xref: /qemu/linux-user/syscall.c (revision bc35d510) 
1 /*
2  *  Linux syscalls
3  *
4  *  Copyright (c) 2003 Fabrice Bellard
5  *
6  *  This program is free software; you can redistribute it and/or modify
7  *  it under the terms of the GNU General Public License as published by
8  *  the Free Software Foundation; either version 2 of the License, or
9  *  (at your option) any later version.
10  *
11  *  This program is distributed in the hope that it will be useful,
12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  *  GNU General Public License for more details.
15  *
16  *  You should have received a copy of the GNU General Public License
17  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
18  */
19 #define _ATFILE_SOURCE
20 #include "qemu/osdep.h"
21 #include "qemu/cutils.h"
22 #include "qemu/path.h"
23 #include <elf.h>
24 #include <endian.h>
25 #include <grp.h>
26 #include <sys/ipc.h>
27 #include <sys/msg.h>
28 #include <sys/wait.h>
29 #include <sys/mount.h>
30 #include <sys/file.h>
31 #include <sys/fsuid.h>
32 #include <sys/personality.h>
33 #include <sys/prctl.h>
34 #include <sys/resource.h>
35 #include <sys/swap.h>
36 #include <linux/capability.h>
37 #include <sched.h>
38 #ifdef __ia64__
39 int __clone2(int (*fn)(void *), void *child_stack_base,
40              size_t stack_size, int flags, void *arg, ...);
41 #endif
42 #include <sys/socket.h>
43 #include <sys/un.h>
44 #include <sys/uio.h>
45 #include <sys/poll.h>
46 #include <sys/times.h>
47 #include <sys/shm.h>
48 #include <sys/sem.h>
49 #include <sys/statfs.h>
50 #include <utime.h>
51 #include <sys/sysinfo.h>
52 #include <sys/signalfd.h>
53 //#include <sys/user.h>
54 #include <netinet/ip.h>
55 #include <netinet/tcp.h>
56 #include <linux/wireless.h>
57 #include <linux/icmp.h>
58 #include "qemu-common.h"
59 #ifdef CONFIG_TIMERFD
60 #include <sys/timerfd.h>
61 #endif
62 #ifdef TARGET_GPROF
63 #include <sys/gmon.h>
64 #endif
65 #ifdef CONFIG_EVENTFD
66 #include <sys/eventfd.h>
67 #endif
68 #ifdef CONFIG_EPOLL
69 #include <sys/epoll.h>
70 #endif
71 #ifdef CONFIG_ATTR
72 #include "qemu/xattr.h"
73 #endif
74 #ifdef CONFIG_SENDFILE
75 #include <sys/sendfile.h>
76 #endif
77 
78 #define termios host_termios
79 #define winsize host_winsize
80 #define termio host_termio
81 #define sgttyb host_sgttyb /* same as target */
82 #define tchars host_tchars /* same as target */
83 #define ltchars host_ltchars /* same as target */
84 
85 #include <linux/termios.h>
86 #include <linux/unistd.h>
87 #include <linux/cdrom.h>
88 #include <linux/hdreg.h>
89 #include <linux/soundcard.h>
90 #include <linux/kd.h>
91 #include <linux/mtio.h>
92 #include <linux/fs.h>
93 #if defined(CONFIG_FIEMAP)
94 #include <linux/fiemap.h>
95 #endif
96 #include <linux/fb.h>
97 #include <linux/vt.h>
98 #include <linux/dm-ioctl.h>
99 #include <linux/reboot.h>
100 #include <linux/route.h>
101 #include <linux/filter.h>
102 #include <linux/blkpg.h>
103 #include <netpacket/packet.h>
104 #include <linux/netlink.h>
105 #ifdef CONFIG_RTNETLINK
106 #include <linux/rtnetlink.h>
107 #include <linux/if_bridge.h>
108 #endif
109 #include <linux/audit.h>
110 #include "linux_loop.h"
111 #include "uname.h"
112 
113 #include "qemu.h"
114 
115 #define CLONE_NPTL_FLAGS2 (CLONE_SETTLS | \
116     CLONE_PARENT_SETTID | CLONE_CHILD_SETTID | CLONE_CHILD_CLEARTID)
117 
118 //#define DEBUG
119 /* Define DEBUG_ERESTARTSYS to force every syscall to be restarted
120  * once. This exercises the codepaths for restart.
121  */
122 //#define DEBUG_ERESTARTSYS
123 
124 //#include <linux/msdos_fs.h>
125 #define	VFAT_IOCTL_READDIR_BOTH		_IOR('r', 1, struct linux_dirent [2])
126 #define	VFAT_IOCTL_READDIR_SHORT	_IOR('r', 2, struct linux_dirent [2])
127 
128 #undef _syscall0
129 #undef _syscall1
130 #undef _syscall2
131 #undef _syscall3
132 #undef _syscall4
133 #undef _syscall5
134 #undef _syscall6
135 
136 #define _syscall0(type,name)		\
137 static type name (void)			\
138 {					\
139 	return syscall(__NR_##name);	\
140 }
141 
142 #define _syscall1(type,name,type1,arg1)		\
143 static type name (type1 arg1)			\
144 {						\
145 	return syscall(__NR_##name, arg1);	\
146 }
147 
148 #define _syscall2(type,name,type1,arg1,type2,arg2)	\
149 static type name (type1 arg1,type2 arg2)		\
150 {							\
151 	return syscall(__NR_##name, arg1, arg2);	\
152 }
153 
154 #define _syscall3(type,name,type1,arg1,type2,arg2,type3,arg3)	\
155 static type name (type1 arg1,type2 arg2,type3 arg3)		\
156 {								\
157 	return syscall(__NR_##name, arg1, arg2, arg3);		\
158 }
159 
160 #define _syscall4(type,name,type1,arg1,type2,arg2,type3,arg3,type4,arg4)	\
161 static type name (type1 arg1,type2 arg2,type3 arg3,type4 arg4)			\
162 {										\
163 	return syscall(__NR_##name, arg1, arg2, arg3, arg4);			\
164 }
165 
166 #define _syscall5(type,name,type1,arg1,type2,arg2,type3,arg3,type4,arg4,	\
167 		  type5,arg5)							\
168 static type name (type1 arg1,type2 arg2,type3 arg3,type4 arg4,type5 arg5)	\
169 {										\
170 	return syscall(__NR_##name, arg1, arg2, arg3, arg4, arg5);		\
171 }
172 
173 
174 #define _syscall6(type,name,type1,arg1,type2,arg2,type3,arg3,type4,arg4,	\
175 		  type5,arg5,type6,arg6)					\
176 static type name (type1 arg1,type2 arg2,type3 arg3,type4 arg4,type5 arg5,	\
177                   type6 arg6)							\
178 {										\
179 	return syscall(__NR_##name, arg1, arg2, arg3, arg4, arg5, arg6);	\
180 }
181 
182 
183 #define __NR_sys_uname __NR_uname
184 #define __NR_sys_getcwd1 __NR_getcwd
185 #define __NR_sys_getdents __NR_getdents
186 #define __NR_sys_getdents64 __NR_getdents64
187 #define __NR_sys_getpriority __NR_getpriority
188 #define __NR_sys_rt_sigqueueinfo __NR_rt_sigqueueinfo
189 #define __NR_sys_syslog __NR_syslog
190 #define __NR_sys_futex __NR_futex
191 #define __NR_sys_inotify_init __NR_inotify_init
192 #define __NR_sys_inotify_add_watch __NR_inotify_add_watch
193 #define __NR_sys_inotify_rm_watch __NR_inotify_rm_watch
194 
195 #if defined(__alpha__) || defined (__ia64__) || defined(__x86_64__) || \
196     defined(__s390x__)
197 #define __NR__llseek __NR_lseek
198 #endif
199 
200 /* Newer kernel ports have llseek() instead of _llseek() */
201 #if defined(TARGET_NR_llseek) && !defined(TARGET_NR__llseek)
202 #define TARGET_NR__llseek TARGET_NR_llseek
203 #endif
204 
205 #ifdef __NR_gettid
206 _syscall0(int, gettid)
207 #else
208 /* This is a replacement for the host gettid() and must return a host
209    errno. */
210 static int gettid(void) {
211     return -ENOSYS;
212 }
213 #endif
214 #if defined(TARGET_NR_getdents) && defined(__NR_getdents)
215 _syscall3(int, sys_getdents, uint, fd, struct linux_dirent *, dirp, uint, count);
216 #endif
217 #if !defined(__NR_getdents) || \
218     (defined(TARGET_NR_getdents64) && defined(__NR_getdents64))
219 _syscall3(int, sys_getdents64, uint, fd, struct linux_dirent64 *, dirp, uint, count);
220 #endif
221 #if defined(TARGET_NR__llseek) && defined(__NR_llseek)
222 _syscall5(int, _llseek,  uint,  fd, ulong, hi, ulong, lo,
223           loff_t *, res, uint, wh);
224 #endif
225 _syscall3(int,sys_rt_sigqueueinfo,int,pid,int,sig,siginfo_t *,uinfo)
226 _syscall3(int,sys_syslog,int,type,char*,bufp,int,len)
227 #ifdef __NR_exit_group
228 _syscall1(int,exit_group,int,error_code)
229 #endif
230 #if defined(TARGET_NR_set_tid_address) && defined(__NR_set_tid_address)
231 _syscall1(int,set_tid_address,int *,tidptr)
232 #endif
233 #if defined(TARGET_NR_futex) && defined(__NR_futex)
234 _syscall6(int,sys_futex,int *,uaddr,int,op,int,val,
235           const struct timespec *,timeout,int *,uaddr2,int,val3)
236 #endif
237 #define __NR_sys_sched_getaffinity __NR_sched_getaffinity
238 _syscall3(int, sys_sched_getaffinity, pid_t, pid, unsigned int, len,
239           unsigned long *, user_mask_ptr);
240 #define __NR_sys_sched_setaffinity __NR_sched_setaffinity
241 _syscall3(int, sys_sched_setaffinity, pid_t, pid, unsigned int, len,
242           unsigned long *, user_mask_ptr);
243 _syscall4(int, reboot, int, magic1, int, magic2, unsigned int, cmd,
244           void *, arg);
245 _syscall2(int, capget, struct __user_cap_header_struct *, header,
246           struct __user_cap_data_struct *, data);
247 _syscall2(int, capset, struct __user_cap_header_struct *, header,
248           struct __user_cap_data_struct *, data);
249 #if defined(TARGET_NR_ioprio_get) && defined(__NR_ioprio_get)
250 _syscall2(int, ioprio_get, int, which, int, who)
251 #endif
252 #if defined(TARGET_NR_ioprio_set) && defined(__NR_ioprio_set)
253 _syscall3(int, ioprio_set, int, which, int, who, int, ioprio)
254 #endif
255 #if defined(TARGET_NR_getrandom) && defined(__NR_getrandom)
256 _syscall3(int, getrandom, void *, buf, size_t, buflen, unsigned int, flags)
257 #endif
258 
259 static bitmask_transtbl fcntl_flags_tbl[] = {
260   { TARGET_O_ACCMODE,   TARGET_O_WRONLY,    O_ACCMODE,   O_WRONLY,    },
261   { TARGET_O_ACCMODE,   TARGET_O_RDWR,      O_ACCMODE,   O_RDWR,      },
262   { TARGET_O_CREAT,     TARGET_O_CREAT,     O_CREAT,     O_CREAT,     },
263   { TARGET_O_EXCL,      TARGET_O_EXCL,      O_EXCL,      O_EXCL,      },
264   { TARGET_O_NOCTTY,    TARGET_O_NOCTTY,    O_NOCTTY,    O_NOCTTY,    },
265   { TARGET_O_TRUNC,     TARGET_O_TRUNC,     O_TRUNC,     O_TRUNC,     },
266   { TARGET_O_APPEND,    TARGET_O_APPEND,    O_APPEND,    O_APPEND,    },
267   { TARGET_O_NONBLOCK,  TARGET_O_NONBLOCK,  O_NONBLOCK,  O_NONBLOCK,  },
268   { TARGET_O_SYNC,      TARGET_O_DSYNC,     O_SYNC,      O_DSYNC,     },
269   { TARGET_O_SYNC,      TARGET_O_SYNC,      O_SYNC,      O_SYNC,      },
270   { TARGET_FASYNC,      TARGET_FASYNC,      FASYNC,      FASYNC,      },
271   { TARGET_O_DIRECTORY, TARGET_O_DIRECTORY, O_DIRECTORY, O_DIRECTORY, },
272   { TARGET_O_NOFOLLOW,  TARGET_O_NOFOLLOW,  O_NOFOLLOW,  O_NOFOLLOW,  },
273 #if defined(O_DIRECT)
274   { TARGET_O_DIRECT,    TARGET_O_DIRECT,    O_DIRECT,    O_DIRECT,    },
275 #endif
276 #if defined(O_NOATIME)
277   { TARGET_O_NOATIME,   TARGET_O_NOATIME,   O_NOATIME,   O_NOATIME    },
278 #endif
279 #if defined(O_CLOEXEC)
280   { TARGET_O_CLOEXEC,   TARGET_O_CLOEXEC,   O_CLOEXEC,   O_CLOEXEC    },
281 #endif
282 #if defined(O_PATH)
283   { TARGET_O_PATH,      TARGET_O_PATH,      O_PATH,      O_PATH       },
284 #endif
285   /* Don't terminate the list prematurely on 64-bit host+guest.  */
286 #if TARGET_O_LARGEFILE != 0 || O_LARGEFILE != 0
287   { TARGET_O_LARGEFILE, TARGET_O_LARGEFILE, O_LARGEFILE, O_LARGEFILE, },
288 #endif
289   { 0, 0, 0, 0 }
290 };
291 
292 typedef abi_long (*TargetFdDataFunc)(void *, size_t);
293 typedef abi_long (*TargetFdAddrFunc)(void *, abi_ulong, socklen_t);
294 typedef struct TargetFdTrans {
295     TargetFdDataFunc host_to_target_data;
296     TargetFdDataFunc target_to_host_data;
297     TargetFdAddrFunc target_to_host_addr;
298 } TargetFdTrans;
299 
300 static TargetFdTrans **target_fd_trans;
301 
302 static unsigned int target_fd_max;
303 
304 static TargetFdDataFunc fd_trans_target_to_host_data(int fd)
305 {
306     if (fd >= 0 && fd < target_fd_max && target_fd_trans[fd]) {
307         return target_fd_trans[fd]->target_to_host_data;
308     }
309     return NULL;
310 }
311 
312 static TargetFdDataFunc fd_trans_host_to_target_data(int fd)
313 {
314     if (fd >= 0 && fd < target_fd_max && target_fd_trans[fd]) {
315         return target_fd_trans[fd]->host_to_target_data;
316     }
317     return NULL;
318 }
319 
320 static TargetFdAddrFunc fd_trans_target_to_host_addr(int fd)
321 {
322     if (fd >= 0 && fd < target_fd_max && target_fd_trans[fd]) {
323         return target_fd_trans[fd]->target_to_host_addr;
324     }
325     return NULL;
326 }
327 
328 static void fd_trans_register(int fd, TargetFdTrans *trans)
329 {
330     unsigned int oldmax;
331 
332     if (fd >= target_fd_max) {
333         oldmax = target_fd_max;
334         target_fd_max = ((fd >> 6) + 1) << 6; /* by slice of 64 entries */
335         target_fd_trans = g_renew(TargetFdTrans *,
336                                   target_fd_trans, target_fd_max);
337         memset((void *)(target_fd_trans + oldmax), 0,
338                (target_fd_max - oldmax) * sizeof(TargetFdTrans *));
339     }
340     target_fd_trans[fd] = trans;
341 }
342 
343 static void fd_trans_unregister(int fd)
344 {
345     if (fd >= 0 && fd < target_fd_max) {
346         target_fd_trans[fd] = NULL;
347     }
348 }
349 
350 static void fd_trans_dup(int oldfd, int newfd)
351 {
352     fd_trans_unregister(newfd);
353     if (oldfd < target_fd_max && target_fd_trans[oldfd]) {
354         fd_trans_register(newfd, target_fd_trans[oldfd]);
355     }
356 }
357 
358 static int sys_getcwd1(char *buf, size_t size)
359 {
360   if (getcwd(buf, size) == NULL) {
361       /* getcwd() sets errno */
362       return (-1);
363   }
364   return strlen(buf)+1;
365 }
366 
367 #ifdef TARGET_NR_utimensat
368 #ifdef CONFIG_UTIMENSAT
369 static int sys_utimensat(int dirfd, const char *pathname,
370     const struct timespec times[2], int flags)
371 {
372     if (pathname == NULL)
373         return futimens(dirfd, times);
374     else
375         return utimensat(dirfd, pathname, times, flags);
376 }
377 #elif defined(__NR_utimensat)
378 #define __NR_sys_utimensat __NR_utimensat
379 _syscall4(int,sys_utimensat,int,dirfd,const char *,pathname,
380           const struct timespec *,tsp,int,flags)
381 #else
382 static int sys_utimensat(int dirfd, const char *pathname,
383                          const struct timespec times[2], int flags)
384 {
385     errno = ENOSYS;
386     return -1;
387 }
388 #endif
389 #endif /* TARGET_NR_utimensat */
390 
391 #ifdef CONFIG_INOTIFY
392 #include <sys/inotify.h>
393 
394 #if defined(TARGET_NR_inotify_init) && defined(__NR_inotify_init)
395 static int sys_inotify_init(void)
396 {
397   return (inotify_init());
398 }
399 #endif
400 #if defined(TARGET_NR_inotify_add_watch) && defined(__NR_inotify_add_watch)
401 static int sys_inotify_add_watch(int fd,const char *pathname, int32_t mask)
402 {
403   return (inotify_add_watch(fd, pathname, mask));
404 }
405 #endif
406 #if defined(TARGET_NR_inotify_rm_watch) && defined(__NR_inotify_rm_watch)
407 static int sys_inotify_rm_watch(int fd, int32_t wd)
408 {
409   return (inotify_rm_watch(fd, wd));
410 }
411 #endif
412 #ifdef CONFIG_INOTIFY1
413 #if defined(TARGET_NR_inotify_init1) && defined(__NR_inotify_init1)
414 static int sys_inotify_init1(int flags)
415 {
416   return (inotify_init1(flags));
417 }
418 #endif
419 #endif
420 #else
421 /* Userspace can usually survive runtime without inotify */
422 #undef TARGET_NR_inotify_init
423 #undef TARGET_NR_inotify_init1
424 #undef TARGET_NR_inotify_add_watch
425 #undef TARGET_NR_inotify_rm_watch
426 #endif /* CONFIG_INOTIFY  */
427 
428 #if defined(TARGET_NR_prlimit64)
429 #ifndef __NR_prlimit64
430 # define __NR_prlimit64 -1
431 #endif
432 #define __NR_sys_prlimit64 __NR_prlimit64
433 /* The glibc rlimit structure may not be that used by the underlying syscall */
434 struct host_rlimit64 {
435     uint64_t rlim_cur;
436     uint64_t rlim_max;
437 };
438 _syscall4(int, sys_prlimit64, pid_t, pid, int, resource,
439           const struct host_rlimit64 *, new_limit,
440           struct host_rlimit64 *, old_limit)
441 #endif
442 
443 
444 #if defined(TARGET_NR_timer_create)
445 /* Maxiumum of 32 active POSIX timers allowed at any one time. */
446 static timer_t g_posix_timers[32] = { 0, } ;
447 
448 static inline int next_free_host_timer(void)
449 {
450     int k ;
451     /* FIXME: Does finding the next free slot require a lock? */
452     for (k = 0; k < ARRAY_SIZE(g_posix_timers); k++) {
453         if (g_posix_timers[k] == 0) {
454             g_posix_timers[k] = (timer_t) 1;
455             return k;
456         }
457     }
458     return -1;
459 }
460 #endif
461 
462 /* ARM EABI and MIPS expect 64bit types aligned even on pairs or registers */
463 #ifdef TARGET_ARM
464 static inline int regpairs_aligned(void *cpu_env) {
465     return ((((CPUARMState *)cpu_env)->eabi) == 1) ;
466 }
467 #elif defined(TARGET_MIPS)
468 static inline int regpairs_aligned(void *cpu_env) { return 1; }
469 #elif defined(TARGET_PPC) && !defined(TARGET_PPC64)
470 /* SysV AVI for PPC32 expects 64bit parameters to be passed on odd/even pairs
471  * of registers which translates to the same as ARM/MIPS, because we start with
472  * r3 as arg1 */
473 static inline int regpairs_aligned(void *cpu_env) { return 1; }
474 #else
475 static inline int regpairs_aligned(void *cpu_env) { return 0; }
476 #endif
477 
478 #define ERRNO_TABLE_SIZE 1200
479 
480 /* target_to_host_errno_table[] is initialized from
481  * host_to_target_errno_table[] in syscall_init(). */
482 static uint16_t target_to_host_errno_table[ERRNO_TABLE_SIZE] = {
483 };
484 
485 /*
486  * This list is the union of errno values overridden in asm-<arch>/errno.h
487  * minus the errnos that are not actually generic to all archs.
488  */
489 static uint16_t host_to_target_errno_table[ERRNO_TABLE_SIZE] = {
490     [EAGAIN]		= TARGET_EAGAIN,
491     [EIDRM]		= TARGET_EIDRM,
492     [ECHRNG]		= TARGET_ECHRNG,
493     [EL2NSYNC]		= TARGET_EL2NSYNC,
494     [EL3HLT]		= TARGET_EL3HLT,
495     [EL3RST]		= TARGET_EL3RST,
496     [ELNRNG]		= TARGET_ELNRNG,
497     [EUNATCH]		= TARGET_EUNATCH,
498     [ENOCSI]		= TARGET_ENOCSI,
499     [EL2HLT]		= TARGET_EL2HLT,
500     [EDEADLK]		= TARGET_EDEADLK,
501     [ENOLCK]		= TARGET_ENOLCK,
502     [EBADE]		= TARGET_EBADE,
503     [EBADR]		= TARGET_EBADR,
504     [EXFULL]		= TARGET_EXFULL,
505     [ENOANO]		= TARGET_ENOANO,
506     [EBADRQC]		= TARGET_EBADRQC,
507     [EBADSLT]		= TARGET_EBADSLT,
508     [EBFONT]		= TARGET_EBFONT,
509     [ENOSTR]		= TARGET_ENOSTR,
510     [ENODATA]		= TARGET_ENODATA,
511     [ETIME]		= TARGET_ETIME,
512     [ENOSR]		= TARGET_ENOSR,
513     [ENONET]		= TARGET_ENONET,
514     [ENOPKG]		= TARGET_ENOPKG,
515     [EREMOTE]		= TARGET_EREMOTE,
516     [ENOLINK]		= TARGET_ENOLINK,
517     [EADV]		= TARGET_EADV,
518     [ESRMNT]		= TARGET_ESRMNT,
519     [ECOMM]		= TARGET_ECOMM,
520     [EPROTO]		= TARGET_EPROTO,
521     [EDOTDOT]		= TARGET_EDOTDOT,
522     [EMULTIHOP]		= TARGET_EMULTIHOP,
523     [EBADMSG]		= TARGET_EBADMSG,
524     [ENAMETOOLONG]	= TARGET_ENAMETOOLONG,
525     [EOVERFLOW]		= TARGET_EOVERFLOW,
526     [ENOTUNIQ]		= TARGET_ENOTUNIQ,
527     [EBADFD]		= TARGET_EBADFD,
528     [EREMCHG]		= TARGET_EREMCHG,
529     [ELIBACC]		= TARGET_ELIBACC,
530     [ELIBBAD]		= TARGET_ELIBBAD,
531     [ELIBSCN]		= TARGET_ELIBSCN,
532     [ELIBMAX]		= TARGET_ELIBMAX,
533     [ELIBEXEC]		= TARGET_ELIBEXEC,
534     [EILSEQ]		= TARGET_EILSEQ,
535     [ENOSYS]		= TARGET_ENOSYS,
536     [ELOOP]		= TARGET_ELOOP,
537     [ERESTART]		= TARGET_ERESTART,
538     [ESTRPIPE]		= TARGET_ESTRPIPE,
539     [ENOTEMPTY]		= TARGET_ENOTEMPTY,
540     [EUSERS]		= TARGET_EUSERS,
541     [ENOTSOCK]		= TARGET_ENOTSOCK,
542     [EDESTADDRREQ]	= TARGET_EDESTADDRREQ,
543     [EMSGSIZE]		= TARGET_EMSGSIZE,
544     [EPROTOTYPE]	= TARGET_EPROTOTYPE,
545     [ENOPROTOOPT]	= TARGET_ENOPROTOOPT,
546     [EPROTONOSUPPORT]	= TARGET_EPROTONOSUPPORT,
547     [ESOCKTNOSUPPORT]	= TARGET_ESOCKTNOSUPPORT,
548     [EOPNOTSUPP]	= TARGET_EOPNOTSUPP,
549     [EPFNOSUPPORT]	= TARGET_EPFNOSUPPORT,
550     [EAFNOSUPPORT]	= TARGET_EAFNOSUPPORT,
551     [EADDRINUSE]	= TARGET_EADDRINUSE,
552     [EADDRNOTAVAIL]	= TARGET_EADDRNOTAVAIL,
553     [ENETDOWN]		= TARGET_ENETDOWN,
554     [ENETUNREACH]	= TARGET_ENETUNREACH,
555     [ENETRESET]		= TARGET_ENETRESET,
556     [ECONNABORTED]	= TARGET_ECONNABORTED,
557     [ECONNRESET]	= TARGET_ECONNRESET,
558     [ENOBUFS]		= TARGET_ENOBUFS,
559     [EISCONN]		= TARGET_EISCONN,
560     [ENOTCONN]		= TARGET_ENOTCONN,
561     [EUCLEAN]		= TARGET_EUCLEAN,
562     [ENOTNAM]		= TARGET_ENOTNAM,
563     [ENAVAIL]		= TARGET_ENAVAIL,
564     [EISNAM]		= TARGET_EISNAM,
565     [EREMOTEIO]		= TARGET_EREMOTEIO,
566     [ESHUTDOWN]		= TARGET_ESHUTDOWN,
567     [ETOOMANYREFS]	= TARGET_ETOOMANYREFS,
568     [ETIMEDOUT]		= TARGET_ETIMEDOUT,
569     [ECONNREFUSED]	= TARGET_ECONNREFUSED,
570     [EHOSTDOWN]		= TARGET_EHOSTDOWN,
571     [EHOSTUNREACH]	= TARGET_EHOSTUNREACH,
572     [EALREADY]		= TARGET_EALREADY,
573     [EINPROGRESS]	= TARGET_EINPROGRESS,
574     [ESTALE]		= TARGET_ESTALE,
575     [ECANCELED]		= TARGET_ECANCELED,
576     [ENOMEDIUM]		= TARGET_ENOMEDIUM,
577     [EMEDIUMTYPE]	= TARGET_EMEDIUMTYPE,
578 #ifdef ENOKEY
579     [ENOKEY]		= TARGET_ENOKEY,
580 #endif
581 #ifdef EKEYEXPIRED
582     [EKEYEXPIRED]	= TARGET_EKEYEXPIRED,
583 #endif
584 #ifdef EKEYREVOKED
585     [EKEYREVOKED]	= TARGET_EKEYREVOKED,
586 #endif
587 #ifdef EKEYREJECTED
588     [EKEYREJECTED]	= TARGET_EKEYREJECTED,
589 #endif
590 #ifdef EOWNERDEAD
591     [EOWNERDEAD]	= TARGET_EOWNERDEAD,
592 #endif
593 #ifdef ENOTRECOVERABLE
594     [ENOTRECOVERABLE]	= TARGET_ENOTRECOVERABLE,
595 #endif
596 };
597 
598 static inline int host_to_target_errno(int err)
599 {
600     if (err >= 0 && err < ERRNO_TABLE_SIZE &&
601         host_to_target_errno_table[err]) {
602         return host_to_target_errno_table[err];
603     }
604     return err;
605 }
606 
607 static inline int target_to_host_errno(int err)
608 {
609     if (err >= 0 && err < ERRNO_TABLE_SIZE &&
610         target_to_host_errno_table[err]) {
611         return target_to_host_errno_table[err];
612     }
613     return err;
614 }
615 
616 static inline abi_long get_errno(abi_long ret)
617 {
618     if (ret == -1)
619         return -host_to_target_errno(errno);
620     else
621         return ret;
622 }
623 
624 static inline int is_error(abi_long ret)
625 {
626     return (abi_ulong)ret >= (abi_ulong)(-4096);
627 }
628 
629 const char *target_strerror(int err)
630 {
631     if (err == TARGET_ERESTARTSYS) {
632         return "To be restarted";
633     }
634     if (err == TARGET_QEMU_ESIGRETURN) {
635         return "Successful exit from sigreturn";
636     }
637 
638     if ((err >= ERRNO_TABLE_SIZE) || (err < 0)) {
639         return NULL;
640     }
641     return strerror(target_to_host_errno(err));
642 }
643 
644 #define safe_syscall0(type, name) \
645 static type safe_##name(void) \
646 { \
647     return safe_syscall(__NR_##name); \
648 }
649 
650 #define safe_syscall1(type, name, type1, arg1) \
651 static type safe_##name(type1 arg1) \
652 { \
653     return safe_syscall(__NR_##name, arg1); \
654 }
655 
656 #define safe_syscall2(type, name, type1, arg1, type2, arg2) \
657 static type safe_##name(type1 arg1, type2 arg2) \
658 { \
659     return safe_syscall(__NR_##name, arg1, arg2); \
660 }
661 
662 #define safe_syscall3(type, name, type1, arg1, type2, arg2, type3, arg3) \
663 static type safe_##name(type1 arg1, type2 arg2, type3 arg3) \
664 { \
665     return safe_syscall(__NR_##name, arg1, arg2, arg3); \
666 }
667 
668 #define safe_syscall4(type, name, type1, arg1, type2, arg2, type3, arg3, \
669     type4, arg4) \
670 static type safe_##name(type1 arg1, type2 arg2, type3 arg3, type4 arg4) \
671 { \
672     return safe_syscall(__NR_##name, arg1, arg2, arg3, arg4); \
673 }
674 
675 #define safe_syscall5(type, name, type1, arg1, type2, arg2, type3, arg3, \
676     type4, arg4, type5, arg5) \
677 static type safe_##name(type1 arg1, type2 arg2, type3 arg3, type4 arg4, \
678     type5 arg5) \
679 { \
680     return safe_syscall(__NR_##name, arg1, arg2, arg3, arg4, arg5); \
681 }
682 
683 #define safe_syscall6(type, name, type1, arg1, type2, arg2, type3, arg3, \
684     type4, arg4, type5, arg5, type6, arg6) \
685 static type safe_##name(type1 arg1, type2 arg2, type3 arg3, type4 arg4, \
686     type5 arg5, type6 arg6) \
687 { \
688     return safe_syscall(__NR_##name, arg1, arg2, arg3, arg4, arg5, arg6); \
689 }
690 
691 safe_syscall3(ssize_t, read, int, fd, void *, buff, size_t, count)
692 safe_syscall3(ssize_t, write, int, fd, const void *, buff, size_t, count)
693 safe_syscall4(int, openat, int, dirfd, const char *, pathname, \
694               int, flags, mode_t, mode)
695 safe_syscall4(pid_t, wait4, pid_t, pid, int *, status, int, options, \
696               struct rusage *, rusage)
697 safe_syscall5(int, waitid, idtype_t, idtype, id_t, id, siginfo_t *, infop, \
698               int, options, struct rusage *, rusage)
699 safe_syscall3(int, execve, const char *, filename, char **, argv, char **, envp)
700 safe_syscall6(int, pselect6, int, nfds, fd_set *, readfds, fd_set *, writefds, \
701               fd_set *, exceptfds, struct timespec *, timeout, void *, sig)
702 safe_syscall5(int, ppoll, struct pollfd *, ufds, unsigned int, nfds,
703               struct timespec *, tsp, const sigset_t *, sigmask,
704               size_t, sigsetsize)
705 safe_syscall6(int, epoll_pwait, int, epfd, struct epoll_event *, events,
706               int, maxevents, int, timeout, const sigset_t *, sigmask,
707               size_t, sigsetsize)
708 safe_syscall6(int,futex,int *,uaddr,int,op,int,val, \
709               const struct timespec *,timeout,int *,uaddr2,int,val3)
710 safe_syscall2(int, rt_sigsuspend, sigset_t *, newset, size_t, sigsetsize)
711 safe_syscall2(int, kill, pid_t, pid, int, sig)
712 safe_syscall2(int, tkill, int, tid, int, sig)
713 safe_syscall3(int, tgkill, int, tgid, int, pid, int, sig)
714 safe_syscall3(ssize_t, readv, int, fd, const struct iovec *, iov, int, iovcnt)
715 safe_syscall3(ssize_t, writev, int, fd, const struct iovec *, iov, int, iovcnt)
716 safe_syscall3(int, connect, int, fd, const struct sockaddr *, addr,
717               socklen_t, addrlen)
718 safe_syscall6(ssize_t, sendto, int, fd, const void *, buf, size_t, len,
719               int, flags, const struct sockaddr *, addr, socklen_t, addrlen)
720 safe_syscall6(ssize_t, recvfrom, int, fd, void *, buf, size_t, len,
721               int, flags, struct sockaddr *, addr, socklen_t *, addrlen)
722 safe_syscall3(ssize_t, sendmsg, int, fd, const struct msghdr *, msg, int, flags)
723 safe_syscall3(ssize_t, recvmsg, int, fd, struct msghdr *, msg, int, flags)
724 safe_syscall2(int, flock, int, fd, int, operation)
725 safe_syscall4(int, rt_sigtimedwait, const sigset_t *, these, siginfo_t *, uinfo,
726               const struct timespec *, uts, size_t, sigsetsize)
727 safe_syscall4(int, accept4, int, fd, struct sockaddr *, addr, socklen_t *, len,
728               int, flags)
729 safe_syscall2(int, nanosleep, const struct timespec *, req,
730               struct timespec *, rem)
731 #ifdef TARGET_NR_clock_nanosleep
732 safe_syscall4(int, clock_nanosleep, const clockid_t, clock, int, flags,
733               const struct timespec *, req, struct timespec *, rem)
734 #endif
735 #ifdef __NR_msgsnd
736 safe_syscall4(int, msgsnd, int, msgid, const void *, msgp, size_t, sz,
737               int, flags)
738 safe_syscall5(int, msgrcv, int, msgid, void *, msgp, size_t, sz,
739               long, msgtype, int, flags)
740 safe_syscall4(int, semtimedop, int, semid, struct sembuf *, tsops,
741               unsigned, nsops, const struct timespec *, timeout)
742 #else
743 /* This host kernel architecture uses a single ipc syscall; fake up
744  * wrappers for the sub-operations to hide this implementation detail.
745  * Annoyingly we can't include linux/ipc.h to get the constant definitions
746  * for the call parameter because some structs in there conflict with the
747  * sys/ipc.h ones. So we just define them here, and rely on them being
748  * the same for all host architectures.
749  */
750 #define Q_SEMTIMEDOP 4
751 #define Q_MSGSND 11
752 #define Q_MSGRCV 12
753 #define Q_IPCCALL(VERSION, OP) ((VERSION) << 16 | (OP))
754 
755 safe_syscall6(int, ipc, int, call, long, first, long, second, long, third,
756               void *, ptr, long, fifth)
757 static int safe_msgsnd(int msgid, const void *msgp, size_t sz, int flags)
758 {
759     return safe_ipc(Q_IPCCALL(0, Q_MSGSND), msgid, sz, flags, (void *)msgp, 0);
760 }
761 static int safe_msgrcv(int msgid, void *msgp, size_t sz, long type, int flags)
762 {
763     return safe_ipc(Q_IPCCALL(1, Q_MSGRCV), msgid, sz, flags, msgp, type);
764 }
765 static int safe_semtimedop(int semid, struct sembuf *tsops, unsigned nsops,
766                            const struct timespec *timeout)
767 {
768     return safe_ipc(Q_IPCCALL(0, Q_SEMTIMEDOP), semid, nsops, 0, tsops,
769                     (long)timeout);
770 }
771 #endif
772 #if defined(TARGET_NR_mq_open) && defined(__NR_mq_open)
773 safe_syscall5(int, mq_timedsend, int, mqdes, const char *, msg_ptr,
774               size_t, len, unsigned, prio, const struct timespec *, timeout)
775 safe_syscall5(int, mq_timedreceive, int, mqdes, char *, msg_ptr,
776               size_t, len, unsigned *, prio, const struct timespec *, timeout)
777 #endif
778 /* We do ioctl like this rather than via safe_syscall3 to preserve the
779  * "third argument might be integer or pointer or not present" behaviour of
780  * the libc function.
781  */
782 #define safe_ioctl(...) safe_syscall(__NR_ioctl, __VA_ARGS__)
783 /* Similarly for fcntl. Note that callers must always:
784  *  pass the F_GETLK64 etc constants rather than the unsuffixed F_GETLK
785  *  use the flock64 struct rather than unsuffixed flock
786  * This will then work and use a 64-bit offset for both 32-bit and 64-bit hosts.
787  */
788 #ifdef __NR_fcntl64
789 #define safe_fcntl(...) safe_syscall(__NR_fcntl64, __VA_ARGS__)
790 #else
791 #define safe_fcntl(...) safe_syscall(__NR_fcntl, __VA_ARGS__)
792 #endif
793 
794 static inline int host_to_target_sock_type(int host_type)
795 {
796     int target_type;
797 
798     switch (host_type & 0xf /* SOCK_TYPE_MASK */) {
799     case SOCK_DGRAM:
800         target_type = TARGET_SOCK_DGRAM;
801         break;
802     case SOCK_STREAM:
803         target_type = TARGET_SOCK_STREAM;
804         break;
805     default:
806         target_type = host_type & 0xf /* SOCK_TYPE_MASK */;
807         break;
808     }
809 
810 #if defined(SOCK_CLOEXEC)
811     if (host_type & SOCK_CLOEXEC) {
812         target_type |= TARGET_SOCK_CLOEXEC;
813     }
814 #endif
815 
816 #if defined(SOCK_NONBLOCK)
817     if (host_type & SOCK_NONBLOCK) {
818         target_type |= TARGET_SOCK_NONBLOCK;
819     }
820 #endif
821 
822     return target_type;
823 }
824 
825 static abi_ulong target_brk;
826 static abi_ulong target_original_brk;
827 static abi_ulong brk_page;
828 
829 void target_set_brk(abi_ulong new_brk)
830 {
831     target_original_brk = target_brk = HOST_PAGE_ALIGN(new_brk);
832     brk_page = HOST_PAGE_ALIGN(target_brk);
833 }
834 
835 //#define DEBUGF_BRK(message, args...) do { fprintf(stderr, (message), ## args); } while (0)
836 #define DEBUGF_BRK(message, args...)
837 
838 /* do_brk() must return target values and target errnos. */
839 abi_long do_brk(abi_ulong new_brk)
840 {
841     abi_long mapped_addr;
842     int	new_alloc_size;
843 
844     DEBUGF_BRK("do_brk(" TARGET_ABI_FMT_lx ") -> ", new_brk);
845 
846     if (!new_brk) {
847         DEBUGF_BRK(TARGET_ABI_FMT_lx " (!new_brk)\n", target_brk);
848         return target_brk;
849     }
850     if (new_brk < target_original_brk) {
851         DEBUGF_BRK(TARGET_ABI_FMT_lx " (new_brk < target_original_brk)\n",
852                    target_brk);
853         return target_brk;
854     }
855 
856     /* If the new brk is less than the highest page reserved to the
857      * target heap allocation, set it and we're almost done...  */
858     if (new_brk <= brk_page) {
859         /* Heap contents are initialized to zero, as for anonymous
860          * mapped pages.  */
861         if (new_brk > target_brk) {
862             memset(g2h(target_brk), 0, new_brk - target_brk);
863         }
864 	target_brk = new_brk;
865         DEBUGF_BRK(TARGET_ABI_FMT_lx " (new_brk <= brk_page)\n", target_brk);
866     	return target_brk;
867     }
868 
869     /* We need to allocate more memory after the brk... Note that
870      * we don't use MAP_FIXED because that will map over the top of
871      * any existing mapping (like the one with the host libc or qemu
872      * itself); instead we treat "mapped but at wrong address" as
873      * a failure and unmap again.
874      */
875     new_alloc_size = HOST_PAGE_ALIGN(new_brk - brk_page);
876     mapped_addr = get_errno(target_mmap(brk_page, new_alloc_size,
877                                         PROT_READ|PROT_WRITE,
878                                         MAP_ANON|MAP_PRIVATE, 0, 0));
879 
880     if (mapped_addr == brk_page) {
881         /* Heap contents are initialized to zero, as for anonymous
882          * mapped pages.  Technically the new pages are already
883          * initialized to zero since they *are* anonymous mapped
884          * pages, however we have to take care with the contents that
885          * come from the remaining part of the previous page: it may
886          * contains garbage data due to a previous heap usage (grown
887          * then shrunken).  */
888         memset(g2h(target_brk), 0, brk_page - target_brk);
889 
890         target_brk = new_brk;
891         brk_page = HOST_PAGE_ALIGN(target_brk);
892         DEBUGF_BRK(TARGET_ABI_FMT_lx " (mapped_addr == brk_page)\n",
893             target_brk);
894         return target_brk;
895     } else if (mapped_addr != -1) {
896         /* Mapped but at wrong address, meaning there wasn't actually
897          * enough space for this brk.
898          */
899         target_munmap(mapped_addr, new_alloc_size);
900         mapped_addr = -1;
901         DEBUGF_BRK(TARGET_ABI_FMT_lx " (mapped_addr != -1)\n", target_brk);
902     }
903     else {
904         DEBUGF_BRK(TARGET_ABI_FMT_lx " (otherwise)\n", target_brk);
905     }
906 
907 #if defined(TARGET_ALPHA)
908     /* We (partially) emulate OSF/1 on Alpha, which requires we
909        return a proper errno, not an unchanged brk value.  */
910     return -TARGET_ENOMEM;
911 #endif
912     /* For everything else, return the previous break. */
913     return target_brk;
914 }
915 
916 static inline abi_long copy_from_user_fdset(fd_set *fds,
917                                             abi_ulong target_fds_addr,
918                                             int n)
919 {
920     int i, nw, j, k;
921     abi_ulong b, *target_fds;
922 
923     nw = DIV_ROUND_UP(n, TARGET_ABI_BITS);
924     if (!(target_fds = lock_user(VERIFY_READ,
925                                  target_fds_addr,
926                                  sizeof(abi_ulong) * nw,
927                                  1)))
928         return -TARGET_EFAULT;
929 
930     FD_ZERO(fds);
931     k = 0;
932     for (i = 0; i < nw; i++) {
933         /* grab the abi_ulong */
934         __get_user(b, &target_fds[i]);
935         for (j = 0; j < TARGET_ABI_BITS; j++) {
936             /* check the bit inside the abi_ulong */
937             if ((b >> j) & 1)
938                 FD_SET(k, fds);
939             k++;
940         }
941     }
942 
943     unlock_user(target_fds, target_fds_addr, 0);
944 
945     return 0;
946 }
947 
948 static inline abi_ulong copy_from_user_fdset_ptr(fd_set *fds, fd_set **fds_ptr,
949                                                  abi_ulong target_fds_addr,
950                                                  int n)
951 {
952     if (target_fds_addr) {
953         if (copy_from_user_fdset(fds, target_fds_addr, n))
954             return -TARGET_EFAULT;
955         *fds_ptr = fds;
956     } else {
957         *fds_ptr = NULL;
958     }
959     return 0;
960 }
961 
962 static inline abi_long copy_to_user_fdset(abi_ulong target_fds_addr,
963                                           const fd_set *fds,
964                                           int n)
965 {
966     int i, nw, j, k;
967     abi_long v;
968     abi_ulong *target_fds;
969 
970     nw = DIV_ROUND_UP(n, TARGET_ABI_BITS);
971     if (!(target_fds = lock_user(VERIFY_WRITE,
972                                  target_fds_addr,
973                                  sizeof(abi_ulong) * nw,
974                                  0)))
975         return -TARGET_EFAULT;
976 
977     k = 0;
978     for (i = 0; i < nw; i++) {
979         v = 0;
980         for (j = 0; j < TARGET_ABI_BITS; j++) {
981             v |= ((abi_ulong)(FD_ISSET(k, fds) != 0) << j);
982             k++;
983         }
984         __put_user(v, &target_fds[i]);
985     }
986 
987     unlock_user(target_fds, target_fds_addr, sizeof(abi_ulong) * nw);
988 
989     return 0;
990 }
991 
992 #if defined(__alpha__)
993 #define HOST_HZ 1024
994 #else
995 #define HOST_HZ 100
996 #endif
997 
998 static inline abi_long host_to_target_clock_t(long ticks)
999 {
1000 #if HOST_HZ == TARGET_HZ
1001     return ticks;
1002 #else
1003     return ((int64_t)ticks * TARGET_HZ) / HOST_HZ;
1004 #endif
1005 }
1006 
1007 static inline abi_long host_to_target_rusage(abi_ulong target_addr,
1008                                              const struct rusage *rusage)
1009 {
1010     struct target_rusage *target_rusage;
1011 
1012     if (!lock_user_struct(VERIFY_WRITE, target_rusage, target_addr, 0))
1013         return -TARGET_EFAULT;
1014     target_rusage->ru_utime.tv_sec = tswapal(rusage->ru_utime.tv_sec);
1015     target_rusage->ru_utime.tv_usec = tswapal(rusage->ru_utime.tv_usec);
1016     target_rusage->ru_stime.tv_sec = tswapal(rusage->ru_stime.tv_sec);
1017     target_rusage->ru_stime.tv_usec = tswapal(rusage->ru_stime.tv_usec);
1018     target_rusage->ru_maxrss = tswapal(rusage->ru_maxrss);
1019     target_rusage->ru_ixrss = tswapal(rusage->ru_ixrss);
1020     target_rusage->ru_idrss = tswapal(rusage->ru_idrss);
1021     target_rusage->ru_isrss = tswapal(rusage->ru_isrss);
1022     target_rusage->ru_minflt = tswapal(rusage->ru_minflt);
1023     target_rusage->ru_majflt = tswapal(rusage->ru_majflt);
1024     target_rusage->ru_nswap = tswapal(rusage->ru_nswap);
1025     target_rusage->ru_inblock = tswapal(rusage->ru_inblock);
1026     target_rusage->ru_oublock = tswapal(rusage->ru_oublock);
1027     target_rusage->ru_msgsnd = tswapal(rusage->ru_msgsnd);
1028     target_rusage->ru_msgrcv = tswapal(rusage->ru_msgrcv);
1029     target_rusage->ru_nsignals = tswapal(rusage->ru_nsignals);
1030     target_rusage->ru_nvcsw = tswapal(rusage->ru_nvcsw);
1031     target_rusage->ru_nivcsw = tswapal(rusage->ru_nivcsw);
1032     unlock_user_struct(target_rusage, target_addr, 1);
1033 
1034     return 0;
1035 }
1036 
1037 static inline rlim_t target_to_host_rlim(abi_ulong target_rlim)
1038 {
1039     abi_ulong target_rlim_swap;
1040     rlim_t result;
1041 
1042     target_rlim_swap = tswapal(target_rlim);
1043     if (target_rlim_swap == TARGET_RLIM_INFINITY)
1044         return RLIM_INFINITY;
1045 
1046     result = target_rlim_swap;
1047     if (target_rlim_swap != (rlim_t)result)
1048         return RLIM_INFINITY;
1049 
1050     return result;
1051 }
1052 
1053 static inline abi_ulong host_to_target_rlim(rlim_t rlim)
1054 {
1055     abi_ulong target_rlim_swap;
1056     abi_ulong result;
1057 
1058     if (rlim == RLIM_INFINITY || rlim != (abi_long)rlim)
1059         target_rlim_swap = TARGET_RLIM_INFINITY;
1060     else
1061         target_rlim_swap = rlim;
1062     result = tswapal(target_rlim_swap);
1063 
1064     return result;
1065 }
1066 
1067 static inline int target_to_host_resource(int code)
1068 {
1069     switch (code) {
1070     case TARGET_RLIMIT_AS:
1071         return RLIMIT_AS;
1072     case TARGET_RLIMIT_CORE:
1073         return RLIMIT_CORE;
1074     case TARGET_RLIMIT_CPU:
1075         return RLIMIT_CPU;
1076     case TARGET_RLIMIT_DATA:
1077         return RLIMIT_DATA;
1078     case TARGET_RLIMIT_FSIZE:
1079         return RLIMIT_FSIZE;
1080     case TARGET_RLIMIT_LOCKS:
1081         return RLIMIT_LOCKS;
1082     case TARGET_RLIMIT_MEMLOCK:
1083         return RLIMIT_MEMLOCK;
1084     case TARGET_RLIMIT_MSGQUEUE:
1085         return RLIMIT_MSGQUEUE;
1086     case TARGET_RLIMIT_NICE:
1087         return RLIMIT_NICE;
1088     case TARGET_RLIMIT_NOFILE:
1089         return RLIMIT_NOFILE;
1090     case TARGET_RLIMIT_NPROC:
1091         return RLIMIT_NPROC;
1092     case TARGET_RLIMIT_RSS:
1093         return RLIMIT_RSS;
1094     case TARGET_RLIMIT_RTPRIO:
1095         return RLIMIT_RTPRIO;
1096     case TARGET_RLIMIT_SIGPENDING:
1097         return RLIMIT_SIGPENDING;
1098     case TARGET_RLIMIT_STACK:
1099         return RLIMIT_STACK;
1100     default:
1101         return code;
1102     }
1103 }
1104 
1105 static inline abi_long copy_from_user_timeval(struct timeval *tv,
1106                                               abi_ulong target_tv_addr)
1107 {
1108     struct target_timeval *target_tv;
1109 
1110     if (!lock_user_struct(VERIFY_READ, target_tv, target_tv_addr, 1))
1111         return -TARGET_EFAULT;
1112 
1113     __get_user(tv->tv_sec, &target_tv->tv_sec);
1114     __get_user(tv->tv_usec, &target_tv->tv_usec);
1115 
1116     unlock_user_struct(target_tv, target_tv_addr, 0);
1117 
1118     return 0;
1119 }
1120 
1121 static inline abi_long copy_to_user_timeval(abi_ulong target_tv_addr,
1122                                             const struct timeval *tv)
1123 {
1124     struct target_timeval *target_tv;
1125 
1126     if (!lock_user_struct(VERIFY_WRITE, target_tv, target_tv_addr, 0))
1127         return -TARGET_EFAULT;
1128 
1129     __put_user(tv->tv_sec, &target_tv->tv_sec);
1130     __put_user(tv->tv_usec, &target_tv->tv_usec);
1131 
1132     unlock_user_struct(target_tv, target_tv_addr, 1);
1133 
1134     return 0;
1135 }
1136 
1137 static inline abi_long copy_from_user_timezone(struct timezone *tz,
1138                                                abi_ulong target_tz_addr)
1139 {
1140     struct target_timezone *target_tz;
1141 
1142     if (!lock_user_struct(VERIFY_READ, target_tz, target_tz_addr, 1)) {
1143         return -TARGET_EFAULT;
1144     }
1145 
1146     __get_user(tz->tz_minuteswest, &target_tz->tz_minuteswest);
1147     __get_user(tz->tz_dsttime, &target_tz->tz_dsttime);
1148 
1149     unlock_user_struct(target_tz, target_tz_addr, 0);
1150 
1151     return 0;
1152 }
1153 
1154 #if defined(TARGET_NR_mq_open) && defined(__NR_mq_open)
1155 #include <mqueue.h>
1156 
1157 static inline abi_long copy_from_user_mq_attr(struct mq_attr *attr,
1158                                               abi_ulong target_mq_attr_addr)
1159 {
1160     struct target_mq_attr *target_mq_attr;
1161 
1162     if (!lock_user_struct(VERIFY_READ, target_mq_attr,
1163                           target_mq_attr_addr, 1))
1164         return -TARGET_EFAULT;
1165 
1166     __get_user(attr->mq_flags, &target_mq_attr->mq_flags);
1167     __get_user(attr->mq_maxmsg, &target_mq_attr->mq_maxmsg);
1168     __get_user(attr->mq_msgsize, &target_mq_attr->mq_msgsize);
1169     __get_user(attr->mq_curmsgs, &target_mq_attr->mq_curmsgs);
1170 
1171     unlock_user_struct(target_mq_attr, target_mq_attr_addr, 0);
1172 
1173     return 0;
1174 }
1175 
1176 static inline abi_long copy_to_user_mq_attr(abi_ulong target_mq_attr_addr,
1177                                             const struct mq_attr *attr)
1178 {
1179     struct target_mq_attr *target_mq_attr;
1180 
1181     if (!lock_user_struct(VERIFY_WRITE, target_mq_attr,
1182                           target_mq_attr_addr, 0))
1183         return -TARGET_EFAULT;
1184 
1185     __put_user(attr->mq_flags, &target_mq_attr->mq_flags);
1186     __put_user(attr->mq_maxmsg, &target_mq_attr->mq_maxmsg);
1187     __put_user(attr->mq_msgsize, &target_mq_attr->mq_msgsize);
1188     __put_user(attr->mq_curmsgs, &target_mq_attr->mq_curmsgs);
1189 
1190     unlock_user_struct(target_mq_attr, target_mq_attr_addr, 1);
1191 
1192     return 0;
1193 }
1194 #endif
1195 
1196 #if defined(TARGET_NR_select) || defined(TARGET_NR__newselect)
1197 /* do_select() must return target values and target errnos. */
1198 static abi_long do_select(int n,
1199                           abi_ulong rfd_addr, abi_ulong wfd_addr,
1200                           abi_ulong efd_addr, abi_ulong target_tv_addr)
1201 {
1202     fd_set rfds, wfds, efds;
1203     fd_set *rfds_ptr, *wfds_ptr, *efds_ptr;
1204     struct timeval tv;
1205     struct timespec ts, *ts_ptr;
1206     abi_long ret;
1207 
1208     ret = copy_from_user_fdset_ptr(&rfds, &rfds_ptr, rfd_addr, n);
1209     if (ret) {
1210         return ret;
1211     }
1212     ret = copy_from_user_fdset_ptr(&wfds, &wfds_ptr, wfd_addr, n);
1213     if (ret) {
1214         return ret;
1215     }
1216     ret = copy_from_user_fdset_ptr(&efds, &efds_ptr, efd_addr, n);
1217     if (ret) {
1218         return ret;
1219     }
1220 
1221     if (target_tv_addr) {
1222         if (copy_from_user_timeval(&tv, target_tv_addr))
1223             return -TARGET_EFAULT;
1224         ts.tv_sec = tv.tv_sec;
1225         ts.tv_nsec = tv.tv_usec * 1000;
1226         ts_ptr = &ts;
1227     } else {
1228         ts_ptr = NULL;
1229     }
1230 
1231     ret = get_errno(safe_pselect6(n, rfds_ptr, wfds_ptr, efds_ptr,
1232                                   ts_ptr, NULL));
1233 
1234     if (!is_error(ret)) {
1235         if (rfd_addr && copy_to_user_fdset(rfd_addr, &rfds, n))
1236             return -TARGET_EFAULT;
1237         if (wfd_addr && copy_to_user_fdset(wfd_addr, &wfds, n))
1238             return -TARGET_EFAULT;
1239         if (efd_addr && copy_to_user_fdset(efd_addr, &efds, n))
1240             return -TARGET_EFAULT;
1241 
1242         if (target_tv_addr) {
1243             tv.tv_sec = ts.tv_sec;
1244             tv.tv_usec = ts.tv_nsec / 1000;
1245             if (copy_to_user_timeval(target_tv_addr, &tv)) {
1246                 return -TARGET_EFAULT;
1247             }
1248         }
1249     }
1250 
1251     return ret;
1252 }
1253 #endif
1254 
1255 static abi_long do_pipe2(int host_pipe[], int flags)
1256 {
1257 #ifdef CONFIG_PIPE2
1258     return pipe2(host_pipe, flags);
1259 #else
1260     return -ENOSYS;
1261 #endif
1262 }
1263 
1264 static abi_long do_pipe(void *cpu_env, abi_ulong pipedes,
1265                         int flags, int is_pipe2)
1266 {
1267     int host_pipe[2];
1268     abi_long ret;
1269     ret = flags ? do_pipe2(host_pipe, flags) : pipe(host_pipe);
1270 
1271     if (is_error(ret))
1272         return get_errno(ret);
1273 
1274     /* Several targets have special calling conventions for the original
1275        pipe syscall, but didn't replicate this into the pipe2 syscall.  */
1276     if (!is_pipe2) {
1277 #if defined(TARGET_ALPHA)
1278         ((CPUAlphaState *)cpu_env)->ir[IR_A4] = host_pipe[1];
1279         return host_pipe[0];
1280 #elif defined(TARGET_MIPS)
1281         ((CPUMIPSState*)cpu_env)->active_tc.gpr[3] = host_pipe[1];
1282         return host_pipe[0];
1283 #elif defined(TARGET_SH4)
1284         ((CPUSH4State*)cpu_env)->gregs[1] = host_pipe[1];
1285         return host_pipe[0];
1286 #elif defined(TARGET_SPARC)
1287         ((CPUSPARCState*)cpu_env)->regwptr[1] = host_pipe[1];
1288         return host_pipe[0];
1289 #endif
1290     }
1291 
1292     if (put_user_s32(host_pipe[0], pipedes)
1293         || put_user_s32(host_pipe[1], pipedes + sizeof(host_pipe[0])))
1294         return -TARGET_EFAULT;
1295     return get_errno(ret);
1296 }
1297 
1298 static inline abi_long target_to_host_ip_mreq(struct ip_mreqn *mreqn,
1299                                               abi_ulong target_addr,
1300                                               socklen_t len)
1301 {
1302     struct target_ip_mreqn *target_smreqn;
1303 
1304     target_smreqn = lock_user(VERIFY_READ, target_addr, len, 1);
1305     if (!target_smreqn)
1306         return -TARGET_EFAULT;
1307     mreqn->imr_multiaddr.s_addr = target_smreqn->imr_multiaddr.s_addr;
1308     mreqn->imr_address.s_addr = target_smreqn->imr_address.s_addr;
1309     if (len == sizeof(struct target_ip_mreqn))
1310         mreqn->imr_ifindex = tswapal(target_smreqn->imr_ifindex);
1311     unlock_user(target_smreqn, target_addr, 0);
1312 
1313     return 0;
1314 }
1315 
1316 static inline abi_long target_to_host_sockaddr(int fd, struct sockaddr *addr,
1317                                                abi_ulong target_addr,
1318                                                socklen_t len)
1319 {
1320     const socklen_t unix_maxlen = sizeof (struct sockaddr_un);
1321     sa_family_t sa_family;
1322     struct target_sockaddr *target_saddr;
1323 
1324     if (fd_trans_target_to_host_addr(fd)) {
1325         return fd_trans_target_to_host_addr(fd)(addr, target_addr, len);
1326     }
1327 
1328     target_saddr = lock_user(VERIFY_READ, target_addr, len, 1);
1329     if (!target_saddr)
1330         return -TARGET_EFAULT;
1331 
1332     sa_family = tswap16(target_saddr->sa_family);
1333 
1334     /* Oops. The caller might send a incomplete sun_path; sun_path
1335      * must be terminated by \0 (see the manual page), but
1336      * unfortunately it is quite common to specify sockaddr_un
1337      * length as "strlen(x->sun_path)" while it should be
1338      * "strlen(...) + 1". We'll fix that here if needed.
1339      * Linux kernel has a similar feature.
1340      */
1341 
1342     if (sa_family == AF_UNIX) {
1343         if (len < unix_maxlen && len > 0) {
1344             char *cp = (char*)target_saddr;
1345 
1346             if ( cp[len-1] && !cp[len] )
1347                 len++;
1348         }
1349         if (len > unix_maxlen)
1350             len = unix_maxlen;
1351     }
1352 
1353     memcpy(addr, target_saddr, len);
1354     addr->sa_family = sa_family;
1355     if (sa_family == AF_NETLINK) {
1356         struct sockaddr_nl *nladdr;
1357 
1358         nladdr = (struct sockaddr_nl *)addr;
1359         nladdr->nl_pid = tswap32(nladdr->nl_pid);
1360         nladdr->nl_groups = tswap32(nladdr->nl_groups);
1361     } else if (sa_family == AF_PACKET) {
1362 	struct target_sockaddr_ll *lladdr;
1363 
1364 	lladdr = (struct target_sockaddr_ll *)addr;
1365 	lladdr->sll_ifindex = tswap32(lladdr->sll_ifindex);
1366 	lladdr->sll_hatype = tswap16(lladdr->sll_hatype);
1367     }
1368     unlock_user(target_saddr, target_addr, 0);
1369 
1370     return 0;
1371 }
1372 
1373 static inline abi_long host_to_target_sockaddr(abi_ulong target_addr,
1374                                                struct sockaddr *addr,
1375                                                socklen_t len)
1376 {
1377     struct target_sockaddr *target_saddr;
1378 
1379     if (len == 0) {
1380         return 0;
1381     }
1382 
1383     target_saddr = lock_user(VERIFY_WRITE, target_addr, len, 0);
1384     if (!target_saddr)
1385         return -TARGET_EFAULT;
1386     memcpy(target_saddr, addr, len);
1387     if (len >= offsetof(struct target_sockaddr, sa_family) +
1388         sizeof(target_saddr->sa_family)) {
1389         target_saddr->sa_family = tswap16(addr->sa_family);
1390     }
1391     if (addr->sa_family == AF_NETLINK && len >= sizeof(struct sockaddr_nl)) {
1392         struct sockaddr_nl *target_nl = (struct sockaddr_nl *)target_saddr;
1393         target_nl->nl_pid = tswap32(target_nl->nl_pid);
1394         target_nl->nl_groups = tswap32(target_nl->nl_groups);
1395     } else if (addr->sa_family == AF_PACKET) {
1396         struct sockaddr_ll *target_ll = (struct sockaddr_ll *)target_saddr;
1397         target_ll->sll_ifindex = tswap32(target_ll->sll_ifindex);
1398         target_ll->sll_hatype = tswap16(target_ll->sll_hatype);
1399     }
1400     unlock_user(target_saddr, target_addr, len);
1401 
1402     return 0;
1403 }
1404 
1405 static inline abi_long target_to_host_cmsg(struct msghdr *msgh,
1406                                            struct target_msghdr *target_msgh)
1407 {
1408     struct cmsghdr *cmsg = CMSG_FIRSTHDR(msgh);
1409     abi_long msg_controllen;
1410     abi_ulong target_cmsg_addr;
1411     struct target_cmsghdr *target_cmsg, *target_cmsg_start;
1412     socklen_t space = 0;
1413 
1414     msg_controllen = tswapal(target_msgh->msg_controllen);
1415     if (msg_controllen < sizeof (struct target_cmsghdr))
1416         goto the_end;
1417     target_cmsg_addr = tswapal(target_msgh->msg_control);
1418     target_cmsg = lock_user(VERIFY_READ, target_cmsg_addr, msg_controllen, 1);
1419     target_cmsg_start = target_cmsg;
1420     if (!target_cmsg)
1421         return -TARGET_EFAULT;
1422 
1423     while (cmsg && target_cmsg) {
1424         void *data = CMSG_DATA(cmsg);
1425         void *target_data = TARGET_CMSG_DATA(target_cmsg);
1426 
1427         int len = tswapal(target_cmsg->cmsg_len)
1428                   - TARGET_CMSG_ALIGN(sizeof (struct target_cmsghdr));
1429 
1430         space += CMSG_SPACE(len);
1431         if (space > msgh->msg_controllen) {
1432             space -= CMSG_SPACE(len);
1433             /* This is a QEMU bug, since we allocated the payload
1434              * area ourselves (unlike overflow in host-to-target
1435              * conversion, which is just the guest giving us a buffer
1436              * that's too small). It can't happen for the payload types
1437              * we currently support; if it becomes an issue in future
1438              * we would need to improve our allocation strategy to
1439              * something more intelligent than "twice the size of the
1440              * target buffer we're reading from".
1441              */
1442             gemu_log("Host cmsg overflow\n");
1443             break;
1444         }
1445 
1446         if (tswap32(target_cmsg->cmsg_level) == TARGET_SOL_SOCKET) {
1447             cmsg->cmsg_level = SOL_SOCKET;
1448         } else {
1449             cmsg->cmsg_level = tswap32(target_cmsg->cmsg_level);
1450         }
1451         cmsg->cmsg_type = tswap32(target_cmsg->cmsg_type);
1452         cmsg->cmsg_len = CMSG_LEN(len);
1453 
1454         if (cmsg->cmsg_level == SOL_SOCKET && cmsg->cmsg_type == SCM_RIGHTS) {
1455             int *fd = (int *)data;
1456             int *target_fd = (int *)target_data;
1457             int i, numfds = len / sizeof(int);
1458 
1459             for (i = 0; i < numfds; i++) {
1460                 __get_user(fd[i], target_fd + i);
1461             }
1462         } else if (cmsg->cmsg_level == SOL_SOCKET
1463                &&  cmsg->cmsg_type == SCM_CREDENTIALS) {
1464             struct ucred *cred = (struct ucred *)data;
1465             struct target_ucred *target_cred =
1466                 (struct target_ucred *)target_data;
1467 
1468             __get_user(cred->pid, &target_cred->pid);
1469             __get_user(cred->uid, &target_cred->uid);
1470             __get_user(cred->gid, &target_cred->gid);
1471         } else {
1472             gemu_log("Unsupported ancillary data: %d/%d\n",
1473                                         cmsg->cmsg_level, cmsg->cmsg_type);
1474             memcpy(data, target_data, len);
1475         }
1476 
1477         cmsg = CMSG_NXTHDR(msgh, cmsg);
1478         target_cmsg = TARGET_CMSG_NXTHDR(target_msgh, target_cmsg,
1479                                          target_cmsg_start);
1480     }
1481     unlock_user(target_cmsg, target_cmsg_addr, 0);
1482  the_end:
1483     msgh->msg_controllen = space;
1484     return 0;
1485 }
1486 
1487 static inline abi_long host_to_target_cmsg(struct target_msghdr *target_msgh,
1488                                            struct msghdr *msgh)
1489 {
1490     struct cmsghdr *cmsg = CMSG_FIRSTHDR(msgh);
1491     abi_long msg_controllen;
1492     abi_ulong target_cmsg_addr;
1493     struct target_cmsghdr *target_cmsg, *target_cmsg_start;
1494     socklen_t space = 0;
1495 
1496     msg_controllen = tswapal(target_msgh->msg_controllen);
1497     if (msg_controllen < sizeof (struct target_cmsghdr))
1498         goto the_end;
1499     target_cmsg_addr = tswapal(target_msgh->msg_control);
1500     target_cmsg = lock_user(VERIFY_WRITE, target_cmsg_addr, msg_controllen, 0);
1501     target_cmsg_start = target_cmsg;
1502     if (!target_cmsg)
1503         return -TARGET_EFAULT;
1504 
1505     while (cmsg && target_cmsg) {
1506         void *data = CMSG_DATA(cmsg);
1507         void *target_data = TARGET_CMSG_DATA(target_cmsg);
1508 
1509         int len = cmsg->cmsg_len - CMSG_ALIGN(sizeof (struct cmsghdr));
1510         int tgt_len, tgt_space;
1511 
1512         /* We never copy a half-header but may copy half-data;
1513          * this is Linux's behaviour in put_cmsg(). Note that
1514          * truncation here is a guest problem (which we report
1515          * to the guest via the CTRUNC bit), unlike truncation
1516          * in target_to_host_cmsg, which is a QEMU bug.
1517          */
1518         if (msg_controllen < sizeof(struct cmsghdr)) {
1519             target_msgh->msg_flags |= tswap32(MSG_CTRUNC);
1520             break;
1521         }
1522 
1523         if (cmsg->cmsg_level == SOL_SOCKET) {
1524             target_cmsg->cmsg_level = tswap32(TARGET_SOL_SOCKET);
1525         } else {
1526             target_cmsg->cmsg_level = tswap32(cmsg->cmsg_level);
1527         }
1528         target_cmsg->cmsg_type = tswap32(cmsg->cmsg_type);
1529 
1530         tgt_len = TARGET_CMSG_LEN(len);
1531 
1532         /* Payload types which need a different size of payload on
1533          * the target must adjust tgt_len here.
1534          */
1535         switch (cmsg->cmsg_level) {
1536         case SOL_SOCKET:
1537             switch (cmsg->cmsg_type) {
1538             case SO_TIMESTAMP:
1539                 tgt_len = sizeof(struct target_timeval);
1540                 break;
1541             default:
1542                 break;
1543             }
1544         default:
1545             break;
1546         }
1547 
1548         if (msg_controllen < tgt_len) {
1549             target_msgh->msg_flags |= tswap32(MSG_CTRUNC);
1550             tgt_len = msg_controllen;
1551         }
1552 
1553         /* We must now copy-and-convert len bytes of payload
1554          * into tgt_len bytes of destination space. Bear in mind
1555          * that in both source and destination we may be dealing
1556          * with a truncated value!
1557          */
1558         switch (cmsg->cmsg_level) {
1559         case SOL_SOCKET:
1560             switch (cmsg->cmsg_type) {
1561             case SCM_RIGHTS:
1562             {
1563                 int *fd = (int *)data;
1564                 int *target_fd = (int *)target_data;
1565                 int i, numfds = tgt_len / sizeof(int);
1566 
1567                 for (i = 0; i < numfds; i++) {
1568                     __put_user(fd[i], target_fd + i);
1569                 }
1570                 break;
1571             }
1572             case SO_TIMESTAMP:
1573             {
1574                 struct timeval *tv = (struct timeval *)data;
1575                 struct target_timeval *target_tv =
1576                     (struct target_timeval *)target_data;
1577 
1578                 if (len != sizeof(struct timeval) ||
1579                     tgt_len != sizeof(struct target_timeval)) {
1580                     goto unimplemented;
1581                 }
1582 
1583                 /* copy struct timeval to target */
1584                 __put_user(tv->tv_sec, &target_tv->tv_sec);
1585                 __put_user(tv->tv_usec, &target_tv->tv_usec);
1586                 break;
1587             }
1588             case SCM_CREDENTIALS:
1589             {
1590                 struct ucred *cred = (struct ucred *)data;
1591                 struct target_ucred *target_cred =
1592                     (struct target_ucred *)target_data;
1593 
1594                 __put_user(cred->pid, &target_cred->pid);
1595                 __put_user(cred->uid, &target_cred->uid);
1596                 __put_user(cred->gid, &target_cred->gid);
1597                 break;
1598             }
1599             default:
1600                 goto unimplemented;
1601             }
1602             break;
1603 
1604         default:
1605         unimplemented:
1606             gemu_log("Unsupported ancillary data: %d/%d\n",
1607                                         cmsg->cmsg_level, cmsg->cmsg_type);
1608             memcpy(target_data, data, MIN(len, tgt_len));
1609             if (tgt_len > len) {
1610                 memset(target_data + len, 0, tgt_len - len);
1611             }
1612         }
1613 
1614         target_cmsg->cmsg_len = tswapal(tgt_len);
1615         tgt_space = TARGET_CMSG_SPACE(len);
1616         if (msg_controllen < tgt_space) {
1617             tgt_space = msg_controllen;
1618         }
1619         msg_controllen -= tgt_space;
1620         space += tgt_space;
1621         cmsg = CMSG_NXTHDR(msgh, cmsg);
1622         target_cmsg = TARGET_CMSG_NXTHDR(target_msgh, target_cmsg,
1623                                          target_cmsg_start);
1624     }
1625     unlock_user(target_cmsg, target_cmsg_addr, space);
1626  the_end:
1627     target_msgh->msg_controllen = tswapal(space);
1628     return 0;
1629 }
1630 
1631 static void tswap_nlmsghdr(struct nlmsghdr *nlh)
1632 {
1633     nlh->nlmsg_len = tswap32(nlh->nlmsg_len);
1634     nlh->nlmsg_type = tswap16(nlh->nlmsg_type);
1635     nlh->nlmsg_flags = tswap16(nlh->nlmsg_flags);
1636     nlh->nlmsg_seq = tswap32(nlh->nlmsg_seq);
1637     nlh->nlmsg_pid = tswap32(nlh->nlmsg_pid);
1638 }
1639 
1640 static abi_long host_to_target_for_each_nlmsg(struct nlmsghdr *nlh,
1641                                               size_t len,
1642                                               abi_long (*host_to_target_nlmsg)
1643                                                        (struct nlmsghdr *))
1644 {
1645     uint32_t nlmsg_len;
1646     abi_long ret;
1647 
1648     while (len > sizeof(struct nlmsghdr)) {
1649 
1650         nlmsg_len = nlh->nlmsg_len;
1651         if (nlmsg_len < sizeof(struct nlmsghdr) ||
1652             nlmsg_len > len) {
1653             break;
1654         }
1655 
1656         switch (nlh->nlmsg_type) {
1657         case NLMSG_DONE:
1658             tswap_nlmsghdr(nlh);
1659             return 0;
1660         case NLMSG_NOOP:
1661             break;
1662         case NLMSG_ERROR:
1663         {
1664             struct nlmsgerr *e = NLMSG_DATA(nlh);
1665             e->error = tswap32(e->error);
1666             tswap_nlmsghdr(&e->msg);
1667             tswap_nlmsghdr(nlh);
1668             return 0;
1669         }
1670         default:
1671             ret = host_to_target_nlmsg(nlh);
1672             if (ret < 0) {
1673                 tswap_nlmsghdr(nlh);
1674                 return ret;
1675             }
1676             break;
1677         }
1678         tswap_nlmsghdr(nlh);
1679         len -= NLMSG_ALIGN(nlmsg_len);
1680         nlh = (struct nlmsghdr *)(((char*)nlh) + NLMSG_ALIGN(nlmsg_len));
1681     }
1682     return 0;
1683 }
1684 
1685 static abi_long target_to_host_for_each_nlmsg(struct nlmsghdr *nlh,
1686                                               size_t len,
1687                                               abi_long (*target_to_host_nlmsg)
1688                                                        (struct nlmsghdr *))
1689 {
1690     int ret;
1691 
1692     while (len > sizeof(struct nlmsghdr)) {
1693         if (tswap32(nlh->nlmsg_len) < sizeof(struct nlmsghdr) ||
1694             tswap32(nlh->nlmsg_len) > len) {
1695             break;
1696         }
1697         tswap_nlmsghdr(nlh);
1698         switch (nlh->nlmsg_type) {
1699         case NLMSG_DONE:
1700             return 0;
1701         case NLMSG_NOOP:
1702             break;
1703         case NLMSG_ERROR:
1704         {
1705             struct nlmsgerr *e = NLMSG_DATA(nlh);
1706             e->error = tswap32(e->error);
1707             tswap_nlmsghdr(&e->msg);
1708             return 0;
1709         }
1710         default:
1711             ret = target_to_host_nlmsg(nlh);
1712             if (ret < 0) {
1713                 return ret;
1714             }
1715         }
1716         len -= NLMSG_ALIGN(nlh->nlmsg_len);
1717         nlh = (struct nlmsghdr *)(((char *)nlh) + NLMSG_ALIGN(nlh->nlmsg_len));
1718     }
1719     return 0;
1720 }
1721 
1722 #ifdef CONFIG_RTNETLINK
1723 static abi_long host_to_target_for_each_nlattr(struct nlattr *nlattr,
1724                                                size_t len, void *context,
1725                                                abi_long (*host_to_target_nlattr)
1726                                                         (struct nlattr *,
1727                                                          void *context))
1728 {
1729     unsigned short nla_len;
1730     abi_long ret;
1731 
1732     while (len > sizeof(struct nlattr)) {
1733         nla_len = nlattr->nla_len;
1734         if (nla_len < sizeof(struct nlattr) ||
1735             nla_len > len) {
1736             break;
1737         }
1738         ret = host_to_target_nlattr(nlattr, context);
1739         nlattr->nla_len = tswap16(nlattr->nla_len);
1740         nlattr->nla_type = tswap16(nlattr->nla_type);
1741         if (ret < 0) {
1742             return ret;
1743         }
1744         len -= NLA_ALIGN(nla_len);
1745         nlattr = (struct nlattr *)(((char *)nlattr) + NLA_ALIGN(nla_len));
1746     }
1747     return 0;
1748 }
1749 
1750 static abi_long host_to_target_for_each_rtattr(struct rtattr *rtattr,
1751                                                size_t len,
1752                                                abi_long (*host_to_target_rtattr)
1753                                                         (struct rtattr *))
1754 {
1755     unsigned short rta_len;
1756     abi_long ret;
1757 
1758     while (len > sizeof(struct rtattr)) {
1759         rta_len = rtattr->rta_len;
1760         if (rta_len < sizeof(struct rtattr) ||
1761             rta_len > len) {
1762             break;
1763         }
1764         ret = host_to_target_rtattr(rtattr);
1765         rtattr->rta_len = tswap16(rtattr->rta_len);
1766         rtattr->rta_type = tswap16(rtattr->rta_type);
1767         if (ret < 0) {
1768             return ret;
1769         }
1770         len -= RTA_ALIGN(rta_len);
1771         rtattr = (struct rtattr *)(((char *)rtattr) + RTA_ALIGN(rta_len));
1772     }
1773     return 0;
1774 }
1775 
1776 #define NLA_DATA(nla) ((void *)((char *)(nla)) + NLA_HDRLEN)
1777 
1778 static abi_long host_to_target_data_bridge_nlattr(struct nlattr *nlattr,
1779                                                   void *context)
1780 {
1781     uint16_t *u16;
1782     uint32_t *u32;
1783     uint64_t *u64;
1784 
1785     switch (nlattr->nla_type) {
1786     /* no data */
1787     case IFLA_BR_FDB_FLUSH:
1788         break;
1789     /* binary */
1790     case IFLA_BR_GROUP_ADDR:
1791         break;
1792     /* uint8_t */
1793     case IFLA_BR_VLAN_FILTERING:
1794     case IFLA_BR_TOPOLOGY_CHANGE:
1795     case IFLA_BR_TOPOLOGY_CHANGE_DETECTED:
1796     case IFLA_BR_MCAST_ROUTER:
1797     case IFLA_BR_MCAST_SNOOPING:
1798     case IFLA_BR_MCAST_QUERY_USE_IFADDR:
1799     case IFLA_BR_MCAST_QUERIER:
1800     case IFLA_BR_NF_CALL_IPTABLES:
1801     case IFLA_BR_NF_CALL_IP6TABLES:
1802     case IFLA_BR_NF_CALL_ARPTABLES:
1803         break;
1804     /* uint16_t */
1805     case IFLA_BR_PRIORITY:
1806     case IFLA_BR_VLAN_PROTOCOL:
1807     case IFLA_BR_GROUP_FWD_MASK:
1808     case IFLA_BR_ROOT_PORT:
1809     case IFLA_BR_VLAN_DEFAULT_PVID:
1810         u16 = NLA_DATA(nlattr);
1811         *u16 = tswap16(*u16);
1812         break;
1813     /* uint32_t */
1814     case IFLA_BR_FORWARD_DELAY:
1815     case IFLA_BR_HELLO_TIME:
1816     case IFLA_BR_MAX_AGE:
1817     case IFLA_BR_AGEING_TIME:
1818     case IFLA_BR_STP_STATE:
1819     case IFLA_BR_ROOT_PATH_COST:
1820     case IFLA_BR_MCAST_HASH_ELASTICITY:
1821     case IFLA_BR_MCAST_HASH_MAX:
1822     case IFLA_BR_MCAST_LAST_MEMBER_CNT:
1823     case IFLA_BR_MCAST_STARTUP_QUERY_CNT:
1824         u32 = NLA_DATA(nlattr);
1825         *u32 = tswap32(*u32);
1826         break;
1827     /* uint64_t */
1828     case IFLA_BR_HELLO_TIMER:
1829     case IFLA_BR_TCN_TIMER:
1830     case IFLA_BR_GC_TIMER:
1831     case IFLA_BR_TOPOLOGY_CHANGE_TIMER:
1832     case IFLA_BR_MCAST_LAST_MEMBER_INTVL:
1833     case IFLA_BR_MCAST_MEMBERSHIP_INTVL:
1834     case IFLA_BR_MCAST_QUERIER_INTVL:
1835     case IFLA_BR_MCAST_QUERY_INTVL:
1836     case IFLA_BR_MCAST_QUERY_RESPONSE_INTVL:
1837     case IFLA_BR_MCAST_STARTUP_QUERY_INTVL:
1838         u64 = NLA_DATA(nlattr);
1839         *u64 = tswap64(*u64);
1840         break;
1841     /* ifla_bridge_id: uin8_t[] */
1842     case IFLA_BR_ROOT_ID:
1843     case IFLA_BR_BRIDGE_ID:
1844         break;
1845     default:
1846         gemu_log("Unknown IFLA_BR type %d\n", nlattr->nla_type);
1847         break;
1848     }
1849     return 0;
1850 }
1851 
1852 static abi_long host_to_target_slave_data_bridge_nlattr(struct nlattr *nlattr,
1853                                                         void *context)
1854 {
1855     uint16_t *u16;
1856     uint32_t *u32;
1857     uint64_t *u64;
1858 
1859     switch (nlattr->nla_type) {
1860     /* uint8_t */
1861     case IFLA_BRPORT_STATE:
1862     case IFLA_BRPORT_MODE:
1863     case IFLA_BRPORT_GUARD:
1864     case IFLA_BRPORT_PROTECT:
1865     case IFLA_BRPORT_FAST_LEAVE:
1866     case IFLA_BRPORT_LEARNING:
1867     case IFLA_BRPORT_UNICAST_FLOOD:
1868     case IFLA_BRPORT_PROXYARP:
1869     case IFLA_BRPORT_LEARNING_SYNC:
1870     case IFLA_BRPORT_PROXYARP_WIFI:
1871     case IFLA_BRPORT_TOPOLOGY_CHANGE_ACK:
1872     case IFLA_BRPORT_CONFIG_PENDING:
1873     case IFLA_BRPORT_MULTICAST_ROUTER:
1874         break;
1875     /* uint16_t */
1876     case IFLA_BRPORT_PRIORITY:
1877     case IFLA_BRPORT_DESIGNATED_PORT:
1878     case IFLA_BRPORT_DESIGNATED_COST:
1879     case IFLA_BRPORT_ID:
1880     case IFLA_BRPORT_NO:
1881         u16 = NLA_DATA(nlattr);
1882         *u16 = tswap16(*u16);
1883         break;
1884     /* uin32_t */
1885     case IFLA_BRPORT_COST:
1886         u32 = NLA_DATA(nlattr);
1887         *u32 = tswap32(*u32);
1888         break;
1889     /* uint64_t */
1890     case IFLA_BRPORT_MESSAGE_AGE_TIMER:
1891     case IFLA_BRPORT_FORWARD_DELAY_TIMER:
1892     case IFLA_BRPORT_HOLD_TIMER:
1893         u64 = NLA_DATA(nlattr);
1894         *u64 = tswap64(*u64);
1895         break;
1896     /* ifla_bridge_id: uint8_t[] */
1897     case IFLA_BRPORT_ROOT_ID:
1898     case IFLA_BRPORT_BRIDGE_ID:
1899         break;
1900     default:
1901         gemu_log("Unknown IFLA_BRPORT type %d\n", nlattr->nla_type);
1902         break;
1903     }
1904     return 0;
1905 }
1906 
1907 struct linkinfo_context {
1908     int len;
1909     char *name;
1910     int slave_len;
1911     char *slave_name;
1912 };
1913 
1914 static abi_long host_to_target_data_linkinfo_nlattr(struct nlattr *nlattr,
1915                                                     void *context)
1916 {
1917     struct linkinfo_context *li_context = context;
1918 
1919     switch (nlattr->nla_type) {
1920     /* string */
1921     case IFLA_INFO_KIND:
1922         li_context->name = NLA_DATA(nlattr);
1923         li_context->len = nlattr->nla_len - NLA_HDRLEN;
1924         break;
1925     case IFLA_INFO_SLAVE_KIND:
1926         li_context->slave_name = NLA_DATA(nlattr);
1927         li_context->slave_len = nlattr->nla_len - NLA_HDRLEN;
1928         break;
1929     /* stats */
1930     case IFLA_INFO_XSTATS:
1931         /* FIXME: only used by CAN */
1932         break;
1933     /* nested */
1934     case IFLA_INFO_DATA:
1935         if (strncmp(li_context->name, "bridge",
1936                     li_context->len) == 0) {
1937             return host_to_target_for_each_nlattr(NLA_DATA(nlattr),
1938                                                   nlattr->nla_len,
1939                                                   NULL,
1940                                              host_to_target_data_bridge_nlattr);
1941         } else {
1942             gemu_log("Unknown IFLA_INFO_KIND %s\n", li_context->name);
1943         }
1944         break;
1945     case IFLA_INFO_SLAVE_DATA:
1946         if (strncmp(li_context->slave_name, "bridge",
1947                     li_context->slave_len) == 0) {
1948             return host_to_target_for_each_nlattr(NLA_DATA(nlattr),
1949                                                   nlattr->nla_len,
1950                                                   NULL,
1951                                        host_to_target_slave_data_bridge_nlattr);
1952         } else {
1953             gemu_log("Unknown IFLA_INFO_SLAVE_KIND %s\n",
1954                      li_context->slave_name);
1955         }
1956         break;
1957     default:
1958         gemu_log("Unknown host IFLA_INFO type: %d\n", nlattr->nla_type);
1959         break;
1960     }
1961 
1962     return 0;
1963 }
1964 
1965 static abi_long host_to_target_data_inet_nlattr(struct nlattr *nlattr,
1966                                                 void *context)
1967 {
1968     uint32_t *u32;
1969     int i;
1970 
1971     switch (nlattr->nla_type) {
1972     case IFLA_INET_CONF:
1973         u32 = NLA_DATA(nlattr);
1974         for (i = 0; i < (nlattr->nla_len - NLA_HDRLEN) / sizeof(*u32);
1975              i++) {
1976             u32[i] = tswap32(u32[i]);
1977         }
1978         break;
1979     default:
1980         gemu_log("Unknown host AF_INET type: %d\n", nlattr->nla_type);
1981     }
1982     return 0;
1983 }
1984 
1985 static abi_long host_to_target_data_inet6_nlattr(struct nlattr *nlattr,
1986                                                 void *context)
1987 {
1988     uint32_t *u32;
1989     uint64_t *u64;
1990     struct ifla_cacheinfo *ci;
1991     int i;
1992 
1993     switch (nlattr->nla_type) {
1994     /* binaries */
1995     case IFLA_INET6_TOKEN:
1996         break;
1997     /* uint8_t */
1998     case IFLA_INET6_ADDR_GEN_MODE:
1999         break;
2000     /* uint32_t */
2001     case IFLA_INET6_FLAGS:
2002         u32 = NLA_DATA(nlattr);
2003         *u32 = tswap32(*u32);
2004         break;
2005     /* uint32_t[] */
2006     case IFLA_INET6_CONF:
2007         u32 = NLA_DATA(nlattr);
2008         for (i = 0; i < (nlattr->nla_len - NLA_HDRLEN) / sizeof(*u32);
2009              i++) {
2010             u32[i] = tswap32(u32[i]);
2011         }
2012         break;
2013     /* ifla_cacheinfo */
2014     case IFLA_INET6_CACHEINFO:
2015         ci = NLA_DATA(nlattr);
2016         ci->max_reasm_len = tswap32(ci->max_reasm_len);
2017         ci->tstamp = tswap32(ci->tstamp);
2018         ci->reachable_time = tswap32(ci->reachable_time);
2019         ci->retrans_time = tswap32(ci->retrans_time);
2020         break;
2021     /* uint64_t[] */
2022     case IFLA_INET6_STATS:
2023     case IFLA_INET6_ICMP6STATS:
2024         u64 = NLA_DATA(nlattr);
2025         for (i = 0; i < (nlattr->nla_len - NLA_HDRLEN) / sizeof(*u64);
2026              i++) {
2027             u64[i] = tswap64(u64[i]);
2028         }
2029         break;
2030     default:
2031         gemu_log("Unknown host AF_INET6 type: %d\n", nlattr->nla_type);
2032     }
2033     return 0;
2034 }
2035 
2036 static abi_long host_to_target_data_spec_nlattr(struct nlattr *nlattr,
2037                                                     void *context)
2038 {
2039     switch (nlattr->nla_type) {
2040     case AF_INET:
2041         return host_to_target_for_each_nlattr(NLA_DATA(nlattr), nlattr->nla_len,
2042                                               NULL,
2043                                              host_to_target_data_inet_nlattr);
2044     case AF_INET6:
2045         return host_to_target_for_each_nlattr(NLA_DATA(nlattr), nlattr->nla_len,
2046                                               NULL,
2047                                              host_to_target_data_inet6_nlattr);
2048     default:
2049         gemu_log("Unknown host AF_SPEC type: %d\n", nlattr->nla_type);
2050         break;
2051     }
2052     return 0;
2053 }
2054 
2055 static abi_long host_to_target_data_link_rtattr(struct rtattr *rtattr)
2056 {
2057     uint32_t *u32;
2058     struct rtnl_link_stats *st;
2059     struct rtnl_link_stats64 *st64;
2060     struct rtnl_link_ifmap *map;
2061     struct linkinfo_context li_context;
2062 
2063     switch (rtattr->rta_type) {
2064     /* binary stream */
2065     case IFLA_ADDRESS:
2066     case IFLA_BROADCAST:
2067     /* string */
2068     case IFLA_IFNAME:
2069     case IFLA_QDISC:
2070         break;
2071     /* uin8_t */
2072     case IFLA_OPERSTATE:
2073     case IFLA_LINKMODE:
2074     case IFLA_CARRIER:
2075     case IFLA_PROTO_DOWN:
2076         break;
2077     /* uint32_t */
2078     case IFLA_MTU:
2079     case IFLA_LINK:
2080     case IFLA_WEIGHT:
2081     case IFLA_TXQLEN:
2082     case IFLA_CARRIER_CHANGES:
2083     case IFLA_NUM_RX_QUEUES:
2084     case IFLA_NUM_TX_QUEUES:
2085     case IFLA_PROMISCUITY:
2086     case IFLA_EXT_MASK:
2087     case IFLA_LINK_NETNSID:
2088     case IFLA_GROUP:
2089     case IFLA_MASTER:
2090     case IFLA_NUM_VF:
2091         u32 = RTA_DATA(rtattr);
2092         *u32 = tswap32(*u32);
2093         break;
2094     /* struct rtnl_link_stats */
2095     case IFLA_STATS:
2096         st = RTA_DATA(rtattr);
2097         st->rx_packets = tswap32(st->rx_packets);
2098         st->tx_packets = tswap32(st->tx_packets);
2099         st->rx_bytes = tswap32(st->rx_bytes);
2100         st->tx_bytes = tswap32(st->tx_bytes);
2101         st->rx_errors = tswap32(st->rx_errors);
2102         st->tx_errors = tswap32(st->tx_errors);
2103         st->rx_dropped = tswap32(st->rx_dropped);
2104         st->tx_dropped = tswap32(st->tx_dropped);
2105         st->multicast = tswap32(st->multicast);
2106         st->collisions = tswap32(st->collisions);
2107 
2108         /* detailed rx_errors: */
2109         st->rx_length_errors = tswap32(st->rx_length_errors);
2110         st->rx_over_errors = tswap32(st->rx_over_errors);
2111         st->rx_crc_errors = tswap32(st->rx_crc_errors);
2112         st->rx_frame_errors = tswap32(st->rx_frame_errors);
2113         st->rx_fifo_errors = tswap32(st->rx_fifo_errors);
2114         st->rx_missed_errors = tswap32(st->rx_missed_errors);
2115 
2116         /* detailed tx_errors */
2117         st->tx_aborted_errors = tswap32(st->tx_aborted_errors);
2118         st->tx_carrier_errors = tswap32(st->tx_carrier_errors);
2119         st->tx_fifo_errors = tswap32(st->tx_fifo_errors);
2120         st->tx_heartbeat_errors = tswap32(st->tx_heartbeat_errors);
2121         st->tx_window_errors = tswap32(st->tx_window_errors);
2122 
2123         /* for cslip etc */
2124         st->rx_compressed = tswap32(st->rx_compressed);
2125         st->tx_compressed = tswap32(st->tx_compressed);
2126         break;
2127     /* struct rtnl_link_stats64 */
2128     case IFLA_STATS64:
2129         st64 = RTA_DATA(rtattr);
2130         st64->rx_packets = tswap64(st64->rx_packets);
2131         st64->tx_packets = tswap64(st64->tx_packets);
2132         st64->rx_bytes = tswap64(st64->rx_bytes);
2133         st64->tx_bytes = tswap64(st64->tx_bytes);
2134         st64->rx_errors = tswap64(st64->rx_errors);
2135         st64->tx_errors = tswap64(st64->tx_errors);
2136         st64->rx_dropped = tswap64(st64->rx_dropped);
2137         st64->tx_dropped = tswap64(st64->tx_dropped);
2138         st64->multicast = tswap64(st64->multicast);
2139         st64->collisions = tswap64(st64->collisions);
2140 
2141         /* detailed rx_errors: */
2142         st64->rx_length_errors = tswap64(st64->rx_length_errors);
2143         st64->rx_over_errors = tswap64(st64->rx_over_errors);
2144         st64->rx_crc_errors = tswap64(st64->rx_crc_errors);
2145         st64->rx_frame_errors = tswap64(st64->rx_frame_errors);
2146         st64->rx_fifo_errors = tswap64(st64->rx_fifo_errors);
2147         st64->rx_missed_errors = tswap64(st64->rx_missed_errors);
2148 
2149         /* detailed tx_errors */
2150         st64->tx_aborted_errors = tswap64(st64->tx_aborted_errors);
2151         st64->tx_carrier_errors = tswap64(st64->tx_carrier_errors);
2152         st64->tx_fifo_errors = tswap64(st64->tx_fifo_errors);
2153         st64->tx_heartbeat_errors = tswap64(st64->tx_heartbeat_errors);
2154         st64->tx_window_errors = tswap64(st64->tx_window_errors);
2155 
2156         /* for cslip etc */
2157         st64->rx_compressed = tswap64(st64->rx_compressed);
2158         st64->tx_compressed = tswap64(st64->tx_compressed);
2159         break;
2160     /* struct rtnl_link_ifmap */
2161     case IFLA_MAP:
2162         map = RTA_DATA(rtattr);
2163         map->mem_start = tswap64(map->mem_start);
2164         map->mem_end = tswap64(map->mem_end);
2165         map->base_addr = tswap64(map->base_addr);
2166         map->irq = tswap16(map->irq);
2167         break;
2168     /* nested */
2169     case IFLA_LINKINFO:
2170         memset(&li_context, 0, sizeof(li_context));
2171         return host_to_target_for_each_nlattr(RTA_DATA(rtattr), rtattr->rta_len,
2172                                               &li_context,
2173                                            host_to_target_data_linkinfo_nlattr);
2174     case IFLA_AF_SPEC:
2175         return host_to_target_for_each_nlattr(RTA_DATA(rtattr), rtattr->rta_len,
2176                                               NULL,
2177                                              host_to_target_data_spec_nlattr);
2178     default:
2179         gemu_log("Unknown host IFLA type: %d\n", rtattr->rta_type);
2180         break;
2181     }
2182     return 0;
2183 }
2184 
2185 static abi_long host_to_target_data_addr_rtattr(struct rtattr *rtattr)
2186 {
2187     uint32_t *u32;
2188     struct ifa_cacheinfo *ci;
2189 
2190     switch (rtattr->rta_type) {
2191     /* binary: depends on family type */
2192     case IFA_ADDRESS:
2193     case IFA_LOCAL:
2194         break;
2195     /* string */
2196     case IFA_LABEL:
2197         break;
2198     /* u32 */
2199     case IFA_FLAGS:
2200     case IFA_BROADCAST:
2201         u32 = RTA_DATA(rtattr);
2202         *u32 = tswap32(*u32);
2203         break;
2204     /* struct ifa_cacheinfo */
2205     case IFA_CACHEINFO:
2206         ci = RTA_DATA(rtattr);
2207         ci->ifa_prefered = tswap32(ci->ifa_prefered);
2208         ci->ifa_valid = tswap32(ci->ifa_valid);
2209         ci->cstamp = tswap32(ci->cstamp);
2210         ci->tstamp = tswap32(ci->tstamp);
2211         break;
2212     default:
2213         gemu_log("Unknown host IFA type: %d\n", rtattr->rta_type);
2214         break;
2215     }
2216     return 0;
2217 }
2218 
2219 static abi_long host_to_target_data_route_rtattr(struct rtattr *rtattr)
2220 {
2221     uint32_t *u32;
2222     switch (rtattr->rta_type) {
2223     /* binary: depends on family type */
2224     case RTA_GATEWAY:
2225     case RTA_DST:
2226     case RTA_PREFSRC:
2227         break;
2228     /* u32 */
2229     case RTA_PRIORITY:
2230     case RTA_TABLE:
2231     case RTA_OIF:
2232         u32 = RTA_DATA(rtattr);
2233         *u32 = tswap32(*u32);
2234         break;
2235     default:
2236         gemu_log("Unknown host RTA type: %d\n", rtattr->rta_type);
2237         break;
2238     }
2239     return 0;
2240 }
2241 
2242 static abi_long host_to_target_link_rtattr(struct rtattr *rtattr,
2243                                          uint32_t rtattr_len)
2244 {
2245     return host_to_target_for_each_rtattr(rtattr, rtattr_len,
2246                                           host_to_target_data_link_rtattr);
2247 }
2248 
2249 static abi_long host_to_target_addr_rtattr(struct rtattr *rtattr,
2250                                          uint32_t rtattr_len)
2251 {
2252     return host_to_target_for_each_rtattr(rtattr, rtattr_len,
2253                                           host_to_target_data_addr_rtattr);
2254 }
2255 
2256 static abi_long host_to_target_route_rtattr(struct rtattr *rtattr,
2257                                          uint32_t rtattr_len)
2258 {
2259     return host_to_target_for_each_rtattr(rtattr, rtattr_len,
2260                                           host_to_target_data_route_rtattr);
2261 }
2262 
2263 static abi_long host_to_target_data_route(struct nlmsghdr *nlh)
2264 {
2265     uint32_t nlmsg_len;
2266     struct ifinfomsg *ifi;
2267     struct ifaddrmsg *ifa;
2268     struct rtmsg *rtm;
2269 
2270     nlmsg_len = nlh->nlmsg_len;
2271     switch (nlh->nlmsg_type) {
2272     case RTM_NEWLINK:
2273     case RTM_DELLINK:
2274     case RTM_GETLINK:
2275         if (nlh->nlmsg_len >= NLMSG_LENGTH(sizeof(*ifi))) {
2276             ifi = NLMSG_DATA(nlh);
2277             ifi->ifi_type = tswap16(ifi->ifi_type);
2278             ifi->ifi_index = tswap32(ifi->ifi_index);
2279             ifi->ifi_flags = tswap32(ifi->ifi_flags);
2280             ifi->ifi_change = tswap32(ifi->ifi_change);
2281             host_to_target_link_rtattr(IFLA_RTA(ifi),
2282                                        nlmsg_len - NLMSG_LENGTH(sizeof(*ifi)));
2283         }
2284         break;
2285     case RTM_NEWADDR:
2286     case RTM_DELADDR:
2287     case RTM_GETADDR:
2288         if (nlh->nlmsg_len >= NLMSG_LENGTH(sizeof(*ifa))) {
2289             ifa = NLMSG_DATA(nlh);
2290             ifa->ifa_index = tswap32(ifa->ifa_index);
2291             host_to_target_addr_rtattr(IFA_RTA(ifa),
2292                                        nlmsg_len - NLMSG_LENGTH(sizeof(*ifa)));
2293         }
2294         break;
2295     case RTM_NEWROUTE:
2296     case RTM_DELROUTE:
2297     case RTM_GETROUTE:
2298         if (nlh->nlmsg_len >= NLMSG_LENGTH(sizeof(*rtm))) {
2299             rtm = NLMSG_DATA(nlh);
2300             rtm->rtm_flags = tswap32(rtm->rtm_flags);
2301             host_to_target_route_rtattr(RTM_RTA(rtm),
2302                                         nlmsg_len - NLMSG_LENGTH(sizeof(*rtm)));
2303         }
2304         break;
2305     default:
2306         return -TARGET_EINVAL;
2307     }
2308     return 0;
2309 }
2310 
2311 static inline abi_long host_to_target_nlmsg_route(struct nlmsghdr *nlh,
2312                                                   size_t len)
2313 {
2314     return host_to_target_for_each_nlmsg(nlh, len, host_to_target_data_route);
2315 }
2316 
2317 static abi_long target_to_host_for_each_rtattr(struct rtattr *rtattr,
2318                                                size_t len,
2319                                                abi_long (*target_to_host_rtattr)
2320                                                         (struct rtattr *))
2321 {
2322     abi_long ret;
2323 
2324     while (len >= sizeof(struct rtattr)) {
2325         if (tswap16(rtattr->rta_len) < sizeof(struct rtattr) ||
2326             tswap16(rtattr->rta_len) > len) {
2327             break;
2328         }
2329         rtattr->rta_len = tswap16(rtattr->rta_len);
2330         rtattr->rta_type = tswap16(rtattr->rta_type);
2331         ret = target_to_host_rtattr(rtattr);
2332         if (ret < 0) {
2333             return ret;
2334         }
2335         len -= RTA_ALIGN(rtattr->rta_len);
2336         rtattr = (struct rtattr *)(((char *)rtattr) +
2337                  RTA_ALIGN(rtattr->rta_len));
2338     }
2339     return 0;
2340 }
2341 
2342 static abi_long target_to_host_data_link_rtattr(struct rtattr *rtattr)
2343 {
2344     switch (rtattr->rta_type) {
2345     default:
2346         gemu_log("Unknown target IFLA type: %d\n", rtattr->rta_type);
2347         break;
2348     }
2349     return 0;
2350 }
2351 
2352 static abi_long target_to_host_data_addr_rtattr(struct rtattr *rtattr)
2353 {
2354     switch (rtattr->rta_type) {
2355     /* binary: depends on family type */
2356     case IFA_LOCAL:
2357     case IFA_ADDRESS:
2358         break;
2359     default:
2360         gemu_log("Unknown target IFA type: %d\n", rtattr->rta_type);
2361         break;
2362     }
2363     return 0;
2364 }
2365 
2366 static abi_long target_to_host_data_route_rtattr(struct rtattr *rtattr)
2367 {
2368     uint32_t *u32;
2369     switch (rtattr->rta_type) {
2370     /* binary: depends on family type */
2371     case RTA_DST:
2372     case RTA_SRC:
2373     case RTA_GATEWAY:
2374         break;
2375     /* u32 */
2376     case RTA_OIF:
2377         u32 = RTA_DATA(rtattr);
2378         *u32 = tswap32(*u32);
2379         break;
2380     default:
2381         gemu_log("Unknown target RTA type: %d\n", rtattr->rta_type);
2382         break;
2383     }
2384     return 0;
2385 }
2386 
2387 static void target_to_host_link_rtattr(struct rtattr *rtattr,
2388                                        uint32_t rtattr_len)
2389 {
2390     target_to_host_for_each_rtattr(rtattr, rtattr_len,
2391                                    target_to_host_data_link_rtattr);
2392 }
2393 
2394 static void target_to_host_addr_rtattr(struct rtattr *rtattr,
2395                                      uint32_t rtattr_len)
2396 {
2397     target_to_host_for_each_rtattr(rtattr, rtattr_len,
2398                                    target_to_host_data_addr_rtattr);
2399 }
2400 
2401 static void target_to_host_route_rtattr(struct rtattr *rtattr,
2402                                      uint32_t rtattr_len)
2403 {
2404     target_to_host_for_each_rtattr(rtattr, rtattr_len,
2405                                    target_to_host_data_route_rtattr);
2406 }
2407 
2408 static abi_long target_to_host_data_route(struct nlmsghdr *nlh)
2409 {
2410     struct ifinfomsg *ifi;
2411     struct ifaddrmsg *ifa;
2412     struct rtmsg *rtm;
2413 
2414     switch (nlh->nlmsg_type) {
2415     case RTM_GETLINK:
2416         break;
2417     case RTM_NEWLINK:
2418     case RTM_DELLINK:
2419         if (nlh->nlmsg_len >= NLMSG_LENGTH(sizeof(*ifi))) {
2420             ifi = NLMSG_DATA(nlh);
2421             ifi->ifi_type = tswap16(ifi->ifi_type);
2422             ifi->ifi_index = tswap32(ifi->ifi_index);
2423             ifi->ifi_flags = tswap32(ifi->ifi_flags);
2424             ifi->ifi_change = tswap32(ifi->ifi_change);
2425             target_to_host_link_rtattr(IFLA_RTA(ifi), nlh->nlmsg_len -
2426                                        NLMSG_LENGTH(sizeof(*ifi)));
2427         }
2428         break;
2429     case RTM_GETADDR:
2430     case RTM_NEWADDR:
2431     case RTM_DELADDR:
2432         if (nlh->nlmsg_len >= NLMSG_LENGTH(sizeof(*ifa))) {
2433             ifa = NLMSG_DATA(nlh);
2434             ifa->ifa_index = tswap32(ifa->ifa_index);
2435             target_to_host_addr_rtattr(IFA_RTA(ifa), nlh->nlmsg_len -
2436                                        NLMSG_LENGTH(sizeof(*ifa)));
2437         }
2438         break;
2439     case RTM_GETROUTE:
2440         break;
2441     case RTM_NEWROUTE:
2442     case RTM_DELROUTE:
2443         if (nlh->nlmsg_len >= NLMSG_LENGTH(sizeof(*rtm))) {
2444             rtm = NLMSG_DATA(nlh);
2445             rtm->rtm_flags = tswap32(rtm->rtm_flags);
2446             target_to_host_route_rtattr(RTM_RTA(rtm), nlh->nlmsg_len -
2447                                         NLMSG_LENGTH(sizeof(*rtm)));
2448         }
2449         break;
2450     default:
2451         return -TARGET_EOPNOTSUPP;
2452     }
2453     return 0;
2454 }
2455 
2456 static abi_long target_to_host_nlmsg_route(struct nlmsghdr *nlh, size_t len)
2457 {
2458     return target_to_host_for_each_nlmsg(nlh, len, target_to_host_data_route);
2459 }
2460 #endif /* CONFIG_RTNETLINK */
2461 
2462 static abi_long host_to_target_data_audit(struct nlmsghdr *nlh)
2463 {
2464     switch (nlh->nlmsg_type) {
2465     default:
2466         gemu_log("Unknown host audit message type %d\n",
2467                  nlh->nlmsg_type);
2468         return -TARGET_EINVAL;
2469     }
2470     return 0;
2471 }
2472 
2473 static inline abi_long host_to_target_nlmsg_audit(struct nlmsghdr *nlh,
2474                                                   size_t len)
2475 {
2476     return host_to_target_for_each_nlmsg(nlh, len, host_to_target_data_audit);
2477 }
2478 
2479 static abi_long target_to_host_data_audit(struct nlmsghdr *nlh)
2480 {
2481     switch (nlh->nlmsg_type) {
2482     case AUDIT_USER:
2483     case AUDIT_FIRST_USER_MSG ... AUDIT_LAST_USER_MSG:
2484     case AUDIT_FIRST_USER_MSG2 ... AUDIT_LAST_USER_MSG2:
2485         break;
2486     default:
2487         gemu_log("Unknown target audit message type %d\n",
2488                  nlh->nlmsg_type);
2489         return -TARGET_EINVAL;
2490     }
2491 
2492     return 0;
2493 }
2494 
2495 static abi_long target_to_host_nlmsg_audit(struct nlmsghdr *nlh, size_t len)
2496 {
2497     return target_to_host_for_each_nlmsg(nlh, len, target_to_host_data_audit);
2498 }
2499 
2500 /* do_setsockopt() Must return target values and target errnos. */
2501 static abi_long do_setsockopt(int sockfd, int level, int optname,
2502                               abi_ulong optval_addr, socklen_t optlen)
2503 {
2504     abi_long ret;
2505     int val;
2506     struct ip_mreqn *ip_mreq;
2507     struct ip_mreq_source *ip_mreq_source;
2508 
2509     switch(level) {
2510     case SOL_TCP:
2511         /* TCP options all take an 'int' value.  */
2512         if (optlen < sizeof(uint32_t))
2513             return -TARGET_EINVAL;
2514 
2515         if (get_user_u32(val, optval_addr))
2516             return -TARGET_EFAULT;
2517         ret = get_errno(setsockopt(sockfd, level, optname, &val, sizeof(val)));
2518         break;
2519     case SOL_IP:
2520         switch(optname) {
2521         case IP_TOS:
2522         case IP_TTL:
2523         case IP_HDRINCL:
2524         case IP_ROUTER_ALERT:
2525         case IP_RECVOPTS:
2526         case IP_RETOPTS:
2527         case IP_PKTINFO:
2528         case IP_MTU_DISCOVER:
2529         case IP_RECVERR:
2530         case IP_RECVTOS:
2531 #ifdef IP_FREEBIND
2532         case IP_FREEBIND:
2533 #endif
2534         case IP_MULTICAST_TTL:
2535         case IP_MULTICAST_LOOP:
2536             val = 0;
2537             if (optlen >= sizeof(uint32_t)) {
2538                 if (get_user_u32(val, optval_addr))
2539                     return -TARGET_EFAULT;
2540             } else if (optlen >= 1) {
2541                 if (get_user_u8(val, optval_addr))
2542                     return -TARGET_EFAULT;
2543             }
2544             ret = get_errno(setsockopt(sockfd, level, optname, &val, sizeof(val)));
2545             break;
2546         case IP_ADD_MEMBERSHIP:
2547         case IP_DROP_MEMBERSHIP:
2548             if (optlen < sizeof (struct target_ip_mreq) ||
2549                 optlen > sizeof (struct target_ip_mreqn))
2550                 return -TARGET_EINVAL;
2551 
2552             ip_mreq = (struct ip_mreqn *) alloca(optlen);
2553             target_to_host_ip_mreq(ip_mreq, optval_addr, optlen);
2554             ret = get_errno(setsockopt(sockfd, level, optname, ip_mreq, optlen));
2555             break;
2556 
2557         case IP_BLOCK_SOURCE:
2558         case IP_UNBLOCK_SOURCE:
2559         case IP_ADD_SOURCE_MEMBERSHIP:
2560         case IP_DROP_SOURCE_MEMBERSHIP:
2561             if (optlen != sizeof (struct target_ip_mreq_source))
2562                 return -TARGET_EINVAL;
2563 
2564             ip_mreq_source = lock_user(VERIFY_READ, optval_addr, optlen, 1);
2565             ret = get_errno(setsockopt(sockfd, level, optname, ip_mreq_source, optlen));
2566             unlock_user (ip_mreq_source, optval_addr, 0);
2567             break;
2568 
2569         default:
2570             goto unimplemented;
2571         }
2572         break;
2573     case SOL_IPV6:
2574         switch (optname) {
2575         case IPV6_MTU_DISCOVER:
2576         case IPV6_MTU:
2577         case IPV6_V6ONLY:
2578         case IPV6_RECVPKTINFO:
2579             val = 0;
2580             if (optlen < sizeof(uint32_t)) {
2581                 return -TARGET_EINVAL;
2582             }
2583             if (get_user_u32(val, optval_addr)) {
2584                 return -TARGET_EFAULT;
2585             }
2586             ret = get_errno(setsockopt(sockfd, level, optname,
2587                                        &val, sizeof(val)));
2588             break;
2589         default:
2590             goto unimplemented;
2591         }
2592         break;
2593     case SOL_RAW:
2594         switch (optname) {
2595         case ICMP_FILTER:
2596             /* struct icmp_filter takes an u32 value */
2597             if (optlen < sizeof(uint32_t)) {
2598                 return -TARGET_EINVAL;
2599             }
2600 
2601             if (get_user_u32(val, optval_addr)) {
2602                 return -TARGET_EFAULT;
2603             }
2604             ret = get_errno(setsockopt(sockfd, level, optname,
2605                                        &val, sizeof(val)));
2606             break;
2607 
2608         default:
2609             goto unimplemented;
2610         }
2611         break;
2612     case TARGET_SOL_SOCKET:
2613         switch (optname) {
2614         case TARGET_SO_RCVTIMEO:
2615         {
2616                 struct timeval tv;
2617 
2618                 optname = SO_RCVTIMEO;
2619 
2620 set_timeout:
2621                 if (optlen != sizeof(struct target_timeval)) {
2622                     return -TARGET_EINVAL;
2623                 }
2624 
2625                 if (copy_from_user_timeval(&tv, optval_addr)) {
2626                     return -TARGET_EFAULT;
2627                 }
2628 
2629                 ret = get_errno(setsockopt(sockfd, SOL_SOCKET, optname,
2630                                 &tv, sizeof(tv)));
2631                 return ret;
2632         }
2633         case TARGET_SO_SNDTIMEO:
2634                 optname = SO_SNDTIMEO;
2635                 goto set_timeout;
2636         case TARGET_SO_ATTACH_FILTER:
2637         {
2638                 struct target_sock_fprog *tfprog;
2639                 struct target_sock_filter *tfilter;
2640                 struct sock_fprog fprog;
2641                 struct sock_filter *filter;
2642                 int i;
2643 
2644                 if (optlen != sizeof(*tfprog)) {
2645                     return -TARGET_EINVAL;
2646                 }
2647                 if (!lock_user_struct(VERIFY_READ, tfprog, optval_addr, 0)) {
2648                     return -TARGET_EFAULT;
2649                 }
2650                 if (!lock_user_struct(VERIFY_READ, tfilter,
2651                                       tswapal(tfprog->filter), 0)) {
2652                     unlock_user_struct(tfprog, optval_addr, 1);
2653                     return -TARGET_EFAULT;
2654                 }
2655 
2656                 fprog.len = tswap16(tfprog->len);
2657                 filter = g_try_new(struct sock_filter, fprog.len);
2658                 if (filter == NULL) {
2659                     unlock_user_struct(tfilter, tfprog->filter, 1);
2660                     unlock_user_struct(tfprog, optval_addr, 1);
2661                     return -TARGET_ENOMEM;
2662                 }
2663                 for (i = 0; i < fprog.len; i++) {
2664                     filter[i].code = tswap16(tfilter[i].code);
2665                     filter[i].jt = tfilter[i].jt;
2666                     filter[i].jf = tfilter[i].jf;
2667                     filter[i].k = tswap32(tfilter[i].k);
2668                 }
2669                 fprog.filter = filter;
2670 
2671                 ret = get_errno(setsockopt(sockfd, SOL_SOCKET,
2672                                 SO_ATTACH_FILTER, &fprog, sizeof(fprog)));
2673                 g_free(filter);
2674 
2675                 unlock_user_struct(tfilter, tfprog->filter, 1);
2676                 unlock_user_struct(tfprog, optval_addr, 1);
2677                 return ret;
2678         }
2679 	case TARGET_SO_BINDTODEVICE:
2680 	{
2681 		char *dev_ifname, *addr_ifname;
2682 
2683 		if (optlen > IFNAMSIZ - 1) {
2684 		    optlen = IFNAMSIZ - 1;
2685 		}
2686 		dev_ifname = lock_user(VERIFY_READ, optval_addr, optlen, 1);
2687 		if (!dev_ifname) {
2688 		    return -TARGET_EFAULT;
2689 		}
2690 		optname = SO_BINDTODEVICE;
2691 		addr_ifname = alloca(IFNAMSIZ);
2692 		memcpy(addr_ifname, dev_ifname, optlen);
2693 		addr_ifname[optlen] = 0;
2694 		ret = get_errno(setsockopt(sockfd, SOL_SOCKET, optname,
2695                                            addr_ifname, optlen));
2696 		unlock_user (dev_ifname, optval_addr, 0);
2697 		return ret;
2698 	}
2699             /* Options with 'int' argument.  */
2700         case TARGET_SO_DEBUG:
2701 		optname = SO_DEBUG;
2702 		break;
2703         case TARGET_SO_REUSEADDR:
2704 		optname = SO_REUSEADDR;
2705 		break;
2706         case TARGET_SO_TYPE:
2707 		optname = SO_TYPE;
2708 		break;
2709         case TARGET_SO_ERROR:
2710 		optname = SO_ERROR;
2711 		break;
2712         case TARGET_SO_DONTROUTE:
2713 		optname = SO_DONTROUTE;
2714 		break;
2715         case TARGET_SO_BROADCAST:
2716 		optname = SO_BROADCAST;
2717 		break;
2718         case TARGET_SO_SNDBUF:
2719 		optname = SO_SNDBUF;
2720 		break;
2721         case TARGET_SO_SNDBUFFORCE:
2722                 optname = SO_SNDBUFFORCE;
2723                 break;
2724         case TARGET_SO_RCVBUF:
2725 		optname = SO_RCVBUF;
2726 		break;
2727         case TARGET_SO_RCVBUFFORCE:
2728                 optname = SO_RCVBUFFORCE;
2729                 break;
2730         case TARGET_SO_KEEPALIVE:
2731 		optname = SO_KEEPALIVE;
2732 		break;
2733         case TARGET_SO_OOBINLINE:
2734 		optname = SO_OOBINLINE;
2735 		break;
2736         case TARGET_SO_NO_CHECK:
2737 		optname = SO_NO_CHECK;
2738 		break;
2739         case TARGET_SO_PRIORITY:
2740 		optname = SO_PRIORITY;
2741 		break;
2742 #ifdef SO_BSDCOMPAT
2743         case TARGET_SO_BSDCOMPAT:
2744 		optname = SO_BSDCOMPAT;
2745 		break;
2746 #endif
2747         case TARGET_SO_PASSCRED:
2748 		optname = SO_PASSCRED;
2749 		break;
2750         case TARGET_SO_PASSSEC:
2751                 optname = SO_PASSSEC;
2752                 break;
2753         case TARGET_SO_TIMESTAMP:
2754 		optname = SO_TIMESTAMP;
2755 		break;
2756         case TARGET_SO_RCVLOWAT:
2757 		optname = SO_RCVLOWAT;
2758 		break;
2759             break;
2760         default:
2761             goto unimplemented;
2762         }
2763 	if (optlen < sizeof(uint32_t))
2764             return -TARGET_EINVAL;
2765 
2766 	if (get_user_u32(val, optval_addr))
2767             return -TARGET_EFAULT;
2768 	ret = get_errno(setsockopt(sockfd, SOL_SOCKET, optname, &val, sizeof(val)));
2769         break;
2770     default:
2771     unimplemented:
2772         gemu_log("Unsupported setsockopt level=%d optname=%d\n", level, optname);
2773         ret = -TARGET_ENOPROTOOPT;
2774     }
2775     return ret;
2776 }
2777 
2778 /* do_getsockopt() Must return target values and target errnos. */
2779 static abi_long do_getsockopt(int sockfd, int level, int optname,
2780                               abi_ulong optval_addr, abi_ulong optlen)
2781 {
2782     abi_long ret;
2783     int len, val;
2784     socklen_t lv;
2785 
2786     switch(level) {
2787     case TARGET_SOL_SOCKET:
2788         level = SOL_SOCKET;
2789         switch (optname) {
2790         /* These don't just return a single integer */
2791         case TARGET_SO_LINGER:
2792         case TARGET_SO_RCVTIMEO:
2793         case TARGET_SO_SNDTIMEO:
2794         case TARGET_SO_PEERNAME:
2795             goto unimplemented;
2796         case TARGET_SO_PEERCRED: {
2797             struct ucred cr;
2798             socklen_t crlen;
2799             struct target_ucred *tcr;
2800 
2801             if (get_user_u32(len, optlen)) {
2802                 return -TARGET_EFAULT;
2803             }
2804             if (len < 0) {
2805                 return -TARGET_EINVAL;
2806             }
2807 
2808             crlen = sizeof(cr);
2809             ret = get_errno(getsockopt(sockfd, level, SO_PEERCRED,
2810                                        &cr, &crlen));
2811             if (ret < 0) {
2812                 return ret;
2813             }
2814             if (len > crlen) {
2815                 len = crlen;
2816             }
2817             if (!lock_user_struct(VERIFY_WRITE, tcr, optval_addr, 0)) {
2818                 return -TARGET_EFAULT;
2819             }
2820             __put_user(cr.pid, &tcr->pid);
2821             __put_user(cr.uid, &tcr->uid);
2822             __put_user(cr.gid, &tcr->gid);
2823             unlock_user_struct(tcr, optval_addr, 1);
2824             if (put_user_u32(len, optlen)) {
2825                 return -TARGET_EFAULT;
2826             }
2827             break;
2828         }
2829         /* Options with 'int' argument.  */
2830         case TARGET_SO_DEBUG:
2831             optname = SO_DEBUG;
2832             goto int_case;
2833         case TARGET_SO_REUSEADDR:
2834             optname = SO_REUSEADDR;
2835             goto int_case;
2836         case TARGET_SO_TYPE:
2837             optname = SO_TYPE;
2838             goto int_case;
2839         case TARGET_SO_ERROR:
2840             optname = SO_ERROR;
2841             goto int_case;
2842         case TARGET_SO_DONTROUTE:
2843             optname = SO_DONTROUTE;
2844             goto int_case;
2845         case TARGET_SO_BROADCAST:
2846             optname = SO_BROADCAST;
2847             goto int_case;
2848         case TARGET_SO_SNDBUF:
2849             optname = SO_SNDBUF;
2850             goto int_case;
2851         case TARGET_SO_RCVBUF:
2852             optname = SO_RCVBUF;
2853             goto int_case;
2854         case TARGET_SO_KEEPALIVE:
2855             optname = SO_KEEPALIVE;
2856             goto int_case;
2857         case TARGET_SO_OOBINLINE:
2858             optname = SO_OOBINLINE;
2859             goto int_case;
2860         case TARGET_SO_NO_CHECK:
2861             optname = SO_NO_CHECK;
2862             goto int_case;
2863         case TARGET_SO_PRIORITY:
2864             optname = SO_PRIORITY;
2865             goto int_case;
2866 #ifdef SO_BSDCOMPAT
2867         case TARGET_SO_BSDCOMPAT:
2868             optname = SO_BSDCOMPAT;
2869             goto int_case;
2870 #endif
2871         case TARGET_SO_PASSCRED:
2872             optname = SO_PASSCRED;
2873             goto int_case;
2874         case TARGET_SO_TIMESTAMP:
2875             optname = SO_TIMESTAMP;
2876             goto int_case;
2877         case TARGET_SO_RCVLOWAT:
2878             optname = SO_RCVLOWAT;
2879             goto int_case;
2880         case TARGET_SO_ACCEPTCONN:
2881             optname = SO_ACCEPTCONN;
2882             goto int_case;
2883         default:
2884             goto int_case;
2885         }
2886         break;
2887     case SOL_TCP:
2888         /* TCP options all take an 'int' value.  */
2889     int_case:
2890         if (get_user_u32(len, optlen))
2891             return -TARGET_EFAULT;
2892         if (len < 0)
2893             return -TARGET_EINVAL;
2894         lv = sizeof(lv);
2895         ret = get_errno(getsockopt(sockfd, level, optname, &val, &lv));
2896         if (ret < 0)
2897             return ret;
2898         if (optname == SO_TYPE) {
2899             val = host_to_target_sock_type(val);
2900         }
2901         if (len > lv)
2902             len = lv;
2903         if (len == 4) {
2904             if (put_user_u32(val, optval_addr))
2905                 return -TARGET_EFAULT;
2906         } else {
2907             if (put_user_u8(val, optval_addr))
2908                 return -TARGET_EFAULT;
2909         }
2910         if (put_user_u32(len, optlen))
2911             return -TARGET_EFAULT;
2912         break;
2913     case SOL_IP:
2914         switch(optname) {
2915         case IP_TOS:
2916         case IP_TTL:
2917         case IP_HDRINCL:
2918         case IP_ROUTER_ALERT:
2919         case IP_RECVOPTS:
2920         case IP_RETOPTS:
2921         case IP_PKTINFO:
2922         case IP_MTU_DISCOVER:
2923         case IP_RECVERR:
2924         case IP_RECVTOS:
2925 #ifdef IP_FREEBIND
2926         case IP_FREEBIND:
2927 #endif
2928         case IP_MULTICAST_TTL:
2929         case IP_MULTICAST_LOOP:
2930             if (get_user_u32(len, optlen))
2931                 return -TARGET_EFAULT;
2932             if (len < 0)
2933                 return -TARGET_EINVAL;
2934             lv = sizeof(lv);
2935             ret = get_errno(getsockopt(sockfd, level, optname, &val, &lv));
2936             if (ret < 0)
2937                 return ret;
2938             if (len < sizeof(int) && len > 0 && val >= 0 && val < 255) {
2939                 len = 1;
2940                 if (put_user_u32(len, optlen)
2941                     || put_user_u8(val, optval_addr))
2942                     return -TARGET_EFAULT;
2943             } else {
2944                 if (len > sizeof(int))
2945                     len = sizeof(int);
2946                 if (put_user_u32(len, optlen)
2947                     || put_user_u32(val, optval_addr))
2948                     return -TARGET_EFAULT;
2949             }
2950             break;
2951         default:
2952             ret = -TARGET_ENOPROTOOPT;
2953             break;
2954         }
2955         break;
2956     default:
2957     unimplemented:
2958         gemu_log("getsockopt level=%d optname=%d not yet supported\n",
2959                  level, optname);
2960         ret = -TARGET_EOPNOTSUPP;
2961         break;
2962     }
2963     return ret;
2964 }
2965 
2966 static struct iovec *lock_iovec(int type, abi_ulong target_addr,
2967                                 int count, int copy)
2968 {
2969     struct target_iovec *target_vec;
2970     struct iovec *vec;
2971     abi_ulong total_len, max_len;
2972     int i;
2973     int err = 0;
2974     bool bad_address = false;
2975 
2976     if (count == 0) {
2977         errno = 0;
2978         return NULL;
2979     }
2980     if (count < 0 || count > IOV_MAX) {
2981         errno = EINVAL;
2982         return NULL;
2983     }
2984 
2985     vec = g_try_new0(struct iovec, count);
2986     if (vec == NULL) {
2987         errno = ENOMEM;
2988         return NULL;
2989     }
2990 
2991     target_vec = lock_user(VERIFY_READ, target_addr,
2992                            count * sizeof(struct target_iovec), 1);
2993     if (target_vec == NULL) {
2994         err = EFAULT;
2995         goto fail2;
2996     }
2997 
2998     /* ??? If host page size > target page size, this will result in a
2999        value larger than what we can actually support.  */
3000     max_len = 0x7fffffff & TARGET_PAGE_MASK;
3001     total_len = 0;
3002 
3003     for (i = 0; i < count; i++) {
3004         abi_ulong base = tswapal(target_vec[i].iov_base);
3005         abi_long len = tswapal(target_vec[i].iov_len);
3006 
3007         if (len < 0) {
3008             err = EINVAL;
3009             goto fail;
3010         } else if (len == 0) {
3011             /* Zero length pointer is ignored.  */
3012             vec[i].iov_base = 0;
3013         } else {
3014             vec[i].iov_base = lock_user(type, base, len, copy);
3015             /* If the first buffer pointer is bad, this is a fault.  But
3016              * subsequent bad buffers will result in a partial write; this
3017              * is realized by filling the vector with null pointers and
3018              * zero lengths. */
3019             if (!vec[i].iov_base) {
3020                 if (i == 0) {
3021                     err = EFAULT;
3022                     goto fail;
3023                 } else {
3024                     bad_address = true;
3025                 }
3026             }
3027             if (bad_address) {
3028                 len = 0;
3029             }
3030             if (len > max_len - total_len) {
3031                 len = max_len - total_len;
3032             }
3033         }
3034         vec[i].iov_len = len;
3035         total_len += len;
3036     }
3037 
3038     unlock_user(target_vec, target_addr, 0);
3039     return vec;
3040 
3041  fail:
3042     while (--i >= 0) {
3043         if (tswapal(target_vec[i].iov_len) > 0) {
3044             unlock_user(vec[i].iov_base, tswapal(target_vec[i].iov_base), 0);
3045         }
3046     }
3047     unlock_user(target_vec, target_addr, 0);
3048  fail2:
3049     g_free(vec);
3050     errno = err;
3051     return NULL;
3052 }
3053 
3054 static void unlock_iovec(struct iovec *vec, abi_ulong target_addr,
3055                          int count, int copy)
3056 {
3057     struct target_iovec *target_vec;
3058     int i;
3059 
3060     target_vec = lock_user(VERIFY_READ, target_addr,
3061                            count * sizeof(struct target_iovec), 1);
3062     if (target_vec) {
3063         for (i = 0; i < count; i++) {
3064             abi_ulong base = tswapal(target_vec[i].iov_base);
3065             abi_long len = tswapal(target_vec[i].iov_len);
3066             if (len < 0) {
3067                 break;
3068             }
3069             unlock_user(vec[i].iov_base, base, copy ? vec[i].iov_len : 0);
3070         }
3071         unlock_user(target_vec, target_addr, 0);
3072     }
3073 
3074     g_free(vec);
3075 }
3076 
3077 static inline int target_to_host_sock_type(int *type)
3078 {
3079     int host_type = 0;
3080     int target_type = *type;
3081 
3082     switch (target_type & TARGET_SOCK_TYPE_MASK) {
3083     case TARGET_SOCK_DGRAM:
3084         host_type = SOCK_DGRAM;
3085         break;
3086     case TARGET_SOCK_STREAM:
3087         host_type = SOCK_STREAM;
3088         break;
3089     default:
3090         host_type = target_type & TARGET_SOCK_TYPE_MASK;
3091         break;
3092     }
3093     if (target_type & TARGET_SOCK_CLOEXEC) {
3094 #if defined(SOCK_CLOEXEC)
3095         host_type |= SOCK_CLOEXEC;
3096 #else
3097         return -TARGET_EINVAL;
3098 #endif
3099     }
3100     if (target_type & TARGET_SOCK_NONBLOCK) {
3101 #if defined(SOCK_NONBLOCK)
3102         host_type |= SOCK_NONBLOCK;
3103 #elif !defined(O_NONBLOCK)
3104         return -TARGET_EINVAL;
3105 #endif
3106     }
3107     *type = host_type;
3108     return 0;
3109 }
3110 
3111 /* Try to emulate socket type flags after socket creation.  */
3112 static int sock_flags_fixup(int fd, int target_type)
3113 {
3114 #if !defined(SOCK_NONBLOCK) && defined(O_NONBLOCK)
3115     if (target_type & TARGET_SOCK_NONBLOCK) {
3116         int flags = fcntl(fd, F_GETFL);
3117         if (fcntl(fd, F_SETFL, O_NONBLOCK | flags) == -1) {
3118             close(fd);
3119             return -TARGET_EINVAL;
3120         }
3121     }
3122 #endif
3123     return fd;
3124 }
3125 
3126 static abi_long packet_target_to_host_sockaddr(void *host_addr,
3127                                                abi_ulong target_addr,
3128                                                socklen_t len)
3129 {
3130     struct sockaddr *addr = host_addr;
3131     struct target_sockaddr *target_saddr;
3132 
3133     target_saddr = lock_user(VERIFY_READ, target_addr, len, 1);
3134     if (!target_saddr) {
3135         return -TARGET_EFAULT;
3136     }
3137 
3138     memcpy(addr, target_saddr, len);
3139     addr->sa_family = tswap16(target_saddr->sa_family);
3140     /* spkt_protocol is big-endian */
3141 
3142     unlock_user(target_saddr, target_addr, 0);
3143     return 0;
3144 }
3145 
3146 static TargetFdTrans target_packet_trans = {
3147     .target_to_host_addr = packet_target_to_host_sockaddr,
3148 };
3149 
3150 #ifdef CONFIG_RTNETLINK
3151 static abi_long netlink_route_target_to_host(void *buf, size_t len)
3152 {
3153     abi_long ret;
3154 
3155     ret = target_to_host_nlmsg_route(buf, len);
3156     if (ret < 0) {
3157         return ret;
3158     }
3159 
3160     return len;
3161 }
3162 
3163 static abi_long netlink_route_host_to_target(void *buf, size_t len)
3164 {
3165     abi_long ret;
3166 
3167     ret = host_to_target_nlmsg_route(buf, len);
3168     if (ret < 0) {
3169         return ret;
3170     }
3171 
3172     return len;
3173 }
3174 
3175 static TargetFdTrans target_netlink_route_trans = {
3176     .target_to_host_data = netlink_route_target_to_host,
3177     .host_to_target_data = netlink_route_host_to_target,
3178 };
3179 #endif /* CONFIG_RTNETLINK */
3180 
3181 static abi_long netlink_audit_target_to_host(void *buf, size_t len)
3182 {
3183     abi_long ret;
3184 
3185     ret = target_to_host_nlmsg_audit(buf, len);
3186     if (ret < 0) {
3187         return ret;
3188     }
3189 
3190     return len;
3191 }
3192 
3193 static abi_long netlink_audit_host_to_target(void *buf, size_t len)
3194 {
3195     abi_long ret;
3196 
3197     ret = host_to_target_nlmsg_audit(buf, len);
3198     if (ret < 0) {
3199         return ret;
3200     }
3201 
3202     return len;
3203 }
3204 
3205 static TargetFdTrans target_netlink_audit_trans = {
3206     .target_to_host_data = netlink_audit_target_to_host,
3207     .host_to_target_data = netlink_audit_host_to_target,
3208 };
3209 
3210 /* do_socket() Must return target values and target errnos. */
3211 static abi_long do_socket(int domain, int type, int protocol)
3212 {
3213     int target_type = type;
3214     int ret;
3215 
3216     ret = target_to_host_sock_type(&type);
3217     if (ret) {
3218         return ret;
3219     }
3220 
3221     if (domain == PF_NETLINK && !(
3222 #ifdef CONFIG_RTNETLINK
3223          protocol == NETLINK_ROUTE ||
3224 #endif
3225          protocol == NETLINK_KOBJECT_UEVENT ||
3226          protocol == NETLINK_AUDIT)) {
3227         return -EPFNOSUPPORT;
3228     }
3229 
3230     if (domain == AF_PACKET ||
3231         (domain == AF_INET && type == SOCK_PACKET)) {
3232         protocol = tswap16(protocol);
3233     }
3234 
3235     ret = get_errno(socket(domain, type, protocol));
3236     if (ret >= 0) {
3237         ret = sock_flags_fixup(ret, target_type);
3238         if (type == SOCK_PACKET) {
3239             /* Manage an obsolete case :
3240              * if socket type is SOCK_PACKET, bind by name
3241              */
3242             fd_trans_register(ret, &target_packet_trans);
3243         } else if (domain == PF_NETLINK) {
3244             switch (protocol) {
3245 #ifdef CONFIG_RTNETLINK
3246             case NETLINK_ROUTE:
3247                 fd_trans_register(ret, &target_netlink_route_trans);
3248                 break;
3249 #endif
3250             case NETLINK_KOBJECT_UEVENT:
3251                 /* nothing to do: messages are strings */
3252                 break;
3253             case NETLINK_AUDIT:
3254                 fd_trans_register(ret, &target_netlink_audit_trans);
3255                 break;
3256             default:
3257                 g_assert_not_reached();
3258             }
3259         }
3260     }
3261     return ret;
3262 }
3263 
3264 /* do_bind() Must return target values and target errnos. */
3265 static abi_long do_bind(int sockfd, abi_ulong target_addr,
3266                         socklen_t addrlen)
3267 {
3268     void *addr;
3269     abi_long ret;
3270 
3271     if ((int)addrlen < 0) {
3272         return -TARGET_EINVAL;
3273     }
3274 
3275     addr = alloca(addrlen+1);
3276 
3277     ret = target_to_host_sockaddr(sockfd, addr, target_addr, addrlen);
3278     if (ret)
3279         return ret;
3280 
3281     return get_errno(bind(sockfd, addr, addrlen));
3282 }
3283 
3284 /* do_connect() Must return target values and target errnos. */
3285 static abi_long do_connect(int sockfd, abi_ulong target_addr,
3286                            socklen_t addrlen)
3287 {
3288     void *addr;
3289     abi_long ret;
3290 
3291     if ((int)addrlen < 0) {
3292         return -TARGET_EINVAL;
3293     }
3294 
3295     addr = alloca(addrlen+1);
3296 
3297     ret = target_to_host_sockaddr(sockfd, addr, target_addr, addrlen);
3298     if (ret)
3299         return ret;
3300 
3301     return get_errno(safe_connect(sockfd, addr, addrlen));
3302 }
3303 
3304 /* do_sendrecvmsg_locked() Must return target values and target errnos. */
3305 static abi_long do_sendrecvmsg_locked(int fd, struct target_msghdr *msgp,
3306                                       int flags, int send)
3307 {
3308     abi_long ret, len;
3309     struct msghdr msg;
3310     int count;
3311     struct iovec *vec;
3312     abi_ulong target_vec;
3313 
3314     if (msgp->msg_name) {
3315         msg.msg_namelen = tswap32(msgp->msg_namelen);
3316         msg.msg_name = alloca(msg.msg_namelen+1);
3317         ret = target_to_host_sockaddr(fd, msg.msg_name,
3318                                       tswapal(msgp->msg_name),
3319                                       msg.msg_namelen);
3320         if (ret) {
3321             goto out2;
3322         }
3323     } else {
3324         msg.msg_name = NULL;
3325         msg.msg_namelen = 0;
3326     }
3327     msg.msg_controllen = 2 * tswapal(msgp->msg_controllen);
3328     msg.msg_control = alloca(msg.msg_controllen);
3329     msg.msg_flags = tswap32(msgp->msg_flags);
3330 
3331     count = tswapal(msgp->msg_iovlen);
3332     target_vec = tswapal(msgp->msg_iov);
3333     vec = lock_iovec(send ? VERIFY_READ : VERIFY_WRITE,
3334                      target_vec, count, send);
3335     if (vec == NULL) {
3336         ret = -host_to_target_errno(errno);
3337         goto out2;
3338     }
3339     msg.msg_iovlen = count;
3340     msg.msg_iov = vec;
3341 
3342     if (send) {
3343         if (fd_trans_target_to_host_data(fd)) {
3344             void *host_msg;
3345 
3346             host_msg = g_malloc(msg.msg_iov->iov_len);
3347             memcpy(host_msg, msg.msg_iov->iov_base, msg.msg_iov->iov_len);
3348             ret = fd_trans_target_to_host_data(fd)(host_msg,
3349                                                    msg.msg_iov->iov_len);
3350             if (ret >= 0) {
3351                 msg.msg_iov->iov_base = host_msg;
3352                 ret = get_errno(safe_sendmsg(fd, &msg, flags));
3353             }
3354             g_free(host_msg);
3355         } else {
3356             ret = target_to_host_cmsg(&msg, msgp);
3357             if (ret == 0) {
3358                 ret = get_errno(safe_sendmsg(fd, &msg, flags));
3359             }
3360         }
3361     } else {
3362         ret = get_errno(safe_recvmsg(fd, &msg, flags));
3363         if (!is_error(ret)) {
3364             len = ret;
3365             if (fd_trans_host_to_target_data(fd)) {
3366                 ret = fd_trans_host_to_target_data(fd)(msg.msg_iov->iov_base,
3367                                                        len);
3368             } else {
3369                 ret = host_to_target_cmsg(msgp, &msg);
3370             }
3371             if (!is_error(ret)) {
3372                 msgp->msg_namelen = tswap32(msg.msg_namelen);
3373                 if (msg.msg_name != NULL) {
3374                     ret = host_to_target_sockaddr(tswapal(msgp->msg_name),
3375                                     msg.msg_name, msg.msg_namelen);
3376                     if (ret) {
3377                         goto out;
3378                     }
3379                 }
3380 
3381                 ret = len;
3382             }
3383         }
3384     }
3385 
3386 out:
3387     unlock_iovec(vec, target_vec, count, !send);
3388 out2:
3389     return ret;
3390 }
3391 
3392 static abi_long do_sendrecvmsg(int fd, abi_ulong target_msg,
3393                                int flags, int send)
3394 {
3395     abi_long ret;
3396     struct target_msghdr *msgp;
3397 
3398     if (!lock_user_struct(send ? VERIFY_READ : VERIFY_WRITE,
3399                           msgp,
3400                           target_msg,
3401                           send ? 1 : 0)) {
3402         return -TARGET_EFAULT;
3403     }
3404     ret = do_sendrecvmsg_locked(fd, msgp, flags, send);
3405     unlock_user_struct(msgp, target_msg, send ? 0 : 1);
3406     return ret;
3407 }
3408 
3409 /* We don't rely on the C library to have sendmmsg/recvmmsg support,
3410  * so it might not have this *mmsg-specific flag either.
3411  */
3412 #ifndef MSG_WAITFORONE
3413 #define MSG_WAITFORONE 0x10000
3414 #endif
3415 
3416 static abi_long do_sendrecvmmsg(int fd, abi_ulong target_msgvec,
3417                                 unsigned int vlen, unsigned int flags,
3418                                 int send)
3419 {
3420     struct target_mmsghdr *mmsgp;
3421     abi_long ret = 0;
3422     int i;
3423 
3424     if (vlen > UIO_MAXIOV) {
3425         vlen = UIO_MAXIOV;
3426     }
3427 
3428     mmsgp = lock_user(VERIFY_WRITE, target_msgvec, sizeof(*mmsgp) * vlen, 1);
3429     if (!mmsgp) {
3430         return -TARGET_EFAULT;
3431     }
3432 
3433     for (i = 0; i < vlen; i++) {
3434         ret = do_sendrecvmsg_locked(fd, &mmsgp[i].msg_hdr, flags, send);
3435         if (is_error(ret)) {
3436             break;
3437         }
3438         mmsgp[i].msg_len = tswap32(ret);
3439         /* MSG_WAITFORONE turns on MSG_DONTWAIT after one packet */
3440         if (flags & MSG_WAITFORONE) {
3441             flags |= MSG_DONTWAIT;
3442         }
3443     }
3444 
3445     unlock_user(mmsgp, target_msgvec, sizeof(*mmsgp) * i);
3446 
3447     /* Return number of datagrams sent if we sent any at all;
3448      * otherwise return the error.
3449      */
3450     if (i) {
3451         return i;
3452     }
3453     return ret;
3454 }
3455 
3456 /* do_accept4() Must return target values and target errnos. */
3457 static abi_long do_accept4(int fd, abi_ulong target_addr,
3458                            abi_ulong target_addrlen_addr, int flags)
3459 {
3460     socklen_t addrlen;
3461     void *addr;
3462     abi_long ret;
3463     int host_flags;
3464 
3465     host_flags = target_to_host_bitmask(flags, fcntl_flags_tbl);
3466 
3467     if (target_addr == 0) {
3468         return get_errno(safe_accept4(fd, NULL, NULL, host_flags));
3469     }
3470 
3471     /* linux returns EINVAL if addrlen pointer is invalid */
3472     if (get_user_u32(addrlen, target_addrlen_addr))
3473         return -TARGET_EINVAL;
3474 
3475     if ((int)addrlen < 0) {
3476         return -TARGET_EINVAL;
3477     }
3478 
3479     if (!access_ok(VERIFY_WRITE, target_addr, addrlen))
3480         return -TARGET_EINVAL;
3481 
3482     addr = alloca(addrlen);
3483 
3484     ret = get_errno(safe_accept4(fd, addr, &addrlen, host_flags));
3485     if (!is_error(ret)) {
3486         host_to_target_sockaddr(target_addr, addr, addrlen);
3487         if (put_user_u32(addrlen, target_addrlen_addr))
3488             ret = -TARGET_EFAULT;
3489     }
3490     return ret;
3491 }
3492 
3493 /* do_getpeername() Must return target values and target errnos. */
3494 static abi_long do_getpeername(int fd, abi_ulong target_addr,
3495                                abi_ulong target_addrlen_addr)
3496 {
3497     socklen_t addrlen;
3498     void *addr;
3499     abi_long ret;
3500 
3501     if (get_user_u32(addrlen, target_addrlen_addr))
3502         return -TARGET_EFAULT;
3503 
3504     if ((int)addrlen < 0) {
3505         return -TARGET_EINVAL;
3506     }
3507 
3508     if (!access_ok(VERIFY_WRITE, target_addr, addrlen))
3509         return -TARGET_EFAULT;
3510 
3511     addr = alloca(addrlen);
3512 
3513     ret = get_errno(getpeername(fd, addr, &addrlen));
3514     if (!is_error(ret)) {
3515         host_to_target_sockaddr(target_addr, addr, addrlen);
3516         if (put_user_u32(addrlen, target_addrlen_addr))
3517             ret = -TARGET_EFAULT;
3518     }
3519     return ret;
3520 }
3521 
3522 /* do_getsockname() Must return target values and target errnos. */
3523 static abi_long do_getsockname(int fd, abi_ulong target_addr,
3524                                abi_ulong target_addrlen_addr)
3525 {
3526     socklen_t addrlen;
3527     void *addr;
3528     abi_long ret;
3529 
3530     if (get_user_u32(addrlen, target_addrlen_addr))
3531         return -TARGET_EFAULT;
3532 
3533     if ((int)addrlen < 0) {
3534         return -TARGET_EINVAL;
3535     }
3536 
3537     if (!access_ok(VERIFY_WRITE, target_addr, addrlen))
3538         return -TARGET_EFAULT;
3539 
3540     addr = alloca(addrlen);
3541 
3542     ret = get_errno(getsockname(fd, addr, &addrlen));
3543     if (!is_error(ret)) {
3544         host_to_target_sockaddr(target_addr, addr, addrlen);
3545         if (put_user_u32(addrlen, target_addrlen_addr))
3546             ret = -TARGET_EFAULT;
3547     }
3548     return ret;
3549 }
3550 
3551 /* do_socketpair() Must return target values and target errnos. */
3552 static abi_long do_socketpair(int domain, int type, int protocol,
3553                               abi_ulong target_tab_addr)
3554 {
3555     int tab[2];
3556     abi_long ret;
3557 
3558     target_to_host_sock_type(&type);
3559 
3560     ret = get_errno(socketpair(domain, type, protocol, tab));
3561     if (!is_error(ret)) {
3562         if (put_user_s32(tab[0], target_tab_addr)
3563             || put_user_s32(tab[1], target_tab_addr + sizeof(tab[0])))
3564             ret = -TARGET_EFAULT;
3565     }
3566     return ret;
3567 }
3568 
3569 /* do_sendto() Must return target values and target errnos. */
3570 static abi_long do_sendto(int fd, abi_ulong msg, size_t len, int flags,
3571                           abi_ulong target_addr, socklen_t addrlen)
3572 {
3573     void *addr;
3574     void *host_msg;
3575     void *copy_msg = NULL;
3576     abi_long ret;
3577 
3578     if ((int)addrlen < 0) {
3579         return -TARGET_EINVAL;
3580     }
3581 
3582     host_msg = lock_user(VERIFY_READ, msg, len, 1);
3583     if (!host_msg)
3584         return -TARGET_EFAULT;
3585     if (fd_trans_target_to_host_data(fd)) {
3586         copy_msg = host_msg;
3587         host_msg = g_malloc(len);
3588         memcpy(host_msg, copy_msg, len);
3589         ret = fd_trans_target_to_host_data(fd)(host_msg, len);
3590         if (ret < 0) {
3591             goto fail;
3592         }
3593     }
3594     if (target_addr) {
3595         addr = alloca(addrlen+1);
3596         ret = target_to_host_sockaddr(fd, addr, target_addr, addrlen);
3597         if (ret) {
3598             goto fail;
3599         }
3600         ret = get_errno(safe_sendto(fd, host_msg, len, flags, addr, addrlen));
3601     } else {
3602         ret = get_errno(safe_sendto(fd, host_msg, len, flags, NULL, 0));
3603     }
3604 fail:
3605     if (copy_msg) {
3606         g_free(host_msg);
3607         host_msg = copy_msg;
3608     }
3609     unlock_user(host_msg, msg, 0);
3610     return ret;
3611 }
3612 
3613 /* do_recvfrom() Must return target values and target errnos. */
3614 static abi_long do_recvfrom(int fd, abi_ulong msg, size_t len, int flags,
3615                             abi_ulong target_addr,
3616                             abi_ulong target_addrlen)
3617 {
3618     socklen_t addrlen;
3619     void *addr;
3620     void *host_msg;
3621     abi_long ret;
3622 
3623     host_msg = lock_user(VERIFY_WRITE, msg, len, 0);
3624     if (!host_msg)
3625         return -TARGET_EFAULT;
3626     if (target_addr) {
3627         if (get_user_u32(addrlen, target_addrlen)) {
3628             ret = -TARGET_EFAULT;
3629             goto fail;
3630         }
3631         if ((int)addrlen < 0) {
3632             ret = -TARGET_EINVAL;
3633             goto fail;
3634         }
3635         addr = alloca(addrlen);
3636         ret = get_errno(safe_recvfrom(fd, host_msg, len, flags,
3637                                       addr, &addrlen));
3638     } else {
3639         addr = NULL; /* To keep compiler quiet.  */
3640         ret = get_errno(safe_recvfrom(fd, host_msg, len, flags, NULL, 0));
3641     }
3642     if (!is_error(ret)) {
3643         if (fd_trans_host_to_target_data(fd)) {
3644             ret = fd_trans_host_to_target_data(fd)(host_msg, ret);
3645         }
3646         if (target_addr) {
3647             host_to_target_sockaddr(target_addr, addr, addrlen);
3648             if (put_user_u32(addrlen, target_addrlen)) {
3649                 ret = -TARGET_EFAULT;
3650                 goto fail;
3651             }
3652         }
3653         unlock_user(host_msg, msg, len);
3654     } else {
3655 fail:
3656         unlock_user(host_msg, msg, 0);
3657     }
3658     return ret;
3659 }
3660 
3661 #ifdef TARGET_NR_socketcall
3662 /* do_socketcall() Must return target values and target errnos. */
3663 static abi_long do_socketcall(int num, abi_ulong vptr)
3664 {
3665     static const unsigned ac[] = { /* number of arguments per call */
3666         [SOCKOP_socket] = 3,      /* domain, type, protocol */
3667         [SOCKOP_bind] = 3,        /* sockfd, addr, addrlen */
3668         [SOCKOP_connect] = 3,     /* sockfd, addr, addrlen */
3669         [SOCKOP_listen] = 2,      /* sockfd, backlog */
3670         [SOCKOP_accept] = 3,      /* sockfd, addr, addrlen */
3671         [SOCKOP_accept4] = 4,     /* sockfd, addr, addrlen, flags */
3672         [SOCKOP_getsockname] = 3, /* sockfd, addr, addrlen */
3673         [SOCKOP_getpeername] = 3, /* sockfd, addr, addrlen */
3674         [SOCKOP_socketpair] = 4,  /* domain, type, protocol, tab */
3675         [SOCKOP_send] = 4,        /* sockfd, msg, len, flags */
3676         [SOCKOP_recv] = 4,        /* sockfd, msg, len, flags */
3677         [SOCKOP_sendto] = 6,      /* sockfd, msg, len, flags, addr, addrlen */
3678         [SOCKOP_recvfrom] = 6,    /* sockfd, msg, len, flags, addr, addrlen */
3679         [SOCKOP_shutdown] = 2,    /* sockfd, how */
3680         [SOCKOP_sendmsg] = 3,     /* sockfd, msg, flags */
3681         [SOCKOP_recvmsg] = 3,     /* sockfd, msg, flags */
3682         [SOCKOP_sendmmsg] = 4,    /* sockfd, msgvec, vlen, flags */
3683         [SOCKOP_recvmmsg] = 4,    /* sockfd, msgvec, vlen, flags */
3684         [SOCKOP_setsockopt] = 5,  /* sockfd, level, optname, optval, optlen */
3685         [SOCKOP_getsockopt] = 5,  /* sockfd, level, optname, optval, optlen */
3686     };
3687     abi_long a[6]; /* max 6 args */
3688 
3689     /* first, collect the arguments in a[] according to ac[] */
3690     if (num >= 0 && num < ARRAY_SIZE(ac)) {
3691         unsigned i;
3692         assert(ARRAY_SIZE(a) >= ac[num]); /* ensure we have space for args */
3693         for (i = 0; i < ac[num]; ++i) {
3694             if (get_user_ual(a[i], vptr + i * sizeof(abi_long)) != 0) {
3695                 return -TARGET_EFAULT;
3696             }
3697         }
3698     }
3699 
3700     /* now when we have the args, actually handle the call */
3701     switch (num) {
3702     case SOCKOP_socket: /* domain, type, protocol */
3703         return do_socket(a[0], a[1], a[2]);
3704     case SOCKOP_bind: /* sockfd, addr, addrlen */
3705         return do_bind(a[0], a[1], a[2]);
3706     case SOCKOP_connect: /* sockfd, addr, addrlen */
3707         return do_connect(a[0], a[1], a[2]);
3708     case SOCKOP_listen: /* sockfd, backlog */
3709         return get_errno(listen(a[0], a[1]));
3710     case SOCKOP_accept: /* sockfd, addr, addrlen */
3711         return do_accept4(a[0], a[1], a[2], 0);
3712     case SOCKOP_accept4: /* sockfd, addr, addrlen, flags */
3713         return do_accept4(a[0], a[1], a[2], a[3]);
3714     case SOCKOP_getsockname: /* sockfd, addr, addrlen */
3715         return do_getsockname(a[0], a[1], a[2]);
3716     case SOCKOP_getpeername: /* sockfd, addr, addrlen */
3717         return do_getpeername(a[0], a[1], a[2]);
3718     case SOCKOP_socketpair: /* domain, type, protocol, tab */
3719         return do_socketpair(a[0], a[1], a[2], a[3]);
3720     case SOCKOP_send: /* sockfd, msg, len, flags */
3721         return do_sendto(a[0], a[1], a[2], a[3], 0, 0);
3722     case SOCKOP_recv: /* sockfd, msg, len, flags */
3723         return do_recvfrom(a[0], a[1], a[2], a[3], 0, 0);
3724     case SOCKOP_sendto: /* sockfd, msg, len, flags, addr, addrlen */
3725         return do_sendto(a[0], a[1], a[2], a[3], a[4], a[5]);
3726     case SOCKOP_recvfrom: /* sockfd, msg, len, flags, addr, addrlen */
3727         return do_recvfrom(a[0], a[1], a[2], a[3], a[4], a[5]);
3728     case SOCKOP_shutdown: /* sockfd, how */
3729         return get_errno(shutdown(a[0], a[1]));
3730     case SOCKOP_sendmsg: /* sockfd, msg, flags */
3731         return do_sendrecvmsg(a[0], a[1], a[2], 1);
3732     case SOCKOP_recvmsg: /* sockfd, msg, flags */
3733         return do_sendrecvmsg(a[0], a[1], a[2], 0);
3734     case SOCKOP_sendmmsg: /* sockfd, msgvec, vlen, flags */
3735         return do_sendrecvmmsg(a[0], a[1], a[2], a[3], 1);
3736     case SOCKOP_recvmmsg: /* sockfd, msgvec, vlen, flags */
3737         return do_sendrecvmmsg(a[0], a[1], a[2], a[3], 0);
3738     case SOCKOP_setsockopt: /* sockfd, level, optname, optval, optlen */
3739         return do_setsockopt(a[0], a[1], a[2], a[3], a[4]);
3740     case SOCKOP_getsockopt: /* sockfd, level, optname, optval, optlen */
3741         return do_getsockopt(a[0], a[1], a[2], a[3], a[4]);
3742     default:
3743         gemu_log("Unsupported socketcall: %d\n", num);
3744         return -TARGET_ENOSYS;
3745     }
3746 }
3747 #endif
3748 
3749 #define N_SHM_REGIONS	32
3750 
3751 static struct shm_region {
3752     abi_ulong start;
3753     abi_ulong size;
3754     bool in_use;
3755 } shm_regions[N_SHM_REGIONS];
3756 
3757 struct target_semid_ds
3758 {
3759   struct target_ipc_perm sem_perm;
3760   abi_ulong sem_otime;
3761 #if !defined(TARGET_PPC64)
3762   abi_ulong __unused1;
3763 #endif
3764   abi_ulong sem_ctime;
3765 #if !defined(TARGET_PPC64)
3766   abi_ulong __unused2;
3767 #endif
3768   abi_ulong sem_nsems;
3769   abi_ulong __unused3;
3770   abi_ulong __unused4;
3771 };
3772 
3773 static inline abi_long target_to_host_ipc_perm(struct ipc_perm *host_ip,
3774                                                abi_ulong target_addr)
3775 {
3776     struct target_ipc_perm *target_ip;
3777     struct target_semid_ds *target_sd;
3778 
3779     if (!lock_user_struct(VERIFY_READ, target_sd, target_addr, 1))
3780         return -TARGET_EFAULT;
3781     target_ip = &(target_sd->sem_perm);
3782     host_ip->__key = tswap32(target_ip->__key);
3783     host_ip->uid = tswap32(target_ip->uid);
3784     host_ip->gid = tswap32(target_ip->gid);
3785     host_ip->cuid = tswap32(target_ip->cuid);
3786     host_ip->cgid = tswap32(target_ip->cgid);
3787 #if defined(TARGET_ALPHA) || defined(TARGET_MIPS) || defined(TARGET_PPC)
3788     host_ip->mode = tswap32(target_ip->mode);
3789 #else
3790     host_ip->mode = tswap16(target_ip->mode);
3791 #endif
3792 #if defined(TARGET_PPC)
3793     host_ip->__seq = tswap32(target_ip->__seq);
3794 #else
3795     host_ip->__seq = tswap16(target_ip->__seq);
3796 #endif
3797     unlock_user_struct(target_sd, target_addr, 0);
3798     return 0;
3799 }
3800 
3801 static inline abi_long host_to_target_ipc_perm(abi_ulong target_addr,
3802                                                struct ipc_perm *host_ip)
3803 {
3804     struct target_ipc_perm *target_ip;
3805     struct target_semid_ds *target_sd;
3806 
3807     if (!lock_user_struct(VERIFY_WRITE, target_sd, target_addr, 0))
3808         return -TARGET_EFAULT;
3809     target_ip = &(target_sd->sem_perm);
3810     target_ip->__key = tswap32(host_ip->__key);
3811     target_ip->uid = tswap32(host_ip->uid);
3812     target_ip->gid = tswap32(host_ip->gid);
3813     target_ip->cuid = tswap32(host_ip->cuid);
3814     target_ip->cgid = tswap32(host_ip->cgid);
3815 #if defined(TARGET_ALPHA) || defined(TARGET_MIPS) || defined(TARGET_PPC)
3816     target_ip->mode = tswap32(host_ip->mode);
3817 #else
3818     target_ip->mode = tswap16(host_ip->mode);
3819 #endif
3820 #if defined(TARGET_PPC)
3821     target_ip->__seq = tswap32(host_ip->__seq);
3822 #else
3823     target_ip->__seq = tswap16(host_ip->__seq);
3824 #endif
3825     unlock_user_struct(target_sd, target_addr, 1);
3826     return 0;
3827 }
3828 
3829 static inline abi_long target_to_host_semid_ds(struct semid_ds *host_sd,
3830                                                abi_ulong target_addr)
3831 {
3832     struct target_semid_ds *target_sd;
3833 
3834     if (!lock_user_struct(VERIFY_READ, target_sd, target_addr, 1))
3835         return -TARGET_EFAULT;
3836     if (target_to_host_ipc_perm(&(host_sd->sem_perm),target_addr))
3837         return -TARGET_EFAULT;
3838     host_sd->sem_nsems = tswapal(target_sd->sem_nsems);
3839     host_sd->sem_otime = tswapal(target_sd->sem_otime);
3840     host_sd->sem_ctime = tswapal(target_sd->sem_ctime);
3841     unlock_user_struct(target_sd, target_addr, 0);
3842     return 0;
3843 }
3844 
3845 static inline abi_long host_to_target_semid_ds(abi_ulong target_addr,
3846                                                struct semid_ds *host_sd)
3847 {
3848     struct target_semid_ds *target_sd;
3849 
3850     if (!lock_user_struct(VERIFY_WRITE, target_sd, target_addr, 0))
3851         return -TARGET_EFAULT;
3852     if (host_to_target_ipc_perm(target_addr,&(host_sd->sem_perm)))
3853         return -TARGET_EFAULT;
3854     target_sd->sem_nsems = tswapal(host_sd->sem_nsems);
3855     target_sd->sem_otime = tswapal(host_sd->sem_otime);
3856     target_sd->sem_ctime = tswapal(host_sd->sem_ctime);
3857     unlock_user_struct(target_sd, target_addr, 1);
3858     return 0;
3859 }
3860 
3861 struct target_seminfo {
3862     int semmap;
3863     int semmni;
3864     int semmns;
3865     int semmnu;
3866     int semmsl;
3867     int semopm;
3868     int semume;
3869     int semusz;
3870     int semvmx;
3871     int semaem;
3872 };
3873 
3874 static inline abi_long host_to_target_seminfo(abi_ulong target_addr,
3875                                               struct seminfo *host_seminfo)
3876 {
3877     struct target_seminfo *target_seminfo;
3878     if (!lock_user_struct(VERIFY_WRITE, target_seminfo, target_addr, 0))
3879         return -TARGET_EFAULT;
3880     __put_user(host_seminfo->semmap, &target_seminfo->semmap);
3881     __put_user(host_seminfo->semmni, &target_seminfo->semmni);
3882     __put_user(host_seminfo->semmns, &target_seminfo->semmns);
3883     __put_user(host_seminfo->semmnu, &target_seminfo->semmnu);
3884     __put_user(host_seminfo->semmsl, &target_seminfo->semmsl);
3885     __put_user(host_seminfo->semopm, &target_seminfo->semopm);
3886     __put_user(host_seminfo->semume, &target_seminfo->semume);
3887     __put_user(host_seminfo->semusz, &target_seminfo->semusz);
3888     __put_user(host_seminfo->semvmx, &target_seminfo->semvmx);
3889     __put_user(host_seminfo->semaem, &target_seminfo->semaem);
3890     unlock_user_struct(target_seminfo, target_addr, 1);
3891     return 0;
3892 }
3893 
3894 union semun {
3895 	int val;
3896 	struct semid_ds *buf;
3897 	unsigned short *array;
3898 	struct seminfo *__buf;
3899 };
3900 
3901 union target_semun {
3902 	int val;
3903 	abi_ulong buf;
3904 	abi_ulong array;
3905 	abi_ulong __buf;
3906 };
3907 
3908 static inline abi_long target_to_host_semarray(int semid, unsigned short **host_array,
3909                                                abi_ulong target_addr)
3910 {
3911     int nsems;
3912     unsigned short *array;
3913     union semun semun;
3914     struct semid_ds semid_ds;
3915     int i, ret;
3916 
3917     semun.buf = &semid_ds;
3918 
3919     ret = semctl(semid, 0, IPC_STAT, semun);
3920     if (ret == -1)
3921         return get_errno(ret);
3922 
3923     nsems = semid_ds.sem_nsems;
3924 
3925     *host_array = g_try_new(unsigned short, nsems);
3926     if (!*host_array) {
3927         return -TARGET_ENOMEM;
3928     }
3929     array = lock_user(VERIFY_READ, target_addr,
3930                       nsems*sizeof(unsigned short), 1);
3931     if (!array) {
3932         g_free(*host_array);
3933         return -TARGET_EFAULT;
3934     }
3935 
3936     for(i=0; i<nsems; i++) {
3937         __get_user((*host_array)[i], &array[i]);
3938     }
3939     unlock_user(array, target_addr, 0);
3940 
3941     return 0;
3942 }
3943 
3944 static inline abi_long host_to_target_semarray(int semid, abi_ulong target_addr,
3945                                                unsigned short **host_array)
3946 {
3947     int nsems;
3948     unsigned short *array;
3949     union semun semun;
3950     struct semid_ds semid_ds;
3951     int i, ret;
3952 
3953     semun.buf = &semid_ds;
3954 
3955     ret = semctl(semid, 0, IPC_STAT, semun);
3956     if (ret == -1)
3957         return get_errno(ret);
3958 
3959     nsems = semid_ds.sem_nsems;
3960 
3961     array = lock_user(VERIFY_WRITE, target_addr,
3962                       nsems*sizeof(unsigned short), 0);
3963     if (!array)
3964         return -TARGET_EFAULT;
3965 
3966     for(i=0; i<nsems; i++) {
3967         __put_user((*host_array)[i], &array[i]);
3968     }
3969     g_free(*host_array);
3970     unlock_user(array, target_addr, 1);
3971 
3972     return 0;
3973 }
3974 
3975 static inline abi_long do_semctl(int semid, int semnum, int cmd,
3976                                  abi_ulong target_arg)
3977 {
3978     union target_semun target_su = { .buf = target_arg };
3979     union semun arg;
3980     struct semid_ds dsarg;
3981     unsigned short *array = NULL;
3982     struct seminfo seminfo;
3983     abi_long ret = -TARGET_EINVAL;
3984     abi_long err;
3985     cmd &= 0xff;
3986 
3987     switch( cmd ) {
3988 	case GETVAL:
3989 	case SETVAL:
3990             /* In 64 bit cross-endian situations, we will erroneously pick up
3991              * the wrong half of the union for the "val" element.  To rectify
3992              * this, the entire 8-byte structure is byteswapped, followed by
3993 	     * a swap of the 4 byte val field. In other cases, the data is
3994 	     * already in proper host byte order. */
3995 	    if (sizeof(target_su.val) != (sizeof(target_su.buf))) {
3996 		target_su.buf = tswapal(target_su.buf);
3997 		arg.val = tswap32(target_su.val);
3998 	    } else {
3999 		arg.val = target_su.val;
4000 	    }
4001             ret = get_errno(semctl(semid, semnum, cmd, arg));
4002             break;
4003 	case GETALL:
4004 	case SETALL:
4005             err = target_to_host_semarray(semid, &array, target_su.array);
4006             if (err)
4007                 return err;
4008             arg.array = array;
4009             ret = get_errno(semctl(semid, semnum, cmd, arg));
4010             err = host_to_target_semarray(semid, target_su.array, &array);
4011             if (err)
4012                 return err;
4013             break;
4014 	case IPC_STAT:
4015 	case IPC_SET:
4016 	case SEM_STAT:
4017             err = target_to_host_semid_ds(&dsarg, target_su.buf);
4018             if (err)
4019                 return err;
4020             arg.buf = &dsarg;
4021             ret = get_errno(semctl(semid, semnum, cmd, arg));
4022             err = host_to_target_semid_ds(target_su.buf, &dsarg);
4023             if (err)
4024                 return err;
4025             break;
4026 	case IPC_INFO:
4027 	case SEM_INFO:
4028             arg.__buf = &seminfo;
4029             ret = get_errno(semctl(semid, semnum, cmd, arg));
4030             err = host_to_target_seminfo(target_su.__buf, &seminfo);
4031             if (err)
4032                 return err;
4033             break;
4034 	case IPC_RMID:
4035 	case GETPID:
4036 	case GETNCNT:
4037 	case GETZCNT:
4038             ret = get_errno(semctl(semid, semnum, cmd, NULL));
4039             break;
4040     }
4041 
4042     return ret;
4043 }
4044 
4045 struct target_sembuf {
4046     unsigned short sem_num;
4047     short sem_op;
4048     short sem_flg;
4049 };
4050 
4051 static inline abi_long target_to_host_sembuf(struct sembuf *host_sembuf,
4052                                              abi_ulong target_addr,
4053                                              unsigned nsops)
4054 {
4055     struct target_sembuf *target_sembuf;
4056     int i;
4057 
4058     target_sembuf = lock_user(VERIFY_READ, target_addr,
4059                               nsops*sizeof(struct target_sembuf), 1);
4060     if (!target_sembuf)
4061         return -TARGET_EFAULT;
4062 
4063     for(i=0; i<nsops; i++) {
4064         __get_user(host_sembuf[i].sem_num, &target_sembuf[i].sem_num);
4065         __get_user(host_sembuf[i].sem_op, &target_sembuf[i].sem_op);
4066         __get_user(host_sembuf[i].sem_flg, &target_sembuf[i].sem_flg);
4067     }
4068 
4069     unlock_user(target_sembuf, target_addr, 0);
4070 
4071     return 0;
4072 }
4073 
4074 static inline abi_long do_semop(int semid, abi_long ptr, unsigned nsops)
4075 {
4076     struct sembuf sops[nsops];
4077 
4078     if (target_to_host_sembuf(sops, ptr, nsops))
4079         return -TARGET_EFAULT;
4080 
4081     return get_errno(safe_semtimedop(semid, sops, nsops, NULL));
4082 }
4083 
4084 struct target_msqid_ds
4085 {
4086     struct target_ipc_perm msg_perm;
4087     abi_ulong msg_stime;
4088 #if TARGET_ABI_BITS == 32
4089     abi_ulong __unused1;
4090 #endif
4091     abi_ulong msg_rtime;
4092 #if TARGET_ABI_BITS == 32
4093     abi_ulong __unused2;
4094 #endif
4095     abi_ulong msg_ctime;
4096 #if TARGET_ABI_BITS == 32
4097     abi_ulong __unused3;
4098 #endif
4099     abi_ulong __msg_cbytes;
4100     abi_ulong msg_qnum;
4101     abi_ulong msg_qbytes;
4102     abi_ulong msg_lspid;
4103     abi_ulong msg_lrpid;
4104     abi_ulong __unused4;
4105     abi_ulong __unused5;
4106 };
4107 
4108 static inline abi_long target_to_host_msqid_ds(struct msqid_ds *host_md,
4109                                                abi_ulong target_addr)
4110 {
4111     struct target_msqid_ds *target_md;
4112 
4113     if (!lock_user_struct(VERIFY_READ, target_md, target_addr, 1))
4114         return -TARGET_EFAULT;
4115     if (target_to_host_ipc_perm(&(host_md->msg_perm),target_addr))
4116         return -TARGET_EFAULT;
4117     host_md->msg_stime = tswapal(target_md->msg_stime);
4118     host_md->msg_rtime = tswapal(target_md->msg_rtime);
4119     host_md->msg_ctime = tswapal(target_md->msg_ctime);
4120     host_md->__msg_cbytes = tswapal(target_md->__msg_cbytes);
4121     host_md->msg_qnum = tswapal(target_md->msg_qnum);
4122     host_md->msg_qbytes = tswapal(target_md->msg_qbytes);
4123     host_md->msg_lspid = tswapal(target_md->msg_lspid);
4124     host_md->msg_lrpid = tswapal(target_md->msg_lrpid);
4125     unlock_user_struct(target_md, target_addr, 0);
4126     return 0;
4127 }
4128 
4129 static inline abi_long host_to_target_msqid_ds(abi_ulong target_addr,
4130                                                struct msqid_ds *host_md)
4131 {
4132     struct target_msqid_ds *target_md;
4133 
4134     if (!lock_user_struct(VERIFY_WRITE, target_md, target_addr, 0))
4135         return -TARGET_EFAULT;
4136     if (host_to_target_ipc_perm(target_addr,&(host_md->msg_perm)))
4137         return -TARGET_EFAULT;
4138     target_md->msg_stime = tswapal(host_md->msg_stime);
4139     target_md->msg_rtime = tswapal(host_md->msg_rtime);
4140     target_md->msg_ctime = tswapal(host_md->msg_ctime);
4141     target_md->__msg_cbytes = tswapal(host_md->__msg_cbytes);
4142     target_md->msg_qnum = tswapal(host_md->msg_qnum);
4143     target_md->msg_qbytes = tswapal(host_md->msg_qbytes);
4144     target_md->msg_lspid = tswapal(host_md->msg_lspid);
4145     target_md->msg_lrpid = tswapal(host_md->msg_lrpid);
4146     unlock_user_struct(target_md, target_addr, 1);
4147     return 0;
4148 }
4149 
4150 struct target_msginfo {
4151     int msgpool;
4152     int msgmap;
4153     int msgmax;
4154     int msgmnb;
4155     int msgmni;
4156     int msgssz;
4157     int msgtql;
4158     unsigned short int msgseg;
4159 };
4160 
4161 static inline abi_long host_to_target_msginfo(abi_ulong target_addr,
4162                                               struct msginfo *host_msginfo)
4163 {
4164     struct target_msginfo *target_msginfo;
4165     if (!lock_user_struct(VERIFY_WRITE, target_msginfo, target_addr, 0))
4166         return -TARGET_EFAULT;
4167     __put_user(host_msginfo->msgpool, &target_msginfo->msgpool);
4168     __put_user(host_msginfo->msgmap, &target_msginfo->msgmap);
4169     __put_user(host_msginfo->msgmax, &target_msginfo->msgmax);
4170     __put_user(host_msginfo->msgmnb, &target_msginfo->msgmnb);
4171     __put_user(host_msginfo->msgmni, &target_msginfo->msgmni);
4172     __put_user(host_msginfo->msgssz, &target_msginfo->msgssz);
4173     __put_user(host_msginfo->msgtql, &target_msginfo->msgtql);
4174     __put_user(host_msginfo->msgseg, &target_msginfo->msgseg);
4175     unlock_user_struct(target_msginfo, target_addr, 1);
4176     return 0;
4177 }
4178 
4179 static inline abi_long do_msgctl(int msgid, int cmd, abi_long ptr)
4180 {
4181     struct msqid_ds dsarg;
4182     struct msginfo msginfo;
4183     abi_long ret = -TARGET_EINVAL;
4184 
4185     cmd &= 0xff;
4186 
4187     switch (cmd) {
4188     case IPC_STAT:
4189     case IPC_SET:
4190     case MSG_STAT:
4191         if (target_to_host_msqid_ds(&dsarg,ptr))
4192             return -TARGET_EFAULT;
4193         ret = get_errno(msgctl(msgid, cmd, &dsarg));
4194         if (host_to_target_msqid_ds(ptr,&dsarg))
4195             return -TARGET_EFAULT;
4196         break;
4197     case IPC_RMID:
4198         ret = get_errno(msgctl(msgid, cmd, NULL));
4199         break;
4200     case IPC_INFO:
4201     case MSG_INFO:
4202         ret = get_errno(msgctl(msgid, cmd, (struct msqid_ds *)&msginfo));
4203         if (host_to_target_msginfo(ptr, &msginfo))
4204             return -TARGET_EFAULT;
4205         break;
4206     }
4207 
4208     return ret;
4209 }
4210 
4211 struct target_msgbuf {
4212     abi_long mtype;
4213     char	mtext[1];
4214 };
4215 
4216 static inline abi_long do_msgsnd(int msqid, abi_long msgp,
4217                                  ssize_t msgsz, int msgflg)
4218 {
4219     struct target_msgbuf *target_mb;
4220     struct msgbuf *host_mb;
4221     abi_long ret = 0;
4222 
4223     if (msgsz < 0) {
4224         return -TARGET_EINVAL;
4225     }
4226 
4227     if (!lock_user_struct(VERIFY_READ, target_mb, msgp, 0))
4228         return -TARGET_EFAULT;
4229     host_mb = g_try_malloc(msgsz + sizeof(long));
4230     if (!host_mb) {
4231         unlock_user_struct(target_mb, msgp, 0);
4232         return -TARGET_ENOMEM;
4233     }
4234     host_mb->mtype = (abi_long) tswapal(target_mb->mtype);
4235     memcpy(host_mb->mtext, target_mb->mtext, msgsz);
4236     ret = get_errno(safe_msgsnd(msqid, host_mb, msgsz, msgflg));
4237     g_free(host_mb);
4238     unlock_user_struct(target_mb, msgp, 0);
4239 
4240     return ret;
4241 }
4242 
4243 static inline abi_long do_msgrcv(int msqid, abi_long msgp,
4244                                  ssize_t msgsz, abi_long msgtyp,
4245                                  int msgflg)
4246 {
4247     struct target_msgbuf *target_mb;
4248     char *target_mtext;
4249     struct msgbuf *host_mb;
4250     abi_long ret = 0;
4251 
4252     if (msgsz < 0) {
4253         return -TARGET_EINVAL;
4254     }
4255 
4256     if (!lock_user_struct(VERIFY_WRITE, target_mb, msgp, 0))
4257         return -TARGET_EFAULT;
4258 
4259     host_mb = g_try_malloc(msgsz + sizeof(long));
4260     if (!host_mb) {
4261         ret = -TARGET_ENOMEM;
4262         goto end;
4263     }
4264     ret = get_errno(safe_msgrcv(msqid, host_mb, msgsz, msgtyp, msgflg));
4265 
4266     if (ret > 0) {
4267         abi_ulong target_mtext_addr = msgp + sizeof(abi_ulong);
4268         target_mtext = lock_user(VERIFY_WRITE, target_mtext_addr, ret, 0);
4269         if (!target_mtext) {
4270             ret = -TARGET_EFAULT;
4271             goto end;
4272         }
4273         memcpy(target_mb->mtext, host_mb->mtext, ret);
4274         unlock_user(target_mtext, target_mtext_addr, ret);
4275     }
4276 
4277     target_mb->mtype = tswapal(host_mb->mtype);
4278 
4279 end:
4280     if (target_mb)
4281         unlock_user_struct(target_mb, msgp, 1);
4282     g_free(host_mb);
4283     return ret;
4284 }
4285 
4286 static inline abi_long target_to_host_shmid_ds(struct shmid_ds *host_sd,
4287                                                abi_ulong target_addr)
4288 {
4289     struct target_shmid_ds *target_sd;
4290 
4291     if (!lock_user_struct(VERIFY_READ, target_sd, target_addr, 1))
4292         return -TARGET_EFAULT;
4293     if (target_to_host_ipc_perm(&(host_sd->shm_perm), target_addr))
4294         return -TARGET_EFAULT;
4295     __get_user(host_sd->shm_segsz, &target_sd->shm_segsz);
4296     __get_user(host_sd->shm_atime, &target_sd->shm_atime);
4297     __get_user(host_sd->shm_dtime, &target_sd->shm_dtime);
4298     __get_user(host_sd->shm_ctime, &target_sd->shm_ctime);
4299     __get_user(host_sd->shm_cpid, &target_sd->shm_cpid);
4300     __get_user(host_sd->shm_lpid, &target_sd->shm_lpid);
4301     __get_user(host_sd->shm_nattch, &target_sd->shm_nattch);
4302     unlock_user_struct(target_sd, target_addr, 0);
4303     return 0;
4304 }
4305 
4306 static inline abi_long host_to_target_shmid_ds(abi_ulong target_addr,
4307                                                struct shmid_ds *host_sd)
4308 {
4309     struct target_shmid_ds *target_sd;
4310 
4311     if (!lock_user_struct(VERIFY_WRITE, target_sd, target_addr, 0))
4312         return -TARGET_EFAULT;
4313     if (host_to_target_ipc_perm(target_addr, &(host_sd->shm_perm)))
4314         return -TARGET_EFAULT;
4315     __put_user(host_sd->shm_segsz, &target_sd->shm_segsz);
4316     __put_user(host_sd->shm_atime, &target_sd->shm_atime);
4317     __put_user(host_sd->shm_dtime, &target_sd->shm_dtime);
4318     __put_user(host_sd->shm_ctime, &target_sd->shm_ctime);
4319     __put_user(host_sd->shm_cpid, &target_sd->shm_cpid);
4320     __put_user(host_sd->shm_lpid, &target_sd->shm_lpid);
4321     __put_user(host_sd->shm_nattch, &target_sd->shm_nattch);
4322     unlock_user_struct(target_sd, target_addr, 1);
4323     return 0;
4324 }
4325 
4326 struct  target_shminfo {
4327     abi_ulong shmmax;
4328     abi_ulong shmmin;
4329     abi_ulong shmmni;
4330     abi_ulong shmseg;
4331     abi_ulong shmall;
4332 };
4333 
4334 static inline abi_long host_to_target_shminfo(abi_ulong target_addr,
4335                                               struct shminfo *host_shminfo)
4336 {
4337     struct target_shminfo *target_shminfo;
4338     if (!lock_user_struct(VERIFY_WRITE, target_shminfo, target_addr, 0))
4339         return -TARGET_EFAULT;
4340     __put_user(host_shminfo->shmmax, &target_shminfo->shmmax);
4341     __put_user(host_shminfo->shmmin, &target_shminfo->shmmin);
4342     __put_user(host_shminfo->shmmni, &target_shminfo->shmmni);
4343     __put_user(host_shminfo->shmseg, &target_shminfo->shmseg);
4344     __put_user(host_shminfo->shmall, &target_shminfo->shmall);
4345     unlock_user_struct(target_shminfo, target_addr, 1);
4346     return 0;
4347 }
4348 
4349 struct target_shm_info {
4350     int used_ids;
4351     abi_ulong shm_tot;
4352     abi_ulong shm_rss;
4353     abi_ulong shm_swp;
4354     abi_ulong swap_attempts;
4355     abi_ulong swap_successes;
4356 };
4357 
4358 static inline abi_long host_to_target_shm_info(abi_ulong target_addr,
4359                                                struct shm_info *host_shm_info)
4360 {
4361     struct target_shm_info *target_shm_info;
4362     if (!lock_user_struct(VERIFY_WRITE, target_shm_info, target_addr, 0))
4363         return -TARGET_EFAULT;
4364     __put_user(host_shm_info->used_ids, &target_shm_info->used_ids);
4365     __put_user(host_shm_info->shm_tot, &target_shm_info->shm_tot);
4366     __put_user(host_shm_info->shm_rss, &target_shm_info->shm_rss);
4367     __put_user(host_shm_info->shm_swp, &target_shm_info->shm_swp);
4368     __put_user(host_shm_info->swap_attempts, &target_shm_info->swap_attempts);
4369     __put_user(host_shm_info->swap_successes, &target_shm_info->swap_successes);
4370     unlock_user_struct(target_shm_info, target_addr, 1);
4371     return 0;
4372 }
4373 
4374 static inline abi_long do_shmctl(int shmid, int cmd, abi_long buf)
4375 {
4376     struct shmid_ds dsarg;
4377     struct shminfo shminfo;
4378     struct shm_info shm_info;
4379     abi_long ret = -TARGET_EINVAL;
4380 
4381     cmd &= 0xff;
4382 
4383     switch(cmd) {
4384     case IPC_STAT:
4385     case IPC_SET:
4386     case SHM_STAT:
4387         if (target_to_host_shmid_ds(&dsarg, buf))
4388             return -TARGET_EFAULT;
4389         ret = get_errno(shmctl(shmid, cmd, &dsarg));
4390         if (host_to_target_shmid_ds(buf, &dsarg))
4391             return -TARGET_EFAULT;
4392         break;
4393     case IPC_INFO:
4394         ret = get_errno(shmctl(shmid, cmd, (struct shmid_ds *)&shminfo));
4395         if (host_to_target_shminfo(buf, &shminfo))
4396             return -TARGET_EFAULT;
4397         break;
4398     case SHM_INFO:
4399         ret = get_errno(shmctl(shmid, cmd, (struct shmid_ds *)&shm_info));
4400         if (host_to_target_shm_info(buf, &shm_info))
4401             return -TARGET_EFAULT;
4402         break;
4403     case IPC_RMID:
4404     case SHM_LOCK:
4405     case SHM_UNLOCK:
4406         ret = get_errno(shmctl(shmid, cmd, NULL));
4407         break;
4408     }
4409 
4410     return ret;
4411 }
4412 
4413 static inline abi_ulong do_shmat(int shmid, abi_ulong shmaddr, int shmflg)
4414 {
4415     abi_long raddr;
4416     void *host_raddr;
4417     struct shmid_ds shm_info;
4418     int i,ret;
4419 
4420     /* find out the length of the shared memory segment */
4421     ret = get_errno(shmctl(shmid, IPC_STAT, &shm_info));
4422     if (is_error(ret)) {
4423         /* can't get length, bail out */
4424         return ret;
4425     }
4426 
4427     mmap_lock();
4428 
4429     if (shmaddr)
4430         host_raddr = shmat(shmid, (void *)g2h(shmaddr), shmflg);
4431     else {
4432         abi_ulong mmap_start;
4433 
4434         mmap_start = mmap_find_vma(0, shm_info.shm_segsz);
4435 
4436         if (mmap_start == -1) {
4437             errno = ENOMEM;
4438             host_raddr = (void *)-1;
4439         } else
4440             host_raddr = shmat(shmid, g2h(mmap_start), shmflg | SHM_REMAP);
4441     }
4442 
4443     if (host_raddr == (void *)-1) {
4444         mmap_unlock();
4445         return get_errno((long)host_raddr);
4446     }
4447     raddr=h2g((unsigned long)host_raddr);
4448 
4449     page_set_flags(raddr, raddr + shm_info.shm_segsz,
4450                    PAGE_VALID | PAGE_READ |
4451                    ((shmflg & SHM_RDONLY)? 0 : PAGE_WRITE));
4452 
4453     for (i = 0; i < N_SHM_REGIONS; i++) {
4454         if (!shm_regions[i].in_use) {
4455             shm_regions[i].in_use = true;
4456             shm_regions[i].start = raddr;
4457             shm_regions[i].size = shm_info.shm_segsz;
4458             break;
4459         }
4460     }
4461 
4462     mmap_unlock();
4463     return raddr;
4464 
4465 }
4466 
4467 static inline abi_long do_shmdt(abi_ulong shmaddr)
4468 {
4469     int i;
4470 
4471     for (i = 0; i < N_SHM_REGIONS; ++i) {
4472         if (shm_regions[i].in_use && shm_regions[i].start == shmaddr) {
4473             shm_regions[i].in_use = false;
4474             page_set_flags(shmaddr, shmaddr + shm_regions[i].size, 0);
4475             break;
4476         }
4477     }
4478 
4479     return get_errno(shmdt(g2h(shmaddr)));
4480 }
4481 
4482 #ifdef TARGET_NR_ipc
4483 /* ??? This only works with linear mappings.  */
4484 /* do_ipc() must return target values and target errnos. */
4485 static abi_long do_ipc(unsigned int call, abi_long first,
4486                        abi_long second, abi_long third,
4487                        abi_long ptr, abi_long fifth)
4488 {
4489     int version;
4490     abi_long ret = 0;
4491 
4492     version = call >> 16;
4493     call &= 0xffff;
4494 
4495     switch (call) {
4496     case IPCOP_semop:
4497         ret = do_semop(first, ptr, second);
4498         break;
4499 
4500     case IPCOP_semget:
4501         ret = get_errno(semget(first, second, third));
4502         break;
4503 
4504     case IPCOP_semctl: {
4505         /* The semun argument to semctl is passed by value, so dereference the
4506          * ptr argument. */
4507         abi_ulong atptr;
4508         get_user_ual(atptr, ptr);
4509         ret = do_semctl(first, second, third, atptr);
4510         break;
4511     }
4512 
4513     case IPCOP_msgget:
4514         ret = get_errno(msgget(first, second));
4515         break;
4516 
4517     case IPCOP_msgsnd:
4518         ret = do_msgsnd(first, ptr, second, third);
4519         break;
4520 
4521     case IPCOP_msgctl:
4522         ret = do_msgctl(first, second, ptr);
4523         break;
4524 
4525     case IPCOP_msgrcv:
4526         switch (version) {
4527         case 0:
4528             {
4529                 struct target_ipc_kludge {
4530                     abi_long msgp;
4531                     abi_long msgtyp;
4532                 } *tmp;
4533 
4534                 if (!lock_user_struct(VERIFY_READ, tmp, ptr, 1)) {
4535                     ret = -TARGET_EFAULT;
4536                     break;
4537                 }
4538 
4539                 ret = do_msgrcv(first, tswapal(tmp->msgp), second, tswapal(tmp->msgtyp), third);
4540 
4541                 unlock_user_struct(tmp, ptr, 0);
4542                 break;
4543             }
4544         default:
4545             ret = do_msgrcv(first, ptr, second, fifth, third);
4546         }
4547         break;
4548 
4549     case IPCOP_shmat:
4550         switch (version) {
4551         default:
4552         {
4553             abi_ulong raddr;
4554             raddr = do_shmat(first, ptr, second);
4555             if (is_error(raddr))
4556                 return get_errno(raddr);
4557             if (put_user_ual(raddr, third))
4558                 return -TARGET_EFAULT;
4559             break;
4560         }
4561         case 1:
4562             ret = -TARGET_EINVAL;
4563             break;
4564         }
4565 	break;
4566     case IPCOP_shmdt:
4567         ret = do_shmdt(ptr);
4568 	break;
4569 
4570     case IPCOP_shmget:
4571 	/* IPC_* flag values are the same on all linux platforms */
4572 	ret = get_errno(shmget(first, second, third));
4573 	break;
4574 
4575 	/* IPC_* and SHM_* command values are the same on all linux platforms */
4576     case IPCOP_shmctl:
4577         ret = do_shmctl(first, second, ptr);
4578         break;
4579     default:
4580 	gemu_log("Unsupported ipc call: %d (version %d)\n", call, version);
4581 	ret = -TARGET_ENOSYS;
4582 	break;
4583     }
4584     return ret;
4585 }
4586 #endif
4587 
4588 /* kernel structure types definitions */
4589 
4590 #define STRUCT(name, ...) STRUCT_ ## name,
4591 #define STRUCT_SPECIAL(name) STRUCT_ ## name,
4592 enum {
4593 #include "syscall_types.h"
4594 STRUCT_MAX
4595 };
4596 #undef STRUCT
4597 #undef STRUCT_SPECIAL
4598 
4599 #define STRUCT(name, ...) static const argtype struct_ ## name ## _def[] = {  __VA_ARGS__, TYPE_NULL };
4600 #define STRUCT_SPECIAL(name)
4601 #include "syscall_types.h"
4602 #undef STRUCT
4603 #undef STRUCT_SPECIAL
4604 
4605 typedef struct IOCTLEntry IOCTLEntry;
4606 
4607 typedef abi_long do_ioctl_fn(const IOCTLEntry *ie, uint8_t *buf_temp,
4608                              int fd, int cmd, abi_long arg);
4609 
4610 struct IOCTLEntry {
4611     int target_cmd;
4612     unsigned int host_cmd;
4613     const char *name;
4614     int access;
4615     do_ioctl_fn *do_ioctl;
4616     const argtype arg_type[5];
4617 };
4618 
4619 #define IOC_R 0x0001
4620 #define IOC_W 0x0002
4621 #define IOC_RW (IOC_R | IOC_W)
4622 
4623 #define MAX_STRUCT_SIZE 4096
4624 
4625 #ifdef CONFIG_FIEMAP
4626 /* So fiemap access checks don't overflow on 32 bit systems.
4627  * This is very slightly smaller than the limit imposed by
4628  * the underlying kernel.
4629  */
4630 #define FIEMAP_MAX_EXTENTS ((UINT_MAX - sizeof(struct fiemap))  \
4631                             / sizeof(struct fiemap_extent))
4632 
4633 static abi_long do_ioctl_fs_ioc_fiemap(const IOCTLEntry *ie, uint8_t *buf_temp,
4634                                        int fd, int cmd, abi_long arg)
4635 {
4636     /* The parameter for this ioctl is a struct fiemap followed
4637      * by an array of struct fiemap_extent whose size is set
4638      * in fiemap->fm_extent_count. The array is filled in by the
4639      * ioctl.
4640      */
4641     int target_size_in, target_size_out;
4642     struct fiemap *fm;
4643     const argtype *arg_type = ie->arg_type;
4644     const argtype extent_arg_type[] = { MK_STRUCT(STRUCT_fiemap_extent) };
4645     void *argptr, *p;
4646     abi_long ret;
4647     int i, extent_size = thunk_type_size(extent_arg_type, 0);
4648     uint32_t outbufsz;
4649     int free_fm = 0;
4650 
4651     assert(arg_type[0] == TYPE_PTR);
4652     assert(ie->access == IOC_RW);
4653     arg_type++;
4654     target_size_in = thunk_type_size(arg_type, 0);
4655     argptr = lock_user(VERIFY_READ, arg, target_size_in, 1);
4656     if (!argptr) {
4657         return -TARGET_EFAULT;
4658     }
4659     thunk_convert(buf_temp, argptr, arg_type, THUNK_HOST);
4660     unlock_user(argptr, arg, 0);
4661     fm = (struct fiemap *)buf_temp;
4662     if (fm->fm_extent_count > FIEMAP_MAX_EXTENTS) {
4663         return -TARGET_EINVAL;
4664     }
4665 
4666     outbufsz = sizeof (*fm) +
4667         (sizeof(struct fiemap_extent) * fm->fm_extent_count);
4668 
4669     if (outbufsz > MAX_STRUCT_SIZE) {
4670         /* We can't fit all the extents into the fixed size buffer.
4671          * Allocate one that is large enough and use it instead.
4672          */
4673         fm = g_try_malloc(outbufsz);
4674         if (!fm) {
4675             return -TARGET_ENOMEM;
4676         }
4677         memcpy(fm, buf_temp, sizeof(struct fiemap));
4678         free_fm = 1;
4679     }
4680     ret = get_errno(safe_ioctl(fd, ie->host_cmd, fm));
4681     if (!is_error(ret)) {
4682         target_size_out = target_size_in;
4683         /* An extent_count of 0 means we were only counting the extents
4684          * so there are no structs to copy
4685          */
4686         if (fm->fm_extent_count != 0) {
4687             target_size_out += fm->fm_mapped_extents * extent_size;
4688         }
4689         argptr = lock_user(VERIFY_WRITE, arg, target_size_out, 0);
4690         if (!argptr) {
4691             ret = -TARGET_EFAULT;
4692         } else {
4693             /* Convert the struct fiemap */
4694             thunk_convert(argptr, fm, arg_type, THUNK_TARGET);
4695             if (fm->fm_extent_count != 0) {
4696                 p = argptr + target_size_in;
4697                 /* ...and then all the struct fiemap_extents */
4698                 for (i = 0; i < fm->fm_mapped_extents; i++) {
4699                     thunk_convert(p, &fm->fm_extents[i], extent_arg_type,
4700                                   THUNK_TARGET);
4701                     p += extent_size;
4702                 }
4703             }
4704             unlock_user(argptr, arg, target_size_out);
4705         }
4706     }
4707     if (free_fm) {
4708         g_free(fm);
4709     }
4710     return ret;
4711 }
4712 #endif
4713 
4714 static abi_long do_ioctl_ifconf(const IOCTLEntry *ie, uint8_t *buf_temp,
4715                                 int fd, int cmd, abi_long arg)
4716 {
4717     const argtype *arg_type = ie->arg_type;
4718     int target_size;
4719     void *argptr;
4720     int ret;
4721     struct ifconf *host_ifconf;
4722     uint32_t outbufsz;
4723     const argtype ifreq_arg_type[] = { MK_STRUCT(STRUCT_sockaddr_ifreq) };
4724     int target_ifreq_size;
4725     int nb_ifreq;
4726     int free_buf = 0;
4727     int i;
4728     int target_ifc_len;
4729     abi_long target_ifc_buf;
4730     int host_ifc_len;
4731     char *host_ifc_buf;
4732 
4733     assert(arg_type[0] == TYPE_PTR);
4734     assert(ie->access == IOC_RW);
4735 
4736     arg_type++;
4737     target_size = thunk_type_size(arg_type, 0);
4738 
4739     argptr = lock_user(VERIFY_READ, arg, target_size, 1);
4740     if (!argptr)
4741         return -TARGET_EFAULT;
4742     thunk_convert(buf_temp, argptr, arg_type, THUNK_HOST);
4743     unlock_user(argptr, arg, 0);
4744 
4745     host_ifconf = (struct ifconf *)(unsigned long)buf_temp;
4746     target_ifc_len = host_ifconf->ifc_len;
4747     target_ifc_buf = (abi_long)(unsigned long)host_ifconf->ifc_buf;
4748 
4749     target_ifreq_size = thunk_type_size(ifreq_arg_type, 0);
4750     nb_ifreq = target_ifc_len / target_ifreq_size;
4751     host_ifc_len = nb_ifreq * sizeof(struct ifreq);
4752 
4753     outbufsz = sizeof(*host_ifconf) + host_ifc_len;
4754     if (outbufsz > MAX_STRUCT_SIZE) {
4755         /* We can't fit all the extents into the fixed size buffer.
4756          * Allocate one that is large enough and use it instead.
4757          */
4758         host_ifconf = malloc(outbufsz);
4759         if (!host_ifconf) {
4760             return -TARGET_ENOMEM;
4761         }
4762         memcpy(host_ifconf, buf_temp, sizeof(*host_ifconf));
4763         free_buf = 1;
4764     }
4765     host_ifc_buf = (char*)host_ifconf + sizeof(*host_ifconf);
4766 
4767     host_ifconf->ifc_len = host_ifc_len;
4768     host_ifconf->ifc_buf = host_ifc_buf;
4769 
4770     ret = get_errno(safe_ioctl(fd, ie->host_cmd, host_ifconf));
4771     if (!is_error(ret)) {
4772 	/* convert host ifc_len to target ifc_len */
4773 
4774         nb_ifreq = host_ifconf->ifc_len / sizeof(struct ifreq);
4775         target_ifc_len = nb_ifreq * target_ifreq_size;
4776         host_ifconf->ifc_len = target_ifc_len;
4777 
4778 	/* restore target ifc_buf */
4779 
4780         host_ifconf->ifc_buf = (char *)(unsigned long)target_ifc_buf;
4781 
4782 	/* copy struct ifconf to target user */
4783 
4784         argptr = lock_user(VERIFY_WRITE, arg, target_size, 0);
4785         if (!argptr)
4786             return -TARGET_EFAULT;
4787         thunk_convert(argptr, host_ifconf, arg_type, THUNK_TARGET);
4788         unlock_user(argptr, arg, target_size);
4789 
4790 	/* copy ifreq[] to target user */
4791 
4792         argptr = lock_user(VERIFY_WRITE, target_ifc_buf, target_ifc_len, 0);
4793         for (i = 0; i < nb_ifreq ; i++) {
4794             thunk_convert(argptr + i * target_ifreq_size,
4795                           host_ifc_buf + i * sizeof(struct ifreq),
4796                           ifreq_arg_type, THUNK_TARGET);
4797         }
4798         unlock_user(argptr, target_ifc_buf, target_ifc_len);
4799     }
4800 
4801     if (free_buf) {
4802         free(host_ifconf);
4803     }
4804 
4805     return ret;
4806 }
4807 
4808 static abi_long do_ioctl_dm(const IOCTLEntry *ie, uint8_t *buf_temp, int fd,
4809                             int cmd, abi_long arg)
4810 {
4811     void *argptr;
4812     struct dm_ioctl *host_dm;
4813     abi_long guest_data;
4814     uint32_t guest_data_size;
4815     int target_size;
4816     const argtype *arg_type = ie->arg_type;
4817     abi_long ret;
4818     void *big_buf = NULL;
4819     char *host_data;
4820 
4821     arg_type++;
4822     target_size = thunk_type_size(arg_type, 0);
4823     argptr = lock_user(VERIFY_READ, arg, target_size, 1);
4824     if (!argptr) {
4825         ret = -TARGET_EFAULT;
4826         goto out;
4827     }
4828     thunk_convert(buf_temp, argptr, arg_type, THUNK_HOST);
4829     unlock_user(argptr, arg, 0);
4830 
4831     /* buf_temp is too small, so fetch things into a bigger buffer */
4832     big_buf = g_malloc0(((struct dm_ioctl*)buf_temp)->data_size * 2);
4833     memcpy(big_buf, buf_temp, target_size);
4834     buf_temp = big_buf;
4835     host_dm = big_buf;
4836 
4837     guest_data = arg + host_dm->data_start;
4838     if ((guest_data - arg) < 0) {
4839         ret = -EINVAL;
4840         goto out;
4841     }
4842     guest_data_size = host_dm->data_size - host_dm->data_start;
4843     host_data = (char*)host_dm + host_dm->data_start;
4844 
4845     argptr = lock_user(VERIFY_READ, guest_data, guest_data_size, 1);
4846     switch (ie->host_cmd) {
4847     case DM_REMOVE_ALL:
4848     case DM_LIST_DEVICES:
4849     case DM_DEV_CREATE:
4850     case DM_DEV_REMOVE:
4851     case DM_DEV_SUSPEND:
4852     case DM_DEV_STATUS:
4853     case DM_DEV_WAIT:
4854     case DM_TABLE_STATUS:
4855     case DM_TABLE_CLEAR:
4856     case DM_TABLE_DEPS:
4857     case DM_LIST_VERSIONS:
4858         /* no input data */
4859         break;
4860     case DM_DEV_RENAME:
4861     case DM_DEV_SET_GEOMETRY:
4862         /* data contains only strings */
4863         memcpy(host_data, argptr, guest_data_size);
4864         break;
4865     case DM_TARGET_MSG:
4866         memcpy(host_data, argptr, guest_data_size);
4867         *(uint64_t*)host_data = tswap64(*(uint64_t*)argptr);
4868         break;
4869     case DM_TABLE_LOAD:
4870     {
4871         void *gspec = argptr;
4872         void *cur_data = host_data;
4873         const argtype arg_type[] = { MK_STRUCT(STRUCT_dm_target_spec) };
4874         int spec_size = thunk_type_size(arg_type, 0);
4875         int i;
4876 
4877         for (i = 0; i < host_dm->target_count; i++) {
4878             struct dm_target_spec *spec = cur_data;
4879             uint32_t next;
4880             int slen;
4881 
4882             thunk_convert(spec, gspec, arg_type, THUNK_HOST);
4883             slen = strlen((char*)gspec + spec_size) + 1;
4884             next = spec->next;
4885             spec->next = sizeof(*spec) + slen;
4886             strcpy((char*)&spec[1], gspec + spec_size);
4887             gspec += next;
4888             cur_data += spec->next;
4889         }
4890         break;
4891     }
4892     default:
4893         ret = -TARGET_EINVAL;
4894         unlock_user(argptr, guest_data, 0);
4895         goto out;
4896     }
4897     unlock_user(argptr, guest_data, 0);
4898 
4899     ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp));
4900     if (!is_error(ret)) {
4901         guest_data = arg + host_dm->data_start;
4902         guest_data_size = host_dm->data_size - host_dm->data_start;
4903         argptr = lock_user(VERIFY_WRITE, guest_data, guest_data_size, 0);
4904         switch (ie->host_cmd) {
4905         case DM_REMOVE_ALL:
4906         case DM_DEV_CREATE:
4907         case DM_DEV_REMOVE:
4908         case DM_DEV_RENAME:
4909         case DM_DEV_SUSPEND:
4910         case DM_DEV_STATUS:
4911         case DM_TABLE_LOAD:
4912         case DM_TABLE_CLEAR:
4913         case DM_TARGET_MSG:
4914         case DM_DEV_SET_GEOMETRY:
4915             /* no return data */
4916             break;
4917         case DM_LIST_DEVICES:
4918         {
4919             struct dm_name_list *nl = (void*)host_dm + host_dm->data_start;
4920             uint32_t remaining_data = guest_data_size;
4921             void *cur_data = argptr;
4922             const argtype arg_type[] = { MK_STRUCT(STRUCT_dm_name_list) };
4923             int nl_size = 12; /* can't use thunk_size due to alignment */
4924 
4925             while (1) {
4926                 uint32_t next = nl->next;
4927                 if (next) {
4928                     nl->next = nl_size + (strlen(nl->name) + 1);
4929                 }
4930                 if (remaining_data < nl->next) {
4931                     host_dm->flags |= DM_BUFFER_FULL_FLAG;
4932                     break;
4933                 }
4934                 thunk_convert(cur_data, nl, arg_type, THUNK_TARGET);
4935                 strcpy(cur_data + nl_size, nl->name);
4936                 cur_data += nl->next;
4937                 remaining_data -= nl->next;
4938                 if (!next) {
4939                     break;
4940                 }
4941                 nl = (void*)nl + next;
4942             }
4943             break;
4944         }
4945         case DM_DEV_WAIT:
4946         case DM_TABLE_STATUS:
4947         {
4948             struct dm_target_spec *spec = (void*)host_dm + host_dm->data_start;
4949             void *cur_data = argptr;
4950             const argtype arg_type[] = { MK_STRUCT(STRUCT_dm_target_spec) };
4951             int spec_size = thunk_type_size(arg_type, 0);
4952             int i;
4953 
4954             for (i = 0; i < host_dm->target_count; i++) {
4955                 uint32_t next = spec->next;
4956                 int slen = strlen((char*)&spec[1]) + 1;
4957                 spec->next = (cur_data - argptr) + spec_size + slen;
4958                 if (guest_data_size < spec->next) {
4959                     host_dm->flags |= DM_BUFFER_FULL_FLAG;
4960                     break;
4961                 }
4962                 thunk_convert(cur_data, spec, arg_type, THUNK_TARGET);
4963                 strcpy(cur_data + spec_size, (char*)&spec[1]);
4964                 cur_data = argptr + spec->next;
4965                 spec = (void*)host_dm + host_dm->data_start + next;
4966             }
4967             break;
4968         }
4969         case DM_TABLE_DEPS:
4970         {
4971             void *hdata = (void*)host_dm + host_dm->data_start;
4972             int count = *(uint32_t*)hdata;
4973             uint64_t *hdev = hdata + 8;
4974             uint64_t *gdev = argptr + 8;
4975             int i;
4976 
4977             *(uint32_t*)argptr = tswap32(count);
4978             for (i = 0; i < count; i++) {
4979                 *gdev = tswap64(*hdev);
4980                 gdev++;
4981                 hdev++;
4982             }
4983             break;
4984         }
4985         case DM_LIST_VERSIONS:
4986         {
4987             struct dm_target_versions *vers = (void*)host_dm + host_dm->data_start;
4988             uint32_t remaining_data = guest_data_size;
4989             void *cur_data = argptr;
4990             const argtype arg_type[] = { MK_STRUCT(STRUCT_dm_target_versions) };
4991             int vers_size = thunk_type_size(arg_type, 0);
4992 
4993             while (1) {
4994                 uint32_t next = vers->next;
4995                 if (next) {
4996                     vers->next = vers_size + (strlen(vers->name) + 1);
4997                 }
4998                 if (remaining_data < vers->next) {
4999                     host_dm->flags |= DM_BUFFER_FULL_FLAG;
5000                     break;
5001                 }
5002                 thunk_convert(cur_data, vers, arg_type, THUNK_TARGET);
5003                 strcpy(cur_data + vers_size, vers->name);
5004                 cur_data += vers->next;
5005                 remaining_data -= vers->next;
5006                 if (!next) {
5007                     break;
5008                 }
5009                 vers = (void*)vers + next;
5010             }
5011             break;
5012         }
5013         default:
5014             unlock_user(argptr, guest_data, 0);
5015             ret = -TARGET_EINVAL;
5016             goto out;
5017         }
5018         unlock_user(argptr, guest_data, guest_data_size);
5019 
5020         argptr = lock_user(VERIFY_WRITE, arg, target_size, 0);
5021         if (!argptr) {
5022             ret = -TARGET_EFAULT;
5023             goto out;
5024         }
5025         thunk_convert(argptr, buf_temp, arg_type, THUNK_TARGET);
5026         unlock_user(argptr, arg, target_size);
5027     }
5028 out:
5029     g_free(big_buf);
5030     return ret;
5031 }
5032 
5033 static abi_long do_ioctl_blkpg(const IOCTLEntry *ie, uint8_t *buf_temp, int fd,
5034                                int cmd, abi_long arg)
5035 {
5036     void *argptr;
5037     int target_size;
5038     const argtype *arg_type = ie->arg_type;
5039     const argtype part_arg_type[] = { MK_STRUCT(STRUCT_blkpg_partition) };
5040     abi_long ret;
5041 
5042     struct blkpg_ioctl_arg *host_blkpg = (void*)buf_temp;
5043     struct blkpg_partition host_part;
5044 
5045     /* Read and convert blkpg */
5046     arg_type++;
5047     target_size = thunk_type_size(arg_type, 0);
5048     argptr = lock_user(VERIFY_READ, arg, target_size, 1);
5049     if (!argptr) {
5050         ret = -TARGET_EFAULT;
5051         goto out;
5052     }
5053     thunk_convert(buf_temp, argptr, arg_type, THUNK_HOST);
5054     unlock_user(argptr, arg, 0);
5055 
5056     switch (host_blkpg->op) {
5057     case BLKPG_ADD_PARTITION:
5058     case BLKPG_DEL_PARTITION:
5059         /* payload is struct blkpg_partition */
5060         break;
5061     default:
5062         /* Unknown opcode */
5063         ret = -TARGET_EINVAL;
5064         goto out;
5065     }
5066 
5067     /* Read and convert blkpg->data */
5068     arg = (abi_long)(uintptr_t)host_blkpg->data;
5069     target_size = thunk_type_size(part_arg_type, 0);
5070     argptr = lock_user(VERIFY_READ, arg, target_size, 1);
5071     if (!argptr) {
5072         ret = -TARGET_EFAULT;
5073         goto out;
5074     }
5075     thunk_convert(&host_part, argptr, part_arg_type, THUNK_HOST);
5076     unlock_user(argptr, arg, 0);
5077 
5078     /* Swizzle the data pointer to our local copy and call! */
5079     host_blkpg->data = &host_part;
5080     ret = get_errno(safe_ioctl(fd, ie->host_cmd, host_blkpg));
5081 
5082 out:
5083     return ret;
5084 }
5085 
5086 static abi_long do_ioctl_rt(const IOCTLEntry *ie, uint8_t *buf_temp,
5087                                 int fd, int cmd, abi_long arg)
5088 {
5089     const argtype *arg_type = ie->arg_type;
5090     const StructEntry *se;
5091     const argtype *field_types;
5092     const int *dst_offsets, *src_offsets;
5093     int target_size;
5094     void *argptr;
5095     abi_ulong *target_rt_dev_ptr;
5096     unsigned long *host_rt_dev_ptr;
5097     abi_long ret;
5098     int i;
5099 
5100     assert(ie->access == IOC_W);
5101     assert(*arg_type == TYPE_PTR);
5102     arg_type++;
5103     assert(*arg_type == TYPE_STRUCT);
5104     target_size = thunk_type_size(arg_type, 0);
5105     argptr = lock_user(VERIFY_READ, arg, target_size, 1);
5106     if (!argptr) {
5107         return -TARGET_EFAULT;
5108     }
5109     arg_type++;
5110     assert(*arg_type == (int)STRUCT_rtentry);
5111     se = struct_entries + *arg_type++;
5112     assert(se->convert[0] == NULL);
5113     /* convert struct here to be able to catch rt_dev string */
5114     field_types = se->field_types;
5115     dst_offsets = se->field_offsets[THUNK_HOST];
5116     src_offsets = se->field_offsets[THUNK_TARGET];
5117     for (i = 0; i < se->nb_fields; i++) {
5118         if (dst_offsets[i] == offsetof(struct rtentry, rt_dev)) {
5119             assert(*field_types == TYPE_PTRVOID);
5120             target_rt_dev_ptr = (abi_ulong *)(argptr + src_offsets[i]);
5121             host_rt_dev_ptr = (unsigned long *)(buf_temp + dst_offsets[i]);
5122             if (*target_rt_dev_ptr != 0) {
5123                 *host_rt_dev_ptr = (unsigned long)lock_user_string(
5124                                                   tswapal(*target_rt_dev_ptr));
5125                 if (!*host_rt_dev_ptr) {
5126                     unlock_user(argptr, arg, 0);
5127                     return -TARGET_EFAULT;
5128                 }
5129             } else {
5130                 *host_rt_dev_ptr = 0;
5131             }
5132             field_types++;
5133             continue;
5134         }
5135         field_types = thunk_convert(buf_temp + dst_offsets[i],
5136                                     argptr + src_offsets[i],
5137                                     field_types, THUNK_HOST);
5138     }
5139     unlock_user(argptr, arg, 0);
5140 
5141     ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp));
5142     if (*host_rt_dev_ptr != 0) {
5143         unlock_user((void *)*host_rt_dev_ptr,
5144                     *target_rt_dev_ptr, 0);
5145     }
5146     return ret;
5147 }
5148 
5149 static abi_long do_ioctl_kdsigaccept(const IOCTLEntry *ie, uint8_t *buf_temp,
5150                                      int fd, int cmd, abi_long arg)
5151 {
5152     int sig = target_to_host_signal(arg);
5153     return get_errno(safe_ioctl(fd, ie->host_cmd, sig));
5154 }
5155 
5156 static IOCTLEntry ioctl_entries[] = {
5157 #define IOCTL(cmd, access, ...) \
5158     { TARGET_ ## cmd, cmd, #cmd, access, 0, {  __VA_ARGS__ } },
5159 #define IOCTL_SPECIAL(cmd, access, dofn, ...)                      \
5160     { TARGET_ ## cmd, cmd, #cmd, access, dofn, {  __VA_ARGS__ } },
5161 #include "ioctls.h"
5162     { 0, 0, },
5163 };
5164 
5165 /* ??? Implement proper locking for ioctls.  */
5166 /* do_ioctl() Must return target values and target errnos. */
5167 static abi_long do_ioctl(int fd, int cmd, abi_long arg)
5168 {
5169     const IOCTLEntry *ie;
5170     const argtype *arg_type;
5171     abi_long ret;
5172     uint8_t buf_temp[MAX_STRUCT_SIZE];
5173     int target_size;
5174     void *argptr;
5175 
5176     ie = ioctl_entries;
5177     for(;;) {
5178         if (ie->target_cmd == 0) {
5179             gemu_log("Unsupported ioctl: cmd=0x%04lx\n", (long)cmd);
5180             return -TARGET_ENOSYS;
5181         }
5182         if (ie->target_cmd == cmd)
5183             break;
5184         ie++;
5185     }
5186     arg_type = ie->arg_type;
5187 #if defined(DEBUG)
5188     gemu_log("ioctl: cmd=0x%04lx (%s)\n", (long)cmd, ie->name);
5189 #endif
5190     if (ie->do_ioctl) {
5191         return ie->do_ioctl(ie, buf_temp, fd, cmd, arg);
5192     }
5193 
5194     switch(arg_type[0]) {
5195     case TYPE_NULL:
5196         /* no argument */
5197         ret = get_errno(safe_ioctl(fd, ie->host_cmd));
5198         break;
5199     case TYPE_PTRVOID:
5200     case TYPE_INT:
5201         ret = get_errno(safe_ioctl(fd, ie->host_cmd, arg));
5202         break;
5203     case TYPE_PTR:
5204         arg_type++;
5205         target_size = thunk_type_size(arg_type, 0);
5206         switch(ie->access) {
5207         case IOC_R:
5208             ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp));
5209             if (!is_error(ret)) {
5210                 argptr = lock_user(VERIFY_WRITE, arg, target_size, 0);
5211                 if (!argptr)
5212                     return -TARGET_EFAULT;
5213                 thunk_convert(argptr, buf_temp, arg_type, THUNK_TARGET);
5214                 unlock_user(argptr, arg, target_size);
5215             }
5216             break;
5217         case IOC_W:
5218             argptr = lock_user(VERIFY_READ, arg, target_size, 1);
5219             if (!argptr)
5220                 return -TARGET_EFAULT;
5221             thunk_convert(buf_temp, argptr, arg_type, THUNK_HOST);
5222             unlock_user(argptr, arg, 0);
5223             ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp));
5224             break;
5225         default:
5226         case IOC_RW:
5227             argptr = lock_user(VERIFY_READ, arg, target_size, 1);
5228             if (!argptr)
5229                 return -TARGET_EFAULT;
5230             thunk_convert(buf_temp, argptr, arg_type, THUNK_HOST);
5231             unlock_user(argptr, arg, 0);
5232             ret = get_errno(safe_ioctl(fd, ie->host_cmd, buf_temp));
5233             if (!is_error(ret)) {
5234                 argptr = lock_user(VERIFY_WRITE, arg, target_size, 0);
5235                 if (!argptr)
5236                     return -TARGET_EFAULT;
5237                 thunk_convert(argptr, buf_temp, arg_type, THUNK_TARGET);
5238                 unlock_user(argptr, arg, target_size);
5239             }
5240             break;
5241         }
5242         break;
5243     default:
5244         gemu_log("Unsupported ioctl type: cmd=0x%04lx type=%d\n",
5245                  (long)cmd, arg_type[0]);
5246         ret = -TARGET_ENOSYS;
5247         break;
5248     }
5249     return ret;
5250 }
5251 
5252 static const bitmask_transtbl iflag_tbl[] = {
5253         { TARGET_IGNBRK, TARGET_IGNBRK, IGNBRK, IGNBRK },
5254         { TARGET_BRKINT, TARGET_BRKINT, BRKINT, BRKINT },
5255         { TARGET_IGNPAR, TARGET_IGNPAR, IGNPAR, IGNPAR },
5256         { TARGET_PARMRK, TARGET_PARMRK, PARMRK, PARMRK },
5257         { TARGET_INPCK, TARGET_INPCK, INPCK, INPCK },
5258         { TARGET_ISTRIP, TARGET_ISTRIP, ISTRIP, ISTRIP },
5259         { TARGET_INLCR, TARGET_INLCR, INLCR, INLCR },
5260         { TARGET_IGNCR, TARGET_IGNCR, IGNCR, IGNCR },
5261         { TARGET_ICRNL, TARGET_ICRNL, ICRNL, ICRNL },
5262         { TARGET_IUCLC, TARGET_IUCLC, IUCLC, IUCLC },
5263         { TARGET_IXON, TARGET_IXON, IXON, IXON },
5264         { TARGET_IXANY, TARGET_IXANY, IXANY, IXANY },
5265         { TARGET_IXOFF, TARGET_IXOFF, IXOFF, IXOFF },
5266         { TARGET_IMAXBEL, TARGET_IMAXBEL, IMAXBEL, IMAXBEL },
5267         { 0, 0, 0, 0 }
5268 };
5269 
5270 static const bitmask_transtbl oflag_tbl[] = {
5271 	{ TARGET_OPOST, TARGET_OPOST, OPOST, OPOST },
5272 	{ TARGET_OLCUC, TARGET_OLCUC, OLCUC, OLCUC },
5273 	{ TARGET_ONLCR, TARGET_ONLCR, ONLCR, ONLCR },
5274 	{ TARGET_OCRNL, TARGET_OCRNL, OCRNL, OCRNL },
5275 	{ TARGET_ONOCR, TARGET_ONOCR, ONOCR, ONOCR },
5276 	{ TARGET_ONLRET, TARGET_ONLRET, ONLRET, ONLRET },
5277 	{ TARGET_OFILL, TARGET_OFILL, OFILL, OFILL },
5278 	{ TARGET_OFDEL, TARGET_OFDEL, OFDEL, OFDEL },
5279 	{ TARGET_NLDLY, TARGET_NL0, NLDLY, NL0 },
5280 	{ TARGET_NLDLY, TARGET_NL1, NLDLY, NL1 },
5281 	{ TARGET_CRDLY, TARGET_CR0, CRDLY, CR0 },
5282 	{ TARGET_CRDLY, TARGET_CR1, CRDLY, CR1 },
5283 	{ TARGET_CRDLY, TARGET_CR2, CRDLY, CR2 },
5284 	{ TARGET_CRDLY, TARGET_CR3, CRDLY, CR3 },
5285 	{ TARGET_TABDLY, TARGET_TAB0, TABDLY, TAB0 },
5286 	{ TARGET_TABDLY, TARGET_TAB1, TABDLY, TAB1 },
5287 	{ TARGET_TABDLY, TARGET_TAB2, TABDLY, TAB2 },
5288 	{ TARGET_TABDLY, TARGET_TAB3, TABDLY, TAB3 },
5289 	{ TARGET_BSDLY, TARGET_BS0, BSDLY, BS0 },
5290 	{ TARGET_BSDLY, TARGET_BS1, BSDLY, BS1 },
5291 	{ TARGET_VTDLY, TARGET_VT0, VTDLY, VT0 },
5292 	{ TARGET_VTDLY, TARGET_VT1, VTDLY, VT1 },
5293 	{ TARGET_FFDLY, TARGET_FF0, FFDLY, FF0 },
5294 	{ TARGET_FFDLY, TARGET_FF1, FFDLY, FF1 },
5295 	{ 0, 0, 0, 0 }
5296 };
5297 
5298 static const bitmask_transtbl cflag_tbl[] = {
5299 	{ TARGET_CBAUD, TARGET_B0, CBAUD, B0 },
5300 	{ TARGET_CBAUD, TARGET_B50, CBAUD, B50 },
5301 	{ TARGET_CBAUD, TARGET_B75, CBAUD, B75 },
5302 	{ TARGET_CBAUD, TARGET_B110, CBAUD, B110 },
5303 	{ TARGET_CBAUD, TARGET_B134, CBAUD, B134 },
5304 	{ TARGET_CBAUD, TARGET_B150, CBAUD, B150 },
5305 	{ TARGET_CBAUD, TARGET_B200, CBAUD, B200 },
5306 	{ TARGET_CBAUD, TARGET_B300, CBAUD, B300 },
5307 	{ TARGET_CBAUD, TARGET_B600, CBAUD, B600 },
5308 	{ TARGET_CBAUD, TARGET_B1200, CBAUD, B1200 },
5309 	{ TARGET_CBAUD, TARGET_B1800, CBAUD, B1800 },
5310 	{ TARGET_CBAUD, TARGET_B2400, CBAUD, B2400 },
5311 	{ TARGET_CBAUD, TARGET_B4800, CBAUD, B4800 },
5312 	{ TARGET_CBAUD, TARGET_B9600, CBAUD, B9600 },
5313 	{ TARGET_CBAUD, TARGET_B19200, CBAUD, B19200 },
5314 	{ TARGET_CBAUD, TARGET_B38400, CBAUD, B38400 },
5315 	{ TARGET_CBAUD, TARGET_B57600, CBAUD, B57600 },
5316 	{ TARGET_CBAUD, TARGET_B115200, CBAUD, B115200 },
5317 	{ TARGET_CBAUD, TARGET_B230400, CBAUD, B230400 },
5318 	{ TARGET_CBAUD, TARGET_B460800, CBAUD, B460800 },
5319 	{ TARGET_CSIZE, TARGET_CS5, CSIZE, CS5 },
5320 	{ TARGET_CSIZE, TARGET_CS6, CSIZE, CS6 },
5321 	{ TARGET_CSIZE, TARGET_CS7, CSIZE, CS7 },
5322 	{ TARGET_CSIZE, TARGET_CS8, CSIZE, CS8 },
5323 	{ TARGET_CSTOPB, TARGET_CSTOPB, CSTOPB, CSTOPB },
5324 	{ TARGET_CREAD, TARGET_CREAD, CREAD, CREAD },
5325 	{ TARGET_PARENB, TARGET_PARENB, PARENB, PARENB },
5326 	{ TARGET_PARODD, TARGET_PARODD, PARODD, PARODD },
5327 	{ TARGET_HUPCL, TARGET_HUPCL, HUPCL, HUPCL },
5328 	{ TARGET_CLOCAL, TARGET_CLOCAL, CLOCAL, CLOCAL },
5329 	{ TARGET_CRTSCTS, TARGET_CRTSCTS, CRTSCTS, CRTSCTS },
5330 	{ 0, 0, 0, 0 }
5331 };
5332 
5333 static const bitmask_transtbl lflag_tbl[] = {
5334 	{ TARGET_ISIG, TARGET_ISIG, ISIG, ISIG },
5335 	{ TARGET_ICANON, TARGET_ICANON, ICANON, ICANON },
5336 	{ TARGET_XCASE, TARGET_XCASE, XCASE, XCASE },
5337 	{ TARGET_ECHO, TARGET_ECHO, ECHO, ECHO },
5338 	{ TARGET_ECHOE, TARGET_ECHOE, ECHOE, ECHOE },
5339 	{ TARGET_ECHOK, TARGET_ECHOK, ECHOK, ECHOK },
5340 	{ TARGET_ECHONL, TARGET_ECHONL, ECHONL, ECHONL },
5341 	{ TARGET_NOFLSH, TARGET_NOFLSH, NOFLSH, NOFLSH },
5342 	{ TARGET_TOSTOP, TARGET_TOSTOP, TOSTOP, TOSTOP },
5343 	{ TARGET_ECHOCTL, TARGET_ECHOCTL, ECHOCTL, ECHOCTL },
5344 	{ TARGET_ECHOPRT, TARGET_ECHOPRT, ECHOPRT, ECHOPRT },
5345 	{ TARGET_ECHOKE, TARGET_ECHOKE, ECHOKE, ECHOKE },
5346 	{ TARGET_FLUSHO, TARGET_FLUSHO, FLUSHO, FLUSHO },
5347 	{ TARGET_PENDIN, TARGET_PENDIN, PENDIN, PENDIN },
5348 	{ TARGET_IEXTEN, TARGET_IEXTEN, IEXTEN, IEXTEN },
5349 	{ 0, 0, 0, 0 }
5350 };
5351 
5352 static void target_to_host_termios (void *dst, const void *src)
5353 {
5354     struct host_termios *host = dst;
5355     const struct target_termios *target = src;
5356 
5357     host->c_iflag =
5358         target_to_host_bitmask(tswap32(target->c_iflag), iflag_tbl);
5359     host->c_oflag =
5360         target_to_host_bitmask(tswap32(target->c_oflag), oflag_tbl);
5361     host->c_cflag =
5362         target_to_host_bitmask(tswap32(target->c_cflag), cflag_tbl);
5363     host->c_lflag =
5364         target_to_host_bitmask(tswap32(target->c_lflag), lflag_tbl);
5365     host->c_line = target->c_line;
5366 
5367     memset(host->c_cc, 0, sizeof(host->c_cc));
5368     host->c_cc[VINTR] = target->c_cc[TARGET_VINTR];
5369     host->c_cc[VQUIT] = target->c_cc[TARGET_VQUIT];
5370     host->c_cc[VERASE] = target->c_cc[TARGET_VERASE];
5371     host->c_cc[VKILL] = target->c_cc[TARGET_VKILL];
5372     host->c_cc[VEOF] = target->c_cc[TARGET_VEOF];
5373     host->c_cc[VTIME] = target->c_cc[TARGET_VTIME];
5374     host->c_cc[VMIN] = target->c_cc[TARGET_VMIN];
5375     host->c_cc[VSWTC] = target->c_cc[TARGET_VSWTC];
5376     host->c_cc[VSTART] = target->c_cc[TARGET_VSTART];
5377     host->c_cc[VSTOP] = target->c_cc[TARGET_VSTOP];
5378     host->c_cc[VSUSP] = target->c_cc[TARGET_VSUSP];
5379     host->c_cc[VEOL] = target->c_cc[TARGET_VEOL];
5380     host->c_cc[VREPRINT] = target->c_cc[TARGET_VREPRINT];
5381     host->c_cc[VDISCARD] = target->c_cc[TARGET_VDISCARD];
5382     host->c_cc[VWERASE] = target->c_cc[TARGET_VWERASE];
5383     host->c_cc[VLNEXT] = target->c_cc[TARGET_VLNEXT];
5384     host->c_cc[VEOL2] = target->c_cc[TARGET_VEOL2];
5385 }
5386 
5387 static void host_to_target_termios (void *dst, const void *src)
5388 {
5389     struct target_termios *target = dst;
5390     const struct host_termios *host = src;
5391 
5392     target->c_iflag =
5393         tswap32(host_to_target_bitmask(host->c_iflag, iflag_tbl));
5394     target->c_oflag =
5395         tswap32(host_to_target_bitmask(host->c_oflag, oflag_tbl));
5396     target->c_cflag =
5397         tswap32(host_to_target_bitmask(host->c_cflag, cflag_tbl));
5398     target->c_lflag =
5399         tswap32(host_to_target_bitmask(host->c_lflag, lflag_tbl));
5400     target->c_line = host->c_line;
5401 
5402     memset(target->c_cc, 0, sizeof(target->c_cc));
5403     target->c_cc[TARGET_VINTR] = host->c_cc[VINTR];
5404     target->c_cc[TARGET_VQUIT] = host->c_cc[VQUIT];
5405     target->c_cc[TARGET_VERASE] = host->c_cc[VERASE];
5406     target->c_cc[TARGET_VKILL] = host->c_cc[VKILL];
5407     target->c_cc[TARGET_VEOF] = host->c_cc[VEOF];
5408     target->c_cc[TARGET_VTIME] = host->c_cc[VTIME];
5409     target->c_cc[TARGET_VMIN] = host->c_cc[VMIN];
5410     target->c_cc[TARGET_VSWTC] = host->c_cc[VSWTC];
5411     target->c_cc[TARGET_VSTART] = host->c_cc[VSTART];
5412     target->c_cc[TARGET_VSTOP] = host->c_cc[VSTOP];
5413     target->c_cc[TARGET_VSUSP] = host->c_cc[VSUSP];
5414     target->c_cc[TARGET_VEOL] = host->c_cc[VEOL];
5415     target->c_cc[TARGET_VREPRINT] = host->c_cc[VREPRINT];
5416     target->c_cc[TARGET_VDISCARD] = host->c_cc[VDISCARD];
5417     target->c_cc[TARGET_VWERASE] = host->c_cc[VWERASE];
5418     target->c_cc[TARGET_VLNEXT] = host->c_cc[VLNEXT];
5419     target->c_cc[TARGET_VEOL2] = host->c_cc[VEOL2];
5420 }
5421 
5422 static const StructEntry struct_termios_def = {
5423     .convert = { host_to_target_termios, target_to_host_termios },
5424     .size = { sizeof(struct target_termios), sizeof(struct host_termios) },
5425     .align = { __alignof__(struct target_termios), __alignof__(struct host_termios) },
5426 };
5427 
5428 static bitmask_transtbl mmap_flags_tbl[] = {
5429 	{ TARGET_MAP_SHARED, TARGET_MAP_SHARED, MAP_SHARED, MAP_SHARED },
5430 	{ TARGET_MAP_PRIVATE, TARGET_MAP_PRIVATE, MAP_PRIVATE, MAP_PRIVATE },
5431 	{ TARGET_MAP_FIXED, TARGET_MAP_FIXED, MAP_FIXED, MAP_FIXED },
5432 	{ TARGET_MAP_ANONYMOUS, TARGET_MAP_ANONYMOUS, MAP_ANONYMOUS, MAP_ANONYMOUS },
5433 	{ TARGET_MAP_GROWSDOWN, TARGET_MAP_GROWSDOWN, MAP_GROWSDOWN, MAP_GROWSDOWN },
5434 	{ TARGET_MAP_DENYWRITE, TARGET_MAP_DENYWRITE, MAP_DENYWRITE, MAP_DENYWRITE },
5435 	{ TARGET_MAP_EXECUTABLE, TARGET_MAP_EXECUTABLE, MAP_EXECUTABLE, MAP_EXECUTABLE },
5436 	{ TARGET_MAP_LOCKED, TARGET_MAP_LOCKED, MAP_LOCKED, MAP_LOCKED },
5437         { TARGET_MAP_NORESERVE, TARGET_MAP_NORESERVE, MAP_NORESERVE,
5438           MAP_NORESERVE },
5439 	{ 0, 0, 0, 0 }
5440 };
5441 
5442 #if defined(TARGET_I386)
5443 
5444 /* NOTE: there is really one LDT for all the threads */
5445 static uint8_t *ldt_table;
5446 
5447 static abi_long read_ldt(abi_ulong ptr, unsigned long bytecount)
5448 {
5449     int size;
5450     void *p;
5451 
5452     if (!ldt_table)
5453         return 0;
5454     size = TARGET_LDT_ENTRIES * TARGET_LDT_ENTRY_SIZE;
5455     if (size > bytecount)
5456         size = bytecount;
5457     p = lock_user(VERIFY_WRITE, ptr, size, 0);
5458     if (!p)
5459         return -TARGET_EFAULT;
5460     /* ??? Should this by byteswapped?  */
5461     memcpy(p, ldt_table, size);
5462     unlock_user(p, ptr, size);
5463     return size;
5464 }
5465 
5466 /* XXX: add locking support */
5467 static abi_long write_ldt(CPUX86State *env,
5468                           abi_ulong ptr, unsigned long bytecount, int oldmode)
5469 {
5470     struct target_modify_ldt_ldt_s ldt_info;
5471     struct target_modify_ldt_ldt_s *target_ldt_info;
5472     int seg_32bit, contents, read_exec_only, limit_in_pages;
5473     int seg_not_present, useable, lm;
5474     uint32_t *lp, entry_1, entry_2;
5475 
5476     if (bytecount != sizeof(ldt_info))
5477         return -TARGET_EINVAL;
5478     if (!lock_user_struct(VERIFY_READ, target_ldt_info, ptr, 1))
5479         return -TARGET_EFAULT;
5480     ldt_info.entry_number = tswap32(target_ldt_info->entry_number);
5481     ldt_info.base_addr = tswapal(target_ldt_info->base_addr);
5482     ldt_info.limit = tswap32(target_ldt_info->limit);
5483     ldt_info.flags = tswap32(target_ldt_info->flags);
5484     unlock_user_struct(target_ldt_info, ptr, 0);
5485 
5486     if (ldt_info.entry_number >= TARGET_LDT_ENTRIES)
5487         return -TARGET_EINVAL;
5488     seg_32bit = ldt_info.flags & 1;
5489     contents = (ldt_info.flags >> 1) & 3;
5490     read_exec_only = (ldt_info.flags >> 3) & 1;
5491     limit_in_pages = (ldt_info.flags >> 4) & 1;
5492     seg_not_present = (ldt_info.flags >> 5) & 1;
5493     useable = (ldt_info.flags >> 6) & 1;
5494 #ifdef TARGET_ABI32
5495     lm = 0;
5496 #else
5497     lm = (ldt_info.flags >> 7) & 1;
5498 #endif
5499     if (contents == 3) {
5500         if (oldmode)
5501             return -TARGET_EINVAL;
5502         if (seg_not_present == 0)
5503             return -TARGET_EINVAL;
5504     }
5505     /* allocate the LDT */
5506     if (!ldt_table) {
5507         env->ldt.base = target_mmap(0,
5508                                     TARGET_LDT_ENTRIES * TARGET_LDT_ENTRY_SIZE,
5509                                     PROT_READ|PROT_WRITE,
5510                                     MAP_ANONYMOUS|MAP_PRIVATE, -1, 0);
5511         if (env->ldt.base == -1)
5512             return -TARGET_ENOMEM;
5513         memset(g2h(env->ldt.base), 0,
5514                TARGET_LDT_ENTRIES * TARGET_LDT_ENTRY_SIZE);
5515         env->ldt.limit = 0xffff;
5516         ldt_table = g2h(env->ldt.base);
5517     }
5518 
5519     /* NOTE: same code as Linux kernel */
5520     /* Allow LDTs to be cleared by the user. */
5521     if (ldt_info.base_addr == 0 && ldt_info.limit == 0) {
5522         if (oldmode ||
5523             (contents == 0		&&
5524              read_exec_only == 1	&&
5525              seg_32bit == 0		&&
5526              limit_in_pages == 0	&&
5527              seg_not_present == 1	&&
5528              useable == 0 )) {
5529             entry_1 = 0;
5530             entry_2 = 0;
5531             goto install;
5532         }
5533     }
5534 
5535     entry_1 = ((ldt_info.base_addr & 0x0000ffff) << 16) |
5536         (ldt_info.limit & 0x0ffff);
5537     entry_2 = (ldt_info.base_addr & 0xff000000) |
5538         ((ldt_info.base_addr & 0x00ff0000) >> 16) |
5539         (ldt_info.limit & 0xf0000) |
5540         ((read_exec_only ^ 1) << 9) |
5541         (contents << 10) |
5542         ((seg_not_present ^ 1) << 15) |
5543         (seg_32bit << 22) |
5544         (limit_in_pages << 23) |
5545         (lm << 21) |
5546         0x7000;
5547     if (!oldmode)
5548         entry_2 |= (useable << 20);
5549 
5550     /* Install the new entry ...  */
5551 install:
5552     lp = (uint32_t *)(ldt_table + (ldt_info.entry_number << 3));
5553     lp[0] = tswap32(entry_1);
5554     lp[1] = tswap32(entry_2);
5555     return 0;
5556 }
5557 
5558 /* specific and weird i386 syscalls */
5559 static abi_long do_modify_ldt(CPUX86State *env, int func, abi_ulong ptr,
5560                               unsigned long bytecount)
5561 {
5562     abi_long ret;
5563 
5564     switch (func) {
5565     case 0:
5566         ret = read_ldt(ptr, bytecount);
5567         break;
5568     case 1:
5569         ret = write_ldt(env, ptr, bytecount, 1);
5570         break;
5571     case 0x11:
5572         ret = write_ldt(env, ptr, bytecount, 0);
5573         break;
5574     default:
5575         ret = -TARGET_ENOSYS;
5576         break;
5577     }
5578     return ret;
5579 }
5580 
5581 #if defined(TARGET_I386) && defined(TARGET_ABI32)
5582 abi_long do_set_thread_area(CPUX86State *env, abi_ulong ptr)
5583 {
5584     uint64_t *gdt_table = g2h(env->gdt.base);
5585     struct target_modify_ldt_ldt_s ldt_info;
5586     struct target_modify_ldt_ldt_s *target_ldt_info;
5587     int seg_32bit, contents, read_exec_only, limit_in_pages;
5588     int seg_not_present, useable, lm;
5589     uint32_t *lp, entry_1, entry_2;
5590     int i;
5591 
5592     lock_user_struct(VERIFY_WRITE, target_ldt_info, ptr, 1);
5593     if (!target_ldt_info)
5594         return -TARGET_EFAULT;
5595     ldt_info.entry_number = tswap32(target_ldt_info->entry_number);
5596     ldt_info.base_addr = tswapal(target_ldt_info->base_addr);
5597     ldt_info.limit = tswap32(target_ldt_info->limit);
5598     ldt_info.flags = tswap32(target_ldt_info->flags);
5599     if (ldt_info.entry_number == -1) {
5600         for (i=TARGET_GDT_ENTRY_TLS_MIN; i<=TARGET_GDT_ENTRY_TLS_MAX; i++) {
5601             if (gdt_table[i] == 0) {
5602                 ldt_info.entry_number = i;
5603                 target_ldt_info->entry_number = tswap32(i);
5604                 break;
5605             }
5606         }
5607     }
5608     unlock_user_struct(target_ldt_info, ptr, 1);
5609 
5610     if (ldt_info.entry_number < TARGET_GDT_ENTRY_TLS_MIN ||
5611         ldt_info.entry_number > TARGET_GDT_ENTRY_TLS_MAX)
5612            return -TARGET_EINVAL;
5613     seg_32bit = ldt_info.flags & 1;
5614     contents = (ldt_info.flags >> 1) & 3;
5615     read_exec_only = (ldt_info.flags >> 3) & 1;
5616     limit_in_pages = (ldt_info.flags >> 4) & 1;
5617     seg_not_present = (ldt_info.flags >> 5) & 1;
5618     useable = (ldt_info.flags >> 6) & 1;
5619 #ifdef TARGET_ABI32
5620     lm = 0;
5621 #else
5622     lm = (ldt_info.flags >> 7) & 1;
5623 #endif
5624 
5625     if (contents == 3) {
5626         if (seg_not_present == 0)
5627             return -TARGET_EINVAL;
5628     }
5629 
5630     /* NOTE: same code as Linux kernel */
5631     /* Allow LDTs to be cleared by the user. */
5632     if (ldt_info.base_addr == 0 && ldt_info.limit == 0) {
5633         if ((contents == 0             &&
5634              read_exec_only == 1       &&
5635              seg_32bit == 0            &&
5636              limit_in_pages == 0       &&
5637              seg_not_present == 1      &&
5638              useable == 0 )) {
5639             entry_1 = 0;
5640             entry_2 = 0;
5641             goto install;
5642         }
5643     }
5644 
5645     entry_1 = ((ldt_info.base_addr & 0x0000ffff) << 16) |
5646         (ldt_info.limit & 0x0ffff);
5647     entry_2 = (ldt_info.base_addr & 0xff000000) |
5648         ((ldt_info.base_addr & 0x00ff0000) >> 16) |
5649         (ldt_info.limit & 0xf0000) |
5650         ((read_exec_only ^ 1) << 9) |
5651         (contents << 10) |
5652         ((seg_not_present ^ 1) << 15) |
5653         (seg_32bit << 22) |
5654         (limit_in_pages << 23) |
5655         (useable << 20) |
5656         (lm << 21) |
5657         0x7000;
5658 
5659     /* Install the new entry ...  */
5660 install:
5661     lp = (uint32_t *)(gdt_table + ldt_info.entry_number);
5662     lp[0] = tswap32(entry_1);
5663     lp[1] = tswap32(entry_2);
5664     return 0;
5665 }
5666 
5667 static abi_long do_get_thread_area(CPUX86State *env, abi_ulong ptr)
5668 {
5669     struct target_modify_ldt_ldt_s *target_ldt_info;
5670     uint64_t *gdt_table = g2h(env->gdt.base);
5671     uint32_t base_addr, limit, flags;
5672     int seg_32bit, contents, read_exec_only, limit_in_pages, idx;
5673     int seg_not_present, useable, lm;
5674     uint32_t *lp, entry_1, entry_2;
5675 
5676     lock_user_struct(VERIFY_WRITE, target_ldt_info, ptr, 1);
5677     if (!target_ldt_info)
5678         return -TARGET_EFAULT;
5679     idx = tswap32(target_ldt_info->entry_number);
5680     if (idx < TARGET_GDT_ENTRY_TLS_MIN ||
5681         idx > TARGET_GDT_ENTRY_TLS_MAX) {
5682         unlock_user_struct(target_ldt_info, ptr, 1);
5683         return -TARGET_EINVAL;
5684     }
5685     lp = (uint32_t *)(gdt_table + idx);
5686     entry_1 = tswap32(lp[0]);
5687     entry_2 = tswap32(lp[1]);
5688 
5689     read_exec_only = ((entry_2 >> 9) & 1) ^ 1;
5690     contents = (entry_2 >> 10) & 3;
5691     seg_not_present = ((entry_2 >> 15) & 1) ^ 1;
5692     seg_32bit = (entry_2 >> 22) & 1;
5693     limit_in_pages = (entry_2 >> 23) & 1;
5694     useable = (entry_2 >> 20) & 1;
5695 #ifdef TARGET_ABI32
5696     lm = 0;
5697 #else
5698     lm = (entry_2 >> 21) & 1;
5699 #endif
5700     flags = (seg_32bit << 0) | (contents << 1) |
5701         (read_exec_only << 3) | (limit_in_pages << 4) |
5702         (seg_not_present << 5) | (useable << 6) | (lm << 7);
5703     limit = (entry_1 & 0xffff) | (entry_2  & 0xf0000);
5704     base_addr = (entry_1 >> 16) |
5705         (entry_2 & 0xff000000) |
5706         ((entry_2 & 0xff) << 16);
5707     target_ldt_info->base_addr = tswapal(base_addr);
5708     target_ldt_info->limit = tswap32(limit);
5709     target_ldt_info->flags = tswap32(flags);
5710     unlock_user_struct(target_ldt_info, ptr, 1);
5711     return 0;
5712 }
5713 #endif /* TARGET_I386 && TARGET_ABI32 */
5714 
5715 #ifndef TARGET_ABI32
5716 abi_long do_arch_prctl(CPUX86State *env, int code, abi_ulong addr)
5717 {
5718     abi_long ret = 0;
5719     abi_ulong val;
5720     int idx;
5721 
5722     switch(code) {
5723     case TARGET_ARCH_SET_GS:
5724     case TARGET_ARCH_SET_FS:
5725         if (code == TARGET_ARCH_SET_GS)
5726             idx = R_GS;
5727         else
5728             idx = R_FS;
5729         cpu_x86_load_seg(env, idx, 0);
5730         env->segs[idx].base = addr;
5731         break;
5732     case TARGET_ARCH_GET_GS:
5733     case TARGET_ARCH_GET_FS:
5734         if (code == TARGET_ARCH_GET_GS)
5735             idx = R_GS;
5736         else
5737             idx = R_FS;
5738         val = env->segs[idx].base;
5739         if (put_user(val, addr, abi_ulong))
5740             ret = -TARGET_EFAULT;
5741         break;
5742     default:
5743         ret = -TARGET_EINVAL;
5744         break;
5745     }
5746     return ret;
5747 }
5748 #endif
5749 
5750 #endif /* defined(TARGET_I386) */
5751 
5752 #define NEW_STACK_SIZE 0x40000
5753 
5754 
5755 static pthread_mutex_t clone_lock = PTHREAD_MUTEX_INITIALIZER;
5756 typedef struct {
5757     CPUArchState *env;
5758     pthread_mutex_t mutex;
5759     pthread_cond_t cond;
5760     pthread_t thread;
5761     uint32_t tid;
5762     abi_ulong child_tidptr;
5763     abi_ulong parent_tidptr;
5764     sigset_t sigmask;
5765 } new_thread_info;
5766 
5767 static void *clone_func(void *arg)
5768 {
5769     new_thread_info *info = arg;
5770     CPUArchState *env;
5771     CPUState *cpu;
5772     TaskState *ts;
5773 
5774     rcu_register_thread();
5775     env = info->env;
5776     cpu = ENV_GET_CPU(env);
5777     thread_cpu = cpu;
5778     ts = (TaskState *)cpu->opaque;
5779     info->tid = gettid();
5780     cpu->host_tid = info->tid;
5781     task_settid(ts);
5782     if (info->child_tidptr)
5783         put_user_u32(info->tid, info->child_tidptr);
5784     if (info->parent_tidptr)
5785         put_user_u32(info->tid, info->parent_tidptr);
5786     /* Enable signals.  */
5787     sigprocmask(SIG_SETMASK, &info->sigmask, NULL);
5788     /* Signal to the parent that we're ready.  */
5789     pthread_mutex_lock(&info->mutex);
5790     pthread_cond_broadcast(&info->cond);
5791     pthread_mutex_unlock(&info->mutex);
5792     /* Wait until the parent has finshed initializing the tls state.  */
5793     pthread_mutex_lock(&clone_lock);
5794     pthread_mutex_unlock(&clone_lock);
5795     cpu_loop(env);
5796     /* never exits */
5797     return NULL;
5798 }
5799 
5800 /* do_fork() Must return host values and target errnos (unlike most
5801    do_*() functions). */
5802 static int do_fork(CPUArchState *env, unsigned int flags, abi_ulong newsp,
5803                    abi_ulong parent_tidptr, target_ulong newtls,
5804                    abi_ulong child_tidptr)
5805 {
5806     CPUState *cpu = ENV_GET_CPU(env);
5807     int ret;
5808     TaskState *ts;
5809     CPUState *new_cpu;
5810     CPUArchState *new_env;
5811     unsigned int nptl_flags;
5812     sigset_t sigmask;
5813 
5814     /* Emulate vfork() with fork() */
5815     if (flags & CLONE_VFORK)
5816         flags &= ~(CLONE_VFORK | CLONE_VM);
5817 
5818     if (flags & CLONE_VM) {
5819         TaskState *parent_ts = (TaskState *)cpu->opaque;
5820         new_thread_info info;
5821         pthread_attr_t attr;
5822 
5823         ts = g_new0(TaskState, 1);
5824         init_task_state(ts);
5825         /* we create a new CPU instance. */
5826         new_env = cpu_copy(env);
5827         /* Init regs that differ from the parent.  */
5828         cpu_clone_regs(new_env, newsp);
5829         new_cpu = ENV_GET_CPU(new_env);
5830         new_cpu->opaque = ts;
5831         ts->bprm = parent_ts->bprm;
5832         ts->info = parent_ts->info;
5833         ts->signal_mask = parent_ts->signal_mask;
5834         nptl_flags = flags;
5835         flags &= ~CLONE_NPTL_FLAGS2;
5836 
5837         if (nptl_flags & CLONE_CHILD_CLEARTID) {
5838             ts->child_tidptr = child_tidptr;
5839         }
5840 
5841         if (nptl_flags & CLONE_SETTLS)
5842             cpu_set_tls (new_env, newtls);
5843 
5844         /* Grab a mutex so that thread setup appears atomic.  */
5845         pthread_mutex_lock(&clone_lock);
5846 
5847         memset(&info, 0, sizeof(info));
5848         pthread_mutex_init(&info.mutex, NULL);
5849         pthread_mutex_lock(&info.mutex);
5850         pthread_cond_init(&info.cond, NULL);
5851         info.env = new_env;
5852         if (nptl_flags & CLONE_CHILD_SETTID)
5853             info.child_tidptr = child_tidptr;
5854         if (nptl_flags & CLONE_PARENT_SETTID)
5855             info.parent_tidptr = parent_tidptr;
5856 
5857         ret = pthread_attr_init(&attr);
5858         ret = pthread_attr_setstacksize(&attr, NEW_STACK_SIZE);
5859         ret = pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
5860         /* It is not safe to deliver signals until the child has finished
5861            initializing, so temporarily block all signals.  */
5862         sigfillset(&sigmask);
5863         sigprocmask(SIG_BLOCK, &sigmask, &info.sigmask);
5864 
5865         ret = pthread_create(&info.thread, &attr, clone_func, &info);
5866         /* TODO: Free new CPU state if thread creation failed.  */
5867 
5868         sigprocmask(SIG_SETMASK, &info.sigmask, NULL);
5869         pthread_attr_destroy(&attr);
5870         if (ret == 0) {
5871             /* Wait for the child to initialize.  */
5872             pthread_cond_wait(&info.cond, &info.mutex);
5873             ret = info.tid;
5874             if (flags & CLONE_PARENT_SETTID)
5875                 put_user_u32(ret, parent_tidptr);
5876         } else {
5877             ret = -1;
5878         }
5879         pthread_mutex_unlock(&info.mutex);
5880         pthread_cond_destroy(&info.cond);
5881         pthread_mutex_destroy(&info.mutex);
5882         pthread_mutex_unlock(&clone_lock);
5883     } else {
5884         /* if no CLONE_VM, we consider it is a fork */
5885         if ((flags & ~(CSIGNAL | CLONE_NPTL_FLAGS2)) != 0) {
5886             return -TARGET_EINVAL;
5887         }
5888 
5889         if (block_signals()) {
5890             return -TARGET_ERESTARTSYS;
5891         }
5892 
5893         fork_start();
5894         ret = fork();
5895         if (ret == 0) {
5896             /* Child Process.  */
5897             rcu_after_fork();
5898             cpu_clone_regs(env, newsp);
5899             fork_end(1);
5900             /* There is a race condition here.  The parent process could
5901                theoretically read the TID in the child process before the child
5902                tid is set.  This would require using either ptrace
5903                (not implemented) or having *_tidptr to point at a shared memory
5904                mapping.  We can't repeat the spinlock hack used above because
5905                the child process gets its own copy of the lock.  */
5906             if (flags & CLONE_CHILD_SETTID)
5907                 put_user_u32(gettid(), child_tidptr);
5908             if (flags & CLONE_PARENT_SETTID)
5909                 put_user_u32(gettid(), parent_tidptr);
5910             ts = (TaskState *)cpu->opaque;
5911             if (flags & CLONE_SETTLS)
5912                 cpu_set_tls (env, newtls);
5913             if (flags & CLONE_CHILD_CLEARTID)
5914                 ts->child_tidptr = child_tidptr;
5915         } else {
5916             fork_end(0);
5917         }
5918     }
5919     return ret;
5920 }
5921 
5922 /* warning : doesn't handle linux specific flags... */
5923 static int target_to_host_fcntl_cmd(int cmd)
5924 {
5925     switch(cmd) {
5926 	case TARGET_F_DUPFD:
5927 	case TARGET_F_GETFD:
5928 	case TARGET_F_SETFD:
5929 	case TARGET_F_GETFL:
5930 	case TARGET_F_SETFL:
5931             return cmd;
5932         case TARGET_F_GETLK:
5933             return F_GETLK64;
5934         case TARGET_F_SETLK:
5935             return F_SETLK64;
5936         case TARGET_F_SETLKW:
5937             return F_SETLKW64;
5938 	case TARGET_F_GETOWN:
5939 	    return F_GETOWN;
5940 	case TARGET_F_SETOWN:
5941 	    return F_SETOWN;
5942 	case TARGET_F_GETSIG:
5943 	    return F_GETSIG;
5944 	case TARGET_F_SETSIG:
5945 	    return F_SETSIG;
5946 #if TARGET_ABI_BITS == 32
5947         case TARGET_F_GETLK64:
5948 	    return F_GETLK64;
5949 	case TARGET_F_SETLK64:
5950 	    return F_SETLK64;
5951 	case TARGET_F_SETLKW64:
5952 	    return F_SETLKW64;
5953 #endif
5954         case TARGET_F_SETLEASE:
5955             return F_SETLEASE;
5956         case TARGET_F_GETLEASE:
5957             return F_GETLEASE;
5958 #ifdef F_DUPFD_CLOEXEC
5959         case TARGET_F_DUPFD_CLOEXEC:
5960             return F_DUPFD_CLOEXEC;
5961 #endif
5962         case TARGET_F_NOTIFY:
5963             return F_NOTIFY;
5964 #ifdef F_GETOWN_EX
5965 	case TARGET_F_GETOWN_EX:
5966 	    return F_GETOWN_EX;
5967 #endif
5968 #ifdef F_SETOWN_EX
5969 	case TARGET_F_SETOWN_EX:
5970 	    return F_SETOWN_EX;
5971 #endif
5972 #ifdef F_SETPIPE_SZ
5973         case TARGET_F_SETPIPE_SZ:
5974             return F_SETPIPE_SZ;
5975         case TARGET_F_GETPIPE_SZ:
5976             return F_GETPIPE_SZ;
5977 #endif
5978 	default:
5979             return -TARGET_EINVAL;
5980     }
5981     return -TARGET_EINVAL;
5982 }
5983 
5984 #define TRANSTBL_CONVERT(a) { -1, TARGET_##a, -1, a }
5985 static const bitmask_transtbl flock_tbl[] = {
5986     TRANSTBL_CONVERT(F_RDLCK),
5987     TRANSTBL_CONVERT(F_WRLCK),
5988     TRANSTBL_CONVERT(F_UNLCK),
5989     TRANSTBL_CONVERT(F_EXLCK),
5990     TRANSTBL_CONVERT(F_SHLCK),
5991     { 0, 0, 0, 0 }
5992 };
5993 
5994 static inline abi_long copy_from_user_flock(struct flock64 *fl,
5995                                             abi_ulong target_flock_addr)
5996 {
5997     struct target_flock *target_fl;
5998     short l_type;
5999 
6000     if (!lock_user_struct(VERIFY_READ, target_fl, target_flock_addr, 1)) {
6001         return -TARGET_EFAULT;
6002     }
6003 
6004     __get_user(l_type, &target_fl->l_type);
6005     fl->l_type = target_to_host_bitmask(l_type, flock_tbl);
6006     __get_user(fl->l_whence, &target_fl->l_whence);
6007     __get_user(fl->l_start, &target_fl->l_start);
6008     __get_user(fl->l_len, &target_fl->l_len);
6009     __get_user(fl->l_pid, &target_fl->l_pid);
6010     unlock_user_struct(target_fl, target_flock_addr, 0);
6011     return 0;
6012 }
6013 
6014 static inline abi_long copy_to_user_flock(abi_ulong target_flock_addr,
6015                                           const struct flock64 *fl)
6016 {
6017     struct target_flock *target_fl;
6018     short l_type;
6019 
6020     if (!lock_user_struct(VERIFY_WRITE, target_fl, target_flock_addr, 0)) {
6021         return -TARGET_EFAULT;
6022     }
6023 
6024     l_type = host_to_target_bitmask(fl->l_type, flock_tbl);
6025     __put_user(l_type, &target_fl->l_type);
6026     __put_user(fl->l_whence, &target_fl->l_whence);
6027     __put_user(fl->l_start, &target_fl->l_start);
6028     __put_user(fl->l_len, &target_fl->l_len);
6029     __put_user(fl->l_pid, &target_fl->l_pid);
6030     unlock_user_struct(target_fl, target_flock_addr, 1);
6031     return 0;
6032 }
6033 
6034 typedef abi_long from_flock64_fn(struct flock64 *fl, abi_ulong target_addr);
6035 typedef abi_long to_flock64_fn(abi_ulong target_addr, const struct flock64 *fl);
6036 
6037 #if defined(TARGET_ARM) && TARGET_ABI_BITS == 32
6038 static inline abi_long copy_from_user_eabi_flock64(struct flock64 *fl,
6039                                                    abi_ulong target_flock_addr)
6040 {
6041     struct target_eabi_flock64 *target_fl;
6042     short l_type;
6043 
6044     if (!lock_user_struct(VERIFY_READ, target_fl, target_flock_addr, 1)) {
6045         return -TARGET_EFAULT;
6046     }
6047 
6048     __get_user(l_type, &target_fl->l_type);
6049     fl->l_type = target_to_host_bitmask(l_type, flock_tbl);
6050     __get_user(fl->l_whence, &target_fl->l_whence);
6051     __get_user(fl->l_start, &target_fl->l_start);
6052     __get_user(fl->l_len, &target_fl->l_len);
6053     __get_user(fl->l_pid, &target_fl->l_pid);
6054     unlock_user_struct(target_fl, target_flock_addr, 0);
6055     return 0;
6056 }
6057 
6058 static inline abi_long copy_to_user_eabi_flock64(abi_ulong target_flock_addr,
6059                                                  const struct flock64 *fl)
6060 {
6061     struct target_eabi_flock64 *target_fl;
6062     short l_type;
6063 
6064     if (!lock_user_struct(VERIFY_WRITE, target_fl, target_flock_addr, 0)) {
6065         return -TARGET_EFAULT;
6066     }
6067 
6068     l_type = host_to_target_bitmask(fl->l_type, flock_tbl);
6069     __put_user(l_type, &target_fl->l_type);
6070     __put_user(fl->l_whence, &target_fl->l_whence);
6071     __put_user(fl->l_start, &target_fl->l_start);
6072     __put_user(fl->l_len, &target_fl->l_len);
6073     __put_user(fl->l_pid, &target_fl->l_pid);
6074     unlock_user_struct(target_fl, target_flock_addr, 1);
6075     return 0;
6076 }
6077 #endif
6078 
6079 static inline abi_long copy_from_user_flock64(struct flock64 *fl,
6080                                               abi_ulong target_flock_addr)
6081 {
6082     struct target_flock64 *target_fl;
6083     short l_type;
6084 
6085     if (!lock_user_struct(VERIFY_READ, target_fl, target_flock_addr, 1)) {
6086         return -TARGET_EFAULT;
6087     }
6088 
6089     __get_user(l_type, &target_fl->l_type);
6090     fl->l_type = target_to_host_bitmask(l_type, flock_tbl);
6091     __get_user(fl->l_whence, &target_fl->l_whence);
6092     __get_user(fl->l_start, &target_fl->l_start);
6093     __get_user(fl->l_len, &target_fl->l_len);
6094     __get_user(fl->l_pid, &target_fl->l_pid);
6095     unlock_user_struct(target_fl, target_flock_addr, 0);
6096     return 0;
6097 }
6098 
6099 static inline abi_long copy_to_user_flock64(abi_ulong target_flock_addr,
6100                                             const struct flock64 *fl)
6101 {
6102     struct target_flock64 *target_fl;
6103     short l_type;
6104 
6105     if (!lock_user_struct(VERIFY_WRITE, target_fl, target_flock_addr, 0)) {
6106         return -TARGET_EFAULT;
6107     }
6108 
6109     l_type = host_to_target_bitmask(fl->l_type, flock_tbl);
6110     __put_user(l_type, &target_fl->l_type);
6111     __put_user(fl->l_whence, &target_fl->l_whence);
6112     __put_user(fl->l_start, &target_fl->l_start);
6113     __put_user(fl->l_len, &target_fl->l_len);
6114     __put_user(fl->l_pid, &target_fl->l_pid);
6115     unlock_user_struct(target_fl, target_flock_addr, 1);
6116     return 0;
6117 }
6118 
6119 static abi_long do_fcntl(int fd, int cmd, abi_ulong arg)
6120 {
6121     struct flock64 fl64;
6122 #ifdef F_GETOWN_EX
6123     struct f_owner_ex fox;
6124     struct target_f_owner_ex *target_fox;
6125 #endif
6126     abi_long ret;
6127     int host_cmd = target_to_host_fcntl_cmd(cmd);
6128 
6129     if (host_cmd == -TARGET_EINVAL)
6130 	    return host_cmd;
6131 
6132     switch(cmd) {
6133     case TARGET_F_GETLK:
6134         ret = copy_from_user_flock(&fl64, arg);
6135         if (ret) {
6136             return ret;
6137         }
6138         ret = get_errno(safe_fcntl(fd, host_cmd, &fl64));
6139         if (ret == 0) {
6140             ret = copy_to_user_flock(arg, &fl64);
6141         }
6142         break;
6143 
6144     case TARGET_F_SETLK:
6145     case TARGET_F_SETLKW:
6146         ret = copy_from_user_flock(&fl64, arg);
6147         if (ret) {
6148             return ret;
6149         }
6150         ret = get_errno(safe_fcntl(fd, host_cmd, &fl64));
6151         break;
6152 
6153     case TARGET_F_GETLK64:
6154         ret = copy_from_user_flock64(&fl64, arg);
6155         if (ret) {
6156             return ret;
6157         }
6158         ret = get_errno(safe_fcntl(fd, host_cmd, &fl64));
6159         if (ret == 0) {
6160             ret = copy_to_user_flock64(arg, &fl64);
6161         }
6162         break;
6163     case TARGET_F_SETLK64:
6164     case TARGET_F_SETLKW64:
6165         ret = copy_from_user_flock64(&fl64, arg);
6166         if (ret) {
6167             return ret;
6168         }
6169         ret = get_errno(safe_fcntl(fd, host_cmd, &fl64));
6170         break;
6171 
6172     case TARGET_F_GETFL:
6173         ret = get_errno(safe_fcntl(fd, host_cmd, arg));
6174         if (ret >= 0) {
6175             ret = host_to_target_bitmask(ret, fcntl_flags_tbl);
6176         }
6177         break;
6178 
6179     case TARGET_F_SETFL:
6180         ret = get_errno(safe_fcntl(fd, host_cmd,
6181                                    target_to_host_bitmask(arg,
6182                                                           fcntl_flags_tbl)));
6183         break;
6184 
6185 #ifdef F_GETOWN_EX
6186     case TARGET_F_GETOWN_EX:
6187         ret = get_errno(safe_fcntl(fd, host_cmd, &fox));
6188         if (ret >= 0) {
6189             if (!lock_user_struct(VERIFY_WRITE, target_fox, arg, 0))
6190                 return -TARGET_EFAULT;
6191             target_fox->type = tswap32(fox.type);
6192             target_fox->pid = tswap32(fox.pid);
6193             unlock_user_struct(target_fox, arg, 1);
6194         }
6195         break;
6196 #endif
6197 
6198 #ifdef F_SETOWN_EX
6199     case TARGET_F_SETOWN_EX:
6200         if (!lock_user_struct(VERIFY_READ, target_fox, arg, 1))
6201             return -TARGET_EFAULT;
6202         fox.type = tswap32(target_fox->type);
6203         fox.pid = tswap32(target_fox->pid);
6204         unlock_user_struct(target_fox, arg, 0);
6205         ret = get_errno(safe_fcntl(fd, host_cmd, &fox));
6206         break;
6207 #endif
6208 
6209     case TARGET_F_SETOWN:
6210     case TARGET_F_GETOWN:
6211     case TARGET_F_SETSIG:
6212     case TARGET_F_GETSIG:
6213     case TARGET_F_SETLEASE:
6214     case TARGET_F_GETLEASE:
6215     case TARGET_F_SETPIPE_SZ:
6216     case TARGET_F_GETPIPE_SZ:
6217         ret = get_errno(safe_fcntl(fd, host_cmd, arg));
6218         break;
6219 
6220     default:
6221         ret = get_errno(safe_fcntl(fd, cmd, arg));
6222         break;
6223     }
6224     return ret;
6225 }
6226 
6227 #ifdef USE_UID16
6228 
6229 static inline int high2lowuid(int uid)
6230 {
6231     if (uid > 65535)
6232         return 65534;
6233     else
6234         return uid;
6235 }
6236 
6237 static inline int high2lowgid(int gid)
6238 {
6239     if (gid > 65535)
6240         return 65534;
6241     else
6242         return gid;
6243 }
6244 
6245 static inline int low2highuid(int uid)
6246 {
6247     if ((int16_t)uid == -1)
6248         return -1;
6249     else
6250         return uid;
6251 }
6252 
6253 static inline int low2highgid(int gid)
6254 {
6255     if ((int16_t)gid == -1)
6256         return -1;
6257     else
6258         return gid;
6259 }
6260 static inline int tswapid(int id)
6261 {
6262     return tswap16(id);
6263 }
6264 
6265 #define put_user_id(x, gaddr) put_user_u16(x, gaddr)
6266 
6267 #else /* !USE_UID16 */
6268 static inline int high2lowuid(int uid)
6269 {
6270     return uid;
6271 }
6272 static inline int high2lowgid(int gid)
6273 {
6274     return gid;
6275 }
6276 static inline int low2highuid(int uid)
6277 {
6278     return uid;
6279 }
6280 static inline int low2highgid(int gid)
6281 {
6282     return gid;
6283 }
6284 static inline int tswapid(int id)
6285 {
6286     return tswap32(id);
6287 }
6288 
6289 #define put_user_id(x, gaddr) put_user_u32(x, gaddr)
6290 
6291 #endif /* USE_UID16 */
6292 
6293 /* We must do direct syscalls for setting UID/GID, because we want to
6294  * implement the Linux system call semantics of "change only for this thread",
6295  * not the libc/POSIX semantics of "change for all threads in process".
6296  * (See http://ewontfix.com/17/ for more details.)
6297  * We use the 32-bit version of the syscalls if present; if it is not
6298  * then either the host architecture supports 32-bit UIDs natively with
6299  * the standard syscall, or the 16-bit UID is the best we can do.
6300  */
6301 #ifdef __NR_setuid32
6302 #define __NR_sys_setuid __NR_setuid32
6303 #else
6304 #define __NR_sys_setuid __NR_setuid
6305 #endif
6306 #ifdef __NR_setgid32
6307 #define __NR_sys_setgid __NR_setgid32
6308 #else
6309 #define __NR_sys_setgid __NR_setgid
6310 #endif
6311 #ifdef __NR_setresuid32
6312 #define __NR_sys_setresuid __NR_setresuid32
6313 #else
6314 #define __NR_sys_setresuid __NR_setresuid
6315 #endif
6316 #ifdef __NR_setresgid32
6317 #define __NR_sys_setresgid __NR_setresgid32
6318 #else
6319 #define __NR_sys_setresgid __NR_setresgid
6320 #endif
6321 
6322 _syscall1(int, sys_setuid, uid_t, uid)
6323 _syscall1(int, sys_setgid, gid_t, gid)
6324 _syscall3(int, sys_setresuid, uid_t, ruid, uid_t, euid, uid_t, suid)
6325 _syscall3(int, sys_setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid)
6326 
6327 void syscall_init(void)
6328 {
6329     IOCTLEntry *ie;
6330     const argtype *arg_type;
6331     int size;
6332     int i;
6333 
6334     thunk_init(STRUCT_MAX);
6335 
6336 #define STRUCT(name, ...) thunk_register_struct(STRUCT_ ## name, #name, struct_ ## name ## _def);
6337 #define STRUCT_SPECIAL(name) thunk_register_struct_direct(STRUCT_ ## name, #name, &struct_ ## name ## _def);
6338 #include "syscall_types.h"
6339 #undef STRUCT
6340 #undef STRUCT_SPECIAL
6341 
6342     /* Build target_to_host_errno_table[] table from
6343      * host_to_target_errno_table[]. */
6344     for (i = 0; i < ERRNO_TABLE_SIZE; i++) {
6345         target_to_host_errno_table[host_to_target_errno_table[i]] = i;
6346     }
6347 
6348     /* we patch the ioctl size if necessary. We rely on the fact that
6349        no ioctl has all the bits at '1' in the size field */
6350     ie = ioctl_entries;
6351     while (ie->target_cmd != 0) {
6352         if (((ie->target_cmd >> TARGET_IOC_SIZESHIFT) & TARGET_IOC_SIZEMASK) ==
6353             TARGET_IOC_SIZEMASK) {
6354             arg_type = ie->arg_type;
6355             if (arg_type[0] != TYPE_PTR) {
6356                 fprintf(stderr, "cannot patch size for ioctl 0x%x\n",
6357                         ie->target_cmd);
6358                 exit(1);
6359             }
6360             arg_type++;
6361             size = thunk_type_size(arg_type, 0);
6362             ie->target_cmd = (ie->target_cmd &
6363                               ~(TARGET_IOC_SIZEMASK << TARGET_IOC_SIZESHIFT)) |
6364                 (size << TARGET_IOC_SIZESHIFT);
6365         }
6366 
6367         /* automatic consistency check if same arch */
6368 #if (defined(__i386__) && defined(TARGET_I386) && defined(TARGET_ABI32)) || \
6369     (defined(__x86_64__) && defined(TARGET_X86_64))
6370         if (unlikely(ie->target_cmd != ie->host_cmd)) {
6371             fprintf(stderr, "ERROR: ioctl(%s): target=0x%x host=0x%x\n",
6372                     ie->name, ie->target_cmd, ie->host_cmd);
6373         }
6374 #endif
6375         ie++;
6376     }
6377 }
6378 
6379 #if TARGET_ABI_BITS == 32
6380 static inline uint64_t target_offset64(uint32_t word0, uint32_t word1)
6381 {
6382 #ifdef TARGET_WORDS_BIGENDIAN
6383     return ((uint64_t)word0 << 32) | word1;
6384 #else
6385     return ((uint64_t)word1 << 32) | word0;
6386 #endif
6387 }
6388 #else /* TARGET_ABI_BITS == 32 */
6389 static inline uint64_t target_offset64(uint64_t word0, uint64_t word1)
6390 {
6391     return word0;
6392 }
6393 #endif /* TARGET_ABI_BITS != 32 */
6394 
6395 #ifdef TARGET_NR_truncate64
6396 static inline abi_long target_truncate64(void *cpu_env, const char *arg1,
6397                                          abi_long arg2,
6398                                          abi_long arg3,
6399                                          abi_long arg4)
6400 {
6401     if (regpairs_aligned(cpu_env)) {
6402         arg2 = arg3;
6403         arg3 = arg4;
6404     }
6405     return get_errno(truncate64(arg1, target_offset64(arg2, arg3)));
6406 }
6407 #endif
6408 
6409 #ifdef TARGET_NR_ftruncate64
6410 static inline abi_long target_ftruncate64(void *cpu_env, abi_long arg1,
6411                                           abi_long arg2,
6412                                           abi_long arg3,
6413                                           abi_long arg4)
6414 {
6415     if (regpairs_aligned(cpu_env)) {
6416         arg2 = arg3;
6417         arg3 = arg4;
6418     }
6419     return get_errno(ftruncate64(arg1, target_offset64(arg2, arg3)));
6420 }
6421 #endif
6422 
6423 static inline abi_long target_to_host_timespec(struct timespec *host_ts,
6424                                                abi_ulong target_addr)
6425 {
6426     struct target_timespec *target_ts;
6427 
6428     if (!lock_user_struct(VERIFY_READ, target_ts, target_addr, 1))
6429         return -TARGET_EFAULT;
6430     __get_user(host_ts->tv_sec, &target_ts->tv_sec);
6431     __get_user(host_ts->tv_nsec, &target_ts->tv_nsec);
6432     unlock_user_struct(target_ts, target_addr, 0);
6433     return 0;
6434 }
6435 
6436 static inline abi_long host_to_target_timespec(abi_ulong target_addr,
6437                                                struct timespec *host_ts)
6438 {
6439     struct target_timespec *target_ts;
6440 
6441     if (!lock_user_struct(VERIFY_WRITE, target_ts, target_addr, 0))
6442         return -TARGET_EFAULT;
6443     __put_user(host_ts->tv_sec, &target_ts->tv_sec);
6444     __put_user(host_ts->tv_nsec, &target_ts->tv_nsec);
6445     unlock_user_struct(target_ts, target_addr, 1);
6446     return 0;
6447 }
6448 
6449 static inline abi_long target_to_host_itimerspec(struct itimerspec *host_itspec,
6450                                                  abi_ulong target_addr)
6451 {
6452     struct target_itimerspec *target_itspec;
6453 
6454     if (!lock_user_struct(VERIFY_READ, target_itspec, target_addr, 1)) {
6455         return -TARGET_EFAULT;
6456     }
6457 
6458     host_itspec->it_interval.tv_sec =
6459                             tswapal(target_itspec->it_interval.tv_sec);
6460     host_itspec->it_interval.tv_nsec =
6461                             tswapal(target_itspec->it_interval.tv_nsec);
6462     host_itspec->it_value.tv_sec = tswapal(target_itspec->it_value.tv_sec);
6463     host_itspec->it_value.tv_nsec = tswapal(target_itspec->it_value.tv_nsec);
6464 
6465     unlock_user_struct(target_itspec, target_addr, 1);
6466     return 0;
6467 }
6468 
6469 static inline abi_long host_to_target_itimerspec(abi_ulong target_addr,
6470                                                struct itimerspec *host_its)
6471 {
6472     struct target_itimerspec *target_itspec;
6473 
6474     if (!lock_user_struct(VERIFY_WRITE, target_itspec, target_addr, 0)) {
6475         return -TARGET_EFAULT;
6476     }
6477 
6478     target_itspec->it_interval.tv_sec = tswapal(host_its->it_interval.tv_sec);
6479     target_itspec->it_interval.tv_nsec = tswapal(host_its->it_interval.tv_nsec);
6480 
6481     target_itspec->it_value.tv_sec = tswapal(host_its->it_value.tv_sec);
6482     target_itspec->it_value.tv_nsec = tswapal(host_its->it_value.tv_nsec);
6483 
6484     unlock_user_struct(target_itspec, target_addr, 0);
6485     return 0;
6486 }
6487 
6488 static inline abi_long target_to_host_sigevent(struct sigevent *host_sevp,
6489                                                abi_ulong target_addr)
6490 {
6491     struct target_sigevent *target_sevp;
6492 
6493     if (!lock_user_struct(VERIFY_READ, target_sevp, target_addr, 1)) {
6494         return -TARGET_EFAULT;
6495     }
6496 
6497     /* This union is awkward on 64 bit systems because it has a 32 bit
6498      * integer and a pointer in it; we follow the conversion approach
6499      * used for handling sigval types in signal.c so the guest should get
6500      * the correct value back even if we did a 64 bit byteswap and it's
6501      * using the 32 bit integer.
6502      */
6503     host_sevp->sigev_value.sival_ptr =
6504         (void *)(uintptr_t)tswapal(target_sevp->sigev_value.sival_ptr);
6505     host_sevp->sigev_signo =
6506         target_to_host_signal(tswap32(target_sevp->sigev_signo));
6507     host_sevp->sigev_notify = tswap32(target_sevp->sigev_notify);
6508     host_sevp->_sigev_un._tid = tswap32(target_sevp->_sigev_un._tid);
6509 
6510     unlock_user_struct(target_sevp, target_addr, 1);
6511     return 0;
6512 }
6513 
6514 #if defined(TARGET_NR_mlockall)
6515 static inline int target_to_host_mlockall_arg(int arg)
6516 {
6517     int result = 0;
6518 
6519     if (arg & TARGET_MLOCKALL_MCL_CURRENT) {
6520         result |= MCL_CURRENT;
6521     }
6522     if (arg & TARGET_MLOCKALL_MCL_FUTURE) {
6523         result |= MCL_FUTURE;
6524     }
6525     return result;
6526 }
6527 #endif
6528 
6529 static inline abi_long host_to_target_stat64(void *cpu_env,
6530                                              abi_ulong target_addr,
6531                                              struct stat *host_st)
6532 {
6533 #if defined(TARGET_ARM) && defined(TARGET_ABI32)
6534     if (((CPUARMState *)cpu_env)->eabi) {
6535         struct target_eabi_stat64 *target_st;
6536 
6537         if (!lock_user_struct(VERIFY_WRITE, target_st, target_addr, 0))
6538             return -TARGET_EFAULT;
6539         memset(target_st, 0, sizeof(struct target_eabi_stat64));
6540         __put_user(host_st->st_dev, &target_st->st_dev);
6541         __put_user(host_st->st_ino, &target_st->st_ino);
6542 #ifdef TARGET_STAT64_HAS_BROKEN_ST_INO
6543         __put_user(host_st->st_ino, &target_st->__st_ino);
6544 #endif
6545         __put_user(host_st->st_mode, &target_st->st_mode);
6546         __put_user(host_st->st_nlink, &target_st->st_nlink);
6547         __put_user(host_st->st_uid, &target_st->st_uid);
6548         __put_user(host_st->st_gid, &target_st->st_gid);
6549         __put_user(host_st->st_rdev, &target_st->st_rdev);
6550         __put_user(host_st->st_size, &target_st->st_size);
6551         __put_user(host_st->st_blksize, &target_st->st_blksize);
6552         __put_user(host_st->st_blocks, &target_st->st_blocks);
6553         __put_user(host_st->st_atime, &target_st->target_st_atime);
6554         __put_user(host_st->st_mtime, &target_st->target_st_mtime);
6555         __put_user(host_st->st_ctime, &target_st->target_st_ctime);
6556         unlock_user_struct(target_st, target_addr, 1);
6557     } else
6558 #endif
6559     {
6560 #if defined(TARGET_HAS_STRUCT_STAT64)
6561         struct target_stat64 *target_st;
6562 #else
6563         struct target_stat *target_st;
6564 #endif
6565 
6566         if (!lock_user_struct(VERIFY_WRITE, target_st, target_addr, 0))
6567             return -TARGET_EFAULT;
6568         memset(target_st, 0, sizeof(*target_st));
6569         __put_user(host_st->st_dev, &target_st->st_dev);
6570         __put_user(host_st->st_ino, &target_st->st_ino);
6571 #ifdef TARGET_STAT64_HAS_BROKEN_ST_INO
6572         __put_user(host_st->st_ino, &target_st->__st_ino);
6573 #endif
6574         __put_user(host_st->st_mode, &target_st->st_mode);
6575         __put_user(host_st->st_nlink, &target_st->st_nlink);
6576         __put_user(host_st->st_uid, &target_st->st_uid);
6577         __put_user(host_st->st_gid, &target_st->st_gid);
6578         __put_user(host_st->st_rdev, &target_st->st_rdev);
6579         /* XXX: better use of kernel struct */
6580         __put_user(host_st->st_size, &target_st->st_size);
6581         __put_user(host_st->st_blksize, &target_st->st_blksize);
6582         __put_user(host_st->st_blocks, &target_st->st_blocks);
6583         __put_user(host_st->st_atime, &target_st->target_st_atime);
6584         __put_user(host_st->st_mtime, &target_st->target_st_mtime);
6585         __put_user(host_st->st_ctime, &target_st->target_st_ctime);
6586         unlock_user_struct(target_st, target_addr, 1);
6587     }
6588 
6589     return 0;
6590 }
6591 
6592 /* ??? Using host futex calls even when target atomic operations
6593    are not really atomic probably breaks things.  However implementing
6594    futexes locally would make futexes shared between multiple processes
6595    tricky.  However they're probably useless because guest atomic
6596    operations won't work either.  */
6597 static int do_futex(target_ulong uaddr, int op, int val, target_ulong timeout,
6598                     target_ulong uaddr2, int val3)
6599 {
6600     struct timespec ts, *pts;
6601     int base_op;
6602 
6603     /* ??? We assume FUTEX_* constants are the same on both host
6604        and target.  */
6605 #ifdef FUTEX_CMD_MASK
6606     base_op = op & FUTEX_CMD_MASK;
6607 #else
6608     base_op = op;
6609 #endif
6610     switch (base_op) {
6611     case FUTEX_WAIT:
6612     case FUTEX_WAIT_BITSET:
6613         if (timeout) {
6614             pts = &ts;
6615             target_to_host_timespec(pts, timeout);
6616         } else {
6617             pts = NULL;
6618         }
6619         return get_errno(safe_futex(g2h(uaddr), op, tswap32(val),
6620                          pts, NULL, val3));
6621     case FUTEX_WAKE:
6622         return get_errno(safe_futex(g2h(uaddr), op, val, NULL, NULL, 0));
6623     case FUTEX_FD:
6624         return get_errno(safe_futex(g2h(uaddr), op, val, NULL, NULL, 0));
6625     case FUTEX_REQUEUE:
6626     case FUTEX_CMP_REQUEUE:
6627     case FUTEX_WAKE_OP:
6628         /* For FUTEX_REQUEUE, FUTEX_CMP_REQUEUE, and FUTEX_WAKE_OP, the
6629            TIMEOUT parameter is interpreted as a uint32_t by the kernel.
6630            But the prototype takes a `struct timespec *'; insert casts
6631            to satisfy the compiler.  We do not need to tswap TIMEOUT
6632            since it's not compared to guest memory.  */
6633         pts = (struct timespec *)(uintptr_t) timeout;
6634         return get_errno(safe_futex(g2h(uaddr), op, val, pts,
6635                                     g2h(uaddr2),
6636                                     (base_op == FUTEX_CMP_REQUEUE
6637                                      ? tswap32(val3)
6638                                      : val3)));
6639     default:
6640         return -TARGET_ENOSYS;
6641     }
6642 }
6643 #if defined(TARGET_NR_name_to_handle_at) && defined(CONFIG_OPEN_BY_HANDLE)
6644 static abi_long do_name_to_handle_at(abi_long dirfd, abi_long pathname,
6645                                      abi_long handle, abi_long mount_id,
6646                                      abi_long flags)
6647 {
6648     struct file_handle *target_fh;
6649     struct file_handle *fh;
6650     int mid = 0;
6651     abi_long ret;
6652     char *name;
6653     unsigned int size, total_size;
6654 
6655     if (get_user_s32(size, handle)) {
6656         return -TARGET_EFAULT;
6657     }
6658 
6659     name = lock_user_string(pathname);
6660     if (!name) {
6661         return -TARGET_EFAULT;
6662     }
6663 
6664     total_size = sizeof(struct file_handle) + size;
6665     target_fh = lock_user(VERIFY_WRITE, handle, total_size, 0);
6666     if (!target_fh) {
6667         unlock_user(name, pathname, 0);
6668         return -TARGET_EFAULT;
6669     }
6670 
6671     fh = g_malloc0(total_size);
6672     fh->handle_bytes = size;
6673 
6674     ret = get_errno(name_to_handle_at(dirfd, path(name), fh, &mid, flags));
6675     unlock_user(name, pathname, 0);
6676 
6677     /* man name_to_handle_at(2):
6678      * Other than the use of the handle_bytes field, the caller should treat
6679      * the file_handle structure as an opaque data type
6680      */
6681 
6682     memcpy(target_fh, fh, total_size);
6683     target_fh->handle_bytes = tswap32(fh->handle_bytes);
6684     target_fh->handle_type = tswap32(fh->handle_type);
6685     g_free(fh);
6686     unlock_user(target_fh, handle, total_size);
6687 
6688     if (put_user_s32(mid, mount_id)) {
6689         return -TARGET_EFAULT;
6690     }
6691 
6692     return ret;
6693 
6694 }
6695 #endif
6696 
6697 #if defined(TARGET_NR_open_by_handle_at) && defined(CONFIG_OPEN_BY_HANDLE)
6698 static abi_long do_open_by_handle_at(abi_long mount_fd, abi_long handle,
6699                                      abi_long flags)
6700 {
6701     struct file_handle *target_fh;
6702     struct file_handle *fh;
6703     unsigned int size, total_size;
6704     abi_long ret;
6705 
6706     if (get_user_s32(size, handle)) {
6707         return -TARGET_EFAULT;
6708     }
6709 
6710     total_size = sizeof(struct file_handle) + size;
6711     target_fh = lock_user(VERIFY_READ, handle, total_size, 1);
6712     if (!target_fh) {
6713         return -TARGET_EFAULT;
6714     }
6715 
6716     fh = g_memdup(target_fh, total_size);
6717     fh->handle_bytes = size;
6718     fh->handle_type = tswap32(target_fh->handle_type);
6719 
6720     ret = get_errno(open_by_handle_at(mount_fd, fh,
6721                     target_to_host_bitmask(flags, fcntl_flags_tbl)));
6722 
6723     g_free(fh);
6724 
6725     unlock_user(target_fh, handle, total_size);
6726 
6727     return ret;
6728 }
6729 #endif
6730 
6731 #if defined(TARGET_NR_signalfd) || defined(TARGET_NR_signalfd4)
6732 
6733 /* signalfd siginfo conversion */
6734 
6735 static void
6736 host_to_target_signalfd_siginfo(struct signalfd_siginfo *tinfo,
6737                                 const struct signalfd_siginfo *info)
6738 {
6739     int sig = host_to_target_signal(info->ssi_signo);
6740 
6741     /* linux/signalfd.h defines a ssi_addr_lsb
6742      * not defined in sys/signalfd.h but used by some kernels
6743      */
6744 
6745 #ifdef BUS_MCEERR_AO
6746     if (tinfo->ssi_signo == SIGBUS &&
6747         (tinfo->ssi_code == BUS_MCEERR_AR ||
6748          tinfo->ssi_code == BUS_MCEERR_AO)) {
6749         uint16_t *ssi_addr_lsb = (uint16_t *)(&info->ssi_addr + 1);
6750         uint16_t *tssi_addr_lsb = (uint16_t *)(&tinfo->ssi_addr + 1);
6751         *tssi_addr_lsb = tswap16(*ssi_addr_lsb);
6752     }
6753 #endif
6754 
6755     tinfo->ssi_signo = tswap32(sig);
6756     tinfo->ssi_errno = tswap32(tinfo->ssi_errno);
6757     tinfo->ssi_code = tswap32(info->ssi_code);
6758     tinfo->ssi_pid = tswap32(info->ssi_pid);
6759     tinfo->ssi_uid = tswap32(info->ssi_uid);
6760     tinfo->ssi_fd = tswap32(info->ssi_fd);
6761     tinfo->ssi_tid = tswap32(info->ssi_tid);
6762     tinfo->ssi_band = tswap32(info->ssi_band);
6763     tinfo->ssi_overrun = tswap32(info->ssi_overrun);
6764     tinfo->ssi_trapno = tswap32(info->ssi_trapno);
6765     tinfo->ssi_status = tswap32(info->ssi_status);
6766     tinfo->ssi_int = tswap32(info->ssi_int);
6767     tinfo->ssi_ptr = tswap64(info->ssi_ptr);
6768     tinfo->ssi_utime = tswap64(info->ssi_utime);
6769     tinfo->ssi_stime = tswap64(info->ssi_stime);
6770     tinfo->ssi_addr = tswap64(info->ssi_addr);
6771 }
6772 
6773 static abi_long host_to_target_data_signalfd(void *buf, size_t len)
6774 {
6775     int i;
6776 
6777     for (i = 0; i < len; i += sizeof(struct signalfd_siginfo)) {
6778         host_to_target_signalfd_siginfo(buf + i, buf + i);
6779     }
6780 
6781     return len;
6782 }
6783 
6784 static TargetFdTrans target_signalfd_trans = {
6785     .host_to_target_data = host_to_target_data_signalfd,
6786 };
6787 
6788 static abi_long do_signalfd4(int fd, abi_long mask, int flags)
6789 {
6790     int host_flags;
6791     target_sigset_t *target_mask;
6792     sigset_t host_mask;
6793     abi_long ret;
6794 
6795     if (flags & ~(TARGET_O_NONBLOCK | TARGET_O_CLOEXEC)) {
6796         return -TARGET_EINVAL;
6797     }
6798     if (!lock_user_struct(VERIFY_READ, target_mask, mask, 1)) {
6799         return -TARGET_EFAULT;
6800     }
6801 
6802     target_to_host_sigset(&host_mask, target_mask);
6803 
6804     host_flags = target_to_host_bitmask(flags, fcntl_flags_tbl);
6805 
6806     ret = get_errno(signalfd(fd, &host_mask, host_flags));
6807     if (ret >= 0) {
6808         fd_trans_register(ret, &target_signalfd_trans);
6809     }
6810 
6811     unlock_user_struct(target_mask, mask, 0);
6812 
6813     return ret;
6814 }
6815 #endif
6816 
6817 /* Map host to target signal numbers for the wait family of syscalls.
6818    Assume all other status bits are the same.  */
6819 int host_to_target_waitstatus(int status)
6820 {
6821     if (WIFSIGNALED(status)) {
6822         return host_to_target_signal(WTERMSIG(status)) | (status & ~0x7f);
6823     }
6824     if (WIFSTOPPED(status)) {
6825         return (host_to_target_signal(WSTOPSIG(status)) << 8)
6826                | (status & 0xff);
6827     }
6828     return status;
6829 }
6830 
6831 static int open_self_cmdline(void *cpu_env, int fd)
6832 {
6833     int fd_orig = -1;
6834     bool word_skipped = false;
6835 
6836     fd_orig = open("/proc/self/cmdline", O_RDONLY);
6837     if (fd_orig < 0) {
6838         return fd_orig;
6839     }
6840 
6841     while (true) {
6842         ssize_t nb_read;
6843         char buf[128];
6844         char *cp_buf = buf;
6845 
6846         nb_read = read(fd_orig, buf, sizeof(buf));
6847         if (nb_read < 0) {
6848             int e = errno;
6849             fd_orig = close(fd_orig);
6850             errno = e;
6851             return -1;
6852         } else if (nb_read == 0) {
6853             break;
6854         }
6855 
6856         if (!word_skipped) {
6857             /* Skip the first string, which is the path to qemu-*-static
6858                instead of the actual command. */
6859             cp_buf = memchr(buf, 0, sizeof(buf));
6860             if (cp_buf) {
6861                 /* Null byte found, skip one string */
6862                 cp_buf++;
6863                 nb_read -= cp_buf - buf;
6864                 word_skipped = true;
6865             }
6866         }
6867 
6868         if (word_skipped) {
6869             if (write(fd, cp_buf, nb_read) != nb_read) {
6870                 int e = errno;
6871                 close(fd_orig);
6872                 errno = e;
6873                 return -1;
6874             }
6875         }
6876     }
6877 
6878     return close(fd_orig);
6879 }
6880 
6881 static int open_self_maps(void *cpu_env, int fd)
6882 {
6883     CPUState *cpu = ENV_GET_CPU((CPUArchState *)cpu_env);
6884     TaskState *ts = cpu->opaque;
6885     FILE *fp;
6886     char *line = NULL;
6887     size_t len = 0;
6888     ssize_t read;
6889 
6890     fp = fopen("/proc/self/maps", "r");
6891     if (fp == NULL) {
6892         return -1;
6893     }
6894 
6895     while ((read = getline(&line, &len, fp)) != -1) {
6896         int fields, dev_maj, dev_min, inode;
6897         uint64_t min, max, offset;
6898         char flag_r, flag_w, flag_x, flag_p;
6899         char path[512] = "";
6900         fields = sscanf(line, "%"PRIx64"-%"PRIx64" %c%c%c%c %"PRIx64" %x:%x %d"
6901                         " %512s", &min, &max, &flag_r, &flag_w, &flag_x,
6902                         &flag_p, &offset, &dev_maj, &dev_min, &inode, path);
6903 
6904         if ((fields < 10) || (fields > 11)) {
6905             continue;
6906         }
6907         if (h2g_valid(min)) {
6908             int flags = page_get_flags(h2g(min));
6909             max = h2g_valid(max - 1) ? max : (uintptr_t)g2h(GUEST_ADDR_MAX);
6910             if (page_check_range(h2g(min), max - min, flags) == -1) {
6911                 continue;
6912             }
6913             if (h2g(min) == ts->info->stack_limit) {
6914                 pstrcpy(path, sizeof(path), "      [stack]");
6915             }
6916             dprintf(fd, TARGET_ABI_FMT_lx "-" TARGET_ABI_FMT_lx
6917                     " %c%c%c%c %08" PRIx64 " %02x:%02x %d %s%s\n",
6918                     h2g(min), h2g(max - 1) + 1, flag_r, flag_w,
6919                     flag_x, flag_p, offset, dev_maj, dev_min, inode,
6920                     path[0] ? "         " : "", path);
6921         }
6922     }
6923 
6924     free(line);
6925     fclose(fp);
6926 
6927     return 0;
6928 }
6929 
6930 static int open_self_stat(void *cpu_env, int fd)
6931 {
6932     CPUState *cpu = ENV_GET_CPU((CPUArchState *)cpu_env);
6933     TaskState *ts = cpu->opaque;
6934     abi_ulong start_stack = ts->info->start_stack;
6935     int i;
6936 
6937     for (i = 0; i < 44; i++) {
6938       char buf[128];
6939       int len;
6940       uint64_t val = 0;
6941 
6942       if (i == 0) {
6943         /* pid */
6944         val = getpid();
6945         snprintf(buf, sizeof(buf), "%"PRId64 " ", val);
6946       } else if (i == 1) {
6947         /* app name */
6948         snprintf(buf, sizeof(buf), "(%s) ", ts->bprm->argv[0]);
6949       } else if (i == 27) {
6950         /* stack bottom */
6951         val = start_stack;
6952         snprintf(buf, sizeof(buf), "%"PRId64 " ", val);
6953       } else {
6954         /* for the rest, there is MasterCard */
6955         snprintf(buf, sizeof(buf), "0%c", i == 43 ? '\n' : ' ');
6956       }
6957 
6958       len = strlen(buf);
6959       if (write(fd, buf, len) != len) {
6960           return -1;
6961       }
6962     }
6963 
6964     return 0;
6965 }
6966 
6967 static int open_self_auxv(void *cpu_env, int fd)
6968 {
6969     CPUState *cpu = ENV_GET_CPU((CPUArchState *)cpu_env);
6970     TaskState *ts = cpu->opaque;
6971     abi_ulong auxv = ts->info->saved_auxv;
6972     abi_ulong len = ts->info->auxv_len;
6973     char *ptr;
6974 
6975     /*
6976      * Auxiliary vector is stored in target process stack.
6977      * read in whole auxv vector and copy it to file
6978      */
6979     ptr = lock_user(VERIFY_READ, auxv, len, 0);
6980     if (ptr != NULL) {
6981         while (len > 0) {
6982             ssize_t r;
6983             r = write(fd, ptr, len);
6984             if (r <= 0) {
6985                 break;
6986             }
6987             len -= r;
6988             ptr += r;
6989         }
6990         lseek(fd, 0, SEEK_SET);
6991         unlock_user(ptr, auxv, len);
6992     }
6993 
6994     return 0;
6995 }
6996 
6997 static int is_proc_myself(const char *filename, const char *entry)
6998 {
6999     if (!strncmp(filename, "/proc/", strlen("/proc/"))) {
7000         filename += strlen("/proc/");
7001         if (!strncmp(filename, "self/", strlen("self/"))) {
7002             filename += strlen("self/");
7003         } else if (*filename >= '1' && *filename <= '9') {
7004             char myself[80];
7005             snprintf(myself, sizeof(myself), "%d/", getpid());
7006             if (!strncmp(filename, myself, strlen(myself))) {
7007                 filename += strlen(myself);
7008             } else {
7009                 return 0;
7010             }
7011         } else {
7012             return 0;
7013         }
7014         if (!strcmp(filename, entry)) {
7015             return 1;
7016         }
7017     }
7018     return 0;
7019 }
7020 
7021 #if defined(HOST_WORDS_BIGENDIAN) != defined(TARGET_WORDS_BIGENDIAN)
7022 static int is_proc(const char *filename, const char *entry)
7023 {
7024     return strcmp(filename, entry) == 0;
7025 }
7026 
7027 static int open_net_route(void *cpu_env, int fd)
7028 {
7029     FILE *fp;
7030     char *line = NULL;
7031     size_t len = 0;
7032     ssize_t read;
7033 
7034     fp = fopen("/proc/net/route", "r");
7035     if (fp == NULL) {
7036         return -1;
7037     }
7038 
7039     /* read header */
7040 
7041     read = getline(&line, &len, fp);
7042     dprintf(fd, "%s", line);
7043 
7044     /* read routes */
7045 
7046     while ((read = getline(&line, &len, fp)) != -1) {
7047         char iface[16];
7048         uint32_t dest, gw, mask;
7049         unsigned int flags, refcnt, use, metric, mtu, window, irtt;
7050         sscanf(line, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n",
7051                      iface, &dest, &gw, &flags, &refcnt, &use, &metric,
7052                      &mask, &mtu, &window, &irtt);
7053         dprintf(fd, "%s\t%08x\t%08x\t%04x\t%d\t%d\t%d\t%08x\t%d\t%u\t%u\n",
7054                 iface, tswap32(dest), tswap32(gw), flags, refcnt, use,
7055                 metric, tswap32(mask), mtu, window, irtt);
7056     }
7057 
7058     free(line);
7059     fclose(fp);
7060 
7061     return 0;
7062 }
7063 #endif
7064 
7065 static int do_openat(void *cpu_env, int dirfd, const char *pathname, int flags, mode_t mode)
7066 {
7067     struct fake_open {
7068         const char *filename;
7069         int (*fill)(void *cpu_env, int fd);
7070         int (*cmp)(const char *s1, const char *s2);
7071     };
7072     const struct fake_open *fake_open;
7073     static const struct fake_open fakes[] = {
7074         { "maps", open_self_maps, is_proc_myself },
7075         { "stat", open_self_stat, is_proc_myself },
7076         { "auxv", open_self_auxv, is_proc_myself },
7077         { "cmdline", open_self_cmdline, is_proc_myself },
7078 #if defined(HOST_WORDS_BIGENDIAN) != defined(TARGET_WORDS_BIGENDIAN)
7079         { "/proc/net/route", open_net_route, is_proc },
7080 #endif
7081         { NULL, NULL, NULL }
7082     };
7083 
7084     if (is_proc_myself(pathname, "exe")) {
7085         int execfd = qemu_getauxval(AT_EXECFD);
7086         return execfd ? execfd : safe_openat(dirfd, exec_path, flags, mode);
7087     }
7088 
7089     for (fake_open = fakes; fake_open->filename; fake_open++) {
7090         if (fake_open->cmp(pathname, fake_open->filename)) {
7091             break;
7092         }
7093     }
7094 
7095     if (fake_open->filename) {
7096         const char *tmpdir;
7097         char filename[PATH_MAX];
7098         int fd, r;
7099 
7100         /* create temporary file to map stat to */
7101         tmpdir = getenv("TMPDIR");
7102         if (!tmpdir)
7103             tmpdir = "/tmp";
7104         snprintf(filename, sizeof(filename), "%s/qemu-open.XXXXXX", tmpdir);
7105         fd = mkstemp(filename);
7106         if (fd < 0) {
7107             return fd;
7108         }
7109         unlink(filename);
7110 
7111         if ((r = fake_open->fill(cpu_env, fd))) {
7112             int e = errno;
7113             close(fd);
7114             errno = e;
7115             return r;
7116         }
7117         lseek(fd, 0, SEEK_SET);
7118 
7119         return fd;
7120     }
7121 
7122     return safe_openat(dirfd, path(pathname), flags, mode);
7123 }
7124 
7125 #define TIMER_MAGIC 0x0caf0000
7126 #define TIMER_MAGIC_MASK 0xffff0000
7127 
7128 /* Convert QEMU provided timer ID back to internal 16bit index format */
7129 static target_timer_t get_timer_id(abi_long arg)
7130 {
7131     target_timer_t timerid = arg;
7132 
7133     if ((timerid & TIMER_MAGIC_MASK) != TIMER_MAGIC) {
7134         return -TARGET_EINVAL;
7135     }
7136 
7137     timerid &= 0xffff;
7138 
7139     if (timerid >= ARRAY_SIZE(g_posix_timers)) {
7140         return -TARGET_EINVAL;
7141     }
7142 
7143     return timerid;
7144 }
7145 
7146 /* do_syscall() should always have a single exit point at the end so
7147    that actions, such as logging of syscall results, can be performed.
7148    All errnos that do_syscall() returns must be -TARGET_<errcode>. */
7149 abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
7150                     abi_long arg2, abi_long arg3, abi_long arg4,
7151                     abi_long arg5, abi_long arg6, abi_long arg7,
7152                     abi_long arg8)
7153 {
7154     CPUState *cpu = ENV_GET_CPU(cpu_env);
7155     abi_long ret;
7156     struct stat st;
7157     struct statfs stfs;
7158     void *p;
7159 
7160 #if defined(DEBUG_ERESTARTSYS)
7161     /* Debug-only code for exercising the syscall-restart code paths
7162      * in the per-architecture cpu main loops: restart every syscall
7163      * the guest makes once before letting it through.
7164      */
7165     {
7166         static int flag;
7167 
7168         flag = !flag;
7169         if (flag) {
7170             return -TARGET_ERESTARTSYS;
7171         }
7172     }
7173 #endif
7174 
7175 #ifdef DEBUG
7176     gemu_log("syscall %d", num);
7177 #endif
7178     trace_guest_user_syscall(cpu, num, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8);
7179     if(do_strace)
7180         print_syscall(num, arg1, arg2, arg3, arg4, arg5, arg6);
7181 
7182     switch(num) {
7183     case TARGET_NR_exit:
7184         /* In old applications this may be used to implement _exit(2).
7185            However in threaded applictions it is used for thread termination,
7186            and _exit_group is used for application termination.
7187            Do thread termination if we have more then one thread.  */
7188 
7189         if (block_signals()) {
7190             ret = -TARGET_ERESTARTSYS;
7191             break;
7192         }
7193 
7194         if (CPU_NEXT(first_cpu)) {
7195             TaskState *ts;
7196 
7197             cpu_list_lock();
7198             /* Remove the CPU from the list.  */
7199             QTAILQ_REMOVE(&cpus, cpu, node);
7200             cpu_list_unlock();
7201             ts = cpu->opaque;
7202             if (ts->child_tidptr) {
7203                 put_user_u32(0, ts->child_tidptr);
7204                 sys_futex(g2h(ts->child_tidptr), FUTEX_WAKE, INT_MAX,
7205                           NULL, NULL, 0);
7206             }
7207             thread_cpu = NULL;
7208             object_unref(OBJECT(cpu));
7209             g_free(ts);
7210             rcu_unregister_thread();
7211             pthread_exit(NULL);
7212         }
7213 #ifdef TARGET_GPROF
7214         _mcleanup();
7215 #endif
7216         gdb_exit(cpu_env, arg1);
7217         _exit(arg1);
7218         ret = 0; /* avoid warning */
7219         break;
7220     case TARGET_NR_read:
7221         if (arg3 == 0)
7222             ret = 0;
7223         else {
7224             if (!(p = lock_user(VERIFY_WRITE, arg2, arg3, 0)))
7225                 goto efault;
7226             ret = get_errno(safe_read(arg1, p, arg3));
7227             if (ret >= 0 &&
7228                 fd_trans_host_to_target_data(arg1)) {
7229                 ret = fd_trans_host_to_target_data(arg1)(p, ret);
7230             }
7231             unlock_user(p, arg2, ret);
7232         }
7233         break;
7234     case TARGET_NR_write:
7235         if (!(p = lock_user(VERIFY_READ, arg2, arg3, 1)))
7236             goto efault;
7237         ret = get_errno(safe_write(arg1, p, arg3));
7238         unlock_user(p, arg2, 0);
7239         break;
7240 #ifdef TARGET_NR_open
7241     case TARGET_NR_open:
7242         if (!(p = lock_user_string(arg1)))
7243             goto efault;
7244         ret = get_errno(do_openat(cpu_env, AT_FDCWD, p,
7245                                   target_to_host_bitmask(arg2, fcntl_flags_tbl),
7246                                   arg3));
7247         fd_trans_unregister(ret);
7248         unlock_user(p, arg1, 0);
7249         break;
7250 #endif
7251     case TARGET_NR_openat:
7252         if (!(p = lock_user_string(arg2)))
7253             goto efault;
7254         ret = get_errno(do_openat(cpu_env, arg1, p,
7255                                   target_to_host_bitmask(arg3, fcntl_flags_tbl),
7256                                   arg4));
7257         fd_trans_unregister(ret);
7258         unlock_user(p, arg2, 0);
7259         break;
7260 #if defined(TARGET_NR_name_to_handle_at) && defined(CONFIG_OPEN_BY_HANDLE)
7261     case TARGET_NR_name_to_handle_at:
7262         ret = do_name_to_handle_at(arg1, arg2, arg3, arg4, arg5);
7263         break;
7264 #endif
7265 #if defined(TARGET_NR_open_by_handle_at) && defined(CONFIG_OPEN_BY_HANDLE)
7266     case TARGET_NR_open_by_handle_at:
7267         ret = do_open_by_handle_at(arg1, arg2, arg3);
7268         fd_trans_unregister(ret);
7269         break;
7270 #endif
7271     case TARGET_NR_close:
7272         fd_trans_unregister(arg1);
7273         ret = get_errno(close(arg1));
7274         break;
7275     case TARGET_NR_brk:
7276         ret = do_brk(arg1);
7277         break;
7278 #ifdef TARGET_NR_fork
7279     case TARGET_NR_fork:
7280         ret = get_errno(do_fork(cpu_env, SIGCHLD, 0, 0, 0, 0));
7281         break;
7282 #endif
7283 #ifdef TARGET_NR_waitpid
7284     case TARGET_NR_waitpid:
7285         {
7286             int status;
7287             ret = get_errno(safe_wait4(arg1, &status, arg3, 0));
7288             if (!is_error(ret) && arg2 && ret
7289                 && put_user_s32(host_to_target_waitstatus(status), arg2))
7290                 goto efault;
7291         }
7292         break;
7293 #endif
7294 #ifdef TARGET_NR_waitid
7295     case TARGET_NR_waitid:
7296         {
7297             siginfo_t info;
7298             info.si_pid = 0;
7299             ret = get_errno(safe_waitid(arg1, arg2, &info, arg4, NULL));
7300             if (!is_error(ret) && arg3 && info.si_pid != 0) {
7301                 if (!(p = lock_user(VERIFY_WRITE, arg3, sizeof(target_siginfo_t), 0)))
7302                     goto efault;
7303                 host_to_target_siginfo(p, &info);
7304                 unlock_user(p, arg3, sizeof(target_siginfo_t));
7305             }
7306         }
7307         break;
7308 #endif
7309 #ifdef TARGET_NR_creat /* not on alpha */
7310     case TARGET_NR_creat:
7311         if (!(p = lock_user_string(arg1)))
7312             goto efault;
7313         ret = get_errno(creat(p, arg2));
7314         fd_trans_unregister(ret);
7315         unlock_user(p, arg1, 0);
7316         break;
7317 #endif
7318 #ifdef TARGET_NR_link
7319     case TARGET_NR_link:
7320         {
7321             void * p2;
7322             p = lock_user_string(arg1);
7323             p2 = lock_user_string(arg2);
7324             if (!p || !p2)
7325                 ret = -TARGET_EFAULT;
7326             else
7327                 ret = get_errno(link(p, p2));
7328             unlock_user(p2, arg2, 0);
7329             unlock_user(p, arg1, 0);
7330         }
7331         break;
7332 #endif
7333 #if defined(TARGET_NR_linkat)
7334     case TARGET_NR_linkat:
7335         {
7336             void * p2 = NULL;
7337             if (!arg2 || !arg4)
7338                 goto efault;
7339             p  = lock_user_string(arg2);
7340             p2 = lock_user_string(arg4);
7341             if (!p || !p2)
7342                 ret = -TARGET_EFAULT;
7343             else
7344                 ret = get_errno(linkat(arg1, p, arg3, p2, arg5));
7345             unlock_user(p, arg2, 0);
7346             unlock_user(p2, arg4, 0);
7347         }
7348         break;
7349 #endif
7350 #ifdef TARGET_NR_unlink
7351     case TARGET_NR_unlink:
7352         if (!(p = lock_user_string(arg1)))
7353             goto efault;
7354         ret = get_errno(unlink(p));
7355         unlock_user(p, arg1, 0);
7356         break;
7357 #endif
7358 #if defined(TARGET_NR_unlinkat)
7359     case TARGET_NR_unlinkat:
7360         if (!(p = lock_user_string(arg2)))
7361             goto efault;
7362         ret = get_errno(unlinkat(arg1, p, arg3));
7363         unlock_user(p, arg2, 0);
7364         break;
7365 #endif
7366     case TARGET_NR_execve:
7367         {
7368             char **argp, **envp;
7369             int argc, envc;
7370             abi_ulong gp;
7371             abi_ulong guest_argp;
7372             abi_ulong guest_envp;
7373             abi_ulong addr;
7374             char **q;
7375             int total_size = 0;
7376 
7377             argc = 0;
7378             guest_argp = arg2;
7379             for (gp = guest_argp; gp; gp += sizeof(abi_ulong)) {
7380                 if (get_user_ual(addr, gp))
7381                     goto efault;
7382                 if (!addr)
7383                     break;
7384                 argc++;
7385             }
7386             envc = 0;
7387             guest_envp = arg3;
7388             for (gp = guest_envp; gp; gp += sizeof(abi_ulong)) {
7389                 if (get_user_ual(addr, gp))
7390                     goto efault;
7391                 if (!addr)
7392                     break;
7393                 envc++;
7394             }
7395 
7396             argp = alloca((argc + 1) * sizeof(void *));
7397             envp = alloca((envc + 1) * sizeof(void *));
7398 
7399             for (gp = guest_argp, q = argp; gp;
7400                   gp += sizeof(abi_ulong), q++) {
7401                 if (get_user_ual(addr, gp))
7402                     goto execve_efault;
7403                 if (!addr)
7404                     break;
7405                 if (!(*q = lock_user_string(addr)))
7406                     goto execve_efault;
7407                 total_size += strlen(*q) + 1;
7408             }
7409             *q = NULL;
7410 
7411             for (gp = guest_envp, q = envp; gp;
7412                   gp += sizeof(abi_ulong), q++) {
7413                 if (get_user_ual(addr, gp))
7414                     goto execve_efault;
7415                 if (!addr)
7416                     break;
7417                 if (!(*q = lock_user_string(addr)))
7418                     goto execve_efault;
7419                 total_size += strlen(*q) + 1;
7420             }
7421             *q = NULL;
7422 
7423             if (!(p = lock_user_string(arg1)))
7424                 goto execve_efault;
7425             /* Although execve() is not an interruptible syscall it is
7426              * a special case where we must use the safe_syscall wrapper:
7427              * if we allow a signal to happen before we make the host
7428              * syscall then we will 'lose' it, because at the point of
7429              * execve the process leaves QEMU's control. So we use the
7430              * safe syscall wrapper to ensure that we either take the
7431              * signal as a guest signal, or else it does not happen
7432              * before the execve completes and makes it the other
7433              * program's problem.
7434              */
7435             ret = get_errno(safe_execve(p, argp, envp));
7436             unlock_user(p, arg1, 0);
7437 
7438             goto execve_end;
7439 
7440         execve_efault:
7441             ret = -TARGET_EFAULT;
7442 
7443         execve_end:
7444             for (gp = guest_argp, q = argp; *q;
7445                   gp += sizeof(abi_ulong), q++) {
7446                 if (get_user_ual(addr, gp)
7447                     || !addr)
7448                     break;
7449                 unlock_user(*q, addr, 0);
7450             }
7451             for (gp = guest_envp, q = envp; *q;
7452                   gp += sizeof(abi_ulong), q++) {
7453                 if (get_user_ual(addr, gp)
7454                     || !addr)
7455                     break;
7456                 unlock_user(*q, addr, 0);
7457             }
7458         }
7459         break;
7460     case TARGET_NR_chdir:
7461         if (!(p = lock_user_string(arg1)))
7462             goto efault;
7463         ret = get_errno(chdir(p));
7464         unlock_user(p, arg1, 0);
7465         break;
7466 #ifdef TARGET_NR_time
7467     case TARGET_NR_time:
7468         {
7469             time_t host_time;
7470             ret = get_errno(time(&host_time));
7471             if (!is_error(ret)
7472                 && arg1
7473                 && put_user_sal(host_time, arg1))
7474                 goto efault;
7475         }
7476         break;
7477 #endif
7478 #ifdef TARGET_NR_mknod
7479     case TARGET_NR_mknod:
7480         if (!(p = lock_user_string(arg1)))
7481             goto efault;
7482         ret = get_errno(mknod(p, arg2, arg3));
7483         unlock_user(p, arg1, 0);
7484         break;
7485 #endif
7486 #if defined(TARGET_NR_mknodat)
7487     case TARGET_NR_mknodat:
7488         if (!(p = lock_user_string(arg2)))
7489             goto efault;
7490         ret = get_errno(mknodat(arg1, p, arg3, arg4));
7491         unlock_user(p, arg2, 0);
7492         break;
7493 #endif
7494 #ifdef TARGET_NR_chmod
7495     case TARGET_NR_chmod:
7496         if (!(p = lock_user_string(arg1)))
7497             goto efault;
7498         ret = get_errno(chmod(p, arg2));
7499         unlock_user(p, arg1, 0);
7500         break;
7501 #endif
7502 #ifdef TARGET_NR_break
7503     case TARGET_NR_break:
7504         goto unimplemented;
7505 #endif
7506 #ifdef TARGET_NR_oldstat
7507     case TARGET_NR_oldstat:
7508         goto unimplemented;
7509 #endif
7510     case TARGET_NR_lseek:
7511         ret = get_errno(lseek(arg1, arg2, arg3));
7512         break;
7513 #if defined(TARGET_NR_getxpid) && defined(TARGET_ALPHA)
7514     /* Alpha specific */
7515     case TARGET_NR_getxpid:
7516         ((CPUAlphaState *)cpu_env)->ir[IR_A4] = getppid();
7517         ret = get_errno(getpid());
7518         break;
7519 #endif
7520 #ifdef TARGET_NR_getpid
7521     case TARGET_NR_getpid:
7522         ret = get_errno(getpid());
7523         break;
7524 #endif
7525     case TARGET_NR_mount:
7526         {
7527             /* need to look at the data field */
7528             void *p2, *p3;
7529 
7530             if (arg1) {
7531                 p = lock_user_string(arg1);
7532                 if (!p) {
7533                     goto efault;
7534                 }
7535             } else {
7536                 p = NULL;
7537             }
7538 
7539             p2 = lock_user_string(arg2);
7540             if (!p2) {
7541                 if (arg1) {
7542                     unlock_user(p, arg1, 0);
7543                 }
7544                 goto efault;
7545             }
7546 
7547             if (arg3) {
7548                 p3 = lock_user_string(arg3);
7549                 if (!p3) {
7550                     if (arg1) {
7551                         unlock_user(p, arg1, 0);
7552                     }
7553                     unlock_user(p2, arg2, 0);
7554                     goto efault;
7555                 }
7556             } else {
7557                 p3 = NULL;
7558             }
7559 
7560             /* FIXME - arg5 should be locked, but it isn't clear how to
7561              * do that since it's not guaranteed to be a NULL-terminated
7562              * string.
7563              */
7564             if (!arg5) {
7565                 ret = mount(p, p2, p3, (unsigned long)arg4, NULL);
7566             } else {
7567                 ret = mount(p, p2, p3, (unsigned long)arg4, g2h(arg5));
7568             }
7569             ret = get_errno(ret);
7570 
7571             if (arg1) {
7572                 unlock_user(p, arg1, 0);
7573             }
7574             unlock_user(p2, arg2, 0);
7575             if (arg3) {
7576                 unlock_user(p3, arg3, 0);
7577             }
7578         }
7579         break;
7580 #ifdef TARGET_NR_umount
7581     case TARGET_NR_umount:
7582         if (!(p = lock_user_string(arg1)))
7583             goto efault;
7584         ret = get_errno(umount(p));
7585         unlock_user(p, arg1, 0);
7586         break;
7587 #endif
7588 #ifdef TARGET_NR_stime /* not on alpha */
7589     case TARGET_NR_stime:
7590         {
7591             time_t host_time;
7592             if (get_user_sal(host_time, arg1))
7593                 goto efault;
7594             ret = get_errno(stime(&host_time));
7595         }
7596         break;
7597 #endif
7598     case TARGET_NR_ptrace:
7599         goto unimplemented;
7600 #ifdef TARGET_NR_alarm /* not on alpha */
7601     case TARGET_NR_alarm:
7602         ret = alarm(arg1);
7603         break;
7604 #endif
7605 #ifdef TARGET_NR_oldfstat
7606     case TARGET_NR_oldfstat:
7607         goto unimplemented;
7608 #endif
7609 #ifdef TARGET_NR_pause /* not on alpha */
7610     case TARGET_NR_pause:
7611         if (!block_signals()) {
7612             sigsuspend(&((TaskState *)cpu->opaque)->signal_mask);
7613         }
7614         ret = -TARGET_EINTR;
7615         break;
7616 #endif
7617 #ifdef TARGET_NR_utime
7618     case TARGET_NR_utime:
7619         {
7620             struct utimbuf tbuf, *host_tbuf;
7621             struct target_utimbuf *target_tbuf;
7622             if (arg2) {
7623                 if (!lock_user_struct(VERIFY_READ, target_tbuf, arg2, 1))
7624                     goto efault;
7625                 tbuf.actime = tswapal(target_tbuf->actime);
7626                 tbuf.modtime = tswapal(target_tbuf->modtime);
7627                 unlock_user_struct(target_tbuf, arg2, 0);
7628                 host_tbuf = &tbuf;
7629             } else {
7630                 host_tbuf = NULL;
7631             }
7632             if (!(p = lock_user_string(arg1)))
7633                 goto efault;
7634             ret = get_errno(utime(p, host_tbuf));
7635             unlock_user(p, arg1, 0);
7636         }
7637         break;
7638 #endif
7639 #ifdef TARGET_NR_utimes
7640     case TARGET_NR_utimes:
7641         {
7642             struct timeval *tvp, tv[2];
7643             if (arg2) {
7644                 if (copy_from_user_timeval(&tv[0], arg2)
7645                     || copy_from_user_timeval(&tv[1],
7646                                               arg2 + sizeof(struct target_timeval)))
7647                     goto efault;
7648                 tvp = tv;
7649             } else {
7650                 tvp = NULL;
7651             }
7652             if (!(p = lock_user_string(arg1)))
7653                 goto efault;
7654             ret = get_errno(utimes(p, tvp));
7655             unlock_user(p, arg1, 0);
7656         }
7657         break;
7658 #endif
7659 #if defined(TARGET_NR_futimesat)
7660     case TARGET_NR_futimesat:
7661         {
7662             struct timeval *tvp, tv[2];
7663             if (arg3) {
7664                 if (copy_from_user_timeval(&tv[0], arg3)
7665                     || copy_from_user_timeval(&tv[1],
7666                                               arg3 + sizeof(struct target_timeval)))
7667                     goto efault;
7668                 tvp = tv;
7669             } else {
7670                 tvp = NULL;
7671             }
7672             if (!(p = lock_user_string(arg2)))
7673                 goto efault;
7674             ret = get_errno(futimesat(arg1, path(p), tvp));
7675             unlock_user(p, arg2, 0);
7676         }
7677         break;
7678 #endif
7679 #ifdef TARGET_NR_stty
7680     case TARGET_NR_stty:
7681         goto unimplemented;
7682 #endif
7683 #ifdef TARGET_NR_gtty
7684     case TARGET_NR_gtty:
7685         goto unimplemented;
7686 #endif
7687 #ifdef TARGET_NR_access
7688     case TARGET_NR_access:
7689         if (!(p = lock_user_string(arg1)))
7690             goto efault;
7691         ret = get_errno(access(path(p), arg2));
7692         unlock_user(p, arg1, 0);
7693         break;
7694 #endif
7695 #if defined(TARGET_NR_faccessat) && defined(__NR_faccessat)
7696     case TARGET_NR_faccessat:
7697         if (!(p = lock_user_string(arg2)))
7698             goto efault;
7699         ret = get_errno(faccessat(arg1, p, arg3, 0));
7700         unlock_user(p, arg2, 0);
7701         break;
7702 #endif
7703 #ifdef TARGET_NR_nice /* not on alpha */
7704     case TARGET_NR_nice:
7705         ret = get_errno(nice(arg1));
7706         break;
7707 #endif
7708 #ifdef TARGET_NR_ftime
7709     case TARGET_NR_ftime:
7710         goto unimplemented;
7711 #endif
7712     case TARGET_NR_sync:
7713         sync();
7714         ret = 0;
7715         break;
7716     case TARGET_NR_kill:
7717         ret = get_errno(safe_kill(arg1, target_to_host_signal(arg2)));
7718         break;
7719 #ifdef TARGET_NR_rename
7720     case TARGET_NR_rename:
7721         {
7722             void *p2;
7723             p = lock_user_string(arg1);
7724             p2 = lock_user_string(arg2);
7725             if (!p || !p2)
7726                 ret = -TARGET_EFAULT;
7727             else
7728                 ret = get_errno(rename(p, p2));
7729             unlock_user(p2, arg2, 0);
7730             unlock_user(p, arg1, 0);
7731         }
7732         break;
7733 #endif
7734 #if defined(TARGET_NR_renameat)
7735     case TARGET_NR_renameat:
7736         {
7737             void *p2;
7738             p  = lock_user_string(arg2);
7739             p2 = lock_user_string(arg4);
7740             if (!p || !p2)
7741                 ret = -TARGET_EFAULT;
7742             else
7743                 ret = get_errno(renameat(arg1, p, arg3, p2));
7744             unlock_user(p2, arg4, 0);
7745             unlock_user(p, arg2, 0);
7746         }
7747         break;
7748 #endif
7749 #ifdef TARGET_NR_mkdir
7750     case TARGET_NR_mkdir:
7751         if (!(p = lock_user_string(arg1)))
7752             goto efault;
7753         ret = get_errno(mkdir(p, arg2));
7754         unlock_user(p, arg1, 0);
7755         break;
7756 #endif
7757 #if defined(TARGET_NR_mkdirat)
7758     case TARGET_NR_mkdirat:
7759         if (!(p = lock_user_string(arg2)))
7760             goto efault;
7761         ret = get_errno(mkdirat(arg1, p, arg3));
7762         unlock_user(p, arg2, 0);
7763         break;
7764 #endif
7765 #ifdef TARGET_NR_rmdir
7766     case TARGET_NR_rmdir:
7767         if (!(p = lock_user_string(arg1)))
7768             goto efault;
7769         ret = get_errno(rmdir(p));
7770         unlock_user(p, arg1, 0);
7771         break;
7772 #endif
7773     case TARGET_NR_dup:
7774         ret = get_errno(dup(arg1));
7775         if (ret >= 0) {
7776             fd_trans_dup(arg1, ret);
7777         }
7778         break;
7779 #ifdef TARGET_NR_pipe
7780     case TARGET_NR_pipe:
7781         ret = do_pipe(cpu_env, arg1, 0, 0);
7782         break;
7783 #endif
7784 #ifdef TARGET_NR_pipe2
7785     case TARGET_NR_pipe2:
7786         ret = do_pipe(cpu_env, arg1,
7787                       target_to_host_bitmask(arg2, fcntl_flags_tbl), 1);
7788         break;
7789 #endif
7790     case TARGET_NR_times:
7791         {
7792             struct target_tms *tmsp;
7793             struct tms tms;
7794             ret = get_errno(times(&tms));
7795             if (arg1) {
7796                 tmsp = lock_user(VERIFY_WRITE, arg1, sizeof(struct target_tms), 0);
7797                 if (!tmsp)
7798                     goto efault;
7799                 tmsp->tms_utime = tswapal(host_to_target_clock_t(tms.tms_utime));
7800                 tmsp->tms_stime = tswapal(host_to_target_clock_t(tms.tms_stime));
7801                 tmsp->tms_cutime = tswapal(host_to_target_clock_t(tms.tms_cutime));
7802                 tmsp->tms_cstime = tswapal(host_to_target_clock_t(tms.tms_cstime));
7803             }
7804             if (!is_error(ret))
7805                 ret = host_to_target_clock_t(ret);
7806         }
7807         break;
7808 #ifdef TARGET_NR_prof
7809     case TARGET_NR_prof:
7810         goto unimplemented;
7811 #endif
7812 #ifdef TARGET_NR_signal
7813     case TARGET_NR_signal:
7814         goto unimplemented;
7815 #endif
7816     case TARGET_NR_acct:
7817         if (arg1 == 0) {
7818             ret = get_errno(acct(NULL));
7819         } else {
7820             if (!(p = lock_user_string(arg1)))
7821                 goto efault;
7822             ret = get_errno(acct(path(p)));
7823             unlock_user(p, arg1, 0);
7824         }
7825         break;
7826 #ifdef TARGET_NR_umount2
7827     case TARGET_NR_umount2:
7828         if (!(p = lock_user_string(arg1)))
7829             goto efault;
7830         ret = get_errno(umount2(p, arg2));
7831         unlock_user(p, arg1, 0);
7832         break;
7833 #endif
7834 #ifdef TARGET_NR_lock
7835     case TARGET_NR_lock:
7836         goto unimplemented;
7837 #endif
7838     case TARGET_NR_ioctl:
7839         ret = do_ioctl(arg1, arg2, arg3);
7840         break;
7841     case TARGET_NR_fcntl:
7842         ret = do_fcntl(arg1, arg2, arg3);
7843         break;
7844 #ifdef TARGET_NR_mpx
7845     case TARGET_NR_mpx:
7846         goto unimplemented;
7847 #endif
7848     case TARGET_NR_setpgid:
7849         ret = get_errno(setpgid(arg1, arg2));
7850         break;
7851 #ifdef TARGET_NR_ulimit
7852     case TARGET_NR_ulimit:
7853         goto unimplemented;
7854 #endif
7855 #ifdef TARGET_NR_oldolduname
7856     case TARGET_NR_oldolduname:
7857         goto unimplemented;
7858 #endif
7859     case TARGET_NR_umask:
7860         ret = get_errno(umask(arg1));
7861         break;
7862     case TARGET_NR_chroot:
7863         if (!(p = lock_user_string(arg1)))
7864             goto efault;
7865         ret = get_errno(chroot(p));
7866         unlock_user(p, arg1, 0);
7867         break;
7868 #ifdef TARGET_NR_ustat
7869     case TARGET_NR_ustat:
7870         goto unimplemented;
7871 #endif
7872 #ifdef TARGET_NR_dup2
7873     case TARGET_NR_dup2:
7874         ret = get_errno(dup2(arg1, arg2));
7875         if (ret >= 0) {
7876             fd_trans_dup(arg1, arg2);
7877         }
7878         break;
7879 #endif
7880 #if defined(CONFIG_DUP3) && defined(TARGET_NR_dup3)
7881     case TARGET_NR_dup3:
7882         ret = get_errno(dup3(arg1, arg2, arg3));
7883         if (ret >= 0) {
7884             fd_trans_dup(arg1, arg2);
7885         }
7886         break;
7887 #endif
7888 #ifdef TARGET_NR_getppid /* not on alpha */
7889     case TARGET_NR_getppid:
7890         ret = get_errno(getppid());
7891         break;
7892 #endif
7893 #ifdef TARGET_NR_getpgrp
7894     case TARGET_NR_getpgrp:
7895         ret = get_errno(getpgrp());
7896         break;
7897 #endif
7898     case TARGET_NR_setsid:
7899         ret = get_errno(setsid());
7900         break;
7901 #ifdef TARGET_NR_sigaction
7902     case TARGET_NR_sigaction:
7903         {
7904 #if defined(TARGET_ALPHA)
7905             struct target_sigaction act, oact, *pact = 0;
7906             struct target_old_sigaction *old_act;
7907             if (arg2) {
7908                 if (!lock_user_struct(VERIFY_READ, old_act, arg2, 1))
7909                     goto efault;
7910                 act._sa_handler = old_act->_sa_handler;
7911                 target_siginitset(&act.sa_mask, old_act->sa_mask);
7912                 act.sa_flags = old_act->sa_flags;
7913                 act.sa_restorer = 0;
7914                 unlock_user_struct(old_act, arg2, 0);
7915                 pact = &act;
7916             }
7917             ret = get_errno(do_sigaction(arg1, pact, &oact));
7918             if (!is_error(ret) && arg3) {
7919                 if (!lock_user_struct(VERIFY_WRITE, old_act, arg3, 0))
7920                     goto efault;
7921                 old_act->_sa_handler = oact._sa_handler;
7922                 old_act->sa_mask = oact.sa_mask.sig[0];
7923                 old_act->sa_flags = oact.sa_flags;
7924                 unlock_user_struct(old_act, arg3, 1);
7925             }
7926 #elif defined(TARGET_MIPS)
7927 	    struct target_sigaction act, oact, *pact, *old_act;
7928 
7929 	    if (arg2) {
7930                 if (!lock_user_struct(VERIFY_READ, old_act, arg2, 1))
7931                     goto efault;
7932 		act._sa_handler = old_act->_sa_handler;
7933 		target_siginitset(&act.sa_mask, old_act->sa_mask.sig[0]);
7934 		act.sa_flags = old_act->sa_flags;
7935 		unlock_user_struct(old_act, arg2, 0);
7936 		pact = &act;
7937 	    } else {
7938 		pact = NULL;
7939 	    }
7940 
7941 	    ret = get_errno(do_sigaction(arg1, pact, &oact));
7942 
7943 	    if (!is_error(ret) && arg3) {
7944                 if (!lock_user_struct(VERIFY_WRITE, old_act, arg3, 0))
7945                     goto efault;
7946 		old_act->_sa_handler = oact._sa_handler;
7947 		old_act->sa_flags = oact.sa_flags;
7948 		old_act->sa_mask.sig[0] = oact.sa_mask.sig[0];
7949 		old_act->sa_mask.sig[1] = 0;
7950 		old_act->sa_mask.sig[2] = 0;
7951 		old_act->sa_mask.sig[3] = 0;
7952 		unlock_user_struct(old_act, arg3, 1);
7953 	    }
7954 #else
7955             struct target_old_sigaction *old_act;
7956             struct target_sigaction act, oact, *pact;
7957             if (arg2) {
7958                 if (!lock_user_struct(VERIFY_READ, old_act, arg2, 1))
7959                     goto efault;
7960                 act._sa_handler = old_act->_sa_handler;
7961                 target_siginitset(&act.sa_mask, old_act->sa_mask);
7962                 act.sa_flags = old_act->sa_flags;
7963                 act.sa_restorer = old_act->sa_restorer;
7964                 unlock_user_struct(old_act, arg2, 0);
7965                 pact = &act;
7966             } else {
7967                 pact = NULL;
7968             }
7969             ret = get_errno(do_sigaction(arg1, pact, &oact));
7970             if (!is_error(ret) && arg3) {
7971                 if (!lock_user_struct(VERIFY_WRITE, old_act, arg3, 0))
7972                     goto efault;
7973                 old_act->_sa_handler = oact._sa_handler;
7974                 old_act->sa_mask = oact.sa_mask.sig[0];
7975                 old_act->sa_flags = oact.sa_flags;
7976                 old_act->sa_restorer = oact.sa_restorer;
7977                 unlock_user_struct(old_act, arg3, 1);
7978             }
7979 #endif
7980         }
7981         break;
7982 #endif
7983     case TARGET_NR_rt_sigaction:
7984         {
7985 #if defined(TARGET_ALPHA)
7986             struct target_sigaction act, oact, *pact = 0;
7987             struct target_rt_sigaction *rt_act;
7988 
7989             if (arg4 != sizeof(target_sigset_t)) {
7990                 ret = -TARGET_EINVAL;
7991                 break;
7992             }
7993             if (arg2) {
7994                 if (!lock_user_struct(VERIFY_READ, rt_act, arg2, 1))
7995                     goto efault;
7996                 act._sa_handler = rt_act->_sa_handler;
7997                 act.sa_mask = rt_act->sa_mask;
7998                 act.sa_flags = rt_act->sa_flags;
7999                 act.sa_restorer = arg5;
8000                 unlock_user_struct(rt_act, arg2, 0);
8001                 pact = &act;
8002             }
8003             ret = get_errno(do_sigaction(arg1, pact, &oact));
8004             if (!is_error(ret) && arg3) {
8005                 if (!lock_user_struct(VERIFY_WRITE, rt_act, arg3, 0))
8006                     goto efault;
8007                 rt_act->_sa_handler = oact._sa_handler;
8008                 rt_act->sa_mask = oact.sa_mask;
8009                 rt_act->sa_flags = oact.sa_flags;
8010                 unlock_user_struct(rt_act, arg3, 1);
8011             }
8012 #else
8013             struct target_sigaction *act;
8014             struct target_sigaction *oact;
8015 
8016             if (arg4 != sizeof(target_sigset_t)) {
8017                 ret = -TARGET_EINVAL;
8018                 break;
8019             }
8020             if (arg2) {
8021                 if (!lock_user_struct(VERIFY_READ, act, arg2, 1))
8022                     goto efault;
8023             } else
8024                 act = NULL;
8025             if (arg3) {
8026                 if (!lock_user_struct(VERIFY_WRITE, oact, arg3, 0)) {
8027                     ret = -TARGET_EFAULT;
8028                     goto rt_sigaction_fail;
8029                 }
8030             } else
8031                 oact = NULL;
8032             ret = get_errno(do_sigaction(arg1, act, oact));
8033 	rt_sigaction_fail:
8034             if (act)
8035                 unlock_user_struct(act, arg2, 0);
8036             if (oact)
8037                 unlock_user_struct(oact, arg3, 1);
8038 #endif
8039         }
8040         break;
8041 #ifdef TARGET_NR_sgetmask /* not on alpha */
8042     case TARGET_NR_sgetmask:
8043         {
8044             sigset_t cur_set;
8045             abi_ulong target_set;
8046             ret = do_sigprocmask(0, NULL, &cur_set);
8047             if (!ret) {
8048                 host_to_target_old_sigset(&target_set, &cur_set);
8049                 ret = target_set;
8050             }
8051         }
8052         break;
8053 #endif
8054 #ifdef TARGET_NR_ssetmask /* not on alpha */
8055     case TARGET_NR_ssetmask:
8056         {
8057             sigset_t set, oset, cur_set;
8058             abi_ulong target_set = arg1;
8059             /* We only have one word of the new mask so we must read
8060              * the rest of it with do_sigprocmask() and OR in this word.
8061              * We are guaranteed that a do_sigprocmask() that only queries
8062              * the signal mask will not fail.
8063              */
8064             ret = do_sigprocmask(0, NULL, &cur_set);
8065             assert(!ret);
8066             target_to_host_old_sigset(&set, &target_set);
8067             sigorset(&set, &set, &cur_set);
8068             ret = do_sigprocmask(SIG_SETMASK, &set, &oset);
8069             if (!ret) {
8070                 host_to_target_old_sigset(&target_set, &oset);
8071                 ret = target_set;
8072             }
8073         }
8074         break;
8075 #endif
8076 #ifdef TARGET_NR_sigprocmask
8077     case TARGET_NR_sigprocmask:
8078         {
8079 #if defined(TARGET_ALPHA)
8080             sigset_t set, oldset;
8081             abi_ulong mask;
8082             int how;
8083 
8084             switch (arg1) {
8085             case TARGET_SIG_BLOCK:
8086                 how = SIG_BLOCK;
8087                 break;
8088             case TARGET_SIG_UNBLOCK:
8089                 how = SIG_UNBLOCK;
8090                 break;
8091             case TARGET_SIG_SETMASK:
8092                 how = SIG_SETMASK;
8093                 break;
8094             default:
8095                 ret = -TARGET_EINVAL;
8096                 goto fail;
8097             }
8098             mask = arg2;
8099             target_to_host_old_sigset(&set, &mask);
8100 
8101             ret = do_sigprocmask(how, &set, &oldset);
8102             if (!is_error(ret)) {
8103                 host_to_target_old_sigset(&mask, &oldset);
8104                 ret = mask;
8105                 ((CPUAlphaState *)cpu_env)->ir[IR_V0] = 0; /* force no error */
8106             }
8107 #else
8108             sigset_t set, oldset, *set_ptr;
8109             int how;
8110 
8111             if (arg2) {
8112                 switch (arg1) {
8113                 case TARGET_SIG_BLOCK:
8114                     how = SIG_BLOCK;
8115                     break;
8116                 case TARGET_SIG_UNBLOCK:
8117                     how = SIG_UNBLOCK;
8118                     break;
8119                 case TARGET_SIG_SETMASK:
8120                     how = SIG_SETMASK;
8121                     break;
8122                 default:
8123                     ret = -TARGET_EINVAL;
8124                     goto fail;
8125                 }
8126                 if (!(p = lock_user(VERIFY_READ, arg2, sizeof(target_sigset_t), 1)))
8127                     goto efault;
8128                 target_to_host_old_sigset(&set, p);
8129                 unlock_user(p, arg2, 0);
8130                 set_ptr = &set;
8131             } else {
8132                 how = 0;
8133                 set_ptr = NULL;
8134             }
8135             ret = do_sigprocmask(how, set_ptr, &oldset);
8136             if (!is_error(ret) && arg3) {
8137                 if (!(p = lock_user(VERIFY_WRITE, arg3, sizeof(target_sigset_t), 0)))
8138                     goto efault;
8139                 host_to_target_old_sigset(p, &oldset);
8140                 unlock_user(p, arg3, sizeof(target_sigset_t));
8141             }
8142 #endif
8143         }
8144         break;
8145 #endif
8146     case TARGET_NR_rt_sigprocmask:
8147         {
8148             int how = arg1;
8149             sigset_t set, oldset, *set_ptr;
8150 
8151             if (arg4 != sizeof(target_sigset_t)) {
8152                 ret = -TARGET_EINVAL;
8153                 break;
8154             }
8155 
8156             if (arg2) {
8157                 switch(how) {
8158                 case TARGET_SIG_BLOCK:
8159                     how = SIG_BLOCK;
8160                     break;
8161                 case TARGET_SIG_UNBLOCK:
8162                     how = SIG_UNBLOCK;
8163                     break;
8164                 case TARGET_SIG_SETMASK:
8165                     how = SIG_SETMASK;
8166                     break;
8167                 default:
8168                     ret = -TARGET_EINVAL;
8169                     goto fail;
8170                 }
8171                 if (!(p = lock_user(VERIFY_READ, arg2, sizeof(target_sigset_t), 1)))
8172                     goto efault;
8173                 target_to_host_sigset(&set, p);
8174                 unlock_user(p, arg2, 0);
8175                 set_ptr = &set;
8176             } else {
8177                 how = 0;
8178                 set_ptr = NULL;
8179             }
8180             ret = do_sigprocmask(how, set_ptr, &oldset);
8181             if (!is_error(ret) && arg3) {
8182                 if (!(p = lock_user(VERIFY_WRITE, arg3, sizeof(target_sigset_t), 0)))
8183                     goto efault;
8184                 host_to_target_sigset(p, &oldset);
8185                 unlock_user(p, arg3, sizeof(target_sigset_t));
8186             }
8187         }
8188         break;
8189 #ifdef TARGET_NR_sigpending
8190     case TARGET_NR_sigpending:
8191         {
8192             sigset_t set;
8193             ret = get_errno(sigpending(&set));
8194             if (!is_error(ret)) {
8195                 if (!(p = lock_user(VERIFY_WRITE, arg1, sizeof(target_sigset_t), 0)))
8196                     goto efault;
8197                 host_to_target_old_sigset(p, &set);
8198                 unlock_user(p, arg1, sizeof(target_sigset_t));
8199             }
8200         }
8201         break;
8202 #endif
8203     case TARGET_NR_rt_sigpending:
8204         {
8205             sigset_t set;
8206 
8207             /* Yes, this check is >, not != like most. We follow the kernel's
8208              * logic and it does it like this because it implements
8209              * NR_sigpending through the same code path, and in that case
8210              * the old_sigset_t is smaller in size.
8211              */
8212             if (arg2 > sizeof(target_sigset_t)) {
8213                 ret = -TARGET_EINVAL;
8214                 break;
8215             }
8216 
8217             ret = get_errno(sigpending(&set));
8218             if (!is_error(ret)) {
8219                 if (!(p = lock_user(VERIFY_WRITE, arg1, sizeof(target_sigset_t), 0)))
8220                     goto efault;
8221                 host_to_target_sigset(p, &set);
8222                 unlock_user(p, arg1, sizeof(target_sigset_t));
8223             }
8224         }
8225         break;
8226 #ifdef TARGET_NR_sigsuspend
8227     case TARGET_NR_sigsuspend:
8228         {
8229             TaskState *ts = cpu->opaque;
8230 #if defined(TARGET_ALPHA)
8231             abi_ulong mask = arg1;
8232             target_to_host_old_sigset(&ts->sigsuspend_mask, &mask);
8233 #else
8234             if (!(p = lock_user(VERIFY_READ, arg1, sizeof(target_sigset_t), 1)))
8235                 goto efault;
8236             target_to_host_old_sigset(&ts->sigsuspend_mask, p);
8237             unlock_user(p, arg1, 0);
8238 #endif
8239             ret = get_errno(safe_rt_sigsuspend(&ts->sigsuspend_mask,
8240                                                SIGSET_T_SIZE));
8241             if (ret != -TARGET_ERESTARTSYS) {
8242                 ts->in_sigsuspend = 1;
8243             }
8244         }
8245         break;
8246 #endif
8247     case TARGET_NR_rt_sigsuspend:
8248         {
8249             TaskState *ts = cpu->opaque;
8250 
8251             if (arg2 != sizeof(target_sigset_t)) {
8252                 ret = -TARGET_EINVAL;
8253                 break;
8254             }
8255             if (!(p = lock_user(VERIFY_READ, arg1, sizeof(target_sigset_t), 1)))
8256                 goto efault;
8257             target_to_host_sigset(&ts->sigsuspend_mask, p);
8258             unlock_user(p, arg1, 0);
8259             ret = get_errno(safe_rt_sigsuspend(&ts->sigsuspend_mask,
8260                                                SIGSET_T_SIZE));
8261             if (ret != -TARGET_ERESTARTSYS) {
8262                 ts->in_sigsuspend = 1;
8263             }
8264         }
8265         break;
8266     case TARGET_NR_rt_sigtimedwait:
8267         {
8268             sigset_t set;
8269             struct timespec uts, *puts;
8270             siginfo_t uinfo;
8271 
8272             if (arg4 != sizeof(target_sigset_t)) {
8273                 ret = -TARGET_EINVAL;
8274                 break;
8275             }
8276 
8277             if (!(p = lock_user(VERIFY_READ, arg1, sizeof(target_sigset_t), 1)))
8278                 goto efault;
8279             target_to_host_sigset(&set, p);
8280             unlock_user(p, arg1, 0);
8281             if (arg3) {
8282                 puts = &uts;
8283                 target_to_host_timespec(puts, arg3);
8284             } else {
8285                 puts = NULL;
8286             }
8287             ret = get_errno(safe_rt_sigtimedwait(&set, &uinfo, puts,
8288                                                  SIGSET_T_SIZE));
8289             if (!is_error(ret)) {
8290                 if (arg2) {
8291                     p = lock_user(VERIFY_WRITE, arg2, sizeof(target_siginfo_t),
8292                                   0);
8293                     if (!p) {
8294                         goto efault;
8295                     }
8296                     host_to_target_siginfo(p, &uinfo);
8297                     unlock_user(p, arg2, sizeof(target_siginfo_t));
8298                 }
8299                 ret = host_to_target_signal(ret);
8300             }
8301         }
8302         break;
8303     case TARGET_NR_rt_sigqueueinfo:
8304         {
8305             siginfo_t uinfo;
8306 
8307             p = lock_user(VERIFY_READ, arg3, sizeof(target_siginfo_t), 1);
8308             if (!p) {
8309                 goto efault;
8310             }
8311             target_to_host_siginfo(&uinfo, p);
8312             unlock_user(p, arg1, 0);
8313             ret = get_errno(sys_rt_sigqueueinfo(arg1, arg2, &uinfo));
8314         }
8315         break;
8316 #ifdef TARGET_NR_sigreturn
8317     case TARGET_NR_sigreturn:
8318         if (block_signals()) {
8319             ret = -TARGET_ERESTARTSYS;
8320         } else {
8321             ret = do_sigreturn(cpu_env);
8322         }
8323         break;
8324 #endif
8325     case TARGET_NR_rt_sigreturn:
8326         if (block_signals()) {
8327             ret = -TARGET_ERESTARTSYS;
8328         } else {
8329             ret = do_rt_sigreturn(cpu_env);
8330         }
8331         break;
8332     case TARGET_NR_sethostname:
8333         if (!(p = lock_user_string(arg1)))
8334             goto efault;
8335         ret = get_errno(sethostname(p, arg2));
8336         unlock_user(p, arg1, 0);
8337         break;
8338     case TARGET_NR_setrlimit:
8339         {
8340             int resource = target_to_host_resource(arg1);
8341             struct target_rlimit *target_rlim;
8342             struct rlimit rlim;
8343             if (!lock_user_struct(VERIFY_READ, target_rlim, arg2, 1))
8344                 goto efault;
8345             rlim.rlim_cur = target_to_host_rlim(target_rlim->rlim_cur);
8346             rlim.rlim_max = target_to_host_rlim(target_rlim->rlim_max);
8347             unlock_user_struct(target_rlim, arg2, 0);
8348             ret = get_errno(setrlimit(resource, &rlim));
8349         }
8350         break;
8351     case TARGET_NR_getrlimit:
8352         {
8353             int resource = target_to_host_resource(arg1);
8354             struct target_rlimit *target_rlim;
8355             struct rlimit rlim;
8356 
8357             ret = get_errno(getrlimit(resource, &rlim));
8358             if (!is_error(ret)) {
8359                 if (!lock_user_struct(VERIFY_WRITE, target_rlim, arg2, 0))
8360                     goto efault;
8361                 target_rlim->rlim_cur = host_to_target_rlim(rlim.rlim_cur);
8362                 target_rlim->rlim_max = host_to_target_rlim(rlim.rlim_max);
8363                 unlock_user_struct(target_rlim, arg2, 1);
8364             }
8365         }
8366         break;
8367     case TARGET_NR_getrusage:
8368         {
8369             struct rusage rusage;
8370             ret = get_errno(getrusage(arg1, &rusage));
8371             if (!is_error(ret)) {
8372                 ret = host_to_target_rusage(arg2, &rusage);
8373             }
8374         }
8375         break;
8376     case TARGET_NR_gettimeofday:
8377         {
8378             struct timeval tv;
8379             ret = get_errno(gettimeofday(&tv, NULL));
8380             if (!is_error(ret)) {
8381                 if (copy_to_user_timeval(arg1, &tv))
8382                     goto efault;
8383             }
8384         }
8385         break;
8386     case TARGET_NR_settimeofday:
8387         {
8388             struct timeval tv, *ptv = NULL;
8389             struct timezone tz, *ptz = NULL;
8390 
8391             if (arg1) {
8392                 if (copy_from_user_timeval(&tv, arg1)) {
8393                     goto efault;
8394                 }
8395                 ptv = &tv;
8396             }
8397 
8398             if (arg2) {
8399                 if (copy_from_user_timezone(&tz, arg2)) {
8400                     goto efault;
8401                 }
8402                 ptz = &tz;
8403             }
8404 
8405             ret = get_errno(settimeofday(ptv, ptz));
8406         }
8407         break;
8408 #if defined(TARGET_NR_select)
8409     case TARGET_NR_select:
8410 #if defined(TARGET_S390X) || defined(TARGET_ALPHA)
8411         ret = do_select(arg1, arg2, arg3, arg4, arg5);
8412 #else
8413         {
8414             struct target_sel_arg_struct *sel;
8415             abi_ulong inp, outp, exp, tvp;
8416             long nsel;
8417 
8418             if (!lock_user_struct(VERIFY_READ, sel, arg1, 1))
8419                 goto efault;
8420             nsel = tswapal(sel->n);
8421             inp = tswapal(sel->inp);
8422             outp = tswapal(sel->outp);
8423             exp = tswapal(sel->exp);
8424             tvp = tswapal(sel->tvp);
8425             unlock_user_struct(sel, arg1, 0);
8426             ret = do_select(nsel, inp, outp, exp, tvp);
8427         }
8428 #endif
8429         break;
8430 #endif
8431 #ifdef TARGET_NR_pselect6
8432     case TARGET_NR_pselect6:
8433         {
8434             abi_long rfd_addr, wfd_addr, efd_addr, n, ts_addr;
8435             fd_set rfds, wfds, efds;
8436             fd_set *rfds_ptr, *wfds_ptr, *efds_ptr;
8437             struct timespec ts, *ts_ptr;
8438 
8439             /*
8440              * The 6th arg is actually two args smashed together,
8441              * so we cannot use the C library.
8442              */
8443             sigset_t set;
8444             struct {
8445                 sigset_t *set;
8446                 size_t size;
8447             } sig, *sig_ptr;
8448 
8449             abi_ulong arg_sigset, arg_sigsize, *arg7;
8450             target_sigset_t *target_sigset;
8451 
8452             n = arg1;
8453             rfd_addr = arg2;
8454             wfd_addr = arg3;
8455             efd_addr = arg4;
8456             ts_addr = arg5;
8457 
8458             ret = copy_from_user_fdset_ptr(&rfds, &rfds_ptr, rfd_addr, n);
8459             if (ret) {
8460                 goto fail;
8461             }
8462             ret = copy_from_user_fdset_ptr(&wfds, &wfds_ptr, wfd_addr, n);
8463             if (ret) {
8464                 goto fail;
8465             }
8466             ret = copy_from_user_fdset_ptr(&efds, &efds_ptr, efd_addr, n);
8467             if (ret) {
8468                 goto fail;
8469             }
8470 
8471             /*
8472              * This takes a timespec, and not a timeval, so we cannot
8473              * use the do_select() helper ...
8474              */
8475             if (ts_addr) {
8476                 if (target_to_host_timespec(&ts, ts_addr)) {
8477                     goto efault;
8478                 }
8479                 ts_ptr = &ts;
8480             } else {
8481                 ts_ptr = NULL;
8482             }
8483 
8484             /* Extract the two packed args for the sigset */
8485             if (arg6) {
8486                 sig_ptr = &sig;
8487                 sig.size = SIGSET_T_SIZE;
8488 
8489                 arg7 = lock_user(VERIFY_READ, arg6, sizeof(*arg7) * 2, 1);
8490                 if (!arg7) {
8491                     goto efault;
8492                 }
8493                 arg_sigset = tswapal(arg7[0]);
8494                 arg_sigsize = tswapal(arg7[1]);
8495                 unlock_user(arg7, arg6, 0);
8496 
8497                 if (arg_sigset) {
8498                     sig.set = &set;
8499                     if (arg_sigsize != sizeof(*target_sigset)) {
8500                         /* Like the kernel, we enforce correct size sigsets */
8501                         ret = -TARGET_EINVAL;
8502                         goto fail;
8503                     }
8504                     target_sigset = lock_user(VERIFY_READ, arg_sigset,
8505                                               sizeof(*target_sigset), 1);
8506                     if (!target_sigset) {
8507                         goto efault;
8508                     }
8509                     target_to_host_sigset(&set, target_sigset);
8510                     unlock_user(target_sigset, arg_sigset, 0);
8511                 } else {
8512                     sig.set = NULL;
8513                 }
8514             } else {
8515                 sig_ptr = NULL;
8516             }
8517 
8518             ret = get_errno(safe_pselect6(n, rfds_ptr, wfds_ptr, efds_ptr,
8519                                           ts_ptr, sig_ptr));
8520 
8521             if (!is_error(ret)) {
8522                 if (rfd_addr && copy_to_user_fdset(rfd_addr, &rfds, n))
8523                     goto efault;
8524                 if (wfd_addr && copy_to_user_fdset(wfd_addr, &wfds, n))
8525                     goto efault;
8526                 if (efd_addr && copy_to_user_fdset(efd_addr, &efds, n))
8527                     goto efault;
8528 
8529                 if (ts_addr && host_to_target_timespec(ts_addr, &ts))
8530                     goto efault;
8531             }
8532         }
8533         break;
8534 #endif
8535 #ifdef TARGET_NR_symlink
8536     case TARGET_NR_symlink:
8537         {
8538             void *p2;
8539             p = lock_user_string(arg1);
8540             p2 = lock_user_string(arg2);
8541             if (!p || !p2)
8542                 ret = -TARGET_EFAULT;
8543             else
8544                 ret = get_errno(symlink(p, p2));
8545             unlock_user(p2, arg2, 0);
8546             unlock_user(p, arg1, 0);
8547         }
8548         break;
8549 #endif
8550 #if defined(TARGET_NR_symlinkat)
8551     case TARGET_NR_symlinkat:
8552         {
8553             void *p2;
8554             p  = lock_user_string(arg1);
8555             p2 = lock_user_string(arg3);
8556             if (!p || !p2)
8557                 ret = -TARGET_EFAULT;
8558             else
8559                 ret = get_errno(symlinkat(p, arg2, p2));
8560             unlock_user(p2, arg3, 0);
8561             unlock_user(p, arg1, 0);
8562         }
8563         break;
8564 #endif
8565 #ifdef TARGET_NR_oldlstat
8566     case TARGET_NR_oldlstat:
8567         goto unimplemented;
8568 #endif
8569 #ifdef TARGET_NR_readlink
8570     case TARGET_NR_readlink:
8571         {
8572             void *p2;
8573             p = lock_user_string(arg1);
8574             p2 = lock_user(VERIFY_WRITE, arg2, arg3, 0);
8575             if (!p || !p2) {
8576                 ret = -TARGET_EFAULT;
8577             } else if (!arg3) {
8578                 /* Short circuit this for the magic exe check. */
8579                 ret = -TARGET_EINVAL;
8580             } else if (is_proc_myself((const char *)p, "exe")) {
8581                 char real[PATH_MAX], *temp;
8582                 temp = realpath(exec_path, real);
8583                 /* Return value is # of bytes that we wrote to the buffer. */
8584                 if (temp == NULL) {
8585                     ret = get_errno(-1);
8586                 } else {
8587                     /* Don't worry about sign mismatch as earlier mapping
8588                      * logic would have thrown a bad address error. */
8589                     ret = MIN(strlen(real), arg3);
8590                     /* We cannot NUL terminate the string. */
8591                     memcpy(p2, real, ret);
8592                 }
8593             } else {
8594                 ret = get_errno(readlink(path(p), p2, arg3));
8595             }
8596             unlock_user(p2, arg2, ret);
8597             unlock_user(p, arg1, 0);
8598         }
8599         break;
8600 #endif
8601 #if defined(TARGET_NR_readlinkat)
8602     case TARGET_NR_readlinkat:
8603         {
8604             void *p2;
8605             p  = lock_user_string(arg2);
8606             p2 = lock_user(VERIFY_WRITE, arg3, arg4, 0);
8607             if (!p || !p2) {
8608                 ret = -TARGET_EFAULT;
8609             } else if (is_proc_myself((const char *)p, "exe")) {
8610                 char real[PATH_MAX], *temp;
8611                 temp = realpath(exec_path, real);
8612                 ret = temp == NULL ? get_errno(-1) : strlen(real) ;
8613                 snprintf((char *)p2, arg4, "%s", real);
8614             } else {
8615                 ret = get_errno(readlinkat(arg1, path(p), p2, arg4));
8616             }
8617             unlock_user(p2, arg3, ret);
8618             unlock_user(p, arg2, 0);
8619         }
8620         break;
8621 #endif
8622 #ifdef TARGET_NR_uselib
8623     case TARGET_NR_uselib:
8624         goto unimplemented;
8625 #endif
8626 #ifdef TARGET_NR_swapon
8627     case TARGET_NR_swapon:
8628         if (!(p = lock_user_string(arg1)))
8629             goto efault;
8630         ret = get_errno(swapon(p, arg2));
8631         unlock_user(p, arg1, 0);
8632         break;
8633 #endif
8634     case TARGET_NR_reboot:
8635         if (arg3 == LINUX_REBOOT_CMD_RESTART2) {
8636            /* arg4 must be ignored in all other cases */
8637            p = lock_user_string(arg4);
8638            if (!p) {
8639               goto efault;
8640            }
8641            ret = get_errno(reboot(arg1, arg2, arg3, p));
8642            unlock_user(p, arg4, 0);
8643         } else {
8644            ret = get_errno(reboot(arg1, arg2, arg3, NULL));
8645         }
8646         break;
8647 #ifdef TARGET_NR_readdir
8648     case TARGET_NR_readdir:
8649         goto unimplemented;
8650 #endif
8651 #ifdef TARGET_NR_mmap
8652     case TARGET_NR_mmap:
8653 #if (defined(TARGET_I386) && defined(TARGET_ABI32)) || \
8654     (defined(TARGET_ARM) && defined(TARGET_ABI32)) || \
8655     defined(TARGET_M68K) || defined(TARGET_CRIS) || defined(TARGET_MICROBLAZE) \
8656     || defined(TARGET_S390X)
8657         {
8658             abi_ulong *v;
8659             abi_ulong v1, v2, v3, v4, v5, v6;
8660             if (!(v = lock_user(VERIFY_READ, arg1, 6 * sizeof(abi_ulong), 1)))
8661                 goto efault;
8662             v1 = tswapal(v[0]);
8663             v2 = tswapal(v[1]);
8664             v3 = tswapal(v[2]);
8665             v4 = tswapal(v[3]);
8666             v5 = tswapal(v[4]);
8667             v6 = tswapal(v[5]);
8668             unlock_user(v, arg1, 0);
8669             ret = get_errno(target_mmap(v1, v2, v3,
8670                                         target_to_host_bitmask(v4, mmap_flags_tbl),
8671                                         v5, v6));
8672         }
8673 #else
8674         ret = get_errno(target_mmap(arg1, arg2, arg3,
8675                                     target_to_host_bitmask(arg4, mmap_flags_tbl),
8676                                     arg5,
8677                                     arg6));
8678 #endif
8679         break;
8680 #endif
8681 #ifdef TARGET_NR_mmap2
8682     case TARGET_NR_mmap2:
8683 #ifndef MMAP_SHIFT
8684 #define MMAP_SHIFT 12
8685 #endif
8686         ret = get_errno(target_mmap(arg1, arg2, arg3,
8687                                     target_to_host_bitmask(arg4, mmap_flags_tbl),
8688                                     arg5,
8689                                     arg6 << MMAP_SHIFT));
8690         break;
8691 #endif
8692     case TARGET_NR_munmap:
8693         ret = get_errno(target_munmap(arg1, arg2));
8694         break;
8695     case TARGET_NR_mprotect:
8696         {
8697             TaskState *ts = cpu->opaque;
8698             /* Special hack to detect libc making the stack executable.  */
8699             if ((arg3 & PROT_GROWSDOWN)
8700                 && arg1 >= ts->info->stack_limit
8701                 && arg1 <= ts->info->start_stack) {
8702                 arg3 &= ~PROT_GROWSDOWN;
8703                 arg2 = arg2 + arg1 - ts->info->stack_limit;
8704                 arg1 = ts->info->stack_limit;
8705             }
8706         }
8707         ret = get_errno(target_mprotect(arg1, arg2, arg3));
8708         break;
8709 #ifdef TARGET_NR_mremap
8710     case TARGET_NR_mremap:
8711         ret = get_errno(target_mremap(arg1, arg2, arg3, arg4, arg5));
8712         break;
8713 #endif
8714         /* ??? msync/mlock/munlock are broken for softmmu.  */
8715 #ifdef TARGET_NR_msync
8716     case TARGET_NR_msync:
8717         ret = get_errno(msync(g2h(arg1), arg2, arg3));
8718         break;
8719 #endif
8720 #ifdef TARGET_NR_mlock
8721     case TARGET_NR_mlock:
8722         ret = get_errno(mlock(g2h(arg1), arg2));
8723         break;
8724 #endif
8725 #ifdef TARGET_NR_munlock
8726     case TARGET_NR_munlock:
8727         ret = get_errno(munlock(g2h(arg1), arg2));
8728         break;
8729 #endif
8730 #ifdef TARGET_NR_mlockall
8731     case TARGET_NR_mlockall:
8732         ret = get_errno(mlockall(target_to_host_mlockall_arg(arg1)));
8733         break;
8734 #endif
8735 #ifdef TARGET_NR_munlockall
8736     case TARGET_NR_munlockall:
8737         ret = get_errno(munlockall());
8738         break;
8739 #endif
8740     case TARGET_NR_truncate:
8741         if (!(p = lock_user_string(arg1)))
8742             goto efault;
8743         ret = get_errno(truncate(p, arg2));
8744         unlock_user(p, arg1, 0);
8745         break;
8746     case TARGET_NR_ftruncate:
8747         ret = get_errno(ftruncate(arg1, arg2));
8748         break;
8749     case TARGET_NR_fchmod:
8750         ret = get_errno(fchmod(arg1, arg2));
8751         break;
8752 #if defined(TARGET_NR_fchmodat)
8753     case TARGET_NR_fchmodat:
8754         if (!(p = lock_user_string(arg2)))
8755             goto efault;
8756         ret = get_errno(fchmodat(arg1, p, arg3, 0));
8757         unlock_user(p, arg2, 0);
8758         break;
8759 #endif
8760     case TARGET_NR_getpriority:
8761         /* Note that negative values are valid for getpriority, so we must
8762            differentiate based on errno settings.  */
8763         errno = 0;
8764         ret = getpriority(arg1, arg2);
8765         if (ret == -1 && errno != 0) {
8766             ret = -host_to_target_errno(errno);
8767             break;
8768         }
8769 #ifdef TARGET_ALPHA
8770         /* Return value is the unbiased priority.  Signal no error.  */
8771         ((CPUAlphaState *)cpu_env)->ir[IR_V0] = 0;
8772 #else
8773         /* Return value is a biased priority to avoid negative numbers.  */
8774         ret = 20 - ret;
8775 #endif
8776         break;
8777     case TARGET_NR_setpriority:
8778         ret = get_errno(setpriority(arg1, arg2, arg3));
8779         break;
8780 #ifdef TARGET_NR_profil
8781     case TARGET_NR_profil:
8782         goto unimplemented;
8783 #endif
8784     case TARGET_NR_statfs:
8785         if (!(p = lock_user_string(arg1)))
8786             goto efault;
8787         ret = get_errno(statfs(path(p), &stfs));
8788         unlock_user(p, arg1, 0);
8789     convert_statfs:
8790         if (!is_error(ret)) {
8791             struct target_statfs *target_stfs;
8792 
8793             if (!lock_user_struct(VERIFY_WRITE, target_stfs, arg2, 0))
8794                 goto efault;
8795             __put_user(stfs.f_type, &target_stfs->f_type);
8796             __put_user(stfs.f_bsize, &target_stfs->f_bsize);
8797             __put_user(stfs.f_blocks, &target_stfs->f_blocks);
8798             __put_user(stfs.f_bfree, &target_stfs->f_bfree);
8799             __put_user(stfs.f_bavail, &target_stfs->f_bavail);
8800             __put_user(stfs.f_files, &target_stfs->f_files);
8801             __put_user(stfs.f_ffree, &target_stfs->f_ffree);
8802             __put_user(stfs.f_fsid.__val[0], &target_stfs->f_fsid.val[0]);
8803             __put_user(stfs.f_fsid.__val[1], &target_stfs->f_fsid.val[1]);
8804             __put_user(stfs.f_namelen, &target_stfs->f_namelen);
8805             __put_user(stfs.f_frsize, &target_stfs->f_frsize);
8806             memset(target_stfs->f_spare, 0, sizeof(target_stfs->f_spare));
8807             unlock_user_struct(target_stfs, arg2, 1);
8808         }
8809         break;
8810     case TARGET_NR_fstatfs:
8811         ret = get_errno(fstatfs(arg1, &stfs));
8812         goto convert_statfs;
8813 #ifdef TARGET_NR_statfs64
8814     case TARGET_NR_statfs64:
8815         if (!(p = lock_user_string(arg1)))
8816             goto efault;
8817         ret = get_errno(statfs(path(p), &stfs));
8818         unlock_user(p, arg1, 0);
8819     convert_statfs64:
8820         if (!is_error(ret)) {
8821             struct target_statfs64 *target_stfs;
8822 
8823             if (!lock_user_struct(VERIFY_WRITE, target_stfs, arg3, 0))
8824                 goto efault;
8825             __put_user(stfs.f_type, &target_stfs->f_type);
8826             __put_user(stfs.f_bsize, &target_stfs->f_bsize);
8827             __put_user(stfs.f_blocks, &target_stfs->f_blocks);
8828             __put_user(stfs.f_bfree, &target_stfs->f_bfree);
8829             __put_user(stfs.f_bavail, &target_stfs->f_bavail);
8830             __put_user(stfs.f_files, &target_stfs->f_files);
8831             __put_user(stfs.f_ffree, &target_stfs->f_ffree);
8832             __put_user(stfs.f_fsid.__val[0], &target_stfs->f_fsid.val[0]);
8833             __put_user(stfs.f_fsid.__val[1], &target_stfs->f_fsid.val[1]);
8834             __put_user(stfs.f_namelen, &target_stfs->f_namelen);
8835             __put_user(stfs.f_frsize, &target_stfs->f_frsize);
8836             memset(target_stfs->f_spare, 0, sizeof(target_stfs->f_spare));
8837             unlock_user_struct(target_stfs, arg3, 1);
8838         }
8839         break;
8840     case TARGET_NR_fstatfs64:
8841         ret = get_errno(fstatfs(arg1, &stfs));
8842         goto convert_statfs64;
8843 #endif
8844 #ifdef TARGET_NR_ioperm
8845     case TARGET_NR_ioperm:
8846         goto unimplemented;
8847 #endif
8848 #ifdef TARGET_NR_socketcall
8849     case TARGET_NR_socketcall:
8850         ret = do_socketcall(arg1, arg2);
8851         break;
8852 #endif
8853 #ifdef TARGET_NR_accept
8854     case TARGET_NR_accept:
8855         ret = do_accept4(arg1, arg2, arg3, 0);
8856         break;
8857 #endif
8858 #ifdef TARGET_NR_accept4
8859     case TARGET_NR_accept4:
8860         ret = do_accept4(arg1, arg2, arg3, arg4);
8861         break;
8862 #endif
8863 #ifdef TARGET_NR_bind
8864     case TARGET_NR_bind:
8865         ret = do_bind(arg1, arg2, arg3);
8866         break;
8867 #endif
8868 #ifdef TARGET_NR_connect
8869     case TARGET_NR_connect:
8870         ret = do_connect(arg1, arg2, arg3);
8871         break;
8872 #endif
8873 #ifdef TARGET_NR_getpeername
8874     case TARGET_NR_getpeername:
8875         ret = do_getpeername(arg1, arg2, arg3);
8876         break;
8877 #endif
8878 #ifdef TARGET_NR_getsockname
8879     case TARGET_NR_getsockname:
8880         ret = do_getsockname(arg1, arg2, arg3);
8881         break;
8882 #endif
8883 #ifdef TARGET_NR_getsockopt
8884     case TARGET_NR_getsockopt:
8885         ret = do_getsockopt(arg1, arg2, arg3, arg4, arg5);
8886         break;
8887 #endif
8888 #ifdef TARGET_NR_listen
8889     case TARGET_NR_listen:
8890         ret = get_errno(listen(arg1, arg2));
8891         break;
8892 #endif
8893 #ifdef TARGET_NR_recv
8894     case TARGET_NR_recv:
8895         ret = do_recvfrom(arg1, arg2, arg3, arg4, 0, 0);
8896         break;
8897 #endif
8898 #ifdef TARGET_NR_recvfrom
8899     case TARGET_NR_recvfrom:
8900         ret = do_recvfrom(arg1, arg2, arg3, arg4, arg5, arg6);
8901         break;
8902 #endif
8903 #ifdef TARGET_NR_recvmsg
8904     case TARGET_NR_recvmsg:
8905         ret = do_sendrecvmsg(arg1, arg2, arg3, 0);
8906         break;
8907 #endif
8908 #ifdef TARGET_NR_send
8909     case TARGET_NR_send:
8910         ret = do_sendto(arg1, arg2, arg3, arg4, 0, 0);
8911         break;
8912 #endif
8913 #ifdef TARGET_NR_sendmsg
8914     case TARGET_NR_sendmsg:
8915         ret = do_sendrecvmsg(arg1, arg2, arg3, 1);
8916         break;
8917 #endif
8918 #ifdef TARGET_NR_sendmmsg
8919     case TARGET_NR_sendmmsg:
8920         ret = do_sendrecvmmsg(arg1, arg2, arg3, arg4, 1);
8921         break;
8922     case TARGET_NR_recvmmsg:
8923         ret = do_sendrecvmmsg(arg1, arg2, arg3, arg4, 0);
8924         break;
8925 #endif
8926 #ifdef TARGET_NR_sendto
8927     case TARGET_NR_sendto:
8928         ret = do_sendto(arg1, arg2, arg3, arg4, arg5, arg6);
8929         break;
8930 #endif
8931 #ifdef TARGET_NR_shutdown
8932     case TARGET_NR_shutdown:
8933         ret = get_errno(shutdown(arg1, arg2));
8934         break;
8935 #endif
8936 #if defined(TARGET_NR_getrandom) && defined(__NR_getrandom)
8937     case TARGET_NR_getrandom:
8938         p = lock_user(VERIFY_WRITE, arg1, arg2, 0);
8939         if (!p) {
8940             goto efault;
8941         }
8942         ret = get_errno(getrandom(p, arg2, arg3));
8943         unlock_user(p, arg1, ret);
8944         break;
8945 #endif
8946 #ifdef TARGET_NR_socket
8947     case TARGET_NR_socket:
8948         ret = do_socket(arg1, arg2, arg3);
8949         fd_trans_unregister(ret);
8950         break;
8951 #endif
8952 #ifdef TARGET_NR_socketpair
8953     case TARGET_NR_socketpair:
8954         ret = do_socketpair(arg1, arg2, arg3, arg4);
8955         break;
8956 #endif
8957 #ifdef TARGET_NR_setsockopt
8958     case TARGET_NR_setsockopt:
8959         ret = do_setsockopt(arg1, arg2, arg3, arg4, (socklen_t) arg5);
8960         break;
8961 #endif
8962 
8963     case TARGET_NR_syslog:
8964         if (!(p = lock_user_string(arg2)))
8965             goto efault;
8966         ret = get_errno(sys_syslog((int)arg1, p, (int)arg3));
8967         unlock_user(p, arg2, 0);
8968         break;
8969 
8970     case TARGET_NR_setitimer:
8971         {
8972             struct itimerval value, ovalue, *pvalue;
8973 
8974             if (arg2) {
8975                 pvalue = &value;
8976                 if (copy_from_user_timeval(&pvalue->it_interval, arg2)
8977                     || copy_from_user_timeval(&pvalue->it_value,
8978                                               arg2 + sizeof(struct target_timeval)))
8979                     goto efault;
8980             } else {
8981                 pvalue = NULL;
8982             }
8983             ret = get_errno(setitimer(arg1, pvalue, &ovalue));
8984             if (!is_error(ret) && arg3) {
8985                 if (copy_to_user_timeval(arg3,
8986                                          &ovalue.it_interval)
8987                     || copy_to_user_timeval(arg3 + sizeof(struct target_timeval),
8988                                             &ovalue.it_value))
8989                     goto efault;
8990             }
8991         }
8992         break;
8993     case TARGET_NR_getitimer:
8994         {
8995             struct itimerval value;
8996 
8997             ret = get_errno(getitimer(arg1, &value));
8998             if (!is_error(ret) && arg2) {
8999                 if (copy_to_user_timeval(arg2,
9000                                          &value.it_interval)
9001                     || copy_to_user_timeval(arg2 + sizeof(struct target_timeval),
9002                                             &value.it_value))
9003                     goto efault;
9004             }
9005         }
9006         break;
9007 #ifdef TARGET_NR_stat
9008     case TARGET_NR_stat:
9009         if (!(p = lock_user_string(arg1)))
9010             goto efault;
9011         ret = get_errno(stat(path(p), &st));
9012         unlock_user(p, arg1, 0);
9013         goto do_stat;
9014 #endif
9015 #ifdef TARGET_NR_lstat
9016     case TARGET_NR_lstat:
9017         if (!(p = lock_user_string(arg1)))
9018             goto efault;
9019         ret = get_errno(lstat(path(p), &st));
9020         unlock_user(p, arg1, 0);
9021         goto do_stat;
9022 #endif
9023     case TARGET_NR_fstat:
9024         {
9025             ret = get_errno(fstat(arg1, &st));
9026 #if defined(TARGET_NR_stat) || defined(TARGET_NR_lstat)
9027         do_stat:
9028 #endif
9029             if (!is_error(ret)) {
9030                 struct target_stat *target_st;
9031 
9032                 if (!lock_user_struct(VERIFY_WRITE, target_st, arg2, 0))
9033                     goto efault;
9034                 memset(target_st, 0, sizeof(*target_st));
9035                 __put_user(st.st_dev, &target_st->st_dev);
9036                 __put_user(st.st_ino, &target_st->st_ino);
9037                 __put_user(st.st_mode, &target_st->st_mode);
9038                 __put_user(st.st_uid, &target_st->st_uid);
9039                 __put_user(st.st_gid, &target_st->st_gid);
9040                 __put_user(st.st_nlink, &target_st->st_nlink);
9041                 __put_user(st.st_rdev, &target_st->st_rdev);
9042                 __put_user(st.st_size, &target_st->st_size);
9043                 __put_user(st.st_blksize, &target_st->st_blksize);
9044                 __put_user(st.st_blocks, &target_st->st_blocks);
9045                 __put_user(st.st_atime, &target_st->target_st_atime);
9046                 __put_user(st.st_mtime, &target_st->target_st_mtime);
9047                 __put_user(st.st_ctime, &target_st->target_st_ctime);
9048                 unlock_user_struct(target_st, arg2, 1);
9049             }
9050         }
9051         break;
9052 #ifdef TARGET_NR_olduname
9053     case TARGET_NR_olduname:
9054         goto unimplemented;
9055 #endif
9056 #ifdef TARGET_NR_iopl
9057     case TARGET_NR_iopl:
9058         goto unimplemented;
9059 #endif
9060     case TARGET_NR_vhangup:
9061         ret = get_errno(vhangup());
9062         break;
9063 #ifdef TARGET_NR_idle
9064     case TARGET_NR_idle:
9065         goto unimplemented;
9066 #endif
9067 #ifdef TARGET_NR_syscall
9068     case TARGET_NR_syscall:
9069         ret = do_syscall(cpu_env, arg1 & 0xffff, arg2, arg3, arg4, arg5,
9070                          arg6, arg7, arg8, 0);
9071         break;
9072 #endif
9073     case TARGET_NR_wait4:
9074         {
9075             int status;
9076             abi_long status_ptr = arg2;
9077             struct rusage rusage, *rusage_ptr;
9078             abi_ulong target_rusage = arg4;
9079             abi_long rusage_err;
9080             if (target_rusage)
9081                 rusage_ptr = &rusage;
9082             else
9083                 rusage_ptr = NULL;
9084             ret = get_errno(safe_wait4(arg1, &status, arg3, rusage_ptr));
9085             if (!is_error(ret)) {
9086                 if (status_ptr && ret) {
9087                     status = host_to_target_waitstatus(status);
9088                     if (put_user_s32(status, status_ptr))
9089                         goto efault;
9090                 }
9091                 if (target_rusage) {
9092                     rusage_err = host_to_target_rusage(target_rusage, &rusage);
9093                     if (rusage_err) {
9094                         ret = rusage_err;
9095                     }
9096                 }
9097             }
9098         }
9099         break;
9100 #ifdef TARGET_NR_swapoff
9101     case TARGET_NR_swapoff:
9102         if (!(p = lock_user_string(arg1)))
9103             goto efault;
9104         ret = get_errno(swapoff(p));
9105         unlock_user(p, arg1, 0);
9106         break;
9107 #endif
9108     case TARGET_NR_sysinfo:
9109         {
9110             struct target_sysinfo *target_value;
9111             struct sysinfo value;
9112             ret = get_errno(sysinfo(&value));
9113             if (!is_error(ret) && arg1)
9114             {
9115                 if (!lock_user_struct(VERIFY_WRITE, target_value, arg1, 0))
9116                     goto efault;
9117                 __put_user(value.uptime, &target_value->uptime);
9118                 __put_user(value.loads[0], &target_value->loads[0]);
9119                 __put_user(value.loads[1], &target_value->loads[1]);
9120                 __put_user(value.loads[2], &target_value->loads[2]);
9121                 __put_user(value.totalram, &target_value->totalram);
9122                 __put_user(value.freeram, &target_value->freeram);
9123                 __put_user(value.sharedram, &target_value->sharedram);
9124                 __put_user(value.bufferram, &target_value->bufferram);
9125                 __put_user(value.totalswap, &target_value->totalswap);
9126                 __put_user(value.freeswap, &target_value->freeswap);
9127                 __put_user(value.procs, &target_value->procs);
9128                 __put_user(value.totalhigh, &target_value->totalhigh);
9129                 __put_user(value.freehigh, &target_value->freehigh);
9130                 __put_user(value.mem_unit, &target_value->mem_unit);
9131                 unlock_user_struct(target_value, arg1, 1);
9132             }
9133         }
9134         break;
9135 #ifdef TARGET_NR_ipc
9136     case TARGET_NR_ipc:
9137 	ret = do_ipc(arg1, arg2, arg3, arg4, arg5, arg6);
9138 	break;
9139 #endif
9140 #ifdef TARGET_NR_semget
9141     case TARGET_NR_semget:
9142         ret = get_errno(semget(arg1, arg2, arg3));
9143         break;
9144 #endif
9145 #ifdef TARGET_NR_semop
9146     case TARGET_NR_semop:
9147         ret = do_semop(arg1, arg2, arg3);
9148         break;
9149 #endif
9150 #ifdef TARGET_NR_semctl
9151     case TARGET_NR_semctl:
9152         ret = do_semctl(arg1, arg2, arg3, arg4);
9153         break;
9154 #endif
9155 #ifdef TARGET_NR_msgctl
9156     case TARGET_NR_msgctl:
9157         ret = do_msgctl(arg1, arg2, arg3);
9158         break;
9159 #endif
9160 #ifdef TARGET_NR_msgget
9161     case TARGET_NR_msgget:
9162         ret = get_errno(msgget(arg1, arg2));
9163         break;
9164 #endif
9165 #ifdef TARGET_NR_msgrcv
9166     case TARGET_NR_msgrcv:
9167         ret = do_msgrcv(arg1, arg2, arg3, arg4, arg5);
9168         break;
9169 #endif
9170 #ifdef TARGET_NR_msgsnd
9171     case TARGET_NR_msgsnd:
9172         ret = do_msgsnd(arg1, arg2, arg3, arg4);
9173         break;
9174 #endif
9175 #ifdef TARGET_NR_shmget
9176     case TARGET_NR_shmget:
9177         ret = get_errno(shmget(arg1, arg2, arg3));
9178         break;
9179 #endif
9180 #ifdef TARGET_NR_shmctl
9181     case TARGET_NR_shmctl:
9182         ret = do_shmctl(arg1, arg2, arg3);
9183         break;
9184 #endif
9185 #ifdef TARGET_NR_shmat
9186     case TARGET_NR_shmat:
9187         ret = do_shmat(arg1, arg2, arg3);
9188         break;
9189 #endif
9190 #ifdef TARGET_NR_shmdt
9191     case TARGET_NR_shmdt:
9192         ret = do_shmdt(arg1);
9193         break;
9194 #endif
9195     case TARGET_NR_fsync:
9196         ret = get_errno(fsync(arg1));
9197         break;
9198     case TARGET_NR_clone:
9199         /* Linux manages to have three different orderings for its
9200          * arguments to clone(); the BACKWARDS and BACKWARDS2 defines
9201          * match the kernel's CONFIG_CLONE_* settings.
9202          * Microblaze is further special in that it uses a sixth
9203          * implicit argument to clone for the TLS pointer.
9204          */
9205 #if defined(TARGET_MICROBLAZE)
9206         ret = get_errno(do_fork(cpu_env, arg1, arg2, arg4, arg6, arg5));
9207 #elif defined(TARGET_CLONE_BACKWARDS)
9208         ret = get_errno(do_fork(cpu_env, arg1, arg2, arg3, arg4, arg5));
9209 #elif defined(TARGET_CLONE_BACKWARDS2)
9210         ret = get_errno(do_fork(cpu_env, arg2, arg1, arg3, arg5, arg4));
9211 #else
9212         ret = get_errno(do_fork(cpu_env, arg1, arg2, arg3, arg5, arg4));
9213 #endif
9214         break;
9215 #ifdef __NR_exit_group
9216         /* new thread calls */
9217     case TARGET_NR_exit_group:
9218 #ifdef TARGET_GPROF
9219         _mcleanup();
9220 #endif
9221         gdb_exit(cpu_env, arg1);
9222         ret = get_errno(exit_group(arg1));
9223         break;
9224 #endif
9225     case TARGET_NR_setdomainname:
9226         if (!(p = lock_user_string(arg1)))
9227             goto efault;
9228         ret = get_errno(setdomainname(p, arg2));
9229         unlock_user(p, arg1, 0);
9230         break;
9231     case TARGET_NR_uname:
9232         /* no need to transcode because we use the linux syscall */
9233         {
9234             struct new_utsname * buf;
9235 
9236             if (!lock_user_struct(VERIFY_WRITE, buf, arg1, 0))
9237                 goto efault;
9238             ret = get_errno(sys_uname(buf));
9239             if (!is_error(ret)) {
9240                 /* Overrite the native machine name with whatever is being
9241                    emulated. */
9242                 strcpy (buf->machine, cpu_to_uname_machine(cpu_env));
9243                 /* Allow the user to override the reported release.  */
9244                 if (qemu_uname_release && *qemu_uname_release)
9245                   strcpy (buf->release, qemu_uname_release);
9246             }
9247             unlock_user_struct(buf, arg1, 1);
9248         }
9249         break;
9250 #ifdef TARGET_I386
9251     case TARGET_NR_modify_ldt:
9252         ret = do_modify_ldt(cpu_env, arg1, arg2, arg3);
9253         break;
9254 #if !defined(TARGET_X86_64)
9255     case TARGET_NR_vm86old:
9256         goto unimplemented;
9257     case TARGET_NR_vm86:
9258         ret = do_vm86(cpu_env, arg1, arg2);
9259         break;
9260 #endif
9261 #endif
9262     case TARGET_NR_adjtimex:
9263         goto unimplemented;
9264 #ifdef TARGET_NR_create_module
9265     case TARGET_NR_create_module:
9266 #endif
9267     case TARGET_NR_init_module:
9268     case TARGET_NR_delete_module:
9269 #ifdef TARGET_NR_get_kernel_syms
9270     case TARGET_NR_get_kernel_syms:
9271 #endif
9272         goto unimplemented;
9273     case TARGET_NR_quotactl:
9274         goto unimplemented;
9275     case TARGET_NR_getpgid:
9276         ret = get_errno(getpgid(arg1));
9277         break;
9278     case TARGET_NR_fchdir:
9279         ret = get_errno(fchdir(arg1));
9280         break;
9281 #ifdef TARGET_NR_bdflush /* not on x86_64 */
9282     case TARGET_NR_bdflush:
9283         goto unimplemented;
9284 #endif
9285 #ifdef TARGET_NR_sysfs
9286     case TARGET_NR_sysfs:
9287         goto unimplemented;
9288 #endif
9289     case TARGET_NR_personality:
9290         ret = get_errno(personality(arg1));
9291         break;
9292 #ifdef TARGET_NR_afs_syscall
9293     case TARGET_NR_afs_syscall:
9294         goto unimplemented;
9295 #endif
9296 #ifdef TARGET_NR__llseek /* Not on alpha */
9297     case TARGET_NR__llseek:
9298         {
9299             int64_t res;
9300 #if !defined(__NR_llseek)
9301             res = lseek(arg1, ((uint64_t)arg2 << 32) | arg3, arg5);
9302             if (res == -1) {
9303                 ret = get_errno(res);
9304             } else {
9305                 ret = 0;
9306             }
9307 #else
9308             ret = get_errno(_llseek(arg1, arg2, arg3, &res, arg5));
9309 #endif
9310             if ((ret == 0) && put_user_s64(res, arg4)) {
9311                 goto efault;
9312             }
9313         }
9314         break;
9315 #endif
9316 #ifdef TARGET_NR_getdents
9317     case TARGET_NR_getdents:
9318 #ifdef __NR_getdents
9319 #if TARGET_ABI_BITS == 32 && HOST_LONG_BITS == 64
9320         {
9321             struct target_dirent *target_dirp;
9322             struct linux_dirent *dirp;
9323             abi_long count = arg3;
9324 
9325             dirp = g_try_malloc(count);
9326             if (!dirp) {
9327                 ret = -TARGET_ENOMEM;
9328                 goto fail;
9329             }
9330 
9331             ret = get_errno(sys_getdents(arg1, dirp, count));
9332             if (!is_error(ret)) {
9333                 struct linux_dirent *de;
9334 		struct target_dirent *tde;
9335                 int len = ret;
9336                 int reclen, treclen;
9337 		int count1, tnamelen;
9338 
9339 		count1 = 0;
9340                 de = dirp;
9341                 if (!(target_dirp = lock_user(VERIFY_WRITE, arg2, count, 0)))
9342                     goto efault;
9343 		tde = target_dirp;
9344                 while (len > 0) {
9345                     reclen = de->d_reclen;
9346                     tnamelen = reclen - offsetof(struct linux_dirent, d_name);
9347                     assert(tnamelen >= 0);
9348                     treclen = tnamelen + offsetof(struct target_dirent, d_name);
9349                     assert(count1 + treclen <= count);
9350                     tde->d_reclen = tswap16(treclen);
9351                     tde->d_ino = tswapal(de->d_ino);
9352                     tde->d_off = tswapal(de->d_off);
9353                     memcpy(tde->d_name, de->d_name, tnamelen);
9354                     de = (struct linux_dirent *)((char *)de + reclen);
9355                     len -= reclen;
9356                     tde = (struct target_dirent *)((char *)tde + treclen);
9357 		    count1 += treclen;
9358                 }
9359 		ret = count1;
9360                 unlock_user(target_dirp, arg2, ret);
9361             }
9362             g_free(dirp);
9363         }
9364 #else
9365         {
9366             struct linux_dirent *dirp;
9367             abi_long count = arg3;
9368 
9369             if (!(dirp = lock_user(VERIFY_WRITE, arg2, count, 0)))
9370                 goto efault;
9371             ret = get_errno(sys_getdents(arg1, dirp, count));
9372             if (!is_error(ret)) {
9373                 struct linux_dirent *de;
9374                 int len = ret;
9375                 int reclen;
9376                 de = dirp;
9377                 while (len > 0) {
9378                     reclen = de->d_reclen;
9379                     if (reclen > len)
9380                         break;
9381                     de->d_reclen = tswap16(reclen);
9382                     tswapls(&de->d_ino);
9383                     tswapls(&de->d_off);
9384                     de = (struct linux_dirent *)((char *)de + reclen);
9385                     len -= reclen;
9386                 }
9387             }
9388             unlock_user(dirp, arg2, ret);
9389         }
9390 #endif
9391 #else
9392         /* Implement getdents in terms of getdents64 */
9393         {
9394             struct linux_dirent64 *dirp;
9395             abi_long count = arg3;
9396 
9397             dirp = lock_user(VERIFY_WRITE, arg2, count, 0);
9398             if (!dirp) {
9399                 goto efault;
9400             }
9401             ret = get_errno(sys_getdents64(arg1, dirp, count));
9402             if (!is_error(ret)) {
9403                 /* Convert the dirent64 structs to target dirent.  We do this
9404                  * in-place, since we can guarantee that a target_dirent is no
9405                  * larger than a dirent64; however this means we have to be
9406                  * careful to read everything before writing in the new format.
9407                  */
9408                 struct linux_dirent64 *de;
9409                 struct target_dirent *tde;
9410                 int len = ret;
9411                 int tlen = 0;
9412 
9413                 de = dirp;
9414                 tde = (struct target_dirent *)dirp;
9415                 while (len > 0) {
9416                     int namelen, treclen;
9417                     int reclen = de->d_reclen;
9418                     uint64_t ino = de->d_ino;
9419                     int64_t off = de->d_off;
9420                     uint8_t type = de->d_type;
9421 
9422                     namelen = strlen(de->d_name);
9423                     treclen = offsetof(struct target_dirent, d_name)
9424                         + namelen + 2;
9425                     treclen = QEMU_ALIGN_UP(treclen, sizeof(abi_long));
9426 
9427                     memmove(tde->d_name, de->d_name, namelen + 1);
9428                     tde->d_ino = tswapal(ino);
9429                     tde->d_off = tswapal(off);
9430                     tde->d_reclen = tswap16(treclen);
9431                     /* The target_dirent type is in what was formerly a padding
9432                      * byte at the end of the structure:
9433                      */
9434                     *(((char *)tde) + treclen - 1) = type;
9435 
9436                     de = (struct linux_dirent64 *)((char *)de + reclen);
9437                     tde = (struct target_dirent *)((char *)tde + treclen);
9438                     len -= reclen;
9439                     tlen += treclen;
9440                 }
9441                 ret = tlen;
9442             }
9443             unlock_user(dirp, arg2, ret);
9444         }
9445 #endif
9446         break;
9447 #endif /* TARGET_NR_getdents */
9448 #if defined(TARGET_NR_getdents64) && defined(__NR_getdents64)
9449     case TARGET_NR_getdents64:
9450         {
9451             struct linux_dirent64 *dirp;
9452             abi_long count = arg3;
9453             if (!(dirp = lock_user(VERIFY_WRITE, arg2, count, 0)))
9454                 goto efault;
9455             ret = get_errno(sys_getdents64(arg1, dirp, count));
9456             if (!is_error(ret)) {
9457                 struct linux_dirent64 *de;
9458                 int len = ret;
9459                 int reclen;
9460                 de = dirp;
9461                 while (len > 0) {
9462                     reclen = de->d_reclen;
9463                     if (reclen > len)
9464                         break;
9465                     de->d_reclen = tswap16(reclen);
9466                     tswap64s((uint64_t *)&de->d_ino);
9467                     tswap64s((uint64_t *)&de->d_off);
9468                     de = (struct linux_dirent64 *)((char *)de + reclen);
9469                     len -= reclen;
9470                 }
9471             }
9472             unlock_user(dirp, arg2, ret);
9473         }
9474         break;
9475 #endif /* TARGET_NR_getdents64 */
9476 #if defined(TARGET_NR__newselect)
9477     case TARGET_NR__newselect:
9478         ret = do_select(arg1, arg2, arg3, arg4, arg5);
9479         break;
9480 #endif
9481 #if defined(TARGET_NR_poll) || defined(TARGET_NR_ppoll)
9482 # ifdef TARGET_NR_poll
9483     case TARGET_NR_poll:
9484 # endif
9485 # ifdef TARGET_NR_ppoll
9486     case TARGET_NR_ppoll:
9487 # endif
9488         {
9489             struct target_pollfd *target_pfd;
9490             unsigned int nfds = arg2;
9491             struct pollfd *pfd;
9492             unsigned int i;
9493 
9494             pfd = NULL;
9495             target_pfd = NULL;
9496             if (nfds) {
9497                 target_pfd = lock_user(VERIFY_WRITE, arg1,
9498                                        sizeof(struct target_pollfd) * nfds, 1);
9499                 if (!target_pfd) {
9500                     goto efault;
9501                 }
9502 
9503                 pfd = alloca(sizeof(struct pollfd) * nfds);
9504                 for (i = 0; i < nfds; i++) {
9505                     pfd[i].fd = tswap32(target_pfd[i].fd);
9506                     pfd[i].events = tswap16(target_pfd[i].events);
9507                 }
9508             }
9509 
9510             switch (num) {
9511 # ifdef TARGET_NR_ppoll
9512             case TARGET_NR_ppoll:
9513             {
9514                 struct timespec _timeout_ts, *timeout_ts = &_timeout_ts;
9515                 target_sigset_t *target_set;
9516                 sigset_t _set, *set = &_set;
9517 
9518                 if (arg3) {
9519                     if (target_to_host_timespec(timeout_ts, arg3)) {
9520                         unlock_user(target_pfd, arg1, 0);
9521                         goto efault;
9522                     }
9523                 } else {
9524                     timeout_ts = NULL;
9525                 }
9526 
9527                 if (arg4) {
9528                     if (arg5 != sizeof(target_sigset_t)) {
9529                         unlock_user(target_pfd, arg1, 0);
9530                         ret = -TARGET_EINVAL;
9531                         break;
9532                     }
9533 
9534                     target_set = lock_user(VERIFY_READ, arg4, sizeof(target_sigset_t), 1);
9535                     if (!target_set) {
9536                         unlock_user(target_pfd, arg1, 0);
9537                         goto efault;
9538                     }
9539                     target_to_host_sigset(set, target_set);
9540                 } else {
9541                     set = NULL;
9542                 }
9543 
9544                 ret = get_errno(safe_ppoll(pfd, nfds, timeout_ts,
9545                                            set, SIGSET_T_SIZE));
9546 
9547                 if (!is_error(ret) && arg3) {
9548                     host_to_target_timespec(arg3, timeout_ts);
9549                 }
9550                 if (arg4) {
9551                     unlock_user(target_set, arg4, 0);
9552                 }
9553                 break;
9554             }
9555 # endif
9556 # ifdef TARGET_NR_poll
9557             case TARGET_NR_poll:
9558             {
9559                 struct timespec ts, *pts;
9560 
9561                 if (arg3 >= 0) {
9562                     /* Convert ms to secs, ns */
9563                     ts.tv_sec = arg3 / 1000;
9564                     ts.tv_nsec = (arg3 % 1000) * 1000000LL;
9565                     pts = &ts;
9566                 } else {
9567                     /* -ve poll() timeout means "infinite" */
9568                     pts = NULL;
9569                 }
9570                 ret = get_errno(safe_ppoll(pfd, nfds, pts, NULL, 0));
9571                 break;
9572             }
9573 # endif
9574             default:
9575                 g_assert_not_reached();
9576             }
9577 
9578             if (!is_error(ret)) {
9579                 for(i = 0; i < nfds; i++) {
9580                     target_pfd[i].revents = tswap16(pfd[i].revents);
9581                 }
9582             }
9583             unlock_user(target_pfd, arg1, sizeof(struct target_pollfd) * nfds);
9584         }
9585         break;
9586 #endif
9587     case TARGET_NR_flock:
9588         /* NOTE: the flock constant seems to be the same for every
9589            Linux platform */
9590         ret = get_errno(safe_flock(arg1, arg2));
9591         break;
9592     case TARGET_NR_readv:
9593         {
9594             struct iovec *vec = lock_iovec(VERIFY_WRITE, arg2, arg3, 0);
9595             if (vec != NULL) {
9596                 ret = get_errno(safe_readv(arg1, vec, arg3));
9597                 unlock_iovec(vec, arg2, arg3, 1);
9598             } else {
9599                 ret = -host_to_target_errno(errno);
9600             }
9601         }
9602         break;
9603     case TARGET_NR_writev:
9604         {
9605             struct iovec *vec = lock_iovec(VERIFY_READ, arg2, arg3, 1);
9606             if (vec != NULL) {
9607                 ret = get_errno(safe_writev(arg1, vec, arg3));
9608                 unlock_iovec(vec, arg2, arg3, 0);
9609             } else {
9610                 ret = -host_to_target_errno(errno);
9611             }
9612         }
9613         break;
9614     case TARGET_NR_getsid:
9615         ret = get_errno(getsid(arg1));
9616         break;
9617 #if defined(TARGET_NR_fdatasync) /* Not on alpha (osf_datasync ?) */
9618     case TARGET_NR_fdatasync:
9619         ret = get_errno(fdatasync(arg1));
9620         break;
9621 #endif
9622 #ifdef TARGET_NR__sysctl
9623     case TARGET_NR__sysctl:
9624         /* We don't implement this, but ENOTDIR is always a safe
9625            return value. */
9626         ret = -TARGET_ENOTDIR;
9627         break;
9628 #endif
9629     case TARGET_NR_sched_getaffinity:
9630         {
9631             unsigned int mask_size;
9632             unsigned long *mask;
9633 
9634             /*
9635              * sched_getaffinity needs multiples of ulong, so need to take
9636              * care of mismatches between target ulong and host ulong sizes.
9637              */
9638             if (arg2 & (sizeof(abi_ulong) - 1)) {
9639                 ret = -TARGET_EINVAL;
9640                 break;
9641             }
9642             mask_size = (arg2 + (sizeof(*mask) - 1)) & ~(sizeof(*mask) - 1);
9643 
9644             mask = alloca(mask_size);
9645             ret = get_errno(sys_sched_getaffinity(arg1, mask_size, mask));
9646 
9647             if (!is_error(ret)) {
9648                 if (ret > arg2) {
9649                     /* More data returned than the caller's buffer will fit.
9650                      * This only happens if sizeof(abi_long) < sizeof(long)
9651                      * and the caller passed us a buffer holding an odd number
9652                      * of abi_longs. If the host kernel is actually using the
9653                      * extra 4 bytes then fail EINVAL; otherwise we can just
9654                      * ignore them and only copy the interesting part.
9655                      */
9656                     int numcpus = sysconf(_SC_NPROCESSORS_CONF);
9657                     if (numcpus > arg2 * 8) {
9658                         ret = -TARGET_EINVAL;
9659                         break;
9660                     }
9661                     ret = arg2;
9662                 }
9663 
9664                 if (copy_to_user(arg3, mask, ret)) {
9665                     goto efault;
9666                 }
9667             }
9668         }
9669         break;
9670     case TARGET_NR_sched_setaffinity:
9671         {
9672             unsigned int mask_size;
9673             unsigned long *mask;
9674 
9675             /*
9676              * sched_setaffinity needs multiples of ulong, so need to take
9677              * care of mismatches between target ulong and host ulong sizes.
9678              */
9679             if (arg2 & (sizeof(abi_ulong) - 1)) {
9680                 ret = -TARGET_EINVAL;
9681                 break;
9682             }
9683             mask_size = (arg2 + (sizeof(*mask) - 1)) & ~(sizeof(*mask) - 1);
9684 
9685             mask = alloca(mask_size);
9686             if (!lock_user_struct(VERIFY_READ, p, arg3, 1)) {
9687                 goto efault;
9688             }
9689             memcpy(mask, p, arg2);
9690             unlock_user_struct(p, arg2, 0);
9691 
9692             ret = get_errno(sys_sched_setaffinity(arg1, mask_size, mask));
9693         }
9694         break;
9695     case TARGET_NR_sched_setparam:
9696         {
9697             struct sched_param *target_schp;
9698             struct sched_param schp;
9699 
9700             if (arg2 == 0) {
9701                 return -TARGET_EINVAL;
9702             }
9703             if (!lock_user_struct(VERIFY_READ, target_schp, arg2, 1))
9704                 goto efault;
9705             schp.sched_priority = tswap32(target_schp->sched_priority);
9706             unlock_user_struct(target_schp, arg2, 0);
9707             ret = get_errno(sched_setparam(arg1, &schp));
9708         }
9709         break;
9710     case TARGET_NR_sched_getparam:
9711         {
9712             struct sched_param *target_schp;
9713             struct sched_param schp;
9714 
9715             if (arg2 == 0) {
9716                 return -TARGET_EINVAL;
9717             }
9718             ret = get_errno(sched_getparam(arg1, &schp));
9719             if (!is_error(ret)) {
9720                 if (!lock_user_struct(VERIFY_WRITE, target_schp, arg2, 0))
9721                     goto efault;
9722                 target_schp->sched_priority = tswap32(schp.sched_priority);
9723                 unlock_user_struct(target_schp, arg2, 1);
9724             }
9725         }
9726         break;
9727     case TARGET_NR_sched_setscheduler:
9728         {
9729             struct sched_param *target_schp;
9730             struct sched_param schp;
9731             if (arg3 == 0) {
9732                 return -TARGET_EINVAL;
9733             }
9734             if (!lock_user_struct(VERIFY_READ, target_schp, arg3, 1))
9735                 goto efault;
9736             schp.sched_priority = tswap32(target_schp->sched_priority);
9737             unlock_user_struct(target_schp, arg3, 0);
9738             ret = get_errno(sched_setscheduler(arg1, arg2, &schp));
9739         }
9740         break;
9741     case TARGET_NR_sched_getscheduler:
9742         ret = get_errno(sched_getscheduler(arg1));
9743         break;
9744     case TARGET_NR_sched_yield:
9745         ret = get_errno(sched_yield());
9746         break;
9747     case TARGET_NR_sched_get_priority_max:
9748         ret = get_errno(sched_get_priority_max(arg1));
9749         break;
9750     case TARGET_NR_sched_get_priority_min:
9751         ret = get_errno(sched_get_priority_min(arg1));
9752         break;
9753     case TARGET_NR_sched_rr_get_interval:
9754         {
9755             struct timespec ts;
9756             ret = get_errno(sched_rr_get_interval(arg1, &ts));
9757             if (!is_error(ret)) {
9758                 ret = host_to_target_timespec(arg2, &ts);
9759             }
9760         }
9761         break;
9762     case TARGET_NR_nanosleep:
9763         {
9764             struct timespec req, rem;
9765             target_to_host_timespec(&req, arg1);
9766             ret = get_errno(safe_nanosleep(&req, &rem));
9767             if (is_error(ret) && arg2) {
9768                 host_to_target_timespec(arg2, &rem);
9769             }
9770         }
9771         break;
9772 #ifdef TARGET_NR_query_module
9773     case TARGET_NR_query_module:
9774         goto unimplemented;
9775 #endif
9776 #ifdef TARGET_NR_nfsservctl
9777     case TARGET_NR_nfsservctl:
9778         goto unimplemented;
9779 #endif
9780     case TARGET_NR_prctl:
9781         switch (arg1) {
9782         case PR_GET_PDEATHSIG:
9783         {
9784             int deathsig;
9785             ret = get_errno(prctl(arg1, &deathsig, arg3, arg4, arg5));
9786             if (!is_error(ret) && arg2
9787                 && put_user_ual(deathsig, arg2)) {
9788                 goto efault;
9789             }
9790             break;
9791         }
9792 #ifdef PR_GET_NAME
9793         case PR_GET_NAME:
9794         {
9795             void *name = lock_user(VERIFY_WRITE, arg2, 16, 1);
9796             if (!name) {
9797                 goto efault;
9798             }
9799             ret = get_errno(prctl(arg1, (unsigned long)name,
9800                                   arg3, arg4, arg5));
9801             unlock_user(name, arg2, 16);
9802             break;
9803         }
9804         case PR_SET_NAME:
9805         {
9806             void *name = lock_user(VERIFY_READ, arg2, 16, 1);
9807             if (!name) {
9808                 goto efault;
9809             }
9810             ret = get_errno(prctl(arg1, (unsigned long)name,
9811                                   arg3, arg4, arg5));
9812             unlock_user(name, arg2, 0);
9813             break;
9814         }
9815 #endif
9816         default:
9817             /* Most prctl options have no pointer arguments */
9818             ret = get_errno(prctl(arg1, arg2, arg3, arg4, arg5));
9819             break;
9820         }
9821         break;
9822 #ifdef TARGET_NR_arch_prctl
9823     case TARGET_NR_arch_prctl:
9824 #if defined(TARGET_I386) && !defined(TARGET_ABI32)
9825         ret = do_arch_prctl(cpu_env, arg1, arg2);
9826         break;
9827 #else
9828         goto unimplemented;
9829 #endif
9830 #endif
9831 #ifdef TARGET_NR_pread64
9832     case TARGET_NR_pread64:
9833         if (regpairs_aligned(cpu_env)) {
9834             arg4 = arg5;
9835             arg5 = arg6;
9836         }
9837         if (!(p = lock_user(VERIFY_WRITE, arg2, arg3, 0)))
9838             goto efault;
9839         ret = get_errno(pread64(arg1, p, arg3, target_offset64(arg4, arg5)));
9840         unlock_user(p, arg2, ret);
9841         break;
9842     case TARGET_NR_pwrite64:
9843         if (regpairs_aligned(cpu_env)) {
9844             arg4 = arg5;
9845             arg5 = arg6;
9846         }
9847         if (!(p = lock_user(VERIFY_READ, arg2, arg3, 1)))
9848             goto efault;
9849         ret = get_errno(pwrite64(arg1, p, arg3, target_offset64(arg4, arg5)));
9850         unlock_user(p, arg2, 0);
9851         break;
9852 #endif
9853     case TARGET_NR_getcwd:
9854         if (!(p = lock_user(VERIFY_WRITE, arg1, arg2, 0)))
9855             goto efault;
9856         ret = get_errno(sys_getcwd1(p, arg2));
9857         unlock_user(p, arg1, ret);
9858         break;
9859     case TARGET_NR_capget:
9860     case TARGET_NR_capset:
9861     {
9862         struct target_user_cap_header *target_header;
9863         struct target_user_cap_data *target_data = NULL;
9864         struct __user_cap_header_struct header;
9865         struct __user_cap_data_struct data[2];
9866         struct __user_cap_data_struct *dataptr = NULL;
9867         int i, target_datalen;
9868         int data_items = 1;
9869 
9870         if (!lock_user_struct(VERIFY_WRITE, target_header, arg1, 1)) {
9871             goto efault;
9872         }
9873         header.version = tswap32(target_header->version);
9874         header.pid = tswap32(target_header->pid);
9875 
9876         if (header.version != _LINUX_CAPABILITY_VERSION) {
9877             /* Version 2 and up takes pointer to two user_data structs */
9878             data_items = 2;
9879         }
9880 
9881         target_datalen = sizeof(*target_data) * data_items;
9882 
9883         if (arg2) {
9884             if (num == TARGET_NR_capget) {
9885                 target_data = lock_user(VERIFY_WRITE, arg2, target_datalen, 0);
9886             } else {
9887                 target_data = lock_user(VERIFY_READ, arg2, target_datalen, 1);
9888             }
9889             if (!target_data) {
9890                 unlock_user_struct(target_header, arg1, 0);
9891                 goto efault;
9892             }
9893 
9894             if (num == TARGET_NR_capset) {
9895                 for (i = 0; i < data_items; i++) {
9896                     data[i].effective = tswap32(target_data[i].effective);
9897                     data[i].permitted = tswap32(target_data[i].permitted);
9898                     data[i].inheritable = tswap32(target_data[i].inheritable);
9899                 }
9900             }
9901 
9902             dataptr = data;
9903         }
9904 
9905         if (num == TARGET_NR_capget) {
9906             ret = get_errno(capget(&header, dataptr));
9907         } else {
9908             ret = get_errno(capset(&header, dataptr));
9909         }
9910 
9911         /* The kernel always updates version for both capget and capset */
9912         target_header->version = tswap32(header.version);
9913         unlock_user_struct(target_header, arg1, 1);
9914 
9915         if (arg2) {
9916             if (num == TARGET_NR_capget) {
9917                 for (i = 0; i < data_items; i++) {
9918                     target_data[i].effective = tswap32(data[i].effective);
9919                     target_data[i].permitted = tswap32(data[i].permitted);
9920                     target_data[i].inheritable = tswap32(data[i].inheritable);
9921                 }
9922                 unlock_user(target_data, arg2, target_datalen);
9923             } else {
9924                 unlock_user(target_data, arg2, 0);
9925             }
9926         }
9927         break;
9928     }
9929     case TARGET_NR_sigaltstack:
9930         ret = do_sigaltstack(arg1, arg2, get_sp_from_cpustate((CPUArchState *)cpu_env));
9931         break;
9932 
9933 #ifdef CONFIG_SENDFILE
9934     case TARGET_NR_sendfile:
9935     {
9936         off_t *offp = NULL;
9937         off_t off;
9938         if (arg3) {
9939             ret = get_user_sal(off, arg3);
9940             if (is_error(ret)) {
9941                 break;
9942             }
9943             offp = &off;
9944         }
9945         ret = get_errno(sendfile(arg1, arg2, offp, arg4));
9946         if (!is_error(ret) && arg3) {
9947             abi_long ret2 = put_user_sal(off, arg3);
9948             if (is_error(ret2)) {
9949                 ret = ret2;
9950             }
9951         }
9952         break;
9953     }
9954 #ifdef TARGET_NR_sendfile64
9955     case TARGET_NR_sendfile64:
9956     {
9957         off_t *offp = NULL;
9958         off_t off;
9959         if (arg3) {
9960             ret = get_user_s64(off, arg3);
9961             if (is_error(ret)) {
9962                 break;
9963             }
9964             offp = &off;
9965         }
9966         ret = get_errno(sendfile(arg1, arg2, offp, arg4));
9967         if (!is_error(ret) && arg3) {
9968             abi_long ret2 = put_user_s64(off, arg3);
9969             if (is_error(ret2)) {
9970                 ret = ret2;
9971             }
9972         }
9973         break;
9974     }
9975 #endif
9976 #else
9977     case TARGET_NR_sendfile:
9978 #ifdef TARGET_NR_sendfile64
9979     case TARGET_NR_sendfile64:
9980 #endif
9981         goto unimplemented;
9982 #endif
9983 
9984 #ifdef TARGET_NR_getpmsg
9985     case TARGET_NR_getpmsg:
9986         goto unimplemented;
9987 #endif
9988 #ifdef TARGET_NR_putpmsg
9989     case TARGET_NR_putpmsg:
9990         goto unimplemented;
9991 #endif
9992 #ifdef TARGET_NR_vfork
9993     case TARGET_NR_vfork:
9994         ret = get_errno(do_fork(cpu_env, CLONE_VFORK | CLONE_VM | SIGCHLD,
9995                         0, 0, 0, 0));
9996         break;
9997 #endif
9998 #ifdef TARGET_NR_ugetrlimit
9999     case TARGET_NR_ugetrlimit:
10000     {
10001 	struct rlimit rlim;
10002 	int resource = target_to_host_resource(arg1);
10003 	ret = get_errno(getrlimit(resource, &rlim));
10004 	if (!is_error(ret)) {
10005 	    struct target_rlimit *target_rlim;
10006             if (!lock_user_struct(VERIFY_WRITE, target_rlim, arg2, 0))
10007                 goto efault;
10008 	    target_rlim->rlim_cur = host_to_target_rlim(rlim.rlim_cur);
10009 	    target_rlim->rlim_max = host_to_target_rlim(rlim.rlim_max);
10010             unlock_user_struct(target_rlim, arg2, 1);
10011 	}
10012 	break;
10013     }
10014 #endif
10015 #ifdef TARGET_NR_truncate64
10016     case TARGET_NR_truncate64:
10017         if (!(p = lock_user_string(arg1)))
10018             goto efault;
10019 	ret = target_truncate64(cpu_env, p, arg2, arg3, arg4);
10020         unlock_user(p, arg1, 0);
10021 	break;
10022 #endif
10023 #ifdef TARGET_NR_ftruncate64
10024     case TARGET_NR_ftruncate64:
10025 	ret = target_ftruncate64(cpu_env, arg1, arg2, arg3, arg4);
10026 	break;
10027 #endif
10028 #ifdef TARGET_NR_stat64
10029     case TARGET_NR_stat64:
10030         if (!(p = lock_user_string(arg1)))
10031             goto efault;
10032         ret = get_errno(stat(path(p), &st));
10033         unlock_user(p, arg1, 0);
10034         if (!is_error(ret))
10035             ret = host_to_target_stat64(cpu_env, arg2, &st);
10036         break;
10037 #endif
10038 #ifdef TARGET_NR_lstat64
10039     case TARGET_NR_lstat64:
10040         if (!(p = lock_user_string(arg1)))
10041             goto efault;
10042         ret = get_errno(lstat(path(p), &st));
10043         unlock_user(p, arg1, 0);
10044         if (!is_error(ret))
10045             ret = host_to_target_stat64(cpu_env, arg2, &st);
10046         break;
10047 #endif
10048 #ifdef TARGET_NR_fstat64
10049     case TARGET_NR_fstat64:
10050         ret = get_errno(fstat(arg1, &st));
10051         if (!is_error(ret))
10052             ret = host_to_target_stat64(cpu_env, arg2, &st);
10053         break;
10054 #endif
10055 #if (defined(TARGET_NR_fstatat64) || defined(TARGET_NR_newfstatat))
10056 #ifdef TARGET_NR_fstatat64
10057     case TARGET_NR_fstatat64:
10058 #endif
10059 #ifdef TARGET_NR_newfstatat
10060     case TARGET_NR_newfstatat:
10061 #endif
10062         if (!(p = lock_user_string(arg2)))
10063             goto efault;
10064         ret = get_errno(fstatat(arg1, path(p), &st, arg4));
10065         if (!is_error(ret))
10066             ret = host_to_target_stat64(cpu_env, arg3, &st);
10067         break;
10068 #endif
10069 #ifdef TARGET_NR_lchown
10070     case TARGET_NR_lchown:
10071         if (!(p = lock_user_string(arg1)))
10072             goto efault;
10073         ret = get_errno(lchown(p, low2highuid(arg2), low2highgid(arg3)));
10074         unlock_user(p, arg1, 0);
10075         break;
10076 #endif
10077 #ifdef TARGET_NR_getuid
10078     case TARGET_NR_getuid:
10079         ret = get_errno(high2lowuid(getuid()));
10080         break;
10081 #endif
10082 #ifdef TARGET_NR_getgid
10083     case TARGET_NR_getgid:
10084         ret = get_errno(high2lowgid(getgid()));
10085         break;
10086 #endif
10087 #ifdef TARGET_NR_geteuid
10088     case TARGET_NR_geteuid:
10089         ret = get_errno(high2lowuid(geteuid()));
10090         break;
10091 #endif
10092 #ifdef TARGET_NR_getegid
10093     case TARGET_NR_getegid:
10094         ret = get_errno(high2lowgid(getegid()));
10095         break;
10096 #endif
10097     case TARGET_NR_setreuid:
10098         ret = get_errno(setreuid(low2highuid(arg1), low2highuid(arg2)));
10099         break;
10100     case TARGET_NR_setregid:
10101         ret = get_errno(setregid(low2highgid(arg1), low2highgid(arg2)));
10102         break;
10103     case TARGET_NR_getgroups:
10104         {
10105             int gidsetsize = arg1;
10106             target_id *target_grouplist;
10107             gid_t *grouplist;
10108             int i;
10109 
10110             grouplist = alloca(gidsetsize * sizeof(gid_t));
10111             ret = get_errno(getgroups(gidsetsize, grouplist));
10112             if (gidsetsize == 0)
10113                 break;
10114             if (!is_error(ret)) {
10115                 target_grouplist = lock_user(VERIFY_WRITE, arg2, gidsetsize * sizeof(target_id), 0);
10116                 if (!target_grouplist)
10117                     goto efault;
10118                 for(i = 0;i < ret; i++)
10119                     target_grouplist[i] = tswapid(high2lowgid(grouplist[i]));
10120                 unlock_user(target_grouplist, arg2, gidsetsize * sizeof(target_id));
10121             }
10122         }
10123         break;
10124     case TARGET_NR_setgroups:
10125         {
10126             int gidsetsize = arg1;
10127             target_id *target_grouplist;
10128             gid_t *grouplist = NULL;
10129             int i;
10130             if (gidsetsize) {
10131                 grouplist = alloca(gidsetsize * sizeof(gid_t));
10132                 target_grouplist = lock_user(VERIFY_READ, arg2, gidsetsize * sizeof(target_id), 1);
10133                 if (!target_grouplist) {
10134                     ret = -TARGET_EFAULT;
10135                     goto fail;
10136                 }
10137                 for (i = 0; i < gidsetsize; i++) {
10138                     grouplist[i] = low2highgid(tswapid(target_grouplist[i]));
10139                 }
10140                 unlock_user(target_grouplist, arg2, 0);
10141             }
10142             ret = get_errno(setgroups(gidsetsize, grouplist));
10143         }
10144         break;
10145     case TARGET_NR_fchown:
10146         ret = get_errno(fchown(arg1, low2highuid(arg2), low2highgid(arg3)));
10147         break;
10148 #if defined(TARGET_NR_fchownat)
10149     case TARGET_NR_fchownat:
10150         if (!(p = lock_user_string(arg2)))
10151             goto efault;
10152         ret = get_errno(fchownat(arg1, p, low2highuid(arg3),
10153                                  low2highgid(arg4), arg5));
10154         unlock_user(p, arg2, 0);
10155         break;
10156 #endif
10157 #ifdef TARGET_NR_setresuid
10158     case TARGET_NR_setresuid:
10159         ret = get_errno(sys_setresuid(low2highuid(arg1),
10160                                       low2highuid(arg2),
10161                                       low2highuid(arg3)));
10162         break;
10163 #endif
10164 #ifdef TARGET_NR_getresuid
10165     case TARGET_NR_getresuid:
10166         {
10167             uid_t ruid, euid, suid;
10168             ret = get_errno(getresuid(&ruid, &euid, &suid));
10169             if (!is_error(ret)) {
10170                 if (put_user_id(high2lowuid(ruid), arg1)
10171                     || put_user_id(high2lowuid(euid), arg2)
10172                     || put_user_id(high2lowuid(suid), arg3))
10173                     goto efault;
10174             }
10175         }
10176         break;
10177 #endif
10178 #ifdef TARGET_NR_getresgid
10179     case TARGET_NR_setresgid:
10180         ret = get_errno(sys_setresgid(low2highgid(arg1),
10181                                       low2highgid(arg2),
10182                                       low2highgid(arg3)));
10183         break;
10184 #endif
10185 #ifdef TARGET_NR_getresgid
10186     case TARGET_NR_getresgid:
10187         {
10188             gid_t rgid, egid, sgid;
10189             ret = get_errno(getresgid(&rgid, &egid, &sgid));
10190             if (!is_error(ret)) {
10191                 if (put_user_id(high2lowgid(rgid), arg1)
10192                     || put_user_id(high2lowgid(egid), arg2)
10193                     || put_user_id(high2lowgid(sgid), arg3))
10194                     goto efault;
10195             }
10196         }
10197         break;
10198 #endif
10199 #ifdef TARGET_NR_chown
10200     case TARGET_NR_chown:
10201         if (!(p = lock_user_string(arg1)))
10202             goto efault;
10203         ret = get_errno(chown(p, low2highuid(arg2), low2highgid(arg3)));
10204         unlock_user(p, arg1, 0);
10205         break;
10206 #endif
10207     case TARGET_NR_setuid:
10208         ret = get_errno(sys_setuid(low2highuid(arg1)));
10209         break;
10210     case TARGET_NR_setgid:
10211         ret = get_errno(sys_setgid(low2highgid(arg1)));
10212         break;
10213     case TARGET_NR_setfsuid:
10214         ret = get_errno(setfsuid(arg1));
10215         break;
10216     case TARGET_NR_setfsgid:
10217         ret = get_errno(setfsgid(arg1));
10218         break;
10219 
10220 #ifdef TARGET_NR_lchown32
10221     case TARGET_NR_lchown32:
10222         if (!(p = lock_user_string(arg1)))
10223             goto efault;
10224         ret = get_errno(lchown(p, arg2, arg3));
10225         unlock_user(p, arg1, 0);
10226         break;
10227 #endif
10228 #ifdef TARGET_NR_getuid32
10229     case TARGET_NR_getuid32:
10230         ret = get_errno(getuid());
10231         break;
10232 #endif
10233 
10234 #if defined(TARGET_NR_getxuid) && defined(TARGET_ALPHA)
10235    /* Alpha specific */
10236     case TARGET_NR_getxuid:
10237          {
10238             uid_t euid;
10239             euid=geteuid();
10240             ((CPUAlphaState *)cpu_env)->ir[IR_A4]=euid;
10241          }
10242         ret = get_errno(getuid());
10243         break;
10244 #endif
10245 #if defined(TARGET_NR_getxgid) && defined(TARGET_ALPHA)
10246    /* Alpha specific */
10247     case TARGET_NR_getxgid:
10248          {
10249             uid_t egid;
10250             egid=getegid();
10251             ((CPUAlphaState *)cpu_env)->ir[IR_A4]=egid;
10252          }
10253         ret = get_errno(getgid());
10254         break;
10255 #endif
10256 #if defined(TARGET_NR_osf_getsysinfo) && defined(TARGET_ALPHA)
10257     /* Alpha specific */
10258     case TARGET_NR_osf_getsysinfo:
10259         ret = -TARGET_EOPNOTSUPP;
10260         switch (arg1) {
10261           case TARGET_GSI_IEEE_FP_CONTROL:
10262             {
10263                 uint64_t swcr, fpcr = cpu_alpha_load_fpcr (cpu_env);
10264 
10265                 /* Copied from linux ieee_fpcr_to_swcr.  */
10266                 swcr = (fpcr >> 35) & SWCR_STATUS_MASK;
10267                 swcr |= (fpcr >> 36) & SWCR_MAP_DMZ;
10268                 swcr |= (~fpcr >> 48) & (SWCR_TRAP_ENABLE_INV
10269                                         | SWCR_TRAP_ENABLE_DZE
10270                                         | SWCR_TRAP_ENABLE_OVF);
10271                 swcr |= (~fpcr >> 57) & (SWCR_TRAP_ENABLE_UNF
10272                                         | SWCR_TRAP_ENABLE_INE);
10273                 swcr |= (fpcr >> 47) & SWCR_MAP_UMZ;
10274                 swcr |= (~fpcr >> 41) & SWCR_TRAP_ENABLE_DNO;
10275 
10276                 if (put_user_u64 (swcr, arg2))
10277                         goto efault;
10278                 ret = 0;
10279             }
10280             break;
10281 
10282           /* case GSI_IEEE_STATE_AT_SIGNAL:
10283              -- Not implemented in linux kernel.
10284              case GSI_UACPROC:
10285              -- Retrieves current unaligned access state; not much used.
10286              case GSI_PROC_TYPE:
10287              -- Retrieves implver information; surely not used.
10288              case GSI_GET_HWRPB:
10289              -- Grabs a copy of the HWRPB; surely not used.
10290           */
10291         }
10292         break;
10293 #endif
10294 #if defined(TARGET_NR_osf_setsysinfo) && defined(TARGET_ALPHA)
10295     /* Alpha specific */
10296     case TARGET_NR_osf_setsysinfo:
10297         ret = -TARGET_EOPNOTSUPP;
10298         switch (arg1) {
10299           case TARGET_SSI_IEEE_FP_CONTROL:
10300             {
10301                 uint64_t swcr, fpcr, orig_fpcr;
10302 
10303                 if (get_user_u64 (swcr, arg2)) {
10304                     goto efault;
10305                 }
10306                 orig_fpcr = cpu_alpha_load_fpcr(cpu_env);
10307                 fpcr = orig_fpcr & FPCR_DYN_MASK;
10308 
10309                 /* Copied from linux ieee_swcr_to_fpcr.  */
10310                 fpcr |= (swcr & SWCR_STATUS_MASK) << 35;
10311                 fpcr |= (swcr & SWCR_MAP_DMZ) << 36;
10312                 fpcr |= (~swcr & (SWCR_TRAP_ENABLE_INV
10313                                   | SWCR_TRAP_ENABLE_DZE
10314                                   | SWCR_TRAP_ENABLE_OVF)) << 48;
10315                 fpcr |= (~swcr & (SWCR_TRAP_ENABLE_UNF
10316                                   | SWCR_TRAP_ENABLE_INE)) << 57;
10317                 fpcr |= (swcr & SWCR_MAP_UMZ ? FPCR_UNDZ | FPCR_UNFD : 0);
10318                 fpcr |= (~swcr & SWCR_TRAP_ENABLE_DNO) << 41;
10319 
10320                 cpu_alpha_store_fpcr(cpu_env, fpcr);
10321                 ret = 0;
10322             }
10323             break;
10324 
10325           case TARGET_SSI_IEEE_RAISE_EXCEPTION:
10326             {
10327                 uint64_t exc, fpcr, orig_fpcr;
10328                 int si_code;
10329 
10330                 if (get_user_u64(exc, arg2)) {
10331                     goto efault;
10332                 }
10333 
10334                 orig_fpcr = cpu_alpha_load_fpcr(cpu_env);
10335 
10336                 /* We only add to the exception status here.  */
10337                 fpcr = orig_fpcr | ((exc & SWCR_STATUS_MASK) << 35);
10338 
10339                 cpu_alpha_store_fpcr(cpu_env, fpcr);
10340                 ret = 0;
10341 
10342                 /* Old exceptions are not signaled.  */
10343                 fpcr &= ~(orig_fpcr & FPCR_STATUS_MASK);
10344 
10345                 /* If any exceptions set by this call,
10346                    and are unmasked, send a signal.  */
10347                 si_code = 0;
10348                 if ((fpcr & (FPCR_INE | FPCR_INED)) == FPCR_INE) {
10349                     si_code = TARGET_FPE_FLTRES;
10350                 }
10351                 if ((fpcr & (FPCR_UNF | FPCR_UNFD)) == FPCR_UNF) {
10352                     si_code = TARGET_FPE_FLTUND;
10353                 }
10354                 if ((fpcr & (FPCR_OVF | FPCR_OVFD)) == FPCR_OVF) {
10355                     si_code = TARGET_FPE_FLTOVF;
10356                 }
10357                 if ((fpcr & (FPCR_DZE | FPCR_DZED)) == FPCR_DZE) {
10358                     si_code = TARGET_FPE_FLTDIV;
10359                 }
10360                 if ((fpcr & (FPCR_INV | FPCR_INVD)) == FPCR_INV) {
10361                     si_code = TARGET_FPE_FLTINV;
10362                 }
10363                 if (si_code != 0) {
10364                     target_siginfo_t info;
10365                     info.si_signo = SIGFPE;
10366                     info.si_errno = 0;
10367                     info.si_code = si_code;
10368                     info._sifields._sigfault._addr
10369                         = ((CPUArchState *)cpu_env)->pc;
10370                     queue_signal((CPUArchState *)cpu_env, info.si_signo, &info);
10371                 }
10372             }
10373             break;
10374 
10375           /* case SSI_NVPAIRS:
10376              -- Used with SSIN_UACPROC to enable unaligned accesses.
10377              case SSI_IEEE_STATE_AT_SIGNAL:
10378              case SSI_IEEE_IGNORE_STATE_AT_SIGNAL:
10379              -- Not implemented in linux kernel
10380           */
10381         }
10382         break;
10383 #endif
10384 #ifdef TARGET_NR_osf_sigprocmask
10385     /* Alpha specific.  */
10386     case TARGET_NR_osf_sigprocmask:
10387         {
10388             abi_ulong mask;
10389             int how;
10390             sigset_t set, oldset;
10391 
10392             switch(arg1) {
10393             case TARGET_SIG_BLOCK:
10394                 how = SIG_BLOCK;
10395                 break;
10396             case TARGET_SIG_UNBLOCK:
10397                 how = SIG_UNBLOCK;
10398                 break;
10399             case TARGET_SIG_SETMASK:
10400                 how = SIG_SETMASK;
10401                 break;
10402             default:
10403                 ret = -TARGET_EINVAL;
10404                 goto fail;
10405             }
10406             mask = arg2;
10407             target_to_host_old_sigset(&set, &mask);
10408             ret = do_sigprocmask(how, &set, &oldset);
10409             if (!ret) {
10410                 host_to_target_old_sigset(&mask, &oldset);
10411                 ret = mask;
10412             }
10413         }
10414         break;
10415 #endif
10416 
10417 #ifdef TARGET_NR_getgid32
10418     case TARGET_NR_getgid32:
10419         ret = get_errno(getgid());
10420         break;
10421 #endif
10422 #ifdef TARGET_NR_geteuid32
10423     case TARGET_NR_geteuid32:
10424         ret = get_errno(geteuid());
10425         break;
10426 #endif
10427 #ifdef TARGET_NR_getegid32
10428     case TARGET_NR_getegid32:
10429         ret = get_errno(getegid());
10430         break;
10431 #endif
10432 #ifdef TARGET_NR_setreuid32
10433     case TARGET_NR_setreuid32:
10434         ret = get_errno(setreuid(arg1, arg2));
10435         break;
10436 #endif
10437 #ifdef TARGET_NR_setregid32
10438     case TARGET_NR_setregid32:
10439         ret = get_errno(setregid(arg1, arg2));
10440         break;
10441 #endif
10442 #ifdef TARGET_NR_getgroups32
10443     case TARGET_NR_getgroups32:
10444         {
10445             int gidsetsize = arg1;
10446             uint32_t *target_grouplist;
10447             gid_t *grouplist;
10448             int i;
10449 
10450             grouplist = alloca(gidsetsize * sizeof(gid_t));
10451             ret = get_errno(getgroups(gidsetsize, grouplist));
10452             if (gidsetsize == 0)
10453                 break;
10454             if (!is_error(ret)) {
10455                 target_grouplist = lock_user(VERIFY_WRITE, arg2, gidsetsize * 4, 0);
10456                 if (!target_grouplist) {
10457                     ret = -TARGET_EFAULT;
10458                     goto fail;
10459                 }
10460                 for(i = 0;i < ret; i++)
10461                     target_grouplist[i] = tswap32(grouplist[i]);
10462                 unlock_user(target_grouplist, arg2, gidsetsize * 4);
10463             }
10464         }
10465         break;
10466 #endif
10467 #ifdef TARGET_NR_setgroups32
10468     case TARGET_NR_setgroups32:
10469         {
10470             int gidsetsize = arg1;
10471             uint32_t *target_grouplist;
10472             gid_t *grouplist;
10473             int i;
10474 
10475             grouplist = alloca(gidsetsize * sizeof(gid_t));
10476             target_grouplist = lock_user(VERIFY_READ, arg2, gidsetsize * 4, 1);
10477             if (!target_grouplist) {
10478                 ret = -TARGET_EFAULT;
10479                 goto fail;
10480             }
10481             for(i = 0;i < gidsetsize; i++)
10482                 grouplist[i] = tswap32(target_grouplist[i]);
10483             unlock_user(target_grouplist, arg2, 0);
10484             ret = get_errno(setgroups(gidsetsize, grouplist));
10485         }
10486         break;
10487 #endif
10488 #ifdef TARGET_NR_fchown32
10489     case TARGET_NR_fchown32:
10490         ret = get_errno(fchown(arg1, arg2, arg3));
10491         break;
10492 #endif
10493 #ifdef TARGET_NR_setresuid32
10494     case TARGET_NR_setresuid32:
10495         ret = get_errno(sys_setresuid(arg1, arg2, arg3));
10496         break;
10497 #endif
10498 #ifdef TARGET_NR_getresuid32
10499     case TARGET_NR_getresuid32:
10500         {
10501             uid_t ruid, euid, suid;
10502             ret = get_errno(getresuid(&ruid, &euid, &suid));
10503             if (!is_error(ret)) {
10504                 if (put_user_u32(ruid, arg1)
10505                     || put_user_u32(euid, arg2)
10506                     || put_user_u32(suid, arg3))
10507                     goto efault;
10508             }
10509         }
10510         break;
10511 #endif
10512 #ifdef TARGET_NR_setresgid32
10513     case TARGET_NR_setresgid32:
10514         ret = get_errno(sys_setresgid(arg1, arg2, arg3));
10515         break;
10516 #endif
10517 #ifdef TARGET_NR_getresgid32
10518     case TARGET_NR_getresgid32:
10519         {
10520             gid_t rgid, egid, sgid;
10521             ret = get_errno(getresgid(&rgid, &egid, &sgid));
10522             if (!is_error(ret)) {
10523                 if (put_user_u32(rgid, arg1)
10524                     || put_user_u32(egid, arg2)
10525                     || put_user_u32(sgid, arg3))
10526                     goto efault;
10527             }
10528         }
10529         break;
10530 #endif
10531 #ifdef TARGET_NR_chown32
10532     case TARGET_NR_chown32:
10533         if (!(p = lock_user_string(arg1)))
10534             goto efault;
10535         ret = get_errno(chown(p, arg2, arg3));
10536         unlock_user(p, arg1, 0);
10537         break;
10538 #endif
10539 #ifdef TARGET_NR_setuid32
10540     case TARGET_NR_setuid32:
10541         ret = get_errno(sys_setuid(arg1));
10542         break;
10543 #endif
10544 #ifdef TARGET_NR_setgid32
10545     case TARGET_NR_setgid32:
10546         ret = get_errno(sys_setgid(arg1));
10547         break;
10548 #endif
10549 #ifdef TARGET_NR_setfsuid32
10550     case TARGET_NR_setfsuid32:
10551         ret = get_errno(setfsuid(arg1));
10552         break;
10553 #endif
10554 #ifdef TARGET_NR_setfsgid32
10555     case TARGET_NR_setfsgid32:
10556         ret = get_errno(setfsgid(arg1));
10557         break;
10558 #endif
10559 
10560     case TARGET_NR_pivot_root:
10561         goto unimplemented;
10562 #ifdef TARGET_NR_mincore
10563     case TARGET_NR_mincore:
10564         {
10565             void *a;
10566             ret = -TARGET_EFAULT;
10567             if (!(a = lock_user(VERIFY_READ, arg1,arg2, 0)))
10568                 goto efault;
10569             if (!(p = lock_user_string(arg3)))
10570                 goto mincore_fail;
10571             ret = get_errno(mincore(a, arg2, p));
10572             unlock_user(p, arg3, ret);
10573             mincore_fail:
10574             unlock_user(a, arg1, 0);
10575         }
10576         break;
10577 #endif
10578 #ifdef TARGET_NR_arm_fadvise64_64
10579     case TARGET_NR_arm_fadvise64_64:
10580         /* arm_fadvise64_64 looks like fadvise64_64 but
10581          * with different argument order: fd, advice, offset, len
10582          * rather than the usual fd, offset, len, advice.
10583          * Note that offset and len are both 64-bit so appear as
10584          * pairs of 32-bit registers.
10585          */
10586         ret = posix_fadvise(arg1, target_offset64(arg3, arg4),
10587                             target_offset64(arg5, arg6), arg2);
10588         ret = -host_to_target_errno(ret);
10589         break;
10590 #endif
10591 
10592 #if TARGET_ABI_BITS == 32
10593 
10594 #ifdef TARGET_NR_fadvise64_64
10595     case TARGET_NR_fadvise64_64:
10596         /* 6 args: fd, offset (high, low), len (high, low), advice */
10597         if (regpairs_aligned(cpu_env)) {
10598             /* offset is in (3,4), len in (5,6) and advice in 7 */
10599             arg2 = arg3;
10600             arg3 = arg4;
10601             arg4 = arg5;
10602             arg5 = arg6;
10603             arg6 = arg7;
10604         }
10605         ret = -host_to_target_errno(posix_fadvise(arg1,
10606                                                   target_offset64(arg2, arg3),
10607                                                   target_offset64(arg4, arg5),
10608                                                   arg6));
10609         break;
10610 #endif
10611 
10612 #ifdef TARGET_NR_fadvise64
10613     case TARGET_NR_fadvise64:
10614         /* 5 args: fd, offset (high, low), len, advice */
10615         if (regpairs_aligned(cpu_env)) {
10616             /* offset is in (3,4), len in 5 and advice in 6 */
10617             arg2 = arg3;
10618             arg3 = arg4;
10619             arg4 = arg5;
10620             arg5 = arg6;
10621         }
10622         ret = -host_to_target_errno(posix_fadvise(arg1,
10623                                                   target_offset64(arg2, arg3),
10624                                                   arg4, arg5));
10625         break;
10626 #endif
10627 
10628 #else /* not a 32-bit ABI */
10629 #if defined(TARGET_NR_fadvise64_64) || defined(TARGET_NR_fadvise64)
10630 #ifdef TARGET_NR_fadvise64_64
10631     case TARGET_NR_fadvise64_64:
10632 #endif
10633 #ifdef TARGET_NR_fadvise64
10634     case TARGET_NR_fadvise64:
10635 #endif
10636 #ifdef TARGET_S390X
10637         switch (arg4) {
10638         case 4: arg4 = POSIX_FADV_NOREUSE + 1; break; /* make sure it's an invalid value */
10639         case 5: arg4 = POSIX_FADV_NOREUSE + 2; break; /* ditto */
10640         case 6: arg4 = POSIX_FADV_DONTNEED; break;
10641         case 7: arg4 = POSIX_FADV_NOREUSE; break;
10642         default: break;
10643         }
10644 #endif
10645         ret = -host_to_target_errno(posix_fadvise(arg1, arg2, arg3, arg4));
10646         break;
10647 #endif
10648 #endif /* end of 64-bit ABI fadvise handling */
10649 
10650 #ifdef TARGET_NR_madvise
10651     case TARGET_NR_madvise:
10652         /* A straight passthrough may not be safe because qemu sometimes
10653            turns private file-backed mappings into anonymous mappings.
10654            This will break MADV_DONTNEED.
10655            This is a hint, so ignoring and returning success is ok.  */
10656         ret = get_errno(0);
10657         break;
10658 #endif
10659 #if TARGET_ABI_BITS == 32
10660     case TARGET_NR_fcntl64:
10661     {
10662 	int cmd;
10663 	struct flock64 fl;
10664         from_flock64_fn *copyfrom = copy_from_user_flock64;
10665         to_flock64_fn *copyto = copy_to_user_flock64;
10666 
10667 #ifdef TARGET_ARM
10668         if (((CPUARMState *)cpu_env)->eabi) {
10669             copyfrom = copy_from_user_eabi_flock64;
10670             copyto = copy_to_user_eabi_flock64;
10671         }
10672 #endif
10673 
10674 	cmd = target_to_host_fcntl_cmd(arg2);
10675         if (cmd == -TARGET_EINVAL) {
10676             ret = cmd;
10677             break;
10678         }
10679 
10680         switch(arg2) {
10681         case TARGET_F_GETLK64:
10682             ret = copyfrom(&fl, arg3);
10683             if (ret) {
10684                 break;
10685             }
10686             ret = get_errno(fcntl(arg1, cmd, &fl));
10687             if (ret == 0) {
10688                 ret = copyto(arg3, &fl);
10689             }
10690 	    break;
10691 
10692         case TARGET_F_SETLK64:
10693         case TARGET_F_SETLKW64:
10694             ret = copyfrom(&fl, arg3);
10695             if (ret) {
10696                 break;
10697             }
10698             ret = get_errno(safe_fcntl(arg1, cmd, &fl));
10699 	    break;
10700         default:
10701             ret = do_fcntl(arg1, arg2, arg3);
10702             break;
10703         }
10704 	break;
10705     }
10706 #endif
10707 #ifdef TARGET_NR_cacheflush
10708     case TARGET_NR_cacheflush:
10709         /* self-modifying code is handled automatically, so nothing needed */
10710         ret = 0;
10711         break;
10712 #endif
10713 #ifdef TARGET_NR_security
10714     case TARGET_NR_security:
10715         goto unimplemented;
10716 #endif
10717 #ifdef TARGET_NR_getpagesize
10718     case TARGET_NR_getpagesize:
10719         ret = TARGET_PAGE_SIZE;
10720         break;
10721 #endif
10722     case TARGET_NR_gettid:
10723         ret = get_errno(gettid());
10724         break;
10725 #ifdef TARGET_NR_readahead
10726     case TARGET_NR_readahead:
10727 #if TARGET_ABI_BITS == 32
10728         if (regpairs_aligned(cpu_env)) {
10729             arg2 = arg3;
10730             arg3 = arg4;
10731             arg4 = arg5;
10732         }
10733         ret = get_errno(readahead(arg1, ((off64_t)arg3 << 32) | arg2, arg4));
10734 #else
10735         ret = get_errno(readahead(arg1, arg2, arg3));
10736 #endif
10737         break;
10738 #endif
10739 #ifdef CONFIG_ATTR
10740 #ifdef TARGET_NR_setxattr
10741     case TARGET_NR_listxattr:
10742     case TARGET_NR_llistxattr:
10743     {
10744         void *p, *b = 0;
10745         if (arg2) {
10746             b = lock_user(VERIFY_WRITE, arg2, arg3, 0);
10747             if (!b) {
10748                 ret = -TARGET_EFAULT;
10749                 break;
10750             }
10751         }
10752         p = lock_user_string(arg1);
10753         if (p) {
10754             if (num == TARGET_NR_listxattr) {
10755                 ret = get_errno(listxattr(p, b, arg3));
10756             } else {
10757                 ret = get_errno(llistxattr(p, b, arg3));
10758             }
10759         } else {
10760             ret = -TARGET_EFAULT;
10761         }
10762         unlock_user(p, arg1, 0);
10763         unlock_user(b, arg2, arg3);
10764         break;
10765     }
10766     case TARGET_NR_flistxattr:
10767     {
10768         void *b = 0;
10769         if (arg2) {
10770             b = lock_user(VERIFY_WRITE, arg2, arg3, 0);
10771             if (!b) {
10772                 ret = -TARGET_EFAULT;
10773                 break;
10774             }
10775         }
10776         ret = get_errno(flistxattr(arg1, b, arg3));
10777         unlock_user(b, arg2, arg3);
10778         break;
10779     }
10780     case TARGET_NR_setxattr:
10781     case TARGET_NR_lsetxattr:
10782         {
10783             void *p, *n, *v = 0;
10784             if (arg3) {
10785                 v = lock_user(VERIFY_READ, arg3, arg4, 1);
10786                 if (!v) {
10787                     ret = -TARGET_EFAULT;
10788                     break;
10789                 }
10790             }
10791             p = lock_user_string(arg1);
10792             n = lock_user_string(arg2);
10793             if (p && n) {
10794                 if (num == TARGET_NR_setxattr) {
10795                     ret = get_errno(setxattr(p, n, v, arg4, arg5));
10796                 } else {
10797                     ret = get_errno(lsetxattr(p, n, v, arg4, arg5));
10798                 }
10799             } else {
10800                 ret = -TARGET_EFAULT;
10801             }
10802             unlock_user(p, arg1, 0);
10803             unlock_user(n, arg2, 0);
10804             unlock_user(v, arg3, 0);
10805         }
10806         break;
10807     case TARGET_NR_fsetxattr:
10808         {
10809             void *n, *v = 0;
10810             if (arg3) {
10811                 v = lock_user(VERIFY_READ, arg3, arg4, 1);
10812                 if (!v) {
10813                     ret = -TARGET_EFAULT;
10814                     break;
10815                 }
10816             }
10817             n = lock_user_string(arg2);
10818             if (n) {
10819                 ret = get_errno(fsetxattr(arg1, n, v, arg4, arg5));
10820             } else {
10821                 ret = -TARGET_EFAULT;
10822             }
10823             unlock_user(n, arg2, 0);
10824             unlock_user(v, arg3, 0);
10825         }
10826         break;
10827     case TARGET_NR_getxattr:
10828     case TARGET_NR_lgetxattr:
10829         {
10830             void *p, *n, *v = 0;
10831             if (arg3) {
10832                 v = lock_user(VERIFY_WRITE, arg3, arg4, 0);
10833                 if (!v) {
10834                     ret = -TARGET_EFAULT;
10835                     break;
10836                 }
10837             }
10838             p = lock_user_string(arg1);
10839             n = lock_user_string(arg2);
10840             if (p && n) {
10841                 if (num == TARGET_NR_getxattr) {
10842                     ret = get_errno(getxattr(p, n, v, arg4));
10843                 } else {
10844                     ret = get_errno(lgetxattr(p, n, v, arg4));
10845                 }
10846             } else {
10847                 ret = -TARGET_EFAULT;
10848             }
10849             unlock_user(p, arg1, 0);
10850             unlock_user(n, arg2, 0);
10851             unlock_user(v, arg3, arg4);
10852         }
10853         break;
10854     case TARGET_NR_fgetxattr:
10855         {
10856             void *n, *v = 0;
10857             if (arg3) {
10858                 v = lock_user(VERIFY_WRITE, arg3, arg4, 0);
10859                 if (!v) {
10860                     ret = -TARGET_EFAULT;
10861                     break;
10862                 }
10863             }
10864             n = lock_user_string(arg2);
10865             if (n) {
10866                 ret = get_errno(fgetxattr(arg1, n, v, arg4));
10867             } else {
10868                 ret = -TARGET_EFAULT;
10869             }
10870             unlock_user(n, arg2, 0);
10871             unlock_user(v, arg3, arg4);
10872         }
10873         break;
10874     case TARGET_NR_removexattr:
10875     case TARGET_NR_lremovexattr:
10876         {
10877             void *p, *n;
10878             p = lock_user_string(arg1);
10879             n = lock_user_string(arg2);
10880             if (p && n) {
10881                 if (num == TARGET_NR_removexattr) {
10882                     ret = get_errno(removexattr(p, n));
10883                 } else {
10884                     ret = get_errno(lremovexattr(p, n));
10885                 }
10886             } else {
10887                 ret = -TARGET_EFAULT;
10888             }
10889             unlock_user(p, arg1, 0);
10890             unlock_user(n, arg2, 0);
10891         }
10892         break;
10893     case TARGET_NR_fremovexattr:
10894         {
10895             void *n;
10896             n = lock_user_string(arg2);
10897             if (n) {
10898                 ret = get_errno(fremovexattr(arg1, n));
10899             } else {
10900                 ret = -TARGET_EFAULT;
10901             }
10902             unlock_user(n, arg2, 0);
10903         }
10904         break;
10905 #endif
10906 #endif /* CONFIG_ATTR */
10907 #ifdef TARGET_NR_set_thread_area
10908     case TARGET_NR_set_thread_area:
10909 #if defined(TARGET_MIPS)
10910       ((CPUMIPSState *) cpu_env)->active_tc.CP0_UserLocal = arg1;
10911       ret = 0;
10912       break;
10913 #elif defined(TARGET_CRIS)
10914       if (arg1 & 0xff)
10915           ret = -TARGET_EINVAL;
10916       else {
10917           ((CPUCRISState *) cpu_env)->pregs[PR_PID] = arg1;
10918           ret = 0;
10919       }
10920       break;
10921 #elif defined(TARGET_I386) && defined(TARGET_ABI32)
10922       ret = do_set_thread_area(cpu_env, arg1);
10923       break;
10924 #elif defined(TARGET_M68K)
10925       {
10926           TaskState *ts = cpu->opaque;
10927           ts->tp_value = arg1;
10928           ret = 0;
10929           break;
10930       }
10931 #else
10932       goto unimplemented_nowarn;
10933 #endif
10934 #endif
10935 #ifdef TARGET_NR_get_thread_area
10936     case TARGET_NR_get_thread_area:
10937 #if defined(TARGET_I386) && defined(TARGET_ABI32)
10938         ret = do_get_thread_area(cpu_env, arg1);
10939         break;
10940 #elif defined(TARGET_M68K)
10941         {
10942             TaskState *ts = cpu->opaque;
10943             ret = ts->tp_value;
10944             break;
10945         }
10946 #else
10947         goto unimplemented_nowarn;
10948 #endif
10949 #endif
10950 #ifdef TARGET_NR_getdomainname
10951     case TARGET_NR_getdomainname:
10952         goto unimplemented_nowarn;
10953 #endif
10954 
10955 #ifdef TARGET_NR_clock_gettime
10956     case TARGET_NR_clock_gettime:
10957     {
10958         struct timespec ts;
10959         ret = get_errno(clock_gettime(arg1, &ts));
10960         if (!is_error(ret)) {
10961             host_to_target_timespec(arg2, &ts);
10962         }
10963         break;
10964     }
10965 #endif
10966 #ifdef TARGET_NR_clock_getres
10967     case TARGET_NR_clock_getres:
10968     {
10969         struct timespec ts;
10970         ret = get_errno(clock_getres(arg1, &ts));
10971         if (!is_error(ret)) {
10972             host_to_target_timespec(arg2, &ts);
10973         }
10974         break;
10975     }
10976 #endif
10977 #ifdef TARGET_NR_clock_nanosleep
10978     case TARGET_NR_clock_nanosleep:
10979     {
10980         struct timespec ts;
10981         target_to_host_timespec(&ts, arg3);
10982         ret = get_errno(safe_clock_nanosleep(arg1, arg2,
10983                                              &ts, arg4 ? &ts : NULL));
10984         if (arg4)
10985             host_to_target_timespec(arg4, &ts);
10986 
10987 #if defined(TARGET_PPC)
10988         /* clock_nanosleep is odd in that it returns positive errno values.
10989          * On PPC, CR0 bit 3 should be set in such a situation. */
10990         if (ret && ret != -TARGET_ERESTARTSYS) {
10991             ((CPUPPCState *)cpu_env)->crf[0] |= 1;
10992         }
10993 #endif
10994         break;
10995     }
10996 #endif
10997 
10998 #if defined(TARGET_NR_set_tid_address) && defined(__NR_set_tid_address)
10999     case TARGET_NR_set_tid_address:
11000         ret = get_errno(set_tid_address((int *)g2h(arg1)));
11001         break;
11002 #endif
11003 
11004     case TARGET_NR_tkill:
11005         ret = get_errno(safe_tkill((int)arg1, target_to_host_signal(arg2)));
11006         break;
11007 
11008     case TARGET_NR_tgkill:
11009         ret = get_errno(safe_tgkill((int)arg1, (int)arg2,
11010                         target_to_host_signal(arg3)));
11011         break;
11012 
11013 #ifdef TARGET_NR_set_robust_list
11014     case TARGET_NR_set_robust_list:
11015     case TARGET_NR_get_robust_list:
11016         /* The ABI for supporting robust futexes has userspace pass
11017          * the kernel a pointer to a linked list which is updated by
11018          * userspace after the syscall; the list is walked by the kernel
11019          * when the thread exits. Since the linked list in QEMU guest
11020          * memory isn't a valid linked list for the host and we have
11021          * no way to reliably intercept the thread-death event, we can't
11022          * support these. Silently return ENOSYS so that guest userspace
11023          * falls back to a non-robust futex implementation (which should
11024          * be OK except in the corner case of the guest crashing while
11025          * holding a mutex that is shared with another process via
11026          * shared memory).
11027          */
11028         goto unimplemented_nowarn;
11029 #endif
11030 
11031 #if defined(TARGET_NR_utimensat)
11032     case TARGET_NR_utimensat:
11033         {
11034             struct timespec *tsp, ts[2];
11035             if (!arg3) {
11036                 tsp = NULL;
11037             } else {
11038                 target_to_host_timespec(ts, arg3);
11039                 target_to_host_timespec(ts+1, arg3+sizeof(struct target_timespec));
11040                 tsp = ts;
11041             }
11042             if (!arg2)
11043                 ret = get_errno(sys_utimensat(arg1, NULL, tsp, arg4));
11044             else {
11045                 if (!(p = lock_user_string(arg2))) {
11046                     ret = -TARGET_EFAULT;
11047                     goto fail;
11048                 }
11049                 ret = get_errno(sys_utimensat(arg1, path(p), tsp, arg4));
11050                 unlock_user(p, arg2, 0);
11051             }
11052         }
11053 	break;
11054 #endif
11055     case TARGET_NR_futex:
11056         ret = do_futex(arg1, arg2, arg3, arg4, arg5, arg6);
11057         break;
11058 #if defined(TARGET_NR_inotify_init) && defined(__NR_inotify_init)
11059     case TARGET_NR_inotify_init:
11060         ret = get_errno(sys_inotify_init());
11061         break;
11062 #endif
11063 #ifdef CONFIG_INOTIFY1
11064 #if defined(TARGET_NR_inotify_init1) && defined(__NR_inotify_init1)
11065     case TARGET_NR_inotify_init1:
11066         ret = get_errno(sys_inotify_init1(arg1));
11067         break;
11068 #endif
11069 #endif
11070 #if defined(TARGET_NR_inotify_add_watch) && defined(__NR_inotify_add_watch)
11071     case TARGET_NR_inotify_add_watch:
11072         p = lock_user_string(arg2);
11073         ret = get_errno(sys_inotify_add_watch(arg1, path(p), arg3));
11074         unlock_user(p, arg2, 0);
11075         break;
11076 #endif
11077 #if defined(TARGET_NR_inotify_rm_watch) && defined(__NR_inotify_rm_watch)
11078     case TARGET_NR_inotify_rm_watch:
11079         ret = get_errno(sys_inotify_rm_watch(arg1, arg2));
11080         break;
11081 #endif
11082 
11083 #if defined(TARGET_NR_mq_open) && defined(__NR_mq_open)
11084     case TARGET_NR_mq_open:
11085         {
11086             struct mq_attr posix_mq_attr, *attrp;
11087 
11088             p = lock_user_string(arg1 - 1);
11089             if (arg4 != 0) {
11090                 copy_from_user_mq_attr (&posix_mq_attr, arg4);
11091                 attrp = &posix_mq_attr;
11092             } else {
11093                 attrp = 0;
11094             }
11095             ret = get_errno(mq_open(p, arg2, arg3, attrp));
11096             unlock_user (p, arg1, 0);
11097         }
11098         break;
11099 
11100     case TARGET_NR_mq_unlink:
11101         p = lock_user_string(arg1 - 1);
11102         ret = get_errno(mq_unlink(p));
11103         unlock_user (p, arg1, 0);
11104         break;
11105 
11106     case TARGET_NR_mq_timedsend:
11107         {
11108             struct timespec ts;
11109 
11110             p = lock_user (VERIFY_READ, arg2, arg3, 1);
11111             if (arg5 != 0) {
11112                 target_to_host_timespec(&ts, arg5);
11113                 ret = get_errno(safe_mq_timedsend(arg1, p, arg3, arg4, &ts));
11114                 host_to_target_timespec(arg5, &ts);
11115             } else {
11116                 ret = get_errno(safe_mq_timedsend(arg1, p, arg3, arg4, NULL));
11117             }
11118             unlock_user (p, arg2, arg3);
11119         }
11120         break;
11121 
11122     case TARGET_NR_mq_timedreceive:
11123         {
11124             struct timespec ts;
11125             unsigned int prio;
11126 
11127             p = lock_user (VERIFY_READ, arg2, arg3, 1);
11128             if (arg5 != 0) {
11129                 target_to_host_timespec(&ts, arg5);
11130                 ret = get_errno(safe_mq_timedreceive(arg1, p, arg3,
11131                                                      &prio, &ts));
11132                 host_to_target_timespec(arg5, &ts);
11133             } else {
11134                 ret = get_errno(safe_mq_timedreceive(arg1, p, arg3,
11135                                                      &prio, NULL));
11136             }
11137             unlock_user (p, arg2, arg3);
11138             if (arg4 != 0)
11139                 put_user_u32(prio, arg4);
11140         }
11141         break;
11142 
11143     /* Not implemented for now... */
11144 /*     case TARGET_NR_mq_notify: */
11145 /*         break; */
11146 
11147     case TARGET_NR_mq_getsetattr:
11148         {
11149             struct mq_attr posix_mq_attr_in, posix_mq_attr_out;
11150             ret = 0;
11151             if (arg3 != 0) {
11152                 ret = mq_getattr(arg1, &posix_mq_attr_out);
11153                 copy_to_user_mq_attr(arg3, &posix_mq_attr_out);
11154             }
11155             if (arg2 != 0) {
11156                 copy_from_user_mq_attr(&posix_mq_attr_in, arg2);
11157                 ret |= mq_setattr(arg1, &posix_mq_attr_in, &posix_mq_attr_out);
11158             }
11159 
11160         }
11161         break;
11162 #endif
11163 
11164 #ifdef CONFIG_SPLICE
11165 #ifdef TARGET_NR_tee
11166     case TARGET_NR_tee:
11167         {
11168             ret = get_errno(tee(arg1,arg2,arg3,arg4));
11169         }
11170         break;
11171 #endif
11172 #ifdef TARGET_NR_splice
11173     case TARGET_NR_splice:
11174         {
11175             loff_t loff_in, loff_out;
11176             loff_t *ploff_in = NULL, *ploff_out = NULL;
11177             if (arg2) {
11178                 if (get_user_u64(loff_in, arg2)) {
11179                     goto efault;
11180                 }
11181                 ploff_in = &loff_in;
11182             }
11183             if (arg4) {
11184                 if (get_user_u64(loff_out, arg4)) {
11185                     goto efault;
11186                 }
11187                 ploff_out = &loff_out;
11188             }
11189             ret = get_errno(splice(arg1, ploff_in, arg3, ploff_out, arg5, arg6));
11190             if (arg2) {
11191                 if (put_user_u64(loff_in, arg2)) {
11192                     goto efault;
11193                 }
11194             }
11195             if (arg4) {
11196                 if (put_user_u64(loff_out, arg4)) {
11197                     goto efault;
11198                 }
11199             }
11200         }
11201         break;
11202 #endif
11203 #ifdef TARGET_NR_vmsplice
11204 	case TARGET_NR_vmsplice:
11205         {
11206             struct iovec *vec = lock_iovec(VERIFY_READ, arg2, arg3, 1);
11207             if (vec != NULL) {
11208                 ret = get_errno(vmsplice(arg1, vec, arg3, arg4));
11209                 unlock_iovec(vec, arg2, arg3, 0);
11210             } else {
11211                 ret = -host_to_target_errno(errno);
11212             }
11213         }
11214         break;
11215 #endif
11216 #endif /* CONFIG_SPLICE */
11217 #ifdef CONFIG_EVENTFD
11218 #if defined(TARGET_NR_eventfd)
11219     case TARGET_NR_eventfd:
11220         ret = get_errno(eventfd(arg1, 0));
11221         fd_trans_unregister(ret);
11222         break;
11223 #endif
11224 #if defined(TARGET_NR_eventfd2)
11225     case TARGET_NR_eventfd2:
11226     {
11227         int host_flags = arg2 & (~(TARGET_O_NONBLOCK | TARGET_O_CLOEXEC));
11228         if (arg2 & TARGET_O_NONBLOCK) {
11229             host_flags |= O_NONBLOCK;
11230         }
11231         if (arg2 & TARGET_O_CLOEXEC) {
11232             host_flags |= O_CLOEXEC;
11233         }
11234         ret = get_errno(eventfd(arg1, host_flags));
11235         fd_trans_unregister(ret);
11236         break;
11237     }
11238 #endif
11239 #endif /* CONFIG_EVENTFD  */
11240 #if defined(CONFIG_FALLOCATE) && defined(TARGET_NR_fallocate)
11241     case TARGET_NR_fallocate:
11242 #if TARGET_ABI_BITS == 32
11243         ret = get_errno(fallocate(arg1, arg2, target_offset64(arg3, arg4),
11244                                   target_offset64(arg5, arg6)));
11245 #else
11246         ret = get_errno(fallocate(arg1, arg2, arg3, arg4));
11247 #endif
11248         break;
11249 #endif
11250 #if defined(CONFIG_SYNC_FILE_RANGE)
11251 #if defined(TARGET_NR_sync_file_range)
11252     case TARGET_NR_sync_file_range:
11253 #if TARGET_ABI_BITS == 32
11254 #if defined(TARGET_MIPS)
11255         ret = get_errno(sync_file_range(arg1, target_offset64(arg3, arg4),
11256                                         target_offset64(arg5, arg6), arg7));
11257 #else
11258         ret = get_errno(sync_file_range(arg1, target_offset64(arg2, arg3),
11259                                         target_offset64(arg4, arg5), arg6));
11260 #endif /* !TARGET_MIPS */
11261 #else
11262         ret = get_errno(sync_file_range(arg1, arg2, arg3, arg4));
11263 #endif
11264         break;
11265 #endif
11266 #if defined(TARGET_NR_sync_file_range2)
11267     case TARGET_NR_sync_file_range2:
11268         /* This is like sync_file_range but the arguments are reordered */
11269 #if TARGET_ABI_BITS == 32
11270         ret = get_errno(sync_file_range(arg1, target_offset64(arg3, arg4),
11271                                         target_offset64(arg5, arg6), arg2));
11272 #else
11273         ret = get_errno(sync_file_range(arg1, arg3, arg4, arg2));
11274 #endif
11275         break;
11276 #endif
11277 #endif
11278 #if defined(TARGET_NR_signalfd4)
11279     case TARGET_NR_signalfd4:
11280         ret = do_signalfd4(arg1, arg2, arg4);
11281         break;
11282 #endif
11283 #if defined(TARGET_NR_signalfd)
11284     case TARGET_NR_signalfd:
11285         ret = do_signalfd4(arg1, arg2, 0);
11286         break;
11287 #endif
11288 #if defined(CONFIG_EPOLL)
11289 #if defined(TARGET_NR_epoll_create)
11290     case TARGET_NR_epoll_create:
11291         ret = get_errno(epoll_create(arg1));
11292         break;
11293 #endif
11294 #if defined(TARGET_NR_epoll_create1) && defined(CONFIG_EPOLL_CREATE1)
11295     case TARGET_NR_epoll_create1:
11296         ret = get_errno(epoll_create1(arg1));
11297         break;
11298 #endif
11299 #if defined(TARGET_NR_epoll_ctl)
11300     case TARGET_NR_epoll_ctl:
11301     {
11302         struct epoll_event ep;
11303         struct epoll_event *epp = 0;
11304         if (arg4) {
11305             struct target_epoll_event *target_ep;
11306             if (!lock_user_struct(VERIFY_READ, target_ep, arg4, 1)) {
11307                 goto efault;
11308             }
11309             ep.events = tswap32(target_ep->events);
11310             /* The epoll_data_t union is just opaque data to the kernel,
11311              * so we transfer all 64 bits across and need not worry what
11312              * actual data type it is.
11313              */
11314             ep.data.u64 = tswap64(target_ep->data.u64);
11315             unlock_user_struct(target_ep, arg4, 0);
11316             epp = &ep;
11317         }
11318         ret = get_errno(epoll_ctl(arg1, arg2, arg3, epp));
11319         break;
11320     }
11321 #endif
11322 
11323 #if defined(TARGET_NR_epoll_wait) || defined(TARGET_NR_epoll_pwait)
11324 #if defined(TARGET_NR_epoll_wait)
11325     case TARGET_NR_epoll_wait:
11326 #endif
11327 #if defined(TARGET_NR_epoll_pwait)
11328     case TARGET_NR_epoll_pwait:
11329 #endif
11330     {
11331         struct target_epoll_event *target_ep;
11332         struct epoll_event *ep;
11333         int epfd = arg1;
11334         int maxevents = arg3;
11335         int timeout = arg4;
11336 
11337         target_ep = lock_user(VERIFY_WRITE, arg2,
11338                               maxevents * sizeof(struct target_epoll_event), 1);
11339         if (!target_ep) {
11340             goto efault;
11341         }
11342 
11343         ep = alloca(maxevents * sizeof(struct epoll_event));
11344 
11345         switch (num) {
11346 #if defined(TARGET_NR_epoll_pwait)
11347         case TARGET_NR_epoll_pwait:
11348         {
11349             target_sigset_t *target_set;
11350             sigset_t _set, *set = &_set;
11351 
11352             if (arg5) {
11353                 if (arg6 != sizeof(target_sigset_t)) {
11354                     ret = -TARGET_EINVAL;
11355                     break;
11356                 }
11357 
11358                 target_set = lock_user(VERIFY_READ, arg5,
11359                                        sizeof(target_sigset_t), 1);
11360                 if (!target_set) {
11361                     unlock_user(target_ep, arg2, 0);
11362                     goto efault;
11363                 }
11364                 target_to_host_sigset(set, target_set);
11365                 unlock_user(target_set, arg5, 0);
11366             } else {
11367                 set = NULL;
11368             }
11369 
11370             ret = get_errno(safe_epoll_pwait(epfd, ep, maxevents, timeout,
11371                                              set, SIGSET_T_SIZE));
11372             break;
11373         }
11374 #endif
11375 #if defined(TARGET_NR_epoll_wait)
11376         case TARGET_NR_epoll_wait:
11377             ret = get_errno(safe_epoll_pwait(epfd, ep, maxevents, timeout,
11378                                              NULL, 0));
11379             break;
11380 #endif
11381         default:
11382             ret = -TARGET_ENOSYS;
11383         }
11384         if (!is_error(ret)) {
11385             int i;
11386             for (i = 0; i < ret; i++) {
11387                 target_ep[i].events = tswap32(ep[i].events);
11388                 target_ep[i].data.u64 = tswap64(ep[i].data.u64);
11389             }
11390         }
11391         unlock_user(target_ep, arg2, ret * sizeof(struct target_epoll_event));
11392         break;
11393     }
11394 #endif
11395 #endif
11396 #ifdef TARGET_NR_prlimit64
11397     case TARGET_NR_prlimit64:
11398     {
11399         /* args: pid, resource number, ptr to new rlimit, ptr to old rlimit */
11400         struct target_rlimit64 *target_rnew, *target_rold;
11401         struct host_rlimit64 rnew, rold, *rnewp = 0;
11402         int resource = target_to_host_resource(arg2);
11403         if (arg3) {
11404             if (!lock_user_struct(VERIFY_READ, target_rnew, arg3, 1)) {
11405                 goto efault;
11406             }
11407             rnew.rlim_cur = tswap64(target_rnew->rlim_cur);
11408             rnew.rlim_max = tswap64(target_rnew->rlim_max);
11409             unlock_user_struct(target_rnew, arg3, 0);
11410             rnewp = &rnew;
11411         }
11412 
11413         ret = get_errno(sys_prlimit64(arg1, resource, rnewp, arg4 ? &rold : 0));
11414         if (!is_error(ret) && arg4) {
11415             if (!lock_user_struct(VERIFY_WRITE, target_rold, arg4, 1)) {
11416                 goto efault;
11417             }
11418             target_rold->rlim_cur = tswap64(rold.rlim_cur);
11419             target_rold->rlim_max = tswap64(rold.rlim_max);
11420             unlock_user_struct(target_rold, arg4, 1);
11421         }
11422         break;
11423     }
11424 #endif
11425 #ifdef TARGET_NR_gethostname
11426     case TARGET_NR_gethostname:
11427     {
11428         char *name = lock_user(VERIFY_WRITE, arg1, arg2, 0);
11429         if (name) {
11430             ret = get_errno(gethostname(name, arg2));
11431             unlock_user(name, arg1, arg2);
11432         } else {
11433             ret = -TARGET_EFAULT;
11434         }
11435         break;
11436     }
11437 #endif
11438 #ifdef TARGET_NR_atomic_cmpxchg_32
11439     case TARGET_NR_atomic_cmpxchg_32:
11440     {
11441         /* should use start_exclusive from main.c */
11442         abi_ulong mem_value;
11443         if (get_user_u32(mem_value, arg6)) {
11444             target_siginfo_t info;
11445             info.si_signo = SIGSEGV;
11446             info.si_errno = 0;
11447             info.si_code = TARGET_SEGV_MAPERR;
11448             info._sifields._sigfault._addr = arg6;
11449             queue_signal((CPUArchState *)cpu_env, info.si_signo, &info);
11450             ret = 0xdeadbeef;
11451 
11452         }
11453         if (mem_value == arg2)
11454             put_user_u32(arg1, arg6);
11455         ret = mem_value;
11456         break;
11457     }
11458 #endif
11459 #ifdef TARGET_NR_atomic_barrier
11460     case TARGET_NR_atomic_barrier:
11461     {
11462         /* Like the kernel implementation and the qemu arm barrier, no-op this? */
11463         ret = 0;
11464         break;
11465     }
11466 #endif
11467 
11468 #ifdef TARGET_NR_timer_create
11469     case TARGET_NR_timer_create:
11470     {
11471         /* args: clockid_t clockid, struct sigevent *sevp, timer_t *timerid */
11472 
11473         struct sigevent host_sevp = { {0}, }, *phost_sevp = NULL;
11474 
11475         int clkid = arg1;
11476         int timer_index = next_free_host_timer();
11477 
11478         if (timer_index < 0) {
11479             ret = -TARGET_EAGAIN;
11480         } else {
11481             timer_t *phtimer = g_posix_timers  + timer_index;
11482 
11483             if (arg2) {
11484                 phost_sevp = &host_sevp;
11485                 ret = target_to_host_sigevent(phost_sevp, arg2);
11486                 if (ret != 0) {
11487                     break;
11488                 }
11489             }
11490 
11491             ret = get_errno(timer_create(clkid, phost_sevp, phtimer));
11492             if (ret) {
11493                 phtimer = NULL;
11494             } else {
11495                 if (put_user(TIMER_MAGIC | timer_index, arg3, target_timer_t)) {
11496                     goto efault;
11497                 }
11498             }
11499         }
11500         break;
11501     }
11502 #endif
11503 
11504 #ifdef TARGET_NR_timer_settime
11505     case TARGET_NR_timer_settime:
11506     {
11507         /* args: timer_t timerid, int flags, const struct itimerspec *new_value,
11508          * struct itimerspec * old_value */
11509         target_timer_t timerid = get_timer_id(arg1);
11510 
11511         if (timerid < 0) {
11512             ret = timerid;
11513         } else if (arg3 == 0) {
11514             ret = -TARGET_EINVAL;
11515         } else {
11516             timer_t htimer = g_posix_timers[timerid];
11517             struct itimerspec hspec_new = {{0},}, hspec_old = {{0},};
11518 
11519             target_to_host_itimerspec(&hspec_new, arg3);
11520             ret = get_errno(
11521                           timer_settime(htimer, arg2, &hspec_new, &hspec_old));
11522             host_to_target_itimerspec(arg2, &hspec_old);
11523         }
11524         break;
11525     }
11526 #endif
11527 
11528 #ifdef TARGET_NR_timer_gettime
11529     case TARGET_NR_timer_gettime:
11530     {
11531         /* args: timer_t timerid, struct itimerspec *curr_value */
11532         target_timer_t timerid = get_timer_id(arg1);
11533 
11534         if (timerid < 0) {
11535             ret = timerid;
11536         } else if (!arg2) {
11537             ret = -TARGET_EFAULT;
11538         } else {
11539             timer_t htimer = g_posix_timers[timerid];
11540             struct itimerspec hspec;
11541             ret = get_errno(timer_gettime(htimer, &hspec));
11542 
11543             if (host_to_target_itimerspec(arg2, &hspec)) {
11544                 ret = -TARGET_EFAULT;
11545             }
11546         }
11547         break;
11548     }
11549 #endif
11550 
11551 #ifdef TARGET_NR_timer_getoverrun
11552     case TARGET_NR_timer_getoverrun:
11553     {
11554         /* args: timer_t timerid */
11555         target_timer_t timerid = get_timer_id(arg1);
11556 
11557         if (timerid < 0) {
11558             ret = timerid;
11559         } else {
11560             timer_t htimer = g_posix_timers[timerid];
11561             ret = get_errno(timer_getoverrun(htimer));
11562         }
11563         fd_trans_unregister(ret);
11564         break;
11565     }
11566 #endif
11567 
11568 #ifdef TARGET_NR_timer_delete
11569     case TARGET_NR_timer_delete:
11570     {
11571         /* args: timer_t timerid */
11572         target_timer_t timerid = get_timer_id(arg1);
11573 
11574         if (timerid < 0) {
11575             ret = timerid;
11576         } else {
11577             timer_t htimer = g_posix_timers[timerid];
11578             ret = get_errno(timer_delete(htimer));
11579             g_posix_timers[timerid] = 0;
11580         }
11581         break;
11582     }
11583 #endif
11584 
11585 #if defined(TARGET_NR_timerfd_create) && defined(CONFIG_TIMERFD)
11586     case TARGET_NR_timerfd_create:
11587         ret = get_errno(timerfd_create(arg1,
11588                 target_to_host_bitmask(arg2, fcntl_flags_tbl)));
11589         break;
11590 #endif
11591 
11592 #if defined(TARGET_NR_timerfd_gettime) && defined(CONFIG_TIMERFD)
11593     case TARGET_NR_timerfd_gettime:
11594         {
11595             struct itimerspec its_curr;
11596 
11597             ret = get_errno(timerfd_gettime(arg1, &its_curr));
11598 
11599             if (arg2 && host_to_target_itimerspec(arg2, &its_curr)) {
11600                 goto efault;
11601             }
11602         }
11603         break;
11604 #endif
11605 
11606 #if defined(TARGET_NR_timerfd_settime) && defined(CONFIG_TIMERFD)
11607     case TARGET_NR_timerfd_settime:
11608         {
11609             struct itimerspec its_new, its_old, *p_new;
11610 
11611             if (arg3) {
11612                 if (target_to_host_itimerspec(&its_new, arg3)) {
11613                     goto efault;
11614                 }
11615                 p_new = &its_new;
11616             } else {
11617                 p_new = NULL;
11618             }
11619 
11620             ret = get_errno(timerfd_settime(arg1, arg2, p_new, &its_old));
11621 
11622             if (arg4 && host_to_target_itimerspec(arg4, &its_old)) {
11623                 goto efault;
11624             }
11625         }
11626         break;
11627 #endif
11628 
11629 #if defined(TARGET_NR_ioprio_get) && defined(__NR_ioprio_get)
11630     case TARGET_NR_ioprio_get:
11631         ret = get_errno(ioprio_get(arg1, arg2));
11632         break;
11633 #endif
11634 
11635 #if defined(TARGET_NR_ioprio_set) && defined(__NR_ioprio_set)
11636     case TARGET_NR_ioprio_set:
11637         ret = get_errno(ioprio_set(arg1, arg2, arg3));
11638         break;
11639 #endif
11640 
11641 #if defined(TARGET_NR_setns) && defined(CONFIG_SETNS)
11642     case TARGET_NR_setns:
11643         ret = get_errno(setns(arg1, arg2));
11644         break;
11645 #endif
11646 #if defined(TARGET_NR_unshare) && defined(CONFIG_SETNS)
11647     case TARGET_NR_unshare:
11648         ret = get_errno(unshare(arg1));
11649         break;
11650 #endif
11651 
11652     default:
11653     unimplemented:
11654         gemu_log("qemu: Unsupported syscall: %d\n", num);
11655 #if defined(TARGET_NR_setxattr) || defined(TARGET_NR_get_thread_area) || defined(TARGET_NR_getdomainname) || defined(TARGET_NR_set_robust_list)
11656     unimplemented_nowarn:
11657 #endif
11658         ret = -TARGET_ENOSYS;
11659         break;
11660     }
11661 fail:
11662 #ifdef DEBUG
11663     gemu_log(" = " TARGET_ABI_FMT_ld "\n", ret);
11664 #endif
11665     if(do_strace)
11666         print_syscall_ret(num, ret);
11667     trace_guest_user_syscall_ret(cpu, num, ret);
11668     return ret;
11669 efault:
11670     ret = -TARGET_EFAULT;
11671     goto fail;
11672 }
11673