xref: /openbmc/qemu/linux-user/syscall.c (revision 48151859)
1 /*
2  *  Linux syscalls
3  *
4  *  Copyright (c) 2003 Fabrice Bellard
5  *
6  *  This program is free software; you can redistribute it and/or modify
7  *  it under the terms of the GNU General Public License as published by
8  *  the Free Software Foundation; either version 2 of the License, or
9  *  (at your option) any later version.
10  *
11  *  This program is distributed in the hope that it will be useful,
12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  *  GNU General Public License for more details.
15  *
16  *  You should have received a copy of the GNU General Public License
17  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
18  */
19 #define _ATFILE_SOURCE
20 #include "qemu/osdep.h"
21 #include "qemu/cutils.h"
22 #include "qemu/path.h"
23 #include <elf.h>
24 #include <endian.h>
25 #include <grp.h>
26 #include <sys/ipc.h>
27 #include <sys/msg.h>
28 #include <sys/wait.h>
29 #include <sys/mount.h>
30 #include <sys/file.h>
31 #include <sys/fsuid.h>
32 #include <sys/personality.h>
33 #include <sys/prctl.h>
34 #include <sys/resource.h>
35 #include <sys/swap.h>
36 #include <linux/capability.h>
37 #include <sched.h>
38 #ifdef __ia64__
39 int __clone2(int (*fn)(void *), void *child_stack_base,
40              size_t stack_size, int flags, void *arg, ...);
41 #endif
42 #include <sys/socket.h>
43 #include <sys/un.h>
44 #include <sys/uio.h>
45 #include <sys/poll.h>
46 #include <sys/times.h>
47 #include <sys/shm.h>
48 #include <sys/sem.h>
49 #include <sys/statfs.h>
50 #include <utime.h>
51 #include <sys/sysinfo.h>
52 #include <sys/signalfd.h>
53 //#include <sys/user.h>
54 #include <netinet/ip.h>
55 #include <netinet/tcp.h>
56 #include <linux/wireless.h>
57 #include <linux/icmp.h>
58 #include "qemu-common.h"
59 #ifdef CONFIG_TIMERFD
60 #include <sys/timerfd.h>
61 #endif
62 #ifdef TARGET_GPROF
63 #include <sys/gmon.h>
64 #endif
65 #ifdef CONFIG_EVENTFD
66 #include <sys/eventfd.h>
67 #endif
68 #ifdef CONFIG_EPOLL
69 #include <sys/epoll.h>
70 #endif
71 #ifdef CONFIG_ATTR
72 #include "qemu/xattr.h"
73 #endif
74 #ifdef CONFIG_SENDFILE
75 #include <sys/sendfile.h>
76 #endif
77 
78 #define termios host_termios
79 #define winsize host_winsize
80 #define termio host_termio
81 #define sgttyb host_sgttyb /* same as target */
82 #define tchars host_tchars /* same as target */
83 #define ltchars host_ltchars /* same as target */
84 
85 #include <linux/termios.h>
86 #include <linux/unistd.h>
87 #include <linux/cdrom.h>
88 #include <linux/hdreg.h>
89 #include <linux/soundcard.h>
90 #include <linux/kd.h>
91 #include <linux/mtio.h>
92 #include <linux/fs.h>
93 #if defined(CONFIG_FIEMAP)
94 #include <linux/fiemap.h>
95 #endif
96 #include <linux/fb.h>
97 #include <linux/vt.h>
98 #include <linux/dm-ioctl.h>
99 #include <linux/reboot.h>
100 #include <linux/route.h>
101 #include <linux/filter.h>
102 #include <linux/blkpg.h>
103 #include <linux/netlink.h>
104 #ifdef CONFIG_RTNETLINK
105 #include <linux/rtnetlink.h>
106 #endif
107 #include <linux/audit.h>
108 #include "linux_loop.h"
109 #include "uname.h"
110 
111 #include "qemu.h"
112 
113 #define CLONE_NPTL_FLAGS2 (CLONE_SETTLS | \
114     CLONE_PARENT_SETTID | CLONE_CHILD_SETTID | CLONE_CHILD_CLEARTID)
115 
116 //#define DEBUG
117 /* Define DEBUG_ERESTARTSYS to force every syscall to be restarted
118  * once. This exercises the codepaths for restart.
119  */
120 //#define DEBUG_ERESTARTSYS
121 
122 //#include <linux/msdos_fs.h>
123 #define	VFAT_IOCTL_READDIR_BOTH		_IOR('r', 1, struct linux_dirent [2])
124 #define	VFAT_IOCTL_READDIR_SHORT	_IOR('r', 2, struct linux_dirent [2])
125 
126 #undef _syscall0
127 #undef _syscall1
128 #undef _syscall2
129 #undef _syscall3
130 #undef _syscall4
131 #undef _syscall5
132 #undef _syscall6
133 
134 #define _syscall0(type,name)		\
135 static type name (void)			\
136 {					\
137 	return syscall(__NR_##name);	\
138 }
139 
140 #define _syscall1(type,name,type1,arg1)		\
141 static type name (type1 arg1)			\
142 {						\
143 	return syscall(__NR_##name, arg1);	\
144 }
145 
146 #define _syscall2(type,name,type1,arg1,type2,arg2)	\
147 static type name (type1 arg1,type2 arg2)		\
148 {							\
149 	return syscall(__NR_##name, arg1, arg2);	\
150 }
151 
152 #define _syscall3(type,name,type1,arg1,type2,arg2,type3,arg3)	\
153 static type name (type1 arg1,type2 arg2,type3 arg3)		\
154 {								\
155 	return syscall(__NR_##name, arg1, arg2, arg3);		\
156 }
157 
158 #define _syscall4(type,name,type1,arg1,type2,arg2,type3,arg3,type4,arg4)	\
159 static type name (type1 arg1,type2 arg2,type3 arg3,type4 arg4)			\
160 {										\
161 	return syscall(__NR_##name, arg1, arg2, arg3, arg4);			\
162 }
163 
164 #define _syscall5(type,name,type1,arg1,type2,arg2,type3,arg3,type4,arg4,	\
165 		  type5,arg5)							\
166 static type name (type1 arg1,type2 arg2,type3 arg3,type4 arg4,type5 arg5)	\
167 {										\
168 	return syscall(__NR_##name, arg1, arg2, arg3, arg4, arg5);		\
169 }
170 
171 
172 #define _syscall6(type,name,type1,arg1,type2,arg2,type3,arg3,type4,arg4,	\
173 		  type5,arg5,type6,arg6)					\
174 static type name (type1 arg1,type2 arg2,type3 arg3,type4 arg4,type5 arg5,	\
175                   type6 arg6)							\
176 {										\
177 	return syscall(__NR_##name, arg1, arg2, arg3, arg4, arg5, arg6);	\
178 }
179 
180 
181 #define __NR_sys_uname __NR_uname
182 #define __NR_sys_getcwd1 __NR_getcwd
183 #define __NR_sys_getdents __NR_getdents
184 #define __NR_sys_getdents64 __NR_getdents64
185 #define __NR_sys_getpriority __NR_getpriority
186 #define __NR_sys_rt_sigqueueinfo __NR_rt_sigqueueinfo
187 #define __NR_sys_syslog __NR_syslog
188 #define __NR_sys_futex __NR_futex
189 #define __NR_sys_inotify_init __NR_inotify_init
190 #define __NR_sys_inotify_add_watch __NR_inotify_add_watch
191 #define __NR_sys_inotify_rm_watch __NR_inotify_rm_watch
192 
193 #if defined(__alpha__) || defined (__ia64__) || defined(__x86_64__) || \
194     defined(__s390x__)
195 #define __NR__llseek __NR_lseek
196 #endif
197 
198 /* Newer kernel ports have llseek() instead of _llseek() */
199 #if defined(TARGET_NR_llseek) && !defined(TARGET_NR__llseek)
200 #define TARGET_NR__llseek TARGET_NR_llseek
201 #endif
202 
203 #ifdef __NR_gettid
204 _syscall0(int, gettid)
205 #else
206 /* This is a replacement for the host gettid() and must return a host
207    errno. */
208 static int gettid(void) {
209     return -ENOSYS;
210 }
211 #endif
212 #if defined(TARGET_NR_getdents) && defined(__NR_getdents)
213 _syscall3(int, sys_getdents, uint, fd, struct linux_dirent *, dirp, uint, count);
214 #endif
215 #if !defined(__NR_getdents) || \
216     (defined(TARGET_NR_getdents64) && defined(__NR_getdents64))
217 _syscall3(int, sys_getdents64, uint, fd, struct linux_dirent64 *, dirp, uint, count);
218 #endif
219 #if defined(TARGET_NR__llseek) && defined(__NR_llseek)
220 _syscall5(int, _llseek,  uint,  fd, ulong, hi, ulong, lo,
221           loff_t *, res, uint, wh);
222 #endif
223 _syscall3(int,sys_rt_sigqueueinfo,int,pid,int,sig,siginfo_t *,uinfo)
224 _syscall3(int,sys_syslog,int,type,char*,bufp,int,len)
225 #ifdef __NR_exit_group
226 _syscall1(int,exit_group,int,error_code)
227 #endif
228 #if defined(TARGET_NR_set_tid_address) && defined(__NR_set_tid_address)
229 _syscall1(int,set_tid_address,int *,tidptr)
230 #endif
231 #if defined(TARGET_NR_futex) && defined(__NR_futex)
232 _syscall6(int,sys_futex,int *,uaddr,int,op,int,val,
233           const struct timespec *,timeout,int *,uaddr2,int,val3)
234 #endif
235 #define __NR_sys_sched_getaffinity __NR_sched_getaffinity
236 _syscall3(int, sys_sched_getaffinity, pid_t, pid, unsigned int, len,
237           unsigned long *, user_mask_ptr);
238 #define __NR_sys_sched_setaffinity __NR_sched_setaffinity
239 _syscall3(int, sys_sched_setaffinity, pid_t, pid, unsigned int, len,
240           unsigned long *, user_mask_ptr);
241 _syscall4(int, reboot, int, magic1, int, magic2, unsigned int, cmd,
242           void *, arg);
243 _syscall2(int, capget, struct __user_cap_header_struct *, header,
244           struct __user_cap_data_struct *, data);
245 _syscall2(int, capset, struct __user_cap_header_struct *, header,
246           struct __user_cap_data_struct *, data);
247 #if defined(TARGET_NR_ioprio_get) && defined(__NR_ioprio_get)
248 _syscall2(int, ioprio_get, int, which, int, who)
249 #endif
250 #if defined(TARGET_NR_ioprio_set) && defined(__NR_ioprio_set)
251 _syscall3(int, ioprio_set, int, which, int, who, int, ioprio)
252 #endif
253 #if defined(TARGET_NR_getrandom) && defined(__NR_getrandom)
254 _syscall3(int, getrandom, void *, buf, size_t, buflen, unsigned int, flags)
255 #endif
256 
257 static bitmask_transtbl fcntl_flags_tbl[] = {
258   { TARGET_O_ACCMODE,   TARGET_O_WRONLY,    O_ACCMODE,   O_WRONLY,    },
259   { TARGET_O_ACCMODE,   TARGET_O_RDWR,      O_ACCMODE,   O_RDWR,      },
260   { TARGET_O_CREAT,     TARGET_O_CREAT,     O_CREAT,     O_CREAT,     },
261   { TARGET_O_EXCL,      TARGET_O_EXCL,      O_EXCL,      O_EXCL,      },
262   { TARGET_O_NOCTTY,    TARGET_O_NOCTTY,    O_NOCTTY,    O_NOCTTY,    },
263   { TARGET_O_TRUNC,     TARGET_O_TRUNC,     O_TRUNC,     O_TRUNC,     },
264   { TARGET_O_APPEND,    TARGET_O_APPEND,    O_APPEND,    O_APPEND,    },
265   { TARGET_O_NONBLOCK,  TARGET_O_NONBLOCK,  O_NONBLOCK,  O_NONBLOCK,  },
266   { TARGET_O_SYNC,      TARGET_O_DSYNC,     O_SYNC,      O_DSYNC,     },
267   { TARGET_O_SYNC,      TARGET_O_SYNC,      O_SYNC,      O_SYNC,      },
268   { TARGET_FASYNC,      TARGET_FASYNC,      FASYNC,      FASYNC,      },
269   { TARGET_O_DIRECTORY, TARGET_O_DIRECTORY, O_DIRECTORY, O_DIRECTORY, },
270   { TARGET_O_NOFOLLOW,  TARGET_O_NOFOLLOW,  O_NOFOLLOW,  O_NOFOLLOW,  },
271 #if defined(O_DIRECT)
272   { TARGET_O_DIRECT,    TARGET_O_DIRECT,    O_DIRECT,    O_DIRECT,    },
273 #endif
274 #if defined(O_NOATIME)
275   { TARGET_O_NOATIME,   TARGET_O_NOATIME,   O_NOATIME,   O_NOATIME    },
276 #endif
277 #if defined(O_CLOEXEC)
278   { TARGET_O_CLOEXEC,   TARGET_O_CLOEXEC,   O_CLOEXEC,   O_CLOEXEC    },
279 #endif
280 #if defined(O_PATH)
281   { TARGET_O_PATH,      TARGET_O_PATH,      O_PATH,      O_PATH       },
282 #endif
283   /* Don't terminate the list prematurely on 64-bit host+guest.  */
284 #if TARGET_O_LARGEFILE != 0 || O_LARGEFILE != 0
285   { TARGET_O_LARGEFILE, TARGET_O_LARGEFILE, O_LARGEFILE, O_LARGEFILE, },
286 #endif
287   { 0, 0, 0, 0 }
288 };
289 
290 typedef abi_long (*TargetFdDataFunc)(void *, size_t);
291 typedef abi_long (*TargetFdAddrFunc)(void *, abi_ulong, socklen_t);
292 typedef struct TargetFdTrans {
293     TargetFdDataFunc host_to_target_data;
294     TargetFdDataFunc target_to_host_data;
295     TargetFdAddrFunc target_to_host_addr;
296 } TargetFdTrans;
297 
298 static TargetFdTrans **target_fd_trans;
299 
300 static unsigned int target_fd_max;
301 
302 static TargetFdDataFunc fd_trans_target_to_host_data(int fd)
303 {
304     if (fd >= 0 && fd < target_fd_max && target_fd_trans[fd]) {
305         return target_fd_trans[fd]->target_to_host_data;
306     }
307     return NULL;
308 }
309 
310 static TargetFdDataFunc fd_trans_host_to_target_data(int fd)
311 {
312     if (fd >= 0 && fd < target_fd_max && target_fd_trans[fd]) {
313         return target_fd_trans[fd]->host_to_target_data;
314     }
315     return NULL;
316 }
317 
318 static TargetFdAddrFunc fd_trans_target_to_host_addr(int fd)
319 {
320     if (fd >= 0 && fd < target_fd_max && target_fd_trans[fd]) {
321         return target_fd_trans[fd]->target_to_host_addr;
322     }
323     return NULL;
324 }
325 
326 static void fd_trans_register(int fd, TargetFdTrans *trans)
327 {
328     unsigned int oldmax;
329 
330     if (fd >= target_fd_max) {
331         oldmax = target_fd_max;
332         target_fd_max = ((fd >> 6) + 1) << 6; /* by slice of 64 entries */
333         target_fd_trans = g_renew(TargetFdTrans *,
334                                   target_fd_trans, target_fd_max);
335         memset((void *)(target_fd_trans + oldmax), 0,
336                (target_fd_max - oldmax) * sizeof(TargetFdTrans *));
337     }
338     target_fd_trans[fd] = trans;
339 }
340 
341 static void fd_trans_unregister(int fd)
342 {
343     if (fd >= 0 && fd < target_fd_max) {
344         target_fd_trans[fd] = NULL;
345     }
346 }
347 
348 static void fd_trans_dup(int oldfd, int newfd)
349 {
350     fd_trans_unregister(newfd);
351     if (oldfd < target_fd_max && target_fd_trans[oldfd]) {
352         fd_trans_register(newfd, target_fd_trans[oldfd]);
353     }
354 }
355 
356 static int sys_getcwd1(char *buf, size_t size)
357 {
358   if (getcwd(buf, size) == NULL) {
359       /* getcwd() sets errno */
360       return (-1);
361   }
362   return strlen(buf)+1;
363 }
364 
365 #ifdef TARGET_NR_utimensat
366 #ifdef CONFIG_UTIMENSAT
367 static int sys_utimensat(int dirfd, const char *pathname,
368     const struct timespec times[2], int flags)
369 {
370     if (pathname == NULL)
371         return futimens(dirfd, times);
372     else
373         return utimensat(dirfd, pathname, times, flags);
374 }
375 #elif defined(__NR_utimensat)
376 #define __NR_sys_utimensat __NR_utimensat
377 _syscall4(int,sys_utimensat,int,dirfd,const char *,pathname,
378           const struct timespec *,tsp,int,flags)
379 #else
380 static int sys_utimensat(int dirfd, const char *pathname,
381                          const struct timespec times[2], int flags)
382 {
383     errno = ENOSYS;
384     return -1;
385 }
386 #endif
387 #endif /* TARGET_NR_utimensat */
388 
389 #ifdef CONFIG_INOTIFY
390 #include <sys/inotify.h>
391 
392 #if defined(TARGET_NR_inotify_init) && defined(__NR_inotify_init)
393 static int sys_inotify_init(void)
394 {
395   return (inotify_init());
396 }
397 #endif
398 #if defined(TARGET_NR_inotify_add_watch) && defined(__NR_inotify_add_watch)
399 static int sys_inotify_add_watch(int fd,const char *pathname, int32_t mask)
400 {
401   return (inotify_add_watch(fd, pathname, mask));
402 }
403 #endif
404 #if defined(TARGET_NR_inotify_rm_watch) && defined(__NR_inotify_rm_watch)
405 static int sys_inotify_rm_watch(int fd, int32_t wd)
406 {
407   return (inotify_rm_watch(fd, wd));
408 }
409 #endif
410 #ifdef CONFIG_INOTIFY1
411 #if defined(TARGET_NR_inotify_init1) && defined(__NR_inotify_init1)
412 static int sys_inotify_init1(int flags)
413 {
414   return (inotify_init1(flags));
415 }
416 #endif
417 #endif
418 #else
419 /* Userspace can usually survive runtime without inotify */
420 #undef TARGET_NR_inotify_init
421 #undef TARGET_NR_inotify_init1
422 #undef TARGET_NR_inotify_add_watch
423 #undef TARGET_NR_inotify_rm_watch
424 #endif /* CONFIG_INOTIFY  */
425 
426 #if defined(TARGET_NR_prlimit64)
427 #ifndef __NR_prlimit64
428 # define __NR_prlimit64 -1
429 #endif
430 #define __NR_sys_prlimit64 __NR_prlimit64
431 /* The glibc rlimit structure may not be that used by the underlying syscall */
432 struct host_rlimit64 {
433     uint64_t rlim_cur;
434     uint64_t rlim_max;
435 };
436 _syscall4(int, sys_prlimit64, pid_t, pid, int, resource,
437           const struct host_rlimit64 *, new_limit,
438           struct host_rlimit64 *, old_limit)
439 #endif
440 
441 
442 #if defined(TARGET_NR_timer_create)
443 /* Maxiumum of 32 active POSIX timers allowed at any one time. */
444 static timer_t g_posix_timers[32] = { 0, } ;
445 
446 static inline int next_free_host_timer(void)
447 {
448     int k ;
449     /* FIXME: Does finding the next free slot require a lock? */
450     for (k = 0; k < ARRAY_SIZE(g_posix_timers); k++) {
451         if (g_posix_timers[k] == 0) {
452             g_posix_timers[k] = (timer_t) 1;
453             return k;
454         }
455     }
456     return -1;
457 }
458 #endif
459 
460 /* ARM EABI and MIPS expect 64bit types aligned even on pairs or registers */
461 #ifdef TARGET_ARM
462 static inline int regpairs_aligned(void *cpu_env) {
463     return ((((CPUARMState *)cpu_env)->eabi) == 1) ;
464 }
465 #elif defined(TARGET_MIPS)
466 static inline int regpairs_aligned(void *cpu_env) { return 1; }
467 #elif defined(TARGET_PPC) && !defined(TARGET_PPC64)
468 /* SysV AVI for PPC32 expects 64bit parameters to be passed on odd/even pairs
469  * of registers which translates to the same as ARM/MIPS, because we start with
470  * r3 as arg1 */
471 static inline int regpairs_aligned(void *cpu_env) { return 1; }
472 #else
473 static inline int regpairs_aligned(void *cpu_env) { return 0; }
474 #endif
475 
476 #define ERRNO_TABLE_SIZE 1200
477 
478 /* target_to_host_errno_table[] is initialized from
479  * host_to_target_errno_table[] in syscall_init(). */
480 static uint16_t target_to_host_errno_table[ERRNO_TABLE_SIZE] = {
481 };
482 
483 /*
484  * This list is the union of errno values overridden in asm-<arch>/errno.h
485  * minus the errnos that are not actually generic to all archs.
486  */
487 static uint16_t host_to_target_errno_table[ERRNO_TABLE_SIZE] = {
488     [EAGAIN]		= TARGET_EAGAIN,
489     [EIDRM]		= TARGET_EIDRM,
490     [ECHRNG]		= TARGET_ECHRNG,
491     [EL2NSYNC]		= TARGET_EL2NSYNC,
492     [EL3HLT]		= TARGET_EL3HLT,
493     [EL3RST]		= TARGET_EL3RST,
494     [ELNRNG]		= TARGET_ELNRNG,
495     [EUNATCH]		= TARGET_EUNATCH,
496     [ENOCSI]		= TARGET_ENOCSI,
497     [EL2HLT]		= TARGET_EL2HLT,
498     [EDEADLK]		= TARGET_EDEADLK,
499     [ENOLCK]		= TARGET_ENOLCK,
500     [EBADE]		= TARGET_EBADE,
501     [EBADR]		= TARGET_EBADR,
502     [EXFULL]		= TARGET_EXFULL,
503     [ENOANO]		= TARGET_ENOANO,
504     [EBADRQC]		= TARGET_EBADRQC,
505     [EBADSLT]		= TARGET_EBADSLT,
506     [EBFONT]		= TARGET_EBFONT,
507     [ENOSTR]		= TARGET_ENOSTR,
508     [ENODATA]		= TARGET_ENODATA,
509     [ETIME]		= TARGET_ETIME,
510     [ENOSR]		= TARGET_ENOSR,
511     [ENONET]		= TARGET_ENONET,
512     [ENOPKG]		= TARGET_ENOPKG,
513     [EREMOTE]		= TARGET_EREMOTE,
514     [ENOLINK]		= TARGET_ENOLINK,
515     [EADV]		= TARGET_EADV,
516     [ESRMNT]		= TARGET_ESRMNT,
517     [ECOMM]		= TARGET_ECOMM,
518     [EPROTO]		= TARGET_EPROTO,
519     [EDOTDOT]		= TARGET_EDOTDOT,
520     [EMULTIHOP]		= TARGET_EMULTIHOP,
521     [EBADMSG]		= TARGET_EBADMSG,
522     [ENAMETOOLONG]	= TARGET_ENAMETOOLONG,
523     [EOVERFLOW]		= TARGET_EOVERFLOW,
524     [ENOTUNIQ]		= TARGET_ENOTUNIQ,
525     [EBADFD]		= TARGET_EBADFD,
526     [EREMCHG]		= TARGET_EREMCHG,
527     [ELIBACC]		= TARGET_ELIBACC,
528     [ELIBBAD]		= TARGET_ELIBBAD,
529     [ELIBSCN]		= TARGET_ELIBSCN,
530     [ELIBMAX]		= TARGET_ELIBMAX,
531     [ELIBEXEC]		= TARGET_ELIBEXEC,
532     [EILSEQ]		= TARGET_EILSEQ,
533     [ENOSYS]		= TARGET_ENOSYS,
534     [ELOOP]		= TARGET_ELOOP,
535     [ERESTART]		= TARGET_ERESTART,
536     [ESTRPIPE]		= TARGET_ESTRPIPE,
537     [ENOTEMPTY]		= TARGET_ENOTEMPTY,
538     [EUSERS]		= TARGET_EUSERS,
539     [ENOTSOCK]		= TARGET_ENOTSOCK,
540     [EDESTADDRREQ]	= TARGET_EDESTADDRREQ,
541     [EMSGSIZE]		= TARGET_EMSGSIZE,
542     [EPROTOTYPE]	= TARGET_EPROTOTYPE,
543     [ENOPROTOOPT]	= TARGET_ENOPROTOOPT,
544     [EPROTONOSUPPORT]	= TARGET_EPROTONOSUPPORT,
545     [ESOCKTNOSUPPORT]	= TARGET_ESOCKTNOSUPPORT,
546     [EOPNOTSUPP]	= TARGET_EOPNOTSUPP,
547     [EPFNOSUPPORT]	= TARGET_EPFNOSUPPORT,
548     [EAFNOSUPPORT]	= TARGET_EAFNOSUPPORT,
549     [EADDRINUSE]	= TARGET_EADDRINUSE,
550     [EADDRNOTAVAIL]	= TARGET_EADDRNOTAVAIL,
551     [ENETDOWN]		= TARGET_ENETDOWN,
552     [ENETUNREACH]	= TARGET_ENETUNREACH,
553     [ENETRESET]		= TARGET_ENETRESET,
554     [ECONNABORTED]	= TARGET_ECONNABORTED,
555     [ECONNRESET]	= TARGET_ECONNRESET,
556     [ENOBUFS]		= TARGET_ENOBUFS,
557     [EISCONN]		= TARGET_EISCONN,
558     [ENOTCONN]		= TARGET_ENOTCONN,
559     [EUCLEAN]		= TARGET_EUCLEAN,
560     [ENOTNAM]		= TARGET_ENOTNAM,
561     [ENAVAIL]		= TARGET_ENAVAIL,
562     [EISNAM]		= TARGET_EISNAM,
563     [EREMOTEIO]		= TARGET_EREMOTEIO,
564     [ESHUTDOWN]		= TARGET_ESHUTDOWN,
565     [ETOOMANYREFS]	= TARGET_ETOOMANYREFS,
566     [ETIMEDOUT]		= TARGET_ETIMEDOUT,
567     [ECONNREFUSED]	= TARGET_ECONNREFUSED,
568     [EHOSTDOWN]		= TARGET_EHOSTDOWN,
569     [EHOSTUNREACH]	= TARGET_EHOSTUNREACH,
570     [EALREADY]		= TARGET_EALREADY,
571     [EINPROGRESS]	= TARGET_EINPROGRESS,
572     [ESTALE]		= TARGET_ESTALE,
573     [ECANCELED]		= TARGET_ECANCELED,
574     [ENOMEDIUM]		= TARGET_ENOMEDIUM,
575     [EMEDIUMTYPE]	= TARGET_EMEDIUMTYPE,
576 #ifdef ENOKEY
577     [ENOKEY]		= TARGET_ENOKEY,
578 #endif
579 #ifdef EKEYEXPIRED
580     [EKEYEXPIRED]	= TARGET_EKEYEXPIRED,
581 #endif
582 #ifdef EKEYREVOKED
583     [EKEYREVOKED]	= TARGET_EKEYREVOKED,
584 #endif
585 #ifdef EKEYREJECTED
586     [EKEYREJECTED]	= TARGET_EKEYREJECTED,
587 #endif
588 #ifdef EOWNERDEAD
589     [EOWNERDEAD]	= TARGET_EOWNERDEAD,
590 #endif
591 #ifdef ENOTRECOVERABLE
592     [ENOTRECOVERABLE]	= TARGET_ENOTRECOVERABLE,
593 #endif
594 };
595 
596 static inline int host_to_target_errno(int err)
597 {
598     if (err >= 0 && err < ERRNO_TABLE_SIZE &&
599         host_to_target_errno_table[err]) {
600         return host_to_target_errno_table[err];
601     }
602     return err;
603 }
604 
605 static inline int target_to_host_errno(int err)
606 {
607     if (err >= 0 && err < ERRNO_TABLE_SIZE &&
608         target_to_host_errno_table[err]) {
609         return target_to_host_errno_table[err];
610     }
611     return err;
612 }
613 
614 static inline abi_long get_errno(abi_long ret)
615 {
616     if (ret == -1)
617         return -host_to_target_errno(errno);
618     else
619         return ret;
620 }
621 
622 static inline int is_error(abi_long ret)
623 {
624     return (abi_ulong)ret >= (abi_ulong)(-4096);
625 }
626 
627 const char *target_strerror(int err)
628 {
629     if (err == TARGET_ERESTARTSYS) {
630         return "To be restarted";
631     }
632     if (err == TARGET_QEMU_ESIGRETURN) {
633         return "Successful exit from sigreturn";
634     }
635 
636     if ((err >= ERRNO_TABLE_SIZE) || (err < 0)) {
637         return NULL;
638     }
639     return strerror(target_to_host_errno(err));
640 }
641 
642 #define safe_syscall0(type, name) \
643 static type safe_##name(void) \
644 { \
645     return safe_syscall(__NR_##name); \
646 }
647 
648 #define safe_syscall1(type, name, type1, arg1) \
649 static type safe_##name(type1 arg1) \
650 { \
651     return safe_syscall(__NR_##name, arg1); \
652 }
653 
654 #define safe_syscall2(type, name, type1, arg1, type2, arg2) \
655 static type safe_##name(type1 arg1, type2 arg2) \
656 { \
657     return safe_syscall(__NR_##name, arg1, arg2); \
658 }
659 
660 #define safe_syscall3(type, name, type1, arg1, type2, arg2, type3, arg3) \
661 static type safe_##name(type1 arg1, type2 arg2, type3 arg3) \
662 { \
663     return safe_syscall(__NR_##name, arg1, arg2, arg3); \
664 }
665 
666 #define safe_syscall4(type, name, type1, arg1, type2, arg2, type3, arg3, \
667     type4, arg4) \
668 static type safe_##name(type1 arg1, type2 arg2, type3 arg3, type4 arg4) \
669 { \
670     return safe_syscall(__NR_##name, arg1, arg2, arg3, arg4); \
671 }
672 
673 #define safe_syscall5(type, name, type1, arg1, type2, arg2, type3, arg3, \
674     type4, arg4, type5, arg5) \
675 static type safe_##name(type1 arg1, type2 arg2, type3 arg3, type4 arg4, \
676     type5 arg5) \
677 { \
678     return safe_syscall(__NR_##name, arg1, arg2, arg3, arg4, arg5); \
679 }
680 
681 #define safe_syscall6(type, name, type1, arg1, type2, arg2, type3, arg3, \
682     type4, arg4, type5, arg5, type6, arg6) \
683 static type safe_##name(type1 arg1, type2 arg2, type3 arg3, type4 arg4, \
684     type5 arg5, type6 arg6) \
685 { \
686     return safe_syscall(__NR_##name, arg1, arg2, arg3, arg4, arg5, arg6); \
687 }
688 
689 safe_syscall3(ssize_t, read, int, fd, void *, buff, size_t, count)
690 safe_syscall3(ssize_t, write, int, fd, const void *, buff, size_t, count)
691 safe_syscall4(int, openat, int, dirfd, const char *, pathname, \
692               int, flags, mode_t, mode)
693 safe_syscall4(pid_t, wait4, pid_t, pid, int *, status, int, options, \
694               struct rusage *, rusage)
695 safe_syscall5(int, waitid, idtype_t, idtype, id_t, id, siginfo_t *, infop, \
696               int, options, struct rusage *, rusage)
697 safe_syscall3(int, execve, const char *, filename, char **, argv, char **, envp)
698 safe_syscall6(int, pselect6, int, nfds, fd_set *, readfds, fd_set *, writefds, \
699               fd_set *, exceptfds, struct timespec *, timeout, void *, sig)
700 safe_syscall5(int, ppoll, struct pollfd *, ufds, unsigned int, nfds,
701               struct timespec *, tsp, const sigset_t *, sigmask,
702               size_t, sigsetsize)
703 safe_syscall6(int, epoll_pwait, int, epfd, struct epoll_event *, events,
704               int, maxevents, int, timeout, const sigset_t *, sigmask,
705               size_t, sigsetsize)
706 safe_syscall6(int,futex,int *,uaddr,int,op,int,val, \
707               const struct timespec *,timeout,int *,uaddr2,int,val3)
708 safe_syscall2(int, rt_sigsuspend, sigset_t *, newset, size_t, sigsetsize)
709 safe_syscall2(int, kill, pid_t, pid, int, sig)
710 safe_syscall2(int, tkill, int, tid, int, sig)
711 safe_syscall3(int, tgkill, int, tgid, int, pid, int, sig)
712 safe_syscall3(ssize_t, readv, int, fd, const struct iovec *, iov, int, iovcnt)
713 safe_syscall3(ssize_t, writev, int, fd, const struct iovec *, iov, int, iovcnt)
714 safe_syscall3(int, connect, int, fd, const struct sockaddr *, addr,
715               socklen_t, addrlen)
716 safe_syscall6(ssize_t, sendto, int, fd, const void *, buf, size_t, len,
717               int, flags, const struct sockaddr *, addr, socklen_t, addrlen)
718 safe_syscall6(ssize_t, recvfrom, int, fd, void *, buf, size_t, len,
719               int, flags, struct sockaddr *, addr, socklen_t *, addrlen)
720 safe_syscall3(ssize_t, sendmsg, int, fd, const struct msghdr *, msg, int, flags)
721 safe_syscall3(ssize_t, recvmsg, int, fd, struct msghdr *, msg, int, flags)
722 safe_syscall2(int, flock, int, fd, int, operation)
723 safe_syscall4(int, rt_sigtimedwait, const sigset_t *, these, siginfo_t *, uinfo,
724               const struct timespec *, uts, size_t, sigsetsize)
725 safe_syscall4(int, accept4, int, fd, struct sockaddr *, addr, socklen_t *, len,
726               int, flags)
727 safe_syscall2(int, nanosleep, const struct timespec *, req,
728               struct timespec *, rem)
729 #ifdef TARGET_NR_clock_nanosleep
730 safe_syscall4(int, clock_nanosleep, const clockid_t, clock, int, flags,
731               const struct timespec *, req, struct timespec *, rem)
732 #endif
733 #ifdef __NR_msgsnd
734 safe_syscall4(int, msgsnd, int, msgid, const void *, msgp, size_t, sz,
735               int, flags)
736 safe_syscall5(int, msgrcv, int, msgid, void *, msgp, size_t, sz,
737               long, msgtype, int, flags)
738 safe_syscall4(int, semtimedop, int, semid, struct sembuf *, tsops,
739               unsigned, nsops, const struct timespec *, timeout)
740 #else
741 /* This host kernel architecture uses a single ipc syscall; fake up
742  * wrappers for the sub-operations to hide this implementation detail.
743  * Annoyingly we can't include linux/ipc.h to get the constant definitions
744  * for the call parameter because some structs in there conflict with the
745  * sys/ipc.h ones. So we just define them here, and rely on them being
746  * the same for all host architectures.
747  */
748 #define Q_SEMTIMEDOP 4
749 #define Q_MSGSND 11
750 #define Q_MSGRCV 12
751 #define Q_IPCCALL(VERSION, OP) ((VERSION) << 16 | (OP))
752 
753 safe_syscall6(int, ipc, int, call, long, first, long, second, long, third,
754               void *, ptr, long, fifth)
755 static int safe_msgsnd(int msgid, const void *msgp, size_t sz, int flags)
756 {
757     return safe_ipc(Q_IPCCALL(0, Q_MSGSND), msgid, sz, flags, (void *)msgp, 0);
758 }
759 static int safe_msgrcv(int msgid, void *msgp, size_t sz, long type, int flags)
760 {
761     return safe_ipc(Q_IPCCALL(1, Q_MSGRCV), msgid, sz, flags, msgp, type);
762 }
763 static int safe_semtimedop(int semid, struct sembuf *tsops, unsigned nsops,
764                            const struct timespec *timeout)
765 {
766     return safe_ipc(Q_IPCCALL(0, Q_SEMTIMEDOP), semid, nsops, 0, tsops,
767                     (long)timeout);
768 }
769 #endif
770 #if defined(TARGET_NR_mq_open) && defined(__NR_mq_open)
771 safe_syscall5(int, mq_timedsend, int, mqdes, const char *, msg_ptr,
772               size_t, len, unsigned, prio, const struct timespec *, timeout)
773 safe_syscall5(int, mq_timedreceive, int, mqdes, char *, msg_ptr,
774               size_t, len, unsigned *, prio, const struct timespec *, timeout)
775 #endif
776 /* We do ioctl like this rather than via safe_syscall3 to preserve the
777  * "third argument might be integer or pointer or not present" behaviour of
778  * the libc function.
779  */
780 #define safe_ioctl(...) safe_syscall(__NR_ioctl, __VA_ARGS__)
781 /* Similarly for fcntl. Note that callers must always:
782  *  pass the F_GETLK64 etc constants rather than the unsuffixed F_GETLK
783  *  use the flock64 struct rather than unsuffixed flock
784  * This will then work and use a 64-bit offset for both 32-bit and 64-bit hosts.
785  */
786 #ifdef __NR_fcntl64
787 #define safe_fcntl(...) safe_syscall(__NR_fcntl64, __VA_ARGS__)
788 #else
789 #define safe_fcntl(...) safe_syscall(__NR_fcntl, __VA_ARGS__)
790 #endif
791 
792 static inline int host_to_target_sock_type(int host_type)
793 {
794     int target_type;
795 
796     switch (host_type & 0xf /* SOCK_TYPE_MASK */) {
797     case SOCK_DGRAM:
798         target_type = TARGET_SOCK_DGRAM;
799         break;
800     case SOCK_STREAM:
801         target_type = TARGET_SOCK_STREAM;
802         break;
803     default:
804         target_type = host_type & 0xf /* SOCK_TYPE_MASK */;
805         break;
806     }
807 
808 #if defined(SOCK_CLOEXEC)
809     if (host_type & SOCK_CLOEXEC) {
810         target_type |= TARGET_SOCK_CLOEXEC;
811     }
812 #endif
813 
814 #if defined(SOCK_NONBLOCK)
815     if (host_type & SOCK_NONBLOCK) {
816         target_type |= TARGET_SOCK_NONBLOCK;
817     }
818 #endif
819 
820     return target_type;
821 }
822 
823 static abi_ulong target_brk;
824 static abi_ulong target_original_brk;
825 static abi_ulong brk_page;
826 
827 void target_set_brk(abi_ulong new_brk)
828 {
829     target_original_brk = target_brk = HOST_PAGE_ALIGN(new_brk);
830     brk_page = HOST_PAGE_ALIGN(target_brk);
831 }
832 
833 //#define DEBUGF_BRK(message, args...) do { fprintf(stderr, (message), ## args); } while (0)
834 #define DEBUGF_BRK(message, args...)
835 
836 /* do_brk() must return target values and target errnos. */
837 abi_long do_brk(abi_ulong new_brk)
838 {
839     abi_long mapped_addr;
840     int	new_alloc_size;
841 
842     DEBUGF_BRK("do_brk(" TARGET_ABI_FMT_lx ") -> ", new_brk);
843 
844     if (!new_brk) {
845         DEBUGF_BRK(TARGET_ABI_FMT_lx " (!new_brk)\n", target_brk);
846         return target_brk;
847     }
848     if (new_brk < target_original_brk) {
849         DEBUGF_BRK(TARGET_ABI_FMT_lx " (new_brk < target_original_brk)\n",
850                    target_brk);
851         return target_brk;
852     }
853 
854     /* If the new brk is less than the highest page reserved to the
855      * target heap allocation, set it and we're almost done...  */
856     if (new_brk <= brk_page) {
857         /* Heap contents are initialized to zero, as for anonymous
858          * mapped pages.  */
859         if (new_brk > target_brk) {
860             memset(g2h(target_brk), 0, new_brk - target_brk);
861         }
862 	target_brk = new_brk;
863         DEBUGF_BRK(TARGET_ABI_FMT_lx " (new_brk <= brk_page)\n", target_brk);
864     	return target_brk;
865     }
866 
867     /* We need to allocate more memory after the brk... Note that
868      * we don't use MAP_FIXED because that will map over the top of
869      * any existing mapping (like the one with the host libc or qemu
870      * itself); instead we treat "mapped but at wrong address" as
871      * a failure and unmap again.
872      */
873     new_alloc_size = HOST_PAGE_ALIGN(new_brk - brk_page);
874     mapped_addr = get_errno(target_mmap(brk_page, new_alloc_size,
875                                         PROT_READ|PROT_WRITE,
876                                         MAP_ANON|MAP_PRIVATE, 0, 0));
877 
878     if (mapped_addr == brk_page) {
879         /* Heap contents are initialized to zero, as for anonymous
880          * mapped pages.  Technically the new pages are already
881          * initialized to zero since they *are* anonymous mapped
882          * pages, however we have to take care with the contents that
883          * come from the remaining part of the previous page: it may
884          * contains garbage data due to a previous heap usage (grown
885          * then shrunken).  */
886         memset(g2h(target_brk), 0, brk_page - target_brk);
887 
888         target_brk = new_brk;
889         brk_page = HOST_PAGE_ALIGN(target_brk);
890         DEBUGF_BRK(TARGET_ABI_FMT_lx " (mapped_addr == brk_page)\n",
891             target_brk);
892         return target_brk;
893     } else if (mapped_addr != -1) {
894         /* Mapped but at wrong address, meaning there wasn't actually
895          * enough space for this brk.
896          */
897         target_munmap(mapped_addr, new_alloc_size);
898         mapped_addr = -1;
899         DEBUGF_BRK(TARGET_ABI_FMT_lx " (mapped_addr != -1)\n", target_brk);
900     }
901     else {
902         DEBUGF_BRK(TARGET_ABI_FMT_lx " (otherwise)\n", target_brk);
903     }
904 
905 #if defined(TARGET_ALPHA)
906     /* We (partially) emulate OSF/1 on Alpha, which requires we
907        return a proper errno, not an unchanged brk value.  */
908     return -TARGET_ENOMEM;
909 #endif
910     /* For everything else, return the previous break. */
911     return target_brk;
912 }
913 
914 static inline abi_long copy_from_user_fdset(fd_set *fds,
915                                             abi_ulong target_fds_addr,
916                                             int n)
917 {
918     int i, nw, j, k;
919     abi_ulong b, *target_fds;
920 
921     nw = DIV_ROUND_UP(n, TARGET_ABI_BITS);
922     if (!(target_fds = lock_user(VERIFY_READ,
923                                  target_fds_addr,
924                                  sizeof(abi_ulong) * nw,
925                                  1)))
926         return -TARGET_EFAULT;
927 
928     FD_ZERO(fds);
929     k = 0;
930     for (i = 0; i < nw; i++) {
931         /* grab the abi_ulong */
932         __get_user(b, &target_fds[i]);
933         for (j = 0; j < TARGET_ABI_BITS; j++) {
934             /* check the bit inside the abi_ulong */
935             if ((b >> j) & 1)
936                 FD_SET(k, fds);
937             k++;
938         }
939     }
940 
941     unlock_user(target_fds, target_fds_addr, 0);
942 
943     return 0;
944 }
945 
946 static inline abi_ulong copy_from_user_fdset_ptr(fd_set *fds, fd_set **fds_ptr,
947                                                  abi_ulong target_fds_addr,
948                                                  int n)
949 {
950     if (target_fds_addr) {
951         if (copy_from_user_fdset(fds, target_fds_addr, n))
952             return -TARGET_EFAULT;
953         *fds_ptr = fds;
954     } else {
955         *fds_ptr = NULL;
956     }
957     return 0;
958 }
959 
960 static inline abi_long copy_to_user_fdset(abi_ulong target_fds_addr,
961                                           const fd_set *fds,
962                                           int n)
963 {
964     int i, nw, j, k;
965     abi_long v;
966     abi_ulong *target_fds;
967 
968     nw = DIV_ROUND_UP(n, TARGET_ABI_BITS);
969     if (!(target_fds = lock_user(VERIFY_WRITE,
970                                  target_fds_addr,
971                                  sizeof(abi_ulong) * nw,
972                                  0)))
973         return -TARGET_EFAULT;
974 
975     k = 0;
976     for (i = 0; i < nw; i++) {
977         v = 0;
978         for (j = 0; j < TARGET_ABI_BITS; j++) {
979             v |= ((abi_ulong)(FD_ISSET(k, fds) != 0) << j);
980             k++;
981         }
982         __put_user(v, &target_fds[i]);
983     }
984 
985     unlock_user(target_fds, target_fds_addr, sizeof(abi_ulong) * nw);
986 
987     return 0;
988 }
989 
990 #if defined(__alpha__)
991 #define HOST_HZ 1024
992 #else
993 #define HOST_HZ 100
994 #endif
995 
996 static inline abi_long host_to_target_clock_t(long ticks)
997 {
998 #if HOST_HZ == TARGET_HZ
999     return ticks;
1000 #else
1001     return ((int64_t)ticks * TARGET_HZ) / HOST_HZ;
1002 #endif
1003 }
1004 
1005 static inline abi_long host_to_target_rusage(abi_ulong target_addr,
1006                                              const struct rusage *rusage)
1007 {
1008     struct target_rusage *target_rusage;
1009 
1010     if (!lock_user_struct(VERIFY_WRITE, target_rusage, target_addr, 0))
1011         return -TARGET_EFAULT;
1012     target_rusage->ru_utime.tv_sec = tswapal(rusage->ru_utime.tv_sec);
1013     target_rusage->ru_utime.tv_usec = tswapal(rusage->ru_utime.tv_usec);
1014     target_rusage->ru_stime.tv_sec = tswapal(rusage->ru_stime.tv_sec);
1015     target_rusage->ru_stime.tv_usec = tswapal(rusage->ru_stime.tv_usec);
1016     target_rusage->ru_maxrss = tswapal(rusage->ru_maxrss);
1017     target_rusage->ru_ixrss = tswapal(rusage->ru_ixrss);
1018     target_rusage->ru_idrss = tswapal(rusage->ru_idrss);
1019     target_rusage->ru_isrss = tswapal(rusage->ru_isrss);
1020     target_rusage->ru_minflt = tswapal(rusage->ru_minflt);
1021     target_rusage->ru_majflt = tswapal(rusage->ru_majflt);
1022     target_rusage->ru_nswap = tswapal(rusage->ru_nswap);
1023     target_rusage->ru_inblock = tswapal(rusage->ru_inblock);
1024     target_rusage->ru_oublock = tswapal(rusage->ru_oublock);
1025     target_rusage->ru_msgsnd = tswapal(rusage->ru_msgsnd);
1026     target_rusage->ru_msgrcv = tswapal(rusage->ru_msgrcv);
1027     target_rusage->ru_nsignals = tswapal(rusage->ru_nsignals);
1028     target_rusage->ru_nvcsw = tswapal(rusage->ru_nvcsw);
1029     target_rusage->ru_nivcsw = tswapal(rusage->ru_nivcsw);
1030     unlock_user_struct(target_rusage, target_addr, 1);
1031 
1032     return 0;
1033 }
1034 
1035 static inline rlim_t target_to_host_rlim(abi_ulong target_rlim)
1036 {
1037     abi_ulong target_rlim_swap;
1038     rlim_t result;
1039 
1040     target_rlim_swap = tswapal(target_rlim);
1041     if (target_rlim_swap == TARGET_RLIM_INFINITY)
1042         return RLIM_INFINITY;
1043 
1044     result = target_rlim_swap;
1045     if (target_rlim_swap != (rlim_t)result)
1046         return RLIM_INFINITY;
1047 
1048     return result;
1049 }
1050 
1051 static inline abi_ulong host_to_target_rlim(rlim_t rlim)
1052 {
1053     abi_ulong target_rlim_swap;
1054     abi_ulong result;
1055 
1056     if (rlim == RLIM_INFINITY || rlim != (abi_long)rlim)
1057         target_rlim_swap = TARGET_RLIM_INFINITY;
1058     else
1059         target_rlim_swap = rlim;
1060     result = tswapal(target_rlim_swap);
1061 
1062     return result;
1063 }
1064 
1065 static inline int target_to_host_resource(int code)
1066 {
1067     switch (code) {
1068     case TARGET_RLIMIT_AS:
1069         return RLIMIT_AS;
1070     case TARGET_RLIMIT_CORE:
1071         return RLIMIT_CORE;
1072     case TARGET_RLIMIT_CPU:
1073         return RLIMIT_CPU;
1074     case TARGET_RLIMIT_DATA:
1075         return RLIMIT_DATA;
1076     case TARGET_RLIMIT_FSIZE:
1077         return RLIMIT_FSIZE;
1078     case TARGET_RLIMIT_LOCKS:
1079         return RLIMIT_LOCKS;
1080     case TARGET_RLIMIT_MEMLOCK:
1081         return RLIMIT_MEMLOCK;
1082     case TARGET_RLIMIT_MSGQUEUE:
1083         return RLIMIT_MSGQUEUE;
1084     case TARGET_RLIMIT_NICE:
1085         return RLIMIT_NICE;
1086     case TARGET_RLIMIT_NOFILE:
1087         return RLIMIT_NOFILE;
1088     case TARGET_RLIMIT_NPROC:
1089         return RLIMIT_NPROC;
1090     case TARGET_RLIMIT_RSS:
1091         return RLIMIT_RSS;
1092     case TARGET_RLIMIT_RTPRIO:
1093         return RLIMIT_RTPRIO;
1094     case TARGET_RLIMIT_SIGPENDING:
1095         return RLIMIT_SIGPENDING;
1096     case TARGET_RLIMIT_STACK:
1097         return RLIMIT_STACK;
1098     default:
1099         return code;
1100     }
1101 }
1102 
1103 static inline abi_long copy_from_user_timeval(struct timeval *tv,
1104                                               abi_ulong target_tv_addr)
1105 {
1106     struct target_timeval *target_tv;
1107 
1108     if (!lock_user_struct(VERIFY_READ, target_tv, target_tv_addr, 1))
1109         return -TARGET_EFAULT;
1110 
1111     __get_user(tv->tv_sec, &target_tv->tv_sec);
1112     __get_user(tv->tv_usec, &target_tv->tv_usec);
1113 
1114     unlock_user_struct(target_tv, target_tv_addr, 0);
1115 
1116     return 0;
1117 }
1118 
1119 static inline abi_long copy_to_user_timeval(abi_ulong target_tv_addr,
1120                                             const struct timeval *tv)
1121 {
1122     struct target_timeval *target_tv;
1123 
1124     if (!lock_user_struct(VERIFY_WRITE, target_tv, target_tv_addr, 0))
1125         return -TARGET_EFAULT;
1126 
1127     __put_user(tv->tv_sec, &target_tv->tv_sec);
1128     __put_user(tv->tv_usec, &target_tv->tv_usec);
1129 
1130     unlock_user_struct(target_tv, target_tv_addr, 1);
1131 
1132     return 0;
1133 }
1134 
1135 static inline abi_long copy_from_user_timezone(struct timezone *tz,
1136                                                abi_ulong target_tz_addr)
1137 {
1138     struct target_timezone *target_tz;
1139 
1140     if (!lock_user_struct(VERIFY_READ, target_tz, target_tz_addr, 1)) {
1141         return -TARGET_EFAULT;
1142     }
1143 
1144     __get_user(tz->tz_minuteswest, &target_tz->tz_minuteswest);
1145     __get_user(tz->tz_dsttime, &target_tz->tz_dsttime);
1146 
1147     unlock_user_struct(target_tz, target_tz_addr, 0);
1148 
1149     return 0;
1150 }
1151 
1152 #if defined(TARGET_NR_mq_open) && defined(__NR_mq_open)
1153 #include <mqueue.h>
1154 
1155 static inline abi_long copy_from_user_mq_attr(struct mq_attr *attr,
1156                                               abi_ulong target_mq_attr_addr)
1157 {
1158     struct target_mq_attr *target_mq_attr;
1159 
1160     if (!lock_user_struct(VERIFY_READ, target_mq_attr,
1161                           target_mq_attr_addr, 1))
1162         return -TARGET_EFAULT;
1163 
1164     __get_user(attr->mq_flags, &target_mq_attr->mq_flags);
1165     __get_user(attr->mq_maxmsg, &target_mq_attr->mq_maxmsg);
1166     __get_user(attr->mq_msgsize, &target_mq_attr->mq_msgsize);
1167     __get_user(attr->mq_curmsgs, &target_mq_attr->mq_curmsgs);
1168 
1169     unlock_user_struct(target_mq_attr, target_mq_attr_addr, 0);
1170 
1171     return 0;
1172 }
1173 
1174 static inline abi_long copy_to_user_mq_attr(abi_ulong target_mq_attr_addr,
1175                                             const struct mq_attr *attr)
1176 {
1177     struct target_mq_attr *target_mq_attr;
1178 
1179     if (!lock_user_struct(VERIFY_WRITE, target_mq_attr,
1180                           target_mq_attr_addr, 0))
1181         return -TARGET_EFAULT;
1182 
1183     __put_user(attr->mq_flags, &target_mq_attr->mq_flags);
1184     __put_user(attr->mq_maxmsg, &target_mq_attr->mq_maxmsg);
1185     __put_user(attr->mq_msgsize, &target_mq_attr->mq_msgsize);
1186     __put_user(attr->mq_curmsgs, &target_mq_attr->mq_curmsgs);
1187 
1188     unlock_user_struct(target_mq_attr, target_mq_attr_addr, 1);
1189 
1190     return 0;
1191 }
1192 #endif
1193 
1194 #if defined(TARGET_NR_select) || defined(TARGET_NR__newselect)
1195 /* do_select() must return target values and target errnos. */
1196 static abi_long do_select(int n,
1197                           abi_ulong rfd_addr, abi_ulong wfd_addr,
1198                           abi_ulong efd_addr, abi_ulong target_tv_addr)
1199 {
1200     fd_set rfds, wfds, efds;
1201     fd_set *rfds_ptr, *wfds_ptr, *efds_ptr;
1202     struct timeval tv;
1203     struct timespec ts, *ts_ptr;
1204     abi_long ret;
1205 
1206     ret = copy_from_user_fdset_ptr(&rfds, &rfds_ptr, rfd_addr, n);
1207     if (ret) {
1208         return ret;
1209     }
1210     ret = copy_from_user_fdset_ptr(&wfds, &wfds_ptr, wfd_addr, n);
1211     if (ret) {
1212         return ret;
1213     }
1214     ret = copy_from_user_fdset_ptr(&efds, &efds_ptr, efd_addr, n);
1215     if (ret) {
1216         return ret;
1217     }
1218 
1219     if (target_tv_addr) {
1220         if (copy_from_user_timeval(&tv, target_tv_addr))
1221             return -TARGET_EFAULT;
1222         ts.tv_sec = tv.tv_sec;
1223         ts.tv_nsec = tv.tv_usec * 1000;
1224         ts_ptr = &ts;
1225     } else {
1226         ts_ptr = NULL;
1227     }
1228 
1229     ret = get_errno(safe_pselect6(n, rfds_ptr, wfds_ptr, efds_ptr,
1230                                   ts_ptr, NULL));
1231 
1232     if (!is_error(ret)) {
1233         if (rfd_addr && copy_to_user_fdset(rfd_addr, &rfds, n))
1234             return -TARGET_EFAULT;
1235         if (wfd_addr && copy_to_user_fdset(wfd_addr, &wfds, n))
1236             return -TARGET_EFAULT;
1237         if (efd_addr && copy_to_user_fdset(efd_addr, &efds, n))
1238             return -TARGET_EFAULT;
1239 
1240         if (target_tv_addr) {
1241             tv.tv_sec = ts.tv_sec;
1242             tv.tv_usec = ts.tv_nsec / 1000;
1243             if (copy_to_user_timeval(target_tv_addr, &tv)) {
1244                 return -TARGET_EFAULT;
1245             }
1246         }
1247     }
1248 
1249     return ret;
1250 }
1251 #endif
1252 
1253 static abi_long do_pipe2(int host_pipe[], int flags)
1254 {
1255 #ifdef CONFIG_PIPE2
1256     return pipe2(host_pipe, flags);
1257 #else
1258     return -ENOSYS;
1259 #endif
1260 }
1261 
1262 static abi_long do_pipe(void *cpu_env, abi_ulong pipedes,
1263                         int flags, int is_pipe2)
1264 {
1265     int host_pipe[2];
1266     abi_long ret;
1267     ret = flags ? do_pipe2(host_pipe, flags) : pipe(host_pipe);
1268 
1269     if (is_error(ret))
1270         return get_errno(ret);
1271 
1272     /* Several targets have special calling conventions for the original
1273        pipe syscall, but didn't replicate this into the pipe2 syscall.  */
1274     if (!is_pipe2) {
1275 #if defined(TARGET_ALPHA)
1276         ((CPUAlphaState *)cpu_env)->ir[IR_A4] = host_pipe[1];
1277         return host_pipe[0];
1278 #elif defined(TARGET_MIPS)
1279         ((CPUMIPSState*)cpu_env)->active_tc.gpr[3] = host_pipe[1];
1280         return host_pipe[0];
1281 #elif defined(TARGET_SH4)
1282         ((CPUSH4State*)cpu_env)->gregs[1] = host_pipe[1];
1283         return host_pipe[0];
1284 #elif defined(TARGET_SPARC)
1285         ((CPUSPARCState*)cpu_env)->regwptr[1] = host_pipe[1];
1286         return host_pipe[0];
1287 #endif
1288     }
1289 
1290     if (put_user_s32(host_pipe[0], pipedes)
1291         || put_user_s32(host_pipe[1], pipedes + sizeof(host_pipe[0])))
1292         return -TARGET_EFAULT;
1293     return get_errno(ret);
1294 }
1295 
1296 static inline abi_long target_to_host_ip_mreq(struct ip_mreqn *mreqn,
1297                                               abi_ulong target_addr,
1298                                               socklen_t len)
1299 {
1300     struct target_ip_mreqn *target_smreqn;
1301 
1302     target_smreqn = lock_user(VERIFY_READ, target_addr, len, 1);
1303     if (!target_smreqn)
1304         return -TARGET_EFAULT;
1305     mreqn->imr_multiaddr.s_addr = target_smreqn->imr_multiaddr.s_addr;
1306     mreqn->imr_address.s_addr = target_smreqn->imr_address.s_addr;
1307     if (len == sizeof(struct target_ip_mreqn))
1308         mreqn->imr_ifindex = tswapal(target_smreqn->imr_ifindex);
1309     unlock_user(target_smreqn, target_addr, 0);
1310 
1311     return 0;
1312 }
1313 
1314 static inline abi_long target_to_host_sockaddr(int fd, struct sockaddr *addr,
1315                                                abi_ulong target_addr,
1316                                                socklen_t len)
1317 {
1318     const socklen_t unix_maxlen = sizeof (struct sockaddr_un);
1319     sa_family_t sa_family;
1320     struct target_sockaddr *target_saddr;
1321 
1322     if (fd_trans_target_to_host_addr(fd)) {
1323         return fd_trans_target_to_host_addr(fd)(addr, target_addr, len);
1324     }
1325 
1326     target_saddr = lock_user(VERIFY_READ, target_addr, len, 1);
1327     if (!target_saddr)
1328         return -TARGET_EFAULT;
1329 
1330     sa_family = tswap16(target_saddr->sa_family);
1331 
1332     /* Oops. The caller might send a incomplete sun_path; sun_path
1333      * must be terminated by \0 (see the manual page), but
1334      * unfortunately it is quite common to specify sockaddr_un
1335      * length as "strlen(x->sun_path)" while it should be
1336      * "strlen(...) + 1". We'll fix that here if needed.
1337      * Linux kernel has a similar feature.
1338      */
1339 
1340     if (sa_family == AF_UNIX) {
1341         if (len < unix_maxlen && len > 0) {
1342             char *cp = (char*)target_saddr;
1343 
1344             if ( cp[len-1] && !cp[len] )
1345                 len++;
1346         }
1347         if (len > unix_maxlen)
1348             len = unix_maxlen;
1349     }
1350 
1351     memcpy(addr, target_saddr, len);
1352     addr->sa_family = sa_family;
1353     if (sa_family == AF_NETLINK) {
1354         struct sockaddr_nl *nladdr;
1355 
1356         nladdr = (struct sockaddr_nl *)addr;
1357         nladdr->nl_pid = tswap32(nladdr->nl_pid);
1358         nladdr->nl_groups = tswap32(nladdr->nl_groups);
1359     } else if (sa_family == AF_PACKET) {
1360 	struct target_sockaddr_ll *lladdr;
1361 
1362 	lladdr = (struct target_sockaddr_ll *)addr;
1363 	lladdr->sll_ifindex = tswap32(lladdr->sll_ifindex);
1364 	lladdr->sll_hatype = tswap16(lladdr->sll_hatype);
1365     }
1366     unlock_user(target_saddr, target_addr, 0);
1367 
1368     return 0;
1369 }
1370 
1371 static inline abi_long host_to_target_sockaddr(abi_ulong target_addr,
1372                                                struct sockaddr *addr,
1373                                                socklen_t len)
1374 {
1375     struct target_sockaddr *target_saddr;
1376 
1377     target_saddr = lock_user(VERIFY_WRITE, target_addr, len, 0);
1378     if (!target_saddr)
1379         return -TARGET_EFAULT;
1380     memcpy(target_saddr, addr, len);
1381     target_saddr->sa_family = tswap16(addr->sa_family);
1382     if (addr->sa_family == AF_NETLINK) {
1383         struct sockaddr_nl *target_nl = (struct sockaddr_nl *)target_saddr;
1384         target_nl->nl_pid = tswap32(target_nl->nl_pid);
1385         target_nl->nl_groups = tswap32(target_nl->nl_groups);
1386     }
1387     unlock_user(target_saddr, target_addr, len);
1388 
1389     return 0;
1390 }
1391 
1392 static inline abi_long target_to_host_cmsg(struct msghdr *msgh,
1393                                            struct target_msghdr *target_msgh)
1394 {
1395     struct cmsghdr *cmsg = CMSG_FIRSTHDR(msgh);
1396     abi_long msg_controllen;
1397     abi_ulong target_cmsg_addr;
1398     struct target_cmsghdr *target_cmsg, *target_cmsg_start;
1399     socklen_t space = 0;
1400 
1401     msg_controllen = tswapal(target_msgh->msg_controllen);
1402     if (msg_controllen < sizeof (struct target_cmsghdr))
1403         goto the_end;
1404     target_cmsg_addr = tswapal(target_msgh->msg_control);
1405     target_cmsg = lock_user(VERIFY_READ, target_cmsg_addr, msg_controllen, 1);
1406     target_cmsg_start = target_cmsg;
1407     if (!target_cmsg)
1408         return -TARGET_EFAULT;
1409 
1410     while (cmsg && target_cmsg) {
1411         void *data = CMSG_DATA(cmsg);
1412         void *target_data = TARGET_CMSG_DATA(target_cmsg);
1413 
1414         int len = tswapal(target_cmsg->cmsg_len)
1415                   - TARGET_CMSG_ALIGN(sizeof (struct target_cmsghdr));
1416 
1417         space += CMSG_SPACE(len);
1418         if (space > msgh->msg_controllen) {
1419             space -= CMSG_SPACE(len);
1420             /* This is a QEMU bug, since we allocated the payload
1421              * area ourselves (unlike overflow in host-to-target
1422              * conversion, which is just the guest giving us a buffer
1423              * that's too small). It can't happen for the payload types
1424              * we currently support; if it becomes an issue in future
1425              * we would need to improve our allocation strategy to
1426              * something more intelligent than "twice the size of the
1427              * target buffer we're reading from".
1428              */
1429             gemu_log("Host cmsg overflow\n");
1430             break;
1431         }
1432 
1433         if (tswap32(target_cmsg->cmsg_level) == TARGET_SOL_SOCKET) {
1434             cmsg->cmsg_level = SOL_SOCKET;
1435         } else {
1436             cmsg->cmsg_level = tswap32(target_cmsg->cmsg_level);
1437         }
1438         cmsg->cmsg_type = tswap32(target_cmsg->cmsg_type);
1439         cmsg->cmsg_len = CMSG_LEN(len);
1440 
1441         if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {
1442             int *fd = (int *)data;
1443             int *target_fd = (int *)target_data;
1444             int i, numfds = len / sizeof(int);
1445 
1446             for (i = 0; i < numfds; i++) {
1447                 __get_user(fd[i], target_fd + i);
1448             }
1449         } else if (cmsg->cmsg_level == SOL_SOCKET
1450                &&  cmsg->cmsg_type == SCM_CREDENTIALS) {
1451             struct ucred *cred = (struct ucred *)data;
1452             struct target_ucred *target_cred =
1453                 (struct target_ucred *)target_data;
1454 
1455             __get_user(cred->pid, &target_cred->pid);
1456             __get_user(cred->uid, &target_cred->uid);
1457             __get_user(cred->gid, &target_cred->gid);
1458         } else {
1459             gemu_log("Unsupported ancillary data: %d/%d\n",
1460                                         cmsg->cmsg_level, cmsg->cmsg_type);
1461             memcpy(data, target_data, len);
1462         }
1463 
1464         cmsg = CMSG_NXTHDR(msgh, cmsg);
1465         target_cmsg = TARGET_CMSG_NXTHDR(target_msgh, target_cmsg,
1466                                          target_cmsg_start);
1467     }
1468     unlock_user(target_cmsg, target_cmsg_addr, 0);
1469  the_end:
1470     msgh->msg_controllen = space;
1471     return 0;
1472 }
1473 
1474 static inline abi_long host_to_target_cmsg(struct target_msghdr *target_msgh,
1475                                            struct msghdr *msgh)
1476 {
1477     struct cmsghdr *cmsg = CMSG_FIRSTHDR(msgh);
1478     abi_long msg_controllen;
1479     abi_ulong target_cmsg_addr;
1480     struct target_cmsghdr *target_cmsg, *target_cmsg_start;
1481     socklen_t space = 0;
1482 
1483     msg_controllen = tswapal(target_msgh->msg_controllen);
1484     if (msg_controllen < sizeof (struct target_cmsghdr))
1485         goto the_end;
1486     target_cmsg_addr = tswapal(target_msgh->msg_control);
1487     target_cmsg = lock_user(VERIFY_WRITE, target_cmsg_addr, msg_controllen, 0);
1488     target_cmsg_start = target_cmsg;
1489     if (!target_cmsg)
1490         return -TARGET_EFAULT;
1491 
1492     while (cmsg && target_cmsg) {
1493         void *data = CMSG_DATA(cmsg);
1494         void *target_data = TARGET_CMSG_DATA(target_cmsg);
1495 
1496         int len = cmsg->cmsg_len - CMSG_ALIGN(sizeof (struct cmsghdr));
1497         int tgt_len, tgt_space;
1498 
1499         /* We never copy a half-header but may copy half-data;
1500          * this is Linux's behaviour in put_cmsg(). Note that
1501          * truncation here is a guest problem (which we report
1502          * to the guest via the CTRUNC bit), unlike truncation
1503          * in target_to_host_cmsg, which is a QEMU bug.
1504          */
1505         if (msg_controllen < sizeof(struct cmsghdr)) {
1506             target_msgh->msg_flags |= tswap32(MSG_CTRUNC);
1507             break;
1508         }
1509 
1510         if (cmsg->cmsg_level == SOL_SOCKET) {
1511             target_cmsg->cmsg_level = tswap32(TARGET_SOL_SOCKET);
1512         } else {
1513             target_cmsg->cmsg_level = tswap32(cmsg->cmsg_level);
1514         }
1515         target_cmsg->cmsg_type = tswap32(cmsg->cmsg_type);
1516 
1517         tgt_len = TARGET_CMSG_LEN(len);
1518 
1519         /* Payload types which need a different size of payload on
1520          * the target must adjust tgt_len here.
1521          */
1522         switch (cmsg->cmsg_level) {
1523         case SOL_SOCKET:
1524             switch (cmsg->cmsg_type) {
1525             case SO_TIMESTAMP:
1526                 tgt_len = sizeof(struct target_timeval);
1527                 break;
1528             default:
1529                 break;
1530             }
1531         default:
1532             break;
1533         }
1534 
1535         if (msg_controllen < tgt_len) {
1536             target_msgh->msg_flags |= tswap32(MSG_CTRUNC);
1537             tgt_len = msg_controllen;
1538         }
1539 
1540         /* We must now copy-and-convert len bytes of payload
1541          * into tgt_len bytes of destination space. Bear in mind
1542          * that in both source and destination we may be dealing
1543          * with a truncated value!
1544          */
1545         switch (cmsg->cmsg_level) {
1546         case SOL_SOCKET:
1547             switch (cmsg->cmsg_type) {
1548             case SCM_RIGHTS:
1549             {
1550                 int *fd = (int *)data;
1551                 int *target_fd = (int *)target_data;
1552                 int i, numfds = tgt_len / sizeof(int);
1553 
1554                 for (i = 0; i < numfds; i++) {
1555                     __put_user(fd[i], target_fd + i);
1556                 }
1557                 break;
1558             }
1559             case SO_TIMESTAMP:
1560             {
1561                 struct timeval *tv = (struct timeval *)data;
1562                 struct target_timeval *target_tv =
1563                     (struct target_timeval *)target_data;
1564 
1565                 if (len != sizeof(struct timeval) ||
1566                     tgt_len != sizeof(struct target_timeval)) {
1567                     goto unimplemented;
1568                 }
1569 
1570                 /* copy struct timeval to target */
1571                 __put_user(tv->tv_sec, &target_tv->tv_sec);
1572                 __put_user(tv->tv_usec, &target_tv->tv_usec);
1573                 break;
1574             }
1575             case SCM_CREDENTIALS:
1576             {
1577                 struct ucred *cred = (struct ucred *)data;
1578                 struct target_ucred *target_cred =
1579                     (struct target_ucred *)target_data;
1580 
1581                 __put_user(cred->pid, &target_cred->pid);
1582                 __put_user(cred->uid, &target_cred->uid);
1583                 __put_user(cred->gid, &target_cred->gid);
1584                 break;
1585             }
1586             default:
1587                 goto unimplemented;
1588             }
1589             break;
1590 
1591         default:
1592         unimplemented:
1593             gemu_log("Unsupported ancillary data: %d/%d\n",
1594                                         cmsg->cmsg_level, cmsg->cmsg_type);
1595             memcpy(target_data, data, MIN(len, tgt_len));
1596             if (tgt_len > len) {
1597                 memset(target_data + len, 0, tgt_len - len);
1598             }
1599         }
1600 
1601         target_cmsg->cmsg_len = tswapal(tgt_len);
1602         tgt_space = TARGET_CMSG_SPACE(len);
1603         if (msg_controllen < tgt_space) {
1604             tgt_space = msg_controllen;
1605         }
1606         msg_controllen -= tgt_space;
1607         space += tgt_space;
1608         cmsg = CMSG_NXTHDR(msgh, cmsg);
1609         target_cmsg = TARGET_CMSG_NXTHDR(target_msgh, target_cmsg,
1610                                          target_cmsg_start);
1611     }
1612     unlock_user(target_cmsg, target_cmsg_addr, space);
1613  the_end:
1614     target_msgh->msg_controllen = tswapal(space);
1615     return 0;
1616 }
1617 
1618 static void tswap_nlmsghdr(struct nlmsghdr *nlh)
1619 {
1620     nlh->nlmsg_len = tswap32(nlh->nlmsg_len);
1621     nlh->nlmsg_type = tswap16(nlh->nlmsg_type);
1622     nlh->nlmsg_flags = tswap16(nlh->nlmsg_flags);
1623     nlh->nlmsg_seq = tswap32(nlh->nlmsg_seq);
1624     nlh->nlmsg_pid = tswap32(nlh->nlmsg_pid);
1625 }
1626 
1627 static abi_long host_to_target_for_each_nlmsg(struct nlmsghdr *nlh,
1628                                               size_t len,
1629                                               abi_long (*host_to_target_nlmsg)
1630                                                        (struct nlmsghdr *))
1631 {
1632     uint32_t nlmsg_len;
1633     abi_long ret;
1634 
1635     while (len > sizeof(struct nlmsghdr)) {
1636 
1637         nlmsg_len = nlh->nlmsg_len;
1638         if (nlmsg_len < sizeof(struct nlmsghdr) ||
1639             nlmsg_len > len) {
1640             break;
1641         }
1642 
1643         switch (nlh->nlmsg_type) {
1644         case NLMSG_DONE:
1645             tswap_nlmsghdr(nlh);
1646             return 0;
1647         case NLMSG_NOOP:
1648             break;
1649         case NLMSG_ERROR:
1650         {
1651             struct nlmsgerr *e = NLMSG_DATA(nlh);
1652             e->error = tswap32(e->error);
1653             tswap_nlmsghdr(&e->msg);
1654             tswap_nlmsghdr(nlh);
1655             return 0;
1656         }
1657         default:
1658             ret = host_to_target_nlmsg(nlh);
1659             if (ret < 0) {
1660                 tswap_nlmsghdr(nlh);
1661                 return ret;
1662             }
1663             break;
1664         }
1665         tswap_nlmsghdr(nlh);
1666         len -= NLMSG_ALIGN(nlmsg_len);
1667         nlh = (struct nlmsghdr *)(((char*)nlh) + NLMSG_ALIGN(nlmsg_len));
1668     }
1669     return 0;
1670 }
1671 
1672 static abi_long target_to_host_for_each_nlmsg(struct nlmsghdr *nlh,
1673                                               size_t len,
1674                                               abi_long (*target_to_host_nlmsg)
1675                                                        (struct nlmsghdr *))
1676 {
1677     int ret;
1678 
1679     while (len > sizeof(struct nlmsghdr)) {
1680         if (tswap32(nlh->nlmsg_len) < sizeof(struct nlmsghdr) ||
1681             tswap32(nlh->nlmsg_len) > len) {
1682             break;
1683         }
1684         tswap_nlmsghdr(nlh);
1685         switch (nlh->nlmsg_type) {
1686         case NLMSG_DONE:
1687             return 0;
1688         case NLMSG_NOOP:
1689             break;
1690         case NLMSG_ERROR:
1691         {
1692             struct nlmsgerr *e = NLMSG_DATA(nlh);
1693             e->error = tswap32(e->error);
1694             tswap_nlmsghdr(&e->msg);
1695             return 0;
1696         }
1697         default:
1698             ret = target_to_host_nlmsg(nlh);
1699             if (ret < 0) {
1700                 return ret;
1701             }
1702         }
1703         len -= NLMSG_ALIGN(nlh->nlmsg_len);
1704         nlh = (struct nlmsghdr *)(((char *)nlh) + NLMSG_ALIGN(nlh->nlmsg_len));
1705     }
1706     return 0;
1707 }
1708 
1709 #ifdef CONFIG_RTNETLINK
1710 static abi_long host_to_target_for_each_rtattr(struct rtattr *rtattr,
1711                                                size_t len,
1712                                                abi_long (*host_to_target_rtattr)
1713                                                         (struct rtattr *))
1714 {
1715     unsigned short rta_len;
1716     abi_long ret;
1717 
1718     while (len > sizeof(struct rtattr)) {
1719         rta_len = rtattr->rta_len;
1720         if (rta_len < sizeof(struct rtattr) ||
1721             rta_len > len) {
1722             break;
1723         }
1724         ret = host_to_target_rtattr(rtattr);
1725         rtattr->rta_len = tswap16(rtattr->rta_len);
1726         rtattr->rta_type = tswap16(rtattr->rta_type);
1727         if (ret < 0) {
1728             return ret;
1729         }
1730         len -= RTA_ALIGN(rta_len);
1731         rtattr = (struct rtattr *)(((char *)rtattr) + RTA_ALIGN(rta_len));
1732     }
1733     return 0;
1734 }
1735 
1736 static abi_long host_to_target_data_link_rtattr(struct rtattr *rtattr)
1737 {
1738     uint32_t *u32;
1739     struct rtnl_link_stats *st;
1740     struct rtnl_link_stats64 *st64;
1741     struct rtnl_link_ifmap *map;
1742 
1743     switch (rtattr->rta_type) {
1744     /* binary stream */
1745     case IFLA_ADDRESS:
1746     case IFLA_BROADCAST:
1747     /* string */
1748     case IFLA_IFNAME:
1749     case IFLA_QDISC:
1750         break;
1751     /* uin8_t */
1752     case IFLA_OPERSTATE:
1753     case IFLA_LINKMODE:
1754     case IFLA_CARRIER:
1755     case IFLA_PROTO_DOWN:
1756         break;
1757     /* uint32_t */
1758     case IFLA_MTU:
1759     case IFLA_LINK:
1760     case IFLA_WEIGHT:
1761     case IFLA_TXQLEN:
1762     case IFLA_CARRIER_CHANGES:
1763     case IFLA_NUM_RX_QUEUES:
1764     case IFLA_NUM_TX_QUEUES:
1765     case IFLA_PROMISCUITY:
1766     case IFLA_EXT_MASK:
1767     case IFLA_LINK_NETNSID:
1768     case IFLA_GROUP:
1769     case IFLA_MASTER:
1770     case IFLA_NUM_VF:
1771         u32 = RTA_DATA(rtattr);
1772         *u32 = tswap32(*u32);
1773         break;
1774     /* struct rtnl_link_stats */
1775     case IFLA_STATS:
1776         st = RTA_DATA(rtattr);
1777         st->rx_packets = tswap32(st->rx_packets);
1778         st->tx_packets = tswap32(st->tx_packets);
1779         st->rx_bytes = tswap32(st->rx_bytes);
1780         st->tx_bytes = tswap32(st->tx_bytes);
1781         st->rx_errors = tswap32(st->rx_errors);
1782         st->tx_errors = tswap32(st->tx_errors);
1783         st->rx_dropped = tswap32(st->rx_dropped);
1784         st->tx_dropped = tswap32(st->tx_dropped);
1785         st->multicast = tswap32(st->multicast);
1786         st->collisions = tswap32(st->collisions);
1787 
1788         /* detailed rx_errors: */
1789         st->rx_length_errors = tswap32(st->rx_length_errors);
1790         st->rx_over_errors = tswap32(st->rx_over_errors);
1791         st->rx_crc_errors = tswap32(st->rx_crc_errors);
1792         st->rx_frame_errors = tswap32(st->rx_frame_errors);
1793         st->rx_fifo_errors = tswap32(st->rx_fifo_errors);
1794         st->rx_missed_errors = tswap32(st->rx_missed_errors);
1795 
1796         /* detailed tx_errors */
1797         st->tx_aborted_errors = tswap32(st->tx_aborted_errors);
1798         st->tx_carrier_errors = tswap32(st->tx_carrier_errors);
1799         st->tx_fifo_errors = tswap32(st->tx_fifo_errors);
1800         st->tx_heartbeat_errors = tswap32(st->tx_heartbeat_errors);
1801         st->tx_window_errors = tswap32(st->tx_window_errors);
1802 
1803         /* for cslip etc */
1804         st->rx_compressed = tswap32(st->rx_compressed);
1805         st->tx_compressed = tswap32(st->tx_compressed);
1806         break;
1807     /* struct rtnl_link_stats64 */
1808     case IFLA_STATS64:
1809         st64 = RTA_DATA(rtattr);
1810         st64->rx_packets = tswap64(st64->rx_packets);
1811         st64->tx_packets = tswap64(st64->tx_packets);
1812         st64->rx_bytes = tswap64(st64->rx_bytes);
1813         st64->tx_bytes = tswap64(st64->tx_bytes);
1814         st64->rx_errors = tswap64(st64->rx_errors);
1815         st64->tx_errors = tswap64(st64->tx_errors);
1816         st64->rx_dropped = tswap64(st64->rx_dropped);
1817         st64->tx_dropped = tswap64(st64->tx_dropped);
1818         st64->multicast = tswap64(st64->multicast);
1819         st64->collisions = tswap64(st64->collisions);
1820 
1821         /* detailed rx_errors: */
1822         st64->rx_length_errors = tswap64(st64->rx_length_errors);
1823         st64->rx_over_errors = tswap64(st64->rx_over_errors);
1824         st64->rx_crc_errors = tswap64(st64->rx_crc_errors);
1825         st64->rx_frame_errors = tswap64(st64->rx_frame_errors);
1826         st64->rx_fifo_errors = tswap64(st64->rx_fifo_errors);
1827         st64->rx_missed_errors = tswap64(st64->rx_missed_errors);
1828 
1829         /* detailed tx_errors */
1830         st64->tx_aborted_errors = tswap64(st64->tx_aborted_errors);
1831         st64->tx_carrier_errors = tswap64(st64->tx_carrier_errors);
1832         st64->tx_fifo_errors = tswap64(st64->tx_fifo_errors);
1833         st64->tx_heartbeat_errors = tswap64(st64->tx_heartbeat_errors);
1834         st64->tx_window_errors = tswap64(st64->tx_window_errors);
1835 
1836         /* for cslip etc */
1837         st64->rx_compressed = tswap64(st64->rx_compressed);
1838         st64->tx_compressed = tswap64(st64->tx_compressed);
1839         break;
1840     /* struct rtnl_link_ifmap */
1841     case IFLA_MAP:
1842         map = RTA_DATA(rtattr);
1843         map->mem_start = tswap64(map->mem_start);
1844         map->mem_end = tswap64(map->mem_end);
1845         map->base_addr = tswap64(map->base_addr);
1846         map->irq = tswap16(map->irq);
1847         break;
1848     /* nested */
1849     case IFLA_AF_SPEC:
1850     case IFLA_LINKINFO:
1851         /* FIXME: implement nested type */
1852         gemu_log("Unimplemented nested type %d\n", rtattr->rta_type);
1853         break;
1854     default:
1855         gemu_log("Unknown host IFLA type: %d\n", rtattr->rta_type);
1856         break;
1857     }
1858     return 0;
1859 }
1860 
1861 static abi_long host_to_target_data_addr_rtattr(struct rtattr *rtattr)
1862 {
1863     uint32_t *u32;
1864     struct ifa_cacheinfo *ci;
1865 
1866     switch (rtattr->rta_type) {
1867     /* binary: depends on family type */
1868     case IFA_ADDRESS:
1869     case IFA_LOCAL:
1870         break;
1871     /* string */
1872     case IFA_LABEL:
1873         break;
1874     /* u32 */
1875     case IFA_FLAGS:
1876     case IFA_BROADCAST:
1877         u32 = RTA_DATA(rtattr);
1878         *u32 = tswap32(*u32);
1879         break;
1880     /* struct ifa_cacheinfo */
1881     case IFA_CACHEINFO:
1882         ci = RTA_DATA(rtattr);
1883         ci->ifa_prefered = tswap32(ci->ifa_prefered);
1884         ci->ifa_valid = tswap32(ci->ifa_valid);
1885         ci->cstamp = tswap32(ci->cstamp);
1886         ci->tstamp = tswap32(ci->tstamp);
1887         break;
1888     default:
1889         gemu_log("Unknown host IFA type: %d\n", rtattr->rta_type);
1890         break;
1891     }
1892     return 0;
1893 }
1894 
1895 static abi_long host_to_target_data_route_rtattr(struct rtattr *rtattr)
1896 {
1897     uint32_t *u32;
1898     switch (rtattr->rta_type) {
1899     /* binary: depends on family type */
1900     case RTA_GATEWAY:
1901     case RTA_DST:
1902     case RTA_PREFSRC:
1903         break;
1904     /* u32 */
1905     case RTA_PRIORITY:
1906     case RTA_TABLE:
1907     case RTA_OIF:
1908         u32 = RTA_DATA(rtattr);
1909         *u32 = tswap32(*u32);
1910         break;
1911     default:
1912         gemu_log("Unknown host RTA type: %d\n", rtattr->rta_type);
1913         break;
1914     }
1915     return 0;
1916 }
1917 
1918 static abi_long host_to_target_link_rtattr(struct rtattr *rtattr,
1919                                          uint32_t rtattr_len)
1920 {
1921     return host_to_target_for_each_rtattr(rtattr, rtattr_len,
1922                                           host_to_target_data_link_rtattr);
1923 }
1924 
1925 static abi_long host_to_target_addr_rtattr(struct rtattr *rtattr,
1926                                          uint32_t rtattr_len)
1927 {
1928     return host_to_target_for_each_rtattr(rtattr, rtattr_len,
1929                                           host_to_target_data_addr_rtattr);
1930 }
1931 
1932 static abi_long host_to_target_route_rtattr(struct rtattr *rtattr,
1933                                          uint32_t rtattr_len)
1934 {
1935     return host_to_target_for_each_rtattr(rtattr, rtattr_len,
1936                                           host_to_target_data_route_rtattr);
1937 }
1938 
1939 static abi_long host_to_target_data_route(struct nlmsghdr *nlh)
1940 {
1941     uint32_t nlmsg_len;
1942     struct ifinfomsg *ifi;
1943     struct ifaddrmsg *ifa;
1944     struct rtmsg *rtm;
1945 
1946     nlmsg_len = nlh->nlmsg_len;
1947     switch (nlh->nlmsg_type) {
1948     case RTM_NEWLINK:
1949     case RTM_DELLINK:
1950     case RTM_GETLINK:
1951         if (nlh->nlmsg_len >= NLMSG_LENGTH(sizeof(*ifi))) {
1952             ifi = NLMSG_DATA(nlh);
1953             ifi->ifi_type = tswap16(ifi->ifi_type);
1954             ifi->ifi_index = tswap32(ifi->ifi_index);
1955             ifi->ifi_flags = tswap32(ifi->ifi_flags);
1956             ifi->ifi_change = tswap32(ifi->ifi_change);
1957             host_to_target_link_rtattr(IFLA_RTA(ifi),
1958                                        nlmsg_len - NLMSG_LENGTH(sizeof(*ifi)));
1959         }
1960         break;
1961     case RTM_NEWADDR:
1962     case RTM_DELADDR:
1963     case RTM_GETADDR:
1964         if (nlh->nlmsg_len >= NLMSG_LENGTH(sizeof(*ifa))) {
1965             ifa = NLMSG_DATA(nlh);
1966             ifa->ifa_index = tswap32(ifa->ifa_index);
1967             host_to_target_addr_rtattr(IFA_RTA(ifa),
1968                                        nlmsg_len - NLMSG_LENGTH(sizeof(*ifa)));
1969         }
1970         break;
1971     case RTM_NEWROUTE:
1972     case RTM_DELROUTE:
1973     case RTM_GETROUTE:
1974         if (nlh->nlmsg_len >= NLMSG_LENGTH(sizeof(*rtm))) {
1975             rtm = NLMSG_DATA(nlh);
1976             rtm->rtm_flags = tswap32(rtm->rtm_flags);
1977             host_to_target_route_rtattr(RTM_RTA(rtm),
1978                                         nlmsg_len - NLMSG_LENGTH(sizeof(*rtm)));
1979         }
1980         break;
1981     default:
1982         return -TARGET_EINVAL;
1983     }
1984     return 0;
1985 }
1986 
1987 static inline abi_long host_to_target_nlmsg_route(struct nlmsghdr *nlh,
1988                                                   size_t len)
1989 {
1990     return host_to_target_for_each_nlmsg(nlh, len, host_to_target_data_route);
1991 }
1992 
1993 static abi_long target_to_host_for_each_rtattr(struct rtattr *rtattr,
1994                                                size_t len,
1995                                                abi_long (*target_to_host_rtattr)
1996                                                         (struct rtattr *))
1997 {
1998     abi_long ret;
1999 
2000     while (len >= sizeof(struct rtattr)) {
2001         if (tswap16(rtattr->rta_len) < sizeof(struct rtattr) ||
2002             tswap16(rtattr->rta_len) > len) {
2003             break;
2004         }
2005         rtattr->rta_len = tswap16(rtattr->rta_len);
2006         rtattr->rta_type = tswap16(rtattr->rta_type);
2007         ret = target_to_host_rtattr(rtattr);
2008         if (ret < 0) {
2009             return ret;
2010         }
2011         len -= RTA_ALIGN(rtattr->rta_len);
2012         rtattr = (struct rtattr *)(((char *)rtattr) +
2013                  RTA_ALIGN(rtattr->rta_len));
2014     }
2015     return 0;
2016 }
2017 
2018 static abi_long target_to_host_data_link_rtattr(struct rtattr *rtattr)
2019 {
2020     switch (rtattr->rta_type) {
2021     default:
2022         gemu_log("Unknown target IFLA type: %d\n", rtattr->rta_type);
2023         break;
2024     }
2025     return 0;
2026 }
2027 
2028 static abi_long target_to_host_data_addr_rtattr(struct rtattr *rtattr)
2029 {
2030     switch (rtattr->rta_type) {
2031     /* binary: depends on family type */
2032     case IFA_LOCAL:
2033     case IFA_ADDRESS:
2034         break;
2035     default:
2036         gemu_log("Unknown target IFA type: %d\n", rtattr->rta_type);
2037         break;
2038     }
2039     return 0;
2040 }
2041 
2042 static abi_long target_to_host_data_route_rtattr(struct rtattr *rtattr)
2043 {
2044     uint32_t *u32;
2045     switch (rtattr->rta_type) {
2046     /* binary: depends on family type */
2047     case RTA_DST:
2048     case RTA_SRC:
2049     case RTA_GATEWAY:
2050         break;
2051     /* u32 */
2052     case RTA_OIF:
2053         u32 = RTA_DATA(rtattr);
2054         *u32 = tswap32(*u32);
2055         break;
2056     default:
2057         gemu_log("Unknown target RTA type: %d\n", rtattr->rta_type);
2058         break;
2059     }
2060     return 0;
2061 }
2062 
2063 static void target_to_host_link_rtattr(struct rtattr *rtattr,
2064                                        uint32_t rtattr_len)
2065 {
2066     target_to_host_for_each_rtattr(rtattr, rtattr_len,
2067                                    target_to_host_data_link_rtattr);
2068 }
2069 
2070 static void target_to_host_addr_rtattr(struct rtattr *rtattr,
2071                                      uint32_t rtattr_len)
2072 {
2073     target_to_host_for_each_rtattr(rtattr, rtattr_len,
2074                                    target_to_host_data_addr_rtattr);
2075 }
2076 
2077 static void target_to_host_route_rtattr(struct rtattr *rtattr,
2078                                      uint32_t rtattr_len)
2079 {
2080     target_to_host_for_each_rtattr(rtattr, rtattr_len,
2081                                    target_to_host_data_route_rtattr);
2082 }
2083 
2084 static abi_long target_to_host_data_route(struct nlmsghdr *nlh)
2085 {
2086     struct ifinfomsg *ifi;
2087     struct ifaddrmsg *ifa;
2088     struct rtmsg *rtm;
2089 
2090     switch (nlh->nlmsg_type) {
2091     case RTM_GETLINK:
2092         break;
2093     case RTM_NEWLINK:
2094     case RTM_DELLINK:
2095         if (nlh->nlmsg_len >= NLMSG_LENGTH(sizeof(*ifi))) {
2096             ifi = NLMSG_DATA(nlh);
2097             ifi->ifi_type = tswap16(ifi->ifi_type);
2098             ifi->ifi_index = tswap32(ifi->ifi_index);
2099             ifi->ifi_flags = tswap32(ifi->ifi_flags);
2100             ifi->ifi_change = tswap32(ifi->ifi_change);
2101             target_to_host_link_rtattr(IFLA_RTA(ifi), nlh->nlmsg_len -
2102                                        NLMSG_LENGTH(sizeof(*ifi)));
2103         }
2104         break;
2105     case RTM_GETADDR:
2106     case RTM_NEWADDR:
2107     case RTM_DELADDR:
2108         if (nlh->nlmsg_len >= NLMSG_LENGTH(sizeof(*ifa))) {
2109             ifa = NLMSG_DATA(nlh);
2110             ifa->ifa_index = tswap32(ifa->ifa_index);
2111             target_to_host_addr_rtattr(IFA_RTA(ifa), nlh->nlmsg_len -
2112                                        NLMSG_LENGTH(sizeof(*ifa)));
2113         }
2114         break;
2115     case RTM_GETROUTE:
2116         break;
2117     case RTM_NEWROUTE:
2118     case RTM_DELROUTE:
2119         if (nlh->nlmsg_len >= NLMSG_LENGTH(sizeof(*rtm))) {
2120             rtm = NLMSG_DATA(nlh);
2121             rtm->rtm_flags = tswap32(rtm->rtm_flags);
2122             target_to_host_route_rtattr(RTM_RTA(rtm), nlh->nlmsg_len -
2123                                         NLMSG_LENGTH(sizeof(*rtm)));
2124         }
2125         break;
2126     default:
2127         return -TARGET_EOPNOTSUPP;
2128     }
2129     return 0;
2130 }
2131 
2132 static abi_long target_to_host_nlmsg_route(struct nlmsghdr *nlh, size_t len)
2133 {
2134     return target_to_host_for_each_nlmsg(nlh, len, target_to_host_data_route);
2135 }
2136 #endif /* CONFIG_RTNETLINK */
2137 
2138 static abi_long host_to_target_data_audit(struct nlmsghdr *nlh)
2139 {
2140     switch (nlh->nlmsg_type) {
2141     default:
2142         gemu_log("Unknown host audit message type %d\n",
2143                  nlh->nlmsg_type);
2144         return -TARGET_EINVAL;
2145     }
2146     return 0;
2147 }
2148 
2149 static inline abi_long host_to_target_nlmsg_audit(struct nlmsghdr *nlh,
2150                                                   size_t len)
2151 {
2152     return host_to_target_for_each_nlmsg(nlh, len, host_to_target_data_audit);
2153 }
2154 
2155 static abi_long target_to_host_data_audit(struct nlmsghdr *nlh)
2156 {
2157     switch (nlh->nlmsg_type) {
2158     case AUDIT_USER:
2159     case AUDIT_FIRST_USER_MSG ... AUDIT_LAST_USER_MSG:
2160     case AUDIT_FIRST_USER_MSG2 ... AUDIT_LAST_USER_MSG2:
2161         break;
2162     default:
2163         gemu_log("Unknown target audit message type %d\n",
2164                  nlh->nlmsg_type);
2165         return -TARGET_EINVAL;
2166     }
2167 
2168     return 0;
2169 }
2170 
2171 static abi_long target_to_host_nlmsg_audit(struct nlmsghdr *nlh, size_t len)
2172 {
2173     return target_to_host_for_each_nlmsg(nlh, len, target_to_host_data_audit);
2174 }
2175 
2176 /* do_setsockopt() Must return target values and target errnos. */
2177 static abi_long do_setsockopt(int sockfd, int level, int optname,
2178                               abi_ulong optval_addr, socklen_t optlen)
2179 {
2180     abi_long ret;
2181     int val;
2182     struct ip_mreqn *ip_mreq;
2183     struct ip_mreq_source *ip_mreq_source;
2184 
2185     switch(level) {
2186     case SOL_TCP:
2187         /* TCP options all take an 'int' value.  */
2188         if (optlen < sizeof(uint32_t))
2189             return -TARGET_EINVAL;
2190 
2191         if (get_user_u32(val, optval_addr))
2192             return -TARGET_EFAULT;
2193         ret = get_errno(setsockopt(sockfd, level, optname, &val, sizeof(val)));
2194         break;
2195     case SOL_IP:
2196         switch(optname) {
2197         case IP_TOS:
2198         case IP_TTL:
2199         case IP_HDRINCL:
2200         case IP_ROUTER_ALERT:
2201         case IP_RECVOPTS:
2202         case IP_RETOPTS:
2203         case IP_PKTINFO:
2204         case IP_MTU_DISCOVER:
2205         case IP_RECVERR:
2206         case IP_RECVTOS:
2207 #ifdef IP_FREEBIND
2208         case IP_FREEBIND:
2209 #endif
2210         case IP_MULTICAST_TTL:
2211         case IP_MULTICAST_LOOP:
2212             val = 0;
2213             if (optlen >= sizeof(uint32_t)) {
2214                 if (get_user_u32(val, optval_addr))
2215                     return -TARGET_EFAULT;
2216             } else if (optlen >= 1) {
2217                 if (get_user_u8(val, optval_addr))
2218                     return -TARGET_EFAULT;
2219             }
2220             ret = get_errno(setsockopt(sockfd, level, optname, &val, sizeof(val)));
2221             break;
2222         case IP_ADD_MEMBERSHIP:
2223         case IP_DROP_MEMBERSHIP:
2224             if (optlen < sizeof (struct target_ip_mreq) ||
2225                 optlen > sizeof (struct target_ip_mreqn))
2226                 return -TARGET_EINVAL;
2227 
2228             ip_mreq = (struct ip_mreqn *) alloca(optlen);
2229             target_to_host_ip_mreq(ip_mreq, optval_addr, optlen);
2230             ret = get_errno(setsockopt(sockfd, level, optname, ip_mreq, optlen));
2231             break;
2232 
2233         case IP_BLOCK_SOURCE:
2234         case IP_UNBLOCK_SOURCE:
2235         case IP_ADD_SOURCE_MEMBERSHIP:
2236         case IP_DROP_SOURCE_MEMBERSHIP:
2237             if (optlen != sizeof (struct target_ip_mreq_source))
2238                 return -TARGET_EINVAL;
2239 
2240             ip_mreq_source = lock_user(VERIFY_READ, optval_addr, optlen, 1);
2241             ret = get_errno(setsockopt(sockfd, level, optname, ip_mreq_source, optlen));
2242             unlock_user (ip_mreq_source, optval_addr, 0);
2243             break;
2244 
2245         default:
2246             goto unimplemented;
2247         }
2248         break;
2249     case SOL_IPV6:
2250         switch (optname) {
2251         case IPV6_MTU_DISCOVER:
2252         case IPV6_MTU:
2253         case IPV6_V6ONLY:
2254         case IPV6_RECVPKTINFO:
2255             val = 0;
2256             if (optlen < sizeof(uint32_t)) {
2257                 return -TARGET_EINVAL;
2258             }
2259             if (get_user_u32(val, optval_addr)) {
2260                 return -TARGET_EFAULT;
2261             }
2262             ret = get_errno(setsockopt(sockfd, level, optname,
2263                                        &val, sizeof(val)));
2264             break;
2265         default:
2266             goto unimplemented;
2267         }
2268         break;
2269     case SOL_RAW:
2270         switch (optname) {
2271         case ICMP_FILTER:
2272             /* struct icmp_filter takes an u32 value */
2273             if (optlen < sizeof(uint32_t)) {
2274                 return -TARGET_EINVAL;
2275             }
2276 
2277             if (get_user_u32(val, optval_addr)) {
2278                 return -TARGET_EFAULT;
2279             }
2280             ret = get_errno(setsockopt(sockfd, level, optname,
2281                                        &val, sizeof(val)));
2282             break;
2283 
2284         default:
2285             goto unimplemented;
2286         }
2287         break;
2288     case TARGET_SOL_SOCKET:
2289         switch (optname) {
2290         case TARGET_SO_RCVTIMEO:
2291         {
2292                 struct timeval tv;
2293 
2294                 optname = SO_RCVTIMEO;
2295 
2296 set_timeout:
2297                 if (optlen != sizeof(struct target_timeval)) {
2298                     return -TARGET_EINVAL;
2299                 }
2300 
2301                 if (copy_from_user_timeval(&tv, optval_addr)) {
2302                     return -TARGET_EFAULT;
2303                 }
2304 
2305                 ret = get_errno(setsockopt(sockfd, SOL_SOCKET, optname,
2306                                 &tv, sizeof(tv)));
2307                 return ret;
2308         }
2309         case TARGET_SO_SNDTIMEO:
2310                 optname = SO_SNDTIMEO;
2311                 goto set_timeout;
2312         case TARGET_SO_ATTACH_FILTER:
2313         {
2314                 struct target_sock_fprog *tfprog;
2315                 struct target_sock_filter *tfilter;
2316                 struct sock_fprog fprog;
2317                 struct sock_filter *filter;
2318                 int i;
2319 
2320                 if (optlen != sizeof(*tfprog)) {
2321                     return -TARGET_EINVAL;
2322                 }
2323                 if (!lock_user_struct(VERIFY_READ, tfprog, optval_addr, 0)) {
2324                     return -TARGET_EFAULT;
2325                 }
2326                 if (!lock_user_struct(VERIFY_READ, tfilter,
2327                                       tswapal(tfprog->filter), 0)) {
2328                     unlock_user_struct(tfprog, optval_addr, 1);
2329                     return -TARGET_EFAULT;
2330                 }
2331 
2332                 fprog.len = tswap16(tfprog->len);
2333                 filter = g_try_new(struct sock_filter, fprog.len);
2334                 if (filter == NULL) {
2335                     unlock_user_struct(tfilter, tfprog->filter, 1);
2336                     unlock_user_struct(tfprog, optval_addr, 1);
2337                     return -TARGET_ENOMEM;
2338                 }
2339                 for (i = 0; i < fprog.len; i++) {
2340                     filter[i].code = tswap16(tfilter[i].code);
2341                     filter[i].jt = tfilter[i].jt;
2342                     filter[i].jf = tfilter[i].jf;
2343                     filter[i].k = tswap32(tfilter[i].k);
2344                 }
2345                 fprog.filter = filter;
2346 
2347                 ret = get_errno(setsockopt(sockfd, SOL_SOCKET,
2348                                 SO_ATTACH_FILTER, &fprog, sizeof(fprog)));
2349                 g_free(filter);
2350 
2351                 unlock_user_struct(tfilter, tfprog->filter, 1);
2352                 unlock_user_struct(tfprog, optval_addr, 1);
2353                 return ret;
2354         }
2355 	case TARGET_SO_BINDTODEVICE:
2356 	{
2357 		char *dev_ifname, *addr_ifname;
2358 
2359 		if (optlen > IFNAMSIZ - 1) {
2360 		    optlen = IFNAMSIZ - 1;
2361 		}
2362 		dev_ifname = lock_user(VERIFY_READ, optval_addr, optlen, 1);
2363 		if (!dev_ifname) {
2364 		    return -TARGET_EFAULT;
2365 		}
2366 		optname = SO_BINDTODEVICE;
2367 		addr_ifname = alloca(IFNAMSIZ);
2368 		memcpy(addr_ifname, dev_ifname, optlen);
2369 		addr_ifname[optlen] = 0;
2370 		ret = get_errno(setsockopt(sockfd, SOL_SOCKET, optname,
2371                                            addr_ifname, optlen));
2372 		unlock_user (dev_ifname, optval_addr, 0);
2373 		return ret;
2374 	}
2375             /* Options with 'int' argument.  */
2376         case TARGET_SO_DEBUG:
2377 		optname = SO_DEBUG;
2378 		break;
2379         case TARGET_SO_REUSEADDR:
2380 		optname = SO_REUSEADDR;
2381 		break;
2382         case TARGET_SO_TYPE:
2383 		optname = SO_TYPE;
2384 		break;
2385         case TARGET_SO_ERROR:
2386 		optname = SO_ERROR;
2387 		break;
2388         case TARGET_SO_DONTROUTE:
2389 		optname = SO_DONTROUTE;
2390 		break;
2391         case TARGET_SO_BROADCAST:
2392 		optname = SO_BROADCAST;
2393 		break;
2394         case TARGET_SO_SNDBUF:
2395 		optname = SO_SNDBUF;
2396 		break;
2397         case TARGET_SO_SNDBUFFORCE:
2398                 optname = SO_SNDBUFFORCE;
2399                 break;
2400         case TARGET_SO_RCVBUF:
2401 		optname = SO_RCVBUF;
2402 		break;
2403         case TARGET_SO_RCVBUFFORCE:
2404                 optname = SO_RCVBUFFORCE;
2405                 break;
2406         case TARGET_SO_KEEPALIVE:
2407 		optname = SO_KEEPALIVE;
2408 		break;
2409         case TARGET_SO_OOBINLINE:
2410 		optname = SO_OOBINLINE;
2411 		break;
2412         case TARGET_SO_NO_CHECK:
2413 		optname = SO_NO_CHECK;
2414 		break;
2415         case TARGET_SO_PRIORITY:
2416 		optname = SO_PRIORITY;
2417 		break;
2418 #ifdef SO_BSDCOMPAT
2419         case TARGET_SO_BSDCOMPAT:
2420 		optname = SO_BSDCOMPAT;
2421 		break;
2422 #endif
2423         case TARGET_SO_PASSCRED:
2424 		optname = SO_PASSCRED;
2425 		break;
2426         case TARGET_SO_PASSSEC:
2427                 optname = SO_PASSSEC;
2428                 break;
2429         case TARGET_SO_TIMESTAMP:
2430 		optname = SO_TIMESTAMP;
2431 		break;
2432         case TARGET_SO_RCVLOWAT:
2433 		optname = SO_RCVLOWAT;
2434 		break;
2435             break;
2436         default:
2437             goto unimplemented;
2438         }
2439 	if (optlen < sizeof(uint32_t))
2440             return -TARGET_EINVAL;
2441 
2442 	if (get_user_u32(val, optval_addr))
2443             return -TARGET_EFAULT;
2444 	ret = get_errno(setsockopt(sockfd, SOL_SOCKET, optname, &val, sizeof(val)));
2445         break;
2446     default:
2447     unimplemented:
2448         gemu_log("Unsupported setsockopt level=%d optname=%d\n", level, optname);
2449         ret = -TARGET_ENOPROTOOPT;
2450     }
2451     return ret;
2452 }
2453 
2454 /* do_getsockopt() Must return target values and target errnos. */
2455 static abi_long do_getsockopt(int sockfd, int level, int optname,
2456                               abi_ulong optval_addr, abi_ulong optlen)
2457 {
2458     abi_long ret;
2459     int len, val;
2460     socklen_t lv;
2461 
2462     switch(level) {
2463     case TARGET_SOL_SOCKET:
2464         level = SOL_SOCKET;
2465         switch (optname) {
2466         /* These don't just return a single integer */
2467         case TARGET_SO_LINGER:
2468         case TARGET_SO_RCVTIMEO:
2469         case TARGET_SO_SNDTIMEO:
2470         case TARGET_SO_PEERNAME:
2471             goto unimplemented;
2472         case TARGET_SO_PEERCRED: {
2473             struct ucred cr;
2474             socklen_t crlen;
2475             struct target_ucred *tcr;
2476 
2477             if (get_user_u32(len, optlen)) {
2478                 return -TARGET_EFAULT;
2479             }
2480             if (len < 0) {
2481                 return -TARGET_EINVAL;
2482             }
2483 
2484             crlen = sizeof(cr);
2485             ret = get_errno(getsockopt(sockfd, level, SO_PEERCRED,
2486                                        &cr, &crlen));
2487             if (ret < 0) {
2488                 return ret;
2489             }
2490             if (len > crlen) {
2491                 len = crlen;
2492             }
2493             if (!lock_user_struct(VERIFY_WRITE, tcr, optval_addr, 0)) {
2494                 return -TARGET_EFAULT;
2495             }
2496             __put_user(cr.pid, &tcr->pid);
2497             __put_user(cr.uid, &tcr->uid);
2498             __put_user(cr.gid, &tcr->gid);
2499             unlock_user_struct(tcr, optval_addr, 1);
2500             if (put_user_u32(len, optlen)) {
2501                 return -TARGET_EFAULT;
2502             }
2503             break;
2504         }
2505         /* Options with 'int' argument.  */
2506         case TARGET_SO_DEBUG:
2507             optname = SO_DEBUG;
2508             goto int_case;
2509         case TARGET_SO_REUSEADDR:
2510             optname = SO_REUSEADDR;
2511             goto int_case;
2512         case TARGET_SO_TYPE:
2513             optname = SO_TYPE;
2514             goto int_case;
2515         case TARGET_SO_ERROR:
2516             optname = SO_ERROR;
2517             goto int_case;
2518         case TARGET_SO_DONTROUTE:
2519             optname = SO_DONTROUTE;
2520             goto int_case;
2521         case TARGET_SO_BROADCAST:
2522             optname = SO_BROADCAST;
2523             goto int_case;
2524         case TARGET_SO_SNDBUF:
2525             optname = SO_SNDBUF;
2526             goto int_case;
2527         case TARGET_SO_RCVBUF:
2528             optname = SO_RCVBUF;
2529             goto int_case;
2530         case TARGET_SO_KEEPALIVE:
2531             optname = SO_KEEPALIVE;
2532             goto int_case;
2533         case TARGET_SO_OOBINLINE:
2534             optname = SO_OOBINLINE;
2535             goto int_case;
2536         case TARGET_SO_NO_CHECK:
2537             optname = SO_NO_CHECK;
2538             goto int_case;
2539         case TARGET_SO_PRIORITY:
2540             optname = SO_PRIORITY;
2541             goto int_case;
2542 #ifdef SO_BSDCOMPAT
2543         case TARGET_SO_BSDCOMPAT:
2544             optname = SO_BSDCOMPAT;
2545             goto int_case;
2546 #endif
2547         case TARGET_SO_PASSCRED:
2548             optname = SO_PASSCRED;
2549             goto int_case;
2550         case TARGET_SO_TIMESTAMP:
2551             optname = SO_TIMESTAMP;
2552             goto int_case;
2553         case TARGET_SO_RCVLOWAT:
2554             optname = SO_RCVLOWAT;
2555             goto int_case;
2556         case TARGET_SO_ACCEPTCONN:
2557             optname = SO_ACCEPTCONN;
2558             goto int_case;
2559         default:
2560             goto int_case;
2561         }
2562         break;
2563     case SOL_TCP:
2564         /* TCP options all take an 'int' value.  */
2565     int_case:
2566         if (get_user_u32(len, optlen))
2567             return -TARGET_EFAULT;
2568         if (len < 0)
2569             return -TARGET_EINVAL;
2570         lv = sizeof(lv);
2571         ret = get_errno(getsockopt(sockfd, level, optname, &val, &lv));
2572         if (ret < 0)
2573             return ret;
2574         if (optname == SO_TYPE) {
2575             val = host_to_target_sock_type(val);
2576         }
2577         if (len > lv)
2578             len = lv;
2579         if (len == 4) {
2580             if (put_user_u32(val, optval_addr))
2581                 return -TARGET_EFAULT;
2582         } else {
2583             if (put_user_u8(val, optval_addr))
2584                 return -TARGET_EFAULT;
2585         }
2586         if (put_user_u32(len, optlen))
2587             return -TARGET_EFAULT;
2588         break;
2589     case SOL_IP:
2590         switch(optname) {
2591         case IP_TOS:
2592         case IP_TTL:
2593         case IP_HDRINCL:
2594         case IP_ROUTER_ALERT:
2595         case IP_RECVOPTS:
2596         case IP_RETOPTS:
2597         case IP_PKTINFO:
2598         case IP_MTU_DISCOVER:
2599         case IP_RECVERR:
2600         case IP_RECVTOS:
2601 #ifdef IP_FREEBIND
2602         case IP_FREEBIND:
2603 #endif
2604         case IP_MULTICAST_TTL:
2605         case IP_MULTICAST_LOOP:
2606             if (get_user_u32(len, optlen))
2607                 return -TARGET_EFAULT;
2608             if (len < 0)
2609                 return -TARGET_EINVAL;
2610             lv = sizeof(lv);
2611             ret = get_errno(getsockopt(sockfd, level, optname, &val, &lv));
2612             if (ret < 0)
2613                 return ret;
2614             if (len < sizeof(int) && len > 0 && val >= 0 && val < 255) {
2615                 len = 1;
2616                 if (put_user_u32(len, optlen)
2617                     || put_user_u8(val, optval_addr))
2618                     return -TARGET_EFAULT;
2619             } else {
2620                 if (len > sizeof(int))
2621                     len = sizeof(int);
2622                 if (put_user_u32(len, optlen)
2623                     || put_user_u32(val, optval_addr))
2624                     return -TARGET_EFAULT;
2625             }
2626             break;
2627         default:
2628             ret = -TARGET_ENOPROTOOPT;
2629             break;
2630         }
2631         break;
2632     default:
2633     unimplemented:
2634         gemu_log("getsockopt level=%d optname=%d not yet supported\n",
2635                  level, optname);
2636         ret = -TARGET_EOPNOTSUPP;
2637         break;
2638     }
2639     return ret;
2640 }
2641 
2642 static struct iovec *lock_iovec(int type, abi_ulong target_addr,
2643                                 int count, int copy)
2644 {
2645     struct target_iovec *target_vec;
2646     struct iovec *vec;
2647     abi_ulong total_len, max_len;
2648     int i;
2649     int err = 0;
2650     bool bad_address = false;
2651 
2652     if (count == 0) {
2653         errno = 0;
2654         return NULL;
2655     }
2656     if (count < 0 || count > IOV_MAX) {
2657         errno = EINVAL;
2658         return NULL;
2659     }
2660 
2661     vec = g_try_new0(struct iovec, count);
2662     if (vec == NULL) {
2663         errno = ENOMEM;
2664         return NULL;
2665     }
2666 
2667     target_vec = lock_user(VERIFY_READ, target_addr,
2668                            count * sizeof(struct target_iovec), 1);
2669     if (target_vec == NULL) {
2670         err = EFAULT;
2671         goto fail2;
2672     }
2673 
2674     /* ??? If host page size > target page size, this will result in a
2675        value larger than what we can actually support.  */
2676     max_len = 0x7fffffff & TARGET_PAGE_MASK;
2677     total_len = 0;
2678 
2679     for (i = 0; i < count; i++) {
2680         abi_ulong base = tswapal(target_vec[i].iov_base);
2681         abi_long len = tswapal(target_vec[i].iov_len);
2682 
2683         if (len < 0) {
2684             err = EINVAL;
2685             goto fail;
2686         } else if (len == 0) {
2687             /* Zero length pointer is ignored.  */
2688             vec[i].iov_base = 0;
2689         } else {
2690             vec[i].iov_base = lock_user(type, base, len, copy);
2691             /* If the first buffer pointer is bad, this is a fault.  But
2692              * subsequent bad buffers will result in a partial write; this
2693              * is realized by filling the vector with null pointers and
2694              * zero lengths. */
2695             if (!vec[i].iov_base) {
2696                 if (i == 0) {
2697                     err = EFAULT;
2698                     goto fail;
2699                 } else {
2700                     bad_address = true;
2701                 }
2702             }
2703             if (bad_address) {
2704                 len = 0;
2705             }
2706             if (len > max_len - total_len) {
2707                 len = max_len - total_len;
2708             }
2709         }
2710         vec[i].iov_len = len;
2711         total_len += len;
2712     }
2713 
2714     unlock_user(target_vec, target_addr, 0);
2715     return vec;
2716 
2717  fail:
2718     while (--i >= 0) {
2719         if (tswapal(target_vec[i].iov_len) > 0) {
2720             unlock_user(vec[i].iov_base, tswapal(target_vec[i].iov_base), 0);
2721         }
2722     }
2723     unlock_user(target_vec, target_addr, 0);
2724  fail2:
2725     g_free(vec);
2726     errno = err;
2727     return NULL;
2728 }
2729 
2730 static void unlock_iovec(struct iovec *vec, abi_ulong target_addr,
2731                          int count, int copy)
2732 {
2733     struct target_iovec *target_vec;
2734     int i;
2735 
2736     target_vec = lock_user(VERIFY_READ, target_addr,
2737                            count * sizeof(struct target_iovec), 1);
2738     if (target_vec) {
2739         for (i = 0; i < count; i++) {
2740             abi_ulong base = tswapal(target_vec[i].iov_base);
2741             abi_long len = tswapal(target_vec[i].iov_len);
2742             if (len < 0) {
2743                 break;
2744             }
2745             unlock_user(vec[i].iov_base, base, copy ? vec[i].iov_len : 0);
2746         }
2747         unlock_user(target_vec, target_addr, 0);
2748     }
2749 
2750     g_free(vec);
2751 }
2752 
2753 static inline int target_to_host_sock_type(int *type)
2754 {
2755     int host_type = 0;
2756     int target_type = *type;
2757 
2758     switch (target_type & TARGET_SOCK_TYPE_MASK) {
2759     case TARGET_SOCK_DGRAM:
2760         host_type = SOCK_DGRAM;
2761         break;
2762     case TARGET_SOCK_STREAM:
2763         host_type = SOCK_STREAM;
2764         break;
2765     default:
2766         host_type = target_type & TARGET_SOCK_TYPE_MASK;
2767         break;
2768     }
2769     if (target_type & TARGET_SOCK_CLOEXEC) {
2770 #if defined(SOCK_CLOEXEC)
2771         host_type |= SOCK_CLOEXEC;
2772 #else
2773         return -TARGET_EINVAL;
2774 #endif
2775     }
2776     if (target_type & TARGET_SOCK_NONBLOCK) {
2777 #if defined(SOCK_NONBLOCK)
2778         host_type |= SOCK_NONBLOCK;
2779 #elif !defined(O_NONBLOCK)
2780         return -TARGET_EINVAL;
2781 #endif
2782     }
2783     *type = host_type;
2784     return 0;
2785 }
2786 
2787 /* Try to emulate socket type flags after socket creation.  */
2788 static int sock_flags_fixup(int fd, int target_type)
2789 {
2790 #if !defined(SOCK_NONBLOCK) && defined(O_NONBLOCK)
2791     if (target_type & TARGET_SOCK_NONBLOCK) {
2792         int flags = fcntl(fd, F_GETFL);
2793         if (fcntl(fd, F_SETFL, O_NONBLOCK | flags) == -1) {
2794             close(fd);
2795             return -TARGET_EINVAL;
2796         }
2797     }
2798 #endif
2799     return fd;
2800 }
2801 
2802 static abi_long packet_target_to_host_sockaddr(void *host_addr,
2803                                                abi_ulong target_addr,
2804                                                socklen_t len)
2805 {
2806     struct sockaddr *addr = host_addr;
2807     struct target_sockaddr *target_saddr;
2808 
2809     target_saddr = lock_user(VERIFY_READ, target_addr, len, 1);
2810     if (!target_saddr) {
2811         return -TARGET_EFAULT;
2812     }
2813 
2814     memcpy(addr, target_saddr, len);
2815     addr->sa_family = tswap16(target_saddr->sa_family);
2816     /* spkt_protocol is big-endian */
2817 
2818     unlock_user(target_saddr, target_addr, 0);
2819     return 0;
2820 }
2821 
2822 static TargetFdTrans target_packet_trans = {
2823     .target_to_host_addr = packet_target_to_host_sockaddr,
2824 };
2825 
2826 #ifdef CONFIG_RTNETLINK
2827 static abi_long netlink_route_target_to_host(void *buf, size_t len)
2828 {
2829     return target_to_host_nlmsg_route(buf, len);
2830 }
2831 
2832 static abi_long netlink_route_host_to_target(void *buf, size_t len)
2833 {
2834     return host_to_target_nlmsg_route(buf, len);
2835 }
2836 
2837 static TargetFdTrans target_netlink_route_trans = {
2838     .target_to_host_data = netlink_route_target_to_host,
2839     .host_to_target_data = netlink_route_host_to_target,
2840 };
2841 #endif /* CONFIG_RTNETLINK */
2842 
2843 static abi_long netlink_audit_target_to_host(void *buf, size_t len)
2844 {
2845     return target_to_host_nlmsg_audit(buf, len);
2846 }
2847 
2848 static abi_long netlink_audit_host_to_target(void *buf, size_t len)
2849 {
2850     return host_to_target_nlmsg_audit(buf, len);
2851 }
2852 
2853 static TargetFdTrans target_netlink_audit_trans = {
2854     .target_to_host_data = netlink_audit_target_to_host,
2855     .host_to_target_data = netlink_audit_host_to_target,
2856 };
2857 
2858 /* do_socket() Must return target values and target errnos. */
2859 static abi_long do_socket(int domain, int type, int protocol)
2860 {
2861     int target_type = type;
2862     int ret;
2863 
2864     ret = target_to_host_sock_type(&type);
2865     if (ret) {
2866         return ret;
2867     }
2868 
2869     if (domain == PF_NETLINK && !(
2870 #ifdef CONFIG_RTNETLINK
2871          protocol == NETLINK_ROUTE ||
2872 #endif
2873          protocol == NETLINK_KOBJECT_UEVENT ||
2874          protocol == NETLINK_AUDIT)) {
2875         return -EPFNOSUPPORT;
2876     }
2877 
2878     if (domain == AF_PACKET ||
2879         (domain == AF_INET && type == SOCK_PACKET)) {
2880         protocol = tswap16(protocol);
2881     }
2882 
2883     ret = get_errno(socket(domain, type, protocol));
2884     if (ret >= 0) {
2885         ret = sock_flags_fixup(ret, target_type);
2886         if (type == SOCK_PACKET) {
2887             /* Manage an obsolete case :
2888              * if socket type is SOCK_PACKET, bind by name
2889              */
2890             fd_trans_register(ret, &target_packet_trans);
2891         } else if (domain == PF_NETLINK) {
2892             switch (protocol) {
2893 #ifdef CONFIG_RTNETLINK
2894             case NETLINK_ROUTE:
2895                 fd_trans_register(ret, &target_netlink_route_trans);
2896                 break;
2897 #endif
2898             case NETLINK_KOBJECT_UEVENT:
2899                 /* nothing to do: messages are strings */
2900                 break;
2901             case NETLINK_AUDIT:
2902                 fd_trans_register(ret, &target_netlink_audit_trans);
2903                 break;
2904             default:
2905                 g_assert_not_reached();
2906             }
2907         }
2908     }
2909     return ret;
2910 }
2911 
2912 /* do_bind() Must return target values and target errnos. */
2913 static abi_long do_bind(int sockfd, abi_ulong target_addr,
2914                         socklen_t addrlen)
2915 {
2916     void *addr;
2917     abi_long ret;
2918 
2919     if ((int)addrlen < 0) {
2920         return -TARGET_EINVAL;
2921     }
2922 
2923     addr = alloca(addrlen+1);
2924 
2925     ret = target_to_host_sockaddr(sockfd, addr, target_addr, addrlen);
2926     if (ret)
2927         return ret;
2928 
2929     return get_errno(bind(sockfd, addr, addrlen));
2930 }
2931 
2932 /* do_connect() Must return target values and target errnos. */
2933 static abi_long do_connect(int sockfd, abi_ulong target_addr,
2934                            socklen_t addrlen)
2935 {
2936     void *addr;
2937     abi_long ret;
2938 
2939     if ((int)addrlen < 0) {
2940         return -TARGET_EINVAL;
2941     }
2942 
2943     addr = alloca(addrlen+1);
2944 
2945     ret = target_to_host_sockaddr(sockfd, addr, target_addr, addrlen);
2946     if (ret)
2947         return ret;
2948 
2949     return get_errno(safe_connect(sockfd, addr, addrlen));
2950 }
2951 
2952 /* do_sendrecvmsg_locked() Must return target values and target errnos. */
2953 static abi_long do_sendrecvmsg_locked(int fd, struct target_msghdr *msgp,
2954                                       int flags, int send)
2955 {
2956     abi_long ret, len;
2957     struct msghdr msg;
2958     int count;
2959     struct iovec *vec;
2960     abi_ulong target_vec;
2961 
2962     if (msgp->msg_name) {
2963         msg.msg_namelen = tswap32(msgp->msg_namelen);
2964         msg.msg_name = alloca(msg.msg_namelen+1);
2965         ret = target_to_host_sockaddr(fd, msg.msg_name,
2966                                       tswapal(msgp->msg_name),
2967                                       msg.msg_namelen);
2968         if (ret) {
2969             goto out2;
2970         }
2971     } else {
2972         msg.msg_name = NULL;
2973         msg.msg_namelen = 0;
2974     }
2975     msg.msg_controllen = 2 * tswapal(msgp->msg_controllen);
2976     msg.msg_control = alloca(msg.msg_controllen);
2977     msg.msg_flags = tswap32(msgp->msg_flags);
2978 
2979     count = tswapal(msgp->msg_iovlen);
2980     target_vec = tswapal(msgp->msg_iov);
2981     vec = lock_iovec(send ? VERIFY_READ : VERIFY_WRITE,
2982                      target_vec, count, send);
2983     if (vec == NULL) {
2984         ret = -host_to_target_errno(errno);
2985         goto out2;
2986     }
2987     msg.msg_iovlen = count;
2988     msg.msg_iov = vec;
2989 
2990     if (send) {
2991         if (fd_trans_target_to_host_data(fd)) {
2992             ret = fd_trans_target_to_host_data(fd)(msg.msg_iov->iov_base,
2993                                                    msg.msg_iov->iov_len);
2994         } else {
2995             ret = target_to_host_cmsg(&msg, msgp);
2996         }
2997         if (ret == 0) {
2998             ret = get_errno(safe_sendmsg(fd, &msg, flags));
2999         }
3000     } else {
3001         ret = get_errno(safe_recvmsg(fd, &msg, flags));
3002         if (!is_error(ret)) {
3003             len = ret;
3004             if (fd_trans_host_to_target_data(fd)) {
3005                 ret = fd_trans_host_to_target_data(fd)(msg.msg_iov->iov_base,
3006                                                        len);
3007             } else {
3008                 ret = host_to_target_cmsg(msgp, &msg);
3009             }
3010             if (!is_error(ret)) {
3011                 msgp->msg_namelen = tswap32(msg.msg_namelen);
3012                 if (msg.msg_name != NULL) {
3013                     ret = host_to_target_sockaddr(tswapal(msgp->msg_name),
3014                                     msg.msg_name, msg.msg_namelen);
3015                     if (ret) {
3016                         goto out;
3017                     }
3018                 }
3019 
3020                 ret = len;
3021             }
3022         }
3023     }
3024 
3025 out:
3026     unlock_iovec(vec, target_vec, count, !send);
3027 out2:
3028     return ret;
3029 }
3030 
3031 static abi_long do_sendrecvmsg(int fd, abi_ulong target_msg,
3032                                int flags, int send)
3033 {
3034     abi_long ret;
3035     struct target_msghdr *msgp;
3036 
3037     if (!lock_user_struct(send ? VERIFY_READ : VERIFY_WRITE,
3038                           msgp,
3039                           target_msg,
3040                           send ? 1 : 0)) {
3041         return -TARGET_EFAULT;
3042     }
3043     ret = do_sendrecvmsg_locked(fd, msgp, flags, send);
3044     unlock_user_struct(msgp, target_msg, send ? 0 : 1);
3045     return ret;
3046 }
3047 
3048 /* We don't rely on the C library to have sendmmsg/recvmmsg support,
3049  * so it might not have this *mmsg-specific flag either.
3050  */
3051 #ifndef MSG_WAITFORONE
3052 #define MSG_WAITFORONE 0x10000
3053 #endif
3054 
3055 static abi_long do_sendrecvmmsg(int fd, abi_ulong target_msgvec,
3056                                 unsigned int vlen, unsigned int flags,
3057                                 int send)
3058 {
3059     struct target_mmsghdr *mmsgp;
3060     abi_long ret = 0;
3061     int i;
3062 
3063     if (vlen > UIO_MAXIOV) {
3064         vlen = UIO_MAXIOV;
3065     }
3066 
3067     mmsgp = lock_user(VERIFY_WRITE, target_msgvec, sizeof(*mmsgp) * vlen, 1);
3068     if (!mmsgp) {
3069         return -TARGET_EFAULT;
3070     }
3071 
3072     for (i = 0; i < vlen; i++) {
3073         ret = do_sendrecvmsg_locked(fd, &mmsgp[i].msg_hdr, flags, send);
3074         if (is_error(ret)) {
3075             break;
3076         }
3077         mmsgp[i].msg_len = tswap32(ret);
3078         /* MSG_WAITFORONE turns on MSG_DONTWAIT after one packet */
3079         if (flags & MSG_WAITFORONE) {
3080             flags |= MSG_DONTWAIT;
3081         }
3082     }
3083 
3084     unlock_user(mmsgp, target_msgvec, sizeof(*mmsgp) * i);
3085 
3086     /* Return number of datagrams sent if we sent any at all;
3087      * otherwise return the error.
3088      */
3089     if (i) {
3090         return i;
3091     }
3092     return ret;
3093 }
3094 
3095 /* do_accept4() Must return target values and target errnos. */
3096 static abi_long do_accept4(int fd, abi_ulong target_addr,
3097                            abi_ulong target_addrlen_addr, int flags)
3098 {
3099     socklen_t addrlen;
3100     void *addr;
3101     abi_long ret;
3102     int host_flags;
3103 
3104     host_flags = target_to_host_bitmask(flags, fcntl_flags_tbl);
3105 
3106     if (target_addr == 0) {
3107         return get_errno(safe_accept4(fd, NULL, NULL, host_flags));
3108     }
3109 
3110     /* linux returns EINVAL if addrlen pointer is invalid */
3111     if (get_user_u32(addrlen, target_addrlen_addr))
3112         return -TARGET_EINVAL;
3113 
3114     if ((int)addrlen < 0) {
3115         return -TARGET_EINVAL;
3116     }
3117 
3118     if (!access_ok(VERIFY_WRITE, target_addr, addrlen))
3119         return -TARGET_EINVAL;
3120 
3121     addr = alloca(addrlen);
3122 
3123     ret = get_errno(safe_accept4(fd, addr, &addrlen, host_flags));
3124     if (!is_error(ret)) {
3125         host_to_target_sockaddr(target_addr, addr, addrlen);
3126         if (put_user_u32(addrlen, target_addrlen_addr))
3127             ret = -TARGET_EFAULT;
3128     }
3129     return ret;
3130 }
3131 
3132 /* do_getpeername() Must return target values and target errnos. */
3133 static abi_long do_getpeername(int fd, abi_ulong target_addr,
3134                                abi_ulong target_addrlen_addr)
3135 {
3136     socklen_t addrlen;
3137     void *addr;
3138     abi_long ret;
3139 
3140     if (get_user_u32(addrlen, target_addrlen_addr))
3141         return -TARGET_EFAULT;
3142 
3143     if ((int)addrlen < 0) {
3144         return -TARGET_EINVAL;
3145     }
3146 
3147     if (!access_ok(VERIFY_WRITE, target_addr, addrlen))
3148         return -TARGET_EFAULT;
3149 
3150     addr = alloca(addrlen);
3151 
3152     ret = get_errno(getpeername(fd, addr, &addrlen));
3153     if (!is_error(ret)) {
3154         host_to_target_sockaddr(target_addr, addr, addrlen);
3155         if (put_user_u32(addrlen, target_addrlen_addr))
3156             ret = -TARGET_EFAULT;
3157     }
3158     return ret;
3159 }
3160 
3161 /* do_getsockname() Must return target values and target errnos. */
3162 static abi_long do_getsockname(int fd, abi_ulong target_addr,
3163                                abi_ulong target_addrlen_addr)
3164 {
3165     socklen_t addrlen;
3166     void *addr;
3167     abi_long ret;
3168 
3169     if (get_user_u32(addrlen, target_addrlen_addr))
3170         return -TARGET_EFAULT;
3171 
3172     if ((int)addrlen < 0) {
3173         return -TARGET_EINVAL;
3174     }
3175 
3176     if (!access_ok(VERIFY_WRITE, target_addr, addrlen))
3177         return -TARGET_EFAULT;
3178 
3179     addr = alloca(addrlen);
3180 
3181     ret = get_errno(getsockname(fd, addr, &addrlen));
3182     if (!is_error(ret)) {
3183         host_to_target_sockaddr(target_addr, addr, addrlen);
3184         if (put_user_u32(addrlen, target_addrlen_addr))
3185             ret = -TARGET_EFAULT;
3186     }
3187     return ret;
3188 }
3189 
3190 /* do_socketpair() Must return target values and target errnos. */
3191 static abi_long do_socketpair(int domain, int type, int protocol,
3192                               abi_ulong target_tab_addr)
3193 {
3194     int tab[2];
3195     abi_long ret;
3196 
3197     target_to_host_sock_type(&type);
3198 
3199     ret = get_errno(socketpair(domain, type, protocol, tab));
3200     if (!is_error(ret)) {
3201         if (put_user_s32(tab[0], target_tab_addr)
3202             || put_user_s32(tab[1], target_tab_addr + sizeof(tab[0])))
3203             ret = -TARGET_EFAULT;
3204     }
3205     return ret;
3206 }
3207 
3208 /* do_sendto() Must return target values and target errnos. */
3209 static abi_long do_sendto(int fd, abi_ulong msg, size_t len, int flags,
3210                           abi_ulong target_addr, socklen_t addrlen)
3211 {
3212     void *addr;
3213     void *host_msg;
3214     abi_long ret;
3215 
3216     if ((int)addrlen < 0) {
3217         return -TARGET_EINVAL;
3218     }
3219 
3220     host_msg = lock_user(VERIFY_READ, msg, len, 1);
3221     if (!host_msg)
3222         return -TARGET_EFAULT;
3223     if (fd_trans_target_to_host_data(fd)) {
3224         ret = fd_trans_target_to_host_data(fd)(host_msg, len);
3225         if (ret < 0) {
3226             unlock_user(host_msg, msg, 0);
3227             return ret;
3228         }
3229     }
3230     if (target_addr) {
3231         addr = alloca(addrlen+1);
3232         ret = target_to_host_sockaddr(fd, addr, target_addr, addrlen);
3233         if (ret) {
3234             unlock_user(host_msg, msg, 0);
3235             return ret;
3236         }
3237         ret = get_errno(safe_sendto(fd, host_msg, len, flags, addr, addrlen));
3238     } else {
3239         ret = get_errno(safe_sendto(fd, host_msg, len, flags, NULL, 0));
3240     }
3241     unlock_user(host_msg, msg, 0);
3242     return ret;
3243 }
3244 
3245 /* do_recvfrom() Must return target values and target errnos. */
3246 static abi_long do_recvfrom(int fd, abi_ulong msg, size_t len, int flags,
3247                             abi_ulong target_addr,
3248                             abi_ulong target_addrlen)
3249 {
3250     socklen_t addrlen;
3251     void *addr;
3252     void *host_msg;
3253     abi_long ret;
3254 
3255     host_msg = lock_user(VERIFY_WRITE, msg, len, 0);
3256     if (!host_msg)
3257         return -TARGET_EFAULT;
3258     if (target_addr) {
3259         if (get_user_u32(addrlen, target_addrlen)) {
3260             ret = -TARGET_EFAULT;
3261             goto fail;
3262         }
3263         if ((int)addrlen < 0) {
3264             ret = -TARGET_EINVAL;
3265             goto fail;
3266         }
3267         addr = alloca(addrlen);
3268         ret = get_errno(safe_recvfrom(fd, host_msg, len, flags,
3269                                       addr, &addrlen));
3270     } else {
3271         addr = NULL; /* To keep compiler quiet.  */
3272         ret = get_errno(safe_recvfrom(fd, host_msg, len, flags, NULL, 0));
3273     }
3274     if (!is_error(ret)) {
3275         if (target_addr) {
3276             host_to_target_sockaddr(target_addr, addr, addrlen);
3277             if (put_user_u32(addrlen, target_addrlen)) {
3278                 ret = -TARGET_EFAULT;
3279                 goto fail;
3280             }
3281         }
3282         unlock_user(host_msg, msg, len);
3283     } else {
3284 fail:
3285         unlock_user(host_msg, msg, 0);
3286     }
3287     return ret;
3288 }
3289 
3290 #ifdef TARGET_NR_socketcall
3291 /* do_socketcall() Must return target values and target errnos. */
3292 static abi_long do_socketcall(int num, abi_ulong vptr)
3293 {
3294     static const unsigned ac[] = { /* number of arguments per call */
3295         [SOCKOP_socket] = 3,      /* domain, type, protocol */
3296         [SOCKOP_bind] = 3,        /* sockfd, addr, addrlen */
3297         [SOCKOP_connect] = 3,     /* sockfd, addr, addrlen */
3298         [SOCKOP_listen] = 2,      /* sockfd, backlog */
3299         [SOCKOP_accept] = 3,      /* sockfd, addr, addrlen */
3300         [SOCKOP_accept4] = 4,     /* sockfd, addr, addrlen, flags */
3301         [SOCKOP_getsockname] = 3, /* sockfd, addr, addrlen */
3302         [SOCKOP_getpeername] = 3, /* sockfd, addr, addrlen */
3303         [SOCKOP_socketpair] = 4,  /* domain, type, protocol, tab */
3304         [SOCKOP_send] = 4,        /* sockfd, msg, len, flags */
3305         [SOCKOP_recv] = 4,        /* sockfd, msg, len, flags */
3306         [SOCKOP_sendto] = 6,      /* sockfd, msg, len, flags, addr, addrlen */
3307         [SOCKOP_recvfrom] = 6,    /* sockfd, msg, len, flags, addr, addrlen */
3308         [SOCKOP_shutdown] = 2,    /* sockfd, how */
3309         [SOCKOP_sendmsg] = 3,     /* sockfd, msg, flags */
3310         [SOCKOP_recvmsg] = 3,     /* sockfd, msg, flags */
3311         [SOCKOP_sendmmsg] = 4,    /* sockfd, msgvec, vlen, flags */
3312         [SOCKOP_recvmmsg] = 4,    /* sockfd, msgvec, vlen, flags */
3313         [SOCKOP_setsockopt] = 5,  /* sockfd, level, optname, optval, optlen */
3314         [SOCKOP_getsockopt] = 5,  /* sockfd, level, optname, optval, optlen */
3315     };
3316     abi_long a[6]; /* max 6 args */
3317 
3318     /* first, collect the arguments in a[] according to ac[] */
3319     if (num >= 0 && num < ARRAY_SIZE(ac)) {
3320         unsigned i;
3321         assert(ARRAY_SIZE(a) >= ac[num]); /* ensure we have space for args */
3322         for (i = 0; i < ac[num]; ++i) {
3323             if (get_user_ual(a[i], vptr + i * sizeof(abi_long)) != 0) {
3324                 return -TARGET_EFAULT;
3325             }
3326         }
3327     }
3328 
3329     /* now when we have the args, actually handle the call */
3330     switch (num) {
3331     case SOCKOP_socket: /* domain, type, protocol */
3332         return do_socket(a[0], a[1], a[2]);
3333     case SOCKOP_bind: /* sockfd, addr, addrlen */
3334         return do_bind(a[0], a[1], a[2]);
3335     case SOCKOP_connect: /* sockfd, addr, addrlen */
3336         return do_connect(a[0], a[1], a[2]);
3337     case SOCKOP_listen: /* sockfd, backlog */
3338         return get_errno(listen(a[0], a[1]));
3339     case SOCKOP_accept: /* sockfd, addr, addrlen */
3340         return do_accept4(a[0], a[1], a[2], 0);
3341     case SOCKOP_accept4: /* sockfd, addr, addrlen, flags */
3342         return do_accept4(a[0], a[1], a[2], a[3]);
3343     case SOCKOP_getsockname: /* sockfd, addr, addrlen */
3344         return do_getsockname(a[0], a[1], a[2]);
3345     case SOCKOP_getpeername: /* sockfd, addr, addrlen */
3346         return do_getpeername(a[0], a[1], a[2]);
3347     case SOCKOP_socketpair: /* domain, type, protocol, tab */
3348         return do_socketpair(a[0], a[1], a[2], a[3]);
3349     case SOCKOP_send: /* sockfd, msg, len, flags */
3350         return do_sendto(a[0], a[1], a[2], a[3], 0, 0);
3351     case SOCKOP_recv: /* sockfd, msg, len, flags */
3352         return do_recvfrom(a[0], a[1], a[2], a[3], 0, 0);
3353     case SOCKOP_sendto: /* sockfd, msg, len, flags, addr, addrlen */
3354         return do_sendto(a[0], a[1], a[2], a[3], a[4], a[5]);
3355     case SOCKOP_recvfrom: /* sockfd, msg, len, flags, addr, addrlen */
3356         return do_recvfrom(a[0], a[1], a[2], a[3], a[4], a[5]);
3357     case SOCKOP_shutdown: /* sockfd, how */
3358         return get_errno(shutdown(a[0], a[1]));
3359     case SOCKOP_sendmsg: /* sockfd, msg, flags */
3360         return do_sendrecvmsg(a[0], a[1], a[2], 1);
3361     case SOCKOP_recvmsg: /* sockfd, msg, flags */
3362         return do_sendrecvmsg(a[0], a[1], a[2], 0);
3363     case SOCKOP_sendmmsg: /* sockfd, msgvec, vlen, flags */
3364         return do_sendrecvmmsg(a[0], a[1], a[2], a[3], 1);
3365     case SOCKOP_recvmmsg: /* sockfd, msgvec, vlen, flags */
3366         return do_sendrecvmmsg(a[0], a[1], a[2], a[3], 0);
3367     case SOCKOP_setsockopt: /* sockfd, level, optname, optval, optlen */
3368         return do_setsockopt(a[0], a[1], a[2], a[3], a[4]);
3369     case SOCKOP_getsockopt: /* sockfd, level, optname, optval, optlen */
3370         return do_getsockopt(a[0], a[1], a[2], a[3], a[4]);
3371     default:
3372         gemu_log("Unsupported socketcall: %d\n", num);
3373         return -TARGET_ENOSYS;
3374     }
3375 }
3376 #endif
3377 
3378 #define N_SHM_REGIONS	32
3379 
3380 static struct shm_region {
3381     abi_ulong start;
3382     abi_ulong size;
3383     bool in_use;
3384 } shm_regions[N_SHM_REGIONS];
3385 
3386 struct target_semid_ds
3387 {
3388   struct target_ipc_perm sem_perm;
3389   abi_ulong sem_otime;
3390 #if !defined(TARGET_PPC64)
3391   abi_ulong __unused1;
3392 #endif
3393   abi_ulong sem_ctime;
3394 #if !defined(TARGET_PPC64)
3395   abi_ulong __unused2;
3396 #endif
3397   abi_ulong sem_nsems;
3398   abi_ulong __unused3;
3399   abi_ulong __unused4;
3400 };
3401 
3402 static inline abi_long target_to_host_ipc_perm(struct ipc_perm *host_ip,
3403                                                abi_ulong target_addr)
3404 {
3405     struct target_ipc_perm *target_ip;
3406     struct target_semid_ds *target_sd;
3407 
3408     if (!lock_user_struct(VERIFY_READ, target_sd, target_addr, 1))
3409         return -TARGET_EFAULT;
3410     target_ip = &(target_sd->sem_perm);
3411     host_ip->__key = tswap32(target_ip->__key);
3412     host_ip->uid = tswap32(target_ip->uid);
3413     host_ip->gid = tswap32(target_ip->gid);
3414     host_ip->cuid = tswap32(target_ip->cuid);
3415     host_ip->cgid = tswap32(target_ip->cgid);
3416 #if defined(TARGET_ALPHA) || defined(TARGET_MIPS) || defined(TARGET_PPC)
3417     host_ip->mode = tswap32(target_ip->mode);
3418 #else
3419     host_ip->mode = tswap16(target_ip->mode);
3420 #endif
3421 #if defined(TARGET_PPC)
3422     host_ip->__seq = tswap32(target_ip->__seq);
3423 #else
3424     host_ip->__seq = tswap16(target_ip->__seq);
3425 #endif
3426     unlock_user_struct(target_sd, target_addr, 0);
3427     return 0;
3428 }
3429 
3430 static inline abi_long host_to_target_ipc_perm(abi_ulong target_addr,
3431                                                struct ipc_perm *host_ip)
3432 {
3433     struct target_ipc_perm *target_ip;
3434     struct target_semid_ds *target_sd;
3435 
3436     if (!lock_user_struct(VERIFY_WRITE, target_sd, target_addr, 0))
3437         return -TARGET_EFAULT;
3438     target_ip = &(target_sd->sem_perm);
3439     target_ip->__key = tswap32(host_ip->__key);
3440     target_ip->uid = tswap32(host_ip->uid);
3441     target_ip->gid = tswap32(host_ip->gid);
3442     target_ip->cuid = tswap32(host_ip->cuid);
3443     target_ip->cgid = tswap32(host_ip->cgid);
3444 #if defined(TARGET_ALPHA) || defined(TARGET_MIPS) || defined(TARGET_PPC)
3445     target_ip->mode = tswap32(host_ip->mode);
3446 #else
3447     target_ip->mode = tswap16(host_ip->mode);
3448 #endif
3449 #if defined(TARGET_PPC)
3450     target_ip->__seq = tswap32(host_ip->__seq);
3451 #else
3452     target_ip->__seq = tswap16(host_ip->__seq);
3453 #endif
3454     unlock_user_struct(target_sd, target_addr, 1);
3455     return 0;
3456 }
3457 
3458 static inline abi_long target_to_host_semid_ds(struct semid_ds *host_sd,
3459                                                abi_ulong target_addr)
3460 {
3461     struct target_semid_ds *target_sd;
3462 
3463     if (!lock_user_struct(VERIFY_READ, target_sd, target_addr, 1))
3464         return -TARGET_EFAULT;
3465     if (target_to_host_ipc_perm(&(host_sd->sem_perm),target_addr))
3466         return -TARGET_EFAULT;
3467     host_sd->sem_nsems = tswapal(target_sd->sem_nsems);
3468     host_sd->sem_otime = tswapal(target_sd->sem_otime);
3469     host_sd->sem_ctime = tswapal(target_sd->sem_ctime);
3470     unlock_user_struct(target_sd, target_addr, 0);
3471     return 0;
3472 }
3473 
3474 static inline abi_long host_to_target_semid_ds(abi_ulong target_addr,
3475                                                struct semid_ds *host_sd)
3476 {
3477     struct target_semid_ds *target_sd;
3478 
3479     if (!lock_user_struct(VERIFY_WRITE, target_sd, target_addr, 0))
3480         return -TARGET_EFAULT;
3481     if (host_to_target_ipc_perm(target_addr,&(host_sd->sem_perm)))
3482         return -TARGET_EFAULT;
3483     target_sd->sem_nsems = tswapal(host_sd->sem_nsems);
3484     target_sd->sem_otime = tswapal(host_sd->sem_otime);
3485     target_sd->sem_ctime = tswapal(host_sd->sem_ctime);
3486     unlock_user_struct(target_sd, target_addr, 1);
3487     return 0;
3488 }
3489 
3490 struct target_seminfo {
3491     int semmap;
3492     int semmni;
3493     int semmns;
3494     int semmnu;
3495     int semmsl;
3496     int semopm;
3497     int semume;
3498     int semusz;
3499     int semvmx;
3500     int semaem;
3501 };
3502 
3503 static inline abi_long host_to_target_seminfo(abi_ulong target_addr,
3504                                               struct seminfo *host_seminfo)
3505 {
3506     struct target_seminfo *target_seminfo;
3507     if (!lock_user_struct(VERIFY_WRITE, target_seminfo, target_addr, 0))
3508         return -TARGET_EFAULT;
3509     __put_user(host_seminfo->semmap, &target_seminfo->semmap);
3510     __put_user(host_seminfo->semmni, &target_seminfo->semmni);
3511     __put_user(host_seminfo->semmns, &target_seminfo->semmns);
3512     __put_user(host_seminfo->semmnu, &target_seminfo->semmnu);
3513     __put_user(host_seminfo->semmsl, &target_seminfo->semmsl);
3514     __put_user(host_seminfo->semopm, &target_seminfo->semopm);
3515     __put_user(host_seminfo->semume, &target_seminfo->semume);
3516     __put_user(host_seminfo->semusz, &target_seminfo->semusz);
3517     __put_user(host_seminfo->semvmx, &target_seminfo->semvmx);
3518     __put_user(host_seminfo->semaem, &target_seminfo->semaem);
3519     unlock_user_struct(target_seminfo, target_addr, 1);
3520     return 0;
3521 }
3522 
3523 union semun {
3524 	int val;
3525 	struct semid_ds *buf;
3526 	unsigned short *array;
3527 	struct seminfo *__buf;
3528 };
3529 
3530 union target_semun {
3531 	int val;
3532 	abi_ulong buf;
3533 	abi_ulong array;
3534 	abi_ulong __buf;
3535 };
3536 
3537 static inline abi_long target_to_host_semarray(int semid, unsigned short **host_array,
3538                                                abi_ulong target_addr)
3539 {
3540     int nsems;
3541     unsigned short *array;
3542     union semun semun;
3543     struct semid_ds semid_ds;
3544     int i, ret;
3545 
3546     semun.buf = &semid_ds;
3547 
3548     ret = semctl(semid, 0, IPC_STAT, semun);
3549     if (ret == -1)
3550         return get_errno(ret);
3551 
3552     nsems = semid_ds.sem_nsems;
3553 
3554     *host_array = g_try_new(unsigned short, nsems);
3555     if (!*host_array) {
3556         return -TARGET_ENOMEM;
3557     }
3558     array = lock_user(VERIFY_READ, target_addr,
3559                       nsems*sizeof(unsigned short), 1);
3560     if (!array) {
3561         g_free(*host_array);
3562         return -TARGET_EFAULT;
3563     }
3564 
3565     for(i=0; i<nsems; i++) {
3566         __get_user((*host_array)[i], &array[i]);
3567     }
3568     unlock_user(array, target_addr, 0);
3569 
3570     return 0;
3571 }
3572 
3573 static inline abi_long host_to_target_semarray(int semid, abi_ulong target_addr,
3574                                                unsigned short **host_array)
3575 {
3576     int nsems;
3577     unsigned short *array;
3578     union semun semun;
3579     struct semid_ds semid_ds;
3580     int i, ret;
3581 
3582     semun.buf = &semid_ds;
3583 
3584     ret = semctl(semid, 0, IPC_STAT, semun);
3585     if (ret == -1)
3586         return get_errno(ret);
3587 
3588     nsems = semid_ds.sem_nsems;
3589 
3590     array = lock_user(VERIFY_WRITE, target_addr,
3591                       nsems*sizeof(unsigned short), 0);
3592     if (!array)
3593         return -TARGET_EFAULT;
3594 
3595     for(i=0; i<nsems; i++) {
3596         __put_user((*host_array)[i], &array[i]);
3597     }
3598     g_free(*host_array);
3599     unlock_user(array, target_addr, 1);
3600 
3601     return 0;
3602 }
3603 
3604 static inline abi_long do_semctl(int semid, int semnum, int cmd,
3605                                  abi_ulong target_arg)
3606 {
3607     union target_semun target_su = { .buf = target_arg };
3608     union semun arg;
3609     struct semid_ds dsarg;
3610     unsigned short *array = NULL;
3611     struct seminfo seminfo;
3612     abi_long ret = -TARGET_EINVAL;
3613     abi_long err;
3614     cmd &= 0xff;
3615 
3616     switch( cmd ) {
3617 	case GETVAL:
3618 	case SETVAL:
3619             /* In 64 bit cross-endian situations, we will erroneously pick up
3620              * the wrong half of the union for the "val" element.  To rectify
3621              * this, the entire 8-byte structure is byteswapped, followed by
3622 	     * a swap of the 4 byte val field. In other cases, the data is
3623 	     * already in proper host byte order. */
3624 	    if (sizeof(target_su.val) != (sizeof(target_su.buf))) {
3625 		target_su.buf = tswapal(target_su.buf);
3626 		arg.val = tswap32(target_su.val);
3627 	    } else {
3628 		arg.val = target_su.val;
3629 	    }
3630             ret = get_errno(semctl(semid, semnum, cmd, arg));
3631             break;
3632 	case GETALL:
3633 	case SETALL:
3634             err = target_to_host_semarray(semid, &array, target_su.array);
3635             if (err)
3636                 return err;
3637             arg.array = array;
3638             ret = get_errno(semctl(semid, semnum, cmd, arg));
3639             err = host_to_target_semarray(semid, target_su.array, &array);
3640             if (err)
3641                 return err;
3642             break;
3643 	case IPC_STAT:
3644 	case IPC_SET:
3645 	case SEM_STAT:
3646             err = target_to_host_semid_ds(&dsarg, target_su.buf);
3647             if (err)
3648                 return err;
3649             arg.buf = &dsarg;
3650             ret = get_errno(semctl(semid, semnum, cmd, arg));
3651             err = host_to_target_semid_ds(target_su.buf, &dsarg);
3652             if (err)
3653                 return err;
3654             break;
3655 	case IPC_INFO:
3656 	case SEM_INFO:
3657             arg.__buf = &seminfo;
3658             ret = get_errno(semctl(semid, semnum, cmd, arg));
3659             err = host_to_target_seminfo(target_su.__buf, &seminfo);
3660             if (err)
3661                 return err;
3662             break;
3663 	case IPC_RMID:
3664 	case GETPID:
3665 	case GETNCNT:
3666 	case GETZCNT:
3667             ret = get_errno(semctl(semid, semnum, cmd, NULL));
3668             break;
3669     }
3670 
3671     return ret;
3672 }
3673 
3674 struct target_sembuf {
3675     unsigned short sem_num;
3676     short sem_op;
3677     short sem_flg;
3678 };
3679 
3680 static inline abi_long target_to_host_sembuf(struct sembuf *host_sembuf,
3681                                              abi_ulong target_addr,
3682                                              unsigned nsops)
3683 {
3684     struct target_sembuf *target_sembuf;
3685     int i;
3686 
3687     target_sembuf = lock_user(VERIFY_READ, target_addr,
3688                               nsops*sizeof(struct target_sembuf), 1);
3689     if (!target_sembuf)
3690         return -TARGET_EFAULT;
3691 
3692     for(i=0; i<nsops; i++) {
3693         __get_user(host_sembuf[i].sem_num, &target_sembuf[i].sem_num);
3694         __get_user(host_sembuf[i].sem_op, &target_sembuf[i].sem_op);
3695         __get_user(host_sembuf[i].sem_flg, &target_sembuf[i].sem_flg);
3696     }
3697 
3698     unlock_user(target_sembuf, target_addr, 0);
3699 
3700     return 0;
3701 }
3702 
3703 static inline abi_long do_semop(int semid, abi_long ptr, unsigned nsops)
3704 {
3705     struct sembuf sops[nsops];
3706 
3707     if (target_to_host_sembuf(sops, ptr, nsops))
3708         return -TARGET_EFAULT;
3709 
3710     return get_errno(safe_semtimedop(semid, sops, nsops, NULL));
3711 }
3712 
3713 struct target_msqid_ds
3714 {
3715     struct target_ipc_perm msg_perm;
3716     abi_ulong msg_stime;
3717 #if TARGET_ABI_BITS == 32
3718     abi_ulong __unused1;
3719 #endif
3720     abi_ulong msg_rtime;
3721 #if TARGET_ABI_BITS == 32
3722     abi_ulong __unused2;
3723 #endif
3724     abi_ulong msg_ctime;
3725 #if TARGET_ABI_BITS == 32
3726     abi_ulong __unused3;
3727 #endif
3728     abi_ulong __msg_cbytes;
3729     abi_ulong msg_qnum;
3730     abi_ulong msg_qbytes;
3731     abi_ulong msg_lspid;
3732     abi_ulong msg_lrpid;
3733     abi_ulong __unused4;
3734     abi_ulong __unused5;
3735 };
3736 
3737 static inline abi_long target_to_host_msqid_ds(struct msqid_ds *host_md,
3738                                                abi_ulong target_addr)
3739 {
3740     struct target_msqid_ds *target_md;
3741 
3742     if (!lock_user_struct(VERIFY_READ, target_md, target_addr, 1))
3743         return -TARGET_EFAULT;
3744     if (target_to_host_ipc_perm(&(host_md->msg_perm),target_addr))
3745         return -TARGET_EFAULT;
3746     host_md->msg_stime = tswapal(target_md->msg_stime);
3747     host_md->msg_rtime = tswapal(target_md->msg_rtime);
3748     host_md->msg_ctime = tswapal(target_md->msg_ctime);
3749     host_md->__msg_cbytes = tswapal(target_md->__msg_cbytes);
3750     host_md->msg_qnum = tswapal(target_md->msg_qnum);
3751     host_md->msg_qbytes = tswapal(target_md->msg_qbytes);
3752     host_md->msg_lspid = tswapal(target_md->msg_lspid);
3753     host_md->msg_lrpid = tswapal(target_md->msg_lrpid);
3754     unlock_user_struct(target_md, target_addr, 0);
3755     return 0;
3756 }
3757 
3758 static inline abi_long host_to_target_msqid_ds(abi_ulong target_addr,
3759                                                struct msqid_ds *host_md)
3760 {
3761     struct target_msqid_ds *target_md;
3762 
3763     if (!lock_user_struct(VERIFY_WRITE, target_md, target_addr, 0))
3764         return -TARGET_EFAULT;
3765     if (host_to_target_ipc_perm(target_addr,&(host_md->msg_perm)))
3766         return -TARGET_EFAULT;
3767     target_md->msg_stime = tswapal(host_md->msg_stime);
3768     target_md->msg_rtime = tswapal(host_md->msg_rtime);
3769     target_md->msg_ctime = tswapal(host_md->msg_ctime);
3770     target_md->__msg_cbytes = tswapal(host_md->__msg_cbytes);
3771     target_md->msg_qnum = tswapal(host_md->msg_qnum);
3772     target_md->msg_qbytes = tswapal(host_md->msg_qbytes);
3773     target_md->msg_lspid = tswapal(host_md->msg_lspid);
3774     target_md->msg_lrpid = tswapal(host_md->msg_lrpid);
3775     unlock_user_struct(target_md, target_addr, 1);
3776     return 0;
3777 }
3778 
3779 struct target_msginfo {
3780     int msgpool;
3781     int msgmap;
3782     int msgmax;
3783     int msgmnb;
3784     int msgmni;
3785     int msgssz;
3786     int msgtql;
3787     unsigned short int msgseg;
3788 };
3789 
3790 static inline abi_long host_to_target_msginfo(abi_ulong target_addr,
3791                                               struct msginfo *host_msginfo)
3792 {
3793     struct target_msginfo *target_msginfo;
3794     if (!lock_user_struct(VERIFY_WRITE, target_msginfo, target_addr, 0))
3795         return -TARGET_EFAULT;
3796     __put_user(host_msginfo->msgpool, &target_msginfo->msgpool);
3797     __put_user(host_msginfo->msgmap, &target_msginfo->msgmap);
3798     __put_user(host_msginfo->msgmax, &target_msginfo->msgmax);
3799     __put_user(host_msginfo->msgmnb, &target_msginfo->msgmnb);
3800     __put_user(host_msginfo->msgmni, &target_msginfo->msgmni);
3801     __put_user(host_msginfo->msgssz, &target_msginfo->msgssz);
3802     __put_user(host_msginfo->msgtql, &target_msginfo->msgtql);
3803     __put_user(host_msginfo->msgseg, &target_msginfo->msgseg);
3804     unlock_user_struct(target_msginfo, target_addr, 1);
3805     return 0;
3806 }
3807 
3808 static inline abi_long do_msgctl(int msgid, int cmd, abi_long ptr)
3809 {
3810     struct msqid_ds dsarg;
3811     struct msginfo msginfo;
3812     abi_long ret = -TARGET_EINVAL;
3813 
3814     cmd &= 0xff;
3815 
3816     switch (cmd) {
3817     case IPC_STAT:
3818     case IPC_SET:
3819     case MSG_STAT:
3820         if (target_to_host_msqid_ds(&dsarg,ptr))
3821             return -TARGET_EFAULT;
3822         ret = get_errno(msgctl(msgid, cmd, &dsarg));
3823         if (host_to_target_msqid_ds(ptr,&dsarg))
3824             return -TARGET_EFAULT;
3825         break;
3826     case IPC_RMID:
3827         ret = get_errno(msgctl(msgid, cmd, NULL));
3828         break;
3829     case IPC_INFO:
3830     case MSG_INFO:
3831         ret = get_errno(msgctl(msgid, cmd, (struct msqid_ds *)&msginfo));
3832         if (host_to_target_msginfo(ptr, &msginfo))
3833             return -TARGET_EFAULT;
3834         break;
3835     }
3836 
3837     return ret;
3838 }
3839 
3840 struct target_msgbuf {
3841     abi_long mtype;
3842     char	mtext[1];
3843 };
3844 
3845 static inline abi_long do_msgsnd(int msqid, abi_long msgp,
3846                                  ssize_t msgsz, int msgflg)
3847 {
3848     struct target_msgbuf *target_mb;
3849     struct msgbuf *host_mb;
3850     abi_long ret = 0;
3851 
3852     if (msgsz < 0) {
3853         return -TARGET_EINVAL;
3854     }
3855 
3856     if (!lock_user_struct(VERIFY_READ, target_mb, msgp, 0))
3857         return -TARGET_EFAULT;
3858     host_mb = g_try_malloc(msgsz + sizeof(long));
3859     if (!host_mb) {
3860         unlock_user_struct(target_mb, msgp, 0);
3861         return -TARGET_ENOMEM;
3862     }
3863     host_mb->mtype = (abi_long) tswapal(target_mb->mtype);
3864     memcpy(host_mb->mtext, target_mb->mtext, msgsz);
3865     ret = get_errno(safe_msgsnd(msqid, host_mb, msgsz, msgflg));
3866     g_free(host_mb);
3867     unlock_user_struct(target_mb, msgp, 0);
3868 
3869     return ret;
3870 }
3871 
3872 static inline abi_long do_msgrcv(int msqid, abi_long msgp,
3873                                  ssize_t msgsz, abi_long msgtyp,
3874                                  int msgflg)
3875 {
3876     struct target_msgbuf *target_mb;
3877     char *target_mtext;
3878     struct msgbuf *host_mb;
3879     abi_long ret = 0;
3880 
3881     if (msgsz < 0) {
3882         return -TARGET_EINVAL;
3883     }
3884 
3885     if (!lock_user_struct(VERIFY_WRITE, target_mb, msgp, 0))
3886         return -TARGET_EFAULT;
3887 
3888     host_mb = g_try_malloc(msgsz + sizeof(long));
3889     if (!host_mb) {
3890         ret = -TARGET_ENOMEM;
3891         goto end;
3892     }
3893     ret = get_errno(safe_msgrcv(msqid, host_mb, msgsz, msgtyp, msgflg));
3894 
3895     if (ret > 0) {
3896         abi_ulong target_mtext_addr = msgp + sizeof(abi_ulong);
3897         target_mtext = lock_user(VERIFY_WRITE, target_mtext_addr, ret, 0);
3898         if (!target_mtext) {
3899             ret = -TARGET_EFAULT;
3900             goto end;
3901         }
3902         memcpy(target_mb->mtext, host_mb->mtext, ret);
3903         unlock_user(target_mtext, target_mtext_addr, ret);
3904     }
3905 
3906     target_mb->mtype = tswapal(host_mb->mtype);
3907 
3908 end:
3909     if (target_mb)
3910         unlock_user_struct(target_mb, msgp, 1);
3911     g_free(host_mb);
3912     return ret;
3913 }
3914 
3915 static inline abi_long target_to_host_shmid_ds(struct shmid_ds *host_sd,
3916                                                abi_ulong target_addr)
3917 {
3918     struct target_shmid_ds *target_sd;
3919 
3920     if (!lock_user_struct(VERIFY_READ, target_sd, target_addr, 1))
3921         return -TARGET_EFAULT;
3922     if (target_to_host_ipc_perm(&(host_sd->shm_perm), target_addr))
3923         return -TARGET_EFAULT;
3924     __get_user(host_sd->shm_segsz, &target_sd->shm_segsz);
3925     __get_user(host_sd->shm_atime, &target_sd->shm_atime);
3926     __get_user(host_sd->shm_dtime, &target_sd->shm_dtime);
3927     __get_user(host_sd->shm_ctime, &target_sd->shm_ctime);
3928     __get_user(host_sd->shm_cpid, &target_sd->shm_cpid);
3929     __get_user(host_sd->shm_lpid, &target_sd->shm_lpid);
3930     __get_user(host_sd->shm_nattch, &target_sd->shm_nattch);
3931     unlock_user_struct(target_sd, target_addr, 0);
3932     return 0;
3933 }
3934 
3935 static inline abi_long host_to_target_shmid_ds(abi_ulong target_addr,
3936                                                struct shmid_ds *host_sd)
3937 {
3938     struct target_shmid_ds *target_sd;
3939 
3940     if (!lock_user_struct(VERIFY_WRITE, target_sd, target_addr, 0))
3941         return -TARGET_EFAULT;
3942     if (host_to_target_ipc_perm(target_addr, &(host_sd->shm_perm)))
3943         return -TARGET_EFAULT;
3944     __put_user(host_sd->shm_segsz, &target_sd->shm_segsz);
3945     __put_user(host_sd->shm_atime, &target_sd->shm_atime);
3946     __put_user(host_sd->shm_dtime, &target_sd->shm_dtime);
3947     __put_user(host_sd->shm_ctime, &target_sd->shm_ctime);
3948     __put_user(host_sd->shm_cpid, &target_sd->shm_cpid);
3949     __put_user(host_sd->shm_lpid, &target_sd->shm_lpid);
3950     __put_user(host_sd->shm_nattch, &target_sd->shm_nattch);
3951     unlock_user_struct(target_sd, target_addr, 1);
3952     return 0;
3953 }
3954 
3955 struct  target_shminfo {
3956     abi_ulong shmmax;
3957     abi_ulong shmmin;
3958     abi_ulong shmmni;
3959     abi_ulong shmseg;
3960     abi_ulong shmall;
3961 };
3962 
3963 static inline abi_long host_to_target_shminfo(abi_ulong target_addr,
3964                                               struct shminfo *host_shminfo)
3965 {
3966     struct target_shminfo *target_shminfo;
3967     if (!lock_user_struct(VERIFY_WRITE, target_shminfo, target_addr, 0))
3968         return -TARGET_EFAULT;
3969     __put_user(host_shminfo->shmmax, &target_shminfo->shmmax);
3970     __put_user(host_shminfo->shmmin, &target_shminfo->shmmin);
3971     __put_user(host_shminfo->shmmni, &target_shminfo->shmmni);
3972     __put_user(host_shminfo->shmseg, &target_shminfo->shmseg);
3973     __put_user(host_shminfo->shmall, &target_shminfo->shmall);
3974     unlock_user_struct(target_shminfo, target_addr, 1);
3975     return 0;
3976 }
3977 
3978 struct target_shm_info {
3979     int used_ids;
3980     abi_ulong shm_tot;
3981     abi_ulong shm_rss;
3982     abi_ulong shm_swp;
3983     abi_ulong swap_attempts;
3984     abi_ulong swap_successes;
3985 };
3986 
3987 static inline abi_long host_to_target_shm_info(abi_ulong target_addr,
3988                                                struct shm_info *host_shm_info)
3989 {
3990     struct target_shm_info *target_shm_info;
3991     if (!lock_user_struct(VERIFY_WRITE, target_shm_info, target_addr, 0))
3992         return -TARGET_EFAULT;
3993     __put_user(host_shm_info->used_ids, &target_shm_info->used_ids);
3994     __put_user(host_shm_info->shm_tot, &target_shm_info->shm_tot);
3995     __put_user(host_shm_info->shm_rss, &target_shm_info->shm_rss);
3996     __put_user(host_shm_info->shm_swp, &target_shm_info->shm_swp);
3997     __put_user(host_shm_info->swap_attempts, &target_shm_info->swap_attempts);
3998     __put_user(host_shm_info->swap_successes, &target_shm_info->swap_successes);
3999     unlock_user_struct(target_shm_info, target_addr, 1);
4000     return 0;
4001 }
4002 
4003 static inline abi_long do_shmctl(int shmid, int cmd, abi_long buf)
4004 {
4005     struct shmid_ds dsarg;
4006     struct shminfo shminfo;
4007     struct shm_info shm_info;
4008     abi_long ret = -TARGET_EINVAL;
4009 
4010     cmd &= 0xff;
4011 
4012     switch(cmd) {
4013     case IPC_STAT:
4014     case IPC_SET:
4015     case SHM_STAT:
4016         if (target_to_host_shmid_ds(&dsarg, buf))
4017             return -TARGET_EFAULT;
4018         ret = get_errno(shmctl(shmid, cmd, &dsarg));
4019         if (host_to_target_shmid_ds(buf, &dsarg))
4020             return -TARGET_EFAULT;
4021         break;
4022     case IPC_INFO:
4023         ret = get_errno(shmctl(shmid, cmd, (struct shmid_ds *)&shminfo));
4024         if (host_to_target_shminfo(buf, &shminfo))
4025             return -TARGET_EFAULT;
4026         break;
4027     case SHM_INFO:
4028         ret = get_errno(shmctl(shmid, cmd, (struct shmid_ds *)&shm_info));
4029         if (host_to_target_shm_info(buf, &shm_info))
4030             return -TARGET_EFAULT;
4031         break;
4032     case IPC_RMID:
4033     case SHM_LOCK:
4034     case SHM_UNLOCK:
4035         ret = get_errno(shmctl(shmid, cmd, NULL));
4036         break;
4037     }
4038 
4039     return ret;
4040 }
4041 
4042 static inline abi_ulong do_shmat(int shmid, abi_ulong shmaddr, int shmflg)
4043 {
4044     abi_long raddr;
4045     void *host_raddr;
4046     struct shmid_ds shm_info;
4047     int i,ret;
4048 
4049     /* find out the length of the shared memory segment */
4050     ret = get_errno(shmctl(shmid, IPC_STAT, &shm_info));
4051     if (is_error(ret)) {
4052         /* can't get length, bail out */
4053         return ret;
4054     }
4055 
4056     mmap_lock();
4057 
4058     if (shmaddr)
4059         host_raddr = shmat(shmid, (void *)g2h(shmaddr), shmflg);
4060     else {
4061         abi_ulong mmap_start;
4062 
4063         mmap_start = mmap_find_vma(0, shm_info.shm_segsz);
4064 
4065         if (mmap_start == -1) {
4066             errno = ENOMEM;
4067             host_raddr = (void *)-1;
4068         } else
4069             host_raddr = shmat(shmid, g2h(mmap_start), shmflg | SHM_REMAP);
4070     }
4071 
4072     if (host_raddr == (void *)-1) {
4073         mmap_unlock();
4074         return get_errno((long)host_raddr);
4075     }
4076     raddr=h2g((unsigned long)host_raddr);
4077 
4078     page_set_flags(raddr, raddr + shm_info.shm_segsz,
4079                    PAGE_VALID | PAGE_READ |
4080                    ((shmflg & SHM_RDONLY)? 0 : PAGE_WRITE));
4081 
4082     for (i = 0; i < N_SHM_REGIONS; i++) {
4083         if (!shm_regions[i].in_use) {
4084             shm_regions[i].in_use = true;
4085             shm_regions[i].start = raddr;
4086             shm_regions[i].size = shm_info.shm_segsz;
4087             break;
4088         }
4089     }
4090 
4091     mmap_unlock();
4092     return raddr;
4093 
4094 }
4095 
4096 static inline abi_long do_shmdt(abi_ulong shmaddr)
4097 {
4098     int i;
4099 
4100     for (i = 0; i < N_SHM_REGIONS; ++i) {
4101         if (shm_regions[i].in_use && shm_regions[i].start == shmaddr) {
4102             shm_regions[i].in_use = false;
4103             page_set_flags(shmaddr, shmaddr + shm_regions[i].size, 0);
4104             break;
4105         }
4106     }
4107 
4108     return get_errno(shmdt(g2h(shmaddr)));
4109 }
4110 
4111 #ifdef TARGET_NR_ipc
4112 /* ??? This only works with linear mappings.  */
4113 /* do_ipc() must return target values and target errnos. */
4114 static abi_long do_ipc(unsigned int call, abi_long first,
4115                        abi_long second, abi_long third,
4116                        abi_long ptr, abi_long fifth)
4117 {
4118     int version;
4119     abi_long ret = 0;
4120 
4121     version = call >> 16;
4122     call &= 0xffff;
4123 
4124     switch (call) {
4125     case IPCOP_semop:
4126         ret = do_semop(first, ptr, second);
4127         break;
4128 
4129     case IPCOP_semget:
4130         ret = get_errno(semget(first, second, third));
4131         break;
4132 
4133     case IPCOP_semctl: {
4134         /* The semun argument to semctl is passed by value, so dereference the
4135          * ptr argument. */
4136         abi_ulong atptr;
4137         get_user_ual(atptr, ptr);
4138         ret = do_semctl(first, second, third, atptr);
4139         break;
4140     }
4141 
4142     case IPCOP_msgget:
4143         ret = get_errno(msgget(first, second));
4144         break;
4145 
4146     case IPCOP_msgsnd:
4147         ret = do_msgsnd(first, ptr, second, third);
4148         break;
4149 
4150     case IPCOP_msgctl:
4151         ret = do_msgctl(first, second, ptr);
4152         break;
4153 
4154     case IPCOP_msgrcv:
4155         switch (version) {
4156         case 0:
4157             {
4158                 struct target_ipc_kludge {
4159                     abi_long msgp;
4160                     abi_long msgtyp;
4161                 } *tmp;
4162 
4163                 if (!lock_user_struct(VERIFY_READ, tmp, ptr, 1)) {
4164                     ret = -TARGET_EFAULT;
4165                     break;
4166                 }
4167 
4168                 ret = do_msgrcv(first, tswapal(tmp->msgp), second, tswapal(tmp->msgtyp), third);
4169 
4170                 unlock_user_struct(tmp, ptr, 0);
4171                 break;
4172             }
4173         default:
4174             ret = do_msgrcv(first, ptr, second, fifth, third);
4175         }
4176         break;
4177 
4178     case IPCOP_shmat:
4179         switch (version) {
4180         default:
4181         {
4182             abi_ulong raddr;
4183             raddr = do_shmat(first, ptr, second);
4184             if (is_error(raddr))
4185                 return get_errno(raddr);
4186             if (put_user_ual(raddr, third))
4187                 return -TARGET_EFAULT;
4188             break;
4189         }
4190         case 1:
4191             ret = -TARGET_EINVAL;
4192             break;
4193         }
4194 	break;
4195     case IPCOP_shmdt:
4196         ret = do_shmdt(ptr);
4197 	break;
4198 
4199     case IPCOP_shmget:
4200 	/* IPC_* flag values are the same on all linux platforms */
4201 	ret = get_errno(shmget(first, second, third));
4202 	break;
4203 
4204 	/* IPC_* and SHM_* command values are the same on all linux platforms */
4205     case IPCOP_shmctl:
4206         ret = do_shmctl(first, second, ptr);
4207         break;
4208     default:
4209 	gemu_log("Unsupported ipc call: %d (version %d)\n", call, version);
4210 	ret = -TARGET_ENOSYS;
4211 	break;
4212     }
4213     return ret;
4214 }
4215 #endif
4216 
4217 /* kernel structure types definitions */
4218 
4219 #define STRUCT(name, ...) STRUCT_ ## name,
4220 #define STRUCT_SPECIAL(name) STRUCT_ ## name,
4221 enum {
4222 #include "syscall_types.h"
4223 STRUCT_MAX
4224 };
4225 #undef STRUCT
4226 #undef STRUCT_SPECIAL
4227 
4228 #define STRUCT(name, ...) static const argtype struct_ ## name ## _def[] = {  __VA_ARGS__, TYPE_NULL };
4229 #define STRUCT_SPECIAL(name)
4230 #include "syscall_types.h"
4231 #undef STRUCT
4232 #undef STRUCT_SPECIAL
4233 
4234 typedef struct IOCTLEntry IOCTLEntry;
4235 
4236 typedef abi_long do_ioctl_fn(const IOCTLEntry *ie, uint8_t *buf_temp,
4237                              int fd, int cmd, abi_long arg);
4238 
4239 struct IOCTLEntry {
4240     int target_cmd;
4241     unsigned int host_cmd;
4242     const char *name;
4243     int access;
4244     do_ioctl_fn *do_ioctl;
4245     const argtype arg_type[5];
4246 };
4247 
4248 #define IOC_R 0x0001
4249 #define IOC_W 0x0002
4250 #define IOC_RW (IOC_R | IOC_W)
4251 
4252 #define MAX_STRUCT_SIZE 4096
4253 
4254 #ifdef CONFIG_FIEMAP
4255 /* So fiemap access checks don't overflow on 32 bit systems.
4256  * This is very slightly smaller than the limit imposed by
4257  * the underlying kernel.
4258  */
4259 #define FIEMAP_MAX_EXTENTS ((UINT_MAX - sizeof(struct fiemap))  \
4260                             / sizeof(struct fiemap_extent))
4261 
4262 static abi_long do_ioctl_fs_ioc_fiemap(const IOCTLEntry *ie, uint8_t *buf_temp,
4263                                        int fd, int cmd, abi_long arg)
4264 {
4265     /* The parameter for this ioctl is a struct fiemap followed
4266      * by an array of struct fiemap_extent whose size is set
4267      * in fiemap->fm_extent_count. The array is filled in by the
4268      * ioctl.
4269      */
4270     int target_size_in, target_size_out;
4271     struct fiemap *fm;
4272     const argtype *arg_type = ie->arg_type;
4273     const argtype extent_arg_type[] = { MK_STRUCT(STRUCT_fiemap_extent) };
4274     void *argptr, *p;
4275     abi_long ret;
4276     int i, extent_size = thunk_type_size(extent_arg_type, 0);
4277     uint32_t outbufsz;
4278     int free_fm = 0;
4279 
4280     assert(arg_type[0] == TYPE_PTR);
4281     assert(ie->access == IOC_RW);
4282     arg_type++;
4283     target_size_in = thunk_type_size(arg_type, 0);
4284     argptr = lock_user(VERIFY_READ, arg, target_size_in, 1);
4285     if (!argptr) {
4286         return -TARGET_EFAULT;
4287     }
4288     thunk_convert(buf_temp, argptr, arg_type, THUNK_HOST);
4289     unlock_user(argptr, arg, 0);
4290     fm = (struct fiemap *)buf_temp;
4291     if (fm->fm_extent_count > FIEMAP_MAX_EXTENTS) {
4292         return -TARGET_EINVAL;
4293     }
4294 
4295     outbufsz = sizeof (*fm) +
4296         (sizeof(struct fiemap_extent) * fm->fm_extent_count);
4297 
4298     if (outbufsz > MAX_STRUCT_SIZE) {
4299         /* We can't fit all the extents into the fixed size buffer.
4300          * Allocate one that is large enough and use it instead.
4301          */
4302         fm = g_try_malloc(outbufsz);
4303         if (!fm) {
4304             return -TARGET_ENOMEM;
4305         }
4306         memcpy(fm, buf_temp, sizeof(struct fiemap));
4307         free_fm = 1;
4308     }
4309     ret = get_errno(safe_ioctl(fd, ie->host_cmd, fm));
4310     if (!is_error(ret)) {
4311         target_size_out = target_size_in;
4312         /* An extent_count of 0 means we were only counting the extents
4313          * so there are no structs to copy
4314          */
4315         if (fm->fm_extent_count != 0) {
4316             target_size_out += fm->fm_mapped_extents * extent_size;
4317         }
4318         argptr = lock_user(VERIFY_WRITE, arg, target_size_out, 0);
4319         if (!argptr) {
4320             ret = -TARGET_EFAULT;
4321         } else {
4322             /* Convert the struct fiemap */
4323             thunk_convert(argptr, fm, arg_type, THUNK_TARGET);
4324             if (fm->fm_extent_count != 0) {
4325                 p = argptr + target_size_in;
4326                 /* ...and then all the struct fiemap_extents */
4327                 for (i = 0; i < fm->fm_mapped_extents; i++) {
4328                     thunk_convert(p, &fm->fm_extents[i], extent_arg_type,
4329                                   THUNK_TARGET);
4330                     p += extent_size;
4331                 }
4332             }
4333             unlock_user(argptr, arg, target_size_out);
4334         }
4335     }
4336     if (free_fm) {
4337         g_free(fm);
4338     }
4339     return ret;
4340 }
4341 #endif
4342 
4343 static abi_long do_ioctl_ifconf(const IOCTLEntry *ie, uint8_t *buf_temp,
4344                                 int fd, int cmd, abi_long arg)
4345 {
4346     const argtype *arg_type = ie->arg_type;
4347     int target_size;
4348     void *argptr;
4349     int ret;
4350     struct ifconf *host_ifconf;
4351     uint32_t outbufsz;
4352     const argtype ifreq_arg_type[] = { MK_STRUCT(STRUCT_sockaddr_ifreq) };
4353     int target_ifreq_size;
4354     int nb_ifreq;
4355     int free_buf = 0;
4356     int i;
4357     int target_ifc_len;
4358     abi_long target_ifc_buf;
4359     int host_ifc_len;
4360     char *host_ifc_buf;
4361 
4362     assert(arg_type[0] == TYPE_PTR);
4363     assert(ie->access == IOC_RW);
4364 
4365     arg_type++;
4366     target_size = thunk_type_size(arg_type, 0);
4367 
4368     argptr = lock_user(VERIFY_READ, arg, target_size, 1);
4369     if (!argptr)
4370         return -TARGET_EFAULT;
4371     thunk_convert(buf_temp, argptr, arg_type, THUNK_HOST);
4372     unlock_user(argptr, arg, 0);
4373 
4374     host_ifconf = (struct ifconf *)(unsigned long)buf_temp;
4375     target_ifc_len = host_ifconf->ifc_len;
4376     target_ifc_buf = (abi_long)(unsigned long)host_ifconf->ifc_buf;
4377 
4378     target_ifreq_size = thunk_type_size(ifreq_arg_type, 0);
4379     nb_ifreq = target_ifc_len / target_ifreq_size;
4380     host_ifc_len = nb_ifreq * sizeof(struct ifreq);
4381 
4382     outbufsz = sizeof(*host_ifconf) + host_ifc_len;
4383     if (outbufsz > MAX_STRUCT_SIZE) {
4384         /* We can't fit all the extents into the fixed size buffer.
4385          * Allocate one that is large enough and use it instead.
4386          */
4387         host_ifconf = malloc(outbufsz);
4388         if (!host_ifconf) {
4389             return -TARGET_ENOMEM;
4390         }
4391         memcpy(host_ifconf, buf_temp, sizeof(*host_ifconf));
4392         free_buf = 1;
4393     }
4394     host_ifc_buf = (char*)host_ifconf + sizeof(*host_ifconf);
4395 
4396     host_ifconf->ifc_len = host_ifc_len;
4397     host_ifconf->ifc_buf = host_ifc_buf;
4398 
4399     ret = get_errno(safe_ioctl(fd, ie->host_cmd, host_ifconf));
4400     if (!is_error(ret)) {
4401 	/* convert host ifc_len to target ifc_len */
4402 
4403         nb_ifreq = host_ifconf->ifc_len / sizeof(struct ifreq);
4404         target_ifc_len = nb_ifreq * target_ifreq_size;
4405         host_ifconf->ifc_len = target_ifc_len;
4406 
4407 	/* restore target ifc_buf */
4408 
4409         host_ifconf->ifc_buf = (char *)(unsigned long)target_ifc_buf;
4410 
4411 	/* copy struct ifconf to target user */
4412 
4413         argptr = lock_user(VERIFY_WRITE, arg, target_size, 0);
4414         if (!argptr)
4415             return -TARGET_EFAULT;
4416         thunk_convert(argptr, host_ifconf, arg_type, THUNK_TARGET);
4417         unlock_user(argptr, arg, target_size);
4418 
4419 	/* copy ifreq[] to target user */
4420 
4421         argptr = lock_user(VERIFY_WRITE, target_ifc_buf, target_ifc_len, 0);
4422         for (i = 0; i < nb_ifreq ; i++) {
4423             thunk_convert(argptr + i * target_ifreq_size,
4424                           host_ifc_buf + i * sizeof(struct ifreq),
4425                           ifreq_arg_type, THUNK_TARGET);
4426         }
4427         unlock_user(argptr, target_ifc_buf, target_ifc_len);
4428     }
4429 
4430     if (free_buf) {
4431         free(host_ifconf);
4432     }
4433 
4434     return ret;
4435 }
4436 
4437 static abi_long do_ioctl_dm(const IOCTLEntry *ie, uint8_t *buf_temp, int fd,
4438                             int cmd, abi_long arg)
4439 {
4440     void *argptr;
4441     struct dm_ioctl *host_dm;
4442     abi_long guest_data;
4443     uint32_t guest_data_size;
4444     int target_size;
4445     const argtype *arg_type = ie->arg_type;
4446     abi_long ret;
4447     void *big_buf = NULL;
4448     char *host_data;
4449 
4450     arg_type++;
4451     target_size = thunk_type_size(arg_type, 0);
4452     argptr = lock_user(VERIFY_READ, arg, target_size, 1);
4453     if (!argptr) {
4454         ret = -TARGET_EFAULT;
4455         goto out;
4456     }
4457     thunk_convert(buf_temp, argptr, arg_type, THUNK_HOST);
4458     unlock_user(argptr, arg, 0);
4459 
4460     /* buf_temp is too small, so fetch things into a bigger buffer */
4461     big_buf = g_malloc0(((struct dm_ioctl*)buf_temp)->data_size * 2);
4462     memcpy(big_buf, buf_temp, target_size);
4463     buf_temp = big_buf;
4464     host_dm = big_buf;
4465 
4466     guest_data = arg + host_dm->data_start;
4467     if ((guest_data - arg) < 0) {
4468         ret = -EINVAL;
4469         goto out;
4470     }
4471     guest_data_size = host_dm->data_size - host_dm->data_start;
4472     host_data = (char*)host_dm + host_dm->data_start;
4473 
4474     argptr = lock_user(VERIFY_READ, guest_data, guest_data_size, 1);
4475     switch (ie->host_cmd) {
4476     case DM_REMOVE_ALL:
4477     case DM_LIST_DEVICES:
4478     case DM_DEV_CREATE:
4479     case DM_DEV_REMOVE:
4480     case DM_DEV_SUSPEND:
4481     case DM_DEV_STATUS:
4482     case DM_DEV_WAIT:
4483     case DM_TABLE_STATUS:
4484     case DM_TABLE_CLEAR:
4485     case DM_TABLE_DEPS:
4486     case DM_LIST_VERSIONS:
4487         /* no input data */
4488         break;
4489     case DM_DEV_RENAME:
4490     case DM_DEV_SET_GEOMETRY:
4491         /* data contains only strings */
4492         memcpy(host_data, argptr, guest_data_size);
4493         break;
4494     case DM_TARGET_MSG:
4495         memcpy(host_data, argptr, guest_data_size);
4496         *(uint64_t*)host_data = tswap64(*(uint64_t*)argptr);
4497         break;
4498     case DM_TABLE_LOAD:
4499     {
4500         void *gspec = argptr;
4501         void *cur_data = host_data;
4502         const argtype arg_type[] = { MK_STRUCT(STRUCT_dm_target_spec) };
4503         int spec_size = thunk_type_size(arg_type, 0);
4504         int i;
4505 
4506         for (i = 0; i < host_dm->target_count; i++) {
4507             struct dm_target_spec *spec = cur_data;
4508             uint32_t next;
4509             int slen;
4510 
4511             thunk_convert(spec, gspec, arg_type, THUNK_HOST);
4512             slen = strlen((char*)gspec + spec_size) + 1;
4513             next = spec->next;
4514             spec->next = sizeof(*spec) + slen;
4515             strcpy((char*)&spec[1], gspec + spec_size);
4516             gspec += next;
4517             cur_data += spec->next;
4518         }
4519         break;
4520     }
4521     default:
4522         ret = -TARGET_EINVAL;
4523         unlock_user(argptr, guest_data, 0);
4524         goto out;
4525     }
4526     unlock_user(argptr, guest_data, 0);
4527 
4528     ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp));
4529     if (!is_error(ret)) {
4530         guest_data = arg + host_dm->data_start;
4531         guest_data_size = host_dm->data_size - host_dm->data_start;
4532         argptr = lock_user(VERIFY_WRITE, guest_data, guest_data_size, 0);
4533         switch (ie->host_cmd) {
4534         case DM_REMOVE_ALL:
4535         case DM_DEV_CREATE:
4536         case DM_DEV_REMOVE:
4537         case DM_DEV_RENAME:
4538         case DM_DEV_SUSPEND:
4539         case DM_DEV_STATUS:
4540         case DM_TABLE_LOAD:
4541         case DM_TABLE_CLEAR:
4542         case DM_TARGET_MSG:
4543         case DM_DEV_SET_GEOMETRY:
4544             /* no return data */
4545             break;
4546         case DM_LIST_DEVICES:
4547         {
4548             struct dm_name_list *nl = (void*)host_dm + host_dm->data_start;
4549             uint32_t remaining_data = guest_data_size;
4550             void *cur_data = argptr;
4551             const argtype arg_type[] = { MK_STRUCT(STRUCT_dm_name_list) };
4552             int nl_size = 12; /* can't use thunk_size due to alignment */
4553 
4554             while (1) {
4555                 uint32_t next = nl->next;
4556                 if (next) {
4557                     nl->next = nl_size + (strlen(nl->name) + 1);
4558                 }
4559                 if (remaining_data < nl->next) {
4560                     host_dm->flags |= DM_BUFFER_FULL_FLAG;
4561                     break;
4562                 }
4563                 thunk_convert(cur_data, nl, arg_type, THUNK_TARGET);
4564                 strcpy(cur_data + nl_size, nl->name);
4565                 cur_data += nl->next;
4566                 remaining_data -= nl->next;
4567                 if (!next) {
4568                     break;
4569                 }
4570                 nl = (void*)nl + next;
4571             }
4572             break;
4573         }
4574         case DM_DEV_WAIT:
4575         case DM_TABLE_STATUS:
4576         {
4577             struct dm_target_spec *spec = (void*)host_dm + host_dm->data_start;
4578             void *cur_data = argptr;
4579             const argtype arg_type[] = { MK_STRUCT(STRUCT_dm_target_spec) };
4580             int spec_size = thunk_type_size(arg_type, 0);
4581             int i;
4582 
4583             for (i = 0; i < host_dm->target_count; i++) {
4584                 uint32_t next = spec->next;
4585                 int slen = strlen((char*)&spec[1]) + 1;
4586                 spec->next = (cur_data - argptr) + spec_size + slen;
4587                 if (guest_data_size < spec->next) {
4588                     host_dm->flags |= DM_BUFFER_FULL_FLAG;
4589                     break;
4590                 }
4591                 thunk_convert(cur_data, spec, arg_type, THUNK_TARGET);
4592                 strcpy(cur_data + spec_size, (char*)&spec[1]);
4593                 cur_data = argptr + spec->next;
4594                 spec = (void*)host_dm + host_dm->data_start + next;
4595             }
4596             break;
4597         }
4598         case DM_TABLE_DEPS:
4599         {
4600             void *hdata = (void*)host_dm + host_dm->data_start;
4601             int count = *(uint32_t*)hdata;
4602             uint64_t *hdev = hdata + 8;
4603             uint64_t *gdev = argptr + 8;
4604             int i;
4605 
4606             *(uint32_t*)argptr = tswap32(count);
4607             for (i = 0; i < count; i++) {
4608                 *gdev = tswap64(*hdev);
4609                 gdev++;
4610                 hdev++;
4611             }
4612             break;
4613         }
4614         case DM_LIST_VERSIONS:
4615         {
4616             struct dm_target_versions *vers = (void*)host_dm + host_dm->data_start;
4617             uint32_t remaining_data = guest_data_size;
4618             void *cur_data = argptr;
4619             const argtype arg_type[] = { MK_STRUCT(STRUCT_dm_target_versions) };
4620             int vers_size = thunk_type_size(arg_type, 0);
4621 
4622             while (1) {
4623                 uint32_t next = vers->next;
4624                 if (next) {
4625                     vers->next = vers_size + (strlen(vers->name) + 1);
4626                 }
4627                 if (remaining_data < vers->next) {
4628                     host_dm->flags |= DM_BUFFER_FULL_FLAG;
4629                     break;
4630                 }
4631                 thunk_convert(cur_data, vers, arg_type, THUNK_TARGET);
4632                 strcpy(cur_data + vers_size, vers->name);
4633                 cur_data += vers->next;
4634                 remaining_data -= vers->next;
4635                 if (!next) {
4636                     break;
4637                 }
4638                 vers = (void*)vers + next;
4639             }
4640             break;
4641         }
4642         default:
4643             unlock_user(argptr, guest_data, 0);
4644             ret = -TARGET_EINVAL;
4645             goto out;
4646         }
4647         unlock_user(argptr, guest_data, guest_data_size);
4648 
4649         argptr = lock_user(VERIFY_WRITE, arg, target_size, 0);
4650         if (!argptr) {
4651             ret = -TARGET_EFAULT;
4652             goto out;
4653         }
4654         thunk_convert(argptr, buf_temp, arg_type, THUNK_TARGET);
4655         unlock_user(argptr, arg, target_size);
4656     }
4657 out:
4658     g_free(big_buf);
4659     return ret;
4660 }
4661 
4662 static abi_long do_ioctl_blkpg(const IOCTLEntry *ie, uint8_t *buf_temp, int fd,
4663                                int cmd, abi_long arg)
4664 {
4665     void *argptr;
4666     int target_size;
4667     const argtype *arg_type = ie->arg_type;
4668     const argtype part_arg_type[] = { MK_STRUCT(STRUCT_blkpg_partition) };
4669     abi_long ret;
4670 
4671     struct blkpg_ioctl_arg *host_blkpg = (void*)buf_temp;
4672     struct blkpg_partition host_part;
4673 
4674     /* Read and convert blkpg */
4675     arg_type++;
4676     target_size = thunk_type_size(arg_type, 0);
4677     argptr = lock_user(VERIFY_READ, arg, target_size, 1);
4678     if (!argptr) {
4679         ret = -TARGET_EFAULT;
4680         goto out;
4681     }
4682     thunk_convert(buf_temp, argptr, arg_type, THUNK_HOST);
4683     unlock_user(argptr, arg, 0);
4684 
4685     switch (host_blkpg->op) {
4686     case BLKPG_ADD_PARTITION:
4687     case BLKPG_DEL_PARTITION:
4688         /* payload is struct blkpg_partition */
4689         break;
4690     default:
4691         /* Unknown opcode */
4692         ret = -TARGET_EINVAL;
4693         goto out;
4694     }
4695 
4696     /* Read and convert blkpg->data */
4697     arg = (abi_long)(uintptr_t)host_blkpg->data;
4698     target_size = thunk_type_size(part_arg_type, 0);
4699     argptr = lock_user(VERIFY_READ, arg, target_size, 1);
4700     if (!argptr) {
4701         ret = -TARGET_EFAULT;
4702         goto out;
4703     }
4704     thunk_convert(&host_part, argptr, part_arg_type, THUNK_HOST);
4705     unlock_user(argptr, arg, 0);
4706 
4707     /* Swizzle the data pointer to our local copy and call! */
4708     host_blkpg->data = &host_part;
4709     ret = get_errno(safe_ioctl(fd, ie->host_cmd, host_blkpg));
4710 
4711 out:
4712     return ret;
4713 }
4714 
4715 static abi_long do_ioctl_rt(const IOCTLEntry *ie, uint8_t *buf_temp,
4716                                 int fd, int cmd, abi_long arg)
4717 {
4718     const argtype *arg_type = ie->arg_type;
4719     const StructEntry *se;
4720     const argtype *field_types;
4721     const int *dst_offsets, *src_offsets;
4722     int target_size;
4723     void *argptr;
4724     abi_ulong *target_rt_dev_ptr;
4725     unsigned long *host_rt_dev_ptr;
4726     abi_long ret;
4727     int i;
4728 
4729     assert(ie->access == IOC_W);
4730     assert(*arg_type == TYPE_PTR);
4731     arg_type++;
4732     assert(*arg_type == TYPE_STRUCT);
4733     target_size = thunk_type_size(arg_type, 0);
4734     argptr = lock_user(VERIFY_READ, arg, target_size, 1);
4735     if (!argptr) {
4736         return -TARGET_EFAULT;
4737     }
4738     arg_type++;
4739     assert(*arg_type == (int)STRUCT_rtentry);
4740     se = struct_entries + *arg_type++;
4741     assert(se->convert[0] == NULL);
4742     /* convert struct here to be able to catch rt_dev string */
4743     field_types = se->field_types;
4744     dst_offsets = se->field_offsets[THUNK_HOST];
4745     src_offsets = se->field_offsets[THUNK_TARGET];
4746     for (i = 0; i < se->nb_fields; i++) {
4747         if (dst_offsets[i] == offsetof(struct rtentry, rt_dev)) {
4748             assert(*field_types == TYPE_PTRVOID);
4749             target_rt_dev_ptr = (abi_ulong *)(argptr + src_offsets[i]);
4750             host_rt_dev_ptr = (unsigned long *)(buf_temp + dst_offsets[i]);
4751             if (*target_rt_dev_ptr != 0) {
4752                 *host_rt_dev_ptr = (unsigned long)lock_user_string(
4753                                                   tswapal(*target_rt_dev_ptr));
4754                 if (!*host_rt_dev_ptr) {
4755                     unlock_user(argptr, arg, 0);
4756                     return -TARGET_EFAULT;
4757                 }
4758             } else {
4759                 *host_rt_dev_ptr = 0;
4760             }
4761             field_types++;
4762             continue;
4763         }
4764         field_types = thunk_convert(buf_temp + dst_offsets[i],
4765                                     argptr + src_offsets[i],
4766                                     field_types, THUNK_HOST);
4767     }
4768     unlock_user(argptr, arg, 0);
4769 
4770     ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp));
4771     if (*host_rt_dev_ptr != 0) {
4772         unlock_user((void *)*host_rt_dev_ptr,
4773                     *target_rt_dev_ptr, 0);
4774     }
4775     return ret;
4776 }
4777 
4778 static abi_long do_ioctl_kdsigaccept(const IOCTLEntry *ie, uint8_t *buf_temp,
4779                                      int fd, int cmd, abi_long arg)
4780 {
4781     int sig = target_to_host_signal(arg);
4782     return get_errno(safe_ioctl(fd, ie->host_cmd, sig));
4783 }
4784 
4785 static IOCTLEntry ioctl_entries[] = {
4786 #define IOCTL(cmd, access, ...) \
4787     { TARGET_ ## cmd, cmd, #cmd, access, 0, {  __VA_ARGS__ } },
4788 #define IOCTL_SPECIAL(cmd, access, dofn, ...)                      \
4789     { TARGET_ ## cmd, cmd, #cmd, access, dofn, {  __VA_ARGS__ } },
4790 #include "ioctls.h"
4791     { 0, 0, },
4792 };
4793 
4794 /* ??? Implement proper locking for ioctls.  */
4795 /* do_ioctl() Must return target values and target errnos. */
4796 static abi_long do_ioctl(int fd, int cmd, abi_long arg)
4797 {
4798     const IOCTLEntry *ie;
4799     const argtype *arg_type;
4800     abi_long ret;
4801     uint8_t buf_temp[MAX_STRUCT_SIZE];
4802     int target_size;
4803     void *argptr;
4804 
4805     ie = ioctl_entries;
4806     for(;;) {
4807         if (ie->target_cmd == 0) {
4808             gemu_log("Unsupported ioctl: cmd=0x%04lx\n", (long)cmd);
4809             return -TARGET_ENOSYS;
4810         }
4811         if (ie->target_cmd == cmd)
4812             break;
4813         ie++;
4814     }
4815     arg_type = ie->arg_type;
4816 #if defined(DEBUG)
4817     gemu_log("ioctl: cmd=0x%04lx (%s)\n", (long)cmd, ie->name);
4818 #endif
4819     if (ie->do_ioctl) {
4820         return ie->do_ioctl(ie, buf_temp, fd, cmd, arg);
4821     }
4822 
4823     switch(arg_type[0]) {
4824     case TYPE_NULL:
4825         /* no argument */
4826         ret = get_errno(safe_ioctl(fd, ie->host_cmd));
4827         break;
4828     case TYPE_PTRVOID:
4829     case TYPE_INT:
4830         ret = get_errno(safe_ioctl(fd, ie->host_cmd, arg));
4831         break;
4832     case TYPE_PTR:
4833         arg_type++;
4834         target_size = thunk_type_size(arg_type, 0);
4835         switch(ie->access) {
4836         case IOC_R:
4837             ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp));
4838             if (!is_error(ret)) {
4839                 argptr = lock_user(VERIFY_WRITE, arg, target_size, 0);
4840                 if (!argptr)
4841                     return -TARGET_EFAULT;
4842                 thunk_convert(argptr, buf_temp, arg_type, THUNK_TARGET);
4843                 unlock_user(argptr, arg, target_size);
4844             }
4845             break;
4846         case IOC_W:
4847             argptr = lock_user(VERIFY_READ, arg, target_size, 1);
4848             if (!argptr)
4849                 return -TARGET_EFAULT;
4850             thunk_convert(buf_temp, argptr, arg_type, THUNK_HOST);
4851             unlock_user(argptr, arg, 0);
4852             ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp));
4853             break;
4854         default:
4855         case IOC_RW:
4856             argptr = lock_user(VERIFY_READ, arg, target_size, 1);
4857             if (!argptr)
4858                 return -TARGET_EFAULT;
4859             thunk_convert(buf_temp, argptr, arg_type, THUNK_HOST);
4860             unlock_user(argptr, arg, 0);
4861             ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp));
4862             if (!is_error(ret)) {
4863                 argptr = lock_user(VERIFY_WRITE, arg, target_size, 0);
4864                 if (!argptr)
4865                     return -TARGET_EFAULT;
4866                 thunk_convert(argptr, buf_temp, arg_type, THUNK_TARGET);
4867                 unlock_user(argptr, arg, target_size);
4868             }
4869             break;
4870         }
4871         break;
4872     default:
4873         gemu_log("Unsupported ioctl type: cmd=0x%04lx type=%d\n",
4874                  (long)cmd, arg_type[0]);
4875         ret = -TARGET_ENOSYS;
4876         break;
4877     }
4878     return ret;
4879 }
4880 
4881 static const bitmask_transtbl iflag_tbl[] = {
4882         { TARGET_IGNBRK, TARGET_IGNBRK, IGNBRK, IGNBRK },
4883         { TARGET_BRKINT, TARGET_BRKINT, BRKINT, BRKINT },
4884         { TARGET_IGNPAR, TARGET_IGNPAR, IGNPAR, IGNPAR },
4885         { TARGET_PARMRK, TARGET_PARMRK, PARMRK, PARMRK },
4886         { TARGET_INPCK, TARGET_INPCK, INPCK, INPCK },
4887         { TARGET_ISTRIP, TARGET_ISTRIP, ISTRIP, ISTRIP },
4888         { TARGET_INLCR, TARGET_INLCR, INLCR, INLCR },
4889         { TARGET_IGNCR, TARGET_IGNCR, IGNCR, IGNCR },
4890         { TARGET_ICRNL, TARGET_ICRNL, ICRNL, ICRNL },
4891         { TARGET_IUCLC, TARGET_IUCLC, IUCLC, IUCLC },
4892         { TARGET_IXON, TARGET_IXON, IXON, IXON },
4893         { TARGET_IXANY, TARGET_IXANY, IXANY, IXANY },
4894         { TARGET_IXOFF, TARGET_IXOFF, IXOFF, IXOFF },
4895         { TARGET_IMAXBEL, TARGET_IMAXBEL, IMAXBEL, IMAXBEL },
4896         { 0, 0, 0, 0 }
4897 };
4898 
4899 static const bitmask_transtbl oflag_tbl[] = {
4900 	{ TARGET_OPOST, TARGET_OPOST, OPOST, OPOST },
4901 	{ TARGET_OLCUC, TARGET_OLCUC, OLCUC, OLCUC },
4902 	{ TARGET_ONLCR, TARGET_ONLCR, ONLCR, ONLCR },
4903 	{ TARGET_OCRNL, TARGET_OCRNL, OCRNL, OCRNL },
4904 	{ TARGET_ONOCR, TARGET_ONOCR, ONOCR, ONOCR },
4905 	{ TARGET_ONLRET, TARGET_ONLRET, ONLRET, ONLRET },
4906 	{ TARGET_OFILL, TARGET_OFILL, OFILL, OFILL },
4907 	{ TARGET_OFDEL, TARGET_OFDEL, OFDEL, OFDEL },
4908 	{ TARGET_NLDLY, TARGET_NL0, NLDLY, NL0 },
4909 	{ TARGET_NLDLY, TARGET_NL1, NLDLY, NL1 },
4910 	{ TARGET_CRDLY, TARGET_CR0, CRDLY, CR0 },
4911 	{ TARGET_CRDLY, TARGET_CR1, CRDLY, CR1 },
4912 	{ TARGET_CRDLY, TARGET_CR2, CRDLY, CR2 },
4913 	{ TARGET_CRDLY, TARGET_CR3, CRDLY, CR3 },
4914 	{ TARGET_TABDLY, TARGET_TAB0, TABDLY, TAB0 },
4915 	{ TARGET_TABDLY, TARGET_TAB1, TABDLY, TAB1 },
4916 	{ TARGET_TABDLY, TARGET_TAB2, TABDLY, TAB2 },
4917 	{ TARGET_TABDLY, TARGET_TAB3, TABDLY, TAB3 },
4918 	{ TARGET_BSDLY, TARGET_BS0, BSDLY, BS0 },
4919 	{ TARGET_BSDLY, TARGET_BS1, BSDLY, BS1 },
4920 	{ TARGET_VTDLY, TARGET_VT0, VTDLY, VT0 },
4921 	{ TARGET_VTDLY, TARGET_VT1, VTDLY, VT1 },
4922 	{ TARGET_FFDLY, TARGET_FF0, FFDLY, FF0 },
4923 	{ TARGET_FFDLY, TARGET_FF1, FFDLY, FF1 },
4924 	{ 0, 0, 0, 0 }
4925 };
4926 
4927 static const bitmask_transtbl cflag_tbl[] = {
4928 	{ TARGET_CBAUD, TARGET_B0, CBAUD, B0 },
4929 	{ TARGET_CBAUD, TARGET_B50, CBAUD, B50 },
4930 	{ TARGET_CBAUD, TARGET_B75, CBAUD, B75 },
4931 	{ TARGET_CBAUD, TARGET_B110, CBAUD, B110 },
4932 	{ TARGET_CBAUD, TARGET_B134, CBAUD, B134 },
4933 	{ TARGET_CBAUD, TARGET_B150, CBAUD, B150 },
4934 	{ TARGET_CBAUD, TARGET_B200, CBAUD, B200 },
4935 	{ TARGET_CBAUD, TARGET_B300, CBAUD, B300 },
4936 	{ TARGET_CBAUD, TARGET_B600, CBAUD, B600 },
4937 	{ TARGET_CBAUD, TARGET_B1200, CBAUD, B1200 },
4938 	{ TARGET_CBAUD, TARGET_B1800, CBAUD, B1800 },
4939 	{ TARGET_CBAUD, TARGET_B2400, CBAUD, B2400 },
4940 	{ TARGET_CBAUD, TARGET_B4800, CBAUD, B4800 },
4941 	{ TARGET_CBAUD, TARGET_B9600, CBAUD, B9600 },
4942 	{ TARGET_CBAUD, TARGET_B19200, CBAUD, B19200 },
4943 	{ TARGET_CBAUD, TARGET_B38400, CBAUD, B38400 },
4944 	{ TARGET_CBAUD, TARGET_B57600, CBAUD, B57600 },
4945 	{ TARGET_CBAUD, TARGET_B115200, CBAUD, B115200 },
4946 	{ TARGET_CBAUD, TARGET_B230400, CBAUD, B230400 },
4947 	{ TARGET_CBAUD, TARGET_B460800, CBAUD, B460800 },
4948 	{ TARGET_CSIZE, TARGET_CS5, CSIZE, CS5 },
4949 	{ TARGET_CSIZE, TARGET_CS6, CSIZE, CS6 },
4950 	{ TARGET_CSIZE, TARGET_CS7, CSIZE, CS7 },
4951 	{ TARGET_CSIZE, TARGET_CS8, CSIZE, CS8 },
4952 	{ TARGET_CSTOPB, TARGET_CSTOPB, CSTOPB, CSTOPB },
4953 	{ TARGET_CREAD, TARGET_CREAD, CREAD, CREAD },
4954 	{ TARGET_PARENB, TARGET_PARENB, PARENB, PARENB },
4955 	{ TARGET_PARODD, TARGET_PARODD, PARODD, PARODD },
4956 	{ TARGET_HUPCL, TARGET_HUPCL, HUPCL, HUPCL },
4957 	{ TARGET_CLOCAL, TARGET_CLOCAL, CLOCAL, CLOCAL },
4958 	{ TARGET_CRTSCTS, TARGET_CRTSCTS, CRTSCTS, CRTSCTS },
4959 	{ 0, 0, 0, 0 }
4960 };
4961 
4962 static const bitmask_transtbl lflag_tbl[] = {
4963 	{ TARGET_ISIG, TARGET_ISIG, ISIG, ISIG },
4964 	{ TARGET_ICANON, TARGET_ICANON, ICANON, ICANON },
4965 	{ TARGET_XCASE, TARGET_XCASE, XCASE, XCASE },
4966 	{ TARGET_ECHO, TARGET_ECHO, ECHO, ECHO },
4967 	{ TARGET_ECHOE, TARGET_ECHOE, ECHOE, ECHOE },
4968 	{ TARGET_ECHOK, TARGET_ECHOK, ECHOK, ECHOK },
4969 	{ TARGET_ECHONL, TARGET_ECHONL, ECHONL, ECHONL },
4970 	{ TARGET_NOFLSH, TARGET_NOFLSH, NOFLSH, NOFLSH },
4971 	{ TARGET_TOSTOP, TARGET_TOSTOP, TOSTOP, TOSTOP },
4972 	{ TARGET_ECHOCTL, TARGET_ECHOCTL, ECHOCTL, ECHOCTL },
4973 	{ TARGET_ECHOPRT, TARGET_ECHOPRT, ECHOPRT, ECHOPRT },
4974 	{ TARGET_ECHOKE, TARGET_ECHOKE, ECHOKE, ECHOKE },
4975 	{ TARGET_FLUSHO, TARGET_FLUSHO, FLUSHO, FLUSHO },
4976 	{ TARGET_PENDIN, TARGET_PENDIN, PENDIN, PENDIN },
4977 	{ TARGET_IEXTEN, TARGET_IEXTEN, IEXTEN, IEXTEN },
4978 	{ 0, 0, 0, 0 }
4979 };
4980 
4981 static void target_to_host_termios (void *dst, const void *src)
4982 {
4983     struct host_termios *host = dst;
4984     const struct target_termios *target = src;
4985 
4986     host->c_iflag =
4987         target_to_host_bitmask(tswap32(target->c_iflag), iflag_tbl);
4988     host->c_oflag =
4989         target_to_host_bitmask(tswap32(target->c_oflag), oflag_tbl);
4990     host->c_cflag =
4991         target_to_host_bitmask(tswap32(target->c_cflag), cflag_tbl);
4992     host->c_lflag =
4993         target_to_host_bitmask(tswap32(target->c_lflag), lflag_tbl);
4994     host->c_line = target->c_line;
4995 
4996     memset(host->c_cc, 0, sizeof(host->c_cc));
4997     host->c_cc[VINTR] = target->c_cc[TARGET_VINTR];
4998     host->c_cc[VQUIT] = target->c_cc[TARGET_VQUIT];
4999     host->c_cc[VERASE] = target->c_cc[TARGET_VERASE];
5000     host->c_cc[VKILL] = target->c_cc[TARGET_VKILL];
5001     host->c_cc[VEOF] = target->c_cc[TARGET_VEOF];
5002     host->c_cc[VTIME] = target->c_cc[TARGET_VTIME];
5003     host->c_cc[VMIN] = target->c_cc[TARGET_VMIN];
5004     host->c_cc[VSWTC] = target->c_cc[TARGET_VSWTC];
5005     host->c_cc[VSTART] = target->c_cc[TARGET_VSTART];
5006     host->c_cc[VSTOP] = target->c_cc[TARGET_VSTOP];
5007     host->c_cc[VSUSP] = target->c_cc[TARGET_VSUSP];
5008     host->c_cc[VEOL] = target->c_cc[TARGET_VEOL];
5009     host->c_cc[VREPRINT] = target->c_cc[TARGET_VREPRINT];
5010     host->c_cc[VDISCARD] = target->c_cc[TARGET_VDISCARD];
5011     host->c_cc[VWERASE] = target->c_cc[TARGET_VWERASE];
5012     host->c_cc[VLNEXT] = target->c_cc[TARGET_VLNEXT];
5013     host->c_cc[VEOL2] = target->c_cc[TARGET_VEOL2];
5014 }
5015 
5016 static void host_to_target_termios (void *dst, const void *src)
5017 {
5018     struct target_termios *target = dst;
5019     const struct host_termios *host = src;
5020 
5021     target->c_iflag =
5022         tswap32(host_to_target_bitmask(host->c_iflag, iflag_tbl));
5023     target->c_oflag =
5024         tswap32(host_to_target_bitmask(host->c_oflag, oflag_tbl));
5025     target->c_cflag =
5026         tswap32(host_to_target_bitmask(host->c_cflag, cflag_tbl));
5027     target->c_lflag =
5028         tswap32(host_to_target_bitmask(host->c_lflag, lflag_tbl));
5029     target->c_line = host->c_line;
5030 
5031     memset(target->c_cc, 0, sizeof(target->c_cc));
5032     target->c_cc[TARGET_VINTR] = host->c_cc[VINTR];
5033     target->c_cc[TARGET_VQUIT] = host->c_cc[VQUIT];
5034     target->c_cc[TARGET_VERASE] = host->c_cc[VERASE];
5035     target->c_cc[TARGET_VKILL] = host->c_cc[VKILL];
5036     target->c_cc[TARGET_VEOF] = host->c_cc[VEOF];
5037     target->c_cc[TARGET_VTIME] = host->c_cc[VTIME];
5038     target->c_cc[TARGET_VMIN] = host->c_cc[VMIN];
5039     target->c_cc[TARGET_VSWTC] = host->c_cc[VSWTC];
5040     target->c_cc[TARGET_VSTART] = host->c_cc[VSTART];
5041     target->c_cc[TARGET_VSTOP] = host->c_cc[VSTOP];
5042     target->c_cc[TARGET_VSUSP] = host->c_cc[VSUSP];
5043     target->c_cc[TARGET_VEOL] = host->c_cc[VEOL];
5044     target->c_cc[TARGET_VREPRINT] = host->c_cc[VREPRINT];
5045     target->c_cc[TARGET_VDISCARD] = host->c_cc[VDISCARD];
5046     target->c_cc[TARGET_VWERASE] = host->c_cc[VWERASE];
5047     target->c_cc[TARGET_VLNEXT] = host->c_cc[VLNEXT];
5048     target->c_cc[TARGET_VEOL2] = host->c_cc[VEOL2];
5049 }
5050 
5051 static const StructEntry struct_termios_def = {
5052     .convert = { host_to_target_termios, target_to_host_termios },
5053     .size = { sizeof(struct target_termios), sizeof(struct host_termios) },
5054     .align = { __alignof__(struct target_termios), __alignof__(struct host_termios) },
5055 };
5056 
5057 static bitmask_transtbl mmap_flags_tbl[] = {
5058 	{ TARGET_MAP_SHARED, TARGET_MAP_SHARED, MAP_SHARED, MAP_SHARED },
5059 	{ TARGET_MAP_PRIVATE, TARGET_MAP_PRIVATE, MAP_PRIVATE, MAP_PRIVATE },
5060 	{ TARGET_MAP_FIXED, TARGET_MAP_FIXED, MAP_FIXED, MAP_FIXED },
5061 	{ TARGET_MAP_ANONYMOUS, TARGET_MAP_ANONYMOUS, MAP_ANONYMOUS, MAP_ANONYMOUS },
5062 	{ TARGET_MAP_GROWSDOWN, TARGET_MAP_GROWSDOWN, MAP_GROWSDOWN, MAP_GROWSDOWN },
5063 	{ TARGET_MAP_DENYWRITE, TARGET_MAP_DENYWRITE, MAP_DENYWRITE, MAP_DENYWRITE },
5064 	{ TARGET_MAP_EXECUTABLE, TARGET_MAP_EXECUTABLE, MAP_EXECUTABLE, MAP_EXECUTABLE },
5065 	{ TARGET_MAP_LOCKED, TARGET_MAP_LOCKED, MAP_LOCKED, MAP_LOCKED },
5066         { TARGET_MAP_NORESERVE, TARGET_MAP_NORESERVE, MAP_NORESERVE,
5067           MAP_NORESERVE },
5068 	{ 0, 0, 0, 0 }
5069 };
5070 
5071 #if defined(TARGET_I386)
5072 
5073 /* NOTE: there is really one LDT for all the threads */
5074 static uint8_t *ldt_table;
5075 
5076 static abi_long read_ldt(abi_ulong ptr, unsigned long bytecount)
5077 {
5078     int size;
5079     void *p;
5080 
5081     if (!ldt_table)
5082         return 0;
5083     size = TARGET_LDT_ENTRIES * TARGET_LDT_ENTRY_SIZE;
5084     if (size > bytecount)
5085         size = bytecount;
5086     p = lock_user(VERIFY_WRITE, ptr, size, 0);
5087     if (!p)
5088         return -TARGET_EFAULT;
5089     /* ??? Should this by byteswapped?  */
5090     memcpy(p, ldt_table, size);
5091     unlock_user(p, ptr, size);
5092     return size;
5093 }
5094 
5095 /* XXX: add locking support */
5096 static abi_long write_ldt(CPUX86State *env,
5097                           abi_ulong ptr, unsigned long bytecount, int oldmode)
5098 {
5099     struct target_modify_ldt_ldt_s ldt_info;
5100     struct target_modify_ldt_ldt_s *target_ldt_info;
5101     int seg_32bit, contents, read_exec_only, limit_in_pages;
5102     int seg_not_present, useable, lm;
5103     uint32_t *lp, entry_1, entry_2;
5104 
5105     if (bytecount != sizeof(ldt_info))
5106         return -TARGET_EINVAL;
5107     if (!lock_user_struct(VERIFY_READ, target_ldt_info, ptr, 1))
5108         return -TARGET_EFAULT;
5109     ldt_info.entry_number = tswap32(target_ldt_info->entry_number);
5110     ldt_info.base_addr = tswapal(target_ldt_info->base_addr);
5111     ldt_info.limit = tswap32(target_ldt_info->limit);
5112     ldt_info.flags = tswap32(target_ldt_info->flags);
5113     unlock_user_struct(target_ldt_info, ptr, 0);
5114 
5115     if (ldt_info.entry_number >= TARGET_LDT_ENTRIES)
5116         return -TARGET_EINVAL;
5117     seg_32bit = ldt_info.flags & 1;
5118     contents = (ldt_info.flags >> 1) & 3;
5119     read_exec_only = (ldt_info.flags >> 3) & 1;
5120     limit_in_pages = (ldt_info.flags >> 4) & 1;
5121     seg_not_present = (ldt_info.flags >> 5) & 1;
5122     useable = (ldt_info.flags >> 6) & 1;
5123 #ifdef TARGET_ABI32
5124     lm = 0;
5125 #else
5126     lm = (ldt_info.flags >> 7) & 1;
5127 #endif
5128     if (contents == 3) {
5129         if (oldmode)
5130             return -TARGET_EINVAL;
5131         if (seg_not_present == 0)
5132             return -TARGET_EINVAL;
5133     }
5134     /* allocate the LDT */
5135     if (!ldt_table) {
5136         env->ldt.base = target_mmap(0,
5137                                     TARGET_LDT_ENTRIES * TARGET_LDT_ENTRY_SIZE,
5138                                     PROT_READ|PROT_WRITE,
5139                                     MAP_ANONYMOUS|MAP_PRIVATE, -1, 0);
5140         if (env->ldt.base == -1)
5141             return -TARGET_ENOMEM;
5142         memset(g2h(env->ldt.base), 0,
5143                TARGET_LDT_ENTRIES * TARGET_LDT_ENTRY_SIZE);
5144         env->ldt.limit = 0xffff;
5145         ldt_table = g2h(env->ldt.base);
5146     }
5147 
5148     /* NOTE: same code as Linux kernel */
5149     /* Allow LDTs to be cleared by the user. */
5150     if (ldt_info.base_addr == 0 && ldt_info.limit == 0) {
5151         if (oldmode ||
5152             (contents == 0		&&
5153              read_exec_only == 1	&&
5154              seg_32bit == 0		&&
5155              limit_in_pages == 0	&&
5156              seg_not_present == 1	&&
5157              useable == 0 )) {
5158             entry_1 = 0;
5159             entry_2 = 0;
5160             goto install;
5161         }
5162     }
5163 
5164     entry_1 = ((ldt_info.base_addr & 0x0000ffff) << 16) |
5165         (ldt_info.limit & 0x0ffff);
5166     entry_2 = (ldt_info.base_addr & 0xff000000) |
5167         ((ldt_info.base_addr & 0x00ff0000) >> 16) |
5168         (ldt_info.limit & 0xf0000) |
5169         ((read_exec_only ^ 1) << 9) |
5170         (contents << 10) |
5171         ((seg_not_present ^ 1) << 15) |
5172         (seg_32bit << 22) |
5173         (limit_in_pages << 23) |
5174         (lm << 21) |
5175         0x7000;
5176     if (!oldmode)
5177         entry_2 |= (useable << 20);
5178 
5179     /* Install the new entry ...  */
5180 install:
5181     lp = (uint32_t *)(ldt_table + (ldt_info.entry_number << 3));
5182     lp[0] = tswap32(entry_1);
5183     lp[1] = tswap32(entry_2);
5184     return 0;
5185 }
5186 
5187 /* specific and weird i386 syscalls */
5188 static abi_long do_modify_ldt(CPUX86State *env, int func, abi_ulong ptr,
5189                               unsigned long bytecount)
5190 {
5191     abi_long ret;
5192 
5193     switch (func) {
5194     case 0:
5195         ret = read_ldt(ptr, bytecount);
5196         break;
5197     case 1:
5198         ret = write_ldt(env, ptr, bytecount, 1);
5199         break;
5200     case 0x11:
5201         ret = write_ldt(env, ptr, bytecount, 0);
5202         break;
5203     default:
5204         ret = -TARGET_ENOSYS;
5205         break;
5206     }
5207     return ret;
5208 }
5209 
5210 #if defined(TARGET_I386) && defined(TARGET_ABI32)
5211 abi_long do_set_thread_area(CPUX86State *env, abi_ulong ptr)
5212 {
5213     uint64_t *gdt_table = g2h(env->gdt.base);
5214     struct target_modify_ldt_ldt_s ldt_info;
5215     struct target_modify_ldt_ldt_s *target_ldt_info;
5216     int seg_32bit, contents, read_exec_only, limit_in_pages;
5217     int seg_not_present, useable, lm;
5218     uint32_t *lp, entry_1, entry_2;
5219     int i;
5220 
5221     lock_user_struct(VERIFY_WRITE, target_ldt_info, ptr, 1);
5222     if (!target_ldt_info)
5223         return -TARGET_EFAULT;
5224     ldt_info.entry_number = tswap32(target_ldt_info->entry_number);
5225     ldt_info.base_addr = tswapal(target_ldt_info->base_addr);
5226     ldt_info.limit = tswap32(target_ldt_info->limit);
5227     ldt_info.flags = tswap32(target_ldt_info->flags);
5228     if (ldt_info.entry_number == -1) {
5229         for (i=TARGET_GDT_ENTRY_TLS_MIN; i<=TARGET_GDT_ENTRY_TLS_MAX; i++) {
5230             if (gdt_table[i] == 0) {
5231                 ldt_info.entry_number = i;
5232                 target_ldt_info->entry_number = tswap32(i);
5233                 break;
5234             }
5235         }
5236     }
5237     unlock_user_struct(target_ldt_info, ptr, 1);
5238 
5239     if (ldt_info.entry_number < TARGET_GDT_ENTRY_TLS_MIN ||
5240         ldt_info.entry_number > TARGET_GDT_ENTRY_TLS_MAX)
5241            return -TARGET_EINVAL;
5242     seg_32bit = ldt_info.flags & 1;
5243     contents = (ldt_info.flags >> 1) & 3;
5244     read_exec_only = (ldt_info.flags >> 3) & 1;
5245     limit_in_pages = (ldt_info.flags >> 4) & 1;
5246     seg_not_present = (ldt_info.flags >> 5) & 1;
5247     useable = (ldt_info.flags >> 6) & 1;
5248 #ifdef TARGET_ABI32
5249     lm = 0;
5250 #else
5251     lm = (ldt_info.flags >> 7) & 1;
5252 #endif
5253 
5254     if (contents == 3) {
5255         if (seg_not_present == 0)
5256             return -TARGET_EINVAL;
5257     }
5258 
5259     /* NOTE: same code as Linux kernel */
5260     /* Allow LDTs to be cleared by the user. */
5261     if (ldt_info.base_addr == 0 && ldt_info.limit == 0) {
5262         if ((contents == 0             &&
5263              read_exec_only == 1       &&
5264              seg_32bit == 0            &&
5265              limit_in_pages == 0       &&
5266              seg_not_present == 1      &&
5267              useable == 0 )) {
5268             entry_1 = 0;
5269             entry_2 = 0;
5270             goto install;
5271         }
5272     }
5273 
5274     entry_1 = ((ldt_info.base_addr & 0x0000ffff) << 16) |
5275         (ldt_info.limit & 0x0ffff);
5276     entry_2 = (ldt_info.base_addr & 0xff000000) |
5277         ((ldt_info.base_addr & 0x00ff0000) >> 16) |
5278         (ldt_info.limit & 0xf0000) |
5279         ((read_exec_only ^ 1) << 9) |
5280         (contents << 10) |
5281         ((seg_not_present ^ 1) << 15) |
5282         (seg_32bit << 22) |
5283         (limit_in_pages << 23) |
5284         (useable << 20) |
5285         (lm << 21) |
5286         0x7000;
5287 
5288     /* Install the new entry ...  */
5289 install:
5290     lp = (uint32_t *)(gdt_table + ldt_info.entry_number);
5291     lp[0] = tswap32(entry_1);
5292     lp[1] = tswap32(entry_2);
5293     return 0;
5294 }
5295 
5296 static abi_long do_get_thread_area(CPUX86State *env, abi_ulong ptr)
5297 {
5298     struct target_modify_ldt_ldt_s *target_ldt_info;
5299     uint64_t *gdt_table = g2h(env->gdt.base);
5300     uint32_t base_addr, limit, flags;
5301     int seg_32bit, contents, read_exec_only, limit_in_pages, idx;
5302     int seg_not_present, useable, lm;
5303     uint32_t *lp, entry_1, entry_2;
5304 
5305     lock_user_struct(VERIFY_WRITE, target_ldt_info, ptr, 1);
5306     if (!target_ldt_info)
5307         return -TARGET_EFAULT;
5308     idx = tswap32(target_ldt_info->entry_number);
5309     if (idx < TARGET_GDT_ENTRY_TLS_MIN ||
5310         idx > TARGET_GDT_ENTRY_TLS_MAX) {
5311         unlock_user_struct(target_ldt_info, ptr, 1);
5312         return -TARGET_EINVAL;
5313     }
5314     lp = (uint32_t *)(gdt_table + idx);
5315     entry_1 = tswap32(lp[0]);
5316     entry_2 = tswap32(lp[1]);
5317 
5318     read_exec_only = ((entry_2 >> 9) & 1) ^ 1;
5319     contents = (entry_2 >> 10) & 3;
5320     seg_not_present = ((entry_2 >> 15) & 1) ^ 1;
5321     seg_32bit = (entry_2 >> 22) & 1;
5322     limit_in_pages = (entry_2 >> 23) & 1;
5323     useable = (entry_2 >> 20) & 1;
5324 #ifdef TARGET_ABI32
5325     lm = 0;
5326 #else
5327     lm = (entry_2 >> 21) & 1;
5328 #endif
5329     flags = (seg_32bit << 0) | (contents << 1) |
5330         (read_exec_only << 3) | (limit_in_pages << 4) |
5331         (seg_not_present << 5) | (useable << 6) | (lm << 7);
5332     limit = (entry_1 & 0xffff) | (entry_2  & 0xf0000);
5333     base_addr = (entry_1 >> 16) |
5334         (entry_2 & 0xff000000) |
5335         ((entry_2 & 0xff) << 16);
5336     target_ldt_info->base_addr = tswapal(base_addr);
5337     target_ldt_info->limit = tswap32(limit);
5338     target_ldt_info->flags = tswap32(flags);
5339     unlock_user_struct(target_ldt_info, ptr, 1);
5340     return 0;
5341 }
5342 #endif /* TARGET_I386 && TARGET_ABI32 */
5343 
5344 #ifndef TARGET_ABI32
5345 abi_long do_arch_prctl(CPUX86State *env, int code, abi_ulong addr)
5346 {
5347     abi_long ret = 0;
5348     abi_ulong val;
5349     int idx;
5350 
5351     switch(code) {
5352     case TARGET_ARCH_SET_GS:
5353     case TARGET_ARCH_SET_FS:
5354         if (code == TARGET_ARCH_SET_GS)
5355             idx = R_GS;
5356         else
5357             idx = R_FS;
5358         cpu_x86_load_seg(env, idx, 0);
5359         env->segs[idx].base = addr;
5360         break;
5361     case TARGET_ARCH_GET_GS:
5362     case TARGET_ARCH_GET_FS:
5363         if (code == TARGET_ARCH_GET_GS)
5364             idx = R_GS;
5365         else
5366             idx = R_FS;
5367         val = env->segs[idx].base;
5368         if (put_user(val, addr, abi_ulong))
5369             ret = -TARGET_EFAULT;
5370         break;
5371     default:
5372         ret = -TARGET_EINVAL;
5373         break;
5374     }
5375     return ret;
5376 }
5377 #endif
5378 
5379 #endif /* defined(TARGET_I386) */
5380 
5381 #define NEW_STACK_SIZE 0x40000
5382 
5383 
5384 static pthread_mutex_t clone_lock = PTHREAD_MUTEX_INITIALIZER;
5385 typedef struct {
5386     CPUArchState *env;
5387     pthread_mutex_t mutex;
5388     pthread_cond_t cond;
5389     pthread_t thread;
5390     uint32_t tid;
5391     abi_ulong child_tidptr;
5392     abi_ulong parent_tidptr;
5393     sigset_t sigmask;
5394 } new_thread_info;
5395 
5396 static void *clone_func(void *arg)
5397 {
5398     new_thread_info *info = arg;
5399     CPUArchState *env;
5400     CPUState *cpu;
5401     TaskState *ts;
5402 
5403     rcu_register_thread();
5404     env = info->env;
5405     cpu = ENV_GET_CPU(env);
5406     thread_cpu = cpu;
5407     ts = (TaskState *)cpu->opaque;
5408     info->tid = gettid();
5409     cpu->host_tid = info->tid;
5410     task_settid(ts);
5411     if (info->child_tidptr)
5412         put_user_u32(info->tid, info->child_tidptr);
5413     if (info->parent_tidptr)
5414         put_user_u32(info->tid, info->parent_tidptr);
5415     /* Enable signals.  */
5416     sigprocmask(SIG_SETMASK, &info->sigmask, NULL);
5417     /* Signal to the parent that we're ready.  */
5418     pthread_mutex_lock(&info->mutex);
5419     pthread_cond_broadcast(&info->cond);
5420     pthread_mutex_unlock(&info->mutex);
5421     /* Wait until the parent has finshed initializing the tls state.  */
5422     pthread_mutex_lock(&clone_lock);
5423     pthread_mutex_unlock(&clone_lock);
5424     cpu_loop(env);
5425     /* never exits */
5426     return NULL;
5427 }
5428 
5429 /* do_fork() Must return host values and target errnos (unlike most
5430    do_*() functions). */
5431 static int do_fork(CPUArchState *env, unsigned int flags, abi_ulong newsp,
5432                    abi_ulong parent_tidptr, target_ulong newtls,
5433                    abi_ulong child_tidptr)
5434 {
5435     CPUState *cpu = ENV_GET_CPU(env);
5436     int ret;
5437     TaskState *ts;
5438     CPUState *new_cpu;
5439     CPUArchState *new_env;
5440     unsigned int nptl_flags;
5441     sigset_t sigmask;
5442 
5443     /* Emulate vfork() with fork() */
5444     if (flags & CLONE_VFORK)
5445         flags &= ~(CLONE_VFORK | CLONE_VM);
5446 
5447     if (flags & CLONE_VM) {
5448         TaskState *parent_ts = (TaskState *)cpu->opaque;
5449         new_thread_info info;
5450         pthread_attr_t attr;
5451 
5452         ts = g_new0(TaskState, 1);
5453         init_task_state(ts);
5454         /* we create a new CPU instance. */
5455         new_env = cpu_copy(env);
5456         /* Init regs that differ from the parent.  */
5457         cpu_clone_regs(new_env, newsp);
5458         new_cpu = ENV_GET_CPU(new_env);
5459         new_cpu->opaque = ts;
5460         ts->bprm = parent_ts->bprm;
5461         ts->info = parent_ts->info;
5462         ts->signal_mask = parent_ts->signal_mask;
5463         nptl_flags = flags;
5464         flags &= ~CLONE_NPTL_FLAGS2;
5465 
5466         if (nptl_flags & CLONE_CHILD_CLEARTID) {
5467             ts->child_tidptr = child_tidptr;
5468         }
5469 
5470         if (nptl_flags & CLONE_SETTLS)
5471             cpu_set_tls (new_env, newtls);
5472 
5473         /* Grab a mutex so that thread setup appears atomic.  */
5474         pthread_mutex_lock(&clone_lock);
5475 
5476         memset(&info, 0, sizeof(info));
5477         pthread_mutex_init(&info.mutex, NULL);
5478         pthread_mutex_lock(&info.mutex);
5479         pthread_cond_init(&info.cond, NULL);
5480         info.env = new_env;
5481         if (nptl_flags & CLONE_CHILD_SETTID)
5482             info.child_tidptr = child_tidptr;
5483         if (nptl_flags & CLONE_PARENT_SETTID)
5484             info.parent_tidptr = parent_tidptr;
5485 
5486         ret = pthread_attr_init(&attr);
5487         ret = pthread_attr_setstacksize(&attr, NEW_STACK_SIZE);
5488         ret = pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
5489         /* It is not safe to deliver signals until the child has finished
5490            initializing, so temporarily block all signals.  */
5491         sigfillset(&sigmask);
5492         sigprocmask(SIG_BLOCK, &sigmask, &info.sigmask);
5493 
5494         ret = pthread_create(&info.thread, &attr, clone_func, &info);
5495         /* TODO: Free new CPU state if thread creation failed.  */
5496 
5497         sigprocmask(SIG_SETMASK, &info.sigmask, NULL);
5498         pthread_attr_destroy(&attr);
5499         if (ret == 0) {
5500             /* Wait for the child to initialize.  */
5501             pthread_cond_wait(&info.cond, &info.mutex);
5502             ret = info.tid;
5503             if (flags & CLONE_PARENT_SETTID)
5504                 put_user_u32(ret, parent_tidptr);
5505         } else {
5506             ret = -1;
5507         }
5508         pthread_mutex_unlock(&info.mutex);
5509         pthread_cond_destroy(&info.cond);
5510         pthread_mutex_destroy(&info.mutex);
5511         pthread_mutex_unlock(&clone_lock);
5512     } else {
5513         /* if no CLONE_VM, we consider it is a fork */
5514         if ((flags & ~(CSIGNAL | CLONE_NPTL_FLAGS2)) != 0) {
5515             return -TARGET_EINVAL;
5516         }
5517 
5518         if (block_signals()) {
5519             return -TARGET_ERESTARTSYS;
5520         }
5521 
5522         fork_start();
5523         ret = fork();
5524         if (ret == 0) {
5525             /* Child Process.  */
5526             rcu_after_fork();
5527             cpu_clone_regs(env, newsp);
5528             fork_end(1);
5529             /* There is a race condition here.  The parent process could
5530                theoretically read the TID in the child process before the child
5531                tid is set.  This would require using either ptrace
5532                (not implemented) or having *_tidptr to point at a shared memory
5533                mapping.  We can't repeat the spinlock hack used above because
5534                the child process gets its own copy of the lock.  */
5535             if (flags & CLONE_CHILD_SETTID)
5536                 put_user_u32(gettid(), child_tidptr);
5537             if (flags & CLONE_PARENT_SETTID)
5538                 put_user_u32(gettid(), parent_tidptr);
5539             ts = (TaskState *)cpu->opaque;
5540             if (flags & CLONE_SETTLS)
5541                 cpu_set_tls (env, newtls);
5542             if (flags & CLONE_CHILD_CLEARTID)
5543                 ts->child_tidptr = child_tidptr;
5544         } else {
5545             fork_end(0);
5546         }
5547     }
5548     return ret;
5549 }
5550 
5551 /* warning : doesn't handle linux specific flags... */
5552 static int target_to_host_fcntl_cmd(int cmd)
5553 {
5554     switch(cmd) {
5555 	case TARGET_F_DUPFD:
5556 	case TARGET_F_GETFD:
5557 	case TARGET_F_SETFD:
5558 	case TARGET_F_GETFL:
5559 	case TARGET_F_SETFL:
5560             return cmd;
5561         case TARGET_F_GETLK:
5562             return F_GETLK64;
5563         case TARGET_F_SETLK:
5564             return F_SETLK64;
5565         case TARGET_F_SETLKW:
5566             return F_SETLKW64;
5567 	case TARGET_F_GETOWN:
5568 	    return F_GETOWN;
5569 	case TARGET_F_SETOWN:
5570 	    return F_SETOWN;
5571 	case TARGET_F_GETSIG:
5572 	    return F_GETSIG;
5573 	case TARGET_F_SETSIG:
5574 	    return F_SETSIG;
5575 #if TARGET_ABI_BITS == 32
5576         case TARGET_F_GETLK64:
5577 	    return F_GETLK64;
5578 	case TARGET_F_SETLK64:
5579 	    return F_SETLK64;
5580 	case TARGET_F_SETLKW64:
5581 	    return F_SETLKW64;
5582 #endif
5583         case TARGET_F_SETLEASE:
5584             return F_SETLEASE;
5585         case TARGET_F_GETLEASE:
5586             return F_GETLEASE;
5587 #ifdef F_DUPFD_CLOEXEC
5588         case TARGET_F_DUPFD_CLOEXEC:
5589             return F_DUPFD_CLOEXEC;
5590 #endif
5591         case TARGET_F_NOTIFY:
5592             return F_NOTIFY;
5593 #ifdef F_GETOWN_EX
5594 	case TARGET_F_GETOWN_EX:
5595 	    return F_GETOWN_EX;
5596 #endif
5597 #ifdef F_SETOWN_EX
5598 	case TARGET_F_SETOWN_EX:
5599 	    return F_SETOWN_EX;
5600 #endif
5601 #ifdef F_SETPIPE_SZ
5602         case TARGET_F_SETPIPE_SZ:
5603             return F_SETPIPE_SZ;
5604         case TARGET_F_GETPIPE_SZ:
5605             return F_GETPIPE_SZ;
5606 #endif
5607 	default:
5608             return -TARGET_EINVAL;
5609     }
5610     return -TARGET_EINVAL;
5611 }
5612 
5613 #define TRANSTBL_CONVERT(a) { -1, TARGET_##a, -1, a }
5614 static const bitmask_transtbl flock_tbl[] = {
5615     TRANSTBL_CONVERT(F_RDLCK),
5616     TRANSTBL_CONVERT(F_WRLCK),
5617     TRANSTBL_CONVERT(F_UNLCK),
5618     TRANSTBL_CONVERT(F_EXLCK),
5619     TRANSTBL_CONVERT(F_SHLCK),
5620     { 0, 0, 0, 0 }
5621 };
5622 
5623 static inline abi_long copy_from_user_flock(struct flock64 *fl,
5624                                             abi_ulong target_flock_addr)
5625 {
5626     struct target_flock *target_fl;
5627     short l_type;
5628 
5629     if (!lock_user_struct(VERIFY_READ, target_fl, target_flock_addr, 1)) {
5630         return -TARGET_EFAULT;
5631     }
5632 
5633     __get_user(l_type, &target_fl->l_type);
5634     fl->l_type = target_to_host_bitmask(l_type, flock_tbl);
5635     __get_user(fl->l_whence, &target_fl->l_whence);
5636     __get_user(fl->l_start, &target_fl->l_start);
5637     __get_user(fl->l_len, &target_fl->l_len);
5638     __get_user(fl->l_pid, &target_fl->l_pid);
5639     unlock_user_struct(target_fl, target_flock_addr, 0);
5640     return 0;
5641 }
5642 
5643 static inline abi_long copy_to_user_flock(abi_ulong target_flock_addr,
5644                                           const struct flock64 *fl)
5645 {
5646     struct target_flock *target_fl;
5647     short l_type;
5648 
5649     if (!lock_user_struct(VERIFY_WRITE, target_fl, target_flock_addr, 0)) {
5650         return -TARGET_EFAULT;
5651     }
5652 
5653     l_type = host_to_target_bitmask(fl->l_type, flock_tbl);
5654     __put_user(l_type, &target_fl->l_type);
5655     __put_user(fl->l_whence, &target_fl->l_whence);
5656     __put_user(fl->l_start, &target_fl->l_start);
5657     __put_user(fl->l_len, &target_fl->l_len);
5658     __put_user(fl->l_pid, &target_fl->l_pid);
5659     unlock_user_struct(target_fl, target_flock_addr, 1);
5660     return 0;
5661 }
5662 
5663 typedef abi_long from_flock64_fn(struct flock64 *fl, abi_ulong target_addr);
5664 typedef abi_long to_flock64_fn(abi_ulong target_addr, const struct flock64 *fl);
5665 
5666 #if defined(TARGET_ARM) && TARGET_ABI_BITS == 32
5667 static inline abi_long copy_from_user_eabi_flock64(struct flock64 *fl,
5668                                                    abi_ulong target_flock_addr)
5669 {
5670     struct target_eabi_flock64 *target_fl;
5671     short l_type;
5672 
5673     if (!lock_user_struct(VERIFY_READ, target_fl, target_flock_addr, 1)) {
5674         return -TARGET_EFAULT;
5675     }
5676 
5677     __get_user(l_type, &target_fl->l_type);
5678     fl->l_type = target_to_host_bitmask(l_type, flock_tbl);
5679     __get_user(fl->l_whence, &target_fl->l_whence);
5680     __get_user(fl->l_start, &target_fl->l_start);
5681     __get_user(fl->l_len, &target_fl->l_len);
5682     __get_user(fl->l_pid, &target_fl->l_pid);
5683     unlock_user_struct(target_fl, target_flock_addr, 0);
5684     return 0;
5685 }
5686 
5687 static inline abi_long copy_to_user_eabi_flock64(abi_ulong target_flock_addr,
5688                                                  const struct flock64 *fl)
5689 {
5690     struct target_eabi_flock64 *target_fl;
5691     short l_type;
5692 
5693     if (!lock_user_struct(VERIFY_WRITE, target_fl, target_flock_addr, 0)) {
5694         return -TARGET_EFAULT;
5695     }
5696 
5697     l_type = host_to_target_bitmask(fl->l_type, flock_tbl);
5698     __put_user(l_type, &target_fl->l_type);
5699     __put_user(fl->l_whence, &target_fl->l_whence);
5700     __put_user(fl->l_start, &target_fl->l_start);
5701     __put_user(fl->l_len, &target_fl->l_len);
5702     __put_user(fl->l_pid, &target_fl->l_pid);
5703     unlock_user_struct(target_fl, target_flock_addr, 1);
5704     return 0;
5705 }
5706 #endif
5707 
5708 static inline abi_long copy_from_user_flock64(struct flock64 *fl,
5709                                               abi_ulong target_flock_addr)
5710 {
5711     struct target_flock64 *target_fl;
5712     short l_type;
5713 
5714     if (!lock_user_struct(VERIFY_READ, target_fl, target_flock_addr, 1)) {
5715         return -TARGET_EFAULT;
5716     }
5717 
5718     __get_user(l_type, &target_fl->l_type);
5719     fl->l_type = target_to_host_bitmask(l_type, flock_tbl);
5720     __get_user(fl->l_whence, &target_fl->l_whence);
5721     __get_user(fl->l_start, &target_fl->l_start);
5722     __get_user(fl->l_len, &target_fl->l_len);
5723     __get_user(fl->l_pid, &target_fl->l_pid);
5724     unlock_user_struct(target_fl, target_flock_addr, 0);
5725     return 0;
5726 }
5727 
5728 static inline abi_long copy_to_user_flock64(abi_ulong target_flock_addr,
5729                                             const struct flock64 *fl)
5730 {
5731     struct target_flock64 *target_fl;
5732     short l_type;
5733 
5734     if (!lock_user_struct(VERIFY_WRITE, target_fl, target_flock_addr, 0)) {
5735         return -TARGET_EFAULT;
5736     }
5737 
5738     l_type = host_to_target_bitmask(fl->l_type, flock_tbl);
5739     __put_user(l_type, &target_fl->l_type);
5740     __put_user(fl->l_whence, &target_fl->l_whence);
5741     __put_user(fl->l_start, &target_fl->l_start);
5742     __put_user(fl->l_len, &target_fl->l_len);
5743     __put_user(fl->l_pid, &target_fl->l_pid);
5744     unlock_user_struct(target_fl, target_flock_addr, 1);
5745     return 0;
5746 }
5747 
5748 static abi_long do_fcntl(int fd, int cmd, abi_ulong arg)
5749 {
5750     struct flock64 fl64;
5751 #ifdef F_GETOWN_EX
5752     struct f_owner_ex fox;
5753     struct target_f_owner_ex *target_fox;
5754 #endif
5755     abi_long ret;
5756     int host_cmd = target_to_host_fcntl_cmd(cmd);
5757 
5758     if (host_cmd == -TARGET_EINVAL)
5759 	    return host_cmd;
5760 
5761     switch(cmd) {
5762     case TARGET_F_GETLK:
5763         ret = copy_from_user_flock(&fl64, arg);
5764         if (ret) {
5765             return ret;
5766         }
5767         ret = get_errno(safe_fcntl(fd, host_cmd, &fl64));
5768         if (ret == 0) {
5769             ret = copy_to_user_flock(arg, &fl64);
5770         }
5771         break;
5772 
5773     case TARGET_F_SETLK:
5774     case TARGET_F_SETLKW:
5775         ret = copy_from_user_flock(&fl64, arg);
5776         if (ret) {
5777             return ret;
5778         }
5779         ret = get_errno(safe_fcntl(fd, host_cmd, &fl64));
5780         break;
5781 
5782     case TARGET_F_GETLK64:
5783         ret = copy_from_user_flock64(&fl64, arg);
5784         if (ret) {
5785             return ret;
5786         }
5787         ret = get_errno(safe_fcntl(fd, host_cmd, &fl64));
5788         if (ret == 0) {
5789             ret = copy_to_user_flock64(arg, &fl64);
5790         }
5791         break;
5792     case TARGET_F_SETLK64:
5793     case TARGET_F_SETLKW64:
5794         ret = copy_from_user_flock64(&fl64, arg);
5795         if (ret) {
5796             return ret;
5797         }
5798         ret = get_errno(safe_fcntl(fd, host_cmd, &fl64));
5799         break;
5800 
5801     case TARGET_F_GETFL:
5802         ret = get_errno(safe_fcntl(fd, host_cmd, arg));
5803         if (ret >= 0) {
5804             ret = host_to_target_bitmask(ret, fcntl_flags_tbl);
5805         }
5806         break;
5807 
5808     case TARGET_F_SETFL:
5809         ret = get_errno(safe_fcntl(fd, host_cmd,
5810                                    target_to_host_bitmask(arg,
5811                                                           fcntl_flags_tbl)));
5812         break;
5813 
5814 #ifdef F_GETOWN_EX
5815     case TARGET_F_GETOWN_EX:
5816         ret = get_errno(safe_fcntl(fd, host_cmd, &fox));
5817         if (ret >= 0) {
5818             if (!lock_user_struct(VERIFY_WRITE, target_fox, arg, 0))
5819                 return -TARGET_EFAULT;
5820             target_fox->type = tswap32(fox.type);
5821             target_fox->pid = tswap32(fox.pid);
5822             unlock_user_struct(target_fox, arg, 1);
5823         }
5824         break;
5825 #endif
5826 
5827 #ifdef F_SETOWN_EX
5828     case TARGET_F_SETOWN_EX:
5829         if (!lock_user_struct(VERIFY_READ, target_fox, arg, 1))
5830             return -TARGET_EFAULT;
5831         fox.type = tswap32(target_fox->type);
5832         fox.pid = tswap32(target_fox->pid);
5833         unlock_user_struct(target_fox, arg, 0);
5834         ret = get_errno(safe_fcntl(fd, host_cmd, &fox));
5835         break;
5836 #endif
5837 
5838     case TARGET_F_SETOWN:
5839     case TARGET_F_GETOWN:
5840     case TARGET_F_SETSIG:
5841     case TARGET_F_GETSIG:
5842     case TARGET_F_SETLEASE:
5843     case TARGET_F_GETLEASE:
5844     case TARGET_F_SETPIPE_SZ:
5845     case TARGET_F_GETPIPE_SZ:
5846         ret = get_errno(safe_fcntl(fd, host_cmd, arg));
5847         break;
5848 
5849     default:
5850         ret = get_errno(safe_fcntl(fd, cmd, arg));
5851         break;
5852     }
5853     return ret;
5854 }
5855 
5856 #ifdef USE_UID16
5857 
5858 static inline int high2lowuid(int uid)
5859 {
5860     if (uid > 65535)
5861         return 65534;
5862     else
5863         return uid;
5864 }
5865 
5866 static inline int high2lowgid(int gid)
5867 {
5868     if (gid > 65535)
5869         return 65534;
5870     else
5871         return gid;
5872 }
5873 
5874 static inline int low2highuid(int uid)
5875 {
5876     if ((int16_t)uid == -1)
5877         return -1;
5878     else
5879         return uid;
5880 }
5881 
5882 static inline int low2highgid(int gid)
5883 {
5884     if ((int16_t)gid == -1)
5885         return -1;
5886     else
5887         return gid;
5888 }
5889 static inline int tswapid(int id)
5890 {
5891     return tswap16(id);
5892 }
5893 
5894 #define put_user_id(x, gaddr) put_user_u16(x, gaddr)
5895 
5896 #else /* !USE_UID16 */
5897 static inline int high2lowuid(int uid)
5898 {
5899     return uid;
5900 }
5901 static inline int high2lowgid(int gid)
5902 {
5903     return gid;
5904 }
5905 static inline int low2highuid(int uid)
5906 {
5907     return uid;
5908 }
5909 static inline int low2highgid(int gid)
5910 {
5911     return gid;
5912 }
5913 static inline int tswapid(int id)
5914 {
5915     return tswap32(id);
5916 }
5917 
5918 #define put_user_id(x, gaddr) put_user_u32(x, gaddr)
5919 
5920 #endif /* USE_UID16 */
5921 
5922 /* We must do direct syscalls for setting UID/GID, because we want to
5923  * implement the Linux system call semantics of "change only for this thread",
5924  * not the libc/POSIX semantics of "change for all threads in process".
5925  * (See http://ewontfix.com/17/ for more details.)
5926  * We use the 32-bit version of the syscalls if present; if it is not
5927  * then either the host architecture supports 32-bit UIDs natively with
5928  * the standard syscall, or the 16-bit UID is the best we can do.
5929  */
5930 #ifdef __NR_setuid32
5931 #define __NR_sys_setuid __NR_setuid32
5932 #else
5933 #define __NR_sys_setuid __NR_setuid
5934 #endif
5935 #ifdef __NR_setgid32
5936 #define __NR_sys_setgid __NR_setgid32
5937 #else
5938 #define __NR_sys_setgid __NR_setgid
5939 #endif
5940 #ifdef __NR_setresuid32
5941 #define __NR_sys_setresuid __NR_setresuid32
5942 #else
5943 #define __NR_sys_setresuid __NR_setresuid
5944 #endif
5945 #ifdef __NR_setresgid32
5946 #define __NR_sys_setresgid __NR_setresgid32
5947 #else
5948 #define __NR_sys_setresgid __NR_setresgid
5949 #endif
5950 
5951 _syscall1(int, sys_setuid, uid_t, uid)
5952 _syscall1(int, sys_setgid, gid_t, gid)
5953 _syscall3(int, sys_setresuid, uid_t, ruid, uid_t, euid, uid_t, suid)
5954 _syscall3(int, sys_setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid)
5955 
5956 void syscall_init(void)
5957 {
5958     IOCTLEntry *ie;
5959     const argtype *arg_type;
5960     int size;
5961     int i;
5962 
5963     thunk_init(STRUCT_MAX);
5964 
5965 #define STRUCT(name, ...) thunk_register_struct(STRUCT_ ## name, #name, struct_ ## name ## _def);
5966 #define STRUCT_SPECIAL(name) thunk_register_struct_direct(STRUCT_ ## name, #name, &struct_ ## name ## _def);
5967 #include "syscall_types.h"
5968 #undef STRUCT
5969 #undef STRUCT_SPECIAL
5970 
5971     /* Build target_to_host_errno_table[] table from
5972      * host_to_target_errno_table[]. */
5973     for (i = 0; i < ERRNO_TABLE_SIZE; i++) {
5974         target_to_host_errno_table[host_to_target_errno_table[i]] = i;
5975     }
5976 
5977     /* we patch the ioctl size if necessary. We rely on the fact that
5978        no ioctl has all the bits at '1' in the size field */
5979     ie = ioctl_entries;
5980     while (ie->target_cmd != 0) {
5981         if (((ie->target_cmd >> TARGET_IOC_SIZESHIFT) & TARGET_IOC_SIZEMASK) ==
5982             TARGET_IOC_SIZEMASK) {
5983             arg_type = ie->arg_type;
5984             if (arg_type[0] != TYPE_PTR) {
5985                 fprintf(stderr, "cannot patch size for ioctl 0x%x\n",
5986                         ie->target_cmd);
5987                 exit(1);
5988             }
5989             arg_type++;
5990             size = thunk_type_size(arg_type, 0);
5991             ie->target_cmd = (ie->target_cmd &
5992                               ~(TARGET_IOC_SIZEMASK << TARGET_IOC_SIZESHIFT)) |
5993                 (size << TARGET_IOC_SIZESHIFT);
5994         }
5995 
5996         /* automatic consistency check if same arch */
5997 #if (defined(__i386__) && defined(TARGET_I386) && defined(TARGET_ABI32)) || \
5998     (defined(__x86_64__) && defined(TARGET_X86_64))
5999         if (unlikely(ie->target_cmd != ie->host_cmd)) {
6000             fprintf(stderr, "ERROR: ioctl(%s): target=0x%x host=0x%x\n",
6001                     ie->name, ie->target_cmd, ie->host_cmd);
6002         }
6003 #endif
6004         ie++;
6005     }
6006 }
6007 
6008 #if TARGET_ABI_BITS == 32
6009 static inline uint64_t target_offset64(uint32_t word0, uint32_t word1)
6010 {
6011 #ifdef TARGET_WORDS_BIGENDIAN
6012     return ((uint64_t)word0 << 32) | word1;
6013 #else
6014     return ((uint64_t)word1 << 32) | word0;
6015 #endif
6016 }
6017 #else /* TARGET_ABI_BITS == 32 */
6018 static inline uint64_t target_offset64(uint64_t word0, uint64_t word1)
6019 {
6020     return word0;
6021 }
6022 #endif /* TARGET_ABI_BITS != 32 */
6023 
6024 #ifdef TARGET_NR_truncate64
6025 static inline abi_long target_truncate64(void *cpu_env, const char *arg1,
6026                                          abi_long arg2,
6027                                          abi_long arg3,
6028                                          abi_long arg4)
6029 {
6030     if (regpairs_aligned(cpu_env)) {
6031         arg2 = arg3;
6032         arg3 = arg4;
6033     }
6034     return get_errno(truncate64(arg1, target_offset64(arg2, arg3)));
6035 }
6036 #endif
6037 
6038 #ifdef TARGET_NR_ftruncate64
6039 static inline abi_long target_ftruncate64(void *cpu_env, abi_long arg1,
6040                                           abi_long arg2,
6041                                           abi_long arg3,
6042                                           abi_long arg4)
6043 {
6044     if (regpairs_aligned(cpu_env)) {
6045         arg2 = arg3;
6046         arg3 = arg4;
6047     }
6048     return get_errno(ftruncate64(arg1, target_offset64(arg2, arg3)));
6049 }
6050 #endif
6051 
6052 static inline abi_long target_to_host_timespec(struct timespec *host_ts,
6053                                                abi_ulong target_addr)
6054 {
6055     struct target_timespec *target_ts;
6056 
6057     if (!lock_user_struct(VERIFY_READ, target_ts, target_addr, 1))
6058         return -TARGET_EFAULT;
6059     __get_user(host_ts->tv_sec, &target_ts->tv_sec);
6060     __get_user(host_ts->tv_nsec, &target_ts->tv_nsec);
6061     unlock_user_struct(target_ts, target_addr, 0);
6062     return 0;
6063 }
6064 
6065 static inline abi_long host_to_target_timespec(abi_ulong target_addr,
6066                                                struct timespec *host_ts)
6067 {
6068     struct target_timespec *target_ts;
6069 
6070     if (!lock_user_struct(VERIFY_WRITE, target_ts, target_addr, 0))
6071         return -TARGET_EFAULT;
6072     __put_user(host_ts->tv_sec, &target_ts->tv_sec);
6073     __put_user(host_ts->tv_nsec, &target_ts->tv_nsec);
6074     unlock_user_struct(target_ts, target_addr, 1);
6075     return 0;
6076 }
6077 
6078 static inline abi_long target_to_host_itimerspec(struct itimerspec *host_itspec,
6079                                                  abi_ulong target_addr)
6080 {
6081     struct target_itimerspec *target_itspec;
6082 
6083     if (!lock_user_struct(VERIFY_READ, target_itspec, target_addr, 1)) {
6084         return -TARGET_EFAULT;
6085     }
6086 
6087     host_itspec->it_interval.tv_sec =
6088                             tswapal(target_itspec->it_interval.tv_sec);
6089     host_itspec->it_interval.tv_nsec =
6090                             tswapal(target_itspec->it_interval.tv_nsec);
6091     host_itspec->it_value.tv_sec = tswapal(target_itspec->it_value.tv_sec);
6092     host_itspec->it_value.tv_nsec = tswapal(target_itspec->it_value.tv_nsec);
6093 
6094     unlock_user_struct(target_itspec, target_addr, 1);
6095     return 0;
6096 }
6097 
6098 static inline abi_long host_to_target_itimerspec(abi_ulong target_addr,
6099                                                struct itimerspec *host_its)
6100 {
6101     struct target_itimerspec *target_itspec;
6102 
6103     if (!lock_user_struct(VERIFY_WRITE, target_itspec, target_addr, 0)) {
6104         return -TARGET_EFAULT;
6105     }
6106 
6107     target_itspec->it_interval.tv_sec = tswapal(host_its->it_interval.tv_sec);
6108     target_itspec->it_interval.tv_nsec = tswapal(host_its->it_interval.tv_nsec);
6109 
6110     target_itspec->it_value.tv_sec = tswapal(host_its->it_value.tv_sec);
6111     target_itspec->it_value.tv_nsec = tswapal(host_its->it_value.tv_nsec);
6112 
6113     unlock_user_struct(target_itspec, target_addr, 0);
6114     return 0;
6115 }
6116 
6117 static inline abi_long target_to_host_sigevent(struct sigevent *host_sevp,
6118                                                abi_ulong target_addr)
6119 {
6120     struct target_sigevent *target_sevp;
6121 
6122     if (!lock_user_struct(VERIFY_READ, target_sevp, target_addr, 1)) {
6123         return -TARGET_EFAULT;
6124     }
6125 
6126     /* This union is awkward on 64 bit systems because it has a 32 bit
6127      * integer and a pointer in it; we follow the conversion approach
6128      * used for handling sigval types in signal.c so the guest should get
6129      * the correct value back even if we did a 64 bit byteswap and it's
6130      * using the 32 bit integer.
6131      */
6132     host_sevp->sigev_value.sival_ptr =
6133         (void *)(uintptr_t)tswapal(target_sevp->sigev_value.sival_ptr);
6134     host_sevp->sigev_signo =
6135         target_to_host_signal(tswap32(target_sevp->sigev_signo));
6136     host_sevp->sigev_notify = tswap32(target_sevp->sigev_notify);
6137     host_sevp->_sigev_un._tid = tswap32(target_sevp->_sigev_un._tid);
6138 
6139     unlock_user_struct(target_sevp, target_addr, 1);
6140     return 0;
6141 }
6142 
6143 #if defined(TARGET_NR_mlockall)
6144 static inline int target_to_host_mlockall_arg(int arg)
6145 {
6146     int result = 0;
6147 
6148     if (arg & TARGET_MLOCKALL_MCL_CURRENT) {
6149         result |= MCL_CURRENT;
6150     }
6151     if (arg & TARGET_MLOCKALL_MCL_FUTURE) {
6152         result |= MCL_FUTURE;
6153     }
6154     return result;
6155 }
6156 #endif
6157 
6158 static inline abi_long host_to_target_stat64(void *cpu_env,
6159                                              abi_ulong target_addr,
6160                                              struct stat *host_st)
6161 {
6162 #if defined(TARGET_ARM) && defined(TARGET_ABI32)
6163     if (((CPUARMState *)cpu_env)->eabi) {
6164         struct target_eabi_stat64 *target_st;
6165 
6166         if (!lock_user_struct(VERIFY_WRITE, target_st, target_addr, 0))
6167             return -TARGET_EFAULT;
6168         memset(target_st, 0, sizeof(struct target_eabi_stat64));
6169         __put_user(host_st->st_dev, &target_st->st_dev);
6170         __put_user(host_st->st_ino, &target_st->st_ino);
6171 #ifdef TARGET_STAT64_HAS_BROKEN_ST_INO
6172         __put_user(host_st->st_ino, &target_st->__st_ino);
6173 #endif
6174         __put_user(host_st->st_mode, &target_st->st_mode);
6175         __put_user(host_st->st_nlink, &target_st->st_nlink);
6176         __put_user(host_st->st_uid, &target_st->st_uid);
6177         __put_user(host_st->st_gid, &target_st->st_gid);
6178         __put_user(host_st->st_rdev, &target_st->st_rdev);
6179         __put_user(host_st->st_size, &target_st->st_size);
6180         __put_user(host_st->st_blksize, &target_st->st_blksize);
6181         __put_user(host_st->st_blocks, &target_st->st_blocks);
6182         __put_user(host_st->st_atime, &target_st->target_st_atime);
6183         __put_user(host_st->st_mtime, &target_st->target_st_mtime);
6184         __put_user(host_st->st_ctime, &target_st->target_st_ctime);
6185         unlock_user_struct(target_st, target_addr, 1);
6186     } else
6187 #endif
6188     {
6189 #if defined(TARGET_HAS_STRUCT_STAT64)
6190         struct target_stat64 *target_st;
6191 #else
6192         struct target_stat *target_st;
6193 #endif
6194 
6195         if (!lock_user_struct(VERIFY_WRITE, target_st, target_addr, 0))
6196             return -TARGET_EFAULT;
6197         memset(target_st, 0, sizeof(*target_st));
6198         __put_user(host_st->st_dev, &target_st->st_dev);
6199         __put_user(host_st->st_ino, &target_st->st_ino);
6200 #ifdef TARGET_STAT64_HAS_BROKEN_ST_INO
6201         __put_user(host_st->st_ino, &target_st->__st_ino);
6202 #endif
6203         __put_user(host_st->st_mode, &target_st->st_mode);
6204         __put_user(host_st->st_nlink, &target_st->st_nlink);
6205         __put_user(host_st->st_uid, &target_st->st_uid);
6206         __put_user(host_st->st_gid, &target_st->st_gid);
6207         __put_user(host_st->st_rdev, &target_st->st_rdev);
6208         /* XXX: better use of kernel struct */
6209         __put_user(host_st->st_size, &target_st->st_size);
6210         __put_user(host_st->st_blksize, &target_st->st_blksize);
6211         __put_user(host_st->st_blocks, &target_st->st_blocks);
6212         __put_user(host_st->st_atime, &target_st->target_st_atime);
6213         __put_user(host_st->st_mtime, &target_st->target_st_mtime);
6214         __put_user(host_st->st_ctime, &target_st->target_st_ctime);
6215         unlock_user_struct(target_st, target_addr, 1);
6216     }
6217 
6218     return 0;
6219 }
6220 
6221 /* ??? Using host futex calls even when target atomic operations
6222    are not really atomic probably breaks things.  However implementing
6223    futexes locally would make futexes shared between multiple processes
6224    tricky.  However they're probably useless because guest atomic
6225    operations won't work either.  */
6226 static int do_futex(target_ulong uaddr, int op, int val, target_ulong timeout,
6227                     target_ulong uaddr2, int val3)
6228 {
6229     struct timespec ts, *pts;
6230     int base_op;
6231 
6232     /* ??? We assume FUTEX_* constants are the same on both host
6233        and target.  */
6234 #ifdef FUTEX_CMD_MASK
6235     base_op = op & FUTEX_CMD_MASK;
6236 #else
6237     base_op = op;
6238 #endif
6239     switch (base_op) {
6240     case FUTEX_WAIT:
6241     case FUTEX_WAIT_BITSET:
6242         if (timeout) {
6243             pts = &ts;
6244             target_to_host_timespec(pts, timeout);
6245         } else {
6246             pts = NULL;
6247         }
6248         return get_errno(safe_futex(g2h(uaddr), op, tswap32(val),
6249                          pts, NULL, val3));
6250     case FUTEX_WAKE:
6251         return get_errno(safe_futex(g2h(uaddr), op, val, NULL, NULL, 0));
6252     case FUTEX_FD:
6253         return get_errno(safe_futex(g2h(uaddr), op, val, NULL, NULL, 0));
6254     case FUTEX_REQUEUE:
6255     case FUTEX_CMP_REQUEUE:
6256     case FUTEX_WAKE_OP:
6257         /* For FUTEX_REQUEUE, FUTEX_CMP_REQUEUE, and FUTEX_WAKE_OP, the
6258            TIMEOUT parameter is interpreted as a uint32_t by the kernel.
6259            But the prototype takes a `struct timespec *'; insert casts
6260            to satisfy the compiler.  We do not need to tswap TIMEOUT
6261            since it's not compared to guest memory.  */
6262         pts = (struct timespec *)(uintptr_t) timeout;
6263         return get_errno(safe_futex(g2h(uaddr), op, val, pts,
6264                                     g2h(uaddr2),
6265                                     (base_op == FUTEX_CMP_REQUEUE
6266                                      ? tswap32(val3)
6267                                      : val3)));
6268     default:
6269         return -TARGET_ENOSYS;
6270     }
6271 }
6272 #if defined(TARGET_NR_name_to_handle_at) && defined(CONFIG_OPEN_BY_HANDLE)
6273 static abi_long do_name_to_handle_at(abi_long dirfd, abi_long pathname,
6274                                      abi_long handle, abi_long mount_id,
6275                                      abi_long flags)
6276 {
6277     struct file_handle *target_fh;
6278     struct file_handle *fh;
6279     int mid = 0;
6280     abi_long ret;
6281     char *name;
6282     unsigned int size, total_size;
6283 
6284     if (get_user_s32(size, handle)) {
6285         return -TARGET_EFAULT;
6286     }
6287 
6288     name = lock_user_string(pathname);
6289     if (!name) {
6290         return -TARGET_EFAULT;
6291     }
6292 
6293     total_size = sizeof(struct file_handle) + size;
6294     target_fh = lock_user(VERIFY_WRITE, handle, total_size, 0);
6295     if (!target_fh) {
6296         unlock_user(name, pathname, 0);
6297         return -TARGET_EFAULT;
6298     }
6299 
6300     fh = g_malloc0(total_size);
6301     fh->handle_bytes = size;
6302 
6303     ret = get_errno(name_to_handle_at(dirfd, path(name), fh, &mid, flags));
6304     unlock_user(name, pathname, 0);
6305 
6306     /* man name_to_handle_at(2):
6307      * Other than the use of the handle_bytes field, the caller should treat
6308      * the file_handle structure as an opaque data type
6309      */
6310 
6311     memcpy(target_fh, fh, total_size);
6312     target_fh->handle_bytes = tswap32(fh->handle_bytes);
6313     target_fh->handle_type = tswap32(fh->handle_type);
6314     g_free(fh);
6315     unlock_user(target_fh, handle, total_size);
6316 
6317     if (put_user_s32(mid, mount_id)) {
6318         return -TARGET_EFAULT;
6319     }
6320 
6321     return ret;
6322 
6323 }
6324 #endif
6325 
6326 #if defined(TARGET_NR_open_by_handle_at) && defined(CONFIG_OPEN_BY_HANDLE)
6327 static abi_long do_open_by_handle_at(abi_long mount_fd, abi_long handle,
6328                                      abi_long flags)
6329 {
6330     struct file_handle *target_fh;
6331     struct file_handle *fh;
6332     unsigned int size, total_size;
6333     abi_long ret;
6334 
6335     if (get_user_s32(size, handle)) {
6336         return -TARGET_EFAULT;
6337     }
6338 
6339     total_size = sizeof(struct file_handle) + size;
6340     target_fh = lock_user(VERIFY_READ, handle, total_size, 1);
6341     if (!target_fh) {
6342         return -TARGET_EFAULT;
6343     }
6344 
6345     fh = g_memdup(target_fh, total_size);
6346     fh->handle_bytes = size;
6347     fh->handle_type = tswap32(target_fh->handle_type);
6348 
6349     ret = get_errno(open_by_handle_at(mount_fd, fh,
6350                     target_to_host_bitmask(flags, fcntl_flags_tbl)));
6351 
6352     g_free(fh);
6353 
6354     unlock_user(target_fh, handle, total_size);
6355 
6356     return ret;
6357 }
6358 #endif
6359 
6360 #if defined(TARGET_NR_signalfd) || defined(TARGET_NR_signalfd4)
6361 
6362 /* signalfd siginfo conversion */
6363 
6364 static void
6365 host_to_target_signalfd_siginfo(struct signalfd_siginfo *tinfo,
6366                                 const struct signalfd_siginfo *info)
6367 {
6368     int sig = host_to_target_signal(info->ssi_signo);
6369 
6370     /* linux/signalfd.h defines a ssi_addr_lsb
6371      * not defined in sys/signalfd.h but used by some kernels
6372      */
6373 
6374 #ifdef BUS_MCEERR_AO
6375     if (tinfo->ssi_signo == SIGBUS &&
6376         (tinfo->ssi_code == BUS_MCEERR_AR ||
6377          tinfo->ssi_code == BUS_MCEERR_AO)) {
6378         uint16_t *ssi_addr_lsb = (uint16_t *)(&info->ssi_addr + 1);
6379         uint16_t *tssi_addr_lsb = (uint16_t *)(&tinfo->ssi_addr + 1);
6380         *tssi_addr_lsb = tswap16(*ssi_addr_lsb);
6381     }
6382 #endif
6383 
6384     tinfo->ssi_signo = tswap32(sig);
6385     tinfo->ssi_errno = tswap32(tinfo->ssi_errno);
6386     tinfo->ssi_code = tswap32(info->ssi_code);
6387     tinfo->ssi_pid = tswap32(info->ssi_pid);
6388     tinfo->ssi_uid = tswap32(info->ssi_uid);
6389     tinfo->ssi_fd = tswap32(info->ssi_fd);
6390     tinfo->ssi_tid = tswap32(info->ssi_tid);
6391     tinfo->ssi_band = tswap32(info->ssi_band);
6392     tinfo->ssi_overrun = tswap32(info->ssi_overrun);
6393     tinfo->ssi_trapno = tswap32(info->ssi_trapno);
6394     tinfo->ssi_status = tswap32(info->ssi_status);
6395     tinfo->ssi_int = tswap32(info->ssi_int);
6396     tinfo->ssi_ptr = tswap64(info->ssi_ptr);
6397     tinfo->ssi_utime = tswap64(info->ssi_utime);
6398     tinfo->ssi_stime = tswap64(info->ssi_stime);
6399     tinfo->ssi_addr = tswap64(info->ssi_addr);
6400 }
6401 
6402 static abi_long host_to_target_data_signalfd(void *buf, size_t len)
6403 {
6404     int i;
6405 
6406     for (i = 0; i < len; i += sizeof(struct signalfd_siginfo)) {
6407         host_to_target_signalfd_siginfo(buf + i, buf + i);
6408     }
6409 
6410     return len;
6411 }
6412 
6413 static TargetFdTrans target_signalfd_trans = {
6414     .host_to_target_data = host_to_target_data_signalfd,
6415 };
6416 
6417 static abi_long do_signalfd4(int fd, abi_long mask, int flags)
6418 {
6419     int host_flags;
6420     target_sigset_t *target_mask;
6421     sigset_t host_mask;
6422     abi_long ret;
6423 
6424     if (flags & ~(TARGET_O_NONBLOCK | TARGET_O_CLOEXEC)) {
6425         return -TARGET_EINVAL;
6426     }
6427     if (!lock_user_struct(VERIFY_READ, target_mask, mask, 1)) {
6428         return -TARGET_EFAULT;
6429     }
6430 
6431     target_to_host_sigset(&host_mask, target_mask);
6432 
6433     host_flags = target_to_host_bitmask(flags, fcntl_flags_tbl);
6434 
6435     ret = get_errno(signalfd(fd, &host_mask, host_flags));
6436     if (ret >= 0) {
6437         fd_trans_register(ret, &target_signalfd_trans);
6438     }
6439 
6440     unlock_user_struct(target_mask, mask, 0);
6441 
6442     return ret;
6443 }
6444 #endif
6445 
6446 /* Map host to target signal numbers for the wait family of syscalls.
6447    Assume all other status bits are the same.  */
6448 int host_to_target_waitstatus(int status)
6449 {
6450     if (WIFSIGNALED(status)) {
6451         return host_to_target_signal(WTERMSIG(status)) | (status & ~0x7f);
6452     }
6453     if (WIFSTOPPED(status)) {
6454         return (host_to_target_signal(WSTOPSIG(status)) << 8)
6455                | (status & 0xff);
6456     }
6457     return status;
6458 }
6459 
6460 static int open_self_cmdline(void *cpu_env, int fd)
6461 {
6462     int fd_orig = -1;
6463     bool word_skipped = false;
6464 
6465     fd_orig = open("/proc/self/cmdline", O_RDONLY);
6466     if (fd_orig < 0) {
6467         return fd_orig;
6468     }
6469 
6470     while (true) {
6471         ssize_t nb_read;
6472         char buf[128];
6473         char *cp_buf = buf;
6474 
6475         nb_read = read(fd_orig, buf, sizeof(buf));
6476         if (nb_read < 0) {
6477             int e = errno;
6478             fd_orig = close(fd_orig);
6479             errno = e;
6480             return -1;
6481         } else if (nb_read == 0) {
6482             break;
6483         }
6484 
6485         if (!word_skipped) {
6486             /* Skip the first string, which is the path to qemu-*-static
6487                instead of the actual command. */
6488             cp_buf = memchr(buf, 0, sizeof(buf));
6489             if (cp_buf) {
6490                 /* Null byte found, skip one string */
6491                 cp_buf++;
6492                 nb_read -= cp_buf - buf;
6493                 word_skipped = true;
6494             }
6495         }
6496 
6497         if (word_skipped) {
6498             if (write(fd, cp_buf, nb_read) != nb_read) {
6499                 int e = errno;
6500                 close(fd_orig);
6501                 errno = e;
6502                 return -1;
6503             }
6504         }
6505     }
6506 
6507     return close(fd_orig);
6508 }
6509 
6510 static int open_self_maps(void *cpu_env, int fd)
6511 {
6512     CPUState *cpu = ENV_GET_CPU((CPUArchState *)cpu_env);
6513     TaskState *ts = cpu->opaque;
6514     FILE *fp;
6515     char *line = NULL;
6516     size_t len = 0;
6517     ssize_t read;
6518 
6519     fp = fopen("/proc/self/maps", "r");
6520     if (fp == NULL) {
6521         return -1;
6522     }
6523 
6524     while ((read = getline(&line, &len, fp)) != -1) {
6525         int fields, dev_maj, dev_min, inode;
6526         uint64_t min, max, offset;
6527         char flag_r, flag_w, flag_x, flag_p;
6528         char path[512] = "";
6529         fields = sscanf(line, "%"PRIx64"-%"PRIx64" %c%c%c%c %"PRIx64" %x:%x %d"
6530                         " %512s", &min, &max, &flag_r, &flag_w, &flag_x,
6531                         &flag_p, &offset, &dev_maj, &dev_min, &inode, path);
6532 
6533         if ((fields < 10) || (fields > 11)) {
6534             continue;
6535         }
6536         if (h2g_valid(min)) {
6537             int flags = page_get_flags(h2g(min));
6538             max = h2g_valid(max - 1) ? max : (uintptr_t)g2h(GUEST_ADDR_MAX);
6539             if (page_check_range(h2g(min), max - min, flags) == -1) {
6540                 continue;
6541             }
6542             if (h2g(min) == ts->info->stack_limit) {
6543                 pstrcpy(path, sizeof(path), "      [stack]");
6544             }
6545             dprintf(fd, TARGET_ABI_FMT_lx "-" TARGET_ABI_FMT_lx
6546                     " %c%c%c%c %08" PRIx64 " %02x:%02x %d %s%s\n",
6547                     h2g(min), h2g(max - 1) + 1, flag_r, flag_w,
6548                     flag_x, flag_p, offset, dev_maj, dev_min, inode,
6549                     path[0] ? "         " : "", path);
6550         }
6551     }
6552 
6553     free(line);
6554     fclose(fp);
6555 
6556     return 0;
6557 }
6558 
6559 static int open_self_stat(void *cpu_env, int fd)
6560 {
6561     CPUState *cpu = ENV_GET_CPU((CPUArchState *)cpu_env);
6562     TaskState *ts = cpu->opaque;
6563     abi_ulong start_stack = ts->info->start_stack;
6564     int i;
6565 
6566     for (i = 0; i < 44; i++) {
6567       char buf[128];
6568       int len;
6569       uint64_t val = 0;
6570 
6571       if (i == 0) {
6572         /* pid */
6573         val = getpid();
6574         snprintf(buf, sizeof(buf), "%"PRId64 " ", val);
6575       } else if (i == 1) {
6576         /* app name */
6577         snprintf(buf, sizeof(buf), "(%s) ", ts->bprm->argv[0]);
6578       } else if (i == 27) {
6579         /* stack bottom */
6580         val = start_stack;
6581         snprintf(buf, sizeof(buf), "%"PRId64 " ", val);
6582       } else {
6583         /* for the rest, there is MasterCard */
6584         snprintf(buf, sizeof(buf), "0%c", i == 43 ? '\n' : ' ');
6585       }
6586 
6587       len = strlen(buf);
6588       if (write(fd, buf, len) != len) {
6589           return -1;
6590       }
6591     }
6592 
6593     return 0;
6594 }
6595 
6596 static int open_self_auxv(void *cpu_env, int fd)
6597 {
6598     CPUState *cpu = ENV_GET_CPU((CPUArchState *)cpu_env);
6599     TaskState *ts = cpu->opaque;
6600     abi_ulong auxv = ts->info->saved_auxv;
6601     abi_ulong len = ts->info->auxv_len;
6602     char *ptr;
6603 
6604     /*
6605      * Auxiliary vector is stored in target process stack.
6606      * read in whole auxv vector and copy it to file
6607      */
6608     ptr = lock_user(VERIFY_READ, auxv, len, 0);
6609     if (ptr != NULL) {
6610         while (len > 0) {
6611             ssize_t r;
6612             r = write(fd, ptr, len);
6613             if (r <= 0) {
6614                 break;
6615             }
6616             len -= r;
6617             ptr += r;
6618         }
6619         lseek(fd, 0, SEEK_SET);
6620         unlock_user(ptr, auxv, len);
6621     }
6622 
6623     return 0;
6624 }
6625 
6626 static int is_proc_myself(const char *filename, const char *entry)
6627 {
6628     if (!strncmp(filename, "/proc/", strlen("/proc/"))) {
6629         filename += strlen("/proc/");
6630         if (!strncmp(filename, "self/", strlen("self/"))) {
6631             filename += strlen("self/");
6632         } else if (*filename >= '1' && *filename <= '9') {
6633             char myself[80];
6634             snprintf(myself, sizeof(myself), "%d/", getpid());
6635             if (!strncmp(filename, myself, strlen(myself))) {
6636                 filename += strlen(myself);
6637             } else {
6638                 return 0;
6639             }
6640         } else {
6641             return 0;
6642         }
6643         if (!strcmp(filename, entry)) {
6644             return 1;
6645         }
6646     }
6647     return 0;
6648 }
6649 
6650 #if defined(HOST_WORDS_BIGENDIAN) != defined(TARGET_WORDS_BIGENDIAN)
6651 static int is_proc(const char *filename, const char *entry)
6652 {
6653     return strcmp(filename, entry) == 0;
6654 }
6655 
6656 static int open_net_route(void *cpu_env, int fd)
6657 {
6658     FILE *fp;
6659     char *line = NULL;
6660     size_t len = 0;
6661     ssize_t read;
6662 
6663     fp = fopen("/proc/net/route", "r");
6664     if (fp == NULL) {
6665         return -1;
6666     }
6667 
6668     /* read header */
6669 
6670     read = getline(&line, &len, fp);
6671     dprintf(fd, "%s", line);
6672 
6673     /* read routes */
6674 
6675     while ((read = getline(&line, &len, fp)) != -1) {
6676         char iface[16];
6677         uint32_t dest, gw, mask;
6678         unsigned int flags, refcnt, use, metric, mtu, window, irtt;
6679         sscanf(line, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n",
6680                      iface, &dest, &gw, &flags, &refcnt, &use, &metric,
6681                      &mask, &mtu, &window, &irtt);
6682         dprintf(fd, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n",
6683                 iface, tswap32(dest), tswap32(gw), flags, refcnt, use,
6684                 metric, tswap32(mask), mtu, window, irtt);
6685     }
6686 
6687     free(line);
6688     fclose(fp);
6689 
6690     return 0;
6691 }
6692 #endif
6693 
6694 static int do_openat(void *cpu_env, int dirfd, const char *pathname, int flags, mode_t mode)
6695 {
6696     struct fake_open {
6697         const char *filename;
6698         int (*fill)(void *cpu_env, int fd);
6699         int (*cmp)(const char *s1, const char *s2);
6700     };
6701     const struct fake_open *fake_open;
6702     static const struct fake_open fakes[] = {
6703         { "maps", open_self_maps, is_proc_myself },
6704         { "stat", open_self_stat, is_proc_myself },
6705         { "auxv", open_self_auxv, is_proc_myself },
6706         { "cmdline", open_self_cmdline, is_proc_myself },
6707 #if defined(HOST_WORDS_BIGENDIAN) != defined(TARGET_WORDS_BIGENDIAN)
6708         { "/proc/net/route", open_net_route, is_proc },
6709 #endif
6710         { NULL, NULL, NULL }
6711     };
6712 
6713     if (is_proc_myself(pathname, "exe")) {
6714         int execfd = qemu_getauxval(AT_EXECFD);
6715         return execfd ? execfd : safe_openat(dirfd, exec_path, flags, mode);
6716     }
6717 
6718     for (fake_open = fakes; fake_open->filename; fake_open++) {
6719         if (fake_open->cmp(pathname, fake_open->filename)) {
6720             break;
6721         }
6722     }
6723 
6724     if (fake_open->filename) {
6725         const char *tmpdir;
6726         char filename[PATH_MAX];
6727         int fd, r;
6728 
6729         /* create temporary file to map stat to */
6730         tmpdir = getenv("TMPDIR");
6731         if (!tmpdir)
6732             tmpdir = "/tmp";
6733         snprintf(filename, sizeof(filename), "%s/qemu-open.XXXXXX", tmpdir);
6734         fd = mkstemp(filename);
6735         if (fd < 0) {
6736             return fd;
6737         }
6738         unlink(filename);
6739 
6740         if ((r = fake_open->fill(cpu_env, fd))) {
6741             int e = errno;
6742             close(fd);
6743             errno = e;
6744             return r;
6745         }
6746         lseek(fd, 0, SEEK_SET);
6747 
6748         return fd;
6749     }
6750 
6751     return safe_openat(dirfd, path(pathname), flags, mode);
6752 }
6753 
6754 #define TIMER_MAGIC 0x0caf0000
6755 #define TIMER_MAGIC_MASK 0xffff0000
6756 
6757 /* Convert QEMU provided timer ID back to internal 16bit index format */
6758 static target_timer_t get_timer_id(abi_long arg)
6759 {
6760     target_timer_t timerid = arg;
6761 
6762     if ((timerid & TIMER_MAGIC_MASK) != TIMER_MAGIC) {
6763         return -TARGET_EINVAL;
6764     }
6765 
6766     timerid &= 0xffff;
6767 
6768     if (timerid >= ARRAY_SIZE(g_posix_timers)) {
6769         return -TARGET_EINVAL;
6770     }
6771 
6772     return timerid;
6773 }
6774 
6775 /* do_syscall() should always have a single exit point at the end so
6776    that actions, such as logging of syscall results, can be performed.
6777    All errnos that do_syscall() returns must be -TARGET_<errcode>. */
6778 abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
6779                     abi_long arg2, abi_long arg3, abi_long arg4,
6780                     abi_long arg5, abi_long arg6, abi_long arg7,
6781                     abi_long arg8)
6782 {
6783     CPUState *cpu = ENV_GET_CPU(cpu_env);
6784     abi_long ret;
6785     struct stat st;
6786     struct statfs stfs;
6787     void *p;
6788 
6789 #if defined(DEBUG_ERESTARTSYS)
6790     /* Debug-only code for exercising the syscall-restart code paths
6791      * in the per-architecture cpu main loops: restart every syscall
6792      * the guest makes once before letting it through.
6793      */
6794     {
6795         static int flag;
6796 
6797         flag = !flag;
6798         if (flag) {
6799             return -TARGET_ERESTARTSYS;
6800         }
6801     }
6802 #endif
6803 
6804 #ifdef DEBUG
6805     gemu_log("syscall %d", num);
6806 #endif
6807     trace_guest_user_syscall(cpu, num, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8);
6808     if(do_strace)
6809         print_syscall(num, arg1, arg2, arg3, arg4, arg5, arg6);
6810 
6811     switch(num) {
6812     case TARGET_NR_exit:
6813         /* In old applications this may be used to implement _exit(2).
6814            However in threaded applictions it is used for thread termination,
6815            and _exit_group is used for application termination.
6816            Do thread termination if we have more then one thread.  */
6817 
6818         if (block_signals()) {
6819             ret = -TARGET_ERESTARTSYS;
6820             break;
6821         }
6822 
6823         if (CPU_NEXT(first_cpu)) {
6824             TaskState *ts;
6825 
6826             cpu_list_lock();
6827             /* Remove the CPU from the list.  */
6828             QTAILQ_REMOVE(&cpus, cpu, node);
6829             cpu_list_unlock();
6830             ts = cpu->opaque;
6831             if (ts->child_tidptr) {
6832                 put_user_u32(0, ts->child_tidptr);
6833                 sys_futex(g2h(ts->child_tidptr), FUTEX_WAKE, INT_MAX,
6834                           NULL, NULL, 0);
6835             }
6836             thread_cpu = NULL;
6837             object_unref(OBJECT(cpu));
6838             g_free(ts);
6839             rcu_unregister_thread();
6840             pthread_exit(NULL);
6841         }
6842 #ifdef TARGET_GPROF
6843         _mcleanup();
6844 #endif
6845         gdb_exit(cpu_env, arg1);
6846         _exit(arg1);
6847         ret = 0; /* avoid warning */
6848         break;
6849     case TARGET_NR_read:
6850         if (arg3 == 0)
6851             ret = 0;
6852         else {
6853             if (!(p = lock_user(VERIFY_WRITE, arg2, arg3, 0)))
6854                 goto efault;
6855             ret = get_errno(safe_read(arg1, p, arg3));
6856             if (ret >= 0 &&
6857                 fd_trans_host_to_target_data(arg1)) {
6858                 ret = fd_trans_host_to_target_data(arg1)(p, ret);
6859             }
6860             unlock_user(p, arg2, ret);
6861         }
6862         break;
6863     case TARGET_NR_write:
6864         if (!(p = lock_user(VERIFY_READ, arg2, arg3, 1)))
6865             goto efault;
6866         ret = get_errno(safe_write(arg1, p, arg3));
6867         unlock_user(p, arg2, 0);
6868         break;
6869 #ifdef TARGET_NR_open
6870     case TARGET_NR_open:
6871         if (!(p = lock_user_string(arg1)))
6872             goto efault;
6873         ret = get_errno(do_openat(cpu_env, AT_FDCWD, p,
6874                                   target_to_host_bitmask(arg2, fcntl_flags_tbl),
6875                                   arg3));
6876         fd_trans_unregister(ret);
6877         unlock_user(p, arg1, 0);
6878         break;
6879 #endif
6880     case TARGET_NR_openat:
6881         if (!(p = lock_user_string(arg2)))
6882             goto efault;
6883         ret = get_errno(do_openat(cpu_env, arg1, p,
6884                                   target_to_host_bitmask(arg3, fcntl_flags_tbl),
6885                                   arg4));
6886         fd_trans_unregister(ret);
6887         unlock_user(p, arg2, 0);
6888         break;
6889 #if defined(TARGET_NR_name_to_handle_at) && defined(CONFIG_OPEN_BY_HANDLE)
6890     case TARGET_NR_name_to_handle_at:
6891         ret = do_name_to_handle_at(arg1, arg2, arg3, arg4, arg5);
6892         break;
6893 #endif
6894 #if defined(TARGET_NR_open_by_handle_at) && defined(CONFIG_OPEN_BY_HANDLE)
6895     case TARGET_NR_open_by_handle_at:
6896         ret = do_open_by_handle_at(arg1, arg2, arg3);
6897         fd_trans_unregister(ret);
6898         break;
6899 #endif
6900     case TARGET_NR_close:
6901         fd_trans_unregister(arg1);
6902         ret = get_errno(close(arg1));
6903         break;
6904     case TARGET_NR_brk:
6905         ret = do_brk(arg1);
6906         break;
6907 #ifdef TARGET_NR_fork
6908     case TARGET_NR_fork:
6909         ret = get_errno(do_fork(cpu_env, SIGCHLD, 0, 0, 0, 0));
6910         break;
6911 #endif
6912 #ifdef TARGET_NR_waitpid
6913     case TARGET_NR_waitpid:
6914         {
6915             int status;
6916             ret = get_errno(safe_wait4(arg1, &status, arg3, 0));
6917             if (!is_error(ret) && arg2 && ret
6918                 && put_user_s32(host_to_target_waitstatus(status), arg2))
6919                 goto efault;
6920         }
6921         break;
6922 #endif
6923 #ifdef TARGET_NR_waitid
6924     case TARGET_NR_waitid:
6925         {
6926             siginfo_t info;
6927             info.si_pid = 0;
6928             ret = get_errno(safe_waitid(arg1, arg2, &info, arg4, NULL));
6929             if (!is_error(ret) && arg3 && info.si_pid != 0) {
6930                 if (!(p = lock_user(VERIFY_WRITE, arg3, sizeof(target_siginfo_t), 0)))
6931                     goto efault;
6932                 host_to_target_siginfo(p, &info);
6933                 unlock_user(p, arg3, sizeof(target_siginfo_t));
6934             }
6935         }
6936         break;
6937 #endif
6938 #ifdef TARGET_NR_creat /* not on alpha */
6939     case TARGET_NR_creat:
6940         if (!(p = lock_user_string(arg1)))
6941             goto efault;
6942         ret = get_errno(creat(p, arg2));
6943         fd_trans_unregister(ret);
6944         unlock_user(p, arg1, 0);
6945         break;
6946 #endif
6947 #ifdef TARGET_NR_link
6948     case TARGET_NR_link:
6949         {
6950             void * p2;
6951             p = lock_user_string(arg1);
6952             p2 = lock_user_string(arg2);
6953             if (!p || !p2)
6954                 ret = -TARGET_EFAULT;
6955             else
6956                 ret = get_errno(link(p, p2));
6957             unlock_user(p2, arg2, 0);
6958             unlock_user(p, arg1, 0);
6959         }
6960         break;
6961 #endif
6962 #if defined(TARGET_NR_linkat)
6963     case TARGET_NR_linkat:
6964         {
6965             void * p2 = NULL;
6966             if (!arg2 || !arg4)
6967                 goto efault;
6968             p  = lock_user_string(arg2);
6969             p2 = lock_user_string(arg4);
6970             if (!p || !p2)
6971                 ret = -TARGET_EFAULT;
6972             else
6973                 ret = get_errno(linkat(arg1, p, arg3, p2, arg5));
6974             unlock_user(p, arg2, 0);
6975             unlock_user(p2, arg4, 0);
6976         }
6977         break;
6978 #endif
6979 #ifdef TARGET_NR_unlink
6980     case TARGET_NR_unlink:
6981         if (!(p = lock_user_string(arg1)))
6982             goto efault;
6983         ret = get_errno(unlink(p));
6984         unlock_user(p, arg1, 0);
6985         break;
6986 #endif
6987 #if defined(TARGET_NR_unlinkat)
6988     case TARGET_NR_unlinkat:
6989         if (!(p = lock_user_string(arg2)))
6990             goto efault;
6991         ret = get_errno(unlinkat(arg1, p, arg3));
6992         unlock_user(p, arg2, 0);
6993         break;
6994 #endif
6995     case TARGET_NR_execve:
6996         {
6997             char **argp, **envp;
6998             int argc, envc;
6999             abi_ulong gp;
7000             abi_ulong guest_argp;
7001             abi_ulong guest_envp;
7002             abi_ulong addr;
7003             char **q;
7004             int total_size = 0;
7005 
7006             argc = 0;
7007             guest_argp = arg2;
7008             for (gp = guest_argp; gp; gp += sizeof(abi_ulong)) {
7009                 if (get_user_ual(addr, gp))
7010                     goto efault;
7011                 if (!addr)
7012                     break;
7013                 argc++;
7014             }
7015             envc = 0;
7016             guest_envp = arg3;
7017             for (gp = guest_envp; gp; gp += sizeof(abi_ulong)) {
7018                 if (get_user_ual(addr, gp))
7019                     goto efault;
7020                 if (!addr)
7021                     break;
7022                 envc++;
7023             }
7024 
7025             argp = alloca((argc + 1) * sizeof(void *));
7026             envp = alloca((envc + 1) * sizeof(void *));
7027 
7028             for (gp = guest_argp, q = argp; gp;
7029                   gp += sizeof(abi_ulong), q++) {
7030                 if (get_user_ual(addr, gp))
7031                     goto execve_efault;
7032                 if (!addr)
7033                     break;
7034                 if (!(*q = lock_user_string(addr)))
7035                     goto execve_efault;
7036                 total_size += strlen(*q) + 1;
7037             }
7038             *q = NULL;
7039 
7040             for (gp = guest_envp, q = envp; gp;
7041                   gp += sizeof(abi_ulong), q++) {
7042                 if (get_user_ual(addr, gp))
7043                     goto execve_efault;
7044                 if (!addr)
7045                     break;
7046                 if (!(*q = lock_user_string(addr)))
7047                     goto execve_efault;
7048                 total_size += strlen(*q) + 1;
7049             }
7050             *q = NULL;
7051 
7052             if (!(p = lock_user_string(arg1)))
7053                 goto execve_efault;
7054             /* Although execve() is not an interruptible syscall it is
7055              * a special case where we must use the safe_syscall wrapper:
7056              * if we allow a signal to happen before we make the host
7057              * syscall then we will 'lose' it, because at the point of
7058              * execve the process leaves QEMU's control. So we use the
7059              * safe syscall wrapper to ensure that we either take the
7060              * signal as a guest signal, or else it does not happen
7061              * before the execve completes and makes it the other
7062              * program's problem.
7063              */
7064             ret = get_errno(safe_execve(p, argp, envp));
7065             unlock_user(p, arg1, 0);
7066 
7067             goto execve_end;
7068 
7069         execve_efault:
7070             ret = -TARGET_EFAULT;
7071 
7072         execve_end:
7073             for (gp = guest_argp, q = argp; *q;
7074                   gp += sizeof(abi_ulong), q++) {
7075                 if (get_user_ual(addr, gp)
7076                     || !addr)
7077                     break;
7078                 unlock_user(*q, addr, 0);
7079             }
7080             for (gp = guest_envp, q = envp; *q;
7081                   gp += sizeof(abi_ulong), q++) {
7082                 if (get_user_ual(addr, gp)
7083                     || !addr)
7084                     break;
7085                 unlock_user(*q, addr, 0);
7086             }
7087         }
7088         break;
7089     case TARGET_NR_chdir:
7090         if (!(p = lock_user_string(arg1)))
7091             goto efault;
7092         ret = get_errno(chdir(p));
7093         unlock_user(p, arg1, 0);
7094         break;
7095 #ifdef TARGET_NR_time
7096     case TARGET_NR_time:
7097         {
7098             time_t host_time;
7099             ret = get_errno(time(&host_time));
7100             if (!is_error(ret)
7101                 && arg1
7102                 && put_user_sal(host_time, arg1))
7103                 goto efault;
7104         }
7105         break;
7106 #endif
7107 #ifdef TARGET_NR_mknod
7108     case TARGET_NR_mknod:
7109         if (!(p = lock_user_string(arg1)))
7110             goto efault;
7111         ret = get_errno(mknod(p, arg2, arg3));
7112         unlock_user(p, arg1, 0);
7113         break;
7114 #endif
7115 #if defined(TARGET_NR_mknodat)
7116     case TARGET_NR_mknodat:
7117         if (!(p = lock_user_string(arg2)))
7118             goto efault;
7119         ret = get_errno(mknodat(arg1, p, arg3, arg4));
7120         unlock_user(p, arg2, 0);
7121         break;
7122 #endif
7123 #ifdef TARGET_NR_chmod
7124     case TARGET_NR_chmod:
7125         if (!(p = lock_user_string(arg1)))
7126             goto efault;
7127         ret = get_errno(chmod(p, arg2));
7128         unlock_user(p, arg1, 0);
7129         break;
7130 #endif
7131 #ifdef TARGET_NR_break
7132     case TARGET_NR_break:
7133         goto unimplemented;
7134 #endif
7135 #ifdef TARGET_NR_oldstat
7136     case TARGET_NR_oldstat:
7137         goto unimplemented;
7138 #endif
7139     case TARGET_NR_lseek:
7140         ret = get_errno(lseek(arg1, arg2, arg3));
7141         break;
7142 #if defined(TARGET_NR_getxpid) && defined(TARGET_ALPHA)
7143     /* Alpha specific */
7144     case TARGET_NR_getxpid:
7145         ((CPUAlphaState *)cpu_env)->ir[IR_A4] = getppid();
7146         ret = get_errno(getpid());
7147         break;
7148 #endif
7149 #ifdef TARGET_NR_getpid
7150     case TARGET_NR_getpid:
7151         ret = get_errno(getpid());
7152         break;
7153 #endif
7154     case TARGET_NR_mount:
7155         {
7156             /* need to look at the data field */
7157             void *p2, *p3;
7158 
7159             if (arg1) {
7160                 p = lock_user_string(arg1);
7161                 if (!p) {
7162                     goto efault;
7163                 }
7164             } else {
7165                 p = NULL;
7166             }
7167 
7168             p2 = lock_user_string(arg2);
7169             if (!p2) {
7170                 if (arg1) {
7171                     unlock_user(p, arg1, 0);
7172                 }
7173                 goto efault;
7174             }
7175 
7176             if (arg3) {
7177                 p3 = lock_user_string(arg3);
7178                 if (!p3) {
7179                     if (arg1) {
7180                         unlock_user(p, arg1, 0);
7181                     }
7182                     unlock_user(p2, arg2, 0);
7183                     goto efault;
7184                 }
7185             } else {
7186                 p3 = NULL;
7187             }
7188 
7189             /* FIXME - arg5 should be locked, but it isn't clear how to
7190              * do that since it's not guaranteed to be a NULL-terminated
7191              * string.
7192              */
7193             if (!arg5) {
7194                 ret = mount(p, p2, p3, (unsigned long)arg4, NULL);
7195             } else {
7196                 ret = mount(p, p2, p3, (unsigned long)arg4, g2h(arg5));
7197             }
7198             ret = get_errno(ret);
7199 
7200             if (arg1) {
7201                 unlock_user(p, arg1, 0);
7202             }
7203             unlock_user(p2, arg2, 0);
7204             if (arg3) {
7205                 unlock_user(p3, arg3, 0);
7206             }
7207         }
7208         break;
7209 #ifdef TARGET_NR_umount
7210     case TARGET_NR_umount:
7211         if (!(p = lock_user_string(arg1)))
7212             goto efault;
7213         ret = get_errno(umount(p));
7214         unlock_user(p, arg1, 0);
7215         break;
7216 #endif
7217 #ifdef TARGET_NR_stime /* not on alpha */
7218     case TARGET_NR_stime:
7219         {
7220             time_t host_time;
7221             if (get_user_sal(host_time, arg1))
7222                 goto efault;
7223             ret = get_errno(stime(&host_time));
7224         }
7225         break;
7226 #endif
7227     case TARGET_NR_ptrace:
7228         goto unimplemented;
7229 #ifdef TARGET_NR_alarm /* not on alpha */
7230     case TARGET_NR_alarm:
7231         ret = alarm(arg1);
7232         break;
7233 #endif
7234 #ifdef TARGET_NR_oldfstat
7235     case TARGET_NR_oldfstat:
7236         goto unimplemented;
7237 #endif
7238 #ifdef TARGET_NR_pause /* not on alpha */
7239     case TARGET_NR_pause:
7240         if (!block_signals()) {
7241             sigsuspend(&((TaskState *)cpu->opaque)->signal_mask);
7242         }
7243         ret = -TARGET_EINTR;
7244         break;
7245 #endif
7246 #ifdef TARGET_NR_utime
7247     case TARGET_NR_utime:
7248         {
7249             struct utimbuf tbuf, *host_tbuf;
7250             struct target_utimbuf *target_tbuf;
7251             if (arg2) {
7252                 if (!lock_user_struct(VERIFY_READ, target_tbuf, arg2, 1))
7253                     goto efault;
7254                 tbuf.actime = tswapal(target_tbuf->actime);
7255                 tbuf.modtime = tswapal(target_tbuf->modtime);
7256                 unlock_user_struct(target_tbuf, arg2, 0);
7257                 host_tbuf = &tbuf;
7258             } else {
7259                 host_tbuf = NULL;
7260             }
7261             if (!(p = lock_user_string(arg1)))
7262                 goto efault;
7263             ret = get_errno(utime(p, host_tbuf));
7264             unlock_user(p, arg1, 0);
7265         }
7266         break;
7267 #endif
7268 #ifdef TARGET_NR_utimes
7269     case TARGET_NR_utimes:
7270         {
7271             struct timeval *tvp, tv[2];
7272             if (arg2) {
7273                 if (copy_from_user_timeval(&tv[0], arg2)
7274                     || copy_from_user_timeval(&tv[1],
7275                                               arg2 + sizeof(struct target_timeval)))
7276                     goto efault;
7277                 tvp = tv;
7278             } else {
7279                 tvp = NULL;
7280             }
7281             if (!(p = lock_user_string(arg1)))
7282                 goto efault;
7283             ret = get_errno(utimes(p, tvp));
7284             unlock_user(p, arg1, 0);
7285         }
7286         break;
7287 #endif
7288 #if defined(TARGET_NR_futimesat)
7289     case TARGET_NR_futimesat:
7290         {
7291             struct timeval *tvp, tv[2];
7292             if (arg3) {
7293                 if (copy_from_user_timeval(&tv[0], arg3)
7294                     || copy_from_user_timeval(&tv[1],
7295                                               arg3 + sizeof(struct target_timeval)))
7296                     goto efault;
7297                 tvp = tv;
7298             } else {
7299                 tvp = NULL;
7300             }
7301             if (!(p = lock_user_string(arg2)))
7302                 goto efault;
7303             ret = get_errno(futimesat(arg1, path(p), tvp));
7304             unlock_user(p, arg2, 0);
7305         }
7306         break;
7307 #endif
7308 #ifdef TARGET_NR_stty
7309     case TARGET_NR_stty:
7310         goto unimplemented;
7311 #endif
7312 #ifdef TARGET_NR_gtty
7313     case TARGET_NR_gtty:
7314         goto unimplemented;
7315 #endif
7316 #ifdef TARGET_NR_access
7317     case TARGET_NR_access:
7318         if (!(p = lock_user_string(arg1)))
7319             goto efault;
7320         ret = get_errno(access(path(p), arg2));
7321         unlock_user(p, arg1, 0);
7322         break;
7323 #endif
7324 #if defined(TARGET_NR_faccessat) && defined(__NR_faccessat)
7325     case TARGET_NR_faccessat:
7326         if (!(p = lock_user_string(arg2)))
7327             goto efault;
7328         ret = get_errno(faccessat(arg1, p, arg3, 0));
7329         unlock_user(p, arg2, 0);
7330         break;
7331 #endif
7332 #ifdef TARGET_NR_nice /* not on alpha */
7333     case TARGET_NR_nice:
7334         ret = get_errno(nice(arg1));
7335         break;
7336 #endif
7337 #ifdef TARGET_NR_ftime
7338     case TARGET_NR_ftime:
7339         goto unimplemented;
7340 #endif
7341     case TARGET_NR_sync:
7342         sync();
7343         ret = 0;
7344         break;
7345     case TARGET_NR_kill:
7346         ret = get_errno(safe_kill(arg1, target_to_host_signal(arg2)));
7347         break;
7348 #ifdef TARGET_NR_rename
7349     case TARGET_NR_rename:
7350         {
7351             void *p2;
7352             p = lock_user_string(arg1);
7353             p2 = lock_user_string(arg2);
7354             if (!p || !p2)
7355                 ret = -TARGET_EFAULT;
7356             else
7357                 ret = get_errno(rename(p, p2));
7358             unlock_user(p2, arg2, 0);
7359             unlock_user(p, arg1, 0);
7360         }
7361         break;
7362 #endif
7363 #if defined(TARGET_NR_renameat)
7364     case TARGET_NR_renameat:
7365         {
7366             void *p2;
7367             p  = lock_user_string(arg2);
7368             p2 = lock_user_string(arg4);
7369             if (!p || !p2)
7370                 ret = -TARGET_EFAULT;
7371             else
7372                 ret = get_errno(renameat(arg1, p, arg3, p2));
7373             unlock_user(p2, arg4, 0);
7374             unlock_user(p, arg2, 0);
7375         }
7376         break;
7377 #endif
7378 #ifdef TARGET_NR_mkdir
7379     case TARGET_NR_mkdir:
7380         if (!(p = lock_user_string(arg1)))
7381             goto efault;
7382         ret = get_errno(mkdir(p, arg2));
7383         unlock_user(p, arg1, 0);
7384         break;
7385 #endif
7386 #if defined(TARGET_NR_mkdirat)
7387     case TARGET_NR_mkdirat:
7388         if (!(p = lock_user_string(arg2)))
7389             goto efault;
7390         ret = get_errno(mkdirat(arg1, p, arg3));
7391         unlock_user(p, arg2, 0);
7392         break;
7393 #endif
7394 #ifdef TARGET_NR_rmdir
7395     case TARGET_NR_rmdir:
7396         if (!(p = lock_user_string(arg1)))
7397             goto efault;
7398         ret = get_errno(rmdir(p));
7399         unlock_user(p, arg1, 0);
7400         break;
7401 #endif
7402     case TARGET_NR_dup:
7403         ret = get_errno(dup(arg1));
7404         if (ret >= 0) {
7405             fd_trans_dup(arg1, ret);
7406         }
7407         break;
7408 #ifdef TARGET_NR_pipe
7409     case TARGET_NR_pipe:
7410         ret = do_pipe(cpu_env, arg1, 0, 0);
7411         break;
7412 #endif
7413 #ifdef TARGET_NR_pipe2
7414     case TARGET_NR_pipe2:
7415         ret = do_pipe(cpu_env, arg1,
7416                       target_to_host_bitmask(arg2, fcntl_flags_tbl), 1);
7417         break;
7418 #endif
7419     case TARGET_NR_times:
7420         {
7421             struct target_tms *tmsp;
7422             struct tms tms;
7423             ret = get_errno(times(&tms));
7424             if (arg1) {
7425                 tmsp = lock_user(VERIFY_WRITE, arg1, sizeof(struct target_tms), 0);
7426                 if (!tmsp)
7427                     goto efault;
7428                 tmsp->tms_utime = tswapal(host_to_target_clock_t(tms.tms_utime));
7429                 tmsp->tms_stime = tswapal(host_to_target_clock_t(tms.tms_stime));
7430                 tmsp->tms_cutime = tswapal(host_to_target_clock_t(tms.tms_cutime));
7431                 tmsp->tms_cstime = tswapal(host_to_target_clock_t(tms.tms_cstime));
7432             }
7433             if (!is_error(ret))
7434                 ret = host_to_target_clock_t(ret);
7435         }
7436         break;
7437 #ifdef TARGET_NR_prof
7438     case TARGET_NR_prof:
7439         goto unimplemented;
7440 #endif
7441 #ifdef TARGET_NR_signal
7442     case TARGET_NR_signal:
7443         goto unimplemented;
7444 #endif
7445     case TARGET_NR_acct:
7446         if (arg1 == 0) {
7447             ret = get_errno(acct(NULL));
7448         } else {
7449             if (!(p = lock_user_string(arg1)))
7450                 goto efault;
7451             ret = get_errno(acct(path(p)));
7452             unlock_user(p, arg1, 0);
7453         }
7454         break;
7455 #ifdef TARGET_NR_umount2
7456     case TARGET_NR_umount2:
7457         if (!(p = lock_user_string(arg1)))
7458             goto efault;
7459         ret = get_errno(umount2(p, arg2));
7460         unlock_user(p, arg1, 0);
7461         break;
7462 #endif
7463 #ifdef TARGET_NR_lock
7464     case TARGET_NR_lock:
7465         goto unimplemented;
7466 #endif
7467     case TARGET_NR_ioctl:
7468         ret = do_ioctl(arg1, arg2, arg3);
7469         break;
7470     case TARGET_NR_fcntl:
7471         ret = do_fcntl(arg1, arg2, arg3);
7472         break;
7473 #ifdef TARGET_NR_mpx
7474     case TARGET_NR_mpx:
7475         goto unimplemented;
7476 #endif
7477     case TARGET_NR_setpgid:
7478         ret = get_errno(setpgid(arg1, arg2));
7479         break;
7480 #ifdef TARGET_NR_ulimit
7481     case TARGET_NR_ulimit:
7482         goto unimplemented;
7483 #endif
7484 #ifdef TARGET_NR_oldolduname
7485     case TARGET_NR_oldolduname:
7486         goto unimplemented;
7487 #endif
7488     case TARGET_NR_umask:
7489         ret = get_errno(umask(arg1));
7490         break;
7491     case TARGET_NR_chroot:
7492         if (!(p = lock_user_string(arg1)))
7493             goto efault;
7494         ret = get_errno(chroot(p));
7495         unlock_user(p, arg1, 0);
7496         break;
7497 #ifdef TARGET_NR_ustat
7498     case TARGET_NR_ustat:
7499         goto unimplemented;
7500 #endif
7501 #ifdef TARGET_NR_dup2
7502     case TARGET_NR_dup2:
7503         ret = get_errno(dup2(arg1, arg2));
7504         if (ret >= 0) {
7505             fd_trans_dup(arg1, arg2);
7506         }
7507         break;
7508 #endif
7509 #if defined(CONFIG_DUP3) && defined(TARGET_NR_dup3)
7510     case TARGET_NR_dup3:
7511         ret = get_errno(dup3(arg1, arg2, arg3));
7512         if (ret >= 0) {
7513             fd_trans_dup(arg1, arg2);
7514         }
7515         break;
7516 #endif
7517 #ifdef TARGET_NR_getppid /* not on alpha */
7518     case TARGET_NR_getppid:
7519         ret = get_errno(getppid());
7520         break;
7521 #endif
7522 #ifdef TARGET_NR_getpgrp
7523     case TARGET_NR_getpgrp:
7524         ret = get_errno(getpgrp());
7525         break;
7526 #endif
7527     case TARGET_NR_setsid:
7528         ret = get_errno(setsid());
7529         break;
7530 #ifdef TARGET_NR_sigaction
7531     case TARGET_NR_sigaction:
7532         {
7533 #if defined(TARGET_ALPHA)
7534             struct target_sigaction act, oact, *pact = 0;
7535             struct target_old_sigaction *old_act;
7536             if (arg2) {
7537                 if (!lock_user_struct(VERIFY_READ, old_act, arg2, 1))
7538                     goto efault;
7539                 act._sa_handler = old_act->_sa_handler;
7540                 target_siginitset(&act.sa_mask, old_act->sa_mask);
7541                 act.sa_flags = old_act->sa_flags;
7542                 act.sa_restorer = 0;
7543                 unlock_user_struct(old_act, arg2, 0);
7544                 pact = &act;
7545             }
7546             ret = get_errno(do_sigaction(arg1, pact, &oact));
7547             if (!is_error(ret) && arg3) {
7548                 if (!lock_user_struct(VERIFY_WRITE, old_act, arg3, 0))
7549                     goto efault;
7550                 old_act->_sa_handler = oact._sa_handler;
7551                 old_act->sa_mask = oact.sa_mask.sig[0];
7552                 old_act->sa_flags = oact.sa_flags;
7553                 unlock_user_struct(old_act, arg3, 1);
7554             }
7555 #elif defined(TARGET_MIPS)
7556 	    struct target_sigaction act, oact, *pact, *old_act;
7557 
7558 	    if (arg2) {
7559                 if (!lock_user_struct(VERIFY_READ, old_act, arg2, 1))
7560                     goto efault;
7561 		act._sa_handler = old_act->_sa_handler;
7562 		target_siginitset(&act.sa_mask, old_act->sa_mask.sig[0]);
7563 		act.sa_flags = old_act->sa_flags;
7564 		unlock_user_struct(old_act, arg2, 0);
7565 		pact = &act;
7566 	    } else {
7567 		pact = NULL;
7568 	    }
7569 
7570 	    ret = get_errno(do_sigaction(arg1, pact, &oact));
7571 
7572 	    if (!is_error(ret) && arg3) {
7573                 if (!lock_user_struct(VERIFY_WRITE, old_act, arg3, 0))
7574                     goto efault;
7575 		old_act->_sa_handler = oact._sa_handler;
7576 		old_act->sa_flags = oact.sa_flags;
7577 		old_act->sa_mask.sig[0] = oact.sa_mask.sig[0];
7578 		old_act->sa_mask.sig[1] = 0;
7579 		old_act->sa_mask.sig[2] = 0;
7580 		old_act->sa_mask.sig[3] = 0;
7581 		unlock_user_struct(old_act, arg3, 1);
7582 	    }
7583 #else
7584             struct target_old_sigaction *old_act;
7585             struct target_sigaction act, oact, *pact;
7586             if (arg2) {
7587                 if (!lock_user_struct(VERIFY_READ, old_act, arg2, 1))
7588                     goto efault;
7589                 act._sa_handler = old_act->_sa_handler;
7590                 target_siginitset(&act.sa_mask, old_act->sa_mask);
7591                 act.sa_flags = old_act->sa_flags;
7592                 act.sa_restorer = old_act->sa_restorer;
7593                 unlock_user_struct(old_act, arg2, 0);
7594                 pact = &act;
7595             } else {
7596                 pact = NULL;
7597             }
7598             ret = get_errno(do_sigaction(arg1, pact, &oact));
7599             if (!is_error(ret) && arg3) {
7600                 if (!lock_user_struct(VERIFY_WRITE, old_act, arg3, 0))
7601                     goto efault;
7602                 old_act->_sa_handler = oact._sa_handler;
7603                 old_act->sa_mask = oact.sa_mask.sig[0];
7604                 old_act->sa_flags = oact.sa_flags;
7605                 old_act->sa_restorer = oact.sa_restorer;
7606                 unlock_user_struct(old_act, arg3, 1);
7607             }
7608 #endif
7609         }
7610         break;
7611 #endif
7612     case TARGET_NR_rt_sigaction:
7613         {
7614 #if defined(TARGET_ALPHA)
7615             struct target_sigaction act, oact, *pact = 0;
7616             struct target_rt_sigaction *rt_act;
7617             /* ??? arg4 == sizeof(sigset_t).  */
7618             if (arg2) {
7619                 if (!lock_user_struct(VERIFY_READ, rt_act, arg2, 1))
7620                     goto efault;
7621                 act._sa_handler = rt_act->_sa_handler;
7622                 act.sa_mask = rt_act->sa_mask;
7623                 act.sa_flags = rt_act->sa_flags;
7624                 act.sa_restorer = arg5;
7625                 unlock_user_struct(rt_act, arg2, 0);
7626                 pact = &act;
7627             }
7628             ret = get_errno(do_sigaction(arg1, pact, &oact));
7629             if (!is_error(ret) && arg3) {
7630                 if (!lock_user_struct(VERIFY_WRITE, rt_act, arg3, 0))
7631                     goto efault;
7632                 rt_act->_sa_handler = oact._sa_handler;
7633                 rt_act->sa_mask = oact.sa_mask;
7634                 rt_act->sa_flags = oact.sa_flags;
7635                 unlock_user_struct(rt_act, arg3, 1);
7636             }
7637 #else
7638             struct target_sigaction *act;
7639             struct target_sigaction *oact;
7640 
7641             if (arg2) {
7642                 if (!lock_user_struct(VERIFY_READ, act, arg2, 1))
7643                     goto efault;
7644             } else
7645                 act = NULL;
7646             if (arg3) {
7647                 if (!lock_user_struct(VERIFY_WRITE, oact, arg3, 0)) {
7648                     ret = -TARGET_EFAULT;
7649                     goto rt_sigaction_fail;
7650                 }
7651             } else
7652                 oact = NULL;
7653             ret = get_errno(do_sigaction(arg1, act, oact));
7654 	rt_sigaction_fail:
7655             if (act)
7656                 unlock_user_struct(act, arg2, 0);
7657             if (oact)
7658                 unlock_user_struct(oact, arg3, 1);
7659 #endif
7660         }
7661         break;
7662 #ifdef TARGET_NR_sgetmask /* not on alpha */
7663     case TARGET_NR_sgetmask:
7664         {
7665             sigset_t cur_set;
7666             abi_ulong target_set;
7667             ret = do_sigprocmask(0, NULL, &cur_set);
7668             if (!ret) {
7669                 host_to_target_old_sigset(&target_set, &cur_set);
7670                 ret = target_set;
7671             }
7672         }
7673         break;
7674 #endif
7675 #ifdef TARGET_NR_ssetmask /* not on alpha */
7676     case TARGET_NR_ssetmask:
7677         {
7678             sigset_t set, oset, cur_set;
7679             abi_ulong target_set = arg1;
7680             /* We only have one word of the new mask so we must read
7681              * the rest of it with do_sigprocmask() and OR in this word.
7682              * We are guaranteed that a do_sigprocmask() that only queries
7683              * the signal mask will not fail.
7684              */
7685             ret = do_sigprocmask(0, NULL, &cur_set);
7686             assert(!ret);
7687             target_to_host_old_sigset(&set, &target_set);
7688             sigorset(&set, &set, &cur_set);
7689             ret = do_sigprocmask(SIG_SETMASK, &set, &oset);
7690             if (!ret) {
7691                 host_to_target_old_sigset(&target_set, &oset);
7692                 ret = target_set;
7693             }
7694         }
7695         break;
7696 #endif
7697 #ifdef TARGET_NR_sigprocmask
7698     case TARGET_NR_sigprocmask:
7699         {
7700 #if defined(TARGET_ALPHA)
7701             sigset_t set, oldset;
7702             abi_ulong mask;
7703             int how;
7704 
7705             switch (arg1) {
7706             case TARGET_SIG_BLOCK:
7707                 how = SIG_BLOCK;
7708                 break;
7709             case TARGET_SIG_UNBLOCK:
7710                 how = SIG_UNBLOCK;
7711                 break;
7712             case TARGET_SIG_SETMASK:
7713                 how = SIG_SETMASK;
7714                 break;
7715             default:
7716                 ret = -TARGET_EINVAL;
7717                 goto fail;
7718             }
7719             mask = arg2;
7720             target_to_host_old_sigset(&set, &mask);
7721 
7722             ret = do_sigprocmask(how, &set, &oldset);
7723             if (!is_error(ret)) {
7724                 host_to_target_old_sigset(&mask, &oldset);
7725                 ret = mask;
7726                 ((CPUAlphaState *)cpu_env)->ir[IR_V0] = 0; /* force no error */
7727             }
7728 #else
7729             sigset_t set, oldset, *set_ptr;
7730             int how;
7731 
7732             if (arg2) {
7733                 switch (arg1) {
7734                 case TARGET_SIG_BLOCK:
7735                     how = SIG_BLOCK;
7736                     break;
7737                 case TARGET_SIG_UNBLOCK:
7738                     how = SIG_UNBLOCK;
7739                     break;
7740                 case TARGET_SIG_SETMASK:
7741                     how = SIG_SETMASK;
7742                     break;
7743                 default:
7744                     ret = -TARGET_EINVAL;
7745                     goto fail;
7746                 }
7747                 if (!(p = lock_user(VERIFY_READ, arg2, sizeof(target_sigset_t), 1)))
7748                     goto efault;
7749                 target_to_host_old_sigset(&set, p);
7750                 unlock_user(p, arg2, 0);
7751                 set_ptr = &set;
7752             } else {
7753                 how = 0;
7754                 set_ptr = NULL;
7755             }
7756             ret = do_sigprocmask(how, set_ptr, &oldset);
7757             if (!is_error(ret) && arg3) {
7758                 if (!(p = lock_user(VERIFY_WRITE, arg3, sizeof(target_sigset_t), 0)))
7759                     goto efault;
7760                 host_to_target_old_sigset(p, &oldset);
7761                 unlock_user(p, arg3, sizeof(target_sigset_t));
7762             }
7763 #endif
7764         }
7765         break;
7766 #endif
7767     case TARGET_NR_rt_sigprocmask:
7768         {
7769             int how = arg1;
7770             sigset_t set, oldset, *set_ptr;
7771 
7772             if (arg2) {
7773                 switch(how) {
7774                 case TARGET_SIG_BLOCK:
7775                     how = SIG_BLOCK;
7776                     break;
7777                 case TARGET_SIG_UNBLOCK:
7778                     how = SIG_UNBLOCK;
7779                     break;
7780                 case TARGET_SIG_SETMASK:
7781                     how = SIG_SETMASK;
7782                     break;
7783                 default:
7784                     ret = -TARGET_EINVAL;
7785                     goto fail;
7786                 }
7787                 if (!(p = lock_user(VERIFY_READ, arg2, sizeof(target_sigset_t), 1)))
7788                     goto efault;
7789                 target_to_host_sigset(&set, p);
7790                 unlock_user(p, arg2, 0);
7791                 set_ptr = &set;
7792             } else {
7793                 how = 0;
7794                 set_ptr = NULL;
7795             }
7796             ret = do_sigprocmask(how, set_ptr, &oldset);
7797             if (!is_error(ret) && arg3) {
7798                 if (!(p = lock_user(VERIFY_WRITE, arg3, sizeof(target_sigset_t), 0)))
7799                     goto efault;
7800                 host_to_target_sigset(p, &oldset);
7801                 unlock_user(p, arg3, sizeof(target_sigset_t));
7802             }
7803         }
7804         break;
7805 #ifdef TARGET_NR_sigpending
7806     case TARGET_NR_sigpending:
7807         {
7808             sigset_t set;
7809             ret = get_errno(sigpending(&set));
7810             if (!is_error(ret)) {
7811                 if (!(p = lock_user(VERIFY_WRITE, arg1, sizeof(target_sigset_t), 0)))
7812                     goto efault;
7813                 host_to_target_old_sigset(p, &set);
7814                 unlock_user(p, arg1, sizeof(target_sigset_t));
7815             }
7816         }
7817         break;
7818 #endif
7819     case TARGET_NR_rt_sigpending:
7820         {
7821             sigset_t set;
7822             ret = get_errno(sigpending(&set));
7823             if (!is_error(ret)) {
7824                 if (!(p = lock_user(VERIFY_WRITE, arg1, sizeof(target_sigset_t), 0)))
7825                     goto efault;
7826                 host_to_target_sigset(p, &set);
7827                 unlock_user(p, arg1, sizeof(target_sigset_t));
7828             }
7829         }
7830         break;
7831 #ifdef TARGET_NR_sigsuspend
7832     case TARGET_NR_sigsuspend:
7833         {
7834             TaskState *ts = cpu->opaque;
7835 #if defined(TARGET_ALPHA)
7836             abi_ulong mask = arg1;
7837             target_to_host_old_sigset(&ts->sigsuspend_mask, &mask);
7838 #else
7839             if (!(p = lock_user(VERIFY_READ, arg1, sizeof(target_sigset_t), 1)))
7840                 goto efault;
7841             target_to_host_old_sigset(&ts->sigsuspend_mask, p);
7842             unlock_user(p, arg1, 0);
7843 #endif
7844             ret = get_errno(safe_rt_sigsuspend(&ts->sigsuspend_mask,
7845                                                SIGSET_T_SIZE));
7846             if (ret != -TARGET_ERESTARTSYS) {
7847                 ts->in_sigsuspend = 1;
7848             }
7849         }
7850         break;
7851 #endif
7852     case TARGET_NR_rt_sigsuspend:
7853         {
7854             TaskState *ts = cpu->opaque;
7855             if (!(p = lock_user(VERIFY_READ, arg1, sizeof(target_sigset_t), 1)))
7856                 goto efault;
7857             target_to_host_sigset(&ts->sigsuspend_mask, p);
7858             unlock_user(p, arg1, 0);
7859             ret = get_errno(safe_rt_sigsuspend(&ts->sigsuspend_mask,
7860                                                SIGSET_T_SIZE));
7861             if (ret != -TARGET_ERESTARTSYS) {
7862                 ts->in_sigsuspend = 1;
7863             }
7864         }
7865         break;
7866     case TARGET_NR_rt_sigtimedwait:
7867         {
7868             sigset_t set;
7869             struct timespec uts, *puts;
7870             siginfo_t uinfo;
7871 
7872             if (!(p = lock_user(VERIFY_READ, arg1, sizeof(target_sigset_t), 1)))
7873                 goto efault;
7874             target_to_host_sigset(&set, p);
7875             unlock_user(p, arg1, 0);
7876             if (arg3) {
7877                 puts = &uts;
7878                 target_to_host_timespec(puts, arg3);
7879             } else {
7880                 puts = NULL;
7881             }
7882             ret = get_errno(safe_rt_sigtimedwait(&set, &uinfo, puts,
7883                                                  SIGSET_T_SIZE));
7884             if (!is_error(ret)) {
7885                 if (arg2) {
7886                     p = lock_user(VERIFY_WRITE, arg2, sizeof(target_siginfo_t),
7887                                   0);
7888                     if (!p) {
7889                         goto efault;
7890                     }
7891                     host_to_target_siginfo(p, &uinfo);
7892                     unlock_user(p, arg2, sizeof(target_siginfo_t));
7893                 }
7894                 ret = host_to_target_signal(ret);
7895             }
7896         }
7897         break;
7898     case TARGET_NR_rt_sigqueueinfo:
7899         {
7900             siginfo_t uinfo;
7901 
7902             p = lock_user(VERIFY_READ, arg3, sizeof(target_siginfo_t), 1);
7903             if (!p) {
7904                 goto efault;
7905             }
7906             target_to_host_siginfo(&uinfo, p);
7907             unlock_user(p, arg1, 0);
7908             ret = get_errno(sys_rt_sigqueueinfo(arg1, arg2, &uinfo));
7909         }
7910         break;
7911 #ifdef TARGET_NR_sigreturn
7912     case TARGET_NR_sigreturn:
7913         if (block_signals()) {
7914             ret = -TARGET_ERESTARTSYS;
7915         } else {
7916             ret = do_sigreturn(cpu_env);
7917         }
7918         break;
7919 #endif
7920     case TARGET_NR_rt_sigreturn:
7921         if (block_signals()) {
7922             ret = -TARGET_ERESTARTSYS;
7923         } else {
7924             ret = do_rt_sigreturn(cpu_env);
7925         }
7926         break;
7927     case TARGET_NR_sethostname:
7928         if (!(p = lock_user_string(arg1)))
7929             goto efault;
7930         ret = get_errno(sethostname(p, arg2));
7931         unlock_user(p, arg1, 0);
7932         break;
7933     case TARGET_NR_setrlimit:
7934         {
7935             int resource = target_to_host_resource(arg1);
7936             struct target_rlimit *target_rlim;
7937             struct rlimit rlim;
7938             if (!lock_user_struct(VERIFY_READ, target_rlim, arg2, 1))
7939                 goto efault;
7940             rlim.rlim_cur = target_to_host_rlim(target_rlim->rlim_cur);
7941             rlim.rlim_max = target_to_host_rlim(target_rlim->rlim_max);
7942             unlock_user_struct(target_rlim, arg2, 0);
7943             ret = get_errno(setrlimit(resource, &rlim));
7944         }
7945         break;
7946     case TARGET_NR_getrlimit:
7947         {
7948             int resource = target_to_host_resource(arg1);
7949             struct target_rlimit *target_rlim;
7950             struct rlimit rlim;
7951 
7952             ret = get_errno(getrlimit(resource, &rlim));
7953             if (!is_error(ret)) {
7954                 if (!lock_user_struct(VERIFY_WRITE, target_rlim, arg2, 0))
7955                     goto efault;
7956                 target_rlim->rlim_cur = host_to_target_rlim(rlim.rlim_cur);
7957                 target_rlim->rlim_max = host_to_target_rlim(rlim.rlim_max);
7958                 unlock_user_struct(target_rlim, arg2, 1);
7959             }
7960         }
7961         break;
7962     case TARGET_NR_getrusage:
7963         {
7964             struct rusage rusage;
7965             ret = get_errno(getrusage(arg1, &rusage));
7966             if (!is_error(ret)) {
7967                 ret = host_to_target_rusage(arg2, &rusage);
7968             }
7969         }
7970         break;
7971     case TARGET_NR_gettimeofday:
7972         {
7973             struct timeval tv;
7974             ret = get_errno(gettimeofday(&tv, NULL));
7975             if (!is_error(ret)) {
7976                 if (copy_to_user_timeval(arg1, &tv))
7977                     goto efault;
7978             }
7979         }
7980         break;
7981     case TARGET_NR_settimeofday:
7982         {
7983             struct timeval tv, *ptv = NULL;
7984             struct timezone tz, *ptz = NULL;
7985 
7986             if (arg1) {
7987                 if (copy_from_user_timeval(&tv, arg1)) {
7988                     goto efault;
7989                 }
7990                 ptv = &tv;
7991             }
7992 
7993             if (arg2) {
7994                 if (copy_from_user_timezone(&tz, arg2)) {
7995                     goto efault;
7996                 }
7997                 ptz = &tz;
7998             }
7999 
8000             ret = get_errno(settimeofday(ptv, ptz));
8001         }
8002         break;
8003 #if defined(TARGET_NR_select)
8004     case TARGET_NR_select:
8005 #if defined(TARGET_S390X) || defined(TARGET_ALPHA)
8006         ret = do_select(arg1, arg2, arg3, arg4, arg5);
8007 #else
8008         {
8009             struct target_sel_arg_struct *sel;
8010             abi_ulong inp, outp, exp, tvp;
8011             long nsel;
8012 
8013             if (!lock_user_struct(VERIFY_READ, sel, arg1, 1))
8014                 goto efault;
8015             nsel = tswapal(sel->n);
8016             inp = tswapal(sel->inp);
8017             outp = tswapal(sel->outp);
8018             exp = tswapal(sel->exp);
8019             tvp = tswapal(sel->tvp);
8020             unlock_user_struct(sel, arg1, 0);
8021             ret = do_select(nsel, inp, outp, exp, tvp);
8022         }
8023 #endif
8024         break;
8025 #endif
8026 #ifdef TARGET_NR_pselect6
8027     case TARGET_NR_pselect6:
8028         {
8029             abi_long rfd_addr, wfd_addr, efd_addr, n, ts_addr;
8030             fd_set rfds, wfds, efds;
8031             fd_set *rfds_ptr, *wfds_ptr, *efds_ptr;
8032             struct timespec ts, *ts_ptr;
8033 
8034             /*
8035              * The 6th arg is actually two args smashed together,
8036              * so we cannot use the C library.
8037              */
8038             sigset_t set;
8039             struct {
8040                 sigset_t *set;
8041                 size_t size;
8042             } sig, *sig_ptr;
8043 
8044             abi_ulong arg_sigset, arg_sigsize, *arg7;
8045             target_sigset_t *target_sigset;
8046 
8047             n = arg1;
8048             rfd_addr = arg2;
8049             wfd_addr = arg3;
8050             efd_addr = arg4;
8051             ts_addr = arg5;
8052 
8053             ret = copy_from_user_fdset_ptr(&rfds, &rfds_ptr, rfd_addr, n);
8054             if (ret) {
8055                 goto fail;
8056             }
8057             ret = copy_from_user_fdset_ptr(&wfds, &wfds_ptr, wfd_addr, n);
8058             if (ret) {
8059                 goto fail;
8060             }
8061             ret = copy_from_user_fdset_ptr(&efds, &efds_ptr, efd_addr, n);
8062             if (ret) {
8063                 goto fail;
8064             }
8065 
8066             /*
8067              * This takes a timespec, and not a timeval, so we cannot
8068              * use the do_select() helper ...
8069              */
8070             if (ts_addr) {
8071                 if (target_to_host_timespec(&ts, ts_addr)) {
8072                     goto efault;
8073                 }
8074                 ts_ptr = &ts;
8075             } else {
8076                 ts_ptr = NULL;
8077             }
8078 
8079             /* Extract the two packed args for the sigset */
8080             if (arg6) {
8081                 sig_ptr = &sig;
8082                 sig.size = SIGSET_T_SIZE;
8083 
8084                 arg7 = lock_user(VERIFY_READ, arg6, sizeof(*arg7) * 2, 1);
8085                 if (!arg7) {
8086                     goto efault;
8087                 }
8088                 arg_sigset = tswapal(arg7[0]);
8089                 arg_sigsize = tswapal(arg7[1]);
8090                 unlock_user(arg7, arg6, 0);
8091 
8092                 if (arg_sigset) {
8093                     sig.set = &set;
8094                     if (arg_sigsize != sizeof(*target_sigset)) {
8095                         /* Like the kernel, we enforce correct size sigsets */
8096                         ret = -TARGET_EINVAL;
8097                         goto fail;
8098                     }
8099                     target_sigset = lock_user(VERIFY_READ, arg_sigset,
8100                                               sizeof(*target_sigset), 1);
8101                     if (!target_sigset) {
8102                         goto efault;
8103                     }
8104                     target_to_host_sigset(&set, target_sigset);
8105                     unlock_user(target_sigset, arg_sigset, 0);
8106                 } else {
8107                     sig.set = NULL;
8108                 }
8109             } else {
8110                 sig_ptr = NULL;
8111             }
8112 
8113             ret = get_errno(safe_pselect6(n, rfds_ptr, wfds_ptr, efds_ptr,
8114                                           ts_ptr, sig_ptr));
8115 
8116             if (!is_error(ret)) {
8117                 if (rfd_addr && copy_to_user_fdset(rfd_addr, &rfds, n))
8118                     goto efault;
8119                 if (wfd_addr && copy_to_user_fdset(wfd_addr, &wfds, n))
8120                     goto efault;
8121                 if (efd_addr && copy_to_user_fdset(efd_addr, &efds, n))
8122                     goto efault;
8123 
8124                 if (ts_addr && host_to_target_timespec(ts_addr, &ts))
8125                     goto efault;
8126             }
8127         }
8128         break;
8129 #endif
8130 #ifdef TARGET_NR_symlink
8131     case TARGET_NR_symlink:
8132         {
8133             void *p2;
8134             p = lock_user_string(arg1);
8135             p2 = lock_user_string(arg2);
8136             if (!p || !p2)
8137                 ret = -TARGET_EFAULT;
8138             else
8139                 ret = get_errno(symlink(p, p2));
8140             unlock_user(p2, arg2, 0);
8141             unlock_user(p, arg1, 0);
8142         }
8143         break;
8144 #endif
8145 #if defined(TARGET_NR_symlinkat)
8146     case TARGET_NR_symlinkat:
8147         {
8148             void *p2;
8149             p  = lock_user_string(arg1);
8150             p2 = lock_user_string(arg3);
8151             if (!p || !p2)
8152                 ret = -TARGET_EFAULT;
8153             else
8154                 ret = get_errno(symlinkat(p, arg2, p2));
8155             unlock_user(p2, arg3, 0);
8156             unlock_user(p, arg1, 0);
8157         }
8158         break;
8159 #endif
8160 #ifdef TARGET_NR_oldlstat
8161     case TARGET_NR_oldlstat:
8162         goto unimplemented;
8163 #endif
8164 #ifdef TARGET_NR_readlink
8165     case TARGET_NR_readlink:
8166         {
8167             void *p2;
8168             p = lock_user_string(arg1);
8169             p2 = lock_user(VERIFY_WRITE, arg2, arg3, 0);
8170             if (!p || !p2) {
8171                 ret = -TARGET_EFAULT;
8172             } else if (!arg3) {
8173                 /* Short circuit this for the magic exe check. */
8174                 ret = -TARGET_EINVAL;
8175             } else if (is_proc_myself((const char *)p, "exe")) {
8176                 char real[PATH_MAX], *temp;
8177                 temp = realpath(exec_path, real);
8178                 /* Return value is # of bytes that we wrote to the buffer. */
8179                 if (temp == NULL) {
8180                     ret = get_errno(-1);
8181                 } else {
8182                     /* Don't worry about sign mismatch as earlier mapping
8183                      * logic would have thrown a bad address error. */
8184                     ret = MIN(strlen(real), arg3);
8185                     /* We cannot NUL terminate the string. */
8186                     memcpy(p2, real, ret);
8187                 }
8188             } else {
8189                 ret = get_errno(readlink(path(p), p2, arg3));
8190             }
8191             unlock_user(p2, arg2, ret);
8192             unlock_user(p, arg1, 0);
8193         }
8194         break;
8195 #endif
8196 #if defined(TARGET_NR_readlinkat)
8197     case TARGET_NR_readlinkat:
8198         {
8199             void *p2;
8200             p  = lock_user_string(arg2);
8201             p2 = lock_user(VERIFY_WRITE, arg3, arg4, 0);
8202             if (!p || !p2) {
8203                 ret = -TARGET_EFAULT;
8204             } else if (is_proc_myself((const char *)p, "exe")) {
8205                 char real[PATH_MAX], *temp;
8206                 temp = realpath(exec_path, real);
8207                 ret = temp == NULL ? get_errno(-1) : strlen(real) ;
8208                 snprintf((char *)p2, arg4, "%s", real);
8209             } else {
8210                 ret = get_errno(readlinkat(arg1, path(p), p2, arg4));
8211             }
8212             unlock_user(p2, arg3, ret);
8213             unlock_user(p, arg2, 0);
8214         }
8215         break;
8216 #endif
8217 #ifdef TARGET_NR_uselib
8218     case TARGET_NR_uselib:
8219         goto unimplemented;
8220 #endif
8221 #ifdef TARGET_NR_swapon
8222     case TARGET_NR_swapon:
8223         if (!(p = lock_user_string(arg1)))
8224             goto efault;
8225         ret = get_errno(swapon(p, arg2));
8226         unlock_user(p, arg1, 0);
8227         break;
8228 #endif
8229     case TARGET_NR_reboot:
8230         if (arg3 == LINUX_REBOOT_CMD_RESTART2) {
8231            /* arg4 must be ignored in all other cases */
8232            p = lock_user_string(arg4);
8233            if (!p) {
8234               goto efault;
8235            }
8236            ret = get_errno(reboot(arg1, arg2, arg3, p));
8237            unlock_user(p, arg4, 0);
8238         } else {
8239            ret = get_errno(reboot(arg1, arg2, arg3, NULL));
8240         }
8241         break;
8242 #ifdef TARGET_NR_readdir
8243     case TARGET_NR_readdir:
8244         goto unimplemented;
8245 #endif
8246 #ifdef TARGET_NR_mmap
8247     case TARGET_NR_mmap:
8248 #if (defined(TARGET_I386) && defined(TARGET_ABI32)) || \
8249     (defined(TARGET_ARM) && defined(TARGET_ABI32)) || \
8250     defined(TARGET_M68K) || defined(TARGET_CRIS) || defined(TARGET_MICROBLAZE) \
8251     || defined(TARGET_S390X)
8252         {
8253             abi_ulong *v;
8254             abi_ulong v1, v2, v3, v4, v5, v6;
8255             if (!(v = lock_user(VERIFY_READ, arg1, 6 * sizeof(abi_ulong), 1)))
8256                 goto efault;
8257             v1 = tswapal(v[0]);
8258             v2 = tswapal(v[1]);
8259             v3 = tswapal(v[2]);
8260             v4 = tswapal(v[3]);
8261             v5 = tswapal(v[4]);
8262             v6 = tswapal(v[5]);
8263             unlock_user(v, arg1, 0);
8264             ret = get_errno(target_mmap(v1, v2, v3,
8265                                         target_to_host_bitmask(v4, mmap_flags_tbl),
8266                                         v5, v6));
8267         }
8268 #else
8269         ret = get_errno(target_mmap(arg1, arg2, arg3,
8270                                     target_to_host_bitmask(arg4, mmap_flags_tbl),
8271                                     arg5,
8272                                     arg6));
8273 #endif
8274         break;
8275 #endif
8276 #ifdef TARGET_NR_mmap2
8277     case TARGET_NR_mmap2:
8278 #ifndef MMAP_SHIFT
8279 #define MMAP_SHIFT 12
8280 #endif
8281         ret = get_errno(target_mmap(arg1, arg2, arg3,
8282                                     target_to_host_bitmask(arg4, mmap_flags_tbl),
8283                                     arg5,
8284                                     arg6 << MMAP_SHIFT));
8285         break;
8286 #endif
8287     case TARGET_NR_munmap:
8288         ret = get_errno(target_munmap(arg1, arg2));
8289         break;
8290     case TARGET_NR_mprotect:
8291         {
8292             TaskState *ts = cpu->opaque;
8293             /* Special hack to detect libc making the stack executable.  */
8294             if ((arg3 & PROT_GROWSDOWN)
8295                 && arg1 >= ts->info->stack_limit
8296                 && arg1 <= ts->info->start_stack) {
8297                 arg3 &= ~PROT_GROWSDOWN;
8298                 arg2 = arg2 + arg1 - ts->info->stack_limit;
8299                 arg1 = ts->info->stack_limit;
8300             }
8301         }
8302         ret = get_errno(target_mprotect(arg1, arg2, arg3));
8303         break;
8304 #ifdef TARGET_NR_mremap
8305     case TARGET_NR_mremap:
8306         ret = get_errno(target_mremap(arg1, arg2, arg3, arg4, arg5));
8307         break;
8308 #endif
8309         /* ??? msync/mlock/munlock are broken for softmmu.  */
8310 #ifdef TARGET_NR_msync
8311     case TARGET_NR_msync:
8312         ret = get_errno(msync(g2h(arg1), arg2, arg3));
8313         break;
8314 #endif
8315 #ifdef TARGET_NR_mlock
8316     case TARGET_NR_mlock:
8317         ret = get_errno(mlock(g2h(arg1), arg2));
8318         break;
8319 #endif
8320 #ifdef TARGET_NR_munlock
8321     case TARGET_NR_munlock:
8322         ret = get_errno(munlock(g2h(arg1), arg2));
8323         break;
8324 #endif
8325 #ifdef TARGET_NR_mlockall
8326     case TARGET_NR_mlockall:
8327         ret = get_errno(mlockall(target_to_host_mlockall_arg(arg1)));
8328         break;
8329 #endif
8330 #ifdef TARGET_NR_munlockall
8331     case TARGET_NR_munlockall:
8332         ret = get_errno(munlockall());
8333         break;
8334 #endif
8335     case TARGET_NR_truncate:
8336         if (!(p = lock_user_string(arg1)))
8337             goto efault;
8338         ret = get_errno(truncate(p, arg2));
8339         unlock_user(p, arg1, 0);
8340         break;
8341     case TARGET_NR_ftruncate:
8342         ret = get_errno(ftruncate(arg1, arg2));
8343         break;
8344     case TARGET_NR_fchmod:
8345         ret = get_errno(fchmod(arg1, arg2));
8346         break;
8347 #if defined(TARGET_NR_fchmodat)
8348     case TARGET_NR_fchmodat:
8349         if (!(p = lock_user_string(arg2)))
8350             goto efault;
8351         ret = get_errno(fchmodat(arg1, p, arg3, 0));
8352         unlock_user(p, arg2, 0);
8353         break;
8354 #endif
8355     case TARGET_NR_getpriority:
8356         /* Note that negative values are valid for getpriority, so we must
8357            differentiate based on errno settings.  */
8358         errno = 0;
8359         ret = getpriority(arg1, arg2);
8360         if (ret == -1 && errno != 0) {
8361             ret = -host_to_target_errno(errno);
8362             break;
8363         }
8364 #ifdef TARGET_ALPHA
8365         /* Return value is the unbiased priority.  Signal no error.  */
8366         ((CPUAlphaState *)cpu_env)->ir[IR_V0] = 0;
8367 #else
8368         /* Return value is a biased priority to avoid negative numbers.  */
8369         ret = 20 - ret;
8370 #endif
8371         break;
8372     case TARGET_NR_setpriority:
8373         ret = get_errno(setpriority(arg1, arg2, arg3));
8374         break;
8375 #ifdef TARGET_NR_profil
8376     case TARGET_NR_profil:
8377         goto unimplemented;
8378 #endif
8379     case TARGET_NR_statfs:
8380         if (!(p = lock_user_string(arg1)))
8381             goto efault;
8382         ret = get_errno(statfs(path(p), &stfs));
8383         unlock_user(p, arg1, 0);
8384     convert_statfs:
8385         if (!is_error(ret)) {
8386             struct target_statfs *target_stfs;
8387 
8388             if (!lock_user_struct(VERIFY_WRITE, target_stfs, arg2, 0))
8389                 goto efault;
8390             __put_user(stfs.f_type, &target_stfs->f_type);
8391             __put_user(stfs.f_bsize, &target_stfs->f_bsize);
8392             __put_user(stfs.f_blocks, &target_stfs->f_blocks);
8393             __put_user(stfs.f_bfree, &target_stfs->f_bfree);
8394             __put_user(stfs.f_bavail, &target_stfs->f_bavail);
8395             __put_user(stfs.f_files, &target_stfs->f_files);
8396             __put_user(stfs.f_ffree, &target_stfs->f_ffree);
8397             __put_user(stfs.f_fsid.__val[0], &target_stfs->f_fsid.val[0]);
8398             __put_user(stfs.f_fsid.__val[1], &target_stfs->f_fsid.val[1]);
8399             __put_user(stfs.f_namelen, &target_stfs->f_namelen);
8400             __put_user(stfs.f_frsize, &target_stfs->f_frsize);
8401             memset(target_stfs->f_spare, 0, sizeof(target_stfs->f_spare));
8402             unlock_user_struct(target_stfs, arg2, 1);
8403         }
8404         break;
8405     case TARGET_NR_fstatfs:
8406         ret = get_errno(fstatfs(arg1, &stfs));
8407         goto convert_statfs;
8408 #ifdef TARGET_NR_statfs64
8409     case TARGET_NR_statfs64:
8410         if (!(p = lock_user_string(arg1)))
8411             goto efault;
8412         ret = get_errno(statfs(path(p), &stfs));
8413         unlock_user(p, arg1, 0);
8414     convert_statfs64:
8415         if (!is_error(ret)) {
8416             struct target_statfs64 *target_stfs;
8417 
8418             if (!lock_user_struct(VERIFY_WRITE, target_stfs, arg3, 0))
8419                 goto efault;
8420             __put_user(stfs.f_type, &target_stfs->f_type);
8421             __put_user(stfs.f_bsize, &target_stfs->f_bsize);
8422             __put_user(stfs.f_blocks, &target_stfs->f_blocks);
8423             __put_user(stfs.f_bfree, &target_stfs->f_bfree);
8424             __put_user(stfs.f_bavail, &target_stfs->f_bavail);
8425             __put_user(stfs.f_files, &target_stfs->f_files);
8426             __put_user(stfs.f_ffree, &target_stfs->f_ffree);
8427             __put_user(stfs.f_fsid.__val[0], &target_stfs->f_fsid.val[0]);
8428             __put_user(stfs.f_fsid.__val[1], &target_stfs->f_fsid.val[1]);
8429             __put_user(stfs.f_namelen, &target_stfs->f_namelen);
8430             __put_user(stfs.f_frsize, &target_stfs->f_frsize);
8431             memset(target_stfs->f_spare, 0, sizeof(target_stfs->f_spare));
8432             unlock_user_struct(target_stfs, arg3, 1);
8433         }
8434         break;
8435     case TARGET_NR_fstatfs64:
8436         ret = get_errno(fstatfs(arg1, &stfs));
8437         goto convert_statfs64;
8438 #endif
8439 #ifdef TARGET_NR_ioperm
8440     case TARGET_NR_ioperm:
8441         goto unimplemented;
8442 #endif
8443 #ifdef TARGET_NR_socketcall
8444     case TARGET_NR_socketcall:
8445         ret = do_socketcall(arg1, arg2);
8446         break;
8447 #endif
8448 #ifdef TARGET_NR_accept
8449     case TARGET_NR_accept:
8450         ret = do_accept4(arg1, arg2, arg3, 0);
8451         break;
8452 #endif
8453 #ifdef TARGET_NR_accept4
8454     case TARGET_NR_accept4:
8455         ret = do_accept4(arg1, arg2, arg3, arg4);
8456         break;
8457 #endif
8458 #ifdef TARGET_NR_bind
8459     case TARGET_NR_bind:
8460         ret = do_bind(arg1, arg2, arg3);
8461         break;
8462 #endif
8463 #ifdef TARGET_NR_connect
8464     case TARGET_NR_connect:
8465         ret = do_connect(arg1, arg2, arg3);
8466         break;
8467 #endif
8468 #ifdef TARGET_NR_getpeername
8469     case TARGET_NR_getpeername:
8470         ret = do_getpeername(arg1, arg2, arg3);
8471         break;
8472 #endif
8473 #ifdef TARGET_NR_getsockname
8474     case TARGET_NR_getsockname:
8475         ret = do_getsockname(arg1, arg2, arg3);
8476         break;
8477 #endif
8478 #ifdef TARGET_NR_getsockopt
8479     case TARGET_NR_getsockopt:
8480         ret = do_getsockopt(arg1, arg2, arg3, arg4, arg5);
8481         break;
8482 #endif
8483 #ifdef TARGET_NR_listen
8484     case TARGET_NR_listen:
8485         ret = get_errno(listen(arg1, arg2));
8486         break;
8487 #endif
8488 #ifdef TARGET_NR_recv
8489     case TARGET_NR_recv:
8490         ret = do_recvfrom(arg1, arg2, arg3, arg4, 0, 0);
8491         break;
8492 #endif
8493 #ifdef TARGET_NR_recvfrom
8494     case TARGET_NR_recvfrom:
8495         ret = do_recvfrom(arg1, arg2, arg3, arg4, arg5, arg6);
8496         break;
8497 #endif
8498 #ifdef TARGET_NR_recvmsg
8499     case TARGET_NR_recvmsg:
8500         ret = do_sendrecvmsg(arg1, arg2, arg3, 0);
8501         break;
8502 #endif
8503 #ifdef TARGET_NR_send
8504     case TARGET_NR_send:
8505         ret = do_sendto(arg1, arg2, arg3, arg4, 0, 0);
8506         break;
8507 #endif
8508 #ifdef TARGET_NR_sendmsg
8509     case TARGET_NR_sendmsg:
8510         ret = do_sendrecvmsg(arg1, arg2, arg3, 1);
8511         break;
8512 #endif
8513 #ifdef TARGET_NR_sendmmsg
8514     case TARGET_NR_sendmmsg:
8515         ret = do_sendrecvmmsg(arg1, arg2, arg3, arg4, 1);
8516         break;
8517     case TARGET_NR_recvmmsg:
8518         ret = do_sendrecvmmsg(arg1, arg2, arg3, arg4, 0);
8519         break;
8520 #endif
8521 #ifdef TARGET_NR_sendto
8522     case TARGET_NR_sendto:
8523         ret = do_sendto(arg1, arg2, arg3, arg4, arg5, arg6);
8524         break;
8525 #endif
8526 #ifdef TARGET_NR_shutdown
8527     case TARGET_NR_shutdown:
8528         ret = get_errno(shutdown(arg1, arg2));
8529         break;
8530 #endif
8531 #if defined(TARGET_NR_getrandom) && defined(__NR_getrandom)
8532     case TARGET_NR_getrandom:
8533         p = lock_user(VERIFY_WRITE, arg1, arg2, 0);
8534         if (!p) {
8535             goto efault;
8536         }
8537         ret = get_errno(getrandom(p, arg2, arg3));
8538         unlock_user(p, arg1, ret);
8539         break;
8540 #endif
8541 #ifdef TARGET_NR_socket
8542     case TARGET_NR_socket:
8543         ret = do_socket(arg1, arg2, arg3);
8544         fd_trans_unregister(ret);
8545         break;
8546 #endif
8547 #ifdef TARGET_NR_socketpair
8548     case TARGET_NR_socketpair:
8549         ret = do_socketpair(arg1, arg2, arg3, arg4);
8550         break;
8551 #endif
8552 #ifdef TARGET_NR_setsockopt
8553     case TARGET_NR_setsockopt:
8554         ret = do_setsockopt(arg1, arg2, arg3, arg4, (socklen_t) arg5);
8555         break;
8556 #endif
8557 
8558     case TARGET_NR_syslog:
8559         if (!(p = lock_user_string(arg2)))
8560             goto efault;
8561         ret = get_errno(sys_syslog((int)arg1, p, (int)arg3));
8562         unlock_user(p, arg2, 0);
8563         break;
8564 
8565     case TARGET_NR_setitimer:
8566         {
8567             struct itimerval value, ovalue, *pvalue;
8568 
8569             if (arg2) {
8570                 pvalue = &value;
8571                 if (copy_from_user_timeval(&pvalue->it_interval, arg2)
8572                     || copy_from_user_timeval(&pvalue->it_value,
8573                                               arg2 + sizeof(struct target_timeval)))
8574                     goto efault;
8575             } else {
8576                 pvalue = NULL;
8577             }
8578             ret = get_errno(setitimer(arg1, pvalue, &ovalue));
8579             if (!is_error(ret) && arg3) {
8580                 if (copy_to_user_timeval(arg3,
8581                                          &ovalue.it_interval)
8582                     || copy_to_user_timeval(arg3 + sizeof(struct target_timeval),
8583                                             &ovalue.it_value))
8584                     goto efault;
8585             }
8586         }
8587         break;
8588     case TARGET_NR_getitimer:
8589         {
8590             struct itimerval value;
8591 
8592             ret = get_errno(getitimer(arg1, &value));
8593             if (!is_error(ret) && arg2) {
8594                 if (copy_to_user_timeval(arg2,
8595                                          &value.it_interval)
8596                     || copy_to_user_timeval(arg2 + sizeof(struct target_timeval),
8597                                             &value.it_value))
8598                     goto efault;
8599             }
8600         }
8601         break;
8602 #ifdef TARGET_NR_stat
8603     case TARGET_NR_stat:
8604         if (!(p = lock_user_string(arg1)))
8605             goto efault;
8606         ret = get_errno(stat(path(p), &st));
8607         unlock_user(p, arg1, 0);
8608         goto do_stat;
8609 #endif
8610 #ifdef TARGET_NR_lstat
8611     case TARGET_NR_lstat:
8612         if (!(p = lock_user_string(arg1)))
8613             goto efault;
8614         ret = get_errno(lstat(path(p), &st));
8615         unlock_user(p, arg1, 0);
8616         goto do_stat;
8617 #endif
8618     case TARGET_NR_fstat:
8619         {
8620             ret = get_errno(fstat(arg1, &st));
8621 #if defined(TARGET_NR_stat) || defined(TARGET_NR_lstat)
8622         do_stat:
8623 #endif
8624             if (!is_error(ret)) {
8625                 struct target_stat *target_st;
8626 
8627                 if (!lock_user_struct(VERIFY_WRITE, target_st, arg2, 0))
8628                     goto efault;
8629                 memset(target_st, 0, sizeof(*target_st));
8630                 __put_user(st.st_dev, &target_st->st_dev);
8631                 __put_user(st.st_ino, &target_st->st_ino);
8632                 __put_user(st.st_mode, &target_st->st_mode);
8633                 __put_user(st.st_uid, &target_st->st_uid);
8634                 __put_user(st.st_gid, &target_st->st_gid);
8635                 __put_user(st.st_nlink, &target_st->st_nlink);
8636                 __put_user(st.st_rdev, &target_st->st_rdev);
8637                 __put_user(st.st_size, &target_st->st_size);
8638                 __put_user(st.st_blksize, &target_st->st_blksize);
8639                 __put_user(st.st_blocks, &target_st->st_blocks);
8640                 __put_user(st.st_atime, &target_st->target_st_atime);
8641                 __put_user(st.st_mtime, &target_st->target_st_mtime);
8642                 __put_user(st.st_ctime, &target_st->target_st_ctime);
8643                 unlock_user_struct(target_st, arg2, 1);
8644             }
8645         }
8646         break;
8647 #ifdef TARGET_NR_olduname
8648     case TARGET_NR_olduname:
8649         goto unimplemented;
8650 #endif
8651 #ifdef TARGET_NR_iopl
8652     case TARGET_NR_iopl:
8653         goto unimplemented;
8654 #endif
8655     case TARGET_NR_vhangup:
8656         ret = get_errno(vhangup());
8657         break;
8658 #ifdef TARGET_NR_idle
8659     case TARGET_NR_idle:
8660         goto unimplemented;
8661 #endif
8662 #ifdef TARGET_NR_syscall
8663     case TARGET_NR_syscall:
8664         ret = do_syscall(cpu_env, arg1 & 0xffff, arg2, arg3, arg4, arg5,
8665                          arg6, arg7, arg8, 0);
8666         break;
8667 #endif
8668     case TARGET_NR_wait4:
8669         {
8670             int status;
8671             abi_long status_ptr = arg2;
8672             struct rusage rusage, *rusage_ptr;
8673             abi_ulong target_rusage = arg4;
8674             abi_long rusage_err;
8675             if (target_rusage)
8676                 rusage_ptr = &rusage;
8677             else
8678                 rusage_ptr = NULL;
8679             ret = get_errno(safe_wait4(arg1, &status, arg3, rusage_ptr));
8680             if (!is_error(ret)) {
8681                 if (status_ptr && ret) {
8682                     status = host_to_target_waitstatus(status);
8683                     if (put_user_s32(status, status_ptr))
8684                         goto efault;
8685                 }
8686                 if (target_rusage) {
8687                     rusage_err = host_to_target_rusage(target_rusage, &rusage);
8688                     if (rusage_err) {
8689                         ret = rusage_err;
8690                     }
8691                 }
8692             }
8693         }
8694         break;
8695 #ifdef TARGET_NR_swapoff
8696     case TARGET_NR_swapoff:
8697         if (!(p = lock_user_string(arg1)))
8698             goto efault;
8699         ret = get_errno(swapoff(p));
8700         unlock_user(p, arg1, 0);
8701         break;
8702 #endif
8703     case TARGET_NR_sysinfo:
8704         {
8705             struct target_sysinfo *target_value;
8706             struct sysinfo value;
8707             ret = get_errno(sysinfo(&value));
8708             if (!is_error(ret) && arg1)
8709             {
8710                 if (!lock_user_struct(VERIFY_WRITE, target_value, arg1, 0))
8711                     goto efault;
8712                 __put_user(value.uptime, &target_value->uptime);
8713                 __put_user(value.loads[0], &target_value->loads[0]);
8714                 __put_user(value.loads[1], &target_value->loads[1]);
8715                 __put_user(value.loads[2], &target_value->loads[2]);
8716                 __put_user(value.totalram, &target_value->totalram);
8717                 __put_user(value.freeram, &target_value->freeram);
8718                 __put_user(value.sharedram, &target_value->sharedram);
8719                 __put_user(value.bufferram, &target_value->bufferram);
8720                 __put_user(value.totalswap, &target_value->totalswap);
8721                 __put_user(value.freeswap, &target_value->freeswap);
8722                 __put_user(value.procs, &target_value->procs);
8723                 __put_user(value.totalhigh, &target_value->totalhigh);
8724                 __put_user(value.freehigh, &target_value->freehigh);
8725                 __put_user(value.mem_unit, &target_value->mem_unit);
8726                 unlock_user_struct(target_value, arg1, 1);
8727             }
8728         }
8729         break;
8730 #ifdef TARGET_NR_ipc
8731     case TARGET_NR_ipc:
8732 	ret = do_ipc(arg1, arg2, arg3, arg4, arg5, arg6);
8733 	break;
8734 #endif
8735 #ifdef TARGET_NR_semget
8736     case TARGET_NR_semget:
8737         ret = get_errno(semget(arg1, arg2, arg3));
8738         break;
8739 #endif
8740 #ifdef TARGET_NR_semop
8741     case TARGET_NR_semop:
8742         ret = do_semop(arg1, arg2, arg3);
8743         break;
8744 #endif
8745 #ifdef TARGET_NR_semctl
8746     case TARGET_NR_semctl:
8747         ret = do_semctl(arg1, arg2, arg3, arg4);
8748         break;
8749 #endif
8750 #ifdef TARGET_NR_msgctl
8751     case TARGET_NR_msgctl:
8752         ret = do_msgctl(arg1, arg2, arg3);
8753         break;
8754 #endif
8755 #ifdef TARGET_NR_msgget
8756     case TARGET_NR_msgget:
8757         ret = get_errno(msgget(arg1, arg2));
8758         break;
8759 #endif
8760 #ifdef TARGET_NR_msgrcv
8761     case TARGET_NR_msgrcv:
8762         ret = do_msgrcv(arg1, arg2, arg3, arg4, arg5);
8763         break;
8764 #endif
8765 #ifdef TARGET_NR_msgsnd
8766     case TARGET_NR_msgsnd:
8767         ret = do_msgsnd(arg1, arg2, arg3, arg4);
8768         break;
8769 #endif
8770 #ifdef TARGET_NR_shmget
8771     case TARGET_NR_shmget:
8772         ret = get_errno(shmget(arg1, arg2, arg3));
8773         break;
8774 #endif
8775 #ifdef TARGET_NR_shmctl
8776     case TARGET_NR_shmctl:
8777         ret = do_shmctl(arg1, arg2, arg3);
8778         break;
8779 #endif
8780 #ifdef TARGET_NR_shmat
8781     case TARGET_NR_shmat:
8782         ret = do_shmat(arg1, arg2, arg3);
8783         break;
8784 #endif
8785 #ifdef TARGET_NR_shmdt
8786     case TARGET_NR_shmdt:
8787         ret = do_shmdt(arg1);
8788         break;
8789 #endif
8790     case TARGET_NR_fsync:
8791         ret = get_errno(fsync(arg1));
8792         break;
8793     case TARGET_NR_clone:
8794         /* Linux manages to have three different orderings for its
8795          * arguments to clone(); the BACKWARDS and BACKWARDS2 defines
8796          * match the kernel's CONFIG_CLONE_* settings.
8797          * Microblaze is further special in that it uses a sixth
8798          * implicit argument to clone for the TLS pointer.
8799          */
8800 #if defined(TARGET_MICROBLAZE)
8801         ret = get_errno(do_fork(cpu_env, arg1, arg2, arg4, arg6, arg5));
8802 #elif defined(TARGET_CLONE_BACKWARDS)
8803         ret = get_errno(do_fork(cpu_env, arg1, arg2, arg3, arg4, arg5));
8804 #elif defined(TARGET_CLONE_BACKWARDS2)
8805         ret = get_errno(do_fork(cpu_env, arg2, arg1, arg3, arg5, arg4));
8806 #else
8807         ret = get_errno(do_fork(cpu_env, arg1, arg2, arg3, arg5, arg4));
8808 #endif
8809         break;
8810 #ifdef __NR_exit_group
8811         /* new thread calls */
8812     case TARGET_NR_exit_group:
8813 #ifdef TARGET_GPROF
8814         _mcleanup();
8815 #endif
8816         gdb_exit(cpu_env, arg1);
8817         ret = get_errno(exit_group(arg1));
8818         break;
8819 #endif
8820     case TARGET_NR_setdomainname:
8821         if (!(p = lock_user_string(arg1)))
8822             goto efault;
8823         ret = get_errno(setdomainname(p, arg2));
8824         unlock_user(p, arg1, 0);
8825         break;
8826     case TARGET_NR_uname:
8827         /* no need to transcode because we use the linux syscall */
8828         {
8829             struct new_utsname * buf;
8830 
8831             if (!lock_user_struct(VERIFY_WRITE, buf, arg1, 0))
8832                 goto efault;
8833             ret = get_errno(sys_uname(buf));
8834             if (!is_error(ret)) {
8835                 /* Overrite the native machine name with whatever is being
8836                    emulated. */
8837                 strcpy (buf->machine, cpu_to_uname_machine(cpu_env));
8838                 /* Allow the user to override the reported release.  */
8839                 if (qemu_uname_release && *qemu_uname_release)
8840                   strcpy (buf->release, qemu_uname_release);
8841             }
8842             unlock_user_struct(buf, arg1, 1);
8843         }
8844         break;
8845 #ifdef TARGET_I386
8846     case TARGET_NR_modify_ldt:
8847         ret = do_modify_ldt(cpu_env, arg1, arg2, arg3);
8848         break;
8849 #if !defined(TARGET_X86_64)
8850     case TARGET_NR_vm86old:
8851         goto unimplemented;
8852     case TARGET_NR_vm86:
8853         ret = do_vm86(cpu_env, arg1, arg2);
8854         break;
8855 #endif
8856 #endif
8857     case TARGET_NR_adjtimex:
8858         goto unimplemented;
8859 #ifdef TARGET_NR_create_module
8860     case TARGET_NR_create_module:
8861 #endif
8862     case TARGET_NR_init_module:
8863     case TARGET_NR_delete_module:
8864 #ifdef TARGET_NR_get_kernel_syms
8865     case TARGET_NR_get_kernel_syms:
8866 #endif
8867         goto unimplemented;
8868     case TARGET_NR_quotactl:
8869         goto unimplemented;
8870     case TARGET_NR_getpgid:
8871         ret = get_errno(getpgid(arg1));
8872         break;
8873     case TARGET_NR_fchdir:
8874         ret = get_errno(fchdir(arg1));
8875         break;
8876 #ifdef TARGET_NR_bdflush /* not on x86_64 */
8877     case TARGET_NR_bdflush:
8878         goto unimplemented;
8879 #endif
8880 #ifdef TARGET_NR_sysfs
8881     case TARGET_NR_sysfs:
8882         goto unimplemented;
8883 #endif
8884     case TARGET_NR_personality:
8885         ret = get_errno(personality(arg1));
8886         break;
8887 #ifdef TARGET_NR_afs_syscall
8888     case TARGET_NR_afs_syscall:
8889         goto unimplemented;
8890 #endif
8891 #ifdef TARGET_NR__llseek /* Not on alpha */
8892     case TARGET_NR__llseek:
8893         {
8894             int64_t res;
8895 #if !defined(__NR_llseek)
8896             res = lseek(arg1, ((uint64_t)arg2 << 32) | arg3, arg5);
8897             if (res == -1) {
8898                 ret = get_errno(res);
8899             } else {
8900                 ret = 0;
8901             }
8902 #else
8903             ret = get_errno(_llseek(arg1, arg2, arg3, &res, arg5));
8904 #endif
8905             if ((ret == 0) && put_user_s64(res, arg4)) {
8906                 goto efault;
8907             }
8908         }
8909         break;
8910 #endif
8911 #ifdef TARGET_NR_getdents
8912     case TARGET_NR_getdents:
8913 #ifdef __NR_getdents
8914 #if TARGET_ABI_BITS == 32 && HOST_LONG_BITS == 64
8915         {
8916             struct target_dirent *target_dirp;
8917             struct linux_dirent *dirp;
8918             abi_long count = arg3;
8919 
8920             dirp = g_try_malloc(count);
8921             if (!dirp) {
8922                 ret = -TARGET_ENOMEM;
8923                 goto fail;
8924             }
8925 
8926             ret = get_errno(sys_getdents(arg1, dirp, count));
8927             if (!is_error(ret)) {
8928                 struct linux_dirent *de;
8929 		struct target_dirent *tde;
8930                 int len = ret;
8931                 int reclen, treclen;
8932 		int count1, tnamelen;
8933 
8934 		count1 = 0;
8935                 de = dirp;
8936                 if (!(target_dirp = lock_user(VERIFY_WRITE, arg2, count, 0)))
8937                     goto efault;
8938 		tde = target_dirp;
8939                 while (len > 0) {
8940                     reclen = de->d_reclen;
8941                     tnamelen = reclen - offsetof(struct linux_dirent, d_name);
8942                     assert(tnamelen >= 0);
8943                     treclen = tnamelen + offsetof(struct target_dirent, d_name);
8944                     assert(count1 + treclen <= count);
8945                     tde->d_reclen = tswap16(treclen);
8946                     tde->d_ino = tswapal(de->d_ino);
8947                     tde->d_off = tswapal(de->d_off);
8948                     memcpy(tde->d_name, de->d_name, tnamelen);
8949                     de = (struct linux_dirent *)((char *)de + reclen);
8950                     len -= reclen;
8951                     tde = (struct target_dirent *)((char *)tde + treclen);
8952 		    count1 += treclen;
8953                 }
8954 		ret = count1;
8955                 unlock_user(target_dirp, arg2, ret);
8956             }
8957             g_free(dirp);
8958         }
8959 #else
8960         {
8961             struct linux_dirent *dirp;
8962             abi_long count = arg3;
8963 
8964             if (!(dirp = lock_user(VERIFY_WRITE, arg2, count, 0)))
8965                 goto efault;
8966             ret = get_errno(sys_getdents(arg1, dirp, count));
8967             if (!is_error(ret)) {
8968                 struct linux_dirent *de;
8969                 int len = ret;
8970                 int reclen;
8971                 de = dirp;
8972                 while (len > 0) {
8973                     reclen = de->d_reclen;
8974                     if (reclen > len)
8975                         break;
8976                     de->d_reclen = tswap16(reclen);
8977                     tswapls(&de->d_ino);
8978                     tswapls(&de->d_off);
8979                     de = (struct linux_dirent *)((char *)de + reclen);
8980                     len -= reclen;
8981                 }
8982             }
8983             unlock_user(dirp, arg2, ret);
8984         }
8985 #endif
8986 #else
8987         /* Implement getdents in terms of getdents64 */
8988         {
8989             struct linux_dirent64 *dirp;
8990             abi_long count = arg3;
8991 
8992             dirp = lock_user(VERIFY_WRITE, arg2, count, 0);
8993             if (!dirp) {
8994                 goto efault;
8995             }
8996             ret = get_errno(sys_getdents64(arg1, dirp, count));
8997             if (!is_error(ret)) {
8998                 /* Convert the dirent64 structs to target dirent.  We do this
8999                  * in-place, since we can guarantee that a target_dirent is no
9000                  * larger than a dirent64; however this means we have to be
9001                  * careful to read everything before writing in the new format.
9002                  */
9003                 struct linux_dirent64 *de;
9004                 struct target_dirent *tde;
9005                 int len = ret;
9006                 int tlen = 0;
9007 
9008                 de = dirp;
9009                 tde = (struct target_dirent *)dirp;
9010                 while (len > 0) {
9011                     int namelen, treclen;
9012                     int reclen = de->d_reclen;
9013                     uint64_t ino = de->d_ino;
9014                     int64_t off = de->d_off;
9015                     uint8_t type = de->d_type;
9016 
9017                     namelen = strlen(de->d_name);
9018                     treclen = offsetof(struct target_dirent, d_name)
9019                         + namelen + 2;
9020                     treclen = QEMU_ALIGN_UP(treclen, sizeof(abi_long));
9021 
9022                     memmove(tde->d_name, de->d_name, namelen + 1);
9023                     tde->d_ino = tswapal(ino);
9024                     tde->d_off = tswapal(off);
9025                     tde->d_reclen = tswap16(treclen);
9026                     /* The target_dirent type is in what was formerly a padding
9027                      * byte at the end of the structure:
9028                      */
9029                     *(((char *)tde) + treclen - 1) = type;
9030 
9031                     de = (struct linux_dirent64 *)((char *)de + reclen);
9032                     tde = (struct target_dirent *)((char *)tde + treclen);
9033                     len -= reclen;
9034                     tlen += treclen;
9035                 }
9036                 ret = tlen;
9037             }
9038             unlock_user(dirp, arg2, ret);
9039         }
9040 #endif
9041         break;
9042 #endif /* TARGET_NR_getdents */
9043 #if defined(TARGET_NR_getdents64) && defined(__NR_getdents64)
9044     case TARGET_NR_getdents64:
9045         {
9046             struct linux_dirent64 *dirp;
9047             abi_long count = arg3;
9048             if (!(dirp = lock_user(VERIFY_WRITE, arg2, count, 0)))
9049                 goto efault;
9050             ret = get_errno(sys_getdents64(arg1, dirp, count));
9051             if (!is_error(ret)) {
9052                 struct linux_dirent64 *de;
9053                 int len = ret;
9054                 int reclen;
9055                 de = dirp;
9056                 while (len > 0) {
9057                     reclen = de->d_reclen;
9058                     if (reclen > len)
9059                         break;
9060                     de->d_reclen = tswap16(reclen);
9061                     tswap64s((uint64_t *)&de->d_ino);
9062                     tswap64s((uint64_t *)&de->d_off);
9063                     de = (struct linux_dirent64 *)((char *)de + reclen);
9064                     len -= reclen;
9065                 }
9066             }
9067             unlock_user(dirp, arg2, ret);
9068         }
9069         break;
9070 #endif /* TARGET_NR_getdents64 */
9071 #if defined(TARGET_NR__newselect)
9072     case TARGET_NR__newselect:
9073         ret = do_select(arg1, arg2, arg3, arg4, arg5);
9074         break;
9075 #endif
9076 #if defined(TARGET_NR_poll) || defined(TARGET_NR_ppoll)
9077 # ifdef TARGET_NR_poll
9078     case TARGET_NR_poll:
9079 # endif
9080 # ifdef TARGET_NR_ppoll
9081     case TARGET_NR_ppoll:
9082 # endif
9083         {
9084             struct target_pollfd *target_pfd;
9085             unsigned int nfds = arg2;
9086             struct pollfd *pfd;
9087             unsigned int i;
9088 
9089             pfd = NULL;
9090             target_pfd = NULL;
9091             if (nfds) {
9092                 target_pfd = lock_user(VERIFY_WRITE, arg1,
9093                                        sizeof(struct target_pollfd) * nfds, 1);
9094                 if (!target_pfd) {
9095                     goto efault;
9096                 }
9097 
9098                 pfd = alloca(sizeof(struct pollfd) * nfds);
9099                 for (i = 0; i < nfds; i++) {
9100                     pfd[i].fd = tswap32(target_pfd[i].fd);
9101                     pfd[i].events = tswap16(target_pfd[i].events);
9102                 }
9103             }
9104 
9105             switch (num) {
9106 # ifdef TARGET_NR_ppoll
9107             case TARGET_NR_ppoll:
9108             {
9109                 struct timespec _timeout_ts, *timeout_ts = &_timeout_ts;
9110                 target_sigset_t *target_set;
9111                 sigset_t _set, *set = &_set;
9112 
9113                 if (arg3) {
9114                     if (target_to_host_timespec(timeout_ts, arg3)) {
9115                         unlock_user(target_pfd, arg1, 0);
9116                         goto efault;
9117                     }
9118                 } else {
9119                     timeout_ts = NULL;
9120                 }
9121 
9122                 if (arg4) {
9123                     target_set = lock_user(VERIFY_READ, arg4, sizeof(target_sigset_t), 1);
9124                     if (!target_set) {
9125                         unlock_user(target_pfd, arg1, 0);
9126                         goto efault;
9127                     }
9128                     target_to_host_sigset(set, target_set);
9129                 } else {
9130                     set = NULL;
9131                 }
9132 
9133                 ret = get_errno(safe_ppoll(pfd, nfds, timeout_ts,
9134                                            set, SIGSET_T_SIZE));
9135 
9136                 if (!is_error(ret) && arg3) {
9137                     host_to_target_timespec(arg3, timeout_ts);
9138                 }
9139                 if (arg4) {
9140                     unlock_user(target_set, arg4, 0);
9141                 }
9142                 break;
9143             }
9144 # endif
9145 # ifdef TARGET_NR_poll
9146             case TARGET_NR_poll:
9147             {
9148                 struct timespec ts, *pts;
9149 
9150                 if (arg3 >= 0) {
9151                     /* Convert ms to secs, ns */
9152                     ts.tv_sec = arg3 / 1000;
9153                     ts.tv_nsec = (arg3 % 1000) * 1000000LL;
9154                     pts = &ts;
9155                 } else {
9156                     /* -ve poll() timeout means "infinite" */
9157                     pts = NULL;
9158                 }
9159                 ret = get_errno(safe_ppoll(pfd, nfds, pts, NULL, 0));
9160                 break;
9161             }
9162 # endif
9163             default:
9164                 g_assert_not_reached();
9165             }
9166 
9167             if (!is_error(ret)) {
9168                 for(i = 0; i < nfds; i++) {
9169                     target_pfd[i].revents = tswap16(pfd[i].revents);
9170                 }
9171             }
9172             unlock_user(target_pfd, arg1, sizeof(struct target_pollfd) * nfds);
9173         }
9174         break;
9175 #endif
9176     case TARGET_NR_flock:
9177         /* NOTE: the flock constant seems to be the same for every
9178            Linux platform */
9179         ret = get_errno(safe_flock(arg1, arg2));
9180         break;
9181     case TARGET_NR_readv:
9182         {
9183             struct iovec *vec = lock_iovec(VERIFY_WRITE, arg2, arg3, 0);
9184             if (vec != NULL) {
9185                 ret = get_errno(safe_readv(arg1, vec, arg3));
9186                 unlock_iovec(vec, arg2, arg3, 1);
9187             } else {
9188                 ret = -host_to_target_errno(errno);
9189             }
9190         }
9191         break;
9192     case TARGET_NR_writev:
9193         {
9194             struct iovec *vec = lock_iovec(VERIFY_READ, arg2, arg3, 1);
9195             if (vec != NULL) {
9196                 ret = get_errno(safe_writev(arg1, vec, arg3));
9197                 unlock_iovec(vec, arg2, arg3, 0);
9198             } else {
9199                 ret = -host_to_target_errno(errno);
9200             }
9201         }
9202         break;
9203     case TARGET_NR_getsid:
9204         ret = get_errno(getsid(arg1));
9205         break;
9206 #if defined(TARGET_NR_fdatasync) /* Not on alpha (osf_datasync ?) */
9207     case TARGET_NR_fdatasync:
9208         ret = get_errno(fdatasync(arg1));
9209         break;
9210 #endif
9211 #ifdef TARGET_NR__sysctl
9212     case TARGET_NR__sysctl:
9213         /* We don't implement this, but ENOTDIR is always a safe
9214            return value. */
9215         ret = -TARGET_ENOTDIR;
9216         break;
9217 #endif
9218     case TARGET_NR_sched_getaffinity:
9219         {
9220             unsigned int mask_size;
9221             unsigned long *mask;
9222 
9223             /*
9224              * sched_getaffinity needs multiples of ulong, so need to take
9225              * care of mismatches between target ulong and host ulong sizes.
9226              */
9227             if (arg2 & (sizeof(abi_ulong) - 1)) {
9228                 ret = -TARGET_EINVAL;
9229                 break;
9230             }
9231             mask_size = (arg2 + (sizeof(*mask) - 1)) & ~(sizeof(*mask) - 1);
9232 
9233             mask = alloca(mask_size);
9234             ret = get_errno(sys_sched_getaffinity(arg1, mask_size, mask));
9235 
9236             if (!is_error(ret)) {
9237                 if (ret > arg2) {
9238                     /* More data returned than the caller's buffer will fit.
9239                      * This only happens if sizeof(abi_long) < sizeof(long)
9240                      * and the caller passed us a buffer holding an odd number
9241                      * of abi_longs. If the host kernel is actually using the
9242                      * extra 4 bytes then fail EINVAL; otherwise we can just
9243                      * ignore them and only copy the interesting part.
9244                      */
9245                     int numcpus = sysconf(_SC_NPROCESSORS_CONF);
9246                     if (numcpus > arg2 * 8) {
9247                         ret = -TARGET_EINVAL;
9248                         break;
9249                     }
9250                     ret = arg2;
9251                 }
9252 
9253                 if (copy_to_user(arg3, mask, ret)) {
9254                     goto efault;
9255                 }
9256             }
9257         }
9258         break;
9259     case TARGET_NR_sched_setaffinity:
9260         {
9261             unsigned int mask_size;
9262             unsigned long *mask;
9263 
9264             /*
9265              * sched_setaffinity needs multiples of ulong, so need to take
9266              * care of mismatches between target ulong and host ulong sizes.
9267              */
9268             if (arg2 & (sizeof(abi_ulong) - 1)) {
9269                 ret = -TARGET_EINVAL;
9270                 break;
9271             }
9272             mask_size = (arg2 + (sizeof(*mask) - 1)) & ~(sizeof(*mask) - 1);
9273 
9274             mask = alloca(mask_size);
9275             if (!lock_user_struct(VERIFY_READ, p, arg3, 1)) {
9276                 goto efault;
9277             }
9278             memcpy(mask, p, arg2);
9279             unlock_user_struct(p, arg2, 0);
9280 
9281             ret = get_errno(sys_sched_setaffinity(arg1, mask_size, mask));
9282         }
9283         break;
9284     case TARGET_NR_sched_setparam:
9285         {
9286             struct sched_param *target_schp;
9287             struct sched_param schp;
9288 
9289             if (arg2 == 0) {
9290                 return -TARGET_EINVAL;
9291             }
9292             if (!lock_user_struct(VERIFY_READ, target_schp, arg2, 1))
9293                 goto efault;
9294             schp.sched_priority = tswap32(target_schp->sched_priority);
9295             unlock_user_struct(target_schp, arg2, 0);
9296             ret = get_errno(sched_setparam(arg1, &schp));
9297         }
9298         break;
9299     case TARGET_NR_sched_getparam:
9300         {
9301             struct sched_param *target_schp;
9302             struct sched_param schp;
9303 
9304             if (arg2 == 0) {
9305                 return -TARGET_EINVAL;
9306             }
9307             ret = get_errno(sched_getparam(arg1, &schp));
9308             if (!is_error(ret)) {
9309                 if (!lock_user_struct(VERIFY_WRITE, target_schp, arg2, 0))
9310                     goto efault;
9311                 target_schp->sched_priority = tswap32(schp.sched_priority);
9312                 unlock_user_struct(target_schp, arg2, 1);
9313             }
9314         }
9315         break;
9316     case TARGET_NR_sched_setscheduler:
9317         {
9318             struct sched_param *target_schp;
9319             struct sched_param schp;
9320             if (arg3 == 0) {
9321                 return -TARGET_EINVAL;
9322             }
9323             if (!lock_user_struct(VERIFY_READ, target_schp, arg3, 1))
9324                 goto efault;
9325             schp.sched_priority = tswap32(target_schp->sched_priority);
9326             unlock_user_struct(target_schp, arg3, 0);
9327             ret = get_errno(sched_setscheduler(arg1, arg2, &schp));
9328         }
9329         break;
9330     case TARGET_NR_sched_getscheduler:
9331         ret = get_errno(sched_getscheduler(arg1));
9332         break;
9333     case TARGET_NR_sched_yield:
9334         ret = get_errno(sched_yield());
9335         break;
9336     case TARGET_NR_sched_get_priority_max:
9337         ret = get_errno(sched_get_priority_max(arg1));
9338         break;
9339     case TARGET_NR_sched_get_priority_min:
9340         ret = get_errno(sched_get_priority_min(arg1));
9341         break;
9342     case TARGET_NR_sched_rr_get_interval:
9343         {
9344             struct timespec ts;
9345             ret = get_errno(sched_rr_get_interval(arg1, &ts));
9346             if (!is_error(ret)) {
9347                 ret = host_to_target_timespec(arg2, &ts);
9348             }
9349         }
9350         break;
9351     case TARGET_NR_nanosleep:
9352         {
9353             struct timespec req, rem;
9354             target_to_host_timespec(&req, arg1);
9355             ret = get_errno(safe_nanosleep(&req, &rem));
9356             if (is_error(ret) && arg2) {
9357                 host_to_target_timespec(arg2, &rem);
9358             }
9359         }
9360         break;
9361 #ifdef TARGET_NR_query_module
9362     case TARGET_NR_query_module:
9363         goto unimplemented;
9364 #endif
9365 #ifdef TARGET_NR_nfsservctl
9366     case TARGET_NR_nfsservctl:
9367         goto unimplemented;
9368 #endif
9369     case TARGET_NR_prctl:
9370         switch (arg1) {
9371         case PR_GET_PDEATHSIG:
9372         {
9373             int deathsig;
9374             ret = get_errno(prctl(arg1, &deathsig, arg3, arg4, arg5));
9375             if (!is_error(ret) && arg2
9376                 && put_user_ual(deathsig, arg2)) {
9377                 goto efault;
9378             }
9379             break;
9380         }
9381 #ifdef PR_GET_NAME
9382         case PR_GET_NAME:
9383         {
9384             void *name = lock_user(VERIFY_WRITE, arg2, 16, 1);
9385             if (!name) {
9386                 goto efault;
9387             }
9388             ret = get_errno(prctl(arg1, (unsigned long)name,
9389                                   arg3, arg4, arg5));
9390             unlock_user(name, arg2, 16);
9391             break;
9392         }
9393         case PR_SET_NAME:
9394         {
9395             void *name = lock_user(VERIFY_READ, arg2, 16, 1);
9396             if (!name) {
9397                 goto efault;
9398             }
9399             ret = get_errno(prctl(arg1, (unsigned long)name,
9400                                   arg3, arg4, arg5));
9401             unlock_user(name, arg2, 0);
9402             break;
9403         }
9404 #endif
9405         default:
9406             /* Most prctl options have no pointer arguments */
9407             ret = get_errno(prctl(arg1, arg2, arg3, arg4, arg5));
9408             break;
9409         }
9410         break;
9411 #ifdef TARGET_NR_arch_prctl
9412     case TARGET_NR_arch_prctl:
9413 #if defined(TARGET_I386) && !defined(TARGET_ABI32)
9414         ret = do_arch_prctl(cpu_env, arg1, arg2);
9415         break;
9416 #else
9417         goto unimplemented;
9418 #endif
9419 #endif
9420 #ifdef TARGET_NR_pread64
9421     case TARGET_NR_pread64:
9422         if (regpairs_aligned(cpu_env)) {
9423             arg4 = arg5;
9424             arg5 = arg6;
9425         }
9426         if (!(p = lock_user(VERIFY_WRITE, arg2, arg3, 0)))
9427             goto efault;
9428         ret = get_errno(pread64(arg1, p, arg3, target_offset64(arg4, arg5)));
9429         unlock_user(p, arg2, ret);
9430         break;
9431     case TARGET_NR_pwrite64:
9432         if (regpairs_aligned(cpu_env)) {
9433             arg4 = arg5;
9434             arg5 = arg6;
9435         }
9436         if (!(p = lock_user(VERIFY_READ, arg2, arg3, 1)))
9437             goto efault;
9438         ret = get_errno(pwrite64(arg1, p, arg3, target_offset64(arg4, arg5)));
9439         unlock_user(p, arg2, 0);
9440         break;
9441 #endif
9442     case TARGET_NR_getcwd:
9443         if (!(p = lock_user(VERIFY_WRITE, arg1, arg2, 0)))
9444             goto efault;
9445         ret = get_errno(sys_getcwd1(p, arg2));
9446         unlock_user(p, arg1, ret);
9447         break;
9448     case TARGET_NR_capget:
9449     case TARGET_NR_capset:
9450     {
9451         struct target_user_cap_header *target_header;
9452         struct target_user_cap_data *target_data = NULL;
9453         struct __user_cap_header_struct header;
9454         struct __user_cap_data_struct data[2];
9455         struct __user_cap_data_struct *dataptr = NULL;
9456         int i, target_datalen;
9457         int data_items = 1;
9458 
9459         if (!lock_user_struct(VERIFY_WRITE, target_header, arg1, 1)) {
9460             goto efault;
9461         }
9462         header.version = tswap32(target_header->version);
9463         header.pid = tswap32(target_header->pid);
9464 
9465         if (header.version != _LINUX_CAPABILITY_VERSION) {
9466             /* Version 2 and up takes pointer to two user_data structs */
9467             data_items = 2;
9468         }
9469 
9470         target_datalen = sizeof(*target_data) * data_items;
9471 
9472         if (arg2) {
9473             if (num == TARGET_NR_capget) {
9474                 target_data = lock_user(VERIFY_WRITE, arg2, target_datalen, 0);
9475             } else {
9476                 target_data = lock_user(VERIFY_READ, arg2, target_datalen, 1);
9477             }
9478             if (!target_data) {
9479                 unlock_user_struct(target_header, arg1, 0);
9480                 goto efault;
9481             }
9482 
9483             if (num == TARGET_NR_capset) {
9484                 for (i = 0; i < data_items; i++) {
9485                     data[i].effective = tswap32(target_data[i].effective);
9486                     data[i].permitted = tswap32(target_data[i].permitted);
9487                     data[i].inheritable = tswap32(target_data[i].inheritable);
9488                 }
9489             }
9490 
9491             dataptr = data;
9492         }
9493 
9494         if (num == TARGET_NR_capget) {
9495             ret = get_errno(capget(&header, dataptr));
9496         } else {
9497             ret = get_errno(capset(&header, dataptr));
9498         }
9499 
9500         /* The kernel always updates version for both capget and capset */
9501         target_header->version = tswap32(header.version);
9502         unlock_user_struct(target_header, arg1, 1);
9503 
9504         if (arg2) {
9505             if (num == TARGET_NR_capget) {
9506                 for (i = 0; i < data_items; i++) {
9507                     target_data[i].effective = tswap32(data[i].effective);
9508                     target_data[i].permitted = tswap32(data[i].permitted);
9509                     target_data[i].inheritable = tswap32(data[i].inheritable);
9510                 }
9511                 unlock_user(target_data, arg2, target_datalen);
9512             } else {
9513                 unlock_user(target_data, arg2, 0);
9514             }
9515         }
9516         break;
9517     }
9518     case TARGET_NR_sigaltstack:
9519         ret = do_sigaltstack(arg1, arg2, get_sp_from_cpustate((CPUArchState *)cpu_env));
9520         break;
9521 
9522 #ifdef CONFIG_SENDFILE
9523     case TARGET_NR_sendfile:
9524     {
9525         off_t *offp = NULL;
9526         off_t off;
9527         if (arg3) {
9528             ret = get_user_sal(off, arg3);
9529             if (is_error(ret)) {
9530                 break;
9531             }
9532             offp = &off;
9533         }
9534         ret = get_errno(sendfile(arg1, arg2, offp, arg4));
9535         if (!is_error(ret) && arg3) {
9536             abi_long ret2 = put_user_sal(off, arg3);
9537             if (is_error(ret2)) {
9538                 ret = ret2;
9539             }
9540         }
9541         break;
9542     }
9543 #ifdef TARGET_NR_sendfile64
9544     case TARGET_NR_sendfile64:
9545     {
9546         off_t *offp = NULL;
9547         off_t off;
9548         if (arg3) {
9549             ret = get_user_s64(off, arg3);
9550             if (is_error(ret)) {
9551                 break;
9552             }
9553             offp = &off;
9554         }
9555         ret = get_errno(sendfile(arg1, arg2, offp, arg4));
9556         if (!is_error(ret) && arg3) {
9557             abi_long ret2 = put_user_s64(off, arg3);
9558             if (is_error(ret2)) {
9559                 ret = ret2;
9560             }
9561         }
9562         break;
9563     }
9564 #endif
9565 #else
9566     case TARGET_NR_sendfile:
9567 #ifdef TARGET_NR_sendfile64
9568     case TARGET_NR_sendfile64:
9569 #endif
9570         goto unimplemented;
9571 #endif
9572 
9573 #ifdef TARGET_NR_getpmsg
9574     case TARGET_NR_getpmsg:
9575         goto unimplemented;
9576 #endif
9577 #ifdef TARGET_NR_putpmsg
9578     case TARGET_NR_putpmsg:
9579         goto unimplemented;
9580 #endif
9581 #ifdef TARGET_NR_vfork
9582     case TARGET_NR_vfork:
9583         ret = get_errno(do_fork(cpu_env, CLONE_VFORK | CLONE_VM | SIGCHLD,
9584                         0, 0, 0, 0));
9585         break;
9586 #endif
9587 #ifdef TARGET_NR_ugetrlimit
9588     case TARGET_NR_ugetrlimit:
9589     {
9590 	struct rlimit rlim;
9591 	int resource = target_to_host_resource(arg1);
9592 	ret = get_errno(getrlimit(resource, &rlim));
9593 	if (!is_error(ret)) {
9594 	    struct target_rlimit *target_rlim;
9595             if (!lock_user_struct(VERIFY_WRITE, target_rlim, arg2, 0))
9596                 goto efault;
9597 	    target_rlim->rlim_cur = host_to_target_rlim(rlim.rlim_cur);
9598 	    target_rlim->rlim_max = host_to_target_rlim(rlim.rlim_max);
9599             unlock_user_struct(target_rlim, arg2, 1);
9600 	}
9601 	break;
9602     }
9603 #endif
9604 #ifdef TARGET_NR_truncate64
9605     case TARGET_NR_truncate64:
9606         if (!(p = lock_user_string(arg1)))
9607             goto efault;
9608 	ret = target_truncate64(cpu_env, p, arg2, arg3, arg4);
9609         unlock_user(p, arg1, 0);
9610 	break;
9611 #endif
9612 #ifdef TARGET_NR_ftruncate64
9613     case TARGET_NR_ftruncate64:
9614 	ret = target_ftruncate64(cpu_env, arg1, arg2, arg3, arg4);
9615 	break;
9616 #endif
9617 #ifdef TARGET_NR_stat64
9618     case TARGET_NR_stat64:
9619         if (!(p = lock_user_string(arg1)))
9620             goto efault;
9621         ret = get_errno(stat(path(p), &st));
9622         unlock_user(p, arg1, 0);
9623         if (!is_error(ret))
9624             ret = host_to_target_stat64(cpu_env, arg2, &st);
9625         break;
9626 #endif
9627 #ifdef TARGET_NR_lstat64
9628     case TARGET_NR_lstat64:
9629         if (!(p = lock_user_string(arg1)))
9630             goto efault;
9631         ret = get_errno(lstat(path(p), &st));
9632         unlock_user(p, arg1, 0);
9633         if (!is_error(ret))
9634             ret = host_to_target_stat64(cpu_env, arg2, &st);
9635         break;
9636 #endif
9637 #ifdef TARGET_NR_fstat64
9638     case TARGET_NR_fstat64:
9639         ret = get_errno(fstat(arg1, &st));
9640         if (!is_error(ret))
9641             ret = host_to_target_stat64(cpu_env, arg2, &st);
9642         break;
9643 #endif
9644 #if (defined(TARGET_NR_fstatat64) || defined(TARGET_NR_newfstatat))
9645 #ifdef TARGET_NR_fstatat64
9646     case TARGET_NR_fstatat64:
9647 #endif
9648 #ifdef TARGET_NR_newfstatat
9649     case TARGET_NR_newfstatat:
9650 #endif
9651         if (!(p = lock_user_string(arg2)))
9652             goto efault;
9653         ret = get_errno(fstatat(arg1, path(p), &st, arg4));
9654         if (!is_error(ret))
9655             ret = host_to_target_stat64(cpu_env, arg3, &st);
9656         break;
9657 #endif
9658 #ifdef TARGET_NR_lchown
9659     case TARGET_NR_lchown:
9660         if (!(p = lock_user_string(arg1)))
9661             goto efault;
9662         ret = get_errno(lchown(p, low2highuid(arg2), low2highgid(arg3)));
9663         unlock_user(p, arg1, 0);
9664         break;
9665 #endif
9666 #ifdef TARGET_NR_getuid
9667     case TARGET_NR_getuid:
9668         ret = get_errno(high2lowuid(getuid()));
9669         break;
9670 #endif
9671 #ifdef TARGET_NR_getgid
9672     case TARGET_NR_getgid:
9673         ret = get_errno(high2lowgid(getgid()));
9674         break;
9675 #endif
9676 #ifdef TARGET_NR_geteuid
9677     case TARGET_NR_geteuid:
9678         ret = get_errno(high2lowuid(geteuid()));
9679         break;
9680 #endif
9681 #ifdef TARGET_NR_getegid
9682     case TARGET_NR_getegid:
9683         ret = get_errno(high2lowgid(getegid()));
9684         break;
9685 #endif
9686     case TARGET_NR_setreuid:
9687         ret = get_errno(setreuid(low2highuid(arg1), low2highuid(arg2)));
9688         break;
9689     case TARGET_NR_setregid:
9690         ret = get_errno(setregid(low2highgid(arg1), low2highgid(arg2)));
9691         break;
9692     case TARGET_NR_getgroups:
9693         {
9694             int gidsetsize = arg1;
9695             target_id *target_grouplist;
9696             gid_t *grouplist;
9697             int i;
9698 
9699             grouplist = alloca(gidsetsize * sizeof(gid_t));
9700             ret = get_errno(getgroups(gidsetsize, grouplist));
9701             if (gidsetsize == 0)
9702                 break;
9703             if (!is_error(ret)) {
9704                 target_grouplist = lock_user(VERIFY_WRITE, arg2, gidsetsize * sizeof(target_id), 0);
9705                 if (!target_grouplist)
9706                     goto efault;
9707                 for(i = 0;i < ret; i++)
9708                     target_grouplist[i] = tswapid(high2lowgid(grouplist[i]));
9709                 unlock_user(target_grouplist, arg2, gidsetsize * sizeof(target_id));
9710             }
9711         }
9712         break;
9713     case TARGET_NR_setgroups:
9714         {
9715             int gidsetsize = arg1;
9716             target_id *target_grouplist;
9717             gid_t *grouplist = NULL;
9718             int i;
9719             if (gidsetsize) {
9720                 grouplist = alloca(gidsetsize * sizeof(gid_t));
9721                 target_grouplist = lock_user(VERIFY_READ, arg2, gidsetsize * sizeof(target_id), 1);
9722                 if (!target_grouplist) {
9723                     ret = -TARGET_EFAULT;
9724                     goto fail;
9725                 }
9726                 for (i = 0; i < gidsetsize; i++) {
9727                     grouplist[i] = low2highgid(tswapid(target_grouplist[i]));
9728                 }
9729                 unlock_user(target_grouplist, arg2, 0);
9730             }
9731             ret = get_errno(setgroups(gidsetsize, grouplist));
9732         }
9733         break;
9734     case TARGET_NR_fchown:
9735         ret = get_errno(fchown(arg1, low2highuid(arg2), low2highgid(arg3)));
9736         break;
9737 #if defined(TARGET_NR_fchownat)
9738     case TARGET_NR_fchownat:
9739         if (!(p = lock_user_string(arg2)))
9740             goto efault;
9741         ret = get_errno(fchownat(arg1, p, low2highuid(arg3),
9742                                  low2highgid(arg4), arg5));
9743         unlock_user(p, arg2, 0);
9744         break;
9745 #endif
9746 #ifdef TARGET_NR_setresuid
9747     case TARGET_NR_setresuid:
9748         ret = get_errno(sys_setresuid(low2highuid(arg1),
9749                                       low2highuid(arg2),
9750                                       low2highuid(arg3)));
9751         break;
9752 #endif
9753 #ifdef TARGET_NR_getresuid
9754     case TARGET_NR_getresuid:
9755         {
9756             uid_t ruid, euid, suid;
9757             ret = get_errno(getresuid(&ruid, &euid, &suid));
9758             if (!is_error(ret)) {
9759                 if (put_user_id(high2lowuid(ruid), arg1)
9760                     || put_user_id(high2lowuid(euid), arg2)
9761                     || put_user_id(high2lowuid(suid), arg3))
9762                     goto efault;
9763             }
9764         }
9765         break;
9766 #endif
9767 #ifdef TARGET_NR_getresgid
9768     case TARGET_NR_setresgid:
9769         ret = get_errno(sys_setresgid(low2highgid(arg1),
9770                                       low2highgid(arg2),
9771                                       low2highgid(arg3)));
9772         break;
9773 #endif
9774 #ifdef TARGET_NR_getresgid
9775     case TARGET_NR_getresgid:
9776         {
9777             gid_t rgid, egid, sgid;
9778             ret = get_errno(getresgid(&rgid, &egid, &sgid));
9779             if (!is_error(ret)) {
9780                 if (put_user_id(high2lowgid(rgid), arg1)
9781                     || put_user_id(high2lowgid(egid), arg2)
9782                     || put_user_id(high2lowgid(sgid), arg3))
9783                     goto efault;
9784             }
9785         }
9786         break;
9787 #endif
9788 #ifdef TARGET_NR_chown
9789     case TARGET_NR_chown:
9790         if (!(p = lock_user_string(arg1)))
9791             goto efault;
9792         ret = get_errno(chown(p, low2highuid(arg2), low2highgid(arg3)));
9793         unlock_user(p, arg1, 0);
9794         break;
9795 #endif
9796     case TARGET_NR_setuid:
9797         ret = get_errno(sys_setuid(low2highuid(arg1)));
9798         break;
9799     case TARGET_NR_setgid:
9800         ret = get_errno(sys_setgid(low2highgid(arg1)));
9801         break;
9802     case TARGET_NR_setfsuid:
9803         ret = get_errno(setfsuid(arg1));
9804         break;
9805     case TARGET_NR_setfsgid:
9806         ret = get_errno(setfsgid(arg1));
9807         break;
9808 
9809 #ifdef TARGET_NR_lchown32
9810     case TARGET_NR_lchown32:
9811         if (!(p = lock_user_string(arg1)))
9812             goto efault;
9813         ret = get_errno(lchown(p, arg2, arg3));
9814         unlock_user(p, arg1, 0);
9815         break;
9816 #endif
9817 #ifdef TARGET_NR_getuid32
9818     case TARGET_NR_getuid32:
9819         ret = get_errno(getuid());
9820         break;
9821 #endif
9822 
9823 #if defined(TARGET_NR_getxuid) && defined(TARGET_ALPHA)
9824    /* Alpha specific */
9825     case TARGET_NR_getxuid:
9826          {
9827             uid_t euid;
9828             euid=geteuid();
9829             ((CPUAlphaState *)cpu_env)->ir[IR_A4]=euid;
9830          }
9831         ret = get_errno(getuid());
9832         break;
9833 #endif
9834 #if defined(TARGET_NR_getxgid) && defined(TARGET_ALPHA)
9835    /* Alpha specific */
9836     case TARGET_NR_getxgid:
9837          {
9838             uid_t egid;
9839             egid=getegid();
9840             ((CPUAlphaState *)cpu_env)->ir[IR_A4]=egid;
9841          }
9842         ret = get_errno(getgid());
9843         break;
9844 #endif
9845 #if defined(TARGET_NR_osf_getsysinfo) && defined(TARGET_ALPHA)
9846     /* Alpha specific */
9847     case TARGET_NR_osf_getsysinfo:
9848         ret = -TARGET_EOPNOTSUPP;
9849         switch (arg1) {
9850           case TARGET_GSI_IEEE_FP_CONTROL:
9851             {
9852                 uint64_t swcr, fpcr = cpu_alpha_load_fpcr (cpu_env);
9853 
9854                 /* Copied from linux ieee_fpcr_to_swcr.  */
9855                 swcr = (fpcr >> 35) & SWCR_STATUS_MASK;
9856                 swcr |= (fpcr >> 36) & SWCR_MAP_DMZ;
9857                 swcr |= (~fpcr >> 48) & (SWCR_TRAP_ENABLE_INV
9858                                         | SWCR_TRAP_ENABLE_DZE
9859                                         | SWCR_TRAP_ENABLE_OVF);
9860                 swcr |= (~fpcr >> 57) & (SWCR_TRAP_ENABLE_UNF
9861                                         | SWCR_TRAP_ENABLE_INE);
9862                 swcr |= (fpcr >> 47) & SWCR_MAP_UMZ;
9863                 swcr |= (~fpcr >> 41) & SWCR_TRAP_ENABLE_DNO;
9864 
9865                 if (put_user_u64 (swcr, arg2))
9866                         goto efault;
9867                 ret = 0;
9868             }
9869             break;
9870 
9871           /* case GSI_IEEE_STATE_AT_SIGNAL:
9872              -- Not implemented in linux kernel.
9873              case GSI_UACPROC:
9874              -- Retrieves current unaligned access state; not much used.
9875              case GSI_PROC_TYPE:
9876              -- Retrieves implver information; surely not used.
9877              case GSI_GET_HWRPB:
9878              -- Grabs a copy of the HWRPB; surely not used.
9879           */
9880         }
9881         break;
9882 #endif
9883 #if defined(TARGET_NR_osf_setsysinfo) && defined(TARGET_ALPHA)
9884     /* Alpha specific */
9885     case TARGET_NR_osf_setsysinfo:
9886         ret = -TARGET_EOPNOTSUPP;
9887         switch (arg1) {
9888           case TARGET_SSI_IEEE_FP_CONTROL:
9889             {
9890                 uint64_t swcr, fpcr, orig_fpcr;
9891 
9892                 if (get_user_u64 (swcr, arg2)) {
9893                     goto efault;
9894                 }
9895                 orig_fpcr = cpu_alpha_load_fpcr(cpu_env);
9896                 fpcr = orig_fpcr & FPCR_DYN_MASK;
9897 
9898                 /* Copied from linux ieee_swcr_to_fpcr.  */
9899                 fpcr |= (swcr & SWCR_STATUS_MASK) << 35;
9900                 fpcr |= (swcr & SWCR_MAP_DMZ) << 36;
9901                 fpcr |= (~swcr & (SWCR_TRAP_ENABLE_INV
9902                                   | SWCR_TRAP_ENABLE_DZE
9903                                   | SWCR_TRAP_ENABLE_OVF)) << 48;
9904                 fpcr |= (~swcr & (SWCR_TRAP_ENABLE_UNF
9905                                   | SWCR_TRAP_ENABLE_INE)) << 57;
9906                 fpcr |= (swcr & SWCR_MAP_UMZ ? FPCR_UNDZ | FPCR_UNFD : 0);
9907                 fpcr |= (~swcr & SWCR_TRAP_ENABLE_DNO) << 41;
9908 
9909                 cpu_alpha_store_fpcr(cpu_env, fpcr);
9910                 ret = 0;
9911             }
9912             break;
9913 
9914           case TARGET_SSI_IEEE_RAISE_EXCEPTION:
9915             {
9916                 uint64_t exc, fpcr, orig_fpcr;
9917                 int si_code;
9918 
9919                 if (get_user_u64(exc, arg2)) {
9920                     goto efault;
9921                 }
9922 
9923                 orig_fpcr = cpu_alpha_load_fpcr(cpu_env);
9924 
9925                 /* We only add to the exception status here.  */
9926                 fpcr = orig_fpcr | ((exc & SWCR_STATUS_MASK) << 35);
9927 
9928                 cpu_alpha_store_fpcr(cpu_env, fpcr);
9929                 ret = 0;
9930 
9931                 /* Old exceptions are not signaled.  */
9932                 fpcr &= ~(orig_fpcr & FPCR_STATUS_MASK);
9933 
9934                 /* If any exceptions set by this call,
9935                    and are unmasked, send a signal.  */
9936                 si_code = 0;
9937                 if ((fpcr & (FPCR_INE | FPCR_INED)) == FPCR_INE) {
9938                     si_code = TARGET_FPE_FLTRES;
9939                 }
9940                 if ((fpcr & (FPCR_UNF | FPCR_UNFD)) == FPCR_UNF) {
9941                     si_code = TARGET_FPE_FLTUND;
9942                 }
9943                 if ((fpcr & (FPCR_OVF | FPCR_OVFD)) == FPCR_OVF) {
9944                     si_code = TARGET_FPE_FLTOVF;
9945                 }
9946                 if ((fpcr & (FPCR_DZE | FPCR_DZED)) == FPCR_DZE) {
9947                     si_code = TARGET_FPE_FLTDIV;
9948                 }
9949                 if ((fpcr & (FPCR_INV | FPCR_INVD)) == FPCR_INV) {
9950                     si_code = TARGET_FPE_FLTINV;
9951                 }
9952                 if (si_code != 0) {
9953                     target_siginfo_t info;
9954                     info.si_signo = SIGFPE;
9955                     info.si_errno = 0;
9956                     info.si_code = si_code;
9957                     info._sifields._sigfault._addr
9958                         = ((CPUArchState *)cpu_env)->pc;
9959                     queue_signal((CPUArchState *)cpu_env, info.si_signo, &info);
9960                 }
9961             }
9962             break;
9963 
9964           /* case SSI_NVPAIRS:
9965              -- Used with SSIN_UACPROC to enable unaligned accesses.
9966              case SSI_IEEE_STATE_AT_SIGNAL:
9967              case SSI_IEEE_IGNORE_STATE_AT_SIGNAL:
9968              -- Not implemented in linux kernel
9969           */
9970         }
9971         break;
9972 #endif
9973 #ifdef TARGET_NR_osf_sigprocmask
9974     /* Alpha specific.  */
9975     case TARGET_NR_osf_sigprocmask:
9976         {
9977             abi_ulong mask;
9978             int how;
9979             sigset_t set, oldset;
9980 
9981             switch(arg1) {
9982             case TARGET_SIG_BLOCK:
9983                 how = SIG_BLOCK;
9984                 break;
9985             case TARGET_SIG_UNBLOCK:
9986                 how = SIG_UNBLOCK;
9987                 break;
9988             case TARGET_SIG_SETMASK:
9989                 how = SIG_SETMASK;
9990                 break;
9991             default:
9992                 ret = -TARGET_EINVAL;
9993                 goto fail;
9994             }
9995             mask = arg2;
9996             target_to_host_old_sigset(&set, &mask);
9997             ret = do_sigprocmask(how, &set, &oldset);
9998             if (!ret) {
9999                 host_to_target_old_sigset(&mask, &oldset);
10000                 ret = mask;
10001             }
10002         }
10003         break;
10004 #endif
10005 
10006 #ifdef TARGET_NR_getgid32
10007     case TARGET_NR_getgid32:
10008         ret = get_errno(getgid());
10009         break;
10010 #endif
10011 #ifdef TARGET_NR_geteuid32
10012     case TARGET_NR_geteuid32:
10013         ret = get_errno(geteuid());
10014         break;
10015 #endif
10016 #ifdef TARGET_NR_getegid32
10017     case TARGET_NR_getegid32:
10018         ret = get_errno(getegid());
10019         break;
10020 #endif
10021 #ifdef TARGET_NR_setreuid32
10022     case TARGET_NR_setreuid32:
10023         ret = get_errno(setreuid(arg1, arg2));
10024         break;
10025 #endif
10026 #ifdef TARGET_NR_setregid32
10027     case TARGET_NR_setregid32:
10028         ret = get_errno(setregid(arg1, arg2));
10029         break;
10030 #endif
10031 #ifdef TARGET_NR_getgroups32
10032     case TARGET_NR_getgroups32:
10033         {
10034             int gidsetsize = arg1;
10035             uint32_t *target_grouplist;
10036             gid_t *grouplist;
10037             int i;
10038 
10039             grouplist = alloca(gidsetsize * sizeof(gid_t));
10040             ret = get_errno(getgroups(gidsetsize, grouplist));
10041             if (gidsetsize == 0)
10042                 break;
10043             if (!is_error(ret)) {
10044                 target_grouplist = lock_user(VERIFY_WRITE, arg2, gidsetsize * 4, 0);
10045                 if (!target_grouplist) {
10046                     ret = -TARGET_EFAULT;
10047                     goto fail;
10048                 }
10049                 for(i = 0;i < ret; i++)
10050                     target_grouplist[i] = tswap32(grouplist[i]);
10051                 unlock_user(target_grouplist, arg2, gidsetsize * 4);
10052             }
10053         }
10054         break;
10055 #endif
10056 #ifdef TARGET_NR_setgroups32
10057     case TARGET_NR_setgroups32:
10058         {
10059             int gidsetsize = arg1;
10060             uint32_t *target_grouplist;
10061             gid_t *grouplist;
10062             int i;
10063 
10064             grouplist = alloca(gidsetsize * sizeof(gid_t));
10065             target_grouplist = lock_user(VERIFY_READ, arg2, gidsetsize * 4, 1);
10066             if (!target_grouplist) {
10067                 ret = -TARGET_EFAULT;
10068                 goto fail;
10069             }
10070             for(i = 0;i < gidsetsize; i++)
10071                 grouplist[i] = tswap32(target_grouplist[i]);
10072             unlock_user(target_grouplist, arg2, 0);
10073             ret = get_errno(setgroups(gidsetsize, grouplist));
10074         }
10075         break;
10076 #endif
10077 #ifdef TARGET_NR_fchown32
10078     case TARGET_NR_fchown32:
10079         ret = get_errno(fchown(arg1, arg2, arg3));
10080         break;
10081 #endif
10082 #ifdef TARGET_NR_setresuid32
10083     case TARGET_NR_setresuid32:
10084         ret = get_errno(sys_setresuid(arg1, arg2, arg3));
10085         break;
10086 #endif
10087 #ifdef TARGET_NR_getresuid32
10088     case TARGET_NR_getresuid32:
10089         {
10090             uid_t ruid, euid, suid;
10091             ret = get_errno(getresuid(&ruid, &euid, &suid));
10092             if (!is_error(ret)) {
10093                 if (put_user_u32(ruid, arg1)
10094                     || put_user_u32(euid, arg2)
10095                     || put_user_u32(suid, arg3))
10096                     goto efault;
10097             }
10098         }
10099         break;
10100 #endif
10101 #ifdef TARGET_NR_setresgid32
10102     case TARGET_NR_setresgid32:
10103         ret = get_errno(sys_setresgid(arg1, arg2, arg3));
10104         break;
10105 #endif
10106 #ifdef TARGET_NR_getresgid32
10107     case TARGET_NR_getresgid32:
10108         {
10109             gid_t rgid, egid, sgid;
10110             ret = get_errno(getresgid(&rgid, &egid, &sgid));
10111             if (!is_error(ret)) {
10112                 if (put_user_u32(rgid, arg1)
10113                     || put_user_u32(egid, arg2)
10114                     || put_user_u32(sgid, arg3))
10115                     goto efault;
10116             }
10117         }
10118         break;
10119 #endif
10120 #ifdef TARGET_NR_chown32
10121     case TARGET_NR_chown32:
10122         if (!(p = lock_user_string(arg1)))
10123             goto efault;
10124         ret = get_errno(chown(p, arg2, arg3));
10125         unlock_user(p, arg1, 0);
10126         break;
10127 #endif
10128 #ifdef TARGET_NR_setuid32
10129     case TARGET_NR_setuid32:
10130         ret = get_errno(sys_setuid(arg1));
10131         break;
10132 #endif
10133 #ifdef TARGET_NR_setgid32
10134     case TARGET_NR_setgid32:
10135         ret = get_errno(sys_setgid(arg1));
10136         break;
10137 #endif
10138 #ifdef TARGET_NR_setfsuid32
10139     case TARGET_NR_setfsuid32:
10140         ret = get_errno(setfsuid(arg1));
10141         break;
10142 #endif
10143 #ifdef TARGET_NR_setfsgid32
10144     case TARGET_NR_setfsgid32:
10145         ret = get_errno(setfsgid(arg1));
10146         break;
10147 #endif
10148 
10149     case TARGET_NR_pivot_root:
10150         goto unimplemented;
10151 #ifdef TARGET_NR_mincore
10152     case TARGET_NR_mincore:
10153         {
10154             void *a;
10155             ret = -TARGET_EFAULT;
10156             if (!(a = lock_user(VERIFY_READ, arg1,arg2, 0)))
10157                 goto efault;
10158             if (!(p = lock_user_string(arg3)))
10159                 goto mincore_fail;
10160             ret = get_errno(mincore(a, arg2, p));
10161             unlock_user(p, arg3, ret);
10162             mincore_fail:
10163             unlock_user(a, arg1, 0);
10164         }
10165         break;
10166 #endif
10167 #ifdef TARGET_NR_arm_fadvise64_64
10168     case TARGET_NR_arm_fadvise64_64:
10169         /* arm_fadvise64_64 looks like fadvise64_64 but
10170          * with different argument order: fd, advice, offset, len
10171          * rather than the usual fd, offset, len, advice.
10172          * Note that offset and len are both 64-bit so appear as
10173          * pairs of 32-bit registers.
10174          */
10175         ret = posix_fadvise(arg1, target_offset64(arg3, arg4),
10176                             target_offset64(arg5, arg6), arg2);
10177         ret = -host_to_target_errno(ret);
10178         break;
10179 #endif
10180 
10181 #if TARGET_ABI_BITS == 32
10182 
10183 #ifdef TARGET_NR_fadvise64_64
10184     case TARGET_NR_fadvise64_64:
10185         /* 6 args: fd, offset (high, low), len (high, low), advice */
10186         if (regpairs_aligned(cpu_env)) {
10187             /* offset is in (3,4), len in (5,6) and advice in 7 */
10188             arg2 = arg3;
10189             arg3 = arg4;
10190             arg4 = arg5;
10191             arg5 = arg6;
10192             arg6 = arg7;
10193         }
10194         ret = -host_to_target_errno(posix_fadvise(arg1,
10195                                                   target_offset64(arg2, arg3),
10196                                                   target_offset64(arg4, arg5),
10197                                                   arg6));
10198         break;
10199 #endif
10200 
10201 #ifdef TARGET_NR_fadvise64
10202     case TARGET_NR_fadvise64:
10203         /* 5 args: fd, offset (high, low), len, advice */
10204         if (regpairs_aligned(cpu_env)) {
10205             /* offset is in (3,4), len in 5 and advice in 6 */
10206             arg2 = arg3;
10207             arg3 = arg4;
10208             arg4 = arg5;
10209             arg5 = arg6;
10210         }
10211         ret = -host_to_target_errno(posix_fadvise(arg1,
10212                                                   target_offset64(arg2, arg3),
10213                                                   arg4, arg5));
10214         break;
10215 #endif
10216 
10217 #else /* not a 32-bit ABI */
10218 #if defined(TARGET_NR_fadvise64_64) || defined(TARGET_NR_fadvise64)
10219 #ifdef TARGET_NR_fadvise64_64
10220     case TARGET_NR_fadvise64_64:
10221 #endif
10222 #ifdef TARGET_NR_fadvise64
10223     case TARGET_NR_fadvise64:
10224 #endif
10225 #ifdef TARGET_S390X
10226         switch (arg4) {
10227         case 4: arg4 = POSIX_FADV_NOREUSE + 1; break; /* make sure it's an invalid value */
10228         case 5: arg4 = POSIX_FADV_NOREUSE + 2; break; /* ditto */
10229         case 6: arg4 = POSIX_FADV_DONTNEED; break;
10230         case 7: arg4 = POSIX_FADV_NOREUSE; break;
10231         default: break;
10232         }
10233 #endif
10234         ret = -host_to_target_errno(posix_fadvise(arg1, arg2, arg3, arg4));
10235         break;
10236 #endif
10237 #endif /* end of 64-bit ABI fadvise handling */
10238 
10239 #ifdef TARGET_NR_madvise
10240     case TARGET_NR_madvise:
10241         /* A straight passthrough may not be safe because qemu sometimes
10242            turns private file-backed mappings into anonymous mappings.
10243            This will break MADV_DONTNEED.
10244            This is a hint, so ignoring and returning success is ok.  */
10245         ret = get_errno(0);
10246         break;
10247 #endif
10248 #if TARGET_ABI_BITS == 32
10249     case TARGET_NR_fcntl64:
10250     {
10251 	int cmd;
10252 	struct flock64 fl;
10253         from_flock64_fn *copyfrom = copy_from_user_flock64;
10254         to_flock64_fn *copyto = copy_to_user_flock64;
10255 
10256 #ifdef TARGET_ARM
10257         if (((CPUARMState *)cpu_env)->eabi) {
10258             copyfrom = copy_from_user_eabi_flock64;
10259             copyto = copy_to_user_eabi_flock64;
10260         }
10261 #endif
10262 
10263 	cmd = target_to_host_fcntl_cmd(arg2);
10264         if (cmd == -TARGET_EINVAL) {
10265             ret = cmd;
10266             break;
10267         }
10268 
10269         switch(arg2) {
10270         case TARGET_F_GETLK64:
10271             ret = copyfrom(&fl, arg3);
10272             if (ret) {
10273                 break;
10274             }
10275             ret = get_errno(fcntl(arg1, cmd, &fl));
10276             if (ret == 0) {
10277                 ret = copyto(arg3, &fl);
10278             }
10279 	    break;
10280 
10281         case TARGET_F_SETLK64:
10282         case TARGET_F_SETLKW64:
10283             ret = copyfrom(&fl, arg3);
10284             if (ret) {
10285                 break;
10286             }
10287             ret = get_errno(safe_fcntl(arg1, cmd, &fl));
10288 	    break;
10289         default:
10290             ret = do_fcntl(arg1, arg2, arg3);
10291             break;
10292         }
10293 	break;
10294     }
10295 #endif
10296 #ifdef TARGET_NR_cacheflush
10297     case TARGET_NR_cacheflush:
10298         /* self-modifying code is handled automatically, so nothing needed */
10299         ret = 0;
10300         break;
10301 #endif
10302 #ifdef TARGET_NR_security
10303     case TARGET_NR_security:
10304         goto unimplemented;
10305 #endif
10306 #ifdef TARGET_NR_getpagesize
10307     case TARGET_NR_getpagesize:
10308         ret = TARGET_PAGE_SIZE;
10309         break;
10310 #endif
10311     case TARGET_NR_gettid:
10312         ret = get_errno(gettid());
10313         break;
10314 #ifdef TARGET_NR_readahead
10315     case TARGET_NR_readahead:
10316 #if TARGET_ABI_BITS == 32
10317         if (regpairs_aligned(cpu_env)) {
10318             arg2 = arg3;
10319             arg3 = arg4;
10320             arg4 = arg5;
10321         }
10322         ret = get_errno(readahead(arg1, ((off64_t)arg3 << 32) | arg2, arg4));
10323 #else
10324         ret = get_errno(readahead(arg1, arg2, arg3));
10325 #endif
10326         break;
10327 #endif
10328 #ifdef CONFIG_ATTR
10329 #ifdef TARGET_NR_setxattr
10330     case TARGET_NR_listxattr:
10331     case TARGET_NR_llistxattr:
10332     {
10333         void *p, *b = 0;
10334         if (arg2) {
10335             b = lock_user(VERIFY_WRITE, arg2, arg3, 0);
10336             if (!b) {
10337                 ret = -TARGET_EFAULT;
10338                 break;
10339             }
10340         }
10341         p = lock_user_string(arg1);
10342         if (p) {
10343             if (num == TARGET_NR_listxattr) {
10344                 ret = get_errno(listxattr(p, b, arg3));
10345             } else {
10346                 ret = get_errno(llistxattr(p, b, arg3));
10347             }
10348         } else {
10349             ret = -TARGET_EFAULT;
10350         }
10351         unlock_user(p, arg1, 0);
10352         unlock_user(b, arg2, arg3);
10353         break;
10354     }
10355     case TARGET_NR_flistxattr:
10356     {
10357         void *b = 0;
10358         if (arg2) {
10359             b = lock_user(VERIFY_WRITE, arg2, arg3, 0);
10360             if (!b) {
10361                 ret = -TARGET_EFAULT;
10362                 break;
10363             }
10364         }
10365         ret = get_errno(flistxattr(arg1, b, arg3));
10366         unlock_user(b, arg2, arg3);
10367         break;
10368     }
10369     case TARGET_NR_setxattr:
10370     case TARGET_NR_lsetxattr:
10371         {
10372             void *p, *n, *v = 0;
10373             if (arg3) {
10374                 v = lock_user(VERIFY_READ, arg3, arg4, 1);
10375                 if (!v) {
10376                     ret = -TARGET_EFAULT;
10377                     break;
10378                 }
10379             }
10380             p = lock_user_string(arg1);
10381             n = lock_user_string(arg2);
10382             if (p && n) {
10383                 if (num == TARGET_NR_setxattr) {
10384                     ret = get_errno(setxattr(p, n, v, arg4, arg5));
10385                 } else {
10386                     ret = get_errno(lsetxattr(p, n, v, arg4, arg5));
10387                 }
10388             } else {
10389                 ret = -TARGET_EFAULT;
10390             }
10391             unlock_user(p, arg1, 0);
10392             unlock_user(n, arg2, 0);
10393             unlock_user(v, arg3, 0);
10394         }
10395         break;
10396     case TARGET_NR_fsetxattr:
10397         {
10398             void *n, *v = 0;
10399             if (arg3) {
10400                 v = lock_user(VERIFY_READ, arg3, arg4, 1);
10401                 if (!v) {
10402                     ret = -TARGET_EFAULT;
10403                     break;
10404                 }
10405             }
10406             n = lock_user_string(arg2);
10407             if (n) {
10408                 ret = get_errno(fsetxattr(arg1, n, v, arg4, arg5));
10409             } else {
10410                 ret = -TARGET_EFAULT;
10411             }
10412             unlock_user(n, arg2, 0);
10413             unlock_user(v, arg3, 0);
10414         }
10415         break;
10416     case TARGET_NR_getxattr:
10417     case TARGET_NR_lgetxattr:
10418         {
10419             void *p, *n, *v = 0;
10420             if (arg3) {
10421                 v = lock_user(VERIFY_WRITE, arg3, arg4, 0);
10422                 if (!v) {
10423                     ret = -TARGET_EFAULT;
10424                     break;
10425                 }
10426             }
10427             p = lock_user_string(arg1);
10428             n = lock_user_string(arg2);
10429             if (p && n) {
10430                 if (num == TARGET_NR_getxattr) {
10431                     ret = get_errno(getxattr(p, n, v, arg4));
10432                 } else {
10433                     ret = get_errno(lgetxattr(p, n, v, arg4));
10434                 }
10435             } else {
10436                 ret = -TARGET_EFAULT;
10437             }
10438             unlock_user(p, arg1, 0);
10439             unlock_user(n, arg2, 0);
10440             unlock_user(v, arg3, arg4);
10441         }
10442         break;
10443     case TARGET_NR_fgetxattr:
10444         {
10445             void *n, *v = 0;
10446             if (arg3) {
10447                 v = lock_user(VERIFY_WRITE, arg3, arg4, 0);
10448                 if (!v) {
10449                     ret = -TARGET_EFAULT;
10450                     break;
10451                 }
10452             }
10453             n = lock_user_string(arg2);
10454             if (n) {
10455                 ret = get_errno(fgetxattr(arg1, n, v, arg4));
10456             } else {
10457                 ret = -TARGET_EFAULT;
10458             }
10459             unlock_user(n, arg2, 0);
10460             unlock_user(v, arg3, arg4);
10461         }
10462         break;
10463     case TARGET_NR_removexattr:
10464     case TARGET_NR_lremovexattr:
10465         {
10466             void *p, *n;
10467             p = lock_user_string(arg1);
10468             n = lock_user_string(arg2);
10469             if (p && n) {
10470                 if (num == TARGET_NR_removexattr) {
10471                     ret = get_errno(removexattr(p, n));
10472                 } else {
10473                     ret = get_errno(lremovexattr(p, n));
10474                 }
10475             } else {
10476                 ret = -TARGET_EFAULT;
10477             }
10478             unlock_user(p, arg1, 0);
10479             unlock_user(n, arg2, 0);
10480         }
10481         break;
10482     case TARGET_NR_fremovexattr:
10483         {
10484             void *n;
10485             n = lock_user_string(arg2);
10486             if (n) {
10487                 ret = get_errno(fremovexattr(arg1, n));
10488             } else {
10489                 ret = -TARGET_EFAULT;
10490             }
10491             unlock_user(n, arg2, 0);
10492         }
10493         break;
10494 #endif
10495 #endif /* CONFIG_ATTR */
10496 #ifdef TARGET_NR_set_thread_area
10497     case TARGET_NR_set_thread_area:
10498 #if defined(TARGET_MIPS)
10499       ((CPUMIPSState *) cpu_env)->active_tc.CP0_UserLocal = arg1;
10500       ret = 0;
10501       break;
10502 #elif defined(TARGET_CRIS)
10503       if (arg1 & 0xff)
10504           ret = -TARGET_EINVAL;
10505       else {
10506           ((CPUCRISState *) cpu_env)->pregs[PR_PID] = arg1;
10507           ret = 0;
10508       }
10509       break;
10510 #elif defined(TARGET_I386) && defined(TARGET_ABI32)
10511       ret = do_set_thread_area(cpu_env, arg1);
10512       break;
10513 #elif defined(TARGET_M68K)
10514       {
10515           TaskState *ts = cpu->opaque;
10516           ts->tp_value = arg1;
10517           ret = 0;
10518           break;
10519       }
10520 #else
10521       goto unimplemented_nowarn;
10522 #endif
10523 #endif
10524 #ifdef TARGET_NR_get_thread_area
10525     case TARGET_NR_get_thread_area:
10526 #if defined(TARGET_I386) && defined(TARGET_ABI32)
10527         ret = do_get_thread_area(cpu_env, arg1);
10528         break;
10529 #elif defined(TARGET_M68K)
10530         {
10531             TaskState *ts = cpu->opaque;
10532             ret = ts->tp_value;
10533             break;
10534         }
10535 #else
10536         goto unimplemented_nowarn;
10537 #endif
10538 #endif
10539 #ifdef TARGET_NR_getdomainname
10540     case TARGET_NR_getdomainname:
10541         goto unimplemented_nowarn;
10542 #endif
10543 
10544 #ifdef TARGET_NR_clock_gettime
10545     case TARGET_NR_clock_gettime:
10546     {
10547         struct timespec ts;
10548         ret = get_errno(clock_gettime(arg1, &ts));
10549         if (!is_error(ret)) {
10550             host_to_target_timespec(arg2, &ts);
10551         }
10552         break;
10553     }
10554 #endif
10555 #ifdef TARGET_NR_clock_getres
10556     case TARGET_NR_clock_getres:
10557     {
10558         struct timespec ts;
10559         ret = get_errno(clock_getres(arg1, &ts));
10560         if (!is_error(ret)) {
10561             host_to_target_timespec(arg2, &ts);
10562         }
10563         break;
10564     }
10565 #endif
10566 #ifdef TARGET_NR_clock_nanosleep
10567     case TARGET_NR_clock_nanosleep:
10568     {
10569         struct timespec ts;
10570         target_to_host_timespec(&ts, arg3);
10571         ret = get_errno(safe_clock_nanosleep(arg1, arg2,
10572                                              &ts, arg4 ? &ts : NULL));
10573         if (arg4)
10574             host_to_target_timespec(arg4, &ts);
10575 
10576 #if defined(TARGET_PPC)
10577         /* clock_nanosleep is odd in that it returns positive errno values.
10578          * On PPC, CR0 bit 3 should be set in such a situation. */
10579         if (ret && ret != -TARGET_ERESTARTSYS) {
10580             ((CPUPPCState *)cpu_env)->crf[0] |= 1;
10581         }
10582 #endif
10583         break;
10584     }
10585 #endif
10586 
10587 #if defined(TARGET_NR_set_tid_address) && defined(__NR_set_tid_address)
10588     case TARGET_NR_set_tid_address:
10589         ret = get_errno(set_tid_address((int *)g2h(arg1)));
10590         break;
10591 #endif
10592 
10593     case TARGET_NR_tkill:
10594         ret = get_errno(safe_tkill((int)arg1, target_to_host_signal(arg2)));
10595         break;
10596 
10597     case TARGET_NR_tgkill:
10598         ret = get_errno(safe_tgkill((int)arg1, (int)arg2,
10599                         target_to_host_signal(arg3)));
10600         break;
10601 
10602 #ifdef TARGET_NR_set_robust_list
10603     case TARGET_NR_set_robust_list:
10604     case TARGET_NR_get_robust_list:
10605         /* The ABI for supporting robust futexes has userspace pass
10606          * the kernel a pointer to a linked list which is updated by
10607          * userspace after the syscall; the list is walked by the kernel
10608          * when the thread exits. Since the linked list in QEMU guest
10609          * memory isn't a valid linked list for the host and we have
10610          * no way to reliably intercept the thread-death event, we can't
10611          * support these. Silently return ENOSYS so that guest userspace
10612          * falls back to a non-robust futex implementation (which should
10613          * be OK except in the corner case of the guest crashing while
10614          * holding a mutex that is shared with another process via
10615          * shared memory).
10616          */
10617         goto unimplemented_nowarn;
10618 #endif
10619 
10620 #if defined(TARGET_NR_utimensat)
10621     case TARGET_NR_utimensat:
10622         {
10623             struct timespec *tsp, ts[2];
10624             if (!arg3) {
10625                 tsp = NULL;
10626             } else {
10627                 target_to_host_timespec(ts, arg3);
10628                 target_to_host_timespec(ts+1, arg3+sizeof(struct target_timespec));
10629                 tsp = ts;
10630             }
10631             if (!arg2)
10632                 ret = get_errno(sys_utimensat(arg1, NULL, tsp, arg4));
10633             else {
10634                 if (!(p = lock_user_string(arg2))) {
10635                     ret = -TARGET_EFAULT;
10636                     goto fail;
10637                 }
10638                 ret = get_errno(sys_utimensat(arg1, path(p), tsp, arg4));
10639                 unlock_user(p, arg2, 0);
10640             }
10641         }
10642 	break;
10643 #endif
10644     case TARGET_NR_futex:
10645         ret = do_futex(arg1, arg2, arg3, arg4, arg5, arg6);
10646         break;
10647 #if defined(TARGET_NR_inotify_init) && defined(__NR_inotify_init)
10648     case TARGET_NR_inotify_init:
10649         ret = get_errno(sys_inotify_init());
10650         break;
10651 #endif
10652 #ifdef CONFIG_INOTIFY1
10653 #if defined(TARGET_NR_inotify_init1) && defined(__NR_inotify_init1)
10654     case TARGET_NR_inotify_init1:
10655         ret = get_errno(sys_inotify_init1(arg1));
10656         break;
10657 #endif
10658 #endif
10659 #if defined(TARGET_NR_inotify_add_watch) && defined(__NR_inotify_add_watch)
10660     case TARGET_NR_inotify_add_watch:
10661         p = lock_user_string(arg2);
10662         ret = get_errno(sys_inotify_add_watch(arg1, path(p), arg3));
10663         unlock_user(p, arg2, 0);
10664         break;
10665 #endif
10666 #if defined(TARGET_NR_inotify_rm_watch) && defined(__NR_inotify_rm_watch)
10667     case TARGET_NR_inotify_rm_watch:
10668         ret = get_errno(sys_inotify_rm_watch(arg1, arg2));
10669         break;
10670 #endif
10671 
10672 #if defined(TARGET_NR_mq_open) && defined(__NR_mq_open)
10673     case TARGET_NR_mq_open:
10674         {
10675             struct mq_attr posix_mq_attr, *attrp;
10676 
10677             p = lock_user_string(arg1 - 1);
10678             if (arg4 != 0) {
10679                 copy_from_user_mq_attr (&posix_mq_attr, arg4);
10680                 attrp = &posix_mq_attr;
10681             } else {
10682                 attrp = 0;
10683             }
10684             ret = get_errno(mq_open(p, arg2, arg3, attrp));
10685             unlock_user (p, arg1, 0);
10686         }
10687         break;
10688 
10689     case TARGET_NR_mq_unlink:
10690         p = lock_user_string(arg1 - 1);
10691         ret = get_errno(mq_unlink(p));
10692         unlock_user (p, arg1, 0);
10693         break;
10694 
10695     case TARGET_NR_mq_timedsend:
10696         {
10697             struct timespec ts;
10698 
10699             p = lock_user (VERIFY_READ, arg2, arg3, 1);
10700             if (arg5 != 0) {
10701                 target_to_host_timespec(&ts, arg5);
10702                 ret = get_errno(safe_mq_timedsend(arg1, p, arg3, arg4, &ts));
10703                 host_to_target_timespec(arg5, &ts);
10704             } else {
10705                 ret = get_errno(safe_mq_timedsend(arg1, p, arg3, arg4, NULL));
10706             }
10707             unlock_user (p, arg2, arg3);
10708         }
10709         break;
10710 
10711     case TARGET_NR_mq_timedreceive:
10712         {
10713             struct timespec ts;
10714             unsigned int prio;
10715 
10716             p = lock_user (VERIFY_READ, arg2, arg3, 1);
10717             if (arg5 != 0) {
10718                 target_to_host_timespec(&ts, arg5);
10719                 ret = get_errno(safe_mq_timedreceive(arg1, p, arg3,
10720                                                      &prio, &ts));
10721                 host_to_target_timespec(arg5, &ts);
10722             } else {
10723                 ret = get_errno(safe_mq_timedreceive(arg1, p, arg3,
10724                                                      &prio, NULL));
10725             }
10726             unlock_user (p, arg2, arg3);
10727             if (arg4 != 0)
10728                 put_user_u32(prio, arg4);
10729         }
10730         break;
10731 
10732     /* Not implemented for now... */
10733 /*     case TARGET_NR_mq_notify: */
10734 /*         break; */
10735 
10736     case TARGET_NR_mq_getsetattr:
10737         {
10738             struct mq_attr posix_mq_attr_in, posix_mq_attr_out;
10739             ret = 0;
10740             if (arg3 != 0) {
10741                 ret = mq_getattr(arg1, &posix_mq_attr_out);
10742                 copy_to_user_mq_attr(arg3, &posix_mq_attr_out);
10743             }
10744             if (arg2 != 0) {
10745                 copy_from_user_mq_attr(&posix_mq_attr_in, arg2);
10746                 ret |= mq_setattr(arg1, &posix_mq_attr_in, &posix_mq_attr_out);
10747             }
10748 
10749         }
10750         break;
10751 #endif
10752 
10753 #ifdef CONFIG_SPLICE
10754 #ifdef TARGET_NR_tee
10755     case TARGET_NR_tee:
10756         {
10757             ret = get_errno(tee(arg1,arg2,arg3,arg4));
10758         }
10759         break;
10760 #endif
10761 #ifdef TARGET_NR_splice
10762     case TARGET_NR_splice:
10763         {
10764             loff_t loff_in, loff_out;
10765             loff_t *ploff_in = NULL, *ploff_out = NULL;
10766             if (arg2) {
10767                 if (get_user_u64(loff_in, arg2)) {
10768                     goto efault;
10769                 }
10770                 ploff_in = &loff_in;
10771             }
10772             if (arg4) {
10773                 if (get_user_u64(loff_out, arg4)) {
10774                     goto efault;
10775                 }
10776                 ploff_out = &loff_out;
10777             }
10778             ret = get_errno(splice(arg1, ploff_in, arg3, ploff_out, arg5, arg6));
10779             if (arg2) {
10780                 if (put_user_u64(loff_in, arg2)) {
10781                     goto efault;
10782                 }
10783             }
10784             if (arg4) {
10785                 if (put_user_u64(loff_out, arg4)) {
10786                     goto efault;
10787                 }
10788             }
10789         }
10790         break;
10791 #endif
10792 #ifdef TARGET_NR_vmsplice
10793 	case TARGET_NR_vmsplice:
10794         {
10795             struct iovec *vec = lock_iovec(VERIFY_READ, arg2, arg3, 1);
10796             if (vec != NULL) {
10797                 ret = get_errno(vmsplice(arg1, vec, arg3, arg4));
10798                 unlock_iovec(vec, arg2, arg3, 0);
10799             } else {
10800                 ret = -host_to_target_errno(errno);
10801             }
10802         }
10803         break;
10804 #endif
10805 #endif /* CONFIG_SPLICE */
10806 #ifdef CONFIG_EVENTFD
10807 #if defined(TARGET_NR_eventfd)
10808     case TARGET_NR_eventfd:
10809         ret = get_errno(eventfd(arg1, 0));
10810         fd_trans_unregister(ret);
10811         break;
10812 #endif
10813 #if defined(TARGET_NR_eventfd2)
10814     case TARGET_NR_eventfd2:
10815     {
10816         int host_flags = arg2 & (~(TARGET_O_NONBLOCK | TARGET_O_CLOEXEC));
10817         if (arg2 & TARGET_O_NONBLOCK) {
10818             host_flags |= O_NONBLOCK;
10819         }
10820         if (arg2 & TARGET_O_CLOEXEC) {
10821             host_flags |= O_CLOEXEC;
10822         }
10823         ret = get_errno(eventfd(arg1, host_flags));
10824         fd_trans_unregister(ret);
10825         break;
10826     }
10827 #endif
10828 #endif /* CONFIG_EVENTFD  */
10829 #if defined(CONFIG_FALLOCATE) && defined(TARGET_NR_fallocate)
10830     case TARGET_NR_fallocate:
10831 #if TARGET_ABI_BITS == 32
10832         ret = get_errno(fallocate(arg1, arg2, target_offset64(arg3, arg4),
10833                                   target_offset64(arg5, arg6)));
10834 #else
10835         ret = get_errno(fallocate(arg1, arg2, arg3, arg4));
10836 #endif
10837         break;
10838 #endif
10839 #if defined(CONFIG_SYNC_FILE_RANGE)
10840 #if defined(TARGET_NR_sync_file_range)
10841     case TARGET_NR_sync_file_range:
10842 #if TARGET_ABI_BITS == 32
10843 #if defined(TARGET_MIPS)
10844         ret = get_errno(sync_file_range(arg1, target_offset64(arg3, arg4),
10845                                         target_offset64(arg5, arg6), arg7));
10846 #else
10847         ret = get_errno(sync_file_range(arg1, target_offset64(arg2, arg3),
10848                                         target_offset64(arg4, arg5), arg6));
10849 #endif /* !TARGET_MIPS */
10850 #else
10851         ret = get_errno(sync_file_range(arg1, arg2, arg3, arg4));
10852 #endif
10853         break;
10854 #endif
10855 #if defined(TARGET_NR_sync_file_range2)
10856     case TARGET_NR_sync_file_range2:
10857         /* This is like sync_file_range but the arguments are reordered */
10858 #if TARGET_ABI_BITS == 32
10859         ret = get_errno(sync_file_range(arg1, target_offset64(arg3, arg4),
10860                                         target_offset64(arg5, arg6), arg2));
10861 #else
10862         ret = get_errno(sync_file_range(arg1, arg3, arg4, arg2));
10863 #endif
10864         break;
10865 #endif
10866 #endif
10867 #if defined(TARGET_NR_signalfd4)
10868     case TARGET_NR_signalfd4:
10869         ret = do_signalfd4(arg1, arg2, arg4);
10870         break;
10871 #endif
10872 #if defined(TARGET_NR_signalfd)
10873     case TARGET_NR_signalfd:
10874         ret = do_signalfd4(arg1, arg2, 0);
10875         break;
10876 #endif
10877 #if defined(CONFIG_EPOLL)
10878 #if defined(TARGET_NR_epoll_create)
10879     case TARGET_NR_epoll_create:
10880         ret = get_errno(epoll_create(arg1));
10881         break;
10882 #endif
10883 #if defined(TARGET_NR_epoll_create1) && defined(CONFIG_EPOLL_CREATE1)
10884     case TARGET_NR_epoll_create1:
10885         ret = get_errno(epoll_create1(arg1));
10886         break;
10887 #endif
10888 #if defined(TARGET_NR_epoll_ctl)
10889     case TARGET_NR_epoll_ctl:
10890     {
10891         struct epoll_event ep;
10892         struct epoll_event *epp = 0;
10893         if (arg4) {
10894             struct target_epoll_event *target_ep;
10895             if (!lock_user_struct(VERIFY_READ, target_ep, arg4, 1)) {
10896                 goto efault;
10897             }
10898             ep.events = tswap32(target_ep->events);
10899             /* The epoll_data_t union is just opaque data to the kernel,
10900              * so we transfer all 64 bits across and need not worry what
10901              * actual data type it is.
10902              */
10903             ep.data.u64 = tswap64(target_ep->data.u64);
10904             unlock_user_struct(target_ep, arg4, 0);
10905             epp = &ep;
10906         }
10907         ret = get_errno(epoll_ctl(arg1, arg2, arg3, epp));
10908         break;
10909     }
10910 #endif
10911 
10912 #if defined(TARGET_NR_epoll_wait) || defined(TARGET_NR_epoll_pwait)
10913 #if defined(TARGET_NR_epoll_wait)
10914     case TARGET_NR_epoll_wait:
10915 #endif
10916 #if defined(TARGET_NR_epoll_pwait)
10917     case TARGET_NR_epoll_pwait:
10918 #endif
10919     {
10920         struct target_epoll_event *target_ep;
10921         struct epoll_event *ep;
10922         int epfd = arg1;
10923         int maxevents = arg3;
10924         int timeout = arg4;
10925 
10926         target_ep = lock_user(VERIFY_WRITE, arg2,
10927                               maxevents * sizeof(struct target_epoll_event), 1);
10928         if (!target_ep) {
10929             goto efault;
10930         }
10931 
10932         ep = alloca(maxevents * sizeof(struct epoll_event));
10933 
10934         switch (num) {
10935 #if defined(TARGET_NR_epoll_pwait)
10936         case TARGET_NR_epoll_pwait:
10937         {
10938             target_sigset_t *target_set;
10939             sigset_t _set, *set = &_set;
10940 
10941             if (arg5) {
10942                 target_set = lock_user(VERIFY_READ, arg5,
10943                                        sizeof(target_sigset_t), 1);
10944                 if (!target_set) {
10945                     unlock_user(target_ep, arg2, 0);
10946                     goto efault;
10947                 }
10948                 target_to_host_sigset(set, target_set);
10949                 unlock_user(target_set, arg5, 0);
10950             } else {
10951                 set = NULL;
10952             }
10953 
10954             ret = get_errno(safe_epoll_pwait(epfd, ep, maxevents, timeout,
10955                                              set, SIGSET_T_SIZE));
10956             break;
10957         }
10958 #endif
10959 #if defined(TARGET_NR_epoll_wait)
10960         case TARGET_NR_epoll_wait:
10961             ret = get_errno(safe_epoll_pwait(epfd, ep, maxevents, timeout,
10962                                              NULL, 0));
10963             break;
10964 #endif
10965         default:
10966             ret = -TARGET_ENOSYS;
10967         }
10968         if (!is_error(ret)) {
10969             int i;
10970             for (i = 0; i < ret; i++) {
10971                 target_ep[i].events = tswap32(ep[i].events);
10972                 target_ep[i].data.u64 = tswap64(ep[i].data.u64);
10973             }
10974         }
10975         unlock_user(target_ep, arg2, ret * sizeof(struct target_epoll_event));
10976         break;
10977     }
10978 #endif
10979 #endif
10980 #ifdef TARGET_NR_prlimit64
10981     case TARGET_NR_prlimit64:
10982     {
10983         /* args: pid, resource number, ptr to new rlimit, ptr to old rlimit */
10984         struct target_rlimit64 *target_rnew, *target_rold;
10985         struct host_rlimit64 rnew, rold, *rnewp = 0;
10986         int resource = target_to_host_resource(arg2);
10987         if (arg3) {
10988             if (!lock_user_struct(VERIFY_READ, target_rnew, arg3, 1)) {
10989                 goto efault;
10990             }
10991             rnew.rlim_cur = tswap64(target_rnew->rlim_cur);
10992             rnew.rlim_max = tswap64(target_rnew->rlim_max);
10993             unlock_user_struct(target_rnew, arg3, 0);
10994             rnewp = &rnew;
10995         }
10996 
10997         ret = get_errno(sys_prlimit64(arg1, resource, rnewp, arg4 ? &rold : 0));
10998         if (!is_error(ret) && arg4) {
10999             if (!lock_user_struct(VERIFY_WRITE, target_rold, arg4, 1)) {
11000                 goto efault;
11001             }
11002             target_rold->rlim_cur = tswap64(rold.rlim_cur);
11003             target_rold->rlim_max = tswap64(rold.rlim_max);
11004             unlock_user_struct(target_rold, arg4, 1);
11005         }
11006         break;
11007     }
11008 #endif
11009 #ifdef TARGET_NR_gethostname
11010     case TARGET_NR_gethostname:
11011     {
11012         char *name = lock_user(VERIFY_WRITE, arg1, arg2, 0);
11013         if (name) {
11014             ret = get_errno(gethostname(name, arg2));
11015             unlock_user(name, arg1, arg2);
11016         } else {
11017             ret = -TARGET_EFAULT;
11018         }
11019         break;
11020     }
11021 #endif
11022 #ifdef TARGET_NR_atomic_cmpxchg_32
11023     case TARGET_NR_atomic_cmpxchg_32:
11024     {
11025         /* should use start_exclusive from main.c */
11026         abi_ulong mem_value;
11027         if (get_user_u32(mem_value, arg6)) {
11028             target_siginfo_t info;
11029             info.si_signo = SIGSEGV;
11030             info.si_errno = 0;
11031             info.si_code = TARGET_SEGV_MAPERR;
11032             info._sifields._sigfault._addr = arg6;
11033             queue_signal((CPUArchState *)cpu_env, info.si_signo, &info);
11034             ret = 0xdeadbeef;
11035 
11036         }
11037         if (mem_value == arg2)
11038             put_user_u32(arg1, arg6);
11039         ret = mem_value;
11040         break;
11041     }
11042 #endif
11043 #ifdef TARGET_NR_atomic_barrier
11044     case TARGET_NR_atomic_barrier:
11045     {
11046         /* Like the kernel implementation and the qemu arm barrier, no-op this? */
11047         ret = 0;
11048         break;
11049     }
11050 #endif
11051 
11052 #ifdef TARGET_NR_timer_create
11053     case TARGET_NR_timer_create:
11054     {
11055         /* args: clockid_t clockid, struct sigevent *sevp, timer_t *timerid */
11056 
11057         struct sigevent host_sevp = { {0}, }, *phost_sevp = NULL;
11058 
11059         int clkid = arg1;
11060         int timer_index = next_free_host_timer();
11061 
11062         if (timer_index < 0) {
11063             ret = -TARGET_EAGAIN;
11064         } else {
11065             timer_t *phtimer = g_posix_timers  + timer_index;
11066 
11067             if (arg2) {
11068                 phost_sevp = &host_sevp;
11069                 ret = target_to_host_sigevent(phost_sevp, arg2);
11070                 if (ret != 0) {
11071                     break;
11072                 }
11073             }
11074 
11075             ret = get_errno(timer_create(clkid, phost_sevp, phtimer));
11076             if (ret) {
11077                 phtimer = NULL;
11078             } else {
11079                 if (put_user(TIMER_MAGIC | timer_index, arg3, target_timer_t)) {
11080                     goto efault;
11081                 }
11082             }
11083         }
11084         break;
11085     }
11086 #endif
11087 
11088 #ifdef TARGET_NR_timer_settime
11089     case TARGET_NR_timer_settime:
11090     {
11091         /* args: timer_t timerid, int flags, const struct itimerspec *new_value,
11092          * struct itimerspec * old_value */
11093         target_timer_t timerid = get_timer_id(arg1);
11094 
11095         if (timerid < 0) {
11096             ret = timerid;
11097         } else if (arg3 == 0) {
11098             ret = -TARGET_EINVAL;
11099         } else {
11100             timer_t htimer = g_posix_timers[timerid];
11101             struct itimerspec hspec_new = {{0},}, hspec_old = {{0},};
11102 
11103             target_to_host_itimerspec(&hspec_new, arg3);
11104             ret = get_errno(
11105                           timer_settime(htimer, arg2, &hspec_new, &hspec_old));
11106             host_to_target_itimerspec(arg2, &hspec_old);
11107         }
11108         break;
11109     }
11110 #endif
11111 
11112 #ifdef TARGET_NR_timer_gettime
11113     case TARGET_NR_timer_gettime:
11114     {
11115         /* args: timer_t timerid, struct itimerspec *curr_value */
11116         target_timer_t timerid = get_timer_id(arg1);
11117 
11118         if (timerid < 0) {
11119             ret = timerid;
11120         } else if (!arg2) {
11121             ret = -TARGET_EFAULT;
11122         } else {
11123             timer_t htimer = g_posix_timers[timerid];
11124             struct itimerspec hspec;
11125             ret = get_errno(timer_gettime(htimer, &hspec));
11126 
11127             if (host_to_target_itimerspec(arg2, &hspec)) {
11128                 ret = -TARGET_EFAULT;
11129             }
11130         }
11131         break;
11132     }
11133 #endif
11134 
11135 #ifdef TARGET_NR_timer_getoverrun
11136     case TARGET_NR_timer_getoverrun:
11137     {
11138         /* args: timer_t timerid */
11139         target_timer_t timerid = get_timer_id(arg1);
11140 
11141         if (timerid < 0) {
11142             ret = timerid;
11143         } else {
11144             timer_t htimer = g_posix_timers[timerid];
11145             ret = get_errno(timer_getoverrun(htimer));
11146         }
11147         fd_trans_unregister(ret);
11148         break;
11149     }
11150 #endif
11151 
11152 #ifdef TARGET_NR_timer_delete
11153     case TARGET_NR_timer_delete:
11154     {
11155         /* args: timer_t timerid */
11156         target_timer_t timerid = get_timer_id(arg1);
11157 
11158         if (timerid < 0) {
11159             ret = timerid;
11160         } else {
11161             timer_t htimer = g_posix_timers[timerid];
11162             ret = get_errno(timer_delete(htimer));
11163             g_posix_timers[timerid] = 0;
11164         }
11165         break;
11166     }
11167 #endif
11168 
11169 #if defined(TARGET_NR_timerfd_create) && defined(CONFIG_TIMERFD)
11170     case TARGET_NR_timerfd_create:
11171         ret = get_errno(timerfd_create(arg1,
11172                 target_to_host_bitmask(arg2, fcntl_flags_tbl)));
11173         break;
11174 #endif
11175 
11176 #if defined(TARGET_NR_timerfd_gettime) && defined(CONFIG_TIMERFD)
11177     case TARGET_NR_timerfd_gettime:
11178         {
11179             struct itimerspec its_curr;
11180 
11181             ret = get_errno(timerfd_gettime(arg1, &its_curr));
11182 
11183             if (arg2 && host_to_target_itimerspec(arg2, &its_curr)) {
11184                 goto efault;
11185             }
11186         }
11187         break;
11188 #endif
11189 
11190 #if defined(TARGET_NR_timerfd_settime) && defined(CONFIG_TIMERFD)
11191     case TARGET_NR_timerfd_settime:
11192         {
11193             struct itimerspec its_new, its_old, *p_new;
11194 
11195             if (arg3) {
11196                 if (target_to_host_itimerspec(&its_new, arg3)) {
11197                     goto efault;
11198                 }
11199                 p_new = &its_new;
11200             } else {
11201                 p_new = NULL;
11202             }
11203 
11204             ret = get_errno(timerfd_settime(arg1, arg2, p_new, &its_old));
11205 
11206             if (arg4 && host_to_target_itimerspec(arg4, &its_old)) {
11207                 goto efault;
11208             }
11209         }
11210         break;
11211 #endif
11212 
11213 #if defined(TARGET_NR_ioprio_get) && defined(__NR_ioprio_get)
11214     case TARGET_NR_ioprio_get:
11215         ret = get_errno(ioprio_get(arg1, arg2));
11216         break;
11217 #endif
11218 
11219 #if defined(TARGET_NR_ioprio_set) && defined(__NR_ioprio_set)
11220     case TARGET_NR_ioprio_set:
11221         ret = get_errno(ioprio_set(arg1, arg2, arg3));
11222         break;
11223 #endif
11224 
11225 #if defined(TARGET_NR_setns) && defined(CONFIG_SETNS)
11226     case TARGET_NR_setns:
11227         ret = get_errno(setns(arg1, arg2));
11228         break;
11229 #endif
11230 #if defined(TARGET_NR_unshare) && defined(CONFIG_SETNS)
11231     case TARGET_NR_unshare:
11232         ret = get_errno(unshare(arg1));
11233         break;
11234 #endif
11235 
11236     default:
11237     unimplemented:
11238         gemu_log("qemu: Unsupported syscall: %d\n", num);
11239 #if defined(TARGET_NR_setxattr) || defined(TARGET_NR_get_thread_area) || defined(TARGET_NR_getdomainname) || defined(TARGET_NR_set_robust_list)
11240     unimplemented_nowarn:
11241 #endif
11242         ret = -TARGET_ENOSYS;
11243         break;
11244     }
11245 fail:
11246 #ifdef DEBUG
11247     gemu_log(" = " TARGET_ABI_FMT_ld "\n", ret);
11248 #endif
11249     if(do_strace)
11250         print_syscall_ret(num, ret);
11251     trace_guest_user_syscall_ret(cpu, num, ret);
11252     return ret;
11253 efault:
11254     ret = -TARGET_EFAULT;
11255     goto fail;
11256 }
11257