1 /* This is the Linux kernel elf-loading code, ported into user space */ 2 #include <sys/time.h> 3 #include <sys/param.h> 4 5 #include <stdio.h> 6 #include <sys/types.h> 7 #include <fcntl.h> 8 #include <errno.h> 9 #include <unistd.h> 10 #include <sys/mman.h> 11 #include <sys/resource.h> 12 #include <stdlib.h> 13 #include <string.h> 14 #include <time.h> 15 16 #include "qemu.h" 17 #include "disas/disas.h" 18 19 #ifdef _ARCH_PPC64 20 #undef ARCH_DLINFO 21 #undef ELF_PLATFORM 22 #undef ELF_HWCAP 23 #undef ELF_CLASS 24 #undef ELF_DATA 25 #undef ELF_ARCH 26 #endif 27 28 #define ELF_OSABI ELFOSABI_SYSV 29 30 /* from personality.h */ 31 32 /* 33 * Flags for bug emulation. 34 * 35 * These occupy the top three bytes. 36 */ 37 enum { 38 ADDR_NO_RANDOMIZE = 0x0040000, /* disable randomization of VA space */ 39 FDPIC_FUNCPTRS = 0x0080000, /* userspace function ptrs point to 40 descriptors (signal handling) */ 41 MMAP_PAGE_ZERO = 0x0100000, 42 ADDR_COMPAT_LAYOUT = 0x0200000, 43 READ_IMPLIES_EXEC = 0x0400000, 44 ADDR_LIMIT_32BIT = 0x0800000, 45 SHORT_INODE = 0x1000000, 46 WHOLE_SECONDS = 0x2000000, 47 STICKY_TIMEOUTS = 0x4000000, 48 ADDR_LIMIT_3GB = 0x8000000, 49 }; 50 51 /* 52 * Personality types. 53 * 54 * These go in the low byte. Avoid using the top bit, it will 55 * conflict with error returns. 56 */ 57 enum { 58 PER_LINUX = 0x0000, 59 PER_LINUX_32BIT = 0x0000 | ADDR_LIMIT_32BIT, 60 PER_LINUX_FDPIC = 0x0000 | FDPIC_FUNCPTRS, 61 PER_SVR4 = 0x0001 | STICKY_TIMEOUTS | MMAP_PAGE_ZERO, 62 PER_SVR3 = 0x0002 | STICKY_TIMEOUTS | SHORT_INODE, 63 PER_SCOSVR3 = 0x0003 | STICKY_TIMEOUTS | WHOLE_SECONDS | SHORT_INODE, 64 PER_OSR5 = 0x0003 | STICKY_TIMEOUTS | WHOLE_SECONDS, 65 PER_WYSEV386 = 0x0004 | STICKY_TIMEOUTS | SHORT_INODE, 66 PER_ISCR4 = 0x0005 | STICKY_TIMEOUTS, 67 PER_BSD = 0x0006, 68 PER_SUNOS = 0x0006 | STICKY_TIMEOUTS, 69 PER_XENIX = 0x0007 | STICKY_TIMEOUTS | SHORT_INODE, 70 PER_LINUX32 = 0x0008, 71 PER_LINUX32_3GB = 0x0008 | ADDR_LIMIT_3GB, 72 PER_IRIX32 = 0x0009 | STICKY_TIMEOUTS,/* IRIX5 32-bit */ 73 PER_IRIXN32 = 0x000a | STICKY_TIMEOUTS,/* IRIX6 new 32-bit */ 74 PER_IRIX64 = 0x000b | STICKY_TIMEOUTS,/* IRIX6 64-bit */ 75 PER_RISCOS = 0x000c, 76 PER_SOLARIS = 0x000d | STICKY_TIMEOUTS, 77 PER_UW7 = 0x000e | STICKY_TIMEOUTS | MMAP_PAGE_ZERO, 78 PER_OSF4 = 0x000f, /* OSF/1 v4 */ 79 PER_HPUX = 0x0010, 80 PER_MASK = 0x00ff, 81 }; 82 83 /* 84 * Return the base personality without flags. 85 */ 86 #define personality(pers) (pers & PER_MASK) 87 88 /* this flag is uneffective under linux too, should be deleted */ 89 #ifndef MAP_DENYWRITE 90 #define MAP_DENYWRITE 0 91 #endif 92 93 /* should probably go in elf.h */ 94 #ifndef ELIBBAD 95 #define ELIBBAD 80 96 #endif 97 98 #ifdef TARGET_WORDS_BIGENDIAN 99 #define ELF_DATA ELFDATA2MSB 100 #else 101 #define ELF_DATA ELFDATA2LSB 102 #endif 103 104 #ifdef TARGET_ABI_MIPSN32 105 typedef abi_ullong target_elf_greg_t; 106 #define tswapreg(ptr) tswap64(ptr) 107 #else 108 typedef abi_ulong target_elf_greg_t; 109 #define tswapreg(ptr) tswapal(ptr) 110 #endif 111 112 #ifdef USE_UID16 113 typedef abi_ushort target_uid_t; 114 typedef abi_ushort target_gid_t; 115 #else 116 typedef abi_uint target_uid_t; 117 typedef abi_uint target_gid_t; 118 #endif 119 typedef abi_int target_pid_t; 120 121 #ifdef TARGET_I386 122 123 #define ELF_PLATFORM get_elf_platform() 124 125 static const char *get_elf_platform(void) 126 { 127 static char elf_platform[] = "i386"; 128 int family = object_property_get_int(OBJECT(thread_cpu), "family", NULL); 129 if (family > 6) 130 family = 6; 131 if (family >= 3) 132 elf_platform[1] = '0' + family; 133 return elf_platform; 134 } 135 136 #define ELF_HWCAP get_elf_hwcap() 137 138 static uint32_t get_elf_hwcap(void) 139 { 140 X86CPU *cpu = X86_CPU(thread_cpu); 141 142 return cpu->env.features[FEAT_1_EDX]; 143 } 144 145 #ifdef TARGET_X86_64 146 #define ELF_START_MMAP 0x2aaaaab000ULL 147 #define elf_check_arch(x) ( ((x) == ELF_ARCH) ) 148 149 #define ELF_CLASS ELFCLASS64 150 #define ELF_ARCH EM_X86_64 151 152 static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop) 153 { 154 regs->rax = 0; 155 regs->rsp = infop->start_stack; 156 regs->rip = infop->entry; 157 } 158 159 #define ELF_NREG 27 160 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 161 162 /* 163 * Note that ELF_NREG should be 29 as there should be place for 164 * TRAPNO and ERR "registers" as well but linux doesn't dump 165 * those. 166 * 167 * See linux kernel: arch/x86/include/asm/elf.h 168 */ 169 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUX86State *env) 170 { 171 (*regs)[0] = env->regs[15]; 172 (*regs)[1] = env->regs[14]; 173 (*regs)[2] = env->regs[13]; 174 (*regs)[3] = env->regs[12]; 175 (*regs)[4] = env->regs[R_EBP]; 176 (*regs)[5] = env->regs[R_EBX]; 177 (*regs)[6] = env->regs[11]; 178 (*regs)[7] = env->regs[10]; 179 (*regs)[8] = env->regs[9]; 180 (*regs)[9] = env->regs[8]; 181 (*regs)[10] = env->regs[R_EAX]; 182 (*regs)[11] = env->regs[R_ECX]; 183 (*regs)[12] = env->regs[R_EDX]; 184 (*regs)[13] = env->regs[R_ESI]; 185 (*regs)[14] = env->regs[R_EDI]; 186 (*regs)[15] = env->regs[R_EAX]; /* XXX */ 187 (*regs)[16] = env->eip; 188 (*regs)[17] = env->segs[R_CS].selector & 0xffff; 189 (*regs)[18] = env->eflags; 190 (*regs)[19] = env->regs[R_ESP]; 191 (*regs)[20] = env->segs[R_SS].selector & 0xffff; 192 (*regs)[21] = env->segs[R_FS].selector & 0xffff; 193 (*regs)[22] = env->segs[R_GS].selector & 0xffff; 194 (*regs)[23] = env->segs[R_DS].selector & 0xffff; 195 (*regs)[24] = env->segs[R_ES].selector & 0xffff; 196 (*regs)[25] = env->segs[R_FS].selector & 0xffff; 197 (*regs)[26] = env->segs[R_GS].selector & 0xffff; 198 } 199 200 #else 201 202 #define ELF_START_MMAP 0x80000000 203 204 /* 205 * This is used to ensure we don't load something for the wrong architecture. 206 */ 207 #define elf_check_arch(x) ( ((x) == EM_386) || ((x) == EM_486) ) 208 209 /* 210 * These are used to set parameters in the core dumps. 211 */ 212 #define ELF_CLASS ELFCLASS32 213 #define ELF_ARCH EM_386 214 215 static inline void init_thread(struct target_pt_regs *regs, 216 struct image_info *infop) 217 { 218 regs->esp = infop->start_stack; 219 regs->eip = infop->entry; 220 221 /* SVR4/i386 ABI (pages 3-31, 3-32) says that when the program 222 starts %edx contains a pointer to a function which might be 223 registered using `atexit'. This provides a mean for the 224 dynamic linker to call DT_FINI functions for shared libraries 225 that have been loaded before the code runs. 226 227 A value of 0 tells we have no such handler. */ 228 regs->edx = 0; 229 } 230 231 #define ELF_NREG 17 232 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 233 234 /* 235 * Note that ELF_NREG should be 19 as there should be place for 236 * TRAPNO and ERR "registers" as well but linux doesn't dump 237 * those. 238 * 239 * See linux kernel: arch/x86/include/asm/elf.h 240 */ 241 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUX86State *env) 242 { 243 (*regs)[0] = env->regs[R_EBX]; 244 (*regs)[1] = env->regs[R_ECX]; 245 (*regs)[2] = env->regs[R_EDX]; 246 (*regs)[3] = env->regs[R_ESI]; 247 (*regs)[4] = env->regs[R_EDI]; 248 (*regs)[5] = env->regs[R_EBP]; 249 (*regs)[6] = env->regs[R_EAX]; 250 (*regs)[7] = env->segs[R_DS].selector & 0xffff; 251 (*regs)[8] = env->segs[R_ES].selector & 0xffff; 252 (*regs)[9] = env->segs[R_FS].selector & 0xffff; 253 (*regs)[10] = env->segs[R_GS].selector & 0xffff; 254 (*regs)[11] = env->regs[R_EAX]; /* XXX */ 255 (*regs)[12] = env->eip; 256 (*regs)[13] = env->segs[R_CS].selector & 0xffff; 257 (*regs)[14] = env->eflags; 258 (*regs)[15] = env->regs[R_ESP]; 259 (*regs)[16] = env->segs[R_SS].selector & 0xffff; 260 } 261 #endif 262 263 #define USE_ELF_CORE_DUMP 264 #define ELF_EXEC_PAGESIZE 4096 265 266 #endif 267 268 #ifdef TARGET_ARM 269 270 #define ELF_START_MMAP 0x80000000 271 272 #define elf_check_arch(x) ((x) == ELF_MACHINE) 273 274 #define ELF_ARCH ELF_MACHINE 275 276 #ifdef TARGET_AARCH64 277 #define ELF_CLASS ELFCLASS64 278 #else 279 #define ELF_CLASS ELFCLASS32 280 #endif 281 282 static inline void init_thread(struct target_pt_regs *regs, 283 struct image_info *infop) 284 { 285 abi_long stack = infop->start_stack; 286 memset(regs, 0, sizeof(*regs)); 287 288 #ifdef TARGET_AARCH64 289 regs->pc = infop->entry & ~0x3ULL; 290 regs->sp = stack; 291 #else 292 regs->ARM_cpsr = 0x10; 293 if (infop->entry & 1) 294 regs->ARM_cpsr |= CPSR_T; 295 regs->ARM_pc = infop->entry & 0xfffffffe; 296 regs->ARM_sp = infop->start_stack; 297 /* FIXME - what to for failure of get_user()? */ 298 get_user_ual(regs->ARM_r2, stack + 8); /* envp */ 299 get_user_ual(regs->ARM_r1, stack + 4); /* envp */ 300 /* XXX: it seems that r0 is zeroed after ! */ 301 regs->ARM_r0 = 0; 302 /* For uClinux PIC binaries. */ 303 /* XXX: Linux does this only on ARM with no MMU (do we care ?) */ 304 regs->ARM_r10 = infop->start_data; 305 #endif 306 } 307 308 #define ELF_NREG 18 309 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 310 311 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUARMState *env) 312 { 313 (*regs)[0] = tswapreg(env->regs[0]); 314 (*regs)[1] = tswapreg(env->regs[1]); 315 (*regs)[2] = tswapreg(env->regs[2]); 316 (*regs)[3] = tswapreg(env->regs[3]); 317 (*regs)[4] = tswapreg(env->regs[4]); 318 (*regs)[5] = tswapreg(env->regs[5]); 319 (*regs)[6] = tswapreg(env->regs[6]); 320 (*regs)[7] = tswapreg(env->regs[7]); 321 (*regs)[8] = tswapreg(env->regs[8]); 322 (*regs)[9] = tswapreg(env->regs[9]); 323 (*regs)[10] = tswapreg(env->regs[10]); 324 (*regs)[11] = tswapreg(env->regs[11]); 325 (*regs)[12] = tswapreg(env->regs[12]); 326 (*regs)[13] = tswapreg(env->regs[13]); 327 (*regs)[14] = tswapreg(env->regs[14]); 328 (*regs)[15] = tswapreg(env->regs[15]); 329 330 (*regs)[16] = tswapreg(cpsr_read((CPUARMState *)env)); 331 (*regs)[17] = tswapreg(env->regs[0]); /* XXX */ 332 } 333 334 #define USE_ELF_CORE_DUMP 335 #define ELF_EXEC_PAGESIZE 4096 336 337 enum 338 { 339 ARM_HWCAP_ARM_SWP = 1 << 0, 340 ARM_HWCAP_ARM_HALF = 1 << 1, 341 ARM_HWCAP_ARM_THUMB = 1 << 2, 342 ARM_HWCAP_ARM_26BIT = 1 << 3, 343 ARM_HWCAP_ARM_FAST_MULT = 1 << 4, 344 ARM_HWCAP_ARM_FPA = 1 << 5, 345 ARM_HWCAP_ARM_VFP = 1 << 6, 346 ARM_HWCAP_ARM_EDSP = 1 << 7, 347 ARM_HWCAP_ARM_JAVA = 1 << 8, 348 ARM_HWCAP_ARM_IWMMXT = 1 << 9, 349 ARM_HWCAP_ARM_THUMBEE = 1 << 10, 350 ARM_HWCAP_ARM_NEON = 1 << 11, 351 ARM_HWCAP_ARM_VFPv3 = 1 << 12, 352 ARM_HWCAP_ARM_VFPv3D16 = 1 << 13, 353 }; 354 355 #define TARGET_HAS_VALIDATE_GUEST_SPACE 356 /* Return 1 if the proposed guest space is suitable for the guest. 357 * Return 0 if the proposed guest space isn't suitable, but another 358 * address space should be tried. 359 * Return -1 if there is no way the proposed guest space can be 360 * valid regardless of the base. 361 * The guest code may leave a page mapped and populate it if the 362 * address is suitable. 363 */ 364 static int validate_guest_space(unsigned long guest_base, 365 unsigned long guest_size) 366 { 367 unsigned long real_start, test_page_addr; 368 369 /* We need to check that we can force a fault on access to the 370 * commpage at 0xffff0fxx 371 */ 372 test_page_addr = guest_base + (0xffff0f00 & qemu_host_page_mask); 373 374 /* If the commpage lies within the already allocated guest space, 375 * then there is no way we can allocate it. 376 */ 377 if (test_page_addr >= guest_base 378 && test_page_addr <= (guest_base + guest_size)) { 379 return -1; 380 } 381 382 /* Note it needs to be writeable to let us initialise it */ 383 real_start = (unsigned long) 384 mmap((void *)test_page_addr, qemu_host_page_size, 385 PROT_READ | PROT_WRITE, 386 MAP_ANONYMOUS | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); 387 388 /* If we can't map it then try another address */ 389 if (real_start == -1ul) { 390 return 0; 391 } 392 393 if (real_start != test_page_addr) { 394 /* OS didn't put the page where we asked - unmap and reject */ 395 munmap((void *)real_start, qemu_host_page_size); 396 return 0; 397 } 398 399 /* Leave the page mapped 400 * Populate it (mmap should have left it all 0'd) 401 */ 402 403 /* Kernel helper versions */ 404 __put_user(5, (uint32_t *)g2h(0xffff0ffcul)); 405 406 /* Now it's populated make it RO */ 407 if (mprotect((void *)test_page_addr, qemu_host_page_size, PROT_READ)) { 408 perror("Protecting guest commpage"); 409 exit(-1); 410 } 411 412 return 1; /* All good */ 413 } 414 415 416 #define ELF_HWCAP get_elf_hwcap() 417 418 static uint32_t get_elf_hwcap(void) 419 { 420 ARMCPU *cpu = ARM_CPU(thread_cpu); 421 uint32_t hwcaps = 0; 422 423 hwcaps |= ARM_HWCAP_ARM_SWP; 424 hwcaps |= ARM_HWCAP_ARM_HALF; 425 hwcaps |= ARM_HWCAP_ARM_THUMB; 426 hwcaps |= ARM_HWCAP_ARM_FAST_MULT; 427 hwcaps |= ARM_HWCAP_ARM_FPA; 428 429 /* probe for the extra features */ 430 #define GET_FEATURE(feat, hwcap) \ 431 do { if (arm_feature(&cpu->env, feat)) { hwcaps |= hwcap; } } while (0) 432 GET_FEATURE(ARM_FEATURE_VFP, ARM_HWCAP_ARM_VFP); 433 GET_FEATURE(ARM_FEATURE_IWMMXT, ARM_HWCAP_ARM_IWMMXT); 434 GET_FEATURE(ARM_FEATURE_THUMB2EE, ARM_HWCAP_ARM_THUMBEE); 435 GET_FEATURE(ARM_FEATURE_NEON, ARM_HWCAP_ARM_NEON); 436 GET_FEATURE(ARM_FEATURE_VFP3, ARM_HWCAP_ARM_VFPv3); 437 GET_FEATURE(ARM_FEATURE_VFP_FP16, ARM_HWCAP_ARM_VFPv3D16); 438 #undef GET_FEATURE 439 440 return hwcaps; 441 } 442 443 #endif 444 445 #ifdef TARGET_UNICORE32 446 447 #define ELF_START_MMAP 0x80000000 448 449 #define elf_check_arch(x) ((x) == EM_UNICORE32) 450 451 #define ELF_CLASS ELFCLASS32 452 #define ELF_DATA ELFDATA2LSB 453 #define ELF_ARCH EM_UNICORE32 454 455 static inline void init_thread(struct target_pt_regs *regs, 456 struct image_info *infop) 457 { 458 abi_long stack = infop->start_stack; 459 memset(regs, 0, sizeof(*regs)); 460 regs->UC32_REG_asr = 0x10; 461 regs->UC32_REG_pc = infop->entry & 0xfffffffe; 462 regs->UC32_REG_sp = infop->start_stack; 463 /* FIXME - what to for failure of get_user()? */ 464 get_user_ual(regs->UC32_REG_02, stack + 8); /* envp */ 465 get_user_ual(regs->UC32_REG_01, stack + 4); /* envp */ 466 /* XXX: it seems that r0 is zeroed after ! */ 467 regs->UC32_REG_00 = 0; 468 } 469 470 #define ELF_NREG 34 471 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 472 473 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUUniCore32State *env) 474 { 475 (*regs)[0] = env->regs[0]; 476 (*regs)[1] = env->regs[1]; 477 (*regs)[2] = env->regs[2]; 478 (*regs)[3] = env->regs[3]; 479 (*regs)[4] = env->regs[4]; 480 (*regs)[5] = env->regs[5]; 481 (*regs)[6] = env->regs[6]; 482 (*regs)[7] = env->regs[7]; 483 (*regs)[8] = env->regs[8]; 484 (*regs)[9] = env->regs[9]; 485 (*regs)[10] = env->regs[10]; 486 (*regs)[11] = env->regs[11]; 487 (*regs)[12] = env->regs[12]; 488 (*regs)[13] = env->regs[13]; 489 (*regs)[14] = env->regs[14]; 490 (*regs)[15] = env->regs[15]; 491 (*regs)[16] = env->regs[16]; 492 (*regs)[17] = env->regs[17]; 493 (*regs)[18] = env->regs[18]; 494 (*regs)[19] = env->regs[19]; 495 (*regs)[20] = env->regs[20]; 496 (*regs)[21] = env->regs[21]; 497 (*regs)[22] = env->regs[22]; 498 (*regs)[23] = env->regs[23]; 499 (*regs)[24] = env->regs[24]; 500 (*regs)[25] = env->regs[25]; 501 (*regs)[26] = env->regs[26]; 502 (*regs)[27] = env->regs[27]; 503 (*regs)[28] = env->regs[28]; 504 (*regs)[29] = env->regs[29]; 505 (*regs)[30] = env->regs[30]; 506 (*regs)[31] = env->regs[31]; 507 508 (*regs)[32] = cpu_asr_read((CPUUniCore32State *)env); 509 (*regs)[33] = env->regs[0]; /* XXX */ 510 } 511 512 #define USE_ELF_CORE_DUMP 513 #define ELF_EXEC_PAGESIZE 4096 514 515 #define ELF_HWCAP (UC32_HWCAP_CMOV | UC32_HWCAP_UCF64) 516 517 #endif 518 519 #ifdef TARGET_SPARC 520 #ifdef TARGET_SPARC64 521 522 #define ELF_START_MMAP 0x80000000 523 #define ELF_HWCAP (HWCAP_SPARC_FLUSH | HWCAP_SPARC_STBAR | HWCAP_SPARC_SWAP \ 524 | HWCAP_SPARC_MULDIV | HWCAP_SPARC_V9) 525 #ifndef TARGET_ABI32 526 #define elf_check_arch(x) ( (x) == EM_SPARCV9 || (x) == EM_SPARC32PLUS ) 527 #else 528 #define elf_check_arch(x) ( (x) == EM_SPARC32PLUS || (x) == EM_SPARC ) 529 #endif 530 531 #define ELF_CLASS ELFCLASS64 532 #define ELF_ARCH EM_SPARCV9 533 534 #define STACK_BIAS 2047 535 536 static inline void init_thread(struct target_pt_regs *regs, 537 struct image_info *infop) 538 { 539 #ifndef TARGET_ABI32 540 regs->tstate = 0; 541 #endif 542 regs->pc = infop->entry; 543 regs->npc = regs->pc + 4; 544 regs->y = 0; 545 #ifdef TARGET_ABI32 546 regs->u_regs[14] = infop->start_stack - 16 * 4; 547 #else 548 if (personality(infop->personality) == PER_LINUX32) 549 regs->u_regs[14] = infop->start_stack - 16 * 4; 550 else 551 regs->u_regs[14] = infop->start_stack - 16 * 8 - STACK_BIAS; 552 #endif 553 } 554 555 #else 556 #define ELF_START_MMAP 0x80000000 557 #define ELF_HWCAP (HWCAP_SPARC_FLUSH | HWCAP_SPARC_STBAR | HWCAP_SPARC_SWAP \ 558 | HWCAP_SPARC_MULDIV) 559 #define elf_check_arch(x) ( (x) == EM_SPARC ) 560 561 #define ELF_CLASS ELFCLASS32 562 #define ELF_ARCH EM_SPARC 563 564 static inline void init_thread(struct target_pt_regs *regs, 565 struct image_info *infop) 566 { 567 regs->psr = 0; 568 regs->pc = infop->entry; 569 regs->npc = regs->pc + 4; 570 regs->y = 0; 571 regs->u_regs[14] = infop->start_stack - 16 * 4; 572 } 573 574 #endif 575 #endif 576 577 #ifdef TARGET_PPC 578 579 #define ELF_START_MMAP 0x80000000 580 581 #if defined(TARGET_PPC64) && !defined(TARGET_ABI32) 582 583 #define elf_check_arch(x) ( (x) == EM_PPC64 ) 584 585 #define ELF_CLASS ELFCLASS64 586 587 #else 588 589 #define elf_check_arch(x) ( (x) == EM_PPC ) 590 591 #define ELF_CLASS ELFCLASS32 592 593 #endif 594 595 #define ELF_ARCH EM_PPC 596 597 /* Feature masks for the Aux Vector Hardware Capabilities (AT_HWCAP). 598 See arch/powerpc/include/asm/cputable.h. */ 599 enum { 600 QEMU_PPC_FEATURE_32 = 0x80000000, 601 QEMU_PPC_FEATURE_64 = 0x40000000, 602 QEMU_PPC_FEATURE_601_INSTR = 0x20000000, 603 QEMU_PPC_FEATURE_HAS_ALTIVEC = 0x10000000, 604 QEMU_PPC_FEATURE_HAS_FPU = 0x08000000, 605 QEMU_PPC_FEATURE_HAS_MMU = 0x04000000, 606 QEMU_PPC_FEATURE_HAS_4xxMAC = 0x02000000, 607 QEMU_PPC_FEATURE_UNIFIED_CACHE = 0x01000000, 608 QEMU_PPC_FEATURE_HAS_SPE = 0x00800000, 609 QEMU_PPC_FEATURE_HAS_EFP_SINGLE = 0x00400000, 610 QEMU_PPC_FEATURE_HAS_EFP_DOUBLE = 0x00200000, 611 QEMU_PPC_FEATURE_NO_TB = 0x00100000, 612 QEMU_PPC_FEATURE_POWER4 = 0x00080000, 613 QEMU_PPC_FEATURE_POWER5 = 0x00040000, 614 QEMU_PPC_FEATURE_POWER5_PLUS = 0x00020000, 615 QEMU_PPC_FEATURE_CELL = 0x00010000, 616 QEMU_PPC_FEATURE_BOOKE = 0x00008000, 617 QEMU_PPC_FEATURE_SMT = 0x00004000, 618 QEMU_PPC_FEATURE_ICACHE_SNOOP = 0x00002000, 619 QEMU_PPC_FEATURE_ARCH_2_05 = 0x00001000, 620 QEMU_PPC_FEATURE_PA6T = 0x00000800, 621 QEMU_PPC_FEATURE_HAS_DFP = 0x00000400, 622 QEMU_PPC_FEATURE_POWER6_EXT = 0x00000200, 623 QEMU_PPC_FEATURE_ARCH_2_06 = 0x00000100, 624 QEMU_PPC_FEATURE_HAS_VSX = 0x00000080, 625 QEMU_PPC_FEATURE_PSERIES_PERFMON_COMPAT = 0x00000040, 626 627 QEMU_PPC_FEATURE_TRUE_LE = 0x00000002, 628 QEMU_PPC_FEATURE_PPC_LE = 0x00000001, 629 }; 630 631 #define ELF_HWCAP get_elf_hwcap() 632 633 static uint32_t get_elf_hwcap(void) 634 { 635 PowerPCCPU *cpu = POWERPC_CPU(thread_cpu); 636 uint32_t features = 0; 637 638 /* We don't have to be terribly complete here; the high points are 639 Altivec/FP/SPE support. Anything else is just a bonus. */ 640 #define GET_FEATURE(flag, feature) \ 641 do { if (cpu->env.insns_flags & flag) { features |= feature; } } while (0) 642 GET_FEATURE(PPC_64B, QEMU_PPC_FEATURE_64); 643 GET_FEATURE(PPC_FLOAT, QEMU_PPC_FEATURE_HAS_FPU); 644 GET_FEATURE(PPC_ALTIVEC, QEMU_PPC_FEATURE_HAS_ALTIVEC); 645 GET_FEATURE(PPC_SPE, QEMU_PPC_FEATURE_HAS_SPE); 646 GET_FEATURE(PPC_SPE_SINGLE, QEMU_PPC_FEATURE_HAS_EFP_SINGLE); 647 GET_FEATURE(PPC_SPE_DOUBLE, QEMU_PPC_FEATURE_HAS_EFP_DOUBLE); 648 GET_FEATURE(PPC_BOOKE, QEMU_PPC_FEATURE_BOOKE); 649 GET_FEATURE(PPC_405_MAC, QEMU_PPC_FEATURE_HAS_4xxMAC); 650 #undef GET_FEATURE 651 652 return features; 653 } 654 655 /* 656 * The requirements here are: 657 * - keep the final alignment of sp (sp & 0xf) 658 * - make sure the 32-bit value at the first 16 byte aligned position of 659 * AUXV is greater than 16 for glibc compatibility. 660 * AT_IGNOREPPC is used for that. 661 * - for compatibility with glibc ARCH_DLINFO must always be defined on PPC, 662 * even if DLINFO_ARCH_ITEMS goes to zero or is undefined. 663 */ 664 #define DLINFO_ARCH_ITEMS 5 665 #define ARCH_DLINFO \ 666 do { \ 667 NEW_AUX_ENT(AT_DCACHEBSIZE, 0x20); \ 668 NEW_AUX_ENT(AT_ICACHEBSIZE, 0x20); \ 669 NEW_AUX_ENT(AT_UCACHEBSIZE, 0); \ 670 /* \ 671 * Now handle glibc compatibility. \ 672 */ \ 673 NEW_AUX_ENT(AT_IGNOREPPC, AT_IGNOREPPC); \ 674 NEW_AUX_ENT(AT_IGNOREPPC, AT_IGNOREPPC); \ 675 } while (0) 676 677 static inline void init_thread(struct target_pt_regs *_regs, struct image_info *infop) 678 { 679 _regs->gpr[1] = infop->start_stack; 680 #if defined(TARGET_PPC64) && !defined(TARGET_ABI32) 681 _regs->gpr[2] = ldq_raw(infop->entry + 8) + infop->load_bias; 682 infop->entry = ldq_raw(infop->entry) + infop->load_bias; 683 #endif 684 _regs->nip = infop->entry; 685 } 686 687 /* See linux kernel: arch/powerpc/include/asm/elf.h. */ 688 #define ELF_NREG 48 689 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 690 691 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUPPCState *env) 692 { 693 int i; 694 target_ulong ccr = 0; 695 696 for (i = 0; i < ARRAY_SIZE(env->gpr); i++) { 697 (*regs)[i] = tswapreg(env->gpr[i]); 698 } 699 700 (*regs)[32] = tswapreg(env->nip); 701 (*regs)[33] = tswapreg(env->msr); 702 (*regs)[35] = tswapreg(env->ctr); 703 (*regs)[36] = tswapreg(env->lr); 704 (*regs)[37] = tswapreg(env->xer); 705 706 for (i = 0; i < ARRAY_SIZE(env->crf); i++) { 707 ccr |= env->crf[i] << (32 - ((i + 1) * 4)); 708 } 709 (*regs)[38] = tswapreg(ccr); 710 } 711 712 #define USE_ELF_CORE_DUMP 713 #define ELF_EXEC_PAGESIZE 4096 714 715 #endif 716 717 #ifdef TARGET_MIPS 718 719 #define ELF_START_MMAP 0x80000000 720 721 #define elf_check_arch(x) ( (x) == EM_MIPS ) 722 723 #ifdef TARGET_MIPS64 724 #define ELF_CLASS ELFCLASS64 725 #else 726 #define ELF_CLASS ELFCLASS32 727 #endif 728 #define ELF_ARCH EM_MIPS 729 730 static inline void init_thread(struct target_pt_regs *regs, 731 struct image_info *infop) 732 { 733 regs->cp0_status = 2 << CP0St_KSU; 734 regs->cp0_epc = infop->entry; 735 regs->regs[29] = infop->start_stack; 736 } 737 738 /* See linux kernel: arch/mips/include/asm/elf.h. */ 739 #define ELF_NREG 45 740 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 741 742 /* See linux kernel: arch/mips/include/asm/reg.h. */ 743 enum { 744 #ifdef TARGET_MIPS64 745 TARGET_EF_R0 = 0, 746 #else 747 TARGET_EF_R0 = 6, 748 #endif 749 TARGET_EF_R26 = TARGET_EF_R0 + 26, 750 TARGET_EF_R27 = TARGET_EF_R0 + 27, 751 TARGET_EF_LO = TARGET_EF_R0 + 32, 752 TARGET_EF_HI = TARGET_EF_R0 + 33, 753 TARGET_EF_CP0_EPC = TARGET_EF_R0 + 34, 754 TARGET_EF_CP0_BADVADDR = TARGET_EF_R0 + 35, 755 TARGET_EF_CP0_STATUS = TARGET_EF_R0 + 36, 756 TARGET_EF_CP0_CAUSE = TARGET_EF_R0 + 37 757 }; 758 759 /* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs. */ 760 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUMIPSState *env) 761 { 762 int i; 763 764 for (i = 0; i < TARGET_EF_R0; i++) { 765 (*regs)[i] = 0; 766 } 767 (*regs)[TARGET_EF_R0] = 0; 768 769 for (i = 1; i < ARRAY_SIZE(env->active_tc.gpr); i++) { 770 (*regs)[TARGET_EF_R0 + i] = tswapreg(env->active_tc.gpr[i]); 771 } 772 773 (*regs)[TARGET_EF_R26] = 0; 774 (*regs)[TARGET_EF_R27] = 0; 775 (*regs)[TARGET_EF_LO] = tswapreg(env->active_tc.LO[0]); 776 (*regs)[TARGET_EF_HI] = tswapreg(env->active_tc.HI[0]); 777 (*regs)[TARGET_EF_CP0_EPC] = tswapreg(env->active_tc.PC); 778 (*regs)[TARGET_EF_CP0_BADVADDR] = tswapreg(env->CP0_BadVAddr); 779 (*regs)[TARGET_EF_CP0_STATUS] = tswapreg(env->CP0_Status); 780 (*regs)[TARGET_EF_CP0_CAUSE] = tswapreg(env->CP0_Cause); 781 } 782 783 #define USE_ELF_CORE_DUMP 784 #define ELF_EXEC_PAGESIZE 4096 785 786 #endif /* TARGET_MIPS */ 787 788 #ifdef TARGET_MICROBLAZE 789 790 #define ELF_START_MMAP 0x80000000 791 792 #define elf_check_arch(x) ( (x) == EM_MICROBLAZE || (x) == EM_MICROBLAZE_OLD) 793 794 #define ELF_CLASS ELFCLASS32 795 #define ELF_ARCH EM_MICROBLAZE 796 797 static inline void init_thread(struct target_pt_regs *regs, 798 struct image_info *infop) 799 { 800 regs->pc = infop->entry; 801 regs->r1 = infop->start_stack; 802 803 } 804 805 #define ELF_EXEC_PAGESIZE 4096 806 807 #define USE_ELF_CORE_DUMP 808 #define ELF_NREG 38 809 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 810 811 /* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs. */ 812 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUMBState *env) 813 { 814 int i, pos = 0; 815 816 for (i = 0; i < 32; i++) { 817 (*regs)[pos++] = tswapreg(env->regs[i]); 818 } 819 820 for (i = 0; i < 6; i++) { 821 (*regs)[pos++] = tswapreg(env->sregs[i]); 822 } 823 } 824 825 #endif /* TARGET_MICROBLAZE */ 826 827 #ifdef TARGET_OPENRISC 828 829 #define ELF_START_MMAP 0x08000000 830 831 #define elf_check_arch(x) ((x) == EM_OPENRISC) 832 833 #define ELF_ARCH EM_OPENRISC 834 #define ELF_CLASS ELFCLASS32 835 #define ELF_DATA ELFDATA2MSB 836 837 static inline void init_thread(struct target_pt_regs *regs, 838 struct image_info *infop) 839 { 840 regs->pc = infop->entry; 841 regs->gpr[1] = infop->start_stack; 842 } 843 844 #define USE_ELF_CORE_DUMP 845 #define ELF_EXEC_PAGESIZE 8192 846 847 /* See linux kernel arch/openrisc/include/asm/elf.h. */ 848 #define ELF_NREG 34 /* gprs and pc, sr */ 849 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 850 851 static void elf_core_copy_regs(target_elf_gregset_t *regs, 852 const CPUOpenRISCState *env) 853 { 854 int i; 855 856 for (i = 0; i < 32; i++) { 857 (*regs)[i] = tswapreg(env->gpr[i]); 858 } 859 860 (*regs)[32] = tswapreg(env->pc); 861 (*regs)[33] = tswapreg(env->sr); 862 } 863 #define ELF_HWCAP 0 864 #define ELF_PLATFORM NULL 865 866 #endif /* TARGET_OPENRISC */ 867 868 #ifdef TARGET_SH4 869 870 #define ELF_START_MMAP 0x80000000 871 872 #define elf_check_arch(x) ( (x) == EM_SH ) 873 874 #define ELF_CLASS ELFCLASS32 875 #define ELF_ARCH EM_SH 876 877 static inline void init_thread(struct target_pt_regs *regs, 878 struct image_info *infop) 879 { 880 /* Check other registers XXXXX */ 881 regs->pc = infop->entry; 882 regs->regs[15] = infop->start_stack; 883 } 884 885 /* See linux kernel: arch/sh/include/asm/elf.h. */ 886 #define ELF_NREG 23 887 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 888 889 /* See linux kernel: arch/sh/include/asm/ptrace.h. */ 890 enum { 891 TARGET_REG_PC = 16, 892 TARGET_REG_PR = 17, 893 TARGET_REG_SR = 18, 894 TARGET_REG_GBR = 19, 895 TARGET_REG_MACH = 20, 896 TARGET_REG_MACL = 21, 897 TARGET_REG_SYSCALL = 22 898 }; 899 900 static inline void elf_core_copy_regs(target_elf_gregset_t *regs, 901 const CPUSH4State *env) 902 { 903 int i; 904 905 for (i = 0; i < 16; i++) { 906 (*regs[i]) = tswapreg(env->gregs[i]); 907 } 908 909 (*regs)[TARGET_REG_PC] = tswapreg(env->pc); 910 (*regs)[TARGET_REG_PR] = tswapreg(env->pr); 911 (*regs)[TARGET_REG_SR] = tswapreg(env->sr); 912 (*regs)[TARGET_REG_GBR] = tswapreg(env->gbr); 913 (*regs)[TARGET_REG_MACH] = tswapreg(env->mach); 914 (*regs)[TARGET_REG_MACL] = tswapreg(env->macl); 915 (*regs)[TARGET_REG_SYSCALL] = 0; /* FIXME */ 916 } 917 918 #define USE_ELF_CORE_DUMP 919 #define ELF_EXEC_PAGESIZE 4096 920 921 #endif 922 923 #ifdef TARGET_CRIS 924 925 #define ELF_START_MMAP 0x80000000 926 927 #define elf_check_arch(x) ( (x) == EM_CRIS ) 928 929 #define ELF_CLASS ELFCLASS32 930 #define ELF_ARCH EM_CRIS 931 932 static inline void init_thread(struct target_pt_regs *regs, 933 struct image_info *infop) 934 { 935 regs->erp = infop->entry; 936 } 937 938 #define ELF_EXEC_PAGESIZE 8192 939 940 #endif 941 942 #ifdef TARGET_M68K 943 944 #define ELF_START_MMAP 0x80000000 945 946 #define elf_check_arch(x) ( (x) == EM_68K ) 947 948 #define ELF_CLASS ELFCLASS32 949 #define ELF_ARCH EM_68K 950 951 /* ??? Does this need to do anything? 952 #define ELF_PLAT_INIT(_r) */ 953 954 static inline void init_thread(struct target_pt_regs *regs, 955 struct image_info *infop) 956 { 957 regs->usp = infop->start_stack; 958 regs->sr = 0; 959 regs->pc = infop->entry; 960 } 961 962 /* See linux kernel: arch/m68k/include/asm/elf.h. */ 963 #define ELF_NREG 20 964 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 965 966 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUM68KState *env) 967 { 968 (*regs)[0] = tswapreg(env->dregs[1]); 969 (*regs)[1] = tswapreg(env->dregs[2]); 970 (*regs)[2] = tswapreg(env->dregs[3]); 971 (*regs)[3] = tswapreg(env->dregs[4]); 972 (*regs)[4] = tswapreg(env->dregs[5]); 973 (*regs)[5] = tswapreg(env->dregs[6]); 974 (*regs)[6] = tswapreg(env->dregs[7]); 975 (*regs)[7] = tswapreg(env->aregs[0]); 976 (*regs)[8] = tswapreg(env->aregs[1]); 977 (*regs)[9] = tswapreg(env->aregs[2]); 978 (*regs)[10] = tswapreg(env->aregs[3]); 979 (*regs)[11] = tswapreg(env->aregs[4]); 980 (*regs)[12] = tswapreg(env->aregs[5]); 981 (*regs)[13] = tswapreg(env->aregs[6]); 982 (*regs)[14] = tswapreg(env->dregs[0]); 983 (*regs)[15] = tswapreg(env->aregs[7]); 984 (*regs)[16] = tswapreg(env->dregs[0]); /* FIXME: orig_d0 */ 985 (*regs)[17] = tswapreg(env->sr); 986 (*regs)[18] = tswapreg(env->pc); 987 (*regs)[19] = 0; /* FIXME: regs->format | regs->vector */ 988 } 989 990 #define USE_ELF_CORE_DUMP 991 #define ELF_EXEC_PAGESIZE 8192 992 993 #endif 994 995 #ifdef TARGET_ALPHA 996 997 #define ELF_START_MMAP (0x30000000000ULL) 998 999 #define elf_check_arch(x) ( (x) == ELF_ARCH ) 1000 1001 #define ELF_CLASS ELFCLASS64 1002 #define ELF_ARCH EM_ALPHA 1003 1004 static inline void init_thread(struct target_pt_regs *regs, 1005 struct image_info *infop) 1006 { 1007 regs->pc = infop->entry; 1008 regs->ps = 8; 1009 regs->usp = infop->start_stack; 1010 } 1011 1012 #define ELF_EXEC_PAGESIZE 8192 1013 1014 #endif /* TARGET_ALPHA */ 1015 1016 #ifdef TARGET_S390X 1017 1018 #define ELF_START_MMAP (0x20000000000ULL) 1019 1020 #define elf_check_arch(x) ( (x) == ELF_ARCH ) 1021 1022 #define ELF_CLASS ELFCLASS64 1023 #define ELF_DATA ELFDATA2MSB 1024 #define ELF_ARCH EM_S390 1025 1026 static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop) 1027 { 1028 regs->psw.addr = infop->entry; 1029 regs->psw.mask = PSW_MASK_64 | PSW_MASK_32; 1030 regs->gprs[15] = infop->start_stack; 1031 } 1032 1033 #endif /* TARGET_S390X */ 1034 1035 #ifndef ELF_PLATFORM 1036 #define ELF_PLATFORM (NULL) 1037 #endif 1038 1039 #ifndef ELF_HWCAP 1040 #define ELF_HWCAP 0 1041 #endif 1042 1043 #ifdef TARGET_ABI32 1044 #undef ELF_CLASS 1045 #define ELF_CLASS ELFCLASS32 1046 #undef bswaptls 1047 #define bswaptls(ptr) bswap32s(ptr) 1048 #endif 1049 1050 #include "elf.h" 1051 1052 struct exec 1053 { 1054 unsigned int a_info; /* Use macros N_MAGIC, etc for access */ 1055 unsigned int a_text; /* length of text, in bytes */ 1056 unsigned int a_data; /* length of data, in bytes */ 1057 unsigned int a_bss; /* length of uninitialized data area, in bytes */ 1058 unsigned int a_syms; /* length of symbol table data in file, in bytes */ 1059 unsigned int a_entry; /* start address */ 1060 unsigned int a_trsize; /* length of relocation info for text, in bytes */ 1061 unsigned int a_drsize; /* length of relocation info for data, in bytes */ 1062 }; 1063 1064 1065 #define N_MAGIC(exec) ((exec).a_info & 0xffff) 1066 #define OMAGIC 0407 1067 #define NMAGIC 0410 1068 #define ZMAGIC 0413 1069 #define QMAGIC 0314 1070 1071 /* Necessary parameters */ 1072 #define TARGET_ELF_EXEC_PAGESIZE TARGET_PAGE_SIZE 1073 #define TARGET_ELF_PAGESTART(_v) ((_v) & ~(unsigned long)(TARGET_ELF_EXEC_PAGESIZE-1)) 1074 #define TARGET_ELF_PAGEOFFSET(_v) ((_v) & (TARGET_ELF_EXEC_PAGESIZE-1)) 1075 1076 #define DLINFO_ITEMS 13 1077 1078 static inline void memcpy_fromfs(void * to, const void * from, unsigned long n) 1079 { 1080 memcpy(to, from, n); 1081 } 1082 1083 #ifdef BSWAP_NEEDED 1084 static void bswap_ehdr(struct elfhdr *ehdr) 1085 { 1086 bswap16s(&ehdr->e_type); /* Object file type */ 1087 bswap16s(&ehdr->e_machine); /* Architecture */ 1088 bswap32s(&ehdr->e_version); /* Object file version */ 1089 bswaptls(&ehdr->e_entry); /* Entry point virtual address */ 1090 bswaptls(&ehdr->e_phoff); /* Program header table file offset */ 1091 bswaptls(&ehdr->e_shoff); /* Section header table file offset */ 1092 bswap32s(&ehdr->e_flags); /* Processor-specific flags */ 1093 bswap16s(&ehdr->e_ehsize); /* ELF header size in bytes */ 1094 bswap16s(&ehdr->e_phentsize); /* Program header table entry size */ 1095 bswap16s(&ehdr->e_phnum); /* Program header table entry count */ 1096 bswap16s(&ehdr->e_shentsize); /* Section header table entry size */ 1097 bswap16s(&ehdr->e_shnum); /* Section header table entry count */ 1098 bswap16s(&ehdr->e_shstrndx); /* Section header string table index */ 1099 } 1100 1101 static void bswap_phdr(struct elf_phdr *phdr, int phnum) 1102 { 1103 int i; 1104 for (i = 0; i < phnum; ++i, ++phdr) { 1105 bswap32s(&phdr->p_type); /* Segment type */ 1106 bswap32s(&phdr->p_flags); /* Segment flags */ 1107 bswaptls(&phdr->p_offset); /* Segment file offset */ 1108 bswaptls(&phdr->p_vaddr); /* Segment virtual address */ 1109 bswaptls(&phdr->p_paddr); /* Segment physical address */ 1110 bswaptls(&phdr->p_filesz); /* Segment size in file */ 1111 bswaptls(&phdr->p_memsz); /* Segment size in memory */ 1112 bswaptls(&phdr->p_align); /* Segment alignment */ 1113 } 1114 } 1115 1116 static void bswap_shdr(struct elf_shdr *shdr, int shnum) 1117 { 1118 int i; 1119 for (i = 0; i < shnum; ++i, ++shdr) { 1120 bswap32s(&shdr->sh_name); 1121 bswap32s(&shdr->sh_type); 1122 bswaptls(&shdr->sh_flags); 1123 bswaptls(&shdr->sh_addr); 1124 bswaptls(&shdr->sh_offset); 1125 bswaptls(&shdr->sh_size); 1126 bswap32s(&shdr->sh_link); 1127 bswap32s(&shdr->sh_info); 1128 bswaptls(&shdr->sh_addralign); 1129 bswaptls(&shdr->sh_entsize); 1130 } 1131 } 1132 1133 static void bswap_sym(struct elf_sym *sym) 1134 { 1135 bswap32s(&sym->st_name); 1136 bswaptls(&sym->st_value); 1137 bswaptls(&sym->st_size); 1138 bswap16s(&sym->st_shndx); 1139 } 1140 #else 1141 static inline void bswap_ehdr(struct elfhdr *ehdr) { } 1142 static inline void bswap_phdr(struct elf_phdr *phdr, int phnum) { } 1143 static inline void bswap_shdr(struct elf_shdr *shdr, int shnum) { } 1144 static inline void bswap_sym(struct elf_sym *sym) { } 1145 #endif 1146 1147 #ifdef USE_ELF_CORE_DUMP 1148 static int elf_core_dump(int, const CPUArchState *); 1149 #endif /* USE_ELF_CORE_DUMP */ 1150 static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias); 1151 1152 /* Verify the portions of EHDR within E_IDENT for the target. 1153 This can be performed before bswapping the entire header. */ 1154 static bool elf_check_ident(struct elfhdr *ehdr) 1155 { 1156 return (ehdr->e_ident[EI_MAG0] == ELFMAG0 1157 && ehdr->e_ident[EI_MAG1] == ELFMAG1 1158 && ehdr->e_ident[EI_MAG2] == ELFMAG2 1159 && ehdr->e_ident[EI_MAG3] == ELFMAG3 1160 && ehdr->e_ident[EI_CLASS] == ELF_CLASS 1161 && ehdr->e_ident[EI_DATA] == ELF_DATA 1162 && ehdr->e_ident[EI_VERSION] == EV_CURRENT); 1163 } 1164 1165 /* Verify the portions of EHDR outside of E_IDENT for the target. 1166 This has to wait until after bswapping the header. */ 1167 static bool elf_check_ehdr(struct elfhdr *ehdr) 1168 { 1169 return (elf_check_arch(ehdr->e_machine) 1170 && ehdr->e_ehsize == sizeof(struct elfhdr) 1171 && ehdr->e_phentsize == sizeof(struct elf_phdr) 1172 && ehdr->e_shentsize == sizeof(struct elf_shdr) 1173 && (ehdr->e_type == ET_EXEC || ehdr->e_type == ET_DYN)); 1174 } 1175 1176 /* 1177 * 'copy_elf_strings()' copies argument/envelope strings from user 1178 * memory to free pages in kernel mem. These are in a format ready 1179 * to be put directly into the top of new user memory. 1180 * 1181 */ 1182 static abi_ulong copy_elf_strings(int argc,char ** argv, void **page, 1183 abi_ulong p) 1184 { 1185 char *tmp, *tmp1, *pag = NULL; 1186 int len, offset = 0; 1187 1188 if (!p) { 1189 return 0; /* bullet-proofing */ 1190 } 1191 while (argc-- > 0) { 1192 tmp = argv[argc]; 1193 if (!tmp) { 1194 fprintf(stderr, "VFS: argc is wrong"); 1195 exit(-1); 1196 } 1197 tmp1 = tmp; 1198 while (*tmp++); 1199 len = tmp - tmp1; 1200 if (p < len) { /* this shouldn't happen - 128kB */ 1201 return 0; 1202 } 1203 while (len) { 1204 --p; --tmp; --len; 1205 if (--offset < 0) { 1206 offset = p % TARGET_PAGE_SIZE; 1207 pag = (char *)page[p/TARGET_PAGE_SIZE]; 1208 if (!pag) { 1209 pag = g_try_malloc0(TARGET_PAGE_SIZE); 1210 page[p/TARGET_PAGE_SIZE] = pag; 1211 if (!pag) 1212 return 0; 1213 } 1214 } 1215 if (len == 0 || offset == 0) { 1216 *(pag + offset) = *tmp; 1217 } 1218 else { 1219 int bytes_to_copy = (len > offset) ? offset : len; 1220 tmp -= bytes_to_copy; 1221 p -= bytes_to_copy; 1222 offset -= bytes_to_copy; 1223 len -= bytes_to_copy; 1224 memcpy_fromfs(pag + offset, tmp, bytes_to_copy + 1); 1225 } 1226 } 1227 } 1228 return p; 1229 } 1230 1231 static abi_ulong setup_arg_pages(abi_ulong p, struct linux_binprm *bprm, 1232 struct image_info *info) 1233 { 1234 abi_ulong stack_base, size, error, guard; 1235 int i; 1236 1237 /* Create enough stack to hold everything. If we don't use 1238 it for args, we'll use it for something else. */ 1239 size = guest_stack_size; 1240 if (size < MAX_ARG_PAGES*TARGET_PAGE_SIZE) { 1241 size = MAX_ARG_PAGES*TARGET_PAGE_SIZE; 1242 } 1243 guard = TARGET_PAGE_SIZE; 1244 if (guard < qemu_real_host_page_size) { 1245 guard = qemu_real_host_page_size; 1246 } 1247 1248 error = target_mmap(0, size + guard, PROT_READ | PROT_WRITE, 1249 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); 1250 if (error == -1) { 1251 perror("mmap stack"); 1252 exit(-1); 1253 } 1254 1255 /* We reserve one extra page at the top of the stack as guard. */ 1256 target_mprotect(error, guard, PROT_NONE); 1257 1258 info->stack_limit = error + guard; 1259 stack_base = info->stack_limit + size - MAX_ARG_PAGES*TARGET_PAGE_SIZE; 1260 p += stack_base; 1261 1262 for (i = 0 ; i < MAX_ARG_PAGES ; i++) { 1263 if (bprm->page[i]) { 1264 info->rss++; 1265 /* FIXME - check return value of memcpy_to_target() for failure */ 1266 memcpy_to_target(stack_base, bprm->page[i], TARGET_PAGE_SIZE); 1267 g_free(bprm->page[i]); 1268 } 1269 stack_base += TARGET_PAGE_SIZE; 1270 } 1271 return p; 1272 } 1273 1274 /* Map and zero the bss. We need to explicitly zero any fractional pages 1275 after the data section (i.e. bss). */ 1276 static void zero_bss(abi_ulong elf_bss, abi_ulong last_bss, int prot) 1277 { 1278 uintptr_t host_start, host_map_start, host_end; 1279 1280 last_bss = TARGET_PAGE_ALIGN(last_bss); 1281 1282 /* ??? There is confusion between qemu_real_host_page_size and 1283 qemu_host_page_size here and elsewhere in target_mmap, which 1284 may lead to the end of the data section mapping from the file 1285 not being mapped. At least there was an explicit test and 1286 comment for that here, suggesting that "the file size must 1287 be known". The comment probably pre-dates the introduction 1288 of the fstat system call in target_mmap which does in fact 1289 find out the size. What isn't clear is if the workaround 1290 here is still actually needed. For now, continue with it, 1291 but merge it with the "normal" mmap that would allocate the bss. */ 1292 1293 host_start = (uintptr_t) g2h(elf_bss); 1294 host_end = (uintptr_t) g2h(last_bss); 1295 host_map_start = (host_start + qemu_real_host_page_size - 1); 1296 host_map_start &= -qemu_real_host_page_size; 1297 1298 if (host_map_start < host_end) { 1299 void *p = mmap((void *)host_map_start, host_end - host_map_start, 1300 prot, MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); 1301 if (p == MAP_FAILED) { 1302 perror("cannot mmap brk"); 1303 exit(-1); 1304 } 1305 1306 /* Since we didn't use target_mmap, make sure to record 1307 the validity of the pages with qemu. */ 1308 page_set_flags(elf_bss & TARGET_PAGE_MASK, last_bss, prot|PAGE_VALID); 1309 } 1310 1311 if (host_start < host_map_start) { 1312 memset((void *)host_start, 0, host_map_start - host_start); 1313 } 1314 } 1315 1316 #ifdef CONFIG_USE_FDPIC 1317 static abi_ulong loader_build_fdpic_loadmap(struct image_info *info, abi_ulong sp) 1318 { 1319 uint16_t n; 1320 struct elf32_fdpic_loadseg *loadsegs = info->loadsegs; 1321 1322 /* elf32_fdpic_loadseg */ 1323 n = info->nsegs; 1324 while (n--) { 1325 sp -= 12; 1326 put_user_u32(loadsegs[n].addr, sp+0); 1327 put_user_u32(loadsegs[n].p_vaddr, sp+4); 1328 put_user_u32(loadsegs[n].p_memsz, sp+8); 1329 } 1330 1331 /* elf32_fdpic_loadmap */ 1332 sp -= 4; 1333 put_user_u16(0, sp+0); /* version */ 1334 put_user_u16(info->nsegs, sp+2); /* nsegs */ 1335 1336 info->personality = PER_LINUX_FDPIC; 1337 info->loadmap_addr = sp; 1338 1339 return sp; 1340 } 1341 #endif 1342 1343 static abi_ulong create_elf_tables(abi_ulong p, int argc, int envc, 1344 struct elfhdr *exec, 1345 struct image_info *info, 1346 struct image_info *interp_info) 1347 { 1348 abi_ulong sp; 1349 abi_ulong sp_auxv; 1350 int size; 1351 int i; 1352 abi_ulong u_rand_bytes; 1353 uint8_t k_rand_bytes[16]; 1354 abi_ulong u_platform; 1355 const char *k_platform; 1356 const int n = sizeof(elf_addr_t); 1357 1358 sp = p; 1359 1360 #ifdef CONFIG_USE_FDPIC 1361 /* Needs to be before we load the env/argc/... */ 1362 if (elf_is_fdpic(exec)) { 1363 /* Need 4 byte alignment for these structs */ 1364 sp &= ~3; 1365 sp = loader_build_fdpic_loadmap(info, sp); 1366 info->other_info = interp_info; 1367 if (interp_info) { 1368 interp_info->other_info = info; 1369 sp = loader_build_fdpic_loadmap(interp_info, sp); 1370 } 1371 } 1372 #endif 1373 1374 u_platform = 0; 1375 k_platform = ELF_PLATFORM; 1376 if (k_platform) { 1377 size_t len = strlen(k_platform) + 1; 1378 sp -= (len + n - 1) & ~(n - 1); 1379 u_platform = sp; 1380 /* FIXME - check return value of memcpy_to_target() for failure */ 1381 memcpy_to_target(sp, k_platform, len); 1382 } 1383 1384 /* 1385 * Generate 16 random bytes for userspace PRNG seeding (not 1386 * cryptically secure but it's not the aim of QEMU). 1387 */ 1388 srand((unsigned int) time(NULL)); 1389 for (i = 0; i < 16; i++) { 1390 k_rand_bytes[i] = rand(); 1391 } 1392 sp -= 16; 1393 u_rand_bytes = sp; 1394 /* FIXME - check return value of memcpy_to_target() for failure */ 1395 memcpy_to_target(sp, k_rand_bytes, 16); 1396 1397 /* 1398 * Force 16 byte _final_ alignment here for generality. 1399 */ 1400 sp = sp &~ (abi_ulong)15; 1401 size = (DLINFO_ITEMS + 1) * 2; 1402 if (k_platform) 1403 size += 2; 1404 #ifdef DLINFO_ARCH_ITEMS 1405 size += DLINFO_ARCH_ITEMS * 2; 1406 #endif 1407 size += envc + argc + 2; 1408 size += 1; /* argc itself */ 1409 size *= n; 1410 if (size & 15) 1411 sp -= 16 - (size & 15); 1412 1413 /* This is correct because Linux defines 1414 * elf_addr_t as Elf32_Off / Elf64_Off 1415 */ 1416 #define NEW_AUX_ENT(id, val) do { \ 1417 sp -= n; put_user_ual(val, sp); \ 1418 sp -= n; put_user_ual(id, sp); \ 1419 } while(0) 1420 1421 sp_auxv = sp; 1422 NEW_AUX_ENT (AT_NULL, 0); 1423 1424 /* There must be exactly DLINFO_ITEMS entries here. */ 1425 NEW_AUX_ENT(AT_PHDR, (abi_ulong)(info->load_addr + exec->e_phoff)); 1426 NEW_AUX_ENT(AT_PHENT, (abi_ulong)(sizeof (struct elf_phdr))); 1427 NEW_AUX_ENT(AT_PHNUM, (abi_ulong)(exec->e_phnum)); 1428 NEW_AUX_ENT(AT_PAGESZ, (abi_ulong)(TARGET_PAGE_SIZE)); 1429 NEW_AUX_ENT(AT_BASE, (abi_ulong)(interp_info ? interp_info->load_addr : 0)); 1430 NEW_AUX_ENT(AT_FLAGS, (abi_ulong)0); 1431 NEW_AUX_ENT(AT_ENTRY, info->entry); 1432 NEW_AUX_ENT(AT_UID, (abi_ulong) getuid()); 1433 NEW_AUX_ENT(AT_EUID, (abi_ulong) geteuid()); 1434 NEW_AUX_ENT(AT_GID, (abi_ulong) getgid()); 1435 NEW_AUX_ENT(AT_EGID, (abi_ulong) getegid()); 1436 NEW_AUX_ENT(AT_HWCAP, (abi_ulong) ELF_HWCAP); 1437 NEW_AUX_ENT(AT_CLKTCK, (abi_ulong) sysconf(_SC_CLK_TCK)); 1438 NEW_AUX_ENT(AT_RANDOM, (abi_ulong) u_rand_bytes); 1439 1440 if (k_platform) 1441 NEW_AUX_ENT(AT_PLATFORM, u_platform); 1442 #ifdef ARCH_DLINFO 1443 /* 1444 * ARCH_DLINFO must come last so platform specific code can enforce 1445 * special alignment requirements on the AUXV if necessary (eg. PPC). 1446 */ 1447 ARCH_DLINFO; 1448 #endif 1449 #undef NEW_AUX_ENT 1450 1451 info->saved_auxv = sp; 1452 info->auxv_len = sp_auxv - sp; 1453 1454 sp = loader_build_argptr(envc, argc, sp, p, 0); 1455 return sp; 1456 } 1457 1458 #ifndef TARGET_HAS_VALIDATE_GUEST_SPACE 1459 /* If the guest doesn't have a validation function just agree */ 1460 static int validate_guest_space(unsigned long guest_base, 1461 unsigned long guest_size) 1462 { 1463 return 1; 1464 } 1465 #endif 1466 1467 unsigned long init_guest_space(unsigned long host_start, 1468 unsigned long host_size, 1469 unsigned long guest_start, 1470 bool fixed) 1471 { 1472 unsigned long current_start, real_start; 1473 int flags; 1474 1475 assert(host_start || host_size); 1476 1477 /* If just a starting address is given, then just verify that 1478 * address. */ 1479 if (host_start && !host_size) { 1480 if (validate_guest_space(host_start, host_size) == 1) { 1481 return host_start; 1482 } else { 1483 return (unsigned long)-1; 1484 } 1485 } 1486 1487 /* Setup the initial flags and start address. */ 1488 current_start = host_start & qemu_host_page_mask; 1489 flags = MAP_ANONYMOUS | MAP_PRIVATE | MAP_NORESERVE; 1490 if (fixed) { 1491 flags |= MAP_FIXED; 1492 } 1493 1494 /* Otherwise, a non-zero size region of memory needs to be mapped 1495 * and validated. */ 1496 while (1) { 1497 unsigned long real_size = host_size; 1498 1499 /* Do not use mmap_find_vma here because that is limited to the 1500 * guest address space. We are going to make the 1501 * guest address space fit whatever we're given. 1502 */ 1503 real_start = (unsigned long) 1504 mmap((void *)current_start, host_size, PROT_NONE, flags, -1, 0); 1505 if (real_start == (unsigned long)-1) { 1506 return (unsigned long)-1; 1507 } 1508 1509 /* Ensure the address is properly aligned. */ 1510 if (real_start & ~qemu_host_page_mask) { 1511 munmap((void *)real_start, host_size); 1512 real_size = host_size + qemu_host_page_size; 1513 real_start = (unsigned long) 1514 mmap((void *)real_start, real_size, PROT_NONE, flags, -1, 0); 1515 if (real_start == (unsigned long)-1) { 1516 return (unsigned long)-1; 1517 } 1518 real_start = HOST_PAGE_ALIGN(real_start); 1519 } 1520 1521 /* Check to see if the address is valid. */ 1522 if (!host_start || real_start == current_start) { 1523 int valid = validate_guest_space(real_start - guest_start, 1524 real_size); 1525 if (valid == 1) { 1526 break; 1527 } else if (valid == -1) { 1528 return (unsigned long)-1; 1529 } 1530 /* valid == 0, so try again. */ 1531 } 1532 1533 /* That address didn't work. Unmap and try a different one. 1534 * The address the host picked because is typically right at 1535 * the top of the host address space and leaves the guest with 1536 * no usable address space. Resort to a linear search. We 1537 * already compensated for mmap_min_addr, so this should not 1538 * happen often. Probably means we got unlucky and host 1539 * address space randomization put a shared library somewhere 1540 * inconvenient. 1541 */ 1542 munmap((void *)real_start, host_size); 1543 current_start += qemu_host_page_size; 1544 if (host_start == current_start) { 1545 /* Theoretically possible if host doesn't have any suitably 1546 * aligned areas. Normally the first mmap will fail. 1547 */ 1548 return (unsigned long)-1; 1549 } 1550 } 1551 1552 qemu_log("Reserved 0x%lx bytes of guest address space\n", host_size); 1553 1554 return real_start; 1555 } 1556 1557 static void probe_guest_base(const char *image_name, 1558 abi_ulong loaddr, abi_ulong hiaddr) 1559 { 1560 /* Probe for a suitable guest base address, if the user has not set 1561 * it explicitly, and set guest_base appropriately. 1562 * In case of error we will print a suitable message and exit. 1563 */ 1564 #if defined(CONFIG_USE_GUEST_BASE) 1565 const char *errmsg; 1566 if (!have_guest_base && !reserved_va) { 1567 unsigned long host_start, real_start, host_size; 1568 1569 /* Round addresses to page boundaries. */ 1570 loaddr &= qemu_host_page_mask; 1571 hiaddr = HOST_PAGE_ALIGN(hiaddr); 1572 1573 if (loaddr < mmap_min_addr) { 1574 host_start = HOST_PAGE_ALIGN(mmap_min_addr); 1575 } else { 1576 host_start = loaddr; 1577 if (host_start != loaddr) { 1578 errmsg = "Address overflow loading ELF binary"; 1579 goto exit_errmsg; 1580 } 1581 } 1582 host_size = hiaddr - loaddr; 1583 1584 /* Setup the initial guest memory space with ranges gleaned from 1585 * the ELF image that is being loaded. 1586 */ 1587 real_start = init_guest_space(host_start, host_size, loaddr, false); 1588 if (real_start == (unsigned long)-1) { 1589 errmsg = "Unable to find space for application"; 1590 goto exit_errmsg; 1591 } 1592 guest_base = real_start - loaddr; 1593 1594 qemu_log("Relocating guest address space from 0x" 1595 TARGET_ABI_FMT_lx " to 0x%lx\n", 1596 loaddr, real_start); 1597 } 1598 return; 1599 1600 exit_errmsg: 1601 fprintf(stderr, "%s: %s\n", image_name, errmsg); 1602 exit(-1); 1603 #endif 1604 } 1605 1606 1607 /* Load an ELF image into the address space. 1608 1609 IMAGE_NAME is the filename of the image, to use in error messages. 1610 IMAGE_FD is the open file descriptor for the image. 1611 1612 BPRM_BUF is a copy of the beginning of the file; this of course 1613 contains the elf file header at offset 0. It is assumed that this 1614 buffer is sufficiently aligned to present no problems to the host 1615 in accessing data at aligned offsets within the buffer. 1616 1617 On return: INFO values will be filled in, as necessary or available. */ 1618 1619 static void load_elf_image(const char *image_name, int image_fd, 1620 struct image_info *info, char **pinterp_name, 1621 char bprm_buf[BPRM_BUF_SIZE]) 1622 { 1623 struct elfhdr *ehdr = (struct elfhdr *)bprm_buf; 1624 struct elf_phdr *phdr; 1625 abi_ulong load_addr, load_bias, loaddr, hiaddr, error; 1626 int i, retval; 1627 const char *errmsg; 1628 1629 /* First of all, some simple consistency checks */ 1630 errmsg = "Invalid ELF image for this architecture"; 1631 if (!elf_check_ident(ehdr)) { 1632 goto exit_errmsg; 1633 } 1634 bswap_ehdr(ehdr); 1635 if (!elf_check_ehdr(ehdr)) { 1636 goto exit_errmsg; 1637 } 1638 1639 i = ehdr->e_phnum * sizeof(struct elf_phdr); 1640 if (ehdr->e_phoff + i <= BPRM_BUF_SIZE) { 1641 phdr = (struct elf_phdr *)(bprm_buf + ehdr->e_phoff); 1642 } else { 1643 phdr = (struct elf_phdr *) alloca(i); 1644 retval = pread(image_fd, phdr, i, ehdr->e_phoff); 1645 if (retval != i) { 1646 goto exit_read; 1647 } 1648 } 1649 bswap_phdr(phdr, ehdr->e_phnum); 1650 1651 #ifdef CONFIG_USE_FDPIC 1652 info->nsegs = 0; 1653 info->pt_dynamic_addr = 0; 1654 #endif 1655 1656 /* Find the maximum size of the image and allocate an appropriate 1657 amount of memory to handle that. */ 1658 loaddr = -1, hiaddr = 0; 1659 for (i = 0; i < ehdr->e_phnum; ++i) { 1660 if (phdr[i].p_type == PT_LOAD) { 1661 abi_ulong a = phdr[i].p_vaddr; 1662 if (a < loaddr) { 1663 loaddr = a; 1664 } 1665 a += phdr[i].p_memsz; 1666 if (a > hiaddr) { 1667 hiaddr = a; 1668 } 1669 #ifdef CONFIG_USE_FDPIC 1670 ++info->nsegs; 1671 #endif 1672 } 1673 } 1674 1675 load_addr = loaddr; 1676 if (ehdr->e_type == ET_DYN) { 1677 /* The image indicates that it can be loaded anywhere. Find a 1678 location that can hold the memory space required. If the 1679 image is pre-linked, LOADDR will be non-zero. Since we do 1680 not supply MAP_FIXED here we'll use that address if and 1681 only if it remains available. */ 1682 load_addr = target_mmap(loaddr, hiaddr - loaddr, PROT_NONE, 1683 MAP_PRIVATE | MAP_ANON | MAP_NORESERVE, 1684 -1, 0); 1685 if (load_addr == -1) { 1686 goto exit_perror; 1687 } 1688 } else if (pinterp_name != NULL) { 1689 /* This is the main executable. Make sure that the low 1690 address does not conflict with MMAP_MIN_ADDR or the 1691 QEMU application itself. */ 1692 probe_guest_base(image_name, loaddr, hiaddr); 1693 } 1694 load_bias = load_addr - loaddr; 1695 1696 #ifdef CONFIG_USE_FDPIC 1697 { 1698 struct elf32_fdpic_loadseg *loadsegs = info->loadsegs = 1699 g_malloc(sizeof(*loadsegs) * info->nsegs); 1700 1701 for (i = 0; i < ehdr->e_phnum; ++i) { 1702 switch (phdr[i].p_type) { 1703 case PT_DYNAMIC: 1704 info->pt_dynamic_addr = phdr[i].p_vaddr + load_bias; 1705 break; 1706 case PT_LOAD: 1707 loadsegs->addr = phdr[i].p_vaddr + load_bias; 1708 loadsegs->p_vaddr = phdr[i].p_vaddr; 1709 loadsegs->p_memsz = phdr[i].p_memsz; 1710 ++loadsegs; 1711 break; 1712 } 1713 } 1714 } 1715 #endif 1716 1717 info->load_bias = load_bias; 1718 info->load_addr = load_addr; 1719 info->entry = ehdr->e_entry + load_bias; 1720 info->start_code = -1; 1721 info->end_code = 0; 1722 info->start_data = -1; 1723 info->end_data = 0; 1724 info->brk = 0; 1725 info->elf_flags = ehdr->e_flags; 1726 1727 for (i = 0; i < ehdr->e_phnum; i++) { 1728 struct elf_phdr *eppnt = phdr + i; 1729 if (eppnt->p_type == PT_LOAD) { 1730 abi_ulong vaddr, vaddr_po, vaddr_ps, vaddr_ef, vaddr_em; 1731 int elf_prot = 0; 1732 1733 if (eppnt->p_flags & PF_R) elf_prot = PROT_READ; 1734 if (eppnt->p_flags & PF_W) elf_prot |= PROT_WRITE; 1735 if (eppnt->p_flags & PF_X) elf_prot |= PROT_EXEC; 1736 1737 vaddr = load_bias + eppnt->p_vaddr; 1738 vaddr_po = TARGET_ELF_PAGEOFFSET(vaddr); 1739 vaddr_ps = TARGET_ELF_PAGESTART(vaddr); 1740 1741 error = target_mmap(vaddr_ps, eppnt->p_filesz + vaddr_po, 1742 elf_prot, MAP_PRIVATE | MAP_FIXED, 1743 image_fd, eppnt->p_offset - vaddr_po); 1744 if (error == -1) { 1745 goto exit_perror; 1746 } 1747 1748 vaddr_ef = vaddr + eppnt->p_filesz; 1749 vaddr_em = vaddr + eppnt->p_memsz; 1750 1751 /* If the load segment requests extra zeros (e.g. bss), map it. */ 1752 if (vaddr_ef < vaddr_em) { 1753 zero_bss(vaddr_ef, vaddr_em, elf_prot); 1754 } 1755 1756 /* Find the full program boundaries. */ 1757 if (elf_prot & PROT_EXEC) { 1758 if (vaddr < info->start_code) { 1759 info->start_code = vaddr; 1760 } 1761 if (vaddr_ef > info->end_code) { 1762 info->end_code = vaddr_ef; 1763 } 1764 } 1765 if (elf_prot & PROT_WRITE) { 1766 if (vaddr < info->start_data) { 1767 info->start_data = vaddr; 1768 } 1769 if (vaddr_ef > info->end_data) { 1770 info->end_data = vaddr_ef; 1771 } 1772 if (vaddr_em > info->brk) { 1773 info->brk = vaddr_em; 1774 } 1775 } 1776 } else if (eppnt->p_type == PT_INTERP && pinterp_name) { 1777 char *interp_name; 1778 1779 if (*pinterp_name) { 1780 errmsg = "Multiple PT_INTERP entries"; 1781 goto exit_errmsg; 1782 } 1783 interp_name = malloc(eppnt->p_filesz); 1784 if (!interp_name) { 1785 goto exit_perror; 1786 } 1787 1788 if (eppnt->p_offset + eppnt->p_filesz <= BPRM_BUF_SIZE) { 1789 memcpy(interp_name, bprm_buf + eppnt->p_offset, 1790 eppnt->p_filesz); 1791 } else { 1792 retval = pread(image_fd, interp_name, eppnt->p_filesz, 1793 eppnt->p_offset); 1794 if (retval != eppnt->p_filesz) { 1795 goto exit_perror; 1796 } 1797 } 1798 if (interp_name[eppnt->p_filesz - 1] != 0) { 1799 errmsg = "Invalid PT_INTERP entry"; 1800 goto exit_errmsg; 1801 } 1802 *pinterp_name = interp_name; 1803 } 1804 } 1805 1806 if (info->end_data == 0) { 1807 info->start_data = info->end_code; 1808 info->end_data = info->end_code; 1809 info->brk = info->end_code; 1810 } 1811 1812 if (qemu_log_enabled()) { 1813 load_symbols(ehdr, image_fd, load_bias); 1814 } 1815 1816 close(image_fd); 1817 return; 1818 1819 exit_read: 1820 if (retval >= 0) { 1821 errmsg = "Incomplete read of file header"; 1822 goto exit_errmsg; 1823 } 1824 exit_perror: 1825 errmsg = strerror(errno); 1826 exit_errmsg: 1827 fprintf(stderr, "%s: %s\n", image_name, errmsg); 1828 exit(-1); 1829 } 1830 1831 static void load_elf_interp(const char *filename, struct image_info *info, 1832 char bprm_buf[BPRM_BUF_SIZE]) 1833 { 1834 int fd, retval; 1835 1836 fd = open(path(filename), O_RDONLY); 1837 if (fd < 0) { 1838 goto exit_perror; 1839 } 1840 1841 retval = read(fd, bprm_buf, BPRM_BUF_SIZE); 1842 if (retval < 0) { 1843 goto exit_perror; 1844 } 1845 if (retval < BPRM_BUF_SIZE) { 1846 memset(bprm_buf + retval, 0, BPRM_BUF_SIZE - retval); 1847 } 1848 1849 load_elf_image(filename, fd, info, NULL, bprm_buf); 1850 return; 1851 1852 exit_perror: 1853 fprintf(stderr, "%s: %s\n", filename, strerror(errno)); 1854 exit(-1); 1855 } 1856 1857 static int symfind(const void *s0, const void *s1) 1858 { 1859 target_ulong addr = *(target_ulong *)s0; 1860 struct elf_sym *sym = (struct elf_sym *)s1; 1861 int result = 0; 1862 if (addr < sym->st_value) { 1863 result = -1; 1864 } else if (addr >= sym->st_value + sym->st_size) { 1865 result = 1; 1866 } 1867 return result; 1868 } 1869 1870 static const char *lookup_symbolxx(struct syminfo *s, target_ulong orig_addr) 1871 { 1872 #if ELF_CLASS == ELFCLASS32 1873 struct elf_sym *syms = s->disas_symtab.elf32; 1874 #else 1875 struct elf_sym *syms = s->disas_symtab.elf64; 1876 #endif 1877 1878 // binary search 1879 struct elf_sym *sym; 1880 1881 sym = bsearch(&orig_addr, syms, s->disas_num_syms, sizeof(*syms), symfind); 1882 if (sym != NULL) { 1883 return s->disas_strtab + sym->st_name; 1884 } 1885 1886 return ""; 1887 } 1888 1889 /* FIXME: This should use elf_ops.h */ 1890 static int symcmp(const void *s0, const void *s1) 1891 { 1892 struct elf_sym *sym0 = (struct elf_sym *)s0; 1893 struct elf_sym *sym1 = (struct elf_sym *)s1; 1894 return (sym0->st_value < sym1->st_value) 1895 ? -1 1896 : ((sym0->st_value > sym1->st_value) ? 1 : 0); 1897 } 1898 1899 /* Best attempt to load symbols from this ELF object. */ 1900 static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias) 1901 { 1902 int i, shnum, nsyms, sym_idx = 0, str_idx = 0; 1903 struct elf_shdr *shdr; 1904 char *strings = NULL; 1905 struct syminfo *s = NULL; 1906 struct elf_sym *new_syms, *syms = NULL; 1907 1908 shnum = hdr->e_shnum; 1909 i = shnum * sizeof(struct elf_shdr); 1910 shdr = (struct elf_shdr *)alloca(i); 1911 if (pread(fd, shdr, i, hdr->e_shoff) != i) { 1912 return; 1913 } 1914 1915 bswap_shdr(shdr, shnum); 1916 for (i = 0; i < shnum; ++i) { 1917 if (shdr[i].sh_type == SHT_SYMTAB) { 1918 sym_idx = i; 1919 str_idx = shdr[i].sh_link; 1920 goto found; 1921 } 1922 } 1923 1924 /* There will be no symbol table if the file was stripped. */ 1925 return; 1926 1927 found: 1928 /* Now know where the strtab and symtab are. Snarf them. */ 1929 s = malloc(sizeof(*s)); 1930 if (!s) { 1931 goto give_up; 1932 } 1933 1934 i = shdr[str_idx].sh_size; 1935 s->disas_strtab = strings = malloc(i); 1936 if (!strings || pread(fd, strings, i, shdr[str_idx].sh_offset) != i) { 1937 goto give_up; 1938 } 1939 1940 i = shdr[sym_idx].sh_size; 1941 syms = malloc(i); 1942 if (!syms || pread(fd, syms, i, shdr[sym_idx].sh_offset) != i) { 1943 goto give_up; 1944 } 1945 1946 nsyms = i / sizeof(struct elf_sym); 1947 for (i = 0; i < nsyms; ) { 1948 bswap_sym(syms + i); 1949 /* Throw away entries which we do not need. */ 1950 if (syms[i].st_shndx == SHN_UNDEF 1951 || syms[i].st_shndx >= SHN_LORESERVE 1952 || ELF_ST_TYPE(syms[i].st_info) != STT_FUNC) { 1953 if (i < --nsyms) { 1954 syms[i] = syms[nsyms]; 1955 } 1956 } else { 1957 #if defined(TARGET_ARM) || defined (TARGET_MIPS) 1958 /* The bottom address bit marks a Thumb or MIPS16 symbol. */ 1959 syms[i].st_value &= ~(target_ulong)1; 1960 #endif 1961 syms[i].st_value += load_bias; 1962 i++; 1963 } 1964 } 1965 1966 /* No "useful" symbol. */ 1967 if (nsyms == 0) { 1968 goto give_up; 1969 } 1970 1971 /* Attempt to free the storage associated with the local symbols 1972 that we threw away. Whether or not this has any effect on the 1973 memory allocation depends on the malloc implementation and how 1974 many symbols we managed to discard. */ 1975 new_syms = realloc(syms, nsyms * sizeof(*syms)); 1976 if (new_syms == NULL) { 1977 goto give_up; 1978 } 1979 syms = new_syms; 1980 1981 qsort(syms, nsyms, sizeof(*syms), symcmp); 1982 1983 s->disas_num_syms = nsyms; 1984 #if ELF_CLASS == ELFCLASS32 1985 s->disas_symtab.elf32 = syms; 1986 #else 1987 s->disas_symtab.elf64 = syms; 1988 #endif 1989 s->lookup_symbol = lookup_symbolxx; 1990 s->next = syminfos; 1991 syminfos = s; 1992 1993 return; 1994 1995 give_up: 1996 free(s); 1997 free(strings); 1998 free(syms); 1999 } 2000 2001 int load_elf_binary(struct linux_binprm * bprm, struct target_pt_regs * regs, 2002 struct image_info * info) 2003 { 2004 struct image_info interp_info; 2005 struct elfhdr elf_ex; 2006 char *elf_interpreter = NULL; 2007 2008 info->start_mmap = (abi_ulong)ELF_START_MMAP; 2009 info->mmap = 0; 2010 info->rss = 0; 2011 2012 load_elf_image(bprm->filename, bprm->fd, info, 2013 &elf_interpreter, bprm->buf); 2014 2015 /* ??? We need a copy of the elf header for passing to create_elf_tables. 2016 If we do nothing, we'll have overwritten this when we re-use bprm->buf 2017 when we load the interpreter. */ 2018 elf_ex = *(struct elfhdr *)bprm->buf; 2019 2020 bprm->p = copy_elf_strings(1, &bprm->filename, bprm->page, bprm->p); 2021 bprm->p = copy_elf_strings(bprm->envc,bprm->envp,bprm->page,bprm->p); 2022 bprm->p = copy_elf_strings(bprm->argc,bprm->argv,bprm->page,bprm->p); 2023 if (!bprm->p) { 2024 fprintf(stderr, "%s: %s\n", bprm->filename, strerror(E2BIG)); 2025 exit(-1); 2026 } 2027 2028 /* Do this so that we can load the interpreter, if need be. We will 2029 change some of these later */ 2030 bprm->p = setup_arg_pages(bprm->p, bprm, info); 2031 2032 if (elf_interpreter) { 2033 load_elf_interp(elf_interpreter, &interp_info, bprm->buf); 2034 2035 /* If the program interpreter is one of these two, then assume 2036 an iBCS2 image. Otherwise assume a native linux image. */ 2037 2038 if (strcmp(elf_interpreter, "/usr/lib/libc.so.1") == 0 2039 || strcmp(elf_interpreter, "/usr/lib/ld.so.1") == 0) { 2040 info->personality = PER_SVR4; 2041 2042 /* Why this, you ask??? Well SVr4 maps page 0 as read-only, 2043 and some applications "depend" upon this behavior. Since 2044 we do not have the power to recompile these, we emulate 2045 the SVr4 behavior. Sigh. */ 2046 target_mmap(0, qemu_host_page_size, PROT_READ | PROT_EXEC, 2047 MAP_FIXED | MAP_PRIVATE, -1, 0); 2048 } 2049 } 2050 2051 bprm->p = create_elf_tables(bprm->p, bprm->argc, bprm->envc, &elf_ex, 2052 info, (elf_interpreter ? &interp_info : NULL)); 2053 info->start_stack = bprm->p; 2054 2055 /* If we have an interpreter, set that as the program's entry point. 2056 Copy the load_bias as well, to help PPC64 interpret the entry 2057 point as a function descriptor. Do this after creating elf tables 2058 so that we copy the original program entry point into the AUXV. */ 2059 if (elf_interpreter) { 2060 info->load_bias = interp_info.load_bias; 2061 info->entry = interp_info.entry; 2062 free(elf_interpreter); 2063 } 2064 2065 #ifdef USE_ELF_CORE_DUMP 2066 bprm->core_dump = &elf_core_dump; 2067 #endif 2068 2069 return 0; 2070 } 2071 2072 #ifdef USE_ELF_CORE_DUMP 2073 /* 2074 * Definitions to generate Intel SVR4-like core files. 2075 * These mostly have the same names as the SVR4 types with "target_elf_" 2076 * tacked on the front to prevent clashes with linux definitions, 2077 * and the typedef forms have been avoided. This is mostly like 2078 * the SVR4 structure, but more Linuxy, with things that Linux does 2079 * not support and which gdb doesn't really use excluded. 2080 * 2081 * Fields we don't dump (their contents is zero) in linux-user qemu 2082 * are marked with XXX. 2083 * 2084 * Core dump code is copied from linux kernel (fs/binfmt_elf.c). 2085 * 2086 * Porting ELF coredump for target is (quite) simple process. First you 2087 * define USE_ELF_CORE_DUMP in target ELF code (where init_thread() for 2088 * the target resides): 2089 * 2090 * #define USE_ELF_CORE_DUMP 2091 * 2092 * Next you define type of register set used for dumping. ELF specification 2093 * says that it needs to be array of elf_greg_t that has size of ELF_NREG. 2094 * 2095 * typedef <target_regtype> target_elf_greg_t; 2096 * #define ELF_NREG <number of registers> 2097 * typedef taret_elf_greg_t target_elf_gregset_t[ELF_NREG]; 2098 * 2099 * Last step is to implement target specific function that copies registers 2100 * from given cpu into just specified register set. Prototype is: 2101 * 2102 * static void elf_core_copy_regs(taret_elf_gregset_t *regs, 2103 * const CPUArchState *env); 2104 * 2105 * Parameters: 2106 * regs - copy register values into here (allocated and zeroed by caller) 2107 * env - copy registers from here 2108 * 2109 * Example for ARM target is provided in this file. 2110 */ 2111 2112 /* An ELF note in memory */ 2113 struct memelfnote { 2114 const char *name; 2115 size_t namesz; 2116 size_t namesz_rounded; 2117 int type; 2118 size_t datasz; 2119 size_t datasz_rounded; 2120 void *data; 2121 size_t notesz; 2122 }; 2123 2124 struct target_elf_siginfo { 2125 abi_int si_signo; /* signal number */ 2126 abi_int si_code; /* extra code */ 2127 abi_int si_errno; /* errno */ 2128 }; 2129 2130 struct target_elf_prstatus { 2131 struct target_elf_siginfo pr_info; /* Info associated with signal */ 2132 abi_short pr_cursig; /* Current signal */ 2133 abi_ulong pr_sigpend; /* XXX */ 2134 abi_ulong pr_sighold; /* XXX */ 2135 target_pid_t pr_pid; 2136 target_pid_t pr_ppid; 2137 target_pid_t pr_pgrp; 2138 target_pid_t pr_sid; 2139 struct target_timeval pr_utime; /* XXX User time */ 2140 struct target_timeval pr_stime; /* XXX System time */ 2141 struct target_timeval pr_cutime; /* XXX Cumulative user time */ 2142 struct target_timeval pr_cstime; /* XXX Cumulative system time */ 2143 target_elf_gregset_t pr_reg; /* GP registers */ 2144 abi_int pr_fpvalid; /* XXX */ 2145 }; 2146 2147 #define ELF_PRARGSZ (80) /* Number of chars for args */ 2148 2149 struct target_elf_prpsinfo { 2150 char pr_state; /* numeric process state */ 2151 char pr_sname; /* char for pr_state */ 2152 char pr_zomb; /* zombie */ 2153 char pr_nice; /* nice val */ 2154 abi_ulong pr_flag; /* flags */ 2155 target_uid_t pr_uid; 2156 target_gid_t pr_gid; 2157 target_pid_t pr_pid, pr_ppid, pr_pgrp, pr_sid; 2158 /* Lots missing */ 2159 char pr_fname[16]; /* filename of executable */ 2160 char pr_psargs[ELF_PRARGSZ]; /* initial part of arg list */ 2161 }; 2162 2163 /* Here is the structure in which status of each thread is captured. */ 2164 struct elf_thread_status { 2165 QTAILQ_ENTRY(elf_thread_status) ets_link; 2166 struct target_elf_prstatus prstatus; /* NT_PRSTATUS */ 2167 #if 0 2168 elf_fpregset_t fpu; /* NT_PRFPREG */ 2169 struct task_struct *thread; 2170 elf_fpxregset_t xfpu; /* ELF_CORE_XFPREG_TYPE */ 2171 #endif 2172 struct memelfnote notes[1]; 2173 int num_notes; 2174 }; 2175 2176 struct elf_note_info { 2177 struct memelfnote *notes; 2178 struct target_elf_prstatus *prstatus; /* NT_PRSTATUS */ 2179 struct target_elf_prpsinfo *psinfo; /* NT_PRPSINFO */ 2180 2181 QTAILQ_HEAD(thread_list_head, elf_thread_status) thread_list; 2182 #if 0 2183 /* 2184 * Current version of ELF coredump doesn't support 2185 * dumping fp regs etc. 2186 */ 2187 elf_fpregset_t *fpu; 2188 elf_fpxregset_t *xfpu; 2189 int thread_status_size; 2190 #endif 2191 int notes_size; 2192 int numnote; 2193 }; 2194 2195 struct vm_area_struct { 2196 abi_ulong vma_start; /* start vaddr of memory region */ 2197 abi_ulong vma_end; /* end vaddr of memory region */ 2198 abi_ulong vma_flags; /* protection etc. flags for the region */ 2199 QTAILQ_ENTRY(vm_area_struct) vma_link; 2200 }; 2201 2202 struct mm_struct { 2203 QTAILQ_HEAD(, vm_area_struct) mm_mmap; 2204 int mm_count; /* number of mappings */ 2205 }; 2206 2207 static struct mm_struct *vma_init(void); 2208 static void vma_delete(struct mm_struct *); 2209 static int vma_add_mapping(struct mm_struct *, abi_ulong, 2210 abi_ulong, abi_ulong); 2211 static int vma_get_mapping_count(const struct mm_struct *); 2212 static struct vm_area_struct *vma_first(const struct mm_struct *); 2213 static struct vm_area_struct *vma_next(struct vm_area_struct *); 2214 static abi_ulong vma_dump_size(const struct vm_area_struct *); 2215 static int vma_walker(void *priv, abi_ulong start, abi_ulong end, 2216 unsigned long flags); 2217 2218 static void fill_elf_header(struct elfhdr *, int, uint16_t, uint32_t); 2219 static void fill_note(struct memelfnote *, const char *, int, 2220 unsigned int, void *); 2221 static void fill_prstatus(struct target_elf_prstatus *, const TaskState *, int); 2222 static int fill_psinfo(struct target_elf_prpsinfo *, const TaskState *); 2223 static void fill_auxv_note(struct memelfnote *, const TaskState *); 2224 static void fill_elf_note_phdr(struct elf_phdr *, int, off_t); 2225 static size_t note_size(const struct memelfnote *); 2226 static void free_note_info(struct elf_note_info *); 2227 static int fill_note_info(struct elf_note_info *, long, const CPUArchState *); 2228 static void fill_thread_info(struct elf_note_info *, const CPUArchState *); 2229 static int core_dump_filename(const TaskState *, char *, size_t); 2230 2231 static int dump_write(int, const void *, size_t); 2232 static int write_note(struct memelfnote *, int); 2233 static int write_note_info(struct elf_note_info *, int); 2234 2235 #ifdef BSWAP_NEEDED 2236 static void bswap_prstatus(struct target_elf_prstatus *prstatus) 2237 { 2238 prstatus->pr_info.si_signo = tswap32(prstatus->pr_info.si_signo); 2239 prstatus->pr_info.si_code = tswap32(prstatus->pr_info.si_code); 2240 prstatus->pr_info.si_errno = tswap32(prstatus->pr_info.si_errno); 2241 prstatus->pr_cursig = tswap16(prstatus->pr_cursig); 2242 prstatus->pr_sigpend = tswapal(prstatus->pr_sigpend); 2243 prstatus->pr_sighold = tswapal(prstatus->pr_sighold); 2244 prstatus->pr_pid = tswap32(prstatus->pr_pid); 2245 prstatus->pr_ppid = tswap32(prstatus->pr_ppid); 2246 prstatus->pr_pgrp = tswap32(prstatus->pr_pgrp); 2247 prstatus->pr_sid = tswap32(prstatus->pr_sid); 2248 /* cpu times are not filled, so we skip them */ 2249 /* regs should be in correct format already */ 2250 prstatus->pr_fpvalid = tswap32(prstatus->pr_fpvalid); 2251 } 2252 2253 static void bswap_psinfo(struct target_elf_prpsinfo *psinfo) 2254 { 2255 psinfo->pr_flag = tswapal(psinfo->pr_flag); 2256 psinfo->pr_uid = tswap16(psinfo->pr_uid); 2257 psinfo->pr_gid = tswap16(psinfo->pr_gid); 2258 psinfo->pr_pid = tswap32(psinfo->pr_pid); 2259 psinfo->pr_ppid = tswap32(psinfo->pr_ppid); 2260 psinfo->pr_pgrp = tswap32(psinfo->pr_pgrp); 2261 psinfo->pr_sid = tswap32(psinfo->pr_sid); 2262 } 2263 2264 static void bswap_note(struct elf_note *en) 2265 { 2266 bswap32s(&en->n_namesz); 2267 bswap32s(&en->n_descsz); 2268 bswap32s(&en->n_type); 2269 } 2270 #else 2271 static inline void bswap_prstatus(struct target_elf_prstatus *p) { } 2272 static inline void bswap_psinfo(struct target_elf_prpsinfo *p) {} 2273 static inline void bswap_note(struct elf_note *en) { } 2274 #endif /* BSWAP_NEEDED */ 2275 2276 /* 2277 * Minimal support for linux memory regions. These are needed 2278 * when we are finding out what memory exactly belongs to 2279 * emulated process. No locks needed here, as long as 2280 * thread that received the signal is stopped. 2281 */ 2282 2283 static struct mm_struct *vma_init(void) 2284 { 2285 struct mm_struct *mm; 2286 2287 if ((mm = g_malloc(sizeof (*mm))) == NULL) 2288 return (NULL); 2289 2290 mm->mm_count = 0; 2291 QTAILQ_INIT(&mm->mm_mmap); 2292 2293 return (mm); 2294 } 2295 2296 static void vma_delete(struct mm_struct *mm) 2297 { 2298 struct vm_area_struct *vma; 2299 2300 while ((vma = vma_first(mm)) != NULL) { 2301 QTAILQ_REMOVE(&mm->mm_mmap, vma, vma_link); 2302 g_free(vma); 2303 } 2304 g_free(mm); 2305 } 2306 2307 static int vma_add_mapping(struct mm_struct *mm, abi_ulong start, 2308 abi_ulong end, abi_ulong flags) 2309 { 2310 struct vm_area_struct *vma; 2311 2312 if ((vma = g_malloc0(sizeof (*vma))) == NULL) 2313 return (-1); 2314 2315 vma->vma_start = start; 2316 vma->vma_end = end; 2317 vma->vma_flags = flags; 2318 2319 QTAILQ_INSERT_TAIL(&mm->mm_mmap, vma, vma_link); 2320 mm->mm_count++; 2321 2322 return (0); 2323 } 2324 2325 static struct vm_area_struct *vma_first(const struct mm_struct *mm) 2326 { 2327 return (QTAILQ_FIRST(&mm->mm_mmap)); 2328 } 2329 2330 static struct vm_area_struct *vma_next(struct vm_area_struct *vma) 2331 { 2332 return (QTAILQ_NEXT(vma, vma_link)); 2333 } 2334 2335 static int vma_get_mapping_count(const struct mm_struct *mm) 2336 { 2337 return (mm->mm_count); 2338 } 2339 2340 /* 2341 * Calculate file (dump) size of given memory region. 2342 */ 2343 static abi_ulong vma_dump_size(const struct vm_area_struct *vma) 2344 { 2345 /* if we cannot even read the first page, skip it */ 2346 if (!access_ok(VERIFY_READ, vma->vma_start, TARGET_PAGE_SIZE)) 2347 return (0); 2348 2349 /* 2350 * Usually we don't dump executable pages as they contain 2351 * non-writable code that debugger can read directly from 2352 * target library etc. However, thread stacks are marked 2353 * also executable so we read in first page of given region 2354 * and check whether it contains elf header. If there is 2355 * no elf header, we dump it. 2356 */ 2357 if (vma->vma_flags & PROT_EXEC) { 2358 char page[TARGET_PAGE_SIZE]; 2359 2360 copy_from_user(page, vma->vma_start, sizeof (page)); 2361 if ((page[EI_MAG0] == ELFMAG0) && 2362 (page[EI_MAG1] == ELFMAG1) && 2363 (page[EI_MAG2] == ELFMAG2) && 2364 (page[EI_MAG3] == ELFMAG3)) { 2365 /* 2366 * Mappings are possibly from ELF binary. Don't dump 2367 * them. 2368 */ 2369 return (0); 2370 } 2371 } 2372 2373 return (vma->vma_end - vma->vma_start); 2374 } 2375 2376 static int vma_walker(void *priv, abi_ulong start, abi_ulong end, 2377 unsigned long flags) 2378 { 2379 struct mm_struct *mm = (struct mm_struct *)priv; 2380 2381 vma_add_mapping(mm, start, end, flags); 2382 return (0); 2383 } 2384 2385 static void fill_note(struct memelfnote *note, const char *name, int type, 2386 unsigned int sz, void *data) 2387 { 2388 unsigned int namesz; 2389 2390 namesz = strlen(name) + 1; 2391 note->name = name; 2392 note->namesz = namesz; 2393 note->namesz_rounded = roundup(namesz, sizeof (int32_t)); 2394 note->type = type; 2395 note->datasz = sz; 2396 note->datasz_rounded = roundup(sz, sizeof (int32_t)); 2397 2398 note->data = data; 2399 2400 /* 2401 * We calculate rounded up note size here as specified by 2402 * ELF document. 2403 */ 2404 note->notesz = sizeof (struct elf_note) + 2405 note->namesz_rounded + note->datasz_rounded; 2406 } 2407 2408 static void fill_elf_header(struct elfhdr *elf, int segs, uint16_t machine, 2409 uint32_t flags) 2410 { 2411 (void) memset(elf, 0, sizeof(*elf)); 2412 2413 (void) memcpy(elf->e_ident, ELFMAG, SELFMAG); 2414 elf->e_ident[EI_CLASS] = ELF_CLASS; 2415 elf->e_ident[EI_DATA] = ELF_DATA; 2416 elf->e_ident[EI_VERSION] = EV_CURRENT; 2417 elf->e_ident[EI_OSABI] = ELF_OSABI; 2418 2419 elf->e_type = ET_CORE; 2420 elf->e_machine = machine; 2421 elf->e_version = EV_CURRENT; 2422 elf->e_phoff = sizeof(struct elfhdr); 2423 elf->e_flags = flags; 2424 elf->e_ehsize = sizeof(struct elfhdr); 2425 elf->e_phentsize = sizeof(struct elf_phdr); 2426 elf->e_phnum = segs; 2427 2428 bswap_ehdr(elf); 2429 } 2430 2431 static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, off_t offset) 2432 { 2433 phdr->p_type = PT_NOTE; 2434 phdr->p_offset = offset; 2435 phdr->p_vaddr = 0; 2436 phdr->p_paddr = 0; 2437 phdr->p_filesz = sz; 2438 phdr->p_memsz = 0; 2439 phdr->p_flags = 0; 2440 phdr->p_align = 0; 2441 2442 bswap_phdr(phdr, 1); 2443 } 2444 2445 static size_t note_size(const struct memelfnote *note) 2446 { 2447 return (note->notesz); 2448 } 2449 2450 static void fill_prstatus(struct target_elf_prstatus *prstatus, 2451 const TaskState *ts, int signr) 2452 { 2453 (void) memset(prstatus, 0, sizeof (*prstatus)); 2454 prstatus->pr_info.si_signo = prstatus->pr_cursig = signr; 2455 prstatus->pr_pid = ts->ts_tid; 2456 prstatus->pr_ppid = getppid(); 2457 prstatus->pr_pgrp = getpgrp(); 2458 prstatus->pr_sid = getsid(0); 2459 2460 bswap_prstatus(prstatus); 2461 } 2462 2463 static int fill_psinfo(struct target_elf_prpsinfo *psinfo, const TaskState *ts) 2464 { 2465 char *base_filename; 2466 unsigned int i, len; 2467 2468 (void) memset(psinfo, 0, sizeof (*psinfo)); 2469 2470 len = ts->info->arg_end - ts->info->arg_start; 2471 if (len >= ELF_PRARGSZ) 2472 len = ELF_PRARGSZ - 1; 2473 if (copy_from_user(&psinfo->pr_psargs, ts->info->arg_start, len)) 2474 return -EFAULT; 2475 for (i = 0; i < len; i++) 2476 if (psinfo->pr_psargs[i] == 0) 2477 psinfo->pr_psargs[i] = ' '; 2478 psinfo->pr_psargs[len] = 0; 2479 2480 psinfo->pr_pid = getpid(); 2481 psinfo->pr_ppid = getppid(); 2482 psinfo->pr_pgrp = getpgrp(); 2483 psinfo->pr_sid = getsid(0); 2484 psinfo->pr_uid = getuid(); 2485 psinfo->pr_gid = getgid(); 2486 2487 base_filename = g_path_get_basename(ts->bprm->filename); 2488 /* 2489 * Using strncpy here is fine: at max-length, 2490 * this field is not NUL-terminated. 2491 */ 2492 (void) strncpy(psinfo->pr_fname, base_filename, 2493 sizeof(psinfo->pr_fname)); 2494 2495 g_free(base_filename); 2496 bswap_psinfo(psinfo); 2497 return (0); 2498 } 2499 2500 static void fill_auxv_note(struct memelfnote *note, const TaskState *ts) 2501 { 2502 elf_addr_t auxv = (elf_addr_t)ts->info->saved_auxv; 2503 elf_addr_t orig_auxv = auxv; 2504 void *ptr; 2505 int len = ts->info->auxv_len; 2506 2507 /* 2508 * Auxiliary vector is stored in target process stack. It contains 2509 * {type, value} pairs that we need to dump into note. This is not 2510 * strictly necessary but we do it here for sake of completeness. 2511 */ 2512 2513 /* read in whole auxv vector and copy it to memelfnote */ 2514 ptr = lock_user(VERIFY_READ, orig_auxv, len, 0); 2515 if (ptr != NULL) { 2516 fill_note(note, "CORE", NT_AUXV, len, ptr); 2517 unlock_user(ptr, auxv, len); 2518 } 2519 } 2520 2521 /* 2522 * Constructs name of coredump file. We have following convention 2523 * for the name: 2524 * qemu_<basename-of-target-binary>_<date>-<time>_<pid>.core 2525 * 2526 * Returns 0 in case of success, -1 otherwise (errno is set). 2527 */ 2528 static int core_dump_filename(const TaskState *ts, char *buf, 2529 size_t bufsize) 2530 { 2531 char timestamp[64]; 2532 char *filename = NULL; 2533 char *base_filename = NULL; 2534 struct timeval tv; 2535 struct tm tm; 2536 2537 assert(bufsize >= PATH_MAX); 2538 2539 if (gettimeofday(&tv, NULL) < 0) { 2540 (void) fprintf(stderr, "unable to get current timestamp: %s", 2541 strerror(errno)); 2542 return (-1); 2543 } 2544 2545 filename = strdup(ts->bprm->filename); 2546 base_filename = strdup(basename(filename)); 2547 (void) strftime(timestamp, sizeof (timestamp), "%Y%m%d-%H%M%S", 2548 localtime_r(&tv.tv_sec, &tm)); 2549 (void) snprintf(buf, bufsize, "qemu_%s_%s_%d.core", 2550 base_filename, timestamp, (int)getpid()); 2551 free(base_filename); 2552 free(filename); 2553 2554 return (0); 2555 } 2556 2557 static int dump_write(int fd, const void *ptr, size_t size) 2558 { 2559 const char *bufp = (const char *)ptr; 2560 ssize_t bytes_written, bytes_left; 2561 struct rlimit dumpsize; 2562 off_t pos; 2563 2564 bytes_written = 0; 2565 getrlimit(RLIMIT_CORE, &dumpsize); 2566 if ((pos = lseek(fd, 0, SEEK_CUR))==-1) { 2567 if (errno == ESPIPE) { /* not a seekable stream */ 2568 bytes_left = size; 2569 } else { 2570 return pos; 2571 } 2572 } else { 2573 if (dumpsize.rlim_cur <= pos) { 2574 return -1; 2575 } else if (dumpsize.rlim_cur == RLIM_INFINITY) { 2576 bytes_left = size; 2577 } else { 2578 size_t limit_left=dumpsize.rlim_cur - pos; 2579 bytes_left = limit_left >= size ? size : limit_left ; 2580 } 2581 } 2582 2583 /* 2584 * In normal conditions, single write(2) should do but 2585 * in case of socket etc. this mechanism is more portable. 2586 */ 2587 do { 2588 bytes_written = write(fd, bufp, bytes_left); 2589 if (bytes_written < 0) { 2590 if (errno == EINTR) 2591 continue; 2592 return (-1); 2593 } else if (bytes_written == 0) { /* eof */ 2594 return (-1); 2595 } 2596 bufp += bytes_written; 2597 bytes_left -= bytes_written; 2598 } while (bytes_left > 0); 2599 2600 return (0); 2601 } 2602 2603 static int write_note(struct memelfnote *men, int fd) 2604 { 2605 struct elf_note en; 2606 2607 en.n_namesz = men->namesz; 2608 en.n_type = men->type; 2609 en.n_descsz = men->datasz; 2610 2611 bswap_note(&en); 2612 2613 if (dump_write(fd, &en, sizeof(en)) != 0) 2614 return (-1); 2615 if (dump_write(fd, men->name, men->namesz_rounded) != 0) 2616 return (-1); 2617 if (dump_write(fd, men->data, men->datasz_rounded) != 0) 2618 return (-1); 2619 2620 return (0); 2621 } 2622 2623 static void fill_thread_info(struct elf_note_info *info, const CPUArchState *env) 2624 { 2625 TaskState *ts = (TaskState *)env->opaque; 2626 struct elf_thread_status *ets; 2627 2628 ets = g_malloc0(sizeof (*ets)); 2629 ets->num_notes = 1; /* only prstatus is dumped */ 2630 fill_prstatus(&ets->prstatus, ts, 0); 2631 elf_core_copy_regs(&ets->prstatus.pr_reg, env); 2632 fill_note(&ets->notes[0], "CORE", NT_PRSTATUS, sizeof (ets->prstatus), 2633 &ets->prstatus); 2634 2635 QTAILQ_INSERT_TAIL(&info->thread_list, ets, ets_link); 2636 2637 info->notes_size += note_size(&ets->notes[0]); 2638 } 2639 2640 static int fill_note_info(struct elf_note_info *info, 2641 long signr, const CPUArchState *env) 2642 { 2643 #define NUMNOTES 3 2644 CPUState *cpu = NULL; 2645 TaskState *ts = (TaskState *)env->opaque; 2646 int i; 2647 2648 (void) memset(info, 0, sizeof (*info)); 2649 2650 QTAILQ_INIT(&info->thread_list); 2651 2652 info->notes = g_malloc0(NUMNOTES * sizeof (struct memelfnote)); 2653 if (info->notes == NULL) 2654 return (-ENOMEM); 2655 info->prstatus = g_malloc0(sizeof (*info->prstatus)); 2656 if (info->prstatus == NULL) 2657 return (-ENOMEM); 2658 info->psinfo = g_malloc0(sizeof (*info->psinfo)); 2659 if (info->prstatus == NULL) 2660 return (-ENOMEM); 2661 2662 /* 2663 * First fill in status (and registers) of current thread 2664 * including process info & aux vector. 2665 */ 2666 fill_prstatus(info->prstatus, ts, signr); 2667 elf_core_copy_regs(&info->prstatus->pr_reg, env); 2668 fill_note(&info->notes[0], "CORE", NT_PRSTATUS, 2669 sizeof (*info->prstatus), info->prstatus); 2670 fill_psinfo(info->psinfo, ts); 2671 fill_note(&info->notes[1], "CORE", NT_PRPSINFO, 2672 sizeof (*info->psinfo), info->psinfo); 2673 fill_auxv_note(&info->notes[2], ts); 2674 info->numnote = 3; 2675 2676 info->notes_size = 0; 2677 for (i = 0; i < info->numnote; i++) 2678 info->notes_size += note_size(&info->notes[i]); 2679 2680 /* read and fill status of all threads */ 2681 cpu_list_lock(); 2682 CPU_FOREACH(cpu) { 2683 if (cpu == thread_cpu) { 2684 continue; 2685 } 2686 fill_thread_info(info, (CPUArchState *)cpu->env_ptr); 2687 } 2688 cpu_list_unlock(); 2689 2690 return (0); 2691 } 2692 2693 static void free_note_info(struct elf_note_info *info) 2694 { 2695 struct elf_thread_status *ets; 2696 2697 while (!QTAILQ_EMPTY(&info->thread_list)) { 2698 ets = QTAILQ_FIRST(&info->thread_list); 2699 QTAILQ_REMOVE(&info->thread_list, ets, ets_link); 2700 g_free(ets); 2701 } 2702 2703 g_free(info->prstatus); 2704 g_free(info->psinfo); 2705 g_free(info->notes); 2706 } 2707 2708 static int write_note_info(struct elf_note_info *info, int fd) 2709 { 2710 struct elf_thread_status *ets; 2711 int i, error = 0; 2712 2713 /* write prstatus, psinfo and auxv for current thread */ 2714 for (i = 0; i < info->numnote; i++) 2715 if ((error = write_note(&info->notes[i], fd)) != 0) 2716 return (error); 2717 2718 /* write prstatus for each thread */ 2719 for (ets = info->thread_list.tqh_first; ets != NULL; 2720 ets = ets->ets_link.tqe_next) { 2721 if ((error = write_note(&ets->notes[0], fd)) != 0) 2722 return (error); 2723 } 2724 2725 return (0); 2726 } 2727 2728 /* 2729 * Write out ELF coredump. 2730 * 2731 * See documentation of ELF object file format in: 2732 * http://www.caldera.com/developers/devspecs/gabi41.pdf 2733 * 2734 * Coredump format in linux is following: 2735 * 2736 * 0 +----------------------+ \ 2737 * | ELF header | ET_CORE | 2738 * +----------------------+ | 2739 * | ELF program headers | |--- headers 2740 * | - NOTE section | | 2741 * | - PT_LOAD sections | | 2742 * +----------------------+ / 2743 * | NOTEs: | 2744 * | - NT_PRSTATUS | 2745 * | - NT_PRSINFO | 2746 * | - NT_AUXV | 2747 * +----------------------+ <-- aligned to target page 2748 * | Process memory dump | 2749 * : : 2750 * . . 2751 * : : 2752 * | | 2753 * +----------------------+ 2754 * 2755 * NT_PRSTATUS -> struct elf_prstatus (per thread) 2756 * NT_PRSINFO -> struct elf_prpsinfo 2757 * NT_AUXV is array of { type, value } pairs (see fill_auxv_note()). 2758 * 2759 * Format follows System V format as close as possible. Current 2760 * version limitations are as follows: 2761 * - no floating point registers are dumped 2762 * 2763 * Function returns 0 in case of success, negative errno otherwise. 2764 * 2765 * TODO: make this work also during runtime: it should be 2766 * possible to force coredump from running process and then 2767 * continue processing. For example qemu could set up SIGUSR2 2768 * handler (provided that target process haven't registered 2769 * handler for that) that does the dump when signal is received. 2770 */ 2771 static int elf_core_dump(int signr, const CPUArchState *env) 2772 { 2773 const TaskState *ts = (const TaskState *)env->opaque; 2774 struct vm_area_struct *vma = NULL; 2775 char corefile[PATH_MAX]; 2776 struct elf_note_info info; 2777 struct elfhdr elf; 2778 struct elf_phdr phdr; 2779 struct rlimit dumpsize; 2780 struct mm_struct *mm = NULL; 2781 off_t offset = 0, data_offset = 0; 2782 int segs = 0; 2783 int fd = -1; 2784 2785 errno = 0; 2786 getrlimit(RLIMIT_CORE, &dumpsize); 2787 if (dumpsize.rlim_cur == 0) 2788 return 0; 2789 2790 if (core_dump_filename(ts, corefile, sizeof (corefile)) < 0) 2791 return (-errno); 2792 2793 if ((fd = open(corefile, O_WRONLY | O_CREAT, 2794 S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)) < 0) 2795 return (-errno); 2796 2797 /* 2798 * Walk through target process memory mappings and 2799 * set up structure containing this information. After 2800 * this point vma_xxx functions can be used. 2801 */ 2802 if ((mm = vma_init()) == NULL) 2803 goto out; 2804 2805 walk_memory_regions(mm, vma_walker); 2806 segs = vma_get_mapping_count(mm); 2807 2808 /* 2809 * Construct valid coredump ELF header. We also 2810 * add one more segment for notes. 2811 */ 2812 fill_elf_header(&elf, segs + 1, ELF_MACHINE, 0); 2813 if (dump_write(fd, &elf, sizeof (elf)) != 0) 2814 goto out; 2815 2816 /* fill in in-memory version of notes */ 2817 if (fill_note_info(&info, signr, env) < 0) 2818 goto out; 2819 2820 offset += sizeof (elf); /* elf header */ 2821 offset += (segs + 1) * sizeof (struct elf_phdr); /* program headers */ 2822 2823 /* write out notes program header */ 2824 fill_elf_note_phdr(&phdr, info.notes_size, offset); 2825 2826 offset += info.notes_size; 2827 if (dump_write(fd, &phdr, sizeof (phdr)) != 0) 2828 goto out; 2829 2830 /* 2831 * ELF specification wants data to start at page boundary so 2832 * we align it here. 2833 */ 2834 data_offset = offset = roundup(offset, ELF_EXEC_PAGESIZE); 2835 2836 /* 2837 * Write program headers for memory regions mapped in 2838 * the target process. 2839 */ 2840 for (vma = vma_first(mm); vma != NULL; vma = vma_next(vma)) { 2841 (void) memset(&phdr, 0, sizeof (phdr)); 2842 2843 phdr.p_type = PT_LOAD; 2844 phdr.p_offset = offset; 2845 phdr.p_vaddr = vma->vma_start; 2846 phdr.p_paddr = 0; 2847 phdr.p_filesz = vma_dump_size(vma); 2848 offset += phdr.p_filesz; 2849 phdr.p_memsz = vma->vma_end - vma->vma_start; 2850 phdr.p_flags = vma->vma_flags & PROT_READ ? PF_R : 0; 2851 if (vma->vma_flags & PROT_WRITE) 2852 phdr.p_flags |= PF_W; 2853 if (vma->vma_flags & PROT_EXEC) 2854 phdr.p_flags |= PF_X; 2855 phdr.p_align = ELF_EXEC_PAGESIZE; 2856 2857 bswap_phdr(&phdr, 1); 2858 dump_write(fd, &phdr, sizeof (phdr)); 2859 } 2860 2861 /* 2862 * Next we write notes just after program headers. No 2863 * alignment needed here. 2864 */ 2865 if (write_note_info(&info, fd) < 0) 2866 goto out; 2867 2868 /* align data to page boundary */ 2869 if (lseek(fd, data_offset, SEEK_SET) != data_offset) 2870 goto out; 2871 2872 /* 2873 * Finally we can dump process memory into corefile as well. 2874 */ 2875 for (vma = vma_first(mm); vma != NULL; vma = vma_next(vma)) { 2876 abi_ulong addr; 2877 abi_ulong end; 2878 2879 end = vma->vma_start + vma_dump_size(vma); 2880 2881 for (addr = vma->vma_start; addr < end; 2882 addr += TARGET_PAGE_SIZE) { 2883 char page[TARGET_PAGE_SIZE]; 2884 int error; 2885 2886 /* 2887 * Read in page from target process memory and 2888 * write it to coredump file. 2889 */ 2890 error = copy_from_user(page, addr, sizeof (page)); 2891 if (error != 0) { 2892 (void) fprintf(stderr, "unable to dump " TARGET_ABI_FMT_lx "\n", 2893 addr); 2894 errno = -error; 2895 goto out; 2896 } 2897 if (dump_write(fd, page, TARGET_PAGE_SIZE) < 0) 2898 goto out; 2899 } 2900 } 2901 2902 out: 2903 free_note_info(&info); 2904 if (mm != NULL) 2905 vma_delete(mm); 2906 (void) close(fd); 2907 2908 if (errno != 0) 2909 return (-errno); 2910 return (0); 2911 } 2912 #endif /* USE_ELF_CORE_DUMP */ 2913 2914 void do_init_thread(struct target_pt_regs *regs, struct image_info *infop) 2915 { 2916 init_thread(regs, infop); 2917 } 2918