linux-user: use target_ulong

Linux syscalls pass pointers or data length or other information of that sort
to the kernel. This is all stuff you don't want to have sign extended.
Otherwise a host 64bit variable parameter with a size parameter will extend
it to a negative number, breaking lseek for example.

Pass syscall arguments as ulong always.

Signed-off-by: Alexander Graf <agraf@suse.de>

Makefile.target

@@ -34,6 +34,10 @@ PROGS+=$(QEMU_PROGW)
 endif
 STPFILES=
 
+ifdef CONFIG_LINUX_USER
+PROGS+=$(QEMU_PROG)-binfmt
+endif
+
 ifndef CONFIG_HAIKU
 LIBS+=-lm
 endif
@@ -98,6 +102,8 @@ QEMU_CFLAGS+=-I$(SRC_PATH)/linux-user/$(TARGET_ABI_DIR) -I$(SRC_PATH)/linux-user
 obj-y += linux-user/
 obj-y += gdbstub.o thunk.o user-exec.o $(oslib-obj-y)
 
+obj-binfmt-y += linux-user/
+
 endif #CONFIG_LINUX_USER
 
 #########################################################
@@ -155,6 +161,9 @@ GENERATED_HEADERS += hmp-commands.h qmp-commands-old.h
 endif # CONFIG_SOFTMMU
 
 nested-vars += obj-y
+ifdef CONFIG_LINUX_USER
+nested-vars += obj-binfmt-y
+endif
 
 # This resolves all nested paths, so it must come last
 include $(SRC_PATH)/Makefile.objs
@@ -183,6 +192,9 @@ $(QEMU_PROG): $(all-obj-y)
 	$(call LINK,$^)
 endif
 
+$(QEMU_PROG)-binfmt: $(obj-binfmt-y)
+	$(call LINK,$^)
+
 gdbstub-xml.c: $(TARGET_XML_FILES) $(SRC_PATH)/scripts/feature_to_c.sh
 	$(call quiet-command,rm -f $@ && $(SHELL) $(SRC_PATH)/scripts/feature_to_c.sh $@ $(TARGET_XML_FILES),"  GEN   $(TARGET_DIR)$@")
 

block.c

@@ -3902,7 +3902,7 @@ int bdrv_img_create(const char *filename, const char *fmt,
                     char *options, uint64_t img_size, int flags)
 {
     QEMUOptionParameter *param = NULL, *create_options = NULL;
-    QEMUOptionParameter *backing_fmt, *backing_file, *size;
+    QEMUOptionParameter *backing_fmt, *backing_file, *size, *scsi;
     BlockDriverState *bs = NULL;
     BlockDriver *drv, *proto_drv;
     BlockDriver *backing_drv = NULL;
@@ -4017,6 +4017,9 @@ int bdrv_img_create(const char *filename, const char *fmt,
 
     printf("Formatting '%s', fmt=%s ", filename, fmt);
     print_option_parameters(param);
+    scsi = get_option_parameter(param, BLOCK_OPT_SCSI);
+    if (scsi && scsi->value.n)
+        printf(", SCSI");
     puts("");
 
     ret = bdrv_create(drv, filename, param);

block/vmdk.c

@@ -1432,7 +1432,7 @@ static int vmdk_create(const char *filename, QEMUOptionParameter *options)
         "ddb.geometry.cylinders = \"%" PRId64 "\"\n"
         "ddb.geometry.heads = \"16\"\n"
         "ddb.geometry.sectors = \"63\"\n"
-        "ddb.adapterType = \"ide\"\n";
+        "ddb.adapterType = \"%s\"\n";
 
     if (filename_decompose(filename, path, prefix, postfix, PATH_MAX)) {
         return -EINVAL;
@@ -1447,6 +1447,8 @@ static int vmdk_create(const char *filename, QEMUOptionParameter *options)
             flags |= options->value.n ? BLOCK_FLAG_COMPAT6 : 0;
         } else if (!strcmp(options->name, BLOCK_OPT_SUBFMT)) {
             fmt = options->value.s;
+        } else if (!strcmp(options->name, BLOCK_OPT_SCSI)) {
+            flags |= options->value.n ? BLOCK_FLAG_SCSI: 0;
         }
         options++;
     }
@@ -1537,7 +1539,8 @@ static int vmdk_create(const char *filename, QEMUOptionParameter *options)
             parent_desc_line,
             ext_desc_lines,
             (flags & BLOCK_FLAG_COMPAT6 ? 6 : 4),
-            total_size / (int64_t)(63 * 16 * 512));
+            total_size / (int64_t)(63 * 16 * 512),
+            flags & BLOCK_FLAG_SCSI ? "lsilogic" : "ide");
     if (split || flat) {
         fd = qemu_open(filename,
                        O_WRONLY | O_CREAT | O_TRUNC | O_BINARY | O_LARGEFILE,
@@ -1638,6 +1641,11 @@ static QEMUOptionParameter vmdk_create_options[] = {
             "VMDK flat extent format, can be one of "
             "{monolithicSparse (default) | monolithicFlat | twoGbMaxExtentSparse | twoGbMaxExtentFlat | streamOptimized} "
     },
+    {
+        .name = BLOCK_OPT_SCSI,
+        .type = OPT_FLAG,
+        .help = "SCSI image"
+    },
     { NULL }
 };
 

block_int.h

@@ -35,6 +35,7 @@
 #define BLOCK_FLAG_ENCRYPT          1
 #define BLOCK_FLAG_COMPAT6          4
 #define BLOCK_FLAG_LAZY_REFCOUNTS   8
+#define BLOCK_FLAG_SCSI             16
 
 #define BLOCK_IO_LIMIT_READ     0
 #define BLOCK_IO_LIMIT_WRITE    1
@@ -46,6 +47,7 @@
 #define BLOCK_OPT_SIZE              "size"
 #define BLOCK_OPT_ENCRYPT           "encryption"
 #define BLOCK_OPT_COMPAT6           "compat6"
+#define BLOCK_OPT_SCSI              "scsi"
 #define BLOCK_OPT_BACKING_FILE      "backing_file"
 #define BLOCK_OPT_BACKING_FMT       "backing_fmt"
 #define BLOCK_OPT_CLUSTER_SIZE      "cluster_size"

configure

@@ -183,6 +183,7 @@ datadir="\${prefix}/share"
 qemu_docdir="\${prefix}/share/doc/qemu"
 bindir="\${prefix}/bin"
 libdir="\${prefix}/lib"
+libexecdir="\${prefix}/libexec"
 includedir="\${prefix}/include"
 sysconfdir="\${prefix}/etc"
 confsuffix="/qemu"
@@ -633,6 +634,8 @@ for opt do
   ;;
   --libdir=*) libdir="$optarg"
   ;;
+  --libexecdir=*) libexecdir="$optarg"
+  ;;
   --includedir=*) includedir="$optarg"
   ;;
   --datadir=*) datadir="$optarg"
@@ -643,7 +646,7 @@ for opt do
   ;;
   --sysconfdir=*) sysconfdir="$optarg"
   ;;
-  --sbindir=*|--libexecdir=*|--sharedstatedir=*|--localstatedir=*|\
+  --sbindir=*|--sharedstatedir=*|--localstatedir=*|\
   --oldincludedir=*|--datarootdir=*|--infodir=*|--localedir=*|\
   --htmldir=*|--dvidir=*|--pdfdir=*|--psdir=*)
     # These switches are silently ignored, for compatibility with
@@ -997,6 +1000,8 @@ microblaze-linux-user \
 microblazeel-linux-user \
 mips-linux-user \
 mipsel-linux-user \
+mipsn32-linux-user \
+mipsn32el-linux-user \
 or32-linux-user \
 ppc-linux-user \
 ppc64-linux-user \
@@ -3080,6 +3085,7 @@ echo "Install prefix    $prefix"
 echo "BIOS directory    `eval echo $qemu_datadir`"
 echo "binary directory  `eval echo $bindir`"
 echo "library directory `eval echo $libdir`"
+echo "libexec directory `eval echo $libexecdir`"
 echo "include directory `eval echo $includedir`"
 echo "config directory  `eval echo $sysconfdir`"
 if test "$mingw32" = "no" ; then
@@ -3183,14 +3189,14 @@ echo all: >> $config_host_mak
 echo "prefix=$prefix" >> $config_host_mak
 echo "bindir=$bindir" >> $config_host_mak
 echo "libdir=$libdir" >> $config_host_mak
+echo "libexecdir=$libexecdir" >> $config_host_mak
 echo "includedir=$includedir" >> $config_host_mak
 echo "mandir=$mandir" >> $config_host_mak
 echo "sysconfdir=$sysconfdir" >> $config_host_mak
 echo "qemu_confdir=$qemu_confdir" >> $config_host_mak
 echo "qemu_datadir=$qemu_datadir" >> $config_host_mak
 echo "qemu_docdir=$qemu_docdir" >> $config_host_mak
-echo "libexecdir=\${prefix}/libexec" >> $config_host_mak
-echo "CONFIG_QEMU_HELPERDIR=\"$prefix/libexec\"" >> $config_host_mak
+echo "CONFIG_QEMU_HELPERDIR=\"$libexecdir\"" >> $config_host_mak
 
 echo "ARCH=$ARCH" >> $config_host_mak
 if test "$debug_tcg" = "yes" ; then

cpu-exec.c

@@ -599,7 +599,16 @@ int cpu_exec(CPUArchState *env)
                     tc_ptr = tb->tc_ptr;
                     /* execute the generated code */
                     next_tb = tcg_qemu_tb_exec(env, tc_ptr);
-                    if ((next_tb & 3) == 2) {
+                    if ((next_tb & 3) == 3) {
+                        /* hit stopflag check */
+                        tb = (TranslationBlock *)(long)(next_tb & ~3);
+                        /* Restore PC.  */
+                        cpu_pc_from_tb(env, tb);
+                        next_tb = 0;
+                        env->exit_request = 0;
+                        env->exception_index = EXCP_INTERRUPT;
+                        cpu_loop_exit(env);
+                    } else if ((next_tb & 3) == 2) {
                         /* Instruction counter expired.  */
                         int insns_left;
                         tb = (TranslationBlock *)(next_tb & ~3);

exec.c

@@ -130,6 +130,8 @@ DEFINE_TLS(CPUArchState *,cpu_single_env);
    1 = Precise instruction counting.
    2 = Adaptive rate instruction counting.  */
 int use_icount = 0;
+/* 1 to do cpu_exit by inline flag check rather than tb link breaking */
+int use_stopflag = 1;
 
 typedef struct PageDesc {
     /* list of TBs intersecting this ram page */
@@ -720,17 +722,22 @@ static TranslationBlock *tb_alloc(target_ulong pc)
 {
     TranslationBlock *tb;
 
+    tcg_lock();
     if (nb_tbs >= code_gen_max_blocks ||
-        (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size)
+        (code_gen_ptr - code_gen_buffer) >= code_gen_buffer_max_size) {
+        tcg_unlock();
         return NULL;
+    }
     tb = &tbs[nb_tbs++];
     tb->pc = pc;
     tb->cflags = 0;
+    tcg_unlock();
     return tb;
 }
 
 void tb_free(TranslationBlock *tb)
 {
+    tcg_lock();
     /* In practice this is mostly used for single use temporary TB
        Ignore the hard cases and just back up if this TB happens to
        be the last one generated.  */
@@ -738,6 +745,7 @@ void tb_free(TranslationBlock *tb)
         code_gen_ptr = tb->tc_ptr;
         nb_tbs--;
     }
+    tcg_unlock();
 }
 
 static inline void invalidate_page_bitmap(PageDesc *p)
@@ -791,6 +799,7 @@ void tb_flush(CPUArchState *env1)
            nb_tbs, nb_tbs > 0 ?
            ((unsigned long)(code_gen_ptr - code_gen_buffer)) / nb_tbs : 0);
 #endif
+    tcg_lock();
     if ((unsigned long)(code_gen_ptr - code_gen_buffer) > code_gen_buffer_size)
         cpu_abort(env1, "Internal error: code buffer overflow\n");
 
@@ -807,6 +816,7 @@ void tb_flush(CPUArchState *env1)
     /* XXX: flush processor icache at this point if cache flush is
        expensive */
     tb_flush_count++;
+    tcg_unlock();
 }
 
 #ifdef DEBUG_TB_CHECK
@@ -1106,9 +1116,12 @@ void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
     int current_flags = 0;
 #endif /* TARGET_HAS_PRECISE_SMC */
 
+    tcg_lock();
     p = page_find(start >> TARGET_PAGE_BITS);
-    if (!p)
+    if (!p) {
+        tcg_unlock();
         return;
+    }
     if (!p->code_bitmap &&
         ++p->code_write_count >= SMC_BITMAP_USE_THRESHOLD &&
         is_cpu_write_access) {
@@ -1192,6 +1205,7 @@ void tb_invalidate_phys_page_range(tb_page_addr_t start, tb_page_addr_t end,
         cpu_resume_from_signal(env, NULL);
     }
 #endif
+    tcg_unlock();
 }
 
 /* len must be <= 8 and start must be a multiple of len */
@@ -1387,12 +1401,16 @@ TranslationBlock *tb_find_pc(uintptr_t tc_ptr)
 {
     int m_min, m_max, m;
     uintptr_t v;
-    TranslationBlock *tb;
+    TranslationBlock *tb, *r;
 
-    if (nb_tbs <= 0)
+    tcg_lock();
+    if (nb_tbs <= 0) {
+        tcg_unlock();
         return NULL;
+    }
     if (tc_ptr < (uintptr_t)code_gen_buffer ||
         tc_ptr >= (uintptr_t)code_gen_ptr) {
+        tcg_unlock();
         return NULL;
     }
     /* binary search (cf Knuth) */
@@ -1402,15 +1420,18 @@ TranslationBlock *tb_find_pc(uintptr_t tc_ptr)
         m = (m_min + m_max) >> 1;
         tb = &tbs[m];
         v = (uintptr_t)tb->tc_ptr;
-        if (v == tc_ptr)
+        if (v == tc_ptr) {
+            tcg_unlock();
             return tb;
-        else if (tc_ptr < v) {
+        } else if (tc_ptr < v) {
             m_max = m - 1;
         } else {
             m_min = m + 1;
         }
     }
-    return &tbs[m_max];
+    r = &tbs[m_max];
+    tcg_unlock();
+    return r;
 }
 
 static void tb_reset_jump_recursive(TranslationBlock *tb);
@@ -1708,7 +1729,13 @@ static void tcg_handle_interrupt(CPUArchState *env, int mask)
             cpu_abort(env, "Raised interrupt while not in I/O function");
         }
     } else {
-        cpu_unlink_tb(env);
+        // XXX just call cpu_exit ?
+        if (use_stopflag) {
+            // XXX is this OK?
+            env->exit_request = 1;
+        } else {
+            cpu_unlink_tb(env);
+        }
     }
 }
 
@@ -1731,7 +1758,9 @@ void cpu_reset_interrupt(CPUArchState *env, int mask)
 void cpu_exit(CPUArchState *env)
 {
     env->exit_request = 1;
-    cpu_unlink_tb(env);
+    if (!use_stopflag) {
+        cpu_unlink_tb(env);
+    }
 }
 
 void cpu_abort(CPUArchState *env, const char *fmt, ...)
@@ -2382,10 +2411,12 @@ static void *file_ram_alloc(RAMBlock *block,
         return NULL;
     }
 
+#ifndef TARGET_PPC
     if (kvm_enabled() && !kvm_has_sync_mmu()) {
         fprintf(stderr, "host lacks kvm mmu notifiers, -mem-path unsupported\n");
         return NULL;
     }
+#endif
 
     if (asprintf(&filename, "%s/qemu_back_mem.XXXXXX", path) == -1) {
         return NULL;

gen-icount.h

@@ -2,13 +2,25 @@
 
 /* Helpers for instruction counting code generation.  */
 
+extern int use_stopflag;
+
 static TCGArg *icount_arg;
 static int icount_label;
+static int stopflag_label;
 
 static inline void gen_icount_start(void)
 {
     TCGv_i32 count;
 
+    if (use_stopflag) {
+        TCGv_i32 flag;
+        stopflag_label = gen_new_label();
+        flag = tcg_temp_local_new_i32();
+        tcg_gen_ld_i32(flag, cpu_env, offsetof(CPUArchState, exit_request));
+        tcg_gen_brcondi_i32(TCG_COND_NE, flag, 0, stopflag_label);
+        tcg_temp_free_i32(flag);
+    }
+
     if (!use_icount)
         return;
 
@@ -26,6 +38,10 @@ static inline void gen_icount_start(void)
 
 static void gen_icount_end(TranslationBlock *tb, int num_insns)
 {
+    if (use_stopflag) {
+        gen_set_label(stopflag_label);
+        tcg_gen_exit_tb((long)tb + 3); // XXX
+    }
     if (use_icount) {
         *icount_arg = num_insns;
         gen_set_label(icount_label);

linux-user/Makefile.objs

@@ -5,3 +5,5 @@ obj-$(TARGET_HAS_BFLT) += flatload.o
 obj-$(TARGET_I386) += vm86.o
 obj-$(TARGET_ARM) += arm/nwfpe/
 obj-$(TARGET_M68K) += m68k-sim.o
+
+obj-binfmt-y = binfmt.o

linux-user/binfmt.c

@@ -0,0 +1,67 @@
+#include <stdio.h>
+#include <stdarg.h>
+#include <unistd.h>
+#include <libgen.h>
+#include <string.h>
+#include <stdlib.h>
+
+#ifdef __x86_64__
+#define ARCH_NAME "x86_64"
+#endif
+
+int main(int argc, char **argv, char **envp)
+{
+    char *binfmt;
+    char **new_argv;
+
+    /*
+     * Check if our file name ends with -binfmt
+     */
+    binfmt = argv[0] + strlen(argv[0]) - strlen("-binfmt");
+    if (strcmp(binfmt, "-binfmt")) {
+        fprintf(stderr, "%s: Invalid executable name\n", argv[0]);
+        exit(1);
+    }
+    if (argc < 3) {
+        fprintf(stderr, "%s: Please use me through binfmt with P flag\n",
+                argv[0]);
+        exit(1);
+    }
+
+    binfmt[0] = '\0';
+    /* Now argv[0] is the real qemu binary name */
+
+#ifdef ARCH_NAME
+    {
+        char *hostbin;
+        char *guestarch;
+
+        guestarch = strrchr(argv[0], '-') ;
+        if (!guestarch) {
+            goto skip;
+        }
+        guestarch++;
+        asprintf(&hostbin, "/emul/" ARCH_NAME "-for-%s/%s", guestarch, argv[1]);
+        if (!access(hostbin, X_OK)) {
+            /*
+             * We found a host binary replacement for the non-host binary. Let's
+             * use that instead!
+             */
+            return execve(hostbin, &argv[2], envp);
+        }
+    }
+skip:
+#endif
+
+    new_argv = (char **)malloc((argc + 2) * sizeof(*new_argv));
+    if (argc > 3) {
+        memcpy(&new_argv[4], &argv[3], (argc - 3) * sizeof(*new_argv));
+    }
+    new_argv[0] = argv[0];
+    new_argv[1] = (char *)"-0";
+    new_argv[2] = argv[2];
+    new_argv[3] = argv[1];
+    new_argv[argc + 1] = NULL;
+
+    return execve(new_argv[0], new_argv, envp);
+}

linux-user/ioctls.h

@@ -70,6 +70,24 @@
      IOCTL(BLKGETSIZE, IOC_R, MK_PTR(TYPE_ULONG))
 #ifdef BLKGETSIZE64
      IOCTL(BLKGETSIZE64, IOC_R, MK_PTR(TYPE_ULONGLONG))
+#endif
+#ifdef BLKDISCARD
+     IOCTL(BLKDISCARD, IOC_W, MK_PTR(MK_STRUCT(STRUCT_blkdiscard)))
+#endif
+#ifdef BLKIOMIN
+     IOCTL(BLKIOMIN, IOC_R, MK_PTR(TYPE_INT))
+#endif
+#ifdef BLKIOOPT
+     IOCTL(BLKIOOPT, IOC_R, MK_PTR(TYPE_INT))
+#endif
+#ifdef BLKALIGNOFF
+     IOCTL(BLKALIGNOFF, IOC_R, MK_PTR(TYPE_INT))
+#endif
+#ifdef BLKPBSZGET
+     IOCTL(BLKPBSZGET, IOC_R, MK_PTR(TYPE_INT))
+#endif
+#ifdef BLKDISCARDZEROES
+     IOCTL(BLKDISCARDZEROES, IOC_R, MK_PTR(TYPE_INT))
 #endif
      IOCTL(BLKFLSBUF, 0, TYPE_NULL)
      IOCTL(BLKRASET, 0, TYPE_INT)
@@ -86,6 +104,8 @@
      IOCTL_SPECIAL(FS_IOC_FIEMAP, IOC_W | IOC_R, do_ioctl_fs_ioc_fiemap,
                    MK_PTR(MK_STRUCT(STRUCT_fiemap)))
 #endif
+  IOCTL(FS_IOC_GETFLAGS, IOC_R, MK_PTR(TYPE_INT))
+  IOCTL(FS_IOC_SETFLAGS, IOC_W, MK_PTR(TYPE_INT))
 
   IOCTL(SIOCATMARK, 0, TYPE_NULL)
   IOCTL(SIOCADDRT, IOC_W, MK_PTR(MK_STRUCT(STRUCT_rtentry)))
@@ -316,6 +336,11 @@
   IOCTL(VFAT_IOCTL_READDIR_BOTH, IOC_R, MK_PTR(MK_ARRAY(MK_STRUCT(STRUCT_dirent), 2)))
   IOCTL(VFAT_IOCTL_READDIR_SHORT, IOC_R, MK_PTR(MK_ARRAY(MK_STRUCT(STRUCT_dirent), 2)))
 
+/* FIXME: including these on x86 / x86_64 breaks qemu-i386 */
+#ifdef __powerpc__
+#include "ioctls_alsa.h"
+#endif
+
   IOCTL(LOOP_SET_FD, 0, TYPE_INT)
   IOCTL(LOOP_CLR_FD, 0, TYPE_INT)
   IOCTL(LOOP_SET_STATUS, IOC_W, MK_PTR(MK_STRUCT(STRUCT_loop_info)))
@@ -323,6 +348,7 @@
   IOCTL(LOOP_SET_STATUS64, IOC_W, MK_PTR(MK_STRUCT(STRUCT_loop_info64)))
   IOCTL(LOOP_GET_STATUS64, IOC_W, MK_PTR(MK_STRUCT(STRUCT_loop_info64)))
   IOCTL(LOOP_CHANGE_FD, 0, TYPE_INT)
+  IOCTL_SPECIAL(LOOP_BOGUS_CMD, 0, do_ioctl_fail, TYPE_INT)
 
   IOCTL(MTIOCTOP, IOC_W, MK_PTR(MK_STRUCT(STRUCT_mtop)))
   IOCTL(MTIOCGET, IOC_R, MK_PTR(MK_STRUCT(STRUCT_mtget)))

linux-user/ioctls_alsa.h

@@ -0,0 +1,467 @@
+#define SNDRV_SEQ_IOCTL_PVERSION	_IOR ('S', 0x00, int)
+#define SNDRV_SEQ_IOCTL_CLIENT_ID	_IOR ('S', 0x01, int)
+#define SNDRV_SEQ_IOCTL_SYSTEM_INFO	_IOWR('S', 0x02, struct sndrv_seq_system_info)
+#define SNDRV_SEQ_IOCTL_RUNNING_MODE	_IOWR('S', 0x03, struct sndrv_seq_running_info)
+#define SNDRV_SEQ_IOCTL_GET_CLIENT_INFO	_IOWR('S', 0x10, struct sndrv_seq_client_info)
+#define SNDRV_SEQ_IOCTL_SET_CLIENT_INFO	_IOW ('S', 0x11, struct sndrv_seq_client_info)
+#define SNDRV_SEQ_IOCTL_CREATE_PORT	_IOWR('S', 0x20, struct sndrv_seq_port_info)
+#define SNDRV_SEQ_IOCTL_DELETE_PORT	_IOW ('S', 0x21, struct sndrv_seq_port_info)
+#define SNDRV_SEQ_IOCTL_GET_PORT_INFO	_IOWR('S', 0x22, struct sndrv_seq_port_info)
+#define SNDRV_SEQ_IOCTL_SET_PORT_INFO	_IOW ('S', 0x23, struct sndrv_seq_port_info)
+#define SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT	_IOW ('S', 0x30, struct sndrv_seq_port_subscribe)
+#define SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT _IOW ('S', 0x31, struct sndrv_seq_port_subscribe)
+#define SNDRV_SEQ_IOCTL_CREATE_QUEUE	_IOWR('S', 0x32, struct sndrv_seq_queue_info)
+#define SNDRV_SEQ_IOCTL_DELETE_QUEUE	_IOW ('S', 0x33, struct sndrv_seq_queue_info)
+#define SNDRV_SEQ_IOCTL_GET_QUEUE_INFO	_IOWR('S', 0x34, struct sndrv_seq_queue_info)
+#define SNDRV_SEQ_IOCTL_SET_QUEUE_INFO	_IOWR('S', 0x35, struct sndrv_seq_queue_info)
+#define SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE	_IOWR('S', 0x36, struct sndrv_seq_queue_info)
+#define SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS _IOWR('S', 0x40, struct sndrv_seq_queue_status)
+#define SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO	_IOWR('S', 0x41, struct sndrv_seq_queue_tempo)
+#define SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO	_IOW ('S', 0x42, struct sndrv_seq_queue_tempo)
+#define SNDRV_SEQ_IOCTL_GET_QUEUE_OWNER	_IOWR('S', 0x43, struct sndrv_seq_queue_owner)
+#define SNDRV_SEQ_IOCTL_SET_QUEUE_OWNER	_IOW ('S', 0x44, struct sndrv_seq_queue_owner)
+#define SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER	_IOWR('S', 0x45, struct sndrv_seq_queue_timer)
+#define SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER	_IOW ('S', 0x46, struct sndrv_seq_queue_timer)
+#define SNDRV_SEQ_IOCTL_GET_QUEUE_SYNC	_IOWR('S', 0x53, struct sndrv_seq_queue_sync)
+#define SNDRV_SEQ_IOCTL_SET_QUEUE_SYNC	_IOW ('S', 0x54, struct sndrv_seq_queue_sync)
+#define SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT	_IOWR('S', 0x49, struct sndrv_seq_queue_client)
+#define SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT	_IOW ('S', 0x4a, struct sndrv_seq_queue_client)
+#define SNDRV_SEQ_IOCTL_GET_CLIENT_POOL	_IOWR('S', 0x4b, struct sndrv_seq_client_pool)
+#define SNDRV_SEQ_IOCTL_SET_CLIENT_POOL	_IOW ('S', 0x4c, struct sndrv_seq_client_pool)
+#define SNDRV_SEQ_IOCTL_REMOVE_EVENTS	_IOW ('S', 0x4e, struct sndrv_seq_remove_events)
+#define SNDRV_SEQ_IOCTL_QUERY_SUBS	_IOWR('S', 0x4f, struct sndrv_seq_query_subs)
+#define SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION	_IOWR('S', 0x50, struct sndrv_seq_port_subscribe)
+#define SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT	_IOWR('S', 0x51, struct sndrv_seq_client_info)
+#define SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT	_IOWR('S', 0x52, struct sndrv_seq_port_info)
+#define SNDRV_DM_FM_IOCTL_INFO		_IOR('H', 0x20, snd_dm_fm_info_t)
+#define SNDRV_DM_FM_IOCTL_RESET		_IO ('H', 0x21)
+#define SNDRV_DM_FM_IOCTL_PLAY_NOTE	_IOW('H', 0x22, snd_dm_fm_note_t)
+#define SNDRV_DM_FM_IOCTL_SET_VOICE	_IOW('H', 0x23, snd_dm_fm_voice_t)
+#define SNDRV_DM_FM_IOCTL_SET_PARAMS	_IOW('H', 0x24, snd_dm_fm_params_t)
+#define SNDRV_DM_FM_IOCTL_SET_MODE	_IOW('H', 0x25, int)
+#define SNDRV_DM_FM_IOCTL_SET_CONNECTION	_IOW('H', 0x26, int)
+#define SNDRV_DM_FM_OSS_IOCTL_RESET		0x20
+#define SNDRV_DM_FM_OSS_IOCTL_PLAY_NOTE		0x21
+#define SNDRV_DM_FM_OSS_IOCTL_SET_VOICE		0x22
+#define SNDRV_DM_FM_OSS_IOCTL_SET_PARAMS	0x23
+#define SNDRV_DM_FM_OSS_IOCTL_SET_MODE		0x24
+#define SNDRV_DM_FM_OSS_IOCTL_SET_OPL		0x25
+#define SNDRV_HWDEP_IOCTL_PVERSION _IOR ('H', 0x00, int)
+#define SNDRV_HWDEP_IOCTL_INFO _IOR ('H', 0x01, struct sndrv_hwdep_info)
+#define SNDRV_HWDEP_IOCTL_DSP_STATUS _IOR('H', 0x02, struct sndrv_hwdep_dsp_status)
+#define SNDRV_HWDEP_IOCTL_DSP_LOAD   _IOW('H', 0x03, struct sndrv_hwdep_dsp_image)
+#define SNDRV_PCM_IOCTL_PVERSION _IOR('A', 0x00, int)
+#define SNDRV_PCM_IOCTL_INFO _IOR('A', 0x01, struct sndrv_pcm_info)
+#define SNDRV_PCM_IOCTL_TSTAMP _IOW('A', 0x02, int)
+#define SNDRV_PCM_IOCTL_HW_REFINE _IOWR('A', 0x10, struct sndrv_pcm_hw_params)
+#define SNDRV_PCM_IOCTL_HW_PARAMS _IOWR('A', 0x11, struct sndrv_pcm_hw_params)
+#define SNDRV_PCM_IOCTL_HW_FREE _IO('A', 0x12)
+#define SNDRV_PCM_IOCTL_SW_PARAMS _IOWR('A', 0x13, struct sndrv_pcm_sw_params)
+#define SNDRV_PCM_IOCTL_STATUS _IOR('A', 0x20, struct sndrv_pcm_status)
+#define SNDRV_PCM_IOCTL_DELAY _IOR('A', 0x21, sndrv_pcm_sframes_t)
+#define SNDRV_PCM_IOCTL_HWSYNC _IO('A', 0x22)
+#define SNDRV_PCM_IOCTL_SYNC_PTR _IOWR('A', 0x23, struct sndrv_pcm_sync_ptr)
+#define SNDRV_PCM_IOCTL_CHANNEL_INFO _IOR('A', 0x32, struct sndrv_pcm_channel_info)
+#define SNDRV_PCM_IOCTL_PREPARE _IO('A', 0x40)
+#define SNDRV_PCM_IOCTL_RESET _IO('A', 0x41)
+#define SNDRV_PCM_IOCTL_START _IO('A', 0x42)
+#define SNDRV_PCM_IOCTL_DROP _IO('A', 0x43)
+#define SNDRV_PCM_IOCTL_DRAIN _IO('A', 0x44)
+#define SNDRV_PCM_IOCTL_PAUSE _IOW('A', 0x45, int)
+#define SNDRV_PCM_IOCTL_REWIND _IOW('A', 0x46, sndrv_pcm_uframes_t)
+#define SNDRV_PCM_IOCTL_RESUME _IO('A', 0x47)
+#define SNDRV_PCM_IOCTL_XRUN _IO('A', 0x48)
+#define SNDRV_PCM_IOCTL_FORWARD _IOW('A', 0x49, sndrv_pcm_uframes_t)
+#define SNDRV_PCM_IOCTL_WRITEI_FRAMES _IOW('A', 0x50, struct sndrv_xferi)
+#define SNDRV_PCM_IOCTL_READI_FRAMES _IOR('A', 0x51, struct sndrv_xferi)
+#define SNDRV_PCM_IOCTL_WRITEN_FRAMES _IOW('A', 0x52, struct sndrv_xfern)
+#define SNDRV_PCM_IOCTL_READN_FRAMES _IOR('A', 0x53, struct sndrv_xfern)
+#define SNDRV_PCM_IOCTL_LINK _IOW('A', 0x60, int)
+#define SNDRV_PCM_IOCTL_UNLINK _IO('A', 0x61)
+#define SNDRV_RAWMIDI_IOCTL_PVERSION _IOR('W', 0x00, int)
+#define SNDRV_RAWMIDI_IOCTL_INFO _IOR('W', 0x01, struct sndrv_rawmidi_info)
+#define SNDRV_RAWMIDI_IOCTL_PARAMS _IOWR('W', 0x10, struct sndrv_rawmidi_params)
+#define SNDRV_RAWMIDI_IOCTL_STATUS _IOWR('W', 0x20, struct sndrv_rawmidi_status)
+#define SNDRV_RAWMIDI_IOCTL_DROP _IOW('W', 0x30, int)
+#define SNDRV_RAWMIDI_IOCTL_DRAIN _IOW('W', 0x31, int)
+#define SNDRV_TIMER_IOCTL_PVERSION _IOR('T', 0x00, int)
+#define SNDRV_TIMER_IOCTL_NEXT_DEVICE _IOWR('T', 0x01, struct sndrv_timer_id)
+#define SNDRV_TIMER_IOCTL_TREAD _IOW('T', 0x02, int)
+#define SNDRV_TIMER_IOCTL_GINFO _IOWR('T', 0x03, struct sndrv_timer_ginfo)
+#define SNDRV_TIMER_IOCTL_GPARAMS _IOW('T', 0x04, struct sndrv_timer_gparams)
+#define SNDRV_TIMER_IOCTL_GSTATUS _IOWR('T', 0x05, struct sndrv_timer_gstatus)
+#define SNDRV_TIMER_IOCTL_SELECT _IOW('T', 0x10, struct sndrv_timer_select)
+#define SNDRV_TIMER_IOCTL_INFO _IOR('T', 0x11, struct sndrv_timer_info)
+#define SNDRV_TIMER_IOCTL_PARAMS _IOW('T', 0x12, struct sndrv_timer_params)
+#define SNDRV_TIMER_IOCTL_STATUS _IOR('T', 0x14, struct sndrv_timer_status)
+#define SNDRV_TIMER_IOCTL_START _IO('T', 0xa0)
+#define SNDRV_TIMER_IOCTL_STOP _IO('T', 0xa1)
+#define SNDRV_TIMER_IOCTL_CONTINUE _IO('T', 0xa2)
+#define SNDRV_TIMER_IOCTL_PAUSE _IO('T', 0xa3)
+#define SNDRV_CTL_IOCTL_PVERSION _IOR('U', 0x00, int)
+#define SNDRV_CTL_IOCTL_CARD_INFO _IOR('U', 0x01, struct sndrv_ctl_card_info)
+#define SNDRV_CTL_IOCTL_ELEM_LIST _IOWR('U', 0x10, struct sndrv_ctl_elem_list)
+#define SNDRV_CTL_IOCTL_ELEM_INFO _IOWR('U', 0x11, struct sndrv_ctl_elem_info)
+#define SNDRV_CTL_IOCTL_ELEM_READ _IOWR('U', 0x12, struct sndrv_ctl_elem_value)
+#define SNDRV_CTL_IOCTL_ELEM_WRITE _IOWR('U', 0x13, struct sndrv_ctl_elem_value)
+#define SNDRV_CTL_IOCTL_ELEM_LOCK _IOW('U', 0x14, struct sndrv_ctl_elem_id)
+#define SNDRV_CTL_IOCTL_ELEM_UNLOCK _IOW('U', 0x15, struct sndrv_ctl_elem_id)
+#define SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS _IOWR('U', 0x16, int)
+#define SNDRV_CTL_IOCTL_ELEM_ADD _IOWR('U', 0x17, struct sndrv_ctl_elem_info)
+#define SNDRV_CTL_IOCTL_ELEM_REPLACE _IOWR('U', 0x18, struct sndrv_ctl_elem_info)
+#define SNDRV_CTL_IOCTL_ELEM_REMOVE _IOWR('U', 0x19, struct sndrv_ctl_elem_id)
+#define SNDRV_CTL_IOCTL_TLV_READ _IOWR('U', 0x1a, struct sndrv_ctl_tlv)
+#define SNDRV_CTL_IOCTL_TLV_WRITE _IOWR('U', 0x1b, struct sndrv_ctl_tlv)
+#define SNDRV_CTL_IOCTL_TLV_COMMAND _IOWR('U', 0x1c, struct sndrv_ctl_tlv)
+#define SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE _IOWR('U', 0x20, int)
+#define SNDRV_CTL_IOCTL_HWDEP_INFO _IOR('U', 0x21, struct sndrv_hwdep_info)
+#define SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE _IOR('U', 0x30, int)
+#define SNDRV_CTL_IOCTL_PCM_INFO _IOWR('U', 0x31, struct sndrv_pcm_info)
+#define SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE _IOW('U', 0x32, int)
+#define SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE _IOWR('U', 0x40, int)
+#define SNDRV_CTL_IOCTL_RAWMIDI_INFO _IOWR('U', 0x41, struct sndrv_rawmidi_info)
+#define SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE _IOW('U', 0x42, int)
+#define SNDRV_CTL_IOCTL_POWER _IOWR('U', 0xd0, int)
+#define SNDRV_CTL_IOCTL_POWER_STATE _IOR('U', 0xd1, int)
+#define SNDRV_IOCTL_READV _IOW('K', 0x00, struct sndrv_xferv)
+#define SNDRV_IOCTL_WRITEV _IOW('K', 0x01, struct sndrv_xferv)
+#define SNDRV_EMU10K1_IOCTL_INFO	_IOR ('H', 0x10, emu10k1_fx8010_info_t)
+#define SNDRV_EMU10K1_IOCTL_CODE_POKE	_IOW ('H', 0x11, emu10k1_fx8010_code_t)
+#define SNDRV_EMU10K1_IOCTL_CODE_PEEK	_IOWR('H', 0x12, emu10k1_fx8010_code_t)
+#define SNDRV_EMU10K1_IOCTL_TRAM_SETUP	_IOW ('H', 0x20, int)
+#define SNDRV_EMU10K1_IOCTL_TRAM_POKE	_IOW ('H', 0x21, emu10k1_fx8010_tram_t)
+#define SNDRV_EMU10K1_IOCTL_TRAM_PEEK	_IOWR('H', 0x22, emu10k1_fx8010_tram_t)
+#define SNDRV_EMU10K1_IOCTL_PCM_POKE	_IOW ('H', 0x30, emu10k1_fx8010_pcm_t)
+#define SNDRV_EMU10K1_IOCTL_PCM_PEEK	_IOWR('H', 0x31, emu10k1_fx8010_pcm_t)
+#define SNDRV_EMU10K1_IOCTL_PVERSION	_IOR ('H', 0x40, int)
+#define SNDRV_EMU10K1_IOCTL_STOP	_IO  ('H', 0x80)
+#define SNDRV_EMU10K1_IOCTL_CONTINUE	_IO  ('H', 0x81)
+#define SNDRV_EMU10K1_IOCTL_ZERO_TRAM_COUNTER _IO ('H', 0x82)
+#define SNDRV_EMU10K1_IOCTL_SINGLE_STEP	_IOW ('H', 0x83, int)
+#define SNDRV_EMU10K1_IOCTL_DBG_READ	_IOR ('H', 0x84, int)
+#define SNDRV_HDSP_IOCTL_GET_PEAK_RMS _IOR('H', 0x40, hdsp_peak_rms_t)
+#define SNDRV_HDSP_IOCTL_GET_CONFIG_INFO _IOR('H', 0x41, hdsp_config_info_t)
+#define SNDRV_HDSP_IOCTL_UPLOAD_FIRMWARE _IOW('H', 0x42, hdsp_firmware_t)
+#define SNDRV_HDSP_IOCTL_GET_VERSION _IOR('H', 0x43, hdsp_version_t)
+#define SNDRV_HDSP_IOCTL_GET_MIXER _IOR('H', 0x44, hdsp_mixer_t)
+#define SNDRV_HDSP_IOCTL_GET_9632_AEB _IOR('H', 0x45, hdsp_9632_aeb_t)
+#define SNDRV_SB_CSP_IOCTL_INFO		_IOR('H', 0x10, snd_sb_csp_info_t)
+#define SNDRV_SB_CSP_IOCTL_LOAD_CODE	_IOW('H', 0x11, snd_sb_csp_microcode_t)
+#define SNDRV_SB_CSP_IOCTL_UNLOAD_CODE	_IO('H', 0x12)
+#define SNDRV_SB_CSP_IOCTL_START	_IOW('H', 0x13, snd_sb_csp_start_t)
+#define SNDRV_SB_CSP_IOCTL_STOP		_IO('H', 0x14)
+#define SNDRV_SB_CSP_IOCTL_PAUSE	_IO('H', 0x15)
+#define SNDRV_SB_CSP_IOCTL_RESTART	_IO('H', 0x16)
+#define SND_SSCAPE_LOAD_BOOTB  _IOWR('P', 100, struct sscape_bootblock)
+#define SND_SSCAPE_LOAD_MCODE  _IOW ('P', 101, struct sscape_microcode)
+
+
+#define TARGET_SNDRV_SEQ_IOCTL_PVERSION	TARGET_IOR ('S', 0x00, int)
+#define TARGET_SNDRV_SEQ_IOCTL_CLIENT_ID	TARGET_IOR ('S', 0x01, int)
+#define TARGET_SNDRV_SEQ_IOCTL_SYSTEM_INFO	TARGET_IOWRU('S', 0x02)
+#define TARGET_SNDRV_SEQ_IOCTL_RUNNING_MODE	TARGET_IOWRU('S', 0x03)
+#define TARGET_SNDRV_SEQ_IOCTL_GET_CLIENT_INFO	TARGET_IOWRU('S', 0x10)
+#define TARGET_SNDRV_SEQ_IOCTL_SET_CLIENT_INFO	TARGET_IOWU ('S', 0x11)
+#define TARGET_SNDRV_SEQ_IOCTL_CREATE_PORT	TARGET_IOWRU('S', 0x20)
+#define TARGET_SNDRV_SEQ_IOCTL_DELETE_PORT	TARGET_IOWU ('S', 0x21)
+#define TARGET_SNDRV_SEQ_IOCTL_GET_PORT_INFO	TARGET_IOWRU('S', 0x22)
+#define TARGET_SNDRV_SEQ_IOCTL_SET_PORT_INFO	TARGET_IOWU ('S', 0x23)
+#define TARGET_SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT	TARGET_IOWU ('S', 0x30)
+#define TARGET_SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT TARGET_IOWU ('S', 0x31)
+#define TARGET_SNDRV_SEQ_IOCTL_CREATE_QUEUE	TARGET_IOWRU('S', 0x32)
+#define TARGET_SNDRV_SEQ_IOCTL_DELETE_QUEUE	TARGET_IOWU ('S', 0x33)
+#define TARGET_SNDRV_SEQ_IOCTL_GET_QUEUE_INFO	TARGET_IOWRU('S', 0x34)
+#define TARGET_SNDRV_SEQ_IOCTL_SET_QUEUE_INFO	TARGET_IOWRU('S', 0x35)
+#define TARGET_SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE	TARGET_IOWRU('S', 0x36)
+#define TARGET_SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS TARGET_IOWRU('S', 0x40)
+#define TARGET_SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO	TARGET_IOWRU('S', 0x41)
+#define TARGET_SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO	TARGET_IOWU ('S', 0x42)
+#define TARGET_SNDRV_SEQ_IOCTL_GET_QUEUE_OWNER	TARGET_IOWRU('S', 0x43)
+#define TARGET_SNDRV_SEQ_IOCTL_SET_QUEUE_OWNER	TARGET_IOWU ('S', 0x44)
+#define TARGET_SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER	TARGET_IOWRU('S', 0x45)
+#define TARGET_SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER	TARGET_IOWU ('S', 0x46)
+#define TARGET_SNDRV_SEQ_IOCTL_GET_QUEUE_SYNC	TARGET_IOWRU('S', 0x53)
+#define TARGET_SNDRV_SEQ_IOCTL_SET_QUEUE_SYNC	TARGET_IOWU ('S', 0x54)
+#define TARGET_SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT	TARGET_IOWRU('S', 0x49)
+#define TARGET_SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT	TARGET_IOWU ('S', 0x4a)
+#define TARGET_SNDRV_SEQ_IOCTL_GET_CLIENT_POOL	TARGET_IOWRU('S', 0x4b)
+#define TARGET_SNDRV_SEQ_IOCTL_SET_CLIENT_POOL	TARGET_IOWU ('S', 0x4c)
+#define TARGET_SNDRV_SEQ_IOCTL_REMOVE_EVENTS	TARGET_IOWU ('S', 0x4e)
+#define TARGET_SNDRV_SEQ_IOCTL_QUERY_SUBS	TARGET_IOWRU('S', 0x4f)
+#define TARGET_SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION	TARGET_IOWRU('S', 0x50)
+#define TARGET_SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT	TARGET_IOWRU('S', 0x51)
+#define TARGET_SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT	TARGET_IOWRU('S', 0x52)
+#define TARGET_SNDRV_DM_FM_IOCTL_INFO		TARGET_IORU('H', 0x20)
+#define TARGET_SNDRV_DM_FM_IOCTL_RESET		TARGET_IO ('H', 0x21)
+#define TARGET_SNDRV_DM_FM_IOCTL_PLAY_NOTE	TARGET_IOWU('H', 0x22)
+#define TARGET_SNDRV_DM_FM_IOCTL_SET_VOICE	TARGET_IOWU('H', 0x23)
+#define TARGET_SNDRV_DM_FM_IOCTL_SET_PARAMS	TARGET_IOWU('H', 0x24)
+#define TARGET_SNDRV_DM_FM_IOCTL_SET_MODE	TARGET_IOW('H', 0x25, int)
+#define TARGET_SNDRV_DM_FM_IOCTL_SET_CONNECTION	TARGET_IOW('H', 0x26, int)
+#define TARGET_SNDRV_DM_FM_OSS_IOCTL_RESET		0x20
+#define TARGET_SNDRV_DM_FM_OSS_IOCTL_PLAY_NOTE		0x21
+#define TARGET_SNDRV_DM_FM_OSS_IOCTL_SET_VOICE		0x22
+#define TARGET_SNDRV_DM_FM_OSS_IOCTL_SET_PARAMS	0x23
+#define TARGET_SNDRV_DM_FM_OSS_IOCTL_SET_MODE		0x24
+#define TARGET_SNDRV_DM_FM_OSS_IOCTL_SET_OPL		0x25
+#define TARGET_SNDRV_HWDEP_IOCTL_PVERSION TARGET_IOR ('H', 0x00, int)
+#define TARGET_SNDRV_HWDEP_IOCTL_INFO TARGET_IORU ('H', 0x01)
+#define TARGET_SNDRV_HWDEP_IOCTL_DSP_STATUS TARGET_IORU('H', 0x02)
+#define TARGET_SNDRV_HWDEP_IOCTL_DSP_LOAD   TARGET_IOWU('H', 0x03)
+#define TARGET_SNDRV_PCM_IOCTL_PVERSION TARGET_IOR('A', 0x00, int)
+#define TARGET_SNDRV_PCM_IOCTL_INFO TARGET_IORU('A', 0x01)
+#define TARGET_SNDRV_PCM_IOCTL_TSTAMP TARGET_IOW('A', 0x02, int)
+#define TARGET_SNDRV_PCM_IOCTL_HW_REFINE TARGET_IOWRU('A', 0x10)
+#define TARGET_SNDRV_PCM_IOCTL_HW_PARAMS TARGET_IOWRU('A', 0x11)
+#define TARGET_SNDRV_PCM_IOCTL_HW_FREE TARGET_IO('A', 0x12)
+#define TARGET_SNDRV_PCM_IOCTL_SW_PARAMS TARGET_IOWRU('A', 0x13)
+#define TARGET_SNDRV_PCM_IOCTL_STATUS TARGET_IORU('A', 0x20)
+#define TARGET_SNDRV_PCM_IOCTL_DELAY TARGET_IORU('A', 0x21)
+#define TARGET_SNDRV_PCM_IOCTL_HWSYNC TARGET_IO('A', 0x22)
+#define TARGET_SNDRV_PCM_IOCTL_SYNC_PTR TARGET_IOWRU('A', 0x23)
+#define TARGET_SNDRV_PCM_IOCTL_CHANNEL_INFO TARGET_IORU('A', 0x32)
+#define TARGET_SNDRV_PCM_IOCTL_PREPARE TARGET_IO('A', 0x40)
+#define TARGET_SNDRV_PCM_IOCTL_RESET TARGET_IO('A', 0x41)
+#define TARGET_SNDRV_PCM_IOCTL_START TARGET_IO('A', 0x42)
+#define TARGET_SNDRV_PCM_IOCTL_DROP TARGET_IO('A', 0x43)
+#define TARGET_SNDRV_PCM_IOCTL_DRAIN TARGET_IO('A', 0x44)
+#define TARGET_SNDRV_PCM_IOCTL_PAUSE TARGET_IOW('A', 0x45, int)
+#define TARGET_SNDRV_PCM_IOCTL_REWIND TARGET_IOWU('A', 0x46)
+#define TARGET_SNDRV_PCM_IOCTL_RESUME TARGET_IO('A', 0x47)
+#define TARGET_SNDRV_PCM_IOCTL_XRUN TARGET_IO('A', 0x48)
+#define TARGET_SNDRV_PCM_IOCTL_FORWARD TARGET_IOWU('A', 0x49)
+#define TARGET_SNDRV_PCM_IOCTL_WRITEI_FRAMES TARGET_IOWU('A', 0x50)
+#define TARGET_SNDRV_PCM_IOCTL_READI_FRAMES TARGET_IORU('A', 0x51)
+#define TARGET_SNDRV_PCM_IOCTL_WRITEN_FRAMES TARGET_IOWU('A', 0x52)
+#define TARGET_SNDRV_PCM_IOCTL_READN_FRAMES TARGET_IORU('A', 0x53)
+#define TARGET_SNDRV_PCM_IOCTL_LINK TARGET_IOW('A', 0x60, int)
+#define TARGET_SNDRV_PCM_IOCTL_UNLINK TARGET_IO('A', 0x61)
+#define TARGET_SNDRV_RAWMIDI_IOCTL_PVERSION TARGET_IOR('W', 0x00, int)
+#define TARGET_SNDRV_RAWMIDI_IOCTL_INFO TARGET_IORU('W', 0x01)
+#define TARGET_SNDRV_RAWMIDI_IOCTL_PARAMS TARGET_IOWRU('W', 0x10)
+#define TARGET_SNDRV_RAWMIDI_IOCTL_STATUS TARGET_IOWRU('W', 0x20)
+#define TARGET_SNDRV_RAWMIDI_IOCTL_DROP TARGET_IOW('W', 0x30, int)
+#define TARGET_SNDRV_RAWMIDI_IOCTL_DRAIN TARGET_IOW('W', 0x31, int)
+#define TARGET_SNDRV_TIMER_IOCTL_PVERSION TARGET_IOR('T', 0x00, int)
+#define TARGET_SNDRV_TIMER_IOCTL_NEXT_DEVICE TARGET_IOWRU('T', 0x01)
+#define TARGET_SNDRV_TIMER_IOCTL_TREAD TARGET_IOW('T', 0x02, int)
+#define TARGET_SNDRV_TIMER_IOCTL_GINFO TARGET_IOWRU('T', 0x03)
+#define TARGET_SNDRV_TIMER_IOCTL_GPARAMS TARGET_IOWU('T', 0x04)
+#define TARGET_SNDRV_TIMER_IOCTL_GSTATUS TARGET_IOWRU('T', 0x05)
+#define TARGET_SNDRV_TIMER_IOCTL_SELECT TARGET_IOWU('T', 0x10)
+#define TARGET_SNDRV_TIMER_IOCTL_INFO TARGET_IORU('T', 0x11)
+#define TARGET_SNDRV_TIMER_IOCTL_PARAMS TARGET_IOWU('T', 0x12)
+#define TARGET_SNDRV_TIMER_IOCTL_STATUS TARGET_IORU('T', 0x14)
+#define TARGET_SNDRV_TIMER_IOCTL_START TARGET_IO('T', 0xa0)
+#define TARGET_SNDRV_TIMER_IOCTL_STOP TARGET_IO('T', 0xa1)
+#define TARGET_SNDRV_TIMER_IOCTL_CONTINUE TARGET_IO('T', 0xa2)
+#define TARGET_SNDRV_TIMER_IOCTL_PAUSE TARGET_IO('T', 0xa3)
+#define TARGET_SNDRV_CTL_IOCTL_PVERSION TARGET_IOR('U', 0x00, int)
+#define TARGET_SNDRV_CTL_IOCTL_CARD_INFO TARGET_IORU('U', 0x01)
+#define TARGET_SNDRV_CTL_IOCTL_ELEM_LIST TARGET_IOWRU('U', 0x10)
+#define TARGET_SNDRV_CTL_IOCTL_ELEM_INFO TARGET_IOWRU('U', 0x11)
+#define TARGET_SNDRV_CTL_IOCTL_ELEM_READ TARGET_IOWRU('U', 0x12)
+#define TARGET_SNDRV_CTL_IOCTL_ELEM_WRITE TARGET_IOWRU('U', 0x13)
+#define TARGET_SNDRV_CTL_IOCTL_ELEM_LOCK TARGET_IOWU('U', 0x14)
+#define TARGET_SNDRV_CTL_IOCTL_ELEM_UNLOCK TARGET_IOWU('U', 0x15)
+#define TARGET_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS TARGET_IOWR('U', 0x16, int)
+#define TARGET_SNDRV_CTL_IOCTL_ELEM_ADD TARGET_IOWRU('U', 0x17)
+#define TARGET_SNDRV_CTL_IOCTL_ELEM_REPLACE TARGET_IOWRU('U', 0x18)
+#define TARGET_SNDRV_CTL_IOCTL_ELEM_REMOVE TARGET_IOWRU('U', 0x19)
+#define TARGET_SNDRV_CTL_IOCTL_TLV_READ TARGET_IOWRU('U', 0x1a)
+#define TARGET_SNDRV_CTL_IOCTL_TLV_WRITE TARGET_IOWRU('U', 0x1b)
+#define TARGET_SNDRV_CTL_IOCTL_TLV_COMMAND TARGET_IOWRU('U', 0x1c)
+#define TARGET_SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE TARGET_IOWR('U', 0x20, int)
+#define TARGET_SNDRV_CTL_IOCTL_HWDEP_INFO TARGET_IORU('U', 0x21)
+#define TARGET_SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE TARGET_IOR('U', 0x30, int)
+#define TARGET_SNDRV_CTL_IOCTL_PCM_INFO TARGET_IOWRU('U', 0x31)
+#define TARGET_SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE TARGET_IOW('U', 0x32, int)
+#define TARGET_SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE TARGET_IOWR('U', 0x40, int)
+#define TARGET_SNDRV_CTL_IOCTL_RAWMIDI_INFO TARGET_IOWRU('U', 0x41)
+#define TARGET_SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE TARGET_IOW('U', 0x42, int)
+#define TARGET_SNDRV_CTL_IOCTL_POWER TARGET_IOWR('U', 0xd0, int)
+#define TARGET_SNDRV_CTL_IOCTL_POWER_STATE TARGET_IOR('U', 0xd1, int)
+#define TARGET_SNDRV_IOCTL_READV TARGET_IOWU('K', 0x00)
+#define TARGET_SNDRV_IOCTL_WRITEV TARGET_IOWU('K', 0x01)
+#define TARGET_SNDRV_EMU10K1_IOCTL_INFO	TARGET_IORU ('H', 0x10)
+#define TARGET_SNDRV_EMU10K1_IOCTL_CODE_POKE	TARGET_IOWU ('H', 0x11)
+#define TARGET_SNDRV_EMU10K1_IOCTL_CODE_PEEK	TARGET_IOWRU('H', 0x12)
+#define TARGET_SNDRV_EMU10K1_IOCTL_TRAM_SETUP	TARGET_IOW ('H', 0x20, int)
+#define TARGET_SNDRV_EMU10K1_IOCTL_TRAM_POKE	TARGET_IOWU ('H', 0x21)
+#define TARGET_SNDRV_EMU10K1_IOCTL_TRAM_PEEK	TARGET_IOWRU('H', 0x22)
+#define TARGET_SNDRV_EMU10K1_IOCTL_PCM_POKE	TARGET_IOWU ('H', 0x30)
+#define TARGET_SNDRV_EMU10K1_IOCTL_PCM_PEEK	TARGET_IOWRU('H', 0x31)
+#define TARGET_SNDRV_EMU10K1_IOCTL_PVERSION	TARGET_IOR ('H', 0x40, int)
+#define TARGET_SNDRV_EMU10K1_IOCTL_STOP	TARGET_IO  ('H', 0x80)
+#define TARGET_SNDRV_EMU10K1_IOCTL_CONTINUE	TARGET_IO  ('H', 0x81)
+#define TARGET_SNDRV_EMU10K1_IOCTL_ZERO_TRAM_COUNTER TARGET_IO ('H', 0x82)
+#define TARGET_SNDRV_EMU10K1_IOCTL_SINGLE_STEP	TARGET_IOW ('H', 0x83, int)
+#define TARGET_SNDRV_EMU10K1_IOCTL_DBG_READ	TARGET_IOR ('H', 0x84, int)
+#define TARGET_SNDRV_HDSP_IOCTL_GET_PEAK_RMS TARGET_IORU('H', 0x40)
+#define TARGET_SNDRV_HDSP_IOCTL_GET_CONFIG_INFO TARGET_IORU('H', 0x41)
+#define TARGET_SNDRV_HDSP_IOCTL_UPLOAD_FIRMWARE TARGET_IOWU('H', 0x42)
+#define TARGET_SNDRV_HDSP_IOCTL_GET_VERSION TARGET_IORU('H', 0x43)
+#define TARGET_SNDRV_HDSP_IOCTL_GET_MIXER TARGET_IORU('H', 0x44)
+#define TARGET_SNDRV_HDSP_IOCTL_GET_9632_AEB TARGET_IORU('H', 0x45)
+#define TARGET_SNDRV_SB_CSP_IOCTL_INFO		TARGET_IORU('H', 0x10)
+#define TARGET_SNDRV_SB_CSP_IOCTL_LOAD_CODE	TARGET_IOWU('H', 0x11)
+#define TARGET_SNDRV_SB_CSP_IOCTL_UNLOAD_CODE	TARGET_IO('H', 0x12)
+#define TARGET_SNDRV_SB_CSP_IOCTL_START	TARGET_IOWU('H', 0x13)
+#define TARGET_SNDRV_SB_CSP_IOCTL_STOP		TARGET_IO('H', 0x14)
+#define TARGET_SNDRV_SB_CSP_IOCTL_PAUSE	TARGET_IO('H', 0x15)
+#define TARGET_SNDRV_SB_CSP_IOCTL_RESTART	TARGET_IO('H', 0x16)
+#define TARGET_SND_SSCAPE_LOAD_BOOTB  TARGET_IOWRU('P', 100)
+#define TARGET_SND_SSCAPE_LOAD_MCODE  TARGET_IOWU ('P', 101)
+
+IOCTL( SNDRV_SEQ_IOCTL_PVERSION	, IOC_R, MK_PTR(TYPE_INT) )
+IOCTL( SNDRV_SEQ_IOCTL_CLIENT_ID	, IOC_R, MK_PTR(TYPE_INT) )
+IOCTL( SNDRV_SEQ_IOCTL_SYSTEM_INFO	, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_sndrv_seq_system_info)) )
+IOCTL( SNDRV_SEQ_IOCTL_RUNNING_MODE	, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_sndrv_seq_running_info)) )
+IOCTL( SNDRV_SEQ_IOCTL_GET_CLIENT_INFO	, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_sndrv_seq_client_info)) )
+IOCTL( SNDRV_SEQ_IOCTL_SET_CLIENT_INFO	, IOC_W, MK_PTR(MK_STRUCT(STRUCT_sndrv_seq_client_info)) )
+IOCTL( SNDRV_SEQ_IOCTL_CREATE_PORT	, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_sndrv_seq_port_info)) )
+IOCTL( SNDRV_SEQ_IOCTL_DELETE_PORT	, IOC_W, MK_PTR(MK_STRUCT(STRUCT_sndrv_seq_port_info)) )
+IOCTL( SNDRV_SEQ_IOCTL_GET_PORT_INFO	, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_sndrv_seq_port_info)) )
+IOCTL( SNDRV_SEQ_IOCTL_SET_PORT_INFO	, IOC_W, MK_PTR(MK_STRUCT(STRUCT_sndrv_seq_port_info)) )
+IOCTL( SNDRV_SEQ_IOCTL_SUBSCRIBE_PORT	, IOC_W, MK_PTR(MK_STRUCT(STRUCT_sndrv_seq_port_subscribe)) )
+IOCTL( SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT , IOC_W, MK_PTR(MK_STRUCT(STRUCT_sndrv_seq_port_subscribe)) )
+IOCTL( SNDRV_SEQ_IOCTL_CREATE_QUEUE	, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_sndrv_seq_queue_info)) )
+IOCTL( SNDRV_SEQ_IOCTL_DELETE_QUEUE	, IOC_W, MK_PTR(MK_STRUCT(STRUCT_sndrv_seq_queue_info)) )
+IOCTL( SNDRV_SEQ_IOCTL_GET_QUEUE_INFO	, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_sndrv_seq_queue_info)) )
+IOCTL( SNDRV_SEQ_IOCTL_SET_QUEUE_INFO	, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_sndrv_seq_queue_info)) )
+IOCTL( SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE	, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_sndrv_seq_queue_info)) )
+IOCTL( SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS , IOC_RW, MK_PTR(MK_STRUCT(STRUCT_sndrv_seq_queue_status)) )
+IOCTL( SNDRV_SEQ_IOCTL_GET_QUEUE_TEMPO	, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_sndrv_seq_queue_tempo)) )
+IOCTL( SNDRV_SEQ_IOCTL_SET_QUEUE_TEMPO	, IOC_W, MK_PTR(MK_STRUCT(STRUCT_sndrv_seq_queue_tempo)) )
+//IOCTL( SNDRV_SEQ_IOCTL_GET_QUEUE_OWNER	, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_sndrv_seq_queue_owner)) )
+//IOCTL( SNDRV_SEQ_IOCTL_SET_QUEUE_OWNER	, IOC_W, MK_PTR(MK_STRUCT(STRUCT_sndrv_seq_queue_owner)) )
+IOCTL( SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER	, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_sndrv_seq_queue_timer)) )
+IOCTL( SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER	, IOC_W, MK_PTR(MK_STRUCT(STRUCT_sndrv_seq_queue_timer)) )
+//IOCTL( SNDRV_SEQ_IOCTL_GET_QUEUE_SYNC	, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_sndrv_seq_queue_sync)) )
+//IOCTL( SNDRV_SEQ_IOCTL_SET_QUEUE_SYNC	, IOC_W, MK_PTR(MK_STRUCT(STRUCT_sndrv_seq_queue_sync)) )
+IOCTL( SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT	, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_sndrv_seq_queue_client)) )
+IOCTL( SNDRV_SEQ_IOCTL_SET_QUEUE_CLIENT	, IOC_W, MK_PTR(MK_STRUCT(STRUCT_sndrv_seq_queue_client)) )
+IOCTL( SNDRV_SEQ_IOCTL_GET_CLIENT_POOL	, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_sndrv_seq_client_pool)) )
+IOCTL( SNDRV_SEQ_IOCTL_SET_CLIENT_POOL	, IOC_W, MK_PTR(MK_STRUCT(STRUCT_sndrv_seq_client_pool)) )
+IOCTL( SNDRV_SEQ_IOCTL_REMOVE_EVENTS	, IOC_W, MK_PTR(MK_STRUCT(STRUCT_sndrv_seq_remove_events)) )
+IOCTL( SNDRV_SEQ_IOCTL_QUERY_SUBS	, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_sndrv_seq_query_subs)) )
+IOCTL( SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION	, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_sndrv_seq_port_subscribe)) )
+IOCTL( SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT	, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_sndrv_seq_client_info)) )
+IOCTL( SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT	, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_sndrv_seq_port_info)) )
+IOCTL( SNDRV_DM_FM_IOCTL_INFO		, IOC_R, MK_PTR(MK_STRUCT(STRUCT_snd_dm_fm_info)) )
+IOCTL( SNDRV_DM_FM_IOCTL_RESET		, 0, TYPE_NULL )
+IOCTL( SNDRV_DM_FM_IOCTL_PLAY_NOTE	, IOC_W, MK_PTR(MK_STRUCT(STRUCT_snd_dm_fm_note)) )
+IOCTL( SNDRV_DM_FM_IOCTL_SET_VOICE	, IOC_W, MK_PTR(MK_STRUCT(STRUCT_snd_dm_fm_voice)) )
+IOCTL( SNDRV_DM_FM_IOCTL_SET_PARAMS	, IOC_W, MK_PTR(MK_STRUCT(STRUCT_snd_dm_fm_params)) )
+IOCTL( SNDRV_DM_FM_IOCTL_SET_MODE	, IOC_W, MK_PTR(TYPE_INT) )
+IOCTL( SNDRV_DM_FM_IOCTL_SET_CONNECTION	, IOC_W, MK_PTR(TYPE_INT) )
+IOCTL( SNDRV_HWDEP_IOCTL_PVERSION , IOC_R, MK_PTR(TYPE_INT) )
+IOCTL( SNDRV_HWDEP_IOCTL_INFO , IOC_R, MK_PTR(MK_STRUCT(STRUCT_sndrv_hwdep_info)) )
+IOCTL( SNDRV_HWDEP_IOCTL_DSP_STATUS , IOC_R, MK_PTR(MK_STRUCT(STRUCT_sndrv_hwdep_dsp_status)) )
+IOCTL( SNDRV_HWDEP_IOCTL_DSP_LOAD   , IOC_W, MK_PTR(MK_STRUCT(STRUCT_sndrv_hwdep_dsp_image)) )
+IOCTL( SNDRV_PCM_IOCTL_PVERSION , IOC_R, MK_PTR(TYPE_INT) )
+IOCTL( SNDRV_PCM_IOCTL_INFO , IOC_R, MK_PTR(MK_STRUCT(STRUCT_sndrv_pcm_info)) )
+IOCTL( SNDRV_PCM_IOCTL_TSTAMP , IOC_W, MK_PTR(TYPE_INT) )
+IOCTL( SNDRV_PCM_IOCTL_HW_REFINE , IOC_RW, MK_PTR(MK_STRUCT(STRUCT_sndrv_pcm_hw_params)) )
+IOCTL( SNDRV_PCM_IOCTL_HW_PARAMS , IOC_RW, MK_PTR(MK_STRUCT(STRUCT_sndrv_pcm_hw_params)) )
+IOCTL( SNDRV_PCM_IOCTL_HW_FREE , 0, TYPE_NULL )
+IOCTL( SNDRV_PCM_IOCTL_SW_PARAMS , IOC_RW, MK_PTR(MK_STRUCT(STRUCT_sndrv_pcm_sw_params)) )
+IOCTL( SNDRV_PCM_IOCTL_STATUS , IOC_R, MK_PTR(MK_STRUCT(STRUCT_sndrv_pcm_status)) )
+IOCTL( SNDRV_PCM_IOCTL_DELAY , IOC_R, MK_PTR(MK_STRUCT(STRUCT_sndrv_pcm_sframes)) )
+IOCTL( SNDRV_PCM_IOCTL_HWSYNC , 0, TYPE_NULL )
+IOCTL( SNDRV_PCM_IOCTL_SYNC_PTR , IOC_RW, MK_PTR(MK_STRUCT(STRUCT_sndrv_pcm_sync_ptr)) )
+IOCTL( SNDRV_PCM_IOCTL_CHANNEL_INFO , IOC_R, MK_PTR(MK_STRUCT(STRUCT_sndrv_pcm_channel_info)) )
+IOCTL( SNDRV_PCM_IOCTL_PREPARE , 0, TYPE_NULL )
+IOCTL( SNDRV_PCM_IOCTL_RESET , 0, TYPE_NULL )
+IOCTL( SNDRV_PCM_IOCTL_START , 0, TYPE_NULL )
+IOCTL( SNDRV_PCM_IOCTL_DROP , 0, TYPE_NULL )
+IOCTL( SNDRV_PCM_IOCTL_DRAIN , 0, TYPE_NULL )
+IOCTL( SNDRV_PCM_IOCTL_PAUSE , IOC_W, MK_PTR(TYPE_INT) )
+IOCTL( SNDRV_PCM_IOCTL_REWIND , IOC_W, MK_PTR(MK_STRUCT(STRUCT_sndrv_pcm_uframes)) )
+IOCTL( SNDRV_PCM_IOCTL_RESUME , 0, TYPE_NULL )
+IOCTL( SNDRV_PCM_IOCTL_XRUN , 0, TYPE_NULL )
+IOCTL( SNDRV_PCM_IOCTL_FORWARD , IOC_W, MK_PTR(MK_STRUCT(STRUCT_sndrv_pcm_uframes)) )
+IOCTL( SNDRV_PCM_IOCTL_WRITEI_FRAMES , IOC_W, MK_PTR(MK_STRUCT(STRUCT_sndrv_xferi)) )
+IOCTL( SNDRV_PCM_IOCTL_READI_FRAMES , IOC_R, MK_PTR(MK_STRUCT(STRUCT_sndrv_xferi)) )
+IOCTL( SNDRV_PCM_IOCTL_WRITEN_FRAMES , IOC_W, MK_PTR(MK_STRUCT(STRUCT_sndrv_xfern)) )
+IOCTL( SNDRV_PCM_IOCTL_READN_FRAMES , IOC_R, MK_PTR(MK_STRUCT(STRUCT_sndrv_xfern)) )
+IOCTL( SNDRV_PCM_IOCTL_LINK , IOC_W, MK_PTR(TYPE_INT) )
+IOCTL( SNDRV_PCM_IOCTL_UNLINK , 0, TYPE_NULL )
+IOCTL( SNDRV_RAWMIDI_IOCTL_PVERSION , IOC_R, MK_PTR(TYPE_INT) )
+IOCTL( SNDRV_RAWMIDI_IOCTL_INFO , IOC_R, MK_PTR(MK_STRUCT(STRUCT_sndrv_rawmidi_info)) )
+IOCTL( SNDRV_RAWMIDI_IOCTL_PARAMS , IOC_RW, MK_PTR(MK_STRUCT(STRUCT_sndrv_rawmidi_params)) )
+IOCTL( SNDRV_RAWMIDI_IOCTL_STATUS , IOC_RW, MK_PTR(MK_STRUCT(STRUCT_sndrv_rawmidi_status)) )
+IOCTL( SNDRV_RAWMIDI_IOCTL_DROP , IOC_W, MK_PTR(TYPE_INT) )
+IOCTL( SNDRV_RAWMIDI_IOCTL_DRAIN , IOC_W, MK_PTR(TYPE_INT) )
+IOCTL( SNDRV_TIMER_IOCTL_PVERSION , IOC_R, MK_PTR(TYPE_INT) )
+IOCTL( SNDRV_TIMER_IOCTL_NEXT_DEVICE , IOC_RW, MK_PTR(MK_STRUCT(STRUCT_sndrv_timer_id)) )
+IOCTL( SNDRV_TIMER_IOCTL_TREAD , IOC_W, MK_PTR(TYPE_INT) )
+IOCTL( SNDRV_TIMER_IOCTL_GINFO , IOC_RW, MK_PTR(MK_STRUCT(STRUCT_sndrv_timer_ginfo)) )
+IOCTL( SNDRV_TIMER_IOCTL_GPARAMS , IOC_W, MK_PTR(MK_STRUCT(STRUCT_sndrv_timer_gparams)) )
+IOCTL( SNDRV_TIMER_IOCTL_GSTATUS , IOC_RW, MK_PTR(MK_STRUCT(STRUCT_sndrv_timer_gstatus)) )
+IOCTL( SNDRV_TIMER_IOCTL_SELECT , IOC_W, MK_PTR(MK_STRUCT(STRUCT_sndrv_timer_select)) )
+IOCTL( SNDRV_TIMER_IOCTL_INFO , IOC_R, MK_PTR(MK_STRUCT(STRUCT_sndrv_timer_info)) )
+IOCTL( SNDRV_TIMER_IOCTL_PARAMS , IOC_W, MK_PTR(MK_STRUCT(STRUCT_sndrv_timer_params)) )
+IOCTL( SNDRV_TIMER_IOCTL_STATUS , IOC_R, MK_PTR(MK_STRUCT(STRUCT_sndrv_timer_status)) )
+IOCTL( SNDRV_TIMER_IOCTL_START , 0, TYPE_NULL )
+IOCTL( SNDRV_TIMER_IOCTL_STOP , 0, TYPE_NULL )
+IOCTL( SNDRV_TIMER_IOCTL_CONTINUE , 0, TYPE_NULL )
+IOCTL( SNDRV_TIMER_IOCTL_PAUSE , 0, TYPE_NULL )
+IOCTL( SNDRV_CTL_IOCTL_PVERSION , IOC_R, MK_PTR(TYPE_INT) )
+IOCTL( SNDRV_CTL_IOCTL_CARD_INFO , IOC_R, MK_PTR(MK_STRUCT(STRUCT_sndrv_ctl_card_info)) )
+IOCTL( SNDRV_CTL_IOCTL_ELEM_LIST , IOC_RW, MK_PTR(MK_STRUCT(STRUCT_sndrv_ctl_elem_list)) )
+IOCTL( SNDRV_CTL_IOCTL_ELEM_INFO , IOC_RW, MK_PTR(MK_STRUCT(STRUCT_sndrv_ctl_elem_info)) )
+IOCTL( SNDRV_CTL_IOCTL_ELEM_READ , IOC_RW, MK_PTR(MK_STRUCT(STRUCT_sndrv_ctl_elem_value)) )
+IOCTL( SNDRV_CTL_IOCTL_ELEM_WRITE , IOC_RW, MK_PTR(MK_STRUCT(STRUCT_sndrv_ctl_elem_value)) )
+IOCTL( SNDRV_CTL_IOCTL_ELEM_LOCK , IOC_W, MK_PTR(MK_STRUCT(STRUCT_sndrv_ctl_elem_id)) )
+IOCTL( SNDRV_CTL_IOCTL_ELEM_UNLOCK , IOC_W, MK_PTR(MK_STRUCT(STRUCT_sndrv_ctl_elem_id)) )
+IOCTL( SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS , IOC_RW, MK_PTR(TYPE_INT) )
+IOCTL( SNDRV_CTL_IOCTL_ELEM_ADD , IOC_RW, MK_PTR(MK_STRUCT(STRUCT_sndrv_ctl_elem_info)) )
+IOCTL( SNDRV_CTL_IOCTL_ELEM_REPLACE , IOC_RW, MK_PTR(MK_STRUCT(STRUCT_sndrv_ctl_elem_info)) )
+IOCTL( SNDRV_CTL_IOCTL_ELEM_REMOVE , IOC_RW, MK_PTR(MK_STRUCT(STRUCT_sndrv_ctl_elem_id)) )
+IOCTL( SNDRV_CTL_IOCTL_TLV_READ , IOC_RW, MK_PTR(MK_STRUCT(STRUCT_sndrv_ctl_tlv)) )
+IOCTL( SNDRV_CTL_IOCTL_TLV_WRITE , IOC_RW, MK_PTR(MK_STRUCT(STRUCT_sndrv_ctl_tlv)) )
+IOCTL( SNDRV_CTL_IOCTL_TLV_COMMAND , IOC_RW, MK_PTR(MK_STRUCT(STRUCT_sndrv_ctl_tlv)) )
+IOCTL( SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE , IOC_RW, MK_PTR(TYPE_INT) )
+IOCTL( SNDRV_CTL_IOCTL_HWDEP_INFO , IOC_R, MK_PTR(MK_STRUCT(STRUCT_sndrv_hwdep_info)) )
+IOCTL( SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE , IOC_R, MK_PTR(TYPE_INT) )
+IOCTL( SNDRV_CTL_IOCTL_PCM_INFO , IOC_RW, MK_PTR(MK_STRUCT(STRUCT_sndrv_pcm_info)) )
+IOCTL( SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE , IOC_W, MK_PTR(TYPE_INT) )
+IOCTL( SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE , IOC_RW, MK_PTR(TYPE_INT) )
+IOCTL( SNDRV_CTL_IOCTL_RAWMIDI_INFO , IOC_RW, MK_PTR(MK_STRUCT(STRUCT_sndrv_rawmidi_info)) )
+IOCTL( SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE , IOC_W, MK_PTR(TYPE_INT) )
+IOCTL( SNDRV_CTL_IOCTL_POWER , IOC_RW, MK_PTR(TYPE_INT) )
+IOCTL( SNDRV_CTL_IOCTL_POWER_STATE , IOC_R, MK_PTR(TYPE_INT) )
+IOCTL( SNDRV_IOCTL_READV , IOC_W, MK_PTR(MK_STRUCT(STRUCT_sndrv_xferv)) )
+IOCTL( SNDRV_IOCTL_WRITEV , IOC_W, MK_PTR(MK_STRUCT(STRUCT_sndrv_xferv)) )
+IOCTL( SNDRV_EMU10K1_IOCTL_INFO	, IOC_R, MK_PTR(MK_STRUCT(STRUCT_emu10k1_fx8010_info)) )
+IOCTL( SNDRV_EMU10K1_IOCTL_CODE_POKE	, IOC_W, MK_PTR(MK_STRUCT(STRUCT_emu10k1_fx8010_code)) )
+IOCTL( SNDRV_EMU10K1_IOCTL_CODE_PEEK	, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_emu10k1_fx8010_code)) )
+IOCTL( SNDRV_EMU10K1_IOCTL_TRAM_SETUP	, IOC_W, MK_PTR(TYPE_INT) )
+IOCTL( SNDRV_EMU10K1_IOCTL_TRAM_POKE	, IOC_W, MK_PTR(MK_STRUCT(STRUCT_emu10k1_fx8010_tram)) )
+IOCTL( SNDRV_EMU10K1_IOCTL_TRAM_PEEK	, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_emu10k1_fx8010_tram)) )
+IOCTL( SNDRV_EMU10K1_IOCTL_PCM_POKE	, IOC_W, MK_PTR(MK_STRUCT(STRUCT_emu10k1_fx8010_pcm)) )
+IOCTL( SNDRV_EMU10K1_IOCTL_PCM_PEEK	, IOC_RW, MK_PTR(MK_STRUCT(STRUCT_emu10k1_fx8010_pcm)) )
+IOCTL( SNDRV_EMU10K1_IOCTL_PVERSION	, IOC_R, MK_PTR(TYPE_INT) )
+IOCTL( SNDRV_EMU10K1_IOCTL_STOP	, 0, TYPE_NULL )
+IOCTL( SNDRV_EMU10K1_IOCTL_CONTINUE	, 0, TYPE_NULL )
+IOCTL( SNDRV_EMU10K1_IOCTL_ZERO_TRAM_COUNTER , 0, TYPE_NULL )
+IOCTL( SNDRV_EMU10K1_IOCTL_SINGLE_STEP	, IOC_W, MK_PTR(TYPE_INT) )
+IOCTL( SNDRV_EMU10K1_IOCTL_DBG_READ	, IOC_R, MK_PTR(TYPE_INT) )
+IOCTL( SNDRV_HDSP_IOCTL_GET_PEAK_RMS , IOC_R, MK_PTR(MK_STRUCT(STRUCT_hdsp_peak_rms)) )
+IOCTL( SNDRV_HDSP_IOCTL_GET_CONFIG_INFO , IOC_R, MK_PTR(MK_STRUCT(STRUCT_hdsp_config_info)) )
+IOCTL( SNDRV_HDSP_IOCTL_UPLOAD_FIRMWARE , IOC_W, MK_PTR(MK_STRUCT(STRUCT_hdsp_firmware)) )
+IOCTL( SNDRV_HDSP_IOCTL_GET_VERSION , IOC_R, MK_PTR(MK_STRUCT(STRUCT_hdsp_version)) )
+IOCTL( SNDRV_HDSP_IOCTL_GET_MIXER , IOC_R, MK_PTR(MK_STRUCT(STRUCT_hdsp_mixer)) )
+IOCTL( SNDRV_HDSP_IOCTL_GET_9632_AEB , IOC_R, MK_PTR(MK_STRUCT(STRUCT_hdsp_9632_aeb)) )
+IOCTL( SNDRV_SB_CSP_IOCTL_INFO		, IOC_R, MK_PTR(MK_STRUCT(STRUCT_snd_sb_csp_info)) )
+#if _IOC_SIZEBITS > 13
+IOCTL( SNDRV_SB_CSP_IOCTL_LOAD_CODE	, IOC_W, MK_PTR(MK_STRUCT(STRUCT_snd_sb_csp_microcode)) )
+#endif
+IOCTL( SNDRV_SB_CSP_IOCTL_UNLOAD_CODE	, 0, TYPE_NULL )
+IOCTL( SNDRV_SB_CSP_IOCTL_START	, IOC_W, MK_PTR(MK_STRUCT(STRUCT_snd_sb_csp_start)) )
+IOCTL( SNDRV_SB_CSP_IOCTL_STOP		, 0, TYPE_NULL )
+IOCTL( SNDRV_SB_CSP_IOCTL_PAUSE	, 0, TYPE_NULL )
+IOCTL( SNDRV_SB_CSP_IOCTL_RESTART	, 0, TYPE_NULL )
+IOCTL( SND_SSCAPE_LOAD_BOOTB  , IOC_RW, MK_PTR(MK_STRUCT(STRUCT_sscape_bootblock)) )
+IOCTL( SND_SSCAPE_LOAD_MCODE  , IOC_W, MK_PTR(MK_STRUCT(STRUCT_sscape_microcode)) )

linux-user/linux_loop.h

@@ -91,5 +91,6 @@ struct loop_info64 {
 #define LOOP_SET_STATUS64	0x4C04
 #define LOOP_GET_STATUS64	0x4C05
 #define LOOP_CHANGE_FD		0x4C06
+#define LOOP_BOGUS_CMD		0x4C82
 
 #endif

linux-user/main.c

@@ -64,6 +64,7 @@ unsigned long reserved_va;
 #endif
 
 static void usage(void);
+extern int use_stopflag;
 
 static const char *interp_prefix = CONFIG_QEMU_INTERP_PREFIX;
 const char *qemu_uname_release = CONFIG_UNAME_RELEASE;
@@ -846,15 +847,22 @@ void cpu_loop(CPUARMState *env)
                             break;
                         }
                     } else {
-                        env->regs[0] = do_syscall(env,
-                                                  n,
-                                                  env->regs[0],
-                                                  env->regs[1],
-                                                  env->regs[2],
-                                                  env->regs[3],
-                                                  env->regs[4],
-                                                  env->regs[5],
-                                                  0, 0);
+                        TaskState *ts = ((CPUArchState*)env)->opaque;
+                        target_ulong r;
+                        r = do_syscall(env, n, env->regs[0], env->regs[1],
+                                       env->regs[2], env->regs[3], env->regs[4],
+                                       env->regs[5], 0, 0);
+                        if ((r == -EINTR) && ts->signal_restart &&
+                            syscall_restartable(n)) {
+                            if (env->thumb) {
+                                env->regs[15] -= 2;
+                            } else {
+                                env->regs[15] -= 4;
+                            }
+                        } else {
+                            env->regs[0] = r;
+                        }
+                        ts->signal_restart = 0;
                     }
                 } else {
                     goto error;
@@ -3196,6 +3204,11 @@ static void handle_arg_reserved_va(const char *arg)
 }
 #endif
 
+static void handle_arg_nostopflag(const char *arg)
+{
+    use_stopflag = 0;
+}
+
 static void handle_arg_singlestep(const char *arg)
 {
     singlestep = 1;
@@ -3251,6 +3264,8 @@ static const struct qemu_argument arg_table[] = {
      "options",    "activate log"},
     {"D",          "QEMU_LOG_FILENAME", true, handle_arg_log_filename,
      "logfile",     "override default logfile location"},
+    {"no-stopflag", "QEMU_NOSTOPFLAG", false, handle_arg_nostopflag,
+     "",           "run in singlestep mode"},
     {"p",          "QEMU_PAGESIZE",    true,  handle_arg_pagesize,
      "pagesize",   "set the host page size to 'pagesize'"},
     {"singlestep", "QEMU_SINGLESTEP",  false, handle_arg_singlestep,

linux-user/mmap.c

@@ -30,6 +30,7 @@
 
 #include "qemu.h"
 #include "qemu-common.h"
+#include "tcg.h"
 
 //#define DEBUG_MMAP
 
@@ -41,6 +42,7 @@ void mmap_lock(void)
 {
     if (mmap_lock_count++ == 0) {
         pthread_mutex_lock(&mmap_mutex);
+        tcg_lock();
     }
 }
 
@@ -48,6 +50,7 @@ void mmap_unlock(void)
 {
     if (--mmap_lock_count == 0) {
         pthread_mutex_unlock(&mmap_mutex);
+        tcg_unlock();
     }
 }
 
@@ -377,6 +380,9 @@ abi_ulong mmap_find_vma(abi_ulong start, abi_ulong size)
     }
 }
 
+#define SNDRV_PCM_MMAP_OFFSET_STATUS  0x80000000
+#define SNDRV_PCM_MMAP_OFFSET_CONTROL 0x81000000
+
 /* NOTE: all the constants are the HOST ones */
 abi_long target_mmap(abi_ulong start, abi_ulong len, int prot,
                      int flags, int fd, abi_ulong offset)
@@ -411,6 +417,17 @@ abi_long target_mmap(abi_ulong start, abi_ulong len, int prot,
     }
 #endif
 
+    /* Alsa tries to communcate with the kernel via mmap. This usually
+     * is a good idea when user- and kernelspace are running on the
+     * same architecture but does not work out when not. To make alsa
+     * not to use mmap, we can just have it fail on the mmap calls that
+     * would initiate this.
+     */
+    if(offset == SNDRV_PCM_MMAP_OFFSET_STATUS || offset == SNDRV_PCM_MMAP_OFFSET_CONTROL) {
+	errno = EINVAL;
+	return -1;
+    }
+
     if (offset & ~TARGET_PAGE_MASK) {
         errno = EINVAL;
         goto fail;

linux-user/qemu.h

@@ -137,6 +137,8 @@ typedef struct TaskState {
     struct sigqueue sigqueue_table[MAX_SIGQUEUE_SIZE]; /* siginfo queue */
     struct sigqueue *first_free; /* first free siginfo queue entry */
     int signal_pending; /* non zero if a signal may be pending */
+    int signal_in_syscall; /* non zero if we are in do_syscall() */
+    int signal_restart; /* non zero if we need to restart a syscall */
 } __attribute__((aligned(16))) TaskState;
 
 extern char *exec_path;
@@ -192,10 +194,10 @@ abi_long memcpy_to_target(abi_ulong dest, const void *src,
 void target_set_brk(abi_ulong new_brk);
 abi_long do_brk(abi_ulong new_brk);
 void syscall_init(void);
-abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
-                    abi_long arg2, abi_long arg3, abi_long arg4,
-                    abi_long arg5, abi_long arg6, abi_long arg7,
-                    abi_long arg8);
+abi_long do_syscall(void *cpu_env, int num, abi_ulong arg1,
+                    abi_ulong arg2, abi_ulong arg3, abi_ulong arg4,
+                    abi_ulong arg5, abi_ulong arg6, abi_ulong arg7,
+                    abi_ulong arg8);
 void gemu_log(const char *fmt, ...) GCC_FMT_ATTR(1, 2);
 extern THREAD CPUArchState *thread_env;
 void cpu_loop(CPUArchState *env);
@@ -203,6 +205,7 @@ char *target_strerror(int err);
 int get_osversion(void);
 void fork_start(void);
 void fork_end(int child);
+int syscall_restartable(int syscall_nr);
 
 /* Creates the initial guest address space in the host memory space using
  * the given host start address hint and size.  The guest_start parameter

linux-user/signal.c

@@ -25,6 +25,7 @@
 #include <assert.h>
 #include <sys/ucontext.h>
 #include <sys/resource.h>
+#include <sched.h>
 
 #include "qemu.h"
 #include "qemu-common.h"
@@ -373,6 +374,10 @@ static void QEMU_NORETURN force_sig(int target_sig)
     host_sig = target_to_host_signal(target_sig);
     gdb_signalled(thread_env, target_sig);
 
+    if (target_sig == 6) {
+        goto no_core;
+    }
+
     /* dump core if supported by target binary format */
     if (core_dump_signal(target_sig) && (ts->bprm->core_dump != NULL)) {
         stop_all_tasks();
@@ -390,6 +395,8 @@ static void QEMU_NORETURN force_sig(int target_sig)
             target_sig, strsignal(host_sig), "core dumped" );
     }
 
+no_core:
+
     /* The proper exit code for dying from an uncaught signal is
      * -<signal>.  The kernel doesn't allow exit() or _exit() to pass
      * a negative value.  To get the proper exit code we need to
@@ -475,6 +482,11 @@ int queue_signal(CPUArchState *env, int sig, target_siginfo_t *info)
         k->pending = 1;
         /* signal that a new signal is pending */
         ts->signal_pending = 1;
+        /* check if we have to restart the current syscall */
+        if ((sigact_table[sig - 1].sa_flags & SA_RESTART) &&
+            ts->signal_in_syscall) {
+            ts->signal_restart = 1;
+        }
         return 1; /* indicates that the signal was queued */
     }
 }
@@ -615,8 +627,24 @@ int do_sigaction(int sig, const struct target_sigaction *act,
         if (host_sig != SIGSEGV && host_sig != SIGBUS) {
             sigfillset(&act1.sa_mask);
             act1.sa_flags = SA_SIGINFO;
+#ifdef TARGET_ARM
+            /* Breaks boehm-gc, we have to do this manually */
+            /*
+             * Unfortunately our hacks only work as long as we don't do parallel
+             * signal delivery and futexes, so let's do a dirty hack here to
+             * pin our guest process to a single host CPU if we're using the
+             * boehm-gc.
+             */
+            if ((k->sa_flags & TARGET_SA_RESTART) && host_sig == SIGPWR) {
+                cpu_set_t mask;
+                CPU_ZERO(&mask);
+                CPU_SET(0, &mask);
+                sched_setaffinity(0, sizeof(mask), &mask);
+            }
+#else
             if (k->sa_flags & TARGET_SA_RESTART)
                 act1.sa_flags |= SA_RESTART;
+#endif
             /* NOTE: it is important to update the host kernel signal
                ignore state to avoid getting unexpected interrupted
                syscalls */

linux-user/syscall.c

@@ -3252,6 +3252,11 @@ static abi_long do_ioctl_fs_ioc_fiemap(const IOCTLEntry *ie, uint8_t *buf_temp,
     uint32_t outbufsz;
     int free_fm = 0;
 
+    if (1) {
+        /* XXX agraf: fiemap breaks for me */
+        return -TARGET_EINVAL;
+    }
+
     assert(arg_type[0] == TYPE_PTR);
     assert(ie->access == IOC_RW);
     arg_type++;
@@ -3634,6 +3639,13 @@ out:
     return ret;
 }
 
+static abi_long do_ioctl_fail(const IOCTLEntry *ie, uint8_t *buf_temp, int fd,
+                              abi_long cmd, abi_long arg)
+{
+    /* Fail silently */
+    return -EINVAL;
+}
+
 static IOCTLEntry ioctl_entries[] = {
 #define IOCTL(cmd, access, ...) \
     { TARGET_ ## cmd, cmd, #cmd, access, 0, {  __VA_ARGS__ } },
@@ -3657,7 +3669,12 @@ static abi_long do_ioctl(int fd, abi_long cmd, abi_long arg)
     ie = ioctl_entries;
     for(;;) {
         if (ie->target_cmd == 0) {
-            gemu_log("Unsupported ioctl: cmd=0x%04lx\n", (long)cmd);
+	    int i;
+            gemu_log("Unsupported ioctl: cmd=0x%04lx (%x)\n", (unsigned long)cmd, (unsigned int)(cmd & (TARGET_IOC_SIZEMASK << TARGET_IOC_SIZESHIFT)) >> TARGET_IOC_SIZESHIFT);
+            for (i = 0; ioctl_entries[i].target_cmd; i++) {
+		if ((ioctl_entries[i].target_cmd & ~(TARGET_IOC_SIZEMASK << TARGET_IOC_SIZESHIFT)) == (cmd & ~(TARGET_IOC_SIZEMASK << TARGET_IOC_SIZESHIFT)))
+		    gemu_log("%p\t->\t%s (%x)\n", (void *)(unsigned long)ioctl_entries[i].host_cmd, ioctl_entries[i].name, (ioctl_entries[i].target_cmd & (TARGET_IOC_SIZEMASK << TARGET_IOC_SIZESHIFT)) >> TARGET_IOC_SIZESHIFT);
+	    }
             return -TARGET_ENOSYS;
         }
         if (ie->target_cmd == cmd)
@@ -3686,6 +3703,11 @@ static abi_long do_ioctl(int fd, abi_long cmd, abi_long arg)
         arg_type++;
         target_size = thunk_type_size(arg_type, 0);
         switch(ie->access) {
+	/* FIXME: actually the direction given in the ioctl should be
+	 * correct so we can assume the communication is uni-directional.
+	 * The alsa developers did not like this concept though and
+	 * declared ioctls IOC_R and IOC_W even though they were IOC_RW.*/
+/*
         case IOC_R:
             ret = get_errno(ioctl(fd, ie->host_cmd, buf_temp));
             if (!is_error(ret)) {
@@ -3704,6 +3726,7 @@ static abi_long do_ioctl(int fd, abi_long cmd, abi_long arg)
             unlock_user(argptr, arg, 0);
             ret = get_errno(ioctl(fd, ie->host_cmd, buf_temp));
             break;
+*/
         default:
         case IOC_RW:
             argptr = lock_user(VERIFY_READ, arg, target_size, 1);
@@ -4334,6 +4357,15 @@ static int do_fork(CPUArchState *env, unsigned int flags, abi_ulong newsp,
         if (nptl_flags & CLONE_SETTLS)
             cpu_set_tls (new_env, newtls);
 
+        /* agraf: Pin ourselves to a single CPU when running multi-threaded.
+           This turned out to improve stability for me. */
+        {
+            cpu_set_t mask;
+            CPU_ZERO(&mask);
+            CPU_SET(0, &mask);
+            sched_setaffinity(0, sizeof(mask), &mask);
+        }
+
         /* Grab a mutex so that thread setup appears atomic.  */
         pthread_mutex_lock(&clone_lock);
 
@@ -4964,8 +4996,8 @@ static int open_self_maps(void *cpu_env, int fd)
 #if defined(TARGET_ARM) || defined(TARGET_M68K) || defined(TARGET_UNICORE32)
     dprintf(fd, "%08llx-%08llx rw-p %08llx 00:00 0          [stack]\n",
                 (unsigned long long)ts->info->stack_limit,
-                (unsigned long long)(ts->stack_base + (TARGET_PAGE_SIZE - 1))
-                                     & TARGET_PAGE_MASK,
+                (unsigned long long)(ts->info->start_stack +
+                                     (TARGET_PAGE_SIZE - 1)) & TARGET_PAGE_MASK,
                 (unsigned long long)0);
 #endif
 
@@ -5008,6 +5040,25 @@ static int open_self_stat(void *cpu_env, int fd)
     return 0;
 }
 
+static int open_cpuinfo(void *cpu_env, int fd)
+{
+    dprintf(fd,
+"Processor       : ARMv7 Processor rev 5 (v7l)\n"
+"BogoMIPS        : 799.53\n"
+"Features        : swp half thumb fastmult vfp edsp thumbee neon vfpv3\n"
+"CPU implementer : 0x41\n"
+"CPU architecture: 7\n"
+"CPU variant     : 0x2\n"
+"CPU part        : 0xc08\n"
+"CPU revision    : 5\n"
+"\n"
+"Hardware        : Genesi Efika MX (Smarttop)\n"
+"Revision        : 51030\n"
+"Serial          : 0000000000000000\n");
+
+    return 0;
+}
+
 static int open_self_auxv(void *cpu_env, int fd)
 {
     TaskState *ts = ((CPUArchState *)cpu_env)->opaque;
@@ -5048,6 +5099,7 @@ static int do_open(void *cpu_env, const char *pathname, int flags, mode_t mode)
         { "/proc/self/maps", open_self_maps },
         { "/proc/self/stat", open_self_stat },
         { "/proc/self/auxv", open_self_auxv },
+        { "/proc/cpuinfo", open_cpuinfo },
         { NULL, NULL }
     };
 
@@ -5086,18 +5138,105 @@ static int do_open(void *cpu_env, const char *pathname, int flags, mode_t mode)
     return get_errno(open(path(pathname), flags, mode));
 }
 
+int syscall_restartable(int syscall_nr)
+{
+    switch (syscall_nr) {
+#ifdef TARGET_NR_sigsuspend
+    case TARGET_NR_sigsuspend:
+#endif
+#ifdef TARGET_NR_pause
+    case TARGET_NR_pause:
+#endif
+#ifdef TARGET_NR_setsockopt
+    case TARGET_NR_setsockopt:
+#endif
+#ifdef TARGET_NR_accept
+    case TARGET_NR_accept:
+#endif
+#ifdef TARGET_NR_recv
+    case TARGET_NR_recv:
+#endif
+#ifdef TARGET_NR_recvfrom
+    case TARGET_NR_recvfrom:
+#endif
+#ifdef TARGET_NR_recvmsg
+    case TARGET_NR_recvmsg:
+#endif
+#ifdef TARGET_NR_socketcall
+    case TARGET_NR_socketcall:
+#endif
+#ifdef TARGET_NR_connect
+    case TARGET_NR_connect:
+#endif
+#ifdef TARGET_NR_send
+    case TARGET_NR_send:
+#endif
+#ifdef TARGET_NR_sendmsg
+    case TARGET_NR_sendmsg:
+#endif
+#ifdef TARGET_NR_sendto
+    case TARGET_NR_sendto:
+#endif
+#ifdef TARGET_NR_poll
+    case TARGET_NR_poll:
+#endif
+#ifdef TARGET_NR_ppoll
+    case TARGET_NR_ppoll:
+#endif
+#if defined(TARGET_NR_select)
+    case TARGET_NR_select:
+#endif
+#ifdef TARGET_NR_pselect6
+    case TARGET_NR_pselect6:
+#endif
+#ifdef TARGET_NR__newselect
+    case TARGET_NR__newselect:
+#endif
+#ifdef TARGET_NR_msgrcv
+    case TARGET_NR_msgrcv:
+#endif
+#ifdef TARGET_NR_msgsnd
+    case TARGET_NR_msgsnd:
+#endif
+#ifdef TARGET_NR_semop
+    case TARGET_NR_semop:
+#endif
+#ifdef TARGET_NR_ipc
+    case TARGET_NR_ipc:
+#endif
+#ifdef TARGET_NR_clock_nanosleep
+    case TARGET_NR_clock_nanosleep:
+#endif
+    case TARGET_NR_rt_sigsuspend:
+    case TARGET_NR_rt_sigtimedwait:
+    case TARGET_NR_nanosleep:
+    case TARGET_NR_close:
+        /* can not be restarted */
+        return 0;
+    }
+
+    /* every other syscall can be restarted */
+    return 1;
+}
+
 /* do_syscall() should always have a single exit point at the end so
    that actions, such as logging of syscall results, can be performed.
    All errnos that do_syscall() returns must be -TARGET_<errcode>. */
-abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
-                    abi_long arg2, abi_long arg3, abi_long arg4,
-                    abi_long arg5, abi_long arg6, abi_long arg7,
-                    abi_long arg8)
+abi_long do_syscall(void *cpu_env, int num, abi_ulong arg1,
+                    abi_ulong arg2, abi_ulong arg3, abi_ulong arg4,
+                    abi_ulong arg5, abi_ulong arg6, abi_ulong arg7,
+                    abi_ulong arg8)
 {
     abi_long ret;
     struct stat st;
     struct statfs stfs;
     void *p;
+    TaskState *ts = ((CPUArchState*)cpu_env)->opaque;
+
+    if (!ts->signal_restart) {
+        /* remember syscall info for restart */
+        ts->signal_in_syscall = 1;
+    }
 
 #ifdef DEBUG
     gemu_log("syscall %d", num);
@@ -6150,6 +6289,8 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
     case TARGET_NR_gettimeofday:
         {
             struct timeval tv;
+            if(copy_from_user_timeval(&tv, arg1))
+		goto efault;
             ret = get_errno(gettimeofday(&tv, NULL));
             if (!is_error(ret)) {
                 if (copy_to_user_timeval(arg1, &tv))
@@ -6531,6 +6672,12 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
             __put_user(stfs.f_fsid.__val[0], &target_stfs->f_fsid.val[0]);
             __put_user(stfs.f_fsid.__val[1], &target_stfs->f_fsid.val[1]);
             __put_user(stfs.f_namelen, &target_stfs->f_namelen);
+            __put_user(stfs.f_frsize, &target_stfs->f_frsize);
+            __put_user(0, &target_stfs->f_spare[0]);
+            __put_user(0, &target_stfs->f_spare[1]);
+            __put_user(0, &target_stfs->f_spare[2]);
+            __put_user(0, &target_stfs->f_spare[3]);
+            __put_user(0, &target_stfs->f_spare[4]);
             unlock_user_struct(target_stfs, arg2, 1);
         }
         break;
@@ -6559,6 +6706,12 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
             __put_user(stfs.f_fsid.__val[0], &target_stfs->f_fsid.val[0]);
             __put_user(stfs.f_fsid.__val[1], &target_stfs->f_fsid.val[1]);
             __put_user(stfs.f_namelen, &target_stfs->f_namelen);
+            __put_user(stfs.f_frsize, &target_stfs->f_frsize);
+            __put_user(0, &target_stfs->f_spare[0]);
+            __put_user(0, &target_stfs->f_spare[1]);
+            __put_user(0, &target_stfs->f_spare[2]);
+            __put_user(0, &target_stfs->f_spare[3]);
+            __put_user(0, &target_stfs->f_spare[4]);
             unlock_user_struct(target_stfs, arg3, 1);
         }
         break;
@@ -7436,7 +7589,7 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
         unlock_user(p, arg1, ret);
         break;
     case TARGET_NR_capget:
-        goto unimplemented;
+        goto unimplemented_nowarn;
     case TARGET_NR_capset:
         goto unimplemented;
     case TARGET_NR_sigaltstack:
@@ -8094,7 +8247,7 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
 	cmd = target_to_host_fcntl_cmd(arg2);
         if (cmd == -TARGET_EINVAL) {
             ret = cmd;
-            break;
+            goto fail;
         }
 
         switch(arg2) {
@@ -8455,6 +8608,11 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
         break;
 #endif
 
+#if defined(TARGET_NR_timer_create)
+    case TARGET_NR_timer_create:
+	goto unimplemented_nowarn;
+#endif
+
 #if defined(TARGET_NR_tkill) && defined(__NR_tkill)
     case TARGET_NR_tkill:
         ret = get_errno(sys_tkill((int)arg1, target_to_host_signal(arg2)));
@@ -8839,6 +8997,7 @@ fail:
 #endif
     if(do_strace)
         print_syscall_ret(num, ret);
+    ts->signal_in_syscall = 0;
     return ret;
 efault:
     ret = -TARGET_EFAULT;

linux-user/syscall_defs.h

@@ -885,6 +885,12 @@ struct target_pollfd {
 #define TARGET_BLKGETSIZE64 TARGET_IOR(0x12,114,abi_ulong)
                                              /* return device size in bytes
                                                 (u64 *arg) */
+#define TARGET_BLKDISCARD TARGET_IO(0x12,119)
+#define TARGET_BLKIOMIN TARGET_IO(0x12,120)
+#define TARGET_BLKIOOPT TARGET_IO(0x12,121)
+#define TARGET_BLKALIGNOFF TARGET_IO(0x12,122)
+#define TARGET_BLKPBSZGET TARGET_IO(0x12,123)
+#define TARGET_BLKDISCARDZEROES TARGET_IO(0x12,124)
 #define TARGET_FIBMAP     TARGET_IO(0x00,1)  /* bmap access */
 #define TARGET_FIGETBSZ   TARGET_IO(0x00,2)  /* get the block size used for bmap */
 #define TARGET_FS_IOC_FIEMAP TARGET_IOWR('f',11,struct fiemap)
@@ -1016,6 +1022,7 @@ struct target_pollfd {
 #define TARGET_LOOP_SET_STATUS64      0x4C04
 #define TARGET_LOOP_GET_STATUS64      0x4C05
 #define TARGET_LOOP_CHANGE_FD         0x4C06
+#define TARGET_LOOP_BOGUS_CMD         0x4C82
 
 /* fb ioctls */
 #define TARGET_FBIOGET_VSCREENINFO    0x4600
@@ -2343,6 +2350,9 @@ struct target_eabi_flock64 {
 #define TARGET_MTIOCGET        TARGET_IOR('m', 2, struct mtget)
 #define TARGET_MTIOCPOS        TARGET_IOR('m', 3, struct mtpos)
 
+#define TARGET_FS_IOC_GETFLAGS TARGET_IORU('f', 1)
+#define TARGET_FS_IOC_SETFLAGS TARGET_IOWU('f', 2)
+
 struct target_sysinfo {
     abi_long uptime;                /* Seconds since boot */
     abi_ulong loads[3];             /* 1, 5, and 15 minute load averages */
@@ -2425,3 +2435,5 @@ struct target_ucred {
     uint32_t uid;
     uint32_t gid;
 };
+
+#include "ioctls_alsa_structs.h"

linux-user/syscall_types.h

@@ -71,6 +71,9 @@ STRUCT(kbentry,
 STRUCT(kbsentry,
        TYPE_CHAR, MK_ARRAY(TYPE_CHAR, 512))
 
+STRUCT(blkdiscard,
+       MK_ARRAY(TYPE_LONGLONG, 2))
+
 STRUCT(audio_buf_info,
        TYPE_INT, TYPE_INT, TYPE_INT, TYPE_INT)
 
@@ -83,6 +86,11 @@ STRUCT(buffmem_desc,
 STRUCT(mixer_info,
        MK_ARRAY(TYPE_CHAR, 16), MK_ARRAY(TYPE_CHAR, 32), TYPE_INT, MK_ARRAY(TYPE_INT, 10))
 
+/* FIXME: including these on x86 / x86_64 breaks qemu-i386 */
+#ifdef __powerpc__
+#include "syscall_types_alsa.h"
+#endif
+
 /* loop device ioctls */
 STRUCT(loop_info,
        TYPE_INT,                 /* lo_number */

qemu-img.c

@@ -665,7 +665,7 @@ static int img_convert(int argc, char **argv)
     const uint8_t *buf1;
     BlockDriverInfo bdi;
     QEMUOptionParameter *param = NULL, *create_options = NULL;
-    QEMUOptionParameter *out_baseimg_param;
+    QEMUOptionParameter *out_baseimg_param, *scsi;
     char *options = NULL;
     const char *snapshot_name = NULL;
     float local_progress;
@@ -858,6 +858,12 @@ static int img_convert(int argc, char **argv)
         }
     }
 
+    if ((scsi = get_option_parameter(param, BLOCK_OPT_SCSI)) && scsi->value.n && strcmp(drv->format_name, "vmdk")) {
+        error_report("SCSI devices not supported for this file format");
+        ret = -1;
+        goto out;
+    }
+
     /* Create the new image */
     ret = bdrv_create(drv, out_filename, param);
     if (ret < 0) {

qemu-lock.h

@@ -24,6 +24,12 @@
 #include <pthread.h>
 #define spin_lock pthread_mutex_lock
 #define spin_unlock pthread_mutex_unlock
+static inline void spin_unlock_safe(pthread_mutex_t *lock)
+{
+    /* unlocking an unlocked mutex results in undefined behavior */
+    pthread_mutex_trylock(lock);
+    pthread_mutex_unlock(lock);
+}
 #define spinlock_t pthread_mutex_t
 #define SPIN_LOCK_UNLOCKED PTHREAD_MUTEX_INITIALIZER
 
@@ -46,4 +52,8 @@ static inline void spin_unlock(spinlock_t *lock)
 {
 }
 
+static inline void spin_unlock_safe(spinlock_t *lock)
+{
+}
+
 #endif

qemu-options.hx

@@ -1196,6 +1196,15 @@ STEXI
 Disable HPET support.
 ETEXI
 
+DEF("no-stopflag", 0, QEMU_OPTION_no_stopflag,
+    "-no-stopflag   use old behaviour, not inline stopflag checks\n", QEMU_ARCH_ALL)
+STEXI
+@item -no-stopflag
+@findex -no-stopflag
+Implement cpu-exit by the old tb link breaking method rather than inline checks
+(this is slightly faster but racy!)
+ETEXI
+
 DEF("acpitable", HAS_ARG, QEMU_OPTION_acpitable,
     "-acpitable [sig=str][,rev=n][,oem_id=str][,oem_table_id=str][,oem_rev=n][,asl_compiler_id=str][,asl_compiler_rev=n][,{data|file}=file1[:file2]...]\n"
     "                ACPI table description\n", QEMU_ARCH_I386)
@@ -2319,6 +2328,16 @@ Store the QEMU process PID in @var{file}. It is useful if you launch QEMU
 from a script.
 ETEXI
 
+DEF("nooutgoing", HAS_ARG, QEMU_OPTION_nooutgoing, \
+    "-nooutgoing <IP>\n" \
+    "                incoming traffic only from IP, no outgoing\n", \
+    QEMU_ARCH_ALL)
+STEXI
+@item -nooutgoing
+Forbid userspace networking to make outgoing connections. Only accept incoming
+connections from ip address IP.
+ETEXI
+
 DEF("singlestep", 0, QEMU_OPTION_singlestep, \
     "-singlestep     always run in singlestep mode\n", QEMU_ARCH_ALL)
 STEXI

scripts/qemu-binfmt-conf.sh

@@ -27,43 +27,46 @@ case "$cpu" in
   armv[4-9]*)
     cpu="arm"
   ;;
+  sparc*)
+    cpu="sparc"
+  ;;
 esac
 
 # register the interpreter for each cpu except for the native one
 if [ $cpu != "i386" ] ; then
-    echo ':i386:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x03\x00:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/local/bin/qemu-i386:' > /proc/sys/fs/binfmt_misc/register
-    echo ':i486:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x06\x00:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/local/bin/qemu-i386:' > /proc/sys/fs/binfmt_misc/register
+    echo ':i386:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x03\x00:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-i386-binfmt:P' > /proc/sys/fs/binfmt_misc/register
+    echo ':i486:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x06\x00:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-i386-binfmt:P' > /proc/sys/fs/binfmt_misc/register
 fi
 if [ $cpu != "alpha" ] ; then
-    echo ':alpha:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x26\x90:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/local/bin/qemu-alpha:' > /proc/sys/fs/binfmt_misc/register
+    echo ':alpha:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x26\x90:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-alpha-binfmt:P' > /proc/sys/fs/binfmt_misc/register
 fi
 if [ $cpu != "arm" ] ; then
-    echo   ':arm:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/local/bin/qemu-arm:' > /proc/sys/fs/binfmt_misc/register
-    echo   ':armeb:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/local/bin/qemu-armeb:' > /proc/sys/fs/binfmt_misc/register
+    echo   ':arm:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-arm-binfmt:P' > /proc/sys/fs/binfmt_misc/register
+    echo   ':armeb:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-armeb-binfmt:P' > /proc/sys/fs/binfmt_misc/register
 fi
 if [ $cpu != "sparc" ] ; then
-    echo   ':sparc:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/local/bin/qemu-sparc:' > /proc/sys/fs/binfmt_misc/register
+    echo   ':sparc:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x02:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-sparc-binfmt:P' > /proc/sys/fs/binfmt_misc/register
 fi
 if [ $cpu != "ppc" ] ; then
-    echo   ':ppc:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x14:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/local/bin/qemu-ppc:' > /proc/sys/fs/binfmt_misc/register
+    echo   ':ppc:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x14:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-ppc-binfmt:P' > /proc/sys/fs/binfmt_misc/register
 fi
 if [ $cpu != "m68k" ] ; then
     echo   'Please check cpu value and header information for m68k!'
-    echo   ':m68k:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x04:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/local/bin/qemu-m68k:' > /proc/sys/fs/binfmt_misc/register
+    echo   ':m68k:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x04:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-m68k-binfmt:P' > /proc/sys/fs/binfmt_misc/register
 fi
 if [ $cpu != "mips" ] ; then
     # FIXME: We could use the other endianness on a MIPS host.
-    echo   ':mips:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/local/bin/qemu-mips:' > /proc/sys/fs/binfmt_misc/register
-    echo   ':mipsel:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/local/bin/qemu-mipsel:' > /proc/sys/fs/binfmt_misc/register
-    echo   ':mipsn32:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/local/bin/qemu-mipsn32:' > /proc/sys/fs/binfmt_misc/register
-    echo   ':mipsn32el:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/local/bin/qemu-mipsn32el:' > /proc/sys/fs/binfmt_misc/register
-    echo   ':mips64:M::\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/local/bin/qemu-mips64:' > /proc/sys/fs/binfmt_misc/register
-    echo   ':mips64el:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/local/bin/qemu-mips64el:' > /proc/sys/fs/binfmt_misc/register
+    echo   ':mips:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mips-binfmt:P' > /proc/sys/fs/binfmt_misc/register
+    echo   ':mipsel:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mipsel-binfmt:P' > /proc/sys/fs/binfmt_misc/register
+    echo   ':mipsn32:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mipsn32-binfmt:P' > /proc/sys/fs/binfmt_misc/register
+    echo   ':mipsn32el:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mipsn32el-binfmt:P' > /proc/sys/fs/binfmt_misc/register
+    echo   ':mips64:M::\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-mips64-binfmt:P' > /proc/sys/fs/binfmt_misc/register
+    echo   ':mips64el:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x08\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-mips64el-binfmt:P' > /proc/sys/fs/binfmt_misc/register
 fi
 if [ $cpu != "sh" ] ; then
-    echo    ':sh4:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x2a\x00:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/local/bin/qemu-sh4:' > /proc/sys/fs/binfmt_misc/register
-    echo    ':sh4eb:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x2a:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/local/bin/qemu-sh4eb:' > /proc/sys/fs/binfmt_misc/register
+    echo    ':sh4:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x2a\x00:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-sh4-binfmt:P' > /proc/sys/fs/binfmt_misc/register
+    echo    ':sh4eb:M::\x7fELF\x01\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x2a:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-sh4eb-binfmt:P' > /proc/sys/fs/binfmt_misc/register
 fi
 if [ $cpu != "s390x" ] ; then
-    echo   ':s390x:M::\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x16:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/local/bin/qemu-s390x:' > /proc/sys/fs/binfmt_misc/register
+    echo   ':s390x:M::\x7fELF\x02\x02\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x16:\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff:/usr/bin/qemu-s390x-binfmt:P' > /proc/sys/fs/binfmt_misc/register
 fi

slirp/socket.c

@@ -531,6 +531,8 @@ sorecvfrom(struct socket *so)
 	} /* if ping packet */
 }
 
+extern int slirp_nooutgoing;
+
 /*
  * sendto() a socket
  */
@@ -561,6 +563,12 @@ sosendto(struct socket *so, struct mbuf *m)
 
 	DEBUG_MISC((dfd, " sendto()ing, addr.sin_port=%d, addr.sin_addr.s_addr=%.16s\n", ntohs(addr.sin_port), inet_ntoa(addr.sin_addr)));
 
+	/* Only allow DNS requests */
+	if (slirp_nooutgoing && ntohs(addr.sin_port) != 53) {
+		errno = EHOSTUNREACH;
+		return -1;
+	}
+
 	/* Don't care what port we get */
 	ret = sendto(so->s, m->m_data, m->m_len, 0,
 		     (struct sockaddr *)&addr, sizeof (struct sockaddr));

slirp/tcp_subr.c

@@ -324,6 +324,9 @@ tcp_sockclosed(struct tcpcb *tp)
  * nonblocking.  Connect returns after the SYN is sent, and does
  * not wait for ACK+SYN.
  */
+
+extern int slirp_nooutgoing;
+
 int tcp_fconnect(struct socket *so)
 {
   Slirp *slirp = so->slirp;
@@ -332,6 +335,11 @@ int tcp_fconnect(struct socket *so)
   DEBUG_CALL("tcp_fconnect");
   DEBUG_ARG("so = %lx", (long )so);
 
+  if (slirp_nooutgoing) {
+    errno = EHOSTUNREACH;
+    return -1;
+  }
+
   if( (ret = so->s = qemu_socket(AF_INET,SOCK_STREAM,0)) >= 0) {
     int opt, s=so->s;
     struct sockaddr_in addr;
@@ -424,6 +432,13 @@ tcp_connect(struct socket *inso)
 		tcp_close(sototcpcb(so)); /* This will sofree() as well */
 		return;
 	}
+
+	if (slirp_nooutgoing && addr.sin_addr.s_addr != slirp_nooutgoing) {
+		tcp_close(sototcpcb(so)); /* This will sofree() as well */
+		close(s);
+		return;
+	}
+
 	socket_set_nonblock(s);
 	opt = 1;
 	setsockopt(s,SOL_SOCKET,SO_REUSEADDR,(char *)&opt,sizeof(int));
@@ -434,6 +449,7 @@ tcp_connect(struct socket *inso)
 
 	so->so_fport = addr.sin_port;
 	so->so_faddr = addr.sin_addr;
+
 	/* Translate connections from localhost to the real hostname */
         if (so->so_faddr.s_addr == 0 ||
             (so->so_faddr.s_addr & loopback_mask) ==

target-arm/cpu.c

@@ -124,7 +124,11 @@ static void arm_cpu_reset(CPUState *s)
      * bake assumptions about into translated code, so we need to
      * tb_flush().
      */
+#if !defined(CONFIG_USER_ONLY)
+    /* XXX hack alert! automoc4 segaults after spawning a new thread with this
+           flush enabled */
     tb_flush(env);
+#endif
 }
 
 static inline void set_feature(CPUARMState *env, int feature)

tcg/tcg.c

@@ -40,6 +40,8 @@
 #include "cache-utils.h"
 #include "host-utils.h"
 #include "qemu-timer.h"
+#include "config-host.h"
+#include "qemu-thread.h"
 
 /* Note: the long term plan is to reduce the dependancies on the QEMU
    CPU definitions. Currently they are used for qemu_ld/st
@@ -105,6 +107,29 @@ static TCGRegSet tcg_target_call_clobber_regs;
 uint16_t *gen_opc_ptr;
 TCGArg *gen_opparam_ptr;
 
+#ifdef CONFIG_USER_ONLY
+static __thread int tcg_lock_count;
+#endif
+void tcg_lock(void)
+{
+#ifdef CONFIG_USER_ONLY
+    TCGContext *s = &tcg_ctx;
+    if (tcg_lock_count++ == 0) {
+        qemu_mutex_lock(&s->lock);
+    }
+#endif
+}
+
+void tcg_unlock(void)
+{
+#ifdef CONFIG_USER_ONLY
+    TCGContext *s = &tcg_ctx;
+    if (--tcg_lock_count == 0) {
+        qemu_mutex_unlock(&s->lock);
+    }
+#endif
+}
+
 static inline void tcg_out8(TCGContext *s, uint8_t v)
 {
     *s->code_ptr++ = v;
@@ -245,7 +270,8 @@ void tcg_context_init(TCGContext *s)
     memset(s, 0, sizeof(*s));
     s->temps = s->static_temps;
     s->nb_globals = 0;
-    
+    qemu_mutex_init(&s->lock);
+
     /* Count total number of arguments and allocate the corresponding
        space */
     total_args = 0;
@@ -2188,11 +2214,13 @@ int tcg_gen_code(TCGContext *s, uint8_t *gen_code_buf)
     }
 #endif
 
+    tcg_lock();
     tcg_gen_code_common(s, gen_code_buf, -1);
 
     /* flush instruction cache */
     flush_icache_range((tcg_target_ulong)gen_code_buf,
                        (tcg_target_ulong)s->code_ptr);
+    tcg_unlock();
 
     return s->code_ptr -  gen_code_buf;
 }
@@ -2203,7 +2231,11 @@ int tcg_gen_code(TCGContext *s, uint8_t *gen_code_buf)
    Return -1 if not found. */
 int tcg_gen_code_search_pc(TCGContext *s, uint8_t *gen_code_buf, long offset)
 {
-    return tcg_gen_code_common(s, gen_code_buf, offset);
+    int r;
+    tcg_lock();
+    r = tcg_gen_code_common(s, gen_code_buf, offset);
+    tcg_unlock();
+    return r;
 }
 
 #ifdef CONFIG_PROFILER

tcg/tcg.h

@@ -46,6 +46,8 @@ typedef uint64_t tcg_target_ulong;
 #error unsupported
 #endif
 
+#include "config-host.h"
+#include "qemu-thread.h"
 #include "tcg-target.h"
 #include "tcg-runtime.h"
 
@@ -389,6 +391,7 @@ struct TCGContext {
 #ifdef CONFIG_DEBUG_TCG
     int temps_in_use;
 #endif
+    QemuMutex lock;
 };
 
 extern TCGContext tcg_ctx;
@@ -568,6 +571,9 @@ void tcg_gen_shifti_i64(TCGv_i64 ret, TCGv_i64 arg1,
 TCGArg *tcg_optimize(TCGContext *s, uint16_t *tcg_opc_ptr, TCGArg *args,
                      TCGOpDef *tcg_op_def);
 
+extern void tcg_lock(void);
+extern void tcg_unlock(void);
+
 /* only used for debugging purposes */
 void tcg_register_helper(void *func, const char *name);
 const char *tcg_helper_get_name(TCGContext *s, void *func);

thunk.c

@@ -41,6 +41,7 @@ static inline const argtype *thunk_type_next(const argtype *type_ptr)
     case TYPE_CHAR:
     case TYPE_SHORT:
     case TYPE_INT:
+    case TYPE_INTBITFIELD:
     case TYPE_LONGLONG:
     case TYPE_ULONGLONG:
     case TYPE_LONG:
@@ -140,6 +141,26 @@ const argtype *thunk_convert(void *dst, const void *src,
     case TYPE_INT:
         *(uint32_t *)dst = tswap32(*(uint32_t *)src);
         break;
+    case TYPE_INTBITFIELD:
+#if defined(TARGET_I386) && defined(__powerpc__)
+        /* powerpc uses the MSB, whereas i386 uses the LSB
+         * to store the first bit in a field */
+        {
+	    unsigned char byte = *(uint8_t *)src;
+            *(uint8_t *)dst  = ((byte >> 7) & 1)
+		             | ((byte >> 5) & 2)
+			     | ((byte >> 3) & 4)
+			     | ((byte >> 1) & 8)
+			     | ((byte << 1) & 16)
+			     | ((byte << 3) & 32)
+			     | ((byte << 5) & 64)
+			     | ((byte << 7) & 128);
+	    /* FIXME: implement for bitfields > 1 byte and other archs */
+        }
+#else
+        *(uint32_t *)dst = tswap32(*(uint32_t *)src);
+#endif
+	break;
     case TYPE_LONGLONG:
     case TYPE_ULONGLONG:
         *(uint64_t *)dst = tswap64(*(uint64_t *)src);

thunk.h

@@ -38,6 +38,7 @@ typedef enum argtype {
     TYPE_ARRAY,
     TYPE_STRUCT,
     TYPE_OLDDEVT,
+    TYPE_INTBITFIELD,
 } argtype;
 
 #define MK_PTR(type) TYPE_PTR, type
@@ -91,6 +92,7 @@ static inline int thunk_type_size(const argtype *type_ptr, int is_host)
     case TYPE_SHORT:
         return 2;
     case TYPE_INT:
+    case TYPE_INTBITFIELD:
         return 4;
     case TYPE_LONGLONG:
     case TYPE_ULONGLONG:
@@ -153,6 +155,7 @@ static inline int thunk_type_align(const argtype *type_ptr, int is_host)
     case TYPE_SHORT:
         return 2;
     case TYPE_INT:
+    case TYPE_INTBITFIELD:
         return 4;
     case TYPE_LONGLONG:
     case TYPE_ULONGLONG:

ui/vnc.c

@@ -45,6 +45,7 @@ static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
 
 static VncDisplay *vnc_display; /* needed for info vnc */
 static DisplayChangeListener *dcl;
+static int allowed_connections = 0;
 
 static int vnc_cursor_define(VncState *vs);
 static void vnc_release_modifiers(VncState *vs);
@@ -1018,6 +1019,7 @@ static void vnc_disconnect_start(VncState *vs)
 static void vnc_disconnect_finish(VncState *vs)
 {
     int i;
+    static int num_disconnects = 0;
 
     vnc_jobs_join(vs); /* Wait encoding jobs */
 
@@ -1063,6 +1065,13 @@ static void vnc_disconnect_finish(VncState *vs)
     }
     g_free(vs->lossy_rect);
     g_free(vs);
+
+    num_disconnects++;
+    if (allowed_connections > 0 && allowed_connections <= num_disconnects) {
+        VNC_DEBUG("Maximum number of disconnects (%d) reached:"
+                  " Session terminating\n", allowed_connections);
+        exit(0);
+    }
 }
 
 int vnc_client_io_error(VncState *vs, int ret, int last_errno)
@@ -2844,6 +2853,39 @@ char *vnc_display_local_addr(DisplayState *ds)
     return vnc_socket_local_addr("%s:%s", vs->lsock);
 }
 
+static void read_file_password(DisplayState *ds, char *filename)
+{
+    FILE *pfile = NULL;
+    char *passwd = NULL;
+    int start = 0, length = 0, rc = 0;
+
+    if(strlen(filename) == 0) {
+	printf("No file supplied\n");
+	return;
+    }
+
+    pfile = fopen(filename, "r");
+    if(pfile == NULL) {
+	printf("Could not read from %s\n", filename);
+	return;
+    }
+
+    start  = ftell(pfile);
+    fseek(pfile, 0L, SEEK_END);
+    length = ftell(pfile);
+    fseek(pfile, 0L, start);
+
+    passwd = malloc(length+1);
+    rc = fread(passwd, 1, length, pfile);
+    fclose(pfile);
+
+    if(rc == length && rc > 0) {
+	vnc_display_password(ds, passwd);
+    }
+
+    free(passwd);
+}
+
 int vnc_display_open(DisplayState *ds, const char *display)
 {
     VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
@@ -2876,6 +2918,9 @@ int vnc_display_open(DisplayState *ds, const char *display)
     while ((options = strchr(options, ','))) {
         options++;
         if (strncmp(options, "password", 8) == 0) {
+            char *start, *end;
+            start = strchr(options, '=');
+            end = strchr(options, ',');
             if (fips_get_state()) {
                 fprintf(stderr,
                         "VNC password auth disabled due to FIPS mode, "
@@ -2886,6 +2931,32 @@ int vnc_display_open(DisplayState *ds, const char *display)
                 return -1;
             }
             password = 1; /* Require password auth */
+            if (start && (!end || (start < end))) {
+                int len = end ? end-(start+1) : strlen(start+1);
+                char *text = g_malloc(len+1);
+                strncpy(text, start+1, len);
+                text[len] = '\0';
+                
+                if (strncmp(options, "password-file=", 14) == 0) {
+                    read_file_password(ds, text);
+                } else {
+                    vnc_display_password(ds, text);
+                } 
+            
+                free(text);
+            }
+        } else if (strncmp(options, "allowed-connections=", 20) == 0) {
+            char *start, *end;
+            start = strchr(options, '=');
+            end = strchr(options, ',');
+            if (start && (!end || (start < end))) {
+                int len = end ? end-(start+1) : strlen(start+1);
+                char *text = g_malloc(len+1);
+                strncpy(text, start+1, len);
+                text[len] = '\0';
+                VNC_DEBUG("Maximum number of disconnects: %s\n", text);
+                allowed_connections = atoi(text);
+            }
         } else if (strncmp(options, "reverse", 7) == 0) {
             reverse = 1;
         } else if (strncmp(options, "no-lock-key-sync", 16) == 0) {

user-exec.c

@@ -102,12 +102,22 @@ static inline int handle_cpu_signal(uintptr_t pc, unsigned long address,
     qemu_printf("qemu: SIGSEGV pc=0x%08lx address=%08lx w=%d oldset=0x%08lx\n",
                 pc, address, is_write, *(unsigned long *)old_set);
 #endif
+
+    /* Maybe we're still holding the TB fiddling lock? */
+    spin_unlock_safe(&tb_lock);
+
     /* XXX: locking issue */
     if (is_write && h2g_valid(address)
         && page_unprotect(h2g(address), pc, puc)) {
         return 1;
     }
 
+    if (RESERVED_VA) {
+        /* Convert forcefully to guest address space, invalid addresses
+           are still valid segv ones */
+        address = address - GUEST_BASE;
+    }
+
     /* see if it is an MMU fault */
     ret = cpu_handle_mmu_fault(cpu_single_env, address, is_write,
                                MMU_USER_IDX);

vl.c

@@ -176,6 +176,8 @@ int main(int argc, char **argv)
 
 #define MAX_VIRTIO_CONSOLES 1
 
+extern int use_stopflag;
+
 static const char *data_dir;
 const char *bios_name = NULL;
 enum vga_retrace_method vga_retrace_method = VGA_RETRACE_DUMB;
@@ -215,6 +217,7 @@ const char *vnc_display;
 int acpi_enabled = 1;
 int no_hpet = 0;
 int fd_bootchk = 1;
+int slirp_nooutgoing = 0;
 int no_reboot = 0;
 int no_shutdown = 0;
 int cursor_hide = 1;
@@ -2780,6 +2783,14 @@ int main(int argc, char **argv, char **envp)
             case QEMU_OPTION_singlestep:
                 singlestep = 1;
                 break;
+            case QEMU_OPTION_nooutgoing:
+                slirp_nooutgoing = inet_addr(optarg);
+                if (slirp_nooutgoing == INADDR_NONE) {
+                    printf("Invalid address: %s.\nOnly addresses of the format "
+                           "xxx.xxx.xxx.xxx are supported.\n", optarg);
+                    exit(1);
+                }
+                break;
             case QEMU_OPTION_S:
                 autostart = 0;
                 break;
@@ -3039,6 +3050,9 @@ int main(int argc, char **argv, char **envp)
                 qdev_prop_register_global_list(slew_lost_ticks);
                 break;
             }
+            case QEMU_OPTION_no_stopflag:
+                use_stopflag = 0;
+                break;
             case QEMU_OPTION_acpitable:
                 do_acpitable_option(optarg);
                 break;