xref: /openbmc/qemu/hw/core/loader.c (revision 878096ee)
1 /*
2  * QEMU Executable loader
3  *
4  * Copyright (c) 2006 Fabrice Bellard
5  *
6  * Permission is hereby granted, free of charge, to any person obtaining a copy
7  * of this software and associated documentation files (the "Software"), to deal
8  * in the Software without restriction, including without limitation the rights
9  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10  * copies of the Software, and to permit persons to whom the Software is
11  * furnished to do so, subject to the following conditions:
12  *
13  * The above copyright notice and this permission notice shall be included in
14  * all copies or substantial portions of the Software.
15  *
16  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22  * THE SOFTWARE.
23  *
24  * Gunzip functionality in this file is derived from u-boot:
25  *
26  * (C) Copyright 2008 Semihalf
27  *
28  * (C) Copyright 2000-2005
29  * Wolfgang Denk, DENX Software Engineering, wd@denx.de.
30  *
31  * This program is free software; you can redistribute it and/or
32  * modify it under the terms of the GNU General Public License as
33  * published by the Free Software Foundation; either version 2 of
34  * the License, or (at your option) any later version.
35  *
36  * This program is distributed in the hope that it will be useful,
37  * but WITHOUT ANY WARRANTY; without even the implied warranty of
38  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.	 See the
39  * GNU General Public License for more details.
40  *
41  * You should have received a copy of the GNU General Public License along
42  * with this program; if not, see <http://www.gnu.org/licenses/>.
43  */
44 
45 #include "hw/hw.h"
46 #include "disas/disas.h"
47 #include "monitor/monitor.h"
48 #include "sysemu/sysemu.h"
49 #include "uboot_image.h"
50 #include "hw/loader.h"
51 #include "hw/nvram/fw_cfg.h"
52 #include "exec/memory.h"
53 #include "exec/address-spaces.h"
54 
55 #include <zlib.h>
56 
57 static int roms_loaded;
58 
59 /* return the size or -1 if error */
60 int get_image_size(const char *filename)
61 {
62     int fd, size;
63     fd = open(filename, O_RDONLY | O_BINARY);
64     if (fd < 0)
65         return -1;
66     size = lseek(fd, 0, SEEK_END);
67     close(fd);
68     return size;
69 }
70 
71 /* return the size or -1 if error */
72 /* deprecated, because caller does not specify buffer size! */
73 int load_image(const char *filename, uint8_t *addr)
74 {
75     int fd, size;
76     fd = open(filename, O_RDONLY | O_BINARY);
77     if (fd < 0)
78         return -1;
79     size = lseek(fd, 0, SEEK_END);
80     lseek(fd, 0, SEEK_SET);
81     if (read(fd, addr, size) != size) {
82         close(fd);
83         return -1;
84     }
85     close(fd);
86     return size;
87 }
88 
89 /* read()-like version */
90 ssize_t read_targphys(const char *name,
91                       int fd, hwaddr dst_addr, size_t nbytes)
92 {
93     uint8_t *buf;
94     ssize_t did;
95 
96     buf = g_malloc(nbytes);
97     did = read(fd, buf, nbytes);
98     if (did > 0)
99         rom_add_blob_fixed("read", buf, did, dst_addr);
100     g_free(buf);
101     return did;
102 }
103 
104 /* return the size or -1 if error */
105 int load_image_targphys(const char *filename,
106                         hwaddr addr, uint64_t max_sz)
107 {
108     int size;
109 
110     size = get_image_size(filename);
111     if (size > max_sz) {
112         return -1;
113     }
114     if (size > 0) {
115         rom_add_file_fixed(filename, addr, -1);
116     }
117     return size;
118 }
119 
120 void pstrcpy_targphys(const char *name, hwaddr dest, int buf_size,
121                       const char *source)
122 {
123     const char *nulp;
124     char *ptr;
125 
126     if (buf_size <= 0) return;
127     nulp = memchr(source, 0, buf_size);
128     if (nulp) {
129         rom_add_blob_fixed(name, source, (nulp - source) + 1, dest);
130     } else {
131         rom_add_blob_fixed(name, source, buf_size, dest);
132         ptr = rom_ptr(dest + buf_size - 1);
133         *ptr = 0;
134     }
135 }
136 
137 /* A.OUT loader */
138 
139 struct exec
140 {
141   uint32_t a_info;   /* Use macros N_MAGIC, etc for access */
142   uint32_t a_text;   /* length of text, in bytes */
143   uint32_t a_data;   /* length of data, in bytes */
144   uint32_t a_bss;    /* length of uninitialized data area, in bytes */
145   uint32_t a_syms;   /* length of symbol table data in file, in bytes */
146   uint32_t a_entry;  /* start address */
147   uint32_t a_trsize; /* length of relocation info for text, in bytes */
148   uint32_t a_drsize; /* length of relocation info for data, in bytes */
149 };
150 
151 static void bswap_ahdr(struct exec *e)
152 {
153     bswap32s(&e->a_info);
154     bswap32s(&e->a_text);
155     bswap32s(&e->a_data);
156     bswap32s(&e->a_bss);
157     bswap32s(&e->a_syms);
158     bswap32s(&e->a_entry);
159     bswap32s(&e->a_trsize);
160     bswap32s(&e->a_drsize);
161 }
162 
163 #define N_MAGIC(exec) ((exec).a_info & 0xffff)
164 #define OMAGIC 0407
165 #define NMAGIC 0410
166 #define ZMAGIC 0413
167 #define QMAGIC 0314
168 #define _N_HDROFF(x) (1024 - sizeof (struct exec))
169 #define N_TXTOFF(x)							\
170     (N_MAGIC(x) == ZMAGIC ? _N_HDROFF((x)) + sizeof (struct exec) :	\
171      (N_MAGIC(x) == QMAGIC ? 0 : sizeof (struct exec)))
172 #define N_TXTADDR(x, target_page_size) (N_MAGIC(x) == QMAGIC ? target_page_size : 0)
173 #define _N_SEGMENT_ROUND(x, target_page_size) (((x) + target_page_size - 1) & ~(target_page_size - 1))
174 
175 #define _N_TXTENDADDR(x, target_page_size) (N_TXTADDR(x, target_page_size)+(x).a_text)
176 
177 #define N_DATADDR(x, target_page_size) \
178     (N_MAGIC(x)==OMAGIC? (_N_TXTENDADDR(x, target_page_size)) \
179      : (_N_SEGMENT_ROUND (_N_TXTENDADDR(x, target_page_size), target_page_size)))
180 
181 
182 int load_aout(const char *filename, hwaddr addr, int max_sz,
183               int bswap_needed, hwaddr target_page_size)
184 {
185     int fd;
186     ssize_t size, ret;
187     struct exec e;
188     uint32_t magic;
189 
190     fd = open(filename, O_RDONLY | O_BINARY);
191     if (fd < 0)
192         return -1;
193 
194     size = read(fd, &e, sizeof(e));
195     if (size < 0)
196         goto fail;
197 
198     if (bswap_needed) {
199         bswap_ahdr(&e);
200     }
201 
202     magic = N_MAGIC(e);
203     switch (magic) {
204     case ZMAGIC:
205     case QMAGIC:
206     case OMAGIC:
207         if (e.a_text + e.a_data > max_sz)
208             goto fail;
209 	lseek(fd, N_TXTOFF(e), SEEK_SET);
210 	size = read_targphys(filename, fd, addr, e.a_text + e.a_data);
211 	if (size < 0)
212 	    goto fail;
213 	break;
214     case NMAGIC:
215         if (N_DATADDR(e, target_page_size) + e.a_data > max_sz)
216             goto fail;
217 	lseek(fd, N_TXTOFF(e), SEEK_SET);
218 	size = read_targphys(filename, fd, addr, e.a_text);
219 	if (size < 0)
220 	    goto fail;
221         ret = read_targphys(filename, fd, addr + N_DATADDR(e, target_page_size),
222                             e.a_data);
223 	if (ret < 0)
224 	    goto fail;
225 	size += ret;
226 	break;
227     default:
228 	goto fail;
229     }
230     close(fd);
231     return size;
232  fail:
233     close(fd);
234     return -1;
235 }
236 
237 /* ELF loader */
238 
239 static void *load_at(int fd, int offset, int size)
240 {
241     void *ptr;
242     if (lseek(fd, offset, SEEK_SET) < 0)
243         return NULL;
244     ptr = g_malloc(size);
245     if (read(fd, ptr, size) != size) {
246         g_free(ptr);
247         return NULL;
248     }
249     return ptr;
250 }
251 
252 #ifdef ELF_CLASS
253 #undef ELF_CLASS
254 #endif
255 
256 #define ELF_CLASS   ELFCLASS32
257 #include "elf.h"
258 
259 #define SZ		32
260 #define elf_word        uint32_t
261 #define elf_sword        int32_t
262 #define bswapSZs	bswap32s
263 #include "hw/elf_ops.h"
264 
265 #undef elfhdr
266 #undef elf_phdr
267 #undef elf_shdr
268 #undef elf_sym
269 #undef elf_note
270 #undef elf_word
271 #undef elf_sword
272 #undef bswapSZs
273 #undef SZ
274 #define elfhdr		elf64_hdr
275 #define elf_phdr	elf64_phdr
276 #define elf_note	elf64_note
277 #define elf_shdr	elf64_shdr
278 #define elf_sym		elf64_sym
279 #define elf_word        uint64_t
280 #define elf_sword        int64_t
281 #define bswapSZs	bswap64s
282 #define SZ		64
283 #include "hw/elf_ops.h"
284 
285 /* return < 0 if error, otherwise the number of bytes loaded in memory */
286 int load_elf(const char *filename, uint64_t (*translate_fn)(void *, uint64_t),
287              void *translate_opaque, uint64_t *pentry, uint64_t *lowaddr,
288              uint64_t *highaddr, int big_endian, int elf_machine, int clear_lsb)
289 {
290     int fd, data_order, target_data_order, must_swab, ret;
291     uint8_t e_ident[EI_NIDENT];
292 
293     fd = open(filename, O_RDONLY | O_BINARY);
294     if (fd < 0) {
295         perror(filename);
296         return -1;
297     }
298     if (read(fd, e_ident, sizeof(e_ident)) != sizeof(e_ident))
299         goto fail;
300     if (e_ident[0] != ELFMAG0 ||
301         e_ident[1] != ELFMAG1 ||
302         e_ident[2] != ELFMAG2 ||
303         e_ident[3] != ELFMAG3)
304         goto fail;
305 #ifdef HOST_WORDS_BIGENDIAN
306     data_order = ELFDATA2MSB;
307 #else
308     data_order = ELFDATA2LSB;
309 #endif
310     must_swab = data_order != e_ident[EI_DATA];
311     if (big_endian) {
312         target_data_order = ELFDATA2MSB;
313     } else {
314         target_data_order = ELFDATA2LSB;
315     }
316 
317     if (target_data_order != e_ident[EI_DATA]) {
318         goto fail;
319     }
320 
321     lseek(fd, 0, SEEK_SET);
322     if (e_ident[EI_CLASS] == ELFCLASS64) {
323         ret = load_elf64(filename, fd, translate_fn, translate_opaque, must_swab,
324                          pentry, lowaddr, highaddr, elf_machine, clear_lsb);
325     } else {
326         ret = load_elf32(filename, fd, translate_fn, translate_opaque, must_swab,
327                          pentry, lowaddr, highaddr, elf_machine, clear_lsb);
328     }
329 
330     close(fd);
331     return ret;
332 
333  fail:
334     close(fd);
335     return -1;
336 }
337 
338 static void bswap_uboot_header(uboot_image_header_t *hdr)
339 {
340 #ifndef HOST_WORDS_BIGENDIAN
341     bswap32s(&hdr->ih_magic);
342     bswap32s(&hdr->ih_hcrc);
343     bswap32s(&hdr->ih_time);
344     bswap32s(&hdr->ih_size);
345     bswap32s(&hdr->ih_load);
346     bswap32s(&hdr->ih_ep);
347     bswap32s(&hdr->ih_dcrc);
348 #endif
349 }
350 
351 
352 #define ZALLOC_ALIGNMENT	16
353 
354 static void *zalloc(void *x, unsigned items, unsigned size)
355 {
356     void *p;
357 
358     size *= items;
359     size = (size + ZALLOC_ALIGNMENT - 1) & ~(ZALLOC_ALIGNMENT - 1);
360 
361     p = g_malloc(size);
362 
363     return (p);
364 }
365 
366 static void zfree(void *x, void *addr)
367 {
368     g_free(addr);
369 }
370 
371 
372 #define HEAD_CRC	2
373 #define EXTRA_FIELD	4
374 #define ORIG_NAME	8
375 #define COMMENT		0x10
376 #define RESERVED	0xe0
377 
378 #define DEFLATED	8
379 
380 /* This is the usual maximum in uboot, so if a uImage overflows this, it would
381  * overflow on real hardware too. */
382 #define UBOOT_MAX_GUNZIP_BYTES (64 << 20)
383 
384 static ssize_t gunzip(void *dst, size_t dstlen, uint8_t *src,
385                       size_t srclen)
386 {
387     z_stream s;
388     ssize_t dstbytes;
389     int r, i, flags;
390 
391     /* skip header */
392     i = 10;
393     flags = src[3];
394     if (src[2] != DEFLATED || (flags & RESERVED) != 0) {
395         puts ("Error: Bad gzipped data\n");
396         return -1;
397     }
398     if ((flags & EXTRA_FIELD) != 0)
399         i = 12 + src[10] + (src[11] << 8);
400     if ((flags & ORIG_NAME) != 0)
401         while (src[i++] != 0)
402             ;
403     if ((flags & COMMENT) != 0)
404         while (src[i++] != 0)
405             ;
406     if ((flags & HEAD_CRC) != 0)
407         i += 2;
408     if (i >= srclen) {
409         puts ("Error: gunzip out of data in header\n");
410         return -1;
411     }
412 
413     s.zalloc = zalloc;
414     s.zfree = zfree;
415 
416     r = inflateInit2(&s, -MAX_WBITS);
417     if (r != Z_OK) {
418         printf ("Error: inflateInit2() returned %d\n", r);
419         return (-1);
420     }
421     s.next_in = src + i;
422     s.avail_in = srclen - i;
423     s.next_out = dst;
424     s.avail_out = dstlen;
425     r = inflate(&s, Z_FINISH);
426     if (r != Z_OK && r != Z_STREAM_END) {
427         printf ("Error: inflate() returned %d\n", r);
428         return -1;
429     }
430     dstbytes = s.next_out - (unsigned char *) dst;
431     inflateEnd(&s);
432 
433     return dstbytes;
434 }
435 
436 /* Load a U-Boot image.  */
437 int load_uimage(const char *filename, hwaddr *ep,
438                 hwaddr *loadaddr, int *is_linux)
439 {
440     int fd;
441     int size;
442     uboot_image_header_t h;
443     uboot_image_header_t *hdr = &h;
444     uint8_t *data = NULL;
445     int ret = -1;
446 
447     fd = open(filename, O_RDONLY | O_BINARY);
448     if (fd < 0)
449         return -1;
450 
451     size = read(fd, hdr, sizeof(uboot_image_header_t));
452     if (size < 0)
453         goto out;
454 
455     bswap_uboot_header(hdr);
456 
457     if (hdr->ih_magic != IH_MAGIC)
458         goto out;
459 
460     /* TODO: Implement other image types.  */
461     if (hdr->ih_type != IH_TYPE_KERNEL) {
462         fprintf(stderr, "Can only load u-boot image type \"kernel\"\n");
463         goto out;
464     }
465 
466     switch (hdr->ih_comp) {
467     case IH_COMP_NONE:
468     case IH_COMP_GZIP:
469         break;
470     default:
471         fprintf(stderr,
472                 "Unable to load u-boot images with compression type %d\n",
473                 hdr->ih_comp);
474         goto out;
475     }
476 
477     /* TODO: Check CPU type.  */
478     if (is_linux) {
479         if (hdr->ih_os == IH_OS_LINUX)
480             *is_linux = 1;
481         else
482             *is_linux = 0;
483     }
484 
485     *ep = hdr->ih_ep;
486     data = g_malloc(hdr->ih_size);
487 
488     if (read(fd, data, hdr->ih_size) != hdr->ih_size) {
489         fprintf(stderr, "Error reading file\n");
490         goto out;
491     }
492 
493     if (hdr->ih_comp == IH_COMP_GZIP) {
494         uint8_t *compressed_data;
495         size_t max_bytes;
496         ssize_t bytes;
497 
498         compressed_data = data;
499         max_bytes = UBOOT_MAX_GUNZIP_BYTES;
500         data = g_malloc(max_bytes);
501 
502         bytes = gunzip(data, max_bytes, compressed_data, hdr->ih_size);
503         g_free(compressed_data);
504         if (bytes < 0) {
505             fprintf(stderr, "Unable to decompress gzipped image!\n");
506             goto out;
507         }
508         hdr->ih_size = bytes;
509     }
510 
511     rom_add_blob_fixed(filename, data, hdr->ih_size, hdr->ih_load);
512 
513     if (loadaddr)
514         *loadaddr = hdr->ih_load;
515 
516     ret = hdr->ih_size;
517 
518 out:
519     if (data)
520         g_free(data);
521     close(fd);
522     return ret;
523 }
524 
525 /*
526  * Functions for reboot-persistent memory regions.
527  *  - used for vga bios and option roms.
528  *  - also linux kernel (-kernel / -initrd).
529  */
530 
531 typedef struct Rom Rom;
532 
533 struct Rom {
534     char *name;
535     char *path;
536 
537     /* datasize is the amount of memory allocated in "data". If datasize is less
538      * than romsize, it means that the area from datasize to romsize is filled
539      * with zeros.
540      */
541     size_t romsize;
542     size_t datasize;
543 
544     uint8_t *data;
545     int isrom;
546     char *fw_dir;
547     char *fw_file;
548 
549     hwaddr addr;
550     QTAILQ_ENTRY(Rom) next;
551 };
552 
553 static FWCfgState *fw_cfg;
554 static QTAILQ_HEAD(, Rom) roms = QTAILQ_HEAD_INITIALIZER(roms);
555 
556 static void rom_insert(Rom *rom)
557 {
558     Rom *item;
559 
560     if (roms_loaded) {
561         hw_error ("ROM images must be loaded at startup\n");
562     }
563 
564     /* list is ordered by load address */
565     QTAILQ_FOREACH(item, &roms, next) {
566         if (rom->addr >= item->addr)
567             continue;
568         QTAILQ_INSERT_BEFORE(item, rom, next);
569         return;
570     }
571     QTAILQ_INSERT_TAIL(&roms, rom, next);
572 }
573 
574 int rom_add_file(const char *file, const char *fw_dir,
575                  hwaddr addr, int32_t bootindex)
576 {
577     Rom *rom;
578     int rc, fd = -1;
579     char devpath[100];
580 
581     rom = g_malloc0(sizeof(*rom));
582     rom->name = g_strdup(file);
583     rom->path = qemu_find_file(QEMU_FILE_TYPE_BIOS, rom->name);
584     if (rom->path == NULL) {
585         rom->path = g_strdup(file);
586     }
587 
588     fd = open(rom->path, O_RDONLY | O_BINARY);
589     if (fd == -1) {
590         fprintf(stderr, "Could not open option rom '%s': %s\n",
591                 rom->path, strerror(errno));
592         goto err;
593     }
594 
595     if (fw_dir) {
596         rom->fw_dir  = g_strdup(fw_dir);
597         rom->fw_file = g_strdup(file);
598     }
599     rom->addr     = addr;
600     rom->romsize  = lseek(fd, 0, SEEK_END);
601     rom->datasize = rom->romsize;
602     rom->data     = g_malloc0(rom->datasize);
603     lseek(fd, 0, SEEK_SET);
604     rc = read(fd, rom->data, rom->datasize);
605     if (rc != rom->datasize) {
606         fprintf(stderr, "rom: file %-20s: read error: rc=%d (expected %zd)\n",
607                 rom->name, rc, rom->datasize);
608         goto err;
609     }
610     close(fd);
611     rom_insert(rom);
612     if (rom->fw_file && fw_cfg) {
613         const char *basename;
614         char fw_file_name[56];
615 
616         basename = strrchr(rom->fw_file, '/');
617         if (basename) {
618             basename++;
619         } else {
620             basename = rom->fw_file;
621         }
622         snprintf(fw_file_name, sizeof(fw_file_name), "%s/%s", rom->fw_dir,
623                  basename);
624         fw_cfg_add_file(fw_cfg, fw_file_name, rom->data, rom->romsize);
625         snprintf(devpath, sizeof(devpath), "/rom@%s", fw_file_name);
626     } else {
627         snprintf(devpath, sizeof(devpath), "/rom@" TARGET_FMT_plx, addr);
628     }
629 
630     add_boot_device_path(bootindex, NULL, devpath);
631     return 0;
632 
633 err:
634     if (fd != -1)
635         close(fd);
636     g_free(rom->data);
637     g_free(rom->path);
638     g_free(rom->name);
639     g_free(rom);
640     return -1;
641 }
642 
643 int rom_add_blob(const char *name, const void *blob, size_t len,
644                  hwaddr addr)
645 {
646     Rom *rom;
647 
648     rom           = g_malloc0(sizeof(*rom));
649     rom->name     = g_strdup(name);
650     rom->addr     = addr;
651     rom->romsize  = len;
652     rom->datasize = len;
653     rom->data     = g_malloc0(rom->datasize);
654     memcpy(rom->data, blob, len);
655     rom_insert(rom);
656     return 0;
657 }
658 
659 /* This function is specific for elf program because we don't need to allocate
660  * all the rom. We just allocate the first part and the rest is just zeros. This
661  * is why romsize and datasize are different. Also, this function seize the
662  * memory ownership of "data", so we don't have to allocate and copy the buffer.
663  */
664 int rom_add_elf_program(const char *name, void *data, size_t datasize,
665                         size_t romsize, hwaddr addr)
666 {
667     Rom *rom;
668 
669     rom           = g_malloc0(sizeof(*rom));
670     rom->name     = g_strdup(name);
671     rom->addr     = addr;
672     rom->datasize = datasize;
673     rom->romsize  = romsize;
674     rom->data     = data;
675     rom_insert(rom);
676     return 0;
677 }
678 
679 int rom_add_vga(const char *file)
680 {
681     return rom_add_file(file, "vgaroms", 0, -1);
682 }
683 
684 int rom_add_option(const char *file, int32_t bootindex)
685 {
686     return rom_add_file(file, "genroms", 0, bootindex);
687 }
688 
689 static void rom_reset(void *unused)
690 {
691     Rom *rom;
692 
693     QTAILQ_FOREACH(rom, &roms, next) {
694         if (rom->fw_file) {
695             continue;
696         }
697         if (rom->data == NULL) {
698             continue;
699         }
700         cpu_physical_memory_write_rom(rom->addr, rom->data, rom->datasize);
701         if (rom->isrom) {
702             /* rom needs to be written only once */
703             g_free(rom->data);
704             rom->data = NULL;
705         }
706     }
707 }
708 
709 int rom_load_all(void)
710 {
711     hwaddr addr = 0;
712     MemoryRegionSection section;
713     Rom *rom;
714 
715     QTAILQ_FOREACH(rom, &roms, next) {
716         if (rom->fw_file) {
717             continue;
718         }
719         if (addr > rom->addr) {
720             fprintf(stderr, "rom: requested regions overlap "
721                     "(rom %s. free=0x" TARGET_FMT_plx
722                     ", addr=0x" TARGET_FMT_plx ")\n",
723                     rom->name, addr, rom->addr);
724             return -1;
725         }
726         addr  = rom->addr;
727         addr += rom->romsize;
728         section = memory_region_find(get_system_memory(), rom->addr, 1);
729         rom->isrom = int128_nz(section.size) && memory_region_is_rom(section.mr);
730     }
731     qemu_register_reset(rom_reset, NULL);
732     roms_loaded = 1;
733     return 0;
734 }
735 
736 void rom_set_fw(FWCfgState *f)
737 {
738     fw_cfg = f;
739 }
740 
741 static Rom *find_rom(hwaddr addr)
742 {
743     Rom *rom;
744 
745     QTAILQ_FOREACH(rom, &roms, next) {
746         if (rom->fw_file) {
747             continue;
748         }
749         if (rom->addr > addr) {
750             continue;
751         }
752         if (rom->addr + rom->romsize < addr) {
753             continue;
754         }
755         return rom;
756     }
757     return NULL;
758 }
759 
760 /*
761  * Copies memory from registered ROMs to dest. Any memory that is contained in
762  * a ROM between addr and addr + size is copied. Note that this can involve
763  * multiple ROMs, which need not start at addr and need not end at addr + size.
764  */
765 int rom_copy(uint8_t *dest, hwaddr addr, size_t size)
766 {
767     hwaddr end = addr + size;
768     uint8_t *s, *d = dest;
769     size_t l = 0;
770     Rom *rom;
771 
772     QTAILQ_FOREACH(rom, &roms, next) {
773         if (rom->fw_file) {
774             continue;
775         }
776         if (rom->addr + rom->romsize < addr) {
777             continue;
778         }
779         if (rom->addr > end) {
780             break;
781         }
782         if (!rom->data) {
783             continue;
784         }
785 
786         d = dest + (rom->addr - addr);
787         s = rom->data;
788         l = rom->datasize;
789 
790         if ((d + l) > (dest + size)) {
791             l = dest - d;
792         }
793 
794         memcpy(d, s, l);
795 
796         if (rom->romsize > rom->datasize) {
797             /* If datasize is less than romsize, it means that we didn't
798              * allocate all the ROM because the trailing data are only zeros.
799              */
800 
801             d += l;
802             l = rom->romsize - rom->datasize;
803 
804             if ((d + l) > (dest + size)) {
805                 /* Rom size doesn't fit in the destination area. Adjust to avoid
806                  * overflow.
807                  */
808                 l = dest - d;
809             }
810 
811             if (l > 0) {
812                 memset(d, 0x0, l);
813             }
814         }
815     }
816 
817     return (d + l) - dest;
818 }
819 
820 void *rom_ptr(hwaddr addr)
821 {
822     Rom *rom;
823 
824     rom = find_rom(addr);
825     if (!rom || !rom->data)
826         return NULL;
827     return rom->data + (addr - rom->addr);
828 }
829 
830 void do_info_roms(Monitor *mon, const QDict *qdict)
831 {
832     Rom *rom;
833 
834     QTAILQ_FOREACH(rom, &roms, next) {
835         if (!rom->fw_file) {
836             monitor_printf(mon, "addr=" TARGET_FMT_plx
837                            " size=0x%06zx mem=%s name=\"%s\"\n",
838                            rom->addr, rom->romsize,
839                            rom->isrom ? "rom" : "ram",
840                            rom->name);
841         } else {
842             monitor_printf(mon, "fw=%s/%s"
843                            " size=0x%06zx name=\"%s\"\n",
844                            rom->fw_dir,
845                            rom->fw_file,
846                            rom->romsize,
847                            rom->name);
848         }
849     }
850 }
851