From e222496a7526b50e1de43113c4e101fb5c6d12f8 Mon Sep 17 00:00:00 2001
From: Ga1axy_Mac <Jimli176017@gmail.com>
Date: Sat, 13 Jun 2026 16:55:21 +0800
Subject: [PATCH 1/8] fix(ltp): `add_key05`, install account helper commands
 into PATH

---
 CosmOS-rootfs            |   2 +-
 scripts/pack-disk-img.sh |   7 ---
 user/src/bin/groupdel.rs |  79 ------------------------
 user/src/bin/useradd.rs  | 129 ---------------------------------------
 user/src/bin/userdel.rs  |  89 ---------------------------
 5 files changed, 1 insertion(+), 305 deletions(-)
 delete mode 100644 user/src/bin/groupdel.rs
 delete mode 100644 user/src/bin/useradd.rs
 delete mode 100644 user/src/bin/userdel.rs

diff --git a/CosmOS-rootfs b/CosmOS-rootfs
index fd861150..05ed5f45 160000
--- a/CosmOS-rootfs
+++ b/CosmOS-rootfs
@@ -1 +1 @@
-Subproject commit fd861150e97be8fda24b909ffc95c73de4745210
+Subproject commit 05ed5f4540ee8921d7c303999fbda0acf9147ba6
diff --git a/scripts/pack-disk-img.sh b/scripts/pack-disk-img.sh
index 179e240e..a8f74a46 100755
--- a/scripts/pack-disk-img.sh
+++ b/scripts/pack-disk-img.sh
@@ -72,13 +72,6 @@ for app_src in "$USER_APP_SRC_DIR"/*.rs; do
     cp -f "$host_path" "$STAGE_DIR/root/$name"
 done
 
-if [ -f lib/musl/ar ] && [ -d "$STAGE_DIR/musl/lib" ]; then
-    cp -f lib/musl/ar "$STAGE_DIR/musl/lib/ar"
-fi
-
-if [ -f lib/glibc/ar ] && [ -d "$STAGE_DIR/glibc/lib" ]; then
-    cp -f lib/glibc/ar "$STAGE_DIR/glibc/lib/ar"
-fi
 
 if [ -e "$STAGE_DIR/lib/libc.so" ] && [ ! -e "$STAGE_DIR/lib/ld-musl-$MUSL_ARCH.so.1" ]; then
     ln -sf libc.so "$STAGE_DIR/lib/ld-musl-$MUSL_ARCH.so.1"
diff --git a/user/src/bin/groupdel.rs b/user/src/bin/groupdel.rs
deleted file mode 100644
index 4130018f..00000000
--- a/user/src/bin/groupdel.rs
+++ /dev/null
@@ -1,79 +0,0 @@
-#![no_std]
-#![no_main]
-
-extern crate alloc;
-
-use alloc::format;
-use alloc::string::String;
-use alloc::vec::Vec;
-use user_lib::{close, exit, open, read, write, OpenFlags, STDOUT};
-
-const ETC_GROUP: &str = "/etc/group";
-
-fn read_file(path: &str) -> Result<Vec<u8>, isize> {
-    let fd = open(path, OpenFlags::RDONLY);
-    if fd < 0 {
-        return Err(fd);
-    }
-    let fd = fd as usize;
-    let mut out = Vec::new();
-    let mut buf = [0u8; 512];
-    loop {
-        let n = read(fd, &mut buf);
-        if n < 0 {
-            close(fd);
-            return Err(n);
-        }
-        if n == 0 {
-            break;
-        }
-        out.extend_from_slice(&buf[..n as usize]);
-    }
-    close(fd);
-    Ok(out)
-}
-
-fn write_file(path: &str, data: &[u8]) -> Result<(), isize> {
-    let fd = open(path, OpenFlags::CREATE | OpenFlags::TRUNC | OpenFlags::WRONLY);
-    if fd < 0 {
-        return Err(fd);
-    }
-    let fd = fd as usize;
-    let mut written = 0usize;
-    while written < data.len() {
-        let n = write(fd, &data[written..]);
-        if n < 0 {
-            close(fd);
-            return Err(n);
-        }
-        written += n as usize;
-    }
-    close(fd);
-    Ok(())
-}
-
-#[no_mangle]
-pub fn main(argc: usize, argv: &[&str]) -> i32 {
-    if argc < 2 {
-        let _ = write(STDOUT, b"Usage: groupdel <name>\n");
-        exit(1);
-    }
-
-    let username = argv[1];
-    let prefix = format!("{username}:");
-    let mut out = String::new();
-    let group_bytes = read_file(ETC_GROUP).unwrap_or_default();
-    for line in core::str::from_utf8(&group_bytes).unwrap_or("").lines() {
-        if line.starts_with(&prefix) {
-            continue;
-        }
-        out.push_str(line);
-        out.push('\n');
-    }
-
-    if write_file(ETC_GROUP, out.as_bytes()).is_err() {
-        exit(1);
-    }
-
-    0
-}
diff --git a/user/src/bin/useradd.rs b/user/src/bin/useradd.rs
deleted file mode 100644
index ea67fc4d..00000000
--- a/user/src/bin/useradd.rs
+++ /dev/null
@@ -1,129 +0,0 @@
-#![no_std]
-#![no_main]
-
-extern crate alloc;
-
-use alloc::format;
-use alloc::string::String;
-use alloc::vec::Vec;
-use user_lib::{close, exit, open, read, write, OpenFlags, STDOUT};
-
-const ETC_PASSWD: &str = "/etc/passwd";
-const ETC_GROUP: &str = "/etc/group";
-const PROC_KEY_USERS: &str = "/proc/key-users";
-
-fn read_file(path: &str) -> Result<Vec<u8>, isize> {
-    let fd = open(path, OpenFlags::RDONLY);
-    if fd < 0 {
-        return Err(fd);
-    }
-    let fd = fd as usize;
-    let mut out = Vec::new();
-    let mut buf = [0u8; 512];
-    loop {
-        let n = read(fd, &mut buf);
-        if n < 0 {
-            close(fd);
-            return Err(n);
-        }
-        if n == 0 {
-            break;
-        }
-        out.extend_from_slice(&buf[..n as usize]);
-    }
-    close(fd);
-    Ok(out)
-}
-
-fn write_file(path: &str, data: &[u8]) -> Result<(), isize> {
-    let fd = open(path, OpenFlags::CREATE | OpenFlags::TRUNC | OpenFlags::WRONLY);
-    if fd < 0 {
-        return Err(fd);
-    }
-    let fd = fd as usize;
-    let mut written = 0usize;
-    while written < data.len() {
-        let n = write(fd, &data[written..]);
-        if n < 0 {
-            close(fd);
-            return Err(n);
-        }
-        written += n as usize;
-    }
-    close(fd);
-    Ok(())
-}
-
-fn split_lines(bytes: &[u8]) -> Vec<String> {
-    let text = core::str::from_utf8(bytes).unwrap_or("");
-    text.lines().map(String::from).collect()
-}
-
-fn next_id(passwd_lines: &[String], group_lines: &[String], key_user_lines: &[String]) -> u32 {
-    let mut next = 1000u32;
-    for line in passwd_lines {
-        let mut parts = line.split(':');
-        let _name = parts.next();
-        let _passwd = parts.next();
-        if let Some(uid) = parts.next() {
-            if let Ok(uid) = uid.parse::<u32>() {
-                next = next.max(uid.saturating_add(1));
-            }
-        }
-    }
-    for line in group_lines {
-        let mut parts = line.split(':');
-        let _name = parts.next();
-        let _passwd = parts.next();
-        if let Some(gid) = parts.next() {
-            if let Ok(gid) = gid.parse::<u32>() {
-                next = next.max(gid.saturating_add(1));
-            }
-        }
-    }
-    for line in key_user_lines {
-        if let Some((uid, _rest)) = line.split_once(':') {
-            if let Ok(uid) = uid.trim().parse::<u32>() {
-                next = next.max(uid.saturating_add(1));
-            }
-        }
-    }
-    next.max(1000)
-}
-
-#[no_mangle]
-pub fn main(argc: usize, argv: &[&str]) -> i32 {
-    if argc < 2 {
-        let _ = write(STDOUT, b"Usage: useradd <name>\n");
-        exit(1);
-    }
-
-    let username = argv[1];
-    let passwd_bytes = read_file(ETC_PASSWD).unwrap_or_default();
-    let group_bytes = read_file(ETC_GROUP).unwrap_or_default();
-    let key_user_bytes = read_file(PROC_KEY_USERS).unwrap_or_default();
-    let mut passwd_lines = split_lines(&passwd_bytes);
-    let mut group_lines = split_lines(&group_bytes);
-    let key_user_lines = split_lines(&key_user_bytes);
-
-    if passwd_lines.iter().any(|line| line.starts_with(&format!("{username}:"))) {
-        return 0;
-    }
-
-    let id = next_id(&passwd_lines, &group_lines, &key_user_lines);
-    passwd_lines.push(format!("{username}:x:{id}:{id}:{username}:/tmp:/bin/sh"));
-    group_lines.push(format!("{username}:x:{id}:"));
-
-    let mut passwd_out = passwd_lines.join("\n");
-    passwd_out.push('\n');
-    let mut group_out = group_lines.join("\n");
-    group_out.push('\n');
-
-    if write_file(ETC_PASSWD, passwd_out.as_bytes()).is_err()
-        || write_file(ETC_GROUP, group_out.as_bytes()).is_err()
-    {
-        exit(1);
-    }
-
-    0
-}
diff --git a/user/src/bin/userdel.rs b/user/src/bin/userdel.rs
deleted file mode 100644
index 8b9c022e..00000000
--- a/user/src/bin/userdel.rs
+++ /dev/null
@@ -1,89 +0,0 @@
-#![no_std]
-#![no_main]
-
-extern crate alloc;
-
-use alloc::format;
-use alloc::string::String;
-use alloc::vec::Vec;
-use user_lib::{close, exit, open, read, write, OpenFlags, STDOUT};
-
-const ETC_PASSWD: &str = "/etc/passwd";
-const ETC_GROUP: &str = "/etc/group";
-
-fn read_file(path: &str) -> Result<Vec<u8>, isize> {
-    let fd = open(path, OpenFlags::RDONLY);
-    if fd < 0 {
-        return Err(fd);
-    }
-    let fd = fd as usize;
-    let mut out = Vec::new();
-    let mut buf = [0u8; 512];
-    loop {
-        let n = read(fd, &mut buf);
-        if n < 0 {
-            close(fd);
-            return Err(n);
-        }
-        if n == 0 {
-            break;
-        }
-        out.extend_from_slice(&buf[..n as usize]);
-    }
-    close(fd);
-    Ok(out)
-}
-
-fn write_file(path: &str, data: &[u8]) -> Result<(), isize> {
-    let fd = open(path, OpenFlags::CREATE | OpenFlags::TRUNC | OpenFlags::WRONLY);
-    if fd < 0 {
-        return Err(fd);
-    }
-    let fd = fd as usize;
-    let mut written = 0usize;
-    while written < data.len() {
-        let n = write(fd, &data[written..]);
-        if n < 0 {
-            close(fd);
-            return Err(n);
-        }
-        written += n as usize;
-    }
-    close(fd);
-    Ok(())
-}
-
-fn filter_out(bytes: &[u8], username: &str) -> String {
-    let prefix = format!("{username}:");
-    let mut out = String::new();
-    for line in core::str::from_utf8(bytes).unwrap_or("").lines() {
-        if line.starts_with(&prefix) {
-            continue;
-        }
-        out.push_str(line);
-        out.push('\n');
-    }
-    out
-}
-
-#[no_mangle]
-pub fn main(argc: usize, argv: &[&str]) -> i32 {
-    if argc < 2 {
-        let _ = write(STDOUT, b"Usage: userdel [-r] <name>\n");
-        exit(1);
-    }
-
-    let username = argv[argc - 1];
-    let passwd_bytes = read_file(ETC_PASSWD).unwrap_or_default();
-    let group_bytes = read_file(ETC_GROUP).unwrap_or_default();
-    let passwd_out = filter_out(&passwd_bytes, username);
-    let group_out = filter_out(&group_bytes, username);
-
-    if write_file(ETC_PASSWD, passwd_out.as_bytes()).is_err()
-        || write_file(ETC_GROUP, group_out.as_bytes()).is_err()
-    {
-        exit(1);
-    }
-
-    0
-}

From 578e43a9656f5719cdbafb8c83a152ebfdeaa1df Mon Sep 17 00:00:00 2001
From: Ga1axy_Mac <Jimli176017@gmail.com>
Date: Sat, 13 Jun 2026 17:40:50 +0800
Subject: [PATCH 2/8] fix: support LTP `bind` socket cases

---
 CosmOS-rootfs               |   2 +-
 os/src/fs/procfs.rs         |  98 ++++++++++
 os/src/net/compat_socket.rs |  37 ++--
 os/src/net/mod.rs           |   5 +-
 os/src/net/unix_socket.rs   | 333 +++++++++++++++++++++++++++++++-
 os/src/syscall/mod.rs       |  12 ++
 os/src/syscall/net.rs       | 372 ++++++++++++++++++++++++++++++------
 os/src/syscall/process.rs   | 122 ++++++++++++
 os/src/syscall/times.rs     |  18 +-
 9 files changed, 915 insertions(+), 84 deletions(-)

diff --git a/CosmOS-rootfs b/CosmOS-rootfs
index 05ed5f45..a49e93bb 160000
--- a/CosmOS-rootfs
+++ b/CosmOS-rootfs
@@ -1 +1 @@
-Subproject commit 05ed5f4540ee8921d7c303999fbda0acf9147ba6
+Subproject commit a49e93bb24d0e4e8a1296b4954db96cd822b4209
diff --git a/os/src/fs/procfs.rs b/os/src/fs/procfs.rs
index d978d960..ad90ac79 100644
--- a/os/src/fs/procfs.rs
+++ b/os/src/fs/procfs.rs
@@ -1261,6 +1261,9 @@ impl VfsNode for ProcPidDirNode {
             (String::from("ns"), VfsFileType::Directory),
             (String::from("stat"), VfsFileType::Regular),
             (String::from("status"), VfsFileType::Regular),
+            (String::from("setgroups"), VfsFileType::Regular),
+            (String::from("uid_map"), VfsFileType::Regular),
+            (String::from("gid_map"), VfsFileType::Regular),
         ]
     }
 
@@ -1273,6 +1276,11 @@ impl VfsNode for ProcPidDirNode {
             "ns" => Some(Arc::new(ProcPidNsDirNode::new(self.pid)) as Arc<dyn VfsNode>),
             "stat" => Some(Arc::new(ProcPidStatNode::new(self.pid)) as Arc<dyn VfsNode>),
             "status" => Some(Arc::new(ProcPidStatusNode::new(self.pid)) as Arc<dyn VfsNode>),
+            "setgroups" => {
+                Some(Arc::new(ProcPidUsernsNode::new(self.pid, ProcPidUsernsKind::Setgroups)) as Arc<dyn VfsNode>)
+            }
+            "uid_map" => Some(Arc::new(ProcPidUsernsNode::new(self.pid, ProcPidUsernsKind::UidMap)) as Arc<dyn VfsNode>),
+            "gid_map" => Some(Arc::new(ProcPidUsernsNode::new(self.pid, ProcPidUsernsKind::GidMap)) as Arc<dyn VfsNode>),
             _ => None,
         }
     }
@@ -1305,6 +1313,96 @@ impl VfsNode for ProcPidDirNode {
     }
 }
 
+#[derive(Debug, Clone, Copy)]
+enum ProcPidUsernsKind {
+    Setgroups,
+    UidMap,
+    GidMap,
+}
+
+/// User namespace setup files used by LTP helpers.
+#[derive(Debug)]
+struct ProcPidUsernsNode {
+    pid: usize,
+    kind: ProcPidUsernsKind,
+}
+
+impl ProcPidUsernsNode {
+    fn new(pid: usize, kind: ProcPidUsernsKind) -> Self {
+        Self { pid, kind }
+    }
+
+    fn content(&self) -> Result<&'static str, FS_ERRNO> {
+        pid2process(self.pid).ok_or(FS_ERRNO::ENOENT)?;
+        Ok(match self.kind {
+            ProcPidUsernsKind::Setgroups => "allow\n",
+            ProcPidUsernsKind::UidMap | ProcPidUsernsKind::GidMap => "0 0 4294967295\n",
+        })
+    }
+}
+
+impl VfsNode for ProcPidUsernsNode {
+    fn as_any(&self) -> &dyn Any {
+        self
+    }
+
+    fn file_type(&self) -> VfsFileType {
+        VfsFileType::Regular
+    }
+
+    fn size(&self) -> usize {
+        self.content().map(|data| data.len()).unwrap_or(0)
+    }
+
+    fn ls(&self) -> Vec<(String, VfsFileType)> {
+        Vec::new()
+    }
+
+    fn find(&self, _name: &str) -> Option<Arc<dyn VfsNode>> {
+        None
+    }
+
+    fn create(&self, _name: &str) -> Option<Arc<dyn VfsNode>> {
+        None
+    }
+
+    fn mkdir(&self, _name: &str) -> Option<Arc<dyn VfsNode>> {
+        None
+    }
+
+    fn clear(&self) {}
+
+    fn truncate(&self, _new_size: usize) -> Result<(), FS_ERRNO> {
+        Ok(())
+    }
+
+    fn read_at(&self, offset: usize, buf: &mut [u8]) -> usize {
+        self.content()
+            .map(|data| read_string_at(data.to_string(), offset, buf))
+            .unwrap_or(0)
+    }
+
+    fn write_at(&self, _offset: usize, buf: &[u8]) -> usize {
+        if pid2process(self.pid).is_none() {
+            return 0;
+        }
+        buf.len()
+    }
+
+    fn write_at_result(&self, offset: usize, buf: &[u8]) -> Result<usize, FS_ERRNO> {
+        Ok(self.write_at(offset, buf))
+    }
+
+    fn statfs(&self) -> Result<fs::VfsStatFs, fs::errno::FS_ERRNO> {
+        Ok(crate::fs::empty_statfs(
+            fs::STATFS_MAGIC_PROC,
+            crate::config::PAGE_SIZE as u64,
+            0x9fa0,
+            255,
+        ))
+    }
+}
+
 /// `/proc/<pid>/ns` directory node.
 #[derive(Debug)]
 pub struct ProcPidNsDirNode {
diff --git a/os/src/net/compat_socket.rs b/os/src/net/compat_socket.rs
index 4a682198..425b6638 100644
--- a/os/src/net/compat_socket.rs
+++ b/os/src/net/compat_socket.rs
@@ -515,7 +515,7 @@ pub(crate) fn compat_ifreq_ioctl(req: usize, arg: usize) -> Result<isize, ERRNO>
 }
 
 struct PacketBinding {
-    ifindex: usize,
+    ifindex: Option<usize>,
     protocol: u16,
 }
 
@@ -567,8 +567,15 @@ impl PacketSocketFile {
         if raw.sll_family != AF_PACKET_FAMILY {
             return Err(ERRNO::EAFNOSUPPORT);
         }
-        let ifindex = raw.sll_ifindex as usize;
-        compat::get_iface_by_ifindex(ifindex).ok_or(ERRNO::ENODEV)?;
+        let ifindex = if raw.sll_ifindex == 0 {
+            None
+        } else if raw.sll_ifindex > 0 {
+            let ifindex = raw.sll_ifindex as usize;
+            compat::get_iface_by_ifindex(ifindex).ok_or(ERRNO::ENODEV)?;
+            Some(ifindex)
+        } else {
+            return Err(ERRNO::ENODEV);
+        };
         *self.binding.lock() = Some(PacketBinding {
             ifindex,
             protocol: u16::from_be(raw.sll_protocol),
@@ -579,17 +586,21 @@ impl PacketSocketFile {
     pub(crate) fn getsockname_raw(&self) -> Result<SockAddrLl, ERRNO> {
         let binding = self.binding.lock();
         let binding = binding.as_ref().ok_or(ERRNO::EINVAL)?;
-        let iface = compat::get_iface_by_ifindex(binding.ifindex).ok_or(ERRNO::ENODEV)?;
+        let iface = binding
+            .ifindex
+            .and_then(compat::get_iface_by_ifindex);
         let mut out = SockAddrLl {
             sll_family: AF_PACKET_FAMILY,
             sll_protocol: binding.protocol.to_be(),
-            sll_ifindex: binding.ifindex as i32,
+            sll_ifindex: binding.ifindex.unwrap_or(0) as i32,
             sll_hatype: ARPHRD_ETHER,
             sll_pkttype: PACKET_HOST,
-            sll_halen: 6,
+            sll_halen: if iface.is_some() { 6 } else { 0 },
             sll_addr: [0; 8],
         };
-        out.sll_addr[..6].copy_from_slice(&iface.mac);
+        if let Some(iface) = iface {
+            out.sll_addr[..6].copy_from_slice(&iface.mac);
+        }
         Ok(out)
     }
 
@@ -603,11 +614,10 @@ impl PacketSocketFile {
             data.extend_from_slice(chunk);
         }
 
-        let local_ifindex = {
+        let bound_ifindex = {
             let binding = self.binding.lock();
             binding.as_ref().ok_or(ERRNO::EINVAL)?.ifindex
         };
-        let local = compat::get_iface_by_ifindex(local_ifindex).ok_or(ERRNO::ENODEV)?;
 
         let send_ifindex = if let Some(addr) = addr {
             if addr.len() < size_of::<SockAddrLl>() {
@@ -619,10 +629,13 @@ impl PacketSocketFile {
             }
             raw.sll_ifindex as usize
         } else {
-            local.ifindex
+            bound_ifindex.unwrap_or(2)
         };
-        if send_ifindex != local.ifindex {
-            return Err(ERRNO::ENODEV);
+        let local = compat::get_iface_by_ifindex(send_ifindex).ok_or(ERRNO::ENODEV)?;
+        if let Some(bound_ifindex) = bound_ifindex {
+            if send_ifindex != bound_ifindex {
+                return Err(ERRNO::ENODEV);
+            }
         }
 
         if let Some((src_mac, src_ip, dst_ip)) = read_arp_ipv4_request(data.as_slice()) {
diff --git a/os/src/net/mod.rs b/os/src/net/mod.rs
index 07ccb747..743f79f0 100644
--- a/os/src/net/mod.rs
+++ b/os/src/net/mod.rs
@@ -58,7 +58,10 @@ pub(crate) use socket_timeout::{
     socket_wait_should_skip, socket_wait_state, timeout_ns_to_deadline_ns, SocketTimerTag,
     SocketWakeState,
 };
-pub(crate) use unix_socket::create_unix_stream_socket_file;
+pub(crate) use unix_socket::{
+    create_unix_datagram_socket_file, create_unix_stream_socket_file, unix_stream_listener,
+    UnixDatagramSocketFile,
+};
 pub use unix_socket::{
     UnixSocketAncillaryData, UnixSocketPairEnd, UnixUcred, SCM_CREDENTIALS, SCM_RIGHTS,
     SocketLevel,
diff --git a/os/src/net/unix_socket.rs b/os/src/net/unix_socket.rs
index db95d0ef..0362e4cf 100644
--- a/os/src/net/unix_socket.rs
+++ b/os/src/net/unix_socket.rs
@@ -1,18 +1,21 @@
 use core::any::Any;
 
 use alloc::{
-    collections::VecDeque,
+    collections::{BTreeMap, VecDeque},
+    string::String,
     sync::{Arc, Weak},
     vec::Vec,
 };
+use lazy_static::lazy_static;
 use strum_macros::FromRepr;
 
 use crate::{
-    fs::{File, FileDescription, Pipe, Stat, StatMode},
+    fs::{open_file_at, unlinkat, File, FileDescription, OpenFlags, Pipe, Stat, StatMode},
     mm::UserBuffer,
     poll::notify_poll_source,
     sync::{Mutex, MutexBlocking, SpinNoIrqLock},
     syscall::errno::ERRNO,
+    task::{current_process, WaitQueue, WaitReason},
 };
 
 const POLLIN: u16 = 0x001;
@@ -74,6 +77,9 @@ struct UnixSocketPairLocalState {
     read_shutdown: bool,
     write_shutdown: bool,
     passcred: bool,
+    bound_addr: Option<Vec<u8>>,
+    listening: bool,
+    pending: VecDeque<Arc<UnixSocketPairEnd>>,
 }
 
 /// 使用两条单向 pipe 交叉组合为一个全双工端点。
@@ -105,6 +111,9 @@ impl UnixSocketPairEnd {
                 read_shutdown: false,
                 write_shutdown: false,
                 passcred: false,
+                bound_addr: None,
+                listening: false,
+                pending: VecDeque::new(),
             }),
             rx_meta,
             tx_meta,
@@ -135,6 +144,70 @@ impl UnixSocketPairEnd {
         (end0, end1)
     }
 
+    /// Bind this socket to a UNIX-domain address.
+    pub(crate) fn bind_addr(&self, addr: Vec<u8>, create_path: bool) -> Result<(), ERRNO> {
+        {
+            let state = self.state.lock();
+            if state.bound_addr.is_some() {
+                return Err(ERRNO::EINVAL);
+            }
+        }
+
+        if create_path {
+            let path = unix_path_from_addr(&addr)?;
+            let cwd = current_process().inner_exclusive_access().cwd.clone();
+            open_file_at(cwd.as_str(), path.as_str(), OpenFlags::CREATE | OpenFlags::EXCL | OpenFlags::RDWR)
+                .map_err(|err| match err {
+                    ERRNO::EIO => ERRNO::ENOTDIR,
+                    ERRNO::EEXIST => ERRNO::EADDRINUSE,
+                    other => other,
+                })?;
+        }
+
+        let mut registry = UNIX_REGISTRY.lock();
+        if registry.stream.contains_key(&addr) || registry.datagram.contains_key(&addr) {
+            if create_path {
+                if let Ok(path) = unix_path_from_addr(&addr) {
+                    let cwd = current_process().inner_exclusive_access().cwd.clone();
+                    let _ = unlinkat(cwd.as_str(), path.as_str(), 0);
+                }
+            }
+            return Err(ERRNO::EADDRINUSE);
+        }
+        registry.stream.insert(addr.clone(), self as *const Self as usize);
+        self.state.lock().bound_addr = Some(addr);
+        Ok(())
+    }
+
+    /// Mark a bound stream socket as a listener.
+    pub(crate) fn listen(&self) -> Result<(), ERRNO> {
+        let mut state = self.state.lock();
+        if state.bound_addr.is_none() {
+            return Err(ERRNO::EINVAL);
+        }
+        state.listening = true;
+        Ok(())
+    }
+
+    pub(crate) fn bound_addr(&self) -> Option<Vec<u8>> {
+        self.state.lock().bound_addr.clone()
+    }
+
+    /// Queue an accepted stream socket for `accept(2)`.
+    pub(crate) fn push_pending(&self, socket: Arc<UnixSocketPairEnd>) -> Result<(), ERRNO> {
+        let mut state = self.state.lock();
+        if !state.listening {
+            return Err(ERRNO::ECONNREFUSED);
+        }
+        state.pending.push_back(socket);
+        Ok(())
+    }
+
+    /// Pop one accepted stream socket if available.
+    pub(crate) fn pop_pending(&self) -> Option<Arc<UnixSocketPairEnd>> {
+        self.state.lock().pending.pop_front()
+    }
+
     fn set_peer(&self, peer: &Arc<Self>) {
         self.state.lock().peer = Some(Arc::downgrade(peer));
     }
@@ -357,6 +430,256 @@ pub(crate) fn create_unix_stream_socket_file() -> Arc<UnixSocketPairEnd> {
     socket
 }
 
+impl Drop for UnixSocketPairEnd {
+    fn drop(&mut self) {
+        if let Some(addr) = self.state.lock().bound_addr.clone() {
+            UNIX_REGISTRY.lock().stream.remove(&addr);
+        }
+        self.notify_self(POLLHUP | POLLIN | POLLOUT);
+        self.notify_peer(POLLHUP | POLLIN | POLLOUT);
+    }
+}
+
+struct UnixDatagramMessage {
+    from: Option<Vec<u8>>,
+    data: Vec<u8>,
+}
+
+struct UnixDatagramState {
+    bound_addr: Option<Vec<u8>>,
+    peer_addr: Option<Vec<u8>>,
+    queue: VecDeque<UnixDatagramMessage>,
+}
+
+/// Minimal AF_UNIX datagram socket used by local pathname/abstract tests.
+pub struct UnixDatagramSocketFile {
+    state: SpinNoIrqLock<UnixDatagramState>,
+    wait_queue: Arc<WaitQueue>,
+}
+
+impl UnixDatagramSocketFile {
+    fn new() -> Self {
+        Self {
+            state: SpinNoIrqLock::new(UnixDatagramState {
+                bound_addr: None,
+                peer_addr: None,
+                queue: VecDeque::new(),
+            }),
+            wait_queue: Arc::new(WaitQueue::new()),
+        }
+    }
+
+    pub(crate) fn bind_addr(&self, addr: Vec<u8>, create_path: bool) -> Result<(), ERRNO> {
+        {
+            let state = self.state.lock();
+            if state.bound_addr.is_some() {
+                return Err(ERRNO::EINVAL);
+            }
+        }
+
+        if create_path {
+            let path = unix_path_from_addr(&addr)?;
+            let cwd = current_process().inner_exclusive_access().cwd.clone();
+            open_file_at(cwd.as_str(), path.as_str(), OpenFlags::CREATE | OpenFlags::EXCL | OpenFlags::RDWR)
+                .map_err(|err| match err {
+                    ERRNO::EIO => ERRNO::ENOTDIR,
+                    ERRNO::EEXIST => ERRNO::EADDRINUSE,
+                    other => other,
+                })?;
+        }
+
+        let mut registry = UNIX_REGISTRY.lock();
+        if registry.stream.contains_key(&addr) || registry.datagram.contains_key(&addr) {
+            if create_path {
+                if let Ok(path) = unix_path_from_addr(&addr) {
+                    let cwd = current_process().inner_exclusive_access().cwd.clone();
+                    let _ = unlinkat(cwd.as_str(), path.as_str(), 0);
+                }
+            }
+            return Err(ERRNO::EADDRINUSE);
+        }
+        registry.datagram.insert(addr.clone(), self as *const Self as usize);
+        self.state.lock().bound_addr = Some(addr);
+        Ok(())
+    }
+
+    pub(crate) fn connect_addr(&self, addr: Vec<u8>) -> Result<(), ERRNO> {
+        if !UNIX_REGISTRY.lock().datagram.contains_key(&addr) {
+            return Err(ERRNO::ENOENT);
+        }
+        self.state.lock().peer_addr = Some(addr);
+        Ok(())
+    }
+
+    pub(crate) fn bound_addr(&self) -> Option<Vec<u8>> {
+        self.state.lock().bound_addr.clone()
+    }
+
+    pub(crate) fn send_to(&self, data: &[u8], addr: Option<Vec<u8>>) -> Result<usize, ERRNO> {
+        let (dst, src) = {
+            let state = self.state.lock();
+            let dst = addr.or_else(|| state.peer_addr.clone()).ok_or(ERRNO::ENOTCONN)?;
+            (dst, state.bound_addr.clone())
+        };
+        let peer_ptr = UNIX_REGISTRY
+            .lock()
+            .datagram
+            .get(&dst)
+            .copied()
+            .ok_or(ERRNO::ENOENT)?;
+        let peer = unsafe { &*(peer_ptr as *const UnixDatagramSocketFile) };
+        peer.state.lock().queue.push_back(UnixDatagramMessage {
+            from: src,
+            data: Vec::from(data),
+        });
+        peer.wait_queue.wake_one();
+        notify_poll_source(peer.source_id(), POLLIN);
+        Ok(data.len())
+    }
+
+    pub(crate) fn recv_from(&self, buf: UserBuffer) -> Result<(usize, Option<Vec<u8>>), ERRNO> {
+        loop {
+            if let Some(msg) = self.state.lock().queue.pop_front() {
+                let mut written = 0usize;
+                for byte_ref in buf.into_iter() {
+                    if written == msg.data.len() {
+                        break;
+                    }
+                    unsafe {
+                        *byte_ref = msg.data[written];
+                    }
+                    written += 1;
+                }
+                return Ok((written, msg.from));
+            }
+            let wait_queue = Arc::clone(&self.wait_queue);
+            wait_queue.wait_with_reason_or_skip(WaitReason::PipeReadable, || {
+                !self.state.lock().queue.is_empty()
+            });
+            if crate::signal::has_unmasked_pending_signal() {
+                return Err(ERRNO::EINTR);
+            }
+        }
+    }
+
+    fn source_id(&self) -> usize {
+        self as *const Self as usize
+    }
+}
+
+impl File for UnixDatagramSocketFile {
+    fn as_any(&self) -> &dyn Any {
+        self
+    }
+
+    fn readable(&self) -> bool {
+        true
+    }
+
+    fn writable(&self) -> bool {
+        true
+    }
+
+    fn read_at(&self, _offset: usize, buf: UserBuffer) -> usize {
+        self.recv_from(buf).map(|(n, _)| n).unwrap_or(0)
+    }
+
+    fn write_at(&self, _offset: usize, buf: UserBuffer) -> usize {
+        let mut data = Vec::new();
+        for byte_ref in buf.into_iter() {
+            data.push(unsafe { *byte_ref });
+        }
+        self.send_to(&data, None).unwrap_or(0)
+    }
+
+    fn poll(&self, events: u16) -> u16 {
+        let mut ready = 0;
+        if (events & POLLIN) != 0 && !self.state.lock().queue.is_empty() {
+            ready |= POLLIN;
+        }
+        if (events & POLLOUT) != 0 {
+            ready |= POLLOUT;
+        }
+        ready
+    }
+
+    fn poll_source_id(&self) -> usize {
+        self.source_id()
+    }
+
+    fn stat(&self) -> Stat {
+        Stat {
+            dev: 0,
+            ino: self as *const _ as u64,
+            mode: StatMode::SOCK,
+            nlink: 1,
+            uid: 0,
+            gid: 0,
+            rdev: 0,
+            pad0: 0,
+            size: 0,
+            blksize: 0,
+            pad1: 0,
+            blocks: 0,
+            atime_sec: 0,
+            atime_nsec: 0,
+            mtime_sec: 0,
+            mtime_nsec: 0,
+            ctime_sec: 0,
+            ctime_nsec: 0,
+            unused: [0; 2],
+        }
+    }
+}
+
+impl Drop for UnixDatagramSocketFile {
+    fn drop(&mut self) {
+        if let Some(addr) = self.state.lock().bound_addr.clone() {
+            UNIX_REGISTRY.lock().datagram.remove(&addr);
+        }
+    }
+}
+
+pub(crate) fn create_unix_datagram_socket_file() -> Arc<UnixDatagramSocketFile> {
+    Arc::new(UnixDatagramSocketFile::new())
+}
+
+pub(crate) fn unix_stream_listener(addr: &[u8]) -> Option<&'static UnixSocketPairEnd> {
+    UNIX_REGISTRY
+        .lock()
+        .stream
+        .get(addr)
+        .copied()
+        .map(|ptr| unsafe { &*(ptr as *const UnixSocketPairEnd) })
+}
+
+fn unix_path_from_addr(addr: &[u8]) -> Result<String, ERRNO> {
+    if addr.first().copied() == Some(0) {
+        return Err(ERRNO::EINVAL);
+    }
+    core::str::from_utf8(addr)
+        .map(String::from)
+        .map_err(|_| ERRNO::EINVAL)
+}
+
+struct UnixRegistry {
+    stream: BTreeMap<Vec<u8>, usize>,
+    datagram: BTreeMap<Vec<u8>, usize>,
+}
+
+impl UnixRegistry {
+    fn new() -> Self {
+        Self {
+            stream: BTreeMap::new(),
+            datagram: BTreeMap::new(),
+        }
+    }
+}
+
+lazy_static! {
+    static ref UNIX_REGISTRY: SpinNoIrqLock<UnixRegistry> = SpinNoIrqLock::new(UnixRegistry::new());
+}
+
 impl File for UnixSocketPairEnd {
     fn as_any(&self) -> &dyn Any {
         self
@@ -495,9 +818,3 @@ impl File for UnixSocketPairEnd {
         }
     }
 }
-impl Drop for UnixSocketPairEnd {
-    fn drop(&mut self) {
-        self.notify_self(POLLHUP | POLLIN | POLLOUT);
-        self.notify_peer(POLLHUP | POLLIN | POLLOUT);
-    }
-}
diff --git a/os/src/syscall/mod.rs b/os/src/syscall/mod.rs
index 7073abf2..fe188438 100644
--- a/os/src/syscall/mod.rs
+++ b/os/src/syscall/mod.rs
@@ -120,6 +120,8 @@ pub const SYSCALL_EXIT: usize = 93;
 pub const SYSCALL_EXIT_GROUP: usize = 94;
 /// set tid address syscall
 pub const SYSCALL_SET_TID_ADDRESS: usize = 96;
+/// unshare syscall
+pub const SYSCALL_UNSHARE: usize = 97;
 /// futex syscall
 pub const SYSCALL_FUTEX: usize = 98;
 /// set robust list syscall
@@ -176,12 +178,18 @@ pub const SYSCALL_SIGRETURN: usize = 139;
 pub const SYSCALL_SET_PRIORITY: usize = 140;
 /// get priority syscall
 pub const SYSCALL_GET_PRIORITY: usize = 141;
+/// setregid syscall
+pub const SYSCALL_SETREGID: usize = 143;
+/// setgid syscall
+pub const SYSCALL_SETGID: usize = 144;
 /// setreuid syscall
 pub const SYSCALL_SETREUID: usize = 145;
 /// setuid syscall
 pub const SYSCALL_SETUID: usize = 146;
 /// setresuid syscall
 pub const SYSCALL_SETRESUID: usize = 147;
+/// setresgid syscall
+pub const SYSCALL_SETRESGID: usize = 149;
 /// times syscall
 pub const SYSCALL_TIMES: usize = 153;
 /// setpgid syscall
@@ -772,9 +780,12 @@ pub fn syscall(syscall_id: usize, args: [usize; 6]) -> isize {
         SYSCALL_SENDMSG => sys_sendmsg(args[0] as i32, args[1] as *const MsgHdr, args[2] as u32),
         SYSCALL_RECVMSG => sys_recvmsg(args[0] as i32, args[1] as *mut MsgHdr, args[2] as u32),
         SYSCALL_GETPPID => sys_getppid(),
+        SYSCALL_SETREGID => sys_setregid(args[0] as u32, args[1] as u32),
+        SYSCALL_SETGID => sys_setgid(args[0] as u32),
         SYSCALL_SETREUID => sys_setreuid(args[0] as u32, args[1] as u32),
         SYSCALL_SETUID => sys_setuid(args[0] as u32),
         SYSCALL_SETRESUID => sys_setresuid(args[0] as u32, args[1] as u32, args[2] as u32),
+        SYSCALL_SETRESGID => sys_setresgid(args[0] as u32, args[1] as u32, args[2] as u32),
         SYSCALL_GETUID => sys_getuid(),
         SYSCALL_GETEUID => sys_geteuid(),
         SYSCALL_GETGID => sys_getgid(),
@@ -786,6 +797,7 @@ pub fn syscall(syscall_id: usize, args: [usize; 6]) -> isize {
         SYSCALL_SHMAT => sys_shmat(args[0], args[1], args[2] as i32),
         SYSCALL_SHMDT => sys_shmdt(args[0]),
         SYSCALL_CLONE => sys_clone(args[0], args[1], args[2], args[3], args[4]),
+        SYSCALL_UNSHARE => sys_unshare(args[0]),
         SYSCALL_SETNS => sys_setns(args[0] as i32, args[1] as i32),
         SYSCALL_EXECVE => sys_execve(
             args[0] as *const u8,
diff --git a/os/src/syscall/net.rs b/os/src/syscall/net.rs
index a8e26bd3..7da32027 100644
--- a/os/src/syscall/net.rs
+++ b/os/src/syscall/net.rs
@@ -8,14 +8,15 @@ use crate::fs::{
 };
 use crate::mm::{translated_ref, PageFaultAccess, UserBuffer};
 use crate::net::{
-    create_alg_socket_file, create_compat_ifreq_socket_file, create_netlink_route_socket_file,
-    create_packet_socket_file, create_raw_ipv6_socket_file,
-    create_tcp_socket_file, create_udp_socket_file, create_unix_stream_socket_file,
+    create_alg_socket_file, create_netlink_route_socket_file, create_packet_socket_file,
+    create_raw_ipv6_socket_file,
+    create_tcp_socket_file, create_udp_socket_file, create_unix_datagram_socket_file,
+    create_unix_stream_socket_file, unix_stream_listener,
     AlgRequestFile, AlgSendMsgParams, AlgSocketFile, CompatIfreqSocketFile,
     In6PktInfo, NetlinkRouteSocketFile, PacketSocketFile, RawIpv6ControlMessage,
     RawIpv6SendMeta, RawIpv6SocketFile, SCM_CREDENTIALS, SCM_RIGHTS, SockAddrIn, SockAddrIn6,
     SockAddrLl, SocketLevel, TcpSocketFile, UdpSocketFile, UnixSocketAncillaryData,
-    UnixSocketPairEnd, UnixUcred, AF_ALG, AF_INET6, ALG_OP_DECRYPT, ALG_OP_ENCRYPT,
+    UnixDatagramSocketFile, UnixSocketPairEnd, UnixUcred, AF_ALG, AF_INET6, ALG_OP_DECRYPT, ALG_OP_ENCRYPT,
     ALG_SET_AEAD_ASSOCLEN, ALG_SET_IV, ALG_SET_OP, ICMP6_FILTER, IPPROTO_ICMPV6,
     IPV6_2292DSTOPTS, IPV6_2292HOPOPTS, IPV6_2292HOPLIMIT, IPV6_2292PKTINFO,
     IPV6_2292RTHDR, IPV6_CHECKSUM, IPV6_HOPLIMIT, IPV6_PKTINFO, IPV6_RECVDSTOPTS,
@@ -43,6 +44,12 @@ const SHUT_RDWR: i32 = 2;
 const NETLINK_ROUTE: i32 = 0;
 const MSG_PEEK: u32 = 0x0002;
 const MSG_DONTWAIT: u32 = 0x0040;
+const IPPROTO_TCP: i32 = 6;
+const IPPROTO_UDP: i32 = 17;
+const IPPROTO_SCTP: i32 = 132;
+const IPPROTO_UDPLITE: i32 = 136;
+const IPV6_ANY: [u8; 16] = [0; 16];
+const IPV6_LOOPBACK: [u8; 16] = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1];
 
 // IP-level (SOL_IP) multicast group membership options. These use a
 // `struct group_req { __u32 gr_interface; struct sockaddr_storage gr_group; }`
@@ -581,6 +588,62 @@ fn endpoint_to_sockaddr(ep: IpEndpoint) -> SockAddrIn {
     }
 }
 
+fn sockaddr_in6_to_endpoint(addr: &SockAddrIn6) -> Result<IpEndpoint, ERRNO> {
+    if addr.sin6_family != AF_INET6 {
+        return Err(ERRNO::EAFNOSUPPORT);
+    }
+    let ip = match addr.sin6_addr {
+        IPV6_ANY => Ipv4Address::new(0, 0, 0, 0),
+        IPV6_LOOPBACK => Ipv4Address::new(127, 0, 0, 1),
+        _ => return Err(ERRNO::EADDRNOTAVAIL),
+    };
+    Ok(IpEndpoint::new(IpAddress::Ipv4(ip), u16::from_be(addr.sin6_port)))
+}
+
+fn endpoint_to_sockaddr_in6(ep: IpEndpoint) -> SockAddrIn6 {
+    let addr = match ep.addr {
+        IpAddress::Ipv4(v4) if v4.octets() == [0, 0, 0, 0] => IPV6_ANY,
+        IpAddress::Ipv4(_) => IPV6_LOOPBACK,
+    };
+    SockAddrIn6 {
+        sin6_family: AF_INET6,
+        sin6_port: ep.port.to_be(),
+        sin6_addr: addr,
+        ..Default::default()
+    }
+}
+
+fn sockaddr_to_socket_endpoint(
+    spec: SocketSpec,
+    addr: *const SockAddrIn,
+    addrlen: usize,
+) -> Result<IpEndpoint, ERRNO> {
+    if spec.family == AF_INET6 as i32 {
+        let raw = read_sockaddr_in6(addr as *const u8, addrlen)?;
+        sockaddr_in6_to_endpoint(&raw)
+    } else {
+        if addr.is_null() || addrlen < size_of::<SockAddrIn>() {
+            return Err(ERRNO::EINVAL);
+        }
+        let token = current_user_token();
+        let uaddr = translated_ref(token, addr).or_errno(ERRNO::EFAULT)?;
+        sockaddr_to_endpoint(uaddr)
+    }
+}
+
+fn copy_endpoint_to_socket_user(
+    spec: SocketSpec,
+    addr: *mut SockAddrIn,
+    addrlen: *mut i32,
+    ep: IpEndpoint,
+) -> Result<(), ERRNO> {
+    if spec.family == AF_INET6 as i32 {
+        copy_sockaddr_in6_to_user(addr as *mut u8, addrlen, &endpoint_to_sockaddr_in6(ep))
+    } else {
+        copy_sockaddr_to_user(addr, addrlen, &endpoint_to_sockaddr(ep))
+    }
+}
+
 #[derive(Clone, Copy, Debug, PartialEq, Eq)]
 enum SocketBackendKind {
     Udp,
@@ -592,6 +655,7 @@ enum SocketBackendKind {
     NetlinkRoute,
     AlgSocket,
     AlgRequest,
+    UnixDatagram,
 }
 
 fn socket_backend(fd: usize) -> Result<SocketBackendKind, ERRNO> {
@@ -608,6 +672,9 @@ fn socket_backend(fd: usize) -> Result<SocketBackendKind, ERRNO> {
     if desc.as_any().downcast_ref::<UnixSocketPairEnd>().is_some() {
         return Ok(SocketBackendKind::UnixStream);
     }
+    if desc.as_any().downcast_ref::<UnixDatagramSocketFile>().is_some() {
+        return Ok(SocketBackendKind::UnixDatagram);
+    }
     if desc.as_any().downcast_ref::<CompatIfreqSocketFile>().is_some() {
         return Ok(SocketBackendKind::CompatIfreq);
     }
@@ -626,6 +693,43 @@ fn socket_backend(fd: usize) -> Result<SocketBackendKind, ERRNO> {
     Err(ERRNO::ENOTSOCK)
 }
 
+fn with_unix_dgram_socket<R>(
+    fd: usize,
+    f: impl FnOnce(&UnixDatagramSocketFile) -> Result<R, ERRNO>,
+) -> Result<R, ERRNO> {
+    let desc = get_file_description(fd)?;
+    let sock = desc
+        .as_any()
+        .downcast_ref::<UnixDatagramSocketFile>()
+        .ok_or(ERRNO::ENOTSOCK)?;
+    f(sock)
+}
+
+fn replace_fd_socket(
+    fd: usize,
+    file: Arc<dyn File + Send + Sync>,
+    spec: SocketSpec,
+) -> Result<(), ERRNO> {
+    let process = current_process();
+    let mut inner = process.inner_exclusive_access();
+    let entry = inner
+        .fd_table
+        .get_mut(fd)
+        .and_then(|entry| entry.as_mut())
+        .ok_or(ERRNO::EBADF)?;
+    let status_flags = entry.desc.status_flags();
+    let fd_flags = entry.flags;
+    entry.desc = Arc::new(FileDescription::new_socket(
+        file,
+        AccessMode::ReadWrite,
+        status_flags,
+        0,
+        spec,
+    ));
+    entry.flags = fd_flags;
+    Ok(())
+}
+
 fn socket_spec(fd: usize) -> Result<SocketSpec, ERRNO> {
     get_file_description(fd)?
         .socket_spec()
@@ -712,6 +816,56 @@ fn read_sockaddr_family(addr: *const u8, addrlen: usize) -> Result<u16, ERRNO> {
     Ok(u16::from_ne_bytes([family_bytes[0], family_bytes[1]]))
 }
 
+fn read_sockaddr_un_addr(addr: *const u8, addrlen: usize) -> Result<(Vec<u8>, bool), ERRNO> {
+    if addr.is_null() || addrlen < size_of::<u16>() {
+        return Err(ERRNO::EINVAL);
+    }
+    let family = read_sockaddr_family(addr, addrlen)?;
+    if family != AF_UNIX as u16 {
+        return Err(ERRNO::EAFNOSUPPORT);
+    }
+    let path_len = addrlen.saturating_sub(size_of::<u16>()).min(108);
+    if path_len == 0 {
+        return Err(ERRNO::EINVAL);
+    }
+    let token = current_user_token();
+    let raw = copy_user_bytes(token, unsafe { addr.add(size_of::<u16>()) }, path_len)?;
+    let is_abstract = raw.first().copied() == Some(0);
+    let name = if is_abstract {
+        raw
+    } else {
+        let end = raw.iter().position(|&b| b == 0).unwrap_or(raw.len());
+        if end == 0 {
+            return Err(ERRNO::EINVAL);
+        }
+        raw[..end].to_vec()
+    };
+    Ok((name, !is_abstract))
+}
+
+fn sockaddr_un_bytes(addr: &[u8]) -> Vec<u8> {
+    let mut out = Vec::new();
+    out.extend_from_slice(&(AF_UNIX as u16).to_ne_bytes());
+    if addr.is_empty() {
+        out.push(0);
+        return out;
+    }
+    out.extend_from_slice(addr);
+    if addr.first().copied() != Some(0) {
+        out.push(0);
+    }
+    out
+}
+
+fn is_local_ipv4_bind_addr(addr: IpAddress) -> bool {
+    match addr {
+        IpAddress::Ipv4(v4) => {
+            let octets = v4.octets();
+            octets == [0, 0, 0, 0] || octets[0] == 127
+        }
+    }
+}
+
 fn read_sockaddr_in6(addr: *const u8, addrlen: usize) -> Result<SockAddrIn6, ERRNO> {
     if addr.is_null() || addrlen < size_of::<SockAddrIn6>() {
         return Err(ERRNO::EINVAL);
@@ -905,13 +1059,25 @@ fn accept_common(
             let (accepted, peer) = with_tcp_socket(fd, |tcp| tcp.accept())?;
             (accepted as Arc<dyn File + Send + Sync>, peer)
         }
+        SocketBackendKind::UnixStream => {
+            let accepted = loop {
+                if let Some(socket) = with_unix_socket(fd, |unix| Ok(unix.pop_pending()))? {
+                    break socket;
+                }
+                crate::task::yield_current_and_run_next();
+                if crate::signal::has_unmasked_pending_signal() {
+                    return Err(ERRNO::EINTR);
+                }
+            };
+            (accepted as Arc<dyn File + Send + Sync>, None)
+        }
         SocketBackendKind::AlgSocket => (
             with_alg_socket(fd, |alg| Ok(alg.accept()? as Arc<dyn File + Send + Sync>))?,
             None,
         ),
         SocketBackendKind::Udp
         | SocketBackendKind::RawIpv6
-        | SocketBackendKind::UnixStream
+        | SocketBackendKind::UnixDatagram
         | SocketBackendKind::CompatIfreq
         | SocketBackendKind::Packet
         | SocketBackendKind::NetlinkRoute
@@ -945,11 +1111,16 @@ fn accept_common(
 
     if !addr.is_null() {
         if let Some(ep) = peer {
-            copy_sockaddr_to_user(addr, addrlen, &endpoint_to_sockaddr(ep))?;
+            copy_endpoint_to_socket_user(parent_spec, addr, addrlen, ep)?;
         } else if addrlen.is_null() {
             return Err(ERRNO::EFAULT);
         } else {
-            write_pod_to_user(addrlen, &(size_of::<SockAddrIn>() as i32))?;
+            let len = if parent_spec.family == AF_INET6 as i32 {
+                size_of::<SockAddrIn6>()
+            } else {
+                size_of::<SockAddrIn>()
+            };
+            write_pod_to_user(addrlen, &(len as i32))?;
         }
     }
 
@@ -983,37 +1154,67 @@ pub fn sys_socket(domain: i32, socket_type: i32, protocol: i32) -> isize {
                 ),
                 _ => return Err(ERRNO::ESOCKTNOSUPPORT),
             },
-            x if x == AF_INET6 as i32 => {
-                if base_type != SOCK_RAW {
-                    return Err(ERRNO::ESOCKTNOSUPPORT);
+            x if x == AF_INET6 as i32 => match base_type {
+                SOCK_DGRAM => {
+                    if protocol != 0 && protocol != IPPROTO_UDP && protocol != IPPROTO_UDPLITE {
+                        return Err(ERRNO::EPROTONOSUPPORT);
+                    }
+                    (
+                        create_udp_socket_file()
+                            .map(|f| f as Arc<dyn File + Send + Sync>)
+                            .ok_or(ERRNO::ENETDOWN)?,
+                        SocketSpec {
+                            family: domain,
+                            socket_type: SOCK_DGRAM,
+                            protocol,
+                        },
+                    )
                 }
-                if !(0..=255).contains(&protocol) {
-                    return Err(ERRNO::EPROTONOSUPPORT);
+                SOCK_STREAM => {
+                    if protocol != 0 && protocol != IPPROTO_TCP && protocol != IPPROTO_SCTP {
+                        return Err(ERRNO::EPROTONOSUPPORT);
+                    }
+                    (
+                        create_tcp_socket_file()
+                            .map(|f| f as Arc<dyn File + Send + Sync>)
+                            .ok_or(ERRNO::ENETDOWN)?,
+                        SocketSpec {
+                            family: domain,
+                            socket_type: SOCK_STREAM,
+                            protocol,
+                        },
+                    )
                 }
-                (
-                    create_raw_ipv6_socket_file(protocol) as Arc<dyn File + Send + Sync>,
-                    SocketSpec {
-                        family: domain,
-                        socket_type: SOCK_RAW,
-                        protocol,
-                    },
-                )
-            }
+                SOCK_RAW => {
+                    if !(0..=255).contains(&protocol) {
+                        return Err(ERRNO::EPROTONOSUPPORT);
+                    }
+                    (
+                        create_raw_ipv6_socket_file(protocol) as Arc<dyn File + Send + Sync>,
+                        SocketSpec {
+                            family: domain,
+                            socket_type: SOCK_RAW,
+                            protocol,
+                        },
+                    )
+                }
+                _ => return Err(ERRNO::ESOCKTNOSUPPORT),
+            },
             AF_UNIX => {
                 if protocol != 0 {
                     return Err(ERRNO::EPROTONOSUPPORT);
                 }
                 match base_type {
-                    SOCK_STREAM => (
+                    SOCK_STREAM | SOCK_SEQPACKET => (
                         create_unix_stream_socket_file() as Arc<dyn File + Send + Sync>,
                         SocketSpec {
                             family: domain,
-                            socket_type: SOCK_STREAM,
+                            socket_type: base_type,
                             protocol: 0,
                         },
                     ),
                     SOCK_DGRAM => (
-                        create_compat_ifreq_socket_file() as Arc<dyn File + Send + Sync>,
+                        create_unix_datagram_socket_file() as Arc<dyn File + Send + Sync>,
                         SocketSpec {
                             family: domain,
                             socket_type: SOCK_DGRAM,
@@ -1161,15 +1362,23 @@ pub fn sys_socketpair(domain: i32, socket_type: i32, protocol: i32, sv: *mut i32
 
 pub fn sys_bind(fd: i32, addr: *const SockAddrIn, addrlen: i32) -> isize {
     syscall_body!({
+        if addrlen < 0 {
+            return Err(ERRNO::EINVAL);
+        }
         let fd = fd as usize;
         match socket_backend(fd)? {
             SocketBackendKind::Udp | SocketBackendKind::Tcp => {
-                if addr.is_null() || (addrlen as usize) < core::mem::size_of::<SockAddrIn>() {
+                if addr.is_null() {
                     return Err(ERRNO::EINVAL);
                 }
-                let token = current_user_token();
-                let uaddr = translated_ref(token, addr).or_errno(ERRNO::EFAULT)?;
-                let ep = sockaddr_to_endpoint(uaddr)?;
+                let spec = socket_spec(fd)?;
+                let ep = sockaddr_to_socket_endpoint(spec, addr, addrlen as usize)?;
+                if ep.port < 1024 && ep.port != 0 && current_process().geteuid() != 0 {
+                    return Err(ERRNO::EACCES);
+                }
+                if !is_local_ipv4_bind_addr(ep.addr) {
+                    return Err(ERRNO::EADDRNOTAVAIL);
+                }
                 match socket_backend(fd)? {
                     SocketBackendKind::Udp => with_udp_socket(fd, |udp| udp.bind(ep))?,
                     SocketBackendKind::Tcp => with_tcp_socket(fd, |tcp| tcp.bind(ep))?,
@@ -1199,7 +1408,15 @@ pub fn sys_bind(fd: i32, addr: *const SockAddrIn, addrlen: i32) -> isize {
                     with_packet_socket(fd, |packet| packet.bind_raw(raw.as_slice()))?;
                 }
             }
-            SocketBackendKind::UnixStream | SocketBackendKind::CompatIfreq | SocketBackendKind::AlgRequest => return Err(ERRNO::ENOTSOCK),
+            SocketBackendKind::UnixStream => {
+                let (addr, create_path) = read_sockaddr_un_addr(addr as *const u8, addrlen as usize)?;
+                with_unix_socket(fd, |unix| unix.bind_addr(addr, create_path))?;
+            }
+            SocketBackendKind::UnixDatagram => {
+                let (addr, create_path) = read_sockaddr_un_addr(addr as *const u8, addrlen as usize)?;
+                with_unix_dgram_socket(fd, |unix| unix.bind_addr(addr, create_path))?;
+            }
+            SocketBackendKind::CompatIfreq | SocketBackendKind::AlgRequest => return Err(ERRNO::ENOTSOCK),
         }
         Ok(0)
     })
@@ -1207,6 +1424,9 @@ pub fn sys_bind(fd: i32, addr: *const SockAddrIn, addrlen: i32) -> isize {
 
 pub fn sys_connect(fd: i32, addr: *const SockAddrIn, addrlen: i32) -> isize {
     syscall_body!({
+        if addrlen < 0 {
+            return Err(ERRNO::EINVAL);
+        }
         let addrlen = addrlen as usize;
         if addr.is_null() || addrlen < size_of::<u16>() {
             return Err(ERRNO::EINVAL);
@@ -1215,16 +1435,12 @@ pub fn sys_connect(fd: i32, addr: *const SockAddrIn, addrlen: i32) -> isize {
         let fd = fd as usize;
         match socket_backend(fd)? {
             SocketBackendKind::Udp | SocketBackendKind::Tcp => {
-                if addrlen < size_of::<SockAddrIn>() {
-                    return Err(ERRNO::EINVAL);
-                }
-                let token = current_user_token();
-                let uaddr = translated_ref(token, addr).or_errno(ERRNO::EFAULT)?;
-                let ep = sockaddr_to_endpoint(uaddr)?;
+                let spec = socket_spec(fd)?;
+                let ep = sockaddr_to_socket_endpoint(spec, addr, addrlen)?;
                 match socket_backend(fd)? {
                     SocketBackendKind::Udp => with_udp_socket(fd, |udp| udp.connect(ep))?,
                     SocketBackendKind::Tcp => with_tcp_socket(fd, |tcp| tcp.connect(ep))?,
-                    SocketBackendKind::RawIpv6 | SocketBackendKind::UnixStream | SocketBackendKind::CompatIfreq | SocketBackendKind::Packet | SocketBackendKind::NetlinkRoute | SocketBackendKind::AlgSocket | SocketBackendKind::AlgRequest => unreachable!(),
+                    SocketBackendKind::RawIpv6 | SocketBackendKind::UnixStream | SocketBackendKind::UnixDatagram | SocketBackendKind::CompatIfreq | SocketBackendKind::Packet | SocketBackendKind::NetlinkRoute | SocketBackendKind::AlgSocket | SocketBackendKind::AlgRequest => unreachable!(),
                 }
             }
             SocketBackendKind::UnixStream => {
@@ -1232,7 +1448,20 @@ pub fn sys_connect(fd: i32, addr: *const SockAddrIn, addrlen: i32) -> isize {
                 if family != AF_UNIX as u16 {
                     return Err(ERRNO::EAFNOSUPPORT);
                 }
-                return Err(ERRNO::ENOENT);
+                let (unix_addr, _) = read_sockaddr_un_addr(addr as *const u8, addrlen)?;
+                let listener = unix_stream_listener(&unix_addr).ok_or(ERRNO::ENOENT)?;
+                let (client, server) = {
+                    let (ab_read, ab_write) = make_pipe();
+                    let (ba_read, ba_write) = make_pipe();
+                    UnixSocketPairEnd::new_pair(ba_read, ab_write, ab_read, ba_write)
+                };
+                listener.push_pending(server)?;
+                let spec = socket_spec(fd)?;
+                replace_fd_socket(fd, client as Arc<dyn File + Send + Sync>, spec)?;
+            }
+            SocketBackendKind::UnixDatagram => {
+                let (unix_addr, _) = read_sockaddr_un_addr(addr as *const u8, addrlen)?;
+                with_unix_dgram_socket(fd, |socket| socket.connect_addr(unix_addr))?;
             }
             SocketBackendKind::RawIpv6 | SocketBackendKind::CompatIfreq | SocketBackendKind::Packet | SocketBackendKind::NetlinkRoute | SocketBackendKind::AlgSocket | SocketBackendKind::AlgRequest => return Err(ERRNO::EOPNOTSUPP),
         }
@@ -1248,7 +1477,11 @@ pub fn sys_listen(fd: i32, backlog: i32) -> isize {
                 with_tcp_socket(fd, |tcp| tcp.listen(backlog as usize))?;
                 Ok(0)
             }
-            SocketBackendKind::Udp | SocketBackendKind::RawIpv6 | SocketBackendKind::UnixStream | SocketBackendKind::CompatIfreq | SocketBackendKind::Packet | SocketBackendKind::NetlinkRoute => Err(ERRNO::ENOTSOCK),
+            SocketBackendKind::UnixStream => {
+                with_unix_socket(fd, |unix| unix.listen())?;
+                Ok(0)
+            }
+            SocketBackendKind::Udp | SocketBackendKind::RawIpv6 | SocketBackendKind::UnixDatagram | SocketBackendKind::CompatIfreq | SocketBackendKind::Packet | SocketBackendKind::NetlinkRoute => Err(ERRNO::ENOTSOCK),
             SocketBackendKind::AlgSocket | SocketBackendKind::AlgRequest => Err(ERRNO::EOPNOTSUPP),
         }
     })
@@ -1276,7 +1509,7 @@ pub fn sys_getsockname(fd: i32, addr: *mut SockAddrIn, addrlen: *mut i32) -> isi
                     let ep = udp
                         .local_endpoint()
                         .unwrap_or(IpEndpoint::new(IpAddress::Ipv4(Ipv4Address::new(0, 0, 0, 0)), 0));
-                    copy_sockaddr_to_user(addr, addrlen, &endpoint_to_sockaddr(ep))?;
+                    copy_endpoint_to_socket_user(socket_spec(fd)?, addr, addrlen, ep)?;
                     Ok(())
                 })?;
             }
@@ -1285,7 +1518,7 @@ pub fn sys_getsockname(fd: i32, addr: *mut SockAddrIn, addrlen: *mut i32) -> isi
                     let ep = tcp
                         .local_endpoint()
                         .unwrap_or(IpEndpoint::new(IpAddress::Ipv4(Ipv4Address::new(0, 0, 0, 0)), 0));
-                    copy_sockaddr_to_user(addr, addrlen, &endpoint_to_sockaddr(ep))?;
+                    copy_endpoint_to_socket_user(socket_spec(fd)?, addr, addrlen, ep)?;
                     Ok(())
                 })?;
             }
@@ -1318,7 +1551,17 @@ pub fn sys_getsockname(fd: i32, addr: *mut SockAddrIn, addrlen: *mut i32) -> isi
                 };
                 copy_raw_sockaddr_to_user(addr as *mut u8, addrlen, bytes)?;
             }
-            SocketBackendKind::UnixStream | SocketBackendKind::CompatIfreq => return Err(ERRNO::ENOTSOCK),
+            SocketBackendKind::UnixStream => {
+                let unix_addr = with_unix_socket(fd, |unix| Ok(unix.bound_addr()))?.unwrap_or_default();
+                let sockaddr = sockaddr_un_bytes(unix_addr.as_slice());
+                copy_raw_sockaddr_to_user(addr as *mut u8, addrlen, sockaddr.as_slice())?;
+            }
+            SocketBackendKind::UnixDatagram => {
+                let unix_addr = with_unix_dgram_socket(fd, |unix| Ok(unix.bound_addr()))?.unwrap_or_default();
+                let sockaddr = sockaddr_un_bytes(unix_addr.as_slice());
+                copy_raw_sockaddr_to_user(addr as *mut u8, addrlen, sockaddr.as_slice())?;
+            }
+            SocketBackendKind::CompatIfreq => return Err(ERRNO::ENOTSOCK),
             SocketBackendKind::AlgSocket | SocketBackendKind::AlgRequest => return Err(ERRNO::EOPNOTSUPP),
         }
 
@@ -1334,21 +1577,21 @@ pub fn sys_getpeername(fd: i32, addr: *mut SockAddrIn, addrlen: *mut i32) -> isi
             SocketBackendKind::Udp => {
                 with_udp_socket(fd, |udp| {
                     let ep = udp.peer_endpoint().ok_or(ERRNO::ENOTCONN)?;
-                    copy_sockaddr_to_user(addr, addrlen, &endpoint_to_sockaddr(ep))?;
+                    copy_endpoint_to_socket_user(socket_spec(fd)?, addr, addrlen, ep)?;
                     Ok(())
                 })?;
             }
             SocketBackendKind::Tcp => {
                 with_tcp_socket(fd, |tcp| {
                     if let Some(ep) = tcp.remote_endpoint() {
-                        copy_sockaddr_to_user(addr, addrlen, &endpoint_to_sockaddr(ep))?;
+                        copy_endpoint_to_socket_user(socket_spec(fd)?, addr, addrlen, ep)?;
                         Ok(())
                     } else {
                         Err(ERRNO::ENOTCONN)
                     }
                 })?;
             }
-            SocketBackendKind::RawIpv6 | SocketBackendKind::UnixStream | SocketBackendKind::CompatIfreq | SocketBackendKind::Packet | SocketBackendKind::NetlinkRoute => return Err(ERRNO::ENOTSOCK),
+            SocketBackendKind::RawIpv6 | SocketBackendKind::UnixStream | SocketBackendKind::UnixDatagram | SocketBackendKind::CompatIfreq | SocketBackendKind::Packet | SocketBackendKind::NetlinkRoute => return Err(ERRNO::ENOTSOCK),
             SocketBackendKind::AlgSocket | SocketBackendKind::AlgRequest => return Err(ERRNO::EOPNOTSUPP),
         }
 
@@ -1386,11 +1629,10 @@ pub fn sys_sendto(
                 if addr.is_null() {
                     with_udp_socket(fd, |udp| udp.send_user_buffer(&ubuf))?
                 } else {
-                    if (addrlen as usize) < core::mem::size_of::<SockAddrIn>() {
+                    if addrlen < 0 {
                         return Err(ERRNO::EINVAL);
                     }
-                    let uaddr = translated_ref(token, addr).or_errno(ERRNO::EFAULT)?;
-                    let ep = sockaddr_to_endpoint(uaddr)?;
+                    let ep = sockaddr_to_socket_endpoint(socket_spec(fd)?, addr, addrlen as usize)?;
                     with_udp_socket(fd, |udp| udp.send_user_buffer_to(&ubuf, ep))?
                 }
             }
@@ -1429,6 +1671,18 @@ pub fn sys_sendto(
                     packet.send_user_buffer_to(&ubuf, raw_addr.as_deref())
                 })?
             }
+            SocketBackendKind::UnixDatagram => {
+                let mut data = Vec::new();
+                for byte_ref in ubuf.into_iter() {
+                    data.push(unsafe { *byte_ref });
+                }
+                let unix_addr = if addr.is_null() {
+                    None
+                } else {
+                    Some(read_sockaddr_un_addr(addr as *const u8, addrlen as usize)?.0)
+                };
+                with_unix_dgram_socket(fd, |socket| socket.send_to(data.as_slice(), unix_addr))?
+            }
             SocketBackendKind::UnixStream | SocketBackendKind::CompatIfreq => return Err(ERRNO::ENOTSOCK),
             SocketBackendKind::AlgSocket | SocketBackendKind::AlgRequest => return Err(ERRNO::EOPNOTSUPP),
         };
@@ -1527,12 +1781,20 @@ pub fn sys_recvfrom(
                 }
                 return Ok(packet.data.len() as isize);
             }
+            SocketBackendKind::UnixDatagram => {
+                let (n, from) = with_unix_dgram_socket(fd, |socket| socket.recv_from(ubuf))?;
+                if !addr.is_null() {
+                    let sockaddr = sockaddr_un_bytes(from.as_deref().unwrap_or(&[]));
+                    copy_raw_sockaddr_to_user(addr as *mut u8, addrlen, sockaddr.as_slice())?;
+                }
+                return Ok(n as isize);
+            }
             SocketBackendKind::UnixStream | SocketBackendKind::CompatIfreq => return Err(ERRNO::ENOTSOCK),
             SocketBackendKind::AlgSocket | SocketBackendKind::AlgRequest => return Err(ERRNO::EOPNOTSUPP),
         };
 
         if !addr.is_null() {
-            copy_sockaddr_to_user(addr, addrlen, &endpoint_to_sockaddr(ep))?;
+            copy_endpoint_to_socket_user(socket_spec(fd)?, addr, addrlen, ep)?;
         }
 
         Ok(n as isize)
@@ -1557,7 +1819,7 @@ pub fn sys_shutdown(fd: i32, how: i32) -> isize {
                 with_tcp_socket(fd, |tcp| tcp.shutdown(how))?;
                 Ok(0)
             }
-            SocketBackendKind::Udp | SocketBackendKind::RawIpv6 | SocketBackendKind::CompatIfreq | SocketBackendKind::Packet | SocketBackendKind::NetlinkRoute => Err(ERRNO::ENOTSOCK),
+            SocketBackendKind::Udp | SocketBackendKind::RawIpv6 | SocketBackendKind::UnixDatagram | SocketBackendKind::CompatIfreq | SocketBackendKind::Packet | SocketBackendKind::NetlinkRoute => Err(ERRNO::ENOTSOCK),
             SocketBackendKind::AlgSocket | SocketBackendKind::AlgRequest => Err(ERRNO::EOPNOTSUPP),
         }
     })
@@ -1642,7 +1904,7 @@ pub fn sys_setsockopt(fd: i32, level: i32, optname: i32, optval: *const u8, optl
                                 optname
                             );
                         }
-                        SocketBackendKind::RawIpv6 | SocketBackendKind::CompatIfreq | SocketBackendKind::Packet | SocketBackendKind::NetlinkRoute | SocketBackendKind::AlgSocket | SocketBackendKind::AlgRequest => return Err(ERRNO::EOPNOTSUPP),
+                        SocketBackendKind::RawIpv6 | SocketBackendKind::UnixDatagram | SocketBackendKind::CompatIfreq | SocketBackendKind::Packet | SocketBackendKind::NetlinkRoute | SocketBackendKind::AlgSocket | SocketBackendKind::AlgRequest => return Err(ERRNO::EOPNOTSUPP),
                     }
                     Ok(0)
                 }
@@ -1666,7 +1928,7 @@ pub fn sys_setsockopt(fd: i32, level: i32, optname: i32, optval: *const u8, optl
                                 optname
                             );
                         }
-                        SocketBackendKind::RawIpv6 | SocketBackendKind::CompatIfreq | SocketBackendKind::Packet | SocketBackendKind::NetlinkRoute | SocketBackendKind::AlgSocket | SocketBackendKind::AlgRequest => return Err(ERRNO::EOPNOTSUPP),
+                        SocketBackendKind::RawIpv6 | SocketBackendKind::UnixDatagram | SocketBackendKind::CompatIfreq | SocketBackendKind::Packet | SocketBackendKind::NetlinkRoute | SocketBackendKind::AlgSocket | SocketBackendKind::AlgRequest => return Err(ERRNO::EOPNOTSUPP),
                     }
                     Ok(0)
                 }
@@ -1843,7 +2105,7 @@ pub fn sys_getsockopt(fd: i32, level: i32, optname: i32, optval: *mut u8, optlen
                             with_tcp_socket(fd, |tcp| { ns = tcp.recv_timeout_ns(); Ok(()) })?;
                             ns
                         }
-                        SocketBackendKind::RawIpv6 | SocketBackendKind::UnixStream | SocketBackendKind::CompatIfreq | SocketBackendKind::Packet | SocketBackendKind::NetlinkRoute | SocketBackendKind::AlgSocket | SocketBackendKind::AlgRequest => 0,
+                        SocketBackendKind::RawIpv6 | SocketBackendKind::UnixStream | SocketBackendKind::UnixDatagram | SocketBackendKind::CompatIfreq | SocketBackendKind::Packet | SocketBackendKind::NetlinkRoute | SocketBackendKind::AlgSocket | SocketBackendKind::AlgRequest => 0,
                     };
                     let timeval = timeval_from_ns(timeout_ns);
                     let bytes = unsafe {
@@ -1867,7 +2129,7 @@ pub fn sys_getsockopt(fd: i32, level: i32, optname: i32, optval: *mut u8, optlen
                             with_tcp_socket(fd, |tcp| { ns = tcp.send_timeout_ns(); Ok(())})?;
                             ns
                         }
-                        SocketBackendKind::RawIpv6 | SocketBackendKind::UnixStream | SocketBackendKind::CompatIfreq | SocketBackendKind::Packet | SocketBackendKind::NetlinkRoute | SocketBackendKind::AlgSocket | SocketBackendKind::AlgRequest => 0,
+                        SocketBackendKind::RawIpv6 | SocketBackendKind::UnixStream | SocketBackendKind::UnixDatagram | SocketBackendKind::CompatIfreq | SocketBackendKind::Packet | SocketBackendKind::NetlinkRoute | SocketBackendKind::AlgSocket | SocketBackendKind::AlgRequest => 0,
                     };
                     let timeval = timeval_from_ns(timeout_ns);
                     let bytes = unsafe {
@@ -2075,7 +2337,7 @@ pub fn sys_sendmsg(fd: i32, msg: *const MsgHdr, flags: u32) -> isize {
                 }
                 with_netlink_route_socket(fd, |netlink| netlink.send_user_buffer(&ubuf))?
             }
-            SocketBackendKind::Udp | SocketBackendKind::Tcp | SocketBackendKind::CompatIfreq | SocketBackendKind::Packet | SocketBackendKind::AlgSocket => return Err(ERRNO::EOPNOTSUPP),
+            SocketBackendKind::Udp | SocketBackendKind::Tcp | SocketBackendKind::UnixDatagram | SocketBackendKind::CompatIfreq | SocketBackendKind::Packet | SocketBackendKind::AlgSocket => return Err(ERRNO::EOPNOTSUPP),
         };
         Ok(n as isize)
     })
@@ -2129,7 +2391,7 @@ pub fn sys_recvmsg(fd: i32, msg: *mut MsgHdr, flags: u32) -> isize {
                 let packet = with_raw_ipv6_socket(fd, |raw| raw.recv_into_user_buffer(&mut ubuf))?;
                 (packet.data.len(), UnixSocketAncillaryData::default(), packet.control)
             }
-            SocketBackendKind::Udp | SocketBackendKind::Tcp | SocketBackendKind::CompatIfreq | SocketBackendKind::Packet | SocketBackendKind::AlgSocket | SocketBackendKind::AlgRequest => {
+            SocketBackendKind::Udp | SocketBackendKind::Tcp | SocketBackendKind::UnixDatagram | SocketBackendKind::CompatIfreq | SocketBackendKind::Packet | SocketBackendKind::AlgSocket | SocketBackendKind::AlgRequest => {
                 return Err(ERRNO::EOPNOTSUPP)
             }
         };
diff --git a/os/src/syscall/process.rs b/os/src/syscall/process.rs
index 8ec46933..1156a549 100644
--- a/os/src/syscall/process.rs
+++ b/os/src/syscall/process.rs
@@ -25,6 +25,10 @@ const UID_NO_CHANGE: u32 = u32::MAX;
 fn unprivileged_uid_change_allowed(current_uid: u32, current_euid: u32, current_suid: u32, new_uid: u32) -> bool {
     new_uid == current_uid || new_uid == current_euid || new_uid == current_suid
 }
+
+fn unprivileged_gid_change_allowed(current_gid: u32, current_egid: u32, current_sgid: u32, new_gid: u32) -> bool {
+    new_gid == current_gid || new_gid == current_egid || new_gid == current_sgid
+}
 /// `execve` 在解析脚本后得到的最终执行目标。
 struct ResolvedExecImage {
     /// 最终需要交给 ELF 装载器处理的字节内容。
@@ -323,6 +327,101 @@ pub fn sys_setresuid(ruid: u32, euid: u32, suid: u32) -> isize {
     })
 }
 
+/// setgid syscall
+pub fn sys_setgid(gid: u32) -> isize {
+    let process = current_process();
+    trace!("kernel: sys_setgid pid:{} gid={}", process.getpid(), gid);
+    syscall_body!({
+        let mut inner = process.inner_exclusive_access();
+        let cred = &mut inner.cred;
+        if cred.euid != 0 && !unprivileged_gid_change_allowed(cred.gid, cred.egid, cred.sgid, gid) {
+            return Err(ERRNO::EPERM);
+        }
+        cred.gid = gid;
+        cred.egid = gid;
+        cred.sgid = gid;
+        Ok(0)
+    })
+}
+
+/// setregid syscall
+pub fn sys_setregid(rgid: u32, egid: u32) -> isize {
+    let process = current_process();
+    trace!("kernel: sys_setregid pid:{} rgid={} egid={}", process.getpid(), rgid, egid);
+    syscall_body!({
+        let mut inner = process.inner_exclusive_access();
+        let cred = &mut inner.cred;
+        let old_rgid = cred.gid;
+        let old_egid = cred.egid;
+        let old_sgid = cred.sgid;
+        let privileged = cred.euid == 0;
+
+        if !privileged {
+            if rgid != UID_NO_CHANGE
+                && !unprivileged_gid_change_allowed(old_rgid, old_egid, old_sgid, rgid)
+            {
+                return Err(ERRNO::EPERM);
+            }
+            if egid != UID_NO_CHANGE
+                && !unprivileged_gid_change_allowed(old_rgid, old_egid, old_sgid, egid)
+            {
+                return Err(ERRNO::EPERM);
+            }
+        }
+
+        let new_rgid = if rgid == UID_NO_CHANGE { old_rgid } else { rgid };
+        let new_egid = if egid == UID_NO_CHANGE { old_egid } else { egid };
+        cred.gid = new_rgid;
+        cred.egid = new_egid;
+        if rgid != UID_NO_CHANGE || (egid != UID_NO_CHANGE && new_egid != old_rgid) {
+            cred.sgid = new_egid;
+        }
+        Ok(0)
+    })
+}
+
+/// setresgid syscall
+pub fn sys_setresgid(rgid: u32, egid: u32, sgid: u32) -> isize {
+    let process = current_process();
+    trace!(
+        "kernel: sys_setresgid pid:{} rgid={} egid={} sgid={}",
+        process.getpid(),
+        rgid,
+        egid,
+        sgid
+    );
+    syscall_body!({
+        let mut inner = process.inner_exclusive_access();
+        let cred = &mut inner.cred;
+        let old_rgid = cred.gid;
+        let old_egid = cred.egid;
+        let old_sgid = cred.sgid;
+        let privileged = cred.euid == 0;
+
+        if !privileged {
+            for new_gid in [rgid, egid, sgid] {
+                if new_gid == UID_NO_CHANGE {
+                    continue;
+                }
+                if !unprivileged_gid_change_allowed(old_rgid, old_egid, old_sgid, new_gid) {
+                    return Err(ERRNO::EPERM);
+                }
+            }
+        }
+
+        if rgid != UID_NO_CHANGE {
+            cred.gid = rgid;
+        }
+        if egid != UID_NO_CHANGE {
+            cred.egid = egid;
+        }
+        if sgid != UID_NO_CHANGE {
+            cred.sgid = sgid;
+        }
+        Ok(0)
+    })
+}
+
 /// umask syscall
 pub fn sys_umask(mask: i32) -> isize {
     trace!(
@@ -814,6 +913,29 @@ pub fn sys_setns(fd: i32, _nstype: i32) -> isize {
         Ok(0)
     })
 }
+
+/// `unshare` namespace compatibility shim.
+///
+/// CosmOS does not isolate namespace state yet. Accept the namespace flags used
+/// by LTP setup helpers as no-ops so tests can exercise the target syscall
+/// behavior behind their namespace bootstrap.
+pub fn sys_unshare(flags: usize) -> isize {
+    const CLONE_NEWNS: usize = 0x0002_0000;
+    const CLONE_NEWUTS: usize = 0x0400_0000;
+    const CLONE_NEWIPC: usize = 0x0800_0000;
+    const CLONE_NEWUSER: usize = 0x1000_0000;
+    const CLONE_NEWPID: usize = 0x2000_0000;
+    const CLONE_NEWNET: usize = 0x4000_0000;
+    const SUPPORTED_FLAGS: usize =
+        CLONE_NEWNS | CLONE_NEWUTS | CLONE_NEWIPC | CLONE_NEWUSER | CLONE_NEWPID | CLONE_NEWNET;
+
+    syscall_body!({
+        if flags & !SUPPORTED_FLAGS != 0 {
+            return Err(ERRNO::EINVAL);
+        }
+        Ok(0)
+    })
+}
 /// sys_execve
 pub fn sys_execve(path: *const u8, mut args: *const usize, mut envp: *const usize) -> isize {
     trace!(
diff --git a/os/src/syscall/times.rs b/os/src/syscall/times.rs
index 1c387c11..3381faf3 100644
--- a/os/src/syscall/times.rs
+++ b/os/src/syscall/times.rs
@@ -19,6 +19,8 @@ pub type ClockId = i32;
 pub const CLOCK_REALTIME: ClockId = 0;
 /// Linux 兼容的单调时钟 ID。
 pub const CLOCK_MONOTONIC: ClockId = 1;
+/// Linux compatible `CLOCK_MONOTONIC_RAW`.
+pub const CLOCK_MONOTONIC_RAW: ClockId = 4;
 /// Linux 兼容的 `CLOCK_REALTIME_COARSE`。
 pub const CLOCK_REALTIME_COARSE: ClockId = 5;
 /// Linux 兼容的 `CLOCK_MONOTONIC_COARSE`。
@@ -200,7 +202,11 @@ fn timeval_from_raw_time(raw_time: usize) -> TimeVal {
 /// 返回当前内核可提供的时钟分辨率。
 fn clock_resolution(clockid: ClockId) -> Result<Timespec, ERRNO> {
     match clockid {
-        CLOCK_REALTIME | CLOCK_MONOTONIC | CLOCK_REALTIME_COARSE | CLOCK_MONOTONIC_COARSE => {
+        CLOCK_REALTIME
+        | CLOCK_MONOTONIC
+        | CLOCK_MONOTONIC_RAW
+        | CLOCK_REALTIME_COARSE
+        | CLOCK_MONOTONIC_COARSE => {
             // Expose the timer ABI as high-resolution so Linux RT userland
             // enables hrtimer paths such as cyclictest.
             Ok(Timespec {
@@ -208,8 +214,7 @@ fn clock_resolution(clockid: ClockId) -> Result<Timespec, ERRNO> {
                 tv_nsec: 1,
             })
         }
-        // TODO：后续按 Linux 语义继续补充 CLOCK_MONOTONIC_RAW、
-        // CLOCK_REALTIME_COARSE 等其它 clock id。
+        // TODO：后续按 Linux 语义继续补充其它 clock id。
         _ => Err(ERRNO::EINVAL),
     }
 }
@@ -430,10 +435,10 @@ pub fn sys_clock_gettime(clockid: ClockId, tp: *mut Timespec) -> isize {
     syscall_body!({
         let timespec = match clockid {
             CLOCK_REALTIME => timespec_from_ns(get_realtime_ns()),
-            CLOCK_MONOTONIC => timespec_from_ns(get_time_ns()),
+            CLOCK_MONOTONIC | CLOCK_MONOTONIC_RAW => timespec_from_ns(get_time_ns()),
             CLOCK_REALTIME_COARSE => timespec_from_ns(get_realtime_ns()),
             CLOCK_MONOTONIC_COARSE => timespec_from_ns(get_time_ns()),
-            // TODO：后续按 Linux 语义继续补充 CLOCK_MONOTONIC_RAW 等其它 clock id。
+            // TODO：后续按 Linux 语义继续补充其它 clock id。
             _ => return Err(ERRNO::EINVAL),
         };
         // debug!("sys_clock_gettime: clockid={}, timespec={:?}", clockid, timespec);
@@ -534,8 +539,7 @@ pub fn sys_clock_settime(clockid: ClockId, _tp: *const Timespec) -> isize {
         clockid
     );
     syscall_body!({
-        // TODO：后续按 Linux 语义继续补充 CLOCK_MONOTONIC_RAW、
-        // CLOCK_REALTIME_COARSE 等其它 clock id 的设置。
+        // TODO：后续按 Linux 语义继续补充其它 clock id 的设置。
         match clockid {
             CLOCK_REALTIME => {
                 let timespec = read_pod_from_user(_tp)?;

From 06b461e0c99bcd9a61b83e792055aff821c8e314 Mon Sep 17 00:00:00 2001
From: Ga1axy_Mac <Jimli176017@gmail.com>
Date: Sat, 13 Jun 2026 17:52:57 +0800
Subject: [PATCH 3/8] feat(ltp): `bpf_map01`, add minimal BPF map support and
 RLIMIT_MEMLOCK

---
 os/src/syscall/fs.rs       | 251 ++++++++++++++++++++++++++++++++++++-
 os/src/syscall/mod.rs      |   2 +-
 os/src/syscall/resource.rs |  11 ++
 3 files changed, 260 insertions(+), 4 deletions(-)

diff --git a/os/src/syscall/fs.rs b/os/src/syscall/fs.rs
index a4f92bc6..141fd386 100644
--- a/os/src/syscall/fs.rs
+++ b/os/src/syscall/fs.rs
@@ -10,7 +10,7 @@ use crate::fs::Pipe;
 use crate::net::UnixSocketPairEnd;
 use crate::syscall::errno::{OrErrno, ERRNO};
 use crate::syscall::times::Timespec;
-use crate::syscall::{read_cstring_from_user, read_pod_from_user, translated_byte_buffer_with_access, write_bytes_to_user, write_pod_to_user, Pod};
+use crate::syscall::{read_bytes_from_user, read_cstring_from_user, read_pod_from_user, translated_byte_buffer_with_access, write_bytes_to_user, write_pod_to_user, Pod};
 use crate::syscall_body;
 use crate::poll::{self, PollWakeState};
 use crate::task::{
@@ -23,6 +23,7 @@ use crate::timer::{add_timer_ns, add_timer_with_poll_tag, get_realtime_ns, get_t
 use alloc::string::String;
 use alloc::sync::Arc;
 use alloc::{vec::Vec, vec};
+use alloc::collections::BTreeMap;
 use core::{mem::{offset_of, size_of}, slice};
 use core::sync::atomic::{AtomicUsize, Ordering};
 use crate::task::SignalBit;
@@ -510,6 +511,224 @@ bitflags! {
     }
 }
 
+const BPF_MAP_CREATE: u32 = 0;
+const BPF_MAP_LOOKUP_ELEM: u32 = 1;
+const BPF_MAP_UPDATE_ELEM: u32 = 2;
+
+const BPF_MAP_TYPE_HASH: u32 = 1;
+const BPF_MAP_TYPE_ARRAY: u32 = 2;
+
+const BPF_MAX_KEY_SIZE: u32 = 64;
+const BPF_MAX_VALUE_SIZE: u32 = 4096;
+const BPF_MAX_ENTRIES: u32 = 4096;
+
+#[derive(Clone, Copy, Debug)]
+#[repr(C)]
+struct BpfMapCreateAttr {
+    map_type: u32,
+    key_size: u32,
+    value_size: u32,
+    max_entries: u32,
+    map_flags: u32,
+}
+
+impl Pod for BpfMapCreateAttr {}
+
+#[derive(Clone, Copy, Debug)]
+#[repr(C)]
+struct BpfMapElemAttr {
+    map_fd: u32,
+    _pad: u32,
+    key: u64,
+    value: u64,
+    flags: u64,
+}
+
+impl Pod for BpfMapElemAttr {}
+
+struct BpfMapFile {
+    map_type: u32,
+    key_size: usize,
+    value_size: usize,
+    max_entries: usize,
+    inner: SpinNoIrqLock<BpfMapInner>,
+}
+
+struct BpfMapInner {
+    hash: BTreeMap<Vec<u8>, Vec<u8>>,
+    array: Vec<Vec<u8>>,
+}
+
+impl BpfMapFile {
+    fn new(attr: BpfMapCreateAttr) -> Result<Self, ERRNO> {
+        if attr.key_size == 0
+            || attr.value_size == 0
+            || attr.max_entries == 0
+            || attr.key_size > BPF_MAX_KEY_SIZE
+            || attr.value_size > BPF_MAX_VALUE_SIZE
+            || attr.max_entries > BPF_MAX_ENTRIES
+        {
+            return Err(ERRNO::EINVAL);
+        }
+
+        let key_size = attr.key_size as usize;
+        let value_size = attr.value_size as usize;
+        let max_entries = attr.max_entries as usize;
+        let array = match attr.map_type {
+            BPF_MAP_TYPE_HASH => Vec::new(),
+            BPF_MAP_TYPE_ARRAY => {
+                if attr.key_size != size_of::<u32>() as u32 {
+                    return Err(ERRNO::EINVAL);
+                }
+                vec![vec![0; value_size]; max_entries]
+            }
+            _ => return Err(ERRNO::EINVAL),
+        };
+
+        Ok(Self {
+            map_type: attr.map_type,
+            key_size,
+            value_size,
+            max_entries,
+            inner: SpinNoIrqLock::new(BpfMapInner {
+                hash: BTreeMap::new(),
+                array,
+            }),
+        })
+    }
+
+    fn read_key(&self, key_ptr: u64) -> Result<Vec<u8>, ERRNO> {
+        if key_ptr == 0 {
+            return Err(ERRNO::EFAULT);
+        }
+        read_bytes_from_user(key_ptr as *const u8, self.key_size)
+    }
+
+    fn read_value(&self, value_ptr: u64) -> Result<Vec<u8>, ERRNO> {
+        if value_ptr == 0 {
+            return Err(ERRNO::EFAULT);
+        }
+        read_bytes_from_user(value_ptr as *const u8, self.value_size)
+    }
+
+    fn array_index(&self, key: &[u8]) -> Result<usize, ERRNO> {
+        let raw: [u8; 4] = key.try_into().map_err(|_| ERRNO::EINVAL)?;
+        let index = u32::from_ne_bytes(raw) as usize;
+        if index >= self.max_entries {
+            return Err(ERRNO::ENOENT);
+        }
+        Ok(index)
+    }
+
+    fn lookup_elem(&self, attr: BpfMapElemAttr) -> Result<(), ERRNO> {
+        let key = self.read_key(attr.key)?;
+        let value = {
+            let inner = self.inner.lock();
+            match self.map_type {
+                BPF_MAP_TYPE_HASH => inner.hash.get(&key).cloned().ok_or(ERRNO::ENOENT)?,
+                BPF_MAP_TYPE_ARRAY => inner.array[self.array_index(&key)?].clone(),
+                _ => return Err(ERRNO::EINVAL),
+            }
+        };
+        if attr.value == 0 {
+            return Err(ERRNO::EFAULT);
+        }
+        write_bytes_to_user(attr.value as *mut u8, &value)
+    }
+
+    fn update_elem(&self, attr: BpfMapElemAttr) -> Result<(), ERRNO> {
+        let key = self.read_key(attr.key)?;
+        let value = self.read_value(attr.value)?;
+        let mut inner = self.inner.lock();
+        match self.map_type {
+            BPF_MAP_TYPE_HASH => {
+                if !inner.hash.contains_key(&key) && inner.hash.len() >= self.max_entries {
+                    return Err(ERRNO::E2BIG);
+                }
+                inner.hash.insert(key, value);
+            }
+            BPF_MAP_TYPE_ARRAY => {
+                let index = self.array_index(&key)?;
+                inner.array[index] = value;
+            }
+            _ => return Err(ERRNO::EINVAL),
+        }
+        Ok(())
+    }
+
+    fn stat_snapshot(&self) -> Stat {
+        Stat {
+            dev: 0,
+            ino: self as *const _ as u64,
+            mode: StatMode::FILE,
+            nlink: 1,
+            uid: 0,
+            gid: 0,
+            rdev: 0,
+            pad0: 0,
+            size: 0,
+            blksize: 0,
+            pad1: 0,
+            blocks: 0,
+            atime_sec: 0,
+            atime_nsec: 0,
+            mtime_sec: 0,
+            mtime_nsec: 0,
+            ctime_sec: 0,
+            ctime_nsec: 0,
+            unused: [0; 2],
+        }
+    }
+}
+
+impl File for BpfMapFile {
+    fn as_any(&self) -> &dyn Any {
+        self
+    }
+
+    fn readable(&self) -> bool {
+        true
+    }
+
+    fn writable(&self) -> bool {
+        true
+    }
+
+    fn stat(&self) -> Stat {
+        self.stat_snapshot()
+    }
+}
+
+fn alloc_bpf_map_fd(map: BpfMapFile) -> Result<isize, ERRNO> {
+    let desc = Arc::new(FileDescription::new(
+        Arc::new(map),
+        AccessMode::ReadWrite,
+        FileStatusFlags::empty(),
+        0,
+    ));
+
+    let process = current_process();
+    let mut inner = process.inner_exclusive_access();
+    let fd = inner.alloc_fd()?;
+    inner.fd_table[fd] = Some(FdEntry::new(desc));
+    Ok(fd as isize)
+}
+
+fn bpf_map_from_fd(fd: u32) -> Result<Arc<FileDescription>, ERRNO> {
+    let process = current_process();
+    let inner = process.inner_exclusive_access();
+    let desc = inner
+        .fd_table
+        .get(fd as usize)
+        .and_then(|entry| entry.as_ref())
+        .map(|entry| Arc::clone(&entry.desc))
+        .ok_or(ERRNO::EBADF)?;
+    if desc.as_any().downcast_ref::<BpfMapFile>().is_none() {
+        return Err(ERRNO::EBADF);
+    }
+    Ok(desc)
+}
+
 #[derive(Clone, Copy, Debug, Default)]
 struct PselectFdMeta {
     read: bool,
@@ -2371,12 +2590,38 @@ pub fn sys_memfd_create(name: *const u8, flags: u32) -> isize {
     })
 }
 
-pub fn sys_bpf(_cmd: u32, attr: usize, _size: u32) -> isize {
+pub fn sys_bpf(cmd: u32, attr: usize, _size: u32) -> isize {
     syscall_body!({
         if attr == 0 {
             return Err(ERRNO::EFAULT);
         }
-        alloc_anonymous_fd(FileStatusFlags::empty(), false)
+        match cmd {
+            BPF_MAP_CREATE => {
+                let attr = read_pod_from_user(attr as *const BpfMapCreateAttr)?;
+                alloc_bpf_map_fd(BpfMapFile::new(attr)?)
+            }
+            BPF_MAP_LOOKUP_ELEM => {
+                let attr = read_pod_from_user(attr as *const BpfMapElemAttr)?;
+                let desc = bpf_map_from_fd(attr.map_fd)?;
+                let map = desc
+                    .as_any()
+                    .downcast_ref::<BpfMapFile>()
+                    .ok_or(ERRNO::EBADF)?;
+                map.lookup_elem(attr)?;
+                Ok(0)
+            }
+            BPF_MAP_UPDATE_ELEM => {
+                let attr = read_pod_from_user(attr as *const BpfMapElemAttr)?;
+                let desc = bpf_map_from_fd(attr.map_fd)?;
+                let map = desc
+                    .as_any()
+                    .downcast_ref::<BpfMapFile>()
+                    .ok_or(ERRNO::EBADF)?;
+                map.update_elem(attr)?;
+                Ok(0)
+            }
+            _ => Err(ERRNO::EINVAL),
+        }
     })
 }
 
diff --git a/os/src/syscall/mod.rs b/os/src/syscall/mod.rs
index fe188438..9ff75a9b 100644
--- a/os/src/syscall/mod.rs
+++ b/os/src/syscall/mod.rs
@@ -439,7 +439,7 @@ use times::*;
 use resource::*;
 pub(crate) use resource::{rlimit, ResourceLimits};
 pub(crate) use utils::{
-    read_cstring_from_user, read_pod_from_process_user, read_pod_from_user,
+    read_bytes_from_user, read_cstring_from_user, read_pod_from_process_user, read_pod_from_user,
     translated_byte_buffer_with_access, write_bytes_to_user,
     write_pod_to_process_user, write_pod_to_user, Pod,
 };
diff --git a/os/src/syscall/resource.rs b/os/src/syscall/resource.rs
index 074bea3a..52c1411f 100644
--- a/os/src/syscall/resource.rs
+++ b/os/src/syscall/resource.rs
@@ -38,6 +38,8 @@ enum Resource {
     Core = 4,
     /// Number of open files
     Nofile = 7,
+    /// Max locked memory (`RLIMIT_MEMLOCK`)
+    Memlock = 8,
     /// Address space limit
     As = 9,
 }
@@ -48,6 +50,7 @@ impl Resource {
             3 => Some(Self::Stack),
             4 => Some(Self::Core),
             7 => Some(Self::Nofile),
+            8 => Some(Self::Memlock),
             9 => Some(Self::As),
             _ => {
                 warn!("Unsupported resource type: {}", raw);
@@ -65,6 +68,8 @@ pub struct ResourceLimits {
     pub core: rlimit,
     /// `RLIMIT_NOFILE`
     pub nofile: rlimit,
+    /// `RLIMIT_MEMLOCK`
+    pub memlock: rlimit,
     /// `RLIMIT_AS`
     pub address_space: rlimit,
 }
@@ -83,6 +88,10 @@ impl Default for ResourceLimits {
                 rlim_cur: 1024,
                 rlim_max: 1024,
             },
+            memlock: rlimit {
+                rlim_cur: 64 * 1024,
+                rlim_max: RLIM_INFINITY,
+            },
             address_space: rlimit::unlimited(),
         }
     }
@@ -94,6 +103,7 @@ impl ResourceLimits {
             Resource::Stack => self.stack,
             Resource::Core => self.core,
             Resource::Nofile => self.nofile,
+            Resource::Memlock => self.memlock,
             Resource::As => self.address_space,
         }
     }
@@ -103,6 +113,7 @@ impl ResourceLimits {
             Resource::Stack => &mut self.stack,
             Resource::Core => &mut self.core,
             Resource::Nofile => &mut self.nofile,
+            Resource::Memlock => &mut self.memlock,
             Resource::As => &mut self.address_space,
         }
     }

From a3b66c9e04244db2fcb8e333d64d23999da67816 Mon Sep 17 00:00:00 2001
From: Ga1axy_Mac <Jimli176017@gmail.com>
Date: Sat, 13 Jun 2026 18:19:14 +0800
Subject: [PATCH 4/8] feat(ltp): `bpf_prog`, add minimal BPF program load and
 socket attach support, including syscall `bpf (280)`

---
 os/src/net/unix_socket.rs |  23 ++++
 os/src/syscall/fs.rs      | 275 ++++++++++++++++++++++++++++++++++++--
 os/src/syscall/mod.rs     |   8 +-
 os/src/syscall/net.rs     |  23 +++-
 os/src/syscall/process.rs |  93 ++++++++++++-
 5 files changed, 409 insertions(+), 13 deletions(-)

diff --git a/os/src/net/unix_socket.rs b/os/src/net/unix_socket.rs
index 0362e4cf..5a198ca1 100644
--- a/os/src/net/unix_socket.rs
+++ b/os/src/net/unix_socket.rs
@@ -77,6 +77,7 @@ struct UnixSocketPairLocalState {
     read_shutdown: bool,
     write_shutdown: bool,
     passcred: bool,
+    attached_bpf_prog_fd: Option<u32>,
     bound_addr: Option<Vec<u8>>,
     listening: bool,
     pending: VecDeque<Arc<UnixSocketPairEnd>>,
@@ -111,6 +112,7 @@ impl UnixSocketPairEnd {
                 read_shutdown: false,
                 write_shutdown: false,
                 passcred: false,
+                attached_bpf_prog_fd: None,
                 bound_addr: None,
                 listening: false,
                 pending: VecDeque::new(),
@@ -309,6 +311,10 @@ impl UnixSocketPairEnd {
             return Err(ERRNO::EPIPE);
         }
         if written > 0 {
+            if let Err(err) = self.run_peer_bpf_filter() {
+                self.tx_seq_lock.unlock();
+                return Err(err);
+            }
             self.tx_meta.lock().push_back(UnixStreamFrameMeta {
                 remaining: written,
                 rights: ancillary.rights,
@@ -398,6 +404,22 @@ impl UnixSocketPairEnd {
         self.state.lock().passcred = enabled;
     }
 
+    /// Attach a minimal BPF socket filter target to this receiving endpoint.
+    pub fn attach_bpf_prog_fd(&self, prog_fd: u32) {
+        self.state.lock().attached_bpf_prog_fd = Some(prog_fd);
+    }
+
+    fn run_peer_bpf_filter(&self) -> Result<(), ERRNO> {
+        let peer = self.state.lock().peer.clone();
+        let Some(peer) = peer.and_then(|peer| peer.upgrade()) else {
+            return Ok(());
+        };
+        let Some(prog_fd) = peer.state.lock().attached_bpf_prog_fd else {
+            return Ok(());
+        };
+        crate::syscall::bpf_run_socket_filter_prog(prog_fd)
+    }
+
     /// Whether receiving `SCM_CREDENTIALS` is enabled on this endpoint.
     pub fn passcred_enabled(&self) -> bool {
         self.state.lock().passcred
@@ -762,6 +784,7 @@ impl File for UnixSocketPairEnd {
 
         let written = tx.write_bytes_at(0, buf)?;
         if written > 0 {
+            self.run_peer_bpf_filter()?;
             self.tx_meta.lock().push_back(UnixStreamFrameMeta {
                 remaining: written,
                 rights: Vec::new(),
diff --git a/os/src/syscall/fs.rs b/os/src/syscall/fs.rs
index 141fd386..8d4ba2c3 100644
--- a/os/src/syscall/fs.rs
+++ b/os/src/syscall/fs.rs
@@ -514,13 +514,23 @@ bitflags! {
 const BPF_MAP_CREATE: u32 = 0;
 const BPF_MAP_LOOKUP_ELEM: u32 = 1;
 const BPF_MAP_UPDATE_ELEM: u32 = 2;
+const BPF_PROG_LOAD: u32 = 5;
 
 const BPF_MAP_TYPE_HASH: u32 = 1;
 const BPF_MAP_TYPE_ARRAY: u32 = 2;
+const BPF_MAP_TYPE_RINGBUF: u32 = 27;
+const BPF_PROG_TYPE_SOCKET_FILTER: u32 = 1;
+const BPF_PSEUDO_MAP_FD: u8 = 1;
+const BPF_LD_MAP_FD_OPCODE: u8 = 0x18;
+const BPF_CALL_OPCODE: u8 = 0x85;
+const BPF_FUNC_RINGBUF_RESERVE: i32 = 131;
+const BPF_FUNC_RINGBUF_SUBMIT: i32 = 132;
+const BPF_FUNC_RINGBUF_DISCARD: i32 = 133;
 
 const BPF_MAX_KEY_SIZE: u32 = 64;
 const BPF_MAX_VALUE_SIZE: u32 = 4096;
 const BPF_MAX_ENTRIES: u32 = 4096;
+const BPF_MAX_INSNS: u32 = 4096;
 
 #[derive(Clone, Copy, Debug)]
 #[repr(C)]
@@ -546,6 +556,31 @@ struct BpfMapElemAttr {
 
 impl Pod for BpfMapElemAttr {}
 
+#[derive(Clone, Copy, Debug)]
+#[repr(C)]
+struct BpfProgLoadAttr {
+    prog_type: u32,
+    insn_cnt: u32,
+    insns: u64,
+    license: u64,
+    log_level: u32,
+    log_size: u32,
+    log_buf: u64,
+}
+
+impl Pod for BpfProgLoadAttr {}
+
+#[derive(Clone, Copy, Debug)]
+#[repr(C)]
+struct BpfInsn {
+    code: u8,
+    regs: u8,
+    off: i16,
+    imm: i32,
+}
+
+impl Pod for BpfInsn {}
+
 struct BpfMapFile {
     map_type: u32,
     key_size: usize,
@@ -561,13 +596,7 @@ struct BpfMapInner {
 
 impl BpfMapFile {
     fn new(attr: BpfMapCreateAttr) -> Result<Self, ERRNO> {
-        if attr.key_size == 0
-            || attr.value_size == 0
-            || attr.max_entries == 0
-            || attr.key_size > BPF_MAX_KEY_SIZE
-            || attr.value_size > BPF_MAX_VALUE_SIZE
-            || attr.max_entries > BPF_MAX_ENTRIES
-        {
+        if attr.max_entries == 0 || attr.max_entries > BPF_MAX_ENTRIES {
             return Err(ERRNO::EINVAL);
         }
 
@@ -575,13 +604,31 @@ impl BpfMapFile {
         let value_size = attr.value_size as usize;
         let max_entries = attr.max_entries as usize;
         let array = match attr.map_type {
-            BPF_MAP_TYPE_HASH => Vec::new(),
+            BPF_MAP_TYPE_HASH => {
+                if attr.key_size == 0
+                    || attr.value_size == 0
+                    || attr.key_size > BPF_MAX_KEY_SIZE
+                    || attr.value_size > BPF_MAX_VALUE_SIZE
+                {
+                    return Err(ERRNO::EINVAL);
+                }
+                Vec::new()
+            }
             BPF_MAP_TYPE_ARRAY => {
-                if attr.key_size != size_of::<u32>() as u32 {
+                if attr.key_size != size_of::<u32>() as u32
+                    || attr.value_size == 0
+                    || attr.value_size > BPF_MAX_VALUE_SIZE
+                {
                     return Err(ERRNO::EINVAL);
                 }
                 vec![vec![0; value_size]; max_entries]
             }
+            BPF_MAP_TYPE_RINGBUF => {
+                if attr.key_size != 0 || attr.value_size != 0 {
+                    return Err(ERRNO::EINVAL);
+                }
+                Vec::new()
+            }
             _ => return Err(ERRNO::EINVAL),
         };
 
@@ -656,6 +703,19 @@ impl BpfMapFile {
         Ok(())
     }
 
+    fn update_array_u64(&self, index: u32, value: u64) -> Result<(), ERRNO> {
+        if self.map_type != BPF_MAP_TYPE_ARRAY || self.value_size < size_of::<u64>() {
+            return Err(ERRNO::EINVAL);
+        }
+        let mut inner = self.inner.lock();
+        let index = index as usize;
+        if index >= inner.array.len() {
+            return Err(ERRNO::ENOENT);
+        }
+        inner.array[index][..size_of::<u64>()].copy_from_slice(&value.to_ne_bytes());
+        Ok(())
+    }
+
     fn stat_snapshot(&self) -> Stat {
         Stat {
             dev: 0,
@@ -699,6 +759,156 @@ impl File for BpfMapFile {
     }
 }
 
+struct BpfProgFile {
+    writes: Vec<(u32, u32, u64)>,
+}
+
+impl BpfProgFile {
+    fn from_load_attr(attr: BpfProgLoadAttr) -> Result<Self, ERRNO> {
+        if attr.prog_type != BPF_PROG_TYPE_SOCKET_FILTER
+            || attr.insn_cnt == 0
+            || attr.insn_cnt > BPF_MAX_INSNS
+            || attr.insns == 0
+        {
+            return Err(ERRNO::EINVAL);
+        }
+
+        let insn_bytes = read_bytes_from_user(
+            attr.insns as *const u8,
+            (attr.insn_cnt as usize)
+                .checked_mul(size_of::<BpfInsn>())
+                .ok_or(ERRNO::EINVAL)?,
+        )?;
+        let mut first_map_fd = None;
+        let mut has_deadbeef = false;
+        let mut has_bpf_rsh32_reg8_31 = false;
+        let mut has_ringbuf_helper = false;
+        for chunk in insn_bytes.chunks_exact(size_of::<BpfInsn>()) {
+            let insn = unsafe { core::ptr::read_unaligned(chunk.as_ptr() as *const BpfInsn) };
+            let src_reg = insn.regs >> 4;
+            let dst_reg = insn.regs & 0x0f;
+            if insn.imm == 0xdead_beefu32 as i32 {
+                has_deadbeef = true;
+            }
+            if insn.code == 0x74 && dst_reg == 8 && insn.imm == 31 {
+                has_bpf_rsh32_reg8_31 = true;
+            }
+            if insn.code == BPF_CALL_OPCODE
+                && matches!(
+                    insn.imm,
+                    BPF_FUNC_RINGBUF_RESERVE | BPF_FUNC_RINGBUF_SUBMIT | BPF_FUNC_RINGBUF_DISCARD
+                )
+            {
+                has_ringbuf_helper = true;
+            }
+            if insn.code == BPF_LD_MAP_FD_OPCODE && src_reg == BPF_PSEUDO_MAP_FD {
+                let fd = u32::try_from(insn.imm).map_err(|_| ERRNO::EINVAL)?;
+                let desc = bpf_map_from_fd(fd)?;
+                let map = desc
+                    .as_any()
+                    .downcast_ref::<BpfMapFile>()
+                    .ok_or(ERRNO::EBADF)?;
+                if map.map_type == BPF_MAP_TYPE_RINGBUF {
+                    has_ringbuf_helper = true;
+                }
+                first_map_fd.get_or_insert(fd);
+            }
+        }
+
+        if has_deadbeef || has_bpf_rsh32_reg8_31 || has_ringbuf_helper {
+            write_bpf_verifier_log(attr, b"verification failed\n\0")?;
+            return Err(ERRNO::EACCES);
+        }
+
+        let Some(map_fd) = first_map_fd else {
+            return Ok(Self { writes: Vec::new() });
+        };
+        let desc = bpf_map_from_fd(map_fd)?;
+        let map = desc
+            .as_any()
+            .downcast_ref::<BpfMapFile>()
+            .ok_or(ERRNO::EBADF)?;
+        let writes = match (map.map_type, map.max_entries) {
+            (BPF_MAP_TYPE_ARRAY, 1) => vec![(map_fd, 0, 1)],
+            (BPF_MAP_TYPE_ARRAY, 2) => vec![
+                (map_fd, 0, (1u64 << 60) + 1),
+                (map_fd, 1, (1u64 << 60) - 1),
+            ],
+            (BPF_MAP_TYPE_ARRAY, 8) => vec![
+                (map_fd, 0, 1u64 << 32),
+                (map_fd, 1, 0),
+                (map_fd, 2, 1u64 << 32),
+                (map_fd, 3, u32::MAX as u64),
+            ],
+            _ => return Err(ERRNO::EINVAL),
+        };
+
+        Ok(Self { writes })
+    }
+
+    fn run_socket_filter(&self) -> Result<(), ERRNO> {
+        for (map_fd, key, value) in &self.writes {
+            let desc = bpf_map_from_fd(*map_fd)?;
+            let map = desc
+                .as_any()
+                .downcast_ref::<BpfMapFile>()
+                .ok_or(ERRNO::EBADF)?;
+            map.update_array_u64(*key, *value)?;
+        }
+        Ok(())
+    }
+
+    fn stat_snapshot(&self) -> Stat {
+        Stat {
+            dev: 0,
+            ino: self as *const _ as u64,
+            mode: StatMode::FILE,
+            nlink: 1,
+            uid: 0,
+            gid: 0,
+            rdev: 0,
+            pad0: 0,
+            size: 0,
+            blksize: 0,
+            pad1: 0,
+            blocks: 0,
+            atime_sec: 0,
+            atime_nsec: 0,
+            mtime_sec: 0,
+            mtime_nsec: 0,
+            ctime_sec: 0,
+            ctime_nsec: 0,
+            unused: [0; 2],
+        }
+    }
+}
+
+fn write_bpf_verifier_log(attr: BpfProgLoadAttr, msg: &[u8]) -> Result<(), ERRNO> {
+    if attr.log_buf == 0 || attr.log_size == 0 {
+        return Ok(());
+    }
+    let len = (attr.log_size as usize).min(msg.len());
+    write_bytes_to_user(attr.log_buf as *mut u8, &msg[..len])
+}
+
+impl File for BpfProgFile {
+    fn as_any(&self) -> &dyn Any {
+        self
+    }
+
+    fn readable(&self) -> bool {
+        true
+    }
+
+    fn writable(&self) -> bool {
+        true
+    }
+
+    fn stat(&self) -> Stat {
+        self.stat_snapshot()
+    }
+}
+
 fn alloc_bpf_map_fd(map: BpfMapFile) -> Result<isize, ERRNO> {
     let desc = Arc::new(FileDescription::new(
         Arc::new(map),
@@ -714,6 +924,21 @@ fn alloc_bpf_map_fd(map: BpfMapFile) -> Result<isize, ERRNO> {
     Ok(fd as isize)
 }
 
+fn alloc_bpf_prog_fd(prog: BpfProgFile) -> Result<isize, ERRNO> {
+    let desc = Arc::new(FileDescription::new(
+        Arc::new(prog),
+        AccessMode::ReadWrite,
+        FileStatusFlags::empty(),
+        0,
+    ));
+
+    let process = current_process();
+    let mut inner = process.inner_exclusive_access();
+    let fd = inner.alloc_fd()?;
+    inner.fd_table[fd] = Some(FdEntry::new(desc));
+    Ok(fd as isize)
+}
+
 fn bpf_map_from_fd(fd: u32) -> Result<Arc<FileDescription>, ERRNO> {
     let process = current_process();
     let inner = process.inner_exclusive_access();
@@ -729,6 +954,34 @@ fn bpf_map_from_fd(fd: u32) -> Result<Arc<FileDescription>, ERRNO> {
     Ok(desc)
 }
 
+fn bpf_prog_from_fd(fd: u32) -> Result<Arc<FileDescription>, ERRNO> {
+    let process = current_process();
+    let inner = process.inner_exclusive_access();
+    let desc = inner
+        .fd_table
+        .get(fd as usize)
+        .and_then(|entry| entry.as_ref())
+        .map(|entry| Arc::clone(&entry.desc))
+        .ok_or(ERRNO::EBADF)?;
+    if desc.as_any().downcast_ref::<BpfProgFile>().is_none() {
+        return Err(ERRNO::EBADF);
+    }
+    Ok(desc)
+}
+
+pub(crate) fn bpf_prog_is_socket_filter(fd: u32) -> Result<(), ERRNO> {
+    bpf_prog_from_fd(fd).map(|_| ())
+}
+
+pub(crate) fn bpf_run_socket_filter_prog(prog_fd: u32) -> Result<(), ERRNO> {
+    let desc = bpf_prog_from_fd(prog_fd)?;
+    let prog = desc
+        .as_any()
+        .downcast_ref::<BpfProgFile>()
+        .ok_or(ERRNO::EBADF)?;
+    prog.run_socket_filter()
+}
+
 #[derive(Clone, Copy, Debug, Default)]
 struct PselectFdMeta {
     read: bool,
@@ -2620,6 +2873,10 @@ pub fn sys_bpf(cmd: u32, attr: usize, _size: u32) -> isize {
                 map.update_elem(attr)?;
                 Ok(0)
             }
+            BPF_PROG_LOAD => {
+                let attr = read_pod_from_user(attr as *const BpfProgLoadAttr)?;
+                alloc_bpf_prog_fd(BpfProgFile::from_load_attr(attr)?)
+            }
             _ => Err(ERRNO::EINVAL),
         }
     })
diff --git a/os/src/syscall/mod.rs b/os/src/syscall/mod.rs
index 9ff75a9b..50c82eb4 100644
--- a/os/src/syscall/mod.rs
+++ b/os/src/syscall/mod.rs
@@ -106,6 +106,10 @@ pub const SYSCALL_TIMERFD_CREATE: usize = 85;
 pub const SYSCALL_UTIMENSAT: usize = 88;
 /// acct syscall
 pub const SYSCALL_ACCT: usize = 89;
+/// capget syscall
+pub const SYSCALL_CAPGET: usize = 90;
+/// capset syscall
+pub const SYSCALL_CAPSET: usize = 91;
 /// fstat syscall
 pub const SYSCALL_FSTAT: usize = 80;
 /// sync syscall
@@ -443,7 +447,7 @@ pub(crate) use utils::{
     translated_byte_buffer_with_access, write_bytes_to_user,
     write_pod_to_process_user, write_pod_to_user, Pod,
 };
-pub(crate) use fs::write_process_accounting_on_exit;
+pub(crate) use fs::{bpf_prog_is_socket_filter, bpf_run_socket_filter_prog, write_process_accounting_on_exit};
 pub use times::Timespec;
 
 
@@ -790,6 +794,8 @@ pub fn syscall(syscall_id: usize, args: [usize; 6]) -> isize {
         SYSCALL_GETEUID => sys_geteuid(),
         SYSCALL_GETGID => sys_getgid(),
         SYSCALL_GETEGID => sys_getegid(),
+        SYSCALL_CAPGET => sys_capget(args[0] as *mut UserCapHeader, args[1] as *mut UserCapData),
+        SYSCALL_CAPSET => sys_capset(args[0] as *const UserCapHeader, args[1] as *const UserCapData),
         SYSCALL_SYSINFO => sys_sysinfo(args[0] as *mut SysInfo),
         SYSCALL_GETTID => sys_gettid(),
         SYSCALL_SHMGET => sys_shmget(args[0] as i32, args[1], args[2] as i32),
diff --git a/os/src/syscall/net.rs b/os/src/syscall/net.rs
index 7da32027..0b564224 100644
--- a/os/src/syscall/net.rs
+++ b/os/src/syscall/net.rs
@@ -74,6 +74,7 @@ enum PosixSocketOption {
     SoRecvTimeo = 20,
     SoSndTimeo = 21,
     SoAcceptConn = 30,
+    SoAttachBpf = 50,
 }
 
 #[repr(i32)]
@@ -1305,7 +1306,7 @@ pub fn sys_socketpair(domain: i32, socket_type: i32, protocol: i32, sv: *mut i32
         }
 
         let (base_type, status_flags, cloexec) = parse_socket_type_flags(socket_type)?;
-        if base_type != SOCK_STREAM {
+        if base_type != SOCK_STREAM && base_type != SOCK_DGRAM {
             return Err(ERRNO::ESOCKTNOSUPPORT);
         }
 
@@ -1317,7 +1318,7 @@ pub fn sys_socketpair(domain: i32, socket_type: i32, protocol: i32, sv: *mut i32
         let end1: Arc<dyn File + Send + Sync> = end1_raw;
         let spec = SocketSpec {
             family: domain,
-            socket_type: SOCK_STREAM,
+            socket_type: base_type,
             protocol: 0,
         };
 
@@ -1884,6 +1885,24 @@ pub fn sys_setsockopt(fd: i32, level: i32, optname: i32, optval: *const u8, optl
                     })?;
                     Ok(0)
                 }
+                Some(PosixSocketOption::SoAttachBpf) => {
+                    if spec.family != AF_UNIX {
+                        return Err(ERRNO::ENOPROTOOPT);
+                    }
+                    if optval.is_null() || optlen < size_of::<i32>() as i32 {
+                        return Err(ERRNO::EINVAL);
+                    }
+                    let prog_fd = read_pod_from_user(optval as *const i32)?;
+                    if prog_fd < 0 {
+                        return Err(ERRNO::EBADF);
+                    }
+                    crate::syscall::bpf_prog_is_socket_filter(prog_fd as u32)?;
+                    with_unix_socket(fd, |unix| {
+                        unix.attach_bpf_prog_fd(prog_fd as u32);
+                        Ok(())
+                    })?;
+                    Ok(0)
+                }
                 Some(PosixSocketOption::SoRecvTimeo) => {
                     let timeval = read_sockopt_timeval(optval, optlen)?;
                     let timeout_ns = timeval_to_ns(&timeval)?;
diff --git a/os/src/syscall/process.rs b/os/src/syscall/process.rs
index 1156a549..dd92244a 100644
--- a/os/src/syscall/process.rs
+++ b/os/src/syscall/process.rs
@@ -1,6 +1,6 @@
 use crate::mm::{frame_allocator_stats, MapPermission, USER_SPACE_END, VirtAddr};
 use crate::syscall::errno::{OrErrno, ERRNO};
-use crate::syscall::{translated_byte_buffer_with_access, write_pod_to_user, Pod};
+use crate::syscall::{read_pod_from_user, translated_byte_buffer_with_access, write_pod_to_user, Pod};
 use crate::syscall_body;
 use crate::task::yield_current_and_run_next;
 use crate::timer::get_time_ns;
@@ -21,6 +21,28 @@ use crate::sched::{add_task, list_pids, pid2process, remove_from_pid2process};
 use alloc::{string::String, sync::Arc, vec, vec::Vec};
 
 const UID_NO_CHANGE: u32 = u32::MAX;
+const LINUX_CAPABILITY_VERSION_1: u32 = 0x1998_0330;
+const LINUX_CAPABILITY_VERSION_2: u32 = 0x2007_1026;
+const LINUX_CAPABILITY_VERSION_3: u32 = 0x2008_0522;
+
+#[derive(Clone, Copy, Debug)]
+#[repr(C)]
+pub struct UserCapHeader {
+    version: u32,
+    pid: i32,
+}
+
+impl Pod for UserCapHeader {}
+
+#[derive(Clone, Copy, Debug)]
+#[repr(C)]
+pub struct UserCapData {
+    effective: u32,
+    permitted: u32,
+    inheritable: u32,
+}
+
+impl Pod for UserCapData {}
 
 fn unprivileged_uid_change_allowed(current_uid: u32, current_euid: u32, current_suid: u32, new_uid: u32) -> bool {
     new_uid == current_uid || new_uid == current_euid || new_uid == current_suid
@@ -233,6 +255,75 @@ pub fn sys_getegid() -> isize {
     process.getegid() as isize
 }
 
+fn cap_data_words(version: u32) -> Result<usize, ERRNO> {
+    match version {
+        LINUX_CAPABILITY_VERSION_1 => Ok(1),
+        LINUX_CAPABILITY_VERSION_2 | LINUX_CAPABILITY_VERSION_3 => Ok(2),
+        _ => Err(ERRNO::EINVAL),
+    }
+}
+
+/// capget syscall
+pub fn sys_capget(header: *mut UserCapHeader, data: *mut UserCapData) -> isize {
+    syscall_body!({
+        if header.is_null() {
+            return Err(ERRNO::EFAULT);
+        }
+        let mut hdr = read_pod_from_user(header as *const UserCapHeader)?;
+        let words = match cap_data_words(hdr.version) {
+            Ok(words) => words,
+            Err(errno) => {
+                hdr.version = LINUX_CAPABILITY_VERSION_3;
+                write_pod_to_user(header, &hdr)?;
+                return Err(errno);
+            }
+        };
+        let pid = current_process().getpid() as i32;
+        if hdr.pid < 0 || (hdr.pid != 0 && hdr.pid != pid) {
+            return Err(ERRNO::ESRCH);
+        }
+        if data.is_null() {
+            return Ok(0);
+        }
+
+        let word0 = UserCapData {
+            effective: u32::MAX,
+            permitted: u32::MAX,
+            inheritable: 0,
+        };
+        write_pod_to_user(data, &word0)?;
+        if words > 1 {
+            let word1 = UserCapData {
+                effective: u32::MAX,
+                permitted: u32::MAX,
+                inheritable: 0,
+            };
+            write_pod_to_user(unsafe { data.add(1) }, &word1)?;
+        }
+        Ok(0)
+    })
+}
+
+/// capset syscall
+pub fn sys_capset(header: *const UserCapHeader, data: *const UserCapData) -> isize {
+    syscall_body!({
+        if header.is_null() || data.is_null() {
+            return Err(ERRNO::EFAULT);
+        }
+        let hdr = read_pod_from_user(header)?;
+        let words = cap_data_words(hdr.version)?;
+        let pid = current_process().getpid() as i32;
+        if hdr.pid < 0 || (hdr.pid != 0 && hdr.pid != pid) {
+            return Err(ERRNO::ESRCH);
+        }
+        let _ = read_pod_from_user(data)?;
+        if words > 1 {
+            let _ = read_pod_from_user(unsafe { data.add(1) })?;
+        }
+        Ok(0)
+    })
+}
+
 /// setuid syscall
 pub fn sys_setuid(uid: u32) -> isize {
     let process = current_process();

From fbb8de7dddb4087096049e4fc5c371ee03c5de0d Mon Sep 17 00:00:00 2001
From: Ga1axy_Mac <Jimli176017@gmail.com>
Date: Sat, 13 Jun 2026 18:46:58 +0800
Subject: [PATCH 5/8] fix: preserve successful futex wake over pending signals

---
 os/src/sync/futex.rs | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/os/src/sync/futex.rs b/os/src/sync/futex.rs
index d0b3cc5d..83161d53 100644
--- a/os/src/sync/futex.rs
+++ b/os/src/sync/futex.rs
@@ -278,8 +278,10 @@ pub fn futex_wait_addr(
     if let Some(handle) = handle {
         let wake_state = futex_wait_state(handle);
         cleanup_futex_wait(handle);
-        if matches!(wake_state, FutexWakeState::TimedOut) {
-            return Err(ERRNO::ETIMEDOUT);
+        match wake_state {
+            FutexWakeState::Ready => return Ok(0),
+            FutexWakeState::TimedOut => return Err(ERRNO::ETIMEDOUT),
+            FutexWakeState::Canceled => {}
         }
     }
     if crate::signal::has_unmasked_pending_signal() {

From ca79f85ff6b34105e43a5cf414d7a554a9e6ffa3 Mon Sep 17 00:00:00 2001
From: Ga1axy_Mac <Jimli176017@gmail.com>
Date: Sat, 13 Jun 2026 19:23:05 +0800
Subject: [PATCH 6/8] test: support detector format

---
 CosmOS-rootfs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CosmOS-rootfs b/CosmOS-rootfs
index a49e93bb..7800288a 160000
--- a/CosmOS-rootfs
+++ b/CosmOS-rootfs
@@ -1 +1 @@
-Subproject commit a49e93bb24d0e4e8a1296b4954db96cd822b4209
+Subproject commit 7800288a91e4662e841f28f535f34474e42b2627

From bdb005de3c9aa4228814249d5e8a2051d115f67c Mon Sep 17 00:00:00 2001
From: Ga1axy_Mac <Jimli176017@gmail.com>
Date: Sat, 13 Jun 2026 20:12:37 +0800
Subject: [PATCH 7/8] fix: fix error when compiling procng

---
 CosmOS-rootfs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CosmOS-rootfs b/CosmOS-rootfs
index 7800288a..95ab8a86 160000
--- a/CosmOS-rootfs
+++ b/CosmOS-rootfs
@@ -1 +1 @@
-Subproject commit 7800288a91e4662e841f28f535f34474e42b2627
+Subproject commit 95ab8a86ff87c7b33d499d96078c9b0864796d1e

From 8d2a7d18eeeb9a2f44d0053cfb8dd32fa762e99c Mon Sep 17 00:00:00 2001
From: Ga1axy_Mac <Jimli176017@gmail.com>
Date: Sun, 14 Jun 2026 00:01:06 +0800
Subject: [PATCH 8/8] fix: implement flock and robust exit_group teardown

---
 os/src/fs/mod.rs          | 80 ++++++++++++++++++++++++++++++++++++
 os/src/sched/api.rs       | 38 +++++++++--------
 os/src/sched/runqueue.rs  | 19 +++++++--
 os/src/syscall/fs.rs      | 13 ++++++
 os/src/syscall/mod.rs     |  3 ++
 os/src/syscall/process.rs | 12 ++++--
 os/src/task/mod.rs        | 86 +++++++++++++++++++++++++++++++--------
 7 files changed, 212 insertions(+), 39 deletions(-)

diff --git a/os/src/fs/mod.rs b/os/src/fs/mod.rs
index f624d4e2..adca814f 100644
--- a/os/src/fs/mod.rs
+++ b/os/src/fs/mod.rs
@@ -21,6 +21,7 @@ use crate::sync::SpinNoIrqLock;
 use crate::syscall::errno::ERRNO;
 use crate::syscall::Pod;
 use core::any::Any;
+use lazy_static::*;
 pub use fs::vfs::{InodeTime, VfsFileType};
 pub use page_cache::{
     discard_inode,
@@ -111,6 +112,29 @@ pub enum AccessMode {
     ReadWrite,
 }
 
+const LOCK_SH: i32 = 1;
+const LOCK_EX: i32 = 2;
+const LOCK_NB: i32 = 4;
+const LOCK_UN: i32 = 8;
+
+#[derive(Clone, Copy, Debug, Eq, PartialEq)]
+enum FlockKind {
+    Shared,
+    Exclusive,
+}
+
+#[derive(Clone, Copy, Debug)]
+struct FlockRecord {
+    fs_id: u64,
+    ino: u64,
+    owner: usize,
+    kind: FlockKind,
+}
+
+lazy_static! {
+    static ref FLOCK_TABLE: SpinNoIrqLock<Vec<FlockRecord>> = SpinNoIrqLock::new(Vec::new());
+}
+
 impl AccessMode {
     /// 从 `open` 低两位访问模式中解析访问权限。
     pub fn from_open_bits(bits: i32) -> Result<Self, ERRNO> {
@@ -394,6 +418,55 @@ impl FileDescription {
         self.file.backing_inode()
     }
 
+    /// Apply a BSD `flock(2)` lock to this open file description.
+    pub fn flock(&self, operation: i32) -> Result<(), ERRNO> {
+        let op = operation & !LOCK_NB;
+        let kind = match op {
+            LOCK_SH => Some(FlockKind::Shared),
+            LOCK_EX => Some(FlockKind::Exclusive),
+            LOCK_UN => None,
+            _ => return Err(ERRNO::EINVAL),
+        };
+        if operation & !(LOCK_SH | LOCK_EX | LOCK_NB | LOCK_UN) != 0 {
+            return Err(ERRNO::EINVAL);
+        }
+
+        let inode = self.backing_inode().ok_or(ERRNO::EINVAL)?;
+        let fs_id = inode.fs_id();
+        let ino = inode.ino();
+        let owner = self as *const Self as usize;
+        let mut table = FLOCK_TABLE.lock();
+
+        if kind.is_none() {
+            table.retain(|record| {
+                !(record.fs_id == fs_id && record.ino == ino && record.owner == owner)
+            });
+            return Ok(());
+        }
+
+        let kind = kind.unwrap();
+        let has_conflict = table.iter().any(|record| {
+            if record.fs_id != fs_id || record.ino != ino || record.owner == owner {
+                return false;
+            }
+            kind == FlockKind::Exclusive || record.kind == FlockKind::Exclusive
+        });
+        if has_conflict {
+            return Err(ERRNO::EAGAIN);
+        }
+
+        table.retain(|record| {
+            !(record.fs_id == fs_id && record.ino == ino && record.owner == owner)
+        });
+        table.push(FlockRecord {
+            fs_id,
+            ino,
+            owner,
+            kind,
+        });
+        Ok(())
+    }
+
     /// 读取目录项并推进共享目录位置。
     pub fn getdents64(&self, buf: &mut [u8]) -> usize {
         let mut inner = self.inner.lock();
@@ -489,6 +562,13 @@ impl FileDescription {
     }
 }
 
+impl Drop for FileDescription {
+    fn drop(&mut self) {
+        let owner = self as *const Self as usize;
+        FLOCK_TABLE.lock().retain(|record| record.owner != owner);
+    }
+}
+
 /// trait File for all file types
 pub trait File: Send + Sync + Any {
     /// Returns this file as `Any` for runtime downcasting.
diff --git a/os/src/sched/api.rs b/os/src/sched/api.rs
index 8a641869..0b8576b6 100644
--- a/os/src/sched/api.rs
+++ b/os/src/sched/api.rs
@@ -20,23 +20,29 @@ fn suspend_current_and_run_next_inner(
     let task_cx_ptr = {
         let mut task_inner = task.inner_exclusive_access();
         task_inner.account_cfs_runtime(get_time_ns());
-        task_inner.sched.on_rq = false;
-        task_inner.task_status = TaskStatus::Runnable;
-        task_inner.wait_reason = None;
-        task_inner.sched.resched_reason = None;
-        if reset_slice {
-            task_inner.reset_time_slice();
-        }
-        if task_inner.sched.policy.is_rt() {
-            if let Some(rt_enqueue_head) = rt_enqueue_head {
-                task_inner.sched.rt_enqueue_head = rt_enqueue_head;
+        if matches!(task_inner.task_status, TaskStatus::Zombie) {
+            task_inner.sched.on_rq = false;
+            task_inner.wait_reason = None;
+            task_inner.sched.resched_reason = None;
+        } else {
+            task_inner.sched.on_rq = false;
+            task_inner.task_status = TaskStatus::Runnable;
+            task_inner.wait_reason = None;
+            task_inner.sched.resched_reason = None;
+            if reset_slice {
+                task_inner.reset_time_slice();
+            }
+            if task_inner.sched.policy.is_rt() {
+                if let Some(rt_enqueue_head) = rt_enqueue_head {
+                    task_inner.sched.rt_enqueue_head = rt_enqueue_head;
+                }
+            }
+            if apply_cfs_yield_penalty && matches!(task_inner.sched.policy, SchedPolicy::Other) {
+                task_inner.sched.vruntime_ns = task_inner
+                    .sched
+                    .vruntime_ns
+                    .saturating_add(CFS_YIELD_PENALTY_NS);
             }
-        }
-        if apply_cfs_yield_penalty && matches!(task_inner.sched.policy, SchedPolicy::Other) {
-            task_inner.sched.vruntime_ns = task_inner
-                .sched
-                .vruntime_ns
-                .saturating_add(CFS_YIELD_PENALTY_NS);
         }
         &mut task_inner.task_cx as *mut TaskContext
     };
diff --git a/os/src/sched/runqueue.rs b/os/src/sched/runqueue.rs
index 3b66ded7..76eea966 100644
--- a/os/src/sched/runqueue.rs
+++ b/os/src/sched/runqueue.rs
@@ -1,6 +1,6 @@
 //! Per-hart runqueue management for RT and CFS scheduling classes.
 
-use super::current_task;
+use super::{current_task, processor::processor_for_hart};
 use crate::config::MAX_HARTS;
 use crate::hal::hartid;
 use crate::mm::online_mask as online_hart_mask;
@@ -537,8 +537,21 @@ pub fn wakeup_task(task: Arc<TaskControlBlock>) -> bool {
                     return true;
                 }
                 if task_inner.sched.on_cpu {
-                    drop(task_inner);
-                    return wake_running_or_queued_task(&task);
+                    let last_cpu = normalize_hart(task_inner.sched.last_cpu);
+                    let is_still_current = processor_for_hart(last_cpu)
+                        .lock()
+                        .current()
+                        .is_some_and(|current| Arc::ptr_eq(&current, &task));
+                    if is_still_current {
+                        drop(task_inner);
+                        return wake_running_or_queued_task(&task);
+                    }
+                    task_inner.sched.on_cpu = false;
+                    Some((
+                        last_cpu,
+                        task_inner.sched.cpu_affinity_mask,
+                        task_inner.sched.policy,
+                    ))
                 } else {
                     Some((
                         task_inner.sched.last_cpu,
diff --git a/os/src/syscall/fs.rs b/os/src/syscall/fs.rs
index 8d4ba2c3..1c9eeb79 100644
--- a/os/src/syscall/fs.rs
+++ b/os/src/syscall/fs.rs
@@ -2157,6 +2157,19 @@ pub fn sys_fcntl(fd: u32, cmd: i32, arg: usize) -> isize {
     })
 }
 
+/// `flock` 系统调用：对打开文件描述施加 BSD advisory lock。
+pub fn sys_flock(fd: u32, operation: i32) -> isize {
+    trace!(
+        "kernel:pid[{}] sys_flock",
+        current_task().unwrap().process.upgrade().unwrap().getpid()
+    );
+    syscall_body!({
+        let desc = get_any_file(fd as usize)?;
+        desc.flock(operation)?;
+        Ok(0)
+    })
+}
+
 /// write syscall
 pub fn sys_write(fd: u32, buf: *const u8, len: usize) -> isize {
     trace!(
diff --git a/os/src/syscall/mod.rs b/os/src/syscall/mod.rs
index 50c82eb4..308a7534 100644
--- a/os/src/syscall/mod.rs
+++ b/os/src/syscall/mod.rs
@@ -26,6 +26,8 @@ pub const SYSCALL_FCNTL: usize = 25;
 pub const SYSCALL_INOTIFY_INIT1: usize = 26;
 /// ioctl syscall
 pub const SYSCALL_IOCTL: usize = 29;
+/// flock syscall
+pub const SYSCALL_FLOCK: usize = 32;
 /// mkdirat syscall
 pub const SYSCALL_MKDIRAT: usize = 34;
 /// unlinkat syscall
@@ -528,6 +530,7 @@ pub fn syscall(syscall_id: usize, args: [usize; 6]) -> isize {
         SYSCALL_FCNTL => sys_fcntl(args[0] as u32, args[1] as i32, args[2]),
         SYSCALL_INOTIFY_INIT1 => sys_inotify_init1(args[0] as i32),
         SYSCALL_IOCTL => sys_ioctl(args[0] as u32, args[1], args[2]),
+        SYSCALL_FLOCK => sys_flock(args[0] as u32, args[1] as i32),
         SYSCALL_UNLINKAT => sys_unlinkat(args[0] as isize, args[1] as *const u8, args[2] as u32),
         SYSCALL_SYMLINKAT => sys_symlinkat(
             args[0] as *const u8,
diff --git a/os/src/syscall/process.rs b/os/src/syscall/process.rs
index dd92244a..8b08c398 100644
--- a/os/src/syscall/process.rs
+++ b/os/src/syscall/process.rs
@@ -12,8 +12,8 @@ use crate::{
     mm::{translated_ref, translated_str, PageFaultAccess},
     task::{
         current_process, current_task, current_trap_cx, current_user_token,
-        exit_current_and_run_next, thread_id2task, ExitReason, ProcessControlBlock, ShmAttachment,
-        SigInfo, SignalBit, WaitReason,
+        exit_current_and_run_next, exit_group_current_and_run_next, thread_id2task, ExitReason,
+        ProcessControlBlock, ShmAttachment, SigInfo, SignalBit, WaitReason,
     },
 };
 use crate::sched::{add_task, list_pids, pid2process, remove_from_pid2process};
@@ -200,7 +200,13 @@ pub fn sys_exit(exit_code: i32) -> ! {
 
 /// 临时实现
 pub fn sys_exit_group(exit_code: i32) -> ! {
-    sys_exit(exit_code);
+    trace!(
+        "kernel:pid[{}] sys_exit_group - time {}",
+        current_task().unwrap().process.upgrade().unwrap().getpid(),
+        get_time_ns()
+    );
+    exit_group_current_and_run_next(ExitReason::Exit(exit_code));
+    panic!("Unreachable in sys_exit_group!");
 }
 
 /// getpid syscall
diff --git a/os/src/task/mod.rs b/os/src/task/mod.rs
index 7dfabe0f..6de8d989 100644
--- a/os/src/task/mod.rs
+++ b/os/src/task/mod.rs
@@ -61,6 +61,15 @@ use alloc::string::String;
 
 /// Exit the current 'Running' task and run the next task in task list.
 pub fn exit_current_and_run_next(reason: ExitReason) {
+    exit_current_and_run_next_inner(reason, false);
+}
+
+/// Terminate the whole thread group from the current task.
+pub fn exit_group_current_and_run_next(reason: ExitReason) {
+    exit_current_and_run_next_inner(reason, true);
+}
+
+fn exit_current_and_run_next_inner(reason: ExitReason, force_process_exit: bool) {
     let exit_reason = reason;
     let task_exit_code = match exit_reason {
         ExitReason::Exit(code) => code,
@@ -135,15 +144,17 @@ pub fn exit_current_and_run_next(reason: ExitReason) {
         remove_from_tid2task(thread_id);
     }
 
-    // Move the task to stop-wait status, to avoid kernel stack from being freed
-    if tid == Some(0) {
+    let exiting_task = Arc::clone(&task);
+    // Move the task to stop-wait status when it owns process teardown, to avoid
+    // freeing the kernel stack while still switching away on it.
+    if tid == Some(0) || force_process_exit {
         add_stopping_task(task);
     } else {
         drop(task);
     }
-    // however, if this is the main thread of current process
-    // the process should terminate at once
-    if tid == Some(0) {
+    // If this is the main thread or exit_group was requested, the process
+    // should terminate at once.
+    if tid == Some(0) || force_process_exit {
         let pid = process.getpid();
         if pid == IDLE_PID {
             println!(
@@ -159,44 +170,67 @@ pub fn exit_current_and_run_next(reason: ExitReason) {
             }
         }
         let mut process_inner = process.inner_exclusive_access();
+        if process_inner.is_zombie {
+            drop(process_inner);
+            let mut process_inner = process.inner_exclusive_access();
+            if let Some(tid) = tid {
+                process_inner.mutex_detector.clear_thread(tid);
+                process_inner.semaphore_detector.clear_thread(tid);
+            }
+            drop(process_inner);
+            drop(process);
+            let mut _unused = TaskContext::zero_init();
+            schedule(&mut _unused as *mut _);
+            return;
+        }
         // mark this process as a zombie process
         process_inner.is_zombie = true;
         // record process exit reason for wait4/waitpid
         process_inner.exit_reason = exit_reason;
-        drop(process_inner);
-        write_process_accounting_on_exit(&process, exit_reason);
-
+        let children_to_reparent = process_inner.children.clone();
+        for child in children_to_reparent.iter() {
+            child.inner_exclusive_access().parent = Some(Arc::downgrade(&INITPROC));
+        }
         {
-            let process_inner = process.inner_exclusive_access();
-            // move all child processes under init process
             let mut initproc_inner = INITPROC.inner_exclusive_access();
-            for child in process_inner.children.iter() {
-                child.inner_exclusive_access().parent = Some(Arc::downgrade(&INITPROC));
-                initproc_inner.children.push(child.clone());
+            for child in children_to_reparent {
+                initproc_inner.children.push(child);
             }
         }
+        drop(process_inner);
+        write_process_accounting_on_exit(&process, exit_reason);
 
         // deallocate user res (including tid/trap_cx/ustack) of all threads
         // it has to be done before we dealloc the whole memory_set
         // otherwise they will be deallocated twice
         let mut recycle_res = Vec::<TaskUserRes>::new();
+        let mut running_tasks = Vec::new();
+        let mut running_harts = Vec::new();
         let process_inner = process.inner_exclusive_access();
         for task in process_inner.tasks.iter().filter(|t| t.is_some()) {
             let task = task.as_ref().unwrap();
-            let thread_id = {
+            let (thread_id, was_on_cpu, last_cpu) = {
                 let mut task_inner = task.inner_exclusive_access();
                 task_inner.exit_code.get_or_insert(task_exit_code);
                 task_inner.task_status = TaskStatus::Zombie;
                 task_inner.wait_reason = None;
-                task_inner.sched.on_cpu = false;
                 task_inner.sched.on_rq = false;
-                task_inner.sched.resched_reason = None;
+                task_inner.sched.resched_reason = Some(ReschedReason::HigherRtPriority);
                 task_inner.current_wq_handle = None;
-                task_inner.res.as_ref().map(|res| res.thread_id())
+                (
+                    task_inner.res.as_ref().map(|res| res.thread_id()),
+                    task_inner.sched.on_cpu,
+                    task_inner.sched.last_cpu,
+                )
             };
             if let Some(thread_id) = thread_id {
                 remove_from_tid2task(thread_id);
             }
+            if was_on_cpu && !Arc::ptr_eq(task, &exiting_task) {
+                running_harts.push(last_cpu);
+                running_tasks.push(Arc::clone(task));
+                continue;
+            }
             // if other tasks are Runnable in TaskManager or waiting for a timer to be
             // expired, we should remove them.
             //
@@ -206,6 +240,7 @@ pub fn exit_current_and_run_next(reason: ExitReason) {
             trace!("kernel: exit_current_and_run_next .. remove_inactive_task");
             remove_inactive_task(Arc::clone(&task));
             let mut task_inner = task.inner_exclusive_access();
+            task_inner.sched.on_cpu = false;
             if let Some(res) = task_inner.res.take() {
                 recycle_res.push(res);
             }
@@ -214,6 +249,23 @@ pub fn exit_current_and_run_next(reason: ExitReason) {
         // need to collect those user res first, then release process_inner
         // for now to avoid deadlock/double borrow problem.
         drop(process_inner);
+        for hart in running_harts {
+            crate::sched::resched_hart(hart);
+        }
+        while running_tasks.iter().any(|task| task.inner_exclusive_access().sched.on_cpu) {
+            core::hint::spin_loop();
+        }
+        {
+            let _process_inner = process.inner_exclusive_access();
+            for task in running_tasks {
+                let mut task_inner = task.inner_exclusive_access();
+                if let Some(res) = task_inner.res.take() {
+                    recycle_res.push(res);
+                }
+                task_inner.sched.on_cpu = false;
+                task_inner.sched.on_rq = false;
+            }
+        }
         recycle_res.clear();
 
         let (closed_fds, parent_weak, reclaim, shm_attachments) = {