xref: /openbmc/qemu/linux-user/elfload.c (revision 1b111dc1)
1 /* This is the Linux kernel elf-loading code, ported into user space */
2 #include <sys/time.h>
3 #include <sys/param.h>
4 
5 #include <stdio.h>
6 #include <sys/types.h>
7 #include <fcntl.h>
8 #include <errno.h>
9 #include <unistd.h>
10 #include <sys/mman.h>
11 #include <sys/resource.h>
12 #include <stdlib.h>
13 #include <string.h>
14 #include <time.h>
15 
16 #include "qemu.h"
17 #include "disas/disas.h"
18 
19 #ifdef _ARCH_PPC64
20 #undef ARCH_DLINFO
21 #undef ELF_PLATFORM
22 #undef ELF_HWCAP
23 #undef ELF_CLASS
24 #undef ELF_DATA
25 #undef ELF_ARCH
26 #endif
27 
28 #define ELF_OSABI   ELFOSABI_SYSV
29 
30 /* from personality.h */
31 
32 /*
33  * Flags for bug emulation.
34  *
35  * These occupy the top three bytes.
36  */
37 enum {
38     ADDR_NO_RANDOMIZE = 0x0040000,      /* disable randomization of VA space */
39     FDPIC_FUNCPTRS =    0x0080000,      /* userspace function ptrs point to
40                                            descriptors (signal handling) */
41     MMAP_PAGE_ZERO =    0x0100000,
42     ADDR_COMPAT_LAYOUT = 0x0200000,
43     READ_IMPLIES_EXEC = 0x0400000,
44     ADDR_LIMIT_32BIT =  0x0800000,
45     SHORT_INODE =       0x1000000,
46     WHOLE_SECONDS =     0x2000000,
47     STICKY_TIMEOUTS =   0x4000000,
48     ADDR_LIMIT_3GB =    0x8000000,
49 };
50 
51 /*
52  * Personality types.
53  *
54  * These go in the low byte.  Avoid using the top bit, it will
55  * conflict with error returns.
56  */
57 enum {
58     PER_LINUX =         0x0000,
59     PER_LINUX_32BIT =   0x0000 | ADDR_LIMIT_32BIT,
60     PER_LINUX_FDPIC =   0x0000 | FDPIC_FUNCPTRS,
61     PER_SVR4 =          0x0001 | STICKY_TIMEOUTS | MMAP_PAGE_ZERO,
62     PER_SVR3 =          0x0002 | STICKY_TIMEOUTS | SHORT_INODE,
63     PER_SCOSVR3 =       0x0003 | STICKY_TIMEOUTS | WHOLE_SECONDS | SHORT_INODE,
64     PER_OSR5 =          0x0003 | STICKY_TIMEOUTS | WHOLE_SECONDS,
65     PER_WYSEV386 =      0x0004 | STICKY_TIMEOUTS | SHORT_INODE,
66     PER_ISCR4 =         0x0005 | STICKY_TIMEOUTS,
67     PER_BSD =           0x0006,
68     PER_SUNOS =         0x0006 | STICKY_TIMEOUTS,
69     PER_XENIX =         0x0007 | STICKY_TIMEOUTS | SHORT_INODE,
70     PER_LINUX32 =       0x0008,
71     PER_LINUX32_3GB =   0x0008 | ADDR_LIMIT_3GB,
72     PER_IRIX32 =        0x0009 | STICKY_TIMEOUTS,/* IRIX5 32-bit */
73     PER_IRIXN32 =       0x000a | STICKY_TIMEOUTS,/* IRIX6 new 32-bit */
74     PER_IRIX64 =        0x000b | STICKY_TIMEOUTS,/* IRIX6 64-bit */
75     PER_RISCOS =        0x000c,
76     PER_SOLARIS =       0x000d | STICKY_TIMEOUTS,
77     PER_UW7 =           0x000e | STICKY_TIMEOUTS | MMAP_PAGE_ZERO,
78     PER_OSF4 =          0x000f,                  /* OSF/1 v4 */
79     PER_HPUX =          0x0010,
80     PER_MASK =          0x00ff,
81 };
82 
83 /*
84  * Return the base personality without flags.
85  */
86 #define personality(pers)       (pers & PER_MASK)
87 
88 /* this flag is uneffective under linux too, should be deleted */
89 #ifndef MAP_DENYWRITE
90 #define MAP_DENYWRITE 0
91 #endif
92 
93 /* should probably go in elf.h */
94 #ifndef ELIBBAD
95 #define ELIBBAD 80
96 #endif
97 
98 #ifdef TARGET_WORDS_BIGENDIAN
99 #define ELF_DATA        ELFDATA2MSB
100 #else
101 #define ELF_DATA        ELFDATA2LSB
102 #endif
103 
104 #ifdef TARGET_ABI_MIPSN32
105 typedef abi_ullong      target_elf_greg_t;
106 #define tswapreg(ptr)   tswap64(ptr)
107 #else
108 typedef abi_ulong       target_elf_greg_t;
109 #define tswapreg(ptr)   tswapal(ptr)
110 #endif
111 
112 #ifdef USE_UID16
113 typedef abi_ushort      target_uid_t;
114 typedef abi_ushort      target_gid_t;
115 #else
116 typedef abi_uint        target_uid_t;
117 typedef abi_uint        target_gid_t;
118 #endif
119 typedef abi_int         target_pid_t;
120 
121 #ifdef TARGET_I386
122 
123 #define ELF_PLATFORM get_elf_platform()
124 
125 static const char *get_elf_platform(void)
126 {
127     static char elf_platform[] = "i386";
128     int family = object_property_get_int(OBJECT(thread_cpu), "family", NULL);
129     if (family > 6)
130         family = 6;
131     if (family >= 3)
132         elf_platform[1] = '0' + family;
133     return elf_platform;
134 }
135 
136 #define ELF_HWCAP get_elf_hwcap()
137 
138 static uint32_t get_elf_hwcap(void)
139 {
140     X86CPU *cpu = X86_CPU(thread_cpu);
141 
142     return cpu->env.features[FEAT_1_EDX];
143 }
144 
145 #ifdef TARGET_X86_64
146 #define ELF_START_MMAP 0x2aaaaab000ULL
147 #define elf_check_arch(x) ( ((x) == ELF_ARCH) )
148 
149 #define ELF_CLASS      ELFCLASS64
150 #define ELF_ARCH       EM_X86_64
151 
152 static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop)
153 {
154     regs->rax = 0;
155     regs->rsp = infop->start_stack;
156     regs->rip = infop->entry;
157 }
158 
159 #define ELF_NREG    27
160 typedef target_elf_greg_t  target_elf_gregset_t[ELF_NREG];
161 
162 /*
163  * Note that ELF_NREG should be 29 as there should be place for
164  * TRAPNO and ERR "registers" as well but linux doesn't dump
165  * those.
166  *
167  * See linux kernel: arch/x86/include/asm/elf.h
168  */
169 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUX86State *env)
170 {
171     (*regs)[0] = env->regs[15];
172     (*regs)[1] = env->regs[14];
173     (*regs)[2] = env->regs[13];
174     (*regs)[3] = env->regs[12];
175     (*regs)[4] = env->regs[R_EBP];
176     (*regs)[5] = env->regs[R_EBX];
177     (*regs)[6] = env->regs[11];
178     (*regs)[7] = env->regs[10];
179     (*regs)[8] = env->regs[9];
180     (*regs)[9] = env->regs[8];
181     (*regs)[10] = env->regs[R_EAX];
182     (*regs)[11] = env->regs[R_ECX];
183     (*regs)[12] = env->regs[R_EDX];
184     (*regs)[13] = env->regs[R_ESI];
185     (*regs)[14] = env->regs[R_EDI];
186     (*regs)[15] = env->regs[R_EAX]; /* XXX */
187     (*regs)[16] = env->eip;
188     (*regs)[17] = env->segs[R_CS].selector & 0xffff;
189     (*regs)[18] = env->eflags;
190     (*regs)[19] = env->regs[R_ESP];
191     (*regs)[20] = env->segs[R_SS].selector & 0xffff;
192     (*regs)[21] = env->segs[R_FS].selector & 0xffff;
193     (*regs)[22] = env->segs[R_GS].selector & 0xffff;
194     (*regs)[23] = env->segs[R_DS].selector & 0xffff;
195     (*regs)[24] = env->segs[R_ES].selector & 0xffff;
196     (*regs)[25] = env->segs[R_FS].selector & 0xffff;
197     (*regs)[26] = env->segs[R_GS].selector & 0xffff;
198 }
199 
200 #else
201 
202 #define ELF_START_MMAP 0x80000000
203 
204 /*
205  * This is used to ensure we don't load something for the wrong architecture.
206  */
207 #define elf_check_arch(x) ( ((x) == EM_386) || ((x) == EM_486) )
208 
209 /*
210  * These are used to set parameters in the core dumps.
211  */
212 #define ELF_CLASS       ELFCLASS32
213 #define ELF_ARCH        EM_386
214 
215 static inline void init_thread(struct target_pt_regs *regs,
216                                struct image_info *infop)
217 {
218     regs->esp = infop->start_stack;
219     regs->eip = infop->entry;
220 
221     /* SVR4/i386 ABI (pages 3-31, 3-32) says that when the program
222        starts %edx contains a pointer to a function which might be
223        registered using `atexit'.  This provides a mean for the
224        dynamic linker to call DT_FINI functions for shared libraries
225        that have been loaded before the code runs.
226 
227        A value of 0 tells we have no such handler.  */
228     regs->edx = 0;
229 }
230 
231 #define ELF_NREG    17
232 typedef target_elf_greg_t  target_elf_gregset_t[ELF_NREG];
233 
234 /*
235  * Note that ELF_NREG should be 19 as there should be place for
236  * TRAPNO and ERR "registers" as well but linux doesn't dump
237  * those.
238  *
239  * See linux kernel: arch/x86/include/asm/elf.h
240  */
241 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUX86State *env)
242 {
243     (*regs)[0] = env->regs[R_EBX];
244     (*regs)[1] = env->regs[R_ECX];
245     (*regs)[2] = env->regs[R_EDX];
246     (*regs)[3] = env->regs[R_ESI];
247     (*regs)[4] = env->regs[R_EDI];
248     (*regs)[5] = env->regs[R_EBP];
249     (*regs)[6] = env->regs[R_EAX];
250     (*regs)[7] = env->segs[R_DS].selector & 0xffff;
251     (*regs)[8] = env->segs[R_ES].selector & 0xffff;
252     (*regs)[9] = env->segs[R_FS].selector & 0xffff;
253     (*regs)[10] = env->segs[R_GS].selector & 0xffff;
254     (*regs)[11] = env->regs[R_EAX]; /* XXX */
255     (*regs)[12] = env->eip;
256     (*regs)[13] = env->segs[R_CS].selector & 0xffff;
257     (*regs)[14] = env->eflags;
258     (*regs)[15] = env->regs[R_ESP];
259     (*regs)[16] = env->segs[R_SS].selector & 0xffff;
260 }
261 #endif
262 
263 #define USE_ELF_CORE_DUMP
264 #define ELF_EXEC_PAGESIZE       4096
265 
266 #endif
267 
268 #ifdef TARGET_ARM
269 
270 #define ELF_START_MMAP 0x80000000
271 
272 #define elf_check_arch(x) ((x) == ELF_MACHINE)
273 
274 #define ELF_ARCH        ELF_MACHINE
275 
276 #ifdef TARGET_AARCH64
277 #define ELF_CLASS       ELFCLASS64
278 #else
279 #define ELF_CLASS       ELFCLASS32
280 #endif
281 
282 static inline void init_thread(struct target_pt_regs *regs,
283                                struct image_info *infop)
284 {
285     abi_long stack = infop->start_stack;
286     memset(regs, 0, sizeof(*regs));
287 
288 #ifdef TARGET_AARCH64
289     regs->pc = infop->entry & ~0x3ULL;
290     regs->sp = stack;
291 #else
292     regs->ARM_cpsr = 0x10;
293     if (infop->entry & 1)
294         regs->ARM_cpsr |= CPSR_T;
295     regs->ARM_pc = infop->entry & 0xfffffffe;
296     regs->ARM_sp = infop->start_stack;
297     /* FIXME - what to for failure of get_user()? */
298     get_user_ual(regs->ARM_r2, stack + 8); /* envp */
299     get_user_ual(regs->ARM_r1, stack + 4); /* envp */
300     /* XXX: it seems that r0 is zeroed after ! */
301     regs->ARM_r0 = 0;
302     /* For uClinux PIC binaries.  */
303     /* XXX: Linux does this only on ARM with no MMU (do we care ?) */
304     regs->ARM_r10 = infop->start_data;
305 #endif
306 }
307 
308 #define ELF_NREG    18
309 typedef target_elf_greg_t  target_elf_gregset_t[ELF_NREG];
310 
311 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUARMState *env)
312 {
313     (*regs)[0] = tswapreg(env->regs[0]);
314     (*regs)[1] = tswapreg(env->regs[1]);
315     (*regs)[2] = tswapreg(env->regs[2]);
316     (*regs)[3] = tswapreg(env->regs[3]);
317     (*regs)[4] = tswapreg(env->regs[4]);
318     (*regs)[5] = tswapreg(env->regs[5]);
319     (*regs)[6] = tswapreg(env->regs[6]);
320     (*regs)[7] = tswapreg(env->regs[7]);
321     (*regs)[8] = tswapreg(env->regs[8]);
322     (*regs)[9] = tswapreg(env->regs[9]);
323     (*regs)[10] = tswapreg(env->regs[10]);
324     (*regs)[11] = tswapreg(env->regs[11]);
325     (*regs)[12] = tswapreg(env->regs[12]);
326     (*regs)[13] = tswapreg(env->regs[13]);
327     (*regs)[14] = tswapreg(env->regs[14]);
328     (*regs)[15] = tswapreg(env->regs[15]);
329 
330     (*regs)[16] = tswapreg(cpsr_read((CPUARMState *)env));
331     (*regs)[17] = tswapreg(env->regs[0]); /* XXX */
332 }
333 
334 #define USE_ELF_CORE_DUMP
335 #define ELF_EXEC_PAGESIZE       4096
336 
337 enum
338 {
339     ARM_HWCAP_ARM_SWP       = 1 << 0,
340     ARM_HWCAP_ARM_HALF      = 1 << 1,
341     ARM_HWCAP_ARM_THUMB     = 1 << 2,
342     ARM_HWCAP_ARM_26BIT     = 1 << 3,
343     ARM_HWCAP_ARM_FAST_MULT = 1 << 4,
344     ARM_HWCAP_ARM_FPA       = 1 << 5,
345     ARM_HWCAP_ARM_VFP       = 1 << 6,
346     ARM_HWCAP_ARM_EDSP      = 1 << 7,
347     ARM_HWCAP_ARM_JAVA      = 1 << 8,
348     ARM_HWCAP_ARM_IWMMXT    = 1 << 9,
349     ARM_HWCAP_ARM_THUMBEE   = 1 << 10,
350     ARM_HWCAP_ARM_NEON      = 1 << 11,
351     ARM_HWCAP_ARM_VFPv3     = 1 << 12,
352     ARM_HWCAP_ARM_VFPv3D16  = 1 << 13,
353 };
354 
355 #define TARGET_HAS_VALIDATE_GUEST_SPACE
356 /* Return 1 if the proposed guest space is suitable for the guest.
357  * Return 0 if the proposed guest space isn't suitable, but another
358  * address space should be tried.
359  * Return -1 if there is no way the proposed guest space can be
360  * valid regardless of the base.
361  * The guest code may leave a page mapped and populate it if the
362  * address is suitable.
363  */
364 static int validate_guest_space(unsigned long guest_base,
365                                 unsigned long guest_size)
366 {
367     unsigned long real_start, test_page_addr;
368 
369     /* We need to check that we can force a fault on access to the
370      * commpage at 0xffff0fxx
371      */
372     test_page_addr = guest_base + (0xffff0f00 & qemu_host_page_mask);
373 
374     /* If the commpage lies within the already allocated guest space,
375      * then there is no way we can allocate it.
376      */
377     if (test_page_addr >= guest_base
378         && test_page_addr <= (guest_base + guest_size)) {
379         return -1;
380     }
381 
382     /* Note it needs to be writeable to let us initialise it */
383     real_start = (unsigned long)
384                  mmap((void *)test_page_addr, qemu_host_page_size,
385                      PROT_READ | PROT_WRITE,
386                      MAP_ANONYMOUS | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
387 
388     /* If we can't map it then try another address */
389     if (real_start == -1ul) {
390         return 0;
391     }
392 
393     if (real_start != test_page_addr) {
394         /* OS didn't put the page where we asked - unmap and reject */
395         munmap((void *)real_start, qemu_host_page_size);
396         return 0;
397     }
398 
399     /* Leave the page mapped
400      * Populate it (mmap should have left it all 0'd)
401      */
402 
403     /* Kernel helper versions */
404     __put_user(5, (uint32_t *)g2h(0xffff0ffcul));
405 
406     /* Now it's populated make it RO */
407     if (mprotect((void *)test_page_addr, qemu_host_page_size, PROT_READ)) {
408         perror("Protecting guest commpage");
409         exit(-1);
410     }
411 
412     return 1; /* All good */
413 }
414 
415 
416 #define ELF_HWCAP get_elf_hwcap()
417 
418 static uint32_t get_elf_hwcap(void)
419 {
420     ARMCPU *cpu = ARM_CPU(thread_cpu);
421     uint32_t hwcaps = 0;
422 
423     hwcaps |= ARM_HWCAP_ARM_SWP;
424     hwcaps |= ARM_HWCAP_ARM_HALF;
425     hwcaps |= ARM_HWCAP_ARM_THUMB;
426     hwcaps |= ARM_HWCAP_ARM_FAST_MULT;
427     hwcaps |= ARM_HWCAP_ARM_FPA;
428 
429     /* probe for the extra features */
430 #define GET_FEATURE(feat, hwcap) \
431     do { if (arm_feature(&cpu->env, feat)) { hwcaps |= hwcap; } } while (0)
432     GET_FEATURE(ARM_FEATURE_VFP, ARM_HWCAP_ARM_VFP);
433     GET_FEATURE(ARM_FEATURE_IWMMXT, ARM_HWCAP_ARM_IWMMXT);
434     GET_FEATURE(ARM_FEATURE_THUMB2EE, ARM_HWCAP_ARM_THUMBEE);
435     GET_FEATURE(ARM_FEATURE_NEON, ARM_HWCAP_ARM_NEON);
436     GET_FEATURE(ARM_FEATURE_VFP3, ARM_HWCAP_ARM_VFPv3);
437     GET_FEATURE(ARM_FEATURE_VFP_FP16, ARM_HWCAP_ARM_VFPv3D16);
438 #undef GET_FEATURE
439 
440     return hwcaps;
441 }
442 
443 #endif
444 
445 #ifdef TARGET_UNICORE32
446 
447 #define ELF_START_MMAP          0x80000000
448 
449 #define elf_check_arch(x)       ((x) == EM_UNICORE32)
450 
451 #define ELF_CLASS               ELFCLASS32
452 #define ELF_DATA                ELFDATA2LSB
453 #define ELF_ARCH                EM_UNICORE32
454 
455 static inline void init_thread(struct target_pt_regs *regs,
456         struct image_info *infop)
457 {
458     abi_long stack = infop->start_stack;
459     memset(regs, 0, sizeof(*regs));
460     regs->UC32_REG_asr = 0x10;
461     regs->UC32_REG_pc = infop->entry & 0xfffffffe;
462     regs->UC32_REG_sp = infop->start_stack;
463     /* FIXME - what to for failure of get_user()? */
464     get_user_ual(regs->UC32_REG_02, stack + 8); /* envp */
465     get_user_ual(regs->UC32_REG_01, stack + 4); /* envp */
466     /* XXX: it seems that r0 is zeroed after ! */
467     regs->UC32_REG_00 = 0;
468 }
469 
470 #define ELF_NREG    34
471 typedef target_elf_greg_t  target_elf_gregset_t[ELF_NREG];
472 
473 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUUniCore32State *env)
474 {
475     (*regs)[0] = env->regs[0];
476     (*regs)[1] = env->regs[1];
477     (*regs)[2] = env->regs[2];
478     (*regs)[3] = env->regs[3];
479     (*regs)[4] = env->regs[4];
480     (*regs)[5] = env->regs[5];
481     (*regs)[6] = env->regs[6];
482     (*regs)[7] = env->regs[7];
483     (*regs)[8] = env->regs[8];
484     (*regs)[9] = env->regs[9];
485     (*regs)[10] = env->regs[10];
486     (*regs)[11] = env->regs[11];
487     (*regs)[12] = env->regs[12];
488     (*regs)[13] = env->regs[13];
489     (*regs)[14] = env->regs[14];
490     (*regs)[15] = env->regs[15];
491     (*regs)[16] = env->regs[16];
492     (*regs)[17] = env->regs[17];
493     (*regs)[18] = env->regs[18];
494     (*regs)[19] = env->regs[19];
495     (*regs)[20] = env->regs[20];
496     (*regs)[21] = env->regs[21];
497     (*regs)[22] = env->regs[22];
498     (*regs)[23] = env->regs[23];
499     (*regs)[24] = env->regs[24];
500     (*regs)[25] = env->regs[25];
501     (*regs)[26] = env->regs[26];
502     (*regs)[27] = env->regs[27];
503     (*regs)[28] = env->regs[28];
504     (*regs)[29] = env->regs[29];
505     (*regs)[30] = env->regs[30];
506     (*regs)[31] = env->regs[31];
507 
508     (*regs)[32] = cpu_asr_read((CPUUniCore32State *)env);
509     (*regs)[33] = env->regs[0]; /* XXX */
510 }
511 
512 #define USE_ELF_CORE_DUMP
513 #define ELF_EXEC_PAGESIZE               4096
514 
515 #define ELF_HWCAP                       (UC32_HWCAP_CMOV | UC32_HWCAP_UCF64)
516 
517 #endif
518 
519 #ifdef TARGET_SPARC
520 #ifdef TARGET_SPARC64
521 
522 #define ELF_START_MMAP 0x80000000
523 #define ELF_HWCAP  (HWCAP_SPARC_FLUSH | HWCAP_SPARC_STBAR | HWCAP_SPARC_SWAP \
524                     | HWCAP_SPARC_MULDIV | HWCAP_SPARC_V9)
525 #ifndef TARGET_ABI32
526 #define elf_check_arch(x) ( (x) == EM_SPARCV9 || (x) == EM_SPARC32PLUS )
527 #else
528 #define elf_check_arch(x) ( (x) == EM_SPARC32PLUS || (x) == EM_SPARC )
529 #endif
530 
531 #define ELF_CLASS   ELFCLASS64
532 #define ELF_ARCH    EM_SPARCV9
533 
534 #define STACK_BIAS              2047
535 
536 static inline void init_thread(struct target_pt_regs *regs,
537                                struct image_info *infop)
538 {
539 #ifndef TARGET_ABI32
540     regs->tstate = 0;
541 #endif
542     regs->pc = infop->entry;
543     regs->npc = regs->pc + 4;
544     regs->y = 0;
545 #ifdef TARGET_ABI32
546     regs->u_regs[14] = infop->start_stack - 16 * 4;
547 #else
548     if (personality(infop->personality) == PER_LINUX32)
549         regs->u_regs[14] = infop->start_stack - 16 * 4;
550     else
551         regs->u_regs[14] = infop->start_stack - 16 * 8 - STACK_BIAS;
552 #endif
553 }
554 
555 #else
556 #define ELF_START_MMAP 0x80000000
557 #define ELF_HWCAP  (HWCAP_SPARC_FLUSH | HWCAP_SPARC_STBAR | HWCAP_SPARC_SWAP \
558                     | HWCAP_SPARC_MULDIV)
559 #define elf_check_arch(x) ( (x) == EM_SPARC )
560 
561 #define ELF_CLASS   ELFCLASS32
562 #define ELF_ARCH    EM_SPARC
563 
564 static inline void init_thread(struct target_pt_regs *regs,
565                                struct image_info *infop)
566 {
567     regs->psr = 0;
568     regs->pc = infop->entry;
569     regs->npc = regs->pc + 4;
570     regs->y = 0;
571     regs->u_regs[14] = infop->start_stack - 16 * 4;
572 }
573 
574 #endif
575 #endif
576 
577 #ifdef TARGET_PPC
578 
579 #define ELF_START_MMAP 0x80000000
580 
581 #if defined(TARGET_PPC64) && !defined(TARGET_ABI32)
582 
583 #define elf_check_arch(x) ( (x) == EM_PPC64 )
584 
585 #define ELF_CLASS       ELFCLASS64
586 
587 #else
588 
589 #define elf_check_arch(x) ( (x) == EM_PPC )
590 
591 #define ELF_CLASS       ELFCLASS32
592 
593 #endif
594 
595 #define ELF_ARCH        EM_PPC
596 
597 /* Feature masks for the Aux Vector Hardware Capabilities (AT_HWCAP).
598    See arch/powerpc/include/asm/cputable.h.  */
599 enum {
600     QEMU_PPC_FEATURE_32 = 0x80000000,
601     QEMU_PPC_FEATURE_64 = 0x40000000,
602     QEMU_PPC_FEATURE_601_INSTR = 0x20000000,
603     QEMU_PPC_FEATURE_HAS_ALTIVEC = 0x10000000,
604     QEMU_PPC_FEATURE_HAS_FPU = 0x08000000,
605     QEMU_PPC_FEATURE_HAS_MMU = 0x04000000,
606     QEMU_PPC_FEATURE_HAS_4xxMAC = 0x02000000,
607     QEMU_PPC_FEATURE_UNIFIED_CACHE = 0x01000000,
608     QEMU_PPC_FEATURE_HAS_SPE = 0x00800000,
609     QEMU_PPC_FEATURE_HAS_EFP_SINGLE = 0x00400000,
610     QEMU_PPC_FEATURE_HAS_EFP_DOUBLE = 0x00200000,
611     QEMU_PPC_FEATURE_NO_TB = 0x00100000,
612     QEMU_PPC_FEATURE_POWER4 = 0x00080000,
613     QEMU_PPC_FEATURE_POWER5 = 0x00040000,
614     QEMU_PPC_FEATURE_POWER5_PLUS = 0x00020000,
615     QEMU_PPC_FEATURE_CELL = 0x00010000,
616     QEMU_PPC_FEATURE_BOOKE = 0x00008000,
617     QEMU_PPC_FEATURE_SMT = 0x00004000,
618     QEMU_PPC_FEATURE_ICACHE_SNOOP = 0x00002000,
619     QEMU_PPC_FEATURE_ARCH_2_05 = 0x00001000,
620     QEMU_PPC_FEATURE_PA6T = 0x00000800,
621     QEMU_PPC_FEATURE_HAS_DFP = 0x00000400,
622     QEMU_PPC_FEATURE_POWER6_EXT = 0x00000200,
623     QEMU_PPC_FEATURE_ARCH_2_06 = 0x00000100,
624     QEMU_PPC_FEATURE_HAS_VSX = 0x00000080,
625     QEMU_PPC_FEATURE_PSERIES_PERFMON_COMPAT = 0x00000040,
626 
627     QEMU_PPC_FEATURE_TRUE_LE = 0x00000002,
628     QEMU_PPC_FEATURE_PPC_LE = 0x00000001,
629 };
630 
631 #define ELF_HWCAP get_elf_hwcap()
632 
633 static uint32_t get_elf_hwcap(void)
634 {
635     PowerPCCPU *cpu = POWERPC_CPU(thread_cpu);
636     uint32_t features = 0;
637 
638     /* We don't have to be terribly complete here; the high points are
639        Altivec/FP/SPE support.  Anything else is just a bonus.  */
640 #define GET_FEATURE(flag, feature)                                      \
641     do { if (cpu->env.insns_flags & flag) { features |= feature; } } while (0)
642     GET_FEATURE(PPC_64B, QEMU_PPC_FEATURE_64);
643     GET_FEATURE(PPC_FLOAT, QEMU_PPC_FEATURE_HAS_FPU);
644     GET_FEATURE(PPC_ALTIVEC, QEMU_PPC_FEATURE_HAS_ALTIVEC);
645     GET_FEATURE(PPC_SPE, QEMU_PPC_FEATURE_HAS_SPE);
646     GET_FEATURE(PPC_SPE_SINGLE, QEMU_PPC_FEATURE_HAS_EFP_SINGLE);
647     GET_FEATURE(PPC_SPE_DOUBLE, QEMU_PPC_FEATURE_HAS_EFP_DOUBLE);
648     GET_FEATURE(PPC_BOOKE, QEMU_PPC_FEATURE_BOOKE);
649     GET_FEATURE(PPC_405_MAC, QEMU_PPC_FEATURE_HAS_4xxMAC);
650 #undef GET_FEATURE
651 
652     return features;
653 }
654 
655 /*
656  * The requirements here are:
657  * - keep the final alignment of sp (sp & 0xf)
658  * - make sure the 32-bit value at the first 16 byte aligned position of
659  *   AUXV is greater than 16 for glibc compatibility.
660  *   AT_IGNOREPPC is used for that.
661  * - for compatibility with glibc ARCH_DLINFO must always be defined on PPC,
662  *   even if DLINFO_ARCH_ITEMS goes to zero or is undefined.
663  */
664 #define DLINFO_ARCH_ITEMS       5
665 #define ARCH_DLINFO                                     \
666     do {                                                \
667         NEW_AUX_ENT(AT_DCACHEBSIZE, 0x20);              \
668         NEW_AUX_ENT(AT_ICACHEBSIZE, 0x20);              \
669         NEW_AUX_ENT(AT_UCACHEBSIZE, 0);                 \
670         /*                                              \
671          * Now handle glibc compatibility.              \
672          */                                             \
673         NEW_AUX_ENT(AT_IGNOREPPC, AT_IGNOREPPC);        \
674         NEW_AUX_ENT(AT_IGNOREPPC, AT_IGNOREPPC);        \
675     } while (0)
676 
677 static inline void init_thread(struct target_pt_regs *_regs, struct image_info *infop)
678 {
679     _regs->gpr[1] = infop->start_stack;
680 #if defined(TARGET_PPC64) && !defined(TARGET_ABI32)
681     _regs->gpr[2] = ldq_raw(infop->entry + 8) + infop->load_bias;
682     infop->entry = ldq_raw(infop->entry) + infop->load_bias;
683 #endif
684     _regs->nip = infop->entry;
685 }
686 
687 /* See linux kernel: arch/powerpc/include/asm/elf.h.  */
688 #define ELF_NREG 48
689 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
690 
691 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUPPCState *env)
692 {
693     int i;
694     target_ulong ccr = 0;
695 
696     for (i = 0; i < ARRAY_SIZE(env->gpr); i++) {
697         (*regs)[i] = tswapreg(env->gpr[i]);
698     }
699 
700     (*regs)[32] = tswapreg(env->nip);
701     (*regs)[33] = tswapreg(env->msr);
702     (*regs)[35] = tswapreg(env->ctr);
703     (*regs)[36] = tswapreg(env->lr);
704     (*regs)[37] = tswapreg(env->xer);
705 
706     for (i = 0; i < ARRAY_SIZE(env->crf); i++) {
707         ccr |= env->crf[i] << (32 - ((i + 1) * 4));
708     }
709     (*regs)[38] = tswapreg(ccr);
710 }
711 
712 #define USE_ELF_CORE_DUMP
713 #define ELF_EXEC_PAGESIZE       4096
714 
715 #endif
716 
717 #ifdef TARGET_MIPS
718 
719 #define ELF_START_MMAP 0x80000000
720 
721 #define elf_check_arch(x) ( (x) == EM_MIPS )
722 
723 #ifdef TARGET_MIPS64
724 #define ELF_CLASS   ELFCLASS64
725 #else
726 #define ELF_CLASS   ELFCLASS32
727 #endif
728 #define ELF_ARCH    EM_MIPS
729 
730 static inline void init_thread(struct target_pt_regs *regs,
731                                struct image_info *infop)
732 {
733     regs->cp0_status = 2 << CP0St_KSU;
734     regs->cp0_epc = infop->entry;
735     regs->regs[29] = infop->start_stack;
736 }
737 
738 /* See linux kernel: arch/mips/include/asm/elf.h.  */
739 #define ELF_NREG 45
740 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
741 
742 /* See linux kernel: arch/mips/include/asm/reg.h.  */
743 enum {
744 #ifdef TARGET_MIPS64
745     TARGET_EF_R0 = 0,
746 #else
747     TARGET_EF_R0 = 6,
748 #endif
749     TARGET_EF_R26 = TARGET_EF_R0 + 26,
750     TARGET_EF_R27 = TARGET_EF_R0 + 27,
751     TARGET_EF_LO = TARGET_EF_R0 + 32,
752     TARGET_EF_HI = TARGET_EF_R0 + 33,
753     TARGET_EF_CP0_EPC = TARGET_EF_R0 + 34,
754     TARGET_EF_CP0_BADVADDR = TARGET_EF_R0 + 35,
755     TARGET_EF_CP0_STATUS = TARGET_EF_R0 + 36,
756     TARGET_EF_CP0_CAUSE = TARGET_EF_R0 + 37
757 };
758 
759 /* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs.  */
760 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUMIPSState *env)
761 {
762     int i;
763 
764     for (i = 0; i < TARGET_EF_R0; i++) {
765         (*regs)[i] = 0;
766     }
767     (*regs)[TARGET_EF_R0] = 0;
768 
769     for (i = 1; i < ARRAY_SIZE(env->active_tc.gpr); i++) {
770         (*regs)[TARGET_EF_R0 + i] = tswapreg(env->active_tc.gpr[i]);
771     }
772 
773     (*regs)[TARGET_EF_R26] = 0;
774     (*regs)[TARGET_EF_R27] = 0;
775     (*regs)[TARGET_EF_LO] = tswapreg(env->active_tc.LO[0]);
776     (*regs)[TARGET_EF_HI] = tswapreg(env->active_tc.HI[0]);
777     (*regs)[TARGET_EF_CP0_EPC] = tswapreg(env->active_tc.PC);
778     (*regs)[TARGET_EF_CP0_BADVADDR] = tswapreg(env->CP0_BadVAddr);
779     (*regs)[TARGET_EF_CP0_STATUS] = tswapreg(env->CP0_Status);
780     (*regs)[TARGET_EF_CP0_CAUSE] = tswapreg(env->CP0_Cause);
781 }
782 
783 #define USE_ELF_CORE_DUMP
784 #define ELF_EXEC_PAGESIZE        4096
785 
786 #endif /* TARGET_MIPS */
787 
788 #ifdef TARGET_MICROBLAZE
789 
790 #define ELF_START_MMAP 0x80000000
791 
792 #define elf_check_arch(x) ( (x) == EM_MICROBLAZE || (x) == EM_MICROBLAZE_OLD)
793 
794 #define ELF_CLASS   ELFCLASS32
795 #define ELF_ARCH    EM_MICROBLAZE
796 
797 static inline void init_thread(struct target_pt_regs *regs,
798                                struct image_info *infop)
799 {
800     regs->pc = infop->entry;
801     regs->r1 = infop->start_stack;
802 
803 }
804 
805 #define ELF_EXEC_PAGESIZE        4096
806 
807 #define USE_ELF_CORE_DUMP
808 #define ELF_NREG 38
809 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
810 
811 /* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs.  */
812 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUMBState *env)
813 {
814     int i, pos = 0;
815 
816     for (i = 0; i < 32; i++) {
817         (*regs)[pos++] = tswapreg(env->regs[i]);
818     }
819 
820     for (i = 0; i < 6; i++) {
821         (*regs)[pos++] = tswapreg(env->sregs[i]);
822     }
823 }
824 
825 #endif /* TARGET_MICROBLAZE */
826 
827 #ifdef TARGET_OPENRISC
828 
829 #define ELF_START_MMAP 0x08000000
830 
831 #define elf_check_arch(x) ((x) == EM_OPENRISC)
832 
833 #define ELF_ARCH EM_OPENRISC
834 #define ELF_CLASS ELFCLASS32
835 #define ELF_DATA  ELFDATA2MSB
836 
837 static inline void init_thread(struct target_pt_regs *regs,
838                                struct image_info *infop)
839 {
840     regs->pc = infop->entry;
841     regs->gpr[1] = infop->start_stack;
842 }
843 
844 #define USE_ELF_CORE_DUMP
845 #define ELF_EXEC_PAGESIZE 8192
846 
847 /* See linux kernel arch/openrisc/include/asm/elf.h.  */
848 #define ELF_NREG 34 /* gprs and pc, sr */
849 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
850 
851 static void elf_core_copy_regs(target_elf_gregset_t *regs,
852                                const CPUOpenRISCState *env)
853 {
854     int i;
855 
856     for (i = 0; i < 32; i++) {
857         (*regs)[i] = tswapreg(env->gpr[i]);
858     }
859 
860     (*regs)[32] = tswapreg(env->pc);
861     (*regs)[33] = tswapreg(env->sr);
862 }
863 #define ELF_HWCAP 0
864 #define ELF_PLATFORM NULL
865 
866 #endif /* TARGET_OPENRISC */
867 
868 #ifdef TARGET_SH4
869 
870 #define ELF_START_MMAP 0x80000000
871 
872 #define elf_check_arch(x) ( (x) == EM_SH )
873 
874 #define ELF_CLASS ELFCLASS32
875 #define ELF_ARCH  EM_SH
876 
877 static inline void init_thread(struct target_pt_regs *regs,
878                                struct image_info *infop)
879 {
880     /* Check other registers XXXXX */
881     regs->pc = infop->entry;
882     regs->regs[15] = infop->start_stack;
883 }
884 
885 /* See linux kernel: arch/sh/include/asm/elf.h.  */
886 #define ELF_NREG 23
887 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
888 
889 /* See linux kernel: arch/sh/include/asm/ptrace.h.  */
890 enum {
891     TARGET_REG_PC = 16,
892     TARGET_REG_PR = 17,
893     TARGET_REG_SR = 18,
894     TARGET_REG_GBR = 19,
895     TARGET_REG_MACH = 20,
896     TARGET_REG_MACL = 21,
897     TARGET_REG_SYSCALL = 22
898 };
899 
900 static inline void elf_core_copy_regs(target_elf_gregset_t *regs,
901                                       const CPUSH4State *env)
902 {
903     int i;
904 
905     for (i = 0; i < 16; i++) {
906         (*regs[i]) = tswapreg(env->gregs[i]);
907     }
908 
909     (*regs)[TARGET_REG_PC] = tswapreg(env->pc);
910     (*regs)[TARGET_REG_PR] = tswapreg(env->pr);
911     (*regs)[TARGET_REG_SR] = tswapreg(env->sr);
912     (*regs)[TARGET_REG_GBR] = tswapreg(env->gbr);
913     (*regs)[TARGET_REG_MACH] = tswapreg(env->mach);
914     (*regs)[TARGET_REG_MACL] = tswapreg(env->macl);
915     (*regs)[TARGET_REG_SYSCALL] = 0; /* FIXME */
916 }
917 
918 #define USE_ELF_CORE_DUMP
919 #define ELF_EXEC_PAGESIZE        4096
920 
921 #endif
922 
923 #ifdef TARGET_CRIS
924 
925 #define ELF_START_MMAP 0x80000000
926 
927 #define elf_check_arch(x) ( (x) == EM_CRIS )
928 
929 #define ELF_CLASS ELFCLASS32
930 #define ELF_ARCH  EM_CRIS
931 
932 static inline void init_thread(struct target_pt_regs *regs,
933                                struct image_info *infop)
934 {
935     regs->erp = infop->entry;
936 }
937 
938 #define ELF_EXEC_PAGESIZE        8192
939 
940 #endif
941 
942 #ifdef TARGET_M68K
943 
944 #define ELF_START_MMAP 0x80000000
945 
946 #define elf_check_arch(x) ( (x) == EM_68K )
947 
948 #define ELF_CLASS       ELFCLASS32
949 #define ELF_ARCH        EM_68K
950 
951 /* ??? Does this need to do anything?
952    #define ELF_PLAT_INIT(_r) */
953 
954 static inline void init_thread(struct target_pt_regs *regs,
955                                struct image_info *infop)
956 {
957     regs->usp = infop->start_stack;
958     regs->sr = 0;
959     regs->pc = infop->entry;
960 }
961 
962 /* See linux kernel: arch/m68k/include/asm/elf.h.  */
963 #define ELF_NREG 20
964 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
965 
966 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUM68KState *env)
967 {
968     (*regs)[0] = tswapreg(env->dregs[1]);
969     (*regs)[1] = tswapreg(env->dregs[2]);
970     (*regs)[2] = tswapreg(env->dregs[3]);
971     (*regs)[3] = tswapreg(env->dregs[4]);
972     (*regs)[4] = tswapreg(env->dregs[5]);
973     (*regs)[5] = tswapreg(env->dregs[6]);
974     (*regs)[6] = tswapreg(env->dregs[7]);
975     (*regs)[7] = tswapreg(env->aregs[0]);
976     (*regs)[8] = tswapreg(env->aregs[1]);
977     (*regs)[9] = tswapreg(env->aregs[2]);
978     (*regs)[10] = tswapreg(env->aregs[3]);
979     (*regs)[11] = tswapreg(env->aregs[4]);
980     (*regs)[12] = tswapreg(env->aregs[5]);
981     (*regs)[13] = tswapreg(env->aregs[6]);
982     (*regs)[14] = tswapreg(env->dregs[0]);
983     (*regs)[15] = tswapreg(env->aregs[7]);
984     (*regs)[16] = tswapreg(env->dregs[0]); /* FIXME: orig_d0 */
985     (*regs)[17] = tswapreg(env->sr);
986     (*regs)[18] = tswapreg(env->pc);
987     (*regs)[19] = 0;  /* FIXME: regs->format | regs->vector */
988 }
989 
990 #define USE_ELF_CORE_DUMP
991 #define ELF_EXEC_PAGESIZE       8192
992 
993 #endif
994 
995 #ifdef TARGET_ALPHA
996 
997 #define ELF_START_MMAP (0x30000000000ULL)
998 
999 #define elf_check_arch(x) ( (x) == ELF_ARCH )
1000 
1001 #define ELF_CLASS      ELFCLASS64
1002 #define ELF_ARCH       EM_ALPHA
1003 
1004 static inline void init_thread(struct target_pt_regs *regs,
1005                                struct image_info *infop)
1006 {
1007     regs->pc = infop->entry;
1008     regs->ps = 8;
1009     regs->usp = infop->start_stack;
1010 }
1011 
1012 #define ELF_EXEC_PAGESIZE        8192
1013 
1014 #endif /* TARGET_ALPHA */
1015 
1016 #ifdef TARGET_S390X
1017 
1018 #define ELF_START_MMAP (0x20000000000ULL)
1019 
1020 #define elf_check_arch(x) ( (x) == ELF_ARCH )
1021 
1022 #define ELF_CLASS	ELFCLASS64
1023 #define ELF_DATA	ELFDATA2MSB
1024 #define ELF_ARCH	EM_S390
1025 
1026 static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop)
1027 {
1028     regs->psw.addr = infop->entry;
1029     regs->psw.mask = PSW_MASK_64 | PSW_MASK_32;
1030     regs->gprs[15] = infop->start_stack;
1031 }
1032 
1033 #endif /* TARGET_S390X */
1034 
1035 #ifndef ELF_PLATFORM
1036 #define ELF_PLATFORM (NULL)
1037 #endif
1038 
1039 #ifndef ELF_HWCAP
1040 #define ELF_HWCAP 0
1041 #endif
1042 
1043 #ifdef TARGET_ABI32
1044 #undef ELF_CLASS
1045 #define ELF_CLASS ELFCLASS32
1046 #undef bswaptls
1047 #define bswaptls(ptr) bswap32s(ptr)
1048 #endif
1049 
1050 #include "elf.h"
1051 
1052 struct exec
1053 {
1054     unsigned int a_info;   /* Use macros N_MAGIC, etc for access */
1055     unsigned int a_text;   /* length of text, in bytes */
1056     unsigned int a_data;   /* length of data, in bytes */
1057     unsigned int a_bss;    /* length of uninitialized data area, in bytes */
1058     unsigned int a_syms;   /* length of symbol table data in file, in bytes */
1059     unsigned int a_entry;  /* start address */
1060     unsigned int a_trsize; /* length of relocation info for text, in bytes */
1061     unsigned int a_drsize; /* length of relocation info for data, in bytes */
1062 };
1063 
1064 
1065 #define N_MAGIC(exec) ((exec).a_info & 0xffff)
1066 #define OMAGIC 0407
1067 #define NMAGIC 0410
1068 #define ZMAGIC 0413
1069 #define QMAGIC 0314
1070 
1071 /* Necessary parameters */
1072 #define TARGET_ELF_EXEC_PAGESIZE TARGET_PAGE_SIZE
1073 #define TARGET_ELF_PAGESTART(_v) ((_v) & ~(unsigned long)(TARGET_ELF_EXEC_PAGESIZE-1))
1074 #define TARGET_ELF_PAGEOFFSET(_v) ((_v) & (TARGET_ELF_EXEC_PAGESIZE-1))
1075 
1076 #define DLINFO_ITEMS 13
1077 
1078 static inline void memcpy_fromfs(void * to, const void * from, unsigned long n)
1079 {
1080     memcpy(to, from, n);
1081 }
1082 
1083 #ifdef BSWAP_NEEDED
1084 static void bswap_ehdr(struct elfhdr *ehdr)
1085 {
1086     bswap16s(&ehdr->e_type);            /* Object file type */
1087     bswap16s(&ehdr->e_machine);         /* Architecture */
1088     bswap32s(&ehdr->e_version);         /* Object file version */
1089     bswaptls(&ehdr->e_entry);           /* Entry point virtual address */
1090     bswaptls(&ehdr->e_phoff);           /* Program header table file offset */
1091     bswaptls(&ehdr->e_shoff);           /* Section header table file offset */
1092     bswap32s(&ehdr->e_flags);           /* Processor-specific flags */
1093     bswap16s(&ehdr->e_ehsize);          /* ELF header size in bytes */
1094     bswap16s(&ehdr->e_phentsize);       /* Program header table entry size */
1095     bswap16s(&ehdr->e_phnum);           /* Program header table entry count */
1096     bswap16s(&ehdr->e_shentsize);       /* Section header table entry size */
1097     bswap16s(&ehdr->e_shnum);           /* Section header table entry count */
1098     bswap16s(&ehdr->e_shstrndx);        /* Section header string table index */
1099 }
1100 
1101 static void bswap_phdr(struct elf_phdr *phdr, int phnum)
1102 {
1103     int i;
1104     for (i = 0; i < phnum; ++i, ++phdr) {
1105         bswap32s(&phdr->p_type);        /* Segment type */
1106         bswap32s(&phdr->p_flags);       /* Segment flags */
1107         bswaptls(&phdr->p_offset);      /* Segment file offset */
1108         bswaptls(&phdr->p_vaddr);       /* Segment virtual address */
1109         bswaptls(&phdr->p_paddr);       /* Segment physical address */
1110         bswaptls(&phdr->p_filesz);      /* Segment size in file */
1111         bswaptls(&phdr->p_memsz);       /* Segment size in memory */
1112         bswaptls(&phdr->p_align);       /* Segment alignment */
1113     }
1114 }
1115 
1116 static void bswap_shdr(struct elf_shdr *shdr, int shnum)
1117 {
1118     int i;
1119     for (i = 0; i < shnum; ++i, ++shdr) {
1120         bswap32s(&shdr->sh_name);
1121         bswap32s(&shdr->sh_type);
1122         bswaptls(&shdr->sh_flags);
1123         bswaptls(&shdr->sh_addr);
1124         bswaptls(&shdr->sh_offset);
1125         bswaptls(&shdr->sh_size);
1126         bswap32s(&shdr->sh_link);
1127         bswap32s(&shdr->sh_info);
1128         bswaptls(&shdr->sh_addralign);
1129         bswaptls(&shdr->sh_entsize);
1130     }
1131 }
1132 
1133 static void bswap_sym(struct elf_sym *sym)
1134 {
1135     bswap32s(&sym->st_name);
1136     bswaptls(&sym->st_value);
1137     bswaptls(&sym->st_size);
1138     bswap16s(&sym->st_shndx);
1139 }
1140 #else
1141 static inline void bswap_ehdr(struct elfhdr *ehdr) { }
1142 static inline void bswap_phdr(struct elf_phdr *phdr, int phnum) { }
1143 static inline void bswap_shdr(struct elf_shdr *shdr, int shnum) { }
1144 static inline void bswap_sym(struct elf_sym *sym) { }
1145 #endif
1146 
1147 #ifdef USE_ELF_CORE_DUMP
1148 static int elf_core_dump(int, const CPUArchState *);
1149 #endif /* USE_ELF_CORE_DUMP */
1150 static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias);
1151 
1152 /* Verify the portions of EHDR within E_IDENT for the target.
1153    This can be performed before bswapping the entire header.  */
1154 static bool elf_check_ident(struct elfhdr *ehdr)
1155 {
1156     return (ehdr->e_ident[EI_MAG0] == ELFMAG0
1157             && ehdr->e_ident[EI_MAG1] == ELFMAG1
1158             && ehdr->e_ident[EI_MAG2] == ELFMAG2
1159             && ehdr->e_ident[EI_MAG3] == ELFMAG3
1160             && ehdr->e_ident[EI_CLASS] == ELF_CLASS
1161             && ehdr->e_ident[EI_DATA] == ELF_DATA
1162             && ehdr->e_ident[EI_VERSION] == EV_CURRENT);
1163 }
1164 
1165 /* Verify the portions of EHDR outside of E_IDENT for the target.
1166    This has to wait until after bswapping the header.  */
1167 static bool elf_check_ehdr(struct elfhdr *ehdr)
1168 {
1169     return (elf_check_arch(ehdr->e_machine)
1170             && ehdr->e_ehsize == sizeof(struct elfhdr)
1171             && ehdr->e_phentsize == sizeof(struct elf_phdr)
1172             && ehdr->e_shentsize == sizeof(struct elf_shdr)
1173             && (ehdr->e_type == ET_EXEC || ehdr->e_type == ET_DYN));
1174 }
1175 
1176 /*
1177  * 'copy_elf_strings()' copies argument/envelope strings from user
1178  * memory to free pages in kernel mem. These are in a format ready
1179  * to be put directly into the top of new user memory.
1180  *
1181  */
1182 static abi_ulong copy_elf_strings(int argc,char ** argv, void **page,
1183                                   abi_ulong p)
1184 {
1185     char *tmp, *tmp1, *pag = NULL;
1186     int len, offset = 0;
1187 
1188     if (!p) {
1189         return 0;       /* bullet-proofing */
1190     }
1191     while (argc-- > 0) {
1192         tmp = argv[argc];
1193         if (!tmp) {
1194             fprintf(stderr, "VFS: argc is wrong");
1195             exit(-1);
1196         }
1197         tmp1 = tmp;
1198         while (*tmp++);
1199         len = tmp - tmp1;
1200         if (p < len) {  /* this shouldn't happen - 128kB */
1201             return 0;
1202         }
1203         while (len) {
1204             --p; --tmp; --len;
1205             if (--offset < 0) {
1206                 offset = p % TARGET_PAGE_SIZE;
1207                 pag = (char *)page[p/TARGET_PAGE_SIZE];
1208                 if (!pag) {
1209                     pag = g_try_malloc0(TARGET_PAGE_SIZE);
1210                     page[p/TARGET_PAGE_SIZE] = pag;
1211                     if (!pag)
1212                         return 0;
1213                 }
1214             }
1215             if (len == 0 || offset == 0) {
1216                 *(pag + offset) = *tmp;
1217             }
1218             else {
1219                 int bytes_to_copy = (len > offset) ? offset : len;
1220                 tmp -= bytes_to_copy;
1221                 p -= bytes_to_copy;
1222                 offset -= bytes_to_copy;
1223                 len -= bytes_to_copy;
1224                 memcpy_fromfs(pag + offset, tmp, bytes_to_copy + 1);
1225             }
1226         }
1227     }
1228     return p;
1229 }
1230 
1231 static abi_ulong setup_arg_pages(abi_ulong p, struct linux_binprm *bprm,
1232                                  struct image_info *info)
1233 {
1234     abi_ulong stack_base, size, error, guard;
1235     int i;
1236 
1237     /* Create enough stack to hold everything.  If we don't use
1238        it for args, we'll use it for something else.  */
1239     size = guest_stack_size;
1240     if (size < MAX_ARG_PAGES*TARGET_PAGE_SIZE) {
1241         size = MAX_ARG_PAGES*TARGET_PAGE_SIZE;
1242     }
1243     guard = TARGET_PAGE_SIZE;
1244     if (guard < qemu_real_host_page_size) {
1245         guard = qemu_real_host_page_size;
1246     }
1247 
1248     error = target_mmap(0, size + guard, PROT_READ | PROT_WRITE,
1249                         MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
1250     if (error == -1) {
1251         perror("mmap stack");
1252         exit(-1);
1253     }
1254 
1255     /* We reserve one extra page at the top of the stack as guard.  */
1256     target_mprotect(error, guard, PROT_NONE);
1257 
1258     info->stack_limit = error + guard;
1259     stack_base = info->stack_limit + size - MAX_ARG_PAGES*TARGET_PAGE_SIZE;
1260     p += stack_base;
1261 
1262     for (i = 0 ; i < MAX_ARG_PAGES ; i++) {
1263         if (bprm->page[i]) {
1264             info->rss++;
1265             /* FIXME - check return value of memcpy_to_target() for failure */
1266             memcpy_to_target(stack_base, bprm->page[i], TARGET_PAGE_SIZE);
1267             g_free(bprm->page[i]);
1268         }
1269         stack_base += TARGET_PAGE_SIZE;
1270     }
1271     return p;
1272 }
1273 
1274 /* Map and zero the bss.  We need to explicitly zero any fractional pages
1275    after the data section (i.e. bss).  */
1276 static void zero_bss(abi_ulong elf_bss, abi_ulong last_bss, int prot)
1277 {
1278     uintptr_t host_start, host_map_start, host_end;
1279 
1280     last_bss = TARGET_PAGE_ALIGN(last_bss);
1281 
1282     /* ??? There is confusion between qemu_real_host_page_size and
1283        qemu_host_page_size here and elsewhere in target_mmap, which
1284        may lead to the end of the data section mapping from the file
1285        not being mapped.  At least there was an explicit test and
1286        comment for that here, suggesting that "the file size must
1287        be known".  The comment probably pre-dates the introduction
1288        of the fstat system call in target_mmap which does in fact
1289        find out the size.  What isn't clear is if the workaround
1290        here is still actually needed.  For now, continue with it,
1291        but merge it with the "normal" mmap that would allocate the bss.  */
1292 
1293     host_start = (uintptr_t) g2h(elf_bss);
1294     host_end = (uintptr_t) g2h(last_bss);
1295     host_map_start = (host_start + qemu_real_host_page_size - 1);
1296     host_map_start &= -qemu_real_host_page_size;
1297 
1298     if (host_map_start < host_end) {
1299         void *p = mmap((void *)host_map_start, host_end - host_map_start,
1300                        prot, MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
1301         if (p == MAP_FAILED) {
1302             perror("cannot mmap brk");
1303             exit(-1);
1304         }
1305 
1306         /* Since we didn't use target_mmap, make sure to record
1307            the validity of the pages with qemu.  */
1308         page_set_flags(elf_bss & TARGET_PAGE_MASK, last_bss, prot|PAGE_VALID);
1309     }
1310 
1311     if (host_start < host_map_start) {
1312         memset((void *)host_start, 0, host_map_start - host_start);
1313     }
1314 }
1315 
1316 #ifdef CONFIG_USE_FDPIC
1317 static abi_ulong loader_build_fdpic_loadmap(struct image_info *info, abi_ulong sp)
1318 {
1319     uint16_t n;
1320     struct elf32_fdpic_loadseg *loadsegs = info->loadsegs;
1321 
1322     /* elf32_fdpic_loadseg */
1323     n = info->nsegs;
1324     while (n--) {
1325         sp -= 12;
1326         put_user_u32(loadsegs[n].addr, sp+0);
1327         put_user_u32(loadsegs[n].p_vaddr, sp+4);
1328         put_user_u32(loadsegs[n].p_memsz, sp+8);
1329     }
1330 
1331     /* elf32_fdpic_loadmap */
1332     sp -= 4;
1333     put_user_u16(0, sp+0); /* version */
1334     put_user_u16(info->nsegs, sp+2); /* nsegs */
1335 
1336     info->personality = PER_LINUX_FDPIC;
1337     info->loadmap_addr = sp;
1338 
1339     return sp;
1340 }
1341 #endif
1342 
1343 static abi_ulong create_elf_tables(abi_ulong p, int argc, int envc,
1344                                    struct elfhdr *exec,
1345                                    struct image_info *info,
1346                                    struct image_info *interp_info)
1347 {
1348     abi_ulong sp;
1349     abi_ulong sp_auxv;
1350     int size;
1351     int i;
1352     abi_ulong u_rand_bytes;
1353     uint8_t k_rand_bytes[16];
1354     abi_ulong u_platform;
1355     const char *k_platform;
1356     const int n = sizeof(elf_addr_t);
1357 
1358     sp = p;
1359 
1360 #ifdef CONFIG_USE_FDPIC
1361     /* Needs to be before we load the env/argc/... */
1362     if (elf_is_fdpic(exec)) {
1363         /* Need 4 byte alignment for these structs */
1364         sp &= ~3;
1365         sp = loader_build_fdpic_loadmap(info, sp);
1366         info->other_info = interp_info;
1367         if (interp_info) {
1368             interp_info->other_info = info;
1369             sp = loader_build_fdpic_loadmap(interp_info, sp);
1370         }
1371     }
1372 #endif
1373 
1374     u_platform = 0;
1375     k_platform = ELF_PLATFORM;
1376     if (k_platform) {
1377         size_t len = strlen(k_platform) + 1;
1378         sp -= (len + n - 1) & ~(n - 1);
1379         u_platform = sp;
1380         /* FIXME - check return value of memcpy_to_target() for failure */
1381         memcpy_to_target(sp, k_platform, len);
1382     }
1383 
1384     /*
1385      * Generate 16 random bytes for userspace PRNG seeding (not
1386      * cryptically secure but it's not the aim of QEMU).
1387      */
1388     srand((unsigned int) time(NULL));
1389     for (i = 0; i < 16; i++) {
1390         k_rand_bytes[i] = rand();
1391     }
1392     sp -= 16;
1393     u_rand_bytes = sp;
1394     /* FIXME - check return value of memcpy_to_target() for failure */
1395     memcpy_to_target(sp, k_rand_bytes, 16);
1396 
1397     /*
1398      * Force 16 byte _final_ alignment here for generality.
1399      */
1400     sp = sp &~ (abi_ulong)15;
1401     size = (DLINFO_ITEMS + 1) * 2;
1402     if (k_platform)
1403         size += 2;
1404 #ifdef DLINFO_ARCH_ITEMS
1405     size += DLINFO_ARCH_ITEMS * 2;
1406 #endif
1407     size += envc + argc + 2;
1408     size += 1;  /* argc itself */
1409     size *= n;
1410     if (size & 15)
1411         sp -= 16 - (size & 15);
1412 
1413     /* This is correct because Linux defines
1414      * elf_addr_t as Elf32_Off / Elf64_Off
1415      */
1416 #define NEW_AUX_ENT(id, val) do {               \
1417         sp -= n; put_user_ual(val, sp);         \
1418         sp -= n; put_user_ual(id, sp);          \
1419     } while(0)
1420 
1421     sp_auxv = sp;
1422     NEW_AUX_ENT (AT_NULL, 0);
1423 
1424     /* There must be exactly DLINFO_ITEMS entries here.  */
1425     NEW_AUX_ENT(AT_PHDR, (abi_ulong)(info->load_addr + exec->e_phoff));
1426     NEW_AUX_ENT(AT_PHENT, (abi_ulong)(sizeof (struct elf_phdr)));
1427     NEW_AUX_ENT(AT_PHNUM, (abi_ulong)(exec->e_phnum));
1428     NEW_AUX_ENT(AT_PAGESZ, (abi_ulong)(TARGET_PAGE_SIZE));
1429     NEW_AUX_ENT(AT_BASE, (abi_ulong)(interp_info ? interp_info->load_addr : 0));
1430     NEW_AUX_ENT(AT_FLAGS, (abi_ulong)0);
1431     NEW_AUX_ENT(AT_ENTRY, info->entry);
1432     NEW_AUX_ENT(AT_UID, (abi_ulong) getuid());
1433     NEW_AUX_ENT(AT_EUID, (abi_ulong) geteuid());
1434     NEW_AUX_ENT(AT_GID, (abi_ulong) getgid());
1435     NEW_AUX_ENT(AT_EGID, (abi_ulong) getegid());
1436     NEW_AUX_ENT(AT_HWCAP, (abi_ulong) ELF_HWCAP);
1437     NEW_AUX_ENT(AT_CLKTCK, (abi_ulong) sysconf(_SC_CLK_TCK));
1438     NEW_AUX_ENT(AT_RANDOM, (abi_ulong) u_rand_bytes);
1439 
1440     if (k_platform)
1441         NEW_AUX_ENT(AT_PLATFORM, u_platform);
1442 #ifdef ARCH_DLINFO
1443     /*
1444      * ARCH_DLINFO must come last so platform specific code can enforce
1445      * special alignment requirements on the AUXV if necessary (eg. PPC).
1446      */
1447     ARCH_DLINFO;
1448 #endif
1449 #undef NEW_AUX_ENT
1450 
1451     info->saved_auxv = sp;
1452     info->auxv_len = sp_auxv - sp;
1453 
1454     sp = loader_build_argptr(envc, argc, sp, p, 0);
1455     return sp;
1456 }
1457 
1458 #ifndef TARGET_HAS_VALIDATE_GUEST_SPACE
1459 /* If the guest doesn't have a validation function just agree */
1460 static int validate_guest_space(unsigned long guest_base,
1461                                 unsigned long guest_size)
1462 {
1463     return 1;
1464 }
1465 #endif
1466 
1467 unsigned long init_guest_space(unsigned long host_start,
1468                                unsigned long host_size,
1469                                unsigned long guest_start,
1470                                bool fixed)
1471 {
1472     unsigned long current_start, real_start;
1473     int flags;
1474 
1475     assert(host_start || host_size);
1476 
1477     /* If just a starting address is given, then just verify that
1478      * address.  */
1479     if (host_start && !host_size) {
1480         if (validate_guest_space(host_start, host_size) == 1) {
1481             return host_start;
1482         } else {
1483             return (unsigned long)-1;
1484         }
1485     }
1486 
1487     /* Setup the initial flags and start address.  */
1488     current_start = host_start & qemu_host_page_mask;
1489     flags = MAP_ANONYMOUS | MAP_PRIVATE | MAP_NORESERVE;
1490     if (fixed) {
1491         flags |= MAP_FIXED;
1492     }
1493 
1494     /* Otherwise, a non-zero size region of memory needs to be mapped
1495      * and validated.  */
1496     while (1) {
1497         unsigned long real_size = host_size;
1498 
1499         /* Do not use mmap_find_vma here because that is limited to the
1500          * guest address space.  We are going to make the
1501          * guest address space fit whatever we're given.
1502          */
1503         real_start = (unsigned long)
1504             mmap((void *)current_start, host_size, PROT_NONE, flags, -1, 0);
1505         if (real_start == (unsigned long)-1) {
1506             return (unsigned long)-1;
1507         }
1508 
1509         /* Ensure the address is properly aligned.  */
1510         if (real_start & ~qemu_host_page_mask) {
1511             munmap((void *)real_start, host_size);
1512             real_size = host_size + qemu_host_page_size;
1513             real_start = (unsigned long)
1514                 mmap((void *)real_start, real_size, PROT_NONE, flags, -1, 0);
1515             if (real_start == (unsigned long)-1) {
1516                 return (unsigned long)-1;
1517             }
1518             real_start = HOST_PAGE_ALIGN(real_start);
1519         }
1520 
1521         /* Check to see if the address is valid.  */
1522         if (!host_start || real_start == current_start) {
1523             int valid = validate_guest_space(real_start - guest_start,
1524                                              real_size);
1525             if (valid == 1) {
1526                 break;
1527             } else if (valid == -1) {
1528                 return (unsigned long)-1;
1529             }
1530             /* valid == 0, so try again. */
1531         }
1532 
1533         /* That address didn't work.  Unmap and try a different one.
1534          * The address the host picked because is typically right at
1535          * the top of the host address space and leaves the guest with
1536          * no usable address space.  Resort to a linear search.  We
1537          * already compensated for mmap_min_addr, so this should not
1538          * happen often.  Probably means we got unlucky and host
1539          * address space randomization put a shared library somewhere
1540          * inconvenient.
1541          */
1542         munmap((void *)real_start, host_size);
1543         current_start += qemu_host_page_size;
1544         if (host_start == current_start) {
1545             /* Theoretically possible if host doesn't have any suitably
1546              * aligned areas.  Normally the first mmap will fail.
1547              */
1548             return (unsigned long)-1;
1549         }
1550     }
1551 
1552     qemu_log("Reserved 0x%lx bytes of guest address space\n", host_size);
1553 
1554     return real_start;
1555 }
1556 
1557 static void probe_guest_base(const char *image_name,
1558                              abi_ulong loaddr, abi_ulong hiaddr)
1559 {
1560     /* Probe for a suitable guest base address, if the user has not set
1561      * it explicitly, and set guest_base appropriately.
1562      * In case of error we will print a suitable message and exit.
1563      */
1564 #if defined(CONFIG_USE_GUEST_BASE)
1565     const char *errmsg;
1566     if (!have_guest_base && !reserved_va) {
1567         unsigned long host_start, real_start, host_size;
1568 
1569         /* Round addresses to page boundaries.  */
1570         loaddr &= qemu_host_page_mask;
1571         hiaddr = HOST_PAGE_ALIGN(hiaddr);
1572 
1573         if (loaddr < mmap_min_addr) {
1574             host_start = HOST_PAGE_ALIGN(mmap_min_addr);
1575         } else {
1576             host_start = loaddr;
1577             if (host_start != loaddr) {
1578                 errmsg = "Address overflow loading ELF binary";
1579                 goto exit_errmsg;
1580             }
1581         }
1582         host_size = hiaddr - loaddr;
1583 
1584         /* Setup the initial guest memory space with ranges gleaned from
1585          * the ELF image that is being loaded.
1586          */
1587         real_start = init_guest_space(host_start, host_size, loaddr, false);
1588         if (real_start == (unsigned long)-1) {
1589             errmsg = "Unable to find space for application";
1590             goto exit_errmsg;
1591         }
1592         guest_base = real_start - loaddr;
1593 
1594         qemu_log("Relocating guest address space from 0x"
1595                  TARGET_ABI_FMT_lx " to 0x%lx\n",
1596                  loaddr, real_start);
1597     }
1598     return;
1599 
1600 exit_errmsg:
1601     fprintf(stderr, "%s: %s\n", image_name, errmsg);
1602     exit(-1);
1603 #endif
1604 }
1605 
1606 
1607 /* Load an ELF image into the address space.
1608 
1609    IMAGE_NAME is the filename of the image, to use in error messages.
1610    IMAGE_FD is the open file descriptor for the image.
1611 
1612    BPRM_BUF is a copy of the beginning of the file; this of course
1613    contains the elf file header at offset 0.  It is assumed that this
1614    buffer is sufficiently aligned to present no problems to the host
1615    in accessing data at aligned offsets within the buffer.
1616 
1617    On return: INFO values will be filled in, as necessary or available.  */
1618 
1619 static void load_elf_image(const char *image_name, int image_fd,
1620                            struct image_info *info, char **pinterp_name,
1621                            char bprm_buf[BPRM_BUF_SIZE])
1622 {
1623     struct elfhdr *ehdr = (struct elfhdr *)bprm_buf;
1624     struct elf_phdr *phdr;
1625     abi_ulong load_addr, load_bias, loaddr, hiaddr, error;
1626     int i, retval;
1627     const char *errmsg;
1628 
1629     /* First of all, some simple consistency checks */
1630     errmsg = "Invalid ELF image for this architecture";
1631     if (!elf_check_ident(ehdr)) {
1632         goto exit_errmsg;
1633     }
1634     bswap_ehdr(ehdr);
1635     if (!elf_check_ehdr(ehdr)) {
1636         goto exit_errmsg;
1637     }
1638 
1639     i = ehdr->e_phnum * sizeof(struct elf_phdr);
1640     if (ehdr->e_phoff + i <= BPRM_BUF_SIZE) {
1641         phdr = (struct elf_phdr *)(bprm_buf + ehdr->e_phoff);
1642     } else {
1643         phdr = (struct elf_phdr *) alloca(i);
1644         retval = pread(image_fd, phdr, i, ehdr->e_phoff);
1645         if (retval != i) {
1646             goto exit_read;
1647         }
1648     }
1649     bswap_phdr(phdr, ehdr->e_phnum);
1650 
1651 #ifdef CONFIG_USE_FDPIC
1652     info->nsegs = 0;
1653     info->pt_dynamic_addr = 0;
1654 #endif
1655 
1656     /* Find the maximum size of the image and allocate an appropriate
1657        amount of memory to handle that.  */
1658     loaddr = -1, hiaddr = 0;
1659     for (i = 0; i < ehdr->e_phnum; ++i) {
1660         if (phdr[i].p_type == PT_LOAD) {
1661             abi_ulong a = phdr[i].p_vaddr;
1662             if (a < loaddr) {
1663                 loaddr = a;
1664             }
1665             a += phdr[i].p_memsz;
1666             if (a > hiaddr) {
1667                 hiaddr = a;
1668             }
1669 #ifdef CONFIG_USE_FDPIC
1670             ++info->nsegs;
1671 #endif
1672         }
1673     }
1674 
1675     load_addr = loaddr;
1676     if (ehdr->e_type == ET_DYN) {
1677         /* The image indicates that it can be loaded anywhere.  Find a
1678            location that can hold the memory space required.  If the
1679            image is pre-linked, LOADDR will be non-zero.  Since we do
1680            not supply MAP_FIXED here we'll use that address if and
1681            only if it remains available.  */
1682         load_addr = target_mmap(loaddr, hiaddr - loaddr, PROT_NONE,
1683                                 MAP_PRIVATE | MAP_ANON | MAP_NORESERVE,
1684                                 -1, 0);
1685         if (load_addr == -1) {
1686             goto exit_perror;
1687         }
1688     } else if (pinterp_name != NULL) {
1689         /* This is the main executable.  Make sure that the low
1690            address does not conflict with MMAP_MIN_ADDR or the
1691            QEMU application itself.  */
1692         probe_guest_base(image_name, loaddr, hiaddr);
1693     }
1694     load_bias = load_addr - loaddr;
1695 
1696 #ifdef CONFIG_USE_FDPIC
1697     {
1698         struct elf32_fdpic_loadseg *loadsegs = info->loadsegs =
1699             g_malloc(sizeof(*loadsegs) * info->nsegs);
1700 
1701         for (i = 0; i < ehdr->e_phnum; ++i) {
1702             switch (phdr[i].p_type) {
1703             case PT_DYNAMIC:
1704                 info->pt_dynamic_addr = phdr[i].p_vaddr + load_bias;
1705                 break;
1706             case PT_LOAD:
1707                 loadsegs->addr = phdr[i].p_vaddr + load_bias;
1708                 loadsegs->p_vaddr = phdr[i].p_vaddr;
1709                 loadsegs->p_memsz = phdr[i].p_memsz;
1710                 ++loadsegs;
1711                 break;
1712             }
1713         }
1714     }
1715 #endif
1716 
1717     info->load_bias = load_bias;
1718     info->load_addr = load_addr;
1719     info->entry = ehdr->e_entry + load_bias;
1720     info->start_code = -1;
1721     info->end_code = 0;
1722     info->start_data = -1;
1723     info->end_data = 0;
1724     info->brk = 0;
1725     info->elf_flags = ehdr->e_flags;
1726 
1727     for (i = 0; i < ehdr->e_phnum; i++) {
1728         struct elf_phdr *eppnt = phdr + i;
1729         if (eppnt->p_type == PT_LOAD) {
1730             abi_ulong vaddr, vaddr_po, vaddr_ps, vaddr_ef, vaddr_em;
1731             int elf_prot = 0;
1732 
1733             if (eppnt->p_flags & PF_R) elf_prot =  PROT_READ;
1734             if (eppnt->p_flags & PF_W) elf_prot |= PROT_WRITE;
1735             if (eppnt->p_flags & PF_X) elf_prot |= PROT_EXEC;
1736 
1737             vaddr = load_bias + eppnt->p_vaddr;
1738             vaddr_po = TARGET_ELF_PAGEOFFSET(vaddr);
1739             vaddr_ps = TARGET_ELF_PAGESTART(vaddr);
1740 
1741             error = target_mmap(vaddr_ps, eppnt->p_filesz + vaddr_po,
1742                                 elf_prot, MAP_PRIVATE | MAP_FIXED,
1743                                 image_fd, eppnt->p_offset - vaddr_po);
1744             if (error == -1) {
1745                 goto exit_perror;
1746             }
1747 
1748             vaddr_ef = vaddr + eppnt->p_filesz;
1749             vaddr_em = vaddr + eppnt->p_memsz;
1750 
1751             /* If the load segment requests extra zeros (e.g. bss), map it.  */
1752             if (vaddr_ef < vaddr_em) {
1753                 zero_bss(vaddr_ef, vaddr_em, elf_prot);
1754             }
1755 
1756             /* Find the full program boundaries.  */
1757             if (elf_prot & PROT_EXEC) {
1758                 if (vaddr < info->start_code) {
1759                     info->start_code = vaddr;
1760                 }
1761                 if (vaddr_ef > info->end_code) {
1762                     info->end_code = vaddr_ef;
1763                 }
1764             }
1765             if (elf_prot & PROT_WRITE) {
1766                 if (vaddr < info->start_data) {
1767                     info->start_data = vaddr;
1768                 }
1769                 if (vaddr_ef > info->end_data) {
1770                     info->end_data = vaddr_ef;
1771                 }
1772                 if (vaddr_em > info->brk) {
1773                     info->brk = vaddr_em;
1774                 }
1775             }
1776         } else if (eppnt->p_type == PT_INTERP && pinterp_name) {
1777             char *interp_name;
1778 
1779             if (*pinterp_name) {
1780                 errmsg = "Multiple PT_INTERP entries";
1781                 goto exit_errmsg;
1782             }
1783             interp_name = malloc(eppnt->p_filesz);
1784             if (!interp_name) {
1785                 goto exit_perror;
1786             }
1787 
1788             if (eppnt->p_offset + eppnt->p_filesz <= BPRM_BUF_SIZE) {
1789                 memcpy(interp_name, bprm_buf + eppnt->p_offset,
1790                        eppnt->p_filesz);
1791             } else {
1792                 retval = pread(image_fd, interp_name, eppnt->p_filesz,
1793                                eppnt->p_offset);
1794                 if (retval != eppnt->p_filesz) {
1795                     goto exit_perror;
1796                 }
1797             }
1798             if (interp_name[eppnt->p_filesz - 1] != 0) {
1799                 errmsg = "Invalid PT_INTERP entry";
1800                 goto exit_errmsg;
1801             }
1802             *pinterp_name = interp_name;
1803         }
1804     }
1805 
1806     if (info->end_data == 0) {
1807         info->start_data = info->end_code;
1808         info->end_data = info->end_code;
1809         info->brk = info->end_code;
1810     }
1811 
1812     if (qemu_log_enabled()) {
1813         load_symbols(ehdr, image_fd, load_bias);
1814     }
1815 
1816     close(image_fd);
1817     return;
1818 
1819  exit_read:
1820     if (retval >= 0) {
1821         errmsg = "Incomplete read of file header";
1822         goto exit_errmsg;
1823     }
1824  exit_perror:
1825     errmsg = strerror(errno);
1826  exit_errmsg:
1827     fprintf(stderr, "%s: %s\n", image_name, errmsg);
1828     exit(-1);
1829 }
1830 
1831 static void load_elf_interp(const char *filename, struct image_info *info,
1832                             char bprm_buf[BPRM_BUF_SIZE])
1833 {
1834     int fd, retval;
1835 
1836     fd = open(path(filename), O_RDONLY);
1837     if (fd < 0) {
1838         goto exit_perror;
1839     }
1840 
1841     retval = read(fd, bprm_buf, BPRM_BUF_SIZE);
1842     if (retval < 0) {
1843         goto exit_perror;
1844     }
1845     if (retval < BPRM_BUF_SIZE) {
1846         memset(bprm_buf + retval, 0, BPRM_BUF_SIZE - retval);
1847     }
1848 
1849     load_elf_image(filename, fd, info, NULL, bprm_buf);
1850     return;
1851 
1852  exit_perror:
1853     fprintf(stderr, "%s: %s\n", filename, strerror(errno));
1854     exit(-1);
1855 }
1856 
1857 static int symfind(const void *s0, const void *s1)
1858 {
1859     target_ulong addr = *(target_ulong *)s0;
1860     struct elf_sym *sym = (struct elf_sym *)s1;
1861     int result = 0;
1862     if (addr < sym->st_value) {
1863         result = -1;
1864     } else if (addr >= sym->st_value + sym->st_size) {
1865         result = 1;
1866     }
1867     return result;
1868 }
1869 
1870 static const char *lookup_symbolxx(struct syminfo *s, target_ulong orig_addr)
1871 {
1872 #if ELF_CLASS == ELFCLASS32
1873     struct elf_sym *syms = s->disas_symtab.elf32;
1874 #else
1875     struct elf_sym *syms = s->disas_symtab.elf64;
1876 #endif
1877 
1878     // binary search
1879     struct elf_sym *sym;
1880 
1881     sym = bsearch(&orig_addr, syms, s->disas_num_syms, sizeof(*syms), symfind);
1882     if (sym != NULL) {
1883         return s->disas_strtab + sym->st_name;
1884     }
1885 
1886     return "";
1887 }
1888 
1889 /* FIXME: This should use elf_ops.h  */
1890 static int symcmp(const void *s0, const void *s1)
1891 {
1892     struct elf_sym *sym0 = (struct elf_sym *)s0;
1893     struct elf_sym *sym1 = (struct elf_sym *)s1;
1894     return (sym0->st_value < sym1->st_value)
1895         ? -1
1896         : ((sym0->st_value > sym1->st_value) ? 1 : 0);
1897 }
1898 
1899 /* Best attempt to load symbols from this ELF object. */
1900 static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias)
1901 {
1902     int i, shnum, nsyms, sym_idx = 0, str_idx = 0;
1903     struct elf_shdr *shdr;
1904     char *strings = NULL;
1905     struct syminfo *s = NULL;
1906     struct elf_sym *new_syms, *syms = NULL;
1907 
1908     shnum = hdr->e_shnum;
1909     i = shnum * sizeof(struct elf_shdr);
1910     shdr = (struct elf_shdr *)alloca(i);
1911     if (pread(fd, shdr, i, hdr->e_shoff) != i) {
1912         return;
1913     }
1914 
1915     bswap_shdr(shdr, shnum);
1916     for (i = 0; i < shnum; ++i) {
1917         if (shdr[i].sh_type == SHT_SYMTAB) {
1918             sym_idx = i;
1919             str_idx = shdr[i].sh_link;
1920             goto found;
1921         }
1922     }
1923 
1924     /* There will be no symbol table if the file was stripped.  */
1925     return;
1926 
1927  found:
1928     /* Now know where the strtab and symtab are.  Snarf them.  */
1929     s = malloc(sizeof(*s));
1930     if (!s) {
1931         goto give_up;
1932     }
1933 
1934     i = shdr[str_idx].sh_size;
1935     s->disas_strtab = strings = malloc(i);
1936     if (!strings || pread(fd, strings, i, shdr[str_idx].sh_offset) != i) {
1937         goto give_up;
1938     }
1939 
1940     i = shdr[sym_idx].sh_size;
1941     syms = malloc(i);
1942     if (!syms || pread(fd, syms, i, shdr[sym_idx].sh_offset) != i) {
1943         goto give_up;
1944     }
1945 
1946     nsyms = i / sizeof(struct elf_sym);
1947     for (i = 0; i < nsyms; ) {
1948         bswap_sym(syms + i);
1949         /* Throw away entries which we do not need.  */
1950         if (syms[i].st_shndx == SHN_UNDEF
1951             || syms[i].st_shndx >= SHN_LORESERVE
1952             || ELF_ST_TYPE(syms[i].st_info) != STT_FUNC) {
1953             if (i < --nsyms) {
1954                 syms[i] = syms[nsyms];
1955             }
1956         } else {
1957 #if defined(TARGET_ARM) || defined (TARGET_MIPS)
1958             /* The bottom address bit marks a Thumb or MIPS16 symbol.  */
1959             syms[i].st_value &= ~(target_ulong)1;
1960 #endif
1961             syms[i].st_value += load_bias;
1962             i++;
1963         }
1964     }
1965 
1966     /* No "useful" symbol.  */
1967     if (nsyms == 0) {
1968         goto give_up;
1969     }
1970 
1971     /* Attempt to free the storage associated with the local symbols
1972        that we threw away.  Whether or not this has any effect on the
1973        memory allocation depends on the malloc implementation and how
1974        many symbols we managed to discard.  */
1975     new_syms = realloc(syms, nsyms * sizeof(*syms));
1976     if (new_syms == NULL) {
1977         goto give_up;
1978     }
1979     syms = new_syms;
1980 
1981     qsort(syms, nsyms, sizeof(*syms), symcmp);
1982 
1983     s->disas_num_syms = nsyms;
1984 #if ELF_CLASS == ELFCLASS32
1985     s->disas_symtab.elf32 = syms;
1986 #else
1987     s->disas_symtab.elf64 = syms;
1988 #endif
1989     s->lookup_symbol = lookup_symbolxx;
1990     s->next = syminfos;
1991     syminfos = s;
1992 
1993     return;
1994 
1995 give_up:
1996     free(s);
1997     free(strings);
1998     free(syms);
1999 }
2000 
2001 int load_elf_binary(struct linux_binprm * bprm, struct target_pt_regs * regs,
2002                     struct image_info * info)
2003 {
2004     struct image_info interp_info;
2005     struct elfhdr elf_ex;
2006     char *elf_interpreter = NULL;
2007 
2008     info->start_mmap = (abi_ulong)ELF_START_MMAP;
2009     info->mmap = 0;
2010     info->rss = 0;
2011 
2012     load_elf_image(bprm->filename, bprm->fd, info,
2013                    &elf_interpreter, bprm->buf);
2014 
2015     /* ??? We need a copy of the elf header for passing to create_elf_tables.
2016        If we do nothing, we'll have overwritten this when we re-use bprm->buf
2017        when we load the interpreter.  */
2018     elf_ex = *(struct elfhdr *)bprm->buf;
2019 
2020     bprm->p = copy_elf_strings(1, &bprm->filename, bprm->page, bprm->p);
2021     bprm->p = copy_elf_strings(bprm->envc,bprm->envp,bprm->page,bprm->p);
2022     bprm->p = copy_elf_strings(bprm->argc,bprm->argv,bprm->page,bprm->p);
2023     if (!bprm->p) {
2024         fprintf(stderr, "%s: %s\n", bprm->filename, strerror(E2BIG));
2025         exit(-1);
2026     }
2027 
2028     /* Do this so that we can load the interpreter, if need be.  We will
2029        change some of these later */
2030     bprm->p = setup_arg_pages(bprm->p, bprm, info);
2031 
2032     if (elf_interpreter) {
2033         load_elf_interp(elf_interpreter, &interp_info, bprm->buf);
2034 
2035         /* If the program interpreter is one of these two, then assume
2036            an iBCS2 image.  Otherwise assume a native linux image.  */
2037 
2038         if (strcmp(elf_interpreter, "/usr/lib/libc.so.1") == 0
2039             || strcmp(elf_interpreter, "/usr/lib/ld.so.1") == 0) {
2040             info->personality = PER_SVR4;
2041 
2042             /* Why this, you ask???  Well SVr4 maps page 0 as read-only,
2043                and some applications "depend" upon this behavior.  Since
2044                we do not have the power to recompile these, we emulate
2045                the SVr4 behavior.  Sigh.  */
2046             target_mmap(0, qemu_host_page_size, PROT_READ | PROT_EXEC,
2047                         MAP_FIXED | MAP_PRIVATE, -1, 0);
2048         }
2049     }
2050 
2051     bprm->p = create_elf_tables(bprm->p, bprm->argc, bprm->envc, &elf_ex,
2052                                 info, (elf_interpreter ? &interp_info : NULL));
2053     info->start_stack = bprm->p;
2054 
2055     /* If we have an interpreter, set that as the program's entry point.
2056        Copy the load_bias as well, to help PPC64 interpret the entry
2057        point as a function descriptor.  Do this after creating elf tables
2058        so that we copy the original program entry point into the AUXV.  */
2059     if (elf_interpreter) {
2060         info->load_bias = interp_info.load_bias;
2061         info->entry = interp_info.entry;
2062         free(elf_interpreter);
2063     }
2064 
2065 #ifdef USE_ELF_CORE_DUMP
2066     bprm->core_dump = &elf_core_dump;
2067 #endif
2068 
2069     return 0;
2070 }
2071 
2072 #ifdef USE_ELF_CORE_DUMP
2073 /*
2074  * Definitions to generate Intel SVR4-like core files.
2075  * These mostly have the same names as the SVR4 types with "target_elf_"
2076  * tacked on the front to prevent clashes with linux definitions,
2077  * and the typedef forms have been avoided.  This is mostly like
2078  * the SVR4 structure, but more Linuxy, with things that Linux does
2079  * not support and which gdb doesn't really use excluded.
2080  *
2081  * Fields we don't dump (their contents is zero) in linux-user qemu
2082  * are marked with XXX.
2083  *
2084  * Core dump code is copied from linux kernel (fs/binfmt_elf.c).
2085  *
2086  * Porting ELF coredump for target is (quite) simple process.  First you
2087  * define USE_ELF_CORE_DUMP in target ELF code (where init_thread() for
2088  * the target resides):
2089  *
2090  * #define USE_ELF_CORE_DUMP
2091  *
2092  * Next you define type of register set used for dumping.  ELF specification
2093  * says that it needs to be array of elf_greg_t that has size of ELF_NREG.
2094  *
2095  * typedef <target_regtype> target_elf_greg_t;
2096  * #define ELF_NREG <number of registers>
2097  * typedef taret_elf_greg_t target_elf_gregset_t[ELF_NREG];
2098  *
2099  * Last step is to implement target specific function that copies registers
2100  * from given cpu into just specified register set.  Prototype is:
2101  *
2102  * static void elf_core_copy_regs(taret_elf_gregset_t *regs,
2103  *                                const CPUArchState *env);
2104  *
2105  * Parameters:
2106  *     regs - copy register values into here (allocated and zeroed by caller)
2107  *     env - copy registers from here
2108  *
2109  * Example for ARM target is provided in this file.
2110  */
2111 
2112 /* An ELF note in memory */
2113 struct memelfnote {
2114     const char *name;
2115     size_t     namesz;
2116     size_t     namesz_rounded;
2117     int        type;
2118     size_t     datasz;
2119     size_t     datasz_rounded;
2120     void       *data;
2121     size_t     notesz;
2122 };
2123 
2124 struct target_elf_siginfo {
2125     abi_int    si_signo; /* signal number */
2126     abi_int    si_code;  /* extra code */
2127     abi_int    si_errno; /* errno */
2128 };
2129 
2130 struct target_elf_prstatus {
2131     struct target_elf_siginfo pr_info;      /* Info associated with signal */
2132     abi_short          pr_cursig;    /* Current signal */
2133     abi_ulong          pr_sigpend;   /* XXX */
2134     abi_ulong          pr_sighold;   /* XXX */
2135     target_pid_t       pr_pid;
2136     target_pid_t       pr_ppid;
2137     target_pid_t       pr_pgrp;
2138     target_pid_t       pr_sid;
2139     struct target_timeval pr_utime;  /* XXX User time */
2140     struct target_timeval pr_stime;  /* XXX System time */
2141     struct target_timeval pr_cutime; /* XXX Cumulative user time */
2142     struct target_timeval pr_cstime; /* XXX Cumulative system time */
2143     target_elf_gregset_t      pr_reg;       /* GP registers */
2144     abi_int            pr_fpvalid;   /* XXX */
2145 };
2146 
2147 #define ELF_PRARGSZ     (80) /* Number of chars for args */
2148 
2149 struct target_elf_prpsinfo {
2150     char         pr_state;       /* numeric process state */
2151     char         pr_sname;       /* char for pr_state */
2152     char         pr_zomb;        /* zombie */
2153     char         pr_nice;        /* nice val */
2154     abi_ulong    pr_flag;        /* flags */
2155     target_uid_t pr_uid;
2156     target_gid_t pr_gid;
2157     target_pid_t pr_pid, pr_ppid, pr_pgrp, pr_sid;
2158     /* Lots missing */
2159     char    pr_fname[16];           /* filename of executable */
2160     char    pr_psargs[ELF_PRARGSZ]; /* initial part of arg list */
2161 };
2162 
2163 /* Here is the structure in which status of each thread is captured. */
2164 struct elf_thread_status {
2165     QTAILQ_ENTRY(elf_thread_status)  ets_link;
2166     struct target_elf_prstatus prstatus;   /* NT_PRSTATUS */
2167 #if 0
2168     elf_fpregset_t fpu;             /* NT_PRFPREG */
2169     struct task_struct *thread;
2170     elf_fpxregset_t xfpu;           /* ELF_CORE_XFPREG_TYPE */
2171 #endif
2172     struct memelfnote notes[1];
2173     int num_notes;
2174 };
2175 
2176 struct elf_note_info {
2177     struct memelfnote   *notes;
2178     struct target_elf_prstatus *prstatus;  /* NT_PRSTATUS */
2179     struct target_elf_prpsinfo *psinfo;    /* NT_PRPSINFO */
2180 
2181     QTAILQ_HEAD(thread_list_head, elf_thread_status) thread_list;
2182 #if 0
2183     /*
2184      * Current version of ELF coredump doesn't support
2185      * dumping fp regs etc.
2186      */
2187     elf_fpregset_t *fpu;
2188     elf_fpxregset_t *xfpu;
2189     int thread_status_size;
2190 #endif
2191     int notes_size;
2192     int numnote;
2193 };
2194 
2195 struct vm_area_struct {
2196     abi_ulong   vma_start;  /* start vaddr of memory region */
2197     abi_ulong   vma_end;    /* end vaddr of memory region */
2198     abi_ulong   vma_flags;  /* protection etc. flags for the region */
2199     QTAILQ_ENTRY(vm_area_struct) vma_link;
2200 };
2201 
2202 struct mm_struct {
2203     QTAILQ_HEAD(, vm_area_struct) mm_mmap;
2204     int mm_count;           /* number of mappings */
2205 };
2206 
2207 static struct mm_struct *vma_init(void);
2208 static void vma_delete(struct mm_struct *);
2209 static int vma_add_mapping(struct mm_struct *, abi_ulong,
2210                            abi_ulong, abi_ulong);
2211 static int vma_get_mapping_count(const struct mm_struct *);
2212 static struct vm_area_struct *vma_first(const struct mm_struct *);
2213 static struct vm_area_struct *vma_next(struct vm_area_struct *);
2214 static abi_ulong vma_dump_size(const struct vm_area_struct *);
2215 static int vma_walker(void *priv, abi_ulong start, abi_ulong end,
2216                       unsigned long flags);
2217 
2218 static void fill_elf_header(struct elfhdr *, int, uint16_t, uint32_t);
2219 static void fill_note(struct memelfnote *, const char *, int,
2220                       unsigned int, void *);
2221 static void fill_prstatus(struct target_elf_prstatus *, const TaskState *, int);
2222 static int fill_psinfo(struct target_elf_prpsinfo *, const TaskState *);
2223 static void fill_auxv_note(struct memelfnote *, const TaskState *);
2224 static void fill_elf_note_phdr(struct elf_phdr *, int, off_t);
2225 static size_t note_size(const struct memelfnote *);
2226 static void free_note_info(struct elf_note_info *);
2227 static int fill_note_info(struct elf_note_info *, long, const CPUArchState *);
2228 static void fill_thread_info(struct elf_note_info *, const CPUArchState *);
2229 static int core_dump_filename(const TaskState *, char *, size_t);
2230 
2231 static int dump_write(int, const void *, size_t);
2232 static int write_note(struct memelfnote *, int);
2233 static int write_note_info(struct elf_note_info *, int);
2234 
2235 #ifdef BSWAP_NEEDED
2236 static void bswap_prstatus(struct target_elf_prstatus *prstatus)
2237 {
2238     prstatus->pr_info.si_signo = tswap32(prstatus->pr_info.si_signo);
2239     prstatus->pr_info.si_code = tswap32(prstatus->pr_info.si_code);
2240     prstatus->pr_info.si_errno = tswap32(prstatus->pr_info.si_errno);
2241     prstatus->pr_cursig = tswap16(prstatus->pr_cursig);
2242     prstatus->pr_sigpend = tswapal(prstatus->pr_sigpend);
2243     prstatus->pr_sighold = tswapal(prstatus->pr_sighold);
2244     prstatus->pr_pid = tswap32(prstatus->pr_pid);
2245     prstatus->pr_ppid = tswap32(prstatus->pr_ppid);
2246     prstatus->pr_pgrp = tswap32(prstatus->pr_pgrp);
2247     prstatus->pr_sid = tswap32(prstatus->pr_sid);
2248     /* cpu times are not filled, so we skip them */
2249     /* regs should be in correct format already */
2250     prstatus->pr_fpvalid = tswap32(prstatus->pr_fpvalid);
2251 }
2252 
2253 static void bswap_psinfo(struct target_elf_prpsinfo *psinfo)
2254 {
2255     psinfo->pr_flag = tswapal(psinfo->pr_flag);
2256     psinfo->pr_uid = tswap16(psinfo->pr_uid);
2257     psinfo->pr_gid = tswap16(psinfo->pr_gid);
2258     psinfo->pr_pid = tswap32(psinfo->pr_pid);
2259     psinfo->pr_ppid = tswap32(psinfo->pr_ppid);
2260     psinfo->pr_pgrp = tswap32(psinfo->pr_pgrp);
2261     psinfo->pr_sid = tswap32(psinfo->pr_sid);
2262 }
2263 
2264 static void bswap_note(struct elf_note *en)
2265 {
2266     bswap32s(&en->n_namesz);
2267     bswap32s(&en->n_descsz);
2268     bswap32s(&en->n_type);
2269 }
2270 #else
2271 static inline void bswap_prstatus(struct target_elf_prstatus *p) { }
2272 static inline void bswap_psinfo(struct target_elf_prpsinfo *p) {}
2273 static inline void bswap_note(struct elf_note *en) { }
2274 #endif /* BSWAP_NEEDED */
2275 
2276 /*
2277  * Minimal support for linux memory regions.  These are needed
2278  * when we are finding out what memory exactly belongs to
2279  * emulated process.  No locks needed here, as long as
2280  * thread that received the signal is stopped.
2281  */
2282 
2283 static struct mm_struct *vma_init(void)
2284 {
2285     struct mm_struct *mm;
2286 
2287     if ((mm = g_malloc(sizeof (*mm))) == NULL)
2288         return (NULL);
2289 
2290     mm->mm_count = 0;
2291     QTAILQ_INIT(&mm->mm_mmap);
2292 
2293     return (mm);
2294 }
2295 
2296 static void vma_delete(struct mm_struct *mm)
2297 {
2298     struct vm_area_struct *vma;
2299 
2300     while ((vma = vma_first(mm)) != NULL) {
2301         QTAILQ_REMOVE(&mm->mm_mmap, vma, vma_link);
2302         g_free(vma);
2303     }
2304     g_free(mm);
2305 }
2306 
2307 static int vma_add_mapping(struct mm_struct *mm, abi_ulong start,
2308                            abi_ulong end, abi_ulong flags)
2309 {
2310     struct vm_area_struct *vma;
2311 
2312     if ((vma = g_malloc0(sizeof (*vma))) == NULL)
2313         return (-1);
2314 
2315     vma->vma_start = start;
2316     vma->vma_end = end;
2317     vma->vma_flags = flags;
2318 
2319     QTAILQ_INSERT_TAIL(&mm->mm_mmap, vma, vma_link);
2320     mm->mm_count++;
2321 
2322     return (0);
2323 }
2324 
2325 static struct vm_area_struct *vma_first(const struct mm_struct *mm)
2326 {
2327     return (QTAILQ_FIRST(&mm->mm_mmap));
2328 }
2329 
2330 static struct vm_area_struct *vma_next(struct vm_area_struct *vma)
2331 {
2332     return (QTAILQ_NEXT(vma, vma_link));
2333 }
2334 
2335 static int vma_get_mapping_count(const struct mm_struct *mm)
2336 {
2337     return (mm->mm_count);
2338 }
2339 
2340 /*
2341  * Calculate file (dump) size of given memory region.
2342  */
2343 static abi_ulong vma_dump_size(const struct vm_area_struct *vma)
2344 {
2345     /* if we cannot even read the first page, skip it */
2346     if (!access_ok(VERIFY_READ, vma->vma_start, TARGET_PAGE_SIZE))
2347         return (0);
2348 
2349     /*
2350      * Usually we don't dump executable pages as they contain
2351      * non-writable code that debugger can read directly from
2352      * target library etc.  However, thread stacks are marked
2353      * also executable so we read in first page of given region
2354      * and check whether it contains elf header.  If there is
2355      * no elf header, we dump it.
2356      */
2357     if (vma->vma_flags & PROT_EXEC) {
2358         char page[TARGET_PAGE_SIZE];
2359 
2360         copy_from_user(page, vma->vma_start, sizeof (page));
2361         if ((page[EI_MAG0] == ELFMAG0) &&
2362             (page[EI_MAG1] == ELFMAG1) &&
2363             (page[EI_MAG2] == ELFMAG2) &&
2364             (page[EI_MAG3] == ELFMAG3)) {
2365             /*
2366              * Mappings are possibly from ELF binary.  Don't dump
2367              * them.
2368              */
2369             return (0);
2370         }
2371     }
2372 
2373     return (vma->vma_end - vma->vma_start);
2374 }
2375 
2376 static int vma_walker(void *priv, abi_ulong start, abi_ulong end,
2377                       unsigned long flags)
2378 {
2379     struct mm_struct *mm = (struct mm_struct *)priv;
2380 
2381     vma_add_mapping(mm, start, end, flags);
2382     return (0);
2383 }
2384 
2385 static void fill_note(struct memelfnote *note, const char *name, int type,
2386                       unsigned int sz, void *data)
2387 {
2388     unsigned int namesz;
2389 
2390     namesz = strlen(name) + 1;
2391     note->name = name;
2392     note->namesz = namesz;
2393     note->namesz_rounded = roundup(namesz, sizeof (int32_t));
2394     note->type = type;
2395     note->datasz = sz;
2396     note->datasz_rounded = roundup(sz, sizeof (int32_t));
2397 
2398     note->data = data;
2399 
2400     /*
2401      * We calculate rounded up note size here as specified by
2402      * ELF document.
2403      */
2404     note->notesz = sizeof (struct elf_note) +
2405         note->namesz_rounded + note->datasz_rounded;
2406 }
2407 
2408 static void fill_elf_header(struct elfhdr *elf, int segs, uint16_t machine,
2409                             uint32_t flags)
2410 {
2411     (void) memset(elf, 0, sizeof(*elf));
2412 
2413     (void) memcpy(elf->e_ident, ELFMAG, SELFMAG);
2414     elf->e_ident[EI_CLASS] = ELF_CLASS;
2415     elf->e_ident[EI_DATA] = ELF_DATA;
2416     elf->e_ident[EI_VERSION] = EV_CURRENT;
2417     elf->e_ident[EI_OSABI] = ELF_OSABI;
2418 
2419     elf->e_type = ET_CORE;
2420     elf->e_machine = machine;
2421     elf->e_version = EV_CURRENT;
2422     elf->e_phoff = sizeof(struct elfhdr);
2423     elf->e_flags = flags;
2424     elf->e_ehsize = sizeof(struct elfhdr);
2425     elf->e_phentsize = sizeof(struct elf_phdr);
2426     elf->e_phnum = segs;
2427 
2428     bswap_ehdr(elf);
2429 }
2430 
2431 static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, off_t offset)
2432 {
2433     phdr->p_type = PT_NOTE;
2434     phdr->p_offset = offset;
2435     phdr->p_vaddr = 0;
2436     phdr->p_paddr = 0;
2437     phdr->p_filesz = sz;
2438     phdr->p_memsz = 0;
2439     phdr->p_flags = 0;
2440     phdr->p_align = 0;
2441 
2442     bswap_phdr(phdr, 1);
2443 }
2444 
2445 static size_t note_size(const struct memelfnote *note)
2446 {
2447     return (note->notesz);
2448 }
2449 
2450 static void fill_prstatus(struct target_elf_prstatus *prstatus,
2451                           const TaskState *ts, int signr)
2452 {
2453     (void) memset(prstatus, 0, sizeof (*prstatus));
2454     prstatus->pr_info.si_signo = prstatus->pr_cursig = signr;
2455     prstatus->pr_pid = ts->ts_tid;
2456     prstatus->pr_ppid = getppid();
2457     prstatus->pr_pgrp = getpgrp();
2458     prstatus->pr_sid = getsid(0);
2459 
2460     bswap_prstatus(prstatus);
2461 }
2462 
2463 static int fill_psinfo(struct target_elf_prpsinfo *psinfo, const TaskState *ts)
2464 {
2465     char *base_filename;
2466     unsigned int i, len;
2467 
2468     (void) memset(psinfo, 0, sizeof (*psinfo));
2469 
2470     len = ts->info->arg_end - ts->info->arg_start;
2471     if (len >= ELF_PRARGSZ)
2472         len = ELF_PRARGSZ - 1;
2473     if (copy_from_user(&psinfo->pr_psargs, ts->info->arg_start, len))
2474         return -EFAULT;
2475     for (i = 0; i < len; i++)
2476         if (psinfo->pr_psargs[i] == 0)
2477             psinfo->pr_psargs[i] = ' ';
2478     psinfo->pr_psargs[len] = 0;
2479 
2480     psinfo->pr_pid = getpid();
2481     psinfo->pr_ppid = getppid();
2482     psinfo->pr_pgrp = getpgrp();
2483     psinfo->pr_sid = getsid(0);
2484     psinfo->pr_uid = getuid();
2485     psinfo->pr_gid = getgid();
2486 
2487     base_filename = g_path_get_basename(ts->bprm->filename);
2488     /*
2489      * Using strncpy here is fine: at max-length,
2490      * this field is not NUL-terminated.
2491      */
2492     (void) strncpy(psinfo->pr_fname, base_filename,
2493                    sizeof(psinfo->pr_fname));
2494 
2495     g_free(base_filename);
2496     bswap_psinfo(psinfo);
2497     return (0);
2498 }
2499 
2500 static void fill_auxv_note(struct memelfnote *note, const TaskState *ts)
2501 {
2502     elf_addr_t auxv = (elf_addr_t)ts->info->saved_auxv;
2503     elf_addr_t orig_auxv = auxv;
2504     void *ptr;
2505     int len = ts->info->auxv_len;
2506 
2507     /*
2508      * Auxiliary vector is stored in target process stack.  It contains
2509      * {type, value} pairs that we need to dump into note.  This is not
2510      * strictly necessary but we do it here for sake of completeness.
2511      */
2512 
2513     /* read in whole auxv vector and copy it to memelfnote */
2514     ptr = lock_user(VERIFY_READ, orig_auxv, len, 0);
2515     if (ptr != NULL) {
2516         fill_note(note, "CORE", NT_AUXV, len, ptr);
2517         unlock_user(ptr, auxv, len);
2518     }
2519 }
2520 
2521 /*
2522  * Constructs name of coredump file.  We have following convention
2523  * for the name:
2524  *     qemu_<basename-of-target-binary>_<date>-<time>_<pid>.core
2525  *
2526  * Returns 0 in case of success, -1 otherwise (errno is set).
2527  */
2528 static int core_dump_filename(const TaskState *ts, char *buf,
2529                               size_t bufsize)
2530 {
2531     char timestamp[64];
2532     char *filename = NULL;
2533     char *base_filename = NULL;
2534     struct timeval tv;
2535     struct tm tm;
2536 
2537     assert(bufsize >= PATH_MAX);
2538 
2539     if (gettimeofday(&tv, NULL) < 0) {
2540         (void) fprintf(stderr, "unable to get current timestamp: %s",
2541                        strerror(errno));
2542         return (-1);
2543     }
2544 
2545     filename = strdup(ts->bprm->filename);
2546     base_filename = strdup(basename(filename));
2547     (void) strftime(timestamp, sizeof (timestamp), "%Y%m%d-%H%M%S",
2548                     localtime_r(&tv.tv_sec, &tm));
2549     (void) snprintf(buf, bufsize, "qemu_%s_%s_%d.core",
2550                     base_filename, timestamp, (int)getpid());
2551     free(base_filename);
2552     free(filename);
2553 
2554     return (0);
2555 }
2556 
2557 static int dump_write(int fd, const void *ptr, size_t size)
2558 {
2559     const char *bufp = (const char *)ptr;
2560     ssize_t bytes_written, bytes_left;
2561     struct rlimit dumpsize;
2562     off_t pos;
2563 
2564     bytes_written = 0;
2565     getrlimit(RLIMIT_CORE, &dumpsize);
2566     if ((pos = lseek(fd, 0, SEEK_CUR))==-1) {
2567         if (errno == ESPIPE) { /* not a seekable stream */
2568             bytes_left = size;
2569         } else {
2570             return pos;
2571         }
2572     } else {
2573         if (dumpsize.rlim_cur <= pos) {
2574             return -1;
2575         } else if (dumpsize.rlim_cur == RLIM_INFINITY) {
2576             bytes_left = size;
2577         } else {
2578             size_t limit_left=dumpsize.rlim_cur - pos;
2579             bytes_left = limit_left >= size ? size : limit_left ;
2580         }
2581     }
2582 
2583     /*
2584      * In normal conditions, single write(2) should do but
2585      * in case of socket etc. this mechanism is more portable.
2586      */
2587     do {
2588         bytes_written = write(fd, bufp, bytes_left);
2589         if (bytes_written < 0) {
2590             if (errno == EINTR)
2591                 continue;
2592             return (-1);
2593         } else if (bytes_written == 0) { /* eof */
2594             return (-1);
2595         }
2596         bufp += bytes_written;
2597         bytes_left -= bytes_written;
2598     } while (bytes_left > 0);
2599 
2600     return (0);
2601 }
2602 
2603 static int write_note(struct memelfnote *men, int fd)
2604 {
2605     struct elf_note en;
2606 
2607     en.n_namesz = men->namesz;
2608     en.n_type = men->type;
2609     en.n_descsz = men->datasz;
2610 
2611     bswap_note(&en);
2612 
2613     if (dump_write(fd, &en, sizeof(en)) != 0)
2614         return (-1);
2615     if (dump_write(fd, men->name, men->namesz_rounded) != 0)
2616         return (-1);
2617     if (dump_write(fd, men->data, men->datasz_rounded) != 0)
2618         return (-1);
2619 
2620     return (0);
2621 }
2622 
2623 static void fill_thread_info(struct elf_note_info *info, const CPUArchState *env)
2624 {
2625     TaskState *ts = (TaskState *)env->opaque;
2626     struct elf_thread_status *ets;
2627 
2628     ets = g_malloc0(sizeof (*ets));
2629     ets->num_notes = 1; /* only prstatus is dumped */
2630     fill_prstatus(&ets->prstatus, ts, 0);
2631     elf_core_copy_regs(&ets->prstatus.pr_reg, env);
2632     fill_note(&ets->notes[0], "CORE", NT_PRSTATUS, sizeof (ets->prstatus),
2633               &ets->prstatus);
2634 
2635     QTAILQ_INSERT_TAIL(&info->thread_list, ets, ets_link);
2636 
2637     info->notes_size += note_size(&ets->notes[0]);
2638 }
2639 
2640 static int fill_note_info(struct elf_note_info *info,
2641                           long signr, const CPUArchState *env)
2642 {
2643 #define NUMNOTES 3
2644     CPUState *cpu = NULL;
2645     TaskState *ts = (TaskState *)env->opaque;
2646     int i;
2647 
2648     (void) memset(info, 0, sizeof (*info));
2649 
2650     QTAILQ_INIT(&info->thread_list);
2651 
2652     info->notes = g_malloc0(NUMNOTES * sizeof (struct memelfnote));
2653     if (info->notes == NULL)
2654         return (-ENOMEM);
2655     info->prstatus = g_malloc0(sizeof (*info->prstatus));
2656     if (info->prstatus == NULL)
2657         return (-ENOMEM);
2658     info->psinfo = g_malloc0(sizeof (*info->psinfo));
2659     if (info->prstatus == NULL)
2660         return (-ENOMEM);
2661 
2662     /*
2663      * First fill in status (and registers) of current thread
2664      * including process info & aux vector.
2665      */
2666     fill_prstatus(info->prstatus, ts, signr);
2667     elf_core_copy_regs(&info->prstatus->pr_reg, env);
2668     fill_note(&info->notes[0], "CORE", NT_PRSTATUS,
2669               sizeof (*info->prstatus), info->prstatus);
2670     fill_psinfo(info->psinfo, ts);
2671     fill_note(&info->notes[1], "CORE", NT_PRPSINFO,
2672               sizeof (*info->psinfo), info->psinfo);
2673     fill_auxv_note(&info->notes[2], ts);
2674     info->numnote = 3;
2675 
2676     info->notes_size = 0;
2677     for (i = 0; i < info->numnote; i++)
2678         info->notes_size += note_size(&info->notes[i]);
2679 
2680     /* read and fill status of all threads */
2681     cpu_list_lock();
2682     CPU_FOREACH(cpu) {
2683         if (cpu == thread_cpu) {
2684             continue;
2685         }
2686         fill_thread_info(info, (CPUArchState *)cpu->env_ptr);
2687     }
2688     cpu_list_unlock();
2689 
2690     return (0);
2691 }
2692 
2693 static void free_note_info(struct elf_note_info *info)
2694 {
2695     struct elf_thread_status *ets;
2696 
2697     while (!QTAILQ_EMPTY(&info->thread_list)) {
2698         ets = QTAILQ_FIRST(&info->thread_list);
2699         QTAILQ_REMOVE(&info->thread_list, ets, ets_link);
2700         g_free(ets);
2701     }
2702 
2703     g_free(info->prstatus);
2704     g_free(info->psinfo);
2705     g_free(info->notes);
2706 }
2707 
2708 static int write_note_info(struct elf_note_info *info, int fd)
2709 {
2710     struct elf_thread_status *ets;
2711     int i, error = 0;
2712 
2713     /* write prstatus, psinfo and auxv for current thread */
2714     for (i = 0; i < info->numnote; i++)
2715         if ((error = write_note(&info->notes[i], fd)) != 0)
2716             return (error);
2717 
2718     /* write prstatus for each thread */
2719     for (ets = info->thread_list.tqh_first; ets != NULL;
2720          ets = ets->ets_link.tqe_next) {
2721         if ((error = write_note(&ets->notes[0], fd)) != 0)
2722             return (error);
2723     }
2724 
2725     return (0);
2726 }
2727 
2728 /*
2729  * Write out ELF coredump.
2730  *
2731  * See documentation of ELF object file format in:
2732  * http://www.caldera.com/developers/devspecs/gabi41.pdf
2733  *
2734  * Coredump format in linux is following:
2735  *
2736  * 0   +----------------------+         \
2737  *     | ELF header           | ET_CORE  |
2738  *     +----------------------+          |
2739  *     | ELF program headers  |          |--- headers
2740  *     | - NOTE section       |          |
2741  *     | - PT_LOAD sections   |          |
2742  *     +----------------------+         /
2743  *     | NOTEs:               |
2744  *     | - NT_PRSTATUS        |
2745  *     | - NT_PRSINFO         |
2746  *     | - NT_AUXV            |
2747  *     +----------------------+ <-- aligned to target page
2748  *     | Process memory dump  |
2749  *     :                      :
2750  *     .                      .
2751  *     :                      :
2752  *     |                      |
2753  *     +----------------------+
2754  *
2755  * NT_PRSTATUS -> struct elf_prstatus (per thread)
2756  * NT_PRSINFO  -> struct elf_prpsinfo
2757  * NT_AUXV is array of { type, value } pairs (see fill_auxv_note()).
2758  *
2759  * Format follows System V format as close as possible.  Current
2760  * version limitations are as follows:
2761  *     - no floating point registers are dumped
2762  *
2763  * Function returns 0 in case of success, negative errno otherwise.
2764  *
2765  * TODO: make this work also during runtime: it should be
2766  * possible to force coredump from running process and then
2767  * continue processing.  For example qemu could set up SIGUSR2
2768  * handler (provided that target process haven't registered
2769  * handler for that) that does the dump when signal is received.
2770  */
2771 static int elf_core_dump(int signr, const CPUArchState *env)
2772 {
2773     const TaskState *ts = (const TaskState *)env->opaque;
2774     struct vm_area_struct *vma = NULL;
2775     char corefile[PATH_MAX];
2776     struct elf_note_info info;
2777     struct elfhdr elf;
2778     struct elf_phdr phdr;
2779     struct rlimit dumpsize;
2780     struct mm_struct *mm = NULL;
2781     off_t offset = 0, data_offset = 0;
2782     int segs = 0;
2783     int fd = -1;
2784 
2785     errno = 0;
2786     getrlimit(RLIMIT_CORE, &dumpsize);
2787     if (dumpsize.rlim_cur == 0)
2788         return 0;
2789 
2790     if (core_dump_filename(ts, corefile, sizeof (corefile)) < 0)
2791         return (-errno);
2792 
2793     if ((fd = open(corefile, O_WRONLY | O_CREAT,
2794                    S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)) < 0)
2795         return (-errno);
2796 
2797     /*
2798      * Walk through target process memory mappings and
2799      * set up structure containing this information.  After
2800      * this point vma_xxx functions can be used.
2801      */
2802     if ((mm = vma_init()) == NULL)
2803         goto out;
2804 
2805     walk_memory_regions(mm, vma_walker);
2806     segs = vma_get_mapping_count(mm);
2807 
2808     /*
2809      * Construct valid coredump ELF header.  We also
2810      * add one more segment for notes.
2811      */
2812     fill_elf_header(&elf, segs + 1, ELF_MACHINE, 0);
2813     if (dump_write(fd, &elf, sizeof (elf)) != 0)
2814         goto out;
2815 
2816     /* fill in in-memory version of notes */
2817     if (fill_note_info(&info, signr, env) < 0)
2818         goto out;
2819 
2820     offset += sizeof (elf);                             /* elf header */
2821     offset += (segs + 1) * sizeof (struct elf_phdr);    /* program headers */
2822 
2823     /* write out notes program header */
2824     fill_elf_note_phdr(&phdr, info.notes_size, offset);
2825 
2826     offset += info.notes_size;
2827     if (dump_write(fd, &phdr, sizeof (phdr)) != 0)
2828         goto out;
2829 
2830     /*
2831      * ELF specification wants data to start at page boundary so
2832      * we align it here.
2833      */
2834     data_offset = offset = roundup(offset, ELF_EXEC_PAGESIZE);
2835 
2836     /*
2837      * Write program headers for memory regions mapped in
2838      * the target process.
2839      */
2840     for (vma = vma_first(mm); vma != NULL; vma = vma_next(vma)) {
2841         (void) memset(&phdr, 0, sizeof (phdr));
2842 
2843         phdr.p_type = PT_LOAD;
2844         phdr.p_offset = offset;
2845         phdr.p_vaddr = vma->vma_start;
2846         phdr.p_paddr = 0;
2847         phdr.p_filesz = vma_dump_size(vma);
2848         offset += phdr.p_filesz;
2849         phdr.p_memsz = vma->vma_end - vma->vma_start;
2850         phdr.p_flags = vma->vma_flags & PROT_READ ? PF_R : 0;
2851         if (vma->vma_flags & PROT_WRITE)
2852             phdr.p_flags |= PF_W;
2853         if (vma->vma_flags & PROT_EXEC)
2854             phdr.p_flags |= PF_X;
2855         phdr.p_align = ELF_EXEC_PAGESIZE;
2856 
2857         bswap_phdr(&phdr, 1);
2858         dump_write(fd, &phdr, sizeof (phdr));
2859     }
2860 
2861     /*
2862      * Next we write notes just after program headers.  No
2863      * alignment needed here.
2864      */
2865     if (write_note_info(&info, fd) < 0)
2866         goto out;
2867 
2868     /* align data to page boundary */
2869     if (lseek(fd, data_offset, SEEK_SET) != data_offset)
2870         goto out;
2871 
2872     /*
2873      * Finally we can dump process memory into corefile as well.
2874      */
2875     for (vma = vma_first(mm); vma != NULL; vma = vma_next(vma)) {
2876         abi_ulong addr;
2877         abi_ulong end;
2878 
2879         end = vma->vma_start + vma_dump_size(vma);
2880 
2881         for (addr = vma->vma_start; addr < end;
2882              addr += TARGET_PAGE_SIZE) {
2883             char page[TARGET_PAGE_SIZE];
2884             int error;
2885 
2886             /*
2887              *  Read in page from target process memory and
2888              *  write it to coredump file.
2889              */
2890             error = copy_from_user(page, addr, sizeof (page));
2891             if (error != 0) {
2892                 (void) fprintf(stderr, "unable to dump " TARGET_ABI_FMT_lx "\n",
2893                                addr);
2894                 errno = -error;
2895                 goto out;
2896             }
2897             if (dump_write(fd, page, TARGET_PAGE_SIZE) < 0)
2898                 goto out;
2899         }
2900     }
2901 
2902  out:
2903     free_note_info(&info);
2904     if (mm != NULL)
2905         vma_delete(mm);
2906     (void) close(fd);
2907 
2908     if (errno != 0)
2909         return (-errno);
2910     return (0);
2911 }
2912 #endif /* USE_ELF_CORE_DUMP */
2913 
2914 void do_init_thread(struct target_pt_regs *regs, struct image_info *infop)
2915 {
2916     init_thread(regs, infop);
2917 }
2918