1 /* This is the Linux kernel elf-loading code, ported into user space */ 2 #include <sys/time.h> 3 #include <sys/param.h> 4 5 #include <stdio.h> 6 #include <sys/types.h> 7 #include <fcntl.h> 8 #include <errno.h> 9 #include <unistd.h> 10 #include <sys/mman.h> 11 #include <sys/resource.h> 12 #include <stdlib.h> 13 #include <string.h> 14 #include <time.h> 15 16 #include "qemu.h" 17 #include "disas.h" 18 19 #ifdef _ARCH_PPC64 20 #undef ARCH_DLINFO 21 #undef ELF_PLATFORM 22 #undef ELF_HWCAP 23 #undef ELF_CLASS 24 #undef ELF_DATA 25 #undef ELF_ARCH 26 #endif 27 28 #define ELF_OSABI ELFOSABI_SYSV 29 30 /* from personality.h */ 31 32 /* 33 * Flags for bug emulation. 34 * 35 * These occupy the top three bytes. 36 */ 37 enum { 38 ADDR_NO_RANDOMIZE = 0x0040000, /* disable randomization of VA space */ 39 FDPIC_FUNCPTRS = 0x0080000, /* userspace function ptrs point to 40 descriptors (signal handling) */ 41 MMAP_PAGE_ZERO = 0x0100000, 42 ADDR_COMPAT_LAYOUT = 0x0200000, 43 READ_IMPLIES_EXEC = 0x0400000, 44 ADDR_LIMIT_32BIT = 0x0800000, 45 SHORT_INODE = 0x1000000, 46 WHOLE_SECONDS = 0x2000000, 47 STICKY_TIMEOUTS = 0x4000000, 48 ADDR_LIMIT_3GB = 0x8000000, 49 }; 50 51 /* 52 * Personality types. 53 * 54 * These go in the low byte. Avoid using the top bit, it will 55 * conflict with error returns. 56 */ 57 enum { 58 PER_LINUX = 0x0000, 59 PER_LINUX_32BIT = 0x0000 | ADDR_LIMIT_32BIT, 60 PER_LINUX_FDPIC = 0x0000 | FDPIC_FUNCPTRS, 61 PER_SVR4 = 0x0001 | STICKY_TIMEOUTS | MMAP_PAGE_ZERO, 62 PER_SVR3 = 0x0002 | STICKY_TIMEOUTS | SHORT_INODE, 63 PER_SCOSVR3 = 0x0003 | STICKY_TIMEOUTS | WHOLE_SECONDS | SHORT_INODE, 64 PER_OSR5 = 0x0003 | STICKY_TIMEOUTS | WHOLE_SECONDS, 65 PER_WYSEV386 = 0x0004 | STICKY_TIMEOUTS | SHORT_INODE, 66 PER_ISCR4 = 0x0005 | STICKY_TIMEOUTS, 67 PER_BSD = 0x0006, 68 PER_SUNOS = 0x0006 | STICKY_TIMEOUTS, 69 PER_XENIX = 0x0007 | STICKY_TIMEOUTS | SHORT_INODE, 70 PER_LINUX32 = 0x0008, 71 PER_LINUX32_3GB = 0x0008 | ADDR_LIMIT_3GB, 72 PER_IRIX32 = 0x0009 | STICKY_TIMEOUTS,/* IRIX5 32-bit */ 73 PER_IRIXN32 = 0x000a | STICKY_TIMEOUTS,/* IRIX6 new 32-bit */ 74 PER_IRIX64 = 0x000b | STICKY_TIMEOUTS,/* IRIX6 64-bit */ 75 PER_RISCOS = 0x000c, 76 PER_SOLARIS = 0x000d | STICKY_TIMEOUTS, 77 PER_UW7 = 0x000e | STICKY_TIMEOUTS | MMAP_PAGE_ZERO, 78 PER_OSF4 = 0x000f, /* OSF/1 v4 */ 79 PER_HPUX = 0x0010, 80 PER_MASK = 0x00ff, 81 }; 82 83 /* 84 * Return the base personality without flags. 85 */ 86 #define personality(pers) (pers & PER_MASK) 87 88 /* this flag is uneffective under linux too, should be deleted */ 89 #ifndef MAP_DENYWRITE 90 #define MAP_DENYWRITE 0 91 #endif 92 93 /* should probably go in elf.h */ 94 #ifndef ELIBBAD 95 #define ELIBBAD 80 96 #endif 97 98 #ifdef TARGET_WORDS_BIGENDIAN 99 #define ELF_DATA ELFDATA2MSB 100 #else 101 #define ELF_DATA ELFDATA2LSB 102 #endif 103 104 typedef target_ulong target_elf_greg_t; 105 #ifdef USE_UID16 106 typedef target_ushort target_uid_t; 107 typedef target_ushort target_gid_t; 108 #else 109 typedef target_uint target_uid_t; 110 typedef target_uint target_gid_t; 111 #endif 112 typedef target_int target_pid_t; 113 114 #ifdef TARGET_I386 115 116 #define ELF_PLATFORM get_elf_platform() 117 118 static const char *get_elf_platform(void) 119 { 120 static char elf_platform[] = "i386"; 121 int family = (thread_env->cpuid_version >> 8) & 0xff; 122 if (family > 6) 123 family = 6; 124 if (family >= 3) 125 elf_platform[1] = '0' + family; 126 return elf_platform; 127 } 128 129 #define ELF_HWCAP get_elf_hwcap() 130 131 static uint32_t get_elf_hwcap(void) 132 { 133 return thread_env->cpuid_features; 134 } 135 136 #ifdef TARGET_X86_64 137 #define ELF_START_MMAP 0x2aaaaab000ULL 138 #define elf_check_arch(x) ( ((x) == ELF_ARCH) ) 139 140 #define ELF_CLASS ELFCLASS64 141 #define ELF_ARCH EM_X86_64 142 143 static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop) 144 { 145 regs->rax = 0; 146 regs->rsp = infop->start_stack; 147 regs->rip = infop->entry; 148 } 149 150 #define ELF_NREG 27 151 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 152 153 /* 154 * Note that ELF_NREG should be 29 as there should be place for 155 * TRAPNO and ERR "registers" as well but linux doesn't dump 156 * those. 157 * 158 * See linux kernel: arch/x86/include/asm/elf.h 159 */ 160 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env) 161 { 162 (*regs)[0] = env->regs[15]; 163 (*regs)[1] = env->regs[14]; 164 (*regs)[2] = env->regs[13]; 165 (*regs)[3] = env->regs[12]; 166 (*regs)[4] = env->regs[R_EBP]; 167 (*regs)[5] = env->regs[R_EBX]; 168 (*regs)[6] = env->regs[11]; 169 (*regs)[7] = env->regs[10]; 170 (*regs)[8] = env->regs[9]; 171 (*regs)[9] = env->regs[8]; 172 (*regs)[10] = env->regs[R_EAX]; 173 (*regs)[11] = env->regs[R_ECX]; 174 (*regs)[12] = env->regs[R_EDX]; 175 (*regs)[13] = env->regs[R_ESI]; 176 (*regs)[14] = env->regs[R_EDI]; 177 (*regs)[15] = env->regs[R_EAX]; /* XXX */ 178 (*regs)[16] = env->eip; 179 (*regs)[17] = env->segs[R_CS].selector & 0xffff; 180 (*regs)[18] = env->eflags; 181 (*regs)[19] = env->regs[R_ESP]; 182 (*regs)[20] = env->segs[R_SS].selector & 0xffff; 183 (*regs)[21] = env->segs[R_FS].selector & 0xffff; 184 (*regs)[22] = env->segs[R_GS].selector & 0xffff; 185 (*regs)[23] = env->segs[R_DS].selector & 0xffff; 186 (*regs)[24] = env->segs[R_ES].selector & 0xffff; 187 (*regs)[25] = env->segs[R_FS].selector & 0xffff; 188 (*regs)[26] = env->segs[R_GS].selector & 0xffff; 189 } 190 191 #else 192 193 #define ELF_START_MMAP 0x80000000 194 195 /* 196 * This is used to ensure we don't load something for the wrong architecture. 197 */ 198 #define elf_check_arch(x) ( ((x) == EM_386) || ((x) == EM_486) ) 199 200 /* 201 * These are used to set parameters in the core dumps. 202 */ 203 #define ELF_CLASS ELFCLASS32 204 #define ELF_ARCH EM_386 205 206 static inline void init_thread(struct target_pt_regs *regs, 207 struct image_info *infop) 208 { 209 regs->esp = infop->start_stack; 210 regs->eip = infop->entry; 211 212 /* SVR4/i386 ABI (pages 3-31, 3-32) says that when the program 213 starts %edx contains a pointer to a function which might be 214 registered using `atexit'. This provides a mean for the 215 dynamic linker to call DT_FINI functions for shared libraries 216 that have been loaded before the code runs. 217 218 A value of 0 tells we have no such handler. */ 219 regs->edx = 0; 220 } 221 222 #define ELF_NREG 17 223 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 224 225 /* 226 * Note that ELF_NREG should be 19 as there should be place for 227 * TRAPNO and ERR "registers" as well but linux doesn't dump 228 * those. 229 * 230 * See linux kernel: arch/x86/include/asm/elf.h 231 */ 232 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env) 233 { 234 (*regs)[0] = env->regs[R_EBX]; 235 (*regs)[1] = env->regs[R_ECX]; 236 (*regs)[2] = env->regs[R_EDX]; 237 (*regs)[3] = env->regs[R_ESI]; 238 (*regs)[4] = env->regs[R_EDI]; 239 (*regs)[5] = env->regs[R_EBP]; 240 (*regs)[6] = env->regs[R_EAX]; 241 (*regs)[7] = env->segs[R_DS].selector & 0xffff; 242 (*regs)[8] = env->segs[R_ES].selector & 0xffff; 243 (*regs)[9] = env->segs[R_FS].selector & 0xffff; 244 (*regs)[10] = env->segs[R_GS].selector & 0xffff; 245 (*regs)[11] = env->regs[R_EAX]; /* XXX */ 246 (*regs)[12] = env->eip; 247 (*regs)[13] = env->segs[R_CS].selector & 0xffff; 248 (*regs)[14] = env->eflags; 249 (*regs)[15] = env->regs[R_ESP]; 250 (*regs)[16] = env->segs[R_SS].selector & 0xffff; 251 } 252 #endif 253 254 #define USE_ELF_CORE_DUMP 255 #define ELF_EXEC_PAGESIZE 4096 256 257 #endif 258 259 #ifdef TARGET_ARM 260 261 #define ELF_START_MMAP 0x80000000 262 263 #define elf_check_arch(x) ( (x) == EM_ARM ) 264 265 #define ELF_CLASS ELFCLASS32 266 #define ELF_ARCH EM_ARM 267 268 static inline void init_thread(struct target_pt_regs *regs, 269 struct image_info *infop) 270 { 271 abi_long stack = infop->start_stack; 272 memset(regs, 0, sizeof(*regs)); 273 regs->ARM_cpsr = 0x10; 274 if (infop->entry & 1) 275 regs->ARM_cpsr |= CPSR_T; 276 regs->ARM_pc = infop->entry & 0xfffffffe; 277 regs->ARM_sp = infop->start_stack; 278 /* FIXME - what to for failure of get_user()? */ 279 get_user_ual(regs->ARM_r2, stack + 8); /* envp */ 280 get_user_ual(regs->ARM_r1, stack + 4); /* envp */ 281 /* XXX: it seems that r0 is zeroed after ! */ 282 regs->ARM_r0 = 0; 283 /* For uClinux PIC binaries. */ 284 /* XXX: Linux does this only on ARM with no MMU (do we care ?) */ 285 regs->ARM_r10 = infop->start_data; 286 } 287 288 #define ELF_NREG 18 289 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 290 291 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env) 292 { 293 (*regs)[0] = tswapl(env->regs[0]); 294 (*regs)[1] = tswapl(env->regs[1]); 295 (*regs)[2] = tswapl(env->regs[2]); 296 (*regs)[3] = tswapl(env->regs[3]); 297 (*regs)[4] = tswapl(env->regs[4]); 298 (*regs)[5] = tswapl(env->regs[5]); 299 (*regs)[6] = tswapl(env->regs[6]); 300 (*regs)[7] = tswapl(env->regs[7]); 301 (*regs)[8] = tswapl(env->regs[8]); 302 (*regs)[9] = tswapl(env->regs[9]); 303 (*regs)[10] = tswapl(env->regs[10]); 304 (*regs)[11] = tswapl(env->regs[11]); 305 (*regs)[12] = tswapl(env->regs[12]); 306 (*regs)[13] = tswapl(env->regs[13]); 307 (*regs)[14] = tswapl(env->regs[14]); 308 (*regs)[15] = tswapl(env->regs[15]); 309 310 (*regs)[16] = tswapl(cpsr_read((CPUState *)env)); 311 (*regs)[17] = tswapl(env->regs[0]); /* XXX */ 312 } 313 314 #define USE_ELF_CORE_DUMP 315 #define ELF_EXEC_PAGESIZE 4096 316 317 enum 318 { 319 ARM_HWCAP_ARM_SWP = 1 << 0, 320 ARM_HWCAP_ARM_HALF = 1 << 1, 321 ARM_HWCAP_ARM_THUMB = 1 << 2, 322 ARM_HWCAP_ARM_26BIT = 1 << 3, 323 ARM_HWCAP_ARM_FAST_MULT = 1 << 4, 324 ARM_HWCAP_ARM_FPA = 1 << 5, 325 ARM_HWCAP_ARM_VFP = 1 << 6, 326 ARM_HWCAP_ARM_EDSP = 1 << 7, 327 ARM_HWCAP_ARM_JAVA = 1 << 8, 328 ARM_HWCAP_ARM_IWMMXT = 1 << 9, 329 ARM_HWCAP_ARM_THUMBEE = 1 << 10, 330 ARM_HWCAP_ARM_NEON = 1 << 11, 331 ARM_HWCAP_ARM_VFPv3 = 1 << 12, 332 ARM_HWCAP_ARM_VFPv3D16 = 1 << 13, 333 }; 334 335 #define TARGET_HAS_GUEST_VALIDATE_BASE 336 /* We want the opportunity to check the suggested base */ 337 bool guest_validate_base(unsigned long guest_base) 338 { 339 unsigned long real_start, test_page_addr; 340 341 /* We need to check that we can force a fault on access to the 342 * commpage at 0xffff0fxx 343 */ 344 test_page_addr = guest_base + (0xffff0f00 & qemu_host_page_mask); 345 /* Note it needs to be writeable to let us initialise it */ 346 real_start = (unsigned long) 347 mmap((void *)test_page_addr, qemu_host_page_size, 348 PROT_READ | PROT_WRITE, 349 MAP_ANONYMOUS | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); 350 351 /* If we can't map it then try another address */ 352 if (real_start == -1ul) { 353 return 0; 354 } 355 356 if (real_start != test_page_addr) { 357 /* OS didn't put the page where we asked - unmap and reject */ 358 munmap((void *)real_start, qemu_host_page_size); 359 return 0; 360 } 361 362 /* Leave the page mapped 363 * Populate it (mmap should have left it all 0'd) 364 */ 365 366 /* Kernel helper versions */ 367 __put_user(5, (uint32_t *)g2h(0xffff0ffcul)); 368 369 /* Now it's populated make it RO */ 370 if (mprotect((void *)test_page_addr, qemu_host_page_size, PROT_READ)) { 371 perror("Protecting guest commpage"); 372 exit(-1); 373 } 374 375 return 1; /* All good */ 376 } 377 378 #define ELF_HWCAP (ARM_HWCAP_ARM_SWP | ARM_HWCAP_ARM_HALF \ 379 | ARM_HWCAP_ARM_THUMB | ARM_HWCAP_ARM_FAST_MULT \ 380 | ARM_HWCAP_ARM_FPA | ARM_HWCAP_ARM_VFP \ 381 | ARM_HWCAP_ARM_NEON | ARM_HWCAP_ARM_VFPv3 ) 382 383 #endif 384 385 #ifdef TARGET_UNICORE32 386 387 #define ELF_START_MMAP 0x80000000 388 389 #define elf_check_arch(x) ((x) == EM_UNICORE32) 390 391 #define ELF_CLASS ELFCLASS32 392 #define ELF_DATA ELFDATA2LSB 393 #define ELF_ARCH EM_UNICORE32 394 395 static inline void init_thread(struct target_pt_regs *regs, 396 struct image_info *infop) 397 { 398 abi_long stack = infop->start_stack; 399 memset(regs, 0, sizeof(*regs)); 400 regs->UC32_REG_asr = 0x10; 401 regs->UC32_REG_pc = infop->entry & 0xfffffffe; 402 regs->UC32_REG_sp = infop->start_stack; 403 /* FIXME - what to for failure of get_user()? */ 404 get_user_ual(regs->UC32_REG_02, stack + 8); /* envp */ 405 get_user_ual(regs->UC32_REG_01, stack + 4); /* envp */ 406 /* XXX: it seems that r0 is zeroed after ! */ 407 regs->UC32_REG_00 = 0; 408 } 409 410 #define ELF_NREG 34 411 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 412 413 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env) 414 { 415 (*regs)[0] = env->regs[0]; 416 (*regs)[1] = env->regs[1]; 417 (*regs)[2] = env->regs[2]; 418 (*regs)[3] = env->regs[3]; 419 (*regs)[4] = env->regs[4]; 420 (*regs)[5] = env->regs[5]; 421 (*regs)[6] = env->regs[6]; 422 (*regs)[7] = env->regs[7]; 423 (*regs)[8] = env->regs[8]; 424 (*regs)[9] = env->regs[9]; 425 (*regs)[10] = env->regs[10]; 426 (*regs)[11] = env->regs[11]; 427 (*regs)[12] = env->regs[12]; 428 (*regs)[13] = env->regs[13]; 429 (*regs)[14] = env->regs[14]; 430 (*regs)[15] = env->regs[15]; 431 (*regs)[16] = env->regs[16]; 432 (*regs)[17] = env->regs[17]; 433 (*regs)[18] = env->regs[18]; 434 (*regs)[19] = env->regs[19]; 435 (*regs)[20] = env->regs[20]; 436 (*regs)[21] = env->regs[21]; 437 (*regs)[22] = env->regs[22]; 438 (*regs)[23] = env->regs[23]; 439 (*regs)[24] = env->regs[24]; 440 (*regs)[25] = env->regs[25]; 441 (*regs)[26] = env->regs[26]; 442 (*regs)[27] = env->regs[27]; 443 (*regs)[28] = env->regs[28]; 444 (*regs)[29] = env->regs[29]; 445 (*regs)[30] = env->regs[30]; 446 (*regs)[31] = env->regs[31]; 447 448 (*regs)[32] = cpu_asr_read((CPUState *)env); 449 (*regs)[33] = env->regs[0]; /* XXX */ 450 } 451 452 #define USE_ELF_CORE_DUMP 453 #define ELF_EXEC_PAGESIZE 4096 454 455 #define ELF_HWCAP (UC32_HWCAP_CMOV | UC32_HWCAP_UCF64) 456 457 #endif 458 459 #ifdef TARGET_SPARC 460 #ifdef TARGET_SPARC64 461 462 #define ELF_START_MMAP 0x80000000 463 #define ELF_HWCAP (HWCAP_SPARC_FLUSH | HWCAP_SPARC_STBAR | HWCAP_SPARC_SWAP \ 464 | HWCAP_SPARC_MULDIV | HWCAP_SPARC_V9) 465 #ifndef TARGET_ABI32 466 #define elf_check_arch(x) ( (x) == EM_SPARCV9 || (x) == EM_SPARC32PLUS ) 467 #else 468 #define elf_check_arch(x) ( (x) == EM_SPARC32PLUS || (x) == EM_SPARC ) 469 #endif 470 471 #define ELF_CLASS ELFCLASS64 472 #define ELF_ARCH EM_SPARCV9 473 474 #define STACK_BIAS 2047 475 476 static inline void init_thread(struct target_pt_regs *regs, 477 struct image_info *infop) 478 { 479 #ifndef TARGET_ABI32 480 regs->tstate = 0; 481 #endif 482 regs->pc = infop->entry; 483 regs->npc = regs->pc + 4; 484 regs->y = 0; 485 #ifdef TARGET_ABI32 486 regs->u_regs[14] = infop->start_stack - 16 * 4; 487 #else 488 if (personality(infop->personality) == PER_LINUX32) 489 regs->u_regs[14] = infop->start_stack - 16 * 4; 490 else 491 regs->u_regs[14] = infop->start_stack - 16 * 8 - STACK_BIAS; 492 #endif 493 } 494 495 #else 496 #define ELF_START_MMAP 0x80000000 497 #define ELF_HWCAP (HWCAP_SPARC_FLUSH | HWCAP_SPARC_STBAR | HWCAP_SPARC_SWAP \ 498 | HWCAP_SPARC_MULDIV) 499 #define elf_check_arch(x) ( (x) == EM_SPARC ) 500 501 #define ELF_CLASS ELFCLASS32 502 #define ELF_ARCH EM_SPARC 503 504 static inline void init_thread(struct target_pt_regs *regs, 505 struct image_info *infop) 506 { 507 regs->psr = 0; 508 regs->pc = infop->entry; 509 regs->npc = regs->pc + 4; 510 regs->y = 0; 511 regs->u_regs[14] = infop->start_stack - 16 * 4; 512 } 513 514 #endif 515 #endif 516 517 #ifdef TARGET_PPC 518 519 #define ELF_START_MMAP 0x80000000 520 521 #if defined(TARGET_PPC64) && !defined(TARGET_ABI32) 522 523 #define elf_check_arch(x) ( (x) == EM_PPC64 ) 524 525 #define ELF_CLASS ELFCLASS64 526 527 #else 528 529 #define elf_check_arch(x) ( (x) == EM_PPC ) 530 531 #define ELF_CLASS ELFCLASS32 532 533 #endif 534 535 #define ELF_ARCH EM_PPC 536 537 /* Feature masks for the Aux Vector Hardware Capabilities (AT_HWCAP). 538 See arch/powerpc/include/asm/cputable.h. */ 539 enum { 540 QEMU_PPC_FEATURE_32 = 0x80000000, 541 QEMU_PPC_FEATURE_64 = 0x40000000, 542 QEMU_PPC_FEATURE_601_INSTR = 0x20000000, 543 QEMU_PPC_FEATURE_HAS_ALTIVEC = 0x10000000, 544 QEMU_PPC_FEATURE_HAS_FPU = 0x08000000, 545 QEMU_PPC_FEATURE_HAS_MMU = 0x04000000, 546 QEMU_PPC_FEATURE_HAS_4xxMAC = 0x02000000, 547 QEMU_PPC_FEATURE_UNIFIED_CACHE = 0x01000000, 548 QEMU_PPC_FEATURE_HAS_SPE = 0x00800000, 549 QEMU_PPC_FEATURE_HAS_EFP_SINGLE = 0x00400000, 550 QEMU_PPC_FEATURE_HAS_EFP_DOUBLE = 0x00200000, 551 QEMU_PPC_FEATURE_NO_TB = 0x00100000, 552 QEMU_PPC_FEATURE_POWER4 = 0x00080000, 553 QEMU_PPC_FEATURE_POWER5 = 0x00040000, 554 QEMU_PPC_FEATURE_POWER5_PLUS = 0x00020000, 555 QEMU_PPC_FEATURE_CELL = 0x00010000, 556 QEMU_PPC_FEATURE_BOOKE = 0x00008000, 557 QEMU_PPC_FEATURE_SMT = 0x00004000, 558 QEMU_PPC_FEATURE_ICACHE_SNOOP = 0x00002000, 559 QEMU_PPC_FEATURE_ARCH_2_05 = 0x00001000, 560 QEMU_PPC_FEATURE_PA6T = 0x00000800, 561 QEMU_PPC_FEATURE_HAS_DFP = 0x00000400, 562 QEMU_PPC_FEATURE_POWER6_EXT = 0x00000200, 563 QEMU_PPC_FEATURE_ARCH_2_06 = 0x00000100, 564 QEMU_PPC_FEATURE_HAS_VSX = 0x00000080, 565 QEMU_PPC_FEATURE_PSERIES_PERFMON_COMPAT = 0x00000040, 566 567 QEMU_PPC_FEATURE_TRUE_LE = 0x00000002, 568 QEMU_PPC_FEATURE_PPC_LE = 0x00000001, 569 }; 570 571 #define ELF_HWCAP get_elf_hwcap() 572 573 static uint32_t get_elf_hwcap(void) 574 { 575 CPUState *e = thread_env; 576 uint32_t features = 0; 577 578 /* We don't have to be terribly complete here; the high points are 579 Altivec/FP/SPE support. Anything else is just a bonus. */ 580 #define GET_FEATURE(flag, feature) \ 581 do {if (e->insns_flags & flag) features |= feature; } while(0) 582 GET_FEATURE(PPC_64B, QEMU_PPC_FEATURE_64); 583 GET_FEATURE(PPC_FLOAT, QEMU_PPC_FEATURE_HAS_FPU); 584 GET_FEATURE(PPC_ALTIVEC, QEMU_PPC_FEATURE_HAS_ALTIVEC); 585 GET_FEATURE(PPC_SPE, QEMU_PPC_FEATURE_HAS_SPE); 586 GET_FEATURE(PPC_SPE_SINGLE, QEMU_PPC_FEATURE_HAS_EFP_SINGLE); 587 GET_FEATURE(PPC_SPE_DOUBLE, QEMU_PPC_FEATURE_HAS_EFP_DOUBLE); 588 GET_FEATURE(PPC_BOOKE, QEMU_PPC_FEATURE_BOOKE); 589 GET_FEATURE(PPC_405_MAC, QEMU_PPC_FEATURE_HAS_4xxMAC); 590 #undef GET_FEATURE 591 592 return features; 593 } 594 595 /* 596 * The requirements here are: 597 * - keep the final alignment of sp (sp & 0xf) 598 * - make sure the 32-bit value at the first 16 byte aligned position of 599 * AUXV is greater than 16 for glibc compatibility. 600 * AT_IGNOREPPC is used for that. 601 * - for compatibility with glibc ARCH_DLINFO must always be defined on PPC, 602 * even if DLINFO_ARCH_ITEMS goes to zero or is undefined. 603 */ 604 #define DLINFO_ARCH_ITEMS 5 605 #define ARCH_DLINFO \ 606 do { \ 607 NEW_AUX_ENT(AT_DCACHEBSIZE, 0x20); \ 608 NEW_AUX_ENT(AT_ICACHEBSIZE, 0x20); \ 609 NEW_AUX_ENT(AT_UCACHEBSIZE, 0); \ 610 /* \ 611 * Now handle glibc compatibility. \ 612 */ \ 613 NEW_AUX_ENT(AT_IGNOREPPC, AT_IGNOREPPC); \ 614 NEW_AUX_ENT(AT_IGNOREPPC, AT_IGNOREPPC); \ 615 } while (0) 616 617 static inline void init_thread(struct target_pt_regs *_regs, struct image_info *infop) 618 { 619 _regs->gpr[1] = infop->start_stack; 620 #if defined(TARGET_PPC64) && !defined(TARGET_ABI32) 621 _regs->gpr[2] = ldq_raw(infop->entry + 8) + infop->load_bias; 622 infop->entry = ldq_raw(infop->entry) + infop->load_bias; 623 #endif 624 _regs->nip = infop->entry; 625 } 626 627 /* See linux kernel: arch/powerpc/include/asm/elf.h. */ 628 #define ELF_NREG 48 629 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 630 631 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env) 632 { 633 int i; 634 target_ulong ccr = 0; 635 636 for (i = 0; i < ARRAY_SIZE(env->gpr); i++) { 637 (*regs)[i] = tswapl(env->gpr[i]); 638 } 639 640 (*regs)[32] = tswapl(env->nip); 641 (*regs)[33] = tswapl(env->msr); 642 (*regs)[35] = tswapl(env->ctr); 643 (*regs)[36] = tswapl(env->lr); 644 (*regs)[37] = tswapl(env->xer); 645 646 for (i = 0; i < ARRAY_SIZE(env->crf); i++) { 647 ccr |= env->crf[i] << (32 - ((i + 1) * 4)); 648 } 649 (*regs)[38] = tswapl(ccr); 650 } 651 652 #define USE_ELF_CORE_DUMP 653 #define ELF_EXEC_PAGESIZE 4096 654 655 #endif 656 657 #ifdef TARGET_MIPS 658 659 #define ELF_START_MMAP 0x80000000 660 661 #define elf_check_arch(x) ( (x) == EM_MIPS ) 662 663 #ifdef TARGET_MIPS64 664 #define ELF_CLASS ELFCLASS64 665 #else 666 #define ELF_CLASS ELFCLASS32 667 #endif 668 #define ELF_ARCH EM_MIPS 669 670 static inline void init_thread(struct target_pt_regs *regs, 671 struct image_info *infop) 672 { 673 regs->cp0_status = 2 << CP0St_KSU; 674 regs->cp0_epc = infop->entry; 675 regs->regs[29] = infop->start_stack; 676 } 677 678 /* See linux kernel: arch/mips/include/asm/elf.h. */ 679 #define ELF_NREG 45 680 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 681 682 /* See linux kernel: arch/mips/include/asm/reg.h. */ 683 enum { 684 #ifdef TARGET_MIPS64 685 TARGET_EF_R0 = 0, 686 #else 687 TARGET_EF_R0 = 6, 688 #endif 689 TARGET_EF_R26 = TARGET_EF_R0 + 26, 690 TARGET_EF_R27 = TARGET_EF_R0 + 27, 691 TARGET_EF_LO = TARGET_EF_R0 + 32, 692 TARGET_EF_HI = TARGET_EF_R0 + 33, 693 TARGET_EF_CP0_EPC = TARGET_EF_R0 + 34, 694 TARGET_EF_CP0_BADVADDR = TARGET_EF_R0 + 35, 695 TARGET_EF_CP0_STATUS = TARGET_EF_R0 + 36, 696 TARGET_EF_CP0_CAUSE = TARGET_EF_R0 + 37 697 }; 698 699 /* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs. */ 700 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env) 701 { 702 int i; 703 704 for (i = 0; i < TARGET_EF_R0; i++) { 705 (*regs)[i] = 0; 706 } 707 (*regs)[TARGET_EF_R0] = 0; 708 709 for (i = 1; i < ARRAY_SIZE(env->active_tc.gpr); i++) { 710 (*regs)[TARGET_EF_R0 + i] = tswapl(env->active_tc.gpr[i]); 711 } 712 713 (*regs)[TARGET_EF_R26] = 0; 714 (*regs)[TARGET_EF_R27] = 0; 715 (*regs)[TARGET_EF_LO] = tswapl(env->active_tc.LO[0]); 716 (*regs)[TARGET_EF_HI] = tswapl(env->active_tc.HI[0]); 717 (*regs)[TARGET_EF_CP0_EPC] = tswapl(env->active_tc.PC); 718 (*regs)[TARGET_EF_CP0_BADVADDR] = tswapl(env->CP0_BadVAddr); 719 (*regs)[TARGET_EF_CP0_STATUS] = tswapl(env->CP0_Status); 720 (*regs)[TARGET_EF_CP0_CAUSE] = tswapl(env->CP0_Cause); 721 } 722 723 #define USE_ELF_CORE_DUMP 724 #define ELF_EXEC_PAGESIZE 4096 725 726 #endif /* TARGET_MIPS */ 727 728 #ifdef TARGET_MICROBLAZE 729 730 #define ELF_START_MMAP 0x80000000 731 732 #define elf_check_arch(x) ( (x) == EM_MICROBLAZE || (x) == EM_MICROBLAZE_OLD) 733 734 #define ELF_CLASS ELFCLASS32 735 #define ELF_ARCH EM_MICROBLAZE 736 737 static inline void init_thread(struct target_pt_regs *regs, 738 struct image_info *infop) 739 { 740 regs->pc = infop->entry; 741 regs->r1 = infop->start_stack; 742 743 } 744 745 #define ELF_EXEC_PAGESIZE 4096 746 747 #define USE_ELF_CORE_DUMP 748 #define ELF_NREG 38 749 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 750 751 /* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs. */ 752 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env) 753 { 754 int i, pos = 0; 755 756 for (i = 0; i < 32; i++) { 757 (*regs)[pos++] = tswapl(env->regs[i]); 758 } 759 760 for (i = 0; i < 6; i++) { 761 (*regs)[pos++] = tswapl(env->sregs[i]); 762 } 763 } 764 765 #endif /* TARGET_MICROBLAZE */ 766 767 #ifdef TARGET_SH4 768 769 #define ELF_START_MMAP 0x80000000 770 771 #define elf_check_arch(x) ( (x) == EM_SH ) 772 773 #define ELF_CLASS ELFCLASS32 774 #define ELF_ARCH EM_SH 775 776 static inline void init_thread(struct target_pt_regs *regs, 777 struct image_info *infop) 778 { 779 /* Check other registers XXXXX */ 780 regs->pc = infop->entry; 781 regs->regs[15] = infop->start_stack; 782 } 783 784 /* See linux kernel: arch/sh/include/asm/elf.h. */ 785 #define ELF_NREG 23 786 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 787 788 /* See linux kernel: arch/sh/include/asm/ptrace.h. */ 789 enum { 790 TARGET_REG_PC = 16, 791 TARGET_REG_PR = 17, 792 TARGET_REG_SR = 18, 793 TARGET_REG_GBR = 19, 794 TARGET_REG_MACH = 20, 795 TARGET_REG_MACL = 21, 796 TARGET_REG_SYSCALL = 22 797 }; 798 799 static inline void elf_core_copy_regs(target_elf_gregset_t *regs, 800 const CPUState *env) 801 { 802 int i; 803 804 for (i = 0; i < 16; i++) { 805 (*regs[i]) = tswapl(env->gregs[i]); 806 } 807 808 (*regs)[TARGET_REG_PC] = tswapl(env->pc); 809 (*regs)[TARGET_REG_PR] = tswapl(env->pr); 810 (*regs)[TARGET_REG_SR] = tswapl(env->sr); 811 (*regs)[TARGET_REG_GBR] = tswapl(env->gbr); 812 (*regs)[TARGET_REG_MACH] = tswapl(env->mach); 813 (*regs)[TARGET_REG_MACL] = tswapl(env->macl); 814 (*regs)[TARGET_REG_SYSCALL] = 0; /* FIXME */ 815 } 816 817 #define USE_ELF_CORE_DUMP 818 #define ELF_EXEC_PAGESIZE 4096 819 820 #endif 821 822 #ifdef TARGET_CRIS 823 824 #define ELF_START_MMAP 0x80000000 825 826 #define elf_check_arch(x) ( (x) == EM_CRIS ) 827 828 #define ELF_CLASS ELFCLASS32 829 #define ELF_ARCH EM_CRIS 830 831 static inline void init_thread(struct target_pt_regs *regs, 832 struct image_info *infop) 833 { 834 regs->erp = infop->entry; 835 } 836 837 #define ELF_EXEC_PAGESIZE 8192 838 839 #endif 840 841 #ifdef TARGET_M68K 842 843 #define ELF_START_MMAP 0x80000000 844 845 #define elf_check_arch(x) ( (x) == EM_68K ) 846 847 #define ELF_CLASS ELFCLASS32 848 #define ELF_ARCH EM_68K 849 850 /* ??? Does this need to do anything? 851 #define ELF_PLAT_INIT(_r) */ 852 853 static inline void init_thread(struct target_pt_regs *regs, 854 struct image_info *infop) 855 { 856 regs->usp = infop->start_stack; 857 regs->sr = 0; 858 regs->pc = infop->entry; 859 } 860 861 /* See linux kernel: arch/m68k/include/asm/elf.h. */ 862 #define ELF_NREG 20 863 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 864 865 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env) 866 { 867 (*regs)[0] = tswapl(env->dregs[1]); 868 (*regs)[1] = tswapl(env->dregs[2]); 869 (*regs)[2] = tswapl(env->dregs[3]); 870 (*regs)[3] = tswapl(env->dregs[4]); 871 (*regs)[4] = tswapl(env->dregs[5]); 872 (*regs)[5] = tswapl(env->dregs[6]); 873 (*regs)[6] = tswapl(env->dregs[7]); 874 (*regs)[7] = tswapl(env->aregs[0]); 875 (*regs)[8] = tswapl(env->aregs[1]); 876 (*regs)[9] = tswapl(env->aregs[2]); 877 (*regs)[10] = tswapl(env->aregs[3]); 878 (*regs)[11] = tswapl(env->aregs[4]); 879 (*regs)[12] = tswapl(env->aregs[5]); 880 (*regs)[13] = tswapl(env->aregs[6]); 881 (*regs)[14] = tswapl(env->dregs[0]); 882 (*regs)[15] = tswapl(env->aregs[7]); 883 (*regs)[16] = tswapl(env->dregs[0]); /* FIXME: orig_d0 */ 884 (*regs)[17] = tswapl(env->sr); 885 (*regs)[18] = tswapl(env->pc); 886 (*regs)[19] = 0; /* FIXME: regs->format | regs->vector */ 887 } 888 889 #define USE_ELF_CORE_DUMP 890 #define ELF_EXEC_PAGESIZE 8192 891 892 #endif 893 894 #ifdef TARGET_ALPHA 895 896 #define ELF_START_MMAP (0x30000000000ULL) 897 898 #define elf_check_arch(x) ( (x) == ELF_ARCH ) 899 900 #define ELF_CLASS ELFCLASS64 901 #define ELF_ARCH EM_ALPHA 902 903 static inline void init_thread(struct target_pt_regs *regs, 904 struct image_info *infop) 905 { 906 regs->pc = infop->entry; 907 regs->ps = 8; 908 regs->usp = infop->start_stack; 909 } 910 911 #define ELF_EXEC_PAGESIZE 8192 912 913 #endif /* TARGET_ALPHA */ 914 915 #ifdef TARGET_S390X 916 917 #define ELF_START_MMAP (0x20000000000ULL) 918 919 #define elf_check_arch(x) ( (x) == ELF_ARCH ) 920 921 #define ELF_CLASS ELFCLASS64 922 #define ELF_DATA ELFDATA2MSB 923 #define ELF_ARCH EM_S390 924 925 static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop) 926 { 927 regs->psw.addr = infop->entry; 928 regs->psw.mask = PSW_MASK_64 | PSW_MASK_32; 929 regs->gprs[15] = infop->start_stack; 930 } 931 932 #endif /* TARGET_S390X */ 933 934 #ifndef ELF_PLATFORM 935 #define ELF_PLATFORM (NULL) 936 #endif 937 938 #ifndef ELF_HWCAP 939 #define ELF_HWCAP 0 940 #endif 941 942 #ifdef TARGET_ABI32 943 #undef ELF_CLASS 944 #define ELF_CLASS ELFCLASS32 945 #undef bswaptls 946 #define bswaptls(ptr) bswap32s(ptr) 947 #endif 948 949 #include "elf.h" 950 951 struct exec 952 { 953 unsigned int a_info; /* Use macros N_MAGIC, etc for access */ 954 unsigned int a_text; /* length of text, in bytes */ 955 unsigned int a_data; /* length of data, in bytes */ 956 unsigned int a_bss; /* length of uninitialized data area, in bytes */ 957 unsigned int a_syms; /* length of symbol table data in file, in bytes */ 958 unsigned int a_entry; /* start address */ 959 unsigned int a_trsize; /* length of relocation info for text, in bytes */ 960 unsigned int a_drsize; /* length of relocation info for data, in bytes */ 961 }; 962 963 964 #define N_MAGIC(exec) ((exec).a_info & 0xffff) 965 #define OMAGIC 0407 966 #define NMAGIC 0410 967 #define ZMAGIC 0413 968 #define QMAGIC 0314 969 970 /* Necessary parameters */ 971 #define TARGET_ELF_EXEC_PAGESIZE TARGET_PAGE_SIZE 972 #define TARGET_ELF_PAGESTART(_v) ((_v) & ~(unsigned long)(TARGET_ELF_EXEC_PAGESIZE-1)) 973 #define TARGET_ELF_PAGEOFFSET(_v) ((_v) & (TARGET_ELF_EXEC_PAGESIZE-1)) 974 975 #define DLINFO_ITEMS 13 976 977 static inline void memcpy_fromfs(void * to, const void * from, unsigned long n) 978 { 979 memcpy(to, from, n); 980 } 981 982 #ifdef BSWAP_NEEDED 983 static void bswap_ehdr(struct elfhdr *ehdr) 984 { 985 bswap16s(&ehdr->e_type); /* Object file type */ 986 bswap16s(&ehdr->e_machine); /* Architecture */ 987 bswap32s(&ehdr->e_version); /* Object file version */ 988 bswaptls(&ehdr->e_entry); /* Entry point virtual address */ 989 bswaptls(&ehdr->e_phoff); /* Program header table file offset */ 990 bswaptls(&ehdr->e_shoff); /* Section header table file offset */ 991 bswap32s(&ehdr->e_flags); /* Processor-specific flags */ 992 bswap16s(&ehdr->e_ehsize); /* ELF header size in bytes */ 993 bswap16s(&ehdr->e_phentsize); /* Program header table entry size */ 994 bswap16s(&ehdr->e_phnum); /* Program header table entry count */ 995 bswap16s(&ehdr->e_shentsize); /* Section header table entry size */ 996 bswap16s(&ehdr->e_shnum); /* Section header table entry count */ 997 bswap16s(&ehdr->e_shstrndx); /* Section header string table index */ 998 } 999 1000 static void bswap_phdr(struct elf_phdr *phdr, int phnum) 1001 { 1002 int i; 1003 for (i = 0; i < phnum; ++i, ++phdr) { 1004 bswap32s(&phdr->p_type); /* Segment type */ 1005 bswap32s(&phdr->p_flags); /* Segment flags */ 1006 bswaptls(&phdr->p_offset); /* Segment file offset */ 1007 bswaptls(&phdr->p_vaddr); /* Segment virtual address */ 1008 bswaptls(&phdr->p_paddr); /* Segment physical address */ 1009 bswaptls(&phdr->p_filesz); /* Segment size in file */ 1010 bswaptls(&phdr->p_memsz); /* Segment size in memory */ 1011 bswaptls(&phdr->p_align); /* Segment alignment */ 1012 } 1013 } 1014 1015 static void bswap_shdr(struct elf_shdr *shdr, int shnum) 1016 { 1017 int i; 1018 for (i = 0; i < shnum; ++i, ++shdr) { 1019 bswap32s(&shdr->sh_name); 1020 bswap32s(&shdr->sh_type); 1021 bswaptls(&shdr->sh_flags); 1022 bswaptls(&shdr->sh_addr); 1023 bswaptls(&shdr->sh_offset); 1024 bswaptls(&shdr->sh_size); 1025 bswap32s(&shdr->sh_link); 1026 bswap32s(&shdr->sh_info); 1027 bswaptls(&shdr->sh_addralign); 1028 bswaptls(&shdr->sh_entsize); 1029 } 1030 } 1031 1032 static void bswap_sym(struct elf_sym *sym) 1033 { 1034 bswap32s(&sym->st_name); 1035 bswaptls(&sym->st_value); 1036 bswaptls(&sym->st_size); 1037 bswap16s(&sym->st_shndx); 1038 } 1039 #else 1040 static inline void bswap_ehdr(struct elfhdr *ehdr) { } 1041 static inline void bswap_phdr(struct elf_phdr *phdr, int phnum) { } 1042 static inline void bswap_shdr(struct elf_shdr *shdr, int shnum) { } 1043 static inline void bswap_sym(struct elf_sym *sym) { } 1044 #endif 1045 1046 #ifdef USE_ELF_CORE_DUMP 1047 static int elf_core_dump(int, const CPUState *); 1048 #endif /* USE_ELF_CORE_DUMP */ 1049 static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias); 1050 1051 /* Verify the portions of EHDR within E_IDENT for the target. 1052 This can be performed before bswapping the entire header. */ 1053 static bool elf_check_ident(struct elfhdr *ehdr) 1054 { 1055 return (ehdr->e_ident[EI_MAG0] == ELFMAG0 1056 && ehdr->e_ident[EI_MAG1] == ELFMAG1 1057 && ehdr->e_ident[EI_MAG2] == ELFMAG2 1058 && ehdr->e_ident[EI_MAG3] == ELFMAG3 1059 && ehdr->e_ident[EI_CLASS] == ELF_CLASS 1060 && ehdr->e_ident[EI_DATA] == ELF_DATA 1061 && ehdr->e_ident[EI_VERSION] == EV_CURRENT); 1062 } 1063 1064 /* Verify the portions of EHDR outside of E_IDENT for the target. 1065 This has to wait until after bswapping the header. */ 1066 static bool elf_check_ehdr(struct elfhdr *ehdr) 1067 { 1068 return (elf_check_arch(ehdr->e_machine) 1069 && ehdr->e_ehsize == sizeof(struct elfhdr) 1070 && ehdr->e_phentsize == sizeof(struct elf_phdr) 1071 && ehdr->e_shentsize == sizeof(struct elf_shdr) 1072 && (ehdr->e_type == ET_EXEC || ehdr->e_type == ET_DYN)); 1073 } 1074 1075 /* 1076 * 'copy_elf_strings()' copies argument/envelope strings from user 1077 * memory to free pages in kernel mem. These are in a format ready 1078 * to be put directly into the top of new user memory. 1079 * 1080 */ 1081 static abi_ulong copy_elf_strings(int argc,char ** argv, void **page, 1082 abi_ulong p) 1083 { 1084 char *tmp, *tmp1, *pag = NULL; 1085 int len, offset = 0; 1086 1087 if (!p) { 1088 return 0; /* bullet-proofing */ 1089 } 1090 while (argc-- > 0) { 1091 tmp = argv[argc]; 1092 if (!tmp) { 1093 fprintf(stderr, "VFS: argc is wrong"); 1094 exit(-1); 1095 } 1096 tmp1 = tmp; 1097 while (*tmp++); 1098 len = tmp - tmp1; 1099 if (p < len) { /* this shouldn't happen - 128kB */ 1100 return 0; 1101 } 1102 while (len) { 1103 --p; --tmp; --len; 1104 if (--offset < 0) { 1105 offset = p % TARGET_PAGE_SIZE; 1106 pag = (char *)page[p/TARGET_PAGE_SIZE]; 1107 if (!pag) { 1108 pag = g_try_malloc0(TARGET_PAGE_SIZE); 1109 page[p/TARGET_PAGE_SIZE] = pag; 1110 if (!pag) 1111 return 0; 1112 } 1113 } 1114 if (len == 0 || offset == 0) { 1115 *(pag + offset) = *tmp; 1116 } 1117 else { 1118 int bytes_to_copy = (len > offset) ? offset : len; 1119 tmp -= bytes_to_copy; 1120 p -= bytes_to_copy; 1121 offset -= bytes_to_copy; 1122 len -= bytes_to_copy; 1123 memcpy_fromfs(pag + offset, tmp, bytes_to_copy + 1); 1124 } 1125 } 1126 } 1127 return p; 1128 } 1129 1130 static abi_ulong setup_arg_pages(abi_ulong p, struct linux_binprm *bprm, 1131 struct image_info *info) 1132 { 1133 abi_ulong stack_base, size, error, guard; 1134 int i; 1135 1136 /* Create enough stack to hold everything. If we don't use 1137 it for args, we'll use it for something else. */ 1138 size = guest_stack_size; 1139 if (size < MAX_ARG_PAGES*TARGET_PAGE_SIZE) { 1140 size = MAX_ARG_PAGES*TARGET_PAGE_SIZE; 1141 } 1142 guard = TARGET_PAGE_SIZE; 1143 if (guard < qemu_real_host_page_size) { 1144 guard = qemu_real_host_page_size; 1145 } 1146 1147 error = target_mmap(0, size + guard, PROT_READ | PROT_WRITE, 1148 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); 1149 if (error == -1) { 1150 perror("mmap stack"); 1151 exit(-1); 1152 } 1153 1154 /* We reserve one extra page at the top of the stack as guard. */ 1155 target_mprotect(error, guard, PROT_NONE); 1156 1157 info->stack_limit = error + guard; 1158 stack_base = info->stack_limit + size - MAX_ARG_PAGES*TARGET_PAGE_SIZE; 1159 p += stack_base; 1160 1161 for (i = 0 ; i < MAX_ARG_PAGES ; i++) { 1162 if (bprm->page[i]) { 1163 info->rss++; 1164 /* FIXME - check return value of memcpy_to_target() for failure */ 1165 memcpy_to_target(stack_base, bprm->page[i], TARGET_PAGE_SIZE); 1166 g_free(bprm->page[i]); 1167 } 1168 stack_base += TARGET_PAGE_SIZE; 1169 } 1170 return p; 1171 } 1172 1173 /* Map and zero the bss. We need to explicitly zero any fractional pages 1174 after the data section (i.e. bss). */ 1175 static void zero_bss(abi_ulong elf_bss, abi_ulong last_bss, int prot) 1176 { 1177 uintptr_t host_start, host_map_start, host_end; 1178 1179 last_bss = TARGET_PAGE_ALIGN(last_bss); 1180 1181 /* ??? There is confusion between qemu_real_host_page_size and 1182 qemu_host_page_size here and elsewhere in target_mmap, which 1183 may lead to the end of the data section mapping from the file 1184 not being mapped. At least there was an explicit test and 1185 comment for that here, suggesting that "the file size must 1186 be known". The comment probably pre-dates the introduction 1187 of the fstat system call in target_mmap which does in fact 1188 find out the size. What isn't clear is if the workaround 1189 here is still actually needed. For now, continue with it, 1190 but merge it with the "normal" mmap that would allocate the bss. */ 1191 1192 host_start = (uintptr_t) g2h(elf_bss); 1193 host_end = (uintptr_t) g2h(last_bss); 1194 host_map_start = (host_start + qemu_real_host_page_size - 1); 1195 host_map_start &= -qemu_real_host_page_size; 1196 1197 if (host_map_start < host_end) { 1198 void *p = mmap((void *)host_map_start, host_end - host_map_start, 1199 prot, MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); 1200 if (p == MAP_FAILED) { 1201 perror("cannot mmap brk"); 1202 exit(-1); 1203 } 1204 1205 /* Since we didn't use target_mmap, make sure to record 1206 the validity of the pages with qemu. */ 1207 page_set_flags(elf_bss & TARGET_PAGE_MASK, last_bss, prot|PAGE_VALID); 1208 } 1209 1210 if (host_start < host_map_start) { 1211 memset((void *)host_start, 0, host_map_start - host_start); 1212 } 1213 } 1214 1215 #ifdef CONFIG_USE_FDPIC 1216 static abi_ulong loader_build_fdpic_loadmap(struct image_info *info, abi_ulong sp) 1217 { 1218 uint16_t n; 1219 struct elf32_fdpic_loadseg *loadsegs = info->loadsegs; 1220 1221 /* elf32_fdpic_loadseg */ 1222 n = info->nsegs; 1223 while (n--) { 1224 sp -= 12; 1225 put_user_u32(loadsegs[n].addr, sp+0); 1226 put_user_u32(loadsegs[n].p_vaddr, sp+4); 1227 put_user_u32(loadsegs[n].p_memsz, sp+8); 1228 } 1229 1230 /* elf32_fdpic_loadmap */ 1231 sp -= 4; 1232 put_user_u16(0, sp+0); /* version */ 1233 put_user_u16(info->nsegs, sp+2); /* nsegs */ 1234 1235 info->personality = PER_LINUX_FDPIC; 1236 info->loadmap_addr = sp; 1237 1238 return sp; 1239 } 1240 #endif 1241 1242 static abi_ulong create_elf_tables(abi_ulong p, int argc, int envc, 1243 struct elfhdr *exec, 1244 struct image_info *info, 1245 struct image_info *interp_info) 1246 { 1247 abi_ulong sp; 1248 int size; 1249 int i; 1250 abi_ulong u_rand_bytes; 1251 uint8_t k_rand_bytes[16]; 1252 abi_ulong u_platform; 1253 const char *k_platform; 1254 const int n = sizeof(elf_addr_t); 1255 1256 sp = p; 1257 1258 #ifdef CONFIG_USE_FDPIC 1259 /* Needs to be before we load the env/argc/... */ 1260 if (elf_is_fdpic(exec)) { 1261 /* Need 4 byte alignment for these structs */ 1262 sp &= ~3; 1263 sp = loader_build_fdpic_loadmap(info, sp); 1264 info->other_info = interp_info; 1265 if (interp_info) { 1266 interp_info->other_info = info; 1267 sp = loader_build_fdpic_loadmap(interp_info, sp); 1268 } 1269 } 1270 #endif 1271 1272 u_platform = 0; 1273 k_platform = ELF_PLATFORM; 1274 if (k_platform) { 1275 size_t len = strlen(k_platform) + 1; 1276 sp -= (len + n - 1) & ~(n - 1); 1277 u_platform = sp; 1278 /* FIXME - check return value of memcpy_to_target() for failure */ 1279 memcpy_to_target(sp, k_platform, len); 1280 } 1281 1282 /* 1283 * Generate 16 random bytes for userspace PRNG seeding (not 1284 * cryptically secure but it's not the aim of QEMU). 1285 */ 1286 srand((unsigned int) time(NULL)); 1287 for (i = 0; i < 16; i++) { 1288 k_rand_bytes[i] = rand(); 1289 } 1290 sp -= 16; 1291 u_rand_bytes = sp; 1292 /* FIXME - check return value of memcpy_to_target() for failure */ 1293 memcpy_to_target(sp, k_rand_bytes, 16); 1294 1295 /* 1296 * Force 16 byte _final_ alignment here for generality. 1297 */ 1298 sp = sp &~ (abi_ulong)15; 1299 size = (DLINFO_ITEMS + 1) * 2; 1300 if (k_platform) 1301 size += 2; 1302 #ifdef DLINFO_ARCH_ITEMS 1303 size += DLINFO_ARCH_ITEMS * 2; 1304 #endif 1305 size += envc + argc + 2; 1306 size += 1; /* argc itself */ 1307 size *= n; 1308 if (size & 15) 1309 sp -= 16 - (size & 15); 1310 1311 /* This is correct because Linux defines 1312 * elf_addr_t as Elf32_Off / Elf64_Off 1313 */ 1314 #define NEW_AUX_ENT(id, val) do { \ 1315 sp -= n; put_user_ual(val, sp); \ 1316 sp -= n; put_user_ual(id, sp); \ 1317 } while(0) 1318 1319 NEW_AUX_ENT (AT_NULL, 0); 1320 1321 /* There must be exactly DLINFO_ITEMS entries here. */ 1322 NEW_AUX_ENT(AT_PHDR, (abi_ulong)(info->load_addr + exec->e_phoff)); 1323 NEW_AUX_ENT(AT_PHENT, (abi_ulong)(sizeof (struct elf_phdr))); 1324 NEW_AUX_ENT(AT_PHNUM, (abi_ulong)(exec->e_phnum)); 1325 NEW_AUX_ENT(AT_PAGESZ, (abi_ulong)(TARGET_PAGE_SIZE)); 1326 NEW_AUX_ENT(AT_BASE, (abi_ulong)(interp_info ? interp_info->load_addr : 0)); 1327 NEW_AUX_ENT(AT_FLAGS, (abi_ulong)0); 1328 NEW_AUX_ENT(AT_ENTRY, info->entry); 1329 NEW_AUX_ENT(AT_UID, (abi_ulong) getuid()); 1330 NEW_AUX_ENT(AT_EUID, (abi_ulong) geteuid()); 1331 NEW_AUX_ENT(AT_GID, (abi_ulong) getgid()); 1332 NEW_AUX_ENT(AT_EGID, (abi_ulong) getegid()); 1333 NEW_AUX_ENT(AT_HWCAP, (abi_ulong) ELF_HWCAP); 1334 NEW_AUX_ENT(AT_CLKTCK, (abi_ulong) sysconf(_SC_CLK_TCK)); 1335 NEW_AUX_ENT(AT_RANDOM, (abi_ulong) u_rand_bytes); 1336 1337 if (k_platform) 1338 NEW_AUX_ENT(AT_PLATFORM, u_platform); 1339 #ifdef ARCH_DLINFO 1340 /* 1341 * ARCH_DLINFO must come last so platform specific code can enforce 1342 * special alignment requirements on the AUXV if necessary (eg. PPC). 1343 */ 1344 ARCH_DLINFO; 1345 #endif 1346 #undef NEW_AUX_ENT 1347 1348 info->saved_auxv = sp; 1349 1350 sp = loader_build_argptr(envc, argc, sp, p, 0); 1351 return sp; 1352 } 1353 1354 #ifndef TARGET_HAS_GUEST_VALIDATE_BASE 1355 /* If the guest doesn't have a validation function just agree */ 1356 bool guest_validate_base(unsigned long guest_base) 1357 { 1358 return 1; 1359 } 1360 #endif 1361 1362 static void probe_guest_base(const char *image_name, 1363 abi_ulong loaddr, abi_ulong hiaddr) 1364 { 1365 /* Probe for a suitable guest base address, if the user has not set 1366 * it explicitly, and set guest_base appropriately. 1367 * In case of error we will print a suitable message and exit. 1368 */ 1369 #if defined(CONFIG_USE_GUEST_BASE) 1370 const char *errmsg; 1371 if (!have_guest_base && !reserved_va) { 1372 unsigned long host_start, real_start, host_size; 1373 1374 /* Round addresses to page boundaries. */ 1375 loaddr &= qemu_host_page_mask; 1376 hiaddr = HOST_PAGE_ALIGN(hiaddr); 1377 1378 if (loaddr < mmap_min_addr) { 1379 host_start = HOST_PAGE_ALIGN(mmap_min_addr); 1380 } else { 1381 host_start = loaddr; 1382 if (host_start != loaddr) { 1383 errmsg = "Address overflow loading ELF binary"; 1384 goto exit_errmsg; 1385 } 1386 } 1387 host_size = hiaddr - loaddr; 1388 while (1) { 1389 /* Do not use mmap_find_vma here because that is limited to the 1390 guest address space. We are going to make the 1391 guest address space fit whatever we're given. */ 1392 real_start = (unsigned long) 1393 mmap((void *)host_start, host_size, PROT_NONE, 1394 MAP_ANONYMOUS | MAP_PRIVATE | MAP_NORESERVE, -1, 0); 1395 if (real_start == (unsigned long)-1) { 1396 goto exit_perror; 1397 } 1398 guest_base = real_start - loaddr; 1399 if ((real_start == host_start) && 1400 guest_validate_base(guest_base)) { 1401 break; 1402 } 1403 /* That address didn't work. Unmap and try a different one. 1404 The address the host picked because is typically right at 1405 the top of the host address space and leaves the guest with 1406 no usable address space. Resort to a linear search. We 1407 already compensated for mmap_min_addr, so this should not 1408 happen often. Probably means we got unlucky and host 1409 address space randomization put a shared library somewhere 1410 inconvenient. */ 1411 munmap((void *)real_start, host_size); 1412 host_start += qemu_host_page_size; 1413 if (host_start == loaddr) { 1414 /* Theoretically possible if host doesn't have any suitably 1415 aligned areas. Normally the first mmap will fail. */ 1416 errmsg = "Unable to find space for application"; 1417 goto exit_errmsg; 1418 } 1419 } 1420 qemu_log("Relocating guest address space from 0x" 1421 TARGET_ABI_FMT_lx " to 0x%lx\n", 1422 loaddr, real_start); 1423 } 1424 return; 1425 1426 exit_perror: 1427 errmsg = strerror(errno); 1428 exit_errmsg: 1429 fprintf(stderr, "%s: %s\n", image_name, errmsg); 1430 exit(-1); 1431 #endif 1432 } 1433 1434 1435 /* Load an ELF image into the address space. 1436 1437 IMAGE_NAME is the filename of the image, to use in error messages. 1438 IMAGE_FD is the open file descriptor for the image. 1439 1440 BPRM_BUF is a copy of the beginning of the file; this of course 1441 contains the elf file header at offset 0. It is assumed that this 1442 buffer is sufficiently aligned to present no problems to the host 1443 in accessing data at aligned offsets within the buffer. 1444 1445 On return: INFO values will be filled in, as necessary or available. */ 1446 1447 static void load_elf_image(const char *image_name, int image_fd, 1448 struct image_info *info, char **pinterp_name, 1449 char bprm_buf[BPRM_BUF_SIZE]) 1450 { 1451 struct elfhdr *ehdr = (struct elfhdr *)bprm_buf; 1452 struct elf_phdr *phdr; 1453 abi_ulong load_addr, load_bias, loaddr, hiaddr, error; 1454 int i, retval; 1455 const char *errmsg; 1456 1457 /* First of all, some simple consistency checks */ 1458 errmsg = "Invalid ELF image for this architecture"; 1459 if (!elf_check_ident(ehdr)) { 1460 goto exit_errmsg; 1461 } 1462 bswap_ehdr(ehdr); 1463 if (!elf_check_ehdr(ehdr)) { 1464 goto exit_errmsg; 1465 } 1466 1467 i = ehdr->e_phnum * sizeof(struct elf_phdr); 1468 if (ehdr->e_phoff + i <= BPRM_BUF_SIZE) { 1469 phdr = (struct elf_phdr *)(bprm_buf + ehdr->e_phoff); 1470 } else { 1471 phdr = (struct elf_phdr *) alloca(i); 1472 retval = pread(image_fd, phdr, i, ehdr->e_phoff); 1473 if (retval != i) { 1474 goto exit_read; 1475 } 1476 } 1477 bswap_phdr(phdr, ehdr->e_phnum); 1478 1479 #ifdef CONFIG_USE_FDPIC 1480 info->nsegs = 0; 1481 info->pt_dynamic_addr = 0; 1482 #endif 1483 1484 /* Find the maximum size of the image and allocate an appropriate 1485 amount of memory to handle that. */ 1486 loaddr = -1, hiaddr = 0; 1487 for (i = 0; i < ehdr->e_phnum; ++i) { 1488 if (phdr[i].p_type == PT_LOAD) { 1489 abi_ulong a = phdr[i].p_vaddr; 1490 if (a < loaddr) { 1491 loaddr = a; 1492 } 1493 a += phdr[i].p_memsz; 1494 if (a > hiaddr) { 1495 hiaddr = a; 1496 } 1497 #ifdef CONFIG_USE_FDPIC 1498 ++info->nsegs; 1499 #endif 1500 } 1501 } 1502 1503 load_addr = loaddr; 1504 if (ehdr->e_type == ET_DYN) { 1505 /* The image indicates that it can be loaded anywhere. Find a 1506 location that can hold the memory space required. If the 1507 image is pre-linked, LOADDR will be non-zero. Since we do 1508 not supply MAP_FIXED here we'll use that address if and 1509 only if it remains available. */ 1510 load_addr = target_mmap(loaddr, hiaddr - loaddr, PROT_NONE, 1511 MAP_PRIVATE | MAP_ANON | MAP_NORESERVE, 1512 -1, 0); 1513 if (load_addr == -1) { 1514 goto exit_perror; 1515 } 1516 } else if (pinterp_name != NULL) { 1517 /* This is the main executable. Make sure that the low 1518 address does not conflict with MMAP_MIN_ADDR or the 1519 QEMU application itself. */ 1520 probe_guest_base(image_name, loaddr, hiaddr); 1521 } 1522 load_bias = load_addr - loaddr; 1523 1524 #ifdef CONFIG_USE_FDPIC 1525 { 1526 struct elf32_fdpic_loadseg *loadsegs = info->loadsegs = 1527 g_malloc(sizeof(*loadsegs) * info->nsegs); 1528 1529 for (i = 0; i < ehdr->e_phnum; ++i) { 1530 switch (phdr[i].p_type) { 1531 case PT_DYNAMIC: 1532 info->pt_dynamic_addr = phdr[i].p_vaddr + load_bias; 1533 break; 1534 case PT_LOAD: 1535 loadsegs->addr = phdr[i].p_vaddr + load_bias; 1536 loadsegs->p_vaddr = phdr[i].p_vaddr; 1537 loadsegs->p_memsz = phdr[i].p_memsz; 1538 ++loadsegs; 1539 break; 1540 } 1541 } 1542 } 1543 #endif 1544 1545 info->load_bias = load_bias; 1546 info->load_addr = load_addr; 1547 info->entry = ehdr->e_entry + load_bias; 1548 info->start_code = -1; 1549 info->end_code = 0; 1550 info->start_data = -1; 1551 info->end_data = 0; 1552 info->brk = 0; 1553 1554 for (i = 0; i < ehdr->e_phnum; i++) { 1555 struct elf_phdr *eppnt = phdr + i; 1556 if (eppnt->p_type == PT_LOAD) { 1557 abi_ulong vaddr, vaddr_po, vaddr_ps, vaddr_ef, vaddr_em; 1558 int elf_prot = 0; 1559 1560 if (eppnt->p_flags & PF_R) elf_prot = PROT_READ; 1561 if (eppnt->p_flags & PF_W) elf_prot |= PROT_WRITE; 1562 if (eppnt->p_flags & PF_X) elf_prot |= PROT_EXEC; 1563 1564 vaddr = load_bias + eppnt->p_vaddr; 1565 vaddr_po = TARGET_ELF_PAGEOFFSET(vaddr); 1566 vaddr_ps = TARGET_ELF_PAGESTART(vaddr); 1567 1568 error = target_mmap(vaddr_ps, eppnt->p_filesz + vaddr_po, 1569 elf_prot, MAP_PRIVATE | MAP_FIXED, 1570 image_fd, eppnt->p_offset - vaddr_po); 1571 if (error == -1) { 1572 goto exit_perror; 1573 } 1574 1575 vaddr_ef = vaddr + eppnt->p_filesz; 1576 vaddr_em = vaddr + eppnt->p_memsz; 1577 1578 /* If the load segment requests extra zeros (e.g. bss), map it. */ 1579 if (vaddr_ef < vaddr_em) { 1580 zero_bss(vaddr_ef, vaddr_em, elf_prot); 1581 } 1582 1583 /* Find the full program boundaries. */ 1584 if (elf_prot & PROT_EXEC) { 1585 if (vaddr < info->start_code) { 1586 info->start_code = vaddr; 1587 } 1588 if (vaddr_ef > info->end_code) { 1589 info->end_code = vaddr_ef; 1590 } 1591 } 1592 if (elf_prot & PROT_WRITE) { 1593 if (vaddr < info->start_data) { 1594 info->start_data = vaddr; 1595 } 1596 if (vaddr_ef > info->end_data) { 1597 info->end_data = vaddr_ef; 1598 } 1599 if (vaddr_em > info->brk) { 1600 info->brk = vaddr_em; 1601 } 1602 } 1603 } else if (eppnt->p_type == PT_INTERP && pinterp_name) { 1604 char *interp_name; 1605 1606 if (*pinterp_name) { 1607 errmsg = "Multiple PT_INTERP entries"; 1608 goto exit_errmsg; 1609 } 1610 interp_name = malloc(eppnt->p_filesz); 1611 if (!interp_name) { 1612 goto exit_perror; 1613 } 1614 1615 if (eppnt->p_offset + eppnt->p_filesz <= BPRM_BUF_SIZE) { 1616 memcpy(interp_name, bprm_buf + eppnt->p_offset, 1617 eppnt->p_filesz); 1618 } else { 1619 retval = pread(image_fd, interp_name, eppnt->p_filesz, 1620 eppnt->p_offset); 1621 if (retval != eppnt->p_filesz) { 1622 goto exit_perror; 1623 } 1624 } 1625 if (interp_name[eppnt->p_filesz - 1] != 0) { 1626 errmsg = "Invalid PT_INTERP entry"; 1627 goto exit_errmsg; 1628 } 1629 *pinterp_name = interp_name; 1630 } 1631 } 1632 1633 if (info->end_data == 0) { 1634 info->start_data = info->end_code; 1635 info->end_data = info->end_code; 1636 info->brk = info->end_code; 1637 } 1638 1639 if (qemu_log_enabled()) { 1640 load_symbols(ehdr, image_fd, load_bias); 1641 } 1642 1643 close(image_fd); 1644 return; 1645 1646 exit_read: 1647 if (retval >= 0) { 1648 errmsg = "Incomplete read of file header"; 1649 goto exit_errmsg; 1650 } 1651 exit_perror: 1652 errmsg = strerror(errno); 1653 exit_errmsg: 1654 fprintf(stderr, "%s: %s\n", image_name, errmsg); 1655 exit(-1); 1656 } 1657 1658 static void load_elf_interp(const char *filename, struct image_info *info, 1659 char bprm_buf[BPRM_BUF_SIZE]) 1660 { 1661 int fd, retval; 1662 1663 fd = open(path(filename), O_RDONLY); 1664 if (fd < 0) { 1665 goto exit_perror; 1666 } 1667 1668 retval = read(fd, bprm_buf, BPRM_BUF_SIZE); 1669 if (retval < 0) { 1670 goto exit_perror; 1671 } 1672 if (retval < BPRM_BUF_SIZE) { 1673 memset(bprm_buf + retval, 0, BPRM_BUF_SIZE - retval); 1674 } 1675 1676 load_elf_image(filename, fd, info, NULL, bprm_buf); 1677 return; 1678 1679 exit_perror: 1680 fprintf(stderr, "%s: %s\n", filename, strerror(errno)); 1681 exit(-1); 1682 } 1683 1684 static int symfind(const void *s0, const void *s1) 1685 { 1686 target_ulong addr = *(target_ulong *)s0; 1687 struct elf_sym *sym = (struct elf_sym *)s1; 1688 int result = 0; 1689 if (addr < sym->st_value) { 1690 result = -1; 1691 } else if (addr >= sym->st_value + sym->st_size) { 1692 result = 1; 1693 } 1694 return result; 1695 } 1696 1697 static const char *lookup_symbolxx(struct syminfo *s, target_ulong orig_addr) 1698 { 1699 #if ELF_CLASS == ELFCLASS32 1700 struct elf_sym *syms = s->disas_symtab.elf32; 1701 #else 1702 struct elf_sym *syms = s->disas_symtab.elf64; 1703 #endif 1704 1705 // binary search 1706 struct elf_sym *sym; 1707 1708 sym = bsearch(&orig_addr, syms, s->disas_num_syms, sizeof(*syms), symfind); 1709 if (sym != NULL) { 1710 return s->disas_strtab + sym->st_name; 1711 } 1712 1713 return ""; 1714 } 1715 1716 /* FIXME: This should use elf_ops.h */ 1717 static int symcmp(const void *s0, const void *s1) 1718 { 1719 struct elf_sym *sym0 = (struct elf_sym *)s0; 1720 struct elf_sym *sym1 = (struct elf_sym *)s1; 1721 return (sym0->st_value < sym1->st_value) 1722 ? -1 1723 : ((sym0->st_value > sym1->st_value) ? 1 : 0); 1724 } 1725 1726 /* Best attempt to load symbols from this ELF object. */ 1727 static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias) 1728 { 1729 int i, shnum, nsyms, sym_idx = 0, str_idx = 0; 1730 struct elf_shdr *shdr; 1731 char *strings = NULL; 1732 struct syminfo *s = NULL; 1733 struct elf_sym *new_syms, *syms = NULL; 1734 1735 shnum = hdr->e_shnum; 1736 i = shnum * sizeof(struct elf_shdr); 1737 shdr = (struct elf_shdr *)alloca(i); 1738 if (pread(fd, shdr, i, hdr->e_shoff) != i) { 1739 return; 1740 } 1741 1742 bswap_shdr(shdr, shnum); 1743 for (i = 0; i < shnum; ++i) { 1744 if (shdr[i].sh_type == SHT_SYMTAB) { 1745 sym_idx = i; 1746 str_idx = shdr[i].sh_link; 1747 goto found; 1748 } 1749 } 1750 1751 /* There will be no symbol table if the file was stripped. */ 1752 return; 1753 1754 found: 1755 /* Now know where the strtab and symtab are. Snarf them. */ 1756 s = malloc(sizeof(*s)); 1757 if (!s) { 1758 goto give_up; 1759 } 1760 1761 i = shdr[str_idx].sh_size; 1762 s->disas_strtab = strings = malloc(i); 1763 if (!strings || pread(fd, strings, i, shdr[str_idx].sh_offset) != i) { 1764 goto give_up; 1765 } 1766 1767 i = shdr[sym_idx].sh_size; 1768 syms = malloc(i); 1769 if (!syms || pread(fd, syms, i, shdr[sym_idx].sh_offset) != i) { 1770 goto give_up; 1771 } 1772 1773 nsyms = i / sizeof(struct elf_sym); 1774 for (i = 0; i < nsyms; ) { 1775 bswap_sym(syms + i); 1776 /* Throw away entries which we do not need. */ 1777 if (syms[i].st_shndx == SHN_UNDEF 1778 || syms[i].st_shndx >= SHN_LORESERVE 1779 || ELF_ST_TYPE(syms[i].st_info) != STT_FUNC) { 1780 if (i < --nsyms) { 1781 syms[i] = syms[nsyms]; 1782 } 1783 } else { 1784 #if defined(TARGET_ARM) || defined (TARGET_MIPS) 1785 /* The bottom address bit marks a Thumb or MIPS16 symbol. */ 1786 syms[i].st_value &= ~(target_ulong)1; 1787 #endif 1788 syms[i].st_value += load_bias; 1789 i++; 1790 } 1791 } 1792 1793 /* No "useful" symbol. */ 1794 if (nsyms == 0) { 1795 goto give_up; 1796 } 1797 1798 /* Attempt to free the storage associated with the local symbols 1799 that we threw away. Whether or not this has any effect on the 1800 memory allocation depends on the malloc implementation and how 1801 many symbols we managed to discard. */ 1802 new_syms = realloc(syms, nsyms * sizeof(*syms)); 1803 if (new_syms == NULL) { 1804 goto give_up; 1805 } 1806 syms = new_syms; 1807 1808 qsort(syms, nsyms, sizeof(*syms), symcmp); 1809 1810 s->disas_num_syms = nsyms; 1811 #if ELF_CLASS == ELFCLASS32 1812 s->disas_symtab.elf32 = syms; 1813 #else 1814 s->disas_symtab.elf64 = syms; 1815 #endif 1816 s->lookup_symbol = lookup_symbolxx; 1817 s->next = syminfos; 1818 syminfos = s; 1819 1820 return; 1821 1822 give_up: 1823 free(s); 1824 free(strings); 1825 free(syms); 1826 } 1827 1828 int load_elf_binary(struct linux_binprm * bprm, struct target_pt_regs * regs, 1829 struct image_info * info) 1830 { 1831 struct image_info interp_info; 1832 struct elfhdr elf_ex; 1833 char *elf_interpreter = NULL; 1834 1835 info->start_mmap = (abi_ulong)ELF_START_MMAP; 1836 info->mmap = 0; 1837 info->rss = 0; 1838 1839 load_elf_image(bprm->filename, bprm->fd, info, 1840 &elf_interpreter, bprm->buf); 1841 1842 /* ??? We need a copy of the elf header for passing to create_elf_tables. 1843 If we do nothing, we'll have overwritten this when we re-use bprm->buf 1844 when we load the interpreter. */ 1845 elf_ex = *(struct elfhdr *)bprm->buf; 1846 1847 bprm->p = copy_elf_strings(1, &bprm->filename, bprm->page, bprm->p); 1848 bprm->p = copy_elf_strings(bprm->envc,bprm->envp,bprm->page,bprm->p); 1849 bprm->p = copy_elf_strings(bprm->argc,bprm->argv,bprm->page,bprm->p); 1850 if (!bprm->p) { 1851 fprintf(stderr, "%s: %s\n", bprm->filename, strerror(E2BIG)); 1852 exit(-1); 1853 } 1854 1855 /* Do this so that we can load the interpreter, if need be. We will 1856 change some of these later */ 1857 bprm->p = setup_arg_pages(bprm->p, bprm, info); 1858 1859 if (elf_interpreter) { 1860 load_elf_interp(elf_interpreter, &interp_info, bprm->buf); 1861 1862 /* If the program interpreter is one of these two, then assume 1863 an iBCS2 image. Otherwise assume a native linux image. */ 1864 1865 if (strcmp(elf_interpreter, "/usr/lib/libc.so.1") == 0 1866 || strcmp(elf_interpreter, "/usr/lib/ld.so.1") == 0) { 1867 info->personality = PER_SVR4; 1868 1869 /* Why this, you ask??? Well SVr4 maps page 0 as read-only, 1870 and some applications "depend" upon this behavior. Since 1871 we do not have the power to recompile these, we emulate 1872 the SVr4 behavior. Sigh. */ 1873 target_mmap(0, qemu_host_page_size, PROT_READ | PROT_EXEC, 1874 MAP_FIXED | MAP_PRIVATE, -1, 0); 1875 } 1876 } 1877 1878 bprm->p = create_elf_tables(bprm->p, bprm->argc, bprm->envc, &elf_ex, 1879 info, (elf_interpreter ? &interp_info : NULL)); 1880 info->start_stack = bprm->p; 1881 1882 /* If we have an interpreter, set that as the program's entry point. 1883 Copy the load_bias as well, to help PPC64 interpret the entry 1884 point as a function descriptor. Do this after creating elf tables 1885 so that we copy the original program entry point into the AUXV. */ 1886 if (elf_interpreter) { 1887 info->load_bias = interp_info.load_bias; 1888 info->entry = interp_info.entry; 1889 free(elf_interpreter); 1890 } 1891 1892 #ifdef USE_ELF_CORE_DUMP 1893 bprm->core_dump = &elf_core_dump; 1894 #endif 1895 1896 return 0; 1897 } 1898 1899 #ifdef USE_ELF_CORE_DUMP 1900 /* 1901 * Definitions to generate Intel SVR4-like core files. 1902 * These mostly have the same names as the SVR4 types with "target_elf_" 1903 * tacked on the front to prevent clashes with linux definitions, 1904 * and the typedef forms have been avoided. This is mostly like 1905 * the SVR4 structure, but more Linuxy, with things that Linux does 1906 * not support and which gdb doesn't really use excluded. 1907 * 1908 * Fields we don't dump (their contents is zero) in linux-user qemu 1909 * are marked with XXX. 1910 * 1911 * Core dump code is copied from linux kernel (fs/binfmt_elf.c). 1912 * 1913 * Porting ELF coredump for target is (quite) simple process. First you 1914 * define USE_ELF_CORE_DUMP in target ELF code (where init_thread() for 1915 * the target resides): 1916 * 1917 * #define USE_ELF_CORE_DUMP 1918 * 1919 * Next you define type of register set used for dumping. ELF specification 1920 * says that it needs to be array of elf_greg_t that has size of ELF_NREG. 1921 * 1922 * typedef <target_regtype> target_elf_greg_t; 1923 * #define ELF_NREG <number of registers> 1924 * typedef taret_elf_greg_t target_elf_gregset_t[ELF_NREG]; 1925 * 1926 * Last step is to implement target specific function that copies registers 1927 * from given cpu into just specified register set. Prototype is: 1928 * 1929 * static void elf_core_copy_regs(taret_elf_gregset_t *regs, 1930 * const CPUState *env); 1931 * 1932 * Parameters: 1933 * regs - copy register values into here (allocated and zeroed by caller) 1934 * env - copy registers from here 1935 * 1936 * Example for ARM target is provided in this file. 1937 */ 1938 1939 /* An ELF note in memory */ 1940 struct memelfnote { 1941 const char *name; 1942 size_t namesz; 1943 size_t namesz_rounded; 1944 int type; 1945 size_t datasz; 1946 size_t datasz_rounded; 1947 void *data; 1948 size_t notesz; 1949 }; 1950 1951 struct target_elf_siginfo { 1952 target_int si_signo; /* signal number */ 1953 target_int si_code; /* extra code */ 1954 target_int si_errno; /* errno */ 1955 }; 1956 1957 struct target_elf_prstatus { 1958 struct target_elf_siginfo pr_info; /* Info associated with signal */ 1959 target_short pr_cursig; /* Current signal */ 1960 target_ulong pr_sigpend; /* XXX */ 1961 target_ulong pr_sighold; /* XXX */ 1962 target_pid_t pr_pid; 1963 target_pid_t pr_ppid; 1964 target_pid_t pr_pgrp; 1965 target_pid_t pr_sid; 1966 struct target_timeval pr_utime; /* XXX User time */ 1967 struct target_timeval pr_stime; /* XXX System time */ 1968 struct target_timeval pr_cutime; /* XXX Cumulative user time */ 1969 struct target_timeval pr_cstime; /* XXX Cumulative system time */ 1970 target_elf_gregset_t pr_reg; /* GP registers */ 1971 target_int pr_fpvalid; /* XXX */ 1972 }; 1973 1974 #define ELF_PRARGSZ (80) /* Number of chars for args */ 1975 1976 struct target_elf_prpsinfo { 1977 char pr_state; /* numeric process state */ 1978 char pr_sname; /* char for pr_state */ 1979 char pr_zomb; /* zombie */ 1980 char pr_nice; /* nice val */ 1981 target_ulong pr_flag; /* flags */ 1982 target_uid_t pr_uid; 1983 target_gid_t pr_gid; 1984 target_pid_t pr_pid, pr_ppid, pr_pgrp, pr_sid; 1985 /* Lots missing */ 1986 char pr_fname[16]; /* filename of executable */ 1987 char pr_psargs[ELF_PRARGSZ]; /* initial part of arg list */ 1988 }; 1989 1990 /* Here is the structure in which status of each thread is captured. */ 1991 struct elf_thread_status { 1992 QTAILQ_ENTRY(elf_thread_status) ets_link; 1993 struct target_elf_prstatus prstatus; /* NT_PRSTATUS */ 1994 #if 0 1995 elf_fpregset_t fpu; /* NT_PRFPREG */ 1996 struct task_struct *thread; 1997 elf_fpxregset_t xfpu; /* ELF_CORE_XFPREG_TYPE */ 1998 #endif 1999 struct memelfnote notes[1]; 2000 int num_notes; 2001 }; 2002 2003 struct elf_note_info { 2004 struct memelfnote *notes; 2005 struct target_elf_prstatus *prstatus; /* NT_PRSTATUS */ 2006 struct target_elf_prpsinfo *psinfo; /* NT_PRPSINFO */ 2007 2008 QTAILQ_HEAD(thread_list_head, elf_thread_status) thread_list; 2009 #if 0 2010 /* 2011 * Current version of ELF coredump doesn't support 2012 * dumping fp regs etc. 2013 */ 2014 elf_fpregset_t *fpu; 2015 elf_fpxregset_t *xfpu; 2016 int thread_status_size; 2017 #endif 2018 int notes_size; 2019 int numnote; 2020 }; 2021 2022 struct vm_area_struct { 2023 abi_ulong vma_start; /* start vaddr of memory region */ 2024 abi_ulong vma_end; /* end vaddr of memory region */ 2025 abi_ulong vma_flags; /* protection etc. flags for the region */ 2026 QTAILQ_ENTRY(vm_area_struct) vma_link; 2027 }; 2028 2029 struct mm_struct { 2030 QTAILQ_HEAD(, vm_area_struct) mm_mmap; 2031 int mm_count; /* number of mappings */ 2032 }; 2033 2034 static struct mm_struct *vma_init(void); 2035 static void vma_delete(struct mm_struct *); 2036 static int vma_add_mapping(struct mm_struct *, abi_ulong, 2037 abi_ulong, abi_ulong); 2038 static int vma_get_mapping_count(const struct mm_struct *); 2039 static struct vm_area_struct *vma_first(const struct mm_struct *); 2040 static struct vm_area_struct *vma_next(struct vm_area_struct *); 2041 static abi_ulong vma_dump_size(const struct vm_area_struct *); 2042 static int vma_walker(void *priv, abi_ulong start, abi_ulong end, 2043 unsigned long flags); 2044 2045 static void fill_elf_header(struct elfhdr *, int, uint16_t, uint32_t); 2046 static void fill_note(struct memelfnote *, const char *, int, 2047 unsigned int, void *); 2048 static void fill_prstatus(struct target_elf_prstatus *, const TaskState *, int); 2049 static int fill_psinfo(struct target_elf_prpsinfo *, const TaskState *); 2050 static void fill_auxv_note(struct memelfnote *, const TaskState *); 2051 static void fill_elf_note_phdr(struct elf_phdr *, int, off_t); 2052 static size_t note_size(const struct memelfnote *); 2053 static void free_note_info(struct elf_note_info *); 2054 static int fill_note_info(struct elf_note_info *, long, const CPUState *); 2055 static void fill_thread_info(struct elf_note_info *, const CPUState *); 2056 static int core_dump_filename(const TaskState *, char *, size_t); 2057 2058 static int dump_write(int, const void *, size_t); 2059 static int write_note(struct memelfnote *, int); 2060 static int write_note_info(struct elf_note_info *, int); 2061 2062 #ifdef BSWAP_NEEDED 2063 static void bswap_prstatus(struct target_elf_prstatus *prstatus) 2064 { 2065 prstatus->pr_info.si_signo = tswapl(prstatus->pr_info.si_signo); 2066 prstatus->pr_info.si_code = tswapl(prstatus->pr_info.si_code); 2067 prstatus->pr_info.si_errno = tswapl(prstatus->pr_info.si_errno); 2068 prstatus->pr_cursig = tswap16(prstatus->pr_cursig); 2069 prstatus->pr_sigpend = tswapl(prstatus->pr_sigpend); 2070 prstatus->pr_sighold = tswapl(prstatus->pr_sighold); 2071 prstatus->pr_pid = tswap32(prstatus->pr_pid); 2072 prstatus->pr_ppid = tswap32(prstatus->pr_ppid); 2073 prstatus->pr_pgrp = tswap32(prstatus->pr_pgrp); 2074 prstatus->pr_sid = tswap32(prstatus->pr_sid); 2075 /* cpu times are not filled, so we skip them */ 2076 /* regs should be in correct format already */ 2077 prstatus->pr_fpvalid = tswap32(prstatus->pr_fpvalid); 2078 } 2079 2080 static void bswap_psinfo(struct target_elf_prpsinfo *psinfo) 2081 { 2082 psinfo->pr_flag = tswapl(psinfo->pr_flag); 2083 psinfo->pr_uid = tswap16(psinfo->pr_uid); 2084 psinfo->pr_gid = tswap16(psinfo->pr_gid); 2085 psinfo->pr_pid = tswap32(psinfo->pr_pid); 2086 psinfo->pr_ppid = tswap32(psinfo->pr_ppid); 2087 psinfo->pr_pgrp = tswap32(psinfo->pr_pgrp); 2088 psinfo->pr_sid = tswap32(psinfo->pr_sid); 2089 } 2090 2091 static void bswap_note(struct elf_note *en) 2092 { 2093 bswap32s(&en->n_namesz); 2094 bswap32s(&en->n_descsz); 2095 bswap32s(&en->n_type); 2096 } 2097 #else 2098 static inline void bswap_prstatus(struct target_elf_prstatus *p) { } 2099 static inline void bswap_psinfo(struct target_elf_prpsinfo *p) {} 2100 static inline void bswap_note(struct elf_note *en) { } 2101 #endif /* BSWAP_NEEDED */ 2102 2103 /* 2104 * Minimal support for linux memory regions. These are needed 2105 * when we are finding out what memory exactly belongs to 2106 * emulated process. No locks needed here, as long as 2107 * thread that received the signal is stopped. 2108 */ 2109 2110 static struct mm_struct *vma_init(void) 2111 { 2112 struct mm_struct *mm; 2113 2114 if ((mm = g_malloc(sizeof (*mm))) == NULL) 2115 return (NULL); 2116 2117 mm->mm_count = 0; 2118 QTAILQ_INIT(&mm->mm_mmap); 2119 2120 return (mm); 2121 } 2122 2123 static void vma_delete(struct mm_struct *mm) 2124 { 2125 struct vm_area_struct *vma; 2126 2127 while ((vma = vma_first(mm)) != NULL) { 2128 QTAILQ_REMOVE(&mm->mm_mmap, vma, vma_link); 2129 g_free(vma); 2130 } 2131 g_free(mm); 2132 } 2133 2134 static int vma_add_mapping(struct mm_struct *mm, abi_ulong start, 2135 abi_ulong end, abi_ulong flags) 2136 { 2137 struct vm_area_struct *vma; 2138 2139 if ((vma = g_malloc0(sizeof (*vma))) == NULL) 2140 return (-1); 2141 2142 vma->vma_start = start; 2143 vma->vma_end = end; 2144 vma->vma_flags = flags; 2145 2146 QTAILQ_INSERT_TAIL(&mm->mm_mmap, vma, vma_link); 2147 mm->mm_count++; 2148 2149 return (0); 2150 } 2151 2152 static struct vm_area_struct *vma_first(const struct mm_struct *mm) 2153 { 2154 return (QTAILQ_FIRST(&mm->mm_mmap)); 2155 } 2156 2157 static struct vm_area_struct *vma_next(struct vm_area_struct *vma) 2158 { 2159 return (QTAILQ_NEXT(vma, vma_link)); 2160 } 2161 2162 static int vma_get_mapping_count(const struct mm_struct *mm) 2163 { 2164 return (mm->mm_count); 2165 } 2166 2167 /* 2168 * Calculate file (dump) size of given memory region. 2169 */ 2170 static abi_ulong vma_dump_size(const struct vm_area_struct *vma) 2171 { 2172 /* if we cannot even read the first page, skip it */ 2173 if (!access_ok(VERIFY_READ, vma->vma_start, TARGET_PAGE_SIZE)) 2174 return (0); 2175 2176 /* 2177 * Usually we don't dump executable pages as they contain 2178 * non-writable code that debugger can read directly from 2179 * target library etc. However, thread stacks are marked 2180 * also executable so we read in first page of given region 2181 * and check whether it contains elf header. If there is 2182 * no elf header, we dump it. 2183 */ 2184 if (vma->vma_flags & PROT_EXEC) { 2185 char page[TARGET_PAGE_SIZE]; 2186 2187 copy_from_user(page, vma->vma_start, sizeof (page)); 2188 if ((page[EI_MAG0] == ELFMAG0) && 2189 (page[EI_MAG1] == ELFMAG1) && 2190 (page[EI_MAG2] == ELFMAG2) && 2191 (page[EI_MAG3] == ELFMAG3)) { 2192 /* 2193 * Mappings are possibly from ELF binary. Don't dump 2194 * them. 2195 */ 2196 return (0); 2197 } 2198 } 2199 2200 return (vma->vma_end - vma->vma_start); 2201 } 2202 2203 static int vma_walker(void *priv, abi_ulong start, abi_ulong end, 2204 unsigned long flags) 2205 { 2206 struct mm_struct *mm = (struct mm_struct *)priv; 2207 2208 vma_add_mapping(mm, start, end, flags); 2209 return (0); 2210 } 2211 2212 static void fill_note(struct memelfnote *note, const char *name, int type, 2213 unsigned int sz, void *data) 2214 { 2215 unsigned int namesz; 2216 2217 namesz = strlen(name) + 1; 2218 note->name = name; 2219 note->namesz = namesz; 2220 note->namesz_rounded = roundup(namesz, sizeof (int32_t)); 2221 note->type = type; 2222 note->datasz = sz; 2223 note->datasz_rounded = roundup(sz, sizeof (int32_t)); 2224 2225 note->data = data; 2226 2227 /* 2228 * We calculate rounded up note size here as specified by 2229 * ELF document. 2230 */ 2231 note->notesz = sizeof (struct elf_note) + 2232 note->namesz_rounded + note->datasz_rounded; 2233 } 2234 2235 static void fill_elf_header(struct elfhdr *elf, int segs, uint16_t machine, 2236 uint32_t flags) 2237 { 2238 (void) memset(elf, 0, sizeof(*elf)); 2239 2240 (void) memcpy(elf->e_ident, ELFMAG, SELFMAG); 2241 elf->e_ident[EI_CLASS] = ELF_CLASS; 2242 elf->e_ident[EI_DATA] = ELF_DATA; 2243 elf->e_ident[EI_VERSION] = EV_CURRENT; 2244 elf->e_ident[EI_OSABI] = ELF_OSABI; 2245 2246 elf->e_type = ET_CORE; 2247 elf->e_machine = machine; 2248 elf->e_version = EV_CURRENT; 2249 elf->e_phoff = sizeof(struct elfhdr); 2250 elf->e_flags = flags; 2251 elf->e_ehsize = sizeof(struct elfhdr); 2252 elf->e_phentsize = sizeof(struct elf_phdr); 2253 elf->e_phnum = segs; 2254 2255 bswap_ehdr(elf); 2256 } 2257 2258 static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, off_t offset) 2259 { 2260 phdr->p_type = PT_NOTE; 2261 phdr->p_offset = offset; 2262 phdr->p_vaddr = 0; 2263 phdr->p_paddr = 0; 2264 phdr->p_filesz = sz; 2265 phdr->p_memsz = 0; 2266 phdr->p_flags = 0; 2267 phdr->p_align = 0; 2268 2269 bswap_phdr(phdr, 1); 2270 } 2271 2272 static size_t note_size(const struct memelfnote *note) 2273 { 2274 return (note->notesz); 2275 } 2276 2277 static void fill_prstatus(struct target_elf_prstatus *prstatus, 2278 const TaskState *ts, int signr) 2279 { 2280 (void) memset(prstatus, 0, sizeof (*prstatus)); 2281 prstatus->pr_info.si_signo = prstatus->pr_cursig = signr; 2282 prstatus->pr_pid = ts->ts_tid; 2283 prstatus->pr_ppid = getppid(); 2284 prstatus->pr_pgrp = getpgrp(); 2285 prstatus->pr_sid = getsid(0); 2286 2287 bswap_prstatus(prstatus); 2288 } 2289 2290 static int fill_psinfo(struct target_elf_prpsinfo *psinfo, const TaskState *ts) 2291 { 2292 char *filename, *base_filename; 2293 unsigned int i, len; 2294 2295 (void) memset(psinfo, 0, sizeof (*psinfo)); 2296 2297 len = ts->info->arg_end - ts->info->arg_start; 2298 if (len >= ELF_PRARGSZ) 2299 len = ELF_PRARGSZ - 1; 2300 if (copy_from_user(&psinfo->pr_psargs, ts->info->arg_start, len)) 2301 return -EFAULT; 2302 for (i = 0; i < len; i++) 2303 if (psinfo->pr_psargs[i] == 0) 2304 psinfo->pr_psargs[i] = ' '; 2305 psinfo->pr_psargs[len] = 0; 2306 2307 psinfo->pr_pid = getpid(); 2308 psinfo->pr_ppid = getppid(); 2309 psinfo->pr_pgrp = getpgrp(); 2310 psinfo->pr_sid = getsid(0); 2311 psinfo->pr_uid = getuid(); 2312 psinfo->pr_gid = getgid(); 2313 2314 filename = strdup(ts->bprm->filename); 2315 base_filename = strdup(basename(filename)); 2316 (void) strncpy(psinfo->pr_fname, base_filename, 2317 sizeof(psinfo->pr_fname)); 2318 free(base_filename); 2319 free(filename); 2320 2321 bswap_psinfo(psinfo); 2322 return (0); 2323 } 2324 2325 static void fill_auxv_note(struct memelfnote *note, const TaskState *ts) 2326 { 2327 elf_addr_t auxv = (elf_addr_t)ts->info->saved_auxv; 2328 elf_addr_t orig_auxv = auxv; 2329 abi_ulong val; 2330 void *ptr; 2331 int i, len; 2332 2333 /* 2334 * Auxiliary vector is stored in target process stack. It contains 2335 * {type, value} pairs that we need to dump into note. This is not 2336 * strictly necessary but we do it here for sake of completeness. 2337 */ 2338 2339 /* find out length of the vector, AT_NULL is terminator */ 2340 i = len = 0; 2341 do { 2342 get_user_ual(val, auxv); 2343 i += 2; 2344 auxv += 2 * sizeof (elf_addr_t); 2345 } while (val != AT_NULL); 2346 len = i * sizeof (elf_addr_t); 2347 2348 /* read in whole auxv vector and copy it to memelfnote */ 2349 ptr = lock_user(VERIFY_READ, orig_auxv, len, 0); 2350 if (ptr != NULL) { 2351 fill_note(note, "CORE", NT_AUXV, len, ptr); 2352 unlock_user(ptr, auxv, len); 2353 } 2354 } 2355 2356 /* 2357 * Constructs name of coredump file. We have following convention 2358 * for the name: 2359 * qemu_<basename-of-target-binary>_<date>-<time>_<pid>.core 2360 * 2361 * Returns 0 in case of success, -1 otherwise (errno is set). 2362 */ 2363 static int core_dump_filename(const TaskState *ts, char *buf, 2364 size_t bufsize) 2365 { 2366 char timestamp[64]; 2367 char *filename = NULL; 2368 char *base_filename = NULL; 2369 struct timeval tv; 2370 struct tm tm; 2371 2372 assert(bufsize >= PATH_MAX); 2373 2374 if (gettimeofday(&tv, NULL) < 0) { 2375 (void) fprintf(stderr, "unable to get current timestamp: %s", 2376 strerror(errno)); 2377 return (-1); 2378 } 2379 2380 filename = strdup(ts->bprm->filename); 2381 base_filename = strdup(basename(filename)); 2382 (void) strftime(timestamp, sizeof (timestamp), "%Y%m%d-%H%M%S", 2383 localtime_r(&tv.tv_sec, &tm)); 2384 (void) snprintf(buf, bufsize, "qemu_%s_%s_%d.core", 2385 base_filename, timestamp, (int)getpid()); 2386 free(base_filename); 2387 free(filename); 2388 2389 return (0); 2390 } 2391 2392 static int dump_write(int fd, const void *ptr, size_t size) 2393 { 2394 const char *bufp = (const char *)ptr; 2395 ssize_t bytes_written, bytes_left; 2396 struct rlimit dumpsize; 2397 off_t pos; 2398 2399 bytes_written = 0; 2400 getrlimit(RLIMIT_CORE, &dumpsize); 2401 if ((pos = lseek(fd, 0, SEEK_CUR))==-1) { 2402 if (errno == ESPIPE) { /* not a seekable stream */ 2403 bytes_left = size; 2404 } else { 2405 return pos; 2406 } 2407 } else { 2408 if (dumpsize.rlim_cur <= pos) { 2409 return -1; 2410 } else if (dumpsize.rlim_cur == RLIM_INFINITY) { 2411 bytes_left = size; 2412 } else { 2413 size_t limit_left=dumpsize.rlim_cur - pos; 2414 bytes_left = limit_left >= size ? size : limit_left ; 2415 } 2416 } 2417 2418 /* 2419 * In normal conditions, single write(2) should do but 2420 * in case of socket etc. this mechanism is more portable. 2421 */ 2422 do { 2423 bytes_written = write(fd, bufp, bytes_left); 2424 if (bytes_written < 0) { 2425 if (errno == EINTR) 2426 continue; 2427 return (-1); 2428 } else if (bytes_written == 0) { /* eof */ 2429 return (-1); 2430 } 2431 bufp += bytes_written; 2432 bytes_left -= bytes_written; 2433 } while (bytes_left > 0); 2434 2435 return (0); 2436 } 2437 2438 static int write_note(struct memelfnote *men, int fd) 2439 { 2440 struct elf_note en; 2441 2442 en.n_namesz = men->namesz; 2443 en.n_type = men->type; 2444 en.n_descsz = men->datasz; 2445 2446 bswap_note(&en); 2447 2448 if (dump_write(fd, &en, sizeof(en)) != 0) 2449 return (-1); 2450 if (dump_write(fd, men->name, men->namesz_rounded) != 0) 2451 return (-1); 2452 if (dump_write(fd, men->data, men->datasz_rounded) != 0) 2453 return (-1); 2454 2455 return (0); 2456 } 2457 2458 static void fill_thread_info(struct elf_note_info *info, const CPUState *env) 2459 { 2460 TaskState *ts = (TaskState *)env->opaque; 2461 struct elf_thread_status *ets; 2462 2463 ets = g_malloc0(sizeof (*ets)); 2464 ets->num_notes = 1; /* only prstatus is dumped */ 2465 fill_prstatus(&ets->prstatus, ts, 0); 2466 elf_core_copy_regs(&ets->prstatus.pr_reg, env); 2467 fill_note(&ets->notes[0], "CORE", NT_PRSTATUS, sizeof (ets->prstatus), 2468 &ets->prstatus); 2469 2470 QTAILQ_INSERT_TAIL(&info->thread_list, ets, ets_link); 2471 2472 info->notes_size += note_size(&ets->notes[0]); 2473 } 2474 2475 static int fill_note_info(struct elf_note_info *info, 2476 long signr, const CPUState *env) 2477 { 2478 #define NUMNOTES 3 2479 CPUState *cpu = NULL; 2480 TaskState *ts = (TaskState *)env->opaque; 2481 int i; 2482 2483 (void) memset(info, 0, sizeof (*info)); 2484 2485 QTAILQ_INIT(&info->thread_list); 2486 2487 info->notes = g_malloc0(NUMNOTES * sizeof (struct memelfnote)); 2488 if (info->notes == NULL) 2489 return (-ENOMEM); 2490 info->prstatus = g_malloc0(sizeof (*info->prstatus)); 2491 if (info->prstatus == NULL) 2492 return (-ENOMEM); 2493 info->psinfo = g_malloc0(sizeof (*info->psinfo)); 2494 if (info->prstatus == NULL) 2495 return (-ENOMEM); 2496 2497 /* 2498 * First fill in status (and registers) of current thread 2499 * including process info & aux vector. 2500 */ 2501 fill_prstatus(info->prstatus, ts, signr); 2502 elf_core_copy_regs(&info->prstatus->pr_reg, env); 2503 fill_note(&info->notes[0], "CORE", NT_PRSTATUS, 2504 sizeof (*info->prstatus), info->prstatus); 2505 fill_psinfo(info->psinfo, ts); 2506 fill_note(&info->notes[1], "CORE", NT_PRPSINFO, 2507 sizeof (*info->psinfo), info->psinfo); 2508 fill_auxv_note(&info->notes[2], ts); 2509 info->numnote = 3; 2510 2511 info->notes_size = 0; 2512 for (i = 0; i < info->numnote; i++) 2513 info->notes_size += note_size(&info->notes[i]); 2514 2515 /* read and fill status of all threads */ 2516 cpu_list_lock(); 2517 for (cpu = first_cpu; cpu != NULL; cpu = cpu->next_cpu) { 2518 if (cpu == thread_env) 2519 continue; 2520 fill_thread_info(info, cpu); 2521 } 2522 cpu_list_unlock(); 2523 2524 return (0); 2525 } 2526 2527 static void free_note_info(struct elf_note_info *info) 2528 { 2529 struct elf_thread_status *ets; 2530 2531 while (!QTAILQ_EMPTY(&info->thread_list)) { 2532 ets = QTAILQ_FIRST(&info->thread_list); 2533 QTAILQ_REMOVE(&info->thread_list, ets, ets_link); 2534 g_free(ets); 2535 } 2536 2537 g_free(info->prstatus); 2538 g_free(info->psinfo); 2539 g_free(info->notes); 2540 } 2541 2542 static int write_note_info(struct elf_note_info *info, int fd) 2543 { 2544 struct elf_thread_status *ets; 2545 int i, error = 0; 2546 2547 /* write prstatus, psinfo and auxv for current thread */ 2548 for (i = 0; i < info->numnote; i++) 2549 if ((error = write_note(&info->notes[i], fd)) != 0) 2550 return (error); 2551 2552 /* write prstatus for each thread */ 2553 for (ets = info->thread_list.tqh_first; ets != NULL; 2554 ets = ets->ets_link.tqe_next) { 2555 if ((error = write_note(&ets->notes[0], fd)) != 0) 2556 return (error); 2557 } 2558 2559 return (0); 2560 } 2561 2562 /* 2563 * Write out ELF coredump. 2564 * 2565 * See documentation of ELF object file format in: 2566 * http://www.caldera.com/developers/devspecs/gabi41.pdf 2567 * 2568 * Coredump format in linux is following: 2569 * 2570 * 0 +----------------------+ \ 2571 * | ELF header | ET_CORE | 2572 * +----------------------+ | 2573 * | ELF program headers | |--- headers 2574 * | - NOTE section | | 2575 * | - PT_LOAD sections | | 2576 * +----------------------+ / 2577 * | NOTEs: | 2578 * | - NT_PRSTATUS | 2579 * | - NT_PRSINFO | 2580 * | - NT_AUXV | 2581 * +----------------------+ <-- aligned to target page 2582 * | Process memory dump | 2583 * : : 2584 * . . 2585 * : : 2586 * | | 2587 * +----------------------+ 2588 * 2589 * NT_PRSTATUS -> struct elf_prstatus (per thread) 2590 * NT_PRSINFO -> struct elf_prpsinfo 2591 * NT_AUXV is array of { type, value } pairs (see fill_auxv_note()). 2592 * 2593 * Format follows System V format as close as possible. Current 2594 * version limitations are as follows: 2595 * - no floating point registers are dumped 2596 * 2597 * Function returns 0 in case of success, negative errno otherwise. 2598 * 2599 * TODO: make this work also during runtime: it should be 2600 * possible to force coredump from running process and then 2601 * continue processing. For example qemu could set up SIGUSR2 2602 * handler (provided that target process haven't registered 2603 * handler for that) that does the dump when signal is received. 2604 */ 2605 static int elf_core_dump(int signr, const CPUState *env) 2606 { 2607 const TaskState *ts = (const TaskState *)env->opaque; 2608 struct vm_area_struct *vma = NULL; 2609 char corefile[PATH_MAX]; 2610 struct elf_note_info info; 2611 struct elfhdr elf; 2612 struct elf_phdr phdr; 2613 struct rlimit dumpsize; 2614 struct mm_struct *mm = NULL; 2615 off_t offset = 0, data_offset = 0; 2616 int segs = 0; 2617 int fd = -1; 2618 2619 errno = 0; 2620 getrlimit(RLIMIT_CORE, &dumpsize); 2621 if (dumpsize.rlim_cur == 0) 2622 return 0; 2623 2624 if (core_dump_filename(ts, corefile, sizeof (corefile)) < 0) 2625 return (-errno); 2626 2627 if ((fd = open(corefile, O_WRONLY | O_CREAT, 2628 S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)) < 0) 2629 return (-errno); 2630 2631 /* 2632 * Walk through target process memory mappings and 2633 * set up structure containing this information. After 2634 * this point vma_xxx functions can be used. 2635 */ 2636 if ((mm = vma_init()) == NULL) 2637 goto out; 2638 2639 walk_memory_regions(mm, vma_walker); 2640 segs = vma_get_mapping_count(mm); 2641 2642 /* 2643 * Construct valid coredump ELF header. We also 2644 * add one more segment for notes. 2645 */ 2646 fill_elf_header(&elf, segs + 1, ELF_MACHINE, 0); 2647 if (dump_write(fd, &elf, sizeof (elf)) != 0) 2648 goto out; 2649 2650 /* fill in in-memory version of notes */ 2651 if (fill_note_info(&info, signr, env) < 0) 2652 goto out; 2653 2654 offset += sizeof (elf); /* elf header */ 2655 offset += (segs + 1) * sizeof (struct elf_phdr); /* program headers */ 2656 2657 /* write out notes program header */ 2658 fill_elf_note_phdr(&phdr, info.notes_size, offset); 2659 2660 offset += info.notes_size; 2661 if (dump_write(fd, &phdr, sizeof (phdr)) != 0) 2662 goto out; 2663 2664 /* 2665 * ELF specification wants data to start at page boundary so 2666 * we align it here. 2667 */ 2668 data_offset = offset = roundup(offset, ELF_EXEC_PAGESIZE); 2669 2670 /* 2671 * Write program headers for memory regions mapped in 2672 * the target process. 2673 */ 2674 for (vma = vma_first(mm); vma != NULL; vma = vma_next(vma)) { 2675 (void) memset(&phdr, 0, sizeof (phdr)); 2676 2677 phdr.p_type = PT_LOAD; 2678 phdr.p_offset = offset; 2679 phdr.p_vaddr = vma->vma_start; 2680 phdr.p_paddr = 0; 2681 phdr.p_filesz = vma_dump_size(vma); 2682 offset += phdr.p_filesz; 2683 phdr.p_memsz = vma->vma_end - vma->vma_start; 2684 phdr.p_flags = vma->vma_flags & PROT_READ ? PF_R : 0; 2685 if (vma->vma_flags & PROT_WRITE) 2686 phdr.p_flags |= PF_W; 2687 if (vma->vma_flags & PROT_EXEC) 2688 phdr.p_flags |= PF_X; 2689 phdr.p_align = ELF_EXEC_PAGESIZE; 2690 2691 bswap_phdr(&phdr, 1); 2692 dump_write(fd, &phdr, sizeof (phdr)); 2693 } 2694 2695 /* 2696 * Next we write notes just after program headers. No 2697 * alignment needed here. 2698 */ 2699 if (write_note_info(&info, fd) < 0) 2700 goto out; 2701 2702 /* align data to page boundary */ 2703 if (lseek(fd, data_offset, SEEK_SET) != data_offset) 2704 goto out; 2705 2706 /* 2707 * Finally we can dump process memory into corefile as well. 2708 */ 2709 for (vma = vma_first(mm); vma != NULL; vma = vma_next(vma)) { 2710 abi_ulong addr; 2711 abi_ulong end; 2712 2713 end = vma->vma_start + vma_dump_size(vma); 2714 2715 for (addr = vma->vma_start; addr < end; 2716 addr += TARGET_PAGE_SIZE) { 2717 char page[TARGET_PAGE_SIZE]; 2718 int error; 2719 2720 /* 2721 * Read in page from target process memory and 2722 * write it to coredump file. 2723 */ 2724 error = copy_from_user(page, addr, sizeof (page)); 2725 if (error != 0) { 2726 (void) fprintf(stderr, "unable to dump " TARGET_ABI_FMT_lx "\n", 2727 addr); 2728 errno = -error; 2729 goto out; 2730 } 2731 if (dump_write(fd, page, TARGET_PAGE_SIZE) < 0) 2732 goto out; 2733 } 2734 } 2735 2736 out: 2737 free_note_info(&info); 2738 if (mm != NULL) 2739 vma_delete(mm); 2740 (void) close(fd); 2741 2742 if (errno != 0) 2743 return (-errno); 2744 return (0); 2745 } 2746 #endif /* USE_ELF_CORE_DUMP */ 2747 2748 void do_init_thread(struct target_pt_regs *regs, struct image_info *infop) 2749 { 2750 init_thread(regs, infop); 2751 } 2752