diff mbox series

[v4] linux-user: implement execveat

Message ID 20221104081015.706009-1-sir@cmpwn.com (mailing list archive)
State New, archived
Headers show
Series [v4] linux-user: implement execveat | expand

Commit Message

Drew DeVault Nov. 4, 2022, 8:10 a.m. UTC
References: https://gitlab.com/qemu-project/qemu/-/issues/1007
Signed-off-by: Drew DeVault <sir@cmpwn.com>
---
v3 => v4: implement strace for execveat

 linux-user/strace.c    |  91 +++++++++++-------
 linux-user/strace.list |   2 +-
 linux-user/syscall.c   | 203 +++++++++++++++++++++--------------------
 3 files changed, 165 insertions(+), 131 deletions(-)

Comments

Laurent Vivier Nov. 4, 2022, 10:02 a.m. UTC | #1
Le 04/11/2022 à 09:10, Drew DeVault a écrit :
> References: https://gitlab.com/qemu-project/qemu/-/issues/1007
> Signed-off-by: Drew DeVault <sir@cmpwn.com>
> ---
> v3 => v4: implement strace for execveat
> 
>   linux-user/strace.c    |  91 +++++++++++-------
>   linux-user/strace.list |   2 +-
>   linux-user/syscall.c   | 203 +++++++++++++++++++++--------------------
>   3 files changed, 165 insertions(+), 131 deletions(-)
> 
> diff --git a/linux-user/strace.c b/linux-user/strace.c
> index 9ae5a812cd..4d1a14b88f 100644
> --- a/linux-user/strace.c
> +++ b/linux-user/strace.c
> @@ -616,38 +616,6 @@ print_semctl(CPUArchState *cpu_env, const struct syscallname *name,
>   }
>   #endif
>   
> -static void
> -print_execve(CPUArchState *cpu_env, const struct syscallname *name,
> -             abi_long arg1, abi_long arg2, abi_long arg3,
> -             abi_long arg4, abi_long arg5, abi_long arg6)
> -{
> -    abi_ulong arg_ptr_addr;
> -    char *s;
> -
> -    if (!(s = lock_user_string(arg1)))
> -        return;
> -    qemu_log("%s(\"%s\",{", name->name, s);
> -    unlock_user(s, arg1, 0);
> -
> -    for (arg_ptr_addr = arg2; ; arg_ptr_addr += sizeof(abi_ulong)) {
> -        abi_ulong *arg_ptr, arg_addr;
> -
> -        arg_ptr = lock_user(VERIFY_READ, arg_ptr_addr, sizeof(abi_ulong), 1);
> -        if (!arg_ptr)
> -            return;
> -    arg_addr = tswapal(*arg_ptr);
> -        unlock_user(arg_ptr, arg_ptr_addr, 0);
> -        if (!arg_addr)
> -            break;
> -        if ((s = lock_user_string(arg_addr))) {
> -            qemu_log("\"%s\",", s);
> -            unlock_user(s, arg_addr, 0);
> -        }
> -    }
> -
> -    qemu_log("NULL})");
> -}
> -
>   #ifdef TARGET_NR_ipc
>   static void
>   print_ipc(CPUArchState *cpu_env, const struct syscallname *name,
> @@ -1136,6 +1104,16 @@ UNUSED static struct flags clone_flags[] = {
>       FLAG_END,
>   };
>   
> +UNUSED static struct flags execveat_flags[] = {
> +#ifdef AT_EMPTY_PATH
> +    FLAG_GENERIC(AT_EMPTY_PATH),
> +#endif
> +#ifdef AT_SYMLINK_NOFOLLOW
> +    FLAG_GENERIC(AT_SYMLINK_NOFOLLOW),
> +#endif
> +    FLAG_END,
> +};
> +
>   UNUSED static struct flags msg_flags[] = {
>       /* send */
>       FLAG_GENERIC(MSG_CONFIRM),
> @@ -1969,6 +1947,55 @@ print_execv(CPUArchState *cpu_env, const struct syscallname *name,
>   }
>   #endif
>   
> +static void
> +print_execve_argv(abi_long argv, int last)
> +{
> +    abi_ulong arg_ptr_addr;
> +    char *s;
> +
> +    qemu_log("{");
> +    for (arg_ptr_addr = argv; ; arg_ptr_addr += sizeof(abi_ulong)) {
> +        abi_ulong *arg_ptr, arg_addr;
> +
> +        arg_ptr = lock_user(VERIFY_READ, arg_ptr_addr, sizeof(abi_ulong), 1);
> +        if (!arg_ptr)
> +            return;
> +        arg_addr = tswapal(*arg_ptr);
> +        unlock_user(arg_ptr, arg_ptr_addr, 0);
> +        if (!arg_addr)
> +            break;
> +        if ((s = lock_user_string(arg_addr))) {
> +            qemu_log("\"%s\",", s);
> +            unlock_user(s, arg_addr, 0);
> +        }
> +    }
> +    qemu_log("NULL}%s", get_comma(last));
> +}
> +
> +static void
> +print_execve(CPUArchState *cpu_env, const struct syscallname *name,
> +             abi_long arg1, abi_long arg2, abi_long arg3,
> +             abi_long arg4, abi_long arg5, abi_long arg6)
> +{
> +    print_syscall_prologue(name);
> +    print_string(arg1, 0);
> +    print_execve_argv(arg2, 1);
> +    print_syscall_epilogue(name);
> +}
> +
> +static void
> +print_execveat(CPUArchState *cpu_env, const struct syscallname *name,
> +             abi_long arg1, abi_long arg2, abi_long arg3,
> +             abi_long arg4, abi_long arg5, abi_long arg6)
> +{
> +    print_syscall_prologue(name);
> +    print_at_dirfd(arg1, 0);
> +    print_string(arg2, 0);
> +    print_execve_argv(arg3, 0);
> +    print_flags(execveat_flags, arg5, 1);
> +    print_syscall_epilogue(name);
> +}
> +
>   #if defined(TARGET_NR_faccessat) || defined(TARGET_NR_faccessat2)
>   static void
>   print_faccessat(CPUArchState *cpu_env, const struct syscallname *name,
> diff --git a/linux-user/strace.list b/linux-user/strace.list
> index 3df2184580..17d2f0fee8 100644
> --- a/linux-user/strace.list
> +++ b/linux-user/strace.list
> @@ -161,7 +161,7 @@
>   { TARGET_NR_execve, "execve" , NULL, print_execve, NULL },
>   #endif
>   #ifdef TARGET_NR_execveat
> -{ TARGET_NR_execveat, "execveat" , NULL, NULL, NULL },
> +{ TARGET_NR_execveat, "execveat" , NULL, print_execveat, NULL },
>   #endif
>   #ifdef TARGET_NR_exec_with_loader
>   { TARGET_NR_exec_with_loader, "exec_with_loader" , NULL, NULL, NULL },
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index 8402c1399d..38fbbbad6a 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -689,7 +689,8 @@ safe_syscall4(pid_t, wait4, pid_t, pid, int *, status, int, options, \
>   #endif
>   safe_syscall5(int, waitid, idtype_t, idtype, id_t, id, siginfo_t *, infop, \
>                 int, options, struct rusage *, rusage)
> -safe_syscall3(int, execve, const char *, filename, char **, argv, char **, envp)
> +safe_syscall5(int, execveat, int, dirfd, const char *, filename,
> +        char **, argv, char **, envp, int, flags)
>   #if defined(TARGET_NR_select) || defined(TARGET_NR__newselect) || \
>       defined(TARGET_NR_pselect6) || defined(TARGET_NR_pselect6_time64)
>   safe_syscall6(int, pselect6, int, nfds, fd_set *, readfds, fd_set *, writefds, \
> @@ -8349,6 +8350,106 @@ static int do_openat(CPUArchState *cpu_env, int dirfd, const char *pathname, int
>       return safe_openat(dirfd, path(pathname), flags, mode);
>   }
>   
> +static int do_execveat(CPUArchState *cpu_env, int dirfd, abi_long pathname, abi_long guest_argp, abi_long guest_envp, int flags)
> +{
> +    int ret;
> +    char **argp, **envp;
> +    int argc, envc;
> +    abi_ulong gp;
> +    abi_ulong addr;
> +    char **q;
> +    void *p;
> +
> +    argc = 0;
> +
> +    for (gp = guest_argp; gp; gp += sizeof(abi_ulong)) {
> +        if (get_user_ual(addr, gp))
> +            return -TARGET_EFAULT;
> +        if (!addr)
> +            break;
> +        argc++;
> +    }
> +    envc = 0;
> +    for (gp = guest_envp; gp; gp += sizeof(abi_ulong)) {
> +        if (get_user_ual(addr, gp))
> +            return -TARGET_EFAULT;
> +        if (!addr)
> +            break;
> +        envc++;
> +    }
> +
> +    argp = g_new0(char *, argc + 1);
> +    envp = g_new0(char *, envc + 1);
> +
> +    for (gp = guest_argp, q = argp; gp;
> +          gp += sizeof(abi_ulong), q++) {
> +        if (get_user_ual(addr, gp))
> +            goto execve_efault;
> +        if (!addr)
> +            break;
> +        if (!(*q = lock_user_string(addr)))
> +            goto execve_efault;
> +    }
> +    *q = NULL;
> +
> +    for (gp = guest_envp, q = envp; gp;
> +          gp += sizeof(abi_ulong), q++) {
> +        if (get_user_ual(addr, gp))
> +            goto execve_efault;
> +        if (!addr)
> +            break;
> +        if (!(*q = lock_user_string(addr)))
> +            goto execve_efault;
> +    }
> +    *q = NULL;
> +
> +    /* Although execve() is not an interruptible syscall it is
> +     * a special case where we must use the safe_syscall wrapper:
> +     * if we allow a signal to happen before we make the host
> +     * syscall then we will 'lose' it, because at the point of
> +     * execve the process leaves QEMU's control. So we use the
> +     * safe syscall wrapper to ensure that we either take the
> +     * signal as a guest signal, or else it does not happen
> +     * before the execve completes and makes it the other
> +     * program's problem.
> +     */
> +    if (!(p = lock_user_string(pathname)))
> +        goto execve_efault;
> +
> +    if (is_proc_myself(p, "exe")) {
> +        ret = get_errno(safe_execveat(dirfd, exec_path, argp, envp, flags));
> +    } else {
> +        ret = get_errno(safe_execveat(dirfd, p, argp, envp, flags));
> +    }
> +
> +    unlock_user(p, pathname, 0);
> +
> +    goto execve_end;
> +
> +execve_efault:
> +    ret = -TARGET_EFAULT;
> +
> +execve_end:
> +    for (gp = guest_argp, q = argp; *q;
> +          gp += sizeof(abi_ulong), q++) {
> +        if (get_user_ual(addr, gp)
> +            || !addr)
> +            break;
> +        unlock_user(*q, addr, 0);
> +    }
> +    for (gp = guest_envp, q = envp; *q;
> +          gp += sizeof(abi_ulong), q++) {
> +        if (get_user_ual(addr, gp)
> +            || !addr)
> +            break;
> +        unlock_user(*q, addr, 0);
> +    }
> +
> +    g_free(argp);
> +    g_free(envp);
> +    return ret;
> +}
> +
>   #define TIMER_MAGIC 0x0caf0000
>   #define TIMER_MAGIC_MASK 0xffff0000
>   
> @@ -8846,104 +8947,10 @@ static abi_long do_syscall1(CPUArchState *cpu_env, int num, abi_long arg1,
>           unlock_user(p, arg2, 0);
>           return ret;
>   #endif
> +    case TARGET_NR_execveat:
> +        return do_execveat(cpu_env, arg1, arg2, arg3, arg4, arg5);
>       case TARGET_NR_execve:
> -        {
> -            char **argp, **envp;
> -            int argc, envc;
> -            abi_ulong gp;
> -            abi_ulong guest_argp;
> -            abi_ulong guest_envp;
> -            abi_ulong addr;
> -            char **q;
> -
> -            argc = 0;
> -            guest_argp = arg2;
> -            for (gp = guest_argp; gp; gp += sizeof(abi_ulong)) {
> -                if (get_user_ual(addr, gp))
> -                    return -TARGET_EFAULT;
> -                if (!addr)
> -                    break;
> -                argc++;
> -            }
> -            envc = 0;
> -            guest_envp = arg3;
> -            for (gp = guest_envp; gp; gp += sizeof(abi_ulong)) {
> -                if (get_user_ual(addr, gp))
> -                    return -TARGET_EFAULT;
> -                if (!addr)
> -                    break;
> -                envc++;
> -            }
> -
> -            argp = g_new0(char *, argc + 1);
> -            envp = g_new0(char *, envc + 1);
> -
> -            for (gp = guest_argp, q = argp; gp;
> -                  gp += sizeof(abi_ulong), q++) {
> -                if (get_user_ual(addr, gp))
> -                    goto execve_efault;
> -                if (!addr)
> -                    break;
> -                if (!(*q = lock_user_string(addr)))
> -                    goto execve_efault;
> -            }
> -            *q = NULL;
> -
> -            for (gp = guest_envp, q = envp; gp;
> -                  gp += sizeof(abi_ulong), q++) {
> -                if (get_user_ual(addr, gp))
> -                    goto execve_efault;
> -                if (!addr)
> -                    break;
> -                if (!(*q = lock_user_string(addr)))
> -                    goto execve_efault;
> -            }
> -            *q = NULL;
> -
> -            if (!(p = lock_user_string(arg1)))
> -                goto execve_efault;
> -            /* Although execve() is not an interruptible syscall it is
> -             * a special case where we must use the safe_syscall wrapper:
> -             * if we allow a signal to happen before we make the host
> -             * syscall then we will 'lose' it, because at the point of
> -             * execve the process leaves QEMU's control. So we use the
> -             * safe syscall wrapper to ensure that we either take the
> -             * signal as a guest signal, or else it does not happen
> -             * before the execve completes and makes it the other
> -             * program's problem.
> -             */
> -            if (is_proc_myself(p, "exe")) {
> -                ret = get_errno(safe_execve(exec_path, argp, envp));
> -            } else {
> -                ret = get_errno(safe_execve(p, argp, envp));
> -            }
> -            unlock_user(p, arg1, 0);
> -
> -            goto execve_end;
> -
> -        execve_efault:
> -            ret = -TARGET_EFAULT;
> -
> -        execve_end:
> -            for (gp = guest_argp, q = argp; *q;
> -                  gp += sizeof(abi_ulong), q++) {
> -                if (get_user_ual(addr, gp)
> -                    || !addr)
> -                    break;
> -                unlock_user(*q, addr, 0);
> -            }
> -            for (gp = guest_envp, q = envp; *q;
> -                  gp += sizeof(abi_ulong), q++) {
> -                if (get_user_ual(addr, gp)
> -                    || !addr)
> -                    break;
> -                unlock_user(*q, addr, 0);
> -            }
> -
> -            g_free(argp);
> -            g_free(envp);
> -        }
> -        return ret;
> +        return do_execveat(cpu_env, AT_FDCWD, arg1, arg2, arg3, 0);
>       case TARGET_NR_chdir:
>           if (!(p = lock_user_string(arg1)))
>               return -TARGET_EFAULT;

Reviewed-by: Laurent Vivier <laurent@vivier.eu>
diff mbox series

Patch

diff --git a/linux-user/strace.c b/linux-user/strace.c
index 9ae5a812cd..4d1a14b88f 100644
--- a/linux-user/strace.c
+++ b/linux-user/strace.c
@@ -616,38 +616,6 @@  print_semctl(CPUArchState *cpu_env, const struct syscallname *name,
 }
 #endif
 
-static void
-print_execve(CPUArchState *cpu_env, const struct syscallname *name,
-             abi_long arg1, abi_long arg2, abi_long arg3,
-             abi_long arg4, abi_long arg5, abi_long arg6)
-{
-    abi_ulong arg_ptr_addr;
-    char *s;
-
-    if (!(s = lock_user_string(arg1)))
-        return;
-    qemu_log("%s(\"%s\",{", name->name, s);
-    unlock_user(s, arg1, 0);
-
-    for (arg_ptr_addr = arg2; ; arg_ptr_addr += sizeof(abi_ulong)) {
-        abi_ulong *arg_ptr, arg_addr;
-
-        arg_ptr = lock_user(VERIFY_READ, arg_ptr_addr, sizeof(abi_ulong), 1);
-        if (!arg_ptr)
-            return;
-    arg_addr = tswapal(*arg_ptr);
-        unlock_user(arg_ptr, arg_ptr_addr, 0);
-        if (!arg_addr)
-            break;
-        if ((s = lock_user_string(arg_addr))) {
-            qemu_log("\"%s\",", s);
-            unlock_user(s, arg_addr, 0);
-        }
-    }
-
-    qemu_log("NULL})");
-}
-
 #ifdef TARGET_NR_ipc
 static void
 print_ipc(CPUArchState *cpu_env, const struct syscallname *name,
@@ -1136,6 +1104,16 @@  UNUSED static struct flags clone_flags[] = {
     FLAG_END,
 };
 
+UNUSED static struct flags execveat_flags[] = {
+#ifdef AT_EMPTY_PATH
+    FLAG_GENERIC(AT_EMPTY_PATH),
+#endif
+#ifdef AT_SYMLINK_NOFOLLOW
+    FLAG_GENERIC(AT_SYMLINK_NOFOLLOW),
+#endif
+    FLAG_END,
+};
+
 UNUSED static struct flags msg_flags[] = {
     /* send */
     FLAG_GENERIC(MSG_CONFIRM),
@@ -1969,6 +1947,55 @@  print_execv(CPUArchState *cpu_env, const struct syscallname *name,
 }
 #endif
 
+static void
+print_execve_argv(abi_long argv, int last)
+{
+    abi_ulong arg_ptr_addr;
+    char *s;
+
+    qemu_log("{");
+    for (arg_ptr_addr = argv; ; arg_ptr_addr += sizeof(abi_ulong)) {
+        abi_ulong *arg_ptr, arg_addr;
+
+        arg_ptr = lock_user(VERIFY_READ, arg_ptr_addr, sizeof(abi_ulong), 1);
+        if (!arg_ptr)
+            return;
+        arg_addr = tswapal(*arg_ptr);
+        unlock_user(arg_ptr, arg_ptr_addr, 0);
+        if (!arg_addr)
+            break;
+        if ((s = lock_user_string(arg_addr))) {
+            qemu_log("\"%s\",", s);
+            unlock_user(s, arg_addr, 0);
+        }
+    }
+    qemu_log("NULL}%s", get_comma(last));
+}
+
+static void
+print_execve(CPUArchState *cpu_env, const struct syscallname *name,
+             abi_long arg1, abi_long arg2, abi_long arg3,
+             abi_long arg4, abi_long arg5, abi_long arg6)
+{
+    print_syscall_prologue(name);
+    print_string(arg1, 0);
+    print_execve_argv(arg2, 1);
+    print_syscall_epilogue(name);
+}
+
+static void
+print_execveat(CPUArchState *cpu_env, const struct syscallname *name,
+             abi_long arg1, abi_long arg2, abi_long arg3,
+             abi_long arg4, abi_long arg5, abi_long arg6)
+{
+    print_syscall_prologue(name);
+    print_at_dirfd(arg1, 0);
+    print_string(arg2, 0);
+    print_execve_argv(arg3, 0);
+    print_flags(execveat_flags, arg5, 1);
+    print_syscall_epilogue(name);
+}
+
 #if defined(TARGET_NR_faccessat) || defined(TARGET_NR_faccessat2)
 static void
 print_faccessat(CPUArchState *cpu_env, const struct syscallname *name,
diff --git a/linux-user/strace.list b/linux-user/strace.list
index 3df2184580..17d2f0fee8 100644
--- a/linux-user/strace.list
+++ b/linux-user/strace.list
@@ -161,7 +161,7 @@ 
 { TARGET_NR_execve, "execve" , NULL, print_execve, NULL },
 #endif
 #ifdef TARGET_NR_execveat
-{ TARGET_NR_execveat, "execveat" , NULL, NULL, NULL },
+{ TARGET_NR_execveat, "execveat" , NULL, print_execveat, NULL },
 #endif
 #ifdef TARGET_NR_exec_with_loader
 { TARGET_NR_exec_with_loader, "exec_with_loader" , NULL, NULL, NULL },
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 8402c1399d..38fbbbad6a 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -689,7 +689,8 @@  safe_syscall4(pid_t, wait4, pid_t, pid, int *, status, int, options, \
 #endif
 safe_syscall5(int, waitid, idtype_t, idtype, id_t, id, siginfo_t *, infop, \
               int, options, struct rusage *, rusage)
-safe_syscall3(int, execve, const char *, filename, char **, argv, char **, envp)
+safe_syscall5(int, execveat, int, dirfd, const char *, filename,
+        char **, argv, char **, envp, int, flags)
 #if defined(TARGET_NR_select) || defined(TARGET_NR__newselect) || \
     defined(TARGET_NR_pselect6) || defined(TARGET_NR_pselect6_time64)
 safe_syscall6(int, pselect6, int, nfds, fd_set *, readfds, fd_set *, writefds, \
@@ -8349,6 +8350,106 @@  static int do_openat(CPUArchState *cpu_env, int dirfd, const char *pathname, int
     return safe_openat(dirfd, path(pathname), flags, mode);
 }
 
+static int do_execveat(CPUArchState *cpu_env, int dirfd, abi_long pathname, abi_long guest_argp, abi_long guest_envp, int flags)
+{
+    int ret;
+    char **argp, **envp;
+    int argc, envc;
+    abi_ulong gp;
+    abi_ulong addr;
+    char **q;
+    void *p;
+
+    argc = 0;
+
+    for (gp = guest_argp; gp; gp += sizeof(abi_ulong)) {
+        if (get_user_ual(addr, gp))
+            return -TARGET_EFAULT;
+        if (!addr)
+            break;
+        argc++;
+    }
+    envc = 0;
+    for (gp = guest_envp; gp; gp += sizeof(abi_ulong)) {
+        if (get_user_ual(addr, gp))
+            return -TARGET_EFAULT;
+        if (!addr)
+            break;
+        envc++;
+    }
+
+    argp = g_new0(char *, argc + 1);
+    envp = g_new0(char *, envc + 1);
+
+    for (gp = guest_argp, q = argp; gp;
+          gp += sizeof(abi_ulong), q++) {
+        if (get_user_ual(addr, gp))
+            goto execve_efault;
+        if (!addr)
+            break;
+        if (!(*q = lock_user_string(addr)))
+            goto execve_efault;
+    }
+    *q = NULL;
+
+    for (gp = guest_envp, q = envp; gp;
+          gp += sizeof(abi_ulong), q++) {
+        if (get_user_ual(addr, gp))
+            goto execve_efault;
+        if (!addr)
+            break;
+        if (!(*q = lock_user_string(addr)))
+            goto execve_efault;
+    }
+    *q = NULL;
+
+    /* Although execve() is not an interruptible syscall it is
+     * a special case where we must use the safe_syscall wrapper:
+     * if we allow a signal to happen before we make the host
+     * syscall then we will 'lose' it, because at the point of
+     * execve the process leaves QEMU's control. So we use the
+     * safe syscall wrapper to ensure that we either take the
+     * signal as a guest signal, or else it does not happen
+     * before the execve completes and makes it the other
+     * program's problem.
+     */
+    if (!(p = lock_user_string(pathname)))
+        goto execve_efault;
+
+    if (is_proc_myself(p, "exe")) {
+        ret = get_errno(safe_execveat(dirfd, exec_path, argp, envp, flags));
+    } else {
+        ret = get_errno(safe_execveat(dirfd, p, argp, envp, flags));
+    }
+
+    unlock_user(p, pathname, 0);
+
+    goto execve_end;
+
+execve_efault:
+    ret = -TARGET_EFAULT;
+
+execve_end:
+    for (gp = guest_argp, q = argp; *q;
+          gp += sizeof(abi_ulong), q++) {
+        if (get_user_ual(addr, gp)
+            || !addr)
+            break;
+        unlock_user(*q, addr, 0);
+    }
+    for (gp = guest_envp, q = envp; *q;
+          gp += sizeof(abi_ulong), q++) {
+        if (get_user_ual(addr, gp)
+            || !addr)
+            break;
+        unlock_user(*q, addr, 0);
+    }
+
+    g_free(argp);
+    g_free(envp);
+    return ret;
+}
+
 #define TIMER_MAGIC 0x0caf0000
 #define TIMER_MAGIC_MASK 0xffff0000
 
@@ -8846,104 +8947,10 @@  static abi_long do_syscall1(CPUArchState *cpu_env, int num, abi_long arg1,
         unlock_user(p, arg2, 0);
         return ret;
 #endif
+    case TARGET_NR_execveat:
+        return do_execveat(cpu_env, arg1, arg2, arg3, arg4, arg5);
     case TARGET_NR_execve:
-        {
-            char **argp, **envp;
-            int argc, envc;
-            abi_ulong gp;
-            abi_ulong guest_argp;
-            abi_ulong guest_envp;
-            abi_ulong addr;
-            char **q;
-
-            argc = 0;
-            guest_argp = arg2;
-            for (gp = guest_argp; gp; gp += sizeof(abi_ulong)) {
-                if (get_user_ual(addr, gp))
-                    return -TARGET_EFAULT;
-                if (!addr)
-                    break;
-                argc++;
-            }
-            envc = 0;
-            guest_envp = arg3;
-            for (gp = guest_envp; gp; gp += sizeof(abi_ulong)) {
-                if (get_user_ual(addr, gp))
-                    return -TARGET_EFAULT;
-                if (!addr)
-                    break;
-                envc++;
-            }
-
-            argp = g_new0(char *, argc + 1);
-            envp = g_new0(char *, envc + 1);
-
-            for (gp = guest_argp, q = argp; gp;
-                  gp += sizeof(abi_ulong), q++) {
-                if (get_user_ual(addr, gp))
-                    goto execve_efault;
-                if (!addr)
-                    break;
-                if (!(*q = lock_user_string(addr)))
-                    goto execve_efault;
-            }
-            *q = NULL;
-
-            for (gp = guest_envp, q = envp; gp;
-                  gp += sizeof(abi_ulong), q++) {
-                if (get_user_ual(addr, gp))
-                    goto execve_efault;
-                if (!addr)
-                    break;
-                if (!(*q = lock_user_string(addr)))
-                    goto execve_efault;
-            }
-            *q = NULL;
-
-            if (!(p = lock_user_string(arg1)))
-                goto execve_efault;
-            /* Although execve() is not an interruptible syscall it is
-             * a special case where we must use the safe_syscall wrapper:
-             * if we allow a signal to happen before we make the host
-             * syscall then we will 'lose' it, because at the point of
-             * execve the process leaves QEMU's control. So we use the
-             * safe syscall wrapper to ensure that we either take the
-             * signal as a guest signal, or else it does not happen
-             * before the execve completes and makes it the other
-             * program's problem.
-             */
-            if (is_proc_myself(p, "exe")) {
-                ret = get_errno(safe_execve(exec_path, argp, envp));
-            } else {
-                ret = get_errno(safe_execve(p, argp, envp));
-            }
-            unlock_user(p, arg1, 0);
-
-            goto execve_end;
-
-        execve_efault:
-            ret = -TARGET_EFAULT;
-
-        execve_end:
-            for (gp = guest_argp, q = argp; *q;
-                  gp += sizeof(abi_ulong), q++) {
-                if (get_user_ual(addr, gp)
-                    || !addr)
-                    break;
-                unlock_user(*q, addr, 0);
-            }
-            for (gp = guest_envp, q = envp; *q;
-                  gp += sizeof(abi_ulong), q++) {
-                if (get_user_ual(addr, gp)
-                    || !addr)
-                    break;
-                unlock_user(*q, addr, 0);
-            }
-
-            g_free(argp);
-            g_free(envp);
-        }
-        return ret;
+        return do_execveat(cpu_env, AT_FDCWD, arg1, arg2, arg3, 0);
     case TARGET_NR_chdir:
         if (!(p = lock_user_string(arg1)))
             return -TARGET_EFAULT;