in 32 bit mode, drop the padding in tv_nsec. If host is 64bit and target
is 32bit, the padding bytes will be copied from the target and as the
kernel checks the value, the syscall exits with EINVAL.

Signed-off-by: Laurent Vivier <laurent@vivier.eu>
---
 linux-user/syscall.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index c82b73e03234..9d7376734ad4 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -1253,6 +1253,8 @@ static inline abi_long target_to_host_timespec64(struct timespec *host_ts,
     }
     __get_user(host_ts->tv_sec, &target_ts->tv_sec);
     __get_user(host_ts->tv_nsec, &target_ts->tv_nsec);
+    /* in 32bit mode, this drops the padding */
+    host_ts->tv_nsec = (long)(abi_long)host_ts->tv_nsec;
     unlock_user_struct(target_ts, target_addr, 0);
     return 0;
 }
-- 
2.26.2

On 27.8.20. 09:04, Laurent Vivier wrote:
> in 32 bit mode, drop the padding in tv_nsec. If host is 64bit and target
> is 32bit, the padding bytes will be copied from the target and as the
> kernel checks the value, the syscall exits with EINVAL.
>
> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
> ---
>   linux-user/syscall.c | 2 ++
>   1 file changed, 2 insertions(+)
>
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index c82b73e03234..9d7376734ad4 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -1253,6 +1253,8 @@ static inline abi_long target_to_host_timespec64(struct timespec *host_ts,
>       }
>       __get_user(host_ts->tv_sec, &target_ts->tv_sec);
>       __get_user(host_ts->tv_nsec, &target_ts->tv_nsec);
> +    /* in 32bit mode, this drops the padding */
> +    host_ts->tv_nsec = (long)(abi_long)host_ts->tv_nsec;

I tested this with sh4 and the nsec conversion seems to be working fine now.

Just curious, why a double cast is needed '(long)(abi_long)', why not 
just '(abi_long)'?

>       unlock_user_struct(target_ts, target_addr, 0);
>       return 0;
>   }