struct(target_st, arg2, 1);
9654             }
9655         }
9656         break;
9657 #ifdef TARGET_NR_olduname
9658     case TARGET_NR_olduname:
9659         goto unimplemented;
9660 #endif
9661 #ifdef TARGET_NR_iopl
9662     case TARGET_NR_iopl:
9663         goto unimplemented;
9664 #endif
9665     case TARGET_NR_vhangup:
9666         ret = get_errno(vhangup());
9667         break;
9668 #ifdef TARGET_NR_idle
9669     case TARGET_NR_idle:
9670         goto unimplemented;
9671 #endif
9672 #ifdef TARGET_NR_syscall
9673     case TARGET_NR_syscall:
9674         ret = do_syscall(cpu_env, arg1 & 0xffff, arg2, arg3, arg4, arg5,
9675                          arg6, arg7, arg8, 0);
9676         break;
9677 #endif
9678     case TARGET_NR_wait4:
9679         {
9680             int status;
9681             abi_long status_ptr = arg2;
9682             struct rusage rusage, *rusage_ptr;
9683             abi_ulong target_rusage = arg4;
9684             abi_long rusage_err;
9685             if (target_rusage)
9686                 rusage_ptr = &rusage;
9687             else
9688                 rusage_ptr = NULL;
9689             ret = get_errno(safe_wait4(arg1, &status, arg3, rusage_ptr));
9690             if (!is_error(ret)) {
9691                 if (status_ptr && ret) {
9692                     status = host_to_target_waitstatus(status);
9693                     if (put_user_s32(status, status_ptr))
9694                         goto efault;
9695                 }
9696                 if (target_rusage) {
9697                     rusage_err = host_to_target_rusage(target_rusage, &rusage);
9698                     if (rusage_err) {
9699                         ret = rusage_err;
9700                     }
9701                 }
9702             }
9703         }
9704         break;
9705 #ifdef TARGET_NR_swapoff
9706     case TARGET_NR_swapoff:
9707         if (!(p = lock_user_string(arg1)))
9708             goto efault;
9709         ret = get_errno(swapoff(p));
9710         unlock_user(p, arg1, 0);
9711         break;
9712 #endif
9713     case TARGET_NR_sysinfo:
9714         {
9715             struct target_sysinfo *target_value;
9716             struct sysinfo value;
9717             ret = get_errno(sysinfo(&value));
9718             if (!is_error(ret) && arg1)
9719             {
9720                 if (!lock_user_struct(VERIFY_WRITE, target_value, arg1, 0))
9721                     goto efault;
9722                 __put_user(value.uptime, &target_value->uptime);
9723                 __put_user(value.loads[0], &target_value->loads[0]);
9724                 __put_user(value.loads[1], &target_value->loads[1]);
9725                 __put_user(value.loads[2], &target_value->loads[2]);
9726                 __put_user(value.totalram, &target_value->totalram);
9727                 __put_user(value.freeram, &target_value->freeram);
9728                 __put_user(value.sharedram, &target_value->sharedram);
9729                 __put_user(value.bufferram, &target_value->bufferram);
9730                 __put_user(value.totalswap, &target_value->totalswap);
9731                 __put_user(value.freeswap, &target_value->freeswap);
9732                 __put_user(value.procs, &target_value->procs);
9733                 __put_user(value.totalhigh, &target_value->totalhigh);
9734                 __put_user(value.freehigh, &target_value->freehigh);
9735                 __put_user(value.mem_unit, &target_value->mem_unit);
9736                 unlock_user_struct(target_value, arg1, 1);
9737             }
9738         }
9739         break;
9740 #ifdef TARGET_NR_ipc
9741     case TARGET_NR_ipc:
9742         ret = do_ipc(cpu_env, arg1, arg2, arg3, arg4, arg5, arg6);
9743         break;
9744 #endif
9745 #ifdef TARGET_NR_semget
9746     case TARGET_NR_semget:
9747         ret = get_errno(semget(arg1, arg2, arg3));
9748         break;
9749 #endif
9750 #ifdef TARGET_NR_semop
9751     case TARGET_NR_semop:
9752         ret = do_semop(arg1, arg2, arg3);
9753         break;
9754 #endif
9755 #ifdef TARGET_NR_semctl
9756     case TARGET_NR_semctl:
9757         ret = do_semctl(arg1, arg2, arg3, arg4);
9758         break;
9759 #endif
9760 #ifdef TARGET_NR_msgctl
9761     case TARGET_NR_msgctl:
9762         ret = do_msgctl(arg1, arg2, arg3);
9763         break;
9764 #endif
9765 #ifdef TARGET_NR_msgget
9766     case TARGET_NR_msgget:
9767         ret = get_errno(msgget(arg1, arg2));
9768         break;
9769 #endif
9770 #ifdef TARGET_NR_msgrcv
9771     case TARGET_NR_msgrcv:
9772         ret = do_msgrcv(arg1, arg2, arg3, arg4, arg5);
9773         break;
9774 #endif
9775 #ifdef TARGET_NR_msgsnd
9776     case TARGET_NR_msgsnd:
9777         ret = do_msgsnd(arg1, arg2, arg3, arg4);
9778         break;
9779 #endif
9780 #ifdef TARGET_NR_shmget
9781     case TARGET_NR_shmget:
9782         ret = get_errno(shmget(arg1, arg2, arg3));
9783         break;
9784 #endif
9785 #ifdef TARGET_NR_shmctl
9786     case TARGET_NR_shmctl:
9787         ret = do_shmctl(arg1, arg2, arg3);
9788         break;
9789 #endif
9790 #ifdef TARGET_NR_shmat
9791     case TARGET_NR_shmat:
9792         ret = do_shmat(cpu_env, arg1, arg2, arg3);
9793         break;
9794 #endif
9795 #ifdef TARGET_NR_shmdt
9796     case TARGET_NR_shmdt:
9797         ret = do_shmdt(arg1);
9798         break;
9799 #endif
9800     case TARGET_NR_fsync:
9801         ret = get_errno(fsync(arg1));
9802         break;
9803     case TARGET_NR_clone:
9804         /* Linux manages to have three different orderings for its
9805          * arguments to clone(); the BACKWARDS and BACKWARDS2 defines
9806          * match the kernel's CONFIG_CLONE_* settings.
9807          * Microblaze is further special in that it uses a sixth
9808          * implicit argument to clone for the TLS pointer.
9809          */
9810 #if defined(TARGET_MICROBLAZE)
9811         ret = get_errno(do_fork(cpu_env, arg1, arg2, arg4, arg6, arg5));
9812 #elif defined(TARGET_CLONE_BACKWARDS)
9813         ret = get_errno(do_fork(cpu_env, arg1, arg2, arg3, arg4, arg5));
9814 #elif defined(TARGET_CLONE_BACKWARDS2)
9815         ret = get_errno(do_fork(cpu_env, arg2, arg1, arg3, arg5, arg4));
9816 #else
9817         ret = get_errno(do_fork(cpu_env, arg1, arg2, arg3, arg5, arg4));
9818 #endif
9819         break;
9820 #ifdef __NR_exit_group
9821         /* new thread calls */
9822     case TARGET_NR_exit_group:
9823 #ifdef TARGET_GPROF
9824         _mcleanup();
9825 #endif
9826         gdb_exit(cpu_env, arg1);
9827         ret = get_errno(exit_group(arg1));
9828         break;
9829 #endif
9830     case TARGET_NR_setdomainname:
9831         if (!(p = lock_user_string(arg1)))
9832             goto efault;
9833         ret = get_errno(setdomainname(p, arg2));
9834         unlock_user(p, arg1, 0);
9835         break;
9836     case TARGET_NR_uname:
9837         /* no need to transcode because we use the linux syscall */
9838         {
9839             struct new_utsname * buf;
9840 
9841             if (!lock_user_struct(VERIFY_WRITE, buf, arg1, 0))
9842                 goto efault;
9843             ret = get_errno(sys_uname(buf));
9844             if (!is_error(ret)) {
9845                 /* Overwrite the native machine name with whatever is being
9846                    emulated. */
9847                 strcpy (buf->machine, cpu_to_uname_machine(cpu_env));
9848                 /* Allow the user to override the reported release.  */
9849                 if (qemu_uname_release && *qemu_uname_release) {
9850                     g_strlcpy(buf->release, qemu_uname_release,
9851                               sizeof(buf->release));
9852                 }
9853             }
9854             unlock_user_struct(buf, arg1, 1);
9855         }
9856         break;
9857 #ifdef TARGET_I386
9858     case TARGET_NR_modify_ldt:
9859         ret = do_modify_ldt(cpu_env, arg1, arg2, arg3);
9860         break;
9861 #if !defined(TARGET_X86_64)
9862     case TARGET_NR_vm86old:
9863         goto unimplemented;
9864     case TARGET_NR_vm86:
9865         ret = do_vm86(cpu_env, arg1, arg2);
9866         break;
9867 #endif
9868 #endif
9869     case TARGET_NR_adjtimex:
9870         {
9871             struct timex host_buf;
9872 
9873             if (target_to_host_timex(&host_buf, arg1) != 0) {
9874                 goto efault;
9875             }
9876             ret = get_errno(adjtimex(&host_buf));
9877             if (!is_error(ret)) {
9878                 if (host_to_target_timex(arg1, &host_buf) != 0) {
9879                     goto efault;
9880                 }
9881             }
9882         }
9883         break;
9884 #if defined(TARGET_NR_clock_adjtime) && defined(CONFIG_CLOCK_ADJTIME)
9885     case TARGET_NR_clock_adjtime:
9886         {
9887             struct timex htx, *phtx = &htx;
9888 
9889             if (target_to_host_timex(phtx, arg2) != 0) {
9890                 goto efault;
9891             }
9892             ret = get_errno(clock_adjtime(arg1, phtx));
9893             if (!is_error(ret) && phtx) {
9894                 if (host_to_target_timex(arg2, phtx) != 0) {
9895                     goto efault;
9896                 }
9897             }
9898         }
9899         break;
9900 #endif
9901 #ifdef TARGET_NR_create_module
9902     case TARGET_NR_create_module:
9903 #endif
9904     case TARGET_NR_init_module:
9905     case TARGET_NR_delete_module:
9906 #ifdef TARGET_NR_get_kernel_syms
9907     case TARGET_NR_get_kernel_syms:
9908 #endif
9909         goto unimplemented;
9910     case TARGET_NR_quotactl:
9911         goto unimplemented;
9912     case TARGET_NR_getpgid:
9913         ret = get_errno(getpgid(arg1));
9914         break;
9915     case TARGET_NR_fchdir:
9916         ret = get_errno(fchdir(arg1));
9917         break;
9918 #ifdef TARGET_NR_bdflush /* not on x86_64 */
9919     case TARGET_NR_bdflush:
9920         goto unimplemented;
9921 #endif
9922 #ifdef TARGET_NR_sysfs
9923     case TARGET_NR_sysfs:
9924         goto unimplemented;
9925 #endif
9926     case TARGET_NR_personality:
9927         ret = get_errno(personality(arg1));
9928         break;
9929 #ifdef TARGET_NR_afs_syscall
9930     case TARGET_NR_afs_syscall:
9931         goto unimplemented;
9932 #endif
9933 #ifdef TARGET_NR__llseek /* Not on alpha */
9934     case TARGET_NR__llseek:
9935         {
9936             int64_t res;
9937 #if !defined(__NR_llseek)
9938             res = lseek(arg1, ((uint64_t)arg2 << 32) | (abi_ulong)arg3, arg5);
9939             if (res == -1) {
9940                 ret = get_errno(res);
9941             } else {
9942                 ret = 0;
9943             }
9944 #else
9945             ret = get_errno(_llseek(arg1, arg2, arg3, &res, arg5));
9946 #endif
9947             if ((ret == 0) && put_user_s64(res, arg4)) {
9948                 goto efault;
9949             }
9950         }
9951         break;
9952 #endif
9953 #ifdef TARGET_NR_getdents
9954     case TARGET_NR_getdents:
9955 #ifdef __NR_getdents
9956 #if TARGET_ABI_BITS == 32 && HOST_LONG_BITS == 64
9957         {
9958             struct target_dirent *target_dirp;
9959             struct linux_dirent *dirp;
9960             abi_long count = arg3;
9961 
9962             dirp = g_try_malloc(count);
9963             if (!dirp) {
9964                 ret = -TARGET_ENOMEM;
9965                 goto fail;
9966             }
9967 
9968             ret = get_errno(sys_getdents(arg1, dirp, count));
9969             if (!is_error(ret)) {
9970                 struct linux_dirent *de;
9971 		struct target_dirent *tde;
9972                 int len = ret;
9973                 int reclen, treclen;
9974 		int count1, tnamelen;
9975 
9976 		count1 = 0;
9977                 de = dirp;
9978                 if (!(target_dirp = lock_user(VERIFY_WRITE, arg2, count, 0)))
9979                     goto efault;
9980 		tde = target_dirp;
9981                 while (len > 0) {
9982                     reclen = de->d_reclen;
9983                     tnamelen = reclen - offsetof(struct linux_dirent, d_name);
9984                     assert(tnamelen >= 0);
9985                     treclen = tnamelen + offsetof(struct target_dirent, d_name);
9986                     assert(count1 + treclen <= count);
9987                     tde->d_reclen = tswap16(treclen);
9988                     tde->d_ino = tswapal(de->d_ino);
9989                     tde->d_off = tswapal(de->d_off);
9990                     memcpy(tde->d_name, de->d_name, tnamelen);
9991                     de = (struct linux_dirent *)((char *)de + reclen);
9992                     len -= reclen;
9993                     tde = (struct target_dirent *)((char *)tde + treclen);
9994 		    count1 += treclen;
9995                 }
9996 		ret = count1;
9997                 unlock_user(target_dirp, arg2, ret);
9998             }
9999             g_free(dirp);
10000         }
10001 #else
10002         {
10003             struct linux_dirent *dirp;
10004             abi_long count = arg3;
10005 
10006             if (!(dirp = lock_user(VERIFY_WRITE, arg2, count, 0)))
10007                 goto efault;
10008             ret = get_errno(sys_getdents(arg1, dirp, count));
10009             if (!is_error(ret)) {
10010                 struct linux_dirent *de;
10011                 int len = ret;
10012                 int reclen;
10013                 de = dirp;
10014                 while (len > 0) {
10015                     reclen = de->d_reclen;
10016                     if (reclen > len)
10017                         break;
10018                     de->d_reclen = tswap16(reclen);
10019                     tswapls(&de->d_ino);
10020                     tswapls(&de->d_off);
10021                     de = (struct linux_dirent *)((char *)de + reclen);
10022                     len -= reclen;
10023                 }
10024             }
10025             unlock_user(dirp, arg2, ret);
10026         }
10027 #endif
10028 #else
10029         /* Implement getdents in terms of getdents64 */
10030         {
10031             struct linux_dirent64 *dirp;
10032             abi_long count = arg3;
10033 
10034             dirp = lock_user(VERIFY_WRITE, arg2, count, 0);
10035             if (!dirp) {
10036                 goto efault;
10037             }
10038             ret = get_errno(sys_getdents64(arg1, dirp, count));
10039             if (!is_error(ret)) {
10040                 /* Convert the dirent64 structs to target dirent.  We do this
10041                  * in-place, since we can guarantee that a target_dirent is no
10042                  * larger than a dirent64; however this means we have to be
10043                  * careful to read everything before writing in the new format.
10044                  */
10045                 struct linux_dirent64 *de;
10046                 struct target_dirent *tde;
10047                 int len = ret;
10048                 int tlen = 0;
10049 
10050                 de = dirp;
10051                 tde = (struct target_dirent *)dirp;
10052                 while (len > 0) {
10053                     int namelen, treclen;
10054                     int reclen = de->d_reclen;
10055                     uint64_t ino = de->d_ino;
10056                     int64_t off = de->d_off;
10057                     uint8_t type = de->d_type;
10058 
10059                     namelen = strlen(de->d_name);
10060                     treclen = offsetof(struct target_dirent, d_name)
10061                         + namelen + 2;
10062                     treclen = QEMU_ALIGN_UP(treclen, sizeof(abi_long));
10063 
10064                     memmove(tde->d_name, de->d_name, namelen + 1);
10065                     tde->d_ino = tswapal(ino);
10066                     tde->d_off = tswapal(off);
10067                     tde->d_reclen = tswap16(treclen);
10068                     /* The target_dirent type is in what was formerly a padding
10069                      * byte at the end of the structure:
10070                      */
10071                     *(((char *)tde) + treclen - 1) = type;
10072 
10073                     de = (struct linux_dirent64 *)((char *)de + reclen);
10074                     tde = (struct target_dirent *)((char *)tde + treclen);
10075                     len -= reclen;
10076                     tlen += treclen;
10077                 }
10078                 ret = tlen;
10079             }
10080             unlock_user(dirp, arg2, ret);
10081         }
10082 #endif
10083         break;
10084 #endif /* TARGET_NR_getdents */
10085 #if defined(TARGET_NR_getdents64) && defined(__NR_getdents64)
10086     case TARGET_NR_getdents64:
10087         {
10088             struct linux_dirent64 *dirp;
10089             abi_long count = arg3;
10090             if (!(dirp = lock_user(VERIFY_WRITE, arg2, count, 0)))
10091                 goto efault;
10092             ret = get_errno(sys_getdents64(arg1, dirp, count));
10093             if (!is_error(ret)) {
10094                 struct linux_dirent64 *de;
10095                 int len = ret;
10096                 int reclen;
10097                 de = dirp;
10098                 while (len > 0) {
10099                     reclen = de->d_reclen;
10100                     if (reclen > len)
10101                         break;
10102                     de->d_reclen = tswap16(reclen);
10103                     tswap64s((uint64_t *)&de->d_ino);
10104                     tswap64s((uint64_t *)&de->d_off);
10105                     de = (struct linux_dirent64 *)((char *)de + reclen);
10106                     len -= reclen;
10107                 }
10108             }
10109             unlock_user(dirp, arg2, ret);
10110         }
10111         break;
10112 #endif /* TARGET_NR_getdents64 */
10113 #if defined(TARGET_NR__newselect)
10114     case TARGET_NR__newselect:
10115         ret = do_select(arg1, arg2, arg3, arg4, arg5);
10116         break;
10117 #endif
10118 #if defined(TARGET_NR_poll) || defined(TARGET_NR_ppoll)
10119 # ifdef TARGET_NR_poll
10120     case TARGET_NR_poll:
10121 # endif
10122 # ifdef TARGET_NR_ppoll
10123     case TARGET_NR_ppoll:
10124 # endif
10125         {
10126             struct target_pollfd *target_pfd;
10127             unsigned int nfds = arg2;
10128             struct pollfd *pfd;
10129             unsigned int i;
10130 
10131             pfd = NULL;
10132             target_pfd = NULL;
10133             if (nfds) {
10134                 if (nfds > (INT_MAX / sizeof(struct target_pollfd))) {
10135                     ret = -TARGET_EINVAL;
10136                     break;
10137                 }
10138 
10139                 target_pfd = lock_user(VERIFY_WRITE, arg1,
10140                                        sizeof(struct target_pollfd) * nfds, 1);
10141                 if (!target_pfd) {
10142                     goto efault;
10143                 }
10144 
10145                 pfd = alloca(sizeof(struct pollfd) * nfds);
10146                 for (i = 0; i < nfds; i++) {
10147                     pfd[i].fd = tswap32(target_pfd[i].fd);
10148                     pfd[i].events = tswap16(target_pfd[i].events);
10149                 }
10150             }
10151 
10152             switch (num) {
10153 # ifdef TARGET_NR_ppoll
10154             case TARGET_NR_ppoll:
10155             {
10156                 struct timespec _timeout_ts, *timeout_ts = &_timeout_ts;
10157                 target_sigset_t *target_set;
10158                 sigset_t _set, *set = &_set;
10159 
10160                 if (arg3) {
10161                     if (target_to_host_timespec(timeout_ts, arg3)) {
10162                         unlock_user(target_pfd, arg1, 0);
10163                         goto efault;
10164                     }
10165                 } else {
10166                     timeout_ts = NULL;
10167                 }
10168 
10169                 if (arg4) {
10170                     if (arg5 != sizeof(target_sigset_t)) {
10171                         unlock_user(target_pfd, arg1, 0);
10172                         ret = -TARGET_EINVAL;
10173                         break;
10174                     }
10175 
10176                     target_set = lock_user(VERIFY_READ, arg4, sizeof(target_sigset_t), 1);
10177                     if (!target_set) {
10178                         unlock_user(target_pfd, arg1, 0);
10179                         goto efault;
10180                     }
10181                     target_to_host_sigset(set, target_set);
10182                 } else {
10183                     set = NULL;
10184                 }
10185 
10186                 ret = get_errno(safe_ppoll(pfd, nfds, timeout_ts,
10187                                            set, SIGSET_T_SIZE));
10188 
10189                 if (!is_error(ret) && arg3) {
10190                     host_to_target_timespec(arg3, timeout_ts);
10191                 }
10192                 if (arg4) {
10193                     unlock_user(target_set, arg4, 0);
10194                 }
10195                 break;
10196             }
10197 # endif
10198 # ifdef TARGET_NR_poll
10199             case TARGET_NR_poll:
10200             {
10201                 struct timespec ts, *pts;
10202 
10203                 if (arg3 >= 0) {
10204                     /* Convert ms to secs, ns */
10205                     ts.tv_sec = arg3 / 1000;
10206                     ts.tv_nsec = (arg3 % 1000) * 1000000LL;
10207                     pts = &ts;
10208                 } else {
10209                     /* -ve poll() timeout means "infinite" */
10210                     pts = NULL;
10211                 }
10212                 ret = get_errno(safe_ppoll(pfd, nfds, pts, NULL, 0));
10213                 break;
10214             }
10215 # endif
10216             default:
10217                 g_assert_not_reached();
10218             }
10219 
10220             if (!is_error(ret)) {
10221                 for(i = 0; i < nfds; i++) {
10222                     target_pfd[i].revents = tswap16(pfd[i].revents);
10223                 }
10224             }
10225             unlock_user(target_pfd, arg1, sizeof(struct target_pollfd) * nfds);
10226         }
10227         break;
10228 #endif
10229     case TARGET_NR_flock:
10230         /* NOTE: the flock constant seems to be the same for every
10231            Linux platform */
10232         ret = get_errno(safe_flock(arg1, arg2));
10233         break;
10234     case TARGET_NR_readv:
10235         {
10236             struct iovec *vec = lock_iovec(VERIFY_WRITE, arg2, arg3, 0);
10237             if (vec != NULL) {
10238                 ret = get_errno(safe_readv(arg1, vec, arg3));
10239                 unlock_iovec(vec, arg2, arg3, 1);
10240             } else {
10241                 ret = -host_to_target_errno(errno);
10242             }
10243         }
10244         break;
10245     case TARGET_NR_writev:
10246         {
10247             struct iovec *vec = lock_iovec(VERIFY_READ, arg2, arg3, 1);
10248             if (vec != NULL) {
10249                 ret = get_errno(safe_writev(arg1, vec, arg3));
10250                 unlock_iovec(vec, arg2, arg3, 0);
10251             } else {
10252                 ret = -host_to_target_errno(errno);
10253             }
10254         }
10255         break;
10256 #if defined(TARGET_NR_preadv)
10257     case TARGET_NR_preadv:
10258         {
10259             struct iovec *vec = lock_iovec(VERIFY_WRITE, arg2, arg3, 0);
10260             if (vec != NULL) {
10261                 ret = get_errno(safe_preadv(arg1, vec, arg3, arg4, arg5));
10262                 unlock_iovec(vec, arg2, arg3, 1);
10263             } else {
10264                 ret = -host_to_target_errno(errno);
10265            }
10266         }
10267         break;
10268 #endif
10269 #if defined(TARGET_NR_pwritev)
10270     case TARGET_NR_pwritev:
10271         {
10272             struct iovec *vec = lock_iovec(VERIFY_READ, arg2, arg3, 1);
10273             if (vec != NULL) {
10274                 ret = get_errno(safe_pwritev(arg1, vec, arg3, arg4, arg5));
10275                 unlock_iovec(vec, arg2, arg3, 0);
10276             } else {
10277                 ret = -host_to_target_errno(errno);
10278            }
10279         }
10280         break;
10281 #endif
10282     case TARGET_NR_getsid:
10283         ret = get_errno(getsid(arg1));
10284         break;
10285 #if defined(TARGET_NR_fdatasync) /* Not on alpha (osf_datasync ?) */
10286     case TARGET_NR_fdatasync:
10287         ret = get_errno(fdatasync(arg1));
10288         break;
10289 #endif
10290 #ifdef TARGET_NR__sysctl
10291     case TARGET_NR__sysctl:
10292         /* We don't implement this, but ENOTDIR is always a safe
10293            return value. */
10294         ret = -TARGET_ENOTDIR;
10295         break;
10296 #endif
10297     case TARGET_NR_sched_getaffinity:
10298         {
10299             unsigned int mask_size;
10300             unsigned long *mask;
10301 
10302             /*
10303              * sched_getaffinity needs multiples of ulong, so need to take
10304              * care of mismatches between target ulong and host ulong sizes.
10305              */
10306             if (arg2 & (sizeof(abi_ulong) - 1)) {
10307                 ret = -TARGET_EINVAL;
10308                 break;
10309             }
10310             mask_size = (arg2 + (sizeof(*mask) - 1)) & ~(sizeof(*mask) - 1);
10311 
10312             mask = alloca(mask_size);
10313             ret = get_errno(sys_sched_getaffinity(arg1, mask_size, mask));
10314 
10315             if (!is_error(ret)) {
10316                 if (ret > arg2) {
10317                     /* More data returned than the caller's buffer will fit.
10318                      * This only happens if sizeof(abi_long) < sizeof(long)
10319                      * and the caller passed us a buffer holding an odd number
10320                      * of abi_longs. If the host kernel is actually using the
10321                      * extra 4 bytes then fail EINVAL; otherwise we can just
10322                      * ignore them and only copy the interesting part.
10323                      */
10324                     int numcpus = sysconf(_SC_NPROCESSORS_CONF);
10325                     if (numcpus > arg2 * 8) {
10326                         ret = -TARGET_EINVAL;
10327                         break;
10328                     }
10329                     ret = arg2;
10330                 }
10331 
10332                 if (copy_to_user(arg3, mask, ret)) {
10333                     goto efault;
10334                 }
10335             }
10336         }
10337         break;
10338     case TARGET_NR_sched_setaffinity:
10339         {
10340             unsigned int mask_size;
10341             unsigned long *mask;
10342 
10343             /*
10344              * sched_setaffinity needs multiples of ulong, so need to take
10345              * care of mismatches between target ulong and host ulong sizes.
10346              */
10347             if (arg2 & (sizeof(abi_ulong) - 1)) {
10348                 ret = -TARGET_EINVAL;
10349                 break;
10350             }
10351             mask_size = (arg2 + (sizeof(*mask) - 1)) & ~(sizeof(*mask) - 1);
10352 
10353             mask = alloca(mask_size);
10354             if (!lock_user_struct(VERIFY_READ, p, arg3, 1)) {
10355                 goto efault;
10356             }
10357             memcpy(mask, p, arg2);
10358             unlock_user_struct(p, arg2, 0);
10359 
10360             ret = get_errno(sys_sched_setaffinity(arg1, mask_size, mask));
10361         }
10362         break;
10363     case TARGET_NR_sched_setparam:
10364         {
10365             struct sched_param *target_schp;
10366             struct sched_param schp;
10367 
10368             if (arg2 == 0) {
10369                 return -TARGET_EINVAL;
10370             }
10371             if (!lock_user_struct(VERIFY_READ, target_schp, arg2, 1))
10372                 goto efault;
10373             schp.sched_priority = tswap32(target_schp->sched_priority);
10374             unlock_user_struct(target_schp, arg2, 0);
10375             ret = get_errno(sched_setparam(arg1, &schp));
10376         }
10377         break;
10378     case TARGET_NR_sched_getparam:
10379         {
10380             struct sched_param *target_schp;
10381             struct sched_param schp;
10382 
10383             if (arg2 == 0) {
10384                 return -TARGET_EINVAL;
10385             }
10386             ret = get_errno(sched_getparam(arg1, &schp));
10387             if (!is_error(ret)) {
10388                 if (!lock_user_struct(VERIFY_WRITE, target_schp, arg2, 0))
10389                     goto efault;
10390                 target_schp->sched_priority = tswap32(schp.sched_priority);
10391                 unlock_user_struct(target_schp, arg2, 1);
10392             }
10393         }
10394         break;
10395     case TARGET_NR_sched_setscheduler:
10396         {
10397             struct sched_param *target_schp;
10398             struct sched_param schp;
10399             if (arg3 == 0) {
10400                 return -TARGET_EINVAL;
10401             }
10402             if (!lock_user_struct(VERIFY_READ, target_schp, arg3, 1))
10403                 goto efault;
10404             schp.sched_priority = tswap32(target_schp->sched_priority);
10405             unlock_user_struct(target_schp, arg3, 0);
10406             ret = get_errno(sched_setscheduler(arg1, arg2, &schp));
10407         }
10408         break;
10409     case TARGET_NR_sched_getscheduler:
10410         ret = get_errno(sched_getscheduler(arg1));
10411         break;
10412     case TARGET_NR_sched_yield:
10413         ret = get_errno(sched_yield());
10414         break;
10415     case TARGET_NR_sched_get_priority_max:
10416         ret = get_errno(sched_get_priority_max(arg1));
10417         break;
10418     case TARGET_NR_sched_get_priority_min:
10419         ret = get_errno(sched_get_priority_min(arg1));
10420         break;
10421     case TARGET_NR_sched_rr_get_interval:
10422         {
10423             struct timespec ts;
10424             ret = get_errno(sched_rr_get_interval(arg1, &ts));
10425             if (!is_error(ret)) {
10426                 ret = host_to_target_timespec(arg2, &ts);
10427             }
10428         }
10429         break;
10430     case TARGET_NR_nanosleep:
10431         {
10432             struct timespec req, rem;
10433             target_to_host_timespec(&req, arg1);
10434             ret = get_errno(safe_nanosleep(&req, &rem));
10435             if (is_error(ret) && arg2) {
10436                 host_to_target_timespec(arg2, &rem);
10437             }
10438         }
10439         break;
10440 #ifdef TARGET_NR_query_module
10441     case TARGET_NR_query_module:
10442         goto unimplemented;
10443 #endif
10444 #ifdef TARGET_NR_nfsservctl
10445     case TARGET_NR_nfsservctl:
10446         goto unimplemented;
10447 #endif
10448     case TARGET_NR_prctl:
10449         switch (arg1) {
10450         case PR_GET_PDEATHSIG:
10451         {
10452             int deathsig;
10453             ret = get_errno(prctl(arg1, &deathsig, arg3, arg4, arg5));
10454             if (!is_error(ret) && arg2
10455                 && put_user_ual(deathsig, arg2)) {
10456                 goto efault;
10457             }
10458             break;
10459         }
10460 #ifdef PR_GET_NAME
10461         case PR_GET_NAME:
10462         {
10463             void *name = lock_user(VERIFY_WRITE, arg2, 16, 1);
10464             if (!name) {
10465                 goto efault;
10466             }
10467             ret = get_errno(prctl(arg1, (unsigned long)name,
10468                                   arg3, arg4, arg5));
10469             unlock_user(name, arg2, 16);
10470             break;
10471         }
10472         case PR_SET_NAME:
10473         {
10474             void *name = lock_user(VERIFY_READ, arg2, 16, 1);
10475             if (!name) {
10476                 goto efault;
10477             }
10478             ret = get_errno(prctl(arg1, (unsigned long)name,
10479                                   arg3, arg4, arg5));
10480             unlock_user(name, arg2, 0);
10481             break;
10482         }
10483 #endif
10484         default:
10485             /* Most prctl options have no pointer arguments */
10486             ret = get_errno(prctl(arg1, arg2, arg3, arg4, arg5));
10487             break;
10488         }
10489         break;
10490 #ifdef TARGET_NR_arch_prctl
10491     case TARGET_NR_arch_prctl:
10492 #if defined(TARGET_I386) && !defined(TARGET_ABI32)
10493         ret = do_arch_prctl(cpu_env, arg1, arg2);
10494         break;
10495 #else
10496         goto unimplemented;
10497 #endif
10498 #endif
10499 #ifdef TARGET_NR_pread64
10500     case TARGET_NR_pread64:
10501         if (regpairs_aligned(cpu_env)) {
10502             arg4 = arg5;
10503             arg5 = arg6;
10504         }
10505         if (!(p = lock_user(VERIFY_WRITE, arg2, arg3, 0)))
10506             goto efault;
10507         ret = get_errno(pread64(arg1, p, arg3, target_offset64(arg4, arg5)));
10508         unlock_user(p, arg2, ret);
10509         break;
10510     case TARGET_NR_pwrite64:
10511         if (regpairs_aligned(cpu_env)) {
10512             arg4 = arg5;
10513             arg5 = arg6;
10514         }
10515         if (!(p = lock_user(VERIFY_READ, arg2, arg3, 1)))
10516             goto efault;
10517         ret = get_errno(pwrite64(arg1, p, arg3, target_offset64(arg4, arg5)));
10518         unlock_user(p, arg2, 0);
10519         break;
10520 #endif
10521     case TARGET_NR_getcwd:
10522         if (!(p = lock_user(VERIFY_WRITE, arg1, arg2, 0)))
10523             goto efault;
10524         ret = get_errno(sys_getcwd1(p, arg2));
10525         unlock_user(p, arg1, ret);
10526         break;
10527     case TARGET_NR_capget:
10528     case TARGET_NR_capset:
10529     {
10530         struct target_user_cap_header *target_header;
10531         struct target_user_cap_data *target_data = NULL;
10532         struct __user_cap_header_struct header;
10533         struct __user_cap_data_struct data[2];
10534         struct __user_cap_data_struct *dataptr = NULL;
10535         int i, target_datalen;
10536         int data_items = 1;
10537 
10538         if (!lock_user_struct(VERIFY_WRITE, target_header, arg1, 1)) {
10539             goto efault;
10540         }
10541         header.version = tswap32(target_header->version);
10542         header.pid = tswap32(target_header->pid);
10543 
10544         if (header.version != _LINUX_CAPABILITY_VERSION) {
10545             /* Version 2 and up takes pointer to two user_data structs */
10546             data_items = 2;
10547         }
10548 
10549         target_datalen = sizeof(*target_data) * data_items;
10550 
10551         if (arg2) {
10552             if (num == TARGET_NR_capget) {
10553                 target_data = lock_user(VERIFY_WRITE, arg2, target_datalen, 0);
10554             } else {
10555                 target_data = lock_user(VERIFY_READ, arg2, target_datalen, 1);
10556             }
10557             if (!target_data) {
10558                 unlock_user_struct(target_header, arg1, 0);
10559                 goto efault;
10560             }
10561 
10562             if (num == TARGET_NR_capset) {
10563                 for (i = 0; i < data_items; i++) {
10564                     data[i].effective = tswap32(target_data[i].effective);
10565                     data[i].permitted = tswap32(target_data[i].permitted);
10566                     data[i].inheritable = tswap32(target_data[i].inheritable);
10567                 }
10568             }
10569 
10570             dataptr = data;
10571         }
10572 
10573         if (num == TARGET_NR_capget) {
10574             ret = get_errno(capget(&header, dataptr));
10575         } else {
10576             ret = get_errno(capset(&header, dataptr));
10577         }
10578 
10579         /* The kernel always updates version for both capget and capset */
10580         target_header->version = tswap32(header.version);
10581         unlock_user_struct(target_header, arg1, 1);
10582 
10583         if (arg2) {
10584             if (num == TARGET_NR_capget) {
10585                 for (i = 0; i < data_items; i++) {
10586                     target_data[i].effective = tswap32(data[i].effective);
10587                     target_data[i].permitted = tswap32(data[i].permitted);
10588                     target_data[i].inheritable = tswap32(data[i].inheritable);
10589                 }
10590                 unlock_user(target_data, arg2, target_datalen);
10591             } else {
10592                 unlock_user(target_data, arg2, 0);
10593             }
10594         }
10595         break;
10596     }
10597     case TARGET_NR_sigaltstack:
10598         ret = do_sigaltstack(arg1, arg2, get_sp_from_cpustate((CPUArchState *)cpu_env));
10599         break;
10600 
10601 #ifdef CONFIG_SENDFILE
10602     case TARGET_NR_sendfile:
10603     {
10604         off_t *offp = NULL;
10605         off_t off;
10606         if (arg3) {
10607             ret = get_user_sal(off, arg3);
10608             if (is_error(ret)) {
10609                 break;
10610             }
10611             offp = &off;
10612         }
10613         ret = get_errno(sendfile(arg1, arg2, offp, arg4));
10614         if (!is_error(ret) && arg3) {
10615             abi_long ret2 = put_user_sal(off, arg3);
10616             if (is_error(ret2)) {
10617                 ret = ret2;
10618             }
10619         }
10620         break;
10621     }
10622 #ifdef TARGET_NR_sendfile64
10623     case TARGET_NR_sendfile64:
10624     {
10625         off_t *offp = NULL;
10626         off_t off;
10627         if (arg3) {
10628             ret = get_user_s64(off, arg3);
10629             if (is_error(ret)) {
10630                 break;
10631             }
10632             offp = &off;
10633         }
10634         ret = get_errno(sendfile(arg1, arg2, offp, arg4));
10635         if (!is_error(ret) && arg3) {
10636             abi_long ret2 = put_user_s64(off, arg3);
10637             if (is_error(ret2)) {
10638                 ret = ret2;
10639             }
10640         }
10641         break;
10642     }
10643 #endif
10644 #else
10645     case TARGET_NR_sendfile:
10646 #ifdef TARGET_NR_sendfile64
10647     case TARGET_NR_sendfile64:
10648 #endif
10649         goto unimplemented;
10650 #endif
10651 
10652 #ifdef TARGET_NR_getpmsg
10653     case TARGET_NR_getpmsg:
10654         goto unimplemented;
10655 #endif
10656 #ifdef TARGET_NR_putpmsg
10657     case TARGET_NR_putpmsg:
10658         goto unimplemented;
10659 #endif
10660 #ifdef TARGET_NR_vfork
10661     case TARGET_NR_vfork:
10662         ret = get_errno(do_fork(cpu_env,
10663                         CLONE_VFORK | CLONE_VM | TARGET_SIGCHLD,
10664                         0, 0, 0, 0));
10665         break;
10666 #endif
10667 #ifdef TARGET_NR_ugetrlimit
10668     case TARGET_NR_ugetrlimit:
10669     {
10670 	struct rlimit rlim;
10671 	int resource = target_to_host_resource(arg1);
10672 	ret = get_errno(getrlimit(resource, &rlim));
10673 	if (!is_error(ret)) {
10674 	    struct target_rlimit *target_rlim;
10675             if (!lock_user_struct(VERIFY_WRITE, target_rlim, arg2, 0))
10676                 goto efault;
10677 	    target_rlim->rlim_cur = host_to_target_rlim(rlim.rlim_cur);
10678 	    target_rlim->rlim_max = host_to_target_rlim(rlim.rlim_max);
10679             unlock_user_struct(target_rlim, arg2, 1);
10680 	}
10681 	break;
10682     }
10683 #endif
10684 #ifdef TARGET_NR_truncate64
10685     case TARGET_NR_truncate64:
10686         if (!(p = lock_user_string(arg1)))
10687             goto efault;
10688 	ret = target_truncate64(cpu_env, p, arg2, arg3, arg4);
10689         unlock_user(p, arg1, 0);
10690 	break;
10691 #endif
10692 #ifdef TARGET_NR_ftruncate64
10693     case TARGET_NR_ftruncate64:
10694 	ret = target_ftruncate64(cpu_env, arg1, arg2, arg3, arg4);
10695 	break;
10696 #endif
10697 #ifdef TARGET_NR_stat64
10698     case TARGET_NR_stat64:
10699         if (!(p = lock_user_string(arg1)))
10700             goto efault;
10701         ret = get_errno(stat(path(p), &st));
10702         unlock_user(p, arg1, 0);
10703         if (!is_error(ret))
10704             ret = host_to_target_stat64(cpu_env, arg2, &st);
10705         break;
10706 #endif
10707 #ifdef TARGET_NR_lstat64
10708     case TARGET_NR_lstat64:
10709         if (!(p = lock_user_string(arg1)))
10710             goto efault;
10711         ret = get_errno(lstat(path(p), &st));
10712         unlock_user(p, arg1, 0);
10713         if (!is_error(ret))
10714             ret = host_to_target_stat64(cpu_env, arg2, &st);
10715         break;
10716 #endif
10717 #ifdef TARGET_NR_fstat64
10718     case TARGET_NR_fstat64:
10719         ret = get_errno(fstat(arg1, &st));
10720         if (!is_error(ret))
10721             ret = host_to_target_stat64(cpu_env, arg2, &st);
10722         break;
10723 #endif
10724 #if (defined(TARGET_NR_fstatat64) || defined(TARGET_NR_newfstatat))
10725 #ifdef TARGET_NR_fstatat64
10726     case TARGET_NR_fstatat64:
10727 #endif
10728 #ifdef TARGET_NR_newfstatat
10729     case TARGET_NR_newfstatat:
10730 #endif
10731         if (!(p = lock_user_string(arg2)))
10732             goto efault;
10733         ret = get_errno(fstatat(arg1, path(p), &st, arg4));
10734         if (!is_error(ret))
10735             ret = host_to_target_stat64(cpu_env, arg3, &st);
10736         break;
10737 #endif
10738 #ifdef TARGET_NR_lchown
10739     case TARGET_NR_lchown:
10740         if (!(p = lock_user_string(arg1)))
10741             goto efault;
10742         ret = get_errno(lchown(p, low2highuid(arg2), low2highgid(arg3)));
10743         unlock_user(p, arg1, 0);
10744         break;
10745 #endif
10746 #ifdef TARGET_NR_getuid
10747     case TARGET_NR_getuid:
10748         ret = get_errno(high2lowuid(getuid()));
10749         break;
10750 #endif
10751 #ifdef TARGET_NR_getgid
10752     case TARGET_NR_getgid:
10753         ret = get_errno(high2lowgid(getgid()));
10754         break;
10755 #endif
10756 #ifdef TARGET_NR_geteuid
10757     case TARGET_NR_geteuid:
10758         ret = get_errno(high2lowuid(geteuid()));
10759         break;
10760 #endif
10761 #ifdef TARGET_NR_getegid
10762     case TARGET_NR_getegid:
10763         ret = get_errno(high2lowgid(getegid()));
10764         break;
10765 #endif
10766     case TARGET_NR_setreuid:
10767         ret = get_errno(setreuid(low2highuid(arg1), low2highuid(arg2)));
10768         break;
10769     case TARGET_NR_setregid:
10770         ret = get_errno(setregid(low2highgid(arg1), low2highgid(arg2)));
10771         break;
10772     case TARGET_NR_getgroups:
10773         {
10774             int gidsetsize = arg1;
10775             target_id *target_grouplist;
10776             gid_t *grouplist;
10777             int i;
10778 
10779             grouplist = alloca(gidsetsize * sizeof(gid_t));
10780             ret = get_errno(getgroups(gidsetsize, grouplist));
10781             if (gidsetsize == 0)
10782                 break;
10783             if (!is_error(ret)) {
10784                 target_grouplist = lock_user(VERIFY_WRITE, arg2, gidsetsize * sizeof(target_id), 0);
10785                 if (!target_grouplist)
10786                     goto efault;
10787                 for(i = 0;i < ret; i++)
10788                     target_grouplist[i] = tswapid(high2lowgid(grouplist[i]));
10789                 unlock_user(target_grouplist, arg2, gidsetsize * sizeof(target_id));
10790             }
10791         }
10792         break;
10793     case TARGET_NR_setgroups:
10794         {
10795             int gidsetsize = arg1;
10796             target_id *target_grouplist;
10797             gid_t *grouplist = NULL;
10798             int i;
10799             if (gidsetsize) {
10800                 grouplist = alloca(gidsetsize * sizeof(gid_t));
10801                 target_grouplist = lock_user(VERIFY_READ, arg2, gidsetsize * sizeof(target_id), 1);
10802                 if (!target_grouplist) {
10803                     ret = -TARGET_EFAULT;
10804                     goto fail;
10805                 }
10806                 for (i = 0; i < gidsetsize; i++) {
10807                     grouplist[i] = low2highgid(tswapid(target_grouplist[i]));
10808                 }
10809                 unlock_user(target_grouplist, arg2, 0);
10810             }
10811             ret = get_errno(setgroups(gidsetsize, grouplist));
10812         }
10813         break;
10814     case TARGET_NR_fchown:
10815         ret = get_errno(fchown(arg1, low2highuid(arg2), low2highgid(arg3)));
10816         break;
10817 #if defined(TARGET_NR_fchownat)
10818     case TARGET_NR_fchownat:
10819         if (!(p = lock_user_string(arg2)))
10820             goto efault;
10821         ret = get_errno(fchownat(arg1, p, low2highuid(arg3),
10822                                  low2highgid(arg4), arg5));
10823         unlock_user(p, arg2, 0);
10824         break;
10825 #endif
10826 #ifdef TARGET_NR_setresuid
10827     case TARGET_NR_setresuid:
10828         ret = get_errno(sys_setresuid(low2highuid(arg1),
10829                                       low2highuid(arg2),
10830                                       low2highuid(arg3)));
10831         break;
10832 #endif
10833 #ifdef TARGET_NR_getresuid
10834     case TARGET_NR_getresuid:
10835         {
10836             uid_t ruid, euid, suid;
10837             ret = get_errno(getresuid(&ruid, &euid, &suid));
10838             if (!is_error(ret)) {
10839                 if (put_user_id(high2lowuid(ruid), arg1)
10840                     || put_user_id(high2lowuid(euid), arg2)
10841                     || put_user_id(high2lowuid(suid), arg3))
10842                     goto efault;
10843             }
10844         }
10845         break;
10846 #endif
10847 #ifdef TARGET_NR_getresgid
10848     case TARGET_NR_setresgid:
10849         ret = get_errno(sys_setresgid(low2highgid(arg1),
10850                                       low2highgid(arg2),
10851                                       low2highgid(arg3)));
10852         break;
10853 #endif
10854 #ifdef TARGET_NR_getresgid
10855     case TARGET_NR_getresgid:
10856         {
10857             gid_t rgid, egid, sgid;
10858             ret = get_errno(getresgid(&rgid, &egid, &sgid));
10859             if (!is_error(ret)) {
10860                 if (put_user_id(high2lowgid(rgid), arg1)
10861                     || put_user_id(high2lowgid(egid), arg2)
10862                     || put_user_id(high2lowgid(sgid), arg3))
10863                     goto efault;
10864             }
10865         }
10866         break;
10867 #endif
10868 #ifdef TARGET_NR_chown
10869     case TARGET_NR_chown:
10870         if (!(p = lock_user_string(arg1)))
10871             goto efault;
10872         ret = get_errno(chown(p, low2highuid(arg2), low2highgid(arg3)));
10873         unlock_user(p, arg1, 0);
10874         break;
10875 #endif
10876     case TARGET_NR_setuid:
10877         ret = get_errno(sys_setuid(low2highuid(arg1)));
10878         break;
10879     case TARGET_NR_setgid:
10880         ret = get_errno(sys_setgid(low2highgid(arg1)));
10881         break;
10882     case TARGET_NR_setfsuid:
10883         ret = get_errno(setfsuid(arg1));
10884         break;
10885     case TARGET_NR_setfsgid:
10886         ret = get_errno(setfsgid(arg1));
10887         break;
10888 
10889 #ifdef TARGET_NR_lchown32
10890     case TARGET_NR_lchown32:
10891         if (!(p = lock_user_string(arg1)))
10892             goto efault;
10893         ret = get_errno(lchown(p, arg2, arg3));
10894         unlock_user(p, arg1, 0);
10895         break;
10896 #endif
10897 #ifdef TARGET_NR_getuid32
10898     case TARGET_NR_getuid32:
10899         ret = get_errno(getuid());
10900         break;
10901 #endif
10902 
10903 #if defined(TARGET_NR_getxuid) && defined(TARGET_ALPHA)
10904    /* Alpha specific */
10905     case TARGET_NR_getxuid:
10906          {
10907             uid_t euid;
10908             euid=geteuid();
10909             ((CPUAlphaState *)cpu_env)->ir[IR_A4]=euid;
10910          }
10911         ret = get_errno(getuid());
10912         break;
10913 #endif
10914 #if defined(TARGET_NR_getxgid) && defined(TARGET_ALPHA)
10915    /* Alpha specific */
10916     case TARGET_NR_getxgid:
10917          {
10918             uid_t egid;
10919             egid=getegid();
10920             ((CPUAlphaState *)cpu_env)->ir[IR_A4]=egid;
10921          }
10922         ret = get_errno(getgid());
10923         break;
10924 #endif
10925 #if defined(TARGET_NR_osf_getsysinfo) && defined(TARGET_ALPHA)
10926     /* Alpha specific */
10927     case TARGET_NR_osf_getsysinfo:
10928         ret = -TARGET_EOPNOTSUPP;
10929         switch (arg1) {
10930           case TARGET_GSI_IEEE_FP_CONTROL:
10931             {
10932                 uint64_t swcr, fpcr = cpu_alpha_load_fpcr (cpu_env);
10933 
10934                 /* Copied from linux ieee_fpcr_to_swcr.  */
10935                 swcr = (fpcr >> 35) & SWCR_STATUS_MASK;
10936                 swcr |= (fpcr >> 36) & SWCR_MAP_DMZ;
10937                 swcr |= (~fpcr >> 48) & (SWCR_TRAP_ENABLE_INV
10938                                         | SWCR_TRAP_ENABLE_DZE
10939                                         | SWCR_TRAP_ENABLE_OVF);
10940                 swcr |= (~fpcr >> 57) & (SWCR_TRAP_ENABLE_UNF
10941                                         | SWCR_TRAP_ENABLE_INE);
10942                 swcr |= (fpcr >> 47) & SWCR_MAP_UMZ;
10943                 swcr |= (~fpcr >> 41) & SWCR_TRAP_ENABLE_DNO;
10944 
10945                 if (put_user_u64 (swcr, arg2))
10946                         goto efault;
10947                 ret = 0;
10948             }
10949             break;
10950 
10951           /* case GSI_IEEE_STATE_AT_SIGNAL:
10952              -- Not implemented in linux kernel.
10953              case GSI_UACPROC:
10954              -- Retrieves current unaligned access state; not much used.
10955              case GSI_PROC_TYPE:
10956              -- Retrieves implver information; surely not used.
10957              case GSI_GET_HWRPB:
10958              -- Grabs a copy of the HWRPB; surely not used.
10959           */
10960         }
10961         break;
10962 #endif
10963 #if defined(TARGET_NR_osf_setsysinfo) && defined(TARGET_ALPHA)
10964     /* Alpha specific */
10965     case TARGET_NR_osf_setsysinfo:
10966         ret = -TARGET_EOPNOTSUPP;
10967         switch (arg1) {
10968           case TARGET_SSI_IEEE_FP_CONTROL:
10969             {
10970                 uint64_t swcr, fpcr, orig_fpcr;
10971 
10972                 if (get_user_u64 (swcr, arg2)) {
10973                     goto efault;
10974                 }
10975                 orig_fpcr = cpu_alpha_load_fpcr(cpu_env);
10976                 fpcr = orig_fpcr & FPCR_DYN_MASK;
10977 
10978                 /* Copied from linux ieee_swcr_to_fpcr.  */
10979                 fpcr |= (swcr & SWCR_STATUS_MASK) << 35;
10980                 fpcr |= (swcr & SWCR_MAP_DMZ) << 36;
10981                 fpcr |= (~swcr & (SWCR_TRAP_ENABLE_INV
10982                                   | SWCR_TRAP_ENABLE_DZE
10983                                   | SWCR_TRAP_ENABLE_OVF)) << 48;
10984                 fpcr |= (~swcr & (SWCR_TRAP_ENABLE_UNF
10985                                   | SWCR_TRAP_ENABLE_INE)) << 57;
10986                 fpcr |= (swcr & SWCR_MAP_UMZ ? FPCR_UNDZ | FPCR_UNFD : 0);
10987                 fpcr |= (~swcr & SWCR_TRAP_ENABLE_DNO) << 41;
10988 
10989                 cpu_alpha_store_fpcr(cpu_env, fpcr);
10990                 ret = 0;
10991             }
10992             break;
10993 
10994           case TARGET_SSI_IEEE_RAISE_EXCEPTION:
10995             {
10996                 uint64_t exc, fpcr, orig_fpcr;
10997                 int si_code;
10998 
10999                 if (get_user_u64(exc, arg2)) {
11000                     goto efault;
11001                 }
11002 
11003                 orig_fpcr = cpu_alpha_load_fpcr(cpu_env);
11004 
11005                 /* We only add to the exception status here.  */
11006                 fpcr = orig_fpcr | ((exc & SWCR_STATUS_MASK) << 35);
11007 
11008                 cpu_alpha_store_fpcr(cpu_env, fpcr);
11009                 ret = 0;
11010 
11011                 /* Old exceptions are not signaled.  */
11012                 fpcr &= ~(orig_fpcr & FPCR_STATUS_MASK);
11013 
11014                 /* If any exceptions set by this call,
11015                    and are unmasked, send a signal.  */
11016                 si_code = 0;
11017                 if ((fpcr & (FPCR_INE | FPCR_INED)) == FPCR_INE) {
11018                     si_code = TARGET_FPE_FLTRES;
11019                 }
11020                 if ((fpcr & (FPCR_UNF | FPCR_UNFD)) == FPCR_UNF) {
11021                     si_code = TARGET_FPE_FLTUND;
11022                 }
11023                 if ((fpcr & (FPCR_OVF | FPCR_OVFD)) == FPCR_OVF) {
11024                     si_code = TARGET_FPE_FLTOVF;
11025                 }
11026                 if ((fpcr & (FPCR_DZE | FPCR_DZED)) == FPCR_DZE) {
11027                     si_code = TARGET_FPE_FLTDIV;
11028                 }
11029                 if ((fpcr & (FPCR_INV | FPCR_INVD)) == FPCR_INV) {
11030                     si_code = TARGET_FPE_FLTINV;
11031                 }
11032                 if (si_code != 0) {
11033                     target_siginfo_t info;
11034                     info.si_signo = SIGFPE;
11035                     info.si_errno = 0;
11036                     info.si_code = si_code;
11037                     info._sifields._sigfault._addr
11038                         = ((CPUArchState *)cpu_env)->pc;
11039                     queue_signal((CPUArchState *)cpu_env, info.si_signo,
11040                                  QEMU_SI_FAULT, &info);
11041                 }
11042             }
11043             break;
11044 
11045           /* case SSI_NVPAIRS:
11046              -- Used with SSIN_UACPROC to enable unaligned accesses.
11047              case SSI_IEEE_STATE_AT_SIGNAL:
11048              case SSI_IEEE_IGNORE_STATE_AT_SIGNAL:
11049              -- Not implemented in linux kernel
11050           */
11051         }
11052         break;
11053 #endif
11054 #ifdef TARGET_NR_osf_sigprocmask
11055     /* Alpha specific.  */
11056     case TARGET_NR_osf_sigprocmask:
11057         {
11058             abi_ulong mask;
11059             int how;
11060             sigset_t set, oldset;
11061 
11062             switch(arg1) {
11063             case TARGET_SIG_BLOCK:
11064                 how = SIG_BLOCK;
11065                 break;
11066             case TARGET_SIG_UNBLOCK:
11067                 how = SIG_UNBLOCK;
11068                 break;
11069             case TARGET_SIG_SETMASK:
11070                 how = SIG_SETMASK;
11071                 break;
11072             default:
11073                 ret = -TARGET_EINVAL;
11074                 goto fail;
11075             }
11076             mask = arg2;
11077             target_to_host_old_sigset(&set, &mask);
11078             ret = do_sigprocmask(how, &set, &oldset);
11079             if (!ret) {
11080                 host_to_target_old_sigset(&mask, &oldset);
11081                 ret = mask;
11082             }
11083         }
11084         break;
11085 #endif
11086 
11087 #ifdef TARGET_NR_getgid32
11088     case TARGET_NR_getgid32:
11089         ret = get_errno(getgid());
11090         break;
11091 #endif
11092 #ifdef TARGET_NR_geteuid32
11093     case TARGET_NR_geteuid32:
11094         ret = get_errno(geteuid());
11095         break;
11096 #endif
11097 #ifdef TARGET_NR_getegid32
11098     case TARGET_NR_getegid32:
11099         ret = get_errno(getegid());
11100         break;
11101 #endif
11102 #ifdef TARGET_NR_setreuid32
11103     case TARGET_NR_setreuid32:
11104         ret = get_errno(setreuid(arg1, arg2));
11105         break;
11106 #endif
11107 #ifdef TARGET_NR_setregid32
11108     case TARGET_NR_setregid32:
11109         ret = get_errno(setregid(arg1, arg2));
11110         break;
11111 #endif
11112 #ifdef TARGET_NR_getgroups32
11113     case TARGET_NR_getgroups32:
11114         {
11115             int gidsetsize = arg1;
11116             uint32_t *target_grouplist;
11117             gid_t *grouplist;
11118             int i;
11119 
11120             grouplist = alloca(gidsetsize * sizeof(gid_t));
11121             ret = get_errno(getgroups(gidsetsize, grouplist));
11122             if (gidsetsize == 0)
11123                 break;
11124             if (!is_error(ret)) {
11125                 target_grouplist = lock_user(VERIFY_WRITE, arg2, gidsetsize * 4, 0);
11126                 if (!target_grouplist) {
11127                     ret = -TARGET_EFAULT;
11128                     goto fail;
11129                 }
11130                 for(i = 0;i < ret; i++)
11131                     target_grouplist[i] = tswap32(grouplist[i]);
11132                 unlock_user(target_grouplist, arg2, gidsetsize * 4);
11133             }
11134         }
11135         break;
11136 #endif
11137 #ifdef TARGET_NR_setgroups32
11138     case TARGET_NR_setgroups32:
11139         {
11140             int gidsetsize = arg1;
11141             uint32_t *target_grouplist;
11142             gid_t *grouplist;
11143             int i;
11144 
11145             grouplist = alloca(gidsetsize * sizeof(gid_t));
11146             target_grouplist = lock_user(VERIFY_READ, arg2, gidsetsize * 4, 1);
11147             if (!target_grouplist) {
11148                 ret = -TARGET_EFAULT;
11149                 goto fail;
11150             }
11151             for(i = 0;i < gidsetsize; i++)
11152                 grouplist[i] = tswap32(target_grouplist[i]);
11153             unlock_user(target_grouplist, arg2, 0);
11154             ret = get_errno(setgroups(gidsetsize, grouplist));
11155         }
11156         break;
11157 #endif
11158 #ifdef TARGET_NR_fchown32
11159     case TARGET_NR_fchown32:
11160         ret = get_errno(fchown(arg1, arg2, arg3));
11161         break;
11162 #endif
11163 #ifdef TARGET_NR_setresuid32
11164     case TARGET_NR_setresuid32:
11165         ret = get_errno(sys_setresuid(arg1, arg2, arg3));
11166         break;
11167 #endif
11168 #ifdef TARGET_NR_getresuid32
11169     case TARGET_NR_getresuid32:
11170         {
11171             uid_t ruid, euid, suid;
11172             ret = get_errno(getresuid(&ruid, &euid, &suid));
11173             if (!is_error(ret)) {
11174                 if (put_user_u32(ruid, arg1)
11175                     || put_user_u32(euid, arg2)
11176                     || put_user_u32(suid, arg3))
11177                     goto efault;
11178             }
11179         }
11180         break;
11181 #endif
11182 #ifdef TARGET_NR_setresgid32
11183     case TARGET_NR_setresgid32:
11184         ret = get_errno(sys_setresgid(arg1, arg2, arg3));
11185         break;
11186 #endif
11187 #ifdef TARGET_NR_getresgid32
11188     case TARGET_NR_getresgid32:
11189         {
11190             gid_t rgid, egid, sgid;
11191             ret = get_errno(getresgid(&rgid, &egid, &sgid));
11192             if (!is_error(ret)) {
11193                 if (put_user_u32(rgid, arg1)
11194                     || put_user_u32(egid, arg2)
11195                     || put_user_u32(sgid, arg3))
11196                     goto efault;
11197             }
11198         }
11199         break;
11200 #endif
11201 #ifdef TARGET_NR_chown32
11202     case TARGET_NR_chown32:
11203         if (!(p = lock_user_string(arg1)))
11204             goto efault;
11205         ret = get_errno(chown(p, arg2, arg3));
11206         unlock_user(p, arg1, 0);
11207         break;
11208 #endif
11209 #ifdef TARGET_NR_setuid32
11210     case TARGET_NR_setuid32:
11211         ret = get_errno(sys_setuid(arg1));
11212         break;
11213 #endif
11214 #ifdef TARGET_NR_setgid32
11215     case TARGET_NR_setgid32:
11216         ret = get_errno(sys_setgid(arg1));
11217         break;
11218 #endif
11219 #ifdef TARGET_NR_setfsuid32
11220     case TARGET_NR_setfsuid32:
11221         ret = get_errno(setfsuid(arg1));
11222         break;
11223 #endif
11224 #ifdef TARGET_NR_setfsgid32
11225     case TARGET_NR_setfsgid32:
11226         ret = get_errno(setfsgid(arg1));
11227         break;
11228 #endif
11229 
11230     case TARGET_NR_pivot_root:
11231         goto unimplemented;
11232 #ifdef TARGET_NR_mincore
11233     case TARGET_NR_mincore:
11234         {
11235             void *a;
11236             ret = -TARGET_ENOMEM;
11237             a = lock_user(VERIFY_READ, arg1, arg2, 0);
11238             if (!a) {
11239                 goto fail;
11240             }
11241             ret = -TARGET_EFAULT;
11242             p = lock_user_string(arg3);
11243             if (!p) {
11244                 goto mincore_fail;
11245             }
11246             ret = get_errno(mincore(a, arg2, p));
11247             unlock_user(p, arg3, ret);
11248             mincore_fail:
11249             unlock_user(a, arg1, 0);
11250         }
11251         break;
11252 #endif
11253 #ifdef TARGET_NR_arm_fadvise64_64
11254     case TARGET_NR_arm_fadvise64_64:
11255         /* arm_fadvise64_64 looks like fadvise64_64 but
11256          * with different argument order: fd, advice, offset, len
11257          * rather than the usual fd, offset, len, advice.
11258          * Note that offset and len are both 64-bit so appear as
11259          * pairs of 32-bit registers.
11260          */
11261         ret = posix_fadvise(arg1, target_offset64(arg3, arg4),
11262                             target_offset64(arg5, arg6), arg2);
11263         ret = -host_to_target_errno(ret);
11264         break;
11265 #endif
11266 
11267 #if TARGET_ABI_BITS == 32
11268 
11269 #ifdef TARGET_NR_fadvise64_64
11270     case TARGET_NR_fadvise64_64:
11271 #if defined(TARGET_PPC)
11272         /* 6 args: fd, advice, offset (high, low), len (high, low) */
11273         ret = arg2;
11274         arg2 = arg3;
11275         arg3 = arg4;
11276         arg4 = arg5;
11277         arg5 = arg6;
11278         arg6 = ret;
11279 #else
11280         /* 6 args: fd, offset (high, low), len (high, low), advice */
11281         if (regpairs_aligned(cpu_env)) {
11282             /* offset is in (3,4), len in (5,6) and advice in 7 */
11283             arg2 = arg3;
11284             arg3 = arg4;
11285             arg4 = arg5;
11286             arg5 = arg6;
11287             arg6 = arg7;
11288         }
11289 #endif
11290         ret = -host_to_target_errno(posix_fadvise(arg1,
11291                                                   target_offset64(arg2, arg3),
11292                                                   target_offset64(arg4, arg5),
11293                                                   arg6));
11294         break;
11295 #endif
11296 
11297 #ifdef TARGET_NR_fadvise64
11298     case TARGET_NR_fadvise64:
11299         /* 5 args: fd, offset (high, low), len, advice */
11300         if (regpairs_aligned(cpu_env)) {
11301             /* offset is in (3,4), len in 5 and advice in 6 */
11302             arg2 = arg3;
11303             arg3 = arg4;
11304             arg4 = arg5;
11305             arg5 = arg6;
11306         }
11307         ret = -host_to_target_errno(posix_fadvise(arg1,
11308                                                   target_offset64(arg2, arg3),
11309                                                   arg4, arg5));
11310         break;
11311 #endif
11312 
11313 #else /* not a 32-bit ABI */
11314 #if defined(TARGET_NR_fadvise64_64) || defined(TARGET_NR_fadvise64)
11315 #ifdef TARGET_NR_fadvise64_64
11316     case TARGET_NR_fadvise64_64:
11317 #endif
11318 #ifdef TARGET_NR_fadvise64
11319     case TARGET_NR_fadvise64:
11320 #endif
11321 #ifdef TARGET_S390X
11322         switch (arg4) {
11323         case 4: arg4 = POSIX_FADV_NOREUSE + 1; break; /* make sure it's an invalid value */
11324         case 5: arg4 = POSIX_FADV_NOREUSE + 2; break; /* ditto */
11325         case 6: arg4 = POSIX_FADV_DONTNEED; break;
11326         case 7: arg4 = POSIX_FADV_NOREUSE; break;
11327         default: break;
11328         }
11329 #endif
11330         ret = -host_to_target_errno(posix_fadvise(arg1, arg2, arg3, arg4));
11331         break;
11332 #endif
11333 #endif /* end of 64-bit ABI fadvise handling */
11334 
11335 #ifdef TARGET_NR_madvise
11336     case TARGET_NR_madvise:
11337         /* A straight passthrough may not be safe because qemu sometimes
11338            turns private file-backed mappings into anonymous mappings.
11339            This will break MADV_DONTNEED.
11340            This is a hint, so ignoring and returning success is ok.  */
11341         ret = get_errno(0);
11342         break;
11343 #endif
11344 #if TARGET_ABI_BITS == 32
11345     case TARGET_NR_fcntl64:
11346     {
11347 	int cmd;
11348 	struct flock64 fl;
11349         from_flock64_fn *copyfrom = copy_from_user_flock64;
11350         to_flock64_fn *copyto = copy_to_user_flock64;
11351 
11352 #ifdef TARGET_ARM
11353         if (((CPUARMState *)cpu_env)->eabi) {
11354             copyfrom = copy_from_user_eabi_flock64;
11355             copyto = copy_to_user_eabi_flock64;
11356         }
11357 #endif
11358 
11359 	cmd = target_to_host_fcntl_cmd(arg2);
11360         if (cmd == -TARGET_EINVAL) {
11361             ret = cmd;
11362             break;
11363         }
11364 
11365         switch(arg2) {
11366         case TARGET_F_GETLK64:
11367             ret = copyfrom(&fl, arg3);
11368             if (ret) {
11369                 break;
11370             }
11371             ret = get_errno(fcntl(arg1, cmd, &fl));
11372             if (ret == 0) {
11373                 ret = copyto(arg3, &fl);
11374             }
11375 	    break;
11376 
11377         case TARGET_F_SETLK64:
11378         case TARGET_F_SETLKW64:
11379             ret = copyfrom(&fl, arg3);
11380             if (ret) {
11381                 break;
11382             }
11383             ret = get_errno(safe_fcntl(arg1, cmd, &fl));
11384 	    break;
11385         default:
11386             ret = do_fcntl(arg1, arg2, arg3);
11387             break;
11388         }
11389 	break;
11390     }
11391 #endif
11392 #ifdef TARGET_NR_cacheflush
11393     case TARGET_NR_cacheflush:
11394         /* self-modifying code is handled automatically, so nothing needed */
11395         ret = 0;
11396         break;
11397 #endif
11398 #ifdef TARGET_NR_security
11399     case TARGET_NR_security:
11400         goto unimplemented;
11401 #endif
11402 #ifdef TARGET_NR_getpagesize
11403     case TARGET_NR_getpagesize:
11404         ret = TARGET_PAGE_SIZE;
11405         break;
11406 #endif
11407     case TARGET_NR_gettid:
11408         ret = get_errno(gettid());
11409         break;
11410 #ifdef TARGET_NR_readahead
11411     case TARGET_NR_readahead:
11412 #if TARGET_ABI_BITS == 32
11413         if (regpairs_aligned(cpu_env)) {
11414             arg2 = arg3;
11415             arg3 = arg4;
11416             arg4 = arg5;
11417         }
11418         ret = get_errno(readahead(arg1, target_offset64(arg2, arg3) , arg4));
11419 #else
11420         ret = get_errno(readahead(arg1, arg2, arg3));
11421 #endif
11422         break;
11423 #endif
11424 #ifdef CONFIG_ATTR
11425 #ifdef TARGET_NR_setxattr
11426     case TARGET_NR_listxattr:
11427     case TARGET_NR_llistxattr:
11428     {
11429         void *p, *b = 0;
11430         if (arg2) {
11431             b = lock_user(VERIFY_WRITE, arg2, arg3, 0);
11432             if (!b) {
11433                 ret = -TARGET_EFAULT;
11434                 break;
11435             }
11436         }
11437         p = lock_user_string(arg1);
11438         if (p) {
11439             if (num == TARGET_NR_listxattr) {
11440                 ret = get_errno(listxattr(p, b, arg3));
11441             } else {
11442                 ret = get_errno(llistxattr(p, b, arg3));
11443             }
11444         } else {
11445             ret = -TARGET_EFAULT;
11446         }
11447         unlock_user(p, arg1, 0);
11448         unlock_user(b, arg2, arg3);
11449         break;
11450     }
11451     case TARGET_NR_flistxattr:
11452     {
11453         void *b = 0;
11454         if (arg2) {
11455             b = lock_user(VERIFY_WRITE, arg2, arg3, 0);
11456             if (!b) {
11457                 ret = -TARGET_EFAULT;
11458                 break;
11459             }
11460         }
11461         ret = get_errno(flistxattr(arg1, b, arg3));
11462         unlock_user(b, arg2, arg3);
11463         break;
11464     }
11465     case TARGET_NR_setxattr:
11466     case TARGET_NR_lsetxattr:
11467         {
11468             void *p, *n, *v = 0;
11469             if (arg3) {
11470                 v = lock_user(VERIFY_READ, arg3, arg4, 1);
11471                 if (!v) {
11472                     ret = -TARGET_EFAULT;
11473                     break;
11474                 }
11475             }
11476             p = lock_user_string(arg1);
11477             n = lock_user_string(arg2);
11478             if (p && n) {
11479                 if (num == TARGET_NR_setxattr) {
11480                     ret = get_errno(setxattr(p, n, v, arg4, arg5));
11481                 } else {
11482                     ret = get_errno(lsetxattr(p, n, v, arg4, arg5));
11483                 }
11484             } else {
11485                 ret = -TARGET_EFAULT;
11486             }
11487             unlock_user(p, arg1, 0);
11488             unlock_user(n, arg2, 0);
11489             unlock_user(v, arg3, 0);
11490         }
11491         break;
11492     case TARGET_NR_fsetxattr:
11493         {
11494             void *n, *v = 0;
11495             if (arg3) {
11496                 v = lock_user(VERIFY_READ, arg3, arg4, 1);
11497                 if (!v) {
11498                     ret = -TARGET_EFAULT;
11499                     break;
11500                 }
11501             }
11502             n = lock_user_string(arg2);
11503             if (n) {
11504                 ret = get_errno(fsetxattr(arg1, n, v, arg4, arg5));
11505             } else {
11506                 ret = -TARGET_EFAULT;
11507             }
11508             unlock_user(n, arg2, 0);
11509             unlock_user(v, arg3, 0);
11510         }
11511         break;
11512     case TARGET_NR_getxattr:
11513     case TARGET_NR_lgetxattr:
11514         {
11515             void *p, *n, *v = 0;
11516             if (arg3) {
11517                 v = lock_user(VERIFY_WRITE, arg3, arg4, 0);
11518                 if (!v) {
11519                     ret = -TARGET_EFAULT;
11520                     break;
11521                 }
11522             }
11523             p = lock_user_string(arg1);
11524             n = lock_user_string(arg2);
11525             if (p && n) {
11526                 if (num == TARGET_NR_getxattr) {
11527                     ret = get_errno(getxattr(p, n, v, arg4));
11528                 } else {
11529                     ret = get_errno(lgetxattr(p, n, v, arg4));
11530                 }
11531             } else {
11532                 ret = -TARGET_EFAULT;
11533             }
11534             unlock_user(p, arg1, 0);
11535             unlock_user(n, arg2, 0);
11536             unlock_user(v, arg3, arg4);
11537         }
11538         break;
11539     case TARGET_NR_fgetxattr:
11540         {
11541             void *n, *v = 0;
11542             if (arg3) {
11543                 v = lock_user(VERIFY_WRITE, arg3, arg4, 0);
11544                 if (!v) {
11545                     ret = -TARGET_EFAULT;
11546                     break;
11547                 }
11548             }
11549             n = lock_user_string(arg2);
11550             if (n) {
11551                 ret = get_errno(fgetxattr(arg1, n, v, arg4));
11552             } else {
11553                 ret = -TARGET_EFAULT;
11554             }
11555             unlock_user(n, arg2, 0);
11556             unlock_user(v, arg3, arg4);
11557         }
11558         break;
11559     case TARGET_NR_removexattr:
11560     case TARGET_NR_lremovexattr:
11561         {
11562             void *p, *n;
11563             p = lock_user_string(arg1);
11564             n = lock_user_string(arg2);
11565             if (p && n) {
11566                 if (num == TARGET_NR_removexattr) {
11567                     ret = get_errno(removexattr(p, n));
11568                 } else {
11569                     ret = get_errno(lremovexattr(p, n));
11570                 }
11571             } else {
11572                 ret = -TARGET_EFAULT;
11573             }
11574             unlock_user(p, arg1, 0);
11575             unlock_user(n, arg2, 0);
11576         }
11577         break;
11578     case TARGET_NR_fremovexattr:
11579         {
11580             void *n;
11581             n = lock_user_string(arg2);
11582             if (n) {
11583                 ret = get_errno(fremovexattr(arg1, n));
11584             } else {
11585                 ret = -TARGET_EFAULT;
11586             }
11587             unlock_user(n, arg2, 0);
11588         }
11589         break;
11590 #endif
11591 #endif /* CONFIG_ATTR */
11592 #ifdef TARGET_NR_set_thread_area
11593     case TARGET_NR_set_thread_area:
11594 #if defined(TARGET_MIPS)
11595       ((CPUMIPSState *) cpu_env)->active_tc.CP0_UserLocal = arg1;
11596       ret = 0;
11597       break;
11598 #elif defined(TARGET_CRIS)
11599       if (arg1 & 0xff)
11600           ret = -TARGET_EINVAL;
11601       else {
11602           ((CPUCRISState *) cpu_env)->pregs[PR_PID] = arg1;
11603           ret = 0;
11604       }
11605       break;
11606 #elif defined(TARGET_I386) && defined(TARGET_ABI32)
11607       ret = do_set_thread_area(cpu_env, arg1);
11608       break;
11609 #elif defined(TARGET_M68K)
11610       {
11611           TaskState *ts = cpu->opaque;
11612           ts->tp_value = arg1;
11613           ret = 0;
11614           break;
11615       }
11616 #else
11617       goto unimplemented_nowarn;
11618 #endif
11619 #endif
11620 #ifdef TARGET_NR_get_thread_area
11621     case TARGET_NR_get_thread_area:
11622 #if defined(TARGET_I386) && defined(TARGET_ABI32)
11623         ret = do_get_thread_area(cpu_env, arg1);
11624         break;
11625 #elif defined(TARGET_M68K)
11626         {
11627             TaskState *ts = cpu->opaque;
11628             ret = ts->tp_value;
11629             break;
11630         }
11631 #else
11632         goto unimplemented_nowarn;
11633 #endif
11634 #endif
11635 #ifdef TARGET_NR_getdomainname
11636     case TARGET_NR_getdomainname:
11637         goto unimplemented_nowarn;
11638 #endif
11639 
11640 #ifdef TARGET_NR_clock_gettime
11641     case TARGET_NR_clock_gettime:
11642     {
11643         struct timespec ts;
11644         ret = get_errno(clock_gettime(arg1, &ts));
11645         if (!is_error(ret)) {
11646             host_to_target_timespec(arg2, &ts);
11647         }
11648         break;
11649     }
11650 #endif
11651 #ifdef TARGET_NR_clock_getres
11652     case TARGET_NR_clock_getres:
11653     {
11654         struct timespec ts;
11655         ret = get_errno(clock_getres(arg1, &ts));
11656         if (!is_error(ret)) {
11657             host_to_target_timespec(arg2, &ts);
11658         }
11659         break;
11660     }
11661 #endif
11662 #ifdef TARGET_NR_clock_nanosleep
11663     case TARGET_NR_clock_nanosleep:
11664     {
11665         struct timespec ts;
11666         target_to_host_timespec(&ts, arg3);
11667         ret = get_errno(safe_clock_nanosleep(arg1, arg2,
11668                                              &ts, arg4 ? &ts : NULL));
11669         if (arg4)
11670             host_to_target_timespec(arg4, &ts);
11671 
11672 #if defined(TARGET_PPC)
11673         /* clock_nanosleep is odd in that it returns positive errno values.
11674          * On PPC, CR0 bit 3 should be set in such a situation. */
11675         if (ret && ret != -TARGET_ERESTARTSYS) {
11676             ((CPUPPCState *)cpu_env)->crf[0] |= 1;
11677         }
11678 #endif
11679         break;
11680     }
11681 #endif
11682 
11683 #if defined(TARGET_NR_set_tid_address) && defined(__NR_set_tid_address)
11684     case TARGET_NR_set_tid_address:
11685         ret = get_errno(set_tid_address((int *)g2h(arg1)));
11686         break;
11687 #endif
11688 
11689     case TARGET_NR_tkill:
11690         ret = get_errno(safe_tkill((int)arg1, target_to_host_signal(arg2)));
11691         break;
11692 
11693     case TARGET_NR_tgkill:
11694         ret = get_errno(safe_tgkill((int)arg1, (int)arg2,
11695                         target_to_host_signal(arg3)));
11696         break;
11697 
11698 #ifdef TARGET_NR_set_robust_list
11699     case TARGET_NR_set_robust_list:
11700     case TARGET_NR_get_robust_list:
11701         /* The ABI for supporting robust futexes has userspace pass
11702          * the kernel a pointer to a linked list which is updated by
11703          * userspace after the syscall; the list is walked by the kernel
11704          * when the thread exits. Since the linked list in QEMU guest
11705          * memory isn't a valid linked list for the host and we have
11706          * no way to reliably intercept the thread-death event, we can't
11707          * support these. Silently return ENOSYS so that guest userspace
11708          * falls back to a non-robust futex implementation (which should
11709          * be OK except in the corner case of the guest crashing while
11710          * holding a mutex that is shared with another process via
11711          * shared memory).
11712          */
11713         goto unimplemented_nowarn;
11714 #endif
11715 
11716 #if defined(TARGET_NR_utimensat)
11717     case TARGET_NR_utimensat:
11718         {
11719             struct timespec *tsp, ts[2];
11720             if (!arg3) {
11721                 tsp = NULL;
11722             } else {
11723                 target_to_host_timespec(ts, arg3);
11724                 target_to_host_timespec(ts+1, arg3+sizeof(struct target_timespec));
11725                 tsp = ts;
11726             }
11727             if (!arg2)
11728                 ret = get_errno(sys_utimensat(arg1, NULL, tsp, arg4));
11729             else {
11730                 if (!(p = lock_user_string(arg2))) {
11731                     ret = -TARGET_EFAULT;
11732                     goto fail;
11733                 }
11734                 ret = get_errno(sys_utimensat(arg1, path(p), tsp, arg4));
11735                 unlock_user(p, arg2, 0);
11736             }
11737         }
11738 	break;
11739 #endif
11740     case TARGET_NR_futex:
11741         ret = do_futex(arg1, arg2, arg3, arg4, arg5, arg6);
11742         break;
11743 #if defined(TARGET_NR_inotify_init) && defined(__NR_inotify_init)
11744     case TARGET_NR_inotify_init:
11745         ret = get_errno(sys_inotify_init());
11746         if (ret >= 0) {
11747             fd_trans_register(ret, &target_inotify_trans);
11748         }
11749         break;
11750 #endif
11751 #ifdef CONFIG_INOTIFY1
11752 #if defined(TARGET_NR_inotify_init1) && defined(__NR_inotify_init1)
11753     case TARGET_NR_inotify_init1:
11754         ret = get_errno(sys_inotify_init1(target_to_host_bitmask(arg1,
11755                                           fcntl_flags_tbl)));
11756         if (ret >= 0) {
11757             fd_trans_register(ret, &target_inotify_trans);
11758         }
11759         break;
11760 #endif
11761 #endif
11762 #if defined(TARGET_NR_inotify_add_watch) && defined(__NR_inotify_add_watch)
11763     case TARGET_NR_inotify_add_watch:
11764         p = lock_user_string(arg2);
11765         ret = get_errno(sys_inotify_add_watch(arg1, path(p), arg3));
11766         unlock_user(p, arg2, 0);
11767         break;
11768 #endif
11769 #if defined(TARGET_NR_inotify_rm_watch) && defined(__NR_inotify_rm_watch)
11770     case TARGET_NR_inotify_rm_watch:
11771         ret = get_errno(sys_inotify_rm_watch(arg1, arg2));
11772         break;
11773 #endif
11774 
11775 #if defined(TARGET_NR_mq_open) && defined(__NR_mq_open)
11776     case TARGET_NR_mq_open:
11777         {
11778             struct mq_attr posix_mq_attr;
11779             struct mq_attr *pposix_mq_attr;
11780             int host_flags;
11781 
11782             host_flags = target_to_host_bitmask(arg2, fcntl_flags_tbl);
11783             pposix_mq_attr = NULL;
11784             if (arg4) {
11785                 if (copy_from_user_mq_attr(&posix_mq_attr, arg4) != 0) {
11786                     goto efault;
11787                 }
11788                 pposix_mq_attr = &posix_mq_attr;
11789             }
11790             p = lock_user_string(arg1 - 1);
11791             if (!p) {
11792                 goto efault;
11793             }
11794             ret = get_errno(mq_open(p, host_flags, arg3, pposix_mq_attr));
11795             unlock_user (p, arg1, 0);
11796         }
11797         break;
11798 
11799     case TARGET_NR_mq_unlink:
11800         p = lock_user_string(arg1 - 1);
11801         if (!p) {
11802             ret = -TARGET_EFAULT;
11803             break;
11804         }
11805         ret = get_errno(mq_unlink(p));
11806         unlock_user (p, arg1, 0);
11807         break;
11808 
11809     case TARGET_NR_mq_timedsend:
11810         {
11811             struct timespec ts;
11812 
11813             p = lock_user (VERIFY_READ, arg2, arg3, 1);
11814             if (arg5 != 0) {
11815                 target_to_host_timespec(&ts, arg5);
11816                 ret = get_errno(safe_mq_timedsend(arg1, p, arg3, arg4, &ts));
11817                 host_to_target_timespec(arg5, &ts);
11818             } else {
11819                 ret = get_errno(safe_mq_timedsend(arg1, p, arg3, arg4, NULL));
11820             }
11821             unlock_user (p, arg2, arg3);
11822         }
11823         break;
11824 
11825     case TARGET_NR_mq_timedreceive:
11826         {
11827             struct timespec ts;
11828             unsigned int prio;
11829 
11830             p = lock_user (VERIFY_READ, arg2, arg3, 1);
11831             if (arg5 != 0) {
11832                 target_to_host_timespec(&ts, arg5);
11833                 ret = get_errno(safe_mq_timedreceive(arg1, p, arg3,
11834                                                      &prio, &ts));
11835                 host_to_target_timespec(arg5, &ts);
11836             } else {
11837                 ret = get_errno(safe_mq_timedreceive(arg1, p, arg3,
11838                                                      &prio, NULL));
11839             }
11840             unlock_user (p, arg2, arg3);
11841             if (arg4 != 0)
11842                 put_user_u32(prio, arg4);
11843         }
11844         break;
11845 
11846     /* Not implemented for now... */
11847 /*     case TARGET_NR_mq_notify: */
11848 /*         break; */
11849 
11850     case TARGET_NR_mq_getsetattr:
11851         {
11852             struct mq_attr posix_mq_attr_in, posix_mq_attr_out;
11853             ret = 0;
11854             if (arg3 != 0) {
11855                 ret = mq_getattr(arg1, &posix_mq_attr_out);
11856                 copy_to_user_mq_attr(arg3, &posix_mq_attr_out);
11857             }
11858             if (arg2 != 0) {
11859                 copy_from_user_mq_attr(&posix_mq_attr_in, arg2);
11860                 ret |= mq_setattr(arg1, &posix_mq_attr_in, &posix_mq_attr_out);
11861             }
11862 
11863         }
11864         break;
11865 #endif
11866 
11867 #ifdef CONFIG_SPLICE
11868 #ifdef TARGET_NR_tee
11869     case TARGET_NR_tee:
11870         {
11871             ret = get_errno(tee(arg1,arg2,arg3,arg4));
11872         }
11873         break;
11874 #endif
11875 #ifdef TARGET_NR_splice
11876     case TARGET_NR_splice:
11877         {
11878             loff_t loff_in, loff_out;
11879             loff_t *ploff_in = NULL, *ploff_out = NULL;
11880             if (arg2) {
11881                 if (get_user_u64(loff_in, arg2)) {
11882                     goto efault;
11883                 }
11884                 ploff_in = &loff_in;
11885             }
11886             if (arg4) {
11887                 if (get_user_u64(loff_out, arg4)) {
11888                     goto efault;
11889                 }
11890                 ploff_out = &loff_out;
11891             }
11892             ret = get_errno(splice(arg1, ploff_in, arg3, ploff_out, arg5, arg6));
11893             if (arg2) {
11894                 if (put_user_u64(loff_in, arg2)) {
11895                     goto efault;
11896                 }
11897             }
11898             if (arg4) {
11899                 if (put_user_u64(loff_out, arg4)) {
11900                     goto efault;
11901                 }
11902             }
11903         }
11904         break;
11905 #endif
11906 #ifdef TARGET_NR_vmsplice
11907 	case TARGET_NR_vmsplice:
11908         {
11909             struct iovec *vec = lock_iovec(VERIFY_READ, arg2, arg3, 1);
11910             if (vec != NULL) {
11911                 ret = get_errno(vmsplice(arg1, vec, arg3, arg4));
11912                 unlock_iovec(vec, arg2, arg3, 0);
11913             } else {
11914                 ret = -host_to_target_errno(errno);
11915             }
11916         }
11917         break;
11918 #endif
11919 #endif /* CONFIG_SPLICE */
11920 #ifdef CONFIG_EVENTFD
11921 #if defined(TARGET_NR_eventfd)
11922     case TARGET_NR_eventfd:
11923         ret = get_errno(eventfd(arg1, 0));
11924         if (ret >= 0) {
11925             fd_trans_register(ret, &target_eventfd_trans);
11926         }
11927         break;
11928 #endif
11929 #if defined(TARGET_NR_eventfd2)
11930     case TARGET_NR_eventfd2:
11931     {
11932         int host_flags = arg2 & (~(TARGET_O_NONBLOCK | TARGET_O_CLOEXEC));
11933         if (arg2 & TARGET_O_NONBLOCK) {
11934             host_flags |= O_NONBLOCK;
11935         }
11936         if (arg2 & TARGET_O_CLOEXEC) {
11937             host_flags |= O_CLOEXEC;
11938         }
11939         ret = get_errno(eventfd(arg1, host_flags));
11940         if (ret >= 0) {
11941             fd_trans_register(ret, &target_eventfd_trans);
11942         }
11943         break;
11944     }
11945 #endif
11946 #endif /* CONFIG_EVENTFD  */
11947 #if defined(CONFIG_FALLOCATE) && defined(TARGET_NR_fallocate)
11948     case TARGET_NR_fallocate:
11949 #if TARGET_ABI_BITS == 32
11950         ret = get_errno(fallocate(arg1, arg2, target_offset64(arg3, arg4),
11951                                   target_offset64(arg5, arg6)));
11952 #else
11953         ret = get_errno(fallocate(arg1, arg2, arg3, arg4));
11954 #endif
11955         break;
11956 #endif
11957 #if defined(CONFIG_SYNC_FILE_RANGE)
11958 #if defined(TARGET_NR_sync_file_range)
11959     case TARGET_NR_sync_file_range:
11960 #if TARGET_ABI_BITS == 32
11961 #if defined(TARGET_MIPS)
11962         ret = get_errno(sync_file_range(arg1, target_offset64(arg3, arg4),
11963                                         target_offset64(arg5, arg6), arg7));
11964 #else
11965         ret = get_errno(sync_file_range(arg1, target_offset64(arg2, arg3),
11966                                         target_offset64(arg4, arg5), arg6));
11967 #endif /* !TARGET_MIPS */
11968 #else
11969         ret = get_errno(sync_file_range(arg1, arg2, arg3, arg4));
11970 #endif
11971         break;
11972 #endif
11973 #if defined(TARGET_NR_sync_file_range2)
11974     case TARGET_NR_sync_file_range2:
11975         /* This is like sync_file_range but the arguments are reordered */
11976 #if TARGET_ABI_BITS == 32
11977         ret = get_errno(sync_file_range(arg1, target_offset64(arg3, arg4),
11978                                         target_offset64(arg5, arg6), arg2));
11979 #else
11980         ret = get_errno(sync_file_range(arg1, arg3, arg4, arg2));
11981 #endif
11982         break;
11983 #endif
11984 #endif
11985 #if defined(TARGET_NR_signalfd4)
11986     case TARGET_NR_signalfd4:
11987         ret = do_signalfd4(arg1, arg2, arg4);
11988         break;
11989 #endif
11990 #if defined(TARGET_NR_signalfd)
11991     case TARGET_NR_signalfd:
11992         ret = do_signalfd4(arg1, arg2, 0);
11993         break;
11994 #endif
11995 #if defined(CONFIG_EPOLL)
11996 #if defined(TARGET_NR_epoll_create)
11997     case TARGET_NR_epoll_create:
11998         ret = get_errno(epoll_create(arg1));
11999         break;
12000 #endif
12001 #if defined(TARGET_NR_epoll_create1) && defined(CONFIG_EPOLL_CREATE1)
12002     case TARGET_NR_epoll_create1:
12003         ret = get_errno(epoll_create1(arg1));
12004         break;
12005 #endif
12006 #if defined(TARGET_NR_epoll_ctl)
12007     case TARGET_NR_epoll_ctl:
12008     {
12009         struct epoll_event ep;
12010         struct epoll_event *epp = 0;
12011         if (arg4) {
12012             struct target_epoll_event *target_ep;
12013             if (!lock_user_struct(VERIFY_READ, target_ep, arg4, 1)) {
12014                 goto efault;
12015             }
12016             ep.events = tswap32(target_ep->events);
12017             /* The epoll_data_t union is just opaque data to the kernel,
12018              * so we transfer all 64 bits across and need not worry what
12019              * actual data type it is.
12020              */
12021             ep.data.u64 = tswap64(target_ep->data.u64);
12022             unlock_user_struct(target_ep, arg4, 0);
12023             epp = &ep;
12024         }
12025         ret = get_errno(epoll_ctl(arg1, arg2, arg3, epp));
12026         break;
12027     }
12028 #endif
12029 
12030 #if defined(TARGET_NR_epoll_wait) || defined(TARGET_NR_epoll_pwait)
12031 #if defined(TARGET_NR_epoll_wait)
12032     case TARGET_NR_epoll_wait:
12033 #endif
12034 #if defined(TARGET_NR_epoll_pwait)
12035     case TARGET_NR_epoll_pwait:
12036 #endif
12037     {
12038         struct target_epoll_event *target_ep;
12039         struct epoll_event *ep;
12040         int epfd = arg1;
12041         int maxevents = arg3;
12042         int timeout = arg4;
12043 
12044         if (maxevents <= 0 || maxevents > TARGET_EP_MAX_EVENTS) {
12045             ret = -TARGET_EINVAL;
12046             break;
12047         }
12048 
12049         target_ep = lock_user(VERIFY_WRITE, arg2,
12050                               maxevents * sizeof(struct target_epoll_event), 1);
12051         if (!target_ep) {
12052             goto efault;
12053         }
12054 
12055         ep = g_try_new(struct epoll_event, maxevents);
12056         if (!ep) {
12057             unlock_user(target_ep, arg2, 0);
12058             ret = -TARGET_ENOMEM;
12059             break;
12060         }
12061 
12062         switch (num) {
12063 #if defined(TARGET_NR_epoll_pwait)
12064         case TARGET_NR_epoll_pwait:
12065         {
12066             target_sigset_t *target_set;
12067             sigset_t _set, *set = &_set;
12068 
12069             if (arg5) {
12070                 if (arg6 != sizeof(target_sigset_t)) {
12071                     ret = -TARGET_EINVAL;
12072                     break;
12073                 }
12074 
12075                 target_set = lock_user(VERIFY_READ, arg5,
12076                                        sizeof(target_sigset_t), 1);
12077                 if (!target_set) {
12078                     ret = -TARGET_EFAULT;
12079                     break;
12080                 }
12081                 target_to_host_sigset(set, target_set);
12082                 unlock_user(target_set, arg5, 0);
12083             } else {
12084                 set = NULL;
12085             }
12086 
12087             ret = get_errno(safe_epoll_pwait(epfd, ep, maxevents, timeout,
12088                                              set, SIGSET_T_SIZE));
12089             break;
12090         }
12091 #endif
12092 #if defined(TARGET_NR_epoll_wait)
12093         case TARGET_NR_epoll_wait:
12094             ret = get_errno(safe_epoll_pwait(epfd, ep, maxevents, timeout,
12095                                              NULL, 0));
12096             break;
12097 #endif
12098         default:
12099             ret = -TARGET_ENOSYS;
12100         }
12101         if (!is_error(ret)) {
12102             int i;
12103             for (i = 0; i < ret; i++) {
12104                 target_ep[i].events = tswap32(ep[i].events);
12105                 target_ep[i].data.u64 = tswap64(ep[i].data.u64);
12106             }
12107             unlock_user(target_ep, arg2,
12108                         ret * sizeof(struct target_epoll_event));
12109         } else {
12110             unlock_user(target_ep, arg2, 0);
12111         }
12112         g_free(ep);
12113         break;
12114     }
12115 #endif
12116 #endif
12117 #ifdef TARGET_NR_prlimit64
12118     case TARGET_NR_prlimit64:
12119     {
12120         /* args: pid, resource number, ptr to new rlimit, ptr to old rlimit */
12121         struct target_rlimit64 *target_rnew, *target_rold;
12122         struct host_rlimit64 rnew, rold, *rnewp = 0;
12123         int resource = target_to_host_resource(arg2);
12124         if (arg3) {
12125             if (!lock_user_struct(VERIFY_READ, target_rnew, arg3, 1)) {
12126                 goto efault;
12127             }
12128             rnew.rlim_cur = tswap64(target_rnew->rlim_cur);
12129             rnew.rlim_max = tswap64(target_rnew->rlim_max);
12130             unlock_user_struct(target_rnew, arg3, 0);
12131             rnewp = &rnew;
12132         }
12133 
12134         ret = get_errno(sys_prlimit64(arg1, resource, rnewp, arg4 ? &rold : 0));
12135         if (!is_error(ret) && arg4) {
12136             if (!lock_user_struct(VERIFY_WRITE, target_rold, arg4, 1)) {
12137                 goto efault;
12138             }
12139             target_rold->rlim_cur = tswap64(rold.rlim_cur);
12140             target_rold->rlim_max = tswap64(rold.rlim_max);
12141             unlock_user_struct(target_rold, arg4, 1);
12142         }
12143         break;
12144     }
12145 #endif
12146 #ifdef TARGET_NR_gethostname
12147     case TARGET_NR_gethostname:
12148     {
12149         char *name = lock_user(VERIFY_WRITE, arg1, arg2, 0);
12150         if (name) {
12151             ret = get_errno(gethostname(name, arg2));
12152             unlock_user(name, arg1, arg2);
12153         } else {
12154             ret = -TARGET_EFAULT;
12155         }
12156         break;
12157     }
12158 #endif
12159 #ifdef TARGET_NR_atomic_cmpxchg_32
12160     case TARGET_NR_atomic_cmpxchg_32:
12161     {
12162         /* should use start_exclusive from main.c */
12163         abi_ulong mem_value;
12164         if (get_user_u32(mem_value, arg6)) {
12165             target_siginfo_t info;
12166             info.si_signo = SIGSEGV;
12167             info.si_errno = 0;
12168             info.si_code = TARGET_SEGV_MAPERR;
12169             info._sifields._sigfault._addr = arg6;
12170             queue_signal((CPUArchState *)cpu_env, info.si_signo,
12171                          QEMU_SI_FAULT, &info);
12172             ret = 0xdeadbeef;
12173 
12174         }
12175         if (mem_value == arg2)
12176             put_user_u32(arg1, arg6);
12177         ret = mem_value;
12178         break;
12179     }
12180 #endif
12181 #ifdef TARGET_NR_atomic_barrier
12182     case TARGET_NR_atomic_barrier:
12183     {
12184         /* Like the kernel implementation and the qemu arm barrier, no-op this? */
12185         ret = 0;
12186         break;
12187     }
12188 #endif
12189 
12190 #ifdef TARGET_NR_timer_create
12191     case TARGET_NR_timer_create:
12192     {
12193         /* args: clockid_t clockid, struct sigevent *sevp, timer_t *timerid */
12194 
12195         struct sigevent host_sevp = { {0}, }, *phost_sevp = NULL;
12196 
12197         int clkid = arg1;
12198         int timer_index = next_free_host_timer();
12199 
12200         if (timer_index < 0) {
12201             ret = -TARGET_EAGAIN;
12202         } else {
12203             timer_t *phtimer = g_posix_timers  + timer_index;
12204 
12205             if (arg2) {
12206                 phost_sevp = &host_sevp;
12207                 ret = target_to_host_sigevent(phost_sevp, arg2);
12208                 if (ret != 0) {
12209                     break;
12210                 }
12211             }
12212 
12213             ret = get_errno(timer_create(clkid, phost_sevp, phtimer));
12214             if (ret) {
12215                 phtimer = NULL;
12216             } else {
12217                 if (put_user(TIMER_MAGIC | timer_index, arg3, target_timer_t)) {
12218                     goto efault;
12219                 }
12220             }
12221         }
12222         break;
12223     }
12224 #endif
12225 
12226 #ifdef TARGET_NR_timer_settime
12227     case TARGET_NR_timer_settime:
12228     {
12229         /* args: timer_t timerid, int flags, const struct itimerspec *new_value,
12230          * struct itimerspec * old_value */
12231         target_timer_t timerid = get_timer_id(arg1);
12232 
12233         if (timerid < 0) {
12234             ret = timerid;
12235         } else if (arg3 == 0) {
12236             ret = -TARGET_EINVAL;
12237         } else {
12238             timer_t htimer = g_posix_timers[timerid];
12239             struct itimerspec hspec_new = {{0},}, hspec_old = {{0},};
12240 
12241             if (target_to_host_itimerspec(&hspec_new, arg3)) {
12242                 goto efault;
12243             }
12244             ret = get_errno(
12245                           timer_settime(htimer, arg2, &hspec_new, &hspec_old));
12246             if (arg4 && host_to_target_itimerspec(arg4, &hspec_old)) {
12247                 goto efault;
12248             }
12249         }
12250         break;
12251     }
12252 #endif
12253 
12254 #ifdef TARGET_NR_timer_gettime
12255     case TARGET_NR_timer_gettime:
12256     {
12257         /* args: timer_t timerid, struct itimerspec *curr_value */
12258         target_timer_t timerid = get_timer_id(arg1);
12259 
12260         if (timerid < 0) {
12261             ret = timerid;
12262         } else if (!arg2) {
12263             ret = -TARGET_EFAULT;
12264         } else {
12265             timer_t htimer = g_posix_timers[timerid];
12266             struct itimerspec hspec;
12267             ret = get_errno(timer_gettime(htimer, &hspec));
12268 
12269             if (host_to_target_itimerspec(arg2, &hspec)) {
12270                 ret = -TARGET_EFAULT;
12271             }
12272         }
12273         break;
12274     }
12275 #endif
12276 
12277 #ifdef TARGET_NR_timer_getoverrun
12278     case TARGET_NR_timer_getoverrun:
12279     {
12280         /* args: timer_t timerid */
12281         target_timer_t timerid = get_timer_id(arg1);
12282 
12283         if (timerid < 0) {
12284             ret = timerid;
12285         } else {
12286             timer_t htimer = g_posix_timers[timerid];
12287             ret = get_errno(timer_getoverrun(htimer));
12288         }
12289         fd_trans_unregister(ret);
12290         break;
12291     }
12292 #endif
12293 
12294 #ifdef TARGET_NR_timer_delete
12295     case TARGET_NR_timer_delete:
12296     {
12297         /* args: timer_t timerid */
12298         target_timer_t timerid = get_timer_id(arg1);
12299 
12300         if (timerid < 0) {
12301             ret = timerid;
12302         } else {
12303             timer_t htimer = g_posix_timers[timerid];
12304             ret = get_errno(timer_delete(htimer));
12305             g_posix_timers[timerid] = 0;
12306         }
12307         break;
12308     }
12309 #endif
12310 
12311 #if defined(TARGET_NR_timerfd_create) && defined(CONFIG_TIMERFD)
12312     case TARGET_NR_timerfd_create:
12313         ret = get_errno(timerfd_create(arg1,
12314                 target_to_host_bitmask(arg2, fcntl_flags_tbl)));
12315         break;
12316 #endif
12317 
12318 #if defined(TARGET_NR_timerfd_gettime) && defined(CONFIG_TIMERFD)
12319     case TARGET_NR_timerfd_gettime:
12320         {
12321             struct itimerspec its_curr;
12322 
12323             ret = get_errno(timerfd_gettime(arg1, &its_curr));
12324 
12325             if (arg2 && host_to_target_itimerspec(arg2, &its_curr)) {
12326                 goto efault;
12327             }
12328         }
12329         break;
12330 #endif
12331 
12332 #if defined(TARGET_NR_timerfd_settime) && defined(CONFIG_TIMERFD)
12333     case TARGET_NR_timerfd_settime:
12334         {
12335             struct itimerspec its_new, its_old, *p_new;
12336 
12337             if (arg3) {
12338                 if (target_to_host_itimerspec(&its_new, arg3)) {
12339                     goto efault;
12340                 }
12341                 p_new = &its_new;
12342             } else {
12343                 p_new = NULL;
12344             }
12345 
12346             ret = get_errno(timerfd_settime(arg1, arg2, p_new, &its_old));
12347 
12348             if (arg4 && host_to_target_itimerspec(arg4, &its_old)) {
12349                 goto efault;
12350             }
12351         }
12352         break;
12353 #endif
12354 
12355 #if defined(TARGET_NR_ioprio_get) && defined(__NR_ioprio_get)
12356     case TARGET_NR_ioprio_get:
12357         ret = get_errno(ioprio_get(arg1, arg2));
12358         break;
12359 #endif
12360 
12361 #if defined(TARGET_NR_ioprio_set) && defined(__NR_ioprio_set)
12362     case TARGET_NR_ioprio_set:
12363         ret = get_errno(ioprio_set(arg1, arg2, arg3));
12364         break;
12365 #endif
12366 
12367 #if defined(TARGET_NR_setns) && defined(CONFIG_SETNS)
12368     case TARGET_NR_setns:
12369         ret = get_errno(setns(arg1, arg2));
12370         break;
12371 #endif
12372 #if defined(TARGET_NR_unshare) && defined(CONFIG_SETNS)
12373     case TARGET_NR_unshare:
12374         ret = get_errno(unshare(arg1));
12375         break;
12376 #endif
12377 #if defined(TARGET_NR_kcmp) && defined(__NR_kcmp)
12378     case TARGET_NR_kcmp:
12379         ret = get_errno(kcmp(arg1, arg2, arg3, arg4, arg5));
12380         break;
12381 #endif
12382 
12383     default:
12384     unimplemented:
12385         gemu_log("qemu: Unsupported syscall: %d\n", num);
12386 #if defined(TARGET_NR_setxattr) || defined(TARGET_NR_get_thread_area) || defined(TARGET_NR_getdomainname) || defined(TARGET_NR_set_robust_list)
12387     unimplemented_nowarn:
12388 #endif
12389         ret = -TARGET_ENOSYS;
12390         break;
12391     }
12392 fail:
12393 #ifdef DEBUG
12394     gemu_log(" = " TARGET_ABI_FMT_ld "\n", ret);
12395 #endif
12396     if(do_strace)
12397         print_syscall_ret(num, ret);
12398     trace_guest_user_syscall_ret(cpu, num, ret);
12399     return ret;
12400 efault:
12401     ret = -TARGET_EFAULT;
12402     goto fail;
12403 }
12404