1 /* This is the Linux kernel elf-loading code, ported into user space */ 2 #include "qemu/osdep.h" 3 #include <sys/param.h> 4 5 #include <sys/resource.h> 6 7 #include "qemu.h" 8 #include "disas/disas.h" 9 #include "qemu/path.h" 10 11 #ifdef _ARCH_PPC64 12 #undef ARCH_DLINFO 13 #undef ELF_PLATFORM 14 #undef ELF_HWCAP 15 #undef ELF_HWCAP2 16 #undef ELF_CLASS 17 #undef ELF_DATA 18 #undef ELF_ARCH 19 #endif 20 21 #define ELF_OSABI ELFOSABI_SYSV 22 23 /* from personality.h */ 24 25 /* 26 * Flags for bug emulation. 27 * 28 * These occupy the top three bytes. 29 */ 30 enum { 31 ADDR_NO_RANDOMIZE = 0x0040000, /* disable randomization of VA space */ 32 FDPIC_FUNCPTRS = 0x0080000, /* userspace function ptrs point to 33 descriptors (signal handling) */ 34 MMAP_PAGE_ZERO = 0x0100000, 35 ADDR_COMPAT_LAYOUT = 0x0200000, 36 READ_IMPLIES_EXEC = 0x0400000, 37 ADDR_LIMIT_32BIT = 0x0800000, 38 SHORT_INODE = 0x1000000, 39 WHOLE_SECONDS = 0x2000000, 40 STICKY_TIMEOUTS = 0x4000000, 41 ADDR_LIMIT_3GB = 0x8000000, 42 }; 43 44 /* 45 * Personality types. 46 * 47 * These go in the low byte. Avoid using the top bit, it will 48 * conflict with error returns. 49 */ 50 enum { 51 PER_LINUX = 0x0000, 52 PER_LINUX_32BIT = 0x0000 | ADDR_LIMIT_32BIT, 53 PER_LINUX_FDPIC = 0x0000 | FDPIC_FUNCPTRS, 54 PER_SVR4 = 0x0001 | STICKY_TIMEOUTS | MMAP_PAGE_ZERO, 55 PER_SVR3 = 0x0002 | STICKY_TIMEOUTS | SHORT_INODE, 56 PER_SCOSVR3 = 0x0003 | STICKY_TIMEOUTS | WHOLE_SECONDS | SHORT_INODE, 57 PER_OSR5 = 0x0003 | STICKY_TIMEOUTS | WHOLE_SECONDS, 58 PER_WYSEV386 = 0x0004 | STICKY_TIMEOUTS | SHORT_INODE, 59 PER_ISCR4 = 0x0005 | STICKY_TIMEOUTS, 60 PER_BSD = 0x0006, 61 PER_SUNOS = 0x0006 | STICKY_TIMEOUTS, 62 PER_XENIX = 0x0007 | STICKY_TIMEOUTS | SHORT_INODE, 63 PER_LINUX32 = 0x0008, 64 PER_LINUX32_3GB = 0x0008 | ADDR_LIMIT_3GB, 65 PER_IRIX32 = 0x0009 | STICKY_TIMEOUTS,/* IRIX5 32-bit */ 66 PER_IRIXN32 = 0x000a | STICKY_TIMEOUTS,/* IRIX6 new 32-bit */ 67 PER_IRIX64 = 0x000b | STICKY_TIMEOUTS,/* IRIX6 64-bit */ 68 PER_RISCOS = 0x000c, 69 PER_SOLARIS = 0x000d | STICKY_TIMEOUTS, 70 PER_UW7 = 0x000e | STICKY_TIMEOUTS | MMAP_PAGE_ZERO, 71 PER_OSF4 = 0x000f, /* OSF/1 v4 */ 72 PER_HPUX = 0x0010, 73 PER_MASK = 0x00ff, 74 }; 75 76 /* 77 * Return the base personality without flags. 78 */ 79 #define personality(pers) (pers & PER_MASK) 80 81 /* this flag is uneffective under linux too, should be deleted */ 82 #ifndef MAP_DENYWRITE 83 #define MAP_DENYWRITE 0 84 #endif 85 86 /* should probably go in elf.h */ 87 #ifndef ELIBBAD 88 #define ELIBBAD 80 89 #endif 90 91 #ifdef TARGET_WORDS_BIGENDIAN 92 #define ELF_DATA ELFDATA2MSB 93 #else 94 #define ELF_DATA ELFDATA2LSB 95 #endif 96 97 #ifdef TARGET_ABI_MIPSN32 98 typedef abi_ullong target_elf_greg_t; 99 #define tswapreg(ptr) tswap64(ptr) 100 #else 101 typedef abi_ulong target_elf_greg_t; 102 #define tswapreg(ptr) tswapal(ptr) 103 #endif 104 105 #ifdef USE_UID16 106 typedef abi_ushort target_uid_t; 107 typedef abi_ushort target_gid_t; 108 #else 109 typedef abi_uint target_uid_t; 110 typedef abi_uint target_gid_t; 111 #endif 112 typedef abi_int target_pid_t; 113 114 #ifdef TARGET_I386 115 116 #define ELF_PLATFORM get_elf_platform() 117 118 static const char *get_elf_platform(void) 119 { 120 static char elf_platform[] = "i386"; 121 int family = object_property_get_int(OBJECT(thread_cpu), "family", NULL); 122 if (family > 6) 123 family = 6; 124 if (family >= 3) 125 elf_platform[1] = '0' + family; 126 return elf_platform; 127 } 128 129 #define ELF_HWCAP get_elf_hwcap() 130 131 static uint32_t get_elf_hwcap(void) 132 { 133 X86CPU *cpu = X86_CPU(thread_cpu); 134 135 return cpu->env.features[FEAT_1_EDX]; 136 } 137 138 #ifdef TARGET_X86_64 139 #define ELF_START_MMAP 0x2aaaaab000ULL 140 141 #define ELF_CLASS ELFCLASS64 142 #define ELF_ARCH EM_X86_64 143 144 static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop) 145 { 146 regs->rax = 0; 147 regs->rsp = infop->start_stack; 148 regs->rip = infop->entry; 149 } 150 151 #define ELF_NREG 27 152 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 153 154 /* 155 * Note that ELF_NREG should be 29 as there should be place for 156 * TRAPNO and ERR "registers" as well but linux doesn't dump 157 * those. 158 * 159 * See linux kernel: arch/x86/include/asm/elf.h 160 */ 161 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUX86State *env) 162 { 163 (*regs)[0] = env->regs[15]; 164 (*regs)[1] = env->regs[14]; 165 (*regs)[2] = env->regs[13]; 166 (*regs)[3] = env->regs[12]; 167 (*regs)[4] = env->regs[R_EBP]; 168 (*regs)[5] = env->regs[R_EBX]; 169 (*regs)[6] = env->regs[11]; 170 (*regs)[7] = env->regs[10]; 171 (*regs)[8] = env->regs[9]; 172 (*regs)[9] = env->regs[8]; 173 (*regs)[10] = env->regs[R_EAX]; 174 (*regs)[11] = env->regs[R_ECX]; 175 (*regs)[12] = env->regs[R_EDX]; 176 (*regs)[13] = env->regs[R_ESI]; 177 (*regs)[14] = env->regs[R_EDI]; 178 (*regs)[15] = env->regs[R_EAX]; /* XXX */ 179 (*regs)[16] = env->eip; 180 (*regs)[17] = env->segs[R_CS].selector & 0xffff; 181 (*regs)[18] = env->eflags; 182 (*regs)[19] = env->regs[R_ESP]; 183 (*regs)[20] = env->segs[R_SS].selector & 0xffff; 184 (*regs)[21] = env->segs[R_FS].selector & 0xffff; 185 (*regs)[22] = env->segs[R_GS].selector & 0xffff; 186 (*regs)[23] = env->segs[R_DS].selector & 0xffff; 187 (*regs)[24] = env->segs[R_ES].selector & 0xffff; 188 (*regs)[25] = env->segs[R_FS].selector & 0xffff; 189 (*regs)[26] = env->segs[R_GS].selector & 0xffff; 190 } 191 192 #else 193 194 #define ELF_START_MMAP 0x80000000 195 196 /* 197 * This is used to ensure we don't load something for the wrong architecture. 198 */ 199 #define elf_check_arch(x) ( ((x) == EM_386) || ((x) == EM_486) ) 200 201 /* 202 * These are used to set parameters in the core dumps. 203 */ 204 #define ELF_CLASS ELFCLASS32 205 #define ELF_ARCH EM_386 206 207 static inline void init_thread(struct target_pt_regs *regs, 208 struct image_info *infop) 209 { 210 regs->esp = infop->start_stack; 211 regs->eip = infop->entry; 212 213 /* SVR4/i386 ABI (pages 3-31, 3-32) says that when the program 214 starts %edx contains a pointer to a function which might be 215 registered using `atexit'. This provides a mean for the 216 dynamic linker to call DT_FINI functions for shared libraries 217 that have been loaded before the code runs. 218 219 A value of 0 tells we have no such handler. */ 220 regs->edx = 0; 221 } 222 223 #define ELF_NREG 17 224 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 225 226 /* 227 * Note that ELF_NREG should be 19 as there should be place for 228 * TRAPNO and ERR "registers" as well but linux doesn't dump 229 * those. 230 * 231 * See linux kernel: arch/x86/include/asm/elf.h 232 */ 233 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUX86State *env) 234 { 235 (*regs)[0] = env->regs[R_EBX]; 236 (*regs)[1] = env->regs[R_ECX]; 237 (*regs)[2] = env->regs[R_EDX]; 238 (*regs)[3] = env->regs[R_ESI]; 239 (*regs)[4] = env->regs[R_EDI]; 240 (*regs)[5] = env->regs[R_EBP]; 241 (*regs)[6] = env->regs[R_EAX]; 242 (*regs)[7] = env->segs[R_DS].selector & 0xffff; 243 (*regs)[8] = env->segs[R_ES].selector & 0xffff; 244 (*regs)[9] = env->segs[R_FS].selector & 0xffff; 245 (*regs)[10] = env->segs[R_GS].selector & 0xffff; 246 (*regs)[11] = env->regs[R_EAX]; /* XXX */ 247 (*regs)[12] = env->eip; 248 (*regs)[13] = env->segs[R_CS].selector & 0xffff; 249 (*regs)[14] = env->eflags; 250 (*regs)[15] = env->regs[R_ESP]; 251 (*regs)[16] = env->segs[R_SS].selector & 0xffff; 252 } 253 #endif 254 255 #define USE_ELF_CORE_DUMP 256 #define ELF_EXEC_PAGESIZE 4096 257 258 #endif 259 260 #ifdef TARGET_ARM 261 262 #ifndef TARGET_AARCH64 263 /* 32 bit ARM definitions */ 264 265 #define ELF_START_MMAP 0x80000000 266 267 #define ELF_ARCH EM_ARM 268 #define ELF_CLASS ELFCLASS32 269 270 static inline void init_thread(struct target_pt_regs *regs, 271 struct image_info *infop) 272 { 273 abi_long stack = infop->start_stack; 274 memset(regs, 0, sizeof(*regs)); 275 276 regs->uregs[16] = ARM_CPU_MODE_USR; 277 if (infop->entry & 1) { 278 regs->uregs[16] |= CPSR_T; 279 } 280 regs->uregs[15] = infop->entry & 0xfffffffe; 281 regs->uregs[13] = infop->start_stack; 282 /* FIXME - what to for failure of get_user()? */ 283 get_user_ual(regs->uregs[2], stack + 8); /* envp */ 284 get_user_ual(regs->uregs[1], stack + 4); /* envp */ 285 /* XXX: it seems that r0 is zeroed after ! */ 286 regs->uregs[0] = 0; 287 /* For uClinux PIC binaries. */ 288 /* XXX: Linux does this only on ARM with no MMU (do we care ?) */ 289 regs->uregs[10] = infop->start_data; 290 } 291 292 #define ELF_NREG 18 293 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 294 295 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUARMState *env) 296 { 297 (*regs)[0] = tswapreg(env->regs[0]); 298 (*regs)[1] = tswapreg(env->regs[1]); 299 (*regs)[2] = tswapreg(env->regs[2]); 300 (*regs)[3] = tswapreg(env->regs[3]); 301 (*regs)[4] = tswapreg(env->regs[4]); 302 (*regs)[5] = tswapreg(env->regs[5]); 303 (*regs)[6] = tswapreg(env->regs[6]); 304 (*regs)[7] = tswapreg(env->regs[7]); 305 (*regs)[8] = tswapreg(env->regs[8]); 306 (*regs)[9] = tswapreg(env->regs[9]); 307 (*regs)[10] = tswapreg(env->regs[10]); 308 (*regs)[11] = tswapreg(env->regs[11]); 309 (*regs)[12] = tswapreg(env->regs[12]); 310 (*regs)[13] = tswapreg(env->regs[13]); 311 (*regs)[14] = tswapreg(env->regs[14]); 312 (*regs)[15] = tswapreg(env->regs[15]); 313 314 (*regs)[16] = tswapreg(cpsr_read((CPUARMState *)env)); 315 (*regs)[17] = tswapreg(env->regs[0]); /* XXX */ 316 } 317 318 #define USE_ELF_CORE_DUMP 319 #define ELF_EXEC_PAGESIZE 4096 320 321 enum 322 { 323 ARM_HWCAP_ARM_SWP = 1 << 0, 324 ARM_HWCAP_ARM_HALF = 1 << 1, 325 ARM_HWCAP_ARM_THUMB = 1 << 2, 326 ARM_HWCAP_ARM_26BIT = 1 << 3, 327 ARM_HWCAP_ARM_FAST_MULT = 1 << 4, 328 ARM_HWCAP_ARM_FPA = 1 << 5, 329 ARM_HWCAP_ARM_VFP = 1 << 6, 330 ARM_HWCAP_ARM_EDSP = 1 << 7, 331 ARM_HWCAP_ARM_JAVA = 1 << 8, 332 ARM_HWCAP_ARM_IWMMXT = 1 << 9, 333 ARM_HWCAP_ARM_CRUNCH = 1 << 10, 334 ARM_HWCAP_ARM_THUMBEE = 1 << 11, 335 ARM_HWCAP_ARM_NEON = 1 << 12, 336 ARM_HWCAP_ARM_VFPv3 = 1 << 13, 337 ARM_HWCAP_ARM_VFPv3D16 = 1 << 14, 338 ARM_HWCAP_ARM_TLS = 1 << 15, 339 ARM_HWCAP_ARM_VFPv4 = 1 << 16, 340 ARM_HWCAP_ARM_IDIVA = 1 << 17, 341 ARM_HWCAP_ARM_IDIVT = 1 << 18, 342 ARM_HWCAP_ARM_VFPD32 = 1 << 19, 343 ARM_HWCAP_ARM_LPAE = 1 << 20, 344 ARM_HWCAP_ARM_EVTSTRM = 1 << 21, 345 }; 346 347 enum { 348 ARM_HWCAP2_ARM_AES = 1 << 0, 349 ARM_HWCAP2_ARM_PMULL = 1 << 1, 350 ARM_HWCAP2_ARM_SHA1 = 1 << 2, 351 ARM_HWCAP2_ARM_SHA2 = 1 << 3, 352 ARM_HWCAP2_ARM_CRC32 = 1 << 4, 353 }; 354 355 /* The commpage only exists for 32 bit kernels */ 356 357 /* Return 1 if the proposed guest space is suitable for the guest. 358 * Return 0 if the proposed guest space isn't suitable, but another 359 * address space should be tried. 360 * Return -1 if there is no way the proposed guest space can be 361 * valid regardless of the base. 362 * The guest code may leave a page mapped and populate it if the 363 * address is suitable. 364 */ 365 static int init_guest_commpage(unsigned long guest_base, 366 unsigned long guest_size) 367 { 368 unsigned long real_start, test_page_addr; 369 370 /* We need to check that we can force a fault on access to the 371 * commpage at 0xffff0fxx 372 */ 373 test_page_addr = guest_base + (0xffff0f00 & qemu_host_page_mask); 374 375 /* If the commpage lies within the already allocated guest space, 376 * then there is no way we can allocate it. 377 * 378 * You may be thinking that that this check is redundant because 379 * we already validated the guest size against MAX_RESERVED_VA; 380 * but if qemu_host_page_mask is unusually large, then 381 * test_page_addr may be lower. 382 */ 383 if (test_page_addr >= guest_base 384 && test_page_addr < (guest_base + guest_size)) { 385 return -1; 386 } 387 388 /* Note it needs to be writeable to let us initialise it */ 389 real_start = (unsigned long) 390 mmap((void *)test_page_addr, qemu_host_page_size, 391 PROT_READ | PROT_WRITE, 392 MAP_ANONYMOUS | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); 393 394 /* If we can't map it then try another address */ 395 if (real_start == -1ul) { 396 return 0; 397 } 398 399 if (real_start != test_page_addr) { 400 /* OS didn't put the page where we asked - unmap and reject */ 401 munmap((void *)real_start, qemu_host_page_size); 402 return 0; 403 } 404 405 /* Leave the page mapped 406 * Populate it (mmap should have left it all 0'd) 407 */ 408 409 /* Kernel helper versions */ 410 __put_user(5, (uint32_t *)g2h(0xffff0ffcul)); 411 412 /* Now it's populated make it RO */ 413 if (mprotect((void *)test_page_addr, qemu_host_page_size, PROT_READ)) { 414 perror("Protecting guest commpage"); 415 exit(-1); 416 } 417 418 return 1; /* All good */ 419 } 420 421 #define ELF_HWCAP get_elf_hwcap() 422 #define ELF_HWCAP2 get_elf_hwcap2() 423 424 static uint32_t get_elf_hwcap(void) 425 { 426 ARMCPU *cpu = ARM_CPU(thread_cpu); 427 uint32_t hwcaps = 0; 428 429 hwcaps |= ARM_HWCAP_ARM_SWP; 430 hwcaps |= ARM_HWCAP_ARM_HALF; 431 hwcaps |= ARM_HWCAP_ARM_THUMB; 432 hwcaps |= ARM_HWCAP_ARM_FAST_MULT; 433 434 /* probe for the extra features */ 435 #define GET_FEATURE(feat, hwcap) \ 436 do { if (arm_feature(&cpu->env, feat)) { hwcaps |= hwcap; } } while (0) 437 /* EDSP is in v5TE and above, but all our v5 CPUs are v5TE */ 438 GET_FEATURE(ARM_FEATURE_V5, ARM_HWCAP_ARM_EDSP); 439 GET_FEATURE(ARM_FEATURE_VFP, ARM_HWCAP_ARM_VFP); 440 GET_FEATURE(ARM_FEATURE_IWMMXT, ARM_HWCAP_ARM_IWMMXT); 441 GET_FEATURE(ARM_FEATURE_THUMB2EE, ARM_HWCAP_ARM_THUMBEE); 442 GET_FEATURE(ARM_FEATURE_NEON, ARM_HWCAP_ARM_NEON); 443 GET_FEATURE(ARM_FEATURE_VFP3, ARM_HWCAP_ARM_VFPv3); 444 GET_FEATURE(ARM_FEATURE_V6K, ARM_HWCAP_ARM_TLS); 445 GET_FEATURE(ARM_FEATURE_VFP4, ARM_HWCAP_ARM_VFPv4); 446 GET_FEATURE(ARM_FEATURE_ARM_DIV, ARM_HWCAP_ARM_IDIVA); 447 GET_FEATURE(ARM_FEATURE_THUMB_DIV, ARM_HWCAP_ARM_IDIVT); 448 /* All QEMU's VFPv3 CPUs have 32 registers, see VFP_DREG in translate.c. 449 * Note that the ARM_HWCAP_ARM_VFPv3D16 bit is always the inverse of 450 * ARM_HWCAP_ARM_VFPD32 (and so always clear for QEMU); it is unrelated 451 * to our VFP_FP16 feature bit. 452 */ 453 GET_FEATURE(ARM_FEATURE_VFP3, ARM_HWCAP_ARM_VFPD32); 454 GET_FEATURE(ARM_FEATURE_LPAE, ARM_HWCAP_ARM_LPAE); 455 456 return hwcaps; 457 } 458 459 static uint32_t get_elf_hwcap2(void) 460 { 461 ARMCPU *cpu = ARM_CPU(thread_cpu); 462 uint32_t hwcaps = 0; 463 464 GET_FEATURE(ARM_FEATURE_V8_AES, ARM_HWCAP2_ARM_AES); 465 GET_FEATURE(ARM_FEATURE_V8_PMULL, ARM_HWCAP2_ARM_PMULL); 466 GET_FEATURE(ARM_FEATURE_V8_SHA1, ARM_HWCAP2_ARM_SHA1); 467 GET_FEATURE(ARM_FEATURE_V8_SHA256, ARM_HWCAP2_ARM_SHA2); 468 GET_FEATURE(ARM_FEATURE_CRC, ARM_HWCAP2_ARM_CRC32); 469 return hwcaps; 470 } 471 472 #undef GET_FEATURE 473 474 #else 475 /* 64 bit ARM definitions */ 476 #define ELF_START_MMAP 0x80000000 477 478 #define ELF_ARCH EM_AARCH64 479 #define ELF_CLASS ELFCLASS64 480 #define ELF_PLATFORM "aarch64" 481 482 static inline void init_thread(struct target_pt_regs *regs, 483 struct image_info *infop) 484 { 485 abi_long stack = infop->start_stack; 486 memset(regs, 0, sizeof(*regs)); 487 488 regs->pc = infop->entry & ~0x3ULL; 489 regs->sp = stack; 490 } 491 492 #define ELF_NREG 34 493 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 494 495 static void elf_core_copy_regs(target_elf_gregset_t *regs, 496 const CPUARMState *env) 497 { 498 int i; 499 500 for (i = 0; i < 32; i++) { 501 (*regs)[i] = tswapreg(env->xregs[i]); 502 } 503 (*regs)[32] = tswapreg(env->pc); 504 (*regs)[33] = tswapreg(pstate_read((CPUARMState *)env)); 505 } 506 507 #define USE_ELF_CORE_DUMP 508 #define ELF_EXEC_PAGESIZE 4096 509 510 enum { 511 ARM_HWCAP_A64_FP = 1 << 0, 512 ARM_HWCAP_A64_ASIMD = 1 << 1, 513 ARM_HWCAP_A64_EVTSTRM = 1 << 2, 514 ARM_HWCAP_A64_AES = 1 << 3, 515 ARM_HWCAP_A64_PMULL = 1 << 4, 516 ARM_HWCAP_A64_SHA1 = 1 << 5, 517 ARM_HWCAP_A64_SHA2 = 1 << 6, 518 ARM_HWCAP_A64_CRC32 = 1 << 7, 519 ARM_HWCAP_A64_ATOMICS = 1 << 8, 520 ARM_HWCAP_A64_FPHP = 1 << 9, 521 ARM_HWCAP_A64_ASIMDHP = 1 << 10, 522 ARM_HWCAP_A64_CPUID = 1 << 11, 523 ARM_HWCAP_A64_ASIMDRDM = 1 << 12, 524 ARM_HWCAP_A64_JSCVT = 1 << 13, 525 ARM_HWCAP_A64_FCMA = 1 << 14, 526 ARM_HWCAP_A64_LRCPC = 1 << 15, 527 ARM_HWCAP_A64_DCPOP = 1 << 16, 528 ARM_HWCAP_A64_SHA3 = 1 << 17, 529 ARM_HWCAP_A64_SM3 = 1 << 18, 530 ARM_HWCAP_A64_SM4 = 1 << 19, 531 ARM_HWCAP_A64_ASIMDDP = 1 << 20, 532 ARM_HWCAP_A64_SHA512 = 1 << 21, 533 ARM_HWCAP_A64_SVE = 1 << 22, 534 }; 535 536 #define ELF_HWCAP get_elf_hwcap() 537 538 static uint32_t get_elf_hwcap(void) 539 { 540 ARMCPU *cpu = ARM_CPU(thread_cpu); 541 uint32_t hwcaps = 0; 542 543 hwcaps |= ARM_HWCAP_A64_FP; 544 hwcaps |= ARM_HWCAP_A64_ASIMD; 545 546 /* probe for the extra features */ 547 #define GET_FEATURE(feat, hwcap) \ 548 do { if (arm_feature(&cpu->env, feat)) { hwcaps |= hwcap; } } while (0) 549 GET_FEATURE(ARM_FEATURE_V8_AES, ARM_HWCAP_A64_AES); 550 GET_FEATURE(ARM_FEATURE_V8_PMULL, ARM_HWCAP_A64_PMULL); 551 GET_FEATURE(ARM_FEATURE_V8_SHA1, ARM_HWCAP_A64_SHA1); 552 GET_FEATURE(ARM_FEATURE_V8_SHA256, ARM_HWCAP_A64_SHA2); 553 GET_FEATURE(ARM_FEATURE_CRC, ARM_HWCAP_A64_CRC32); 554 GET_FEATURE(ARM_FEATURE_V8_SHA3, ARM_HWCAP_A64_SHA3); 555 GET_FEATURE(ARM_FEATURE_V8_SM3, ARM_HWCAP_A64_SM3); 556 GET_FEATURE(ARM_FEATURE_V8_SM4, ARM_HWCAP_A64_SM4); 557 GET_FEATURE(ARM_FEATURE_V8_SHA512, ARM_HWCAP_A64_SHA512); 558 GET_FEATURE(ARM_FEATURE_V8_FP16, 559 ARM_HWCAP_A64_FPHP | ARM_HWCAP_A64_ASIMDHP); 560 GET_FEATURE(ARM_FEATURE_V8_RDM, ARM_HWCAP_A64_ASIMDRDM); 561 GET_FEATURE(ARM_FEATURE_V8_FCMA, ARM_HWCAP_A64_FCMA); 562 #undef GET_FEATURE 563 564 return hwcaps; 565 } 566 567 #endif /* not TARGET_AARCH64 */ 568 #endif /* TARGET_ARM */ 569 570 #ifdef TARGET_SPARC 571 #ifdef TARGET_SPARC64 572 573 #define ELF_START_MMAP 0x80000000 574 #define ELF_HWCAP (HWCAP_SPARC_FLUSH | HWCAP_SPARC_STBAR | HWCAP_SPARC_SWAP \ 575 | HWCAP_SPARC_MULDIV | HWCAP_SPARC_V9) 576 #ifndef TARGET_ABI32 577 #define elf_check_arch(x) ( (x) == EM_SPARCV9 || (x) == EM_SPARC32PLUS ) 578 #else 579 #define elf_check_arch(x) ( (x) == EM_SPARC32PLUS || (x) == EM_SPARC ) 580 #endif 581 582 #define ELF_CLASS ELFCLASS64 583 #define ELF_ARCH EM_SPARCV9 584 585 #define STACK_BIAS 2047 586 587 static inline void init_thread(struct target_pt_regs *regs, 588 struct image_info *infop) 589 { 590 #ifndef TARGET_ABI32 591 regs->tstate = 0; 592 #endif 593 regs->pc = infop->entry; 594 regs->npc = regs->pc + 4; 595 regs->y = 0; 596 #ifdef TARGET_ABI32 597 regs->u_regs[14] = infop->start_stack - 16 * 4; 598 #else 599 if (personality(infop->personality) == PER_LINUX32) 600 regs->u_regs[14] = infop->start_stack - 16 * 4; 601 else 602 regs->u_regs[14] = infop->start_stack - 16 * 8 - STACK_BIAS; 603 #endif 604 } 605 606 #else 607 #define ELF_START_MMAP 0x80000000 608 #define ELF_HWCAP (HWCAP_SPARC_FLUSH | HWCAP_SPARC_STBAR | HWCAP_SPARC_SWAP \ 609 | HWCAP_SPARC_MULDIV) 610 611 #define ELF_CLASS ELFCLASS32 612 #define ELF_ARCH EM_SPARC 613 614 static inline void init_thread(struct target_pt_regs *regs, 615 struct image_info *infop) 616 { 617 regs->psr = 0; 618 regs->pc = infop->entry; 619 regs->npc = regs->pc + 4; 620 regs->y = 0; 621 regs->u_regs[14] = infop->start_stack - 16 * 4; 622 } 623 624 #endif 625 #endif 626 627 #ifdef TARGET_PPC 628 629 #define ELF_MACHINE PPC_ELF_MACHINE 630 #define ELF_START_MMAP 0x80000000 631 632 #if defined(TARGET_PPC64) && !defined(TARGET_ABI32) 633 634 #define elf_check_arch(x) ( (x) == EM_PPC64 ) 635 636 #define ELF_CLASS ELFCLASS64 637 638 #else 639 640 #define ELF_CLASS ELFCLASS32 641 642 #endif 643 644 #define ELF_ARCH EM_PPC 645 646 /* Feature masks for the Aux Vector Hardware Capabilities (AT_HWCAP). 647 See arch/powerpc/include/asm/cputable.h. */ 648 enum { 649 QEMU_PPC_FEATURE_32 = 0x80000000, 650 QEMU_PPC_FEATURE_64 = 0x40000000, 651 QEMU_PPC_FEATURE_601_INSTR = 0x20000000, 652 QEMU_PPC_FEATURE_HAS_ALTIVEC = 0x10000000, 653 QEMU_PPC_FEATURE_HAS_FPU = 0x08000000, 654 QEMU_PPC_FEATURE_HAS_MMU = 0x04000000, 655 QEMU_PPC_FEATURE_HAS_4xxMAC = 0x02000000, 656 QEMU_PPC_FEATURE_UNIFIED_CACHE = 0x01000000, 657 QEMU_PPC_FEATURE_HAS_SPE = 0x00800000, 658 QEMU_PPC_FEATURE_HAS_EFP_SINGLE = 0x00400000, 659 QEMU_PPC_FEATURE_HAS_EFP_DOUBLE = 0x00200000, 660 QEMU_PPC_FEATURE_NO_TB = 0x00100000, 661 QEMU_PPC_FEATURE_POWER4 = 0x00080000, 662 QEMU_PPC_FEATURE_POWER5 = 0x00040000, 663 QEMU_PPC_FEATURE_POWER5_PLUS = 0x00020000, 664 QEMU_PPC_FEATURE_CELL = 0x00010000, 665 QEMU_PPC_FEATURE_BOOKE = 0x00008000, 666 QEMU_PPC_FEATURE_SMT = 0x00004000, 667 QEMU_PPC_FEATURE_ICACHE_SNOOP = 0x00002000, 668 QEMU_PPC_FEATURE_ARCH_2_05 = 0x00001000, 669 QEMU_PPC_FEATURE_PA6T = 0x00000800, 670 QEMU_PPC_FEATURE_HAS_DFP = 0x00000400, 671 QEMU_PPC_FEATURE_POWER6_EXT = 0x00000200, 672 QEMU_PPC_FEATURE_ARCH_2_06 = 0x00000100, 673 QEMU_PPC_FEATURE_HAS_VSX = 0x00000080, 674 QEMU_PPC_FEATURE_PSERIES_PERFMON_COMPAT = 0x00000040, 675 676 QEMU_PPC_FEATURE_TRUE_LE = 0x00000002, 677 QEMU_PPC_FEATURE_PPC_LE = 0x00000001, 678 679 /* Feature definitions in AT_HWCAP2. */ 680 QEMU_PPC_FEATURE2_ARCH_2_07 = 0x80000000, /* ISA 2.07 */ 681 QEMU_PPC_FEATURE2_HAS_HTM = 0x40000000, /* Hardware Transactional Memory */ 682 QEMU_PPC_FEATURE2_HAS_DSCR = 0x20000000, /* Data Stream Control Register */ 683 QEMU_PPC_FEATURE2_HAS_EBB = 0x10000000, /* Event Base Branching */ 684 QEMU_PPC_FEATURE2_HAS_ISEL = 0x08000000, /* Integer Select */ 685 QEMU_PPC_FEATURE2_HAS_TAR = 0x04000000, /* Target Address Register */ 686 }; 687 688 #define ELF_HWCAP get_elf_hwcap() 689 690 static uint32_t get_elf_hwcap(void) 691 { 692 PowerPCCPU *cpu = POWERPC_CPU(thread_cpu); 693 uint32_t features = 0; 694 695 /* We don't have to be terribly complete here; the high points are 696 Altivec/FP/SPE support. Anything else is just a bonus. */ 697 #define GET_FEATURE(flag, feature) \ 698 do { if (cpu->env.insns_flags & flag) { features |= feature; } } while (0) 699 #define GET_FEATURE2(flags, feature) \ 700 do { \ 701 if ((cpu->env.insns_flags2 & flags) == flags) { \ 702 features |= feature; \ 703 } \ 704 } while (0) 705 GET_FEATURE(PPC_64B, QEMU_PPC_FEATURE_64); 706 GET_FEATURE(PPC_FLOAT, QEMU_PPC_FEATURE_HAS_FPU); 707 GET_FEATURE(PPC_ALTIVEC, QEMU_PPC_FEATURE_HAS_ALTIVEC); 708 GET_FEATURE(PPC_SPE, QEMU_PPC_FEATURE_HAS_SPE); 709 GET_FEATURE(PPC_SPE_SINGLE, QEMU_PPC_FEATURE_HAS_EFP_SINGLE); 710 GET_FEATURE(PPC_SPE_DOUBLE, QEMU_PPC_FEATURE_HAS_EFP_DOUBLE); 711 GET_FEATURE(PPC_BOOKE, QEMU_PPC_FEATURE_BOOKE); 712 GET_FEATURE(PPC_405_MAC, QEMU_PPC_FEATURE_HAS_4xxMAC); 713 GET_FEATURE2(PPC2_DFP, QEMU_PPC_FEATURE_HAS_DFP); 714 GET_FEATURE2(PPC2_VSX, QEMU_PPC_FEATURE_HAS_VSX); 715 GET_FEATURE2((PPC2_PERM_ISA206 | PPC2_DIVE_ISA206 | PPC2_ATOMIC_ISA206 | 716 PPC2_FP_CVT_ISA206 | PPC2_FP_TST_ISA206), 717 QEMU_PPC_FEATURE_ARCH_2_06); 718 #undef GET_FEATURE 719 #undef GET_FEATURE2 720 721 return features; 722 } 723 724 #define ELF_HWCAP2 get_elf_hwcap2() 725 726 static uint32_t get_elf_hwcap2(void) 727 { 728 PowerPCCPU *cpu = POWERPC_CPU(thread_cpu); 729 uint32_t features = 0; 730 731 #define GET_FEATURE(flag, feature) \ 732 do { if (cpu->env.insns_flags & flag) { features |= feature; } } while (0) 733 #define GET_FEATURE2(flag, feature) \ 734 do { if (cpu->env.insns_flags2 & flag) { features |= feature; } } while (0) 735 736 GET_FEATURE(PPC_ISEL, QEMU_PPC_FEATURE2_HAS_ISEL); 737 GET_FEATURE2(PPC2_BCTAR_ISA207, QEMU_PPC_FEATURE2_HAS_TAR); 738 GET_FEATURE2((PPC2_BCTAR_ISA207 | PPC2_LSQ_ISA207 | PPC2_ALTIVEC_207 | 739 PPC2_ISA207S), QEMU_PPC_FEATURE2_ARCH_2_07); 740 741 #undef GET_FEATURE 742 #undef GET_FEATURE2 743 744 return features; 745 } 746 747 /* 748 * The requirements here are: 749 * - keep the final alignment of sp (sp & 0xf) 750 * - make sure the 32-bit value at the first 16 byte aligned position of 751 * AUXV is greater than 16 for glibc compatibility. 752 * AT_IGNOREPPC is used for that. 753 * - for compatibility with glibc ARCH_DLINFO must always be defined on PPC, 754 * even if DLINFO_ARCH_ITEMS goes to zero or is undefined. 755 */ 756 #define DLINFO_ARCH_ITEMS 5 757 #define ARCH_DLINFO \ 758 do { \ 759 PowerPCCPU *cpu = POWERPC_CPU(thread_cpu); \ 760 /* \ 761 * Handle glibc compatibility: these magic entries must \ 762 * be at the lowest addresses in the final auxv. \ 763 */ \ 764 NEW_AUX_ENT(AT_IGNOREPPC, AT_IGNOREPPC); \ 765 NEW_AUX_ENT(AT_IGNOREPPC, AT_IGNOREPPC); \ 766 NEW_AUX_ENT(AT_DCACHEBSIZE, cpu->env.dcache_line_size); \ 767 NEW_AUX_ENT(AT_ICACHEBSIZE, cpu->env.icache_line_size); \ 768 NEW_AUX_ENT(AT_UCACHEBSIZE, 0); \ 769 } while (0) 770 771 static inline void init_thread(struct target_pt_regs *_regs, struct image_info *infop) 772 { 773 _regs->gpr[1] = infop->start_stack; 774 #if defined(TARGET_PPC64) && !defined(TARGET_ABI32) 775 if (get_ppc64_abi(infop) < 2) { 776 uint64_t val; 777 get_user_u64(val, infop->entry + 8); 778 _regs->gpr[2] = val + infop->load_bias; 779 get_user_u64(val, infop->entry); 780 infop->entry = val + infop->load_bias; 781 } else { 782 _regs->gpr[12] = infop->entry; /* r12 set to global entry address */ 783 } 784 #endif 785 _regs->nip = infop->entry; 786 } 787 788 /* See linux kernel: arch/powerpc/include/asm/elf.h. */ 789 #define ELF_NREG 48 790 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 791 792 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUPPCState *env) 793 { 794 int i; 795 target_ulong ccr = 0; 796 797 for (i = 0; i < ARRAY_SIZE(env->gpr); i++) { 798 (*regs)[i] = tswapreg(env->gpr[i]); 799 } 800 801 (*regs)[32] = tswapreg(env->nip); 802 (*regs)[33] = tswapreg(env->msr); 803 (*regs)[35] = tswapreg(env->ctr); 804 (*regs)[36] = tswapreg(env->lr); 805 (*regs)[37] = tswapreg(env->xer); 806 807 for (i = 0; i < ARRAY_SIZE(env->crf); i++) { 808 ccr |= env->crf[i] << (32 - ((i + 1) * 4)); 809 } 810 (*regs)[38] = tswapreg(ccr); 811 } 812 813 #define USE_ELF_CORE_DUMP 814 #define ELF_EXEC_PAGESIZE 4096 815 816 #endif 817 818 #ifdef TARGET_MIPS 819 820 #define ELF_START_MMAP 0x80000000 821 822 #ifdef TARGET_MIPS64 823 #define ELF_CLASS ELFCLASS64 824 #else 825 #define ELF_CLASS ELFCLASS32 826 #endif 827 #define ELF_ARCH EM_MIPS 828 829 static inline void init_thread(struct target_pt_regs *regs, 830 struct image_info *infop) 831 { 832 regs->cp0_status = 2 << CP0St_KSU; 833 regs->cp0_epc = infop->entry; 834 regs->regs[29] = infop->start_stack; 835 } 836 837 /* See linux kernel: arch/mips/include/asm/elf.h. */ 838 #define ELF_NREG 45 839 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 840 841 /* See linux kernel: arch/mips/include/asm/reg.h. */ 842 enum { 843 #ifdef TARGET_MIPS64 844 TARGET_EF_R0 = 0, 845 #else 846 TARGET_EF_R0 = 6, 847 #endif 848 TARGET_EF_R26 = TARGET_EF_R0 + 26, 849 TARGET_EF_R27 = TARGET_EF_R0 + 27, 850 TARGET_EF_LO = TARGET_EF_R0 + 32, 851 TARGET_EF_HI = TARGET_EF_R0 + 33, 852 TARGET_EF_CP0_EPC = TARGET_EF_R0 + 34, 853 TARGET_EF_CP0_BADVADDR = TARGET_EF_R0 + 35, 854 TARGET_EF_CP0_STATUS = TARGET_EF_R0 + 36, 855 TARGET_EF_CP0_CAUSE = TARGET_EF_R0 + 37 856 }; 857 858 /* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs. */ 859 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUMIPSState *env) 860 { 861 int i; 862 863 for (i = 0; i < TARGET_EF_R0; i++) { 864 (*regs)[i] = 0; 865 } 866 (*regs)[TARGET_EF_R0] = 0; 867 868 for (i = 1; i < ARRAY_SIZE(env->active_tc.gpr); i++) { 869 (*regs)[TARGET_EF_R0 + i] = tswapreg(env->active_tc.gpr[i]); 870 } 871 872 (*regs)[TARGET_EF_R26] = 0; 873 (*regs)[TARGET_EF_R27] = 0; 874 (*regs)[TARGET_EF_LO] = tswapreg(env->active_tc.LO[0]); 875 (*regs)[TARGET_EF_HI] = tswapreg(env->active_tc.HI[0]); 876 (*regs)[TARGET_EF_CP0_EPC] = tswapreg(env->active_tc.PC); 877 (*regs)[TARGET_EF_CP0_BADVADDR] = tswapreg(env->CP0_BadVAddr); 878 (*regs)[TARGET_EF_CP0_STATUS] = tswapreg(env->CP0_Status); 879 (*regs)[TARGET_EF_CP0_CAUSE] = tswapreg(env->CP0_Cause); 880 } 881 882 #define USE_ELF_CORE_DUMP 883 #define ELF_EXEC_PAGESIZE 4096 884 885 /* See arch/mips/include/uapi/asm/hwcap.h. */ 886 enum { 887 HWCAP_MIPS_R6 = (1 << 0), 888 HWCAP_MIPS_MSA = (1 << 1), 889 }; 890 891 #define ELF_HWCAP get_elf_hwcap() 892 893 static uint32_t get_elf_hwcap(void) 894 { 895 MIPSCPU *cpu = MIPS_CPU(thread_cpu); 896 uint32_t hwcaps = 0; 897 898 #define GET_FEATURE(flag, hwcap) \ 899 do { if (cpu->env.insn_flags & (flag)) { hwcaps |= hwcap; } } while (0) 900 901 GET_FEATURE(ISA_MIPS32R6 | ISA_MIPS64R6, HWCAP_MIPS_R6); 902 GET_FEATURE(ASE_MSA, HWCAP_MIPS_MSA); 903 904 #undef GET_FEATURE 905 906 return hwcaps; 907 } 908 909 #endif /* TARGET_MIPS */ 910 911 #ifdef TARGET_MICROBLAZE 912 913 #define ELF_START_MMAP 0x80000000 914 915 #define elf_check_arch(x) ( (x) == EM_MICROBLAZE || (x) == EM_MICROBLAZE_OLD) 916 917 #define ELF_CLASS ELFCLASS32 918 #define ELF_ARCH EM_MICROBLAZE 919 920 static inline void init_thread(struct target_pt_regs *regs, 921 struct image_info *infop) 922 { 923 regs->pc = infop->entry; 924 regs->r1 = infop->start_stack; 925 926 } 927 928 #define ELF_EXEC_PAGESIZE 4096 929 930 #define USE_ELF_CORE_DUMP 931 #define ELF_NREG 38 932 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 933 934 /* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs. */ 935 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUMBState *env) 936 { 937 int i, pos = 0; 938 939 for (i = 0; i < 32; i++) { 940 (*regs)[pos++] = tswapreg(env->regs[i]); 941 } 942 943 for (i = 0; i < 6; i++) { 944 (*regs)[pos++] = tswapreg(env->sregs[i]); 945 } 946 } 947 948 #endif /* TARGET_MICROBLAZE */ 949 950 #ifdef TARGET_NIOS2 951 952 #define ELF_START_MMAP 0x80000000 953 954 #define elf_check_arch(x) ((x) == EM_ALTERA_NIOS2) 955 956 #define ELF_CLASS ELFCLASS32 957 #define ELF_ARCH EM_ALTERA_NIOS2 958 959 static void init_thread(struct target_pt_regs *regs, struct image_info *infop) 960 { 961 regs->ea = infop->entry; 962 regs->sp = infop->start_stack; 963 regs->estatus = 0x3; 964 } 965 966 #define ELF_EXEC_PAGESIZE 4096 967 968 #define USE_ELF_CORE_DUMP 969 #define ELF_NREG 49 970 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 971 972 /* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs. */ 973 static void elf_core_copy_regs(target_elf_gregset_t *regs, 974 const CPUNios2State *env) 975 { 976 int i; 977 978 (*regs)[0] = -1; 979 for (i = 1; i < 8; i++) /* r0-r7 */ 980 (*regs)[i] = tswapreg(env->regs[i + 7]); 981 982 for (i = 8; i < 16; i++) /* r8-r15 */ 983 (*regs)[i] = tswapreg(env->regs[i - 8]); 984 985 for (i = 16; i < 24; i++) /* r16-r23 */ 986 (*regs)[i] = tswapreg(env->regs[i + 7]); 987 (*regs)[24] = -1; /* R_ET */ 988 (*regs)[25] = -1; /* R_BT */ 989 (*regs)[26] = tswapreg(env->regs[R_GP]); 990 (*regs)[27] = tswapreg(env->regs[R_SP]); 991 (*regs)[28] = tswapreg(env->regs[R_FP]); 992 (*regs)[29] = tswapreg(env->regs[R_EA]); 993 (*regs)[30] = -1; /* R_SSTATUS */ 994 (*regs)[31] = tswapreg(env->regs[R_RA]); 995 996 (*regs)[32] = tswapreg(env->regs[R_PC]); 997 998 (*regs)[33] = -1; /* R_STATUS */ 999 (*regs)[34] = tswapreg(env->regs[CR_ESTATUS]); 1000 1001 for (i = 35; i < 49; i++) /* ... */ 1002 (*regs)[i] = -1; 1003 } 1004 1005 #endif /* TARGET_NIOS2 */ 1006 1007 #ifdef TARGET_OPENRISC 1008 1009 #define ELF_START_MMAP 0x08000000 1010 1011 #define ELF_ARCH EM_OPENRISC 1012 #define ELF_CLASS ELFCLASS32 1013 #define ELF_DATA ELFDATA2MSB 1014 1015 static inline void init_thread(struct target_pt_regs *regs, 1016 struct image_info *infop) 1017 { 1018 regs->pc = infop->entry; 1019 regs->gpr[1] = infop->start_stack; 1020 } 1021 1022 #define USE_ELF_CORE_DUMP 1023 #define ELF_EXEC_PAGESIZE 8192 1024 1025 /* See linux kernel arch/openrisc/include/asm/elf.h. */ 1026 #define ELF_NREG 34 /* gprs and pc, sr */ 1027 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 1028 1029 static void elf_core_copy_regs(target_elf_gregset_t *regs, 1030 const CPUOpenRISCState *env) 1031 { 1032 int i; 1033 1034 for (i = 0; i < 32; i++) { 1035 (*regs)[i] = tswapreg(cpu_get_gpr(env, i)); 1036 } 1037 (*regs)[32] = tswapreg(env->pc); 1038 (*regs)[33] = tswapreg(cpu_get_sr(env)); 1039 } 1040 #define ELF_HWCAP 0 1041 #define ELF_PLATFORM NULL 1042 1043 #endif /* TARGET_OPENRISC */ 1044 1045 #ifdef TARGET_SH4 1046 1047 #define ELF_START_MMAP 0x80000000 1048 1049 #define ELF_CLASS ELFCLASS32 1050 #define ELF_ARCH EM_SH 1051 1052 static inline void init_thread(struct target_pt_regs *regs, 1053 struct image_info *infop) 1054 { 1055 /* Check other registers XXXXX */ 1056 regs->pc = infop->entry; 1057 regs->regs[15] = infop->start_stack; 1058 } 1059 1060 /* See linux kernel: arch/sh/include/asm/elf.h. */ 1061 #define ELF_NREG 23 1062 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 1063 1064 /* See linux kernel: arch/sh/include/asm/ptrace.h. */ 1065 enum { 1066 TARGET_REG_PC = 16, 1067 TARGET_REG_PR = 17, 1068 TARGET_REG_SR = 18, 1069 TARGET_REG_GBR = 19, 1070 TARGET_REG_MACH = 20, 1071 TARGET_REG_MACL = 21, 1072 TARGET_REG_SYSCALL = 22 1073 }; 1074 1075 static inline void elf_core_copy_regs(target_elf_gregset_t *regs, 1076 const CPUSH4State *env) 1077 { 1078 int i; 1079 1080 for (i = 0; i < 16; i++) { 1081 (*regs)[i] = tswapreg(env->gregs[i]); 1082 } 1083 1084 (*regs)[TARGET_REG_PC] = tswapreg(env->pc); 1085 (*regs)[TARGET_REG_PR] = tswapreg(env->pr); 1086 (*regs)[TARGET_REG_SR] = tswapreg(env->sr); 1087 (*regs)[TARGET_REG_GBR] = tswapreg(env->gbr); 1088 (*regs)[TARGET_REG_MACH] = tswapreg(env->mach); 1089 (*regs)[TARGET_REG_MACL] = tswapreg(env->macl); 1090 (*regs)[TARGET_REG_SYSCALL] = 0; /* FIXME */ 1091 } 1092 1093 #define USE_ELF_CORE_DUMP 1094 #define ELF_EXEC_PAGESIZE 4096 1095 1096 enum { 1097 SH_CPU_HAS_FPU = 0x0001, /* Hardware FPU support */ 1098 SH_CPU_HAS_P2_FLUSH_BUG = 0x0002, /* Need to flush the cache in P2 area */ 1099 SH_CPU_HAS_MMU_PAGE_ASSOC = 0x0004, /* SH3: TLB way selection bit support */ 1100 SH_CPU_HAS_DSP = 0x0008, /* SH-DSP: DSP support */ 1101 SH_CPU_HAS_PERF_COUNTER = 0x0010, /* Hardware performance counters */ 1102 SH_CPU_HAS_PTEA = 0x0020, /* PTEA register */ 1103 SH_CPU_HAS_LLSC = 0x0040, /* movli.l/movco.l */ 1104 SH_CPU_HAS_L2_CACHE = 0x0080, /* Secondary cache / URAM */ 1105 SH_CPU_HAS_OP32 = 0x0100, /* 32-bit instruction support */ 1106 SH_CPU_HAS_PTEAEX = 0x0200, /* PTE ASID Extension support */ 1107 }; 1108 1109 #define ELF_HWCAP get_elf_hwcap() 1110 1111 static uint32_t get_elf_hwcap(void) 1112 { 1113 SuperHCPU *cpu = SUPERH_CPU(thread_cpu); 1114 uint32_t hwcap = 0; 1115 1116 hwcap |= SH_CPU_HAS_FPU; 1117 1118 if (cpu->env.features & SH_FEATURE_SH4A) { 1119 hwcap |= SH_CPU_HAS_LLSC; 1120 } 1121 1122 return hwcap; 1123 } 1124 1125 #endif 1126 1127 #ifdef TARGET_CRIS 1128 1129 #define ELF_START_MMAP 0x80000000 1130 1131 #define ELF_CLASS ELFCLASS32 1132 #define ELF_ARCH EM_CRIS 1133 1134 static inline void init_thread(struct target_pt_regs *regs, 1135 struct image_info *infop) 1136 { 1137 regs->erp = infop->entry; 1138 } 1139 1140 #define ELF_EXEC_PAGESIZE 8192 1141 1142 #endif 1143 1144 #ifdef TARGET_M68K 1145 1146 #define ELF_START_MMAP 0x80000000 1147 1148 #define ELF_CLASS ELFCLASS32 1149 #define ELF_ARCH EM_68K 1150 1151 /* ??? Does this need to do anything? 1152 #define ELF_PLAT_INIT(_r) */ 1153 1154 static inline void init_thread(struct target_pt_regs *regs, 1155 struct image_info *infop) 1156 { 1157 regs->usp = infop->start_stack; 1158 regs->sr = 0; 1159 regs->pc = infop->entry; 1160 } 1161 1162 /* See linux kernel: arch/m68k/include/asm/elf.h. */ 1163 #define ELF_NREG 20 1164 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 1165 1166 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUM68KState *env) 1167 { 1168 (*regs)[0] = tswapreg(env->dregs[1]); 1169 (*regs)[1] = tswapreg(env->dregs[2]); 1170 (*regs)[2] = tswapreg(env->dregs[3]); 1171 (*regs)[3] = tswapreg(env->dregs[4]); 1172 (*regs)[4] = tswapreg(env->dregs[5]); 1173 (*regs)[5] = tswapreg(env->dregs[6]); 1174 (*regs)[6] = tswapreg(env->dregs[7]); 1175 (*regs)[7] = tswapreg(env->aregs[0]); 1176 (*regs)[8] = tswapreg(env->aregs[1]); 1177 (*regs)[9] = tswapreg(env->aregs[2]); 1178 (*regs)[10] = tswapreg(env->aregs[3]); 1179 (*regs)[11] = tswapreg(env->aregs[4]); 1180 (*regs)[12] = tswapreg(env->aregs[5]); 1181 (*regs)[13] = tswapreg(env->aregs[6]); 1182 (*regs)[14] = tswapreg(env->dregs[0]); 1183 (*regs)[15] = tswapreg(env->aregs[7]); 1184 (*regs)[16] = tswapreg(env->dregs[0]); /* FIXME: orig_d0 */ 1185 (*regs)[17] = tswapreg(env->sr); 1186 (*regs)[18] = tswapreg(env->pc); 1187 (*regs)[19] = 0; /* FIXME: regs->format | regs->vector */ 1188 } 1189 1190 #define USE_ELF_CORE_DUMP 1191 #define ELF_EXEC_PAGESIZE 8192 1192 1193 #endif 1194 1195 #ifdef TARGET_ALPHA 1196 1197 #define ELF_START_MMAP (0x30000000000ULL) 1198 1199 #define ELF_CLASS ELFCLASS64 1200 #define ELF_ARCH EM_ALPHA 1201 1202 static inline void init_thread(struct target_pt_regs *regs, 1203 struct image_info *infop) 1204 { 1205 regs->pc = infop->entry; 1206 regs->ps = 8; 1207 regs->usp = infop->start_stack; 1208 } 1209 1210 #define ELF_EXEC_PAGESIZE 8192 1211 1212 #endif /* TARGET_ALPHA */ 1213 1214 #ifdef TARGET_S390X 1215 1216 #define ELF_START_MMAP (0x20000000000ULL) 1217 1218 #define ELF_CLASS ELFCLASS64 1219 #define ELF_DATA ELFDATA2MSB 1220 #define ELF_ARCH EM_S390 1221 1222 static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop) 1223 { 1224 regs->psw.addr = infop->entry; 1225 regs->psw.mask = PSW_MASK_64 | PSW_MASK_32; 1226 regs->gprs[15] = infop->start_stack; 1227 } 1228 1229 #endif /* TARGET_S390X */ 1230 1231 #ifdef TARGET_TILEGX 1232 1233 /* 42 bits real used address, a half for user mode */ 1234 #define ELF_START_MMAP (0x00000020000000000ULL) 1235 1236 #define elf_check_arch(x) ((x) == EM_TILEGX) 1237 1238 #define ELF_CLASS ELFCLASS64 1239 #define ELF_DATA ELFDATA2LSB 1240 #define ELF_ARCH EM_TILEGX 1241 1242 static inline void init_thread(struct target_pt_regs *regs, 1243 struct image_info *infop) 1244 { 1245 regs->pc = infop->entry; 1246 regs->sp = infop->start_stack; 1247 1248 } 1249 1250 #define ELF_EXEC_PAGESIZE 65536 /* TILE-Gx page size is 64KB */ 1251 1252 #endif /* TARGET_TILEGX */ 1253 1254 #ifdef TARGET_RISCV 1255 1256 #define ELF_START_MMAP 0x80000000 1257 #define ELF_ARCH EM_RISCV 1258 1259 #ifdef TARGET_RISCV32 1260 #define ELF_CLASS ELFCLASS32 1261 #else 1262 #define ELF_CLASS ELFCLASS64 1263 #endif 1264 1265 static inline void init_thread(struct target_pt_regs *regs, 1266 struct image_info *infop) 1267 { 1268 regs->sepc = infop->entry; 1269 regs->sp = infop->start_stack; 1270 } 1271 1272 #define ELF_EXEC_PAGESIZE 4096 1273 1274 #endif /* TARGET_RISCV */ 1275 1276 #ifdef TARGET_HPPA 1277 1278 #define ELF_START_MMAP 0x80000000 1279 #define ELF_CLASS ELFCLASS32 1280 #define ELF_ARCH EM_PARISC 1281 #define ELF_PLATFORM "PARISC" 1282 #define STACK_GROWS_DOWN 0 1283 #define STACK_ALIGNMENT 64 1284 1285 static inline void init_thread(struct target_pt_regs *regs, 1286 struct image_info *infop) 1287 { 1288 regs->iaoq[0] = infop->entry; 1289 regs->iaoq[1] = infop->entry + 4; 1290 regs->gr[23] = 0; 1291 regs->gr[24] = infop->arg_start; 1292 regs->gr[25] = (infop->arg_end - infop->arg_start) / sizeof(abi_ulong); 1293 /* The top-of-stack contains a linkage buffer. */ 1294 regs->gr[30] = infop->start_stack + 64; 1295 regs->gr[31] = infop->entry; 1296 } 1297 1298 #endif /* TARGET_HPPA */ 1299 1300 #ifdef TARGET_XTENSA 1301 1302 #define ELF_START_MMAP 0x20000000 1303 1304 #define ELF_CLASS ELFCLASS32 1305 #define ELF_ARCH EM_XTENSA 1306 1307 static inline void init_thread(struct target_pt_regs *regs, 1308 struct image_info *infop) 1309 { 1310 regs->windowbase = 0; 1311 regs->windowstart = 1; 1312 regs->areg[1] = infop->start_stack; 1313 regs->pc = infop->entry; 1314 } 1315 1316 /* See linux kernel: arch/xtensa/include/asm/elf.h. */ 1317 #define ELF_NREG 128 1318 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 1319 1320 enum { 1321 TARGET_REG_PC, 1322 TARGET_REG_PS, 1323 TARGET_REG_LBEG, 1324 TARGET_REG_LEND, 1325 TARGET_REG_LCOUNT, 1326 TARGET_REG_SAR, 1327 TARGET_REG_WINDOWSTART, 1328 TARGET_REG_WINDOWBASE, 1329 TARGET_REG_THREADPTR, 1330 TARGET_REG_AR0 = 64, 1331 }; 1332 1333 static void elf_core_copy_regs(target_elf_gregset_t *regs, 1334 const CPUXtensaState *env) 1335 { 1336 unsigned i; 1337 1338 (*regs)[TARGET_REG_PC] = tswapreg(env->pc); 1339 (*regs)[TARGET_REG_PS] = tswapreg(env->sregs[PS] & ~PS_EXCM); 1340 (*regs)[TARGET_REG_LBEG] = tswapreg(env->sregs[LBEG]); 1341 (*regs)[TARGET_REG_LEND] = tswapreg(env->sregs[LEND]); 1342 (*regs)[TARGET_REG_LCOUNT] = tswapreg(env->sregs[LCOUNT]); 1343 (*regs)[TARGET_REG_SAR] = tswapreg(env->sregs[SAR]); 1344 (*regs)[TARGET_REG_WINDOWSTART] = tswapreg(env->sregs[WINDOW_START]); 1345 (*regs)[TARGET_REG_WINDOWBASE] = tswapreg(env->sregs[WINDOW_BASE]); 1346 (*regs)[TARGET_REG_THREADPTR] = tswapreg(env->uregs[THREADPTR]); 1347 xtensa_sync_phys_from_window((CPUXtensaState *)env); 1348 for (i = 0; i < env->config->nareg; ++i) { 1349 (*regs)[TARGET_REG_AR0 + i] = tswapreg(env->phys_regs[i]); 1350 } 1351 } 1352 1353 #define USE_ELF_CORE_DUMP 1354 #define ELF_EXEC_PAGESIZE 4096 1355 1356 #endif /* TARGET_XTENSA */ 1357 1358 #ifndef ELF_PLATFORM 1359 #define ELF_PLATFORM (NULL) 1360 #endif 1361 1362 #ifndef ELF_MACHINE 1363 #define ELF_MACHINE ELF_ARCH 1364 #endif 1365 1366 #ifndef elf_check_arch 1367 #define elf_check_arch(x) ((x) == ELF_ARCH) 1368 #endif 1369 1370 #ifndef ELF_HWCAP 1371 #define ELF_HWCAP 0 1372 #endif 1373 1374 #ifndef STACK_GROWS_DOWN 1375 #define STACK_GROWS_DOWN 1 1376 #endif 1377 1378 #ifndef STACK_ALIGNMENT 1379 #define STACK_ALIGNMENT 16 1380 #endif 1381 1382 #ifdef TARGET_ABI32 1383 #undef ELF_CLASS 1384 #define ELF_CLASS ELFCLASS32 1385 #undef bswaptls 1386 #define bswaptls(ptr) bswap32s(ptr) 1387 #endif 1388 1389 #include "elf.h" 1390 1391 struct exec 1392 { 1393 unsigned int a_info; /* Use macros N_MAGIC, etc for access */ 1394 unsigned int a_text; /* length of text, in bytes */ 1395 unsigned int a_data; /* length of data, in bytes */ 1396 unsigned int a_bss; /* length of uninitialized data area, in bytes */ 1397 unsigned int a_syms; /* length of symbol table data in file, in bytes */ 1398 unsigned int a_entry; /* start address */ 1399 unsigned int a_trsize; /* length of relocation info for text, in bytes */ 1400 unsigned int a_drsize; /* length of relocation info for data, in bytes */ 1401 }; 1402 1403 1404 #define N_MAGIC(exec) ((exec).a_info & 0xffff) 1405 #define OMAGIC 0407 1406 #define NMAGIC 0410 1407 #define ZMAGIC 0413 1408 #define QMAGIC 0314 1409 1410 /* Necessary parameters */ 1411 #define TARGET_ELF_EXEC_PAGESIZE TARGET_PAGE_SIZE 1412 #define TARGET_ELF_PAGESTART(_v) ((_v) & \ 1413 ~(abi_ulong)(TARGET_ELF_EXEC_PAGESIZE-1)) 1414 #define TARGET_ELF_PAGEOFFSET(_v) ((_v) & (TARGET_ELF_EXEC_PAGESIZE-1)) 1415 1416 #define DLINFO_ITEMS 15 1417 1418 static inline void memcpy_fromfs(void * to, const void * from, unsigned long n) 1419 { 1420 memcpy(to, from, n); 1421 } 1422 1423 #ifdef BSWAP_NEEDED 1424 static void bswap_ehdr(struct elfhdr *ehdr) 1425 { 1426 bswap16s(&ehdr->e_type); /* Object file type */ 1427 bswap16s(&ehdr->e_machine); /* Architecture */ 1428 bswap32s(&ehdr->e_version); /* Object file version */ 1429 bswaptls(&ehdr->e_entry); /* Entry point virtual address */ 1430 bswaptls(&ehdr->e_phoff); /* Program header table file offset */ 1431 bswaptls(&ehdr->e_shoff); /* Section header table file offset */ 1432 bswap32s(&ehdr->e_flags); /* Processor-specific flags */ 1433 bswap16s(&ehdr->e_ehsize); /* ELF header size in bytes */ 1434 bswap16s(&ehdr->e_phentsize); /* Program header table entry size */ 1435 bswap16s(&ehdr->e_phnum); /* Program header table entry count */ 1436 bswap16s(&ehdr->e_shentsize); /* Section header table entry size */ 1437 bswap16s(&ehdr->e_shnum); /* Section header table entry count */ 1438 bswap16s(&ehdr->e_shstrndx); /* Section header string table index */ 1439 } 1440 1441 static void bswap_phdr(struct elf_phdr *phdr, int phnum) 1442 { 1443 int i; 1444 for (i = 0; i < phnum; ++i, ++phdr) { 1445 bswap32s(&phdr->p_type); /* Segment type */ 1446 bswap32s(&phdr->p_flags); /* Segment flags */ 1447 bswaptls(&phdr->p_offset); /* Segment file offset */ 1448 bswaptls(&phdr->p_vaddr); /* Segment virtual address */ 1449 bswaptls(&phdr->p_paddr); /* Segment physical address */ 1450 bswaptls(&phdr->p_filesz); /* Segment size in file */ 1451 bswaptls(&phdr->p_memsz); /* Segment size in memory */ 1452 bswaptls(&phdr->p_align); /* Segment alignment */ 1453 } 1454 } 1455 1456 static void bswap_shdr(struct elf_shdr *shdr, int shnum) 1457 { 1458 int i; 1459 for (i = 0; i < shnum; ++i, ++shdr) { 1460 bswap32s(&shdr->sh_name); 1461 bswap32s(&shdr->sh_type); 1462 bswaptls(&shdr->sh_flags); 1463 bswaptls(&shdr->sh_addr); 1464 bswaptls(&shdr->sh_offset); 1465 bswaptls(&shdr->sh_size); 1466 bswap32s(&shdr->sh_link); 1467 bswap32s(&shdr->sh_info); 1468 bswaptls(&shdr->sh_addralign); 1469 bswaptls(&shdr->sh_entsize); 1470 } 1471 } 1472 1473 static void bswap_sym(struct elf_sym *sym) 1474 { 1475 bswap32s(&sym->st_name); 1476 bswaptls(&sym->st_value); 1477 bswaptls(&sym->st_size); 1478 bswap16s(&sym->st_shndx); 1479 } 1480 #else 1481 static inline void bswap_ehdr(struct elfhdr *ehdr) { } 1482 static inline void bswap_phdr(struct elf_phdr *phdr, int phnum) { } 1483 static inline void bswap_shdr(struct elf_shdr *shdr, int shnum) { } 1484 static inline void bswap_sym(struct elf_sym *sym) { } 1485 #endif 1486 1487 #ifdef USE_ELF_CORE_DUMP 1488 static int elf_core_dump(int, const CPUArchState *); 1489 #endif /* USE_ELF_CORE_DUMP */ 1490 static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias); 1491 1492 /* Verify the portions of EHDR within E_IDENT for the target. 1493 This can be performed before bswapping the entire header. */ 1494 static bool elf_check_ident(struct elfhdr *ehdr) 1495 { 1496 return (ehdr->e_ident[EI_MAG0] == ELFMAG0 1497 && ehdr->e_ident[EI_MAG1] == ELFMAG1 1498 && ehdr->e_ident[EI_MAG2] == ELFMAG2 1499 && ehdr->e_ident[EI_MAG3] == ELFMAG3 1500 && ehdr->e_ident[EI_CLASS] == ELF_CLASS 1501 && ehdr->e_ident[EI_DATA] == ELF_DATA 1502 && ehdr->e_ident[EI_VERSION] == EV_CURRENT); 1503 } 1504 1505 /* Verify the portions of EHDR outside of E_IDENT for the target. 1506 This has to wait until after bswapping the header. */ 1507 static bool elf_check_ehdr(struct elfhdr *ehdr) 1508 { 1509 return (elf_check_arch(ehdr->e_machine) 1510 && ehdr->e_ehsize == sizeof(struct elfhdr) 1511 && ehdr->e_phentsize == sizeof(struct elf_phdr) 1512 && (ehdr->e_type == ET_EXEC || ehdr->e_type == ET_DYN)); 1513 } 1514 1515 /* 1516 * 'copy_elf_strings()' copies argument/envelope strings from user 1517 * memory to free pages in kernel mem. These are in a format ready 1518 * to be put directly into the top of new user memory. 1519 * 1520 */ 1521 static abi_ulong copy_elf_strings(int argc, char **argv, char *scratch, 1522 abi_ulong p, abi_ulong stack_limit) 1523 { 1524 char *tmp; 1525 int len, i; 1526 abi_ulong top = p; 1527 1528 if (!p) { 1529 return 0; /* bullet-proofing */ 1530 } 1531 1532 if (STACK_GROWS_DOWN) { 1533 int offset = ((p - 1) % TARGET_PAGE_SIZE) + 1; 1534 for (i = argc - 1; i >= 0; --i) { 1535 tmp = argv[i]; 1536 if (!tmp) { 1537 fprintf(stderr, "VFS: argc is wrong"); 1538 exit(-1); 1539 } 1540 len = strlen(tmp) + 1; 1541 tmp += len; 1542 1543 if (len > (p - stack_limit)) { 1544 return 0; 1545 } 1546 while (len) { 1547 int bytes_to_copy = (len > offset) ? offset : len; 1548 tmp -= bytes_to_copy; 1549 p -= bytes_to_copy; 1550 offset -= bytes_to_copy; 1551 len -= bytes_to_copy; 1552 1553 memcpy_fromfs(scratch + offset, tmp, bytes_to_copy); 1554 1555 if (offset == 0) { 1556 memcpy_to_target(p, scratch, top - p); 1557 top = p; 1558 offset = TARGET_PAGE_SIZE; 1559 } 1560 } 1561 } 1562 if (p != top) { 1563 memcpy_to_target(p, scratch + offset, top - p); 1564 } 1565 } else { 1566 int remaining = TARGET_PAGE_SIZE - (p % TARGET_PAGE_SIZE); 1567 for (i = 0; i < argc; ++i) { 1568 tmp = argv[i]; 1569 if (!tmp) { 1570 fprintf(stderr, "VFS: argc is wrong"); 1571 exit(-1); 1572 } 1573 len = strlen(tmp) + 1; 1574 if (len > (stack_limit - p)) { 1575 return 0; 1576 } 1577 while (len) { 1578 int bytes_to_copy = (len > remaining) ? remaining : len; 1579 1580 memcpy_fromfs(scratch + (p - top), tmp, bytes_to_copy); 1581 1582 tmp += bytes_to_copy; 1583 remaining -= bytes_to_copy; 1584 p += bytes_to_copy; 1585 len -= bytes_to_copy; 1586 1587 if (remaining == 0) { 1588 memcpy_to_target(top, scratch, p - top); 1589 top = p; 1590 remaining = TARGET_PAGE_SIZE; 1591 } 1592 } 1593 } 1594 if (p != top) { 1595 memcpy_to_target(top, scratch, p - top); 1596 } 1597 } 1598 1599 return p; 1600 } 1601 1602 /* Older linux kernels provide up to MAX_ARG_PAGES (default: 32) of 1603 * argument/environment space. Newer kernels (>2.6.33) allow more, 1604 * dependent on stack size, but guarantee at least 32 pages for 1605 * backwards compatibility. 1606 */ 1607 #define STACK_LOWER_LIMIT (32 * TARGET_PAGE_SIZE) 1608 1609 static abi_ulong setup_arg_pages(struct linux_binprm *bprm, 1610 struct image_info *info) 1611 { 1612 abi_ulong size, error, guard; 1613 1614 size = guest_stack_size; 1615 if (size < STACK_LOWER_LIMIT) { 1616 size = STACK_LOWER_LIMIT; 1617 } 1618 guard = TARGET_PAGE_SIZE; 1619 if (guard < qemu_real_host_page_size) { 1620 guard = qemu_real_host_page_size; 1621 } 1622 1623 error = target_mmap(0, size + guard, PROT_READ | PROT_WRITE, 1624 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); 1625 if (error == -1) { 1626 perror("mmap stack"); 1627 exit(-1); 1628 } 1629 1630 /* We reserve one extra page at the top of the stack as guard. */ 1631 if (STACK_GROWS_DOWN) { 1632 target_mprotect(error, guard, PROT_NONE); 1633 info->stack_limit = error + guard; 1634 return info->stack_limit + size - sizeof(void *); 1635 } else { 1636 target_mprotect(error + size, guard, PROT_NONE); 1637 info->stack_limit = error + size; 1638 return error; 1639 } 1640 } 1641 1642 /* Map and zero the bss. We need to explicitly zero any fractional pages 1643 after the data section (i.e. bss). */ 1644 static void zero_bss(abi_ulong elf_bss, abi_ulong last_bss, int prot) 1645 { 1646 uintptr_t host_start, host_map_start, host_end; 1647 1648 last_bss = TARGET_PAGE_ALIGN(last_bss); 1649 1650 /* ??? There is confusion between qemu_real_host_page_size and 1651 qemu_host_page_size here and elsewhere in target_mmap, which 1652 may lead to the end of the data section mapping from the file 1653 not being mapped. At least there was an explicit test and 1654 comment for that here, suggesting that "the file size must 1655 be known". The comment probably pre-dates the introduction 1656 of the fstat system call in target_mmap which does in fact 1657 find out the size. What isn't clear is if the workaround 1658 here is still actually needed. For now, continue with it, 1659 but merge it with the "normal" mmap that would allocate the bss. */ 1660 1661 host_start = (uintptr_t) g2h(elf_bss); 1662 host_end = (uintptr_t) g2h(last_bss); 1663 host_map_start = REAL_HOST_PAGE_ALIGN(host_start); 1664 1665 if (host_map_start < host_end) { 1666 void *p = mmap((void *)host_map_start, host_end - host_map_start, 1667 prot, MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); 1668 if (p == MAP_FAILED) { 1669 perror("cannot mmap brk"); 1670 exit(-1); 1671 } 1672 } 1673 1674 /* Ensure that the bss page(s) are valid */ 1675 if ((page_get_flags(last_bss-1) & prot) != prot) { 1676 page_set_flags(elf_bss & TARGET_PAGE_MASK, last_bss, prot | PAGE_VALID); 1677 } 1678 1679 if (host_start < host_map_start) { 1680 memset((void *)host_start, 0, host_map_start - host_start); 1681 } 1682 } 1683 1684 #ifdef CONFIG_USE_FDPIC 1685 static abi_ulong loader_build_fdpic_loadmap(struct image_info *info, abi_ulong sp) 1686 { 1687 uint16_t n; 1688 struct elf32_fdpic_loadseg *loadsegs = info->loadsegs; 1689 1690 /* elf32_fdpic_loadseg */ 1691 n = info->nsegs; 1692 while (n--) { 1693 sp -= 12; 1694 put_user_u32(loadsegs[n].addr, sp+0); 1695 put_user_u32(loadsegs[n].p_vaddr, sp+4); 1696 put_user_u32(loadsegs[n].p_memsz, sp+8); 1697 } 1698 1699 /* elf32_fdpic_loadmap */ 1700 sp -= 4; 1701 put_user_u16(0, sp+0); /* version */ 1702 put_user_u16(info->nsegs, sp+2); /* nsegs */ 1703 1704 info->personality = PER_LINUX_FDPIC; 1705 info->loadmap_addr = sp; 1706 1707 return sp; 1708 } 1709 #endif 1710 1711 static abi_ulong create_elf_tables(abi_ulong p, int argc, int envc, 1712 struct elfhdr *exec, 1713 struct image_info *info, 1714 struct image_info *interp_info) 1715 { 1716 abi_ulong sp; 1717 abi_ulong u_argc, u_argv, u_envp, u_auxv; 1718 int size; 1719 int i; 1720 abi_ulong u_rand_bytes; 1721 uint8_t k_rand_bytes[16]; 1722 abi_ulong u_platform; 1723 const char *k_platform; 1724 const int n = sizeof(elf_addr_t); 1725 1726 sp = p; 1727 1728 #ifdef CONFIG_USE_FDPIC 1729 /* Needs to be before we load the env/argc/... */ 1730 if (elf_is_fdpic(exec)) { 1731 /* Need 4 byte alignment for these structs */ 1732 sp &= ~3; 1733 sp = loader_build_fdpic_loadmap(info, sp); 1734 info->other_info = interp_info; 1735 if (interp_info) { 1736 interp_info->other_info = info; 1737 sp = loader_build_fdpic_loadmap(interp_info, sp); 1738 } 1739 } 1740 #endif 1741 1742 u_platform = 0; 1743 k_platform = ELF_PLATFORM; 1744 if (k_platform) { 1745 size_t len = strlen(k_platform) + 1; 1746 if (STACK_GROWS_DOWN) { 1747 sp -= (len + n - 1) & ~(n - 1); 1748 u_platform = sp; 1749 /* FIXME - check return value of memcpy_to_target() for failure */ 1750 memcpy_to_target(sp, k_platform, len); 1751 } else { 1752 memcpy_to_target(sp, k_platform, len); 1753 u_platform = sp; 1754 sp += len + 1; 1755 } 1756 } 1757 1758 /* Provide 16 byte alignment for the PRNG, and basic alignment for 1759 * the argv and envp pointers. 1760 */ 1761 if (STACK_GROWS_DOWN) { 1762 sp = QEMU_ALIGN_DOWN(sp, 16); 1763 } else { 1764 sp = QEMU_ALIGN_UP(sp, 16); 1765 } 1766 1767 /* 1768 * Generate 16 random bytes for userspace PRNG seeding (not 1769 * cryptically secure but it's not the aim of QEMU). 1770 */ 1771 for (i = 0; i < 16; i++) { 1772 k_rand_bytes[i] = rand(); 1773 } 1774 if (STACK_GROWS_DOWN) { 1775 sp -= 16; 1776 u_rand_bytes = sp; 1777 /* FIXME - check return value of memcpy_to_target() for failure */ 1778 memcpy_to_target(sp, k_rand_bytes, 16); 1779 } else { 1780 memcpy_to_target(sp, k_rand_bytes, 16); 1781 u_rand_bytes = sp; 1782 sp += 16; 1783 } 1784 1785 size = (DLINFO_ITEMS + 1) * 2; 1786 if (k_platform) 1787 size += 2; 1788 #ifdef DLINFO_ARCH_ITEMS 1789 size += DLINFO_ARCH_ITEMS * 2; 1790 #endif 1791 #ifdef ELF_HWCAP2 1792 size += 2; 1793 #endif 1794 info->auxv_len = size * n; 1795 1796 size += envc + argc + 2; 1797 size += 1; /* argc itself */ 1798 size *= n; 1799 1800 /* Allocate space and finalize stack alignment for entry now. */ 1801 if (STACK_GROWS_DOWN) { 1802 u_argc = QEMU_ALIGN_DOWN(sp - size, STACK_ALIGNMENT); 1803 sp = u_argc; 1804 } else { 1805 u_argc = sp; 1806 sp = QEMU_ALIGN_UP(sp + size, STACK_ALIGNMENT); 1807 } 1808 1809 u_argv = u_argc + n; 1810 u_envp = u_argv + (argc + 1) * n; 1811 u_auxv = u_envp + (envc + 1) * n; 1812 info->saved_auxv = u_auxv; 1813 info->arg_start = u_argv; 1814 info->arg_end = u_argv + argc * n; 1815 1816 /* This is correct because Linux defines 1817 * elf_addr_t as Elf32_Off / Elf64_Off 1818 */ 1819 #define NEW_AUX_ENT(id, val) do { \ 1820 put_user_ual(id, u_auxv); u_auxv += n; \ 1821 put_user_ual(val, u_auxv); u_auxv += n; \ 1822 } while(0) 1823 1824 #ifdef ARCH_DLINFO 1825 /* 1826 * ARCH_DLINFO must come first so platform specific code can enforce 1827 * special alignment requirements on the AUXV if necessary (eg. PPC). 1828 */ 1829 ARCH_DLINFO; 1830 #endif 1831 /* There must be exactly DLINFO_ITEMS entries here, or the assert 1832 * on info->auxv_len will trigger. 1833 */ 1834 NEW_AUX_ENT(AT_PHDR, (abi_ulong)(info->load_addr + exec->e_phoff)); 1835 NEW_AUX_ENT(AT_PHENT, (abi_ulong)(sizeof (struct elf_phdr))); 1836 NEW_AUX_ENT(AT_PHNUM, (abi_ulong)(exec->e_phnum)); 1837 NEW_AUX_ENT(AT_PAGESZ, (abi_ulong)(MAX(TARGET_PAGE_SIZE, getpagesize()))); 1838 NEW_AUX_ENT(AT_BASE, (abi_ulong)(interp_info ? interp_info->load_addr : 0)); 1839 NEW_AUX_ENT(AT_FLAGS, (abi_ulong)0); 1840 NEW_AUX_ENT(AT_ENTRY, info->entry); 1841 NEW_AUX_ENT(AT_UID, (abi_ulong) getuid()); 1842 NEW_AUX_ENT(AT_EUID, (abi_ulong) geteuid()); 1843 NEW_AUX_ENT(AT_GID, (abi_ulong) getgid()); 1844 NEW_AUX_ENT(AT_EGID, (abi_ulong) getegid()); 1845 NEW_AUX_ENT(AT_HWCAP, (abi_ulong) ELF_HWCAP); 1846 NEW_AUX_ENT(AT_CLKTCK, (abi_ulong) sysconf(_SC_CLK_TCK)); 1847 NEW_AUX_ENT(AT_RANDOM, (abi_ulong) u_rand_bytes); 1848 NEW_AUX_ENT(AT_SECURE, (abi_ulong) qemu_getauxval(AT_SECURE)); 1849 1850 #ifdef ELF_HWCAP2 1851 NEW_AUX_ENT(AT_HWCAP2, (abi_ulong) ELF_HWCAP2); 1852 #endif 1853 1854 if (u_platform) { 1855 NEW_AUX_ENT(AT_PLATFORM, u_platform); 1856 } 1857 NEW_AUX_ENT (AT_NULL, 0); 1858 #undef NEW_AUX_ENT 1859 1860 /* Check that our initial calculation of the auxv length matches how much 1861 * we actually put into it. 1862 */ 1863 assert(info->auxv_len == u_auxv - info->saved_auxv); 1864 1865 put_user_ual(argc, u_argc); 1866 1867 p = info->arg_strings; 1868 for (i = 0; i < argc; ++i) { 1869 put_user_ual(p, u_argv); 1870 u_argv += n; 1871 p += target_strlen(p) + 1; 1872 } 1873 put_user_ual(0, u_argv); 1874 1875 p = info->env_strings; 1876 for (i = 0; i < envc; ++i) { 1877 put_user_ual(p, u_envp); 1878 u_envp += n; 1879 p += target_strlen(p) + 1; 1880 } 1881 put_user_ual(0, u_envp); 1882 1883 return sp; 1884 } 1885 1886 unsigned long init_guest_space(unsigned long host_start, 1887 unsigned long host_size, 1888 unsigned long guest_start, 1889 bool fixed) 1890 { 1891 unsigned long current_start, aligned_start; 1892 int flags; 1893 1894 assert(host_start || host_size); 1895 1896 /* If just a starting address is given, then just verify that 1897 * address. */ 1898 if (host_start && !host_size) { 1899 #if defined(TARGET_ARM) && !defined(TARGET_AARCH64) 1900 if (init_guest_commpage(host_start, host_size) != 1) { 1901 return (unsigned long)-1; 1902 } 1903 #endif 1904 return host_start; 1905 } 1906 1907 /* Setup the initial flags and start address. */ 1908 current_start = host_start & qemu_host_page_mask; 1909 flags = MAP_ANONYMOUS | MAP_PRIVATE | MAP_NORESERVE; 1910 if (fixed) { 1911 flags |= MAP_FIXED; 1912 } 1913 1914 /* Otherwise, a non-zero size region of memory needs to be mapped 1915 * and validated. */ 1916 1917 #if defined(TARGET_ARM) && !defined(TARGET_AARCH64) 1918 /* On 32-bit ARM, we need to map not just the usable memory, but 1919 * also the commpage. Try to find a suitable place by allocating 1920 * a big chunk for all of it. If host_start, then the naive 1921 * strategy probably does good enough. 1922 */ 1923 if (!host_start) { 1924 unsigned long guest_full_size, host_full_size, real_start; 1925 1926 guest_full_size = 1927 (0xffff0f00 & qemu_host_page_mask) + qemu_host_page_size; 1928 host_full_size = guest_full_size - guest_start; 1929 real_start = (unsigned long) 1930 mmap(NULL, host_full_size, PROT_NONE, flags, -1, 0); 1931 if (real_start == (unsigned long)-1) { 1932 if (host_size < host_full_size - qemu_host_page_size) { 1933 /* We failed to map a continous segment, but we're 1934 * allowed to have a gap between the usable memory and 1935 * the commpage where other things can be mapped. 1936 * This sparseness gives us more flexibility to find 1937 * an address range. 1938 */ 1939 goto naive; 1940 } 1941 return (unsigned long)-1; 1942 } 1943 munmap((void *)real_start, host_full_size); 1944 if (real_start & ~qemu_host_page_mask) { 1945 /* The same thing again, but with an extra qemu_host_page_size 1946 * so that we can shift around alignment. 1947 */ 1948 unsigned long real_size = host_full_size + qemu_host_page_size; 1949 real_start = (unsigned long) 1950 mmap(NULL, real_size, PROT_NONE, flags, -1, 0); 1951 if (real_start == (unsigned long)-1) { 1952 if (host_size < host_full_size - qemu_host_page_size) { 1953 goto naive; 1954 } 1955 return (unsigned long)-1; 1956 } 1957 munmap((void *)real_start, real_size); 1958 real_start = HOST_PAGE_ALIGN(real_start); 1959 } 1960 current_start = real_start; 1961 } 1962 naive: 1963 #endif 1964 1965 while (1) { 1966 unsigned long real_start, real_size, aligned_size; 1967 aligned_size = real_size = host_size; 1968 1969 /* Do not use mmap_find_vma here because that is limited to the 1970 * guest address space. We are going to make the 1971 * guest address space fit whatever we're given. 1972 */ 1973 real_start = (unsigned long) 1974 mmap((void *)current_start, host_size, PROT_NONE, flags, -1, 0); 1975 if (real_start == (unsigned long)-1) { 1976 return (unsigned long)-1; 1977 } 1978 1979 /* Check to see if the address is valid. */ 1980 if (host_start && real_start != current_start) { 1981 goto try_again; 1982 } 1983 1984 /* Ensure the address is properly aligned. */ 1985 if (real_start & ~qemu_host_page_mask) { 1986 /* Ideally, we adjust like 1987 * 1988 * pages: [ ][ ][ ][ ][ ] 1989 * old: [ real ] 1990 * [ aligned ] 1991 * new: [ real ] 1992 * [ aligned ] 1993 * 1994 * But if there is something else mapped right after it, 1995 * then obviously it won't have room to grow, and the 1996 * kernel will put the new larger real someplace else with 1997 * unknown alignment (if we made it to here, then 1998 * fixed=false). Which is why we grow real by a full page 1999 * size, instead of by part of one; so that even if we get 2000 * moved, we can still guarantee alignment. But this does 2001 * mean that there is a padding of < 1 page both before 2002 * and after the aligned range; the "after" could could 2003 * cause problems for ARM emulation where it could butt in 2004 * to where we need to put the commpage. 2005 */ 2006 munmap((void *)real_start, host_size); 2007 real_size = aligned_size + qemu_host_page_size; 2008 real_start = (unsigned long) 2009 mmap((void *)real_start, real_size, PROT_NONE, flags, -1, 0); 2010 if (real_start == (unsigned long)-1) { 2011 return (unsigned long)-1; 2012 } 2013 aligned_start = HOST_PAGE_ALIGN(real_start); 2014 } else { 2015 aligned_start = real_start; 2016 } 2017 2018 #if defined(TARGET_ARM) && !defined(TARGET_AARCH64) 2019 /* On 32-bit ARM, we need to also be able to map the commpage. */ 2020 int valid = init_guest_commpage(aligned_start - guest_start, 2021 aligned_size + guest_start); 2022 if (valid == -1) { 2023 munmap((void *)real_start, real_size); 2024 return (unsigned long)-1; 2025 } else if (valid == 0) { 2026 goto try_again; 2027 } 2028 #endif 2029 2030 /* If nothing has said `return -1` or `goto try_again` yet, 2031 * then the address we have is good. 2032 */ 2033 break; 2034 2035 try_again: 2036 /* That address didn't work. Unmap and try a different one. 2037 * The address the host picked because is typically right at 2038 * the top of the host address space and leaves the guest with 2039 * no usable address space. Resort to a linear search. We 2040 * already compensated for mmap_min_addr, so this should not 2041 * happen often. Probably means we got unlucky and host 2042 * address space randomization put a shared library somewhere 2043 * inconvenient. 2044 * 2045 * This is probably a good strategy if host_start, but is 2046 * probably a bad strategy if not, which means we got here 2047 * because of trouble with ARM commpage setup. 2048 */ 2049 munmap((void *)real_start, real_size); 2050 current_start += qemu_host_page_size; 2051 if (host_start == current_start) { 2052 /* Theoretically possible if host doesn't have any suitably 2053 * aligned areas. Normally the first mmap will fail. 2054 */ 2055 return (unsigned long)-1; 2056 } 2057 } 2058 2059 qemu_log_mask(CPU_LOG_PAGE, "Reserved 0x%lx bytes of guest address space\n", host_size); 2060 2061 return aligned_start; 2062 } 2063 2064 static void probe_guest_base(const char *image_name, 2065 abi_ulong loaddr, abi_ulong hiaddr) 2066 { 2067 /* Probe for a suitable guest base address, if the user has not set 2068 * it explicitly, and set guest_base appropriately. 2069 * In case of error we will print a suitable message and exit. 2070 */ 2071 const char *errmsg; 2072 if (!have_guest_base && !reserved_va) { 2073 unsigned long host_start, real_start, host_size; 2074 2075 /* Round addresses to page boundaries. */ 2076 loaddr &= qemu_host_page_mask; 2077 hiaddr = HOST_PAGE_ALIGN(hiaddr); 2078 2079 if (loaddr < mmap_min_addr) { 2080 host_start = HOST_PAGE_ALIGN(mmap_min_addr); 2081 } else { 2082 host_start = loaddr; 2083 if (host_start != loaddr) { 2084 errmsg = "Address overflow loading ELF binary"; 2085 goto exit_errmsg; 2086 } 2087 } 2088 host_size = hiaddr - loaddr; 2089 2090 /* Setup the initial guest memory space with ranges gleaned from 2091 * the ELF image that is being loaded. 2092 */ 2093 real_start = init_guest_space(host_start, host_size, loaddr, false); 2094 if (real_start == (unsigned long)-1) { 2095 errmsg = "Unable to find space for application"; 2096 goto exit_errmsg; 2097 } 2098 guest_base = real_start - loaddr; 2099 2100 qemu_log_mask(CPU_LOG_PAGE, "Relocating guest address space from 0x" 2101 TARGET_ABI_FMT_lx " to 0x%lx\n", 2102 loaddr, real_start); 2103 } 2104 return; 2105 2106 exit_errmsg: 2107 fprintf(stderr, "%s: %s\n", image_name, errmsg); 2108 exit(-1); 2109 } 2110 2111 2112 /* Load an ELF image into the address space. 2113 2114 IMAGE_NAME is the filename of the image, to use in error messages. 2115 IMAGE_FD is the open file descriptor for the image. 2116 2117 BPRM_BUF is a copy of the beginning of the file; this of course 2118 contains the elf file header at offset 0. It is assumed that this 2119 buffer is sufficiently aligned to present no problems to the host 2120 in accessing data at aligned offsets within the buffer. 2121 2122 On return: INFO values will be filled in, as necessary or available. */ 2123 2124 static void load_elf_image(const char *image_name, int image_fd, 2125 struct image_info *info, char **pinterp_name, 2126 char bprm_buf[BPRM_BUF_SIZE]) 2127 { 2128 struct elfhdr *ehdr = (struct elfhdr *)bprm_buf; 2129 struct elf_phdr *phdr; 2130 abi_ulong load_addr, load_bias, loaddr, hiaddr, error; 2131 int i, retval; 2132 const char *errmsg; 2133 2134 /* First of all, some simple consistency checks */ 2135 errmsg = "Invalid ELF image for this architecture"; 2136 if (!elf_check_ident(ehdr)) { 2137 goto exit_errmsg; 2138 } 2139 bswap_ehdr(ehdr); 2140 if (!elf_check_ehdr(ehdr)) { 2141 goto exit_errmsg; 2142 } 2143 2144 i = ehdr->e_phnum * sizeof(struct elf_phdr); 2145 if (ehdr->e_phoff + i <= BPRM_BUF_SIZE) { 2146 phdr = (struct elf_phdr *)(bprm_buf + ehdr->e_phoff); 2147 } else { 2148 phdr = (struct elf_phdr *) alloca(i); 2149 retval = pread(image_fd, phdr, i, ehdr->e_phoff); 2150 if (retval != i) { 2151 goto exit_read; 2152 } 2153 } 2154 bswap_phdr(phdr, ehdr->e_phnum); 2155 2156 #ifdef CONFIG_USE_FDPIC 2157 info->nsegs = 0; 2158 info->pt_dynamic_addr = 0; 2159 #endif 2160 2161 mmap_lock(); 2162 2163 /* Find the maximum size of the image and allocate an appropriate 2164 amount of memory to handle that. */ 2165 loaddr = -1, hiaddr = 0; 2166 for (i = 0; i < ehdr->e_phnum; ++i) { 2167 if (phdr[i].p_type == PT_LOAD) { 2168 abi_ulong a = phdr[i].p_vaddr - phdr[i].p_offset; 2169 if (a < loaddr) { 2170 loaddr = a; 2171 } 2172 a = phdr[i].p_vaddr + phdr[i].p_memsz; 2173 if (a > hiaddr) { 2174 hiaddr = a; 2175 } 2176 #ifdef CONFIG_USE_FDPIC 2177 ++info->nsegs; 2178 #endif 2179 } 2180 } 2181 2182 load_addr = loaddr; 2183 if (ehdr->e_type == ET_DYN) { 2184 /* The image indicates that it can be loaded anywhere. Find a 2185 location that can hold the memory space required. If the 2186 image is pre-linked, LOADDR will be non-zero. Since we do 2187 not supply MAP_FIXED here we'll use that address if and 2188 only if it remains available. */ 2189 load_addr = target_mmap(loaddr, hiaddr - loaddr, PROT_NONE, 2190 MAP_PRIVATE | MAP_ANON | MAP_NORESERVE, 2191 -1, 0); 2192 if (load_addr == -1) { 2193 goto exit_perror; 2194 } 2195 } else if (pinterp_name != NULL) { 2196 /* This is the main executable. Make sure that the low 2197 address does not conflict with MMAP_MIN_ADDR or the 2198 QEMU application itself. */ 2199 probe_guest_base(image_name, loaddr, hiaddr); 2200 } 2201 load_bias = load_addr - loaddr; 2202 2203 #ifdef CONFIG_USE_FDPIC 2204 { 2205 struct elf32_fdpic_loadseg *loadsegs = info->loadsegs = 2206 g_malloc(sizeof(*loadsegs) * info->nsegs); 2207 2208 for (i = 0; i < ehdr->e_phnum; ++i) { 2209 switch (phdr[i].p_type) { 2210 case PT_DYNAMIC: 2211 info->pt_dynamic_addr = phdr[i].p_vaddr + load_bias; 2212 break; 2213 case PT_LOAD: 2214 loadsegs->addr = phdr[i].p_vaddr + load_bias; 2215 loadsegs->p_vaddr = phdr[i].p_vaddr; 2216 loadsegs->p_memsz = phdr[i].p_memsz; 2217 ++loadsegs; 2218 break; 2219 } 2220 } 2221 } 2222 #endif 2223 2224 info->load_bias = load_bias; 2225 info->load_addr = load_addr; 2226 info->entry = ehdr->e_entry + load_bias; 2227 info->start_code = -1; 2228 info->end_code = 0; 2229 info->start_data = -1; 2230 info->end_data = 0; 2231 info->brk = 0; 2232 info->elf_flags = ehdr->e_flags; 2233 2234 for (i = 0; i < ehdr->e_phnum; i++) { 2235 struct elf_phdr *eppnt = phdr + i; 2236 if (eppnt->p_type == PT_LOAD) { 2237 abi_ulong vaddr, vaddr_po, vaddr_ps, vaddr_ef, vaddr_em; 2238 int elf_prot = 0; 2239 2240 if (eppnt->p_flags & PF_R) elf_prot = PROT_READ; 2241 if (eppnt->p_flags & PF_W) elf_prot |= PROT_WRITE; 2242 if (eppnt->p_flags & PF_X) elf_prot |= PROT_EXEC; 2243 2244 vaddr = load_bias + eppnt->p_vaddr; 2245 vaddr_po = TARGET_ELF_PAGEOFFSET(vaddr); 2246 vaddr_ps = TARGET_ELF_PAGESTART(vaddr); 2247 2248 error = target_mmap(vaddr_ps, eppnt->p_filesz + vaddr_po, 2249 elf_prot, MAP_PRIVATE | MAP_FIXED, 2250 image_fd, eppnt->p_offset - vaddr_po); 2251 if (error == -1) { 2252 goto exit_perror; 2253 } 2254 2255 vaddr_ef = vaddr + eppnt->p_filesz; 2256 vaddr_em = vaddr + eppnt->p_memsz; 2257 2258 /* If the load segment requests extra zeros (e.g. bss), map it. */ 2259 if (vaddr_ef < vaddr_em) { 2260 zero_bss(vaddr_ef, vaddr_em, elf_prot); 2261 } 2262 2263 /* Find the full program boundaries. */ 2264 if (elf_prot & PROT_EXEC) { 2265 if (vaddr < info->start_code) { 2266 info->start_code = vaddr; 2267 } 2268 if (vaddr_ef > info->end_code) { 2269 info->end_code = vaddr_ef; 2270 } 2271 } 2272 if (elf_prot & PROT_WRITE) { 2273 if (vaddr < info->start_data) { 2274 info->start_data = vaddr; 2275 } 2276 if (vaddr_ef > info->end_data) { 2277 info->end_data = vaddr_ef; 2278 } 2279 if (vaddr_em > info->brk) { 2280 info->brk = vaddr_em; 2281 } 2282 } 2283 } else if (eppnt->p_type == PT_INTERP && pinterp_name) { 2284 char *interp_name; 2285 2286 if (*pinterp_name) { 2287 errmsg = "Multiple PT_INTERP entries"; 2288 goto exit_errmsg; 2289 } 2290 interp_name = malloc(eppnt->p_filesz); 2291 if (!interp_name) { 2292 goto exit_perror; 2293 } 2294 2295 if (eppnt->p_offset + eppnt->p_filesz <= BPRM_BUF_SIZE) { 2296 memcpy(interp_name, bprm_buf + eppnt->p_offset, 2297 eppnt->p_filesz); 2298 } else { 2299 retval = pread(image_fd, interp_name, eppnt->p_filesz, 2300 eppnt->p_offset); 2301 if (retval != eppnt->p_filesz) { 2302 goto exit_perror; 2303 } 2304 } 2305 if (interp_name[eppnt->p_filesz - 1] != 0) { 2306 errmsg = "Invalid PT_INTERP entry"; 2307 goto exit_errmsg; 2308 } 2309 *pinterp_name = interp_name; 2310 } 2311 } 2312 2313 if (info->end_data == 0) { 2314 info->start_data = info->end_code; 2315 info->end_data = info->end_code; 2316 info->brk = info->end_code; 2317 } 2318 2319 if (qemu_log_enabled()) { 2320 load_symbols(ehdr, image_fd, load_bias); 2321 } 2322 2323 mmap_unlock(); 2324 2325 close(image_fd); 2326 return; 2327 2328 exit_read: 2329 if (retval >= 0) { 2330 errmsg = "Incomplete read of file header"; 2331 goto exit_errmsg; 2332 } 2333 exit_perror: 2334 errmsg = strerror(errno); 2335 exit_errmsg: 2336 fprintf(stderr, "%s: %s\n", image_name, errmsg); 2337 exit(-1); 2338 } 2339 2340 static void load_elf_interp(const char *filename, struct image_info *info, 2341 char bprm_buf[BPRM_BUF_SIZE]) 2342 { 2343 int fd, retval; 2344 2345 fd = open(path(filename), O_RDONLY); 2346 if (fd < 0) { 2347 goto exit_perror; 2348 } 2349 2350 retval = read(fd, bprm_buf, BPRM_BUF_SIZE); 2351 if (retval < 0) { 2352 goto exit_perror; 2353 } 2354 if (retval < BPRM_BUF_SIZE) { 2355 memset(bprm_buf + retval, 0, BPRM_BUF_SIZE - retval); 2356 } 2357 2358 load_elf_image(filename, fd, info, NULL, bprm_buf); 2359 return; 2360 2361 exit_perror: 2362 fprintf(stderr, "%s: %s\n", filename, strerror(errno)); 2363 exit(-1); 2364 } 2365 2366 static int symfind(const void *s0, const void *s1) 2367 { 2368 target_ulong addr = *(target_ulong *)s0; 2369 struct elf_sym *sym = (struct elf_sym *)s1; 2370 int result = 0; 2371 if (addr < sym->st_value) { 2372 result = -1; 2373 } else if (addr >= sym->st_value + sym->st_size) { 2374 result = 1; 2375 } 2376 return result; 2377 } 2378 2379 static const char *lookup_symbolxx(struct syminfo *s, target_ulong orig_addr) 2380 { 2381 #if ELF_CLASS == ELFCLASS32 2382 struct elf_sym *syms = s->disas_symtab.elf32; 2383 #else 2384 struct elf_sym *syms = s->disas_symtab.elf64; 2385 #endif 2386 2387 // binary search 2388 struct elf_sym *sym; 2389 2390 sym = bsearch(&orig_addr, syms, s->disas_num_syms, sizeof(*syms), symfind); 2391 if (sym != NULL) { 2392 return s->disas_strtab + sym->st_name; 2393 } 2394 2395 return ""; 2396 } 2397 2398 /* FIXME: This should use elf_ops.h */ 2399 static int symcmp(const void *s0, const void *s1) 2400 { 2401 struct elf_sym *sym0 = (struct elf_sym *)s0; 2402 struct elf_sym *sym1 = (struct elf_sym *)s1; 2403 return (sym0->st_value < sym1->st_value) 2404 ? -1 2405 : ((sym0->st_value > sym1->st_value) ? 1 : 0); 2406 } 2407 2408 /* Best attempt to load symbols from this ELF object. */ 2409 static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias) 2410 { 2411 int i, shnum, nsyms, sym_idx = 0, str_idx = 0; 2412 uint64_t segsz; 2413 struct elf_shdr *shdr; 2414 char *strings = NULL; 2415 struct syminfo *s = NULL; 2416 struct elf_sym *new_syms, *syms = NULL; 2417 2418 shnum = hdr->e_shnum; 2419 i = shnum * sizeof(struct elf_shdr); 2420 shdr = (struct elf_shdr *)alloca(i); 2421 if (pread(fd, shdr, i, hdr->e_shoff) != i) { 2422 return; 2423 } 2424 2425 bswap_shdr(shdr, shnum); 2426 for (i = 0; i < shnum; ++i) { 2427 if (shdr[i].sh_type == SHT_SYMTAB) { 2428 sym_idx = i; 2429 str_idx = shdr[i].sh_link; 2430 goto found; 2431 } 2432 } 2433 2434 /* There will be no symbol table if the file was stripped. */ 2435 return; 2436 2437 found: 2438 /* Now know where the strtab and symtab are. Snarf them. */ 2439 s = g_try_new(struct syminfo, 1); 2440 if (!s) { 2441 goto give_up; 2442 } 2443 2444 segsz = shdr[str_idx].sh_size; 2445 s->disas_strtab = strings = g_try_malloc(segsz); 2446 if (!strings || 2447 pread(fd, strings, segsz, shdr[str_idx].sh_offset) != segsz) { 2448 goto give_up; 2449 } 2450 2451 segsz = shdr[sym_idx].sh_size; 2452 syms = g_try_malloc(segsz); 2453 if (!syms || pread(fd, syms, segsz, shdr[sym_idx].sh_offset) != segsz) { 2454 goto give_up; 2455 } 2456 2457 if (segsz / sizeof(struct elf_sym) > INT_MAX) { 2458 /* Implausibly large symbol table: give up rather than ploughing 2459 * on with the number of symbols calculation overflowing 2460 */ 2461 goto give_up; 2462 } 2463 nsyms = segsz / sizeof(struct elf_sym); 2464 for (i = 0; i < nsyms; ) { 2465 bswap_sym(syms + i); 2466 /* Throw away entries which we do not need. */ 2467 if (syms[i].st_shndx == SHN_UNDEF 2468 || syms[i].st_shndx >= SHN_LORESERVE 2469 || ELF_ST_TYPE(syms[i].st_info) != STT_FUNC) { 2470 if (i < --nsyms) { 2471 syms[i] = syms[nsyms]; 2472 } 2473 } else { 2474 #if defined(TARGET_ARM) || defined (TARGET_MIPS) 2475 /* The bottom address bit marks a Thumb or MIPS16 symbol. */ 2476 syms[i].st_value &= ~(target_ulong)1; 2477 #endif 2478 syms[i].st_value += load_bias; 2479 i++; 2480 } 2481 } 2482 2483 /* No "useful" symbol. */ 2484 if (nsyms == 0) { 2485 goto give_up; 2486 } 2487 2488 /* Attempt to free the storage associated with the local symbols 2489 that we threw away. Whether or not this has any effect on the 2490 memory allocation depends on the malloc implementation and how 2491 many symbols we managed to discard. */ 2492 new_syms = g_try_renew(struct elf_sym, syms, nsyms); 2493 if (new_syms == NULL) { 2494 goto give_up; 2495 } 2496 syms = new_syms; 2497 2498 qsort(syms, nsyms, sizeof(*syms), symcmp); 2499 2500 s->disas_num_syms = nsyms; 2501 #if ELF_CLASS == ELFCLASS32 2502 s->disas_symtab.elf32 = syms; 2503 #else 2504 s->disas_symtab.elf64 = syms; 2505 #endif 2506 s->lookup_symbol = lookup_symbolxx; 2507 s->next = syminfos; 2508 syminfos = s; 2509 2510 return; 2511 2512 give_up: 2513 g_free(s); 2514 g_free(strings); 2515 g_free(syms); 2516 } 2517 2518 uint32_t get_elf_eflags(int fd) 2519 { 2520 struct elfhdr ehdr; 2521 off_t offset; 2522 int ret; 2523 2524 /* Read ELF header */ 2525 offset = lseek(fd, 0, SEEK_SET); 2526 if (offset == (off_t) -1) { 2527 return 0; 2528 } 2529 ret = read(fd, &ehdr, sizeof(ehdr)); 2530 if (ret < sizeof(ehdr)) { 2531 return 0; 2532 } 2533 offset = lseek(fd, offset, SEEK_SET); 2534 if (offset == (off_t) -1) { 2535 return 0; 2536 } 2537 2538 /* Check ELF signature */ 2539 if (!elf_check_ident(&ehdr)) { 2540 return 0; 2541 } 2542 2543 /* check header */ 2544 bswap_ehdr(&ehdr); 2545 if (!elf_check_ehdr(&ehdr)) { 2546 return 0; 2547 } 2548 2549 /* return architecture id */ 2550 return ehdr.e_flags; 2551 } 2552 2553 int load_elf_binary(struct linux_binprm *bprm, struct image_info *info) 2554 { 2555 struct image_info interp_info; 2556 struct elfhdr elf_ex; 2557 char *elf_interpreter = NULL; 2558 char *scratch; 2559 2560 info->start_mmap = (abi_ulong)ELF_START_MMAP; 2561 2562 load_elf_image(bprm->filename, bprm->fd, info, 2563 &elf_interpreter, bprm->buf); 2564 2565 /* ??? We need a copy of the elf header for passing to create_elf_tables. 2566 If we do nothing, we'll have overwritten this when we re-use bprm->buf 2567 when we load the interpreter. */ 2568 elf_ex = *(struct elfhdr *)bprm->buf; 2569 2570 /* Do this so that we can load the interpreter, if need be. We will 2571 change some of these later */ 2572 bprm->p = setup_arg_pages(bprm, info); 2573 2574 scratch = g_new0(char, TARGET_PAGE_SIZE); 2575 if (STACK_GROWS_DOWN) { 2576 bprm->p = copy_elf_strings(1, &bprm->filename, scratch, 2577 bprm->p, info->stack_limit); 2578 info->file_string = bprm->p; 2579 bprm->p = copy_elf_strings(bprm->envc, bprm->envp, scratch, 2580 bprm->p, info->stack_limit); 2581 info->env_strings = bprm->p; 2582 bprm->p = copy_elf_strings(bprm->argc, bprm->argv, scratch, 2583 bprm->p, info->stack_limit); 2584 info->arg_strings = bprm->p; 2585 } else { 2586 info->arg_strings = bprm->p; 2587 bprm->p = copy_elf_strings(bprm->argc, bprm->argv, scratch, 2588 bprm->p, info->stack_limit); 2589 info->env_strings = bprm->p; 2590 bprm->p = copy_elf_strings(bprm->envc, bprm->envp, scratch, 2591 bprm->p, info->stack_limit); 2592 info->file_string = bprm->p; 2593 bprm->p = copy_elf_strings(1, &bprm->filename, scratch, 2594 bprm->p, info->stack_limit); 2595 } 2596 2597 g_free(scratch); 2598 2599 if (!bprm->p) { 2600 fprintf(stderr, "%s: %s\n", bprm->filename, strerror(E2BIG)); 2601 exit(-1); 2602 } 2603 2604 if (elf_interpreter) { 2605 load_elf_interp(elf_interpreter, &interp_info, bprm->buf); 2606 2607 /* If the program interpreter is one of these two, then assume 2608 an iBCS2 image. Otherwise assume a native linux image. */ 2609 2610 if (strcmp(elf_interpreter, "/usr/lib/libc.so.1") == 0 2611 || strcmp(elf_interpreter, "/usr/lib/ld.so.1") == 0) { 2612 info->personality = PER_SVR4; 2613 2614 /* Why this, you ask??? Well SVr4 maps page 0 as read-only, 2615 and some applications "depend" upon this behavior. Since 2616 we do not have the power to recompile these, we emulate 2617 the SVr4 behavior. Sigh. */ 2618 target_mmap(0, qemu_host_page_size, PROT_READ | PROT_EXEC, 2619 MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); 2620 } 2621 } 2622 2623 bprm->p = create_elf_tables(bprm->p, bprm->argc, bprm->envc, &elf_ex, 2624 info, (elf_interpreter ? &interp_info : NULL)); 2625 info->start_stack = bprm->p; 2626 2627 /* If we have an interpreter, set that as the program's entry point. 2628 Copy the load_bias as well, to help PPC64 interpret the entry 2629 point as a function descriptor. Do this after creating elf tables 2630 so that we copy the original program entry point into the AUXV. */ 2631 if (elf_interpreter) { 2632 info->load_bias = interp_info.load_bias; 2633 info->entry = interp_info.entry; 2634 free(elf_interpreter); 2635 } 2636 2637 #ifdef USE_ELF_CORE_DUMP 2638 bprm->core_dump = &elf_core_dump; 2639 #endif 2640 2641 return 0; 2642 } 2643 2644 #ifdef USE_ELF_CORE_DUMP 2645 /* 2646 * Definitions to generate Intel SVR4-like core files. 2647 * These mostly have the same names as the SVR4 types with "target_elf_" 2648 * tacked on the front to prevent clashes with linux definitions, 2649 * and the typedef forms have been avoided. This is mostly like 2650 * the SVR4 structure, but more Linuxy, with things that Linux does 2651 * not support and which gdb doesn't really use excluded. 2652 * 2653 * Fields we don't dump (their contents is zero) in linux-user qemu 2654 * are marked with XXX. 2655 * 2656 * Core dump code is copied from linux kernel (fs/binfmt_elf.c). 2657 * 2658 * Porting ELF coredump for target is (quite) simple process. First you 2659 * define USE_ELF_CORE_DUMP in target ELF code (where init_thread() for 2660 * the target resides): 2661 * 2662 * #define USE_ELF_CORE_DUMP 2663 * 2664 * Next you define type of register set used for dumping. ELF specification 2665 * says that it needs to be array of elf_greg_t that has size of ELF_NREG. 2666 * 2667 * typedef <target_regtype> target_elf_greg_t; 2668 * #define ELF_NREG <number of registers> 2669 * typedef taret_elf_greg_t target_elf_gregset_t[ELF_NREG]; 2670 * 2671 * Last step is to implement target specific function that copies registers 2672 * from given cpu into just specified register set. Prototype is: 2673 * 2674 * static void elf_core_copy_regs(taret_elf_gregset_t *regs, 2675 * const CPUArchState *env); 2676 * 2677 * Parameters: 2678 * regs - copy register values into here (allocated and zeroed by caller) 2679 * env - copy registers from here 2680 * 2681 * Example for ARM target is provided in this file. 2682 */ 2683 2684 /* An ELF note in memory */ 2685 struct memelfnote { 2686 const char *name; 2687 size_t namesz; 2688 size_t namesz_rounded; 2689 int type; 2690 size_t datasz; 2691 size_t datasz_rounded; 2692 void *data; 2693 size_t notesz; 2694 }; 2695 2696 struct target_elf_siginfo { 2697 abi_int si_signo; /* signal number */ 2698 abi_int si_code; /* extra code */ 2699 abi_int si_errno; /* errno */ 2700 }; 2701 2702 struct target_elf_prstatus { 2703 struct target_elf_siginfo pr_info; /* Info associated with signal */ 2704 abi_short pr_cursig; /* Current signal */ 2705 abi_ulong pr_sigpend; /* XXX */ 2706 abi_ulong pr_sighold; /* XXX */ 2707 target_pid_t pr_pid; 2708 target_pid_t pr_ppid; 2709 target_pid_t pr_pgrp; 2710 target_pid_t pr_sid; 2711 struct target_timeval pr_utime; /* XXX User time */ 2712 struct target_timeval pr_stime; /* XXX System time */ 2713 struct target_timeval pr_cutime; /* XXX Cumulative user time */ 2714 struct target_timeval pr_cstime; /* XXX Cumulative system time */ 2715 target_elf_gregset_t pr_reg; /* GP registers */ 2716 abi_int pr_fpvalid; /* XXX */ 2717 }; 2718 2719 #define ELF_PRARGSZ (80) /* Number of chars for args */ 2720 2721 struct target_elf_prpsinfo { 2722 char pr_state; /* numeric process state */ 2723 char pr_sname; /* char for pr_state */ 2724 char pr_zomb; /* zombie */ 2725 char pr_nice; /* nice val */ 2726 abi_ulong pr_flag; /* flags */ 2727 target_uid_t pr_uid; 2728 target_gid_t pr_gid; 2729 target_pid_t pr_pid, pr_ppid, pr_pgrp, pr_sid; 2730 /* Lots missing */ 2731 char pr_fname[16]; /* filename of executable */ 2732 char pr_psargs[ELF_PRARGSZ]; /* initial part of arg list */ 2733 }; 2734 2735 /* Here is the structure in which status of each thread is captured. */ 2736 struct elf_thread_status { 2737 QTAILQ_ENTRY(elf_thread_status) ets_link; 2738 struct target_elf_prstatus prstatus; /* NT_PRSTATUS */ 2739 #if 0 2740 elf_fpregset_t fpu; /* NT_PRFPREG */ 2741 struct task_struct *thread; 2742 elf_fpxregset_t xfpu; /* ELF_CORE_XFPREG_TYPE */ 2743 #endif 2744 struct memelfnote notes[1]; 2745 int num_notes; 2746 }; 2747 2748 struct elf_note_info { 2749 struct memelfnote *notes; 2750 struct target_elf_prstatus *prstatus; /* NT_PRSTATUS */ 2751 struct target_elf_prpsinfo *psinfo; /* NT_PRPSINFO */ 2752 2753 QTAILQ_HEAD(thread_list_head, elf_thread_status) thread_list; 2754 #if 0 2755 /* 2756 * Current version of ELF coredump doesn't support 2757 * dumping fp regs etc. 2758 */ 2759 elf_fpregset_t *fpu; 2760 elf_fpxregset_t *xfpu; 2761 int thread_status_size; 2762 #endif 2763 int notes_size; 2764 int numnote; 2765 }; 2766 2767 struct vm_area_struct { 2768 target_ulong vma_start; /* start vaddr of memory region */ 2769 target_ulong vma_end; /* end vaddr of memory region */ 2770 abi_ulong vma_flags; /* protection etc. flags for the region */ 2771 QTAILQ_ENTRY(vm_area_struct) vma_link; 2772 }; 2773 2774 struct mm_struct { 2775 QTAILQ_HEAD(, vm_area_struct) mm_mmap; 2776 int mm_count; /* number of mappings */ 2777 }; 2778 2779 static struct mm_struct *vma_init(void); 2780 static void vma_delete(struct mm_struct *); 2781 static int vma_add_mapping(struct mm_struct *, target_ulong, 2782 target_ulong, abi_ulong); 2783 static int vma_get_mapping_count(const struct mm_struct *); 2784 static struct vm_area_struct *vma_first(const struct mm_struct *); 2785 static struct vm_area_struct *vma_next(struct vm_area_struct *); 2786 static abi_ulong vma_dump_size(const struct vm_area_struct *); 2787 static int vma_walker(void *priv, target_ulong start, target_ulong end, 2788 unsigned long flags); 2789 2790 static void fill_elf_header(struct elfhdr *, int, uint16_t, uint32_t); 2791 static void fill_note(struct memelfnote *, const char *, int, 2792 unsigned int, void *); 2793 static void fill_prstatus(struct target_elf_prstatus *, const TaskState *, int); 2794 static int fill_psinfo(struct target_elf_prpsinfo *, const TaskState *); 2795 static void fill_auxv_note(struct memelfnote *, const TaskState *); 2796 static void fill_elf_note_phdr(struct elf_phdr *, int, off_t); 2797 static size_t note_size(const struct memelfnote *); 2798 static void free_note_info(struct elf_note_info *); 2799 static int fill_note_info(struct elf_note_info *, long, const CPUArchState *); 2800 static void fill_thread_info(struct elf_note_info *, const CPUArchState *); 2801 static int core_dump_filename(const TaskState *, char *, size_t); 2802 2803 static int dump_write(int, const void *, size_t); 2804 static int write_note(struct memelfnote *, int); 2805 static int write_note_info(struct elf_note_info *, int); 2806 2807 #ifdef BSWAP_NEEDED 2808 static void bswap_prstatus(struct target_elf_prstatus *prstatus) 2809 { 2810 prstatus->pr_info.si_signo = tswap32(prstatus->pr_info.si_signo); 2811 prstatus->pr_info.si_code = tswap32(prstatus->pr_info.si_code); 2812 prstatus->pr_info.si_errno = tswap32(prstatus->pr_info.si_errno); 2813 prstatus->pr_cursig = tswap16(prstatus->pr_cursig); 2814 prstatus->pr_sigpend = tswapal(prstatus->pr_sigpend); 2815 prstatus->pr_sighold = tswapal(prstatus->pr_sighold); 2816 prstatus->pr_pid = tswap32(prstatus->pr_pid); 2817 prstatus->pr_ppid = tswap32(prstatus->pr_ppid); 2818 prstatus->pr_pgrp = tswap32(prstatus->pr_pgrp); 2819 prstatus->pr_sid = tswap32(prstatus->pr_sid); 2820 /* cpu times are not filled, so we skip them */ 2821 /* regs should be in correct format already */ 2822 prstatus->pr_fpvalid = tswap32(prstatus->pr_fpvalid); 2823 } 2824 2825 static void bswap_psinfo(struct target_elf_prpsinfo *psinfo) 2826 { 2827 psinfo->pr_flag = tswapal(psinfo->pr_flag); 2828 psinfo->pr_uid = tswap16(psinfo->pr_uid); 2829 psinfo->pr_gid = tswap16(psinfo->pr_gid); 2830 psinfo->pr_pid = tswap32(psinfo->pr_pid); 2831 psinfo->pr_ppid = tswap32(psinfo->pr_ppid); 2832 psinfo->pr_pgrp = tswap32(psinfo->pr_pgrp); 2833 psinfo->pr_sid = tswap32(psinfo->pr_sid); 2834 } 2835 2836 static void bswap_note(struct elf_note *en) 2837 { 2838 bswap32s(&en->n_namesz); 2839 bswap32s(&en->n_descsz); 2840 bswap32s(&en->n_type); 2841 } 2842 #else 2843 static inline void bswap_prstatus(struct target_elf_prstatus *p) { } 2844 static inline void bswap_psinfo(struct target_elf_prpsinfo *p) {} 2845 static inline void bswap_note(struct elf_note *en) { } 2846 #endif /* BSWAP_NEEDED */ 2847 2848 /* 2849 * Minimal support for linux memory regions. These are needed 2850 * when we are finding out what memory exactly belongs to 2851 * emulated process. No locks needed here, as long as 2852 * thread that received the signal is stopped. 2853 */ 2854 2855 static struct mm_struct *vma_init(void) 2856 { 2857 struct mm_struct *mm; 2858 2859 if ((mm = g_malloc(sizeof (*mm))) == NULL) 2860 return (NULL); 2861 2862 mm->mm_count = 0; 2863 QTAILQ_INIT(&mm->mm_mmap); 2864 2865 return (mm); 2866 } 2867 2868 static void vma_delete(struct mm_struct *mm) 2869 { 2870 struct vm_area_struct *vma; 2871 2872 while ((vma = vma_first(mm)) != NULL) { 2873 QTAILQ_REMOVE(&mm->mm_mmap, vma, vma_link); 2874 g_free(vma); 2875 } 2876 g_free(mm); 2877 } 2878 2879 static int vma_add_mapping(struct mm_struct *mm, target_ulong start, 2880 target_ulong end, abi_ulong flags) 2881 { 2882 struct vm_area_struct *vma; 2883 2884 if ((vma = g_malloc0(sizeof (*vma))) == NULL) 2885 return (-1); 2886 2887 vma->vma_start = start; 2888 vma->vma_end = end; 2889 vma->vma_flags = flags; 2890 2891 QTAILQ_INSERT_TAIL(&mm->mm_mmap, vma, vma_link); 2892 mm->mm_count++; 2893 2894 return (0); 2895 } 2896 2897 static struct vm_area_struct *vma_first(const struct mm_struct *mm) 2898 { 2899 return (QTAILQ_FIRST(&mm->mm_mmap)); 2900 } 2901 2902 static struct vm_area_struct *vma_next(struct vm_area_struct *vma) 2903 { 2904 return (QTAILQ_NEXT(vma, vma_link)); 2905 } 2906 2907 static int vma_get_mapping_count(const struct mm_struct *mm) 2908 { 2909 return (mm->mm_count); 2910 } 2911 2912 /* 2913 * Calculate file (dump) size of given memory region. 2914 */ 2915 static abi_ulong vma_dump_size(const struct vm_area_struct *vma) 2916 { 2917 /* if we cannot even read the first page, skip it */ 2918 if (!access_ok(VERIFY_READ, vma->vma_start, TARGET_PAGE_SIZE)) 2919 return (0); 2920 2921 /* 2922 * Usually we don't dump executable pages as they contain 2923 * non-writable code that debugger can read directly from 2924 * target library etc. However, thread stacks are marked 2925 * also executable so we read in first page of given region 2926 * and check whether it contains elf header. If there is 2927 * no elf header, we dump it. 2928 */ 2929 if (vma->vma_flags & PROT_EXEC) { 2930 char page[TARGET_PAGE_SIZE]; 2931 2932 copy_from_user(page, vma->vma_start, sizeof (page)); 2933 if ((page[EI_MAG0] == ELFMAG0) && 2934 (page[EI_MAG1] == ELFMAG1) && 2935 (page[EI_MAG2] == ELFMAG2) && 2936 (page[EI_MAG3] == ELFMAG3)) { 2937 /* 2938 * Mappings are possibly from ELF binary. Don't dump 2939 * them. 2940 */ 2941 return (0); 2942 } 2943 } 2944 2945 return (vma->vma_end - vma->vma_start); 2946 } 2947 2948 static int vma_walker(void *priv, target_ulong start, target_ulong end, 2949 unsigned long flags) 2950 { 2951 struct mm_struct *mm = (struct mm_struct *)priv; 2952 2953 vma_add_mapping(mm, start, end, flags); 2954 return (0); 2955 } 2956 2957 static void fill_note(struct memelfnote *note, const char *name, int type, 2958 unsigned int sz, void *data) 2959 { 2960 unsigned int namesz; 2961 2962 namesz = strlen(name) + 1; 2963 note->name = name; 2964 note->namesz = namesz; 2965 note->namesz_rounded = roundup(namesz, sizeof (int32_t)); 2966 note->type = type; 2967 note->datasz = sz; 2968 note->datasz_rounded = roundup(sz, sizeof (int32_t)); 2969 2970 note->data = data; 2971 2972 /* 2973 * We calculate rounded up note size here as specified by 2974 * ELF document. 2975 */ 2976 note->notesz = sizeof (struct elf_note) + 2977 note->namesz_rounded + note->datasz_rounded; 2978 } 2979 2980 static void fill_elf_header(struct elfhdr *elf, int segs, uint16_t machine, 2981 uint32_t flags) 2982 { 2983 (void) memset(elf, 0, sizeof(*elf)); 2984 2985 (void) memcpy(elf->e_ident, ELFMAG, SELFMAG); 2986 elf->e_ident[EI_CLASS] = ELF_CLASS; 2987 elf->e_ident[EI_DATA] = ELF_DATA; 2988 elf->e_ident[EI_VERSION] = EV_CURRENT; 2989 elf->e_ident[EI_OSABI] = ELF_OSABI; 2990 2991 elf->e_type = ET_CORE; 2992 elf->e_machine = machine; 2993 elf->e_version = EV_CURRENT; 2994 elf->e_phoff = sizeof(struct elfhdr); 2995 elf->e_flags = flags; 2996 elf->e_ehsize = sizeof(struct elfhdr); 2997 elf->e_phentsize = sizeof(struct elf_phdr); 2998 elf->e_phnum = segs; 2999 3000 bswap_ehdr(elf); 3001 } 3002 3003 static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, off_t offset) 3004 { 3005 phdr->p_type = PT_NOTE; 3006 phdr->p_offset = offset; 3007 phdr->p_vaddr = 0; 3008 phdr->p_paddr = 0; 3009 phdr->p_filesz = sz; 3010 phdr->p_memsz = 0; 3011 phdr->p_flags = 0; 3012 phdr->p_align = 0; 3013 3014 bswap_phdr(phdr, 1); 3015 } 3016 3017 static size_t note_size(const struct memelfnote *note) 3018 { 3019 return (note->notesz); 3020 } 3021 3022 static void fill_prstatus(struct target_elf_prstatus *prstatus, 3023 const TaskState *ts, int signr) 3024 { 3025 (void) memset(prstatus, 0, sizeof (*prstatus)); 3026 prstatus->pr_info.si_signo = prstatus->pr_cursig = signr; 3027 prstatus->pr_pid = ts->ts_tid; 3028 prstatus->pr_ppid = getppid(); 3029 prstatus->pr_pgrp = getpgrp(); 3030 prstatus->pr_sid = getsid(0); 3031 3032 bswap_prstatus(prstatus); 3033 } 3034 3035 static int fill_psinfo(struct target_elf_prpsinfo *psinfo, const TaskState *ts) 3036 { 3037 char *base_filename; 3038 unsigned int i, len; 3039 3040 (void) memset(psinfo, 0, sizeof (*psinfo)); 3041 3042 len = ts->info->arg_end - ts->info->arg_start; 3043 if (len >= ELF_PRARGSZ) 3044 len = ELF_PRARGSZ - 1; 3045 if (copy_from_user(&psinfo->pr_psargs, ts->info->arg_start, len)) 3046 return -EFAULT; 3047 for (i = 0; i < len; i++) 3048 if (psinfo->pr_psargs[i] == 0) 3049 psinfo->pr_psargs[i] = ' '; 3050 psinfo->pr_psargs[len] = 0; 3051 3052 psinfo->pr_pid = getpid(); 3053 psinfo->pr_ppid = getppid(); 3054 psinfo->pr_pgrp = getpgrp(); 3055 psinfo->pr_sid = getsid(0); 3056 psinfo->pr_uid = getuid(); 3057 psinfo->pr_gid = getgid(); 3058 3059 base_filename = g_path_get_basename(ts->bprm->filename); 3060 /* 3061 * Using strncpy here is fine: at max-length, 3062 * this field is not NUL-terminated. 3063 */ 3064 (void) strncpy(psinfo->pr_fname, base_filename, 3065 sizeof(psinfo->pr_fname)); 3066 3067 g_free(base_filename); 3068 bswap_psinfo(psinfo); 3069 return (0); 3070 } 3071 3072 static void fill_auxv_note(struct memelfnote *note, const TaskState *ts) 3073 { 3074 elf_addr_t auxv = (elf_addr_t)ts->info->saved_auxv; 3075 elf_addr_t orig_auxv = auxv; 3076 void *ptr; 3077 int len = ts->info->auxv_len; 3078 3079 /* 3080 * Auxiliary vector is stored in target process stack. It contains 3081 * {type, value} pairs that we need to dump into note. This is not 3082 * strictly necessary but we do it here for sake of completeness. 3083 */ 3084 3085 /* read in whole auxv vector and copy it to memelfnote */ 3086 ptr = lock_user(VERIFY_READ, orig_auxv, len, 0); 3087 if (ptr != NULL) { 3088 fill_note(note, "CORE", NT_AUXV, len, ptr); 3089 unlock_user(ptr, auxv, len); 3090 } 3091 } 3092 3093 /* 3094 * Constructs name of coredump file. We have following convention 3095 * for the name: 3096 * qemu_<basename-of-target-binary>_<date>-<time>_<pid>.core 3097 * 3098 * Returns 0 in case of success, -1 otherwise (errno is set). 3099 */ 3100 static int core_dump_filename(const TaskState *ts, char *buf, 3101 size_t bufsize) 3102 { 3103 char timestamp[64]; 3104 char *base_filename = NULL; 3105 struct timeval tv; 3106 struct tm tm; 3107 3108 assert(bufsize >= PATH_MAX); 3109 3110 if (gettimeofday(&tv, NULL) < 0) { 3111 (void) fprintf(stderr, "unable to get current timestamp: %s", 3112 strerror(errno)); 3113 return (-1); 3114 } 3115 3116 base_filename = g_path_get_basename(ts->bprm->filename); 3117 (void) strftime(timestamp, sizeof (timestamp), "%Y%m%d-%H%M%S", 3118 localtime_r(&tv.tv_sec, &tm)); 3119 (void) snprintf(buf, bufsize, "qemu_%s_%s_%d.core", 3120 base_filename, timestamp, (int)getpid()); 3121 g_free(base_filename); 3122 3123 return (0); 3124 } 3125 3126 static int dump_write(int fd, const void *ptr, size_t size) 3127 { 3128 const char *bufp = (const char *)ptr; 3129 ssize_t bytes_written, bytes_left; 3130 struct rlimit dumpsize; 3131 off_t pos; 3132 3133 bytes_written = 0; 3134 getrlimit(RLIMIT_CORE, &dumpsize); 3135 if ((pos = lseek(fd, 0, SEEK_CUR))==-1) { 3136 if (errno == ESPIPE) { /* not a seekable stream */ 3137 bytes_left = size; 3138 } else { 3139 return pos; 3140 } 3141 } else { 3142 if (dumpsize.rlim_cur <= pos) { 3143 return -1; 3144 } else if (dumpsize.rlim_cur == RLIM_INFINITY) { 3145 bytes_left = size; 3146 } else { 3147 size_t limit_left=dumpsize.rlim_cur - pos; 3148 bytes_left = limit_left >= size ? size : limit_left ; 3149 } 3150 } 3151 3152 /* 3153 * In normal conditions, single write(2) should do but 3154 * in case of socket etc. this mechanism is more portable. 3155 */ 3156 do { 3157 bytes_written = write(fd, bufp, bytes_left); 3158 if (bytes_written < 0) { 3159 if (errno == EINTR) 3160 continue; 3161 return (-1); 3162 } else if (bytes_written == 0) { /* eof */ 3163 return (-1); 3164 } 3165 bufp += bytes_written; 3166 bytes_left -= bytes_written; 3167 } while (bytes_left > 0); 3168 3169 return (0); 3170 } 3171 3172 static int write_note(struct memelfnote *men, int fd) 3173 { 3174 struct elf_note en; 3175 3176 en.n_namesz = men->namesz; 3177 en.n_type = men->type; 3178 en.n_descsz = men->datasz; 3179 3180 bswap_note(&en); 3181 3182 if (dump_write(fd, &en, sizeof(en)) != 0) 3183 return (-1); 3184 if (dump_write(fd, men->name, men->namesz_rounded) != 0) 3185 return (-1); 3186 if (dump_write(fd, men->data, men->datasz_rounded) != 0) 3187 return (-1); 3188 3189 return (0); 3190 } 3191 3192 static void fill_thread_info(struct elf_note_info *info, const CPUArchState *env) 3193 { 3194 CPUState *cpu = ENV_GET_CPU((CPUArchState *)env); 3195 TaskState *ts = (TaskState *)cpu->opaque; 3196 struct elf_thread_status *ets; 3197 3198 ets = g_malloc0(sizeof (*ets)); 3199 ets->num_notes = 1; /* only prstatus is dumped */ 3200 fill_prstatus(&ets->prstatus, ts, 0); 3201 elf_core_copy_regs(&ets->prstatus.pr_reg, env); 3202 fill_note(&ets->notes[0], "CORE", NT_PRSTATUS, sizeof (ets->prstatus), 3203 &ets->prstatus); 3204 3205 QTAILQ_INSERT_TAIL(&info->thread_list, ets, ets_link); 3206 3207 info->notes_size += note_size(&ets->notes[0]); 3208 } 3209 3210 static void init_note_info(struct elf_note_info *info) 3211 { 3212 /* Initialize the elf_note_info structure so that it is at 3213 * least safe to call free_note_info() on it. Must be 3214 * called before calling fill_note_info(). 3215 */ 3216 memset(info, 0, sizeof (*info)); 3217 QTAILQ_INIT(&info->thread_list); 3218 } 3219 3220 static int fill_note_info(struct elf_note_info *info, 3221 long signr, const CPUArchState *env) 3222 { 3223 #define NUMNOTES 3 3224 CPUState *cpu = ENV_GET_CPU((CPUArchState *)env); 3225 TaskState *ts = (TaskState *)cpu->opaque; 3226 int i; 3227 3228 info->notes = g_new0(struct memelfnote, NUMNOTES); 3229 if (info->notes == NULL) 3230 return (-ENOMEM); 3231 info->prstatus = g_malloc0(sizeof (*info->prstatus)); 3232 if (info->prstatus == NULL) 3233 return (-ENOMEM); 3234 info->psinfo = g_malloc0(sizeof (*info->psinfo)); 3235 if (info->prstatus == NULL) 3236 return (-ENOMEM); 3237 3238 /* 3239 * First fill in status (and registers) of current thread 3240 * including process info & aux vector. 3241 */ 3242 fill_prstatus(info->prstatus, ts, signr); 3243 elf_core_copy_regs(&info->prstatus->pr_reg, env); 3244 fill_note(&info->notes[0], "CORE", NT_PRSTATUS, 3245 sizeof (*info->prstatus), info->prstatus); 3246 fill_psinfo(info->psinfo, ts); 3247 fill_note(&info->notes[1], "CORE", NT_PRPSINFO, 3248 sizeof (*info->psinfo), info->psinfo); 3249 fill_auxv_note(&info->notes[2], ts); 3250 info->numnote = 3; 3251 3252 info->notes_size = 0; 3253 for (i = 0; i < info->numnote; i++) 3254 info->notes_size += note_size(&info->notes[i]); 3255 3256 /* read and fill status of all threads */ 3257 cpu_list_lock(); 3258 CPU_FOREACH(cpu) { 3259 if (cpu == thread_cpu) { 3260 continue; 3261 } 3262 fill_thread_info(info, (CPUArchState *)cpu->env_ptr); 3263 } 3264 cpu_list_unlock(); 3265 3266 return (0); 3267 } 3268 3269 static void free_note_info(struct elf_note_info *info) 3270 { 3271 struct elf_thread_status *ets; 3272 3273 while (!QTAILQ_EMPTY(&info->thread_list)) { 3274 ets = QTAILQ_FIRST(&info->thread_list); 3275 QTAILQ_REMOVE(&info->thread_list, ets, ets_link); 3276 g_free(ets); 3277 } 3278 3279 g_free(info->prstatus); 3280 g_free(info->psinfo); 3281 g_free(info->notes); 3282 } 3283 3284 static int write_note_info(struct elf_note_info *info, int fd) 3285 { 3286 struct elf_thread_status *ets; 3287 int i, error = 0; 3288 3289 /* write prstatus, psinfo and auxv for current thread */ 3290 for (i = 0; i < info->numnote; i++) 3291 if ((error = write_note(&info->notes[i], fd)) != 0) 3292 return (error); 3293 3294 /* write prstatus for each thread */ 3295 QTAILQ_FOREACH(ets, &info->thread_list, ets_link) { 3296 if ((error = write_note(&ets->notes[0], fd)) != 0) 3297 return (error); 3298 } 3299 3300 return (0); 3301 } 3302 3303 /* 3304 * Write out ELF coredump. 3305 * 3306 * See documentation of ELF object file format in: 3307 * http://www.caldera.com/developers/devspecs/gabi41.pdf 3308 * 3309 * Coredump format in linux is following: 3310 * 3311 * 0 +----------------------+ \ 3312 * | ELF header | ET_CORE | 3313 * +----------------------+ | 3314 * | ELF program headers | |--- headers 3315 * | - NOTE section | | 3316 * | - PT_LOAD sections | | 3317 * +----------------------+ / 3318 * | NOTEs: | 3319 * | - NT_PRSTATUS | 3320 * | - NT_PRSINFO | 3321 * | - NT_AUXV | 3322 * +----------------------+ <-- aligned to target page 3323 * | Process memory dump | 3324 * : : 3325 * . . 3326 * : : 3327 * | | 3328 * +----------------------+ 3329 * 3330 * NT_PRSTATUS -> struct elf_prstatus (per thread) 3331 * NT_PRSINFO -> struct elf_prpsinfo 3332 * NT_AUXV is array of { type, value } pairs (see fill_auxv_note()). 3333 * 3334 * Format follows System V format as close as possible. Current 3335 * version limitations are as follows: 3336 * - no floating point registers are dumped 3337 * 3338 * Function returns 0 in case of success, negative errno otherwise. 3339 * 3340 * TODO: make this work also during runtime: it should be 3341 * possible to force coredump from running process and then 3342 * continue processing. For example qemu could set up SIGUSR2 3343 * handler (provided that target process haven't registered 3344 * handler for that) that does the dump when signal is received. 3345 */ 3346 static int elf_core_dump(int signr, const CPUArchState *env) 3347 { 3348 const CPUState *cpu = ENV_GET_CPU((CPUArchState *)env); 3349 const TaskState *ts = (const TaskState *)cpu->opaque; 3350 struct vm_area_struct *vma = NULL; 3351 char corefile[PATH_MAX]; 3352 struct elf_note_info info; 3353 struct elfhdr elf; 3354 struct elf_phdr phdr; 3355 struct rlimit dumpsize; 3356 struct mm_struct *mm = NULL; 3357 off_t offset = 0, data_offset = 0; 3358 int segs = 0; 3359 int fd = -1; 3360 3361 init_note_info(&info); 3362 3363 errno = 0; 3364 getrlimit(RLIMIT_CORE, &dumpsize); 3365 if (dumpsize.rlim_cur == 0) 3366 return 0; 3367 3368 if (core_dump_filename(ts, corefile, sizeof (corefile)) < 0) 3369 return (-errno); 3370 3371 if ((fd = open(corefile, O_WRONLY | O_CREAT, 3372 S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)) < 0) 3373 return (-errno); 3374 3375 /* 3376 * Walk through target process memory mappings and 3377 * set up structure containing this information. After 3378 * this point vma_xxx functions can be used. 3379 */ 3380 if ((mm = vma_init()) == NULL) 3381 goto out; 3382 3383 walk_memory_regions(mm, vma_walker); 3384 segs = vma_get_mapping_count(mm); 3385 3386 /* 3387 * Construct valid coredump ELF header. We also 3388 * add one more segment for notes. 3389 */ 3390 fill_elf_header(&elf, segs + 1, ELF_MACHINE, 0); 3391 if (dump_write(fd, &elf, sizeof (elf)) != 0) 3392 goto out; 3393 3394 /* fill in the in-memory version of notes */ 3395 if (fill_note_info(&info, signr, env) < 0) 3396 goto out; 3397 3398 offset += sizeof (elf); /* elf header */ 3399 offset += (segs + 1) * sizeof (struct elf_phdr); /* program headers */ 3400 3401 /* write out notes program header */ 3402 fill_elf_note_phdr(&phdr, info.notes_size, offset); 3403 3404 offset += info.notes_size; 3405 if (dump_write(fd, &phdr, sizeof (phdr)) != 0) 3406 goto out; 3407 3408 /* 3409 * ELF specification wants data to start at page boundary so 3410 * we align it here. 3411 */ 3412 data_offset = offset = roundup(offset, ELF_EXEC_PAGESIZE); 3413 3414 /* 3415 * Write program headers for memory regions mapped in 3416 * the target process. 3417 */ 3418 for (vma = vma_first(mm); vma != NULL; vma = vma_next(vma)) { 3419 (void) memset(&phdr, 0, sizeof (phdr)); 3420 3421 phdr.p_type = PT_LOAD; 3422 phdr.p_offset = offset; 3423 phdr.p_vaddr = vma->vma_start; 3424 phdr.p_paddr = 0; 3425 phdr.p_filesz = vma_dump_size(vma); 3426 offset += phdr.p_filesz; 3427 phdr.p_memsz = vma->vma_end - vma->vma_start; 3428 phdr.p_flags = vma->vma_flags & PROT_READ ? PF_R : 0; 3429 if (vma->vma_flags & PROT_WRITE) 3430 phdr.p_flags |= PF_W; 3431 if (vma->vma_flags & PROT_EXEC) 3432 phdr.p_flags |= PF_X; 3433 phdr.p_align = ELF_EXEC_PAGESIZE; 3434 3435 bswap_phdr(&phdr, 1); 3436 if (dump_write(fd, &phdr, sizeof(phdr)) != 0) { 3437 goto out; 3438 } 3439 } 3440 3441 /* 3442 * Next we write notes just after program headers. No 3443 * alignment needed here. 3444 */ 3445 if (write_note_info(&info, fd) < 0) 3446 goto out; 3447 3448 /* align data to page boundary */ 3449 if (lseek(fd, data_offset, SEEK_SET) != data_offset) 3450 goto out; 3451 3452 /* 3453 * Finally we can dump process memory into corefile as well. 3454 */ 3455 for (vma = vma_first(mm); vma != NULL; vma = vma_next(vma)) { 3456 abi_ulong addr; 3457 abi_ulong end; 3458 3459 end = vma->vma_start + vma_dump_size(vma); 3460 3461 for (addr = vma->vma_start; addr < end; 3462 addr += TARGET_PAGE_SIZE) { 3463 char page[TARGET_PAGE_SIZE]; 3464 int error; 3465 3466 /* 3467 * Read in page from target process memory and 3468 * write it to coredump file. 3469 */ 3470 error = copy_from_user(page, addr, sizeof (page)); 3471 if (error != 0) { 3472 (void) fprintf(stderr, "unable to dump " TARGET_ABI_FMT_lx "\n", 3473 addr); 3474 errno = -error; 3475 goto out; 3476 } 3477 if (dump_write(fd, page, TARGET_PAGE_SIZE) < 0) 3478 goto out; 3479 } 3480 } 3481 3482 out: 3483 free_note_info(&info); 3484 if (mm != NULL) 3485 vma_delete(mm); 3486 (void) close(fd); 3487 3488 if (errno != 0) 3489 return (-errno); 3490 return (0); 3491 } 3492 #endif /* USE_ELF_CORE_DUMP */ 3493 3494 void do_init_thread(struct target_pt_regs *regs, struct image_info *infop) 3495 { 3496 init_thread(regs, infop); 3497 } 3498