xref: /openbmc/qemu/linux-user/syscall.c (revision d40d3da0)
1 /*
2  *  Linux syscalls
3  *
4  *  Copyright (c) 2003 Fabrice Bellard
5  *
6  *  This program is free software; you can redistribute it and/or modify
7  *  it under the terms of the GNU General Public License as published by
8  *  the Free Software Foundation; either version 2 of the License, or
9  *  (at your option) any later version.
10  *
11  *  This program is distributed in the hope that it will be useful,
12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  *  GNU General Public License for more details.
15  *
16  *  You should have received a copy of the GNU General Public License
17  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
18  */
19 #define _ATFILE_SOURCE
20 #include "qemu/osdep.h"
21 #include "qemu/cutils.h"
22 #include "qemu/path.h"
23 #include <elf.h>
24 #include <endian.h>
25 #include <grp.h>
26 #include <sys/ipc.h>
27 #include <sys/msg.h>
28 #include <sys/wait.h>
29 #include <sys/mount.h>
30 #include <sys/file.h>
31 #include <sys/fsuid.h>
32 #include <sys/personality.h>
33 #include <sys/prctl.h>
34 #include <sys/resource.h>
35 #include <sys/swap.h>
36 #include <linux/capability.h>
37 #include <sched.h>
38 #include <sys/timex.h>
39 #ifdef __ia64__
40 int __clone2(int (*fn)(void *), void *child_stack_base,
41              size_t stack_size, int flags, void *arg, ...);
42 #endif
43 #include <sys/socket.h>
44 #include <sys/un.h>
45 #include <sys/uio.h>
46 #include <poll.h>
47 #include <sys/times.h>
48 #include <sys/shm.h>
49 #include <sys/sem.h>
50 #include <sys/statfs.h>
51 #include <time.h>
52 #include <utime.h>
53 #include <sys/sysinfo.h>
54 #include <sys/signalfd.h>
55 //#include <sys/user.h>
56 #include <netinet/ip.h>
57 #include <netinet/tcp.h>
58 #include <linux/wireless.h>
59 #include <linux/icmp.h>
60 #include <linux/icmpv6.h>
61 #include <linux/errqueue.h>
62 #include "qemu-common.h"
63 #ifdef CONFIG_TIMERFD
64 #include <sys/timerfd.h>
65 #endif
66 #ifdef TARGET_GPROF
67 #include <sys/gmon.h>
68 #endif
69 #ifdef CONFIG_EVENTFD
70 #include <sys/eventfd.h>
71 #endif
72 #ifdef CONFIG_EPOLL
73 #include <sys/epoll.h>
74 #endif
75 #ifdef CONFIG_ATTR
76 #include "qemu/xattr.h"
77 #endif
78 #ifdef CONFIG_SENDFILE
79 #include <sys/sendfile.h>
80 #endif
81 
82 #define termios host_termios
83 #define winsize host_winsize
84 #define termio host_termio
85 #define sgttyb host_sgttyb /* same as target */
86 #define tchars host_tchars /* same as target */
87 #define ltchars host_ltchars /* same as target */
88 
89 #include <linux/termios.h>
90 #include <linux/unistd.h>
91 #include <linux/cdrom.h>
92 #include <linux/hdreg.h>
93 #include <linux/soundcard.h>
94 #include <linux/kd.h>
95 #include <linux/mtio.h>
96 #include <linux/fs.h>
97 #if defined(CONFIG_FIEMAP)
98 #include <linux/fiemap.h>
99 #endif
100 #include <linux/fb.h>
101 #include <linux/vt.h>
102 #include <linux/dm-ioctl.h>
103 #include <linux/reboot.h>
104 #include <linux/route.h>
105 #include <linux/filter.h>
106 #include <linux/blkpg.h>
107 #include <netpacket/packet.h>
108 #include <linux/netlink.h>
109 #ifdef CONFIG_RTNETLINK
110 #include <linux/rtnetlink.h>
111 #include <linux/if_bridge.h>
112 #endif
113 #include <linux/audit.h>
114 #include "linux_loop.h"
115 #include "uname.h"
116 
117 #include "qemu.h"
118 
119 #ifndef CLONE_IO
120 #define CLONE_IO                0x80000000      /* Clone io context */
121 #endif
122 
123 /* We can't directly call the host clone syscall, because this will
124  * badly confuse libc (breaking mutexes, for example). So we must
125  * divide clone flags into:
126  *  * flag combinations that look like pthread_create()
127  *  * flag combinations that look like fork()
128  *  * flags we can implement within QEMU itself
129  *  * flags we can't support and will return an error for
130  */
131 /* For thread creation, all these flags must be present; for
132  * fork, none must be present.
133  */
134 #define CLONE_THREAD_FLAGS                              \
135     (CLONE_VM | CLONE_FS | CLONE_FILES |                \
136      CLONE_SIGHAND | CLONE_THREAD | CLONE_SYSVSEM)
137 
138 /* These flags are ignored:
139  * CLONE_DETACHED is now ignored by the kernel;
140  * CLONE_IO is just an optimisation hint to the I/O scheduler
141  */
142 #define CLONE_IGNORED_FLAGS                     \
143     (CLONE_DETACHED | CLONE_IO)
144 
145 /* Flags for fork which we can implement within QEMU itself */
146 #define CLONE_OPTIONAL_FORK_FLAGS               \
147     (CLONE_SETTLS | CLONE_PARENT_SETTID |       \
148      CLONE_CHILD_CLEARTID | CLONE_CHILD_SETTID)
149 
150 /* Flags for thread creation which we can implement within QEMU itself */
151 #define CLONE_OPTIONAL_THREAD_FLAGS                             \
152     (CLONE_SETTLS | CLONE_PARENT_SETTID |                       \
153      CLONE_CHILD_CLEARTID | CLONE_CHILD_SETTID | CLONE_PARENT)
154 
155 #define CLONE_INVALID_FORK_FLAGS                                        \
156     (~(CSIGNAL | CLONE_OPTIONAL_FORK_FLAGS | CLONE_IGNORED_FLAGS))
157 
158 #define CLONE_INVALID_THREAD_FLAGS                                      \
159     (~(CSIGNAL | CLONE_THREAD_FLAGS | CLONE_OPTIONAL_THREAD_FLAGS |     \
160        CLONE_IGNORED_FLAGS))
161 
162 /* CLONE_VFORK is special cased early in do_fork(). The other flag bits
163  * have almost all been allocated. We cannot support any of
164  * CLONE_NEWNS, CLONE_NEWCGROUP, CLONE_NEWUTS, CLONE_NEWIPC,
165  * CLONE_NEWUSER, CLONE_NEWPID, CLONE_NEWNET, CLONE_PTRACE, CLONE_UNTRACED.
166  * The checks against the invalid thread masks above will catch these.
167  * (The one remaining unallocated bit is 0x1000 which used to be CLONE_PID.)
168  */
169 
170 //#define DEBUG
171 /* Define DEBUG_ERESTARTSYS to force every syscall to be restarted
172  * once. This exercises the codepaths for restart.
173  */
174 //#define DEBUG_ERESTARTSYS
175 
176 //#include <linux/msdos_fs.h>
177 #define	VFAT_IOCTL_READDIR_BOTH		_IOR('r', 1, struct linux_dirent [2])
178 #define	VFAT_IOCTL_READDIR_SHORT	_IOR('r', 2, struct linux_dirent [2])
179 
180 #undef _syscall0
181 #undef _syscall1
182 #undef _syscall2
183 #undef _syscall3
184 #undef _syscall4
185 #undef _syscall5
186 #undef _syscall6
187 
188 #define _syscall0(type,name)		\
189 static type name (void)			\
190 {					\
191 	return syscall(__NR_##name);	\
192 }
193 
194 #define _syscall1(type,name,type1,arg1)		\
195 static type name (type1 arg1)			\
196 {						\
197 	return syscall(__NR_##name, arg1);	\
198 }
199 
200 #define _syscall2(type,name,type1,arg1,type2,arg2)	\
201 static type name (type1 arg1,type2 arg2)		\
202 {							\
203 	return syscall(__NR_##name, arg1, arg2);	\
204 }
205 
206 #define _syscall3(type,name,type1,arg1,type2,arg2,type3,arg3)	\
207 static type name (type1 arg1,type2 arg2,type3 arg3)		\
208 {								\
209 	return syscall(__NR_##name, arg1, arg2, arg3);		\
210 }
211 
212 #define _syscall4(type,name,type1,arg1,type2,arg2,type3,arg3,type4,arg4)	\
213 static type name (type1 arg1,type2 arg2,type3 arg3,type4 arg4)			\
214 {										\
215 	return syscall(__NR_##name, arg1, arg2, arg3, arg4);			\
216 }
217 
218 #define _syscall5(type,name,type1,arg1,type2,arg2,type3,arg3,type4,arg4,	\
219 		  type5,arg5)							\
220 static type name (type1 arg1,type2 arg2,type3 arg3,type4 arg4,type5 arg5)	\
221 {										\
222 	return syscall(__NR_##name, arg1, arg2, arg3, arg4, arg5);		\
223 }
224 
225 
226 #define _syscall6(type,name,type1,arg1,type2,arg2,type3,arg3,type4,arg4,	\
227 		  type5,arg5,type6,arg6)					\
228 static type name (type1 arg1,type2 arg2,type3 arg3,type4 arg4,type5 arg5,	\
229                   type6 arg6)							\
230 {										\
231 	return syscall(__NR_##name, arg1, arg2, arg3, arg4, arg5, arg6);	\
232 }
233 
234 
235 #define __NR_sys_uname __NR_uname
236 #define __NR_sys_getcwd1 __NR_getcwd
237 #define __NR_sys_getdents __NR_getdents
238 #define __NR_sys_getdents64 __NR_getdents64
239 #define __NR_sys_getpriority __NR_getpriority
240 #define __NR_sys_rt_sigqueueinfo __NR_rt_sigqueueinfo
241 #define __NR_sys_rt_tgsigqueueinfo __NR_rt_tgsigqueueinfo
242 #define __NR_sys_syslog __NR_syslog
243 #define __NR_sys_futex __NR_futex
244 #define __NR_sys_inotify_init __NR_inotify_init
245 #define __NR_sys_inotify_add_watch __NR_inotify_add_watch
246 #define __NR_sys_inotify_rm_watch __NR_inotify_rm_watch
247 
248 #if defined(__alpha__) || defined (__ia64__) || defined(__x86_64__) || \
249     defined(__s390x__)
250 #define __NR__llseek __NR_lseek
251 #endif
252 
253 /* Newer kernel ports have llseek() instead of _llseek() */
254 #if defined(TARGET_NR_llseek) && !defined(TARGET_NR__llseek)
255 #define TARGET_NR__llseek TARGET_NR_llseek
256 #endif
257 
258 #ifdef __NR_gettid
259 _syscall0(int, gettid)
260 #else
261 /* This is a replacement for the host gettid() and must return a host
262    errno. */
263 static int gettid(void) {
264     return -ENOSYS;
265 }
266 #endif
267 #if defined(TARGET_NR_getdents) && defined(__NR_getdents)
268 _syscall3(int, sys_getdents, uint, fd, struct linux_dirent *, dirp, uint, count);
269 #endif
270 #if !defined(__NR_getdents) || \
271     (defined(TARGET_NR_getdents64) && defined(__NR_getdents64))
272 _syscall3(int, sys_getdents64, uint, fd, struct linux_dirent64 *, dirp, uint, count);
273 #endif
274 #if defined(TARGET_NR__llseek) && defined(__NR_llseek)
275 _syscall5(int, _llseek,  uint,  fd, ulong, hi, ulong, lo,
276           loff_t *, res, uint, wh);
277 #endif
278 _syscall3(int, sys_rt_sigqueueinfo, pid_t, pid, int, sig, siginfo_t *, uinfo)
279 _syscall4(int, sys_rt_tgsigqueueinfo, pid_t, pid, pid_t, tid, int, sig,
280           siginfo_t *, uinfo)
281 _syscall3(int,sys_syslog,int,type,char*,bufp,int,len)
282 #ifdef __NR_exit_group
283 _syscall1(int,exit_group,int,error_code)
284 #endif
285 #if defined(TARGET_NR_set_tid_address) && defined(__NR_set_tid_address)
286 _syscall1(int,set_tid_address,int *,tidptr)
287 #endif
288 #if defined(TARGET_NR_futex) && defined(__NR_futex)
289 _syscall6(int,sys_futex,int *,uaddr,int,op,int,val,
290           const struct timespec *,timeout,int *,uaddr2,int,val3)
291 #endif
292 #define __NR_sys_sched_getaffinity __NR_sched_getaffinity
293 _syscall3(int, sys_sched_getaffinity, pid_t, pid, unsigned int, len,
294           unsigned long *, user_mask_ptr);
295 #define __NR_sys_sched_setaffinity __NR_sched_setaffinity
296 _syscall3(int, sys_sched_setaffinity, pid_t, pid, unsigned int, len,
297           unsigned long *, user_mask_ptr);
298 _syscall4(int, reboot, int, magic1, int, magic2, unsigned int, cmd,
299           void *, arg);
300 _syscall2(int, capget, struct __user_cap_header_struct *, header,
301           struct __user_cap_data_struct *, data);
302 _syscall2(int, capset, struct __user_cap_header_struct *, header,
303           struct __user_cap_data_struct *, data);
304 #if defined(TARGET_NR_ioprio_get) && defined(__NR_ioprio_get)
305 _syscall2(int, ioprio_get, int, which, int, who)
306 #endif
307 #if defined(TARGET_NR_ioprio_set) && defined(__NR_ioprio_set)
308 _syscall3(int, ioprio_set, int, which, int, who, int, ioprio)
309 #endif
310 #if defined(TARGET_NR_getrandom) && defined(__NR_getrandom)
311 _syscall3(int, getrandom, void *, buf, size_t, buflen, unsigned int, flags)
312 #endif
313 
314 #if defined(TARGET_NR_kcmp) && defined(__NR_kcmp)
315 _syscall5(int, kcmp, pid_t, pid1, pid_t, pid2, int, type,
316           unsigned long, idx1, unsigned long, idx2)
317 #endif
318 
319 static bitmask_transtbl fcntl_flags_tbl[] = {
320   { TARGET_O_ACCMODE,   TARGET_O_WRONLY,    O_ACCMODE,   O_WRONLY,    },
321   { TARGET_O_ACCMODE,   TARGET_O_RDWR,      O_ACCMODE,   O_RDWR,      },
322   { TARGET_O_CREAT,     TARGET_O_CREAT,     O_CREAT,     O_CREAT,     },
323   { TARGET_O_EXCL,      TARGET_O_EXCL,      O_EXCL,      O_EXCL,      },
324   { TARGET_O_NOCTTY,    TARGET_O_NOCTTY,    O_NOCTTY,    O_NOCTTY,    },
325   { TARGET_O_TRUNC,     TARGET_O_TRUNC,     O_TRUNC,     O_TRUNC,     },
326   { TARGET_O_APPEND,    TARGET_O_APPEND,    O_APPEND,    O_APPEND,    },
327   { TARGET_O_NONBLOCK,  TARGET_O_NONBLOCK,  O_NONBLOCK,  O_NONBLOCK,  },
328   { TARGET_O_SYNC,      TARGET_O_DSYNC,     O_SYNC,      O_DSYNC,     },
329   { TARGET_O_SYNC,      TARGET_O_SYNC,      O_SYNC,      O_SYNC,      },
330   { TARGET_FASYNC,      TARGET_FASYNC,      FASYNC,      FASYNC,      },
331   { TARGET_O_DIRECTORY, TARGET_O_DIRECTORY, O_DIRECTORY, O_DIRECTORY, },
332   { TARGET_O_NOFOLLOW,  TARGET_O_NOFOLLOW,  O_NOFOLLOW,  O_NOFOLLOW,  },
333 #if defined(O_DIRECT)
334   { TARGET_O_DIRECT,    TARGET_O_DIRECT,    O_DIRECT,    O_DIRECT,    },
335 #endif
336 #if defined(O_NOATIME)
337   { TARGET_O_NOATIME,   TARGET_O_NOATIME,   O_NOATIME,   O_NOATIME    },
338 #endif
339 #if defined(O_CLOEXEC)
340   { TARGET_O_CLOEXEC,   TARGET_O_CLOEXEC,   O_CLOEXEC,   O_CLOEXEC    },
341 #endif
342 #if defined(O_PATH)
343   { TARGET_O_PATH,      TARGET_O_PATH,      O_PATH,      O_PATH       },
344 #endif
345   /* Don't terminate the list prematurely on 64-bit host+guest.  */
346 #if TARGET_O_LARGEFILE != 0 || O_LARGEFILE != 0
347   { TARGET_O_LARGEFILE, TARGET_O_LARGEFILE, O_LARGEFILE, O_LARGEFILE, },
348 #endif
349   { 0, 0, 0, 0 }
350 };
351 
352 enum {
353     QEMU_IFLA_BR_UNSPEC,
354     QEMU_IFLA_BR_FORWARD_DELAY,
355     QEMU_IFLA_BR_HELLO_TIME,
356     QEMU_IFLA_BR_MAX_AGE,
357     QEMU_IFLA_BR_AGEING_TIME,
358     QEMU_IFLA_BR_STP_STATE,
359     QEMU_IFLA_BR_PRIORITY,
360     QEMU_IFLA_BR_VLAN_FILTERING,
361     QEMU_IFLA_BR_VLAN_PROTOCOL,
362     QEMU_IFLA_BR_GROUP_FWD_MASK,
363     QEMU_IFLA_BR_ROOT_ID,
364     QEMU_IFLA_BR_BRIDGE_ID,
365     QEMU_IFLA_BR_ROOT_PORT,
366     QEMU_IFLA_BR_ROOT_PATH_COST,
367     QEMU_IFLA_BR_TOPOLOGY_CHANGE,
368     QEMU_IFLA_BR_TOPOLOGY_CHANGE_DETECTED,
369     QEMU_IFLA_BR_HELLO_TIMER,
370     QEMU_IFLA_BR_TCN_TIMER,
371     QEMU_IFLA_BR_TOPOLOGY_CHANGE_TIMER,
372     QEMU_IFLA_BR_GC_TIMER,
373     QEMU_IFLA_BR_GROUP_ADDR,
374     QEMU_IFLA_BR_FDB_FLUSH,
375     QEMU_IFLA_BR_MCAST_ROUTER,
376     QEMU_IFLA_BR_MCAST_SNOOPING,
377     QEMU_IFLA_BR_MCAST_QUERY_USE_IFADDR,
378     QEMU_IFLA_BR_MCAST_QUERIER,
379     QEMU_IFLA_BR_MCAST_HASH_ELASTICITY,
380     QEMU_IFLA_BR_MCAST_HASH_MAX,
381     QEMU_IFLA_BR_MCAST_LAST_MEMBER_CNT,
382     QEMU_IFLA_BR_MCAST_STARTUP_QUERY_CNT,
383     QEMU_IFLA_BR_MCAST_LAST_MEMBER_INTVL,
384     QEMU_IFLA_BR_MCAST_MEMBERSHIP_INTVL,
385     QEMU_IFLA_BR_MCAST_QUERIER_INTVL,
386     QEMU_IFLA_BR_MCAST_QUERY_INTVL,
387     QEMU_IFLA_BR_MCAST_QUERY_RESPONSE_INTVL,
388     QEMU_IFLA_BR_MCAST_STARTUP_QUERY_INTVL,
389     QEMU_IFLA_BR_NF_CALL_IPTABLES,
390     QEMU_IFLA_BR_NF_CALL_IP6TABLES,
391     QEMU_IFLA_BR_NF_CALL_ARPTABLES,
392     QEMU_IFLA_BR_VLAN_DEFAULT_PVID,
393     QEMU_IFLA_BR_PAD,
394     QEMU_IFLA_BR_VLAN_STATS_ENABLED,
395     QEMU_IFLA_BR_MCAST_STATS_ENABLED,
396     QEMU___IFLA_BR_MAX,
397 };
398 
399 enum {
400     QEMU_IFLA_UNSPEC,
401     QEMU_IFLA_ADDRESS,
402     QEMU_IFLA_BROADCAST,
403     QEMU_IFLA_IFNAME,
404     QEMU_IFLA_MTU,
405     QEMU_IFLA_LINK,
406     QEMU_IFLA_QDISC,
407     QEMU_IFLA_STATS,
408     QEMU_IFLA_COST,
409     QEMU_IFLA_PRIORITY,
410     QEMU_IFLA_MASTER,
411     QEMU_IFLA_WIRELESS,
412     QEMU_IFLA_PROTINFO,
413     QEMU_IFLA_TXQLEN,
414     QEMU_IFLA_MAP,
415     QEMU_IFLA_WEIGHT,
416     QEMU_IFLA_OPERSTATE,
417     QEMU_IFLA_LINKMODE,
418     QEMU_IFLA_LINKINFO,
419     QEMU_IFLA_NET_NS_PID,
420     QEMU_IFLA_IFALIAS,
421     QEMU_IFLA_NUM_VF,
422     QEMU_IFLA_VFINFO_LIST,
423     QEMU_IFLA_STATS64,
424     QEMU_IFLA_VF_PORTS,
425     QEMU_IFLA_PORT_SELF,
426     QEMU_IFLA_AF_SPEC,
427     QEMU_IFLA_GROUP,
428     QEMU_IFLA_NET_NS_FD,
429     QEMU_IFLA_EXT_MASK,
430     QEMU_IFLA_PROMISCUITY,
431     QEMU_IFLA_NUM_TX_QUEUES,
432     QEMU_IFLA_NUM_RX_QUEUES,
433     QEMU_IFLA_CARRIER,
434     QEMU_IFLA_PHYS_PORT_ID,
435     QEMU_IFLA_CARRIER_CHANGES,
436     QEMU_IFLA_PHYS_SWITCH_ID,
437     QEMU_IFLA_LINK_NETNSID,
438     QEMU_IFLA_PHYS_PORT_NAME,
439     QEMU_IFLA_PROTO_DOWN,
440     QEMU_IFLA_GSO_MAX_SEGS,
441     QEMU_IFLA_GSO_MAX_SIZE,
442     QEMU_IFLA_PAD,
443     QEMU_IFLA_XDP,
444     QEMU___IFLA_MAX
445 };
446 
447 enum {
448     QEMU_IFLA_BRPORT_UNSPEC,
449     QEMU_IFLA_BRPORT_STATE,
450     QEMU_IFLA_BRPORT_PRIORITY,
451     QEMU_IFLA_BRPORT_COST,
452     QEMU_IFLA_BRPORT_MODE,
453     QEMU_IFLA_BRPORT_GUARD,
454     QEMU_IFLA_BRPORT_PROTECT,
455     QEMU_IFLA_BRPORT_FAST_LEAVE,
456     QEMU_IFLA_BRPORT_LEARNING,
457     QEMU_IFLA_BRPORT_UNICAST_FLOOD,
458     QEMU_IFLA_BRPORT_PROXYARP,
459     QEMU_IFLA_BRPORT_LEARNING_SYNC,
460     QEMU_IFLA_BRPORT_PROXYARP_WIFI,
461     QEMU_IFLA_BRPORT_ROOT_ID,
462     QEMU_IFLA_BRPORT_BRIDGE_ID,
463     QEMU_IFLA_BRPORT_DESIGNATED_PORT,
464     QEMU_IFLA_BRPORT_DESIGNATED_COST,
465     QEMU_IFLA_BRPORT_ID,
466     QEMU_IFLA_BRPORT_NO,
467     QEMU_IFLA_BRPORT_TOPOLOGY_CHANGE_ACK,
468     QEMU_IFLA_BRPORT_CONFIG_PENDING,
469     QEMU_IFLA_BRPORT_MESSAGE_AGE_TIMER,
470     QEMU_IFLA_BRPORT_FORWARD_DELAY_TIMER,
471     QEMU_IFLA_BRPORT_HOLD_TIMER,
472     QEMU_IFLA_BRPORT_FLUSH,
473     QEMU_IFLA_BRPORT_MULTICAST_ROUTER,
474     QEMU_IFLA_BRPORT_PAD,
475     QEMU___IFLA_BRPORT_MAX
476 };
477 
478 enum {
479     QEMU_IFLA_INFO_UNSPEC,
480     QEMU_IFLA_INFO_KIND,
481     QEMU_IFLA_INFO_DATA,
482     QEMU_IFLA_INFO_XSTATS,
483     QEMU_IFLA_INFO_SLAVE_KIND,
484     QEMU_IFLA_INFO_SLAVE_DATA,
485     QEMU___IFLA_INFO_MAX,
486 };
487 
488 enum {
489     QEMU_IFLA_INET_UNSPEC,
490     QEMU_IFLA_INET_CONF,
491     QEMU___IFLA_INET_MAX,
492 };
493 
494 enum {
495     QEMU_IFLA_INET6_UNSPEC,
496     QEMU_IFLA_INET6_FLAGS,
497     QEMU_IFLA_INET6_CONF,
498     QEMU_IFLA_INET6_STATS,
499     QEMU_IFLA_INET6_MCAST,
500     QEMU_IFLA_INET6_CACHEINFO,
501     QEMU_IFLA_INET6_ICMP6STATS,
502     QEMU_IFLA_INET6_TOKEN,
503     QEMU_IFLA_INET6_ADDR_GEN_MODE,
504     QEMU___IFLA_INET6_MAX
505 };
506 
507 typedef abi_long (*TargetFdDataFunc)(void *, size_t);
508 typedef abi_long (*TargetFdAddrFunc)(void *, abi_ulong, socklen_t);
509 typedef struct TargetFdTrans {
510     TargetFdDataFunc host_to_target_data;
511     TargetFdDataFunc target_to_host_data;
512     TargetFdAddrFunc target_to_host_addr;
513 } TargetFdTrans;
514 
515 static TargetFdTrans **target_fd_trans;
516 
517 static unsigned int target_fd_max;
518 
519 static TargetFdDataFunc fd_trans_target_to_host_data(int fd)
520 {
521     if (fd >= 0 && fd < target_fd_max && target_fd_trans[fd]) {
522         return target_fd_trans[fd]->target_to_host_data;
523     }
524     return NULL;
525 }
526 
527 static TargetFdDataFunc fd_trans_host_to_target_data(int fd)
528 {
529     if (fd >= 0 && fd < target_fd_max && target_fd_trans[fd]) {
530         return target_fd_trans[fd]->host_to_target_data;
531     }
532     return NULL;
533 }
534 
535 static TargetFdAddrFunc fd_trans_target_to_host_addr(int fd)
536 {
537     if (fd >= 0 && fd < target_fd_max && target_fd_trans[fd]) {
538         return target_fd_trans[fd]->target_to_host_addr;
539     }
540     return NULL;
541 }
542 
543 static void fd_trans_register(int fd, TargetFdTrans *trans)
544 {
545     unsigned int oldmax;
546 
547     if (fd >= target_fd_max) {
548         oldmax = target_fd_max;
549         target_fd_max = ((fd >> 6) + 1) << 6; /* by slice of 64 entries */
550         target_fd_trans = g_renew(TargetFdTrans *,
551                                   target_fd_trans, target_fd_max);
552         memset((void *)(target_fd_trans + oldmax), 0,
553                (target_fd_max - oldmax) * sizeof(TargetFdTrans *));
554     }
555     target_fd_trans[fd] = trans;
556 }
557 
558 static void fd_trans_unregister(int fd)
559 {
560     if (fd >= 0 && fd < target_fd_max) {
561         target_fd_trans[fd] = NULL;
562     }
563 }
564 
565 static void fd_trans_dup(int oldfd, int newfd)
566 {
567     fd_trans_unregister(newfd);
568     if (oldfd < target_fd_max && target_fd_trans[oldfd]) {
569         fd_trans_register(newfd, target_fd_trans[oldfd]);
570     }
571 }
572 
573 static int sys_getcwd1(char *buf, size_t size)
574 {
575   if (getcwd(buf, size) == NULL) {
576       /* getcwd() sets errno */
577       return (-1);
578   }
579   return strlen(buf)+1;
580 }
581 
582 #ifdef TARGET_NR_utimensat
583 #if defined(__NR_utimensat)
584 #define __NR_sys_utimensat __NR_utimensat
585 _syscall4(int,sys_utimensat,int,dirfd,const char *,pathname,
586           const struct timespec *,tsp,int,flags)
587 #else
588 static int sys_utimensat(int dirfd, const char *pathname,
589                          const struct timespec times[2], int flags)
590 {
591     errno = ENOSYS;
592     return -1;
593 }
594 #endif
595 #endif /* TARGET_NR_utimensat */
596 
597 #ifdef CONFIG_INOTIFY
598 #include <sys/inotify.h>
599 
600 #if defined(TARGET_NR_inotify_init) && defined(__NR_inotify_init)
601 static int sys_inotify_init(void)
602 {
603   return (inotify_init());
604 }
605 #endif
606 #if defined(TARGET_NR_inotify_add_watch) && defined(__NR_inotify_add_watch)
607 static int sys_inotify_add_watch(int fd,const char *pathname, int32_t mask)
608 {
609   return (inotify_add_watch(fd, pathname, mask));
610 }
611 #endif
612 #if defined(TARGET_NR_inotify_rm_watch) && defined(__NR_inotify_rm_watch)
613 static int sys_inotify_rm_watch(int fd, int32_t wd)
614 {
615   return (inotify_rm_watch(fd, wd));
616 }
617 #endif
618 #ifdef CONFIG_INOTIFY1
619 #if defined(TARGET_NR_inotify_init1) && defined(__NR_inotify_init1)
620 static int sys_inotify_init1(int flags)
621 {
622   return (inotify_init1(flags));
623 }
624 #endif
625 #endif
626 #else
627 /* Userspace can usually survive runtime without inotify */
628 #undef TARGET_NR_inotify_init
629 #undef TARGET_NR_inotify_init1
630 #undef TARGET_NR_inotify_add_watch
631 #undef TARGET_NR_inotify_rm_watch
632 #endif /* CONFIG_INOTIFY  */
633 
634 #if defined(TARGET_NR_prlimit64)
635 #ifndef __NR_prlimit64
636 # define __NR_prlimit64 -1
637 #endif
638 #define __NR_sys_prlimit64 __NR_prlimit64
639 /* The glibc rlimit structure may not be that used by the underlying syscall */
640 struct host_rlimit64 {
641     uint64_t rlim_cur;
642     uint64_t rlim_max;
643 };
644 _syscall4(int, sys_prlimit64, pid_t, pid, int, resource,
645           const struct host_rlimit64 *, new_limit,
646           struct host_rlimit64 *, old_limit)
647 #endif
648 
649 
650 #if defined(TARGET_NR_timer_create)
651 /* Maxiumum of 32 active POSIX timers allowed at any one time. */
652 static timer_t g_posix_timers[32] = { 0, } ;
653 
654 static inline int next_free_host_timer(void)
655 {
656     int k ;
657     /* FIXME: Does finding the next free slot require a lock? */
658     for (k = 0; k < ARRAY_SIZE(g_posix_timers); k++) {
659         if (g_posix_timers[k] == 0) {
660             g_posix_timers[k] = (timer_t) 1;
661             return k;
662         }
663     }
664     return -1;
665 }
666 #endif
667 
668 /* ARM EABI and MIPS expect 64bit types aligned even on pairs or registers */
669 #ifdef TARGET_ARM
670 static inline int regpairs_aligned(void *cpu_env) {
671     return ((((CPUARMState *)cpu_env)->eabi) == 1) ;
672 }
673 #elif defined(TARGET_MIPS) && (TARGET_ABI_BITS == 32)
674 static inline int regpairs_aligned(void *cpu_env) { return 1; }
675 #elif defined(TARGET_PPC) && !defined(TARGET_PPC64)
676 /* SysV AVI for PPC32 expects 64bit parameters to be passed on odd/even pairs
677  * of registers which translates to the same as ARM/MIPS, because we start with
678  * r3 as arg1 */
679 static inline int regpairs_aligned(void *cpu_env) { return 1; }
680 #else
681 static inline int regpairs_aligned(void *cpu_env) { return 0; }
682 #endif
683 
684 #define ERRNO_TABLE_SIZE 1200
685 
686 /* target_to_host_errno_table[] is initialized from
687  * host_to_target_errno_table[] in syscall_init(). */
688 static uint16_t target_to_host_errno_table[ERRNO_TABLE_SIZE] = {
689 };
690 
691 /*
692  * This list is the union of errno values overridden in asm-<arch>/errno.h
693  * minus the errnos that are not actually generic to all archs.
694  */
695 static uint16_t host_to_target_errno_table[ERRNO_TABLE_SIZE] = {
696     [EAGAIN]		= TARGET_EAGAIN,
697     [EIDRM]		= TARGET_EIDRM,
698     [ECHRNG]		= TARGET_ECHRNG,
699     [EL2NSYNC]		= TARGET_EL2NSYNC,
700     [EL3HLT]		= TARGET_EL3HLT,
701     [EL3RST]		= TARGET_EL3RST,
702     [ELNRNG]		= TARGET_ELNRNG,
703     [EUNATCH]		= TARGET_EUNATCH,
704     [ENOCSI]		= TARGET_ENOCSI,
705     [EL2HLT]		= TARGET_EL2HLT,
706     [EDEADLK]		= TARGET_EDEADLK,
707     [ENOLCK]		= TARGET_ENOLCK,
708     [EBADE]		= TARGET_EBADE,
709     [EBADR]		= TARGET_EBADR,
710     [EXFULL]		= TARGET_EXFULL,
711     [ENOANO]		= TARGET_ENOANO,
712     [EBADRQC]		= TARGET_EBADRQC,
713     [EBADSLT]		= TARGET_EBADSLT,
714     [EBFONT]		= TARGET_EBFONT,
715     [ENOSTR]		= TARGET_ENOSTR,
716     [ENODATA]		= TARGET_ENODATA,
717     [ETIME]		= TARGET_ETIME,
718     [ENOSR]		= TARGET_ENOSR,
719     [ENONET]		= TARGET_ENONET,
720     [ENOPKG]		= TARGET_ENOPKG,
721     [EREMOTE]		= TARGET_EREMOTE,
722     [ENOLINK]		= TARGET_ENOLINK,
723     [EADV]		= TARGET_EADV,
724     [ESRMNT]		= TARGET_ESRMNT,
725     [ECOMM]		= TARGET_ECOMM,
726     [EPROTO]		= TARGET_EPROTO,
727     [EDOTDOT]		= TARGET_EDOTDOT,
728     [EMULTIHOP]		= TARGET_EMULTIHOP,
729     [EBADMSG]		= TARGET_EBADMSG,
730     [ENAMETOOLONG]	= TARGET_ENAMETOOLONG,
731     [EOVERFLOW]		= TARGET_EOVERFLOW,
732     [ENOTUNIQ]		= TARGET_ENOTUNIQ,
733     [EBADFD]		= TARGET_EBADFD,
734     [EREMCHG]		= TARGET_EREMCHG,
735     [ELIBACC]		= TARGET_ELIBACC,
736     [ELIBBAD]		= TARGET_ELIBBAD,
737     [ELIBSCN]		= TARGET_ELIBSCN,
738     [ELIBMAX]		= TARGET_ELIBMAX,
739     [ELIBEXEC]		= TARGET_ELIBEXEC,
740     [EILSEQ]		= TARGET_EILSEQ,
741     [ENOSYS]		= TARGET_ENOSYS,
742     [ELOOP]		= TARGET_ELOOP,
743     [ERESTART]		= TARGET_ERESTART,
744     [ESTRPIPE]		= TARGET_ESTRPIPE,
745     [ENOTEMPTY]		= TARGET_ENOTEMPTY,
746     [EUSERS]		= TARGET_EUSERS,
747     [ENOTSOCK]		= TARGET_ENOTSOCK,
748     [EDESTADDRREQ]	= TARGET_EDESTADDRREQ,
749     [EMSGSIZE]		= TARGET_EMSGSIZE,
750     [EPROTOTYPE]	= TARGET_EPROTOTYPE,
751     [ENOPROTOOPT]	= TARGET_ENOPROTOOPT,
752     [EPROTONOSUPPORT]	= TARGET_EPROTONOSUPPORT,
753     [ESOCKTNOSUPPORT]	= TARGET_ESOCKTNOSUPPORT,
754     [EOPNOTSUPP]	= TARGET_EOPNOTSUPP,
755     [EPFNOSUPPORT]	= TARGET_EPFNOSUPPORT,
756     [EAFNOSUPPORT]	= TARGET_EAFNOSUPPORT,
757     [EADDRINUSE]	= TARGET_EADDRINUSE,
758     [EADDRNOTAVAIL]	= TARGET_EADDRNOTAVAIL,
759     [ENETDOWN]		= TARGET_ENETDOWN,
760     [ENETUNREACH]	= TARGET_ENETUNREACH,
761     [ENETRESET]		= TARGET_ENETRESET,
762     [ECONNABORTED]	= TARGET_ECONNABORTED,
763     [ECONNRESET]	= TARGET_ECONNRESET,
764     [ENOBUFS]		= TARGET_ENOBUFS,
765     [EISCONN]		= TARGET_EISCONN,
766     [ENOTCONN]		= TARGET_ENOTCONN,
767     [EUCLEAN]		= TARGET_EUCLEAN,
768     [ENOTNAM]		= TARGET_ENOTNAM,
769     [ENAVAIL]		= TARGET_ENAVAIL,
770     [EISNAM]		= TARGET_EISNAM,
771     [EREMOTEIO]		= TARGET_EREMOTEIO,
772     [EDQUOT]            = TARGET_EDQUOT,
773     [ESHUTDOWN]		= TARGET_ESHUTDOWN,
774     [ETOOMANYREFS]	= TARGET_ETOOMANYREFS,
775     [ETIMEDOUT]		= TARGET_ETIMEDOUT,
776     [ECONNREFUSED]	= TARGET_ECONNREFUSED,
777     [EHOSTDOWN]		= TARGET_EHOSTDOWN,
778     [EHOSTUNREACH]	= TARGET_EHOSTUNREACH,
779     [EALREADY]		= TARGET_EALREADY,
780     [EINPROGRESS]	= TARGET_EINPROGRESS,
781     [ESTALE]		= TARGET_ESTALE,
782     [ECANCELED]		= TARGET_ECANCELED,
783     [ENOMEDIUM]		= TARGET_ENOMEDIUM,
784     [EMEDIUMTYPE]	= TARGET_EMEDIUMTYPE,
785 #ifdef ENOKEY
786     [ENOKEY]		= TARGET_ENOKEY,
787 #endif
788 #ifdef EKEYEXPIRED
789     [EKEYEXPIRED]	= TARGET_EKEYEXPIRED,
790 #endif
791 #ifdef EKEYREVOKED
792     [EKEYREVOKED]	= TARGET_EKEYREVOKED,
793 #endif
794 #ifdef EKEYREJECTED
795     [EKEYREJECTED]	= TARGET_EKEYREJECTED,
796 #endif
797 #ifdef EOWNERDEAD
798     [EOWNERDEAD]	= TARGET_EOWNERDEAD,
799 #endif
800 #ifdef ENOTRECOVERABLE
801     [ENOTRECOVERABLE]	= TARGET_ENOTRECOVERABLE,
802 #endif
803 #ifdef ENOMSG
804     [ENOMSG]            = TARGET_ENOMSG,
805 #endif
806 #ifdef ERKFILL
807     [ERFKILL]           = TARGET_ERFKILL,
808 #endif
809 #ifdef EHWPOISON
810     [EHWPOISON]         = TARGET_EHWPOISON,
811 #endif
812 };
813 
814 static inline int host_to_target_errno(int err)
815 {
816     if (err >= 0 && err < ERRNO_TABLE_SIZE &&
817         host_to_target_errno_table[err]) {
818         return host_to_target_errno_table[err];
819     }
820     return err;
821 }
822 
823 static inline int target_to_host_errno(int err)
824 {
825     if (err >= 0 && err < ERRNO_TABLE_SIZE &&
826         target_to_host_errno_table[err]) {
827         return target_to_host_errno_table[err];
828     }
829     return err;
830 }
831 
832 static inline abi_long get_errno(abi_long ret)
833 {
834     if (ret == -1)
835         return -host_to_target_errno(errno);
836     else
837         return ret;
838 }
839 
840 static inline int is_error(abi_long ret)
841 {
842     return (abi_ulong)ret >= (abi_ulong)(-4096);
843 }
844 
845 const char *target_strerror(int err)
846 {
847     if (err == TARGET_ERESTARTSYS) {
848         return "To be restarted";
849     }
850     if (err == TARGET_QEMU_ESIGRETURN) {
851         return "Successful exit from sigreturn";
852     }
853 
854     if ((err >= ERRNO_TABLE_SIZE) || (err < 0)) {
855         return NULL;
856     }
857     return strerror(target_to_host_errno(err));
858 }
859 
860 #define safe_syscall0(type, name) \
861 static type safe_##name(void) \
862 { \
863     return safe_syscall(__NR_##name); \
864 }
865 
866 #define safe_syscall1(type, name, type1, arg1) \
867 static type safe_##name(type1 arg1) \
868 { \
869     return safe_syscall(__NR_##name, arg1); \
870 }
871 
872 #define safe_syscall2(type, name, type1, arg1, type2, arg2) \
873 static type safe_##name(type1 arg1, type2 arg2) \
874 { \
875     return safe_syscall(__NR_##name, arg1, arg2); \
876 }
877 
878 #define safe_syscall3(type, name, type1, arg1, type2, arg2, type3, arg3) \
879 static type safe_##name(type1 arg1, type2 arg2, type3 arg3) \
880 { \
881     return safe_syscall(__NR_##name, arg1, arg2, arg3); \
882 }
883 
884 #define safe_syscall4(type, name, type1, arg1, type2, arg2, type3, arg3, \
885     type4, arg4) \
886 static type safe_##name(type1 arg1, type2 arg2, type3 arg3, type4 arg4) \
887 { \
888     return safe_syscall(__NR_##name, arg1, arg2, arg3, arg4); \
889 }
890 
891 #define safe_syscall5(type, name, type1, arg1, type2, arg2, type3, arg3, \
892     type4, arg4, type5, arg5) \
893 static type safe_##name(type1 arg1, type2 arg2, type3 arg3, type4 arg4, \
894     type5 arg5) \
895 { \
896     return safe_syscall(__NR_##name, arg1, arg2, arg3, arg4, arg5); \
897 }
898 
899 #define safe_syscall6(type, name, type1, arg1, type2, arg2, type3, arg3, \
900     type4, arg4, type5, arg5, type6, arg6) \
901 static type safe_##name(type1 arg1, type2 arg2, type3 arg3, type4 arg4, \
902     type5 arg5, type6 arg6) \
903 { \
904     return safe_syscall(__NR_##name, arg1, arg2, arg3, arg4, arg5, arg6); \
905 }
906 
907 safe_syscall3(ssize_t, read, int, fd, void *, buff, size_t, count)
908 safe_syscall3(ssize_t, write, int, fd, const void *, buff, size_t, count)
909 safe_syscall4(int, openat, int, dirfd, const char *, pathname, \
910               int, flags, mode_t, mode)
911 safe_syscall4(pid_t, wait4, pid_t, pid, int *, status, int, options, \
912               struct rusage *, rusage)
913 safe_syscall5(int, waitid, idtype_t, idtype, id_t, id, siginfo_t *, infop, \
914               int, options, struct rusage *, rusage)
915 safe_syscall3(int, execve, const char *, filename, char **, argv, char **, envp)
916 safe_syscall6(int, pselect6, int, nfds, fd_set *, readfds, fd_set *, writefds, \
917               fd_set *, exceptfds, struct timespec *, timeout, void *, sig)
918 safe_syscall5(int, ppoll, struct pollfd *, ufds, unsigned int, nfds,
919               struct timespec *, tsp, const sigset_t *, sigmask,
920               size_t, sigsetsize)
921 safe_syscall6(int, epoll_pwait, int, epfd, struct epoll_event *, events,
922               int, maxevents, int, timeout, const sigset_t *, sigmask,
923               size_t, sigsetsize)
924 safe_syscall6(int,futex,int *,uaddr,int,op,int,val, \
925               const struct timespec *,timeout,int *,uaddr2,int,val3)
926 safe_syscall2(int, rt_sigsuspend, sigset_t *, newset, size_t, sigsetsize)
927 safe_syscall2(int, kill, pid_t, pid, int, sig)
928 safe_syscall2(int, tkill, int, tid, int, sig)
929 safe_syscall3(int, tgkill, int, tgid, int, pid, int, sig)
930 safe_syscall3(ssize_t, readv, int, fd, const struct iovec *, iov, int, iovcnt)
931 safe_syscall3(ssize_t, writev, int, fd, const struct iovec *, iov, int, iovcnt)
932 safe_syscall5(ssize_t, preadv, int, fd, const struct iovec *, iov, int, iovcnt,
933               unsigned long, pos_l, unsigned long, pos_h)
934 safe_syscall5(ssize_t, pwritev, int, fd, const struct iovec *, iov, int, iovcnt,
935               unsigned long, pos_l, unsigned long, pos_h)
936 safe_syscall3(int, connect, int, fd, const struct sockaddr *, addr,
937               socklen_t, addrlen)
938 safe_syscall6(ssize_t, sendto, int, fd, const void *, buf, size_t, len,
939               int, flags, const struct sockaddr *, addr, socklen_t, addrlen)
940 safe_syscall6(ssize_t, recvfrom, int, fd, void *, buf, size_t, len,
941               int, flags, struct sockaddr *, addr, socklen_t *, addrlen)
942 safe_syscall3(ssize_t, sendmsg, int, fd, const struct msghdr *, msg, int, flags)
943 safe_syscall3(ssize_t, recvmsg, int, fd, struct msghdr *, msg, int, flags)
944 safe_syscall2(int, flock, int, fd, int, operation)
945 safe_syscall4(int, rt_sigtimedwait, const sigset_t *, these, siginfo_t *, uinfo,
946               const struct timespec *, uts, size_t, sigsetsize)
947 safe_syscall4(int, accept4, int, fd, struct sockaddr *, addr, socklen_t *, len,
948               int, flags)
949 safe_syscall2(int, nanosleep, const struct timespec *, req,
950               struct timespec *, rem)
951 #ifdef TARGET_NR_clock_nanosleep
952 safe_syscall4(int, clock_nanosleep, const clockid_t, clock, int, flags,
953               const struct timespec *, req, struct timespec *, rem)
954 #endif
955 #ifdef __NR_msgsnd
956 safe_syscall4(int, msgsnd, int, msgid, const void *, msgp, size_t, sz,
957               int, flags)
958 safe_syscall5(int, msgrcv, int, msgid, void *, msgp, size_t, sz,
959               long, msgtype, int, flags)
960 safe_syscall4(int, semtimedop, int, semid, struct sembuf *, tsops,
961               unsigned, nsops, const struct timespec *, timeout)
962 #else
963 /* This host kernel architecture uses a single ipc syscall; fake up
964  * wrappers for the sub-operations to hide this implementation detail.
965  * Annoyingly we can't include linux/ipc.h to get the constant definitions
966  * for the call parameter because some structs in there conflict with the
967  * sys/ipc.h ones. So we just define them here, and rely on them being
968  * the same for all host architectures.
969  */
970 #define Q_SEMTIMEDOP 4
971 #define Q_MSGSND 11
972 #define Q_MSGRCV 12
973 #define Q_IPCCALL(VERSION, OP) ((VERSION) << 16 | (OP))
974 
975 safe_syscall6(int, ipc, int, call, long, first, long, second, long, third,
976               void *, ptr, long, fifth)
977 static int safe_msgsnd(int msgid, const void *msgp, size_t sz, int flags)
978 {
979     return safe_ipc(Q_IPCCALL(0, Q_MSGSND), msgid, sz, flags, (void *)msgp, 0);
980 }
981 static int safe_msgrcv(int msgid, void *msgp, size_t sz, long type, int flags)
982 {
983     return safe_ipc(Q_IPCCALL(1, Q_MSGRCV), msgid, sz, flags, msgp, type);
984 }
985 static int safe_semtimedop(int semid, struct sembuf *tsops, unsigned nsops,
986                            const struct timespec *timeout)
987 {
988     return safe_ipc(Q_IPCCALL(0, Q_SEMTIMEDOP), semid, nsops, 0, tsops,
989                     (long)timeout);
990 }
991 #endif
992 #if defined(TARGET_NR_mq_open) && defined(__NR_mq_open)
993 safe_syscall5(int, mq_timedsend, int, mqdes, const char *, msg_ptr,
994               size_t, len, unsigned, prio, const struct timespec *, timeout)
995 safe_syscall5(int, mq_timedreceive, int, mqdes, char *, msg_ptr,
996               size_t, len, unsigned *, prio, const struct timespec *, timeout)
997 #endif
998 /* We do ioctl like this rather than via safe_syscall3 to preserve the
999  * "third argument might be integer or pointer or not present" behaviour of
1000  * the libc function.
1001  */
1002 #define safe_ioctl(...) safe_syscall(__NR_ioctl, __VA_ARGS__)
1003 /* Similarly for fcntl. Note that callers must always:
1004  *  pass the F_GETLK64 etc constants rather than the unsuffixed F_GETLK
1005  *  use the flock64 struct rather than unsuffixed flock
1006  * This will then work and use a 64-bit offset for both 32-bit and 64-bit hosts.
1007  */
1008 #ifdef __NR_fcntl64
1009 #define safe_fcntl(...) safe_syscall(__NR_fcntl64, __VA_ARGS__)
1010 #else
1011 #define safe_fcntl(...) safe_syscall(__NR_fcntl, __VA_ARGS__)
1012 #endif
1013 
1014 static inline int host_to_target_sock_type(int host_type)
1015 {
1016     int target_type;
1017 
1018     switch (host_type & 0xf /* SOCK_TYPE_MASK */) {
1019     case SOCK_DGRAM:
1020         target_type = TARGET_SOCK_DGRAM;
1021         break;
1022     case SOCK_STREAM:
1023         target_type = TARGET_SOCK_STREAM;
1024         break;
1025     default:
1026         target_type = host_type & 0xf /* SOCK_TYPE_MASK */;
1027         break;
1028     }
1029 
1030 #if defined(SOCK_CLOEXEC)
1031     if (host_type & SOCK_CLOEXEC) {
1032         target_type |= TARGET_SOCK_CLOEXEC;
1033     }
1034 #endif
1035 
1036 #if defined(SOCK_NONBLOCK)
1037     if (host_type & SOCK_NONBLOCK) {
1038         target_type |= TARGET_SOCK_NONBLOCK;
1039     }
1040 #endif
1041 
1042     return target_type;
1043 }
1044 
1045 static abi_ulong target_brk;
1046 static abi_ulong target_original_brk;
1047 static abi_ulong brk_page;
1048 
1049 void target_set_brk(abi_ulong new_brk)
1050 {
1051     target_original_brk = target_brk = HOST_PAGE_ALIGN(new_brk);
1052     brk_page = HOST_PAGE_ALIGN(target_brk);
1053 }
1054 
1055 //#define DEBUGF_BRK(message, args...) do { fprintf(stderr, (message), ## args); } while (0)
1056 #define DEBUGF_BRK(message, args...)
1057 
1058 /* do_brk() must return target values and target errnos. */
1059 abi_long do_brk(abi_ulong new_brk)
1060 {
1061     abi_long mapped_addr;
1062     abi_ulong new_alloc_size;
1063 
1064     DEBUGF_BRK("do_brk(" TARGET_ABI_FMT_lx ") -> ", new_brk);
1065 
1066     if (!new_brk) {
1067         DEBUGF_BRK(TARGET_ABI_FMT_lx " (!new_brk)\n", target_brk);
1068         return target_brk;
1069     }
1070     if (new_brk < target_original_brk) {
1071         DEBUGF_BRK(TARGET_ABI_FMT_lx " (new_brk < target_original_brk)\n",
1072                    target_brk);
1073         return target_brk;
1074     }
1075 
1076     /* If the new brk is less than the highest page reserved to the
1077      * target heap allocation, set it and we're almost done...  */
1078     if (new_brk <= brk_page) {
1079         /* Heap contents are initialized to zero, as for anonymous
1080          * mapped pages.  */
1081         if (new_brk > target_brk) {
1082             memset(g2h(target_brk), 0, new_brk - target_brk);
1083         }
1084 	target_brk = new_brk;
1085         DEBUGF_BRK(TARGET_ABI_FMT_lx " (new_brk <= brk_page)\n", target_brk);
1086     	return target_brk;
1087     }
1088 
1089     /* We need to allocate more memory after the brk... Note that
1090      * we don't use MAP_FIXED because that will map over the top of
1091      * any existing mapping (like the one with the host libc or qemu
1092      * itself); instead we treat "mapped but at wrong address" as
1093      * a failure and unmap again.
1094      */
1095     new_alloc_size = HOST_PAGE_ALIGN(new_brk - brk_page);
1096     mapped_addr = get_errno(target_mmap(brk_page, new_alloc_size,
1097                                         PROT_READ|PROT_WRITE,
1098                                         MAP_ANON|MAP_PRIVATE, 0, 0));
1099 
1100     if (mapped_addr == brk_page) {
1101         /* Heap contents are initialized to zero, as for anonymous
1102          * mapped pages.  Technically the new pages are already
1103          * initialized to zero since they *are* anonymous mapped
1104          * pages, however we have to take care with the contents that
1105          * come from the remaining part of the previous page: it may
1106          * contains garbage data due to a previous heap usage (grown
1107          * then shrunken).  */
1108         memset(g2h(target_brk), 0, brk_page - target_brk);
1109 
1110         target_brk = new_brk;
1111         brk_page = HOST_PAGE_ALIGN(target_brk);
1112         DEBUGF_BRK(TARGET_ABI_FMT_lx " (mapped_addr == brk_page)\n",
1113             target_brk);
1114         return target_brk;
1115     } else if (mapped_addr != -1) {
1116         /* Mapped but at wrong address, meaning there wasn't actually
1117          * enough space for this brk.
1118          */
1119         target_munmap(mapped_addr, new_alloc_size);
1120         mapped_addr = -1;
1121         DEBUGF_BRK(TARGET_ABI_FMT_lx " (mapped_addr != -1)\n", target_brk);
1122     }
1123     else {
1124         DEBUGF_BRK(TARGET_ABI_FMT_lx " (otherwise)\n", target_brk);
1125     }
1126 
1127 #if defined(TARGET_ALPHA)
1128     /* We (partially) emulate OSF/1 on Alpha, which requires we
1129        return a proper errno, not an unchanged brk value.  */
1130     return -TARGET_ENOMEM;
1131 #endif
1132     /* For everything else, return the previous break. */
1133     return target_brk;
1134 }
1135 
1136 static inline abi_long copy_from_user_fdset(fd_set *fds,
1137                                             abi_ulong target_fds_addr,
1138                                             int n)
1139 {
1140     int i, nw, j, k;
1141     abi_ulong b, *target_fds;
1142 
1143     nw = DIV_ROUND_UP(n, TARGET_ABI_BITS);
1144     if (!(target_fds = lock_user(VERIFY_READ,
1145                                  target_fds_addr,
1146                                  sizeof(abi_ulong) * nw,
1147                                  1)))
1148         return -TARGET_EFAULT;
1149 
1150     FD_ZERO(fds);
1151     k = 0;
1152     for (i = 0; i < nw; i++) {
1153         /* grab the abi_ulong */
1154         __get_user(b, &target_fds[i]);
1155         for (j = 0; j < TARGET_ABI_BITS; j++) {
1156             /* check the bit inside the abi_ulong */
1157             if ((b >> j) & 1)
1158                 FD_SET(k, fds);
1159             k++;
1160         }
1161     }
1162 
1163     unlock_user(target_fds, target_fds_addr, 0);
1164 
1165     return 0;
1166 }
1167 
1168 static inline abi_ulong copy_from_user_fdset_ptr(fd_set *fds, fd_set **fds_ptr,
1169                                                  abi_ulong target_fds_addr,
1170                                                  int n)
1171 {
1172     if (target_fds_addr) {
1173         if (copy_from_user_fdset(fds, target_fds_addr, n))
1174             return -TARGET_EFAULT;
1175         *fds_ptr = fds;
1176     } else {
1177         *fds_ptr = NULL;
1178     }
1179     return 0;
1180 }
1181 
1182 static inline abi_long copy_to_user_fdset(abi_ulong target_fds_addr,
1183                                           const fd_set *fds,
1184                                           int n)
1185 {
1186     int i, nw, j, k;
1187     abi_long v;
1188     abi_ulong *target_fds;
1189 
1190     nw = DIV_ROUND_UP(n, TARGET_ABI_BITS);
1191     if (!(target_fds = lock_user(VERIFY_WRITE,
1192                                  target_fds_addr,
1193                                  sizeof(abi_ulong) * nw,
1194                                  0)))
1195         return -TARGET_EFAULT;
1196 
1197     k = 0;
1198     for (i = 0; i < nw; i++) {
1199         v = 0;
1200         for (j = 0; j < TARGET_ABI_BITS; j++) {
1201             v |= ((abi_ulong)(FD_ISSET(k, fds) != 0) << j);
1202             k++;
1203         }
1204         __put_user(v, &target_fds[i]);
1205     }
1206 
1207     unlock_user(target_fds, target_fds_addr, sizeof(abi_ulong) * nw);
1208 
1209     return 0;
1210 }
1211 
1212 #if defined(__alpha__)
1213 #define HOST_HZ 1024
1214 #else
1215 #define HOST_HZ 100
1216 #endif
1217 
1218 static inline abi_long host_to_target_clock_t(long ticks)
1219 {
1220 #if HOST_HZ == TARGET_HZ
1221     return ticks;
1222 #else
1223     return ((int64_t)ticks * TARGET_HZ) / HOST_HZ;
1224 #endif
1225 }
1226 
1227 static inline abi_long host_to_target_rusage(abi_ulong target_addr,
1228                                              const struct rusage *rusage)
1229 {
1230     struct target_rusage *target_rusage;
1231 
1232     if (!lock_user_struct(VERIFY_WRITE, target_rusage, target_addr, 0))
1233         return -TARGET_EFAULT;
1234     target_rusage->ru_utime.tv_sec = tswapal(rusage->ru_utime.tv_sec);
1235     target_rusage->ru_utime.tv_usec = tswapal(rusage->ru_utime.tv_usec);
1236     target_rusage->ru_stime.tv_sec = tswapal(rusage->ru_stime.tv_sec);
1237     target_rusage->ru_stime.tv_usec = tswapal(rusage->ru_stime.tv_usec);
1238     target_rusage->ru_maxrss = tswapal(rusage->ru_maxrss);
1239     target_rusage->ru_ixrss = tswapal(rusage->ru_ixrss);
1240     target_rusage->ru_idrss = tswapal(rusage->ru_idrss);
1241     target_rusage->ru_isrss = tswapal(rusage->ru_isrss);
1242     target_rusage->ru_minflt = tswapal(rusage->ru_minflt);
1243     target_rusage->ru_majflt = tswapal(rusage->ru_majflt);
1244     target_rusage->ru_nswap = tswapal(rusage->ru_nswap);
1245     target_rusage->ru_inblock = tswapal(rusage->ru_inblock);
1246     target_rusage->ru_oublock = tswapal(rusage->ru_oublock);
1247     target_rusage->ru_msgsnd = tswapal(rusage->ru_msgsnd);
1248     target_rusage->ru_msgrcv = tswapal(rusage->ru_msgrcv);
1249     target_rusage->ru_nsignals = tswapal(rusage->ru_nsignals);
1250     target_rusage->ru_nvcsw = tswapal(rusage->ru_nvcsw);
1251     target_rusage->ru_nivcsw = tswapal(rusage->ru_nivcsw);
1252     unlock_user_struct(target_rusage, target_addr, 1);
1253 
1254     return 0;
1255 }
1256 
1257 static inline rlim_t target_to_host_rlim(abi_ulong target_rlim)
1258 {
1259     abi_ulong target_rlim_swap;
1260     rlim_t result;
1261 
1262     target_rlim_swap = tswapal(target_rlim);
1263     if (target_rlim_swap == TARGET_RLIM_INFINITY)
1264         return RLIM_INFINITY;
1265 
1266     result = target_rlim_swap;
1267     if (target_rlim_swap != (rlim_t)result)
1268         return RLIM_INFINITY;
1269 
1270     return result;
1271 }
1272 
1273 static inline abi_ulong host_to_target_rlim(rlim_t rlim)
1274 {
1275     abi_ulong target_rlim_swap;
1276     abi_ulong result;
1277 
1278     if (rlim == RLIM_INFINITY || rlim != (abi_long)rlim)
1279         target_rlim_swap = TARGET_RLIM_INFINITY;
1280     else
1281         target_rlim_swap = rlim;
1282     result = tswapal(target_rlim_swap);
1283 
1284     return result;
1285 }
1286 
1287 static inline int target_to_host_resource(int code)
1288 {
1289     switch (code) {
1290     case TARGET_RLIMIT_AS:
1291         return RLIMIT_AS;
1292     case TARGET_RLIMIT_CORE:
1293         return RLIMIT_CORE;
1294     case TARGET_RLIMIT_CPU:
1295         return RLIMIT_CPU;
1296     case TARGET_RLIMIT_DATA:
1297         return RLIMIT_DATA;
1298     case TARGET_RLIMIT_FSIZE:
1299         return RLIMIT_FSIZE;
1300     case TARGET_RLIMIT_LOCKS:
1301         return RLIMIT_LOCKS;
1302     case TARGET_RLIMIT_MEMLOCK:
1303         return RLIMIT_MEMLOCK;
1304     case TARGET_RLIMIT_MSGQUEUE:
1305         return RLIMIT_MSGQUEUE;
1306     case TARGET_RLIMIT_NICE:
1307         return RLIMIT_NICE;
1308     case TARGET_RLIMIT_NOFILE:
1309         return RLIMIT_NOFILE;
1310     case TARGET_RLIMIT_NPROC:
1311         return RLIMIT_NPROC;
1312     case TARGET_RLIMIT_RSS:
1313         return RLIMIT_RSS;
1314     case TARGET_RLIMIT_RTPRIO:
1315         return RLIMIT_RTPRIO;
1316     case TARGET_RLIMIT_SIGPENDING:
1317         return RLIMIT_SIGPENDING;
1318     case TARGET_RLIMIT_STACK:
1319         return RLIMIT_STACK;
1320     default:
1321         return code;
1322     }
1323 }
1324 
1325 static inline abi_long copy_from_user_timeval(struct timeval *tv,
1326                                               abi_ulong target_tv_addr)
1327 {
1328     struct target_timeval *target_tv;
1329 
1330     if (!lock_user_struct(VERIFY_READ, target_tv, target_tv_addr, 1))
1331         return -TARGET_EFAULT;
1332 
1333     __get_user(tv->tv_sec, &target_tv->tv_sec);
1334     __get_user(tv->tv_usec, &target_tv->tv_usec);
1335 
1336     unlock_user_struct(target_tv, target_tv_addr, 0);
1337 
1338     return 0;
1339 }
1340 
1341 static inline abi_long copy_to_user_timeval(abi_ulong target_tv_addr,
1342                                             const struct timeval *tv)
1343 {
1344     struct target_timeval *target_tv;
1345 
1346     if (!lock_user_struct(VERIFY_WRITE, target_tv, target_tv_addr, 0))
1347         return -TARGET_EFAULT;
1348 
1349     __put_user(tv->tv_sec, &target_tv->tv_sec);
1350     __put_user(tv->tv_usec, &target_tv->tv_usec);
1351 
1352     unlock_user_struct(target_tv, target_tv_addr, 1);
1353 
1354     return 0;
1355 }
1356 
1357 static inline abi_long copy_from_user_timezone(struct timezone *tz,
1358                                                abi_ulong target_tz_addr)
1359 {
1360     struct target_timezone *target_tz;
1361 
1362     if (!lock_user_struct(VERIFY_READ, target_tz, target_tz_addr, 1)) {
1363         return -TARGET_EFAULT;
1364     }
1365 
1366     __get_user(tz->tz_minuteswest, &target_tz->tz_minuteswest);
1367     __get_user(tz->tz_dsttime, &target_tz->tz_dsttime);
1368 
1369     unlock_user_struct(target_tz, target_tz_addr, 0);
1370 
1371     return 0;
1372 }
1373 
1374 #if defined(TARGET_NR_mq_open) && defined(__NR_mq_open)
1375 #include <mqueue.h>
1376 
1377 static inline abi_long copy_from_user_mq_attr(struct mq_attr *attr,
1378                                               abi_ulong target_mq_attr_addr)
1379 {
1380     struct target_mq_attr *target_mq_attr;
1381 
1382     if (!lock_user_struct(VERIFY_READ, target_mq_attr,
1383                           target_mq_attr_addr, 1))
1384         return -TARGET_EFAULT;
1385 
1386     __get_user(attr->mq_flags, &target_mq_attr->mq_flags);
1387     __get_user(attr->mq_maxmsg, &target_mq_attr->mq_maxmsg);
1388     __get_user(attr->mq_msgsize, &target_mq_attr->mq_msgsize);
1389     __get_user(attr->mq_curmsgs, &target_mq_attr->mq_curmsgs);
1390 
1391     unlock_user_struct(target_mq_attr, target_mq_attr_addr, 0);
1392 
1393     return 0;
1394 }
1395 
1396 static inline abi_long copy_to_user_mq_attr(abi_ulong target_mq_attr_addr,
1397                                             const struct mq_attr *attr)
1398 {
1399     struct target_mq_attr *target_mq_attr;
1400 
1401     if (!lock_user_struct(VERIFY_WRITE, target_mq_attr,
1402                           target_mq_attr_addr, 0))
1403         return -TARGET_EFAULT;
1404 
1405     __put_user(attr->mq_flags, &target_mq_attr->mq_flags);
1406     __put_user(attr->mq_maxmsg, &target_mq_attr->mq_maxmsg);
1407     __put_user(attr->mq_msgsize, &target_mq_attr->mq_msgsize);
1408     __put_user(attr->mq_curmsgs, &target_mq_attr->mq_curmsgs);
1409 
1410     unlock_user_struct(target_mq_attr, target_mq_attr_addr, 1);
1411 
1412     return 0;
1413 }
1414 #endif
1415 
1416 #if defined(TARGET_NR_select) || defined(TARGET_NR__newselect)
1417 /* do_select() must return target values and target errnos. */
1418 static abi_long do_select(int n,
1419                           abi_ulong rfd_addr, abi_ulong wfd_addr,
1420                           abi_ulong efd_addr, abi_ulong target_tv_addr)
1421 {
1422     fd_set rfds, wfds, efds;
1423     fd_set *rfds_ptr, *wfds_ptr, *efds_ptr;
1424     struct timeval tv;
1425     struct timespec ts, *ts_ptr;
1426     abi_long ret;
1427 
1428     ret = copy_from_user_fdset_ptr(&rfds, &rfds_ptr, rfd_addr, n);
1429     if (ret) {
1430         return ret;
1431     }
1432     ret = copy_from_user_fdset_ptr(&wfds, &wfds_ptr, wfd_addr, n);
1433     if (ret) {
1434         return ret;
1435     }
1436     ret = copy_from_user_fdset_ptr(&efds, &efds_ptr, efd_addr, n);
1437     if (ret) {
1438         return ret;
1439     }
1440 
1441     if (target_tv_addr) {
1442         if (copy_from_user_timeval(&tv, target_tv_addr))
1443             return -TARGET_EFAULT;
1444         ts.tv_sec = tv.tv_sec;
1445         ts.tv_nsec = tv.tv_usec * 1000;
1446         ts_ptr = &ts;
1447     } else {
1448         ts_ptr = NULL;
1449     }
1450 
1451     ret = get_errno(safe_pselect6(n, rfds_ptr, wfds_ptr, efds_ptr,
1452                                   ts_ptr, NULL));
1453 
1454     if (!is_error(ret)) {
1455         if (rfd_addr && copy_to_user_fdset(rfd_addr, &rfds, n))
1456             return -TARGET_EFAULT;
1457         if (wfd_addr && copy_to_user_fdset(wfd_addr, &wfds, n))
1458             return -TARGET_EFAULT;
1459         if (efd_addr && copy_to_user_fdset(efd_addr, &efds, n))
1460             return -TARGET_EFAULT;
1461 
1462         if (target_tv_addr) {
1463             tv.tv_sec = ts.tv_sec;
1464             tv.tv_usec = ts.tv_nsec / 1000;
1465             if (copy_to_user_timeval(target_tv_addr, &tv)) {
1466                 return -TARGET_EFAULT;
1467             }
1468         }
1469     }
1470 
1471     return ret;
1472 }
1473 
1474 #if defined(TARGET_WANT_OLD_SYS_SELECT)
1475 static abi_long do_old_select(abi_ulong arg1)
1476 {
1477     struct target_sel_arg_struct *sel;
1478     abi_ulong inp, outp, exp, tvp;
1479     long nsel;
1480 
1481     if (!lock_user_struct(VERIFY_READ, sel, arg1, 1)) {
1482         return -TARGET_EFAULT;
1483     }
1484 
1485     nsel = tswapal(sel->n);
1486     inp = tswapal(sel->inp);
1487     outp = tswapal(sel->outp);
1488     exp = tswapal(sel->exp);
1489     tvp = tswapal(sel->tvp);
1490 
1491     unlock_user_struct(sel, arg1, 0);
1492 
1493     return do_select(nsel, inp, outp, exp, tvp);
1494 }
1495 #endif
1496 #endif
1497 
1498 static abi_long do_pipe2(int host_pipe[], int flags)
1499 {
1500 #ifdef CONFIG_PIPE2
1501     return pipe2(host_pipe, flags);
1502 #else
1503     return -ENOSYS;
1504 #endif
1505 }
1506 
1507 static abi_long do_pipe(void *cpu_env, abi_ulong pipedes,
1508                         int flags, int is_pipe2)
1509 {
1510     int host_pipe[2];
1511     abi_long ret;
1512     ret = flags ? do_pipe2(host_pipe, flags) : pipe(host_pipe);
1513 
1514     if (is_error(ret))
1515         return get_errno(ret);
1516 
1517     /* Several targets have special calling conventions for the original
1518        pipe syscall, but didn't replicate this into the pipe2 syscall.  */
1519     if (!is_pipe2) {
1520 #if defined(TARGET_ALPHA)
1521         ((CPUAlphaState *)cpu_env)->ir[IR_A4] = host_pipe[1];
1522         return host_pipe[0];
1523 #elif defined(TARGET_MIPS)
1524         ((CPUMIPSState*)cpu_env)->active_tc.gpr[3] = host_pipe[1];
1525         return host_pipe[0];
1526 #elif defined(TARGET_SH4)
1527         ((CPUSH4State*)cpu_env)->gregs[1] = host_pipe[1];
1528         return host_pipe[0];
1529 #elif defined(TARGET_SPARC)
1530         ((CPUSPARCState*)cpu_env)->regwptr[1] = host_pipe[1];
1531         return host_pipe[0];
1532 #endif
1533     }
1534 
1535     if (put_user_s32(host_pipe[0], pipedes)
1536         || put_user_s32(host_pipe[1], pipedes + sizeof(host_pipe[0])))
1537         return -TARGET_EFAULT;
1538     return get_errno(ret);
1539 }
1540 
1541 static inline abi_long target_to_host_ip_mreq(struct ip_mreqn *mreqn,
1542                                               abi_ulong target_addr,
1543                                               socklen_t len)
1544 {
1545     struct target_ip_mreqn *target_smreqn;
1546 
1547     target_smreqn = lock_user(VERIFY_READ, target_addr, len, 1);
1548     if (!target_smreqn)
1549         return -TARGET_EFAULT;
1550     mreqn->imr_multiaddr.s_addr = target_smreqn->imr_multiaddr.s_addr;
1551     mreqn->imr_address.s_addr = target_smreqn->imr_address.s_addr;
1552     if (len == sizeof(struct target_ip_mreqn))
1553         mreqn->imr_ifindex = tswapal(target_smreqn->imr_ifindex);
1554     unlock_user(target_smreqn, target_addr, 0);
1555 
1556     return 0;
1557 }
1558 
1559 static inline abi_long target_to_host_sockaddr(int fd, struct sockaddr *addr,
1560                                                abi_ulong target_addr,
1561                                                socklen_t len)
1562 {
1563     const socklen_t unix_maxlen = sizeof (struct sockaddr_un);
1564     sa_family_t sa_family;
1565     struct target_sockaddr *target_saddr;
1566 
1567     if (fd_trans_target_to_host_addr(fd)) {
1568         return fd_trans_target_to_host_addr(fd)(addr, target_addr, len);
1569     }
1570 
1571     target_saddr = lock_user(VERIFY_READ, target_addr, len, 1);
1572     if (!target_saddr)
1573         return -TARGET_EFAULT;
1574 
1575     sa_family = tswap16(target_saddr->sa_family);
1576 
1577     /* Oops. The caller might send a incomplete sun_path; sun_path
1578      * must be terminated by \0 (see the manual page), but
1579      * unfortunately it is quite common to specify sockaddr_un
1580      * length as "strlen(x->sun_path)" while it should be
1581      * "strlen(...) + 1". We'll fix that here if needed.
1582      * Linux kernel has a similar feature.
1583      */
1584 
1585     if (sa_family == AF_UNIX) {
1586         if (len < unix_maxlen && len > 0) {
1587             char *cp = (char*)target_saddr;
1588 
1589             if ( cp[len-1] && !cp[len] )
1590                 len++;
1591         }
1592         if (len > unix_maxlen)
1593             len = unix_maxlen;
1594     }
1595 
1596     memcpy(addr, target_saddr, len);
1597     addr->sa_family = sa_family;
1598     if (sa_family == AF_NETLINK) {
1599         struct sockaddr_nl *nladdr;
1600 
1601         nladdr = (struct sockaddr_nl *)addr;
1602         nladdr->nl_pid = tswap32(nladdr->nl_pid);
1603         nladdr->nl_groups = tswap32(nladdr->nl_groups);
1604     } else if (sa_family == AF_PACKET) {
1605 	struct target_sockaddr_ll *lladdr;
1606 
1607 	lladdr = (struct target_sockaddr_ll *)addr;
1608 	lladdr->sll_ifindex = tswap32(lladdr->sll_ifindex);
1609 	lladdr->sll_hatype = tswap16(lladdr->sll_hatype);
1610     }
1611     unlock_user(target_saddr, target_addr, 0);
1612 
1613     return 0;
1614 }
1615 
1616 static inline abi_long host_to_target_sockaddr(abi_ulong target_addr,
1617                                                struct sockaddr *addr,
1618                                                socklen_t len)
1619 {
1620     struct target_sockaddr *target_saddr;
1621 
1622     if (len == 0) {
1623         return 0;
1624     }
1625 
1626     target_saddr = lock_user(VERIFY_WRITE, target_addr, len, 0);
1627     if (!target_saddr)
1628         return -TARGET_EFAULT;
1629     memcpy(target_saddr, addr, len);
1630     if (len >= offsetof(struct target_sockaddr, sa_family) +
1631         sizeof(target_saddr->sa_family)) {
1632         target_saddr->sa_family = tswap16(addr->sa_family);
1633     }
1634     if (addr->sa_family == AF_NETLINK && len >= sizeof(struct sockaddr_nl)) {
1635         struct sockaddr_nl *target_nl = (struct sockaddr_nl *)target_saddr;
1636         target_nl->nl_pid = tswap32(target_nl->nl_pid);
1637         target_nl->nl_groups = tswap32(target_nl->nl_groups);
1638     } else if (addr->sa_family == AF_PACKET) {
1639         struct sockaddr_ll *target_ll = (struct sockaddr_ll *)target_saddr;
1640         target_ll->sll_ifindex = tswap32(target_ll->sll_ifindex);
1641         target_ll->sll_hatype = tswap16(target_ll->sll_hatype);
1642     } else if (addr->sa_family == AF_INET6 &&
1643                len >= sizeof(struct target_sockaddr_in6)) {
1644         struct target_sockaddr_in6 *target_in6 =
1645                (struct target_sockaddr_in6 *)target_saddr;
1646         target_in6->sin6_scope_id = tswap16(target_in6->sin6_scope_id);
1647     }
1648     unlock_user(target_saddr, target_addr, len);
1649 
1650     return 0;
1651 }
1652 
1653 static inline abi_long target_to_host_cmsg(struct msghdr *msgh,
1654                                            struct target_msghdr *target_msgh)
1655 {
1656     struct cmsghdr *cmsg = CMSG_FIRSTHDR(msgh);
1657     abi_long msg_controllen;
1658     abi_ulong target_cmsg_addr;
1659     struct target_cmsghdr *target_cmsg, *target_cmsg_start;
1660     socklen_t space = 0;
1661 
1662     msg_controllen = tswapal(target_msgh->msg_controllen);
1663     if (msg_controllen < sizeof (struct target_cmsghdr))
1664         goto the_end;
1665     target_cmsg_addr = tswapal(target_msgh->msg_control);
1666     target_cmsg = lock_user(VERIFY_READ, target_cmsg_addr, msg_controllen, 1);
1667     target_cmsg_start = target_cmsg;
1668     if (!target_cmsg)
1669         return -TARGET_EFAULT;
1670 
1671     while (cmsg && target_cmsg) {
1672         void *data = CMSG_DATA(cmsg);
1673         void *target_data = TARGET_CMSG_DATA(target_cmsg);
1674 
1675         int len = tswapal(target_cmsg->cmsg_len)
1676                   - TARGET_CMSG_ALIGN(sizeof (struct target_cmsghdr));
1677 
1678         space += CMSG_SPACE(len);
1679         if (space > msgh->msg_controllen) {
1680             space -= CMSG_SPACE(len);
1681             /* This is a QEMU bug, since we allocated the payload
1682              * area ourselves (unlike overflow in host-to-target
1683              * conversion, which is just the guest giving us a buffer
1684              * that's too small). It can't happen for the payload types
1685              * we currently support; if it becomes an issue in future
1686              * we would need to improve our allocation strategy to
1687              * something more intelligent than "twice the size of the
1688              * target buffer we're reading from".
1689              */
1690             gemu_log("Host cmsg overflow\n");
1691             break;
1692         }
1693 
1694         if (tswap32(target_cmsg->cmsg_level) == TARGET_SOL_SOCKET) {
1695             cmsg->cmsg_level = SOL_SOCKET;
1696         } else {
1697             cmsg->cmsg_level = tswap32(target_cmsg->cmsg_level);
1698         }
1699         cmsg->cmsg_type = tswap32(target_cmsg->cmsg_type);
1700         cmsg->cmsg_len = CMSG_LEN(len);
1701 
1702         if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {
1703             int *fd = (int *)data;
1704             int *target_fd = (int *)target_data;
1705             int i, numfds = len / sizeof(int);
1706 
1707             for (i = 0; i < numfds; i++) {
1708                 __get_user(fd[i], target_fd + i);
1709             }
1710         } else if (cmsg->cmsg_level == SOL_SOCKET
1711                &&  cmsg->cmsg_type == SCM_CREDENTIALS) {
1712             struct ucred *cred = (struct ucred *)data;
1713             struct target_ucred *target_cred =
1714                 (struct target_ucred *)target_data;
1715 
1716             __get_user(cred->pid, &target_cred->pid);
1717             __get_user(cred->uid, &target_cred->uid);
1718             __get_user(cred->gid, &target_cred->gid);
1719         } else {
1720             gemu_log("Unsupported ancillary data: %d/%d\n",
1721                                         cmsg->cmsg_level, cmsg->cmsg_type);
1722             memcpy(data, target_data, len);
1723         }
1724 
1725         cmsg = CMSG_NXTHDR(msgh, cmsg);
1726         target_cmsg = TARGET_CMSG_NXTHDR(target_msgh, target_cmsg,
1727                                          target_cmsg_start);
1728     }
1729     unlock_user(target_cmsg, target_cmsg_addr, 0);
1730  the_end:
1731     msgh->msg_controllen = space;
1732     return 0;
1733 }
1734 
1735 static inline abi_long host_to_target_cmsg(struct target_msghdr *target_msgh,
1736                                            struct msghdr *msgh)
1737 {
1738     struct cmsghdr *cmsg = CMSG_FIRSTHDR(msgh);
1739     abi_long msg_controllen;
1740     abi_ulong target_cmsg_addr;
1741     struct target_cmsghdr *target_cmsg, *target_cmsg_start;
1742     socklen_t space = 0;
1743 
1744     msg_controllen = tswapal(target_msgh->msg_controllen);
1745     if (msg_controllen < sizeof (struct target_cmsghdr))
1746         goto the_end;
1747     target_cmsg_addr = tswapal(target_msgh->msg_control);
1748     target_cmsg = lock_user(VERIFY_WRITE, target_cmsg_addr, msg_controllen, 0);
1749     target_cmsg_start = target_cmsg;
1750     if (!target_cmsg)
1751         return -TARGET_EFAULT;
1752 
1753     while (cmsg && target_cmsg) {
1754         void *data = CMSG_DATA(cmsg);
1755         void *target_data = TARGET_CMSG_DATA(target_cmsg);
1756 
1757         int len = cmsg->cmsg_len - CMSG_ALIGN(sizeof (struct cmsghdr));
1758         int tgt_len, tgt_space;
1759 
1760         /* We never copy a half-header but may copy half-data;
1761          * this is Linux's behaviour in put_cmsg(). Note that
1762          * truncation here is a guest problem (which we report
1763          * to the guest via the CTRUNC bit), unlike truncation
1764          * in target_to_host_cmsg, which is a QEMU bug.
1765          */
1766         if (msg_controllen < sizeof(struct cmsghdr)) {
1767             target_msgh->msg_flags |= tswap32(MSG_CTRUNC);
1768             break;
1769         }
1770 
1771         if (cmsg->cmsg_level == SOL_SOCKET) {
1772             target_cmsg->cmsg_level = tswap32(TARGET_SOL_SOCKET);
1773         } else {
1774             target_cmsg->cmsg_level = tswap32(cmsg->cmsg_level);
1775         }
1776         target_cmsg->cmsg_type = tswap32(cmsg->cmsg_type);
1777 
1778         tgt_len = TARGET_CMSG_LEN(len);
1779 
1780         /* Payload types which need a different size of payload on
1781          * the target must adjust tgt_len here.
1782          */
1783         switch (cmsg->cmsg_level) {
1784         case SOL_SOCKET:
1785             switch (cmsg->cmsg_type) {
1786             case SO_TIMESTAMP:
1787                 tgt_len = sizeof(struct target_timeval);
1788                 break;
1789             default:
1790                 break;
1791             }
1792         default:
1793             break;
1794         }
1795 
1796         if (msg_controllen < tgt_len) {
1797             target_msgh->msg_flags |= tswap32(MSG_CTRUNC);
1798             tgt_len = msg_controllen;
1799         }
1800 
1801         /* We must now copy-and-convert len bytes of payload
1802          * into tgt_len bytes of destination space. Bear in mind
1803          * that in both source and destination we may be dealing
1804          * with a truncated value!
1805          */
1806         switch (cmsg->cmsg_level) {
1807         case SOL_SOCKET:
1808             switch (cmsg->cmsg_type) {
1809             case SCM_RIGHTS:
1810             {
1811                 int *fd = (int *)data;
1812                 int *target_fd = (int *)target_data;
1813                 int i, numfds = tgt_len / sizeof(int);
1814 
1815                 for (i = 0; i < numfds; i++) {
1816                     __put_user(fd[i], target_fd + i);
1817                 }
1818                 break;
1819             }
1820             case SO_TIMESTAMP:
1821             {
1822                 struct timeval *tv = (struct timeval *)data;
1823                 struct target_timeval *target_tv =
1824                     (struct target_timeval *)target_data;
1825 
1826                 if (len != sizeof(struct timeval) ||
1827                     tgt_len != sizeof(struct target_timeval)) {
1828                     goto unimplemented;
1829                 }
1830 
1831                 /* copy struct timeval to target */
1832                 __put_user(tv->tv_sec, &target_tv->tv_sec);
1833                 __put_user(tv->tv_usec, &target_tv->tv_usec);
1834                 break;
1835             }
1836             case SCM_CREDENTIALS:
1837             {
1838                 struct ucred *cred = (struct ucred *)data;
1839                 struct target_ucred *target_cred =
1840                     (struct target_ucred *)target_data;
1841 
1842                 __put_user(cred->pid, &target_cred->pid);
1843                 __put_user(cred->uid, &target_cred->uid);
1844                 __put_user(cred->gid, &target_cred->gid);
1845                 break;
1846             }
1847             default:
1848                 goto unimplemented;
1849             }
1850             break;
1851 
1852         case SOL_IP:
1853             switch (cmsg->cmsg_type) {
1854             case IP_TTL:
1855             {
1856                 uint32_t *v = (uint32_t *)data;
1857                 uint32_t *t_int = (uint32_t *)target_data;
1858 
1859                 __put_user(*v, t_int);
1860                 break;
1861             }
1862             case IP_RECVERR:
1863             {
1864                 struct errhdr_t {
1865                    struct sock_extended_err ee;
1866                    struct sockaddr_in offender;
1867                 };
1868                 struct errhdr_t *errh = (struct errhdr_t *)data;
1869                 struct errhdr_t *target_errh =
1870                     (struct errhdr_t *)target_data;
1871 
1872                 __put_user(errh->ee.ee_errno, &target_errh->ee.ee_errno);
1873                 __put_user(errh->ee.ee_origin, &target_errh->ee.ee_origin);
1874                 __put_user(errh->ee.ee_type,  &target_errh->ee.ee_type);
1875                 __put_user(errh->ee.ee_code, &target_errh->ee.ee_code);
1876                 __put_user(errh->ee.ee_pad, &target_errh->ee.ee_pad);
1877                 __put_user(errh->ee.ee_info, &target_errh->ee.ee_info);
1878                 __put_user(errh->ee.ee_data, &target_errh->ee.ee_data);
1879                 host_to_target_sockaddr((unsigned long) &target_errh->offender,
1880                     (void *) &errh->offender, sizeof(errh->offender));
1881                 break;
1882             }
1883             default:
1884                 goto unimplemented;
1885             }
1886             break;
1887 
1888         case SOL_IPV6:
1889             switch (cmsg->cmsg_type) {
1890             case IPV6_HOPLIMIT:
1891             {
1892                 uint32_t *v = (uint32_t *)data;
1893                 uint32_t *t_int = (uint32_t *)target_data;
1894 
1895                 __put_user(*v, t_int);
1896                 break;
1897             }
1898             case IPV6_RECVERR:
1899             {
1900                 struct errhdr6_t {
1901                    struct sock_extended_err ee;
1902                    struct sockaddr_in6 offender;
1903                 };
1904                 struct errhdr6_t *errh = (struct errhdr6_t *)data;
1905                 struct errhdr6_t *target_errh =
1906                     (struct errhdr6_t *)target_data;
1907 
1908                 __put_user(errh->ee.ee_errno, &target_errh->ee.ee_errno);
1909                 __put_user(errh->ee.ee_origin, &target_errh->ee.ee_origin);
1910                 __put_user(errh->ee.ee_type,  &target_errh->ee.ee_type);
1911                 __put_user(errh->ee.ee_code, &target_errh->ee.ee_code);
1912                 __put_user(errh->ee.ee_pad, &target_errh->ee.ee_pad);
1913                 __put_user(errh->ee.ee_info, &target_errh->ee.ee_info);
1914                 __put_user(errh->ee.ee_data, &target_errh->ee.ee_data);
1915                 host_to_target_sockaddr((unsigned long) &target_errh->offender,
1916                     (void *) &errh->offender, sizeof(errh->offender));
1917                 break;
1918             }
1919             default:
1920                 goto unimplemented;
1921             }
1922             break;
1923 
1924         default:
1925         unimplemented:
1926             gemu_log("Unsupported ancillary data: %d/%d\n",
1927                                         cmsg->cmsg_level, cmsg->cmsg_type);
1928             memcpy(target_data, data, MIN(len, tgt_len));
1929             if (tgt_len > len) {
1930                 memset(target_data + len, 0, tgt_len - len);
1931             }
1932         }
1933 
1934         target_cmsg->cmsg_len = tswapal(tgt_len);
1935         tgt_space = TARGET_CMSG_SPACE(len);
1936         if (msg_controllen < tgt_space) {
1937             tgt_space = msg_controllen;
1938         }
1939         msg_controllen -= tgt_space;
1940         space += tgt_space;
1941         cmsg = CMSG_NXTHDR(msgh, cmsg);
1942         target_cmsg = TARGET_CMSG_NXTHDR(target_msgh, target_cmsg,
1943                                          target_cmsg_start);
1944     }
1945     unlock_user(target_cmsg, target_cmsg_addr, space);
1946  the_end:
1947     target_msgh->msg_controllen = tswapal(space);
1948     return 0;
1949 }
1950 
1951 static void tswap_nlmsghdr(struct nlmsghdr *nlh)
1952 {
1953     nlh->nlmsg_len = tswap32(nlh->nlmsg_len);
1954     nlh->nlmsg_type = tswap16(nlh->nlmsg_type);
1955     nlh->nlmsg_flags = tswap16(nlh->nlmsg_flags);
1956     nlh->nlmsg_seq = tswap32(nlh->nlmsg_seq);
1957     nlh->nlmsg_pid = tswap32(nlh->nlmsg_pid);
1958 }
1959 
1960 static abi_long host_to_target_for_each_nlmsg(struct nlmsghdr *nlh,
1961                                               size_t len,
1962                                               abi_long (*host_to_target_nlmsg)
1963                                                        (struct nlmsghdr *))
1964 {
1965     uint32_t nlmsg_len;
1966     abi_long ret;
1967 
1968     while (len > sizeof(struct nlmsghdr)) {
1969 
1970         nlmsg_len = nlh->nlmsg_len;
1971         if (nlmsg_len < sizeof(struct nlmsghdr) ||
1972             nlmsg_len > len) {
1973             break;
1974         }
1975 
1976         switch (nlh->nlmsg_type) {
1977         case NLMSG_DONE:
1978             tswap_nlmsghdr(nlh);
1979             return 0;
1980         case NLMSG_NOOP:
1981             break;
1982         case NLMSG_ERROR:
1983         {
1984             struct nlmsgerr *e = NLMSG_DATA(nlh);
1985             e->error = tswap32(e->error);
1986             tswap_nlmsghdr(&e->msg);
1987             tswap_nlmsghdr(nlh);
1988             return 0;
1989         }
1990         default:
1991             ret = host_to_target_nlmsg(nlh);
1992             if (ret < 0) {
1993                 tswap_nlmsghdr(nlh);
1994                 return ret;
1995             }
1996             break;
1997         }
1998         tswap_nlmsghdr(nlh);
1999         len -= NLMSG_ALIGN(nlmsg_len);
2000         nlh = (struct nlmsghdr *)(((char*)nlh) + NLMSG_ALIGN(nlmsg_len));
2001     }
2002     return 0;
2003 }
2004 
2005 static abi_long target_to_host_for_each_nlmsg(struct nlmsghdr *nlh,
2006                                               size_t len,
2007                                               abi_long (*target_to_host_nlmsg)
2008                                                        (struct nlmsghdr *))
2009 {
2010     int ret;
2011 
2012     while (len > sizeof(struct nlmsghdr)) {
2013         if (tswap32(nlh->nlmsg_len) < sizeof(struct nlmsghdr) ||
2014             tswap32(nlh->nlmsg_len) > len) {
2015             break;
2016         }
2017         tswap_nlmsghdr(nlh);
2018         switch (nlh->nlmsg_type) {
2019         case NLMSG_DONE:
2020             return 0;
2021         case NLMSG_NOOP:
2022             break;
2023         case NLMSG_ERROR:
2024         {
2025             struct nlmsgerr *e = NLMSG_DATA(nlh);
2026             e->error = tswap32(e->error);
2027             tswap_nlmsghdr(&e->msg);
2028             return 0;
2029         }
2030         default:
2031             ret = target_to_host_nlmsg(nlh);
2032             if (ret < 0) {
2033                 return ret;
2034             }
2035         }
2036         len -= NLMSG_ALIGN(nlh->nlmsg_len);
2037         nlh = (struct nlmsghdr *)(((char *)nlh) + NLMSG_ALIGN(nlh->nlmsg_len));
2038     }
2039     return 0;
2040 }
2041 
2042 #ifdef CONFIG_RTNETLINK
2043 static abi_long host_to_target_for_each_nlattr(struct nlattr *nlattr,
2044                                                size_t len, void *context,
2045                                                abi_long (*host_to_target_nlattr)
2046                                                         (struct nlattr *,
2047                                                          void *context))
2048 {
2049     unsigned short nla_len;
2050     abi_long ret;
2051 
2052     while (len > sizeof(struct nlattr)) {
2053         nla_len = nlattr->nla_len;
2054         if (nla_len < sizeof(struct nlattr) ||
2055             nla_len > len) {
2056             break;
2057         }
2058         ret = host_to_target_nlattr(nlattr, context);
2059         nlattr->nla_len = tswap16(nlattr->nla_len);
2060         nlattr->nla_type = tswap16(nlattr->nla_type);
2061         if (ret < 0) {
2062             return ret;
2063         }
2064         len -= NLA_ALIGN(nla_len);
2065         nlattr = (struct nlattr *)(((char *)nlattr) + NLA_ALIGN(nla_len));
2066     }
2067     return 0;
2068 }
2069 
2070 static abi_long host_to_target_for_each_rtattr(struct rtattr *rtattr,
2071                                                size_t len,
2072                                                abi_long (*host_to_target_rtattr)
2073                                                         (struct rtattr *))
2074 {
2075     unsigned short rta_len;
2076     abi_long ret;
2077 
2078     while (len > sizeof(struct rtattr)) {
2079         rta_len = rtattr->rta_len;
2080         if (rta_len < sizeof(struct rtattr) ||
2081             rta_len > len) {
2082             break;
2083         }
2084         ret = host_to_target_rtattr(rtattr);
2085         rtattr->rta_len = tswap16(rtattr->rta_len);
2086         rtattr->rta_type = tswap16(rtattr->rta_type);
2087         if (ret < 0) {
2088             return ret;
2089         }
2090         len -= RTA_ALIGN(rta_len);
2091         rtattr = (struct rtattr *)(((char *)rtattr) + RTA_ALIGN(rta_len));
2092     }
2093     return 0;
2094 }
2095 
2096 #define NLA_DATA(nla) ((void *)((char *)(nla)) + NLA_HDRLEN)
2097 
2098 static abi_long host_to_target_data_bridge_nlattr(struct nlattr *nlattr,
2099                                                   void *context)
2100 {
2101     uint16_t *u16;
2102     uint32_t *u32;
2103     uint64_t *u64;
2104 
2105     switch (nlattr->nla_type) {
2106     /* no data */
2107     case QEMU_IFLA_BR_FDB_FLUSH:
2108         break;
2109     /* binary */
2110     case QEMU_IFLA_BR_GROUP_ADDR:
2111         break;
2112     /* uint8_t */
2113     case QEMU_IFLA_BR_VLAN_FILTERING:
2114     case QEMU_IFLA_BR_TOPOLOGY_CHANGE:
2115     case QEMU_IFLA_BR_TOPOLOGY_CHANGE_DETECTED:
2116     case QEMU_IFLA_BR_MCAST_ROUTER:
2117     case QEMU_IFLA_BR_MCAST_SNOOPING:
2118     case QEMU_IFLA_BR_MCAST_QUERY_USE_IFADDR:
2119     case QEMU_IFLA_BR_MCAST_QUERIER:
2120     case QEMU_IFLA_BR_NF_CALL_IPTABLES:
2121     case QEMU_IFLA_BR_NF_CALL_IP6TABLES:
2122     case QEMU_IFLA_BR_NF_CALL_ARPTABLES:
2123         break;
2124     /* uint16_t */
2125     case QEMU_IFLA_BR_PRIORITY:
2126     case QEMU_IFLA_BR_VLAN_PROTOCOL:
2127     case QEMU_IFLA_BR_GROUP_FWD_MASK:
2128     case QEMU_IFLA_BR_ROOT_PORT:
2129     case QEMU_IFLA_BR_VLAN_DEFAULT_PVID:
2130         u16 = NLA_DATA(nlattr);
2131         *u16 = tswap16(*u16);
2132         break;
2133     /* uint32_t */
2134     case QEMU_IFLA_BR_FORWARD_DELAY:
2135     case QEMU_IFLA_BR_HELLO_TIME:
2136     case QEMU_IFLA_BR_MAX_AGE:
2137     case QEMU_IFLA_BR_AGEING_TIME:
2138     case QEMU_IFLA_BR_STP_STATE:
2139     case QEMU_IFLA_BR_ROOT_PATH_COST:
2140     case QEMU_IFLA_BR_MCAST_HASH_ELASTICITY:
2141     case QEMU_IFLA_BR_MCAST_HASH_MAX:
2142     case QEMU_IFLA_BR_MCAST_LAST_MEMBER_CNT:
2143     case QEMU_IFLA_BR_MCAST_STARTUP_QUERY_CNT:
2144         u32 = NLA_DATA(nlattr);
2145         *u32 = tswap32(*u32);
2146         break;
2147     /* uint64_t */
2148     case QEMU_IFLA_BR_HELLO_TIMER:
2149     case QEMU_IFLA_BR_TCN_TIMER:
2150     case QEMU_IFLA_BR_GC_TIMER:
2151     case QEMU_IFLA_BR_TOPOLOGY_CHANGE_TIMER:
2152     case QEMU_IFLA_BR_MCAST_LAST_MEMBER_INTVL:
2153     case QEMU_IFLA_BR_MCAST_MEMBERSHIP_INTVL:
2154     case QEMU_IFLA_BR_MCAST_QUERIER_INTVL:
2155     case QEMU_IFLA_BR_MCAST_QUERY_INTVL:
2156     case QEMU_IFLA_BR_MCAST_QUERY_RESPONSE_INTVL:
2157     case QEMU_IFLA_BR_MCAST_STARTUP_QUERY_INTVL:
2158         u64 = NLA_DATA(nlattr);
2159         *u64 = tswap64(*u64);
2160         break;
2161     /* ifla_bridge_id: uin8_t[] */
2162     case QEMU_IFLA_BR_ROOT_ID:
2163     case QEMU_IFLA_BR_BRIDGE_ID:
2164         break;
2165     default:
2166         gemu_log("Unknown QEMU_IFLA_BR type %d\n", nlattr->nla_type);
2167         break;
2168     }
2169     return 0;
2170 }
2171 
2172 static abi_long host_to_target_slave_data_bridge_nlattr(struct nlattr *nlattr,
2173                                                         void *context)
2174 {
2175     uint16_t *u16;
2176     uint32_t *u32;
2177     uint64_t *u64;
2178 
2179     switch (nlattr->nla_type) {
2180     /* uint8_t */
2181     case QEMU_IFLA_BRPORT_STATE:
2182     case QEMU_IFLA_BRPORT_MODE:
2183     case QEMU_IFLA_BRPORT_GUARD:
2184     case QEMU_IFLA_BRPORT_PROTECT:
2185     case QEMU_IFLA_BRPORT_FAST_LEAVE:
2186     case QEMU_IFLA_BRPORT_LEARNING:
2187     case QEMU_IFLA_BRPORT_UNICAST_FLOOD:
2188     case QEMU_IFLA_BRPORT_PROXYARP:
2189     case QEMU_IFLA_BRPORT_LEARNING_SYNC:
2190     case QEMU_IFLA_BRPORT_PROXYARP_WIFI:
2191     case QEMU_IFLA_BRPORT_TOPOLOGY_CHANGE_ACK:
2192     case QEMU_IFLA_BRPORT_CONFIG_PENDING:
2193     case QEMU_IFLA_BRPORT_MULTICAST_ROUTER:
2194         break;
2195     /* uint16_t */
2196     case QEMU_IFLA_BRPORT_PRIORITY:
2197     case QEMU_IFLA_BRPORT_DESIGNATED_PORT:
2198     case QEMU_IFLA_BRPORT_DESIGNATED_COST:
2199     case QEMU_IFLA_BRPORT_ID:
2200     case QEMU_IFLA_BRPORT_NO:
2201         u16 = NLA_DATA(nlattr);
2202         *u16 = tswap16(*u16);
2203         break;
2204     /* uin32_t */
2205     case QEMU_IFLA_BRPORT_COST:
2206         u32 = NLA_DATA(nlattr);
2207         *u32 = tswap32(*u32);
2208         break;
2209     /* uint64_t */
2210     case QEMU_IFLA_BRPORT_MESSAGE_AGE_TIMER:
2211     case QEMU_IFLA_BRPORT_FORWARD_DELAY_TIMER:
2212     case QEMU_IFLA_BRPORT_HOLD_TIMER:
2213         u64 = NLA_DATA(nlattr);
2214         *u64 = tswap64(*u64);
2215         break;
2216     /* ifla_bridge_id: uint8_t[] */
2217     case QEMU_IFLA_BRPORT_ROOT_ID:
2218     case QEMU_IFLA_BRPORT_BRIDGE_ID:
2219         break;
2220     default:
2221         gemu_log("Unknown QEMU_IFLA_BRPORT type %d\n", nlattr->nla_type);
2222         break;
2223     }
2224     return 0;
2225 }
2226 
2227 struct linkinfo_context {
2228     int len;
2229     char *name;
2230     int slave_len;
2231     char *slave_name;
2232 };
2233 
2234 static abi_long host_to_target_data_linkinfo_nlattr(struct nlattr *nlattr,
2235                                                     void *context)
2236 {
2237     struct linkinfo_context *li_context = context;
2238 
2239     switch (nlattr->nla_type) {
2240     /* string */
2241     case QEMU_IFLA_INFO_KIND:
2242         li_context->name = NLA_DATA(nlattr);
2243         li_context->len = nlattr->nla_len - NLA_HDRLEN;
2244         break;
2245     case QEMU_IFLA_INFO_SLAVE_KIND:
2246         li_context->slave_name = NLA_DATA(nlattr);
2247         li_context->slave_len = nlattr->nla_len - NLA_HDRLEN;
2248         break;
2249     /* stats */
2250     case QEMU_IFLA_INFO_XSTATS:
2251         /* FIXME: only used by CAN */
2252         break;
2253     /* nested */
2254     case QEMU_IFLA_INFO_DATA:
2255         if (strncmp(li_context->name, "bridge",
2256                     li_context->len) == 0) {
2257             return host_to_target_for_each_nlattr(NLA_DATA(nlattr),
2258                                                   nlattr->nla_len,
2259                                                   NULL,
2260                                              host_to_target_data_bridge_nlattr);
2261         } else {
2262             gemu_log("Unknown QEMU_IFLA_INFO_KIND %s\n", li_context->name);
2263         }
2264         break;
2265     case QEMU_IFLA_INFO_SLAVE_DATA:
2266         if (strncmp(li_context->slave_name, "bridge",
2267                     li_context->slave_len) == 0) {
2268             return host_to_target_for_each_nlattr(NLA_DATA(nlattr),
2269                                                   nlattr->nla_len,
2270                                                   NULL,
2271                                        host_to_target_slave_data_bridge_nlattr);
2272         } else {
2273             gemu_log("Unknown QEMU_IFLA_INFO_SLAVE_KIND %s\n",
2274                      li_context->slave_name);
2275         }
2276         break;
2277     default:
2278         gemu_log("Unknown host QEMU_IFLA_INFO type: %d\n", nlattr->nla_type);
2279         break;
2280     }
2281 
2282     return 0;
2283 }
2284 
2285 static abi_long host_to_target_data_inet_nlattr(struct nlattr *nlattr,
2286                                                 void *context)
2287 {
2288     uint32_t *u32;
2289     int i;
2290 
2291     switch (nlattr->nla_type) {
2292     case QEMU_IFLA_INET_CONF:
2293         u32 = NLA_DATA(nlattr);
2294         for (i = 0; i < (nlattr->nla_len - NLA_HDRLEN) / sizeof(*u32);
2295              i++) {
2296             u32[i] = tswap32(u32[i]);
2297         }
2298         break;
2299     default:
2300         gemu_log("Unknown host AF_INET type: %d\n", nlattr->nla_type);
2301     }
2302     return 0;
2303 }
2304 
2305 static abi_long host_to_target_data_inet6_nlattr(struct nlattr *nlattr,
2306                                                 void *context)
2307 {
2308     uint32_t *u32;
2309     uint64_t *u64;
2310     struct ifla_cacheinfo *ci;
2311     int i;
2312 
2313     switch (nlattr->nla_type) {
2314     /* binaries */
2315     case QEMU_IFLA_INET6_TOKEN:
2316         break;
2317     /* uint8_t */
2318     case QEMU_IFLA_INET6_ADDR_GEN_MODE:
2319         break;
2320     /* uint32_t */
2321     case QEMU_IFLA_INET6_FLAGS:
2322         u32 = NLA_DATA(nlattr);
2323         *u32 = tswap32(*u32);
2324         break;
2325     /* uint32_t[] */
2326     case QEMU_IFLA_INET6_CONF:
2327         u32 = NLA_DATA(nlattr);
2328         for (i = 0; i < (nlattr->nla_len - NLA_HDRLEN) / sizeof(*u32);
2329              i++) {
2330             u32[i] = tswap32(u32[i]);
2331         }
2332         break;
2333     /* ifla_cacheinfo */
2334     case QEMU_IFLA_INET6_CACHEINFO:
2335         ci = NLA_DATA(nlattr);
2336         ci->max_reasm_len = tswap32(ci->max_reasm_len);
2337         ci->tstamp = tswap32(ci->tstamp);
2338         ci->reachable_time = tswap32(ci->reachable_time);
2339         ci->retrans_time = tswap32(ci->retrans_time);
2340         break;
2341     /* uint64_t[] */
2342     case QEMU_IFLA_INET6_STATS:
2343     case QEMU_IFLA_INET6_ICMP6STATS:
2344         u64 = NLA_DATA(nlattr);
2345         for (i = 0; i < (nlattr->nla_len - NLA_HDRLEN) / sizeof(*u64);
2346              i++) {
2347             u64[i] = tswap64(u64[i]);
2348         }
2349         break;
2350     default:
2351         gemu_log("Unknown host AF_INET6 type: %d\n", nlattr->nla_type);
2352     }
2353     return 0;
2354 }
2355 
2356 static abi_long host_to_target_data_spec_nlattr(struct nlattr *nlattr,
2357                                                     void *context)
2358 {
2359     switch (nlattr->nla_type) {
2360     case AF_INET:
2361         return host_to_target_for_each_nlattr(NLA_DATA(nlattr), nlattr->nla_len,
2362                                               NULL,
2363                                              host_to_target_data_inet_nlattr);
2364     case AF_INET6:
2365         return host_to_target_for_each_nlattr(NLA_DATA(nlattr), nlattr->nla_len,
2366                                               NULL,
2367                                              host_to_target_data_inet6_nlattr);
2368     default:
2369         gemu_log("Unknown host AF_SPEC type: %d\n", nlattr->nla_type);
2370         break;
2371     }
2372     return 0;
2373 }
2374 
2375 static abi_long host_to_target_data_link_rtattr(struct rtattr *rtattr)
2376 {
2377     uint32_t *u32;
2378     struct rtnl_link_stats *st;
2379     struct rtnl_link_stats64 *st64;
2380     struct rtnl_link_ifmap *map;
2381     struct linkinfo_context li_context;
2382 
2383     switch (rtattr->rta_type) {
2384     /* binary stream */
2385     case QEMU_IFLA_ADDRESS:
2386     case QEMU_IFLA_BROADCAST:
2387     /* string */
2388     case QEMU_IFLA_IFNAME:
2389     case QEMU_IFLA_QDISC:
2390         break;
2391     /* uin8_t */
2392     case QEMU_IFLA_OPERSTATE:
2393     case QEMU_IFLA_LINKMODE:
2394     case QEMU_IFLA_CARRIER:
2395     case QEMU_IFLA_PROTO_DOWN:
2396         break;
2397     /* uint32_t */
2398     case QEMU_IFLA_MTU:
2399     case QEMU_IFLA_LINK:
2400     case QEMU_IFLA_WEIGHT:
2401     case QEMU_IFLA_TXQLEN:
2402     case QEMU_IFLA_CARRIER_CHANGES:
2403     case QEMU_IFLA_NUM_RX_QUEUES:
2404     case QEMU_IFLA_NUM_TX_QUEUES:
2405     case QEMU_IFLA_PROMISCUITY:
2406     case QEMU_IFLA_EXT_MASK:
2407     case QEMU_IFLA_LINK_NETNSID:
2408     case QEMU_IFLA_GROUP:
2409     case QEMU_IFLA_MASTER:
2410     case QEMU_IFLA_NUM_VF:
2411     case QEMU_IFLA_GSO_MAX_SEGS:
2412     case QEMU_IFLA_GSO_MAX_SIZE:
2413         u32 = RTA_DATA(rtattr);
2414         *u32 = tswap32(*u32);
2415         break;
2416     /* struct rtnl_link_stats */
2417     case QEMU_IFLA_STATS:
2418         st = RTA_DATA(rtattr);
2419         st->rx_packets = tswap32(st->rx_packets);
2420         st->tx_packets = tswap32(st->tx_packets);
2421         st->rx_bytes = tswap32(st->rx_bytes);
2422         st->tx_bytes = tswap32(st->tx_bytes);
2423         st->rx_errors = tswap32(st->rx_errors);
2424         st->tx_errors = tswap32(st->tx_errors);
2425         st->rx_dropped = tswap32(st->rx_dropped);
2426         st->tx_dropped = tswap32(st->tx_dropped);
2427         st->multicast = tswap32(st->multicast);
2428         st->collisions = tswap32(st->collisions);
2429 
2430         /* detailed rx_errors: */
2431         st->rx_length_errors = tswap32(st->rx_length_errors);
2432         st->rx_over_errors = tswap32(st->rx_over_errors);
2433         st->rx_crc_errors = tswap32(st->rx_crc_errors);
2434         st->rx_frame_errors = tswap32(st->rx_frame_errors);
2435         st->rx_fifo_errors = tswap32(st->rx_fifo_errors);
2436         st->rx_missed_errors = tswap32(st->rx_missed_errors);
2437 
2438         /* detailed tx_errors */
2439         st->tx_aborted_errors = tswap32(st->tx_aborted_errors);
2440         st->tx_carrier_errors = tswap32(st->tx_carrier_errors);
2441         st->tx_fifo_errors = tswap32(st->tx_fifo_errors);
2442         st->tx_heartbeat_errors = tswap32(st->tx_heartbeat_errors);
2443         st->tx_window_errors = tswap32(st->tx_window_errors);
2444 
2445         /* for cslip etc */
2446         st->rx_compressed = tswap32(st->rx_compressed);
2447         st->tx_compressed = tswap32(st->tx_compressed);
2448         break;
2449     /* struct rtnl_link_stats64 */
2450     case QEMU_IFLA_STATS64:
2451         st64 = RTA_DATA(rtattr);
2452         st64->rx_packets = tswap64(st64->rx_packets);
2453         st64->tx_packets = tswap64(st64->tx_packets);
2454         st64->rx_bytes = tswap64(st64->rx_bytes);
2455         st64->tx_bytes = tswap64(st64->tx_bytes);
2456         st64->rx_errors = tswap64(st64->rx_errors);
2457         st64->tx_errors = tswap64(st64->tx_errors);
2458         st64->rx_dropped = tswap64(st64->rx_dropped);
2459         st64->tx_dropped = tswap64(st64->tx_dropped);
2460         st64->multicast = tswap64(st64->multicast);
2461         st64->collisions = tswap64(st64->collisions);
2462 
2463         /* detailed rx_errors: */
2464         st64->rx_length_errors = tswap64(st64->rx_length_errors);
2465         st64->rx_over_errors = tswap64(st64->rx_over_errors);
2466         st64->rx_crc_errors = tswap64(st64->rx_crc_errors);
2467         st64->rx_frame_errors = tswap64(st64->rx_frame_errors);
2468         st64->rx_fifo_errors = tswap64(st64->rx_fifo_errors);
2469         st64->rx_missed_errors = tswap64(st64->rx_missed_errors);
2470 
2471         /* detailed tx_errors */
2472         st64->tx_aborted_errors = tswap64(st64->tx_aborted_errors);
2473         st64->tx_carrier_errors = tswap64(st64->tx_carrier_errors);
2474         st64->tx_fifo_errors = tswap64(st64->tx_fifo_errors);
2475         st64->tx_heartbeat_errors = tswap64(st64->tx_heartbeat_errors);
2476         st64->tx_window_errors = tswap64(st64->tx_window_errors);
2477 
2478         /* for cslip etc */
2479         st64->rx_compressed = tswap64(st64->rx_compressed);
2480         st64->tx_compressed = tswap64(st64->tx_compressed);
2481         break;
2482     /* struct rtnl_link_ifmap */
2483     case QEMU_IFLA_MAP:
2484         map = RTA_DATA(rtattr);
2485         map->mem_start = tswap64(map->mem_start);
2486         map->mem_end = tswap64(map->mem_end);
2487         map->base_addr = tswap64(map->base_addr);
2488         map->irq = tswap16(map->irq);
2489         break;
2490     /* nested */
2491     case QEMU_IFLA_LINKINFO:
2492         memset(&li_context, 0, sizeof(li_context));
2493         return host_to_target_for_each_nlattr(RTA_DATA(rtattr), rtattr->rta_len,
2494                                               &li_context,
2495                                            host_to_target_data_linkinfo_nlattr);
2496     case QEMU_IFLA_AF_SPEC:
2497         return host_to_target_for_each_nlattr(RTA_DATA(rtattr), rtattr->rta_len,
2498                                               NULL,
2499                                              host_to_target_data_spec_nlattr);
2500     default:
2501         gemu_log("Unknown host QEMU_IFLA type: %d\n", rtattr->rta_type);
2502         break;
2503     }
2504     return 0;
2505 }
2506 
2507 static abi_long host_to_target_data_addr_rtattr(struct rtattr *rtattr)
2508 {
2509     uint32_t *u32;
2510     struct ifa_cacheinfo *ci;
2511 
2512     switch (rtattr->rta_type) {
2513     /* binary: depends on family type */
2514     case IFA_ADDRESS:
2515     case IFA_LOCAL:
2516         break;
2517     /* string */
2518     case IFA_LABEL:
2519         break;
2520     /* u32 */
2521     case IFA_FLAGS:
2522     case IFA_BROADCAST:
2523         u32 = RTA_DATA(rtattr);
2524         *u32 = tswap32(*u32);
2525         break;
2526     /* struct ifa_cacheinfo */
2527     case IFA_CACHEINFO:
2528         ci = RTA_DATA(rtattr);
2529         ci->ifa_prefered = tswap32(ci->ifa_prefered);
2530         ci->ifa_valid = tswap32(ci->ifa_valid);
2531         ci->cstamp = tswap32(ci->cstamp);
2532         ci->tstamp = tswap32(ci->tstamp);
2533         break;
2534     default:
2535         gemu_log("Unknown host IFA type: %d\n", rtattr->rta_type);
2536         break;
2537     }
2538     return 0;
2539 }
2540 
2541 static abi_long host_to_target_data_route_rtattr(struct rtattr *rtattr)
2542 {
2543     uint32_t *u32;
2544     switch (rtattr->rta_type) {
2545     /* binary: depends on family type */
2546     case RTA_GATEWAY:
2547     case RTA_DST:
2548     case RTA_PREFSRC:
2549         break;
2550     /* u32 */
2551     case RTA_PRIORITY:
2552     case RTA_TABLE:
2553     case RTA_OIF:
2554         u32 = RTA_DATA(rtattr);
2555         *u32 = tswap32(*u32);
2556         break;
2557     default:
2558         gemu_log("Unknown host RTA type: %d\n", rtattr->rta_type);
2559         break;
2560     }
2561     return 0;
2562 }
2563 
2564 static abi_long host_to_target_link_rtattr(struct rtattr *rtattr,
2565                                          uint32_t rtattr_len)
2566 {
2567     return host_to_target_for_each_rtattr(rtattr, rtattr_len,
2568                                           host_to_target_data_link_rtattr);
2569 }
2570 
2571 static abi_long host_to_target_addr_rtattr(struct rtattr *rtattr,
2572                                          uint32_t rtattr_len)
2573 {
2574     return host_to_target_for_each_rtattr(rtattr, rtattr_len,
2575                                           host_to_target_data_addr_rtattr);
2576 }
2577 
2578 static abi_long host_to_target_route_rtattr(struct rtattr *rtattr,
2579                                          uint32_t rtattr_len)
2580 {
2581     return host_to_target_for_each_rtattr(rtattr, rtattr_len,
2582                                           host_to_target_data_route_rtattr);
2583 }
2584 
2585 static abi_long host_to_target_data_route(struct nlmsghdr *nlh)
2586 {
2587     uint32_t nlmsg_len;
2588     struct ifinfomsg *ifi;
2589     struct ifaddrmsg *ifa;
2590     struct rtmsg *rtm;
2591 
2592     nlmsg_len = nlh->nlmsg_len;
2593     switch (nlh->nlmsg_type) {
2594     case RTM_NEWLINK:
2595     case RTM_DELLINK:
2596     case RTM_GETLINK:
2597         if (nlh->nlmsg_len >= NLMSG_LENGTH(sizeof(*ifi))) {
2598             ifi = NLMSG_DATA(nlh);
2599             ifi->ifi_type = tswap16(ifi->ifi_type);
2600             ifi->ifi_index = tswap32(ifi->ifi_index);
2601             ifi->ifi_flags = tswap32(ifi->ifi_flags);
2602             ifi->ifi_change = tswap32(ifi->ifi_change);
2603             host_to_target_link_rtattr(IFLA_RTA(ifi),
2604                                        nlmsg_len - NLMSG_LENGTH(sizeof(*ifi)));
2605         }
2606         break;
2607     case RTM_NEWADDR:
2608     case RTM_DELADDR:
2609     case RTM_GETADDR:
2610         if (nlh->nlmsg_len >= NLMSG_LENGTH(sizeof(*ifa))) {
2611             ifa = NLMSG_DATA(nlh);
2612             ifa->ifa_index = tswap32(ifa->ifa_index);
2613             host_to_target_addr_rtattr(IFA_RTA(ifa),
2614                                        nlmsg_len - NLMSG_LENGTH(sizeof(*ifa)));
2615         }
2616         break;
2617     case RTM_NEWROUTE:
2618     case RTM_DELROUTE:
2619     case RTM_GETROUTE:
2620         if (nlh->nlmsg_len >= NLMSG_LENGTH(sizeof(*rtm))) {
2621             rtm = NLMSG_DATA(nlh);
2622             rtm->rtm_flags = tswap32(rtm->rtm_flags);
2623             host_to_target_route_rtattr(RTM_RTA(rtm),
2624                                         nlmsg_len - NLMSG_LENGTH(sizeof(*rtm)));
2625         }
2626         break;
2627     default:
2628         return -TARGET_EINVAL;
2629     }
2630     return 0;
2631 }
2632 
2633 static inline abi_long host_to_target_nlmsg_route(struct nlmsghdr *nlh,
2634                                                   size_t len)
2635 {
2636     return host_to_target_for_each_nlmsg(nlh, len, host_to_target_data_route);
2637 }
2638 
2639 static abi_long target_to_host_for_each_rtattr(struct rtattr *rtattr,
2640                                                size_t len,
2641                                                abi_long (*target_to_host_rtattr)
2642                                                         (struct rtattr *))
2643 {
2644     abi_long ret;
2645 
2646     while (len >= sizeof(struct rtattr)) {
2647         if (tswap16(rtattr->rta_len) < sizeof(struct rtattr) ||
2648             tswap16(rtattr->rta_len) > len) {
2649             break;
2650         }
2651         rtattr->rta_len = tswap16(rtattr->rta_len);
2652         rtattr->rta_type = tswap16(rtattr->rta_type);
2653         ret = target_to_host_rtattr(rtattr);
2654         if (ret < 0) {
2655             return ret;
2656         }
2657         len -= RTA_ALIGN(rtattr->rta_len);
2658         rtattr = (struct rtattr *)(((char *)rtattr) +
2659                  RTA_ALIGN(rtattr->rta_len));
2660     }
2661     return 0;
2662 }
2663 
2664 static abi_long target_to_host_data_link_rtattr(struct rtattr *rtattr)
2665 {
2666     switch (rtattr->rta_type) {
2667     default:
2668         gemu_log("Unknown target QEMU_IFLA type: %d\n", rtattr->rta_type);
2669         break;
2670     }
2671     return 0;
2672 }
2673 
2674 static abi_long target_to_host_data_addr_rtattr(struct rtattr *rtattr)
2675 {
2676     switch (rtattr->rta_type) {
2677     /* binary: depends on family type */
2678     case IFA_LOCAL:
2679     case IFA_ADDRESS:
2680         break;
2681     default:
2682         gemu_log("Unknown target IFA type: %d\n", rtattr->rta_type);
2683         break;
2684     }
2685     return 0;
2686 }
2687 
2688 static abi_long target_to_host_data_route_rtattr(struct rtattr *rtattr)
2689 {
2690     uint32_t *u32;
2691     switch (rtattr->rta_type) {
2692     /* binary: depends on family type */
2693     case RTA_DST:
2694     case RTA_SRC:
2695     case RTA_GATEWAY:
2696         break;
2697     /* u32 */
2698     case RTA_PRIORITY:
2699     case RTA_OIF:
2700         u32 = RTA_DATA(rtattr);
2701         *u32 = tswap32(*u32);
2702         break;
2703     default:
2704         gemu_log("Unknown target RTA type: %d\n", rtattr->rta_type);
2705         break;
2706     }
2707     return 0;
2708 }
2709 
2710 static void target_to_host_link_rtattr(struct rtattr *rtattr,
2711                                        uint32_t rtattr_len)
2712 {
2713     target_to_host_for_each_rtattr(rtattr, rtattr_len,
2714                                    target_to_host_data_link_rtattr);
2715 }
2716 
2717 static void target_to_host_addr_rtattr(struct rtattr *rtattr,
2718                                      uint32_t rtattr_len)
2719 {
2720     target_to_host_for_each_rtattr(rtattr, rtattr_len,
2721                                    target_to_host_data_addr_rtattr);
2722 }
2723 
2724 static void target_to_host_route_rtattr(struct rtattr *rtattr,
2725                                      uint32_t rtattr_len)
2726 {
2727     target_to_host_for_each_rtattr(rtattr, rtattr_len,
2728                                    target_to_host_data_route_rtattr);
2729 }
2730 
2731 static abi_long target_to_host_data_route(struct nlmsghdr *nlh)
2732 {
2733     struct ifinfomsg *ifi;
2734     struct ifaddrmsg *ifa;
2735     struct rtmsg *rtm;
2736 
2737     switch (nlh->nlmsg_type) {
2738     case RTM_GETLINK:
2739         break;
2740     case RTM_NEWLINK:
2741     case RTM_DELLINK:
2742         if (nlh->nlmsg_len >= NLMSG_LENGTH(sizeof(*ifi))) {
2743             ifi = NLMSG_DATA(nlh);
2744             ifi->ifi_type = tswap16(ifi->ifi_type);
2745             ifi->ifi_index = tswap32(ifi->ifi_index);
2746             ifi->ifi_flags = tswap32(ifi->ifi_flags);
2747             ifi->ifi_change = tswap32(ifi->ifi_change);
2748             target_to_host_link_rtattr(IFLA_RTA(ifi), nlh->nlmsg_len -
2749                                        NLMSG_LENGTH(sizeof(*ifi)));
2750         }
2751         break;
2752     case RTM_GETADDR:
2753     case RTM_NEWADDR:
2754     case RTM_DELADDR:
2755         if (nlh->nlmsg_len >= NLMSG_LENGTH(sizeof(*ifa))) {
2756             ifa = NLMSG_DATA(nlh);
2757             ifa->ifa_index = tswap32(ifa->ifa_index);
2758             target_to_host_addr_rtattr(IFA_RTA(ifa), nlh->nlmsg_len -
2759                                        NLMSG_LENGTH(sizeof(*ifa)));
2760         }
2761         break;
2762     case RTM_GETROUTE:
2763         break;
2764     case RTM_NEWROUTE:
2765     case RTM_DELROUTE:
2766         if (nlh->nlmsg_len >= NLMSG_LENGTH(sizeof(*rtm))) {
2767             rtm = NLMSG_DATA(nlh);
2768             rtm->rtm_flags = tswap32(rtm->rtm_flags);
2769             target_to_host_route_rtattr(RTM_RTA(rtm), nlh->nlmsg_len -
2770                                         NLMSG_LENGTH(sizeof(*rtm)));
2771         }
2772         break;
2773     default:
2774         return -TARGET_EOPNOTSUPP;
2775     }
2776     return 0;
2777 }
2778 
2779 static abi_long target_to_host_nlmsg_route(struct nlmsghdr *nlh, size_t len)
2780 {
2781     return target_to_host_for_each_nlmsg(nlh, len, target_to_host_data_route);
2782 }
2783 #endif /* CONFIG_RTNETLINK */
2784 
2785 static abi_long host_to_target_data_audit(struct nlmsghdr *nlh)
2786 {
2787     switch (nlh->nlmsg_type) {
2788     default:
2789         gemu_log("Unknown host audit message type %d\n",
2790                  nlh->nlmsg_type);
2791         return -TARGET_EINVAL;
2792     }
2793     return 0;
2794 }
2795 
2796 static inline abi_long host_to_target_nlmsg_audit(struct nlmsghdr *nlh,
2797                                                   size_t len)
2798 {
2799     return host_to_target_for_each_nlmsg(nlh, len, host_to_target_data_audit);
2800 }
2801 
2802 static abi_long target_to_host_data_audit(struct nlmsghdr *nlh)
2803 {
2804     switch (nlh->nlmsg_type) {
2805     case AUDIT_USER:
2806     case AUDIT_FIRST_USER_MSG ... AUDIT_LAST_USER_MSG:
2807     case AUDIT_FIRST_USER_MSG2 ... AUDIT_LAST_USER_MSG2:
2808         break;
2809     default:
2810         gemu_log("Unknown target audit message type %d\n",
2811                  nlh->nlmsg_type);
2812         return -TARGET_EINVAL;
2813     }
2814 
2815     return 0;
2816 }
2817 
2818 static abi_long target_to_host_nlmsg_audit(struct nlmsghdr *nlh, size_t len)
2819 {
2820     return target_to_host_for_each_nlmsg(nlh, len, target_to_host_data_audit);
2821 }
2822 
2823 /* do_setsockopt() Must return target values and target errnos. */
2824 static abi_long do_setsockopt(int sockfd, int level, int optname,
2825                               abi_ulong optval_addr, socklen_t optlen)
2826 {
2827     abi_long ret;
2828     int val;
2829     struct ip_mreqn *ip_mreq;
2830     struct ip_mreq_source *ip_mreq_source;
2831 
2832     switch(level) {
2833     case SOL_TCP:
2834         /* TCP options all take an 'int' value.  */
2835         if (optlen < sizeof(uint32_t))
2836             return -TARGET_EINVAL;
2837 
2838         if (get_user_u32(val, optval_addr))
2839             return -TARGET_EFAULT;
2840         ret = get_errno(setsockopt(sockfd, level, optname, &val, sizeof(val)));
2841         break;
2842     case SOL_IP:
2843         switch(optname) {
2844         case IP_TOS:
2845         case IP_TTL:
2846         case IP_HDRINCL:
2847         case IP_ROUTER_ALERT:
2848         case IP_RECVOPTS:
2849         case IP_RETOPTS:
2850         case IP_PKTINFO:
2851         case IP_MTU_DISCOVER:
2852         case IP_RECVERR:
2853         case IP_RECVTTL:
2854         case IP_RECVTOS:
2855 #ifdef IP_FREEBIND
2856         case IP_FREEBIND:
2857 #endif
2858         case IP_MULTICAST_TTL:
2859         case IP_MULTICAST_LOOP:
2860             val = 0;
2861             if (optlen >= sizeof(uint32_t)) {
2862                 if (get_user_u32(val, optval_addr))
2863                     return -TARGET_EFAULT;
2864             } else if (optlen >= 1) {
2865                 if (get_user_u8(val, optval_addr))
2866                     return -TARGET_EFAULT;
2867             }
2868             ret = get_errno(setsockopt(sockfd, level, optname, &val, sizeof(val)));
2869             break;
2870         case IP_ADD_MEMBERSHIP:
2871         case IP_DROP_MEMBERSHIP:
2872             if (optlen < sizeof (struct target_ip_mreq) ||
2873                 optlen > sizeof (struct target_ip_mreqn))
2874                 return -TARGET_EINVAL;
2875 
2876             ip_mreq = (struct ip_mreqn *) alloca(optlen);
2877             target_to_host_ip_mreq(ip_mreq, optval_addr, optlen);
2878             ret = get_errno(setsockopt(sockfd, level, optname, ip_mreq, optlen));
2879             break;
2880 
2881         case IP_BLOCK_SOURCE:
2882         case IP_UNBLOCK_SOURCE:
2883         case IP_ADD_SOURCE_MEMBERSHIP:
2884         case IP_DROP_SOURCE_MEMBERSHIP:
2885             if (optlen != sizeof (struct target_ip_mreq_source))
2886                 return -TARGET_EINVAL;
2887 
2888             ip_mreq_source = lock_user(VERIFY_READ, optval_addr, optlen, 1);
2889             ret = get_errno(setsockopt(sockfd, level, optname, ip_mreq_source, optlen));
2890             unlock_user (ip_mreq_source, optval_addr, 0);
2891             break;
2892 
2893         default:
2894             goto unimplemented;
2895         }
2896         break;
2897     case SOL_IPV6:
2898         switch (optname) {
2899         case IPV6_MTU_DISCOVER:
2900         case IPV6_MTU:
2901         case IPV6_V6ONLY:
2902         case IPV6_RECVPKTINFO:
2903         case IPV6_UNICAST_HOPS:
2904         case IPV6_RECVERR:
2905         case IPV6_RECVHOPLIMIT:
2906         case IPV6_2292HOPLIMIT:
2907         case IPV6_CHECKSUM:
2908             val = 0;
2909             if (optlen < sizeof(uint32_t)) {
2910                 return -TARGET_EINVAL;
2911             }
2912             if (get_user_u32(val, optval_addr)) {
2913                 return -TARGET_EFAULT;
2914             }
2915             ret = get_errno(setsockopt(sockfd, level, optname,
2916                                        &val, sizeof(val)));
2917             break;
2918         case IPV6_PKTINFO:
2919         {
2920             struct in6_pktinfo pki;
2921 
2922             if (optlen < sizeof(pki)) {
2923                 return -TARGET_EINVAL;
2924             }
2925 
2926             if (copy_from_user(&pki, optval_addr, sizeof(pki))) {
2927                 return -TARGET_EFAULT;
2928             }
2929 
2930             pki.ipi6_ifindex = tswap32(pki.ipi6_ifindex);
2931 
2932             ret = get_errno(setsockopt(sockfd, level, optname,
2933                                        &pki, sizeof(pki)));
2934             break;
2935         }
2936         default:
2937             goto unimplemented;
2938         }
2939         break;
2940     case SOL_ICMPV6:
2941         switch (optname) {
2942         case ICMPV6_FILTER:
2943         {
2944             struct icmp6_filter icmp6f;
2945 
2946             if (optlen > sizeof(icmp6f)) {
2947                 optlen = sizeof(icmp6f);
2948             }
2949 
2950             if (copy_from_user(&icmp6f, optval_addr, optlen)) {
2951                 return -TARGET_EFAULT;
2952             }
2953 
2954             for (val = 0; val < 8; val++) {
2955                 icmp6f.data[val] = tswap32(icmp6f.data[val]);
2956             }
2957 
2958             ret = get_errno(setsockopt(sockfd, level, optname,
2959                                        &icmp6f, optlen));
2960             break;
2961         }
2962         default:
2963             goto unimplemented;
2964         }
2965         break;
2966     case SOL_RAW:
2967         switch (optname) {
2968         case ICMP_FILTER:
2969         case IPV6_CHECKSUM:
2970             /* those take an u32 value */
2971             if (optlen < sizeof(uint32_t)) {
2972                 return -TARGET_EINVAL;
2973             }
2974 
2975             if (get_user_u32(val, optval_addr)) {
2976                 return -TARGET_EFAULT;
2977             }
2978             ret = get_errno(setsockopt(sockfd, level, optname,
2979                                        &val, sizeof(val)));
2980             break;
2981 
2982         default:
2983             goto unimplemented;
2984         }
2985         break;
2986     case TARGET_SOL_SOCKET:
2987         switch (optname) {
2988         case TARGET_SO_RCVTIMEO:
2989         {
2990                 struct timeval tv;
2991 
2992                 optname = SO_RCVTIMEO;
2993 
2994 set_timeout:
2995                 if (optlen != sizeof(struct target_timeval)) {
2996                     return -TARGET_EINVAL;
2997                 }
2998 
2999                 if (copy_from_user_timeval(&tv, optval_addr)) {
3000                     return -TARGET_EFAULT;
3001                 }
3002 
3003                 ret = get_errno(setsockopt(sockfd, SOL_SOCKET, optname,
3004                                 &tv, sizeof(tv)));
3005                 return ret;
3006         }
3007         case TARGET_SO_SNDTIMEO:
3008                 optname = SO_SNDTIMEO;
3009                 goto set_timeout;
3010         case TARGET_SO_ATTACH_FILTER:
3011         {
3012                 struct target_sock_fprog *tfprog;
3013                 struct target_sock_filter *tfilter;
3014                 struct sock_fprog fprog;
3015                 struct sock_filter *filter;
3016                 int i;
3017 
3018                 if (optlen != sizeof(*tfprog)) {
3019                     return -TARGET_EINVAL;
3020                 }
3021                 if (!lock_user_struct(VERIFY_READ, tfprog, optval_addr, 0)) {
3022                     return -TARGET_EFAULT;
3023                 }
3024                 if (!lock_user_struct(VERIFY_READ, tfilter,
3025                                       tswapal(tfprog->filter), 0)) {
3026                     unlock_user_struct(tfprog, optval_addr, 1);
3027                     return -TARGET_EFAULT;
3028                 }
3029 
3030                 fprog.len = tswap16(tfprog->len);
3031                 filter = g_try_new(struct sock_filter, fprog.len);
3032                 if (filter == NULL) {
3033                     unlock_user_struct(tfilter, tfprog->filter, 1);
3034                     unlock_user_struct(tfprog, optval_addr, 1);
3035                     return -TARGET_ENOMEM;
3036                 }
3037                 for (i = 0; i < fprog.len; i++) {
3038                     filter[i].code = tswap16(tfilter[i].code);
3039                     filter[i].jt = tfilter[i].jt;
3040                     filter[i].jf = tfilter[i].jf;
3041                     filter[i].k = tswap32(tfilter[i].k);
3042                 }
3043                 fprog.filter = filter;
3044 
3045                 ret = get_errno(setsockopt(sockfd, SOL_SOCKET,
3046                                 SO_ATTACH_FILTER, &fprog, sizeof(fprog)));
3047                 g_free(filter);
3048 
3049                 unlock_user_struct(tfilter, tfprog->filter, 1);
3050                 unlock_user_struct(tfprog, optval_addr, 1);
3051                 return ret;
3052         }
3053 	case TARGET_SO_BINDTODEVICE:
3054 	{
3055 		char *dev_ifname, *addr_ifname;
3056 
3057 		if (optlen > IFNAMSIZ - 1) {
3058 		    optlen = IFNAMSIZ - 1;
3059 		}
3060 		dev_ifname = lock_user(VERIFY_READ, optval_addr, optlen, 1);
3061 		if (!dev_ifname) {
3062 		    return -TARGET_EFAULT;
3063 		}
3064 		optname = SO_BINDTODEVICE;
3065 		addr_ifname = alloca(IFNAMSIZ);
3066 		memcpy(addr_ifname, dev_ifname, optlen);
3067 		addr_ifname[optlen] = 0;
3068 		ret = get_errno(setsockopt(sockfd, SOL_SOCKET, optname,
3069                                            addr_ifname, optlen));
3070 		unlock_user (dev_ifname, optval_addr, 0);
3071 		return ret;
3072 	}
3073             /* Options with 'int' argument.  */
3074         case TARGET_SO_DEBUG:
3075 		optname = SO_DEBUG;
3076 		break;
3077         case TARGET_SO_REUSEADDR:
3078 		optname = SO_REUSEADDR;
3079 		break;
3080         case TARGET_SO_TYPE:
3081 		optname = SO_TYPE;
3082 		break;
3083         case TARGET_SO_ERROR:
3084 		optname = SO_ERROR;
3085 		break;
3086         case TARGET_SO_DONTROUTE:
3087 		optname = SO_DONTROUTE;
3088 		break;
3089         case TARGET_SO_BROADCAST:
3090 		optname = SO_BROADCAST;
3091 		break;
3092         case TARGET_SO_SNDBUF:
3093 		optname = SO_SNDBUF;
3094 		break;
3095         case TARGET_SO_SNDBUFFORCE:
3096                 optname = SO_SNDBUFFORCE;
3097                 break;
3098         case TARGET_SO_RCVBUF:
3099 		optname = SO_RCVBUF;
3100 		break;
3101         case TARGET_SO_RCVBUFFORCE:
3102                 optname = SO_RCVBUFFORCE;
3103                 break;
3104         case TARGET_SO_KEEPALIVE:
3105 		optname = SO_KEEPALIVE;
3106 		break;
3107         case TARGET_SO_OOBINLINE:
3108 		optname = SO_OOBINLINE;
3109 		break;
3110         case TARGET_SO_NO_CHECK:
3111 		optname = SO_NO_CHECK;
3112 		break;
3113         case TARGET_SO_PRIORITY:
3114 		optname = SO_PRIORITY;
3115 		break;
3116 #ifdef SO_BSDCOMPAT
3117         case TARGET_SO_BSDCOMPAT:
3118 		optname = SO_BSDCOMPAT;
3119 		break;
3120 #endif
3121         case TARGET_SO_PASSCRED:
3122 		optname = SO_PASSCRED;
3123 		break;
3124         case TARGET_SO_PASSSEC:
3125                 optname = SO_PASSSEC;
3126                 break;
3127         case TARGET_SO_TIMESTAMP:
3128 		optname = SO_TIMESTAMP;
3129 		break;
3130         case TARGET_SO_RCVLOWAT:
3131 		optname = SO_RCVLOWAT;
3132 		break;
3133             break;
3134         default:
3135             goto unimplemented;
3136         }
3137 	if (optlen < sizeof(uint32_t))
3138             return -TARGET_EINVAL;
3139 
3140 	if (get_user_u32(val, optval_addr))
3141             return -TARGET_EFAULT;
3142 	ret = get_errno(setsockopt(sockfd, SOL_SOCKET, optname, &val, sizeof(val)));
3143         break;
3144     default:
3145     unimplemented:
3146         gemu_log("Unsupported setsockopt level=%d optname=%d\n", level, optname);
3147         ret = -TARGET_ENOPROTOOPT;
3148     }
3149     return ret;
3150 }
3151 
3152 /* do_getsockopt() Must return target values and target errnos. */
3153 static abi_long do_getsockopt(int sockfd, int level, int optname,
3154                               abi_ulong optval_addr, abi_ulong optlen)
3155 {
3156     abi_long ret;
3157     int len, val;
3158     socklen_t lv;
3159 
3160     switch(level) {
3161     case TARGET_SOL_SOCKET:
3162         level = SOL_SOCKET;
3163         switch (optname) {
3164         /* These don't just return a single integer */
3165         case TARGET_SO_LINGER:
3166         case TARGET_SO_RCVTIMEO:
3167         case TARGET_SO_SNDTIMEO:
3168         case TARGET_SO_PEERNAME:
3169             goto unimplemented;
3170         case TARGET_SO_PEERCRED: {
3171             struct ucred cr;
3172             socklen_t crlen;
3173             struct target_ucred *tcr;
3174 
3175             if (get_user_u32(len, optlen)) {
3176                 return -TARGET_EFAULT;
3177             }
3178             if (len < 0) {
3179                 return -TARGET_EINVAL;
3180             }
3181 
3182             crlen = sizeof(cr);
3183             ret = get_errno(getsockopt(sockfd, level, SO_PEERCRED,
3184                                        &cr, &crlen));
3185             if (ret < 0) {
3186                 return ret;
3187             }
3188             if (len > crlen) {
3189                 len = crlen;
3190             }
3191             if (!lock_user_struct(VERIFY_WRITE, tcr, optval_addr, 0)) {
3192                 return -TARGET_EFAULT;
3193             }
3194             __put_user(cr.pid, &tcr->pid);
3195             __put_user(cr.uid, &tcr->uid);
3196             __put_user(cr.gid, &tcr->gid);
3197             unlock_user_struct(tcr, optval_addr, 1);
3198             if (put_user_u32(len, optlen)) {
3199                 return -TARGET_EFAULT;
3200             }
3201             break;
3202         }
3203         /* Options with 'int' argument.  */
3204         case TARGET_SO_DEBUG:
3205             optname = SO_DEBUG;
3206             goto int_case;
3207         case TARGET_SO_REUSEADDR:
3208             optname = SO_REUSEADDR;
3209             goto int_case;
3210         case TARGET_SO_TYPE:
3211             optname = SO_TYPE;
3212             goto int_case;
3213         case TARGET_SO_ERROR:
3214             optname = SO_ERROR;
3215             goto int_case;
3216         case TARGET_SO_DONTROUTE:
3217             optname = SO_DONTROUTE;
3218             goto int_case;
3219         case TARGET_SO_BROADCAST:
3220             optname = SO_BROADCAST;
3221             goto int_case;
3222         case TARGET_SO_SNDBUF:
3223             optname = SO_SNDBUF;
3224             goto int_case;
3225         case TARGET_SO_RCVBUF:
3226             optname = SO_RCVBUF;
3227             goto int_case;
3228         case TARGET_SO_KEEPALIVE:
3229             optname = SO_KEEPALIVE;
3230             goto int_case;
3231         case TARGET_SO_OOBINLINE:
3232             optname = SO_OOBINLINE;
3233             goto int_case;
3234         case TARGET_SO_NO_CHECK:
3235             optname = SO_NO_CHECK;
3236             goto int_case;
3237         case TARGET_SO_PRIORITY:
3238             optname = SO_PRIORITY;
3239             goto int_case;
3240 #ifdef SO_BSDCOMPAT
3241         case TARGET_SO_BSDCOMPAT:
3242             optname = SO_BSDCOMPAT;
3243             goto int_case;
3244 #endif
3245         case TARGET_SO_PASSCRED:
3246             optname = SO_PASSCRED;
3247             goto int_case;
3248         case TARGET_SO_TIMESTAMP:
3249             optname = SO_TIMESTAMP;
3250             goto int_case;
3251         case TARGET_SO_RCVLOWAT:
3252             optname = SO_RCVLOWAT;
3253             goto int_case;
3254         case TARGET_SO_ACCEPTCONN:
3255             optname = SO_ACCEPTCONN;
3256             goto int_case;
3257         default:
3258             goto int_case;
3259         }
3260         break;
3261     case SOL_TCP:
3262         /* TCP options all take an 'int' value.  */
3263     int_case:
3264         if (get_user_u32(len, optlen))
3265             return -TARGET_EFAULT;
3266         if (len < 0)
3267             return -TARGET_EINVAL;
3268         lv = sizeof(lv);
3269         ret = get_errno(getsockopt(sockfd, level, optname, &val, &lv));
3270         if (ret < 0)
3271             return ret;
3272         if (optname == SO_TYPE) {
3273             val = host_to_target_sock_type(val);
3274         }
3275         if (len > lv)
3276             len = lv;
3277         if (len == 4) {
3278             if (put_user_u32(val, optval_addr))
3279                 return -TARGET_EFAULT;
3280         } else {
3281             if (put_user_u8(val, optval_addr))
3282                 return -TARGET_EFAULT;
3283         }
3284         if (put_user_u32(len, optlen))
3285             return -TARGET_EFAULT;
3286         break;
3287     case SOL_IP:
3288         switch(optname) {
3289         case IP_TOS:
3290         case IP_TTL:
3291         case IP_HDRINCL:
3292         case IP_ROUTER_ALERT:
3293         case IP_RECVOPTS:
3294         case IP_RETOPTS:
3295         case IP_PKTINFO:
3296         case IP_MTU_DISCOVER:
3297         case IP_RECVERR:
3298         case IP_RECVTOS:
3299 #ifdef IP_FREEBIND
3300         case IP_FREEBIND:
3301 #endif
3302         case IP_MULTICAST_TTL:
3303         case IP_MULTICAST_LOOP:
3304             if (get_user_u32(len, optlen))
3305                 return -TARGET_EFAULT;
3306             if (len < 0)
3307                 return -TARGET_EINVAL;
3308             lv = sizeof(lv);
3309             ret = get_errno(getsockopt(sockfd, level, optname, &val, &lv));
3310             if (ret < 0)
3311                 return ret;
3312             if (len < sizeof(int) && len > 0 && val >= 0 && val < 255) {
3313                 len = 1;
3314                 if (put_user_u32(len, optlen)
3315                     || put_user_u8(val, optval_addr))
3316                     return -TARGET_EFAULT;
3317             } else {
3318                 if (len > sizeof(int))
3319                     len = sizeof(int);
3320                 if (put_user_u32(len, optlen)
3321                     || put_user_u32(val, optval_addr))
3322                     return -TARGET_EFAULT;
3323             }
3324             break;
3325         default:
3326             ret = -TARGET_ENOPROTOOPT;
3327             break;
3328         }
3329         break;
3330     default:
3331     unimplemented:
3332         gemu_log("getsockopt level=%d optname=%d not yet supported\n",
3333                  level, optname);
3334         ret = -TARGET_EOPNOTSUPP;
3335         break;
3336     }
3337     return ret;
3338 }
3339 
3340 static struct iovec *lock_iovec(int type, abi_ulong target_addr,
3341                                 abi_ulong count, int copy)
3342 {
3343     struct target_iovec *target_vec;
3344     struct iovec *vec;
3345     abi_ulong total_len, max_len;
3346     int i;
3347     int err = 0;
3348     bool bad_address = false;
3349 
3350     if (count == 0) {
3351         errno = 0;
3352         return NULL;
3353     }
3354     if (count > IOV_MAX) {
3355         errno = EINVAL;
3356         return NULL;
3357     }
3358 
3359     vec = g_try_new0(struct iovec, count);
3360     if (vec == NULL) {
3361         errno = ENOMEM;
3362         return NULL;
3363     }
3364 
3365     target_vec = lock_user(VERIFY_READ, target_addr,
3366                            count * sizeof(struct target_iovec), 1);
3367     if (target_vec == NULL) {
3368         err = EFAULT;
3369         goto fail2;
3370     }
3371 
3372     /* ??? If host page size > target page size, this will result in a
3373        value larger than what we can actually support.  */
3374     max_len = 0x7fffffff & TARGET_PAGE_MASK;
3375     total_len = 0;
3376 
3377     for (i = 0; i < count; i++) {
3378         abi_ulong base = tswapal(target_vec[i].iov_base);
3379         abi_long len = tswapal(target_vec[i].iov_len);
3380 
3381         if (len < 0) {
3382             err = EINVAL;
3383             goto fail;
3384         } else if (len == 0) {
3385             /* Zero length pointer is ignored.  */
3386             vec[i].iov_base = 0;
3387         } else {
3388             vec[i].iov_base = lock_user(type, base, len, copy);
3389             /* If the first buffer pointer is bad, this is a fault.  But
3390              * subsequent bad buffers will result in a partial write; this
3391              * is realized by filling the vector with null pointers and
3392              * zero lengths. */
3393             if (!vec[i].iov_base) {
3394                 if (i == 0) {
3395                     err = EFAULT;
3396                     goto fail;
3397                 } else {
3398                     bad_address = true;
3399                 }
3400             }
3401             if (bad_address) {
3402                 len = 0;
3403             }
3404             if (len > max_len - total_len) {
3405                 len = max_len - total_len;
3406             }
3407         }
3408         vec[i].iov_len = len;
3409         total_len += len;
3410     }
3411 
3412     unlock_user(target_vec, target_addr, 0);
3413     return vec;
3414 
3415  fail:
3416     while (--i >= 0) {
3417         if (tswapal(target_vec[i].iov_len) > 0) {
3418             unlock_user(vec[i].iov_base, tswapal(target_vec[i].iov_base), 0);
3419         }
3420     }
3421     unlock_user(target_vec, target_addr, 0);
3422  fail2:
3423     g_free(vec);
3424     errno = err;
3425     return NULL;
3426 }
3427 
3428 static void unlock_iovec(struct iovec *vec, abi_ulong target_addr,
3429                          abi_ulong count, int copy)
3430 {
3431     struct target_iovec *target_vec;
3432     int i;
3433 
3434     target_vec = lock_user(VERIFY_READ, target_addr,
3435                            count * sizeof(struct target_iovec), 1);
3436     if (target_vec) {
3437         for (i = 0; i < count; i++) {
3438             abi_ulong base = tswapal(target_vec[i].iov_base);
3439             abi_long len = tswapal(target_vec[i].iov_len);
3440             if (len < 0) {
3441                 break;
3442             }
3443             unlock_user(vec[i].iov_base, base, copy ? vec[i].iov_len : 0);
3444         }
3445         unlock_user(target_vec, target_addr, 0);
3446     }
3447 
3448     g_free(vec);
3449 }
3450 
3451 static inline int target_to_host_sock_type(int *type)
3452 {
3453     int host_type = 0;
3454     int target_type = *type;
3455 
3456     switch (target_type & TARGET_SOCK_TYPE_MASK) {
3457     case TARGET_SOCK_DGRAM:
3458         host_type = SOCK_DGRAM;
3459         break;
3460     case TARGET_SOCK_STREAM:
3461         host_type = SOCK_STREAM;
3462         break;
3463     default:
3464         host_type = target_type & TARGET_SOCK_TYPE_MASK;
3465         break;
3466     }
3467     if (target_type & TARGET_SOCK_CLOEXEC) {
3468 #if defined(SOCK_CLOEXEC)
3469         host_type |= SOCK_CLOEXEC;
3470 #else
3471         return -TARGET_EINVAL;
3472 #endif
3473     }
3474     if (target_type & TARGET_SOCK_NONBLOCK) {
3475 #if defined(SOCK_NONBLOCK)
3476         host_type |= SOCK_NONBLOCK;
3477 #elif !defined(O_NONBLOCK)
3478         return -TARGET_EINVAL;
3479 #endif
3480     }
3481     *type = host_type;
3482     return 0;
3483 }
3484 
3485 /* Try to emulate socket type flags after socket creation.  */
3486 static int sock_flags_fixup(int fd, int target_type)
3487 {
3488 #if !defined(SOCK_NONBLOCK) && defined(O_NONBLOCK)
3489     if (target_type & TARGET_SOCK_NONBLOCK) {
3490         int flags = fcntl(fd, F_GETFL);
3491         if (fcntl(fd, F_SETFL, O_NONBLOCK | flags) == -1) {
3492             close(fd);
3493             return -TARGET_EINVAL;
3494         }
3495     }
3496 #endif
3497     return fd;
3498 }
3499 
3500 static abi_long packet_target_to_host_sockaddr(void *host_addr,
3501                                                abi_ulong target_addr,
3502                                                socklen_t len)
3503 {
3504     struct sockaddr *addr = host_addr;
3505     struct target_sockaddr *target_saddr;
3506 
3507     target_saddr = lock_user(VERIFY_READ, target_addr, len, 1);
3508     if (!target_saddr) {
3509         return -TARGET_EFAULT;
3510     }
3511 
3512     memcpy(addr, target_saddr, len);
3513     addr->sa_family = tswap16(target_saddr->sa_family);
3514     /* spkt_protocol is big-endian */
3515 
3516     unlock_user(target_saddr, target_addr, 0);
3517     return 0;
3518 }
3519 
3520 static TargetFdTrans target_packet_trans = {
3521     .target_to_host_addr = packet_target_to_host_sockaddr,
3522 };
3523 
3524 #ifdef CONFIG_RTNETLINK
3525 static abi_long netlink_route_target_to_host(void *buf, size_t len)
3526 {
3527     abi_long ret;
3528 
3529     ret = target_to_host_nlmsg_route(buf, len);
3530     if (ret < 0) {
3531         return ret;
3532     }
3533 
3534     return len;
3535 }
3536 
3537 static abi_long netlink_route_host_to_target(void *buf, size_t len)
3538 {
3539     abi_long ret;
3540 
3541     ret = host_to_target_nlmsg_route(buf, len);
3542     if (ret < 0) {
3543         return ret;
3544     }
3545 
3546     return len;
3547 }
3548 
3549 static TargetFdTrans target_netlink_route_trans = {
3550     .target_to_host_data = netlink_route_target_to_host,
3551     .host_to_target_data = netlink_route_host_to_target,
3552 };
3553 #endif /* CONFIG_RTNETLINK */
3554 
3555 static abi_long netlink_audit_target_to_host(void *buf, size_t len)
3556 {
3557     abi_long ret;
3558 
3559     ret = target_to_host_nlmsg_audit(buf, len);
3560     if (ret < 0) {
3561         return ret;
3562     }
3563 
3564     return len;
3565 }
3566 
3567 static abi_long netlink_audit_host_to_target(void *buf, size_t len)
3568 {
3569     abi_long ret;
3570 
3571     ret = host_to_target_nlmsg_audit(buf, len);
3572     if (ret < 0) {
3573         return ret;
3574     }
3575 
3576     return len;
3577 }
3578 
3579 static TargetFdTrans target_netlink_audit_trans = {
3580     .target_to_host_data = netlink_audit_target_to_host,
3581     .host_to_target_data = netlink_audit_host_to_target,
3582 };
3583 
3584 /* do_socket() Must return target values and target errnos. */
3585 static abi_long do_socket(int domain, int type, int protocol)
3586 {
3587     int target_type = type;
3588     int ret;
3589 
3590     ret = target_to_host_sock_type(&type);
3591     if (ret) {
3592         return ret;
3593     }
3594 
3595     if (domain == PF_NETLINK && !(
3596 #ifdef CONFIG_RTNETLINK
3597          protocol == NETLINK_ROUTE ||
3598 #endif
3599          protocol == NETLINK_KOBJECT_UEVENT ||
3600          protocol == NETLINK_AUDIT)) {
3601         return -EPFNOSUPPORT;
3602     }
3603 
3604     if (domain == AF_PACKET ||
3605         (domain == AF_INET && type == SOCK_PACKET)) {
3606         protocol = tswap16(protocol);
3607     }
3608 
3609     ret = get_errno(socket(domain, type, protocol));
3610     if (ret >= 0) {
3611         ret = sock_flags_fixup(ret, target_type);
3612         if (type == SOCK_PACKET) {
3613             /* Manage an obsolete case :
3614              * if socket type is SOCK_PACKET, bind by name
3615              */
3616             fd_trans_register(ret, &target_packet_trans);
3617         } else if (domain == PF_NETLINK) {
3618             switch (protocol) {
3619 #ifdef CONFIG_RTNETLINK
3620             case NETLINK_ROUTE:
3621                 fd_trans_register(ret, &target_netlink_route_trans);
3622                 break;
3623 #endif
3624             case NETLINK_KOBJECT_UEVENT:
3625                 /* nothing to do: messages are strings */
3626                 break;
3627             case NETLINK_AUDIT:
3628                 fd_trans_register(ret, &target_netlink_audit_trans);
3629                 break;
3630             default:
3631                 g_assert_not_reached();
3632             }
3633         }
3634     }
3635     return ret;
3636 }
3637 
3638 /* do_bind() Must return target values and target errnos. */
3639 static abi_long do_bind(int sockfd, abi_ulong target_addr,
3640                         socklen_t addrlen)
3641 {
3642     void *addr;
3643     abi_long ret;
3644 
3645     if ((int)addrlen < 0) {
3646         return -TARGET_EINVAL;
3647     }
3648 
3649     addr = alloca(addrlen+1);
3650 
3651     ret = target_to_host_sockaddr(sockfd, addr, target_addr, addrlen);
3652     if (ret)
3653         return ret;
3654 
3655     return get_errno(bind(sockfd, addr, addrlen));
3656 }
3657 
3658 /* do_connect() Must return target values and target errnos. */
3659 static abi_long do_connect(int sockfd, abi_ulong target_addr,
3660                            socklen_t addrlen)
3661 {
3662     void *addr;
3663     abi_long ret;
3664 
3665     if ((int)addrlen < 0) {
3666         return -TARGET_EINVAL;
3667     }
3668 
3669     addr = alloca(addrlen+1);
3670 
3671     ret = target_to_host_sockaddr(sockfd, addr, target_addr, addrlen);
3672     if (ret)
3673         return ret;
3674 
3675     return get_errno(safe_connect(sockfd, addr, addrlen));
3676 }
3677 
3678 /* do_sendrecvmsg_locked() Must return target values and target errnos. */
3679 static abi_long do_sendrecvmsg_locked(int fd, struct target_msghdr *msgp,
3680                                       int flags, int send)
3681 {
3682     abi_long ret, len;
3683     struct msghdr msg;
3684     abi_ulong count;
3685     struct iovec *vec;
3686     abi_ulong target_vec;
3687 
3688     if (msgp->msg_name) {
3689         msg.msg_namelen = tswap32(msgp->msg_namelen);
3690         msg.msg_name = alloca(msg.msg_namelen+1);
3691         ret = target_to_host_sockaddr(fd, msg.msg_name,
3692                                       tswapal(msgp->msg_name),
3693                                       msg.msg_namelen);
3694         if (ret == -TARGET_EFAULT) {
3695             /* For connected sockets msg_name and msg_namelen must
3696              * be ignored, so returning EFAULT immediately is wrong.
3697              * Instead, pass a bad msg_name to the host kernel, and
3698              * let it decide whether to return EFAULT or not.
3699              */
3700             msg.msg_name = (void *)-1;
3701         } else if (ret) {
3702             goto out2;
3703         }
3704     } else {
3705         msg.msg_name = NULL;
3706         msg.msg_namelen = 0;
3707     }
3708     msg.msg_controllen = 2 * tswapal(msgp->msg_controllen);
3709     msg.msg_control = alloca(msg.msg_controllen);
3710     msg.msg_flags = tswap32(msgp->msg_flags);
3711 
3712     count = tswapal(msgp->msg_iovlen);
3713     target_vec = tswapal(msgp->msg_iov);
3714 
3715     if (count > IOV_MAX) {
3716         /* sendrcvmsg returns a different errno for this condition than
3717          * readv/writev, so we must catch it here before lock_iovec() does.
3718          */
3719         ret = -TARGET_EMSGSIZE;
3720         goto out2;
3721     }
3722 
3723     vec = lock_iovec(send ? VERIFY_READ : VERIFY_WRITE,
3724                      target_vec, count, send);
3725     if (vec == NULL) {
3726         ret = -host_to_target_errno(errno);
3727         goto out2;
3728     }
3729     msg.msg_iovlen = count;
3730     msg.msg_iov = vec;
3731 
3732     if (send) {
3733         if (fd_trans_target_to_host_data(fd)) {
3734             void *host_msg;
3735 
3736             host_msg = g_malloc(msg.msg_iov->iov_len);
3737             memcpy(host_msg, msg.msg_iov->iov_base, msg.msg_iov->iov_len);
3738             ret = fd_trans_target_to_host_data(fd)(host_msg,
3739                                                    msg.msg_iov->iov_len);
3740             if (ret >= 0) {
3741                 msg.msg_iov->iov_base = host_msg;
3742                 ret = get_errno(safe_sendmsg(fd, &msg, flags));
3743             }
3744             g_free(host_msg);
3745         } else {
3746             ret = target_to_host_cmsg(&msg, msgp);
3747             if (ret == 0) {
3748                 ret = get_errno(safe_sendmsg(fd, &msg, flags));
3749             }
3750         }
3751     } else {
3752         ret = get_errno(safe_recvmsg(fd, &msg, flags));
3753         if (!is_error(ret)) {
3754             len = ret;
3755             if (fd_trans_host_to_target_data(fd)) {
3756                 ret = fd_trans_host_to_target_data(fd)(msg.msg_iov->iov_base,
3757                                                        len);
3758             } else {
3759                 ret = host_to_target_cmsg(msgp, &msg);
3760             }
3761             if (!is_error(ret)) {
3762                 msgp->msg_namelen = tswap32(msg.msg_namelen);
3763                 if (msg.msg_name != NULL && msg.msg_name != (void *)-1) {
3764                     ret = host_to_target_sockaddr(tswapal(msgp->msg_name),
3765                                     msg.msg_name, msg.msg_namelen);
3766                     if (ret) {
3767                         goto out;
3768                     }
3769                 }
3770 
3771                 ret = len;
3772             }
3773         }
3774     }
3775 
3776 out:
3777     unlock_iovec(vec, target_vec, count, !send);
3778 out2:
3779     return ret;
3780 }
3781 
3782 static abi_long do_sendrecvmsg(int fd, abi_ulong target_msg,
3783                                int flags, int send)
3784 {
3785     abi_long ret;
3786     struct target_msghdr *msgp;
3787 
3788     if (!lock_user_struct(send ? VERIFY_READ : VERIFY_WRITE,
3789                           msgp,
3790                           target_msg,
3791                           send ? 1 : 0)) {
3792         return -TARGET_EFAULT;
3793     }
3794     ret = do_sendrecvmsg_locked(fd, msgp, flags, send);
3795     unlock_user_struct(msgp, target_msg, send ? 0 : 1);
3796     return ret;
3797 }
3798 
3799 /* We don't rely on the C library to have sendmmsg/recvmmsg support,
3800  * so it might not have this *mmsg-specific flag either.
3801  */
3802 #ifndef MSG_WAITFORONE
3803 #define MSG_WAITFORONE 0x10000
3804 #endif
3805 
3806 static abi_long do_sendrecvmmsg(int fd, abi_ulong target_msgvec,
3807                                 unsigned int vlen, unsigned int flags,
3808                                 int send)
3809 {
3810     struct target_mmsghdr *mmsgp;
3811     abi_long ret = 0;
3812     int i;
3813 
3814     if (vlen > UIO_MAXIOV) {
3815         vlen = UIO_MAXIOV;
3816     }
3817 
3818     mmsgp = lock_user(VERIFY_WRITE, target_msgvec, sizeof(*mmsgp) * vlen, 1);
3819     if (!mmsgp) {
3820         return -TARGET_EFAULT;
3821     }
3822 
3823     for (i = 0; i < vlen; i++) {
3824         ret = do_sendrecvmsg_locked(fd, &mmsgp[i].msg_hdr, flags, send);
3825         if (is_error(ret)) {
3826             break;
3827         }
3828         mmsgp[i].msg_len = tswap32(ret);
3829         /* MSG_WAITFORONE turns on MSG_DONTWAIT after one packet */
3830         if (flags & MSG_WAITFORONE) {
3831             flags |= MSG_DONTWAIT;
3832         }
3833     }
3834 
3835     unlock_user(mmsgp, target_msgvec, sizeof(*mmsgp) * i);
3836 
3837     /* Return number of datagrams sent if we sent any at all;
3838      * otherwise return the error.
3839      */
3840     if (i) {
3841         return i;
3842     }
3843     return ret;
3844 }
3845 
3846 /* do_accept4() Must return target values and target errnos. */
3847 static abi_long do_accept4(int fd, abi_ulong target_addr,
3848                            abi_ulong target_addrlen_addr, int flags)
3849 {
3850     socklen_t addrlen;
3851     void *addr;
3852     abi_long ret;
3853     int host_flags;
3854 
3855     host_flags = target_to_host_bitmask(flags, fcntl_flags_tbl);
3856 
3857     if (target_addr == 0) {
3858         return get_errno(safe_accept4(fd, NULL, NULL, host_flags));
3859     }
3860 
3861     /* linux returns EINVAL if addrlen pointer is invalid */
3862     if (get_user_u32(addrlen, target_addrlen_addr))
3863         return -TARGET_EINVAL;
3864 
3865     if ((int)addrlen < 0) {
3866         return -TARGET_EINVAL;
3867     }
3868 
3869     if (!access_ok(VERIFY_WRITE, target_addr, addrlen))
3870         return -TARGET_EINVAL;
3871 
3872     addr = alloca(addrlen);
3873 
3874     ret = get_errno(safe_accept4(fd, addr, &addrlen, host_flags));
3875     if (!is_error(ret)) {
3876         host_to_target_sockaddr(target_addr, addr, addrlen);
3877         if (put_user_u32(addrlen, target_addrlen_addr))
3878             ret = -TARGET_EFAULT;
3879     }
3880     return ret;
3881 }
3882 
3883 /* do_getpeername() Must return target values and target errnos. */
3884 static abi_long do_getpeername(int fd, abi_ulong target_addr,
3885                                abi_ulong target_addrlen_addr)
3886 {
3887     socklen_t addrlen;
3888     void *addr;
3889     abi_long ret;
3890 
3891     if (get_user_u32(addrlen, target_addrlen_addr))
3892         return -TARGET_EFAULT;
3893 
3894     if ((int)addrlen < 0) {
3895         return -TARGET_EINVAL;
3896     }
3897 
3898     if (!access_ok(VERIFY_WRITE, target_addr, addrlen))
3899         return -TARGET_EFAULT;
3900 
3901     addr = alloca(addrlen);
3902 
3903     ret = get_errno(getpeername(fd, addr, &addrlen));
3904     if (!is_error(ret)) {
3905         host_to_target_sockaddr(target_addr, addr, addrlen);
3906         if (put_user_u32(addrlen, target_addrlen_addr))
3907             ret = -TARGET_EFAULT;
3908     }
3909     return ret;
3910 }
3911 
3912 /* do_getsockname() Must return target values and target errnos. */
3913 static abi_long do_getsockname(int fd, abi_ulong target_addr,
3914                                abi_ulong target_addrlen_addr)
3915 {
3916     socklen_t addrlen;
3917     void *addr;
3918     abi_long ret;
3919 
3920     if (get_user_u32(addrlen, target_addrlen_addr))
3921         return -TARGET_EFAULT;
3922 
3923     if ((int)addrlen < 0) {
3924         return -TARGET_EINVAL;
3925     }
3926 
3927     if (!access_ok(VERIFY_WRITE, target_addr, addrlen))
3928         return -TARGET_EFAULT;
3929 
3930     addr = alloca(addrlen);
3931 
3932     ret = get_errno(getsockname(fd, addr, &addrlen));
3933     if (!is_error(ret)) {
3934         host_to_target_sockaddr(target_addr, addr, addrlen);
3935         if (put_user_u32(addrlen, target_addrlen_addr))
3936             ret = -TARGET_EFAULT;
3937     }
3938     return ret;
3939 }
3940 
3941 /* do_socketpair() Must return target values and target errnos. */
3942 static abi_long do_socketpair(int domain, int type, int protocol,
3943                               abi_ulong target_tab_addr)
3944 {
3945     int tab[2];
3946     abi_long ret;
3947 
3948     target_to_host_sock_type(&type);
3949 
3950     ret = get_errno(socketpair(domain, type, protocol, tab));
3951     if (!is_error(ret)) {
3952         if (put_user_s32(tab[0], target_tab_addr)
3953             || put_user_s32(tab[1], target_tab_addr + sizeof(tab[0])))
3954             ret = -TARGET_EFAULT;
3955     }
3956     return ret;
3957 }
3958 
3959 /* do_sendto() Must return target values and target errnos. */
3960 static abi_long do_sendto(int fd, abi_ulong msg, size_t len, int flags,
3961                           abi_ulong target_addr, socklen_t addrlen)
3962 {
3963     void *addr;
3964     void *host_msg;
3965     void *copy_msg = NULL;
3966     abi_long ret;
3967 
3968     if ((int)addrlen < 0) {
3969         return -TARGET_EINVAL;
3970     }
3971 
3972     host_msg = lock_user(VERIFY_READ, msg, len, 1);
3973     if (!host_msg)
3974         return -TARGET_EFAULT;
3975     if (fd_trans_target_to_host_data(fd)) {
3976         copy_msg = host_msg;
3977         host_msg = g_malloc(len);
3978         memcpy(host_msg, copy_msg, len);
3979         ret = fd_trans_target_to_host_data(fd)(host_msg, len);
3980         if (ret < 0) {
3981             goto fail;
3982         }
3983     }
3984     if (target_addr) {
3985         addr = alloca(addrlen+1);
3986         ret = target_to_host_sockaddr(fd, addr, target_addr, addrlen);
3987         if (ret) {
3988             goto fail;
3989         }
3990         ret = get_errno(safe_sendto(fd, host_msg, len, flags, addr, addrlen));
3991     } else {
3992         ret = get_errno(safe_sendto(fd, host_msg, len, flags, NULL, 0));
3993     }
3994 fail:
3995     if (copy_msg) {
3996         g_free(host_msg);
3997         host_msg = copy_msg;
3998     }
3999     unlock_user(host_msg, msg, 0);
4000     return ret;
4001 }
4002 
4003 /* do_recvfrom() Must return target values and target errnos. */
4004 static abi_long do_recvfrom(int fd, abi_ulong msg, size_t len, int flags,
4005                             abi_ulong target_addr,
4006                             abi_ulong target_addrlen)
4007 {
4008     socklen_t addrlen;
4009     void *addr;
4010     void *host_msg;
4011     abi_long ret;
4012 
4013     host_msg = lock_user(VERIFY_WRITE, msg, len, 0);
4014     if (!host_msg)
4015         return -TARGET_EFAULT;
4016     if (target_addr) {
4017         if (get_user_u32(addrlen, target_addrlen)) {
4018             ret = -TARGET_EFAULT;
4019             goto fail;
4020         }
4021         if ((int)addrlen < 0) {
4022             ret = -TARGET_EINVAL;
4023             goto fail;
4024         }
4025         addr = alloca(addrlen);
4026         ret = get_errno(safe_recvfrom(fd, host_msg, len, flags,
4027                                       addr, &addrlen));
4028     } else {
4029         addr = NULL; /* To keep compiler quiet.  */
4030         ret = get_errno(safe_recvfrom(fd, host_msg, len, flags, NULL, 0));
4031     }
4032     if (!is_error(ret)) {
4033         if (fd_trans_host_to_target_data(fd)) {
4034             ret = fd_trans_host_to_target_data(fd)(host_msg, ret);
4035         }
4036         if (target_addr) {
4037             host_to_target_sockaddr(target_addr, addr, addrlen);
4038             if (put_user_u32(addrlen, target_addrlen)) {
4039                 ret = -TARGET_EFAULT;
4040                 goto fail;
4041             }
4042         }
4043         unlock_user(host_msg, msg, len);
4044     } else {
4045 fail:
4046         unlock_user(host_msg, msg, 0);
4047     }
4048     return ret;
4049 }
4050 
4051 #ifdef TARGET_NR_socketcall
4052 /* do_socketcall() must return target values and target errnos. */
4053 static abi_long do_socketcall(int num, abi_ulong vptr)
4054 {
4055     static const unsigned nargs[] = { /* number of arguments per operation */
4056         [TARGET_SYS_SOCKET] = 3,      /* domain, type, protocol */
4057         [TARGET_SYS_BIND] = 3,        /* fd, addr, addrlen */
4058         [TARGET_SYS_CONNECT] = 3,     /* fd, addr, addrlen */
4059         [TARGET_SYS_LISTEN] = 2,      /* fd, backlog */
4060         [TARGET_SYS_ACCEPT] = 3,      /* fd, addr, addrlen */
4061         [TARGET_SYS_GETSOCKNAME] = 3, /* fd, addr, addrlen */
4062         [TARGET_SYS_GETPEERNAME] = 3, /* fd, addr, addrlen */
4063         [TARGET_SYS_SOCKETPAIR] = 4,  /* domain, type, protocol, tab */
4064         [TARGET_SYS_SEND] = 4,        /* fd, msg, len, flags */
4065         [TARGET_SYS_RECV] = 4,        /* fd, msg, len, flags */
4066         [TARGET_SYS_SENDTO] = 6,      /* fd, msg, len, flags, addr, addrlen */
4067         [TARGET_SYS_RECVFROM] = 6,    /* fd, msg, len, flags, addr, addrlen */
4068         [TARGET_SYS_SHUTDOWN] = 2,    /* fd, how */
4069         [TARGET_SYS_SETSOCKOPT] = 5,  /* fd, level, optname, optval, optlen */
4070         [TARGET_SYS_GETSOCKOPT] = 5,  /* fd, level, optname, optval, optlen */
4071         [TARGET_SYS_SENDMSG] = 3,     /* fd, msg, flags */
4072         [TARGET_SYS_RECVMSG] = 3,     /* fd, msg, flags */
4073         [TARGET_SYS_ACCEPT4] = 4,     /* fd, addr, addrlen, flags */
4074         [TARGET_SYS_RECVMMSG] = 4,    /* fd, msgvec, vlen, flags */
4075         [TARGET_SYS_SENDMMSG] = 4,    /* fd, msgvec, vlen, flags */
4076     };
4077     abi_long a[6]; /* max 6 args */
4078     unsigned i;
4079 
4080     /* check the range of the first argument num */
4081     /* (TARGET_SYS_SENDMMSG is the highest among TARGET_SYS_xxx) */
4082     if (num < 1 || num > TARGET_SYS_SENDMMSG) {
4083         return -TARGET_EINVAL;
4084     }
4085     /* ensure we have space for args */
4086     if (nargs[num] > ARRAY_SIZE(a)) {
4087         return -TARGET_EINVAL;
4088     }
4089     /* collect the arguments in a[] according to nargs[] */
4090     for (i = 0; i < nargs[num]; ++i) {
4091         if (get_user_ual(a[i], vptr + i * sizeof(abi_long)) != 0) {
4092             return -TARGET_EFAULT;
4093         }
4094     }
4095     /* now when we have the args, invoke the appropriate underlying function */
4096     switch (num) {
4097     case TARGET_SYS_SOCKET: /* domain, type, protocol */
4098         return do_socket(a[0], a[1], a[2]);
4099     case TARGET_SYS_BIND: /* sockfd, addr, addrlen */
4100         return do_bind(a[0], a[1], a[2]);
4101     case TARGET_SYS_CONNECT: /* sockfd, addr, addrlen */
4102         return do_connect(a[0], a[1], a[2]);
4103     case TARGET_SYS_LISTEN: /* sockfd, backlog */
4104         return get_errno(listen(a[0], a[1]));
4105     case TARGET_SYS_ACCEPT: /* sockfd, addr, addrlen */
4106         return do_accept4(a[0], a[1], a[2], 0);
4107     case TARGET_SYS_GETSOCKNAME: /* sockfd, addr, addrlen */
4108         return do_getsockname(a[0], a[1], a[2]);
4109     case TARGET_SYS_GETPEERNAME: /* sockfd, addr, addrlen */
4110         return do_getpeername(a[0], a[1], a[2]);
4111     case TARGET_SYS_SOCKETPAIR: /* domain, type, protocol, tab */
4112         return do_socketpair(a[0], a[1], a[2], a[3]);
4113     case TARGET_SYS_SEND: /* sockfd, msg, len, flags */
4114         return do_sendto(a[0], a[1], a[2], a[3], 0, 0);
4115     case TARGET_SYS_RECV: /* sockfd, msg, len, flags */
4116         return do_recvfrom(a[0], a[1], a[2], a[3], 0, 0);
4117     case TARGET_SYS_SENDTO: /* sockfd, msg, len, flags, addr, addrlen */
4118         return do_sendto(a[0], a[1], a[2], a[3], a[4], a[5]);
4119     case TARGET_SYS_RECVFROM: /* sockfd, msg, len, flags, addr, addrlen */
4120         return do_recvfrom(a[0], a[1], a[2], a[3], a[4], a[5]);
4121     case TARGET_SYS_SHUTDOWN: /* sockfd, how */
4122         return get_errno(shutdown(a[0], a[1]));
4123     case TARGET_SYS_SETSOCKOPT: /* sockfd, level, optname, optval, optlen */
4124         return do_setsockopt(a[0], a[1], a[2], a[3], a[4]);
4125     case TARGET_SYS_GETSOCKOPT: /* sockfd, level, optname, optval, optlen */
4126         return do_getsockopt(a[0], a[1], a[2], a[3], a[4]);
4127     case TARGET_SYS_SENDMSG: /* sockfd, msg, flags */
4128         return do_sendrecvmsg(a[0], a[1], a[2], 1);
4129     case TARGET_SYS_RECVMSG: /* sockfd, msg, flags */
4130         return do_sendrecvmsg(a[0], a[1], a[2], 0);
4131     case TARGET_SYS_ACCEPT4: /* sockfd, addr, addrlen, flags */
4132         return do_accept4(a[0], a[1], a[2], a[3]);
4133     case TARGET_SYS_RECVMMSG: /* sockfd, msgvec, vlen, flags */
4134         return do_sendrecvmmsg(a[0], a[1], a[2], a[3], 0);
4135     case TARGET_SYS_SENDMMSG: /* sockfd, msgvec, vlen, flags */
4136         return do_sendrecvmmsg(a[0], a[1], a[2], a[3], 1);
4137     default:
4138         gemu_log("Unsupported socketcall: %d\n", num);
4139         return -TARGET_EINVAL;
4140     }
4141 }
4142 #endif
4143 
4144 #define N_SHM_REGIONS	32
4145 
4146 static struct shm_region {
4147     abi_ulong start;
4148     abi_ulong size;
4149     bool in_use;
4150 } shm_regions[N_SHM_REGIONS];
4151 
4152 #ifndef TARGET_SEMID64_DS
4153 /* asm-generic version of this struct */
4154 struct target_semid64_ds
4155 {
4156   struct target_ipc_perm sem_perm;
4157   abi_ulong sem_otime;
4158 #if TARGET_ABI_BITS == 32
4159   abi_ulong __unused1;
4160 #endif
4161   abi_ulong sem_ctime;
4162 #if TARGET_ABI_BITS == 32
4163   abi_ulong __unused2;
4164 #endif
4165   abi_ulong sem_nsems;
4166   abi_ulong __unused3;
4167   abi_ulong __unused4;
4168 };
4169 #endif
4170 
4171 static inline abi_long target_to_host_ipc_perm(struct ipc_perm *host_ip,
4172                                                abi_ulong target_addr)
4173 {
4174     struct target_ipc_perm *target_ip;
4175     struct target_semid64_ds *target_sd;
4176 
4177     if (!lock_user_struct(VERIFY_READ, target_sd, target_addr, 1))
4178         return -TARGET_EFAULT;
4179     target_ip = &(target_sd->sem_perm);
4180     host_ip->__key = tswap32(target_ip->__key);
4181     host_ip->uid = tswap32(target_ip->uid);
4182     host_ip->gid = tswap32(target_ip->gid);
4183     host_ip->cuid = tswap32(target_ip->cuid);
4184     host_ip->cgid = tswap32(target_ip->cgid);
4185 #if defined(TARGET_ALPHA) || defined(TARGET_MIPS) || defined(TARGET_PPC)
4186     host_ip->mode = tswap32(target_ip->mode);
4187 #else
4188     host_ip->mode = tswap16(target_ip->mode);
4189 #endif
4190 #if defined(TARGET_PPC)
4191     host_ip->__seq = tswap32(target_ip->__seq);
4192 #else
4193     host_ip->__seq = tswap16(target_ip->__seq);
4194 #endif
4195     unlock_user_struct(target_sd, target_addr, 0);
4196     return 0;
4197 }
4198 
4199 static inline abi_long host_to_target_ipc_perm(abi_ulong target_addr,
4200                                                struct ipc_perm *host_ip)
4201 {
4202     struct target_ipc_perm *target_ip;
4203     struct target_semid64_ds *target_sd;
4204 
4205     if (!lock_user_struct(VERIFY_WRITE, target_sd, target_addr, 0))
4206         return -TARGET_EFAULT;
4207     target_ip = &(target_sd->sem_perm);
4208     target_ip->__key = tswap32(host_ip->__key);
4209     target_ip->uid = tswap32(host_ip->uid);
4210     target_ip->gid = tswap32(host_ip->gid);
4211     target_ip->cuid = tswap32(host_ip->cuid);
4212     target_ip->cgid = tswap32(host_ip->cgid);
4213 #if defined(TARGET_ALPHA) || defined(TARGET_MIPS) || defined(TARGET_PPC)
4214     target_ip->mode = tswap32(host_ip->mode);
4215 #else
4216     target_ip->mode = tswap16(host_ip->mode);
4217 #endif
4218 #if defined(TARGET_PPC)
4219     target_ip->__seq = tswap32(host_ip->__seq);
4220 #else
4221     target_ip->__seq = tswap16(host_ip->__seq);
4222 #endif
4223     unlock_user_struct(target_sd, target_addr, 1);
4224     return 0;
4225 }
4226 
4227 static inline abi_long target_to_host_semid_ds(struct semid_ds *host_sd,
4228                                                abi_ulong target_addr)
4229 {
4230     struct target_semid64_ds *target_sd;
4231 
4232     if (!lock_user_struct(VERIFY_READ, target_sd, target_addr, 1))
4233         return -TARGET_EFAULT;
4234     if (target_to_host_ipc_perm(&(host_sd->sem_perm),target_addr))
4235         return -TARGET_EFAULT;
4236     host_sd->sem_nsems = tswapal(target_sd->sem_nsems);
4237     host_sd->sem_otime = tswapal(target_sd->sem_otime);
4238     host_sd->sem_ctime = tswapal(target_sd->sem_ctime);
4239     unlock_user_struct(target_sd, target_addr, 0);
4240     return 0;
4241 }
4242 
4243 static inline abi_long host_to_target_semid_ds(abi_ulong target_addr,
4244                                                struct semid_ds *host_sd)
4245 {
4246     struct target_semid64_ds *target_sd;
4247 
4248     if (!lock_user_struct(VERIFY_WRITE, target_sd, target_addr, 0))
4249         return -TARGET_EFAULT;
4250     if (host_to_target_ipc_perm(target_addr,&(host_sd->sem_perm)))
4251         return -TARGET_EFAULT;
4252     target_sd->sem_nsems = tswapal(host_sd->sem_nsems);
4253     target_sd->sem_otime = tswapal(host_sd->sem_otime);
4254     target_sd->sem_ctime = tswapal(host_sd->sem_ctime);
4255     unlock_user_struct(target_sd, target_addr, 1);
4256     return 0;
4257 }
4258 
4259 struct target_seminfo {
4260     int semmap;
4261     int semmni;
4262     int semmns;
4263     int semmnu;
4264     int semmsl;
4265     int semopm;
4266     int semume;
4267     int semusz;
4268     int semvmx;
4269     int semaem;
4270 };
4271 
4272 static inline abi_long host_to_target_seminfo(abi_ulong target_addr,
4273                                               struct seminfo *host_seminfo)
4274 {
4275     struct target_seminfo *target_seminfo;
4276     if (!lock_user_struct(VERIFY_WRITE, target_seminfo, target_addr, 0))
4277         return -TARGET_EFAULT;
4278     __put_user(host_seminfo->semmap, &target_seminfo->semmap);
4279     __put_user(host_seminfo->semmni, &target_seminfo->semmni);
4280     __put_user(host_seminfo->semmns, &target_seminfo->semmns);
4281     __put_user(host_seminfo->semmnu, &target_seminfo->semmnu);
4282     __put_user(host_seminfo->semmsl, &target_seminfo->semmsl);
4283     __put_user(host_seminfo->semopm, &target_seminfo->semopm);
4284     __put_user(host_seminfo->semume, &target_seminfo->semume);
4285     __put_user(host_seminfo->semusz, &target_seminfo->semusz);
4286     __put_user(host_seminfo->semvmx, &target_seminfo->semvmx);
4287     __put_user(host_seminfo->semaem, &target_seminfo->semaem);
4288     unlock_user_struct(target_seminfo, target_addr, 1);
4289     return 0;
4290 }
4291 
4292 union semun {
4293 	int val;
4294 	struct semid_ds *buf;
4295 	unsigned short *array;
4296 	struct seminfo *__buf;
4297 };
4298 
4299 union target_semun {
4300 	int val;
4301 	abi_ulong buf;
4302 	abi_ulong array;
4303 	abi_ulong __buf;
4304 };
4305 
4306 static inline abi_long target_to_host_semarray(int semid, unsigned short **host_array,
4307                                                abi_ulong target_addr)
4308 {
4309     int nsems;
4310     unsigned short *array;
4311     union semun semun;
4312     struct semid_ds semid_ds;
4313     int i, ret;
4314 
4315     semun.buf = &semid_ds;
4316 
4317     ret = semctl(semid, 0, IPC_STAT, semun);
4318     if (ret == -1)
4319         return get_errno(ret);
4320 
4321     nsems = semid_ds.sem_nsems;
4322 
4323     *host_array = g_try_new(unsigned short, nsems);
4324     if (!*host_array) {
4325         return -TARGET_ENOMEM;
4326     }
4327     array = lock_user(VERIFY_READ, target_addr,
4328                       nsems*sizeof(unsigned short), 1);
4329     if (!array) {
4330         g_free(*host_array);
4331         return -TARGET_EFAULT;
4332     }
4333 
4334     for(i=0; i<nsems; i++) {
4335         __get_user((*host_array)[i], &array[i]);
4336     }
4337     unlock_user(array, target_addr, 0);
4338 
4339     return 0;
4340 }
4341 
4342 static inline abi_long host_to_target_semarray(int semid, abi_ulong target_addr,
4343                                                unsigned short **host_array)
4344 {
4345     int nsems;
4346     unsigned short *array;
4347     union semun semun;
4348     struct semid_ds semid_ds;
4349     int i, ret;
4350 
4351     semun.buf = &semid_ds;
4352 
4353     ret = semctl(semid, 0, IPC_STAT, semun);
4354     if (ret == -1)
4355         return get_errno(ret);
4356 
4357     nsems = semid_ds.sem_nsems;
4358 
4359     array = lock_user(VERIFY_WRITE, target_addr,
4360                       nsems*sizeof(unsigned short), 0);
4361     if (!array)
4362         return -TARGET_EFAULT;
4363 
4364     for(i=0; i<nsems; i++) {
4365         __put_user((*host_array)[i], &array[i]);
4366     }
4367     g_free(*host_array);
4368     unlock_user(array, target_addr, 1);
4369 
4370     return 0;
4371 }
4372 
4373 static inline abi_long do_semctl(int semid, int semnum, int cmd,
4374                                  abi_ulong target_arg)
4375 {
4376     union target_semun target_su = { .buf = target_arg };
4377     union semun arg;
4378     struct semid_ds dsarg;
4379     unsigned short *array = NULL;
4380     struct seminfo seminfo;
4381     abi_long ret = -TARGET_EINVAL;
4382     abi_long err;
4383     cmd &= 0xff;
4384 
4385     switch( cmd ) {
4386 	case GETVAL:
4387 	case SETVAL:
4388             /* In 64 bit cross-endian situations, we will erroneously pick up
4389              * the wrong half of the union for the "val" element.  To rectify
4390              * this, the entire 8-byte structure is byteswapped, followed by
4391 	     * a swap of the 4 byte val field. In other cases, the data is
4392 	     * already in proper host byte order. */
4393 	    if (sizeof(target_su.val) != (sizeof(target_su.buf))) {
4394 		target_su.buf = tswapal(target_su.buf);
4395 		arg.val = tswap32(target_su.val);
4396 	    } else {
4397 		arg.val = target_su.val;
4398 	    }
4399             ret = get_errno(semctl(semid, semnum, cmd, arg));
4400             break;
4401 	case GETALL:
4402 	case SETALL:
4403             err = target_to_host_semarray(semid, &array, target_su.array);
4404             if (err)
4405                 return err;
4406             arg.array = array;
4407             ret = get_errno(semctl(semid, semnum, cmd, arg));
4408             err = host_to_target_semarray(semid, target_su.array, &array);
4409             if (err)
4410                 return err;
4411             break;
4412 	case IPC_STAT:
4413 	case IPC_SET:
4414 	case SEM_STAT:
4415             err = target_to_host_semid_ds(&dsarg, target_su.buf);
4416             if (err)
4417                 return err;
4418             arg.buf = &dsarg;
4419             ret = get_errno(semctl(semid, semnum, cmd, arg));
4420             err = host_to_target_semid_ds(target_su.buf, &dsarg);
4421             if (err)
4422                 return err;
4423             break;
4424 	case IPC_INFO:
4425 	case SEM_INFO:
4426             arg.__buf = &seminfo;
4427             ret = get_errno(semctl(semid, semnum, cmd, arg));
4428             err = host_to_target_seminfo(target_su.__buf, &seminfo);
4429             if (err)
4430                 return err;
4431             break;
4432 	case IPC_RMID:
4433 	case GETPID:
4434 	case GETNCNT:
4435 	case GETZCNT:
4436             ret = get_errno(semctl(semid, semnum, cmd, NULL));
4437             break;
4438     }
4439 
4440     return ret;
4441 }
4442 
4443 struct target_sembuf {
4444     unsigned short sem_num;
4445     short sem_op;
4446     short sem_flg;
4447 };
4448 
4449 static inline abi_long target_to_host_sembuf(struct sembuf *host_sembuf,
4450                                              abi_ulong target_addr,
4451                                              unsigned nsops)
4452 {
4453     struct target_sembuf *target_sembuf;
4454     int i;
4455 
4456     target_sembuf = lock_user(VERIFY_READ, target_addr,
4457                               nsops*sizeof(struct target_sembuf), 1);
4458     if (!target_sembuf)
4459         return -TARGET_EFAULT;
4460 
4461     for(i=0; i<nsops; i++) {
4462         __get_user(host_sembuf[i].sem_num, &target_sembuf[i].sem_num);
4463         __get_user(host_sembuf[i].sem_op, &target_sembuf[i].sem_op);
4464         __get_user(host_sembuf[i].sem_flg, &target_sembuf[i].sem_flg);
4465     }
4466 
4467     unlock_user(target_sembuf, target_addr, 0);
4468 
4469     return 0;
4470 }
4471 
4472 static inline abi_long do_semop(int semid, abi_long ptr, unsigned nsops)
4473 {
4474     struct sembuf sops[nsops];
4475 
4476     if (target_to_host_sembuf(sops, ptr, nsops))
4477         return -TARGET_EFAULT;
4478 
4479     return get_errno(safe_semtimedop(semid, sops, nsops, NULL));
4480 }
4481 
4482 struct target_msqid_ds
4483 {
4484     struct target_ipc_perm msg_perm;
4485     abi_ulong msg_stime;
4486 #if TARGET_ABI_BITS == 32
4487     abi_ulong __unused1;
4488 #endif
4489     abi_ulong msg_rtime;
4490 #if TARGET_ABI_BITS == 32
4491     abi_ulong __unused2;
4492 #endif
4493     abi_ulong msg_ctime;
4494 #if TARGET_ABI_BITS == 32
4495     abi_ulong __unused3;
4496 #endif
4497     abi_ulong __msg_cbytes;
4498     abi_ulong msg_qnum;
4499     abi_ulong msg_qbytes;
4500     abi_ulong msg_lspid;
4501     abi_ulong msg_lrpid;
4502     abi_ulong __unused4;
4503     abi_ulong __unused5;
4504 };
4505 
4506 static inline abi_long target_to_host_msqid_ds(struct msqid_ds *host_md,
4507                                                abi_ulong target_addr)
4508 {
4509     struct target_msqid_ds *target_md;
4510 
4511     if (!lock_user_struct(VERIFY_READ, target_md, target_addr, 1))
4512         return -TARGET_EFAULT;
4513     if (target_to_host_ipc_perm(&(host_md->msg_perm),target_addr))
4514         return -TARGET_EFAULT;
4515     host_md->msg_stime = tswapal(target_md->msg_stime);
4516     host_md->msg_rtime = tswapal(target_md->msg_rtime);
4517     host_md->msg_ctime = tswapal(target_md->msg_ctime);
4518     host_md->__msg_cbytes = tswapal(target_md->__msg_cbytes);
4519     host_md->msg_qnum = tswapal(target_md->msg_qnum);
4520     host_md->msg_qbytes = tswapal(target_md->msg_qbytes);
4521     host_md->msg_lspid = tswapal(target_md->msg_lspid);
4522     host_md->msg_lrpid = tswapal(target_md->msg_lrpid);
4523     unlock_user_struct(target_md, target_addr, 0);
4524     return 0;
4525 }
4526 
4527 static inline abi_long host_to_target_msqid_ds(abi_ulong target_addr,
4528                                                struct msqid_ds *host_md)
4529 {
4530     struct target_msqid_ds *target_md;
4531 
4532     if (!lock_user_struct(VERIFY_WRITE, target_md, target_addr, 0))
4533         return -TARGET_EFAULT;
4534     if (host_to_target_ipc_perm(target_addr,&(host_md->msg_perm)))
4535         return -TARGET_EFAULT;
4536     target_md->msg_stime = tswapal(host_md->msg_stime);
4537     target_md->msg_rtime = tswapal(host_md->msg_rtime);
4538     target_md->msg_ctime = tswapal(host_md->msg_ctime);
4539     target_md->__msg_cbytes = tswapal(host_md->__msg_cbytes);
4540     target_md->msg_qnum = tswapal(host_md->msg_qnum);
4541     target_md->msg_qbytes = tswapal(host_md->msg_qbytes);
4542     target_md->msg_lspid = tswapal(host_md->msg_lspid);
4543     target_md->msg_lrpid = tswapal(host_md->msg_lrpid);
4544     unlock_user_struct(target_md, target_addr, 1);
4545     return 0;
4546 }
4547 
4548 struct target_msginfo {
4549     int msgpool;
4550     int msgmap;
4551     int msgmax;
4552     int msgmnb;
4553     int msgmni;
4554     int msgssz;
4555     int msgtql;
4556     unsigned short int msgseg;
4557 };
4558 
4559 static inline abi_long host_to_target_msginfo(abi_ulong target_addr,
4560                                               struct msginfo *host_msginfo)
4561 {
4562     struct target_msginfo *target_msginfo;
4563     if (!lock_user_struct(VERIFY_WRITE, target_msginfo, target_addr, 0))
4564         return -TARGET_EFAULT;
4565     __put_user(host_msginfo->msgpool, &target_msginfo->msgpool);
4566     __put_user(host_msginfo->msgmap, &target_msginfo->msgmap);
4567     __put_user(host_msginfo->msgmax, &target_msginfo->msgmax);
4568     __put_user(host_msginfo->msgmnb, &target_msginfo->msgmnb);
4569     __put_user(host_msginfo->msgmni, &target_msginfo->msgmni);
4570     __put_user(host_msginfo->msgssz, &target_msginfo->msgssz);
4571     __put_user(host_msginfo->msgtql, &target_msginfo->msgtql);
4572     __put_user(host_msginfo->msgseg, &target_msginfo->msgseg);
4573     unlock_user_struct(target_msginfo, target_addr, 1);
4574     return 0;
4575 }
4576 
4577 static inline abi_long do_msgctl(int msgid, int cmd, abi_long ptr)
4578 {
4579     struct msqid_ds dsarg;
4580     struct msginfo msginfo;
4581     abi_long ret = -TARGET_EINVAL;
4582 
4583     cmd &= 0xff;
4584 
4585     switch (cmd) {
4586     case IPC_STAT:
4587     case IPC_SET:
4588     case MSG_STAT:
4589         if (target_to_host_msqid_ds(&dsarg,ptr))
4590             return -TARGET_EFAULT;
4591         ret = get_errno(msgctl(msgid, cmd, &dsarg));
4592         if (host_to_target_msqid_ds(ptr,&dsarg))
4593             return -TARGET_EFAULT;
4594         break;
4595     case IPC_RMID:
4596         ret = get_errno(msgctl(msgid, cmd, NULL));
4597         break;
4598     case IPC_INFO:
4599     case MSG_INFO:
4600         ret = get_errno(msgctl(msgid, cmd, (struct msqid_ds *)&msginfo));
4601         if (host_to_target_msginfo(ptr, &msginfo))
4602             return -TARGET_EFAULT;
4603         break;
4604     }
4605 
4606     return ret;
4607 }
4608 
4609 struct target_msgbuf {
4610     abi_long mtype;
4611     char	mtext[1];
4612 };
4613 
4614 static inline abi_long do_msgsnd(int msqid, abi_long msgp,
4615                                  ssize_t msgsz, int msgflg)
4616 {
4617     struct target_msgbuf *target_mb;
4618     struct msgbuf *host_mb;
4619     abi_long ret = 0;
4620 
4621     if (msgsz < 0) {
4622         return -TARGET_EINVAL;
4623     }
4624 
4625     if (!lock_user_struct(VERIFY_READ, target_mb, msgp, 0))
4626         return -TARGET_EFAULT;
4627     host_mb = g_try_malloc(msgsz + sizeof(long));
4628     if (!host_mb) {
4629         unlock_user_struct(target_mb, msgp, 0);
4630         return -TARGET_ENOMEM;
4631     }
4632     host_mb->mtype = (abi_long) tswapal(target_mb->mtype);
4633     memcpy(host_mb->mtext, target_mb->mtext, msgsz);
4634     ret = get_errno(safe_msgsnd(msqid, host_mb, msgsz, msgflg));
4635     g_free(host_mb);
4636     unlock_user_struct(target_mb, msgp, 0);
4637 
4638     return ret;
4639 }
4640 
4641 static inline abi_long do_msgrcv(int msqid, abi_long msgp,
4642                                  ssize_t msgsz, abi_long msgtyp,
4643                                  int msgflg)
4644 {
4645     struct target_msgbuf *target_mb;
4646     char *target_mtext;
4647     struct msgbuf *host_mb;
4648     abi_long ret = 0;
4649 
4650     if (msgsz < 0) {
4651         return -TARGET_EINVAL;
4652     }
4653 
4654     if (!lock_user_struct(VERIFY_WRITE, target_mb, msgp, 0))
4655         return -TARGET_EFAULT;
4656 
4657     host_mb = g_try_malloc(msgsz + sizeof(long));
4658     if (!host_mb) {
4659         ret = -TARGET_ENOMEM;
4660         goto end;
4661     }
4662     ret = get_errno(safe_msgrcv(msqid, host_mb, msgsz, msgtyp, msgflg));
4663 
4664     if (ret > 0) {
4665         abi_ulong target_mtext_addr = msgp + sizeof(abi_ulong);
4666         target_mtext = lock_user(VERIFY_WRITE, target_mtext_addr, ret, 0);
4667         if (!target_mtext) {
4668             ret = -TARGET_EFAULT;
4669             goto end;
4670         }
4671         memcpy(target_mb->mtext, host_mb->mtext, ret);
4672         unlock_user(target_mtext, target_mtext_addr, ret);
4673     }
4674 
4675     target_mb->mtype = tswapal(host_mb->mtype);
4676 
4677 end:
4678     if (target_mb)
4679         unlock_user_struct(target_mb, msgp, 1);
4680     g_free(host_mb);
4681     return ret;
4682 }
4683 
4684 static inline abi_long target_to_host_shmid_ds(struct shmid_ds *host_sd,
4685                                                abi_ulong target_addr)
4686 {
4687     struct target_shmid_ds *target_sd;
4688 
4689     if (!lock_user_struct(VERIFY_READ, target_sd, target_addr, 1))
4690         return -TARGET_EFAULT;
4691     if (target_to_host_ipc_perm(&(host_sd->shm_perm), target_addr))
4692         return -TARGET_EFAULT;
4693     __get_user(host_sd->shm_segsz, &target_sd->shm_segsz);
4694     __get_user(host_sd->shm_atime, &target_sd->shm_atime);
4695     __get_user(host_sd->shm_dtime, &target_sd->shm_dtime);
4696     __get_user(host_sd->shm_ctime, &target_sd->shm_ctime);
4697     __get_user(host_sd->shm_cpid, &target_sd->shm_cpid);
4698     __get_user(host_sd->shm_lpid, &target_sd->shm_lpid);
4699     __get_user(host_sd->shm_nattch, &target_sd->shm_nattch);
4700     unlock_user_struct(target_sd, target_addr, 0);
4701     return 0;
4702 }
4703 
4704 static inline abi_long host_to_target_shmid_ds(abi_ulong target_addr,
4705                                                struct shmid_ds *host_sd)
4706 {
4707     struct target_shmid_ds *target_sd;
4708 
4709     if (!lock_user_struct(VERIFY_WRITE, target_sd, target_addr, 0))
4710         return -TARGET_EFAULT;
4711     if (host_to_target_ipc_perm(target_addr, &(host_sd->shm_perm)))
4712         return -TARGET_EFAULT;
4713     __put_user(host_sd->shm_segsz, &target_sd->shm_segsz);
4714     __put_user(host_sd->shm_atime, &target_sd->shm_atime);
4715     __put_user(host_sd->shm_dtime, &target_sd->shm_dtime);
4716     __put_user(host_sd->shm_ctime, &target_sd->shm_ctime);
4717     __put_user(host_sd->shm_cpid, &target_sd->shm_cpid);
4718     __put_user(host_sd->shm_lpid, &target_sd->shm_lpid);
4719     __put_user(host_sd->shm_nattch, &target_sd->shm_nattch);
4720     unlock_user_struct(target_sd, target_addr, 1);
4721     return 0;
4722 }
4723 
4724 struct  target_shminfo {
4725     abi_ulong shmmax;
4726     abi_ulong shmmin;
4727     abi_ulong shmmni;
4728     abi_ulong shmseg;
4729     abi_ulong shmall;
4730 };
4731 
4732 static inline abi_long host_to_target_shminfo(abi_ulong target_addr,
4733                                               struct shminfo *host_shminfo)
4734 {
4735     struct target_shminfo *target_shminfo;
4736     if (!lock_user_struct(VERIFY_WRITE, target_shminfo, target_addr, 0))
4737         return -TARGET_EFAULT;
4738     __put_user(host_shminfo->shmmax, &target_shminfo->shmmax);
4739     __put_user(host_shminfo->shmmin, &target_shminfo->shmmin);
4740     __put_user(host_shminfo->shmmni, &target_shminfo->shmmni);
4741     __put_user(host_shminfo->shmseg, &target_shminfo->shmseg);
4742     __put_user(host_shminfo->shmall, &target_shminfo->shmall);
4743     unlock_user_struct(target_shminfo, target_addr, 1);
4744     return 0;
4745 }
4746 
4747 struct target_shm_info {
4748     int used_ids;
4749     abi_ulong shm_tot;
4750     abi_ulong shm_rss;
4751     abi_ulong shm_swp;
4752     abi_ulong swap_attempts;
4753     abi_ulong swap_successes;
4754 };
4755 
4756 static inline abi_long host_to_target_shm_info(abi_ulong target_addr,
4757                                                struct shm_info *host_shm_info)
4758 {
4759     struct target_shm_info *target_shm_info;
4760     if (!lock_user_struct(VERIFY_WRITE, target_shm_info, target_addr, 0))
4761         return -TARGET_EFAULT;
4762     __put_user(host_shm_info->used_ids, &target_shm_info->used_ids);
4763     __put_user(host_shm_info->shm_tot, &target_shm_info->shm_tot);
4764     __put_user(host_shm_info->shm_rss, &target_shm_info->shm_rss);
4765     __put_user(host_shm_info->shm_swp, &target_shm_info->shm_swp);
4766     __put_user(host_shm_info->swap_attempts, &target_shm_info->swap_attempts);
4767     __put_user(host_shm_info->swap_successes, &target_shm_info->swap_successes);
4768     unlock_user_struct(target_shm_info, target_addr, 1);
4769     return 0;
4770 }
4771 
4772 static inline abi_long do_shmctl(int shmid, int cmd, abi_long buf)
4773 {
4774     struct shmid_ds dsarg;
4775     struct shminfo shminfo;
4776     struct shm_info shm_info;
4777     abi_long ret = -TARGET_EINVAL;
4778 
4779     cmd &= 0xff;
4780 
4781     switch(cmd) {
4782     case IPC_STAT:
4783     case IPC_SET:
4784     case SHM_STAT:
4785         if (target_to_host_shmid_ds(&dsarg, buf))
4786             return -TARGET_EFAULT;
4787         ret = get_errno(shmctl(shmid, cmd, &dsarg));
4788         if (host_to_target_shmid_ds(buf, &dsarg))
4789             return -TARGET_EFAULT;
4790         break;
4791     case IPC_INFO:
4792         ret = get_errno(shmctl(shmid, cmd, (struct shmid_ds *)&shminfo));
4793         if (host_to_target_shminfo(buf, &shminfo))
4794             return -TARGET_EFAULT;
4795         break;
4796     case SHM_INFO:
4797         ret = get_errno(shmctl(shmid, cmd, (struct shmid_ds *)&shm_info));
4798         if (host_to_target_shm_info(buf, &shm_info))
4799             return -TARGET_EFAULT;
4800         break;
4801     case IPC_RMID:
4802     case SHM_LOCK:
4803     case SHM_UNLOCK:
4804         ret = get_errno(shmctl(shmid, cmd, NULL));
4805         break;
4806     }
4807 
4808     return ret;
4809 }
4810 
4811 #ifndef TARGET_FORCE_SHMLBA
4812 /* For most architectures, SHMLBA is the same as the page size;
4813  * some architectures have larger values, in which case they should
4814  * define TARGET_FORCE_SHMLBA and provide a target_shmlba() function.
4815  * This corresponds to the kernel arch code defining __ARCH_FORCE_SHMLBA
4816  * and defining its own value for SHMLBA.
4817  *
4818  * The kernel also permits SHMLBA to be set by the architecture to a
4819  * value larger than the page size without setting __ARCH_FORCE_SHMLBA;
4820  * this means that addresses are rounded to the large size if
4821  * SHM_RND is set but addresses not aligned to that size are not rejected
4822  * as long as they are at least page-aligned. Since the only architecture
4823  * which uses this is ia64 this code doesn't provide for that oddity.
4824  */
4825 static inline abi_ulong target_shmlba(CPUArchState *cpu_env)
4826 {
4827     return TARGET_PAGE_SIZE;
4828 }
4829 #endif
4830 
4831 static inline abi_ulong do_shmat(CPUArchState *cpu_env,
4832                                  int shmid, abi_ulong shmaddr, int shmflg)
4833 {
4834     abi_long raddr;
4835     void *host_raddr;
4836     struct shmid_ds shm_info;
4837     int i,ret;
4838     abi_ulong shmlba;
4839 
4840     /* find out the length of the shared memory segment */
4841     ret = get_errno(shmctl(shmid, IPC_STAT, &shm_info));
4842     if (is_error(ret)) {
4843         /* can't get length, bail out */
4844         return ret;
4845     }
4846 
4847     shmlba = target_shmlba(cpu_env);
4848 
4849     if (shmaddr & (shmlba - 1)) {
4850         if (shmflg & SHM_RND) {
4851             shmaddr &= ~(shmlba - 1);
4852         } else {
4853             return -TARGET_EINVAL;
4854         }
4855     }
4856 
4857     mmap_lock();
4858 
4859     if (shmaddr)
4860         host_raddr = shmat(shmid, (void *)g2h(shmaddr), shmflg);
4861     else {
4862         abi_ulong mmap_start;
4863 
4864         mmap_start = mmap_find_vma(0, shm_info.shm_segsz);
4865 
4866         if (mmap_start == -1) {
4867             errno = ENOMEM;
4868             host_raddr = (void *)-1;
4869         } else
4870             host_raddr = shmat(shmid, g2h(mmap_start), shmflg | SHM_REMAP);
4871     }
4872 
4873     if (host_raddr == (void *)-1) {
4874         mmap_unlock();
4875         return get_errno((long)host_raddr);
4876     }
4877     raddr=h2g((unsigned long)host_raddr);
4878 
4879     page_set_flags(raddr, raddr + shm_info.shm_segsz,
4880                    PAGE_VALID | PAGE_READ |
4881                    ((shmflg & SHM_RDONLY)? 0 : PAGE_WRITE));
4882 
4883     for (i = 0; i < N_SHM_REGIONS; i++) {
4884         if (!shm_regions[i].in_use) {
4885             shm_regions[i].in_use = true;
4886             shm_regions[i].start = raddr;
4887             shm_regions[i].size = shm_info.shm_segsz;
4888             break;
4889         }
4890     }
4891 
4892     mmap_unlock();
4893     return raddr;
4894 
4895 }
4896 
4897 static inline abi_long do_shmdt(abi_ulong shmaddr)
4898 {
4899     int i;
4900 
4901     for (i = 0; i < N_SHM_REGIONS; ++i) {
4902         if (shm_regions[i].in_use && shm_regions[i].start == shmaddr) {
4903             shm_regions[i].in_use = false;
4904             page_set_flags(shmaddr, shmaddr + shm_regions[i].size, 0);
4905             break;
4906         }
4907     }
4908 
4909     return get_errno(shmdt(g2h(shmaddr)));
4910 }
4911 
4912 #ifdef TARGET_NR_ipc
4913 /* ??? This only works with linear mappings.  */
4914 /* do_ipc() must return target values and target errnos. */
4915 static abi_long do_ipc(CPUArchState *cpu_env,
4916                        unsigned int call, abi_long first,
4917                        abi_long second, abi_long third,
4918                        abi_long ptr, abi_long fifth)
4919 {
4920     int version;
4921     abi_long ret = 0;
4922 
4923     version = call >> 16;
4924     call &= 0xffff;
4925 
4926     switch (call) {
4927     case IPCOP_semop:
4928         ret = do_semop(first, ptr, second);
4929         break;
4930 
4931     case IPCOP_semget:
4932         ret = get_errno(semget(first, second, third));
4933         break;
4934 
4935     case IPCOP_semctl: {
4936         /* The semun argument to semctl is passed by value, so dereference the
4937          * ptr argument. */
4938         abi_ulong atptr;
4939         get_user_ual(atptr, ptr);
4940         ret = do_semctl(first, second, third, atptr);
4941         break;
4942     }
4943 
4944     case IPCOP_msgget:
4945         ret = get_errno(msgget(first, second));
4946         break;
4947 
4948     case IPCOP_msgsnd:
4949         ret = do_msgsnd(first, ptr, second, third);
4950         break;
4951 
4952     case IPCOP_msgctl:
4953         ret = do_msgctl(first, second, ptr);
4954         break;
4955 
4956     case IPCOP_msgrcv:
4957         switch (version) {
4958         case 0:
4959             {
4960                 struct target_ipc_kludge {
4961                     abi_long msgp;
4962                     abi_long msgtyp;
4963                 } *tmp;
4964 
4965                 if (!lock_user_struct(VERIFY_READ, tmp, ptr, 1)) {
4966                     ret = -TARGET_EFAULT;
4967                     break;
4968                 }
4969 
4970                 ret = do_msgrcv(first, tswapal(tmp->msgp), second, tswapal(tmp->msgtyp), third);
4971 
4972                 unlock_user_struct(tmp, ptr, 0);
4973                 break;
4974             }
4975         default:
4976             ret = do_msgrcv(first, ptr, second, fifth, third);
4977         }
4978         break;
4979 
4980     case IPCOP_shmat:
4981         switch (version) {
4982         default:
4983         {
4984             abi_ulong raddr;
4985             raddr = do_shmat(cpu_env, first, ptr, second);
4986             if (is_error(raddr))
4987                 return get_errno(raddr);
4988             if (put_user_ual(raddr, third))
4989                 return -TARGET_EFAULT;
4990             break;
4991         }
4992         case 1:
4993             ret = -TARGET_EINVAL;
4994             break;
4995         }
4996 	break;
4997     case IPCOP_shmdt:
4998         ret = do_shmdt(ptr);
4999 	break;
5000 
5001     case IPCOP_shmget:
5002 	/* IPC_* flag values are the same on all linux platforms */
5003 	ret = get_errno(shmget(first, second, third));
5004 	break;
5005 
5006 	/* IPC_* and SHM_* command values are the same on all linux platforms */
5007     case IPCOP_shmctl:
5008         ret = do_shmctl(first, second, ptr);
5009         break;
5010     default:
5011 	gemu_log("Unsupported ipc call: %d (version %d)\n", call, version);
5012 	ret = -TARGET_ENOSYS;
5013 	break;
5014     }
5015     return ret;
5016 }
5017 #endif
5018 
5019 /* kernel structure types definitions */
5020 
5021 #define STRUCT(name, ...) STRUCT_ ## name,
5022 #define STRUCT_SPECIAL(name) STRUCT_ ## name,
5023 enum {
5024 #include "syscall_types.h"
5025 STRUCT_MAX
5026 };
5027 #undef STRUCT
5028 #undef STRUCT_SPECIAL
5029 
5030 #define STRUCT(name, ...) static const argtype struct_ ## name ## _def[] = {  __VA_ARGS__, TYPE_NULL };
5031 #define STRUCT_SPECIAL(name)
5032 #include "syscall_types.h"
5033 #undef STRUCT
5034 #undef STRUCT_SPECIAL
5035 
5036 typedef struct IOCTLEntry IOCTLEntry;
5037 
5038 typedef abi_long do_ioctl_fn(const IOCTLEntry *ie, uint8_t *buf_temp,
5039                              int fd, int cmd, abi_long arg);
5040 
5041 struct IOCTLEntry {
5042     int target_cmd;
5043     unsigned int host_cmd;
5044     const char *name;
5045     int access;
5046     do_ioctl_fn *do_ioctl;
5047     const argtype arg_type[5];
5048 };
5049 
5050 #define IOC_R 0x0001
5051 #define IOC_W 0x0002
5052 #define IOC_RW (IOC_R | IOC_W)
5053 
5054 #define MAX_STRUCT_SIZE 4096
5055 
5056 #ifdef CONFIG_FIEMAP
5057 /* So fiemap access checks don't overflow on 32 bit systems.
5058  * This is very slightly smaller than the limit imposed by
5059  * the underlying kernel.
5060  */
5061 #define FIEMAP_MAX_EXTENTS ((UINT_MAX - sizeof(struct fiemap))  \
5062                             / sizeof(struct fiemap_extent))
5063 
5064 static abi_long do_ioctl_fs_ioc_fiemap(const IOCTLEntry *ie, uint8_t *buf_temp,
5065                                        int fd, int cmd, abi_long arg)
5066 {
5067     /* The parameter for this ioctl is a struct fiemap followed
5068      * by an array of struct fiemap_extent whose size is set
5069      * in fiemap->fm_extent_count. The array is filled in by the
5070      * ioctl.
5071      */
5072     int target_size_in, target_size_out;
5073     struct fiemap *fm;
5074     const argtype *arg_type = ie->arg_type;
5075     const argtype extent_arg_type[] = { MK_STRUCT(STRUCT_fiemap_extent) };
5076     void *argptr, *p;
5077     abi_long ret;
5078     int i, extent_size = thunk_type_size(extent_arg_type, 0);
5079     uint32_t outbufsz;
5080     int free_fm = 0;
5081 
5082     assert(arg_type[0] == TYPE_PTR);
5083     assert(ie->access == IOC_RW);
5084     arg_type++;
5085     target_size_in = thunk_type_size(arg_type, 0);
5086     argptr = lock_user(VERIFY_READ, arg, target_size_in, 1);
5087     if (!argptr) {
5088         return -TARGET_EFAULT;
5089     }
5090     thunk_convert(buf_temp, argptr, arg_type, THUNK_HOST);
5091     unlock_user(argptr, arg, 0);
5092     fm = (struct fiemap *)buf_temp;
5093     if (fm->fm_extent_count > FIEMAP_MAX_EXTENTS) {
5094         return -TARGET_EINVAL;
5095     }
5096 
5097     outbufsz = sizeof (*fm) +
5098         (sizeof(struct fiemap_extent) * fm->fm_extent_count);
5099 
5100     if (outbufsz > MAX_STRUCT_SIZE) {
5101         /* We can't fit all the extents into the fixed size buffer.
5102          * Allocate one that is large enough and use it instead.
5103          */
5104         fm = g_try_malloc(outbufsz);
5105         if (!fm) {
5106             return -TARGET_ENOMEM;
5107         }
5108         memcpy(fm, buf_temp, sizeof(struct fiemap));
5109         free_fm = 1;
5110     }
5111     ret = get_errno(safe_ioctl(fd, ie->host_cmd, fm));
5112     if (!is_error(ret)) {
5113         target_size_out = target_size_in;
5114         /* An extent_count of 0 means we were only counting the extents
5115          * so there are no structs to copy
5116          */
5117         if (fm->fm_extent_count != 0) {
5118             target_size_out += fm->fm_mapped_extents * extent_size;
5119         }
5120         argptr = lock_user(VERIFY_WRITE, arg, target_size_out, 0);
5121         if (!argptr) {
5122             ret = -TARGET_EFAULT;
5123         } else {
5124             /* Convert the struct fiemap */
5125             thunk_convert(argptr, fm, arg_type, THUNK_TARGET);
5126             if (fm->fm_extent_count != 0) {
5127                 p = argptr + target_size_in;
5128                 /* ...and then all the struct fiemap_extents */
5129                 for (i = 0; i < fm->fm_mapped_extents; i++) {
5130                     thunk_convert(p, &fm->fm_extents[i], extent_arg_type,
5131                                   THUNK_TARGET);
5132                     p += extent_size;
5133                 }
5134             }
5135             unlock_user(argptr, arg, target_size_out);
5136         }
5137     }
5138     if (free_fm) {
5139         g_free(fm);
5140     }
5141     return ret;
5142 }
5143 #endif
5144 
5145 static abi_long do_ioctl_ifconf(const IOCTLEntry *ie, uint8_t *buf_temp,
5146                                 int fd, int cmd, abi_long arg)
5147 {
5148     const argtype *arg_type = ie->arg_type;
5149     int target_size;
5150     void *argptr;
5151     int ret;
5152     struct ifconf *host_ifconf;
5153     uint32_t outbufsz;
5154     const argtype ifreq_arg_type[] = { MK_STRUCT(STRUCT_sockaddr_ifreq) };
5155     int target_ifreq_size;
5156     int nb_ifreq;
5157     int free_buf = 0;
5158     int i;
5159     int target_ifc_len;
5160     abi_long target_ifc_buf;
5161     int host_ifc_len;
5162     char *host_ifc_buf;
5163 
5164     assert(arg_type[0] == TYPE_PTR);
5165     assert(ie->access == IOC_RW);
5166 
5167     arg_type++;
5168     target_size = thunk_type_size(arg_type, 0);
5169 
5170     argptr = lock_user(VERIFY_READ, arg, target_size, 1);
5171     if (!argptr)
5172         return -TARGET_EFAULT;
5173     thunk_convert(buf_temp, argptr, arg_type, THUNK_HOST);
5174     unlock_user(argptr, arg, 0);
5175 
5176     host_ifconf = (struct ifconf *)(unsigned long)buf_temp;
5177     target_ifc_len = host_ifconf->ifc_len;
5178     target_ifc_buf = (abi_long)(unsigned long)host_ifconf->ifc_buf;
5179 
5180     target_ifreq_size = thunk_type_size(ifreq_arg_type, 0);
5181     nb_ifreq = target_ifc_len / target_ifreq_size;
5182     host_ifc_len = nb_ifreq * sizeof(struct ifreq);
5183 
5184     outbufsz = sizeof(*host_ifconf) + host_ifc_len;
5185     if (outbufsz > MAX_STRUCT_SIZE) {
5186         /* We can't fit all the extents into the fixed size buffer.
5187          * Allocate one that is large enough and use it instead.
5188          */
5189         host_ifconf = malloc(outbufsz);
5190         if (!host_ifconf) {
5191             return -TARGET_ENOMEM;
5192         }
5193         memcpy(host_ifconf, buf_temp, sizeof(*host_ifconf));
5194         free_buf = 1;
5195     }
5196     host_ifc_buf = (char*)host_ifconf + sizeof(*host_ifconf);
5197 
5198     host_ifconf->ifc_len = host_ifc_len;
5199     host_ifconf->ifc_buf = host_ifc_buf;
5200 
5201     ret = get_errno(safe_ioctl(fd, ie->host_cmd, host_ifconf));
5202     if (!is_error(ret)) {
5203 	/* convert host ifc_len to target ifc_len */
5204 
5205         nb_ifreq = host_ifconf->ifc_len / sizeof(struct ifreq);
5206         target_ifc_len = nb_ifreq * target_ifreq_size;
5207         host_ifconf->ifc_len = target_ifc_len;
5208 
5209 	/* restore target ifc_buf */
5210 
5211         host_ifconf->ifc_buf = (char *)(unsigned long)target_ifc_buf;
5212 
5213 	/* copy struct ifconf to target user */
5214 
5215         argptr = lock_user(VERIFY_WRITE, arg, target_size, 0);
5216         if (!argptr)
5217             return -TARGET_EFAULT;
5218         thunk_convert(argptr, host_ifconf, arg_type, THUNK_TARGET);
5219         unlock_user(argptr, arg, target_size);
5220 
5221 	/* copy ifreq[] to target user */
5222 
5223         argptr = lock_user(VERIFY_WRITE, target_ifc_buf, target_ifc_len, 0);
5224         for (i = 0; i < nb_ifreq ; i++) {
5225             thunk_convert(argptr + i * target_ifreq_size,
5226                           host_ifc_buf + i * sizeof(struct ifreq),
5227                           ifreq_arg_type, THUNK_TARGET);
5228         }
5229         unlock_user(argptr, target_ifc_buf, target_ifc_len);
5230     }
5231 
5232     if (free_buf) {
5233         free(host_ifconf);
5234     }
5235 
5236     return ret;
5237 }
5238 
5239 static abi_long do_ioctl_dm(const IOCTLEntry *ie, uint8_t *buf_temp, int fd,
5240                             int cmd, abi_long arg)
5241 {
5242     void *argptr;
5243     struct dm_ioctl *host_dm;
5244     abi_long guest_data;
5245     uint32_t guest_data_size;
5246     int target_size;
5247     const argtype *arg_type = ie->arg_type;
5248     abi_long ret;
5249     void *big_buf = NULL;
5250     char *host_data;
5251 
5252     arg_type++;
5253     target_size = thunk_type_size(arg_type, 0);
5254     argptr = lock_user(VERIFY_READ, arg, target_size, 1);
5255     if (!argptr) {
5256         ret = -TARGET_EFAULT;
5257         goto out;
5258     }
5259     thunk_convert(buf_temp, argptr, arg_type, THUNK_HOST);
5260     unlock_user(argptr, arg, 0);
5261 
5262     /* buf_temp is too small, so fetch things into a bigger buffer */
5263     big_buf = g_malloc0(((struct dm_ioctl*)buf_temp)->data_size * 2);
5264     memcpy(big_buf, buf_temp, target_size);
5265     buf_temp = big_buf;
5266     host_dm = big_buf;
5267 
5268     guest_data = arg + host_dm->data_start;
5269     if ((guest_data - arg) < 0) {
5270         ret = -TARGET_EINVAL;
5271         goto out;
5272     }
5273     guest_data_size = host_dm->data_size - host_dm->data_start;
5274     host_data = (char*)host_dm + host_dm->data_start;
5275 
5276     argptr = lock_user(VERIFY_READ, guest_data, guest_data_size, 1);
5277     if (!argptr) {
5278         ret = -TARGET_EFAULT;
5279         goto out;
5280     }
5281 
5282     switch (ie->host_cmd) {
5283     case DM_REMOVE_ALL:
5284     case DM_LIST_DEVICES:
5285     case DM_DEV_CREATE:
5286     case DM_DEV_REMOVE:
5287     case DM_DEV_SUSPEND:
5288     case DM_DEV_STATUS:
5289     case DM_DEV_WAIT:
5290     case DM_TABLE_STATUS:
5291     case DM_TABLE_CLEAR:
5292     case DM_TABLE_DEPS:
5293     case DM_LIST_VERSIONS:
5294         /* no input data */
5295         break;
5296     case DM_DEV_RENAME:
5297     case DM_DEV_SET_GEOMETRY:
5298         /* data contains only strings */
5299         memcpy(host_data, argptr, guest_data_size);
5300         break;
5301     case DM_TARGET_MSG:
5302         memcpy(host_data, argptr, guest_data_size);
5303         *(uint64_t*)host_data = tswap64(*(uint64_t*)argptr);
5304         break;
5305     case DM_TABLE_LOAD:
5306     {
5307         void *gspec = argptr;
5308         void *cur_data = host_data;
5309         const argtype arg_type[] = { MK_STRUCT(STRUCT_dm_target_spec) };
5310         int spec_size = thunk_type_size(arg_type, 0);
5311         int i;
5312 
5313         for (i = 0; i < host_dm->target_count; i++) {
5314             struct dm_target_spec *spec = cur_data;
5315             uint32_t next;
5316             int slen;
5317 
5318             thunk_convert(spec, gspec, arg_type, THUNK_HOST);
5319             slen = strlen((char*)gspec + spec_size) + 1;
5320             next = spec->next;
5321             spec->next = sizeof(*spec) + slen;
5322             strcpy((char*)&spec[1], gspec + spec_size);
5323             gspec += next;
5324             cur_data += spec->next;
5325         }
5326         break;
5327     }
5328     default:
5329         ret = -TARGET_EINVAL;
5330         unlock_user(argptr, guest_data, 0);
5331         goto out;
5332     }
5333     unlock_user(argptr, guest_data, 0);
5334 
5335     ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp));
5336     if (!is_error(ret)) {
5337         guest_data = arg + host_dm->data_start;
5338         guest_data_size = host_dm->data_size - host_dm->data_start;
5339         argptr = lock_user(VERIFY_WRITE, guest_data, guest_data_size, 0);
5340         switch (ie->host_cmd) {
5341         case DM_REMOVE_ALL:
5342         case DM_DEV_CREATE:
5343         case DM_DEV_REMOVE:
5344         case DM_DEV_RENAME:
5345         case DM_DEV_SUSPEND:
5346         case DM_DEV_STATUS:
5347         case DM_TABLE_LOAD:
5348         case DM_TABLE_CLEAR:
5349         case DM_TARGET_MSG:
5350         case DM_DEV_SET_GEOMETRY:
5351             /* no return data */
5352             break;
5353         case DM_LIST_DEVICES:
5354         {
5355             struct dm_name_list *nl = (void*)host_dm + host_dm->data_start;
5356             uint32_t remaining_data = guest_data_size;
5357             void *cur_data = argptr;
5358             const argtype arg_type[] = { MK_STRUCT(STRUCT_dm_name_list) };
5359             int nl_size = 12; /* can't use thunk_size due to alignment */
5360 
5361             while (1) {
5362                 uint32_t next = nl->next;
5363                 if (next) {
5364                     nl->next = nl_size + (strlen(nl->name) + 1);
5365                 }
5366                 if (remaining_data < nl->next) {
5367                     host_dm->flags |= DM_BUFFER_FULL_FLAG;
5368                     break;
5369                 }
5370                 thunk_convert(cur_data, nl, arg_type, THUNK_TARGET);
5371                 strcpy(cur_data + nl_size, nl->name);
5372                 cur_data += nl->next;
5373                 remaining_data -= nl->next;
5374                 if (!next) {
5375                     break;
5376                 }
5377                 nl = (void*)nl + next;
5378             }
5379             break;
5380         }
5381         case DM_DEV_WAIT:
5382         case DM_TABLE_STATUS:
5383         {
5384             struct dm_target_spec *spec = (void*)host_dm + host_dm->data_start;
5385             void *cur_data = argptr;
5386             const argtype arg_type[] = { MK_STRUCT(STRUCT_dm_target_spec) };
5387             int spec_size = thunk_type_size(arg_type, 0);
5388             int i;
5389 
5390             for (i = 0; i < host_dm->target_count; i++) {
5391                 uint32_t next = spec->next;
5392                 int slen = strlen((char*)&spec[1]) + 1;
5393                 spec->next = (cur_data - argptr) + spec_size + slen;
5394                 if (guest_data_size < spec->next) {
5395                     host_dm->flags |= DM_BUFFER_FULL_FLAG;
5396                     break;
5397                 }
5398                 thunk_convert(cur_data, spec, arg_type, THUNK_TARGET);
5399                 strcpy(cur_data + spec_size, (char*)&spec[1]);
5400                 cur_data = argptr + spec->next;
5401                 spec = (void*)host_dm + host_dm->data_start + next;
5402             }
5403             break;
5404         }
5405         case DM_TABLE_DEPS:
5406         {
5407             void *hdata = (void*)host_dm + host_dm->data_start;
5408             int count = *(uint32_t*)hdata;
5409             uint64_t *hdev = hdata + 8;
5410             uint64_t *gdev = argptr + 8;
5411             int i;
5412 
5413             *(uint32_t*)argptr = tswap32(count);
5414             for (i = 0; i < count; i++) {
5415                 *gdev = tswap64(*hdev);
5416                 gdev++;
5417                 hdev++;
5418             }
5419             break;
5420         }
5421         case DM_LIST_VERSIONS:
5422         {
5423             struct dm_target_versions *vers = (void*)host_dm + host_dm->data_start;
5424             uint32_t remaining_data = guest_data_size;
5425             void *cur_data = argptr;
5426             const argtype arg_type[] = { MK_STRUCT(STRUCT_dm_target_versions) };
5427             int vers_size = thunk_type_size(arg_type, 0);
5428 
5429             while (1) {
5430                 uint32_t next = vers->next;
5431                 if (next) {
5432                     vers->next = vers_size + (strlen(vers->name) + 1);
5433                 }
5434                 if (remaining_data < vers->next) {
5435                     host_dm->flags |= DM_BUFFER_FULL_FLAG;
5436                     break;
5437                 }
5438                 thunk_convert(cur_data, vers, arg_type, THUNK_TARGET);
5439                 strcpy(cur_data + vers_size, vers->name);
5440                 cur_data += vers->next;
5441                 remaining_data -= vers->next;
5442                 if (!next) {
5443                     break;
5444                 }
5445                 vers = (void*)vers + next;
5446             }
5447             break;
5448         }
5449         default:
5450             unlock_user(argptr, guest_data, 0);
5451             ret = -TARGET_EINVAL;
5452             goto out;
5453         }
5454         unlock_user(argptr, guest_data, guest_data_size);
5455 
5456         argptr = lock_user(VERIFY_WRITE, arg, target_size, 0);
5457         if (!argptr) {
5458             ret = -TARGET_EFAULT;
5459             goto out;
5460         }
5461         thunk_convert(argptr, buf_temp, arg_type, THUNK_TARGET);
5462         unlock_user(argptr, arg, target_size);
5463     }
5464 out:
5465     g_free(big_buf);
5466     return ret;
5467 }
5468 
5469 static abi_long do_ioctl_blkpg(const IOCTLEntry *ie, uint8_t *buf_temp, int fd,
5470                                int cmd, abi_long arg)
5471 {
5472     void *argptr;
5473     int target_size;
5474     const argtype *arg_type = ie->arg_type;
5475     const argtype part_arg_type[] = { MK_STRUCT(STRUCT_blkpg_partition) };
5476     abi_long ret;
5477 
5478     struct blkpg_ioctl_arg *host_blkpg = (void*)buf_temp;
5479     struct blkpg_partition host_part;
5480 
5481     /* Read and convert blkpg */
5482     arg_type++;
5483     target_size = thunk_type_size(arg_type, 0);
5484     argptr = lock_user(VERIFY_READ, arg, target_size, 1);
5485     if (!argptr) {
5486         ret = -TARGET_EFAULT;
5487         goto out;
5488     }
5489     thunk_convert(buf_temp, argptr, arg_type, THUNK_HOST);
5490     unlock_user(argptr, arg, 0);
5491 
5492     switch (host_blkpg->op) {
5493     case BLKPG_ADD_PARTITION:
5494     case BLKPG_DEL_PARTITION:
5495         /* payload is struct blkpg_partition */
5496         break;
5497     default:
5498         /* Unknown opcode */
5499         ret = -TARGET_EINVAL;
5500         goto out;
5501     }
5502 
5503     /* Read and convert blkpg->data */
5504     arg = (abi_long)(uintptr_t)host_blkpg->data;
5505     target_size = thunk_type_size(part_arg_type, 0);
5506     argptr = lock_user(VERIFY_READ, arg, target_size, 1);
5507     if (!argptr) {
5508         ret = -TARGET_EFAULT;
5509         goto out;
5510     }
5511     thunk_convert(&host_part, argptr, part_arg_type, THUNK_HOST);
5512     unlock_user(argptr, arg, 0);
5513 
5514     /* Swizzle the data pointer to our local copy and call! */
5515     host_blkpg->data = &host_part;
5516     ret = get_errno(safe_ioctl(fd, ie->host_cmd, host_blkpg));
5517 
5518 out:
5519     return ret;
5520 }
5521 
5522 static abi_long do_ioctl_rt(const IOCTLEntry *ie, uint8_t *buf_temp,
5523                                 int fd, int cmd, abi_long arg)
5524 {
5525     const argtype *arg_type = ie->arg_type;
5526     const StructEntry *se;
5527     const argtype *field_types;
5528     const int *dst_offsets, *src_offsets;
5529     int target_size;
5530     void *argptr;
5531     abi_ulong *target_rt_dev_ptr;
5532     unsigned long *host_rt_dev_ptr;
5533     abi_long ret;
5534     int i;
5535 
5536     assert(ie->access == IOC_W);
5537     assert(*arg_type == TYPE_PTR);
5538     arg_type++;
5539     assert(*arg_type == TYPE_STRUCT);
5540     target_size = thunk_type_size(arg_type, 0);
5541     argptr = lock_user(VERIFY_READ, arg, target_size, 1);
5542     if (!argptr) {
5543         return -TARGET_EFAULT;
5544     }
5545     arg_type++;
5546     assert(*arg_type == (int)STRUCT_rtentry);
5547     se = struct_entries + *arg_type++;
5548     assert(se->convert[0] == NULL);
5549     /* convert struct here to be able to catch rt_dev string */
5550     field_types = se->field_types;
5551     dst_offsets = se->field_offsets[THUNK_HOST];
5552     src_offsets = se->field_offsets[THUNK_TARGET];
5553     for (i = 0; i < se->nb_fields; i++) {
5554         if (dst_offsets[i] == offsetof(struct rtentry, rt_dev)) {
5555             assert(*field_types == TYPE_PTRVOID);
5556             target_rt_dev_ptr = (abi_ulong *)(argptr + src_offsets[i]);
5557             host_rt_dev_ptr = (unsigned long *)(buf_temp + dst_offsets[i]);
5558             if (*target_rt_dev_ptr != 0) {
5559                 *host_rt_dev_ptr = (unsigned long)lock_user_string(
5560                                                   tswapal(*target_rt_dev_ptr));
5561                 if (!*host_rt_dev_ptr) {
5562                     unlock_user(argptr, arg, 0);
5563                     return -TARGET_EFAULT;
5564                 }
5565             } else {
5566                 *host_rt_dev_ptr = 0;
5567             }
5568             field_types++;
5569             continue;
5570         }
5571         field_types = thunk_convert(buf_temp + dst_offsets[i],
5572                                     argptr + src_offsets[i],
5573                                     field_types, THUNK_HOST);
5574     }
5575     unlock_user(argptr, arg, 0);
5576 
5577     ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp));
5578     if (*host_rt_dev_ptr != 0) {
5579         unlock_user((void *)*host_rt_dev_ptr,
5580                     *target_rt_dev_ptr, 0);
5581     }
5582     return ret;
5583 }
5584 
5585 static abi_long do_ioctl_kdsigaccept(const IOCTLEntry *ie, uint8_t *buf_temp,
5586                                      int fd, int cmd, abi_long arg)
5587 {
5588     int sig = target_to_host_signal(arg);
5589     return get_errno(safe_ioctl(fd, ie->host_cmd, sig));
5590 }
5591 
5592 static IOCTLEntry ioctl_entries[] = {
5593 #define IOCTL(cmd, access, ...) \
5594     { TARGET_ ## cmd, cmd, #cmd, access, 0, {  __VA_ARGS__ } },
5595 #define IOCTL_SPECIAL(cmd, access, dofn, ...)                      \
5596     { TARGET_ ## cmd, cmd, #cmd, access, dofn, {  __VA_ARGS__ } },
5597 #define IOCTL_IGNORE(cmd) \
5598     { TARGET_ ## cmd, 0, #cmd },
5599 #include "ioctls.h"
5600     { 0, 0, },
5601 };
5602 
5603 /* ??? Implement proper locking for ioctls.  */
5604 /* do_ioctl() Must return target values and target errnos. */
5605 static abi_long do_ioctl(int fd, int cmd, abi_long arg)
5606 {
5607     const IOCTLEntry *ie;
5608     const argtype *arg_type;
5609     abi_long ret;
5610     uint8_t buf_temp[MAX_STRUCT_SIZE];
5611     int target_size;
5612     void *argptr;
5613 
5614     ie = ioctl_entries;
5615     for(;;) {
5616         if (ie->target_cmd == 0) {
5617             gemu_log("Unsupported ioctl: cmd=0x%04lx\n", (long)cmd);
5618             return -TARGET_ENOSYS;
5619         }
5620         if (ie->target_cmd == cmd)
5621             break;
5622         ie++;
5623     }
5624     arg_type = ie->arg_type;
5625 #if defined(DEBUG)
5626     gemu_log("ioctl: cmd=0x%04lx (%s)\n", (long)cmd, ie->name);
5627 #endif
5628     if (ie->do_ioctl) {
5629         return ie->do_ioctl(ie, buf_temp, fd, cmd, arg);
5630     } else if (!ie->host_cmd) {
5631         /* Some architectures define BSD ioctls in their headers
5632            that are not implemented in Linux.  */
5633         return -TARGET_ENOSYS;
5634     }
5635 
5636     switch(arg_type[0]) {
5637     case TYPE_NULL:
5638         /* no argument */
5639         ret = get_errno(safe_ioctl(fd, ie->host_cmd));
5640         break;
5641     case TYPE_PTRVOID:
5642     case TYPE_INT:
5643         ret = get_errno(safe_ioctl(fd, ie->host_cmd, arg));
5644         break;
5645     case TYPE_PTR:
5646         arg_type++;
5647         target_size = thunk_type_size(arg_type, 0);
5648         switch(ie->access) {
5649         case IOC_R:
5650             ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp));
5651             if (!is_error(ret)) {
5652                 argptr = lock_user(VERIFY_WRITE, arg, target_size, 0);
5653                 if (!argptr)
5654                     return -TARGET_EFAULT;
5655                 thunk_convert(argptr, buf_temp, arg_type, THUNK_TARGET);
5656                 unlock_user(argptr, arg, target_size);
5657             }
5658             break;
5659         case IOC_W:
5660             argptr = lock_user(VERIFY_READ, arg, target_size, 1);
5661             if (!argptr)
5662                 return -TARGET_EFAULT;
5663             thunk_convert(buf_temp, argptr, arg_type, THUNK_HOST);
5664             unlock_user(argptr, arg, 0);
5665             ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp));
5666             break;
5667         default:
5668         case IOC_RW:
5669             argptr = lock_user(VERIFY_READ, arg, target_size, 1);
5670             if (!argptr)
5671                 return -TARGET_EFAULT;
5672             thunk_convert(buf_temp, argptr, arg_type, THUNK_HOST);
5673             unlock_user(argptr, arg, 0);
5674             ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp));
5675             if (!is_error(ret)) {
5676                 argptr = lock_user(VERIFY_WRITE, arg, target_size, 0);
5677                 if (!argptr)
5678                     return -TARGET_EFAULT;
5679                 thunk_convert(argptr, buf_temp, arg_type, THUNK_TARGET);
5680                 unlock_user(argptr, arg, target_size);
5681             }
5682             break;
5683         }
5684         break;
5685     default:
5686         gemu_log("Unsupported ioctl type: cmd=0x%04lx type=%d\n",
5687                  (long)cmd, arg_type[0]);
5688         ret = -TARGET_ENOSYS;
5689         break;
5690     }
5691     return ret;
5692 }
5693 
5694 static const bitmask_transtbl iflag_tbl[] = {
5695         { TARGET_IGNBRK, TARGET_IGNBRK, IGNBRK, IGNBRK },
5696         { TARGET_BRKINT, TARGET_BRKINT, BRKINT, BRKINT },
5697         { TARGET_IGNPAR, TARGET_IGNPAR, IGNPAR, IGNPAR },
5698         { TARGET_PARMRK, TARGET_PARMRK, PARMRK, PARMRK },
5699         { TARGET_INPCK, TARGET_INPCK, INPCK, INPCK },
5700         { TARGET_ISTRIP, TARGET_ISTRIP, ISTRIP, ISTRIP },
5701         { TARGET_INLCR, TARGET_INLCR, INLCR, INLCR },
5702         { TARGET_IGNCR, TARGET_IGNCR, IGNCR, IGNCR },
5703         { TARGET_ICRNL, TARGET_ICRNL, ICRNL, ICRNL },
5704         { TARGET_IUCLC, TARGET_IUCLC, IUCLC, IUCLC },
5705         { TARGET_IXON, TARGET_IXON, IXON, IXON },
5706         { TARGET_IXANY, TARGET_IXANY, IXANY, IXANY },
5707         { TARGET_IXOFF, TARGET_IXOFF, IXOFF, IXOFF },
5708         { TARGET_IMAXBEL, TARGET_IMAXBEL, IMAXBEL, IMAXBEL },
5709         { 0, 0, 0, 0 }
5710 };
5711 
5712 static const bitmask_transtbl oflag_tbl[] = {
5713 	{ TARGET_OPOST, TARGET_OPOST, OPOST, OPOST },
5714 	{ TARGET_OLCUC, TARGET_OLCUC, OLCUC, OLCUC },
5715 	{ TARGET_ONLCR, TARGET_ONLCR, ONLCR, ONLCR },
5716 	{ TARGET_OCRNL, TARGET_OCRNL, OCRNL, OCRNL },
5717 	{ TARGET_ONOCR, TARGET_ONOCR, ONOCR, ONOCR },
5718 	{ TARGET_ONLRET, TARGET_ONLRET, ONLRET, ONLRET },
5719 	{ TARGET_OFILL, TARGET_OFILL, OFILL, OFILL },
5720 	{ TARGET_OFDEL, TARGET_OFDEL, OFDEL, OFDEL },
5721 	{ TARGET_NLDLY, TARGET_NL0, NLDLY, NL0 },
5722 	{ TARGET_NLDLY, TARGET_NL1, NLDLY, NL1 },
5723 	{ TARGET_CRDLY, TARGET_CR0, CRDLY, CR0 },
5724 	{ TARGET_CRDLY, TARGET_CR1, CRDLY, CR1 },
5725 	{ TARGET_CRDLY, TARGET_CR2, CRDLY, CR2 },
5726 	{ TARGET_CRDLY, TARGET_CR3, CRDLY, CR3 },
5727 	{ TARGET_TABDLY, TARGET_TAB0, TABDLY, TAB0 },
5728 	{ TARGET_TABDLY, TARGET_TAB1, TABDLY, TAB1 },
5729 	{ TARGET_TABDLY, TARGET_TAB2, TABDLY, TAB2 },
5730 	{ TARGET_TABDLY, TARGET_TAB3, TABDLY, TAB3 },
5731 	{ TARGET_BSDLY, TARGET_BS0, BSDLY, BS0 },
5732 	{ TARGET_BSDLY, TARGET_BS1, BSDLY, BS1 },
5733 	{ TARGET_VTDLY, TARGET_VT0, VTDLY, VT0 },
5734 	{ TARGET_VTDLY, TARGET_VT1, VTDLY, VT1 },
5735 	{ TARGET_FFDLY, TARGET_FF0, FFDLY, FF0 },
5736 	{ TARGET_FFDLY, TARGET_FF1, FFDLY, FF1 },
5737 	{ 0, 0, 0, 0 }
5738 };
5739 
5740 static const bitmask_transtbl cflag_tbl[] = {
5741 	{ TARGET_CBAUD, TARGET_B0, CBAUD, B0 },
5742 	{ TARGET_CBAUD, TARGET_B50, CBAUD, B50 },
5743 	{ TARGET_CBAUD, TARGET_B75, CBAUD, B75 },
5744 	{ TARGET_CBAUD, TARGET_B110, CBAUD, B110 },
5745 	{ TARGET_CBAUD, TARGET_B134, CBAUD, B134 },
5746 	{ TARGET_CBAUD, TARGET_B150, CBAUD, B150 },
5747 	{ TARGET_CBAUD, TARGET_B200, CBAUD, B200 },
5748 	{ TARGET_CBAUD, TARGET_B300, CBAUD, B300 },
5749 	{ TARGET_CBAUD, TARGET_B600, CBAUD, B600 },
5750 	{ TARGET_CBAUD, TARGET_B1200, CBAUD, B1200 },
5751 	{ TARGET_CBAUD, TARGET_B1800, CBAUD, B1800 },
5752 	{ TARGET_CBAUD, TARGET_B2400, CBAUD, B2400 },
5753 	{ TARGET_CBAUD, TARGET_B4800, CBAUD, B4800 },
5754 	{ TARGET_CBAUD, TARGET_B9600, CBAUD, B9600 },
5755 	{ TARGET_CBAUD, TARGET_B19200, CBAUD, B19200 },
5756 	{ TARGET_CBAUD, TARGET_B38400, CBAUD, B38400 },
5757 	{ TARGET_CBAUD, TARGET_B57600, CBAUD, B57600 },
5758 	{ TARGET_CBAUD, TARGET_B115200, CBAUD, B115200 },
5759 	{ TARGET_CBAUD, TARGET_B230400, CBAUD, B230400 },
5760 	{ TARGET_CBAUD, TARGET_B460800, CBAUD, B460800 },
5761 	{ TARGET_CSIZE, TARGET_CS5, CSIZE, CS5 },
5762 	{ TARGET_CSIZE, TARGET_CS6, CSIZE, CS6 },
5763 	{ TARGET_CSIZE, TARGET_CS7, CSIZE, CS7 },
5764 	{ TARGET_CSIZE, TARGET_CS8, CSIZE, CS8 },
5765 	{ TARGET_CSTOPB, TARGET_CSTOPB, CSTOPB, CSTOPB },
5766 	{ TARGET_CREAD, TARGET_CREAD, CREAD, CREAD },
5767 	{ TARGET_PARENB, TARGET_PARENB, PARENB, PARENB },
5768 	{ TARGET_PARODD, TARGET_PARODD, PARODD, PARODD },
5769 	{ TARGET_HUPCL, TARGET_HUPCL, HUPCL, HUPCL },
5770 	{ TARGET_CLOCAL, TARGET_CLOCAL, CLOCAL, CLOCAL },
5771 	{ TARGET_CRTSCTS, TARGET_CRTSCTS, CRTSCTS, CRTSCTS },
5772 	{ 0, 0, 0, 0 }
5773 };
5774 
5775 static const bitmask_transtbl lflag_tbl[] = {
5776 	{ TARGET_ISIG, TARGET_ISIG, ISIG, ISIG },
5777 	{ TARGET_ICANON, TARGET_ICANON, ICANON, ICANON },
5778 	{ TARGET_XCASE, TARGET_XCASE, XCASE, XCASE },
5779 	{ TARGET_ECHO, TARGET_ECHO, ECHO, ECHO },
5780 	{ TARGET_ECHOE, TARGET_ECHOE, ECHOE, ECHOE },
5781 	{ TARGET_ECHOK, TARGET_ECHOK, ECHOK, ECHOK },
5782 	{ TARGET_ECHONL, TARGET_ECHONL, ECHONL, ECHONL },
5783 	{ TARGET_NOFLSH, TARGET_NOFLSH, NOFLSH, NOFLSH },
5784 	{ TARGET_TOSTOP, TARGET_TOSTOP, TOSTOP, TOSTOP },
5785 	{ TARGET_ECHOCTL, TARGET_ECHOCTL, ECHOCTL, ECHOCTL },
5786 	{ TARGET_ECHOPRT, TARGET_ECHOPRT, ECHOPRT, ECHOPRT },
5787 	{ TARGET_ECHOKE, TARGET_ECHOKE, ECHOKE, ECHOKE },
5788 	{ TARGET_FLUSHO, TARGET_FLUSHO, FLUSHO, FLUSHO },
5789 	{ TARGET_PENDIN, TARGET_PENDIN, PENDIN, PENDIN },
5790 	{ TARGET_IEXTEN, TARGET_IEXTEN, IEXTEN, IEXTEN },
5791 	{ 0, 0, 0, 0 }
5792 };
5793 
5794 static void target_to_host_termios (void *dst, const void *src)
5795 {
5796     struct host_termios *host = dst;
5797     const struct target_termios *target = src;
5798 
5799     host->c_iflag =
5800         target_to_host_bitmask(tswap32(target->c_iflag), iflag_tbl);
5801     host->c_oflag =
5802         target_to_host_bitmask(tswap32(target->c_oflag), oflag_tbl);
5803     host->c_cflag =
5804         target_to_host_bitmask(tswap32(target->c_cflag), cflag_tbl);
5805     host->c_lflag =
5806         target_to_host_bitmask(tswap32(target->c_lflag), lflag_tbl);
5807     host->c_line = target->c_line;
5808 
5809     memset(host->c_cc, 0, sizeof(host->c_cc));
5810     host->c_cc[VINTR] = target->c_cc[TARGET_VINTR];
5811     host->c_cc[VQUIT] = target->c_cc[TARGET_VQUIT];
5812     host->c_cc[VERASE] = target->c_cc[TARGET_VERASE];
5813     host->c_cc[VKILL] = target->c_cc[TARGET_VKILL];
5814     host->c_cc[VEOF] = target->c_cc[TARGET_VEOF];
5815     host->c_cc[VTIME] = target->c_cc[TARGET_VTIME];
5816     host->c_cc[VMIN] = target->c_cc[TARGET_VMIN];
5817     host->c_cc[VSWTC] = target->c_cc[TARGET_VSWTC];
5818     host->c_cc[VSTART] = target->c_cc[TARGET_VSTART];
5819     host->c_cc[VSTOP] = target->c_cc[TARGET_VSTOP];
5820     host->c_cc[VSUSP] = target->c_cc[TARGET_VSUSP];
5821     host->c_cc[VEOL] = target->c_cc[TARGET_VEOL];
5822     host->c_cc[VREPRINT] = target->c_cc[TARGET_VREPRINT];
5823     host->c_cc[VDISCARD] = target->c_cc[TARGET_VDISCARD];
5824     host->c_cc[VWERASE] = target->c_cc[TARGET_VWERASE];
5825     host->c_cc[VLNEXT] = target->c_cc[TARGET_VLNEXT];
5826     host->c_cc[VEOL2] = target->c_cc[TARGET_VEOL2];
5827 }
5828 
5829 static void host_to_target_termios (void *dst, const void *src)
5830 {
5831     struct target_termios *target = dst;
5832     const struct host_termios *host = src;
5833 
5834     target->c_iflag =
5835         tswap32(host_to_target_bitmask(host->c_iflag, iflag_tbl));
5836     target->c_oflag =
5837         tswap32(host_to_target_bitmask(host->c_oflag, oflag_tbl));
5838     target->c_cflag =
5839         tswap32(host_to_target_bitmask(host->c_cflag, cflag_tbl));
5840     target->c_lflag =
5841         tswap32(host_to_target_bitmask(host->c_lflag, lflag_tbl));
5842     target->c_line = host->c_line;
5843 
5844     memset(target->c_cc, 0, sizeof(target->c_cc));
5845     target->c_cc[TARGET_VINTR] = host->c_cc[VINTR];
5846     target->c_cc[TARGET_VQUIT] = host->c_cc[VQUIT];
5847     target->c_cc[TARGET_VERASE] = host->c_cc[VERASE];
5848     target->c_cc[TARGET_VKILL] = host->c_cc[VKILL];
5849     target->c_cc[TARGET_VEOF] = host->c_cc[VEOF];
5850     target->c_cc[TARGET_VTIME] = host->c_cc[VTIME];
5851     target->c_cc[TARGET_VMIN] = host->c_cc[VMIN];
5852     target->c_cc[TARGET_VSWTC] = host->c_cc[VSWTC];
5853     target->c_cc[TARGET_VSTART] = host->c_cc[VSTART];
5854     target->c_cc[TARGET_VSTOP] = host->c_cc[VSTOP];
5855     target->c_cc[TARGET_VSUSP] = host->c_cc[VSUSP];
5856     target->c_cc[TARGET_VEOL] = host->c_cc[VEOL];
5857     target->c_cc[TARGET_VREPRINT] = host->c_cc[VREPRINT];
5858     target->c_cc[TARGET_VDISCARD] = host->c_cc[VDISCARD];
5859     target->c_cc[TARGET_VWERASE] = host->c_cc[VWERASE];
5860     target->c_cc[TARGET_VLNEXT] = host->c_cc[VLNEXT];
5861     target->c_cc[TARGET_VEOL2] = host->c_cc[VEOL2];
5862 }
5863 
5864 static const StructEntry struct_termios_def = {
5865     .convert = { host_to_target_termios, target_to_host_termios },
5866     .size = { sizeof(struct target_termios), sizeof(struct host_termios) },
5867     .align = { __alignof__(struct target_termios), __alignof__(struct host_termios) },
5868 };
5869 
5870 static bitmask_transtbl mmap_flags_tbl[] = {
5871 	{ TARGET_MAP_SHARED, TARGET_MAP_SHARED, MAP_SHARED, MAP_SHARED },
5872 	{ TARGET_MAP_PRIVATE, TARGET_MAP_PRIVATE, MAP_PRIVATE, MAP_PRIVATE },
5873 	{ TARGET_MAP_FIXED, TARGET_MAP_FIXED, MAP_FIXED, MAP_FIXED },
5874 	{ TARGET_MAP_ANONYMOUS, TARGET_MAP_ANONYMOUS, MAP_ANONYMOUS, MAP_ANONYMOUS },
5875 	{ TARGET_MAP_GROWSDOWN, TARGET_MAP_GROWSDOWN, MAP_GROWSDOWN, MAP_GROWSDOWN },
5876 	{ TARGET_MAP_DENYWRITE, TARGET_MAP_DENYWRITE, MAP_DENYWRITE, MAP_DENYWRITE },
5877 	{ TARGET_MAP_EXECUTABLE, TARGET_MAP_EXECUTABLE, MAP_EXECUTABLE, MAP_EXECUTABLE },
5878 	{ TARGET_MAP_LOCKED, TARGET_MAP_LOCKED, MAP_LOCKED, MAP_LOCKED },
5879         { TARGET_MAP_NORESERVE, TARGET_MAP_NORESERVE, MAP_NORESERVE,
5880           MAP_NORESERVE },
5881 	{ 0, 0, 0, 0 }
5882 };
5883 
5884 #if defined(TARGET_I386)
5885 
5886 /* NOTE: there is really one LDT for all the threads */
5887 static uint8_t *ldt_table;
5888 
5889 static abi_long read_ldt(abi_ulong ptr, unsigned long bytecount)
5890 {
5891     int size;
5892     void *p;
5893 
5894     if (!ldt_table)
5895         return 0;
5896     size = TARGET_LDT_ENTRIES * TARGET_LDT_ENTRY_SIZE;
5897     if (size > bytecount)
5898         size = bytecount;
5899     p = lock_user(VERIFY_WRITE, ptr, size, 0);
5900     if (!p)
5901         return -TARGET_EFAULT;
5902     /* ??? Should this by byteswapped?  */
5903     memcpy(p, ldt_table, size);
5904     unlock_user(p, ptr, size);
5905     return size;
5906 }
5907 
5908 /* XXX: add locking support */
5909 static abi_long write_ldt(CPUX86State *env,
5910                           abi_ulong ptr, unsigned long bytecount, int oldmode)
5911 {
5912     struct target_modify_ldt_ldt_s ldt_info;
5913     struct target_modify_ldt_ldt_s *target_ldt_info;
5914     int seg_32bit, contents, read_exec_only, limit_in_pages;
5915     int seg_not_present, useable, lm;
5916     uint32_t *lp, entry_1, entry_2;
5917 
5918     if (bytecount != sizeof(ldt_info))
5919         return -TARGET_EINVAL;
5920     if (!lock_user_struct(VERIFY_READ, target_ldt_info, ptr, 1))
5921         return -TARGET_EFAULT;
5922     ldt_info.entry_number = tswap32(target_ldt_info->entry_number);
5923     ldt_info.base_addr = tswapal(target_ldt_info->base_addr);
5924     ldt_info.limit = tswap32(target_ldt_info->limit);
5925     ldt_info.flags = tswap32(target_ldt_info->flags);
5926     unlock_user_struct(target_ldt_info, ptr, 0);
5927 
5928     if (ldt_info.entry_number >= TARGET_LDT_ENTRIES)
5929         return -TARGET_EINVAL;
5930     seg_32bit = ldt_info.flags & 1;
5931     contents = (ldt_info.flags >> 1) & 3;
5932     read_exec_only = (ldt_info.flags >> 3) & 1;
5933     limit_in_pages = (ldt_info.flags >> 4) & 1;
5934     seg_not_present = (ldt_info.flags >> 5) & 1;
5935     useable = (ldt_info.flags >> 6) & 1;
5936 #ifdef TARGET_ABI32
5937     lm = 0;
5938 #else
5939     lm = (ldt_info.flags >> 7) & 1;
5940 #endif
5941     if (contents == 3) {
5942         if (oldmode)
5943             return -TARGET_EINVAL;
5944         if (seg_not_present == 0)
5945             return -TARGET_EINVAL;
5946     }
5947     /* allocate the LDT */
5948     if (!ldt_table) {
5949         env->ldt.base = target_mmap(0,
5950                                     TARGET_LDT_ENTRIES * TARGET_LDT_ENTRY_SIZE,
5951                                     PROT_READ|PROT_WRITE,
5952                                     MAP_ANONYMOUS|MAP_PRIVATE, -1, 0);
5953         if (env->ldt.base == -1)
5954             return -TARGET_ENOMEM;
5955         memset(g2h(env->ldt.base), 0,
5956                TARGET_LDT_ENTRIES * TARGET_LDT_ENTRY_SIZE);
5957         env->ldt.limit = 0xffff;
5958         ldt_table = g2h(env->ldt.base);
5959     }
5960 
5961     /* NOTE: same code as Linux kernel */
5962     /* Allow LDTs to be cleared by the user. */
5963     if (ldt_info.base_addr == 0 && ldt_info.limit == 0) {
5964         if (oldmode ||
5965             (contents == 0		&&
5966              read_exec_only == 1	&&
5967              seg_32bit == 0		&&
5968              limit_in_pages == 0	&&
5969              seg_not_present == 1	&&
5970              useable == 0 )) {
5971             entry_1 = 0;
5972             entry_2 = 0;
5973             goto install;
5974         }
5975     }
5976 
5977     entry_1 = ((ldt_info.base_addr & 0x0000ffff) << 16) |
5978         (ldt_info.limit & 0x0ffff);
5979     entry_2 = (ldt_info.base_addr & 0xff000000) |
5980         ((ldt_info.base_addr & 0x00ff0000) >> 16) |
5981         (ldt_info.limit & 0xf0000) |
5982         ((read_exec_only ^ 1) << 9) |
5983         (contents << 10) |
5984         ((seg_not_present ^ 1) << 15) |
5985         (seg_32bit << 22) |
5986         (limit_in_pages << 23) |
5987         (lm << 21) |
5988         0x7000;
5989     if (!oldmode)
5990         entry_2 |= (useable << 20);
5991 
5992     /* Install the new entry ...  */
5993 install:
5994     lp = (uint32_t *)(ldt_table + (ldt_info.entry_number << 3));
5995     lp[0] = tswap32(entry_1);
5996     lp[1] = tswap32(entry_2);
5997     return 0;
5998 }
5999 
6000 /* specific and weird i386 syscalls */
6001 static abi_long do_modify_ldt(CPUX86State *env, int func, abi_ulong ptr,
6002                               unsigned long bytecount)
6003 {
6004     abi_long ret;
6005 
6006     switch (func) {
6007     case 0:
6008         ret = read_ldt(ptr, bytecount);
6009         break;
6010     case 1:
6011         ret = write_ldt(env, ptr, bytecount, 1);
6012         break;
6013     case 0x11:
6014         ret = write_ldt(env, ptr, bytecount, 0);
6015         break;
6016     default:
6017         ret = -TARGET_ENOSYS;
6018         break;
6019     }
6020     return ret;
6021 }
6022 
6023 #if defined(TARGET_I386) && defined(TARGET_ABI32)
6024 abi_long do_set_thread_area(CPUX86State *env, abi_ulong ptr)
6025 {
6026     uint64_t *gdt_table = g2h(env->gdt.base);
6027     struct target_modify_ldt_ldt_s ldt_info;
6028     struct target_modify_ldt_ldt_s *target_ldt_info;
6029     int seg_32bit, contents, read_exec_only, limit_in_pages;
6030     int seg_not_present, useable, lm;
6031     uint32_t *lp, entry_1, entry_2;
6032     int i;
6033 
6034     lock_user_struct(VERIFY_WRITE, target_ldt_info, ptr, 1);
6035     if (!target_ldt_info)
6036         return -TARGET_EFAULT;
6037     ldt_info.entry_number = tswap32(target_ldt_info->entry_number);
6038     ldt_info.base_addr = tswapal(target_ldt_info->base_addr);
6039     ldt_info.limit = tswap32(target_ldt_info->limit);
6040     ldt_info.flags = tswap32(target_ldt_info->flags);
6041     if (ldt_info.entry_number == -1) {
6042         for (i=TARGET_GDT_ENTRY_TLS_MIN; i<=TARGET_GDT_ENTRY_TLS_MAX; i++) {
6043             if (gdt_table[i] == 0) {
6044                 ldt_info.entry_number = i;
6045                 target_ldt_info->entry_number = tswap32(i);
6046                 break;
6047             }
6048         }
6049     }
6050     unlock_user_struct(target_ldt_info, ptr, 1);
6051 
6052     if (ldt_info.entry_number < TARGET_GDT_ENTRY_TLS_MIN ||
6053         ldt_info.entry_number > TARGET_GDT_ENTRY_TLS_MAX)
6054            return -TARGET_EINVAL;
6055     seg_32bit = ldt_info.flags & 1;
6056     contents = (ldt_info.flags >> 1) & 3;
6057     read_exec_only = (ldt_info.flags >> 3) & 1;
6058     limit_in_pages = (ldt_info.flags >> 4) & 1;
6059     seg_not_present = (ldt_info.flags >> 5) & 1;
6060     useable = (ldt_info.flags >> 6) & 1;
6061 #ifdef TARGET_ABI32
6062     lm = 0;
6063 #else
6064     lm = (ldt_info.flags >> 7) & 1;
6065 #endif
6066 
6067     if (contents == 3) {
6068         if (seg_not_present == 0)
6069             return -TARGET_EINVAL;
6070     }
6071 
6072     /* NOTE: same code as Linux kernel */
6073     /* Allow LDTs to be cleared by the user. */
6074     if (ldt_info.base_addr == 0 && ldt_info.limit == 0) {
6075         if ((contents == 0             &&
6076              read_exec_only == 1       &&
6077              seg_32bit == 0            &&
6078              limit_in_pages == 0       &&
6079              seg_not_present == 1      &&
6080              useable == 0 )) {
6081             entry_1 = 0;
6082             entry_2 = 0;
6083             goto install;
6084         }
6085     }
6086 
6087     entry_1 = ((ldt_info.base_addr & 0x0000ffff) << 16) |
6088         (ldt_info.limit & 0x0ffff);
6089     entry_2 = (ldt_info.base_addr & 0xff000000) |
6090         ((ldt_info.base_addr & 0x00ff0000) >> 16) |
6091         (ldt_info.limit & 0xf0000) |
6092         ((read_exec_only ^ 1) << 9) |
6093         (contents << 10) |
6094         ((seg_not_present ^ 1) << 15) |
6095         (seg_32bit << 22) |
6096         (limit_in_pages << 23) |
6097         (useable << 20) |
6098         (lm << 21) |
6099         0x7000;
6100 
6101     /* Install the new entry ...  */
6102 install:
6103     lp = (uint32_t *)(gdt_table + ldt_info.entry_number);
6104     lp[0] = tswap32(entry_1);
6105     lp[1] = tswap32(entry_2);
6106     return 0;
6107 }
6108 
6109 static abi_long do_get_thread_area(CPUX86State *env, abi_ulong ptr)
6110 {
6111     struct target_modify_ldt_ldt_s *target_ldt_info;
6112     uint64_t *gdt_table = g2h(env->gdt.base);
6113     uint32_t base_addr, limit, flags;
6114     int seg_32bit, contents, read_exec_only, limit_in_pages, idx;
6115     int seg_not_present, useable, lm;
6116     uint32_t *lp, entry_1, entry_2;
6117 
6118     lock_user_struct(VERIFY_WRITE, target_ldt_info, ptr, 1);
6119     if (!target_ldt_info)
6120         return -TARGET_EFAULT;
6121     idx = tswap32(target_ldt_info->entry_number);
6122     if (idx < TARGET_GDT_ENTRY_TLS_MIN ||
6123         idx > TARGET_GDT_ENTRY_TLS_MAX) {
6124         unlock_user_struct(target_ldt_info, ptr, 1);
6125         return -TARGET_EINVAL;
6126     }
6127     lp = (uint32_t *)(gdt_table + idx);
6128     entry_1 = tswap32(lp[0]);
6129     entry_2 = tswap32(lp[1]);
6130 
6131     read_exec_only = ((entry_2 >> 9) & 1) ^ 1;
6132     contents = (entry_2 >> 10) & 3;
6133     seg_not_present = ((entry_2 >> 15) & 1) ^ 1;
6134     seg_32bit = (entry_2 >> 22) & 1;
6135     limit_in_pages = (entry_2 >> 23) & 1;
6136     useable = (entry_2 >> 20) & 1;
6137 #ifdef TARGET_ABI32
6138     lm = 0;
6139 #else
6140     lm = (entry_2 >> 21) & 1;
6141 #endif
6142     flags = (seg_32bit << 0) | (contents << 1) |
6143         (read_exec_only << 3) | (limit_in_pages << 4) |
6144         (seg_not_present << 5) | (useable << 6) | (lm << 7);
6145     limit = (entry_1 & 0xffff) | (entry_2  & 0xf0000);
6146     base_addr = (entry_1 >> 16) |
6147         (entry_2 & 0xff000000) |
6148         ((entry_2 & 0xff) << 16);
6149     target_ldt_info->base_addr = tswapal(base_addr);
6150     target_ldt_info->limit = tswap32(limit);
6151     target_ldt_info->flags = tswap32(flags);
6152     unlock_user_struct(target_ldt_info, ptr, 1);
6153     return 0;
6154 }
6155 #endif /* TARGET_I386 && TARGET_ABI32 */
6156 
6157 #ifndef TARGET_ABI32
6158 abi_long do_arch_prctl(CPUX86State *env, int code, abi_ulong addr)
6159 {
6160     abi_long ret = 0;
6161     abi_ulong val;
6162     int idx;
6163 
6164     switch(code) {
6165     case TARGET_ARCH_SET_GS:
6166     case TARGET_ARCH_SET_FS:
6167         if (code == TARGET_ARCH_SET_GS)
6168             idx = R_GS;
6169         else
6170             idx = R_FS;
6171         cpu_x86_load_seg(env, idx, 0);
6172         env->segs[idx].base = addr;
6173         break;
6174     case TARGET_ARCH_GET_GS:
6175     case TARGET_ARCH_GET_FS:
6176         if (code == TARGET_ARCH_GET_GS)
6177             idx = R_GS;
6178         else
6179             idx = R_FS;
6180         val = env->segs[idx].base;
6181         if (put_user(val, addr, abi_ulong))
6182             ret = -TARGET_EFAULT;
6183         break;
6184     default:
6185         ret = -TARGET_EINVAL;
6186         break;
6187     }
6188     return ret;
6189 }
6190 #endif
6191 
6192 #endif /* defined(TARGET_I386) */
6193 
6194 #define NEW_STACK_SIZE 0x40000
6195 
6196 
6197 static pthread_mutex_t clone_lock = PTHREAD_MUTEX_INITIALIZER;
6198 typedef struct {
6199     CPUArchState *env;
6200     pthread_mutex_t mutex;
6201     pthread_cond_t cond;
6202     pthread_t thread;
6203     uint32_t tid;
6204     abi_ulong child_tidptr;
6205     abi_ulong parent_tidptr;
6206     sigset_t sigmask;
6207 } new_thread_info;
6208 
6209 static void *clone_func(void *arg)
6210 {
6211     new_thread_info *info = arg;
6212     CPUArchState *env;
6213     CPUState *cpu;
6214     TaskState *ts;
6215 
6216     rcu_register_thread();
6217     env = info->env;
6218     cpu = ENV_GET_CPU(env);
6219     thread_cpu = cpu;
6220     ts = (TaskState *)cpu->opaque;
6221     info->tid = gettid();
6222     task_settid(ts);
6223     if (info->child_tidptr)
6224         put_user_u32(info->tid, info->child_tidptr);
6225     if (info->parent_tidptr)
6226         put_user_u32(info->tid, info->parent_tidptr);
6227     /* Enable signals.  */
6228     sigprocmask(SIG_SETMASK, &info->sigmask, NULL);
6229     /* Signal to the parent that we're ready.  */
6230     pthread_mutex_lock(&info->mutex);
6231     pthread_cond_broadcast(&info->cond);
6232     pthread_mutex_unlock(&info->mutex);
6233     /* Wait until the parent has finshed initializing the tls state.  */
6234     pthread_mutex_lock(&clone_lock);
6235     pthread_mutex_unlock(&clone_lock);
6236     cpu_loop(env);
6237     /* never exits */
6238     return NULL;
6239 }
6240 
6241 /* do_fork() Must return host values and target errnos (unlike most
6242    do_*() functions). */
6243 static int do_fork(CPUArchState *env, unsigned int flags, abi_ulong newsp,
6244                    abi_ulong parent_tidptr, target_ulong newtls,
6245                    abi_ulong child_tidptr)
6246 {
6247     CPUState *cpu = ENV_GET_CPU(env);
6248     int ret;
6249     TaskState *ts;
6250     CPUState *new_cpu;
6251     CPUArchState *new_env;
6252     sigset_t sigmask;
6253 
6254     flags &= ~CLONE_IGNORED_FLAGS;
6255 
6256     /* Emulate vfork() with fork() */
6257     if (flags & CLONE_VFORK)
6258         flags &= ~(CLONE_VFORK | CLONE_VM);
6259 
6260     if (flags & CLONE_VM) {
6261         TaskState *parent_ts = (TaskState *)cpu->opaque;
6262         new_thread_info info;
6263         pthread_attr_t attr;
6264 
6265         if (((flags & CLONE_THREAD_FLAGS) != CLONE_THREAD_FLAGS) ||
6266             (flags & CLONE_INVALID_THREAD_FLAGS)) {
6267             return -TARGET_EINVAL;
6268         }
6269 
6270         ts = g_new0(TaskState, 1);
6271         init_task_state(ts);
6272         /* we create a new CPU instance. */
6273         new_env = cpu_copy(env);
6274         /* Init regs that differ from the parent.  */
6275         cpu_clone_regs(new_env, newsp);
6276         new_cpu = ENV_GET_CPU(new_env);
6277         new_cpu->opaque = ts;
6278         ts->bprm = parent_ts->bprm;
6279         ts->info = parent_ts->info;
6280         ts->signal_mask = parent_ts->signal_mask;
6281 
6282         if (flags & CLONE_CHILD_CLEARTID) {
6283             ts->child_tidptr = child_tidptr;
6284         }
6285 
6286         if (flags & CLONE_SETTLS) {
6287             cpu_set_tls (new_env, newtls);
6288         }
6289 
6290         /* Grab a mutex so that thread setup appears atomic.  */
6291         pthread_mutex_lock(&clone_lock);
6292 
6293         memset(&info, 0, sizeof(info));
6294         pthread_mutex_init(&info.mutex, NULL);
6295         pthread_mutex_lock(&info.mutex);
6296         pthread_cond_init(&info.cond, NULL);
6297         info.env = new_env;
6298         if (flags & CLONE_CHILD_SETTID) {
6299             info.child_tidptr = child_tidptr;
6300         }
6301         if (flags & CLONE_PARENT_SETTID) {
6302             info.parent_tidptr = parent_tidptr;
6303         }
6304 
6305         ret = pthread_attr_init(&attr);
6306         ret = pthread_attr_setstacksize(&attr, NEW_STACK_SIZE);
6307         ret = pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
6308         /* It is not safe to deliver signals until the child has finished
6309            initializing, so temporarily block all signals.  */
6310         sigfillset(&sigmask);
6311         sigprocmask(SIG_BLOCK, &sigmask, &info.sigmask);
6312 
6313         /* If this is our first additional thread, we need to ensure we
6314          * generate code for parallel execution and flush old translations.
6315          */
6316         if (!parallel_cpus) {
6317             parallel_cpus = true;
6318             tb_flush(cpu);
6319         }
6320 
6321         ret = pthread_create(&info.thread, &attr, clone_func, &info);
6322         /* TODO: Free new CPU state if thread creation failed.  */
6323 
6324         sigprocmask(SIG_SETMASK, &info.sigmask, NULL);
6325         pthread_attr_destroy(&attr);
6326         if (ret == 0) {
6327             /* Wait for the child to initialize.  */
6328             pthread_cond_wait(&info.cond, &info.mutex);
6329             ret = info.tid;
6330         } else {
6331             ret = -1;
6332         }
6333         pthread_mutex_unlock(&info.mutex);
6334         pthread_cond_destroy(&info.cond);
6335         pthread_mutex_destroy(&info.mutex);
6336         pthread_mutex_unlock(&clone_lock);
6337     } else {
6338         /* if no CLONE_VM, we consider it is a fork */
6339         if (flags & CLONE_INVALID_FORK_FLAGS) {
6340             return -TARGET_EINVAL;
6341         }
6342 
6343         /* We can't support custom termination signals */
6344         if ((flags & CSIGNAL) != TARGET_SIGCHLD) {
6345             return -TARGET_EINVAL;
6346         }
6347 
6348         if (block_signals()) {
6349             return -TARGET_ERESTARTSYS;
6350         }
6351 
6352         fork_start();
6353         ret = fork();
6354         if (ret == 0) {
6355             /* Child Process.  */
6356             rcu_after_fork();
6357             cpu_clone_regs(env, newsp);
6358             fork_end(1);
6359             /* There is a race condition here.  The parent process could
6360                theoretically read the TID in the child process before the child
6361                tid is set.  This would require using either ptrace
6362                (not implemented) or having *_tidptr to point at a shared memory
6363                mapping.  We can't repeat the spinlock hack used above because
6364                the child process gets its own copy of the lock.  */
6365             if (flags & CLONE_CHILD_SETTID)
6366                 put_user_u32(gettid(), child_tidptr);
6367             if (flags & CLONE_PARENT_SETTID)
6368                 put_user_u32(gettid(), parent_tidptr);
6369             ts = (TaskState *)cpu->opaque;
6370             if (flags & CLONE_SETTLS)
6371                 cpu_set_tls (env, newtls);
6372             if (flags & CLONE_CHILD_CLEARTID)
6373                 ts->child_tidptr = child_tidptr;
6374         } else {
6375             fork_end(0);
6376         }
6377     }
6378     return ret;
6379 }
6380 
6381 /* warning : doesn't handle linux specific flags... */
6382 static int target_to_host_fcntl_cmd(int cmd)
6383 {
6384     switch(cmd) {
6385 	case TARGET_F_DUPFD:
6386 	case TARGET_F_GETFD:
6387 	case TARGET_F_SETFD:
6388 	case TARGET_F_GETFL:
6389 	case TARGET_F_SETFL:
6390             return cmd;
6391         case TARGET_F_GETLK:
6392             return F_GETLK64;
6393         case TARGET_F_SETLK:
6394             return F_SETLK64;
6395         case TARGET_F_SETLKW:
6396             return F_SETLKW64;
6397 	case TARGET_F_GETOWN:
6398 	    return F_GETOWN;
6399 	case TARGET_F_SETOWN:
6400 	    return F_SETOWN;
6401 	case TARGET_F_GETSIG:
6402 	    return F_GETSIG;
6403 	case TARGET_F_SETSIG:
6404 	    return F_SETSIG;
6405 #if TARGET_ABI_BITS == 32
6406         case TARGET_F_GETLK64:
6407 	    return F_GETLK64;
6408 	case TARGET_F_SETLK64:
6409 	    return F_SETLK64;
6410 	case TARGET_F_SETLKW64:
6411 	    return F_SETLKW64;
6412 #endif
6413         case TARGET_F_SETLEASE:
6414             return F_SETLEASE;
6415         case TARGET_F_GETLEASE:
6416             return F_GETLEASE;
6417 #ifdef F_DUPFD_CLOEXEC
6418         case TARGET_F_DUPFD_CLOEXEC:
6419             return F_DUPFD_CLOEXEC;
6420 #endif
6421         case TARGET_F_NOTIFY:
6422             return F_NOTIFY;
6423 #ifdef F_GETOWN_EX
6424 	case TARGET_F_GETOWN_EX:
6425 	    return F_GETOWN_EX;
6426 #endif
6427 #ifdef F_SETOWN_EX
6428 	case TARGET_F_SETOWN_EX:
6429 	    return F_SETOWN_EX;
6430 #endif
6431 #ifdef F_SETPIPE_SZ
6432         case TARGET_F_SETPIPE_SZ:
6433             return F_SETPIPE_SZ;
6434         case TARGET_F_GETPIPE_SZ:
6435             return F_GETPIPE_SZ;
6436 #endif
6437 	default:
6438             return -TARGET_EINVAL;
6439     }
6440     return -TARGET_EINVAL;
6441 }
6442 
6443 #define TRANSTBL_CONVERT(a) { -1, TARGET_##a, -1, a }
6444 static const bitmask_transtbl flock_tbl[] = {
6445     TRANSTBL_CONVERT(F_RDLCK),
6446     TRANSTBL_CONVERT(F_WRLCK),
6447     TRANSTBL_CONVERT(F_UNLCK),
6448     TRANSTBL_CONVERT(F_EXLCK),
6449     TRANSTBL_CONVERT(F_SHLCK),
6450     { 0, 0, 0, 0 }
6451 };
6452 
6453 static inline abi_long copy_from_user_flock(struct flock64 *fl,
6454                                             abi_ulong target_flock_addr)
6455 {
6456     struct target_flock *target_fl;
6457     short l_type;
6458 
6459     if (!lock_user_struct(VERIFY_READ, target_fl, target_flock_addr, 1)) {
6460         return -TARGET_EFAULT;
6461     }
6462 
6463     __get_user(l_type, &target_fl->l_type);
6464     fl->l_type = target_to_host_bitmask(l_type, flock_tbl);
6465     __get_user(fl->l_whence, &target_fl->l_whence);
6466     __get_user(fl->l_start, &target_fl->l_start);
6467     __get_user(fl->l_len, &target_fl->l_len);
6468     __get_user(fl->l_pid, &target_fl->l_pid);
6469     unlock_user_struct(target_fl, target_flock_addr, 0);
6470     return 0;
6471 }
6472 
6473 static inline abi_long copy_to_user_flock(abi_ulong target_flock_addr,
6474                                           const struct flock64 *fl)
6475 {
6476     struct target_flock *target_fl;
6477     short l_type;
6478 
6479     if (!lock_user_struct(VERIFY_WRITE, target_fl, target_flock_addr, 0)) {
6480         return -TARGET_EFAULT;
6481     }
6482 
6483     l_type = host_to_target_bitmask(fl->l_type, flock_tbl);
6484     __put_user(l_type, &target_fl->l_type);
6485     __put_user(fl->l_whence, &target_fl->l_whence);
6486     __put_user(fl->l_start, &target_fl->l_start);
6487     __put_user(fl->l_len, &target_fl->l_len);
6488     __put_user(fl->l_pid, &target_fl->l_pid);
6489     unlock_user_struct(target_fl, target_flock_addr, 1);
6490     return 0;
6491 }
6492 
6493 typedef abi_long from_flock64_fn(struct flock64 *fl, abi_ulong target_addr);
6494 typedef abi_long to_flock64_fn(abi_ulong target_addr, const struct flock64 *fl);
6495 
6496 #if defined(TARGET_ARM) && TARGET_ABI_BITS == 32
6497 static inline abi_long copy_from_user_eabi_flock64(struct flock64 *fl,
6498                                                    abi_ulong target_flock_addr)
6499 {
6500     struct target_eabi_flock64 *target_fl;
6501     short l_type;
6502 
6503     if (!lock_user_struct(VERIFY_READ, target_fl, target_flock_addr, 1)) {
6504         return -TARGET_EFAULT;
6505     }
6506 
6507     __get_user(l_type, &target_fl->l_type);
6508     fl->l_type = target_to_host_bitmask(l_type, flock_tbl);
6509     __get_user(fl->l_whence, &target_fl->l_whence);
6510     __get_user(fl->l_start, &target_fl->l_start);
6511     __get_user(fl->l_len, &target_fl->l_len);
6512     __get_user(fl->l_pid, &target_fl->l_pid);
6513     unlock_user_struct(target_fl, target_flock_addr, 0);
6514     return 0;
6515 }
6516 
6517 static inline abi_long copy_to_user_eabi_flock64(abi_ulong target_flock_addr,
6518                                                  const struct flock64 *fl)
6519 {
6520     struct target_eabi_flock64 *target_fl;
6521     short l_type;
6522 
6523     if (!lock_user_struct(VERIFY_WRITE, target_fl, target_flock_addr, 0)) {
6524         return -TARGET_EFAULT;
6525     }
6526 
6527     l_type = host_to_target_bitmask(fl->l_type, flock_tbl);
6528     __put_user(l_type, &target_fl->l_type);
6529     __put_user(fl->l_whence, &target_fl->l_whence);
6530     __put_user(fl->l_start, &target_fl->l_start);
6531     __put_user(fl->l_len, &target_fl->l_len);
6532     __put_user(fl->l_pid, &target_fl->l_pid);
6533     unlock_user_struct(target_fl, target_flock_addr, 1);
6534     return 0;
6535 }
6536 #endif
6537 
6538 static inline abi_long copy_from_user_flock64(struct flock64 *fl,
6539                                               abi_ulong target_flock_addr)
6540 {
6541     struct target_flock64 *target_fl;
6542     short l_type;
6543 
6544     if (!lock_user_struct(VERIFY_READ, target_fl, target_flock_addr, 1)) {
6545         return -TARGET_EFAULT;
6546     }
6547 
6548     __get_user(l_type, &target_fl->l_type);
6549     fl->l_type = target_to_host_bitmask(l_type, flock_tbl);
6550     __get_user(fl->l_whence, &target_fl->l_whence);
6551     __get_user(fl->l_start, &target_fl->l_start);
6552     __get_user(fl->l_len, &target_fl->l_len);
6553     __get_user(fl->l_pid, &target_fl->l_pid);
6554     unlock_user_struct(target_fl, target_flock_addr, 0);
6555     return 0;
6556 }
6557 
6558 static inline abi_long copy_to_user_flock64(abi_ulong target_flock_addr,
6559                                             const struct flock64 *fl)
6560 {
6561     struct target_flock64 *target_fl;
6562     short l_type;
6563 
6564     if (!lock_user_struct(VERIFY_WRITE, target_fl, target_flock_addr, 0)) {
6565         return -TARGET_EFAULT;
6566     }
6567 
6568     l_type = host_to_target_bitmask(fl->l_type, flock_tbl);
6569     __put_user(l_type, &target_fl->l_type);
6570     __put_user(fl->l_whence, &target_fl->l_whence);
6571     __put_user(fl->l_start, &target_fl->l_start);
6572     __put_user(fl->l_len, &target_fl->l_len);
6573     __put_user(fl->l_pid, &target_fl->l_pid);
6574     unlock_user_struct(target_fl, target_flock_addr, 1);
6575     return 0;
6576 }
6577 
6578 static abi_long do_fcntl(int fd, int cmd, abi_ulong arg)
6579 {
6580     struct flock64 fl64;
6581 #ifdef F_GETOWN_EX
6582     struct f_owner_ex fox;
6583     struct target_f_owner_ex *target_fox;
6584 #endif
6585     abi_long ret;
6586     int host_cmd = target_to_host_fcntl_cmd(cmd);
6587 
6588     if (host_cmd == -TARGET_EINVAL)
6589 	    return host_cmd;
6590 
6591     switch(cmd) {
6592     case TARGET_F_GETLK:
6593         ret = copy_from_user_flock(&fl64, arg);
6594         if (ret) {
6595             return ret;
6596         }
6597         ret = get_errno(safe_fcntl(fd, host_cmd, &fl64));
6598         if (ret == 0) {
6599             ret = copy_to_user_flock(arg, &fl64);
6600         }
6601         break;
6602 
6603     case TARGET_F_SETLK:
6604     case TARGET_F_SETLKW:
6605         ret = copy_from_user_flock(&fl64, arg);
6606         if (ret) {
6607             return ret;
6608         }
6609         ret = get_errno(safe_fcntl(fd, host_cmd, &fl64));
6610         break;
6611 
6612     case TARGET_F_GETLK64:
6613         ret = copy_from_user_flock64(&fl64, arg);
6614         if (ret) {
6615             return ret;
6616         }
6617         ret = get_errno(safe_fcntl(fd, host_cmd, &fl64));
6618         if (ret == 0) {
6619             ret = copy_to_user_flock64(arg, &fl64);
6620         }
6621         break;
6622     case TARGET_F_SETLK64:
6623     case TARGET_F_SETLKW64:
6624         ret = copy_from_user_flock64(&fl64, arg);
6625         if (ret) {
6626             return ret;
6627         }
6628         ret = get_errno(safe_fcntl(fd, host_cmd, &fl64));
6629         break;
6630 
6631     case TARGET_F_GETFL:
6632         ret = get_errno(safe_fcntl(fd, host_cmd, arg));
6633         if (ret >= 0) {
6634             ret = host_to_target_bitmask(ret, fcntl_flags_tbl);
6635         }
6636         break;
6637 
6638     case TARGET_F_SETFL:
6639         ret = get_errno(safe_fcntl(fd, host_cmd,
6640                                    target_to_host_bitmask(arg,
6641                                                           fcntl_flags_tbl)));
6642         break;
6643 
6644 #ifdef F_GETOWN_EX
6645     case TARGET_F_GETOWN_EX:
6646         ret = get_errno(safe_fcntl(fd, host_cmd, &fox));
6647         if (ret >= 0) {
6648             if (!lock_user_struct(VERIFY_WRITE, target_fox, arg, 0))
6649                 return -TARGET_EFAULT;
6650             target_fox->type = tswap32(fox.type);
6651             target_fox->pid = tswap32(fox.pid);
6652             unlock_user_struct(target_fox, arg, 1);
6653         }
6654         break;
6655 #endif
6656 
6657 #ifdef F_SETOWN_EX
6658     case TARGET_F_SETOWN_EX:
6659         if (!lock_user_struct(VERIFY_READ, target_fox, arg, 1))
6660             return -TARGET_EFAULT;
6661         fox.type = tswap32(target_fox->type);
6662         fox.pid = tswap32(target_fox->pid);
6663         unlock_user_struct(target_fox, arg, 0);
6664         ret = get_errno(safe_fcntl(fd, host_cmd, &fox));
6665         break;
6666 #endif
6667 
6668     case TARGET_F_SETOWN:
6669     case TARGET_F_GETOWN:
6670     case TARGET_F_SETSIG:
6671     case TARGET_F_GETSIG:
6672     case TARGET_F_SETLEASE:
6673     case TARGET_F_GETLEASE:
6674     case TARGET_F_SETPIPE_SZ:
6675     case TARGET_F_GETPIPE_SZ:
6676         ret = get_errno(safe_fcntl(fd, host_cmd, arg));
6677         break;
6678 
6679     default:
6680         ret = get_errno(safe_fcntl(fd, cmd, arg));
6681         break;
6682     }
6683     return ret;
6684 }
6685 
6686 #ifdef USE_UID16
6687 
6688 static inline int high2lowuid(int uid)
6689 {
6690     if (uid > 65535)
6691         return 65534;
6692     else
6693         return uid;
6694 }
6695 
6696 static inline int high2lowgid(int gid)
6697 {
6698     if (gid > 65535)
6699         return 65534;
6700     else
6701         return gid;
6702 }
6703 
6704 static inline int low2highuid(int uid)
6705 {
6706     if ((int16_t)uid == -1)
6707         return -1;
6708     else
6709         return uid;
6710 }
6711 
6712 static inline int low2highgid(int gid)
6713 {
6714     if ((int16_t)gid == -1)
6715         return -1;
6716     else
6717         return gid;
6718 }
6719 static inline int tswapid(int id)
6720 {
6721     return tswap16(id);
6722 }
6723 
6724 #define put_user_id(x, gaddr) put_user_u16(x, gaddr)
6725 
6726 #else /* !USE_UID16 */
6727 static inline int high2lowuid(int uid)
6728 {
6729     return uid;
6730 }
6731 static inline int high2lowgid(int gid)
6732 {
6733     return gid;
6734 }
6735 static inline int low2highuid(int uid)
6736 {
6737     return uid;
6738 }
6739 static inline int low2highgid(int gid)
6740 {
6741     return gid;
6742 }
6743 static inline int tswapid(int id)
6744 {
6745     return tswap32(id);
6746 }
6747 
6748 #define put_user_id(x, gaddr) put_user_u32(x, gaddr)
6749 
6750 #endif /* USE_UID16 */
6751 
6752 /* We must do direct syscalls for setting UID/GID, because we want to
6753  * implement the Linux system call semantics of "change only for this thread",
6754  * not the libc/POSIX semantics of "change for all threads in process".
6755  * (See http://ewontfix.com/17/ for more details.)
6756  * We use the 32-bit version of the syscalls if present; if it is not
6757  * then either the host architecture supports 32-bit UIDs natively with
6758  * the standard syscall, or the 16-bit UID is the best we can do.
6759  */
6760 #ifdef __NR_setuid32
6761 #define __NR_sys_setuid __NR_setuid32
6762 #else
6763 #define __NR_sys_setuid __NR_setuid
6764 #endif
6765 #ifdef __NR_setgid32
6766 #define __NR_sys_setgid __NR_setgid32
6767 #else
6768 #define __NR_sys_setgid __NR_setgid
6769 #endif
6770 #ifdef __NR_setresuid32
6771 #define __NR_sys_setresuid __NR_setresuid32
6772 #else
6773 #define __NR_sys_setresuid __NR_setresuid
6774 #endif
6775 #ifdef __NR_setresgid32
6776 #define __NR_sys_setresgid __NR_setresgid32
6777 #else
6778 #define __NR_sys_setresgid __NR_setresgid
6779 #endif
6780 
6781 _syscall1(int, sys_setuid, uid_t, uid)
6782 _syscall1(int, sys_setgid, gid_t, gid)
6783 _syscall3(int, sys_setresuid, uid_t, ruid, uid_t, euid, uid_t, suid)
6784 _syscall3(int, sys_setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid)
6785 
6786 void syscall_init(void)
6787 {
6788     IOCTLEntry *ie;
6789     const argtype *arg_type;
6790     int size;
6791     int i;
6792 
6793     thunk_init(STRUCT_MAX);
6794 
6795 #define STRUCT(name, ...) thunk_register_struct(STRUCT_ ## name, #name, struct_ ## name ## _def);
6796 #define STRUCT_SPECIAL(name) thunk_register_struct_direct(STRUCT_ ## name, #name, &struct_ ## name ## _def);
6797 #include "syscall_types.h"
6798 #undef STRUCT
6799 #undef STRUCT_SPECIAL
6800 
6801     /* Build target_to_host_errno_table[] table from
6802      * host_to_target_errno_table[]. */
6803     for (i = 0; i < ERRNO_TABLE_SIZE; i++) {
6804         target_to_host_errno_table[host_to_target_errno_table[i]] = i;
6805     }
6806 
6807     /* we patch the ioctl size if necessary. We rely on the fact that
6808        no ioctl has all the bits at '1' in the size field */
6809     ie = ioctl_entries;
6810     while (ie->target_cmd != 0) {
6811         if (((ie->target_cmd >> TARGET_IOC_SIZESHIFT) & TARGET_IOC_SIZEMASK) ==
6812             TARGET_IOC_SIZEMASK) {
6813             arg_type = ie->arg_type;
6814             if (arg_type[0] != TYPE_PTR) {
6815                 fprintf(stderr, "cannot patch size for ioctl 0x%x\n",
6816                         ie->target_cmd);
6817                 exit(1);
6818             }
6819             arg_type++;
6820             size = thunk_type_size(arg_type, 0);
6821             ie->target_cmd = (ie->target_cmd &
6822                               ~(TARGET_IOC_SIZEMASK << TARGET_IOC_SIZESHIFT)) |
6823                 (size << TARGET_IOC_SIZESHIFT);
6824         }
6825 
6826         /* automatic consistency check if same arch */
6827 #if (defined(__i386__) && defined(TARGET_I386) && defined(TARGET_ABI32)) || \
6828     (defined(__x86_64__) && defined(TARGET_X86_64))
6829         if (unlikely(ie->target_cmd != ie->host_cmd)) {
6830             fprintf(stderr, "ERROR: ioctl(%s): target=0x%x host=0x%x\n",
6831                     ie->name, ie->target_cmd, ie->host_cmd);
6832         }
6833 #endif
6834         ie++;
6835     }
6836 }
6837 
6838 #if TARGET_ABI_BITS == 32
6839 static inline uint64_t target_offset64(uint32_t word0, uint32_t word1)
6840 {
6841 #ifdef TARGET_WORDS_BIGENDIAN
6842     return ((uint64_t)word0 << 32) | word1;
6843 #else
6844     return ((uint64_t)word1 << 32) | word0;
6845 #endif
6846 }
6847 #else /* TARGET_ABI_BITS == 32 */
6848 static inline uint64_t target_offset64(uint64_t word0, uint64_t word1)
6849 {
6850     return word0;
6851 }
6852 #endif /* TARGET_ABI_BITS != 32 */
6853 
6854 #ifdef TARGET_NR_truncate64
6855 static inline abi_long target_truncate64(void *cpu_env, const char *arg1,
6856                                          abi_long arg2,
6857                                          abi_long arg3,
6858                                          abi_long arg4)
6859 {
6860     if (regpairs_aligned(cpu_env)) {
6861         arg2 = arg3;
6862         arg3 = arg4;
6863     }
6864     return get_errno(truncate64(arg1, target_offset64(arg2, arg3)));
6865 }
6866 #endif
6867 
6868 #ifdef TARGET_NR_ftruncate64
6869 static inline abi_long target_ftruncate64(void *cpu_env, abi_long arg1,
6870                                           abi_long arg2,
6871                                           abi_long arg3,
6872                                           abi_long arg4)
6873 {
6874     if (regpairs_aligned(cpu_env)) {
6875         arg2 = arg3;
6876         arg3 = arg4;
6877     }
6878     return get_errno(ftruncate64(arg1, target_offset64(arg2, arg3)));
6879 }
6880 #endif
6881 
6882 static inline abi_long target_to_host_timespec(struct timespec *host_ts,
6883                                                abi_ulong target_addr)
6884 {
6885     struct target_timespec *target_ts;
6886 
6887     if (!lock_user_struct(VERIFY_READ, target_ts, target_addr, 1))
6888         return -TARGET_EFAULT;
6889     __get_user(host_ts->tv_sec, &target_ts->tv_sec);
6890     __get_user(host_ts->tv_nsec, &target_ts->tv_nsec);
6891     unlock_user_struct(target_ts, target_addr, 0);
6892     return 0;
6893 }
6894 
6895 static inline abi_long host_to_target_timespec(abi_ulong target_addr,
6896                                                struct timespec *host_ts)
6897 {
6898     struct target_timespec *target_ts;
6899 
6900     if (!lock_user_struct(VERIFY_WRITE, target_ts, target_addr, 0))
6901         return -TARGET_EFAULT;
6902     __put_user(host_ts->tv_sec, &target_ts->tv_sec);
6903     __put_user(host_ts->tv_nsec, &target_ts->tv_nsec);
6904     unlock_user_struct(target_ts, target_addr, 1);
6905     return 0;
6906 }
6907 
6908 static inline abi_long target_to_host_itimerspec(struct itimerspec *host_itspec,
6909                                                  abi_ulong target_addr)
6910 {
6911     struct target_itimerspec *target_itspec;
6912 
6913     if (!lock_user_struct(VERIFY_READ, target_itspec, target_addr, 1)) {
6914         return -TARGET_EFAULT;
6915     }
6916 
6917     host_itspec->it_interval.tv_sec =
6918                             tswapal(target_itspec->it_interval.tv_sec);
6919     host_itspec->it_interval.tv_nsec =
6920                             tswapal(target_itspec->it_interval.tv_nsec);
6921     host_itspec->it_value.tv_sec = tswapal(target_itspec->it_value.tv_sec);
6922     host_itspec->it_value.tv_nsec = tswapal(target_itspec->it_value.tv_nsec);
6923 
6924     unlock_user_struct(target_itspec, target_addr, 1);
6925     return 0;
6926 }
6927 
6928 static inline abi_long host_to_target_itimerspec(abi_ulong target_addr,
6929                                                struct itimerspec *host_its)
6930 {
6931     struct target_itimerspec *target_itspec;
6932 
6933     if (!lock_user_struct(VERIFY_WRITE, target_itspec, target_addr, 0)) {
6934         return -TARGET_EFAULT;
6935     }
6936 
6937     target_itspec->it_interval.tv_sec = tswapal(host_its->it_interval.tv_sec);
6938     target_itspec->it_interval.tv_nsec = tswapal(host_its->it_interval.tv_nsec);
6939 
6940     target_itspec->it_value.tv_sec = tswapal(host_its->it_value.tv_sec);
6941     target_itspec->it_value.tv_nsec = tswapal(host_its->it_value.tv_nsec);
6942 
6943     unlock_user_struct(target_itspec, target_addr, 0);
6944     return 0;
6945 }
6946 
6947 static inline abi_long target_to_host_timex(struct timex *host_tx,
6948                                             abi_long target_addr)
6949 {
6950     struct target_timex *target_tx;
6951 
6952     if (!lock_user_struct(VERIFY_READ, target_tx, target_addr, 1)) {
6953         return -TARGET_EFAULT;
6954     }
6955 
6956     __get_user(host_tx->modes, &target_tx->modes);
6957     __get_user(host_tx->offset, &target_tx->offset);
6958     __get_user(host_tx->freq, &target_tx->freq);
6959     __get_user(host_tx->maxerror, &target_tx->maxerror);
6960     __get_user(host_tx->esterror, &target_tx->esterror);
6961     __get_user(host_tx->status, &target_tx->status);
6962     __get_user(host_tx->constant, &target_tx->constant);
6963     __get_user(host_tx->precision, &target_tx->precision);
6964     __get_user(host_tx->tolerance, &target_tx->tolerance);
6965     __get_user(host_tx->time.tv_sec, &target_tx->time.tv_sec);
6966     __get_user(host_tx->time.tv_usec, &target_tx->time.tv_usec);
6967     __get_user(host_tx->tick, &target_tx->tick);
6968     __get_user(host_tx->ppsfreq, &target_tx->ppsfreq);
6969     __get_user(host_tx->jitter, &target_tx->jitter);
6970     __get_user(host_tx->shift, &target_tx->shift);
6971     __get_user(host_tx->stabil, &target_tx->stabil);
6972     __get_user(host_tx->jitcnt, &target_tx->jitcnt);
6973     __get_user(host_tx->calcnt, &target_tx->calcnt);
6974     __get_user(host_tx->errcnt, &target_tx->errcnt);
6975     __get_user(host_tx->stbcnt, &target_tx->stbcnt);
6976     __get_user(host_tx->tai, &target_tx->tai);
6977 
6978     unlock_user_struct(target_tx, target_addr, 0);
6979     return 0;
6980 }
6981 
6982 static inline abi_long host_to_target_timex(abi_long target_addr,
6983                                             struct timex *host_tx)
6984 {
6985     struct target_timex *target_tx;
6986 
6987     if (!lock_user_struct(VERIFY_WRITE, target_tx, target_addr, 0)) {
6988         return -TARGET_EFAULT;
6989     }
6990 
6991     __put_user(host_tx->modes, &target_tx->modes);
6992     __put_user(host_tx->offset, &target_tx->offset);
6993     __put_user(host_tx->freq, &target_tx->freq);
6994     __put_user(host_tx->maxerror, &target_tx->maxerror);
6995     __put_user(host_tx->esterror, &target_tx->esterror);
6996     __put_user(host_tx->status, &target_tx->status);
6997     __put_user(host_tx->constant, &target_tx->constant);
6998     __put_user(host_tx->precision, &target_tx->precision);
6999     __put_user(host_tx->tolerance, &target_tx->tolerance);
7000     __put_user(host_tx->time.tv_sec, &target_tx->time.tv_sec);
7001     __put_user(host_tx->time.tv_usec, &target_tx->time.tv_usec);
7002     __put_user(host_tx->tick, &target_tx->tick);
7003     __put_user(host_tx->ppsfreq, &target_tx->ppsfreq);
7004     __put_user(host_tx->jitter, &target_tx->jitter);
7005     __put_user(host_tx->shift, &target_tx->shift);
7006     __put_user(host_tx->stabil, &target_tx->stabil);
7007     __put_user(host_tx->jitcnt, &target_tx->jitcnt);
7008     __put_user(host_tx->calcnt, &target_tx->calcnt);
7009     __put_user(host_tx->errcnt, &target_tx->errcnt);
7010     __put_user(host_tx->stbcnt, &target_tx->stbcnt);
7011     __put_user(host_tx->tai, &target_tx->tai);
7012 
7013     unlock_user_struct(target_tx, target_addr, 1);
7014     return 0;
7015 }
7016 
7017 
7018 static inline abi_long target_to_host_sigevent(struct sigevent *host_sevp,
7019                                                abi_ulong target_addr)
7020 {
7021     struct target_sigevent *target_sevp;
7022 
7023     if (!lock_user_struct(VERIFY_READ, target_sevp, target_addr, 1)) {
7024         return -TARGET_EFAULT;
7025     }
7026 
7027     /* This union is awkward on 64 bit systems because it has a 32 bit
7028      * integer and a pointer in it; we follow the conversion approach
7029      * used for handling sigval types in signal.c so the guest should get
7030      * the correct value back even if we did a 64 bit byteswap and it's
7031      * using the 32 bit integer.
7032      */
7033     host_sevp->sigev_value.sival_ptr =
7034         (void *)(uintptr_t)tswapal(target_sevp->sigev_value.sival_ptr);
7035     host_sevp->sigev_signo =
7036         target_to_host_signal(tswap32(target_sevp->sigev_signo));
7037     host_sevp->sigev_notify = tswap32(target_sevp->sigev_notify);
7038     host_sevp->_sigev_un._tid = tswap32(target_sevp->_sigev_un._tid);
7039 
7040     unlock_user_struct(target_sevp, target_addr, 1);
7041     return 0;
7042 }
7043 
7044 #if defined(TARGET_NR_mlockall)
7045 static inline int target_to_host_mlockall_arg(int arg)
7046 {
7047     int result = 0;
7048 
7049     if (arg & TARGET_MLOCKALL_MCL_CURRENT) {
7050         result |= MCL_CURRENT;
7051     }
7052     if (arg & TARGET_MLOCKALL_MCL_FUTURE) {
7053         result |= MCL_FUTURE;
7054     }
7055     return result;
7056 }
7057 #endif
7058 
7059 static inline abi_long host_to_target_stat64(void *cpu_env,
7060                                              abi_ulong target_addr,
7061                                              struct stat *host_st)
7062 {
7063 #if defined(TARGET_ARM) && defined(TARGET_ABI32)
7064     if (((CPUARMState *)cpu_env)->eabi) {
7065         struct target_eabi_stat64 *target_st;
7066 
7067         if (!lock_user_struct(VERIFY_WRITE, target_st, target_addr, 0))
7068             return -TARGET_EFAULT;
7069         memset(target_st, 0, sizeof(struct target_eabi_stat64));
7070         __put_user(host_st->st_dev, &target_st->st_dev);
7071         __put_user(host_st->st_ino, &target_st->st_ino);
7072 #ifdef TARGET_STAT64_HAS_BROKEN_ST_INO
7073         __put_user(host_st->st_ino, &target_st->__st_ino);
7074 #endif
7075         __put_user(host_st->st_mode, &target_st->st_mode);
7076         __put_user(host_st->st_nlink, &target_st->st_nlink);
7077         __put_user(host_st->st_uid, &target_st->st_uid);
7078         __put_user(host_st->st_gid, &target_st->st_gid);
7079         __put_user(host_st->st_rdev, &target_st->st_rdev);
7080         __put_user(host_st->st_size, &target_st->st_size);
7081         __put_user(host_st->st_blksize, &target_st->st_blksize);
7082         __put_user(host_st->st_blocks, &target_st->st_blocks);
7083         __put_user(host_st->st_atime, &target_st->target_st_atime);
7084         __put_user(host_st->st_mtime, &target_st->target_st_mtime);
7085         __put_user(host_st->st_ctime, &target_st->target_st_ctime);
7086         unlock_user_struct(target_st, target_addr, 1);
7087     } else
7088 #endif
7089     {
7090 #if defined(TARGET_HAS_STRUCT_STAT64)
7091         struct target_stat64 *target_st;
7092 #else
7093         struct target_stat *target_st;
7094 #endif
7095 
7096         if (!lock_user_struct(VERIFY_WRITE, target_st, target_addr, 0))
7097             return -TARGET_EFAULT;
7098         memset(target_st, 0, sizeof(*target_st));
7099         __put_user(host_st->st_dev, &target_st->st_dev);
7100         __put_user(host_st->st_ino, &target_st->st_ino);
7101 #ifdef TARGET_STAT64_HAS_BROKEN_ST_INO
7102         __put_user(host_st->st_ino, &target_st->__st_ino);
7103 #endif
7104         __put_user(host_st->st_mode, &target_st->st_mode);
7105         __put_user(host_st->st_nlink, &target_st->st_nlink);
7106         __put_user(host_st->st_uid, &target_st->st_uid);
7107         __put_user(host_st->st_gid, &target_st->st_gid);
7108         __put_user(host_st->st_rdev, &target_st->st_rdev);
7109         /* XXX: better use of kernel struct */
7110         __put_user(host_st->st_size, &target_st->st_size);
7111         __put_user(host_st->st_blksize, &target_st->st_blksize);
7112         __put_user(host_st->st_blocks, &target_st->st_blocks);
7113         __put_user(host_st->st_atime, &target_st->target_st_atime);
7114         __put_user(host_st->st_mtime, &target_st->target_st_mtime);
7115         __put_user(host_st->st_ctime, &target_st->target_st_ctime);
7116         unlock_user_struct(target_st, target_addr, 1);
7117     }
7118 
7119     return 0;
7120 }
7121 
7122 /* ??? Using host futex calls even when target atomic operations
7123    are not really atomic probably breaks things.  However implementing
7124    futexes locally would make futexes shared between multiple processes
7125    tricky.  However they're probably useless because guest atomic
7126    operations won't work either.  */
7127 static int do_futex(target_ulong uaddr, int op, int val, target_ulong timeout,
7128                     target_ulong uaddr2, int val3)
7129 {
7130     struct timespec ts, *pts;
7131     int base_op;
7132 
7133     /* ??? We assume FUTEX_* constants are the same on both host
7134        and target.  */
7135 #ifdef FUTEX_CMD_MASK
7136     base_op = op & FUTEX_CMD_MASK;
7137 #else
7138     base_op = op;
7139 #endif
7140     switch (base_op) {
7141     case FUTEX_WAIT:
7142     case FUTEX_WAIT_BITSET:
7143         if (timeout) {
7144             pts = &ts;
7145             target_to_host_timespec(pts, timeout);
7146         } else {
7147             pts = NULL;
7148         }
7149         return get_errno(safe_futex(g2h(uaddr), op, tswap32(val),
7150                          pts, NULL, val3));
7151     case FUTEX_WAKE:
7152         return get_errno(safe_futex(g2h(uaddr), op, val, NULL, NULL, 0));
7153     case FUTEX_FD:
7154         return get_errno(safe_futex(g2h(uaddr), op, val, NULL, NULL, 0));
7155     case FUTEX_REQUEUE:
7156     case FUTEX_CMP_REQUEUE:
7157     case FUTEX_WAKE_OP:
7158         /* For FUTEX_REQUEUE, FUTEX_CMP_REQUEUE, and FUTEX_WAKE_OP, the
7159            TIMEOUT parameter is interpreted as a uint32_t by the kernel.
7160            But the prototype takes a `struct timespec *'; insert casts
7161            to satisfy the compiler.  We do not need to tswap TIMEOUT
7162            since it's not compared to guest memory.  */
7163         pts = (struct timespec *)(uintptr_t) timeout;
7164         return get_errno(safe_futex(g2h(uaddr), op, val, pts,
7165                                     g2h(uaddr2),
7166                                     (base_op == FUTEX_CMP_REQUEUE
7167                                      ? tswap32(val3)
7168                                      : val3)));
7169     default:
7170         return -TARGET_ENOSYS;
7171     }
7172 }
7173 #if defined(TARGET_NR_name_to_handle_at) && defined(CONFIG_OPEN_BY_HANDLE)
7174 static abi_long do_name_to_handle_at(abi_long dirfd, abi_long pathname,
7175                                      abi_long handle, abi_long mount_id,
7176                                      abi_long flags)
7177 {
7178     struct file_handle *target_fh;
7179     struct file_handle *fh;
7180     int mid = 0;
7181     abi_long ret;
7182     char *name;
7183     unsigned int size, total_size;
7184 
7185     if (get_user_s32(size, handle)) {
7186         return -TARGET_EFAULT;
7187     }
7188 
7189     name = lock_user_string(pathname);
7190     if (!name) {
7191         return -TARGET_EFAULT;
7192     }
7193 
7194     total_size = sizeof(struct file_handle) + size;
7195     target_fh = lock_user(VERIFY_WRITE, handle, total_size, 0);
7196     if (!target_fh) {
7197         unlock_user(name, pathname, 0);
7198         return -TARGET_EFAULT;
7199     }
7200 
7201     fh = g_malloc0(total_size);
7202     fh->handle_bytes = size;
7203 
7204     ret = get_errno(name_to_handle_at(dirfd, path(name), fh, &mid, flags));
7205     unlock_user(name, pathname, 0);
7206 
7207     /* man name_to_handle_at(2):
7208      * Other than the use of the handle_bytes field, the caller should treat
7209      * the file_handle structure as an opaque data type
7210      */
7211 
7212     memcpy(target_fh, fh, total_size);
7213     target_fh->handle_bytes = tswap32(fh->handle_bytes);
7214     target_fh->handle_type = tswap32(fh->handle_type);
7215     g_free(fh);
7216     unlock_user(target_fh, handle, total_size);
7217 
7218     if (put_user_s32(mid, mount_id)) {
7219         return -TARGET_EFAULT;
7220     }
7221 
7222     return ret;
7223 
7224 }
7225 #endif
7226 
7227 #if defined(TARGET_NR_open_by_handle_at) && defined(CONFIG_OPEN_BY_HANDLE)
7228 static abi_long do_open_by_handle_at(abi_long mount_fd, abi_long handle,
7229                                      abi_long flags)
7230 {
7231     struct file_handle *target_fh;
7232     struct file_handle *fh;
7233     unsigned int size, total_size;
7234     abi_long ret;
7235 
7236     if (get_user_s32(size, handle)) {
7237         return -TARGET_EFAULT;
7238     }
7239 
7240     total_size = sizeof(struct file_handle) + size;
7241     target_fh = lock_user(VERIFY_READ, handle, total_size, 1);
7242     if (!target_fh) {
7243         return -TARGET_EFAULT;
7244     }
7245 
7246     fh = g_memdup(target_fh, total_size);
7247     fh->handle_bytes = size;
7248     fh->handle_type = tswap32(target_fh->handle_type);
7249 
7250     ret = get_errno(open_by_handle_at(mount_fd, fh,
7251                     target_to_host_bitmask(flags, fcntl_flags_tbl)));
7252 
7253     g_free(fh);
7254 
7255     unlock_user(target_fh, handle, total_size);
7256 
7257     return ret;
7258 }
7259 #endif
7260 
7261 #if defined(TARGET_NR_signalfd) || defined(TARGET_NR_signalfd4)
7262 
7263 /* signalfd siginfo conversion */
7264 
7265 static void
7266 host_to_target_signalfd_siginfo(struct signalfd_siginfo *tinfo,
7267                                 const struct signalfd_siginfo *info)
7268 {
7269     int sig = host_to_target_signal(info->ssi_signo);
7270 
7271     /* linux/signalfd.h defines a ssi_addr_lsb
7272      * not defined in sys/signalfd.h but used by some kernels
7273      */
7274 
7275 #ifdef BUS_MCEERR_AO
7276     if (tinfo->ssi_signo == SIGBUS &&
7277         (tinfo->ssi_code == BUS_MCEERR_AR ||
7278          tinfo->ssi_code == BUS_MCEERR_AO)) {
7279         uint16_t *ssi_addr_lsb = (uint16_t *)(&info->ssi_addr + 1);
7280         uint16_t *tssi_addr_lsb = (uint16_t *)(&tinfo->ssi_addr + 1);
7281         *tssi_addr_lsb = tswap16(*ssi_addr_lsb);
7282     }
7283 #endif
7284 
7285     tinfo->ssi_signo = tswap32(sig);
7286     tinfo->ssi_errno = tswap32(tinfo->ssi_errno);
7287     tinfo->ssi_code = tswap32(info->ssi_code);
7288     tinfo->ssi_pid = tswap32(info->ssi_pid);
7289     tinfo->ssi_uid = tswap32(info->ssi_uid);
7290     tinfo->ssi_fd = tswap32(info->ssi_fd);
7291     tinfo->ssi_tid = tswap32(info->ssi_tid);
7292     tinfo->ssi_band = tswap32(info->ssi_band);
7293     tinfo->ssi_overrun = tswap32(info->ssi_overrun);
7294     tinfo->ssi_trapno = tswap32(info->ssi_trapno);
7295     tinfo->ssi_status = tswap32(info->ssi_status);
7296     tinfo->ssi_int = tswap32(info->ssi_int);
7297     tinfo->ssi_ptr = tswap64(info->ssi_ptr);
7298     tinfo->ssi_utime = tswap64(info->ssi_utime);
7299     tinfo->ssi_stime = tswap64(info->ssi_stime);
7300     tinfo->ssi_addr = tswap64(info->ssi_addr);
7301 }
7302 
7303 static abi_long host_to_target_data_signalfd(void *buf, size_t len)
7304 {
7305     int i;
7306 
7307     for (i = 0; i < len; i += sizeof(struct signalfd_siginfo)) {
7308         host_to_target_signalfd_siginfo(buf + i, buf + i);
7309     }
7310 
7311     return len;
7312 }
7313 
7314 static TargetFdTrans target_signalfd_trans = {
7315     .host_to_target_data = host_to_target_data_signalfd,
7316 };
7317 
7318 static abi_long do_signalfd4(int fd, abi_long mask, int flags)
7319 {
7320     int host_flags;
7321     target_sigset_t *target_mask;
7322     sigset_t host_mask;
7323     abi_long ret;
7324 
7325     if (flags & ~(TARGET_O_NONBLOCK | TARGET_O_CLOEXEC)) {
7326         return -TARGET_EINVAL;
7327     }
7328     if (!lock_user_struct(VERIFY_READ, target_mask, mask, 1)) {
7329         return -TARGET_EFAULT;
7330     }
7331 
7332     target_to_host_sigset(&host_mask, target_mask);
7333 
7334     host_flags = target_to_host_bitmask(flags, fcntl_flags_tbl);
7335 
7336     ret = get_errno(signalfd(fd, &host_mask, host_flags));
7337     if (ret >= 0) {
7338         fd_trans_register(ret, &target_signalfd_trans);
7339     }
7340 
7341     unlock_user_struct(target_mask, mask, 0);
7342 
7343     return ret;
7344 }
7345 #endif
7346 
7347 /* Map host to target signal numbers for the wait family of syscalls.
7348    Assume all other status bits are the same.  */
7349 int host_to_target_waitstatus(int status)
7350 {
7351     if (WIFSIGNALED(status)) {
7352         return host_to_target_signal(WTERMSIG(status)) | (status & ~0x7f);
7353     }
7354     if (WIFSTOPPED(status)) {
7355         return (host_to_target_signal(WSTOPSIG(status)) << 8)
7356                | (status & 0xff);
7357     }
7358     return status;
7359 }
7360 
7361 static int open_self_cmdline(void *cpu_env, int fd)
7362 {
7363     CPUState *cpu = ENV_GET_CPU((CPUArchState *)cpu_env);
7364     struct linux_binprm *bprm = ((TaskState *)cpu->opaque)->bprm;
7365     int i;
7366 
7367     for (i = 0; i < bprm->argc; i++) {
7368         size_t len = strlen(bprm->argv[i]) + 1;
7369 
7370         if (write(fd, bprm->argv[i], len) != len) {
7371             return -1;
7372         }
7373     }
7374 
7375     return 0;
7376 }
7377 
7378 static int open_self_maps(void *cpu_env, int fd)
7379 {
7380     CPUState *cpu = ENV_GET_CPU((CPUArchState *)cpu_env);
7381     TaskState *ts = cpu->opaque;
7382     FILE *fp;
7383     char *line = NULL;
7384     size_t len = 0;
7385     ssize_t read;
7386 
7387     fp = fopen("/proc/self/maps", "r");
7388     if (fp == NULL) {
7389         return -1;
7390     }
7391 
7392     while ((read = getline(&line, &len, fp)) != -1) {
7393         int fields, dev_maj, dev_min, inode;
7394         uint64_t min, max, offset;
7395         char flag_r, flag_w, flag_x, flag_p;
7396         char path[512] = "";
7397         fields = sscanf(line, "%"PRIx64"-%"PRIx64" %c%c%c%c %"PRIx64" %x:%x %d"
7398                         " %512s", &min, &max, &flag_r, &flag_w, &flag_x,
7399                         &flag_p, &offset, &dev_maj, &dev_min, &inode, path);
7400 
7401         if ((fields < 10) || (fields > 11)) {
7402             continue;
7403         }
7404         if (h2g_valid(min)) {
7405             int flags = page_get_flags(h2g(min));
7406             max = h2g_valid(max - 1) ? max : (uintptr_t)g2h(GUEST_ADDR_MAX);
7407             if (page_check_range(h2g(min), max - min, flags) == -1) {
7408                 continue;
7409             }
7410             if (h2g(min) == ts->info->stack_limit) {
7411                 pstrcpy(path, sizeof(path), "      [stack]");
7412             }
7413             dprintf(fd, TARGET_ABI_FMT_lx "-" TARGET_ABI_FMT_lx
7414                     " %c%c%c%c %08" PRIx64 " %02x:%02x %d %s%s\n",
7415                     h2g(min), h2g(max - 1) + 1, flag_r, flag_w,
7416                     flag_x, flag_p, offset, dev_maj, dev_min, inode,
7417                     path[0] ? "         " : "", path);
7418         }
7419     }
7420 
7421     free(line);
7422     fclose(fp);
7423 
7424     return 0;
7425 }
7426 
7427 static int open_self_stat(void *cpu_env, int fd)
7428 {
7429     CPUState *cpu = ENV_GET_CPU((CPUArchState *)cpu_env);
7430     TaskState *ts = cpu->opaque;
7431     abi_ulong start_stack = ts->info->start_stack;
7432     int i;
7433 
7434     for (i = 0; i < 44; i++) {
7435       char buf[128];
7436       int len;
7437       uint64_t val = 0;
7438 
7439       if (i == 0) {
7440         /* pid */
7441         val = getpid();
7442         snprintf(buf, sizeof(buf), "%"PRId64 " ", val);
7443       } else if (i == 1) {
7444         /* app name */
7445         snprintf(buf, sizeof(buf), "(%s) ", ts->bprm->argv[0]);
7446       } else if (i == 27) {
7447         /* stack bottom */
7448         val = start_stack;
7449         snprintf(buf, sizeof(buf), "%"PRId64 " ", val);
7450       } else {
7451         /* for the rest, there is MasterCard */
7452         snprintf(buf, sizeof(buf), "0%c", i == 43 ? '\n' : ' ');
7453       }
7454 
7455       len = strlen(buf);
7456       if (write(fd, buf, len) != len) {
7457           return -1;
7458       }
7459     }
7460 
7461     return 0;
7462 }
7463 
7464 static int open_self_auxv(void *cpu_env, int fd)
7465 {
7466     CPUState *cpu = ENV_GET_CPU((CPUArchState *)cpu_env);
7467     TaskState *ts = cpu->opaque;
7468     abi_ulong auxv = ts->info->saved_auxv;
7469     abi_ulong len = ts->info->auxv_len;
7470     char *ptr;
7471 
7472     /*
7473      * Auxiliary vector is stored in target process stack.
7474      * read in whole auxv vector and copy it to file
7475      */
7476     ptr = lock_user(VERIFY_READ, auxv, len, 0);
7477     if (ptr != NULL) {
7478         while (len > 0) {
7479             ssize_t r;
7480             r = write(fd, ptr, len);
7481             if (r <= 0) {
7482                 break;
7483             }
7484             len -= r;
7485             ptr += r;
7486         }
7487         lseek(fd, 0, SEEK_SET);
7488         unlock_user(ptr, auxv, len);
7489     }
7490 
7491     return 0;
7492 }
7493 
7494 static int is_proc_myself(const char *filename, const char *entry)
7495 {
7496     if (!strncmp(filename, "/proc/", strlen("/proc/"))) {
7497         filename += strlen("/proc/");
7498         if (!strncmp(filename, "self/", strlen("self/"))) {
7499             filename += strlen("self/");
7500         } else if (*filename >= '1' && *filename <= '9') {
7501             char myself[80];
7502             snprintf(myself, sizeof(myself), "%d/", getpid());
7503             if (!strncmp(filename, myself, strlen(myself))) {
7504                 filename += strlen(myself);
7505             } else {
7506                 return 0;
7507             }
7508         } else {
7509             return 0;
7510         }
7511         if (!strcmp(filename, entry)) {
7512             return 1;
7513         }
7514     }
7515     return 0;
7516 }
7517 
7518 #if defined(HOST_WORDS_BIGENDIAN) != defined(TARGET_WORDS_BIGENDIAN)
7519 static int is_proc(const char *filename, const char *entry)
7520 {
7521     return strcmp(filename, entry) == 0;
7522 }
7523 
7524 static int open_net_route(void *cpu_env, int fd)
7525 {
7526     FILE *fp;
7527     char *line = NULL;
7528     size_t len = 0;
7529     ssize_t read;
7530 
7531     fp = fopen("/proc/net/route", "r");
7532     if (fp == NULL) {
7533         return -1;
7534     }
7535 
7536     /* read header */
7537 
7538     read = getline(&line, &len, fp);
7539     dprintf(fd, "%s", line);
7540 
7541     /* read routes */
7542 
7543     while ((read = getline(&line, &len, fp)) != -1) {
7544         char iface[16];
7545         uint32_t dest, gw, mask;
7546         unsigned int flags, refcnt, use, metric, mtu, window, irtt;
7547         sscanf(line, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n",
7548                      iface, &dest, &gw, &flags, &refcnt, &use, &metric,
7549                      &mask, &mtu, &window, &irtt);
7550         dprintf(fd, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n",
7551                 iface, tswap32(dest), tswap32(gw), flags, refcnt, use,
7552                 metric, tswap32(mask), mtu, window, irtt);
7553     }
7554 
7555     free(line);
7556     fclose(fp);
7557 
7558     return 0;
7559 }
7560 #endif
7561 
7562 static int do_openat(void *cpu_env, int dirfd, const char *pathname, int flags, mode_t mode)
7563 {
7564     struct fake_open {
7565         const char *filename;
7566         int (*fill)(void *cpu_env, int fd);
7567         int (*cmp)(const char *s1, const char *s2);
7568     };
7569     const struct fake_open *fake_open;
7570     static const struct fake_open fakes[] = {
7571         { "maps", open_self_maps, is_proc_myself },
7572         { "stat", open_self_stat, is_proc_myself },
7573         { "auxv", open_self_auxv, is_proc_myself },
7574         { "cmdline", open_self_cmdline, is_proc_myself },
7575 #if defined(HOST_WORDS_BIGENDIAN) != defined(TARGET_WORDS_BIGENDIAN)
7576         { "/proc/net/route", open_net_route, is_proc },
7577 #endif
7578         { NULL, NULL, NULL }
7579     };
7580 
7581     if (is_proc_myself(pathname, "exe")) {
7582         int execfd = qemu_getauxval(AT_EXECFD);
7583         return execfd ? execfd : safe_openat(dirfd, exec_path, flags, mode);
7584     }
7585 
7586     for (fake_open = fakes; fake_open->filename; fake_open++) {
7587         if (fake_open->cmp(pathname, fake_open->filename)) {
7588             break;
7589         }
7590     }
7591 
7592     if (fake_open->filename) {
7593         const char *tmpdir;
7594         char filename[PATH_MAX];
7595         int fd, r;
7596 
7597         /* create temporary file to map stat to */
7598         tmpdir = getenv("TMPDIR");
7599         if (!tmpdir)
7600             tmpdir = "/tmp";
7601         snprintf(filename, sizeof(filename), "%s/qemu-open.XXXXXX", tmpdir);
7602         fd = mkstemp(filename);
7603         if (fd < 0) {
7604             return fd;
7605         }
7606         unlink(filename);
7607 
7608         if ((r = fake_open->fill(cpu_env, fd))) {
7609             int e = errno;
7610             close(fd);
7611             errno = e;
7612             return r;
7613         }
7614         lseek(fd, 0, SEEK_SET);
7615 
7616         return fd;
7617     }
7618 
7619     return safe_openat(dirfd, path(pathname), flags, mode);
7620 }
7621 
7622 #define TIMER_MAGIC 0x0caf0000
7623 #define TIMER_MAGIC_MASK 0xffff0000
7624 
7625 /* Convert QEMU provided timer ID back to internal 16bit index format */
7626 static target_timer_t get_timer_id(abi_long arg)
7627 {
7628     target_timer_t timerid = arg;
7629 
7630     if ((timerid & TIMER_MAGIC_MASK) != TIMER_MAGIC) {
7631         return -TARGET_EINVAL;
7632     }
7633 
7634     timerid &= 0xffff;
7635 
7636     if (timerid >= ARRAY_SIZE(g_posix_timers)) {
7637         return -TARGET_EINVAL;
7638     }
7639 
7640     return timerid;
7641 }
7642 
7643 static abi_long swap_data_eventfd(void *buf, size_t len)
7644 {
7645     uint64_t *counter = buf;
7646     int i;
7647 
7648     if (len < sizeof(uint64_t)) {
7649         return -EINVAL;
7650     }
7651 
7652     for (i = 0; i < len; i += sizeof(uint64_t)) {
7653         *counter = tswap64(*counter);
7654         counter++;
7655     }
7656 
7657     return len;
7658 }
7659 
7660 static TargetFdTrans target_eventfd_trans = {
7661     .host_to_target_data = swap_data_eventfd,
7662     .target_to_host_data = swap_data_eventfd,
7663 };
7664 
7665 #if (defined(TARGET_NR_inotify_init) && defined(__NR_inotify_init)) || \
7666     (defined(CONFIG_INOTIFY1) && defined(TARGET_NR_inotify_init1) && \
7667      defined(__NR_inotify_init1))
7668 static abi_long host_to_target_data_inotify(void *buf, size_t len)
7669 {
7670     struct inotify_event *ev;
7671     int i;
7672     uint32_t name_len;
7673 
7674     for (i = 0; i < len; i += sizeof(struct inotify_event) + name_len) {
7675         ev = (struct inotify_event *)((char *)buf + i);
7676         name_len = ev->len;
7677 
7678         ev->wd = tswap32(ev->wd);
7679         ev->mask = tswap32(ev->mask);
7680         ev->cookie = tswap32(ev->cookie);
7681         ev->len = tswap32(name_len);
7682     }
7683 
7684     return len;
7685 }
7686 
7687 static TargetFdTrans target_inotify_trans = {
7688     .host_to_target_data = host_to_target_data_inotify,
7689 };
7690 #endif
7691 
7692 /* do_syscall() should always have a single exit point at the end so
7693    that actions, such as logging of syscall results, can be performed.
7694    All errnos that do_syscall() returns must be -TARGET_<errcode>. */
7695 abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
7696                     abi_long arg2, abi_long arg3, abi_long arg4,
7697                     abi_long arg5, abi_long arg6, abi_long arg7,
7698                     abi_long arg8)
7699 {
7700     CPUState *cpu = ENV_GET_CPU(cpu_env);
7701     abi_long ret;
7702     struct stat st;
7703     struct statfs stfs;
7704     void *p;
7705 
7706 #if defined(DEBUG_ERESTARTSYS)
7707     /* Debug-only code for exercising the syscall-restart code paths
7708      * in the per-architecture cpu main loops: restart every syscall
7709      * the guest makes once before letting it through.
7710      */
7711     {
7712         static int flag;
7713 
7714         flag = !flag;
7715         if (flag) {
7716             return -TARGET_ERESTARTSYS;
7717         }
7718     }
7719 #endif
7720 
7721 #ifdef DEBUG
7722     gemu_log("syscall %d", num);
7723 #endif
7724     trace_guest_user_syscall(cpu, num, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8);
7725     if(do_strace)
7726         print_syscall(num, arg1, arg2, arg3, arg4, arg5, arg6);
7727 
7728     switch(num) {
7729     case TARGET_NR_exit:
7730         /* In old applications this may be used to implement _exit(2).
7731            However in threaded applictions it is used for thread termination,
7732            and _exit_group is used for application termination.
7733            Do thread termination if we have more then one thread.  */
7734 
7735         if (block_signals()) {
7736             ret = -TARGET_ERESTARTSYS;
7737             break;
7738         }
7739 
7740         cpu_list_lock();
7741 
7742         if (CPU_NEXT(first_cpu)) {
7743             TaskState *ts;
7744 
7745             /* Remove the CPU from the list.  */
7746             QTAILQ_REMOVE(&cpus, cpu, node);
7747 
7748             cpu_list_unlock();
7749 
7750             ts = cpu->opaque;
7751             if (ts->child_tidptr) {
7752                 put_user_u32(0, ts->child_tidptr);
7753                 sys_futex(g2h(ts->child_tidptr), FUTEX_WAKE, INT_MAX,
7754                           NULL, NULL, 0);
7755             }
7756             thread_cpu = NULL;
7757             object_unref(OBJECT(cpu));
7758             g_free(ts);
7759             rcu_unregister_thread();
7760             pthread_exit(NULL);
7761         }
7762 
7763         cpu_list_unlock();
7764 #ifdef TARGET_GPROF
7765         _mcleanup();
7766 #endif
7767         gdb_exit(cpu_env, arg1);
7768         _exit(arg1);
7769         ret = 0; /* avoid warning */
7770         break;
7771     case TARGET_NR_read:
7772         if (arg3 == 0)
7773             ret = 0;
7774         else {
7775             if (!(p = lock_user(VERIFY_WRITE, arg2, arg3, 0)))
7776                 goto efault;
7777             ret = get_errno(safe_read(arg1, p, arg3));
7778             if (ret >= 0 &&
7779                 fd_trans_host_to_target_data(arg1)) {
7780                 ret = fd_trans_host_to_target_data(arg1)(p, ret);
7781             }
7782             unlock_user(p, arg2, ret);
7783         }
7784         break;
7785     case TARGET_NR_write:
7786         if (!(p = lock_user(VERIFY_READ, arg2, arg3, 1)))
7787             goto efault;
7788         if (fd_trans_target_to_host_data(arg1)) {
7789             void *copy = g_malloc(arg3);
7790             memcpy(copy, p, arg3);
7791             ret = fd_trans_target_to_host_data(arg1)(copy, arg3);
7792             if (ret >= 0) {
7793                 ret = get_errno(safe_write(arg1, copy, ret));
7794             }
7795             g_free(copy);
7796         } else {
7797             ret = get_errno(safe_write(arg1, p, arg3));
7798         }
7799         unlock_user(p, arg2, 0);
7800         break;
7801 #ifdef TARGET_NR_open
7802     case TARGET_NR_open:
7803         if (!(p = lock_user_string(arg1)))
7804             goto efault;
7805         ret = get_errno(do_openat(cpu_env, AT_FDCWD, p,
7806                                   target_to_host_bitmask(arg2, fcntl_flags_tbl),
7807                                   arg3));
7808         fd_trans_unregister(ret);
7809         unlock_user(p, arg1, 0);
7810         break;
7811 #endif
7812     case TARGET_NR_openat:
7813         if (!(p = lock_user_string(arg2)))
7814             goto efault;
7815         ret = get_errno(do_openat(cpu_env, arg1, p,
7816                                   target_to_host_bitmask(arg3, fcntl_flags_tbl),
7817                                   arg4));
7818         fd_trans_unregister(ret);
7819         unlock_user(p, arg2, 0);
7820         break;
7821 #if defined(TARGET_NR_name_to_handle_at) && defined(CONFIG_OPEN_BY_HANDLE)
7822     case TARGET_NR_name_to_handle_at:
7823         ret = do_name_to_handle_at(arg1, arg2, arg3, arg4, arg5);
7824         break;
7825 #endif
7826 #if defined(TARGET_NR_open_by_handle_at) && defined(CONFIG_OPEN_BY_HANDLE)
7827     case TARGET_NR_open_by_handle_at:
7828         ret = do_open_by_handle_at(arg1, arg2, arg3);
7829         fd_trans_unregister(ret);
7830         break;
7831 #endif
7832     case TARGET_NR_close:
7833         fd_trans_unregister(arg1);
7834         ret = get_errno(close(arg1));
7835         break;
7836     case TARGET_NR_brk:
7837         ret = do_brk(arg1);
7838         break;
7839 #ifdef TARGET_NR_fork
7840     case TARGET_NR_fork:
7841         ret = get_errno(do_fork(cpu_env, TARGET_SIGCHLD, 0, 0, 0, 0));
7842         break;
7843 #endif
7844 #ifdef TARGET_NR_waitpid
7845     case TARGET_NR_waitpid:
7846         {
7847             int status;
7848             ret = get_errno(safe_wait4(arg1, &status, arg3, 0));
7849             if (!is_error(ret) && arg2 && ret
7850                 && put_user_s32(host_to_target_waitstatus(status), arg2))
7851                 goto efault;
7852         }
7853         break;
7854 #endif
7855 #ifdef TARGET_NR_waitid
7856     case TARGET_NR_waitid:
7857         {
7858             siginfo_t info;
7859             info.si_pid = 0;
7860             ret = get_errno(safe_waitid(arg1, arg2, &info, arg4, NULL));
7861             if (!is_error(ret) && arg3 && info.si_pid != 0) {
7862                 if (!(p = lock_user(VERIFY_WRITE, arg3, sizeof(target_siginfo_t), 0)))
7863                     goto efault;
7864                 host_to_target_siginfo(p, &info);
7865                 unlock_user(p, arg3, sizeof(target_siginfo_t));
7866             }
7867         }
7868         break;
7869 #endif
7870 #ifdef TARGET_NR_creat /* not on alpha */
7871     case TARGET_NR_creat:
7872         if (!(p = lock_user_string(arg1)))
7873             goto efault;
7874         ret = get_errno(creat(p, arg2));
7875         fd_trans_unregister(ret);
7876         unlock_user(p, arg1, 0);
7877         break;
7878 #endif
7879 #ifdef TARGET_NR_link
7880     case TARGET_NR_link:
7881         {
7882             void * p2;
7883             p = lock_user_string(arg1);
7884             p2 = lock_user_string(arg2);
7885             if (!p || !p2)
7886                 ret = -TARGET_EFAULT;
7887             else
7888                 ret = get_errno(link(p, p2));
7889             unlock_user(p2, arg2, 0);
7890             unlock_user(p, arg1, 0);
7891         }
7892         break;
7893 #endif
7894 #if defined(TARGET_NR_linkat)
7895     case TARGET_NR_linkat:
7896         {
7897             void * p2 = NULL;
7898             if (!arg2 || !arg4)
7899                 goto efault;
7900             p  = lock_user_string(arg2);
7901             p2 = lock_user_string(arg4);
7902             if (!p || !p2)
7903                 ret = -TARGET_EFAULT;
7904             else
7905                 ret = get_errno(linkat(arg1, p, arg3, p2, arg5));
7906             unlock_user(p, arg2, 0);
7907             unlock_user(p2, arg4, 0);
7908         }
7909         break;
7910 #endif
7911 #ifdef TARGET_NR_unlink
7912     case TARGET_NR_unlink:
7913         if (!(p = lock_user_string(arg1)))
7914             goto efault;
7915         ret = get_errno(unlink(p));
7916         unlock_user(p, arg1, 0);
7917         break;
7918 #endif
7919 #if defined(TARGET_NR_unlinkat)
7920     case TARGET_NR_unlinkat:
7921         if (!(p = lock_user_string(arg2)))
7922             goto efault;
7923         ret = get_errno(unlinkat(arg1, p, arg3));
7924         unlock_user(p, arg2, 0);
7925         break;
7926 #endif
7927     case TARGET_NR_execve:
7928         {
7929             char **argp, **envp;
7930             int argc, envc;
7931             abi_ulong gp;
7932             abi_ulong guest_argp;
7933             abi_ulong guest_envp;
7934             abi_ulong addr;
7935             char **q;
7936             int total_size = 0;
7937 
7938             argc = 0;
7939             guest_argp = arg2;
7940             for (gp = guest_argp; gp; gp += sizeof(abi_ulong)) {
7941                 if (get_user_ual(addr, gp))
7942                     goto efault;
7943                 if (!addr)
7944                     break;
7945                 argc++;
7946             }
7947             envc = 0;
7948             guest_envp = arg3;
7949             for (gp = guest_envp; gp; gp += sizeof(abi_ulong)) {
7950                 if (get_user_ual(addr, gp))
7951                     goto efault;
7952                 if (!addr)
7953                     break;
7954                 envc++;
7955             }
7956 
7957             argp = g_new0(char *, argc + 1);
7958             envp = g_new0(char *, envc + 1);
7959 
7960             for (gp = guest_argp, q = argp; gp;
7961                   gp += sizeof(abi_ulong), q++) {
7962                 if (get_user_ual(addr, gp))
7963                     goto execve_efault;
7964                 if (!addr)
7965                     break;
7966                 if (!(*q = lock_user_string(addr)))
7967                     goto execve_efault;
7968                 total_size += strlen(*q) + 1;
7969             }
7970             *q = NULL;
7971 
7972             for (gp = guest_envp, q = envp; gp;
7973                   gp += sizeof(abi_ulong), q++) {
7974                 if (get_user_ual(addr, gp))
7975                     goto execve_efault;
7976                 if (!addr)
7977                     break;
7978                 if (!(*q = lock_user_string(addr)))
7979                     goto execve_efault;
7980                 total_size += strlen(*q) + 1;
7981             }
7982             *q = NULL;
7983 
7984             if (!(p = lock_user_string(arg1)))
7985                 goto execve_efault;
7986             /* Although execve() is not an interruptible syscall it is
7987              * a special case where we must use the safe_syscall wrapper:
7988              * if we allow a signal to happen before we make the host
7989              * syscall then we will 'lose' it, because at the point of
7990              * execve the process leaves QEMU's control. So we use the
7991              * safe syscall wrapper to ensure that we either take the
7992              * signal as a guest signal, or else it does not happen
7993              * before the execve completes and makes it the other
7994              * program's problem.
7995              */
7996             ret = get_errno(safe_execve(p, argp, envp));
7997             unlock_user(p, arg1, 0);
7998 
7999             goto execve_end;
8000 
8001         execve_efault:
8002             ret = -TARGET_EFAULT;
8003 
8004         execve_end:
8005             for (gp = guest_argp, q = argp; *q;
8006                   gp += sizeof(abi_ulong), q++) {
8007                 if (get_user_ual(addr, gp)
8008                     || !addr)
8009                     break;
8010                 unlock_user(*q, addr, 0);
8011             }
8012             for (gp = guest_envp, q = envp; *q;
8013                   gp += sizeof(abi_ulong), q++) {
8014                 if (get_user_ual(addr, gp)
8015                     || !addr)
8016                     break;
8017                 unlock_user(*q, addr, 0);
8018             }
8019 
8020             g_free(argp);
8021             g_free(envp);
8022         }
8023         break;
8024     case TARGET_NR_chdir:
8025         if (!(p = lock_user_string(arg1)))
8026             goto efault;
8027         ret = get_errno(chdir(p));
8028         unlock_user(p, arg1, 0);
8029         break;
8030 #ifdef TARGET_NR_time
8031     case TARGET_NR_time:
8032         {
8033             time_t host_time;
8034             ret = get_errno(time(&host_time));
8035             if (!is_error(ret)
8036                 && arg1
8037                 && put_user_sal(host_time, arg1))
8038                 goto efault;
8039         }
8040         break;
8041 #endif
8042 #ifdef TARGET_NR_mknod
8043     case TARGET_NR_mknod:
8044         if (!(p = lock_user_string(arg1)))
8045             goto efault;
8046         ret = get_errno(mknod(p, arg2, arg3));
8047         unlock_user(p, arg1, 0);
8048         break;
8049 #endif
8050 #if defined(TARGET_NR_mknodat)
8051     case TARGET_NR_mknodat:
8052         if (!(p = lock_user_string(arg2)))
8053             goto efault;
8054         ret = get_errno(mknodat(arg1, p, arg3, arg4));
8055         unlock_user(p, arg2, 0);
8056         break;
8057 #endif
8058 #ifdef TARGET_NR_chmod
8059     case TARGET_NR_chmod:
8060         if (!(p = lock_user_string(arg1)))
8061             goto efault;
8062         ret = get_errno(chmod(p, arg2));
8063         unlock_user(p, arg1, 0);
8064         break;
8065 #endif
8066 #ifdef TARGET_NR_break
8067     case TARGET_NR_break:
8068         goto unimplemented;
8069 #endif
8070 #ifdef TARGET_NR_oldstat
8071     case TARGET_NR_oldstat:
8072         goto unimplemented;
8073 #endif
8074     case TARGET_NR_lseek:
8075         ret = get_errno(lseek(arg1, arg2, arg3));
8076         break;
8077 #if defined(TARGET_NR_getxpid) && defined(TARGET_ALPHA)
8078     /* Alpha specific */
8079     case TARGET_NR_getxpid:
8080         ((CPUAlphaState *)cpu_env)->ir[IR_A4] = getppid();
8081         ret = get_errno(getpid());
8082         break;
8083 #endif
8084 #ifdef TARGET_NR_getpid
8085     case TARGET_NR_getpid:
8086         ret = get_errno(getpid());
8087         break;
8088 #endif
8089     case TARGET_NR_mount:
8090         {
8091             /* need to look at the data field */
8092             void *p2, *p3;
8093 
8094             if (arg1) {
8095                 p = lock_user_string(arg1);
8096                 if (!p) {
8097                     goto efault;
8098                 }
8099             } else {
8100                 p = NULL;
8101             }
8102 
8103             p2 = lock_user_string(arg2);
8104             if (!p2) {
8105                 if (arg1) {
8106                     unlock_user(p, arg1, 0);
8107                 }
8108                 goto efault;
8109             }
8110 
8111             if (arg3) {
8112                 p3 = lock_user_string(arg3);
8113                 if (!p3) {
8114                     if (arg1) {
8115                         unlock_user(p, arg1, 0);
8116                     }
8117                     unlock_user(p2, arg2, 0);
8118                     goto efault;
8119                 }
8120             } else {
8121                 p3 = NULL;
8122             }
8123 
8124             /* FIXME - arg5 should be locked, but it isn't clear how to
8125              * do that since it's not guaranteed to be a NULL-terminated
8126              * string.
8127              */
8128             if (!arg5) {
8129                 ret = mount(p, p2, p3, (unsigned long)arg4, NULL);
8130             } else {
8131                 ret = mount(p, p2, p3, (unsigned long)arg4, g2h(arg5));
8132             }
8133             ret = get_errno(ret);
8134 
8135             if (arg1) {
8136                 unlock_user(p, arg1, 0);
8137             }
8138             unlock_user(p2, arg2, 0);
8139             if (arg3) {
8140                 unlock_user(p3, arg3, 0);
8141             }
8142         }
8143         break;
8144 #ifdef TARGET_NR_umount
8145     case TARGET_NR_umount:
8146         if (!(p = lock_user_string(arg1)))
8147             goto efault;
8148         ret = get_errno(umount(p));
8149         unlock_user(p, arg1, 0);
8150         break;
8151 #endif
8152 #ifdef TARGET_NR_stime /* not on alpha */
8153     case TARGET_NR_stime:
8154         {
8155             time_t host_time;
8156             if (get_user_sal(host_time, arg1))
8157                 goto efault;
8158             ret = get_errno(stime(&host_time));
8159         }
8160         break;
8161 #endif
8162     case TARGET_NR_ptrace:
8163         goto unimplemented;
8164 #ifdef TARGET_NR_alarm /* not on alpha */
8165     case TARGET_NR_alarm:
8166         ret = alarm(arg1);
8167         break;
8168 #endif
8169 #ifdef TARGET_NR_oldfstat
8170     case TARGET_NR_oldfstat:
8171         goto unimplemented;
8172 #endif
8173 #ifdef TARGET_NR_pause /* not on alpha */
8174     case TARGET_NR_pause:
8175         if (!block_signals()) {
8176             sigsuspend(&((TaskState *)cpu->opaque)->signal_mask);
8177         }
8178         ret = -TARGET_EINTR;
8179         break;
8180 #endif
8181 #ifdef TARGET_NR_utime
8182     case TARGET_NR_utime:
8183         {
8184             struct utimbuf tbuf, *host_tbuf;
8185             struct target_utimbuf *target_tbuf;
8186             if (arg2) {
8187                 if (!lock_user_struct(VERIFY_READ, target_tbuf, arg2, 1))
8188                     goto efault;
8189                 tbuf.actime = tswapal(target_tbuf->actime);
8190                 tbuf.modtime = tswapal(target_tbuf->modtime);
8191                 unlock_user_struct(target_tbuf, arg2, 0);
8192                 host_tbuf = &tbuf;
8193             } else {
8194                 host_tbuf = NULL;
8195             }
8196             if (!(p = lock_user_string(arg1)))
8197                 goto efault;
8198             ret = get_errno(utime(p, host_tbuf));
8199             unlock_user(p, arg1, 0);
8200         }
8201         break;
8202 #endif
8203 #ifdef TARGET_NR_utimes
8204     case TARGET_NR_utimes:
8205         {
8206             struct timeval *tvp, tv[2];
8207             if (arg2) {
8208                 if (copy_from_user_timeval(&tv[0], arg2)
8209                     || copy_from_user_timeval(&tv[1],
8210                                               arg2 + sizeof(struct target_timeval)))
8211                     goto efault;
8212                 tvp = tv;
8213             } else {
8214                 tvp = NULL;
8215             }
8216             if (!(p = lock_user_string(arg1)))
8217                 goto efault;
8218             ret = get_errno(utimes(p, tvp));
8219             unlock_user(p, arg1, 0);
8220         }
8221         break;
8222 #endif
8223 #if defined(TARGET_NR_futimesat)
8224     case TARGET_NR_futimesat:
8225         {
8226             struct timeval *tvp, tv[2];
8227             if (arg3) {
8228                 if (copy_from_user_timeval(&tv[0], arg3)
8229                     || copy_from_user_timeval(&tv[1],
8230                                               arg3 + sizeof(struct target_timeval)))
8231                     goto efault;
8232                 tvp = tv;
8233             } else {
8234                 tvp = NULL;
8235             }
8236             if (!(p = lock_user_string(arg2)))
8237                 goto efault;
8238             ret = get_errno(futimesat(arg1, path(p), tvp));
8239             unlock_user(p, arg2, 0);
8240         }
8241         break;
8242 #endif
8243 #ifdef TARGET_NR_stty
8244     case TARGET_NR_stty:
8245         goto unimplemented;
8246 #endif
8247 #ifdef TARGET_NR_gtty
8248     case TARGET_NR_gtty:
8249         goto unimplemented;
8250 #endif
8251 #ifdef TARGET_NR_access
8252     case TARGET_NR_access:
8253         if (!(p = lock_user_string(arg1)))
8254             goto efault;
8255         ret = get_errno(access(path(p), arg2));
8256         unlock_user(p, arg1, 0);
8257         break;
8258 #endif
8259 #if defined(TARGET_NR_faccessat) && defined(__NR_faccessat)
8260     case TARGET_NR_faccessat:
8261         if (!(p = lock_user_string(arg2)))
8262             goto efault;
8263         ret = get_errno(faccessat(arg1, p, arg3, 0));
8264         unlock_user(p, arg2, 0);
8265         break;
8266 #endif
8267 #ifdef TARGET_NR_nice /* not on alpha */
8268     case TARGET_NR_nice:
8269         ret = get_errno(nice(arg1));
8270         break;
8271 #endif
8272 #ifdef TARGET_NR_ftime
8273     case TARGET_NR_ftime:
8274         goto unimplemented;
8275 #endif
8276     case TARGET_NR_sync:
8277         sync();
8278         ret = 0;
8279         break;
8280 #if defined(TARGET_NR_syncfs) && defined(CONFIG_SYNCFS)
8281     case TARGET_NR_syncfs:
8282         ret = get_errno(syncfs(arg1));
8283         break;
8284 #endif
8285     case TARGET_NR_kill:
8286         ret = get_errno(safe_kill(arg1, target_to_host_signal(arg2)));
8287         break;
8288 #ifdef TARGET_NR_rename
8289     case TARGET_NR_rename:
8290         {
8291             void *p2;
8292             p = lock_user_string(arg1);
8293             p2 = lock_user_string(arg2);
8294             if (!p || !p2)
8295                 ret = -TARGET_EFAULT;
8296             else
8297                 ret = get_errno(rename(p, p2));
8298             unlock_user(p2, arg2, 0);
8299             unlock_user(p, arg1, 0);
8300         }
8301         break;
8302 #endif
8303 #if defined(TARGET_NR_renameat)
8304     case TARGET_NR_renameat:
8305         {
8306             void *p2;
8307             p  = lock_user_string(arg2);
8308             p2 = lock_user_string(arg4);
8309             if (!p || !p2)
8310                 ret = -TARGET_EFAULT;
8311             else
8312                 ret = get_errno(renameat(arg1, p, arg3, p2));
8313             unlock_user(p2, arg4, 0);
8314             unlock_user(p, arg2, 0);
8315         }
8316         break;
8317 #endif
8318 #ifdef TARGET_NR_mkdir
8319     case TARGET_NR_mkdir:
8320         if (!(p = lock_user_string(arg1)))
8321             goto efault;
8322         ret = get_errno(mkdir(p, arg2));
8323         unlock_user(p, arg1, 0);
8324         break;
8325 #endif
8326 #if defined(TARGET_NR_mkdirat)
8327     case TARGET_NR_mkdirat:
8328         if (!(p = lock_user_string(arg2)))
8329             goto efault;
8330         ret = get_errno(mkdirat(arg1, p, arg3));
8331         unlock_user(p, arg2, 0);
8332         break;
8333 #endif
8334 #ifdef TARGET_NR_rmdir
8335     case TARGET_NR_rmdir:
8336         if (!(p = lock_user_string(arg1)))
8337             goto efault;
8338         ret = get_errno(rmdir(p));
8339         unlock_user(p, arg1, 0);
8340         break;
8341 #endif
8342     case TARGET_NR_dup:
8343         ret = get_errno(dup(arg1));
8344         if (ret >= 0) {
8345             fd_trans_dup(arg1, ret);
8346         }
8347         break;
8348 #ifdef TARGET_NR_pipe
8349     case TARGET_NR_pipe:
8350         ret = do_pipe(cpu_env, arg1, 0, 0);
8351         break;
8352 #endif
8353 #ifdef TARGET_NR_pipe2
8354     case TARGET_NR_pipe2:
8355         ret = do_pipe(cpu_env, arg1,
8356                       target_to_host_bitmask(arg2, fcntl_flags_tbl), 1);
8357         break;
8358 #endif
8359     case TARGET_NR_times:
8360         {
8361             struct target_tms *tmsp;
8362             struct tms tms;
8363             ret = get_errno(times(&tms));
8364             if (arg1) {
8365                 tmsp = lock_user(VERIFY_WRITE, arg1, sizeof(struct target_tms), 0);
8366                 if (!tmsp)
8367                     goto efault;
8368                 tmsp->tms_utime = tswapal(host_to_target_clock_t(tms.tms_utime));
8369                 tmsp->tms_stime = tswapal(host_to_target_clock_t(tms.tms_stime));
8370                 tmsp->tms_cutime = tswapal(host_to_target_clock_t(tms.tms_cutime));
8371                 tmsp->tms_cstime = tswapal(host_to_target_clock_t(tms.tms_cstime));
8372             }
8373             if (!is_error(ret))
8374                 ret = host_to_target_clock_t(ret);
8375         }
8376         break;
8377 #ifdef TARGET_NR_prof
8378     case TARGET_NR_prof:
8379         goto unimplemented;
8380 #endif
8381 #ifdef TARGET_NR_signal
8382     case TARGET_NR_signal:
8383         goto unimplemented;
8384 #endif
8385     case TARGET_NR_acct:
8386         if (arg1 == 0) {
8387             ret = get_errno(acct(NULL));
8388         } else {
8389             if (!(p = lock_user_string(arg1)))
8390                 goto efault;
8391             ret = get_errno(acct(path(p)));
8392             unlock_user(p, arg1, 0);
8393         }
8394         break;
8395 #ifdef TARGET_NR_umount2
8396     case TARGET_NR_umount2:
8397         if (!(p = lock_user_string(arg1)))
8398             goto efault;
8399         ret = get_errno(umount2(p, arg2));
8400         unlock_user(p, arg1, 0);
8401         break;
8402 #endif
8403 #ifdef TARGET_NR_lock
8404     case TARGET_NR_lock:
8405         goto unimplemented;
8406 #endif
8407     case TARGET_NR_ioctl:
8408         ret = do_ioctl(arg1, arg2, arg3);
8409         break;
8410     case TARGET_NR_fcntl:
8411         ret = do_fcntl(arg1, arg2, arg3);
8412         break;
8413 #ifdef TARGET_NR_mpx
8414     case TARGET_NR_mpx:
8415         goto unimplemented;
8416 #endif
8417     case TARGET_NR_setpgid:
8418         ret = get_errno(setpgid(arg1, arg2));
8419         break;
8420 #ifdef TARGET_NR_ulimit
8421     case TARGET_NR_ulimit:
8422         goto unimplemented;
8423 #endif
8424 #ifdef TARGET_NR_oldolduname
8425     case TARGET_NR_oldolduname:
8426         goto unimplemented;
8427 #endif
8428     case TARGET_NR_umask:
8429         ret = get_errno(umask(arg1));
8430         break;
8431     case TARGET_NR_chroot:
8432         if (!(p = lock_user_string(arg1)))
8433             goto efault;
8434         ret = get_errno(chroot(p));
8435         unlock_user(p, arg1, 0);
8436         break;
8437 #ifdef TARGET_NR_ustat
8438     case TARGET_NR_ustat:
8439         goto unimplemented;
8440 #endif
8441 #ifdef TARGET_NR_dup2
8442     case TARGET_NR_dup2:
8443         ret = get_errno(dup2(arg1, arg2));
8444         if (ret >= 0) {
8445             fd_trans_dup(arg1, arg2);
8446         }
8447         break;
8448 #endif
8449 #if defined(CONFIG_DUP3) && defined(TARGET_NR_dup3)
8450     case TARGET_NR_dup3:
8451         ret = get_errno(dup3(arg1, arg2, arg3));
8452         if (ret >= 0) {
8453             fd_trans_dup(arg1, arg2);
8454         }
8455         break;
8456 #endif
8457 #ifdef TARGET_NR_getppid /* not on alpha */
8458     case TARGET_NR_getppid:
8459         ret = get_errno(getppid());
8460         break;
8461 #endif
8462 #ifdef TARGET_NR_getpgrp
8463     case TARGET_NR_getpgrp:
8464         ret = get_errno(getpgrp());
8465         break;
8466 #endif
8467     case TARGET_NR_setsid:
8468         ret = get_errno(setsid());
8469         break;
8470 #ifdef TARGET_NR_sigaction
8471     case TARGET_NR_sigaction:
8472         {
8473 #if defined(TARGET_ALPHA)
8474             struct target_sigaction act, oact, *pact = 0;
8475             struct target_old_sigaction *old_act;
8476             if (arg2) {
8477                 if (!lock_user_struct(VERIFY_READ, old_act, arg2, 1))
8478                     goto efault;
8479                 act._sa_handler = old_act->_sa_handler;
8480                 target_siginitset(&act.sa_mask, old_act->sa_mask);
8481                 act.sa_flags = old_act->sa_flags;
8482                 act.sa_restorer = 0;
8483                 unlock_user_struct(old_act, arg2, 0);
8484                 pact = &act;
8485             }
8486             ret = get_errno(do_sigaction(arg1, pact, &oact));
8487             if (!is_error(ret) && arg3) {
8488                 if (!lock_user_struct(VERIFY_WRITE, old_act, arg3, 0))
8489                     goto efault;
8490                 old_act->_sa_handler = oact._sa_handler;
8491                 old_act->sa_mask = oact.sa_mask.sig[0];
8492                 old_act->sa_flags = oact.sa_flags;
8493                 unlock_user_struct(old_act, arg3, 1);
8494             }
8495 #elif defined(TARGET_MIPS)
8496 	    struct target_sigaction act, oact, *pact, *old_act;
8497 
8498 	    if (arg2) {
8499                 if (!lock_user_struct(VERIFY_READ, old_act, arg2, 1))
8500                     goto efault;
8501 		act._sa_handler = old_act->_sa_handler;
8502 		target_siginitset(&act.sa_mask, old_act->sa_mask.sig[0]);
8503 		act.sa_flags = old_act->sa_flags;
8504 		unlock_user_struct(old_act, arg2, 0);
8505 		pact = &act;
8506 	    } else {
8507 		pact = NULL;
8508 	    }
8509 
8510 	    ret = get_errno(do_sigaction(arg1, pact, &oact));
8511 
8512 	    if (!is_error(ret) && arg3) {
8513                 if (!lock_user_struct(VERIFY_WRITE, old_act, arg3, 0))
8514                     goto efault;
8515 		old_act->_sa_handler = oact._sa_handler;
8516 		old_act->sa_flags = oact.sa_flags;
8517 		old_act->sa_mask.sig[0] = oact.sa_mask.sig[0];
8518 		old_act->sa_mask.sig[1] = 0;
8519 		old_act->sa_mask.sig[2] = 0;
8520 		old_act->sa_mask.sig[3] = 0;
8521 		unlock_user_struct(old_act, arg3, 1);
8522 	    }
8523 #else
8524             struct target_old_sigaction *old_act;
8525             struct target_sigaction act, oact, *pact;
8526             if (arg2) {
8527                 if (!lock_user_struct(VERIFY_READ, old_act, arg2, 1))
8528                     goto efault;
8529                 act._sa_handler = old_act->_sa_handler;
8530                 target_siginitset(&act.sa_mask, old_act->sa_mask);
8531                 act.sa_flags = old_act->sa_flags;
8532                 act.sa_restorer = old_act->sa_restorer;
8533                 unlock_user_struct(old_act, arg2, 0);
8534                 pact = &act;
8535             } else {
8536                 pact = NULL;
8537             }
8538             ret = get_errno(do_sigaction(arg1, pact, &oact));
8539             if (!is_error(ret) && arg3) {
8540                 if (!lock_user_struct(VERIFY_WRITE, old_act, arg3, 0))
8541                     goto efault;
8542                 old_act->_sa_handler = oact._sa_handler;
8543                 old_act->sa_mask = oact.sa_mask.sig[0];
8544                 old_act->sa_flags = oact.sa_flags;
8545                 old_act->sa_restorer = oact.sa_restorer;
8546                 unlock_user_struct(old_act, arg3, 1);
8547             }
8548 #endif
8549         }
8550         break;
8551 #endif
8552     case TARGET_NR_rt_sigaction:
8553         {
8554 #if defined(TARGET_ALPHA)
8555             struct target_sigaction act, oact, *pact = 0;
8556             struct target_rt_sigaction *rt_act;
8557 
8558             if (arg4 != sizeof(target_sigset_t)) {
8559                 ret = -TARGET_EINVAL;
8560                 break;
8561             }
8562             if (arg2) {
8563                 if (!lock_user_struct(VERIFY_READ, rt_act, arg2, 1))
8564                     goto efault;
8565                 act._sa_handler = rt_act->_sa_handler;
8566                 act.sa_mask = rt_act->sa_mask;
8567                 act.sa_flags = rt_act->sa_flags;
8568                 act.sa_restorer = arg5;
8569                 unlock_user_struct(rt_act, arg2, 0);
8570                 pact = &act;
8571             }
8572             ret = get_errno(do_sigaction(arg1, pact, &oact));
8573             if (!is_error(ret) && arg3) {
8574                 if (!lock_user_struct(VERIFY_WRITE, rt_act, arg3, 0))
8575                     goto efault;
8576                 rt_act->_sa_handler = oact._sa_handler;
8577                 rt_act->sa_mask = oact.sa_mask;
8578                 rt_act->sa_flags = oact.sa_flags;
8579                 unlock_user_struct(rt_act, arg3, 1);
8580             }
8581 #else
8582             struct target_sigaction *act;
8583             struct target_sigaction *oact;
8584 
8585             if (arg4 != sizeof(target_sigset_t)) {
8586                 ret = -TARGET_EINVAL;
8587                 break;
8588             }
8589             if (arg2) {
8590                 if (!lock_user_struct(VERIFY_READ, act, arg2, 1))
8591                     goto efault;
8592             } else
8593                 act = NULL;
8594             if (arg3) {
8595                 if (!lock_user_struct(VERIFY_WRITE, oact, arg3, 0)) {
8596                     ret = -TARGET_EFAULT;
8597                     goto rt_sigaction_fail;
8598                 }
8599             } else
8600                 oact = NULL;
8601             ret = get_errno(do_sigaction(arg1, act, oact));
8602 	rt_sigaction_fail:
8603             if (act)
8604                 unlock_user_struct(act, arg2, 0);
8605             if (oact)
8606                 unlock_user_struct(oact, arg3, 1);
8607 #endif
8608         }
8609         break;
8610 #ifdef TARGET_NR_sgetmask /* not on alpha */
8611     case TARGET_NR_sgetmask:
8612         {
8613             sigset_t cur_set;
8614             abi_ulong target_set;
8615             ret = do_sigprocmask(0, NULL, &cur_set);
8616             if (!ret) {
8617                 host_to_target_old_sigset(&target_set, &cur_set);
8618                 ret = target_set;
8619             }
8620         }
8621         break;
8622 #endif
8623 #ifdef TARGET_NR_ssetmask /* not on alpha */
8624     case TARGET_NR_ssetmask:
8625         {
8626             sigset_t set, oset;
8627             abi_ulong target_set = arg1;
8628             target_to_host_old_sigset(&set, &target_set);
8629             ret = do_sigprocmask(SIG_SETMASK, &set, &oset);
8630             if (!ret) {
8631                 host_to_target_old_sigset(&target_set, &oset);
8632                 ret = target_set;
8633             }
8634         }
8635         break;
8636 #endif
8637 #ifdef TARGET_NR_sigprocmask
8638     case TARGET_NR_sigprocmask:
8639         {
8640 #if defined(TARGET_ALPHA)
8641             sigset_t set, oldset;
8642             abi_ulong mask;
8643             int how;
8644 
8645             switch (arg1) {
8646             case TARGET_SIG_BLOCK:
8647                 how = SIG_BLOCK;
8648                 break;
8649             case TARGET_SIG_UNBLOCK:
8650                 how = SIG_UNBLOCK;
8651                 break;
8652             case TARGET_SIG_SETMASK:
8653                 how = SIG_SETMASK;
8654                 break;
8655             default:
8656                 ret = -TARGET_EINVAL;
8657                 goto fail;
8658             }
8659             mask = arg2;
8660             target_to_host_old_sigset(&set, &mask);
8661 
8662             ret = do_sigprocmask(how, &set, &oldset);
8663             if (!is_error(ret)) {
8664                 host_to_target_old_sigset(&mask, &oldset);
8665                 ret = mask;
8666                 ((CPUAlphaState *)cpu_env)->ir[IR_V0] = 0; /* force no error */
8667             }
8668 #else
8669             sigset_t set, oldset, *set_ptr;
8670             int how;
8671 
8672             if (arg2) {
8673                 switch (arg1) {
8674                 case TARGET_SIG_BLOCK:
8675                     how = SIG_BLOCK;
8676                     break;
8677                 case TARGET_SIG_UNBLOCK:
8678                     how = SIG_UNBLOCK;
8679                     break;
8680                 case TARGET_SIG_SETMASK:
8681                     how = SIG_SETMASK;
8682                     break;
8683                 default:
8684                     ret = -TARGET_EINVAL;
8685                     goto fail;
8686                 }
8687                 if (!(p = lock_user(VERIFY_READ, arg2, sizeof(target_sigset_t), 1)))
8688                     goto efault;
8689                 target_to_host_old_sigset(&set, p);
8690                 unlock_user(p, arg2, 0);
8691                 set_ptr = &set;
8692             } else {
8693                 how = 0;
8694                 set_ptr = NULL;
8695             }
8696             ret = do_sigprocmask(how, set_ptr, &oldset);
8697             if (!is_error(ret) && arg3) {
8698                 if (!(p = lock_user(VERIFY_WRITE, arg3, sizeof(target_sigset_t), 0)))
8699                     goto efault;
8700                 host_to_target_old_sigset(p, &oldset);
8701                 unlock_user(p, arg3, sizeof(target_sigset_t));
8702             }
8703 #endif
8704         }
8705         break;
8706 #endif
8707     case TARGET_NR_rt_sigprocmask:
8708         {
8709             int how = arg1;
8710             sigset_t set, oldset, *set_ptr;
8711 
8712             if (arg4 != sizeof(target_sigset_t)) {
8713                 ret = -TARGET_EINVAL;
8714                 break;
8715             }
8716 
8717             if (arg2) {
8718                 switch(how) {
8719                 case TARGET_SIG_BLOCK:
8720                     how = SIG_BLOCK;
8721                     break;
8722                 case TARGET_SIG_UNBLOCK:
8723                     how = SIG_UNBLOCK;
8724                     break;
8725                 case TARGET_SIG_SETMASK:
8726                     how = SIG_SETMASK;
8727                     break;
8728                 default:
8729                     ret = -TARGET_EINVAL;
8730                     goto fail;
8731                 }
8732                 if (!(p = lock_user(VERIFY_READ, arg2, sizeof(target_sigset_t), 1)))
8733                     goto efault;
8734                 target_to_host_sigset(&set, p);
8735                 unlock_user(p, arg2, 0);
8736                 set_ptr = &set;
8737             } else {
8738                 how = 0;
8739                 set_ptr = NULL;
8740             }
8741             ret = do_sigprocmask(how, set_ptr, &oldset);
8742             if (!is_error(ret) && arg3) {
8743                 if (!(p = lock_user(VERIFY_WRITE, arg3, sizeof(target_sigset_t), 0)))
8744                     goto efault;
8745                 host_to_target_sigset(p, &oldset);
8746                 unlock_user(p, arg3, sizeof(target_sigset_t));
8747             }
8748         }
8749         break;
8750 #ifdef TARGET_NR_sigpending
8751     case TARGET_NR_sigpending:
8752         {
8753             sigset_t set;
8754             ret = get_errno(sigpending(&set));
8755             if (!is_error(ret)) {
8756                 if (!(p = lock_user(VERIFY_WRITE, arg1, sizeof(target_sigset_t), 0)))
8757                     goto efault;
8758                 host_to_target_old_sigset(p, &set);
8759                 unlock_user(p, arg1, sizeof(target_sigset_t));
8760             }
8761         }
8762         break;
8763 #endif
8764     case TARGET_NR_rt_sigpending:
8765         {
8766             sigset_t set;
8767 
8768             /* Yes, this check is >, not != like most. We follow the kernel's
8769              * logic and it does it like this because it implements
8770              * NR_sigpending through the same code path, and in that case
8771              * the old_sigset_t is smaller in size.
8772              */
8773             if (arg2 > sizeof(target_sigset_t)) {
8774                 ret = -TARGET_EINVAL;
8775                 break;
8776             }
8777 
8778             ret = get_errno(sigpending(&set));
8779             if (!is_error(ret)) {
8780                 if (!(p = lock_user(VERIFY_WRITE, arg1, sizeof(target_sigset_t), 0)))
8781                     goto efault;
8782                 host_to_target_sigset(p, &set);
8783                 unlock_user(p, arg1, sizeof(target_sigset_t));
8784             }
8785         }
8786         break;
8787 #ifdef TARGET_NR_sigsuspend
8788     case TARGET_NR_sigsuspend:
8789         {
8790             TaskState *ts = cpu->opaque;
8791 #if defined(TARGET_ALPHA)
8792             abi_ulong mask = arg1;
8793             target_to_host_old_sigset(&ts->sigsuspend_mask, &mask);
8794 #else
8795             if (!(p = lock_user(VERIFY_READ, arg1, sizeof(target_sigset_t), 1)))
8796                 goto efault;
8797             target_to_host_old_sigset(&ts->sigsuspend_mask, p);
8798             unlock_user(p, arg1, 0);
8799 #endif
8800             ret = get_errno(safe_rt_sigsuspend(&ts->sigsuspend_mask,
8801                                                SIGSET_T_SIZE));
8802             if (ret != -TARGET_ERESTARTSYS) {
8803                 ts->in_sigsuspend = 1;
8804             }
8805         }
8806         break;
8807 #endif
8808     case TARGET_NR_rt_sigsuspend:
8809         {
8810             TaskState *ts = cpu->opaque;
8811 
8812             if (arg2 != sizeof(target_sigset_t)) {
8813                 ret = -TARGET_EINVAL;
8814                 break;
8815             }
8816             if (!(p = lock_user(VERIFY_READ, arg1, sizeof(target_sigset_t), 1)))
8817                 goto efault;
8818             target_to_host_sigset(&ts->sigsuspend_mask, p);
8819             unlock_user(p, arg1, 0);
8820             ret = get_errno(safe_rt_sigsuspend(&ts->sigsuspend_mask,
8821                                                SIGSET_T_SIZE));
8822             if (ret != -TARGET_ERESTARTSYS) {
8823                 ts->in_sigsuspend = 1;
8824             }
8825         }
8826         break;
8827     case TARGET_NR_rt_sigtimedwait:
8828         {
8829             sigset_t set;
8830             struct timespec uts, *puts;
8831             siginfo_t uinfo;
8832 
8833             if (arg4 != sizeof(target_sigset_t)) {
8834                 ret = -TARGET_EINVAL;
8835                 break;
8836             }
8837 
8838             if (!(p = lock_user(VERIFY_READ, arg1, sizeof(target_sigset_t), 1)))
8839                 goto efault;
8840             target_to_host_sigset(&set, p);
8841             unlock_user(p, arg1, 0);
8842             if (arg3) {
8843                 puts = &uts;
8844                 target_to_host_timespec(puts, arg3);
8845             } else {
8846                 puts = NULL;
8847             }
8848             ret = get_errno(safe_rt_sigtimedwait(&set, &uinfo, puts,
8849                                                  SIGSET_T_SIZE));
8850             if (!is_error(ret)) {
8851                 if (arg2) {
8852                     p = lock_user(VERIFY_WRITE, arg2, sizeof(target_siginfo_t),
8853                                   0);
8854                     if (!p) {
8855                         goto efault;
8856                     }
8857                     host_to_target_siginfo(p, &uinfo);
8858                     unlock_user(p, arg2, sizeof(target_siginfo_t));
8859                 }
8860                 ret = host_to_target_signal(ret);
8861             }
8862         }
8863         break;
8864     case TARGET_NR_rt_sigqueueinfo:
8865         {
8866             siginfo_t uinfo;
8867 
8868             p = lock_user(VERIFY_READ, arg3, sizeof(target_siginfo_t), 1);
8869             if (!p) {
8870                 goto efault;
8871             }
8872             target_to_host_siginfo(&uinfo, p);
8873             unlock_user(p, arg3, 0);
8874             ret = get_errno(sys_rt_sigqueueinfo(arg1, arg2, &uinfo));
8875         }
8876         break;
8877     case TARGET_NR_rt_tgsigqueueinfo:
8878         {
8879             siginfo_t uinfo;
8880 
8881             p = lock_user(VERIFY_READ, arg4, sizeof(target_siginfo_t), 1);
8882             if (!p) {
8883                 goto efault;
8884             }
8885             target_to_host_siginfo(&uinfo, p);
8886             unlock_user(p, arg4, 0);
8887             ret = get_errno(sys_rt_tgsigqueueinfo(arg1, arg2, arg3, &uinfo));
8888         }
8889         break;
8890 #ifdef TARGET_NR_sigreturn
8891     case TARGET_NR_sigreturn:
8892         if (block_signals()) {
8893             ret = -TARGET_ERESTARTSYS;
8894         } else {
8895             ret = do_sigreturn(cpu_env);
8896         }
8897         break;
8898 #endif
8899     case TARGET_NR_rt_sigreturn:
8900         if (block_signals()) {
8901             ret = -TARGET_ERESTARTSYS;
8902         } else {
8903             ret = do_rt_sigreturn(cpu_env);
8904         }
8905         break;
8906     case TARGET_NR_sethostname:
8907         if (!(p = lock_user_string(arg1)))
8908             goto efault;
8909         ret = get_errno(sethostname(p, arg2));
8910         unlock_user(p, arg1, 0);
8911         break;
8912     case TARGET_NR_setrlimit:
8913         {
8914             int resource = target_to_host_resource(arg1);
8915             struct target_rlimit *target_rlim;
8916             struct rlimit rlim;
8917             if (!lock_user_struct(VERIFY_READ, target_rlim, arg2, 1))
8918                 goto efault;
8919             rlim.rlim_cur = target_to_host_rlim(target_rlim->rlim_cur);
8920             rlim.rlim_max = target_to_host_rlim(target_rlim->rlim_max);
8921             unlock_user_struct(target_rlim, arg2, 0);
8922             ret = get_errno(setrlimit(resource, &rlim));
8923         }
8924         break;
8925     case TARGET_NR_getrlimit:
8926         {
8927             int resource = target_to_host_resource(arg1);
8928             struct target_rlimit *target_rlim;
8929             struct rlimit rlim;
8930 
8931             ret = get_errno(getrlimit(resource, &rlim));
8932             if (!is_error(ret)) {
8933                 if (!lock_user_struct(VERIFY_WRITE, target_rlim, arg2, 0))
8934                     goto efault;
8935                 target_rlim->rlim_cur = host_to_target_rlim(rlim.rlim_cur);
8936                 target_rlim->rlim_max = host_to_target_rlim(rlim.rlim_max);
8937                 unlock_user_struct(target_rlim, arg2, 1);
8938             }
8939         }
8940         break;
8941     case TARGET_NR_getrusage:
8942         {
8943             struct rusage rusage;
8944             ret = get_errno(getrusage(arg1, &rusage));
8945             if (!is_error(ret)) {
8946                 ret = host_to_target_rusage(arg2, &rusage);
8947             }
8948         }
8949         break;
8950     case TARGET_NR_gettimeofday:
8951         {
8952             struct timeval tv;
8953             ret = get_errno(gettimeofday(&tv, NULL));
8954             if (!is_error(ret)) {
8955                 if (copy_to_user_timeval(arg1, &tv))
8956                     goto efault;
8957             }
8958         }
8959         break;
8960     case TARGET_NR_settimeofday:
8961         {
8962             struct timeval tv, *ptv = NULL;
8963             struct timezone tz, *ptz = NULL;
8964 
8965             if (arg1) {
8966                 if (copy_from_user_timeval(&tv, arg1)) {
8967                     goto efault;
8968                 }
8969                 ptv = &tv;
8970             }
8971 
8972             if (arg2) {
8973                 if (copy_from_user_timezone(&tz, arg2)) {
8974                     goto efault;
8975                 }
8976                 ptz = &tz;
8977             }
8978 
8979             ret = get_errno(settimeofday(ptv, ptz));
8980         }
8981         break;
8982 #if defined(TARGET_NR_select)
8983     case TARGET_NR_select:
8984 #if defined(TARGET_WANT_NI_OLD_SELECT)
8985         /* some architectures used to have old_select here
8986          * but now ENOSYS it.
8987          */
8988         ret = -TARGET_ENOSYS;
8989 #elif defined(TARGET_WANT_OLD_SYS_SELECT)
8990         ret = do_old_select(arg1);
8991 #else
8992         ret = do_select(arg1, arg2, arg3, arg4, arg5);
8993 #endif
8994         break;
8995 #endif
8996 #ifdef TARGET_NR_pselect6
8997     case TARGET_NR_pselect6:
8998         {
8999             abi_long rfd_addr, wfd_addr, efd_addr, n, ts_addr;
9000             fd_set rfds, wfds, efds;
9001             fd_set *rfds_ptr, *wfds_ptr, *efds_ptr;
9002             struct timespec ts, *ts_ptr;
9003 
9004             /*
9005              * The 6th arg is actually two args smashed together,
9006              * so we cannot use the C library.
9007              */
9008             sigset_t set;
9009             struct {
9010                 sigset_t *set;
9011                 size_t size;
9012             } sig, *sig_ptr;
9013 
9014             abi_ulong arg_sigset, arg_sigsize, *arg7;
9015             target_sigset_t *target_sigset;
9016 
9017             n = arg1;
9018             rfd_addr = arg2;
9019             wfd_addr = arg3;
9020             efd_addr = arg4;
9021             ts_addr = arg5;
9022 
9023             ret = copy_from_user_fdset_ptr(&rfds, &rfds_ptr, rfd_addr, n);
9024             if (ret) {
9025                 goto fail;
9026             }
9027             ret = copy_from_user_fdset_ptr(&wfds, &wfds_ptr, wfd_addr, n);
9028             if (ret) {
9029                 goto fail;
9030             }
9031             ret = copy_from_user_fdset_ptr(&efds, &efds_ptr, efd_addr, n);
9032             if (ret) {
9033                 goto fail;
9034             }
9035 
9036             /*
9037              * This takes a timespec, and not a timeval, so we cannot
9038              * use the do_select() helper ...
9039              */
9040             if (ts_addr) {
9041                 if (target_to_host_timespec(&ts, ts_addr)) {
9042                     goto efault;
9043                 }
9044                 ts_ptr = &ts;
9045             } else {
9046                 ts_ptr = NULL;
9047             }
9048 
9049             /* Extract the two packed args for the sigset */
9050             if (arg6) {
9051                 sig_ptr = &sig;
9052                 sig.size = SIGSET_T_SIZE;
9053 
9054                 arg7 = lock_user(VERIFY_READ, arg6, sizeof(*arg7) * 2, 1);
9055                 if (!arg7) {
9056                     goto efault;
9057                 }
9058                 arg_sigset = tswapal(arg7[0]);
9059                 arg_sigsize = tswapal(arg7[1]);
9060                 unlock_user(arg7, arg6, 0);
9061 
9062                 if (arg_sigset) {
9063                     sig.set = &set;
9064                     if (arg_sigsize != sizeof(*target_sigset)) {
9065                         /* Like the kernel, we enforce correct size sigsets */
9066                         ret = -TARGET_EINVAL;
9067                         goto fail;
9068                     }
9069                     target_sigset = lock_user(VERIFY_READ, arg_sigset,
9070                                               sizeof(*target_sigset), 1);
9071                     if (!target_sigset) {
9072                         goto efault;
9073                     }
9074                     target_to_host_sigset(&set, target_sigset);
9075                     unlock_user(target_sigset, arg_sigset, 0);
9076                 } else {
9077                     sig.set = NULL;
9078                 }
9079             } else {
9080                 sig_ptr = NULL;
9081             }
9082 
9083             ret = get_errno(safe_pselect6(n, rfds_ptr, wfds_ptr, efds_ptr,
9084                                           ts_ptr, sig_ptr));
9085 
9086             if (!is_error(ret)) {
9087                 if (rfd_addr && copy_to_user_fdset(rfd_addr, &rfds, n))
9088                     goto efault;
9089                 if (wfd_addr && copy_to_user_fdset(wfd_addr, &wfds, n))
9090                     goto efault;
9091                 if (efd_addr && copy_to_user_fdset(efd_addr, &efds, n))
9092                     goto efault;
9093 
9094                 if (ts_addr && host_to_target_timespec(ts_addr, &ts))
9095                     goto efault;
9096             }
9097         }
9098         break;
9099 #endif
9100 #ifdef TARGET_NR_symlink
9101     case TARGET_NR_symlink:
9102         {
9103             void *p2;
9104             p = lock_user_string(arg1);
9105             p2 = lock_user_string(arg2);
9106             if (!p || !p2)
9107                 ret = -TARGET_EFAULT;
9108             else
9109                 ret = get_errno(symlink(p, p2));
9110             unlock_user(p2, arg2, 0);
9111             unlock_user(p, arg1, 0);
9112         }
9113         break;
9114 #endif
9115 #if defined(TARGET_NR_symlinkat)
9116     case TARGET_NR_symlinkat:
9117         {
9118             void *p2;
9119             p  = lock_user_string(arg1);
9120             p2 = lock_user_string(arg3);
9121             if (!p || !p2)
9122                 ret = -TARGET_EFAULT;
9123             else
9124                 ret = get_errno(symlinkat(p, arg2, p2));
9125             unlock_user(p2, arg3, 0);
9126             unlock_user(p, arg1, 0);
9127         }
9128         break;
9129 #endif
9130 #ifdef TARGET_NR_oldlstat
9131     case TARGET_NR_oldlstat:
9132         goto unimplemented;
9133 #endif
9134 #ifdef TARGET_NR_readlink
9135     case TARGET_NR_readlink:
9136         {
9137             void *p2;
9138             p = lock_user_string(arg1);
9139             p2 = lock_user(VERIFY_WRITE, arg2, arg3, 0);
9140             if (!p || !p2) {
9141                 ret = -TARGET_EFAULT;
9142             } else if (!arg3) {
9143                 /* Short circuit this for the magic exe check. */
9144                 ret = -TARGET_EINVAL;
9145             } else if (is_proc_myself((const char *)p, "exe")) {
9146                 char real[PATH_MAX], *temp;
9147                 temp = realpath(exec_path, real);
9148                 /* Return value is # of bytes that we wrote to the buffer. */
9149                 if (temp == NULL) {
9150                     ret = get_errno(-1);
9151                 } else {
9152                     /* Don't worry about sign mismatch as earlier mapping
9153                      * logic would have thrown a bad address error. */
9154                     ret = MIN(strlen(real), arg3);
9155                     /* We cannot NUL terminate the string. */
9156                     memcpy(p2, real, ret);
9157                 }
9158             } else {
9159                 ret = get_errno(readlink(path(p), p2, arg3));
9160             }
9161             unlock_user(p2, arg2, ret);
9162             unlock_user(p, arg1, 0);
9163         }
9164         break;
9165 #endif
9166 #if defined(TARGET_NR_readlinkat)
9167     case TARGET_NR_readlinkat:
9168         {
9169             void *p2;
9170             p  = lock_user_string(arg2);
9171             p2 = lock_user(VERIFY_WRITE, arg3, arg4, 0);
9172             if (!p || !p2) {
9173                 ret = -TARGET_EFAULT;
9174             } else if (is_proc_myself((const char *)p, "exe")) {
9175                 char real[PATH_MAX], *temp;
9176                 temp = realpath(exec_path, real);
9177                 ret = temp == NULL ? get_errno(-1) : strlen(real) ;
9178                 snprintf((char *)p2, arg4, "%s", real);
9179             } else {
9180                 ret = get_errno(readlinkat(arg1, path(p), p2, arg4));
9181             }
9182             unlock_user(p2, arg3, ret);
9183             unlock_user(p, arg2, 0);
9184         }
9185         break;
9186 #endif
9187 #ifdef TARGET_NR_uselib
9188     case TARGET_NR_uselib:
9189         goto unimplemented;
9190 #endif
9191 #ifdef TARGET_NR_swapon
9192     case TARGET_NR_swapon:
9193         if (!(p = lock_user_string(arg1)))
9194             goto efault;
9195         ret = get_errno(swapon(p, arg2));
9196         unlock_user(p, arg1, 0);
9197         break;
9198 #endif
9199     case TARGET_NR_reboot:
9200         if (arg3 == LINUX_REBOOT_CMD_RESTART2) {
9201            /* arg4 must be ignored in all other cases */
9202            p = lock_user_string(arg4);
9203            if (!p) {
9204               goto efault;
9205            }
9206            ret = get_errno(reboot(arg1, arg2, arg3, p));
9207            unlock_user(p, arg4, 0);
9208         } else {
9209            ret = get_errno(reboot(arg1, arg2, arg3, NULL));
9210         }
9211         break;
9212 #ifdef TARGET_NR_readdir
9213     case TARGET_NR_readdir:
9214         goto unimplemented;
9215 #endif
9216 #ifdef TARGET_NR_mmap
9217     case TARGET_NR_mmap:
9218 #if (defined(TARGET_I386) && defined(TARGET_ABI32)) || \
9219     (defined(TARGET_ARM) && defined(TARGET_ABI32)) || \
9220     defined(TARGET_M68K) || defined(TARGET_CRIS) || defined(TARGET_MICROBLAZE) \
9221     || defined(TARGET_S390X)
9222         {
9223             abi_ulong *v;
9224             abi_ulong v1, v2, v3, v4, v5, v6;
9225             if (!(v = lock_user(VERIFY_READ, arg1, 6 * sizeof(abi_ulong), 1)))
9226                 goto efault;
9227             v1 = tswapal(v[0]);
9228             v2 = tswapal(v[1]);
9229             v3 = tswapal(v[2]);
9230             v4 = tswapal(v[3]);
9231             v5 = tswapal(v[4]);
9232             v6 = tswapal(v[5]);
9233             unlock_user(v, arg1, 0);
9234             ret = get_errno(target_mmap(v1, v2, v3,
9235                                         target_to_host_bitmask(v4, mmap_flags_tbl),
9236                                         v5, v6));
9237         }
9238 #else
9239         ret = get_errno(target_mmap(arg1, arg2, arg3,
9240                                     target_to_host_bitmask(arg4, mmap_flags_tbl),
9241                                     arg5,
9242                                     arg6));
9243 #endif
9244         break;
9245 #endif
9246 #ifdef TARGET_NR_mmap2
9247     case TARGET_NR_mmap2:
9248 #ifndef MMAP_SHIFT
9249 #define MMAP_SHIFT 12
9250 #endif
9251         ret = get_errno(target_mmap(arg1, arg2, arg3,
9252                                     target_to_host_bitmask(arg4, mmap_flags_tbl),
9253                                     arg5,
9254                                     arg6 << MMAP_SHIFT));
9255         break;
9256 #endif
9257     case TARGET_NR_munmap:
9258         ret = get_errno(target_munmap(arg1, arg2));
9259         break;
9260     case TARGET_NR_mprotect:
9261         {
9262             TaskState *ts = cpu->opaque;
9263             /* Special hack to detect libc making the stack executable.  */
9264             if ((arg3 & PROT_GROWSDOWN)
9265                 && arg1 >= ts->info->stack_limit
9266                 && arg1 <= ts->info->start_stack) {
9267                 arg3 &= ~PROT_GROWSDOWN;
9268                 arg2 = arg2 + arg1 - ts->info->stack_limit;
9269                 arg1 = ts->info->stack_limit;
9270             }
9271         }
9272         ret = get_errno(target_mprotect(arg1, arg2, arg3));
9273         break;
9274 #ifdef TARGET_NR_mremap
9275     case TARGET_NR_mremap:
9276         ret = get_errno(target_mremap(arg1, arg2, arg3, arg4, arg5));
9277         break;
9278 #endif
9279         /* ??? msync/mlock/munlock are broken for softmmu.  */
9280 #ifdef TARGET_NR_msync
9281     case TARGET_NR_msync:
9282         ret = get_errno(msync(g2h(arg1), arg2, arg3));
9283         break;
9284 #endif
9285 #ifdef TARGET_NR_mlock
9286     case TARGET_NR_mlock:
9287         ret = get_errno(mlock(g2h(arg1), arg2));
9288         break;
9289 #endif
9290 #ifdef TARGET_NR_munlock
9291     case TARGET_NR_munlock:
9292         ret = get_errno(munlock(g2h(arg1), arg2));
9293         break;
9294 #endif
9295 #ifdef TARGET_NR_mlockall
9296     case TARGET_NR_mlockall:
9297         ret = get_errno(mlockall(target_to_host_mlockall_arg(arg1)));
9298         break;
9299 #endif
9300 #ifdef TARGET_NR_munlockall
9301     case TARGET_NR_munlockall:
9302         ret = get_errno(munlockall());
9303         break;
9304 #endif
9305     case TARGET_NR_truncate:
9306         if (!(p = lock_user_string(arg1)))
9307             goto efault;
9308         ret = get_errno(truncate(p, arg2));
9309         unlock_user(p, arg1, 0);
9310         break;
9311     case TARGET_NR_ftruncate:
9312         ret = get_errno(ftruncate(arg1, arg2));
9313         break;
9314     case TARGET_NR_fchmod:
9315         ret = get_errno(fchmod(arg1, arg2));
9316         break;
9317 #if defined(TARGET_NR_fchmodat)
9318     case TARGET_NR_fchmodat:
9319         if (!(p = lock_user_string(arg2)))
9320             goto efault;
9321         ret = get_errno(fchmodat(arg1, p, arg3, 0));
9322         unlock_user(p, arg2, 0);
9323         break;
9324 #endif
9325     case TARGET_NR_getpriority:
9326         /* Note that negative values are valid for getpriority, so we must
9327            differentiate based on errno settings.  */
9328         errno = 0;
9329         ret = getpriority(arg1, arg2);
9330         if (ret == -1 && errno != 0) {
9331             ret = -host_to_target_errno(errno);
9332             break;
9333         }
9334 #ifdef TARGET_ALPHA
9335         /* Return value is the unbiased priority.  Signal no error.  */
9336         ((CPUAlphaState *)cpu_env)->ir[IR_V0] = 0;
9337 #else
9338         /* Return value is a biased priority to avoid negative numbers.  */
9339         ret = 20 - ret;
9340 #endif
9341         break;
9342     case TARGET_NR_setpriority:
9343         ret = get_errno(setpriority(arg1, arg2, arg3));
9344         break;
9345 #ifdef TARGET_NR_profil
9346     case TARGET_NR_profil:
9347         goto unimplemented;
9348 #endif
9349     case TARGET_NR_statfs:
9350         if (!(p = lock_user_string(arg1)))
9351             goto efault;
9352         ret = get_errno(statfs(path(p), &stfs));
9353         unlock_user(p, arg1, 0);
9354     convert_statfs:
9355         if (!is_error(ret)) {
9356             struct target_statfs *target_stfs;
9357 
9358             if (!lock_user_struct(VERIFY_WRITE, target_stfs, arg2, 0))
9359                 goto efault;
9360             __put_user(stfs.f_type, &target_stfs->f_type);
9361             __put_user(stfs.f_bsize, &target_stfs->f_bsize);
9362             __put_user(stfs.f_blocks, &target_stfs->f_blocks);
9363             __put_user(stfs.f_bfree, &target_stfs->f_bfree);
9364             __put_user(stfs.f_bavail, &target_stfs->f_bavail);
9365             __put_user(stfs.f_files, &target_stfs->f_files);
9366             __put_user(stfs.f_ffree, &target_stfs->f_ffree);
9367             __put_user(stfs.f_fsid.__val[0], &target_stfs->f_fsid.val[0]);
9368             __put_user(stfs.f_fsid.__val[1], &target_stfs->f_fsid.val[1]);
9369             __put_user(stfs.f_namelen, &target_stfs->f_namelen);
9370             __put_user(stfs.f_frsize, &target_stfs->f_frsize);
9371             memset(target_stfs->f_spare, 0, sizeof(target_stfs->f_spare));
9372             unlock_user_struct(target_stfs, arg2, 1);
9373         }
9374         break;
9375     case TARGET_NR_fstatfs:
9376         ret = get_errno(fstatfs(arg1, &stfs));
9377         goto convert_statfs;
9378 #ifdef TARGET_NR_statfs64
9379     case TARGET_NR_statfs64:
9380         if (!(p = lock_user_string(arg1)))
9381             goto efault;
9382         ret = get_errno(statfs(path(p), &stfs));
9383         unlock_user(p, arg1, 0);
9384     convert_statfs64:
9385         if (!is_error(ret)) {
9386             struct target_statfs64 *target_stfs;
9387 
9388             if (!lock_user_struct(VERIFY_WRITE, target_stfs, arg3, 0))
9389                 goto efault;
9390             __put_user(stfs.f_type, &target_stfs->f_type);
9391             __put_user(stfs.f_bsize, &target_stfs->f_bsize);
9392             __put_user(stfs.f_blocks, &target_stfs->f_blocks);
9393             __put_user(stfs.f_bfree, &target_stfs->f_bfree);
9394             __put_user(stfs.f_bavail, &target_stfs->f_bavail);
9395             __put_user(stfs.f_files, &target_stfs->f_files);
9396             __put_user(stfs.f_ffree, &target_stfs->f_ffree);
9397             __put_user(stfs.f_fsid.__val[0], &target_stfs->f_fsid.val[0]);
9398             __put_user(stfs.f_fsid.__val[1], &target_stfs->f_fsid.val[1]);
9399             __put_user(stfs.f_namelen, &target_stfs->f_namelen);
9400             __put_user(stfs.f_frsize, &target_stfs->f_frsize);
9401             memset(target_stfs->f_spare, 0, sizeof(target_stfs->f_spare));
9402             unlock_user_struct(target_stfs, arg3, 1);
9403         }
9404         break;
9405     case TARGET_NR_fstatfs64:
9406         ret = get_errno(fstatfs(arg1, &stfs));
9407         goto convert_statfs64;
9408 #endif
9409 #ifdef TARGET_NR_ioperm
9410     case TARGET_NR_ioperm:
9411         goto unimplemented;
9412 #endif
9413 #ifdef TARGET_NR_socketcall
9414     case TARGET_NR_socketcall:
9415         ret = do_socketcall(arg1, arg2);
9416         break;
9417 #endif
9418 #ifdef TARGET_NR_accept
9419     case TARGET_NR_accept:
9420         ret = do_accept4(arg1, arg2, arg3, 0);
9421         break;
9422 #endif
9423 #ifdef TARGET_NR_accept4
9424     case TARGET_NR_accept4:
9425         ret = do_accept4(arg1, arg2, arg3, arg4);
9426         break;
9427 #endif
9428 #ifdef TARGET_NR_bind
9429     case TARGET_NR_bind:
9430         ret = do_bind(arg1, arg2, arg3);
9431         break;
9432 #endif
9433 #ifdef TARGET_NR_connect
9434     case TARGET_NR_connect:
9435         ret = do_connect(arg1, arg2, arg3);
9436         break;
9437 #endif
9438 #ifdef TARGET_NR_getpeername
9439     case TARGET_NR_getpeername:
9440         ret = do_getpeername(arg1, arg2, arg3);
9441         break;
9442 #endif
9443 #ifdef TARGET_NR_getsockname
9444     case TARGET_NR_getsockname:
9445         ret = do_getsockname(arg1, arg2, arg3);
9446         break;
9447 #endif
9448 #ifdef TARGET_NR_getsockopt
9449     case TARGET_NR_getsockopt:
9450         ret = do_getsockopt(arg1, arg2, arg3, arg4, arg5);
9451         break;
9452 #endif
9453 #ifdef TARGET_NR_listen
9454     case TARGET_NR_listen:
9455         ret = get_errno(listen(arg1, arg2));
9456         break;
9457 #endif
9458 #ifdef TARGET_NR_recv
9459     case TARGET_NR_recv:
9460         ret = do_recvfrom(arg1, arg2, arg3, arg4, 0, 0);
9461         break;
9462 #endif
9463 #ifdef TARGET_NR_recvfrom
9464     case TARGET_NR_recvfrom:
9465         ret = do_recvfrom(arg1, arg2, arg3, arg4, arg5, arg6);
9466         break;
9467 #endif
9468 #ifdef TARGET_NR_recvmsg
9469     case TARGET_NR_recvmsg:
9470         ret = do_sendrecvmsg(arg1, arg2, arg3, 0);
9471         break;
9472 #endif
9473 #ifdef TARGET_NR_send
9474     case TARGET_NR_send:
9475         ret = do_sendto(arg1, arg2, arg3, arg4, 0, 0);
9476         break;
9477 #endif
9478 #ifdef TARGET_NR_sendmsg
9479     case TARGET_NR_sendmsg:
9480         ret = do_sendrecvmsg(arg1, arg2, arg3, 1);
9481         break;
9482 #endif
9483 #ifdef TARGET_NR_sendmmsg
9484     case TARGET_NR_sendmmsg:
9485         ret = do_sendrecvmmsg(arg1, arg2, arg3, arg4, 1);
9486         break;
9487     case TARGET_NR_recvmmsg:
9488         ret = do_sendrecvmmsg(arg1, arg2, arg3, arg4, 0);
9489         break;
9490 #endif
9491 #ifdef TARGET_NR_sendto
9492     case TARGET_NR_sendto:
9493         ret = do_sendto(arg1, arg2, arg3, arg4, arg5, arg6);
9494         break;
9495 #endif
9496 #ifdef TARGET_NR_shutdown
9497     case TARGET_NR_shutdown:
9498         ret = get_errno(shutdown(arg1, arg2));
9499         break;
9500 #endif
9501 #if defined(TARGET_NR_getrandom) && defined(__NR_getrandom)
9502     case TARGET_NR_getrandom:
9503         p = lock_user(VERIFY_WRITE, arg1, arg2, 0);
9504         if (!p) {
9505             goto efault;
9506         }
9507         ret = get_errno(getrandom(p, arg2, arg3));
9508         unlock_user(p, arg1, ret);
9509         break;
9510 #endif
9511 #ifdef TARGET_NR_socket
9512     case TARGET_NR_socket:
9513         ret = do_socket(arg1, arg2, arg3);
9514         break;
9515 #endif
9516 #ifdef TARGET_NR_socketpair
9517     case TARGET_NR_socketpair:
9518         ret = do_socketpair(arg1, arg2, arg3, arg4);
9519         break;
9520 #endif
9521 #ifdef TARGET_NR_setsockopt
9522     case TARGET_NR_setsockopt:
9523         ret = do_setsockopt(arg1, arg2, arg3, arg4, (socklen_t) arg5);
9524         break;
9525 #endif
9526 #if defined(TARGET_NR_syslog)
9527     case TARGET_NR_syslog:
9528         {
9529             int len = arg2;
9530 
9531             switch (arg1) {
9532             case TARGET_SYSLOG_ACTION_CLOSE:         /* Close log */
9533             case TARGET_SYSLOG_ACTION_OPEN:          /* Open log */
9534             case TARGET_SYSLOG_ACTION_CLEAR:         /* Clear ring buffer */
9535             case TARGET_SYSLOG_ACTION_CONSOLE_OFF:   /* Disable logging */
9536             case TARGET_SYSLOG_ACTION_CONSOLE_ON:    /* Enable logging */
9537             case TARGET_SYSLOG_ACTION_CONSOLE_LEVEL: /* Set messages level */
9538             case TARGET_SYSLOG_ACTION_SIZE_UNREAD:   /* Number of chars */
9539             case TARGET_SYSLOG_ACTION_SIZE_BUFFER:   /* Size of the buffer */
9540                 {
9541                     ret = get_errno(sys_syslog((int)arg1, NULL, (int)arg3));
9542                 }
9543                 break;
9544             case TARGET_SYSLOG_ACTION_READ:          /* Read from log */
9545             case TARGET_SYSLOG_ACTION_READ_CLEAR:    /* Read/clear msgs */
9546             case TARGET_SYSLOG_ACTION_READ_ALL:      /* Read last messages */
9547                 {
9548                     ret = -TARGET_EINVAL;
9549                     if (len < 0) {
9550                         goto fail;
9551                     }
9552                     ret = 0;
9553                     if (len == 0) {
9554                         break;
9555                     }
9556                     p = lock_user(VERIFY_WRITE, arg2, arg3, 0);
9557                     if (!p) {
9558                         ret = -TARGET_EFAULT;
9559                         goto fail;
9560                     }
9561                     ret = get_errno(sys_syslog((int)arg1, p, (int)arg3));
9562                     unlock_user(p, arg2, arg3);
9563                 }
9564                 break;
9565             default:
9566                 ret = -EINVAL;
9567                 break;
9568             }
9569         }
9570         break;
9571 #endif
9572     case TARGET_NR_setitimer:
9573         {
9574             struct itimerval value, ovalue, *pvalue;
9575 
9576             if (arg2) {
9577                 pvalue = &value;
9578                 if (copy_from_user_timeval(&pvalue->it_interval, arg2)
9579                     || copy_from_user_timeval(&pvalue->it_value,
9580                                               arg2 + sizeof(struct target_timeval)))
9581                     goto efault;
9582             } else {
9583                 pvalue = NULL;
9584             }
9585             ret = get_errno(setitimer(arg1, pvalue, &ovalue));
9586             if (!is_error(ret) && arg3) {
9587                 if (copy_to_user_timeval(arg3,
9588                                          &ovalue.it_interval)
9589                     || copy_to_user_timeval(arg3 + sizeof(struct target_timeval),
9590                                             &ovalue.it_value))
9591                     goto efault;
9592             }
9593         }
9594         break;
9595     case TARGET_NR_getitimer:
9596         {
9597             struct itimerval value;
9598 
9599             ret = get_errno(getitimer(arg1, &value));
9600             if (!is_error(ret) && arg2) {
9601                 if (copy_to_user_timeval(arg2,
9602                                          &value.it_interval)
9603                     || copy_to_user_timeval(arg2 + sizeof(struct target_timeval),
9604                                             &value.it_value))
9605                     goto efault;
9606             }
9607         }
9608         break;
9609 #ifdef TARGET_NR_stat
9610     case TARGET_NR_stat:
9611         if (!(p = lock_user_string(arg1)))
9612             goto efault;
9613         ret = get_errno(stat(path(p), &st));
9614         unlock_user(p, arg1, 0);
9615         goto do_stat;
9616 #endif
9617 #ifdef TARGET_NR_lstat
9618     case TARGET_NR_lstat:
9619         if (!(p = lock_user_string(arg1)))
9620             goto efault;
9621         ret = get_errno(lstat(path(p), &st));
9622         unlock_user(p, arg1, 0);
9623         goto do_stat;
9624 #endif
9625     case TARGET_NR_fstat:
9626         {
9627             ret = get_errno(fstat(arg1, &st));
9628 #if defined(TARGET_NR_stat) || defined(TARGET_NR_lstat)
9629         do_stat:
9630 #endif
9631             if (!is_error(ret)) {
9632                 struct target_stat *target_st;
9633 
9634                 if (!lock_user_struct(VERIFY_WRITE, target_st, arg2, 0))
9635                     goto efault;
9636                 memset(target_st, 0, sizeof(*target_st));
9637                 __put_user(st.st_dev, &target_st->st_dev);
9638                 __put_user(st.st_ino, &target_st->st_ino);
9639                 __put_user(st.st_mode, &target_st->st_mode);
9640                 __put_user(st.st_uid, &target_st->st_uid);
9641                 __put_user(st.st_gid, &target_st->st_gid);
9642                 __put_user(st.st_nlink, &target_st->st_nlink);
9643                 __put_user(st.st_rdev, &target_st->st_rdev);
9644                 __put_user(st.st_size, &target_st->st_size);
9645                 __put_user(st.st_blksize, &target_st->st_blksize);
9646                 __put_user(st.st_blocks, &target_st->st_blocks);
9647                 __put_user(st.st_atime, &target_st->target_st_atime);
9648                 __put_user(st.st_mtime, &target_st->target_st_mtime);
9649                 __put_user(st.st_ctime, &target_st->target_st_ctime);
9650                 unlock_user_struct(target_st, arg2, 1);
9651             }
9652         }
9653         break;
9654 #ifdef TARGET_NR_olduname
9655     case TARGET_NR_olduname:
9656         goto unimplemented;
9657 #endif
9658 #ifdef TARGET_NR_iopl
9659     case TARGET_NR_iopl:
9660         goto unimplemented;
9661 #endif
9662     case TARGET_NR_vhangup:
9663         ret = get_errno(vhangup());
9664         break;
9665 #ifdef TARGET_NR_idle
9666     case TARGET_NR_idle:
9667         goto unimplemented;
9668 #endif
9669 #ifdef TARGET_NR_syscall
9670     case TARGET_NR_syscall:
9671         ret = do_syscall(cpu_env, arg1 & 0xffff, arg2, arg3, arg4, arg5,
9672                          arg6, arg7, arg8, 0);
9673         break;
9674 #endif
9675     case TARGET_NR_wait4:
9676         {
9677             int status;
9678             abi_long status_ptr = arg2;
9679             struct rusage rusage, *rusage_ptr;
9680             abi_ulong target_rusage = arg4;
9681             abi_long rusage_err;
9682             if (target_rusage)
9683                 rusage_ptr = &rusage;
9684             else
9685                 rusage_ptr = NULL;
9686             ret = get_errno(safe_wait4(arg1, &status, arg3, rusage_ptr));
9687             if (!is_error(ret)) {
9688                 if (status_ptr && ret) {
9689                     status = host_to_target_waitstatus(status);
9690                     if (put_user_s32(status, status_ptr))
9691                         goto efault;
9692                 }
9693                 if (target_rusage) {
9694                     rusage_err = host_to_target_rusage(target_rusage, &rusage);
9695                     if (rusage_err) {
9696                         ret = rusage_err;
9697                     }
9698                 }
9699             }
9700         }
9701         break;
9702 #ifdef TARGET_NR_swapoff
9703     case TARGET_NR_swapoff:
9704         if (!(p = lock_user_string(arg1)))
9705             goto efault;
9706         ret = get_errno(swapoff(p));
9707         unlock_user(p, arg1, 0);
9708         break;
9709 #endif
9710     case TARGET_NR_sysinfo:
9711         {
9712             struct target_sysinfo *target_value;
9713             struct sysinfo value;
9714             ret = get_errno(sysinfo(&value));
9715             if (!is_error(ret) && arg1)
9716             {
9717                 if (!lock_user_struct(VERIFY_WRITE, target_value, arg1, 0))
9718                     goto efault;
9719                 __put_user(value.uptime, &target_value->uptime);
9720                 __put_user(value.loads[0], &target_value->loads[0]);
9721                 __put_user(value.loads[1], &target_value->loads[1]);
9722                 __put_user(value.loads[2], &target_value->loads[2]);
9723                 __put_user(value.totalram, &target_value->totalram);
9724                 __put_user(value.freeram, &target_value->freeram);
9725                 __put_user(value.sharedram, &target_value->sharedram);
9726                 __put_user(value.bufferram, &target_value->bufferram);
9727                 __put_user(value.totalswap, &target_value->totalswap);
9728                 __put_user(value.freeswap, &target_value->freeswap);
9729                 __put_user(value.procs, &target_value->procs);
9730                 __put_user(value.totalhigh, &target_value->totalhigh);
9731                 __put_user(value.freehigh, &target_value->freehigh);
9732                 __put_user(value.mem_unit, &target_value->mem_unit);
9733                 unlock_user_struct(target_value, arg1, 1);
9734             }
9735         }
9736         break;
9737 #ifdef TARGET_NR_ipc
9738     case TARGET_NR_ipc:
9739         ret = do_ipc(cpu_env, arg1, arg2, arg3, arg4, arg5, arg6);
9740         break;
9741 #endif
9742 #ifdef TARGET_NR_semget
9743     case TARGET_NR_semget:
9744         ret = get_errno(semget(arg1, arg2, arg3));
9745         break;
9746 #endif
9747 #ifdef TARGET_NR_semop
9748     case TARGET_NR_semop:
9749         ret = do_semop(arg1, arg2, arg3);
9750         break;
9751 #endif
9752 #ifdef TARGET_NR_semctl
9753     case TARGET_NR_semctl:
9754         ret = do_semctl(arg1, arg2, arg3, arg4);
9755         break;
9756 #endif
9757 #ifdef TARGET_NR_msgctl
9758     case TARGET_NR_msgctl:
9759         ret = do_msgctl(arg1, arg2, arg3);
9760         break;
9761 #endif
9762 #ifdef TARGET_NR_msgget
9763     case TARGET_NR_msgget:
9764         ret = get_errno(msgget(arg1, arg2));
9765         break;
9766 #endif
9767 #ifdef TARGET_NR_msgrcv
9768     case TARGET_NR_msgrcv:
9769         ret = do_msgrcv(arg1, arg2, arg3, arg4, arg5);
9770         break;
9771 #endif
9772 #ifdef TARGET_NR_msgsnd
9773     case TARGET_NR_msgsnd:
9774         ret = do_msgsnd(arg1, arg2, arg3, arg4);
9775         break;
9776 #endif
9777 #ifdef TARGET_NR_shmget
9778     case TARGET_NR_shmget:
9779         ret = get_errno(shmget(arg1, arg2, arg3));
9780         break;
9781 #endif
9782 #ifdef TARGET_NR_shmctl
9783     case TARGET_NR_shmctl:
9784         ret = do_shmctl(arg1, arg2, arg3);
9785         break;
9786 #endif
9787 #ifdef TARGET_NR_shmat
9788     case TARGET_NR_shmat:
9789         ret = do_shmat(cpu_env, arg1, arg2, arg3);
9790         break;
9791 #endif
9792 #ifdef TARGET_NR_shmdt
9793     case TARGET_NR_shmdt:
9794         ret = do_shmdt(arg1);
9795         break;
9796 #endif
9797     case TARGET_NR_fsync:
9798         ret = get_errno(fsync(arg1));
9799         break;
9800     case TARGET_NR_clone:
9801         /* Linux manages to have three different orderings for its
9802          * arguments to clone(); the BACKWARDS and BACKWARDS2 defines
9803          * match the kernel's CONFIG_CLONE_* settings.
9804          * Microblaze is further special in that it uses a sixth
9805          * implicit argument to clone for the TLS pointer.
9806          */
9807 #if defined(TARGET_MICROBLAZE)
9808         ret = get_errno(do_fork(cpu_env, arg1, arg2, arg4, arg6, arg5));
9809 #elif defined(TARGET_CLONE_BACKWARDS)
9810         ret = get_errno(do_fork(cpu_env, arg1, arg2, arg3, arg4, arg5));
9811 #elif defined(TARGET_CLONE_BACKWARDS2)
9812         ret = get_errno(do_fork(cpu_env, arg2, arg1, arg3, arg5, arg4));
9813 #else
9814         ret = get_errno(do_fork(cpu_env, arg1, arg2, arg3, arg5, arg4));
9815 #endif
9816         break;
9817 #ifdef __NR_exit_group
9818         /* new thread calls */
9819     case TARGET_NR_exit_group:
9820 #ifdef TARGET_GPROF
9821         _mcleanup();
9822 #endif
9823         gdb_exit(cpu_env, arg1);
9824         ret = get_errno(exit_group(arg1));
9825         break;
9826 #endif
9827     case TARGET_NR_setdomainname:
9828         if (!(p = lock_user_string(arg1)))
9829             goto efault;
9830         ret = get_errno(setdomainname(p, arg2));
9831         unlock_user(p, arg1, 0);
9832         break;
9833     case TARGET_NR_uname:
9834         /* no need to transcode because we use the linux syscall */
9835         {
9836             struct new_utsname * buf;
9837 
9838             if (!lock_user_struct(VERIFY_WRITE, buf, arg1, 0))
9839                 goto efault;
9840             ret = get_errno(sys_uname(buf));
9841             if (!is_error(ret)) {
9842                 /* Overwrite the native machine name with whatever is being
9843                    emulated. */
9844                 strcpy (buf->machine, cpu_to_uname_machine(cpu_env));
9845                 /* Allow the user to override the reported release.  */
9846                 if (qemu_uname_release && *qemu_uname_release) {
9847                     g_strlcpy(buf->release, qemu_uname_release,
9848                               sizeof(buf->release));
9849                 }
9850             }
9851             unlock_user_struct(buf, arg1, 1);
9852         }
9853         break;
9854 #ifdef TARGET_I386
9855     case TARGET_NR_modify_ldt:
9856         ret = do_modify_ldt(cpu_env, arg1, arg2, arg3);
9857         break;
9858 #if !defined(TARGET_X86_64)
9859     case TARGET_NR_vm86old:
9860         goto unimplemented;
9861     case TARGET_NR_vm86:
9862         ret = do_vm86(cpu_env, arg1, arg2);
9863         break;
9864 #endif
9865 #endif
9866     case TARGET_NR_adjtimex:
9867         {
9868             struct timex host_buf;
9869 
9870             if (target_to_host_timex(&host_buf, arg1) != 0) {
9871                 goto efault;
9872             }
9873             ret = get_errno(adjtimex(&host_buf));
9874             if (!is_error(ret)) {
9875                 if (host_to_target_timex(arg1, &host_buf) != 0) {
9876                     goto efault;
9877                 }
9878             }
9879         }
9880         break;
9881 #if defined(TARGET_NR_clock_adjtime) && defined(CONFIG_CLOCK_ADJTIME)
9882     case TARGET_NR_clock_adjtime:
9883         {
9884             struct timex htx, *phtx = &htx;
9885 
9886             if (target_to_host_timex(phtx, arg2) != 0) {
9887                 goto efault;
9888             }
9889             ret = get_errno(clock_adjtime(arg1, phtx));
9890             if (!is_error(ret) && phtx) {
9891                 if (host_to_target_timex(arg2, phtx) != 0) {
9892                     goto efault;
9893                 }
9894             }
9895         }
9896         break;
9897 #endif
9898 #ifdef TARGET_NR_create_module
9899     case TARGET_NR_create_module:
9900 #endif
9901     case TARGET_NR_init_module:
9902     case TARGET_NR_delete_module:
9903 #ifdef TARGET_NR_get_kernel_syms
9904     case TARGET_NR_get_kernel_syms:
9905 #endif
9906         goto unimplemented;
9907     case TARGET_NR_quotactl:
9908         goto unimplemented;
9909     case TARGET_NR_getpgid:
9910         ret = get_errno(getpgid(arg1));
9911         break;
9912     case TARGET_NR_fchdir:
9913         ret = get_errno(fchdir(arg1));
9914         break;
9915 #ifdef TARGET_NR_bdflush /* not on x86_64 */
9916     case TARGET_NR_bdflush:
9917         goto unimplemented;
9918 #endif
9919 #ifdef TARGET_NR_sysfs
9920     case TARGET_NR_sysfs:
9921         goto unimplemented;
9922 #endif
9923     case TARGET_NR_personality:
9924         ret = get_errno(personality(arg1));
9925         break;
9926 #ifdef TARGET_NR_afs_syscall
9927     case TARGET_NR_afs_syscall:
9928         goto unimplemented;
9929 #endif
9930 #ifdef TARGET_NR__llseek /* Not on alpha */
9931     case TARGET_NR__llseek:
9932         {
9933             int64_t res;
9934 #if !defined(__NR_llseek)
9935             res = lseek(arg1, ((uint64_t)arg2 << 32) | (abi_ulong)arg3, arg5);
9936             if (res == -1) {
9937                 ret = get_errno(res);
9938             } else {
9939                 ret = 0;
9940             }
9941 #else
9942             ret = get_errno(_llseek(arg1, arg2, arg3, &res, arg5));
9943 #endif
9944             if ((ret == 0) && put_user_s64(res, arg4)) {
9945                 goto efault;
9946             }
9947         }
9948         break;
9949 #endif
9950 #ifdef TARGET_NR_getdents
9951     case TARGET_NR_getdents:
9952 #ifdef __NR_getdents
9953 #if TARGET_ABI_BITS == 32 && HOST_LONG_BITS == 64
9954         {
9955             struct target_dirent *target_dirp;
9956             struct linux_dirent *dirp;
9957             abi_long count = arg3;
9958 
9959             dirp = g_try_malloc(count);
9960             if (!dirp) {
9961                 ret = -TARGET_ENOMEM;
9962                 goto fail;
9963             }
9964 
9965             ret = get_errno(sys_getdents(arg1, dirp, count));
9966             if (!is_error(ret)) {
9967                 struct linux_dirent *de;
9968 		struct target_dirent *tde;
9969                 int len = ret;
9970                 int reclen, treclen;
9971 		int count1, tnamelen;
9972 
9973 		count1 = 0;
9974                 de = dirp;
9975                 if (!(target_dirp = lock_user(VERIFY_WRITE, arg2, count, 0)))
9976                     goto efault;
9977 		tde = target_dirp;
9978                 while (len > 0) {
9979                     reclen = de->d_reclen;
9980                     tnamelen = reclen - offsetof(struct linux_dirent, d_name);
9981                     assert(tnamelen >= 0);
9982                     treclen = tnamelen + offsetof(struct target_dirent, d_name);
9983                     assert(count1 + treclen <= count);
9984                     tde->d_reclen = tswap16(treclen);
9985                     tde->d_ino = tswapal(de->d_ino);
9986                     tde->d_off = tswapal(de->d_off);
9987                     memcpy(tde->d_name, de->d_name, tnamelen);
9988                     de = (struct linux_dirent *)((char *)de + reclen);
9989                     len -= reclen;
9990                     tde = (struct target_dirent *)((char *)tde + treclen);
9991 		    count1 += treclen;
9992                 }
9993 		ret = count1;
9994                 unlock_user(target_dirp, arg2, ret);
9995             }
9996             g_free(dirp);
9997         }
9998 #else
9999         {
10000             struct linux_dirent *dirp;
10001             abi_long count = arg3;
10002 
10003             if (!(dirp = lock_user(VERIFY_WRITE, arg2, count, 0)))
10004                 goto efault;
10005             ret = get_errno(sys_getdents(arg1, dirp, count));
10006             if (!is_error(ret)) {
10007                 struct linux_dirent *de;
10008                 int len = ret;
10009                 int reclen;
10010                 de = dirp;
10011                 while (len > 0) {
10012                     reclen = de->d_reclen;
10013                     if (reclen > len)
10014                         break;
10015                     de->d_reclen = tswap16(reclen);
10016                     tswapls(&de->d_ino);
10017                     tswapls(&de->d_off);
10018                     de = (struct linux_dirent *)((char *)de + reclen);
10019                     len -= reclen;
10020                 }
10021             }
10022             unlock_user(dirp, arg2, ret);
10023         }
10024 #endif
10025 #else
10026         /* Implement getdents in terms of getdents64 */
10027         {
10028             struct linux_dirent64 *dirp;
10029             abi_long count = arg3;
10030 
10031             dirp = lock_user(VERIFY_WRITE, arg2, count, 0);
10032             if (!dirp) {
10033                 goto efault;
10034             }
10035             ret = get_errno(sys_getdents64(arg1, dirp, count));
10036             if (!is_error(ret)) {
10037                 /* Convert the dirent64 structs to target dirent.  We do this
10038                  * in-place, since we can guarantee that a target_dirent is no
10039                  * larger than a dirent64; however this means we have to be
10040                  * careful to read everything before writing in the new format.
10041                  */
10042                 struct linux_dirent64 *de;
10043                 struct target_dirent *tde;
10044                 int len = ret;
10045                 int tlen = 0;
10046 
10047                 de = dirp;
10048                 tde = (struct target_dirent *)dirp;
10049                 while (len > 0) {
10050                     int namelen, treclen;
10051                     int reclen = de->d_reclen;
10052                     uint64_t ino = de->d_ino;
10053                     int64_t off = de->d_off;
10054                     uint8_t type = de->d_type;
10055 
10056                     namelen = strlen(de->d_name);
10057                     treclen = offsetof(struct target_dirent, d_name)
10058                         + namelen + 2;
10059                     treclen = QEMU_ALIGN_UP(treclen, sizeof(abi_long));
10060 
10061                     memmove(tde->d_name, de->d_name, namelen + 1);
10062                     tde->d_ino = tswapal(ino);
10063                     tde->d_off = tswapal(off);
10064                     tde->d_reclen = tswap16(treclen);
10065                     /* The target_dirent type is in what was formerly a padding
10066                      * byte at the end of the structure:
10067                      */
10068                     *(((char *)tde) + treclen - 1) = type;
10069 
10070                     de = (struct linux_dirent64 *)((char *)de + reclen);
10071                     tde = (struct target_dirent *)((char *)tde + treclen);
10072                     len -= reclen;
10073                     tlen += treclen;
10074                 }
10075                 ret = tlen;
10076             }
10077             unlock_user(dirp, arg2, ret);
10078         }
10079 #endif
10080         break;
10081 #endif /* TARGET_NR_getdents */
10082 #if defined(TARGET_NR_getdents64) && defined(__NR_getdents64)
10083     case TARGET_NR_getdents64:
10084         {
10085             struct linux_dirent64 *dirp;
10086             abi_long count = arg3;
10087             if (!(dirp = lock_user(VERIFY_WRITE, arg2, count, 0)))
10088                 goto efault;
10089             ret = get_errno(sys_getdents64(arg1, dirp, count));
10090             if (!is_error(ret)) {
10091                 struct linux_dirent64 *de;
10092                 int len = ret;
10093                 int reclen;
10094                 de = dirp;
10095                 while (len > 0) {
10096                     reclen = de->d_reclen;
10097                     if (reclen > len)
10098                         break;
10099                     de->d_reclen = tswap16(reclen);
10100                     tswap64s((uint64_t *)&de->d_ino);
10101                     tswap64s((uint64_t *)&de->d_off);
10102                     de = (struct linux_dirent64 *)((char *)de + reclen);
10103                     len -= reclen;
10104                 }
10105             }
10106             unlock_user(dirp, arg2, ret);
10107         }
10108         break;
10109 #endif /* TARGET_NR_getdents64 */
10110 #if defined(TARGET_NR__newselect)
10111     case TARGET_NR__newselect:
10112         ret = do_select(arg1, arg2, arg3, arg4, arg5);
10113         break;
10114 #endif
10115 #if defined(TARGET_NR_poll) || defined(TARGET_NR_ppoll)
10116 # ifdef TARGET_NR_poll
10117     case TARGET_NR_poll:
10118 # endif
10119 # ifdef TARGET_NR_ppoll
10120     case TARGET_NR_ppoll:
10121 # endif
10122         {
10123             struct target_pollfd *target_pfd;
10124             unsigned int nfds = arg2;
10125             struct pollfd *pfd;
10126             unsigned int i;
10127 
10128             pfd = NULL;
10129             target_pfd = NULL;
10130             if (nfds) {
10131                 if (nfds > (INT_MAX / sizeof(struct target_pollfd))) {
10132                     ret = -TARGET_EINVAL;
10133                     break;
10134                 }
10135 
10136                 target_pfd = lock_user(VERIFY_WRITE, arg1,
10137                                        sizeof(struct target_pollfd) * nfds, 1);
10138                 if (!target_pfd) {
10139                     goto efault;
10140                 }
10141 
10142                 pfd = alloca(sizeof(struct pollfd) * nfds);
10143                 for (i = 0; i < nfds; i++) {
10144                     pfd[i].fd = tswap32(target_pfd[i].fd);
10145                     pfd[i].events = tswap16(target_pfd[i].events);
10146                 }
10147             }
10148 
10149             switch (num) {
10150 # ifdef TARGET_NR_ppoll
10151             case TARGET_NR_ppoll:
10152             {
10153                 struct timespec _timeout_ts, *timeout_ts = &_timeout_ts;
10154                 target_sigset_t *target_set;
10155                 sigset_t _set, *set = &_set;
10156 
10157                 if (arg3) {
10158                     if (target_to_host_timespec(timeout_ts, arg3)) {
10159                         unlock_user(target_pfd, arg1, 0);
10160                         goto efault;
10161                     }
10162                 } else {
10163                     timeout_ts = NULL;
10164                 }
10165 
10166                 if (arg4) {
10167                     if (arg5 != sizeof(target_sigset_t)) {
10168                         unlock_user(target_pfd, arg1, 0);
10169                         ret = -TARGET_EINVAL;
10170                         break;
10171                     }
10172 
10173                     target_set = lock_user(VERIFY_READ, arg4, sizeof(target_sigset_t), 1);
10174                     if (!target_set) {
10175                         unlock_user(target_pfd, arg1, 0);
10176                         goto efault;
10177                     }
10178                     target_to_host_sigset(set, target_set);
10179                 } else {
10180                     set = NULL;
10181                 }
10182 
10183                 ret = get_errno(safe_ppoll(pfd, nfds, timeout_ts,
10184                                            set, SIGSET_T_SIZE));
10185 
10186                 if (!is_error(ret) && arg3) {
10187                     host_to_target_timespec(arg3, timeout_ts);
10188                 }
10189                 if (arg4) {
10190                     unlock_user(target_set, arg4, 0);
10191                 }
10192                 break;
10193             }
10194 # endif
10195 # ifdef TARGET_NR_poll
10196             case TARGET_NR_poll:
10197             {
10198                 struct timespec ts, *pts;
10199 
10200                 if (arg3 >= 0) {
10201                     /* Convert ms to secs, ns */
10202                     ts.tv_sec = arg3 / 1000;
10203                     ts.tv_nsec = (arg3 % 1000) * 1000000LL;
10204                     pts = &ts;
10205                 } else {
10206                     /* -ve poll() timeout means "infinite" */
10207                     pts = NULL;
10208                 }
10209                 ret = get_errno(safe_ppoll(pfd, nfds, pts, NULL, 0));
10210                 break;
10211             }
10212 # endif
10213             default:
10214                 g_assert_not_reached();
10215             }
10216 
10217             if (!is_error(ret)) {
10218                 for(i = 0; i < nfds; i++) {
10219                     target_pfd[i].revents = tswap16(pfd[i].revents);
10220                 }
10221             }
10222             unlock_user(target_pfd, arg1, sizeof(struct target_pollfd) * nfds);
10223         }
10224         break;
10225 #endif
10226     case TARGET_NR_flock:
10227         /* NOTE: the flock constant seems to be the same for every
10228            Linux platform */
10229         ret = get_errno(safe_flock(arg1, arg2));
10230         break;
10231     case TARGET_NR_readv:
10232         {
10233             struct iovec *vec = lock_iovec(VERIFY_WRITE, arg2, arg3, 0);
10234             if (vec != NULL) {
10235                 ret = get_errno(safe_readv(arg1, vec, arg3));
10236                 unlock_iovec(vec, arg2, arg3, 1);
10237             } else {
10238                 ret = -host_to_target_errno(errno);
10239             }
10240         }
10241         break;
10242     case TARGET_NR_writev:
10243         {
10244             struct iovec *vec = lock_iovec(VERIFY_READ, arg2, arg3, 1);
10245             if (vec != NULL) {
10246                 ret = get_errno(safe_writev(arg1, vec, arg3));
10247                 unlock_iovec(vec, arg2, arg3, 0);
10248             } else {
10249                 ret = -host_to_target_errno(errno);
10250             }
10251         }
10252         break;
10253 #if defined(TARGET_NR_preadv)
10254     case TARGET_NR_preadv:
10255         {
10256             struct iovec *vec = lock_iovec(VERIFY_WRITE, arg2, arg3, 0);
10257             if (vec != NULL) {
10258                 ret = get_errno(safe_preadv(arg1, vec, arg3, arg4, arg5));
10259                 unlock_iovec(vec, arg2, arg3, 1);
10260             } else {
10261                 ret = -host_to_target_errno(errno);
10262            }
10263         }
10264         break;
10265 #endif
10266 #if defined(TARGET_NR_pwritev)
10267     case TARGET_NR_pwritev:
10268         {
10269             struct iovec *vec = lock_iovec(VERIFY_READ, arg2, arg3, 1);
10270             if (vec != NULL) {
10271                 ret = get_errno(safe_pwritev(arg1, vec, arg3, arg4, arg5));
10272                 unlock_iovec(vec, arg2, arg3, 0);
10273             } else {
10274                 ret = -host_to_target_errno(errno);
10275            }
10276         }
10277         break;
10278 #endif
10279     case TARGET_NR_getsid:
10280         ret = get_errno(getsid(arg1));
10281         break;
10282 #if defined(TARGET_NR_fdatasync) /* Not on alpha (osf_datasync ?) */
10283     case TARGET_NR_fdatasync:
10284         ret = get_errno(fdatasync(arg1));
10285         break;
10286 #endif
10287 #ifdef TARGET_NR__sysctl
10288     case TARGET_NR__sysctl:
10289         /* We don't implement this, but ENOTDIR is always a safe
10290            return value. */
10291         ret = -TARGET_ENOTDIR;
10292         break;
10293 #endif
10294     case TARGET_NR_sched_getaffinity:
10295         {
10296             unsigned int mask_size;
10297             unsigned long *mask;
10298 
10299             /*
10300              * sched_getaffinity needs multiples of ulong, so need to take
10301              * care of mismatches between target ulong and host ulong sizes.
10302              */
10303             if (arg2 & (sizeof(abi_ulong) - 1)) {
10304                 ret = -TARGET_EINVAL;
10305                 break;
10306             }
10307             mask_size = (arg2 + (sizeof(*mask) - 1)) & ~(sizeof(*mask) - 1);
10308 
10309             mask = alloca(mask_size);
10310             ret = get_errno(sys_sched_getaffinity(arg1, mask_size, mask));
10311 
10312             if (!is_error(ret)) {
10313                 if (ret > arg2) {
10314                     /* More data returned than the caller's buffer will fit.
10315                      * This only happens if sizeof(abi_long) < sizeof(long)
10316                      * and the caller passed us a buffer holding an odd number
10317                      * of abi_longs. If the host kernel is actually using the
10318                      * extra 4 bytes then fail EINVAL; otherwise we can just
10319                      * ignore them and only copy the interesting part.
10320                      */
10321                     int numcpus = sysconf(_SC_NPROCESSORS_CONF);
10322                     if (numcpus > arg2 * 8) {
10323                         ret = -TARGET_EINVAL;
10324                         break;
10325                     }
10326                     ret = arg2;
10327                 }
10328 
10329                 if (copy_to_user(arg3, mask, ret)) {
10330                     goto efault;
10331                 }
10332             }
10333         }
10334         break;
10335     case TARGET_NR_sched_setaffinity:
10336         {
10337             unsigned int mask_size;
10338             unsigned long *mask;
10339 
10340             /*
10341              * sched_setaffinity needs multiples of ulong, so need to take
10342              * care of mismatches between target ulong and host ulong sizes.
10343              */
10344             if (arg2 & (sizeof(abi_ulong) - 1)) {
10345                 ret = -TARGET_EINVAL;
10346                 break;
10347             }
10348             mask_size = (arg2 + (sizeof(*mask) - 1)) & ~(sizeof(*mask) - 1);
10349 
10350             mask = alloca(mask_size);
10351             if (!lock_user_struct(VERIFY_READ, p, arg3, 1)) {
10352                 goto efault;
10353             }
10354             memcpy(mask, p, arg2);
10355             unlock_user_struct(p, arg2, 0);
10356 
10357             ret = get_errno(sys_sched_setaffinity(arg1, mask_size, mask));
10358         }
10359         break;
10360     case TARGET_NR_sched_setparam:
10361         {
10362             struct sched_param *target_schp;
10363             struct sched_param schp;
10364 
10365             if (arg2 == 0) {
10366                 return -TARGET_EINVAL;
10367             }
10368             if (!lock_user_struct(VERIFY_READ, target_schp, arg2, 1))
10369                 goto efault;
10370             schp.sched_priority = tswap32(target_schp->sched_priority);
10371             unlock_user_struct(target_schp, arg2, 0);
10372             ret = get_errno(sched_setparam(arg1, &schp));
10373         }
10374         break;
10375     case TARGET_NR_sched_getparam:
10376         {
10377             struct sched_param *target_schp;
10378             struct sched_param schp;
10379 
10380             if (arg2 == 0) {
10381                 return -TARGET_EINVAL;
10382             }
10383             ret = get_errno(sched_getparam(arg1, &schp));
10384             if (!is_error(ret)) {
10385                 if (!lock_user_struct(VERIFY_WRITE, target_schp, arg2, 0))
10386                     goto efault;
10387                 target_schp->sched_priority = tswap32(schp.sched_priority);
10388                 unlock_user_struct(target_schp, arg2, 1);
10389             }
10390         }
10391         break;
10392     case TARGET_NR_sched_setscheduler:
10393         {
10394             struct sched_param *target_schp;
10395             struct sched_param schp;
10396             if (arg3 == 0) {
10397                 return -TARGET_EINVAL;
10398             }
10399             if (!lock_user_struct(VERIFY_READ, target_schp, arg3, 1))
10400                 goto efault;
10401             schp.sched_priority = tswap32(target_schp->sched_priority);
10402             unlock_user_struct(target_schp, arg3, 0);
10403             ret = get_errno(sched_setscheduler(arg1, arg2, &schp));
10404         }
10405         break;
10406     case TARGET_NR_sched_getscheduler:
10407         ret = get_errno(sched_getscheduler(arg1));
10408         break;
10409     case TARGET_NR_sched_yield:
10410         ret = get_errno(sched_yield());
10411         break;
10412     case TARGET_NR_sched_get_priority_max:
10413         ret = get_errno(sched_get_priority_max(arg1));
10414         break;
10415     case TARGET_NR_sched_get_priority_min:
10416         ret = get_errno(sched_get_priority_min(arg1));
10417         break;
10418     case TARGET_NR_sched_rr_get_interval:
10419         {
10420             struct timespec ts;
10421             ret = get_errno(sched_rr_get_interval(arg1, &ts));
10422             if (!is_error(ret)) {
10423                 ret = host_to_target_timespec(arg2, &ts);
10424             }
10425         }
10426         break;
10427     case TARGET_NR_nanosleep:
10428         {
10429             struct timespec req, rem;
10430             target_to_host_timespec(&req, arg1);
10431             ret = get_errno(safe_nanosleep(&req, &rem));
10432             if (is_error(ret) && arg2) {
10433                 host_to_target_timespec(arg2, &rem);
10434             }
10435         }
10436         break;
10437 #ifdef TARGET_NR_query_module
10438     case TARGET_NR_query_module:
10439         goto unimplemented;
10440 #endif
10441 #ifdef TARGET_NR_nfsservctl
10442     case TARGET_NR_nfsservctl:
10443         goto unimplemented;
10444 #endif
10445     case TARGET_NR_prctl:
10446         switch (arg1) {
10447         case PR_GET_PDEATHSIG:
10448         {
10449             int deathsig;
10450             ret = get_errno(prctl(arg1, &deathsig, arg3, arg4, arg5));
10451             if (!is_error(ret) && arg2
10452                 && put_user_ual(deathsig, arg2)) {
10453                 goto efault;
10454             }
10455             break;
10456         }
10457 #ifdef PR_GET_NAME
10458         case PR_GET_NAME:
10459         {
10460             void *name = lock_user(VERIFY_WRITE, arg2, 16, 1);
10461             if (!name) {
10462                 goto efault;
10463             }
10464             ret = get_errno(prctl(arg1, (unsigned long)name,
10465                                   arg3, arg4, arg5));
10466             unlock_user(name, arg2, 16);
10467             break;
10468         }
10469         case PR_SET_NAME:
10470         {
10471             void *name = lock_user(VERIFY_READ, arg2, 16, 1);
10472             if (!name) {
10473                 goto efault;
10474             }
10475             ret = get_errno(prctl(arg1, (unsigned long)name,
10476                                   arg3, arg4, arg5));
10477             unlock_user(name, arg2, 0);
10478             break;
10479         }
10480 #endif
10481         default:
10482             /* Most prctl options have no pointer arguments */
10483             ret = get_errno(prctl(arg1, arg2, arg3, arg4, arg5));
10484             break;
10485         }
10486         break;
10487 #ifdef TARGET_NR_arch_prctl
10488     case TARGET_NR_arch_prctl:
10489 #if defined(TARGET_I386) && !defined(TARGET_ABI32)
10490         ret = do_arch_prctl(cpu_env, arg1, arg2);
10491         break;
10492 #else
10493         goto unimplemented;
10494 #endif
10495 #endif
10496 #ifdef TARGET_NR_pread64
10497     case TARGET_NR_pread64:
10498         if (regpairs_aligned(cpu_env)) {
10499             arg4 = arg5;
10500             arg5 = arg6;
10501         }
10502         if (!(p = lock_user(VERIFY_WRITE, arg2, arg3, 0)))
10503             goto efault;
10504         ret = get_errno(pread64(arg1, p, arg3, target_offset64(arg4, arg5)));
10505         unlock_user(p, arg2, ret);
10506         break;
10507     case TARGET_NR_pwrite64:
10508         if (regpairs_aligned(cpu_env)) {
10509             arg4 = arg5;
10510             arg5 = arg6;
10511         }
10512         if (!(p = lock_user(VERIFY_READ, arg2, arg3, 1)))
10513             goto efault;
10514         ret = get_errno(pwrite64(arg1, p, arg3, target_offset64(arg4, arg5)));
10515         unlock_user(p, arg2, 0);
10516         break;
10517 #endif
10518     case TARGET_NR_getcwd:
10519         if (!(p = lock_user(VERIFY_WRITE, arg1, arg2, 0)))
10520             goto efault;
10521         ret = get_errno(sys_getcwd1(p, arg2));
10522         unlock_user(p, arg1, ret);
10523         break;
10524     case TARGET_NR_capget:
10525     case TARGET_NR_capset:
10526     {
10527         struct target_user_cap_header *target_header;
10528         struct target_user_cap_data *target_data = NULL;
10529         struct __user_cap_header_struct header;
10530         struct __user_cap_data_struct data[2];
10531         struct __user_cap_data_struct *dataptr = NULL;
10532         int i, target_datalen;
10533         int data_items = 1;
10534 
10535         if (!lock_user_struct(VERIFY_WRITE, target_header, arg1, 1)) {
10536             goto efault;
10537         }
10538         header.version = tswap32(target_header->version);
10539         header.pid = tswap32(target_header->pid);
10540 
10541         if (header.version != _LINUX_CAPABILITY_VERSION) {
10542             /* Version 2 and up takes pointer to two user_data structs */
10543             data_items = 2;
10544         }
10545 
10546         target_datalen = sizeof(*target_data) * data_items;
10547 
10548         if (arg2) {
10549             if (num == TARGET_NR_capget) {
10550                 target_data = lock_user(VERIFY_WRITE, arg2, target_datalen, 0);
10551             } else {
10552                 target_data = lock_user(VERIFY_READ, arg2, target_datalen, 1);
10553             }
10554             if (!target_data) {
10555                 unlock_user_struct(target_header, arg1, 0);
10556                 goto efault;
10557             }
10558 
10559             if (num == TARGET_NR_capset) {
10560                 for (i = 0; i < data_items; i++) {
10561                     data[i].effective = tswap32(target_data[i].effective);
10562                     data[i].permitted = tswap32(target_data[i].permitted);
10563                     data[i].inheritable = tswap32(target_data[i].inheritable);
10564                 }
10565             }
10566 
10567             dataptr = data;
10568         }
10569 
10570         if (num == TARGET_NR_capget) {
10571             ret = get_errno(capget(&header, dataptr));
10572         } else {
10573             ret = get_errno(capset(&header, dataptr));
10574         }
10575 
10576         /* The kernel always updates version for both capget and capset */
10577         target_header->version = tswap32(header.version);
10578         unlock_user_struct(target_header, arg1, 1);
10579 
10580         if (arg2) {
10581             if (num == TARGET_NR_capget) {
10582                 for (i = 0; i < data_items; i++) {
10583                     target_data[i].effective = tswap32(data[i].effective);
10584                     target_data[i].permitted = tswap32(data[i].permitted);
10585                     target_data[i].inheritable = tswap32(data[i].inheritable);
10586                 }
10587                 unlock_user(target_data, arg2, target_datalen);
10588             } else {
10589                 unlock_user(target_data, arg2, 0);
10590             }
10591         }
10592         break;
10593     }
10594     case TARGET_NR_sigaltstack:
10595         ret = do_sigaltstack(arg1, arg2, get_sp_from_cpustate((CPUArchState *)cpu_env));
10596         break;
10597 
10598 #ifdef CONFIG_SENDFILE
10599     case TARGET_NR_sendfile:
10600     {
10601         off_t *offp = NULL;
10602         off_t off;
10603         if (arg3) {
10604             ret = get_user_sal(off, arg3);
10605             if (is_error(ret)) {
10606                 break;
10607             }
10608             offp = &off;
10609         }
10610         ret = get_errno(sendfile(arg1, arg2, offp, arg4));
10611         if (!is_error(ret) && arg3) {
10612             abi_long ret2 = put_user_sal(off, arg3);
10613             if (is_error(ret2)) {
10614                 ret = ret2;
10615             }
10616         }
10617         break;
10618     }
10619 #ifdef TARGET_NR_sendfile64
10620     case TARGET_NR_sendfile64:
10621     {
10622         off_t *offp = NULL;
10623         off_t off;
10624         if (arg3) {
10625             ret = get_user_s64(off, arg3);
10626             if (is_error(ret)) {
10627                 break;
10628             }
10629             offp = &off;
10630         }
10631         ret = get_errno(sendfile(arg1, arg2, offp, arg4));
10632         if (!is_error(ret) && arg3) {
10633             abi_long ret2 = put_user_s64(off, arg3);
10634             if (is_error(ret2)) {
10635                 ret = ret2;
10636             }
10637         }
10638         break;
10639     }
10640 #endif
10641 #else
10642     case TARGET_NR_sendfile:
10643 #ifdef TARGET_NR_sendfile64
10644     case TARGET_NR_sendfile64:
10645 #endif
10646         goto unimplemented;
10647 #endif
10648 
10649 #ifdef TARGET_NR_getpmsg
10650     case TARGET_NR_getpmsg:
10651         goto unimplemented;
10652 #endif
10653 #ifdef TARGET_NR_putpmsg
10654     case TARGET_NR_putpmsg:
10655         goto unimplemented;
10656 #endif
10657 #ifdef TARGET_NR_vfork
10658     case TARGET_NR_vfork:
10659         ret = get_errno(do_fork(cpu_env,
10660                         CLONE_VFORK | CLONE_VM | TARGET_SIGCHLD,
10661                         0, 0, 0, 0));
10662         break;
10663 #endif
10664 #ifdef TARGET_NR_ugetrlimit
10665     case TARGET_NR_ugetrlimit:
10666     {
10667 	struct rlimit rlim;
10668 	int resource = target_to_host_resource(arg1);
10669 	ret = get_errno(getrlimit(resource, &rlim));
10670 	if (!is_error(ret)) {
10671 	    struct target_rlimit *target_rlim;
10672             if (!lock_user_struct(VERIFY_WRITE, target_rlim, arg2, 0))
10673                 goto efault;
10674 	    target_rlim->rlim_cur = host_to_target_rlim(rlim.rlim_cur);
10675 	    target_rlim->rlim_max = host_to_target_rlim(rlim.rlim_max);
10676             unlock_user_struct(target_rlim, arg2, 1);
10677 	}
10678 	break;
10679     }
10680 #endif
10681 #ifdef TARGET_NR_truncate64
10682     case TARGET_NR_truncate64:
10683         if (!(p = lock_user_string(arg1)))
10684             goto efault;
10685 	ret = target_truncate64(cpu_env, p, arg2, arg3, arg4);
10686         unlock_user(p, arg1, 0);
10687 	break;
10688 #endif
10689 #ifdef TARGET_NR_ftruncate64
10690     case TARGET_NR_ftruncate64:
10691 	ret = target_ftruncate64(cpu_env, arg1, arg2, arg3, arg4);
10692 	break;
10693 #endif
10694 #ifdef TARGET_NR_stat64
10695     case TARGET_NR_stat64:
10696         if (!(p = lock_user_string(arg1)))
10697             goto efault;
10698         ret = get_errno(stat(path(p), &st));
10699         unlock_user(p, arg1, 0);
10700         if (!is_error(ret))
10701             ret = host_to_target_stat64(cpu_env, arg2, &st);
10702         break;
10703 #endif
10704 #ifdef TARGET_NR_lstat64
10705     case TARGET_NR_lstat64:
10706         if (!(p = lock_user_string(arg1)))
10707             goto efault;
10708         ret = get_errno(lstat(path(p), &st));
10709         unlock_user(p, arg1, 0);
10710         if (!is_error(ret))
10711             ret = host_to_target_stat64(cpu_env, arg2, &st);
10712         break;
10713 #endif
10714 #ifdef TARGET_NR_fstat64
10715     case TARGET_NR_fstat64:
10716         ret = get_errno(fstat(arg1, &st));
10717         if (!is_error(ret))
10718             ret = host_to_target_stat64(cpu_env, arg2, &st);
10719         break;
10720 #endif
10721 #if (defined(TARGET_NR_fstatat64) || defined(TARGET_NR_newfstatat))
10722 #ifdef TARGET_NR_fstatat64
10723     case TARGET_NR_fstatat64:
10724 #endif
10725 #ifdef TARGET_NR_newfstatat
10726     case TARGET_NR_newfstatat:
10727 #endif
10728         if (!(p = lock_user_string(arg2)))
10729             goto efault;
10730         ret = get_errno(fstatat(arg1, path(p), &st, arg4));
10731         if (!is_error(ret))
10732             ret = host_to_target_stat64(cpu_env, arg3, &st);
10733         break;
10734 #endif
10735 #ifdef TARGET_NR_lchown
10736     case TARGET_NR_lchown:
10737         if (!(p = lock_user_string(arg1)))
10738             goto efault;
10739         ret = get_errno(lchown(p, low2highuid(arg2), low2highgid(arg3)));
10740         unlock_user(p, arg1, 0);
10741         break;
10742 #endif
10743 #ifdef TARGET_NR_getuid
10744     case TARGET_NR_getuid:
10745         ret = get_errno(high2lowuid(getuid()));
10746         break;
10747 #endif
10748 #ifdef TARGET_NR_getgid
10749     case TARGET_NR_getgid:
10750         ret = get_errno(high2lowgid(getgid()));
10751         break;
10752 #endif
10753 #ifdef TARGET_NR_geteuid
10754     case TARGET_NR_geteuid:
10755         ret = get_errno(high2lowuid(geteuid()));
10756         break;
10757 #endif
10758 #ifdef TARGET_NR_getegid
10759     case TARGET_NR_getegid:
10760         ret = get_errno(high2lowgid(getegid()));
10761         break;
10762 #endif
10763     case TARGET_NR_setreuid:
10764         ret = get_errno(setreuid(low2highuid(arg1), low2highuid(arg2)));
10765         break;
10766     case TARGET_NR_setregid:
10767         ret = get_errno(setregid(low2highgid(arg1), low2highgid(arg2)));
10768         break;
10769     case TARGET_NR_getgroups:
10770         {
10771             int gidsetsize = arg1;
10772             target_id *target_grouplist;
10773             gid_t *grouplist;
10774             int i;
10775 
10776             grouplist = alloca(gidsetsize * sizeof(gid_t));
10777             ret = get_errno(getgroups(gidsetsize, grouplist));
10778             if (gidsetsize == 0)
10779                 break;
10780             if (!is_error(ret)) {
10781                 target_grouplist = lock_user(VERIFY_WRITE, arg2, gidsetsize * sizeof(target_id), 0);
10782                 if (!target_grouplist)
10783                     goto efault;
10784                 for(i = 0;i < ret; i++)
10785                     target_grouplist[i] = tswapid(high2lowgid(grouplist[i]));
10786                 unlock_user(target_grouplist, arg2, gidsetsize * sizeof(target_id));
10787             }
10788         }
10789         break;
10790     case TARGET_NR_setgroups:
10791         {
10792             int gidsetsize = arg1;
10793             target_id *target_grouplist;
10794             gid_t *grouplist = NULL;
10795             int i;
10796             if (gidsetsize) {
10797                 grouplist = alloca(gidsetsize * sizeof(gid_t));
10798                 target_grouplist = lock_user(VERIFY_READ, arg2, gidsetsize * sizeof(target_id), 1);
10799                 if (!target_grouplist) {
10800                     ret = -TARGET_EFAULT;
10801                     goto fail;
10802                 }
10803                 for (i = 0; i < gidsetsize; i++) {
10804                     grouplist[i] = low2highgid(tswapid(target_grouplist[i]));
10805                 }
10806                 unlock_user(target_grouplist, arg2, 0);
10807             }
10808             ret = get_errno(setgroups(gidsetsize, grouplist));
10809         }
10810         break;
10811     case TARGET_NR_fchown:
10812         ret = get_errno(fchown(arg1, low2highuid(arg2), low2highgid(arg3)));
10813         break;
10814 #if defined(TARGET_NR_fchownat)
10815     case TARGET_NR_fchownat:
10816         if (!(p = lock_user_string(arg2)))
10817             goto efault;
10818         ret = get_errno(fchownat(arg1, p, low2highuid(arg3),
10819                                  low2highgid(arg4), arg5));
10820         unlock_user(p, arg2, 0);
10821         break;
10822 #endif
10823 #ifdef TARGET_NR_setresuid
10824     case TARGET_NR_setresuid:
10825         ret = get_errno(sys_setresuid(low2highuid(arg1),
10826                                       low2highuid(arg2),
10827                                       low2highuid(arg3)));
10828         break;
10829 #endif
10830 #ifdef TARGET_NR_getresuid
10831     case TARGET_NR_getresuid:
10832         {
10833             uid_t ruid, euid, suid;
10834             ret = get_errno(getresuid(&ruid, &euid, &suid));
10835             if (!is_error(ret)) {
10836                 if (put_user_id(high2lowuid(ruid), arg1)
10837                     || put_user_id(high2lowuid(euid), arg2)
10838                     || put_user_id(high2lowuid(suid), arg3))
10839                     goto efault;
10840             }
10841         }
10842         break;
10843 #endif
10844 #ifdef TARGET_NR_getresgid
10845     case TARGET_NR_setresgid:
10846         ret = get_errno(sys_setresgid(low2highgid(arg1),
10847                                       low2highgid(arg2),
10848                                       low2highgid(arg3)));
10849         break;
10850 #endif
10851 #ifdef TARGET_NR_getresgid
10852     case TARGET_NR_getresgid:
10853         {
10854             gid_t rgid, egid, sgid;
10855             ret = get_errno(getresgid(&rgid, &egid, &sgid));
10856             if (!is_error(ret)) {
10857                 if (put_user_id(high2lowgid(rgid), arg1)
10858                     || put_user_id(high2lowgid(egid), arg2)
10859                     || put_user_id(high2lowgid(sgid), arg3))
10860                     goto efault;
10861             }
10862         }
10863         break;
10864 #endif
10865 #ifdef TARGET_NR_chown
10866     case TARGET_NR_chown:
10867         if (!(p = lock_user_string(arg1)))
10868             goto efault;
10869         ret = get_errno(chown(p, low2highuid(arg2), low2highgid(arg3)));
10870         unlock_user(p, arg1, 0);
10871         break;
10872 #endif
10873     case TARGET_NR_setuid:
10874         ret = get_errno(sys_setuid(low2highuid(arg1)));
10875         break;
10876     case TARGET_NR_setgid:
10877         ret = get_errno(sys_setgid(low2highgid(arg1)));
10878         break;
10879     case TARGET_NR_setfsuid:
10880         ret = get_errno(setfsuid(arg1));
10881         break;
10882     case TARGET_NR_setfsgid:
10883         ret = get_errno(setfsgid(arg1));
10884         break;
10885 
10886 #ifdef TARGET_NR_lchown32
10887     case TARGET_NR_lchown32:
10888         if (!(p = lock_user_string(arg1)))
10889             goto efault;
10890         ret = get_errno(lchown(p, arg2, arg3));
10891         unlock_user(p, arg1, 0);
10892         break;
10893 #endif
10894 #ifdef TARGET_NR_getuid32
10895     case TARGET_NR_getuid32:
10896         ret = get_errno(getuid());
10897         break;
10898 #endif
10899 
10900 #if defined(TARGET_NR_getxuid) && defined(TARGET_ALPHA)
10901    /* Alpha specific */
10902     case TARGET_NR_getxuid:
10903          {
10904             uid_t euid;
10905             euid=geteuid();
10906             ((CPUAlphaState *)cpu_env)->ir[IR_A4]=euid;
10907          }
10908         ret = get_errno(getuid());
10909         break;
10910 #endif
10911 #if defined(TARGET_NR_getxgid) && defined(TARGET_ALPHA)
10912    /* Alpha specific */
10913     case TARGET_NR_getxgid:
10914          {
10915             uid_t egid;
10916             egid=getegid();
10917             ((CPUAlphaState *)cpu_env)->ir[IR_A4]=egid;
10918          }
10919         ret = get_errno(getgid());
10920         break;
10921 #endif
10922 #if defined(TARGET_NR_osf_getsysinfo) && defined(TARGET_ALPHA)
10923     /* Alpha specific */
10924     case TARGET_NR_osf_getsysinfo:
10925         ret = -TARGET_EOPNOTSUPP;
10926         switch (arg1) {
10927           case TARGET_GSI_IEEE_FP_CONTROL:
10928             {
10929                 uint64_t swcr, fpcr = cpu_alpha_load_fpcr (cpu_env);
10930 
10931                 /* Copied from linux ieee_fpcr_to_swcr.  */
10932                 swcr = (fpcr >> 35) & SWCR_STATUS_MASK;
10933                 swcr |= (fpcr >> 36) & SWCR_MAP_DMZ;
10934                 swcr |= (~fpcr >> 48) & (SWCR_TRAP_ENABLE_INV
10935                                         | SWCR_TRAP_ENABLE_DZE
10936                                         | SWCR_TRAP_ENABLE_OVF);
10937                 swcr |= (~fpcr >> 57) & (SWCR_TRAP_ENABLE_UNF
10938                                         | SWCR_TRAP_ENABLE_INE);
10939                 swcr |= (fpcr >> 47) & SWCR_MAP_UMZ;
10940                 swcr |= (~fpcr >> 41) & SWCR_TRAP_ENABLE_DNO;
10941 
10942                 if (put_user_u64 (swcr, arg2))
10943                         goto efault;
10944                 ret = 0;
10945             }
10946             break;
10947 
10948           /* case GSI_IEEE_STATE_AT_SIGNAL:
10949              -- Not implemented in linux kernel.
10950              case GSI_UACPROC:
10951              -- Retrieves current unaligned access state; not much used.
10952              case GSI_PROC_TYPE:
10953              -- Retrieves implver information; surely not used.
10954              case GSI_GET_HWRPB:
10955              -- Grabs a copy of the HWRPB; surely not used.
10956           */
10957         }
10958         break;
10959 #endif
10960 #if defined(TARGET_NR_osf_setsysinfo) && defined(TARGET_ALPHA)
10961     /* Alpha specific */
10962     case TARGET_NR_osf_setsysinfo:
10963         ret = -TARGET_EOPNOTSUPP;
10964         switch (arg1) {
10965           case TARGET_SSI_IEEE_FP_CONTROL:
10966             {
10967                 uint64_t swcr, fpcr, orig_fpcr;
10968 
10969                 if (get_user_u64 (swcr, arg2)) {
10970                     goto efault;
10971                 }
10972                 orig_fpcr = cpu_alpha_load_fpcr(cpu_env);
10973                 fpcr = orig_fpcr & FPCR_DYN_MASK;
10974 
10975                 /* Copied from linux ieee_swcr_to_fpcr.  */
10976                 fpcr |= (swcr & SWCR_STATUS_MASK) << 35;
10977                 fpcr |= (swcr & SWCR_MAP_DMZ) << 36;
10978                 fpcr |= (~swcr & (SWCR_TRAP_ENABLE_INV
10979                                   | SWCR_TRAP_ENABLE_DZE
10980                                   | SWCR_TRAP_ENABLE_OVF)) << 48;
10981                 fpcr |= (~swcr & (SWCR_TRAP_ENABLE_UNF
10982                                   | SWCR_TRAP_ENABLE_INE)) << 57;
10983                 fpcr |= (swcr & SWCR_MAP_UMZ ? FPCR_UNDZ | FPCR_UNFD : 0);
10984                 fpcr |= (~swcr & SWCR_TRAP_ENABLE_DNO) << 41;
10985 
10986                 cpu_alpha_store_fpcr(cpu_env, fpcr);
10987                 ret = 0;
10988             }
10989             break;
10990 
10991           case TARGET_SSI_IEEE_RAISE_EXCEPTION:
10992             {
10993                 uint64_t exc, fpcr, orig_fpcr;
10994                 int si_code;
10995 
10996                 if (get_user_u64(exc, arg2)) {
10997                     goto efault;
10998                 }
10999 
11000                 orig_fpcr = cpu_alpha_load_fpcr(cpu_env);
11001 
11002                 /* We only add to the exception status here.  */
11003                 fpcr = orig_fpcr | ((exc & SWCR_STATUS_MASK) << 35);
11004 
11005                 cpu_alpha_store_fpcr(cpu_env, fpcr);
11006                 ret = 0;
11007 
11008                 /* Old exceptions are not signaled.  */
11009                 fpcr &= ~(orig_fpcr & FPCR_STATUS_MASK);
11010 
11011                 /* If any exceptions set by this call,
11012                    and are unmasked, send a signal.  */
11013                 si_code = 0;
11014                 if ((fpcr & (FPCR_INE | FPCR_INED)) == FPCR_INE) {
11015                     si_code = TARGET_FPE_FLTRES;
11016                 }
11017                 if ((fpcr & (FPCR_UNF | FPCR_UNFD)) == FPCR_UNF) {
11018                     si_code = TARGET_FPE_FLTUND;
11019                 }
11020                 if ((fpcr & (FPCR_OVF | FPCR_OVFD)) == FPCR_OVF) {
11021                     si_code = TARGET_FPE_FLTOVF;
11022                 }
11023                 if ((fpcr & (FPCR_DZE | FPCR_DZED)) == FPCR_DZE) {
11024                     si_code = TARGET_FPE_FLTDIV;
11025                 }
11026                 if ((fpcr & (FPCR_INV | FPCR_INVD)) == FPCR_INV) {
11027                     si_code = TARGET_FPE_FLTINV;
11028                 }
11029                 if (si_code != 0) {
11030                     target_siginfo_t info;
11031                     info.si_signo = SIGFPE;
11032                     info.si_errno = 0;
11033                     info.si_code = si_code;
11034                     info._sifields._sigfault._addr
11035                         = ((CPUArchState *)cpu_env)->pc;
11036                     queue_signal((CPUArchState *)cpu_env, info.si_signo,
11037                                  QEMU_SI_FAULT, &info);
11038                 }
11039             }
11040             break;
11041 
11042           /* case SSI_NVPAIRS:
11043              -- Used with SSIN_UACPROC to enable unaligned accesses.
11044              case SSI_IEEE_STATE_AT_SIGNAL:
11045              case SSI_IEEE_IGNORE_STATE_AT_SIGNAL:
11046              -- Not implemented in linux kernel
11047           */
11048         }
11049         break;
11050 #endif
11051 #ifdef TARGET_NR_osf_sigprocmask
11052     /* Alpha specific.  */
11053     case TARGET_NR_osf_sigprocmask:
11054         {
11055             abi_ulong mask;
11056             int how;
11057             sigset_t set, oldset;
11058 
11059             switch(arg1) {
11060             case TARGET_SIG_BLOCK:
11061                 how = SIG_BLOCK;
11062                 break;
11063             case TARGET_SIG_UNBLOCK:
11064                 how = SIG_UNBLOCK;
11065                 break;
11066             case TARGET_SIG_SETMASK:
11067                 how = SIG_SETMASK;
11068                 break;
11069             default:
11070                 ret = -TARGET_EINVAL;
11071                 goto fail;
11072             }
11073             mask = arg2;
11074             target_to_host_old_sigset(&set, &mask);
11075             ret = do_sigprocmask(how, &set, &oldset);
11076             if (!ret) {
11077                 host_to_target_old_sigset(&mask, &oldset);
11078                 ret = mask;
11079             }
11080         }
11081         break;
11082 #endif
11083 
11084 #ifdef TARGET_NR_getgid32
11085     case TARGET_NR_getgid32:
11086         ret = get_errno(getgid());
11087         break;
11088 #endif
11089 #ifdef TARGET_NR_geteuid32
11090     case TARGET_NR_geteuid32:
11091         ret = get_errno(geteuid());
11092         break;
11093 #endif
11094 #ifdef TARGET_NR_getegid32
11095     case TARGET_NR_getegid32:
11096         ret = get_errno(getegid());
11097         break;
11098 #endif
11099 #ifdef TARGET_NR_setreuid32
11100     case TARGET_NR_setreuid32:
11101         ret = get_errno(setreuid(arg1, arg2));
11102         break;
11103 #endif
11104 #ifdef TARGET_NR_setregid32
11105     case TARGET_NR_setregid32:
11106         ret = get_errno(setregid(arg1, arg2));
11107         break;
11108 #endif
11109 #ifdef TARGET_NR_getgroups32
11110     case TARGET_NR_getgroups32:
11111         {
11112             int gidsetsize = arg1;
11113             uint32_t *target_grouplist;
11114             gid_t *grouplist;
11115             int i;
11116 
11117             grouplist = alloca(gidsetsize * sizeof(gid_t));
11118             ret = get_errno(getgroups(gidsetsize, grouplist));
11119             if (gidsetsize == 0)
11120                 break;
11121             if (!is_error(ret)) {
11122                 target_grouplist = lock_user(VERIFY_WRITE, arg2, gidsetsize * 4, 0);
11123                 if (!target_grouplist) {
11124                     ret = -TARGET_EFAULT;
11125                     goto fail;
11126                 }
11127                 for(i = 0;i < ret; i++)
11128                     target_grouplist[i] = tswap32(grouplist[i]);
11129                 unlock_user(target_grouplist, arg2, gidsetsize * 4);
11130             }
11131         }
11132         break;
11133 #endif
11134 #ifdef TARGET_NR_setgroups32
11135     case TARGET_NR_setgroups32:
11136         {
11137             int gidsetsize = arg1;
11138             uint32_t *target_grouplist;
11139             gid_t *grouplist;
11140             int i;
11141 
11142             grouplist = alloca(gidsetsize * sizeof(gid_t));
11143             target_grouplist = lock_user(VERIFY_READ, arg2, gidsetsize * 4, 1);
11144             if (!target_grouplist) {
11145                 ret = -TARGET_EFAULT;
11146                 goto fail;
11147             }
11148             for(i = 0;i < gidsetsize; i++)
11149                 grouplist[i] = tswap32(target_grouplist[i]);
11150             unlock_user(target_grouplist, arg2, 0);
11151             ret = get_errno(setgroups(gidsetsize, grouplist));
11152         }
11153         break;
11154 #endif
11155 #ifdef TARGET_NR_fchown32
11156     case TARGET_NR_fchown32:
11157         ret = get_errno(fchown(arg1, arg2, arg3));
11158         break;
11159 #endif
11160 #ifdef TARGET_NR_setresuid32
11161     case TARGET_NR_setresuid32:
11162         ret = get_errno(sys_setresuid(arg1, arg2, arg3));
11163         break;
11164 #endif
11165 #ifdef TARGET_NR_getresuid32
11166     case TARGET_NR_getresuid32:
11167         {
11168             uid_t ruid, euid, suid;
11169             ret = get_errno(getresuid(&ruid, &euid, &suid));
11170             if (!is_error(ret)) {
11171                 if (put_user_u32(ruid, arg1)
11172                     || put_user_u32(euid, arg2)
11173                     || put_user_u32(suid, arg3))
11174                     goto efault;
11175             }
11176         }
11177         break;
11178 #endif
11179 #ifdef TARGET_NR_setresgid32
11180     case TARGET_NR_setresgid32:
11181         ret = get_errno(sys_setresgid(arg1, arg2, arg3));
11182         break;
11183 #endif
11184 #ifdef TARGET_NR_getresgid32
11185     case TARGET_NR_getresgid32:
11186         {
11187             gid_t rgid, egid, sgid;
11188             ret = get_errno(getresgid(&rgid, &egid, &sgid));
11189             if (!is_error(ret)) {
11190                 if (put_user_u32(rgid, arg1)
11191                     || put_user_u32(egid, arg2)
11192                     || put_user_u32(sgid, arg3))
11193                     goto efault;
11194             }
11195         }
11196         break;
11197 #endif
11198 #ifdef TARGET_NR_chown32
11199     case TARGET_NR_chown32:
11200         if (!(p = lock_user_string(arg1)))
11201             goto efault;
11202         ret = get_errno(chown(p, arg2, arg3));
11203         unlock_user(p, arg1, 0);
11204         break;
11205 #endif
11206 #ifdef TARGET_NR_setuid32
11207     case TARGET_NR_setuid32:
11208         ret = get_errno(sys_setuid(arg1));
11209         break;
11210 #endif
11211 #ifdef TARGET_NR_setgid32
11212     case TARGET_NR_setgid32:
11213         ret = get_errno(sys_setgid(arg1));
11214         break;
11215 #endif
11216 #ifdef TARGET_NR_setfsuid32
11217     case TARGET_NR_setfsuid32:
11218         ret = get_errno(setfsuid(arg1));
11219         break;
11220 #endif
11221 #ifdef TARGET_NR_setfsgid32
11222     case TARGET_NR_setfsgid32:
11223         ret = get_errno(setfsgid(arg1));
11224         break;
11225 #endif
11226 
11227     case TARGET_NR_pivot_root:
11228         goto unimplemented;
11229 #ifdef TARGET_NR_mincore
11230     case TARGET_NR_mincore:
11231         {
11232             void *a;
11233             ret = -TARGET_ENOMEM;
11234             a = lock_user(VERIFY_READ, arg1, arg2, 0);
11235             if (!a) {
11236                 goto fail;
11237             }
11238             ret = -TARGET_EFAULT;
11239             p = lock_user_string(arg3);
11240             if (!p) {
11241                 goto mincore_fail;
11242             }
11243             ret = get_errno(mincore(a, arg2, p));
11244             unlock_user(p, arg3, ret);
11245             mincore_fail:
11246             unlock_user(a, arg1, 0);
11247         }
11248         break;
11249 #endif
11250 #ifdef TARGET_NR_arm_fadvise64_64
11251     case TARGET_NR_arm_fadvise64_64:
11252         /* arm_fadvise64_64 looks like fadvise64_64 but
11253          * with different argument order: fd, advice, offset, len
11254          * rather than the usual fd, offset, len, advice.
11255          * Note that offset and len are both 64-bit so appear as
11256          * pairs of 32-bit registers.
11257          */
11258         ret = posix_fadvise(arg1, target_offset64(arg3, arg4),
11259                             target_offset64(arg5, arg6), arg2);
11260         ret = -host_to_target_errno(ret);
11261         break;
11262 #endif
11263 
11264 #if TARGET_ABI_BITS == 32
11265 
11266 #ifdef TARGET_NR_fadvise64_64
11267     case TARGET_NR_fadvise64_64:
11268 #if defined(TARGET_PPC)
11269         /* 6 args: fd, advice, offset (high, low), len (high, low) */
11270         ret = arg2;
11271         arg2 = arg3;
11272         arg3 = arg4;
11273         arg4 = arg5;
11274         arg5 = arg6;
11275         arg6 = ret;
11276 #else
11277         /* 6 args: fd, offset (high, low), len (high, low), advice */
11278         if (regpairs_aligned(cpu_env)) {
11279             /* offset is in (3,4), len in (5,6) and advice in 7 */
11280             arg2 = arg3;
11281             arg3 = arg4;
11282             arg4 = arg5;
11283             arg5 = arg6;
11284             arg6 = arg7;
11285         }
11286 #endif
11287         ret = -host_to_target_errno(posix_fadvise(arg1,
11288                                                   target_offset64(arg2, arg3),
11289                                                   target_offset64(arg4, arg5),
11290                                                   arg6));
11291         break;
11292 #endif
11293 
11294 #ifdef TARGET_NR_fadvise64
11295     case TARGET_NR_fadvise64:
11296         /* 5 args: fd, offset (high, low), len, advice */
11297         if (regpairs_aligned(cpu_env)) {
11298             /* offset is in (3,4), len in 5 and advice in 6 */
11299             arg2 = arg3;
11300             arg3 = arg4;
11301             arg4 = arg5;
11302             arg5 = arg6;
11303         }
11304         ret = -host_to_target_errno(posix_fadvise(arg1,
11305                                                   target_offset64(arg2, arg3),
11306                                                   arg4, arg5));
11307         break;
11308 #endif
11309 
11310 #else /* not a 32-bit ABI */
11311 #if defined(TARGET_NR_fadvise64_64) || defined(TARGET_NR_fadvise64)
11312 #ifdef TARGET_NR_fadvise64_64
11313     case TARGET_NR_fadvise64_64:
11314 #endif
11315 #ifdef TARGET_NR_fadvise64
11316     case TARGET_NR_fadvise64:
11317 #endif
11318 #ifdef TARGET_S390X
11319         switch (arg4) {
11320         case 4: arg4 = POSIX_FADV_NOREUSE + 1; break; /* make sure it's an invalid value */
11321         case 5: arg4 = POSIX_FADV_NOREUSE + 2; break; /* ditto */
11322         case 6: arg4 = POSIX_FADV_DONTNEED; break;
11323         case 7: arg4 = POSIX_FADV_NOREUSE; break;
11324         default: break;
11325         }
11326 #endif
11327         ret = -host_to_target_errno(posix_fadvise(arg1, arg2, arg3, arg4));
11328         break;
11329 #endif
11330 #endif /* end of 64-bit ABI fadvise handling */
11331 
11332 #ifdef TARGET_NR_madvise
11333     case TARGET_NR_madvise:
11334         /* A straight passthrough may not be safe because qemu sometimes
11335            turns private file-backed mappings into anonymous mappings.
11336            This will break MADV_DONTNEED.
11337            This is a hint, so ignoring and returning success is ok.  */
11338         ret = get_errno(0);
11339         break;
11340 #endif
11341 #if TARGET_ABI_BITS == 32
11342     case TARGET_NR_fcntl64:
11343     {
11344 	int cmd;
11345 	struct flock64 fl;
11346         from_flock64_fn *copyfrom = copy_from_user_flock64;
11347         to_flock64_fn *copyto = copy_to_user_flock64;
11348 
11349 #ifdef TARGET_ARM
11350         if (((CPUARMState *)cpu_env)->eabi) {
11351             copyfrom = copy_from_user_eabi_flock64;
11352             copyto = copy_to_user_eabi_flock64;
11353         }
11354 #endif
11355 
11356 	cmd = target_to_host_fcntl_cmd(arg2);
11357         if (cmd == -TARGET_EINVAL) {
11358             ret = cmd;
11359             break;
11360         }
11361 
11362         switch(arg2) {
11363         case TARGET_F_GETLK64:
11364             ret = copyfrom(&fl, arg3);
11365             if (ret) {
11366                 break;
11367             }
11368             ret = get_errno(fcntl(arg1, cmd, &fl));
11369             if (ret == 0) {
11370                 ret = copyto(arg3, &fl);
11371             }
11372 	    break;
11373 
11374         case TARGET_F_SETLK64:
11375         case TARGET_F_SETLKW64:
11376             ret = copyfrom(&fl, arg3);
11377             if (ret) {
11378                 break;
11379             }
11380             ret = get_errno(safe_fcntl(arg1, cmd, &fl));
11381 	    break;
11382         default:
11383             ret = do_fcntl(arg1, arg2, arg3);
11384             break;
11385         }
11386 	break;
11387     }
11388 #endif
11389 #ifdef TARGET_NR_cacheflush
11390     case TARGET_NR_cacheflush:
11391         /* self-modifying code is handled automatically, so nothing needed */
11392         ret = 0;
11393         break;
11394 #endif
11395 #ifdef TARGET_NR_security
11396     case TARGET_NR_security:
11397         goto unimplemented;
11398 #endif
11399 #ifdef TARGET_NR_getpagesize
11400     case TARGET_NR_getpagesize:
11401         ret = TARGET_PAGE_SIZE;
11402         break;
11403 #endif
11404     case TARGET_NR_gettid:
11405         ret = get_errno(gettid());
11406         break;
11407 #ifdef TARGET_NR_readahead
11408     case TARGET_NR_readahead:
11409 #if TARGET_ABI_BITS == 32
11410         if (regpairs_aligned(cpu_env)) {
11411             arg2 = arg3;
11412             arg3 = arg4;
11413             arg4 = arg5;
11414         }
11415         ret = get_errno(readahead(arg1, target_offset64(arg2, arg3) , arg4));
11416 #else
11417         ret = get_errno(readahead(arg1, arg2, arg3));
11418 #endif
11419         break;
11420 #endif
11421 #ifdef CONFIG_ATTR
11422 #ifdef TARGET_NR_setxattr
11423     case TARGET_NR_listxattr:
11424     case TARGET_NR_llistxattr:
11425     {
11426         void *p, *b = 0;
11427         if (arg2) {
11428             b = lock_user(VERIFY_WRITE, arg2, arg3, 0);
11429             if (!b) {
11430                 ret = -TARGET_EFAULT;
11431                 break;
11432             }
11433         }
11434         p = lock_user_string(arg1);
11435         if (p) {
11436             if (num == TARGET_NR_listxattr) {
11437                 ret = get_errno(listxattr(p, b, arg3));
11438             } else {
11439                 ret = get_errno(llistxattr(p, b, arg3));
11440             }
11441         } else {
11442             ret = -TARGET_EFAULT;
11443         }
11444         unlock_user(p, arg1, 0);
11445         unlock_user(b, arg2, arg3);
11446         break;
11447     }
11448     case TARGET_NR_flistxattr:
11449     {
11450         void *b = 0;
11451         if (arg2) {
11452             b = lock_user(VERIFY_WRITE, arg2, arg3, 0);
11453             if (!b) {
11454                 ret = -TARGET_EFAULT;
11455                 break;
11456             }
11457         }
11458         ret = get_errno(flistxattr(arg1, b, arg3));
11459         unlock_user(b, arg2, arg3);
11460         break;
11461     }
11462     case TARGET_NR_setxattr:
11463     case TARGET_NR_lsetxattr:
11464         {
11465             void *p, *n, *v = 0;
11466             if (arg3) {
11467                 v = lock_user(VERIFY_READ, arg3, arg4, 1);
11468                 if (!v) {
11469                     ret = -TARGET_EFAULT;
11470                     break;
11471                 }
11472             }
11473             p = lock_user_string(arg1);
11474             n = lock_user_string(arg2);
11475             if (p && n) {
11476                 if (num == TARGET_NR_setxattr) {
11477                     ret = get_errno(setxattr(p, n, v, arg4, arg5));
11478                 } else {
11479                     ret = get_errno(lsetxattr(p, n, v, arg4, arg5));
11480                 }
11481             } else {
11482                 ret = -TARGET_EFAULT;
11483             }
11484             unlock_user(p, arg1, 0);
11485             unlock_user(n, arg2, 0);
11486             unlock_user(v, arg3, 0);
11487         }
11488         break;
11489     case TARGET_NR_fsetxattr:
11490         {
11491             void *n, *v = 0;
11492             if (arg3) {
11493                 v = lock_user(VERIFY_READ, arg3, arg4, 1);
11494                 if (!v) {
11495                     ret = -TARGET_EFAULT;
11496                     break;
11497                 }
11498             }
11499             n = lock_user_string(arg2);
11500             if (n) {
11501                 ret = get_errno(fsetxattr(arg1, n, v, arg4, arg5));
11502             } else {
11503                 ret = -TARGET_EFAULT;
11504             }
11505             unlock_user(n, arg2, 0);
11506             unlock_user(v, arg3, 0);
11507         }
11508         break;
11509     case TARGET_NR_getxattr:
11510     case TARGET_NR_lgetxattr:
11511         {
11512             void *p, *n, *v = 0;
11513             if (arg3) {
11514                 v = lock_user(VERIFY_WRITE, arg3, arg4, 0);
11515                 if (!v) {
11516                     ret = -TARGET_EFAULT;
11517                     break;
11518                 }
11519             }
11520             p = lock_user_string(arg1);
11521             n = lock_user_string(arg2);
11522             if (p && n) {
11523                 if (num == TARGET_NR_getxattr) {
11524                     ret = get_errno(getxattr(p, n, v, arg4));
11525                 } else {
11526                     ret = get_errno(lgetxattr(p, n, v, arg4));
11527                 }
11528             } else {
11529                 ret = -TARGET_EFAULT;
11530             }
11531             unlock_user(p, arg1, 0);
11532             unlock_user(n, arg2, 0);
11533             unlock_user(v, arg3, arg4);
11534         }
11535         break;
11536     case TARGET_NR_fgetxattr:
11537         {
11538             void *n, *v = 0;
11539             if (arg3) {
11540                 v = lock_user(VERIFY_WRITE, arg3, arg4, 0);
11541                 if (!v) {
11542                     ret = -TARGET_EFAULT;
11543                     break;
11544                 }
11545             }
11546             n = lock_user_string(arg2);
11547             if (n) {
11548                 ret = get_errno(fgetxattr(arg1, n, v, arg4));
11549             } else {
11550                 ret = -TARGET_EFAULT;
11551             }
11552             unlock_user(n, arg2, 0);
11553             unlock_user(v, arg3, arg4);
11554         }
11555         break;
11556     case TARGET_NR_removexattr:
11557     case TARGET_NR_lremovexattr:
11558         {
11559             void *p, *n;
11560             p = lock_user_string(arg1);
11561             n = lock_user_string(arg2);
11562             if (p && n) {
11563                 if (num == TARGET_NR_removexattr) {
11564                     ret = get_errno(removexattr(p, n));
11565                 } else {
11566                     ret = get_errno(lremovexattr(p, n));
11567                 }
11568             } else {
11569                 ret = -TARGET_EFAULT;
11570             }
11571             unlock_user(p, arg1, 0);
11572             unlock_user(n, arg2, 0);
11573         }
11574         break;
11575     case TARGET_NR_fremovexattr:
11576         {
11577             void *n;
11578             n = lock_user_string(arg2);
11579             if (n) {
11580                 ret = get_errno(fremovexattr(arg1, n));
11581             } else {
11582                 ret = -TARGET_EFAULT;
11583             }
11584             unlock_user(n, arg2, 0);
11585         }
11586         break;
11587 #endif
11588 #endif /* CONFIG_ATTR */
11589 #ifdef TARGET_NR_set_thread_area
11590     case TARGET_NR_set_thread_area:
11591 #if defined(TARGET_MIPS)
11592       ((CPUMIPSState *) cpu_env)->active_tc.CP0_UserLocal = arg1;
11593       ret = 0;
11594       break;
11595 #elif defined(TARGET_CRIS)
11596       if (arg1 & 0xff)
11597           ret = -TARGET_EINVAL;
11598       else {
11599           ((CPUCRISState *) cpu_env)->pregs[PR_PID] = arg1;
11600           ret = 0;
11601       }
11602       break;
11603 #elif defined(TARGET_I386) && defined(TARGET_ABI32)
11604       ret = do_set_thread_area(cpu_env, arg1);
11605       break;
11606 #elif defined(TARGET_M68K)
11607       {
11608           TaskState *ts = cpu->opaque;
11609           ts->tp_value = arg1;
11610           ret = 0;
11611           break;
11612       }
11613 #else
11614       goto unimplemented_nowarn;
11615 #endif
11616 #endif
11617 #ifdef TARGET_NR_get_thread_area
11618     case TARGET_NR_get_thread_area:
11619 #if defined(TARGET_I386) && defined(TARGET_ABI32)
11620         ret = do_get_thread_area(cpu_env, arg1);
11621         break;
11622 #elif defined(TARGET_M68K)
11623         {
11624             TaskState *ts = cpu->opaque;
11625             ret = ts->tp_value;
11626             break;
11627         }
11628 #else
11629         goto unimplemented_nowarn;
11630 #endif
11631 #endif
11632 #ifdef TARGET_NR_getdomainname
11633     case TARGET_NR_getdomainname:
11634         goto unimplemented_nowarn;
11635 #endif
11636 
11637 #ifdef TARGET_NR_clock_gettime
11638     case TARGET_NR_clock_gettime:
11639     {
11640         struct timespec ts;
11641         ret = get_errno(clock_gettime(arg1, &ts));
11642         if (!is_error(ret)) {
11643             host_to_target_timespec(arg2, &ts);
11644         }
11645         break;
11646     }
11647 #endif
11648 #ifdef TARGET_NR_clock_getres
11649     case TARGET_NR_clock_getres:
11650     {
11651         struct timespec ts;
11652         ret = get_errno(clock_getres(arg1, &ts));
11653         if (!is_error(ret)) {
11654             host_to_target_timespec(arg2, &ts);
11655         }
11656         break;
11657     }
11658 #endif
11659 #ifdef TARGET_NR_clock_nanosleep
11660     case TARGET_NR_clock_nanosleep:
11661     {
11662         struct timespec ts;
11663         target_to_host_timespec(&ts, arg3);
11664         ret = get_errno(safe_clock_nanosleep(arg1, arg2,
11665                                              &ts, arg4 ? &ts : NULL));
11666         if (arg4)
11667             host_to_target_timespec(arg4, &ts);
11668 
11669 #if defined(TARGET_PPC)
11670         /* clock_nanosleep is odd in that it returns positive errno values.
11671          * On PPC, CR0 bit 3 should be set in such a situation. */
11672         if (ret && ret != -TARGET_ERESTARTSYS) {
11673             ((CPUPPCState *)cpu_env)->crf[0] |= 1;
11674         }
11675 #endif
11676         break;
11677     }
11678 #endif
11679 
11680 #if defined(TARGET_NR_set_tid_address) && defined(__NR_set_tid_address)
11681     case TARGET_NR_set_tid_address:
11682         ret = get_errno(set_tid_address((int *)g2h(arg1)));
11683         break;
11684 #endif
11685 
11686     case TARGET_NR_tkill:
11687         ret = get_errno(safe_tkill((int)arg1, target_to_host_signal(arg2)));
11688         break;
11689 
11690     case TARGET_NR_tgkill:
11691         ret = get_errno(safe_tgkill((int)arg1, (int)arg2,
11692                         target_to_host_signal(arg3)));
11693         break;
11694 
11695 #ifdef TARGET_NR_set_robust_list
11696     case TARGET_NR_set_robust_list:
11697     case TARGET_NR_get_robust_list:
11698         /* The ABI for supporting robust futexes has userspace pass
11699          * the kernel a pointer to a linked list which is updated by
11700          * userspace after the syscall; the list is walked by the kernel
11701          * when the thread exits. Since the linked list in QEMU guest
11702          * memory isn't a valid linked list for the host and we have
11703          * no way to reliably intercept the thread-death event, we can't
11704          * support these. Silently return ENOSYS so that guest userspace
11705          * falls back to a non-robust futex implementation (which should
11706          * be OK except in the corner case of the guest crashing while
11707          * holding a mutex that is shared with another process via
11708          * shared memory).
11709          */
11710         goto unimplemented_nowarn;
11711 #endif
11712 
11713 #if defined(TARGET_NR_utimensat)
11714     case TARGET_NR_utimensat:
11715         {
11716             struct timespec *tsp, ts[2];
11717             if (!arg3) {
11718                 tsp = NULL;
11719             } else {
11720                 target_to_host_timespec(ts, arg3);
11721                 target_to_host_timespec(ts+1, arg3+sizeof(struct target_timespec));
11722                 tsp = ts;
11723             }
11724             if (!arg2)
11725                 ret = get_errno(sys_utimensat(arg1, NULL, tsp, arg4));
11726             else {
11727                 if (!(p = lock_user_string(arg2))) {
11728                     ret = -TARGET_EFAULT;
11729                     goto fail;
11730                 }
11731                 ret = get_errno(sys_utimensat(arg1, path(p), tsp, arg4));
11732                 unlock_user(p, arg2, 0);
11733             }
11734         }
11735 	break;
11736 #endif
11737     case TARGET_NR_futex:
11738         ret = do_futex(arg1, arg2, arg3, arg4, arg5, arg6);
11739         break;
11740 #if defined(TARGET_NR_inotify_init) && defined(__NR_inotify_init)
11741     case TARGET_NR_inotify_init:
11742         ret = get_errno(sys_inotify_init());
11743         fd_trans_register(ret, &target_inotify_trans);
11744         break;
11745 #endif
11746 #ifdef CONFIG_INOTIFY1
11747 #if defined(TARGET_NR_inotify_init1) && defined(__NR_inotify_init1)
11748     case TARGET_NR_inotify_init1:
11749         ret = get_errno(sys_inotify_init1(target_to_host_bitmask(arg1,
11750                                           fcntl_flags_tbl)));
11751         fd_trans_register(ret, &target_inotify_trans);
11752         break;
11753 #endif
11754 #endif
11755 #if defined(TARGET_NR_inotify_add_watch) && defined(__NR_inotify_add_watch)
11756     case TARGET_NR_inotify_add_watch:
11757         p = lock_user_string(arg2);
11758         ret = get_errno(sys_inotify_add_watch(arg1, path(p), arg3));
11759         unlock_user(p, arg2, 0);
11760         break;
11761 #endif
11762 #if defined(TARGET_NR_inotify_rm_watch) && defined(__NR_inotify_rm_watch)
11763     case TARGET_NR_inotify_rm_watch:
11764         ret = get_errno(sys_inotify_rm_watch(arg1, arg2));
11765         break;
11766 #endif
11767 
11768 #if defined(TARGET_NR_mq_open) && defined(__NR_mq_open)
11769     case TARGET_NR_mq_open:
11770         {
11771             struct mq_attr posix_mq_attr;
11772             struct mq_attr *pposix_mq_attr;
11773             int host_flags;
11774 
11775             host_flags = target_to_host_bitmask(arg2, fcntl_flags_tbl);
11776             pposix_mq_attr = NULL;
11777             if (arg4) {
11778                 if (copy_from_user_mq_attr(&posix_mq_attr, arg4) != 0) {
11779                     goto efault;
11780                 }
11781                 pposix_mq_attr = &posix_mq_attr;
11782             }
11783             p = lock_user_string(arg1 - 1);
11784             if (!p) {
11785                 goto efault;
11786             }
11787             ret = get_errno(mq_open(p, host_flags, arg3, pposix_mq_attr));
11788             unlock_user (p, arg1, 0);
11789         }
11790         break;
11791 
11792     case TARGET_NR_mq_unlink:
11793         p = lock_user_string(arg1 - 1);
11794         if (!p) {
11795             ret = -TARGET_EFAULT;
11796             break;
11797         }
11798         ret = get_errno(mq_unlink(p));
11799         unlock_user (p, arg1, 0);
11800         break;
11801 
11802     case TARGET_NR_mq_timedsend:
11803         {
11804             struct timespec ts;
11805 
11806             p = lock_user (VERIFY_READ, arg2, arg3, 1);
11807             if (arg5 != 0) {
11808                 target_to_host_timespec(&ts, arg5);
11809                 ret = get_errno(safe_mq_timedsend(arg1, p, arg3, arg4, &ts));
11810                 host_to_target_timespec(arg5, &ts);
11811             } else {
11812                 ret = get_errno(safe_mq_timedsend(arg1, p, arg3, arg4, NULL));
11813             }
11814             unlock_user (p, arg2, arg3);
11815         }
11816         break;
11817 
11818     case TARGET_NR_mq_timedreceive:
11819         {
11820             struct timespec ts;
11821             unsigned int prio;
11822 
11823             p = lock_user (VERIFY_READ, arg2, arg3, 1);
11824             if (arg5 != 0) {
11825                 target_to_host_timespec(&ts, arg5);
11826                 ret = get_errno(safe_mq_timedreceive(arg1, p, arg3,
11827                                                      &prio, &ts));
11828                 host_to_target_timespec(arg5, &ts);
11829             } else {
11830                 ret = get_errno(safe_mq_timedreceive(arg1, p, arg3,
11831                                                      &prio, NULL));
11832             }
11833             unlock_user (p, arg2, arg3);
11834             if (arg4 != 0)
11835                 put_user_u32(prio, arg4);
11836         }
11837         break;
11838 
11839     /* Not implemented for now... */
11840 /*     case TARGET_NR_mq_notify: */
11841 /*         break; */
11842 
11843     case TARGET_NR_mq_getsetattr:
11844         {
11845             struct mq_attr posix_mq_attr_in, posix_mq_attr_out;
11846             ret = 0;
11847             if (arg3 != 0) {
11848                 ret = mq_getattr(arg1, &posix_mq_attr_out);
11849                 copy_to_user_mq_attr(arg3, &posix_mq_attr_out);
11850             }
11851             if (arg2 != 0) {
11852                 copy_from_user_mq_attr(&posix_mq_attr_in, arg2);
11853                 ret |= mq_setattr(arg1, &posix_mq_attr_in, &posix_mq_attr_out);
11854             }
11855 
11856         }
11857         break;
11858 #endif
11859 
11860 #ifdef CONFIG_SPLICE
11861 #ifdef TARGET_NR_tee
11862     case TARGET_NR_tee:
11863         {
11864             ret = get_errno(tee(arg1,arg2,arg3,arg4));
11865         }
11866         break;
11867 #endif
11868 #ifdef TARGET_NR_splice
11869     case TARGET_NR_splice:
11870         {
11871             loff_t loff_in, loff_out;
11872             loff_t *ploff_in = NULL, *ploff_out = NULL;
11873             if (arg2) {
11874                 if (get_user_u64(loff_in, arg2)) {
11875                     goto efault;
11876                 }
11877                 ploff_in = &loff_in;
11878             }
11879             if (arg4) {
11880                 if (get_user_u64(loff_out, arg4)) {
11881                     goto efault;
11882                 }
11883                 ploff_out = &loff_out;
11884             }
11885             ret = get_errno(splice(arg1, ploff_in, arg3, ploff_out, arg5, arg6));
11886             if (arg2) {
11887                 if (put_user_u64(loff_in, arg2)) {
11888                     goto efault;
11889                 }
11890             }
11891             if (arg4) {
11892                 if (put_user_u64(loff_out, arg4)) {
11893                     goto efault;
11894                 }
11895             }
11896         }
11897         break;
11898 #endif
11899 #ifdef TARGET_NR_vmsplice
11900 	case TARGET_NR_vmsplice:
11901         {
11902             struct iovec *vec = lock_iovec(VERIFY_READ, arg2, arg3, 1);
11903             if (vec != NULL) {
11904                 ret = get_errno(vmsplice(arg1, vec, arg3, arg4));
11905                 unlock_iovec(vec, arg2, arg3, 0);
11906             } else {
11907                 ret = -host_to_target_errno(errno);
11908             }
11909         }
11910         break;
11911 #endif
11912 #endif /* CONFIG_SPLICE */
11913 #ifdef CONFIG_EVENTFD
11914 #if defined(TARGET_NR_eventfd)
11915     case TARGET_NR_eventfd:
11916         ret = get_errno(eventfd(arg1, 0));
11917         fd_trans_register(ret, &target_eventfd_trans);
11918         break;
11919 #endif
11920 #if defined(TARGET_NR_eventfd2)
11921     case TARGET_NR_eventfd2:
11922     {
11923         int host_flags = arg2 & (~(TARGET_O_NONBLOCK | TARGET_O_CLOEXEC));
11924         if (arg2 & TARGET_O_NONBLOCK) {
11925             host_flags |= O_NONBLOCK;
11926         }
11927         if (arg2 & TARGET_O_CLOEXEC) {
11928             host_flags |= O_CLOEXEC;
11929         }
11930         ret = get_errno(eventfd(arg1, host_flags));
11931         fd_trans_register(ret, &target_eventfd_trans);
11932         break;
11933     }
11934 #endif
11935 #endif /* CONFIG_EVENTFD  */
11936 #if defined(CONFIG_FALLOCATE) && defined(TARGET_NR_fallocate)
11937     case TARGET_NR_fallocate:
11938 #if TARGET_ABI_BITS == 32
11939         ret = get_errno(fallocate(arg1, arg2, target_offset64(arg3, arg4),
11940                                   target_offset64(arg5, arg6)));
11941 #else
11942         ret = get_errno(fallocate(arg1, arg2, arg3, arg4));
11943 #endif
11944         break;
11945 #endif
11946 #if defined(CONFIG_SYNC_FILE_RANGE)
11947 #if defined(TARGET_NR_sync_file_range)
11948     case TARGET_NR_sync_file_range:
11949 #if TARGET_ABI_BITS == 32
11950 #if defined(TARGET_MIPS)
11951         ret = get_errno(sync_file_range(arg1, target_offset64(arg3, arg4),
11952                                         target_offset64(arg5, arg6), arg7));
11953 #else
11954         ret = get_errno(sync_file_range(arg1, target_offset64(arg2, arg3),
11955                                         target_offset64(arg4, arg5), arg6));
11956 #endif /* !TARGET_MIPS */
11957 #else
11958         ret = get_errno(sync_file_range(arg1, arg2, arg3, arg4));
11959 #endif
11960         break;
11961 #endif
11962 #if defined(TARGET_NR_sync_file_range2)
11963     case TARGET_NR_sync_file_range2:
11964         /* This is like sync_file_range but the arguments are reordered */
11965 #if TARGET_ABI_BITS == 32
11966         ret = get_errno(sync_file_range(arg1, target_offset64(arg3, arg4),
11967                                         target_offset64(arg5, arg6), arg2));
11968 #else
11969         ret = get_errno(sync_file_range(arg1, arg3, arg4, arg2));
11970 #endif
11971         break;
11972 #endif
11973 #endif
11974 #if defined(TARGET_NR_signalfd4)
11975     case TARGET_NR_signalfd4:
11976         ret = do_signalfd4(arg1, arg2, arg4);
11977         break;
11978 #endif
11979 #if defined(TARGET_NR_signalfd)
11980     case TARGET_NR_signalfd:
11981         ret = do_signalfd4(arg1, arg2, 0);
11982         break;
11983 #endif
11984 #if defined(CONFIG_EPOLL)
11985 #if defined(TARGET_NR_epoll_create)
11986     case TARGET_NR_epoll_create:
11987         ret = get_errno(epoll_create(arg1));
11988         break;
11989 #endif
11990 #if defined(TARGET_NR_epoll_create1) && defined(CONFIG_EPOLL_CREATE1)
11991     case TARGET_NR_epoll_create1:
11992         ret = get_errno(epoll_create1(arg1));
11993         break;
11994 #endif
11995 #if defined(TARGET_NR_epoll_ctl)
11996     case TARGET_NR_epoll_ctl:
11997     {
11998         struct epoll_event ep;
11999         struct epoll_event *epp = 0;
12000         if (arg4) {
12001             struct target_epoll_event *target_ep;
12002             if (!lock_user_struct(VERIFY_READ, target_ep, arg4, 1)) {
12003                 goto efault;
12004             }
12005             ep.events = tswap32(target_ep->events);
12006             /* The epoll_data_t union is just opaque data to the kernel,
12007              * so we transfer all 64 bits across and need not worry what
12008              * actual data type it is.
12009              */
12010             ep.data.u64 = tswap64(target_ep->data.u64);
12011             unlock_user_struct(target_ep, arg4, 0);
12012             epp = &ep;
12013         }
12014         ret = get_errno(epoll_ctl(arg1, arg2, arg3, epp));
12015         break;
12016     }
12017 #endif
12018 
12019 #if defined(TARGET_NR_epoll_wait) || defined(TARGET_NR_epoll_pwait)
12020 #if defined(TARGET_NR_epoll_wait)
12021     case TARGET_NR_epoll_wait:
12022 #endif
12023 #if defined(TARGET_NR_epoll_pwait)
12024     case TARGET_NR_epoll_pwait:
12025 #endif
12026     {
12027         struct target_epoll_event *target_ep;
12028         struct epoll_event *ep;
12029         int epfd = arg1;
12030         int maxevents = arg3;
12031         int timeout = arg4;
12032 
12033         if (maxevents <= 0 || maxevents > TARGET_EP_MAX_EVENTS) {
12034             ret = -TARGET_EINVAL;
12035             break;
12036         }
12037 
12038         target_ep = lock_user(VERIFY_WRITE, arg2,
12039                               maxevents * sizeof(struct target_epoll_event), 1);
12040         if (!target_ep) {
12041             goto efault;
12042         }
12043 
12044         ep = g_try_new(struct epoll_event, maxevents);
12045         if (!ep) {
12046             unlock_user(target_ep, arg2, 0);
12047             ret = -TARGET_ENOMEM;
12048             break;
12049         }
12050 
12051         switch (num) {
12052 #if defined(TARGET_NR_epoll_pwait)
12053         case TARGET_NR_epoll_pwait:
12054         {
12055             target_sigset_t *target_set;
12056             sigset_t _set, *set = &_set;
12057 
12058             if (arg5) {
12059                 if (arg6 != sizeof(target_sigset_t)) {
12060                     ret = -TARGET_EINVAL;
12061                     break;
12062                 }
12063 
12064                 target_set = lock_user(VERIFY_READ, arg5,
12065                                        sizeof(target_sigset_t), 1);
12066                 if (!target_set) {
12067                     ret = -TARGET_EFAULT;
12068                     break;
12069                 }
12070                 target_to_host_sigset(set, target_set);
12071                 unlock_user(target_set, arg5, 0);
12072             } else {
12073                 set = NULL;
12074             }
12075 
12076             ret = get_errno(safe_epoll_pwait(epfd, ep, maxevents, timeout,
12077                                              set, SIGSET_T_SIZE));
12078             break;
12079         }
12080 #endif
12081 #if defined(TARGET_NR_epoll_wait)
12082         case TARGET_NR_epoll_wait:
12083             ret = get_errno(safe_epoll_pwait(epfd, ep, maxevents, timeout,
12084                                              NULL, 0));
12085             break;
12086 #endif
12087         default:
12088             ret = -TARGET_ENOSYS;
12089         }
12090         if (!is_error(ret)) {
12091             int i;
12092             for (i = 0; i < ret; i++) {
12093                 target_ep[i].events = tswap32(ep[i].events);
12094                 target_ep[i].data.u64 = tswap64(ep[i].data.u64);
12095             }
12096             unlock_user(target_ep, arg2,
12097                         ret * sizeof(struct target_epoll_event));
12098         } else {
12099             unlock_user(target_ep, arg2, 0);
12100         }
12101         g_free(ep);
12102         break;
12103     }
12104 #endif
12105 #endif
12106 #ifdef TARGET_NR_prlimit64
12107     case TARGET_NR_prlimit64:
12108     {
12109         /* args: pid, resource number, ptr to new rlimit, ptr to old rlimit */
12110         struct target_rlimit64 *target_rnew, *target_rold;
12111         struct host_rlimit64 rnew, rold, *rnewp = 0;
12112         int resource = target_to_host_resource(arg2);
12113         if (arg3) {
12114             if (!lock_user_struct(VERIFY_READ, target_rnew, arg3, 1)) {
12115                 goto efault;
12116             }
12117             rnew.rlim_cur = tswap64(target_rnew->rlim_cur);
12118             rnew.rlim_max = tswap64(target_rnew->rlim_max);
12119             unlock_user_struct(target_rnew, arg3, 0);
12120             rnewp = &rnew;
12121         }
12122 
12123         ret = get_errno(sys_prlimit64(arg1, resource, rnewp, arg4 ? &rold : 0));
12124         if (!is_error(ret) && arg4) {
12125             if (!lock_user_struct(VERIFY_WRITE, target_rold, arg4, 1)) {
12126                 goto efault;
12127             }
12128             target_rold->rlim_cur = tswap64(rold.rlim_cur);
12129             target_rold->rlim_max = tswap64(rold.rlim_max);
12130             unlock_user_struct(target_rold, arg4, 1);
12131         }
12132         break;
12133     }
12134 #endif
12135 #ifdef TARGET_NR_gethostname
12136     case TARGET_NR_gethostname:
12137     {
12138         char *name = lock_user(VERIFY_WRITE, arg1, arg2, 0);
12139         if (name) {
12140             ret = get_errno(gethostname(name, arg2));
12141             unlock_user(name, arg1, arg2);
12142         } else {
12143             ret = -TARGET_EFAULT;
12144         }
12145         break;
12146     }
12147 #endif
12148 #ifdef TARGET_NR_atomic_cmpxchg_32
12149     case TARGET_NR_atomic_cmpxchg_32:
12150     {
12151         /* should use start_exclusive from main.c */
12152         abi_ulong mem_value;
12153         if (get_user_u32(mem_value, arg6)) {
12154             target_siginfo_t info;
12155             info.si_signo = SIGSEGV;
12156             info.si_errno = 0;
12157             info.si_code = TARGET_SEGV_MAPERR;
12158             info._sifields._sigfault._addr = arg6;
12159             queue_signal((CPUArchState *)cpu_env, info.si_signo,
12160                          QEMU_SI_FAULT, &info);
12161             ret = 0xdeadbeef;
12162 
12163         }
12164         if (mem_value == arg2)
12165             put_user_u32(arg1, arg6);
12166         ret = mem_value;
12167         break;
12168     }
12169 #endif
12170 #ifdef TARGET_NR_atomic_barrier
12171     case TARGET_NR_atomic_barrier:
12172     {
12173         /* Like the kernel implementation and the qemu arm barrier, no-op this? */
12174         ret = 0;
12175         break;
12176     }
12177 #endif
12178 
12179 #ifdef TARGET_NR_timer_create
12180     case TARGET_NR_timer_create:
12181     {
12182         /* args: clockid_t clockid, struct sigevent *sevp, timer_t *timerid */
12183 
12184         struct sigevent host_sevp = { {0}, }, *phost_sevp = NULL;
12185 
12186         int clkid = arg1;
12187         int timer_index = next_free_host_timer();
12188 
12189         if (timer_index < 0) {
12190             ret = -TARGET_EAGAIN;
12191         } else {
12192             timer_t *phtimer = g_posix_timers  + timer_index;
12193 
12194             if (arg2) {
12195                 phost_sevp = &host_sevp;
12196                 ret = target_to_host_sigevent(phost_sevp, arg2);
12197                 if (ret != 0) {
12198                     break;
12199                 }
12200             }
12201 
12202             ret = get_errno(timer_create(clkid, phost_sevp, phtimer));
12203             if (ret) {
12204                 phtimer = NULL;
12205             } else {
12206                 if (put_user(TIMER_MAGIC | timer_index, arg3, target_timer_t)) {
12207                     goto efault;
12208                 }
12209             }
12210         }
12211         break;
12212     }
12213 #endif
12214 
12215 #ifdef TARGET_NR_timer_settime
12216     case TARGET_NR_timer_settime:
12217     {
12218         /* args: timer_t timerid, int flags, const struct itimerspec *new_value,
12219          * struct itimerspec * old_value */
12220         target_timer_t timerid = get_timer_id(arg1);
12221 
12222         if (timerid < 0) {
12223             ret = timerid;
12224         } else if (arg3 == 0) {
12225             ret = -TARGET_EINVAL;
12226         } else {
12227             timer_t htimer = g_posix_timers[timerid];
12228             struct itimerspec hspec_new = {{0},}, hspec_old = {{0},};
12229 
12230             if (target_to_host_itimerspec(&hspec_new, arg3)) {
12231                 goto efault;
12232             }
12233             ret = get_errno(
12234                           timer_settime(htimer, arg2, &hspec_new, &hspec_old));
12235             if (arg4 && host_to_target_itimerspec(arg4, &hspec_old)) {
12236                 goto efault;
12237             }
12238         }
12239         break;
12240     }
12241 #endif
12242 
12243 #ifdef TARGET_NR_timer_gettime
12244     case TARGET_NR_timer_gettime:
12245     {
12246         /* args: timer_t timerid, struct itimerspec *curr_value */
12247         target_timer_t timerid = get_timer_id(arg1);
12248 
12249         if (timerid < 0) {
12250             ret = timerid;
12251         } else if (!arg2) {
12252             ret = -TARGET_EFAULT;
12253         } else {
12254             timer_t htimer = g_posix_timers[timerid];
12255             struct itimerspec hspec;
12256             ret = get_errno(timer_gettime(htimer, &hspec));
12257 
12258             if (host_to_target_itimerspec(arg2, &hspec)) {
12259                 ret = -TARGET_EFAULT;
12260             }
12261         }
12262         break;
12263     }
12264 #endif
12265 
12266 #ifdef TARGET_NR_timer_getoverrun
12267     case TARGET_NR_timer_getoverrun:
12268     {
12269         /* args: timer_t timerid */
12270         target_timer_t timerid = get_timer_id(arg1);
12271 
12272         if (timerid < 0) {
12273             ret = timerid;
12274         } else {
12275             timer_t htimer = g_posix_timers[timerid];
12276             ret = get_errno(timer_getoverrun(htimer));
12277         }
12278         fd_trans_unregister(ret);
12279         break;
12280     }
12281 #endif
12282 
12283 #ifdef TARGET_NR_timer_delete
12284     case TARGET_NR_timer_delete:
12285     {
12286         /* args: timer_t timerid */
12287         target_timer_t timerid = get_timer_id(arg1);
12288 
12289         if (timerid < 0) {
12290             ret = timerid;
12291         } else {
12292             timer_t htimer = g_posix_timers[timerid];
12293             ret = get_errno(timer_delete(htimer));
12294             g_posix_timers[timerid] = 0;
12295         }
12296         break;
12297     }
12298 #endif
12299 
12300 #if defined(TARGET_NR_timerfd_create) && defined(CONFIG_TIMERFD)
12301     case TARGET_NR_timerfd_create:
12302         ret = get_errno(timerfd_create(arg1,
12303                 target_to_host_bitmask(arg2, fcntl_flags_tbl)));
12304         break;
12305 #endif
12306 
12307 #if defined(TARGET_NR_timerfd_gettime) && defined(CONFIG_TIMERFD)
12308     case TARGET_NR_timerfd_gettime:
12309         {
12310             struct itimerspec its_curr;
12311 
12312             ret = get_errno(timerfd_gettime(arg1, &its_curr));
12313 
12314             if (arg2 && host_to_target_itimerspec(arg2, &its_curr)) {
12315                 goto efault;
12316             }
12317         }
12318         break;
12319 #endif
12320 
12321 #if defined(TARGET_NR_timerfd_settime) && defined(CONFIG_TIMERFD)
12322     case TARGET_NR_timerfd_settime:
12323         {
12324             struct itimerspec its_new, its_old, *p_new;
12325 
12326             if (arg3) {
12327                 if (target_to_host_itimerspec(&its_new, arg3)) {
12328                     goto efault;
12329                 }
12330                 p_new = &its_new;
12331             } else {
12332                 p_new = NULL;
12333             }
12334 
12335             ret = get_errno(timerfd_settime(arg1, arg2, p_new, &its_old));
12336 
12337             if (arg4 && host_to_target_itimerspec(arg4, &its_old)) {
12338                 goto efault;
12339             }
12340         }
12341         break;
12342 #endif
12343 
12344 #if defined(TARGET_NR_ioprio_get) && defined(__NR_ioprio_get)
12345     case TARGET_NR_ioprio_get:
12346         ret = get_errno(ioprio_get(arg1, arg2));
12347         break;
12348 #endif
12349 
12350 #if defined(TARGET_NR_ioprio_set) && defined(__NR_ioprio_set)
12351     case TARGET_NR_ioprio_set:
12352         ret = get_errno(ioprio_set(arg1, arg2, arg3));
12353         break;
12354 #endif
12355 
12356 #if defined(TARGET_NR_setns) && defined(CONFIG_SETNS)
12357     case TARGET_NR_setns:
12358         ret = get_errno(setns(arg1, arg2));
12359         break;
12360 #endif
12361 #if defined(TARGET_NR_unshare) && defined(CONFIG_SETNS)
12362     case TARGET_NR_unshare:
12363         ret = get_errno(unshare(arg1));
12364         break;
12365 #endif
12366 #if defined(TARGET_NR_kcmp) && defined(__NR_kcmp)
12367     case TARGET_NR_kcmp:
12368         ret = get_errno(kcmp(arg1, arg2, arg3, arg4, arg5));
12369         break;
12370 #endif
12371 
12372     default:
12373     unimplemented:
12374         gemu_log("qemu: Unsupported syscall: %d\n", num);
12375 #if defined(TARGET_NR_setxattr) || defined(TARGET_NR_get_thread_area) || defined(TARGET_NR_getdomainname) || defined(TARGET_NR_set_robust_list)
12376     unimplemented_nowarn:
12377 #endif
12378         ret = -TARGET_ENOSYS;
12379         break;
12380     }
12381 fail:
12382 #ifdef DEBUG
12383     gemu_log(" = " TARGET_ABI_FMT_ld "\n", ret);
12384 #endif
12385     if(do_strace)
12386         print_syscall_ret(num, ret);
12387     trace_guest_user_syscall_ret(cpu, num, ret);
12388     return ret;
12389 efault:
12390     ret = -TARGET_EFAULT;
12391     goto fail;
12392 }
12393