1 /* This is the Linux kernel elf-loading code, ported into user space */ 2 #include <sys/time.h> 3 #include <sys/param.h> 4 5 #include <stdio.h> 6 #include <sys/types.h> 7 #include <fcntl.h> 8 #include <errno.h> 9 #include <unistd.h> 10 #include <sys/mman.h> 11 #include <sys/resource.h> 12 #include <stdlib.h> 13 #include <string.h> 14 #include <time.h> 15 16 #include "qemu.h" 17 #include "disas.h" 18 19 #ifdef _ARCH_PPC64 20 #undef ARCH_DLINFO 21 #undef ELF_PLATFORM 22 #undef ELF_HWCAP 23 #undef ELF_CLASS 24 #undef ELF_DATA 25 #undef ELF_ARCH 26 #endif 27 28 #define ELF_OSABI ELFOSABI_SYSV 29 30 /* from personality.h */ 31 32 /* 33 * Flags for bug emulation. 34 * 35 * These occupy the top three bytes. 36 */ 37 enum { 38 ADDR_NO_RANDOMIZE = 0x0040000, /* disable randomization of VA space */ 39 FDPIC_FUNCPTRS = 0x0080000, /* userspace function ptrs point to 40 descriptors (signal handling) */ 41 MMAP_PAGE_ZERO = 0x0100000, 42 ADDR_COMPAT_LAYOUT = 0x0200000, 43 READ_IMPLIES_EXEC = 0x0400000, 44 ADDR_LIMIT_32BIT = 0x0800000, 45 SHORT_INODE = 0x1000000, 46 WHOLE_SECONDS = 0x2000000, 47 STICKY_TIMEOUTS = 0x4000000, 48 ADDR_LIMIT_3GB = 0x8000000, 49 }; 50 51 /* 52 * Personality types. 53 * 54 * These go in the low byte. Avoid using the top bit, it will 55 * conflict with error returns. 56 */ 57 enum { 58 PER_LINUX = 0x0000, 59 PER_LINUX_32BIT = 0x0000 | ADDR_LIMIT_32BIT, 60 PER_LINUX_FDPIC = 0x0000 | FDPIC_FUNCPTRS, 61 PER_SVR4 = 0x0001 | STICKY_TIMEOUTS | MMAP_PAGE_ZERO, 62 PER_SVR3 = 0x0002 | STICKY_TIMEOUTS | SHORT_INODE, 63 PER_SCOSVR3 = 0x0003 | STICKY_TIMEOUTS | WHOLE_SECONDS | SHORT_INODE, 64 PER_OSR5 = 0x0003 | STICKY_TIMEOUTS | WHOLE_SECONDS, 65 PER_WYSEV386 = 0x0004 | STICKY_TIMEOUTS | SHORT_INODE, 66 PER_ISCR4 = 0x0005 | STICKY_TIMEOUTS, 67 PER_BSD = 0x0006, 68 PER_SUNOS = 0x0006 | STICKY_TIMEOUTS, 69 PER_XENIX = 0x0007 | STICKY_TIMEOUTS | SHORT_INODE, 70 PER_LINUX32 = 0x0008, 71 PER_LINUX32_3GB = 0x0008 | ADDR_LIMIT_3GB, 72 PER_IRIX32 = 0x0009 | STICKY_TIMEOUTS,/* IRIX5 32-bit */ 73 PER_IRIXN32 = 0x000a | STICKY_TIMEOUTS,/* IRIX6 new 32-bit */ 74 PER_IRIX64 = 0x000b | STICKY_TIMEOUTS,/* IRIX6 64-bit */ 75 PER_RISCOS = 0x000c, 76 PER_SOLARIS = 0x000d | STICKY_TIMEOUTS, 77 PER_UW7 = 0x000e | STICKY_TIMEOUTS | MMAP_PAGE_ZERO, 78 PER_OSF4 = 0x000f, /* OSF/1 v4 */ 79 PER_HPUX = 0x0010, 80 PER_MASK = 0x00ff, 81 }; 82 83 /* 84 * Return the base personality without flags. 85 */ 86 #define personality(pers) (pers & PER_MASK) 87 88 /* this flag is uneffective under linux too, should be deleted */ 89 #ifndef MAP_DENYWRITE 90 #define MAP_DENYWRITE 0 91 #endif 92 93 /* should probably go in elf.h */ 94 #ifndef ELIBBAD 95 #define ELIBBAD 80 96 #endif 97 98 #ifdef TARGET_WORDS_BIGENDIAN 99 #define ELF_DATA ELFDATA2MSB 100 #else 101 #define ELF_DATA ELFDATA2LSB 102 #endif 103 104 typedef target_ulong target_elf_greg_t; 105 #ifdef USE_UID16 106 typedef target_ushort target_uid_t; 107 typedef target_ushort target_gid_t; 108 #else 109 typedef target_uint target_uid_t; 110 typedef target_uint target_gid_t; 111 #endif 112 typedef target_int target_pid_t; 113 114 #ifdef TARGET_I386 115 116 #define ELF_PLATFORM get_elf_platform() 117 118 static const char *get_elf_platform(void) 119 { 120 static char elf_platform[] = "i386"; 121 int family = (thread_env->cpuid_version >> 8) & 0xff; 122 if (family > 6) 123 family = 6; 124 if (family >= 3) 125 elf_platform[1] = '0' + family; 126 return elf_platform; 127 } 128 129 #define ELF_HWCAP get_elf_hwcap() 130 131 static uint32_t get_elf_hwcap(void) 132 { 133 return thread_env->cpuid_features; 134 } 135 136 #ifdef TARGET_X86_64 137 #define ELF_START_MMAP 0x2aaaaab000ULL 138 #define elf_check_arch(x) ( ((x) == ELF_ARCH) ) 139 140 #define ELF_CLASS ELFCLASS64 141 #define ELF_ARCH EM_X86_64 142 143 static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop) 144 { 145 regs->rax = 0; 146 regs->rsp = infop->start_stack; 147 regs->rip = infop->entry; 148 } 149 150 #define ELF_NREG 27 151 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 152 153 /* 154 * Note that ELF_NREG should be 29 as there should be place for 155 * TRAPNO and ERR "registers" as well but linux doesn't dump 156 * those. 157 * 158 * See linux kernel: arch/x86/include/asm/elf.h 159 */ 160 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env) 161 { 162 (*regs)[0] = env->regs[15]; 163 (*regs)[1] = env->regs[14]; 164 (*regs)[2] = env->regs[13]; 165 (*regs)[3] = env->regs[12]; 166 (*regs)[4] = env->regs[R_EBP]; 167 (*regs)[5] = env->regs[R_EBX]; 168 (*regs)[6] = env->regs[11]; 169 (*regs)[7] = env->regs[10]; 170 (*regs)[8] = env->regs[9]; 171 (*regs)[9] = env->regs[8]; 172 (*regs)[10] = env->regs[R_EAX]; 173 (*regs)[11] = env->regs[R_ECX]; 174 (*regs)[12] = env->regs[R_EDX]; 175 (*regs)[13] = env->regs[R_ESI]; 176 (*regs)[14] = env->regs[R_EDI]; 177 (*regs)[15] = env->regs[R_EAX]; /* XXX */ 178 (*regs)[16] = env->eip; 179 (*regs)[17] = env->segs[R_CS].selector & 0xffff; 180 (*regs)[18] = env->eflags; 181 (*regs)[19] = env->regs[R_ESP]; 182 (*regs)[20] = env->segs[R_SS].selector & 0xffff; 183 (*regs)[21] = env->segs[R_FS].selector & 0xffff; 184 (*regs)[22] = env->segs[R_GS].selector & 0xffff; 185 (*regs)[23] = env->segs[R_DS].selector & 0xffff; 186 (*regs)[24] = env->segs[R_ES].selector & 0xffff; 187 (*regs)[25] = env->segs[R_FS].selector & 0xffff; 188 (*regs)[26] = env->segs[R_GS].selector & 0xffff; 189 } 190 191 #else 192 193 #define ELF_START_MMAP 0x80000000 194 195 /* 196 * This is used to ensure we don't load something for the wrong architecture. 197 */ 198 #define elf_check_arch(x) ( ((x) == EM_386) || ((x) == EM_486) ) 199 200 /* 201 * These are used to set parameters in the core dumps. 202 */ 203 #define ELF_CLASS ELFCLASS32 204 #define ELF_ARCH EM_386 205 206 static inline void init_thread(struct target_pt_regs *regs, 207 struct image_info *infop) 208 { 209 regs->esp = infop->start_stack; 210 regs->eip = infop->entry; 211 212 /* SVR4/i386 ABI (pages 3-31, 3-32) says that when the program 213 starts %edx contains a pointer to a function which might be 214 registered using `atexit'. This provides a mean for the 215 dynamic linker to call DT_FINI functions for shared libraries 216 that have been loaded before the code runs. 217 218 A value of 0 tells we have no such handler. */ 219 regs->edx = 0; 220 } 221 222 #define ELF_NREG 17 223 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 224 225 /* 226 * Note that ELF_NREG should be 19 as there should be place for 227 * TRAPNO and ERR "registers" as well but linux doesn't dump 228 * those. 229 * 230 * See linux kernel: arch/x86/include/asm/elf.h 231 */ 232 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env) 233 { 234 (*regs)[0] = env->regs[R_EBX]; 235 (*regs)[1] = env->regs[R_ECX]; 236 (*regs)[2] = env->regs[R_EDX]; 237 (*regs)[3] = env->regs[R_ESI]; 238 (*regs)[4] = env->regs[R_EDI]; 239 (*regs)[5] = env->regs[R_EBP]; 240 (*regs)[6] = env->regs[R_EAX]; 241 (*regs)[7] = env->segs[R_DS].selector & 0xffff; 242 (*regs)[8] = env->segs[R_ES].selector & 0xffff; 243 (*regs)[9] = env->segs[R_FS].selector & 0xffff; 244 (*regs)[10] = env->segs[R_GS].selector & 0xffff; 245 (*regs)[11] = env->regs[R_EAX]; /* XXX */ 246 (*regs)[12] = env->eip; 247 (*regs)[13] = env->segs[R_CS].selector & 0xffff; 248 (*regs)[14] = env->eflags; 249 (*regs)[15] = env->regs[R_ESP]; 250 (*regs)[16] = env->segs[R_SS].selector & 0xffff; 251 } 252 #endif 253 254 #define USE_ELF_CORE_DUMP 255 #define ELF_EXEC_PAGESIZE 4096 256 257 #endif 258 259 #ifdef TARGET_ARM 260 261 #define ELF_START_MMAP 0x80000000 262 263 #define elf_check_arch(x) ( (x) == EM_ARM ) 264 265 #define ELF_CLASS ELFCLASS32 266 #define ELF_ARCH EM_ARM 267 268 static inline void init_thread(struct target_pt_regs *regs, 269 struct image_info *infop) 270 { 271 abi_long stack = infop->start_stack; 272 memset(regs, 0, sizeof(*regs)); 273 regs->ARM_cpsr = 0x10; 274 if (infop->entry & 1) 275 regs->ARM_cpsr |= CPSR_T; 276 regs->ARM_pc = infop->entry & 0xfffffffe; 277 regs->ARM_sp = infop->start_stack; 278 /* FIXME - what to for failure of get_user()? */ 279 get_user_ual(regs->ARM_r2, stack + 8); /* envp */ 280 get_user_ual(regs->ARM_r1, stack + 4); /* envp */ 281 /* XXX: it seems that r0 is zeroed after ! */ 282 regs->ARM_r0 = 0; 283 /* For uClinux PIC binaries. */ 284 /* XXX: Linux does this only on ARM with no MMU (do we care ?) */ 285 regs->ARM_r10 = infop->start_data; 286 } 287 288 #define ELF_NREG 18 289 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 290 291 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env) 292 { 293 (*regs)[0] = tswapl(env->regs[0]); 294 (*regs)[1] = tswapl(env->regs[1]); 295 (*regs)[2] = tswapl(env->regs[2]); 296 (*regs)[3] = tswapl(env->regs[3]); 297 (*regs)[4] = tswapl(env->regs[4]); 298 (*regs)[5] = tswapl(env->regs[5]); 299 (*regs)[6] = tswapl(env->regs[6]); 300 (*regs)[7] = tswapl(env->regs[7]); 301 (*regs)[8] = tswapl(env->regs[8]); 302 (*regs)[9] = tswapl(env->regs[9]); 303 (*regs)[10] = tswapl(env->regs[10]); 304 (*regs)[11] = tswapl(env->regs[11]); 305 (*regs)[12] = tswapl(env->regs[12]); 306 (*regs)[13] = tswapl(env->regs[13]); 307 (*regs)[14] = tswapl(env->regs[14]); 308 (*regs)[15] = tswapl(env->regs[15]); 309 310 (*regs)[16] = tswapl(cpsr_read((CPUState *)env)); 311 (*regs)[17] = tswapl(env->regs[0]); /* XXX */ 312 } 313 314 #define USE_ELF_CORE_DUMP 315 #define ELF_EXEC_PAGESIZE 4096 316 317 enum 318 { 319 ARM_HWCAP_ARM_SWP = 1 << 0, 320 ARM_HWCAP_ARM_HALF = 1 << 1, 321 ARM_HWCAP_ARM_THUMB = 1 << 2, 322 ARM_HWCAP_ARM_26BIT = 1 << 3, 323 ARM_HWCAP_ARM_FAST_MULT = 1 << 4, 324 ARM_HWCAP_ARM_FPA = 1 << 5, 325 ARM_HWCAP_ARM_VFP = 1 << 6, 326 ARM_HWCAP_ARM_EDSP = 1 << 7, 327 ARM_HWCAP_ARM_JAVA = 1 << 8, 328 ARM_HWCAP_ARM_IWMMXT = 1 << 9, 329 ARM_HWCAP_ARM_THUMBEE = 1 << 10, 330 ARM_HWCAP_ARM_NEON = 1 << 11, 331 ARM_HWCAP_ARM_VFPv3 = 1 << 12, 332 ARM_HWCAP_ARM_VFPv3D16 = 1 << 13, 333 }; 334 335 #define TARGET_HAS_GUEST_VALIDATE_BASE 336 /* We want the opportunity to check the suggested base */ 337 bool guest_validate_base(unsigned long guest_base) 338 { 339 unsigned long real_start, test_page_addr; 340 341 /* We need to check that we can force a fault on access to the 342 * commpage at 0xffff0fxx 343 */ 344 test_page_addr = guest_base + (0xffff0f00 & qemu_host_page_mask); 345 /* Note it needs to be writeable to let us initialise it */ 346 real_start = (unsigned long) 347 mmap((void *)test_page_addr, qemu_host_page_size, 348 PROT_READ | PROT_WRITE, 349 MAP_ANONYMOUS | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); 350 351 /* If we can't map it then try another address */ 352 if (real_start == -1ul) { 353 return 0; 354 } 355 356 if (real_start != test_page_addr) { 357 /* OS didn't put the page where we asked - unmap and reject */ 358 munmap((void *)real_start, qemu_host_page_size); 359 return 0; 360 } 361 362 /* Leave the page mapped 363 * Populate it (mmap should have left it all 0'd) 364 */ 365 366 /* Kernel helper versions */ 367 __put_user(5, (uint32_t *)g2h(0xffff0ffcul)); 368 369 /* Now it's populated make it RO */ 370 if (mprotect((void *)test_page_addr, qemu_host_page_size, PROT_READ)) { 371 perror("Protecting guest commpage"); 372 exit(-1); 373 } 374 375 return 1; /* All good */ 376 } 377 378 #define ELF_HWCAP (ARM_HWCAP_ARM_SWP | ARM_HWCAP_ARM_HALF \ 379 | ARM_HWCAP_ARM_THUMB | ARM_HWCAP_ARM_FAST_MULT \ 380 | ARM_HWCAP_ARM_FPA | ARM_HWCAP_ARM_VFP \ 381 | ARM_HWCAP_ARM_NEON | ARM_HWCAP_ARM_VFPv3 ) 382 383 #endif 384 385 #ifdef TARGET_UNICORE32 386 387 #define ELF_START_MMAP 0x80000000 388 389 #define elf_check_arch(x) ((x) == EM_UNICORE32) 390 391 #define ELF_CLASS ELFCLASS32 392 #define ELF_DATA ELFDATA2LSB 393 #define ELF_ARCH EM_UNICORE32 394 395 static inline void init_thread(struct target_pt_regs *regs, 396 struct image_info *infop) 397 { 398 abi_long stack = infop->start_stack; 399 memset(regs, 0, sizeof(*regs)); 400 regs->UC32_REG_asr = 0x10; 401 regs->UC32_REG_pc = infop->entry & 0xfffffffe; 402 regs->UC32_REG_sp = infop->start_stack; 403 /* FIXME - what to for failure of get_user()? */ 404 get_user_ual(regs->UC32_REG_02, stack + 8); /* envp */ 405 get_user_ual(regs->UC32_REG_01, stack + 4); /* envp */ 406 /* XXX: it seems that r0 is zeroed after ! */ 407 regs->UC32_REG_00 = 0; 408 } 409 410 #define ELF_NREG 34 411 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 412 413 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env) 414 { 415 (*regs)[0] = env->regs[0]; 416 (*regs)[1] = env->regs[1]; 417 (*regs)[2] = env->regs[2]; 418 (*regs)[3] = env->regs[3]; 419 (*regs)[4] = env->regs[4]; 420 (*regs)[5] = env->regs[5]; 421 (*regs)[6] = env->regs[6]; 422 (*regs)[7] = env->regs[7]; 423 (*regs)[8] = env->regs[8]; 424 (*regs)[9] = env->regs[9]; 425 (*regs)[10] = env->regs[10]; 426 (*regs)[11] = env->regs[11]; 427 (*regs)[12] = env->regs[12]; 428 (*regs)[13] = env->regs[13]; 429 (*regs)[14] = env->regs[14]; 430 (*regs)[15] = env->regs[15]; 431 (*regs)[16] = env->regs[16]; 432 (*regs)[17] = env->regs[17]; 433 (*regs)[18] = env->regs[18]; 434 (*regs)[19] = env->regs[19]; 435 (*regs)[20] = env->regs[20]; 436 (*regs)[21] = env->regs[21]; 437 (*regs)[22] = env->regs[22]; 438 (*regs)[23] = env->regs[23]; 439 (*regs)[24] = env->regs[24]; 440 (*regs)[25] = env->regs[25]; 441 (*regs)[26] = env->regs[26]; 442 (*regs)[27] = env->regs[27]; 443 (*regs)[28] = env->regs[28]; 444 (*regs)[29] = env->regs[29]; 445 (*regs)[30] = env->regs[30]; 446 (*regs)[31] = env->regs[31]; 447 448 (*regs)[32] = cpu_asr_read((CPUState *)env); 449 (*regs)[33] = env->regs[0]; /* XXX */ 450 } 451 452 #define USE_ELF_CORE_DUMP 453 #define ELF_EXEC_PAGESIZE 4096 454 455 #define ELF_HWCAP (UC32_HWCAP_CMOV | UC32_HWCAP_UCF64) 456 457 #endif 458 459 #ifdef TARGET_SPARC 460 #ifdef TARGET_SPARC64 461 462 #define ELF_START_MMAP 0x80000000 463 #define ELF_HWCAP (HWCAP_SPARC_FLUSH | HWCAP_SPARC_STBAR | HWCAP_SPARC_SWAP \ 464 | HWCAP_SPARC_MULDIV | HWCAP_SPARC_V9) 465 #ifndef TARGET_ABI32 466 #define elf_check_arch(x) ( (x) == EM_SPARCV9 || (x) == EM_SPARC32PLUS ) 467 #else 468 #define elf_check_arch(x) ( (x) == EM_SPARC32PLUS || (x) == EM_SPARC ) 469 #endif 470 471 #define ELF_CLASS ELFCLASS64 472 #define ELF_ARCH EM_SPARCV9 473 474 #define STACK_BIAS 2047 475 476 static inline void init_thread(struct target_pt_regs *regs, 477 struct image_info *infop) 478 { 479 #ifndef TARGET_ABI32 480 regs->tstate = 0; 481 #endif 482 regs->pc = infop->entry; 483 regs->npc = regs->pc + 4; 484 regs->y = 0; 485 #ifdef TARGET_ABI32 486 regs->u_regs[14] = infop->start_stack - 16 * 4; 487 #else 488 if (personality(infop->personality) == PER_LINUX32) 489 regs->u_regs[14] = infop->start_stack - 16 * 4; 490 else 491 regs->u_regs[14] = infop->start_stack - 16 * 8 - STACK_BIAS; 492 #endif 493 } 494 495 #else 496 #define ELF_START_MMAP 0x80000000 497 #define ELF_HWCAP (HWCAP_SPARC_FLUSH | HWCAP_SPARC_STBAR | HWCAP_SPARC_SWAP \ 498 | HWCAP_SPARC_MULDIV) 499 #define elf_check_arch(x) ( (x) == EM_SPARC ) 500 501 #define ELF_CLASS ELFCLASS32 502 #define ELF_ARCH EM_SPARC 503 504 static inline void init_thread(struct target_pt_regs *regs, 505 struct image_info *infop) 506 { 507 regs->psr = 0; 508 regs->pc = infop->entry; 509 regs->npc = regs->pc + 4; 510 regs->y = 0; 511 regs->u_regs[14] = infop->start_stack - 16 * 4; 512 } 513 514 #endif 515 #endif 516 517 #ifdef TARGET_PPC 518 519 #define ELF_START_MMAP 0x80000000 520 521 #if defined(TARGET_PPC64) && !defined(TARGET_ABI32) 522 523 #define elf_check_arch(x) ( (x) == EM_PPC64 ) 524 525 #define ELF_CLASS ELFCLASS64 526 527 #else 528 529 #define elf_check_arch(x) ( (x) == EM_PPC ) 530 531 #define ELF_CLASS ELFCLASS32 532 533 #endif 534 535 #define ELF_ARCH EM_PPC 536 537 /* Feature masks for the Aux Vector Hardware Capabilities (AT_HWCAP). 538 See arch/powerpc/include/asm/cputable.h. */ 539 enum { 540 QEMU_PPC_FEATURE_32 = 0x80000000, 541 QEMU_PPC_FEATURE_64 = 0x40000000, 542 QEMU_PPC_FEATURE_601_INSTR = 0x20000000, 543 QEMU_PPC_FEATURE_HAS_ALTIVEC = 0x10000000, 544 QEMU_PPC_FEATURE_HAS_FPU = 0x08000000, 545 QEMU_PPC_FEATURE_HAS_MMU = 0x04000000, 546 QEMU_PPC_FEATURE_HAS_4xxMAC = 0x02000000, 547 QEMU_PPC_FEATURE_UNIFIED_CACHE = 0x01000000, 548 QEMU_PPC_FEATURE_HAS_SPE = 0x00800000, 549 QEMU_PPC_FEATURE_HAS_EFP_SINGLE = 0x00400000, 550 QEMU_PPC_FEATURE_HAS_EFP_DOUBLE = 0x00200000, 551 QEMU_PPC_FEATURE_NO_TB = 0x00100000, 552 QEMU_PPC_FEATURE_POWER4 = 0x00080000, 553 QEMU_PPC_FEATURE_POWER5 = 0x00040000, 554 QEMU_PPC_FEATURE_POWER5_PLUS = 0x00020000, 555 QEMU_PPC_FEATURE_CELL = 0x00010000, 556 QEMU_PPC_FEATURE_BOOKE = 0x00008000, 557 QEMU_PPC_FEATURE_SMT = 0x00004000, 558 QEMU_PPC_FEATURE_ICACHE_SNOOP = 0x00002000, 559 QEMU_PPC_FEATURE_ARCH_2_05 = 0x00001000, 560 QEMU_PPC_FEATURE_PA6T = 0x00000800, 561 QEMU_PPC_FEATURE_HAS_DFP = 0x00000400, 562 QEMU_PPC_FEATURE_POWER6_EXT = 0x00000200, 563 QEMU_PPC_FEATURE_ARCH_2_06 = 0x00000100, 564 QEMU_PPC_FEATURE_HAS_VSX = 0x00000080, 565 QEMU_PPC_FEATURE_PSERIES_PERFMON_COMPAT = 0x00000040, 566 567 QEMU_PPC_FEATURE_TRUE_LE = 0x00000002, 568 QEMU_PPC_FEATURE_PPC_LE = 0x00000001, 569 }; 570 571 #define ELF_HWCAP get_elf_hwcap() 572 573 static uint32_t get_elf_hwcap(void) 574 { 575 CPUState *e = thread_env; 576 uint32_t features = 0; 577 578 /* We don't have to be terribly complete here; the high points are 579 Altivec/FP/SPE support. Anything else is just a bonus. */ 580 #define GET_FEATURE(flag, feature) \ 581 do {if (e->insns_flags & flag) features |= feature; } while(0) 582 GET_FEATURE(PPC_64B, QEMU_PPC_FEATURE_64); 583 GET_FEATURE(PPC_FLOAT, QEMU_PPC_FEATURE_HAS_FPU); 584 GET_FEATURE(PPC_ALTIVEC, QEMU_PPC_FEATURE_HAS_ALTIVEC); 585 GET_FEATURE(PPC_SPE, QEMU_PPC_FEATURE_HAS_SPE); 586 GET_FEATURE(PPC_SPE_SINGLE, QEMU_PPC_FEATURE_HAS_EFP_SINGLE); 587 GET_FEATURE(PPC_SPE_DOUBLE, QEMU_PPC_FEATURE_HAS_EFP_DOUBLE); 588 GET_FEATURE(PPC_BOOKE, QEMU_PPC_FEATURE_BOOKE); 589 GET_FEATURE(PPC_405_MAC, QEMU_PPC_FEATURE_HAS_4xxMAC); 590 #undef GET_FEATURE 591 592 return features; 593 } 594 595 /* 596 * The requirements here are: 597 * - keep the final alignment of sp (sp & 0xf) 598 * - make sure the 32-bit value at the first 16 byte aligned position of 599 * AUXV is greater than 16 for glibc compatibility. 600 * AT_IGNOREPPC is used for that. 601 * - for compatibility with glibc ARCH_DLINFO must always be defined on PPC, 602 * even if DLINFO_ARCH_ITEMS goes to zero or is undefined. 603 */ 604 #define DLINFO_ARCH_ITEMS 5 605 #define ARCH_DLINFO \ 606 do { \ 607 NEW_AUX_ENT(AT_DCACHEBSIZE, 0x20); \ 608 NEW_AUX_ENT(AT_ICACHEBSIZE, 0x20); \ 609 NEW_AUX_ENT(AT_UCACHEBSIZE, 0); \ 610 /* \ 611 * Now handle glibc compatibility. \ 612 */ \ 613 NEW_AUX_ENT(AT_IGNOREPPC, AT_IGNOREPPC); \ 614 NEW_AUX_ENT(AT_IGNOREPPC, AT_IGNOREPPC); \ 615 } while (0) 616 617 static inline void init_thread(struct target_pt_regs *_regs, struct image_info *infop) 618 { 619 _regs->gpr[1] = infop->start_stack; 620 #if defined(TARGET_PPC64) && !defined(TARGET_ABI32) 621 _regs->gpr[2] = ldq_raw(infop->entry + 8) + infop->load_bias; 622 infop->entry = ldq_raw(infop->entry) + infop->load_bias; 623 #endif 624 _regs->nip = infop->entry; 625 } 626 627 /* See linux kernel: arch/powerpc/include/asm/elf.h. */ 628 #define ELF_NREG 48 629 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 630 631 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env) 632 { 633 int i; 634 target_ulong ccr = 0; 635 636 for (i = 0; i < ARRAY_SIZE(env->gpr); i++) { 637 (*regs)[i] = tswapl(env->gpr[i]); 638 } 639 640 (*regs)[32] = tswapl(env->nip); 641 (*regs)[33] = tswapl(env->msr); 642 (*regs)[35] = tswapl(env->ctr); 643 (*regs)[36] = tswapl(env->lr); 644 (*regs)[37] = tswapl(env->xer); 645 646 for (i = 0; i < ARRAY_SIZE(env->crf); i++) { 647 ccr |= env->crf[i] << (32 - ((i + 1) * 4)); 648 } 649 (*regs)[38] = tswapl(ccr); 650 } 651 652 #define USE_ELF_CORE_DUMP 653 #define ELF_EXEC_PAGESIZE 4096 654 655 #endif 656 657 #ifdef TARGET_MIPS 658 659 #define ELF_START_MMAP 0x80000000 660 661 #define elf_check_arch(x) ( (x) == EM_MIPS ) 662 663 #ifdef TARGET_MIPS64 664 #define ELF_CLASS ELFCLASS64 665 #else 666 #define ELF_CLASS ELFCLASS32 667 #endif 668 #define ELF_ARCH EM_MIPS 669 670 static inline void init_thread(struct target_pt_regs *regs, 671 struct image_info *infop) 672 { 673 regs->cp0_status = 2 << CP0St_KSU; 674 regs->cp0_epc = infop->entry; 675 regs->regs[29] = infop->start_stack; 676 } 677 678 /* See linux kernel: arch/mips/include/asm/elf.h. */ 679 #define ELF_NREG 45 680 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 681 682 /* See linux kernel: arch/mips/include/asm/reg.h. */ 683 enum { 684 #ifdef TARGET_MIPS64 685 TARGET_EF_R0 = 0, 686 #else 687 TARGET_EF_R0 = 6, 688 #endif 689 TARGET_EF_R26 = TARGET_EF_R0 + 26, 690 TARGET_EF_R27 = TARGET_EF_R0 + 27, 691 TARGET_EF_LO = TARGET_EF_R0 + 32, 692 TARGET_EF_HI = TARGET_EF_R0 + 33, 693 TARGET_EF_CP0_EPC = TARGET_EF_R0 + 34, 694 TARGET_EF_CP0_BADVADDR = TARGET_EF_R0 + 35, 695 TARGET_EF_CP0_STATUS = TARGET_EF_R0 + 36, 696 TARGET_EF_CP0_CAUSE = TARGET_EF_R0 + 37 697 }; 698 699 /* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs. */ 700 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env) 701 { 702 int i; 703 704 for (i = 0; i < TARGET_EF_R0; i++) { 705 (*regs)[i] = 0; 706 } 707 (*regs)[TARGET_EF_R0] = 0; 708 709 for (i = 1; i < ARRAY_SIZE(env->active_tc.gpr); i++) { 710 (*regs)[TARGET_EF_R0 + i] = tswapl(env->active_tc.gpr[i]); 711 } 712 713 (*regs)[TARGET_EF_R26] = 0; 714 (*regs)[TARGET_EF_R27] = 0; 715 (*regs)[TARGET_EF_LO] = tswapl(env->active_tc.LO[0]); 716 (*regs)[TARGET_EF_HI] = tswapl(env->active_tc.HI[0]); 717 (*regs)[TARGET_EF_CP0_EPC] = tswapl(env->active_tc.PC); 718 (*regs)[TARGET_EF_CP0_BADVADDR] = tswapl(env->CP0_BadVAddr); 719 (*regs)[TARGET_EF_CP0_STATUS] = tswapl(env->CP0_Status); 720 (*regs)[TARGET_EF_CP0_CAUSE] = tswapl(env->CP0_Cause); 721 } 722 723 #define USE_ELF_CORE_DUMP 724 #define ELF_EXEC_PAGESIZE 4096 725 726 #endif /* TARGET_MIPS */ 727 728 #ifdef TARGET_MICROBLAZE 729 730 #define ELF_START_MMAP 0x80000000 731 732 #define elf_check_arch(x) ( (x) == EM_MICROBLAZE || (x) == EM_MICROBLAZE_OLD) 733 734 #define ELF_CLASS ELFCLASS32 735 #define ELF_ARCH EM_MICROBLAZE 736 737 static inline void init_thread(struct target_pt_regs *regs, 738 struct image_info *infop) 739 { 740 regs->pc = infop->entry; 741 regs->r1 = infop->start_stack; 742 743 } 744 745 #define ELF_EXEC_PAGESIZE 4096 746 747 #define USE_ELF_CORE_DUMP 748 #define ELF_NREG 38 749 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 750 751 /* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs. */ 752 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env) 753 { 754 int i, pos = 0; 755 756 for (i = 0; i < 32; i++) { 757 (*regs)[pos++] = tswapl(env->regs[i]); 758 } 759 760 for (i = 0; i < 6; i++) { 761 (*regs)[pos++] = tswapl(env->sregs[i]); 762 } 763 } 764 765 #endif /* TARGET_MICROBLAZE */ 766 767 #ifdef TARGET_SH4 768 769 #define ELF_START_MMAP 0x80000000 770 771 #define elf_check_arch(x) ( (x) == EM_SH ) 772 773 #define ELF_CLASS ELFCLASS32 774 #define ELF_ARCH EM_SH 775 776 static inline void init_thread(struct target_pt_regs *regs, 777 struct image_info *infop) 778 { 779 /* Check other registers XXXXX */ 780 regs->pc = infop->entry; 781 regs->regs[15] = infop->start_stack; 782 } 783 784 /* See linux kernel: arch/sh/include/asm/elf.h. */ 785 #define ELF_NREG 23 786 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 787 788 /* See linux kernel: arch/sh/include/asm/ptrace.h. */ 789 enum { 790 TARGET_REG_PC = 16, 791 TARGET_REG_PR = 17, 792 TARGET_REG_SR = 18, 793 TARGET_REG_GBR = 19, 794 TARGET_REG_MACH = 20, 795 TARGET_REG_MACL = 21, 796 TARGET_REG_SYSCALL = 22 797 }; 798 799 static inline void elf_core_copy_regs(target_elf_gregset_t *regs, 800 const CPUState *env) 801 { 802 int i; 803 804 for (i = 0; i < 16; i++) { 805 (*regs[i]) = tswapl(env->gregs[i]); 806 } 807 808 (*regs)[TARGET_REG_PC] = tswapl(env->pc); 809 (*regs)[TARGET_REG_PR] = tswapl(env->pr); 810 (*regs)[TARGET_REG_SR] = tswapl(env->sr); 811 (*regs)[TARGET_REG_GBR] = tswapl(env->gbr); 812 (*regs)[TARGET_REG_MACH] = tswapl(env->mach); 813 (*regs)[TARGET_REG_MACL] = tswapl(env->macl); 814 (*regs)[TARGET_REG_SYSCALL] = 0; /* FIXME */ 815 } 816 817 #define USE_ELF_CORE_DUMP 818 #define ELF_EXEC_PAGESIZE 4096 819 820 #endif 821 822 #ifdef TARGET_CRIS 823 824 #define ELF_START_MMAP 0x80000000 825 826 #define elf_check_arch(x) ( (x) == EM_CRIS ) 827 828 #define ELF_CLASS ELFCLASS32 829 #define ELF_ARCH EM_CRIS 830 831 static inline void init_thread(struct target_pt_regs *regs, 832 struct image_info *infop) 833 { 834 regs->erp = infop->entry; 835 } 836 837 #define ELF_EXEC_PAGESIZE 8192 838 839 #endif 840 841 #ifdef TARGET_M68K 842 843 #define ELF_START_MMAP 0x80000000 844 845 #define elf_check_arch(x) ( (x) == EM_68K ) 846 847 #define ELF_CLASS ELFCLASS32 848 #define ELF_ARCH EM_68K 849 850 /* ??? Does this need to do anything? 851 #define ELF_PLAT_INIT(_r) */ 852 853 static inline void init_thread(struct target_pt_regs *regs, 854 struct image_info *infop) 855 { 856 regs->usp = infop->start_stack; 857 regs->sr = 0; 858 regs->pc = infop->entry; 859 } 860 861 /* See linux kernel: arch/m68k/include/asm/elf.h. */ 862 #define ELF_NREG 20 863 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 864 865 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env) 866 { 867 (*regs)[0] = tswapl(env->dregs[1]); 868 (*regs)[1] = tswapl(env->dregs[2]); 869 (*regs)[2] = tswapl(env->dregs[3]); 870 (*regs)[3] = tswapl(env->dregs[4]); 871 (*regs)[4] = tswapl(env->dregs[5]); 872 (*regs)[5] = tswapl(env->dregs[6]); 873 (*regs)[6] = tswapl(env->dregs[7]); 874 (*regs)[7] = tswapl(env->aregs[0]); 875 (*regs)[8] = tswapl(env->aregs[1]); 876 (*regs)[9] = tswapl(env->aregs[2]); 877 (*regs)[10] = tswapl(env->aregs[3]); 878 (*regs)[11] = tswapl(env->aregs[4]); 879 (*regs)[12] = tswapl(env->aregs[5]); 880 (*regs)[13] = tswapl(env->aregs[6]); 881 (*regs)[14] = tswapl(env->dregs[0]); 882 (*regs)[15] = tswapl(env->aregs[7]); 883 (*regs)[16] = tswapl(env->dregs[0]); /* FIXME: orig_d0 */ 884 (*regs)[17] = tswapl(env->sr); 885 (*regs)[18] = tswapl(env->pc); 886 (*regs)[19] = 0; /* FIXME: regs->format | regs->vector */ 887 } 888 889 #define USE_ELF_CORE_DUMP 890 #define ELF_EXEC_PAGESIZE 8192 891 892 #endif 893 894 #ifdef TARGET_ALPHA 895 896 #define ELF_START_MMAP (0x30000000000ULL) 897 898 #define elf_check_arch(x) ( (x) == ELF_ARCH ) 899 900 #define ELF_CLASS ELFCLASS64 901 #define ELF_ARCH EM_ALPHA 902 903 static inline void init_thread(struct target_pt_regs *regs, 904 struct image_info *infop) 905 { 906 regs->pc = infop->entry; 907 regs->ps = 8; 908 regs->usp = infop->start_stack; 909 } 910 911 #define ELF_EXEC_PAGESIZE 8192 912 913 #endif /* TARGET_ALPHA */ 914 915 #ifdef TARGET_S390X 916 917 #define ELF_START_MMAP (0x20000000000ULL) 918 919 #define elf_check_arch(x) ( (x) == ELF_ARCH ) 920 921 #define ELF_CLASS ELFCLASS64 922 #define ELF_DATA ELFDATA2MSB 923 #define ELF_ARCH EM_S390 924 925 static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop) 926 { 927 regs->psw.addr = infop->entry; 928 regs->psw.mask = PSW_MASK_64 | PSW_MASK_32; 929 regs->gprs[15] = infop->start_stack; 930 } 931 932 #endif /* TARGET_S390X */ 933 934 #ifndef ELF_PLATFORM 935 #define ELF_PLATFORM (NULL) 936 #endif 937 938 #ifndef ELF_HWCAP 939 #define ELF_HWCAP 0 940 #endif 941 942 #ifdef TARGET_ABI32 943 #undef ELF_CLASS 944 #define ELF_CLASS ELFCLASS32 945 #undef bswaptls 946 #define bswaptls(ptr) bswap32s(ptr) 947 #endif 948 949 #include "elf.h" 950 951 struct exec 952 { 953 unsigned int a_info; /* Use macros N_MAGIC, etc for access */ 954 unsigned int a_text; /* length of text, in bytes */ 955 unsigned int a_data; /* length of data, in bytes */ 956 unsigned int a_bss; /* length of uninitialized data area, in bytes */ 957 unsigned int a_syms; /* length of symbol table data in file, in bytes */ 958 unsigned int a_entry; /* start address */ 959 unsigned int a_trsize; /* length of relocation info for text, in bytes */ 960 unsigned int a_drsize; /* length of relocation info for data, in bytes */ 961 }; 962 963 964 #define N_MAGIC(exec) ((exec).a_info & 0xffff) 965 #define OMAGIC 0407 966 #define NMAGIC 0410 967 #define ZMAGIC 0413 968 #define QMAGIC 0314 969 970 /* Necessary parameters */ 971 #define TARGET_ELF_EXEC_PAGESIZE TARGET_PAGE_SIZE 972 #define TARGET_ELF_PAGESTART(_v) ((_v) & ~(unsigned long)(TARGET_ELF_EXEC_PAGESIZE-1)) 973 #define TARGET_ELF_PAGEOFFSET(_v) ((_v) & (TARGET_ELF_EXEC_PAGESIZE-1)) 974 975 #define DLINFO_ITEMS 13 976 977 static inline void memcpy_fromfs(void * to, const void * from, unsigned long n) 978 { 979 memcpy(to, from, n); 980 } 981 982 #ifdef BSWAP_NEEDED 983 static void bswap_ehdr(struct elfhdr *ehdr) 984 { 985 bswap16s(&ehdr->e_type); /* Object file type */ 986 bswap16s(&ehdr->e_machine); /* Architecture */ 987 bswap32s(&ehdr->e_version); /* Object file version */ 988 bswaptls(&ehdr->e_entry); /* Entry point virtual address */ 989 bswaptls(&ehdr->e_phoff); /* Program header table file offset */ 990 bswaptls(&ehdr->e_shoff); /* Section header table file offset */ 991 bswap32s(&ehdr->e_flags); /* Processor-specific flags */ 992 bswap16s(&ehdr->e_ehsize); /* ELF header size in bytes */ 993 bswap16s(&ehdr->e_phentsize); /* Program header table entry size */ 994 bswap16s(&ehdr->e_phnum); /* Program header table entry count */ 995 bswap16s(&ehdr->e_shentsize); /* Section header table entry size */ 996 bswap16s(&ehdr->e_shnum); /* Section header table entry count */ 997 bswap16s(&ehdr->e_shstrndx); /* Section header string table index */ 998 } 999 1000 static void bswap_phdr(struct elf_phdr *phdr, int phnum) 1001 { 1002 int i; 1003 for (i = 0; i < phnum; ++i, ++phdr) { 1004 bswap32s(&phdr->p_type); /* Segment type */ 1005 bswap32s(&phdr->p_flags); /* Segment flags */ 1006 bswaptls(&phdr->p_offset); /* Segment file offset */ 1007 bswaptls(&phdr->p_vaddr); /* Segment virtual address */ 1008 bswaptls(&phdr->p_paddr); /* Segment physical address */ 1009 bswaptls(&phdr->p_filesz); /* Segment size in file */ 1010 bswaptls(&phdr->p_memsz); /* Segment size in memory */ 1011 bswaptls(&phdr->p_align); /* Segment alignment */ 1012 } 1013 } 1014 1015 static void bswap_shdr(struct elf_shdr *shdr, int shnum) 1016 { 1017 int i; 1018 for (i = 0; i < shnum; ++i, ++shdr) { 1019 bswap32s(&shdr->sh_name); 1020 bswap32s(&shdr->sh_type); 1021 bswaptls(&shdr->sh_flags); 1022 bswaptls(&shdr->sh_addr); 1023 bswaptls(&shdr->sh_offset); 1024 bswaptls(&shdr->sh_size); 1025 bswap32s(&shdr->sh_link); 1026 bswap32s(&shdr->sh_info); 1027 bswaptls(&shdr->sh_addralign); 1028 bswaptls(&shdr->sh_entsize); 1029 } 1030 } 1031 1032 static void bswap_sym(struct elf_sym *sym) 1033 { 1034 bswap32s(&sym->st_name); 1035 bswaptls(&sym->st_value); 1036 bswaptls(&sym->st_size); 1037 bswap16s(&sym->st_shndx); 1038 } 1039 #else 1040 static inline void bswap_ehdr(struct elfhdr *ehdr) { } 1041 static inline void bswap_phdr(struct elf_phdr *phdr, int phnum) { } 1042 static inline void bswap_shdr(struct elf_shdr *shdr, int shnum) { } 1043 static inline void bswap_sym(struct elf_sym *sym) { } 1044 #endif 1045 1046 #ifdef USE_ELF_CORE_DUMP 1047 static int elf_core_dump(int, const CPUState *); 1048 #endif /* USE_ELF_CORE_DUMP */ 1049 static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias); 1050 1051 /* Verify the portions of EHDR within E_IDENT for the target. 1052 This can be performed before bswapping the entire header. */ 1053 static bool elf_check_ident(struct elfhdr *ehdr) 1054 { 1055 return (ehdr->e_ident[EI_MAG0] == ELFMAG0 1056 && ehdr->e_ident[EI_MAG1] == ELFMAG1 1057 && ehdr->e_ident[EI_MAG2] == ELFMAG2 1058 && ehdr->e_ident[EI_MAG3] == ELFMAG3 1059 && ehdr->e_ident[EI_CLASS] == ELF_CLASS 1060 && ehdr->e_ident[EI_DATA] == ELF_DATA 1061 && ehdr->e_ident[EI_VERSION] == EV_CURRENT); 1062 } 1063 1064 /* Verify the portions of EHDR outside of E_IDENT for the target. 1065 This has to wait until after bswapping the header. */ 1066 static bool elf_check_ehdr(struct elfhdr *ehdr) 1067 { 1068 return (elf_check_arch(ehdr->e_machine) 1069 && ehdr->e_ehsize == sizeof(struct elfhdr) 1070 && ehdr->e_phentsize == sizeof(struct elf_phdr) 1071 && ehdr->e_shentsize == sizeof(struct elf_shdr) 1072 && (ehdr->e_type == ET_EXEC || ehdr->e_type == ET_DYN)); 1073 } 1074 1075 /* 1076 * 'copy_elf_strings()' copies argument/envelope strings from user 1077 * memory to free pages in kernel mem. These are in a format ready 1078 * to be put directly into the top of new user memory. 1079 * 1080 */ 1081 static abi_ulong copy_elf_strings(int argc,char ** argv, void **page, 1082 abi_ulong p) 1083 { 1084 char *tmp, *tmp1, *pag = NULL; 1085 int len, offset = 0; 1086 1087 if (!p) { 1088 return 0; /* bullet-proofing */ 1089 } 1090 while (argc-- > 0) { 1091 tmp = argv[argc]; 1092 if (!tmp) { 1093 fprintf(stderr, "VFS: argc is wrong"); 1094 exit(-1); 1095 } 1096 tmp1 = tmp; 1097 while (*tmp++); 1098 len = tmp - tmp1; 1099 if (p < len) { /* this shouldn't happen - 128kB */ 1100 return 0; 1101 } 1102 while (len) { 1103 --p; --tmp; --len; 1104 if (--offset < 0) { 1105 offset = p % TARGET_PAGE_SIZE; 1106 pag = (char *)page[p/TARGET_PAGE_SIZE]; 1107 if (!pag) { 1108 pag = g_try_malloc0(TARGET_PAGE_SIZE); 1109 page[p/TARGET_PAGE_SIZE] = pag; 1110 if (!pag) 1111 return 0; 1112 } 1113 } 1114 if (len == 0 || offset == 0) { 1115 *(pag + offset) = *tmp; 1116 } 1117 else { 1118 int bytes_to_copy = (len > offset) ? offset : len; 1119 tmp -= bytes_to_copy; 1120 p -= bytes_to_copy; 1121 offset -= bytes_to_copy; 1122 len -= bytes_to_copy; 1123 memcpy_fromfs(pag + offset, tmp, bytes_to_copy + 1); 1124 } 1125 } 1126 } 1127 return p; 1128 } 1129 1130 static abi_ulong setup_arg_pages(abi_ulong p, struct linux_binprm *bprm, 1131 struct image_info *info) 1132 { 1133 abi_ulong stack_base, size, error, guard; 1134 int i; 1135 1136 /* Create enough stack to hold everything. If we don't use 1137 it for args, we'll use it for something else. */ 1138 size = guest_stack_size; 1139 if (size < MAX_ARG_PAGES*TARGET_PAGE_SIZE) { 1140 size = MAX_ARG_PAGES*TARGET_PAGE_SIZE; 1141 } 1142 guard = TARGET_PAGE_SIZE; 1143 if (guard < qemu_real_host_page_size) { 1144 guard = qemu_real_host_page_size; 1145 } 1146 1147 error = target_mmap(0, size + guard, PROT_READ | PROT_WRITE, 1148 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); 1149 if (error == -1) { 1150 perror("mmap stack"); 1151 exit(-1); 1152 } 1153 1154 /* We reserve one extra page at the top of the stack as guard. */ 1155 target_mprotect(error, guard, PROT_NONE); 1156 1157 info->stack_limit = error + guard; 1158 stack_base = info->stack_limit + size - MAX_ARG_PAGES*TARGET_PAGE_SIZE; 1159 p += stack_base; 1160 1161 for (i = 0 ; i < MAX_ARG_PAGES ; i++) { 1162 if (bprm->page[i]) { 1163 info->rss++; 1164 /* FIXME - check return value of memcpy_to_target() for failure */ 1165 memcpy_to_target(stack_base, bprm->page[i], TARGET_PAGE_SIZE); 1166 g_free(bprm->page[i]); 1167 } 1168 stack_base += TARGET_PAGE_SIZE; 1169 } 1170 return p; 1171 } 1172 1173 /* Map and zero the bss. We need to explicitly zero any fractional pages 1174 after the data section (i.e. bss). */ 1175 static void zero_bss(abi_ulong elf_bss, abi_ulong last_bss, int prot) 1176 { 1177 uintptr_t host_start, host_map_start, host_end; 1178 1179 last_bss = TARGET_PAGE_ALIGN(last_bss); 1180 1181 /* ??? There is confusion between qemu_real_host_page_size and 1182 qemu_host_page_size here and elsewhere in target_mmap, which 1183 may lead to the end of the data section mapping from the file 1184 not being mapped. At least there was an explicit test and 1185 comment for that here, suggesting that "the file size must 1186 be known". The comment probably pre-dates the introduction 1187 of the fstat system call in target_mmap which does in fact 1188 find out the size. What isn't clear is if the workaround 1189 here is still actually needed. For now, continue with it, 1190 but merge it with the "normal" mmap that would allocate the bss. */ 1191 1192 host_start = (uintptr_t) g2h(elf_bss); 1193 host_end = (uintptr_t) g2h(last_bss); 1194 host_map_start = (host_start + qemu_real_host_page_size - 1); 1195 host_map_start &= -qemu_real_host_page_size; 1196 1197 if (host_map_start < host_end) { 1198 void *p = mmap((void *)host_map_start, host_end - host_map_start, 1199 prot, MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); 1200 if (p == MAP_FAILED) { 1201 perror("cannot mmap brk"); 1202 exit(-1); 1203 } 1204 1205 /* Since we didn't use target_mmap, make sure to record 1206 the validity of the pages with qemu. */ 1207 page_set_flags(elf_bss & TARGET_PAGE_MASK, last_bss, prot|PAGE_VALID); 1208 } 1209 1210 if (host_start < host_map_start) { 1211 memset((void *)host_start, 0, host_map_start - host_start); 1212 } 1213 } 1214 1215 #ifdef CONFIG_USE_FDPIC 1216 static abi_ulong loader_build_fdpic_loadmap(struct image_info *info, abi_ulong sp) 1217 { 1218 uint16_t n; 1219 struct elf32_fdpic_loadseg *loadsegs = info->loadsegs; 1220 1221 /* elf32_fdpic_loadseg */ 1222 n = info->nsegs; 1223 while (n--) { 1224 sp -= 12; 1225 put_user_u32(loadsegs[n].addr, sp+0); 1226 put_user_u32(loadsegs[n].p_vaddr, sp+4); 1227 put_user_u32(loadsegs[n].p_memsz, sp+8); 1228 } 1229 1230 /* elf32_fdpic_loadmap */ 1231 sp -= 4; 1232 put_user_u16(0, sp+0); /* version */ 1233 put_user_u16(info->nsegs, sp+2); /* nsegs */ 1234 1235 info->personality = PER_LINUX_FDPIC; 1236 info->loadmap_addr = sp; 1237 1238 return sp; 1239 } 1240 #endif 1241 1242 static abi_ulong create_elf_tables(abi_ulong p, int argc, int envc, 1243 struct elfhdr *exec, 1244 struct image_info *info, 1245 struct image_info *interp_info) 1246 { 1247 abi_ulong sp; 1248 int size; 1249 int i; 1250 abi_ulong u_rand_bytes; 1251 uint8_t k_rand_bytes[16]; 1252 abi_ulong u_platform; 1253 const char *k_platform; 1254 const int n = sizeof(elf_addr_t); 1255 1256 sp = p; 1257 1258 #ifdef CONFIG_USE_FDPIC 1259 /* Needs to be before we load the env/argc/... */ 1260 if (elf_is_fdpic(exec)) { 1261 /* Need 4 byte alignment for these structs */ 1262 sp &= ~3; 1263 sp = loader_build_fdpic_loadmap(info, sp); 1264 info->other_info = interp_info; 1265 if (interp_info) { 1266 interp_info->other_info = info; 1267 sp = loader_build_fdpic_loadmap(interp_info, sp); 1268 } 1269 } 1270 #endif 1271 1272 u_platform = 0; 1273 k_platform = ELF_PLATFORM; 1274 if (k_platform) { 1275 size_t len = strlen(k_platform) + 1; 1276 sp -= (len + n - 1) & ~(n - 1); 1277 u_platform = sp; 1278 /* FIXME - check return value of memcpy_to_target() for failure */ 1279 memcpy_to_target(sp, k_platform, len); 1280 } 1281 1282 /* 1283 * Generate 16 random bytes for userspace PRNG seeding (not 1284 * cryptically secure but it's not the aim of QEMU). 1285 */ 1286 srand((unsigned int) time(NULL)); 1287 for (i = 0; i < 16; i++) { 1288 k_rand_bytes[i] = rand(); 1289 } 1290 sp -= 16; 1291 u_rand_bytes = sp; 1292 /* FIXME - check return value of memcpy_to_target() for failure */ 1293 memcpy_to_target(sp, k_rand_bytes, 16); 1294 1295 /* 1296 * Force 16 byte _final_ alignment here for generality. 1297 */ 1298 sp = sp &~ (abi_ulong)15; 1299 size = (DLINFO_ITEMS + 1) * 2; 1300 if (k_platform) 1301 size += 2; 1302 #ifdef DLINFO_ARCH_ITEMS 1303 size += DLINFO_ARCH_ITEMS * 2; 1304 #endif 1305 size += envc + argc + 2; 1306 size += 1; /* argc itself */ 1307 size *= n; 1308 if (size & 15) 1309 sp -= 16 - (size & 15); 1310 1311 /* This is correct because Linux defines 1312 * elf_addr_t as Elf32_Off / Elf64_Off 1313 */ 1314 #define NEW_AUX_ENT(id, val) do { \ 1315 sp -= n; put_user_ual(val, sp); \ 1316 sp -= n; put_user_ual(id, sp); \ 1317 } while(0) 1318 1319 NEW_AUX_ENT (AT_NULL, 0); 1320 1321 /* There must be exactly DLINFO_ITEMS entries here. */ 1322 NEW_AUX_ENT(AT_PHDR, (abi_ulong)(info->load_addr + exec->e_phoff)); 1323 NEW_AUX_ENT(AT_PHENT, (abi_ulong)(sizeof (struct elf_phdr))); 1324 NEW_AUX_ENT(AT_PHNUM, (abi_ulong)(exec->e_phnum)); 1325 NEW_AUX_ENT(AT_PAGESZ, (abi_ulong)(TARGET_PAGE_SIZE)); 1326 NEW_AUX_ENT(AT_BASE, (abi_ulong)(interp_info ? interp_info->load_addr : 0)); 1327 NEW_AUX_ENT(AT_FLAGS, (abi_ulong)0); 1328 NEW_AUX_ENT(AT_ENTRY, info->entry); 1329 NEW_AUX_ENT(AT_UID, (abi_ulong) getuid()); 1330 NEW_AUX_ENT(AT_EUID, (abi_ulong) geteuid()); 1331 NEW_AUX_ENT(AT_GID, (abi_ulong) getgid()); 1332 NEW_AUX_ENT(AT_EGID, (abi_ulong) getegid()); 1333 NEW_AUX_ENT(AT_HWCAP, (abi_ulong) ELF_HWCAP); 1334 NEW_AUX_ENT(AT_CLKTCK, (abi_ulong) sysconf(_SC_CLK_TCK)); 1335 NEW_AUX_ENT(AT_RANDOM, (abi_ulong) u_rand_bytes); 1336 1337 if (k_platform) 1338 NEW_AUX_ENT(AT_PLATFORM, u_platform); 1339 #ifdef ARCH_DLINFO 1340 /* 1341 * ARCH_DLINFO must come last so platform specific code can enforce 1342 * special alignment requirements on the AUXV if necessary (eg. PPC). 1343 */ 1344 ARCH_DLINFO; 1345 #endif 1346 #undef NEW_AUX_ENT 1347 1348 info->saved_auxv = sp; 1349 1350 sp = loader_build_argptr(envc, argc, sp, p, 0); 1351 return sp; 1352 } 1353 1354 #ifndef TARGET_HAS_GUEST_VALIDATE_BASE 1355 /* If the guest doesn't have a validation function just agree */ 1356 bool guest_validate_base(unsigned long guest_base) 1357 { 1358 return 1; 1359 } 1360 #endif 1361 1362 static void probe_guest_base(const char *image_name, 1363 abi_ulong loaddr, abi_ulong hiaddr) 1364 { 1365 /* Probe for a suitable guest base address, if the user has not set 1366 * it explicitly, and set guest_base appropriately. 1367 * In case of error we will print a suitable message and exit. 1368 */ 1369 #if defined(CONFIG_USE_GUEST_BASE) 1370 const char *errmsg; 1371 if (!have_guest_base && !reserved_va) { 1372 unsigned long host_start, real_start, host_size; 1373 1374 /* Round addresses to page boundaries. */ 1375 loaddr &= qemu_host_page_mask; 1376 hiaddr = HOST_PAGE_ALIGN(hiaddr); 1377 1378 if (loaddr < mmap_min_addr) { 1379 host_start = HOST_PAGE_ALIGN(mmap_min_addr); 1380 } else { 1381 host_start = loaddr; 1382 if (host_start != loaddr) { 1383 errmsg = "Address overflow loading ELF binary"; 1384 goto exit_errmsg; 1385 } 1386 } 1387 host_size = hiaddr - loaddr; 1388 while (1) { 1389 /* Do not use mmap_find_vma here because that is limited to the 1390 guest address space. We are going to make the 1391 guest address space fit whatever we're given. */ 1392 real_start = (unsigned long) 1393 mmap((void *)host_start, host_size, PROT_NONE, 1394 MAP_ANONYMOUS | MAP_PRIVATE | MAP_NORESERVE, -1, 0); 1395 if (real_start == (unsigned long)-1) { 1396 goto exit_perror; 1397 } 1398 guest_base = real_start - loaddr; 1399 if ((real_start == host_start) && 1400 guest_validate_base(guest_base)) { 1401 break; 1402 } 1403 /* That address didn't work. Unmap and try a different one. 1404 The address the host picked because is typically right at 1405 the top of the host address space and leaves the guest with 1406 no usable address space. Resort to a linear search. We 1407 already compensated for mmap_min_addr, so this should not 1408 happen often. Probably means we got unlucky and host 1409 address space randomization put a shared library somewhere 1410 inconvenient. */ 1411 munmap((void *)real_start, host_size); 1412 host_start += qemu_host_page_size; 1413 if (host_start == loaddr) { 1414 /* Theoretically possible if host doesn't have any suitably 1415 aligned areas. Normally the first mmap will fail. */ 1416 errmsg = "Unable to find space for application"; 1417 goto exit_errmsg; 1418 } 1419 } 1420 qemu_log("Relocating guest address space from 0x" 1421 TARGET_ABI_FMT_lx " to 0x%lx\n", 1422 loaddr, real_start); 1423 } 1424 return; 1425 1426 exit_perror: 1427 errmsg = strerror(errno); 1428 exit_errmsg: 1429 fprintf(stderr, "%s: %s\n", image_name, errmsg); 1430 exit(-1); 1431 #endif 1432 } 1433 1434 1435 /* Load an ELF image into the address space. 1436 1437 IMAGE_NAME is the filename of the image, to use in error messages. 1438 IMAGE_FD is the open file descriptor for the image. 1439 1440 BPRM_BUF is a copy of the beginning of the file; this of course 1441 contains the elf file header at offset 0. It is assumed that this 1442 buffer is sufficiently aligned to present no problems to the host 1443 in accessing data at aligned offsets within the buffer. 1444 1445 On return: INFO values will be filled in, as necessary or available. */ 1446 1447 static void load_elf_image(const char *image_name, int image_fd, 1448 struct image_info *info, char **pinterp_name, 1449 char bprm_buf[BPRM_BUF_SIZE]) 1450 { 1451 struct elfhdr *ehdr = (struct elfhdr *)bprm_buf; 1452 struct elf_phdr *phdr; 1453 abi_ulong load_addr, load_bias, loaddr, hiaddr, error; 1454 int i, retval; 1455 const char *errmsg; 1456 1457 /* First of all, some simple consistency checks */ 1458 errmsg = "Invalid ELF image for this architecture"; 1459 if (!elf_check_ident(ehdr)) { 1460 goto exit_errmsg; 1461 } 1462 bswap_ehdr(ehdr); 1463 if (!elf_check_ehdr(ehdr)) { 1464 goto exit_errmsg; 1465 } 1466 1467 i = ehdr->e_phnum * sizeof(struct elf_phdr); 1468 if (ehdr->e_phoff + i <= BPRM_BUF_SIZE) { 1469 phdr = (struct elf_phdr *)(bprm_buf + ehdr->e_phoff); 1470 } else { 1471 phdr = (struct elf_phdr *) alloca(i); 1472 retval = pread(image_fd, phdr, i, ehdr->e_phoff); 1473 if (retval != i) { 1474 goto exit_read; 1475 } 1476 } 1477 bswap_phdr(phdr, ehdr->e_phnum); 1478 1479 #ifdef CONFIG_USE_FDPIC 1480 info->nsegs = 0; 1481 info->pt_dynamic_addr = 0; 1482 #endif 1483 1484 /* Find the maximum size of the image and allocate an appropriate 1485 amount of memory to handle that. */ 1486 loaddr = -1, hiaddr = 0; 1487 for (i = 0; i < ehdr->e_phnum; ++i) { 1488 if (phdr[i].p_type == PT_LOAD) { 1489 abi_ulong a = phdr[i].p_vaddr; 1490 if (a < loaddr) { 1491 loaddr = a; 1492 } 1493 a += phdr[i].p_memsz; 1494 if (a > hiaddr) { 1495 hiaddr = a; 1496 } 1497 #ifdef CONFIG_USE_FDPIC 1498 ++info->nsegs; 1499 #endif 1500 } 1501 } 1502 1503 load_addr = loaddr; 1504 if (ehdr->e_type == ET_DYN) { 1505 /* The image indicates that it can be loaded anywhere. Find a 1506 location that can hold the memory space required. If the 1507 image is pre-linked, LOADDR will be non-zero. Since we do 1508 not supply MAP_FIXED here we'll use that address if and 1509 only if it remains available. */ 1510 load_addr = target_mmap(loaddr, hiaddr - loaddr, PROT_NONE, 1511 MAP_PRIVATE | MAP_ANON | MAP_NORESERVE, 1512 -1, 0); 1513 if (load_addr == -1) { 1514 goto exit_perror; 1515 } 1516 } else if (pinterp_name != NULL) { 1517 /* This is the main executable. Make sure that the low 1518 address does not conflict with MMAP_MIN_ADDR or the 1519 QEMU application itself. */ 1520 probe_guest_base(image_name, loaddr, hiaddr); 1521 } 1522 load_bias = load_addr - loaddr; 1523 1524 #ifdef CONFIG_USE_FDPIC 1525 { 1526 struct elf32_fdpic_loadseg *loadsegs = info->loadsegs = 1527 g_malloc(sizeof(*loadsegs) * info->nsegs); 1528 1529 for (i = 0; i < ehdr->e_phnum; ++i) { 1530 switch (phdr[i].p_type) { 1531 case PT_DYNAMIC: 1532 info->pt_dynamic_addr = phdr[i].p_vaddr + load_bias; 1533 break; 1534 case PT_LOAD: 1535 loadsegs->addr = phdr[i].p_vaddr + load_bias; 1536 loadsegs->p_vaddr = phdr[i].p_vaddr; 1537 loadsegs->p_memsz = phdr[i].p_memsz; 1538 ++loadsegs; 1539 break; 1540 } 1541 } 1542 } 1543 #endif 1544 1545 info->load_bias = load_bias; 1546 info->load_addr = load_addr; 1547 info->entry = ehdr->e_entry + load_bias; 1548 info->start_code = -1; 1549 info->end_code = 0; 1550 info->start_data = -1; 1551 info->end_data = 0; 1552 info->brk = 0; 1553 1554 for (i = 0; i < ehdr->e_phnum; i++) { 1555 struct elf_phdr *eppnt = phdr + i; 1556 if (eppnt->p_type == PT_LOAD) { 1557 abi_ulong vaddr, vaddr_po, vaddr_ps, vaddr_ef, vaddr_em; 1558 int elf_prot = 0; 1559 1560 if (eppnt->p_flags & PF_R) elf_prot = PROT_READ; 1561 if (eppnt->p_flags & PF_W) elf_prot |= PROT_WRITE; 1562 if (eppnt->p_flags & PF_X) elf_prot |= PROT_EXEC; 1563 1564 vaddr = load_bias + eppnt->p_vaddr; 1565 vaddr_po = TARGET_ELF_PAGEOFFSET(vaddr); 1566 vaddr_ps = TARGET_ELF_PAGESTART(vaddr); 1567 1568 error = target_mmap(vaddr_ps, eppnt->p_filesz + vaddr_po, 1569 elf_prot, MAP_PRIVATE | MAP_FIXED, 1570 image_fd, eppnt->p_offset - vaddr_po); 1571 if (error == -1) { 1572 goto exit_perror; 1573 } 1574 1575 vaddr_ef = vaddr + eppnt->p_filesz; 1576 vaddr_em = vaddr + eppnt->p_memsz; 1577 1578 /* If the load segment requests extra zeros (e.g. bss), map it. */ 1579 if (vaddr_ef < vaddr_em) { 1580 zero_bss(vaddr_ef, vaddr_em, elf_prot); 1581 } 1582 1583 /* Find the full program boundaries. */ 1584 if (elf_prot & PROT_EXEC) { 1585 if (vaddr < info->start_code) { 1586 info->start_code = vaddr; 1587 } 1588 if (vaddr_ef > info->end_code) { 1589 info->end_code = vaddr_ef; 1590 } 1591 } 1592 if (elf_prot & PROT_WRITE) { 1593 if (vaddr < info->start_data) { 1594 info->start_data = vaddr; 1595 } 1596 if (vaddr_ef > info->end_data) { 1597 info->end_data = vaddr_ef; 1598 } 1599 if (vaddr_em > info->brk) { 1600 info->brk = vaddr_em; 1601 } 1602 } 1603 } else if (eppnt->p_type == PT_INTERP && pinterp_name) { 1604 char *interp_name; 1605 1606 if (*pinterp_name) { 1607 errmsg = "Multiple PT_INTERP entries"; 1608 goto exit_errmsg; 1609 } 1610 interp_name = malloc(eppnt->p_filesz); 1611 if (!interp_name) { 1612 goto exit_perror; 1613 } 1614 1615 if (eppnt->p_offset + eppnt->p_filesz <= BPRM_BUF_SIZE) { 1616 memcpy(interp_name, bprm_buf + eppnt->p_offset, 1617 eppnt->p_filesz); 1618 } else { 1619 retval = pread(image_fd, interp_name, eppnt->p_filesz, 1620 eppnt->p_offset); 1621 if (retval != eppnt->p_filesz) { 1622 goto exit_perror; 1623 } 1624 } 1625 if (interp_name[eppnt->p_filesz - 1] != 0) { 1626 errmsg = "Invalid PT_INTERP entry"; 1627 goto exit_errmsg; 1628 } 1629 *pinterp_name = interp_name; 1630 } 1631 } 1632 1633 if (info->end_data == 0) { 1634 info->start_data = info->end_code; 1635 info->end_data = info->end_code; 1636 info->brk = info->end_code; 1637 } 1638 1639 if (qemu_log_enabled()) { 1640 load_symbols(ehdr, image_fd, load_bias); 1641 } 1642 1643 close(image_fd); 1644 return; 1645 1646 exit_read: 1647 if (retval >= 0) { 1648 errmsg = "Incomplete read of file header"; 1649 goto exit_errmsg; 1650 } 1651 exit_perror: 1652 errmsg = strerror(errno); 1653 exit_errmsg: 1654 fprintf(stderr, "%s: %s\n", image_name, errmsg); 1655 exit(-1); 1656 } 1657 1658 static void load_elf_interp(const char *filename, struct image_info *info, 1659 char bprm_buf[BPRM_BUF_SIZE]) 1660 { 1661 int fd, retval; 1662 1663 fd = open(path(filename), O_RDONLY); 1664 if (fd < 0) { 1665 goto exit_perror; 1666 } 1667 1668 retval = read(fd, bprm_buf, BPRM_BUF_SIZE); 1669 if (retval < 0) { 1670 goto exit_perror; 1671 } 1672 if (retval < BPRM_BUF_SIZE) { 1673 memset(bprm_buf + retval, 0, BPRM_BUF_SIZE - retval); 1674 } 1675 1676 load_elf_image(filename, fd, info, NULL, bprm_buf); 1677 return; 1678 1679 exit_perror: 1680 fprintf(stderr, "%s: %s\n", filename, strerror(errno)); 1681 exit(-1); 1682 } 1683 1684 static int symfind(const void *s0, const void *s1) 1685 { 1686 struct elf_sym *key = (struct elf_sym *)s0; 1687 struct elf_sym *sym = (struct elf_sym *)s1; 1688 int result = 0; 1689 if (key->st_value < sym->st_value) { 1690 result = -1; 1691 } else if (key->st_value >= sym->st_value + sym->st_size) { 1692 result = 1; 1693 } 1694 return result; 1695 } 1696 1697 static const char *lookup_symbolxx(struct syminfo *s, target_ulong orig_addr) 1698 { 1699 #if ELF_CLASS == ELFCLASS32 1700 struct elf_sym *syms = s->disas_symtab.elf32; 1701 #else 1702 struct elf_sym *syms = s->disas_symtab.elf64; 1703 #endif 1704 1705 // binary search 1706 struct elf_sym key; 1707 struct elf_sym *sym; 1708 1709 key.st_value = orig_addr; 1710 1711 sym = bsearch(&key, syms, s->disas_num_syms, sizeof(*syms), symfind); 1712 if (sym != NULL) { 1713 return s->disas_strtab + sym->st_name; 1714 } 1715 1716 return ""; 1717 } 1718 1719 /* FIXME: This should use elf_ops.h */ 1720 static int symcmp(const void *s0, const void *s1) 1721 { 1722 struct elf_sym *sym0 = (struct elf_sym *)s0; 1723 struct elf_sym *sym1 = (struct elf_sym *)s1; 1724 return (sym0->st_value < sym1->st_value) 1725 ? -1 1726 : ((sym0->st_value > sym1->st_value) ? 1 : 0); 1727 } 1728 1729 /* Best attempt to load symbols from this ELF object. */ 1730 static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias) 1731 { 1732 int i, shnum, nsyms, sym_idx = 0, str_idx = 0; 1733 struct elf_shdr *shdr; 1734 char *strings = NULL; 1735 struct syminfo *s = NULL; 1736 struct elf_sym *new_syms, *syms = NULL; 1737 1738 shnum = hdr->e_shnum; 1739 i = shnum * sizeof(struct elf_shdr); 1740 shdr = (struct elf_shdr *)alloca(i); 1741 if (pread(fd, shdr, i, hdr->e_shoff) != i) { 1742 return; 1743 } 1744 1745 bswap_shdr(shdr, shnum); 1746 for (i = 0; i < shnum; ++i) { 1747 if (shdr[i].sh_type == SHT_SYMTAB) { 1748 sym_idx = i; 1749 str_idx = shdr[i].sh_link; 1750 goto found; 1751 } 1752 } 1753 1754 /* There will be no symbol table if the file was stripped. */ 1755 return; 1756 1757 found: 1758 /* Now know where the strtab and symtab are. Snarf them. */ 1759 s = malloc(sizeof(*s)); 1760 if (!s) { 1761 goto give_up; 1762 } 1763 1764 i = shdr[str_idx].sh_size; 1765 s->disas_strtab = strings = malloc(i); 1766 if (!strings || pread(fd, strings, i, shdr[str_idx].sh_offset) != i) { 1767 goto give_up; 1768 } 1769 1770 i = shdr[sym_idx].sh_size; 1771 syms = malloc(i); 1772 if (!syms || pread(fd, syms, i, shdr[sym_idx].sh_offset) != i) { 1773 goto give_up; 1774 } 1775 1776 nsyms = i / sizeof(struct elf_sym); 1777 for (i = 0; i < nsyms; ) { 1778 bswap_sym(syms + i); 1779 /* Throw away entries which we do not need. */ 1780 if (syms[i].st_shndx == SHN_UNDEF 1781 || syms[i].st_shndx >= SHN_LORESERVE 1782 || ELF_ST_TYPE(syms[i].st_info) != STT_FUNC) { 1783 if (i < --nsyms) { 1784 syms[i] = syms[nsyms]; 1785 } 1786 } else { 1787 #if defined(TARGET_ARM) || defined (TARGET_MIPS) 1788 /* The bottom address bit marks a Thumb or MIPS16 symbol. */ 1789 syms[i].st_value &= ~(target_ulong)1; 1790 #endif 1791 syms[i].st_value += load_bias; 1792 i++; 1793 } 1794 } 1795 1796 /* No "useful" symbol. */ 1797 if (nsyms == 0) { 1798 goto give_up; 1799 } 1800 1801 /* Attempt to free the storage associated with the local symbols 1802 that we threw away. Whether or not this has any effect on the 1803 memory allocation depends on the malloc implementation and how 1804 many symbols we managed to discard. */ 1805 new_syms = realloc(syms, nsyms * sizeof(*syms)); 1806 if (new_syms == NULL) { 1807 goto give_up; 1808 } 1809 syms = new_syms; 1810 1811 qsort(syms, nsyms, sizeof(*syms), symcmp); 1812 1813 s->disas_num_syms = nsyms; 1814 #if ELF_CLASS == ELFCLASS32 1815 s->disas_symtab.elf32 = syms; 1816 #else 1817 s->disas_symtab.elf64 = syms; 1818 #endif 1819 s->lookup_symbol = lookup_symbolxx; 1820 s->next = syminfos; 1821 syminfos = s; 1822 1823 return; 1824 1825 give_up: 1826 free(s); 1827 free(strings); 1828 free(syms); 1829 } 1830 1831 int load_elf_binary(struct linux_binprm * bprm, struct target_pt_regs * regs, 1832 struct image_info * info) 1833 { 1834 struct image_info interp_info; 1835 struct elfhdr elf_ex; 1836 char *elf_interpreter = NULL; 1837 1838 info->start_mmap = (abi_ulong)ELF_START_MMAP; 1839 info->mmap = 0; 1840 info->rss = 0; 1841 1842 load_elf_image(bprm->filename, bprm->fd, info, 1843 &elf_interpreter, bprm->buf); 1844 1845 /* ??? We need a copy of the elf header for passing to create_elf_tables. 1846 If we do nothing, we'll have overwritten this when we re-use bprm->buf 1847 when we load the interpreter. */ 1848 elf_ex = *(struct elfhdr *)bprm->buf; 1849 1850 bprm->p = copy_elf_strings(1, &bprm->filename, bprm->page, bprm->p); 1851 bprm->p = copy_elf_strings(bprm->envc,bprm->envp,bprm->page,bprm->p); 1852 bprm->p = copy_elf_strings(bprm->argc,bprm->argv,bprm->page,bprm->p); 1853 if (!bprm->p) { 1854 fprintf(stderr, "%s: %s\n", bprm->filename, strerror(E2BIG)); 1855 exit(-1); 1856 } 1857 1858 /* Do this so that we can load the interpreter, if need be. We will 1859 change some of these later */ 1860 bprm->p = setup_arg_pages(bprm->p, bprm, info); 1861 1862 if (elf_interpreter) { 1863 load_elf_interp(elf_interpreter, &interp_info, bprm->buf); 1864 1865 /* If the program interpreter is one of these two, then assume 1866 an iBCS2 image. Otherwise assume a native linux image. */ 1867 1868 if (strcmp(elf_interpreter, "/usr/lib/libc.so.1") == 0 1869 || strcmp(elf_interpreter, "/usr/lib/ld.so.1") == 0) { 1870 info->personality = PER_SVR4; 1871 1872 /* Why this, you ask??? Well SVr4 maps page 0 as read-only, 1873 and some applications "depend" upon this behavior. Since 1874 we do not have the power to recompile these, we emulate 1875 the SVr4 behavior. Sigh. */ 1876 target_mmap(0, qemu_host_page_size, PROT_READ | PROT_EXEC, 1877 MAP_FIXED | MAP_PRIVATE, -1, 0); 1878 } 1879 } 1880 1881 bprm->p = create_elf_tables(bprm->p, bprm->argc, bprm->envc, &elf_ex, 1882 info, (elf_interpreter ? &interp_info : NULL)); 1883 info->start_stack = bprm->p; 1884 1885 /* If we have an interpreter, set that as the program's entry point. 1886 Copy the load_bias as well, to help PPC64 interpret the entry 1887 point as a function descriptor. Do this after creating elf tables 1888 so that we copy the original program entry point into the AUXV. */ 1889 if (elf_interpreter) { 1890 info->load_bias = interp_info.load_bias; 1891 info->entry = interp_info.entry; 1892 free(elf_interpreter); 1893 } 1894 1895 #ifdef USE_ELF_CORE_DUMP 1896 bprm->core_dump = &elf_core_dump; 1897 #endif 1898 1899 return 0; 1900 } 1901 1902 #ifdef USE_ELF_CORE_DUMP 1903 /* 1904 * Definitions to generate Intel SVR4-like core files. 1905 * These mostly have the same names as the SVR4 types with "target_elf_" 1906 * tacked on the front to prevent clashes with linux definitions, 1907 * and the typedef forms have been avoided. This is mostly like 1908 * the SVR4 structure, but more Linuxy, with things that Linux does 1909 * not support and which gdb doesn't really use excluded. 1910 * 1911 * Fields we don't dump (their contents is zero) in linux-user qemu 1912 * are marked with XXX. 1913 * 1914 * Core dump code is copied from linux kernel (fs/binfmt_elf.c). 1915 * 1916 * Porting ELF coredump for target is (quite) simple process. First you 1917 * define USE_ELF_CORE_DUMP in target ELF code (where init_thread() for 1918 * the target resides): 1919 * 1920 * #define USE_ELF_CORE_DUMP 1921 * 1922 * Next you define type of register set used for dumping. ELF specification 1923 * says that it needs to be array of elf_greg_t that has size of ELF_NREG. 1924 * 1925 * typedef <target_regtype> target_elf_greg_t; 1926 * #define ELF_NREG <number of registers> 1927 * typedef taret_elf_greg_t target_elf_gregset_t[ELF_NREG]; 1928 * 1929 * Last step is to implement target specific function that copies registers 1930 * from given cpu into just specified register set. Prototype is: 1931 * 1932 * static void elf_core_copy_regs(taret_elf_gregset_t *regs, 1933 * const CPUState *env); 1934 * 1935 * Parameters: 1936 * regs - copy register values into here (allocated and zeroed by caller) 1937 * env - copy registers from here 1938 * 1939 * Example for ARM target is provided in this file. 1940 */ 1941 1942 /* An ELF note in memory */ 1943 struct memelfnote { 1944 const char *name; 1945 size_t namesz; 1946 size_t namesz_rounded; 1947 int type; 1948 size_t datasz; 1949 size_t datasz_rounded; 1950 void *data; 1951 size_t notesz; 1952 }; 1953 1954 struct target_elf_siginfo { 1955 target_int si_signo; /* signal number */ 1956 target_int si_code; /* extra code */ 1957 target_int si_errno; /* errno */ 1958 }; 1959 1960 struct target_elf_prstatus { 1961 struct target_elf_siginfo pr_info; /* Info associated with signal */ 1962 target_short pr_cursig; /* Current signal */ 1963 target_ulong pr_sigpend; /* XXX */ 1964 target_ulong pr_sighold; /* XXX */ 1965 target_pid_t pr_pid; 1966 target_pid_t pr_ppid; 1967 target_pid_t pr_pgrp; 1968 target_pid_t pr_sid; 1969 struct target_timeval pr_utime; /* XXX User time */ 1970 struct target_timeval pr_stime; /* XXX System time */ 1971 struct target_timeval pr_cutime; /* XXX Cumulative user time */ 1972 struct target_timeval pr_cstime; /* XXX Cumulative system time */ 1973 target_elf_gregset_t pr_reg; /* GP registers */ 1974 target_int pr_fpvalid; /* XXX */ 1975 }; 1976 1977 #define ELF_PRARGSZ (80) /* Number of chars for args */ 1978 1979 struct target_elf_prpsinfo { 1980 char pr_state; /* numeric process state */ 1981 char pr_sname; /* char for pr_state */ 1982 char pr_zomb; /* zombie */ 1983 char pr_nice; /* nice val */ 1984 target_ulong pr_flag; /* flags */ 1985 target_uid_t pr_uid; 1986 target_gid_t pr_gid; 1987 target_pid_t pr_pid, pr_ppid, pr_pgrp, pr_sid; 1988 /* Lots missing */ 1989 char pr_fname[16]; /* filename of executable */ 1990 char pr_psargs[ELF_PRARGSZ]; /* initial part of arg list */ 1991 }; 1992 1993 /* Here is the structure in which status of each thread is captured. */ 1994 struct elf_thread_status { 1995 QTAILQ_ENTRY(elf_thread_status) ets_link; 1996 struct target_elf_prstatus prstatus; /* NT_PRSTATUS */ 1997 #if 0 1998 elf_fpregset_t fpu; /* NT_PRFPREG */ 1999 struct task_struct *thread; 2000 elf_fpxregset_t xfpu; /* ELF_CORE_XFPREG_TYPE */ 2001 #endif 2002 struct memelfnote notes[1]; 2003 int num_notes; 2004 }; 2005 2006 struct elf_note_info { 2007 struct memelfnote *notes; 2008 struct target_elf_prstatus *prstatus; /* NT_PRSTATUS */ 2009 struct target_elf_prpsinfo *psinfo; /* NT_PRPSINFO */ 2010 2011 QTAILQ_HEAD(thread_list_head, elf_thread_status) thread_list; 2012 #if 0 2013 /* 2014 * Current version of ELF coredump doesn't support 2015 * dumping fp regs etc. 2016 */ 2017 elf_fpregset_t *fpu; 2018 elf_fpxregset_t *xfpu; 2019 int thread_status_size; 2020 #endif 2021 int notes_size; 2022 int numnote; 2023 }; 2024 2025 struct vm_area_struct { 2026 abi_ulong vma_start; /* start vaddr of memory region */ 2027 abi_ulong vma_end; /* end vaddr of memory region */ 2028 abi_ulong vma_flags; /* protection etc. flags for the region */ 2029 QTAILQ_ENTRY(vm_area_struct) vma_link; 2030 }; 2031 2032 struct mm_struct { 2033 QTAILQ_HEAD(, vm_area_struct) mm_mmap; 2034 int mm_count; /* number of mappings */ 2035 }; 2036 2037 static struct mm_struct *vma_init(void); 2038 static void vma_delete(struct mm_struct *); 2039 static int vma_add_mapping(struct mm_struct *, abi_ulong, 2040 abi_ulong, abi_ulong); 2041 static int vma_get_mapping_count(const struct mm_struct *); 2042 static struct vm_area_struct *vma_first(const struct mm_struct *); 2043 static struct vm_area_struct *vma_next(struct vm_area_struct *); 2044 static abi_ulong vma_dump_size(const struct vm_area_struct *); 2045 static int vma_walker(void *priv, abi_ulong start, abi_ulong end, 2046 unsigned long flags); 2047 2048 static void fill_elf_header(struct elfhdr *, int, uint16_t, uint32_t); 2049 static void fill_note(struct memelfnote *, const char *, int, 2050 unsigned int, void *); 2051 static void fill_prstatus(struct target_elf_prstatus *, const TaskState *, int); 2052 static int fill_psinfo(struct target_elf_prpsinfo *, const TaskState *); 2053 static void fill_auxv_note(struct memelfnote *, const TaskState *); 2054 static void fill_elf_note_phdr(struct elf_phdr *, int, off_t); 2055 static size_t note_size(const struct memelfnote *); 2056 static void free_note_info(struct elf_note_info *); 2057 static int fill_note_info(struct elf_note_info *, long, const CPUState *); 2058 static void fill_thread_info(struct elf_note_info *, const CPUState *); 2059 static int core_dump_filename(const TaskState *, char *, size_t); 2060 2061 static int dump_write(int, const void *, size_t); 2062 static int write_note(struct memelfnote *, int); 2063 static int write_note_info(struct elf_note_info *, int); 2064 2065 #ifdef BSWAP_NEEDED 2066 static void bswap_prstatus(struct target_elf_prstatus *prstatus) 2067 { 2068 prstatus->pr_info.si_signo = tswapl(prstatus->pr_info.si_signo); 2069 prstatus->pr_info.si_code = tswapl(prstatus->pr_info.si_code); 2070 prstatus->pr_info.si_errno = tswapl(prstatus->pr_info.si_errno); 2071 prstatus->pr_cursig = tswap16(prstatus->pr_cursig); 2072 prstatus->pr_sigpend = tswapl(prstatus->pr_sigpend); 2073 prstatus->pr_sighold = tswapl(prstatus->pr_sighold); 2074 prstatus->pr_pid = tswap32(prstatus->pr_pid); 2075 prstatus->pr_ppid = tswap32(prstatus->pr_ppid); 2076 prstatus->pr_pgrp = tswap32(prstatus->pr_pgrp); 2077 prstatus->pr_sid = tswap32(prstatus->pr_sid); 2078 /* cpu times are not filled, so we skip them */ 2079 /* regs should be in correct format already */ 2080 prstatus->pr_fpvalid = tswap32(prstatus->pr_fpvalid); 2081 } 2082 2083 static void bswap_psinfo(struct target_elf_prpsinfo *psinfo) 2084 { 2085 psinfo->pr_flag = tswapl(psinfo->pr_flag); 2086 psinfo->pr_uid = tswap16(psinfo->pr_uid); 2087 psinfo->pr_gid = tswap16(psinfo->pr_gid); 2088 psinfo->pr_pid = tswap32(psinfo->pr_pid); 2089 psinfo->pr_ppid = tswap32(psinfo->pr_ppid); 2090 psinfo->pr_pgrp = tswap32(psinfo->pr_pgrp); 2091 psinfo->pr_sid = tswap32(psinfo->pr_sid); 2092 } 2093 2094 static void bswap_note(struct elf_note *en) 2095 { 2096 bswap32s(&en->n_namesz); 2097 bswap32s(&en->n_descsz); 2098 bswap32s(&en->n_type); 2099 } 2100 #else 2101 static inline void bswap_prstatus(struct target_elf_prstatus *p) { } 2102 static inline void bswap_psinfo(struct target_elf_prpsinfo *p) {} 2103 static inline void bswap_note(struct elf_note *en) { } 2104 #endif /* BSWAP_NEEDED */ 2105 2106 /* 2107 * Minimal support for linux memory regions. These are needed 2108 * when we are finding out what memory exactly belongs to 2109 * emulated process. No locks needed here, as long as 2110 * thread that received the signal is stopped. 2111 */ 2112 2113 static struct mm_struct *vma_init(void) 2114 { 2115 struct mm_struct *mm; 2116 2117 if ((mm = g_malloc(sizeof (*mm))) == NULL) 2118 return (NULL); 2119 2120 mm->mm_count = 0; 2121 QTAILQ_INIT(&mm->mm_mmap); 2122 2123 return (mm); 2124 } 2125 2126 static void vma_delete(struct mm_struct *mm) 2127 { 2128 struct vm_area_struct *vma; 2129 2130 while ((vma = vma_first(mm)) != NULL) { 2131 QTAILQ_REMOVE(&mm->mm_mmap, vma, vma_link); 2132 g_free(vma); 2133 } 2134 g_free(mm); 2135 } 2136 2137 static int vma_add_mapping(struct mm_struct *mm, abi_ulong start, 2138 abi_ulong end, abi_ulong flags) 2139 { 2140 struct vm_area_struct *vma; 2141 2142 if ((vma = g_malloc0(sizeof (*vma))) == NULL) 2143 return (-1); 2144 2145 vma->vma_start = start; 2146 vma->vma_end = end; 2147 vma->vma_flags = flags; 2148 2149 QTAILQ_INSERT_TAIL(&mm->mm_mmap, vma, vma_link); 2150 mm->mm_count++; 2151 2152 return (0); 2153 } 2154 2155 static struct vm_area_struct *vma_first(const struct mm_struct *mm) 2156 { 2157 return (QTAILQ_FIRST(&mm->mm_mmap)); 2158 } 2159 2160 static struct vm_area_struct *vma_next(struct vm_area_struct *vma) 2161 { 2162 return (QTAILQ_NEXT(vma, vma_link)); 2163 } 2164 2165 static int vma_get_mapping_count(const struct mm_struct *mm) 2166 { 2167 return (mm->mm_count); 2168 } 2169 2170 /* 2171 * Calculate file (dump) size of given memory region. 2172 */ 2173 static abi_ulong vma_dump_size(const struct vm_area_struct *vma) 2174 { 2175 /* if we cannot even read the first page, skip it */ 2176 if (!access_ok(VERIFY_READ, vma->vma_start, TARGET_PAGE_SIZE)) 2177 return (0); 2178 2179 /* 2180 * Usually we don't dump executable pages as they contain 2181 * non-writable code that debugger can read directly from 2182 * target library etc. However, thread stacks are marked 2183 * also executable so we read in first page of given region 2184 * and check whether it contains elf header. If there is 2185 * no elf header, we dump it. 2186 */ 2187 if (vma->vma_flags & PROT_EXEC) { 2188 char page[TARGET_PAGE_SIZE]; 2189 2190 copy_from_user(page, vma->vma_start, sizeof (page)); 2191 if ((page[EI_MAG0] == ELFMAG0) && 2192 (page[EI_MAG1] == ELFMAG1) && 2193 (page[EI_MAG2] == ELFMAG2) && 2194 (page[EI_MAG3] == ELFMAG3)) { 2195 /* 2196 * Mappings are possibly from ELF binary. Don't dump 2197 * them. 2198 */ 2199 return (0); 2200 } 2201 } 2202 2203 return (vma->vma_end - vma->vma_start); 2204 } 2205 2206 static int vma_walker(void *priv, abi_ulong start, abi_ulong end, 2207 unsigned long flags) 2208 { 2209 struct mm_struct *mm = (struct mm_struct *)priv; 2210 2211 vma_add_mapping(mm, start, end, flags); 2212 return (0); 2213 } 2214 2215 static void fill_note(struct memelfnote *note, const char *name, int type, 2216 unsigned int sz, void *data) 2217 { 2218 unsigned int namesz; 2219 2220 namesz = strlen(name) + 1; 2221 note->name = name; 2222 note->namesz = namesz; 2223 note->namesz_rounded = roundup(namesz, sizeof (int32_t)); 2224 note->type = type; 2225 note->datasz = sz; 2226 note->datasz_rounded = roundup(sz, sizeof (int32_t)); 2227 2228 note->data = data; 2229 2230 /* 2231 * We calculate rounded up note size here as specified by 2232 * ELF document. 2233 */ 2234 note->notesz = sizeof (struct elf_note) + 2235 note->namesz_rounded + note->datasz_rounded; 2236 } 2237 2238 static void fill_elf_header(struct elfhdr *elf, int segs, uint16_t machine, 2239 uint32_t flags) 2240 { 2241 (void) memset(elf, 0, sizeof(*elf)); 2242 2243 (void) memcpy(elf->e_ident, ELFMAG, SELFMAG); 2244 elf->e_ident[EI_CLASS] = ELF_CLASS; 2245 elf->e_ident[EI_DATA] = ELF_DATA; 2246 elf->e_ident[EI_VERSION] = EV_CURRENT; 2247 elf->e_ident[EI_OSABI] = ELF_OSABI; 2248 2249 elf->e_type = ET_CORE; 2250 elf->e_machine = machine; 2251 elf->e_version = EV_CURRENT; 2252 elf->e_phoff = sizeof(struct elfhdr); 2253 elf->e_flags = flags; 2254 elf->e_ehsize = sizeof(struct elfhdr); 2255 elf->e_phentsize = sizeof(struct elf_phdr); 2256 elf->e_phnum = segs; 2257 2258 bswap_ehdr(elf); 2259 } 2260 2261 static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, off_t offset) 2262 { 2263 phdr->p_type = PT_NOTE; 2264 phdr->p_offset = offset; 2265 phdr->p_vaddr = 0; 2266 phdr->p_paddr = 0; 2267 phdr->p_filesz = sz; 2268 phdr->p_memsz = 0; 2269 phdr->p_flags = 0; 2270 phdr->p_align = 0; 2271 2272 bswap_phdr(phdr, 1); 2273 } 2274 2275 static size_t note_size(const struct memelfnote *note) 2276 { 2277 return (note->notesz); 2278 } 2279 2280 static void fill_prstatus(struct target_elf_prstatus *prstatus, 2281 const TaskState *ts, int signr) 2282 { 2283 (void) memset(prstatus, 0, sizeof (*prstatus)); 2284 prstatus->pr_info.si_signo = prstatus->pr_cursig = signr; 2285 prstatus->pr_pid = ts->ts_tid; 2286 prstatus->pr_ppid = getppid(); 2287 prstatus->pr_pgrp = getpgrp(); 2288 prstatus->pr_sid = getsid(0); 2289 2290 bswap_prstatus(prstatus); 2291 } 2292 2293 static int fill_psinfo(struct target_elf_prpsinfo *psinfo, const TaskState *ts) 2294 { 2295 char *filename, *base_filename; 2296 unsigned int i, len; 2297 2298 (void) memset(psinfo, 0, sizeof (*psinfo)); 2299 2300 len = ts->info->arg_end - ts->info->arg_start; 2301 if (len >= ELF_PRARGSZ) 2302 len = ELF_PRARGSZ - 1; 2303 if (copy_from_user(&psinfo->pr_psargs, ts->info->arg_start, len)) 2304 return -EFAULT; 2305 for (i = 0; i < len; i++) 2306 if (psinfo->pr_psargs[i] == 0) 2307 psinfo->pr_psargs[i] = ' '; 2308 psinfo->pr_psargs[len] = 0; 2309 2310 psinfo->pr_pid = getpid(); 2311 psinfo->pr_ppid = getppid(); 2312 psinfo->pr_pgrp = getpgrp(); 2313 psinfo->pr_sid = getsid(0); 2314 psinfo->pr_uid = getuid(); 2315 psinfo->pr_gid = getgid(); 2316 2317 filename = strdup(ts->bprm->filename); 2318 base_filename = strdup(basename(filename)); 2319 (void) strncpy(psinfo->pr_fname, base_filename, 2320 sizeof(psinfo->pr_fname)); 2321 free(base_filename); 2322 free(filename); 2323 2324 bswap_psinfo(psinfo); 2325 return (0); 2326 } 2327 2328 static void fill_auxv_note(struct memelfnote *note, const TaskState *ts) 2329 { 2330 elf_addr_t auxv = (elf_addr_t)ts->info->saved_auxv; 2331 elf_addr_t orig_auxv = auxv; 2332 abi_ulong val; 2333 void *ptr; 2334 int i, len; 2335 2336 /* 2337 * Auxiliary vector is stored in target process stack. It contains 2338 * {type, value} pairs that we need to dump into note. This is not 2339 * strictly necessary but we do it here for sake of completeness. 2340 */ 2341 2342 /* find out length of the vector, AT_NULL is terminator */ 2343 i = len = 0; 2344 do { 2345 get_user_ual(val, auxv); 2346 i += 2; 2347 auxv += 2 * sizeof (elf_addr_t); 2348 } while (val != AT_NULL); 2349 len = i * sizeof (elf_addr_t); 2350 2351 /* read in whole auxv vector and copy it to memelfnote */ 2352 ptr = lock_user(VERIFY_READ, orig_auxv, len, 0); 2353 if (ptr != NULL) { 2354 fill_note(note, "CORE", NT_AUXV, len, ptr); 2355 unlock_user(ptr, auxv, len); 2356 } 2357 } 2358 2359 /* 2360 * Constructs name of coredump file. We have following convention 2361 * for the name: 2362 * qemu_<basename-of-target-binary>_<date>-<time>_<pid>.core 2363 * 2364 * Returns 0 in case of success, -1 otherwise (errno is set). 2365 */ 2366 static int core_dump_filename(const TaskState *ts, char *buf, 2367 size_t bufsize) 2368 { 2369 char timestamp[64]; 2370 char *filename = NULL; 2371 char *base_filename = NULL; 2372 struct timeval tv; 2373 struct tm tm; 2374 2375 assert(bufsize >= PATH_MAX); 2376 2377 if (gettimeofday(&tv, NULL) < 0) { 2378 (void) fprintf(stderr, "unable to get current timestamp: %s", 2379 strerror(errno)); 2380 return (-1); 2381 } 2382 2383 filename = strdup(ts->bprm->filename); 2384 base_filename = strdup(basename(filename)); 2385 (void) strftime(timestamp, sizeof (timestamp), "%Y%m%d-%H%M%S", 2386 localtime_r(&tv.tv_sec, &tm)); 2387 (void) snprintf(buf, bufsize, "qemu_%s_%s_%d.core", 2388 base_filename, timestamp, (int)getpid()); 2389 free(base_filename); 2390 free(filename); 2391 2392 return (0); 2393 } 2394 2395 static int dump_write(int fd, const void *ptr, size_t size) 2396 { 2397 const char *bufp = (const char *)ptr; 2398 ssize_t bytes_written, bytes_left; 2399 struct rlimit dumpsize; 2400 off_t pos; 2401 2402 bytes_written = 0; 2403 getrlimit(RLIMIT_CORE, &dumpsize); 2404 if ((pos = lseek(fd, 0, SEEK_CUR))==-1) { 2405 if (errno == ESPIPE) { /* not a seekable stream */ 2406 bytes_left = size; 2407 } else { 2408 return pos; 2409 } 2410 } else { 2411 if (dumpsize.rlim_cur <= pos) { 2412 return -1; 2413 } else if (dumpsize.rlim_cur == RLIM_INFINITY) { 2414 bytes_left = size; 2415 } else { 2416 size_t limit_left=dumpsize.rlim_cur - pos; 2417 bytes_left = limit_left >= size ? size : limit_left ; 2418 } 2419 } 2420 2421 /* 2422 * In normal conditions, single write(2) should do but 2423 * in case of socket etc. this mechanism is more portable. 2424 */ 2425 do { 2426 bytes_written = write(fd, bufp, bytes_left); 2427 if (bytes_written < 0) { 2428 if (errno == EINTR) 2429 continue; 2430 return (-1); 2431 } else if (bytes_written == 0) { /* eof */ 2432 return (-1); 2433 } 2434 bufp += bytes_written; 2435 bytes_left -= bytes_written; 2436 } while (bytes_left > 0); 2437 2438 return (0); 2439 } 2440 2441 static int write_note(struct memelfnote *men, int fd) 2442 { 2443 struct elf_note en; 2444 2445 en.n_namesz = men->namesz; 2446 en.n_type = men->type; 2447 en.n_descsz = men->datasz; 2448 2449 bswap_note(&en); 2450 2451 if (dump_write(fd, &en, sizeof(en)) != 0) 2452 return (-1); 2453 if (dump_write(fd, men->name, men->namesz_rounded) != 0) 2454 return (-1); 2455 if (dump_write(fd, men->data, men->datasz_rounded) != 0) 2456 return (-1); 2457 2458 return (0); 2459 } 2460 2461 static void fill_thread_info(struct elf_note_info *info, const CPUState *env) 2462 { 2463 TaskState *ts = (TaskState *)env->opaque; 2464 struct elf_thread_status *ets; 2465 2466 ets = g_malloc0(sizeof (*ets)); 2467 ets->num_notes = 1; /* only prstatus is dumped */ 2468 fill_prstatus(&ets->prstatus, ts, 0); 2469 elf_core_copy_regs(&ets->prstatus.pr_reg, env); 2470 fill_note(&ets->notes[0], "CORE", NT_PRSTATUS, sizeof (ets->prstatus), 2471 &ets->prstatus); 2472 2473 QTAILQ_INSERT_TAIL(&info->thread_list, ets, ets_link); 2474 2475 info->notes_size += note_size(&ets->notes[0]); 2476 } 2477 2478 static int fill_note_info(struct elf_note_info *info, 2479 long signr, const CPUState *env) 2480 { 2481 #define NUMNOTES 3 2482 CPUState *cpu = NULL; 2483 TaskState *ts = (TaskState *)env->opaque; 2484 int i; 2485 2486 (void) memset(info, 0, sizeof (*info)); 2487 2488 QTAILQ_INIT(&info->thread_list); 2489 2490 info->notes = g_malloc0(NUMNOTES * sizeof (struct memelfnote)); 2491 if (info->notes == NULL) 2492 return (-ENOMEM); 2493 info->prstatus = g_malloc0(sizeof (*info->prstatus)); 2494 if (info->prstatus == NULL) 2495 return (-ENOMEM); 2496 info->psinfo = g_malloc0(sizeof (*info->psinfo)); 2497 if (info->prstatus == NULL) 2498 return (-ENOMEM); 2499 2500 /* 2501 * First fill in status (and registers) of current thread 2502 * including process info & aux vector. 2503 */ 2504 fill_prstatus(info->prstatus, ts, signr); 2505 elf_core_copy_regs(&info->prstatus->pr_reg, env); 2506 fill_note(&info->notes[0], "CORE", NT_PRSTATUS, 2507 sizeof (*info->prstatus), info->prstatus); 2508 fill_psinfo(info->psinfo, ts); 2509 fill_note(&info->notes[1], "CORE", NT_PRPSINFO, 2510 sizeof (*info->psinfo), info->psinfo); 2511 fill_auxv_note(&info->notes[2], ts); 2512 info->numnote = 3; 2513 2514 info->notes_size = 0; 2515 for (i = 0; i < info->numnote; i++) 2516 info->notes_size += note_size(&info->notes[i]); 2517 2518 /* read and fill status of all threads */ 2519 cpu_list_lock(); 2520 for (cpu = first_cpu; cpu != NULL; cpu = cpu->next_cpu) { 2521 if (cpu == thread_env) 2522 continue; 2523 fill_thread_info(info, cpu); 2524 } 2525 cpu_list_unlock(); 2526 2527 return (0); 2528 } 2529 2530 static void free_note_info(struct elf_note_info *info) 2531 { 2532 struct elf_thread_status *ets; 2533 2534 while (!QTAILQ_EMPTY(&info->thread_list)) { 2535 ets = QTAILQ_FIRST(&info->thread_list); 2536 QTAILQ_REMOVE(&info->thread_list, ets, ets_link); 2537 g_free(ets); 2538 } 2539 2540 g_free(info->prstatus); 2541 g_free(info->psinfo); 2542 g_free(info->notes); 2543 } 2544 2545 static int write_note_info(struct elf_note_info *info, int fd) 2546 { 2547 struct elf_thread_status *ets; 2548 int i, error = 0; 2549 2550 /* write prstatus, psinfo and auxv for current thread */ 2551 for (i = 0; i < info->numnote; i++) 2552 if ((error = write_note(&info->notes[i], fd)) != 0) 2553 return (error); 2554 2555 /* write prstatus for each thread */ 2556 for (ets = info->thread_list.tqh_first; ets != NULL; 2557 ets = ets->ets_link.tqe_next) { 2558 if ((error = write_note(&ets->notes[0], fd)) != 0) 2559 return (error); 2560 } 2561 2562 return (0); 2563 } 2564 2565 /* 2566 * Write out ELF coredump. 2567 * 2568 * See documentation of ELF object file format in: 2569 * http://www.caldera.com/developers/devspecs/gabi41.pdf 2570 * 2571 * Coredump format in linux is following: 2572 * 2573 * 0 +----------------------+ \ 2574 * | ELF header | ET_CORE | 2575 * +----------------------+ | 2576 * | ELF program headers | |--- headers 2577 * | - NOTE section | | 2578 * | - PT_LOAD sections | | 2579 * +----------------------+ / 2580 * | NOTEs: | 2581 * | - NT_PRSTATUS | 2582 * | - NT_PRSINFO | 2583 * | - NT_AUXV | 2584 * +----------------------+ <-- aligned to target page 2585 * | Process memory dump | 2586 * : : 2587 * . . 2588 * : : 2589 * | | 2590 * +----------------------+ 2591 * 2592 * NT_PRSTATUS -> struct elf_prstatus (per thread) 2593 * NT_PRSINFO -> struct elf_prpsinfo 2594 * NT_AUXV is array of { type, value } pairs (see fill_auxv_note()). 2595 * 2596 * Format follows System V format as close as possible. Current 2597 * version limitations are as follows: 2598 * - no floating point registers are dumped 2599 * 2600 * Function returns 0 in case of success, negative errno otherwise. 2601 * 2602 * TODO: make this work also during runtime: it should be 2603 * possible to force coredump from running process and then 2604 * continue processing. For example qemu could set up SIGUSR2 2605 * handler (provided that target process haven't registered 2606 * handler for that) that does the dump when signal is received. 2607 */ 2608 static int elf_core_dump(int signr, const CPUState *env) 2609 { 2610 const TaskState *ts = (const TaskState *)env->opaque; 2611 struct vm_area_struct *vma = NULL; 2612 char corefile[PATH_MAX]; 2613 struct elf_note_info info; 2614 struct elfhdr elf; 2615 struct elf_phdr phdr; 2616 struct rlimit dumpsize; 2617 struct mm_struct *mm = NULL; 2618 off_t offset = 0, data_offset = 0; 2619 int segs = 0; 2620 int fd = -1; 2621 2622 errno = 0; 2623 getrlimit(RLIMIT_CORE, &dumpsize); 2624 if (dumpsize.rlim_cur == 0) 2625 return 0; 2626 2627 if (core_dump_filename(ts, corefile, sizeof (corefile)) < 0) 2628 return (-errno); 2629 2630 if ((fd = open(corefile, O_WRONLY | O_CREAT, 2631 S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)) < 0) 2632 return (-errno); 2633 2634 /* 2635 * Walk through target process memory mappings and 2636 * set up structure containing this information. After 2637 * this point vma_xxx functions can be used. 2638 */ 2639 if ((mm = vma_init()) == NULL) 2640 goto out; 2641 2642 walk_memory_regions(mm, vma_walker); 2643 segs = vma_get_mapping_count(mm); 2644 2645 /* 2646 * Construct valid coredump ELF header. We also 2647 * add one more segment for notes. 2648 */ 2649 fill_elf_header(&elf, segs + 1, ELF_MACHINE, 0); 2650 if (dump_write(fd, &elf, sizeof (elf)) != 0) 2651 goto out; 2652 2653 /* fill in in-memory version of notes */ 2654 if (fill_note_info(&info, signr, env) < 0) 2655 goto out; 2656 2657 offset += sizeof (elf); /* elf header */ 2658 offset += (segs + 1) * sizeof (struct elf_phdr); /* program headers */ 2659 2660 /* write out notes program header */ 2661 fill_elf_note_phdr(&phdr, info.notes_size, offset); 2662 2663 offset += info.notes_size; 2664 if (dump_write(fd, &phdr, sizeof (phdr)) != 0) 2665 goto out; 2666 2667 /* 2668 * ELF specification wants data to start at page boundary so 2669 * we align it here. 2670 */ 2671 data_offset = offset = roundup(offset, ELF_EXEC_PAGESIZE); 2672 2673 /* 2674 * Write program headers for memory regions mapped in 2675 * the target process. 2676 */ 2677 for (vma = vma_first(mm); vma != NULL; vma = vma_next(vma)) { 2678 (void) memset(&phdr, 0, sizeof (phdr)); 2679 2680 phdr.p_type = PT_LOAD; 2681 phdr.p_offset = offset; 2682 phdr.p_vaddr = vma->vma_start; 2683 phdr.p_paddr = 0; 2684 phdr.p_filesz = vma_dump_size(vma); 2685 offset += phdr.p_filesz; 2686 phdr.p_memsz = vma->vma_end - vma->vma_start; 2687 phdr.p_flags = vma->vma_flags & PROT_READ ? PF_R : 0; 2688 if (vma->vma_flags & PROT_WRITE) 2689 phdr.p_flags |= PF_W; 2690 if (vma->vma_flags & PROT_EXEC) 2691 phdr.p_flags |= PF_X; 2692 phdr.p_align = ELF_EXEC_PAGESIZE; 2693 2694 bswap_phdr(&phdr, 1); 2695 dump_write(fd, &phdr, sizeof (phdr)); 2696 } 2697 2698 /* 2699 * Next we write notes just after program headers. No 2700 * alignment needed here. 2701 */ 2702 if (write_note_info(&info, fd) < 0) 2703 goto out; 2704 2705 /* align data to page boundary */ 2706 if (lseek(fd, data_offset, SEEK_SET) != data_offset) 2707 goto out; 2708 2709 /* 2710 * Finally we can dump process memory into corefile as well. 2711 */ 2712 for (vma = vma_first(mm); vma != NULL; vma = vma_next(vma)) { 2713 abi_ulong addr; 2714 abi_ulong end; 2715 2716 end = vma->vma_start + vma_dump_size(vma); 2717 2718 for (addr = vma->vma_start; addr < end; 2719 addr += TARGET_PAGE_SIZE) { 2720 char page[TARGET_PAGE_SIZE]; 2721 int error; 2722 2723 /* 2724 * Read in page from target process memory and 2725 * write it to coredump file. 2726 */ 2727 error = copy_from_user(page, addr, sizeof (page)); 2728 if (error != 0) { 2729 (void) fprintf(stderr, "unable to dump " TARGET_ABI_FMT_lx "\n", 2730 addr); 2731 errno = -error; 2732 goto out; 2733 } 2734 if (dump_write(fd, page, TARGET_PAGE_SIZE) < 0) 2735 goto out; 2736 } 2737 } 2738 2739 out: 2740 free_note_info(&info); 2741 if (mm != NULL) 2742 vma_delete(mm); 2743 (void) close(fd); 2744 2745 if (errno != 0) 2746 return (-errno); 2747 return (0); 2748 } 2749 #endif /* USE_ELF_CORE_DUMP */ 2750 2751 void do_init_thread(struct target_pt_regs *regs, struct image_info *infop) 2752 { 2753 init_thread(regs, infop); 2754 } 2755