1 /* This is the Linux kernel elf-loading code, ported into user space */ 2 #include <sys/time.h> 3 #include <sys/param.h> 4 5 #include <stdio.h> 6 #include <sys/types.h> 7 #include <fcntl.h> 8 #include <errno.h> 9 #include <unistd.h> 10 #include <sys/mman.h> 11 #include <sys/resource.h> 12 #include <stdlib.h> 13 #include <string.h> 14 #include <time.h> 15 16 #include "qemu.h" 17 #include "disas.h" 18 19 #ifdef _ARCH_PPC64 20 #undef ARCH_DLINFO 21 #undef ELF_PLATFORM 22 #undef ELF_HWCAP 23 #undef ELF_CLASS 24 #undef ELF_DATA 25 #undef ELF_ARCH 26 #endif 27 28 #define ELF_OSABI ELFOSABI_SYSV 29 30 /* from personality.h */ 31 32 /* 33 * Flags for bug emulation. 34 * 35 * These occupy the top three bytes. 36 */ 37 enum { 38 ADDR_NO_RANDOMIZE = 0x0040000, /* disable randomization of VA space */ 39 FDPIC_FUNCPTRS = 0x0080000, /* userspace function ptrs point to 40 descriptors (signal handling) */ 41 MMAP_PAGE_ZERO = 0x0100000, 42 ADDR_COMPAT_LAYOUT = 0x0200000, 43 READ_IMPLIES_EXEC = 0x0400000, 44 ADDR_LIMIT_32BIT = 0x0800000, 45 SHORT_INODE = 0x1000000, 46 WHOLE_SECONDS = 0x2000000, 47 STICKY_TIMEOUTS = 0x4000000, 48 ADDR_LIMIT_3GB = 0x8000000, 49 }; 50 51 /* 52 * Personality types. 53 * 54 * These go in the low byte. Avoid using the top bit, it will 55 * conflict with error returns. 56 */ 57 enum { 58 PER_LINUX = 0x0000, 59 PER_LINUX_32BIT = 0x0000 | ADDR_LIMIT_32BIT, 60 PER_LINUX_FDPIC = 0x0000 | FDPIC_FUNCPTRS, 61 PER_SVR4 = 0x0001 | STICKY_TIMEOUTS | MMAP_PAGE_ZERO, 62 PER_SVR3 = 0x0002 | STICKY_TIMEOUTS | SHORT_INODE, 63 PER_SCOSVR3 = 0x0003 | STICKY_TIMEOUTS | WHOLE_SECONDS | SHORT_INODE, 64 PER_OSR5 = 0x0003 | STICKY_TIMEOUTS | WHOLE_SECONDS, 65 PER_WYSEV386 = 0x0004 | STICKY_TIMEOUTS | SHORT_INODE, 66 PER_ISCR4 = 0x0005 | STICKY_TIMEOUTS, 67 PER_BSD = 0x0006, 68 PER_SUNOS = 0x0006 | STICKY_TIMEOUTS, 69 PER_XENIX = 0x0007 | STICKY_TIMEOUTS | SHORT_INODE, 70 PER_LINUX32 = 0x0008, 71 PER_LINUX32_3GB = 0x0008 | ADDR_LIMIT_3GB, 72 PER_IRIX32 = 0x0009 | STICKY_TIMEOUTS,/* IRIX5 32-bit */ 73 PER_IRIXN32 = 0x000a | STICKY_TIMEOUTS,/* IRIX6 new 32-bit */ 74 PER_IRIX64 = 0x000b | STICKY_TIMEOUTS,/* IRIX6 64-bit */ 75 PER_RISCOS = 0x000c, 76 PER_SOLARIS = 0x000d | STICKY_TIMEOUTS, 77 PER_UW7 = 0x000e | STICKY_TIMEOUTS | MMAP_PAGE_ZERO, 78 PER_OSF4 = 0x000f, /* OSF/1 v4 */ 79 PER_HPUX = 0x0010, 80 PER_MASK = 0x00ff, 81 }; 82 83 /* 84 * Return the base personality without flags. 85 */ 86 #define personality(pers) (pers & PER_MASK) 87 88 /* this flag is uneffective under linux too, should be deleted */ 89 #ifndef MAP_DENYWRITE 90 #define MAP_DENYWRITE 0 91 #endif 92 93 /* should probably go in elf.h */ 94 #ifndef ELIBBAD 95 #define ELIBBAD 80 96 #endif 97 98 #ifdef TARGET_WORDS_BIGENDIAN 99 #define ELF_DATA ELFDATA2MSB 100 #else 101 #define ELF_DATA ELFDATA2LSB 102 #endif 103 104 typedef target_ulong target_elf_greg_t; 105 #ifdef USE_UID16 106 typedef target_ushort target_uid_t; 107 typedef target_ushort target_gid_t; 108 #else 109 typedef target_uint target_uid_t; 110 typedef target_uint target_gid_t; 111 #endif 112 typedef target_int target_pid_t; 113 114 #ifdef TARGET_I386 115 116 #define ELF_PLATFORM get_elf_platform() 117 118 static const char *get_elf_platform(void) 119 { 120 static char elf_platform[] = "i386"; 121 int family = (thread_env->cpuid_version >> 8) & 0xff; 122 if (family > 6) 123 family = 6; 124 if (family >= 3) 125 elf_platform[1] = '0' + family; 126 return elf_platform; 127 } 128 129 #define ELF_HWCAP get_elf_hwcap() 130 131 static uint32_t get_elf_hwcap(void) 132 { 133 return thread_env->cpuid_features; 134 } 135 136 #ifdef TARGET_X86_64 137 #define ELF_START_MMAP 0x2aaaaab000ULL 138 #define elf_check_arch(x) ( ((x) == ELF_ARCH) ) 139 140 #define ELF_CLASS ELFCLASS64 141 #define ELF_ARCH EM_X86_64 142 143 static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop) 144 { 145 regs->rax = 0; 146 regs->rsp = infop->start_stack; 147 regs->rip = infop->entry; 148 } 149 150 #define ELF_NREG 27 151 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 152 153 /* 154 * Note that ELF_NREG should be 29 as there should be place for 155 * TRAPNO and ERR "registers" as well but linux doesn't dump 156 * those. 157 * 158 * See linux kernel: arch/x86/include/asm/elf.h 159 */ 160 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env) 161 { 162 (*regs)[0] = env->regs[15]; 163 (*regs)[1] = env->regs[14]; 164 (*regs)[2] = env->regs[13]; 165 (*regs)[3] = env->regs[12]; 166 (*regs)[4] = env->regs[R_EBP]; 167 (*regs)[5] = env->regs[R_EBX]; 168 (*regs)[6] = env->regs[11]; 169 (*regs)[7] = env->regs[10]; 170 (*regs)[8] = env->regs[9]; 171 (*regs)[9] = env->regs[8]; 172 (*regs)[10] = env->regs[R_EAX]; 173 (*regs)[11] = env->regs[R_ECX]; 174 (*regs)[12] = env->regs[R_EDX]; 175 (*regs)[13] = env->regs[R_ESI]; 176 (*regs)[14] = env->regs[R_EDI]; 177 (*regs)[15] = env->regs[R_EAX]; /* XXX */ 178 (*regs)[16] = env->eip; 179 (*regs)[17] = env->segs[R_CS].selector & 0xffff; 180 (*regs)[18] = env->eflags; 181 (*regs)[19] = env->regs[R_ESP]; 182 (*regs)[20] = env->segs[R_SS].selector & 0xffff; 183 (*regs)[21] = env->segs[R_FS].selector & 0xffff; 184 (*regs)[22] = env->segs[R_GS].selector & 0xffff; 185 (*regs)[23] = env->segs[R_DS].selector & 0xffff; 186 (*regs)[24] = env->segs[R_ES].selector & 0xffff; 187 (*regs)[25] = env->segs[R_FS].selector & 0xffff; 188 (*regs)[26] = env->segs[R_GS].selector & 0xffff; 189 } 190 191 #else 192 193 #define ELF_START_MMAP 0x80000000 194 195 /* 196 * This is used to ensure we don't load something for the wrong architecture. 197 */ 198 #define elf_check_arch(x) ( ((x) == EM_386) || ((x) == EM_486) ) 199 200 /* 201 * These are used to set parameters in the core dumps. 202 */ 203 #define ELF_CLASS ELFCLASS32 204 #define ELF_ARCH EM_386 205 206 static inline void init_thread(struct target_pt_regs *regs, 207 struct image_info *infop) 208 { 209 regs->esp = infop->start_stack; 210 regs->eip = infop->entry; 211 212 /* SVR4/i386 ABI (pages 3-31, 3-32) says that when the program 213 starts %edx contains a pointer to a function which might be 214 registered using `atexit'. This provides a mean for the 215 dynamic linker to call DT_FINI functions for shared libraries 216 that have been loaded before the code runs. 217 218 A value of 0 tells we have no such handler. */ 219 regs->edx = 0; 220 } 221 222 #define ELF_NREG 17 223 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 224 225 /* 226 * Note that ELF_NREG should be 19 as there should be place for 227 * TRAPNO and ERR "registers" as well but linux doesn't dump 228 * those. 229 * 230 * See linux kernel: arch/x86/include/asm/elf.h 231 */ 232 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env) 233 { 234 (*regs)[0] = env->regs[R_EBX]; 235 (*regs)[1] = env->regs[R_ECX]; 236 (*regs)[2] = env->regs[R_EDX]; 237 (*regs)[3] = env->regs[R_ESI]; 238 (*regs)[4] = env->regs[R_EDI]; 239 (*regs)[5] = env->regs[R_EBP]; 240 (*regs)[6] = env->regs[R_EAX]; 241 (*regs)[7] = env->segs[R_DS].selector & 0xffff; 242 (*regs)[8] = env->segs[R_ES].selector & 0xffff; 243 (*regs)[9] = env->segs[R_FS].selector & 0xffff; 244 (*regs)[10] = env->segs[R_GS].selector & 0xffff; 245 (*regs)[11] = env->regs[R_EAX]; /* XXX */ 246 (*regs)[12] = env->eip; 247 (*regs)[13] = env->segs[R_CS].selector & 0xffff; 248 (*regs)[14] = env->eflags; 249 (*regs)[15] = env->regs[R_ESP]; 250 (*regs)[16] = env->segs[R_SS].selector & 0xffff; 251 } 252 #endif 253 254 #define USE_ELF_CORE_DUMP 255 #define ELF_EXEC_PAGESIZE 4096 256 257 #endif 258 259 #ifdef TARGET_ARM 260 261 #define ELF_START_MMAP 0x80000000 262 263 #define elf_check_arch(x) ( (x) == EM_ARM ) 264 265 #define ELF_CLASS ELFCLASS32 266 #define ELF_ARCH EM_ARM 267 268 static inline void init_thread(struct target_pt_regs *regs, 269 struct image_info *infop) 270 { 271 abi_long stack = infop->start_stack; 272 memset(regs, 0, sizeof(*regs)); 273 regs->ARM_cpsr = 0x10; 274 if (infop->entry & 1) 275 regs->ARM_cpsr |= CPSR_T; 276 regs->ARM_pc = infop->entry & 0xfffffffe; 277 regs->ARM_sp = infop->start_stack; 278 /* FIXME - what to for failure of get_user()? */ 279 get_user_ual(regs->ARM_r2, stack + 8); /* envp */ 280 get_user_ual(regs->ARM_r1, stack + 4); /* envp */ 281 /* XXX: it seems that r0 is zeroed after ! */ 282 regs->ARM_r0 = 0; 283 /* For uClinux PIC binaries. */ 284 /* XXX: Linux does this only on ARM with no MMU (do we care ?) */ 285 regs->ARM_r10 = infop->start_data; 286 } 287 288 #define ELF_NREG 18 289 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 290 291 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env) 292 { 293 (*regs)[0] = tswapl(env->regs[0]); 294 (*regs)[1] = tswapl(env->regs[1]); 295 (*regs)[2] = tswapl(env->regs[2]); 296 (*regs)[3] = tswapl(env->regs[3]); 297 (*regs)[4] = tswapl(env->regs[4]); 298 (*regs)[5] = tswapl(env->regs[5]); 299 (*regs)[6] = tswapl(env->regs[6]); 300 (*regs)[7] = tswapl(env->regs[7]); 301 (*regs)[8] = tswapl(env->regs[8]); 302 (*regs)[9] = tswapl(env->regs[9]); 303 (*regs)[10] = tswapl(env->regs[10]); 304 (*regs)[11] = tswapl(env->regs[11]); 305 (*regs)[12] = tswapl(env->regs[12]); 306 (*regs)[13] = tswapl(env->regs[13]); 307 (*regs)[14] = tswapl(env->regs[14]); 308 (*regs)[15] = tswapl(env->regs[15]); 309 310 (*regs)[16] = tswapl(cpsr_read((CPUState *)env)); 311 (*regs)[17] = tswapl(env->regs[0]); /* XXX */ 312 } 313 314 #define USE_ELF_CORE_DUMP 315 #define ELF_EXEC_PAGESIZE 4096 316 317 enum 318 { 319 ARM_HWCAP_ARM_SWP = 1 << 0, 320 ARM_HWCAP_ARM_HALF = 1 << 1, 321 ARM_HWCAP_ARM_THUMB = 1 << 2, 322 ARM_HWCAP_ARM_26BIT = 1 << 3, 323 ARM_HWCAP_ARM_FAST_MULT = 1 << 4, 324 ARM_HWCAP_ARM_FPA = 1 << 5, 325 ARM_HWCAP_ARM_VFP = 1 << 6, 326 ARM_HWCAP_ARM_EDSP = 1 << 7, 327 ARM_HWCAP_ARM_JAVA = 1 << 8, 328 ARM_HWCAP_ARM_IWMMXT = 1 << 9, 329 ARM_HWCAP_ARM_THUMBEE = 1 << 10, 330 ARM_HWCAP_ARM_NEON = 1 << 11, 331 ARM_HWCAP_ARM_VFPv3 = 1 << 12, 332 ARM_HWCAP_ARM_VFPv3D16 = 1 << 13, 333 }; 334 335 #define TARGET_HAS_GUEST_VALIDATE_BASE 336 /* We want the opportunity to check the suggested base */ 337 bool guest_validate_base(unsigned long guest_base) 338 { 339 unsigned long real_start, test_page_addr; 340 341 /* We need to check that we can force a fault on access to the 342 * commpage at 0xffff0fxx 343 */ 344 test_page_addr = guest_base + (0xffff0f00 & qemu_host_page_mask); 345 /* Note it needs to be writeable to let us initialise it */ 346 real_start = (unsigned long) 347 mmap((void *)test_page_addr, qemu_host_page_size, 348 PROT_READ | PROT_WRITE, 349 MAP_ANONYMOUS | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); 350 351 /* If we can't map it then try another address */ 352 if (real_start == -1ul) { 353 return 0; 354 } 355 356 if (real_start != test_page_addr) { 357 /* OS didn't put the page where we asked - unmap and reject */ 358 munmap((void *)real_start, qemu_host_page_size); 359 return 0; 360 } 361 362 /* Leave the page mapped 363 * Populate it (mmap should have left it all 0'd) 364 */ 365 366 /* Kernel helper versions */ 367 __put_user(5, (uint32_t *)g2h(0xffff0ffcul)); 368 369 /* Now it's populated make it RO */ 370 if (mprotect((void *)test_page_addr, qemu_host_page_size, PROT_READ)) { 371 perror("Protecting guest commpage"); 372 exit(-1); 373 } 374 375 return 1; /* All good */ 376 } 377 378 #define ELF_HWCAP (ARM_HWCAP_ARM_SWP | ARM_HWCAP_ARM_HALF \ 379 | ARM_HWCAP_ARM_THUMB | ARM_HWCAP_ARM_FAST_MULT \ 380 | ARM_HWCAP_ARM_FPA | ARM_HWCAP_ARM_VFP \ 381 | ARM_HWCAP_ARM_NEON | ARM_HWCAP_ARM_VFPv3 ) 382 383 #endif 384 385 #ifdef TARGET_UNICORE32 386 387 #define ELF_START_MMAP 0x80000000 388 389 #define elf_check_arch(x) ((x) == EM_UNICORE32) 390 391 #define ELF_CLASS ELFCLASS32 392 #define ELF_DATA ELFDATA2LSB 393 #define ELF_ARCH EM_UNICORE32 394 395 static inline void init_thread(struct target_pt_regs *regs, 396 struct image_info *infop) 397 { 398 abi_long stack = infop->start_stack; 399 memset(regs, 0, sizeof(*regs)); 400 regs->UC32_REG_asr = 0x10; 401 regs->UC32_REG_pc = infop->entry & 0xfffffffe; 402 regs->UC32_REG_sp = infop->start_stack; 403 /* FIXME - what to for failure of get_user()? */ 404 get_user_ual(regs->UC32_REG_02, stack + 8); /* envp */ 405 get_user_ual(regs->UC32_REG_01, stack + 4); /* envp */ 406 /* XXX: it seems that r0 is zeroed after ! */ 407 regs->UC32_REG_00 = 0; 408 } 409 410 #define ELF_NREG 34 411 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 412 413 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env) 414 { 415 (*regs)[0] = env->regs[0]; 416 (*regs)[1] = env->regs[1]; 417 (*regs)[2] = env->regs[2]; 418 (*regs)[3] = env->regs[3]; 419 (*regs)[4] = env->regs[4]; 420 (*regs)[5] = env->regs[5]; 421 (*regs)[6] = env->regs[6]; 422 (*regs)[7] = env->regs[7]; 423 (*regs)[8] = env->regs[8]; 424 (*regs)[9] = env->regs[9]; 425 (*regs)[10] = env->regs[10]; 426 (*regs)[11] = env->regs[11]; 427 (*regs)[12] = env->regs[12]; 428 (*regs)[13] = env->regs[13]; 429 (*regs)[14] = env->regs[14]; 430 (*regs)[15] = env->regs[15]; 431 (*regs)[16] = env->regs[16]; 432 (*regs)[17] = env->regs[17]; 433 (*regs)[18] = env->regs[18]; 434 (*regs)[19] = env->regs[19]; 435 (*regs)[20] = env->regs[20]; 436 (*regs)[21] = env->regs[21]; 437 (*regs)[22] = env->regs[22]; 438 (*regs)[23] = env->regs[23]; 439 (*regs)[24] = env->regs[24]; 440 (*regs)[25] = env->regs[25]; 441 (*regs)[26] = env->regs[26]; 442 (*regs)[27] = env->regs[27]; 443 (*regs)[28] = env->regs[28]; 444 (*regs)[29] = env->regs[29]; 445 (*regs)[30] = env->regs[30]; 446 (*regs)[31] = env->regs[31]; 447 448 (*regs)[32] = cpu_asr_read((CPUState *)env); 449 (*regs)[33] = env->regs[0]; /* XXX */ 450 } 451 452 #define USE_ELF_CORE_DUMP 453 #define ELF_EXEC_PAGESIZE 4096 454 455 #define ELF_HWCAP (UC32_HWCAP_CMOV | UC32_HWCAP_UCF64) 456 457 #endif 458 459 #ifdef TARGET_SPARC 460 #ifdef TARGET_SPARC64 461 462 #define ELF_START_MMAP 0x80000000 463 #define ELF_HWCAP (HWCAP_SPARC_FLUSH | HWCAP_SPARC_STBAR | HWCAP_SPARC_SWAP \ 464 | HWCAP_SPARC_MULDIV | HWCAP_SPARC_V9) 465 #ifndef TARGET_ABI32 466 #define elf_check_arch(x) ( (x) == EM_SPARCV9 || (x) == EM_SPARC32PLUS ) 467 #else 468 #define elf_check_arch(x) ( (x) == EM_SPARC32PLUS || (x) == EM_SPARC ) 469 #endif 470 471 #define ELF_CLASS ELFCLASS64 472 #define ELF_ARCH EM_SPARCV9 473 474 #define STACK_BIAS 2047 475 476 static inline void init_thread(struct target_pt_regs *regs, 477 struct image_info *infop) 478 { 479 #ifndef TARGET_ABI32 480 regs->tstate = 0; 481 #endif 482 regs->pc = infop->entry; 483 regs->npc = regs->pc + 4; 484 regs->y = 0; 485 #ifdef TARGET_ABI32 486 regs->u_regs[14] = infop->start_stack - 16 * 4; 487 #else 488 if (personality(infop->personality) == PER_LINUX32) 489 regs->u_regs[14] = infop->start_stack - 16 * 4; 490 else 491 regs->u_regs[14] = infop->start_stack - 16 * 8 - STACK_BIAS; 492 #endif 493 } 494 495 #else 496 #define ELF_START_MMAP 0x80000000 497 #define ELF_HWCAP (HWCAP_SPARC_FLUSH | HWCAP_SPARC_STBAR | HWCAP_SPARC_SWAP \ 498 | HWCAP_SPARC_MULDIV) 499 #define elf_check_arch(x) ( (x) == EM_SPARC ) 500 501 #define ELF_CLASS ELFCLASS32 502 #define ELF_ARCH EM_SPARC 503 504 static inline void init_thread(struct target_pt_regs *regs, 505 struct image_info *infop) 506 { 507 regs->psr = 0; 508 regs->pc = infop->entry; 509 regs->npc = regs->pc + 4; 510 regs->y = 0; 511 regs->u_regs[14] = infop->start_stack - 16 * 4; 512 } 513 514 #endif 515 #endif 516 517 #ifdef TARGET_PPC 518 519 #define ELF_START_MMAP 0x80000000 520 521 #if defined(TARGET_PPC64) && !defined(TARGET_ABI32) 522 523 #define elf_check_arch(x) ( (x) == EM_PPC64 ) 524 525 #define ELF_CLASS ELFCLASS64 526 527 #else 528 529 #define elf_check_arch(x) ( (x) == EM_PPC ) 530 531 #define ELF_CLASS ELFCLASS32 532 533 #endif 534 535 #define ELF_ARCH EM_PPC 536 537 /* Feature masks for the Aux Vector Hardware Capabilities (AT_HWCAP). 538 See arch/powerpc/include/asm/cputable.h. */ 539 enum { 540 QEMU_PPC_FEATURE_32 = 0x80000000, 541 QEMU_PPC_FEATURE_64 = 0x40000000, 542 QEMU_PPC_FEATURE_601_INSTR = 0x20000000, 543 QEMU_PPC_FEATURE_HAS_ALTIVEC = 0x10000000, 544 QEMU_PPC_FEATURE_HAS_FPU = 0x08000000, 545 QEMU_PPC_FEATURE_HAS_MMU = 0x04000000, 546 QEMU_PPC_FEATURE_HAS_4xxMAC = 0x02000000, 547 QEMU_PPC_FEATURE_UNIFIED_CACHE = 0x01000000, 548 QEMU_PPC_FEATURE_HAS_SPE = 0x00800000, 549 QEMU_PPC_FEATURE_HAS_EFP_SINGLE = 0x00400000, 550 QEMU_PPC_FEATURE_HAS_EFP_DOUBLE = 0x00200000, 551 QEMU_PPC_FEATURE_NO_TB = 0x00100000, 552 QEMU_PPC_FEATURE_POWER4 = 0x00080000, 553 QEMU_PPC_FEATURE_POWER5 = 0x00040000, 554 QEMU_PPC_FEATURE_POWER5_PLUS = 0x00020000, 555 QEMU_PPC_FEATURE_CELL = 0x00010000, 556 QEMU_PPC_FEATURE_BOOKE = 0x00008000, 557 QEMU_PPC_FEATURE_SMT = 0x00004000, 558 QEMU_PPC_FEATURE_ICACHE_SNOOP = 0x00002000, 559 QEMU_PPC_FEATURE_ARCH_2_05 = 0x00001000, 560 QEMU_PPC_FEATURE_PA6T = 0x00000800, 561 QEMU_PPC_FEATURE_HAS_DFP = 0x00000400, 562 QEMU_PPC_FEATURE_POWER6_EXT = 0x00000200, 563 QEMU_PPC_FEATURE_ARCH_2_06 = 0x00000100, 564 QEMU_PPC_FEATURE_HAS_VSX = 0x00000080, 565 QEMU_PPC_FEATURE_PSERIES_PERFMON_COMPAT = 0x00000040, 566 567 QEMU_PPC_FEATURE_TRUE_LE = 0x00000002, 568 QEMU_PPC_FEATURE_PPC_LE = 0x00000001, 569 }; 570 571 #define ELF_HWCAP get_elf_hwcap() 572 573 static uint32_t get_elf_hwcap(void) 574 { 575 CPUState *e = thread_env; 576 uint32_t features = 0; 577 578 /* We don't have to be terribly complete here; the high points are 579 Altivec/FP/SPE support. Anything else is just a bonus. */ 580 #define GET_FEATURE(flag, feature) \ 581 do {if (e->insns_flags & flag) features |= feature; } while(0) 582 GET_FEATURE(PPC_64B, QEMU_PPC_FEATURE_64); 583 GET_FEATURE(PPC_FLOAT, QEMU_PPC_FEATURE_HAS_FPU); 584 GET_FEATURE(PPC_ALTIVEC, QEMU_PPC_FEATURE_HAS_ALTIVEC); 585 GET_FEATURE(PPC_SPE, QEMU_PPC_FEATURE_HAS_SPE); 586 GET_FEATURE(PPC_SPE_SINGLE, QEMU_PPC_FEATURE_HAS_EFP_SINGLE); 587 GET_FEATURE(PPC_SPE_DOUBLE, QEMU_PPC_FEATURE_HAS_EFP_DOUBLE); 588 GET_FEATURE(PPC_BOOKE, QEMU_PPC_FEATURE_BOOKE); 589 GET_FEATURE(PPC_405_MAC, QEMU_PPC_FEATURE_HAS_4xxMAC); 590 #undef GET_FEATURE 591 592 return features; 593 } 594 595 /* 596 * The requirements here are: 597 * - keep the final alignment of sp (sp & 0xf) 598 * - make sure the 32-bit value at the first 16 byte aligned position of 599 * AUXV is greater than 16 for glibc compatibility. 600 * AT_IGNOREPPC is used for that. 601 * - for compatibility with glibc ARCH_DLINFO must always be defined on PPC, 602 * even if DLINFO_ARCH_ITEMS goes to zero or is undefined. 603 */ 604 #define DLINFO_ARCH_ITEMS 5 605 #define ARCH_DLINFO \ 606 do { \ 607 NEW_AUX_ENT(AT_DCACHEBSIZE, 0x20); \ 608 NEW_AUX_ENT(AT_ICACHEBSIZE, 0x20); \ 609 NEW_AUX_ENT(AT_UCACHEBSIZE, 0); \ 610 /* \ 611 * Now handle glibc compatibility. \ 612 */ \ 613 NEW_AUX_ENT(AT_IGNOREPPC, AT_IGNOREPPC); \ 614 NEW_AUX_ENT(AT_IGNOREPPC, AT_IGNOREPPC); \ 615 } while (0) 616 617 static inline void init_thread(struct target_pt_regs *_regs, struct image_info *infop) 618 { 619 _regs->gpr[1] = infop->start_stack; 620 #if defined(TARGET_PPC64) && !defined(TARGET_ABI32) 621 _regs->gpr[2] = ldq_raw(infop->entry + 8) + infop->load_addr; 622 infop->entry = ldq_raw(infop->entry) + infop->load_addr; 623 #endif 624 _regs->nip = infop->entry; 625 } 626 627 /* See linux kernel: arch/powerpc/include/asm/elf.h. */ 628 #define ELF_NREG 48 629 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 630 631 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env) 632 { 633 int i; 634 target_ulong ccr = 0; 635 636 for (i = 0; i < ARRAY_SIZE(env->gpr); i++) { 637 (*regs)[i] = tswapl(env->gpr[i]); 638 } 639 640 (*regs)[32] = tswapl(env->nip); 641 (*regs)[33] = tswapl(env->msr); 642 (*regs)[35] = tswapl(env->ctr); 643 (*regs)[36] = tswapl(env->lr); 644 (*regs)[37] = tswapl(env->xer); 645 646 for (i = 0; i < ARRAY_SIZE(env->crf); i++) { 647 ccr |= env->crf[i] << (32 - ((i + 1) * 4)); 648 } 649 (*regs)[38] = tswapl(ccr); 650 } 651 652 #define USE_ELF_CORE_DUMP 653 #define ELF_EXEC_PAGESIZE 4096 654 655 #endif 656 657 #ifdef TARGET_MIPS 658 659 #define ELF_START_MMAP 0x80000000 660 661 #define elf_check_arch(x) ( (x) == EM_MIPS ) 662 663 #ifdef TARGET_MIPS64 664 #define ELF_CLASS ELFCLASS64 665 #else 666 #define ELF_CLASS ELFCLASS32 667 #endif 668 #define ELF_ARCH EM_MIPS 669 670 static inline void init_thread(struct target_pt_regs *regs, 671 struct image_info *infop) 672 { 673 regs->cp0_status = 2 << CP0St_KSU; 674 regs->cp0_epc = infop->entry; 675 regs->regs[29] = infop->start_stack; 676 } 677 678 /* See linux kernel: arch/mips/include/asm/elf.h. */ 679 #define ELF_NREG 45 680 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 681 682 /* See linux kernel: arch/mips/include/asm/reg.h. */ 683 enum { 684 #ifdef TARGET_MIPS64 685 TARGET_EF_R0 = 0, 686 #else 687 TARGET_EF_R0 = 6, 688 #endif 689 TARGET_EF_R26 = TARGET_EF_R0 + 26, 690 TARGET_EF_R27 = TARGET_EF_R0 + 27, 691 TARGET_EF_LO = TARGET_EF_R0 + 32, 692 TARGET_EF_HI = TARGET_EF_R0 + 33, 693 TARGET_EF_CP0_EPC = TARGET_EF_R0 + 34, 694 TARGET_EF_CP0_BADVADDR = TARGET_EF_R0 + 35, 695 TARGET_EF_CP0_STATUS = TARGET_EF_R0 + 36, 696 TARGET_EF_CP0_CAUSE = TARGET_EF_R0 + 37 697 }; 698 699 /* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs. */ 700 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env) 701 { 702 int i; 703 704 for (i = 0; i < TARGET_EF_R0; i++) { 705 (*regs)[i] = 0; 706 } 707 (*regs)[TARGET_EF_R0] = 0; 708 709 for (i = 1; i < ARRAY_SIZE(env->active_tc.gpr); i++) { 710 (*regs)[TARGET_EF_R0 + i] = tswapl(env->active_tc.gpr[i]); 711 } 712 713 (*regs)[TARGET_EF_R26] = 0; 714 (*regs)[TARGET_EF_R27] = 0; 715 (*regs)[TARGET_EF_LO] = tswapl(env->active_tc.LO[0]); 716 (*regs)[TARGET_EF_HI] = tswapl(env->active_tc.HI[0]); 717 (*regs)[TARGET_EF_CP0_EPC] = tswapl(env->active_tc.PC); 718 (*regs)[TARGET_EF_CP0_BADVADDR] = tswapl(env->CP0_BadVAddr); 719 (*regs)[TARGET_EF_CP0_STATUS] = tswapl(env->CP0_Status); 720 (*regs)[TARGET_EF_CP0_CAUSE] = tswapl(env->CP0_Cause); 721 } 722 723 #define USE_ELF_CORE_DUMP 724 #define ELF_EXEC_PAGESIZE 4096 725 726 #endif /* TARGET_MIPS */ 727 728 #ifdef TARGET_MICROBLAZE 729 730 #define ELF_START_MMAP 0x80000000 731 732 #define elf_check_arch(x) ( (x) == EM_MICROBLAZE || (x) == EM_MICROBLAZE_OLD) 733 734 #define ELF_CLASS ELFCLASS32 735 #define ELF_ARCH EM_MICROBLAZE 736 737 static inline void init_thread(struct target_pt_regs *regs, 738 struct image_info *infop) 739 { 740 regs->pc = infop->entry; 741 regs->r1 = infop->start_stack; 742 743 } 744 745 #define ELF_EXEC_PAGESIZE 4096 746 747 #define USE_ELF_CORE_DUMP 748 #define ELF_NREG 38 749 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 750 751 /* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs. */ 752 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env) 753 { 754 int i, pos = 0; 755 756 for (i = 0; i < 32; i++) { 757 (*regs)[pos++] = tswapl(env->regs[i]); 758 } 759 760 for (i = 0; i < 6; i++) { 761 (*regs)[pos++] = tswapl(env->sregs[i]); 762 } 763 } 764 765 #endif /* TARGET_MICROBLAZE */ 766 767 #ifdef TARGET_SH4 768 769 #define ELF_START_MMAP 0x80000000 770 771 #define elf_check_arch(x) ( (x) == EM_SH ) 772 773 #define ELF_CLASS ELFCLASS32 774 #define ELF_ARCH EM_SH 775 776 static inline void init_thread(struct target_pt_regs *regs, 777 struct image_info *infop) 778 { 779 /* Check other registers XXXXX */ 780 regs->pc = infop->entry; 781 regs->regs[15] = infop->start_stack; 782 } 783 784 /* See linux kernel: arch/sh/include/asm/elf.h. */ 785 #define ELF_NREG 23 786 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 787 788 /* See linux kernel: arch/sh/include/asm/ptrace.h. */ 789 enum { 790 TARGET_REG_PC = 16, 791 TARGET_REG_PR = 17, 792 TARGET_REG_SR = 18, 793 TARGET_REG_GBR = 19, 794 TARGET_REG_MACH = 20, 795 TARGET_REG_MACL = 21, 796 TARGET_REG_SYSCALL = 22 797 }; 798 799 static inline void elf_core_copy_regs(target_elf_gregset_t *regs, 800 const CPUState *env) 801 { 802 int i; 803 804 for (i = 0; i < 16; i++) { 805 (*regs[i]) = tswapl(env->gregs[i]); 806 } 807 808 (*regs)[TARGET_REG_PC] = tswapl(env->pc); 809 (*regs)[TARGET_REG_PR] = tswapl(env->pr); 810 (*regs)[TARGET_REG_SR] = tswapl(env->sr); 811 (*regs)[TARGET_REG_GBR] = tswapl(env->gbr); 812 (*regs)[TARGET_REG_MACH] = tswapl(env->mach); 813 (*regs)[TARGET_REG_MACL] = tswapl(env->macl); 814 (*regs)[TARGET_REG_SYSCALL] = 0; /* FIXME */ 815 } 816 817 #define USE_ELF_CORE_DUMP 818 #define ELF_EXEC_PAGESIZE 4096 819 820 #endif 821 822 #ifdef TARGET_CRIS 823 824 #define ELF_START_MMAP 0x80000000 825 826 #define elf_check_arch(x) ( (x) == EM_CRIS ) 827 828 #define ELF_CLASS ELFCLASS32 829 #define ELF_ARCH EM_CRIS 830 831 static inline void init_thread(struct target_pt_regs *regs, 832 struct image_info *infop) 833 { 834 regs->erp = infop->entry; 835 } 836 837 #define ELF_EXEC_PAGESIZE 8192 838 839 #endif 840 841 #ifdef TARGET_M68K 842 843 #define ELF_START_MMAP 0x80000000 844 845 #define elf_check_arch(x) ( (x) == EM_68K ) 846 847 #define ELF_CLASS ELFCLASS32 848 #define ELF_ARCH EM_68K 849 850 /* ??? Does this need to do anything? 851 #define ELF_PLAT_INIT(_r) */ 852 853 static inline void init_thread(struct target_pt_regs *regs, 854 struct image_info *infop) 855 { 856 regs->usp = infop->start_stack; 857 regs->sr = 0; 858 regs->pc = infop->entry; 859 } 860 861 /* See linux kernel: arch/m68k/include/asm/elf.h. */ 862 #define ELF_NREG 20 863 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 864 865 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env) 866 { 867 (*regs)[0] = tswapl(env->dregs[1]); 868 (*regs)[1] = tswapl(env->dregs[2]); 869 (*regs)[2] = tswapl(env->dregs[3]); 870 (*regs)[3] = tswapl(env->dregs[4]); 871 (*regs)[4] = tswapl(env->dregs[5]); 872 (*regs)[5] = tswapl(env->dregs[6]); 873 (*regs)[6] = tswapl(env->dregs[7]); 874 (*regs)[7] = tswapl(env->aregs[0]); 875 (*regs)[8] = tswapl(env->aregs[1]); 876 (*regs)[9] = tswapl(env->aregs[2]); 877 (*regs)[10] = tswapl(env->aregs[3]); 878 (*regs)[11] = tswapl(env->aregs[4]); 879 (*regs)[12] = tswapl(env->aregs[5]); 880 (*regs)[13] = tswapl(env->aregs[6]); 881 (*regs)[14] = tswapl(env->dregs[0]); 882 (*regs)[15] = tswapl(env->aregs[7]); 883 (*regs)[16] = tswapl(env->dregs[0]); /* FIXME: orig_d0 */ 884 (*regs)[17] = tswapl(env->sr); 885 (*regs)[18] = tswapl(env->pc); 886 (*regs)[19] = 0; /* FIXME: regs->format | regs->vector */ 887 } 888 889 #define USE_ELF_CORE_DUMP 890 #define ELF_EXEC_PAGESIZE 8192 891 892 #endif 893 894 #ifdef TARGET_ALPHA 895 896 #define ELF_START_MMAP (0x30000000000ULL) 897 898 #define elf_check_arch(x) ( (x) == ELF_ARCH ) 899 900 #define ELF_CLASS ELFCLASS64 901 #define ELF_ARCH EM_ALPHA 902 903 static inline void init_thread(struct target_pt_regs *regs, 904 struct image_info *infop) 905 { 906 regs->pc = infop->entry; 907 regs->ps = 8; 908 regs->usp = infop->start_stack; 909 } 910 911 #define ELF_EXEC_PAGESIZE 8192 912 913 #endif /* TARGET_ALPHA */ 914 915 #ifdef TARGET_S390X 916 917 #define ELF_START_MMAP (0x20000000000ULL) 918 919 #define elf_check_arch(x) ( (x) == ELF_ARCH ) 920 921 #define ELF_CLASS ELFCLASS64 922 #define ELF_DATA ELFDATA2MSB 923 #define ELF_ARCH EM_S390 924 925 static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop) 926 { 927 regs->psw.addr = infop->entry; 928 regs->psw.mask = PSW_MASK_64 | PSW_MASK_32; 929 regs->gprs[15] = infop->start_stack; 930 } 931 932 #endif /* TARGET_S390X */ 933 934 #ifndef ELF_PLATFORM 935 #define ELF_PLATFORM (NULL) 936 #endif 937 938 #ifndef ELF_HWCAP 939 #define ELF_HWCAP 0 940 #endif 941 942 #ifdef TARGET_ABI32 943 #undef ELF_CLASS 944 #define ELF_CLASS ELFCLASS32 945 #undef bswaptls 946 #define bswaptls(ptr) bswap32s(ptr) 947 #endif 948 949 #include "elf.h" 950 951 struct exec 952 { 953 unsigned int a_info; /* Use macros N_MAGIC, etc for access */ 954 unsigned int a_text; /* length of text, in bytes */ 955 unsigned int a_data; /* length of data, in bytes */ 956 unsigned int a_bss; /* length of uninitialized data area, in bytes */ 957 unsigned int a_syms; /* length of symbol table data in file, in bytes */ 958 unsigned int a_entry; /* start address */ 959 unsigned int a_trsize; /* length of relocation info for text, in bytes */ 960 unsigned int a_drsize; /* length of relocation info for data, in bytes */ 961 }; 962 963 964 #define N_MAGIC(exec) ((exec).a_info & 0xffff) 965 #define OMAGIC 0407 966 #define NMAGIC 0410 967 #define ZMAGIC 0413 968 #define QMAGIC 0314 969 970 /* Necessary parameters */ 971 #define TARGET_ELF_EXEC_PAGESIZE TARGET_PAGE_SIZE 972 #define TARGET_ELF_PAGESTART(_v) ((_v) & ~(unsigned long)(TARGET_ELF_EXEC_PAGESIZE-1)) 973 #define TARGET_ELF_PAGEOFFSET(_v) ((_v) & (TARGET_ELF_EXEC_PAGESIZE-1)) 974 975 #define DLINFO_ITEMS 13 976 977 static inline void memcpy_fromfs(void * to, const void * from, unsigned long n) 978 { 979 memcpy(to, from, n); 980 } 981 982 #ifdef BSWAP_NEEDED 983 static void bswap_ehdr(struct elfhdr *ehdr) 984 { 985 bswap16s(&ehdr->e_type); /* Object file type */ 986 bswap16s(&ehdr->e_machine); /* Architecture */ 987 bswap32s(&ehdr->e_version); /* Object file version */ 988 bswaptls(&ehdr->e_entry); /* Entry point virtual address */ 989 bswaptls(&ehdr->e_phoff); /* Program header table file offset */ 990 bswaptls(&ehdr->e_shoff); /* Section header table file offset */ 991 bswap32s(&ehdr->e_flags); /* Processor-specific flags */ 992 bswap16s(&ehdr->e_ehsize); /* ELF header size in bytes */ 993 bswap16s(&ehdr->e_phentsize); /* Program header table entry size */ 994 bswap16s(&ehdr->e_phnum); /* Program header table entry count */ 995 bswap16s(&ehdr->e_shentsize); /* Section header table entry size */ 996 bswap16s(&ehdr->e_shnum); /* Section header table entry count */ 997 bswap16s(&ehdr->e_shstrndx); /* Section header string table index */ 998 } 999 1000 static void bswap_phdr(struct elf_phdr *phdr, int phnum) 1001 { 1002 int i; 1003 for (i = 0; i < phnum; ++i, ++phdr) { 1004 bswap32s(&phdr->p_type); /* Segment type */ 1005 bswap32s(&phdr->p_flags); /* Segment flags */ 1006 bswaptls(&phdr->p_offset); /* Segment file offset */ 1007 bswaptls(&phdr->p_vaddr); /* Segment virtual address */ 1008 bswaptls(&phdr->p_paddr); /* Segment physical address */ 1009 bswaptls(&phdr->p_filesz); /* Segment size in file */ 1010 bswaptls(&phdr->p_memsz); /* Segment size in memory */ 1011 bswaptls(&phdr->p_align); /* Segment alignment */ 1012 } 1013 } 1014 1015 static void bswap_shdr(struct elf_shdr *shdr, int shnum) 1016 { 1017 int i; 1018 for (i = 0; i < shnum; ++i, ++shdr) { 1019 bswap32s(&shdr->sh_name); 1020 bswap32s(&shdr->sh_type); 1021 bswaptls(&shdr->sh_flags); 1022 bswaptls(&shdr->sh_addr); 1023 bswaptls(&shdr->sh_offset); 1024 bswaptls(&shdr->sh_size); 1025 bswap32s(&shdr->sh_link); 1026 bswap32s(&shdr->sh_info); 1027 bswaptls(&shdr->sh_addralign); 1028 bswaptls(&shdr->sh_entsize); 1029 } 1030 } 1031 1032 static void bswap_sym(struct elf_sym *sym) 1033 { 1034 bswap32s(&sym->st_name); 1035 bswaptls(&sym->st_value); 1036 bswaptls(&sym->st_size); 1037 bswap16s(&sym->st_shndx); 1038 } 1039 #else 1040 static inline void bswap_ehdr(struct elfhdr *ehdr) { } 1041 static inline void bswap_phdr(struct elf_phdr *phdr, int phnum) { } 1042 static inline void bswap_shdr(struct elf_shdr *shdr, int shnum) { } 1043 static inline void bswap_sym(struct elf_sym *sym) { } 1044 #endif 1045 1046 #ifdef USE_ELF_CORE_DUMP 1047 static int elf_core_dump(int, const CPUState *); 1048 #endif /* USE_ELF_CORE_DUMP */ 1049 static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias); 1050 1051 /* Verify the portions of EHDR within E_IDENT for the target. 1052 This can be performed before bswapping the entire header. */ 1053 static bool elf_check_ident(struct elfhdr *ehdr) 1054 { 1055 return (ehdr->e_ident[EI_MAG0] == ELFMAG0 1056 && ehdr->e_ident[EI_MAG1] == ELFMAG1 1057 && ehdr->e_ident[EI_MAG2] == ELFMAG2 1058 && ehdr->e_ident[EI_MAG3] == ELFMAG3 1059 && ehdr->e_ident[EI_CLASS] == ELF_CLASS 1060 && ehdr->e_ident[EI_DATA] == ELF_DATA 1061 && ehdr->e_ident[EI_VERSION] == EV_CURRENT); 1062 } 1063 1064 /* Verify the portions of EHDR outside of E_IDENT for the target. 1065 This has to wait until after bswapping the header. */ 1066 static bool elf_check_ehdr(struct elfhdr *ehdr) 1067 { 1068 return (elf_check_arch(ehdr->e_machine) 1069 && ehdr->e_ehsize == sizeof(struct elfhdr) 1070 && ehdr->e_phentsize == sizeof(struct elf_phdr) 1071 && ehdr->e_shentsize == sizeof(struct elf_shdr) 1072 && (ehdr->e_type == ET_EXEC || ehdr->e_type == ET_DYN)); 1073 } 1074 1075 /* 1076 * 'copy_elf_strings()' copies argument/envelope strings from user 1077 * memory to free pages in kernel mem. These are in a format ready 1078 * to be put directly into the top of new user memory. 1079 * 1080 */ 1081 static abi_ulong copy_elf_strings(int argc,char ** argv, void **page, 1082 abi_ulong p) 1083 { 1084 char *tmp, *tmp1, *pag = NULL; 1085 int len, offset = 0; 1086 1087 if (!p) { 1088 return 0; /* bullet-proofing */ 1089 } 1090 while (argc-- > 0) { 1091 tmp = argv[argc]; 1092 if (!tmp) { 1093 fprintf(stderr, "VFS: argc is wrong"); 1094 exit(-1); 1095 } 1096 tmp1 = tmp; 1097 while (*tmp++); 1098 len = tmp - tmp1; 1099 if (p < len) { /* this shouldn't happen - 128kB */ 1100 return 0; 1101 } 1102 while (len) { 1103 --p; --tmp; --len; 1104 if (--offset < 0) { 1105 offset = p % TARGET_PAGE_SIZE; 1106 pag = (char *)page[p/TARGET_PAGE_SIZE]; 1107 if (!pag) { 1108 pag = (char *)malloc(TARGET_PAGE_SIZE); 1109 memset(pag, 0, TARGET_PAGE_SIZE); 1110 page[p/TARGET_PAGE_SIZE] = pag; 1111 if (!pag) 1112 return 0; 1113 } 1114 } 1115 if (len == 0 || offset == 0) { 1116 *(pag + offset) = *tmp; 1117 } 1118 else { 1119 int bytes_to_copy = (len > offset) ? offset : len; 1120 tmp -= bytes_to_copy; 1121 p -= bytes_to_copy; 1122 offset -= bytes_to_copy; 1123 len -= bytes_to_copy; 1124 memcpy_fromfs(pag + offset, tmp, bytes_to_copy + 1); 1125 } 1126 } 1127 } 1128 return p; 1129 } 1130 1131 static abi_ulong setup_arg_pages(abi_ulong p, struct linux_binprm *bprm, 1132 struct image_info *info) 1133 { 1134 abi_ulong stack_base, size, error, guard; 1135 int i; 1136 1137 /* Create enough stack to hold everything. If we don't use 1138 it for args, we'll use it for something else. */ 1139 size = guest_stack_size; 1140 if (size < MAX_ARG_PAGES*TARGET_PAGE_SIZE) { 1141 size = MAX_ARG_PAGES*TARGET_PAGE_SIZE; 1142 } 1143 guard = TARGET_PAGE_SIZE; 1144 if (guard < qemu_real_host_page_size) { 1145 guard = qemu_real_host_page_size; 1146 } 1147 1148 error = target_mmap(0, size + guard, PROT_READ | PROT_WRITE, 1149 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); 1150 if (error == -1) { 1151 perror("mmap stack"); 1152 exit(-1); 1153 } 1154 1155 /* We reserve one extra page at the top of the stack as guard. */ 1156 target_mprotect(error, guard, PROT_NONE); 1157 1158 info->stack_limit = error + guard; 1159 stack_base = info->stack_limit + size - MAX_ARG_PAGES*TARGET_PAGE_SIZE; 1160 p += stack_base; 1161 1162 for (i = 0 ; i < MAX_ARG_PAGES ; i++) { 1163 if (bprm->page[i]) { 1164 info->rss++; 1165 /* FIXME - check return value of memcpy_to_target() for failure */ 1166 memcpy_to_target(stack_base, bprm->page[i], TARGET_PAGE_SIZE); 1167 free(bprm->page[i]); 1168 } 1169 stack_base += TARGET_PAGE_SIZE; 1170 } 1171 return p; 1172 } 1173 1174 /* Map and zero the bss. We need to explicitly zero any fractional pages 1175 after the data section (i.e. bss). */ 1176 static void zero_bss(abi_ulong elf_bss, abi_ulong last_bss, int prot) 1177 { 1178 uintptr_t host_start, host_map_start, host_end; 1179 1180 last_bss = TARGET_PAGE_ALIGN(last_bss); 1181 1182 /* ??? There is confusion between qemu_real_host_page_size and 1183 qemu_host_page_size here and elsewhere in target_mmap, which 1184 may lead to the end of the data section mapping from the file 1185 not being mapped. At least there was an explicit test and 1186 comment for that here, suggesting that "the file size must 1187 be known". The comment probably pre-dates the introduction 1188 of the fstat system call in target_mmap which does in fact 1189 find out the size. What isn't clear is if the workaround 1190 here is still actually needed. For now, continue with it, 1191 but merge it with the "normal" mmap that would allocate the bss. */ 1192 1193 host_start = (uintptr_t) g2h(elf_bss); 1194 host_end = (uintptr_t) g2h(last_bss); 1195 host_map_start = (host_start + qemu_real_host_page_size - 1); 1196 host_map_start &= -qemu_real_host_page_size; 1197 1198 if (host_map_start < host_end) { 1199 void *p = mmap((void *)host_map_start, host_end - host_map_start, 1200 prot, MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); 1201 if (p == MAP_FAILED) { 1202 perror("cannot mmap brk"); 1203 exit(-1); 1204 } 1205 1206 /* Since we didn't use target_mmap, make sure to record 1207 the validity of the pages with qemu. */ 1208 page_set_flags(elf_bss & TARGET_PAGE_MASK, last_bss, prot|PAGE_VALID); 1209 } 1210 1211 if (host_start < host_map_start) { 1212 memset((void *)host_start, 0, host_map_start - host_start); 1213 } 1214 } 1215 1216 #ifdef CONFIG_USE_FDPIC 1217 static abi_ulong loader_build_fdpic_loadmap(struct image_info *info, abi_ulong sp) 1218 { 1219 uint16_t n; 1220 struct elf32_fdpic_loadseg *loadsegs = info->loadsegs; 1221 1222 /* elf32_fdpic_loadseg */ 1223 n = info->nsegs; 1224 while (n--) { 1225 sp -= 12; 1226 put_user_u32(loadsegs[n].addr, sp+0); 1227 put_user_u32(loadsegs[n].p_vaddr, sp+4); 1228 put_user_u32(loadsegs[n].p_memsz, sp+8); 1229 } 1230 1231 /* elf32_fdpic_loadmap */ 1232 sp -= 4; 1233 put_user_u16(0, sp+0); /* version */ 1234 put_user_u16(info->nsegs, sp+2); /* nsegs */ 1235 1236 info->personality = PER_LINUX_FDPIC; 1237 info->loadmap_addr = sp; 1238 1239 return sp; 1240 } 1241 #endif 1242 1243 static abi_ulong create_elf_tables(abi_ulong p, int argc, int envc, 1244 struct elfhdr *exec, 1245 struct image_info *info, 1246 struct image_info *interp_info) 1247 { 1248 abi_ulong sp; 1249 int size; 1250 int i; 1251 abi_ulong u_rand_bytes; 1252 uint8_t k_rand_bytes[16]; 1253 abi_ulong u_platform; 1254 const char *k_platform; 1255 const int n = sizeof(elf_addr_t); 1256 1257 sp = p; 1258 1259 #ifdef CONFIG_USE_FDPIC 1260 /* Needs to be before we load the env/argc/... */ 1261 if (elf_is_fdpic(exec)) { 1262 /* Need 4 byte alignment for these structs */ 1263 sp &= ~3; 1264 sp = loader_build_fdpic_loadmap(info, sp); 1265 info->other_info = interp_info; 1266 if (interp_info) { 1267 interp_info->other_info = info; 1268 sp = loader_build_fdpic_loadmap(interp_info, sp); 1269 } 1270 } 1271 #endif 1272 1273 u_platform = 0; 1274 k_platform = ELF_PLATFORM; 1275 if (k_platform) { 1276 size_t len = strlen(k_platform) + 1; 1277 sp -= (len + n - 1) & ~(n - 1); 1278 u_platform = sp; 1279 /* FIXME - check return value of memcpy_to_target() for failure */ 1280 memcpy_to_target(sp, k_platform, len); 1281 } 1282 1283 /* 1284 * Generate 16 random bytes for userspace PRNG seeding (not 1285 * cryptically secure but it's not the aim of QEMU). 1286 */ 1287 srand((unsigned int) time(NULL)); 1288 for (i = 0; i < 16; i++) { 1289 k_rand_bytes[i] = rand(); 1290 } 1291 sp -= 16; 1292 u_rand_bytes = sp; 1293 /* FIXME - check return value of memcpy_to_target() for failure */ 1294 memcpy_to_target(sp, k_rand_bytes, 16); 1295 1296 /* 1297 * Force 16 byte _final_ alignment here for generality. 1298 */ 1299 sp = sp &~ (abi_ulong)15; 1300 size = (DLINFO_ITEMS + 1) * 2; 1301 if (k_platform) 1302 size += 2; 1303 #ifdef DLINFO_ARCH_ITEMS 1304 size += DLINFO_ARCH_ITEMS * 2; 1305 #endif 1306 size += envc + argc + 2; 1307 size += 1; /* argc itself */ 1308 size *= n; 1309 if (size & 15) 1310 sp -= 16 - (size & 15); 1311 1312 /* This is correct because Linux defines 1313 * elf_addr_t as Elf32_Off / Elf64_Off 1314 */ 1315 #define NEW_AUX_ENT(id, val) do { \ 1316 sp -= n; put_user_ual(val, sp); \ 1317 sp -= n; put_user_ual(id, sp); \ 1318 } while(0) 1319 1320 NEW_AUX_ENT (AT_NULL, 0); 1321 1322 /* There must be exactly DLINFO_ITEMS entries here. */ 1323 NEW_AUX_ENT(AT_PHDR, (abi_ulong)(info->load_addr + exec->e_phoff)); 1324 NEW_AUX_ENT(AT_PHENT, (abi_ulong)(sizeof (struct elf_phdr))); 1325 NEW_AUX_ENT(AT_PHNUM, (abi_ulong)(exec->e_phnum)); 1326 NEW_AUX_ENT(AT_PAGESZ, (abi_ulong)(TARGET_PAGE_SIZE)); 1327 NEW_AUX_ENT(AT_BASE, (abi_ulong)(interp_info ? interp_info->load_addr : 0)); 1328 NEW_AUX_ENT(AT_FLAGS, (abi_ulong)0); 1329 NEW_AUX_ENT(AT_ENTRY, info->entry); 1330 NEW_AUX_ENT(AT_UID, (abi_ulong) getuid()); 1331 NEW_AUX_ENT(AT_EUID, (abi_ulong) geteuid()); 1332 NEW_AUX_ENT(AT_GID, (abi_ulong) getgid()); 1333 NEW_AUX_ENT(AT_EGID, (abi_ulong) getegid()); 1334 NEW_AUX_ENT(AT_HWCAP, (abi_ulong) ELF_HWCAP); 1335 NEW_AUX_ENT(AT_CLKTCK, (abi_ulong) sysconf(_SC_CLK_TCK)); 1336 NEW_AUX_ENT(AT_RANDOM, (abi_ulong) u_rand_bytes); 1337 1338 if (k_platform) 1339 NEW_AUX_ENT(AT_PLATFORM, u_platform); 1340 #ifdef ARCH_DLINFO 1341 /* 1342 * ARCH_DLINFO must come last so platform specific code can enforce 1343 * special alignment requirements on the AUXV if necessary (eg. PPC). 1344 */ 1345 ARCH_DLINFO; 1346 #endif 1347 #undef NEW_AUX_ENT 1348 1349 info->saved_auxv = sp; 1350 1351 sp = loader_build_argptr(envc, argc, sp, p, 0); 1352 return sp; 1353 } 1354 1355 #ifndef TARGET_HAS_GUEST_VALIDATE_BASE 1356 /* If the guest doesn't have a validation function just agree */ 1357 bool guest_validate_base(unsigned long guest_base) 1358 { 1359 return 1; 1360 } 1361 #endif 1362 1363 static void probe_guest_base(const char *image_name, 1364 abi_ulong loaddr, abi_ulong hiaddr) 1365 { 1366 /* Probe for a suitable guest base address, if the user has not set 1367 * it explicitly, and set guest_base appropriately. 1368 * In case of error we will print a suitable message and exit. 1369 */ 1370 #if defined(CONFIG_USE_GUEST_BASE) 1371 const char *errmsg; 1372 if (!have_guest_base && !reserved_va) { 1373 unsigned long host_start, real_start, host_size; 1374 1375 /* Round addresses to page boundaries. */ 1376 loaddr &= qemu_host_page_mask; 1377 hiaddr = HOST_PAGE_ALIGN(hiaddr); 1378 1379 if (loaddr < mmap_min_addr) { 1380 host_start = HOST_PAGE_ALIGN(mmap_min_addr); 1381 } else { 1382 host_start = loaddr; 1383 if (host_start != loaddr) { 1384 errmsg = "Address overflow loading ELF binary"; 1385 goto exit_errmsg; 1386 } 1387 } 1388 host_size = hiaddr - loaddr; 1389 while (1) { 1390 /* Do not use mmap_find_vma here because that is limited to the 1391 guest address space. We are going to make the 1392 guest address space fit whatever we're given. */ 1393 real_start = (unsigned long) 1394 mmap((void *)host_start, host_size, PROT_NONE, 1395 MAP_ANONYMOUS | MAP_PRIVATE | MAP_NORESERVE, -1, 0); 1396 if (real_start == (unsigned long)-1) { 1397 goto exit_perror; 1398 } 1399 guest_base = real_start - loaddr; 1400 if ((real_start == host_start) && 1401 guest_validate_base(guest_base)) { 1402 break; 1403 } 1404 /* That address didn't work. Unmap and try a different one. 1405 The address the host picked because is typically right at 1406 the top of the host address space and leaves the guest with 1407 no usable address space. Resort to a linear search. We 1408 already compensated for mmap_min_addr, so this should not 1409 happen often. Probably means we got unlucky and host 1410 address space randomization put a shared library somewhere 1411 inconvenient. */ 1412 munmap((void *)real_start, host_size); 1413 host_start += qemu_host_page_size; 1414 if (host_start == loaddr) { 1415 /* Theoretically possible if host doesn't have any suitably 1416 aligned areas. Normally the first mmap will fail. */ 1417 errmsg = "Unable to find space for application"; 1418 goto exit_errmsg; 1419 } 1420 } 1421 qemu_log("Relocating guest address space from 0x" 1422 TARGET_ABI_FMT_lx " to 0x%lx\n", 1423 loaddr, real_start); 1424 } 1425 return; 1426 1427 exit_perror: 1428 errmsg = strerror(errno); 1429 exit_errmsg: 1430 fprintf(stderr, "%s: %s\n", image_name, errmsg); 1431 exit(-1); 1432 #endif 1433 } 1434 1435 1436 /* Load an ELF image into the address space. 1437 1438 IMAGE_NAME is the filename of the image, to use in error messages. 1439 IMAGE_FD is the open file descriptor for the image. 1440 1441 BPRM_BUF is a copy of the beginning of the file; this of course 1442 contains the elf file header at offset 0. It is assumed that this 1443 buffer is sufficiently aligned to present no problems to the host 1444 in accessing data at aligned offsets within the buffer. 1445 1446 On return: INFO values will be filled in, as necessary or available. */ 1447 1448 static void load_elf_image(const char *image_name, int image_fd, 1449 struct image_info *info, char **pinterp_name, 1450 char bprm_buf[BPRM_BUF_SIZE]) 1451 { 1452 struct elfhdr *ehdr = (struct elfhdr *)bprm_buf; 1453 struct elf_phdr *phdr; 1454 abi_ulong load_addr, load_bias, loaddr, hiaddr, error; 1455 int i, retval; 1456 const char *errmsg; 1457 1458 /* First of all, some simple consistency checks */ 1459 errmsg = "Invalid ELF image for this architecture"; 1460 if (!elf_check_ident(ehdr)) { 1461 goto exit_errmsg; 1462 } 1463 bswap_ehdr(ehdr); 1464 if (!elf_check_ehdr(ehdr)) { 1465 goto exit_errmsg; 1466 } 1467 1468 i = ehdr->e_phnum * sizeof(struct elf_phdr); 1469 if (ehdr->e_phoff + i <= BPRM_BUF_SIZE) { 1470 phdr = (struct elf_phdr *)(bprm_buf + ehdr->e_phoff); 1471 } else { 1472 phdr = (struct elf_phdr *) alloca(i); 1473 retval = pread(image_fd, phdr, i, ehdr->e_phoff); 1474 if (retval != i) { 1475 goto exit_read; 1476 } 1477 } 1478 bswap_phdr(phdr, ehdr->e_phnum); 1479 1480 #ifdef CONFIG_USE_FDPIC 1481 info->nsegs = 0; 1482 info->pt_dynamic_addr = 0; 1483 #endif 1484 1485 /* Find the maximum size of the image and allocate an appropriate 1486 amount of memory to handle that. */ 1487 loaddr = -1, hiaddr = 0; 1488 for (i = 0; i < ehdr->e_phnum; ++i) { 1489 if (phdr[i].p_type == PT_LOAD) { 1490 abi_ulong a = phdr[i].p_vaddr; 1491 if (a < loaddr) { 1492 loaddr = a; 1493 } 1494 a += phdr[i].p_memsz; 1495 if (a > hiaddr) { 1496 hiaddr = a; 1497 } 1498 #ifdef CONFIG_USE_FDPIC 1499 ++info->nsegs; 1500 #endif 1501 } 1502 } 1503 1504 load_addr = loaddr; 1505 if (ehdr->e_type == ET_DYN) { 1506 /* The image indicates that it can be loaded anywhere. Find a 1507 location that can hold the memory space required. If the 1508 image is pre-linked, LOADDR will be non-zero. Since we do 1509 not supply MAP_FIXED here we'll use that address if and 1510 only if it remains available. */ 1511 load_addr = target_mmap(loaddr, hiaddr - loaddr, PROT_NONE, 1512 MAP_PRIVATE | MAP_ANON | MAP_NORESERVE, 1513 -1, 0); 1514 if (load_addr == -1) { 1515 goto exit_perror; 1516 } 1517 } else if (pinterp_name != NULL) { 1518 /* This is the main executable. Make sure that the low 1519 address does not conflict with MMAP_MIN_ADDR or the 1520 QEMU application itself. */ 1521 probe_guest_base(image_name, loaddr, hiaddr); 1522 } 1523 load_bias = load_addr - loaddr; 1524 1525 #ifdef CONFIG_USE_FDPIC 1526 { 1527 struct elf32_fdpic_loadseg *loadsegs = info->loadsegs = 1528 g_malloc(sizeof(*loadsegs) * info->nsegs); 1529 1530 for (i = 0; i < ehdr->e_phnum; ++i) { 1531 switch (phdr[i].p_type) { 1532 case PT_DYNAMIC: 1533 info->pt_dynamic_addr = phdr[i].p_vaddr + load_bias; 1534 break; 1535 case PT_LOAD: 1536 loadsegs->addr = phdr[i].p_vaddr + load_bias; 1537 loadsegs->p_vaddr = phdr[i].p_vaddr; 1538 loadsegs->p_memsz = phdr[i].p_memsz; 1539 ++loadsegs; 1540 break; 1541 } 1542 } 1543 } 1544 #endif 1545 1546 info->load_bias = load_bias; 1547 info->load_addr = load_addr; 1548 info->entry = ehdr->e_entry + load_bias; 1549 info->start_code = -1; 1550 info->end_code = 0; 1551 info->start_data = -1; 1552 info->end_data = 0; 1553 info->brk = 0; 1554 1555 for (i = 0; i < ehdr->e_phnum; i++) { 1556 struct elf_phdr *eppnt = phdr + i; 1557 if (eppnt->p_type == PT_LOAD) { 1558 abi_ulong vaddr, vaddr_po, vaddr_ps, vaddr_ef, vaddr_em; 1559 int elf_prot = 0; 1560 1561 if (eppnt->p_flags & PF_R) elf_prot = PROT_READ; 1562 if (eppnt->p_flags & PF_W) elf_prot |= PROT_WRITE; 1563 if (eppnt->p_flags & PF_X) elf_prot |= PROT_EXEC; 1564 1565 vaddr = load_bias + eppnt->p_vaddr; 1566 vaddr_po = TARGET_ELF_PAGEOFFSET(vaddr); 1567 vaddr_ps = TARGET_ELF_PAGESTART(vaddr); 1568 1569 error = target_mmap(vaddr_ps, eppnt->p_filesz + vaddr_po, 1570 elf_prot, MAP_PRIVATE | MAP_FIXED, 1571 image_fd, eppnt->p_offset - vaddr_po); 1572 if (error == -1) { 1573 goto exit_perror; 1574 } 1575 1576 vaddr_ef = vaddr + eppnt->p_filesz; 1577 vaddr_em = vaddr + eppnt->p_memsz; 1578 1579 /* If the load segment requests extra zeros (e.g. bss), map it. */ 1580 if (vaddr_ef < vaddr_em) { 1581 zero_bss(vaddr_ef, vaddr_em, elf_prot); 1582 } 1583 1584 /* Find the full program boundaries. */ 1585 if (elf_prot & PROT_EXEC) { 1586 if (vaddr < info->start_code) { 1587 info->start_code = vaddr; 1588 } 1589 if (vaddr_ef > info->end_code) { 1590 info->end_code = vaddr_ef; 1591 } 1592 } 1593 if (elf_prot & PROT_WRITE) { 1594 if (vaddr < info->start_data) { 1595 info->start_data = vaddr; 1596 } 1597 if (vaddr_ef > info->end_data) { 1598 info->end_data = vaddr_ef; 1599 } 1600 if (vaddr_em > info->brk) { 1601 info->brk = vaddr_em; 1602 } 1603 } 1604 } else if (eppnt->p_type == PT_INTERP && pinterp_name) { 1605 char *interp_name; 1606 1607 if (*pinterp_name) { 1608 errmsg = "Multiple PT_INTERP entries"; 1609 goto exit_errmsg; 1610 } 1611 interp_name = malloc(eppnt->p_filesz); 1612 if (!interp_name) { 1613 goto exit_perror; 1614 } 1615 1616 if (eppnt->p_offset + eppnt->p_filesz <= BPRM_BUF_SIZE) { 1617 memcpy(interp_name, bprm_buf + eppnt->p_offset, 1618 eppnt->p_filesz); 1619 } else { 1620 retval = pread(image_fd, interp_name, eppnt->p_filesz, 1621 eppnt->p_offset); 1622 if (retval != eppnt->p_filesz) { 1623 goto exit_perror; 1624 } 1625 } 1626 if (interp_name[eppnt->p_filesz - 1] != 0) { 1627 errmsg = "Invalid PT_INTERP entry"; 1628 goto exit_errmsg; 1629 } 1630 *pinterp_name = interp_name; 1631 } 1632 } 1633 1634 if (info->end_data == 0) { 1635 info->start_data = info->end_code; 1636 info->end_data = info->end_code; 1637 info->brk = info->end_code; 1638 } 1639 1640 if (qemu_log_enabled()) { 1641 load_symbols(ehdr, image_fd, load_bias); 1642 } 1643 1644 close(image_fd); 1645 return; 1646 1647 exit_read: 1648 if (retval >= 0) { 1649 errmsg = "Incomplete read of file header"; 1650 goto exit_errmsg; 1651 } 1652 exit_perror: 1653 errmsg = strerror(errno); 1654 exit_errmsg: 1655 fprintf(stderr, "%s: %s\n", image_name, errmsg); 1656 exit(-1); 1657 } 1658 1659 static void load_elf_interp(const char *filename, struct image_info *info, 1660 char bprm_buf[BPRM_BUF_SIZE]) 1661 { 1662 int fd, retval; 1663 1664 fd = open(path(filename), O_RDONLY); 1665 if (fd < 0) { 1666 goto exit_perror; 1667 } 1668 1669 retval = read(fd, bprm_buf, BPRM_BUF_SIZE); 1670 if (retval < 0) { 1671 goto exit_perror; 1672 } 1673 if (retval < BPRM_BUF_SIZE) { 1674 memset(bprm_buf + retval, 0, BPRM_BUF_SIZE - retval); 1675 } 1676 1677 load_elf_image(filename, fd, info, NULL, bprm_buf); 1678 return; 1679 1680 exit_perror: 1681 fprintf(stderr, "%s: %s\n", filename, strerror(errno)); 1682 exit(-1); 1683 } 1684 1685 static int symfind(const void *s0, const void *s1) 1686 { 1687 struct elf_sym *key = (struct elf_sym *)s0; 1688 struct elf_sym *sym = (struct elf_sym *)s1; 1689 int result = 0; 1690 if (key->st_value < sym->st_value) { 1691 result = -1; 1692 } else if (key->st_value >= sym->st_value + sym->st_size) { 1693 result = 1; 1694 } 1695 return result; 1696 } 1697 1698 static const char *lookup_symbolxx(struct syminfo *s, target_ulong orig_addr) 1699 { 1700 #if ELF_CLASS == ELFCLASS32 1701 struct elf_sym *syms = s->disas_symtab.elf32; 1702 #else 1703 struct elf_sym *syms = s->disas_symtab.elf64; 1704 #endif 1705 1706 // binary search 1707 struct elf_sym key; 1708 struct elf_sym *sym; 1709 1710 key.st_value = orig_addr; 1711 1712 sym = bsearch(&key, syms, s->disas_num_syms, sizeof(*syms), symfind); 1713 if (sym != NULL) { 1714 return s->disas_strtab + sym->st_name; 1715 } 1716 1717 return ""; 1718 } 1719 1720 /* FIXME: This should use elf_ops.h */ 1721 static int symcmp(const void *s0, const void *s1) 1722 { 1723 struct elf_sym *sym0 = (struct elf_sym *)s0; 1724 struct elf_sym *sym1 = (struct elf_sym *)s1; 1725 return (sym0->st_value < sym1->st_value) 1726 ? -1 1727 : ((sym0->st_value > sym1->st_value) ? 1 : 0); 1728 } 1729 1730 /* Best attempt to load symbols from this ELF object. */ 1731 static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias) 1732 { 1733 int i, shnum, nsyms, sym_idx = 0, str_idx = 0; 1734 struct elf_shdr *shdr; 1735 char *strings = NULL; 1736 struct syminfo *s = NULL; 1737 struct elf_sym *new_syms, *syms = NULL; 1738 1739 shnum = hdr->e_shnum; 1740 i = shnum * sizeof(struct elf_shdr); 1741 shdr = (struct elf_shdr *)alloca(i); 1742 if (pread(fd, shdr, i, hdr->e_shoff) != i) { 1743 return; 1744 } 1745 1746 bswap_shdr(shdr, shnum); 1747 for (i = 0; i < shnum; ++i) { 1748 if (shdr[i].sh_type == SHT_SYMTAB) { 1749 sym_idx = i; 1750 str_idx = shdr[i].sh_link; 1751 goto found; 1752 } 1753 } 1754 1755 /* There will be no symbol table if the file was stripped. */ 1756 return; 1757 1758 found: 1759 /* Now know where the strtab and symtab are. Snarf them. */ 1760 s = malloc(sizeof(*s)); 1761 if (!s) { 1762 goto give_up; 1763 } 1764 1765 i = shdr[str_idx].sh_size; 1766 s->disas_strtab = strings = malloc(i); 1767 if (!strings || pread(fd, strings, i, shdr[str_idx].sh_offset) != i) { 1768 goto give_up; 1769 } 1770 1771 i = shdr[sym_idx].sh_size; 1772 syms = malloc(i); 1773 if (!syms || pread(fd, syms, i, shdr[sym_idx].sh_offset) != i) { 1774 goto give_up; 1775 } 1776 1777 nsyms = i / sizeof(struct elf_sym); 1778 for (i = 0; i < nsyms; ) { 1779 bswap_sym(syms + i); 1780 /* Throw away entries which we do not need. */ 1781 if (syms[i].st_shndx == SHN_UNDEF 1782 || syms[i].st_shndx >= SHN_LORESERVE 1783 || ELF_ST_TYPE(syms[i].st_info) != STT_FUNC) { 1784 if (i < --nsyms) { 1785 syms[i] = syms[nsyms]; 1786 } 1787 } else { 1788 #if defined(TARGET_ARM) || defined (TARGET_MIPS) 1789 /* The bottom address bit marks a Thumb or MIPS16 symbol. */ 1790 syms[i].st_value &= ~(target_ulong)1; 1791 #endif 1792 syms[i].st_value += load_bias; 1793 i++; 1794 } 1795 } 1796 1797 /* No "useful" symbol. */ 1798 if (nsyms == 0) { 1799 goto give_up; 1800 } 1801 1802 /* Attempt to free the storage associated with the local symbols 1803 that we threw away. Whether or not this has any effect on the 1804 memory allocation depends on the malloc implementation and how 1805 many symbols we managed to discard. */ 1806 new_syms = realloc(syms, nsyms * sizeof(*syms)); 1807 if (new_syms == NULL) { 1808 goto give_up; 1809 } 1810 syms = new_syms; 1811 1812 qsort(syms, nsyms, sizeof(*syms), symcmp); 1813 1814 s->disas_num_syms = nsyms; 1815 #if ELF_CLASS == ELFCLASS32 1816 s->disas_symtab.elf32 = syms; 1817 #else 1818 s->disas_symtab.elf64 = syms; 1819 #endif 1820 s->lookup_symbol = lookup_symbolxx; 1821 s->next = syminfos; 1822 syminfos = s; 1823 1824 return; 1825 1826 give_up: 1827 free(s); 1828 free(strings); 1829 free(syms); 1830 } 1831 1832 int load_elf_binary(struct linux_binprm * bprm, struct target_pt_regs * regs, 1833 struct image_info * info) 1834 { 1835 struct image_info interp_info; 1836 struct elfhdr elf_ex; 1837 char *elf_interpreter = NULL; 1838 1839 info->start_mmap = (abi_ulong)ELF_START_MMAP; 1840 info->mmap = 0; 1841 info->rss = 0; 1842 1843 load_elf_image(bprm->filename, bprm->fd, info, 1844 &elf_interpreter, bprm->buf); 1845 1846 /* ??? We need a copy of the elf header for passing to create_elf_tables. 1847 If we do nothing, we'll have overwritten this when we re-use bprm->buf 1848 when we load the interpreter. */ 1849 elf_ex = *(struct elfhdr *)bprm->buf; 1850 1851 bprm->p = copy_elf_strings(1, &bprm->filename, bprm->page, bprm->p); 1852 bprm->p = copy_elf_strings(bprm->envc,bprm->envp,bprm->page,bprm->p); 1853 bprm->p = copy_elf_strings(bprm->argc,bprm->argv,bprm->page,bprm->p); 1854 if (!bprm->p) { 1855 fprintf(stderr, "%s: %s\n", bprm->filename, strerror(E2BIG)); 1856 exit(-1); 1857 } 1858 1859 /* Do this so that we can load the interpreter, if need be. We will 1860 change some of these later */ 1861 bprm->p = setup_arg_pages(bprm->p, bprm, info); 1862 1863 if (elf_interpreter) { 1864 load_elf_interp(elf_interpreter, &interp_info, bprm->buf); 1865 1866 /* If the program interpreter is one of these two, then assume 1867 an iBCS2 image. Otherwise assume a native linux image. */ 1868 1869 if (strcmp(elf_interpreter, "/usr/lib/libc.so.1") == 0 1870 || strcmp(elf_interpreter, "/usr/lib/ld.so.1") == 0) { 1871 info->personality = PER_SVR4; 1872 1873 /* Why this, you ask??? Well SVr4 maps page 0 as read-only, 1874 and some applications "depend" upon this behavior. Since 1875 we do not have the power to recompile these, we emulate 1876 the SVr4 behavior. Sigh. */ 1877 target_mmap(0, qemu_host_page_size, PROT_READ | PROT_EXEC, 1878 MAP_FIXED | MAP_PRIVATE, -1, 0); 1879 } 1880 } 1881 1882 bprm->p = create_elf_tables(bprm->p, bprm->argc, bprm->envc, &elf_ex, 1883 info, (elf_interpreter ? &interp_info : NULL)); 1884 info->start_stack = bprm->p; 1885 1886 /* If we have an interpreter, set that as the program's entry point. 1887 Copy the load_addr as well, to help PPC64 interpret the entry 1888 point as a function descriptor. Do this after creating elf tables 1889 so that we copy the original program entry point into the AUXV. */ 1890 if (elf_interpreter) { 1891 info->load_addr = interp_info.load_addr; 1892 info->entry = interp_info.entry; 1893 free(elf_interpreter); 1894 } 1895 1896 #ifdef USE_ELF_CORE_DUMP 1897 bprm->core_dump = &elf_core_dump; 1898 #endif 1899 1900 return 0; 1901 } 1902 1903 #ifdef USE_ELF_CORE_DUMP 1904 /* 1905 * Definitions to generate Intel SVR4-like core files. 1906 * These mostly have the same names as the SVR4 types with "target_elf_" 1907 * tacked on the front to prevent clashes with linux definitions, 1908 * and the typedef forms have been avoided. This is mostly like 1909 * the SVR4 structure, but more Linuxy, with things that Linux does 1910 * not support and which gdb doesn't really use excluded. 1911 * 1912 * Fields we don't dump (their contents is zero) in linux-user qemu 1913 * are marked with XXX. 1914 * 1915 * Core dump code is copied from linux kernel (fs/binfmt_elf.c). 1916 * 1917 * Porting ELF coredump for target is (quite) simple process. First you 1918 * define USE_ELF_CORE_DUMP in target ELF code (where init_thread() for 1919 * the target resides): 1920 * 1921 * #define USE_ELF_CORE_DUMP 1922 * 1923 * Next you define type of register set used for dumping. ELF specification 1924 * says that it needs to be array of elf_greg_t that has size of ELF_NREG. 1925 * 1926 * typedef <target_regtype> target_elf_greg_t; 1927 * #define ELF_NREG <number of registers> 1928 * typedef taret_elf_greg_t target_elf_gregset_t[ELF_NREG]; 1929 * 1930 * Last step is to implement target specific function that copies registers 1931 * from given cpu into just specified register set. Prototype is: 1932 * 1933 * static void elf_core_copy_regs(taret_elf_gregset_t *regs, 1934 * const CPUState *env); 1935 * 1936 * Parameters: 1937 * regs - copy register values into here (allocated and zeroed by caller) 1938 * env - copy registers from here 1939 * 1940 * Example for ARM target is provided in this file. 1941 */ 1942 1943 /* An ELF note in memory */ 1944 struct memelfnote { 1945 const char *name; 1946 size_t namesz; 1947 size_t namesz_rounded; 1948 int type; 1949 size_t datasz; 1950 size_t datasz_rounded; 1951 void *data; 1952 size_t notesz; 1953 }; 1954 1955 struct target_elf_siginfo { 1956 target_int si_signo; /* signal number */ 1957 target_int si_code; /* extra code */ 1958 target_int si_errno; /* errno */ 1959 }; 1960 1961 struct target_elf_prstatus { 1962 struct target_elf_siginfo pr_info; /* Info associated with signal */ 1963 target_short pr_cursig; /* Current signal */ 1964 target_ulong pr_sigpend; /* XXX */ 1965 target_ulong pr_sighold; /* XXX */ 1966 target_pid_t pr_pid; 1967 target_pid_t pr_ppid; 1968 target_pid_t pr_pgrp; 1969 target_pid_t pr_sid; 1970 struct target_timeval pr_utime; /* XXX User time */ 1971 struct target_timeval pr_stime; /* XXX System time */ 1972 struct target_timeval pr_cutime; /* XXX Cumulative user time */ 1973 struct target_timeval pr_cstime; /* XXX Cumulative system time */ 1974 target_elf_gregset_t pr_reg; /* GP registers */ 1975 target_int pr_fpvalid; /* XXX */ 1976 }; 1977 1978 #define ELF_PRARGSZ (80) /* Number of chars for args */ 1979 1980 struct target_elf_prpsinfo { 1981 char pr_state; /* numeric process state */ 1982 char pr_sname; /* char for pr_state */ 1983 char pr_zomb; /* zombie */ 1984 char pr_nice; /* nice val */ 1985 target_ulong pr_flag; /* flags */ 1986 target_uid_t pr_uid; 1987 target_gid_t pr_gid; 1988 target_pid_t pr_pid, pr_ppid, pr_pgrp, pr_sid; 1989 /* Lots missing */ 1990 char pr_fname[16]; /* filename of executable */ 1991 char pr_psargs[ELF_PRARGSZ]; /* initial part of arg list */ 1992 }; 1993 1994 /* Here is the structure in which status of each thread is captured. */ 1995 struct elf_thread_status { 1996 QTAILQ_ENTRY(elf_thread_status) ets_link; 1997 struct target_elf_prstatus prstatus; /* NT_PRSTATUS */ 1998 #if 0 1999 elf_fpregset_t fpu; /* NT_PRFPREG */ 2000 struct task_struct *thread; 2001 elf_fpxregset_t xfpu; /* ELF_CORE_XFPREG_TYPE */ 2002 #endif 2003 struct memelfnote notes[1]; 2004 int num_notes; 2005 }; 2006 2007 struct elf_note_info { 2008 struct memelfnote *notes; 2009 struct target_elf_prstatus *prstatus; /* NT_PRSTATUS */ 2010 struct target_elf_prpsinfo *psinfo; /* NT_PRPSINFO */ 2011 2012 QTAILQ_HEAD(thread_list_head, elf_thread_status) thread_list; 2013 #if 0 2014 /* 2015 * Current version of ELF coredump doesn't support 2016 * dumping fp regs etc. 2017 */ 2018 elf_fpregset_t *fpu; 2019 elf_fpxregset_t *xfpu; 2020 int thread_status_size; 2021 #endif 2022 int notes_size; 2023 int numnote; 2024 }; 2025 2026 struct vm_area_struct { 2027 abi_ulong vma_start; /* start vaddr of memory region */ 2028 abi_ulong vma_end; /* end vaddr of memory region */ 2029 abi_ulong vma_flags; /* protection etc. flags for the region */ 2030 QTAILQ_ENTRY(vm_area_struct) vma_link; 2031 }; 2032 2033 struct mm_struct { 2034 QTAILQ_HEAD(, vm_area_struct) mm_mmap; 2035 int mm_count; /* number of mappings */ 2036 }; 2037 2038 static struct mm_struct *vma_init(void); 2039 static void vma_delete(struct mm_struct *); 2040 static int vma_add_mapping(struct mm_struct *, abi_ulong, 2041 abi_ulong, abi_ulong); 2042 static int vma_get_mapping_count(const struct mm_struct *); 2043 static struct vm_area_struct *vma_first(const struct mm_struct *); 2044 static struct vm_area_struct *vma_next(struct vm_area_struct *); 2045 static abi_ulong vma_dump_size(const struct vm_area_struct *); 2046 static int vma_walker(void *priv, abi_ulong start, abi_ulong end, 2047 unsigned long flags); 2048 2049 static void fill_elf_header(struct elfhdr *, int, uint16_t, uint32_t); 2050 static void fill_note(struct memelfnote *, const char *, int, 2051 unsigned int, void *); 2052 static void fill_prstatus(struct target_elf_prstatus *, const TaskState *, int); 2053 static int fill_psinfo(struct target_elf_prpsinfo *, const TaskState *); 2054 static void fill_auxv_note(struct memelfnote *, const TaskState *); 2055 static void fill_elf_note_phdr(struct elf_phdr *, int, off_t); 2056 static size_t note_size(const struct memelfnote *); 2057 static void free_note_info(struct elf_note_info *); 2058 static int fill_note_info(struct elf_note_info *, long, const CPUState *); 2059 static void fill_thread_info(struct elf_note_info *, const CPUState *); 2060 static int core_dump_filename(const TaskState *, char *, size_t); 2061 2062 static int dump_write(int, const void *, size_t); 2063 static int write_note(struct memelfnote *, int); 2064 static int write_note_info(struct elf_note_info *, int); 2065 2066 #ifdef BSWAP_NEEDED 2067 static void bswap_prstatus(struct target_elf_prstatus *prstatus) 2068 { 2069 prstatus->pr_info.si_signo = tswapl(prstatus->pr_info.si_signo); 2070 prstatus->pr_info.si_code = tswapl(prstatus->pr_info.si_code); 2071 prstatus->pr_info.si_errno = tswapl(prstatus->pr_info.si_errno); 2072 prstatus->pr_cursig = tswap16(prstatus->pr_cursig); 2073 prstatus->pr_sigpend = tswapl(prstatus->pr_sigpend); 2074 prstatus->pr_sighold = tswapl(prstatus->pr_sighold); 2075 prstatus->pr_pid = tswap32(prstatus->pr_pid); 2076 prstatus->pr_ppid = tswap32(prstatus->pr_ppid); 2077 prstatus->pr_pgrp = tswap32(prstatus->pr_pgrp); 2078 prstatus->pr_sid = tswap32(prstatus->pr_sid); 2079 /* cpu times are not filled, so we skip them */ 2080 /* regs should be in correct format already */ 2081 prstatus->pr_fpvalid = tswap32(prstatus->pr_fpvalid); 2082 } 2083 2084 static void bswap_psinfo(struct target_elf_prpsinfo *psinfo) 2085 { 2086 psinfo->pr_flag = tswapl(psinfo->pr_flag); 2087 psinfo->pr_uid = tswap16(psinfo->pr_uid); 2088 psinfo->pr_gid = tswap16(psinfo->pr_gid); 2089 psinfo->pr_pid = tswap32(psinfo->pr_pid); 2090 psinfo->pr_ppid = tswap32(psinfo->pr_ppid); 2091 psinfo->pr_pgrp = tswap32(psinfo->pr_pgrp); 2092 psinfo->pr_sid = tswap32(psinfo->pr_sid); 2093 } 2094 2095 static void bswap_note(struct elf_note *en) 2096 { 2097 bswap32s(&en->n_namesz); 2098 bswap32s(&en->n_descsz); 2099 bswap32s(&en->n_type); 2100 } 2101 #else 2102 static inline void bswap_prstatus(struct target_elf_prstatus *p) { } 2103 static inline void bswap_psinfo(struct target_elf_prpsinfo *p) {} 2104 static inline void bswap_note(struct elf_note *en) { } 2105 #endif /* BSWAP_NEEDED */ 2106 2107 /* 2108 * Minimal support for linux memory regions. These are needed 2109 * when we are finding out what memory exactly belongs to 2110 * emulated process. No locks needed here, as long as 2111 * thread that received the signal is stopped. 2112 */ 2113 2114 static struct mm_struct *vma_init(void) 2115 { 2116 struct mm_struct *mm; 2117 2118 if ((mm = g_malloc(sizeof (*mm))) == NULL) 2119 return (NULL); 2120 2121 mm->mm_count = 0; 2122 QTAILQ_INIT(&mm->mm_mmap); 2123 2124 return (mm); 2125 } 2126 2127 static void vma_delete(struct mm_struct *mm) 2128 { 2129 struct vm_area_struct *vma; 2130 2131 while ((vma = vma_first(mm)) != NULL) { 2132 QTAILQ_REMOVE(&mm->mm_mmap, vma, vma_link); 2133 g_free(vma); 2134 } 2135 g_free(mm); 2136 } 2137 2138 static int vma_add_mapping(struct mm_struct *mm, abi_ulong start, 2139 abi_ulong end, abi_ulong flags) 2140 { 2141 struct vm_area_struct *vma; 2142 2143 if ((vma = g_malloc0(sizeof (*vma))) == NULL) 2144 return (-1); 2145 2146 vma->vma_start = start; 2147 vma->vma_end = end; 2148 vma->vma_flags = flags; 2149 2150 QTAILQ_INSERT_TAIL(&mm->mm_mmap, vma, vma_link); 2151 mm->mm_count++; 2152 2153 return (0); 2154 } 2155 2156 static struct vm_area_struct *vma_first(const struct mm_struct *mm) 2157 { 2158 return (QTAILQ_FIRST(&mm->mm_mmap)); 2159 } 2160 2161 static struct vm_area_struct *vma_next(struct vm_area_struct *vma) 2162 { 2163 return (QTAILQ_NEXT(vma, vma_link)); 2164 } 2165 2166 static int vma_get_mapping_count(const struct mm_struct *mm) 2167 { 2168 return (mm->mm_count); 2169 } 2170 2171 /* 2172 * Calculate file (dump) size of given memory region. 2173 */ 2174 static abi_ulong vma_dump_size(const struct vm_area_struct *vma) 2175 { 2176 /* if we cannot even read the first page, skip it */ 2177 if (!access_ok(VERIFY_READ, vma->vma_start, TARGET_PAGE_SIZE)) 2178 return (0); 2179 2180 /* 2181 * Usually we don't dump executable pages as they contain 2182 * non-writable code that debugger can read directly from 2183 * target library etc. However, thread stacks are marked 2184 * also executable so we read in first page of given region 2185 * and check whether it contains elf header. If there is 2186 * no elf header, we dump it. 2187 */ 2188 if (vma->vma_flags & PROT_EXEC) { 2189 char page[TARGET_PAGE_SIZE]; 2190 2191 copy_from_user(page, vma->vma_start, sizeof (page)); 2192 if ((page[EI_MAG0] == ELFMAG0) && 2193 (page[EI_MAG1] == ELFMAG1) && 2194 (page[EI_MAG2] == ELFMAG2) && 2195 (page[EI_MAG3] == ELFMAG3)) { 2196 /* 2197 * Mappings are possibly from ELF binary. Don't dump 2198 * them. 2199 */ 2200 return (0); 2201 } 2202 } 2203 2204 return (vma->vma_end - vma->vma_start); 2205 } 2206 2207 static int vma_walker(void *priv, abi_ulong start, abi_ulong end, 2208 unsigned long flags) 2209 { 2210 struct mm_struct *mm = (struct mm_struct *)priv; 2211 2212 vma_add_mapping(mm, start, end, flags); 2213 return (0); 2214 } 2215 2216 static void fill_note(struct memelfnote *note, const char *name, int type, 2217 unsigned int sz, void *data) 2218 { 2219 unsigned int namesz; 2220 2221 namesz = strlen(name) + 1; 2222 note->name = name; 2223 note->namesz = namesz; 2224 note->namesz_rounded = roundup(namesz, sizeof (int32_t)); 2225 note->type = type; 2226 note->datasz = sz; 2227 note->datasz_rounded = roundup(sz, sizeof (int32_t)); 2228 2229 note->data = data; 2230 2231 /* 2232 * We calculate rounded up note size here as specified by 2233 * ELF document. 2234 */ 2235 note->notesz = sizeof (struct elf_note) + 2236 note->namesz_rounded + note->datasz_rounded; 2237 } 2238 2239 static void fill_elf_header(struct elfhdr *elf, int segs, uint16_t machine, 2240 uint32_t flags) 2241 { 2242 (void) memset(elf, 0, sizeof(*elf)); 2243 2244 (void) memcpy(elf->e_ident, ELFMAG, SELFMAG); 2245 elf->e_ident[EI_CLASS] = ELF_CLASS; 2246 elf->e_ident[EI_DATA] = ELF_DATA; 2247 elf->e_ident[EI_VERSION] = EV_CURRENT; 2248 elf->e_ident[EI_OSABI] = ELF_OSABI; 2249 2250 elf->e_type = ET_CORE; 2251 elf->e_machine = machine; 2252 elf->e_version = EV_CURRENT; 2253 elf->e_phoff = sizeof(struct elfhdr); 2254 elf->e_flags = flags; 2255 elf->e_ehsize = sizeof(struct elfhdr); 2256 elf->e_phentsize = sizeof(struct elf_phdr); 2257 elf->e_phnum = segs; 2258 2259 bswap_ehdr(elf); 2260 } 2261 2262 static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, off_t offset) 2263 { 2264 phdr->p_type = PT_NOTE; 2265 phdr->p_offset = offset; 2266 phdr->p_vaddr = 0; 2267 phdr->p_paddr = 0; 2268 phdr->p_filesz = sz; 2269 phdr->p_memsz = 0; 2270 phdr->p_flags = 0; 2271 phdr->p_align = 0; 2272 2273 bswap_phdr(phdr, 1); 2274 } 2275 2276 static size_t note_size(const struct memelfnote *note) 2277 { 2278 return (note->notesz); 2279 } 2280 2281 static void fill_prstatus(struct target_elf_prstatus *prstatus, 2282 const TaskState *ts, int signr) 2283 { 2284 (void) memset(prstatus, 0, sizeof (*prstatus)); 2285 prstatus->pr_info.si_signo = prstatus->pr_cursig = signr; 2286 prstatus->pr_pid = ts->ts_tid; 2287 prstatus->pr_ppid = getppid(); 2288 prstatus->pr_pgrp = getpgrp(); 2289 prstatus->pr_sid = getsid(0); 2290 2291 bswap_prstatus(prstatus); 2292 } 2293 2294 static int fill_psinfo(struct target_elf_prpsinfo *psinfo, const TaskState *ts) 2295 { 2296 char *filename, *base_filename; 2297 unsigned int i, len; 2298 2299 (void) memset(psinfo, 0, sizeof (*psinfo)); 2300 2301 len = ts->info->arg_end - ts->info->arg_start; 2302 if (len >= ELF_PRARGSZ) 2303 len = ELF_PRARGSZ - 1; 2304 if (copy_from_user(&psinfo->pr_psargs, ts->info->arg_start, len)) 2305 return -EFAULT; 2306 for (i = 0; i < len; i++) 2307 if (psinfo->pr_psargs[i] == 0) 2308 psinfo->pr_psargs[i] = ' '; 2309 psinfo->pr_psargs[len] = 0; 2310 2311 psinfo->pr_pid = getpid(); 2312 psinfo->pr_ppid = getppid(); 2313 psinfo->pr_pgrp = getpgrp(); 2314 psinfo->pr_sid = getsid(0); 2315 psinfo->pr_uid = getuid(); 2316 psinfo->pr_gid = getgid(); 2317 2318 filename = strdup(ts->bprm->filename); 2319 base_filename = strdup(basename(filename)); 2320 (void) strncpy(psinfo->pr_fname, base_filename, 2321 sizeof(psinfo->pr_fname)); 2322 free(base_filename); 2323 free(filename); 2324 2325 bswap_psinfo(psinfo); 2326 return (0); 2327 } 2328 2329 static void fill_auxv_note(struct memelfnote *note, const TaskState *ts) 2330 { 2331 elf_addr_t auxv = (elf_addr_t)ts->info->saved_auxv; 2332 elf_addr_t orig_auxv = auxv; 2333 abi_ulong val; 2334 void *ptr; 2335 int i, len; 2336 2337 /* 2338 * Auxiliary vector is stored in target process stack. It contains 2339 * {type, value} pairs that we need to dump into note. This is not 2340 * strictly necessary but we do it here for sake of completeness. 2341 */ 2342 2343 /* find out lenght of the vector, AT_NULL is terminator */ 2344 i = len = 0; 2345 do { 2346 get_user_ual(val, auxv); 2347 i += 2; 2348 auxv += 2 * sizeof (elf_addr_t); 2349 } while (val != AT_NULL); 2350 len = i * sizeof (elf_addr_t); 2351 2352 /* read in whole auxv vector and copy it to memelfnote */ 2353 ptr = lock_user(VERIFY_READ, orig_auxv, len, 0); 2354 if (ptr != NULL) { 2355 fill_note(note, "CORE", NT_AUXV, len, ptr); 2356 unlock_user(ptr, auxv, len); 2357 } 2358 } 2359 2360 /* 2361 * Constructs name of coredump file. We have following convention 2362 * for the name: 2363 * qemu_<basename-of-target-binary>_<date>-<time>_<pid>.core 2364 * 2365 * Returns 0 in case of success, -1 otherwise (errno is set). 2366 */ 2367 static int core_dump_filename(const TaskState *ts, char *buf, 2368 size_t bufsize) 2369 { 2370 char timestamp[64]; 2371 char *filename = NULL; 2372 char *base_filename = NULL; 2373 struct timeval tv; 2374 struct tm tm; 2375 2376 assert(bufsize >= PATH_MAX); 2377 2378 if (gettimeofday(&tv, NULL) < 0) { 2379 (void) fprintf(stderr, "unable to get current timestamp: %s", 2380 strerror(errno)); 2381 return (-1); 2382 } 2383 2384 filename = strdup(ts->bprm->filename); 2385 base_filename = strdup(basename(filename)); 2386 (void) strftime(timestamp, sizeof (timestamp), "%Y%m%d-%H%M%S", 2387 localtime_r(&tv.tv_sec, &tm)); 2388 (void) snprintf(buf, bufsize, "qemu_%s_%s_%d.core", 2389 base_filename, timestamp, (int)getpid()); 2390 free(base_filename); 2391 free(filename); 2392 2393 return (0); 2394 } 2395 2396 static int dump_write(int fd, const void *ptr, size_t size) 2397 { 2398 const char *bufp = (const char *)ptr; 2399 ssize_t bytes_written, bytes_left; 2400 struct rlimit dumpsize; 2401 off_t pos; 2402 2403 bytes_written = 0; 2404 getrlimit(RLIMIT_CORE, &dumpsize); 2405 if ((pos = lseek(fd, 0, SEEK_CUR))==-1) { 2406 if (errno == ESPIPE) { /* not a seekable stream */ 2407 bytes_left = size; 2408 } else { 2409 return pos; 2410 } 2411 } else { 2412 if (dumpsize.rlim_cur <= pos) { 2413 return -1; 2414 } else if (dumpsize.rlim_cur == RLIM_INFINITY) { 2415 bytes_left = size; 2416 } else { 2417 size_t limit_left=dumpsize.rlim_cur - pos; 2418 bytes_left = limit_left >= size ? size : limit_left ; 2419 } 2420 } 2421 2422 /* 2423 * In normal conditions, single write(2) should do but 2424 * in case of socket etc. this mechanism is more portable. 2425 */ 2426 do { 2427 bytes_written = write(fd, bufp, bytes_left); 2428 if (bytes_written < 0) { 2429 if (errno == EINTR) 2430 continue; 2431 return (-1); 2432 } else if (bytes_written == 0) { /* eof */ 2433 return (-1); 2434 } 2435 bufp += bytes_written; 2436 bytes_left -= bytes_written; 2437 } while (bytes_left > 0); 2438 2439 return (0); 2440 } 2441 2442 static int write_note(struct memelfnote *men, int fd) 2443 { 2444 struct elf_note en; 2445 2446 en.n_namesz = men->namesz; 2447 en.n_type = men->type; 2448 en.n_descsz = men->datasz; 2449 2450 bswap_note(&en); 2451 2452 if (dump_write(fd, &en, sizeof(en)) != 0) 2453 return (-1); 2454 if (dump_write(fd, men->name, men->namesz_rounded) != 0) 2455 return (-1); 2456 if (dump_write(fd, men->data, men->datasz_rounded) != 0) 2457 return (-1); 2458 2459 return (0); 2460 } 2461 2462 static void fill_thread_info(struct elf_note_info *info, const CPUState *env) 2463 { 2464 TaskState *ts = (TaskState *)env->opaque; 2465 struct elf_thread_status *ets; 2466 2467 ets = g_malloc0(sizeof (*ets)); 2468 ets->num_notes = 1; /* only prstatus is dumped */ 2469 fill_prstatus(&ets->prstatus, ts, 0); 2470 elf_core_copy_regs(&ets->prstatus.pr_reg, env); 2471 fill_note(&ets->notes[0], "CORE", NT_PRSTATUS, sizeof (ets->prstatus), 2472 &ets->prstatus); 2473 2474 QTAILQ_INSERT_TAIL(&info->thread_list, ets, ets_link); 2475 2476 info->notes_size += note_size(&ets->notes[0]); 2477 } 2478 2479 static int fill_note_info(struct elf_note_info *info, 2480 long signr, const CPUState *env) 2481 { 2482 #define NUMNOTES 3 2483 CPUState *cpu = NULL; 2484 TaskState *ts = (TaskState *)env->opaque; 2485 int i; 2486 2487 (void) memset(info, 0, sizeof (*info)); 2488 2489 QTAILQ_INIT(&info->thread_list); 2490 2491 info->notes = g_malloc0(NUMNOTES * sizeof (struct memelfnote)); 2492 if (info->notes == NULL) 2493 return (-ENOMEM); 2494 info->prstatus = g_malloc0(sizeof (*info->prstatus)); 2495 if (info->prstatus == NULL) 2496 return (-ENOMEM); 2497 info->psinfo = g_malloc0(sizeof (*info->psinfo)); 2498 if (info->prstatus == NULL) 2499 return (-ENOMEM); 2500 2501 /* 2502 * First fill in status (and registers) of current thread 2503 * including process info & aux vector. 2504 */ 2505 fill_prstatus(info->prstatus, ts, signr); 2506 elf_core_copy_regs(&info->prstatus->pr_reg, env); 2507 fill_note(&info->notes[0], "CORE", NT_PRSTATUS, 2508 sizeof (*info->prstatus), info->prstatus); 2509 fill_psinfo(info->psinfo, ts); 2510 fill_note(&info->notes[1], "CORE", NT_PRPSINFO, 2511 sizeof (*info->psinfo), info->psinfo); 2512 fill_auxv_note(&info->notes[2], ts); 2513 info->numnote = 3; 2514 2515 info->notes_size = 0; 2516 for (i = 0; i < info->numnote; i++) 2517 info->notes_size += note_size(&info->notes[i]); 2518 2519 /* read and fill status of all threads */ 2520 cpu_list_lock(); 2521 for (cpu = first_cpu; cpu != NULL; cpu = cpu->next_cpu) { 2522 if (cpu == thread_env) 2523 continue; 2524 fill_thread_info(info, cpu); 2525 } 2526 cpu_list_unlock(); 2527 2528 return (0); 2529 } 2530 2531 static void free_note_info(struct elf_note_info *info) 2532 { 2533 struct elf_thread_status *ets; 2534 2535 while (!QTAILQ_EMPTY(&info->thread_list)) { 2536 ets = QTAILQ_FIRST(&info->thread_list); 2537 QTAILQ_REMOVE(&info->thread_list, ets, ets_link); 2538 g_free(ets); 2539 } 2540 2541 g_free(info->prstatus); 2542 g_free(info->psinfo); 2543 g_free(info->notes); 2544 } 2545 2546 static int write_note_info(struct elf_note_info *info, int fd) 2547 { 2548 struct elf_thread_status *ets; 2549 int i, error = 0; 2550 2551 /* write prstatus, psinfo and auxv for current thread */ 2552 for (i = 0; i < info->numnote; i++) 2553 if ((error = write_note(&info->notes[i], fd)) != 0) 2554 return (error); 2555 2556 /* write prstatus for each thread */ 2557 for (ets = info->thread_list.tqh_first; ets != NULL; 2558 ets = ets->ets_link.tqe_next) { 2559 if ((error = write_note(&ets->notes[0], fd)) != 0) 2560 return (error); 2561 } 2562 2563 return (0); 2564 } 2565 2566 /* 2567 * Write out ELF coredump. 2568 * 2569 * See documentation of ELF object file format in: 2570 * http://www.caldera.com/developers/devspecs/gabi41.pdf 2571 * 2572 * Coredump format in linux is following: 2573 * 2574 * 0 +----------------------+ \ 2575 * | ELF header | ET_CORE | 2576 * +----------------------+ | 2577 * | ELF program headers | |--- headers 2578 * | - NOTE section | | 2579 * | - PT_LOAD sections | | 2580 * +----------------------+ / 2581 * | NOTEs: | 2582 * | - NT_PRSTATUS | 2583 * | - NT_PRSINFO | 2584 * | - NT_AUXV | 2585 * +----------------------+ <-- aligned to target page 2586 * | Process memory dump | 2587 * : : 2588 * . . 2589 * : : 2590 * | | 2591 * +----------------------+ 2592 * 2593 * NT_PRSTATUS -> struct elf_prstatus (per thread) 2594 * NT_PRSINFO -> struct elf_prpsinfo 2595 * NT_AUXV is array of { type, value } pairs (see fill_auxv_note()). 2596 * 2597 * Format follows System V format as close as possible. Current 2598 * version limitations are as follows: 2599 * - no floating point registers are dumped 2600 * 2601 * Function returns 0 in case of success, negative errno otherwise. 2602 * 2603 * TODO: make this work also during runtime: it should be 2604 * possible to force coredump from running process and then 2605 * continue processing. For example qemu could set up SIGUSR2 2606 * handler (provided that target process haven't registered 2607 * handler for that) that does the dump when signal is received. 2608 */ 2609 static int elf_core_dump(int signr, const CPUState *env) 2610 { 2611 const TaskState *ts = (const TaskState *)env->opaque; 2612 struct vm_area_struct *vma = NULL; 2613 char corefile[PATH_MAX]; 2614 struct elf_note_info info; 2615 struct elfhdr elf; 2616 struct elf_phdr phdr; 2617 struct rlimit dumpsize; 2618 struct mm_struct *mm = NULL; 2619 off_t offset = 0, data_offset = 0; 2620 int segs = 0; 2621 int fd = -1; 2622 2623 errno = 0; 2624 getrlimit(RLIMIT_CORE, &dumpsize); 2625 if (dumpsize.rlim_cur == 0) 2626 return 0; 2627 2628 if (core_dump_filename(ts, corefile, sizeof (corefile)) < 0) 2629 return (-errno); 2630 2631 if ((fd = open(corefile, O_WRONLY | O_CREAT, 2632 S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)) < 0) 2633 return (-errno); 2634 2635 /* 2636 * Walk through target process memory mappings and 2637 * set up structure containing this information. After 2638 * this point vma_xxx functions can be used. 2639 */ 2640 if ((mm = vma_init()) == NULL) 2641 goto out; 2642 2643 walk_memory_regions(mm, vma_walker); 2644 segs = vma_get_mapping_count(mm); 2645 2646 /* 2647 * Construct valid coredump ELF header. We also 2648 * add one more segment for notes. 2649 */ 2650 fill_elf_header(&elf, segs + 1, ELF_MACHINE, 0); 2651 if (dump_write(fd, &elf, sizeof (elf)) != 0) 2652 goto out; 2653 2654 /* fill in in-memory version of notes */ 2655 if (fill_note_info(&info, signr, env) < 0) 2656 goto out; 2657 2658 offset += sizeof (elf); /* elf header */ 2659 offset += (segs + 1) * sizeof (struct elf_phdr); /* program headers */ 2660 2661 /* write out notes program header */ 2662 fill_elf_note_phdr(&phdr, info.notes_size, offset); 2663 2664 offset += info.notes_size; 2665 if (dump_write(fd, &phdr, sizeof (phdr)) != 0) 2666 goto out; 2667 2668 /* 2669 * ELF specification wants data to start at page boundary so 2670 * we align it here. 2671 */ 2672 data_offset = offset = roundup(offset, ELF_EXEC_PAGESIZE); 2673 2674 /* 2675 * Write program headers for memory regions mapped in 2676 * the target process. 2677 */ 2678 for (vma = vma_first(mm); vma != NULL; vma = vma_next(vma)) { 2679 (void) memset(&phdr, 0, sizeof (phdr)); 2680 2681 phdr.p_type = PT_LOAD; 2682 phdr.p_offset = offset; 2683 phdr.p_vaddr = vma->vma_start; 2684 phdr.p_paddr = 0; 2685 phdr.p_filesz = vma_dump_size(vma); 2686 offset += phdr.p_filesz; 2687 phdr.p_memsz = vma->vma_end - vma->vma_start; 2688 phdr.p_flags = vma->vma_flags & PROT_READ ? PF_R : 0; 2689 if (vma->vma_flags & PROT_WRITE) 2690 phdr.p_flags |= PF_W; 2691 if (vma->vma_flags & PROT_EXEC) 2692 phdr.p_flags |= PF_X; 2693 phdr.p_align = ELF_EXEC_PAGESIZE; 2694 2695 bswap_phdr(&phdr, 1); 2696 dump_write(fd, &phdr, sizeof (phdr)); 2697 } 2698 2699 /* 2700 * Next we write notes just after program headers. No 2701 * alignment needed here. 2702 */ 2703 if (write_note_info(&info, fd) < 0) 2704 goto out; 2705 2706 /* align data to page boundary */ 2707 if (lseek(fd, data_offset, SEEK_SET) != data_offset) 2708 goto out; 2709 2710 /* 2711 * Finally we can dump process memory into corefile as well. 2712 */ 2713 for (vma = vma_first(mm); vma != NULL; vma = vma_next(vma)) { 2714 abi_ulong addr; 2715 abi_ulong end; 2716 2717 end = vma->vma_start + vma_dump_size(vma); 2718 2719 for (addr = vma->vma_start; addr < end; 2720 addr += TARGET_PAGE_SIZE) { 2721 char page[TARGET_PAGE_SIZE]; 2722 int error; 2723 2724 /* 2725 * Read in page from target process memory and 2726 * write it to coredump file. 2727 */ 2728 error = copy_from_user(page, addr, sizeof (page)); 2729 if (error != 0) { 2730 (void) fprintf(stderr, "unable to dump " TARGET_ABI_FMT_lx "\n", 2731 addr); 2732 errno = -error; 2733 goto out; 2734 } 2735 if (dump_write(fd, page, TARGET_PAGE_SIZE) < 0) 2736 goto out; 2737 } 2738 } 2739 2740 out: 2741 free_note_info(&info); 2742 if (mm != NULL) 2743 vma_delete(mm); 2744 (void) close(fd); 2745 2746 if (errno != 0) 2747 return (-errno); 2748 return (0); 2749 } 2750 #endif /* USE_ELF_CORE_DUMP */ 2751 2752 void do_init_thread(struct target_pt_regs *regs, struct image_info *infop) 2753 { 2754 init_thread(regs, infop); 2755 } 2756