user space emulation: openat() seems to defeat sysroot path translation

Host environment

• Operating system: Ubuntu 21.10 (pop-os)
• OS/kernel version: Linux pop-os 5.15.11-76051511-generic #202112220937~1640185481~21.10~b3a2c21 SMP Wed Dec 22 15:41:49 U x86_64 x86_64 x86_64 GNU/Linux
• Architecture: x86_64
• QEMU flavor: qemu-arm
• QEMU version: qemu-arm version 6.0.0 (Debian 1:6.0+dfsg-2expubuntu1.1)
• QEMU command line:

qemu-arm -L ./armv7-eabihf--uclibc--bleeding-edge-2021.11-1/arm-buildroot-linux-uclibcgnueabihf/sysroot/ /tmp/test_openat

Emulated/Virtualized environment

• Operating system: armv7 linux uclibceabihf
• OS/kernel version: user-space emulation
• Architecture: ARMv7

Description of problem

It appears that the user space emulation code is doing some path manipulation of some syscalls to sometimes prefix them with the sysroot. This seems to be interacting badly sometimes with certain usage patterns. This was noticed because a test suite of various libc calls was failing under qemu-arm, and a strace of the qemu-arm process revealed that the translated paths were being inconsistently applied.

In particular, the sequence which fails is:

• create a file in /tmp/.
• open /tmp itself. This succeeds, but strace reveals that it actually opened SYSROOT/tmp/.
• openat(tmpfd, tmpfile_name) then fails, as the fd provided to openat is actually inside the sysroot, not at /tmp as expected.

Steps to reproduce

1. Get toolchain https://toolchains.bootlin.com/downloads/releases/toolchains/armv7-eabihf/tarballs/armv7-eabihf--uclibc--bleeding-edge-2021.11-1.tar.bz2
2. Compile attached test program test_openat.c
3. Try to run under qemu-arm.

This code passes in non-emulated situations, but fails under user-space emulation. Presumably it would also pass under full system emulation.