xref: /openbmc/qemu/linux-user/elfload.c (revision d6032e06)
1 /* This is the Linux kernel elf-loading code, ported into user space */
2 #include <sys/time.h>
3 #include <sys/param.h>
4 
5 #include <stdio.h>
6 #include <sys/types.h>
7 #include <fcntl.h>
8 #include <errno.h>
9 #include <unistd.h>
10 #include <sys/mman.h>
11 #include <sys/resource.h>
12 #include <stdlib.h>
13 #include <string.h>
14 #include <time.h>
15 
16 #include "qemu.h"
17 #include "disas/disas.h"
18 
19 #ifdef _ARCH_PPC64
20 #undef ARCH_DLINFO
21 #undef ELF_PLATFORM
22 #undef ELF_HWCAP
23 #undef ELF_CLASS
24 #undef ELF_DATA
25 #undef ELF_ARCH
26 #endif
27 
28 #define ELF_OSABI   ELFOSABI_SYSV
29 
30 /* from personality.h */
31 
32 /*
33  * Flags for bug emulation.
34  *
35  * These occupy the top three bytes.
36  */
37 enum {
38     ADDR_NO_RANDOMIZE = 0x0040000,      /* disable randomization of VA space */
39     FDPIC_FUNCPTRS =    0x0080000,      /* userspace function ptrs point to
40                                            descriptors (signal handling) */
41     MMAP_PAGE_ZERO =    0x0100000,
42     ADDR_COMPAT_LAYOUT = 0x0200000,
43     READ_IMPLIES_EXEC = 0x0400000,
44     ADDR_LIMIT_32BIT =  0x0800000,
45     SHORT_INODE =       0x1000000,
46     WHOLE_SECONDS =     0x2000000,
47     STICKY_TIMEOUTS =   0x4000000,
48     ADDR_LIMIT_3GB =    0x8000000,
49 };
50 
51 /*
52  * Personality types.
53  *
54  * These go in the low byte.  Avoid using the top bit, it will
55  * conflict with error returns.
56  */
57 enum {
58     PER_LINUX =         0x0000,
59     PER_LINUX_32BIT =   0x0000 | ADDR_LIMIT_32BIT,
60     PER_LINUX_FDPIC =   0x0000 | FDPIC_FUNCPTRS,
61     PER_SVR4 =          0x0001 | STICKY_TIMEOUTS | MMAP_PAGE_ZERO,
62     PER_SVR3 =          0x0002 | STICKY_TIMEOUTS | SHORT_INODE,
63     PER_SCOSVR3 =       0x0003 | STICKY_TIMEOUTS | WHOLE_SECONDS | SHORT_INODE,
64     PER_OSR5 =          0x0003 | STICKY_TIMEOUTS | WHOLE_SECONDS,
65     PER_WYSEV386 =      0x0004 | STICKY_TIMEOUTS | SHORT_INODE,
66     PER_ISCR4 =         0x0005 | STICKY_TIMEOUTS,
67     PER_BSD =           0x0006,
68     PER_SUNOS =         0x0006 | STICKY_TIMEOUTS,
69     PER_XENIX =         0x0007 | STICKY_TIMEOUTS | SHORT_INODE,
70     PER_LINUX32 =       0x0008,
71     PER_LINUX32_3GB =   0x0008 | ADDR_LIMIT_3GB,
72     PER_IRIX32 =        0x0009 | STICKY_TIMEOUTS,/* IRIX5 32-bit */
73     PER_IRIXN32 =       0x000a | STICKY_TIMEOUTS,/* IRIX6 new 32-bit */
74     PER_IRIX64 =        0x000b | STICKY_TIMEOUTS,/* IRIX6 64-bit */
75     PER_RISCOS =        0x000c,
76     PER_SOLARIS =       0x000d | STICKY_TIMEOUTS,
77     PER_UW7 =           0x000e | STICKY_TIMEOUTS | MMAP_PAGE_ZERO,
78     PER_OSF4 =          0x000f,                  /* OSF/1 v4 */
79     PER_HPUX =          0x0010,
80     PER_MASK =          0x00ff,
81 };
82 
83 /*
84  * Return the base personality without flags.
85  */
86 #define personality(pers)       (pers & PER_MASK)
87 
88 /* this flag is uneffective under linux too, should be deleted */
89 #ifndef MAP_DENYWRITE
90 #define MAP_DENYWRITE 0
91 #endif
92 
93 /* should probably go in elf.h */
94 #ifndef ELIBBAD
95 #define ELIBBAD 80
96 #endif
97 
98 #ifdef TARGET_WORDS_BIGENDIAN
99 #define ELF_DATA        ELFDATA2MSB
100 #else
101 #define ELF_DATA        ELFDATA2LSB
102 #endif
103 
104 #ifdef TARGET_ABI_MIPSN32
105 typedef abi_ullong      target_elf_greg_t;
106 #define tswapreg(ptr)   tswap64(ptr)
107 #else
108 typedef abi_ulong       target_elf_greg_t;
109 #define tswapreg(ptr)   tswapal(ptr)
110 #endif
111 
112 #ifdef USE_UID16
113 typedef abi_ushort      target_uid_t;
114 typedef abi_ushort      target_gid_t;
115 #else
116 typedef abi_uint        target_uid_t;
117 typedef abi_uint        target_gid_t;
118 #endif
119 typedef abi_int         target_pid_t;
120 
121 #ifdef TARGET_I386
122 
123 #define ELF_PLATFORM get_elf_platform()
124 
125 static const char *get_elf_platform(void)
126 {
127     static char elf_platform[] = "i386";
128     int family = object_property_get_int(OBJECT(thread_cpu), "family", NULL);
129     if (family > 6)
130         family = 6;
131     if (family >= 3)
132         elf_platform[1] = '0' + family;
133     return elf_platform;
134 }
135 
136 #define ELF_HWCAP get_elf_hwcap()
137 
138 static uint32_t get_elf_hwcap(void)
139 {
140     X86CPU *cpu = X86_CPU(thread_cpu);
141 
142     return cpu->env.features[FEAT_1_EDX];
143 }
144 
145 #ifdef TARGET_X86_64
146 #define ELF_START_MMAP 0x2aaaaab000ULL
147 #define elf_check_arch(x) ( ((x) == ELF_ARCH) )
148 
149 #define ELF_CLASS      ELFCLASS64
150 #define ELF_ARCH       EM_X86_64
151 
152 static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop)
153 {
154     regs->rax = 0;
155     regs->rsp = infop->start_stack;
156     regs->rip = infop->entry;
157 }
158 
159 #define ELF_NREG    27
160 typedef target_elf_greg_t  target_elf_gregset_t[ELF_NREG];
161 
162 /*
163  * Note that ELF_NREG should be 29 as there should be place for
164  * TRAPNO and ERR "registers" as well but linux doesn't dump
165  * those.
166  *
167  * See linux kernel: arch/x86/include/asm/elf.h
168  */
169 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUX86State *env)
170 {
171     (*regs)[0] = env->regs[15];
172     (*regs)[1] = env->regs[14];
173     (*regs)[2] = env->regs[13];
174     (*regs)[3] = env->regs[12];
175     (*regs)[4] = env->regs[R_EBP];
176     (*regs)[5] = env->regs[R_EBX];
177     (*regs)[6] = env->regs[11];
178     (*regs)[7] = env->regs[10];
179     (*regs)[8] = env->regs[9];
180     (*regs)[9] = env->regs[8];
181     (*regs)[10] = env->regs[R_EAX];
182     (*regs)[11] = env->regs[R_ECX];
183     (*regs)[12] = env->regs[R_EDX];
184     (*regs)[13] = env->regs[R_ESI];
185     (*regs)[14] = env->regs[R_EDI];
186     (*regs)[15] = env->regs[R_EAX]; /* XXX */
187     (*regs)[16] = env->eip;
188     (*regs)[17] = env->segs[R_CS].selector & 0xffff;
189     (*regs)[18] = env->eflags;
190     (*regs)[19] = env->regs[R_ESP];
191     (*regs)[20] = env->segs[R_SS].selector & 0xffff;
192     (*regs)[21] = env->segs[R_FS].selector & 0xffff;
193     (*regs)[22] = env->segs[R_GS].selector & 0xffff;
194     (*regs)[23] = env->segs[R_DS].selector & 0xffff;
195     (*regs)[24] = env->segs[R_ES].selector & 0xffff;
196     (*regs)[25] = env->segs[R_FS].selector & 0xffff;
197     (*regs)[26] = env->segs[R_GS].selector & 0xffff;
198 }
199 
200 #else
201 
202 #define ELF_START_MMAP 0x80000000
203 
204 /*
205  * This is used to ensure we don't load something for the wrong architecture.
206  */
207 #define elf_check_arch(x) ( ((x) == EM_386) || ((x) == EM_486) )
208 
209 /*
210  * These are used to set parameters in the core dumps.
211  */
212 #define ELF_CLASS       ELFCLASS32
213 #define ELF_ARCH        EM_386
214 
215 static inline void init_thread(struct target_pt_regs *regs,
216                                struct image_info *infop)
217 {
218     regs->esp = infop->start_stack;
219     regs->eip = infop->entry;
220 
221     /* SVR4/i386 ABI (pages 3-31, 3-32) says that when the program
222        starts %edx contains a pointer to a function which might be
223        registered using `atexit'.  This provides a mean for the
224        dynamic linker to call DT_FINI functions for shared libraries
225        that have been loaded before the code runs.
226 
227        A value of 0 tells we have no such handler.  */
228     regs->edx = 0;
229 }
230 
231 #define ELF_NREG    17
232 typedef target_elf_greg_t  target_elf_gregset_t[ELF_NREG];
233 
234 /*
235  * Note that ELF_NREG should be 19 as there should be place for
236  * TRAPNO and ERR "registers" as well but linux doesn't dump
237  * those.
238  *
239  * See linux kernel: arch/x86/include/asm/elf.h
240  */
241 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUX86State *env)
242 {
243     (*regs)[0] = env->regs[R_EBX];
244     (*regs)[1] = env->regs[R_ECX];
245     (*regs)[2] = env->regs[R_EDX];
246     (*regs)[3] = env->regs[R_ESI];
247     (*regs)[4] = env->regs[R_EDI];
248     (*regs)[5] = env->regs[R_EBP];
249     (*regs)[6] = env->regs[R_EAX];
250     (*regs)[7] = env->segs[R_DS].selector & 0xffff;
251     (*regs)[8] = env->segs[R_ES].selector & 0xffff;
252     (*regs)[9] = env->segs[R_FS].selector & 0xffff;
253     (*regs)[10] = env->segs[R_GS].selector & 0xffff;
254     (*regs)[11] = env->regs[R_EAX]; /* XXX */
255     (*regs)[12] = env->eip;
256     (*regs)[13] = env->segs[R_CS].selector & 0xffff;
257     (*regs)[14] = env->eflags;
258     (*regs)[15] = env->regs[R_ESP];
259     (*regs)[16] = env->segs[R_SS].selector & 0xffff;
260 }
261 #endif
262 
263 #define USE_ELF_CORE_DUMP
264 #define ELF_EXEC_PAGESIZE       4096
265 
266 #endif
267 
268 #ifdef TARGET_ARM
269 
270 #define ELF_START_MMAP 0x80000000
271 
272 #define elf_check_arch(x) ((x) == ELF_MACHINE)
273 
274 #define ELF_ARCH        ELF_MACHINE
275 
276 #ifdef TARGET_AARCH64
277 #define ELF_CLASS       ELFCLASS64
278 #else
279 #define ELF_CLASS       ELFCLASS32
280 #endif
281 
282 static inline void init_thread(struct target_pt_regs *regs,
283                                struct image_info *infop)
284 {
285     abi_long stack = infop->start_stack;
286     memset(regs, 0, sizeof(*regs));
287 
288 #ifdef TARGET_AARCH64
289     regs->pc = infop->entry & ~0x3ULL;
290     regs->sp = stack;
291 #else
292     regs->ARM_cpsr = 0x10;
293     if (infop->entry & 1)
294         regs->ARM_cpsr |= CPSR_T;
295     regs->ARM_pc = infop->entry & 0xfffffffe;
296     regs->ARM_sp = infop->start_stack;
297     /* FIXME - what to for failure of get_user()? */
298     get_user_ual(regs->ARM_r2, stack + 8); /* envp */
299     get_user_ual(regs->ARM_r1, stack + 4); /* envp */
300     /* XXX: it seems that r0 is zeroed after ! */
301     regs->ARM_r0 = 0;
302     /* For uClinux PIC binaries.  */
303     /* XXX: Linux does this only on ARM with no MMU (do we care ?) */
304     regs->ARM_r10 = infop->start_data;
305 #endif
306 }
307 
308 #define ELF_NREG    18
309 typedef target_elf_greg_t  target_elf_gregset_t[ELF_NREG];
310 
311 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUARMState *env)
312 {
313     (*regs)[0] = tswapreg(env->regs[0]);
314     (*regs)[1] = tswapreg(env->regs[1]);
315     (*regs)[2] = tswapreg(env->regs[2]);
316     (*regs)[3] = tswapreg(env->regs[3]);
317     (*regs)[4] = tswapreg(env->regs[4]);
318     (*regs)[5] = tswapreg(env->regs[5]);
319     (*regs)[6] = tswapreg(env->regs[6]);
320     (*regs)[7] = tswapreg(env->regs[7]);
321     (*regs)[8] = tswapreg(env->regs[8]);
322     (*regs)[9] = tswapreg(env->regs[9]);
323     (*regs)[10] = tswapreg(env->regs[10]);
324     (*regs)[11] = tswapreg(env->regs[11]);
325     (*regs)[12] = tswapreg(env->regs[12]);
326     (*regs)[13] = tswapreg(env->regs[13]);
327     (*regs)[14] = tswapreg(env->regs[14]);
328     (*regs)[15] = tswapreg(env->regs[15]);
329 
330     (*regs)[16] = tswapreg(cpsr_read((CPUARMState *)env));
331     (*regs)[17] = tswapreg(env->regs[0]); /* XXX */
332 }
333 
334 #define USE_ELF_CORE_DUMP
335 #define ELF_EXEC_PAGESIZE       4096
336 
337 enum
338 {
339     ARM_HWCAP_ARM_SWP       = 1 << 0,
340     ARM_HWCAP_ARM_HALF      = 1 << 1,
341     ARM_HWCAP_ARM_THUMB     = 1 << 2,
342     ARM_HWCAP_ARM_26BIT     = 1 << 3,
343     ARM_HWCAP_ARM_FAST_MULT = 1 << 4,
344     ARM_HWCAP_ARM_FPA       = 1 << 5,
345     ARM_HWCAP_ARM_VFP       = 1 << 6,
346     ARM_HWCAP_ARM_EDSP      = 1 << 7,
347     ARM_HWCAP_ARM_JAVA      = 1 << 8,
348     ARM_HWCAP_ARM_IWMMXT    = 1 << 9,
349     ARM_HWCAP_ARM_THUMBEE   = 1 << 10,
350     ARM_HWCAP_ARM_NEON      = 1 << 11,
351     ARM_HWCAP_ARM_VFPv3     = 1 << 12,
352     ARM_HWCAP_ARM_VFPv3D16  = 1 << 13,
353 };
354 
355 #define TARGET_HAS_VALIDATE_GUEST_SPACE
356 /* Return 1 if the proposed guest space is suitable for the guest.
357  * Return 0 if the proposed guest space isn't suitable, but another
358  * address space should be tried.
359  * Return -1 if there is no way the proposed guest space can be
360  * valid regardless of the base.
361  * The guest code may leave a page mapped and populate it if the
362  * address is suitable.
363  */
364 static int validate_guest_space(unsigned long guest_base,
365                                 unsigned long guest_size)
366 {
367     unsigned long real_start, test_page_addr;
368 
369     /* We need to check that we can force a fault on access to the
370      * commpage at 0xffff0fxx
371      */
372     test_page_addr = guest_base + (0xffff0f00 & qemu_host_page_mask);
373 
374     /* If the commpage lies within the already allocated guest space,
375      * then there is no way we can allocate it.
376      */
377     if (test_page_addr >= guest_base
378         && test_page_addr <= (guest_base + guest_size)) {
379         return -1;
380     }
381 
382     /* Note it needs to be writeable to let us initialise it */
383     real_start = (unsigned long)
384                  mmap((void *)test_page_addr, qemu_host_page_size,
385                      PROT_READ | PROT_WRITE,
386                      MAP_ANONYMOUS | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
387 
388     /* If we can't map it then try another address */
389     if (real_start == -1ul) {
390         return 0;
391     }
392 
393     if (real_start != test_page_addr) {
394         /* OS didn't put the page where we asked - unmap and reject */
395         munmap((void *)real_start, qemu_host_page_size);
396         return 0;
397     }
398 
399     /* Leave the page mapped
400      * Populate it (mmap should have left it all 0'd)
401      */
402 
403     /* Kernel helper versions */
404     __put_user(5, (uint32_t *)g2h(0xffff0ffcul));
405 
406     /* Now it's populated make it RO */
407     if (mprotect((void *)test_page_addr, qemu_host_page_size, PROT_READ)) {
408         perror("Protecting guest commpage");
409         exit(-1);
410     }
411 
412     return 1; /* All good */
413 }
414 
415 
416 #define ELF_HWCAP get_elf_hwcap()
417 
418 static uint32_t get_elf_hwcap(void)
419 {
420     ARMCPU *cpu = ARM_CPU(thread_cpu);
421     uint32_t hwcaps = 0;
422 
423     hwcaps |= ARM_HWCAP_ARM_SWP;
424     hwcaps |= ARM_HWCAP_ARM_HALF;
425     hwcaps |= ARM_HWCAP_ARM_THUMB;
426     hwcaps |= ARM_HWCAP_ARM_FAST_MULT;
427     hwcaps |= ARM_HWCAP_ARM_FPA;
428 
429     /* probe for the extra features */
430 #define GET_FEATURE(feat, hwcap) \
431     do { if (arm_feature(&cpu->env, feat)) { hwcaps |= hwcap; } } while (0)
432     GET_FEATURE(ARM_FEATURE_VFP, ARM_HWCAP_ARM_VFP);
433     GET_FEATURE(ARM_FEATURE_IWMMXT, ARM_HWCAP_ARM_IWMMXT);
434     GET_FEATURE(ARM_FEATURE_THUMB2EE, ARM_HWCAP_ARM_THUMBEE);
435     GET_FEATURE(ARM_FEATURE_NEON, ARM_HWCAP_ARM_NEON);
436     GET_FEATURE(ARM_FEATURE_VFP3, ARM_HWCAP_ARM_VFPv3);
437     GET_FEATURE(ARM_FEATURE_VFP_FP16, ARM_HWCAP_ARM_VFPv3D16);
438 #undef GET_FEATURE
439 
440     return hwcaps;
441 }
442 
443 #endif
444 
445 #ifdef TARGET_UNICORE32
446 
447 #define ELF_START_MMAP          0x80000000
448 
449 #define elf_check_arch(x)       ((x) == EM_UNICORE32)
450 
451 #define ELF_CLASS               ELFCLASS32
452 #define ELF_DATA                ELFDATA2LSB
453 #define ELF_ARCH                EM_UNICORE32
454 
455 static inline void init_thread(struct target_pt_regs *regs,
456         struct image_info *infop)
457 {
458     abi_long stack = infop->start_stack;
459     memset(regs, 0, sizeof(*regs));
460     regs->UC32_REG_asr = 0x10;
461     regs->UC32_REG_pc = infop->entry & 0xfffffffe;
462     regs->UC32_REG_sp = infop->start_stack;
463     /* FIXME - what to for failure of get_user()? */
464     get_user_ual(regs->UC32_REG_02, stack + 8); /* envp */
465     get_user_ual(regs->UC32_REG_01, stack + 4); /* envp */
466     /* XXX: it seems that r0 is zeroed after ! */
467     regs->UC32_REG_00 = 0;
468 }
469 
470 #define ELF_NREG    34
471 typedef target_elf_greg_t  target_elf_gregset_t[ELF_NREG];
472 
473 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUUniCore32State *env)
474 {
475     (*regs)[0] = env->regs[0];
476     (*regs)[1] = env->regs[1];
477     (*regs)[2] = env->regs[2];
478     (*regs)[3] = env->regs[3];
479     (*regs)[4] = env->regs[4];
480     (*regs)[5] = env->regs[5];
481     (*regs)[6] = env->regs[6];
482     (*regs)[7] = env->regs[7];
483     (*regs)[8] = env->regs[8];
484     (*regs)[9] = env->regs[9];
485     (*regs)[10] = env->regs[10];
486     (*regs)[11] = env->regs[11];
487     (*regs)[12] = env->regs[12];
488     (*regs)[13] = env->regs[13];
489     (*regs)[14] = env->regs[14];
490     (*regs)[15] = env->regs[15];
491     (*regs)[16] = env->regs[16];
492     (*regs)[17] = env->regs[17];
493     (*regs)[18] = env->regs[18];
494     (*regs)[19] = env->regs[19];
495     (*regs)[20] = env->regs[20];
496     (*regs)[21] = env->regs[21];
497     (*regs)[22] = env->regs[22];
498     (*regs)[23] = env->regs[23];
499     (*regs)[24] = env->regs[24];
500     (*regs)[25] = env->regs[25];
501     (*regs)[26] = env->regs[26];
502     (*regs)[27] = env->regs[27];
503     (*regs)[28] = env->regs[28];
504     (*regs)[29] = env->regs[29];
505     (*regs)[30] = env->regs[30];
506     (*regs)[31] = env->regs[31];
507 
508     (*regs)[32] = cpu_asr_read((CPUUniCore32State *)env);
509     (*regs)[33] = env->regs[0]; /* XXX */
510 }
511 
512 #define USE_ELF_CORE_DUMP
513 #define ELF_EXEC_PAGESIZE               4096
514 
515 #define ELF_HWCAP                       (UC32_HWCAP_CMOV | UC32_HWCAP_UCF64)
516 
517 #endif
518 
519 #ifdef TARGET_SPARC
520 #ifdef TARGET_SPARC64
521 
522 #define ELF_START_MMAP 0x80000000
523 #define ELF_HWCAP  (HWCAP_SPARC_FLUSH | HWCAP_SPARC_STBAR | HWCAP_SPARC_SWAP \
524                     | HWCAP_SPARC_MULDIV | HWCAP_SPARC_V9)
525 #ifndef TARGET_ABI32
526 #define elf_check_arch(x) ( (x) == EM_SPARCV9 || (x) == EM_SPARC32PLUS )
527 #else
528 #define elf_check_arch(x) ( (x) == EM_SPARC32PLUS || (x) == EM_SPARC )
529 #endif
530 
531 #define ELF_CLASS   ELFCLASS64
532 #define ELF_ARCH    EM_SPARCV9
533 
534 #define STACK_BIAS              2047
535 
536 static inline void init_thread(struct target_pt_regs *regs,
537                                struct image_info *infop)
538 {
539 #ifndef TARGET_ABI32
540     regs->tstate = 0;
541 #endif
542     regs->pc = infop->entry;
543     regs->npc = regs->pc + 4;
544     regs->y = 0;
545 #ifdef TARGET_ABI32
546     regs->u_regs[14] = infop->start_stack - 16 * 4;
547 #else
548     if (personality(infop->personality) == PER_LINUX32)
549         regs->u_regs[14] = infop->start_stack - 16 * 4;
550     else
551         regs->u_regs[14] = infop->start_stack - 16 * 8 - STACK_BIAS;
552 #endif
553 }
554 
555 #else
556 #define ELF_START_MMAP 0x80000000
557 #define ELF_HWCAP  (HWCAP_SPARC_FLUSH | HWCAP_SPARC_STBAR | HWCAP_SPARC_SWAP \
558                     | HWCAP_SPARC_MULDIV)
559 #define elf_check_arch(x) ( (x) == EM_SPARC )
560 
561 #define ELF_CLASS   ELFCLASS32
562 #define ELF_ARCH    EM_SPARC
563 
564 static inline void init_thread(struct target_pt_regs *regs,
565                                struct image_info *infop)
566 {
567     regs->psr = 0;
568     regs->pc = infop->entry;
569     regs->npc = regs->pc + 4;
570     regs->y = 0;
571     regs->u_regs[14] = infop->start_stack - 16 * 4;
572 }
573 
574 #endif
575 #endif
576 
577 #ifdef TARGET_PPC
578 
579 #define ELF_START_MMAP 0x80000000
580 
581 #if defined(TARGET_PPC64) && !defined(TARGET_ABI32)
582 
583 #define elf_check_arch(x) ( (x) == EM_PPC64 )
584 
585 #define ELF_CLASS       ELFCLASS64
586 
587 #else
588 
589 #define elf_check_arch(x) ( (x) == EM_PPC )
590 
591 #define ELF_CLASS       ELFCLASS32
592 
593 #endif
594 
595 #define ELF_ARCH        EM_PPC
596 
597 /* Feature masks for the Aux Vector Hardware Capabilities (AT_HWCAP).
598    See arch/powerpc/include/asm/cputable.h.  */
599 enum {
600     QEMU_PPC_FEATURE_32 = 0x80000000,
601     QEMU_PPC_FEATURE_64 = 0x40000000,
602     QEMU_PPC_FEATURE_601_INSTR = 0x20000000,
603     QEMU_PPC_FEATURE_HAS_ALTIVEC = 0x10000000,
604     QEMU_PPC_FEATURE_HAS_FPU = 0x08000000,
605     QEMU_PPC_FEATURE_HAS_MMU = 0x04000000,
606     QEMU_PPC_FEATURE_HAS_4xxMAC = 0x02000000,
607     QEMU_PPC_FEATURE_UNIFIED_CACHE = 0x01000000,
608     QEMU_PPC_FEATURE_HAS_SPE = 0x00800000,
609     QEMU_PPC_FEATURE_HAS_EFP_SINGLE = 0x00400000,
610     QEMU_PPC_FEATURE_HAS_EFP_DOUBLE = 0x00200000,
611     QEMU_PPC_FEATURE_NO_TB = 0x00100000,
612     QEMU_PPC_FEATURE_POWER4 = 0x00080000,
613     QEMU_PPC_FEATURE_POWER5 = 0x00040000,
614     QEMU_PPC_FEATURE_POWER5_PLUS = 0x00020000,
615     QEMU_PPC_FEATURE_CELL = 0x00010000,
616     QEMU_PPC_FEATURE_BOOKE = 0x00008000,
617     QEMU_PPC_FEATURE_SMT = 0x00004000,
618     QEMU_PPC_FEATURE_ICACHE_SNOOP = 0x00002000,
619     QEMU_PPC_FEATURE_ARCH_2_05 = 0x00001000,
620     QEMU_PPC_FEATURE_PA6T = 0x00000800,
621     QEMU_PPC_FEATURE_HAS_DFP = 0x00000400,
622     QEMU_PPC_FEATURE_POWER6_EXT = 0x00000200,
623     QEMU_PPC_FEATURE_ARCH_2_06 = 0x00000100,
624     QEMU_PPC_FEATURE_HAS_VSX = 0x00000080,
625     QEMU_PPC_FEATURE_PSERIES_PERFMON_COMPAT = 0x00000040,
626 
627     QEMU_PPC_FEATURE_TRUE_LE = 0x00000002,
628     QEMU_PPC_FEATURE_PPC_LE = 0x00000001,
629 };
630 
631 #define ELF_HWCAP get_elf_hwcap()
632 
633 static uint32_t get_elf_hwcap(void)
634 {
635     PowerPCCPU *cpu = POWERPC_CPU(thread_cpu);
636     uint32_t features = 0;
637 
638     /* We don't have to be terribly complete here; the high points are
639        Altivec/FP/SPE support.  Anything else is just a bonus.  */
640 #define GET_FEATURE(flag, feature)                                      \
641     do { if (cpu->env.insns_flags & flag) { features |= feature; } } while (0)
642     GET_FEATURE(PPC_64B, QEMU_PPC_FEATURE_64);
643     GET_FEATURE(PPC_FLOAT, QEMU_PPC_FEATURE_HAS_FPU);
644     GET_FEATURE(PPC_ALTIVEC, QEMU_PPC_FEATURE_HAS_ALTIVEC);
645     GET_FEATURE(PPC_SPE, QEMU_PPC_FEATURE_HAS_SPE);
646     GET_FEATURE(PPC_SPE_SINGLE, QEMU_PPC_FEATURE_HAS_EFP_SINGLE);
647     GET_FEATURE(PPC_SPE_DOUBLE, QEMU_PPC_FEATURE_HAS_EFP_DOUBLE);
648     GET_FEATURE(PPC_BOOKE, QEMU_PPC_FEATURE_BOOKE);
649     GET_FEATURE(PPC_405_MAC, QEMU_PPC_FEATURE_HAS_4xxMAC);
650 #undef GET_FEATURE
651 
652     return features;
653 }
654 
655 /*
656  * The requirements here are:
657  * - keep the final alignment of sp (sp & 0xf)
658  * - make sure the 32-bit value at the first 16 byte aligned position of
659  *   AUXV is greater than 16 for glibc compatibility.
660  *   AT_IGNOREPPC is used for that.
661  * - for compatibility with glibc ARCH_DLINFO must always be defined on PPC,
662  *   even if DLINFO_ARCH_ITEMS goes to zero or is undefined.
663  */
664 #define DLINFO_ARCH_ITEMS       5
665 #define ARCH_DLINFO                                     \
666     do {                                                \
667         NEW_AUX_ENT(AT_DCACHEBSIZE, 0x20);              \
668         NEW_AUX_ENT(AT_ICACHEBSIZE, 0x20);              \
669         NEW_AUX_ENT(AT_UCACHEBSIZE, 0);                 \
670         /*                                              \
671          * Now handle glibc compatibility.              \
672          */                                             \
673         NEW_AUX_ENT(AT_IGNOREPPC, AT_IGNOREPPC);        \
674         NEW_AUX_ENT(AT_IGNOREPPC, AT_IGNOREPPC);        \
675     } while (0)
676 
677 static inline void init_thread(struct target_pt_regs *_regs, struct image_info *infop)
678 {
679     _regs->gpr[1] = infop->start_stack;
680 #if defined(TARGET_PPC64) && !defined(TARGET_ABI32)
681     _regs->gpr[2] = ldq_raw(infop->entry + 8) + infop->load_bias;
682     infop->entry = ldq_raw(infop->entry) + infop->load_bias;
683 #endif
684     _regs->nip = infop->entry;
685 }
686 
687 /* See linux kernel: arch/powerpc/include/asm/elf.h.  */
688 #define ELF_NREG 48
689 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
690 
691 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUPPCState *env)
692 {
693     int i;
694     target_ulong ccr = 0;
695 
696     for (i = 0; i < ARRAY_SIZE(env->gpr); i++) {
697         (*regs)[i] = tswapreg(env->gpr[i]);
698     }
699 
700     (*regs)[32] = tswapreg(env->nip);
701     (*regs)[33] = tswapreg(env->msr);
702     (*regs)[35] = tswapreg(env->ctr);
703     (*regs)[36] = tswapreg(env->lr);
704     (*regs)[37] = tswapreg(env->xer);
705 
706     for (i = 0; i < ARRAY_SIZE(env->crf); i++) {
707         ccr |= env->crf[i] << (32 - ((i + 1) * 4));
708     }
709     (*regs)[38] = tswapreg(ccr);
710 }
711 
712 #define USE_ELF_CORE_DUMP
713 #define ELF_EXEC_PAGESIZE       4096
714 
715 #endif
716 
717 #ifdef TARGET_MIPS
718 
719 #define ELF_START_MMAP 0x80000000
720 
721 #define elf_check_arch(x) ( (x) == EM_MIPS )
722 
723 #ifdef TARGET_MIPS64
724 #define ELF_CLASS   ELFCLASS64
725 #else
726 #define ELF_CLASS   ELFCLASS32
727 #endif
728 #define ELF_ARCH    EM_MIPS
729 
730 static inline void init_thread(struct target_pt_regs *regs,
731                                struct image_info *infop)
732 {
733     regs->cp0_status = 2 << CP0St_KSU;
734     regs->cp0_epc = infop->entry;
735     regs->regs[29] = infop->start_stack;
736 }
737 
738 /* See linux kernel: arch/mips/include/asm/elf.h.  */
739 #define ELF_NREG 45
740 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
741 
742 /* See linux kernel: arch/mips/include/asm/reg.h.  */
743 enum {
744 #ifdef TARGET_MIPS64
745     TARGET_EF_R0 = 0,
746 #else
747     TARGET_EF_R0 = 6,
748 #endif
749     TARGET_EF_R26 = TARGET_EF_R0 + 26,
750     TARGET_EF_R27 = TARGET_EF_R0 + 27,
751     TARGET_EF_LO = TARGET_EF_R0 + 32,
752     TARGET_EF_HI = TARGET_EF_R0 + 33,
753     TARGET_EF_CP0_EPC = TARGET_EF_R0 + 34,
754     TARGET_EF_CP0_BADVADDR = TARGET_EF_R0 + 35,
755     TARGET_EF_CP0_STATUS = TARGET_EF_R0 + 36,
756     TARGET_EF_CP0_CAUSE = TARGET_EF_R0 + 37
757 };
758 
759 /* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs.  */
760 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUMIPSState *env)
761 {
762     int i;
763 
764     for (i = 0; i < TARGET_EF_R0; i++) {
765         (*regs)[i] = 0;
766     }
767     (*regs)[TARGET_EF_R0] = 0;
768 
769     for (i = 1; i < ARRAY_SIZE(env->active_tc.gpr); i++) {
770         (*regs)[TARGET_EF_R0 + i] = tswapreg(env->active_tc.gpr[i]);
771     }
772 
773     (*regs)[TARGET_EF_R26] = 0;
774     (*regs)[TARGET_EF_R27] = 0;
775     (*regs)[TARGET_EF_LO] = tswapreg(env->active_tc.LO[0]);
776     (*regs)[TARGET_EF_HI] = tswapreg(env->active_tc.HI[0]);
777     (*regs)[TARGET_EF_CP0_EPC] = tswapreg(env->active_tc.PC);
778     (*regs)[TARGET_EF_CP0_BADVADDR] = tswapreg(env->CP0_BadVAddr);
779     (*regs)[TARGET_EF_CP0_STATUS] = tswapreg(env->CP0_Status);
780     (*regs)[TARGET_EF_CP0_CAUSE] = tswapreg(env->CP0_Cause);
781 }
782 
783 #define USE_ELF_CORE_DUMP
784 #define ELF_EXEC_PAGESIZE        4096
785 
786 #endif /* TARGET_MIPS */
787 
788 #ifdef TARGET_MICROBLAZE
789 
790 #define ELF_START_MMAP 0x80000000
791 
792 #define elf_check_arch(x) ( (x) == EM_MICROBLAZE || (x) == EM_MICROBLAZE_OLD)
793 
794 #define ELF_CLASS   ELFCLASS32
795 #define ELF_ARCH    EM_MICROBLAZE
796 
797 static inline void init_thread(struct target_pt_regs *regs,
798                                struct image_info *infop)
799 {
800     regs->pc = infop->entry;
801     regs->r1 = infop->start_stack;
802 
803 }
804 
805 #define ELF_EXEC_PAGESIZE        4096
806 
807 #define USE_ELF_CORE_DUMP
808 #define ELF_NREG 38
809 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
810 
811 /* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs.  */
812 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUMBState *env)
813 {
814     int i, pos = 0;
815 
816     for (i = 0; i < 32; i++) {
817         (*regs)[pos++] = tswapreg(env->regs[i]);
818     }
819 
820     for (i = 0; i < 6; i++) {
821         (*regs)[pos++] = tswapreg(env->sregs[i]);
822     }
823 }
824 
825 #endif /* TARGET_MICROBLAZE */
826 
827 #ifdef TARGET_OPENRISC
828 
829 #define ELF_START_MMAP 0x08000000
830 
831 #define elf_check_arch(x) ((x) == EM_OPENRISC)
832 
833 #define ELF_ARCH EM_OPENRISC
834 #define ELF_CLASS ELFCLASS32
835 #define ELF_DATA  ELFDATA2MSB
836 
837 static inline void init_thread(struct target_pt_regs *regs,
838                                struct image_info *infop)
839 {
840     regs->pc = infop->entry;
841     regs->gpr[1] = infop->start_stack;
842 }
843 
844 #define USE_ELF_CORE_DUMP
845 #define ELF_EXEC_PAGESIZE 8192
846 
847 /* See linux kernel arch/openrisc/include/asm/elf.h.  */
848 #define ELF_NREG 34 /* gprs and pc, sr */
849 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
850 
851 static void elf_core_copy_regs(target_elf_gregset_t *regs,
852                                const CPUOpenRISCState *env)
853 {
854     int i;
855 
856     for (i = 0; i < 32; i++) {
857         (*regs)[i] = tswapreg(env->gpr[i]);
858     }
859 
860     (*regs)[32] = tswapreg(env->pc);
861     (*regs)[33] = tswapreg(env->sr);
862 }
863 #define ELF_HWCAP 0
864 #define ELF_PLATFORM NULL
865 
866 #endif /* TARGET_OPENRISC */
867 
868 #ifdef TARGET_SH4
869 
870 #define ELF_START_MMAP 0x80000000
871 
872 #define elf_check_arch(x) ( (x) == EM_SH )
873 
874 #define ELF_CLASS ELFCLASS32
875 #define ELF_ARCH  EM_SH
876 
877 static inline void init_thread(struct target_pt_regs *regs,
878                                struct image_info *infop)
879 {
880     /* Check other registers XXXXX */
881     regs->pc = infop->entry;
882     regs->regs[15] = infop->start_stack;
883 }
884 
885 /* See linux kernel: arch/sh/include/asm/elf.h.  */
886 #define ELF_NREG 23
887 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
888 
889 /* See linux kernel: arch/sh/include/asm/ptrace.h.  */
890 enum {
891     TARGET_REG_PC = 16,
892     TARGET_REG_PR = 17,
893     TARGET_REG_SR = 18,
894     TARGET_REG_GBR = 19,
895     TARGET_REG_MACH = 20,
896     TARGET_REG_MACL = 21,
897     TARGET_REG_SYSCALL = 22
898 };
899 
900 static inline void elf_core_copy_regs(target_elf_gregset_t *regs,
901                                       const CPUSH4State *env)
902 {
903     int i;
904 
905     for (i = 0; i < 16; i++) {
906         (*regs[i]) = tswapreg(env->gregs[i]);
907     }
908 
909     (*regs)[TARGET_REG_PC] = tswapreg(env->pc);
910     (*regs)[TARGET_REG_PR] = tswapreg(env->pr);
911     (*regs)[TARGET_REG_SR] = tswapreg(env->sr);
912     (*regs)[TARGET_REG_GBR] = tswapreg(env->gbr);
913     (*regs)[TARGET_REG_MACH] = tswapreg(env->mach);
914     (*regs)[TARGET_REG_MACL] = tswapreg(env->macl);
915     (*regs)[TARGET_REG_SYSCALL] = 0; /* FIXME */
916 }
917 
918 #define USE_ELF_CORE_DUMP
919 #define ELF_EXEC_PAGESIZE        4096
920 
921 #endif
922 
923 #ifdef TARGET_CRIS
924 
925 #define ELF_START_MMAP 0x80000000
926 
927 #define elf_check_arch(x) ( (x) == EM_CRIS )
928 
929 #define ELF_CLASS ELFCLASS32
930 #define ELF_ARCH  EM_CRIS
931 
932 static inline void init_thread(struct target_pt_regs *regs,
933                                struct image_info *infop)
934 {
935     regs->erp = infop->entry;
936 }
937 
938 #define ELF_EXEC_PAGESIZE        8192
939 
940 #endif
941 
942 #ifdef TARGET_M68K
943 
944 #define ELF_START_MMAP 0x80000000
945 
946 #define elf_check_arch(x) ( (x) == EM_68K )
947 
948 #define ELF_CLASS       ELFCLASS32
949 #define ELF_ARCH        EM_68K
950 
951 /* ??? Does this need to do anything?
952    #define ELF_PLAT_INIT(_r) */
953 
954 static inline void init_thread(struct target_pt_regs *regs,
955                                struct image_info *infop)
956 {
957     regs->usp = infop->start_stack;
958     regs->sr = 0;
959     regs->pc = infop->entry;
960 }
961 
962 /* See linux kernel: arch/m68k/include/asm/elf.h.  */
963 #define ELF_NREG 20
964 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
965 
966 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUM68KState *env)
967 {
968     (*regs)[0] = tswapreg(env->dregs[1]);
969     (*regs)[1] = tswapreg(env->dregs[2]);
970     (*regs)[2] = tswapreg(env->dregs[3]);
971     (*regs)[3] = tswapreg(env->dregs[4]);
972     (*regs)[4] = tswapreg(env->dregs[5]);
973     (*regs)[5] = tswapreg(env->dregs[6]);
974     (*regs)[6] = tswapreg(env->dregs[7]);
975     (*regs)[7] = tswapreg(env->aregs[0]);
976     (*regs)[8] = tswapreg(env->aregs[1]);
977     (*regs)[9] = tswapreg(env->aregs[2]);
978     (*regs)[10] = tswapreg(env->aregs[3]);
979     (*regs)[11] = tswapreg(env->aregs[4]);
980     (*regs)[12] = tswapreg(env->aregs[5]);
981     (*regs)[13] = tswapreg(env->aregs[6]);
982     (*regs)[14] = tswapreg(env->dregs[0]);
983     (*regs)[15] = tswapreg(env->aregs[7]);
984     (*regs)[16] = tswapreg(env->dregs[0]); /* FIXME: orig_d0 */
985     (*regs)[17] = tswapreg(env->sr);
986     (*regs)[18] = tswapreg(env->pc);
987     (*regs)[19] = 0;  /* FIXME: regs->format | regs->vector */
988 }
989 
990 #define USE_ELF_CORE_DUMP
991 #define ELF_EXEC_PAGESIZE       8192
992 
993 #endif
994 
995 #ifdef TARGET_ALPHA
996 
997 #define ELF_START_MMAP (0x30000000000ULL)
998 
999 #define elf_check_arch(x) ( (x) == ELF_ARCH )
1000 
1001 #define ELF_CLASS      ELFCLASS64
1002 #define ELF_ARCH       EM_ALPHA
1003 
1004 static inline void init_thread(struct target_pt_regs *regs,
1005                                struct image_info *infop)
1006 {
1007     regs->pc = infop->entry;
1008     regs->ps = 8;
1009     regs->usp = infop->start_stack;
1010 }
1011 
1012 #define ELF_EXEC_PAGESIZE        8192
1013 
1014 #endif /* TARGET_ALPHA */
1015 
1016 #ifdef TARGET_S390X
1017 
1018 #define ELF_START_MMAP (0x20000000000ULL)
1019 
1020 #define elf_check_arch(x) ( (x) == ELF_ARCH )
1021 
1022 #define ELF_CLASS	ELFCLASS64
1023 #define ELF_DATA	ELFDATA2MSB
1024 #define ELF_ARCH	EM_S390
1025 
1026 static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop)
1027 {
1028     regs->psw.addr = infop->entry;
1029     regs->psw.mask = PSW_MASK_64 | PSW_MASK_32;
1030     regs->gprs[15] = infop->start_stack;
1031 }
1032 
1033 #endif /* TARGET_S390X */
1034 
1035 #ifndef ELF_PLATFORM
1036 #define ELF_PLATFORM (NULL)
1037 #endif
1038 
1039 #ifndef ELF_HWCAP
1040 #define ELF_HWCAP 0
1041 #endif
1042 
1043 #ifdef TARGET_ABI32
1044 #undef ELF_CLASS
1045 #define ELF_CLASS ELFCLASS32
1046 #undef bswaptls
1047 #define bswaptls(ptr) bswap32s(ptr)
1048 #endif
1049 
1050 #include "elf.h"
1051 
1052 struct exec
1053 {
1054     unsigned int a_info;   /* Use macros N_MAGIC, etc for access */
1055     unsigned int a_text;   /* length of text, in bytes */
1056     unsigned int a_data;   /* length of data, in bytes */
1057     unsigned int a_bss;    /* length of uninitialized data area, in bytes */
1058     unsigned int a_syms;   /* length of symbol table data in file, in bytes */
1059     unsigned int a_entry;  /* start address */
1060     unsigned int a_trsize; /* length of relocation info for text, in bytes */
1061     unsigned int a_drsize; /* length of relocation info for data, in bytes */
1062 };
1063 
1064 
1065 #define N_MAGIC(exec) ((exec).a_info & 0xffff)
1066 #define OMAGIC 0407
1067 #define NMAGIC 0410
1068 #define ZMAGIC 0413
1069 #define QMAGIC 0314
1070 
1071 /* Necessary parameters */
1072 #define TARGET_ELF_EXEC_PAGESIZE TARGET_PAGE_SIZE
1073 #define TARGET_ELF_PAGESTART(_v) ((_v) & ~(unsigned long)(TARGET_ELF_EXEC_PAGESIZE-1))
1074 #define TARGET_ELF_PAGEOFFSET(_v) ((_v) & (TARGET_ELF_EXEC_PAGESIZE-1))
1075 
1076 #define DLINFO_ITEMS 13
1077 
1078 static inline void memcpy_fromfs(void * to, const void * from, unsigned long n)
1079 {
1080     memcpy(to, from, n);
1081 }
1082 
1083 #ifdef BSWAP_NEEDED
1084 static void bswap_ehdr(struct elfhdr *ehdr)
1085 {
1086     bswap16s(&ehdr->e_type);            /* Object file type */
1087     bswap16s(&ehdr->e_machine);         /* Architecture */
1088     bswap32s(&ehdr->e_version);         /* Object file version */
1089     bswaptls(&ehdr->e_entry);           /* Entry point virtual address */
1090     bswaptls(&ehdr->e_phoff);           /* Program header table file offset */
1091     bswaptls(&ehdr->e_shoff);           /* Section header table file offset */
1092     bswap32s(&ehdr->e_flags);           /* Processor-specific flags */
1093     bswap16s(&ehdr->e_ehsize);          /* ELF header size in bytes */
1094     bswap16s(&ehdr->e_phentsize);       /* Program header table entry size */
1095     bswap16s(&ehdr->e_phnum);           /* Program header table entry count */
1096     bswap16s(&ehdr->e_shentsize);       /* Section header table entry size */
1097     bswap16s(&ehdr->e_shnum);           /* Section header table entry count */
1098     bswap16s(&ehdr->e_shstrndx);        /* Section header string table index */
1099 }
1100 
1101 static void bswap_phdr(struct elf_phdr *phdr, int phnum)
1102 {
1103     int i;
1104     for (i = 0; i < phnum; ++i, ++phdr) {
1105         bswap32s(&phdr->p_type);        /* Segment type */
1106         bswap32s(&phdr->p_flags);       /* Segment flags */
1107         bswaptls(&phdr->p_offset);      /* Segment file offset */
1108         bswaptls(&phdr->p_vaddr);       /* Segment virtual address */
1109         bswaptls(&phdr->p_paddr);       /* Segment physical address */
1110         bswaptls(&phdr->p_filesz);      /* Segment size in file */
1111         bswaptls(&phdr->p_memsz);       /* Segment size in memory */
1112         bswaptls(&phdr->p_align);       /* Segment alignment */
1113     }
1114 }
1115 
1116 static void bswap_shdr(struct elf_shdr *shdr, int shnum)
1117 {
1118     int i;
1119     for (i = 0; i < shnum; ++i, ++shdr) {
1120         bswap32s(&shdr->sh_name);
1121         bswap32s(&shdr->sh_type);
1122         bswaptls(&shdr->sh_flags);
1123         bswaptls(&shdr->sh_addr);
1124         bswaptls(&shdr->sh_offset);
1125         bswaptls(&shdr->sh_size);
1126         bswap32s(&shdr->sh_link);
1127         bswap32s(&shdr->sh_info);
1128         bswaptls(&shdr->sh_addralign);
1129         bswaptls(&shdr->sh_entsize);
1130     }
1131 }
1132 
1133 static void bswap_sym(struct elf_sym *sym)
1134 {
1135     bswap32s(&sym->st_name);
1136     bswaptls(&sym->st_value);
1137     bswaptls(&sym->st_size);
1138     bswap16s(&sym->st_shndx);
1139 }
1140 #else
1141 static inline void bswap_ehdr(struct elfhdr *ehdr) { }
1142 static inline void bswap_phdr(struct elf_phdr *phdr, int phnum) { }
1143 static inline void bswap_shdr(struct elf_shdr *shdr, int shnum) { }
1144 static inline void bswap_sym(struct elf_sym *sym) { }
1145 #endif
1146 
1147 #ifdef USE_ELF_CORE_DUMP
1148 static int elf_core_dump(int, const CPUArchState *);
1149 #endif /* USE_ELF_CORE_DUMP */
1150 static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias);
1151 
1152 /* Verify the portions of EHDR within E_IDENT for the target.
1153    This can be performed before bswapping the entire header.  */
1154 static bool elf_check_ident(struct elfhdr *ehdr)
1155 {
1156     return (ehdr->e_ident[EI_MAG0] == ELFMAG0
1157             && ehdr->e_ident[EI_MAG1] == ELFMAG1
1158             && ehdr->e_ident[EI_MAG2] == ELFMAG2
1159             && ehdr->e_ident[EI_MAG3] == ELFMAG3
1160             && ehdr->e_ident[EI_CLASS] == ELF_CLASS
1161             && ehdr->e_ident[EI_DATA] == ELF_DATA
1162             && ehdr->e_ident[EI_VERSION] == EV_CURRENT);
1163 }
1164 
1165 /* Verify the portions of EHDR outside of E_IDENT for the target.
1166    This has to wait until after bswapping the header.  */
1167 static bool elf_check_ehdr(struct elfhdr *ehdr)
1168 {
1169     return (elf_check_arch(ehdr->e_machine)
1170             && ehdr->e_ehsize == sizeof(struct elfhdr)
1171             && ehdr->e_phentsize == sizeof(struct elf_phdr)
1172             && ehdr->e_shentsize == sizeof(struct elf_shdr)
1173             && (ehdr->e_type == ET_EXEC || ehdr->e_type == ET_DYN));
1174 }
1175 
1176 /*
1177  * 'copy_elf_strings()' copies argument/envelope strings from user
1178  * memory to free pages in kernel mem. These are in a format ready
1179  * to be put directly into the top of new user memory.
1180  *
1181  */
1182 static abi_ulong copy_elf_strings(int argc,char ** argv, void **page,
1183                                   abi_ulong p)
1184 {
1185     char *tmp, *tmp1, *pag = NULL;
1186     int len, offset = 0;
1187 
1188     if (!p) {
1189         return 0;       /* bullet-proofing */
1190     }
1191     while (argc-- > 0) {
1192         tmp = argv[argc];
1193         if (!tmp) {
1194             fprintf(stderr, "VFS: argc is wrong");
1195             exit(-1);
1196         }
1197         tmp1 = tmp;
1198         while (*tmp++);
1199         len = tmp - tmp1;
1200         if (p < len) {  /* this shouldn't happen - 128kB */
1201             return 0;
1202         }
1203         while (len) {
1204             --p; --tmp; --len;
1205             if (--offset < 0) {
1206                 offset = p % TARGET_PAGE_SIZE;
1207                 pag = (char *)page[p/TARGET_PAGE_SIZE];
1208                 if (!pag) {
1209                     pag = g_try_malloc0(TARGET_PAGE_SIZE);
1210                     page[p/TARGET_PAGE_SIZE] = pag;
1211                     if (!pag)
1212                         return 0;
1213                 }
1214             }
1215             if (len == 0 || offset == 0) {
1216                 *(pag + offset) = *tmp;
1217             }
1218             else {
1219                 int bytes_to_copy = (len > offset) ? offset : len;
1220                 tmp -= bytes_to_copy;
1221                 p -= bytes_to_copy;
1222                 offset -= bytes_to_copy;
1223                 len -= bytes_to_copy;
1224                 memcpy_fromfs(pag + offset, tmp, bytes_to_copy + 1);
1225             }
1226         }
1227     }
1228     return p;
1229 }
1230 
1231 static abi_ulong setup_arg_pages(abi_ulong p, struct linux_binprm *bprm,
1232                                  struct image_info *info)
1233 {
1234     abi_ulong stack_base, size, error, guard;
1235     int i;
1236 
1237     /* Create enough stack to hold everything.  If we don't use
1238        it for args, we'll use it for something else.  */
1239     size = guest_stack_size;
1240     if (size < MAX_ARG_PAGES*TARGET_PAGE_SIZE) {
1241         size = MAX_ARG_PAGES*TARGET_PAGE_SIZE;
1242     }
1243     guard = TARGET_PAGE_SIZE;
1244     if (guard < qemu_real_host_page_size) {
1245         guard = qemu_real_host_page_size;
1246     }
1247 
1248     error = target_mmap(0, size + guard, PROT_READ | PROT_WRITE,
1249                         MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
1250     if (error == -1) {
1251         perror("mmap stack");
1252         exit(-1);
1253     }
1254 
1255     /* We reserve one extra page at the top of the stack as guard.  */
1256     target_mprotect(error, guard, PROT_NONE);
1257 
1258     info->stack_limit = error + guard;
1259     stack_base = info->stack_limit + size - MAX_ARG_PAGES*TARGET_PAGE_SIZE;
1260     p += stack_base;
1261 
1262     for (i = 0 ; i < MAX_ARG_PAGES ; i++) {
1263         if (bprm->page[i]) {
1264             info->rss++;
1265             /* FIXME - check return value of memcpy_to_target() for failure */
1266             memcpy_to_target(stack_base, bprm->page[i], TARGET_PAGE_SIZE);
1267             g_free(bprm->page[i]);
1268         }
1269         stack_base += TARGET_PAGE_SIZE;
1270     }
1271     return p;
1272 }
1273 
1274 /* Map and zero the bss.  We need to explicitly zero any fractional pages
1275    after the data section (i.e. bss).  */
1276 static void zero_bss(abi_ulong elf_bss, abi_ulong last_bss, int prot)
1277 {
1278     uintptr_t host_start, host_map_start, host_end;
1279 
1280     last_bss = TARGET_PAGE_ALIGN(last_bss);
1281 
1282     /* ??? There is confusion between qemu_real_host_page_size and
1283        qemu_host_page_size here and elsewhere in target_mmap, which
1284        may lead to the end of the data section mapping from the file
1285        not being mapped.  At least there was an explicit test and
1286        comment for that here, suggesting that "the file size must
1287        be known".  The comment probably pre-dates the introduction
1288        of the fstat system call in target_mmap which does in fact
1289        find out the size.  What isn't clear is if the workaround
1290        here is still actually needed.  For now, continue with it,
1291        but merge it with the "normal" mmap that would allocate the bss.  */
1292 
1293     host_start = (uintptr_t) g2h(elf_bss);
1294     host_end = (uintptr_t) g2h(last_bss);
1295     host_map_start = (host_start + qemu_real_host_page_size - 1);
1296     host_map_start &= -qemu_real_host_page_size;
1297 
1298     if (host_map_start < host_end) {
1299         void *p = mmap((void *)host_map_start, host_end - host_map_start,
1300                        prot, MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
1301         if (p == MAP_FAILED) {
1302             perror("cannot mmap brk");
1303             exit(-1);
1304         }
1305 
1306         /* Since we didn't use target_mmap, make sure to record
1307            the validity of the pages with qemu.  */
1308         page_set_flags(elf_bss & TARGET_PAGE_MASK, last_bss, prot|PAGE_VALID);
1309     }
1310 
1311     if (host_start < host_map_start) {
1312         memset((void *)host_start, 0, host_map_start - host_start);
1313     }
1314 }
1315 
1316 #ifdef CONFIG_USE_FDPIC
1317 static abi_ulong loader_build_fdpic_loadmap(struct image_info *info, abi_ulong sp)
1318 {
1319     uint16_t n;
1320     struct elf32_fdpic_loadseg *loadsegs = info->loadsegs;
1321 
1322     /* elf32_fdpic_loadseg */
1323     n = info->nsegs;
1324     while (n--) {
1325         sp -= 12;
1326         put_user_u32(loadsegs[n].addr, sp+0);
1327         put_user_u32(loadsegs[n].p_vaddr, sp+4);
1328         put_user_u32(loadsegs[n].p_memsz, sp+8);
1329     }
1330 
1331     /* elf32_fdpic_loadmap */
1332     sp -= 4;
1333     put_user_u16(0, sp+0); /* version */
1334     put_user_u16(info->nsegs, sp+2); /* nsegs */
1335 
1336     info->personality = PER_LINUX_FDPIC;
1337     info->loadmap_addr = sp;
1338 
1339     return sp;
1340 }
1341 #endif
1342 
1343 static abi_ulong create_elf_tables(abi_ulong p, int argc, int envc,
1344                                    struct elfhdr *exec,
1345                                    struct image_info *info,
1346                                    struct image_info *interp_info)
1347 {
1348     abi_ulong sp;
1349     abi_ulong sp_auxv;
1350     int size;
1351     int i;
1352     abi_ulong u_rand_bytes;
1353     uint8_t k_rand_bytes[16];
1354     abi_ulong u_platform;
1355     const char *k_platform;
1356     const int n = sizeof(elf_addr_t);
1357 
1358     sp = p;
1359 
1360 #ifdef CONFIG_USE_FDPIC
1361     /* Needs to be before we load the env/argc/... */
1362     if (elf_is_fdpic(exec)) {
1363         /* Need 4 byte alignment for these structs */
1364         sp &= ~3;
1365         sp = loader_build_fdpic_loadmap(info, sp);
1366         info->other_info = interp_info;
1367         if (interp_info) {
1368             interp_info->other_info = info;
1369             sp = loader_build_fdpic_loadmap(interp_info, sp);
1370         }
1371     }
1372 #endif
1373 
1374     u_platform = 0;
1375     k_platform = ELF_PLATFORM;
1376     if (k_platform) {
1377         size_t len = strlen(k_platform) + 1;
1378         sp -= (len + n - 1) & ~(n - 1);
1379         u_platform = sp;
1380         /* FIXME - check return value of memcpy_to_target() for failure */
1381         memcpy_to_target(sp, k_platform, len);
1382     }
1383 
1384     /*
1385      * Generate 16 random bytes for userspace PRNG seeding (not
1386      * cryptically secure but it's not the aim of QEMU).
1387      */
1388     srand((unsigned int) time(NULL));
1389     for (i = 0; i < 16; i++) {
1390         k_rand_bytes[i] = rand();
1391     }
1392     sp -= 16;
1393     u_rand_bytes = sp;
1394     /* FIXME - check return value of memcpy_to_target() for failure */
1395     memcpy_to_target(sp, k_rand_bytes, 16);
1396 
1397     /*
1398      * Force 16 byte _final_ alignment here for generality.
1399      */
1400     sp = sp &~ (abi_ulong)15;
1401     size = (DLINFO_ITEMS + 1) * 2;
1402     if (k_platform)
1403         size += 2;
1404 #ifdef DLINFO_ARCH_ITEMS
1405     size += DLINFO_ARCH_ITEMS * 2;
1406 #endif
1407     size += envc + argc + 2;
1408     size += 1;  /* argc itself */
1409     size *= n;
1410     if (size & 15)
1411         sp -= 16 - (size & 15);
1412 
1413     /* This is correct because Linux defines
1414      * elf_addr_t as Elf32_Off / Elf64_Off
1415      */
1416 #define NEW_AUX_ENT(id, val) do {               \
1417         sp -= n; put_user_ual(val, sp);         \
1418         sp -= n; put_user_ual(id, sp);          \
1419     } while(0)
1420 
1421     sp_auxv = sp;
1422     NEW_AUX_ENT (AT_NULL, 0);
1423 
1424     /* There must be exactly DLINFO_ITEMS entries here.  */
1425     NEW_AUX_ENT(AT_PHDR, (abi_ulong)(info->load_addr + exec->e_phoff));
1426     NEW_AUX_ENT(AT_PHENT, (abi_ulong)(sizeof (struct elf_phdr)));
1427     NEW_AUX_ENT(AT_PHNUM, (abi_ulong)(exec->e_phnum));
1428     NEW_AUX_ENT(AT_PAGESZ, (abi_ulong)(TARGET_PAGE_SIZE));
1429     NEW_AUX_ENT(AT_BASE, (abi_ulong)(interp_info ? interp_info->load_addr : 0));
1430     NEW_AUX_ENT(AT_FLAGS, (abi_ulong)0);
1431     NEW_AUX_ENT(AT_ENTRY, info->entry);
1432     NEW_AUX_ENT(AT_UID, (abi_ulong) getuid());
1433     NEW_AUX_ENT(AT_EUID, (abi_ulong) geteuid());
1434     NEW_AUX_ENT(AT_GID, (abi_ulong) getgid());
1435     NEW_AUX_ENT(AT_EGID, (abi_ulong) getegid());
1436     NEW_AUX_ENT(AT_HWCAP, (abi_ulong) ELF_HWCAP);
1437     NEW_AUX_ENT(AT_CLKTCK, (abi_ulong) sysconf(_SC_CLK_TCK));
1438     NEW_AUX_ENT(AT_RANDOM, (abi_ulong) u_rand_bytes);
1439 
1440     if (k_platform)
1441         NEW_AUX_ENT(AT_PLATFORM, u_platform);
1442 #ifdef ARCH_DLINFO
1443     /*
1444      * ARCH_DLINFO must come last so platform specific code can enforce
1445      * special alignment requirements on the AUXV if necessary (eg. PPC).
1446      */
1447     ARCH_DLINFO;
1448 #endif
1449 #undef NEW_AUX_ENT
1450 
1451     info->saved_auxv = sp;
1452     info->auxv_len = sp_auxv - sp;
1453 
1454     sp = loader_build_argptr(envc, argc, sp, p, 0);
1455     return sp;
1456 }
1457 
1458 #ifndef TARGET_HAS_VALIDATE_GUEST_SPACE
1459 /* If the guest doesn't have a validation function just agree */
1460 static int validate_guest_space(unsigned long guest_base,
1461                                 unsigned long guest_size)
1462 {
1463     return 1;
1464 }
1465 #endif
1466 
1467 unsigned long init_guest_space(unsigned long host_start,
1468                                unsigned long host_size,
1469                                unsigned long guest_start,
1470                                bool fixed)
1471 {
1472     unsigned long current_start, real_start;
1473     int flags;
1474 
1475     assert(host_start || host_size);
1476 
1477     /* If just a starting address is given, then just verify that
1478      * address.  */
1479     if (host_start && !host_size) {
1480         if (validate_guest_space(host_start, host_size) == 1) {
1481             return host_start;
1482         } else {
1483             return (unsigned long)-1;
1484         }
1485     }
1486 
1487     /* Setup the initial flags and start address.  */
1488     current_start = host_start & qemu_host_page_mask;
1489     flags = MAP_ANONYMOUS | MAP_PRIVATE | MAP_NORESERVE;
1490     if (fixed) {
1491         flags |= MAP_FIXED;
1492     }
1493 
1494     /* Otherwise, a non-zero size region of memory needs to be mapped
1495      * and validated.  */
1496     while (1) {
1497         unsigned long real_size = host_size;
1498 
1499         /* Do not use mmap_find_vma here because that is limited to the
1500          * guest address space.  We are going to make the
1501          * guest address space fit whatever we're given.
1502          */
1503         real_start = (unsigned long)
1504             mmap((void *)current_start, host_size, PROT_NONE, flags, -1, 0);
1505         if (real_start == (unsigned long)-1) {
1506             return (unsigned long)-1;
1507         }
1508 
1509         /* Ensure the address is properly aligned.  */
1510         if (real_start & ~qemu_host_page_mask) {
1511             munmap((void *)real_start, host_size);
1512             real_size = host_size + qemu_host_page_size;
1513             real_start = (unsigned long)
1514                 mmap((void *)real_start, real_size, PROT_NONE, flags, -1, 0);
1515             if (real_start == (unsigned long)-1) {
1516                 return (unsigned long)-1;
1517             }
1518             real_start = HOST_PAGE_ALIGN(real_start);
1519         }
1520 
1521         /* Check to see if the address is valid.  */
1522         if (!host_start || real_start == current_start) {
1523             int valid = validate_guest_space(real_start - guest_start,
1524                                              real_size);
1525             if (valid == 1) {
1526                 break;
1527             } else if (valid == -1) {
1528                 return (unsigned long)-1;
1529             }
1530             /* valid == 0, so try again. */
1531         }
1532 
1533         /* That address didn't work.  Unmap and try a different one.
1534          * The address the host picked because is typically right at
1535          * the top of the host address space and leaves the guest with
1536          * no usable address space.  Resort to a linear search.  We
1537          * already compensated for mmap_min_addr, so this should not
1538          * happen often.  Probably means we got unlucky and host
1539          * address space randomization put a shared library somewhere
1540          * inconvenient.
1541          */
1542         munmap((void *)real_start, host_size);
1543         current_start += qemu_host_page_size;
1544         if (host_start == current_start) {
1545             /* Theoretically possible if host doesn't have any suitably
1546              * aligned areas.  Normally the first mmap will fail.
1547              */
1548             return (unsigned long)-1;
1549         }
1550     }
1551 
1552     qemu_log("Reserved 0x%lx bytes of guest address space\n", host_size);
1553 
1554     return real_start;
1555 }
1556 
1557 static void probe_guest_base(const char *image_name,
1558                              abi_ulong loaddr, abi_ulong hiaddr)
1559 {
1560     /* Probe for a suitable guest base address, if the user has not set
1561      * it explicitly, and set guest_base appropriately.
1562      * In case of error we will print a suitable message and exit.
1563      */
1564 #if defined(CONFIG_USE_GUEST_BASE)
1565     const char *errmsg;
1566     if (!have_guest_base && !reserved_va) {
1567         unsigned long host_start, real_start, host_size;
1568 
1569         /* Round addresses to page boundaries.  */
1570         loaddr &= qemu_host_page_mask;
1571         hiaddr = HOST_PAGE_ALIGN(hiaddr);
1572 
1573         if (loaddr < mmap_min_addr) {
1574             host_start = HOST_PAGE_ALIGN(mmap_min_addr);
1575         } else {
1576             host_start = loaddr;
1577             if (host_start != loaddr) {
1578                 errmsg = "Address overflow loading ELF binary";
1579                 goto exit_errmsg;
1580             }
1581         }
1582         host_size = hiaddr - loaddr;
1583 
1584         /* Setup the initial guest memory space with ranges gleaned from
1585          * the ELF image that is being loaded.
1586          */
1587         real_start = init_guest_space(host_start, host_size, loaddr, false);
1588         if (real_start == (unsigned long)-1) {
1589             errmsg = "Unable to find space for application";
1590             goto exit_errmsg;
1591         }
1592         guest_base = real_start - loaddr;
1593 
1594         qemu_log("Relocating guest address space from 0x"
1595                  TARGET_ABI_FMT_lx " to 0x%lx\n",
1596                  loaddr, real_start);
1597     }
1598     return;
1599 
1600 exit_errmsg:
1601     fprintf(stderr, "%s: %s\n", image_name, errmsg);
1602     exit(-1);
1603 #endif
1604 }
1605 
1606 
1607 /* Load an ELF image into the address space.
1608 
1609    IMAGE_NAME is the filename of the image, to use in error messages.
1610    IMAGE_FD is the open file descriptor for the image.
1611 
1612    BPRM_BUF is a copy of the beginning of the file; this of course
1613    contains the elf file header at offset 0.  It is assumed that this
1614    buffer is sufficiently aligned to present no problems to the host
1615    in accessing data at aligned offsets within the buffer.
1616 
1617    On return: INFO values will be filled in, as necessary or available.  */
1618 
1619 static void load_elf_image(const char *image_name, int image_fd,
1620                            struct image_info *info, char **pinterp_name,
1621                            char bprm_buf[BPRM_BUF_SIZE])
1622 {
1623     struct elfhdr *ehdr = (struct elfhdr *)bprm_buf;
1624     struct elf_phdr *phdr;
1625     abi_ulong load_addr, load_bias, loaddr, hiaddr, error;
1626     int i, retval;
1627     const char *errmsg;
1628 
1629     /* First of all, some simple consistency checks */
1630     errmsg = "Invalid ELF image for this architecture";
1631     if (!elf_check_ident(ehdr)) {
1632         goto exit_errmsg;
1633     }
1634     bswap_ehdr(ehdr);
1635     if (!elf_check_ehdr(ehdr)) {
1636         goto exit_errmsg;
1637     }
1638 
1639     i = ehdr->e_phnum * sizeof(struct elf_phdr);
1640     if (ehdr->e_phoff + i <= BPRM_BUF_SIZE) {
1641         phdr = (struct elf_phdr *)(bprm_buf + ehdr->e_phoff);
1642     } else {
1643         phdr = (struct elf_phdr *) alloca(i);
1644         retval = pread(image_fd, phdr, i, ehdr->e_phoff);
1645         if (retval != i) {
1646             goto exit_read;
1647         }
1648     }
1649     bswap_phdr(phdr, ehdr->e_phnum);
1650 
1651 #ifdef CONFIG_USE_FDPIC
1652     info->nsegs = 0;
1653     info->pt_dynamic_addr = 0;
1654 #endif
1655 
1656     /* Find the maximum size of the image and allocate an appropriate
1657        amount of memory to handle that.  */
1658     loaddr = -1, hiaddr = 0;
1659     for (i = 0; i < ehdr->e_phnum; ++i) {
1660         if (phdr[i].p_type == PT_LOAD) {
1661             abi_ulong a = phdr[i].p_vaddr;
1662             if (a < loaddr) {
1663                 loaddr = a;
1664             }
1665             a += phdr[i].p_memsz;
1666             if (a > hiaddr) {
1667                 hiaddr = a;
1668             }
1669 #ifdef CONFIG_USE_FDPIC
1670             ++info->nsegs;
1671 #endif
1672         }
1673     }
1674 
1675     load_addr = loaddr;
1676     if (ehdr->e_type == ET_DYN) {
1677         /* The image indicates that it can be loaded anywhere.  Find a
1678            location that can hold the memory space required.  If the
1679            image is pre-linked, LOADDR will be non-zero.  Since we do
1680            not supply MAP_FIXED here we'll use that address if and
1681            only if it remains available.  */
1682         load_addr = target_mmap(loaddr, hiaddr - loaddr, PROT_NONE,
1683                                 MAP_PRIVATE | MAP_ANON | MAP_NORESERVE,
1684                                 -1, 0);
1685         if (load_addr == -1) {
1686             goto exit_perror;
1687         }
1688     } else if (pinterp_name != NULL) {
1689         /* This is the main executable.  Make sure that the low
1690            address does not conflict with MMAP_MIN_ADDR or the
1691            QEMU application itself.  */
1692         probe_guest_base(image_name, loaddr, hiaddr);
1693     }
1694     load_bias = load_addr - loaddr;
1695 
1696 #ifdef CONFIG_USE_FDPIC
1697     {
1698         struct elf32_fdpic_loadseg *loadsegs = info->loadsegs =
1699             g_malloc(sizeof(*loadsegs) * info->nsegs);
1700 
1701         for (i = 0; i < ehdr->e_phnum; ++i) {
1702             switch (phdr[i].p_type) {
1703             case PT_DYNAMIC:
1704                 info->pt_dynamic_addr = phdr[i].p_vaddr + load_bias;
1705                 break;
1706             case PT_LOAD:
1707                 loadsegs->addr = phdr[i].p_vaddr + load_bias;
1708                 loadsegs->p_vaddr = phdr[i].p_vaddr;
1709                 loadsegs->p_memsz = phdr[i].p_memsz;
1710                 ++loadsegs;
1711                 break;
1712             }
1713         }
1714     }
1715 #endif
1716 
1717     info->load_bias = load_bias;
1718     info->load_addr = load_addr;
1719     info->entry = ehdr->e_entry + load_bias;
1720     info->start_code = -1;
1721     info->end_code = 0;
1722     info->start_data = -1;
1723     info->end_data = 0;
1724     info->brk = 0;
1725     info->elf_flags = ehdr->e_flags;
1726 
1727     for (i = 0; i < ehdr->e_phnum; i++) {
1728         struct elf_phdr *eppnt = phdr + i;
1729         if (eppnt->p_type == PT_LOAD) {
1730             abi_ulong vaddr, vaddr_po, vaddr_ps, vaddr_ef, vaddr_em;
1731             int elf_prot = 0;
1732 
1733             if (eppnt->p_flags & PF_R) elf_prot =  PROT_READ;
1734             if (eppnt->p_flags & PF_W) elf_prot |= PROT_WRITE;
1735             if (eppnt->p_flags & PF_X) elf_prot |= PROT_EXEC;
1736 
1737             vaddr = load_bias + eppnt->p_vaddr;
1738             vaddr_po = TARGET_ELF_PAGEOFFSET(vaddr);
1739             vaddr_ps = TARGET_ELF_PAGESTART(vaddr);
1740 
1741             error = target_mmap(vaddr_ps, eppnt->p_filesz + vaddr_po,
1742                                 elf_prot, MAP_PRIVATE | MAP_FIXED,
1743                                 image_fd, eppnt->p_offset - vaddr_po);
1744             if (error == -1) {
1745                 goto exit_perror;
1746             }
1747 
1748             vaddr_ef = vaddr + eppnt->p_filesz;
1749             vaddr_em = vaddr + eppnt->p_memsz;
1750 
1751             /* If the load segment requests extra zeros (e.g. bss), map it.  */
1752             if (vaddr_ef < vaddr_em) {
1753                 zero_bss(vaddr_ef, vaddr_em, elf_prot);
1754             }
1755 
1756             /* Find the full program boundaries.  */
1757             if (elf_prot & PROT_EXEC) {
1758                 if (vaddr < info->start_code) {
1759                     info->start_code = vaddr;
1760                 }
1761                 if (vaddr_ef > info->end_code) {
1762                     info->end_code = vaddr_ef;
1763                 }
1764             }
1765             if (elf_prot & PROT_WRITE) {
1766                 if (vaddr < info->start_data) {
1767                     info->start_data = vaddr;
1768                 }
1769                 if (vaddr_ef > info->end_data) {
1770                     info->end_data = vaddr_ef;
1771                 }
1772                 if (vaddr_em > info->brk) {
1773                     info->brk = vaddr_em;
1774                 }
1775             }
1776         } else if (eppnt->p_type == PT_INTERP && pinterp_name) {
1777             char *interp_name;
1778 
1779             if (*pinterp_name) {
1780                 errmsg = "Multiple PT_INTERP entries";
1781                 goto exit_errmsg;
1782             }
1783             interp_name = malloc(eppnt->p_filesz);
1784             if (!interp_name) {
1785                 goto exit_perror;
1786             }
1787 
1788             if (eppnt->p_offset + eppnt->p_filesz <= BPRM_BUF_SIZE) {
1789                 memcpy(interp_name, bprm_buf + eppnt->p_offset,
1790                        eppnt->p_filesz);
1791             } else {
1792                 retval = pread(image_fd, interp_name, eppnt->p_filesz,
1793                                eppnt->p_offset);
1794                 if (retval != eppnt->p_filesz) {
1795                     goto exit_perror;
1796                 }
1797             }
1798             if (interp_name[eppnt->p_filesz - 1] != 0) {
1799                 errmsg = "Invalid PT_INTERP entry";
1800                 goto exit_errmsg;
1801             }
1802             *pinterp_name = interp_name;
1803         }
1804     }
1805 
1806     if (info->end_data == 0) {
1807         info->start_data = info->end_code;
1808         info->end_data = info->end_code;
1809         info->brk = info->end_code;
1810     }
1811 
1812     if (qemu_log_enabled()) {
1813         load_symbols(ehdr, image_fd, load_bias);
1814     }
1815 
1816     close(image_fd);
1817     return;
1818 
1819  exit_read:
1820     if (retval >= 0) {
1821         errmsg = "Incomplete read of file header";
1822         goto exit_errmsg;
1823     }
1824  exit_perror:
1825     errmsg = strerror(errno);
1826  exit_errmsg:
1827     fprintf(stderr, "%s: %s\n", image_name, errmsg);
1828     exit(-1);
1829 }
1830 
1831 static void load_elf_interp(const char *filename, struct image_info *info,
1832                             char bprm_buf[BPRM_BUF_SIZE])
1833 {
1834     int fd, retval;
1835 
1836     fd = open(path(filename), O_RDONLY);
1837     if (fd < 0) {
1838         goto exit_perror;
1839     }
1840 
1841     retval = read(fd, bprm_buf, BPRM_BUF_SIZE);
1842     if (retval < 0) {
1843         goto exit_perror;
1844     }
1845     if (retval < BPRM_BUF_SIZE) {
1846         memset(bprm_buf + retval, 0, BPRM_BUF_SIZE - retval);
1847     }
1848 
1849     load_elf_image(filename, fd, info, NULL, bprm_buf);
1850     return;
1851 
1852  exit_perror:
1853     fprintf(stderr, "%s: %s\n", filename, strerror(errno));
1854     exit(-1);
1855 }
1856 
1857 static int symfind(const void *s0, const void *s1)
1858 {
1859     target_ulong addr = *(target_ulong *)s0;
1860     struct elf_sym *sym = (struct elf_sym *)s1;
1861     int result = 0;
1862     if (addr < sym->st_value) {
1863         result = -1;
1864     } else if (addr >= sym->st_value + sym->st_size) {
1865         result = 1;
1866     }
1867     return result;
1868 }
1869 
1870 static const char *lookup_symbolxx(struct syminfo *s, target_ulong orig_addr)
1871 {
1872 #if ELF_CLASS == ELFCLASS32
1873     struct elf_sym *syms = s->disas_symtab.elf32;
1874 #else
1875     struct elf_sym *syms = s->disas_symtab.elf64;
1876 #endif
1877 
1878     // binary search
1879     struct elf_sym *sym;
1880 
1881     sym = bsearch(&orig_addr, syms, s->disas_num_syms, sizeof(*syms), symfind);
1882     if (sym != NULL) {
1883         return s->disas_strtab + sym->st_name;
1884     }
1885 
1886     return "";
1887 }
1888 
1889 /* FIXME: This should use elf_ops.h  */
1890 static int symcmp(const void *s0, const void *s1)
1891 {
1892     struct elf_sym *sym0 = (struct elf_sym *)s0;
1893     struct elf_sym *sym1 = (struct elf_sym *)s1;
1894     return (sym0->st_value < sym1->st_value)
1895         ? -1
1896         : ((sym0->st_value > sym1->st_value) ? 1 : 0);
1897 }
1898 
1899 /* Best attempt to load symbols from this ELF object. */
1900 static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias)
1901 {
1902     int i, shnum, nsyms, sym_idx = 0, str_idx = 0;
1903     struct elf_shdr *shdr;
1904     char *strings = NULL;
1905     struct syminfo *s = NULL;
1906     struct elf_sym *new_syms, *syms = NULL;
1907 
1908     shnum = hdr->e_shnum;
1909     i = shnum * sizeof(struct elf_shdr);
1910     shdr = (struct elf_shdr *)alloca(i);
1911     if (pread(fd, shdr, i, hdr->e_shoff) != i) {
1912         return;
1913     }
1914 
1915     bswap_shdr(shdr, shnum);
1916     for (i = 0; i < shnum; ++i) {
1917         if (shdr[i].sh_type == SHT_SYMTAB) {
1918             sym_idx = i;
1919             str_idx = shdr[i].sh_link;
1920             goto found;
1921         }
1922     }
1923 
1924     /* There will be no symbol table if the file was stripped.  */
1925     return;
1926 
1927  found:
1928     /* Now know where the strtab and symtab are.  Snarf them.  */
1929     s = malloc(sizeof(*s));
1930     if (!s) {
1931         goto give_up;
1932     }
1933 
1934     i = shdr[str_idx].sh_size;
1935     s->disas_strtab = strings = malloc(i);
1936     if (!strings || pread(fd, strings, i, shdr[str_idx].sh_offset) != i) {
1937         goto give_up;
1938     }
1939 
1940     i = shdr[sym_idx].sh_size;
1941     syms = malloc(i);
1942     if (!syms || pread(fd, syms, i, shdr[sym_idx].sh_offset) != i) {
1943         goto give_up;
1944     }
1945 
1946     nsyms = i / sizeof(struct elf_sym);
1947     for (i = 0; i < nsyms; ) {
1948         bswap_sym(syms + i);
1949         /* Throw away entries which we do not need.  */
1950         if (syms[i].st_shndx == SHN_UNDEF
1951             || syms[i].st_shndx >= SHN_LORESERVE
1952             || ELF_ST_TYPE(syms[i].st_info) != STT_FUNC) {
1953             if (i < --nsyms) {
1954                 syms[i] = syms[nsyms];
1955             }
1956         } else {
1957 #if defined(TARGET_ARM) || defined (TARGET_MIPS)
1958             /* The bottom address bit marks a Thumb or MIPS16 symbol.  */
1959             syms[i].st_value &= ~(target_ulong)1;
1960 #endif
1961             syms[i].st_value += load_bias;
1962             i++;
1963         }
1964     }
1965 
1966     /* No "useful" symbol.  */
1967     if (nsyms == 0) {
1968         goto give_up;
1969     }
1970 
1971     /* Attempt to free the storage associated with the local symbols
1972        that we threw away.  Whether or not this has any effect on the
1973        memory allocation depends on the malloc implementation and how
1974        many symbols we managed to discard.  */
1975     new_syms = realloc(syms, nsyms * sizeof(*syms));
1976     if (new_syms == NULL) {
1977         goto give_up;
1978     }
1979     syms = new_syms;
1980 
1981     qsort(syms, nsyms, sizeof(*syms), symcmp);
1982 
1983     s->disas_num_syms = nsyms;
1984 #if ELF_CLASS == ELFCLASS32
1985     s->disas_symtab.elf32 = syms;
1986 #else
1987     s->disas_symtab.elf64 = syms;
1988 #endif
1989     s->lookup_symbol = lookup_symbolxx;
1990     s->next = syminfos;
1991     syminfos = s;
1992 
1993     return;
1994 
1995 give_up:
1996     free(s);
1997     free(strings);
1998     free(syms);
1999 }
2000 
2001 int load_elf_binary(struct linux_binprm *bprm, struct image_info *info)
2002 {
2003     struct image_info interp_info;
2004     struct elfhdr elf_ex;
2005     char *elf_interpreter = NULL;
2006 
2007     info->start_mmap = (abi_ulong)ELF_START_MMAP;
2008     info->mmap = 0;
2009     info->rss = 0;
2010 
2011     load_elf_image(bprm->filename, bprm->fd, info,
2012                    &elf_interpreter, bprm->buf);
2013 
2014     /* ??? We need a copy of the elf header for passing to create_elf_tables.
2015        If we do nothing, we'll have overwritten this when we re-use bprm->buf
2016        when we load the interpreter.  */
2017     elf_ex = *(struct elfhdr *)bprm->buf;
2018 
2019     bprm->p = copy_elf_strings(1, &bprm->filename, bprm->page, bprm->p);
2020     bprm->p = copy_elf_strings(bprm->envc,bprm->envp,bprm->page,bprm->p);
2021     bprm->p = copy_elf_strings(bprm->argc,bprm->argv,bprm->page,bprm->p);
2022     if (!bprm->p) {
2023         fprintf(stderr, "%s: %s\n", bprm->filename, strerror(E2BIG));
2024         exit(-1);
2025     }
2026 
2027     /* Do this so that we can load the interpreter, if need be.  We will
2028        change some of these later */
2029     bprm->p = setup_arg_pages(bprm->p, bprm, info);
2030 
2031     if (elf_interpreter) {
2032         load_elf_interp(elf_interpreter, &interp_info, bprm->buf);
2033 
2034         /* If the program interpreter is one of these two, then assume
2035            an iBCS2 image.  Otherwise assume a native linux image.  */
2036 
2037         if (strcmp(elf_interpreter, "/usr/lib/libc.so.1") == 0
2038             || strcmp(elf_interpreter, "/usr/lib/ld.so.1") == 0) {
2039             info->personality = PER_SVR4;
2040 
2041             /* Why this, you ask???  Well SVr4 maps page 0 as read-only,
2042                and some applications "depend" upon this behavior.  Since
2043                we do not have the power to recompile these, we emulate
2044                the SVr4 behavior.  Sigh.  */
2045             target_mmap(0, qemu_host_page_size, PROT_READ | PROT_EXEC,
2046                         MAP_FIXED | MAP_PRIVATE, -1, 0);
2047         }
2048     }
2049 
2050     bprm->p = create_elf_tables(bprm->p, bprm->argc, bprm->envc, &elf_ex,
2051                                 info, (elf_interpreter ? &interp_info : NULL));
2052     info->start_stack = bprm->p;
2053 
2054     /* If we have an interpreter, set that as the program's entry point.
2055        Copy the load_bias as well, to help PPC64 interpret the entry
2056        point as a function descriptor.  Do this after creating elf tables
2057        so that we copy the original program entry point into the AUXV.  */
2058     if (elf_interpreter) {
2059         info->load_bias = interp_info.load_bias;
2060         info->entry = interp_info.entry;
2061         free(elf_interpreter);
2062     }
2063 
2064 #ifdef USE_ELF_CORE_DUMP
2065     bprm->core_dump = &elf_core_dump;
2066 #endif
2067 
2068     return 0;
2069 }
2070 
2071 #ifdef USE_ELF_CORE_DUMP
2072 /*
2073  * Definitions to generate Intel SVR4-like core files.
2074  * These mostly have the same names as the SVR4 types with "target_elf_"
2075  * tacked on the front to prevent clashes with linux definitions,
2076  * and the typedef forms have been avoided.  This is mostly like
2077  * the SVR4 structure, but more Linuxy, with things that Linux does
2078  * not support and which gdb doesn't really use excluded.
2079  *
2080  * Fields we don't dump (their contents is zero) in linux-user qemu
2081  * are marked with XXX.
2082  *
2083  * Core dump code is copied from linux kernel (fs/binfmt_elf.c).
2084  *
2085  * Porting ELF coredump for target is (quite) simple process.  First you
2086  * define USE_ELF_CORE_DUMP in target ELF code (where init_thread() for
2087  * the target resides):
2088  *
2089  * #define USE_ELF_CORE_DUMP
2090  *
2091  * Next you define type of register set used for dumping.  ELF specification
2092  * says that it needs to be array of elf_greg_t that has size of ELF_NREG.
2093  *
2094  * typedef <target_regtype> target_elf_greg_t;
2095  * #define ELF_NREG <number of registers>
2096  * typedef taret_elf_greg_t target_elf_gregset_t[ELF_NREG];
2097  *
2098  * Last step is to implement target specific function that copies registers
2099  * from given cpu into just specified register set.  Prototype is:
2100  *
2101  * static void elf_core_copy_regs(taret_elf_gregset_t *regs,
2102  *                                const CPUArchState *env);
2103  *
2104  * Parameters:
2105  *     regs - copy register values into here (allocated and zeroed by caller)
2106  *     env - copy registers from here
2107  *
2108  * Example for ARM target is provided in this file.
2109  */
2110 
2111 /* An ELF note in memory */
2112 struct memelfnote {
2113     const char *name;
2114     size_t     namesz;
2115     size_t     namesz_rounded;
2116     int        type;
2117     size_t     datasz;
2118     size_t     datasz_rounded;
2119     void       *data;
2120     size_t     notesz;
2121 };
2122 
2123 struct target_elf_siginfo {
2124     abi_int    si_signo; /* signal number */
2125     abi_int    si_code;  /* extra code */
2126     abi_int    si_errno; /* errno */
2127 };
2128 
2129 struct target_elf_prstatus {
2130     struct target_elf_siginfo pr_info;      /* Info associated with signal */
2131     abi_short          pr_cursig;    /* Current signal */
2132     abi_ulong          pr_sigpend;   /* XXX */
2133     abi_ulong          pr_sighold;   /* XXX */
2134     target_pid_t       pr_pid;
2135     target_pid_t       pr_ppid;
2136     target_pid_t       pr_pgrp;
2137     target_pid_t       pr_sid;
2138     struct target_timeval pr_utime;  /* XXX User time */
2139     struct target_timeval pr_stime;  /* XXX System time */
2140     struct target_timeval pr_cutime; /* XXX Cumulative user time */
2141     struct target_timeval pr_cstime; /* XXX Cumulative system time */
2142     target_elf_gregset_t      pr_reg;       /* GP registers */
2143     abi_int            pr_fpvalid;   /* XXX */
2144 };
2145 
2146 #define ELF_PRARGSZ     (80) /* Number of chars for args */
2147 
2148 struct target_elf_prpsinfo {
2149     char         pr_state;       /* numeric process state */
2150     char         pr_sname;       /* char for pr_state */
2151     char         pr_zomb;        /* zombie */
2152     char         pr_nice;        /* nice val */
2153     abi_ulong    pr_flag;        /* flags */
2154     target_uid_t pr_uid;
2155     target_gid_t pr_gid;
2156     target_pid_t pr_pid, pr_ppid, pr_pgrp, pr_sid;
2157     /* Lots missing */
2158     char    pr_fname[16];           /* filename of executable */
2159     char    pr_psargs[ELF_PRARGSZ]; /* initial part of arg list */
2160 };
2161 
2162 /* Here is the structure in which status of each thread is captured. */
2163 struct elf_thread_status {
2164     QTAILQ_ENTRY(elf_thread_status)  ets_link;
2165     struct target_elf_prstatus prstatus;   /* NT_PRSTATUS */
2166 #if 0
2167     elf_fpregset_t fpu;             /* NT_PRFPREG */
2168     struct task_struct *thread;
2169     elf_fpxregset_t xfpu;           /* ELF_CORE_XFPREG_TYPE */
2170 #endif
2171     struct memelfnote notes[1];
2172     int num_notes;
2173 };
2174 
2175 struct elf_note_info {
2176     struct memelfnote   *notes;
2177     struct target_elf_prstatus *prstatus;  /* NT_PRSTATUS */
2178     struct target_elf_prpsinfo *psinfo;    /* NT_PRPSINFO */
2179 
2180     QTAILQ_HEAD(thread_list_head, elf_thread_status) thread_list;
2181 #if 0
2182     /*
2183      * Current version of ELF coredump doesn't support
2184      * dumping fp regs etc.
2185      */
2186     elf_fpregset_t *fpu;
2187     elf_fpxregset_t *xfpu;
2188     int thread_status_size;
2189 #endif
2190     int notes_size;
2191     int numnote;
2192 };
2193 
2194 struct vm_area_struct {
2195     abi_ulong   vma_start;  /* start vaddr of memory region */
2196     abi_ulong   vma_end;    /* end vaddr of memory region */
2197     abi_ulong   vma_flags;  /* protection etc. flags for the region */
2198     QTAILQ_ENTRY(vm_area_struct) vma_link;
2199 };
2200 
2201 struct mm_struct {
2202     QTAILQ_HEAD(, vm_area_struct) mm_mmap;
2203     int mm_count;           /* number of mappings */
2204 };
2205 
2206 static struct mm_struct *vma_init(void);
2207 static void vma_delete(struct mm_struct *);
2208 static int vma_add_mapping(struct mm_struct *, abi_ulong,
2209                            abi_ulong, abi_ulong);
2210 static int vma_get_mapping_count(const struct mm_struct *);
2211 static struct vm_area_struct *vma_first(const struct mm_struct *);
2212 static struct vm_area_struct *vma_next(struct vm_area_struct *);
2213 static abi_ulong vma_dump_size(const struct vm_area_struct *);
2214 static int vma_walker(void *priv, abi_ulong start, abi_ulong end,
2215                       unsigned long flags);
2216 
2217 static void fill_elf_header(struct elfhdr *, int, uint16_t, uint32_t);
2218 static void fill_note(struct memelfnote *, const char *, int,
2219                       unsigned int, void *);
2220 static void fill_prstatus(struct target_elf_prstatus *, const TaskState *, int);
2221 static int fill_psinfo(struct target_elf_prpsinfo *, const TaskState *);
2222 static void fill_auxv_note(struct memelfnote *, const TaskState *);
2223 static void fill_elf_note_phdr(struct elf_phdr *, int, off_t);
2224 static size_t note_size(const struct memelfnote *);
2225 static void free_note_info(struct elf_note_info *);
2226 static int fill_note_info(struct elf_note_info *, long, const CPUArchState *);
2227 static void fill_thread_info(struct elf_note_info *, const CPUArchState *);
2228 static int core_dump_filename(const TaskState *, char *, size_t);
2229 
2230 static int dump_write(int, const void *, size_t);
2231 static int write_note(struct memelfnote *, int);
2232 static int write_note_info(struct elf_note_info *, int);
2233 
2234 #ifdef BSWAP_NEEDED
2235 static void bswap_prstatus(struct target_elf_prstatus *prstatus)
2236 {
2237     prstatus->pr_info.si_signo = tswap32(prstatus->pr_info.si_signo);
2238     prstatus->pr_info.si_code = tswap32(prstatus->pr_info.si_code);
2239     prstatus->pr_info.si_errno = tswap32(prstatus->pr_info.si_errno);
2240     prstatus->pr_cursig = tswap16(prstatus->pr_cursig);
2241     prstatus->pr_sigpend = tswapal(prstatus->pr_sigpend);
2242     prstatus->pr_sighold = tswapal(prstatus->pr_sighold);
2243     prstatus->pr_pid = tswap32(prstatus->pr_pid);
2244     prstatus->pr_ppid = tswap32(prstatus->pr_ppid);
2245     prstatus->pr_pgrp = tswap32(prstatus->pr_pgrp);
2246     prstatus->pr_sid = tswap32(prstatus->pr_sid);
2247     /* cpu times are not filled, so we skip them */
2248     /* regs should be in correct format already */
2249     prstatus->pr_fpvalid = tswap32(prstatus->pr_fpvalid);
2250 }
2251 
2252 static void bswap_psinfo(struct target_elf_prpsinfo *psinfo)
2253 {
2254     psinfo->pr_flag = tswapal(psinfo->pr_flag);
2255     psinfo->pr_uid = tswap16(psinfo->pr_uid);
2256     psinfo->pr_gid = tswap16(psinfo->pr_gid);
2257     psinfo->pr_pid = tswap32(psinfo->pr_pid);
2258     psinfo->pr_ppid = tswap32(psinfo->pr_ppid);
2259     psinfo->pr_pgrp = tswap32(psinfo->pr_pgrp);
2260     psinfo->pr_sid = tswap32(psinfo->pr_sid);
2261 }
2262 
2263 static void bswap_note(struct elf_note *en)
2264 {
2265     bswap32s(&en->n_namesz);
2266     bswap32s(&en->n_descsz);
2267     bswap32s(&en->n_type);
2268 }
2269 #else
2270 static inline void bswap_prstatus(struct target_elf_prstatus *p) { }
2271 static inline void bswap_psinfo(struct target_elf_prpsinfo *p) {}
2272 static inline void bswap_note(struct elf_note *en) { }
2273 #endif /* BSWAP_NEEDED */
2274 
2275 /*
2276  * Minimal support for linux memory regions.  These are needed
2277  * when we are finding out what memory exactly belongs to
2278  * emulated process.  No locks needed here, as long as
2279  * thread that received the signal is stopped.
2280  */
2281 
2282 static struct mm_struct *vma_init(void)
2283 {
2284     struct mm_struct *mm;
2285 
2286     if ((mm = g_malloc(sizeof (*mm))) == NULL)
2287         return (NULL);
2288 
2289     mm->mm_count = 0;
2290     QTAILQ_INIT(&mm->mm_mmap);
2291 
2292     return (mm);
2293 }
2294 
2295 static void vma_delete(struct mm_struct *mm)
2296 {
2297     struct vm_area_struct *vma;
2298 
2299     while ((vma = vma_first(mm)) != NULL) {
2300         QTAILQ_REMOVE(&mm->mm_mmap, vma, vma_link);
2301         g_free(vma);
2302     }
2303     g_free(mm);
2304 }
2305 
2306 static int vma_add_mapping(struct mm_struct *mm, abi_ulong start,
2307                            abi_ulong end, abi_ulong flags)
2308 {
2309     struct vm_area_struct *vma;
2310 
2311     if ((vma = g_malloc0(sizeof (*vma))) == NULL)
2312         return (-1);
2313 
2314     vma->vma_start = start;
2315     vma->vma_end = end;
2316     vma->vma_flags = flags;
2317 
2318     QTAILQ_INSERT_TAIL(&mm->mm_mmap, vma, vma_link);
2319     mm->mm_count++;
2320 
2321     return (0);
2322 }
2323 
2324 static struct vm_area_struct *vma_first(const struct mm_struct *mm)
2325 {
2326     return (QTAILQ_FIRST(&mm->mm_mmap));
2327 }
2328 
2329 static struct vm_area_struct *vma_next(struct vm_area_struct *vma)
2330 {
2331     return (QTAILQ_NEXT(vma, vma_link));
2332 }
2333 
2334 static int vma_get_mapping_count(const struct mm_struct *mm)
2335 {
2336     return (mm->mm_count);
2337 }
2338 
2339 /*
2340  * Calculate file (dump) size of given memory region.
2341  */
2342 static abi_ulong vma_dump_size(const struct vm_area_struct *vma)
2343 {
2344     /* if we cannot even read the first page, skip it */
2345     if (!access_ok(VERIFY_READ, vma->vma_start, TARGET_PAGE_SIZE))
2346         return (0);
2347 
2348     /*
2349      * Usually we don't dump executable pages as they contain
2350      * non-writable code that debugger can read directly from
2351      * target library etc.  However, thread stacks are marked
2352      * also executable so we read in first page of given region
2353      * and check whether it contains elf header.  If there is
2354      * no elf header, we dump it.
2355      */
2356     if (vma->vma_flags & PROT_EXEC) {
2357         char page[TARGET_PAGE_SIZE];
2358 
2359         copy_from_user(page, vma->vma_start, sizeof (page));
2360         if ((page[EI_MAG0] == ELFMAG0) &&
2361             (page[EI_MAG1] == ELFMAG1) &&
2362             (page[EI_MAG2] == ELFMAG2) &&
2363             (page[EI_MAG3] == ELFMAG3)) {
2364             /*
2365              * Mappings are possibly from ELF binary.  Don't dump
2366              * them.
2367              */
2368             return (0);
2369         }
2370     }
2371 
2372     return (vma->vma_end - vma->vma_start);
2373 }
2374 
2375 static int vma_walker(void *priv, abi_ulong start, abi_ulong end,
2376                       unsigned long flags)
2377 {
2378     struct mm_struct *mm = (struct mm_struct *)priv;
2379 
2380     vma_add_mapping(mm, start, end, flags);
2381     return (0);
2382 }
2383 
2384 static void fill_note(struct memelfnote *note, const char *name, int type,
2385                       unsigned int sz, void *data)
2386 {
2387     unsigned int namesz;
2388 
2389     namesz = strlen(name) + 1;
2390     note->name = name;
2391     note->namesz = namesz;
2392     note->namesz_rounded = roundup(namesz, sizeof (int32_t));
2393     note->type = type;
2394     note->datasz = sz;
2395     note->datasz_rounded = roundup(sz, sizeof (int32_t));
2396 
2397     note->data = data;
2398 
2399     /*
2400      * We calculate rounded up note size here as specified by
2401      * ELF document.
2402      */
2403     note->notesz = sizeof (struct elf_note) +
2404         note->namesz_rounded + note->datasz_rounded;
2405 }
2406 
2407 static void fill_elf_header(struct elfhdr *elf, int segs, uint16_t machine,
2408                             uint32_t flags)
2409 {
2410     (void) memset(elf, 0, sizeof(*elf));
2411 
2412     (void) memcpy(elf->e_ident, ELFMAG, SELFMAG);
2413     elf->e_ident[EI_CLASS] = ELF_CLASS;
2414     elf->e_ident[EI_DATA] = ELF_DATA;
2415     elf->e_ident[EI_VERSION] = EV_CURRENT;
2416     elf->e_ident[EI_OSABI] = ELF_OSABI;
2417 
2418     elf->e_type = ET_CORE;
2419     elf->e_machine = machine;
2420     elf->e_version = EV_CURRENT;
2421     elf->e_phoff = sizeof(struct elfhdr);
2422     elf->e_flags = flags;
2423     elf->e_ehsize = sizeof(struct elfhdr);
2424     elf->e_phentsize = sizeof(struct elf_phdr);
2425     elf->e_phnum = segs;
2426 
2427     bswap_ehdr(elf);
2428 }
2429 
2430 static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, off_t offset)
2431 {
2432     phdr->p_type = PT_NOTE;
2433     phdr->p_offset = offset;
2434     phdr->p_vaddr = 0;
2435     phdr->p_paddr = 0;
2436     phdr->p_filesz = sz;
2437     phdr->p_memsz = 0;
2438     phdr->p_flags = 0;
2439     phdr->p_align = 0;
2440 
2441     bswap_phdr(phdr, 1);
2442 }
2443 
2444 static size_t note_size(const struct memelfnote *note)
2445 {
2446     return (note->notesz);
2447 }
2448 
2449 static void fill_prstatus(struct target_elf_prstatus *prstatus,
2450                           const TaskState *ts, int signr)
2451 {
2452     (void) memset(prstatus, 0, sizeof (*prstatus));
2453     prstatus->pr_info.si_signo = prstatus->pr_cursig = signr;
2454     prstatus->pr_pid = ts->ts_tid;
2455     prstatus->pr_ppid = getppid();
2456     prstatus->pr_pgrp = getpgrp();
2457     prstatus->pr_sid = getsid(0);
2458 
2459     bswap_prstatus(prstatus);
2460 }
2461 
2462 static int fill_psinfo(struct target_elf_prpsinfo *psinfo, const TaskState *ts)
2463 {
2464     char *base_filename;
2465     unsigned int i, len;
2466 
2467     (void) memset(psinfo, 0, sizeof (*psinfo));
2468 
2469     len = ts->info->arg_end - ts->info->arg_start;
2470     if (len >= ELF_PRARGSZ)
2471         len = ELF_PRARGSZ - 1;
2472     if (copy_from_user(&psinfo->pr_psargs, ts->info->arg_start, len))
2473         return -EFAULT;
2474     for (i = 0; i < len; i++)
2475         if (psinfo->pr_psargs[i] == 0)
2476             psinfo->pr_psargs[i] = ' ';
2477     psinfo->pr_psargs[len] = 0;
2478 
2479     psinfo->pr_pid = getpid();
2480     psinfo->pr_ppid = getppid();
2481     psinfo->pr_pgrp = getpgrp();
2482     psinfo->pr_sid = getsid(0);
2483     psinfo->pr_uid = getuid();
2484     psinfo->pr_gid = getgid();
2485 
2486     base_filename = g_path_get_basename(ts->bprm->filename);
2487     /*
2488      * Using strncpy here is fine: at max-length,
2489      * this field is not NUL-terminated.
2490      */
2491     (void) strncpy(psinfo->pr_fname, base_filename,
2492                    sizeof(psinfo->pr_fname));
2493 
2494     g_free(base_filename);
2495     bswap_psinfo(psinfo);
2496     return (0);
2497 }
2498 
2499 static void fill_auxv_note(struct memelfnote *note, const TaskState *ts)
2500 {
2501     elf_addr_t auxv = (elf_addr_t)ts->info->saved_auxv;
2502     elf_addr_t orig_auxv = auxv;
2503     void *ptr;
2504     int len = ts->info->auxv_len;
2505 
2506     /*
2507      * Auxiliary vector is stored in target process stack.  It contains
2508      * {type, value} pairs that we need to dump into note.  This is not
2509      * strictly necessary but we do it here for sake of completeness.
2510      */
2511 
2512     /* read in whole auxv vector and copy it to memelfnote */
2513     ptr = lock_user(VERIFY_READ, orig_auxv, len, 0);
2514     if (ptr != NULL) {
2515         fill_note(note, "CORE", NT_AUXV, len, ptr);
2516         unlock_user(ptr, auxv, len);
2517     }
2518 }
2519 
2520 /*
2521  * Constructs name of coredump file.  We have following convention
2522  * for the name:
2523  *     qemu_<basename-of-target-binary>_<date>-<time>_<pid>.core
2524  *
2525  * Returns 0 in case of success, -1 otherwise (errno is set).
2526  */
2527 static int core_dump_filename(const TaskState *ts, char *buf,
2528                               size_t bufsize)
2529 {
2530     char timestamp[64];
2531     char *filename = NULL;
2532     char *base_filename = NULL;
2533     struct timeval tv;
2534     struct tm tm;
2535 
2536     assert(bufsize >= PATH_MAX);
2537 
2538     if (gettimeofday(&tv, NULL) < 0) {
2539         (void) fprintf(stderr, "unable to get current timestamp: %s",
2540                        strerror(errno));
2541         return (-1);
2542     }
2543 
2544     filename = strdup(ts->bprm->filename);
2545     base_filename = strdup(basename(filename));
2546     (void) strftime(timestamp, sizeof (timestamp), "%Y%m%d-%H%M%S",
2547                     localtime_r(&tv.tv_sec, &tm));
2548     (void) snprintf(buf, bufsize, "qemu_%s_%s_%d.core",
2549                     base_filename, timestamp, (int)getpid());
2550     free(base_filename);
2551     free(filename);
2552 
2553     return (0);
2554 }
2555 
2556 static int dump_write(int fd, const void *ptr, size_t size)
2557 {
2558     const char *bufp = (const char *)ptr;
2559     ssize_t bytes_written, bytes_left;
2560     struct rlimit dumpsize;
2561     off_t pos;
2562 
2563     bytes_written = 0;
2564     getrlimit(RLIMIT_CORE, &dumpsize);
2565     if ((pos = lseek(fd, 0, SEEK_CUR))==-1) {
2566         if (errno == ESPIPE) { /* not a seekable stream */
2567             bytes_left = size;
2568         } else {
2569             return pos;
2570         }
2571     } else {
2572         if (dumpsize.rlim_cur <= pos) {
2573             return -1;
2574         } else if (dumpsize.rlim_cur == RLIM_INFINITY) {
2575             bytes_left = size;
2576         } else {
2577             size_t limit_left=dumpsize.rlim_cur - pos;
2578             bytes_left = limit_left >= size ? size : limit_left ;
2579         }
2580     }
2581 
2582     /*
2583      * In normal conditions, single write(2) should do but
2584      * in case of socket etc. this mechanism is more portable.
2585      */
2586     do {
2587         bytes_written = write(fd, bufp, bytes_left);
2588         if (bytes_written < 0) {
2589             if (errno == EINTR)
2590                 continue;
2591             return (-1);
2592         } else if (bytes_written == 0) { /* eof */
2593             return (-1);
2594         }
2595         bufp += bytes_written;
2596         bytes_left -= bytes_written;
2597     } while (bytes_left > 0);
2598 
2599     return (0);
2600 }
2601 
2602 static int write_note(struct memelfnote *men, int fd)
2603 {
2604     struct elf_note en;
2605 
2606     en.n_namesz = men->namesz;
2607     en.n_type = men->type;
2608     en.n_descsz = men->datasz;
2609 
2610     bswap_note(&en);
2611 
2612     if (dump_write(fd, &en, sizeof(en)) != 0)
2613         return (-1);
2614     if (dump_write(fd, men->name, men->namesz_rounded) != 0)
2615         return (-1);
2616     if (dump_write(fd, men->data, men->datasz_rounded) != 0)
2617         return (-1);
2618 
2619     return (0);
2620 }
2621 
2622 static void fill_thread_info(struct elf_note_info *info, const CPUArchState *env)
2623 {
2624     TaskState *ts = (TaskState *)env->opaque;
2625     struct elf_thread_status *ets;
2626 
2627     ets = g_malloc0(sizeof (*ets));
2628     ets->num_notes = 1; /* only prstatus is dumped */
2629     fill_prstatus(&ets->prstatus, ts, 0);
2630     elf_core_copy_regs(&ets->prstatus.pr_reg, env);
2631     fill_note(&ets->notes[0], "CORE", NT_PRSTATUS, sizeof (ets->prstatus),
2632               &ets->prstatus);
2633 
2634     QTAILQ_INSERT_TAIL(&info->thread_list, ets, ets_link);
2635 
2636     info->notes_size += note_size(&ets->notes[0]);
2637 }
2638 
2639 static void init_note_info(struct elf_note_info *info)
2640 {
2641     /* Initialize the elf_note_info structure so that it is at
2642      * least safe to call free_note_info() on it. Must be
2643      * called before calling fill_note_info().
2644      */
2645     memset(info, 0, sizeof (*info));
2646     QTAILQ_INIT(&info->thread_list);
2647 }
2648 
2649 static int fill_note_info(struct elf_note_info *info,
2650                           long signr, const CPUArchState *env)
2651 {
2652 #define NUMNOTES 3
2653     CPUState *cpu = NULL;
2654     TaskState *ts = (TaskState *)env->opaque;
2655     int i;
2656 
2657     info->notes = g_malloc0(NUMNOTES * sizeof (struct memelfnote));
2658     if (info->notes == NULL)
2659         return (-ENOMEM);
2660     info->prstatus = g_malloc0(sizeof (*info->prstatus));
2661     if (info->prstatus == NULL)
2662         return (-ENOMEM);
2663     info->psinfo = g_malloc0(sizeof (*info->psinfo));
2664     if (info->prstatus == NULL)
2665         return (-ENOMEM);
2666 
2667     /*
2668      * First fill in status (and registers) of current thread
2669      * including process info & aux vector.
2670      */
2671     fill_prstatus(info->prstatus, ts, signr);
2672     elf_core_copy_regs(&info->prstatus->pr_reg, env);
2673     fill_note(&info->notes[0], "CORE", NT_PRSTATUS,
2674               sizeof (*info->prstatus), info->prstatus);
2675     fill_psinfo(info->psinfo, ts);
2676     fill_note(&info->notes[1], "CORE", NT_PRPSINFO,
2677               sizeof (*info->psinfo), info->psinfo);
2678     fill_auxv_note(&info->notes[2], ts);
2679     info->numnote = 3;
2680 
2681     info->notes_size = 0;
2682     for (i = 0; i < info->numnote; i++)
2683         info->notes_size += note_size(&info->notes[i]);
2684 
2685     /* read and fill status of all threads */
2686     cpu_list_lock();
2687     CPU_FOREACH(cpu) {
2688         if (cpu == thread_cpu) {
2689             continue;
2690         }
2691         fill_thread_info(info, (CPUArchState *)cpu->env_ptr);
2692     }
2693     cpu_list_unlock();
2694 
2695     return (0);
2696 }
2697 
2698 static void free_note_info(struct elf_note_info *info)
2699 {
2700     struct elf_thread_status *ets;
2701 
2702     while (!QTAILQ_EMPTY(&info->thread_list)) {
2703         ets = QTAILQ_FIRST(&info->thread_list);
2704         QTAILQ_REMOVE(&info->thread_list, ets, ets_link);
2705         g_free(ets);
2706     }
2707 
2708     g_free(info->prstatus);
2709     g_free(info->psinfo);
2710     g_free(info->notes);
2711 }
2712 
2713 static int write_note_info(struct elf_note_info *info, int fd)
2714 {
2715     struct elf_thread_status *ets;
2716     int i, error = 0;
2717 
2718     /* write prstatus, psinfo and auxv for current thread */
2719     for (i = 0; i < info->numnote; i++)
2720         if ((error = write_note(&info->notes[i], fd)) != 0)
2721             return (error);
2722 
2723     /* write prstatus for each thread */
2724     for (ets = info->thread_list.tqh_first; ets != NULL;
2725          ets = ets->ets_link.tqe_next) {
2726         if ((error = write_note(&ets->notes[0], fd)) != 0)
2727             return (error);
2728     }
2729 
2730     return (0);
2731 }
2732 
2733 /*
2734  * Write out ELF coredump.
2735  *
2736  * See documentation of ELF object file format in:
2737  * http://www.caldera.com/developers/devspecs/gabi41.pdf
2738  *
2739  * Coredump format in linux is following:
2740  *
2741  * 0   +----------------------+         \
2742  *     | ELF header           | ET_CORE  |
2743  *     +----------------------+          |
2744  *     | ELF program headers  |          |--- headers
2745  *     | - NOTE section       |          |
2746  *     | - PT_LOAD sections   |          |
2747  *     +----------------------+         /
2748  *     | NOTEs:               |
2749  *     | - NT_PRSTATUS        |
2750  *     | - NT_PRSINFO         |
2751  *     | - NT_AUXV            |
2752  *     +----------------------+ <-- aligned to target page
2753  *     | Process memory dump  |
2754  *     :                      :
2755  *     .                      .
2756  *     :                      :
2757  *     |                      |
2758  *     +----------------------+
2759  *
2760  * NT_PRSTATUS -> struct elf_prstatus (per thread)
2761  * NT_PRSINFO  -> struct elf_prpsinfo
2762  * NT_AUXV is array of { type, value } pairs (see fill_auxv_note()).
2763  *
2764  * Format follows System V format as close as possible.  Current
2765  * version limitations are as follows:
2766  *     - no floating point registers are dumped
2767  *
2768  * Function returns 0 in case of success, negative errno otherwise.
2769  *
2770  * TODO: make this work also during runtime: it should be
2771  * possible to force coredump from running process and then
2772  * continue processing.  For example qemu could set up SIGUSR2
2773  * handler (provided that target process haven't registered
2774  * handler for that) that does the dump when signal is received.
2775  */
2776 static int elf_core_dump(int signr, const CPUArchState *env)
2777 {
2778     const TaskState *ts = (const TaskState *)env->opaque;
2779     struct vm_area_struct *vma = NULL;
2780     char corefile[PATH_MAX];
2781     struct elf_note_info info;
2782     struct elfhdr elf;
2783     struct elf_phdr phdr;
2784     struct rlimit dumpsize;
2785     struct mm_struct *mm = NULL;
2786     off_t offset = 0, data_offset = 0;
2787     int segs = 0;
2788     int fd = -1;
2789 
2790     init_note_info(&info);
2791 
2792     errno = 0;
2793     getrlimit(RLIMIT_CORE, &dumpsize);
2794     if (dumpsize.rlim_cur == 0)
2795         return 0;
2796 
2797     if (core_dump_filename(ts, corefile, sizeof (corefile)) < 0)
2798         return (-errno);
2799 
2800     if ((fd = open(corefile, O_WRONLY | O_CREAT,
2801                    S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)) < 0)
2802         return (-errno);
2803 
2804     /*
2805      * Walk through target process memory mappings and
2806      * set up structure containing this information.  After
2807      * this point vma_xxx functions can be used.
2808      */
2809     if ((mm = vma_init()) == NULL)
2810         goto out;
2811 
2812     walk_memory_regions(mm, vma_walker);
2813     segs = vma_get_mapping_count(mm);
2814 
2815     /*
2816      * Construct valid coredump ELF header.  We also
2817      * add one more segment for notes.
2818      */
2819     fill_elf_header(&elf, segs + 1, ELF_MACHINE, 0);
2820     if (dump_write(fd, &elf, sizeof (elf)) != 0)
2821         goto out;
2822 
2823     /* fill in in-memory version of notes */
2824     if (fill_note_info(&info, signr, env) < 0)
2825         goto out;
2826 
2827     offset += sizeof (elf);                             /* elf header */
2828     offset += (segs + 1) * sizeof (struct elf_phdr);    /* program headers */
2829 
2830     /* write out notes program header */
2831     fill_elf_note_phdr(&phdr, info.notes_size, offset);
2832 
2833     offset += info.notes_size;
2834     if (dump_write(fd, &phdr, sizeof (phdr)) != 0)
2835         goto out;
2836 
2837     /*
2838      * ELF specification wants data to start at page boundary so
2839      * we align it here.
2840      */
2841     data_offset = offset = roundup(offset, ELF_EXEC_PAGESIZE);
2842 
2843     /*
2844      * Write program headers for memory regions mapped in
2845      * the target process.
2846      */
2847     for (vma = vma_first(mm); vma != NULL; vma = vma_next(vma)) {
2848         (void) memset(&phdr, 0, sizeof (phdr));
2849 
2850         phdr.p_type = PT_LOAD;
2851         phdr.p_offset = offset;
2852         phdr.p_vaddr = vma->vma_start;
2853         phdr.p_paddr = 0;
2854         phdr.p_filesz = vma_dump_size(vma);
2855         offset += phdr.p_filesz;
2856         phdr.p_memsz = vma->vma_end - vma->vma_start;
2857         phdr.p_flags = vma->vma_flags & PROT_READ ? PF_R : 0;
2858         if (vma->vma_flags & PROT_WRITE)
2859             phdr.p_flags |= PF_W;
2860         if (vma->vma_flags & PROT_EXEC)
2861             phdr.p_flags |= PF_X;
2862         phdr.p_align = ELF_EXEC_PAGESIZE;
2863 
2864         bswap_phdr(&phdr, 1);
2865         dump_write(fd, &phdr, sizeof (phdr));
2866     }
2867 
2868     /*
2869      * Next we write notes just after program headers.  No
2870      * alignment needed here.
2871      */
2872     if (write_note_info(&info, fd) < 0)
2873         goto out;
2874 
2875     /* align data to page boundary */
2876     if (lseek(fd, data_offset, SEEK_SET) != data_offset)
2877         goto out;
2878 
2879     /*
2880      * Finally we can dump process memory into corefile as well.
2881      */
2882     for (vma = vma_first(mm); vma != NULL; vma = vma_next(vma)) {
2883         abi_ulong addr;
2884         abi_ulong end;
2885 
2886         end = vma->vma_start + vma_dump_size(vma);
2887 
2888         for (addr = vma->vma_start; addr < end;
2889              addr += TARGET_PAGE_SIZE) {
2890             char page[TARGET_PAGE_SIZE];
2891             int error;
2892 
2893             /*
2894              *  Read in page from target process memory and
2895              *  write it to coredump file.
2896              */
2897             error = copy_from_user(page, addr, sizeof (page));
2898             if (error != 0) {
2899                 (void) fprintf(stderr, "unable to dump " TARGET_ABI_FMT_lx "\n",
2900                                addr);
2901                 errno = -error;
2902                 goto out;
2903             }
2904             if (dump_write(fd, page, TARGET_PAGE_SIZE) < 0)
2905                 goto out;
2906         }
2907     }
2908 
2909  out:
2910     free_note_info(&info);
2911     if (mm != NULL)
2912         vma_delete(mm);
2913     (void) close(fd);
2914 
2915     if (errno != 0)
2916         return (-errno);
2917     return (0);
2918 }
2919 #endif /* USE_ELF_CORE_DUMP */
2920 
2921 void do_init_thread(struct target_pt_regs *regs, struct image_info *infop)
2922 {
2923     init_thread(regs, infop);
2924 }
2925