xref: /openbmc/qemu/linux-user/elfload.c (revision 6ab425d8)
1 /* This is the Linux kernel elf-loading code, ported into user space */
2 #include "qemu/osdep.h"
3 #include <sys/param.h>
4 
5 #include <sys/resource.h>
6 #include <sys/shm.h>
7 
8 #include "qemu.h"
9 #include "disas/disas.h"
10 #include "qemu/path.h"
11 #include "qemu/queue.h"
12 #include "qemu/guest-random.h"
13 #include "qemu/units.h"
14 
15 #ifdef _ARCH_PPC64
16 #undef ARCH_DLINFO
17 #undef ELF_PLATFORM
18 #undef ELF_HWCAP
19 #undef ELF_HWCAP2
20 #undef ELF_CLASS
21 #undef ELF_DATA
22 #undef ELF_ARCH
23 #endif
24 
25 #define ELF_OSABI   ELFOSABI_SYSV
26 
27 /* from personality.h */
28 
29 /*
30  * Flags for bug emulation.
31  *
32  * These occupy the top three bytes.
33  */
34 enum {
35     ADDR_NO_RANDOMIZE = 0x0040000,      /* disable randomization of VA space */
36     FDPIC_FUNCPTRS =    0x0080000,      /* userspace function ptrs point to
37                                            descriptors (signal handling) */
38     MMAP_PAGE_ZERO =    0x0100000,
39     ADDR_COMPAT_LAYOUT = 0x0200000,
40     READ_IMPLIES_EXEC = 0x0400000,
41     ADDR_LIMIT_32BIT =  0x0800000,
42     SHORT_INODE =       0x1000000,
43     WHOLE_SECONDS =     0x2000000,
44     STICKY_TIMEOUTS =   0x4000000,
45     ADDR_LIMIT_3GB =    0x8000000,
46 };
47 
48 /*
49  * Personality types.
50  *
51  * These go in the low byte.  Avoid using the top bit, it will
52  * conflict with error returns.
53  */
54 enum {
55     PER_LINUX =         0x0000,
56     PER_LINUX_32BIT =   0x0000 | ADDR_LIMIT_32BIT,
57     PER_LINUX_FDPIC =   0x0000 | FDPIC_FUNCPTRS,
58     PER_SVR4 =          0x0001 | STICKY_TIMEOUTS | MMAP_PAGE_ZERO,
59     PER_SVR3 =          0x0002 | STICKY_TIMEOUTS | SHORT_INODE,
60     PER_SCOSVR3 =       0x0003 | STICKY_TIMEOUTS | WHOLE_SECONDS | SHORT_INODE,
61     PER_OSR5 =          0x0003 | STICKY_TIMEOUTS | WHOLE_SECONDS,
62     PER_WYSEV386 =      0x0004 | STICKY_TIMEOUTS | SHORT_INODE,
63     PER_ISCR4 =         0x0005 | STICKY_TIMEOUTS,
64     PER_BSD =           0x0006,
65     PER_SUNOS =         0x0006 | STICKY_TIMEOUTS,
66     PER_XENIX =         0x0007 | STICKY_TIMEOUTS | SHORT_INODE,
67     PER_LINUX32 =       0x0008,
68     PER_LINUX32_3GB =   0x0008 | ADDR_LIMIT_3GB,
69     PER_IRIX32 =        0x0009 | STICKY_TIMEOUTS,/* IRIX5 32-bit */
70     PER_IRIXN32 =       0x000a | STICKY_TIMEOUTS,/* IRIX6 new 32-bit */
71     PER_IRIX64 =        0x000b | STICKY_TIMEOUTS,/* IRIX6 64-bit */
72     PER_RISCOS =        0x000c,
73     PER_SOLARIS =       0x000d | STICKY_TIMEOUTS,
74     PER_UW7 =           0x000e | STICKY_TIMEOUTS | MMAP_PAGE_ZERO,
75     PER_OSF4 =          0x000f,                  /* OSF/1 v4 */
76     PER_HPUX =          0x0010,
77     PER_MASK =          0x00ff,
78 };
79 
80 /*
81  * Return the base personality without flags.
82  */
83 #define personality(pers)       (pers & PER_MASK)
84 
85 int info_is_fdpic(struct image_info *info)
86 {
87     return info->personality == PER_LINUX_FDPIC;
88 }
89 
90 /* this flag is uneffective under linux too, should be deleted */
91 #ifndef MAP_DENYWRITE
92 #define MAP_DENYWRITE 0
93 #endif
94 
95 /* should probably go in elf.h */
96 #ifndef ELIBBAD
97 #define ELIBBAD 80
98 #endif
99 
100 #ifdef TARGET_WORDS_BIGENDIAN
101 #define ELF_DATA        ELFDATA2MSB
102 #else
103 #define ELF_DATA        ELFDATA2LSB
104 #endif
105 
106 #ifdef TARGET_ABI_MIPSN32
107 typedef abi_ullong      target_elf_greg_t;
108 #define tswapreg(ptr)   tswap64(ptr)
109 #else
110 typedef abi_ulong       target_elf_greg_t;
111 #define tswapreg(ptr)   tswapal(ptr)
112 #endif
113 
114 #ifdef USE_UID16
115 typedef abi_ushort      target_uid_t;
116 typedef abi_ushort      target_gid_t;
117 #else
118 typedef abi_uint        target_uid_t;
119 typedef abi_uint        target_gid_t;
120 #endif
121 typedef abi_int         target_pid_t;
122 
123 #ifdef TARGET_I386
124 
125 #define ELF_PLATFORM get_elf_platform()
126 
127 static const char *get_elf_platform(void)
128 {
129     static char elf_platform[] = "i386";
130     int family = object_property_get_int(OBJECT(thread_cpu), "family", NULL);
131     if (family > 6)
132         family = 6;
133     if (family >= 3)
134         elf_platform[1] = '0' + family;
135     return elf_platform;
136 }
137 
138 #define ELF_HWCAP get_elf_hwcap()
139 
140 static uint32_t get_elf_hwcap(void)
141 {
142     X86CPU *cpu = X86_CPU(thread_cpu);
143 
144     return cpu->env.features[FEAT_1_EDX];
145 }
146 
147 #ifdef TARGET_X86_64
148 #define ELF_START_MMAP 0x2aaaaab000ULL
149 
150 #define ELF_CLASS      ELFCLASS64
151 #define ELF_ARCH       EM_X86_64
152 
153 static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop)
154 {
155     regs->rax = 0;
156     regs->rsp = infop->start_stack;
157     regs->rip = infop->entry;
158 }
159 
160 #define ELF_NREG    27
161 typedef target_elf_greg_t  target_elf_gregset_t[ELF_NREG];
162 
163 /*
164  * Note that ELF_NREG should be 29 as there should be place for
165  * TRAPNO and ERR "registers" as well but linux doesn't dump
166  * those.
167  *
168  * See linux kernel: arch/x86/include/asm/elf.h
169  */
170 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUX86State *env)
171 {
172     (*regs)[0] = env->regs[15];
173     (*regs)[1] = env->regs[14];
174     (*regs)[2] = env->regs[13];
175     (*regs)[3] = env->regs[12];
176     (*regs)[4] = env->regs[R_EBP];
177     (*regs)[5] = env->regs[R_EBX];
178     (*regs)[6] = env->regs[11];
179     (*regs)[7] = env->regs[10];
180     (*regs)[8] = env->regs[9];
181     (*regs)[9] = env->regs[8];
182     (*regs)[10] = env->regs[R_EAX];
183     (*regs)[11] = env->regs[R_ECX];
184     (*regs)[12] = env->regs[R_EDX];
185     (*regs)[13] = env->regs[R_ESI];
186     (*regs)[14] = env->regs[R_EDI];
187     (*regs)[15] = env->regs[R_EAX]; /* XXX */
188     (*regs)[16] = env->eip;
189     (*regs)[17] = env->segs[R_CS].selector & 0xffff;
190     (*regs)[18] = env->eflags;
191     (*regs)[19] = env->regs[R_ESP];
192     (*regs)[20] = env->segs[R_SS].selector & 0xffff;
193     (*regs)[21] = env->segs[R_FS].selector & 0xffff;
194     (*regs)[22] = env->segs[R_GS].selector & 0xffff;
195     (*regs)[23] = env->segs[R_DS].selector & 0xffff;
196     (*regs)[24] = env->segs[R_ES].selector & 0xffff;
197     (*regs)[25] = env->segs[R_FS].selector & 0xffff;
198     (*regs)[26] = env->segs[R_GS].selector & 0xffff;
199 }
200 
201 #else
202 
203 #define ELF_START_MMAP 0x80000000
204 
205 /*
206  * This is used to ensure we don't load something for the wrong architecture.
207  */
208 #define elf_check_arch(x) ( ((x) == EM_386) || ((x) == EM_486) )
209 
210 /*
211  * These are used to set parameters in the core dumps.
212  */
213 #define ELF_CLASS       ELFCLASS32
214 #define ELF_ARCH        EM_386
215 
216 static inline void init_thread(struct target_pt_regs *regs,
217                                struct image_info *infop)
218 {
219     regs->esp = infop->start_stack;
220     regs->eip = infop->entry;
221 
222     /* SVR4/i386 ABI (pages 3-31, 3-32) says that when the program
223        starts %edx contains a pointer to a function which might be
224        registered using `atexit'.  This provides a mean for the
225        dynamic linker to call DT_FINI functions for shared libraries
226        that have been loaded before the code runs.
227 
228        A value of 0 tells we have no such handler.  */
229     regs->edx = 0;
230 }
231 
232 #define ELF_NREG    17
233 typedef target_elf_greg_t  target_elf_gregset_t[ELF_NREG];
234 
235 /*
236  * Note that ELF_NREG should be 19 as there should be place for
237  * TRAPNO and ERR "registers" as well but linux doesn't dump
238  * those.
239  *
240  * See linux kernel: arch/x86/include/asm/elf.h
241  */
242 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUX86State *env)
243 {
244     (*regs)[0] = env->regs[R_EBX];
245     (*regs)[1] = env->regs[R_ECX];
246     (*regs)[2] = env->regs[R_EDX];
247     (*regs)[3] = env->regs[R_ESI];
248     (*regs)[4] = env->regs[R_EDI];
249     (*regs)[5] = env->regs[R_EBP];
250     (*regs)[6] = env->regs[R_EAX];
251     (*regs)[7] = env->segs[R_DS].selector & 0xffff;
252     (*regs)[8] = env->segs[R_ES].selector & 0xffff;
253     (*regs)[9] = env->segs[R_FS].selector & 0xffff;
254     (*regs)[10] = env->segs[R_GS].selector & 0xffff;
255     (*regs)[11] = env->regs[R_EAX]; /* XXX */
256     (*regs)[12] = env->eip;
257     (*regs)[13] = env->segs[R_CS].selector & 0xffff;
258     (*regs)[14] = env->eflags;
259     (*regs)[15] = env->regs[R_ESP];
260     (*regs)[16] = env->segs[R_SS].selector & 0xffff;
261 }
262 #endif
263 
264 #define USE_ELF_CORE_DUMP
265 #define ELF_EXEC_PAGESIZE       4096
266 
267 #endif
268 
269 #ifdef TARGET_ARM
270 
271 #ifndef TARGET_AARCH64
272 /* 32 bit ARM definitions */
273 
274 #define ELF_START_MMAP 0x80000000
275 
276 #define ELF_ARCH        EM_ARM
277 #define ELF_CLASS       ELFCLASS32
278 
279 static inline void init_thread(struct target_pt_regs *regs,
280                                struct image_info *infop)
281 {
282     abi_long stack = infop->start_stack;
283     memset(regs, 0, sizeof(*regs));
284 
285     regs->uregs[16] = ARM_CPU_MODE_USR;
286     if (infop->entry & 1) {
287         regs->uregs[16] |= CPSR_T;
288     }
289     regs->uregs[15] = infop->entry & 0xfffffffe;
290     regs->uregs[13] = infop->start_stack;
291     /* FIXME - what to for failure of get_user()? */
292     get_user_ual(regs->uregs[2], stack + 8); /* envp */
293     get_user_ual(regs->uregs[1], stack + 4); /* envp */
294     /* XXX: it seems that r0 is zeroed after ! */
295     regs->uregs[0] = 0;
296     /* For uClinux PIC binaries.  */
297     /* XXX: Linux does this only on ARM with no MMU (do we care ?) */
298     regs->uregs[10] = infop->start_data;
299 
300     /* Support ARM FDPIC.  */
301     if (info_is_fdpic(infop)) {
302         /* As described in the ABI document, r7 points to the loadmap info
303          * prepared by the kernel. If an interpreter is needed, r8 points
304          * to the interpreter loadmap and r9 points to the interpreter
305          * PT_DYNAMIC info. If no interpreter is needed, r8 is zero, and
306          * r9 points to the main program PT_DYNAMIC info.
307          */
308         regs->uregs[7] = infop->loadmap_addr;
309         if (infop->interpreter_loadmap_addr) {
310             /* Executable is dynamically loaded.  */
311             regs->uregs[8] = infop->interpreter_loadmap_addr;
312             regs->uregs[9] = infop->interpreter_pt_dynamic_addr;
313         } else {
314             regs->uregs[8] = 0;
315             regs->uregs[9] = infop->pt_dynamic_addr;
316         }
317     }
318 }
319 
320 #define ELF_NREG    18
321 typedef target_elf_greg_t  target_elf_gregset_t[ELF_NREG];
322 
323 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUARMState *env)
324 {
325     (*regs)[0] = tswapreg(env->regs[0]);
326     (*regs)[1] = tswapreg(env->regs[1]);
327     (*regs)[2] = tswapreg(env->regs[2]);
328     (*regs)[3] = tswapreg(env->regs[3]);
329     (*regs)[4] = tswapreg(env->regs[4]);
330     (*regs)[5] = tswapreg(env->regs[5]);
331     (*regs)[6] = tswapreg(env->regs[6]);
332     (*regs)[7] = tswapreg(env->regs[7]);
333     (*regs)[8] = tswapreg(env->regs[8]);
334     (*regs)[9] = tswapreg(env->regs[9]);
335     (*regs)[10] = tswapreg(env->regs[10]);
336     (*regs)[11] = tswapreg(env->regs[11]);
337     (*regs)[12] = tswapreg(env->regs[12]);
338     (*regs)[13] = tswapreg(env->regs[13]);
339     (*regs)[14] = tswapreg(env->regs[14]);
340     (*regs)[15] = tswapreg(env->regs[15]);
341 
342     (*regs)[16] = tswapreg(cpsr_read((CPUARMState *)env));
343     (*regs)[17] = tswapreg(env->regs[0]); /* XXX */
344 }
345 
346 #define USE_ELF_CORE_DUMP
347 #define ELF_EXEC_PAGESIZE       4096
348 
349 enum
350 {
351     ARM_HWCAP_ARM_SWP       = 1 << 0,
352     ARM_HWCAP_ARM_HALF      = 1 << 1,
353     ARM_HWCAP_ARM_THUMB     = 1 << 2,
354     ARM_HWCAP_ARM_26BIT     = 1 << 3,
355     ARM_HWCAP_ARM_FAST_MULT = 1 << 4,
356     ARM_HWCAP_ARM_FPA       = 1 << 5,
357     ARM_HWCAP_ARM_VFP       = 1 << 6,
358     ARM_HWCAP_ARM_EDSP      = 1 << 7,
359     ARM_HWCAP_ARM_JAVA      = 1 << 8,
360     ARM_HWCAP_ARM_IWMMXT    = 1 << 9,
361     ARM_HWCAP_ARM_CRUNCH    = 1 << 10,
362     ARM_HWCAP_ARM_THUMBEE   = 1 << 11,
363     ARM_HWCAP_ARM_NEON      = 1 << 12,
364     ARM_HWCAP_ARM_VFPv3     = 1 << 13,
365     ARM_HWCAP_ARM_VFPv3D16  = 1 << 14,
366     ARM_HWCAP_ARM_TLS       = 1 << 15,
367     ARM_HWCAP_ARM_VFPv4     = 1 << 16,
368     ARM_HWCAP_ARM_IDIVA     = 1 << 17,
369     ARM_HWCAP_ARM_IDIVT     = 1 << 18,
370     ARM_HWCAP_ARM_VFPD32    = 1 << 19,
371     ARM_HWCAP_ARM_LPAE      = 1 << 20,
372     ARM_HWCAP_ARM_EVTSTRM   = 1 << 21,
373 };
374 
375 enum {
376     ARM_HWCAP2_ARM_AES      = 1 << 0,
377     ARM_HWCAP2_ARM_PMULL    = 1 << 1,
378     ARM_HWCAP2_ARM_SHA1     = 1 << 2,
379     ARM_HWCAP2_ARM_SHA2     = 1 << 3,
380     ARM_HWCAP2_ARM_CRC32    = 1 << 4,
381 };
382 
383 /* The commpage only exists for 32 bit kernels */
384 
385 /* Return 1 if the proposed guest space is suitable for the guest.
386  * Return 0 if the proposed guest space isn't suitable, but another
387  * address space should be tried.
388  * Return -1 if there is no way the proposed guest space can be
389  * valid regardless of the base.
390  * The guest code may leave a page mapped and populate it if the
391  * address is suitable.
392  */
393 static int init_guest_commpage(unsigned long guest_base,
394                                unsigned long guest_size)
395 {
396     unsigned long real_start, test_page_addr;
397 
398     /* We need to check that we can force a fault on access to the
399      * commpage at 0xffff0fxx
400      */
401     test_page_addr = guest_base + (0xffff0f00 & qemu_host_page_mask);
402 
403     /* If the commpage lies within the already allocated guest space,
404      * then there is no way we can allocate it.
405      *
406      * You may be thinking that that this check is redundant because
407      * we already validated the guest size against MAX_RESERVED_VA;
408      * but if qemu_host_page_mask is unusually large, then
409      * test_page_addr may be lower.
410      */
411     if (test_page_addr >= guest_base
412         && test_page_addr < (guest_base + guest_size)) {
413         return -1;
414     }
415 
416     /* Note it needs to be writeable to let us initialise it */
417     real_start = (unsigned long)
418                  mmap((void *)test_page_addr, qemu_host_page_size,
419                      PROT_READ | PROT_WRITE,
420                      MAP_ANONYMOUS | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
421 
422     /* If we can't map it then try another address */
423     if (real_start == -1ul) {
424         return 0;
425     }
426 
427     if (real_start != test_page_addr) {
428         /* OS didn't put the page where we asked - unmap and reject */
429         munmap((void *)real_start, qemu_host_page_size);
430         return 0;
431     }
432 
433     /* Leave the page mapped
434      * Populate it (mmap should have left it all 0'd)
435      */
436 
437     /* Kernel helper versions */
438     __put_user(5, (uint32_t *)g2h(0xffff0ffcul));
439 
440     /* Now it's populated make it RO */
441     if (mprotect((void *)test_page_addr, qemu_host_page_size, PROT_READ)) {
442         perror("Protecting guest commpage");
443         exit(-1);
444     }
445 
446     return 1; /* All good */
447 }
448 
449 #define ELF_HWCAP get_elf_hwcap()
450 #define ELF_HWCAP2 get_elf_hwcap2()
451 
452 static uint32_t get_elf_hwcap(void)
453 {
454     ARMCPU *cpu = ARM_CPU(thread_cpu);
455     uint32_t hwcaps = 0;
456 
457     hwcaps |= ARM_HWCAP_ARM_SWP;
458     hwcaps |= ARM_HWCAP_ARM_HALF;
459     hwcaps |= ARM_HWCAP_ARM_THUMB;
460     hwcaps |= ARM_HWCAP_ARM_FAST_MULT;
461 
462     /* probe for the extra features */
463 #define GET_FEATURE(feat, hwcap) \
464     do { if (arm_feature(&cpu->env, feat)) { hwcaps |= hwcap; } } while (0)
465 
466 #define GET_FEATURE_ID(feat, hwcap) \
467     do { if (cpu_isar_feature(feat, cpu)) { hwcaps |= hwcap; } } while (0)
468 
469     /* EDSP is in v5TE and above, but all our v5 CPUs are v5TE */
470     GET_FEATURE(ARM_FEATURE_V5, ARM_HWCAP_ARM_EDSP);
471     GET_FEATURE(ARM_FEATURE_VFP, ARM_HWCAP_ARM_VFP);
472     GET_FEATURE(ARM_FEATURE_IWMMXT, ARM_HWCAP_ARM_IWMMXT);
473     GET_FEATURE(ARM_FEATURE_THUMB2EE, ARM_HWCAP_ARM_THUMBEE);
474     GET_FEATURE(ARM_FEATURE_NEON, ARM_HWCAP_ARM_NEON);
475     GET_FEATURE(ARM_FEATURE_VFP3, ARM_HWCAP_ARM_VFPv3);
476     GET_FEATURE(ARM_FEATURE_V6K, ARM_HWCAP_ARM_TLS);
477     GET_FEATURE(ARM_FEATURE_VFP4, ARM_HWCAP_ARM_VFPv4);
478     GET_FEATURE_ID(aa32_arm_div, ARM_HWCAP_ARM_IDIVA);
479     GET_FEATURE_ID(aa32_thumb_div, ARM_HWCAP_ARM_IDIVT);
480     /* All QEMU's VFPv3 CPUs have 32 registers, see VFP_DREG in translate.c.
481      * Note that the ARM_HWCAP_ARM_VFPv3D16 bit is always the inverse of
482      * ARM_HWCAP_ARM_VFPD32 (and so always clear for QEMU); it is unrelated
483      * to our VFP_FP16 feature bit.
484      */
485     GET_FEATURE(ARM_FEATURE_VFP3, ARM_HWCAP_ARM_VFPD32);
486     GET_FEATURE(ARM_FEATURE_LPAE, ARM_HWCAP_ARM_LPAE);
487 
488     return hwcaps;
489 }
490 
491 static uint32_t get_elf_hwcap2(void)
492 {
493     ARMCPU *cpu = ARM_CPU(thread_cpu);
494     uint32_t hwcaps = 0;
495 
496     GET_FEATURE_ID(aa32_aes, ARM_HWCAP2_ARM_AES);
497     GET_FEATURE_ID(aa32_pmull, ARM_HWCAP2_ARM_PMULL);
498     GET_FEATURE_ID(aa32_sha1, ARM_HWCAP2_ARM_SHA1);
499     GET_FEATURE_ID(aa32_sha2, ARM_HWCAP2_ARM_SHA2);
500     GET_FEATURE_ID(aa32_crc32, ARM_HWCAP2_ARM_CRC32);
501     return hwcaps;
502 }
503 
504 #undef GET_FEATURE
505 #undef GET_FEATURE_ID
506 
507 #define ELF_PLATFORM get_elf_platform()
508 
509 static const char *get_elf_platform(void)
510 {
511     CPUARMState *env = thread_cpu->env_ptr;
512 
513 #ifdef TARGET_WORDS_BIGENDIAN
514 # define END  "b"
515 #else
516 # define END  "l"
517 #endif
518 
519     if (arm_feature(env, ARM_FEATURE_V8)) {
520         return "v8" END;
521     } else if (arm_feature(env, ARM_FEATURE_V7)) {
522         if (arm_feature(env, ARM_FEATURE_M)) {
523             return "v7m" END;
524         } else {
525             return "v7" END;
526         }
527     } else if (arm_feature(env, ARM_FEATURE_V6)) {
528         return "v6" END;
529     } else if (arm_feature(env, ARM_FEATURE_V5)) {
530         return "v5" END;
531     } else {
532         return "v4" END;
533     }
534 
535 #undef END
536 }
537 
538 #else
539 /* 64 bit ARM definitions */
540 #define ELF_START_MMAP 0x80000000
541 
542 #define ELF_ARCH        EM_AARCH64
543 #define ELF_CLASS       ELFCLASS64
544 #ifdef TARGET_WORDS_BIGENDIAN
545 # define ELF_PLATFORM    "aarch64_be"
546 #else
547 # define ELF_PLATFORM    "aarch64"
548 #endif
549 
550 static inline void init_thread(struct target_pt_regs *regs,
551                                struct image_info *infop)
552 {
553     abi_long stack = infop->start_stack;
554     memset(regs, 0, sizeof(*regs));
555 
556     regs->pc = infop->entry & ~0x3ULL;
557     regs->sp = stack;
558 }
559 
560 #define ELF_NREG    34
561 typedef target_elf_greg_t  target_elf_gregset_t[ELF_NREG];
562 
563 static void elf_core_copy_regs(target_elf_gregset_t *regs,
564                                const CPUARMState *env)
565 {
566     int i;
567 
568     for (i = 0; i < 32; i++) {
569         (*regs)[i] = tswapreg(env->xregs[i]);
570     }
571     (*regs)[32] = tswapreg(env->pc);
572     (*regs)[33] = tswapreg(pstate_read((CPUARMState *)env));
573 }
574 
575 #define USE_ELF_CORE_DUMP
576 #define ELF_EXEC_PAGESIZE       4096
577 
578 enum {
579     ARM_HWCAP_A64_FP            = 1 << 0,
580     ARM_HWCAP_A64_ASIMD         = 1 << 1,
581     ARM_HWCAP_A64_EVTSTRM       = 1 << 2,
582     ARM_HWCAP_A64_AES           = 1 << 3,
583     ARM_HWCAP_A64_PMULL         = 1 << 4,
584     ARM_HWCAP_A64_SHA1          = 1 << 5,
585     ARM_HWCAP_A64_SHA2          = 1 << 6,
586     ARM_HWCAP_A64_CRC32         = 1 << 7,
587     ARM_HWCAP_A64_ATOMICS       = 1 << 8,
588     ARM_HWCAP_A64_FPHP          = 1 << 9,
589     ARM_HWCAP_A64_ASIMDHP       = 1 << 10,
590     ARM_HWCAP_A64_CPUID         = 1 << 11,
591     ARM_HWCAP_A64_ASIMDRDM      = 1 << 12,
592     ARM_HWCAP_A64_JSCVT         = 1 << 13,
593     ARM_HWCAP_A64_FCMA          = 1 << 14,
594     ARM_HWCAP_A64_LRCPC         = 1 << 15,
595     ARM_HWCAP_A64_DCPOP         = 1 << 16,
596     ARM_HWCAP_A64_SHA3          = 1 << 17,
597     ARM_HWCAP_A64_SM3           = 1 << 18,
598     ARM_HWCAP_A64_SM4           = 1 << 19,
599     ARM_HWCAP_A64_ASIMDDP       = 1 << 20,
600     ARM_HWCAP_A64_SHA512        = 1 << 21,
601     ARM_HWCAP_A64_SVE           = 1 << 22,
602     ARM_HWCAP_A64_ASIMDFHM      = 1 << 23,
603     ARM_HWCAP_A64_DIT           = 1 << 24,
604     ARM_HWCAP_A64_USCAT         = 1 << 25,
605     ARM_HWCAP_A64_ILRCPC        = 1 << 26,
606     ARM_HWCAP_A64_FLAGM         = 1 << 27,
607     ARM_HWCAP_A64_SSBS          = 1 << 28,
608     ARM_HWCAP_A64_SB            = 1 << 29,
609     ARM_HWCAP_A64_PACA          = 1 << 30,
610     ARM_HWCAP_A64_PACG          = 1UL << 31,
611 
612     ARM_HWCAP2_A64_DCPODP       = 1 << 0,
613     ARM_HWCAP2_A64_SVE2         = 1 << 1,
614     ARM_HWCAP2_A64_SVEAES       = 1 << 2,
615     ARM_HWCAP2_A64_SVEPMULL     = 1 << 3,
616     ARM_HWCAP2_A64_SVEBITPERM   = 1 << 4,
617     ARM_HWCAP2_A64_SVESHA3      = 1 << 5,
618     ARM_HWCAP2_A64_SVESM4       = 1 << 6,
619     ARM_HWCAP2_A64_FLAGM2       = 1 << 7,
620     ARM_HWCAP2_A64_FRINT        = 1 << 8,
621 };
622 
623 #define ELF_HWCAP   get_elf_hwcap()
624 #define ELF_HWCAP2  get_elf_hwcap2()
625 
626 #define GET_FEATURE_ID(feat, hwcap) \
627     do { if (cpu_isar_feature(feat, cpu)) { hwcaps |= hwcap; } } while (0)
628 
629 static uint32_t get_elf_hwcap(void)
630 {
631     ARMCPU *cpu = ARM_CPU(thread_cpu);
632     uint32_t hwcaps = 0;
633 
634     hwcaps |= ARM_HWCAP_A64_FP;
635     hwcaps |= ARM_HWCAP_A64_ASIMD;
636     hwcaps |= ARM_HWCAP_A64_CPUID;
637 
638     /* probe for the extra features */
639 
640     GET_FEATURE_ID(aa64_aes, ARM_HWCAP_A64_AES);
641     GET_FEATURE_ID(aa64_pmull, ARM_HWCAP_A64_PMULL);
642     GET_FEATURE_ID(aa64_sha1, ARM_HWCAP_A64_SHA1);
643     GET_FEATURE_ID(aa64_sha256, ARM_HWCAP_A64_SHA2);
644     GET_FEATURE_ID(aa64_sha512, ARM_HWCAP_A64_SHA512);
645     GET_FEATURE_ID(aa64_crc32, ARM_HWCAP_A64_CRC32);
646     GET_FEATURE_ID(aa64_sha3, ARM_HWCAP_A64_SHA3);
647     GET_FEATURE_ID(aa64_sm3, ARM_HWCAP_A64_SM3);
648     GET_FEATURE_ID(aa64_sm4, ARM_HWCAP_A64_SM4);
649     GET_FEATURE_ID(aa64_fp16, ARM_HWCAP_A64_FPHP | ARM_HWCAP_A64_ASIMDHP);
650     GET_FEATURE_ID(aa64_atomics, ARM_HWCAP_A64_ATOMICS);
651     GET_FEATURE_ID(aa64_rdm, ARM_HWCAP_A64_ASIMDRDM);
652     GET_FEATURE_ID(aa64_dp, ARM_HWCAP_A64_ASIMDDP);
653     GET_FEATURE_ID(aa64_fcma, ARM_HWCAP_A64_FCMA);
654     GET_FEATURE_ID(aa64_sve, ARM_HWCAP_A64_SVE);
655     GET_FEATURE_ID(aa64_pauth, ARM_HWCAP_A64_PACA | ARM_HWCAP_A64_PACG);
656     GET_FEATURE_ID(aa64_fhm, ARM_HWCAP_A64_ASIMDFHM);
657     GET_FEATURE_ID(aa64_jscvt, ARM_HWCAP_A64_JSCVT);
658     GET_FEATURE_ID(aa64_sb, ARM_HWCAP_A64_SB);
659     GET_FEATURE_ID(aa64_condm_4, ARM_HWCAP_A64_FLAGM);
660     GET_FEATURE_ID(aa64_dcpop, ARM_HWCAP_A64_DCPOP);
661 
662     return hwcaps;
663 }
664 
665 static uint32_t get_elf_hwcap2(void)
666 {
667     ARMCPU *cpu = ARM_CPU(thread_cpu);
668     uint32_t hwcaps = 0;
669 
670     GET_FEATURE_ID(aa64_dcpodp, ARM_HWCAP2_A64_DCPODP);
671     GET_FEATURE_ID(aa64_condm_5, ARM_HWCAP2_A64_FLAGM2);
672     GET_FEATURE_ID(aa64_frint, ARM_HWCAP2_A64_FRINT);
673 
674     return hwcaps;
675 }
676 
677 #undef GET_FEATURE_ID
678 
679 #endif /* not TARGET_AARCH64 */
680 #endif /* TARGET_ARM */
681 
682 #ifdef TARGET_SPARC
683 #ifdef TARGET_SPARC64
684 
685 #define ELF_START_MMAP 0x80000000
686 #define ELF_HWCAP  (HWCAP_SPARC_FLUSH | HWCAP_SPARC_STBAR | HWCAP_SPARC_SWAP \
687                     | HWCAP_SPARC_MULDIV | HWCAP_SPARC_V9)
688 #ifndef TARGET_ABI32
689 #define elf_check_arch(x) ( (x) == EM_SPARCV9 || (x) == EM_SPARC32PLUS )
690 #else
691 #define elf_check_arch(x) ( (x) == EM_SPARC32PLUS || (x) == EM_SPARC )
692 #endif
693 
694 #define ELF_CLASS   ELFCLASS64
695 #define ELF_ARCH    EM_SPARCV9
696 
697 #define STACK_BIAS              2047
698 
699 static inline void init_thread(struct target_pt_regs *regs,
700                                struct image_info *infop)
701 {
702 #ifndef TARGET_ABI32
703     regs->tstate = 0;
704 #endif
705     regs->pc = infop->entry;
706     regs->npc = regs->pc + 4;
707     regs->y = 0;
708 #ifdef TARGET_ABI32
709     regs->u_regs[14] = infop->start_stack - 16 * 4;
710 #else
711     if (personality(infop->personality) == PER_LINUX32)
712         regs->u_regs[14] = infop->start_stack - 16 * 4;
713     else
714         regs->u_regs[14] = infop->start_stack - 16 * 8 - STACK_BIAS;
715 #endif
716 }
717 
718 #else
719 #define ELF_START_MMAP 0x80000000
720 #define ELF_HWCAP  (HWCAP_SPARC_FLUSH | HWCAP_SPARC_STBAR | HWCAP_SPARC_SWAP \
721                     | HWCAP_SPARC_MULDIV)
722 
723 #define ELF_CLASS   ELFCLASS32
724 #define ELF_ARCH    EM_SPARC
725 
726 static inline void init_thread(struct target_pt_regs *regs,
727                                struct image_info *infop)
728 {
729     regs->psr = 0;
730     regs->pc = infop->entry;
731     regs->npc = regs->pc + 4;
732     regs->y = 0;
733     regs->u_regs[14] = infop->start_stack - 16 * 4;
734 }
735 
736 #endif
737 #endif
738 
739 #ifdef TARGET_PPC
740 
741 #define ELF_MACHINE    PPC_ELF_MACHINE
742 #define ELF_START_MMAP 0x80000000
743 
744 #if defined(TARGET_PPC64) && !defined(TARGET_ABI32)
745 
746 #define elf_check_arch(x) ( (x) == EM_PPC64 )
747 
748 #define ELF_CLASS       ELFCLASS64
749 
750 #else
751 
752 #define ELF_CLASS       ELFCLASS32
753 
754 #endif
755 
756 #define ELF_ARCH        EM_PPC
757 
758 /* Feature masks for the Aux Vector Hardware Capabilities (AT_HWCAP).
759    See arch/powerpc/include/asm/cputable.h.  */
760 enum {
761     QEMU_PPC_FEATURE_32 = 0x80000000,
762     QEMU_PPC_FEATURE_64 = 0x40000000,
763     QEMU_PPC_FEATURE_601_INSTR = 0x20000000,
764     QEMU_PPC_FEATURE_HAS_ALTIVEC = 0x10000000,
765     QEMU_PPC_FEATURE_HAS_FPU = 0x08000000,
766     QEMU_PPC_FEATURE_HAS_MMU = 0x04000000,
767     QEMU_PPC_FEATURE_HAS_4xxMAC = 0x02000000,
768     QEMU_PPC_FEATURE_UNIFIED_CACHE = 0x01000000,
769     QEMU_PPC_FEATURE_HAS_SPE = 0x00800000,
770     QEMU_PPC_FEATURE_HAS_EFP_SINGLE = 0x00400000,
771     QEMU_PPC_FEATURE_HAS_EFP_DOUBLE = 0x00200000,
772     QEMU_PPC_FEATURE_NO_TB = 0x00100000,
773     QEMU_PPC_FEATURE_POWER4 = 0x00080000,
774     QEMU_PPC_FEATURE_POWER5 = 0x00040000,
775     QEMU_PPC_FEATURE_POWER5_PLUS = 0x00020000,
776     QEMU_PPC_FEATURE_CELL = 0x00010000,
777     QEMU_PPC_FEATURE_BOOKE = 0x00008000,
778     QEMU_PPC_FEATURE_SMT = 0x00004000,
779     QEMU_PPC_FEATURE_ICACHE_SNOOP = 0x00002000,
780     QEMU_PPC_FEATURE_ARCH_2_05 = 0x00001000,
781     QEMU_PPC_FEATURE_PA6T = 0x00000800,
782     QEMU_PPC_FEATURE_HAS_DFP = 0x00000400,
783     QEMU_PPC_FEATURE_POWER6_EXT = 0x00000200,
784     QEMU_PPC_FEATURE_ARCH_2_06 = 0x00000100,
785     QEMU_PPC_FEATURE_HAS_VSX = 0x00000080,
786     QEMU_PPC_FEATURE_PSERIES_PERFMON_COMPAT = 0x00000040,
787 
788     QEMU_PPC_FEATURE_TRUE_LE = 0x00000002,
789     QEMU_PPC_FEATURE_PPC_LE = 0x00000001,
790 
791     /* Feature definitions in AT_HWCAP2.  */
792     QEMU_PPC_FEATURE2_ARCH_2_07 = 0x80000000, /* ISA 2.07 */
793     QEMU_PPC_FEATURE2_HAS_HTM = 0x40000000, /* Hardware Transactional Memory */
794     QEMU_PPC_FEATURE2_HAS_DSCR = 0x20000000, /* Data Stream Control Register */
795     QEMU_PPC_FEATURE2_HAS_EBB = 0x10000000, /* Event Base Branching */
796     QEMU_PPC_FEATURE2_HAS_ISEL = 0x08000000, /* Integer Select */
797     QEMU_PPC_FEATURE2_HAS_TAR = 0x04000000, /* Target Address Register */
798     QEMU_PPC_FEATURE2_VEC_CRYPTO = 0x02000000,
799     QEMU_PPC_FEATURE2_HTM_NOSC = 0x01000000,
800     QEMU_PPC_FEATURE2_ARCH_3_00 = 0x00800000, /* ISA 3.00 */
801     QEMU_PPC_FEATURE2_HAS_IEEE128 = 0x00400000, /* VSX IEEE Bin Float 128-bit */
802     QEMU_PPC_FEATURE2_DARN = 0x00200000, /* darn random number insn */
803     QEMU_PPC_FEATURE2_SCV = 0x00100000, /* scv syscall */
804     QEMU_PPC_FEATURE2_HTM_NO_SUSPEND = 0x00080000, /* TM w/o suspended state */
805 };
806 
807 #define ELF_HWCAP get_elf_hwcap()
808 
809 static uint32_t get_elf_hwcap(void)
810 {
811     PowerPCCPU *cpu = POWERPC_CPU(thread_cpu);
812     uint32_t features = 0;
813 
814     /* We don't have to be terribly complete here; the high points are
815        Altivec/FP/SPE support.  Anything else is just a bonus.  */
816 #define GET_FEATURE(flag, feature)                                      \
817     do { if (cpu->env.insns_flags & flag) { features |= feature; } } while (0)
818 #define GET_FEATURE2(flags, feature) \
819     do { \
820         if ((cpu->env.insns_flags2 & flags) == flags) { \
821             features |= feature; \
822         } \
823     } while (0)
824     GET_FEATURE(PPC_64B, QEMU_PPC_FEATURE_64);
825     GET_FEATURE(PPC_FLOAT, QEMU_PPC_FEATURE_HAS_FPU);
826     GET_FEATURE(PPC_ALTIVEC, QEMU_PPC_FEATURE_HAS_ALTIVEC);
827     GET_FEATURE(PPC_SPE, QEMU_PPC_FEATURE_HAS_SPE);
828     GET_FEATURE(PPC_SPE_SINGLE, QEMU_PPC_FEATURE_HAS_EFP_SINGLE);
829     GET_FEATURE(PPC_SPE_DOUBLE, QEMU_PPC_FEATURE_HAS_EFP_DOUBLE);
830     GET_FEATURE(PPC_BOOKE, QEMU_PPC_FEATURE_BOOKE);
831     GET_FEATURE(PPC_405_MAC, QEMU_PPC_FEATURE_HAS_4xxMAC);
832     GET_FEATURE2(PPC2_DFP, QEMU_PPC_FEATURE_HAS_DFP);
833     GET_FEATURE2(PPC2_VSX, QEMU_PPC_FEATURE_HAS_VSX);
834     GET_FEATURE2((PPC2_PERM_ISA206 | PPC2_DIVE_ISA206 | PPC2_ATOMIC_ISA206 |
835                   PPC2_FP_CVT_ISA206 | PPC2_FP_TST_ISA206),
836                   QEMU_PPC_FEATURE_ARCH_2_06);
837 #undef GET_FEATURE
838 #undef GET_FEATURE2
839 
840     return features;
841 }
842 
843 #define ELF_HWCAP2 get_elf_hwcap2()
844 
845 static uint32_t get_elf_hwcap2(void)
846 {
847     PowerPCCPU *cpu = POWERPC_CPU(thread_cpu);
848     uint32_t features = 0;
849 
850 #define GET_FEATURE(flag, feature)                                      \
851     do { if (cpu->env.insns_flags & flag) { features |= feature; } } while (0)
852 #define GET_FEATURE2(flag, feature)                                      \
853     do { if (cpu->env.insns_flags2 & flag) { features |= feature; } } while (0)
854 
855     GET_FEATURE(PPC_ISEL, QEMU_PPC_FEATURE2_HAS_ISEL);
856     GET_FEATURE2(PPC2_BCTAR_ISA207, QEMU_PPC_FEATURE2_HAS_TAR);
857     GET_FEATURE2((PPC2_BCTAR_ISA207 | PPC2_LSQ_ISA207 | PPC2_ALTIVEC_207 |
858                   PPC2_ISA207S), QEMU_PPC_FEATURE2_ARCH_2_07 |
859                   QEMU_PPC_FEATURE2_VEC_CRYPTO);
860     GET_FEATURE2(PPC2_ISA300, QEMU_PPC_FEATURE2_ARCH_3_00 |
861                  QEMU_PPC_FEATURE2_DARN);
862 
863 #undef GET_FEATURE
864 #undef GET_FEATURE2
865 
866     return features;
867 }
868 
869 /*
870  * The requirements here are:
871  * - keep the final alignment of sp (sp & 0xf)
872  * - make sure the 32-bit value at the first 16 byte aligned position of
873  *   AUXV is greater than 16 for glibc compatibility.
874  *   AT_IGNOREPPC is used for that.
875  * - for compatibility with glibc ARCH_DLINFO must always be defined on PPC,
876  *   even if DLINFO_ARCH_ITEMS goes to zero or is undefined.
877  */
878 #define DLINFO_ARCH_ITEMS       5
879 #define ARCH_DLINFO                                     \
880     do {                                                \
881         PowerPCCPU *cpu = POWERPC_CPU(thread_cpu);              \
882         /*                                              \
883          * Handle glibc compatibility: these magic entries must \
884          * be at the lowest addresses in the final auxv.        \
885          */                                             \
886         NEW_AUX_ENT(AT_IGNOREPPC, AT_IGNOREPPC);        \
887         NEW_AUX_ENT(AT_IGNOREPPC, AT_IGNOREPPC);        \
888         NEW_AUX_ENT(AT_DCACHEBSIZE, cpu->env.dcache_line_size); \
889         NEW_AUX_ENT(AT_ICACHEBSIZE, cpu->env.icache_line_size); \
890         NEW_AUX_ENT(AT_UCACHEBSIZE, 0);                 \
891     } while (0)
892 
893 static inline void init_thread(struct target_pt_regs *_regs, struct image_info *infop)
894 {
895     _regs->gpr[1] = infop->start_stack;
896 #if defined(TARGET_PPC64) && !defined(TARGET_ABI32)
897     if (get_ppc64_abi(infop) < 2) {
898         uint64_t val;
899         get_user_u64(val, infop->entry + 8);
900         _regs->gpr[2] = val + infop->load_bias;
901         get_user_u64(val, infop->entry);
902         infop->entry = val + infop->load_bias;
903     } else {
904         _regs->gpr[12] = infop->entry;  /* r12 set to global entry address */
905     }
906 #endif
907     _regs->nip = infop->entry;
908 }
909 
910 /* See linux kernel: arch/powerpc/include/asm/elf.h.  */
911 #define ELF_NREG 48
912 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
913 
914 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUPPCState *env)
915 {
916     int i;
917     target_ulong ccr = 0;
918 
919     for (i = 0; i < ARRAY_SIZE(env->gpr); i++) {
920         (*regs)[i] = tswapreg(env->gpr[i]);
921     }
922 
923     (*regs)[32] = tswapreg(env->nip);
924     (*regs)[33] = tswapreg(env->msr);
925     (*regs)[35] = tswapreg(env->ctr);
926     (*regs)[36] = tswapreg(env->lr);
927     (*regs)[37] = tswapreg(env->xer);
928 
929     for (i = 0; i < ARRAY_SIZE(env->crf); i++) {
930         ccr |= env->crf[i] << (32 - ((i + 1) * 4));
931     }
932     (*regs)[38] = tswapreg(ccr);
933 }
934 
935 #define USE_ELF_CORE_DUMP
936 #define ELF_EXEC_PAGESIZE       4096
937 
938 #endif
939 
940 #ifdef TARGET_MIPS
941 
942 #define ELF_START_MMAP 0x80000000
943 
944 #ifdef TARGET_MIPS64
945 #define ELF_CLASS   ELFCLASS64
946 #else
947 #define ELF_CLASS   ELFCLASS32
948 #endif
949 #define ELF_ARCH    EM_MIPS
950 
951 #define elf_check_arch(x) ((x) == EM_MIPS || (x) == EM_NANOMIPS)
952 
953 static inline void init_thread(struct target_pt_regs *regs,
954                                struct image_info *infop)
955 {
956     regs->cp0_status = 2 << CP0St_KSU;
957     regs->cp0_epc = infop->entry;
958     regs->regs[29] = infop->start_stack;
959 }
960 
961 /* See linux kernel: arch/mips/include/asm/elf.h.  */
962 #define ELF_NREG 45
963 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
964 
965 /* See linux kernel: arch/mips/include/asm/reg.h.  */
966 enum {
967 #ifdef TARGET_MIPS64
968     TARGET_EF_R0 = 0,
969 #else
970     TARGET_EF_R0 = 6,
971 #endif
972     TARGET_EF_R26 = TARGET_EF_R0 + 26,
973     TARGET_EF_R27 = TARGET_EF_R0 + 27,
974     TARGET_EF_LO = TARGET_EF_R0 + 32,
975     TARGET_EF_HI = TARGET_EF_R0 + 33,
976     TARGET_EF_CP0_EPC = TARGET_EF_R0 + 34,
977     TARGET_EF_CP0_BADVADDR = TARGET_EF_R0 + 35,
978     TARGET_EF_CP0_STATUS = TARGET_EF_R0 + 36,
979     TARGET_EF_CP0_CAUSE = TARGET_EF_R0 + 37
980 };
981 
982 /* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs.  */
983 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUMIPSState *env)
984 {
985     int i;
986 
987     for (i = 0; i < TARGET_EF_R0; i++) {
988         (*regs)[i] = 0;
989     }
990     (*regs)[TARGET_EF_R0] = 0;
991 
992     for (i = 1; i < ARRAY_SIZE(env->active_tc.gpr); i++) {
993         (*regs)[TARGET_EF_R0 + i] = tswapreg(env->active_tc.gpr[i]);
994     }
995 
996     (*regs)[TARGET_EF_R26] = 0;
997     (*regs)[TARGET_EF_R27] = 0;
998     (*regs)[TARGET_EF_LO] = tswapreg(env->active_tc.LO[0]);
999     (*regs)[TARGET_EF_HI] = tswapreg(env->active_tc.HI[0]);
1000     (*regs)[TARGET_EF_CP0_EPC] = tswapreg(env->active_tc.PC);
1001     (*regs)[TARGET_EF_CP0_BADVADDR] = tswapreg(env->CP0_BadVAddr);
1002     (*regs)[TARGET_EF_CP0_STATUS] = tswapreg(env->CP0_Status);
1003     (*regs)[TARGET_EF_CP0_CAUSE] = tswapreg(env->CP0_Cause);
1004 }
1005 
1006 #define USE_ELF_CORE_DUMP
1007 #define ELF_EXEC_PAGESIZE        4096
1008 
1009 /* See arch/mips/include/uapi/asm/hwcap.h.  */
1010 enum {
1011     HWCAP_MIPS_R6           = (1 << 0),
1012     HWCAP_MIPS_MSA          = (1 << 1),
1013 };
1014 
1015 #define ELF_HWCAP get_elf_hwcap()
1016 
1017 static uint32_t get_elf_hwcap(void)
1018 {
1019     MIPSCPU *cpu = MIPS_CPU(thread_cpu);
1020     uint32_t hwcaps = 0;
1021 
1022 #define GET_FEATURE(flag, hwcap) \
1023     do { if (cpu->env.insn_flags & (flag)) { hwcaps |= hwcap; } } while (0)
1024 
1025     GET_FEATURE(ISA_MIPS32R6 | ISA_MIPS64R6, HWCAP_MIPS_R6);
1026     GET_FEATURE(ASE_MSA, HWCAP_MIPS_MSA);
1027 
1028 #undef GET_FEATURE
1029 
1030     return hwcaps;
1031 }
1032 
1033 #endif /* TARGET_MIPS */
1034 
1035 #ifdef TARGET_MICROBLAZE
1036 
1037 #define ELF_START_MMAP 0x80000000
1038 
1039 #define elf_check_arch(x) ( (x) == EM_MICROBLAZE || (x) == EM_MICROBLAZE_OLD)
1040 
1041 #define ELF_CLASS   ELFCLASS32
1042 #define ELF_ARCH    EM_MICROBLAZE
1043 
1044 static inline void init_thread(struct target_pt_regs *regs,
1045                                struct image_info *infop)
1046 {
1047     regs->pc = infop->entry;
1048     regs->r1 = infop->start_stack;
1049 
1050 }
1051 
1052 #define ELF_EXEC_PAGESIZE        4096
1053 
1054 #define USE_ELF_CORE_DUMP
1055 #define ELF_NREG 38
1056 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
1057 
1058 /* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs.  */
1059 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUMBState *env)
1060 {
1061     int i, pos = 0;
1062 
1063     for (i = 0; i < 32; i++) {
1064         (*regs)[pos++] = tswapreg(env->regs[i]);
1065     }
1066 
1067     for (i = 0; i < 6; i++) {
1068         (*regs)[pos++] = tswapreg(env->sregs[i]);
1069     }
1070 }
1071 
1072 #endif /* TARGET_MICROBLAZE */
1073 
1074 #ifdef TARGET_NIOS2
1075 
1076 #define ELF_START_MMAP 0x80000000
1077 
1078 #define elf_check_arch(x) ((x) == EM_ALTERA_NIOS2)
1079 
1080 #define ELF_CLASS   ELFCLASS32
1081 #define ELF_ARCH    EM_ALTERA_NIOS2
1082 
1083 static void init_thread(struct target_pt_regs *regs, struct image_info *infop)
1084 {
1085     regs->ea = infop->entry;
1086     regs->sp = infop->start_stack;
1087     regs->estatus = 0x3;
1088 }
1089 
1090 #define ELF_EXEC_PAGESIZE        4096
1091 
1092 #define USE_ELF_CORE_DUMP
1093 #define ELF_NREG 49
1094 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
1095 
1096 /* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs.  */
1097 static void elf_core_copy_regs(target_elf_gregset_t *regs,
1098                                const CPUNios2State *env)
1099 {
1100     int i;
1101 
1102     (*regs)[0] = -1;
1103     for (i = 1; i < 8; i++)    /* r0-r7 */
1104         (*regs)[i] = tswapreg(env->regs[i + 7]);
1105 
1106     for (i = 8; i < 16; i++)   /* r8-r15 */
1107         (*regs)[i] = tswapreg(env->regs[i - 8]);
1108 
1109     for (i = 16; i < 24; i++)  /* r16-r23 */
1110         (*regs)[i] = tswapreg(env->regs[i + 7]);
1111     (*regs)[24] = -1;    /* R_ET */
1112     (*regs)[25] = -1;    /* R_BT */
1113     (*regs)[26] = tswapreg(env->regs[R_GP]);
1114     (*regs)[27] = tswapreg(env->regs[R_SP]);
1115     (*regs)[28] = tswapreg(env->regs[R_FP]);
1116     (*regs)[29] = tswapreg(env->regs[R_EA]);
1117     (*regs)[30] = -1;    /* R_SSTATUS */
1118     (*regs)[31] = tswapreg(env->regs[R_RA]);
1119 
1120     (*regs)[32] = tswapreg(env->regs[R_PC]);
1121 
1122     (*regs)[33] = -1; /* R_STATUS */
1123     (*regs)[34] = tswapreg(env->regs[CR_ESTATUS]);
1124 
1125     for (i = 35; i < 49; i++)    /* ... */
1126         (*regs)[i] = -1;
1127 }
1128 
1129 #endif /* TARGET_NIOS2 */
1130 
1131 #ifdef TARGET_OPENRISC
1132 
1133 #define ELF_START_MMAP 0x08000000
1134 
1135 #define ELF_ARCH EM_OPENRISC
1136 #define ELF_CLASS ELFCLASS32
1137 #define ELF_DATA  ELFDATA2MSB
1138 
1139 static inline void init_thread(struct target_pt_regs *regs,
1140                                struct image_info *infop)
1141 {
1142     regs->pc = infop->entry;
1143     regs->gpr[1] = infop->start_stack;
1144 }
1145 
1146 #define USE_ELF_CORE_DUMP
1147 #define ELF_EXEC_PAGESIZE 8192
1148 
1149 /* See linux kernel arch/openrisc/include/asm/elf.h.  */
1150 #define ELF_NREG 34 /* gprs and pc, sr */
1151 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
1152 
1153 static void elf_core_copy_regs(target_elf_gregset_t *regs,
1154                                const CPUOpenRISCState *env)
1155 {
1156     int i;
1157 
1158     for (i = 0; i < 32; i++) {
1159         (*regs)[i] = tswapreg(cpu_get_gpr(env, i));
1160     }
1161     (*regs)[32] = tswapreg(env->pc);
1162     (*regs)[33] = tswapreg(cpu_get_sr(env));
1163 }
1164 #define ELF_HWCAP 0
1165 #define ELF_PLATFORM NULL
1166 
1167 #endif /* TARGET_OPENRISC */
1168 
1169 #ifdef TARGET_SH4
1170 
1171 #define ELF_START_MMAP 0x80000000
1172 
1173 #define ELF_CLASS ELFCLASS32
1174 #define ELF_ARCH  EM_SH
1175 
1176 static inline void init_thread(struct target_pt_regs *regs,
1177                                struct image_info *infop)
1178 {
1179     /* Check other registers XXXXX */
1180     regs->pc = infop->entry;
1181     regs->regs[15] = infop->start_stack;
1182 }
1183 
1184 /* See linux kernel: arch/sh/include/asm/elf.h.  */
1185 #define ELF_NREG 23
1186 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
1187 
1188 /* See linux kernel: arch/sh/include/asm/ptrace.h.  */
1189 enum {
1190     TARGET_REG_PC = 16,
1191     TARGET_REG_PR = 17,
1192     TARGET_REG_SR = 18,
1193     TARGET_REG_GBR = 19,
1194     TARGET_REG_MACH = 20,
1195     TARGET_REG_MACL = 21,
1196     TARGET_REG_SYSCALL = 22
1197 };
1198 
1199 static inline void elf_core_copy_regs(target_elf_gregset_t *regs,
1200                                       const CPUSH4State *env)
1201 {
1202     int i;
1203 
1204     for (i = 0; i < 16; i++) {
1205         (*regs)[i] = tswapreg(env->gregs[i]);
1206     }
1207 
1208     (*regs)[TARGET_REG_PC] = tswapreg(env->pc);
1209     (*regs)[TARGET_REG_PR] = tswapreg(env->pr);
1210     (*regs)[TARGET_REG_SR] = tswapreg(env->sr);
1211     (*regs)[TARGET_REG_GBR] = tswapreg(env->gbr);
1212     (*regs)[TARGET_REG_MACH] = tswapreg(env->mach);
1213     (*regs)[TARGET_REG_MACL] = tswapreg(env->macl);
1214     (*regs)[TARGET_REG_SYSCALL] = 0; /* FIXME */
1215 }
1216 
1217 #define USE_ELF_CORE_DUMP
1218 #define ELF_EXEC_PAGESIZE        4096
1219 
1220 enum {
1221     SH_CPU_HAS_FPU            = 0x0001, /* Hardware FPU support */
1222     SH_CPU_HAS_P2_FLUSH_BUG   = 0x0002, /* Need to flush the cache in P2 area */
1223     SH_CPU_HAS_MMU_PAGE_ASSOC = 0x0004, /* SH3: TLB way selection bit support */
1224     SH_CPU_HAS_DSP            = 0x0008, /* SH-DSP: DSP support */
1225     SH_CPU_HAS_PERF_COUNTER   = 0x0010, /* Hardware performance counters */
1226     SH_CPU_HAS_PTEA           = 0x0020, /* PTEA register */
1227     SH_CPU_HAS_LLSC           = 0x0040, /* movli.l/movco.l */
1228     SH_CPU_HAS_L2_CACHE       = 0x0080, /* Secondary cache / URAM */
1229     SH_CPU_HAS_OP32           = 0x0100, /* 32-bit instruction support */
1230     SH_CPU_HAS_PTEAEX         = 0x0200, /* PTE ASID Extension support */
1231 };
1232 
1233 #define ELF_HWCAP get_elf_hwcap()
1234 
1235 static uint32_t get_elf_hwcap(void)
1236 {
1237     SuperHCPU *cpu = SUPERH_CPU(thread_cpu);
1238     uint32_t hwcap = 0;
1239 
1240     hwcap |= SH_CPU_HAS_FPU;
1241 
1242     if (cpu->env.features & SH_FEATURE_SH4A) {
1243         hwcap |= SH_CPU_HAS_LLSC;
1244     }
1245 
1246     return hwcap;
1247 }
1248 
1249 #endif
1250 
1251 #ifdef TARGET_CRIS
1252 
1253 #define ELF_START_MMAP 0x80000000
1254 
1255 #define ELF_CLASS ELFCLASS32
1256 #define ELF_ARCH  EM_CRIS
1257 
1258 static inline void init_thread(struct target_pt_regs *regs,
1259                                struct image_info *infop)
1260 {
1261     regs->erp = infop->entry;
1262 }
1263 
1264 #define ELF_EXEC_PAGESIZE        8192
1265 
1266 #endif
1267 
1268 #ifdef TARGET_M68K
1269 
1270 #define ELF_START_MMAP 0x80000000
1271 
1272 #define ELF_CLASS       ELFCLASS32
1273 #define ELF_ARCH        EM_68K
1274 
1275 /* ??? Does this need to do anything?
1276    #define ELF_PLAT_INIT(_r) */
1277 
1278 static inline void init_thread(struct target_pt_regs *regs,
1279                                struct image_info *infop)
1280 {
1281     regs->usp = infop->start_stack;
1282     regs->sr = 0;
1283     regs->pc = infop->entry;
1284 }
1285 
1286 /* See linux kernel: arch/m68k/include/asm/elf.h.  */
1287 #define ELF_NREG 20
1288 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
1289 
1290 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUM68KState *env)
1291 {
1292     (*regs)[0] = tswapreg(env->dregs[1]);
1293     (*regs)[1] = tswapreg(env->dregs[2]);
1294     (*regs)[2] = tswapreg(env->dregs[3]);
1295     (*regs)[3] = tswapreg(env->dregs[4]);
1296     (*regs)[4] = tswapreg(env->dregs[5]);
1297     (*regs)[5] = tswapreg(env->dregs[6]);
1298     (*regs)[6] = tswapreg(env->dregs[7]);
1299     (*regs)[7] = tswapreg(env->aregs[0]);
1300     (*regs)[8] = tswapreg(env->aregs[1]);
1301     (*regs)[9] = tswapreg(env->aregs[2]);
1302     (*regs)[10] = tswapreg(env->aregs[3]);
1303     (*regs)[11] = tswapreg(env->aregs[4]);
1304     (*regs)[12] = tswapreg(env->aregs[5]);
1305     (*regs)[13] = tswapreg(env->aregs[6]);
1306     (*regs)[14] = tswapreg(env->dregs[0]);
1307     (*regs)[15] = tswapreg(env->aregs[7]);
1308     (*regs)[16] = tswapreg(env->dregs[0]); /* FIXME: orig_d0 */
1309     (*regs)[17] = tswapreg(env->sr);
1310     (*regs)[18] = tswapreg(env->pc);
1311     (*regs)[19] = 0;  /* FIXME: regs->format | regs->vector */
1312 }
1313 
1314 #define USE_ELF_CORE_DUMP
1315 #define ELF_EXEC_PAGESIZE       8192
1316 
1317 #endif
1318 
1319 #ifdef TARGET_ALPHA
1320 
1321 #define ELF_START_MMAP (0x30000000000ULL)
1322 
1323 #define ELF_CLASS      ELFCLASS64
1324 #define ELF_ARCH       EM_ALPHA
1325 
1326 static inline void init_thread(struct target_pt_regs *regs,
1327                                struct image_info *infop)
1328 {
1329     regs->pc = infop->entry;
1330     regs->ps = 8;
1331     regs->usp = infop->start_stack;
1332 }
1333 
1334 #define ELF_EXEC_PAGESIZE        8192
1335 
1336 #endif /* TARGET_ALPHA */
1337 
1338 #ifdef TARGET_S390X
1339 
1340 #define ELF_START_MMAP (0x20000000000ULL)
1341 
1342 #define ELF_CLASS	ELFCLASS64
1343 #define ELF_DATA	ELFDATA2MSB
1344 #define ELF_ARCH	EM_S390
1345 
1346 #include "elf.h"
1347 
1348 #define ELF_HWCAP get_elf_hwcap()
1349 
1350 #define GET_FEATURE(_feat, _hwcap) \
1351     do { if (s390_has_feat(_feat)) { hwcap |= _hwcap; } } while (0)
1352 
1353 static uint32_t get_elf_hwcap(void)
1354 {
1355     /*
1356      * Let's assume we always have esan3 and zarch.
1357      * 31-bit processes can use 64-bit registers (high gprs).
1358      */
1359     uint32_t hwcap = HWCAP_S390_ESAN3 | HWCAP_S390_ZARCH | HWCAP_S390_HIGH_GPRS;
1360 
1361     GET_FEATURE(S390_FEAT_STFLE, HWCAP_S390_STFLE);
1362     GET_FEATURE(S390_FEAT_MSA, HWCAP_S390_MSA);
1363     GET_FEATURE(S390_FEAT_LONG_DISPLACEMENT, HWCAP_S390_LDISP);
1364     GET_FEATURE(S390_FEAT_EXTENDED_IMMEDIATE, HWCAP_S390_EIMM);
1365     if (s390_has_feat(S390_FEAT_EXTENDED_TRANSLATION_3) &&
1366         s390_has_feat(S390_FEAT_ETF3_ENH)) {
1367         hwcap |= HWCAP_S390_ETF3EH;
1368     }
1369     GET_FEATURE(S390_FEAT_VECTOR, HWCAP_S390_VXRS);
1370 
1371     return hwcap;
1372 }
1373 
1374 static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop)
1375 {
1376     regs->psw.addr = infop->entry;
1377     regs->psw.mask = PSW_MASK_64 | PSW_MASK_32;
1378     regs->gprs[15] = infop->start_stack;
1379 }
1380 
1381 #endif /* TARGET_S390X */
1382 
1383 #ifdef TARGET_TILEGX
1384 
1385 /* 42 bits real used address, a half for user mode */
1386 #define ELF_START_MMAP (0x00000020000000000ULL)
1387 
1388 #define elf_check_arch(x) ((x) == EM_TILEGX)
1389 
1390 #define ELF_CLASS   ELFCLASS64
1391 #define ELF_DATA    ELFDATA2LSB
1392 #define ELF_ARCH    EM_TILEGX
1393 
1394 static inline void init_thread(struct target_pt_regs *regs,
1395                                struct image_info *infop)
1396 {
1397     regs->pc = infop->entry;
1398     regs->sp = infop->start_stack;
1399 
1400 }
1401 
1402 #define ELF_EXEC_PAGESIZE        65536 /* TILE-Gx page size is 64KB */
1403 
1404 #endif /* TARGET_TILEGX */
1405 
1406 #ifdef TARGET_RISCV
1407 
1408 #define ELF_START_MMAP 0x80000000
1409 #define ELF_ARCH  EM_RISCV
1410 
1411 #ifdef TARGET_RISCV32
1412 #define ELF_CLASS ELFCLASS32
1413 #else
1414 #define ELF_CLASS ELFCLASS64
1415 #endif
1416 
1417 static inline void init_thread(struct target_pt_regs *regs,
1418                                struct image_info *infop)
1419 {
1420     regs->sepc = infop->entry;
1421     regs->sp = infop->start_stack;
1422 }
1423 
1424 #define ELF_EXEC_PAGESIZE 4096
1425 
1426 #endif /* TARGET_RISCV */
1427 
1428 #ifdef TARGET_HPPA
1429 
1430 #define ELF_START_MMAP  0x80000000
1431 #define ELF_CLASS       ELFCLASS32
1432 #define ELF_ARCH        EM_PARISC
1433 #define ELF_PLATFORM    "PARISC"
1434 #define STACK_GROWS_DOWN 0
1435 #define STACK_ALIGNMENT  64
1436 
1437 static inline void init_thread(struct target_pt_regs *regs,
1438                                struct image_info *infop)
1439 {
1440     regs->iaoq[0] = infop->entry;
1441     regs->iaoq[1] = infop->entry + 4;
1442     regs->gr[23] = 0;
1443     regs->gr[24] = infop->arg_start;
1444     regs->gr[25] = (infop->arg_end - infop->arg_start) / sizeof(abi_ulong);
1445     /* The top-of-stack contains a linkage buffer.  */
1446     regs->gr[30] = infop->start_stack + 64;
1447     regs->gr[31] = infop->entry;
1448 }
1449 
1450 #endif /* TARGET_HPPA */
1451 
1452 #ifdef TARGET_XTENSA
1453 
1454 #define ELF_START_MMAP 0x20000000
1455 
1456 #define ELF_CLASS       ELFCLASS32
1457 #define ELF_ARCH        EM_XTENSA
1458 
1459 static inline void init_thread(struct target_pt_regs *regs,
1460                                struct image_info *infop)
1461 {
1462     regs->windowbase = 0;
1463     regs->windowstart = 1;
1464     regs->areg[1] = infop->start_stack;
1465     regs->pc = infop->entry;
1466 }
1467 
1468 /* See linux kernel: arch/xtensa/include/asm/elf.h.  */
1469 #define ELF_NREG 128
1470 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
1471 
1472 enum {
1473     TARGET_REG_PC,
1474     TARGET_REG_PS,
1475     TARGET_REG_LBEG,
1476     TARGET_REG_LEND,
1477     TARGET_REG_LCOUNT,
1478     TARGET_REG_SAR,
1479     TARGET_REG_WINDOWSTART,
1480     TARGET_REG_WINDOWBASE,
1481     TARGET_REG_THREADPTR,
1482     TARGET_REG_AR0 = 64,
1483 };
1484 
1485 static void elf_core_copy_regs(target_elf_gregset_t *regs,
1486                                const CPUXtensaState *env)
1487 {
1488     unsigned i;
1489 
1490     (*regs)[TARGET_REG_PC] = tswapreg(env->pc);
1491     (*regs)[TARGET_REG_PS] = tswapreg(env->sregs[PS] & ~PS_EXCM);
1492     (*regs)[TARGET_REG_LBEG] = tswapreg(env->sregs[LBEG]);
1493     (*regs)[TARGET_REG_LEND] = tswapreg(env->sregs[LEND]);
1494     (*regs)[TARGET_REG_LCOUNT] = tswapreg(env->sregs[LCOUNT]);
1495     (*regs)[TARGET_REG_SAR] = tswapreg(env->sregs[SAR]);
1496     (*regs)[TARGET_REG_WINDOWSTART] = tswapreg(env->sregs[WINDOW_START]);
1497     (*regs)[TARGET_REG_WINDOWBASE] = tswapreg(env->sregs[WINDOW_BASE]);
1498     (*regs)[TARGET_REG_THREADPTR] = tswapreg(env->uregs[THREADPTR]);
1499     xtensa_sync_phys_from_window((CPUXtensaState *)env);
1500     for (i = 0; i < env->config->nareg; ++i) {
1501         (*regs)[TARGET_REG_AR0 + i] = tswapreg(env->phys_regs[i]);
1502     }
1503 }
1504 
1505 #define USE_ELF_CORE_DUMP
1506 #define ELF_EXEC_PAGESIZE       4096
1507 
1508 #endif /* TARGET_XTENSA */
1509 
1510 #ifndef ELF_PLATFORM
1511 #define ELF_PLATFORM (NULL)
1512 #endif
1513 
1514 #ifndef ELF_MACHINE
1515 #define ELF_MACHINE ELF_ARCH
1516 #endif
1517 
1518 #ifndef elf_check_arch
1519 #define elf_check_arch(x) ((x) == ELF_ARCH)
1520 #endif
1521 
1522 #ifndef ELF_HWCAP
1523 #define ELF_HWCAP 0
1524 #endif
1525 
1526 #ifndef STACK_GROWS_DOWN
1527 #define STACK_GROWS_DOWN 1
1528 #endif
1529 
1530 #ifndef STACK_ALIGNMENT
1531 #define STACK_ALIGNMENT 16
1532 #endif
1533 
1534 #ifdef TARGET_ABI32
1535 #undef ELF_CLASS
1536 #define ELF_CLASS ELFCLASS32
1537 #undef bswaptls
1538 #define bswaptls(ptr) bswap32s(ptr)
1539 #endif
1540 
1541 #include "elf.h"
1542 
1543 struct exec
1544 {
1545     unsigned int a_info;   /* Use macros N_MAGIC, etc for access */
1546     unsigned int a_text;   /* length of text, in bytes */
1547     unsigned int a_data;   /* length of data, in bytes */
1548     unsigned int a_bss;    /* length of uninitialized data area, in bytes */
1549     unsigned int a_syms;   /* length of symbol table data in file, in bytes */
1550     unsigned int a_entry;  /* start address */
1551     unsigned int a_trsize; /* length of relocation info for text, in bytes */
1552     unsigned int a_drsize; /* length of relocation info for data, in bytes */
1553 };
1554 
1555 
1556 #define N_MAGIC(exec) ((exec).a_info & 0xffff)
1557 #define OMAGIC 0407
1558 #define NMAGIC 0410
1559 #define ZMAGIC 0413
1560 #define QMAGIC 0314
1561 
1562 /* Necessary parameters */
1563 #define TARGET_ELF_EXEC_PAGESIZE \
1564         (((eppnt->p_align & ~qemu_host_page_mask) != 0) ? \
1565          TARGET_PAGE_SIZE : MAX(qemu_host_page_size, TARGET_PAGE_SIZE))
1566 #define TARGET_ELF_PAGELENGTH(_v) ROUND_UP((_v), TARGET_ELF_EXEC_PAGESIZE)
1567 #define TARGET_ELF_PAGESTART(_v) ((_v) & \
1568                                  ~(abi_ulong)(TARGET_ELF_EXEC_PAGESIZE-1))
1569 #define TARGET_ELF_PAGEOFFSET(_v) ((_v) & (TARGET_ELF_EXEC_PAGESIZE-1))
1570 
1571 #define DLINFO_ITEMS 15
1572 
1573 static inline void memcpy_fromfs(void * to, const void * from, unsigned long n)
1574 {
1575     memcpy(to, from, n);
1576 }
1577 
1578 #ifdef BSWAP_NEEDED
1579 static void bswap_ehdr(struct elfhdr *ehdr)
1580 {
1581     bswap16s(&ehdr->e_type);            /* Object file type */
1582     bswap16s(&ehdr->e_machine);         /* Architecture */
1583     bswap32s(&ehdr->e_version);         /* Object file version */
1584     bswaptls(&ehdr->e_entry);           /* Entry point virtual address */
1585     bswaptls(&ehdr->e_phoff);           /* Program header table file offset */
1586     bswaptls(&ehdr->e_shoff);           /* Section header table file offset */
1587     bswap32s(&ehdr->e_flags);           /* Processor-specific flags */
1588     bswap16s(&ehdr->e_ehsize);          /* ELF header size in bytes */
1589     bswap16s(&ehdr->e_phentsize);       /* Program header table entry size */
1590     bswap16s(&ehdr->e_phnum);           /* Program header table entry count */
1591     bswap16s(&ehdr->e_shentsize);       /* Section header table entry size */
1592     bswap16s(&ehdr->e_shnum);           /* Section header table entry count */
1593     bswap16s(&ehdr->e_shstrndx);        /* Section header string table index */
1594 }
1595 
1596 static void bswap_phdr(struct elf_phdr *phdr, int phnum)
1597 {
1598     int i;
1599     for (i = 0; i < phnum; ++i, ++phdr) {
1600         bswap32s(&phdr->p_type);        /* Segment type */
1601         bswap32s(&phdr->p_flags);       /* Segment flags */
1602         bswaptls(&phdr->p_offset);      /* Segment file offset */
1603         bswaptls(&phdr->p_vaddr);       /* Segment virtual address */
1604         bswaptls(&phdr->p_paddr);       /* Segment physical address */
1605         bswaptls(&phdr->p_filesz);      /* Segment size in file */
1606         bswaptls(&phdr->p_memsz);       /* Segment size in memory */
1607         bswaptls(&phdr->p_align);       /* Segment alignment */
1608     }
1609 }
1610 
1611 static void bswap_shdr(struct elf_shdr *shdr, int shnum)
1612 {
1613     int i;
1614     for (i = 0; i < shnum; ++i, ++shdr) {
1615         bswap32s(&shdr->sh_name);
1616         bswap32s(&shdr->sh_type);
1617         bswaptls(&shdr->sh_flags);
1618         bswaptls(&shdr->sh_addr);
1619         bswaptls(&shdr->sh_offset);
1620         bswaptls(&shdr->sh_size);
1621         bswap32s(&shdr->sh_link);
1622         bswap32s(&shdr->sh_info);
1623         bswaptls(&shdr->sh_addralign);
1624         bswaptls(&shdr->sh_entsize);
1625     }
1626 }
1627 
1628 static void bswap_sym(struct elf_sym *sym)
1629 {
1630     bswap32s(&sym->st_name);
1631     bswaptls(&sym->st_value);
1632     bswaptls(&sym->st_size);
1633     bswap16s(&sym->st_shndx);
1634 }
1635 
1636 #ifdef TARGET_MIPS
1637 static void bswap_mips_abiflags(Mips_elf_abiflags_v0 *abiflags)
1638 {
1639     bswap16s(&abiflags->version);
1640     bswap32s(&abiflags->ases);
1641     bswap32s(&abiflags->isa_ext);
1642     bswap32s(&abiflags->flags1);
1643     bswap32s(&abiflags->flags2);
1644 }
1645 #endif
1646 #else
1647 static inline void bswap_ehdr(struct elfhdr *ehdr) { }
1648 static inline void bswap_phdr(struct elf_phdr *phdr, int phnum) { }
1649 static inline void bswap_shdr(struct elf_shdr *shdr, int shnum) { }
1650 static inline void bswap_sym(struct elf_sym *sym) { }
1651 #ifdef TARGET_MIPS
1652 static inline void bswap_mips_abiflags(Mips_elf_abiflags_v0 *abiflags) { }
1653 #endif
1654 #endif
1655 
1656 #ifdef USE_ELF_CORE_DUMP
1657 static int elf_core_dump(int, const CPUArchState *);
1658 #endif /* USE_ELF_CORE_DUMP */
1659 static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias);
1660 
1661 /* Verify the portions of EHDR within E_IDENT for the target.
1662    This can be performed before bswapping the entire header.  */
1663 static bool elf_check_ident(struct elfhdr *ehdr)
1664 {
1665     return (ehdr->e_ident[EI_MAG0] == ELFMAG0
1666             && ehdr->e_ident[EI_MAG1] == ELFMAG1
1667             && ehdr->e_ident[EI_MAG2] == ELFMAG2
1668             && ehdr->e_ident[EI_MAG3] == ELFMAG3
1669             && ehdr->e_ident[EI_CLASS] == ELF_CLASS
1670             && ehdr->e_ident[EI_DATA] == ELF_DATA
1671             && ehdr->e_ident[EI_VERSION] == EV_CURRENT);
1672 }
1673 
1674 /* Verify the portions of EHDR outside of E_IDENT for the target.
1675    This has to wait until after bswapping the header.  */
1676 static bool elf_check_ehdr(struct elfhdr *ehdr)
1677 {
1678     return (elf_check_arch(ehdr->e_machine)
1679             && ehdr->e_ehsize == sizeof(struct elfhdr)
1680             && ehdr->e_phentsize == sizeof(struct elf_phdr)
1681             && (ehdr->e_type == ET_EXEC || ehdr->e_type == ET_DYN));
1682 }
1683 
1684 /*
1685  * 'copy_elf_strings()' copies argument/envelope strings from user
1686  * memory to free pages in kernel mem. These are in a format ready
1687  * to be put directly into the top of new user memory.
1688  *
1689  */
1690 static abi_ulong copy_elf_strings(int argc, char **argv, char *scratch,
1691                                   abi_ulong p, abi_ulong stack_limit)
1692 {
1693     char *tmp;
1694     int len, i;
1695     abi_ulong top = p;
1696 
1697     if (!p) {
1698         return 0;       /* bullet-proofing */
1699     }
1700 
1701     if (STACK_GROWS_DOWN) {
1702         int offset = ((p - 1) % TARGET_PAGE_SIZE) + 1;
1703         for (i = argc - 1; i >= 0; --i) {
1704             tmp = argv[i];
1705             if (!tmp) {
1706                 fprintf(stderr, "VFS: argc is wrong");
1707                 exit(-1);
1708             }
1709             len = strlen(tmp) + 1;
1710             tmp += len;
1711 
1712             if (len > (p - stack_limit)) {
1713                 return 0;
1714             }
1715             while (len) {
1716                 int bytes_to_copy = (len > offset) ? offset : len;
1717                 tmp -= bytes_to_copy;
1718                 p -= bytes_to_copy;
1719                 offset -= bytes_to_copy;
1720                 len -= bytes_to_copy;
1721 
1722                 memcpy_fromfs(scratch + offset, tmp, bytes_to_copy);
1723 
1724                 if (offset == 0) {
1725                     memcpy_to_target(p, scratch, top - p);
1726                     top = p;
1727                     offset = TARGET_PAGE_SIZE;
1728                 }
1729             }
1730         }
1731         if (p != top) {
1732             memcpy_to_target(p, scratch + offset, top - p);
1733         }
1734     } else {
1735         int remaining = TARGET_PAGE_SIZE - (p % TARGET_PAGE_SIZE);
1736         for (i = 0; i < argc; ++i) {
1737             tmp = argv[i];
1738             if (!tmp) {
1739                 fprintf(stderr, "VFS: argc is wrong");
1740                 exit(-1);
1741             }
1742             len = strlen(tmp) + 1;
1743             if (len > (stack_limit - p)) {
1744                 return 0;
1745             }
1746             while (len) {
1747                 int bytes_to_copy = (len > remaining) ? remaining : len;
1748 
1749                 memcpy_fromfs(scratch + (p - top), tmp, bytes_to_copy);
1750 
1751                 tmp += bytes_to_copy;
1752                 remaining -= bytes_to_copy;
1753                 p += bytes_to_copy;
1754                 len -= bytes_to_copy;
1755 
1756                 if (remaining == 0) {
1757                     memcpy_to_target(top, scratch, p - top);
1758                     top = p;
1759                     remaining = TARGET_PAGE_SIZE;
1760                 }
1761             }
1762         }
1763         if (p != top) {
1764             memcpy_to_target(top, scratch, p - top);
1765         }
1766     }
1767 
1768     return p;
1769 }
1770 
1771 /* Older linux kernels provide up to MAX_ARG_PAGES (default: 32) of
1772  * argument/environment space. Newer kernels (>2.6.33) allow more,
1773  * dependent on stack size, but guarantee at least 32 pages for
1774  * backwards compatibility.
1775  */
1776 #define STACK_LOWER_LIMIT (32 * TARGET_PAGE_SIZE)
1777 
1778 static abi_ulong setup_arg_pages(struct linux_binprm *bprm,
1779                                  struct image_info *info)
1780 {
1781     abi_ulong size, error, guard;
1782 
1783     size = guest_stack_size;
1784     if (size < STACK_LOWER_LIMIT) {
1785         size = STACK_LOWER_LIMIT;
1786     }
1787     guard = TARGET_PAGE_SIZE;
1788     if (guard < qemu_real_host_page_size) {
1789         guard = qemu_real_host_page_size;
1790     }
1791 
1792     error = target_mmap(0, size + guard, PROT_READ | PROT_WRITE,
1793                         MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
1794     if (error == -1) {
1795         perror("mmap stack");
1796         exit(-1);
1797     }
1798 
1799     /* We reserve one extra page at the top of the stack as guard.  */
1800     if (STACK_GROWS_DOWN) {
1801         target_mprotect(error, guard, PROT_NONE);
1802         info->stack_limit = error + guard;
1803         return info->stack_limit + size - sizeof(void *);
1804     } else {
1805         target_mprotect(error + size, guard, PROT_NONE);
1806         info->stack_limit = error + size;
1807         return error;
1808     }
1809 }
1810 
1811 /* Map and zero the bss.  We need to explicitly zero any fractional pages
1812    after the data section (i.e. bss).  */
1813 static void zero_bss(abi_ulong elf_bss, abi_ulong last_bss, int prot)
1814 {
1815     uintptr_t host_start, host_map_start, host_end;
1816 
1817     last_bss = TARGET_PAGE_ALIGN(last_bss);
1818 
1819     /* ??? There is confusion between qemu_real_host_page_size and
1820        qemu_host_page_size here and elsewhere in target_mmap, which
1821        may lead to the end of the data section mapping from the file
1822        not being mapped.  At least there was an explicit test and
1823        comment for that here, suggesting that "the file size must
1824        be known".  The comment probably pre-dates the introduction
1825        of the fstat system call in target_mmap which does in fact
1826        find out the size.  What isn't clear is if the workaround
1827        here is still actually needed.  For now, continue with it,
1828        but merge it with the "normal" mmap that would allocate the bss.  */
1829 
1830     host_start = (uintptr_t) g2h(elf_bss);
1831     host_end = (uintptr_t) g2h(last_bss);
1832     host_map_start = REAL_HOST_PAGE_ALIGN(host_start);
1833 
1834     if (host_map_start < host_end) {
1835         void *p = mmap((void *)host_map_start, host_end - host_map_start,
1836                        prot, MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
1837         if (p == MAP_FAILED) {
1838             perror("cannot mmap brk");
1839             exit(-1);
1840         }
1841     }
1842 
1843     /* Ensure that the bss page(s) are valid */
1844     if ((page_get_flags(last_bss-1) & prot) != prot) {
1845         page_set_flags(elf_bss & TARGET_PAGE_MASK, last_bss, prot | PAGE_VALID);
1846     }
1847 
1848     if (host_start < host_map_start) {
1849         memset((void *)host_start, 0, host_map_start - host_start);
1850     }
1851 }
1852 
1853 #ifdef TARGET_ARM
1854 static int elf_is_fdpic(struct elfhdr *exec)
1855 {
1856     return exec->e_ident[EI_OSABI] == ELFOSABI_ARM_FDPIC;
1857 }
1858 #else
1859 /* Default implementation, always false.  */
1860 static int elf_is_fdpic(struct elfhdr *exec)
1861 {
1862     return 0;
1863 }
1864 #endif
1865 
1866 static abi_ulong loader_build_fdpic_loadmap(struct image_info *info, abi_ulong sp)
1867 {
1868     uint16_t n;
1869     struct elf32_fdpic_loadseg *loadsegs = info->loadsegs;
1870 
1871     /* elf32_fdpic_loadseg */
1872     n = info->nsegs;
1873     while (n--) {
1874         sp -= 12;
1875         put_user_u32(loadsegs[n].addr, sp+0);
1876         put_user_u32(loadsegs[n].p_vaddr, sp+4);
1877         put_user_u32(loadsegs[n].p_memsz, sp+8);
1878     }
1879 
1880     /* elf32_fdpic_loadmap */
1881     sp -= 4;
1882     put_user_u16(0, sp+0); /* version */
1883     put_user_u16(info->nsegs, sp+2); /* nsegs */
1884 
1885     info->personality = PER_LINUX_FDPIC;
1886     info->loadmap_addr = sp;
1887 
1888     return sp;
1889 }
1890 
1891 static abi_ulong create_elf_tables(abi_ulong p, int argc, int envc,
1892                                    struct elfhdr *exec,
1893                                    struct image_info *info,
1894                                    struct image_info *interp_info)
1895 {
1896     abi_ulong sp;
1897     abi_ulong u_argc, u_argv, u_envp, u_auxv;
1898     int size;
1899     int i;
1900     abi_ulong u_rand_bytes;
1901     uint8_t k_rand_bytes[16];
1902     abi_ulong u_platform;
1903     const char *k_platform;
1904     const int n = sizeof(elf_addr_t);
1905 
1906     sp = p;
1907 
1908     /* Needs to be before we load the env/argc/... */
1909     if (elf_is_fdpic(exec)) {
1910         /* Need 4 byte alignment for these structs */
1911         sp &= ~3;
1912         sp = loader_build_fdpic_loadmap(info, sp);
1913         info->other_info = interp_info;
1914         if (interp_info) {
1915             interp_info->other_info = info;
1916             sp = loader_build_fdpic_loadmap(interp_info, sp);
1917             info->interpreter_loadmap_addr = interp_info->loadmap_addr;
1918             info->interpreter_pt_dynamic_addr = interp_info->pt_dynamic_addr;
1919         } else {
1920             info->interpreter_loadmap_addr = 0;
1921             info->interpreter_pt_dynamic_addr = 0;
1922         }
1923     }
1924 
1925     u_platform = 0;
1926     k_platform = ELF_PLATFORM;
1927     if (k_platform) {
1928         size_t len = strlen(k_platform) + 1;
1929         if (STACK_GROWS_DOWN) {
1930             sp -= (len + n - 1) & ~(n - 1);
1931             u_platform = sp;
1932             /* FIXME - check return value of memcpy_to_target() for failure */
1933             memcpy_to_target(sp, k_platform, len);
1934         } else {
1935             memcpy_to_target(sp, k_platform, len);
1936             u_platform = sp;
1937             sp += len + 1;
1938         }
1939     }
1940 
1941     /* Provide 16 byte alignment for the PRNG, and basic alignment for
1942      * the argv and envp pointers.
1943      */
1944     if (STACK_GROWS_DOWN) {
1945         sp = QEMU_ALIGN_DOWN(sp, 16);
1946     } else {
1947         sp = QEMU_ALIGN_UP(sp, 16);
1948     }
1949 
1950     /*
1951      * Generate 16 random bytes for userspace PRNG seeding.
1952      */
1953     qemu_guest_getrandom_nofail(k_rand_bytes, sizeof(k_rand_bytes));
1954     if (STACK_GROWS_DOWN) {
1955         sp -= 16;
1956         u_rand_bytes = sp;
1957         /* FIXME - check return value of memcpy_to_target() for failure */
1958         memcpy_to_target(sp, k_rand_bytes, 16);
1959     } else {
1960         memcpy_to_target(sp, k_rand_bytes, 16);
1961         u_rand_bytes = sp;
1962         sp += 16;
1963     }
1964 
1965     size = (DLINFO_ITEMS + 1) * 2;
1966     if (k_platform)
1967         size += 2;
1968 #ifdef DLINFO_ARCH_ITEMS
1969     size += DLINFO_ARCH_ITEMS * 2;
1970 #endif
1971 #ifdef ELF_HWCAP2
1972     size += 2;
1973 #endif
1974     info->auxv_len = size * n;
1975 
1976     size += envc + argc + 2;
1977     size += 1;  /* argc itself */
1978     size *= n;
1979 
1980     /* Allocate space and finalize stack alignment for entry now.  */
1981     if (STACK_GROWS_DOWN) {
1982         u_argc = QEMU_ALIGN_DOWN(sp - size, STACK_ALIGNMENT);
1983         sp = u_argc;
1984     } else {
1985         u_argc = sp;
1986         sp = QEMU_ALIGN_UP(sp + size, STACK_ALIGNMENT);
1987     }
1988 
1989     u_argv = u_argc + n;
1990     u_envp = u_argv + (argc + 1) * n;
1991     u_auxv = u_envp + (envc + 1) * n;
1992     info->saved_auxv = u_auxv;
1993     info->arg_start = u_argv;
1994     info->arg_end = u_argv + argc * n;
1995 
1996     /* This is correct because Linux defines
1997      * elf_addr_t as Elf32_Off / Elf64_Off
1998      */
1999 #define NEW_AUX_ENT(id, val) do {               \
2000         put_user_ual(id, u_auxv);  u_auxv += n; \
2001         put_user_ual(val, u_auxv); u_auxv += n; \
2002     } while(0)
2003 
2004 #ifdef ARCH_DLINFO
2005     /*
2006      * ARCH_DLINFO must come first so platform specific code can enforce
2007      * special alignment requirements on the AUXV if necessary (eg. PPC).
2008      */
2009     ARCH_DLINFO;
2010 #endif
2011     /* There must be exactly DLINFO_ITEMS entries here, or the assert
2012      * on info->auxv_len will trigger.
2013      */
2014     NEW_AUX_ENT(AT_PHDR, (abi_ulong)(info->load_addr + exec->e_phoff));
2015     NEW_AUX_ENT(AT_PHENT, (abi_ulong)(sizeof (struct elf_phdr)));
2016     NEW_AUX_ENT(AT_PHNUM, (abi_ulong)(exec->e_phnum));
2017     if ((info->alignment & ~qemu_host_page_mask) != 0) {
2018         /* Target doesn't support host page size alignment */
2019         NEW_AUX_ENT(AT_PAGESZ, (abi_ulong)(TARGET_PAGE_SIZE));
2020     } else {
2021         NEW_AUX_ENT(AT_PAGESZ, (abi_ulong)(MAX(TARGET_PAGE_SIZE,
2022                                                qemu_host_page_size)));
2023     }
2024     NEW_AUX_ENT(AT_BASE, (abi_ulong)(interp_info ? interp_info->load_addr : 0));
2025     NEW_AUX_ENT(AT_FLAGS, (abi_ulong)0);
2026     NEW_AUX_ENT(AT_ENTRY, info->entry);
2027     NEW_AUX_ENT(AT_UID, (abi_ulong) getuid());
2028     NEW_AUX_ENT(AT_EUID, (abi_ulong) geteuid());
2029     NEW_AUX_ENT(AT_GID, (abi_ulong) getgid());
2030     NEW_AUX_ENT(AT_EGID, (abi_ulong) getegid());
2031     NEW_AUX_ENT(AT_HWCAP, (abi_ulong) ELF_HWCAP);
2032     NEW_AUX_ENT(AT_CLKTCK, (abi_ulong) sysconf(_SC_CLK_TCK));
2033     NEW_AUX_ENT(AT_RANDOM, (abi_ulong) u_rand_bytes);
2034     NEW_AUX_ENT(AT_SECURE, (abi_ulong) qemu_getauxval(AT_SECURE));
2035 
2036 #ifdef ELF_HWCAP2
2037     NEW_AUX_ENT(AT_HWCAP2, (abi_ulong) ELF_HWCAP2);
2038 #endif
2039 
2040     if (u_platform) {
2041         NEW_AUX_ENT(AT_PLATFORM, u_platform);
2042     }
2043     NEW_AUX_ENT (AT_NULL, 0);
2044 #undef NEW_AUX_ENT
2045 
2046     /* Check that our initial calculation of the auxv length matches how much
2047      * we actually put into it.
2048      */
2049     assert(info->auxv_len == u_auxv - info->saved_auxv);
2050 
2051     put_user_ual(argc, u_argc);
2052 
2053     p = info->arg_strings;
2054     for (i = 0; i < argc; ++i) {
2055         put_user_ual(p, u_argv);
2056         u_argv += n;
2057         p += target_strlen(p) + 1;
2058     }
2059     put_user_ual(0, u_argv);
2060 
2061     p = info->env_strings;
2062     for (i = 0; i < envc; ++i) {
2063         put_user_ual(p, u_envp);
2064         u_envp += n;
2065         p += target_strlen(p) + 1;
2066     }
2067     put_user_ual(0, u_envp);
2068 
2069     return sp;
2070 }
2071 
2072 unsigned long init_guest_space(unsigned long host_start,
2073                                unsigned long host_size,
2074                                unsigned long guest_start,
2075                                bool fixed)
2076 {
2077     /* In order to use host shmat, we must be able to honor SHMLBA.  */
2078     unsigned long align = MAX(SHMLBA, qemu_host_page_size);
2079     unsigned long current_start, aligned_start;
2080     int flags;
2081 
2082     assert(host_start || host_size);
2083 
2084     /* If just a starting address is given, then just verify that
2085      * address.  */
2086     if (host_start && !host_size) {
2087 #if defined(TARGET_ARM) && !defined(TARGET_AARCH64)
2088         if (init_guest_commpage(host_start, host_size) != 1) {
2089             return (unsigned long)-1;
2090         }
2091 #endif
2092         return host_start;
2093     }
2094 
2095     /* Setup the initial flags and start address.  */
2096     current_start = host_start & -align;
2097     flags = MAP_ANONYMOUS | MAP_PRIVATE | MAP_NORESERVE;
2098     if (fixed) {
2099         flags |= MAP_FIXED;
2100     }
2101 
2102     /* Otherwise, a non-zero size region of memory needs to be mapped
2103      * and validated.  */
2104 
2105 #if defined(TARGET_ARM) && !defined(TARGET_AARCH64)
2106     /* On 32-bit ARM, we need to map not just the usable memory, but
2107      * also the commpage.  Try to find a suitable place by allocating
2108      * a big chunk for all of it.  If host_start, then the naive
2109      * strategy probably does good enough.
2110      */
2111     if (!host_start) {
2112         unsigned long guest_full_size, host_full_size, real_start;
2113 
2114         guest_full_size =
2115             (0xffff0f00 & qemu_host_page_mask) + qemu_host_page_size;
2116         host_full_size = guest_full_size - guest_start;
2117         real_start = (unsigned long)
2118             mmap(NULL, host_full_size, PROT_NONE, flags, -1, 0);
2119         if (real_start == (unsigned long)-1) {
2120             if (host_size < host_full_size - qemu_host_page_size) {
2121                 /* We failed to map a continous segment, but we're
2122                  * allowed to have a gap between the usable memory and
2123                  * the commpage where other things can be mapped.
2124                  * This sparseness gives us more flexibility to find
2125                  * an address range.
2126                  */
2127                 goto naive;
2128             }
2129             return (unsigned long)-1;
2130         }
2131         munmap((void *)real_start, host_full_size);
2132         if (real_start & (align - 1)) {
2133             /* The same thing again, but with extra
2134              * so that we can shift around alignment.
2135              */
2136             unsigned long real_size = host_full_size + qemu_host_page_size;
2137             real_start = (unsigned long)
2138                 mmap(NULL, real_size, PROT_NONE, flags, -1, 0);
2139             if (real_start == (unsigned long)-1) {
2140                 if (host_size < host_full_size - qemu_host_page_size) {
2141                     goto naive;
2142                 }
2143                 return (unsigned long)-1;
2144             }
2145             munmap((void *)real_start, real_size);
2146             real_start = ROUND_UP(real_start, align);
2147         }
2148         current_start = real_start;
2149     }
2150  naive:
2151 #endif
2152 
2153     while (1) {
2154         unsigned long real_start, real_size, aligned_size;
2155         aligned_size = real_size = host_size;
2156 
2157         /* Do not use mmap_find_vma here because that is limited to the
2158          * guest address space.  We are going to make the
2159          * guest address space fit whatever we're given.
2160          */
2161         real_start = (unsigned long)
2162             mmap((void *)current_start, host_size, PROT_NONE, flags, -1, 0);
2163         if (real_start == (unsigned long)-1) {
2164             return (unsigned long)-1;
2165         }
2166 
2167         /* Check to see if the address is valid.  */
2168         if (host_start && real_start != current_start) {
2169             goto try_again;
2170         }
2171 
2172         /* Ensure the address is properly aligned.  */
2173         if (real_start & (align - 1)) {
2174             /* Ideally, we adjust like
2175              *
2176              *    pages: [  ][  ][  ][  ][  ]
2177              *      old:   [   real   ]
2178              *             [ aligned  ]
2179              *      new:   [     real     ]
2180              *               [ aligned  ]
2181              *
2182              * But if there is something else mapped right after it,
2183              * then obviously it won't have room to grow, and the
2184              * kernel will put the new larger real someplace else with
2185              * unknown alignment (if we made it to here, then
2186              * fixed=false).  Which is why we grow real by a full page
2187              * size, instead of by part of one; so that even if we get
2188              * moved, we can still guarantee alignment.  But this does
2189              * mean that there is a padding of < 1 page both before
2190              * and after the aligned range; the "after" could could
2191              * cause problems for ARM emulation where it could butt in
2192              * to where we need to put the commpage.
2193              */
2194             munmap((void *)real_start, host_size);
2195             real_size = aligned_size + align;
2196             real_start = (unsigned long)
2197                 mmap((void *)real_start, real_size, PROT_NONE, flags, -1, 0);
2198             if (real_start == (unsigned long)-1) {
2199                 return (unsigned long)-1;
2200             }
2201             aligned_start = ROUND_UP(real_start, align);
2202         } else {
2203             aligned_start = real_start;
2204         }
2205 
2206 #if defined(TARGET_ARM) && !defined(TARGET_AARCH64)
2207         /* On 32-bit ARM, we need to also be able to map the commpage.  */
2208         int valid = init_guest_commpage(aligned_start - guest_start,
2209                                         aligned_size + guest_start);
2210         if (valid == -1) {
2211             munmap((void *)real_start, real_size);
2212             return (unsigned long)-1;
2213         } else if (valid == 0) {
2214             goto try_again;
2215         }
2216 #endif
2217 
2218         /* If nothing has said `return -1` or `goto try_again` yet,
2219          * then the address we have is good.
2220          */
2221         break;
2222 
2223     try_again:
2224         /* That address didn't work.  Unmap and try a different one.
2225          * The address the host picked because is typically right at
2226          * the top of the host address space and leaves the guest with
2227          * no usable address space.  Resort to a linear search.  We
2228          * already compensated for mmap_min_addr, so this should not
2229          * happen often.  Probably means we got unlucky and host
2230          * address space randomization put a shared library somewhere
2231          * inconvenient.
2232          *
2233          * This is probably a good strategy if host_start, but is
2234          * probably a bad strategy if not, which means we got here
2235          * because of trouble with ARM commpage setup.
2236          */
2237         munmap((void *)real_start, real_size);
2238         current_start += align;
2239         if (host_start == current_start) {
2240             /* Theoretically possible if host doesn't have any suitably
2241              * aligned areas.  Normally the first mmap will fail.
2242              */
2243             return (unsigned long)-1;
2244         }
2245     }
2246 
2247     qemu_log_mask(CPU_LOG_PAGE, "Reserved 0x%lx bytes of guest address space\n", host_size);
2248 
2249     return aligned_start;
2250 }
2251 
2252 static void probe_guest_base(const char *image_name,
2253                              abi_ulong loaddr, abi_ulong hiaddr)
2254 {
2255     /* Probe for a suitable guest base address, if the user has not set
2256      * it explicitly, and set guest_base appropriately.
2257      * In case of error we will print a suitable message and exit.
2258      */
2259     const char *errmsg;
2260     if (!have_guest_base && !reserved_va) {
2261         unsigned long host_start, real_start, host_size;
2262 
2263         /* Round addresses to page boundaries.  */
2264         loaddr &= qemu_host_page_mask;
2265         hiaddr = HOST_PAGE_ALIGN(hiaddr);
2266 
2267         if (loaddr < mmap_min_addr) {
2268             host_start = HOST_PAGE_ALIGN(mmap_min_addr);
2269         } else {
2270             host_start = loaddr;
2271             if (host_start != loaddr) {
2272                 errmsg = "Address overflow loading ELF binary";
2273                 goto exit_errmsg;
2274             }
2275         }
2276         host_size = hiaddr - loaddr;
2277 
2278         /* Setup the initial guest memory space with ranges gleaned from
2279          * the ELF image that is being loaded.
2280          */
2281         real_start = init_guest_space(host_start, host_size, loaddr, false);
2282         if (real_start == (unsigned long)-1) {
2283             errmsg = "Unable to find space for application";
2284             goto exit_errmsg;
2285         }
2286         guest_base = real_start - loaddr;
2287 
2288         qemu_log_mask(CPU_LOG_PAGE, "Relocating guest address space from 0x"
2289                       TARGET_ABI_FMT_lx " to 0x%lx\n",
2290                       loaddr, real_start);
2291     }
2292     return;
2293 
2294 exit_errmsg:
2295     fprintf(stderr, "%s: %s\n", image_name, errmsg);
2296     exit(-1);
2297 }
2298 
2299 
2300 /* Load an ELF image into the address space.
2301 
2302    IMAGE_NAME is the filename of the image, to use in error messages.
2303    IMAGE_FD is the open file descriptor for the image.
2304 
2305    BPRM_BUF is a copy of the beginning of the file; this of course
2306    contains the elf file header at offset 0.  It is assumed that this
2307    buffer is sufficiently aligned to present no problems to the host
2308    in accessing data at aligned offsets within the buffer.
2309 
2310    On return: INFO values will be filled in, as necessary or available.  */
2311 
2312 static void load_elf_image(const char *image_name, int image_fd,
2313                            struct image_info *info, char **pinterp_name,
2314                            char bprm_buf[BPRM_BUF_SIZE])
2315 {
2316     struct elfhdr *ehdr = (struct elfhdr *)bprm_buf;
2317     struct elf_phdr *phdr;
2318     abi_ulong load_addr, load_bias, loaddr, hiaddr, error;
2319     int i, retval;
2320     const char *errmsg;
2321 
2322     /* First of all, some simple consistency checks */
2323     errmsg = "Invalid ELF image for this architecture";
2324     if (!elf_check_ident(ehdr)) {
2325         goto exit_errmsg;
2326     }
2327     bswap_ehdr(ehdr);
2328     if (!elf_check_ehdr(ehdr)) {
2329         goto exit_errmsg;
2330     }
2331 
2332     i = ehdr->e_phnum * sizeof(struct elf_phdr);
2333     if (ehdr->e_phoff + i <= BPRM_BUF_SIZE) {
2334         phdr = (struct elf_phdr *)(bprm_buf + ehdr->e_phoff);
2335     } else {
2336         phdr = (struct elf_phdr *) alloca(i);
2337         retval = pread(image_fd, phdr, i, ehdr->e_phoff);
2338         if (retval != i) {
2339             goto exit_read;
2340         }
2341     }
2342     bswap_phdr(phdr, ehdr->e_phnum);
2343 
2344     info->nsegs = 0;
2345     info->pt_dynamic_addr = 0;
2346 
2347     mmap_lock();
2348 
2349     /* Find the maximum size of the image and allocate an appropriate
2350        amount of memory to handle that.  */
2351     loaddr = -1, hiaddr = 0;
2352     info->alignment = 0;
2353     for (i = 0; i < ehdr->e_phnum; ++i) {
2354         if (phdr[i].p_type == PT_LOAD) {
2355             abi_ulong a = phdr[i].p_vaddr - phdr[i].p_offset;
2356             if (a < loaddr) {
2357                 loaddr = a;
2358             }
2359             a = phdr[i].p_vaddr + phdr[i].p_memsz;
2360             if (a > hiaddr) {
2361                 hiaddr = a;
2362             }
2363             ++info->nsegs;
2364             info->alignment |= phdr[i].p_align;
2365         }
2366     }
2367 
2368     if (pinterp_name != NULL) {
2369         /*
2370          * This is the main executable.
2371          *
2372          * Reserve extra space for brk.
2373          * We hold on to this space while placing the interpreter
2374          * and the stack, lest they be placed immediately after
2375          * the data segment and block allocation from the brk.
2376          *
2377          * 16MB is chosen as "large enough" without being so large
2378          * as to allow the result to not fit with a 32-bit guest on
2379          * a 32-bit host.
2380          */
2381         info->reserve_brk = 16 * MiB;
2382         hiaddr += info->reserve_brk;
2383 
2384         if (ehdr->e_type == ET_EXEC) {
2385             /*
2386              * Make sure that the low address does not conflict with
2387              * MMAP_MIN_ADDR or the QEMU application itself.
2388              */
2389             probe_guest_base(image_name, loaddr, hiaddr);
2390         }
2391     }
2392 
2393     /*
2394      * Reserve address space for all of this.
2395      *
2396      * In the case of ET_EXEC, we supply MAP_FIXED so that we get
2397      * exactly the address range that is required.
2398      *
2399      * Otherwise this is ET_DYN, and we are searching for a location
2400      * that can hold the memory space required.  If the image is
2401      * pre-linked, LOADDR will be non-zero, and the kernel should
2402      * honor that address if it happens to be free.
2403      *
2404      * In both cases, we will overwrite pages in this range with mappings
2405      * from the executable.
2406      */
2407     load_addr = target_mmap(loaddr, hiaddr - loaddr, PROT_NONE,
2408                             MAP_PRIVATE | MAP_ANON | MAP_NORESERVE |
2409                             (ehdr->e_type == ET_EXEC ? MAP_FIXED : 0),
2410                             -1, 0);
2411     if (load_addr == -1) {
2412         goto exit_perror;
2413     }
2414     load_bias = load_addr - loaddr;
2415 
2416     if (elf_is_fdpic(ehdr)) {
2417         struct elf32_fdpic_loadseg *loadsegs = info->loadsegs =
2418             g_malloc(sizeof(*loadsegs) * info->nsegs);
2419 
2420         for (i = 0; i < ehdr->e_phnum; ++i) {
2421             switch (phdr[i].p_type) {
2422             case PT_DYNAMIC:
2423                 info->pt_dynamic_addr = phdr[i].p_vaddr + load_bias;
2424                 break;
2425             case PT_LOAD:
2426                 loadsegs->addr = phdr[i].p_vaddr + load_bias;
2427                 loadsegs->p_vaddr = phdr[i].p_vaddr;
2428                 loadsegs->p_memsz = phdr[i].p_memsz;
2429                 ++loadsegs;
2430                 break;
2431             }
2432         }
2433     }
2434 
2435     info->load_bias = load_bias;
2436     info->code_offset = load_bias;
2437     info->data_offset = load_bias;
2438     info->load_addr = load_addr;
2439     info->entry = ehdr->e_entry + load_bias;
2440     info->start_code = -1;
2441     info->end_code = 0;
2442     info->start_data = -1;
2443     info->end_data = 0;
2444     info->brk = 0;
2445     info->elf_flags = ehdr->e_flags;
2446 
2447     for (i = 0; i < ehdr->e_phnum; i++) {
2448         struct elf_phdr *eppnt = phdr + i;
2449         if (eppnt->p_type == PT_LOAD) {
2450             abi_ulong vaddr, vaddr_po, vaddr_ps, vaddr_ef, vaddr_em, vaddr_len;
2451             int elf_prot = 0;
2452 
2453             if (eppnt->p_flags & PF_R) elf_prot =  PROT_READ;
2454             if (eppnt->p_flags & PF_W) elf_prot |= PROT_WRITE;
2455             if (eppnt->p_flags & PF_X) elf_prot |= PROT_EXEC;
2456 
2457             vaddr = load_bias + eppnt->p_vaddr;
2458             vaddr_po = TARGET_ELF_PAGEOFFSET(vaddr);
2459             vaddr_ps = TARGET_ELF_PAGESTART(vaddr);
2460             vaddr_len = TARGET_ELF_PAGELENGTH(eppnt->p_filesz + vaddr_po);
2461 
2462             /*
2463              * Some segments may be completely empty without any backing file
2464              * segment, in that case just let zero_bss allocate an empty buffer
2465              * for it.
2466              */
2467             if (eppnt->p_filesz != 0) {
2468                 error = target_mmap(vaddr_ps, vaddr_len, elf_prot,
2469                                     MAP_PRIVATE | MAP_FIXED,
2470                                     image_fd, eppnt->p_offset - vaddr_po);
2471 
2472                 if (error == -1) {
2473                     goto exit_perror;
2474                 }
2475             }
2476 
2477             vaddr_ef = vaddr + eppnt->p_filesz;
2478             vaddr_em = vaddr + eppnt->p_memsz;
2479 
2480             /* If the load segment requests extra zeros (e.g. bss), map it.  */
2481             if (vaddr_ef < vaddr_em) {
2482                 zero_bss(vaddr_ef, vaddr_em, elf_prot);
2483             }
2484 
2485             /* Find the full program boundaries.  */
2486             if (elf_prot & PROT_EXEC) {
2487                 if (vaddr < info->start_code) {
2488                     info->start_code = vaddr;
2489                 }
2490                 if (vaddr_ef > info->end_code) {
2491                     info->end_code = vaddr_ef;
2492                 }
2493             }
2494             if (elf_prot & PROT_WRITE) {
2495                 if (vaddr < info->start_data) {
2496                     info->start_data = vaddr;
2497                 }
2498                 if (vaddr_ef > info->end_data) {
2499                     info->end_data = vaddr_ef;
2500                 }
2501                 if (vaddr_em > info->brk) {
2502                     info->brk = vaddr_em;
2503                 }
2504             }
2505         } else if (eppnt->p_type == PT_INTERP && pinterp_name) {
2506             char *interp_name;
2507 
2508             if (*pinterp_name) {
2509                 errmsg = "Multiple PT_INTERP entries";
2510                 goto exit_errmsg;
2511             }
2512             interp_name = malloc(eppnt->p_filesz);
2513             if (!interp_name) {
2514                 goto exit_perror;
2515             }
2516 
2517             if (eppnt->p_offset + eppnt->p_filesz <= BPRM_BUF_SIZE) {
2518                 memcpy(interp_name, bprm_buf + eppnt->p_offset,
2519                        eppnt->p_filesz);
2520             } else {
2521                 retval = pread(image_fd, interp_name, eppnt->p_filesz,
2522                                eppnt->p_offset);
2523                 if (retval != eppnt->p_filesz) {
2524                     goto exit_perror;
2525                 }
2526             }
2527             if (interp_name[eppnt->p_filesz - 1] != 0) {
2528                 errmsg = "Invalid PT_INTERP entry";
2529                 goto exit_errmsg;
2530             }
2531             *pinterp_name = interp_name;
2532 #ifdef TARGET_MIPS
2533         } else if (eppnt->p_type == PT_MIPS_ABIFLAGS) {
2534             Mips_elf_abiflags_v0 abiflags;
2535             if (eppnt->p_filesz < sizeof(Mips_elf_abiflags_v0)) {
2536                 errmsg = "Invalid PT_MIPS_ABIFLAGS entry";
2537                 goto exit_errmsg;
2538             }
2539             if (eppnt->p_offset + eppnt->p_filesz <= BPRM_BUF_SIZE) {
2540                 memcpy(&abiflags, bprm_buf + eppnt->p_offset,
2541                        sizeof(Mips_elf_abiflags_v0));
2542             } else {
2543                 retval = pread(image_fd, &abiflags, sizeof(Mips_elf_abiflags_v0),
2544                                eppnt->p_offset);
2545                 if (retval != sizeof(Mips_elf_abiflags_v0)) {
2546                     goto exit_perror;
2547                 }
2548             }
2549             bswap_mips_abiflags(&abiflags);
2550             info->fp_abi = abiflags.fp_abi;
2551 #endif
2552         }
2553     }
2554 
2555     if (info->end_data == 0) {
2556         info->start_data = info->end_code;
2557         info->end_data = info->end_code;
2558         info->brk = info->end_code;
2559     }
2560 
2561     if (qemu_log_enabled()) {
2562         load_symbols(ehdr, image_fd, load_bias);
2563     }
2564 
2565     mmap_unlock();
2566 
2567     close(image_fd);
2568     return;
2569 
2570  exit_read:
2571     if (retval >= 0) {
2572         errmsg = "Incomplete read of file header";
2573         goto exit_errmsg;
2574     }
2575  exit_perror:
2576     errmsg = strerror(errno);
2577  exit_errmsg:
2578     fprintf(stderr, "%s: %s\n", image_name, errmsg);
2579     exit(-1);
2580 }
2581 
2582 static void load_elf_interp(const char *filename, struct image_info *info,
2583                             char bprm_buf[BPRM_BUF_SIZE])
2584 {
2585     int fd, retval;
2586 
2587     fd = open(path(filename), O_RDONLY);
2588     if (fd < 0) {
2589         goto exit_perror;
2590     }
2591 
2592     retval = read(fd, bprm_buf, BPRM_BUF_SIZE);
2593     if (retval < 0) {
2594         goto exit_perror;
2595     }
2596     if (retval < BPRM_BUF_SIZE) {
2597         memset(bprm_buf + retval, 0, BPRM_BUF_SIZE - retval);
2598     }
2599 
2600     load_elf_image(filename, fd, info, NULL, bprm_buf);
2601     return;
2602 
2603  exit_perror:
2604     fprintf(stderr, "%s: %s\n", filename, strerror(errno));
2605     exit(-1);
2606 }
2607 
2608 static int symfind(const void *s0, const void *s1)
2609 {
2610     target_ulong addr = *(target_ulong *)s0;
2611     struct elf_sym *sym = (struct elf_sym *)s1;
2612     int result = 0;
2613     if (addr < sym->st_value) {
2614         result = -1;
2615     } else if (addr >= sym->st_value + sym->st_size) {
2616         result = 1;
2617     }
2618     return result;
2619 }
2620 
2621 static const char *lookup_symbolxx(struct syminfo *s, target_ulong orig_addr)
2622 {
2623 #if ELF_CLASS == ELFCLASS32
2624     struct elf_sym *syms = s->disas_symtab.elf32;
2625 #else
2626     struct elf_sym *syms = s->disas_symtab.elf64;
2627 #endif
2628 
2629     // binary search
2630     struct elf_sym *sym;
2631 
2632     sym = bsearch(&orig_addr, syms, s->disas_num_syms, sizeof(*syms), symfind);
2633     if (sym != NULL) {
2634         return s->disas_strtab + sym->st_name;
2635     }
2636 
2637     return "";
2638 }
2639 
2640 /* FIXME: This should use elf_ops.h  */
2641 static int symcmp(const void *s0, const void *s1)
2642 {
2643     struct elf_sym *sym0 = (struct elf_sym *)s0;
2644     struct elf_sym *sym1 = (struct elf_sym *)s1;
2645     return (sym0->st_value < sym1->st_value)
2646         ? -1
2647         : ((sym0->st_value > sym1->st_value) ? 1 : 0);
2648 }
2649 
2650 /* Best attempt to load symbols from this ELF object. */
2651 static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias)
2652 {
2653     int i, shnum, nsyms, sym_idx = 0, str_idx = 0;
2654     uint64_t segsz;
2655     struct elf_shdr *shdr;
2656     char *strings = NULL;
2657     struct syminfo *s = NULL;
2658     struct elf_sym *new_syms, *syms = NULL;
2659 
2660     shnum = hdr->e_shnum;
2661     i = shnum * sizeof(struct elf_shdr);
2662     shdr = (struct elf_shdr *)alloca(i);
2663     if (pread(fd, shdr, i, hdr->e_shoff) != i) {
2664         return;
2665     }
2666 
2667     bswap_shdr(shdr, shnum);
2668     for (i = 0; i < shnum; ++i) {
2669         if (shdr[i].sh_type == SHT_SYMTAB) {
2670             sym_idx = i;
2671             str_idx = shdr[i].sh_link;
2672             goto found;
2673         }
2674     }
2675 
2676     /* There will be no symbol table if the file was stripped.  */
2677     return;
2678 
2679  found:
2680     /* Now know where the strtab and symtab are.  Snarf them.  */
2681     s = g_try_new(struct syminfo, 1);
2682     if (!s) {
2683         goto give_up;
2684     }
2685 
2686     segsz = shdr[str_idx].sh_size;
2687     s->disas_strtab = strings = g_try_malloc(segsz);
2688     if (!strings ||
2689         pread(fd, strings, segsz, shdr[str_idx].sh_offset) != segsz) {
2690         goto give_up;
2691     }
2692 
2693     segsz = shdr[sym_idx].sh_size;
2694     syms = g_try_malloc(segsz);
2695     if (!syms || pread(fd, syms, segsz, shdr[sym_idx].sh_offset) != segsz) {
2696         goto give_up;
2697     }
2698 
2699     if (segsz / sizeof(struct elf_sym) > INT_MAX) {
2700         /* Implausibly large symbol table: give up rather than ploughing
2701          * on with the number of symbols calculation overflowing
2702          */
2703         goto give_up;
2704     }
2705     nsyms = segsz / sizeof(struct elf_sym);
2706     for (i = 0; i < nsyms; ) {
2707         bswap_sym(syms + i);
2708         /* Throw away entries which we do not need.  */
2709         if (syms[i].st_shndx == SHN_UNDEF
2710             || syms[i].st_shndx >= SHN_LORESERVE
2711             || ELF_ST_TYPE(syms[i].st_info) != STT_FUNC) {
2712             if (i < --nsyms) {
2713                 syms[i] = syms[nsyms];
2714             }
2715         } else {
2716 #if defined(TARGET_ARM) || defined (TARGET_MIPS)
2717             /* The bottom address bit marks a Thumb or MIPS16 symbol.  */
2718             syms[i].st_value &= ~(target_ulong)1;
2719 #endif
2720             syms[i].st_value += load_bias;
2721             i++;
2722         }
2723     }
2724 
2725     /* No "useful" symbol.  */
2726     if (nsyms == 0) {
2727         goto give_up;
2728     }
2729 
2730     /* Attempt to free the storage associated with the local symbols
2731        that we threw away.  Whether or not this has any effect on the
2732        memory allocation depends on the malloc implementation and how
2733        many symbols we managed to discard.  */
2734     new_syms = g_try_renew(struct elf_sym, syms, nsyms);
2735     if (new_syms == NULL) {
2736         goto give_up;
2737     }
2738     syms = new_syms;
2739 
2740     qsort(syms, nsyms, sizeof(*syms), symcmp);
2741 
2742     s->disas_num_syms = nsyms;
2743 #if ELF_CLASS == ELFCLASS32
2744     s->disas_symtab.elf32 = syms;
2745 #else
2746     s->disas_symtab.elf64 = syms;
2747 #endif
2748     s->lookup_symbol = lookup_symbolxx;
2749     s->next = syminfos;
2750     syminfos = s;
2751 
2752     return;
2753 
2754 give_up:
2755     g_free(s);
2756     g_free(strings);
2757     g_free(syms);
2758 }
2759 
2760 uint32_t get_elf_eflags(int fd)
2761 {
2762     struct elfhdr ehdr;
2763     off_t offset;
2764     int ret;
2765 
2766     /* Read ELF header */
2767     offset = lseek(fd, 0, SEEK_SET);
2768     if (offset == (off_t) -1) {
2769         return 0;
2770     }
2771     ret = read(fd, &ehdr, sizeof(ehdr));
2772     if (ret < sizeof(ehdr)) {
2773         return 0;
2774     }
2775     offset = lseek(fd, offset, SEEK_SET);
2776     if (offset == (off_t) -1) {
2777         return 0;
2778     }
2779 
2780     /* Check ELF signature */
2781     if (!elf_check_ident(&ehdr)) {
2782         return 0;
2783     }
2784 
2785     /* check header */
2786     bswap_ehdr(&ehdr);
2787     if (!elf_check_ehdr(&ehdr)) {
2788         return 0;
2789     }
2790 
2791     /* return architecture id */
2792     return ehdr.e_flags;
2793 }
2794 
2795 int load_elf_binary(struct linux_binprm *bprm, struct image_info *info)
2796 {
2797     struct image_info interp_info;
2798     struct elfhdr elf_ex;
2799     char *elf_interpreter = NULL;
2800     char *scratch;
2801 
2802     memset(&interp_info, 0, sizeof(interp_info));
2803 #ifdef TARGET_MIPS
2804     interp_info.fp_abi = MIPS_ABI_FP_UNKNOWN;
2805 #endif
2806 
2807     info->start_mmap = (abi_ulong)ELF_START_MMAP;
2808 
2809     load_elf_image(bprm->filename, bprm->fd, info,
2810                    &elf_interpreter, bprm->buf);
2811 
2812     /* ??? We need a copy of the elf header for passing to create_elf_tables.
2813        If we do nothing, we'll have overwritten this when we re-use bprm->buf
2814        when we load the interpreter.  */
2815     elf_ex = *(struct elfhdr *)bprm->buf;
2816 
2817     /* Do this so that we can load the interpreter, if need be.  We will
2818        change some of these later */
2819     bprm->p = setup_arg_pages(bprm, info);
2820 
2821     scratch = g_new0(char, TARGET_PAGE_SIZE);
2822     if (STACK_GROWS_DOWN) {
2823         bprm->p = copy_elf_strings(1, &bprm->filename, scratch,
2824                                    bprm->p, info->stack_limit);
2825         info->file_string = bprm->p;
2826         bprm->p = copy_elf_strings(bprm->envc, bprm->envp, scratch,
2827                                    bprm->p, info->stack_limit);
2828         info->env_strings = bprm->p;
2829         bprm->p = copy_elf_strings(bprm->argc, bprm->argv, scratch,
2830                                    bprm->p, info->stack_limit);
2831         info->arg_strings = bprm->p;
2832     } else {
2833         info->arg_strings = bprm->p;
2834         bprm->p = copy_elf_strings(bprm->argc, bprm->argv, scratch,
2835                                    bprm->p, info->stack_limit);
2836         info->env_strings = bprm->p;
2837         bprm->p = copy_elf_strings(bprm->envc, bprm->envp, scratch,
2838                                    bprm->p, info->stack_limit);
2839         info->file_string = bprm->p;
2840         bprm->p = copy_elf_strings(1, &bprm->filename, scratch,
2841                                    bprm->p, info->stack_limit);
2842     }
2843 
2844     g_free(scratch);
2845 
2846     if (!bprm->p) {
2847         fprintf(stderr, "%s: %s\n", bprm->filename, strerror(E2BIG));
2848         exit(-1);
2849     }
2850 
2851     if (elf_interpreter) {
2852         load_elf_interp(elf_interpreter, &interp_info, bprm->buf);
2853 
2854         /* If the program interpreter is one of these two, then assume
2855            an iBCS2 image.  Otherwise assume a native linux image.  */
2856 
2857         if (strcmp(elf_interpreter, "/usr/lib/libc.so.1") == 0
2858             || strcmp(elf_interpreter, "/usr/lib/ld.so.1") == 0) {
2859             info->personality = PER_SVR4;
2860 
2861             /* Why this, you ask???  Well SVr4 maps page 0 as read-only,
2862                and some applications "depend" upon this behavior.  Since
2863                we do not have the power to recompile these, we emulate
2864                the SVr4 behavior.  Sigh.  */
2865             target_mmap(0, qemu_host_page_size, PROT_READ | PROT_EXEC,
2866                         MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
2867         }
2868 #ifdef TARGET_MIPS
2869         info->interp_fp_abi = interp_info.fp_abi;
2870 #endif
2871     }
2872 
2873     bprm->p = create_elf_tables(bprm->p, bprm->argc, bprm->envc, &elf_ex,
2874                                 info, (elf_interpreter ? &interp_info : NULL));
2875     info->start_stack = bprm->p;
2876 
2877     /* If we have an interpreter, set that as the program's entry point.
2878        Copy the load_bias as well, to help PPC64 interpret the entry
2879        point as a function descriptor.  Do this after creating elf tables
2880        so that we copy the original program entry point into the AUXV.  */
2881     if (elf_interpreter) {
2882         info->load_bias = interp_info.load_bias;
2883         info->entry = interp_info.entry;
2884         free(elf_interpreter);
2885     }
2886 
2887 #ifdef USE_ELF_CORE_DUMP
2888     bprm->core_dump = &elf_core_dump;
2889 #endif
2890 
2891     /*
2892      * If we reserved extra space for brk, release it now.
2893      * The implementation of do_brk in syscalls.c expects to be able
2894      * to mmap pages in this space.
2895      */
2896     if (info->reserve_brk) {
2897         abi_ulong start_brk = HOST_PAGE_ALIGN(info->brk);
2898         abi_ulong end_brk = HOST_PAGE_ALIGN(info->brk + info->reserve_brk);
2899         target_munmap(start_brk, end_brk - start_brk);
2900     }
2901 
2902     return 0;
2903 }
2904 
2905 #ifdef USE_ELF_CORE_DUMP
2906 /*
2907  * Definitions to generate Intel SVR4-like core files.
2908  * These mostly have the same names as the SVR4 types with "target_elf_"
2909  * tacked on the front to prevent clashes with linux definitions,
2910  * and the typedef forms have been avoided.  This is mostly like
2911  * the SVR4 structure, but more Linuxy, with things that Linux does
2912  * not support and which gdb doesn't really use excluded.
2913  *
2914  * Fields we don't dump (their contents is zero) in linux-user qemu
2915  * are marked with XXX.
2916  *
2917  * Core dump code is copied from linux kernel (fs/binfmt_elf.c).
2918  *
2919  * Porting ELF coredump for target is (quite) simple process.  First you
2920  * define USE_ELF_CORE_DUMP in target ELF code (where init_thread() for
2921  * the target resides):
2922  *
2923  * #define USE_ELF_CORE_DUMP
2924  *
2925  * Next you define type of register set used for dumping.  ELF specification
2926  * says that it needs to be array of elf_greg_t that has size of ELF_NREG.
2927  *
2928  * typedef <target_regtype> target_elf_greg_t;
2929  * #define ELF_NREG <number of registers>
2930  * typedef taret_elf_greg_t target_elf_gregset_t[ELF_NREG];
2931  *
2932  * Last step is to implement target specific function that copies registers
2933  * from given cpu into just specified register set.  Prototype is:
2934  *
2935  * static void elf_core_copy_regs(taret_elf_gregset_t *regs,
2936  *                                const CPUArchState *env);
2937  *
2938  * Parameters:
2939  *     regs - copy register values into here (allocated and zeroed by caller)
2940  *     env - copy registers from here
2941  *
2942  * Example for ARM target is provided in this file.
2943  */
2944 
2945 /* An ELF note in memory */
2946 struct memelfnote {
2947     const char *name;
2948     size_t     namesz;
2949     size_t     namesz_rounded;
2950     int        type;
2951     size_t     datasz;
2952     size_t     datasz_rounded;
2953     void       *data;
2954     size_t     notesz;
2955 };
2956 
2957 struct target_elf_siginfo {
2958     abi_int    si_signo; /* signal number */
2959     abi_int    si_code;  /* extra code */
2960     abi_int    si_errno; /* errno */
2961 };
2962 
2963 struct target_elf_prstatus {
2964     struct target_elf_siginfo pr_info;      /* Info associated with signal */
2965     abi_short          pr_cursig;    /* Current signal */
2966     abi_ulong          pr_sigpend;   /* XXX */
2967     abi_ulong          pr_sighold;   /* XXX */
2968     target_pid_t       pr_pid;
2969     target_pid_t       pr_ppid;
2970     target_pid_t       pr_pgrp;
2971     target_pid_t       pr_sid;
2972     struct target_timeval pr_utime;  /* XXX User time */
2973     struct target_timeval pr_stime;  /* XXX System time */
2974     struct target_timeval pr_cutime; /* XXX Cumulative user time */
2975     struct target_timeval pr_cstime; /* XXX Cumulative system time */
2976     target_elf_gregset_t      pr_reg;       /* GP registers */
2977     abi_int            pr_fpvalid;   /* XXX */
2978 };
2979 
2980 #define ELF_PRARGSZ     (80) /* Number of chars for args */
2981 
2982 struct target_elf_prpsinfo {
2983     char         pr_state;       /* numeric process state */
2984     char         pr_sname;       /* char for pr_state */
2985     char         pr_zomb;        /* zombie */
2986     char         pr_nice;        /* nice val */
2987     abi_ulong    pr_flag;        /* flags */
2988     target_uid_t pr_uid;
2989     target_gid_t pr_gid;
2990     target_pid_t pr_pid, pr_ppid, pr_pgrp, pr_sid;
2991     /* Lots missing */
2992     char    pr_fname[16] QEMU_NONSTRING; /* filename of executable */
2993     char    pr_psargs[ELF_PRARGSZ]; /* initial part of arg list */
2994 };
2995 
2996 /* Here is the structure in which status of each thread is captured. */
2997 struct elf_thread_status {
2998     QTAILQ_ENTRY(elf_thread_status)  ets_link;
2999     struct target_elf_prstatus prstatus;   /* NT_PRSTATUS */
3000 #if 0
3001     elf_fpregset_t fpu;             /* NT_PRFPREG */
3002     struct task_struct *thread;
3003     elf_fpxregset_t xfpu;           /* ELF_CORE_XFPREG_TYPE */
3004 #endif
3005     struct memelfnote notes[1];
3006     int num_notes;
3007 };
3008 
3009 struct elf_note_info {
3010     struct memelfnote   *notes;
3011     struct target_elf_prstatus *prstatus;  /* NT_PRSTATUS */
3012     struct target_elf_prpsinfo *psinfo;    /* NT_PRPSINFO */
3013 
3014     QTAILQ_HEAD(, elf_thread_status) thread_list;
3015 #if 0
3016     /*
3017      * Current version of ELF coredump doesn't support
3018      * dumping fp regs etc.
3019      */
3020     elf_fpregset_t *fpu;
3021     elf_fpxregset_t *xfpu;
3022     int thread_status_size;
3023 #endif
3024     int notes_size;
3025     int numnote;
3026 };
3027 
3028 struct vm_area_struct {
3029     target_ulong   vma_start;  /* start vaddr of memory region */
3030     target_ulong   vma_end;    /* end vaddr of memory region */
3031     abi_ulong      vma_flags;  /* protection etc. flags for the region */
3032     QTAILQ_ENTRY(vm_area_struct) vma_link;
3033 };
3034 
3035 struct mm_struct {
3036     QTAILQ_HEAD(, vm_area_struct) mm_mmap;
3037     int mm_count;           /* number of mappings */
3038 };
3039 
3040 static struct mm_struct *vma_init(void);
3041 static void vma_delete(struct mm_struct *);
3042 static int vma_add_mapping(struct mm_struct *, target_ulong,
3043                            target_ulong, abi_ulong);
3044 static int vma_get_mapping_count(const struct mm_struct *);
3045 static struct vm_area_struct *vma_first(const struct mm_struct *);
3046 static struct vm_area_struct *vma_next(struct vm_area_struct *);
3047 static abi_ulong vma_dump_size(const struct vm_area_struct *);
3048 static int vma_walker(void *priv, target_ulong start, target_ulong end,
3049                       unsigned long flags);
3050 
3051 static void fill_elf_header(struct elfhdr *, int, uint16_t, uint32_t);
3052 static void fill_note(struct memelfnote *, const char *, int,
3053                       unsigned int, void *);
3054 static void fill_prstatus(struct target_elf_prstatus *, const TaskState *, int);
3055 static int fill_psinfo(struct target_elf_prpsinfo *, const TaskState *);
3056 static void fill_auxv_note(struct memelfnote *, const TaskState *);
3057 static void fill_elf_note_phdr(struct elf_phdr *, int, off_t);
3058 static size_t note_size(const struct memelfnote *);
3059 static void free_note_info(struct elf_note_info *);
3060 static int fill_note_info(struct elf_note_info *, long, const CPUArchState *);
3061 static void fill_thread_info(struct elf_note_info *, const CPUArchState *);
3062 static int core_dump_filename(const TaskState *, char *, size_t);
3063 
3064 static int dump_write(int, const void *, size_t);
3065 static int write_note(struct memelfnote *, int);
3066 static int write_note_info(struct elf_note_info *, int);
3067 
3068 #ifdef BSWAP_NEEDED
3069 static void bswap_prstatus(struct target_elf_prstatus *prstatus)
3070 {
3071     prstatus->pr_info.si_signo = tswap32(prstatus->pr_info.si_signo);
3072     prstatus->pr_info.si_code = tswap32(prstatus->pr_info.si_code);
3073     prstatus->pr_info.si_errno = tswap32(prstatus->pr_info.si_errno);
3074     prstatus->pr_cursig = tswap16(prstatus->pr_cursig);
3075     prstatus->pr_sigpend = tswapal(prstatus->pr_sigpend);
3076     prstatus->pr_sighold = tswapal(prstatus->pr_sighold);
3077     prstatus->pr_pid = tswap32(prstatus->pr_pid);
3078     prstatus->pr_ppid = tswap32(prstatus->pr_ppid);
3079     prstatus->pr_pgrp = tswap32(prstatus->pr_pgrp);
3080     prstatus->pr_sid = tswap32(prstatus->pr_sid);
3081     /* cpu times are not filled, so we skip them */
3082     /* regs should be in correct format already */
3083     prstatus->pr_fpvalid = tswap32(prstatus->pr_fpvalid);
3084 }
3085 
3086 static void bswap_psinfo(struct target_elf_prpsinfo *psinfo)
3087 {
3088     psinfo->pr_flag = tswapal(psinfo->pr_flag);
3089     psinfo->pr_uid = tswap16(psinfo->pr_uid);
3090     psinfo->pr_gid = tswap16(psinfo->pr_gid);
3091     psinfo->pr_pid = tswap32(psinfo->pr_pid);
3092     psinfo->pr_ppid = tswap32(psinfo->pr_ppid);
3093     psinfo->pr_pgrp = tswap32(psinfo->pr_pgrp);
3094     psinfo->pr_sid = tswap32(psinfo->pr_sid);
3095 }
3096 
3097 static void bswap_note(struct elf_note *en)
3098 {
3099     bswap32s(&en->n_namesz);
3100     bswap32s(&en->n_descsz);
3101     bswap32s(&en->n_type);
3102 }
3103 #else
3104 static inline void bswap_prstatus(struct target_elf_prstatus *p) { }
3105 static inline void bswap_psinfo(struct target_elf_prpsinfo *p) {}
3106 static inline void bswap_note(struct elf_note *en) { }
3107 #endif /* BSWAP_NEEDED */
3108 
3109 /*
3110  * Minimal support for linux memory regions.  These are needed
3111  * when we are finding out what memory exactly belongs to
3112  * emulated process.  No locks needed here, as long as
3113  * thread that received the signal is stopped.
3114  */
3115 
3116 static struct mm_struct *vma_init(void)
3117 {
3118     struct mm_struct *mm;
3119 
3120     if ((mm = g_malloc(sizeof (*mm))) == NULL)
3121         return (NULL);
3122 
3123     mm->mm_count = 0;
3124     QTAILQ_INIT(&mm->mm_mmap);
3125 
3126     return (mm);
3127 }
3128 
3129 static void vma_delete(struct mm_struct *mm)
3130 {
3131     struct vm_area_struct *vma;
3132 
3133     while ((vma = vma_first(mm)) != NULL) {
3134         QTAILQ_REMOVE(&mm->mm_mmap, vma, vma_link);
3135         g_free(vma);
3136     }
3137     g_free(mm);
3138 }
3139 
3140 static int vma_add_mapping(struct mm_struct *mm, target_ulong start,
3141                            target_ulong end, abi_ulong flags)
3142 {
3143     struct vm_area_struct *vma;
3144 
3145     if ((vma = g_malloc0(sizeof (*vma))) == NULL)
3146         return (-1);
3147 
3148     vma->vma_start = start;
3149     vma->vma_end = end;
3150     vma->vma_flags = flags;
3151 
3152     QTAILQ_INSERT_TAIL(&mm->mm_mmap, vma, vma_link);
3153     mm->mm_count++;
3154 
3155     return (0);
3156 }
3157 
3158 static struct vm_area_struct *vma_first(const struct mm_struct *mm)
3159 {
3160     return (QTAILQ_FIRST(&mm->mm_mmap));
3161 }
3162 
3163 static struct vm_area_struct *vma_next(struct vm_area_struct *vma)
3164 {
3165     return (QTAILQ_NEXT(vma, vma_link));
3166 }
3167 
3168 static int vma_get_mapping_count(const struct mm_struct *mm)
3169 {
3170     return (mm->mm_count);
3171 }
3172 
3173 /*
3174  * Calculate file (dump) size of given memory region.
3175  */
3176 static abi_ulong vma_dump_size(const struct vm_area_struct *vma)
3177 {
3178     /* if we cannot even read the first page, skip it */
3179     if (!access_ok(VERIFY_READ, vma->vma_start, TARGET_PAGE_SIZE))
3180         return (0);
3181 
3182     /*
3183      * Usually we don't dump executable pages as they contain
3184      * non-writable code that debugger can read directly from
3185      * target library etc.  However, thread stacks are marked
3186      * also executable so we read in first page of given region
3187      * and check whether it contains elf header.  If there is
3188      * no elf header, we dump it.
3189      */
3190     if (vma->vma_flags & PROT_EXEC) {
3191         char page[TARGET_PAGE_SIZE];
3192 
3193         copy_from_user(page, vma->vma_start, sizeof (page));
3194         if ((page[EI_MAG0] == ELFMAG0) &&
3195             (page[EI_MAG1] == ELFMAG1) &&
3196             (page[EI_MAG2] == ELFMAG2) &&
3197             (page[EI_MAG3] == ELFMAG3)) {
3198             /*
3199              * Mappings are possibly from ELF binary.  Don't dump
3200              * them.
3201              */
3202             return (0);
3203         }
3204     }
3205 
3206     return (vma->vma_end - vma->vma_start);
3207 }
3208 
3209 static int vma_walker(void *priv, target_ulong start, target_ulong end,
3210                       unsigned long flags)
3211 {
3212     struct mm_struct *mm = (struct mm_struct *)priv;
3213 
3214     vma_add_mapping(mm, start, end, flags);
3215     return (0);
3216 }
3217 
3218 static void fill_note(struct memelfnote *note, const char *name, int type,
3219                       unsigned int sz, void *data)
3220 {
3221     unsigned int namesz;
3222 
3223     namesz = strlen(name) + 1;
3224     note->name = name;
3225     note->namesz = namesz;
3226     note->namesz_rounded = roundup(namesz, sizeof (int32_t));
3227     note->type = type;
3228     note->datasz = sz;
3229     note->datasz_rounded = roundup(sz, sizeof (int32_t));
3230 
3231     note->data = data;
3232 
3233     /*
3234      * We calculate rounded up note size here as specified by
3235      * ELF document.
3236      */
3237     note->notesz = sizeof (struct elf_note) +
3238         note->namesz_rounded + note->datasz_rounded;
3239 }
3240 
3241 static void fill_elf_header(struct elfhdr *elf, int segs, uint16_t machine,
3242                             uint32_t flags)
3243 {
3244     (void) memset(elf, 0, sizeof(*elf));
3245 
3246     (void) memcpy(elf->e_ident, ELFMAG, SELFMAG);
3247     elf->e_ident[EI_CLASS] = ELF_CLASS;
3248     elf->e_ident[EI_DATA] = ELF_DATA;
3249     elf->e_ident[EI_VERSION] = EV_CURRENT;
3250     elf->e_ident[EI_OSABI] = ELF_OSABI;
3251 
3252     elf->e_type = ET_CORE;
3253     elf->e_machine = machine;
3254     elf->e_version = EV_CURRENT;
3255     elf->e_phoff = sizeof(struct elfhdr);
3256     elf->e_flags = flags;
3257     elf->e_ehsize = sizeof(struct elfhdr);
3258     elf->e_phentsize = sizeof(struct elf_phdr);
3259     elf->e_phnum = segs;
3260 
3261     bswap_ehdr(elf);
3262 }
3263 
3264 static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, off_t offset)
3265 {
3266     phdr->p_type = PT_NOTE;
3267     phdr->p_offset = offset;
3268     phdr->p_vaddr = 0;
3269     phdr->p_paddr = 0;
3270     phdr->p_filesz = sz;
3271     phdr->p_memsz = 0;
3272     phdr->p_flags = 0;
3273     phdr->p_align = 0;
3274 
3275     bswap_phdr(phdr, 1);
3276 }
3277 
3278 static size_t note_size(const struct memelfnote *note)
3279 {
3280     return (note->notesz);
3281 }
3282 
3283 static void fill_prstatus(struct target_elf_prstatus *prstatus,
3284                           const TaskState *ts, int signr)
3285 {
3286     (void) memset(prstatus, 0, sizeof (*prstatus));
3287     prstatus->pr_info.si_signo = prstatus->pr_cursig = signr;
3288     prstatus->pr_pid = ts->ts_tid;
3289     prstatus->pr_ppid = getppid();
3290     prstatus->pr_pgrp = getpgrp();
3291     prstatus->pr_sid = getsid(0);
3292 
3293     bswap_prstatus(prstatus);
3294 }
3295 
3296 static int fill_psinfo(struct target_elf_prpsinfo *psinfo, const TaskState *ts)
3297 {
3298     char *base_filename;
3299     unsigned int i, len;
3300 
3301     (void) memset(psinfo, 0, sizeof (*psinfo));
3302 
3303     len = ts->info->arg_end - ts->info->arg_start;
3304     if (len >= ELF_PRARGSZ)
3305         len = ELF_PRARGSZ - 1;
3306     if (copy_from_user(&psinfo->pr_psargs, ts->info->arg_start, len))
3307         return -EFAULT;
3308     for (i = 0; i < len; i++)
3309         if (psinfo->pr_psargs[i] == 0)
3310             psinfo->pr_psargs[i] = ' ';
3311     psinfo->pr_psargs[len] = 0;
3312 
3313     psinfo->pr_pid = getpid();
3314     psinfo->pr_ppid = getppid();
3315     psinfo->pr_pgrp = getpgrp();
3316     psinfo->pr_sid = getsid(0);
3317     psinfo->pr_uid = getuid();
3318     psinfo->pr_gid = getgid();
3319 
3320     base_filename = g_path_get_basename(ts->bprm->filename);
3321     /*
3322      * Using strncpy here is fine: at max-length,
3323      * this field is not NUL-terminated.
3324      */
3325     (void) strncpy(psinfo->pr_fname, base_filename,
3326                    sizeof(psinfo->pr_fname));
3327 
3328     g_free(base_filename);
3329     bswap_psinfo(psinfo);
3330     return (0);
3331 }
3332 
3333 static void fill_auxv_note(struct memelfnote *note, const TaskState *ts)
3334 {
3335     elf_addr_t auxv = (elf_addr_t)ts->info->saved_auxv;
3336     elf_addr_t orig_auxv = auxv;
3337     void *ptr;
3338     int len = ts->info->auxv_len;
3339 
3340     /*
3341      * Auxiliary vector is stored in target process stack.  It contains
3342      * {type, value} pairs that we need to dump into note.  This is not
3343      * strictly necessary but we do it here for sake of completeness.
3344      */
3345 
3346     /* read in whole auxv vector and copy it to memelfnote */
3347     ptr = lock_user(VERIFY_READ, orig_auxv, len, 0);
3348     if (ptr != NULL) {
3349         fill_note(note, "CORE", NT_AUXV, len, ptr);
3350         unlock_user(ptr, auxv, len);
3351     }
3352 }
3353 
3354 /*
3355  * Constructs name of coredump file.  We have following convention
3356  * for the name:
3357  *     qemu_<basename-of-target-binary>_<date>-<time>_<pid>.core
3358  *
3359  * Returns 0 in case of success, -1 otherwise (errno is set).
3360  */
3361 static int core_dump_filename(const TaskState *ts, char *buf,
3362                               size_t bufsize)
3363 {
3364     char timestamp[64];
3365     char *base_filename = NULL;
3366     struct timeval tv;
3367     struct tm tm;
3368 
3369     assert(bufsize >= PATH_MAX);
3370 
3371     if (gettimeofday(&tv, NULL) < 0) {
3372         (void) fprintf(stderr, "unable to get current timestamp: %s",
3373                        strerror(errno));
3374         return (-1);
3375     }
3376 
3377     base_filename = g_path_get_basename(ts->bprm->filename);
3378     (void) strftime(timestamp, sizeof (timestamp), "%Y%m%d-%H%M%S",
3379                     localtime_r(&tv.tv_sec, &tm));
3380     (void) snprintf(buf, bufsize, "qemu_%s_%s_%d.core",
3381                     base_filename, timestamp, (int)getpid());
3382     g_free(base_filename);
3383 
3384     return (0);
3385 }
3386 
3387 static int dump_write(int fd, const void *ptr, size_t size)
3388 {
3389     const char *bufp = (const char *)ptr;
3390     ssize_t bytes_written, bytes_left;
3391     struct rlimit dumpsize;
3392     off_t pos;
3393 
3394     bytes_written = 0;
3395     getrlimit(RLIMIT_CORE, &dumpsize);
3396     if ((pos = lseek(fd, 0, SEEK_CUR))==-1) {
3397         if (errno == ESPIPE) { /* not a seekable stream */
3398             bytes_left = size;
3399         } else {
3400             return pos;
3401         }
3402     } else {
3403         if (dumpsize.rlim_cur <= pos) {
3404             return -1;
3405         } else if (dumpsize.rlim_cur == RLIM_INFINITY) {
3406             bytes_left = size;
3407         } else {
3408             size_t limit_left=dumpsize.rlim_cur - pos;
3409             bytes_left = limit_left >= size ? size : limit_left ;
3410         }
3411     }
3412 
3413     /*
3414      * In normal conditions, single write(2) should do but
3415      * in case of socket etc. this mechanism is more portable.
3416      */
3417     do {
3418         bytes_written = write(fd, bufp, bytes_left);
3419         if (bytes_written < 0) {
3420             if (errno == EINTR)
3421                 continue;
3422             return (-1);
3423         } else if (bytes_written == 0) { /* eof */
3424             return (-1);
3425         }
3426         bufp += bytes_written;
3427         bytes_left -= bytes_written;
3428     } while (bytes_left > 0);
3429 
3430     return (0);
3431 }
3432 
3433 static int write_note(struct memelfnote *men, int fd)
3434 {
3435     struct elf_note en;
3436 
3437     en.n_namesz = men->namesz;
3438     en.n_type = men->type;
3439     en.n_descsz = men->datasz;
3440 
3441     bswap_note(&en);
3442 
3443     if (dump_write(fd, &en, sizeof(en)) != 0)
3444         return (-1);
3445     if (dump_write(fd, men->name, men->namesz_rounded) != 0)
3446         return (-1);
3447     if (dump_write(fd, men->data, men->datasz_rounded) != 0)
3448         return (-1);
3449 
3450     return (0);
3451 }
3452 
3453 static void fill_thread_info(struct elf_note_info *info, const CPUArchState *env)
3454 {
3455     CPUState *cpu = env_cpu((CPUArchState *)env);
3456     TaskState *ts = (TaskState *)cpu->opaque;
3457     struct elf_thread_status *ets;
3458 
3459     ets = g_malloc0(sizeof (*ets));
3460     ets->num_notes = 1; /* only prstatus is dumped */
3461     fill_prstatus(&ets->prstatus, ts, 0);
3462     elf_core_copy_regs(&ets->prstatus.pr_reg, env);
3463     fill_note(&ets->notes[0], "CORE", NT_PRSTATUS, sizeof (ets->prstatus),
3464               &ets->prstatus);
3465 
3466     QTAILQ_INSERT_TAIL(&info->thread_list, ets, ets_link);
3467 
3468     info->notes_size += note_size(&ets->notes[0]);
3469 }
3470 
3471 static void init_note_info(struct elf_note_info *info)
3472 {
3473     /* Initialize the elf_note_info structure so that it is at
3474      * least safe to call free_note_info() on it. Must be
3475      * called before calling fill_note_info().
3476      */
3477     memset(info, 0, sizeof (*info));
3478     QTAILQ_INIT(&info->thread_list);
3479 }
3480 
3481 static int fill_note_info(struct elf_note_info *info,
3482                           long signr, const CPUArchState *env)
3483 {
3484 #define NUMNOTES 3
3485     CPUState *cpu = env_cpu((CPUArchState *)env);
3486     TaskState *ts = (TaskState *)cpu->opaque;
3487     int i;
3488 
3489     info->notes = g_new0(struct memelfnote, NUMNOTES);
3490     if (info->notes == NULL)
3491         return (-ENOMEM);
3492     info->prstatus = g_malloc0(sizeof (*info->prstatus));
3493     if (info->prstatus == NULL)
3494         return (-ENOMEM);
3495     info->psinfo = g_malloc0(sizeof (*info->psinfo));
3496     if (info->prstatus == NULL)
3497         return (-ENOMEM);
3498 
3499     /*
3500      * First fill in status (and registers) of current thread
3501      * including process info & aux vector.
3502      */
3503     fill_prstatus(info->prstatus, ts, signr);
3504     elf_core_copy_regs(&info->prstatus->pr_reg, env);
3505     fill_note(&info->notes[0], "CORE", NT_PRSTATUS,
3506               sizeof (*info->prstatus), info->prstatus);
3507     fill_psinfo(info->psinfo, ts);
3508     fill_note(&info->notes[1], "CORE", NT_PRPSINFO,
3509               sizeof (*info->psinfo), info->psinfo);
3510     fill_auxv_note(&info->notes[2], ts);
3511     info->numnote = 3;
3512 
3513     info->notes_size = 0;
3514     for (i = 0; i < info->numnote; i++)
3515         info->notes_size += note_size(&info->notes[i]);
3516 
3517     /* read and fill status of all threads */
3518     cpu_list_lock();
3519     CPU_FOREACH(cpu) {
3520         if (cpu == thread_cpu) {
3521             continue;
3522         }
3523         fill_thread_info(info, (CPUArchState *)cpu->env_ptr);
3524     }
3525     cpu_list_unlock();
3526 
3527     return (0);
3528 }
3529 
3530 static void free_note_info(struct elf_note_info *info)
3531 {
3532     struct elf_thread_status *ets;
3533 
3534     while (!QTAILQ_EMPTY(&info->thread_list)) {
3535         ets = QTAILQ_FIRST(&info->thread_list);
3536         QTAILQ_REMOVE(&info->thread_list, ets, ets_link);
3537         g_free(ets);
3538     }
3539 
3540     g_free(info->prstatus);
3541     g_free(info->psinfo);
3542     g_free(info->notes);
3543 }
3544 
3545 static int write_note_info(struct elf_note_info *info, int fd)
3546 {
3547     struct elf_thread_status *ets;
3548     int i, error = 0;
3549 
3550     /* write prstatus, psinfo and auxv for current thread */
3551     for (i = 0; i < info->numnote; i++)
3552         if ((error = write_note(&info->notes[i], fd)) != 0)
3553             return (error);
3554 
3555     /* write prstatus for each thread */
3556     QTAILQ_FOREACH(ets, &info->thread_list, ets_link) {
3557         if ((error = write_note(&ets->notes[0], fd)) != 0)
3558             return (error);
3559     }
3560 
3561     return (0);
3562 }
3563 
3564 /*
3565  * Write out ELF coredump.
3566  *
3567  * See documentation of ELF object file format in:
3568  * http://www.caldera.com/developers/devspecs/gabi41.pdf
3569  *
3570  * Coredump format in linux is following:
3571  *
3572  * 0   +----------------------+         \
3573  *     | ELF header           | ET_CORE  |
3574  *     +----------------------+          |
3575  *     | ELF program headers  |          |--- headers
3576  *     | - NOTE section       |          |
3577  *     | - PT_LOAD sections   |          |
3578  *     +----------------------+         /
3579  *     | NOTEs:               |
3580  *     | - NT_PRSTATUS        |
3581  *     | - NT_PRSINFO         |
3582  *     | - NT_AUXV            |
3583  *     +----------------------+ <-- aligned to target page
3584  *     | Process memory dump  |
3585  *     :                      :
3586  *     .                      .
3587  *     :                      :
3588  *     |                      |
3589  *     +----------------------+
3590  *
3591  * NT_PRSTATUS -> struct elf_prstatus (per thread)
3592  * NT_PRSINFO  -> struct elf_prpsinfo
3593  * NT_AUXV is array of { type, value } pairs (see fill_auxv_note()).
3594  *
3595  * Format follows System V format as close as possible.  Current
3596  * version limitations are as follows:
3597  *     - no floating point registers are dumped
3598  *
3599  * Function returns 0 in case of success, negative errno otherwise.
3600  *
3601  * TODO: make this work also during runtime: it should be
3602  * possible to force coredump from running process and then
3603  * continue processing.  For example qemu could set up SIGUSR2
3604  * handler (provided that target process haven't registered
3605  * handler for that) that does the dump when signal is received.
3606  */
3607 static int elf_core_dump(int signr, const CPUArchState *env)
3608 {
3609     const CPUState *cpu = env_cpu((CPUArchState *)env);
3610     const TaskState *ts = (const TaskState *)cpu->opaque;
3611     struct vm_area_struct *vma = NULL;
3612     char corefile[PATH_MAX];
3613     struct elf_note_info info;
3614     struct elfhdr elf;
3615     struct elf_phdr phdr;
3616     struct rlimit dumpsize;
3617     struct mm_struct *mm = NULL;
3618     off_t offset = 0, data_offset = 0;
3619     int segs = 0;
3620     int fd = -1;
3621 
3622     init_note_info(&info);
3623 
3624     errno = 0;
3625     getrlimit(RLIMIT_CORE, &dumpsize);
3626     if (dumpsize.rlim_cur == 0)
3627         return 0;
3628 
3629     if (core_dump_filename(ts, corefile, sizeof (corefile)) < 0)
3630         return (-errno);
3631 
3632     if ((fd = open(corefile, O_WRONLY | O_CREAT,
3633                    S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)) < 0)
3634         return (-errno);
3635 
3636     /*
3637      * Walk through target process memory mappings and
3638      * set up structure containing this information.  After
3639      * this point vma_xxx functions can be used.
3640      */
3641     if ((mm = vma_init()) == NULL)
3642         goto out;
3643 
3644     walk_memory_regions(mm, vma_walker);
3645     segs = vma_get_mapping_count(mm);
3646 
3647     /*
3648      * Construct valid coredump ELF header.  We also
3649      * add one more segment for notes.
3650      */
3651     fill_elf_header(&elf, segs + 1, ELF_MACHINE, 0);
3652     if (dump_write(fd, &elf, sizeof (elf)) != 0)
3653         goto out;
3654 
3655     /* fill in the in-memory version of notes */
3656     if (fill_note_info(&info, signr, env) < 0)
3657         goto out;
3658 
3659     offset += sizeof (elf);                             /* elf header */
3660     offset += (segs + 1) * sizeof (struct elf_phdr);    /* program headers */
3661 
3662     /* write out notes program header */
3663     fill_elf_note_phdr(&phdr, info.notes_size, offset);
3664 
3665     offset += info.notes_size;
3666     if (dump_write(fd, &phdr, sizeof (phdr)) != 0)
3667         goto out;
3668 
3669     /*
3670      * ELF specification wants data to start at page boundary so
3671      * we align it here.
3672      */
3673     data_offset = offset = roundup(offset, ELF_EXEC_PAGESIZE);
3674 
3675     /*
3676      * Write program headers for memory regions mapped in
3677      * the target process.
3678      */
3679     for (vma = vma_first(mm); vma != NULL; vma = vma_next(vma)) {
3680         (void) memset(&phdr, 0, sizeof (phdr));
3681 
3682         phdr.p_type = PT_LOAD;
3683         phdr.p_offset = offset;
3684         phdr.p_vaddr = vma->vma_start;
3685         phdr.p_paddr = 0;
3686         phdr.p_filesz = vma_dump_size(vma);
3687         offset += phdr.p_filesz;
3688         phdr.p_memsz = vma->vma_end - vma->vma_start;
3689         phdr.p_flags = vma->vma_flags & PROT_READ ? PF_R : 0;
3690         if (vma->vma_flags & PROT_WRITE)
3691             phdr.p_flags |= PF_W;
3692         if (vma->vma_flags & PROT_EXEC)
3693             phdr.p_flags |= PF_X;
3694         phdr.p_align = ELF_EXEC_PAGESIZE;
3695 
3696         bswap_phdr(&phdr, 1);
3697         if (dump_write(fd, &phdr, sizeof(phdr)) != 0) {
3698             goto out;
3699         }
3700     }
3701 
3702     /*
3703      * Next we write notes just after program headers.  No
3704      * alignment needed here.
3705      */
3706     if (write_note_info(&info, fd) < 0)
3707         goto out;
3708 
3709     /* align data to page boundary */
3710     if (lseek(fd, data_offset, SEEK_SET) != data_offset)
3711         goto out;
3712 
3713     /*
3714      * Finally we can dump process memory into corefile as well.
3715      */
3716     for (vma = vma_first(mm); vma != NULL; vma = vma_next(vma)) {
3717         abi_ulong addr;
3718         abi_ulong end;
3719 
3720         end = vma->vma_start + vma_dump_size(vma);
3721 
3722         for (addr = vma->vma_start; addr < end;
3723              addr += TARGET_PAGE_SIZE) {
3724             char page[TARGET_PAGE_SIZE];
3725             int error;
3726 
3727             /*
3728              *  Read in page from target process memory and
3729              *  write it to coredump file.
3730              */
3731             error = copy_from_user(page, addr, sizeof (page));
3732             if (error != 0) {
3733                 (void) fprintf(stderr, "unable to dump " TARGET_ABI_FMT_lx "\n",
3734                                addr);
3735                 errno = -error;
3736                 goto out;
3737             }
3738             if (dump_write(fd, page, TARGET_PAGE_SIZE) < 0)
3739                 goto out;
3740         }
3741     }
3742 
3743  out:
3744     free_note_info(&info);
3745     if (mm != NULL)
3746         vma_delete(mm);
3747     (void) close(fd);
3748 
3749     if (errno != 0)
3750         return (-errno);
3751     return (0);
3752 }
3753 #endif /* USE_ELF_CORE_DUMP */
3754 
3755 void do_init_thread(struct target_pt_regs *regs, struct image_info *infop)
3756 {
3757     init_thread(regs, infop);
3758 }
3759