Validate count between 0 and IOV_MAX.  Limit total length of
operation in the same way the kernel does.
Signed-off-by: NRichard Henderson <rth@twiddle.net>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

When reading our faked /proc/self/maps from a secondary thread,
we get an invalid stack entry. This is because ts->stack_base is not
initialized in non-primary threads.

However, ts->info is, and the stack layout information we're looking
for is there too. So let's use that one instead!
Signed-off-by: NAlexander Graf <agraf@suse.de>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

The statfs syscall should always memset(0) its full struct extent before
writing to it. Newer versions of the syscall use one of the reserved fields
for flags, which would otherwise get stale values from uncleaned memory.

This fixes libarchive for me, which got confused about the return value of
pathconf("/", _PC_REC_XFER_ALIGN) otherwise, as it some times gave old pointers
as return value.
Signed-off-by: NAlexander Graf <agraf@suse.de>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

Report from smatch:

linux-user/syscall.c:3632 do_ioctl_dm(220) info:
 redundant null check on big_buf calling free()

'big_buf' was allocated by g_malloc0, therefore free was also
replaced by g_free.
Signed-off-by: NStefan Weil <sw@weilnetz.de>
Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NStefan Hajnoczi <stefanha@gmail.com>

In case when TARGET_ABI_BITS == 32 && HOST_LONG_BITS == 64, the last
byte of the target dirent structure (aka d_type byte) was never copied
from the host dirent structure, thus breaking everything that relies
on valid d_type value, e.g. glob(3).
Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NDmitry V. Levin <ldv@altlinux.org>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

Also, use g_malloc to avoid NULL-deref upon OOM.
Signed-off-by: NJim Meyering <meyering@redhat.com>
Signed-off-by: NAnthony Liguori <aliguori@us.ibm.com>

Signed-off-by: NJing Huang <jing.huang.pku@gmail.com>
Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Signed-off-by: NJing Huang <jing.huang.pku@gmail.com>
Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Signed-off-by: NJing Huang <jing.huang.pku@gmail.com>
Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

The code to initialise the target_to_host_errno_table[] array was
accidentally inside the loop through checking and initialising all
the supported ioctls. This was harmless but meant that we reinitialised the
array several hundred times on startup.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>

Alpha uses unbiased priority values in the syscall, with the a3
return value signaling error conditions.  Therefore, properly
interpret the libc getpriority as needed for the guest rather
than passing the host value through unchanged.
Signed-off-by: NRichard Henderson <rth@twiddle.net>

Name the syscall properly for QEMU, kernel source notwithstanding.
Fix syntax errors in the code thus enabled within do_syscall.
Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NRichard Henderson <rth@twiddle.net>

Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NRichard Henderson <rth@twiddle.net>

Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NRichard Henderson <rth@twiddle.net>

We weren't aggregating the exceptions, nor raising signals properly.
Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NRichard Henderson <rth@twiddle.net>

Add QEMU OpenRISC linux user support.
Signed-off-by: NJia Liu <proljc@gmail.com>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Eliminates cpu_state_reset() usage.
Signed-off-by: NAndreas Färber <afaerber@suse.de>

Improve the emulation of /proc/self/maps by reading the underlying
host maps file and passing lines through with addresses adjusted
to be guest addresses. This is necessary to avoid false triggers
of the glibc check that a format string containing '%n' is not in
writable memory. (For an example see the bug reported in
https://bugs.launchpad.net/qemu-linaro/+bug/947888 where gpg aborts.)
Signed-off-by: NAlexander Graf <agraf@suse.de>
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

After all target CPUs have been QOM'ified, we no longer need an #ifdef
to switch between object_delete() and g_free() in NPTL thread exit.
Signed-off-by: NAndreas Färber <afaerber@suse.de>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

For QOM'ified CPUs we cannot g_free() CPUArchState, we must
object_delete() the object it is embedded into.

Fixes LP#982321 (invalid free() while executing pacman with qemu-arm).
Reported-by: NSerge Schneider <serge@xecdesign.com>
Reported-by: NRussell Keith Davis <russell@russelldavis.org>
Signed-off-by: NAndreas Färber <afaerber@suse.de>
Reviewed-by: NPeter Maydell <peter.maydell@linaro.org>
Tested-by: NSerge Schneider <serge@xecdesign.com>
Tested-by: NRussell Keith Davis <russell@russelldavis.org>
Signed-off-by: NBlue Swirl <blauwirbel@gmail.com>

Add support for the prctl options PR_GET_NAME and PR_SET_NAME,
which take or return a name in a 16 byte buffer pointed to by arg2.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

Clean up the odd indentation of this switch statement before
we double its size by adding new cases to it.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

Fallocate gets off_t parameters passed in, so we should also read them out
accordingly.
Signed-off-by: NAlexander Graf <agraf@suse.de>

---

v1 -> v2:

  - unbreak 64-bit guests
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

This patch implements all ioctls currently implemented by device mapper,
enabling us to run dmsetup and kpartx inside of linux-user.
Signed-off-by: NAlexander Graf <agraf@suse.de>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

With the current fake /proc/self/stat implementation `ps` is
segfaulting because it expects to read PID and argv[0] as first and
second field respectively, with the latter being enclosed between
backets.

Reproducing is as easy as running: `ps` inside qemu-user chroot
with /proc mounted.
Signed-off-by: NFabio Erculiani <lxnay@sabayon.org>
Acked-by: NAlexander Graf <agraf@suse.de>
Signed-off-by: NAlexander Graf <agraf@suse.de>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

Scripted conversion:
  for file in *.[hc] hw/*.[hc] hw/kvm/*.[hc] linux-user/*.[hc] linux-user/m68k/*.[hc] bsd-user/*.[hc] darwin-user/*.[hc] tcg/*/*.[hc] target-*/cpu.h; do
    sed -i "s/CPUState/CPUArchState/g" $file
  done

All occurrences of CPUArchState are expected to be replaced by QOM CPUState,
once all targets are QOM'ified and common fields have been extracted.
Signed-off-by: NAndreas Färber <afaerber@suse.de>
Reviewed-by: NAnthony Liguori <aliguori@us.ibm.com>

Frees the identifier cpu_reset for QOM CPUs (manual rename).

Don't hide the parameter type behind explicit casts, use static
functions with strongly typed argument to indirect.
Signed-off-by: NAndreas Färber <afaerber@suse.de>
Reviewed-by: NAnthony Liguori <aliguori@us.ibm.com>

Fix format type mismatches in do_brk debug printfs.
Signed-off-by: NPaul Brook <paul@codesourcery.com>
Signed-off-by: NStefan Hajnoczi <stefanha@linux.vnet.ibm.com>

If the host's page size is equal to or smaller than the target's, native
execve() will fail appropriately with E2BIG if called with too big an
environment for the target to handle. It may falsely succeed, however, if
the host's page size is bigger, and feed the executed target process an
environment that is too big for it to handle, at which point QEMU barfs and
exits, confusing procmail's autoconf script and causing the build to fail.

This patch makes sure that execve() will return E2BIG if the environment is
too large for the target.
Signed-off-by: NUlrich Hecht <uli@suse.de>
Signed-off-by: NStefan Hajnoczi <stefanha@linux.vnet.ibm.com>

Implement listxattr, flistxattr and llistxattr syscalls.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

Implement the f and l versions (operate on fd, don't follow links)
of the setxattr, getxattr and removexattr syscalls.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

It's valid to pass a NULL value pointer to setxattr, so don't
fail this case EFAULT.
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

When calling wait4 or waitpid with a status pointer and WNOHANG, the
syscall can potentially not modify the status pointer input. Now if we
have guest code like:

  int status = 0;
  waitpid(pid, &status, WNOHANG);
  if (status)
     <breakage>

then we have to make sure that in case status did not change we actually
return the guest's initialized status variable instead of our own uninitialized.
We fail to do so today, as we proxy everything through an uninitialized status
variable which for me ended up always containing the last error code.

This patch fixes some test cases when building yast2-core in OBS for ARM.
Signed-off-by: NAlexander Graf <agraf@suse.de>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

While debugging some issues with QEMU_STRACE I stumbled over segmentation
faults that were pretty reproducible. Turns out we tried to treat a
normal return value as errno, resulting in an access over array boundaries
for the resolution.

Fix this by allowing failure to resolve invalid errnos into strings.
Signed-off-by: NAlexander Graf <agraf@suse.de>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

Signed-off-by: NAkos PASZTORY <akos.pasztory@gmail.com>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

Gtk tries to read /proc/self/auxv to find its auxv table instead of
taking it from its own program memory space.

However, when running with linux-user, we see the host's auxv which
clearly exposes wrong information. so let's instead expose the guest
memory backed auxv tables via /proc/self/auxv as well.
Signed-off-by: NAlexander Graf <agraf@suse.de>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

The boehm gc finds the program's stack starting pointer by
checking /proc/self/stat. Unfortunately, so far it reads
qemu's stack pointer which clearly is wrong.

So let's instead fake the file so the guest program sees the
right address.
Signed-off-by: NAlexander Graf <agraf@suse.de>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

glibc's pthread_attr_getstack tries to find the stack range from
/proc/self/maps. Unfortunately, /proc is usually the host's /proc
which means linux-user guests see qemu's stack there.

Fake the file with a constructed maps entry that exposes the guest's
stack range.
Signed-off-by: NAlexander Graf <agraf@suse.de>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

There are a number of files in /proc that expose host information
to the guest program. This patch adds infrastructure to override
the open() syscall for guest programs to enable us to on the fly
generate guest sensible files.
Signed-off-by: NAlexander Graf <agraf@suse.de>
Signed-off-by: NRiku Voipio <riku.voipio@linaro.org>

In an fcntl64 failure path, we were returning directly rather than
simply breaking out of the switch statement. This skips the strace
code for printing the syscall return value, so don't do that.
Acked-by: NAlexander Graf <agraf@suse.de>
Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
Signed-off-by: NStefan Hajnoczi <stefanha@linux.vnet.ibm.com>