1 /* This is the Linux kernel elf-loading code, ported into user space */ 2 #include <sys/time.h> 3 #include <sys/param.h> 4 5 #include <stdio.h> 6 #include <sys/types.h> 7 #include <fcntl.h> 8 #include <errno.h> 9 #include <unistd.h> 10 #include <sys/mman.h> 11 #include <sys/resource.h> 12 #include <stdlib.h> 13 #include <string.h> 14 #include <time.h> 15 16 #include "qemu.h" 17 #include "disas.h" 18 19 #ifdef _ARCH_PPC64 20 #undef ARCH_DLINFO 21 #undef ELF_PLATFORM 22 #undef ELF_HWCAP 23 #undef ELF_CLASS 24 #undef ELF_DATA 25 #undef ELF_ARCH 26 #endif 27 28 #define ELF_OSABI ELFOSABI_SYSV 29 30 /* from personality.h */ 31 32 /* 33 * Flags for bug emulation. 34 * 35 * These occupy the top three bytes. 36 */ 37 enum { 38 ADDR_NO_RANDOMIZE = 0x0040000, /* disable randomization of VA space */ 39 FDPIC_FUNCPTRS = 0x0080000, /* userspace function ptrs point to 40 descriptors (signal handling) */ 41 MMAP_PAGE_ZERO = 0x0100000, 42 ADDR_COMPAT_LAYOUT = 0x0200000, 43 READ_IMPLIES_EXEC = 0x0400000, 44 ADDR_LIMIT_32BIT = 0x0800000, 45 SHORT_INODE = 0x1000000, 46 WHOLE_SECONDS = 0x2000000, 47 STICKY_TIMEOUTS = 0x4000000, 48 ADDR_LIMIT_3GB = 0x8000000, 49 }; 50 51 /* 52 * Personality types. 53 * 54 * These go in the low byte. Avoid using the top bit, it will 55 * conflict with error returns. 56 */ 57 enum { 58 PER_LINUX = 0x0000, 59 PER_LINUX_32BIT = 0x0000 | ADDR_LIMIT_32BIT, 60 PER_LINUX_FDPIC = 0x0000 | FDPIC_FUNCPTRS, 61 PER_SVR4 = 0x0001 | STICKY_TIMEOUTS | MMAP_PAGE_ZERO, 62 PER_SVR3 = 0x0002 | STICKY_TIMEOUTS | SHORT_INODE, 63 PER_SCOSVR3 = 0x0003 | STICKY_TIMEOUTS | WHOLE_SECONDS | SHORT_INODE, 64 PER_OSR5 = 0x0003 | STICKY_TIMEOUTS | WHOLE_SECONDS, 65 PER_WYSEV386 = 0x0004 | STICKY_TIMEOUTS | SHORT_INODE, 66 PER_ISCR4 = 0x0005 | STICKY_TIMEOUTS, 67 PER_BSD = 0x0006, 68 PER_SUNOS = 0x0006 | STICKY_TIMEOUTS, 69 PER_XENIX = 0x0007 | STICKY_TIMEOUTS | SHORT_INODE, 70 PER_LINUX32 = 0x0008, 71 PER_LINUX32_3GB = 0x0008 | ADDR_LIMIT_3GB, 72 PER_IRIX32 = 0x0009 | STICKY_TIMEOUTS,/* IRIX5 32-bit */ 73 PER_IRIXN32 = 0x000a | STICKY_TIMEOUTS,/* IRIX6 new 32-bit */ 74 PER_IRIX64 = 0x000b | STICKY_TIMEOUTS,/* IRIX6 64-bit */ 75 PER_RISCOS = 0x000c, 76 PER_SOLARIS = 0x000d | STICKY_TIMEOUTS, 77 PER_UW7 = 0x000e | STICKY_TIMEOUTS | MMAP_PAGE_ZERO, 78 PER_OSF4 = 0x000f, /* OSF/1 v4 */ 79 PER_HPUX = 0x0010, 80 PER_MASK = 0x00ff, 81 }; 82 83 /* 84 * Return the base personality without flags. 85 */ 86 #define personality(pers) (pers & PER_MASK) 87 88 /* this flag is uneffective under linux too, should be deleted */ 89 #ifndef MAP_DENYWRITE 90 #define MAP_DENYWRITE 0 91 #endif 92 93 /* should probably go in elf.h */ 94 #ifndef ELIBBAD 95 #define ELIBBAD 80 96 #endif 97 98 #ifdef TARGET_WORDS_BIGENDIAN 99 #define ELF_DATA ELFDATA2MSB 100 #else 101 #define ELF_DATA ELFDATA2LSB 102 #endif 103 104 typedef target_ulong target_elf_greg_t; 105 #ifdef USE_UID16 106 typedef target_ushort target_uid_t; 107 typedef target_ushort target_gid_t; 108 #else 109 typedef target_uint target_uid_t; 110 typedef target_uint target_gid_t; 111 #endif 112 typedef target_int target_pid_t; 113 114 #ifdef TARGET_I386 115 116 #define ELF_PLATFORM get_elf_platform() 117 118 static const char *get_elf_platform(void) 119 { 120 static char elf_platform[] = "i386"; 121 int family = (thread_env->cpuid_version >> 8) & 0xff; 122 if (family > 6) 123 family = 6; 124 if (family >= 3) 125 elf_platform[1] = '0' + family; 126 return elf_platform; 127 } 128 129 #define ELF_HWCAP get_elf_hwcap() 130 131 static uint32_t get_elf_hwcap(void) 132 { 133 return thread_env->cpuid_features; 134 } 135 136 #ifdef TARGET_X86_64 137 #define ELF_START_MMAP 0x2aaaaab000ULL 138 #define elf_check_arch(x) ( ((x) == ELF_ARCH) ) 139 140 #define ELF_CLASS ELFCLASS64 141 #define ELF_ARCH EM_X86_64 142 143 static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop) 144 { 145 regs->rax = 0; 146 regs->rsp = infop->start_stack; 147 regs->rip = infop->entry; 148 } 149 150 #define ELF_NREG 27 151 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 152 153 /* 154 * Note that ELF_NREG should be 29 as there should be place for 155 * TRAPNO and ERR "registers" as well but linux doesn't dump 156 * those. 157 * 158 * See linux kernel: arch/x86/include/asm/elf.h 159 */ 160 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env) 161 { 162 (*regs)[0] = env->regs[15]; 163 (*regs)[1] = env->regs[14]; 164 (*regs)[2] = env->regs[13]; 165 (*regs)[3] = env->regs[12]; 166 (*regs)[4] = env->regs[R_EBP]; 167 (*regs)[5] = env->regs[R_EBX]; 168 (*regs)[6] = env->regs[11]; 169 (*regs)[7] = env->regs[10]; 170 (*regs)[8] = env->regs[9]; 171 (*regs)[9] = env->regs[8]; 172 (*regs)[10] = env->regs[R_EAX]; 173 (*regs)[11] = env->regs[R_ECX]; 174 (*regs)[12] = env->regs[R_EDX]; 175 (*regs)[13] = env->regs[R_ESI]; 176 (*regs)[14] = env->regs[R_EDI]; 177 (*regs)[15] = env->regs[R_EAX]; /* XXX */ 178 (*regs)[16] = env->eip; 179 (*regs)[17] = env->segs[R_CS].selector & 0xffff; 180 (*regs)[18] = env->eflags; 181 (*regs)[19] = env->regs[R_ESP]; 182 (*regs)[20] = env->segs[R_SS].selector & 0xffff; 183 (*regs)[21] = env->segs[R_FS].selector & 0xffff; 184 (*regs)[22] = env->segs[R_GS].selector & 0xffff; 185 (*regs)[23] = env->segs[R_DS].selector & 0xffff; 186 (*regs)[24] = env->segs[R_ES].selector & 0xffff; 187 (*regs)[25] = env->segs[R_FS].selector & 0xffff; 188 (*regs)[26] = env->segs[R_GS].selector & 0xffff; 189 } 190 191 #else 192 193 #define ELF_START_MMAP 0x80000000 194 195 /* 196 * This is used to ensure we don't load something for the wrong architecture. 197 */ 198 #define elf_check_arch(x) ( ((x) == EM_386) || ((x) == EM_486) ) 199 200 /* 201 * These are used to set parameters in the core dumps. 202 */ 203 #define ELF_CLASS ELFCLASS32 204 #define ELF_ARCH EM_386 205 206 static inline void init_thread(struct target_pt_regs *regs, 207 struct image_info *infop) 208 { 209 regs->esp = infop->start_stack; 210 regs->eip = infop->entry; 211 212 /* SVR4/i386 ABI (pages 3-31, 3-32) says that when the program 213 starts %edx contains a pointer to a function which might be 214 registered using `atexit'. This provides a mean for the 215 dynamic linker to call DT_FINI functions for shared libraries 216 that have been loaded before the code runs. 217 218 A value of 0 tells we have no such handler. */ 219 regs->edx = 0; 220 } 221 222 #define ELF_NREG 17 223 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 224 225 /* 226 * Note that ELF_NREG should be 19 as there should be place for 227 * TRAPNO and ERR "registers" as well but linux doesn't dump 228 * those. 229 * 230 * See linux kernel: arch/x86/include/asm/elf.h 231 */ 232 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env) 233 { 234 (*regs)[0] = env->regs[R_EBX]; 235 (*regs)[1] = env->regs[R_ECX]; 236 (*regs)[2] = env->regs[R_EDX]; 237 (*regs)[3] = env->regs[R_ESI]; 238 (*regs)[4] = env->regs[R_EDI]; 239 (*regs)[5] = env->regs[R_EBP]; 240 (*regs)[6] = env->regs[R_EAX]; 241 (*regs)[7] = env->segs[R_DS].selector & 0xffff; 242 (*regs)[8] = env->segs[R_ES].selector & 0xffff; 243 (*regs)[9] = env->segs[R_FS].selector & 0xffff; 244 (*regs)[10] = env->segs[R_GS].selector & 0xffff; 245 (*regs)[11] = env->regs[R_EAX]; /* XXX */ 246 (*regs)[12] = env->eip; 247 (*regs)[13] = env->segs[R_CS].selector & 0xffff; 248 (*regs)[14] = env->eflags; 249 (*regs)[15] = env->regs[R_ESP]; 250 (*regs)[16] = env->segs[R_SS].selector & 0xffff; 251 } 252 #endif 253 254 #define USE_ELF_CORE_DUMP 255 #define ELF_EXEC_PAGESIZE 4096 256 257 #endif 258 259 #ifdef TARGET_ARM 260 261 #define ELF_START_MMAP 0x80000000 262 263 #define elf_check_arch(x) ( (x) == EM_ARM ) 264 265 #define ELF_CLASS ELFCLASS32 266 #define ELF_ARCH EM_ARM 267 268 static inline void init_thread(struct target_pt_regs *regs, 269 struct image_info *infop) 270 { 271 abi_long stack = infop->start_stack; 272 memset(regs, 0, sizeof(*regs)); 273 regs->ARM_cpsr = 0x10; 274 if (infop->entry & 1) 275 regs->ARM_cpsr |= CPSR_T; 276 regs->ARM_pc = infop->entry & 0xfffffffe; 277 regs->ARM_sp = infop->start_stack; 278 /* FIXME - what to for failure of get_user()? */ 279 get_user_ual(regs->ARM_r2, stack + 8); /* envp */ 280 get_user_ual(regs->ARM_r1, stack + 4); /* envp */ 281 /* XXX: it seems that r0 is zeroed after ! */ 282 regs->ARM_r0 = 0; 283 /* For uClinux PIC binaries. */ 284 /* XXX: Linux does this only on ARM with no MMU (do we care ?) */ 285 regs->ARM_r10 = infop->start_data; 286 } 287 288 #define ELF_NREG 18 289 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 290 291 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env) 292 { 293 (*regs)[0] = tswapl(env->regs[0]); 294 (*regs)[1] = tswapl(env->regs[1]); 295 (*regs)[2] = tswapl(env->regs[2]); 296 (*regs)[3] = tswapl(env->regs[3]); 297 (*regs)[4] = tswapl(env->regs[4]); 298 (*regs)[5] = tswapl(env->regs[5]); 299 (*regs)[6] = tswapl(env->regs[6]); 300 (*regs)[7] = tswapl(env->regs[7]); 301 (*regs)[8] = tswapl(env->regs[8]); 302 (*regs)[9] = tswapl(env->regs[9]); 303 (*regs)[10] = tswapl(env->regs[10]); 304 (*regs)[11] = tswapl(env->regs[11]); 305 (*regs)[12] = tswapl(env->regs[12]); 306 (*regs)[13] = tswapl(env->regs[13]); 307 (*regs)[14] = tswapl(env->regs[14]); 308 (*regs)[15] = tswapl(env->regs[15]); 309 310 (*regs)[16] = tswapl(cpsr_read((CPUState *)env)); 311 (*regs)[17] = tswapl(env->regs[0]); /* XXX */ 312 } 313 314 #define USE_ELF_CORE_DUMP 315 #define ELF_EXEC_PAGESIZE 4096 316 317 enum 318 { 319 ARM_HWCAP_ARM_SWP = 1 << 0, 320 ARM_HWCAP_ARM_HALF = 1 << 1, 321 ARM_HWCAP_ARM_THUMB = 1 << 2, 322 ARM_HWCAP_ARM_26BIT = 1 << 3, 323 ARM_HWCAP_ARM_FAST_MULT = 1 << 4, 324 ARM_HWCAP_ARM_FPA = 1 << 5, 325 ARM_HWCAP_ARM_VFP = 1 << 6, 326 ARM_HWCAP_ARM_EDSP = 1 << 7, 327 ARM_HWCAP_ARM_JAVA = 1 << 8, 328 ARM_HWCAP_ARM_IWMMXT = 1 << 9, 329 ARM_HWCAP_ARM_THUMBEE = 1 << 10, 330 ARM_HWCAP_ARM_NEON = 1 << 11, 331 ARM_HWCAP_ARM_VFPv3 = 1 << 12, 332 ARM_HWCAP_ARM_VFPv3D16 = 1 << 13, 333 }; 334 335 #define ELF_HWCAP (ARM_HWCAP_ARM_SWP | ARM_HWCAP_ARM_HALF \ 336 | ARM_HWCAP_ARM_THUMB | ARM_HWCAP_ARM_FAST_MULT \ 337 | ARM_HWCAP_ARM_FPA | ARM_HWCAP_ARM_VFP \ 338 | ARM_HWCAP_ARM_NEON | ARM_HWCAP_ARM_VFPv3 ) 339 340 #endif 341 342 #ifdef TARGET_UNICORE32 343 344 #define ELF_START_MMAP 0x80000000 345 346 #define elf_check_arch(x) ((x) == EM_UNICORE32) 347 348 #define ELF_CLASS ELFCLASS32 349 #define ELF_DATA ELFDATA2LSB 350 #define ELF_ARCH EM_UNICORE32 351 352 static inline void init_thread(struct target_pt_regs *regs, 353 struct image_info *infop) 354 { 355 abi_long stack = infop->start_stack; 356 memset(regs, 0, sizeof(*regs)); 357 regs->UC32_REG_asr = 0x10; 358 regs->UC32_REG_pc = infop->entry & 0xfffffffe; 359 regs->UC32_REG_sp = infop->start_stack; 360 /* FIXME - what to for failure of get_user()? */ 361 get_user_ual(regs->UC32_REG_02, stack + 8); /* envp */ 362 get_user_ual(regs->UC32_REG_01, stack + 4); /* envp */ 363 /* XXX: it seems that r0 is zeroed after ! */ 364 regs->UC32_REG_00 = 0; 365 } 366 367 #define ELF_NREG 34 368 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 369 370 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env) 371 { 372 (*regs)[0] = env->regs[0]; 373 (*regs)[1] = env->regs[1]; 374 (*regs)[2] = env->regs[2]; 375 (*regs)[3] = env->regs[3]; 376 (*regs)[4] = env->regs[4]; 377 (*regs)[5] = env->regs[5]; 378 (*regs)[6] = env->regs[6]; 379 (*regs)[7] = env->regs[7]; 380 (*regs)[8] = env->regs[8]; 381 (*regs)[9] = env->regs[9]; 382 (*regs)[10] = env->regs[10]; 383 (*regs)[11] = env->regs[11]; 384 (*regs)[12] = env->regs[12]; 385 (*regs)[13] = env->regs[13]; 386 (*regs)[14] = env->regs[14]; 387 (*regs)[15] = env->regs[15]; 388 (*regs)[16] = env->regs[16]; 389 (*regs)[17] = env->regs[17]; 390 (*regs)[18] = env->regs[18]; 391 (*regs)[19] = env->regs[19]; 392 (*regs)[20] = env->regs[20]; 393 (*regs)[21] = env->regs[21]; 394 (*regs)[22] = env->regs[22]; 395 (*regs)[23] = env->regs[23]; 396 (*regs)[24] = env->regs[24]; 397 (*regs)[25] = env->regs[25]; 398 (*regs)[26] = env->regs[26]; 399 (*regs)[27] = env->regs[27]; 400 (*regs)[28] = env->regs[28]; 401 (*regs)[29] = env->regs[29]; 402 (*regs)[30] = env->regs[30]; 403 (*regs)[31] = env->regs[31]; 404 405 (*regs)[32] = cpu_asr_read((CPUState *)env); 406 (*regs)[33] = env->regs[0]; /* XXX */ 407 } 408 409 #define USE_ELF_CORE_DUMP 410 #define ELF_EXEC_PAGESIZE 4096 411 412 #define ELF_HWCAP (UC32_HWCAP_CMOV | UC32_HWCAP_UCF64) 413 414 #endif 415 416 #ifdef TARGET_SPARC 417 #ifdef TARGET_SPARC64 418 419 #define ELF_START_MMAP 0x80000000 420 #define ELF_HWCAP (HWCAP_SPARC_FLUSH | HWCAP_SPARC_STBAR | HWCAP_SPARC_SWAP \ 421 | HWCAP_SPARC_MULDIV | HWCAP_SPARC_V9) 422 #ifndef TARGET_ABI32 423 #define elf_check_arch(x) ( (x) == EM_SPARCV9 || (x) == EM_SPARC32PLUS ) 424 #else 425 #define elf_check_arch(x) ( (x) == EM_SPARC32PLUS || (x) == EM_SPARC ) 426 #endif 427 428 #define ELF_CLASS ELFCLASS64 429 #define ELF_ARCH EM_SPARCV9 430 431 #define STACK_BIAS 2047 432 433 static inline void init_thread(struct target_pt_regs *regs, 434 struct image_info *infop) 435 { 436 #ifndef TARGET_ABI32 437 regs->tstate = 0; 438 #endif 439 regs->pc = infop->entry; 440 regs->npc = regs->pc + 4; 441 regs->y = 0; 442 #ifdef TARGET_ABI32 443 regs->u_regs[14] = infop->start_stack - 16 * 4; 444 #else 445 if (personality(infop->personality) == PER_LINUX32) 446 regs->u_regs[14] = infop->start_stack - 16 * 4; 447 else 448 regs->u_regs[14] = infop->start_stack - 16 * 8 - STACK_BIAS; 449 #endif 450 } 451 452 #else 453 #define ELF_START_MMAP 0x80000000 454 #define ELF_HWCAP (HWCAP_SPARC_FLUSH | HWCAP_SPARC_STBAR | HWCAP_SPARC_SWAP \ 455 | HWCAP_SPARC_MULDIV) 456 #define elf_check_arch(x) ( (x) == EM_SPARC ) 457 458 #define ELF_CLASS ELFCLASS32 459 #define ELF_ARCH EM_SPARC 460 461 static inline void init_thread(struct target_pt_regs *regs, 462 struct image_info *infop) 463 { 464 regs->psr = 0; 465 regs->pc = infop->entry; 466 regs->npc = regs->pc + 4; 467 regs->y = 0; 468 regs->u_regs[14] = infop->start_stack - 16 * 4; 469 } 470 471 #endif 472 #endif 473 474 #ifdef TARGET_PPC 475 476 #define ELF_START_MMAP 0x80000000 477 478 #if defined(TARGET_PPC64) && !defined(TARGET_ABI32) 479 480 #define elf_check_arch(x) ( (x) == EM_PPC64 ) 481 482 #define ELF_CLASS ELFCLASS64 483 484 #else 485 486 #define elf_check_arch(x) ( (x) == EM_PPC ) 487 488 #define ELF_CLASS ELFCLASS32 489 490 #endif 491 492 #define ELF_ARCH EM_PPC 493 494 /* Feature masks for the Aux Vector Hardware Capabilities (AT_HWCAP). 495 See arch/powerpc/include/asm/cputable.h. */ 496 enum { 497 QEMU_PPC_FEATURE_32 = 0x80000000, 498 QEMU_PPC_FEATURE_64 = 0x40000000, 499 QEMU_PPC_FEATURE_601_INSTR = 0x20000000, 500 QEMU_PPC_FEATURE_HAS_ALTIVEC = 0x10000000, 501 QEMU_PPC_FEATURE_HAS_FPU = 0x08000000, 502 QEMU_PPC_FEATURE_HAS_MMU = 0x04000000, 503 QEMU_PPC_FEATURE_HAS_4xxMAC = 0x02000000, 504 QEMU_PPC_FEATURE_UNIFIED_CACHE = 0x01000000, 505 QEMU_PPC_FEATURE_HAS_SPE = 0x00800000, 506 QEMU_PPC_FEATURE_HAS_EFP_SINGLE = 0x00400000, 507 QEMU_PPC_FEATURE_HAS_EFP_DOUBLE = 0x00200000, 508 QEMU_PPC_FEATURE_NO_TB = 0x00100000, 509 QEMU_PPC_FEATURE_POWER4 = 0x00080000, 510 QEMU_PPC_FEATURE_POWER5 = 0x00040000, 511 QEMU_PPC_FEATURE_POWER5_PLUS = 0x00020000, 512 QEMU_PPC_FEATURE_CELL = 0x00010000, 513 QEMU_PPC_FEATURE_BOOKE = 0x00008000, 514 QEMU_PPC_FEATURE_SMT = 0x00004000, 515 QEMU_PPC_FEATURE_ICACHE_SNOOP = 0x00002000, 516 QEMU_PPC_FEATURE_ARCH_2_05 = 0x00001000, 517 QEMU_PPC_FEATURE_PA6T = 0x00000800, 518 QEMU_PPC_FEATURE_HAS_DFP = 0x00000400, 519 QEMU_PPC_FEATURE_POWER6_EXT = 0x00000200, 520 QEMU_PPC_FEATURE_ARCH_2_06 = 0x00000100, 521 QEMU_PPC_FEATURE_HAS_VSX = 0x00000080, 522 QEMU_PPC_FEATURE_PSERIES_PERFMON_COMPAT = 0x00000040, 523 524 QEMU_PPC_FEATURE_TRUE_LE = 0x00000002, 525 QEMU_PPC_FEATURE_PPC_LE = 0x00000001, 526 }; 527 528 #define ELF_HWCAP get_elf_hwcap() 529 530 static uint32_t get_elf_hwcap(void) 531 { 532 CPUState *e = thread_env; 533 uint32_t features = 0; 534 535 /* We don't have to be terribly complete here; the high points are 536 Altivec/FP/SPE support. Anything else is just a bonus. */ 537 #define GET_FEATURE(flag, feature) \ 538 do {if (e->insns_flags & flag) features |= feature; } while(0) 539 GET_FEATURE(PPC_64B, QEMU_PPC_FEATURE_64); 540 GET_FEATURE(PPC_FLOAT, QEMU_PPC_FEATURE_HAS_FPU); 541 GET_FEATURE(PPC_ALTIVEC, QEMU_PPC_FEATURE_HAS_ALTIVEC); 542 GET_FEATURE(PPC_SPE, QEMU_PPC_FEATURE_HAS_SPE); 543 GET_FEATURE(PPC_SPE_SINGLE, QEMU_PPC_FEATURE_HAS_EFP_SINGLE); 544 GET_FEATURE(PPC_SPE_DOUBLE, QEMU_PPC_FEATURE_HAS_EFP_DOUBLE); 545 GET_FEATURE(PPC_BOOKE, QEMU_PPC_FEATURE_BOOKE); 546 GET_FEATURE(PPC_405_MAC, QEMU_PPC_FEATURE_HAS_4xxMAC); 547 #undef GET_FEATURE 548 549 return features; 550 } 551 552 /* 553 * The requirements here are: 554 * - keep the final alignment of sp (sp & 0xf) 555 * - make sure the 32-bit value at the first 16 byte aligned position of 556 * AUXV is greater than 16 for glibc compatibility. 557 * AT_IGNOREPPC is used for that. 558 * - for compatibility with glibc ARCH_DLINFO must always be defined on PPC, 559 * even if DLINFO_ARCH_ITEMS goes to zero or is undefined. 560 */ 561 #define DLINFO_ARCH_ITEMS 5 562 #define ARCH_DLINFO \ 563 do { \ 564 NEW_AUX_ENT(AT_DCACHEBSIZE, 0x20); \ 565 NEW_AUX_ENT(AT_ICACHEBSIZE, 0x20); \ 566 NEW_AUX_ENT(AT_UCACHEBSIZE, 0); \ 567 /* \ 568 * Now handle glibc compatibility. \ 569 */ \ 570 NEW_AUX_ENT(AT_IGNOREPPC, AT_IGNOREPPC); \ 571 NEW_AUX_ENT(AT_IGNOREPPC, AT_IGNOREPPC); \ 572 } while (0) 573 574 static inline void init_thread(struct target_pt_regs *_regs, struct image_info *infop) 575 { 576 _regs->gpr[1] = infop->start_stack; 577 #if defined(TARGET_PPC64) && !defined(TARGET_ABI32) 578 _regs->gpr[2] = ldq_raw(infop->entry + 8) + infop->load_addr; 579 infop->entry = ldq_raw(infop->entry) + infop->load_addr; 580 #endif 581 _regs->nip = infop->entry; 582 } 583 584 /* See linux kernel: arch/powerpc/include/asm/elf.h. */ 585 #define ELF_NREG 48 586 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 587 588 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env) 589 { 590 int i; 591 target_ulong ccr = 0; 592 593 for (i = 0; i < ARRAY_SIZE(env->gpr); i++) { 594 (*regs)[i] = tswapl(env->gpr[i]); 595 } 596 597 (*regs)[32] = tswapl(env->nip); 598 (*regs)[33] = tswapl(env->msr); 599 (*regs)[35] = tswapl(env->ctr); 600 (*regs)[36] = tswapl(env->lr); 601 (*regs)[37] = tswapl(env->xer); 602 603 for (i = 0; i < ARRAY_SIZE(env->crf); i++) { 604 ccr |= env->crf[i] << (32 - ((i + 1) * 4)); 605 } 606 (*regs)[38] = tswapl(ccr); 607 } 608 609 #define USE_ELF_CORE_DUMP 610 #define ELF_EXEC_PAGESIZE 4096 611 612 #endif 613 614 #ifdef TARGET_MIPS 615 616 #define ELF_START_MMAP 0x80000000 617 618 #define elf_check_arch(x) ( (x) == EM_MIPS ) 619 620 #ifdef TARGET_MIPS64 621 #define ELF_CLASS ELFCLASS64 622 #else 623 #define ELF_CLASS ELFCLASS32 624 #endif 625 #define ELF_ARCH EM_MIPS 626 627 static inline void init_thread(struct target_pt_regs *regs, 628 struct image_info *infop) 629 { 630 regs->cp0_status = 2 << CP0St_KSU; 631 regs->cp0_epc = infop->entry; 632 regs->regs[29] = infop->start_stack; 633 } 634 635 /* See linux kernel: arch/mips/include/asm/elf.h. */ 636 #define ELF_NREG 45 637 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 638 639 /* See linux kernel: arch/mips/include/asm/reg.h. */ 640 enum { 641 #ifdef TARGET_MIPS64 642 TARGET_EF_R0 = 0, 643 #else 644 TARGET_EF_R0 = 6, 645 #endif 646 TARGET_EF_R26 = TARGET_EF_R0 + 26, 647 TARGET_EF_R27 = TARGET_EF_R0 + 27, 648 TARGET_EF_LO = TARGET_EF_R0 + 32, 649 TARGET_EF_HI = TARGET_EF_R0 + 33, 650 TARGET_EF_CP0_EPC = TARGET_EF_R0 + 34, 651 TARGET_EF_CP0_BADVADDR = TARGET_EF_R0 + 35, 652 TARGET_EF_CP0_STATUS = TARGET_EF_R0 + 36, 653 TARGET_EF_CP0_CAUSE = TARGET_EF_R0 + 37 654 }; 655 656 /* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs. */ 657 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env) 658 { 659 int i; 660 661 for (i = 0; i < TARGET_EF_R0; i++) { 662 (*regs)[i] = 0; 663 } 664 (*regs)[TARGET_EF_R0] = 0; 665 666 for (i = 1; i < ARRAY_SIZE(env->active_tc.gpr); i++) { 667 (*regs)[TARGET_EF_R0 + i] = tswapl(env->active_tc.gpr[i]); 668 } 669 670 (*regs)[TARGET_EF_R26] = 0; 671 (*regs)[TARGET_EF_R27] = 0; 672 (*regs)[TARGET_EF_LO] = tswapl(env->active_tc.LO[0]); 673 (*regs)[TARGET_EF_HI] = tswapl(env->active_tc.HI[0]); 674 (*regs)[TARGET_EF_CP0_EPC] = tswapl(env->active_tc.PC); 675 (*regs)[TARGET_EF_CP0_BADVADDR] = tswapl(env->CP0_BadVAddr); 676 (*regs)[TARGET_EF_CP0_STATUS] = tswapl(env->CP0_Status); 677 (*regs)[TARGET_EF_CP0_CAUSE] = tswapl(env->CP0_Cause); 678 } 679 680 #define USE_ELF_CORE_DUMP 681 #define ELF_EXEC_PAGESIZE 4096 682 683 #endif /* TARGET_MIPS */ 684 685 #ifdef TARGET_MICROBLAZE 686 687 #define ELF_START_MMAP 0x80000000 688 689 #define elf_check_arch(x) ( (x) == EM_MICROBLAZE || (x) == EM_MICROBLAZE_OLD) 690 691 #define ELF_CLASS ELFCLASS32 692 #define ELF_ARCH EM_MICROBLAZE 693 694 static inline void init_thread(struct target_pt_regs *regs, 695 struct image_info *infop) 696 { 697 regs->pc = infop->entry; 698 regs->r1 = infop->start_stack; 699 700 } 701 702 #define ELF_EXEC_PAGESIZE 4096 703 704 #define USE_ELF_CORE_DUMP 705 #define ELF_NREG 38 706 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 707 708 /* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs. */ 709 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env) 710 { 711 int i, pos = 0; 712 713 for (i = 0; i < 32; i++) { 714 (*regs)[pos++] = tswapl(env->regs[i]); 715 } 716 717 for (i = 0; i < 6; i++) { 718 (*regs)[pos++] = tswapl(env->sregs[i]); 719 } 720 } 721 722 #endif /* TARGET_MICROBLAZE */ 723 724 #ifdef TARGET_SH4 725 726 #define ELF_START_MMAP 0x80000000 727 728 #define elf_check_arch(x) ( (x) == EM_SH ) 729 730 #define ELF_CLASS ELFCLASS32 731 #define ELF_ARCH EM_SH 732 733 static inline void init_thread(struct target_pt_regs *regs, 734 struct image_info *infop) 735 { 736 /* Check other registers XXXXX */ 737 regs->pc = infop->entry; 738 regs->regs[15] = infop->start_stack; 739 } 740 741 /* See linux kernel: arch/sh/include/asm/elf.h. */ 742 #define ELF_NREG 23 743 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 744 745 /* See linux kernel: arch/sh/include/asm/ptrace.h. */ 746 enum { 747 TARGET_REG_PC = 16, 748 TARGET_REG_PR = 17, 749 TARGET_REG_SR = 18, 750 TARGET_REG_GBR = 19, 751 TARGET_REG_MACH = 20, 752 TARGET_REG_MACL = 21, 753 TARGET_REG_SYSCALL = 22 754 }; 755 756 static inline void elf_core_copy_regs(target_elf_gregset_t *regs, 757 const CPUState *env) 758 { 759 int i; 760 761 for (i = 0; i < 16; i++) { 762 (*regs[i]) = tswapl(env->gregs[i]); 763 } 764 765 (*regs)[TARGET_REG_PC] = tswapl(env->pc); 766 (*regs)[TARGET_REG_PR] = tswapl(env->pr); 767 (*regs)[TARGET_REG_SR] = tswapl(env->sr); 768 (*regs)[TARGET_REG_GBR] = tswapl(env->gbr); 769 (*regs)[TARGET_REG_MACH] = tswapl(env->mach); 770 (*regs)[TARGET_REG_MACL] = tswapl(env->macl); 771 (*regs)[TARGET_REG_SYSCALL] = 0; /* FIXME */ 772 } 773 774 #define USE_ELF_CORE_DUMP 775 #define ELF_EXEC_PAGESIZE 4096 776 777 #endif 778 779 #ifdef TARGET_CRIS 780 781 #define ELF_START_MMAP 0x80000000 782 783 #define elf_check_arch(x) ( (x) == EM_CRIS ) 784 785 #define ELF_CLASS ELFCLASS32 786 #define ELF_ARCH EM_CRIS 787 788 static inline void init_thread(struct target_pt_regs *regs, 789 struct image_info *infop) 790 { 791 regs->erp = infop->entry; 792 } 793 794 #define ELF_EXEC_PAGESIZE 8192 795 796 #endif 797 798 #ifdef TARGET_M68K 799 800 #define ELF_START_MMAP 0x80000000 801 802 #define elf_check_arch(x) ( (x) == EM_68K ) 803 804 #define ELF_CLASS ELFCLASS32 805 #define ELF_ARCH EM_68K 806 807 /* ??? Does this need to do anything? 808 #define ELF_PLAT_INIT(_r) */ 809 810 static inline void init_thread(struct target_pt_regs *regs, 811 struct image_info *infop) 812 { 813 regs->usp = infop->start_stack; 814 regs->sr = 0; 815 regs->pc = infop->entry; 816 } 817 818 /* See linux kernel: arch/m68k/include/asm/elf.h. */ 819 #define ELF_NREG 20 820 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 821 822 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env) 823 { 824 (*regs)[0] = tswapl(env->dregs[1]); 825 (*regs)[1] = tswapl(env->dregs[2]); 826 (*regs)[2] = tswapl(env->dregs[3]); 827 (*regs)[3] = tswapl(env->dregs[4]); 828 (*regs)[4] = tswapl(env->dregs[5]); 829 (*regs)[5] = tswapl(env->dregs[6]); 830 (*regs)[6] = tswapl(env->dregs[7]); 831 (*regs)[7] = tswapl(env->aregs[0]); 832 (*regs)[8] = tswapl(env->aregs[1]); 833 (*regs)[9] = tswapl(env->aregs[2]); 834 (*regs)[10] = tswapl(env->aregs[3]); 835 (*regs)[11] = tswapl(env->aregs[4]); 836 (*regs)[12] = tswapl(env->aregs[5]); 837 (*regs)[13] = tswapl(env->aregs[6]); 838 (*regs)[14] = tswapl(env->dregs[0]); 839 (*regs)[15] = tswapl(env->aregs[7]); 840 (*regs)[16] = tswapl(env->dregs[0]); /* FIXME: orig_d0 */ 841 (*regs)[17] = tswapl(env->sr); 842 (*regs)[18] = tswapl(env->pc); 843 (*regs)[19] = 0; /* FIXME: regs->format | regs->vector */ 844 } 845 846 #define USE_ELF_CORE_DUMP 847 #define ELF_EXEC_PAGESIZE 8192 848 849 #endif 850 851 #ifdef TARGET_ALPHA 852 853 #define ELF_START_MMAP (0x30000000000ULL) 854 855 #define elf_check_arch(x) ( (x) == ELF_ARCH ) 856 857 #define ELF_CLASS ELFCLASS64 858 #define ELF_ARCH EM_ALPHA 859 860 static inline void init_thread(struct target_pt_regs *regs, 861 struct image_info *infop) 862 { 863 regs->pc = infop->entry; 864 regs->ps = 8; 865 regs->usp = infop->start_stack; 866 } 867 868 #define ELF_EXEC_PAGESIZE 8192 869 870 #endif /* TARGET_ALPHA */ 871 872 #ifdef TARGET_S390X 873 874 #define ELF_START_MMAP (0x20000000000ULL) 875 876 #define elf_check_arch(x) ( (x) == ELF_ARCH ) 877 878 #define ELF_CLASS ELFCLASS64 879 #define ELF_DATA ELFDATA2MSB 880 #define ELF_ARCH EM_S390 881 882 static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop) 883 { 884 regs->psw.addr = infop->entry; 885 regs->psw.mask = PSW_MASK_64 | PSW_MASK_32; 886 regs->gprs[15] = infop->start_stack; 887 } 888 889 #endif /* TARGET_S390X */ 890 891 #ifndef ELF_PLATFORM 892 #define ELF_PLATFORM (NULL) 893 #endif 894 895 #ifndef ELF_HWCAP 896 #define ELF_HWCAP 0 897 #endif 898 899 #ifdef TARGET_ABI32 900 #undef ELF_CLASS 901 #define ELF_CLASS ELFCLASS32 902 #undef bswaptls 903 #define bswaptls(ptr) bswap32s(ptr) 904 #endif 905 906 #include "elf.h" 907 908 struct exec 909 { 910 unsigned int a_info; /* Use macros N_MAGIC, etc for access */ 911 unsigned int a_text; /* length of text, in bytes */ 912 unsigned int a_data; /* length of data, in bytes */ 913 unsigned int a_bss; /* length of uninitialized data area, in bytes */ 914 unsigned int a_syms; /* length of symbol table data in file, in bytes */ 915 unsigned int a_entry; /* start address */ 916 unsigned int a_trsize; /* length of relocation info for text, in bytes */ 917 unsigned int a_drsize; /* length of relocation info for data, in bytes */ 918 }; 919 920 921 #define N_MAGIC(exec) ((exec).a_info & 0xffff) 922 #define OMAGIC 0407 923 #define NMAGIC 0410 924 #define ZMAGIC 0413 925 #define QMAGIC 0314 926 927 /* Necessary parameters */ 928 #define TARGET_ELF_EXEC_PAGESIZE TARGET_PAGE_SIZE 929 #define TARGET_ELF_PAGESTART(_v) ((_v) & ~(unsigned long)(TARGET_ELF_EXEC_PAGESIZE-1)) 930 #define TARGET_ELF_PAGEOFFSET(_v) ((_v) & (TARGET_ELF_EXEC_PAGESIZE-1)) 931 932 #define DLINFO_ITEMS 13 933 934 static inline void memcpy_fromfs(void * to, const void * from, unsigned long n) 935 { 936 memcpy(to, from, n); 937 } 938 939 #ifdef BSWAP_NEEDED 940 static void bswap_ehdr(struct elfhdr *ehdr) 941 { 942 bswap16s(&ehdr->e_type); /* Object file type */ 943 bswap16s(&ehdr->e_machine); /* Architecture */ 944 bswap32s(&ehdr->e_version); /* Object file version */ 945 bswaptls(&ehdr->e_entry); /* Entry point virtual address */ 946 bswaptls(&ehdr->e_phoff); /* Program header table file offset */ 947 bswaptls(&ehdr->e_shoff); /* Section header table file offset */ 948 bswap32s(&ehdr->e_flags); /* Processor-specific flags */ 949 bswap16s(&ehdr->e_ehsize); /* ELF header size in bytes */ 950 bswap16s(&ehdr->e_phentsize); /* Program header table entry size */ 951 bswap16s(&ehdr->e_phnum); /* Program header table entry count */ 952 bswap16s(&ehdr->e_shentsize); /* Section header table entry size */ 953 bswap16s(&ehdr->e_shnum); /* Section header table entry count */ 954 bswap16s(&ehdr->e_shstrndx); /* Section header string table index */ 955 } 956 957 static void bswap_phdr(struct elf_phdr *phdr, int phnum) 958 { 959 int i; 960 for (i = 0; i < phnum; ++i, ++phdr) { 961 bswap32s(&phdr->p_type); /* Segment type */ 962 bswap32s(&phdr->p_flags); /* Segment flags */ 963 bswaptls(&phdr->p_offset); /* Segment file offset */ 964 bswaptls(&phdr->p_vaddr); /* Segment virtual address */ 965 bswaptls(&phdr->p_paddr); /* Segment physical address */ 966 bswaptls(&phdr->p_filesz); /* Segment size in file */ 967 bswaptls(&phdr->p_memsz); /* Segment size in memory */ 968 bswaptls(&phdr->p_align); /* Segment alignment */ 969 } 970 } 971 972 static void bswap_shdr(struct elf_shdr *shdr, int shnum) 973 { 974 int i; 975 for (i = 0; i < shnum; ++i, ++shdr) { 976 bswap32s(&shdr->sh_name); 977 bswap32s(&shdr->sh_type); 978 bswaptls(&shdr->sh_flags); 979 bswaptls(&shdr->sh_addr); 980 bswaptls(&shdr->sh_offset); 981 bswaptls(&shdr->sh_size); 982 bswap32s(&shdr->sh_link); 983 bswap32s(&shdr->sh_info); 984 bswaptls(&shdr->sh_addralign); 985 bswaptls(&shdr->sh_entsize); 986 } 987 } 988 989 static void bswap_sym(struct elf_sym *sym) 990 { 991 bswap32s(&sym->st_name); 992 bswaptls(&sym->st_value); 993 bswaptls(&sym->st_size); 994 bswap16s(&sym->st_shndx); 995 } 996 #else 997 static inline void bswap_ehdr(struct elfhdr *ehdr) { } 998 static inline void bswap_phdr(struct elf_phdr *phdr, int phnum) { } 999 static inline void bswap_shdr(struct elf_shdr *shdr, int shnum) { } 1000 static inline void bswap_sym(struct elf_sym *sym) { } 1001 #endif 1002 1003 #ifdef USE_ELF_CORE_DUMP 1004 static int elf_core_dump(int, const CPUState *); 1005 #endif /* USE_ELF_CORE_DUMP */ 1006 static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias); 1007 1008 /* Verify the portions of EHDR within E_IDENT for the target. 1009 This can be performed before bswapping the entire header. */ 1010 static bool elf_check_ident(struct elfhdr *ehdr) 1011 { 1012 return (ehdr->e_ident[EI_MAG0] == ELFMAG0 1013 && ehdr->e_ident[EI_MAG1] == ELFMAG1 1014 && ehdr->e_ident[EI_MAG2] == ELFMAG2 1015 && ehdr->e_ident[EI_MAG3] == ELFMAG3 1016 && ehdr->e_ident[EI_CLASS] == ELF_CLASS 1017 && ehdr->e_ident[EI_DATA] == ELF_DATA 1018 && ehdr->e_ident[EI_VERSION] == EV_CURRENT); 1019 } 1020 1021 /* Verify the portions of EHDR outside of E_IDENT for the target. 1022 This has to wait until after bswapping the header. */ 1023 static bool elf_check_ehdr(struct elfhdr *ehdr) 1024 { 1025 return (elf_check_arch(ehdr->e_machine) 1026 && ehdr->e_ehsize == sizeof(struct elfhdr) 1027 && ehdr->e_phentsize == sizeof(struct elf_phdr) 1028 && ehdr->e_shentsize == sizeof(struct elf_shdr) 1029 && (ehdr->e_type == ET_EXEC || ehdr->e_type == ET_DYN)); 1030 } 1031 1032 /* 1033 * 'copy_elf_strings()' copies argument/envelope strings from user 1034 * memory to free pages in kernel mem. These are in a format ready 1035 * to be put directly into the top of new user memory. 1036 * 1037 */ 1038 static abi_ulong copy_elf_strings(int argc,char ** argv, void **page, 1039 abi_ulong p) 1040 { 1041 char *tmp, *tmp1, *pag = NULL; 1042 int len, offset = 0; 1043 1044 if (!p) { 1045 return 0; /* bullet-proofing */ 1046 } 1047 while (argc-- > 0) { 1048 tmp = argv[argc]; 1049 if (!tmp) { 1050 fprintf(stderr, "VFS: argc is wrong"); 1051 exit(-1); 1052 } 1053 tmp1 = tmp; 1054 while (*tmp++); 1055 len = tmp - tmp1; 1056 if (p < len) { /* this shouldn't happen - 128kB */ 1057 return 0; 1058 } 1059 while (len) { 1060 --p; --tmp; --len; 1061 if (--offset < 0) { 1062 offset = p % TARGET_PAGE_SIZE; 1063 pag = (char *)page[p/TARGET_PAGE_SIZE]; 1064 if (!pag) { 1065 pag = (char *)malloc(TARGET_PAGE_SIZE); 1066 memset(pag, 0, TARGET_PAGE_SIZE); 1067 page[p/TARGET_PAGE_SIZE] = pag; 1068 if (!pag) 1069 return 0; 1070 } 1071 } 1072 if (len == 0 || offset == 0) { 1073 *(pag + offset) = *tmp; 1074 } 1075 else { 1076 int bytes_to_copy = (len > offset) ? offset : len; 1077 tmp -= bytes_to_copy; 1078 p -= bytes_to_copy; 1079 offset -= bytes_to_copy; 1080 len -= bytes_to_copy; 1081 memcpy_fromfs(pag + offset, tmp, bytes_to_copy + 1); 1082 } 1083 } 1084 } 1085 return p; 1086 } 1087 1088 static abi_ulong setup_arg_pages(abi_ulong p, struct linux_binprm *bprm, 1089 struct image_info *info) 1090 { 1091 abi_ulong stack_base, size, error, guard; 1092 int i; 1093 1094 /* Create enough stack to hold everything. If we don't use 1095 it for args, we'll use it for something else. */ 1096 size = guest_stack_size; 1097 if (size < MAX_ARG_PAGES*TARGET_PAGE_SIZE) { 1098 size = MAX_ARG_PAGES*TARGET_PAGE_SIZE; 1099 } 1100 guard = TARGET_PAGE_SIZE; 1101 if (guard < qemu_real_host_page_size) { 1102 guard = qemu_real_host_page_size; 1103 } 1104 1105 error = target_mmap(0, size + guard, PROT_READ | PROT_WRITE, 1106 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); 1107 if (error == -1) { 1108 perror("mmap stack"); 1109 exit(-1); 1110 } 1111 1112 /* We reserve one extra page at the top of the stack as guard. */ 1113 target_mprotect(error, guard, PROT_NONE); 1114 1115 info->stack_limit = error + guard; 1116 stack_base = info->stack_limit + size - MAX_ARG_PAGES*TARGET_PAGE_SIZE; 1117 p += stack_base; 1118 1119 for (i = 0 ; i < MAX_ARG_PAGES ; i++) { 1120 if (bprm->page[i]) { 1121 info->rss++; 1122 /* FIXME - check return value of memcpy_to_target() for failure */ 1123 memcpy_to_target(stack_base, bprm->page[i], TARGET_PAGE_SIZE); 1124 free(bprm->page[i]); 1125 } 1126 stack_base += TARGET_PAGE_SIZE; 1127 } 1128 return p; 1129 } 1130 1131 /* Map and zero the bss. We need to explicitly zero any fractional pages 1132 after the data section (i.e. bss). */ 1133 static void zero_bss(abi_ulong elf_bss, abi_ulong last_bss, int prot) 1134 { 1135 uintptr_t host_start, host_map_start, host_end; 1136 1137 last_bss = TARGET_PAGE_ALIGN(last_bss); 1138 1139 /* ??? There is confusion between qemu_real_host_page_size and 1140 qemu_host_page_size here and elsewhere in target_mmap, which 1141 may lead to the end of the data section mapping from the file 1142 not being mapped. At least there was an explicit test and 1143 comment for that here, suggesting that "the file size must 1144 be known". The comment probably pre-dates the introduction 1145 of the fstat system call in target_mmap which does in fact 1146 find out the size. What isn't clear is if the workaround 1147 here is still actually needed. For now, continue with it, 1148 but merge it with the "normal" mmap that would allocate the bss. */ 1149 1150 host_start = (uintptr_t) g2h(elf_bss); 1151 host_end = (uintptr_t) g2h(last_bss); 1152 host_map_start = (host_start + qemu_real_host_page_size - 1); 1153 host_map_start &= -qemu_real_host_page_size; 1154 1155 if (host_map_start < host_end) { 1156 void *p = mmap((void *)host_map_start, host_end - host_map_start, 1157 prot, MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); 1158 if (p == MAP_FAILED) { 1159 perror("cannot mmap brk"); 1160 exit(-1); 1161 } 1162 1163 /* Since we didn't use target_mmap, make sure to record 1164 the validity of the pages with qemu. */ 1165 page_set_flags(elf_bss & TARGET_PAGE_MASK, last_bss, prot|PAGE_VALID); 1166 } 1167 1168 if (host_start < host_map_start) { 1169 memset((void *)host_start, 0, host_map_start - host_start); 1170 } 1171 } 1172 1173 #ifdef CONFIG_USE_FDPIC 1174 static abi_ulong loader_build_fdpic_loadmap(struct image_info *info, abi_ulong sp) 1175 { 1176 uint16_t n; 1177 struct elf32_fdpic_loadseg *loadsegs = info->loadsegs; 1178 1179 /* elf32_fdpic_loadseg */ 1180 n = info->nsegs; 1181 while (n--) { 1182 sp -= 12; 1183 put_user_u32(loadsegs[n].addr, sp+0); 1184 put_user_u32(loadsegs[n].p_vaddr, sp+4); 1185 put_user_u32(loadsegs[n].p_memsz, sp+8); 1186 } 1187 1188 /* elf32_fdpic_loadmap */ 1189 sp -= 4; 1190 put_user_u16(0, sp+0); /* version */ 1191 put_user_u16(info->nsegs, sp+2); /* nsegs */ 1192 1193 info->personality = PER_LINUX_FDPIC; 1194 info->loadmap_addr = sp; 1195 1196 return sp; 1197 } 1198 #endif 1199 1200 static abi_ulong create_elf_tables(abi_ulong p, int argc, int envc, 1201 struct elfhdr *exec, 1202 struct image_info *info, 1203 struct image_info *interp_info) 1204 { 1205 abi_ulong sp; 1206 int size; 1207 int i; 1208 abi_ulong u_rand_bytes; 1209 uint8_t k_rand_bytes[16]; 1210 abi_ulong u_platform; 1211 const char *k_platform; 1212 const int n = sizeof(elf_addr_t); 1213 1214 sp = p; 1215 1216 #ifdef CONFIG_USE_FDPIC 1217 /* Needs to be before we load the env/argc/... */ 1218 if (elf_is_fdpic(exec)) { 1219 /* Need 4 byte alignment for these structs */ 1220 sp &= ~3; 1221 sp = loader_build_fdpic_loadmap(info, sp); 1222 info->other_info = interp_info; 1223 if (interp_info) { 1224 interp_info->other_info = info; 1225 sp = loader_build_fdpic_loadmap(interp_info, sp); 1226 } 1227 } 1228 #endif 1229 1230 u_platform = 0; 1231 k_platform = ELF_PLATFORM; 1232 if (k_platform) { 1233 size_t len = strlen(k_platform) + 1; 1234 sp -= (len + n - 1) & ~(n - 1); 1235 u_platform = sp; 1236 /* FIXME - check return value of memcpy_to_target() for failure */ 1237 memcpy_to_target(sp, k_platform, len); 1238 } 1239 1240 /* 1241 * Generate 16 random bytes for userspace PRNG seeding (not 1242 * cryptically secure but it's not the aim of QEMU). 1243 */ 1244 srand((unsigned int) time(NULL)); 1245 for (i = 0; i < 16; i++) { 1246 k_rand_bytes[i] = rand(); 1247 } 1248 sp -= 16; 1249 u_rand_bytes = sp; 1250 /* FIXME - check return value of memcpy_to_target() for failure */ 1251 memcpy_to_target(sp, k_rand_bytes, 16); 1252 1253 /* 1254 * Force 16 byte _final_ alignment here for generality. 1255 */ 1256 sp = sp &~ (abi_ulong)15; 1257 size = (DLINFO_ITEMS + 1) * 2; 1258 if (k_platform) 1259 size += 2; 1260 #ifdef DLINFO_ARCH_ITEMS 1261 size += DLINFO_ARCH_ITEMS * 2; 1262 #endif 1263 size += envc + argc + 2; 1264 size += 1; /* argc itself */ 1265 size *= n; 1266 if (size & 15) 1267 sp -= 16 - (size & 15); 1268 1269 /* This is correct because Linux defines 1270 * elf_addr_t as Elf32_Off / Elf64_Off 1271 */ 1272 #define NEW_AUX_ENT(id, val) do { \ 1273 sp -= n; put_user_ual(val, sp); \ 1274 sp -= n; put_user_ual(id, sp); \ 1275 } while(0) 1276 1277 NEW_AUX_ENT (AT_NULL, 0); 1278 1279 /* There must be exactly DLINFO_ITEMS entries here. */ 1280 NEW_AUX_ENT(AT_PHDR, (abi_ulong)(info->load_addr + exec->e_phoff)); 1281 NEW_AUX_ENT(AT_PHENT, (abi_ulong)(sizeof (struct elf_phdr))); 1282 NEW_AUX_ENT(AT_PHNUM, (abi_ulong)(exec->e_phnum)); 1283 NEW_AUX_ENT(AT_PAGESZ, (abi_ulong)(TARGET_PAGE_SIZE)); 1284 NEW_AUX_ENT(AT_BASE, (abi_ulong)(interp_info ? interp_info->load_addr : 0)); 1285 NEW_AUX_ENT(AT_FLAGS, (abi_ulong)0); 1286 NEW_AUX_ENT(AT_ENTRY, info->entry); 1287 NEW_AUX_ENT(AT_UID, (abi_ulong) getuid()); 1288 NEW_AUX_ENT(AT_EUID, (abi_ulong) geteuid()); 1289 NEW_AUX_ENT(AT_GID, (abi_ulong) getgid()); 1290 NEW_AUX_ENT(AT_EGID, (abi_ulong) getegid()); 1291 NEW_AUX_ENT(AT_HWCAP, (abi_ulong) ELF_HWCAP); 1292 NEW_AUX_ENT(AT_CLKTCK, (abi_ulong) sysconf(_SC_CLK_TCK)); 1293 NEW_AUX_ENT(AT_RANDOM, (abi_ulong) u_rand_bytes); 1294 1295 if (k_platform) 1296 NEW_AUX_ENT(AT_PLATFORM, u_platform); 1297 #ifdef ARCH_DLINFO 1298 /* 1299 * ARCH_DLINFO must come last so platform specific code can enforce 1300 * special alignment requirements on the AUXV if necessary (eg. PPC). 1301 */ 1302 ARCH_DLINFO; 1303 #endif 1304 #undef NEW_AUX_ENT 1305 1306 info->saved_auxv = sp; 1307 1308 sp = loader_build_argptr(envc, argc, sp, p, 0); 1309 return sp; 1310 } 1311 1312 static void probe_guest_base(const char *image_name, 1313 abi_ulong loaddr, abi_ulong hiaddr) 1314 { 1315 /* Probe for a suitable guest base address, if the user has not set 1316 * it explicitly, and set guest_base appropriately. 1317 * In case of error we will print a suitable message and exit. 1318 */ 1319 #if defined(CONFIG_USE_GUEST_BASE) 1320 const char *errmsg; 1321 if (!have_guest_base && !reserved_va) { 1322 unsigned long host_start, real_start, host_size; 1323 1324 /* Round addresses to page boundaries. */ 1325 loaddr &= qemu_host_page_mask; 1326 hiaddr = HOST_PAGE_ALIGN(hiaddr); 1327 1328 if (loaddr < mmap_min_addr) { 1329 host_start = HOST_PAGE_ALIGN(mmap_min_addr); 1330 } else { 1331 host_start = loaddr; 1332 if (host_start != loaddr) { 1333 errmsg = "Address overflow loading ELF binary"; 1334 goto exit_errmsg; 1335 } 1336 } 1337 host_size = hiaddr - loaddr; 1338 while (1) { 1339 /* Do not use mmap_find_vma here because that is limited to the 1340 guest address space. We are going to make the 1341 guest address space fit whatever we're given. */ 1342 real_start = (unsigned long) 1343 mmap((void *)host_start, host_size, PROT_NONE, 1344 MAP_ANONYMOUS | MAP_PRIVATE | MAP_NORESERVE, -1, 0); 1345 if (real_start == (unsigned long)-1) { 1346 goto exit_perror; 1347 } 1348 if (real_start == host_start) { 1349 break; 1350 } 1351 /* That address didn't work. Unmap and try a different one. 1352 The address the host picked because is typically right at 1353 the top of the host address space and leaves the guest with 1354 no usable address space. Resort to a linear search. We 1355 already compensated for mmap_min_addr, so this should not 1356 happen often. Probably means we got unlucky and host 1357 address space randomization put a shared library somewhere 1358 inconvenient. */ 1359 munmap((void *)real_start, host_size); 1360 host_start += qemu_host_page_size; 1361 if (host_start == loaddr) { 1362 /* Theoretically possible if host doesn't have any suitably 1363 aligned areas. Normally the first mmap will fail. */ 1364 errmsg = "Unable to find space for application"; 1365 goto exit_errmsg; 1366 } 1367 } 1368 qemu_log("Relocating guest address space from 0x" 1369 TARGET_ABI_FMT_lx " to 0x%lx\n", 1370 loaddr, real_start); 1371 guest_base = real_start - loaddr; 1372 } 1373 return; 1374 1375 exit_perror: 1376 errmsg = strerror(errno); 1377 exit_errmsg: 1378 fprintf(stderr, "%s: %s\n", image_name, errmsg); 1379 exit(-1); 1380 #endif 1381 } 1382 1383 1384 /* Load an ELF image into the address space. 1385 1386 IMAGE_NAME is the filename of the image, to use in error messages. 1387 IMAGE_FD is the open file descriptor for the image. 1388 1389 BPRM_BUF is a copy of the beginning of the file; this of course 1390 contains the elf file header at offset 0. It is assumed that this 1391 buffer is sufficiently aligned to present no problems to the host 1392 in accessing data at aligned offsets within the buffer. 1393 1394 On return: INFO values will be filled in, as necessary or available. */ 1395 1396 static void load_elf_image(const char *image_name, int image_fd, 1397 struct image_info *info, char **pinterp_name, 1398 char bprm_buf[BPRM_BUF_SIZE]) 1399 { 1400 struct elfhdr *ehdr = (struct elfhdr *)bprm_buf; 1401 struct elf_phdr *phdr; 1402 abi_ulong load_addr, load_bias, loaddr, hiaddr, error; 1403 int i, retval; 1404 const char *errmsg; 1405 1406 /* First of all, some simple consistency checks */ 1407 errmsg = "Invalid ELF image for this architecture"; 1408 if (!elf_check_ident(ehdr)) { 1409 goto exit_errmsg; 1410 } 1411 bswap_ehdr(ehdr); 1412 if (!elf_check_ehdr(ehdr)) { 1413 goto exit_errmsg; 1414 } 1415 1416 i = ehdr->e_phnum * sizeof(struct elf_phdr); 1417 if (ehdr->e_phoff + i <= BPRM_BUF_SIZE) { 1418 phdr = (struct elf_phdr *)(bprm_buf + ehdr->e_phoff); 1419 } else { 1420 phdr = (struct elf_phdr *) alloca(i); 1421 retval = pread(image_fd, phdr, i, ehdr->e_phoff); 1422 if (retval != i) { 1423 goto exit_read; 1424 } 1425 } 1426 bswap_phdr(phdr, ehdr->e_phnum); 1427 1428 #ifdef CONFIG_USE_FDPIC 1429 info->nsegs = 0; 1430 info->pt_dynamic_addr = 0; 1431 #endif 1432 1433 /* Find the maximum size of the image and allocate an appropriate 1434 amount of memory to handle that. */ 1435 loaddr = -1, hiaddr = 0; 1436 for (i = 0; i < ehdr->e_phnum; ++i) { 1437 if (phdr[i].p_type == PT_LOAD) { 1438 abi_ulong a = phdr[i].p_vaddr; 1439 if (a < loaddr) { 1440 loaddr = a; 1441 } 1442 a += phdr[i].p_memsz; 1443 if (a > hiaddr) { 1444 hiaddr = a; 1445 } 1446 #ifdef CONFIG_USE_FDPIC 1447 ++info->nsegs; 1448 #endif 1449 } 1450 } 1451 1452 load_addr = loaddr; 1453 if (ehdr->e_type == ET_DYN) { 1454 /* The image indicates that it can be loaded anywhere. Find a 1455 location that can hold the memory space required. If the 1456 image is pre-linked, LOADDR will be non-zero. Since we do 1457 not supply MAP_FIXED here we'll use that address if and 1458 only if it remains available. */ 1459 load_addr = target_mmap(loaddr, hiaddr - loaddr, PROT_NONE, 1460 MAP_PRIVATE | MAP_ANON | MAP_NORESERVE, 1461 -1, 0); 1462 if (load_addr == -1) { 1463 goto exit_perror; 1464 } 1465 } else if (pinterp_name != NULL) { 1466 /* This is the main executable. Make sure that the low 1467 address does not conflict with MMAP_MIN_ADDR or the 1468 QEMU application itself. */ 1469 probe_guest_base(image_name, loaddr, hiaddr); 1470 } 1471 load_bias = load_addr - loaddr; 1472 1473 #ifdef CONFIG_USE_FDPIC 1474 { 1475 struct elf32_fdpic_loadseg *loadsegs = info->loadsegs = 1476 qemu_malloc(sizeof(*loadsegs) * info->nsegs); 1477 1478 for (i = 0; i < ehdr->e_phnum; ++i) { 1479 switch (phdr[i].p_type) { 1480 case PT_DYNAMIC: 1481 info->pt_dynamic_addr = phdr[i].p_vaddr + load_bias; 1482 break; 1483 case PT_LOAD: 1484 loadsegs->addr = phdr[i].p_vaddr + load_bias; 1485 loadsegs->p_vaddr = phdr[i].p_vaddr; 1486 loadsegs->p_memsz = phdr[i].p_memsz; 1487 ++loadsegs; 1488 break; 1489 } 1490 } 1491 } 1492 #endif 1493 1494 info->load_bias = load_bias; 1495 info->load_addr = load_addr; 1496 info->entry = ehdr->e_entry + load_bias; 1497 info->start_code = -1; 1498 info->end_code = 0; 1499 info->start_data = -1; 1500 info->end_data = 0; 1501 info->brk = 0; 1502 1503 for (i = 0; i < ehdr->e_phnum; i++) { 1504 struct elf_phdr *eppnt = phdr + i; 1505 if (eppnt->p_type == PT_LOAD) { 1506 abi_ulong vaddr, vaddr_po, vaddr_ps, vaddr_ef, vaddr_em; 1507 int elf_prot = 0; 1508 1509 if (eppnt->p_flags & PF_R) elf_prot = PROT_READ; 1510 if (eppnt->p_flags & PF_W) elf_prot |= PROT_WRITE; 1511 if (eppnt->p_flags & PF_X) elf_prot |= PROT_EXEC; 1512 1513 vaddr = load_bias + eppnt->p_vaddr; 1514 vaddr_po = TARGET_ELF_PAGEOFFSET(vaddr); 1515 vaddr_ps = TARGET_ELF_PAGESTART(vaddr); 1516 1517 error = target_mmap(vaddr_ps, eppnt->p_filesz + vaddr_po, 1518 elf_prot, MAP_PRIVATE | MAP_FIXED, 1519 image_fd, eppnt->p_offset - vaddr_po); 1520 if (error == -1) { 1521 goto exit_perror; 1522 } 1523 1524 vaddr_ef = vaddr + eppnt->p_filesz; 1525 vaddr_em = vaddr + eppnt->p_memsz; 1526 1527 /* If the load segment requests extra zeros (e.g. bss), map it. */ 1528 if (vaddr_ef < vaddr_em) { 1529 zero_bss(vaddr_ef, vaddr_em, elf_prot); 1530 } 1531 1532 /* Find the full program boundaries. */ 1533 if (elf_prot & PROT_EXEC) { 1534 if (vaddr < info->start_code) { 1535 info->start_code = vaddr; 1536 } 1537 if (vaddr_ef > info->end_code) { 1538 info->end_code = vaddr_ef; 1539 } 1540 } 1541 if (elf_prot & PROT_WRITE) { 1542 if (vaddr < info->start_data) { 1543 info->start_data = vaddr; 1544 } 1545 if (vaddr_ef > info->end_data) { 1546 info->end_data = vaddr_ef; 1547 } 1548 if (vaddr_em > info->brk) { 1549 info->brk = vaddr_em; 1550 } 1551 } 1552 } else if (eppnt->p_type == PT_INTERP && pinterp_name) { 1553 char *interp_name; 1554 1555 if (*pinterp_name) { 1556 errmsg = "Multiple PT_INTERP entries"; 1557 goto exit_errmsg; 1558 } 1559 interp_name = malloc(eppnt->p_filesz); 1560 if (!interp_name) { 1561 goto exit_perror; 1562 } 1563 1564 if (eppnt->p_offset + eppnt->p_filesz <= BPRM_BUF_SIZE) { 1565 memcpy(interp_name, bprm_buf + eppnt->p_offset, 1566 eppnt->p_filesz); 1567 } else { 1568 retval = pread(image_fd, interp_name, eppnt->p_filesz, 1569 eppnt->p_offset); 1570 if (retval != eppnt->p_filesz) { 1571 goto exit_perror; 1572 } 1573 } 1574 if (interp_name[eppnt->p_filesz - 1] != 0) { 1575 errmsg = "Invalid PT_INTERP entry"; 1576 goto exit_errmsg; 1577 } 1578 *pinterp_name = interp_name; 1579 } 1580 } 1581 1582 if (info->end_data == 0) { 1583 info->start_data = info->end_code; 1584 info->end_data = info->end_code; 1585 info->brk = info->end_code; 1586 } 1587 1588 if (qemu_log_enabled()) { 1589 load_symbols(ehdr, image_fd, load_bias); 1590 } 1591 1592 close(image_fd); 1593 return; 1594 1595 exit_read: 1596 if (retval >= 0) { 1597 errmsg = "Incomplete read of file header"; 1598 goto exit_errmsg; 1599 } 1600 exit_perror: 1601 errmsg = strerror(errno); 1602 exit_errmsg: 1603 fprintf(stderr, "%s: %s\n", image_name, errmsg); 1604 exit(-1); 1605 } 1606 1607 static void load_elf_interp(const char *filename, struct image_info *info, 1608 char bprm_buf[BPRM_BUF_SIZE]) 1609 { 1610 int fd, retval; 1611 1612 fd = open(path(filename), O_RDONLY); 1613 if (fd < 0) { 1614 goto exit_perror; 1615 } 1616 1617 retval = read(fd, bprm_buf, BPRM_BUF_SIZE); 1618 if (retval < 0) { 1619 goto exit_perror; 1620 } 1621 if (retval < BPRM_BUF_SIZE) { 1622 memset(bprm_buf + retval, 0, BPRM_BUF_SIZE - retval); 1623 } 1624 1625 load_elf_image(filename, fd, info, NULL, bprm_buf); 1626 return; 1627 1628 exit_perror: 1629 fprintf(stderr, "%s: %s\n", filename, strerror(errno)); 1630 exit(-1); 1631 } 1632 1633 static int symfind(const void *s0, const void *s1) 1634 { 1635 struct elf_sym *key = (struct elf_sym *)s0; 1636 struct elf_sym *sym = (struct elf_sym *)s1; 1637 int result = 0; 1638 if (key->st_value < sym->st_value) { 1639 result = -1; 1640 } else if (key->st_value >= sym->st_value + sym->st_size) { 1641 result = 1; 1642 } 1643 return result; 1644 } 1645 1646 static const char *lookup_symbolxx(struct syminfo *s, target_ulong orig_addr) 1647 { 1648 #if ELF_CLASS == ELFCLASS32 1649 struct elf_sym *syms = s->disas_symtab.elf32; 1650 #else 1651 struct elf_sym *syms = s->disas_symtab.elf64; 1652 #endif 1653 1654 // binary search 1655 struct elf_sym key; 1656 struct elf_sym *sym; 1657 1658 key.st_value = orig_addr; 1659 1660 sym = bsearch(&key, syms, s->disas_num_syms, sizeof(*syms), symfind); 1661 if (sym != NULL) { 1662 return s->disas_strtab + sym->st_name; 1663 } 1664 1665 return ""; 1666 } 1667 1668 /* FIXME: This should use elf_ops.h */ 1669 static int symcmp(const void *s0, const void *s1) 1670 { 1671 struct elf_sym *sym0 = (struct elf_sym *)s0; 1672 struct elf_sym *sym1 = (struct elf_sym *)s1; 1673 return (sym0->st_value < sym1->st_value) 1674 ? -1 1675 : ((sym0->st_value > sym1->st_value) ? 1 : 0); 1676 } 1677 1678 /* Best attempt to load symbols from this ELF object. */ 1679 static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias) 1680 { 1681 int i, shnum, nsyms, sym_idx = 0, str_idx = 0; 1682 struct elf_shdr *shdr; 1683 char *strings = NULL; 1684 struct syminfo *s = NULL; 1685 struct elf_sym *new_syms, *syms = NULL; 1686 1687 shnum = hdr->e_shnum; 1688 i = shnum * sizeof(struct elf_shdr); 1689 shdr = (struct elf_shdr *)alloca(i); 1690 if (pread(fd, shdr, i, hdr->e_shoff) != i) { 1691 return; 1692 } 1693 1694 bswap_shdr(shdr, shnum); 1695 for (i = 0; i < shnum; ++i) { 1696 if (shdr[i].sh_type == SHT_SYMTAB) { 1697 sym_idx = i; 1698 str_idx = shdr[i].sh_link; 1699 goto found; 1700 } 1701 } 1702 1703 /* There will be no symbol table if the file was stripped. */ 1704 return; 1705 1706 found: 1707 /* Now know where the strtab and symtab are. Snarf them. */ 1708 s = malloc(sizeof(*s)); 1709 if (!s) { 1710 goto give_up; 1711 } 1712 1713 i = shdr[str_idx].sh_size; 1714 s->disas_strtab = strings = malloc(i); 1715 if (!strings || pread(fd, strings, i, shdr[str_idx].sh_offset) != i) { 1716 goto give_up; 1717 } 1718 1719 i = shdr[sym_idx].sh_size; 1720 syms = malloc(i); 1721 if (!syms || pread(fd, syms, i, shdr[sym_idx].sh_offset) != i) { 1722 goto give_up; 1723 } 1724 1725 nsyms = i / sizeof(struct elf_sym); 1726 for (i = 0; i < nsyms; ) { 1727 bswap_sym(syms + i); 1728 /* Throw away entries which we do not need. */ 1729 if (syms[i].st_shndx == SHN_UNDEF 1730 || syms[i].st_shndx >= SHN_LORESERVE 1731 || ELF_ST_TYPE(syms[i].st_info) != STT_FUNC) { 1732 if (i < --nsyms) { 1733 syms[i] = syms[nsyms]; 1734 } 1735 } else { 1736 #if defined(TARGET_ARM) || defined (TARGET_MIPS) 1737 /* The bottom address bit marks a Thumb or MIPS16 symbol. */ 1738 syms[i].st_value &= ~(target_ulong)1; 1739 #endif 1740 syms[i].st_value += load_bias; 1741 i++; 1742 } 1743 } 1744 1745 /* No "useful" symbol. */ 1746 if (nsyms == 0) { 1747 goto give_up; 1748 } 1749 1750 /* Attempt to free the storage associated with the local symbols 1751 that we threw away. Whether or not this has any effect on the 1752 memory allocation depends on the malloc implementation and how 1753 many symbols we managed to discard. */ 1754 new_syms = realloc(syms, nsyms * sizeof(*syms)); 1755 if (new_syms == NULL) { 1756 goto give_up; 1757 } 1758 syms = new_syms; 1759 1760 qsort(syms, nsyms, sizeof(*syms), symcmp); 1761 1762 s->disas_num_syms = nsyms; 1763 #if ELF_CLASS == ELFCLASS32 1764 s->disas_symtab.elf32 = syms; 1765 #else 1766 s->disas_symtab.elf64 = syms; 1767 #endif 1768 s->lookup_symbol = lookup_symbolxx; 1769 s->next = syminfos; 1770 syminfos = s; 1771 1772 return; 1773 1774 give_up: 1775 free(s); 1776 free(strings); 1777 free(syms); 1778 } 1779 1780 int load_elf_binary(struct linux_binprm * bprm, struct target_pt_regs * regs, 1781 struct image_info * info) 1782 { 1783 struct image_info interp_info; 1784 struct elfhdr elf_ex; 1785 char *elf_interpreter = NULL; 1786 1787 info->start_mmap = (abi_ulong)ELF_START_MMAP; 1788 info->mmap = 0; 1789 info->rss = 0; 1790 1791 load_elf_image(bprm->filename, bprm->fd, info, 1792 &elf_interpreter, bprm->buf); 1793 1794 /* ??? We need a copy of the elf header for passing to create_elf_tables. 1795 If we do nothing, we'll have overwritten this when we re-use bprm->buf 1796 when we load the interpreter. */ 1797 elf_ex = *(struct elfhdr *)bprm->buf; 1798 1799 bprm->p = copy_elf_strings(1, &bprm->filename, bprm->page, bprm->p); 1800 bprm->p = copy_elf_strings(bprm->envc,bprm->envp,bprm->page,bprm->p); 1801 bprm->p = copy_elf_strings(bprm->argc,bprm->argv,bprm->page,bprm->p); 1802 if (!bprm->p) { 1803 fprintf(stderr, "%s: %s\n", bprm->filename, strerror(E2BIG)); 1804 exit(-1); 1805 } 1806 1807 /* Do this so that we can load the interpreter, if need be. We will 1808 change some of these later */ 1809 bprm->p = setup_arg_pages(bprm->p, bprm, info); 1810 1811 if (elf_interpreter) { 1812 load_elf_interp(elf_interpreter, &interp_info, bprm->buf); 1813 1814 /* If the program interpreter is one of these two, then assume 1815 an iBCS2 image. Otherwise assume a native linux image. */ 1816 1817 if (strcmp(elf_interpreter, "/usr/lib/libc.so.1") == 0 1818 || strcmp(elf_interpreter, "/usr/lib/ld.so.1") == 0) { 1819 info->personality = PER_SVR4; 1820 1821 /* Why this, you ask??? Well SVr4 maps page 0 as read-only, 1822 and some applications "depend" upon this behavior. Since 1823 we do not have the power to recompile these, we emulate 1824 the SVr4 behavior. Sigh. */ 1825 target_mmap(0, qemu_host_page_size, PROT_READ | PROT_EXEC, 1826 MAP_FIXED | MAP_PRIVATE, -1, 0); 1827 } 1828 } 1829 1830 bprm->p = create_elf_tables(bprm->p, bprm->argc, bprm->envc, &elf_ex, 1831 info, (elf_interpreter ? &interp_info : NULL)); 1832 info->start_stack = bprm->p; 1833 1834 /* If we have an interpreter, set that as the program's entry point. 1835 Copy the load_addr as well, to help PPC64 interpret the entry 1836 point as a function descriptor. Do this after creating elf tables 1837 so that we copy the original program entry point into the AUXV. */ 1838 if (elf_interpreter) { 1839 info->load_addr = interp_info.load_addr; 1840 info->entry = interp_info.entry; 1841 free(elf_interpreter); 1842 } 1843 1844 #ifdef USE_ELF_CORE_DUMP 1845 bprm->core_dump = &elf_core_dump; 1846 #endif 1847 1848 return 0; 1849 } 1850 1851 #ifdef USE_ELF_CORE_DUMP 1852 /* 1853 * Definitions to generate Intel SVR4-like core files. 1854 * These mostly have the same names as the SVR4 types with "target_elf_" 1855 * tacked on the front to prevent clashes with linux definitions, 1856 * and the typedef forms have been avoided. This is mostly like 1857 * the SVR4 structure, but more Linuxy, with things that Linux does 1858 * not support and which gdb doesn't really use excluded. 1859 * 1860 * Fields we don't dump (their contents is zero) in linux-user qemu 1861 * are marked with XXX. 1862 * 1863 * Core dump code is copied from linux kernel (fs/binfmt_elf.c). 1864 * 1865 * Porting ELF coredump for target is (quite) simple process. First you 1866 * define USE_ELF_CORE_DUMP in target ELF code (where init_thread() for 1867 * the target resides): 1868 * 1869 * #define USE_ELF_CORE_DUMP 1870 * 1871 * Next you define type of register set used for dumping. ELF specification 1872 * says that it needs to be array of elf_greg_t that has size of ELF_NREG. 1873 * 1874 * typedef <target_regtype> target_elf_greg_t; 1875 * #define ELF_NREG <number of registers> 1876 * typedef taret_elf_greg_t target_elf_gregset_t[ELF_NREG]; 1877 * 1878 * Last step is to implement target specific function that copies registers 1879 * from given cpu into just specified register set. Prototype is: 1880 * 1881 * static void elf_core_copy_regs(taret_elf_gregset_t *regs, 1882 * const CPUState *env); 1883 * 1884 * Parameters: 1885 * regs - copy register values into here (allocated and zeroed by caller) 1886 * env - copy registers from here 1887 * 1888 * Example for ARM target is provided in this file. 1889 */ 1890 1891 /* An ELF note in memory */ 1892 struct memelfnote { 1893 const char *name; 1894 size_t namesz; 1895 size_t namesz_rounded; 1896 int type; 1897 size_t datasz; 1898 size_t datasz_rounded; 1899 void *data; 1900 size_t notesz; 1901 }; 1902 1903 struct target_elf_siginfo { 1904 target_int si_signo; /* signal number */ 1905 target_int si_code; /* extra code */ 1906 target_int si_errno; /* errno */ 1907 }; 1908 1909 struct target_elf_prstatus { 1910 struct target_elf_siginfo pr_info; /* Info associated with signal */ 1911 target_short pr_cursig; /* Current signal */ 1912 target_ulong pr_sigpend; /* XXX */ 1913 target_ulong pr_sighold; /* XXX */ 1914 target_pid_t pr_pid; 1915 target_pid_t pr_ppid; 1916 target_pid_t pr_pgrp; 1917 target_pid_t pr_sid; 1918 struct target_timeval pr_utime; /* XXX User time */ 1919 struct target_timeval pr_stime; /* XXX System time */ 1920 struct target_timeval pr_cutime; /* XXX Cumulative user time */ 1921 struct target_timeval pr_cstime; /* XXX Cumulative system time */ 1922 target_elf_gregset_t pr_reg; /* GP registers */ 1923 target_int pr_fpvalid; /* XXX */ 1924 }; 1925 1926 #define ELF_PRARGSZ (80) /* Number of chars for args */ 1927 1928 struct target_elf_prpsinfo { 1929 char pr_state; /* numeric process state */ 1930 char pr_sname; /* char for pr_state */ 1931 char pr_zomb; /* zombie */ 1932 char pr_nice; /* nice val */ 1933 target_ulong pr_flag; /* flags */ 1934 target_uid_t pr_uid; 1935 target_gid_t pr_gid; 1936 target_pid_t pr_pid, pr_ppid, pr_pgrp, pr_sid; 1937 /* Lots missing */ 1938 char pr_fname[16]; /* filename of executable */ 1939 char pr_psargs[ELF_PRARGSZ]; /* initial part of arg list */ 1940 }; 1941 1942 /* Here is the structure in which status of each thread is captured. */ 1943 struct elf_thread_status { 1944 QTAILQ_ENTRY(elf_thread_status) ets_link; 1945 struct target_elf_prstatus prstatus; /* NT_PRSTATUS */ 1946 #if 0 1947 elf_fpregset_t fpu; /* NT_PRFPREG */ 1948 struct task_struct *thread; 1949 elf_fpxregset_t xfpu; /* ELF_CORE_XFPREG_TYPE */ 1950 #endif 1951 struct memelfnote notes[1]; 1952 int num_notes; 1953 }; 1954 1955 struct elf_note_info { 1956 struct memelfnote *notes; 1957 struct target_elf_prstatus *prstatus; /* NT_PRSTATUS */ 1958 struct target_elf_prpsinfo *psinfo; /* NT_PRPSINFO */ 1959 1960 QTAILQ_HEAD(thread_list_head, elf_thread_status) thread_list; 1961 #if 0 1962 /* 1963 * Current version of ELF coredump doesn't support 1964 * dumping fp regs etc. 1965 */ 1966 elf_fpregset_t *fpu; 1967 elf_fpxregset_t *xfpu; 1968 int thread_status_size; 1969 #endif 1970 int notes_size; 1971 int numnote; 1972 }; 1973 1974 struct vm_area_struct { 1975 abi_ulong vma_start; /* start vaddr of memory region */ 1976 abi_ulong vma_end; /* end vaddr of memory region */ 1977 abi_ulong vma_flags; /* protection etc. flags for the region */ 1978 QTAILQ_ENTRY(vm_area_struct) vma_link; 1979 }; 1980 1981 struct mm_struct { 1982 QTAILQ_HEAD(, vm_area_struct) mm_mmap; 1983 int mm_count; /* number of mappings */ 1984 }; 1985 1986 static struct mm_struct *vma_init(void); 1987 static void vma_delete(struct mm_struct *); 1988 static int vma_add_mapping(struct mm_struct *, abi_ulong, 1989 abi_ulong, abi_ulong); 1990 static int vma_get_mapping_count(const struct mm_struct *); 1991 static struct vm_area_struct *vma_first(const struct mm_struct *); 1992 static struct vm_area_struct *vma_next(struct vm_area_struct *); 1993 static abi_ulong vma_dump_size(const struct vm_area_struct *); 1994 static int vma_walker(void *priv, abi_ulong start, abi_ulong end, 1995 unsigned long flags); 1996 1997 static void fill_elf_header(struct elfhdr *, int, uint16_t, uint32_t); 1998 static void fill_note(struct memelfnote *, const char *, int, 1999 unsigned int, void *); 2000 static void fill_prstatus(struct target_elf_prstatus *, const TaskState *, int); 2001 static int fill_psinfo(struct target_elf_prpsinfo *, const TaskState *); 2002 static void fill_auxv_note(struct memelfnote *, const TaskState *); 2003 static void fill_elf_note_phdr(struct elf_phdr *, int, off_t); 2004 static size_t note_size(const struct memelfnote *); 2005 static void free_note_info(struct elf_note_info *); 2006 static int fill_note_info(struct elf_note_info *, long, const CPUState *); 2007 static void fill_thread_info(struct elf_note_info *, const CPUState *); 2008 static int core_dump_filename(const TaskState *, char *, size_t); 2009 2010 static int dump_write(int, const void *, size_t); 2011 static int write_note(struct memelfnote *, int); 2012 static int write_note_info(struct elf_note_info *, int); 2013 2014 #ifdef BSWAP_NEEDED 2015 static void bswap_prstatus(struct target_elf_prstatus *prstatus) 2016 { 2017 prstatus->pr_info.si_signo = tswapl(prstatus->pr_info.si_signo); 2018 prstatus->pr_info.si_code = tswapl(prstatus->pr_info.si_code); 2019 prstatus->pr_info.si_errno = tswapl(prstatus->pr_info.si_errno); 2020 prstatus->pr_cursig = tswap16(prstatus->pr_cursig); 2021 prstatus->pr_sigpend = tswapl(prstatus->pr_sigpend); 2022 prstatus->pr_sighold = tswapl(prstatus->pr_sighold); 2023 prstatus->pr_pid = tswap32(prstatus->pr_pid); 2024 prstatus->pr_ppid = tswap32(prstatus->pr_ppid); 2025 prstatus->pr_pgrp = tswap32(prstatus->pr_pgrp); 2026 prstatus->pr_sid = tswap32(prstatus->pr_sid); 2027 /* cpu times are not filled, so we skip them */ 2028 /* regs should be in correct format already */ 2029 prstatus->pr_fpvalid = tswap32(prstatus->pr_fpvalid); 2030 } 2031 2032 static void bswap_psinfo(struct target_elf_prpsinfo *psinfo) 2033 { 2034 psinfo->pr_flag = tswapl(psinfo->pr_flag); 2035 psinfo->pr_uid = tswap16(psinfo->pr_uid); 2036 psinfo->pr_gid = tswap16(psinfo->pr_gid); 2037 psinfo->pr_pid = tswap32(psinfo->pr_pid); 2038 psinfo->pr_ppid = tswap32(psinfo->pr_ppid); 2039 psinfo->pr_pgrp = tswap32(psinfo->pr_pgrp); 2040 psinfo->pr_sid = tswap32(psinfo->pr_sid); 2041 } 2042 2043 static void bswap_note(struct elf_note *en) 2044 { 2045 bswap32s(&en->n_namesz); 2046 bswap32s(&en->n_descsz); 2047 bswap32s(&en->n_type); 2048 } 2049 #else 2050 static inline void bswap_prstatus(struct target_elf_prstatus *p) { } 2051 static inline void bswap_psinfo(struct target_elf_prpsinfo *p) {} 2052 static inline void bswap_note(struct elf_note *en) { } 2053 #endif /* BSWAP_NEEDED */ 2054 2055 /* 2056 * Minimal support for linux memory regions. These are needed 2057 * when we are finding out what memory exactly belongs to 2058 * emulated process. No locks needed here, as long as 2059 * thread that received the signal is stopped. 2060 */ 2061 2062 static struct mm_struct *vma_init(void) 2063 { 2064 struct mm_struct *mm; 2065 2066 if ((mm = qemu_malloc(sizeof (*mm))) == NULL) 2067 return (NULL); 2068 2069 mm->mm_count = 0; 2070 QTAILQ_INIT(&mm->mm_mmap); 2071 2072 return (mm); 2073 } 2074 2075 static void vma_delete(struct mm_struct *mm) 2076 { 2077 struct vm_area_struct *vma; 2078 2079 while ((vma = vma_first(mm)) != NULL) { 2080 QTAILQ_REMOVE(&mm->mm_mmap, vma, vma_link); 2081 qemu_free(vma); 2082 } 2083 qemu_free(mm); 2084 } 2085 2086 static int vma_add_mapping(struct mm_struct *mm, abi_ulong start, 2087 abi_ulong end, abi_ulong flags) 2088 { 2089 struct vm_area_struct *vma; 2090 2091 if ((vma = qemu_mallocz(sizeof (*vma))) == NULL) 2092 return (-1); 2093 2094 vma->vma_start = start; 2095 vma->vma_end = end; 2096 vma->vma_flags = flags; 2097 2098 QTAILQ_INSERT_TAIL(&mm->mm_mmap, vma, vma_link); 2099 mm->mm_count++; 2100 2101 return (0); 2102 } 2103 2104 static struct vm_area_struct *vma_first(const struct mm_struct *mm) 2105 { 2106 return (QTAILQ_FIRST(&mm->mm_mmap)); 2107 } 2108 2109 static struct vm_area_struct *vma_next(struct vm_area_struct *vma) 2110 { 2111 return (QTAILQ_NEXT(vma, vma_link)); 2112 } 2113 2114 static int vma_get_mapping_count(const struct mm_struct *mm) 2115 { 2116 return (mm->mm_count); 2117 } 2118 2119 /* 2120 * Calculate file (dump) size of given memory region. 2121 */ 2122 static abi_ulong vma_dump_size(const struct vm_area_struct *vma) 2123 { 2124 /* if we cannot even read the first page, skip it */ 2125 if (!access_ok(VERIFY_READ, vma->vma_start, TARGET_PAGE_SIZE)) 2126 return (0); 2127 2128 /* 2129 * Usually we don't dump executable pages as they contain 2130 * non-writable code that debugger can read directly from 2131 * target library etc. However, thread stacks are marked 2132 * also executable so we read in first page of given region 2133 * and check whether it contains elf header. If there is 2134 * no elf header, we dump it. 2135 */ 2136 if (vma->vma_flags & PROT_EXEC) { 2137 char page[TARGET_PAGE_SIZE]; 2138 2139 copy_from_user(page, vma->vma_start, sizeof (page)); 2140 if ((page[EI_MAG0] == ELFMAG0) && 2141 (page[EI_MAG1] == ELFMAG1) && 2142 (page[EI_MAG2] == ELFMAG2) && 2143 (page[EI_MAG3] == ELFMAG3)) { 2144 /* 2145 * Mappings are possibly from ELF binary. Don't dump 2146 * them. 2147 */ 2148 return (0); 2149 } 2150 } 2151 2152 return (vma->vma_end - vma->vma_start); 2153 } 2154 2155 static int vma_walker(void *priv, abi_ulong start, abi_ulong end, 2156 unsigned long flags) 2157 { 2158 struct mm_struct *mm = (struct mm_struct *)priv; 2159 2160 vma_add_mapping(mm, start, end, flags); 2161 return (0); 2162 } 2163 2164 static void fill_note(struct memelfnote *note, const char *name, int type, 2165 unsigned int sz, void *data) 2166 { 2167 unsigned int namesz; 2168 2169 namesz = strlen(name) + 1; 2170 note->name = name; 2171 note->namesz = namesz; 2172 note->namesz_rounded = roundup(namesz, sizeof (int32_t)); 2173 note->type = type; 2174 note->datasz = sz; 2175 note->datasz_rounded = roundup(sz, sizeof (int32_t)); 2176 2177 note->data = data; 2178 2179 /* 2180 * We calculate rounded up note size here as specified by 2181 * ELF document. 2182 */ 2183 note->notesz = sizeof (struct elf_note) + 2184 note->namesz_rounded + note->datasz_rounded; 2185 } 2186 2187 static void fill_elf_header(struct elfhdr *elf, int segs, uint16_t machine, 2188 uint32_t flags) 2189 { 2190 (void) memset(elf, 0, sizeof(*elf)); 2191 2192 (void) memcpy(elf->e_ident, ELFMAG, SELFMAG); 2193 elf->e_ident[EI_CLASS] = ELF_CLASS; 2194 elf->e_ident[EI_DATA] = ELF_DATA; 2195 elf->e_ident[EI_VERSION] = EV_CURRENT; 2196 elf->e_ident[EI_OSABI] = ELF_OSABI; 2197 2198 elf->e_type = ET_CORE; 2199 elf->e_machine = machine; 2200 elf->e_version = EV_CURRENT; 2201 elf->e_phoff = sizeof(struct elfhdr); 2202 elf->e_flags = flags; 2203 elf->e_ehsize = sizeof(struct elfhdr); 2204 elf->e_phentsize = sizeof(struct elf_phdr); 2205 elf->e_phnum = segs; 2206 2207 bswap_ehdr(elf); 2208 } 2209 2210 static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, off_t offset) 2211 { 2212 phdr->p_type = PT_NOTE; 2213 phdr->p_offset = offset; 2214 phdr->p_vaddr = 0; 2215 phdr->p_paddr = 0; 2216 phdr->p_filesz = sz; 2217 phdr->p_memsz = 0; 2218 phdr->p_flags = 0; 2219 phdr->p_align = 0; 2220 2221 bswap_phdr(phdr, 1); 2222 } 2223 2224 static size_t note_size(const struct memelfnote *note) 2225 { 2226 return (note->notesz); 2227 } 2228 2229 static void fill_prstatus(struct target_elf_prstatus *prstatus, 2230 const TaskState *ts, int signr) 2231 { 2232 (void) memset(prstatus, 0, sizeof (*prstatus)); 2233 prstatus->pr_info.si_signo = prstatus->pr_cursig = signr; 2234 prstatus->pr_pid = ts->ts_tid; 2235 prstatus->pr_ppid = getppid(); 2236 prstatus->pr_pgrp = getpgrp(); 2237 prstatus->pr_sid = getsid(0); 2238 2239 bswap_prstatus(prstatus); 2240 } 2241 2242 static int fill_psinfo(struct target_elf_prpsinfo *psinfo, const TaskState *ts) 2243 { 2244 char *filename, *base_filename; 2245 unsigned int i, len; 2246 2247 (void) memset(psinfo, 0, sizeof (*psinfo)); 2248 2249 len = ts->info->arg_end - ts->info->arg_start; 2250 if (len >= ELF_PRARGSZ) 2251 len = ELF_PRARGSZ - 1; 2252 if (copy_from_user(&psinfo->pr_psargs, ts->info->arg_start, len)) 2253 return -EFAULT; 2254 for (i = 0; i < len; i++) 2255 if (psinfo->pr_psargs[i] == 0) 2256 psinfo->pr_psargs[i] = ' '; 2257 psinfo->pr_psargs[len] = 0; 2258 2259 psinfo->pr_pid = getpid(); 2260 psinfo->pr_ppid = getppid(); 2261 psinfo->pr_pgrp = getpgrp(); 2262 psinfo->pr_sid = getsid(0); 2263 psinfo->pr_uid = getuid(); 2264 psinfo->pr_gid = getgid(); 2265 2266 filename = strdup(ts->bprm->filename); 2267 base_filename = strdup(basename(filename)); 2268 (void) strncpy(psinfo->pr_fname, base_filename, 2269 sizeof(psinfo->pr_fname)); 2270 free(base_filename); 2271 free(filename); 2272 2273 bswap_psinfo(psinfo); 2274 return (0); 2275 } 2276 2277 static void fill_auxv_note(struct memelfnote *note, const TaskState *ts) 2278 { 2279 elf_addr_t auxv = (elf_addr_t)ts->info->saved_auxv; 2280 elf_addr_t orig_auxv = auxv; 2281 abi_ulong val; 2282 void *ptr; 2283 int i, len; 2284 2285 /* 2286 * Auxiliary vector is stored in target process stack. It contains 2287 * {type, value} pairs that we need to dump into note. This is not 2288 * strictly necessary but we do it here for sake of completeness. 2289 */ 2290 2291 /* find out lenght of the vector, AT_NULL is terminator */ 2292 i = len = 0; 2293 do { 2294 get_user_ual(val, auxv); 2295 i += 2; 2296 auxv += 2 * sizeof (elf_addr_t); 2297 } while (val != AT_NULL); 2298 len = i * sizeof (elf_addr_t); 2299 2300 /* read in whole auxv vector and copy it to memelfnote */ 2301 ptr = lock_user(VERIFY_READ, orig_auxv, len, 0); 2302 if (ptr != NULL) { 2303 fill_note(note, "CORE", NT_AUXV, len, ptr); 2304 unlock_user(ptr, auxv, len); 2305 } 2306 } 2307 2308 /* 2309 * Constructs name of coredump file. We have following convention 2310 * for the name: 2311 * qemu_<basename-of-target-binary>_<date>-<time>_<pid>.core 2312 * 2313 * Returns 0 in case of success, -1 otherwise (errno is set). 2314 */ 2315 static int core_dump_filename(const TaskState *ts, char *buf, 2316 size_t bufsize) 2317 { 2318 char timestamp[64]; 2319 char *filename = NULL; 2320 char *base_filename = NULL; 2321 struct timeval tv; 2322 struct tm tm; 2323 2324 assert(bufsize >= PATH_MAX); 2325 2326 if (gettimeofday(&tv, NULL) < 0) { 2327 (void) fprintf(stderr, "unable to get current timestamp: %s", 2328 strerror(errno)); 2329 return (-1); 2330 } 2331 2332 filename = strdup(ts->bprm->filename); 2333 base_filename = strdup(basename(filename)); 2334 (void) strftime(timestamp, sizeof (timestamp), "%Y%m%d-%H%M%S", 2335 localtime_r(&tv.tv_sec, &tm)); 2336 (void) snprintf(buf, bufsize, "qemu_%s_%s_%d.core", 2337 base_filename, timestamp, (int)getpid()); 2338 free(base_filename); 2339 free(filename); 2340 2341 return (0); 2342 } 2343 2344 static int dump_write(int fd, const void *ptr, size_t size) 2345 { 2346 const char *bufp = (const char *)ptr; 2347 ssize_t bytes_written, bytes_left; 2348 struct rlimit dumpsize; 2349 off_t pos; 2350 2351 bytes_written = 0; 2352 getrlimit(RLIMIT_CORE, &dumpsize); 2353 if ((pos = lseek(fd, 0, SEEK_CUR))==-1) { 2354 if (errno == ESPIPE) { /* not a seekable stream */ 2355 bytes_left = size; 2356 } else { 2357 return pos; 2358 } 2359 } else { 2360 if (dumpsize.rlim_cur <= pos) { 2361 return -1; 2362 } else if (dumpsize.rlim_cur == RLIM_INFINITY) { 2363 bytes_left = size; 2364 } else { 2365 size_t limit_left=dumpsize.rlim_cur - pos; 2366 bytes_left = limit_left >= size ? size : limit_left ; 2367 } 2368 } 2369 2370 /* 2371 * In normal conditions, single write(2) should do but 2372 * in case of socket etc. this mechanism is more portable. 2373 */ 2374 do { 2375 bytes_written = write(fd, bufp, bytes_left); 2376 if (bytes_written < 0) { 2377 if (errno == EINTR) 2378 continue; 2379 return (-1); 2380 } else if (bytes_written == 0) { /* eof */ 2381 return (-1); 2382 } 2383 bufp += bytes_written; 2384 bytes_left -= bytes_written; 2385 } while (bytes_left > 0); 2386 2387 return (0); 2388 } 2389 2390 static int write_note(struct memelfnote *men, int fd) 2391 { 2392 struct elf_note en; 2393 2394 en.n_namesz = men->namesz; 2395 en.n_type = men->type; 2396 en.n_descsz = men->datasz; 2397 2398 bswap_note(&en); 2399 2400 if (dump_write(fd, &en, sizeof(en)) != 0) 2401 return (-1); 2402 if (dump_write(fd, men->name, men->namesz_rounded) != 0) 2403 return (-1); 2404 if (dump_write(fd, men->data, men->datasz_rounded) != 0) 2405 return (-1); 2406 2407 return (0); 2408 } 2409 2410 static void fill_thread_info(struct elf_note_info *info, const CPUState *env) 2411 { 2412 TaskState *ts = (TaskState *)env->opaque; 2413 struct elf_thread_status *ets; 2414 2415 ets = qemu_mallocz(sizeof (*ets)); 2416 ets->num_notes = 1; /* only prstatus is dumped */ 2417 fill_prstatus(&ets->prstatus, ts, 0); 2418 elf_core_copy_regs(&ets->prstatus.pr_reg, env); 2419 fill_note(&ets->notes[0], "CORE", NT_PRSTATUS, sizeof (ets->prstatus), 2420 &ets->prstatus); 2421 2422 QTAILQ_INSERT_TAIL(&info->thread_list, ets, ets_link); 2423 2424 info->notes_size += note_size(&ets->notes[0]); 2425 } 2426 2427 static int fill_note_info(struct elf_note_info *info, 2428 long signr, const CPUState *env) 2429 { 2430 #define NUMNOTES 3 2431 CPUState *cpu = NULL; 2432 TaskState *ts = (TaskState *)env->opaque; 2433 int i; 2434 2435 (void) memset(info, 0, sizeof (*info)); 2436 2437 QTAILQ_INIT(&info->thread_list); 2438 2439 info->notes = qemu_mallocz(NUMNOTES * sizeof (struct memelfnote)); 2440 if (info->notes == NULL) 2441 return (-ENOMEM); 2442 info->prstatus = qemu_mallocz(sizeof (*info->prstatus)); 2443 if (info->prstatus == NULL) 2444 return (-ENOMEM); 2445 info->psinfo = qemu_mallocz(sizeof (*info->psinfo)); 2446 if (info->prstatus == NULL) 2447 return (-ENOMEM); 2448 2449 /* 2450 * First fill in status (and registers) of current thread 2451 * including process info & aux vector. 2452 */ 2453 fill_prstatus(info->prstatus, ts, signr); 2454 elf_core_copy_regs(&info->prstatus->pr_reg, env); 2455 fill_note(&info->notes[0], "CORE", NT_PRSTATUS, 2456 sizeof (*info->prstatus), info->prstatus); 2457 fill_psinfo(info->psinfo, ts); 2458 fill_note(&info->notes[1], "CORE", NT_PRPSINFO, 2459 sizeof (*info->psinfo), info->psinfo); 2460 fill_auxv_note(&info->notes[2], ts); 2461 info->numnote = 3; 2462 2463 info->notes_size = 0; 2464 for (i = 0; i < info->numnote; i++) 2465 info->notes_size += note_size(&info->notes[i]); 2466 2467 /* read and fill status of all threads */ 2468 cpu_list_lock(); 2469 for (cpu = first_cpu; cpu != NULL; cpu = cpu->next_cpu) { 2470 if (cpu == thread_env) 2471 continue; 2472 fill_thread_info(info, cpu); 2473 } 2474 cpu_list_unlock(); 2475 2476 return (0); 2477 } 2478 2479 static void free_note_info(struct elf_note_info *info) 2480 { 2481 struct elf_thread_status *ets; 2482 2483 while (!QTAILQ_EMPTY(&info->thread_list)) { 2484 ets = QTAILQ_FIRST(&info->thread_list); 2485 QTAILQ_REMOVE(&info->thread_list, ets, ets_link); 2486 qemu_free(ets); 2487 } 2488 2489 qemu_free(info->prstatus); 2490 qemu_free(info->psinfo); 2491 qemu_free(info->notes); 2492 } 2493 2494 static int write_note_info(struct elf_note_info *info, int fd) 2495 { 2496 struct elf_thread_status *ets; 2497 int i, error = 0; 2498 2499 /* write prstatus, psinfo and auxv for current thread */ 2500 for (i = 0; i < info->numnote; i++) 2501 if ((error = write_note(&info->notes[i], fd)) != 0) 2502 return (error); 2503 2504 /* write prstatus for each thread */ 2505 for (ets = info->thread_list.tqh_first; ets != NULL; 2506 ets = ets->ets_link.tqe_next) { 2507 if ((error = write_note(&ets->notes[0], fd)) != 0) 2508 return (error); 2509 } 2510 2511 return (0); 2512 } 2513 2514 /* 2515 * Write out ELF coredump. 2516 * 2517 * See documentation of ELF object file format in: 2518 * http://www.caldera.com/developers/devspecs/gabi41.pdf 2519 * 2520 * Coredump format in linux is following: 2521 * 2522 * 0 +----------------------+ \ 2523 * | ELF header | ET_CORE | 2524 * +----------------------+ | 2525 * | ELF program headers | |--- headers 2526 * | - NOTE section | | 2527 * | - PT_LOAD sections | | 2528 * +----------------------+ / 2529 * | NOTEs: | 2530 * | - NT_PRSTATUS | 2531 * | - NT_PRSINFO | 2532 * | - NT_AUXV | 2533 * +----------------------+ <-- aligned to target page 2534 * | Process memory dump | 2535 * : : 2536 * . . 2537 * : : 2538 * | | 2539 * +----------------------+ 2540 * 2541 * NT_PRSTATUS -> struct elf_prstatus (per thread) 2542 * NT_PRSINFO -> struct elf_prpsinfo 2543 * NT_AUXV is array of { type, value } pairs (see fill_auxv_note()). 2544 * 2545 * Format follows System V format as close as possible. Current 2546 * version limitations are as follows: 2547 * - no floating point registers are dumped 2548 * 2549 * Function returns 0 in case of success, negative errno otherwise. 2550 * 2551 * TODO: make this work also during runtime: it should be 2552 * possible to force coredump from running process and then 2553 * continue processing. For example qemu could set up SIGUSR2 2554 * handler (provided that target process haven't registered 2555 * handler for that) that does the dump when signal is received. 2556 */ 2557 static int elf_core_dump(int signr, const CPUState *env) 2558 { 2559 const TaskState *ts = (const TaskState *)env->opaque; 2560 struct vm_area_struct *vma = NULL; 2561 char corefile[PATH_MAX]; 2562 struct elf_note_info info; 2563 struct elfhdr elf; 2564 struct elf_phdr phdr; 2565 struct rlimit dumpsize; 2566 struct mm_struct *mm = NULL; 2567 off_t offset = 0, data_offset = 0; 2568 int segs = 0; 2569 int fd = -1; 2570 2571 errno = 0; 2572 getrlimit(RLIMIT_CORE, &dumpsize); 2573 if (dumpsize.rlim_cur == 0) 2574 return 0; 2575 2576 if (core_dump_filename(ts, corefile, sizeof (corefile)) < 0) 2577 return (-errno); 2578 2579 if ((fd = open(corefile, O_WRONLY | O_CREAT, 2580 S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)) < 0) 2581 return (-errno); 2582 2583 /* 2584 * Walk through target process memory mappings and 2585 * set up structure containing this information. After 2586 * this point vma_xxx functions can be used. 2587 */ 2588 if ((mm = vma_init()) == NULL) 2589 goto out; 2590 2591 walk_memory_regions(mm, vma_walker); 2592 segs = vma_get_mapping_count(mm); 2593 2594 /* 2595 * Construct valid coredump ELF header. We also 2596 * add one more segment for notes. 2597 */ 2598 fill_elf_header(&elf, segs + 1, ELF_MACHINE, 0); 2599 if (dump_write(fd, &elf, sizeof (elf)) != 0) 2600 goto out; 2601 2602 /* fill in in-memory version of notes */ 2603 if (fill_note_info(&info, signr, env) < 0) 2604 goto out; 2605 2606 offset += sizeof (elf); /* elf header */ 2607 offset += (segs + 1) * sizeof (struct elf_phdr); /* program headers */ 2608 2609 /* write out notes program header */ 2610 fill_elf_note_phdr(&phdr, info.notes_size, offset); 2611 2612 offset += info.notes_size; 2613 if (dump_write(fd, &phdr, sizeof (phdr)) != 0) 2614 goto out; 2615 2616 /* 2617 * ELF specification wants data to start at page boundary so 2618 * we align it here. 2619 */ 2620 data_offset = offset = roundup(offset, ELF_EXEC_PAGESIZE); 2621 2622 /* 2623 * Write program headers for memory regions mapped in 2624 * the target process. 2625 */ 2626 for (vma = vma_first(mm); vma != NULL; vma = vma_next(vma)) { 2627 (void) memset(&phdr, 0, sizeof (phdr)); 2628 2629 phdr.p_type = PT_LOAD; 2630 phdr.p_offset = offset; 2631 phdr.p_vaddr = vma->vma_start; 2632 phdr.p_paddr = 0; 2633 phdr.p_filesz = vma_dump_size(vma); 2634 offset += phdr.p_filesz; 2635 phdr.p_memsz = vma->vma_end - vma->vma_start; 2636 phdr.p_flags = vma->vma_flags & PROT_READ ? PF_R : 0; 2637 if (vma->vma_flags & PROT_WRITE) 2638 phdr.p_flags |= PF_W; 2639 if (vma->vma_flags & PROT_EXEC) 2640 phdr.p_flags |= PF_X; 2641 phdr.p_align = ELF_EXEC_PAGESIZE; 2642 2643 bswap_phdr(&phdr, 1); 2644 dump_write(fd, &phdr, sizeof (phdr)); 2645 } 2646 2647 /* 2648 * Next we write notes just after program headers. No 2649 * alignment needed here. 2650 */ 2651 if (write_note_info(&info, fd) < 0) 2652 goto out; 2653 2654 /* align data to page boundary */ 2655 if (lseek(fd, data_offset, SEEK_SET) != data_offset) 2656 goto out; 2657 2658 /* 2659 * Finally we can dump process memory into corefile as well. 2660 */ 2661 for (vma = vma_first(mm); vma != NULL; vma = vma_next(vma)) { 2662 abi_ulong addr; 2663 abi_ulong end; 2664 2665 end = vma->vma_start + vma_dump_size(vma); 2666 2667 for (addr = vma->vma_start; addr < end; 2668 addr += TARGET_PAGE_SIZE) { 2669 char page[TARGET_PAGE_SIZE]; 2670 int error; 2671 2672 /* 2673 * Read in page from target process memory and 2674 * write it to coredump file. 2675 */ 2676 error = copy_from_user(page, addr, sizeof (page)); 2677 if (error != 0) { 2678 (void) fprintf(stderr, "unable to dump " TARGET_ABI_FMT_lx "\n", 2679 addr); 2680 errno = -error; 2681 goto out; 2682 } 2683 if (dump_write(fd, page, TARGET_PAGE_SIZE) < 0) 2684 goto out; 2685 } 2686 } 2687 2688 out: 2689 free_note_info(&info); 2690 if (mm != NULL) 2691 vma_delete(mm); 2692 (void) close(fd); 2693 2694 if (errno != 0) 2695 return (-errno); 2696 return (0); 2697 } 2698 #endif /* USE_ELF_CORE_DUMP */ 2699 2700 void do_init_thread(struct target_pt_regs *regs, struct image_info *infop) 2701 { 2702 init_thread(regs, infop); 2703 } 2704