1 /* This is the Linux kernel elf-loading code, ported into user space */ 2 #include <sys/time.h> 3 #include <sys/param.h> 4 5 #include <stdio.h> 6 #include <sys/types.h> 7 #include <fcntl.h> 8 #include <errno.h> 9 #include <unistd.h> 10 #include <sys/mman.h> 11 #include <sys/resource.h> 12 #include <stdlib.h> 13 #include <string.h> 14 #include <time.h> 15 16 #include "qemu.h" 17 #include "disas/disas.h" 18 19 #ifdef _ARCH_PPC64 20 #undef ARCH_DLINFO 21 #undef ELF_PLATFORM 22 #undef ELF_HWCAP 23 #undef ELF_CLASS 24 #undef ELF_DATA 25 #undef ELF_ARCH 26 #endif 27 28 #define ELF_OSABI ELFOSABI_SYSV 29 30 /* from personality.h */ 31 32 /* 33 * Flags for bug emulation. 34 * 35 * These occupy the top three bytes. 36 */ 37 enum { 38 ADDR_NO_RANDOMIZE = 0x0040000, /* disable randomization of VA space */ 39 FDPIC_FUNCPTRS = 0x0080000, /* userspace function ptrs point to 40 descriptors (signal handling) */ 41 MMAP_PAGE_ZERO = 0x0100000, 42 ADDR_COMPAT_LAYOUT = 0x0200000, 43 READ_IMPLIES_EXEC = 0x0400000, 44 ADDR_LIMIT_32BIT = 0x0800000, 45 SHORT_INODE = 0x1000000, 46 WHOLE_SECONDS = 0x2000000, 47 STICKY_TIMEOUTS = 0x4000000, 48 ADDR_LIMIT_3GB = 0x8000000, 49 }; 50 51 /* 52 * Personality types. 53 * 54 * These go in the low byte. Avoid using the top bit, it will 55 * conflict with error returns. 56 */ 57 enum { 58 PER_LINUX = 0x0000, 59 PER_LINUX_32BIT = 0x0000 | ADDR_LIMIT_32BIT, 60 PER_LINUX_FDPIC = 0x0000 | FDPIC_FUNCPTRS, 61 PER_SVR4 = 0x0001 | STICKY_TIMEOUTS | MMAP_PAGE_ZERO, 62 PER_SVR3 = 0x0002 | STICKY_TIMEOUTS | SHORT_INODE, 63 PER_SCOSVR3 = 0x0003 | STICKY_TIMEOUTS | WHOLE_SECONDS | SHORT_INODE, 64 PER_OSR5 = 0x0003 | STICKY_TIMEOUTS | WHOLE_SECONDS, 65 PER_WYSEV386 = 0x0004 | STICKY_TIMEOUTS | SHORT_INODE, 66 PER_ISCR4 = 0x0005 | STICKY_TIMEOUTS, 67 PER_BSD = 0x0006, 68 PER_SUNOS = 0x0006 | STICKY_TIMEOUTS, 69 PER_XENIX = 0x0007 | STICKY_TIMEOUTS | SHORT_INODE, 70 PER_LINUX32 = 0x0008, 71 PER_LINUX32_3GB = 0x0008 | ADDR_LIMIT_3GB, 72 PER_IRIX32 = 0x0009 | STICKY_TIMEOUTS,/* IRIX5 32-bit */ 73 PER_IRIXN32 = 0x000a | STICKY_TIMEOUTS,/* IRIX6 new 32-bit */ 74 PER_IRIX64 = 0x000b | STICKY_TIMEOUTS,/* IRIX6 64-bit */ 75 PER_RISCOS = 0x000c, 76 PER_SOLARIS = 0x000d | STICKY_TIMEOUTS, 77 PER_UW7 = 0x000e | STICKY_TIMEOUTS | MMAP_PAGE_ZERO, 78 PER_OSF4 = 0x000f, /* OSF/1 v4 */ 79 PER_HPUX = 0x0010, 80 PER_MASK = 0x00ff, 81 }; 82 83 /* 84 * Return the base personality without flags. 85 */ 86 #define personality(pers) (pers & PER_MASK) 87 88 /* this flag is uneffective under linux too, should be deleted */ 89 #ifndef MAP_DENYWRITE 90 #define MAP_DENYWRITE 0 91 #endif 92 93 /* should probably go in elf.h */ 94 #ifndef ELIBBAD 95 #define ELIBBAD 80 96 #endif 97 98 #ifdef TARGET_WORDS_BIGENDIAN 99 #define ELF_DATA ELFDATA2MSB 100 #else 101 #define ELF_DATA ELFDATA2LSB 102 #endif 103 104 #ifdef TARGET_ABI_MIPSN32 105 typedef abi_ullong target_elf_greg_t; 106 #define tswapreg(ptr) tswap64(ptr) 107 #else 108 typedef abi_ulong target_elf_greg_t; 109 #define tswapreg(ptr) tswapal(ptr) 110 #endif 111 112 #ifdef USE_UID16 113 typedef abi_ushort target_uid_t; 114 typedef abi_ushort target_gid_t; 115 #else 116 typedef abi_uint target_uid_t; 117 typedef abi_uint target_gid_t; 118 #endif 119 typedef abi_int target_pid_t; 120 121 #ifdef TARGET_I386 122 123 #define ELF_PLATFORM get_elf_platform() 124 125 static const char *get_elf_platform(void) 126 { 127 static char elf_platform[] = "i386"; 128 int family = object_property_get_int(OBJECT(thread_cpu), "family", NULL); 129 if (family > 6) 130 family = 6; 131 if (family >= 3) 132 elf_platform[1] = '0' + family; 133 return elf_platform; 134 } 135 136 #define ELF_HWCAP get_elf_hwcap() 137 138 static uint32_t get_elf_hwcap(void) 139 { 140 X86CPU *cpu = X86_CPU(thread_cpu); 141 142 return cpu->env.features[FEAT_1_EDX]; 143 } 144 145 #ifdef TARGET_X86_64 146 #define ELF_START_MMAP 0x2aaaaab000ULL 147 #define elf_check_arch(x) ( ((x) == ELF_ARCH) ) 148 149 #define ELF_CLASS ELFCLASS64 150 #define ELF_ARCH EM_X86_64 151 152 static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop) 153 { 154 regs->rax = 0; 155 regs->rsp = infop->start_stack; 156 regs->rip = infop->entry; 157 } 158 159 #define ELF_NREG 27 160 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 161 162 /* 163 * Note that ELF_NREG should be 29 as there should be place for 164 * TRAPNO and ERR "registers" as well but linux doesn't dump 165 * those. 166 * 167 * See linux kernel: arch/x86/include/asm/elf.h 168 */ 169 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUX86State *env) 170 { 171 (*regs)[0] = env->regs[15]; 172 (*regs)[1] = env->regs[14]; 173 (*regs)[2] = env->regs[13]; 174 (*regs)[3] = env->regs[12]; 175 (*regs)[4] = env->regs[R_EBP]; 176 (*regs)[5] = env->regs[R_EBX]; 177 (*regs)[6] = env->regs[11]; 178 (*regs)[7] = env->regs[10]; 179 (*regs)[8] = env->regs[9]; 180 (*regs)[9] = env->regs[8]; 181 (*regs)[10] = env->regs[R_EAX]; 182 (*regs)[11] = env->regs[R_ECX]; 183 (*regs)[12] = env->regs[R_EDX]; 184 (*regs)[13] = env->regs[R_ESI]; 185 (*regs)[14] = env->regs[R_EDI]; 186 (*regs)[15] = env->regs[R_EAX]; /* XXX */ 187 (*regs)[16] = env->eip; 188 (*regs)[17] = env->segs[R_CS].selector & 0xffff; 189 (*regs)[18] = env->eflags; 190 (*regs)[19] = env->regs[R_ESP]; 191 (*regs)[20] = env->segs[R_SS].selector & 0xffff; 192 (*regs)[21] = env->segs[R_FS].selector & 0xffff; 193 (*regs)[22] = env->segs[R_GS].selector & 0xffff; 194 (*regs)[23] = env->segs[R_DS].selector & 0xffff; 195 (*regs)[24] = env->segs[R_ES].selector & 0xffff; 196 (*regs)[25] = env->segs[R_FS].selector & 0xffff; 197 (*regs)[26] = env->segs[R_GS].selector & 0xffff; 198 } 199 200 #else 201 202 #define ELF_START_MMAP 0x80000000 203 204 /* 205 * This is used to ensure we don't load something for the wrong architecture. 206 */ 207 #define elf_check_arch(x) ( ((x) == EM_386) || ((x) == EM_486) ) 208 209 /* 210 * These are used to set parameters in the core dumps. 211 */ 212 #define ELF_CLASS ELFCLASS32 213 #define ELF_ARCH EM_386 214 215 static inline void init_thread(struct target_pt_regs *regs, 216 struct image_info *infop) 217 { 218 regs->esp = infop->start_stack; 219 regs->eip = infop->entry; 220 221 /* SVR4/i386 ABI (pages 3-31, 3-32) says that when the program 222 starts %edx contains a pointer to a function which might be 223 registered using `atexit'. This provides a mean for the 224 dynamic linker to call DT_FINI functions for shared libraries 225 that have been loaded before the code runs. 226 227 A value of 0 tells we have no such handler. */ 228 regs->edx = 0; 229 } 230 231 #define ELF_NREG 17 232 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 233 234 /* 235 * Note that ELF_NREG should be 19 as there should be place for 236 * TRAPNO and ERR "registers" as well but linux doesn't dump 237 * those. 238 * 239 * See linux kernel: arch/x86/include/asm/elf.h 240 */ 241 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUX86State *env) 242 { 243 (*regs)[0] = env->regs[R_EBX]; 244 (*regs)[1] = env->regs[R_ECX]; 245 (*regs)[2] = env->regs[R_EDX]; 246 (*regs)[3] = env->regs[R_ESI]; 247 (*regs)[4] = env->regs[R_EDI]; 248 (*regs)[5] = env->regs[R_EBP]; 249 (*regs)[6] = env->regs[R_EAX]; 250 (*regs)[7] = env->segs[R_DS].selector & 0xffff; 251 (*regs)[8] = env->segs[R_ES].selector & 0xffff; 252 (*regs)[9] = env->segs[R_FS].selector & 0xffff; 253 (*regs)[10] = env->segs[R_GS].selector & 0xffff; 254 (*regs)[11] = env->regs[R_EAX]; /* XXX */ 255 (*regs)[12] = env->eip; 256 (*regs)[13] = env->segs[R_CS].selector & 0xffff; 257 (*regs)[14] = env->eflags; 258 (*regs)[15] = env->regs[R_ESP]; 259 (*regs)[16] = env->segs[R_SS].selector & 0xffff; 260 } 261 #endif 262 263 #define USE_ELF_CORE_DUMP 264 #define ELF_EXEC_PAGESIZE 4096 265 266 #endif 267 268 #ifdef TARGET_ARM 269 270 #define ELF_START_MMAP 0x80000000 271 272 #define elf_check_arch(x) ((x) == ELF_MACHINE) 273 274 #define ELF_ARCH ELF_MACHINE 275 276 #ifdef TARGET_AARCH64 277 #define ELF_CLASS ELFCLASS64 278 #else 279 #define ELF_CLASS ELFCLASS32 280 #endif 281 282 static inline void init_thread(struct target_pt_regs *regs, 283 struct image_info *infop) 284 { 285 abi_long stack = infop->start_stack; 286 memset(regs, 0, sizeof(*regs)); 287 288 #ifdef TARGET_AARCH64 289 regs->pc = infop->entry & ~0x3ULL; 290 regs->sp = stack; 291 #else 292 regs->ARM_cpsr = 0x10; 293 if (infop->entry & 1) 294 regs->ARM_cpsr |= CPSR_T; 295 regs->ARM_pc = infop->entry & 0xfffffffe; 296 regs->ARM_sp = infop->start_stack; 297 /* FIXME - what to for failure of get_user()? */ 298 get_user_ual(regs->ARM_r2, stack + 8); /* envp */ 299 get_user_ual(regs->ARM_r1, stack + 4); /* envp */ 300 /* XXX: it seems that r0 is zeroed after ! */ 301 regs->ARM_r0 = 0; 302 /* For uClinux PIC binaries. */ 303 /* XXX: Linux does this only on ARM with no MMU (do we care ?) */ 304 regs->ARM_r10 = infop->start_data; 305 #endif 306 } 307 308 #define ELF_NREG 18 309 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 310 311 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUARMState *env) 312 { 313 (*regs)[0] = tswapreg(env->regs[0]); 314 (*regs)[1] = tswapreg(env->regs[1]); 315 (*regs)[2] = tswapreg(env->regs[2]); 316 (*regs)[3] = tswapreg(env->regs[3]); 317 (*regs)[4] = tswapreg(env->regs[4]); 318 (*regs)[5] = tswapreg(env->regs[5]); 319 (*regs)[6] = tswapreg(env->regs[6]); 320 (*regs)[7] = tswapreg(env->regs[7]); 321 (*regs)[8] = tswapreg(env->regs[8]); 322 (*regs)[9] = tswapreg(env->regs[9]); 323 (*regs)[10] = tswapreg(env->regs[10]); 324 (*regs)[11] = tswapreg(env->regs[11]); 325 (*regs)[12] = tswapreg(env->regs[12]); 326 (*regs)[13] = tswapreg(env->regs[13]); 327 (*regs)[14] = tswapreg(env->regs[14]); 328 (*regs)[15] = tswapreg(env->regs[15]); 329 330 (*regs)[16] = tswapreg(cpsr_read((CPUARMState *)env)); 331 (*regs)[17] = tswapreg(env->regs[0]); /* XXX */ 332 } 333 334 #define USE_ELF_CORE_DUMP 335 #define ELF_EXEC_PAGESIZE 4096 336 337 enum 338 { 339 ARM_HWCAP_ARM_SWP = 1 << 0, 340 ARM_HWCAP_ARM_HALF = 1 << 1, 341 ARM_HWCAP_ARM_THUMB = 1 << 2, 342 ARM_HWCAP_ARM_26BIT = 1 << 3, 343 ARM_HWCAP_ARM_FAST_MULT = 1 << 4, 344 ARM_HWCAP_ARM_FPA = 1 << 5, 345 ARM_HWCAP_ARM_VFP = 1 << 6, 346 ARM_HWCAP_ARM_EDSP = 1 << 7, 347 ARM_HWCAP_ARM_JAVA = 1 << 8, 348 ARM_HWCAP_ARM_IWMMXT = 1 << 9, 349 ARM_HWCAP_ARM_THUMBEE = 1 << 10, 350 ARM_HWCAP_ARM_NEON = 1 << 11, 351 ARM_HWCAP_ARM_VFPv3 = 1 << 12, 352 ARM_HWCAP_ARM_VFPv3D16 = 1 << 13, 353 }; 354 355 #ifndef TARGET_AARCH64 356 /* The commpage only exists for 32 bit kernels */ 357 358 #define TARGET_HAS_VALIDATE_GUEST_SPACE 359 /* Return 1 if the proposed guest space is suitable for the guest. 360 * Return 0 if the proposed guest space isn't suitable, but another 361 * address space should be tried. 362 * Return -1 if there is no way the proposed guest space can be 363 * valid regardless of the base. 364 * The guest code may leave a page mapped and populate it if the 365 * address is suitable. 366 */ 367 static int validate_guest_space(unsigned long guest_base, 368 unsigned long guest_size) 369 { 370 unsigned long real_start, test_page_addr; 371 372 /* We need to check that we can force a fault on access to the 373 * commpage at 0xffff0fxx 374 */ 375 test_page_addr = guest_base + (0xffff0f00 & qemu_host_page_mask); 376 377 /* If the commpage lies within the already allocated guest space, 378 * then there is no way we can allocate it. 379 */ 380 if (test_page_addr >= guest_base 381 && test_page_addr <= (guest_base + guest_size)) { 382 return -1; 383 } 384 385 /* Note it needs to be writeable to let us initialise it */ 386 real_start = (unsigned long) 387 mmap((void *)test_page_addr, qemu_host_page_size, 388 PROT_READ | PROT_WRITE, 389 MAP_ANONYMOUS | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); 390 391 /* If we can't map it then try another address */ 392 if (real_start == -1ul) { 393 return 0; 394 } 395 396 if (real_start != test_page_addr) { 397 /* OS didn't put the page where we asked - unmap and reject */ 398 munmap((void *)real_start, qemu_host_page_size); 399 return 0; 400 } 401 402 /* Leave the page mapped 403 * Populate it (mmap should have left it all 0'd) 404 */ 405 406 /* Kernel helper versions */ 407 __put_user(5, (uint32_t *)g2h(0xffff0ffcul)); 408 409 /* Now it's populated make it RO */ 410 if (mprotect((void *)test_page_addr, qemu_host_page_size, PROT_READ)) { 411 perror("Protecting guest commpage"); 412 exit(-1); 413 } 414 415 return 1; /* All good */ 416 } 417 #endif 418 419 #define ELF_HWCAP get_elf_hwcap() 420 421 static uint32_t get_elf_hwcap(void) 422 { 423 ARMCPU *cpu = ARM_CPU(thread_cpu); 424 uint32_t hwcaps = 0; 425 426 hwcaps |= ARM_HWCAP_ARM_SWP; 427 hwcaps |= ARM_HWCAP_ARM_HALF; 428 hwcaps |= ARM_HWCAP_ARM_THUMB; 429 hwcaps |= ARM_HWCAP_ARM_FAST_MULT; 430 hwcaps |= ARM_HWCAP_ARM_FPA; 431 432 /* probe for the extra features */ 433 #define GET_FEATURE(feat, hwcap) \ 434 do { if (arm_feature(&cpu->env, feat)) { hwcaps |= hwcap; } } while (0) 435 GET_FEATURE(ARM_FEATURE_VFP, ARM_HWCAP_ARM_VFP); 436 GET_FEATURE(ARM_FEATURE_IWMMXT, ARM_HWCAP_ARM_IWMMXT); 437 GET_FEATURE(ARM_FEATURE_THUMB2EE, ARM_HWCAP_ARM_THUMBEE); 438 GET_FEATURE(ARM_FEATURE_NEON, ARM_HWCAP_ARM_NEON); 439 GET_FEATURE(ARM_FEATURE_VFP3, ARM_HWCAP_ARM_VFPv3); 440 GET_FEATURE(ARM_FEATURE_VFP_FP16, ARM_HWCAP_ARM_VFPv3D16); 441 #undef GET_FEATURE 442 443 return hwcaps; 444 } 445 446 #endif 447 448 #ifdef TARGET_UNICORE32 449 450 #define ELF_START_MMAP 0x80000000 451 452 #define elf_check_arch(x) ((x) == EM_UNICORE32) 453 454 #define ELF_CLASS ELFCLASS32 455 #define ELF_DATA ELFDATA2LSB 456 #define ELF_ARCH EM_UNICORE32 457 458 static inline void init_thread(struct target_pt_regs *regs, 459 struct image_info *infop) 460 { 461 abi_long stack = infop->start_stack; 462 memset(regs, 0, sizeof(*regs)); 463 regs->UC32_REG_asr = 0x10; 464 regs->UC32_REG_pc = infop->entry & 0xfffffffe; 465 regs->UC32_REG_sp = infop->start_stack; 466 /* FIXME - what to for failure of get_user()? */ 467 get_user_ual(regs->UC32_REG_02, stack + 8); /* envp */ 468 get_user_ual(regs->UC32_REG_01, stack + 4); /* envp */ 469 /* XXX: it seems that r0 is zeroed after ! */ 470 regs->UC32_REG_00 = 0; 471 } 472 473 #define ELF_NREG 34 474 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 475 476 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUUniCore32State *env) 477 { 478 (*regs)[0] = env->regs[0]; 479 (*regs)[1] = env->regs[1]; 480 (*regs)[2] = env->regs[2]; 481 (*regs)[3] = env->regs[3]; 482 (*regs)[4] = env->regs[4]; 483 (*regs)[5] = env->regs[5]; 484 (*regs)[6] = env->regs[6]; 485 (*regs)[7] = env->regs[7]; 486 (*regs)[8] = env->regs[8]; 487 (*regs)[9] = env->regs[9]; 488 (*regs)[10] = env->regs[10]; 489 (*regs)[11] = env->regs[11]; 490 (*regs)[12] = env->regs[12]; 491 (*regs)[13] = env->regs[13]; 492 (*regs)[14] = env->regs[14]; 493 (*regs)[15] = env->regs[15]; 494 (*regs)[16] = env->regs[16]; 495 (*regs)[17] = env->regs[17]; 496 (*regs)[18] = env->regs[18]; 497 (*regs)[19] = env->regs[19]; 498 (*regs)[20] = env->regs[20]; 499 (*regs)[21] = env->regs[21]; 500 (*regs)[22] = env->regs[22]; 501 (*regs)[23] = env->regs[23]; 502 (*regs)[24] = env->regs[24]; 503 (*regs)[25] = env->regs[25]; 504 (*regs)[26] = env->regs[26]; 505 (*regs)[27] = env->regs[27]; 506 (*regs)[28] = env->regs[28]; 507 (*regs)[29] = env->regs[29]; 508 (*regs)[30] = env->regs[30]; 509 (*regs)[31] = env->regs[31]; 510 511 (*regs)[32] = cpu_asr_read((CPUUniCore32State *)env); 512 (*regs)[33] = env->regs[0]; /* XXX */ 513 } 514 515 #define USE_ELF_CORE_DUMP 516 #define ELF_EXEC_PAGESIZE 4096 517 518 #define ELF_HWCAP (UC32_HWCAP_CMOV | UC32_HWCAP_UCF64) 519 520 #endif 521 522 #ifdef TARGET_SPARC 523 #ifdef TARGET_SPARC64 524 525 #define ELF_START_MMAP 0x80000000 526 #define ELF_HWCAP (HWCAP_SPARC_FLUSH | HWCAP_SPARC_STBAR | HWCAP_SPARC_SWAP \ 527 | HWCAP_SPARC_MULDIV | HWCAP_SPARC_V9) 528 #ifndef TARGET_ABI32 529 #define elf_check_arch(x) ( (x) == EM_SPARCV9 || (x) == EM_SPARC32PLUS ) 530 #else 531 #define elf_check_arch(x) ( (x) == EM_SPARC32PLUS || (x) == EM_SPARC ) 532 #endif 533 534 #define ELF_CLASS ELFCLASS64 535 #define ELF_ARCH EM_SPARCV9 536 537 #define STACK_BIAS 2047 538 539 static inline void init_thread(struct target_pt_regs *regs, 540 struct image_info *infop) 541 { 542 #ifndef TARGET_ABI32 543 regs->tstate = 0; 544 #endif 545 regs->pc = infop->entry; 546 regs->npc = regs->pc + 4; 547 regs->y = 0; 548 #ifdef TARGET_ABI32 549 regs->u_regs[14] = infop->start_stack - 16 * 4; 550 #else 551 if (personality(infop->personality) == PER_LINUX32) 552 regs->u_regs[14] = infop->start_stack - 16 * 4; 553 else 554 regs->u_regs[14] = infop->start_stack - 16 * 8 - STACK_BIAS; 555 #endif 556 } 557 558 #else 559 #define ELF_START_MMAP 0x80000000 560 #define ELF_HWCAP (HWCAP_SPARC_FLUSH | HWCAP_SPARC_STBAR | HWCAP_SPARC_SWAP \ 561 | HWCAP_SPARC_MULDIV) 562 #define elf_check_arch(x) ( (x) == EM_SPARC ) 563 564 #define ELF_CLASS ELFCLASS32 565 #define ELF_ARCH EM_SPARC 566 567 static inline void init_thread(struct target_pt_regs *regs, 568 struct image_info *infop) 569 { 570 regs->psr = 0; 571 regs->pc = infop->entry; 572 regs->npc = regs->pc + 4; 573 regs->y = 0; 574 regs->u_regs[14] = infop->start_stack - 16 * 4; 575 } 576 577 #endif 578 #endif 579 580 #ifdef TARGET_PPC 581 582 #define ELF_START_MMAP 0x80000000 583 584 #if defined(TARGET_PPC64) && !defined(TARGET_ABI32) 585 586 #define elf_check_arch(x) ( (x) == EM_PPC64 ) 587 588 #define ELF_CLASS ELFCLASS64 589 590 #else 591 592 #define elf_check_arch(x) ( (x) == EM_PPC ) 593 594 #define ELF_CLASS ELFCLASS32 595 596 #endif 597 598 #define ELF_ARCH EM_PPC 599 600 /* Feature masks for the Aux Vector Hardware Capabilities (AT_HWCAP). 601 See arch/powerpc/include/asm/cputable.h. */ 602 enum { 603 QEMU_PPC_FEATURE_32 = 0x80000000, 604 QEMU_PPC_FEATURE_64 = 0x40000000, 605 QEMU_PPC_FEATURE_601_INSTR = 0x20000000, 606 QEMU_PPC_FEATURE_HAS_ALTIVEC = 0x10000000, 607 QEMU_PPC_FEATURE_HAS_FPU = 0x08000000, 608 QEMU_PPC_FEATURE_HAS_MMU = 0x04000000, 609 QEMU_PPC_FEATURE_HAS_4xxMAC = 0x02000000, 610 QEMU_PPC_FEATURE_UNIFIED_CACHE = 0x01000000, 611 QEMU_PPC_FEATURE_HAS_SPE = 0x00800000, 612 QEMU_PPC_FEATURE_HAS_EFP_SINGLE = 0x00400000, 613 QEMU_PPC_FEATURE_HAS_EFP_DOUBLE = 0x00200000, 614 QEMU_PPC_FEATURE_NO_TB = 0x00100000, 615 QEMU_PPC_FEATURE_POWER4 = 0x00080000, 616 QEMU_PPC_FEATURE_POWER5 = 0x00040000, 617 QEMU_PPC_FEATURE_POWER5_PLUS = 0x00020000, 618 QEMU_PPC_FEATURE_CELL = 0x00010000, 619 QEMU_PPC_FEATURE_BOOKE = 0x00008000, 620 QEMU_PPC_FEATURE_SMT = 0x00004000, 621 QEMU_PPC_FEATURE_ICACHE_SNOOP = 0x00002000, 622 QEMU_PPC_FEATURE_ARCH_2_05 = 0x00001000, 623 QEMU_PPC_FEATURE_PA6T = 0x00000800, 624 QEMU_PPC_FEATURE_HAS_DFP = 0x00000400, 625 QEMU_PPC_FEATURE_POWER6_EXT = 0x00000200, 626 QEMU_PPC_FEATURE_ARCH_2_06 = 0x00000100, 627 QEMU_PPC_FEATURE_HAS_VSX = 0x00000080, 628 QEMU_PPC_FEATURE_PSERIES_PERFMON_COMPAT = 0x00000040, 629 630 QEMU_PPC_FEATURE_TRUE_LE = 0x00000002, 631 QEMU_PPC_FEATURE_PPC_LE = 0x00000001, 632 }; 633 634 #define ELF_HWCAP get_elf_hwcap() 635 636 static uint32_t get_elf_hwcap(void) 637 { 638 PowerPCCPU *cpu = POWERPC_CPU(thread_cpu); 639 uint32_t features = 0; 640 641 /* We don't have to be terribly complete here; the high points are 642 Altivec/FP/SPE support. Anything else is just a bonus. */ 643 #define GET_FEATURE(flag, feature) \ 644 do { if (cpu->env.insns_flags & flag) { features |= feature; } } while (0) 645 GET_FEATURE(PPC_64B, QEMU_PPC_FEATURE_64); 646 GET_FEATURE(PPC_FLOAT, QEMU_PPC_FEATURE_HAS_FPU); 647 GET_FEATURE(PPC_ALTIVEC, QEMU_PPC_FEATURE_HAS_ALTIVEC); 648 GET_FEATURE(PPC_SPE, QEMU_PPC_FEATURE_HAS_SPE); 649 GET_FEATURE(PPC_SPE_SINGLE, QEMU_PPC_FEATURE_HAS_EFP_SINGLE); 650 GET_FEATURE(PPC_SPE_DOUBLE, QEMU_PPC_FEATURE_HAS_EFP_DOUBLE); 651 GET_FEATURE(PPC_BOOKE, QEMU_PPC_FEATURE_BOOKE); 652 GET_FEATURE(PPC_405_MAC, QEMU_PPC_FEATURE_HAS_4xxMAC); 653 #undef GET_FEATURE 654 655 return features; 656 } 657 658 /* 659 * The requirements here are: 660 * - keep the final alignment of sp (sp & 0xf) 661 * - make sure the 32-bit value at the first 16 byte aligned position of 662 * AUXV is greater than 16 for glibc compatibility. 663 * AT_IGNOREPPC is used for that. 664 * - for compatibility with glibc ARCH_DLINFO must always be defined on PPC, 665 * even if DLINFO_ARCH_ITEMS goes to zero or is undefined. 666 */ 667 #define DLINFO_ARCH_ITEMS 5 668 #define ARCH_DLINFO \ 669 do { \ 670 NEW_AUX_ENT(AT_DCACHEBSIZE, 0x20); \ 671 NEW_AUX_ENT(AT_ICACHEBSIZE, 0x20); \ 672 NEW_AUX_ENT(AT_UCACHEBSIZE, 0); \ 673 /* \ 674 * Now handle glibc compatibility. \ 675 */ \ 676 NEW_AUX_ENT(AT_IGNOREPPC, AT_IGNOREPPC); \ 677 NEW_AUX_ENT(AT_IGNOREPPC, AT_IGNOREPPC); \ 678 } while (0) 679 680 static inline void init_thread(struct target_pt_regs *_regs, struct image_info *infop) 681 { 682 _regs->gpr[1] = infop->start_stack; 683 #if defined(TARGET_PPC64) && !defined(TARGET_ABI32) 684 _regs->gpr[2] = ldq_raw(infop->entry + 8) + infop->load_bias; 685 infop->entry = ldq_raw(infop->entry) + infop->load_bias; 686 #endif 687 _regs->nip = infop->entry; 688 } 689 690 /* See linux kernel: arch/powerpc/include/asm/elf.h. */ 691 #define ELF_NREG 48 692 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 693 694 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUPPCState *env) 695 { 696 int i; 697 target_ulong ccr = 0; 698 699 for (i = 0; i < ARRAY_SIZE(env->gpr); i++) { 700 (*regs)[i] = tswapreg(env->gpr[i]); 701 } 702 703 (*regs)[32] = tswapreg(env->nip); 704 (*regs)[33] = tswapreg(env->msr); 705 (*regs)[35] = tswapreg(env->ctr); 706 (*regs)[36] = tswapreg(env->lr); 707 (*regs)[37] = tswapreg(env->xer); 708 709 for (i = 0; i < ARRAY_SIZE(env->crf); i++) { 710 ccr |= env->crf[i] << (32 - ((i + 1) * 4)); 711 } 712 (*regs)[38] = tswapreg(ccr); 713 } 714 715 #define USE_ELF_CORE_DUMP 716 #define ELF_EXEC_PAGESIZE 4096 717 718 #endif 719 720 #ifdef TARGET_MIPS 721 722 #define ELF_START_MMAP 0x80000000 723 724 #define elf_check_arch(x) ( (x) == EM_MIPS ) 725 726 #ifdef TARGET_MIPS64 727 #define ELF_CLASS ELFCLASS64 728 #else 729 #define ELF_CLASS ELFCLASS32 730 #endif 731 #define ELF_ARCH EM_MIPS 732 733 static inline void init_thread(struct target_pt_regs *regs, 734 struct image_info *infop) 735 { 736 regs->cp0_status = 2 << CP0St_KSU; 737 regs->cp0_epc = infop->entry; 738 regs->regs[29] = infop->start_stack; 739 } 740 741 /* See linux kernel: arch/mips/include/asm/elf.h. */ 742 #define ELF_NREG 45 743 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 744 745 /* See linux kernel: arch/mips/include/asm/reg.h. */ 746 enum { 747 #ifdef TARGET_MIPS64 748 TARGET_EF_R0 = 0, 749 #else 750 TARGET_EF_R0 = 6, 751 #endif 752 TARGET_EF_R26 = TARGET_EF_R0 + 26, 753 TARGET_EF_R27 = TARGET_EF_R0 + 27, 754 TARGET_EF_LO = TARGET_EF_R0 + 32, 755 TARGET_EF_HI = TARGET_EF_R0 + 33, 756 TARGET_EF_CP0_EPC = TARGET_EF_R0 + 34, 757 TARGET_EF_CP0_BADVADDR = TARGET_EF_R0 + 35, 758 TARGET_EF_CP0_STATUS = TARGET_EF_R0 + 36, 759 TARGET_EF_CP0_CAUSE = TARGET_EF_R0 + 37 760 }; 761 762 /* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs. */ 763 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUMIPSState *env) 764 { 765 int i; 766 767 for (i = 0; i < TARGET_EF_R0; i++) { 768 (*regs)[i] = 0; 769 } 770 (*regs)[TARGET_EF_R0] = 0; 771 772 for (i = 1; i < ARRAY_SIZE(env->active_tc.gpr); i++) { 773 (*regs)[TARGET_EF_R0 + i] = tswapreg(env->active_tc.gpr[i]); 774 } 775 776 (*regs)[TARGET_EF_R26] = 0; 777 (*regs)[TARGET_EF_R27] = 0; 778 (*regs)[TARGET_EF_LO] = tswapreg(env->active_tc.LO[0]); 779 (*regs)[TARGET_EF_HI] = tswapreg(env->active_tc.HI[0]); 780 (*regs)[TARGET_EF_CP0_EPC] = tswapreg(env->active_tc.PC); 781 (*regs)[TARGET_EF_CP0_BADVADDR] = tswapreg(env->CP0_BadVAddr); 782 (*regs)[TARGET_EF_CP0_STATUS] = tswapreg(env->CP0_Status); 783 (*regs)[TARGET_EF_CP0_CAUSE] = tswapreg(env->CP0_Cause); 784 } 785 786 #define USE_ELF_CORE_DUMP 787 #define ELF_EXEC_PAGESIZE 4096 788 789 #endif /* TARGET_MIPS */ 790 791 #ifdef TARGET_MICROBLAZE 792 793 #define ELF_START_MMAP 0x80000000 794 795 #define elf_check_arch(x) ( (x) == EM_MICROBLAZE || (x) == EM_MICROBLAZE_OLD) 796 797 #define ELF_CLASS ELFCLASS32 798 #define ELF_ARCH EM_MICROBLAZE 799 800 static inline void init_thread(struct target_pt_regs *regs, 801 struct image_info *infop) 802 { 803 regs->pc = infop->entry; 804 regs->r1 = infop->start_stack; 805 806 } 807 808 #define ELF_EXEC_PAGESIZE 4096 809 810 #define USE_ELF_CORE_DUMP 811 #define ELF_NREG 38 812 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 813 814 /* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs. */ 815 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUMBState *env) 816 { 817 int i, pos = 0; 818 819 for (i = 0; i < 32; i++) { 820 (*regs)[pos++] = tswapreg(env->regs[i]); 821 } 822 823 for (i = 0; i < 6; i++) { 824 (*regs)[pos++] = tswapreg(env->sregs[i]); 825 } 826 } 827 828 #endif /* TARGET_MICROBLAZE */ 829 830 #ifdef TARGET_OPENRISC 831 832 #define ELF_START_MMAP 0x08000000 833 834 #define elf_check_arch(x) ((x) == EM_OPENRISC) 835 836 #define ELF_ARCH EM_OPENRISC 837 #define ELF_CLASS ELFCLASS32 838 #define ELF_DATA ELFDATA2MSB 839 840 static inline void init_thread(struct target_pt_regs *regs, 841 struct image_info *infop) 842 { 843 regs->pc = infop->entry; 844 regs->gpr[1] = infop->start_stack; 845 } 846 847 #define USE_ELF_CORE_DUMP 848 #define ELF_EXEC_PAGESIZE 8192 849 850 /* See linux kernel arch/openrisc/include/asm/elf.h. */ 851 #define ELF_NREG 34 /* gprs and pc, sr */ 852 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 853 854 static void elf_core_copy_regs(target_elf_gregset_t *regs, 855 const CPUOpenRISCState *env) 856 { 857 int i; 858 859 for (i = 0; i < 32; i++) { 860 (*regs)[i] = tswapreg(env->gpr[i]); 861 } 862 863 (*regs)[32] = tswapreg(env->pc); 864 (*regs)[33] = tswapreg(env->sr); 865 } 866 #define ELF_HWCAP 0 867 #define ELF_PLATFORM NULL 868 869 #endif /* TARGET_OPENRISC */ 870 871 #ifdef TARGET_SH4 872 873 #define ELF_START_MMAP 0x80000000 874 875 #define elf_check_arch(x) ( (x) == EM_SH ) 876 877 #define ELF_CLASS ELFCLASS32 878 #define ELF_ARCH EM_SH 879 880 static inline void init_thread(struct target_pt_regs *regs, 881 struct image_info *infop) 882 { 883 /* Check other registers XXXXX */ 884 regs->pc = infop->entry; 885 regs->regs[15] = infop->start_stack; 886 } 887 888 /* See linux kernel: arch/sh/include/asm/elf.h. */ 889 #define ELF_NREG 23 890 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 891 892 /* See linux kernel: arch/sh/include/asm/ptrace.h. */ 893 enum { 894 TARGET_REG_PC = 16, 895 TARGET_REG_PR = 17, 896 TARGET_REG_SR = 18, 897 TARGET_REG_GBR = 19, 898 TARGET_REG_MACH = 20, 899 TARGET_REG_MACL = 21, 900 TARGET_REG_SYSCALL = 22 901 }; 902 903 static inline void elf_core_copy_regs(target_elf_gregset_t *regs, 904 const CPUSH4State *env) 905 { 906 int i; 907 908 for (i = 0; i < 16; i++) { 909 (*regs[i]) = tswapreg(env->gregs[i]); 910 } 911 912 (*regs)[TARGET_REG_PC] = tswapreg(env->pc); 913 (*regs)[TARGET_REG_PR] = tswapreg(env->pr); 914 (*regs)[TARGET_REG_SR] = tswapreg(env->sr); 915 (*regs)[TARGET_REG_GBR] = tswapreg(env->gbr); 916 (*regs)[TARGET_REG_MACH] = tswapreg(env->mach); 917 (*regs)[TARGET_REG_MACL] = tswapreg(env->macl); 918 (*regs)[TARGET_REG_SYSCALL] = 0; /* FIXME */ 919 } 920 921 #define USE_ELF_CORE_DUMP 922 #define ELF_EXEC_PAGESIZE 4096 923 924 #endif 925 926 #ifdef TARGET_CRIS 927 928 #define ELF_START_MMAP 0x80000000 929 930 #define elf_check_arch(x) ( (x) == EM_CRIS ) 931 932 #define ELF_CLASS ELFCLASS32 933 #define ELF_ARCH EM_CRIS 934 935 static inline void init_thread(struct target_pt_regs *regs, 936 struct image_info *infop) 937 { 938 regs->erp = infop->entry; 939 } 940 941 #define ELF_EXEC_PAGESIZE 8192 942 943 #endif 944 945 #ifdef TARGET_M68K 946 947 #define ELF_START_MMAP 0x80000000 948 949 #define elf_check_arch(x) ( (x) == EM_68K ) 950 951 #define ELF_CLASS ELFCLASS32 952 #define ELF_ARCH EM_68K 953 954 /* ??? Does this need to do anything? 955 #define ELF_PLAT_INIT(_r) */ 956 957 static inline void init_thread(struct target_pt_regs *regs, 958 struct image_info *infop) 959 { 960 regs->usp = infop->start_stack; 961 regs->sr = 0; 962 regs->pc = infop->entry; 963 } 964 965 /* See linux kernel: arch/m68k/include/asm/elf.h. */ 966 #define ELF_NREG 20 967 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 968 969 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUM68KState *env) 970 { 971 (*regs)[0] = tswapreg(env->dregs[1]); 972 (*regs)[1] = tswapreg(env->dregs[2]); 973 (*regs)[2] = tswapreg(env->dregs[3]); 974 (*regs)[3] = tswapreg(env->dregs[4]); 975 (*regs)[4] = tswapreg(env->dregs[5]); 976 (*regs)[5] = tswapreg(env->dregs[6]); 977 (*regs)[6] = tswapreg(env->dregs[7]); 978 (*regs)[7] = tswapreg(env->aregs[0]); 979 (*regs)[8] = tswapreg(env->aregs[1]); 980 (*regs)[9] = tswapreg(env->aregs[2]); 981 (*regs)[10] = tswapreg(env->aregs[3]); 982 (*regs)[11] = tswapreg(env->aregs[4]); 983 (*regs)[12] = tswapreg(env->aregs[5]); 984 (*regs)[13] = tswapreg(env->aregs[6]); 985 (*regs)[14] = tswapreg(env->dregs[0]); 986 (*regs)[15] = tswapreg(env->aregs[7]); 987 (*regs)[16] = tswapreg(env->dregs[0]); /* FIXME: orig_d0 */ 988 (*regs)[17] = tswapreg(env->sr); 989 (*regs)[18] = tswapreg(env->pc); 990 (*regs)[19] = 0; /* FIXME: regs->format | regs->vector */ 991 } 992 993 #define USE_ELF_CORE_DUMP 994 #define ELF_EXEC_PAGESIZE 8192 995 996 #endif 997 998 #ifdef TARGET_ALPHA 999 1000 #define ELF_START_MMAP (0x30000000000ULL) 1001 1002 #define elf_check_arch(x) ( (x) == ELF_ARCH ) 1003 1004 #define ELF_CLASS ELFCLASS64 1005 #define ELF_ARCH EM_ALPHA 1006 1007 static inline void init_thread(struct target_pt_regs *regs, 1008 struct image_info *infop) 1009 { 1010 regs->pc = infop->entry; 1011 regs->ps = 8; 1012 regs->usp = infop->start_stack; 1013 } 1014 1015 #define ELF_EXEC_PAGESIZE 8192 1016 1017 #endif /* TARGET_ALPHA */ 1018 1019 #ifdef TARGET_S390X 1020 1021 #define ELF_START_MMAP (0x20000000000ULL) 1022 1023 #define elf_check_arch(x) ( (x) == ELF_ARCH ) 1024 1025 #define ELF_CLASS ELFCLASS64 1026 #define ELF_DATA ELFDATA2MSB 1027 #define ELF_ARCH EM_S390 1028 1029 static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop) 1030 { 1031 regs->psw.addr = infop->entry; 1032 regs->psw.mask = PSW_MASK_64 | PSW_MASK_32; 1033 regs->gprs[15] = infop->start_stack; 1034 } 1035 1036 #endif /* TARGET_S390X */ 1037 1038 #ifndef ELF_PLATFORM 1039 #define ELF_PLATFORM (NULL) 1040 #endif 1041 1042 #ifndef ELF_HWCAP 1043 #define ELF_HWCAP 0 1044 #endif 1045 1046 #ifdef TARGET_ABI32 1047 #undef ELF_CLASS 1048 #define ELF_CLASS ELFCLASS32 1049 #undef bswaptls 1050 #define bswaptls(ptr) bswap32s(ptr) 1051 #endif 1052 1053 #include "elf.h" 1054 1055 struct exec 1056 { 1057 unsigned int a_info; /* Use macros N_MAGIC, etc for access */ 1058 unsigned int a_text; /* length of text, in bytes */ 1059 unsigned int a_data; /* length of data, in bytes */ 1060 unsigned int a_bss; /* length of uninitialized data area, in bytes */ 1061 unsigned int a_syms; /* length of symbol table data in file, in bytes */ 1062 unsigned int a_entry; /* start address */ 1063 unsigned int a_trsize; /* length of relocation info for text, in bytes */ 1064 unsigned int a_drsize; /* length of relocation info for data, in bytes */ 1065 }; 1066 1067 1068 #define N_MAGIC(exec) ((exec).a_info & 0xffff) 1069 #define OMAGIC 0407 1070 #define NMAGIC 0410 1071 #define ZMAGIC 0413 1072 #define QMAGIC 0314 1073 1074 /* Necessary parameters */ 1075 #define TARGET_ELF_EXEC_PAGESIZE TARGET_PAGE_SIZE 1076 #define TARGET_ELF_PAGESTART(_v) ((_v) & ~(unsigned long)(TARGET_ELF_EXEC_PAGESIZE-1)) 1077 #define TARGET_ELF_PAGEOFFSET(_v) ((_v) & (TARGET_ELF_EXEC_PAGESIZE-1)) 1078 1079 #define DLINFO_ITEMS 14 1080 1081 static inline void memcpy_fromfs(void * to, const void * from, unsigned long n) 1082 { 1083 memcpy(to, from, n); 1084 } 1085 1086 #ifdef BSWAP_NEEDED 1087 static void bswap_ehdr(struct elfhdr *ehdr) 1088 { 1089 bswap16s(&ehdr->e_type); /* Object file type */ 1090 bswap16s(&ehdr->e_machine); /* Architecture */ 1091 bswap32s(&ehdr->e_version); /* Object file version */ 1092 bswaptls(&ehdr->e_entry); /* Entry point virtual address */ 1093 bswaptls(&ehdr->e_phoff); /* Program header table file offset */ 1094 bswaptls(&ehdr->e_shoff); /* Section header table file offset */ 1095 bswap32s(&ehdr->e_flags); /* Processor-specific flags */ 1096 bswap16s(&ehdr->e_ehsize); /* ELF header size in bytes */ 1097 bswap16s(&ehdr->e_phentsize); /* Program header table entry size */ 1098 bswap16s(&ehdr->e_phnum); /* Program header table entry count */ 1099 bswap16s(&ehdr->e_shentsize); /* Section header table entry size */ 1100 bswap16s(&ehdr->e_shnum); /* Section header table entry count */ 1101 bswap16s(&ehdr->e_shstrndx); /* Section header string table index */ 1102 } 1103 1104 static void bswap_phdr(struct elf_phdr *phdr, int phnum) 1105 { 1106 int i; 1107 for (i = 0; i < phnum; ++i, ++phdr) { 1108 bswap32s(&phdr->p_type); /* Segment type */ 1109 bswap32s(&phdr->p_flags); /* Segment flags */ 1110 bswaptls(&phdr->p_offset); /* Segment file offset */ 1111 bswaptls(&phdr->p_vaddr); /* Segment virtual address */ 1112 bswaptls(&phdr->p_paddr); /* Segment physical address */ 1113 bswaptls(&phdr->p_filesz); /* Segment size in file */ 1114 bswaptls(&phdr->p_memsz); /* Segment size in memory */ 1115 bswaptls(&phdr->p_align); /* Segment alignment */ 1116 } 1117 } 1118 1119 static void bswap_shdr(struct elf_shdr *shdr, int shnum) 1120 { 1121 int i; 1122 for (i = 0; i < shnum; ++i, ++shdr) { 1123 bswap32s(&shdr->sh_name); 1124 bswap32s(&shdr->sh_type); 1125 bswaptls(&shdr->sh_flags); 1126 bswaptls(&shdr->sh_addr); 1127 bswaptls(&shdr->sh_offset); 1128 bswaptls(&shdr->sh_size); 1129 bswap32s(&shdr->sh_link); 1130 bswap32s(&shdr->sh_info); 1131 bswaptls(&shdr->sh_addralign); 1132 bswaptls(&shdr->sh_entsize); 1133 } 1134 } 1135 1136 static void bswap_sym(struct elf_sym *sym) 1137 { 1138 bswap32s(&sym->st_name); 1139 bswaptls(&sym->st_value); 1140 bswaptls(&sym->st_size); 1141 bswap16s(&sym->st_shndx); 1142 } 1143 #else 1144 static inline void bswap_ehdr(struct elfhdr *ehdr) { } 1145 static inline void bswap_phdr(struct elf_phdr *phdr, int phnum) { } 1146 static inline void bswap_shdr(struct elf_shdr *shdr, int shnum) { } 1147 static inline void bswap_sym(struct elf_sym *sym) { } 1148 #endif 1149 1150 #ifdef USE_ELF_CORE_DUMP 1151 static int elf_core_dump(int, const CPUArchState *); 1152 #endif /* USE_ELF_CORE_DUMP */ 1153 static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias); 1154 1155 /* Verify the portions of EHDR within E_IDENT for the target. 1156 This can be performed before bswapping the entire header. */ 1157 static bool elf_check_ident(struct elfhdr *ehdr) 1158 { 1159 return (ehdr->e_ident[EI_MAG0] == ELFMAG0 1160 && ehdr->e_ident[EI_MAG1] == ELFMAG1 1161 && ehdr->e_ident[EI_MAG2] == ELFMAG2 1162 && ehdr->e_ident[EI_MAG3] == ELFMAG3 1163 && ehdr->e_ident[EI_CLASS] == ELF_CLASS 1164 && ehdr->e_ident[EI_DATA] == ELF_DATA 1165 && ehdr->e_ident[EI_VERSION] == EV_CURRENT); 1166 } 1167 1168 /* Verify the portions of EHDR outside of E_IDENT for the target. 1169 This has to wait until after bswapping the header. */ 1170 static bool elf_check_ehdr(struct elfhdr *ehdr) 1171 { 1172 return (elf_check_arch(ehdr->e_machine) 1173 && ehdr->e_ehsize == sizeof(struct elfhdr) 1174 && ehdr->e_phentsize == sizeof(struct elf_phdr) 1175 && ehdr->e_shentsize == sizeof(struct elf_shdr) 1176 && (ehdr->e_type == ET_EXEC || ehdr->e_type == ET_DYN)); 1177 } 1178 1179 /* 1180 * 'copy_elf_strings()' copies argument/envelope strings from user 1181 * memory to free pages in kernel mem. These are in a format ready 1182 * to be put directly into the top of new user memory. 1183 * 1184 */ 1185 static abi_ulong copy_elf_strings(int argc,char ** argv, void **page, 1186 abi_ulong p) 1187 { 1188 char *tmp, *tmp1, *pag = NULL; 1189 int len, offset = 0; 1190 1191 if (!p) { 1192 return 0; /* bullet-proofing */ 1193 } 1194 while (argc-- > 0) { 1195 tmp = argv[argc]; 1196 if (!tmp) { 1197 fprintf(stderr, "VFS: argc is wrong"); 1198 exit(-1); 1199 } 1200 tmp1 = tmp; 1201 while (*tmp++); 1202 len = tmp - tmp1; 1203 if (p < len) { /* this shouldn't happen - 128kB */ 1204 return 0; 1205 } 1206 while (len) { 1207 --p; --tmp; --len; 1208 if (--offset < 0) { 1209 offset = p % TARGET_PAGE_SIZE; 1210 pag = (char *)page[p/TARGET_PAGE_SIZE]; 1211 if (!pag) { 1212 pag = g_try_malloc0(TARGET_PAGE_SIZE); 1213 page[p/TARGET_PAGE_SIZE] = pag; 1214 if (!pag) 1215 return 0; 1216 } 1217 } 1218 if (len == 0 || offset == 0) { 1219 *(pag + offset) = *tmp; 1220 } 1221 else { 1222 int bytes_to_copy = (len > offset) ? offset : len; 1223 tmp -= bytes_to_copy; 1224 p -= bytes_to_copy; 1225 offset -= bytes_to_copy; 1226 len -= bytes_to_copy; 1227 memcpy_fromfs(pag + offset, tmp, bytes_to_copy + 1); 1228 } 1229 } 1230 } 1231 return p; 1232 } 1233 1234 static abi_ulong setup_arg_pages(abi_ulong p, struct linux_binprm *bprm, 1235 struct image_info *info) 1236 { 1237 abi_ulong stack_base, size, error, guard; 1238 int i; 1239 1240 /* Create enough stack to hold everything. If we don't use 1241 it for args, we'll use it for something else. */ 1242 size = guest_stack_size; 1243 if (size < MAX_ARG_PAGES*TARGET_PAGE_SIZE) { 1244 size = MAX_ARG_PAGES*TARGET_PAGE_SIZE; 1245 } 1246 guard = TARGET_PAGE_SIZE; 1247 if (guard < qemu_real_host_page_size) { 1248 guard = qemu_real_host_page_size; 1249 } 1250 1251 error = target_mmap(0, size + guard, PROT_READ | PROT_WRITE, 1252 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); 1253 if (error == -1) { 1254 perror("mmap stack"); 1255 exit(-1); 1256 } 1257 1258 /* We reserve one extra page at the top of the stack as guard. */ 1259 target_mprotect(error, guard, PROT_NONE); 1260 1261 info->stack_limit = error + guard; 1262 stack_base = info->stack_limit + size - MAX_ARG_PAGES*TARGET_PAGE_SIZE; 1263 p += stack_base; 1264 1265 for (i = 0 ; i < MAX_ARG_PAGES ; i++) { 1266 if (bprm->page[i]) { 1267 info->rss++; 1268 /* FIXME - check return value of memcpy_to_target() for failure */ 1269 memcpy_to_target(stack_base, bprm->page[i], TARGET_PAGE_SIZE); 1270 g_free(bprm->page[i]); 1271 } 1272 stack_base += TARGET_PAGE_SIZE; 1273 } 1274 return p; 1275 } 1276 1277 /* Map and zero the bss. We need to explicitly zero any fractional pages 1278 after the data section (i.e. bss). */ 1279 static void zero_bss(abi_ulong elf_bss, abi_ulong last_bss, int prot) 1280 { 1281 uintptr_t host_start, host_map_start, host_end; 1282 1283 last_bss = TARGET_PAGE_ALIGN(last_bss); 1284 1285 /* ??? There is confusion between qemu_real_host_page_size and 1286 qemu_host_page_size here and elsewhere in target_mmap, which 1287 may lead to the end of the data section mapping from the file 1288 not being mapped. At least there was an explicit test and 1289 comment for that here, suggesting that "the file size must 1290 be known". The comment probably pre-dates the introduction 1291 of the fstat system call in target_mmap which does in fact 1292 find out the size. What isn't clear is if the workaround 1293 here is still actually needed. For now, continue with it, 1294 but merge it with the "normal" mmap that would allocate the bss. */ 1295 1296 host_start = (uintptr_t) g2h(elf_bss); 1297 host_end = (uintptr_t) g2h(last_bss); 1298 host_map_start = (host_start + qemu_real_host_page_size - 1); 1299 host_map_start &= -qemu_real_host_page_size; 1300 1301 if (host_map_start < host_end) { 1302 void *p = mmap((void *)host_map_start, host_end - host_map_start, 1303 prot, MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); 1304 if (p == MAP_FAILED) { 1305 perror("cannot mmap brk"); 1306 exit(-1); 1307 } 1308 1309 /* Since we didn't use target_mmap, make sure to record 1310 the validity of the pages with qemu. */ 1311 page_set_flags(elf_bss & TARGET_PAGE_MASK, last_bss, prot|PAGE_VALID); 1312 } 1313 1314 if (host_start < host_map_start) { 1315 memset((void *)host_start, 0, host_map_start - host_start); 1316 } 1317 } 1318 1319 #ifdef CONFIG_USE_FDPIC 1320 static abi_ulong loader_build_fdpic_loadmap(struct image_info *info, abi_ulong sp) 1321 { 1322 uint16_t n; 1323 struct elf32_fdpic_loadseg *loadsegs = info->loadsegs; 1324 1325 /* elf32_fdpic_loadseg */ 1326 n = info->nsegs; 1327 while (n--) { 1328 sp -= 12; 1329 put_user_u32(loadsegs[n].addr, sp+0); 1330 put_user_u32(loadsegs[n].p_vaddr, sp+4); 1331 put_user_u32(loadsegs[n].p_memsz, sp+8); 1332 } 1333 1334 /* elf32_fdpic_loadmap */ 1335 sp -= 4; 1336 put_user_u16(0, sp+0); /* version */ 1337 put_user_u16(info->nsegs, sp+2); /* nsegs */ 1338 1339 info->personality = PER_LINUX_FDPIC; 1340 info->loadmap_addr = sp; 1341 1342 return sp; 1343 } 1344 #endif 1345 1346 static abi_ulong create_elf_tables(abi_ulong p, int argc, int envc, 1347 struct elfhdr *exec, 1348 struct image_info *info, 1349 struct image_info *interp_info) 1350 { 1351 abi_ulong sp; 1352 abi_ulong sp_auxv; 1353 int size; 1354 int i; 1355 abi_ulong u_rand_bytes; 1356 uint8_t k_rand_bytes[16]; 1357 abi_ulong u_platform; 1358 const char *k_platform; 1359 const int n = sizeof(elf_addr_t); 1360 1361 sp = p; 1362 1363 #ifdef CONFIG_USE_FDPIC 1364 /* Needs to be before we load the env/argc/... */ 1365 if (elf_is_fdpic(exec)) { 1366 /* Need 4 byte alignment for these structs */ 1367 sp &= ~3; 1368 sp = loader_build_fdpic_loadmap(info, sp); 1369 info->other_info = interp_info; 1370 if (interp_info) { 1371 interp_info->other_info = info; 1372 sp = loader_build_fdpic_loadmap(interp_info, sp); 1373 } 1374 } 1375 #endif 1376 1377 u_platform = 0; 1378 k_platform = ELF_PLATFORM; 1379 if (k_platform) { 1380 size_t len = strlen(k_platform) + 1; 1381 sp -= (len + n - 1) & ~(n - 1); 1382 u_platform = sp; 1383 /* FIXME - check return value of memcpy_to_target() for failure */ 1384 memcpy_to_target(sp, k_platform, len); 1385 } 1386 1387 /* 1388 * Generate 16 random bytes for userspace PRNG seeding (not 1389 * cryptically secure but it's not the aim of QEMU). 1390 */ 1391 srand((unsigned int) time(NULL)); 1392 for (i = 0; i < 16; i++) { 1393 k_rand_bytes[i] = rand(); 1394 } 1395 sp -= 16; 1396 u_rand_bytes = sp; 1397 /* FIXME - check return value of memcpy_to_target() for failure */ 1398 memcpy_to_target(sp, k_rand_bytes, 16); 1399 1400 /* 1401 * Force 16 byte _final_ alignment here for generality. 1402 */ 1403 sp = sp &~ (abi_ulong)15; 1404 size = (DLINFO_ITEMS + 1) * 2; 1405 if (k_platform) 1406 size += 2; 1407 #ifdef DLINFO_ARCH_ITEMS 1408 size += DLINFO_ARCH_ITEMS * 2; 1409 #endif 1410 size += envc + argc + 2; 1411 size += 1; /* argc itself */ 1412 size *= n; 1413 if (size & 15) 1414 sp -= 16 - (size & 15); 1415 1416 /* This is correct because Linux defines 1417 * elf_addr_t as Elf32_Off / Elf64_Off 1418 */ 1419 #define NEW_AUX_ENT(id, val) do { \ 1420 sp -= n; put_user_ual(val, sp); \ 1421 sp -= n; put_user_ual(id, sp); \ 1422 } while(0) 1423 1424 sp_auxv = sp; 1425 NEW_AUX_ENT (AT_NULL, 0); 1426 1427 /* There must be exactly DLINFO_ITEMS entries here. */ 1428 NEW_AUX_ENT(AT_PHDR, (abi_ulong)(info->load_addr + exec->e_phoff)); 1429 NEW_AUX_ENT(AT_PHENT, (abi_ulong)(sizeof (struct elf_phdr))); 1430 NEW_AUX_ENT(AT_PHNUM, (abi_ulong)(exec->e_phnum)); 1431 NEW_AUX_ENT(AT_PAGESZ, (abi_ulong)(TARGET_PAGE_SIZE)); 1432 NEW_AUX_ENT(AT_BASE, (abi_ulong)(interp_info ? interp_info->load_addr : 0)); 1433 NEW_AUX_ENT(AT_FLAGS, (abi_ulong)0); 1434 NEW_AUX_ENT(AT_ENTRY, info->entry); 1435 NEW_AUX_ENT(AT_UID, (abi_ulong) getuid()); 1436 NEW_AUX_ENT(AT_EUID, (abi_ulong) geteuid()); 1437 NEW_AUX_ENT(AT_GID, (abi_ulong) getgid()); 1438 NEW_AUX_ENT(AT_EGID, (abi_ulong) getegid()); 1439 NEW_AUX_ENT(AT_HWCAP, (abi_ulong) ELF_HWCAP); 1440 NEW_AUX_ENT(AT_CLKTCK, (abi_ulong) sysconf(_SC_CLK_TCK)); 1441 NEW_AUX_ENT(AT_RANDOM, (abi_ulong) u_rand_bytes); 1442 1443 if (k_platform) 1444 NEW_AUX_ENT(AT_PLATFORM, u_platform); 1445 #ifdef ARCH_DLINFO 1446 /* 1447 * ARCH_DLINFO must come last so platform specific code can enforce 1448 * special alignment requirements on the AUXV if necessary (eg. PPC). 1449 */ 1450 ARCH_DLINFO; 1451 #endif 1452 #undef NEW_AUX_ENT 1453 1454 info->saved_auxv = sp; 1455 info->auxv_len = sp_auxv - sp; 1456 1457 sp = loader_build_argptr(envc, argc, sp, p, 0); 1458 return sp; 1459 } 1460 1461 #ifndef TARGET_HAS_VALIDATE_GUEST_SPACE 1462 /* If the guest doesn't have a validation function just agree */ 1463 static int validate_guest_space(unsigned long guest_base, 1464 unsigned long guest_size) 1465 { 1466 return 1; 1467 } 1468 #endif 1469 1470 unsigned long init_guest_space(unsigned long host_start, 1471 unsigned long host_size, 1472 unsigned long guest_start, 1473 bool fixed) 1474 { 1475 unsigned long current_start, real_start; 1476 int flags; 1477 1478 assert(host_start || host_size); 1479 1480 /* If just a starting address is given, then just verify that 1481 * address. */ 1482 if (host_start && !host_size) { 1483 if (validate_guest_space(host_start, host_size) == 1) { 1484 return host_start; 1485 } else { 1486 return (unsigned long)-1; 1487 } 1488 } 1489 1490 /* Setup the initial flags and start address. */ 1491 current_start = host_start & qemu_host_page_mask; 1492 flags = MAP_ANONYMOUS | MAP_PRIVATE | MAP_NORESERVE; 1493 if (fixed) { 1494 flags |= MAP_FIXED; 1495 } 1496 1497 /* Otherwise, a non-zero size region of memory needs to be mapped 1498 * and validated. */ 1499 while (1) { 1500 unsigned long real_size = host_size; 1501 1502 /* Do not use mmap_find_vma here because that is limited to the 1503 * guest address space. We are going to make the 1504 * guest address space fit whatever we're given. 1505 */ 1506 real_start = (unsigned long) 1507 mmap((void *)current_start, host_size, PROT_NONE, flags, -1, 0); 1508 if (real_start == (unsigned long)-1) { 1509 return (unsigned long)-1; 1510 } 1511 1512 /* Ensure the address is properly aligned. */ 1513 if (real_start & ~qemu_host_page_mask) { 1514 munmap((void *)real_start, host_size); 1515 real_size = host_size + qemu_host_page_size; 1516 real_start = (unsigned long) 1517 mmap((void *)real_start, real_size, PROT_NONE, flags, -1, 0); 1518 if (real_start == (unsigned long)-1) { 1519 return (unsigned long)-1; 1520 } 1521 real_start = HOST_PAGE_ALIGN(real_start); 1522 } 1523 1524 /* Check to see if the address is valid. */ 1525 if (!host_start || real_start == current_start) { 1526 int valid = validate_guest_space(real_start - guest_start, 1527 real_size); 1528 if (valid == 1) { 1529 break; 1530 } else if (valid == -1) { 1531 return (unsigned long)-1; 1532 } 1533 /* valid == 0, so try again. */ 1534 } 1535 1536 /* That address didn't work. Unmap and try a different one. 1537 * The address the host picked because is typically right at 1538 * the top of the host address space and leaves the guest with 1539 * no usable address space. Resort to a linear search. We 1540 * already compensated for mmap_min_addr, so this should not 1541 * happen often. Probably means we got unlucky and host 1542 * address space randomization put a shared library somewhere 1543 * inconvenient. 1544 */ 1545 munmap((void *)real_start, host_size); 1546 current_start += qemu_host_page_size; 1547 if (host_start == current_start) { 1548 /* Theoretically possible if host doesn't have any suitably 1549 * aligned areas. Normally the first mmap will fail. 1550 */ 1551 return (unsigned long)-1; 1552 } 1553 } 1554 1555 qemu_log("Reserved 0x%lx bytes of guest address space\n", host_size); 1556 1557 return real_start; 1558 } 1559 1560 static void probe_guest_base(const char *image_name, 1561 abi_ulong loaddr, abi_ulong hiaddr) 1562 { 1563 /* Probe for a suitable guest base address, if the user has not set 1564 * it explicitly, and set guest_base appropriately. 1565 * In case of error we will print a suitable message and exit. 1566 */ 1567 #if defined(CONFIG_USE_GUEST_BASE) 1568 const char *errmsg; 1569 if (!have_guest_base && !reserved_va) { 1570 unsigned long host_start, real_start, host_size; 1571 1572 /* Round addresses to page boundaries. */ 1573 loaddr &= qemu_host_page_mask; 1574 hiaddr = HOST_PAGE_ALIGN(hiaddr); 1575 1576 if (loaddr < mmap_min_addr) { 1577 host_start = HOST_PAGE_ALIGN(mmap_min_addr); 1578 } else { 1579 host_start = loaddr; 1580 if (host_start != loaddr) { 1581 errmsg = "Address overflow loading ELF binary"; 1582 goto exit_errmsg; 1583 } 1584 } 1585 host_size = hiaddr - loaddr; 1586 1587 /* Setup the initial guest memory space with ranges gleaned from 1588 * the ELF image that is being loaded. 1589 */ 1590 real_start = init_guest_space(host_start, host_size, loaddr, false); 1591 if (real_start == (unsigned long)-1) { 1592 errmsg = "Unable to find space for application"; 1593 goto exit_errmsg; 1594 } 1595 guest_base = real_start - loaddr; 1596 1597 qemu_log("Relocating guest address space from 0x" 1598 TARGET_ABI_FMT_lx " to 0x%lx\n", 1599 loaddr, real_start); 1600 } 1601 return; 1602 1603 exit_errmsg: 1604 fprintf(stderr, "%s: %s\n", image_name, errmsg); 1605 exit(-1); 1606 #endif 1607 } 1608 1609 1610 /* Load an ELF image into the address space. 1611 1612 IMAGE_NAME is the filename of the image, to use in error messages. 1613 IMAGE_FD is the open file descriptor for the image. 1614 1615 BPRM_BUF is a copy of the beginning of the file; this of course 1616 contains the elf file header at offset 0. It is assumed that this 1617 buffer is sufficiently aligned to present no problems to the host 1618 in accessing data at aligned offsets within the buffer. 1619 1620 On return: INFO values will be filled in, as necessary or available. */ 1621 1622 static void load_elf_image(const char *image_name, int image_fd, 1623 struct image_info *info, char **pinterp_name, 1624 char bprm_buf[BPRM_BUF_SIZE]) 1625 { 1626 struct elfhdr *ehdr = (struct elfhdr *)bprm_buf; 1627 struct elf_phdr *phdr; 1628 abi_ulong load_addr, load_bias, loaddr, hiaddr, error; 1629 int i, retval; 1630 const char *errmsg; 1631 1632 /* First of all, some simple consistency checks */ 1633 errmsg = "Invalid ELF image for this architecture"; 1634 if (!elf_check_ident(ehdr)) { 1635 goto exit_errmsg; 1636 } 1637 bswap_ehdr(ehdr); 1638 if (!elf_check_ehdr(ehdr)) { 1639 goto exit_errmsg; 1640 } 1641 1642 i = ehdr->e_phnum * sizeof(struct elf_phdr); 1643 if (ehdr->e_phoff + i <= BPRM_BUF_SIZE) { 1644 phdr = (struct elf_phdr *)(bprm_buf + ehdr->e_phoff); 1645 } else { 1646 phdr = (struct elf_phdr *) alloca(i); 1647 retval = pread(image_fd, phdr, i, ehdr->e_phoff); 1648 if (retval != i) { 1649 goto exit_read; 1650 } 1651 } 1652 bswap_phdr(phdr, ehdr->e_phnum); 1653 1654 #ifdef CONFIG_USE_FDPIC 1655 info->nsegs = 0; 1656 info->pt_dynamic_addr = 0; 1657 #endif 1658 1659 /* Find the maximum size of the image and allocate an appropriate 1660 amount of memory to handle that. */ 1661 loaddr = -1, hiaddr = 0; 1662 for (i = 0; i < ehdr->e_phnum; ++i) { 1663 if (phdr[i].p_type == PT_LOAD) { 1664 abi_ulong a = phdr[i].p_vaddr; 1665 if (a < loaddr) { 1666 loaddr = a; 1667 } 1668 a += phdr[i].p_memsz; 1669 if (a > hiaddr) { 1670 hiaddr = a; 1671 } 1672 #ifdef CONFIG_USE_FDPIC 1673 ++info->nsegs; 1674 #endif 1675 } 1676 } 1677 1678 load_addr = loaddr; 1679 if (ehdr->e_type == ET_DYN) { 1680 /* The image indicates that it can be loaded anywhere. Find a 1681 location that can hold the memory space required. If the 1682 image is pre-linked, LOADDR will be non-zero. Since we do 1683 not supply MAP_FIXED here we'll use that address if and 1684 only if it remains available. */ 1685 load_addr = target_mmap(loaddr, hiaddr - loaddr, PROT_NONE, 1686 MAP_PRIVATE | MAP_ANON | MAP_NORESERVE, 1687 -1, 0); 1688 if (load_addr == -1) { 1689 goto exit_perror; 1690 } 1691 } else if (pinterp_name != NULL) { 1692 /* This is the main executable. Make sure that the low 1693 address does not conflict with MMAP_MIN_ADDR or the 1694 QEMU application itself. */ 1695 probe_guest_base(image_name, loaddr, hiaddr); 1696 } 1697 load_bias = load_addr - loaddr; 1698 1699 #ifdef CONFIG_USE_FDPIC 1700 { 1701 struct elf32_fdpic_loadseg *loadsegs = info->loadsegs = 1702 g_malloc(sizeof(*loadsegs) * info->nsegs); 1703 1704 for (i = 0; i < ehdr->e_phnum; ++i) { 1705 switch (phdr[i].p_type) { 1706 case PT_DYNAMIC: 1707 info->pt_dynamic_addr = phdr[i].p_vaddr + load_bias; 1708 break; 1709 case PT_LOAD: 1710 loadsegs->addr = phdr[i].p_vaddr + load_bias; 1711 loadsegs->p_vaddr = phdr[i].p_vaddr; 1712 loadsegs->p_memsz = phdr[i].p_memsz; 1713 ++loadsegs; 1714 break; 1715 } 1716 } 1717 } 1718 #endif 1719 1720 info->load_bias = load_bias; 1721 info->load_addr = load_addr; 1722 info->entry = ehdr->e_entry + load_bias; 1723 info->start_code = -1; 1724 info->end_code = 0; 1725 info->start_data = -1; 1726 info->end_data = 0; 1727 info->brk = 0; 1728 info->elf_flags = ehdr->e_flags; 1729 1730 for (i = 0; i < ehdr->e_phnum; i++) { 1731 struct elf_phdr *eppnt = phdr + i; 1732 if (eppnt->p_type == PT_LOAD) { 1733 abi_ulong vaddr, vaddr_po, vaddr_ps, vaddr_ef, vaddr_em; 1734 int elf_prot = 0; 1735 1736 if (eppnt->p_flags & PF_R) elf_prot = PROT_READ; 1737 if (eppnt->p_flags & PF_W) elf_prot |= PROT_WRITE; 1738 if (eppnt->p_flags & PF_X) elf_prot |= PROT_EXEC; 1739 1740 vaddr = load_bias + eppnt->p_vaddr; 1741 vaddr_po = TARGET_ELF_PAGEOFFSET(vaddr); 1742 vaddr_ps = TARGET_ELF_PAGESTART(vaddr); 1743 1744 error = target_mmap(vaddr_ps, eppnt->p_filesz + vaddr_po, 1745 elf_prot, MAP_PRIVATE | MAP_FIXED, 1746 image_fd, eppnt->p_offset - vaddr_po); 1747 if (error == -1) { 1748 goto exit_perror; 1749 } 1750 1751 vaddr_ef = vaddr + eppnt->p_filesz; 1752 vaddr_em = vaddr + eppnt->p_memsz; 1753 1754 /* If the load segment requests extra zeros (e.g. bss), map it. */ 1755 if (vaddr_ef < vaddr_em) { 1756 zero_bss(vaddr_ef, vaddr_em, elf_prot); 1757 } 1758 1759 /* Find the full program boundaries. */ 1760 if (elf_prot & PROT_EXEC) { 1761 if (vaddr < info->start_code) { 1762 info->start_code = vaddr; 1763 } 1764 if (vaddr_ef > info->end_code) { 1765 info->end_code = vaddr_ef; 1766 } 1767 } 1768 if (elf_prot & PROT_WRITE) { 1769 if (vaddr < info->start_data) { 1770 info->start_data = vaddr; 1771 } 1772 if (vaddr_ef > info->end_data) { 1773 info->end_data = vaddr_ef; 1774 } 1775 if (vaddr_em > info->brk) { 1776 info->brk = vaddr_em; 1777 } 1778 } 1779 } else if (eppnt->p_type == PT_INTERP && pinterp_name) { 1780 char *interp_name; 1781 1782 if (*pinterp_name) { 1783 errmsg = "Multiple PT_INTERP entries"; 1784 goto exit_errmsg; 1785 } 1786 interp_name = malloc(eppnt->p_filesz); 1787 if (!interp_name) { 1788 goto exit_perror; 1789 } 1790 1791 if (eppnt->p_offset + eppnt->p_filesz <= BPRM_BUF_SIZE) { 1792 memcpy(interp_name, bprm_buf + eppnt->p_offset, 1793 eppnt->p_filesz); 1794 } else { 1795 retval = pread(image_fd, interp_name, eppnt->p_filesz, 1796 eppnt->p_offset); 1797 if (retval != eppnt->p_filesz) { 1798 goto exit_perror; 1799 } 1800 } 1801 if (interp_name[eppnt->p_filesz - 1] != 0) { 1802 errmsg = "Invalid PT_INTERP entry"; 1803 goto exit_errmsg; 1804 } 1805 *pinterp_name = interp_name; 1806 } 1807 } 1808 1809 if (info->end_data == 0) { 1810 info->start_data = info->end_code; 1811 info->end_data = info->end_code; 1812 info->brk = info->end_code; 1813 } 1814 1815 if (qemu_log_enabled()) { 1816 load_symbols(ehdr, image_fd, load_bias); 1817 } 1818 1819 close(image_fd); 1820 return; 1821 1822 exit_read: 1823 if (retval >= 0) { 1824 errmsg = "Incomplete read of file header"; 1825 goto exit_errmsg; 1826 } 1827 exit_perror: 1828 errmsg = strerror(errno); 1829 exit_errmsg: 1830 fprintf(stderr, "%s: %s\n", image_name, errmsg); 1831 exit(-1); 1832 } 1833 1834 static void load_elf_interp(const char *filename, struct image_info *info, 1835 char bprm_buf[BPRM_BUF_SIZE]) 1836 { 1837 int fd, retval; 1838 1839 fd = open(path(filename), O_RDONLY); 1840 if (fd < 0) { 1841 goto exit_perror; 1842 } 1843 1844 retval = read(fd, bprm_buf, BPRM_BUF_SIZE); 1845 if (retval < 0) { 1846 goto exit_perror; 1847 } 1848 if (retval < BPRM_BUF_SIZE) { 1849 memset(bprm_buf + retval, 0, BPRM_BUF_SIZE - retval); 1850 } 1851 1852 load_elf_image(filename, fd, info, NULL, bprm_buf); 1853 return; 1854 1855 exit_perror: 1856 fprintf(stderr, "%s: %s\n", filename, strerror(errno)); 1857 exit(-1); 1858 } 1859 1860 static int symfind(const void *s0, const void *s1) 1861 { 1862 target_ulong addr = *(target_ulong *)s0; 1863 struct elf_sym *sym = (struct elf_sym *)s1; 1864 int result = 0; 1865 if (addr < sym->st_value) { 1866 result = -1; 1867 } else if (addr >= sym->st_value + sym->st_size) { 1868 result = 1; 1869 } 1870 return result; 1871 } 1872 1873 static const char *lookup_symbolxx(struct syminfo *s, target_ulong orig_addr) 1874 { 1875 #if ELF_CLASS == ELFCLASS32 1876 struct elf_sym *syms = s->disas_symtab.elf32; 1877 #else 1878 struct elf_sym *syms = s->disas_symtab.elf64; 1879 #endif 1880 1881 // binary search 1882 struct elf_sym *sym; 1883 1884 sym = bsearch(&orig_addr, syms, s->disas_num_syms, sizeof(*syms), symfind); 1885 if (sym != NULL) { 1886 return s->disas_strtab + sym->st_name; 1887 } 1888 1889 return ""; 1890 } 1891 1892 /* FIXME: This should use elf_ops.h */ 1893 static int symcmp(const void *s0, const void *s1) 1894 { 1895 struct elf_sym *sym0 = (struct elf_sym *)s0; 1896 struct elf_sym *sym1 = (struct elf_sym *)s1; 1897 return (sym0->st_value < sym1->st_value) 1898 ? -1 1899 : ((sym0->st_value > sym1->st_value) ? 1 : 0); 1900 } 1901 1902 /* Best attempt to load symbols from this ELF object. */ 1903 static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias) 1904 { 1905 int i, shnum, nsyms, sym_idx = 0, str_idx = 0; 1906 struct elf_shdr *shdr; 1907 char *strings = NULL; 1908 struct syminfo *s = NULL; 1909 struct elf_sym *new_syms, *syms = NULL; 1910 1911 shnum = hdr->e_shnum; 1912 i = shnum * sizeof(struct elf_shdr); 1913 shdr = (struct elf_shdr *)alloca(i); 1914 if (pread(fd, shdr, i, hdr->e_shoff) != i) { 1915 return; 1916 } 1917 1918 bswap_shdr(shdr, shnum); 1919 for (i = 0; i < shnum; ++i) { 1920 if (shdr[i].sh_type == SHT_SYMTAB) { 1921 sym_idx = i; 1922 str_idx = shdr[i].sh_link; 1923 goto found; 1924 } 1925 } 1926 1927 /* There will be no symbol table if the file was stripped. */ 1928 return; 1929 1930 found: 1931 /* Now know where the strtab and symtab are. Snarf them. */ 1932 s = malloc(sizeof(*s)); 1933 if (!s) { 1934 goto give_up; 1935 } 1936 1937 i = shdr[str_idx].sh_size; 1938 s->disas_strtab = strings = malloc(i); 1939 if (!strings || pread(fd, strings, i, shdr[str_idx].sh_offset) != i) { 1940 goto give_up; 1941 } 1942 1943 i = shdr[sym_idx].sh_size; 1944 syms = malloc(i); 1945 if (!syms || pread(fd, syms, i, shdr[sym_idx].sh_offset) != i) { 1946 goto give_up; 1947 } 1948 1949 nsyms = i / sizeof(struct elf_sym); 1950 for (i = 0; i < nsyms; ) { 1951 bswap_sym(syms + i); 1952 /* Throw away entries which we do not need. */ 1953 if (syms[i].st_shndx == SHN_UNDEF 1954 || syms[i].st_shndx >= SHN_LORESERVE 1955 || ELF_ST_TYPE(syms[i].st_info) != STT_FUNC) { 1956 if (i < --nsyms) { 1957 syms[i] = syms[nsyms]; 1958 } 1959 } else { 1960 #if defined(TARGET_ARM) || defined (TARGET_MIPS) 1961 /* The bottom address bit marks a Thumb or MIPS16 symbol. */ 1962 syms[i].st_value &= ~(target_ulong)1; 1963 #endif 1964 syms[i].st_value += load_bias; 1965 i++; 1966 } 1967 } 1968 1969 /* No "useful" symbol. */ 1970 if (nsyms == 0) { 1971 goto give_up; 1972 } 1973 1974 /* Attempt to free the storage associated with the local symbols 1975 that we threw away. Whether or not this has any effect on the 1976 memory allocation depends on the malloc implementation and how 1977 many symbols we managed to discard. */ 1978 new_syms = realloc(syms, nsyms * sizeof(*syms)); 1979 if (new_syms == NULL) { 1980 goto give_up; 1981 } 1982 syms = new_syms; 1983 1984 qsort(syms, nsyms, sizeof(*syms), symcmp); 1985 1986 s->disas_num_syms = nsyms; 1987 #if ELF_CLASS == ELFCLASS32 1988 s->disas_symtab.elf32 = syms; 1989 #else 1990 s->disas_symtab.elf64 = syms; 1991 #endif 1992 s->lookup_symbol = lookup_symbolxx; 1993 s->next = syminfos; 1994 syminfos = s; 1995 1996 return; 1997 1998 give_up: 1999 free(s); 2000 free(strings); 2001 free(syms); 2002 } 2003 2004 int load_elf_binary(struct linux_binprm *bprm, struct image_info *info) 2005 { 2006 struct image_info interp_info; 2007 struct elfhdr elf_ex; 2008 char *elf_interpreter = NULL; 2009 2010 info->start_mmap = (abi_ulong)ELF_START_MMAP; 2011 info->mmap = 0; 2012 info->rss = 0; 2013 2014 load_elf_image(bprm->filename, bprm->fd, info, 2015 &elf_interpreter, bprm->buf); 2016 2017 /* ??? We need a copy of the elf header for passing to create_elf_tables. 2018 If we do nothing, we'll have overwritten this when we re-use bprm->buf 2019 when we load the interpreter. */ 2020 elf_ex = *(struct elfhdr *)bprm->buf; 2021 2022 bprm->p = copy_elf_strings(1, &bprm->filename, bprm->page, bprm->p); 2023 bprm->p = copy_elf_strings(bprm->envc,bprm->envp,bprm->page,bprm->p); 2024 bprm->p = copy_elf_strings(bprm->argc,bprm->argv,bprm->page,bprm->p); 2025 if (!bprm->p) { 2026 fprintf(stderr, "%s: %s\n", bprm->filename, strerror(E2BIG)); 2027 exit(-1); 2028 } 2029 2030 /* Do this so that we can load the interpreter, if need be. We will 2031 change some of these later */ 2032 bprm->p = setup_arg_pages(bprm->p, bprm, info); 2033 2034 if (elf_interpreter) { 2035 load_elf_interp(elf_interpreter, &interp_info, bprm->buf); 2036 2037 /* If the program interpreter is one of these two, then assume 2038 an iBCS2 image. Otherwise assume a native linux image. */ 2039 2040 if (strcmp(elf_interpreter, "/usr/lib/libc.so.1") == 0 2041 || strcmp(elf_interpreter, "/usr/lib/ld.so.1") == 0) { 2042 info->personality = PER_SVR4; 2043 2044 /* Why this, you ask??? Well SVr4 maps page 0 as read-only, 2045 and some applications "depend" upon this behavior. Since 2046 we do not have the power to recompile these, we emulate 2047 the SVr4 behavior. Sigh. */ 2048 target_mmap(0, qemu_host_page_size, PROT_READ | PROT_EXEC, 2049 MAP_FIXED | MAP_PRIVATE, -1, 0); 2050 } 2051 } 2052 2053 bprm->p = create_elf_tables(bprm->p, bprm->argc, bprm->envc, &elf_ex, 2054 info, (elf_interpreter ? &interp_info : NULL)); 2055 info->start_stack = bprm->p; 2056 2057 /* If we have an interpreter, set that as the program's entry point. 2058 Copy the load_bias as well, to help PPC64 interpret the entry 2059 point as a function descriptor. Do this after creating elf tables 2060 so that we copy the original program entry point into the AUXV. */ 2061 if (elf_interpreter) { 2062 info->load_bias = interp_info.load_bias; 2063 info->entry = interp_info.entry; 2064 free(elf_interpreter); 2065 } 2066 2067 #ifdef USE_ELF_CORE_DUMP 2068 bprm->core_dump = &elf_core_dump; 2069 #endif 2070 2071 return 0; 2072 } 2073 2074 #ifdef USE_ELF_CORE_DUMP 2075 /* 2076 * Definitions to generate Intel SVR4-like core files. 2077 * These mostly have the same names as the SVR4 types with "target_elf_" 2078 * tacked on the front to prevent clashes with linux definitions, 2079 * and the typedef forms have been avoided. This is mostly like 2080 * the SVR4 structure, but more Linuxy, with things that Linux does 2081 * not support and which gdb doesn't really use excluded. 2082 * 2083 * Fields we don't dump (their contents is zero) in linux-user qemu 2084 * are marked with XXX. 2085 * 2086 * Core dump code is copied from linux kernel (fs/binfmt_elf.c). 2087 * 2088 * Porting ELF coredump for target is (quite) simple process. First you 2089 * define USE_ELF_CORE_DUMP in target ELF code (where init_thread() for 2090 * the target resides): 2091 * 2092 * #define USE_ELF_CORE_DUMP 2093 * 2094 * Next you define type of register set used for dumping. ELF specification 2095 * says that it needs to be array of elf_greg_t that has size of ELF_NREG. 2096 * 2097 * typedef <target_regtype> target_elf_greg_t; 2098 * #define ELF_NREG <number of registers> 2099 * typedef taret_elf_greg_t target_elf_gregset_t[ELF_NREG]; 2100 * 2101 * Last step is to implement target specific function that copies registers 2102 * from given cpu into just specified register set. Prototype is: 2103 * 2104 * static void elf_core_copy_regs(taret_elf_gregset_t *regs, 2105 * const CPUArchState *env); 2106 * 2107 * Parameters: 2108 * regs - copy register values into here (allocated and zeroed by caller) 2109 * env - copy registers from here 2110 * 2111 * Example for ARM target is provided in this file. 2112 */ 2113 2114 /* An ELF note in memory */ 2115 struct memelfnote { 2116 const char *name; 2117 size_t namesz; 2118 size_t namesz_rounded; 2119 int type; 2120 size_t datasz; 2121 size_t datasz_rounded; 2122 void *data; 2123 size_t notesz; 2124 }; 2125 2126 struct target_elf_siginfo { 2127 abi_int si_signo; /* signal number */ 2128 abi_int si_code; /* extra code */ 2129 abi_int si_errno; /* errno */ 2130 }; 2131 2132 struct target_elf_prstatus { 2133 struct target_elf_siginfo pr_info; /* Info associated with signal */ 2134 abi_short pr_cursig; /* Current signal */ 2135 abi_ulong pr_sigpend; /* XXX */ 2136 abi_ulong pr_sighold; /* XXX */ 2137 target_pid_t pr_pid; 2138 target_pid_t pr_ppid; 2139 target_pid_t pr_pgrp; 2140 target_pid_t pr_sid; 2141 struct target_timeval pr_utime; /* XXX User time */ 2142 struct target_timeval pr_stime; /* XXX System time */ 2143 struct target_timeval pr_cutime; /* XXX Cumulative user time */ 2144 struct target_timeval pr_cstime; /* XXX Cumulative system time */ 2145 target_elf_gregset_t pr_reg; /* GP registers */ 2146 abi_int pr_fpvalid; /* XXX */ 2147 }; 2148 2149 #define ELF_PRARGSZ (80) /* Number of chars for args */ 2150 2151 struct target_elf_prpsinfo { 2152 char pr_state; /* numeric process state */ 2153 char pr_sname; /* char for pr_state */ 2154 char pr_zomb; /* zombie */ 2155 char pr_nice; /* nice val */ 2156 abi_ulong pr_flag; /* flags */ 2157 target_uid_t pr_uid; 2158 target_gid_t pr_gid; 2159 target_pid_t pr_pid, pr_ppid, pr_pgrp, pr_sid; 2160 /* Lots missing */ 2161 char pr_fname[16]; /* filename of executable */ 2162 char pr_psargs[ELF_PRARGSZ]; /* initial part of arg list */ 2163 }; 2164 2165 /* Here is the structure in which status of each thread is captured. */ 2166 struct elf_thread_status { 2167 QTAILQ_ENTRY(elf_thread_status) ets_link; 2168 struct target_elf_prstatus prstatus; /* NT_PRSTATUS */ 2169 #if 0 2170 elf_fpregset_t fpu; /* NT_PRFPREG */ 2171 struct task_struct *thread; 2172 elf_fpxregset_t xfpu; /* ELF_CORE_XFPREG_TYPE */ 2173 #endif 2174 struct memelfnote notes[1]; 2175 int num_notes; 2176 }; 2177 2178 struct elf_note_info { 2179 struct memelfnote *notes; 2180 struct target_elf_prstatus *prstatus; /* NT_PRSTATUS */ 2181 struct target_elf_prpsinfo *psinfo; /* NT_PRPSINFO */ 2182 2183 QTAILQ_HEAD(thread_list_head, elf_thread_status) thread_list; 2184 #if 0 2185 /* 2186 * Current version of ELF coredump doesn't support 2187 * dumping fp regs etc. 2188 */ 2189 elf_fpregset_t *fpu; 2190 elf_fpxregset_t *xfpu; 2191 int thread_status_size; 2192 #endif 2193 int notes_size; 2194 int numnote; 2195 }; 2196 2197 struct vm_area_struct { 2198 abi_ulong vma_start; /* start vaddr of memory region */ 2199 abi_ulong vma_end; /* end vaddr of memory region */ 2200 abi_ulong vma_flags; /* protection etc. flags for the region */ 2201 QTAILQ_ENTRY(vm_area_struct) vma_link; 2202 }; 2203 2204 struct mm_struct { 2205 QTAILQ_HEAD(, vm_area_struct) mm_mmap; 2206 int mm_count; /* number of mappings */ 2207 }; 2208 2209 static struct mm_struct *vma_init(void); 2210 static void vma_delete(struct mm_struct *); 2211 static int vma_add_mapping(struct mm_struct *, abi_ulong, 2212 abi_ulong, abi_ulong); 2213 static int vma_get_mapping_count(const struct mm_struct *); 2214 static struct vm_area_struct *vma_first(const struct mm_struct *); 2215 static struct vm_area_struct *vma_next(struct vm_area_struct *); 2216 static abi_ulong vma_dump_size(const struct vm_area_struct *); 2217 static int vma_walker(void *priv, abi_ulong start, abi_ulong end, 2218 unsigned long flags); 2219 2220 static void fill_elf_header(struct elfhdr *, int, uint16_t, uint32_t); 2221 static void fill_note(struct memelfnote *, const char *, int, 2222 unsigned int, void *); 2223 static void fill_prstatus(struct target_elf_prstatus *, const TaskState *, int); 2224 static int fill_psinfo(struct target_elf_prpsinfo *, const TaskState *); 2225 static void fill_auxv_note(struct memelfnote *, const TaskState *); 2226 static void fill_elf_note_phdr(struct elf_phdr *, int, off_t); 2227 static size_t note_size(const struct memelfnote *); 2228 static void free_note_info(struct elf_note_info *); 2229 static int fill_note_info(struct elf_note_info *, long, const CPUArchState *); 2230 static void fill_thread_info(struct elf_note_info *, const CPUArchState *); 2231 static int core_dump_filename(const TaskState *, char *, size_t); 2232 2233 static int dump_write(int, const void *, size_t); 2234 static int write_note(struct memelfnote *, int); 2235 static int write_note_info(struct elf_note_info *, int); 2236 2237 #ifdef BSWAP_NEEDED 2238 static void bswap_prstatus(struct target_elf_prstatus *prstatus) 2239 { 2240 prstatus->pr_info.si_signo = tswap32(prstatus->pr_info.si_signo); 2241 prstatus->pr_info.si_code = tswap32(prstatus->pr_info.si_code); 2242 prstatus->pr_info.si_errno = tswap32(prstatus->pr_info.si_errno); 2243 prstatus->pr_cursig = tswap16(prstatus->pr_cursig); 2244 prstatus->pr_sigpend = tswapal(prstatus->pr_sigpend); 2245 prstatus->pr_sighold = tswapal(prstatus->pr_sighold); 2246 prstatus->pr_pid = tswap32(prstatus->pr_pid); 2247 prstatus->pr_ppid = tswap32(prstatus->pr_ppid); 2248 prstatus->pr_pgrp = tswap32(prstatus->pr_pgrp); 2249 prstatus->pr_sid = tswap32(prstatus->pr_sid); 2250 /* cpu times are not filled, so we skip them */ 2251 /* regs should be in correct format already */ 2252 prstatus->pr_fpvalid = tswap32(prstatus->pr_fpvalid); 2253 } 2254 2255 static void bswap_psinfo(struct target_elf_prpsinfo *psinfo) 2256 { 2257 psinfo->pr_flag = tswapal(psinfo->pr_flag); 2258 psinfo->pr_uid = tswap16(psinfo->pr_uid); 2259 psinfo->pr_gid = tswap16(psinfo->pr_gid); 2260 psinfo->pr_pid = tswap32(psinfo->pr_pid); 2261 psinfo->pr_ppid = tswap32(psinfo->pr_ppid); 2262 psinfo->pr_pgrp = tswap32(psinfo->pr_pgrp); 2263 psinfo->pr_sid = tswap32(psinfo->pr_sid); 2264 } 2265 2266 static void bswap_note(struct elf_note *en) 2267 { 2268 bswap32s(&en->n_namesz); 2269 bswap32s(&en->n_descsz); 2270 bswap32s(&en->n_type); 2271 } 2272 #else 2273 static inline void bswap_prstatus(struct target_elf_prstatus *p) { } 2274 static inline void bswap_psinfo(struct target_elf_prpsinfo *p) {} 2275 static inline void bswap_note(struct elf_note *en) { } 2276 #endif /* BSWAP_NEEDED */ 2277 2278 /* 2279 * Minimal support for linux memory regions. These are needed 2280 * when we are finding out what memory exactly belongs to 2281 * emulated process. No locks needed here, as long as 2282 * thread that received the signal is stopped. 2283 */ 2284 2285 static struct mm_struct *vma_init(void) 2286 { 2287 struct mm_struct *mm; 2288 2289 if ((mm = g_malloc(sizeof (*mm))) == NULL) 2290 return (NULL); 2291 2292 mm->mm_count = 0; 2293 QTAILQ_INIT(&mm->mm_mmap); 2294 2295 return (mm); 2296 } 2297 2298 static void vma_delete(struct mm_struct *mm) 2299 { 2300 struct vm_area_struct *vma; 2301 2302 while ((vma = vma_first(mm)) != NULL) { 2303 QTAILQ_REMOVE(&mm->mm_mmap, vma, vma_link); 2304 g_free(vma); 2305 } 2306 g_free(mm); 2307 } 2308 2309 static int vma_add_mapping(struct mm_struct *mm, abi_ulong start, 2310 abi_ulong end, abi_ulong flags) 2311 { 2312 struct vm_area_struct *vma; 2313 2314 if ((vma = g_malloc0(sizeof (*vma))) == NULL) 2315 return (-1); 2316 2317 vma->vma_start = start; 2318 vma->vma_end = end; 2319 vma->vma_flags = flags; 2320 2321 QTAILQ_INSERT_TAIL(&mm->mm_mmap, vma, vma_link); 2322 mm->mm_count++; 2323 2324 return (0); 2325 } 2326 2327 static struct vm_area_struct *vma_first(const struct mm_struct *mm) 2328 { 2329 return (QTAILQ_FIRST(&mm->mm_mmap)); 2330 } 2331 2332 static struct vm_area_struct *vma_next(struct vm_area_struct *vma) 2333 { 2334 return (QTAILQ_NEXT(vma, vma_link)); 2335 } 2336 2337 static int vma_get_mapping_count(const struct mm_struct *mm) 2338 { 2339 return (mm->mm_count); 2340 } 2341 2342 /* 2343 * Calculate file (dump) size of given memory region. 2344 */ 2345 static abi_ulong vma_dump_size(const struct vm_area_struct *vma) 2346 { 2347 /* if we cannot even read the first page, skip it */ 2348 if (!access_ok(VERIFY_READ, vma->vma_start, TARGET_PAGE_SIZE)) 2349 return (0); 2350 2351 /* 2352 * Usually we don't dump executable pages as they contain 2353 * non-writable code that debugger can read directly from 2354 * target library etc. However, thread stacks are marked 2355 * also executable so we read in first page of given region 2356 * and check whether it contains elf header. If there is 2357 * no elf header, we dump it. 2358 */ 2359 if (vma->vma_flags & PROT_EXEC) { 2360 char page[TARGET_PAGE_SIZE]; 2361 2362 copy_from_user(page, vma->vma_start, sizeof (page)); 2363 if ((page[EI_MAG0] == ELFMAG0) && 2364 (page[EI_MAG1] == ELFMAG1) && 2365 (page[EI_MAG2] == ELFMAG2) && 2366 (page[EI_MAG3] == ELFMAG3)) { 2367 /* 2368 * Mappings are possibly from ELF binary. Don't dump 2369 * them. 2370 */ 2371 return (0); 2372 } 2373 } 2374 2375 return (vma->vma_end - vma->vma_start); 2376 } 2377 2378 static int vma_walker(void *priv, abi_ulong start, abi_ulong end, 2379 unsigned long flags) 2380 { 2381 struct mm_struct *mm = (struct mm_struct *)priv; 2382 2383 vma_add_mapping(mm, start, end, flags); 2384 return (0); 2385 } 2386 2387 static void fill_note(struct memelfnote *note, const char *name, int type, 2388 unsigned int sz, void *data) 2389 { 2390 unsigned int namesz; 2391 2392 namesz = strlen(name) + 1; 2393 note->name = name; 2394 note->namesz = namesz; 2395 note->namesz_rounded = roundup(namesz, sizeof (int32_t)); 2396 note->type = type; 2397 note->datasz = sz; 2398 note->datasz_rounded = roundup(sz, sizeof (int32_t)); 2399 2400 note->data = data; 2401 2402 /* 2403 * We calculate rounded up note size here as specified by 2404 * ELF document. 2405 */ 2406 note->notesz = sizeof (struct elf_note) + 2407 note->namesz_rounded + note->datasz_rounded; 2408 } 2409 2410 static void fill_elf_header(struct elfhdr *elf, int segs, uint16_t machine, 2411 uint32_t flags) 2412 { 2413 (void) memset(elf, 0, sizeof(*elf)); 2414 2415 (void) memcpy(elf->e_ident, ELFMAG, SELFMAG); 2416 elf->e_ident[EI_CLASS] = ELF_CLASS; 2417 elf->e_ident[EI_DATA] = ELF_DATA; 2418 elf->e_ident[EI_VERSION] = EV_CURRENT; 2419 elf->e_ident[EI_OSABI] = ELF_OSABI; 2420 2421 elf->e_type = ET_CORE; 2422 elf->e_machine = machine; 2423 elf->e_version = EV_CURRENT; 2424 elf->e_phoff = sizeof(struct elfhdr); 2425 elf->e_flags = flags; 2426 elf->e_ehsize = sizeof(struct elfhdr); 2427 elf->e_phentsize = sizeof(struct elf_phdr); 2428 elf->e_phnum = segs; 2429 2430 bswap_ehdr(elf); 2431 } 2432 2433 static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, off_t offset) 2434 { 2435 phdr->p_type = PT_NOTE; 2436 phdr->p_offset = offset; 2437 phdr->p_vaddr = 0; 2438 phdr->p_paddr = 0; 2439 phdr->p_filesz = sz; 2440 phdr->p_memsz = 0; 2441 phdr->p_flags = 0; 2442 phdr->p_align = 0; 2443 2444 bswap_phdr(phdr, 1); 2445 } 2446 2447 static size_t note_size(const struct memelfnote *note) 2448 { 2449 return (note->notesz); 2450 } 2451 2452 static void fill_prstatus(struct target_elf_prstatus *prstatus, 2453 const TaskState *ts, int signr) 2454 { 2455 (void) memset(prstatus, 0, sizeof (*prstatus)); 2456 prstatus->pr_info.si_signo = prstatus->pr_cursig = signr; 2457 prstatus->pr_pid = ts->ts_tid; 2458 prstatus->pr_ppid = getppid(); 2459 prstatus->pr_pgrp = getpgrp(); 2460 prstatus->pr_sid = getsid(0); 2461 2462 bswap_prstatus(prstatus); 2463 } 2464 2465 static int fill_psinfo(struct target_elf_prpsinfo *psinfo, const TaskState *ts) 2466 { 2467 char *base_filename; 2468 unsigned int i, len; 2469 2470 (void) memset(psinfo, 0, sizeof (*psinfo)); 2471 2472 len = ts->info->arg_end - ts->info->arg_start; 2473 if (len >= ELF_PRARGSZ) 2474 len = ELF_PRARGSZ - 1; 2475 if (copy_from_user(&psinfo->pr_psargs, ts->info->arg_start, len)) 2476 return -EFAULT; 2477 for (i = 0; i < len; i++) 2478 if (psinfo->pr_psargs[i] == 0) 2479 psinfo->pr_psargs[i] = ' '; 2480 psinfo->pr_psargs[len] = 0; 2481 2482 psinfo->pr_pid = getpid(); 2483 psinfo->pr_ppid = getppid(); 2484 psinfo->pr_pgrp = getpgrp(); 2485 psinfo->pr_sid = getsid(0); 2486 psinfo->pr_uid = getuid(); 2487 psinfo->pr_gid = getgid(); 2488 2489 base_filename = g_path_get_basename(ts->bprm->filename); 2490 /* 2491 * Using strncpy here is fine: at max-length, 2492 * this field is not NUL-terminated. 2493 */ 2494 (void) strncpy(psinfo->pr_fname, base_filename, 2495 sizeof(psinfo->pr_fname)); 2496 2497 g_free(base_filename); 2498 bswap_psinfo(psinfo); 2499 return (0); 2500 } 2501 2502 static void fill_auxv_note(struct memelfnote *note, const TaskState *ts) 2503 { 2504 elf_addr_t auxv = (elf_addr_t)ts->info->saved_auxv; 2505 elf_addr_t orig_auxv = auxv; 2506 void *ptr; 2507 int len = ts->info->auxv_len; 2508 2509 /* 2510 * Auxiliary vector is stored in target process stack. It contains 2511 * {type, value} pairs that we need to dump into note. This is not 2512 * strictly necessary but we do it here for sake of completeness. 2513 */ 2514 2515 /* read in whole auxv vector and copy it to memelfnote */ 2516 ptr = lock_user(VERIFY_READ, orig_auxv, len, 0); 2517 if (ptr != NULL) { 2518 fill_note(note, "CORE", NT_AUXV, len, ptr); 2519 unlock_user(ptr, auxv, len); 2520 } 2521 } 2522 2523 /* 2524 * Constructs name of coredump file. We have following convention 2525 * for the name: 2526 * qemu_<basename-of-target-binary>_<date>-<time>_<pid>.core 2527 * 2528 * Returns 0 in case of success, -1 otherwise (errno is set). 2529 */ 2530 static int core_dump_filename(const TaskState *ts, char *buf, 2531 size_t bufsize) 2532 { 2533 char timestamp[64]; 2534 char *filename = NULL; 2535 char *base_filename = NULL; 2536 struct timeval tv; 2537 struct tm tm; 2538 2539 assert(bufsize >= PATH_MAX); 2540 2541 if (gettimeofday(&tv, NULL) < 0) { 2542 (void) fprintf(stderr, "unable to get current timestamp: %s", 2543 strerror(errno)); 2544 return (-1); 2545 } 2546 2547 filename = strdup(ts->bprm->filename); 2548 base_filename = strdup(basename(filename)); 2549 (void) strftime(timestamp, sizeof (timestamp), "%Y%m%d-%H%M%S", 2550 localtime_r(&tv.tv_sec, &tm)); 2551 (void) snprintf(buf, bufsize, "qemu_%s_%s_%d.core", 2552 base_filename, timestamp, (int)getpid()); 2553 free(base_filename); 2554 free(filename); 2555 2556 return (0); 2557 } 2558 2559 static int dump_write(int fd, const void *ptr, size_t size) 2560 { 2561 const char *bufp = (const char *)ptr; 2562 ssize_t bytes_written, bytes_left; 2563 struct rlimit dumpsize; 2564 off_t pos; 2565 2566 bytes_written = 0; 2567 getrlimit(RLIMIT_CORE, &dumpsize); 2568 if ((pos = lseek(fd, 0, SEEK_CUR))==-1) { 2569 if (errno == ESPIPE) { /* not a seekable stream */ 2570 bytes_left = size; 2571 } else { 2572 return pos; 2573 } 2574 } else { 2575 if (dumpsize.rlim_cur <= pos) { 2576 return -1; 2577 } else if (dumpsize.rlim_cur == RLIM_INFINITY) { 2578 bytes_left = size; 2579 } else { 2580 size_t limit_left=dumpsize.rlim_cur - pos; 2581 bytes_left = limit_left >= size ? size : limit_left ; 2582 } 2583 } 2584 2585 /* 2586 * In normal conditions, single write(2) should do but 2587 * in case of socket etc. this mechanism is more portable. 2588 */ 2589 do { 2590 bytes_written = write(fd, bufp, bytes_left); 2591 if (bytes_written < 0) { 2592 if (errno == EINTR) 2593 continue; 2594 return (-1); 2595 } else if (bytes_written == 0) { /* eof */ 2596 return (-1); 2597 } 2598 bufp += bytes_written; 2599 bytes_left -= bytes_written; 2600 } while (bytes_left > 0); 2601 2602 return (0); 2603 } 2604 2605 static int write_note(struct memelfnote *men, int fd) 2606 { 2607 struct elf_note en; 2608 2609 en.n_namesz = men->namesz; 2610 en.n_type = men->type; 2611 en.n_descsz = men->datasz; 2612 2613 bswap_note(&en); 2614 2615 if (dump_write(fd, &en, sizeof(en)) != 0) 2616 return (-1); 2617 if (dump_write(fd, men->name, men->namesz_rounded) != 0) 2618 return (-1); 2619 if (dump_write(fd, men->data, men->datasz_rounded) != 0) 2620 return (-1); 2621 2622 return (0); 2623 } 2624 2625 static void fill_thread_info(struct elf_note_info *info, const CPUArchState *env) 2626 { 2627 CPUState *cpu = ENV_GET_CPU((CPUArchState *)env); 2628 TaskState *ts = (TaskState *)cpu->opaque; 2629 struct elf_thread_status *ets; 2630 2631 ets = g_malloc0(sizeof (*ets)); 2632 ets->num_notes = 1; /* only prstatus is dumped */ 2633 fill_prstatus(&ets->prstatus, ts, 0); 2634 elf_core_copy_regs(&ets->prstatus.pr_reg, env); 2635 fill_note(&ets->notes[0], "CORE", NT_PRSTATUS, sizeof (ets->prstatus), 2636 &ets->prstatus); 2637 2638 QTAILQ_INSERT_TAIL(&info->thread_list, ets, ets_link); 2639 2640 info->notes_size += note_size(&ets->notes[0]); 2641 } 2642 2643 static void init_note_info(struct elf_note_info *info) 2644 { 2645 /* Initialize the elf_note_info structure so that it is at 2646 * least safe to call free_note_info() on it. Must be 2647 * called before calling fill_note_info(). 2648 */ 2649 memset(info, 0, sizeof (*info)); 2650 QTAILQ_INIT(&info->thread_list); 2651 } 2652 2653 static int fill_note_info(struct elf_note_info *info, 2654 long signr, const CPUArchState *env) 2655 { 2656 #define NUMNOTES 3 2657 CPUState *cpu = ENV_GET_CPU((CPUArchState *)env); 2658 TaskState *ts = (TaskState *)cpu->opaque; 2659 int i; 2660 2661 info->notes = g_malloc0(NUMNOTES * sizeof (struct memelfnote)); 2662 if (info->notes == NULL) 2663 return (-ENOMEM); 2664 info->prstatus = g_malloc0(sizeof (*info->prstatus)); 2665 if (info->prstatus == NULL) 2666 return (-ENOMEM); 2667 info->psinfo = g_malloc0(sizeof (*info->psinfo)); 2668 if (info->prstatus == NULL) 2669 return (-ENOMEM); 2670 2671 /* 2672 * First fill in status (and registers) of current thread 2673 * including process info & aux vector. 2674 */ 2675 fill_prstatus(info->prstatus, ts, signr); 2676 elf_core_copy_regs(&info->prstatus->pr_reg, env); 2677 fill_note(&info->notes[0], "CORE", NT_PRSTATUS, 2678 sizeof (*info->prstatus), info->prstatus); 2679 fill_psinfo(info->psinfo, ts); 2680 fill_note(&info->notes[1], "CORE", NT_PRPSINFO, 2681 sizeof (*info->psinfo), info->psinfo); 2682 fill_auxv_note(&info->notes[2], ts); 2683 info->numnote = 3; 2684 2685 info->notes_size = 0; 2686 for (i = 0; i < info->numnote; i++) 2687 info->notes_size += note_size(&info->notes[i]); 2688 2689 /* read and fill status of all threads */ 2690 cpu_list_lock(); 2691 CPU_FOREACH(cpu) { 2692 if (cpu == thread_cpu) { 2693 continue; 2694 } 2695 fill_thread_info(info, (CPUArchState *)cpu->env_ptr); 2696 } 2697 cpu_list_unlock(); 2698 2699 return (0); 2700 } 2701 2702 static void free_note_info(struct elf_note_info *info) 2703 { 2704 struct elf_thread_status *ets; 2705 2706 while (!QTAILQ_EMPTY(&info->thread_list)) { 2707 ets = QTAILQ_FIRST(&info->thread_list); 2708 QTAILQ_REMOVE(&info->thread_list, ets, ets_link); 2709 g_free(ets); 2710 } 2711 2712 g_free(info->prstatus); 2713 g_free(info->psinfo); 2714 g_free(info->notes); 2715 } 2716 2717 static int write_note_info(struct elf_note_info *info, int fd) 2718 { 2719 struct elf_thread_status *ets; 2720 int i, error = 0; 2721 2722 /* write prstatus, psinfo and auxv for current thread */ 2723 for (i = 0; i < info->numnote; i++) 2724 if ((error = write_note(&info->notes[i], fd)) != 0) 2725 return (error); 2726 2727 /* write prstatus for each thread */ 2728 for (ets = info->thread_list.tqh_first; ets != NULL; 2729 ets = ets->ets_link.tqe_next) { 2730 if ((error = write_note(&ets->notes[0], fd)) != 0) 2731 return (error); 2732 } 2733 2734 return (0); 2735 } 2736 2737 /* 2738 * Write out ELF coredump. 2739 * 2740 * See documentation of ELF object file format in: 2741 * http://www.caldera.com/developers/devspecs/gabi41.pdf 2742 * 2743 * Coredump format in linux is following: 2744 * 2745 * 0 +----------------------+ \ 2746 * | ELF header | ET_CORE | 2747 * +----------------------+ | 2748 * | ELF program headers | |--- headers 2749 * | - NOTE section | | 2750 * | - PT_LOAD sections | | 2751 * +----------------------+ / 2752 * | NOTEs: | 2753 * | - NT_PRSTATUS | 2754 * | - NT_PRSINFO | 2755 * | - NT_AUXV | 2756 * +----------------------+ <-- aligned to target page 2757 * | Process memory dump | 2758 * : : 2759 * . . 2760 * : : 2761 * | | 2762 * +----------------------+ 2763 * 2764 * NT_PRSTATUS -> struct elf_prstatus (per thread) 2765 * NT_PRSINFO -> struct elf_prpsinfo 2766 * NT_AUXV is array of { type, value } pairs (see fill_auxv_note()). 2767 * 2768 * Format follows System V format as close as possible. Current 2769 * version limitations are as follows: 2770 * - no floating point registers are dumped 2771 * 2772 * Function returns 0 in case of success, negative errno otherwise. 2773 * 2774 * TODO: make this work also during runtime: it should be 2775 * possible to force coredump from running process and then 2776 * continue processing. For example qemu could set up SIGUSR2 2777 * handler (provided that target process haven't registered 2778 * handler for that) that does the dump when signal is received. 2779 */ 2780 static int elf_core_dump(int signr, const CPUArchState *env) 2781 { 2782 const CPUState *cpu = ENV_GET_CPU((CPUArchState *)env); 2783 const TaskState *ts = (const TaskState *)cpu->opaque; 2784 struct vm_area_struct *vma = NULL; 2785 char corefile[PATH_MAX]; 2786 struct elf_note_info info; 2787 struct elfhdr elf; 2788 struct elf_phdr phdr; 2789 struct rlimit dumpsize; 2790 struct mm_struct *mm = NULL; 2791 off_t offset = 0, data_offset = 0; 2792 int segs = 0; 2793 int fd = -1; 2794 2795 init_note_info(&info); 2796 2797 errno = 0; 2798 getrlimit(RLIMIT_CORE, &dumpsize); 2799 if (dumpsize.rlim_cur == 0) 2800 return 0; 2801 2802 if (core_dump_filename(ts, corefile, sizeof (corefile)) < 0) 2803 return (-errno); 2804 2805 if ((fd = open(corefile, O_WRONLY | O_CREAT, 2806 S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)) < 0) 2807 return (-errno); 2808 2809 /* 2810 * Walk through target process memory mappings and 2811 * set up structure containing this information. After 2812 * this point vma_xxx functions can be used. 2813 */ 2814 if ((mm = vma_init()) == NULL) 2815 goto out; 2816 2817 walk_memory_regions(mm, vma_walker); 2818 segs = vma_get_mapping_count(mm); 2819 2820 /* 2821 * Construct valid coredump ELF header. We also 2822 * add one more segment for notes. 2823 */ 2824 fill_elf_header(&elf, segs + 1, ELF_MACHINE, 0); 2825 if (dump_write(fd, &elf, sizeof (elf)) != 0) 2826 goto out; 2827 2828 /* fill in in-memory version of notes */ 2829 if (fill_note_info(&info, signr, env) < 0) 2830 goto out; 2831 2832 offset += sizeof (elf); /* elf header */ 2833 offset += (segs + 1) * sizeof (struct elf_phdr); /* program headers */ 2834 2835 /* write out notes program header */ 2836 fill_elf_note_phdr(&phdr, info.notes_size, offset); 2837 2838 offset += info.notes_size; 2839 if (dump_write(fd, &phdr, sizeof (phdr)) != 0) 2840 goto out; 2841 2842 /* 2843 * ELF specification wants data to start at page boundary so 2844 * we align it here. 2845 */ 2846 data_offset = offset = roundup(offset, ELF_EXEC_PAGESIZE); 2847 2848 /* 2849 * Write program headers for memory regions mapped in 2850 * the target process. 2851 */ 2852 for (vma = vma_first(mm); vma != NULL; vma = vma_next(vma)) { 2853 (void) memset(&phdr, 0, sizeof (phdr)); 2854 2855 phdr.p_type = PT_LOAD; 2856 phdr.p_offset = offset; 2857 phdr.p_vaddr = vma->vma_start; 2858 phdr.p_paddr = 0; 2859 phdr.p_filesz = vma_dump_size(vma); 2860 offset += phdr.p_filesz; 2861 phdr.p_memsz = vma->vma_end - vma->vma_start; 2862 phdr.p_flags = vma->vma_flags & PROT_READ ? PF_R : 0; 2863 if (vma->vma_flags & PROT_WRITE) 2864 phdr.p_flags |= PF_W; 2865 if (vma->vma_flags & PROT_EXEC) 2866 phdr.p_flags |= PF_X; 2867 phdr.p_align = ELF_EXEC_PAGESIZE; 2868 2869 bswap_phdr(&phdr, 1); 2870 dump_write(fd, &phdr, sizeof (phdr)); 2871 } 2872 2873 /* 2874 * Next we write notes just after program headers. No 2875 * alignment needed here. 2876 */ 2877 if (write_note_info(&info, fd) < 0) 2878 goto out; 2879 2880 /* align data to page boundary */ 2881 if (lseek(fd, data_offset, SEEK_SET) != data_offset) 2882 goto out; 2883 2884 /* 2885 * Finally we can dump process memory into corefile as well. 2886 */ 2887 for (vma = vma_first(mm); vma != NULL; vma = vma_next(vma)) { 2888 abi_ulong addr; 2889 abi_ulong end; 2890 2891 end = vma->vma_start + vma_dump_size(vma); 2892 2893 for (addr = vma->vma_start; addr < end; 2894 addr += TARGET_PAGE_SIZE) { 2895 char page[TARGET_PAGE_SIZE]; 2896 int error; 2897 2898 /* 2899 * Read in page from target process memory and 2900 * write it to coredump file. 2901 */ 2902 error = copy_from_user(page, addr, sizeof (page)); 2903 if (error != 0) { 2904 (void) fprintf(stderr, "unable to dump " TARGET_ABI_FMT_lx "\n", 2905 addr); 2906 errno = -error; 2907 goto out; 2908 } 2909 if (dump_write(fd, page, TARGET_PAGE_SIZE) < 0) 2910 goto out; 2911 } 2912 } 2913 2914 out: 2915 free_note_info(&info); 2916 if (mm != NULL) 2917 vma_delete(mm); 2918 (void) close(fd); 2919 2920 if (errno != 0) 2921 return (-errno); 2922 return (0); 2923 } 2924 #endif /* USE_ELF_CORE_DUMP */ 2925 2926 void do_init_thread(struct target_pt_regs *regs, struct image_info *infop) 2927 { 2928 init_thread(regs, infop); 2929 } 2930