xref: /openbmc/qemu/bsd-user/elfload.c (revision 312a0b1cbf941c37d3d3aeb1ed651613e04262b5)
1 /*
2  *  ELF loading code
3  *
4  *  Copyright (c) 2013 Stacey D. Son
5  *
6  *  This program is free software; you can redistribute it and/or modify
7  *  it under the terms of the GNU General Public License as published by
8  *  the Free Software Foundation; either version 2 of the License, or
9  *  (at your option) any later version.
10  *
11  *  This program is distributed in the hope that it will be useful,
12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14  *  GNU General Public License for more details.
15  *
16  *  You should have received a copy of the GNU General Public License
17  *  along with this program; if not, see <http://www.gnu.org/licenses/>.
18  */
19 
20 #include "qemu/osdep.h"
21 
22 #include "qemu.h"
23 #include "disas/disas.h"
24 #include "qemu/path.h"
25 
26 #include "target_arch_elf.h"
27 #include "target_os_thread.h"
28 
29 /* this flag is uneffective under linux too, should be deleted */
30 #ifndef MAP_DENYWRITE
31 #define MAP_DENYWRITE 0
32 #endif
33 
34 /* should probably go in elf.h */
35 #ifndef ELIBBAD
36 #define ELIBBAD 80
37 #endif
38 
39 #ifndef ELF_PLATFORM
40 #define ELF_PLATFORM (NULL)
41 #endif
42 
43 #ifndef ELF_HWCAP
44 #define ELF_HWCAP 0
45 #endif
46 
47 #ifdef TARGET_ABI32
48 #undef ELF_CLASS
49 #define ELF_CLASS ELFCLASS32
50 #undef bswaptls
51 #define bswaptls(ptr) bswap32s(ptr)
52 #endif
53 
54 #include "elf.h"
55 
56 /* max code+data+bss space allocated to elf interpreter */
57 #define INTERP_MAP_SIZE (32 * 1024 * 1024)
58 
59 /* max code+data+bss+brk space allocated to ET_DYN executables */
60 #define ET_DYN_MAP_SIZE (128 * 1024 * 1024)
61 
62 /* Necessary parameters */
63 #define TARGET_ELF_EXEC_PAGESIZE TARGET_PAGE_SIZE
64 #define TARGET_ELF_PAGESTART(_v) ((_v) & ~(unsigned long)(TARGET_ELF_EXEC_PAGESIZE - 1))
65 #define TARGET_ELF_PAGEOFFSET(_v) ((_v) & (TARGET_ELF_EXEC_PAGESIZE - 1))
66 
67 #define DLINFO_ITEMS 12
68 
69 static inline void memcpy_fromfs(void *to, const void *from, unsigned long n)
70 {
71     memcpy(to, from, n);
72 }
73 
74 #ifdef BSWAP_NEEDED
75 static void bswap_ehdr(struct elfhdr *ehdr)
76 {
77     bswap16s(&ehdr->e_type);            /* Object file type */
78     bswap16s(&ehdr->e_machine);         /* Architecture */
79     bswap32s(&ehdr->e_version);         /* Object file version */
80     bswaptls(&ehdr->e_entry);           /* Entry point virtual address */
81     bswaptls(&ehdr->e_phoff);           /* Program header table file offset */
82     bswaptls(&ehdr->e_shoff);           /* Section header table file offset */
83     bswap32s(&ehdr->e_flags);           /* Processor-specific flags */
84     bswap16s(&ehdr->e_ehsize);          /* ELF header size in bytes */
85     bswap16s(&ehdr->e_phentsize);       /* Program header table entry size */
86     bswap16s(&ehdr->e_phnum);           /* Program header table entry count */
87     bswap16s(&ehdr->e_shentsize);       /* Section header table entry size */
88     bswap16s(&ehdr->e_shnum);           /* Section header table entry count */
89     bswap16s(&ehdr->e_shstrndx);        /* Section header string table index */
90 }
91 
92 static void bswap_phdr(struct elf_phdr *phdr, int phnum)
93 {
94     int i;
95 
96     for (i = 0; i < phnum; i++, phdr++) {
97         bswap32s(&phdr->p_type);        /* Segment type */
98         bswap32s(&phdr->p_flags);       /* Segment flags */
99         bswaptls(&phdr->p_offset);      /* Segment file offset */
100         bswaptls(&phdr->p_vaddr);       /* Segment virtual address */
101         bswaptls(&phdr->p_paddr);       /* Segment physical address */
102         bswaptls(&phdr->p_filesz);      /* Segment size in file */
103         bswaptls(&phdr->p_memsz);       /* Segment size in memory */
104         bswaptls(&phdr->p_align);       /* Segment alignment */
105     }
106 }
107 
108 static void bswap_shdr(struct elf_shdr *shdr, int shnum)
109 {
110     int i;
111 
112     for (i = 0; i < shnum; i++, shdr++) {
113         bswap32s(&shdr->sh_name);
114         bswap32s(&shdr->sh_type);
115         bswaptls(&shdr->sh_flags);
116         bswaptls(&shdr->sh_addr);
117         bswaptls(&shdr->sh_offset);
118         bswaptls(&shdr->sh_size);
119         bswap32s(&shdr->sh_link);
120         bswap32s(&shdr->sh_info);
121         bswaptls(&shdr->sh_addralign);
122         bswaptls(&shdr->sh_entsize);
123     }
124 }
125 
126 static void bswap_sym(struct elf_sym *sym)
127 {
128     bswap32s(&sym->st_name);
129     bswaptls(&sym->st_value);
130     bswaptls(&sym->st_size);
131     bswap16s(&sym->st_shndx);
132 }
133 
134 #else /* ! BSWAP_NEEDED */
135 
136 static void bswap_ehdr(struct elfhdr *ehdr) { }
137 static void bswap_phdr(struct elf_phdr *phdr, int phnum) { }
138 static void bswap_shdr(struct elf_shdr *shdr, int shnum) { }
139 static void bswap_sym(struct elf_sym *sym) { }
140 
141 #endif /* ! BSWAP_NEEDED */
142 
143 /*
144  * 'copy_elf_strings()' copies argument/envelope strings from user
145  * memory to free pages in kernel mem. These are in a format ready
146  * to be put directly into the top of new user memory.
147  *
148  */
149 static abi_ulong copy_elf_strings(int argc, char **argv, void **page,
150                                   abi_ulong p)
151 {
152     char *tmp, *tmp1, *pag = NULL;
153     int len, offset = 0;
154 
155     if (!p) {
156         return 0;       /* bullet-proofing */
157     }
158     while (argc-- > 0) {
159         tmp = argv[argc];
160         if (!tmp) {
161             fprintf(stderr, "VFS: argc is wrong");
162             exit(-1);
163         }
164         tmp1 = tmp;
165         while (*tmp++);
166         len = tmp - tmp1;
167         if (p < len) {  /* this shouldn't happen - 128kB */
168                 return 0;
169         }
170         while (len) {
171             --p; --tmp; --len;
172             if (--offset < 0) {
173                 offset = p % TARGET_PAGE_SIZE;
174                 pag = (char *)page[p / TARGET_PAGE_SIZE];
175                 if (!pag) {
176                     pag = g_try_malloc0(TARGET_PAGE_SIZE);
177                     page[p / TARGET_PAGE_SIZE] = pag;
178                     if (!pag)
179                         return 0;
180                 }
181             }
182             if (len == 0 || offset == 0) {
183                 *(pag + offset) = *tmp;
184             }
185             else {
186               int bytes_to_copy = (len > offset) ? offset : len;
187               tmp -= bytes_to_copy;
188               p -= bytes_to_copy;
189               offset -= bytes_to_copy;
190               len -= bytes_to_copy;
191               memcpy_fromfs(pag + offset, tmp, bytes_to_copy + 1);
192             }
193         }
194     }
195     return p;
196 }
197 
198 static abi_ulong setup_arg_pages(abi_ulong p, struct bsd_binprm *bprm,
199                                  struct image_info *info)
200 {
201     abi_ulong stack_base, size, error;
202     int i;
203 
204     /* Create enough stack to hold everything.  If we don't use
205      * it for args, we'll use it for something else...
206      */
207     size = target_dflssiz;
208     if (size < MAX_ARG_PAGES * TARGET_PAGE_SIZE)
209         size = MAX_ARG_PAGES * TARGET_PAGE_SIZE;
210     error = target_mmap(0,
211                         size + qemu_host_page_size,
212                         PROT_READ | PROT_WRITE,
213                         MAP_PRIVATE | MAP_ANON,
214                         -1, 0);
215     if (error == -1) {
216         perror("stk mmap");
217         exit(-1);
218     }
219     /* we reserve one extra page at the top of the stack as guard */
220     target_mprotect(error + size, qemu_host_page_size, PROT_NONE);
221 
222     stack_base = error + size - MAX_ARG_PAGES * TARGET_PAGE_SIZE;
223     p += stack_base;
224 
225     for (i = 0 ; i < MAX_ARG_PAGES ; i++) {
226         if (bprm->page[i]) {
227             info->rss++;
228             /* FIXME - check return value of memcpy_to_target() for failure */
229             memcpy_to_target(stack_base, bprm->page[i], TARGET_PAGE_SIZE);
230             g_free(bprm->page[i]);
231         }
232         stack_base += TARGET_PAGE_SIZE;
233     }
234     return p;
235 }
236 
237 static void set_brk(abi_ulong start, abi_ulong end)
238 {
239         /* page-align the start and end addresses... */
240         start = HOST_PAGE_ALIGN(start);
241         end = HOST_PAGE_ALIGN(end);
242         if (end <= start)
243                 return;
244         if (target_mmap(start, end - start,
245                        PROT_READ | PROT_WRITE | PROT_EXEC,
246                        MAP_FIXED | MAP_PRIVATE | MAP_ANON, -1, 0) == -1) {
247             perror("cannot mmap brk");
248             exit(-1);
249         }
250 }
251 
252 
253 /* We need to explicitly zero any fractional pages after the data
254    section (i.e. bss).  This would contain the junk from the file that
255    should not be in memory. */
256 static void padzero(abi_ulong elf_bss, abi_ulong last_bss)
257 {
258         abi_ulong nbyte;
259 
260         if (elf_bss >= last_bss)
261                 return;
262 
263         /* XXX: this is really a hack : if the real host page size is
264            smaller than the target page size, some pages after the end
265            of the file may not be mapped. A better fix would be to
266            patch target_mmap(), but it is more complicated as the file
267            size must be known */
268         if (qemu_real_host_page_size < qemu_host_page_size) {
269             abi_ulong end_addr, end_addr1;
270             end_addr1 = REAL_HOST_PAGE_ALIGN(elf_bss);
271             end_addr = HOST_PAGE_ALIGN(elf_bss);
272             if (end_addr1 < end_addr) {
273                 mmap((void *)g2h_untagged(end_addr1), end_addr - end_addr1,
274                      PROT_READ | PROT_WRITE | PROT_EXEC,
275                      MAP_FIXED | MAP_PRIVATE | MAP_ANON, -1, 0);
276             }
277         }
278 
279         nbyte = elf_bss & (qemu_host_page_size - 1);
280         if (nbyte) {
281             nbyte = qemu_host_page_size - nbyte;
282             do {
283                 /* FIXME - what to do if put_user() fails? */
284                 put_user_u8(0, elf_bss);
285                 elf_bss++;
286             } while (--nbyte);
287         }
288 }
289 
290 
291 static abi_ulong create_elf_tables(abi_ulong p, int argc, int envc,
292                                    struct elfhdr * exec,
293                                    abi_ulong load_addr,
294                                    abi_ulong load_bias,
295                                    abi_ulong interp_load_addr,
296                                    struct image_info *info)
297 {
298         abi_ulong sp;
299         int size;
300         abi_ulong u_platform;
301         const char *k_platform;
302         const int n = sizeof(elf_addr_t);
303 
304         sp = p;
305         u_platform = 0;
306         k_platform = ELF_PLATFORM;
307         if (k_platform) {
308             size_t len = strlen(k_platform) + 1;
309             sp -= (len + n - 1) & ~(n - 1);
310             u_platform = sp;
311             /* FIXME - check return value of memcpy_to_target() for failure */
312             memcpy_to_target(sp, k_platform, len);
313         }
314         /*
315          * Force 16 byte _final_ alignment here for generality.
316          */
317         sp = sp & ~(abi_ulong)15;
318         size = (DLINFO_ITEMS + 1) * 2;
319         if (k_platform)
320                 size += 2;
321 #ifdef DLINFO_ARCH_ITEMS
322         size += DLINFO_ARCH_ITEMS * 2;
323 #endif
324         size += envc + argc + 2;
325         size += 1;        /* argc itself */
326         size *= n;
327         if (size & 15)
328                 sp -= 16 - (size & 15);
329 
330         /* This is correct because Linux defines
331          * elf_addr_t as Elf32_Off / Elf64_Off
332          */
333 #define NEW_AUX_ENT(id, val) do {               \
334             sp -= n; put_user_ual(val, sp);     \
335             sp -= n; put_user_ual(id, sp);      \
336           } while (0)
337 
338         NEW_AUX_ENT(AT_NULL, 0);
339 
340         /* There must be exactly DLINFO_ITEMS entries here.  */
341         NEW_AUX_ENT(AT_PHDR, (abi_ulong)(load_addr + exec->e_phoff));
342         NEW_AUX_ENT(AT_PHENT, (abi_ulong)(sizeof(struct elf_phdr)));
343         NEW_AUX_ENT(AT_PHNUM, (abi_ulong)(exec->e_phnum));
344         NEW_AUX_ENT(AT_PAGESZ, (abi_ulong)(TARGET_PAGE_SIZE));
345         NEW_AUX_ENT(AT_BASE, (abi_ulong)(interp_load_addr));
346         NEW_AUX_ENT(AT_FLAGS, (abi_ulong)0);
347         NEW_AUX_ENT(AT_ENTRY, load_bias + exec->e_entry);
348         NEW_AUX_ENT(AT_UID, (abi_ulong) getuid());
349         NEW_AUX_ENT(AT_EUID, (abi_ulong) geteuid());
350         NEW_AUX_ENT(AT_GID, (abi_ulong) getgid());
351         NEW_AUX_ENT(AT_EGID, (abi_ulong) getegid());
352         NEW_AUX_ENT(AT_HWCAP, (abi_ulong) ELF_HWCAP);
353         NEW_AUX_ENT(AT_CLKTCK, (abi_ulong) sysconf(_SC_CLK_TCK));
354         if (k_platform)
355             NEW_AUX_ENT(AT_PLATFORM, u_platform);
356 #ifdef ARCH_DLINFO
357         /*
358          * ARCH_DLINFO must come last so platform specific code can enforce
359          * special alignment requirements on the AUXV if necessary (eg. PPC).
360          */
361         ARCH_DLINFO;
362 #endif
363 #undef NEW_AUX_ENT
364 
365         sp = loader_build_argptr(envc, argc, sp, p);
366         return sp;
367 }
368 
369 
370 static abi_ulong load_elf_interp(struct elfhdr *interp_elf_ex,
371                                  int interpreter_fd,
372                                  abi_ulong *interp_load_addr)
373 {
374     struct elf_phdr *elf_phdata  =  NULL;
375     struct elf_phdr *eppnt;
376     abi_ulong load_addr = 0;
377     int load_addr_set = 0;
378     int retval;
379     abi_ulong last_bss, elf_bss;
380     abi_ulong error;
381     int i;
382 
383     elf_bss = 0;
384     last_bss = 0;
385     error = 0;
386 
387     bswap_ehdr(interp_elf_ex);
388     /* First of all, some simple consistency checks */
389     if ((interp_elf_ex->e_type != ET_EXEC &&
390          interp_elf_ex->e_type != ET_DYN) ||
391         !elf_check_arch(interp_elf_ex->e_machine)) {
392         return ~((abi_ulong)0UL);
393     }
394 
395 
396     /* Now read in all of the header information */
397 
398     if (sizeof(struct elf_phdr) * interp_elf_ex->e_phnum > TARGET_PAGE_SIZE)
399         return ~(abi_ulong)0UL;
400 
401     elf_phdata =  (struct elf_phdr *)
402         malloc(sizeof(struct elf_phdr) * interp_elf_ex->e_phnum);
403 
404     if (!elf_phdata)
405         return ~((abi_ulong)0UL);
406 
407     /*
408      * If the size of this structure has changed, then punt, since
409      * we will be doing the wrong thing.
410      */
411     if (interp_elf_ex->e_phentsize != sizeof(struct elf_phdr)) {
412         free(elf_phdata);
413         return ~((abi_ulong)0UL);
414     }
415 
416     retval = lseek(interpreter_fd, interp_elf_ex->e_phoff, SEEK_SET);
417     if (retval >= 0) {
418         retval = read(interpreter_fd,
419                       (char *) elf_phdata,
420                       sizeof(struct elf_phdr) * interp_elf_ex->e_phnum);
421     }
422     if (retval < 0) {
423         perror("load_elf_interp");
424         exit(-1);
425         free(elf_phdata);
426         return retval;
427     }
428     bswap_phdr(elf_phdata, interp_elf_ex->e_phnum);
429 
430     if (interp_elf_ex->e_type == ET_DYN) {
431         /* in order to avoid hardcoding the interpreter load
432            address in qemu, we allocate a big enough memory zone */
433         error = target_mmap(0, INTERP_MAP_SIZE,
434                             PROT_NONE, MAP_PRIVATE | MAP_ANON,
435                             -1, 0);
436         if (error == -1) {
437             perror("mmap");
438             exit(-1);
439         }
440         load_addr = error;
441         load_addr_set = 1;
442     }
443 
444     eppnt = elf_phdata;
445     for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++)
446         if (eppnt->p_type == PT_LOAD) {
447             int elf_type = MAP_PRIVATE | MAP_DENYWRITE;
448             int elf_prot = 0;
449             abi_ulong vaddr = 0;
450             abi_ulong k;
451 
452             if (eppnt->p_flags & PF_R) elf_prot =  PROT_READ;
453             if (eppnt->p_flags & PF_W) elf_prot |= PROT_WRITE;
454             if (eppnt->p_flags & PF_X) elf_prot |= PROT_EXEC;
455             if (interp_elf_ex->e_type == ET_EXEC || load_addr_set) {
456                 elf_type |= MAP_FIXED;
457                 vaddr = eppnt->p_vaddr;
458             }
459             error = target_mmap(load_addr + TARGET_ELF_PAGESTART(vaddr),
460                                 eppnt->p_filesz + TARGET_ELF_PAGEOFFSET(eppnt->p_vaddr),
461                                 elf_prot,
462                                 elf_type,
463                                 interpreter_fd,
464                                 eppnt->p_offset - TARGET_ELF_PAGEOFFSET(eppnt->p_vaddr));
465 
466             if (error == -1) {
467                 /* Real error */
468                 close(interpreter_fd);
469                 free(elf_phdata);
470                 return ~((abi_ulong)0UL);
471             }
472 
473             if (!load_addr_set && interp_elf_ex->e_type == ET_DYN) {
474                 load_addr = error;
475                 load_addr_set = 1;
476             }
477 
478             /*
479              * Find the end of the file  mapping for this phdr, and keep
480              * track of the largest address we see for this.
481              */
482             k = load_addr + eppnt->p_vaddr + eppnt->p_filesz;
483             if (k > elf_bss) elf_bss = k;
484 
485             /*
486              * Do the same thing for the memory mapping - between
487              * elf_bss and last_bss is the bss section.
488              */
489             k = load_addr + eppnt->p_memsz + eppnt->p_vaddr;
490             if (k > last_bss) last_bss = k;
491         }
492 
493     /* Now use mmap to map the library into memory. */
494 
495     close(interpreter_fd);
496 
497     /*
498      * Now fill out the bss section.  First pad the last page up
499      * to the page boundary, and then perform a mmap to make sure
500      * that there are zeromapped pages up to and including the last
501      * bss page.
502      */
503     padzero(elf_bss, last_bss);
504     elf_bss = TARGET_ELF_PAGESTART(elf_bss + qemu_host_page_size - 1); /* What we have mapped so far */
505 
506     /* Map the last of the bss segment */
507     if (last_bss > elf_bss) {
508         target_mmap(elf_bss, last_bss - elf_bss,
509                     PROT_READ | PROT_WRITE | PROT_EXEC,
510                     MAP_FIXED | MAP_PRIVATE | MAP_ANON, -1, 0);
511     }
512     free(elf_phdata);
513 
514     *interp_load_addr = load_addr;
515     return ((abi_ulong) interp_elf_ex->e_entry) + load_addr;
516 }
517 
518 static int symfind(const void *s0, const void *s1)
519 {
520     target_ulong addr = *(target_ulong *)s0;
521     struct elf_sym *sym = (struct elf_sym *)s1;
522     int result = 0;
523     if (addr < sym->st_value) {
524         result = -1;
525     } else if (addr >= sym->st_value + sym->st_size) {
526         result = 1;
527     }
528     return result;
529 }
530 
531 static const char *lookup_symbolxx(struct syminfo *s, target_ulong orig_addr)
532 {
533 #if ELF_CLASS == ELFCLASS32
534     struct elf_sym *syms = s->disas_symtab.elf32;
535 #else
536     struct elf_sym *syms = s->disas_symtab.elf64;
537 #endif
538 
539     // binary search
540     struct elf_sym *sym;
541 
542     sym = bsearch(&orig_addr, syms, s->disas_num_syms, sizeof(*syms), symfind);
543     if (sym != NULL) {
544         return s->disas_strtab + sym->st_name;
545     }
546 
547     return "";
548 }
549 
550 /* FIXME: This should use elf_ops.h  */
551 static int symcmp(const void *s0, const void *s1)
552 {
553     struct elf_sym *sym0 = (struct elf_sym *)s0;
554     struct elf_sym *sym1 = (struct elf_sym *)s1;
555     return (sym0->st_value < sym1->st_value)
556         ? -1
557         : ((sym0->st_value > sym1->st_value) ? 1 : 0);
558 }
559 
560 /* Best attempt to load symbols from this ELF object. */
561 static void load_symbols(struct elfhdr *hdr, int fd)
562 {
563     unsigned int i, nsyms;
564     struct elf_shdr sechdr, symtab, strtab;
565     char *strings;
566     struct syminfo *s;
567     struct elf_sym *syms, *new_syms;
568 
569     lseek(fd, hdr->e_shoff, SEEK_SET);
570     for (i = 0; i < hdr->e_shnum; i++) {
571         if (read(fd, &sechdr, sizeof(sechdr)) != sizeof(sechdr))
572             return;
573         bswap_shdr(&sechdr, 1);
574         if (sechdr.sh_type == SHT_SYMTAB) {
575             symtab = sechdr;
576             lseek(fd, hdr->e_shoff
577                   + sizeof(sechdr) * sechdr.sh_link, SEEK_SET);
578             if (read(fd, &strtab, sizeof(strtab))
579                 != sizeof(strtab))
580                 return;
581             bswap_shdr(&strtab, 1);
582             goto found;
583         }
584     }
585     return; /* Shouldn't happen... */
586 
587  found:
588     /* Now know where the strtab and symtab are.  Snarf them. */
589     s = malloc(sizeof(*s));
590     syms = malloc(symtab.sh_size);
591     if (!syms) {
592         free(s);
593         return;
594     }
595     s->disas_strtab = strings = malloc(strtab.sh_size);
596     if (!s->disas_strtab) {
597         free(s);
598         free(syms);
599         return;
600     }
601 
602     lseek(fd, symtab.sh_offset, SEEK_SET);
603     if (read(fd, syms, symtab.sh_size) != symtab.sh_size) {
604         free(s);
605         free(syms);
606         free(strings);
607         return;
608     }
609 
610     nsyms = symtab.sh_size / sizeof(struct elf_sym);
611 
612     i = 0;
613     while (i < nsyms) {
614         bswap_sym(syms + i);
615         // Throw away entries which we do not need.
616         if (syms[i].st_shndx == SHN_UNDEF ||
617                 syms[i].st_shndx >= SHN_LORESERVE ||
618                 ELF_ST_TYPE(syms[i].st_info) != STT_FUNC) {
619             nsyms--;
620             if (i < nsyms) {
621                 syms[i] = syms[nsyms];
622             }
623             continue;
624         }
625         i++;
626     }
627 
628      /* Attempt to free the storage associated with the local symbols
629         that we threw away.  Whether or not this has any effect on the
630         memory allocation depends on the malloc implementation and how
631         many symbols we managed to discard. */
632     new_syms = realloc(syms, nsyms * sizeof(*syms));
633     if (new_syms == NULL) {
634         free(s);
635         free(syms);
636         free(strings);
637         return;
638     }
639     syms = new_syms;
640 
641     qsort(syms, nsyms, sizeof(*syms), symcmp);
642 
643     lseek(fd, strtab.sh_offset, SEEK_SET);
644     if (read(fd, strings, strtab.sh_size) != strtab.sh_size) {
645         free(s);
646         free(syms);
647         free(strings);
648         return;
649     }
650     s->disas_num_syms = nsyms;
651 #if ELF_CLASS == ELFCLASS32
652     s->disas_symtab.elf32 = syms;
653     s->lookup_symbol = (lookup_symbol_t)lookup_symbolxx;
654 #else
655     s->disas_symtab.elf64 = syms;
656     s->lookup_symbol = (lookup_symbol_t)lookup_symbolxx;
657 #endif
658     s->next = syminfos;
659     syminfos = s;
660 }
661 
662 int load_elf_binary(struct bsd_binprm *bprm, struct target_pt_regs *regs,
663                     struct image_info *info)
664 {
665     struct elfhdr elf_ex;
666     struct elfhdr interp_elf_ex;
667     int interpreter_fd = -1; /* avoid warning */
668     abi_ulong load_addr, load_bias;
669     int load_addr_set = 0;
670     int i;
671     struct elf_phdr * elf_ppnt;
672     struct elf_phdr *elf_phdata;
673     abi_ulong elf_bss, k, elf_brk;
674     int retval;
675     char * elf_interpreter;
676     abi_ulong elf_entry, interp_load_addr = 0;
677     abi_ulong start_code, end_code, start_data, end_data;
678     abi_ulong reloc_func_desc = 0;
679 #ifdef LOW_ELF_STACK
680     abi_ulong elf_stack = ~((abi_ulong)0UL);
681 #endif
682 
683     load_addr = 0;
684     load_bias = 0;
685     elf_ex = *((struct elfhdr *) bprm->buf);          /* exec-header */
686     bswap_ehdr(&elf_ex);
687 
688     /* First of all, some simple consistency checks */
689     if ((elf_ex.e_type != ET_EXEC && elf_ex.e_type != ET_DYN) ||
690                                 (!elf_check_arch(elf_ex.e_machine))) {
691             return -ENOEXEC;
692     }
693 
694     bprm->p = copy_elf_strings(1, &bprm->filename, bprm->page, bprm->p);
695     bprm->p = copy_elf_strings(bprm->envc, bprm->envp, bprm->page,bprm->p);
696     bprm->p = copy_elf_strings(bprm->argc, bprm->argv, bprm->page,bprm->p);
697     if (!bprm->p) {
698         retval = -E2BIG;
699     }
700 
701     /* Now read in all of the header information */
702     elf_phdata = (struct elf_phdr *)malloc(elf_ex.e_phentsize*elf_ex.e_phnum);
703     if (elf_phdata == NULL) {
704         return -ENOMEM;
705     }
706 
707     retval = lseek(bprm->fd, elf_ex.e_phoff, SEEK_SET);
708     if (retval > 0) {
709         retval = read(bprm->fd, (char *)elf_phdata,
710                                 elf_ex.e_phentsize * elf_ex.e_phnum);
711     }
712 
713     if (retval < 0) {
714         perror("load_elf_binary");
715         exit(-1);
716         free(elf_phdata);
717         return -errno;
718     }
719 
720     bswap_phdr(elf_phdata, elf_ex.e_phnum);
721 
722     elf_ppnt = elf_phdata;
723 
724     elf_bss = 0;
725     elf_brk = 0;
726 
727 
728     elf_interpreter = NULL;
729     start_code = ~((abi_ulong)0UL);
730     end_code = 0;
731     start_data = 0;
732     end_data = 0;
733 
734     for (i = 0;i < elf_ex.e_phnum; i++) {
735         if (elf_ppnt->p_type == PT_INTERP) {
736             if (elf_interpreter != NULL)
737             {
738                 free(elf_phdata);
739                 free(elf_interpreter);
740                 close(bprm->fd);
741                 return -EINVAL;
742             }
743 
744             /* This is the program interpreter used for
745              * shared libraries - for now assume that this
746              * is an a.out format binary
747              */
748 
749             elf_interpreter = (char *)malloc(elf_ppnt->p_filesz);
750 
751             if (elf_interpreter == NULL) {
752                 free(elf_phdata);
753                 close(bprm->fd);
754                 return -ENOMEM;
755             }
756 
757             retval = lseek(bprm->fd, elf_ppnt->p_offset, SEEK_SET);
758             if (retval >= 0) {
759                 retval = read(bprm->fd, elf_interpreter, elf_ppnt->p_filesz);
760             }
761             if (retval < 0) {
762                 perror("load_elf_binary2");
763                 exit(-1);
764             }
765 
766             if (retval >= 0) {
767                 retval = open(path(elf_interpreter), O_RDONLY);
768                 if (retval >= 0) {
769                     interpreter_fd = retval;
770                 }
771                 else {
772                     perror(elf_interpreter);
773                     exit(-1);
774                     /* retval = -errno; */
775                 }
776             }
777 
778             if (retval >= 0) {
779                 retval = lseek(interpreter_fd, 0, SEEK_SET);
780                 if (retval >= 0) {
781                     retval = read(interpreter_fd, bprm->buf, 128);
782                 }
783             }
784             if (retval >= 0) {
785                 interp_elf_ex = *((struct elfhdr *) bprm->buf); /* elf exec-header */
786             }
787             if (retval < 0) {
788                 perror("load_elf_binary3");
789                 exit(-1);
790                 free(elf_phdata);
791                 free(elf_interpreter);
792                 close(bprm->fd);
793                 return retval;
794             }
795         }
796         elf_ppnt++;
797     }
798 
799     /* Some simple consistency checks for the interpreter */
800     if (elf_interpreter) {
801         if (interp_elf_ex.e_ident[0] != 0x7f ||
802             strncmp((char *)&interp_elf_ex.e_ident[1], "ELF", 3) != 0) {
803             free(elf_interpreter);
804             free(elf_phdata);
805             close(bprm->fd);
806             return -ELIBBAD;
807         }
808     }
809 
810     /* OK, we are done with that, now set up the arg stuff,
811        and then start this sucker up */
812 
813     if (!bprm->p) {
814         free(elf_interpreter);
815         free(elf_phdata);
816         close(bprm->fd);
817         return -E2BIG;
818     }
819 
820     /* OK, This is the point of no return */
821     info->end_data = 0;
822     info->end_code = 0;
823     info->start_mmap = (abi_ulong)ELF_START_MMAP;
824     info->mmap = 0;
825     elf_entry = (abi_ulong) elf_ex.e_entry;
826 
827     /*
828      * In case where user has not explicitly set the guest_base, we
829      * probe here that should we set it automatically.
830      */
831     if (!have_guest_base) {
832         /*
833          * Go through ELF program header table and find out whether
834          * any of the segments drop below our current mmap_min_addr and
835          * in that case set guest_base to corresponding address.
836          */
837         for (i = 0, elf_ppnt = elf_phdata; i < elf_ex.e_phnum;
838             i++, elf_ppnt++) {
839             if (elf_ppnt->p_type != PT_LOAD)
840                 continue;
841             if (HOST_PAGE_ALIGN(elf_ppnt->p_vaddr) < mmap_min_addr) {
842                 guest_base = HOST_PAGE_ALIGN(mmap_min_addr);
843                 break;
844             }
845         }
846     }
847 
848     /* Do this so that we can load the interpreter, if need be.  We will
849        change some of these later */
850     info->rss = 0;
851     bprm->p = setup_arg_pages(bprm->p, bprm, info);
852     info->start_stack = bprm->p;
853 
854     /* Now we do a little grungy work by mmaping the ELF image into
855      * the correct location in memory.  At this point, we assume that
856      * the image should be loaded at fixed address, not at a variable
857      * address.
858      */
859 
860     for (i = 0, elf_ppnt = elf_phdata; i < elf_ex.e_phnum; i++, elf_ppnt++) {
861         int elf_prot = 0;
862         int elf_flags = 0;
863         abi_ulong error;
864 
865         if (elf_ppnt->p_type != PT_LOAD)
866             continue;
867 
868         if (elf_ppnt->p_flags & PF_R) elf_prot |= PROT_READ;
869         if (elf_ppnt->p_flags & PF_W) elf_prot |= PROT_WRITE;
870         if (elf_ppnt->p_flags & PF_X) elf_prot |= PROT_EXEC;
871         elf_flags = MAP_PRIVATE | MAP_DENYWRITE;
872         if (elf_ex.e_type == ET_EXEC || load_addr_set) {
873             elf_flags |= MAP_FIXED;
874         } else if (elf_ex.e_type == ET_DYN) {
875             /* Try and get dynamic programs out of the way of the default mmap
876                base, as well as whatever program they might try to exec.  This
877                is because the brk will follow the loader, and is not movable.  */
878             /* NOTE: for qemu, we do a big mmap to get enough space
879                without hardcoding any address */
880             error = target_mmap(0, ET_DYN_MAP_SIZE,
881                                 PROT_NONE, MAP_PRIVATE | MAP_ANON,
882                                 -1, 0);
883             if (error == -1) {
884                 perror("mmap");
885                 exit(-1);
886             }
887             load_bias = TARGET_ELF_PAGESTART(error - elf_ppnt->p_vaddr);
888         }
889 
890         error = target_mmap(TARGET_ELF_PAGESTART(load_bias + elf_ppnt->p_vaddr),
891                             (elf_ppnt->p_filesz +
892                              TARGET_ELF_PAGEOFFSET(elf_ppnt->p_vaddr)),
893                             elf_prot,
894                             (MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE),
895                             bprm->fd,
896                             (elf_ppnt->p_offset -
897                              TARGET_ELF_PAGEOFFSET(elf_ppnt->p_vaddr)));
898         if (error == -1) {
899             perror("mmap");
900             exit(-1);
901         }
902 
903 #ifdef LOW_ELF_STACK
904         if (TARGET_ELF_PAGESTART(elf_ppnt->p_vaddr) < elf_stack)
905             elf_stack = TARGET_ELF_PAGESTART(elf_ppnt->p_vaddr);
906 #endif
907 
908         if (!load_addr_set) {
909             load_addr_set = 1;
910             load_addr = elf_ppnt->p_vaddr - elf_ppnt->p_offset;
911             if (elf_ex.e_type == ET_DYN) {
912                 load_bias += error -
913                     TARGET_ELF_PAGESTART(load_bias + elf_ppnt->p_vaddr);
914                 load_addr += load_bias;
915                 reloc_func_desc = load_bias;
916             }
917         }
918         k = elf_ppnt->p_vaddr;
919         if (k < start_code)
920             start_code = k;
921         if (start_data < k)
922             start_data = k;
923         k = elf_ppnt->p_vaddr + elf_ppnt->p_filesz;
924         if (k > elf_bss)
925             elf_bss = k;
926         if ((elf_ppnt->p_flags & PF_X) && end_code <  k)
927             end_code = k;
928         if (end_data < k)
929             end_data = k;
930         k = elf_ppnt->p_vaddr + elf_ppnt->p_memsz;
931         if (k > elf_brk) elf_brk = k;
932     }
933 
934     elf_entry += load_bias;
935     elf_bss += load_bias;
936     elf_brk += load_bias;
937     start_code += load_bias;
938     end_code += load_bias;
939     start_data += load_bias;
940     end_data += load_bias;
941 
942     if (elf_interpreter) {
943         elf_entry = load_elf_interp(&interp_elf_ex, interpreter_fd,
944                                     &interp_load_addr);
945         reloc_func_desc = interp_load_addr;
946 
947         close(interpreter_fd);
948         free(elf_interpreter);
949 
950         if (elf_entry == ~((abi_ulong)0UL)) {
951             printf("Unable to load interpreter\n");
952             free(elf_phdata);
953             exit(-1);
954             return 0;
955         }
956     }
957 
958     free(elf_phdata);
959 
960     if (qemu_log_enabled())
961         load_symbols(&elf_ex, bprm->fd);
962 
963     close(bprm->fd);
964 
965 #ifdef LOW_ELF_STACK
966     info->start_stack = bprm->p = elf_stack - 4;
967 #endif
968     bprm->p = create_elf_tables(bprm->p,
969                                 bprm->argc,
970                                 bprm->envc,
971                                 &elf_ex,
972                                 load_addr, load_bias,
973                                 interp_load_addr,
974                                 info);
975     info->load_addr = reloc_func_desc;
976     info->start_brk = info->brk = elf_brk;
977     info->end_code = end_code;
978     info->start_code = start_code;
979     info->start_data = start_data;
980     info->end_data = end_data;
981     info->start_stack = bprm->p;
982 
983     /* Calling set_brk effectively mmaps the pages that we need for the bss and break
984        sections */
985     set_brk(elf_bss, elf_brk);
986 
987     padzero(elf_bss, elf_brk);
988 
989 #if 0
990     printf("(start_brk) %x\n" , info->start_brk);
991     printf("(end_code) %x\n" , info->end_code);
992     printf("(start_code) %x\n" , info->start_code);
993     printf("(end_data) %x\n" , info->end_data);
994     printf("(start_stack) %x\n" , info->start_stack);
995     printf("(brk) %x\n" , info->brk);
996 #endif
997 
998     info->entry = elf_entry;
999 
1000     return 0;
1001 }
1002 
1003 void do_init_thread(struct target_pt_regs *regs, struct image_info *infop)
1004 {
1005 
1006     target_thread_init(regs, infop);
1007 }
1008