[PULL 0/6] Linux user next patches

[PULL 0/6] Linux user next patches

[Helge Deller]

From: Helge Deller <deller@gmx.de>

The following changes since commit f5a2438405d4ae8b62de7c9b39fac0b2155ee544:

  Merge tag 'pull-qapi-2026-05-21' of https://repo.or.cz/qemu/armbru into staging (2026-05-21 09:00:22 -0400)

are available in the Git repository at:

  https://github.com/hdeller/qemu-hppa.git tags/linux-user-next-pull-request

for you to fetch changes up to 975bd51a88792cb6a3596c7127a1009bb3a17f08:

  linux-user/sh4: add VDSO support for sh4 and sh4eb (2026-05-24 15:07:28 +0200)

----------------------------------------------------------------
linux-user updates from Matt Turner

Various linux-user updates and fixes from Matt Turner regarding VDSO and
coredump support for hppa, mips, mips64, riscv and sh4.

----------------------------------------------------------------

Matt Turner (6):
  linux-user/hppa: add coredump support
  linux-user/mips64: fix elf_core_copy_regs register layout in core
    files
  linux-user/mips64: fix mipsn32 elf_core_copy_regs entry width
  linux-user/mips: use tswap32 in elf_core_copy_regs
  linux-user/riscv: add coredump support
  linux-user/sh4: add VDSO support for sh4 and sh4eb

 linux-user/hppa/elfload.c       |  13 +++
 linux-user/hppa/target_elf.h    |  21 +++++
 linux-user/mips/elfload.c       |  16 ++--
 linux-user/mips64/elfload.c     |  44 ++++++++++
 linux-user/riscv/elfload.c      |   9 ++
 linux-user/riscv/target_elf.h   |   7 ++
 linux-user/sh4/Makefile.vdso    |  18 ++++
 linux-user/sh4/elfload.c        |  14 ++++
 linux-user/sh4/meson.build      |  12 +++
 linux-user/sh4/target_elf.h     |   1 +
 linux-user/sh4/vdso-asmoffset.h |  45 ++++++++++
 linux-user/sh4/vdso-be.so       | Bin 0 -> 2704 bytes
 linux-user/sh4/vdso-le.so       | Bin 0 -> 2704 bytes
 linux-user/sh4/vdso.S           | 142 ++++++++++++++++++++++++++++++++
 linux-user/sh4/vdso.ld          |  67 +++++++++++++++
 15 files changed, 402 insertions(+), 7 deletions(-)
 create mode 100644 linux-user/sh4/Makefile.vdso
 create mode 100644 linux-user/sh4/vdso-asmoffset.h
 create mode 100755 linux-user/sh4/vdso-be.so
 create mode 100755 linux-user/sh4/vdso-le.so
 create mode 100644 linux-user/sh4/vdso.S
 create mode 100644 linux-user/sh4/vdso.ld

-- 
2.54.0

[PULL 1/6] linux-user/hppa: add coredump support

[Helge Deller]

From: Matt Turner <mattst88@gmail.com>

Add HAVE_ELF_CORE_DUMP, target_elf_gregset_t (80 entries matching
arch/parisc/include/uapi/asm/ptrace.h), and elf_core_copy_regs().

The struct layout matches the kernel's struct user_regs_struct:
  gr[0..31]    at indices [0..31]   (PSW in gr[0])
  sr[0..7]     at indices [32..39]
  iaoq[0..1]   at indices [40..41]  (instruction address queue)
  iasq[0..1]   at indices [42..43]
  sar          at index   [44]      (shift amount / CR11)
  iir          at index   [45]      (interrupt instruction register)
  isr          at index   [46]      (interrupt space register)
  ior          at index   [47]      (interrupt offset register)
  ipsw         at index   [48]      (interrupt PSW / CR22)
  cr0          at index   [49]      (recovery counter)
  cr24_31[8]   at indices [50..57]
  cr8_15[6]    at indices [58..63]
  pad[16]      at indices [64..79]

elf_core_copy_regs() saves GRs, IAOQ (front/back), and SAR.

Signed-off-by: Matt Turner <mattst88@gmail.com>
Reviewed-by: Helge Deller <deller@gmx.de>
Signed-off-by: Helge Deller <deller@gmx.de>
---
 linux-user/hppa/elfload.c    | 13 +++++++++++++
 linux-user/hppa/target_elf.h | 21 +++++++++++++++++++++
 2 files changed, 34 insertions(+)

diff --git a/linux-user/hppa/elfload.c b/linux-user/hppa/elfload.c
index 7f7ece6dc1..3354e1b840 100644
--- a/linux-user/hppa/elfload.c
+++ b/linux-user/hppa/elfload.c
@@ -16,6 +16,19 @@ const char *get_elf_platform(CPUState *cs)
     return "PARISC";
 }
 
+void elf_core_copy_regs(target_elf_gregset_t *r, const CPUArchState *env)
+{
+    int i;
+
+    memset(r, 0, sizeof(*r));
+    for (i = 0; i < 32; i++) {
+        r->gr[i] = tswapal(env->gr[i]);
+    }
+    r->iaoq[0] = tswapal(env->iaoq_f);
+    r->iaoq[1] = tswapal(env->iaoq_b);
+    r->sar     = tswapal(env->cr[CR_SAR]);
+}
+
 bool init_guest_commpage(void)
 {
     /* If reserved_va, then we have already mapped 0 page on the host. */
diff --git a/linux-user/hppa/target_elf.h b/linux-user/hppa/target_elf.h
index 76930c9369..e1c5033242 100644
--- a/linux-user/hppa/target_elf.h
+++ b/linux-user/hppa/target_elf.h
@@ -12,6 +12,27 @@
 #define ELF_MACHINE             EM_PARISC
 
 #define HAVE_ELF_PLATFORM       1
+#define HAVE_ELF_CORE_DUMP      1
+
+/*
+ * Matches struct user_regs_struct from arch/parisc/include/uapi/asm/ptrace.h.
+ * ELF_NGREG = 80; register indices match those used by libunwind and gdb.
+ */
+typedef struct target_elf_gregset_t {
+    abi_ulong gr[32];      /* gr[0..31]; PSW in gr[0]            [0..31] */
+    abi_ulong sr[8];       /* space registers                    [32..39] */
+    abi_ulong iaoq[2];     /* instruction address offset         [40..41] */
+    abi_ulong iasq[2];     /* instruction address space          [42..43] */
+    abi_ulong sar;         /* shift amount register (CR11)       [44] */
+    abi_ulong iir;         /* interrupt instruction register     [45] */
+    abi_ulong isr;         /* interrupt space register           [46] */
+    abi_ulong ior;         /* interrupt offset register          [47] */
+    abi_ulong ipsw;        /* interrupt PSW (CR22)               [48] */
+    abi_ulong cr0;         /* recovery counter                   [49] */
+    abi_ulong cr24_31[8];  /* cr24..cr31                         [50..57] */
+    abi_ulong cr8_15[6];   /* cr8, cr9, cr12, cr13, cr10, cr15  [58..63] */
+    abi_ulong pad[16];     /* pad to 80 elements                 [64..79] */
+} target_elf_gregset_t;
 
 #define LO_COMMPAGE             0
 #define STACK_GROWS_DOWN        0
-- 
2.54.0

[PULL 2/6] linux-user/mips64: fix elf_core_copy_regs register layout in core files

[Helge Deller]

From: Matt Turner <mattst88@gmail.com>

mips64/elfload.c uses #include "../mips/elfload.c" to share code. When
the compiler processes mips/elfload.c the quoted #include "target_elf.h"
resolves relative to the including file's directory, so it picks up
mips/target_elf.h instead of mips64/target_elf.h.  mips/target_elf.h
pulls in mips/target_ptrace.h, whose target_pt_regs has a pad0[6] field
before regs[].  As a result elf_core_copy_regs writes:

  r->pt.regs[i]   -> reserved[6+i]   (shifted by 6 from the correct index)
  r->pt.cp0_epc   -> reserved[40]    (correct mips64 N64 index is 34)

The Linux kernel and glibc both use the mips64 N64 layout (no pad0): EPC
at reserved[34].  Debuggers and libunwind reading the core with N64
constants therefore see a completely wrong register set — EPC points to
GP, RA holds the branch target instead of the link address, etc.

Fix by:
 - Guarding the mips32 elf_core_copy_regs in mips/elfload.c with #ifndef
   TARGET_MIPS64 so it is not compiled for mips64/mipsn32 targets.
 - Providing a mips64-specific elf_core_copy_regs in mips64/elfload.c
   that writes directly to r->reserved[i] with the correct N64 indices,
   bypassing the struct field names that are tainted by the wrong header
   include.

The mipsn32 (TARGET_ABI_MIPSN32) and mips64el targets are covered by the
same mips64/elfload.c and benefit from the same fix.

Signed-off-by: Matt Turner <mattst88@gmail.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Helge Deller <deller@gmx.de>
---
 linux-user/mips/elfload.c   |  2 ++
 linux-user/mips64/elfload.c | 29 +++++++++++++++++++++++++++++
 2 files changed, 31 insertions(+)

diff --git a/linux-user/mips/elfload.c b/linux-user/mips/elfload.c
index cc5bbf05ab..1a46e180cf 100644
--- a/linux-user/mips/elfload.c
+++ b/linux-user/mips/elfload.c
@@ -131,6 +131,7 @@ const char *get_elf_base_platform(CPUState *cs)
 #undef MATCH_PLATFORM_INSN
 
 /* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs.  */
+#ifndef TARGET_MIPS64
 void elf_core_copy_regs(target_elf_gregset_t *r, const CPUMIPSState *env)
 {
     for (int i = 1; i < ARRAY_SIZE(env->active_tc.gpr); i++) {
@@ -146,3 +147,4 @@ void elf_core_copy_regs(target_elf_gregset_t *r, const CPUMIPSState *env)
     r->pt.cp0_status = tswapl(env->CP0_Status);
     r->pt.cp0_cause = tswapl(env->CP0_Cause);
 }
+#endif
diff --git a/linux-user/mips64/elfload.c b/linux-user/mips64/elfload.c
index b719555e65..9081ae8111 100644
--- a/linux-user/mips64/elfload.c
+++ b/linux-user/mips64/elfload.c
@@ -1 +1,30 @@
 #include "../mips/elfload.c"
+
+/*
+ * mips/elfload.c defines elf_core_copy_regs guarded by #ifndef TARGET_MIPS64.
+ *
+ * We must provide the mips64 version here.  We cannot use r->pt.regs[] because
+ * when mips/elfload.c is #include'd above its "#include "target_elf.h"" resolves
+ * to mips/target_elf.h (compiler searches the including file's directory first),
+ * which pulls in mips/target_ptrace.h.  That struct has pad0[6] before regs[],
+ * so r->pt.regs[i] writes to reserved[6+i] — offset by 6 from what the kernel
+ * and glibc expect for the N64 ABI (EPC at reserved[34], not reserved[40]).
+ *
+ * Write directly to reserved[] using the mips64 N64 index layout:
+ *   R0-R31 at reserved[0..31], LO at [32], HI at [33], EPC at [34].
+ */
+void elf_core_copy_regs(target_elf_gregset_t *r, const CPUMIPSState *env)
+{
+    /* R0 is always 0; r->reserved is zero-initialised by the caller */
+    for (int i = 1; i < 32; i++) {
+        r->reserved[i] = tswap64(env->active_tc.gpr[i]);
+    }
+    r->reserved[26] = 0;   /* k0 */
+    r->reserved[27] = 0;   /* k1 */
+    r->reserved[32] = tswap64(env->active_tc.LO[0]);
+    r->reserved[33] = tswap64(env->active_tc.HI[0]);
+    r->reserved[34] = tswap64(env->active_tc.PC);
+    r->reserved[35] = tswap64(env->CP0_BadVAddr);
+    r->reserved[36] = tswap64(env->CP0_Status);
+    r->reserved[37] = tswap64(env->CP0_Cause);
+}
-- 
2.54.0

[PULL 3/6] linux-user/mips64: fix mipsn32 elf_core_copy_regs entry width

[Helge Deller]

From: Matt Turner <mattst88@gmail.com>

For mipsn32 (TARGET_ABI32=y, TARGET_LONG_BITS=64):
  abi_ulong = uint32_t (4 bytes) — for pointers and ABI-sized fields
  target_ulong = uint64_t (8 bytes) — for general-purpose registers

linux-user/elfload.c allocates target_elf_prstatus using the
mips64/target_elf.h definition where target_elf_gregset_t has
target_ulong reserved[45] (8 bytes each, 360 bytes total).

However, in linux-user/mips64/elfload.c, #include "target_elf.h" inside
the included mips/elfload.c resolves to mips/target_elf.h (compiler
searches the file's own directory first), where the union uses abi_ulong
reserved[45].  For mipsn32 this gives 4-byte entries (180 bytes), not
the 8-byte entries (360 bytes) that elfload.c actually allocated.

Writing via r->reserved[34] therefore lands at byte offset 34*4=136
instead of the correct 34*8=272, silently zeroing the EPC in the core
file.

Fix by casting the pointer to target_ulong * so writes always use 8-byte
slots and land at the offsets matching the allocated layout.

This does not change behavior for mips64 (N64) where abi_ulong already
equals target_ulong (both 8 bytes).

Signed-off-by: Matt Turner <mattst88@gmail.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Helge Deller <deller@gmx.de>
---
 linux-user/mips64/elfload.c | 35 +++++++++++++++++++++++++----------
 1 file changed, 25 insertions(+), 10 deletions(-)

diff --git a/linux-user/mips64/elfload.c b/linux-user/mips64/elfload.c
index 9081ae8111..e4d84a7bd6 100644
--- a/linux-user/mips64/elfload.c
+++ b/linux-user/mips64/elfload.c
@@ -15,16 +15,31 @@
  */
 void elf_core_copy_regs(target_elf_gregset_t *r, const CPUMIPSState *env)
 {
-    /* R0 is always 0; r->reserved is zero-initialised by the caller */
+    /*
+     * linux-user/elfload.c allocates target_elf_prstatus using the
+     * definition from mips64/target_elf.h, where target_elf_gregset_t
+     * has target_ulong reserved[45] (8 bytes each = 360 bytes total).
+     *
+     * But in this compilation unit, "#include target_elf.h" resolved to
+     * mips/target_elf.h (wrong directory), so our local target_elf_gregset_t
+     * has abi_ulong reserved[45] which is only 4 bytes each for mipsn32.
+     * Using r->reserved[i] would write to the wrong offsets for mipsn32.
+     *
+     * Cast to target_ulong * to always write 8-byte entries at the correct
+     * positions, matching the layout that elfload.c allocated.
+     */
+    target_ulong *regs = (target_ulong *)r;
+
+    /* R0 is always 0; buffer is zero-initialised by the caller */
     for (int i = 1; i < 32; i++) {
-        r->reserved[i] = tswap64(env->active_tc.gpr[i]);
+        regs[i] = tswap64(env->active_tc.gpr[i]);
     }
-    r->reserved[26] = 0;   /* k0 */
-    r->reserved[27] = 0;   /* k1 */
-    r->reserved[32] = tswap64(env->active_tc.LO[0]);
-    r->reserved[33] = tswap64(env->active_tc.HI[0]);
-    r->reserved[34] = tswap64(env->active_tc.PC);
-    r->reserved[35] = tswap64(env->CP0_BadVAddr);
-    r->reserved[36] = tswap64(env->CP0_Status);
-    r->reserved[37] = tswap64(env->CP0_Cause);
+    regs[26] = 0;   /* k0 */
+    regs[27] = 0;   /* k1 */
+    regs[32] = tswap64(env->active_tc.LO[0]);
+    regs[33] = tswap64(env->active_tc.HI[0]);
+    regs[34] = tswap64(env->active_tc.PC);
+    regs[35] = tswap64(env->CP0_BadVAddr);
+    regs[36] = tswap64(env->CP0_Status);
+    regs[37] = tswap64(env->CP0_Cause);
 }
-- 
2.54.0

[PULL 4/6] linux-user/mips: use tswap32 in elf_core_copy_regs

[Helge Deller]

From: Matt Turner <mattst88@gmail.com>

Signed-off-by: Matt Turner <mattst88@gmail.com>
Signed-off-by: Helge Deller <deller@gmx.de>
---
 linux-user/mips/elfload.c | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/linux-user/mips/elfload.c b/linux-user/mips/elfload.c
index 1a46e180cf..ce2c4514f3 100644
--- a/linux-user/mips/elfload.c
+++ b/linux-user/mips/elfload.c
@@ -135,16 +135,16 @@ const char *get_elf_base_platform(CPUState *cs)
 void elf_core_copy_regs(target_elf_gregset_t *r, const CPUMIPSState *env)
 {
     for (int i = 1; i < ARRAY_SIZE(env->active_tc.gpr); i++) {
-        r->pt.regs[i] = tswapl(env->active_tc.gpr[i]);
+        r->pt.regs[i] = tswap32(env->active_tc.gpr[i]);
     }
 
     r->pt.regs[26] = 0;
     r->pt.regs[27] = 0;
-    r->pt.lo = tswapl(env->active_tc.LO[0]);
-    r->pt.hi = tswapl(env->active_tc.HI[0]);
-    r->pt.cp0_epc = tswapl(env->active_tc.PC);
-    r->pt.cp0_badvaddr = tswapl(env->CP0_BadVAddr);
-    r->pt.cp0_status = tswapl(env->CP0_Status);
-    r->pt.cp0_cause = tswapl(env->CP0_Cause);
+    r->pt.lo = tswap32(env->active_tc.LO[0]);
+    r->pt.hi = tswap32(env->active_tc.HI[0]);
+    r->pt.cp0_epc = tswap32(env->active_tc.PC);
+    r->pt.cp0_badvaddr = tswap32(env->CP0_BadVAddr);
+    r->pt.cp0_status = tswap32(env->CP0_Status);
+    r->pt.cp0_cause = tswap32(env->CP0_Cause);
 }
 #endif
-- 
2.54.0

[PULL 5/6] linux-user/riscv: add coredump support

[Helge Deller]

From: Matt Turner <mattst88@gmail.com>

Define HAVE_ELF_CORE_DUMP and target_elf_gregset_t in target_elf.h,
mirroring struct user_regs_struct: pc followed by x1 (ra) through
x31 (t6).  Implement elf_core_copy_regs() in elfload.c to populate
the gregset from CPURISCVState.

Without this, bprm->core_dump is NULL for RISC-V targets.  When a
guest signal goes unhandled, dump_core_and_abort() skips the core
write and falls through to die_with_signal(), which re-raises the
signal to the host.  The host kernel then writes an x86-64 core file
for the qemu-riscv64 process instead of a RISC-V guest core.

Signed-off-by: Matt Turner <mattst88@gmail.com>
Signed-off-by: Helge Deller <deller@gmx.de>
---
 linux-user/riscv/elfload.c    | 9 +++++++++
 linux-user/riscv/target_elf.h | 7 +++++++
 2 files changed, 16 insertions(+)

diff --git a/linux-user/riscv/elfload.c b/linux-user/riscv/elfload.c
index 2e7d622232..afe103a631 100644
--- a/linux-user/riscv/elfload.c
+++ b/linux-user/riscv/elfload.c
@@ -3,6 +3,7 @@
 #include "qemu/osdep.h"
 #include "qemu.h"
 #include "loader.h"
+#include "target_elf.h"
 
 
 const char *get_elf_cpu_model(uint32_t eflags)
@@ -10,6 +11,14 @@ const char *get_elf_cpu_model(uint32_t eflags)
     return "max";
 }
 
+void elf_core_copy_regs(target_elf_gregset_t *r, const CPURISCVState *env)
+{
+    r->pc = tswapal(env->pc);
+    for (int i = 0; i < 31; i++) {
+        r->regs[i] = tswapal(env->gpr[i + 1]);
+    }
+}
+
 abi_ulong get_elf_hwcap(CPUState *cs)
 {
 #define MISA_BIT(EXT) (1 << (EXT - 'A'))
diff --git a/linux-user/riscv/target_elf.h b/linux-user/riscv/target_elf.h
index dbbfdf54d3..859f726578 100644
--- a/linux-user/riscv/target_elf.h
+++ b/linux-user/riscv/target_elf.h
@@ -19,5 +19,12 @@
 #endif
 
 #define HAVE_ELF_HWCAP          1
+#define HAVE_ELF_CORE_DUMP      1
+
+/* Mirrors struct user_regs_struct: pc followed by x1 (ra) .. x31 (t6). */
+typedef struct target_elf_gregset_t {
+    abi_ulong pc;
+    abi_ulong regs[31];
+} target_elf_gregset_t;
 
 #endif
-- 
2.54.0

[PULL 6/6] linux-user/sh4: add VDSO support for sh4 and sh4eb

[Helge Deller]

From: Matt Turner <mattst88@gmail.com>

Provides replacement VDSO with sigreturn trampolines
(__kernel_sigreturn, __kernel_rt_sigreturn) and syscall stubs
(clock_gettime, clock_gettime64, clock_getres, gettimeofday).

Both LE and BE blobs are committed and selected at compile time via
TARGET_BIG_ENDIAN. The BE variant requires an sh4eb-unknown-linux-gnu
toolchain; sh4-unknown-linux-gnu does not support -mb.

CFI register numbers follow GCC's SH_DEBUGGER_REGNO:
PR=17, GBR=18, MACH=20, MACL=21, FPUL=23, FPSCR=24, FR0-15=25-40.

Signed-off-by: Matt Turner <mattst88@gmail.com>
Signed-off-by: Helge Deller <deller@gmx.de>
---
 linux-user/sh4/Makefile.vdso    |  18 ++++
 linux-user/sh4/elfload.c        |  14 ++++
 linux-user/sh4/meson.build      |  12 +++
 linux-user/sh4/target_elf.h     |   1 +
 linux-user/sh4/vdso-asmoffset.h |  45 ++++++++++
 linux-user/sh4/vdso-be.so       | Bin 0 -> 2704 bytes
 linux-user/sh4/vdso-le.so       | Bin 0 -> 2704 bytes
 linux-user/sh4/vdso.S           | 142 ++++++++++++++++++++++++++++++++
 linux-user/sh4/vdso.ld          |  67 +++++++++++++++
 9 files changed, 299 insertions(+)
 create mode 100644 linux-user/sh4/Makefile.vdso
 create mode 100644 linux-user/sh4/vdso-asmoffset.h
 create mode 100755 linux-user/sh4/vdso-be.so
 create mode 100755 linux-user/sh4/vdso-le.so
 create mode 100644 linux-user/sh4/vdso.S
 create mode 100644 linux-user/sh4/vdso.ld

diff --git a/linux-user/sh4/Makefile.vdso b/linux-user/sh4/Makefile.vdso
new file mode 100644
index 0000000000..272c5d262d
--- /dev/null
+++ b/linux-user/sh4/Makefile.vdso
@@ -0,0 +1,18 @@
+include $(BUILD_DIR)/tests/tcg/sh4-linux-user/config-target.mak
+
+SUBDIR = $(SRC_PATH)/linux-user/sh4
+VPATH += $(SUBDIR)
+
+all: $(SUBDIR)/vdso-le.so $(SUBDIR)/vdso-be.so
+
+LDFLAGS = -nostdlib -shared -Wl,-h,linux-gate.so.1 \
+	  -Wl,--build-id=sha1 -Wl,--hash-style=both \
+	  -Wl,-T,$(SUBDIR)/vdso.ld
+
+$(SUBDIR)/vdso-le.so: vdso.S vdso.ld vdso-asmoffset.h
+	$(CC) -o $@ $(LDFLAGS) -ml $<
+
+CC_BE = sh4eb-unknown-linux-gnu-gcc
+
+$(SUBDIR)/vdso-be.so: vdso.S vdso.ld vdso-asmoffset.h
+	$(CC_BE) -o $@ $(LDFLAGS) $<
diff --git a/linux-user/sh4/elfload.c b/linux-user/sh4/elfload.c
index ddf2aaaed7..f03ce49e7d 100644
--- a/linux-user/sh4/elfload.c
+++ b/linux-user/sh4/elfload.c
@@ -5,6 +5,20 @@
 #include "loader.h"
 #include "target_elf.h"
 
+#if TARGET_BIG_ENDIAN
+# include "vdso-be.c.inc"
+#else
+# include "vdso-le.c.inc"
+#endif
+
+const VdsoImageInfo *get_vdso_image_info(uint32_t elf_flags G_GNUC_UNUSED)
+{
+#if TARGET_BIG_ENDIAN
+    return &vdso_be_image_info;
+#else
+    return &vdso_le_image_info;
+#endif
+}
 
 const char *get_elf_cpu_model(uint32_t eflags)
 {
diff --git a/linux-user/sh4/meson.build b/linux-user/sh4/meson.build
index 3bc3a6924a..611bce050b 100644
--- a/linux-user/sh4/meson.build
+++ b/linux-user/sh4/meson.build
@@ -3,3 +3,15 @@ syscall_nr_generators += {
                    arguments: [ meson.current_source_dir() / 'syscallhdr.sh', '@INPUT@', '@OUTPUT@', '@EXTRA_ARGS@' ],
                    output: '@BASENAME@_nr.h')
 }
+
+vdso_le_inc = gen_vdso.process('vdso-le.so',
+                               extra_args: ['-s', '__kernel_sigreturn',
+                                            '-r', '__kernel_rt_sigreturn',
+                                            '-p', 'vdso_le'])
+
+vdso_be_inc = gen_vdso.process('vdso-be.so',
+                               extra_args: ['-s', '__kernel_sigreturn',
+                                            '-r', '__kernel_rt_sigreturn',
+                                            '-p', 'vdso_be'])
+
+linux_user_ss.add(when: 'TARGET_SH4', if_true: [vdso_le_inc, vdso_be_inc])
diff --git a/linux-user/sh4/target_elf.h b/linux-user/sh4/target_elf.h
index d9e253d425..3fcb63d409 100644
--- a/linux-user/sh4/target_elf.h
+++ b/linux-user/sh4/target_elf.h
@@ -15,6 +15,7 @@
 
 #define HAVE_ELF_HWCAP          1
 #define HAVE_ELF_CORE_DUMP      1
+#define HAVE_VDSO_IMAGE_INFO    1
 
 /*
  * See linux kernel: arch/sh/include/asm/elf.h, where
diff --git a/linux-user/sh4/vdso-asmoffset.h b/linux-user/sh4/vdso-asmoffset.h
new file mode 100644
index 0000000000..8ca96dce16
--- /dev/null
+++ b/linux-user/sh4/vdso-asmoffset.h
@@ -0,0 +1,45 @@
+/*
+ * Offsets into target signal frames for sh4 vdso.
+ *
+ * From linux-user/sh4/signal.c:
+ *
+ * struct target_sigcontext {
+ *     target_ulong oldmask;           //   0
+ *     target_ulong sc_gregs[16];      //   4
+ *     target_ulong sc_pc;             //  68
+ *     target_ulong sc_pr;             //  72
+ *     target_ulong sc_sr;             //  76
+ *     target_ulong sc_gbr;            //  80
+ *     target_ulong sc_mach;           //  84
+ *     target_ulong sc_macl;           //  88
+ *     target_ulong sc_fpregs[16];     //  92
+ *     target_ulong sc_xfpregs[16];    // 156
+ *     unsigned int sc_fpscr;          // 220
+ *     unsigned int sc_fpul;           // 224
+ *     unsigned int sc_ownedfp;        // 228
+ * };                                  // sizeof = 232
+ *
+ * struct sigframe    { sigcontext sc; ... }
+ * struct rt_sigframe { siginfo info[128]; ucontext uc; }
+ *   ucontext = { flags[4], link[4], stack[12], sigcontext mcontext; ... }
+ *   => mcontext at rt_sigframe + 128 + 20 = rt_sigframe + 148
+ */
+
+/* Offset of sigcontext within sigframe (CFA base for sigreturn). */
+#define SIGFRAME_SC_OFFSET      0
+
+/* Offset of tuc_mcontext within rt_sigframe (CFA base for rt_sigreturn). */
+#define RT_SIGFRAME_SC_OFFSET   148
+
+/* Offsets within struct sigcontext. */
+#define SC_GREGS    4
+#define SC_PC       68
+#define SC_PR       72
+#define SC_SR       76
+#define SC_GBR      80
+#define SC_MACH     84
+#define SC_MACL     88
+#define SC_FPREGS   92
+#define SC_XFPREGS  156
+#define SC_FPSCR    220
+#define SC_FPUL     224
diff --git a/linux-user/sh4/vdso-be.so b/linux-user/sh4/vdso-be.so
new file mode 100755
index 0000000000000000000000000000000000000000..4f50143f8284ab63693c1117e68f3efa886155e3
GIT binary patch
literal 2704
zcmbtWU1%It6#iy*limF9EvdGq*2LCYiXGAtN{c?YX?`_LB~7TU)#-M3vb#;P6K5xB
zw#GIOA`!t_74e~nVqcZwlY-zw!9PTViVq^<gQ7?u>VqQqGxFWJcQd=mgWwr1Gw0kh
z_vhU6efL}(92+uB167G(4*+fG1ClAJ_n{jN*o_oA05k&ZtF|`)+2Vj~`hO+ypCKC(
zs>cNIN2I+7$R_{K`9D4a#0qPzI*%To@2?_lCm>t2zY{=gczg=;uO6Qtc)0T6H*aRH
ze*EnF`wq3;oCMGg;6k`wv(pX!`3*2f05kyRYPd&(?`8n60cZh`a)aP6AlB;!!QX(~
z$94coHwgY@oZKL|1;o1b&i{v`f%qo?S~mf$0QLg$4<h<)K>S)np911vbG^#H0K~uN
z+LUep@v9O47xdZ$f?w5HXo>MZb(R#KHzlERgXc#dN`rb+=ee`5u_w7Xv64(asBH8}
zT<iJ_h2BdOZSQ^A|I*6mKV4qB^h@dRTU&R1wC8!)_F}H=+Syq*J7eb^-!INN8yXMv
ztuuR0S=-c~?sP6wfo;z?UdfrY%f-Cs_zPZX&E)wJ>uj;Ku(UUy@g1w|TKh0IIzIKN
zz27>(t(i5C5k4JX+`0_N9NVVyNblZ=y|eJU>Z8aw8(p#c0rZCPG9Cah0vOD<Q-HyI
zoCl240G<JiS-@aU6MHbuPrzIjMprALCv95*+~irx8A98A0Dh>mG5+7y**F)mqyJ@&
zbB<#$ms4^Qfs4YpAk3#lY+1yg5)J1?V?`vEMDm<yS`^I-qQw`jWzpt|_9sQhyhyo1
zl*Fc4(K#bFpA}n+;*Nso%8PB&;!a0w&xyOTqWg^K$%wm8iygMu`GmOVak1-^xc4!!
z`=q#iL~I$AJ0WJt1zdM0hT30YLftT~r_h2Xz-Wqmza05)Ui-#4La!zO=WgISWB9g;
zQ@t<_OkB-Z<Rt3MVMay9CRWXLlbE1Ro?&Wmz0?&3B!5s>c#%9pow%W=<b_y>E$Yk%
z>Rc<o3Q8yEP`{#dau4B1{L-Iir`L>lh~HL)e+v6|D9+V-Rh0ihjd>&dKdt9ioHq%z
zU)6tB51{zMuj8lHI=*?mj<4RW<Eu~W_~^SD{>o;(lZQ^^@|KG#dTr0i7u}Lw_A{Qp
z-t3feum?_zr;m&thHVdzPuYVb_RvK7$e=wkFadjb>}Y>_%sx6abZl_ao=o?T4cZZ`
zD+=0}LTdP;o~$ASR6}4JaFyb<b;Ja#T$%GTXJD0mFMJpDSIPAqSh-3mGgr*Yk8))W
zRxaabVC72-Rv}X^gm&KxEsKs<F1n=}#m>QU3ih;@nRDzy&Rf%9`OcEB&-Xt{m%0y#
z6@3?zv$QCTphw*wydU(PPmC)}NI&9=bqDj@3~?v1w-UK?I3BUQU*$ewnp8Qexs0M~
z0CFsGX@)qJSY^$k?=9_j&<z6eHT_0Z4M6^>_v=?S`mL%OfpvivjmL-FAPB<oh<Ay3
zu3L}Cc(EN{t0Bk(k_(7Q#)bVle$#5dW?em`Mf>smxCZ)N37aALN{RMk%|pM&5Py<W
w2DDRTUNx2$)^G;v4c1NMJ&wnHk-PNXI4onrdP0kii>UQWJQv<|Rgr%G0%o^*^#A|>

literal 0
HcmV?d00001

diff --git a/linux-user/sh4/vdso-le.so b/linux-user/sh4/vdso-le.so
new file mode 100755
index 0000000000000000000000000000000000000000..c41cb5831b9e5883a64564da8b2149a33e199f4f
GIT binary patch
literal 2704
zcmbtWU1%It6#iy+lk6sGvbUt#nzkl3))MRxODuwYXwv*_N|H*NXw~X;yF1z4{Or`(
z*)$ttn+G2vg0<>HA4C*=@u4O7AU^n35fu@k>XV3|;txJFf<^FW<ePhMGTG!o@EZ;@
z=iHw;=iYO^doT764;Y34jVL;ywQc~(I0C&JZK%NkB+-moAZTMd<#i=7AP_xX<EIz`
zsS6ASA^`pf$%{ZBdi+B_c-edu(4zmN+xh+?BppB?;r12)Q2>LZ6DVKp*z@kSHx|At
z{Wc;deja@L%MW^+09;W1wnTv6|M8tv1gHV996=D{vH{csxB{SoYXRUd-*>vAz~8>_
zFpj+d;sE~ieTQ-1^nIs|KmMQS0q{`_XaukwjW`J4{g8eefR&Iw0pP2c^q2kf0KSb$
z->B2Kw?h422>B<l>T^Fd=ssiOdJ^1kg8RpL7`G0Q>qSu4ZR}sSBi?>A9$%u3eS*FJ
zq;+NNQdhqB^Y^y>`03J1zg(KXyz9+l#pgRe+z-o|%a$A~Gvj2Yt(@(7g;{$`<Kga2
zX4fuhn;Pj%X44f|*0k*w?HQ|7$ho#xc8lvK*9%!^3dQpL!Ccz2&5~o@hvA{oiBr}g
z^KcMtB=i{SxqS1pX6D##l}Ch(-@vW%wJ6&Nz0O8!^uaE*7Do&q1t4VrrvZ!`z&QYC
z4B%M+GX~IM$b2J=g)u}Hh0)sB9OU3m0KY=!2En|%7r^&bwxa;PuCk4*x?x@s%j#_`
zjGaVeF&X?s;G!@th{!V{x+r2#i<$*dTM>2hB7R;Z=0ts2G<c%1B(}Mt=_%2CP9z;6
ziemeWXqgr}ro^s-xFauGb7J?T*kg;mS#f7Zw4D|0X>r#XvCk46Pl~&r5c^Mydma}D
z9uv2x#LgiEHA^m_-@*C~G`+$#HEtxYHz0w8vHtyX=(|4jJqjQZj7Z=-W4n>OepSU-
z4RQz(4R%g)lGK^u2<l(zGTY<QjHs#%@`h}eRY3lbx~v%Th}0$XX<mp1)di48WP2ib
zlkcQX)&X8!)5$)veu=26XN?$EeeNggU!oEFAURj-VX*%Lp?D3f`s5q^f3gVkM90ha
zsn7)E3$Kcwm`7p0d98}C-l^iNkE{6Tn=1Z7CQ~_n|EY(kOb2V#Yq@r=;1sQrmv+6)
zX1kb$)%WOV&&bd*Sk~a^gw>z22F7|u`mI#o7_7nJ6TLmd)`@|Ell|k?cu((ezZI%=
zML}Cr$OgWsCaVwuZ6L5MxJvQbCSrnFs?2)nvoK4ZE8ltjRdhTXX0}pH&lWPlN2xLk
zGn@9(FmuJSnNOGU((bv^GH1J`f>Yd}SXr2M-kNmNv$mDby6YND&z|R&{%5o*PG^ei
zvzX_whEBzHb$&3F^_kBamlYw;7@jqq>Wt-lJa;KesvkLk^O5HcDW2tg%ukBuGJ^dm
zM-<m`KGrFP_Xt%|YyDUUx71nA`lXP6s{8dSTi{<r-Vt~&(4ddRaR9!WkM&NW-+Dfd
zr#yo7I|O-vLSMKpY}e~IxpuB>ybo#Ue%w5H{z%>+cf_?*q4{{{p_vTD`v9d+PZsK@
q=hEOEZp8q2Zz4DIzl@8_rDG$m)B>w|kop%Ps`@=wC(k+!?drcIxqF)c

literal 0
HcmV?d00001

diff --git a/linux-user/sh4/vdso.S b/linux-user/sh4/vdso.S
new file mode 100644
index 0000000000..4fb5ee9d31
--- /dev/null
+++ b/linux-user/sh4/vdso.S
@@ -0,0 +1,142 @@
+/*
+ * sh4 linux replacement vdso.
+ *
+ * Copyright 2023 Linaro, Ltd.
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include <asm/unistd.h>
+#include "vdso-asmoffset.h"
+
+	.text
+
+.macro endf name
+	.globl	\name
+	.type	\name, @function
+	.size	\name, . - \name
+.endm
+
+/*
+ * SH4 syscall convention:
+ *   Syscall number in r3 (caller-saved, so no save/restore needed)
+ *   Arguments in r4-r7
+ *   Return value in r0
+ *   Syscall instruction: trapa #0x10
+ */
+
+.macro vdso_syscall name, nr
+\name:
+	.cfi_startproc
+	mov.l	1f, r3
+	trapa	#0x10
+	rts
+	nop
+	.align	2
+1:	.long	\nr
+	.cfi_endproc
+endf \name
+.endm
+
+vdso_syscall __vdso_clock_gettime, __NR_clock_gettime
+vdso_syscall __vdso_clock_gettime64, __NR_clock_gettime64
+vdso_syscall __vdso_clock_getres, __NR_clock_getres
+vdso_syscall __vdso_gettimeofday, __NR_gettimeofday
+
+/*
+ * Signal return trampolines.
+ *
+ * For sigreturn: r15 points to struct sigframe; sigcontext is at
+ *   offset SIGFRAME_SC_OFFSET (0).
+ * For rt_sigreturn: r15 points to struct rt_sigframe; sigcontext is at
+ *   offset RT_SIGFRAME_SC_OFFSET (148).
+ *
+ * A single CFI region covers both trampolines.  The CFA is set to the
+ * start of the relevant sigcontext; all register offsets are then
+ * identical for both trampolines.  Between the two trampolines we use
+ * .cfi_def_cfa_offset to update the CFA base for the different layout.
+ */
+
+/*
+ * Start the unwind info at least one instruction before the signal
+ * trampoline, because the unwinder will assume we are returning
+ * after a call site.
+ */
+	.cfi_startproc simple
+	.cfi_signal_frame
+	.cfi_return_column 16		/* return column is PC */
+
+	/* CFA = r15 + SIGFRAME_SC_OFFSET = r15 (sigcontext base, sigreturn). */
+	.cfi_def_cfa		15, SIGFRAME_SC_OFFSET
+
+	/* Integer registers r0-r15: sc_gregs[n] at sigcontext + SC_GREGS + n*4. */
+	.cfi_offset		0,  SC_GREGS + 0  * 4
+	.cfi_offset		1,  SC_GREGS + 1  * 4
+	.cfi_offset		2,  SC_GREGS + 2  * 4
+	.cfi_offset		3,  SC_GREGS + 3  * 4
+	.cfi_offset		4,  SC_GREGS + 4  * 4
+	.cfi_offset		5,  SC_GREGS + 5  * 4
+	.cfi_offset		6,  SC_GREGS + 6  * 4
+	.cfi_offset		7,  SC_GREGS + 7  * 4
+	.cfi_offset		8,  SC_GREGS + 8  * 4
+	.cfi_offset		9,  SC_GREGS + 9  * 4
+	.cfi_offset		10, SC_GREGS + 10 * 4
+	.cfi_offset		11, SC_GREGS + 11 * 4
+	.cfi_offset		12, SC_GREGS + 12 * 4
+	.cfi_offset		13, SC_GREGS + 13 * 4
+	.cfi_offset		14, SC_GREGS + 14 * 4
+	.cfi_offset		15, SC_GREGS + 15 * 4
+
+	/* PC (return column). */
+	.cfi_offset		16, SC_PC
+
+	/* Control registers. */
+	.cfi_offset		17, SC_PR
+	.cfi_offset		18, SC_GBR
+	.cfi_offset		20, SC_MACH
+	.cfi_offset		21, SC_MACL
+
+	/* FP registers fr0-fr15: sc_fpregs[n] at sigcontext + SC_FPREGS + n*4. */
+	.cfi_offset		25, SC_FPREGS + 0  * 4
+	.cfi_offset		26, SC_FPREGS + 1  * 4
+	.cfi_offset		27, SC_FPREGS + 2  * 4
+	.cfi_offset		28, SC_FPREGS + 3  * 4
+	.cfi_offset		29, SC_FPREGS + 4  * 4
+	.cfi_offset		30, SC_FPREGS + 5  * 4
+	.cfi_offset		31, SC_FPREGS + 6  * 4
+	.cfi_offset		32, SC_FPREGS + 7  * 4
+	.cfi_offset		33, SC_FPREGS + 8  * 4
+	.cfi_offset		34, SC_FPREGS + 9  * 4
+	.cfi_offset		35, SC_FPREGS + 10 * 4
+	.cfi_offset		36, SC_FPREGS + 11 * 4
+	.cfi_offset		37, SC_FPREGS + 12 * 4
+	.cfi_offset		38, SC_FPREGS + 13 * 4
+	.cfi_offset		39, SC_FPREGS + 14 * 4
+	.cfi_offset		40, SC_FPREGS + 15 * 4
+
+	/* FPUL, FPSCR. */
+	.cfi_offset		23, SC_FPUL
+	.cfi_offset		24, SC_FPSCR
+
+	nop
+
+sigreturn_region_start:
+__kernel_sigreturn:
+	mov.l	1f, r3
+	trapa	#0x10
+	.align	2
+1:	.long	__NR_sigreturn
+endf __kernel_sigreturn
+
+	/* Update CFA base for the rt_sigreturn frame layout. */
+	.cfi_def_cfa_offset	RT_SIGFRAME_SC_OFFSET
+
+__kernel_rt_sigreturn:
+	mov.l	2f, r3
+	trapa	#0x10
+	.align	2
+2:	.long	__NR_rt_sigreturn
+endf __kernel_rt_sigreturn
+sigreturn_region_end:
+
+	.cfi_endproc
diff --git a/linux-user/sh4/vdso.ld b/linux-user/sh4/vdso.ld
new file mode 100644
index 0000000000..3a6cb65d08
--- /dev/null
+++ b/linux-user/sh4/vdso.ld
@@ -0,0 +1,67 @@
+/*
+ * Linker script for linux sh4 replacement vdso.
+ *
+ * Copyright 2023 Linaro, Ltd.
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+VERSION {
+	LINUX_2.6 {
+	global:
+		__vdso_clock_gettime;
+		__vdso_clock_gettime64;
+		__vdso_clock_getres;
+		__vdso_gettimeofday;
+		__kernel_sigreturn;
+		__kernel_rt_sigreturn;
+	local: *;
+	};
+}
+
+PHDRS {
+	phdr		PT_PHDR		FLAGS(4) PHDRS;
+	load		PT_LOAD		FLAGS(7) FILEHDR PHDRS; /* FLAGS=RWX */
+	dynamic		PT_DYNAMIC	FLAGS(4);
+	eh_frame_hdr	PT_GNU_EH_FRAME;
+	note		PT_NOTE		FLAGS(4);
+}
+
+SECTIONS {
+	. = SIZEOF_HEADERS;
+
+	/*
+	 * The following, including the FILEHDRS and PHDRS, are modified
+	 * when we relocate the binary.  We want them to be initially
+	 * writable for the relocation; we'll force them read-only after.
+	 */
+	.note		: { *(.note*) }		:load :note
+	.dynamic	: { *(.dynamic) }	:load :dynamic
+	.dynsym		: { *(.dynsym) }	:load
+	.data		: {
+		/*
+		 * There ought not be any real read-write data.
+		 * But since we manipulated the segment layout,
+		 * we have to put these sections somewhere.
+		 */
+		*(.data*)
+		*(.sdata*)
+		*(.got.plt) *(.got)
+		*(.gnu.linkonce.d.*)
+		*(.bss*)
+		*(.dynbss*)
+		*(.gnu.linkonce.b.*)
+	}
+
+	.rodata		: { *(.rodata*) }
+	.hash		: { *(.hash) }
+	.gnu.hash	: { *(.gnu.hash) }
+	.dynstr		: { *(.dynstr) }
+	.gnu.version	: { *(.gnu.version) }
+	.gnu.version_d	: { *(.gnu.version_d) }
+	.gnu.version_r	: { *(.gnu.version_r) }
+	.eh_frame_hdr	: { *(.eh_frame_hdr) }	:load :eh_frame_hdr
+	.eh_frame	: { *(.eh_frame) }	:load
+
+	.text		: { *(.text*) }		:load
+}
-- 
2.54.0

Re: [PULL 0/6] Linux user next patches

[Stefan Hajnoczi]

[-- Attachment #1: Type: text/plain, Size: 116 bytes --]

Applied, thanks.

Please update the changelog at https://wiki.qemu.org/ChangeLog/11.1 for any user-visible changes.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]