xref: /openbmc/qemu/linux-user/syscall.c (revision 21f5826a)
1 /*
2  *  Linux syscalls
3  *
4  *  Copyright (c) 2003 Fabrice Bellard
5  *
6  *  This program is free software; you can redistribute it and/or modify
7  *  it under the terms of the GNU General Public License as published by
8  *  the Free Software Foundation; either version 2 of the License, or
9  *  (at your option) any later version.
10  *
11  *  This program is distributed in the hope that it will be useful,
12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  *  GNU General Public License for more details.
15  *
16  *  You should have received a copy of the GNU General Public License
17  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
18  */
19 #define _ATFILE_SOURCE
20 #include <stdlib.h>
21 #include <stdio.h>
22 #include <stdarg.h>
23 #include <string.h>
24 #include <elf.h>
25 #include <endian.h>
26 #include <errno.h>
27 #include <unistd.h>
28 #include <fcntl.h>
29 #include <time.h>
30 #include <limits.h>
31 #include <grp.h>
32 #include <sys/types.h>
33 #include <sys/ipc.h>
34 #include <sys/msg.h>
35 #include <sys/wait.h>
36 #include <sys/time.h>
37 #include <sys/stat.h>
38 #include <sys/mount.h>
39 #include <sys/file.h>
40 #include <sys/fsuid.h>
41 #include <sys/personality.h>
42 #include <sys/prctl.h>
43 #include <sys/resource.h>
44 #include <sys/mman.h>
45 #include <sys/swap.h>
46 #include <linux/capability.h>
47 #include <signal.h>
48 #include <sched.h>
49 #ifdef __ia64__
50 int __clone2(int (*fn)(void *), void *child_stack_base,
51              size_t stack_size, int flags, void *arg, ...);
52 #endif
53 #include <sys/socket.h>
54 #include <sys/un.h>
55 #include <sys/uio.h>
56 #include <sys/poll.h>
57 #include <sys/times.h>
58 #include <sys/shm.h>
59 #include <sys/sem.h>
60 #include <sys/statfs.h>
61 #include <utime.h>
62 #include <sys/sysinfo.h>
63 //#include <sys/user.h>
64 #include <netinet/ip.h>
65 #include <netinet/tcp.h>
66 #include <linux/wireless.h>
67 #include <linux/icmp.h>
68 #include "qemu-common.h"
69 #ifdef CONFIG_TIMERFD
70 #include <sys/timerfd.h>
71 #endif
72 #ifdef TARGET_GPROF
73 #include <sys/gmon.h>
74 #endif
75 #ifdef CONFIG_EVENTFD
76 #include <sys/eventfd.h>
77 #endif
78 #ifdef CONFIG_EPOLL
79 #include <sys/epoll.h>
80 #endif
81 #ifdef CONFIG_ATTR
82 #include "qemu/xattr.h"
83 #endif
84 #ifdef CONFIG_SENDFILE
85 #include <sys/sendfile.h>
86 #endif
87 
88 #define termios host_termios
89 #define winsize host_winsize
90 #define termio host_termio
91 #define sgttyb host_sgttyb /* same as target */
92 #define tchars host_tchars /* same as target */
93 #define ltchars host_ltchars /* same as target */
94 
95 #include <linux/termios.h>
96 #include <linux/unistd.h>
97 #include <linux/cdrom.h>
98 #include <linux/hdreg.h>
99 #include <linux/soundcard.h>
100 #include <linux/kd.h>
101 #include <linux/mtio.h>
102 #include <linux/fs.h>
103 #if defined(CONFIG_FIEMAP)
104 #include <linux/fiemap.h>
105 #endif
106 #include <linux/fb.h>
107 #include <linux/vt.h>
108 #include <linux/dm-ioctl.h>
109 #include <linux/reboot.h>
110 #include <linux/route.h>
111 #include <linux/filter.h>
112 #include <linux/blkpg.h>
113 #include "linux_loop.h"
114 #include "uname.h"
115 
116 #include "qemu.h"
117 
118 #define CLONE_NPTL_FLAGS2 (CLONE_SETTLS | \
119     CLONE_PARENT_SETTID | CLONE_CHILD_SETTID | CLONE_CHILD_CLEARTID)
120 
121 //#define DEBUG
122 
123 //#include <linux/msdos_fs.h>
124 #define	VFAT_IOCTL_READDIR_BOTH		_IOR('r', 1, struct linux_dirent [2])
125 #define	VFAT_IOCTL_READDIR_SHORT	_IOR('r', 2, struct linux_dirent [2])
126 
127 
128 #undef _syscall0
129 #undef _syscall1
130 #undef _syscall2
131 #undef _syscall3
132 #undef _syscall4
133 #undef _syscall5
134 #undef _syscall6
135 
136 #define _syscall0(type,name)		\
137 static type name (void)			\
138 {					\
139 	return syscall(__NR_##name);	\
140 }
141 
142 #define _syscall1(type,name,type1,arg1)		\
143 static type name (type1 arg1)			\
144 {						\
145 	return syscall(__NR_##name, arg1);	\
146 }
147 
148 #define _syscall2(type,name,type1,arg1,type2,arg2)	\
149 static type name (type1 arg1,type2 arg2)		\
150 {							\
151 	return syscall(__NR_##name, arg1, arg2);	\
152 }
153 
154 #define _syscall3(type,name,type1,arg1,type2,arg2,type3,arg3)	\
155 static type name (type1 arg1,type2 arg2,type3 arg3)		\
156 {								\
157 	return syscall(__NR_##name, arg1, arg2, arg3);		\
158 }
159 
160 #define _syscall4(type,name,type1,arg1,type2,arg2,type3,arg3,type4,arg4)	\
161 static type name (type1 arg1,type2 arg2,type3 arg3,type4 arg4)			\
162 {										\
163 	return syscall(__NR_##name, arg1, arg2, arg3, arg4);			\
164 }
165 
166 #define _syscall5(type,name,type1,arg1,type2,arg2,type3,arg3,type4,arg4,	\
167 		  type5,arg5)							\
168 static type name (type1 arg1,type2 arg2,type3 arg3,type4 arg4,type5 arg5)	\
169 {										\
170 	return syscall(__NR_##name, arg1, arg2, arg3, arg4, arg5);		\
171 }
172 
173 
174 #define _syscall6(type,name,type1,arg1,type2,arg2,type3,arg3,type4,arg4,	\
175 		  type5,arg5,type6,arg6)					\
176 static type name (type1 arg1,type2 arg2,type3 arg3,type4 arg4,type5 arg5,	\
177                   type6 arg6)							\
178 {										\
179 	return syscall(__NR_##name, arg1, arg2, arg3, arg4, arg5, arg6);	\
180 }
181 
182 
183 #define __NR_sys_uname __NR_uname
184 #define __NR_sys_getcwd1 __NR_getcwd
185 #define __NR_sys_getdents __NR_getdents
186 #define __NR_sys_getdents64 __NR_getdents64
187 #define __NR_sys_getpriority __NR_getpriority
188 #define __NR_sys_rt_sigqueueinfo __NR_rt_sigqueueinfo
189 #define __NR_sys_syslog __NR_syslog
190 #define __NR_sys_tgkill __NR_tgkill
191 #define __NR_sys_tkill __NR_tkill
192 #define __NR_sys_futex __NR_futex
193 #define __NR_sys_inotify_init __NR_inotify_init
194 #define __NR_sys_inotify_add_watch __NR_inotify_add_watch
195 #define __NR_sys_inotify_rm_watch __NR_inotify_rm_watch
196 
197 #if defined(__alpha__) || defined (__ia64__) || defined(__x86_64__) || \
198     defined(__s390x__)
199 #define __NR__llseek __NR_lseek
200 #endif
201 
202 /* Newer kernel ports have llseek() instead of _llseek() */
203 #if defined(TARGET_NR_llseek) && !defined(TARGET_NR__llseek)
204 #define TARGET_NR__llseek TARGET_NR_llseek
205 #endif
206 
207 #ifdef __NR_gettid
208 _syscall0(int, gettid)
209 #else
210 /* This is a replacement for the host gettid() and must return a host
211    errno. */
212 static int gettid(void) {
213     return -ENOSYS;
214 }
215 #endif
216 #ifdef __NR_getdents
217 _syscall3(int, sys_getdents, uint, fd, struct linux_dirent *, dirp, uint, count);
218 #endif
219 #if !defined(__NR_getdents) || \
220     (defined(TARGET_NR_getdents64) && defined(__NR_getdents64))
221 _syscall3(int, sys_getdents64, uint, fd, struct linux_dirent64 *, dirp, uint, count);
222 #endif
223 #if defined(TARGET_NR__llseek) && defined(__NR_llseek)
224 _syscall5(int, _llseek,  uint,  fd, ulong, hi, ulong, lo,
225           loff_t *, res, uint, wh);
226 #endif
227 _syscall3(int,sys_rt_sigqueueinfo,int,pid,int,sig,siginfo_t *,uinfo)
228 _syscall3(int,sys_syslog,int,type,char*,bufp,int,len)
229 #if defined(TARGET_NR_tgkill) && defined(__NR_tgkill)
230 _syscall3(int,sys_tgkill,int,tgid,int,pid,int,sig)
231 #endif
232 #if defined(TARGET_NR_tkill) && defined(__NR_tkill)
233 _syscall2(int,sys_tkill,int,tid,int,sig)
234 #endif
235 #ifdef __NR_exit_group
236 _syscall1(int,exit_group,int,error_code)
237 #endif
238 #if defined(TARGET_NR_set_tid_address) && defined(__NR_set_tid_address)
239 _syscall1(int,set_tid_address,int *,tidptr)
240 #endif
241 #if defined(TARGET_NR_futex) && defined(__NR_futex)
242 _syscall6(int,sys_futex,int *,uaddr,int,op,int,val,
243           const struct timespec *,timeout,int *,uaddr2,int,val3)
244 #endif
245 #define __NR_sys_sched_getaffinity __NR_sched_getaffinity
246 _syscall3(int, sys_sched_getaffinity, pid_t, pid, unsigned int, len,
247           unsigned long *, user_mask_ptr);
248 #define __NR_sys_sched_setaffinity __NR_sched_setaffinity
249 _syscall3(int, sys_sched_setaffinity, pid_t, pid, unsigned int, len,
250           unsigned long *, user_mask_ptr);
251 _syscall4(int, reboot, int, magic1, int, magic2, unsigned int, cmd,
252           void *, arg);
253 _syscall2(int, capget, struct __user_cap_header_struct *, header,
254           struct __user_cap_data_struct *, data);
255 _syscall2(int, capset, struct __user_cap_header_struct *, header,
256           struct __user_cap_data_struct *, data);
257 #if defined(TARGET_NR_ioprio_get) && defined(__NR_ioprio_get)
258 _syscall2(int, ioprio_get, int, which, int, who)
259 #endif
260 #if defined(TARGET_NR_ioprio_set) && defined(__NR_ioprio_set)
261 _syscall3(int, ioprio_set, int, which, int, who, int, ioprio)
262 #endif
263 
264 static bitmask_transtbl fcntl_flags_tbl[] = {
265   { TARGET_O_ACCMODE,   TARGET_O_WRONLY,    O_ACCMODE,   O_WRONLY,    },
266   { TARGET_O_ACCMODE,   TARGET_O_RDWR,      O_ACCMODE,   O_RDWR,      },
267   { TARGET_O_CREAT,     TARGET_O_CREAT,     O_CREAT,     O_CREAT,     },
268   { TARGET_O_EXCL,      TARGET_O_EXCL,      O_EXCL,      O_EXCL,      },
269   { TARGET_O_NOCTTY,    TARGET_O_NOCTTY,    O_NOCTTY,    O_NOCTTY,    },
270   { TARGET_O_TRUNC,     TARGET_O_TRUNC,     O_TRUNC,     O_TRUNC,     },
271   { TARGET_O_APPEND,    TARGET_O_APPEND,    O_APPEND,    O_APPEND,    },
272   { TARGET_O_NONBLOCK,  TARGET_O_NONBLOCK,  O_NONBLOCK,  O_NONBLOCK,  },
273   { TARGET_O_SYNC,      TARGET_O_DSYNC,     O_SYNC,      O_DSYNC,     },
274   { TARGET_O_SYNC,      TARGET_O_SYNC,      O_SYNC,      O_SYNC,      },
275   { TARGET_FASYNC,      TARGET_FASYNC,      FASYNC,      FASYNC,      },
276   { TARGET_O_DIRECTORY, TARGET_O_DIRECTORY, O_DIRECTORY, O_DIRECTORY, },
277   { TARGET_O_NOFOLLOW,  TARGET_O_NOFOLLOW,  O_NOFOLLOW,  O_NOFOLLOW,  },
278 #if defined(O_DIRECT)
279   { TARGET_O_DIRECT,    TARGET_O_DIRECT,    O_DIRECT,    O_DIRECT,    },
280 #endif
281 #if defined(O_NOATIME)
282   { TARGET_O_NOATIME,   TARGET_O_NOATIME,   O_NOATIME,   O_NOATIME    },
283 #endif
284 #if defined(O_CLOEXEC)
285   { TARGET_O_CLOEXEC,   TARGET_O_CLOEXEC,   O_CLOEXEC,   O_CLOEXEC    },
286 #endif
287 #if defined(O_PATH)
288   { TARGET_O_PATH,      TARGET_O_PATH,      O_PATH,      O_PATH       },
289 #endif
290   /* Don't terminate the list prematurely on 64-bit host+guest.  */
291 #if TARGET_O_LARGEFILE != 0 || O_LARGEFILE != 0
292   { TARGET_O_LARGEFILE, TARGET_O_LARGEFILE, O_LARGEFILE, O_LARGEFILE, },
293 #endif
294   { 0, 0, 0, 0 }
295 };
296 
297 static int sys_getcwd1(char *buf, size_t size)
298 {
299   if (getcwd(buf, size) == NULL) {
300       /* getcwd() sets errno */
301       return (-1);
302   }
303   return strlen(buf)+1;
304 }
305 
306 static int sys_openat(int dirfd, const char *pathname, int flags, mode_t mode)
307 {
308   /*
309    * open(2) has extra parameter 'mode' when called with
310    * flag O_CREAT.
311    */
312   if ((flags & O_CREAT) != 0) {
313       return (openat(dirfd, pathname, flags, mode));
314   }
315   return (openat(dirfd, pathname, flags));
316 }
317 
318 #ifdef TARGET_NR_utimensat
319 #ifdef CONFIG_UTIMENSAT
320 static int sys_utimensat(int dirfd, const char *pathname,
321     const struct timespec times[2], int flags)
322 {
323     if (pathname == NULL)
324         return futimens(dirfd, times);
325     else
326         return utimensat(dirfd, pathname, times, flags);
327 }
328 #elif defined(__NR_utimensat)
329 #define __NR_sys_utimensat __NR_utimensat
330 _syscall4(int,sys_utimensat,int,dirfd,const char *,pathname,
331           const struct timespec *,tsp,int,flags)
332 #else
333 static int sys_utimensat(int dirfd, const char *pathname,
334                          const struct timespec times[2], int flags)
335 {
336     errno = ENOSYS;
337     return -1;
338 }
339 #endif
340 #endif /* TARGET_NR_utimensat */
341 
342 #ifdef CONFIG_INOTIFY
343 #include <sys/inotify.h>
344 
345 #if defined(TARGET_NR_inotify_init) && defined(__NR_inotify_init)
346 static int sys_inotify_init(void)
347 {
348   return (inotify_init());
349 }
350 #endif
351 #if defined(TARGET_NR_inotify_add_watch) && defined(__NR_inotify_add_watch)
352 static int sys_inotify_add_watch(int fd,const char *pathname, int32_t mask)
353 {
354   return (inotify_add_watch(fd, pathname, mask));
355 }
356 #endif
357 #if defined(TARGET_NR_inotify_rm_watch) && defined(__NR_inotify_rm_watch)
358 static int sys_inotify_rm_watch(int fd, int32_t wd)
359 {
360   return (inotify_rm_watch(fd, wd));
361 }
362 #endif
363 #ifdef CONFIG_INOTIFY1
364 #if defined(TARGET_NR_inotify_init1) && defined(__NR_inotify_init1)
365 static int sys_inotify_init1(int flags)
366 {
367   return (inotify_init1(flags));
368 }
369 #endif
370 #endif
371 #else
372 /* Userspace can usually survive runtime without inotify */
373 #undef TARGET_NR_inotify_init
374 #undef TARGET_NR_inotify_init1
375 #undef TARGET_NR_inotify_add_watch
376 #undef TARGET_NR_inotify_rm_watch
377 #endif /* CONFIG_INOTIFY  */
378 
379 #if defined(TARGET_NR_ppoll)
380 #ifndef __NR_ppoll
381 # define __NR_ppoll -1
382 #endif
383 #define __NR_sys_ppoll __NR_ppoll
384 _syscall5(int, sys_ppoll, struct pollfd *, fds, nfds_t, nfds,
385           struct timespec *, timeout, const sigset_t *, sigmask,
386           size_t, sigsetsize)
387 #endif
388 
389 #if defined(TARGET_NR_pselect6)
390 #ifndef __NR_pselect6
391 # define __NR_pselect6 -1
392 #endif
393 #define __NR_sys_pselect6 __NR_pselect6
394 _syscall6(int, sys_pselect6, int, nfds, fd_set *, readfds, fd_set *, writefds,
395           fd_set *, exceptfds, struct timespec *, timeout, void *, sig);
396 #endif
397 
398 #if defined(TARGET_NR_prlimit64)
399 #ifndef __NR_prlimit64
400 # define __NR_prlimit64 -1
401 #endif
402 #define __NR_sys_prlimit64 __NR_prlimit64
403 /* The glibc rlimit structure may not be that used by the underlying syscall */
404 struct host_rlimit64 {
405     uint64_t rlim_cur;
406     uint64_t rlim_max;
407 };
408 _syscall4(int, sys_prlimit64, pid_t, pid, int, resource,
409           const struct host_rlimit64 *, new_limit,
410           struct host_rlimit64 *, old_limit)
411 #endif
412 
413 
414 #if defined(TARGET_NR_timer_create)
415 /* Maxiumum of 32 active POSIX timers allowed at any one time. */
416 static timer_t g_posix_timers[32] = { 0, } ;
417 
418 static inline int next_free_host_timer(void)
419 {
420     int k ;
421     /* FIXME: Does finding the next free slot require a lock? */
422     for (k = 0; k < ARRAY_SIZE(g_posix_timers); k++) {
423         if (g_posix_timers[k] == 0) {
424             g_posix_timers[k] = (timer_t) 1;
425             return k;
426         }
427     }
428     return -1;
429 }
430 #endif
431 
432 /* ARM EABI and MIPS expect 64bit types aligned even on pairs or registers */
433 #ifdef TARGET_ARM
434 static inline int regpairs_aligned(void *cpu_env) {
435     return ((((CPUARMState *)cpu_env)->eabi) == 1) ;
436 }
437 #elif defined(TARGET_MIPS)
438 static inline int regpairs_aligned(void *cpu_env) { return 1; }
439 #elif defined(TARGET_PPC) && !defined(TARGET_PPC64)
440 /* SysV AVI for PPC32 expects 64bit parameters to be passed on odd/even pairs
441  * of registers which translates to the same as ARM/MIPS, because we start with
442  * r3 as arg1 */
443 static inline int regpairs_aligned(void *cpu_env) { return 1; }
444 #else
445 static inline int regpairs_aligned(void *cpu_env) { return 0; }
446 #endif
447 
448 #define ERRNO_TABLE_SIZE 1200
449 
450 /* target_to_host_errno_table[] is initialized from
451  * host_to_target_errno_table[] in syscall_init(). */
452 static uint16_t target_to_host_errno_table[ERRNO_TABLE_SIZE] = {
453 };
454 
455 /*
456  * This list is the union of errno values overridden in asm-<arch>/errno.h
457  * minus the errnos that are not actually generic to all archs.
458  */
459 static uint16_t host_to_target_errno_table[ERRNO_TABLE_SIZE] = {
460     [EIDRM]		= TARGET_EIDRM,
461     [ECHRNG]		= TARGET_ECHRNG,
462     [EL2NSYNC]		= TARGET_EL2NSYNC,
463     [EL3HLT]		= TARGET_EL3HLT,
464     [EL3RST]		= TARGET_EL3RST,
465     [ELNRNG]		= TARGET_ELNRNG,
466     [EUNATCH]		= TARGET_EUNATCH,
467     [ENOCSI]		= TARGET_ENOCSI,
468     [EL2HLT]		= TARGET_EL2HLT,
469     [EDEADLK]		= TARGET_EDEADLK,
470     [ENOLCK]		= TARGET_ENOLCK,
471     [EBADE]		= TARGET_EBADE,
472     [EBADR]		= TARGET_EBADR,
473     [EXFULL]		= TARGET_EXFULL,
474     [ENOANO]		= TARGET_ENOANO,
475     [EBADRQC]		= TARGET_EBADRQC,
476     [EBADSLT]		= TARGET_EBADSLT,
477     [EBFONT]		= TARGET_EBFONT,
478     [ENOSTR]		= TARGET_ENOSTR,
479     [ENODATA]		= TARGET_ENODATA,
480     [ETIME]		= TARGET_ETIME,
481     [ENOSR]		= TARGET_ENOSR,
482     [ENONET]		= TARGET_ENONET,
483     [ENOPKG]		= TARGET_ENOPKG,
484     [EREMOTE]		= TARGET_EREMOTE,
485     [ENOLINK]		= TARGET_ENOLINK,
486     [EADV]		= TARGET_EADV,
487     [ESRMNT]		= TARGET_ESRMNT,
488     [ECOMM]		= TARGET_ECOMM,
489     [EPROTO]		= TARGET_EPROTO,
490     [EDOTDOT]		= TARGET_EDOTDOT,
491     [EMULTIHOP]		= TARGET_EMULTIHOP,
492     [EBADMSG]		= TARGET_EBADMSG,
493     [ENAMETOOLONG]	= TARGET_ENAMETOOLONG,
494     [EOVERFLOW]		= TARGET_EOVERFLOW,
495     [ENOTUNIQ]		= TARGET_ENOTUNIQ,
496     [EBADFD]		= TARGET_EBADFD,
497     [EREMCHG]		= TARGET_EREMCHG,
498     [ELIBACC]		= TARGET_ELIBACC,
499     [ELIBBAD]		= TARGET_ELIBBAD,
500     [ELIBSCN]		= TARGET_ELIBSCN,
501     [ELIBMAX]		= TARGET_ELIBMAX,
502     [ELIBEXEC]		= TARGET_ELIBEXEC,
503     [EILSEQ]		= TARGET_EILSEQ,
504     [ENOSYS]		= TARGET_ENOSYS,
505     [ELOOP]		= TARGET_ELOOP,
506     [ERESTART]		= TARGET_ERESTART,
507     [ESTRPIPE]		= TARGET_ESTRPIPE,
508     [ENOTEMPTY]		= TARGET_ENOTEMPTY,
509     [EUSERS]		= TARGET_EUSERS,
510     [ENOTSOCK]		= TARGET_ENOTSOCK,
511     [EDESTADDRREQ]	= TARGET_EDESTADDRREQ,
512     [EMSGSIZE]		= TARGET_EMSGSIZE,
513     [EPROTOTYPE]	= TARGET_EPROTOTYPE,
514     [ENOPROTOOPT]	= TARGET_ENOPROTOOPT,
515     [EPROTONOSUPPORT]	= TARGET_EPROTONOSUPPORT,
516     [ESOCKTNOSUPPORT]	= TARGET_ESOCKTNOSUPPORT,
517     [EOPNOTSUPP]	= TARGET_EOPNOTSUPP,
518     [EPFNOSUPPORT]	= TARGET_EPFNOSUPPORT,
519     [EAFNOSUPPORT]	= TARGET_EAFNOSUPPORT,
520     [EADDRINUSE]	= TARGET_EADDRINUSE,
521     [EADDRNOTAVAIL]	= TARGET_EADDRNOTAVAIL,
522     [ENETDOWN]		= TARGET_ENETDOWN,
523     [ENETUNREACH]	= TARGET_ENETUNREACH,
524     [ENETRESET]		= TARGET_ENETRESET,
525     [ECONNABORTED]	= TARGET_ECONNABORTED,
526     [ECONNRESET]	= TARGET_ECONNRESET,
527     [ENOBUFS]		= TARGET_ENOBUFS,
528     [EISCONN]		= TARGET_EISCONN,
529     [ENOTCONN]		= TARGET_ENOTCONN,
530     [EUCLEAN]		= TARGET_EUCLEAN,
531     [ENOTNAM]		= TARGET_ENOTNAM,
532     [ENAVAIL]		= TARGET_ENAVAIL,
533     [EISNAM]		= TARGET_EISNAM,
534     [EREMOTEIO]		= TARGET_EREMOTEIO,
535     [ESHUTDOWN]		= TARGET_ESHUTDOWN,
536     [ETOOMANYREFS]	= TARGET_ETOOMANYREFS,
537     [ETIMEDOUT]		= TARGET_ETIMEDOUT,
538     [ECONNREFUSED]	= TARGET_ECONNREFUSED,
539     [EHOSTDOWN]		= TARGET_EHOSTDOWN,
540     [EHOSTUNREACH]	= TARGET_EHOSTUNREACH,
541     [EALREADY]		= TARGET_EALREADY,
542     [EINPROGRESS]	= TARGET_EINPROGRESS,
543     [ESTALE]		= TARGET_ESTALE,
544     [ECANCELED]		= TARGET_ECANCELED,
545     [ENOMEDIUM]		= TARGET_ENOMEDIUM,
546     [EMEDIUMTYPE]	= TARGET_EMEDIUMTYPE,
547 #ifdef ENOKEY
548     [ENOKEY]		= TARGET_ENOKEY,
549 #endif
550 #ifdef EKEYEXPIRED
551     [EKEYEXPIRED]	= TARGET_EKEYEXPIRED,
552 #endif
553 #ifdef EKEYREVOKED
554     [EKEYREVOKED]	= TARGET_EKEYREVOKED,
555 #endif
556 #ifdef EKEYREJECTED
557     [EKEYREJECTED]	= TARGET_EKEYREJECTED,
558 #endif
559 #ifdef EOWNERDEAD
560     [EOWNERDEAD]	= TARGET_EOWNERDEAD,
561 #endif
562 #ifdef ENOTRECOVERABLE
563     [ENOTRECOVERABLE]	= TARGET_ENOTRECOVERABLE,
564 #endif
565 };
566 
567 static inline int host_to_target_errno(int err)
568 {
569     if(host_to_target_errno_table[err])
570         return host_to_target_errno_table[err];
571     return err;
572 }
573 
574 static inline int target_to_host_errno(int err)
575 {
576     if (target_to_host_errno_table[err])
577         return target_to_host_errno_table[err];
578     return err;
579 }
580 
581 static inline abi_long get_errno(abi_long ret)
582 {
583     if (ret == -1)
584         return -host_to_target_errno(errno);
585     else
586         return ret;
587 }
588 
589 static inline int is_error(abi_long ret)
590 {
591     return (abi_ulong)ret >= (abi_ulong)(-4096);
592 }
593 
594 char *target_strerror(int err)
595 {
596     if ((err >= ERRNO_TABLE_SIZE) || (err < 0)) {
597         return NULL;
598     }
599     return strerror(target_to_host_errno(err));
600 }
601 
602 static inline int host_to_target_sock_type(int host_type)
603 {
604     int target_type;
605 
606     switch (host_type & 0xf /* SOCK_TYPE_MASK */) {
607     case SOCK_DGRAM:
608         target_type = TARGET_SOCK_DGRAM;
609         break;
610     case SOCK_STREAM:
611         target_type = TARGET_SOCK_STREAM;
612         break;
613     default:
614         target_type = host_type & 0xf /* SOCK_TYPE_MASK */;
615         break;
616     }
617 
618 #if defined(SOCK_CLOEXEC)
619     if (host_type & SOCK_CLOEXEC) {
620         target_type |= TARGET_SOCK_CLOEXEC;
621     }
622 #endif
623 
624 #if defined(SOCK_NONBLOCK)
625     if (host_type & SOCK_NONBLOCK) {
626         target_type |= TARGET_SOCK_NONBLOCK;
627     }
628 #endif
629 
630     return target_type;
631 }
632 
633 static abi_ulong target_brk;
634 static abi_ulong target_original_brk;
635 static abi_ulong brk_page;
636 
637 void target_set_brk(abi_ulong new_brk)
638 {
639     target_original_brk = target_brk = HOST_PAGE_ALIGN(new_brk);
640     brk_page = HOST_PAGE_ALIGN(target_brk);
641 }
642 
643 //#define DEBUGF_BRK(message, args...) do { fprintf(stderr, (message), ## args); } while (0)
644 #define DEBUGF_BRK(message, args...)
645 
646 /* do_brk() must return target values and target errnos. */
647 abi_long do_brk(abi_ulong new_brk)
648 {
649     abi_long mapped_addr;
650     int	new_alloc_size;
651 
652     DEBUGF_BRK("do_brk(" TARGET_ABI_FMT_lx ") -> ", new_brk);
653 
654     if (!new_brk) {
655         DEBUGF_BRK(TARGET_ABI_FMT_lx " (!new_brk)\n", target_brk);
656         return target_brk;
657     }
658     if (new_brk < target_original_brk) {
659         DEBUGF_BRK(TARGET_ABI_FMT_lx " (new_brk < target_original_brk)\n",
660                    target_brk);
661         return target_brk;
662     }
663 
664     /* If the new brk is less than the highest page reserved to the
665      * target heap allocation, set it and we're almost done...  */
666     if (new_brk <= brk_page) {
667         /* Heap contents are initialized to zero, as for anonymous
668          * mapped pages.  */
669         if (new_brk > target_brk) {
670             memset(g2h(target_brk), 0, new_brk - target_brk);
671         }
672 	target_brk = new_brk;
673         DEBUGF_BRK(TARGET_ABI_FMT_lx " (new_brk <= brk_page)\n", target_brk);
674     	return target_brk;
675     }
676 
677     /* We need to allocate more memory after the brk... Note that
678      * we don't use MAP_FIXED because that will map over the top of
679      * any existing mapping (like the one with the host libc or qemu
680      * itself); instead we treat "mapped but at wrong address" as
681      * a failure and unmap again.
682      */
683     new_alloc_size = HOST_PAGE_ALIGN(new_brk - brk_page);
684     mapped_addr = get_errno(target_mmap(brk_page, new_alloc_size,
685                                         PROT_READ|PROT_WRITE,
686                                         MAP_ANON|MAP_PRIVATE, 0, 0));
687 
688     if (mapped_addr == brk_page) {
689         /* Heap contents are initialized to zero, as for anonymous
690          * mapped pages.  Technically the new pages are already
691          * initialized to zero since they *are* anonymous mapped
692          * pages, however we have to take care with the contents that
693          * come from the remaining part of the previous page: it may
694          * contains garbage data due to a previous heap usage (grown
695          * then shrunken).  */
696         memset(g2h(target_brk), 0, brk_page - target_brk);
697 
698         target_brk = new_brk;
699         brk_page = HOST_PAGE_ALIGN(target_brk);
700         DEBUGF_BRK(TARGET_ABI_FMT_lx " (mapped_addr == brk_page)\n",
701             target_brk);
702         return target_brk;
703     } else if (mapped_addr != -1) {
704         /* Mapped but at wrong address, meaning there wasn't actually
705          * enough space for this brk.
706          */
707         target_munmap(mapped_addr, new_alloc_size);
708         mapped_addr = -1;
709         DEBUGF_BRK(TARGET_ABI_FMT_lx " (mapped_addr != -1)\n", target_brk);
710     }
711     else {
712         DEBUGF_BRK(TARGET_ABI_FMT_lx " (otherwise)\n", target_brk);
713     }
714 
715 #if defined(TARGET_ALPHA)
716     /* We (partially) emulate OSF/1 on Alpha, which requires we
717        return a proper errno, not an unchanged brk value.  */
718     return -TARGET_ENOMEM;
719 #endif
720     /* For everything else, return the previous break. */
721     return target_brk;
722 }
723 
724 static inline abi_long copy_from_user_fdset(fd_set *fds,
725                                             abi_ulong target_fds_addr,
726                                             int n)
727 {
728     int i, nw, j, k;
729     abi_ulong b, *target_fds;
730 
731     nw = (n + TARGET_ABI_BITS - 1) / TARGET_ABI_BITS;
732     if (!(target_fds = lock_user(VERIFY_READ,
733                                  target_fds_addr,
734                                  sizeof(abi_ulong) * nw,
735                                  1)))
736         return -TARGET_EFAULT;
737 
738     FD_ZERO(fds);
739     k = 0;
740     for (i = 0; i < nw; i++) {
741         /* grab the abi_ulong */
742         __get_user(b, &target_fds[i]);
743         for (j = 0; j < TARGET_ABI_BITS; j++) {
744             /* check the bit inside the abi_ulong */
745             if ((b >> j) & 1)
746                 FD_SET(k, fds);
747             k++;
748         }
749     }
750 
751     unlock_user(target_fds, target_fds_addr, 0);
752 
753     return 0;
754 }
755 
756 static inline abi_ulong copy_from_user_fdset_ptr(fd_set *fds, fd_set **fds_ptr,
757                                                  abi_ulong target_fds_addr,
758                                                  int n)
759 {
760     if (target_fds_addr) {
761         if (copy_from_user_fdset(fds, target_fds_addr, n))
762             return -TARGET_EFAULT;
763         *fds_ptr = fds;
764     } else {
765         *fds_ptr = NULL;
766     }
767     return 0;
768 }
769 
770 static inline abi_long copy_to_user_fdset(abi_ulong target_fds_addr,
771                                           const fd_set *fds,
772                                           int n)
773 {
774     int i, nw, j, k;
775     abi_long v;
776     abi_ulong *target_fds;
777 
778     nw = (n + TARGET_ABI_BITS - 1) / TARGET_ABI_BITS;
779     if (!(target_fds = lock_user(VERIFY_WRITE,
780                                  target_fds_addr,
781                                  sizeof(abi_ulong) * nw,
782                                  0)))
783         return -TARGET_EFAULT;
784 
785     k = 0;
786     for (i = 0; i < nw; i++) {
787         v = 0;
788         for (j = 0; j < TARGET_ABI_BITS; j++) {
789             v |= ((abi_ulong)(FD_ISSET(k, fds) != 0) << j);
790             k++;
791         }
792         __put_user(v, &target_fds[i]);
793     }
794 
795     unlock_user(target_fds, target_fds_addr, sizeof(abi_ulong) * nw);
796 
797     return 0;
798 }
799 
800 #if defined(__alpha__)
801 #define HOST_HZ 1024
802 #else
803 #define HOST_HZ 100
804 #endif
805 
806 static inline abi_long host_to_target_clock_t(long ticks)
807 {
808 #if HOST_HZ == TARGET_HZ
809     return ticks;
810 #else
811     return ((int64_t)ticks * TARGET_HZ) / HOST_HZ;
812 #endif
813 }
814 
815 static inline abi_long host_to_target_rusage(abi_ulong target_addr,
816                                              const struct rusage *rusage)
817 {
818     struct target_rusage *target_rusage;
819 
820     if (!lock_user_struct(VERIFY_WRITE, target_rusage, target_addr, 0))
821         return -TARGET_EFAULT;
822     target_rusage->ru_utime.tv_sec = tswapal(rusage->ru_utime.tv_sec);
823     target_rusage->ru_utime.tv_usec = tswapal(rusage->ru_utime.tv_usec);
824     target_rusage->ru_stime.tv_sec = tswapal(rusage->ru_stime.tv_sec);
825     target_rusage->ru_stime.tv_usec = tswapal(rusage->ru_stime.tv_usec);
826     target_rusage->ru_maxrss = tswapal(rusage->ru_maxrss);
827     target_rusage->ru_ixrss = tswapal(rusage->ru_ixrss);
828     target_rusage->ru_idrss = tswapal(rusage->ru_idrss);
829     target_rusage->ru_isrss = tswapal(rusage->ru_isrss);
830     target_rusage->ru_minflt = tswapal(rusage->ru_minflt);
831     target_rusage->ru_majflt = tswapal(rusage->ru_majflt);
832     target_rusage->ru_nswap = tswapal(rusage->ru_nswap);
833     target_rusage->ru_inblock = tswapal(rusage->ru_inblock);
834     target_rusage->ru_oublock = tswapal(rusage->ru_oublock);
835     target_rusage->ru_msgsnd = tswapal(rusage->ru_msgsnd);
836     target_rusage->ru_msgrcv = tswapal(rusage->ru_msgrcv);
837     target_rusage->ru_nsignals = tswapal(rusage->ru_nsignals);
838     target_rusage->ru_nvcsw = tswapal(rusage->ru_nvcsw);
839     target_rusage->ru_nivcsw = tswapal(rusage->ru_nivcsw);
840     unlock_user_struct(target_rusage, target_addr, 1);
841 
842     return 0;
843 }
844 
845 static inline rlim_t target_to_host_rlim(abi_ulong target_rlim)
846 {
847     abi_ulong target_rlim_swap;
848     rlim_t result;
849 
850     target_rlim_swap = tswapal(target_rlim);
851     if (target_rlim_swap == TARGET_RLIM_INFINITY)
852         return RLIM_INFINITY;
853 
854     result = target_rlim_swap;
855     if (target_rlim_swap != (rlim_t)result)
856         return RLIM_INFINITY;
857 
858     return result;
859 }
860 
861 static inline abi_ulong host_to_target_rlim(rlim_t rlim)
862 {
863     abi_ulong target_rlim_swap;
864     abi_ulong result;
865 
866     if (rlim == RLIM_INFINITY || rlim != (abi_long)rlim)
867         target_rlim_swap = TARGET_RLIM_INFINITY;
868     else
869         target_rlim_swap = rlim;
870     result = tswapal(target_rlim_swap);
871 
872     return result;
873 }
874 
875 static inline int target_to_host_resource(int code)
876 {
877     switch (code) {
878     case TARGET_RLIMIT_AS:
879         return RLIMIT_AS;
880     case TARGET_RLIMIT_CORE:
881         return RLIMIT_CORE;
882     case TARGET_RLIMIT_CPU:
883         return RLIMIT_CPU;
884     case TARGET_RLIMIT_DATA:
885         return RLIMIT_DATA;
886     case TARGET_RLIMIT_FSIZE:
887         return RLIMIT_FSIZE;
888     case TARGET_RLIMIT_LOCKS:
889         return RLIMIT_LOCKS;
890     case TARGET_RLIMIT_MEMLOCK:
891         return RLIMIT_MEMLOCK;
892     case TARGET_RLIMIT_MSGQUEUE:
893         return RLIMIT_MSGQUEUE;
894     case TARGET_RLIMIT_NICE:
895         return RLIMIT_NICE;
896     case TARGET_RLIMIT_NOFILE:
897         return RLIMIT_NOFILE;
898     case TARGET_RLIMIT_NPROC:
899         return RLIMIT_NPROC;
900     case TARGET_RLIMIT_RSS:
901         return RLIMIT_RSS;
902     case TARGET_RLIMIT_RTPRIO:
903         return RLIMIT_RTPRIO;
904     case TARGET_RLIMIT_SIGPENDING:
905         return RLIMIT_SIGPENDING;
906     case TARGET_RLIMIT_STACK:
907         return RLIMIT_STACK;
908     default:
909         return code;
910     }
911 }
912 
913 static inline abi_long copy_from_user_timeval(struct timeval *tv,
914                                               abi_ulong target_tv_addr)
915 {
916     struct target_timeval *target_tv;
917 
918     if (!lock_user_struct(VERIFY_READ, target_tv, target_tv_addr, 1))
919         return -TARGET_EFAULT;
920 
921     __get_user(tv->tv_sec, &target_tv->tv_sec);
922     __get_user(tv->tv_usec, &target_tv->tv_usec);
923 
924     unlock_user_struct(target_tv, target_tv_addr, 0);
925 
926     return 0;
927 }
928 
929 static inline abi_long copy_to_user_timeval(abi_ulong target_tv_addr,
930                                             const struct timeval *tv)
931 {
932     struct target_timeval *target_tv;
933 
934     if (!lock_user_struct(VERIFY_WRITE, target_tv, target_tv_addr, 0))
935         return -TARGET_EFAULT;
936 
937     __put_user(tv->tv_sec, &target_tv->tv_sec);
938     __put_user(tv->tv_usec, &target_tv->tv_usec);
939 
940     unlock_user_struct(target_tv, target_tv_addr, 1);
941 
942     return 0;
943 }
944 
945 static inline abi_long copy_from_user_timezone(struct timezone *tz,
946                                                abi_ulong target_tz_addr)
947 {
948     struct target_timezone *target_tz;
949 
950     if (!lock_user_struct(VERIFY_READ, target_tz, target_tz_addr, 1)) {
951         return -TARGET_EFAULT;
952     }
953 
954     __get_user(tz->tz_minuteswest, &target_tz->tz_minuteswest);
955     __get_user(tz->tz_dsttime, &target_tz->tz_dsttime);
956 
957     unlock_user_struct(target_tz, target_tz_addr, 0);
958 
959     return 0;
960 }
961 
962 #if defined(TARGET_NR_mq_open) && defined(__NR_mq_open)
963 #include <mqueue.h>
964 
965 static inline abi_long copy_from_user_mq_attr(struct mq_attr *attr,
966                                               abi_ulong target_mq_attr_addr)
967 {
968     struct target_mq_attr *target_mq_attr;
969 
970     if (!lock_user_struct(VERIFY_READ, target_mq_attr,
971                           target_mq_attr_addr, 1))
972         return -TARGET_EFAULT;
973 
974     __get_user(attr->mq_flags, &target_mq_attr->mq_flags);
975     __get_user(attr->mq_maxmsg, &target_mq_attr->mq_maxmsg);
976     __get_user(attr->mq_msgsize, &target_mq_attr->mq_msgsize);
977     __get_user(attr->mq_curmsgs, &target_mq_attr->mq_curmsgs);
978 
979     unlock_user_struct(target_mq_attr, target_mq_attr_addr, 0);
980 
981     return 0;
982 }
983 
984 static inline abi_long copy_to_user_mq_attr(abi_ulong target_mq_attr_addr,
985                                             const struct mq_attr *attr)
986 {
987     struct target_mq_attr *target_mq_attr;
988 
989     if (!lock_user_struct(VERIFY_WRITE, target_mq_attr,
990                           target_mq_attr_addr, 0))
991         return -TARGET_EFAULT;
992 
993     __put_user(attr->mq_flags, &target_mq_attr->mq_flags);
994     __put_user(attr->mq_maxmsg, &target_mq_attr->mq_maxmsg);
995     __put_user(attr->mq_msgsize, &target_mq_attr->mq_msgsize);
996     __put_user(attr->mq_curmsgs, &target_mq_attr->mq_curmsgs);
997 
998     unlock_user_struct(target_mq_attr, target_mq_attr_addr, 1);
999 
1000     return 0;
1001 }
1002 #endif
1003 
1004 #if defined(TARGET_NR_select) || defined(TARGET_NR__newselect)
1005 /* do_select() must return target values and target errnos. */
1006 static abi_long do_select(int n,
1007                           abi_ulong rfd_addr, abi_ulong wfd_addr,
1008                           abi_ulong efd_addr, abi_ulong target_tv_addr)
1009 {
1010     fd_set rfds, wfds, efds;
1011     fd_set *rfds_ptr, *wfds_ptr, *efds_ptr;
1012     struct timeval tv, *tv_ptr;
1013     abi_long ret;
1014 
1015     ret = copy_from_user_fdset_ptr(&rfds, &rfds_ptr, rfd_addr, n);
1016     if (ret) {
1017         return ret;
1018     }
1019     ret = copy_from_user_fdset_ptr(&wfds, &wfds_ptr, wfd_addr, n);
1020     if (ret) {
1021         return ret;
1022     }
1023     ret = copy_from_user_fdset_ptr(&efds, &efds_ptr, efd_addr, n);
1024     if (ret) {
1025         return ret;
1026     }
1027 
1028     if (target_tv_addr) {
1029         if (copy_from_user_timeval(&tv, target_tv_addr))
1030             return -TARGET_EFAULT;
1031         tv_ptr = &tv;
1032     } else {
1033         tv_ptr = NULL;
1034     }
1035 
1036     ret = get_errno(select(n, rfds_ptr, wfds_ptr, efds_ptr, tv_ptr));
1037 
1038     if (!is_error(ret)) {
1039         if (rfd_addr && copy_to_user_fdset(rfd_addr, &rfds, n))
1040             return -TARGET_EFAULT;
1041         if (wfd_addr && copy_to_user_fdset(wfd_addr, &wfds, n))
1042             return -TARGET_EFAULT;
1043         if (efd_addr && copy_to_user_fdset(efd_addr, &efds, n))
1044             return -TARGET_EFAULT;
1045 
1046         if (target_tv_addr && copy_to_user_timeval(target_tv_addr, &tv))
1047             return -TARGET_EFAULT;
1048     }
1049 
1050     return ret;
1051 }
1052 #endif
1053 
1054 static abi_long do_pipe2(int host_pipe[], int flags)
1055 {
1056 #ifdef CONFIG_PIPE2
1057     return pipe2(host_pipe, flags);
1058 #else
1059     return -ENOSYS;
1060 #endif
1061 }
1062 
1063 static abi_long do_pipe(void *cpu_env, abi_ulong pipedes,
1064                         int flags, int is_pipe2)
1065 {
1066     int host_pipe[2];
1067     abi_long ret;
1068     ret = flags ? do_pipe2(host_pipe, flags) : pipe(host_pipe);
1069 
1070     if (is_error(ret))
1071         return get_errno(ret);
1072 
1073     /* Several targets have special calling conventions for the original
1074        pipe syscall, but didn't replicate this into the pipe2 syscall.  */
1075     if (!is_pipe2) {
1076 #if defined(TARGET_ALPHA)
1077         ((CPUAlphaState *)cpu_env)->ir[IR_A4] = host_pipe[1];
1078         return host_pipe[0];
1079 #elif defined(TARGET_MIPS)
1080         ((CPUMIPSState*)cpu_env)->active_tc.gpr[3] = host_pipe[1];
1081         return host_pipe[0];
1082 #elif defined(TARGET_SH4)
1083         ((CPUSH4State*)cpu_env)->gregs[1] = host_pipe[1];
1084         return host_pipe[0];
1085 #elif defined(TARGET_SPARC)
1086         ((CPUSPARCState*)cpu_env)->regwptr[1] = host_pipe[1];
1087         return host_pipe[0];
1088 #endif
1089     }
1090 
1091     if (put_user_s32(host_pipe[0], pipedes)
1092         || put_user_s32(host_pipe[1], pipedes + sizeof(host_pipe[0])))
1093         return -TARGET_EFAULT;
1094     return get_errno(ret);
1095 }
1096 
1097 static inline abi_long target_to_host_ip_mreq(struct ip_mreqn *mreqn,
1098                                               abi_ulong target_addr,
1099                                               socklen_t len)
1100 {
1101     struct target_ip_mreqn *target_smreqn;
1102 
1103     target_smreqn = lock_user(VERIFY_READ, target_addr, len, 1);
1104     if (!target_smreqn)
1105         return -TARGET_EFAULT;
1106     mreqn->imr_multiaddr.s_addr = target_smreqn->imr_multiaddr.s_addr;
1107     mreqn->imr_address.s_addr = target_smreqn->imr_address.s_addr;
1108     if (len == sizeof(struct target_ip_mreqn))
1109         mreqn->imr_ifindex = tswapal(target_smreqn->imr_ifindex);
1110     unlock_user(target_smreqn, target_addr, 0);
1111 
1112     return 0;
1113 }
1114 
1115 static inline abi_long target_to_host_sockaddr(struct sockaddr *addr,
1116                                                abi_ulong target_addr,
1117                                                socklen_t len)
1118 {
1119     const socklen_t unix_maxlen = sizeof (struct sockaddr_un);
1120     sa_family_t sa_family;
1121     struct target_sockaddr *target_saddr;
1122 
1123     target_saddr = lock_user(VERIFY_READ, target_addr, len, 1);
1124     if (!target_saddr)
1125         return -TARGET_EFAULT;
1126 
1127     sa_family = tswap16(target_saddr->sa_family);
1128 
1129     /* Oops. The caller might send a incomplete sun_path; sun_path
1130      * must be terminated by \0 (see the manual page), but
1131      * unfortunately it is quite common to specify sockaddr_un
1132      * length as "strlen(x->sun_path)" while it should be
1133      * "strlen(...) + 1". We'll fix that here if needed.
1134      * Linux kernel has a similar feature.
1135      */
1136 
1137     if (sa_family == AF_UNIX) {
1138         if (len < unix_maxlen && len > 0) {
1139             char *cp = (char*)target_saddr;
1140 
1141             if ( cp[len-1] && !cp[len] )
1142                 len++;
1143         }
1144         if (len > unix_maxlen)
1145             len = unix_maxlen;
1146     }
1147 
1148     memcpy(addr, target_saddr, len);
1149     addr->sa_family = sa_family;
1150     if (sa_family == AF_PACKET) {
1151 	struct target_sockaddr_ll *lladdr;
1152 
1153 	lladdr = (struct target_sockaddr_ll *)addr;
1154 	lladdr->sll_ifindex = tswap32(lladdr->sll_ifindex);
1155 	lladdr->sll_hatype = tswap16(lladdr->sll_hatype);
1156     }
1157     unlock_user(target_saddr, target_addr, 0);
1158 
1159     return 0;
1160 }
1161 
1162 static inline abi_long host_to_target_sockaddr(abi_ulong target_addr,
1163                                                struct sockaddr *addr,
1164                                                socklen_t len)
1165 {
1166     struct target_sockaddr *target_saddr;
1167 
1168     target_saddr = lock_user(VERIFY_WRITE, target_addr, len, 0);
1169     if (!target_saddr)
1170         return -TARGET_EFAULT;
1171     memcpy(target_saddr, addr, len);
1172     target_saddr->sa_family = tswap16(addr->sa_family);
1173     unlock_user(target_saddr, target_addr, len);
1174 
1175     return 0;
1176 }
1177 
1178 static inline abi_long target_to_host_cmsg(struct msghdr *msgh,
1179                                            struct target_msghdr *target_msgh)
1180 {
1181     struct cmsghdr *cmsg = CMSG_FIRSTHDR(msgh);
1182     abi_long msg_controllen;
1183     abi_ulong target_cmsg_addr;
1184     struct target_cmsghdr *target_cmsg;
1185     socklen_t space = 0;
1186 
1187     msg_controllen = tswapal(target_msgh->msg_controllen);
1188     if (msg_controllen < sizeof (struct target_cmsghdr))
1189         goto the_end;
1190     target_cmsg_addr = tswapal(target_msgh->msg_control);
1191     target_cmsg = lock_user(VERIFY_READ, target_cmsg_addr, msg_controllen, 1);
1192     if (!target_cmsg)
1193         return -TARGET_EFAULT;
1194 
1195     while (cmsg && target_cmsg) {
1196         void *data = CMSG_DATA(cmsg);
1197         void *target_data = TARGET_CMSG_DATA(target_cmsg);
1198 
1199         int len = tswapal(target_cmsg->cmsg_len)
1200                   - TARGET_CMSG_ALIGN(sizeof (struct target_cmsghdr));
1201 
1202         space += CMSG_SPACE(len);
1203         if (space > msgh->msg_controllen) {
1204             space -= CMSG_SPACE(len);
1205             gemu_log("Host cmsg overflow\n");
1206             break;
1207         }
1208 
1209         if (tswap32(target_cmsg->cmsg_level) == TARGET_SOL_SOCKET) {
1210             cmsg->cmsg_level = SOL_SOCKET;
1211         } else {
1212             cmsg->cmsg_level = tswap32(target_cmsg->cmsg_level);
1213         }
1214         cmsg->cmsg_type = tswap32(target_cmsg->cmsg_type);
1215         cmsg->cmsg_len = CMSG_LEN(len);
1216 
1217         if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {
1218             int *fd = (int *)data;
1219             int *target_fd = (int *)target_data;
1220             int i, numfds = len / sizeof(int);
1221 
1222             for (i = 0; i < numfds; i++)
1223                 fd[i] = tswap32(target_fd[i]);
1224         } else if (cmsg->cmsg_level == SOL_SOCKET
1225                &&  cmsg->cmsg_type == SCM_CREDENTIALS) {
1226             struct ucred *cred = (struct ucred *)data;
1227             struct target_ucred *target_cred =
1228                 (struct target_ucred *)target_data;
1229 
1230             __put_user(target_cred->pid, &cred->pid);
1231             __put_user(target_cred->uid, &cred->uid);
1232             __put_user(target_cred->gid, &cred->gid);
1233         } else {
1234             gemu_log("Unsupported ancillary data: %d/%d\n",
1235                                         cmsg->cmsg_level, cmsg->cmsg_type);
1236             memcpy(data, target_data, len);
1237         }
1238 
1239         cmsg = CMSG_NXTHDR(msgh, cmsg);
1240         target_cmsg = TARGET_CMSG_NXTHDR(target_msgh, target_cmsg);
1241     }
1242     unlock_user(target_cmsg, target_cmsg_addr, 0);
1243  the_end:
1244     msgh->msg_controllen = space;
1245     return 0;
1246 }
1247 
1248 static inline abi_long host_to_target_cmsg(struct target_msghdr *target_msgh,
1249                                            struct msghdr *msgh)
1250 {
1251     struct cmsghdr *cmsg = CMSG_FIRSTHDR(msgh);
1252     abi_long msg_controllen;
1253     abi_ulong target_cmsg_addr;
1254     struct target_cmsghdr *target_cmsg;
1255     socklen_t space = 0;
1256 
1257     msg_controllen = tswapal(target_msgh->msg_controllen);
1258     if (msg_controllen < sizeof (struct target_cmsghdr))
1259         goto the_end;
1260     target_cmsg_addr = tswapal(target_msgh->msg_control);
1261     target_cmsg = lock_user(VERIFY_WRITE, target_cmsg_addr, msg_controllen, 0);
1262     if (!target_cmsg)
1263         return -TARGET_EFAULT;
1264 
1265     while (cmsg && target_cmsg) {
1266         void *data = CMSG_DATA(cmsg);
1267         void *target_data = TARGET_CMSG_DATA(target_cmsg);
1268 
1269         int len = cmsg->cmsg_len - CMSG_ALIGN(sizeof (struct cmsghdr));
1270 
1271         space += TARGET_CMSG_SPACE(len);
1272         if (space > msg_controllen) {
1273             space -= TARGET_CMSG_SPACE(len);
1274             gemu_log("Target cmsg overflow\n");
1275             break;
1276         }
1277 
1278         if (cmsg->cmsg_level == SOL_SOCKET) {
1279             target_cmsg->cmsg_level = tswap32(TARGET_SOL_SOCKET);
1280         } else {
1281             target_cmsg->cmsg_level = tswap32(cmsg->cmsg_level);
1282         }
1283         target_cmsg->cmsg_type = tswap32(cmsg->cmsg_type);
1284         target_cmsg->cmsg_len = tswapal(TARGET_CMSG_LEN(len));
1285 
1286         switch (cmsg->cmsg_level) {
1287         case SOL_SOCKET:
1288             switch (cmsg->cmsg_type) {
1289             case SCM_RIGHTS:
1290             {
1291                 int *fd = (int *)data;
1292                 int *target_fd = (int *)target_data;
1293                 int i, numfds = len / sizeof(int);
1294 
1295                 for (i = 0; i < numfds; i++)
1296                     target_fd[i] = tswap32(fd[i]);
1297                 break;
1298             }
1299             case SO_TIMESTAMP:
1300             {
1301                 struct timeval *tv = (struct timeval *)data;
1302                 struct target_timeval *target_tv =
1303                     (struct target_timeval *)target_data;
1304 
1305                 if (len != sizeof(struct timeval))
1306                     goto unimplemented;
1307 
1308                 /* copy struct timeval to target */
1309                 target_tv->tv_sec = tswapal(tv->tv_sec);
1310                 target_tv->tv_usec = tswapal(tv->tv_usec);
1311                 break;
1312             }
1313             case SCM_CREDENTIALS:
1314             {
1315                 struct ucred *cred = (struct ucred *)data;
1316                 struct target_ucred *target_cred =
1317                     (struct target_ucred *)target_data;
1318 
1319                 __put_user(cred->pid, &target_cred->pid);
1320                 __put_user(cred->uid, &target_cred->uid);
1321                 __put_user(cred->gid, &target_cred->gid);
1322                 break;
1323             }
1324             default:
1325                 goto unimplemented;
1326             }
1327             break;
1328 
1329         default:
1330         unimplemented:
1331             gemu_log("Unsupported ancillary data: %d/%d\n",
1332                                         cmsg->cmsg_level, cmsg->cmsg_type);
1333             memcpy(target_data, data, len);
1334         }
1335 
1336         cmsg = CMSG_NXTHDR(msgh, cmsg);
1337         target_cmsg = TARGET_CMSG_NXTHDR(target_msgh, target_cmsg);
1338     }
1339     unlock_user(target_cmsg, target_cmsg_addr, space);
1340  the_end:
1341     target_msgh->msg_controllen = tswapal(space);
1342     return 0;
1343 }
1344 
1345 /* do_setsockopt() Must return target values and target errnos. */
1346 static abi_long do_setsockopt(int sockfd, int level, int optname,
1347                               abi_ulong optval_addr, socklen_t optlen)
1348 {
1349     abi_long ret;
1350     int val;
1351     struct ip_mreqn *ip_mreq;
1352     struct ip_mreq_source *ip_mreq_source;
1353 
1354     switch(level) {
1355     case SOL_TCP:
1356         /* TCP options all take an 'int' value.  */
1357         if (optlen < sizeof(uint32_t))
1358             return -TARGET_EINVAL;
1359 
1360         if (get_user_u32(val, optval_addr))
1361             return -TARGET_EFAULT;
1362         ret = get_errno(setsockopt(sockfd, level, optname, &val, sizeof(val)));
1363         break;
1364     case SOL_IP:
1365         switch(optname) {
1366         case IP_TOS:
1367         case IP_TTL:
1368         case IP_HDRINCL:
1369         case IP_ROUTER_ALERT:
1370         case IP_RECVOPTS:
1371         case IP_RETOPTS:
1372         case IP_PKTINFO:
1373         case IP_MTU_DISCOVER:
1374         case IP_RECVERR:
1375         case IP_RECVTOS:
1376 #ifdef IP_FREEBIND
1377         case IP_FREEBIND:
1378 #endif
1379         case IP_MULTICAST_TTL:
1380         case IP_MULTICAST_LOOP:
1381             val = 0;
1382             if (optlen >= sizeof(uint32_t)) {
1383                 if (get_user_u32(val, optval_addr))
1384                     return -TARGET_EFAULT;
1385             } else if (optlen >= 1) {
1386                 if (get_user_u8(val, optval_addr))
1387                     return -TARGET_EFAULT;
1388             }
1389             ret = get_errno(setsockopt(sockfd, level, optname, &val, sizeof(val)));
1390             break;
1391         case IP_ADD_MEMBERSHIP:
1392         case IP_DROP_MEMBERSHIP:
1393             if (optlen < sizeof (struct target_ip_mreq) ||
1394                 optlen > sizeof (struct target_ip_mreqn))
1395                 return -TARGET_EINVAL;
1396 
1397             ip_mreq = (struct ip_mreqn *) alloca(optlen);
1398             target_to_host_ip_mreq(ip_mreq, optval_addr, optlen);
1399             ret = get_errno(setsockopt(sockfd, level, optname, ip_mreq, optlen));
1400             break;
1401 
1402         case IP_BLOCK_SOURCE:
1403         case IP_UNBLOCK_SOURCE:
1404         case IP_ADD_SOURCE_MEMBERSHIP:
1405         case IP_DROP_SOURCE_MEMBERSHIP:
1406             if (optlen != sizeof (struct target_ip_mreq_source))
1407                 return -TARGET_EINVAL;
1408 
1409             ip_mreq_source = lock_user(VERIFY_READ, optval_addr, optlen, 1);
1410             ret = get_errno(setsockopt(sockfd, level, optname, ip_mreq_source, optlen));
1411             unlock_user (ip_mreq_source, optval_addr, 0);
1412             break;
1413 
1414         default:
1415             goto unimplemented;
1416         }
1417         break;
1418     case SOL_IPV6:
1419         switch (optname) {
1420         case IPV6_MTU_DISCOVER:
1421         case IPV6_MTU:
1422         case IPV6_V6ONLY:
1423         case IPV6_RECVPKTINFO:
1424             val = 0;
1425             if (optlen < sizeof(uint32_t)) {
1426                 return -TARGET_EINVAL;
1427             }
1428             if (get_user_u32(val, optval_addr)) {
1429                 return -TARGET_EFAULT;
1430             }
1431             ret = get_errno(setsockopt(sockfd, level, optname,
1432                                        &val, sizeof(val)));
1433             break;
1434         default:
1435             goto unimplemented;
1436         }
1437         break;
1438     case SOL_RAW:
1439         switch (optname) {
1440         case ICMP_FILTER:
1441             /* struct icmp_filter takes an u32 value */
1442             if (optlen < sizeof(uint32_t)) {
1443                 return -TARGET_EINVAL;
1444             }
1445 
1446             if (get_user_u32(val, optval_addr)) {
1447                 return -TARGET_EFAULT;
1448             }
1449             ret = get_errno(setsockopt(sockfd, level, optname,
1450                                        &val, sizeof(val)));
1451             break;
1452 
1453         default:
1454             goto unimplemented;
1455         }
1456         break;
1457     case TARGET_SOL_SOCKET:
1458         switch (optname) {
1459         case TARGET_SO_RCVTIMEO:
1460         {
1461                 struct timeval tv;
1462 
1463                 optname = SO_RCVTIMEO;
1464 
1465 set_timeout:
1466                 if (optlen != sizeof(struct target_timeval)) {
1467                     return -TARGET_EINVAL;
1468                 }
1469 
1470                 if (copy_from_user_timeval(&tv, optval_addr)) {
1471                     return -TARGET_EFAULT;
1472                 }
1473 
1474                 ret = get_errno(setsockopt(sockfd, SOL_SOCKET, optname,
1475                                 &tv, sizeof(tv)));
1476                 return ret;
1477         }
1478         case TARGET_SO_SNDTIMEO:
1479                 optname = SO_SNDTIMEO;
1480                 goto set_timeout;
1481         case TARGET_SO_ATTACH_FILTER:
1482         {
1483                 struct target_sock_fprog *tfprog;
1484                 struct target_sock_filter *tfilter;
1485                 struct sock_fprog fprog;
1486                 struct sock_filter *filter;
1487                 int i;
1488 
1489                 if (optlen != sizeof(*tfprog)) {
1490                     return -TARGET_EINVAL;
1491                 }
1492                 if (!lock_user_struct(VERIFY_READ, tfprog, optval_addr, 0)) {
1493                     return -TARGET_EFAULT;
1494                 }
1495                 if (!lock_user_struct(VERIFY_READ, tfilter,
1496                                       tswapal(tfprog->filter), 0)) {
1497                     unlock_user_struct(tfprog, optval_addr, 1);
1498                     return -TARGET_EFAULT;
1499                 }
1500 
1501                 fprog.len = tswap16(tfprog->len);
1502                 filter = malloc(fprog.len * sizeof(*filter));
1503                 if (filter == NULL) {
1504                     unlock_user_struct(tfilter, tfprog->filter, 1);
1505                     unlock_user_struct(tfprog, optval_addr, 1);
1506                     return -TARGET_ENOMEM;
1507                 }
1508                 for (i = 0; i < fprog.len; i++) {
1509                     filter[i].code = tswap16(tfilter[i].code);
1510                     filter[i].jt = tfilter[i].jt;
1511                     filter[i].jf = tfilter[i].jf;
1512                     filter[i].k = tswap32(tfilter[i].k);
1513                 }
1514                 fprog.filter = filter;
1515 
1516                 ret = get_errno(setsockopt(sockfd, SOL_SOCKET,
1517                                 SO_ATTACH_FILTER, &fprog, sizeof(fprog)));
1518                 free(filter);
1519 
1520                 unlock_user_struct(tfilter, tfprog->filter, 1);
1521                 unlock_user_struct(tfprog, optval_addr, 1);
1522                 return ret;
1523         }
1524 	case TARGET_SO_BINDTODEVICE:
1525 	{
1526 		char *dev_ifname, *addr_ifname;
1527 
1528 		if (optlen > IFNAMSIZ - 1) {
1529 		    optlen = IFNAMSIZ - 1;
1530 		}
1531 		dev_ifname = lock_user(VERIFY_READ, optval_addr, optlen, 1);
1532 		if (!dev_ifname) {
1533 		    return -TARGET_EFAULT;
1534 		}
1535 		optname = SO_BINDTODEVICE;
1536 		addr_ifname = alloca(IFNAMSIZ);
1537 		memcpy(addr_ifname, dev_ifname, optlen);
1538 		addr_ifname[optlen] = 0;
1539 		ret = get_errno(setsockopt(sockfd, level, optname, addr_ifname, optlen));
1540 		unlock_user (dev_ifname, optval_addr, 0);
1541 		return ret;
1542 	}
1543             /* Options with 'int' argument.  */
1544         case TARGET_SO_DEBUG:
1545 		optname = SO_DEBUG;
1546 		break;
1547         case TARGET_SO_REUSEADDR:
1548 		optname = SO_REUSEADDR;
1549 		break;
1550         case TARGET_SO_TYPE:
1551 		optname = SO_TYPE;
1552 		break;
1553         case TARGET_SO_ERROR:
1554 		optname = SO_ERROR;
1555 		break;
1556         case TARGET_SO_DONTROUTE:
1557 		optname = SO_DONTROUTE;
1558 		break;
1559         case TARGET_SO_BROADCAST:
1560 		optname = SO_BROADCAST;
1561 		break;
1562         case TARGET_SO_SNDBUF:
1563 		optname = SO_SNDBUF;
1564 		break;
1565         case TARGET_SO_SNDBUFFORCE:
1566                 optname = SO_SNDBUFFORCE;
1567                 break;
1568         case TARGET_SO_RCVBUF:
1569 		optname = SO_RCVBUF;
1570 		break;
1571         case TARGET_SO_RCVBUFFORCE:
1572                 optname = SO_RCVBUFFORCE;
1573                 break;
1574         case TARGET_SO_KEEPALIVE:
1575 		optname = SO_KEEPALIVE;
1576 		break;
1577         case TARGET_SO_OOBINLINE:
1578 		optname = SO_OOBINLINE;
1579 		break;
1580         case TARGET_SO_NO_CHECK:
1581 		optname = SO_NO_CHECK;
1582 		break;
1583         case TARGET_SO_PRIORITY:
1584 		optname = SO_PRIORITY;
1585 		break;
1586 #ifdef SO_BSDCOMPAT
1587         case TARGET_SO_BSDCOMPAT:
1588 		optname = SO_BSDCOMPAT;
1589 		break;
1590 #endif
1591         case TARGET_SO_PASSCRED:
1592 		optname = SO_PASSCRED;
1593 		break;
1594         case TARGET_SO_PASSSEC:
1595                 optname = SO_PASSSEC;
1596                 break;
1597         case TARGET_SO_TIMESTAMP:
1598 		optname = SO_TIMESTAMP;
1599 		break;
1600         case TARGET_SO_RCVLOWAT:
1601 		optname = SO_RCVLOWAT;
1602 		break;
1603             break;
1604         default:
1605             goto unimplemented;
1606         }
1607 	if (optlen < sizeof(uint32_t))
1608             return -TARGET_EINVAL;
1609 
1610 	if (get_user_u32(val, optval_addr))
1611             return -TARGET_EFAULT;
1612 	ret = get_errno(setsockopt(sockfd, SOL_SOCKET, optname, &val, sizeof(val)));
1613         break;
1614     default:
1615     unimplemented:
1616         gemu_log("Unsupported setsockopt level=%d optname=%d\n", level, optname);
1617         ret = -TARGET_ENOPROTOOPT;
1618     }
1619     return ret;
1620 }
1621 
1622 /* do_getsockopt() Must return target values and target errnos. */
1623 static abi_long do_getsockopt(int sockfd, int level, int optname,
1624                               abi_ulong optval_addr, abi_ulong optlen)
1625 {
1626     abi_long ret;
1627     int len, val;
1628     socklen_t lv;
1629 
1630     switch(level) {
1631     case TARGET_SOL_SOCKET:
1632         level = SOL_SOCKET;
1633         switch (optname) {
1634         /* These don't just return a single integer */
1635         case TARGET_SO_LINGER:
1636         case TARGET_SO_RCVTIMEO:
1637         case TARGET_SO_SNDTIMEO:
1638         case TARGET_SO_PEERNAME:
1639             goto unimplemented;
1640         case TARGET_SO_PEERCRED: {
1641             struct ucred cr;
1642             socklen_t crlen;
1643             struct target_ucred *tcr;
1644 
1645             if (get_user_u32(len, optlen)) {
1646                 return -TARGET_EFAULT;
1647             }
1648             if (len < 0) {
1649                 return -TARGET_EINVAL;
1650             }
1651 
1652             crlen = sizeof(cr);
1653             ret = get_errno(getsockopt(sockfd, level, SO_PEERCRED,
1654                                        &cr, &crlen));
1655             if (ret < 0) {
1656                 return ret;
1657             }
1658             if (len > crlen) {
1659                 len = crlen;
1660             }
1661             if (!lock_user_struct(VERIFY_WRITE, tcr, optval_addr, 0)) {
1662                 return -TARGET_EFAULT;
1663             }
1664             __put_user(cr.pid, &tcr->pid);
1665             __put_user(cr.uid, &tcr->uid);
1666             __put_user(cr.gid, &tcr->gid);
1667             unlock_user_struct(tcr, optval_addr, 1);
1668             if (put_user_u32(len, optlen)) {
1669                 return -TARGET_EFAULT;
1670             }
1671             break;
1672         }
1673         /* Options with 'int' argument.  */
1674         case TARGET_SO_DEBUG:
1675             optname = SO_DEBUG;
1676             goto int_case;
1677         case TARGET_SO_REUSEADDR:
1678             optname = SO_REUSEADDR;
1679             goto int_case;
1680         case TARGET_SO_TYPE:
1681             optname = SO_TYPE;
1682             goto int_case;
1683         case TARGET_SO_ERROR:
1684             optname = SO_ERROR;
1685             goto int_case;
1686         case TARGET_SO_DONTROUTE:
1687             optname = SO_DONTROUTE;
1688             goto int_case;
1689         case TARGET_SO_BROADCAST:
1690             optname = SO_BROADCAST;
1691             goto int_case;
1692         case TARGET_SO_SNDBUF:
1693             optname = SO_SNDBUF;
1694             goto int_case;
1695         case TARGET_SO_RCVBUF:
1696             optname = SO_RCVBUF;
1697             goto int_case;
1698         case TARGET_SO_KEEPALIVE:
1699             optname = SO_KEEPALIVE;
1700             goto int_case;
1701         case TARGET_SO_OOBINLINE:
1702             optname = SO_OOBINLINE;
1703             goto int_case;
1704         case TARGET_SO_NO_CHECK:
1705             optname = SO_NO_CHECK;
1706             goto int_case;
1707         case TARGET_SO_PRIORITY:
1708             optname = SO_PRIORITY;
1709             goto int_case;
1710 #ifdef SO_BSDCOMPAT
1711         case TARGET_SO_BSDCOMPAT:
1712             optname = SO_BSDCOMPAT;
1713             goto int_case;
1714 #endif
1715         case TARGET_SO_PASSCRED:
1716             optname = SO_PASSCRED;
1717             goto int_case;
1718         case TARGET_SO_TIMESTAMP:
1719             optname = SO_TIMESTAMP;
1720             goto int_case;
1721         case TARGET_SO_RCVLOWAT:
1722             optname = SO_RCVLOWAT;
1723             goto int_case;
1724         case TARGET_SO_ACCEPTCONN:
1725             optname = SO_ACCEPTCONN;
1726             goto int_case;
1727         default:
1728             goto int_case;
1729         }
1730         break;
1731     case SOL_TCP:
1732         /* TCP options all take an 'int' value.  */
1733     int_case:
1734         if (get_user_u32(len, optlen))
1735             return -TARGET_EFAULT;
1736         if (len < 0)
1737             return -TARGET_EINVAL;
1738         lv = sizeof(lv);
1739         ret = get_errno(getsockopt(sockfd, level, optname, &val, &lv));
1740         if (ret < 0)
1741             return ret;
1742         if (optname == SO_TYPE) {
1743             val = host_to_target_sock_type(val);
1744         }
1745         if (len > lv)
1746             len = lv;
1747         if (len == 4) {
1748             if (put_user_u32(val, optval_addr))
1749                 return -TARGET_EFAULT;
1750         } else {
1751             if (put_user_u8(val, optval_addr))
1752                 return -TARGET_EFAULT;
1753         }
1754         if (put_user_u32(len, optlen))
1755             return -TARGET_EFAULT;
1756         break;
1757     case SOL_IP:
1758         switch(optname) {
1759         case IP_TOS:
1760         case IP_TTL:
1761         case IP_HDRINCL:
1762         case IP_ROUTER_ALERT:
1763         case IP_RECVOPTS:
1764         case IP_RETOPTS:
1765         case IP_PKTINFO:
1766         case IP_MTU_DISCOVER:
1767         case IP_RECVERR:
1768         case IP_RECVTOS:
1769 #ifdef IP_FREEBIND
1770         case IP_FREEBIND:
1771 #endif
1772         case IP_MULTICAST_TTL:
1773         case IP_MULTICAST_LOOP:
1774             if (get_user_u32(len, optlen))
1775                 return -TARGET_EFAULT;
1776             if (len < 0)
1777                 return -TARGET_EINVAL;
1778             lv = sizeof(lv);
1779             ret = get_errno(getsockopt(sockfd, level, optname, &val, &lv));
1780             if (ret < 0)
1781                 return ret;
1782             if (len < sizeof(int) && len > 0 && val >= 0 && val < 255) {
1783                 len = 1;
1784                 if (put_user_u32(len, optlen)
1785                     || put_user_u8(val, optval_addr))
1786                     return -TARGET_EFAULT;
1787             } else {
1788                 if (len > sizeof(int))
1789                     len = sizeof(int);
1790                 if (put_user_u32(len, optlen)
1791                     || put_user_u32(val, optval_addr))
1792                     return -TARGET_EFAULT;
1793             }
1794             break;
1795         default:
1796             ret = -TARGET_ENOPROTOOPT;
1797             break;
1798         }
1799         break;
1800     default:
1801     unimplemented:
1802         gemu_log("getsockopt level=%d optname=%d not yet supported\n",
1803                  level, optname);
1804         ret = -TARGET_EOPNOTSUPP;
1805         break;
1806     }
1807     return ret;
1808 }
1809 
1810 static struct iovec *lock_iovec(int type, abi_ulong target_addr,
1811                                 int count, int copy)
1812 {
1813     struct target_iovec *target_vec;
1814     struct iovec *vec;
1815     abi_ulong total_len, max_len;
1816     int i;
1817     int err = 0;
1818     bool bad_address = false;
1819 
1820     if (count == 0) {
1821         errno = 0;
1822         return NULL;
1823     }
1824     if (count < 0 || count > IOV_MAX) {
1825         errno = EINVAL;
1826         return NULL;
1827     }
1828 
1829     vec = calloc(count, sizeof(struct iovec));
1830     if (vec == NULL) {
1831         errno = ENOMEM;
1832         return NULL;
1833     }
1834 
1835     target_vec = lock_user(VERIFY_READ, target_addr,
1836                            count * sizeof(struct target_iovec), 1);
1837     if (target_vec == NULL) {
1838         err = EFAULT;
1839         goto fail2;
1840     }
1841 
1842     /* ??? If host page size > target page size, this will result in a
1843        value larger than what we can actually support.  */
1844     max_len = 0x7fffffff & TARGET_PAGE_MASK;
1845     total_len = 0;
1846 
1847     for (i = 0; i < count; i++) {
1848         abi_ulong base = tswapal(target_vec[i].iov_base);
1849         abi_long len = tswapal(target_vec[i].iov_len);
1850 
1851         if (len < 0) {
1852             err = EINVAL;
1853             goto fail;
1854         } else if (len == 0) {
1855             /* Zero length pointer is ignored.  */
1856             vec[i].iov_base = 0;
1857         } else {
1858             vec[i].iov_base = lock_user(type, base, len, copy);
1859             /* If the first buffer pointer is bad, this is a fault.  But
1860              * subsequent bad buffers will result in a partial write; this
1861              * is realized by filling the vector with null pointers and
1862              * zero lengths. */
1863             if (!vec[i].iov_base) {
1864                 if (i == 0) {
1865                     err = EFAULT;
1866                     goto fail;
1867                 } else {
1868                     bad_address = true;
1869                 }
1870             }
1871             if (bad_address) {
1872                 len = 0;
1873             }
1874             if (len > max_len - total_len) {
1875                 len = max_len - total_len;
1876             }
1877         }
1878         vec[i].iov_len = len;
1879         total_len += len;
1880     }
1881 
1882     unlock_user(target_vec, target_addr, 0);
1883     return vec;
1884 
1885  fail:
1886     while (--i >= 0) {
1887         if (tswapal(target_vec[i].iov_len) > 0) {
1888             unlock_user(vec[i].iov_base, tswapal(target_vec[i].iov_base), 0);
1889         }
1890     }
1891     unlock_user(target_vec, target_addr, 0);
1892  fail2:
1893     free(vec);
1894     errno = err;
1895     return NULL;
1896 }
1897 
1898 static void unlock_iovec(struct iovec *vec, abi_ulong target_addr,
1899                          int count, int copy)
1900 {
1901     struct target_iovec *target_vec;
1902     int i;
1903 
1904     target_vec = lock_user(VERIFY_READ, target_addr,
1905                            count * sizeof(struct target_iovec), 1);
1906     if (target_vec) {
1907         for (i = 0; i < count; i++) {
1908             abi_ulong base = tswapal(target_vec[i].iov_base);
1909             abi_long len = tswapal(target_vec[i].iov_len);
1910             if (len < 0) {
1911                 break;
1912             }
1913             unlock_user(vec[i].iov_base, base, copy ? vec[i].iov_len : 0);
1914         }
1915         unlock_user(target_vec, target_addr, 0);
1916     }
1917 
1918     free(vec);
1919 }
1920 
1921 static inline int target_to_host_sock_type(int *type)
1922 {
1923     int host_type = 0;
1924     int target_type = *type;
1925 
1926     switch (target_type & TARGET_SOCK_TYPE_MASK) {
1927     case TARGET_SOCK_DGRAM:
1928         host_type = SOCK_DGRAM;
1929         break;
1930     case TARGET_SOCK_STREAM:
1931         host_type = SOCK_STREAM;
1932         break;
1933     default:
1934         host_type = target_type & TARGET_SOCK_TYPE_MASK;
1935         break;
1936     }
1937     if (target_type & TARGET_SOCK_CLOEXEC) {
1938 #if defined(SOCK_CLOEXEC)
1939         host_type |= SOCK_CLOEXEC;
1940 #else
1941         return -TARGET_EINVAL;
1942 #endif
1943     }
1944     if (target_type & TARGET_SOCK_NONBLOCK) {
1945 #if defined(SOCK_NONBLOCK)
1946         host_type |= SOCK_NONBLOCK;
1947 #elif !defined(O_NONBLOCK)
1948         return -TARGET_EINVAL;
1949 #endif
1950     }
1951     *type = host_type;
1952     return 0;
1953 }
1954 
1955 /* Try to emulate socket type flags after socket creation.  */
1956 static int sock_flags_fixup(int fd, int target_type)
1957 {
1958 #if !defined(SOCK_NONBLOCK) && defined(O_NONBLOCK)
1959     if (target_type & TARGET_SOCK_NONBLOCK) {
1960         int flags = fcntl(fd, F_GETFL);
1961         if (fcntl(fd, F_SETFL, O_NONBLOCK | flags) == -1) {
1962             close(fd);
1963             return -TARGET_EINVAL;
1964         }
1965     }
1966 #endif
1967     return fd;
1968 }
1969 
1970 /* do_socket() Must return target values and target errnos. */
1971 static abi_long do_socket(int domain, int type, int protocol)
1972 {
1973     int target_type = type;
1974     int ret;
1975 
1976     ret = target_to_host_sock_type(&type);
1977     if (ret) {
1978         return ret;
1979     }
1980 
1981     if (domain == PF_NETLINK)
1982         return -TARGET_EAFNOSUPPORT;
1983     ret = get_errno(socket(domain, type, protocol));
1984     if (ret >= 0) {
1985         ret = sock_flags_fixup(ret, target_type);
1986     }
1987     return ret;
1988 }
1989 
1990 /* do_bind() Must return target values and target errnos. */
1991 static abi_long do_bind(int sockfd, abi_ulong target_addr,
1992                         socklen_t addrlen)
1993 {
1994     void *addr;
1995     abi_long ret;
1996 
1997     if ((int)addrlen < 0) {
1998         return -TARGET_EINVAL;
1999     }
2000 
2001     addr = alloca(addrlen+1);
2002 
2003     ret = target_to_host_sockaddr(addr, target_addr, addrlen);
2004     if (ret)
2005         return ret;
2006 
2007     return get_errno(bind(sockfd, addr, addrlen));
2008 }
2009 
2010 /* do_connect() Must return target values and target errnos. */
2011 static abi_long do_connect(int sockfd, abi_ulong target_addr,
2012                            socklen_t addrlen)
2013 {
2014     void *addr;
2015     abi_long ret;
2016 
2017     if ((int)addrlen < 0) {
2018         return -TARGET_EINVAL;
2019     }
2020 
2021     addr = alloca(addrlen+1);
2022 
2023     ret = target_to_host_sockaddr(addr, target_addr, addrlen);
2024     if (ret)
2025         return ret;
2026 
2027     return get_errno(connect(sockfd, addr, addrlen));
2028 }
2029 
2030 /* do_sendrecvmsg_locked() Must return target values and target errnos. */
2031 static abi_long do_sendrecvmsg_locked(int fd, struct target_msghdr *msgp,
2032                                       int flags, int send)
2033 {
2034     abi_long ret, len;
2035     struct msghdr msg;
2036     int count;
2037     struct iovec *vec;
2038     abi_ulong target_vec;
2039 
2040     if (msgp->msg_name) {
2041         msg.msg_namelen = tswap32(msgp->msg_namelen);
2042         msg.msg_name = alloca(msg.msg_namelen+1);
2043         ret = target_to_host_sockaddr(msg.msg_name, tswapal(msgp->msg_name),
2044                                 msg.msg_namelen);
2045         if (ret) {
2046             goto out2;
2047         }
2048     } else {
2049         msg.msg_name = NULL;
2050         msg.msg_namelen = 0;
2051     }
2052     msg.msg_controllen = 2 * tswapal(msgp->msg_controllen);
2053     msg.msg_control = alloca(msg.msg_controllen);
2054     msg.msg_flags = tswap32(msgp->msg_flags);
2055 
2056     count = tswapal(msgp->msg_iovlen);
2057     target_vec = tswapal(msgp->msg_iov);
2058     vec = lock_iovec(send ? VERIFY_READ : VERIFY_WRITE,
2059                      target_vec, count, send);
2060     if (vec == NULL) {
2061         ret = -host_to_target_errno(errno);
2062         goto out2;
2063     }
2064     msg.msg_iovlen = count;
2065     msg.msg_iov = vec;
2066 
2067     if (send) {
2068         ret = target_to_host_cmsg(&msg, msgp);
2069         if (ret == 0)
2070             ret = get_errno(sendmsg(fd, &msg, flags));
2071     } else {
2072         ret = get_errno(recvmsg(fd, &msg, flags));
2073         if (!is_error(ret)) {
2074             len = ret;
2075             ret = host_to_target_cmsg(msgp, &msg);
2076             if (!is_error(ret)) {
2077                 msgp->msg_namelen = tswap32(msg.msg_namelen);
2078                 if (msg.msg_name != NULL) {
2079                     ret = host_to_target_sockaddr(tswapal(msgp->msg_name),
2080                                     msg.msg_name, msg.msg_namelen);
2081                     if (ret) {
2082                         goto out;
2083                     }
2084                 }
2085 
2086                 ret = len;
2087             }
2088         }
2089     }
2090 
2091 out:
2092     unlock_iovec(vec, target_vec, count, !send);
2093 out2:
2094     return ret;
2095 }
2096 
2097 static abi_long do_sendrecvmsg(int fd, abi_ulong target_msg,
2098                                int flags, int send)
2099 {
2100     abi_long ret;
2101     struct target_msghdr *msgp;
2102 
2103     if (!lock_user_struct(send ? VERIFY_READ : VERIFY_WRITE,
2104                           msgp,
2105                           target_msg,
2106                           send ? 1 : 0)) {
2107         return -TARGET_EFAULT;
2108     }
2109     ret = do_sendrecvmsg_locked(fd, msgp, flags, send);
2110     unlock_user_struct(msgp, target_msg, send ? 0 : 1);
2111     return ret;
2112 }
2113 
2114 #ifdef TARGET_NR_sendmmsg
2115 /* We don't rely on the C library to have sendmmsg/recvmmsg support,
2116  * so it might not have this *mmsg-specific flag either.
2117  */
2118 #ifndef MSG_WAITFORONE
2119 #define MSG_WAITFORONE 0x10000
2120 #endif
2121 
2122 static abi_long do_sendrecvmmsg(int fd, abi_ulong target_msgvec,
2123                                 unsigned int vlen, unsigned int flags,
2124                                 int send)
2125 {
2126     struct target_mmsghdr *mmsgp;
2127     abi_long ret = 0;
2128     int i;
2129 
2130     if (vlen > UIO_MAXIOV) {
2131         vlen = UIO_MAXIOV;
2132     }
2133 
2134     mmsgp = lock_user(VERIFY_WRITE, target_msgvec, sizeof(*mmsgp) * vlen, 1);
2135     if (!mmsgp) {
2136         return -TARGET_EFAULT;
2137     }
2138 
2139     for (i = 0; i < vlen; i++) {
2140         ret = do_sendrecvmsg_locked(fd, &mmsgp[i].msg_hdr, flags, send);
2141         if (is_error(ret)) {
2142             break;
2143         }
2144         mmsgp[i].msg_len = tswap32(ret);
2145         /* MSG_WAITFORONE turns on MSG_DONTWAIT after one packet */
2146         if (flags & MSG_WAITFORONE) {
2147             flags |= MSG_DONTWAIT;
2148         }
2149     }
2150 
2151     unlock_user(mmsgp, target_msgvec, sizeof(*mmsgp) * i);
2152 
2153     /* Return number of datagrams sent if we sent any at all;
2154      * otherwise return the error.
2155      */
2156     if (i) {
2157         return i;
2158     }
2159     return ret;
2160 }
2161 #endif
2162 
2163 /* If we don't have a system accept4() then just call accept.
2164  * The callsites to do_accept4() will ensure that they don't
2165  * pass a non-zero flags argument in this config.
2166  */
2167 #ifndef CONFIG_ACCEPT4
2168 static inline int accept4(int sockfd, struct sockaddr *addr,
2169                           socklen_t *addrlen, int flags)
2170 {
2171     assert(flags == 0);
2172     return accept(sockfd, addr, addrlen);
2173 }
2174 #endif
2175 
2176 /* do_accept4() Must return target values and target errnos. */
2177 static abi_long do_accept4(int fd, abi_ulong target_addr,
2178                            abi_ulong target_addrlen_addr, int flags)
2179 {
2180     socklen_t addrlen;
2181     void *addr;
2182     abi_long ret;
2183     int host_flags;
2184 
2185     host_flags = target_to_host_bitmask(flags, fcntl_flags_tbl);
2186 
2187     if (target_addr == 0) {
2188         return get_errno(accept4(fd, NULL, NULL, host_flags));
2189     }
2190 
2191     /* linux returns EINVAL if addrlen pointer is invalid */
2192     if (get_user_u32(addrlen, target_addrlen_addr))
2193         return -TARGET_EINVAL;
2194 
2195     if ((int)addrlen < 0) {
2196         return -TARGET_EINVAL;
2197     }
2198 
2199     if (!access_ok(VERIFY_WRITE, target_addr, addrlen))
2200         return -TARGET_EINVAL;
2201 
2202     addr = alloca(addrlen);
2203 
2204     ret = get_errno(accept4(fd, addr, &addrlen, host_flags));
2205     if (!is_error(ret)) {
2206         host_to_target_sockaddr(target_addr, addr, addrlen);
2207         if (put_user_u32(addrlen, target_addrlen_addr))
2208             ret = -TARGET_EFAULT;
2209     }
2210     return ret;
2211 }
2212 
2213 /* do_getpeername() Must return target values and target errnos. */
2214 static abi_long do_getpeername(int fd, abi_ulong target_addr,
2215                                abi_ulong target_addrlen_addr)
2216 {
2217     socklen_t addrlen;
2218     void *addr;
2219     abi_long ret;
2220 
2221     if (get_user_u32(addrlen, target_addrlen_addr))
2222         return -TARGET_EFAULT;
2223 
2224     if ((int)addrlen < 0) {
2225         return -TARGET_EINVAL;
2226     }
2227 
2228     if (!access_ok(VERIFY_WRITE, target_addr, addrlen))
2229         return -TARGET_EFAULT;
2230 
2231     addr = alloca(addrlen);
2232 
2233     ret = get_errno(getpeername(fd, addr, &addrlen));
2234     if (!is_error(ret)) {
2235         host_to_target_sockaddr(target_addr, addr, addrlen);
2236         if (put_user_u32(addrlen, target_addrlen_addr))
2237             ret = -TARGET_EFAULT;
2238     }
2239     return ret;
2240 }
2241 
2242 /* do_getsockname() Must return target values and target errnos. */
2243 static abi_long do_getsockname(int fd, abi_ulong target_addr,
2244                                abi_ulong target_addrlen_addr)
2245 {
2246     socklen_t addrlen;
2247     void *addr;
2248     abi_long ret;
2249 
2250     if (get_user_u32(addrlen, target_addrlen_addr))
2251         return -TARGET_EFAULT;
2252 
2253     if ((int)addrlen < 0) {
2254         return -TARGET_EINVAL;
2255     }
2256 
2257     if (!access_ok(VERIFY_WRITE, target_addr, addrlen))
2258         return -TARGET_EFAULT;
2259 
2260     addr = alloca(addrlen);
2261 
2262     ret = get_errno(getsockname(fd, addr, &addrlen));
2263     if (!is_error(ret)) {
2264         host_to_target_sockaddr(target_addr, addr, addrlen);
2265         if (put_user_u32(addrlen, target_addrlen_addr))
2266             ret = -TARGET_EFAULT;
2267     }
2268     return ret;
2269 }
2270 
2271 /* do_socketpair() Must return target values and target errnos. */
2272 static abi_long do_socketpair(int domain, int type, int protocol,
2273                               abi_ulong target_tab_addr)
2274 {
2275     int tab[2];
2276     abi_long ret;
2277 
2278     target_to_host_sock_type(&type);
2279 
2280     ret = get_errno(socketpair(domain, type, protocol, tab));
2281     if (!is_error(ret)) {
2282         if (put_user_s32(tab[0], target_tab_addr)
2283             || put_user_s32(tab[1], target_tab_addr + sizeof(tab[0])))
2284             ret = -TARGET_EFAULT;
2285     }
2286     return ret;
2287 }
2288 
2289 /* do_sendto() Must return target values and target errnos. */
2290 static abi_long do_sendto(int fd, abi_ulong msg, size_t len, int flags,
2291                           abi_ulong target_addr, socklen_t addrlen)
2292 {
2293     void *addr;
2294     void *host_msg;
2295     abi_long ret;
2296 
2297     if ((int)addrlen < 0) {
2298         return -TARGET_EINVAL;
2299     }
2300 
2301     host_msg = lock_user(VERIFY_READ, msg, len, 1);
2302     if (!host_msg)
2303         return -TARGET_EFAULT;
2304     if (target_addr) {
2305         addr = alloca(addrlen+1);
2306         ret = target_to_host_sockaddr(addr, target_addr, addrlen);
2307         if (ret) {
2308             unlock_user(host_msg, msg, 0);
2309             return ret;
2310         }
2311         ret = get_errno(sendto(fd, host_msg, len, flags, addr, addrlen));
2312     } else {
2313         ret = get_errno(send(fd, host_msg, len, flags));
2314     }
2315     unlock_user(host_msg, msg, 0);
2316     return ret;
2317 }
2318 
2319 /* do_recvfrom() Must return target values and target errnos. */
2320 static abi_long do_recvfrom(int fd, abi_ulong msg, size_t len, int flags,
2321                             abi_ulong target_addr,
2322                             abi_ulong target_addrlen)
2323 {
2324     socklen_t addrlen;
2325     void *addr;
2326     void *host_msg;
2327     abi_long ret;
2328 
2329     host_msg = lock_user(VERIFY_WRITE, msg, len, 0);
2330     if (!host_msg)
2331         return -TARGET_EFAULT;
2332     if (target_addr) {
2333         if (get_user_u32(addrlen, target_addrlen)) {
2334             ret = -TARGET_EFAULT;
2335             goto fail;
2336         }
2337         if ((int)addrlen < 0) {
2338             ret = -TARGET_EINVAL;
2339             goto fail;
2340         }
2341         addr = alloca(addrlen);
2342         ret = get_errno(recvfrom(fd, host_msg, len, flags, addr, &addrlen));
2343     } else {
2344         addr = NULL; /* To keep compiler quiet.  */
2345         ret = get_errno(qemu_recv(fd, host_msg, len, flags));
2346     }
2347     if (!is_error(ret)) {
2348         if (target_addr) {
2349             host_to_target_sockaddr(target_addr, addr, addrlen);
2350             if (put_user_u32(addrlen, target_addrlen)) {
2351                 ret = -TARGET_EFAULT;
2352                 goto fail;
2353             }
2354         }
2355         unlock_user(host_msg, msg, len);
2356     } else {
2357 fail:
2358         unlock_user(host_msg, msg, 0);
2359     }
2360     return ret;
2361 }
2362 
2363 #ifdef TARGET_NR_socketcall
2364 /* do_socketcall() Must return target values and target errnos. */
2365 static abi_long do_socketcall(int num, abi_ulong vptr)
2366 {
2367     static const unsigned ac[] = { /* number of arguments per call */
2368         [SOCKOP_socket] = 3,      /* domain, type, protocol */
2369         [SOCKOP_bind] = 3,        /* sockfd, addr, addrlen */
2370         [SOCKOP_connect] = 3,     /* sockfd, addr, addrlen */
2371         [SOCKOP_listen] = 2,      /* sockfd, backlog */
2372         [SOCKOP_accept] = 3,      /* sockfd, addr, addrlen */
2373         [SOCKOP_accept4] = 4,     /* sockfd, addr, addrlen, flags */
2374         [SOCKOP_getsockname] = 3, /* sockfd, addr, addrlen */
2375         [SOCKOP_getpeername] = 3, /* sockfd, addr, addrlen */
2376         [SOCKOP_socketpair] = 4,  /* domain, type, protocol, tab */
2377         [SOCKOP_send] = 4,        /* sockfd, msg, len, flags */
2378         [SOCKOP_recv] = 4,        /* sockfd, msg, len, flags */
2379         [SOCKOP_sendto] = 6,      /* sockfd, msg, len, flags, addr, addrlen */
2380         [SOCKOP_recvfrom] = 6,    /* sockfd, msg, len, flags, addr, addrlen */
2381         [SOCKOP_shutdown] = 2,    /* sockfd, how */
2382         [SOCKOP_sendmsg] = 3,     /* sockfd, msg, flags */
2383         [SOCKOP_recvmsg] = 3,     /* sockfd, msg, flags */
2384         [SOCKOP_setsockopt] = 5,  /* sockfd, level, optname, optval, optlen */
2385         [SOCKOP_getsockopt] = 5,  /* sockfd, level, optname, optval, optlen */
2386     };
2387     abi_long a[6]; /* max 6 args */
2388 
2389     /* first, collect the arguments in a[] according to ac[] */
2390     if (num >= 0 && num < ARRAY_SIZE(ac)) {
2391         unsigned i;
2392         assert(ARRAY_SIZE(a) >= ac[num]); /* ensure we have space for args */
2393         for (i = 0; i < ac[num]; ++i) {
2394             if (get_user_ual(a[i], vptr + i * sizeof(abi_long)) != 0) {
2395                 return -TARGET_EFAULT;
2396             }
2397         }
2398     }
2399 
2400     /* now when we have the args, actually handle the call */
2401     switch (num) {
2402     case SOCKOP_socket: /* domain, type, protocol */
2403         return do_socket(a[0], a[1], a[2]);
2404     case SOCKOP_bind: /* sockfd, addr, addrlen */
2405         return do_bind(a[0], a[1], a[2]);
2406     case SOCKOP_connect: /* sockfd, addr, addrlen */
2407         return do_connect(a[0], a[1], a[2]);
2408     case SOCKOP_listen: /* sockfd, backlog */
2409         return get_errno(listen(a[0], a[1]));
2410     case SOCKOP_accept: /* sockfd, addr, addrlen */
2411         return do_accept4(a[0], a[1], a[2], 0);
2412     case SOCKOP_accept4: /* sockfd, addr, addrlen, flags */
2413         return do_accept4(a[0], a[1], a[2], a[3]);
2414     case SOCKOP_getsockname: /* sockfd, addr, addrlen */
2415         return do_getsockname(a[0], a[1], a[2]);
2416     case SOCKOP_getpeername: /* sockfd, addr, addrlen */
2417         return do_getpeername(a[0], a[1], a[2]);
2418     case SOCKOP_socketpair: /* domain, type, protocol, tab */
2419         return do_socketpair(a[0], a[1], a[2], a[3]);
2420     case SOCKOP_send: /* sockfd, msg, len, flags */
2421         return do_sendto(a[0], a[1], a[2], a[3], 0, 0);
2422     case SOCKOP_recv: /* sockfd, msg, len, flags */
2423         return do_recvfrom(a[0], a[1], a[2], a[3], 0, 0);
2424     case SOCKOP_sendto: /* sockfd, msg, len, flags, addr, addrlen */
2425         return do_sendto(a[0], a[1], a[2], a[3], a[4], a[5]);
2426     case SOCKOP_recvfrom: /* sockfd, msg, len, flags, addr, addrlen */
2427         return do_recvfrom(a[0], a[1], a[2], a[3], a[4], a[5]);
2428     case SOCKOP_shutdown: /* sockfd, how */
2429         return get_errno(shutdown(a[0], a[1]));
2430     case SOCKOP_sendmsg: /* sockfd, msg, flags */
2431         return do_sendrecvmsg(a[0], a[1], a[2], 1);
2432     case SOCKOP_recvmsg: /* sockfd, msg, flags */
2433         return do_sendrecvmsg(a[0], a[1], a[2], 0);
2434     case SOCKOP_setsockopt: /* sockfd, level, optname, optval, optlen */
2435         return do_setsockopt(a[0], a[1], a[2], a[3], a[4]);
2436     case SOCKOP_getsockopt: /* sockfd, level, optname, optval, optlen */
2437         return do_getsockopt(a[0], a[1], a[2], a[3], a[4]);
2438     default:
2439         gemu_log("Unsupported socketcall: %d\n", num);
2440         return -TARGET_ENOSYS;
2441     }
2442 }
2443 #endif
2444 
2445 #define N_SHM_REGIONS	32
2446 
2447 static struct shm_region {
2448     abi_ulong	start;
2449     abi_ulong	size;
2450 } shm_regions[N_SHM_REGIONS];
2451 
2452 struct target_semid_ds
2453 {
2454   struct target_ipc_perm sem_perm;
2455   abi_ulong sem_otime;
2456 #if !defined(TARGET_PPC64)
2457   abi_ulong __unused1;
2458 #endif
2459   abi_ulong sem_ctime;
2460 #if !defined(TARGET_PPC64)
2461   abi_ulong __unused2;
2462 #endif
2463   abi_ulong sem_nsems;
2464   abi_ulong __unused3;
2465   abi_ulong __unused4;
2466 };
2467 
2468 static inline abi_long target_to_host_ipc_perm(struct ipc_perm *host_ip,
2469                                                abi_ulong target_addr)
2470 {
2471     struct target_ipc_perm *target_ip;
2472     struct target_semid_ds *target_sd;
2473 
2474     if (!lock_user_struct(VERIFY_READ, target_sd, target_addr, 1))
2475         return -TARGET_EFAULT;
2476     target_ip = &(target_sd->sem_perm);
2477     host_ip->__key = tswap32(target_ip->__key);
2478     host_ip->uid = tswap32(target_ip->uid);
2479     host_ip->gid = tswap32(target_ip->gid);
2480     host_ip->cuid = tswap32(target_ip->cuid);
2481     host_ip->cgid = tswap32(target_ip->cgid);
2482 #if defined(TARGET_ALPHA) || defined(TARGET_MIPS) || defined(TARGET_PPC)
2483     host_ip->mode = tswap32(target_ip->mode);
2484 #else
2485     host_ip->mode = tswap16(target_ip->mode);
2486 #endif
2487 #if defined(TARGET_PPC)
2488     host_ip->__seq = tswap32(target_ip->__seq);
2489 #else
2490     host_ip->__seq = tswap16(target_ip->__seq);
2491 #endif
2492     unlock_user_struct(target_sd, target_addr, 0);
2493     return 0;
2494 }
2495 
2496 static inline abi_long host_to_target_ipc_perm(abi_ulong target_addr,
2497                                                struct ipc_perm *host_ip)
2498 {
2499     struct target_ipc_perm *target_ip;
2500     struct target_semid_ds *target_sd;
2501 
2502     if (!lock_user_struct(VERIFY_WRITE, target_sd, target_addr, 0))
2503         return -TARGET_EFAULT;
2504     target_ip = &(target_sd->sem_perm);
2505     target_ip->__key = tswap32(host_ip->__key);
2506     target_ip->uid = tswap32(host_ip->uid);
2507     target_ip->gid = tswap32(host_ip->gid);
2508     target_ip->cuid = tswap32(host_ip->cuid);
2509     target_ip->cgid = tswap32(host_ip->cgid);
2510 #if defined(TARGET_ALPHA) || defined(TARGET_MIPS) || defined(TARGET_PPC)
2511     target_ip->mode = tswap32(host_ip->mode);
2512 #else
2513     target_ip->mode = tswap16(host_ip->mode);
2514 #endif
2515 #if defined(TARGET_PPC)
2516     target_ip->__seq = tswap32(host_ip->__seq);
2517 #else
2518     target_ip->__seq = tswap16(host_ip->__seq);
2519 #endif
2520     unlock_user_struct(target_sd, target_addr, 1);
2521     return 0;
2522 }
2523 
2524 static inline abi_long target_to_host_semid_ds(struct semid_ds *host_sd,
2525                                                abi_ulong target_addr)
2526 {
2527     struct target_semid_ds *target_sd;
2528 
2529     if (!lock_user_struct(VERIFY_READ, target_sd, target_addr, 1))
2530         return -TARGET_EFAULT;
2531     if (target_to_host_ipc_perm(&(host_sd->sem_perm),target_addr))
2532         return -TARGET_EFAULT;
2533     host_sd->sem_nsems = tswapal(target_sd->sem_nsems);
2534     host_sd->sem_otime = tswapal(target_sd->sem_otime);
2535     host_sd->sem_ctime = tswapal(target_sd->sem_ctime);
2536     unlock_user_struct(target_sd, target_addr, 0);
2537     return 0;
2538 }
2539 
2540 static inline abi_long host_to_target_semid_ds(abi_ulong target_addr,
2541                                                struct semid_ds *host_sd)
2542 {
2543     struct target_semid_ds *target_sd;
2544 
2545     if (!lock_user_struct(VERIFY_WRITE, target_sd, target_addr, 0))
2546         return -TARGET_EFAULT;
2547     if (host_to_target_ipc_perm(target_addr,&(host_sd->sem_perm)))
2548         return -TARGET_EFAULT;
2549     target_sd->sem_nsems = tswapal(host_sd->sem_nsems);
2550     target_sd->sem_otime = tswapal(host_sd->sem_otime);
2551     target_sd->sem_ctime = tswapal(host_sd->sem_ctime);
2552     unlock_user_struct(target_sd, target_addr, 1);
2553     return 0;
2554 }
2555 
2556 struct target_seminfo {
2557     int semmap;
2558     int semmni;
2559     int semmns;
2560     int semmnu;
2561     int semmsl;
2562     int semopm;
2563     int semume;
2564     int semusz;
2565     int semvmx;
2566     int semaem;
2567 };
2568 
2569 static inline abi_long host_to_target_seminfo(abi_ulong target_addr,
2570                                               struct seminfo *host_seminfo)
2571 {
2572     struct target_seminfo *target_seminfo;
2573     if (!lock_user_struct(VERIFY_WRITE, target_seminfo, target_addr, 0))
2574         return -TARGET_EFAULT;
2575     __put_user(host_seminfo->semmap, &target_seminfo->semmap);
2576     __put_user(host_seminfo->semmni, &target_seminfo->semmni);
2577     __put_user(host_seminfo->semmns, &target_seminfo->semmns);
2578     __put_user(host_seminfo->semmnu, &target_seminfo->semmnu);
2579     __put_user(host_seminfo->semmsl, &target_seminfo->semmsl);
2580     __put_user(host_seminfo->semopm, &target_seminfo->semopm);
2581     __put_user(host_seminfo->semume, &target_seminfo->semume);
2582     __put_user(host_seminfo->semusz, &target_seminfo->semusz);
2583     __put_user(host_seminfo->semvmx, &target_seminfo->semvmx);
2584     __put_user(host_seminfo->semaem, &target_seminfo->semaem);
2585     unlock_user_struct(target_seminfo, target_addr, 1);
2586     return 0;
2587 }
2588 
2589 union semun {
2590 	int val;
2591 	struct semid_ds *buf;
2592 	unsigned short *array;
2593 	struct seminfo *__buf;
2594 };
2595 
2596 union target_semun {
2597 	int val;
2598 	abi_ulong buf;
2599 	abi_ulong array;
2600 	abi_ulong __buf;
2601 };
2602 
2603 static inline abi_long target_to_host_semarray(int semid, unsigned short **host_array,
2604                                                abi_ulong target_addr)
2605 {
2606     int nsems;
2607     unsigned short *array;
2608     union semun semun;
2609     struct semid_ds semid_ds;
2610     int i, ret;
2611 
2612     semun.buf = &semid_ds;
2613 
2614     ret = semctl(semid, 0, IPC_STAT, semun);
2615     if (ret == -1)
2616         return get_errno(ret);
2617 
2618     nsems = semid_ds.sem_nsems;
2619 
2620     *host_array = malloc(nsems*sizeof(unsigned short));
2621     if (!*host_array) {
2622         return -TARGET_ENOMEM;
2623     }
2624     array = lock_user(VERIFY_READ, target_addr,
2625                       nsems*sizeof(unsigned short), 1);
2626     if (!array) {
2627         free(*host_array);
2628         return -TARGET_EFAULT;
2629     }
2630 
2631     for(i=0; i<nsems; i++) {
2632         __get_user((*host_array)[i], &array[i]);
2633     }
2634     unlock_user(array, target_addr, 0);
2635 
2636     return 0;
2637 }
2638 
2639 static inline abi_long host_to_target_semarray(int semid, abi_ulong target_addr,
2640                                                unsigned short **host_array)
2641 {
2642     int nsems;
2643     unsigned short *array;
2644     union semun semun;
2645     struct semid_ds semid_ds;
2646     int i, ret;
2647 
2648     semun.buf = &semid_ds;
2649 
2650     ret = semctl(semid, 0, IPC_STAT, semun);
2651     if (ret == -1)
2652         return get_errno(ret);
2653 
2654     nsems = semid_ds.sem_nsems;
2655 
2656     array = lock_user(VERIFY_WRITE, target_addr,
2657                       nsems*sizeof(unsigned short), 0);
2658     if (!array)
2659         return -TARGET_EFAULT;
2660 
2661     for(i=0; i<nsems; i++) {
2662         __put_user((*host_array)[i], &array[i]);
2663     }
2664     free(*host_array);
2665     unlock_user(array, target_addr, 1);
2666 
2667     return 0;
2668 }
2669 
2670 static inline abi_long do_semctl(int semid, int semnum, int cmd,
2671                                  union target_semun target_su)
2672 {
2673     union semun arg;
2674     struct semid_ds dsarg;
2675     unsigned short *array = NULL;
2676     struct seminfo seminfo;
2677     abi_long ret = -TARGET_EINVAL;
2678     abi_long err;
2679     cmd &= 0xff;
2680 
2681     switch( cmd ) {
2682 	case GETVAL:
2683 	case SETVAL:
2684             /* In 64 bit cross-endian situations, we will erroneously pick up
2685              * the wrong half of the union for the "val" element.  To rectify
2686              * this, the entire 8-byte structure is byteswapped, followed by
2687 	     * a swap of the 4 byte val field. In other cases, the data is
2688 	     * already in proper host byte order. */
2689 	    if (sizeof(target_su.val) != (sizeof(target_su.buf))) {
2690 		target_su.buf = tswapal(target_su.buf);
2691 		arg.val = tswap32(target_su.val);
2692 	    } else {
2693 		arg.val = target_su.val;
2694 	    }
2695             ret = get_errno(semctl(semid, semnum, cmd, arg));
2696             break;
2697 	case GETALL:
2698 	case SETALL:
2699             err = target_to_host_semarray(semid, &array, target_su.array);
2700             if (err)
2701                 return err;
2702             arg.array = array;
2703             ret = get_errno(semctl(semid, semnum, cmd, arg));
2704             err = host_to_target_semarray(semid, target_su.array, &array);
2705             if (err)
2706                 return err;
2707             break;
2708 	case IPC_STAT:
2709 	case IPC_SET:
2710 	case SEM_STAT:
2711             err = target_to_host_semid_ds(&dsarg, target_su.buf);
2712             if (err)
2713                 return err;
2714             arg.buf = &dsarg;
2715             ret = get_errno(semctl(semid, semnum, cmd, arg));
2716             err = host_to_target_semid_ds(target_su.buf, &dsarg);
2717             if (err)
2718                 return err;
2719             break;
2720 	case IPC_INFO:
2721 	case SEM_INFO:
2722             arg.__buf = &seminfo;
2723             ret = get_errno(semctl(semid, semnum, cmd, arg));
2724             err = host_to_target_seminfo(target_su.__buf, &seminfo);
2725             if (err)
2726                 return err;
2727             break;
2728 	case IPC_RMID:
2729 	case GETPID:
2730 	case GETNCNT:
2731 	case GETZCNT:
2732             ret = get_errno(semctl(semid, semnum, cmd, NULL));
2733             break;
2734     }
2735 
2736     return ret;
2737 }
2738 
2739 struct target_sembuf {
2740     unsigned short sem_num;
2741     short sem_op;
2742     short sem_flg;
2743 };
2744 
2745 static inline abi_long target_to_host_sembuf(struct sembuf *host_sembuf,
2746                                              abi_ulong target_addr,
2747                                              unsigned nsops)
2748 {
2749     struct target_sembuf *target_sembuf;
2750     int i;
2751 
2752     target_sembuf = lock_user(VERIFY_READ, target_addr,
2753                               nsops*sizeof(struct target_sembuf), 1);
2754     if (!target_sembuf)
2755         return -TARGET_EFAULT;
2756 
2757     for(i=0; i<nsops; i++) {
2758         __get_user(host_sembuf[i].sem_num, &target_sembuf[i].sem_num);
2759         __get_user(host_sembuf[i].sem_op, &target_sembuf[i].sem_op);
2760         __get_user(host_sembuf[i].sem_flg, &target_sembuf[i].sem_flg);
2761     }
2762 
2763     unlock_user(target_sembuf, target_addr, 0);
2764 
2765     return 0;
2766 }
2767 
2768 static inline abi_long do_semop(int semid, abi_long ptr, unsigned nsops)
2769 {
2770     struct sembuf sops[nsops];
2771 
2772     if (target_to_host_sembuf(sops, ptr, nsops))
2773         return -TARGET_EFAULT;
2774 
2775     return get_errno(semop(semid, sops, nsops));
2776 }
2777 
2778 struct target_msqid_ds
2779 {
2780     struct target_ipc_perm msg_perm;
2781     abi_ulong msg_stime;
2782 #if TARGET_ABI_BITS == 32
2783     abi_ulong __unused1;
2784 #endif
2785     abi_ulong msg_rtime;
2786 #if TARGET_ABI_BITS == 32
2787     abi_ulong __unused2;
2788 #endif
2789     abi_ulong msg_ctime;
2790 #if TARGET_ABI_BITS == 32
2791     abi_ulong __unused3;
2792 #endif
2793     abi_ulong __msg_cbytes;
2794     abi_ulong msg_qnum;
2795     abi_ulong msg_qbytes;
2796     abi_ulong msg_lspid;
2797     abi_ulong msg_lrpid;
2798     abi_ulong __unused4;
2799     abi_ulong __unused5;
2800 };
2801 
2802 static inline abi_long target_to_host_msqid_ds(struct msqid_ds *host_md,
2803                                                abi_ulong target_addr)
2804 {
2805     struct target_msqid_ds *target_md;
2806 
2807     if (!lock_user_struct(VERIFY_READ, target_md, target_addr, 1))
2808         return -TARGET_EFAULT;
2809     if (target_to_host_ipc_perm(&(host_md->msg_perm),target_addr))
2810         return -TARGET_EFAULT;
2811     host_md->msg_stime = tswapal(target_md->msg_stime);
2812     host_md->msg_rtime = tswapal(target_md->msg_rtime);
2813     host_md->msg_ctime = tswapal(target_md->msg_ctime);
2814     host_md->__msg_cbytes = tswapal(target_md->__msg_cbytes);
2815     host_md->msg_qnum = tswapal(target_md->msg_qnum);
2816     host_md->msg_qbytes = tswapal(target_md->msg_qbytes);
2817     host_md->msg_lspid = tswapal(target_md->msg_lspid);
2818     host_md->msg_lrpid = tswapal(target_md->msg_lrpid);
2819     unlock_user_struct(target_md, target_addr, 0);
2820     return 0;
2821 }
2822 
2823 static inline abi_long host_to_target_msqid_ds(abi_ulong target_addr,
2824                                                struct msqid_ds *host_md)
2825 {
2826     struct target_msqid_ds *target_md;
2827 
2828     if (!lock_user_struct(VERIFY_WRITE, target_md, target_addr, 0))
2829         return -TARGET_EFAULT;
2830     if (host_to_target_ipc_perm(target_addr,&(host_md->msg_perm)))
2831         return -TARGET_EFAULT;
2832     target_md->msg_stime = tswapal(host_md->msg_stime);
2833     target_md->msg_rtime = tswapal(host_md->msg_rtime);
2834     target_md->msg_ctime = tswapal(host_md->msg_ctime);
2835     target_md->__msg_cbytes = tswapal(host_md->__msg_cbytes);
2836     target_md->msg_qnum = tswapal(host_md->msg_qnum);
2837     target_md->msg_qbytes = tswapal(host_md->msg_qbytes);
2838     target_md->msg_lspid = tswapal(host_md->msg_lspid);
2839     target_md->msg_lrpid = tswapal(host_md->msg_lrpid);
2840     unlock_user_struct(target_md, target_addr, 1);
2841     return 0;
2842 }
2843 
2844 struct target_msginfo {
2845     int msgpool;
2846     int msgmap;
2847     int msgmax;
2848     int msgmnb;
2849     int msgmni;
2850     int msgssz;
2851     int msgtql;
2852     unsigned short int msgseg;
2853 };
2854 
2855 static inline abi_long host_to_target_msginfo(abi_ulong target_addr,
2856                                               struct msginfo *host_msginfo)
2857 {
2858     struct target_msginfo *target_msginfo;
2859     if (!lock_user_struct(VERIFY_WRITE, target_msginfo, target_addr, 0))
2860         return -TARGET_EFAULT;
2861     __put_user(host_msginfo->msgpool, &target_msginfo->msgpool);
2862     __put_user(host_msginfo->msgmap, &target_msginfo->msgmap);
2863     __put_user(host_msginfo->msgmax, &target_msginfo->msgmax);
2864     __put_user(host_msginfo->msgmnb, &target_msginfo->msgmnb);
2865     __put_user(host_msginfo->msgmni, &target_msginfo->msgmni);
2866     __put_user(host_msginfo->msgssz, &target_msginfo->msgssz);
2867     __put_user(host_msginfo->msgtql, &target_msginfo->msgtql);
2868     __put_user(host_msginfo->msgseg, &target_msginfo->msgseg);
2869     unlock_user_struct(target_msginfo, target_addr, 1);
2870     return 0;
2871 }
2872 
2873 static inline abi_long do_msgctl(int msgid, int cmd, abi_long ptr)
2874 {
2875     struct msqid_ds dsarg;
2876     struct msginfo msginfo;
2877     abi_long ret = -TARGET_EINVAL;
2878 
2879     cmd &= 0xff;
2880 
2881     switch (cmd) {
2882     case IPC_STAT:
2883     case IPC_SET:
2884     case MSG_STAT:
2885         if (target_to_host_msqid_ds(&dsarg,ptr))
2886             return -TARGET_EFAULT;
2887         ret = get_errno(msgctl(msgid, cmd, &dsarg));
2888         if (host_to_target_msqid_ds(ptr,&dsarg))
2889             return -TARGET_EFAULT;
2890         break;
2891     case IPC_RMID:
2892         ret = get_errno(msgctl(msgid, cmd, NULL));
2893         break;
2894     case IPC_INFO:
2895     case MSG_INFO:
2896         ret = get_errno(msgctl(msgid, cmd, (struct msqid_ds *)&msginfo));
2897         if (host_to_target_msginfo(ptr, &msginfo))
2898             return -TARGET_EFAULT;
2899         break;
2900     }
2901 
2902     return ret;
2903 }
2904 
2905 struct target_msgbuf {
2906     abi_long mtype;
2907     char	mtext[1];
2908 };
2909 
2910 static inline abi_long do_msgsnd(int msqid, abi_long msgp,
2911                                  ssize_t msgsz, int msgflg)
2912 {
2913     struct target_msgbuf *target_mb;
2914     struct msgbuf *host_mb;
2915     abi_long ret = 0;
2916 
2917     if (msgsz < 0) {
2918         return -TARGET_EINVAL;
2919     }
2920 
2921     if (!lock_user_struct(VERIFY_READ, target_mb, msgp, 0))
2922         return -TARGET_EFAULT;
2923     host_mb = malloc(msgsz+sizeof(long));
2924     if (!host_mb) {
2925         unlock_user_struct(target_mb, msgp, 0);
2926         return -TARGET_ENOMEM;
2927     }
2928     host_mb->mtype = (abi_long) tswapal(target_mb->mtype);
2929     memcpy(host_mb->mtext, target_mb->mtext, msgsz);
2930     ret = get_errno(msgsnd(msqid, host_mb, msgsz, msgflg));
2931     free(host_mb);
2932     unlock_user_struct(target_mb, msgp, 0);
2933 
2934     return ret;
2935 }
2936 
2937 static inline abi_long do_msgrcv(int msqid, abi_long msgp,
2938                                  unsigned int msgsz, abi_long msgtyp,
2939                                  int msgflg)
2940 {
2941     struct target_msgbuf *target_mb;
2942     char *target_mtext;
2943     struct msgbuf *host_mb;
2944     abi_long ret = 0;
2945 
2946     if (!lock_user_struct(VERIFY_WRITE, target_mb, msgp, 0))
2947         return -TARGET_EFAULT;
2948 
2949     host_mb = g_malloc(msgsz+sizeof(long));
2950     ret = get_errno(msgrcv(msqid, host_mb, msgsz, msgtyp, msgflg));
2951 
2952     if (ret > 0) {
2953         abi_ulong target_mtext_addr = msgp + sizeof(abi_ulong);
2954         target_mtext = lock_user(VERIFY_WRITE, target_mtext_addr, ret, 0);
2955         if (!target_mtext) {
2956             ret = -TARGET_EFAULT;
2957             goto end;
2958         }
2959         memcpy(target_mb->mtext, host_mb->mtext, ret);
2960         unlock_user(target_mtext, target_mtext_addr, ret);
2961     }
2962 
2963     target_mb->mtype = tswapal(host_mb->mtype);
2964 
2965 end:
2966     if (target_mb)
2967         unlock_user_struct(target_mb, msgp, 1);
2968     g_free(host_mb);
2969     return ret;
2970 }
2971 
2972 static inline abi_long target_to_host_shmid_ds(struct shmid_ds *host_sd,
2973                                                abi_ulong target_addr)
2974 {
2975     struct target_shmid_ds *target_sd;
2976 
2977     if (!lock_user_struct(VERIFY_READ, target_sd, target_addr, 1))
2978         return -TARGET_EFAULT;
2979     if (target_to_host_ipc_perm(&(host_sd->shm_perm), target_addr))
2980         return -TARGET_EFAULT;
2981     __get_user(host_sd->shm_segsz, &target_sd->shm_segsz);
2982     __get_user(host_sd->shm_atime, &target_sd->shm_atime);
2983     __get_user(host_sd->shm_dtime, &target_sd->shm_dtime);
2984     __get_user(host_sd->shm_ctime, &target_sd->shm_ctime);
2985     __get_user(host_sd->shm_cpid, &target_sd->shm_cpid);
2986     __get_user(host_sd->shm_lpid, &target_sd->shm_lpid);
2987     __get_user(host_sd->shm_nattch, &target_sd->shm_nattch);
2988     unlock_user_struct(target_sd, target_addr, 0);
2989     return 0;
2990 }
2991 
2992 static inline abi_long host_to_target_shmid_ds(abi_ulong target_addr,
2993                                                struct shmid_ds *host_sd)
2994 {
2995     struct target_shmid_ds *target_sd;
2996 
2997     if (!lock_user_struct(VERIFY_WRITE, target_sd, target_addr, 0))
2998         return -TARGET_EFAULT;
2999     if (host_to_target_ipc_perm(target_addr, &(host_sd->shm_perm)))
3000         return -TARGET_EFAULT;
3001     __put_user(host_sd->shm_segsz, &target_sd->shm_segsz);
3002     __put_user(host_sd->shm_atime, &target_sd->shm_atime);
3003     __put_user(host_sd->shm_dtime, &target_sd->shm_dtime);
3004     __put_user(host_sd->shm_ctime, &target_sd->shm_ctime);
3005     __put_user(host_sd->shm_cpid, &target_sd->shm_cpid);
3006     __put_user(host_sd->shm_lpid, &target_sd->shm_lpid);
3007     __put_user(host_sd->shm_nattch, &target_sd->shm_nattch);
3008     unlock_user_struct(target_sd, target_addr, 1);
3009     return 0;
3010 }
3011 
3012 struct  target_shminfo {
3013     abi_ulong shmmax;
3014     abi_ulong shmmin;
3015     abi_ulong shmmni;
3016     abi_ulong shmseg;
3017     abi_ulong shmall;
3018 };
3019 
3020 static inline abi_long host_to_target_shminfo(abi_ulong target_addr,
3021                                               struct shminfo *host_shminfo)
3022 {
3023     struct target_shminfo *target_shminfo;
3024     if (!lock_user_struct(VERIFY_WRITE, target_shminfo, target_addr, 0))
3025         return -TARGET_EFAULT;
3026     __put_user(host_shminfo->shmmax, &target_shminfo->shmmax);
3027     __put_user(host_shminfo->shmmin, &target_shminfo->shmmin);
3028     __put_user(host_shminfo->shmmni, &target_shminfo->shmmni);
3029     __put_user(host_shminfo->shmseg, &target_shminfo->shmseg);
3030     __put_user(host_shminfo->shmall, &target_shminfo->shmall);
3031     unlock_user_struct(target_shminfo, target_addr, 1);
3032     return 0;
3033 }
3034 
3035 struct target_shm_info {
3036     int used_ids;
3037     abi_ulong shm_tot;
3038     abi_ulong shm_rss;
3039     abi_ulong shm_swp;
3040     abi_ulong swap_attempts;
3041     abi_ulong swap_successes;
3042 };
3043 
3044 static inline abi_long host_to_target_shm_info(abi_ulong target_addr,
3045                                                struct shm_info *host_shm_info)
3046 {
3047     struct target_shm_info *target_shm_info;
3048     if (!lock_user_struct(VERIFY_WRITE, target_shm_info, target_addr, 0))
3049         return -TARGET_EFAULT;
3050     __put_user(host_shm_info->used_ids, &target_shm_info->used_ids);
3051     __put_user(host_shm_info->shm_tot, &target_shm_info->shm_tot);
3052     __put_user(host_shm_info->shm_rss, &target_shm_info->shm_rss);
3053     __put_user(host_shm_info->shm_swp, &target_shm_info->shm_swp);
3054     __put_user(host_shm_info->swap_attempts, &target_shm_info->swap_attempts);
3055     __put_user(host_shm_info->swap_successes, &target_shm_info->swap_successes);
3056     unlock_user_struct(target_shm_info, target_addr, 1);
3057     return 0;
3058 }
3059 
3060 static inline abi_long do_shmctl(int shmid, int cmd, abi_long buf)
3061 {
3062     struct shmid_ds dsarg;
3063     struct shminfo shminfo;
3064     struct shm_info shm_info;
3065     abi_long ret = -TARGET_EINVAL;
3066 
3067     cmd &= 0xff;
3068 
3069     switch(cmd) {
3070     case IPC_STAT:
3071     case IPC_SET:
3072     case SHM_STAT:
3073         if (target_to_host_shmid_ds(&dsarg, buf))
3074             return -TARGET_EFAULT;
3075         ret = get_errno(shmctl(shmid, cmd, &dsarg));
3076         if (host_to_target_shmid_ds(buf, &dsarg))
3077             return -TARGET_EFAULT;
3078         break;
3079     case IPC_INFO:
3080         ret = get_errno(shmctl(shmid, cmd, (struct shmid_ds *)&shminfo));
3081         if (host_to_target_shminfo(buf, &shminfo))
3082             return -TARGET_EFAULT;
3083         break;
3084     case SHM_INFO:
3085         ret = get_errno(shmctl(shmid, cmd, (struct shmid_ds *)&shm_info));
3086         if (host_to_target_shm_info(buf, &shm_info))
3087             return -TARGET_EFAULT;
3088         break;
3089     case IPC_RMID:
3090     case SHM_LOCK:
3091     case SHM_UNLOCK:
3092         ret = get_errno(shmctl(shmid, cmd, NULL));
3093         break;
3094     }
3095 
3096     return ret;
3097 }
3098 
3099 static inline abi_ulong do_shmat(int shmid, abi_ulong shmaddr, int shmflg)
3100 {
3101     abi_long raddr;
3102     void *host_raddr;
3103     struct shmid_ds shm_info;
3104     int i,ret;
3105 
3106     /* find out the length of the shared memory segment */
3107     ret = get_errno(shmctl(shmid, IPC_STAT, &shm_info));
3108     if (is_error(ret)) {
3109         /* can't get length, bail out */
3110         return ret;
3111     }
3112 
3113     mmap_lock();
3114 
3115     if (shmaddr)
3116         host_raddr = shmat(shmid, (void *)g2h(shmaddr), shmflg);
3117     else {
3118         abi_ulong mmap_start;
3119 
3120         mmap_start = mmap_find_vma(0, shm_info.shm_segsz);
3121 
3122         if (mmap_start == -1) {
3123             errno = ENOMEM;
3124             host_raddr = (void *)-1;
3125         } else
3126             host_raddr = shmat(shmid, g2h(mmap_start), shmflg | SHM_REMAP);
3127     }
3128 
3129     if (host_raddr == (void *)-1) {
3130         mmap_unlock();
3131         return get_errno((long)host_raddr);
3132     }
3133     raddr=h2g((unsigned long)host_raddr);
3134 
3135     page_set_flags(raddr, raddr + shm_info.shm_segsz,
3136                    PAGE_VALID | PAGE_READ |
3137                    ((shmflg & SHM_RDONLY)? 0 : PAGE_WRITE));
3138 
3139     for (i = 0; i < N_SHM_REGIONS; i++) {
3140         if (shm_regions[i].start == 0) {
3141             shm_regions[i].start = raddr;
3142             shm_regions[i].size = shm_info.shm_segsz;
3143             break;
3144         }
3145     }
3146 
3147     mmap_unlock();
3148     return raddr;
3149 
3150 }
3151 
3152 static inline abi_long do_shmdt(abi_ulong shmaddr)
3153 {
3154     int i;
3155 
3156     for (i = 0; i < N_SHM_REGIONS; ++i) {
3157         if (shm_regions[i].start == shmaddr) {
3158             shm_regions[i].start = 0;
3159             page_set_flags(shmaddr, shmaddr + shm_regions[i].size, 0);
3160             break;
3161         }
3162     }
3163 
3164     return get_errno(shmdt(g2h(shmaddr)));
3165 }
3166 
3167 #ifdef TARGET_NR_ipc
3168 /* ??? This only works with linear mappings.  */
3169 /* do_ipc() must return target values and target errnos. */
3170 static abi_long do_ipc(unsigned int call, abi_long first,
3171                        abi_long second, abi_long third,
3172                        abi_long ptr, abi_long fifth)
3173 {
3174     int version;
3175     abi_long ret = 0;
3176 
3177     version = call >> 16;
3178     call &= 0xffff;
3179 
3180     switch (call) {
3181     case IPCOP_semop:
3182         ret = do_semop(first, ptr, second);
3183         break;
3184 
3185     case IPCOP_semget:
3186         ret = get_errno(semget(first, second, third));
3187         break;
3188 
3189     case IPCOP_semctl: {
3190         /* The semun argument to semctl is passed by value, so dereference the
3191          * ptr argument. */
3192         abi_ulong atptr;
3193         get_user_ual(atptr, ptr);
3194         ret = do_semctl(first, second, third,
3195                 (union target_semun) atptr);
3196         break;
3197     }
3198 
3199     case IPCOP_msgget:
3200         ret = get_errno(msgget(first, second));
3201         break;
3202 
3203     case IPCOP_msgsnd:
3204         ret = do_msgsnd(first, ptr, second, third);
3205         break;
3206 
3207     case IPCOP_msgctl:
3208         ret = do_msgctl(first, second, ptr);
3209         break;
3210 
3211     case IPCOP_msgrcv:
3212         switch (version) {
3213         case 0:
3214             {
3215                 struct target_ipc_kludge {
3216                     abi_long msgp;
3217                     abi_long msgtyp;
3218                 } *tmp;
3219 
3220                 if (!lock_user_struct(VERIFY_READ, tmp, ptr, 1)) {
3221                     ret = -TARGET_EFAULT;
3222                     break;
3223                 }
3224 
3225                 ret = do_msgrcv(first, tswapal(tmp->msgp), second, tswapal(tmp->msgtyp), third);
3226 
3227                 unlock_user_struct(tmp, ptr, 0);
3228                 break;
3229             }
3230         default:
3231             ret = do_msgrcv(first, ptr, second, fifth, third);
3232         }
3233         break;
3234 
3235     case IPCOP_shmat:
3236         switch (version) {
3237         default:
3238         {
3239             abi_ulong raddr;
3240             raddr = do_shmat(first, ptr, second);
3241             if (is_error(raddr))
3242                 return get_errno(raddr);
3243             if (put_user_ual(raddr, third))
3244                 return -TARGET_EFAULT;
3245             break;
3246         }
3247         case 1:
3248             ret = -TARGET_EINVAL;
3249             break;
3250         }
3251 	break;
3252     case IPCOP_shmdt:
3253         ret = do_shmdt(ptr);
3254 	break;
3255 
3256     case IPCOP_shmget:
3257 	/* IPC_* flag values are the same on all linux platforms */
3258 	ret = get_errno(shmget(first, second, third));
3259 	break;
3260 
3261 	/* IPC_* and SHM_* command values are the same on all linux platforms */
3262     case IPCOP_shmctl:
3263         ret = do_shmctl(first, second, ptr);
3264         break;
3265     default:
3266 	gemu_log("Unsupported ipc call: %d (version %d)\n", call, version);
3267 	ret = -TARGET_ENOSYS;
3268 	break;
3269     }
3270     return ret;
3271 }
3272 #endif
3273 
3274 /* kernel structure types definitions */
3275 
3276 #define STRUCT(name, ...) STRUCT_ ## name,
3277 #define STRUCT_SPECIAL(name) STRUCT_ ## name,
3278 enum {
3279 #include "syscall_types.h"
3280 };
3281 #undef STRUCT
3282 #undef STRUCT_SPECIAL
3283 
3284 #define STRUCT(name, ...) static const argtype struct_ ## name ## _def[] = {  __VA_ARGS__, TYPE_NULL };
3285 #define STRUCT_SPECIAL(name)
3286 #include "syscall_types.h"
3287 #undef STRUCT
3288 #undef STRUCT_SPECIAL
3289 
3290 typedef struct IOCTLEntry IOCTLEntry;
3291 
3292 typedef abi_long do_ioctl_fn(const IOCTLEntry *ie, uint8_t *buf_temp,
3293                              int fd, abi_long cmd, abi_long arg);
3294 
3295 struct IOCTLEntry {
3296     int target_cmd;
3297     unsigned int host_cmd;
3298     const char *name;
3299     int access;
3300     do_ioctl_fn *do_ioctl;
3301     const argtype arg_type[5];
3302 };
3303 
3304 #define IOC_R 0x0001
3305 #define IOC_W 0x0002
3306 #define IOC_RW (IOC_R | IOC_W)
3307 
3308 #define MAX_STRUCT_SIZE 4096
3309 
3310 #ifdef CONFIG_FIEMAP
3311 /* So fiemap access checks don't overflow on 32 bit systems.
3312  * This is very slightly smaller than the limit imposed by
3313  * the underlying kernel.
3314  */
3315 #define FIEMAP_MAX_EXTENTS ((UINT_MAX - sizeof(struct fiemap))  \
3316                             / sizeof(struct fiemap_extent))
3317 
3318 static abi_long do_ioctl_fs_ioc_fiemap(const IOCTLEntry *ie, uint8_t *buf_temp,
3319                                        int fd, abi_long cmd, abi_long arg)
3320 {
3321     /* The parameter for this ioctl is a struct fiemap followed
3322      * by an array of struct fiemap_extent whose size is set
3323      * in fiemap->fm_extent_count. The array is filled in by the
3324      * ioctl.
3325      */
3326     int target_size_in, target_size_out;
3327     struct fiemap *fm;
3328     const argtype *arg_type = ie->arg_type;
3329     const argtype extent_arg_type[] = { MK_STRUCT(STRUCT_fiemap_extent) };
3330     void *argptr, *p;
3331     abi_long ret;
3332     int i, extent_size = thunk_type_size(extent_arg_type, 0);
3333     uint32_t outbufsz;
3334     int free_fm = 0;
3335 
3336     assert(arg_type[0] == TYPE_PTR);
3337     assert(ie->access == IOC_RW);
3338     arg_type++;
3339     target_size_in = thunk_type_size(arg_type, 0);
3340     argptr = lock_user(VERIFY_READ, arg, target_size_in, 1);
3341     if (!argptr) {
3342         return -TARGET_EFAULT;
3343     }
3344     thunk_convert(buf_temp, argptr, arg_type, THUNK_HOST);
3345     unlock_user(argptr, arg, 0);
3346     fm = (struct fiemap *)buf_temp;
3347     if (fm->fm_extent_count > FIEMAP_MAX_EXTENTS) {
3348         return -TARGET_EINVAL;
3349     }
3350 
3351     outbufsz = sizeof (*fm) +
3352         (sizeof(struct fiemap_extent) * fm->fm_extent_count);
3353 
3354     if (outbufsz > MAX_STRUCT_SIZE) {
3355         /* We can't fit all the extents into the fixed size buffer.
3356          * Allocate one that is large enough and use it instead.
3357          */
3358         fm = malloc(outbufsz);
3359         if (!fm) {
3360             return -TARGET_ENOMEM;
3361         }
3362         memcpy(fm, buf_temp, sizeof(struct fiemap));
3363         free_fm = 1;
3364     }
3365     ret = get_errno(ioctl(fd, ie->host_cmd, fm));
3366     if (!is_error(ret)) {
3367         target_size_out = target_size_in;
3368         /* An extent_count of 0 means we were only counting the extents
3369          * so there are no structs to copy
3370          */
3371         if (fm->fm_extent_count != 0) {
3372             target_size_out += fm->fm_mapped_extents * extent_size;
3373         }
3374         argptr = lock_user(VERIFY_WRITE, arg, target_size_out, 0);
3375         if (!argptr) {
3376             ret = -TARGET_EFAULT;
3377         } else {
3378             /* Convert the struct fiemap */
3379             thunk_convert(argptr, fm, arg_type, THUNK_TARGET);
3380             if (fm->fm_extent_count != 0) {
3381                 p = argptr + target_size_in;
3382                 /* ...and then all the struct fiemap_extents */
3383                 for (i = 0; i < fm->fm_mapped_extents; i++) {
3384                     thunk_convert(p, &fm->fm_extents[i], extent_arg_type,
3385                                   THUNK_TARGET);
3386                     p += extent_size;
3387                 }
3388             }
3389             unlock_user(argptr, arg, target_size_out);
3390         }
3391     }
3392     if (free_fm) {
3393         free(fm);
3394     }
3395     return ret;
3396 }
3397 #endif
3398 
3399 static abi_long do_ioctl_ifconf(const IOCTLEntry *ie, uint8_t *buf_temp,
3400                                 int fd, abi_long cmd, abi_long arg)
3401 {
3402     const argtype *arg_type = ie->arg_type;
3403     int target_size;
3404     void *argptr;
3405     int ret;
3406     struct ifconf *host_ifconf;
3407     uint32_t outbufsz;
3408     const argtype ifreq_arg_type[] = { MK_STRUCT(STRUCT_sockaddr_ifreq) };
3409     int target_ifreq_size;
3410     int nb_ifreq;
3411     int free_buf = 0;
3412     int i;
3413     int target_ifc_len;
3414     abi_long target_ifc_buf;
3415     int host_ifc_len;
3416     char *host_ifc_buf;
3417 
3418     assert(arg_type[0] == TYPE_PTR);
3419     assert(ie->access == IOC_RW);
3420 
3421     arg_type++;
3422     target_size = thunk_type_size(arg_type, 0);
3423 
3424     argptr = lock_user(VERIFY_READ, arg, target_size, 1);
3425     if (!argptr)
3426         return -TARGET_EFAULT;
3427     thunk_convert(buf_temp, argptr, arg_type, THUNK_HOST);
3428     unlock_user(argptr, arg, 0);
3429 
3430     host_ifconf = (struct ifconf *)(unsigned long)buf_temp;
3431     target_ifc_len = host_ifconf->ifc_len;
3432     target_ifc_buf = (abi_long)(unsigned long)host_ifconf->ifc_buf;
3433 
3434     target_ifreq_size = thunk_type_size(ifreq_arg_type, 0);
3435     nb_ifreq = target_ifc_len / target_ifreq_size;
3436     host_ifc_len = nb_ifreq * sizeof(struct ifreq);
3437 
3438     outbufsz = sizeof(*host_ifconf) + host_ifc_len;
3439     if (outbufsz > MAX_STRUCT_SIZE) {
3440         /* We can't fit all the extents into the fixed size buffer.
3441          * Allocate one that is large enough and use it instead.
3442          */
3443         host_ifconf = malloc(outbufsz);
3444         if (!host_ifconf) {
3445             return -TARGET_ENOMEM;
3446         }
3447         memcpy(host_ifconf, buf_temp, sizeof(*host_ifconf));
3448         free_buf = 1;
3449     }
3450     host_ifc_buf = (char*)host_ifconf + sizeof(*host_ifconf);
3451 
3452     host_ifconf->ifc_len = host_ifc_len;
3453     host_ifconf->ifc_buf = host_ifc_buf;
3454 
3455     ret = get_errno(ioctl(fd, ie->host_cmd, host_ifconf));
3456     if (!is_error(ret)) {
3457 	/* convert host ifc_len to target ifc_len */
3458 
3459         nb_ifreq = host_ifconf->ifc_len / sizeof(struct ifreq);
3460         target_ifc_len = nb_ifreq * target_ifreq_size;
3461         host_ifconf->ifc_len = target_ifc_len;
3462 
3463 	/* restore target ifc_buf */
3464 
3465         host_ifconf->ifc_buf = (char *)(unsigned long)target_ifc_buf;
3466 
3467 	/* copy struct ifconf to target user */
3468 
3469         argptr = lock_user(VERIFY_WRITE, arg, target_size, 0);
3470         if (!argptr)
3471             return -TARGET_EFAULT;
3472         thunk_convert(argptr, host_ifconf, arg_type, THUNK_TARGET);
3473         unlock_user(argptr, arg, target_size);
3474 
3475 	/* copy ifreq[] to target user */
3476 
3477         argptr = lock_user(VERIFY_WRITE, target_ifc_buf, target_ifc_len, 0);
3478         for (i = 0; i < nb_ifreq ; i++) {
3479             thunk_convert(argptr + i * target_ifreq_size,
3480                           host_ifc_buf + i * sizeof(struct ifreq),
3481                           ifreq_arg_type, THUNK_TARGET);
3482         }
3483         unlock_user(argptr, target_ifc_buf, target_ifc_len);
3484     }
3485 
3486     if (free_buf) {
3487         free(host_ifconf);
3488     }
3489 
3490     return ret;
3491 }
3492 
3493 static abi_long do_ioctl_dm(const IOCTLEntry *ie, uint8_t *buf_temp, int fd,
3494                             abi_long cmd, abi_long arg)
3495 {
3496     void *argptr;
3497     struct dm_ioctl *host_dm;
3498     abi_long guest_data;
3499     uint32_t guest_data_size;
3500     int target_size;
3501     const argtype *arg_type = ie->arg_type;
3502     abi_long ret;
3503     void *big_buf = NULL;
3504     char *host_data;
3505 
3506     arg_type++;
3507     target_size = thunk_type_size(arg_type, 0);
3508     argptr = lock_user(VERIFY_READ, arg, target_size, 1);
3509     if (!argptr) {
3510         ret = -TARGET_EFAULT;
3511         goto out;
3512     }
3513     thunk_convert(buf_temp, argptr, arg_type, THUNK_HOST);
3514     unlock_user(argptr, arg, 0);
3515 
3516     /* buf_temp is too small, so fetch things into a bigger buffer */
3517     big_buf = g_malloc0(((struct dm_ioctl*)buf_temp)->data_size * 2);
3518     memcpy(big_buf, buf_temp, target_size);
3519     buf_temp = big_buf;
3520     host_dm = big_buf;
3521 
3522     guest_data = arg + host_dm->data_start;
3523     if ((guest_data - arg) < 0) {
3524         ret = -EINVAL;
3525         goto out;
3526     }
3527     guest_data_size = host_dm->data_size - host_dm->data_start;
3528     host_data = (char*)host_dm + host_dm->data_start;
3529 
3530     argptr = lock_user(VERIFY_READ, guest_data, guest_data_size, 1);
3531     switch (ie->host_cmd) {
3532     case DM_REMOVE_ALL:
3533     case DM_LIST_DEVICES:
3534     case DM_DEV_CREATE:
3535     case DM_DEV_REMOVE:
3536     case DM_DEV_SUSPEND:
3537     case DM_DEV_STATUS:
3538     case DM_DEV_WAIT:
3539     case DM_TABLE_STATUS:
3540     case DM_TABLE_CLEAR:
3541     case DM_TABLE_DEPS:
3542     case DM_LIST_VERSIONS:
3543         /* no input data */
3544         break;
3545     case DM_DEV_RENAME:
3546     case DM_DEV_SET_GEOMETRY:
3547         /* data contains only strings */
3548         memcpy(host_data, argptr, guest_data_size);
3549         break;
3550     case DM_TARGET_MSG:
3551         memcpy(host_data, argptr, guest_data_size);
3552         *(uint64_t*)host_data = tswap64(*(uint64_t*)argptr);
3553         break;
3554     case DM_TABLE_LOAD:
3555     {
3556         void *gspec = argptr;
3557         void *cur_data = host_data;
3558         const argtype arg_type[] = { MK_STRUCT(STRUCT_dm_target_spec) };
3559         int spec_size = thunk_type_size(arg_type, 0);
3560         int i;
3561 
3562         for (i = 0; i < host_dm->target_count; i++) {
3563             struct dm_target_spec *spec = cur_data;
3564             uint32_t next;
3565             int slen;
3566 
3567             thunk_convert(spec, gspec, arg_type, THUNK_HOST);
3568             slen = strlen((char*)gspec + spec_size) + 1;
3569             next = spec->next;
3570             spec->next = sizeof(*spec) + slen;
3571             strcpy((char*)&spec[1], gspec + spec_size);
3572             gspec += next;
3573             cur_data += spec->next;
3574         }
3575         break;
3576     }
3577     default:
3578         ret = -TARGET_EINVAL;
3579         unlock_user(argptr, guest_data, 0);
3580         goto out;
3581     }
3582     unlock_user(argptr, guest_data, 0);
3583 
3584     ret = get_errno(ioctl(fd, ie->host_cmd, buf_temp));
3585     if (!is_error(ret)) {
3586         guest_data = arg + host_dm->data_start;
3587         guest_data_size = host_dm->data_size - host_dm->data_start;
3588         argptr = lock_user(VERIFY_WRITE, guest_data, guest_data_size, 0);
3589         switch (ie->host_cmd) {
3590         case DM_REMOVE_ALL:
3591         case DM_DEV_CREATE:
3592         case DM_DEV_REMOVE:
3593         case DM_DEV_RENAME:
3594         case DM_DEV_SUSPEND:
3595         case DM_DEV_STATUS:
3596         case DM_TABLE_LOAD:
3597         case DM_TABLE_CLEAR:
3598         case DM_TARGET_MSG:
3599         case DM_DEV_SET_GEOMETRY:
3600             /* no return data */
3601             break;
3602         case DM_LIST_DEVICES:
3603         {
3604             struct dm_name_list *nl = (void*)host_dm + host_dm->data_start;
3605             uint32_t remaining_data = guest_data_size;
3606             void *cur_data = argptr;
3607             const argtype arg_type[] = { MK_STRUCT(STRUCT_dm_name_list) };
3608             int nl_size = 12; /* can't use thunk_size due to alignment */
3609 
3610             while (1) {
3611                 uint32_t next = nl->next;
3612                 if (next) {
3613                     nl->next = nl_size + (strlen(nl->name) + 1);
3614                 }
3615                 if (remaining_data < nl->next) {
3616                     host_dm->flags |= DM_BUFFER_FULL_FLAG;
3617                     break;
3618                 }
3619                 thunk_convert(cur_data, nl, arg_type, THUNK_TARGET);
3620                 strcpy(cur_data + nl_size, nl->name);
3621                 cur_data += nl->next;
3622                 remaining_data -= nl->next;
3623                 if (!next) {
3624                     break;
3625                 }
3626                 nl = (void*)nl + next;
3627             }
3628             break;
3629         }
3630         case DM_DEV_WAIT:
3631         case DM_TABLE_STATUS:
3632         {
3633             struct dm_target_spec *spec = (void*)host_dm + host_dm->data_start;
3634             void *cur_data = argptr;
3635             const argtype arg_type[] = { MK_STRUCT(STRUCT_dm_target_spec) };
3636             int spec_size = thunk_type_size(arg_type, 0);
3637             int i;
3638 
3639             for (i = 0; i < host_dm->target_count; i++) {
3640                 uint32_t next = spec->next;
3641                 int slen = strlen((char*)&spec[1]) + 1;
3642                 spec->next = (cur_data - argptr) + spec_size + slen;
3643                 if (guest_data_size < spec->next) {
3644                     host_dm->flags |= DM_BUFFER_FULL_FLAG;
3645                     break;
3646                 }
3647                 thunk_convert(cur_data, spec, arg_type, THUNK_TARGET);
3648                 strcpy(cur_data + spec_size, (char*)&spec[1]);
3649                 cur_data = argptr + spec->next;
3650                 spec = (void*)host_dm + host_dm->data_start + next;
3651             }
3652             break;
3653         }
3654         case DM_TABLE_DEPS:
3655         {
3656             void *hdata = (void*)host_dm + host_dm->data_start;
3657             int count = *(uint32_t*)hdata;
3658             uint64_t *hdev = hdata + 8;
3659             uint64_t *gdev = argptr + 8;
3660             int i;
3661 
3662             *(uint32_t*)argptr = tswap32(count);
3663             for (i = 0; i < count; i++) {
3664                 *gdev = tswap64(*hdev);
3665                 gdev++;
3666                 hdev++;
3667             }
3668             break;
3669         }
3670         case DM_LIST_VERSIONS:
3671         {
3672             struct dm_target_versions *vers = (void*)host_dm + host_dm->data_start;
3673             uint32_t remaining_data = guest_data_size;
3674             void *cur_data = argptr;
3675             const argtype arg_type[] = { MK_STRUCT(STRUCT_dm_target_versions) };
3676             int vers_size = thunk_type_size(arg_type, 0);
3677 
3678             while (1) {
3679                 uint32_t next = vers->next;
3680                 if (next) {
3681                     vers->next = vers_size + (strlen(vers->name) + 1);
3682                 }
3683                 if (remaining_data < vers->next) {
3684                     host_dm->flags |= DM_BUFFER_FULL_FLAG;
3685                     break;
3686                 }
3687                 thunk_convert(cur_data, vers, arg_type, THUNK_TARGET);
3688                 strcpy(cur_data + vers_size, vers->name);
3689                 cur_data += vers->next;
3690                 remaining_data -= vers->next;
3691                 if (!next) {
3692                     break;
3693                 }
3694                 vers = (void*)vers + next;
3695             }
3696             break;
3697         }
3698         default:
3699             unlock_user(argptr, guest_data, 0);
3700             ret = -TARGET_EINVAL;
3701             goto out;
3702         }
3703         unlock_user(argptr, guest_data, guest_data_size);
3704 
3705         argptr = lock_user(VERIFY_WRITE, arg, target_size, 0);
3706         if (!argptr) {
3707             ret = -TARGET_EFAULT;
3708             goto out;
3709         }
3710         thunk_convert(argptr, buf_temp, arg_type, THUNK_TARGET);
3711         unlock_user(argptr, arg, target_size);
3712     }
3713 out:
3714     g_free(big_buf);
3715     return ret;
3716 }
3717 
3718 static abi_long do_ioctl_blkpg(const IOCTLEntry *ie, uint8_t *buf_temp, int fd,
3719                                abi_long cmd, abi_long arg)
3720 {
3721     void *argptr;
3722     int target_size;
3723     const argtype *arg_type = ie->arg_type;
3724     const argtype part_arg_type[] = { MK_STRUCT(STRUCT_blkpg_partition) };
3725     abi_long ret;
3726 
3727     struct blkpg_ioctl_arg *host_blkpg = (void*)buf_temp;
3728     struct blkpg_partition host_part;
3729 
3730     /* Read and convert blkpg */
3731     arg_type++;
3732     target_size = thunk_type_size(arg_type, 0);
3733     argptr = lock_user(VERIFY_READ, arg, target_size, 1);
3734     if (!argptr) {
3735         ret = -TARGET_EFAULT;
3736         goto out;
3737     }
3738     thunk_convert(buf_temp, argptr, arg_type, THUNK_HOST);
3739     unlock_user(argptr, arg, 0);
3740 
3741     switch (host_blkpg->op) {
3742     case BLKPG_ADD_PARTITION:
3743     case BLKPG_DEL_PARTITION:
3744         /* payload is struct blkpg_partition */
3745         break;
3746     default:
3747         /* Unknown opcode */
3748         ret = -TARGET_EINVAL;
3749         goto out;
3750     }
3751 
3752     /* Read and convert blkpg->data */
3753     arg = (abi_long)(uintptr_t)host_blkpg->data;
3754     target_size = thunk_type_size(part_arg_type, 0);
3755     argptr = lock_user(VERIFY_READ, arg, target_size, 1);
3756     if (!argptr) {
3757         ret = -TARGET_EFAULT;
3758         goto out;
3759     }
3760     thunk_convert(&host_part, argptr, part_arg_type, THUNK_HOST);
3761     unlock_user(argptr, arg, 0);
3762 
3763     /* Swizzle the data pointer to our local copy and call! */
3764     host_blkpg->data = &host_part;
3765     ret = get_errno(ioctl(fd, ie->host_cmd, host_blkpg));
3766 
3767 out:
3768     return ret;
3769 }
3770 
3771 static abi_long do_ioctl_rt(const IOCTLEntry *ie, uint8_t *buf_temp,
3772                                 int fd, abi_long cmd, abi_long arg)
3773 {
3774     const argtype *arg_type = ie->arg_type;
3775     const StructEntry *se;
3776     const argtype *field_types;
3777     const int *dst_offsets, *src_offsets;
3778     int target_size;
3779     void *argptr;
3780     abi_ulong *target_rt_dev_ptr;
3781     unsigned long *host_rt_dev_ptr;
3782     abi_long ret;
3783     int i;
3784 
3785     assert(ie->access == IOC_W);
3786     assert(*arg_type == TYPE_PTR);
3787     arg_type++;
3788     assert(*arg_type == TYPE_STRUCT);
3789     target_size = thunk_type_size(arg_type, 0);
3790     argptr = lock_user(VERIFY_READ, arg, target_size, 1);
3791     if (!argptr) {
3792         return -TARGET_EFAULT;
3793     }
3794     arg_type++;
3795     assert(*arg_type == (int)STRUCT_rtentry);
3796     se = struct_entries + *arg_type++;
3797     assert(se->convert[0] == NULL);
3798     /* convert struct here to be able to catch rt_dev string */
3799     field_types = se->field_types;
3800     dst_offsets = se->field_offsets[THUNK_HOST];
3801     src_offsets = se->field_offsets[THUNK_TARGET];
3802     for (i = 0; i < se->nb_fields; i++) {
3803         if (dst_offsets[i] == offsetof(struct rtentry, rt_dev)) {
3804             assert(*field_types == TYPE_PTRVOID);
3805             target_rt_dev_ptr = (abi_ulong *)(argptr + src_offsets[i]);
3806             host_rt_dev_ptr = (unsigned long *)(buf_temp + dst_offsets[i]);
3807             if (*target_rt_dev_ptr != 0) {
3808                 *host_rt_dev_ptr = (unsigned long)lock_user_string(
3809                                                   tswapal(*target_rt_dev_ptr));
3810                 if (!*host_rt_dev_ptr) {
3811                     unlock_user(argptr, arg, 0);
3812                     return -TARGET_EFAULT;
3813                 }
3814             } else {
3815                 *host_rt_dev_ptr = 0;
3816             }
3817             field_types++;
3818             continue;
3819         }
3820         field_types = thunk_convert(buf_temp + dst_offsets[i],
3821                                     argptr + src_offsets[i],
3822                                     field_types, THUNK_HOST);
3823     }
3824     unlock_user(argptr, arg, 0);
3825 
3826     ret = get_errno(ioctl(fd, ie->host_cmd, buf_temp));
3827     if (*host_rt_dev_ptr != 0) {
3828         unlock_user((void *)*host_rt_dev_ptr,
3829                     *target_rt_dev_ptr, 0);
3830     }
3831     return ret;
3832 }
3833 
3834 static abi_long do_ioctl_kdsigaccept(const IOCTLEntry *ie, uint8_t *buf_temp,
3835                                      int fd, abi_long cmd, abi_long arg)
3836 {
3837     int sig = target_to_host_signal(arg);
3838     return get_errno(ioctl(fd, ie->host_cmd, sig));
3839 }
3840 
3841 static IOCTLEntry ioctl_entries[] = {
3842 #define IOCTL(cmd, access, ...) \
3843     { TARGET_ ## cmd, cmd, #cmd, access, 0, {  __VA_ARGS__ } },
3844 #define IOCTL_SPECIAL(cmd, access, dofn, ...)                      \
3845     { TARGET_ ## cmd, cmd, #cmd, access, dofn, {  __VA_ARGS__ } },
3846 #include "ioctls.h"
3847     { 0, 0, },
3848 };
3849 
3850 /* ??? Implement proper locking for ioctls.  */
3851 /* do_ioctl() Must return target values and target errnos. */
3852 static abi_long do_ioctl(int fd, abi_long cmd, abi_long arg)
3853 {
3854     const IOCTLEntry *ie;
3855     const argtype *arg_type;
3856     abi_long ret;
3857     uint8_t buf_temp[MAX_STRUCT_SIZE];
3858     int target_size;
3859     void *argptr;
3860 
3861     ie = ioctl_entries;
3862     for(;;) {
3863         if (ie->target_cmd == 0) {
3864             gemu_log("Unsupported ioctl: cmd=0x%04lx\n", (long)cmd);
3865             return -TARGET_ENOSYS;
3866         }
3867         if (ie->target_cmd == cmd)
3868             break;
3869         ie++;
3870     }
3871     arg_type = ie->arg_type;
3872 #if defined(DEBUG)
3873     gemu_log("ioctl: cmd=0x%04lx (%s)\n", (long)cmd, ie->name);
3874 #endif
3875     if (ie->do_ioctl) {
3876         return ie->do_ioctl(ie, buf_temp, fd, cmd, arg);
3877     }
3878 
3879     switch(arg_type[0]) {
3880     case TYPE_NULL:
3881         /* no argument */
3882         ret = get_errno(ioctl(fd, ie->host_cmd));
3883         break;
3884     case TYPE_PTRVOID:
3885     case TYPE_INT:
3886         /* int argment */
3887         ret = get_errno(ioctl(fd, ie->host_cmd, arg));
3888         break;
3889     case TYPE_PTR:
3890         arg_type++;
3891         target_size = thunk_type_size(arg_type, 0);
3892         switch(ie->access) {
3893         case IOC_R:
3894             ret = get_errno(ioctl(fd, ie->host_cmd, buf_temp));
3895             if (!is_error(ret)) {
3896                 argptr = lock_user(VERIFY_WRITE, arg, target_size, 0);
3897                 if (!argptr)
3898                     return -TARGET_EFAULT;
3899                 thunk_convert(argptr, buf_temp, arg_type, THUNK_TARGET);
3900                 unlock_user(argptr, arg, target_size);
3901             }
3902             break;
3903         case IOC_W:
3904             argptr = lock_user(VERIFY_READ, arg, target_size, 1);
3905             if (!argptr)
3906                 return -TARGET_EFAULT;
3907             thunk_convert(buf_temp, argptr, arg_type, THUNK_HOST);
3908             unlock_user(argptr, arg, 0);
3909             ret = get_errno(ioctl(fd, ie->host_cmd, buf_temp));
3910             break;
3911         default:
3912         case IOC_RW:
3913             argptr = lock_user(VERIFY_READ, arg, target_size, 1);
3914             if (!argptr)
3915                 return -TARGET_EFAULT;
3916             thunk_convert(buf_temp, argptr, arg_type, THUNK_HOST);
3917             unlock_user(argptr, arg, 0);
3918             ret = get_errno(ioctl(fd, ie->host_cmd, buf_temp));
3919             if (!is_error(ret)) {
3920                 argptr = lock_user(VERIFY_WRITE, arg, target_size, 0);
3921                 if (!argptr)
3922                     return -TARGET_EFAULT;
3923                 thunk_convert(argptr, buf_temp, arg_type, THUNK_TARGET);
3924                 unlock_user(argptr, arg, target_size);
3925             }
3926             break;
3927         }
3928         break;
3929     default:
3930         gemu_log("Unsupported ioctl type: cmd=0x%04lx type=%d\n",
3931                  (long)cmd, arg_type[0]);
3932         ret = -TARGET_ENOSYS;
3933         break;
3934     }
3935     return ret;
3936 }
3937 
3938 static const bitmask_transtbl iflag_tbl[] = {
3939         { TARGET_IGNBRK, TARGET_IGNBRK, IGNBRK, IGNBRK },
3940         { TARGET_BRKINT, TARGET_BRKINT, BRKINT, BRKINT },
3941         { TARGET_IGNPAR, TARGET_IGNPAR, IGNPAR, IGNPAR },
3942         { TARGET_PARMRK, TARGET_PARMRK, PARMRK, PARMRK },
3943         { TARGET_INPCK, TARGET_INPCK, INPCK, INPCK },
3944         { TARGET_ISTRIP, TARGET_ISTRIP, ISTRIP, ISTRIP },
3945         { TARGET_INLCR, TARGET_INLCR, INLCR, INLCR },
3946         { TARGET_IGNCR, TARGET_IGNCR, IGNCR, IGNCR },
3947         { TARGET_ICRNL, TARGET_ICRNL, ICRNL, ICRNL },
3948         { TARGET_IUCLC, TARGET_IUCLC, IUCLC, IUCLC },
3949         { TARGET_IXON, TARGET_IXON, IXON, IXON },
3950         { TARGET_IXANY, TARGET_IXANY, IXANY, IXANY },
3951         { TARGET_IXOFF, TARGET_IXOFF, IXOFF, IXOFF },
3952         { TARGET_IMAXBEL, TARGET_IMAXBEL, IMAXBEL, IMAXBEL },
3953         { 0, 0, 0, 0 }
3954 };
3955 
3956 static const bitmask_transtbl oflag_tbl[] = {
3957 	{ TARGET_OPOST, TARGET_OPOST, OPOST, OPOST },
3958 	{ TARGET_OLCUC, TARGET_OLCUC, OLCUC, OLCUC },
3959 	{ TARGET_ONLCR, TARGET_ONLCR, ONLCR, ONLCR },
3960 	{ TARGET_OCRNL, TARGET_OCRNL, OCRNL, OCRNL },
3961 	{ TARGET_ONOCR, TARGET_ONOCR, ONOCR, ONOCR },
3962 	{ TARGET_ONLRET, TARGET_ONLRET, ONLRET, ONLRET },
3963 	{ TARGET_OFILL, TARGET_OFILL, OFILL, OFILL },
3964 	{ TARGET_OFDEL, TARGET_OFDEL, OFDEL, OFDEL },
3965 	{ TARGET_NLDLY, TARGET_NL0, NLDLY, NL0 },
3966 	{ TARGET_NLDLY, TARGET_NL1, NLDLY, NL1 },
3967 	{ TARGET_CRDLY, TARGET_CR0, CRDLY, CR0 },
3968 	{ TARGET_CRDLY, TARGET_CR1, CRDLY, CR1 },
3969 	{ TARGET_CRDLY, TARGET_CR2, CRDLY, CR2 },
3970 	{ TARGET_CRDLY, TARGET_CR3, CRDLY, CR3 },
3971 	{ TARGET_TABDLY, TARGET_TAB0, TABDLY, TAB0 },
3972 	{ TARGET_TABDLY, TARGET_TAB1, TABDLY, TAB1 },
3973 	{ TARGET_TABDLY, TARGET_TAB2, TABDLY, TAB2 },
3974 	{ TARGET_TABDLY, TARGET_TAB3, TABDLY, TAB3 },
3975 	{ TARGET_BSDLY, TARGET_BS0, BSDLY, BS0 },
3976 	{ TARGET_BSDLY, TARGET_BS1, BSDLY, BS1 },
3977 	{ TARGET_VTDLY, TARGET_VT0, VTDLY, VT0 },
3978 	{ TARGET_VTDLY, TARGET_VT1, VTDLY, VT1 },
3979 	{ TARGET_FFDLY, TARGET_FF0, FFDLY, FF0 },
3980 	{ TARGET_FFDLY, TARGET_FF1, FFDLY, FF1 },
3981 	{ 0, 0, 0, 0 }
3982 };
3983 
3984 static const bitmask_transtbl cflag_tbl[] = {
3985 	{ TARGET_CBAUD, TARGET_B0, CBAUD, B0 },
3986 	{ TARGET_CBAUD, TARGET_B50, CBAUD, B50 },
3987 	{ TARGET_CBAUD, TARGET_B75, CBAUD, B75 },
3988 	{ TARGET_CBAUD, TARGET_B110, CBAUD, B110 },
3989 	{ TARGET_CBAUD, TARGET_B134, CBAUD, B134 },
3990 	{ TARGET_CBAUD, TARGET_B150, CBAUD, B150 },
3991 	{ TARGET_CBAUD, TARGET_B200, CBAUD, B200 },
3992 	{ TARGET_CBAUD, TARGET_B300, CBAUD, B300 },
3993 	{ TARGET_CBAUD, TARGET_B600, CBAUD, B600 },
3994 	{ TARGET_CBAUD, TARGET_B1200, CBAUD, B1200 },
3995 	{ TARGET_CBAUD, TARGET_B1800, CBAUD, B1800 },
3996 	{ TARGET_CBAUD, TARGET_B2400, CBAUD, B2400 },
3997 	{ TARGET_CBAUD, TARGET_B4800, CBAUD, B4800 },
3998 	{ TARGET_CBAUD, TARGET_B9600, CBAUD, B9600 },
3999 	{ TARGET_CBAUD, TARGET_B19200, CBAUD, B19200 },
4000 	{ TARGET_CBAUD, TARGET_B38400, CBAUD, B38400 },
4001 	{ TARGET_CBAUD, TARGET_B57600, CBAUD, B57600 },
4002 	{ TARGET_CBAUD, TARGET_B115200, CBAUD, B115200 },
4003 	{ TARGET_CBAUD, TARGET_B230400, CBAUD, B230400 },
4004 	{ TARGET_CBAUD, TARGET_B460800, CBAUD, B460800 },
4005 	{ TARGET_CSIZE, TARGET_CS5, CSIZE, CS5 },
4006 	{ TARGET_CSIZE, TARGET_CS6, CSIZE, CS6 },
4007 	{ TARGET_CSIZE, TARGET_CS7, CSIZE, CS7 },
4008 	{ TARGET_CSIZE, TARGET_CS8, CSIZE, CS8 },
4009 	{ TARGET_CSTOPB, TARGET_CSTOPB, CSTOPB, CSTOPB },
4010 	{ TARGET_CREAD, TARGET_CREAD, CREAD, CREAD },
4011 	{ TARGET_PARENB, TARGET_PARENB, PARENB, PARENB },
4012 	{ TARGET_PARODD, TARGET_PARODD, PARODD, PARODD },
4013 	{ TARGET_HUPCL, TARGET_HUPCL, HUPCL, HUPCL },
4014 	{ TARGET_CLOCAL, TARGET_CLOCAL, CLOCAL, CLOCAL },
4015 	{ TARGET_CRTSCTS, TARGET_CRTSCTS, CRTSCTS, CRTSCTS },
4016 	{ 0, 0, 0, 0 }
4017 };
4018 
4019 static const bitmask_transtbl lflag_tbl[] = {
4020 	{ TARGET_ISIG, TARGET_ISIG, ISIG, ISIG },
4021 	{ TARGET_ICANON, TARGET_ICANON, ICANON, ICANON },
4022 	{ TARGET_XCASE, TARGET_XCASE, XCASE, XCASE },
4023 	{ TARGET_ECHO, TARGET_ECHO, ECHO, ECHO },
4024 	{ TARGET_ECHOE, TARGET_ECHOE, ECHOE, ECHOE },
4025 	{ TARGET_ECHOK, TARGET_ECHOK, ECHOK, ECHOK },
4026 	{ TARGET_ECHONL, TARGET_ECHONL, ECHONL, ECHONL },
4027 	{ TARGET_NOFLSH, TARGET_NOFLSH, NOFLSH, NOFLSH },
4028 	{ TARGET_TOSTOP, TARGET_TOSTOP, TOSTOP, TOSTOP },
4029 	{ TARGET_ECHOCTL, TARGET_ECHOCTL, ECHOCTL, ECHOCTL },
4030 	{ TARGET_ECHOPRT, TARGET_ECHOPRT, ECHOPRT, ECHOPRT },
4031 	{ TARGET_ECHOKE, TARGET_ECHOKE, ECHOKE, ECHOKE },
4032 	{ TARGET_FLUSHO, TARGET_FLUSHO, FLUSHO, FLUSHO },
4033 	{ TARGET_PENDIN, TARGET_PENDIN, PENDIN, PENDIN },
4034 	{ TARGET_IEXTEN, TARGET_IEXTEN, IEXTEN, IEXTEN },
4035 	{ 0, 0, 0, 0 }
4036 };
4037 
4038 static void target_to_host_termios (void *dst, const void *src)
4039 {
4040     struct host_termios *host = dst;
4041     const struct target_termios *target = src;
4042 
4043     host->c_iflag =
4044         target_to_host_bitmask(tswap32(target->c_iflag), iflag_tbl);
4045     host->c_oflag =
4046         target_to_host_bitmask(tswap32(target->c_oflag), oflag_tbl);
4047     host->c_cflag =
4048         target_to_host_bitmask(tswap32(target->c_cflag), cflag_tbl);
4049     host->c_lflag =
4050         target_to_host_bitmask(tswap32(target->c_lflag), lflag_tbl);
4051     host->c_line = target->c_line;
4052 
4053     memset(host->c_cc, 0, sizeof(host->c_cc));
4054     host->c_cc[VINTR] = target->c_cc[TARGET_VINTR];
4055     host->c_cc[VQUIT] = target->c_cc[TARGET_VQUIT];
4056     host->c_cc[VERASE] = target->c_cc[TARGET_VERASE];
4057     host->c_cc[VKILL] = target->c_cc[TARGET_VKILL];
4058     host->c_cc[VEOF] = target->c_cc[TARGET_VEOF];
4059     host->c_cc[VTIME] = target->c_cc[TARGET_VTIME];
4060     host->c_cc[VMIN] = target->c_cc[TARGET_VMIN];
4061     host->c_cc[VSWTC] = target->c_cc[TARGET_VSWTC];
4062     host->c_cc[VSTART] = target->c_cc[TARGET_VSTART];
4063     host->c_cc[VSTOP] = target->c_cc[TARGET_VSTOP];
4064     host->c_cc[VSUSP] = target->c_cc[TARGET_VSUSP];
4065     host->c_cc[VEOL] = target->c_cc[TARGET_VEOL];
4066     host->c_cc[VREPRINT] = target->c_cc[TARGET_VREPRINT];
4067     host->c_cc[VDISCARD] = target->c_cc[TARGET_VDISCARD];
4068     host->c_cc[VWERASE] = target->c_cc[TARGET_VWERASE];
4069     host->c_cc[VLNEXT] = target->c_cc[TARGET_VLNEXT];
4070     host->c_cc[VEOL2] = target->c_cc[TARGET_VEOL2];
4071 }
4072 
4073 static void host_to_target_termios (void *dst, const void *src)
4074 {
4075     struct target_termios *target = dst;
4076     const struct host_termios *host = src;
4077 
4078     target->c_iflag =
4079         tswap32(host_to_target_bitmask(host->c_iflag, iflag_tbl));
4080     target->c_oflag =
4081         tswap32(host_to_target_bitmask(host->c_oflag, oflag_tbl));
4082     target->c_cflag =
4083         tswap32(host_to_target_bitmask(host->c_cflag, cflag_tbl));
4084     target->c_lflag =
4085         tswap32(host_to_target_bitmask(host->c_lflag, lflag_tbl));
4086     target->c_line = host->c_line;
4087 
4088     memset(target->c_cc, 0, sizeof(target->c_cc));
4089     target->c_cc[TARGET_VINTR] = host->c_cc[VINTR];
4090     target->c_cc[TARGET_VQUIT] = host->c_cc[VQUIT];
4091     target->c_cc[TARGET_VERASE] = host->c_cc[VERASE];
4092     target->c_cc[TARGET_VKILL] = host->c_cc[VKILL];
4093     target->c_cc[TARGET_VEOF] = host->c_cc[VEOF];
4094     target->c_cc[TARGET_VTIME] = host->c_cc[VTIME];
4095     target->c_cc[TARGET_VMIN] = host->c_cc[VMIN];
4096     target->c_cc[TARGET_VSWTC] = host->c_cc[VSWTC];
4097     target->c_cc[TARGET_VSTART] = host->c_cc[VSTART];
4098     target->c_cc[TARGET_VSTOP] = host->c_cc[VSTOP];
4099     target->c_cc[TARGET_VSUSP] = host->c_cc[VSUSP];
4100     target->c_cc[TARGET_VEOL] = host->c_cc[VEOL];
4101     target->c_cc[TARGET_VREPRINT] = host->c_cc[VREPRINT];
4102     target->c_cc[TARGET_VDISCARD] = host->c_cc[VDISCARD];
4103     target->c_cc[TARGET_VWERASE] = host->c_cc[VWERASE];
4104     target->c_cc[TARGET_VLNEXT] = host->c_cc[VLNEXT];
4105     target->c_cc[TARGET_VEOL2] = host->c_cc[VEOL2];
4106 }
4107 
4108 static const StructEntry struct_termios_def = {
4109     .convert = { host_to_target_termios, target_to_host_termios },
4110     .size = { sizeof(struct target_termios), sizeof(struct host_termios) },
4111     .align = { __alignof__(struct target_termios), __alignof__(struct host_termios) },
4112 };
4113 
4114 static bitmask_transtbl mmap_flags_tbl[] = {
4115 	{ TARGET_MAP_SHARED, TARGET_MAP_SHARED, MAP_SHARED, MAP_SHARED },
4116 	{ TARGET_MAP_PRIVATE, TARGET_MAP_PRIVATE, MAP_PRIVATE, MAP_PRIVATE },
4117 	{ TARGET_MAP_FIXED, TARGET_MAP_FIXED, MAP_FIXED, MAP_FIXED },
4118 	{ TARGET_MAP_ANONYMOUS, TARGET_MAP_ANONYMOUS, MAP_ANONYMOUS, MAP_ANONYMOUS },
4119 	{ TARGET_MAP_GROWSDOWN, TARGET_MAP_GROWSDOWN, MAP_GROWSDOWN, MAP_GROWSDOWN },
4120 	{ TARGET_MAP_DENYWRITE, TARGET_MAP_DENYWRITE, MAP_DENYWRITE, MAP_DENYWRITE },
4121 	{ TARGET_MAP_EXECUTABLE, TARGET_MAP_EXECUTABLE, MAP_EXECUTABLE, MAP_EXECUTABLE },
4122 	{ TARGET_MAP_LOCKED, TARGET_MAP_LOCKED, MAP_LOCKED, MAP_LOCKED },
4123         { TARGET_MAP_NORESERVE, TARGET_MAP_NORESERVE, MAP_NORESERVE,
4124           MAP_NORESERVE },
4125 	{ 0, 0, 0, 0 }
4126 };
4127 
4128 #if defined(TARGET_I386)
4129 
4130 /* NOTE: there is really one LDT for all the threads */
4131 static uint8_t *ldt_table;
4132 
4133 static abi_long read_ldt(abi_ulong ptr, unsigned long bytecount)
4134 {
4135     int size;
4136     void *p;
4137 
4138     if (!ldt_table)
4139         return 0;
4140     size = TARGET_LDT_ENTRIES * TARGET_LDT_ENTRY_SIZE;
4141     if (size > bytecount)
4142         size = bytecount;
4143     p = lock_user(VERIFY_WRITE, ptr, size, 0);
4144     if (!p)
4145         return -TARGET_EFAULT;
4146     /* ??? Should this by byteswapped?  */
4147     memcpy(p, ldt_table, size);
4148     unlock_user(p, ptr, size);
4149     return size;
4150 }
4151 
4152 /* XXX: add locking support */
4153 static abi_long write_ldt(CPUX86State *env,
4154                           abi_ulong ptr, unsigned long bytecount, int oldmode)
4155 {
4156     struct target_modify_ldt_ldt_s ldt_info;
4157     struct target_modify_ldt_ldt_s *target_ldt_info;
4158     int seg_32bit, contents, read_exec_only, limit_in_pages;
4159     int seg_not_present, useable, lm;
4160     uint32_t *lp, entry_1, entry_2;
4161 
4162     if (bytecount != sizeof(ldt_info))
4163         return -TARGET_EINVAL;
4164     if (!lock_user_struct(VERIFY_READ, target_ldt_info, ptr, 1))
4165         return -TARGET_EFAULT;
4166     ldt_info.entry_number = tswap32(target_ldt_info->entry_number);
4167     ldt_info.base_addr = tswapal(target_ldt_info->base_addr);
4168     ldt_info.limit = tswap32(target_ldt_info->limit);
4169     ldt_info.flags = tswap32(target_ldt_info->flags);
4170     unlock_user_struct(target_ldt_info, ptr, 0);
4171 
4172     if (ldt_info.entry_number >= TARGET_LDT_ENTRIES)
4173         return -TARGET_EINVAL;
4174     seg_32bit = ldt_info.flags & 1;
4175     contents = (ldt_info.flags >> 1) & 3;
4176     read_exec_only = (ldt_info.flags >> 3) & 1;
4177     limit_in_pages = (ldt_info.flags >> 4) & 1;
4178     seg_not_present = (ldt_info.flags >> 5) & 1;
4179     useable = (ldt_info.flags >> 6) & 1;
4180 #ifdef TARGET_ABI32
4181     lm = 0;
4182 #else
4183     lm = (ldt_info.flags >> 7) & 1;
4184 #endif
4185     if (contents == 3) {
4186         if (oldmode)
4187             return -TARGET_EINVAL;
4188         if (seg_not_present == 0)
4189             return -TARGET_EINVAL;
4190     }
4191     /* allocate the LDT */
4192     if (!ldt_table) {
4193         env->ldt.base = target_mmap(0,
4194                                     TARGET_LDT_ENTRIES * TARGET_LDT_ENTRY_SIZE,
4195                                     PROT_READ|PROT_WRITE,
4196                                     MAP_ANONYMOUS|MAP_PRIVATE, -1, 0);
4197         if (env->ldt.base == -1)
4198             return -TARGET_ENOMEM;
4199         memset(g2h(env->ldt.base), 0,
4200                TARGET_LDT_ENTRIES * TARGET_LDT_ENTRY_SIZE);
4201         env->ldt.limit = 0xffff;
4202         ldt_table = g2h(env->ldt.base);
4203     }
4204 
4205     /* NOTE: same code as Linux kernel */
4206     /* Allow LDTs to be cleared by the user. */
4207     if (ldt_info.base_addr == 0 && ldt_info.limit == 0) {
4208         if (oldmode ||
4209             (contents == 0		&&
4210              read_exec_only == 1	&&
4211              seg_32bit == 0		&&
4212              limit_in_pages == 0	&&
4213              seg_not_present == 1	&&
4214              useable == 0 )) {
4215             entry_1 = 0;
4216             entry_2 = 0;
4217             goto install;
4218         }
4219     }
4220 
4221     entry_1 = ((ldt_info.base_addr & 0x0000ffff) << 16) |
4222         (ldt_info.limit & 0x0ffff);
4223     entry_2 = (ldt_info.base_addr & 0xff000000) |
4224         ((ldt_info.base_addr & 0x00ff0000) >> 16) |
4225         (ldt_info.limit & 0xf0000) |
4226         ((read_exec_only ^ 1) << 9) |
4227         (contents << 10) |
4228         ((seg_not_present ^ 1) << 15) |
4229         (seg_32bit << 22) |
4230         (limit_in_pages << 23) |
4231         (lm << 21) |
4232         0x7000;
4233     if (!oldmode)
4234         entry_2 |= (useable << 20);
4235 
4236     /* Install the new entry ...  */
4237 install:
4238     lp = (uint32_t *)(ldt_table + (ldt_info.entry_number << 3));
4239     lp[0] = tswap32(entry_1);
4240     lp[1] = tswap32(entry_2);
4241     return 0;
4242 }
4243 
4244 /* specific and weird i386 syscalls */
4245 static abi_long do_modify_ldt(CPUX86State *env, int func, abi_ulong ptr,
4246                               unsigned long bytecount)
4247 {
4248     abi_long ret;
4249 
4250     switch (func) {
4251     case 0:
4252         ret = read_ldt(ptr, bytecount);
4253         break;
4254     case 1:
4255         ret = write_ldt(env, ptr, bytecount, 1);
4256         break;
4257     case 0x11:
4258         ret = write_ldt(env, ptr, bytecount, 0);
4259         break;
4260     default:
4261         ret = -TARGET_ENOSYS;
4262         break;
4263     }
4264     return ret;
4265 }
4266 
4267 #if defined(TARGET_I386) && defined(TARGET_ABI32)
4268 abi_long do_set_thread_area(CPUX86State *env, abi_ulong ptr)
4269 {
4270     uint64_t *gdt_table = g2h(env->gdt.base);
4271     struct target_modify_ldt_ldt_s ldt_info;
4272     struct target_modify_ldt_ldt_s *target_ldt_info;
4273     int seg_32bit, contents, read_exec_only, limit_in_pages;
4274     int seg_not_present, useable, lm;
4275     uint32_t *lp, entry_1, entry_2;
4276     int i;
4277 
4278     lock_user_struct(VERIFY_WRITE, target_ldt_info, ptr, 1);
4279     if (!target_ldt_info)
4280         return -TARGET_EFAULT;
4281     ldt_info.entry_number = tswap32(target_ldt_info->entry_number);
4282     ldt_info.base_addr = tswapal(target_ldt_info->base_addr);
4283     ldt_info.limit = tswap32(target_ldt_info->limit);
4284     ldt_info.flags = tswap32(target_ldt_info->flags);
4285     if (ldt_info.entry_number == -1) {
4286         for (i=TARGET_GDT_ENTRY_TLS_MIN; i<=TARGET_GDT_ENTRY_TLS_MAX; i++) {
4287             if (gdt_table[i] == 0) {
4288                 ldt_info.entry_number = i;
4289                 target_ldt_info->entry_number = tswap32(i);
4290                 break;
4291             }
4292         }
4293     }
4294     unlock_user_struct(target_ldt_info, ptr, 1);
4295 
4296     if (ldt_info.entry_number < TARGET_GDT_ENTRY_TLS_MIN ||
4297         ldt_info.entry_number > TARGET_GDT_ENTRY_TLS_MAX)
4298            return -TARGET_EINVAL;
4299     seg_32bit = ldt_info.flags & 1;
4300     contents = (ldt_info.flags >> 1) & 3;
4301     read_exec_only = (ldt_info.flags >> 3) & 1;
4302     limit_in_pages = (ldt_info.flags >> 4) & 1;
4303     seg_not_present = (ldt_info.flags >> 5) & 1;
4304     useable = (ldt_info.flags >> 6) & 1;
4305 #ifdef TARGET_ABI32
4306     lm = 0;
4307 #else
4308     lm = (ldt_info.flags >> 7) & 1;
4309 #endif
4310 
4311     if (contents == 3) {
4312         if (seg_not_present == 0)
4313             return -TARGET_EINVAL;
4314     }
4315 
4316     /* NOTE: same code as Linux kernel */
4317     /* Allow LDTs to be cleared by the user. */
4318     if (ldt_info.base_addr == 0 && ldt_info.limit == 0) {
4319         if ((contents == 0             &&
4320              read_exec_only == 1       &&
4321              seg_32bit == 0            &&
4322              limit_in_pages == 0       &&
4323              seg_not_present == 1      &&
4324              useable == 0 )) {
4325             entry_1 = 0;
4326             entry_2 = 0;
4327             goto install;
4328         }
4329     }
4330 
4331     entry_1 = ((ldt_info.base_addr & 0x0000ffff) << 16) |
4332         (ldt_info.limit & 0x0ffff);
4333     entry_2 = (ldt_info.base_addr & 0xff000000) |
4334         ((ldt_info.base_addr & 0x00ff0000) >> 16) |
4335         (ldt_info.limit & 0xf0000) |
4336         ((read_exec_only ^ 1) << 9) |
4337         (contents << 10) |
4338         ((seg_not_present ^ 1) << 15) |
4339         (seg_32bit << 22) |
4340         (limit_in_pages << 23) |
4341         (useable << 20) |
4342         (lm << 21) |
4343         0x7000;
4344 
4345     /* Install the new entry ...  */
4346 install:
4347     lp = (uint32_t *)(gdt_table + ldt_info.entry_number);
4348     lp[0] = tswap32(entry_1);
4349     lp[1] = tswap32(entry_2);
4350     return 0;
4351 }
4352 
4353 static abi_long do_get_thread_area(CPUX86State *env, abi_ulong ptr)
4354 {
4355     struct target_modify_ldt_ldt_s *target_ldt_info;
4356     uint64_t *gdt_table = g2h(env->gdt.base);
4357     uint32_t base_addr, limit, flags;
4358     int seg_32bit, contents, read_exec_only, limit_in_pages, idx;
4359     int seg_not_present, useable, lm;
4360     uint32_t *lp, entry_1, entry_2;
4361 
4362     lock_user_struct(VERIFY_WRITE, target_ldt_info, ptr, 1);
4363     if (!target_ldt_info)
4364         return -TARGET_EFAULT;
4365     idx = tswap32(target_ldt_info->entry_number);
4366     if (idx < TARGET_GDT_ENTRY_TLS_MIN ||
4367         idx > TARGET_GDT_ENTRY_TLS_MAX) {
4368         unlock_user_struct(target_ldt_info, ptr, 1);
4369         return -TARGET_EINVAL;
4370     }
4371     lp = (uint32_t *)(gdt_table + idx);
4372     entry_1 = tswap32(lp[0]);
4373     entry_2 = tswap32(lp[1]);
4374 
4375     read_exec_only = ((entry_2 >> 9) & 1) ^ 1;
4376     contents = (entry_2 >> 10) & 3;
4377     seg_not_present = ((entry_2 >> 15) & 1) ^ 1;
4378     seg_32bit = (entry_2 >> 22) & 1;
4379     limit_in_pages = (entry_2 >> 23) & 1;
4380     useable = (entry_2 >> 20) & 1;
4381 #ifdef TARGET_ABI32
4382     lm = 0;
4383 #else
4384     lm = (entry_2 >> 21) & 1;
4385 #endif
4386     flags = (seg_32bit << 0) | (contents << 1) |
4387         (read_exec_only << 3) | (limit_in_pages << 4) |
4388         (seg_not_present << 5) | (useable << 6) | (lm << 7);
4389     limit = (entry_1 & 0xffff) | (entry_2  & 0xf0000);
4390     base_addr = (entry_1 >> 16) |
4391         (entry_2 & 0xff000000) |
4392         ((entry_2 & 0xff) << 16);
4393     target_ldt_info->base_addr = tswapal(base_addr);
4394     target_ldt_info->limit = tswap32(limit);
4395     target_ldt_info->flags = tswap32(flags);
4396     unlock_user_struct(target_ldt_info, ptr, 1);
4397     return 0;
4398 }
4399 #endif /* TARGET_I386 && TARGET_ABI32 */
4400 
4401 #ifndef TARGET_ABI32
4402 abi_long do_arch_prctl(CPUX86State *env, int code, abi_ulong addr)
4403 {
4404     abi_long ret = 0;
4405     abi_ulong val;
4406     int idx;
4407 
4408     switch(code) {
4409     case TARGET_ARCH_SET_GS:
4410     case TARGET_ARCH_SET_FS:
4411         if (code == TARGET_ARCH_SET_GS)
4412             idx = R_GS;
4413         else
4414             idx = R_FS;
4415         cpu_x86_load_seg(env, idx, 0);
4416         env->segs[idx].base = addr;
4417         break;
4418     case TARGET_ARCH_GET_GS:
4419     case TARGET_ARCH_GET_FS:
4420         if (code == TARGET_ARCH_GET_GS)
4421             idx = R_GS;
4422         else
4423             idx = R_FS;
4424         val = env->segs[idx].base;
4425         if (put_user(val, addr, abi_ulong))
4426             ret = -TARGET_EFAULT;
4427         break;
4428     default:
4429         ret = -TARGET_EINVAL;
4430         break;
4431     }
4432     return ret;
4433 }
4434 #endif
4435 
4436 #endif /* defined(TARGET_I386) */
4437 
4438 #define NEW_STACK_SIZE 0x40000
4439 
4440 
4441 static pthread_mutex_t clone_lock = PTHREAD_MUTEX_INITIALIZER;
4442 typedef struct {
4443     CPUArchState *env;
4444     pthread_mutex_t mutex;
4445     pthread_cond_t cond;
4446     pthread_t thread;
4447     uint32_t tid;
4448     abi_ulong child_tidptr;
4449     abi_ulong parent_tidptr;
4450     sigset_t sigmask;
4451 } new_thread_info;
4452 
4453 static void *clone_func(void *arg)
4454 {
4455     new_thread_info *info = arg;
4456     CPUArchState *env;
4457     CPUState *cpu;
4458     TaskState *ts;
4459 
4460     env = info->env;
4461     cpu = ENV_GET_CPU(env);
4462     thread_cpu = cpu;
4463     ts = (TaskState *)cpu->opaque;
4464     info->tid = gettid();
4465     cpu->host_tid = info->tid;
4466     task_settid(ts);
4467     if (info->child_tidptr)
4468         put_user_u32(info->tid, info->child_tidptr);
4469     if (info->parent_tidptr)
4470         put_user_u32(info->tid, info->parent_tidptr);
4471     /* Enable signals.  */
4472     sigprocmask(SIG_SETMASK, &info->sigmask, NULL);
4473     /* Signal to the parent that we're ready.  */
4474     pthread_mutex_lock(&info->mutex);
4475     pthread_cond_broadcast(&info->cond);
4476     pthread_mutex_unlock(&info->mutex);
4477     /* Wait until the parent has finshed initializing the tls state.  */
4478     pthread_mutex_lock(&clone_lock);
4479     pthread_mutex_unlock(&clone_lock);
4480     cpu_loop(env);
4481     /* never exits */
4482     return NULL;
4483 }
4484 
4485 /* do_fork() Must return host values and target errnos (unlike most
4486    do_*() functions). */
4487 static int do_fork(CPUArchState *env, unsigned int flags, abi_ulong newsp,
4488                    abi_ulong parent_tidptr, target_ulong newtls,
4489                    abi_ulong child_tidptr)
4490 {
4491     CPUState *cpu = ENV_GET_CPU(env);
4492     int ret;
4493     TaskState *ts;
4494     CPUState *new_cpu;
4495     CPUArchState *new_env;
4496     unsigned int nptl_flags;
4497     sigset_t sigmask;
4498 
4499     /* Emulate vfork() with fork() */
4500     if (flags & CLONE_VFORK)
4501         flags &= ~(CLONE_VFORK | CLONE_VM);
4502 
4503     if (flags & CLONE_VM) {
4504         TaskState *parent_ts = (TaskState *)cpu->opaque;
4505         new_thread_info info;
4506         pthread_attr_t attr;
4507 
4508         ts = g_malloc0(sizeof(TaskState));
4509         init_task_state(ts);
4510         /* we create a new CPU instance. */
4511         new_env = cpu_copy(env);
4512         /* Init regs that differ from the parent.  */
4513         cpu_clone_regs(new_env, newsp);
4514         new_cpu = ENV_GET_CPU(new_env);
4515         new_cpu->opaque = ts;
4516         ts->bprm = parent_ts->bprm;
4517         ts->info = parent_ts->info;
4518         nptl_flags = flags;
4519         flags &= ~CLONE_NPTL_FLAGS2;
4520 
4521         if (nptl_flags & CLONE_CHILD_CLEARTID) {
4522             ts->child_tidptr = child_tidptr;
4523         }
4524 
4525         if (nptl_flags & CLONE_SETTLS)
4526             cpu_set_tls (new_env, newtls);
4527 
4528         /* Grab a mutex so that thread setup appears atomic.  */
4529         pthread_mutex_lock(&clone_lock);
4530 
4531         memset(&info, 0, sizeof(info));
4532         pthread_mutex_init(&info.mutex, NULL);
4533         pthread_mutex_lock(&info.mutex);
4534         pthread_cond_init(&info.cond, NULL);
4535         info.env = new_env;
4536         if (nptl_flags & CLONE_CHILD_SETTID)
4537             info.child_tidptr = child_tidptr;
4538         if (nptl_flags & CLONE_PARENT_SETTID)
4539             info.parent_tidptr = parent_tidptr;
4540 
4541         ret = pthread_attr_init(&attr);
4542         ret = pthread_attr_setstacksize(&attr, NEW_STACK_SIZE);
4543         ret = pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
4544         /* It is not safe to deliver signals until the child has finished
4545            initializing, so temporarily block all signals.  */
4546         sigfillset(&sigmask);
4547         sigprocmask(SIG_BLOCK, &sigmask, &info.sigmask);
4548 
4549         ret = pthread_create(&info.thread, &attr, clone_func, &info);
4550         /* TODO: Free new CPU state if thread creation failed.  */
4551 
4552         sigprocmask(SIG_SETMASK, &info.sigmask, NULL);
4553         pthread_attr_destroy(&attr);
4554         if (ret == 0) {
4555             /* Wait for the child to initialize.  */
4556             pthread_cond_wait(&info.cond, &info.mutex);
4557             ret = info.tid;
4558             if (flags & CLONE_PARENT_SETTID)
4559                 put_user_u32(ret, parent_tidptr);
4560         } else {
4561             ret = -1;
4562         }
4563         pthread_mutex_unlock(&info.mutex);
4564         pthread_cond_destroy(&info.cond);
4565         pthread_mutex_destroy(&info.mutex);
4566         pthread_mutex_unlock(&clone_lock);
4567     } else {
4568         /* if no CLONE_VM, we consider it is a fork */
4569         if ((flags & ~(CSIGNAL | CLONE_NPTL_FLAGS2)) != 0)
4570             return -EINVAL;
4571         fork_start();
4572         ret = fork();
4573         if (ret == 0) {
4574             /* Child Process.  */
4575             cpu_clone_regs(env, newsp);
4576             fork_end(1);
4577             /* There is a race condition here.  The parent process could
4578                theoretically read the TID in the child process before the child
4579                tid is set.  This would require using either ptrace
4580                (not implemented) or having *_tidptr to point at a shared memory
4581                mapping.  We can't repeat the spinlock hack used above because
4582                the child process gets its own copy of the lock.  */
4583             if (flags & CLONE_CHILD_SETTID)
4584                 put_user_u32(gettid(), child_tidptr);
4585             if (flags & CLONE_PARENT_SETTID)
4586                 put_user_u32(gettid(), parent_tidptr);
4587             ts = (TaskState *)cpu->opaque;
4588             if (flags & CLONE_SETTLS)
4589                 cpu_set_tls (env, newtls);
4590             if (flags & CLONE_CHILD_CLEARTID)
4591                 ts->child_tidptr = child_tidptr;
4592         } else {
4593             fork_end(0);
4594         }
4595     }
4596     return ret;
4597 }
4598 
4599 /* warning : doesn't handle linux specific flags... */
4600 static int target_to_host_fcntl_cmd(int cmd)
4601 {
4602     switch(cmd) {
4603 	case TARGET_F_DUPFD:
4604 	case TARGET_F_GETFD:
4605 	case TARGET_F_SETFD:
4606 	case TARGET_F_GETFL:
4607 	case TARGET_F_SETFL:
4608             return cmd;
4609         case TARGET_F_GETLK:
4610 	    return F_GETLK;
4611 	case TARGET_F_SETLK:
4612 	    return F_SETLK;
4613 	case TARGET_F_SETLKW:
4614 	    return F_SETLKW;
4615 	case TARGET_F_GETOWN:
4616 	    return F_GETOWN;
4617 	case TARGET_F_SETOWN:
4618 	    return F_SETOWN;
4619 	case TARGET_F_GETSIG:
4620 	    return F_GETSIG;
4621 	case TARGET_F_SETSIG:
4622 	    return F_SETSIG;
4623 #if TARGET_ABI_BITS == 32
4624         case TARGET_F_GETLK64:
4625 	    return F_GETLK64;
4626 	case TARGET_F_SETLK64:
4627 	    return F_SETLK64;
4628 	case TARGET_F_SETLKW64:
4629 	    return F_SETLKW64;
4630 #endif
4631         case TARGET_F_SETLEASE:
4632             return F_SETLEASE;
4633         case TARGET_F_GETLEASE:
4634             return F_GETLEASE;
4635 #ifdef F_DUPFD_CLOEXEC
4636         case TARGET_F_DUPFD_CLOEXEC:
4637             return F_DUPFD_CLOEXEC;
4638 #endif
4639         case TARGET_F_NOTIFY:
4640             return F_NOTIFY;
4641 #ifdef F_GETOWN_EX
4642 	case TARGET_F_GETOWN_EX:
4643 	    return F_GETOWN_EX;
4644 #endif
4645 #ifdef F_SETOWN_EX
4646 	case TARGET_F_SETOWN_EX:
4647 	    return F_SETOWN_EX;
4648 #endif
4649 	default:
4650             return -TARGET_EINVAL;
4651     }
4652     return -TARGET_EINVAL;
4653 }
4654 
4655 #define TRANSTBL_CONVERT(a) { -1, TARGET_##a, -1, a }
4656 static const bitmask_transtbl flock_tbl[] = {
4657     TRANSTBL_CONVERT(F_RDLCK),
4658     TRANSTBL_CONVERT(F_WRLCK),
4659     TRANSTBL_CONVERT(F_UNLCK),
4660     TRANSTBL_CONVERT(F_EXLCK),
4661     TRANSTBL_CONVERT(F_SHLCK),
4662     { 0, 0, 0, 0 }
4663 };
4664 
4665 static abi_long do_fcntl(int fd, int cmd, abi_ulong arg)
4666 {
4667     struct flock fl;
4668     struct target_flock *target_fl;
4669     struct flock64 fl64;
4670     struct target_flock64 *target_fl64;
4671 #ifdef F_GETOWN_EX
4672     struct f_owner_ex fox;
4673     struct target_f_owner_ex *target_fox;
4674 #endif
4675     abi_long ret;
4676     int host_cmd = target_to_host_fcntl_cmd(cmd);
4677 
4678     if (host_cmd == -TARGET_EINVAL)
4679 	    return host_cmd;
4680 
4681     switch(cmd) {
4682     case TARGET_F_GETLK:
4683         if (!lock_user_struct(VERIFY_READ, target_fl, arg, 1))
4684             return -TARGET_EFAULT;
4685         fl.l_type =
4686                   target_to_host_bitmask(tswap16(target_fl->l_type), flock_tbl);
4687         fl.l_whence = tswap16(target_fl->l_whence);
4688         fl.l_start = tswapal(target_fl->l_start);
4689         fl.l_len = tswapal(target_fl->l_len);
4690         fl.l_pid = tswap32(target_fl->l_pid);
4691         unlock_user_struct(target_fl, arg, 0);
4692         ret = get_errno(fcntl(fd, host_cmd, &fl));
4693         if (ret == 0) {
4694             if (!lock_user_struct(VERIFY_WRITE, target_fl, arg, 0))
4695                 return -TARGET_EFAULT;
4696             target_fl->l_type =
4697                           host_to_target_bitmask(tswap16(fl.l_type), flock_tbl);
4698             target_fl->l_whence = tswap16(fl.l_whence);
4699             target_fl->l_start = tswapal(fl.l_start);
4700             target_fl->l_len = tswapal(fl.l_len);
4701             target_fl->l_pid = tswap32(fl.l_pid);
4702             unlock_user_struct(target_fl, arg, 1);
4703         }
4704         break;
4705 
4706     case TARGET_F_SETLK:
4707     case TARGET_F_SETLKW:
4708         if (!lock_user_struct(VERIFY_READ, target_fl, arg, 1))
4709             return -TARGET_EFAULT;
4710         fl.l_type =
4711                   target_to_host_bitmask(tswap16(target_fl->l_type), flock_tbl);
4712         fl.l_whence = tswap16(target_fl->l_whence);
4713         fl.l_start = tswapal(target_fl->l_start);
4714         fl.l_len = tswapal(target_fl->l_len);
4715         fl.l_pid = tswap32(target_fl->l_pid);
4716         unlock_user_struct(target_fl, arg, 0);
4717         ret = get_errno(fcntl(fd, host_cmd, &fl));
4718         break;
4719 
4720     case TARGET_F_GETLK64:
4721         if (!lock_user_struct(VERIFY_READ, target_fl64, arg, 1))
4722             return -TARGET_EFAULT;
4723         fl64.l_type =
4724            target_to_host_bitmask(tswap16(target_fl64->l_type), flock_tbl) >> 1;
4725         fl64.l_whence = tswap16(target_fl64->l_whence);
4726         fl64.l_start = tswap64(target_fl64->l_start);
4727         fl64.l_len = tswap64(target_fl64->l_len);
4728         fl64.l_pid = tswap32(target_fl64->l_pid);
4729         unlock_user_struct(target_fl64, arg, 0);
4730         ret = get_errno(fcntl(fd, host_cmd, &fl64));
4731         if (ret == 0) {
4732             if (!lock_user_struct(VERIFY_WRITE, target_fl64, arg, 0))
4733                 return -TARGET_EFAULT;
4734             target_fl64->l_type =
4735                    host_to_target_bitmask(tswap16(fl64.l_type), flock_tbl) >> 1;
4736             target_fl64->l_whence = tswap16(fl64.l_whence);
4737             target_fl64->l_start = tswap64(fl64.l_start);
4738             target_fl64->l_len = tswap64(fl64.l_len);
4739             target_fl64->l_pid = tswap32(fl64.l_pid);
4740             unlock_user_struct(target_fl64, arg, 1);
4741         }
4742         break;
4743     case TARGET_F_SETLK64:
4744     case TARGET_F_SETLKW64:
4745         if (!lock_user_struct(VERIFY_READ, target_fl64, arg, 1))
4746             return -TARGET_EFAULT;
4747         fl64.l_type =
4748            target_to_host_bitmask(tswap16(target_fl64->l_type), flock_tbl) >> 1;
4749         fl64.l_whence = tswap16(target_fl64->l_whence);
4750         fl64.l_start = tswap64(target_fl64->l_start);
4751         fl64.l_len = tswap64(target_fl64->l_len);
4752         fl64.l_pid = tswap32(target_fl64->l_pid);
4753         unlock_user_struct(target_fl64, arg, 0);
4754         ret = get_errno(fcntl(fd, host_cmd, &fl64));
4755         break;
4756 
4757     case TARGET_F_GETFL:
4758         ret = get_errno(fcntl(fd, host_cmd, arg));
4759         if (ret >= 0) {
4760             ret = host_to_target_bitmask(ret, fcntl_flags_tbl);
4761         }
4762         break;
4763 
4764     case TARGET_F_SETFL:
4765         ret = get_errno(fcntl(fd, host_cmd, target_to_host_bitmask(arg, fcntl_flags_tbl)));
4766         break;
4767 
4768 #ifdef F_GETOWN_EX
4769     case TARGET_F_GETOWN_EX:
4770         ret = get_errno(fcntl(fd, host_cmd, &fox));
4771         if (ret >= 0) {
4772             if (!lock_user_struct(VERIFY_WRITE, target_fox, arg, 0))
4773                 return -TARGET_EFAULT;
4774             target_fox->type = tswap32(fox.type);
4775             target_fox->pid = tswap32(fox.pid);
4776             unlock_user_struct(target_fox, arg, 1);
4777         }
4778         break;
4779 #endif
4780 
4781 #ifdef F_SETOWN_EX
4782     case TARGET_F_SETOWN_EX:
4783         if (!lock_user_struct(VERIFY_READ, target_fox, arg, 1))
4784             return -TARGET_EFAULT;
4785         fox.type = tswap32(target_fox->type);
4786         fox.pid = tswap32(target_fox->pid);
4787         unlock_user_struct(target_fox, arg, 0);
4788         ret = get_errno(fcntl(fd, host_cmd, &fox));
4789         break;
4790 #endif
4791 
4792     case TARGET_F_SETOWN:
4793     case TARGET_F_GETOWN:
4794     case TARGET_F_SETSIG:
4795     case TARGET_F_GETSIG:
4796     case TARGET_F_SETLEASE:
4797     case TARGET_F_GETLEASE:
4798         ret = get_errno(fcntl(fd, host_cmd, arg));
4799         break;
4800 
4801     default:
4802         ret = get_errno(fcntl(fd, cmd, arg));
4803         break;
4804     }
4805     return ret;
4806 }
4807 
4808 #ifdef USE_UID16
4809 
4810 static inline int high2lowuid(int uid)
4811 {
4812     if (uid > 65535)
4813         return 65534;
4814     else
4815         return uid;
4816 }
4817 
4818 static inline int high2lowgid(int gid)
4819 {
4820     if (gid > 65535)
4821         return 65534;
4822     else
4823         return gid;
4824 }
4825 
4826 static inline int low2highuid(int uid)
4827 {
4828     if ((int16_t)uid == -1)
4829         return -1;
4830     else
4831         return uid;
4832 }
4833 
4834 static inline int low2highgid(int gid)
4835 {
4836     if ((int16_t)gid == -1)
4837         return -1;
4838     else
4839         return gid;
4840 }
4841 static inline int tswapid(int id)
4842 {
4843     return tswap16(id);
4844 }
4845 
4846 #define put_user_id(x, gaddr) put_user_u16(x, gaddr)
4847 
4848 #else /* !USE_UID16 */
4849 static inline int high2lowuid(int uid)
4850 {
4851     return uid;
4852 }
4853 static inline int high2lowgid(int gid)
4854 {
4855     return gid;
4856 }
4857 static inline int low2highuid(int uid)
4858 {
4859     return uid;
4860 }
4861 static inline int low2highgid(int gid)
4862 {
4863     return gid;
4864 }
4865 static inline int tswapid(int id)
4866 {
4867     return tswap32(id);
4868 }
4869 
4870 #define put_user_id(x, gaddr) put_user_u32(x, gaddr)
4871 
4872 #endif /* USE_UID16 */
4873 
4874 void syscall_init(void)
4875 {
4876     IOCTLEntry *ie;
4877     const argtype *arg_type;
4878     int size;
4879     int i;
4880 
4881 #define STRUCT(name, ...) thunk_register_struct(STRUCT_ ## name, #name, struct_ ## name ## _def);
4882 #define STRUCT_SPECIAL(name) thunk_register_struct_direct(STRUCT_ ## name, #name, &struct_ ## name ## _def);
4883 #include "syscall_types.h"
4884 #undef STRUCT
4885 #undef STRUCT_SPECIAL
4886 
4887     /* Build target_to_host_errno_table[] table from
4888      * host_to_target_errno_table[]. */
4889     for (i = 0; i < ERRNO_TABLE_SIZE; i++) {
4890         target_to_host_errno_table[host_to_target_errno_table[i]] = i;
4891     }
4892 
4893     /* we patch the ioctl size if necessary. We rely on the fact that
4894        no ioctl has all the bits at '1' in the size field */
4895     ie = ioctl_entries;
4896     while (ie->target_cmd != 0) {
4897         if (((ie->target_cmd >> TARGET_IOC_SIZESHIFT) & TARGET_IOC_SIZEMASK) ==
4898             TARGET_IOC_SIZEMASK) {
4899             arg_type = ie->arg_type;
4900             if (arg_type[0] != TYPE_PTR) {
4901                 fprintf(stderr, "cannot patch size for ioctl 0x%x\n",
4902                         ie->target_cmd);
4903                 exit(1);
4904             }
4905             arg_type++;
4906             size = thunk_type_size(arg_type, 0);
4907             ie->target_cmd = (ie->target_cmd &
4908                               ~(TARGET_IOC_SIZEMASK << TARGET_IOC_SIZESHIFT)) |
4909                 (size << TARGET_IOC_SIZESHIFT);
4910         }
4911 
4912         /* automatic consistency check if same arch */
4913 #if (defined(__i386__) && defined(TARGET_I386) && defined(TARGET_ABI32)) || \
4914     (defined(__x86_64__) && defined(TARGET_X86_64))
4915         if (unlikely(ie->target_cmd != ie->host_cmd)) {
4916             fprintf(stderr, "ERROR: ioctl(%s): target=0x%x host=0x%x\n",
4917                     ie->name, ie->target_cmd, ie->host_cmd);
4918         }
4919 #endif
4920         ie++;
4921     }
4922 }
4923 
4924 #if TARGET_ABI_BITS == 32
4925 static inline uint64_t target_offset64(uint32_t word0, uint32_t word1)
4926 {
4927 #ifdef TARGET_WORDS_BIGENDIAN
4928     return ((uint64_t)word0 << 32) | word1;
4929 #else
4930     return ((uint64_t)word1 << 32) | word0;
4931 #endif
4932 }
4933 #else /* TARGET_ABI_BITS == 32 */
4934 static inline uint64_t target_offset64(uint64_t word0, uint64_t word1)
4935 {
4936     return word0;
4937 }
4938 #endif /* TARGET_ABI_BITS != 32 */
4939 
4940 #ifdef TARGET_NR_truncate64
4941 static inline abi_long target_truncate64(void *cpu_env, const char *arg1,
4942                                          abi_long arg2,
4943                                          abi_long arg3,
4944                                          abi_long arg4)
4945 {
4946     if (regpairs_aligned(cpu_env)) {
4947         arg2 = arg3;
4948         arg3 = arg4;
4949     }
4950     return get_errno(truncate64(arg1, target_offset64(arg2, arg3)));
4951 }
4952 #endif
4953 
4954 #ifdef TARGET_NR_ftruncate64
4955 static inline abi_long target_ftruncate64(void *cpu_env, abi_long arg1,
4956                                           abi_long arg2,
4957                                           abi_long arg3,
4958                                           abi_long arg4)
4959 {
4960     if (regpairs_aligned(cpu_env)) {
4961         arg2 = arg3;
4962         arg3 = arg4;
4963     }
4964     return get_errno(ftruncate64(arg1, target_offset64(arg2, arg3)));
4965 }
4966 #endif
4967 
4968 static inline abi_long target_to_host_timespec(struct timespec *host_ts,
4969                                                abi_ulong target_addr)
4970 {
4971     struct target_timespec *target_ts;
4972 
4973     if (!lock_user_struct(VERIFY_READ, target_ts, target_addr, 1))
4974         return -TARGET_EFAULT;
4975     host_ts->tv_sec = tswapal(target_ts->tv_sec);
4976     host_ts->tv_nsec = tswapal(target_ts->tv_nsec);
4977     unlock_user_struct(target_ts, target_addr, 0);
4978     return 0;
4979 }
4980 
4981 static inline abi_long host_to_target_timespec(abi_ulong target_addr,
4982                                                struct timespec *host_ts)
4983 {
4984     struct target_timespec *target_ts;
4985 
4986     if (!lock_user_struct(VERIFY_WRITE, target_ts, target_addr, 0))
4987         return -TARGET_EFAULT;
4988     target_ts->tv_sec = tswapal(host_ts->tv_sec);
4989     target_ts->tv_nsec = tswapal(host_ts->tv_nsec);
4990     unlock_user_struct(target_ts, target_addr, 1);
4991     return 0;
4992 }
4993 
4994 static inline abi_long target_to_host_itimerspec(struct itimerspec *host_itspec,
4995                                                  abi_ulong target_addr)
4996 {
4997     struct target_itimerspec *target_itspec;
4998 
4999     if (!lock_user_struct(VERIFY_READ, target_itspec, target_addr, 1)) {
5000         return -TARGET_EFAULT;
5001     }
5002 
5003     host_itspec->it_interval.tv_sec =
5004                             tswapal(target_itspec->it_interval.tv_sec);
5005     host_itspec->it_interval.tv_nsec =
5006                             tswapal(target_itspec->it_interval.tv_nsec);
5007     host_itspec->it_value.tv_sec = tswapal(target_itspec->it_value.tv_sec);
5008     host_itspec->it_value.tv_nsec = tswapal(target_itspec->it_value.tv_nsec);
5009 
5010     unlock_user_struct(target_itspec, target_addr, 1);
5011     return 0;
5012 }
5013 
5014 static inline abi_long host_to_target_itimerspec(abi_ulong target_addr,
5015                                                struct itimerspec *host_its)
5016 {
5017     struct target_itimerspec *target_itspec;
5018 
5019     if (!lock_user_struct(VERIFY_WRITE, target_itspec, target_addr, 0)) {
5020         return -TARGET_EFAULT;
5021     }
5022 
5023     target_itspec->it_interval.tv_sec = tswapal(host_its->it_interval.tv_sec);
5024     target_itspec->it_interval.tv_nsec = tswapal(host_its->it_interval.tv_nsec);
5025 
5026     target_itspec->it_value.tv_sec = tswapal(host_its->it_value.tv_sec);
5027     target_itspec->it_value.tv_nsec = tswapal(host_its->it_value.tv_nsec);
5028 
5029     unlock_user_struct(target_itspec, target_addr, 0);
5030     return 0;
5031 }
5032 
5033 static inline abi_long target_to_host_sigevent(struct sigevent *host_sevp,
5034                                                abi_ulong target_addr)
5035 {
5036     struct target_sigevent *target_sevp;
5037 
5038     if (!lock_user_struct(VERIFY_READ, target_sevp, target_addr, 1)) {
5039         return -TARGET_EFAULT;
5040     }
5041 
5042     /* This union is awkward on 64 bit systems because it has a 32 bit
5043      * integer and a pointer in it; we follow the conversion approach
5044      * used for handling sigval types in signal.c so the guest should get
5045      * the correct value back even if we did a 64 bit byteswap and it's
5046      * using the 32 bit integer.
5047      */
5048     host_sevp->sigev_value.sival_ptr =
5049         (void *)(uintptr_t)tswapal(target_sevp->sigev_value.sival_ptr);
5050     host_sevp->sigev_signo =
5051         target_to_host_signal(tswap32(target_sevp->sigev_signo));
5052     host_sevp->sigev_notify = tswap32(target_sevp->sigev_notify);
5053     host_sevp->_sigev_un._tid = tswap32(target_sevp->_sigev_un._tid);
5054 
5055     unlock_user_struct(target_sevp, target_addr, 1);
5056     return 0;
5057 }
5058 
5059 #if defined(TARGET_NR_mlockall)
5060 static inline int target_to_host_mlockall_arg(int arg)
5061 {
5062     int result = 0;
5063 
5064     if (arg & TARGET_MLOCKALL_MCL_CURRENT) {
5065         result |= MCL_CURRENT;
5066     }
5067     if (arg & TARGET_MLOCKALL_MCL_FUTURE) {
5068         result |= MCL_FUTURE;
5069     }
5070     return result;
5071 }
5072 #endif
5073 
5074 #if defined(TARGET_NR_stat64) || defined(TARGET_NR_newfstatat)
5075 static inline abi_long host_to_target_stat64(void *cpu_env,
5076                                              abi_ulong target_addr,
5077                                              struct stat *host_st)
5078 {
5079 #if defined(TARGET_ARM) && defined(TARGET_ABI32)
5080     if (((CPUARMState *)cpu_env)->eabi) {
5081         struct target_eabi_stat64 *target_st;
5082 
5083         if (!lock_user_struct(VERIFY_WRITE, target_st, target_addr, 0))
5084             return -TARGET_EFAULT;
5085         memset(target_st, 0, sizeof(struct target_eabi_stat64));
5086         __put_user(host_st->st_dev, &target_st->st_dev);
5087         __put_user(host_st->st_ino, &target_st->st_ino);
5088 #ifdef TARGET_STAT64_HAS_BROKEN_ST_INO
5089         __put_user(host_st->st_ino, &target_st->__st_ino);
5090 #endif
5091         __put_user(host_st->st_mode, &target_st->st_mode);
5092         __put_user(host_st->st_nlink, &target_st->st_nlink);
5093         __put_user(host_st->st_uid, &target_st->st_uid);
5094         __put_user(host_st->st_gid, &target_st->st_gid);
5095         __put_user(host_st->st_rdev, &target_st->st_rdev);
5096         __put_user(host_st->st_size, &target_st->st_size);
5097         __put_user(host_st->st_blksize, &target_st->st_blksize);
5098         __put_user(host_st->st_blocks, &target_st->st_blocks);
5099         __put_user(host_st->st_atime, &target_st->target_st_atime);
5100         __put_user(host_st->st_mtime, &target_st->target_st_mtime);
5101         __put_user(host_st->st_ctime, &target_st->target_st_ctime);
5102         unlock_user_struct(target_st, target_addr, 1);
5103     } else
5104 #endif
5105     {
5106 #if defined(TARGET_HAS_STRUCT_STAT64)
5107         struct target_stat64 *target_st;
5108 #else
5109         struct target_stat *target_st;
5110 #endif
5111 
5112         if (!lock_user_struct(VERIFY_WRITE, target_st, target_addr, 0))
5113             return -TARGET_EFAULT;
5114         memset(target_st, 0, sizeof(*target_st));
5115         __put_user(host_st->st_dev, &target_st->st_dev);
5116         __put_user(host_st->st_ino, &target_st->st_ino);
5117 #ifdef TARGET_STAT64_HAS_BROKEN_ST_INO
5118         __put_user(host_st->st_ino, &target_st->__st_ino);
5119 #endif
5120         __put_user(host_st->st_mode, &target_st->st_mode);
5121         __put_user(host_st->st_nlink, &target_st->st_nlink);
5122         __put_user(host_st->st_uid, &target_st->st_uid);
5123         __put_user(host_st->st_gid, &target_st->st_gid);
5124         __put_user(host_st->st_rdev, &target_st->st_rdev);
5125         /* XXX: better use of kernel struct */
5126         __put_user(host_st->st_size, &target_st->st_size);
5127         __put_user(host_st->st_blksize, &target_st->st_blksize);
5128         __put_user(host_st->st_blocks, &target_st->st_blocks);
5129         __put_user(host_st->st_atime, &target_st->target_st_atime);
5130         __put_user(host_st->st_mtime, &target_st->target_st_mtime);
5131         __put_user(host_st->st_ctime, &target_st->target_st_ctime);
5132         unlock_user_struct(target_st, target_addr, 1);
5133     }
5134 
5135     return 0;
5136 }
5137 #endif
5138 
5139 /* ??? Using host futex calls even when target atomic operations
5140    are not really atomic probably breaks things.  However implementing
5141    futexes locally would make futexes shared between multiple processes
5142    tricky.  However they're probably useless because guest atomic
5143    operations won't work either.  */
5144 static int do_futex(target_ulong uaddr, int op, int val, target_ulong timeout,
5145                     target_ulong uaddr2, int val3)
5146 {
5147     struct timespec ts, *pts;
5148     int base_op;
5149 
5150     /* ??? We assume FUTEX_* constants are the same on both host
5151        and target.  */
5152 #ifdef FUTEX_CMD_MASK
5153     base_op = op & FUTEX_CMD_MASK;
5154 #else
5155     base_op = op;
5156 #endif
5157     switch (base_op) {
5158     case FUTEX_WAIT:
5159     case FUTEX_WAIT_BITSET:
5160         if (timeout) {
5161             pts = &ts;
5162             target_to_host_timespec(pts, timeout);
5163         } else {
5164             pts = NULL;
5165         }
5166         return get_errno(sys_futex(g2h(uaddr), op, tswap32(val),
5167                          pts, NULL, val3));
5168     case FUTEX_WAKE:
5169         return get_errno(sys_futex(g2h(uaddr), op, val, NULL, NULL, 0));
5170     case FUTEX_FD:
5171         return get_errno(sys_futex(g2h(uaddr), op, val, NULL, NULL, 0));
5172     case FUTEX_REQUEUE:
5173     case FUTEX_CMP_REQUEUE:
5174     case FUTEX_WAKE_OP:
5175         /* For FUTEX_REQUEUE, FUTEX_CMP_REQUEUE, and FUTEX_WAKE_OP, the
5176            TIMEOUT parameter is interpreted as a uint32_t by the kernel.
5177            But the prototype takes a `struct timespec *'; insert casts
5178            to satisfy the compiler.  We do not need to tswap TIMEOUT
5179            since it's not compared to guest memory.  */
5180         pts = (struct timespec *)(uintptr_t) timeout;
5181         return get_errno(sys_futex(g2h(uaddr), op, val, pts,
5182                                    g2h(uaddr2),
5183                                    (base_op == FUTEX_CMP_REQUEUE
5184                                     ? tswap32(val3)
5185                                     : val3)));
5186     default:
5187         return -TARGET_ENOSYS;
5188     }
5189 }
5190 
5191 /* Map host to target signal numbers for the wait family of syscalls.
5192    Assume all other status bits are the same.  */
5193 int host_to_target_waitstatus(int status)
5194 {
5195     if (WIFSIGNALED(status)) {
5196         return host_to_target_signal(WTERMSIG(status)) | (status & ~0x7f);
5197     }
5198     if (WIFSTOPPED(status)) {
5199         return (host_to_target_signal(WSTOPSIG(status)) << 8)
5200                | (status & 0xff);
5201     }
5202     return status;
5203 }
5204 
5205 static int open_self_cmdline(void *cpu_env, int fd)
5206 {
5207     int fd_orig = -1;
5208     bool word_skipped = false;
5209 
5210     fd_orig = open("/proc/self/cmdline", O_RDONLY);
5211     if (fd_orig < 0) {
5212         return fd_orig;
5213     }
5214 
5215     while (true) {
5216         ssize_t nb_read;
5217         char buf[128];
5218         char *cp_buf = buf;
5219 
5220         nb_read = read(fd_orig, buf, sizeof(buf));
5221         if (nb_read < 0) {
5222             fd_orig = close(fd_orig);
5223             return -1;
5224         } else if (nb_read == 0) {
5225             break;
5226         }
5227 
5228         if (!word_skipped) {
5229             /* Skip the first string, which is the path to qemu-*-static
5230                instead of the actual command. */
5231             cp_buf = memchr(buf, 0, sizeof(buf));
5232             if (cp_buf) {
5233                 /* Null byte found, skip one string */
5234                 cp_buf++;
5235                 nb_read -= cp_buf - buf;
5236                 word_skipped = true;
5237             }
5238         }
5239 
5240         if (word_skipped) {
5241             if (write(fd, cp_buf, nb_read) != nb_read) {
5242                 close(fd_orig);
5243                 return -1;
5244             }
5245         }
5246     }
5247 
5248     return close(fd_orig);
5249 }
5250 
5251 static int open_self_maps(void *cpu_env, int fd)
5252 {
5253     CPUState *cpu = ENV_GET_CPU((CPUArchState *)cpu_env);
5254     TaskState *ts = cpu->opaque;
5255     FILE *fp;
5256     char *line = NULL;
5257     size_t len = 0;
5258     ssize_t read;
5259 
5260     fp = fopen("/proc/self/maps", "r");
5261     if (fp == NULL) {
5262         return -EACCES;
5263     }
5264 
5265     while ((read = getline(&line, &len, fp)) != -1) {
5266         int fields, dev_maj, dev_min, inode;
5267         uint64_t min, max, offset;
5268         char flag_r, flag_w, flag_x, flag_p;
5269         char path[512] = "";
5270         fields = sscanf(line, "%"PRIx64"-%"PRIx64" %c%c%c%c %"PRIx64" %x:%x %d"
5271                         " %512s", &min, &max, &flag_r, &flag_w, &flag_x,
5272                         &flag_p, &offset, &dev_maj, &dev_min, &inode, path);
5273 
5274         if ((fields < 10) || (fields > 11)) {
5275             continue;
5276         }
5277         if (h2g_valid(min)) {
5278             int flags = page_get_flags(h2g(min));
5279             max = h2g_valid(max - 1) ? max : (uintptr_t)g2h(GUEST_ADDR_MAX);
5280             if (page_check_range(h2g(min), max - min, flags) == -1) {
5281                 continue;
5282             }
5283             if (h2g(min) == ts->info->stack_limit) {
5284                 pstrcpy(path, sizeof(path), "      [stack]");
5285             }
5286             dprintf(fd, TARGET_ABI_FMT_lx "-" TARGET_ABI_FMT_lx
5287                     " %c%c%c%c %08" PRIx64 " %02x:%02x %d %s%s\n",
5288                     h2g(min), h2g(max - 1) + 1, flag_r, flag_w,
5289                     flag_x, flag_p, offset, dev_maj, dev_min, inode,
5290                     path[0] ? "         " : "", path);
5291         }
5292     }
5293 
5294     free(line);
5295     fclose(fp);
5296 
5297     return 0;
5298 }
5299 
5300 static int open_self_stat(void *cpu_env, int fd)
5301 {
5302     CPUState *cpu = ENV_GET_CPU((CPUArchState *)cpu_env);
5303     TaskState *ts = cpu->opaque;
5304     abi_ulong start_stack = ts->info->start_stack;
5305     int i;
5306 
5307     for (i = 0; i < 44; i++) {
5308       char buf[128];
5309       int len;
5310       uint64_t val = 0;
5311 
5312       if (i == 0) {
5313         /* pid */
5314         val = getpid();
5315         snprintf(buf, sizeof(buf), "%"PRId64 " ", val);
5316       } else if (i == 1) {
5317         /* app name */
5318         snprintf(buf, sizeof(buf), "(%s) ", ts->bprm->argv[0]);
5319       } else if (i == 27) {
5320         /* stack bottom */
5321         val = start_stack;
5322         snprintf(buf, sizeof(buf), "%"PRId64 " ", val);
5323       } else {
5324         /* for the rest, there is MasterCard */
5325         snprintf(buf, sizeof(buf), "0%c", i == 43 ? '\n' : ' ');
5326       }
5327 
5328       len = strlen(buf);
5329       if (write(fd, buf, len) != len) {
5330           return -1;
5331       }
5332     }
5333 
5334     return 0;
5335 }
5336 
5337 static int open_self_auxv(void *cpu_env, int fd)
5338 {
5339     CPUState *cpu = ENV_GET_CPU((CPUArchState *)cpu_env);
5340     TaskState *ts = cpu->opaque;
5341     abi_ulong auxv = ts->info->saved_auxv;
5342     abi_ulong len = ts->info->auxv_len;
5343     char *ptr;
5344 
5345     /*
5346      * Auxiliary vector is stored in target process stack.
5347      * read in whole auxv vector and copy it to file
5348      */
5349     ptr = lock_user(VERIFY_READ, auxv, len, 0);
5350     if (ptr != NULL) {
5351         while (len > 0) {
5352             ssize_t r;
5353             r = write(fd, ptr, len);
5354             if (r <= 0) {
5355                 break;
5356             }
5357             len -= r;
5358             ptr += r;
5359         }
5360         lseek(fd, 0, SEEK_SET);
5361         unlock_user(ptr, auxv, len);
5362     }
5363 
5364     return 0;
5365 }
5366 
5367 static int is_proc_myself(const char *filename, const char *entry)
5368 {
5369     if (!strncmp(filename, "/proc/", strlen("/proc/"))) {
5370         filename += strlen("/proc/");
5371         if (!strncmp(filename, "self/", strlen("self/"))) {
5372             filename += strlen("self/");
5373         } else if (*filename >= '1' && *filename <= '9') {
5374             char myself[80];
5375             snprintf(myself, sizeof(myself), "%d/", getpid());
5376             if (!strncmp(filename, myself, strlen(myself))) {
5377                 filename += strlen(myself);
5378             } else {
5379                 return 0;
5380             }
5381         } else {
5382             return 0;
5383         }
5384         if (!strcmp(filename, entry)) {
5385             return 1;
5386         }
5387     }
5388     return 0;
5389 }
5390 
5391 #if defined(HOST_WORDS_BIGENDIAN) != defined(TARGET_WORDS_BIGENDIAN)
5392 static int is_proc(const char *filename, const char *entry)
5393 {
5394     return strcmp(filename, entry) == 0;
5395 }
5396 
5397 static int open_net_route(void *cpu_env, int fd)
5398 {
5399     FILE *fp;
5400     char *line = NULL;
5401     size_t len = 0;
5402     ssize_t read;
5403 
5404     fp = fopen("/proc/net/route", "r");
5405     if (fp == NULL) {
5406         return -EACCES;
5407     }
5408 
5409     /* read header */
5410 
5411     read = getline(&line, &len, fp);
5412     dprintf(fd, "%s", line);
5413 
5414     /* read routes */
5415 
5416     while ((read = getline(&line, &len, fp)) != -1) {
5417         char iface[16];
5418         uint32_t dest, gw, mask;
5419         unsigned int flags, refcnt, use, metric, mtu, window, irtt;
5420         sscanf(line, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n",
5421                      iface, &dest, &gw, &flags, &refcnt, &use, &metric,
5422                      &mask, &mtu, &window, &irtt);
5423         dprintf(fd, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n",
5424                 iface, tswap32(dest), tswap32(gw), flags, refcnt, use,
5425                 metric, tswap32(mask), mtu, window, irtt);
5426     }
5427 
5428     free(line);
5429     fclose(fp);
5430 
5431     return 0;
5432 }
5433 #endif
5434 
5435 static int do_openat(void *cpu_env, int dirfd, const char *pathname, int flags, mode_t mode)
5436 {
5437     struct fake_open {
5438         const char *filename;
5439         int (*fill)(void *cpu_env, int fd);
5440         int (*cmp)(const char *s1, const char *s2);
5441     };
5442     const struct fake_open *fake_open;
5443     static const struct fake_open fakes[] = {
5444         { "maps", open_self_maps, is_proc_myself },
5445         { "stat", open_self_stat, is_proc_myself },
5446         { "auxv", open_self_auxv, is_proc_myself },
5447         { "cmdline", open_self_cmdline, is_proc_myself },
5448 #if defined(HOST_WORDS_BIGENDIAN) != defined(TARGET_WORDS_BIGENDIAN)
5449         { "/proc/net/route", open_net_route, is_proc },
5450 #endif
5451         { NULL, NULL, NULL }
5452     };
5453 
5454     if (is_proc_myself(pathname, "exe")) {
5455         int execfd = qemu_getauxval(AT_EXECFD);
5456         return execfd ? execfd : get_errno(sys_openat(dirfd, exec_path, flags, mode));
5457     }
5458 
5459     for (fake_open = fakes; fake_open->filename; fake_open++) {
5460         if (fake_open->cmp(pathname, fake_open->filename)) {
5461             break;
5462         }
5463     }
5464 
5465     if (fake_open->filename) {
5466         const char *tmpdir;
5467         char filename[PATH_MAX];
5468         int fd, r;
5469 
5470         /* create temporary file to map stat to */
5471         tmpdir = getenv("TMPDIR");
5472         if (!tmpdir)
5473             tmpdir = "/tmp";
5474         snprintf(filename, sizeof(filename), "%s/qemu-open.XXXXXX", tmpdir);
5475         fd = mkstemp(filename);
5476         if (fd < 0) {
5477             return fd;
5478         }
5479         unlink(filename);
5480 
5481         if ((r = fake_open->fill(cpu_env, fd))) {
5482             close(fd);
5483             return r;
5484         }
5485         lseek(fd, 0, SEEK_SET);
5486 
5487         return fd;
5488     }
5489 
5490     return get_errno(sys_openat(dirfd, path(pathname), flags, mode));
5491 }
5492 
5493 #define TIMER_MAGIC 0x0caf0000
5494 #define TIMER_MAGIC_MASK 0xffff0000
5495 
5496 /* Convert QEMU provided timer ID back to internal 16bit index format */
5497 static target_timer_t get_timer_id(abi_long arg)
5498 {
5499     target_timer_t timerid = arg;
5500 
5501     if ((timerid & TIMER_MAGIC_MASK) != TIMER_MAGIC) {
5502         return -TARGET_EINVAL;
5503     }
5504 
5505     timerid &= 0xffff;
5506 
5507     if (timerid >= ARRAY_SIZE(g_posix_timers)) {
5508         return -TARGET_EINVAL;
5509     }
5510 
5511     return timerid;
5512 }
5513 
5514 /* do_syscall() should always have a single exit point at the end so
5515    that actions, such as logging of syscall results, can be performed.
5516    All errnos that do_syscall() returns must be -TARGET_<errcode>. */
5517 abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
5518                     abi_long arg2, abi_long arg3, abi_long arg4,
5519                     abi_long arg5, abi_long arg6, abi_long arg7,
5520                     abi_long arg8)
5521 {
5522     CPUState *cpu = ENV_GET_CPU(cpu_env);
5523     abi_long ret;
5524     struct stat st;
5525     struct statfs stfs;
5526     void *p;
5527 
5528 #ifdef DEBUG
5529     gemu_log("syscall %d", num);
5530 #endif
5531     if(do_strace)
5532         print_syscall(num, arg1, arg2, arg3, arg4, arg5, arg6);
5533 
5534     switch(num) {
5535     case TARGET_NR_exit:
5536         /* In old applications this may be used to implement _exit(2).
5537            However in threaded applictions it is used for thread termination,
5538            and _exit_group is used for application termination.
5539            Do thread termination if we have more then one thread.  */
5540         /* FIXME: This probably breaks if a signal arrives.  We should probably
5541            be disabling signals.  */
5542         if (CPU_NEXT(first_cpu)) {
5543             TaskState *ts;
5544 
5545             cpu_list_lock();
5546             /* Remove the CPU from the list.  */
5547             QTAILQ_REMOVE(&cpus, cpu, node);
5548             cpu_list_unlock();
5549             ts = cpu->opaque;
5550             if (ts->child_tidptr) {
5551                 put_user_u32(0, ts->child_tidptr);
5552                 sys_futex(g2h(ts->child_tidptr), FUTEX_WAKE, INT_MAX,
5553                           NULL, NULL, 0);
5554             }
5555             thread_cpu = NULL;
5556             object_unref(OBJECT(cpu));
5557             g_free(ts);
5558             pthread_exit(NULL);
5559         }
5560 #ifdef TARGET_GPROF
5561         _mcleanup();
5562 #endif
5563         gdb_exit(cpu_env, arg1);
5564         _exit(arg1);
5565         ret = 0; /* avoid warning */
5566         break;
5567     case TARGET_NR_read:
5568         if (arg3 == 0)
5569             ret = 0;
5570         else {
5571             if (!(p = lock_user(VERIFY_WRITE, arg2, arg3, 0)))
5572                 goto efault;
5573             ret = get_errno(read(arg1, p, arg3));
5574             unlock_user(p, arg2, ret);
5575         }
5576         break;
5577     case TARGET_NR_write:
5578         if (!(p = lock_user(VERIFY_READ, arg2, arg3, 1)))
5579             goto efault;
5580         ret = get_errno(write(arg1, p, arg3));
5581         unlock_user(p, arg2, 0);
5582         break;
5583     case TARGET_NR_open:
5584         if (!(p = lock_user_string(arg1)))
5585             goto efault;
5586         ret = get_errno(do_openat(cpu_env, AT_FDCWD, p,
5587                                   target_to_host_bitmask(arg2, fcntl_flags_tbl),
5588                                   arg3));
5589         unlock_user(p, arg1, 0);
5590         break;
5591     case TARGET_NR_openat:
5592         if (!(p = lock_user_string(arg2)))
5593             goto efault;
5594         ret = get_errno(do_openat(cpu_env, arg1, p,
5595                                   target_to_host_bitmask(arg3, fcntl_flags_tbl),
5596                                   arg4));
5597         unlock_user(p, arg2, 0);
5598         break;
5599     case TARGET_NR_close:
5600         ret = get_errno(close(arg1));
5601         break;
5602     case TARGET_NR_brk:
5603         ret = do_brk(arg1);
5604         break;
5605     case TARGET_NR_fork:
5606         ret = get_errno(do_fork(cpu_env, SIGCHLD, 0, 0, 0, 0));
5607         break;
5608 #ifdef TARGET_NR_waitpid
5609     case TARGET_NR_waitpid:
5610         {
5611             int status;
5612             ret = get_errno(waitpid(arg1, &status, arg3));
5613             if (!is_error(ret) && arg2 && ret
5614                 && put_user_s32(host_to_target_waitstatus(status), arg2))
5615                 goto efault;
5616         }
5617         break;
5618 #endif
5619 #ifdef TARGET_NR_waitid
5620     case TARGET_NR_waitid:
5621         {
5622             siginfo_t info;
5623             info.si_pid = 0;
5624             ret = get_errno(waitid(arg1, arg2, &info, arg4));
5625             if (!is_error(ret) && arg3 && info.si_pid != 0) {
5626                 if (!(p = lock_user(VERIFY_WRITE, arg3, sizeof(target_siginfo_t), 0)))
5627                     goto efault;
5628                 host_to_target_siginfo(p, &info);
5629                 unlock_user(p, arg3, sizeof(target_siginfo_t));
5630             }
5631         }
5632         break;
5633 #endif
5634 #ifdef TARGET_NR_creat /* not on alpha */
5635     case TARGET_NR_creat:
5636         if (!(p = lock_user_string(arg1)))
5637             goto efault;
5638         ret = get_errno(creat(p, arg2));
5639         unlock_user(p, arg1, 0);
5640         break;
5641 #endif
5642     case TARGET_NR_link:
5643         {
5644             void * p2;
5645             p = lock_user_string(arg1);
5646             p2 = lock_user_string(arg2);
5647             if (!p || !p2)
5648                 ret = -TARGET_EFAULT;
5649             else
5650                 ret = get_errno(link(p, p2));
5651             unlock_user(p2, arg2, 0);
5652             unlock_user(p, arg1, 0);
5653         }
5654         break;
5655 #if defined(TARGET_NR_linkat)
5656     case TARGET_NR_linkat:
5657         {
5658             void * p2 = NULL;
5659             if (!arg2 || !arg4)
5660                 goto efault;
5661             p  = lock_user_string(arg2);
5662             p2 = lock_user_string(arg4);
5663             if (!p || !p2)
5664                 ret = -TARGET_EFAULT;
5665             else
5666                 ret = get_errno(linkat(arg1, p, arg3, p2, arg5));
5667             unlock_user(p, arg2, 0);
5668             unlock_user(p2, arg4, 0);
5669         }
5670         break;
5671 #endif
5672     case TARGET_NR_unlink:
5673         if (!(p = lock_user_string(arg1)))
5674             goto efault;
5675         ret = get_errno(unlink(p));
5676         unlock_user(p, arg1, 0);
5677         break;
5678 #if defined(TARGET_NR_unlinkat)
5679     case TARGET_NR_unlinkat:
5680         if (!(p = lock_user_string(arg2)))
5681             goto efault;
5682         ret = get_errno(unlinkat(arg1, p, arg3));
5683         unlock_user(p, arg2, 0);
5684         break;
5685 #endif
5686     case TARGET_NR_execve:
5687         {
5688             char **argp, **envp;
5689             int argc, envc;
5690             abi_ulong gp;
5691             abi_ulong guest_argp;
5692             abi_ulong guest_envp;
5693             abi_ulong addr;
5694             char **q;
5695             int total_size = 0;
5696 
5697             argc = 0;
5698             guest_argp = arg2;
5699             for (gp = guest_argp; gp; gp += sizeof(abi_ulong)) {
5700                 if (get_user_ual(addr, gp))
5701                     goto efault;
5702                 if (!addr)
5703                     break;
5704                 argc++;
5705             }
5706             envc = 0;
5707             guest_envp = arg3;
5708             for (gp = guest_envp; gp; gp += sizeof(abi_ulong)) {
5709                 if (get_user_ual(addr, gp))
5710                     goto efault;
5711                 if (!addr)
5712                     break;
5713                 envc++;
5714             }
5715 
5716             argp = alloca((argc + 1) * sizeof(void *));
5717             envp = alloca((envc + 1) * sizeof(void *));
5718 
5719             for (gp = guest_argp, q = argp; gp;
5720                   gp += sizeof(abi_ulong), q++) {
5721                 if (get_user_ual(addr, gp))
5722                     goto execve_efault;
5723                 if (!addr)
5724                     break;
5725                 if (!(*q = lock_user_string(addr)))
5726                     goto execve_efault;
5727                 total_size += strlen(*q) + 1;
5728             }
5729             *q = NULL;
5730 
5731             for (gp = guest_envp, q = envp; gp;
5732                   gp += sizeof(abi_ulong), q++) {
5733                 if (get_user_ual(addr, gp))
5734                     goto execve_efault;
5735                 if (!addr)
5736                     break;
5737                 if (!(*q = lock_user_string(addr)))
5738                     goto execve_efault;
5739                 total_size += strlen(*q) + 1;
5740             }
5741             *q = NULL;
5742 
5743             /* This case will not be caught by the host's execve() if its
5744                page size is bigger than the target's. */
5745             if (total_size > MAX_ARG_PAGES * TARGET_PAGE_SIZE) {
5746                 ret = -TARGET_E2BIG;
5747                 goto execve_end;
5748             }
5749             if (!(p = lock_user_string(arg1)))
5750                 goto execve_efault;
5751             ret = get_errno(execve(p, argp, envp));
5752             unlock_user(p, arg1, 0);
5753 
5754             goto execve_end;
5755 
5756         execve_efault:
5757             ret = -TARGET_EFAULT;
5758 
5759         execve_end:
5760             for (gp = guest_argp, q = argp; *q;
5761                   gp += sizeof(abi_ulong), q++) {
5762                 if (get_user_ual(addr, gp)
5763                     || !addr)
5764                     break;
5765                 unlock_user(*q, addr, 0);
5766             }
5767             for (gp = guest_envp, q = envp; *q;
5768                   gp += sizeof(abi_ulong), q++) {
5769                 if (get_user_ual(addr, gp)
5770                     || !addr)
5771                     break;
5772                 unlock_user(*q, addr, 0);
5773             }
5774         }
5775         break;
5776     case TARGET_NR_chdir:
5777         if (!(p = lock_user_string(arg1)))
5778             goto efault;
5779         ret = get_errno(chdir(p));
5780         unlock_user(p, arg1, 0);
5781         break;
5782 #ifdef TARGET_NR_time
5783     case TARGET_NR_time:
5784         {
5785             time_t host_time;
5786             ret = get_errno(time(&host_time));
5787             if (!is_error(ret)
5788                 && arg1
5789                 && put_user_sal(host_time, arg1))
5790                 goto efault;
5791         }
5792         break;
5793 #endif
5794     case TARGET_NR_mknod:
5795         if (!(p = lock_user_string(arg1)))
5796             goto efault;
5797         ret = get_errno(mknod(p, arg2, arg3));
5798         unlock_user(p, arg1, 0);
5799         break;
5800 #if defined(TARGET_NR_mknodat)
5801     case TARGET_NR_mknodat:
5802         if (!(p = lock_user_string(arg2)))
5803             goto efault;
5804         ret = get_errno(mknodat(arg1, p, arg3, arg4));
5805         unlock_user(p, arg2, 0);
5806         break;
5807 #endif
5808     case TARGET_NR_chmod:
5809         if (!(p = lock_user_string(arg1)))
5810             goto efault;
5811         ret = get_errno(chmod(p, arg2));
5812         unlock_user(p, arg1, 0);
5813         break;
5814 #ifdef TARGET_NR_break
5815     case TARGET_NR_break:
5816         goto unimplemented;
5817 #endif
5818 #ifdef TARGET_NR_oldstat
5819     case TARGET_NR_oldstat:
5820         goto unimplemented;
5821 #endif
5822     case TARGET_NR_lseek:
5823         ret = get_errno(lseek(arg1, arg2, arg3));
5824         break;
5825 #if defined(TARGET_NR_getxpid) && defined(TARGET_ALPHA)
5826     /* Alpha specific */
5827     case TARGET_NR_getxpid:
5828         ((CPUAlphaState *)cpu_env)->ir[IR_A4] = getppid();
5829         ret = get_errno(getpid());
5830         break;
5831 #endif
5832 #ifdef TARGET_NR_getpid
5833     case TARGET_NR_getpid:
5834         ret = get_errno(getpid());
5835         break;
5836 #endif
5837     case TARGET_NR_mount:
5838         {
5839             /* need to look at the data field */
5840             void *p2, *p3;
5841 
5842             if (arg1) {
5843                 p = lock_user_string(arg1);
5844                 if (!p) {
5845                     goto efault;
5846                 }
5847             } else {
5848                 p = NULL;
5849             }
5850 
5851             p2 = lock_user_string(arg2);
5852             if (!p2) {
5853                 if (arg1) {
5854                     unlock_user(p, arg1, 0);
5855                 }
5856                 goto efault;
5857             }
5858 
5859             if (arg3) {
5860                 p3 = lock_user_string(arg3);
5861                 if (!p3) {
5862                     if (arg1) {
5863                         unlock_user(p, arg1, 0);
5864                     }
5865                     unlock_user(p2, arg2, 0);
5866                     goto efault;
5867                 }
5868             } else {
5869                 p3 = NULL;
5870             }
5871 
5872             /* FIXME - arg5 should be locked, but it isn't clear how to
5873              * do that since it's not guaranteed to be a NULL-terminated
5874              * string.
5875              */
5876             if (!arg5) {
5877                 ret = mount(p, p2, p3, (unsigned long)arg4, NULL);
5878             } else {
5879                 ret = mount(p, p2, p3, (unsigned long)arg4, g2h(arg5));
5880             }
5881             ret = get_errno(ret);
5882 
5883             if (arg1) {
5884                 unlock_user(p, arg1, 0);
5885             }
5886             unlock_user(p2, arg2, 0);
5887             if (arg3) {
5888                 unlock_user(p3, arg3, 0);
5889             }
5890         }
5891         break;
5892 #ifdef TARGET_NR_umount
5893     case TARGET_NR_umount:
5894         if (!(p = lock_user_string(arg1)))
5895             goto efault;
5896         ret = get_errno(umount(p));
5897         unlock_user(p, arg1, 0);
5898         break;
5899 #endif
5900 #ifdef TARGET_NR_stime /* not on alpha */
5901     case TARGET_NR_stime:
5902         {
5903             time_t host_time;
5904             if (get_user_sal(host_time, arg1))
5905                 goto efault;
5906             ret = get_errno(stime(&host_time));
5907         }
5908         break;
5909 #endif
5910     case TARGET_NR_ptrace:
5911         goto unimplemented;
5912 #ifdef TARGET_NR_alarm /* not on alpha */
5913     case TARGET_NR_alarm:
5914         ret = alarm(arg1);
5915         break;
5916 #endif
5917 #ifdef TARGET_NR_oldfstat
5918     case TARGET_NR_oldfstat:
5919         goto unimplemented;
5920 #endif
5921 #ifdef TARGET_NR_pause /* not on alpha */
5922     case TARGET_NR_pause:
5923         ret = get_errno(pause());
5924         break;
5925 #endif
5926 #ifdef TARGET_NR_utime
5927     case TARGET_NR_utime:
5928         {
5929             struct utimbuf tbuf, *host_tbuf;
5930             struct target_utimbuf *target_tbuf;
5931             if (arg2) {
5932                 if (!lock_user_struct(VERIFY_READ, target_tbuf, arg2, 1))
5933                     goto efault;
5934                 tbuf.actime = tswapal(target_tbuf->actime);
5935                 tbuf.modtime = tswapal(target_tbuf->modtime);
5936                 unlock_user_struct(target_tbuf, arg2, 0);
5937                 host_tbuf = &tbuf;
5938             } else {
5939                 host_tbuf = NULL;
5940             }
5941             if (!(p = lock_user_string(arg1)))
5942                 goto efault;
5943             ret = get_errno(utime(p, host_tbuf));
5944             unlock_user(p, arg1, 0);
5945         }
5946         break;
5947 #endif
5948     case TARGET_NR_utimes:
5949         {
5950             struct timeval *tvp, tv[2];
5951             if (arg2) {
5952                 if (copy_from_user_timeval(&tv[0], arg2)
5953                     || copy_from_user_timeval(&tv[1],
5954                                               arg2 + sizeof(struct target_timeval)))
5955                     goto efault;
5956                 tvp = tv;
5957             } else {
5958                 tvp = NULL;
5959             }
5960             if (!(p = lock_user_string(arg1)))
5961                 goto efault;
5962             ret = get_errno(utimes(p, tvp));
5963             unlock_user(p, arg1, 0);
5964         }
5965         break;
5966 #if defined(TARGET_NR_futimesat)
5967     case TARGET_NR_futimesat:
5968         {
5969             struct timeval *tvp, tv[2];
5970             if (arg3) {
5971                 if (copy_from_user_timeval(&tv[0], arg3)
5972                     || copy_from_user_timeval(&tv[1],
5973                                               arg3 + sizeof(struct target_timeval)))
5974                     goto efault;
5975                 tvp = tv;
5976             } else {
5977                 tvp = NULL;
5978             }
5979             if (!(p = lock_user_string(arg2)))
5980                 goto efault;
5981             ret = get_errno(futimesat(arg1, path(p), tvp));
5982             unlock_user(p, arg2, 0);
5983         }
5984         break;
5985 #endif
5986 #ifdef TARGET_NR_stty
5987     case TARGET_NR_stty:
5988         goto unimplemented;
5989 #endif
5990 #ifdef TARGET_NR_gtty
5991     case TARGET_NR_gtty:
5992         goto unimplemented;
5993 #endif
5994     case TARGET_NR_access:
5995         if (!(p = lock_user_string(arg1)))
5996             goto efault;
5997         ret = get_errno(access(path(p), arg2));
5998         unlock_user(p, arg1, 0);
5999         break;
6000 #if defined(TARGET_NR_faccessat) && defined(__NR_faccessat)
6001     case TARGET_NR_faccessat:
6002         if (!(p = lock_user_string(arg2)))
6003             goto efault;
6004         ret = get_errno(faccessat(arg1, p, arg3, 0));
6005         unlock_user(p, arg2, 0);
6006         break;
6007 #endif
6008 #ifdef TARGET_NR_nice /* not on alpha */
6009     case TARGET_NR_nice:
6010         ret = get_errno(nice(arg1));
6011         break;
6012 #endif
6013 #ifdef TARGET_NR_ftime
6014     case TARGET_NR_ftime:
6015         goto unimplemented;
6016 #endif
6017     case TARGET_NR_sync:
6018         sync();
6019         ret = 0;
6020         break;
6021     case TARGET_NR_kill:
6022         ret = get_errno(kill(arg1, target_to_host_signal(arg2)));
6023         break;
6024     case TARGET_NR_rename:
6025         {
6026             void *p2;
6027             p = lock_user_string(arg1);
6028             p2 = lock_user_string(arg2);
6029             if (!p || !p2)
6030                 ret = -TARGET_EFAULT;
6031             else
6032                 ret = get_errno(rename(p, p2));
6033             unlock_user(p2, arg2, 0);
6034             unlock_user(p, arg1, 0);
6035         }
6036         break;
6037 #if defined(TARGET_NR_renameat)
6038     case TARGET_NR_renameat:
6039         {
6040             void *p2;
6041             p  = lock_user_string(arg2);
6042             p2 = lock_user_string(arg4);
6043             if (!p || !p2)
6044                 ret = -TARGET_EFAULT;
6045             else
6046                 ret = get_errno(renameat(arg1, p, arg3, p2));
6047             unlock_user(p2, arg4, 0);
6048             unlock_user(p, arg2, 0);
6049         }
6050         break;
6051 #endif
6052     case TARGET_NR_mkdir:
6053         if (!(p = lock_user_string(arg1)))
6054             goto efault;
6055         ret = get_errno(mkdir(p, arg2));
6056         unlock_user(p, arg1, 0);
6057         break;
6058 #if defined(TARGET_NR_mkdirat)
6059     case TARGET_NR_mkdirat:
6060         if (!(p = lock_user_string(arg2)))
6061             goto efault;
6062         ret = get_errno(mkdirat(arg1, p, arg3));
6063         unlock_user(p, arg2, 0);
6064         break;
6065 #endif
6066     case TARGET_NR_rmdir:
6067         if (!(p = lock_user_string(arg1)))
6068             goto efault;
6069         ret = get_errno(rmdir(p));
6070         unlock_user(p, arg1, 0);
6071         break;
6072     case TARGET_NR_dup:
6073         ret = get_errno(dup(arg1));
6074         break;
6075     case TARGET_NR_pipe:
6076         ret = do_pipe(cpu_env, arg1, 0, 0);
6077         break;
6078 #ifdef TARGET_NR_pipe2
6079     case TARGET_NR_pipe2:
6080         ret = do_pipe(cpu_env, arg1,
6081                       target_to_host_bitmask(arg2, fcntl_flags_tbl), 1);
6082         break;
6083 #endif
6084     case TARGET_NR_times:
6085         {
6086             struct target_tms *tmsp;
6087             struct tms tms;
6088             ret = get_errno(times(&tms));
6089             if (arg1) {
6090                 tmsp = lock_user(VERIFY_WRITE, arg1, sizeof(struct target_tms), 0);
6091                 if (!tmsp)
6092                     goto efault;
6093                 tmsp->tms_utime = tswapal(host_to_target_clock_t(tms.tms_utime));
6094                 tmsp->tms_stime = tswapal(host_to_target_clock_t(tms.tms_stime));
6095                 tmsp->tms_cutime = tswapal(host_to_target_clock_t(tms.tms_cutime));
6096                 tmsp->tms_cstime = tswapal(host_to_target_clock_t(tms.tms_cstime));
6097             }
6098             if (!is_error(ret))
6099                 ret = host_to_target_clock_t(ret);
6100         }
6101         break;
6102 #ifdef TARGET_NR_prof
6103     case TARGET_NR_prof:
6104         goto unimplemented;
6105 #endif
6106 #ifdef TARGET_NR_signal
6107     case TARGET_NR_signal:
6108         goto unimplemented;
6109 #endif
6110     case TARGET_NR_acct:
6111         if (arg1 == 0) {
6112             ret = get_errno(acct(NULL));
6113         } else {
6114             if (!(p = lock_user_string(arg1)))
6115                 goto efault;
6116             ret = get_errno(acct(path(p)));
6117             unlock_user(p, arg1, 0);
6118         }
6119         break;
6120 #ifdef TARGET_NR_umount2
6121     case TARGET_NR_umount2:
6122         if (!(p = lock_user_string(arg1)))
6123             goto efault;
6124         ret = get_errno(umount2(p, arg2));
6125         unlock_user(p, arg1, 0);
6126         break;
6127 #endif
6128 #ifdef TARGET_NR_lock
6129     case TARGET_NR_lock:
6130         goto unimplemented;
6131 #endif
6132     case TARGET_NR_ioctl:
6133         ret = do_ioctl(arg1, arg2, arg3);
6134         break;
6135     case TARGET_NR_fcntl:
6136         ret = do_fcntl(arg1, arg2, arg3);
6137         break;
6138 #ifdef TARGET_NR_mpx
6139     case TARGET_NR_mpx:
6140         goto unimplemented;
6141 #endif
6142     case TARGET_NR_setpgid:
6143         ret = get_errno(setpgid(arg1, arg2));
6144         break;
6145 #ifdef TARGET_NR_ulimit
6146     case TARGET_NR_ulimit:
6147         goto unimplemented;
6148 #endif
6149 #ifdef TARGET_NR_oldolduname
6150     case TARGET_NR_oldolduname:
6151         goto unimplemented;
6152 #endif
6153     case TARGET_NR_umask:
6154         ret = get_errno(umask(arg1));
6155         break;
6156     case TARGET_NR_chroot:
6157         if (!(p = lock_user_string(arg1)))
6158             goto efault;
6159         ret = get_errno(chroot(p));
6160         unlock_user(p, arg1, 0);
6161         break;
6162     case TARGET_NR_ustat:
6163         goto unimplemented;
6164     case TARGET_NR_dup2:
6165         ret = get_errno(dup2(arg1, arg2));
6166         break;
6167 #if defined(CONFIG_DUP3) && defined(TARGET_NR_dup3)
6168     case TARGET_NR_dup3:
6169         ret = get_errno(dup3(arg1, arg2, arg3));
6170         break;
6171 #endif
6172 #ifdef TARGET_NR_getppid /* not on alpha */
6173     case TARGET_NR_getppid:
6174         ret = get_errno(getppid());
6175         break;
6176 #endif
6177     case TARGET_NR_getpgrp:
6178         ret = get_errno(getpgrp());
6179         break;
6180     case TARGET_NR_setsid:
6181         ret = get_errno(setsid());
6182         break;
6183 #ifdef TARGET_NR_sigaction
6184     case TARGET_NR_sigaction:
6185         {
6186 #if defined(TARGET_ALPHA)
6187             struct target_sigaction act, oact, *pact = 0;
6188             struct target_old_sigaction *old_act;
6189             if (arg2) {
6190                 if (!lock_user_struct(VERIFY_READ, old_act, arg2, 1))
6191                     goto efault;
6192                 act._sa_handler = old_act->_sa_handler;
6193                 target_siginitset(&act.sa_mask, old_act->sa_mask);
6194                 act.sa_flags = old_act->sa_flags;
6195                 act.sa_restorer = 0;
6196                 unlock_user_struct(old_act, arg2, 0);
6197                 pact = &act;
6198             }
6199             ret = get_errno(do_sigaction(arg1, pact, &oact));
6200             if (!is_error(ret) && arg3) {
6201                 if (!lock_user_struct(VERIFY_WRITE, old_act, arg3, 0))
6202                     goto efault;
6203                 old_act->_sa_handler = oact._sa_handler;
6204                 old_act->sa_mask = oact.sa_mask.sig[0];
6205                 old_act->sa_flags = oact.sa_flags;
6206                 unlock_user_struct(old_act, arg3, 1);
6207             }
6208 #elif defined(TARGET_MIPS)
6209 	    struct target_sigaction act, oact, *pact, *old_act;
6210 
6211 	    if (arg2) {
6212                 if (!lock_user_struct(VERIFY_READ, old_act, arg2, 1))
6213                     goto efault;
6214 		act._sa_handler = old_act->_sa_handler;
6215 		target_siginitset(&act.sa_mask, old_act->sa_mask.sig[0]);
6216 		act.sa_flags = old_act->sa_flags;
6217 		unlock_user_struct(old_act, arg2, 0);
6218 		pact = &act;
6219 	    } else {
6220 		pact = NULL;
6221 	    }
6222 
6223 	    ret = get_errno(do_sigaction(arg1, pact, &oact));
6224 
6225 	    if (!is_error(ret) && arg3) {
6226                 if (!lock_user_struct(VERIFY_WRITE, old_act, arg3, 0))
6227                     goto efault;
6228 		old_act->_sa_handler = oact._sa_handler;
6229 		old_act->sa_flags = oact.sa_flags;
6230 		old_act->sa_mask.sig[0] = oact.sa_mask.sig[0];
6231 		old_act->sa_mask.sig[1] = 0;
6232 		old_act->sa_mask.sig[2] = 0;
6233 		old_act->sa_mask.sig[3] = 0;
6234 		unlock_user_struct(old_act, arg3, 1);
6235 	    }
6236 #else
6237             struct target_old_sigaction *old_act;
6238             struct target_sigaction act, oact, *pact;
6239             if (arg2) {
6240                 if (!lock_user_struct(VERIFY_READ, old_act, arg2, 1))
6241                     goto efault;
6242                 act._sa_handler = old_act->_sa_handler;
6243                 target_siginitset(&act.sa_mask, old_act->sa_mask);
6244                 act.sa_flags = old_act->sa_flags;
6245                 act.sa_restorer = old_act->sa_restorer;
6246                 unlock_user_struct(old_act, arg2, 0);
6247                 pact = &act;
6248             } else {
6249                 pact = NULL;
6250             }
6251             ret = get_errno(do_sigaction(arg1, pact, &oact));
6252             if (!is_error(ret) && arg3) {
6253                 if (!lock_user_struct(VERIFY_WRITE, old_act, arg3, 0))
6254                     goto efault;
6255                 old_act->_sa_handler = oact._sa_handler;
6256                 old_act->sa_mask = oact.sa_mask.sig[0];
6257                 old_act->sa_flags = oact.sa_flags;
6258                 old_act->sa_restorer = oact.sa_restorer;
6259                 unlock_user_struct(old_act, arg3, 1);
6260             }
6261 #endif
6262         }
6263         break;
6264 #endif
6265     case TARGET_NR_rt_sigaction:
6266         {
6267 #if defined(TARGET_ALPHA)
6268             struct target_sigaction act, oact, *pact = 0;
6269             struct target_rt_sigaction *rt_act;
6270             /* ??? arg4 == sizeof(sigset_t).  */
6271             if (arg2) {
6272                 if (!lock_user_struct(VERIFY_READ, rt_act, arg2, 1))
6273                     goto efault;
6274                 act._sa_handler = rt_act->_sa_handler;
6275                 act.sa_mask = rt_act->sa_mask;
6276                 act.sa_flags = rt_act->sa_flags;
6277                 act.sa_restorer = arg5;
6278                 unlock_user_struct(rt_act, arg2, 0);
6279                 pact = &act;
6280             }
6281             ret = get_errno(do_sigaction(arg1, pact, &oact));
6282             if (!is_error(ret) && arg3) {
6283                 if (!lock_user_struct(VERIFY_WRITE, rt_act, arg3, 0))
6284                     goto efault;
6285                 rt_act->_sa_handler = oact._sa_handler;
6286                 rt_act->sa_mask = oact.sa_mask;
6287                 rt_act->sa_flags = oact.sa_flags;
6288                 unlock_user_struct(rt_act, arg3, 1);
6289             }
6290 #else
6291             struct target_sigaction *act;
6292             struct target_sigaction *oact;
6293 
6294             if (arg2) {
6295                 if (!lock_user_struct(VERIFY_READ, act, arg2, 1))
6296                     goto efault;
6297             } else
6298                 act = NULL;
6299             if (arg3) {
6300                 if (!lock_user_struct(VERIFY_WRITE, oact, arg3, 0)) {
6301                     ret = -TARGET_EFAULT;
6302                     goto rt_sigaction_fail;
6303                 }
6304             } else
6305                 oact = NULL;
6306             ret = get_errno(do_sigaction(arg1, act, oact));
6307 	rt_sigaction_fail:
6308             if (act)
6309                 unlock_user_struct(act, arg2, 0);
6310             if (oact)
6311                 unlock_user_struct(oact, arg3, 1);
6312 #endif
6313         }
6314         break;
6315 #ifdef TARGET_NR_sgetmask /* not on alpha */
6316     case TARGET_NR_sgetmask:
6317         {
6318             sigset_t cur_set;
6319             abi_ulong target_set;
6320             do_sigprocmask(0, NULL, &cur_set);
6321             host_to_target_old_sigset(&target_set, &cur_set);
6322             ret = target_set;
6323         }
6324         break;
6325 #endif
6326 #ifdef TARGET_NR_ssetmask /* not on alpha */
6327     case TARGET_NR_ssetmask:
6328         {
6329             sigset_t set, oset, cur_set;
6330             abi_ulong target_set = arg1;
6331             do_sigprocmask(0, NULL, &cur_set);
6332             target_to_host_old_sigset(&set, &target_set);
6333             sigorset(&set, &set, &cur_set);
6334             do_sigprocmask(SIG_SETMASK, &set, &oset);
6335             host_to_target_old_sigset(&target_set, &oset);
6336             ret = target_set;
6337         }
6338         break;
6339 #endif
6340 #ifdef TARGET_NR_sigprocmask
6341     case TARGET_NR_sigprocmask:
6342         {
6343 #if defined(TARGET_ALPHA)
6344             sigset_t set, oldset;
6345             abi_ulong mask;
6346             int how;
6347 
6348             switch (arg1) {
6349             case TARGET_SIG_BLOCK:
6350                 how = SIG_BLOCK;
6351                 break;
6352             case TARGET_SIG_UNBLOCK:
6353                 how = SIG_UNBLOCK;
6354                 break;
6355             case TARGET_SIG_SETMASK:
6356                 how = SIG_SETMASK;
6357                 break;
6358             default:
6359                 ret = -TARGET_EINVAL;
6360                 goto fail;
6361             }
6362             mask = arg2;
6363             target_to_host_old_sigset(&set, &mask);
6364 
6365             ret = get_errno(do_sigprocmask(how, &set, &oldset));
6366             if (!is_error(ret)) {
6367                 host_to_target_old_sigset(&mask, &oldset);
6368                 ret = mask;
6369                 ((CPUAlphaState *)cpu_env)->ir[IR_V0] = 0; /* force no error */
6370             }
6371 #else
6372             sigset_t set, oldset, *set_ptr;
6373             int how;
6374 
6375             if (arg2) {
6376                 switch (arg1) {
6377                 case TARGET_SIG_BLOCK:
6378                     how = SIG_BLOCK;
6379                     break;
6380                 case TARGET_SIG_UNBLOCK:
6381                     how = SIG_UNBLOCK;
6382                     break;
6383                 case TARGET_SIG_SETMASK:
6384                     how = SIG_SETMASK;
6385                     break;
6386                 default:
6387                     ret = -TARGET_EINVAL;
6388                     goto fail;
6389                 }
6390                 if (!(p = lock_user(VERIFY_READ, arg2, sizeof(target_sigset_t), 1)))
6391                     goto efault;
6392                 target_to_host_old_sigset(&set, p);
6393                 unlock_user(p, arg2, 0);
6394                 set_ptr = &set;
6395             } else {
6396                 how = 0;
6397                 set_ptr = NULL;
6398             }
6399             ret = get_errno(do_sigprocmask(how, set_ptr, &oldset));
6400             if (!is_error(ret) && arg3) {
6401                 if (!(p = lock_user(VERIFY_WRITE, arg3, sizeof(target_sigset_t), 0)))
6402                     goto efault;
6403                 host_to_target_old_sigset(p, &oldset);
6404                 unlock_user(p, arg3, sizeof(target_sigset_t));
6405             }
6406 #endif
6407         }
6408         break;
6409 #endif
6410     case TARGET_NR_rt_sigprocmask:
6411         {
6412             int how = arg1;
6413             sigset_t set, oldset, *set_ptr;
6414 
6415             if (arg2) {
6416                 switch(how) {
6417                 case TARGET_SIG_BLOCK:
6418                     how = SIG_BLOCK;
6419                     break;
6420                 case TARGET_SIG_UNBLOCK:
6421                     how = SIG_UNBLOCK;
6422                     break;
6423                 case TARGET_SIG_SETMASK:
6424                     how = SIG_SETMASK;
6425                     break;
6426                 default:
6427                     ret = -TARGET_EINVAL;
6428                     goto fail;
6429                 }
6430                 if (!(p = lock_user(VERIFY_READ, arg2, sizeof(target_sigset_t), 1)))
6431                     goto efault;
6432                 target_to_host_sigset(&set, p);
6433                 unlock_user(p, arg2, 0);
6434                 set_ptr = &set;
6435             } else {
6436                 how = 0;
6437                 set_ptr = NULL;
6438             }
6439             ret = get_errno(do_sigprocmask(how, set_ptr, &oldset));
6440             if (!is_error(ret) && arg3) {
6441                 if (!(p = lock_user(VERIFY_WRITE, arg3, sizeof(target_sigset_t), 0)))
6442                     goto efault;
6443                 host_to_target_sigset(p, &oldset);
6444                 unlock_user(p, arg3, sizeof(target_sigset_t));
6445             }
6446         }
6447         break;
6448 #ifdef TARGET_NR_sigpending
6449     case TARGET_NR_sigpending:
6450         {
6451             sigset_t set;
6452             ret = get_errno(sigpending(&set));
6453             if (!is_error(ret)) {
6454                 if (!(p = lock_user(VERIFY_WRITE, arg1, sizeof(target_sigset_t), 0)))
6455                     goto efault;
6456                 host_to_target_old_sigset(p, &set);
6457                 unlock_user(p, arg1, sizeof(target_sigset_t));
6458             }
6459         }
6460         break;
6461 #endif
6462     case TARGET_NR_rt_sigpending:
6463         {
6464             sigset_t set;
6465             ret = get_errno(sigpending(&set));
6466             if (!is_error(ret)) {
6467                 if (!(p = lock_user(VERIFY_WRITE, arg1, sizeof(target_sigset_t), 0)))
6468                     goto efault;
6469                 host_to_target_sigset(p, &set);
6470                 unlock_user(p, arg1, sizeof(target_sigset_t));
6471             }
6472         }
6473         break;
6474 #ifdef TARGET_NR_sigsuspend
6475     case TARGET_NR_sigsuspend:
6476         {
6477             sigset_t set;
6478 #if defined(TARGET_ALPHA)
6479             abi_ulong mask = arg1;
6480             target_to_host_old_sigset(&set, &mask);
6481 #else
6482             if (!(p = lock_user(VERIFY_READ, arg1, sizeof(target_sigset_t), 1)))
6483                 goto efault;
6484             target_to_host_old_sigset(&set, p);
6485             unlock_user(p, arg1, 0);
6486 #endif
6487             ret = get_errno(sigsuspend(&set));
6488         }
6489         break;
6490 #endif
6491     case TARGET_NR_rt_sigsuspend:
6492         {
6493             sigset_t set;
6494             if (!(p = lock_user(VERIFY_READ, arg1, sizeof(target_sigset_t), 1)))
6495                 goto efault;
6496             target_to_host_sigset(&set, p);
6497             unlock_user(p, arg1, 0);
6498             ret = get_errno(sigsuspend(&set));
6499         }
6500         break;
6501     case TARGET_NR_rt_sigtimedwait:
6502         {
6503             sigset_t set;
6504             struct timespec uts, *puts;
6505             siginfo_t uinfo;
6506 
6507             if (!(p = lock_user(VERIFY_READ, arg1, sizeof(target_sigset_t), 1)))
6508                 goto efault;
6509             target_to_host_sigset(&set, p);
6510             unlock_user(p, arg1, 0);
6511             if (arg3) {
6512                 puts = &uts;
6513                 target_to_host_timespec(puts, arg3);
6514             } else {
6515                 puts = NULL;
6516             }
6517             ret = get_errno(sigtimedwait(&set, &uinfo, puts));
6518             if (!is_error(ret)) {
6519                 if (arg2) {
6520                     p = lock_user(VERIFY_WRITE, arg2, sizeof(target_siginfo_t),
6521                                   0);
6522                     if (!p) {
6523                         goto efault;
6524                     }
6525                     host_to_target_siginfo(p, &uinfo);
6526                     unlock_user(p, arg2, sizeof(target_siginfo_t));
6527                 }
6528                 ret = host_to_target_signal(ret);
6529             }
6530         }
6531         break;
6532     case TARGET_NR_rt_sigqueueinfo:
6533         {
6534             siginfo_t uinfo;
6535             if (!(p = lock_user(VERIFY_READ, arg3, sizeof(target_sigset_t), 1)))
6536                 goto efault;
6537             target_to_host_siginfo(&uinfo, p);
6538             unlock_user(p, arg1, 0);
6539             ret = get_errno(sys_rt_sigqueueinfo(arg1, arg2, &uinfo));
6540         }
6541         break;
6542 #ifdef TARGET_NR_sigreturn
6543     case TARGET_NR_sigreturn:
6544         /* NOTE: ret is eax, so not transcoding must be done */
6545         ret = do_sigreturn(cpu_env);
6546         break;
6547 #endif
6548     case TARGET_NR_rt_sigreturn:
6549         /* NOTE: ret is eax, so not transcoding must be done */
6550         ret = do_rt_sigreturn(cpu_env);
6551         break;
6552     case TARGET_NR_sethostname:
6553         if (!(p = lock_user_string(arg1)))
6554             goto efault;
6555         ret = get_errno(sethostname(p, arg2));
6556         unlock_user(p, arg1, 0);
6557         break;
6558     case TARGET_NR_setrlimit:
6559         {
6560             int resource = target_to_host_resource(arg1);
6561             struct target_rlimit *target_rlim;
6562             struct rlimit rlim;
6563             if (!lock_user_struct(VERIFY_READ, target_rlim, arg2, 1))
6564                 goto efault;
6565             rlim.rlim_cur = target_to_host_rlim(target_rlim->rlim_cur);
6566             rlim.rlim_max = target_to_host_rlim(target_rlim->rlim_max);
6567             unlock_user_struct(target_rlim, arg2, 0);
6568             ret = get_errno(setrlimit(resource, &rlim));
6569         }
6570         break;
6571     case TARGET_NR_getrlimit:
6572         {
6573             int resource = target_to_host_resource(arg1);
6574             struct target_rlimit *target_rlim;
6575             struct rlimit rlim;
6576 
6577             ret = get_errno(getrlimit(resource, &rlim));
6578             if (!is_error(ret)) {
6579                 if (!lock_user_struct(VERIFY_WRITE, target_rlim, arg2, 0))
6580                     goto efault;
6581                 target_rlim->rlim_cur = host_to_target_rlim(rlim.rlim_cur);
6582                 target_rlim->rlim_max = host_to_target_rlim(rlim.rlim_max);
6583                 unlock_user_struct(target_rlim, arg2, 1);
6584             }
6585         }
6586         break;
6587     case TARGET_NR_getrusage:
6588         {
6589             struct rusage rusage;
6590             ret = get_errno(getrusage(arg1, &rusage));
6591             if (!is_error(ret)) {
6592                 ret = host_to_target_rusage(arg2, &rusage);
6593             }
6594         }
6595         break;
6596     case TARGET_NR_gettimeofday:
6597         {
6598             struct timeval tv;
6599             ret = get_errno(gettimeofday(&tv, NULL));
6600             if (!is_error(ret)) {
6601                 if (copy_to_user_timeval(arg1, &tv))
6602                     goto efault;
6603             }
6604         }
6605         break;
6606     case TARGET_NR_settimeofday:
6607         {
6608             struct timeval tv, *ptv = NULL;
6609             struct timezone tz, *ptz = NULL;
6610 
6611             if (arg1) {
6612                 if (copy_from_user_timeval(&tv, arg1)) {
6613                     goto efault;
6614                 }
6615                 ptv = &tv;
6616             }
6617 
6618             if (arg2) {
6619                 if (copy_from_user_timezone(&tz, arg2)) {
6620                     goto efault;
6621                 }
6622                 ptz = &tz;
6623             }
6624 
6625             ret = get_errno(settimeofday(ptv, ptz));
6626         }
6627         break;
6628 #if defined(TARGET_NR_select)
6629     case TARGET_NR_select:
6630 #if defined(TARGET_S390X) || defined(TARGET_ALPHA)
6631         ret = do_select(arg1, arg2, arg3, arg4, arg5);
6632 #else
6633         {
6634             struct target_sel_arg_struct *sel;
6635             abi_ulong inp, outp, exp, tvp;
6636             long nsel;
6637 
6638             if (!lock_user_struct(VERIFY_READ, sel, arg1, 1))
6639                 goto efault;
6640             nsel = tswapal(sel->n);
6641             inp = tswapal(sel->inp);
6642             outp = tswapal(sel->outp);
6643             exp = tswapal(sel->exp);
6644             tvp = tswapal(sel->tvp);
6645             unlock_user_struct(sel, arg1, 0);
6646             ret = do_select(nsel, inp, outp, exp, tvp);
6647         }
6648 #endif
6649         break;
6650 #endif
6651 #ifdef TARGET_NR_pselect6
6652     case TARGET_NR_pselect6:
6653         {
6654             abi_long rfd_addr, wfd_addr, efd_addr, n, ts_addr;
6655             fd_set rfds, wfds, efds;
6656             fd_set *rfds_ptr, *wfds_ptr, *efds_ptr;
6657             struct timespec ts, *ts_ptr;
6658 
6659             /*
6660              * The 6th arg is actually two args smashed together,
6661              * so we cannot use the C library.
6662              */
6663             sigset_t set;
6664             struct {
6665                 sigset_t *set;
6666                 size_t size;
6667             } sig, *sig_ptr;
6668 
6669             abi_ulong arg_sigset, arg_sigsize, *arg7;
6670             target_sigset_t *target_sigset;
6671 
6672             n = arg1;
6673             rfd_addr = arg2;
6674             wfd_addr = arg3;
6675             efd_addr = arg4;
6676             ts_addr = arg5;
6677 
6678             ret = copy_from_user_fdset_ptr(&rfds, &rfds_ptr, rfd_addr, n);
6679             if (ret) {
6680                 goto fail;
6681             }
6682             ret = copy_from_user_fdset_ptr(&wfds, &wfds_ptr, wfd_addr, n);
6683             if (ret) {
6684                 goto fail;
6685             }
6686             ret = copy_from_user_fdset_ptr(&efds, &efds_ptr, efd_addr, n);
6687             if (ret) {
6688                 goto fail;
6689             }
6690 
6691             /*
6692              * This takes a timespec, and not a timeval, so we cannot
6693              * use the do_select() helper ...
6694              */
6695             if (ts_addr) {
6696                 if (target_to_host_timespec(&ts, ts_addr)) {
6697                     goto efault;
6698                 }
6699                 ts_ptr = &ts;
6700             } else {
6701                 ts_ptr = NULL;
6702             }
6703 
6704             /* Extract the two packed args for the sigset */
6705             if (arg6) {
6706                 sig_ptr = &sig;
6707                 sig.size = _NSIG / 8;
6708 
6709                 arg7 = lock_user(VERIFY_READ, arg6, sizeof(*arg7) * 2, 1);
6710                 if (!arg7) {
6711                     goto efault;
6712                 }
6713                 arg_sigset = tswapal(arg7[0]);
6714                 arg_sigsize = tswapal(arg7[1]);
6715                 unlock_user(arg7, arg6, 0);
6716 
6717                 if (arg_sigset) {
6718                     sig.set = &set;
6719                     if (arg_sigsize != sizeof(*target_sigset)) {
6720                         /* Like the kernel, we enforce correct size sigsets */
6721                         ret = -TARGET_EINVAL;
6722                         goto fail;
6723                     }
6724                     target_sigset = lock_user(VERIFY_READ, arg_sigset,
6725                                               sizeof(*target_sigset), 1);
6726                     if (!target_sigset) {
6727                         goto efault;
6728                     }
6729                     target_to_host_sigset(&set, target_sigset);
6730                     unlock_user(target_sigset, arg_sigset, 0);
6731                 } else {
6732                     sig.set = NULL;
6733                 }
6734             } else {
6735                 sig_ptr = NULL;
6736             }
6737 
6738             ret = get_errno(sys_pselect6(n, rfds_ptr, wfds_ptr, efds_ptr,
6739                                          ts_ptr, sig_ptr));
6740 
6741             if (!is_error(ret)) {
6742                 if (rfd_addr && copy_to_user_fdset(rfd_addr, &rfds, n))
6743                     goto efault;
6744                 if (wfd_addr && copy_to_user_fdset(wfd_addr, &wfds, n))
6745                     goto efault;
6746                 if (efd_addr && copy_to_user_fdset(efd_addr, &efds, n))
6747                     goto efault;
6748 
6749                 if (ts_addr && host_to_target_timespec(ts_addr, &ts))
6750                     goto efault;
6751             }
6752         }
6753         break;
6754 #endif
6755     case TARGET_NR_symlink:
6756         {
6757             void *p2;
6758             p = lock_user_string(arg1);
6759             p2 = lock_user_string(arg2);
6760             if (!p || !p2)
6761                 ret = -TARGET_EFAULT;
6762             else
6763                 ret = get_errno(symlink(p, p2));
6764             unlock_user(p2, arg2, 0);
6765             unlock_user(p, arg1, 0);
6766         }
6767         break;
6768 #if defined(TARGET_NR_symlinkat)
6769     case TARGET_NR_symlinkat:
6770         {
6771             void *p2;
6772             p  = lock_user_string(arg1);
6773             p2 = lock_user_string(arg3);
6774             if (!p || !p2)
6775                 ret = -TARGET_EFAULT;
6776             else
6777                 ret = get_errno(symlinkat(p, arg2, p2));
6778             unlock_user(p2, arg3, 0);
6779             unlock_user(p, arg1, 0);
6780         }
6781         break;
6782 #endif
6783 #ifdef TARGET_NR_oldlstat
6784     case TARGET_NR_oldlstat:
6785         goto unimplemented;
6786 #endif
6787     case TARGET_NR_readlink:
6788         {
6789             void *p2;
6790             p = lock_user_string(arg1);
6791             p2 = lock_user(VERIFY_WRITE, arg2, arg3, 0);
6792             if (!p || !p2) {
6793                 ret = -TARGET_EFAULT;
6794             } else if (!arg3) {
6795                 /* Short circuit this for the magic exe check. */
6796                 ret = -TARGET_EINVAL;
6797             } else if (is_proc_myself((const char *)p, "exe")) {
6798                 char real[PATH_MAX], *temp;
6799                 temp = realpath(exec_path, real);
6800                 /* Return value is # of bytes that we wrote to the buffer. */
6801                 if (temp == NULL) {
6802                     ret = get_errno(-1);
6803                 } else {
6804                     /* Don't worry about sign mismatch as earlier mapping
6805                      * logic would have thrown a bad address error. */
6806                     ret = MIN(strlen(real), arg3);
6807                     /* We cannot NUL terminate the string. */
6808                     memcpy(p2, real, ret);
6809                 }
6810             } else {
6811                 ret = get_errno(readlink(path(p), p2, arg3));
6812             }
6813             unlock_user(p2, arg2, ret);
6814             unlock_user(p, arg1, 0);
6815         }
6816         break;
6817 #if defined(TARGET_NR_readlinkat)
6818     case TARGET_NR_readlinkat:
6819         {
6820             void *p2;
6821             p  = lock_user_string(arg2);
6822             p2 = lock_user(VERIFY_WRITE, arg3, arg4, 0);
6823             if (!p || !p2) {
6824                 ret = -TARGET_EFAULT;
6825             } else if (is_proc_myself((const char *)p, "exe")) {
6826                 char real[PATH_MAX], *temp;
6827                 temp = realpath(exec_path, real);
6828                 ret = temp == NULL ? get_errno(-1) : strlen(real) ;
6829                 snprintf((char *)p2, arg4, "%s", real);
6830             } else {
6831                 ret = get_errno(readlinkat(arg1, path(p), p2, arg4));
6832             }
6833             unlock_user(p2, arg3, ret);
6834             unlock_user(p, arg2, 0);
6835         }
6836         break;
6837 #endif
6838 #ifdef TARGET_NR_uselib
6839     case TARGET_NR_uselib:
6840         goto unimplemented;
6841 #endif
6842 #ifdef TARGET_NR_swapon
6843     case TARGET_NR_swapon:
6844         if (!(p = lock_user_string(arg1)))
6845             goto efault;
6846         ret = get_errno(swapon(p, arg2));
6847         unlock_user(p, arg1, 0);
6848         break;
6849 #endif
6850     case TARGET_NR_reboot:
6851         if (arg3 == LINUX_REBOOT_CMD_RESTART2) {
6852            /* arg4 must be ignored in all other cases */
6853            p = lock_user_string(arg4);
6854            if (!p) {
6855               goto efault;
6856            }
6857            ret = get_errno(reboot(arg1, arg2, arg3, p));
6858            unlock_user(p, arg4, 0);
6859         } else {
6860            ret = get_errno(reboot(arg1, arg2, arg3, NULL));
6861         }
6862         break;
6863 #ifdef TARGET_NR_readdir
6864     case TARGET_NR_readdir:
6865         goto unimplemented;
6866 #endif
6867 #ifdef TARGET_NR_mmap
6868     case TARGET_NR_mmap:
6869 #if (defined(TARGET_I386) && defined(TARGET_ABI32)) || \
6870     (defined(TARGET_ARM) && defined(TARGET_ABI32)) || \
6871     defined(TARGET_M68K) || defined(TARGET_CRIS) || defined(TARGET_MICROBLAZE) \
6872     || defined(TARGET_S390X)
6873         {
6874             abi_ulong *v;
6875             abi_ulong v1, v2, v3, v4, v5, v6;
6876             if (!(v = lock_user(VERIFY_READ, arg1, 6 * sizeof(abi_ulong), 1)))
6877                 goto efault;
6878             v1 = tswapal(v[0]);
6879             v2 = tswapal(v[1]);
6880             v3 = tswapal(v[2]);
6881             v4 = tswapal(v[3]);
6882             v5 = tswapal(v[4]);
6883             v6 = tswapal(v[5]);
6884             unlock_user(v, arg1, 0);
6885             ret = get_errno(target_mmap(v1, v2, v3,
6886                                         target_to_host_bitmask(v4, mmap_flags_tbl),
6887                                         v5, v6));
6888         }
6889 #else
6890         ret = get_errno(target_mmap(arg1, arg2, arg3,
6891                                     target_to_host_bitmask(arg4, mmap_flags_tbl),
6892                                     arg5,
6893                                     arg6));
6894 #endif
6895         break;
6896 #endif
6897 #ifdef TARGET_NR_mmap2
6898     case TARGET_NR_mmap2:
6899 #ifndef MMAP_SHIFT
6900 #define MMAP_SHIFT 12
6901 #endif
6902         ret = get_errno(target_mmap(arg1, arg2, arg3,
6903                                     target_to_host_bitmask(arg4, mmap_flags_tbl),
6904                                     arg5,
6905                                     arg6 << MMAP_SHIFT));
6906         break;
6907 #endif
6908     case TARGET_NR_munmap:
6909         ret = get_errno(target_munmap(arg1, arg2));
6910         break;
6911     case TARGET_NR_mprotect:
6912         {
6913             TaskState *ts = cpu->opaque;
6914             /* Special hack to detect libc making the stack executable.  */
6915             if ((arg3 & PROT_GROWSDOWN)
6916                 && arg1 >= ts->info->stack_limit
6917                 && arg1 <= ts->info->start_stack) {
6918                 arg3 &= ~PROT_GROWSDOWN;
6919                 arg2 = arg2 + arg1 - ts->info->stack_limit;
6920                 arg1 = ts->info->stack_limit;
6921             }
6922         }
6923         ret = get_errno(target_mprotect(arg1, arg2, arg3));
6924         break;
6925 #ifdef TARGET_NR_mremap
6926     case TARGET_NR_mremap:
6927         ret = get_errno(target_mremap(arg1, arg2, arg3, arg4, arg5));
6928         break;
6929 #endif
6930         /* ??? msync/mlock/munlock are broken for softmmu.  */
6931 #ifdef TARGET_NR_msync
6932     case TARGET_NR_msync:
6933         ret = get_errno(msync(g2h(arg1), arg2, arg3));
6934         break;
6935 #endif
6936 #ifdef TARGET_NR_mlock
6937     case TARGET_NR_mlock:
6938         ret = get_errno(mlock(g2h(arg1), arg2));
6939         break;
6940 #endif
6941 #ifdef TARGET_NR_munlock
6942     case TARGET_NR_munlock:
6943         ret = get_errno(munlock(g2h(arg1), arg2));
6944         break;
6945 #endif
6946 #ifdef TARGET_NR_mlockall
6947     case TARGET_NR_mlockall:
6948         ret = get_errno(mlockall(target_to_host_mlockall_arg(arg1)));
6949         break;
6950 #endif
6951 #ifdef TARGET_NR_munlockall
6952     case TARGET_NR_munlockall:
6953         ret = get_errno(munlockall());
6954         break;
6955 #endif
6956     case TARGET_NR_truncate:
6957         if (!(p = lock_user_string(arg1)))
6958             goto efault;
6959         ret = get_errno(truncate(p, arg2));
6960         unlock_user(p, arg1, 0);
6961         break;
6962     case TARGET_NR_ftruncate:
6963         ret = get_errno(ftruncate(arg1, arg2));
6964         break;
6965     case TARGET_NR_fchmod:
6966         ret = get_errno(fchmod(arg1, arg2));
6967         break;
6968 #if defined(TARGET_NR_fchmodat)
6969     case TARGET_NR_fchmodat:
6970         if (!(p = lock_user_string(arg2)))
6971             goto efault;
6972         ret = get_errno(fchmodat(arg1, p, arg3, 0));
6973         unlock_user(p, arg2, 0);
6974         break;
6975 #endif
6976     case TARGET_NR_getpriority:
6977         /* Note that negative values are valid for getpriority, so we must
6978            differentiate based on errno settings.  */
6979         errno = 0;
6980         ret = getpriority(arg1, arg2);
6981         if (ret == -1 && errno != 0) {
6982             ret = -host_to_target_errno(errno);
6983             break;
6984         }
6985 #ifdef TARGET_ALPHA
6986         /* Return value is the unbiased priority.  Signal no error.  */
6987         ((CPUAlphaState *)cpu_env)->ir[IR_V0] = 0;
6988 #else
6989         /* Return value is a biased priority to avoid negative numbers.  */
6990         ret = 20 - ret;
6991 #endif
6992         break;
6993     case TARGET_NR_setpriority:
6994         ret = get_errno(setpriority(arg1, arg2, arg3));
6995         break;
6996 #ifdef TARGET_NR_profil
6997     case TARGET_NR_profil:
6998         goto unimplemented;
6999 #endif
7000     case TARGET_NR_statfs:
7001         if (!(p = lock_user_string(arg1)))
7002             goto efault;
7003         ret = get_errno(statfs(path(p), &stfs));
7004         unlock_user(p, arg1, 0);
7005     convert_statfs:
7006         if (!is_error(ret)) {
7007             struct target_statfs *target_stfs;
7008 
7009             if (!lock_user_struct(VERIFY_WRITE, target_stfs, arg2, 0))
7010                 goto efault;
7011             __put_user(stfs.f_type, &target_stfs->f_type);
7012             __put_user(stfs.f_bsize, &target_stfs->f_bsize);
7013             __put_user(stfs.f_blocks, &target_stfs->f_blocks);
7014             __put_user(stfs.f_bfree, &target_stfs->f_bfree);
7015             __put_user(stfs.f_bavail, &target_stfs->f_bavail);
7016             __put_user(stfs.f_files, &target_stfs->f_files);
7017             __put_user(stfs.f_ffree, &target_stfs->f_ffree);
7018             __put_user(stfs.f_fsid.__val[0], &target_stfs->f_fsid.val[0]);
7019             __put_user(stfs.f_fsid.__val[1], &target_stfs->f_fsid.val[1]);
7020             __put_user(stfs.f_namelen, &target_stfs->f_namelen);
7021             __put_user(stfs.f_frsize, &target_stfs->f_frsize);
7022             memset(target_stfs->f_spare, 0, sizeof(target_stfs->f_spare));
7023             unlock_user_struct(target_stfs, arg2, 1);
7024         }
7025         break;
7026     case TARGET_NR_fstatfs:
7027         ret = get_errno(fstatfs(arg1, &stfs));
7028         goto convert_statfs;
7029 #ifdef TARGET_NR_statfs64
7030     case TARGET_NR_statfs64:
7031         if (!(p = lock_user_string(arg1)))
7032             goto efault;
7033         ret = get_errno(statfs(path(p), &stfs));
7034         unlock_user(p, arg1, 0);
7035     convert_statfs64:
7036         if (!is_error(ret)) {
7037             struct target_statfs64 *target_stfs;
7038 
7039             if (!lock_user_struct(VERIFY_WRITE, target_stfs, arg3, 0))
7040                 goto efault;
7041             __put_user(stfs.f_type, &target_stfs->f_type);
7042             __put_user(stfs.f_bsize, &target_stfs->f_bsize);
7043             __put_user(stfs.f_blocks, &target_stfs->f_blocks);
7044             __put_user(stfs.f_bfree, &target_stfs->f_bfree);
7045             __put_user(stfs.f_bavail, &target_stfs->f_bavail);
7046             __put_user(stfs.f_files, &target_stfs->f_files);
7047             __put_user(stfs.f_ffree, &target_stfs->f_ffree);
7048             __put_user(stfs.f_fsid.__val[0], &target_stfs->f_fsid.val[0]);
7049             __put_user(stfs.f_fsid.__val[1], &target_stfs->f_fsid.val[1]);
7050             __put_user(stfs.f_namelen, &target_stfs->f_namelen);
7051             __put_user(stfs.f_frsize, &target_stfs->f_frsize);
7052             memset(target_stfs->f_spare, 0, sizeof(target_stfs->f_spare));
7053             unlock_user_struct(target_stfs, arg3, 1);
7054         }
7055         break;
7056     case TARGET_NR_fstatfs64:
7057         ret = get_errno(fstatfs(arg1, &stfs));
7058         goto convert_statfs64;
7059 #endif
7060 #ifdef TARGET_NR_ioperm
7061     case TARGET_NR_ioperm:
7062         goto unimplemented;
7063 #endif
7064 #ifdef TARGET_NR_socketcall
7065     case TARGET_NR_socketcall:
7066         ret = do_socketcall(arg1, arg2);
7067         break;
7068 #endif
7069 #ifdef TARGET_NR_accept
7070     case TARGET_NR_accept:
7071         ret = do_accept4(arg1, arg2, arg3, 0);
7072         break;
7073 #endif
7074 #ifdef TARGET_NR_accept4
7075     case TARGET_NR_accept4:
7076 #ifdef CONFIG_ACCEPT4
7077         ret = do_accept4(arg1, arg2, arg3, arg4);
7078 #else
7079         goto unimplemented;
7080 #endif
7081         break;
7082 #endif
7083 #ifdef TARGET_NR_bind
7084     case TARGET_NR_bind:
7085         ret = do_bind(arg1, arg2, arg3);
7086         break;
7087 #endif
7088 #ifdef TARGET_NR_connect
7089     case TARGET_NR_connect:
7090         ret = do_connect(arg1, arg2, arg3);
7091         break;
7092 #endif
7093 #ifdef TARGET_NR_getpeername
7094     case TARGET_NR_getpeername:
7095         ret = do_getpeername(arg1, arg2, arg3);
7096         break;
7097 #endif
7098 #ifdef TARGET_NR_getsockname
7099     case TARGET_NR_getsockname:
7100         ret = do_getsockname(arg1, arg2, arg3);
7101         break;
7102 #endif
7103 #ifdef TARGET_NR_getsockopt
7104     case TARGET_NR_getsockopt:
7105         ret = do_getsockopt(arg1, arg2, arg3, arg4, arg5);
7106         break;
7107 #endif
7108 #ifdef TARGET_NR_listen
7109     case TARGET_NR_listen:
7110         ret = get_errno(listen(arg1, arg2));
7111         break;
7112 #endif
7113 #ifdef TARGET_NR_recv
7114     case TARGET_NR_recv:
7115         ret = do_recvfrom(arg1, arg2, arg3, arg4, 0, 0);
7116         break;
7117 #endif
7118 #ifdef TARGET_NR_recvfrom
7119     case TARGET_NR_recvfrom:
7120         ret = do_recvfrom(arg1, arg2, arg3, arg4, arg5, arg6);
7121         break;
7122 #endif
7123 #ifdef TARGET_NR_recvmsg
7124     case TARGET_NR_recvmsg:
7125         ret = do_sendrecvmsg(arg1, arg2, arg3, 0);
7126         break;
7127 #endif
7128 #ifdef TARGET_NR_send
7129     case TARGET_NR_send:
7130         ret = do_sendto(arg1, arg2, arg3, arg4, 0, 0);
7131         break;
7132 #endif
7133 #ifdef TARGET_NR_sendmsg
7134     case TARGET_NR_sendmsg:
7135         ret = do_sendrecvmsg(arg1, arg2, arg3, 1);
7136         break;
7137 #endif
7138 #ifdef TARGET_NR_sendmmsg
7139     case TARGET_NR_sendmmsg:
7140         ret = do_sendrecvmmsg(arg1, arg2, arg3, arg4, 1);
7141         break;
7142     case TARGET_NR_recvmmsg:
7143         ret = do_sendrecvmmsg(arg1, arg2, arg3, arg4, 0);
7144         break;
7145 #endif
7146 #ifdef TARGET_NR_sendto
7147     case TARGET_NR_sendto:
7148         ret = do_sendto(arg1, arg2, arg3, arg4, arg5, arg6);
7149         break;
7150 #endif
7151 #ifdef TARGET_NR_shutdown
7152     case TARGET_NR_shutdown:
7153         ret = get_errno(shutdown(arg1, arg2));
7154         break;
7155 #endif
7156 #ifdef TARGET_NR_socket
7157     case TARGET_NR_socket:
7158         ret = do_socket(arg1, arg2, arg3);
7159         break;
7160 #endif
7161 #ifdef TARGET_NR_socketpair
7162     case TARGET_NR_socketpair:
7163         ret = do_socketpair(arg1, arg2, arg3, arg4);
7164         break;
7165 #endif
7166 #ifdef TARGET_NR_setsockopt
7167     case TARGET_NR_setsockopt:
7168         ret = do_setsockopt(arg1, arg2, arg3, arg4, (socklen_t) arg5);
7169         break;
7170 #endif
7171 
7172     case TARGET_NR_syslog:
7173         if (!(p = lock_user_string(arg2)))
7174             goto efault;
7175         ret = get_errno(sys_syslog((int)arg1, p, (int)arg3));
7176         unlock_user(p, arg2, 0);
7177         break;
7178 
7179     case TARGET_NR_setitimer:
7180         {
7181             struct itimerval value, ovalue, *pvalue;
7182 
7183             if (arg2) {
7184                 pvalue = &value;
7185                 if (copy_from_user_timeval(&pvalue->it_interval, arg2)
7186                     || copy_from_user_timeval(&pvalue->it_value,
7187                                               arg2 + sizeof(struct target_timeval)))
7188                     goto efault;
7189             } else {
7190                 pvalue = NULL;
7191             }
7192             ret = get_errno(setitimer(arg1, pvalue, &ovalue));
7193             if (!is_error(ret) && arg3) {
7194                 if (copy_to_user_timeval(arg3,
7195                                          &ovalue.it_interval)
7196                     || copy_to_user_timeval(arg3 + sizeof(struct target_timeval),
7197                                             &ovalue.it_value))
7198                     goto efault;
7199             }
7200         }
7201         break;
7202     case TARGET_NR_getitimer:
7203         {
7204             struct itimerval value;
7205 
7206             ret = get_errno(getitimer(arg1, &value));
7207             if (!is_error(ret) && arg2) {
7208                 if (copy_to_user_timeval(arg2,
7209                                          &value.it_interval)
7210                     || copy_to_user_timeval(arg2 + sizeof(struct target_timeval),
7211                                             &value.it_value))
7212                     goto efault;
7213             }
7214         }
7215         break;
7216     case TARGET_NR_stat:
7217         if (!(p = lock_user_string(arg1)))
7218             goto efault;
7219         ret = get_errno(stat(path(p), &st));
7220         unlock_user(p, arg1, 0);
7221         goto do_stat;
7222     case TARGET_NR_lstat:
7223         if (!(p = lock_user_string(arg1)))
7224             goto efault;
7225         ret = get_errno(lstat(path(p), &st));
7226         unlock_user(p, arg1, 0);
7227         goto do_stat;
7228     case TARGET_NR_fstat:
7229         {
7230             ret = get_errno(fstat(arg1, &st));
7231         do_stat:
7232             if (!is_error(ret)) {
7233                 struct target_stat *target_st;
7234 
7235                 if (!lock_user_struct(VERIFY_WRITE, target_st, arg2, 0))
7236                     goto efault;
7237                 memset(target_st, 0, sizeof(*target_st));
7238                 __put_user(st.st_dev, &target_st->st_dev);
7239                 __put_user(st.st_ino, &target_st->st_ino);
7240                 __put_user(st.st_mode, &target_st->st_mode);
7241                 __put_user(st.st_uid, &target_st->st_uid);
7242                 __put_user(st.st_gid, &target_st->st_gid);
7243                 __put_user(st.st_nlink, &target_st->st_nlink);
7244                 __put_user(st.st_rdev, &target_st->st_rdev);
7245                 __put_user(st.st_size, &target_st->st_size);
7246                 __put_user(st.st_blksize, &target_st->st_blksize);
7247                 __put_user(st.st_blocks, &target_st->st_blocks);
7248                 __put_user(st.st_atime, &target_st->target_st_atime);
7249                 __put_user(st.st_mtime, &target_st->target_st_mtime);
7250                 __put_user(st.st_ctime, &target_st->target_st_ctime);
7251                 unlock_user_struct(target_st, arg2, 1);
7252             }
7253         }
7254         break;
7255 #ifdef TARGET_NR_olduname
7256     case TARGET_NR_olduname:
7257         goto unimplemented;
7258 #endif
7259 #ifdef TARGET_NR_iopl
7260     case TARGET_NR_iopl:
7261         goto unimplemented;
7262 #endif
7263     case TARGET_NR_vhangup:
7264         ret = get_errno(vhangup());
7265         break;
7266 #ifdef TARGET_NR_idle
7267     case TARGET_NR_idle:
7268         goto unimplemented;
7269 #endif
7270 #ifdef TARGET_NR_syscall
7271     case TARGET_NR_syscall:
7272         ret = do_syscall(cpu_env, arg1 & 0xffff, arg2, arg3, arg4, arg5,
7273                          arg6, arg7, arg8, 0);
7274         break;
7275 #endif
7276     case TARGET_NR_wait4:
7277         {
7278             int status;
7279             abi_long status_ptr = arg2;
7280             struct rusage rusage, *rusage_ptr;
7281             abi_ulong target_rusage = arg4;
7282             abi_long rusage_err;
7283             if (target_rusage)
7284                 rusage_ptr = &rusage;
7285             else
7286                 rusage_ptr = NULL;
7287             ret = get_errno(wait4(arg1, &status, arg3, rusage_ptr));
7288             if (!is_error(ret)) {
7289                 if (status_ptr && ret) {
7290                     status = host_to_target_waitstatus(status);
7291                     if (put_user_s32(status, status_ptr))
7292                         goto efault;
7293                 }
7294                 if (target_rusage) {
7295                     rusage_err = host_to_target_rusage(target_rusage, &rusage);
7296                     if (rusage_err) {
7297                         ret = rusage_err;
7298                     }
7299                 }
7300             }
7301         }
7302         break;
7303 #ifdef TARGET_NR_swapoff
7304     case TARGET_NR_swapoff:
7305         if (!(p = lock_user_string(arg1)))
7306             goto efault;
7307         ret = get_errno(swapoff(p));
7308         unlock_user(p, arg1, 0);
7309         break;
7310 #endif
7311     case TARGET_NR_sysinfo:
7312         {
7313             struct target_sysinfo *target_value;
7314             struct sysinfo value;
7315             ret = get_errno(sysinfo(&value));
7316             if (!is_error(ret) && arg1)
7317             {
7318                 if (!lock_user_struct(VERIFY_WRITE, target_value, arg1, 0))
7319                     goto efault;
7320                 __put_user(value.uptime, &target_value->uptime);
7321                 __put_user(value.loads[0], &target_value->loads[0]);
7322                 __put_user(value.loads[1], &target_value->loads[1]);
7323                 __put_user(value.loads[2], &target_value->loads[2]);
7324                 __put_user(value.totalram, &target_value->totalram);
7325                 __put_user(value.freeram, &target_value->freeram);
7326                 __put_user(value.sharedram, &target_value->sharedram);
7327                 __put_user(value.bufferram, &target_value->bufferram);
7328                 __put_user(value.totalswap, &target_value->totalswap);
7329                 __put_user(value.freeswap, &target_value->freeswap);
7330                 __put_user(value.procs, &target_value->procs);
7331                 __put_user(value.totalhigh, &target_value->totalhigh);
7332                 __put_user(value.freehigh, &target_value->freehigh);
7333                 __put_user(value.mem_unit, &target_value->mem_unit);
7334                 unlock_user_struct(target_value, arg1, 1);
7335             }
7336         }
7337         break;
7338 #ifdef TARGET_NR_ipc
7339     case TARGET_NR_ipc:
7340 	ret = do_ipc(arg1, arg2, arg3, arg4, arg5, arg6);
7341 	break;
7342 #endif
7343 #ifdef TARGET_NR_semget
7344     case TARGET_NR_semget:
7345         ret = get_errno(semget(arg1, arg2, arg3));
7346         break;
7347 #endif
7348 #ifdef TARGET_NR_semop
7349     case TARGET_NR_semop:
7350         ret = do_semop(arg1, arg2, arg3);
7351         break;
7352 #endif
7353 #ifdef TARGET_NR_semctl
7354     case TARGET_NR_semctl:
7355         ret = do_semctl(arg1, arg2, arg3, (union target_semun)(abi_ulong)arg4);
7356         break;
7357 #endif
7358 #ifdef TARGET_NR_msgctl
7359     case TARGET_NR_msgctl:
7360         ret = do_msgctl(arg1, arg2, arg3);
7361         break;
7362 #endif
7363 #ifdef TARGET_NR_msgget
7364     case TARGET_NR_msgget:
7365         ret = get_errno(msgget(arg1, arg2));
7366         break;
7367 #endif
7368 #ifdef TARGET_NR_msgrcv
7369     case TARGET_NR_msgrcv:
7370         ret = do_msgrcv(arg1, arg2, arg3, arg4, arg5);
7371         break;
7372 #endif
7373 #ifdef TARGET_NR_msgsnd
7374     case TARGET_NR_msgsnd:
7375         ret = do_msgsnd(arg1, arg2, arg3, arg4);
7376         break;
7377 #endif
7378 #ifdef TARGET_NR_shmget
7379     case TARGET_NR_shmget:
7380         ret = get_errno(shmget(arg1, arg2, arg3));
7381         break;
7382 #endif
7383 #ifdef TARGET_NR_shmctl
7384     case TARGET_NR_shmctl:
7385         ret = do_shmctl(arg1, arg2, arg3);
7386         break;
7387 #endif
7388 #ifdef TARGET_NR_shmat
7389     case TARGET_NR_shmat:
7390         ret = do_shmat(arg1, arg2, arg3);
7391         break;
7392 #endif
7393 #ifdef TARGET_NR_shmdt
7394     case TARGET_NR_shmdt:
7395         ret = do_shmdt(arg1);
7396         break;
7397 #endif
7398     case TARGET_NR_fsync:
7399         ret = get_errno(fsync(arg1));
7400         break;
7401     case TARGET_NR_clone:
7402         /* Linux manages to have three different orderings for its
7403          * arguments to clone(); the BACKWARDS and BACKWARDS2 defines
7404          * match the kernel's CONFIG_CLONE_* settings.
7405          * Microblaze is further special in that it uses a sixth
7406          * implicit argument to clone for the TLS pointer.
7407          */
7408 #if defined(TARGET_MICROBLAZE)
7409         ret = get_errno(do_fork(cpu_env, arg1, arg2, arg4, arg6, arg5));
7410 #elif defined(TARGET_CLONE_BACKWARDS)
7411         ret = get_errno(do_fork(cpu_env, arg1, arg2, arg3, arg4, arg5));
7412 #elif defined(TARGET_CLONE_BACKWARDS2)
7413         ret = get_errno(do_fork(cpu_env, arg2, arg1, arg3, arg5, arg4));
7414 #else
7415         ret = get_errno(do_fork(cpu_env, arg1, arg2, arg3, arg5, arg4));
7416 #endif
7417         break;
7418 #ifdef __NR_exit_group
7419         /* new thread calls */
7420     case TARGET_NR_exit_group:
7421 #ifdef TARGET_GPROF
7422         _mcleanup();
7423 #endif
7424         gdb_exit(cpu_env, arg1);
7425         ret = get_errno(exit_group(arg1));
7426         break;
7427 #endif
7428     case TARGET_NR_setdomainname:
7429         if (!(p = lock_user_string(arg1)))
7430             goto efault;
7431         ret = get_errno(setdomainname(p, arg2));
7432         unlock_user(p, arg1, 0);
7433         break;
7434     case TARGET_NR_uname:
7435         /* no need to transcode because we use the linux syscall */
7436         {
7437             struct new_utsname * buf;
7438 
7439             if (!lock_user_struct(VERIFY_WRITE, buf, arg1, 0))
7440                 goto efault;
7441             ret = get_errno(sys_uname(buf));
7442             if (!is_error(ret)) {
7443                 /* Overrite the native machine name with whatever is being
7444                    emulated. */
7445                 strcpy (buf->machine, cpu_to_uname_machine(cpu_env));
7446                 /* Allow the user to override the reported release.  */
7447                 if (qemu_uname_release && *qemu_uname_release)
7448                   strcpy (buf->release, qemu_uname_release);
7449             }
7450             unlock_user_struct(buf, arg1, 1);
7451         }
7452         break;
7453 #ifdef TARGET_I386
7454     case TARGET_NR_modify_ldt:
7455         ret = do_modify_ldt(cpu_env, arg1, arg2, arg3);
7456         break;
7457 #if !defined(TARGET_X86_64)
7458     case TARGET_NR_vm86old:
7459         goto unimplemented;
7460     case TARGET_NR_vm86:
7461         ret = do_vm86(cpu_env, arg1, arg2);
7462         break;
7463 #endif
7464 #endif
7465     case TARGET_NR_adjtimex:
7466         goto unimplemented;
7467 #ifdef TARGET_NR_create_module
7468     case TARGET_NR_create_module:
7469 #endif
7470     case TARGET_NR_init_module:
7471     case TARGET_NR_delete_module:
7472 #ifdef TARGET_NR_get_kernel_syms
7473     case TARGET_NR_get_kernel_syms:
7474 #endif
7475         goto unimplemented;
7476     case TARGET_NR_quotactl:
7477         goto unimplemented;
7478     case TARGET_NR_getpgid:
7479         ret = get_errno(getpgid(arg1));
7480         break;
7481     case TARGET_NR_fchdir:
7482         ret = get_errno(fchdir(arg1));
7483         break;
7484 #ifdef TARGET_NR_bdflush /* not on x86_64 */
7485     case TARGET_NR_bdflush:
7486         goto unimplemented;
7487 #endif
7488 #ifdef TARGET_NR_sysfs
7489     case TARGET_NR_sysfs:
7490         goto unimplemented;
7491 #endif
7492     case TARGET_NR_personality:
7493         ret = get_errno(personality(arg1));
7494         break;
7495 #ifdef TARGET_NR_afs_syscall
7496     case TARGET_NR_afs_syscall:
7497         goto unimplemented;
7498 #endif
7499 #ifdef TARGET_NR__llseek /* Not on alpha */
7500     case TARGET_NR__llseek:
7501         {
7502             int64_t res;
7503 #if !defined(__NR_llseek)
7504             res = lseek(arg1, ((uint64_t)arg2 << 32) | arg3, arg5);
7505             if (res == -1) {
7506                 ret = get_errno(res);
7507             } else {
7508                 ret = 0;
7509             }
7510 #else
7511             ret = get_errno(_llseek(arg1, arg2, arg3, &res, arg5));
7512 #endif
7513             if ((ret == 0) && put_user_s64(res, arg4)) {
7514                 goto efault;
7515             }
7516         }
7517         break;
7518 #endif
7519     case TARGET_NR_getdents:
7520 #ifdef __NR_getdents
7521 #if TARGET_ABI_BITS == 32 && HOST_LONG_BITS == 64
7522         {
7523             struct target_dirent *target_dirp;
7524             struct linux_dirent *dirp;
7525             abi_long count = arg3;
7526 
7527 	    dirp = malloc(count);
7528 	    if (!dirp) {
7529                 ret = -TARGET_ENOMEM;
7530                 goto fail;
7531             }
7532 
7533             ret = get_errno(sys_getdents(arg1, dirp, count));
7534             if (!is_error(ret)) {
7535                 struct linux_dirent *de;
7536 		struct target_dirent *tde;
7537                 int len = ret;
7538                 int reclen, treclen;
7539 		int count1, tnamelen;
7540 
7541 		count1 = 0;
7542                 de = dirp;
7543                 if (!(target_dirp = lock_user(VERIFY_WRITE, arg2, count, 0)))
7544                     goto efault;
7545 		tde = target_dirp;
7546                 while (len > 0) {
7547                     reclen = de->d_reclen;
7548                     tnamelen = reclen - offsetof(struct linux_dirent, d_name);
7549                     assert(tnamelen >= 0);
7550                     treclen = tnamelen + offsetof(struct target_dirent, d_name);
7551                     assert(count1 + treclen <= count);
7552                     tde->d_reclen = tswap16(treclen);
7553                     tde->d_ino = tswapal(de->d_ino);
7554                     tde->d_off = tswapal(de->d_off);
7555                     memcpy(tde->d_name, de->d_name, tnamelen);
7556                     de = (struct linux_dirent *)((char *)de + reclen);
7557                     len -= reclen;
7558                     tde = (struct target_dirent *)((char *)tde + treclen);
7559 		    count1 += treclen;
7560                 }
7561 		ret = count1;
7562                 unlock_user(target_dirp, arg2, ret);
7563             }
7564 	    free(dirp);
7565         }
7566 #else
7567         {
7568             struct linux_dirent *dirp;
7569             abi_long count = arg3;
7570 
7571             if (!(dirp = lock_user(VERIFY_WRITE, arg2, count, 0)))
7572                 goto efault;
7573             ret = get_errno(sys_getdents(arg1, dirp, count));
7574             if (!is_error(ret)) {
7575                 struct linux_dirent *de;
7576                 int len = ret;
7577                 int reclen;
7578                 de = dirp;
7579                 while (len > 0) {
7580                     reclen = de->d_reclen;
7581                     if (reclen > len)
7582                         break;
7583                     de->d_reclen = tswap16(reclen);
7584                     tswapls(&de->d_ino);
7585                     tswapls(&de->d_off);
7586                     de = (struct linux_dirent *)((char *)de + reclen);
7587                     len -= reclen;
7588                 }
7589             }
7590             unlock_user(dirp, arg2, ret);
7591         }
7592 #endif
7593 #else
7594         /* Implement getdents in terms of getdents64 */
7595         {
7596             struct linux_dirent64 *dirp;
7597             abi_long count = arg3;
7598 
7599             dirp = lock_user(VERIFY_WRITE, arg2, count, 0);
7600             if (!dirp) {
7601                 goto efault;
7602             }
7603             ret = get_errno(sys_getdents64(arg1, dirp, count));
7604             if (!is_error(ret)) {
7605                 /* Convert the dirent64 structs to target dirent.  We do this
7606                  * in-place, since we can guarantee that a target_dirent is no
7607                  * larger than a dirent64; however this means we have to be
7608                  * careful to read everything before writing in the new format.
7609                  */
7610                 struct linux_dirent64 *de;
7611                 struct target_dirent *tde;
7612                 int len = ret;
7613                 int tlen = 0;
7614 
7615                 de = dirp;
7616                 tde = (struct target_dirent *)dirp;
7617                 while (len > 0) {
7618                     int namelen, treclen;
7619                     int reclen = de->d_reclen;
7620                     uint64_t ino = de->d_ino;
7621                     int64_t off = de->d_off;
7622                     uint8_t type = de->d_type;
7623 
7624                     namelen = strlen(de->d_name);
7625                     treclen = offsetof(struct target_dirent, d_name)
7626                         + namelen + 2;
7627                     treclen = QEMU_ALIGN_UP(treclen, sizeof(abi_long));
7628 
7629                     memmove(tde->d_name, de->d_name, namelen + 1);
7630                     tde->d_ino = tswapal(ino);
7631                     tde->d_off = tswapal(off);
7632                     tde->d_reclen = tswap16(treclen);
7633                     /* The target_dirent type is in what was formerly a padding
7634                      * byte at the end of the structure:
7635                      */
7636                     *(((char *)tde) + treclen - 1) = type;
7637 
7638                     de = (struct linux_dirent64 *)((char *)de + reclen);
7639                     tde = (struct target_dirent *)((char *)tde + treclen);
7640                     len -= reclen;
7641                     tlen += treclen;
7642                 }
7643                 ret = tlen;
7644             }
7645             unlock_user(dirp, arg2, ret);
7646         }
7647 #endif
7648         break;
7649 #if defined(TARGET_NR_getdents64) && defined(__NR_getdents64)
7650     case TARGET_NR_getdents64:
7651         {
7652             struct linux_dirent64 *dirp;
7653             abi_long count = arg3;
7654             if (!(dirp = lock_user(VERIFY_WRITE, arg2, count, 0)))
7655                 goto efault;
7656             ret = get_errno(sys_getdents64(arg1, dirp, count));
7657             if (!is_error(ret)) {
7658                 struct linux_dirent64 *de;
7659                 int len = ret;
7660                 int reclen;
7661                 de = dirp;
7662                 while (len > 0) {
7663                     reclen = de->d_reclen;
7664                     if (reclen > len)
7665                         break;
7666                     de->d_reclen = tswap16(reclen);
7667                     tswap64s((uint64_t *)&de->d_ino);
7668                     tswap64s((uint64_t *)&de->d_off);
7669                     de = (struct linux_dirent64 *)((char *)de + reclen);
7670                     len -= reclen;
7671                 }
7672             }
7673             unlock_user(dirp, arg2, ret);
7674         }
7675         break;
7676 #endif /* TARGET_NR_getdents64 */
7677 #if defined(TARGET_NR__newselect)
7678     case TARGET_NR__newselect:
7679         ret = do_select(arg1, arg2, arg3, arg4, arg5);
7680         break;
7681 #endif
7682 #if defined(TARGET_NR_poll) || defined(TARGET_NR_ppoll)
7683 # ifdef TARGET_NR_poll
7684     case TARGET_NR_poll:
7685 # endif
7686 # ifdef TARGET_NR_ppoll
7687     case TARGET_NR_ppoll:
7688 # endif
7689         {
7690             struct target_pollfd *target_pfd;
7691             unsigned int nfds = arg2;
7692             int timeout = arg3;
7693             struct pollfd *pfd;
7694             unsigned int i;
7695 
7696             target_pfd = lock_user(VERIFY_WRITE, arg1, sizeof(struct target_pollfd) * nfds, 1);
7697             if (!target_pfd)
7698                 goto efault;
7699 
7700             pfd = alloca(sizeof(struct pollfd) * nfds);
7701             for(i = 0; i < nfds; i++) {
7702                 pfd[i].fd = tswap32(target_pfd[i].fd);
7703                 pfd[i].events = tswap16(target_pfd[i].events);
7704             }
7705 
7706 # ifdef TARGET_NR_ppoll
7707             if (num == TARGET_NR_ppoll) {
7708                 struct timespec _timeout_ts, *timeout_ts = &_timeout_ts;
7709                 target_sigset_t *target_set;
7710                 sigset_t _set, *set = &_set;
7711 
7712                 if (arg3) {
7713                     if (target_to_host_timespec(timeout_ts, arg3)) {
7714                         unlock_user(target_pfd, arg1, 0);
7715                         goto efault;
7716                     }
7717                 } else {
7718                     timeout_ts = NULL;
7719                 }
7720 
7721                 if (arg4) {
7722                     target_set = lock_user(VERIFY_READ, arg4, sizeof(target_sigset_t), 1);
7723                     if (!target_set) {
7724                         unlock_user(target_pfd, arg1, 0);
7725                         goto efault;
7726                     }
7727                     target_to_host_sigset(set, target_set);
7728                 } else {
7729                     set = NULL;
7730                 }
7731 
7732                 ret = get_errno(sys_ppoll(pfd, nfds, timeout_ts, set, _NSIG/8));
7733 
7734                 if (!is_error(ret) && arg3) {
7735                     host_to_target_timespec(arg3, timeout_ts);
7736                 }
7737                 if (arg4) {
7738                     unlock_user(target_set, arg4, 0);
7739                 }
7740             } else
7741 # endif
7742                 ret = get_errno(poll(pfd, nfds, timeout));
7743 
7744             if (!is_error(ret)) {
7745                 for(i = 0; i < nfds; i++) {
7746                     target_pfd[i].revents = tswap16(pfd[i].revents);
7747                 }
7748             }
7749             unlock_user(target_pfd, arg1, sizeof(struct target_pollfd) * nfds);
7750         }
7751         break;
7752 #endif
7753     case TARGET_NR_flock:
7754         /* NOTE: the flock constant seems to be the same for every
7755            Linux platform */
7756         ret = get_errno(flock(arg1, arg2));
7757         break;
7758     case TARGET_NR_readv:
7759         {
7760             struct iovec *vec = lock_iovec(VERIFY_WRITE, arg2, arg3, 0);
7761             if (vec != NULL) {
7762                 ret = get_errno(readv(arg1, vec, arg3));
7763                 unlock_iovec(vec, arg2, arg3, 1);
7764             } else {
7765                 ret = -host_to_target_errno(errno);
7766             }
7767         }
7768         break;
7769     case TARGET_NR_writev:
7770         {
7771             struct iovec *vec = lock_iovec(VERIFY_READ, arg2, arg3, 1);
7772             if (vec != NULL) {
7773                 ret = get_errno(writev(arg1, vec, arg3));
7774                 unlock_iovec(vec, arg2, arg3, 0);
7775             } else {
7776                 ret = -host_to_target_errno(errno);
7777             }
7778         }
7779         break;
7780     case TARGET_NR_getsid:
7781         ret = get_errno(getsid(arg1));
7782         break;
7783 #if defined(TARGET_NR_fdatasync) /* Not on alpha (osf_datasync ?) */
7784     case TARGET_NR_fdatasync:
7785         ret = get_errno(fdatasync(arg1));
7786         break;
7787 #endif
7788     case TARGET_NR__sysctl:
7789         /* We don't implement this, but ENOTDIR is always a safe
7790            return value. */
7791         ret = -TARGET_ENOTDIR;
7792         break;
7793     case TARGET_NR_sched_getaffinity:
7794         {
7795             unsigned int mask_size;
7796             unsigned long *mask;
7797 
7798             /*
7799              * sched_getaffinity needs multiples of ulong, so need to take
7800              * care of mismatches between target ulong and host ulong sizes.
7801              */
7802             if (arg2 & (sizeof(abi_ulong) - 1)) {
7803                 ret = -TARGET_EINVAL;
7804                 break;
7805             }
7806             mask_size = (arg2 + (sizeof(*mask) - 1)) & ~(sizeof(*mask) - 1);
7807 
7808             mask = alloca(mask_size);
7809             ret = get_errno(sys_sched_getaffinity(arg1, mask_size, mask));
7810 
7811             if (!is_error(ret)) {
7812                 if (ret > arg2) {
7813                     /* More data returned than the caller's buffer will fit.
7814                      * This only happens if sizeof(abi_long) < sizeof(long)
7815                      * and the caller passed us a buffer holding an odd number
7816                      * of abi_longs. If the host kernel is actually using the
7817                      * extra 4 bytes then fail EINVAL; otherwise we can just
7818                      * ignore them and only copy the interesting part.
7819                      */
7820                     int numcpus = sysconf(_SC_NPROCESSORS_CONF);
7821                     if (numcpus > arg2 * 8) {
7822                         ret = -TARGET_EINVAL;
7823                         break;
7824                     }
7825                     ret = arg2;
7826                 }
7827 
7828                 if (copy_to_user(arg3, mask, ret)) {
7829                     goto efault;
7830                 }
7831             }
7832         }
7833         break;
7834     case TARGET_NR_sched_setaffinity:
7835         {
7836             unsigned int mask_size;
7837             unsigned long *mask;
7838 
7839             /*
7840              * sched_setaffinity needs multiples of ulong, so need to take
7841              * care of mismatches between target ulong and host ulong sizes.
7842              */
7843             if (arg2 & (sizeof(abi_ulong) - 1)) {
7844                 ret = -TARGET_EINVAL;
7845                 break;
7846             }
7847             mask_size = (arg2 + (sizeof(*mask) - 1)) & ~(sizeof(*mask) - 1);
7848 
7849             mask = alloca(mask_size);
7850             if (!lock_user_struct(VERIFY_READ, p, arg3, 1)) {
7851                 goto efault;
7852             }
7853             memcpy(mask, p, arg2);
7854             unlock_user_struct(p, arg2, 0);
7855 
7856             ret = get_errno(sys_sched_setaffinity(arg1, mask_size, mask));
7857         }
7858         break;
7859     case TARGET_NR_sched_setparam:
7860         {
7861             struct sched_param *target_schp;
7862             struct sched_param schp;
7863 
7864             if (arg2 == 0) {
7865                 return -TARGET_EINVAL;
7866             }
7867             if (!lock_user_struct(VERIFY_READ, target_schp, arg2, 1))
7868                 goto efault;
7869             schp.sched_priority = tswap32(target_schp->sched_priority);
7870             unlock_user_struct(target_schp, arg2, 0);
7871             ret = get_errno(sched_setparam(arg1, &schp));
7872         }
7873         break;
7874     case TARGET_NR_sched_getparam:
7875         {
7876             struct sched_param *target_schp;
7877             struct sched_param schp;
7878 
7879             if (arg2 == 0) {
7880                 return -TARGET_EINVAL;
7881             }
7882             ret = get_errno(sched_getparam(arg1, &schp));
7883             if (!is_error(ret)) {
7884                 if (!lock_user_struct(VERIFY_WRITE, target_schp, arg2, 0))
7885                     goto efault;
7886                 target_schp->sched_priority = tswap32(schp.sched_priority);
7887                 unlock_user_struct(target_schp, arg2, 1);
7888             }
7889         }
7890         break;
7891     case TARGET_NR_sched_setscheduler:
7892         {
7893             struct sched_param *target_schp;
7894             struct sched_param schp;
7895             if (arg3 == 0) {
7896                 return -TARGET_EINVAL;
7897             }
7898             if (!lock_user_struct(VERIFY_READ, target_schp, arg3, 1))
7899                 goto efault;
7900             schp.sched_priority = tswap32(target_schp->sched_priority);
7901             unlock_user_struct(target_schp, arg3, 0);
7902             ret = get_errno(sched_setscheduler(arg1, arg2, &schp));
7903         }
7904         break;
7905     case TARGET_NR_sched_getscheduler:
7906         ret = get_errno(sched_getscheduler(arg1));
7907         break;
7908     case TARGET_NR_sched_yield:
7909         ret = get_errno(sched_yield());
7910         break;
7911     case TARGET_NR_sched_get_priority_max:
7912         ret = get_errno(sched_get_priority_max(arg1));
7913         break;
7914     case TARGET_NR_sched_get_priority_min:
7915         ret = get_errno(sched_get_priority_min(arg1));
7916         break;
7917     case TARGET_NR_sched_rr_get_interval:
7918         {
7919             struct timespec ts;
7920             ret = get_errno(sched_rr_get_interval(arg1, &ts));
7921             if (!is_error(ret)) {
7922                 ret = host_to_target_timespec(arg2, &ts);
7923             }
7924         }
7925         break;
7926     case TARGET_NR_nanosleep:
7927         {
7928             struct timespec req, rem;
7929             target_to_host_timespec(&req, arg1);
7930             ret = get_errno(nanosleep(&req, &rem));
7931             if (is_error(ret) && arg2) {
7932                 host_to_target_timespec(arg2, &rem);
7933             }
7934         }
7935         break;
7936 #ifdef TARGET_NR_query_module
7937     case TARGET_NR_query_module:
7938         goto unimplemented;
7939 #endif
7940 #ifdef TARGET_NR_nfsservctl
7941     case TARGET_NR_nfsservctl:
7942         goto unimplemented;
7943 #endif
7944     case TARGET_NR_prctl:
7945         switch (arg1) {
7946         case PR_GET_PDEATHSIG:
7947         {
7948             int deathsig;
7949             ret = get_errno(prctl(arg1, &deathsig, arg3, arg4, arg5));
7950             if (!is_error(ret) && arg2
7951                 && put_user_ual(deathsig, arg2)) {
7952                 goto efault;
7953             }
7954             break;
7955         }
7956 #ifdef PR_GET_NAME
7957         case PR_GET_NAME:
7958         {
7959             void *name = lock_user(VERIFY_WRITE, arg2, 16, 1);
7960             if (!name) {
7961                 goto efault;
7962             }
7963             ret = get_errno(prctl(arg1, (unsigned long)name,
7964                                   arg3, arg4, arg5));
7965             unlock_user(name, arg2, 16);
7966             break;
7967         }
7968         case PR_SET_NAME:
7969         {
7970             void *name = lock_user(VERIFY_READ, arg2, 16, 1);
7971             if (!name) {
7972                 goto efault;
7973             }
7974             ret = get_errno(prctl(arg1, (unsigned long)name,
7975                                   arg3, arg4, arg5));
7976             unlock_user(name, arg2, 0);
7977             break;
7978         }
7979 #endif
7980         default:
7981             /* Most prctl options have no pointer arguments */
7982             ret = get_errno(prctl(arg1, arg2, arg3, arg4, arg5));
7983             break;
7984         }
7985         break;
7986 #ifdef TARGET_NR_arch_prctl
7987     case TARGET_NR_arch_prctl:
7988 #if defined(TARGET_I386) && !defined(TARGET_ABI32)
7989         ret = do_arch_prctl(cpu_env, arg1, arg2);
7990         break;
7991 #else
7992         goto unimplemented;
7993 #endif
7994 #endif
7995 #ifdef TARGET_NR_pread64
7996     case TARGET_NR_pread64:
7997         if (regpairs_aligned(cpu_env)) {
7998             arg4 = arg5;
7999             arg5 = arg6;
8000         }
8001         if (!(p = lock_user(VERIFY_WRITE, arg2, arg3, 0)))
8002             goto efault;
8003         ret = get_errno(pread64(arg1, p, arg3, target_offset64(arg4, arg5)));
8004         unlock_user(p, arg2, ret);
8005         break;
8006     case TARGET_NR_pwrite64:
8007         if (regpairs_aligned(cpu_env)) {
8008             arg4 = arg5;
8009             arg5 = arg6;
8010         }
8011         if (!(p = lock_user(VERIFY_READ, arg2, arg3, 1)))
8012             goto efault;
8013         ret = get_errno(pwrite64(arg1, p, arg3, target_offset64(arg4, arg5)));
8014         unlock_user(p, arg2, 0);
8015         break;
8016 #endif
8017     case TARGET_NR_getcwd:
8018         if (!(p = lock_user(VERIFY_WRITE, arg1, arg2, 0)))
8019             goto efault;
8020         ret = get_errno(sys_getcwd1(p, arg2));
8021         unlock_user(p, arg1, ret);
8022         break;
8023     case TARGET_NR_capget:
8024     case TARGET_NR_capset:
8025     {
8026         struct target_user_cap_header *target_header;
8027         struct target_user_cap_data *target_data = NULL;
8028         struct __user_cap_header_struct header;
8029         struct __user_cap_data_struct data[2];
8030         struct __user_cap_data_struct *dataptr = NULL;
8031         int i, target_datalen;
8032         int data_items = 1;
8033 
8034         if (!lock_user_struct(VERIFY_WRITE, target_header, arg1, 1)) {
8035             goto efault;
8036         }
8037         header.version = tswap32(target_header->version);
8038         header.pid = tswap32(target_header->pid);
8039 
8040         if (header.version != _LINUX_CAPABILITY_VERSION) {
8041             /* Version 2 and up takes pointer to two user_data structs */
8042             data_items = 2;
8043         }
8044 
8045         target_datalen = sizeof(*target_data) * data_items;
8046 
8047         if (arg2) {
8048             if (num == TARGET_NR_capget) {
8049                 target_data = lock_user(VERIFY_WRITE, arg2, target_datalen, 0);
8050             } else {
8051                 target_data = lock_user(VERIFY_READ, arg2, target_datalen, 1);
8052             }
8053             if (!target_data) {
8054                 unlock_user_struct(target_header, arg1, 0);
8055                 goto efault;
8056             }
8057 
8058             if (num == TARGET_NR_capset) {
8059                 for (i = 0; i < data_items; i++) {
8060                     data[i].effective = tswap32(target_data[i].effective);
8061                     data[i].permitted = tswap32(target_data[i].permitted);
8062                     data[i].inheritable = tswap32(target_data[i].inheritable);
8063                 }
8064             }
8065 
8066             dataptr = data;
8067         }
8068 
8069         if (num == TARGET_NR_capget) {
8070             ret = get_errno(capget(&header, dataptr));
8071         } else {
8072             ret = get_errno(capset(&header, dataptr));
8073         }
8074 
8075         /* The kernel always updates version for both capget and capset */
8076         target_header->version = tswap32(header.version);
8077         unlock_user_struct(target_header, arg1, 1);
8078 
8079         if (arg2) {
8080             if (num == TARGET_NR_capget) {
8081                 for (i = 0; i < data_items; i++) {
8082                     target_data[i].effective = tswap32(data[i].effective);
8083                     target_data[i].permitted = tswap32(data[i].permitted);
8084                     target_data[i].inheritable = tswap32(data[i].inheritable);
8085                 }
8086                 unlock_user(target_data, arg2, target_datalen);
8087             } else {
8088                 unlock_user(target_data, arg2, 0);
8089             }
8090         }
8091         break;
8092     }
8093     case TARGET_NR_sigaltstack:
8094 #if defined(TARGET_I386) || defined(TARGET_ARM) || defined(TARGET_MIPS) || \
8095     defined(TARGET_SPARC) || defined(TARGET_PPC) || defined(TARGET_ALPHA) || \
8096     defined(TARGET_M68K) || defined(TARGET_S390X) || defined(TARGET_OPENRISC)
8097         ret = do_sigaltstack(arg1, arg2, get_sp_from_cpustate((CPUArchState *)cpu_env));
8098         break;
8099 #else
8100         goto unimplemented;
8101 #endif
8102 
8103 #ifdef CONFIG_SENDFILE
8104     case TARGET_NR_sendfile:
8105     {
8106         off_t *offp = NULL;
8107         off_t off;
8108         if (arg3) {
8109             ret = get_user_sal(off, arg3);
8110             if (is_error(ret)) {
8111                 break;
8112             }
8113             offp = &off;
8114         }
8115         ret = get_errno(sendfile(arg1, arg2, offp, arg4));
8116         if (!is_error(ret) && arg3) {
8117             abi_long ret2 = put_user_sal(off, arg3);
8118             if (is_error(ret2)) {
8119                 ret = ret2;
8120             }
8121         }
8122         break;
8123     }
8124 #ifdef TARGET_NR_sendfile64
8125     case TARGET_NR_sendfile64:
8126     {
8127         off_t *offp = NULL;
8128         off_t off;
8129         if (arg3) {
8130             ret = get_user_s64(off, arg3);
8131             if (is_error(ret)) {
8132                 break;
8133             }
8134             offp = &off;
8135         }
8136         ret = get_errno(sendfile(arg1, arg2, offp, arg4));
8137         if (!is_error(ret) && arg3) {
8138             abi_long ret2 = put_user_s64(off, arg3);
8139             if (is_error(ret2)) {
8140                 ret = ret2;
8141             }
8142         }
8143         break;
8144     }
8145 #endif
8146 #else
8147     case TARGET_NR_sendfile:
8148 #ifdef TARGET_NR_sendfile64
8149     case TARGET_NR_sendfile64:
8150 #endif
8151         goto unimplemented;
8152 #endif
8153 
8154 #ifdef TARGET_NR_getpmsg
8155     case TARGET_NR_getpmsg:
8156         goto unimplemented;
8157 #endif
8158 #ifdef TARGET_NR_putpmsg
8159     case TARGET_NR_putpmsg:
8160         goto unimplemented;
8161 #endif
8162 #ifdef TARGET_NR_vfork
8163     case TARGET_NR_vfork:
8164         ret = get_errno(do_fork(cpu_env, CLONE_VFORK | CLONE_VM | SIGCHLD,
8165                         0, 0, 0, 0));
8166         break;
8167 #endif
8168 #ifdef TARGET_NR_ugetrlimit
8169     case TARGET_NR_ugetrlimit:
8170     {
8171 	struct rlimit rlim;
8172 	int resource = target_to_host_resource(arg1);
8173 	ret = get_errno(getrlimit(resource, &rlim));
8174 	if (!is_error(ret)) {
8175 	    struct target_rlimit *target_rlim;
8176             if (!lock_user_struct(VERIFY_WRITE, target_rlim, arg2, 0))
8177                 goto efault;
8178 	    target_rlim->rlim_cur = host_to_target_rlim(rlim.rlim_cur);
8179 	    target_rlim->rlim_max = host_to_target_rlim(rlim.rlim_max);
8180             unlock_user_struct(target_rlim, arg2, 1);
8181 	}
8182 	break;
8183     }
8184 #endif
8185 #ifdef TARGET_NR_truncate64
8186     case TARGET_NR_truncate64:
8187         if (!(p = lock_user_string(arg1)))
8188             goto efault;
8189 	ret = target_truncate64(cpu_env, p, arg2, arg3, arg4);
8190         unlock_user(p, arg1, 0);
8191 	break;
8192 #endif
8193 #ifdef TARGET_NR_ftruncate64
8194     case TARGET_NR_ftruncate64:
8195 	ret = target_ftruncate64(cpu_env, arg1, arg2, arg3, arg4);
8196 	break;
8197 #endif
8198 #ifdef TARGET_NR_stat64
8199     case TARGET_NR_stat64:
8200         if (!(p = lock_user_string(arg1)))
8201             goto efault;
8202         ret = get_errno(stat(path(p), &st));
8203         unlock_user(p, arg1, 0);
8204         if (!is_error(ret))
8205             ret = host_to_target_stat64(cpu_env, arg2, &st);
8206         break;
8207 #endif
8208 #ifdef TARGET_NR_lstat64
8209     case TARGET_NR_lstat64:
8210         if (!(p = lock_user_string(arg1)))
8211             goto efault;
8212         ret = get_errno(lstat(path(p), &st));
8213         unlock_user(p, arg1, 0);
8214         if (!is_error(ret))
8215             ret = host_to_target_stat64(cpu_env, arg2, &st);
8216         break;
8217 #endif
8218 #ifdef TARGET_NR_fstat64
8219     case TARGET_NR_fstat64:
8220         ret = get_errno(fstat(arg1, &st));
8221         if (!is_error(ret))
8222             ret = host_to_target_stat64(cpu_env, arg2, &st);
8223         break;
8224 #endif
8225 #if (defined(TARGET_NR_fstatat64) || defined(TARGET_NR_newfstatat))
8226 #ifdef TARGET_NR_fstatat64
8227     case TARGET_NR_fstatat64:
8228 #endif
8229 #ifdef TARGET_NR_newfstatat
8230     case TARGET_NR_newfstatat:
8231 #endif
8232         if (!(p = lock_user_string(arg2)))
8233             goto efault;
8234         ret = get_errno(fstatat(arg1, path(p), &st, arg4));
8235         if (!is_error(ret))
8236             ret = host_to_target_stat64(cpu_env, arg3, &st);
8237         break;
8238 #endif
8239     case TARGET_NR_lchown:
8240         if (!(p = lock_user_string(arg1)))
8241             goto efault;
8242         ret = get_errno(lchown(p, low2highuid(arg2), low2highgid(arg3)));
8243         unlock_user(p, arg1, 0);
8244         break;
8245 #ifdef TARGET_NR_getuid
8246     case TARGET_NR_getuid:
8247         ret = get_errno(high2lowuid(getuid()));
8248         break;
8249 #endif
8250 #ifdef TARGET_NR_getgid
8251     case TARGET_NR_getgid:
8252         ret = get_errno(high2lowgid(getgid()));
8253         break;
8254 #endif
8255 #ifdef TARGET_NR_geteuid
8256     case TARGET_NR_geteuid:
8257         ret = get_errno(high2lowuid(geteuid()));
8258         break;
8259 #endif
8260 #ifdef TARGET_NR_getegid
8261     case TARGET_NR_getegid:
8262         ret = get_errno(high2lowgid(getegid()));
8263         break;
8264 #endif
8265     case TARGET_NR_setreuid:
8266         ret = get_errno(setreuid(low2highuid(arg1), low2highuid(arg2)));
8267         break;
8268     case TARGET_NR_setregid:
8269         ret = get_errno(setregid(low2highgid(arg1), low2highgid(arg2)));
8270         break;
8271     case TARGET_NR_getgroups:
8272         {
8273             int gidsetsize = arg1;
8274             target_id *target_grouplist;
8275             gid_t *grouplist;
8276             int i;
8277 
8278             grouplist = alloca(gidsetsize * sizeof(gid_t));
8279             ret = get_errno(getgroups(gidsetsize, grouplist));
8280             if (gidsetsize == 0)
8281                 break;
8282             if (!is_error(ret)) {
8283                 target_grouplist = lock_user(VERIFY_WRITE, arg2, gidsetsize * sizeof(target_id), 0);
8284                 if (!target_grouplist)
8285                     goto efault;
8286                 for(i = 0;i < ret; i++)
8287                     target_grouplist[i] = tswapid(high2lowgid(grouplist[i]));
8288                 unlock_user(target_grouplist, arg2, gidsetsize * sizeof(target_id));
8289             }
8290         }
8291         break;
8292     case TARGET_NR_setgroups:
8293         {
8294             int gidsetsize = arg1;
8295             target_id *target_grouplist;
8296             gid_t *grouplist = NULL;
8297             int i;
8298             if (gidsetsize) {
8299                 grouplist = alloca(gidsetsize * sizeof(gid_t));
8300                 target_grouplist = lock_user(VERIFY_READ, arg2, gidsetsize * sizeof(target_id), 1);
8301                 if (!target_grouplist) {
8302                     ret = -TARGET_EFAULT;
8303                     goto fail;
8304                 }
8305                 for (i = 0; i < gidsetsize; i++) {
8306                     grouplist[i] = low2highgid(tswapid(target_grouplist[i]));
8307                 }
8308                 unlock_user(target_grouplist, arg2, 0);
8309             }
8310             ret = get_errno(setgroups(gidsetsize, grouplist));
8311         }
8312         break;
8313     case TARGET_NR_fchown:
8314         ret = get_errno(fchown(arg1, low2highuid(arg2), low2highgid(arg3)));
8315         break;
8316 #if defined(TARGET_NR_fchownat)
8317     case TARGET_NR_fchownat:
8318         if (!(p = lock_user_string(arg2)))
8319             goto efault;
8320         ret = get_errno(fchownat(arg1, p, low2highuid(arg3),
8321                                  low2highgid(arg4), arg5));
8322         unlock_user(p, arg2, 0);
8323         break;
8324 #endif
8325 #ifdef TARGET_NR_setresuid
8326     case TARGET_NR_setresuid:
8327         ret = get_errno(setresuid(low2highuid(arg1),
8328                                   low2highuid(arg2),
8329                                   low2highuid(arg3)));
8330         break;
8331 #endif
8332 #ifdef TARGET_NR_getresuid
8333     case TARGET_NR_getresuid:
8334         {
8335             uid_t ruid, euid, suid;
8336             ret = get_errno(getresuid(&ruid, &euid, &suid));
8337             if (!is_error(ret)) {
8338                 if (put_user_id(high2lowuid(ruid), arg1)
8339                     || put_user_id(high2lowuid(euid), arg2)
8340                     || put_user_id(high2lowuid(suid), arg3))
8341                     goto efault;
8342             }
8343         }
8344         break;
8345 #endif
8346 #ifdef TARGET_NR_getresgid
8347     case TARGET_NR_setresgid:
8348         ret = get_errno(setresgid(low2highgid(arg1),
8349                                   low2highgid(arg2),
8350                                   low2highgid(arg3)));
8351         break;
8352 #endif
8353 #ifdef TARGET_NR_getresgid
8354     case TARGET_NR_getresgid:
8355         {
8356             gid_t rgid, egid, sgid;
8357             ret = get_errno(getresgid(&rgid, &egid, &sgid));
8358             if (!is_error(ret)) {
8359                 if (put_user_id(high2lowgid(rgid), arg1)
8360                     || put_user_id(high2lowgid(egid), arg2)
8361                     || put_user_id(high2lowgid(sgid), arg3))
8362                     goto efault;
8363             }
8364         }
8365         break;
8366 #endif
8367     case TARGET_NR_chown:
8368         if (!(p = lock_user_string(arg1)))
8369             goto efault;
8370         ret = get_errno(chown(p, low2highuid(arg2), low2highgid(arg3)));
8371         unlock_user(p, arg1, 0);
8372         break;
8373     case TARGET_NR_setuid:
8374         ret = get_errno(setuid(low2highuid(arg1)));
8375         break;
8376     case TARGET_NR_setgid:
8377         ret = get_errno(setgid(low2highgid(arg1)));
8378         break;
8379     case TARGET_NR_setfsuid:
8380         ret = get_errno(setfsuid(arg1));
8381         break;
8382     case TARGET_NR_setfsgid:
8383         ret = get_errno(setfsgid(arg1));
8384         break;
8385 
8386 #ifdef TARGET_NR_lchown32
8387     case TARGET_NR_lchown32:
8388         if (!(p = lock_user_string(arg1)))
8389             goto efault;
8390         ret = get_errno(lchown(p, arg2, arg3));
8391         unlock_user(p, arg1, 0);
8392         break;
8393 #endif
8394 #ifdef TARGET_NR_getuid32
8395     case TARGET_NR_getuid32:
8396         ret = get_errno(getuid());
8397         break;
8398 #endif
8399 
8400 #if defined(TARGET_NR_getxuid) && defined(TARGET_ALPHA)
8401    /* Alpha specific */
8402     case TARGET_NR_getxuid:
8403          {
8404             uid_t euid;
8405             euid=geteuid();
8406             ((CPUAlphaState *)cpu_env)->ir[IR_A4]=euid;
8407          }
8408         ret = get_errno(getuid());
8409         break;
8410 #endif
8411 #if defined(TARGET_NR_getxgid) && defined(TARGET_ALPHA)
8412    /* Alpha specific */
8413     case TARGET_NR_getxgid:
8414          {
8415             uid_t egid;
8416             egid=getegid();
8417             ((CPUAlphaState *)cpu_env)->ir[IR_A4]=egid;
8418          }
8419         ret = get_errno(getgid());
8420         break;
8421 #endif
8422 #if defined(TARGET_NR_osf_getsysinfo) && defined(TARGET_ALPHA)
8423     /* Alpha specific */
8424     case TARGET_NR_osf_getsysinfo:
8425         ret = -TARGET_EOPNOTSUPP;
8426         switch (arg1) {
8427           case TARGET_GSI_IEEE_FP_CONTROL:
8428             {
8429                 uint64_t swcr, fpcr = cpu_alpha_load_fpcr (cpu_env);
8430 
8431                 /* Copied from linux ieee_fpcr_to_swcr.  */
8432                 swcr = (fpcr >> 35) & SWCR_STATUS_MASK;
8433                 swcr |= (fpcr >> 36) & SWCR_MAP_DMZ;
8434                 swcr |= (~fpcr >> 48) & (SWCR_TRAP_ENABLE_INV
8435                                         | SWCR_TRAP_ENABLE_DZE
8436                                         | SWCR_TRAP_ENABLE_OVF);
8437                 swcr |= (~fpcr >> 57) & (SWCR_TRAP_ENABLE_UNF
8438                                         | SWCR_TRAP_ENABLE_INE);
8439                 swcr |= (fpcr >> 47) & SWCR_MAP_UMZ;
8440                 swcr |= (~fpcr >> 41) & SWCR_TRAP_ENABLE_DNO;
8441 
8442                 if (put_user_u64 (swcr, arg2))
8443                         goto efault;
8444                 ret = 0;
8445             }
8446             break;
8447 
8448           /* case GSI_IEEE_STATE_AT_SIGNAL:
8449              -- Not implemented in linux kernel.
8450              case GSI_UACPROC:
8451              -- Retrieves current unaligned access state; not much used.
8452              case GSI_PROC_TYPE:
8453              -- Retrieves implver information; surely not used.
8454              case GSI_GET_HWRPB:
8455              -- Grabs a copy of the HWRPB; surely not used.
8456           */
8457         }
8458         break;
8459 #endif
8460 #if defined(TARGET_NR_osf_setsysinfo) && defined(TARGET_ALPHA)
8461     /* Alpha specific */
8462     case TARGET_NR_osf_setsysinfo:
8463         ret = -TARGET_EOPNOTSUPP;
8464         switch (arg1) {
8465           case TARGET_SSI_IEEE_FP_CONTROL:
8466             {
8467                 uint64_t swcr, fpcr, orig_fpcr;
8468 
8469                 if (get_user_u64 (swcr, arg2)) {
8470                     goto efault;
8471                 }
8472                 orig_fpcr = cpu_alpha_load_fpcr(cpu_env);
8473                 fpcr = orig_fpcr & FPCR_DYN_MASK;
8474 
8475                 /* Copied from linux ieee_swcr_to_fpcr.  */
8476                 fpcr |= (swcr & SWCR_STATUS_MASK) << 35;
8477                 fpcr |= (swcr & SWCR_MAP_DMZ) << 36;
8478                 fpcr |= (~swcr & (SWCR_TRAP_ENABLE_INV
8479                                   | SWCR_TRAP_ENABLE_DZE
8480                                   | SWCR_TRAP_ENABLE_OVF)) << 48;
8481                 fpcr |= (~swcr & (SWCR_TRAP_ENABLE_UNF
8482                                   | SWCR_TRAP_ENABLE_INE)) << 57;
8483                 fpcr |= (swcr & SWCR_MAP_UMZ ? FPCR_UNDZ | FPCR_UNFD : 0);
8484                 fpcr |= (~swcr & SWCR_TRAP_ENABLE_DNO) << 41;
8485 
8486                 cpu_alpha_store_fpcr(cpu_env, fpcr);
8487                 ret = 0;
8488             }
8489             break;
8490 
8491           case TARGET_SSI_IEEE_RAISE_EXCEPTION:
8492             {
8493                 uint64_t exc, fpcr, orig_fpcr;
8494                 int si_code;
8495 
8496                 if (get_user_u64(exc, arg2)) {
8497                     goto efault;
8498                 }
8499 
8500                 orig_fpcr = cpu_alpha_load_fpcr(cpu_env);
8501 
8502                 /* We only add to the exception status here.  */
8503                 fpcr = orig_fpcr | ((exc & SWCR_STATUS_MASK) << 35);
8504 
8505                 cpu_alpha_store_fpcr(cpu_env, fpcr);
8506                 ret = 0;
8507 
8508                 /* Old exceptions are not signaled.  */
8509                 fpcr &= ~(orig_fpcr & FPCR_STATUS_MASK);
8510 
8511                 /* If any exceptions set by this call,
8512                    and are unmasked, send a signal.  */
8513                 si_code = 0;
8514                 if ((fpcr & (FPCR_INE | FPCR_INED)) == FPCR_INE) {
8515                     si_code = TARGET_FPE_FLTRES;
8516                 }
8517                 if ((fpcr & (FPCR_UNF | FPCR_UNFD)) == FPCR_UNF) {
8518                     si_code = TARGET_FPE_FLTUND;
8519                 }
8520                 if ((fpcr & (FPCR_OVF | FPCR_OVFD)) == FPCR_OVF) {
8521                     si_code = TARGET_FPE_FLTOVF;
8522                 }
8523                 if ((fpcr & (FPCR_DZE | FPCR_DZED)) == FPCR_DZE) {
8524                     si_code = TARGET_FPE_FLTDIV;
8525                 }
8526                 if ((fpcr & (FPCR_INV | FPCR_INVD)) == FPCR_INV) {
8527                     si_code = TARGET_FPE_FLTINV;
8528                 }
8529                 if (si_code != 0) {
8530                     target_siginfo_t info;
8531                     info.si_signo = SIGFPE;
8532                     info.si_errno = 0;
8533                     info.si_code = si_code;
8534                     info._sifields._sigfault._addr
8535                         = ((CPUArchState *)cpu_env)->pc;
8536                     queue_signal((CPUArchState *)cpu_env, info.si_signo, &info);
8537                 }
8538             }
8539             break;
8540 
8541           /* case SSI_NVPAIRS:
8542              -- Used with SSIN_UACPROC to enable unaligned accesses.
8543              case SSI_IEEE_STATE_AT_SIGNAL:
8544              case SSI_IEEE_IGNORE_STATE_AT_SIGNAL:
8545              -- Not implemented in linux kernel
8546           */
8547         }
8548         break;
8549 #endif
8550 #ifdef TARGET_NR_osf_sigprocmask
8551     /* Alpha specific.  */
8552     case TARGET_NR_osf_sigprocmask:
8553         {
8554             abi_ulong mask;
8555             int how;
8556             sigset_t set, oldset;
8557 
8558             switch(arg1) {
8559             case TARGET_SIG_BLOCK:
8560                 how = SIG_BLOCK;
8561                 break;
8562             case TARGET_SIG_UNBLOCK:
8563                 how = SIG_UNBLOCK;
8564                 break;
8565             case TARGET_SIG_SETMASK:
8566                 how = SIG_SETMASK;
8567                 break;
8568             default:
8569                 ret = -TARGET_EINVAL;
8570                 goto fail;
8571             }
8572             mask = arg2;
8573             target_to_host_old_sigset(&set, &mask);
8574             do_sigprocmask(how, &set, &oldset);
8575             host_to_target_old_sigset(&mask, &oldset);
8576             ret = mask;
8577         }
8578         break;
8579 #endif
8580 
8581 #ifdef TARGET_NR_getgid32
8582     case TARGET_NR_getgid32:
8583         ret = get_errno(getgid());
8584         break;
8585 #endif
8586 #ifdef TARGET_NR_geteuid32
8587     case TARGET_NR_geteuid32:
8588         ret = get_errno(geteuid());
8589         break;
8590 #endif
8591 #ifdef TARGET_NR_getegid32
8592     case TARGET_NR_getegid32:
8593         ret = get_errno(getegid());
8594         break;
8595 #endif
8596 #ifdef TARGET_NR_setreuid32
8597     case TARGET_NR_setreuid32:
8598         ret = get_errno(setreuid(arg1, arg2));
8599         break;
8600 #endif
8601 #ifdef TARGET_NR_setregid32
8602     case TARGET_NR_setregid32:
8603         ret = get_errno(setregid(arg1, arg2));
8604         break;
8605 #endif
8606 #ifdef TARGET_NR_getgroups32
8607     case TARGET_NR_getgroups32:
8608         {
8609             int gidsetsize = arg1;
8610             uint32_t *target_grouplist;
8611             gid_t *grouplist;
8612             int i;
8613 
8614             grouplist = alloca(gidsetsize * sizeof(gid_t));
8615             ret = get_errno(getgroups(gidsetsize, grouplist));
8616             if (gidsetsize == 0)
8617                 break;
8618             if (!is_error(ret)) {
8619                 target_grouplist = lock_user(VERIFY_WRITE, arg2, gidsetsize * 4, 0);
8620                 if (!target_grouplist) {
8621                     ret = -TARGET_EFAULT;
8622                     goto fail;
8623                 }
8624                 for(i = 0;i < ret; i++)
8625                     target_grouplist[i] = tswap32(grouplist[i]);
8626                 unlock_user(target_grouplist, arg2, gidsetsize * 4);
8627             }
8628         }
8629         break;
8630 #endif
8631 #ifdef TARGET_NR_setgroups32
8632     case TARGET_NR_setgroups32:
8633         {
8634             int gidsetsize = arg1;
8635             uint32_t *target_grouplist;
8636             gid_t *grouplist;
8637             int i;
8638 
8639             grouplist = alloca(gidsetsize * sizeof(gid_t));
8640             target_grouplist = lock_user(VERIFY_READ, arg2, gidsetsize * 4, 1);
8641             if (!target_grouplist) {
8642                 ret = -TARGET_EFAULT;
8643                 goto fail;
8644             }
8645             for(i = 0;i < gidsetsize; i++)
8646                 grouplist[i] = tswap32(target_grouplist[i]);
8647             unlock_user(target_grouplist, arg2, 0);
8648             ret = get_errno(setgroups(gidsetsize, grouplist));
8649         }
8650         break;
8651 #endif
8652 #ifdef TARGET_NR_fchown32
8653     case TARGET_NR_fchown32:
8654         ret = get_errno(fchown(arg1, arg2, arg3));
8655         break;
8656 #endif
8657 #ifdef TARGET_NR_setresuid32
8658     case TARGET_NR_setresuid32:
8659         ret = get_errno(setresuid(arg1, arg2, arg3));
8660         break;
8661 #endif
8662 #ifdef TARGET_NR_getresuid32
8663     case TARGET_NR_getresuid32:
8664         {
8665             uid_t ruid, euid, suid;
8666             ret = get_errno(getresuid(&ruid, &euid, &suid));
8667             if (!is_error(ret)) {
8668                 if (put_user_u32(ruid, arg1)
8669                     || put_user_u32(euid, arg2)
8670                     || put_user_u32(suid, arg3))
8671                     goto efault;
8672             }
8673         }
8674         break;
8675 #endif
8676 #ifdef TARGET_NR_setresgid32
8677     case TARGET_NR_setresgid32:
8678         ret = get_errno(setresgid(arg1, arg2, arg3));
8679         break;
8680 #endif
8681 #ifdef TARGET_NR_getresgid32
8682     case TARGET_NR_getresgid32:
8683         {
8684             gid_t rgid, egid, sgid;
8685             ret = get_errno(getresgid(&rgid, &egid, &sgid));
8686             if (!is_error(ret)) {
8687                 if (put_user_u32(rgid, arg1)
8688                     || put_user_u32(egid, arg2)
8689                     || put_user_u32(sgid, arg3))
8690                     goto efault;
8691             }
8692         }
8693         break;
8694 #endif
8695 #ifdef TARGET_NR_chown32
8696     case TARGET_NR_chown32:
8697         if (!(p = lock_user_string(arg1)))
8698             goto efault;
8699         ret = get_errno(chown(p, arg2, arg3));
8700         unlock_user(p, arg1, 0);
8701         break;
8702 #endif
8703 #ifdef TARGET_NR_setuid32
8704     case TARGET_NR_setuid32:
8705         ret = get_errno(setuid(arg1));
8706         break;
8707 #endif
8708 #ifdef TARGET_NR_setgid32
8709     case TARGET_NR_setgid32:
8710         ret = get_errno(setgid(arg1));
8711         break;
8712 #endif
8713 #ifdef TARGET_NR_setfsuid32
8714     case TARGET_NR_setfsuid32:
8715         ret = get_errno(setfsuid(arg1));
8716         break;
8717 #endif
8718 #ifdef TARGET_NR_setfsgid32
8719     case TARGET_NR_setfsgid32:
8720         ret = get_errno(setfsgid(arg1));
8721         break;
8722 #endif
8723 
8724     case TARGET_NR_pivot_root:
8725         goto unimplemented;
8726 #ifdef TARGET_NR_mincore
8727     case TARGET_NR_mincore:
8728         {
8729             void *a;
8730             ret = -TARGET_EFAULT;
8731             if (!(a = lock_user(VERIFY_READ, arg1,arg2, 0)))
8732                 goto efault;
8733             if (!(p = lock_user_string(arg3)))
8734                 goto mincore_fail;
8735             ret = get_errno(mincore(a, arg2, p));
8736             unlock_user(p, arg3, ret);
8737             mincore_fail:
8738             unlock_user(a, arg1, 0);
8739         }
8740         break;
8741 #endif
8742 #ifdef TARGET_NR_arm_fadvise64_64
8743     case TARGET_NR_arm_fadvise64_64:
8744 	{
8745 		/*
8746 		 * arm_fadvise64_64 looks like fadvise64_64 but
8747 		 * with different argument order
8748 		 */
8749 		abi_long temp;
8750 		temp = arg3;
8751 		arg3 = arg4;
8752 		arg4 = temp;
8753 	}
8754 #endif
8755 #if defined(TARGET_NR_fadvise64_64) || defined(TARGET_NR_arm_fadvise64_64) || defined(TARGET_NR_fadvise64)
8756 #ifdef TARGET_NR_fadvise64_64
8757     case TARGET_NR_fadvise64_64:
8758 #endif
8759 #ifdef TARGET_NR_fadvise64
8760     case TARGET_NR_fadvise64:
8761 #endif
8762 #ifdef TARGET_S390X
8763         switch (arg4) {
8764         case 4: arg4 = POSIX_FADV_NOREUSE + 1; break; /* make sure it's an invalid value */
8765         case 5: arg4 = POSIX_FADV_NOREUSE + 2; break; /* ditto */
8766         case 6: arg4 = POSIX_FADV_DONTNEED; break;
8767         case 7: arg4 = POSIX_FADV_NOREUSE; break;
8768         default: break;
8769         }
8770 #endif
8771         ret = -posix_fadvise(arg1, arg2, arg3, arg4);
8772 	break;
8773 #endif
8774 #ifdef TARGET_NR_madvise
8775     case TARGET_NR_madvise:
8776         /* A straight passthrough may not be safe because qemu sometimes
8777            turns private file-backed mappings into anonymous mappings.
8778            This will break MADV_DONTNEED.
8779            This is a hint, so ignoring and returning success is ok.  */
8780         ret = get_errno(0);
8781         break;
8782 #endif
8783 #if TARGET_ABI_BITS == 32
8784     case TARGET_NR_fcntl64:
8785     {
8786 	int cmd;
8787 	struct flock64 fl;
8788 	struct target_flock64 *target_fl;
8789 #ifdef TARGET_ARM
8790 	struct target_eabi_flock64 *target_efl;
8791 #endif
8792 
8793 	cmd = target_to_host_fcntl_cmd(arg2);
8794         if (cmd == -TARGET_EINVAL) {
8795             ret = cmd;
8796             break;
8797         }
8798 
8799         switch(arg2) {
8800         case TARGET_F_GETLK64:
8801 #ifdef TARGET_ARM
8802             if (((CPUARMState *)cpu_env)->eabi) {
8803                 if (!lock_user_struct(VERIFY_READ, target_efl, arg3, 1))
8804                     goto efault;
8805                 fl.l_type = tswap16(target_efl->l_type);
8806                 fl.l_whence = tswap16(target_efl->l_whence);
8807                 fl.l_start = tswap64(target_efl->l_start);
8808                 fl.l_len = tswap64(target_efl->l_len);
8809                 fl.l_pid = tswap32(target_efl->l_pid);
8810                 unlock_user_struct(target_efl, arg3, 0);
8811             } else
8812 #endif
8813             {
8814                 if (!lock_user_struct(VERIFY_READ, target_fl, arg3, 1))
8815                     goto efault;
8816                 fl.l_type = tswap16(target_fl->l_type);
8817                 fl.l_whence = tswap16(target_fl->l_whence);
8818                 fl.l_start = tswap64(target_fl->l_start);
8819                 fl.l_len = tswap64(target_fl->l_len);
8820                 fl.l_pid = tswap32(target_fl->l_pid);
8821                 unlock_user_struct(target_fl, arg3, 0);
8822             }
8823             ret = get_errno(fcntl(arg1, cmd, &fl));
8824 	    if (ret == 0) {
8825 #ifdef TARGET_ARM
8826                 if (((CPUARMState *)cpu_env)->eabi) {
8827                     if (!lock_user_struct(VERIFY_WRITE, target_efl, arg3, 0))
8828                         goto efault;
8829                     target_efl->l_type = tswap16(fl.l_type);
8830                     target_efl->l_whence = tswap16(fl.l_whence);
8831                     target_efl->l_start = tswap64(fl.l_start);
8832                     target_efl->l_len = tswap64(fl.l_len);
8833                     target_efl->l_pid = tswap32(fl.l_pid);
8834                     unlock_user_struct(target_efl, arg3, 1);
8835                 } else
8836 #endif
8837                 {
8838                     if (!lock_user_struct(VERIFY_WRITE, target_fl, arg3, 0))
8839                         goto efault;
8840                     target_fl->l_type = tswap16(fl.l_type);
8841                     target_fl->l_whence = tswap16(fl.l_whence);
8842                     target_fl->l_start = tswap64(fl.l_start);
8843                     target_fl->l_len = tswap64(fl.l_len);
8844                     target_fl->l_pid = tswap32(fl.l_pid);
8845                     unlock_user_struct(target_fl, arg3, 1);
8846                 }
8847 	    }
8848 	    break;
8849 
8850         case TARGET_F_SETLK64:
8851         case TARGET_F_SETLKW64:
8852 #ifdef TARGET_ARM
8853             if (((CPUARMState *)cpu_env)->eabi) {
8854                 if (!lock_user_struct(VERIFY_READ, target_efl, arg3, 1))
8855                     goto efault;
8856                 fl.l_type = tswap16(target_efl->l_type);
8857                 fl.l_whence = tswap16(target_efl->l_whence);
8858                 fl.l_start = tswap64(target_efl->l_start);
8859                 fl.l_len = tswap64(target_efl->l_len);
8860                 fl.l_pid = tswap32(target_efl->l_pid);
8861                 unlock_user_struct(target_efl, arg3, 0);
8862             } else
8863 #endif
8864             {
8865                 if (!lock_user_struct(VERIFY_READ, target_fl, arg3, 1))
8866                     goto efault;
8867                 fl.l_type = tswap16(target_fl->l_type);
8868                 fl.l_whence = tswap16(target_fl->l_whence);
8869                 fl.l_start = tswap64(target_fl->l_start);
8870                 fl.l_len = tswap64(target_fl->l_len);
8871                 fl.l_pid = tswap32(target_fl->l_pid);
8872                 unlock_user_struct(target_fl, arg3, 0);
8873             }
8874             ret = get_errno(fcntl(arg1, cmd, &fl));
8875 	    break;
8876         default:
8877             ret = do_fcntl(arg1, arg2, arg3);
8878             break;
8879         }
8880 	break;
8881     }
8882 #endif
8883 #ifdef TARGET_NR_cacheflush
8884     case TARGET_NR_cacheflush:
8885         /* self-modifying code is handled automatically, so nothing needed */
8886         ret = 0;
8887         break;
8888 #endif
8889 #ifdef TARGET_NR_security
8890     case TARGET_NR_security:
8891         goto unimplemented;
8892 #endif
8893 #ifdef TARGET_NR_getpagesize
8894     case TARGET_NR_getpagesize:
8895         ret = TARGET_PAGE_SIZE;
8896         break;
8897 #endif
8898     case TARGET_NR_gettid:
8899         ret = get_errno(gettid());
8900         break;
8901 #ifdef TARGET_NR_readahead
8902     case TARGET_NR_readahead:
8903 #if TARGET_ABI_BITS == 32
8904         if (regpairs_aligned(cpu_env)) {
8905             arg2 = arg3;
8906             arg3 = arg4;
8907             arg4 = arg5;
8908         }
8909         ret = get_errno(readahead(arg1, ((off64_t)arg3 << 32) | arg2, arg4));
8910 #else
8911         ret = get_errno(readahead(arg1, arg2, arg3));
8912 #endif
8913         break;
8914 #endif
8915 #ifdef CONFIG_ATTR
8916 #ifdef TARGET_NR_setxattr
8917     case TARGET_NR_listxattr:
8918     case TARGET_NR_llistxattr:
8919     {
8920         void *p, *b = 0;
8921         if (arg2) {
8922             b = lock_user(VERIFY_WRITE, arg2, arg3, 0);
8923             if (!b) {
8924                 ret = -TARGET_EFAULT;
8925                 break;
8926             }
8927         }
8928         p = lock_user_string(arg1);
8929         if (p) {
8930             if (num == TARGET_NR_listxattr) {
8931                 ret = get_errno(listxattr(p, b, arg3));
8932             } else {
8933                 ret = get_errno(llistxattr(p, b, arg3));
8934             }
8935         } else {
8936             ret = -TARGET_EFAULT;
8937         }
8938         unlock_user(p, arg1, 0);
8939         unlock_user(b, arg2, arg3);
8940         break;
8941     }
8942     case TARGET_NR_flistxattr:
8943     {
8944         void *b = 0;
8945         if (arg2) {
8946             b = lock_user(VERIFY_WRITE, arg2, arg3, 0);
8947             if (!b) {
8948                 ret = -TARGET_EFAULT;
8949                 break;
8950             }
8951         }
8952         ret = get_errno(flistxattr(arg1, b, arg3));
8953         unlock_user(b, arg2, arg3);
8954         break;
8955     }
8956     case TARGET_NR_setxattr:
8957     case TARGET_NR_lsetxattr:
8958         {
8959             void *p, *n, *v = 0;
8960             if (arg3) {
8961                 v = lock_user(VERIFY_READ, arg3, arg4, 1);
8962                 if (!v) {
8963                     ret = -TARGET_EFAULT;
8964                     break;
8965                 }
8966             }
8967             p = lock_user_string(arg1);
8968             n = lock_user_string(arg2);
8969             if (p && n) {
8970                 if (num == TARGET_NR_setxattr) {
8971                     ret = get_errno(setxattr(p, n, v, arg4, arg5));
8972                 } else {
8973                     ret = get_errno(lsetxattr(p, n, v, arg4, arg5));
8974                 }
8975             } else {
8976                 ret = -TARGET_EFAULT;
8977             }
8978             unlock_user(p, arg1, 0);
8979             unlock_user(n, arg2, 0);
8980             unlock_user(v, arg3, 0);
8981         }
8982         break;
8983     case TARGET_NR_fsetxattr:
8984         {
8985             void *n, *v = 0;
8986             if (arg3) {
8987                 v = lock_user(VERIFY_READ, arg3, arg4, 1);
8988                 if (!v) {
8989                     ret = -TARGET_EFAULT;
8990                     break;
8991                 }
8992             }
8993             n = lock_user_string(arg2);
8994             if (n) {
8995                 ret = get_errno(fsetxattr(arg1, n, v, arg4, arg5));
8996             } else {
8997                 ret = -TARGET_EFAULT;
8998             }
8999             unlock_user(n, arg2, 0);
9000             unlock_user(v, arg3, 0);
9001         }
9002         break;
9003     case TARGET_NR_getxattr:
9004     case TARGET_NR_lgetxattr:
9005         {
9006             void *p, *n, *v = 0;
9007             if (arg3) {
9008                 v = lock_user(VERIFY_WRITE, arg3, arg4, 0);
9009                 if (!v) {
9010                     ret = -TARGET_EFAULT;
9011                     break;
9012                 }
9013             }
9014             p = lock_user_string(arg1);
9015             n = lock_user_string(arg2);
9016             if (p && n) {
9017                 if (num == TARGET_NR_getxattr) {
9018                     ret = get_errno(getxattr(p, n, v, arg4));
9019                 } else {
9020                     ret = get_errno(lgetxattr(p, n, v, arg4));
9021                 }
9022             } else {
9023                 ret = -TARGET_EFAULT;
9024             }
9025             unlock_user(p, arg1, 0);
9026             unlock_user(n, arg2, 0);
9027             unlock_user(v, arg3, arg4);
9028         }
9029         break;
9030     case TARGET_NR_fgetxattr:
9031         {
9032             void *n, *v = 0;
9033             if (arg3) {
9034                 v = lock_user(VERIFY_WRITE, arg3, arg4, 0);
9035                 if (!v) {
9036                     ret = -TARGET_EFAULT;
9037                     break;
9038                 }
9039             }
9040             n = lock_user_string(arg2);
9041             if (n) {
9042                 ret = get_errno(fgetxattr(arg1, n, v, arg4));
9043             } else {
9044                 ret = -TARGET_EFAULT;
9045             }
9046             unlock_user(n, arg2, 0);
9047             unlock_user(v, arg3, arg4);
9048         }
9049         break;
9050     case TARGET_NR_removexattr:
9051     case TARGET_NR_lremovexattr:
9052         {
9053             void *p, *n;
9054             p = lock_user_string(arg1);
9055             n = lock_user_string(arg2);
9056             if (p && n) {
9057                 if (num == TARGET_NR_removexattr) {
9058                     ret = get_errno(removexattr(p, n));
9059                 } else {
9060                     ret = get_errno(lremovexattr(p, n));
9061                 }
9062             } else {
9063                 ret = -TARGET_EFAULT;
9064             }
9065             unlock_user(p, arg1, 0);
9066             unlock_user(n, arg2, 0);
9067         }
9068         break;
9069     case TARGET_NR_fremovexattr:
9070         {
9071             void *n;
9072             n = lock_user_string(arg2);
9073             if (n) {
9074                 ret = get_errno(fremovexattr(arg1, n));
9075             } else {
9076                 ret = -TARGET_EFAULT;
9077             }
9078             unlock_user(n, arg2, 0);
9079         }
9080         break;
9081 #endif
9082 #endif /* CONFIG_ATTR */
9083 #ifdef TARGET_NR_set_thread_area
9084     case TARGET_NR_set_thread_area:
9085 #if defined(TARGET_MIPS)
9086       ((CPUMIPSState *) cpu_env)->active_tc.CP0_UserLocal = arg1;
9087       ret = 0;
9088       break;
9089 #elif defined(TARGET_CRIS)
9090       if (arg1 & 0xff)
9091           ret = -TARGET_EINVAL;
9092       else {
9093           ((CPUCRISState *) cpu_env)->pregs[PR_PID] = arg1;
9094           ret = 0;
9095       }
9096       break;
9097 #elif defined(TARGET_I386) && defined(TARGET_ABI32)
9098       ret = do_set_thread_area(cpu_env, arg1);
9099       break;
9100 #elif defined(TARGET_M68K)
9101       {
9102           TaskState *ts = cpu->opaque;
9103           ts->tp_value = arg1;
9104           ret = 0;
9105           break;
9106       }
9107 #else
9108       goto unimplemented_nowarn;
9109 #endif
9110 #endif
9111 #ifdef TARGET_NR_get_thread_area
9112     case TARGET_NR_get_thread_area:
9113 #if defined(TARGET_I386) && defined(TARGET_ABI32)
9114         ret = do_get_thread_area(cpu_env, arg1);
9115         break;
9116 #elif defined(TARGET_M68K)
9117         {
9118             TaskState *ts = cpu->opaque;
9119             ret = ts->tp_value;
9120             break;
9121         }
9122 #else
9123         goto unimplemented_nowarn;
9124 #endif
9125 #endif
9126 #ifdef TARGET_NR_getdomainname
9127     case TARGET_NR_getdomainname:
9128         goto unimplemented_nowarn;
9129 #endif
9130 
9131 #ifdef TARGET_NR_clock_gettime
9132     case TARGET_NR_clock_gettime:
9133     {
9134         struct timespec ts;
9135         ret = get_errno(clock_gettime(arg1, &ts));
9136         if (!is_error(ret)) {
9137             host_to_target_timespec(arg2, &ts);
9138         }
9139         break;
9140     }
9141 #endif
9142 #ifdef TARGET_NR_clock_getres
9143     case TARGET_NR_clock_getres:
9144     {
9145         struct timespec ts;
9146         ret = get_errno(clock_getres(arg1, &ts));
9147         if (!is_error(ret)) {
9148             host_to_target_timespec(arg2, &ts);
9149         }
9150         break;
9151     }
9152 #endif
9153 #ifdef TARGET_NR_clock_nanosleep
9154     case TARGET_NR_clock_nanosleep:
9155     {
9156         struct timespec ts;
9157         target_to_host_timespec(&ts, arg3);
9158         ret = get_errno(clock_nanosleep(arg1, arg2, &ts, arg4 ? &ts : NULL));
9159         if (arg4)
9160             host_to_target_timespec(arg4, &ts);
9161 
9162 #if defined(TARGET_PPC)
9163         /* clock_nanosleep is odd in that it returns positive errno values.
9164          * On PPC, CR0 bit 3 should be set in such a situation. */
9165         if (ret) {
9166             ((CPUPPCState *)cpu_env)->crf[0] |= 1;
9167         }
9168 #endif
9169         break;
9170     }
9171 #endif
9172 
9173 #if defined(TARGET_NR_set_tid_address) && defined(__NR_set_tid_address)
9174     case TARGET_NR_set_tid_address:
9175         ret = get_errno(set_tid_address((int *)g2h(arg1)));
9176         break;
9177 #endif
9178 
9179 #if defined(TARGET_NR_tkill) && defined(__NR_tkill)
9180     case TARGET_NR_tkill:
9181         ret = get_errno(sys_tkill((int)arg1, target_to_host_signal(arg2)));
9182         break;
9183 #endif
9184 
9185 #if defined(TARGET_NR_tgkill) && defined(__NR_tgkill)
9186     case TARGET_NR_tgkill:
9187 	ret = get_errno(sys_tgkill((int)arg1, (int)arg2,
9188                         target_to_host_signal(arg3)));
9189 	break;
9190 #endif
9191 
9192 #ifdef TARGET_NR_set_robust_list
9193     case TARGET_NR_set_robust_list:
9194     case TARGET_NR_get_robust_list:
9195         /* The ABI for supporting robust futexes has userspace pass
9196          * the kernel a pointer to a linked list which is updated by
9197          * userspace after the syscall; the list is walked by the kernel
9198          * when the thread exits. Since the linked list in QEMU guest
9199          * memory isn't a valid linked list for the host and we have
9200          * no way to reliably intercept the thread-death event, we can't
9201          * support these. Silently return ENOSYS so that guest userspace
9202          * falls back to a non-robust futex implementation (which should
9203          * be OK except in the corner case of the guest crashing while
9204          * holding a mutex that is shared with another process via
9205          * shared memory).
9206          */
9207         goto unimplemented_nowarn;
9208 #endif
9209 
9210 #if defined(TARGET_NR_utimensat)
9211     case TARGET_NR_utimensat:
9212         {
9213             struct timespec *tsp, ts[2];
9214             if (!arg3) {
9215                 tsp = NULL;
9216             } else {
9217                 target_to_host_timespec(ts, arg3);
9218                 target_to_host_timespec(ts+1, arg3+sizeof(struct target_timespec));
9219                 tsp = ts;
9220             }
9221             if (!arg2)
9222                 ret = get_errno(sys_utimensat(arg1, NULL, tsp, arg4));
9223             else {
9224                 if (!(p = lock_user_string(arg2))) {
9225                     ret = -TARGET_EFAULT;
9226                     goto fail;
9227                 }
9228                 ret = get_errno(sys_utimensat(arg1, path(p), tsp, arg4));
9229                 unlock_user(p, arg2, 0);
9230             }
9231         }
9232 	break;
9233 #endif
9234     case TARGET_NR_futex:
9235         ret = do_futex(arg1, arg2, arg3, arg4, arg5, arg6);
9236         break;
9237 #if defined(TARGET_NR_inotify_init) && defined(__NR_inotify_init)
9238     case TARGET_NR_inotify_init:
9239         ret = get_errno(sys_inotify_init());
9240         break;
9241 #endif
9242 #ifdef CONFIG_INOTIFY1
9243 #if defined(TARGET_NR_inotify_init1) && defined(__NR_inotify_init1)
9244     case TARGET_NR_inotify_init1:
9245         ret = get_errno(sys_inotify_init1(arg1));
9246         break;
9247 #endif
9248 #endif
9249 #if defined(TARGET_NR_inotify_add_watch) && defined(__NR_inotify_add_watch)
9250     case TARGET_NR_inotify_add_watch:
9251         p = lock_user_string(arg2);
9252         ret = get_errno(sys_inotify_add_watch(arg1, path(p), arg3));
9253         unlock_user(p, arg2, 0);
9254         break;
9255 #endif
9256 #if defined(TARGET_NR_inotify_rm_watch) && defined(__NR_inotify_rm_watch)
9257     case TARGET_NR_inotify_rm_watch:
9258         ret = get_errno(sys_inotify_rm_watch(arg1, arg2));
9259         break;
9260 #endif
9261 
9262 #if defined(TARGET_NR_mq_open) && defined(__NR_mq_open)
9263     case TARGET_NR_mq_open:
9264         {
9265             struct mq_attr posix_mq_attr, *attrp;
9266 
9267             p = lock_user_string(arg1 - 1);
9268             if (arg4 != 0) {
9269                 copy_from_user_mq_attr (&posix_mq_attr, arg4);
9270                 attrp = &posix_mq_attr;
9271             } else {
9272                 attrp = 0;
9273             }
9274             ret = get_errno(mq_open(p, arg2, arg3, attrp));
9275             unlock_user (p, arg1, 0);
9276         }
9277         break;
9278 
9279     case TARGET_NR_mq_unlink:
9280         p = lock_user_string(arg1 - 1);
9281         ret = get_errno(mq_unlink(p));
9282         unlock_user (p, arg1, 0);
9283         break;
9284 
9285     case TARGET_NR_mq_timedsend:
9286         {
9287             struct timespec ts;
9288 
9289             p = lock_user (VERIFY_READ, arg2, arg3, 1);
9290             if (arg5 != 0) {
9291                 target_to_host_timespec(&ts, arg5);
9292                 ret = get_errno(mq_timedsend(arg1, p, arg3, arg4, &ts));
9293                 host_to_target_timespec(arg5, &ts);
9294             }
9295             else
9296                 ret = get_errno(mq_send(arg1, p, arg3, arg4));
9297             unlock_user (p, arg2, arg3);
9298         }
9299         break;
9300 
9301     case TARGET_NR_mq_timedreceive:
9302         {
9303             struct timespec ts;
9304             unsigned int prio;
9305 
9306             p = lock_user (VERIFY_READ, arg2, arg3, 1);
9307             if (arg5 != 0) {
9308                 target_to_host_timespec(&ts, arg5);
9309                 ret = get_errno(mq_timedreceive(arg1, p, arg3, &prio, &ts));
9310                 host_to_target_timespec(arg5, &ts);
9311             }
9312             else
9313                 ret = get_errno(mq_receive(arg1, p, arg3, &prio));
9314             unlock_user (p, arg2, arg3);
9315             if (arg4 != 0)
9316                 put_user_u32(prio, arg4);
9317         }
9318         break;
9319 
9320     /* Not implemented for now... */
9321 /*     case TARGET_NR_mq_notify: */
9322 /*         break; */
9323 
9324     case TARGET_NR_mq_getsetattr:
9325         {
9326             struct mq_attr posix_mq_attr_in, posix_mq_attr_out;
9327             ret = 0;
9328             if (arg3 != 0) {
9329                 ret = mq_getattr(arg1, &posix_mq_attr_out);
9330                 copy_to_user_mq_attr(arg3, &posix_mq_attr_out);
9331             }
9332             if (arg2 != 0) {
9333                 copy_from_user_mq_attr(&posix_mq_attr_in, arg2);
9334                 ret |= mq_setattr(arg1, &posix_mq_attr_in, &posix_mq_attr_out);
9335             }
9336 
9337         }
9338         break;
9339 #endif
9340 
9341 #ifdef CONFIG_SPLICE
9342 #ifdef TARGET_NR_tee
9343     case TARGET_NR_tee:
9344         {
9345             ret = get_errno(tee(arg1,arg2,arg3,arg4));
9346         }
9347         break;
9348 #endif
9349 #ifdef TARGET_NR_splice
9350     case TARGET_NR_splice:
9351         {
9352             loff_t loff_in, loff_out;
9353             loff_t *ploff_in = NULL, *ploff_out = NULL;
9354             if(arg2) {
9355                 get_user_u64(loff_in, arg2);
9356                 ploff_in = &loff_in;
9357             }
9358             if(arg4) {
9359                 get_user_u64(loff_out, arg2);
9360                 ploff_out = &loff_out;
9361             }
9362             ret = get_errno(splice(arg1, ploff_in, arg3, ploff_out, arg5, arg6));
9363         }
9364         break;
9365 #endif
9366 #ifdef TARGET_NR_vmsplice
9367 	case TARGET_NR_vmsplice:
9368         {
9369             struct iovec *vec = lock_iovec(VERIFY_READ, arg2, arg3, 1);
9370             if (vec != NULL) {
9371                 ret = get_errno(vmsplice(arg1, vec, arg3, arg4));
9372                 unlock_iovec(vec, arg2, arg3, 0);
9373             } else {
9374                 ret = -host_to_target_errno(errno);
9375             }
9376         }
9377         break;
9378 #endif
9379 #endif /* CONFIG_SPLICE */
9380 #ifdef CONFIG_EVENTFD
9381 #if defined(TARGET_NR_eventfd)
9382     case TARGET_NR_eventfd:
9383         ret = get_errno(eventfd(arg1, 0));
9384         break;
9385 #endif
9386 #if defined(TARGET_NR_eventfd2)
9387     case TARGET_NR_eventfd2:
9388     {
9389         int host_flags = arg2 & (~(TARGET_O_NONBLOCK | TARGET_O_CLOEXEC));
9390         if (arg2 & TARGET_O_NONBLOCK) {
9391             host_flags |= O_NONBLOCK;
9392         }
9393         if (arg2 & TARGET_O_CLOEXEC) {
9394             host_flags |= O_CLOEXEC;
9395         }
9396         ret = get_errno(eventfd(arg1, host_flags));
9397         break;
9398     }
9399 #endif
9400 #endif /* CONFIG_EVENTFD  */
9401 #if defined(CONFIG_FALLOCATE) && defined(TARGET_NR_fallocate)
9402     case TARGET_NR_fallocate:
9403 #if TARGET_ABI_BITS == 32
9404         ret = get_errno(fallocate(arg1, arg2, target_offset64(arg3, arg4),
9405                                   target_offset64(arg5, arg6)));
9406 #else
9407         ret = get_errno(fallocate(arg1, arg2, arg3, arg4));
9408 #endif
9409         break;
9410 #endif
9411 #if defined(CONFIG_SYNC_FILE_RANGE)
9412 #if defined(TARGET_NR_sync_file_range)
9413     case TARGET_NR_sync_file_range:
9414 #if TARGET_ABI_BITS == 32
9415 #if defined(TARGET_MIPS)
9416         ret = get_errno(sync_file_range(arg1, target_offset64(arg3, arg4),
9417                                         target_offset64(arg5, arg6), arg7));
9418 #else
9419         ret = get_errno(sync_file_range(arg1, target_offset64(arg2, arg3),
9420                                         target_offset64(arg4, arg5), arg6));
9421 #endif /* !TARGET_MIPS */
9422 #else
9423         ret = get_errno(sync_file_range(arg1, arg2, arg3, arg4));
9424 #endif
9425         break;
9426 #endif
9427 #if defined(TARGET_NR_sync_file_range2)
9428     case TARGET_NR_sync_file_range2:
9429         /* This is like sync_file_range but the arguments are reordered */
9430 #if TARGET_ABI_BITS == 32
9431         ret = get_errno(sync_file_range(arg1, target_offset64(arg3, arg4),
9432                                         target_offset64(arg5, arg6), arg2));
9433 #else
9434         ret = get_errno(sync_file_range(arg1, arg3, arg4, arg2));
9435 #endif
9436         break;
9437 #endif
9438 #endif
9439 #if defined(CONFIG_EPOLL)
9440 #if defined(TARGET_NR_epoll_create)
9441     case TARGET_NR_epoll_create:
9442         ret = get_errno(epoll_create(arg1));
9443         break;
9444 #endif
9445 #if defined(TARGET_NR_epoll_create1) && defined(CONFIG_EPOLL_CREATE1)
9446     case TARGET_NR_epoll_create1:
9447         ret = get_errno(epoll_create1(arg1));
9448         break;
9449 #endif
9450 #if defined(TARGET_NR_epoll_ctl)
9451     case TARGET_NR_epoll_ctl:
9452     {
9453         struct epoll_event ep;
9454         struct epoll_event *epp = 0;
9455         if (arg4) {
9456             struct target_epoll_event *target_ep;
9457             if (!lock_user_struct(VERIFY_READ, target_ep, arg4, 1)) {
9458                 goto efault;
9459             }
9460             ep.events = tswap32(target_ep->events);
9461             /* The epoll_data_t union is just opaque data to the kernel,
9462              * so we transfer all 64 bits across and need not worry what
9463              * actual data type it is.
9464              */
9465             ep.data.u64 = tswap64(target_ep->data.u64);
9466             unlock_user_struct(target_ep, arg4, 0);
9467             epp = &ep;
9468         }
9469         ret = get_errno(epoll_ctl(arg1, arg2, arg3, epp));
9470         break;
9471     }
9472 #endif
9473 
9474 #if defined(TARGET_NR_epoll_pwait) && defined(CONFIG_EPOLL_PWAIT)
9475 #define IMPLEMENT_EPOLL_PWAIT
9476 #endif
9477 #if defined(TARGET_NR_epoll_wait) || defined(IMPLEMENT_EPOLL_PWAIT)
9478 #if defined(TARGET_NR_epoll_wait)
9479     case TARGET_NR_epoll_wait:
9480 #endif
9481 #if defined(IMPLEMENT_EPOLL_PWAIT)
9482     case TARGET_NR_epoll_pwait:
9483 #endif
9484     {
9485         struct target_epoll_event *target_ep;
9486         struct epoll_event *ep;
9487         int epfd = arg1;
9488         int maxevents = arg3;
9489         int timeout = arg4;
9490 
9491         target_ep = lock_user(VERIFY_WRITE, arg2,
9492                               maxevents * sizeof(struct target_epoll_event), 1);
9493         if (!target_ep) {
9494             goto efault;
9495         }
9496 
9497         ep = alloca(maxevents * sizeof(struct epoll_event));
9498 
9499         switch (num) {
9500 #if defined(IMPLEMENT_EPOLL_PWAIT)
9501         case TARGET_NR_epoll_pwait:
9502         {
9503             target_sigset_t *target_set;
9504             sigset_t _set, *set = &_set;
9505 
9506             if (arg5) {
9507                 target_set = lock_user(VERIFY_READ, arg5,
9508                                        sizeof(target_sigset_t), 1);
9509                 if (!target_set) {
9510                     unlock_user(target_ep, arg2, 0);
9511                     goto efault;
9512                 }
9513                 target_to_host_sigset(set, target_set);
9514                 unlock_user(target_set, arg5, 0);
9515             } else {
9516                 set = NULL;
9517             }
9518 
9519             ret = get_errno(epoll_pwait(epfd, ep, maxevents, timeout, set));
9520             break;
9521         }
9522 #endif
9523 #if defined(TARGET_NR_epoll_wait)
9524         case TARGET_NR_epoll_wait:
9525             ret = get_errno(epoll_wait(epfd, ep, maxevents, timeout));
9526             break;
9527 #endif
9528         default:
9529             ret = -TARGET_ENOSYS;
9530         }
9531         if (!is_error(ret)) {
9532             int i;
9533             for (i = 0; i < ret; i++) {
9534                 target_ep[i].events = tswap32(ep[i].events);
9535                 target_ep[i].data.u64 = tswap64(ep[i].data.u64);
9536             }
9537         }
9538         unlock_user(target_ep, arg2, ret * sizeof(struct target_epoll_event));
9539         break;
9540     }
9541 #endif
9542 #endif
9543 #ifdef TARGET_NR_prlimit64
9544     case TARGET_NR_prlimit64:
9545     {
9546         /* args: pid, resource number, ptr to new rlimit, ptr to old rlimit */
9547         struct target_rlimit64 *target_rnew, *target_rold;
9548         struct host_rlimit64 rnew, rold, *rnewp = 0;
9549         int resource = target_to_host_resource(arg2);
9550         if (arg3) {
9551             if (!lock_user_struct(VERIFY_READ, target_rnew, arg3, 1)) {
9552                 goto efault;
9553             }
9554             rnew.rlim_cur = tswap64(target_rnew->rlim_cur);
9555             rnew.rlim_max = tswap64(target_rnew->rlim_max);
9556             unlock_user_struct(target_rnew, arg3, 0);
9557             rnewp = &rnew;
9558         }
9559 
9560         ret = get_errno(sys_prlimit64(arg1, resource, rnewp, arg4 ? &rold : 0));
9561         if (!is_error(ret) && arg4) {
9562             if (!lock_user_struct(VERIFY_WRITE, target_rold, arg4, 1)) {
9563                 goto efault;
9564             }
9565             target_rold->rlim_cur = tswap64(rold.rlim_cur);
9566             target_rold->rlim_max = tswap64(rold.rlim_max);
9567             unlock_user_struct(target_rold, arg4, 1);
9568         }
9569         break;
9570     }
9571 #endif
9572 #ifdef TARGET_NR_gethostname
9573     case TARGET_NR_gethostname:
9574     {
9575         char *name = lock_user(VERIFY_WRITE, arg1, arg2, 0);
9576         if (name) {
9577             ret = get_errno(gethostname(name, arg2));
9578             unlock_user(name, arg1, arg2);
9579         } else {
9580             ret = -TARGET_EFAULT;
9581         }
9582         break;
9583     }
9584 #endif
9585 #ifdef TARGET_NR_atomic_cmpxchg_32
9586     case TARGET_NR_atomic_cmpxchg_32:
9587     {
9588         /* should use start_exclusive from main.c */
9589         abi_ulong mem_value;
9590         if (get_user_u32(mem_value, arg6)) {
9591             target_siginfo_t info;
9592             info.si_signo = SIGSEGV;
9593             info.si_errno = 0;
9594             info.si_code = TARGET_SEGV_MAPERR;
9595             info._sifields._sigfault._addr = arg6;
9596             queue_signal((CPUArchState *)cpu_env, info.si_signo, &info);
9597             ret = 0xdeadbeef;
9598 
9599         }
9600         if (mem_value == arg2)
9601             put_user_u32(arg1, arg6);
9602         ret = mem_value;
9603         break;
9604     }
9605 #endif
9606 #ifdef TARGET_NR_atomic_barrier
9607     case TARGET_NR_atomic_barrier:
9608     {
9609         /* Like the kernel implementation and the qemu arm barrier, no-op this? */
9610         ret = 0;
9611         break;
9612     }
9613 #endif
9614 
9615 #ifdef TARGET_NR_timer_create
9616     case TARGET_NR_timer_create:
9617     {
9618         /* args: clockid_t clockid, struct sigevent *sevp, timer_t *timerid */
9619 
9620         struct sigevent host_sevp = { {0}, }, *phost_sevp = NULL;
9621 
9622         int clkid = arg1;
9623         int timer_index = next_free_host_timer();
9624 
9625         if (timer_index < 0) {
9626             ret = -TARGET_EAGAIN;
9627         } else {
9628             timer_t *phtimer = g_posix_timers  + timer_index;
9629 
9630             if (arg2) {
9631                 phost_sevp = &host_sevp;
9632                 ret = target_to_host_sigevent(phost_sevp, arg2);
9633                 if (ret != 0) {
9634                     break;
9635                 }
9636             }
9637 
9638             ret = get_errno(timer_create(clkid, phost_sevp, phtimer));
9639             if (ret) {
9640                 phtimer = NULL;
9641             } else {
9642                 if (put_user(TIMER_MAGIC | timer_index, arg3, target_timer_t)) {
9643                     goto efault;
9644                 }
9645             }
9646         }
9647         break;
9648     }
9649 #endif
9650 
9651 #ifdef TARGET_NR_timer_settime
9652     case TARGET_NR_timer_settime:
9653     {
9654         /* args: timer_t timerid, int flags, const struct itimerspec *new_value,
9655          * struct itimerspec * old_value */
9656         target_timer_t timerid = get_timer_id(arg1);
9657 
9658         if (timerid < 0) {
9659             ret = timerid;
9660         } else if (arg3 == 0) {
9661             ret = -TARGET_EINVAL;
9662         } else {
9663             timer_t htimer = g_posix_timers[timerid];
9664             struct itimerspec hspec_new = {{0},}, hspec_old = {{0},};
9665 
9666             target_to_host_itimerspec(&hspec_new, arg3);
9667             ret = get_errno(
9668                           timer_settime(htimer, arg2, &hspec_new, &hspec_old));
9669             host_to_target_itimerspec(arg2, &hspec_old);
9670         }
9671         break;
9672     }
9673 #endif
9674 
9675 #ifdef TARGET_NR_timer_gettime
9676     case TARGET_NR_timer_gettime:
9677     {
9678         /* args: timer_t timerid, struct itimerspec *curr_value */
9679         target_timer_t timerid = get_timer_id(arg1);
9680 
9681         if (timerid < 0) {
9682             ret = timerid;
9683         } else if (!arg2) {
9684             ret = -TARGET_EFAULT;
9685         } else {
9686             timer_t htimer = g_posix_timers[timerid];
9687             struct itimerspec hspec;
9688             ret = get_errno(timer_gettime(htimer, &hspec));
9689 
9690             if (host_to_target_itimerspec(arg2, &hspec)) {
9691                 ret = -TARGET_EFAULT;
9692             }
9693         }
9694         break;
9695     }
9696 #endif
9697 
9698 #ifdef TARGET_NR_timer_getoverrun
9699     case TARGET_NR_timer_getoverrun:
9700     {
9701         /* args: timer_t timerid */
9702         target_timer_t timerid = get_timer_id(arg1);
9703 
9704         if (timerid < 0) {
9705             ret = timerid;
9706         } else {
9707             timer_t htimer = g_posix_timers[timerid];
9708             ret = get_errno(timer_getoverrun(htimer));
9709         }
9710         break;
9711     }
9712 #endif
9713 
9714 #ifdef TARGET_NR_timer_delete
9715     case TARGET_NR_timer_delete:
9716     {
9717         /* args: timer_t timerid */
9718         target_timer_t timerid = get_timer_id(arg1);
9719 
9720         if (timerid < 0) {
9721             ret = timerid;
9722         } else {
9723             timer_t htimer = g_posix_timers[timerid];
9724             ret = get_errno(timer_delete(htimer));
9725             g_posix_timers[timerid] = 0;
9726         }
9727         break;
9728     }
9729 #endif
9730 
9731 #if defined(TARGET_NR_timerfd_create) && defined(CONFIG_TIMERFD)
9732     case TARGET_NR_timerfd_create:
9733         ret = get_errno(timerfd_create(arg1,
9734                 target_to_host_bitmask(arg2, fcntl_flags_tbl)));
9735         break;
9736 #endif
9737 
9738 #if defined(TARGET_NR_timerfd_gettime) && defined(CONFIG_TIMERFD)
9739     case TARGET_NR_timerfd_gettime:
9740         {
9741             struct itimerspec its_curr;
9742 
9743             ret = get_errno(timerfd_gettime(arg1, &its_curr));
9744 
9745             if (arg2 && host_to_target_itimerspec(arg2, &its_curr)) {
9746                 goto efault;
9747             }
9748         }
9749         break;
9750 #endif
9751 
9752 #if defined(TARGET_NR_timerfd_settime) && defined(CONFIG_TIMERFD)
9753     case TARGET_NR_timerfd_settime:
9754         {
9755             struct itimerspec its_new, its_old, *p_new;
9756 
9757             if (arg3) {
9758                 if (target_to_host_itimerspec(&its_new, arg3)) {
9759                     goto efault;
9760                 }
9761                 p_new = &its_new;
9762             } else {
9763                 p_new = NULL;
9764             }
9765 
9766             ret = get_errno(timerfd_settime(arg1, arg2, p_new, &its_old));
9767 
9768             if (arg4 && host_to_target_itimerspec(arg4, &its_old)) {
9769                 goto efault;
9770             }
9771         }
9772         break;
9773 #endif
9774 
9775 #if defined(TARGET_NR_ioprio_get) && defined(__NR_ioprio_get)
9776     case TARGET_NR_ioprio_get:
9777         ret = get_errno(ioprio_get(arg1, arg2));
9778         break;
9779 #endif
9780 
9781 #if defined(TARGET_NR_ioprio_set) && defined(__NR_ioprio_set)
9782     case TARGET_NR_ioprio_set:
9783         ret = get_errno(ioprio_set(arg1, arg2, arg3));
9784         break;
9785 #endif
9786 
9787 #if defined(TARGET_NR_setns) && defined(CONFIG_SETNS)
9788     case TARGET_NR_setns:
9789         ret = get_errno(setns(arg1, arg2));
9790         break;
9791 #endif
9792 #if defined(TARGET_NR_unshare) && defined(CONFIG_SETNS)
9793     case TARGET_NR_unshare:
9794         ret = get_errno(unshare(arg1));
9795         break;
9796 #endif
9797 
9798     default:
9799     unimplemented:
9800         gemu_log("qemu: Unsupported syscall: %d\n", num);
9801 #if defined(TARGET_NR_setxattr) || defined(TARGET_NR_get_thread_area) || defined(TARGET_NR_getdomainname) || defined(TARGET_NR_set_robust_list)
9802     unimplemented_nowarn:
9803 #endif
9804         ret = -TARGET_ENOSYS;
9805         break;
9806     }
9807 fail:
9808 #ifdef DEBUG
9809     gemu_log(" = " TARGET_ABI_FMT_ld "\n", ret);
9810 #endif
9811     if(do_strace)
9812         print_syscall_ret(num, ret);
9813     return ret;
9814 efault:
9815     ret = -TARGET_EFAULT;
9816     goto fail;
9817 }
9818