1 /* This is the Linux kernel elf-loading code, ported into user space */ 2 #include "qemu/osdep.h" 3 #include <sys/param.h> 4 5 #include <sys/resource.h> 6 #include <sys/shm.h> 7 8 #include "qemu.h" 9 #include "user-internals.h" 10 #include "signal-common.h" 11 #include "loader.h" 12 #include "user-mmap.h" 13 #include "disas/disas.h" 14 #include "qemu/bitops.h" 15 #include "qemu/path.h" 16 #include "qemu/queue.h" 17 #include "qemu/guest-random.h" 18 #include "qemu/units.h" 19 #include "qemu/selfmap.h" 20 #include "qemu/lockable.h" 21 #include "qapi/error.h" 22 #include "qemu/error-report.h" 23 #include "target_signal.h" 24 #include "accel/tcg/debuginfo.h" 25 26 #ifdef _ARCH_PPC64 27 #undef ARCH_DLINFO 28 #undef ELF_PLATFORM 29 #undef ELF_HWCAP 30 #undef ELF_HWCAP2 31 #undef ELF_CLASS 32 #undef ELF_DATA 33 #undef ELF_ARCH 34 #endif 35 36 #ifndef TARGET_ARCH_HAS_SIGTRAMP_PAGE 37 #define TARGET_ARCH_HAS_SIGTRAMP_PAGE 0 38 #endif 39 40 typedef struct { 41 const uint8_t *image; 42 const uint32_t *relocs; 43 unsigned image_size; 44 unsigned reloc_count; 45 unsigned sigreturn_ofs; 46 unsigned rt_sigreturn_ofs; 47 } VdsoImageInfo; 48 49 #define ELF_OSABI ELFOSABI_SYSV 50 51 /* from personality.h */ 52 53 /* 54 * Flags for bug emulation. 55 * 56 * These occupy the top three bytes. 57 */ 58 enum { 59 ADDR_NO_RANDOMIZE = 0x0040000, /* disable randomization of VA space */ 60 FDPIC_FUNCPTRS = 0x0080000, /* userspace function ptrs point to 61 descriptors (signal handling) */ 62 MMAP_PAGE_ZERO = 0x0100000, 63 ADDR_COMPAT_LAYOUT = 0x0200000, 64 READ_IMPLIES_EXEC = 0x0400000, 65 ADDR_LIMIT_32BIT = 0x0800000, 66 SHORT_INODE = 0x1000000, 67 WHOLE_SECONDS = 0x2000000, 68 STICKY_TIMEOUTS = 0x4000000, 69 ADDR_LIMIT_3GB = 0x8000000, 70 }; 71 72 /* 73 * Personality types. 74 * 75 * These go in the low byte. Avoid using the top bit, it will 76 * conflict with error returns. 77 */ 78 enum { 79 PER_LINUX = 0x0000, 80 PER_LINUX_32BIT = 0x0000 | ADDR_LIMIT_32BIT, 81 PER_LINUX_FDPIC = 0x0000 | FDPIC_FUNCPTRS, 82 PER_SVR4 = 0x0001 | STICKY_TIMEOUTS | MMAP_PAGE_ZERO, 83 PER_SVR3 = 0x0002 | STICKY_TIMEOUTS | SHORT_INODE, 84 PER_SCOSVR3 = 0x0003 | STICKY_TIMEOUTS | WHOLE_SECONDS | SHORT_INODE, 85 PER_OSR5 = 0x0003 | STICKY_TIMEOUTS | WHOLE_SECONDS, 86 PER_WYSEV386 = 0x0004 | STICKY_TIMEOUTS | SHORT_INODE, 87 PER_ISCR4 = 0x0005 | STICKY_TIMEOUTS, 88 PER_BSD = 0x0006, 89 PER_SUNOS = 0x0006 | STICKY_TIMEOUTS, 90 PER_XENIX = 0x0007 | STICKY_TIMEOUTS | SHORT_INODE, 91 PER_LINUX32 = 0x0008, 92 PER_LINUX32_3GB = 0x0008 | ADDR_LIMIT_3GB, 93 PER_IRIX32 = 0x0009 | STICKY_TIMEOUTS,/* IRIX5 32-bit */ 94 PER_IRIXN32 = 0x000a | STICKY_TIMEOUTS,/* IRIX6 new 32-bit */ 95 PER_IRIX64 = 0x000b | STICKY_TIMEOUTS,/* IRIX6 64-bit */ 96 PER_RISCOS = 0x000c, 97 PER_SOLARIS = 0x000d | STICKY_TIMEOUTS, 98 PER_UW7 = 0x000e | STICKY_TIMEOUTS | MMAP_PAGE_ZERO, 99 PER_OSF4 = 0x000f, /* OSF/1 v4 */ 100 PER_HPUX = 0x0010, 101 PER_MASK = 0x00ff, 102 }; 103 104 /* 105 * Return the base personality without flags. 106 */ 107 #define personality(pers) (pers & PER_MASK) 108 109 int info_is_fdpic(struct image_info *info) 110 { 111 return info->personality == PER_LINUX_FDPIC; 112 } 113 114 /* this flag is uneffective under linux too, should be deleted */ 115 #ifndef MAP_DENYWRITE 116 #define MAP_DENYWRITE 0 117 #endif 118 119 /* should probably go in elf.h */ 120 #ifndef ELIBBAD 121 #define ELIBBAD 80 122 #endif 123 124 #if TARGET_BIG_ENDIAN 125 #define ELF_DATA ELFDATA2MSB 126 #else 127 #define ELF_DATA ELFDATA2LSB 128 #endif 129 130 #ifdef TARGET_ABI_MIPSN32 131 typedef abi_ullong target_elf_greg_t; 132 #define tswapreg(ptr) tswap64(ptr) 133 #else 134 typedef abi_ulong target_elf_greg_t; 135 #define tswapreg(ptr) tswapal(ptr) 136 #endif 137 138 #ifdef USE_UID16 139 typedef abi_ushort target_uid_t; 140 typedef abi_ushort target_gid_t; 141 #else 142 typedef abi_uint target_uid_t; 143 typedef abi_uint target_gid_t; 144 #endif 145 typedef abi_int target_pid_t; 146 147 #ifdef TARGET_I386 148 149 #define ELF_HWCAP get_elf_hwcap() 150 151 static uint32_t get_elf_hwcap(void) 152 { 153 X86CPU *cpu = X86_CPU(thread_cpu); 154 155 return cpu->env.features[FEAT_1_EDX]; 156 } 157 158 #ifdef TARGET_X86_64 159 #define ELF_CLASS ELFCLASS64 160 #define ELF_ARCH EM_X86_64 161 162 #define ELF_PLATFORM "x86_64" 163 164 static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop) 165 { 166 regs->rax = 0; 167 regs->rsp = infop->start_stack; 168 regs->rip = infop->entry; 169 } 170 171 #define ELF_NREG 27 172 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 173 174 /* 175 * Note that ELF_NREG should be 29 as there should be place for 176 * TRAPNO and ERR "registers" as well but linux doesn't dump 177 * those. 178 * 179 * See linux kernel: arch/x86/include/asm/elf.h 180 */ 181 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUX86State *env) 182 { 183 (*regs)[0] = tswapreg(env->regs[15]); 184 (*regs)[1] = tswapreg(env->regs[14]); 185 (*regs)[2] = tswapreg(env->regs[13]); 186 (*regs)[3] = tswapreg(env->regs[12]); 187 (*regs)[4] = tswapreg(env->regs[R_EBP]); 188 (*regs)[5] = tswapreg(env->regs[R_EBX]); 189 (*regs)[6] = tswapreg(env->regs[11]); 190 (*regs)[7] = tswapreg(env->regs[10]); 191 (*regs)[8] = tswapreg(env->regs[9]); 192 (*regs)[9] = tswapreg(env->regs[8]); 193 (*regs)[10] = tswapreg(env->regs[R_EAX]); 194 (*regs)[11] = tswapreg(env->regs[R_ECX]); 195 (*regs)[12] = tswapreg(env->regs[R_EDX]); 196 (*regs)[13] = tswapreg(env->regs[R_ESI]); 197 (*regs)[14] = tswapreg(env->regs[R_EDI]); 198 (*regs)[15] = tswapreg(env->regs[R_EAX]); /* XXX */ 199 (*regs)[16] = tswapreg(env->eip); 200 (*regs)[17] = tswapreg(env->segs[R_CS].selector & 0xffff); 201 (*regs)[18] = tswapreg(env->eflags); 202 (*regs)[19] = tswapreg(env->regs[R_ESP]); 203 (*regs)[20] = tswapreg(env->segs[R_SS].selector & 0xffff); 204 (*regs)[21] = tswapreg(env->segs[R_FS].selector & 0xffff); 205 (*regs)[22] = tswapreg(env->segs[R_GS].selector & 0xffff); 206 (*regs)[23] = tswapreg(env->segs[R_DS].selector & 0xffff); 207 (*regs)[24] = tswapreg(env->segs[R_ES].selector & 0xffff); 208 (*regs)[25] = tswapreg(env->segs[R_FS].selector & 0xffff); 209 (*regs)[26] = tswapreg(env->segs[R_GS].selector & 0xffff); 210 } 211 212 #if ULONG_MAX > UINT32_MAX 213 #define INIT_GUEST_COMMPAGE 214 static bool init_guest_commpage(void) 215 { 216 /* 217 * The vsyscall page is at a high negative address aka kernel space, 218 * which means that we cannot actually allocate it with target_mmap. 219 * We still should be able to use page_set_flags, unless the user 220 * has specified -R reserved_va, which would trigger an assert(). 221 */ 222 if (reserved_va != 0 && 223 TARGET_VSYSCALL_PAGE + TARGET_PAGE_SIZE - 1 > reserved_va) { 224 error_report("Cannot allocate vsyscall page"); 225 exit(EXIT_FAILURE); 226 } 227 page_set_flags(TARGET_VSYSCALL_PAGE, 228 TARGET_VSYSCALL_PAGE | ~TARGET_PAGE_MASK, 229 PAGE_EXEC | PAGE_VALID); 230 return true; 231 } 232 #endif 233 #else 234 235 /* 236 * This is used to ensure we don't load something for the wrong architecture. 237 */ 238 #define elf_check_arch(x) ( ((x) == EM_386) || ((x) == EM_486) ) 239 240 /* 241 * These are used to set parameters in the core dumps. 242 */ 243 #define ELF_CLASS ELFCLASS32 244 #define ELF_ARCH EM_386 245 246 #define ELF_PLATFORM get_elf_platform() 247 #define EXSTACK_DEFAULT true 248 249 static const char *get_elf_platform(void) 250 { 251 static char elf_platform[] = "i386"; 252 int family = object_property_get_int(OBJECT(thread_cpu), "family", NULL); 253 if (family > 6) { 254 family = 6; 255 } 256 if (family >= 3) { 257 elf_platform[1] = '0' + family; 258 } 259 return elf_platform; 260 } 261 262 static inline void init_thread(struct target_pt_regs *regs, 263 struct image_info *infop) 264 { 265 regs->esp = infop->start_stack; 266 regs->eip = infop->entry; 267 268 /* SVR4/i386 ABI (pages 3-31, 3-32) says that when the program 269 starts %edx contains a pointer to a function which might be 270 registered using `atexit'. This provides a mean for the 271 dynamic linker to call DT_FINI functions for shared libraries 272 that have been loaded before the code runs. 273 274 A value of 0 tells we have no such handler. */ 275 regs->edx = 0; 276 } 277 278 #define ELF_NREG 17 279 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 280 281 /* 282 * Note that ELF_NREG should be 19 as there should be place for 283 * TRAPNO and ERR "registers" as well but linux doesn't dump 284 * those. 285 * 286 * See linux kernel: arch/x86/include/asm/elf.h 287 */ 288 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUX86State *env) 289 { 290 (*regs)[0] = tswapreg(env->regs[R_EBX]); 291 (*regs)[1] = tswapreg(env->regs[R_ECX]); 292 (*regs)[2] = tswapreg(env->regs[R_EDX]); 293 (*regs)[3] = tswapreg(env->regs[R_ESI]); 294 (*regs)[4] = tswapreg(env->regs[R_EDI]); 295 (*regs)[5] = tswapreg(env->regs[R_EBP]); 296 (*regs)[6] = tswapreg(env->regs[R_EAX]); 297 (*regs)[7] = tswapreg(env->segs[R_DS].selector & 0xffff); 298 (*regs)[8] = tswapreg(env->segs[R_ES].selector & 0xffff); 299 (*regs)[9] = tswapreg(env->segs[R_FS].selector & 0xffff); 300 (*regs)[10] = tswapreg(env->segs[R_GS].selector & 0xffff); 301 (*regs)[11] = tswapreg(env->regs[R_EAX]); /* XXX */ 302 (*regs)[12] = tswapreg(env->eip); 303 (*regs)[13] = tswapreg(env->segs[R_CS].selector & 0xffff); 304 (*regs)[14] = tswapreg(env->eflags); 305 (*regs)[15] = tswapreg(env->regs[R_ESP]); 306 (*regs)[16] = tswapreg(env->segs[R_SS].selector & 0xffff); 307 } 308 309 /* 310 * i386 is the only target which supplies AT_SYSINFO for the vdso. 311 * All others only supply AT_SYSINFO_EHDR. 312 */ 313 #define DLINFO_ARCH_ITEMS (vdso_info != NULL) 314 #define ARCH_DLINFO \ 315 do { \ 316 if (vdso_info) { \ 317 NEW_AUX_ENT(AT_SYSINFO, vdso_info->entry); \ 318 } \ 319 } while (0) 320 321 #endif /* TARGET_X86_64 */ 322 323 #define VDSO_HEADER "vdso.c.inc" 324 325 #define USE_ELF_CORE_DUMP 326 #define ELF_EXEC_PAGESIZE 4096 327 328 #endif /* TARGET_I386 */ 329 330 #ifdef TARGET_ARM 331 332 #ifndef TARGET_AARCH64 333 /* 32 bit ARM definitions */ 334 335 #define ELF_ARCH EM_ARM 336 #define ELF_CLASS ELFCLASS32 337 #define EXSTACK_DEFAULT true 338 339 static inline void init_thread(struct target_pt_regs *regs, 340 struct image_info *infop) 341 { 342 abi_long stack = infop->start_stack; 343 memset(regs, 0, sizeof(*regs)); 344 345 regs->uregs[16] = ARM_CPU_MODE_USR; 346 if (infop->entry & 1) { 347 regs->uregs[16] |= CPSR_T; 348 } 349 regs->uregs[15] = infop->entry & 0xfffffffe; 350 regs->uregs[13] = infop->start_stack; 351 /* FIXME - what to for failure of get_user()? */ 352 get_user_ual(regs->uregs[2], stack + 8); /* envp */ 353 get_user_ual(regs->uregs[1], stack + 4); /* envp */ 354 /* XXX: it seems that r0 is zeroed after ! */ 355 regs->uregs[0] = 0; 356 /* For uClinux PIC binaries. */ 357 /* XXX: Linux does this only on ARM with no MMU (do we care ?) */ 358 regs->uregs[10] = infop->start_data; 359 360 /* Support ARM FDPIC. */ 361 if (info_is_fdpic(infop)) { 362 /* As described in the ABI document, r7 points to the loadmap info 363 * prepared by the kernel. If an interpreter is needed, r8 points 364 * to the interpreter loadmap and r9 points to the interpreter 365 * PT_DYNAMIC info. If no interpreter is needed, r8 is zero, and 366 * r9 points to the main program PT_DYNAMIC info. 367 */ 368 regs->uregs[7] = infop->loadmap_addr; 369 if (infop->interpreter_loadmap_addr) { 370 /* Executable is dynamically loaded. */ 371 regs->uregs[8] = infop->interpreter_loadmap_addr; 372 regs->uregs[9] = infop->interpreter_pt_dynamic_addr; 373 } else { 374 regs->uregs[8] = 0; 375 regs->uregs[9] = infop->pt_dynamic_addr; 376 } 377 } 378 } 379 380 #define ELF_NREG 18 381 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 382 383 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUARMState *env) 384 { 385 (*regs)[0] = tswapreg(env->regs[0]); 386 (*regs)[1] = tswapreg(env->regs[1]); 387 (*regs)[2] = tswapreg(env->regs[2]); 388 (*regs)[3] = tswapreg(env->regs[3]); 389 (*regs)[4] = tswapreg(env->regs[4]); 390 (*regs)[5] = tswapreg(env->regs[5]); 391 (*regs)[6] = tswapreg(env->regs[6]); 392 (*regs)[7] = tswapreg(env->regs[7]); 393 (*regs)[8] = tswapreg(env->regs[8]); 394 (*regs)[9] = tswapreg(env->regs[9]); 395 (*regs)[10] = tswapreg(env->regs[10]); 396 (*regs)[11] = tswapreg(env->regs[11]); 397 (*regs)[12] = tswapreg(env->regs[12]); 398 (*regs)[13] = tswapreg(env->regs[13]); 399 (*regs)[14] = tswapreg(env->regs[14]); 400 (*regs)[15] = tswapreg(env->regs[15]); 401 402 (*regs)[16] = tswapreg(cpsr_read((CPUARMState *)env)); 403 (*regs)[17] = tswapreg(env->regs[0]); /* XXX */ 404 } 405 406 #define USE_ELF_CORE_DUMP 407 #define ELF_EXEC_PAGESIZE 4096 408 409 enum 410 { 411 ARM_HWCAP_ARM_SWP = 1 << 0, 412 ARM_HWCAP_ARM_HALF = 1 << 1, 413 ARM_HWCAP_ARM_THUMB = 1 << 2, 414 ARM_HWCAP_ARM_26BIT = 1 << 3, 415 ARM_HWCAP_ARM_FAST_MULT = 1 << 4, 416 ARM_HWCAP_ARM_FPA = 1 << 5, 417 ARM_HWCAP_ARM_VFP = 1 << 6, 418 ARM_HWCAP_ARM_EDSP = 1 << 7, 419 ARM_HWCAP_ARM_JAVA = 1 << 8, 420 ARM_HWCAP_ARM_IWMMXT = 1 << 9, 421 ARM_HWCAP_ARM_CRUNCH = 1 << 10, 422 ARM_HWCAP_ARM_THUMBEE = 1 << 11, 423 ARM_HWCAP_ARM_NEON = 1 << 12, 424 ARM_HWCAP_ARM_VFPv3 = 1 << 13, 425 ARM_HWCAP_ARM_VFPv3D16 = 1 << 14, 426 ARM_HWCAP_ARM_TLS = 1 << 15, 427 ARM_HWCAP_ARM_VFPv4 = 1 << 16, 428 ARM_HWCAP_ARM_IDIVA = 1 << 17, 429 ARM_HWCAP_ARM_IDIVT = 1 << 18, 430 ARM_HWCAP_ARM_VFPD32 = 1 << 19, 431 ARM_HWCAP_ARM_LPAE = 1 << 20, 432 ARM_HWCAP_ARM_EVTSTRM = 1 << 21, 433 ARM_HWCAP_ARM_FPHP = 1 << 22, 434 ARM_HWCAP_ARM_ASIMDHP = 1 << 23, 435 ARM_HWCAP_ARM_ASIMDDP = 1 << 24, 436 ARM_HWCAP_ARM_ASIMDFHM = 1 << 25, 437 ARM_HWCAP_ARM_ASIMDBF16 = 1 << 26, 438 ARM_HWCAP_ARM_I8MM = 1 << 27, 439 }; 440 441 enum { 442 ARM_HWCAP2_ARM_AES = 1 << 0, 443 ARM_HWCAP2_ARM_PMULL = 1 << 1, 444 ARM_HWCAP2_ARM_SHA1 = 1 << 2, 445 ARM_HWCAP2_ARM_SHA2 = 1 << 3, 446 ARM_HWCAP2_ARM_CRC32 = 1 << 4, 447 ARM_HWCAP2_ARM_SB = 1 << 5, 448 ARM_HWCAP2_ARM_SSBS = 1 << 6, 449 }; 450 451 /* The commpage only exists for 32 bit kernels */ 452 453 #define HI_COMMPAGE (intptr_t)0xffff0f00u 454 455 static bool init_guest_commpage(void) 456 { 457 ARMCPU *cpu = ARM_CPU(thread_cpu); 458 abi_ptr commpage; 459 void *want; 460 void *addr; 461 462 /* 463 * M-profile allocates maximum of 2GB address space, so can never 464 * allocate the commpage. Skip it. 465 */ 466 if (arm_feature(&cpu->env, ARM_FEATURE_M)) { 467 return true; 468 } 469 470 commpage = HI_COMMPAGE & -qemu_host_page_size; 471 want = g2h_untagged(commpage); 472 addr = mmap(want, qemu_host_page_size, PROT_READ | PROT_WRITE, 473 MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0); 474 475 if (addr == MAP_FAILED) { 476 perror("Allocating guest commpage"); 477 exit(EXIT_FAILURE); 478 } 479 if (addr != want) { 480 return false; 481 } 482 483 /* Set kernel helper versions; rest of page is 0. */ 484 __put_user(5, (uint32_t *)g2h_untagged(0xffff0ffcu)); 485 486 if (mprotect(addr, qemu_host_page_size, PROT_READ)) { 487 perror("Protecting guest commpage"); 488 exit(EXIT_FAILURE); 489 } 490 491 page_set_flags(commpage, commpage | ~qemu_host_page_mask, 492 PAGE_READ | PAGE_EXEC | PAGE_VALID); 493 return true; 494 } 495 496 #define ELF_HWCAP get_elf_hwcap() 497 #define ELF_HWCAP2 get_elf_hwcap2() 498 499 uint32_t get_elf_hwcap(void) 500 { 501 ARMCPU *cpu = ARM_CPU(thread_cpu); 502 uint32_t hwcaps = 0; 503 504 hwcaps |= ARM_HWCAP_ARM_SWP; 505 hwcaps |= ARM_HWCAP_ARM_HALF; 506 hwcaps |= ARM_HWCAP_ARM_THUMB; 507 hwcaps |= ARM_HWCAP_ARM_FAST_MULT; 508 509 /* probe for the extra features */ 510 #define GET_FEATURE(feat, hwcap) \ 511 do { if (arm_feature(&cpu->env, feat)) { hwcaps |= hwcap; } } while (0) 512 513 #define GET_FEATURE_ID(feat, hwcap) \ 514 do { if (cpu_isar_feature(feat, cpu)) { hwcaps |= hwcap; } } while (0) 515 516 /* EDSP is in v5TE and above, but all our v5 CPUs are v5TE */ 517 GET_FEATURE(ARM_FEATURE_V5, ARM_HWCAP_ARM_EDSP); 518 GET_FEATURE(ARM_FEATURE_IWMMXT, ARM_HWCAP_ARM_IWMMXT); 519 GET_FEATURE(ARM_FEATURE_THUMB2EE, ARM_HWCAP_ARM_THUMBEE); 520 GET_FEATURE(ARM_FEATURE_NEON, ARM_HWCAP_ARM_NEON); 521 GET_FEATURE(ARM_FEATURE_V6K, ARM_HWCAP_ARM_TLS); 522 GET_FEATURE(ARM_FEATURE_LPAE, ARM_HWCAP_ARM_LPAE); 523 GET_FEATURE_ID(aa32_arm_div, ARM_HWCAP_ARM_IDIVA); 524 GET_FEATURE_ID(aa32_thumb_div, ARM_HWCAP_ARM_IDIVT); 525 GET_FEATURE_ID(aa32_vfp, ARM_HWCAP_ARM_VFP); 526 527 if (cpu_isar_feature(aa32_fpsp_v3, cpu) || 528 cpu_isar_feature(aa32_fpdp_v3, cpu)) { 529 hwcaps |= ARM_HWCAP_ARM_VFPv3; 530 if (cpu_isar_feature(aa32_simd_r32, cpu)) { 531 hwcaps |= ARM_HWCAP_ARM_VFPD32; 532 } else { 533 hwcaps |= ARM_HWCAP_ARM_VFPv3D16; 534 } 535 } 536 GET_FEATURE_ID(aa32_simdfmac, ARM_HWCAP_ARM_VFPv4); 537 /* 538 * MVFR1.FPHP and .SIMDHP must be in sync, and QEMU uses the same 539 * isar_feature function for both. The kernel reports them as two hwcaps. 540 */ 541 GET_FEATURE_ID(aa32_fp16_arith, ARM_HWCAP_ARM_FPHP); 542 GET_FEATURE_ID(aa32_fp16_arith, ARM_HWCAP_ARM_ASIMDHP); 543 GET_FEATURE_ID(aa32_dp, ARM_HWCAP_ARM_ASIMDDP); 544 GET_FEATURE_ID(aa32_fhm, ARM_HWCAP_ARM_ASIMDFHM); 545 GET_FEATURE_ID(aa32_bf16, ARM_HWCAP_ARM_ASIMDBF16); 546 GET_FEATURE_ID(aa32_i8mm, ARM_HWCAP_ARM_I8MM); 547 548 return hwcaps; 549 } 550 551 uint32_t get_elf_hwcap2(void) 552 { 553 ARMCPU *cpu = ARM_CPU(thread_cpu); 554 uint32_t hwcaps = 0; 555 556 GET_FEATURE_ID(aa32_aes, ARM_HWCAP2_ARM_AES); 557 GET_FEATURE_ID(aa32_pmull, ARM_HWCAP2_ARM_PMULL); 558 GET_FEATURE_ID(aa32_sha1, ARM_HWCAP2_ARM_SHA1); 559 GET_FEATURE_ID(aa32_sha2, ARM_HWCAP2_ARM_SHA2); 560 GET_FEATURE_ID(aa32_crc32, ARM_HWCAP2_ARM_CRC32); 561 GET_FEATURE_ID(aa32_sb, ARM_HWCAP2_ARM_SB); 562 GET_FEATURE_ID(aa32_ssbs, ARM_HWCAP2_ARM_SSBS); 563 return hwcaps; 564 } 565 566 const char *elf_hwcap_str(uint32_t bit) 567 { 568 static const char *hwcap_str[] = { 569 [__builtin_ctz(ARM_HWCAP_ARM_SWP )] = "swp", 570 [__builtin_ctz(ARM_HWCAP_ARM_HALF )] = "half", 571 [__builtin_ctz(ARM_HWCAP_ARM_THUMB )] = "thumb", 572 [__builtin_ctz(ARM_HWCAP_ARM_26BIT )] = "26bit", 573 [__builtin_ctz(ARM_HWCAP_ARM_FAST_MULT)] = "fast_mult", 574 [__builtin_ctz(ARM_HWCAP_ARM_FPA )] = "fpa", 575 [__builtin_ctz(ARM_HWCAP_ARM_VFP )] = "vfp", 576 [__builtin_ctz(ARM_HWCAP_ARM_EDSP )] = "edsp", 577 [__builtin_ctz(ARM_HWCAP_ARM_JAVA )] = "java", 578 [__builtin_ctz(ARM_HWCAP_ARM_IWMMXT )] = "iwmmxt", 579 [__builtin_ctz(ARM_HWCAP_ARM_CRUNCH )] = "crunch", 580 [__builtin_ctz(ARM_HWCAP_ARM_THUMBEE )] = "thumbee", 581 [__builtin_ctz(ARM_HWCAP_ARM_NEON )] = "neon", 582 [__builtin_ctz(ARM_HWCAP_ARM_VFPv3 )] = "vfpv3", 583 [__builtin_ctz(ARM_HWCAP_ARM_VFPv3D16 )] = "vfpv3d16", 584 [__builtin_ctz(ARM_HWCAP_ARM_TLS )] = "tls", 585 [__builtin_ctz(ARM_HWCAP_ARM_VFPv4 )] = "vfpv4", 586 [__builtin_ctz(ARM_HWCAP_ARM_IDIVA )] = "idiva", 587 [__builtin_ctz(ARM_HWCAP_ARM_IDIVT )] = "idivt", 588 [__builtin_ctz(ARM_HWCAP_ARM_VFPD32 )] = "vfpd32", 589 [__builtin_ctz(ARM_HWCAP_ARM_LPAE )] = "lpae", 590 [__builtin_ctz(ARM_HWCAP_ARM_EVTSTRM )] = "evtstrm", 591 [__builtin_ctz(ARM_HWCAP_ARM_FPHP )] = "fphp", 592 [__builtin_ctz(ARM_HWCAP_ARM_ASIMDHP )] = "asimdhp", 593 [__builtin_ctz(ARM_HWCAP_ARM_ASIMDDP )] = "asimddp", 594 [__builtin_ctz(ARM_HWCAP_ARM_ASIMDFHM )] = "asimdfhm", 595 [__builtin_ctz(ARM_HWCAP_ARM_ASIMDBF16)] = "asimdbf16", 596 [__builtin_ctz(ARM_HWCAP_ARM_I8MM )] = "i8mm", 597 }; 598 599 return bit < ARRAY_SIZE(hwcap_str) ? hwcap_str[bit] : NULL; 600 } 601 602 const char *elf_hwcap2_str(uint32_t bit) 603 { 604 static const char *hwcap_str[] = { 605 [__builtin_ctz(ARM_HWCAP2_ARM_AES )] = "aes", 606 [__builtin_ctz(ARM_HWCAP2_ARM_PMULL)] = "pmull", 607 [__builtin_ctz(ARM_HWCAP2_ARM_SHA1 )] = "sha1", 608 [__builtin_ctz(ARM_HWCAP2_ARM_SHA2 )] = "sha2", 609 [__builtin_ctz(ARM_HWCAP2_ARM_CRC32)] = "crc32", 610 [__builtin_ctz(ARM_HWCAP2_ARM_SB )] = "sb", 611 [__builtin_ctz(ARM_HWCAP2_ARM_SSBS )] = "ssbs", 612 }; 613 614 return bit < ARRAY_SIZE(hwcap_str) ? hwcap_str[bit] : NULL; 615 } 616 617 #undef GET_FEATURE 618 #undef GET_FEATURE_ID 619 620 #define ELF_PLATFORM get_elf_platform() 621 622 static const char *get_elf_platform(void) 623 { 624 CPUARMState *env = cpu_env(thread_cpu); 625 626 #if TARGET_BIG_ENDIAN 627 # define END "b" 628 #else 629 # define END "l" 630 #endif 631 632 if (arm_feature(env, ARM_FEATURE_V8)) { 633 return "v8" END; 634 } else if (arm_feature(env, ARM_FEATURE_V7)) { 635 if (arm_feature(env, ARM_FEATURE_M)) { 636 return "v7m" END; 637 } else { 638 return "v7" END; 639 } 640 } else if (arm_feature(env, ARM_FEATURE_V6)) { 641 return "v6" END; 642 } else if (arm_feature(env, ARM_FEATURE_V5)) { 643 return "v5" END; 644 } else { 645 return "v4" END; 646 } 647 648 #undef END 649 } 650 651 #else 652 /* 64 bit ARM definitions */ 653 654 #define ELF_ARCH EM_AARCH64 655 #define ELF_CLASS ELFCLASS64 656 #if TARGET_BIG_ENDIAN 657 # define ELF_PLATFORM "aarch64_be" 658 #else 659 # define ELF_PLATFORM "aarch64" 660 #endif 661 662 static inline void init_thread(struct target_pt_regs *regs, 663 struct image_info *infop) 664 { 665 abi_long stack = infop->start_stack; 666 memset(regs, 0, sizeof(*regs)); 667 668 regs->pc = infop->entry & ~0x3ULL; 669 regs->sp = stack; 670 } 671 672 #define ELF_NREG 34 673 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 674 675 static void elf_core_copy_regs(target_elf_gregset_t *regs, 676 const CPUARMState *env) 677 { 678 int i; 679 680 for (i = 0; i < 32; i++) { 681 (*regs)[i] = tswapreg(env->xregs[i]); 682 } 683 (*regs)[32] = tswapreg(env->pc); 684 (*regs)[33] = tswapreg(pstate_read((CPUARMState *)env)); 685 } 686 687 #define USE_ELF_CORE_DUMP 688 #define ELF_EXEC_PAGESIZE 4096 689 690 enum { 691 ARM_HWCAP_A64_FP = 1 << 0, 692 ARM_HWCAP_A64_ASIMD = 1 << 1, 693 ARM_HWCAP_A64_EVTSTRM = 1 << 2, 694 ARM_HWCAP_A64_AES = 1 << 3, 695 ARM_HWCAP_A64_PMULL = 1 << 4, 696 ARM_HWCAP_A64_SHA1 = 1 << 5, 697 ARM_HWCAP_A64_SHA2 = 1 << 6, 698 ARM_HWCAP_A64_CRC32 = 1 << 7, 699 ARM_HWCAP_A64_ATOMICS = 1 << 8, 700 ARM_HWCAP_A64_FPHP = 1 << 9, 701 ARM_HWCAP_A64_ASIMDHP = 1 << 10, 702 ARM_HWCAP_A64_CPUID = 1 << 11, 703 ARM_HWCAP_A64_ASIMDRDM = 1 << 12, 704 ARM_HWCAP_A64_JSCVT = 1 << 13, 705 ARM_HWCAP_A64_FCMA = 1 << 14, 706 ARM_HWCAP_A64_LRCPC = 1 << 15, 707 ARM_HWCAP_A64_DCPOP = 1 << 16, 708 ARM_HWCAP_A64_SHA3 = 1 << 17, 709 ARM_HWCAP_A64_SM3 = 1 << 18, 710 ARM_HWCAP_A64_SM4 = 1 << 19, 711 ARM_HWCAP_A64_ASIMDDP = 1 << 20, 712 ARM_HWCAP_A64_SHA512 = 1 << 21, 713 ARM_HWCAP_A64_SVE = 1 << 22, 714 ARM_HWCAP_A64_ASIMDFHM = 1 << 23, 715 ARM_HWCAP_A64_DIT = 1 << 24, 716 ARM_HWCAP_A64_USCAT = 1 << 25, 717 ARM_HWCAP_A64_ILRCPC = 1 << 26, 718 ARM_HWCAP_A64_FLAGM = 1 << 27, 719 ARM_HWCAP_A64_SSBS = 1 << 28, 720 ARM_HWCAP_A64_SB = 1 << 29, 721 ARM_HWCAP_A64_PACA = 1 << 30, 722 ARM_HWCAP_A64_PACG = 1UL << 31, 723 724 ARM_HWCAP2_A64_DCPODP = 1 << 0, 725 ARM_HWCAP2_A64_SVE2 = 1 << 1, 726 ARM_HWCAP2_A64_SVEAES = 1 << 2, 727 ARM_HWCAP2_A64_SVEPMULL = 1 << 3, 728 ARM_HWCAP2_A64_SVEBITPERM = 1 << 4, 729 ARM_HWCAP2_A64_SVESHA3 = 1 << 5, 730 ARM_HWCAP2_A64_SVESM4 = 1 << 6, 731 ARM_HWCAP2_A64_FLAGM2 = 1 << 7, 732 ARM_HWCAP2_A64_FRINT = 1 << 8, 733 ARM_HWCAP2_A64_SVEI8MM = 1 << 9, 734 ARM_HWCAP2_A64_SVEF32MM = 1 << 10, 735 ARM_HWCAP2_A64_SVEF64MM = 1 << 11, 736 ARM_HWCAP2_A64_SVEBF16 = 1 << 12, 737 ARM_HWCAP2_A64_I8MM = 1 << 13, 738 ARM_HWCAP2_A64_BF16 = 1 << 14, 739 ARM_HWCAP2_A64_DGH = 1 << 15, 740 ARM_HWCAP2_A64_RNG = 1 << 16, 741 ARM_HWCAP2_A64_BTI = 1 << 17, 742 ARM_HWCAP2_A64_MTE = 1 << 18, 743 ARM_HWCAP2_A64_ECV = 1 << 19, 744 ARM_HWCAP2_A64_AFP = 1 << 20, 745 ARM_HWCAP2_A64_RPRES = 1 << 21, 746 ARM_HWCAP2_A64_MTE3 = 1 << 22, 747 ARM_HWCAP2_A64_SME = 1 << 23, 748 ARM_HWCAP2_A64_SME_I16I64 = 1 << 24, 749 ARM_HWCAP2_A64_SME_F64F64 = 1 << 25, 750 ARM_HWCAP2_A64_SME_I8I32 = 1 << 26, 751 ARM_HWCAP2_A64_SME_F16F32 = 1 << 27, 752 ARM_HWCAP2_A64_SME_B16F32 = 1 << 28, 753 ARM_HWCAP2_A64_SME_F32F32 = 1 << 29, 754 ARM_HWCAP2_A64_SME_FA64 = 1 << 30, 755 ARM_HWCAP2_A64_WFXT = 1ULL << 31, 756 ARM_HWCAP2_A64_EBF16 = 1ULL << 32, 757 ARM_HWCAP2_A64_SVE_EBF16 = 1ULL << 33, 758 ARM_HWCAP2_A64_CSSC = 1ULL << 34, 759 ARM_HWCAP2_A64_RPRFM = 1ULL << 35, 760 ARM_HWCAP2_A64_SVE2P1 = 1ULL << 36, 761 ARM_HWCAP2_A64_SME2 = 1ULL << 37, 762 ARM_HWCAP2_A64_SME2P1 = 1ULL << 38, 763 ARM_HWCAP2_A64_SME_I16I32 = 1ULL << 39, 764 ARM_HWCAP2_A64_SME_BI32I32 = 1ULL << 40, 765 ARM_HWCAP2_A64_SME_B16B16 = 1ULL << 41, 766 ARM_HWCAP2_A64_SME_F16F16 = 1ULL << 42, 767 ARM_HWCAP2_A64_MOPS = 1ULL << 43, 768 ARM_HWCAP2_A64_HBC = 1ULL << 44, 769 }; 770 771 #define ELF_HWCAP get_elf_hwcap() 772 #define ELF_HWCAP2 get_elf_hwcap2() 773 774 #define GET_FEATURE_ID(feat, hwcap) \ 775 do { if (cpu_isar_feature(feat, cpu)) { hwcaps |= hwcap; } } while (0) 776 777 uint32_t get_elf_hwcap(void) 778 { 779 ARMCPU *cpu = ARM_CPU(thread_cpu); 780 uint32_t hwcaps = 0; 781 782 hwcaps |= ARM_HWCAP_A64_FP; 783 hwcaps |= ARM_HWCAP_A64_ASIMD; 784 hwcaps |= ARM_HWCAP_A64_CPUID; 785 786 /* probe for the extra features */ 787 788 GET_FEATURE_ID(aa64_aes, ARM_HWCAP_A64_AES); 789 GET_FEATURE_ID(aa64_pmull, ARM_HWCAP_A64_PMULL); 790 GET_FEATURE_ID(aa64_sha1, ARM_HWCAP_A64_SHA1); 791 GET_FEATURE_ID(aa64_sha256, ARM_HWCAP_A64_SHA2); 792 GET_FEATURE_ID(aa64_sha512, ARM_HWCAP_A64_SHA512); 793 GET_FEATURE_ID(aa64_crc32, ARM_HWCAP_A64_CRC32); 794 GET_FEATURE_ID(aa64_sha3, ARM_HWCAP_A64_SHA3); 795 GET_FEATURE_ID(aa64_sm3, ARM_HWCAP_A64_SM3); 796 GET_FEATURE_ID(aa64_sm4, ARM_HWCAP_A64_SM4); 797 GET_FEATURE_ID(aa64_fp16, ARM_HWCAP_A64_FPHP | ARM_HWCAP_A64_ASIMDHP); 798 GET_FEATURE_ID(aa64_atomics, ARM_HWCAP_A64_ATOMICS); 799 GET_FEATURE_ID(aa64_rdm, ARM_HWCAP_A64_ASIMDRDM); 800 GET_FEATURE_ID(aa64_dp, ARM_HWCAP_A64_ASIMDDP); 801 GET_FEATURE_ID(aa64_fcma, ARM_HWCAP_A64_FCMA); 802 GET_FEATURE_ID(aa64_sve, ARM_HWCAP_A64_SVE); 803 GET_FEATURE_ID(aa64_pauth, ARM_HWCAP_A64_PACA | ARM_HWCAP_A64_PACG); 804 GET_FEATURE_ID(aa64_fhm, ARM_HWCAP_A64_ASIMDFHM); 805 GET_FEATURE_ID(aa64_jscvt, ARM_HWCAP_A64_JSCVT); 806 GET_FEATURE_ID(aa64_sb, ARM_HWCAP_A64_SB); 807 GET_FEATURE_ID(aa64_condm_4, ARM_HWCAP_A64_FLAGM); 808 GET_FEATURE_ID(aa64_dcpop, ARM_HWCAP_A64_DCPOP); 809 GET_FEATURE_ID(aa64_rcpc_8_3, ARM_HWCAP_A64_LRCPC); 810 GET_FEATURE_ID(aa64_rcpc_8_4, ARM_HWCAP_A64_ILRCPC); 811 812 return hwcaps; 813 } 814 815 uint32_t get_elf_hwcap2(void) 816 { 817 ARMCPU *cpu = ARM_CPU(thread_cpu); 818 uint32_t hwcaps = 0; 819 820 GET_FEATURE_ID(aa64_dcpodp, ARM_HWCAP2_A64_DCPODP); 821 GET_FEATURE_ID(aa64_sve2, ARM_HWCAP2_A64_SVE2); 822 GET_FEATURE_ID(aa64_sve2_aes, ARM_HWCAP2_A64_SVEAES); 823 GET_FEATURE_ID(aa64_sve2_pmull128, ARM_HWCAP2_A64_SVEPMULL); 824 GET_FEATURE_ID(aa64_sve2_bitperm, ARM_HWCAP2_A64_SVEBITPERM); 825 GET_FEATURE_ID(aa64_sve2_sha3, ARM_HWCAP2_A64_SVESHA3); 826 GET_FEATURE_ID(aa64_sve2_sm4, ARM_HWCAP2_A64_SVESM4); 827 GET_FEATURE_ID(aa64_condm_5, ARM_HWCAP2_A64_FLAGM2); 828 GET_FEATURE_ID(aa64_frint, ARM_HWCAP2_A64_FRINT); 829 GET_FEATURE_ID(aa64_sve_i8mm, ARM_HWCAP2_A64_SVEI8MM); 830 GET_FEATURE_ID(aa64_sve_f32mm, ARM_HWCAP2_A64_SVEF32MM); 831 GET_FEATURE_ID(aa64_sve_f64mm, ARM_HWCAP2_A64_SVEF64MM); 832 GET_FEATURE_ID(aa64_sve_bf16, ARM_HWCAP2_A64_SVEBF16); 833 GET_FEATURE_ID(aa64_i8mm, ARM_HWCAP2_A64_I8MM); 834 GET_FEATURE_ID(aa64_bf16, ARM_HWCAP2_A64_BF16); 835 GET_FEATURE_ID(aa64_rndr, ARM_HWCAP2_A64_RNG); 836 GET_FEATURE_ID(aa64_bti, ARM_HWCAP2_A64_BTI); 837 GET_FEATURE_ID(aa64_mte, ARM_HWCAP2_A64_MTE); 838 GET_FEATURE_ID(aa64_sme, (ARM_HWCAP2_A64_SME | 839 ARM_HWCAP2_A64_SME_F32F32 | 840 ARM_HWCAP2_A64_SME_B16F32 | 841 ARM_HWCAP2_A64_SME_F16F32 | 842 ARM_HWCAP2_A64_SME_I8I32)); 843 GET_FEATURE_ID(aa64_sme_f64f64, ARM_HWCAP2_A64_SME_F64F64); 844 GET_FEATURE_ID(aa64_sme_i16i64, ARM_HWCAP2_A64_SME_I16I64); 845 GET_FEATURE_ID(aa64_sme_fa64, ARM_HWCAP2_A64_SME_FA64); 846 GET_FEATURE_ID(aa64_hbc, ARM_HWCAP2_A64_HBC); 847 GET_FEATURE_ID(aa64_mops, ARM_HWCAP2_A64_MOPS); 848 849 return hwcaps; 850 } 851 852 const char *elf_hwcap_str(uint32_t bit) 853 { 854 static const char *hwcap_str[] = { 855 [__builtin_ctz(ARM_HWCAP_A64_FP )] = "fp", 856 [__builtin_ctz(ARM_HWCAP_A64_ASIMD )] = "asimd", 857 [__builtin_ctz(ARM_HWCAP_A64_EVTSTRM )] = "evtstrm", 858 [__builtin_ctz(ARM_HWCAP_A64_AES )] = "aes", 859 [__builtin_ctz(ARM_HWCAP_A64_PMULL )] = "pmull", 860 [__builtin_ctz(ARM_HWCAP_A64_SHA1 )] = "sha1", 861 [__builtin_ctz(ARM_HWCAP_A64_SHA2 )] = "sha2", 862 [__builtin_ctz(ARM_HWCAP_A64_CRC32 )] = "crc32", 863 [__builtin_ctz(ARM_HWCAP_A64_ATOMICS )] = "atomics", 864 [__builtin_ctz(ARM_HWCAP_A64_FPHP )] = "fphp", 865 [__builtin_ctz(ARM_HWCAP_A64_ASIMDHP )] = "asimdhp", 866 [__builtin_ctz(ARM_HWCAP_A64_CPUID )] = "cpuid", 867 [__builtin_ctz(ARM_HWCAP_A64_ASIMDRDM)] = "asimdrdm", 868 [__builtin_ctz(ARM_HWCAP_A64_JSCVT )] = "jscvt", 869 [__builtin_ctz(ARM_HWCAP_A64_FCMA )] = "fcma", 870 [__builtin_ctz(ARM_HWCAP_A64_LRCPC )] = "lrcpc", 871 [__builtin_ctz(ARM_HWCAP_A64_DCPOP )] = "dcpop", 872 [__builtin_ctz(ARM_HWCAP_A64_SHA3 )] = "sha3", 873 [__builtin_ctz(ARM_HWCAP_A64_SM3 )] = "sm3", 874 [__builtin_ctz(ARM_HWCAP_A64_SM4 )] = "sm4", 875 [__builtin_ctz(ARM_HWCAP_A64_ASIMDDP )] = "asimddp", 876 [__builtin_ctz(ARM_HWCAP_A64_SHA512 )] = "sha512", 877 [__builtin_ctz(ARM_HWCAP_A64_SVE )] = "sve", 878 [__builtin_ctz(ARM_HWCAP_A64_ASIMDFHM)] = "asimdfhm", 879 [__builtin_ctz(ARM_HWCAP_A64_DIT )] = "dit", 880 [__builtin_ctz(ARM_HWCAP_A64_USCAT )] = "uscat", 881 [__builtin_ctz(ARM_HWCAP_A64_ILRCPC )] = "ilrcpc", 882 [__builtin_ctz(ARM_HWCAP_A64_FLAGM )] = "flagm", 883 [__builtin_ctz(ARM_HWCAP_A64_SSBS )] = "ssbs", 884 [__builtin_ctz(ARM_HWCAP_A64_SB )] = "sb", 885 [__builtin_ctz(ARM_HWCAP_A64_PACA )] = "paca", 886 [__builtin_ctz(ARM_HWCAP_A64_PACG )] = "pacg", 887 }; 888 889 return bit < ARRAY_SIZE(hwcap_str) ? hwcap_str[bit] : NULL; 890 } 891 892 const char *elf_hwcap2_str(uint32_t bit) 893 { 894 static const char *hwcap_str[] = { 895 [__builtin_ctz(ARM_HWCAP2_A64_DCPODP )] = "dcpodp", 896 [__builtin_ctz(ARM_HWCAP2_A64_SVE2 )] = "sve2", 897 [__builtin_ctz(ARM_HWCAP2_A64_SVEAES )] = "sveaes", 898 [__builtin_ctz(ARM_HWCAP2_A64_SVEPMULL )] = "svepmull", 899 [__builtin_ctz(ARM_HWCAP2_A64_SVEBITPERM )] = "svebitperm", 900 [__builtin_ctz(ARM_HWCAP2_A64_SVESHA3 )] = "svesha3", 901 [__builtin_ctz(ARM_HWCAP2_A64_SVESM4 )] = "svesm4", 902 [__builtin_ctz(ARM_HWCAP2_A64_FLAGM2 )] = "flagm2", 903 [__builtin_ctz(ARM_HWCAP2_A64_FRINT )] = "frint", 904 [__builtin_ctz(ARM_HWCAP2_A64_SVEI8MM )] = "svei8mm", 905 [__builtin_ctz(ARM_HWCAP2_A64_SVEF32MM )] = "svef32mm", 906 [__builtin_ctz(ARM_HWCAP2_A64_SVEF64MM )] = "svef64mm", 907 [__builtin_ctz(ARM_HWCAP2_A64_SVEBF16 )] = "svebf16", 908 [__builtin_ctz(ARM_HWCAP2_A64_I8MM )] = "i8mm", 909 [__builtin_ctz(ARM_HWCAP2_A64_BF16 )] = "bf16", 910 [__builtin_ctz(ARM_HWCAP2_A64_DGH )] = "dgh", 911 [__builtin_ctz(ARM_HWCAP2_A64_RNG )] = "rng", 912 [__builtin_ctz(ARM_HWCAP2_A64_BTI )] = "bti", 913 [__builtin_ctz(ARM_HWCAP2_A64_MTE )] = "mte", 914 [__builtin_ctz(ARM_HWCAP2_A64_ECV )] = "ecv", 915 [__builtin_ctz(ARM_HWCAP2_A64_AFP )] = "afp", 916 [__builtin_ctz(ARM_HWCAP2_A64_RPRES )] = "rpres", 917 [__builtin_ctz(ARM_HWCAP2_A64_MTE3 )] = "mte3", 918 [__builtin_ctz(ARM_HWCAP2_A64_SME )] = "sme", 919 [__builtin_ctz(ARM_HWCAP2_A64_SME_I16I64 )] = "smei16i64", 920 [__builtin_ctz(ARM_HWCAP2_A64_SME_F64F64 )] = "smef64f64", 921 [__builtin_ctz(ARM_HWCAP2_A64_SME_I8I32 )] = "smei8i32", 922 [__builtin_ctz(ARM_HWCAP2_A64_SME_F16F32 )] = "smef16f32", 923 [__builtin_ctz(ARM_HWCAP2_A64_SME_B16F32 )] = "smeb16f32", 924 [__builtin_ctz(ARM_HWCAP2_A64_SME_F32F32 )] = "smef32f32", 925 [__builtin_ctz(ARM_HWCAP2_A64_SME_FA64 )] = "smefa64", 926 [__builtin_ctz(ARM_HWCAP2_A64_WFXT )] = "wfxt", 927 [__builtin_ctzll(ARM_HWCAP2_A64_EBF16 )] = "ebf16", 928 [__builtin_ctzll(ARM_HWCAP2_A64_SVE_EBF16 )] = "sveebf16", 929 [__builtin_ctzll(ARM_HWCAP2_A64_CSSC )] = "cssc", 930 [__builtin_ctzll(ARM_HWCAP2_A64_RPRFM )] = "rprfm", 931 [__builtin_ctzll(ARM_HWCAP2_A64_SVE2P1 )] = "sve2p1", 932 [__builtin_ctzll(ARM_HWCAP2_A64_SME2 )] = "sme2", 933 [__builtin_ctzll(ARM_HWCAP2_A64_SME2P1 )] = "sme2p1", 934 [__builtin_ctzll(ARM_HWCAP2_A64_SME_I16I32 )] = "smei16i32", 935 [__builtin_ctzll(ARM_HWCAP2_A64_SME_BI32I32)] = "smebi32i32", 936 [__builtin_ctzll(ARM_HWCAP2_A64_SME_B16B16 )] = "smeb16b16", 937 [__builtin_ctzll(ARM_HWCAP2_A64_SME_F16F16 )] = "smef16f16", 938 [__builtin_ctzll(ARM_HWCAP2_A64_MOPS )] = "mops", 939 [__builtin_ctzll(ARM_HWCAP2_A64_HBC )] = "hbc", 940 }; 941 942 return bit < ARRAY_SIZE(hwcap_str) ? hwcap_str[bit] : NULL; 943 } 944 945 #undef GET_FEATURE_ID 946 947 #if TARGET_BIG_ENDIAN 948 # define VDSO_HEADER "vdso-be.c.inc" 949 #else 950 # define VDSO_HEADER "vdso-le.c.inc" 951 #endif 952 953 #endif /* not TARGET_AARCH64 */ 954 #endif /* TARGET_ARM */ 955 956 #ifdef TARGET_SPARC 957 #ifdef TARGET_SPARC64 958 959 #define ELF_HWCAP (HWCAP_SPARC_FLUSH | HWCAP_SPARC_STBAR | HWCAP_SPARC_SWAP \ 960 | HWCAP_SPARC_MULDIV | HWCAP_SPARC_V9) 961 #ifndef TARGET_ABI32 962 #define elf_check_arch(x) ( (x) == EM_SPARCV9 || (x) == EM_SPARC32PLUS ) 963 #else 964 #define elf_check_arch(x) ( (x) == EM_SPARC32PLUS || (x) == EM_SPARC ) 965 #endif 966 967 #define ELF_CLASS ELFCLASS64 968 #define ELF_ARCH EM_SPARCV9 969 #else 970 #define ELF_HWCAP (HWCAP_SPARC_FLUSH | HWCAP_SPARC_STBAR | HWCAP_SPARC_SWAP \ 971 | HWCAP_SPARC_MULDIV) 972 #define ELF_CLASS ELFCLASS32 973 #define ELF_ARCH EM_SPARC 974 #endif /* TARGET_SPARC64 */ 975 976 static inline void init_thread(struct target_pt_regs *regs, 977 struct image_info *infop) 978 { 979 /* Note that target_cpu_copy_regs does not read psr/tstate. */ 980 regs->pc = infop->entry; 981 regs->npc = regs->pc + 4; 982 regs->y = 0; 983 regs->u_regs[14] = (infop->start_stack - 16 * sizeof(abi_ulong) 984 - TARGET_STACK_BIAS); 985 } 986 #endif /* TARGET_SPARC */ 987 988 #ifdef TARGET_PPC 989 990 #define ELF_MACHINE PPC_ELF_MACHINE 991 992 #if defined(TARGET_PPC64) 993 994 #define elf_check_arch(x) ( (x) == EM_PPC64 ) 995 996 #define ELF_CLASS ELFCLASS64 997 998 #else 999 1000 #define ELF_CLASS ELFCLASS32 1001 #define EXSTACK_DEFAULT true 1002 1003 #endif 1004 1005 #define ELF_ARCH EM_PPC 1006 1007 /* Feature masks for the Aux Vector Hardware Capabilities (AT_HWCAP). 1008 See arch/powerpc/include/asm/cputable.h. */ 1009 enum { 1010 QEMU_PPC_FEATURE_32 = 0x80000000, 1011 QEMU_PPC_FEATURE_64 = 0x40000000, 1012 QEMU_PPC_FEATURE_601_INSTR = 0x20000000, 1013 QEMU_PPC_FEATURE_HAS_ALTIVEC = 0x10000000, 1014 QEMU_PPC_FEATURE_HAS_FPU = 0x08000000, 1015 QEMU_PPC_FEATURE_HAS_MMU = 0x04000000, 1016 QEMU_PPC_FEATURE_HAS_4xxMAC = 0x02000000, 1017 QEMU_PPC_FEATURE_UNIFIED_CACHE = 0x01000000, 1018 QEMU_PPC_FEATURE_HAS_SPE = 0x00800000, 1019 QEMU_PPC_FEATURE_HAS_EFP_SINGLE = 0x00400000, 1020 QEMU_PPC_FEATURE_HAS_EFP_DOUBLE = 0x00200000, 1021 QEMU_PPC_FEATURE_NO_TB = 0x00100000, 1022 QEMU_PPC_FEATURE_POWER4 = 0x00080000, 1023 QEMU_PPC_FEATURE_POWER5 = 0x00040000, 1024 QEMU_PPC_FEATURE_POWER5_PLUS = 0x00020000, 1025 QEMU_PPC_FEATURE_CELL = 0x00010000, 1026 QEMU_PPC_FEATURE_BOOKE = 0x00008000, 1027 QEMU_PPC_FEATURE_SMT = 0x00004000, 1028 QEMU_PPC_FEATURE_ICACHE_SNOOP = 0x00002000, 1029 QEMU_PPC_FEATURE_ARCH_2_05 = 0x00001000, 1030 QEMU_PPC_FEATURE_PA6T = 0x00000800, 1031 QEMU_PPC_FEATURE_HAS_DFP = 0x00000400, 1032 QEMU_PPC_FEATURE_POWER6_EXT = 0x00000200, 1033 QEMU_PPC_FEATURE_ARCH_2_06 = 0x00000100, 1034 QEMU_PPC_FEATURE_HAS_VSX = 0x00000080, 1035 QEMU_PPC_FEATURE_PSERIES_PERFMON_COMPAT = 0x00000040, 1036 1037 QEMU_PPC_FEATURE_TRUE_LE = 0x00000002, 1038 QEMU_PPC_FEATURE_PPC_LE = 0x00000001, 1039 1040 /* Feature definitions in AT_HWCAP2. */ 1041 QEMU_PPC_FEATURE2_ARCH_2_07 = 0x80000000, /* ISA 2.07 */ 1042 QEMU_PPC_FEATURE2_HAS_HTM = 0x40000000, /* Hardware Transactional Memory */ 1043 QEMU_PPC_FEATURE2_HAS_DSCR = 0x20000000, /* Data Stream Control Register */ 1044 QEMU_PPC_FEATURE2_HAS_EBB = 0x10000000, /* Event Base Branching */ 1045 QEMU_PPC_FEATURE2_HAS_ISEL = 0x08000000, /* Integer Select */ 1046 QEMU_PPC_FEATURE2_HAS_TAR = 0x04000000, /* Target Address Register */ 1047 QEMU_PPC_FEATURE2_VEC_CRYPTO = 0x02000000, 1048 QEMU_PPC_FEATURE2_HTM_NOSC = 0x01000000, 1049 QEMU_PPC_FEATURE2_ARCH_3_00 = 0x00800000, /* ISA 3.00 */ 1050 QEMU_PPC_FEATURE2_HAS_IEEE128 = 0x00400000, /* VSX IEEE Bin Float 128-bit */ 1051 QEMU_PPC_FEATURE2_DARN = 0x00200000, /* darn random number insn */ 1052 QEMU_PPC_FEATURE2_SCV = 0x00100000, /* scv syscall */ 1053 QEMU_PPC_FEATURE2_HTM_NO_SUSPEND = 0x00080000, /* TM w/o suspended state */ 1054 QEMU_PPC_FEATURE2_ARCH_3_1 = 0x00040000, /* ISA 3.1 */ 1055 QEMU_PPC_FEATURE2_MMA = 0x00020000, /* Matrix-Multiply Assist */ 1056 }; 1057 1058 #define ELF_HWCAP get_elf_hwcap() 1059 1060 static uint32_t get_elf_hwcap(void) 1061 { 1062 PowerPCCPU *cpu = POWERPC_CPU(thread_cpu); 1063 uint32_t features = 0; 1064 1065 /* We don't have to be terribly complete here; the high points are 1066 Altivec/FP/SPE support. Anything else is just a bonus. */ 1067 #define GET_FEATURE(flag, feature) \ 1068 do { if (cpu->env.insns_flags & flag) { features |= feature; } } while (0) 1069 #define GET_FEATURE2(flags, feature) \ 1070 do { \ 1071 if ((cpu->env.insns_flags2 & flags) == flags) { \ 1072 features |= feature; \ 1073 } \ 1074 } while (0) 1075 GET_FEATURE(PPC_64B, QEMU_PPC_FEATURE_64); 1076 GET_FEATURE(PPC_FLOAT, QEMU_PPC_FEATURE_HAS_FPU); 1077 GET_FEATURE(PPC_ALTIVEC, QEMU_PPC_FEATURE_HAS_ALTIVEC); 1078 GET_FEATURE(PPC_SPE, QEMU_PPC_FEATURE_HAS_SPE); 1079 GET_FEATURE(PPC_SPE_SINGLE, QEMU_PPC_FEATURE_HAS_EFP_SINGLE); 1080 GET_FEATURE(PPC_SPE_DOUBLE, QEMU_PPC_FEATURE_HAS_EFP_DOUBLE); 1081 GET_FEATURE(PPC_BOOKE, QEMU_PPC_FEATURE_BOOKE); 1082 GET_FEATURE(PPC_405_MAC, QEMU_PPC_FEATURE_HAS_4xxMAC); 1083 GET_FEATURE2(PPC2_DFP, QEMU_PPC_FEATURE_HAS_DFP); 1084 GET_FEATURE2(PPC2_VSX, QEMU_PPC_FEATURE_HAS_VSX); 1085 GET_FEATURE2((PPC2_PERM_ISA206 | PPC2_DIVE_ISA206 | PPC2_ATOMIC_ISA206 | 1086 PPC2_FP_CVT_ISA206 | PPC2_FP_TST_ISA206), 1087 QEMU_PPC_FEATURE_ARCH_2_06); 1088 #undef GET_FEATURE 1089 #undef GET_FEATURE2 1090 1091 return features; 1092 } 1093 1094 #define ELF_HWCAP2 get_elf_hwcap2() 1095 1096 static uint32_t get_elf_hwcap2(void) 1097 { 1098 PowerPCCPU *cpu = POWERPC_CPU(thread_cpu); 1099 uint32_t features = 0; 1100 1101 #define GET_FEATURE(flag, feature) \ 1102 do { if (cpu->env.insns_flags & flag) { features |= feature; } } while (0) 1103 #define GET_FEATURE2(flag, feature) \ 1104 do { if (cpu->env.insns_flags2 & flag) { features |= feature; } } while (0) 1105 1106 GET_FEATURE(PPC_ISEL, QEMU_PPC_FEATURE2_HAS_ISEL); 1107 GET_FEATURE2(PPC2_BCTAR_ISA207, QEMU_PPC_FEATURE2_HAS_TAR); 1108 GET_FEATURE2((PPC2_BCTAR_ISA207 | PPC2_LSQ_ISA207 | PPC2_ALTIVEC_207 | 1109 PPC2_ISA207S), QEMU_PPC_FEATURE2_ARCH_2_07 | 1110 QEMU_PPC_FEATURE2_VEC_CRYPTO); 1111 GET_FEATURE2(PPC2_ISA300, QEMU_PPC_FEATURE2_ARCH_3_00 | 1112 QEMU_PPC_FEATURE2_DARN | QEMU_PPC_FEATURE2_HAS_IEEE128); 1113 GET_FEATURE2(PPC2_ISA310, QEMU_PPC_FEATURE2_ARCH_3_1 | 1114 QEMU_PPC_FEATURE2_MMA); 1115 1116 #undef GET_FEATURE 1117 #undef GET_FEATURE2 1118 1119 return features; 1120 } 1121 1122 /* 1123 * The requirements here are: 1124 * - keep the final alignment of sp (sp & 0xf) 1125 * - make sure the 32-bit value at the first 16 byte aligned position of 1126 * AUXV is greater than 16 for glibc compatibility. 1127 * AT_IGNOREPPC is used for that. 1128 * - for compatibility with glibc ARCH_DLINFO must always be defined on PPC, 1129 * even if DLINFO_ARCH_ITEMS goes to zero or is undefined. 1130 */ 1131 #define DLINFO_ARCH_ITEMS 5 1132 #define ARCH_DLINFO \ 1133 do { \ 1134 PowerPCCPU *cpu = POWERPC_CPU(thread_cpu); \ 1135 /* \ 1136 * Handle glibc compatibility: these magic entries must \ 1137 * be at the lowest addresses in the final auxv. \ 1138 */ \ 1139 NEW_AUX_ENT(AT_IGNOREPPC, AT_IGNOREPPC); \ 1140 NEW_AUX_ENT(AT_IGNOREPPC, AT_IGNOREPPC); \ 1141 NEW_AUX_ENT(AT_DCACHEBSIZE, cpu->env.dcache_line_size); \ 1142 NEW_AUX_ENT(AT_ICACHEBSIZE, cpu->env.icache_line_size); \ 1143 NEW_AUX_ENT(AT_UCACHEBSIZE, 0); \ 1144 } while (0) 1145 1146 static inline void init_thread(struct target_pt_regs *_regs, struct image_info *infop) 1147 { 1148 _regs->gpr[1] = infop->start_stack; 1149 #if defined(TARGET_PPC64) 1150 if (get_ppc64_abi(infop) < 2) { 1151 uint64_t val; 1152 get_user_u64(val, infop->entry + 8); 1153 _regs->gpr[2] = val + infop->load_bias; 1154 get_user_u64(val, infop->entry); 1155 infop->entry = val + infop->load_bias; 1156 } else { 1157 _regs->gpr[12] = infop->entry; /* r12 set to global entry address */ 1158 } 1159 #endif 1160 _regs->nip = infop->entry; 1161 } 1162 1163 /* See linux kernel: arch/powerpc/include/asm/elf.h. */ 1164 #define ELF_NREG 48 1165 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 1166 1167 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUPPCState *env) 1168 { 1169 int i; 1170 target_ulong ccr = 0; 1171 1172 for (i = 0; i < ARRAY_SIZE(env->gpr); i++) { 1173 (*regs)[i] = tswapreg(env->gpr[i]); 1174 } 1175 1176 (*regs)[32] = tswapreg(env->nip); 1177 (*regs)[33] = tswapreg(env->msr); 1178 (*regs)[35] = tswapreg(env->ctr); 1179 (*regs)[36] = tswapreg(env->lr); 1180 (*regs)[37] = tswapreg(cpu_read_xer(env)); 1181 1182 ccr = ppc_get_cr(env); 1183 (*regs)[38] = tswapreg(ccr); 1184 } 1185 1186 #define USE_ELF_CORE_DUMP 1187 #define ELF_EXEC_PAGESIZE 4096 1188 1189 #endif 1190 1191 #ifdef TARGET_LOONGARCH64 1192 1193 #define ELF_CLASS ELFCLASS64 1194 #define ELF_ARCH EM_LOONGARCH 1195 #define EXSTACK_DEFAULT true 1196 1197 #define elf_check_arch(x) ((x) == EM_LOONGARCH) 1198 1199 static inline void init_thread(struct target_pt_regs *regs, 1200 struct image_info *infop) 1201 { 1202 /*Set crmd PG,DA = 1,0 */ 1203 regs->csr.crmd = 2 << 3; 1204 regs->csr.era = infop->entry; 1205 regs->regs[3] = infop->start_stack; 1206 } 1207 1208 /* See linux kernel: arch/loongarch/include/asm/elf.h */ 1209 #define ELF_NREG 45 1210 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 1211 1212 enum { 1213 TARGET_EF_R0 = 0, 1214 TARGET_EF_CSR_ERA = TARGET_EF_R0 + 33, 1215 TARGET_EF_CSR_BADV = TARGET_EF_R0 + 34, 1216 }; 1217 1218 static void elf_core_copy_regs(target_elf_gregset_t *regs, 1219 const CPULoongArchState *env) 1220 { 1221 int i; 1222 1223 (*regs)[TARGET_EF_R0] = 0; 1224 1225 for (i = 1; i < ARRAY_SIZE(env->gpr); i++) { 1226 (*regs)[TARGET_EF_R0 + i] = tswapreg(env->gpr[i]); 1227 } 1228 1229 (*regs)[TARGET_EF_CSR_ERA] = tswapreg(env->pc); 1230 (*regs)[TARGET_EF_CSR_BADV] = tswapreg(env->CSR_BADV); 1231 } 1232 1233 #define USE_ELF_CORE_DUMP 1234 #define ELF_EXEC_PAGESIZE 4096 1235 1236 #define ELF_HWCAP get_elf_hwcap() 1237 1238 /* See arch/loongarch/include/uapi/asm/hwcap.h */ 1239 enum { 1240 HWCAP_LOONGARCH_CPUCFG = (1 << 0), 1241 HWCAP_LOONGARCH_LAM = (1 << 1), 1242 HWCAP_LOONGARCH_UAL = (1 << 2), 1243 HWCAP_LOONGARCH_FPU = (1 << 3), 1244 HWCAP_LOONGARCH_LSX = (1 << 4), 1245 HWCAP_LOONGARCH_LASX = (1 << 5), 1246 HWCAP_LOONGARCH_CRC32 = (1 << 6), 1247 HWCAP_LOONGARCH_COMPLEX = (1 << 7), 1248 HWCAP_LOONGARCH_CRYPTO = (1 << 8), 1249 HWCAP_LOONGARCH_LVZ = (1 << 9), 1250 HWCAP_LOONGARCH_LBT_X86 = (1 << 10), 1251 HWCAP_LOONGARCH_LBT_ARM = (1 << 11), 1252 HWCAP_LOONGARCH_LBT_MIPS = (1 << 12), 1253 }; 1254 1255 static uint32_t get_elf_hwcap(void) 1256 { 1257 LoongArchCPU *cpu = LOONGARCH_CPU(thread_cpu); 1258 uint32_t hwcaps = 0; 1259 1260 hwcaps |= HWCAP_LOONGARCH_CRC32; 1261 1262 if (FIELD_EX32(cpu->env.cpucfg[1], CPUCFG1, UAL)) { 1263 hwcaps |= HWCAP_LOONGARCH_UAL; 1264 } 1265 1266 if (FIELD_EX32(cpu->env.cpucfg[2], CPUCFG2, FP)) { 1267 hwcaps |= HWCAP_LOONGARCH_FPU; 1268 } 1269 1270 if (FIELD_EX32(cpu->env.cpucfg[2], CPUCFG2, LAM)) { 1271 hwcaps |= HWCAP_LOONGARCH_LAM; 1272 } 1273 1274 if (FIELD_EX32(cpu->env.cpucfg[2], CPUCFG2, LSX)) { 1275 hwcaps |= HWCAP_LOONGARCH_LSX; 1276 } 1277 1278 if (FIELD_EX32(cpu->env.cpucfg[2], CPUCFG2, LASX)) { 1279 hwcaps |= HWCAP_LOONGARCH_LASX; 1280 } 1281 1282 return hwcaps; 1283 } 1284 1285 #define ELF_PLATFORM "loongarch" 1286 1287 #endif /* TARGET_LOONGARCH64 */ 1288 1289 #ifdef TARGET_MIPS 1290 1291 #ifdef TARGET_MIPS64 1292 #define ELF_CLASS ELFCLASS64 1293 #else 1294 #define ELF_CLASS ELFCLASS32 1295 #endif 1296 #define ELF_ARCH EM_MIPS 1297 #define EXSTACK_DEFAULT true 1298 1299 #ifdef TARGET_ABI_MIPSN32 1300 #define elf_check_abi(x) ((x) & EF_MIPS_ABI2) 1301 #else 1302 #define elf_check_abi(x) (!((x) & EF_MIPS_ABI2)) 1303 #endif 1304 1305 #define ELF_BASE_PLATFORM get_elf_base_platform() 1306 1307 #define MATCH_PLATFORM_INSN(_flags, _base_platform) \ 1308 do { if ((cpu->env.insn_flags & (_flags)) == _flags) \ 1309 { return _base_platform; } } while (0) 1310 1311 static const char *get_elf_base_platform(void) 1312 { 1313 MIPSCPU *cpu = MIPS_CPU(thread_cpu); 1314 1315 /* 64 bit ISAs goes first */ 1316 MATCH_PLATFORM_INSN(CPU_MIPS64R6, "mips64r6"); 1317 MATCH_PLATFORM_INSN(CPU_MIPS64R5, "mips64r5"); 1318 MATCH_PLATFORM_INSN(CPU_MIPS64R2, "mips64r2"); 1319 MATCH_PLATFORM_INSN(CPU_MIPS64R1, "mips64"); 1320 MATCH_PLATFORM_INSN(CPU_MIPS5, "mips5"); 1321 MATCH_PLATFORM_INSN(CPU_MIPS4, "mips4"); 1322 MATCH_PLATFORM_INSN(CPU_MIPS3, "mips3"); 1323 1324 /* 32 bit ISAs */ 1325 MATCH_PLATFORM_INSN(CPU_MIPS32R6, "mips32r6"); 1326 MATCH_PLATFORM_INSN(CPU_MIPS32R5, "mips32r5"); 1327 MATCH_PLATFORM_INSN(CPU_MIPS32R2, "mips32r2"); 1328 MATCH_PLATFORM_INSN(CPU_MIPS32R1, "mips32"); 1329 MATCH_PLATFORM_INSN(CPU_MIPS2, "mips2"); 1330 1331 /* Fallback */ 1332 return "mips"; 1333 } 1334 #undef MATCH_PLATFORM_INSN 1335 1336 static inline void init_thread(struct target_pt_regs *regs, 1337 struct image_info *infop) 1338 { 1339 regs->cp0_status = 2 << CP0St_KSU; 1340 regs->cp0_epc = infop->entry; 1341 regs->regs[29] = infop->start_stack; 1342 } 1343 1344 /* See linux kernel: arch/mips/include/asm/elf.h. */ 1345 #define ELF_NREG 45 1346 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 1347 1348 /* See linux kernel: arch/mips/include/asm/reg.h. */ 1349 enum { 1350 #ifdef TARGET_MIPS64 1351 TARGET_EF_R0 = 0, 1352 #else 1353 TARGET_EF_R0 = 6, 1354 #endif 1355 TARGET_EF_R26 = TARGET_EF_R0 + 26, 1356 TARGET_EF_R27 = TARGET_EF_R0 + 27, 1357 TARGET_EF_LO = TARGET_EF_R0 + 32, 1358 TARGET_EF_HI = TARGET_EF_R0 + 33, 1359 TARGET_EF_CP0_EPC = TARGET_EF_R0 + 34, 1360 TARGET_EF_CP0_BADVADDR = TARGET_EF_R0 + 35, 1361 TARGET_EF_CP0_STATUS = TARGET_EF_R0 + 36, 1362 TARGET_EF_CP0_CAUSE = TARGET_EF_R0 + 37 1363 }; 1364 1365 /* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs. */ 1366 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUMIPSState *env) 1367 { 1368 int i; 1369 1370 for (i = 0; i < TARGET_EF_R0; i++) { 1371 (*regs)[i] = 0; 1372 } 1373 (*regs)[TARGET_EF_R0] = 0; 1374 1375 for (i = 1; i < ARRAY_SIZE(env->active_tc.gpr); i++) { 1376 (*regs)[TARGET_EF_R0 + i] = tswapreg(env->active_tc.gpr[i]); 1377 } 1378 1379 (*regs)[TARGET_EF_R26] = 0; 1380 (*regs)[TARGET_EF_R27] = 0; 1381 (*regs)[TARGET_EF_LO] = tswapreg(env->active_tc.LO[0]); 1382 (*regs)[TARGET_EF_HI] = tswapreg(env->active_tc.HI[0]); 1383 (*regs)[TARGET_EF_CP0_EPC] = tswapreg(env->active_tc.PC); 1384 (*regs)[TARGET_EF_CP0_BADVADDR] = tswapreg(env->CP0_BadVAddr); 1385 (*regs)[TARGET_EF_CP0_STATUS] = tswapreg(env->CP0_Status); 1386 (*regs)[TARGET_EF_CP0_CAUSE] = tswapreg(env->CP0_Cause); 1387 } 1388 1389 #define USE_ELF_CORE_DUMP 1390 #define ELF_EXEC_PAGESIZE 4096 1391 1392 /* See arch/mips/include/uapi/asm/hwcap.h. */ 1393 enum { 1394 HWCAP_MIPS_R6 = (1 << 0), 1395 HWCAP_MIPS_MSA = (1 << 1), 1396 HWCAP_MIPS_CRC32 = (1 << 2), 1397 HWCAP_MIPS_MIPS16 = (1 << 3), 1398 HWCAP_MIPS_MDMX = (1 << 4), 1399 HWCAP_MIPS_MIPS3D = (1 << 5), 1400 HWCAP_MIPS_SMARTMIPS = (1 << 6), 1401 HWCAP_MIPS_DSP = (1 << 7), 1402 HWCAP_MIPS_DSP2 = (1 << 8), 1403 HWCAP_MIPS_DSP3 = (1 << 9), 1404 HWCAP_MIPS_MIPS16E2 = (1 << 10), 1405 HWCAP_LOONGSON_MMI = (1 << 11), 1406 HWCAP_LOONGSON_EXT = (1 << 12), 1407 HWCAP_LOONGSON_EXT2 = (1 << 13), 1408 HWCAP_LOONGSON_CPUCFG = (1 << 14), 1409 }; 1410 1411 #define ELF_HWCAP get_elf_hwcap() 1412 1413 #define GET_FEATURE_INSN(_flag, _hwcap) \ 1414 do { if (cpu->env.insn_flags & (_flag)) { hwcaps |= _hwcap; } } while (0) 1415 1416 #define GET_FEATURE_REG_SET(_reg, _mask, _hwcap) \ 1417 do { if (cpu->env._reg & (_mask)) { hwcaps |= _hwcap; } } while (0) 1418 1419 #define GET_FEATURE_REG_EQU(_reg, _start, _length, _val, _hwcap) \ 1420 do { \ 1421 if (extract32(cpu->env._reg, (_start), (_length)) == (_val)) { \ 1422 hwcaps |= _hwcap; \ 1423 } \ 1424 } while (0) 1425 1426 static uint32_t get_elf_hwcap(void) 1427 { 1428 MIPSCPU *cpu = MIPS_CPU(thread_cpu); 1429 uint32_t hwcaps = 0; 1430 1431 GET_FEATURE_REG_EQU(CP0_Config0, CP0C0_AR, CP0C0_AR_LENGTH, 1432 2, HWCAP_MIPS_R6); 1433 GET_FEATURE_REG_SET(CP0_Config3, 1 << CP0C3_MSAP, HWCAP_MIPS_MSA); 1434 GET_FEATURE_INSN(ASE_LMMI, HWCAP_LOONGSON_MMI); 1435 GET_FEATURE_INSN(ASE_LEXT, HWCAP_LOONGSON_EXT); 1436 1437 return hwcaps; 1438 } 1439 1440 #undef GET_FEATURE_REG_EQU 1441 #undef GET_FEATURE_REG_SET 1442 #undef GET_FEATURE_INSN 1443 1444 #endif /* TARGET_MIPS */ 1445 1446 #ifdef TARGET_MICROBLAZE 1447 1448 #define elf_check_arch(x) ( (x) == EM_MICROBLAZE || (x) == EM_MICROBLAZE_OLD) 1449 1450 #define ELF_CLASS ELFCLASS32 1451 #define ELF_ARCH EM_MICROBLAZE 1452 1453 static inline void init_thread(struct target_pt_regs *regs, 1454 struct image_info *infop) 1455 { 1456 regs->pc = infop->entry; 1457 regs->r1 = infop->start_stack; 1458 1459 } 1460 1461 #define ELF_EXEC_PAGESIZE 4096 1462 1463 #define USE_ELF_CORE_DUMP 1464 #define ELF_NREG 38 1465 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 1466 1467 /* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs. */ 1468 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUMBState *env) 1469 { 1470 int i, pos = 0; 1471 1472 for (i = 0; i < 32; i++) { 1473 (*regs)[pos++] = tswapreg(env->regs[i]); 1474 } 1475 1476 (*regs)[pos++] = tswapreg(env->pc); 1477 (*regs)[pos++] = tswapreg(mb_cpu_read_msr(env)); 1478 (*regs)[pos++] = 0; 1479 (*regs)[pos++] = tswapreg(env->ear); 1480 (*regs)[pos++] = 0; 1481 (*regs)[pos++] = tswapreg(env->esr); 1482 } 1483 1484 #endif /* TARGET_MICROBLAZE */ 1485 1486 #ifdef TARGET_NIOS2 1487 1488 #define elf_check_arch(x) ((x) == EM_ALTERA_NIOS2) 1489 1490 #define ELF_CLASS ELFCLASS32 1491 #define ELF_ARCH EM_ALTERA_NIOS2 1492 1493 static void init_thread(struct target_pt_regs *regs, struct image_info *infop) 1494 { 1495 regs->ea = infop->entry; 1496 regs->sp = infop->start_stack; 1497 } 1498 1499 #define LO_COMMPAGE TARGET_PAGE_SIZE 1500 1501 static bool init_guest_commpage(void) 1502 { 1503 static const uint8_t kuser_page[4 + 2 * 64] = { 1504 /* __kuser_helper_version */ 1505 [0x00] = 0x02, 0x00, 0x00, 0x00, 1506 1507 /* __kuser_cmpxchg */ 1508 [0x04] = 0x3a, 0x6c, 0x3b, 0x00, /* trap 16 */ 1509 0x3a, 0x28, 0x00, 0xf8, /* ret */ 1510 1511 /* __kuser_sigtramp */ 1512 [0x44] = 0xc4, 0x22, 0x80, 0x00, /* movi r2, __NR_rt_sigreturn */ 1513 0x3a, 0x68, 0x3b, 0x00, /* trap 0 */ 1514 }; 1515 1516 void *want = g2h_untagged(LO_COMMPAGE & -qemu_host_page_size); 1517 void *addr = mmap(want, qemu_host_page_size, PROT_READ | PROT_WRITE, 1518 MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0); 1519 1520 if (addr == MAP_FAILED) { 1521 perror("Allocating guest commpage"); 1522 exit(EXIT_FAILURE); 1523 } 1524 if (addr != want) { 1525 return false; 1526 } 1527 1528 memcpy(addr, kuser_page, sizeof(kuser_page)); 1529 1530 if (mprotect(addr, qemu_host_page_size, PROT_READ)) { 1531 perror("Protecting guest commpage"); 1532 exit(EXIT_FAILURE); 1533 } 1534 1535 page_set_flags(LO_COMMPAGE, LO_COMMPAGE | ~TARGET_PAGE_MASK, 1536 PAGE_READ | PAGE_EXEC | PAGE_VALID); 1537 return true; 1538 } 1539 1540 #define ELF_EXEC_PAGESIZE 4096 1541 1542 #define USE_ELF_CORE_DUMP 1543 #define ELF_NREG 49 1544 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 1545 1546 /* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs. */ 1547 static void elf_core_copy_regs(target_elf_gregset_t *regs, 1548 const CPUNios2State *env) 1549 { 1550 int i; 1551 1552 (*regs)[0] = -1; 1553 for (i = 1; i < 8; i++) /* r0-r7 */ 1554 (*regs)[i] = tswapreg(env->regs[i + 7]); 1555 1556 for (i = 8; i < 16; i++) /* r8-r15 */ 1557 (*regs)[i] = tswapreg(env->regs[i - 8]); 1558 1559 for (i = 16; i < 24; i++) /* r16-r23 */ 1560 (*regs)[i] = tswapreg(env->regs[i + 7]); 1561 (*regs)[24] = -1; /* R_ET */ 1562 (*regs)[25] = -1; /* R_BT */ 1563 (*regs)[26] = tswapreg(env->regs[R_GP]); 1564 (*regs)[27] = tswapreg(env->regs[R_SP]); 1565 (*regs)[28] = tswapreg(env->regs[R_FP]); 1566 (*regs)[29] = tswapreg(env->regs[R_EA]); 1567 (*regs)[30] = -1; /* R_SSTATUS */ 1568 (*regs)[31] = tswapreg(env->regs[R_RA]); 1569 1570 (*regs)[32] = tswapreg(env->pc); 1571 1572 (*regs)[33] = -1; /* R_STATUS */ 1573 (*regs)[34] = tswapreg(env->regs[CR_ESTATUS]); 1574 1575 for (i = 35; i < 49; i++) /* ... */ 1576 (*regs)[i] = -1; 1577 } 1578 1579 #endif /* TARGET_NIOS2 */ 1580 1581 #ifdef TARGET_OPENRISC 1582 1583 #define ELF_ARCH EM_OPENRISC 1584 #define ELF_CLASS ELFCLASS32 1585 #define ELF_DATA ELFDATA2MSB 1586 1587 static inline void init_thread(struct target_pt_regs *regs, 1588 struct image_info *infop) 1589 { 1590 regs->pc = infop->entry; 1591 regs->gpr[1] = infop->start_stack; 1592 } 1593 1594 #define USE_ELF_CORE_DUMP 1595 #define ELF_EXEC_PAGESIZE 8192 1596 1597 /* See linux kernel arch/openrisc/include/asm/elf.h. */ 1598 #define ELF_NREG 34 /* gprs and pc, sr */ 1599 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 1600 1601 static void elf_core_copy_regs(target_elf_gregset_t *regs, 1602 const CPUOpenRISCState *env) 1603 { 1604 int i; 1605 1606 for (i = 0; i < 32; i++) { 1607 (*regs)[i] = tswapreg(cpu_get_gpr(env, i)); 1608 } 1609 (*regs)[32] = tswapreg(env->pc); 1610 (*regs)[33] = tswapreg(cpu_get_sr(env)); 1611 } 1612 #define ELF_HWCAP 0 1613 #define ELF_PLATFORM NULL 1614 1615 #endif /* TARGET_OPENRISC */ 1616 1617 #ifdef TARGET_SH4 1618 1619 #define ELF_CLASS ELFCLASS32 1620 #define ELF_ARCH EM_SH 1621 1622 static inline void init_thread(struct target_pt_regs *regs, 1623 struct image_info *infop) 1624 { 1625 /* Check other registers XXXXX */ 1626 regs->pc = infop->entry; 1627 regs->regs[15] = infop->start_stack; 1628 } 1629 1630 /* See linux kernel: arch/sh/include/asm/elf.h. */ 1631 #define ELF_NREG 23 1632 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 1633 1634 /* See linux kernel: arch/sh/include/asm/ptrace.h. */ 1635 enum { 1636 TARGET_REG_PC = 16, 1637 TARGET_REG_PR = 17, 1638 TARGET_REG_SR = 18, 1639 TARGET_REG_GBR = 19, 1640 TARGET_REG_MACH = 20, 1641 TARGET_REG_MACL = 21, 1642 TARGET_REG_SYSCALL = 22 1643 }; 1644 1645 static inline void elf_core_copy_regs(target_elf_gregset_t *regs, 1646 const CPUSH4State *env) 1647 { 1648 int i; 1649 1650 for (i = 0; i < 16; i++) { 1651 (*regs)[i] = tswapreg(env->gregs[i]); 1652 } 1653 1654 (*regs)[TARGET_REG_PC] = tswapreg(env->pc); 1655 (*regs)[TARGET_REG_PR] = tswapreg(env->pr); 1656 (*regs)[TARGET_REG_SR] = tswapreg(env->sr); 1657 (*regs)[TARGET_REG_GBR] = tswapreg(env->gbr); 1658 (*regs)[TARGET_REG_MACH] = tswapreg(env->mach); 1659 (*regs)[TARGET_REG_MACL] = tswapreg(env->macl); 1660 (*regs)[TARGET_REG_SYSCALL] = 0; /* FIXME */ 1661 } 1662 1663 #define USE_ELF_CORE_DUMP 1664 #define ELF_EXEC_PAGESIZE 4096 1665 1666 enum { 1667 SH_CPU_HAS_FPU = 0x0001, /* Hardware FPU support */ 1668 SH_CPU_HAS_P2_FLUSH_BUG = 0x0002, /* Need to flush the cache in P2 area */ 1669 SH_CPU_HAS_MMU_PAGE_ASSOC = 0x0004, /* SH3: TLB way selection bit support */ 1670 SH_CPU_HAS_DSP = 0x0008, /* SH-DSP: DSP support */ 1671 SH_CPU_HAS_PERF_COUNTER = 0x0010, /* Hardware performance counters */ 1672 SH_CPU_HAS_PTEA = 0x0020, /* PTEA register */ 1673 SH_CPU_HAS_LLSC = 0x0040, /* movli.l/movco.l */ 1674 SH_CPU_HAS_L2_CACHE = 0x0080, /* Secondary cache / URAM */ 1675 SH_CPU_HAS_OP32 = 0x0100, /* 32-bit instruction support */ 1676 SH_CPU_HAS_PTEAEX = 0x0200, /* PTE ASID Extension support */ 1677 }; 1678 1679 #define ELF_HWCAP get_elf_hwcap() 1680 1681 static uint32_t get_elf_hwcap(void) 1682 { 1683 SuperHCPU *cpu = SUPERH_CPU(thread_cpu); 1684 uint32_t hwcap = 0; 1685 1686 hwcap |= SH_CPU_HAS_FPU; 1687 1688 if (cpu->env.features & SH_FEATURE_SH4A) { 1689 hwcap |= SH_CPU_HAS_LLSC; 1690 } 1691 1692 return hwcap; 1693 } 1694 1695 #endif 1696 1697 #ifdef TARGET_CRIS 1698 1699 #define ELF_CLASS ELFCLASS32 1700 #define ELF_ARCH EM_CRIS 1701 1702 static inline void init_thread(struct target_pt_regs *regs, 1703 struct image_info *infop) 1704 { 1705 regs->erp = infop->entry; 1706 } 1707 1708 #define ELF_EXEC_PAGESIZE 8192 1709 1710 #endif 1711 1712 #ifdef TARGET_M68K 1713 1714 #define ELF_CLASS ELFCLASS32 1715 #define ELF_ARCH EM_68K 1716 1717 /* ??? Does this need to do anything? 1718 #define ELF_PLAT_INIT(_r) */ 1719 1720 static inline void init_thread(struct target_pt_regs *regs, 1721 struct image_info *infop) 1722 { 1723 regs->usp = infop->start_stack; 1724 regs->sr = 0; 1725 regs->pc = infop->entry; 1726 } 1727 1728 /* See linux kernel: arch/m68k/include/asm/elf.h. */ 1729 #define ELF_NREG 20 1730 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 1731 1732 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUM68KState *env) 1733 { 1734 (*regs)[0] = tswapreg(env->dregs[1]); 1735 (*regs)[1] = tswapreg(env->dregs[2]); 1736 (*regs)[2] = tswapreg(env->dregs[3]); 1737 (*regs)[3] = tswapreg(env->dregs[4]); 1738 (*regs)[4] = tswapreg(env->dregs[5]); 1739 (*regs)[5] = tswapreg(env->dregs[6]); 1740 (*regs)[6] = tswapreg(env->dregs[7]); 1741 (*regs)[7] = tswapreg(env->aregs[0]); 1742 (*regs)[8] = tswapreg(env->aregs[1]); 1743 (*regs)[9] = tswapreg(env->aregs[2]); 1744 (*regs)[10] = tswapreg(env->aregs[3]); 1745 (*regs)[11] = tswapreg(env->aregs[4]); 1746 (*regs)[12] = tswapreg(env->aregs[5]); 1747 (*regs)[13] = tswapreg(env->aregs[6]); 1748 (*regs)[14] = tswapreg(env->dregs[0]); 1749 (*regs)[15] = tswapreg(env->aregs[7]); 1750 (*regs)[16] = tswapreg(env->dregs[0]); /* FIXME: orig_d0 */ 1751 (*regs)[17] = tswapreg(env->sr); 1752 (*regs)[18] = tswapreg(env->pc); 1753 (*regs)[19] = 0; /* FIXME: regs->format | regs->vector */ 1754 } 1755 1756 #define USE_ELF_CORE_DUMP 1757 #define ELF_EXEC_PAGESIZE 8192 1758 1759 #endif 1760 1761 #ifdef TARGET_ALPHA 1762 1763 #define ELF_CLASS ELFCLASS64 1764 #define ELF_ARCH EM_ALPHA 1765 1766 static inline void init_thread(struct target_pt_regs *regs, 1767 struct image_info *infop) 1768 { 1769 regs->pc = infop->entry; 1770 regs->ps = 8; 1771 regs->usp = infop->start_stack; 1772 } 1773 1774 #define ELF_EXEC_PAGESIZE 8192 1775 1776 #endif /* TARGET_ALPHA */ 1777 1778 #ifdef TARGET_S390X 1779 1780 #define ELF_CLASS ELFCLASS64 1781 #define ELF_DATA ELFDATA2MSB 1782 #define ELF_ARCH EM_S390 1783 1784 #include "elf.h" 1785 1786 #define ELF_HWCAP get_elf_hwcap() 1787 1788 #define GET_FEATURE(_feat, _hwcap) \ 1789 do { if (s390_has_feat(_feat)) { hwcap |= _hwcap; } } while (0) 1790 1791 uint32_t get_elf_hwcap(void) 1792 { 1793 /* 1794 * Let's assume we always have esan3 and zarch. 1795 * 31-bit processes can use 64-bit registers (high gprs). 1796 */ 1797 uint32_t hwcap = HWCAP_S390_ESAN3 | HWCAP_S390_ZARCH | HWCAP_S390_HIGH_GPRS; 1798 1799 GET_FEATURE(S390_FEAT_STFLE, HWCAP_S390_STFLE); 1800 GET_FEATURE(S390_FEAT_MSA, HWCAP_S390_MSA); 1801 GET_FEATURE(S390_FEAT_LONG_DISPLACEMENT, HWCAP_S390_LDISP); 1802 GET_FEATURE(S390_FEAT_EXTENDED_IMMEDIATE, HWCAP_S390_EIMM); 1803 if (s390_has_feat(S390_FEAT_EXTENDED_TRANSLATION_3) && 1804 s390_has_feat(S390_FEAT_ETF3_ENH)) { 1805 hwcap |= HWCAP_S390_ETF3EH; 1806 } 1807 GET_FEATURE(S390_FEAT_VECTOR, HWCAP_S390_VXRS); 1808 GET_FEATURE(S390_FEAT_VECTOR_ENH, HWCAP_S390_VXRS_EXT); 1809 GET_FEATURE(S390_FEAT_VECTOR_ENH2, HWCAP_S390_VXRS_EXT2); 1810 1811 return hwcap; 1812 } 1813 1814 const char *elf_hwcap_str(uint32_t bit) 1815 { 1816 static const char *hwcap_str[] = { 1817 [HWCAP_S390_NR_ESAN3] = "esan3", 1818 [HWCAP_S390_NR_ZARCH] = "zarch", 1819 [HWCAP_S390_NR_STFLE] = "stfle", 1820 [HWCAP_S390_NR_MSA] = "msa", 1821 [HWCAP_S390_NR_LDISP] = "ldisp", 1822 [HWCAP_S390_NR_EIMM] = "eimm", 1823 [HWCAP_S390_NR_DFP] = "dfp", 1824 [HWCAP_S390_NR_HPAGE] = "edat", 1825 [HWCAP_S390_NR_ETF3EH] = "etf3eh", 1826 [HWCAP_S390_NR_HIGH_GPRS] = "highgprs", 1827 [HWCAP_S390_NR_TE] = "te", 1828 [HWCAP_S390_NR_VXRS] = "vx", 1829 [HWCAP_S390_NR_VXRS_BCD] = "vxd", 1830 [HWCAP_S390_NR_VXRS_EXT] = "vxe", 1831 [HWCAP_S390_NR_GS] = "gs", 1832 [HWCAP_S390_NR_VXRS_EXT2] = "vxe2", 1833 [HWCAP_S390_NR_VXRS_PDE] = "vxp", 1834 [HWCAP_S390_NR_SORT] = "sort", 1835 [HWCAP_S390_NR_DFLT] = "dflt", 1836 [HWCAP_S390_NR_NNPA] = "nnpa", 1837 [HWCAP_S390_NR_PCI_MIO] = "pcimio", 1838 [HWCAP_S390_NR_SIE] = "sie", 1839 }; 1840 1841 return bit < ARRAY_SIZE(hwcap_str) ? hwcap_str[bit] : NULL; 1842 } 1843 1844 static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop) 1845 { 1846 regs->psw.addr = infop->entry; 1847 regs->psw.mask = PSW_MASK_DAT | PSW_MASK_IO | PSW_MASK_EXT | \ 1848 PSW_MASK_MCHECK | PSW_MASK_PSTATE | PSW_MASK_64 | \ 1849 PSW_MASK_32; 1850 regs->gprs[15] = infop->start_stack; 1851 } 1852 1853 /* See linux kernel: arch/s390/include/uapi/asm/ptrace.h (s390_regs). */ 1854 #define ELF_NREG 27 1855 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 1856 1857 enum { 1858 TARGET_REG_PSWM = 0, 1859 TARGET_REG_PSWA = 1, 1860 TARGET_REG_GPRS = 2, 1861 TARGET_REG_ARS = 18, 1862 TARGET_REG_ORIG_R2 = 26, 1863 }; 1864 1865 static void elf_core_copy_regs(target_elf_gregset_t *regs, 1866 const CPUS390XState *env) 1867 { 1868 int i; 1869 uint32_t *aregs; 1870 1871 (*regs)[TARGET_REG_PSWM] = tswapreg(env->psw.mask); 1872 (*regs)[TARGET_REG_PSWA] = tswapreg(env->psw.addr); 1873 for (i = 0; i < 16; i++) { 1874 (*regs)[TARGET_REG_GPRS + i] = tswapreg(env->regs[i]); 1875 } 1876 aregs = (uint32_t *)&((*regs)[TARGET_REG_ARS]); 1877 for (i = 0; i < 16; i++) { 1878 aregs[i] = tswap32(env->aregs[i]); 1879 } 1880 (*regs)[TARGET_REG_ORIG_R2] = 0; 1881 } 1882 1883 #define USE_ELF_CORE_DUMP 1884 #define ELF_EXEC_PAGESIZE 4096 1885 1886 #endif /* TARGET_S390X */ 1887 1888 #ifdef TARGET_RISCV 1889 1890 #define ELF_ARCH EM_RISCV 1891 1892 #ifdef TARGET_RISCV32 1893 #define ELF_CLASS ELFCLASS32 1894 #else 1895 #define ELF_CLASS ELFCLASS64 1896 #endif 1897 1898 #define ELF_HWCAP get_elf_hwcap() 1899 1900 static uint32_t get_elf_hwcap(void) 1901 { 1902 #define MISA_BIT(EXT) (1 << (EXT - 'A')) 1903 RISCVCPU *cpu = RISCV_CPU(thread_cpu); 1904 uint32_t mask = MISA_BIT('I') | MISA_BIT('M') | MISA_BIT('A') 1905 | MISA_BIT('F') | MISA_BIT('D') | MISA_BIT('C') 1906 | MISA_BIT('V'); 1907 1908 return cpu->env.misa_ext & mask; 1909 #undef MISA_BIT 1910 } 1911 1912 static inline void init_thread(struct target_pt_regs *regs, 1913 struct image_info *infop) 1914 { 1915 regs->sepc = infop->entry; 1916 regs->sp = infop->start_stack; 1917 } 1918 1919 #define ELF_EXEC_PAGESIZE 4096 1920 1921 #endif /* TARGET_RISCV */ 1922 1923 #ifdef TARGET_HPPA 1924 1925 #define ELF_CLASS ELFCLASS32 1926 #define ELF_ARCH EM_PARISC 1927 #define ELF_PLATFORM "PARISC" 1928 #define STACK_GROWS_DOWN 0 1929 #define STACK_ALIGNMENT 64 1930 1931 static inline void init_thread(struct target_pt_regs *regs, 1932 struct image_info *infop) 1933 { 1934 regs->iaoq[0] = infop->entry; 1935 regs->iaoq[1] = infop->entry + 4; 1936 regs->gr[23] = 0; 1937 regs->gr[24] = infop->argv; 1938 regs->gr[25] = infop->argc; 1939 /* The top-of-stack contains a linkage buffer. */ 1940 regs->gr[30] = infop->start_stack + 64; 1941 regs->gr[31] = infop->entry; 1942 } 1943 1944 #define LO_COMMPAGE 0 1945 1946 static bool init_guest_commpage(void) 1947 { 1948 void *want = g2h_untagged(LO_COMMPAGE); 1949 void *addr = mmap(want, qemu_host_page_size, PROT_NONE, 1950 MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0); 1951 1952 if (addr == MAP_FAILED) { 1953 perror("Allocating guest commpage"); 1954 exit(EXIT_FAILURE); 1955 } 1956 if (addr != want) { 1957 return false; 1958 } 1959 1960 /* 1961 * On Linux, page zero is normally marked execute only + gateway. 1962 * Normal read or write is supposed to fail (thus PROT_NONE above), 1963 * but specific offsets have kernel code mapped to raise permissions 1964 * and implement syscalls. Here, simply mark the page executable. 1965 * Special case the entry points during translation (see do_page_zero). 1966 */ 1967 page_set_flags(LO_COMMPAGE, LO_COMMPAGE | ~TARGET_PAGE_MASK, 1968 PAGE_EXEC | PAGE_VALID); 1969 return true; 1970 } 1971 1972 #endif /* TARGET_HPPA */ 1973 1974 #ifdef TARGET_XTENSA 1975 1976 #define ELF_CLASS ELFCLASS32 1977 #define ELF_ARCH EM_XTENSA 1978 1979 static inline void init_thread(struct target_pt_regs *regs, 1980 struct image_info *infop) 1981 { 1982 regs->windowbase = 0; 1983 regs->windowstart = 1; 1984 regs->areg[1] = infop->start_stack; 1985 regs->pc = infop->entry; 1986 if (info_is_fdpic(infop)) { 1987 regs->areg[4] = infop->loadmap_addr; 1988 regs->areg[5] = infop->interpreter_loadmap_addr; 1989 if (infop->interpreter_loadmap_addr) { 1990 regs->areg[6] = infop->interpreter_pt_dynamic_addr; 1991 } else { 1992 regs->areg[6] = infop->pt_dynamic_addr; 1993 } 1994 } 1995 } 1996 1997 /* See linux kernel: arch/xtensa/include/asm/elf.h. */ 1998 #define ELF_NREG 128 1999 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 2000 2001 enum { 2002 TARGET_REG_PC, 2003 TARGET_REG_PS, 2004 TARGET_REG_LBEG, 2005 TARGET_REG_LEND, 2006 TARGET_REG_LCOUNT, 2007 TARGET_REG_SAR, 2008 TARGET_REG_WINDOWSTART, 2009 TARGET_REG_WINDOWBASE, 2010 TARGET_REG_THREADPTR, 2011 TARGET_REG_AR0 = 64, 2012 }; 2013 2014 static void elf_core_copy_regs(target_elf_gregset_t *regs, 2015 const CPUXtensaState *env) 2016 { 2017 unsigned i; 2018 2019 (*regs)[TARGET_REG_PC] = tswapreg(env->pc); 2020 (*regs)[TARGET_REG_PS] = tswapreg(env->sregs[PS] & ~PS_EXCM); 2021 (*regs)[TARGET_REG_LBEG] = tswapreg(env->sregs[LBEG]); 2022 (*regs)[TARGET_REG_LEND] = tswapreg(env->sregs[LEND]); 2023 (*regs)[TARGET_REG_LCOUNT] = tswapreg(env->sregs[LCOUNT]); 2024 (*regs)[TARGET_REG_SAR] = tswapreg(env->sregs[SAR]); 2025 (*regs)[TARGET_REG_WINDOWSTART] = tswapreg(env->sregs[WINDOW_START]); 2026 (*regs)[TARGET_REG_WINDOWBASE] = tswapreg(env->sregs[WINDOW_BASE]); 2027 (*regs)[TARGET_REG_THREADPTR] = tswapreg(env->uregs[THREADPTR]); 2028 xtensa_sync_phys_from_window((CPUXtensaState *)env); 2029 for (i = 0; i < env->config->nareg; ++i) { 2030 (*regs)[TARGET_REG_AR0 + i] = tswapreg(env->phys_regs[i]); 2031 } 2032 } 2033 2034 #define USE_ELF_CORE_DUMP 2035 #define ELF_EXEC_PAGESIZE 4096 2036 2037 #endif /* TARGET_XTENSA */ 2038 2039 #ifdef TARGET_HEXAGON 2040 2041 #define ELF_CLASS ELFCLASS32 2042 #define ELF_ARCH EM_HEXAGON 2043 2044 static inline void init_thread(struct target_pt_regs *regs, 2045 struct image_info *infop) 2046 { 2047 regs->sepc = infop->entry; 2048 regs->sp = infop->start_stack; 2049 } 2050 2051 #endif /* TARGET_HEXAGON */ 2052 2053 #ifndef ELF_BASE_PLATFORM 2054 #define ELF_BASE_PLATFORM (NULL) 2055 #endif 2056 2057 #ifndef ELF_PLATFORM 2058 #define ELF_PLATFORM (NULL) 2059 #endif 2060 2061 #ifndef ELF_MACHINE 2062 #define ELF_MACHINE ELF_ARCH 2063 #endif 2064 2065 #ifndef elf_check_arch 2066 #define elf_check_arch(x) ((x) == ELF_ARCH) 2067 #endif 2068 2069 #ifndef elf_check_abi 2070 #define elf_check_abi(x) (1) 2071 #endif 2072 2073 #ifndef ELF_HWCAP 2074 #define ELF_HWCAP 0 2075 #endif 2076 2077 #ifndef STACK_GROWS_DOWN 2078 #define STACK_GROWS_DOWN 1 2079 #endif 2080 2081 #ifndef STACK_ALIGNMENT 2082 #define STACK_ALIGNMENT 16 2083 #endif 2084 2085 #ifdef TARGET_ABI32 2086 #undef ELF_CLASS 2087 #define ELF_CLASS ELFCLASS32 2088 #undef bswaptls 2089 #define bswaptls(ptr) bswap32s(ptr) 2090 #endif 2091 2092 #ifndef EXSTACK_DEFAULT 2093 #define EXSTACK_DEFAULT false 2094 #endif 2095 2096 #include "elf.h" 2097 2098 /* We must delay the following stanzas until after "elf.h". */ 2099 #if defined(TARGET_AARCH64) 2100 2101 static bool arch_parse_elf_property(uint32_t pr_type, uint32_t pr_datasz, 2102 const uint32_t *data, 2103 struct image_info *info, 2104 Error **errp) 2105 { 2106 if (pr_type == GNU_PROPERTY_AARCH64_FEATURE_1_AND) { 2107 if (pr_datasz != sizeof(uint32_t)) { 2108 error_setg(errp, "Ill-formed GNU_PROPERTY_AARCH64_FEATURE_1_AND"); 2109 return false; 2110 } 2111 /* We will extract GNU_PROPERTY_AARCH64_FEATURE_1_BTI later. */ 2112 info->note_flags = *data; 2113 } 2114 return true; 2115 } 2116 #define ARCH_USE_GNU_PROPERTY 1 2117 2118 #else 2119 2120 static bool arch_parse_elf_property(uint32_t pr_type, uint32_t pr_datasz, 2121 const uint32_t *data, 2122 struct image_info *info, 2123 Error **errp) 2124 { 2125 g_assert_not_reached(); 2126 } 2127 #define ARCH_USE_GNU_PROPERTY 0 2128 2129 #endif 2130 2131 struct exec 2132 { 2133 unsigned int a_info; /* Use macros N_MAGIC, etc for access */ 2134 unsigned int a_text; /* length of text, in bytes */ 2135 unsigned int a_data; /* length of data, in bytes */ 2136 unsigned int a_bss; /* length of uninitialized data area, in bytes */ 2137 unsigned int a_syms; /* length of symbol table data in file, in bytes */ 2138 unsigned int a_entry; /* start address */ 2139 unsigned int a_trsize; /* length of relocation info for text, in bytes */ 2140 unsigned int a_drsize; /* length of relocation info for data, in bytes */ 2141 }; 2142 2143 2144 #define N_MAGIC(exec) ((exec).a_info & 0xffff) 2145 #define OMAGIC 0407 2146 #define NMAGIC 0410 2147 #define ZMAGIC 0413 2148 #define QMAGIC 0314 2149 2150 #define DLINFO_ITEMS 16 2151 2152 static inline void memcpy_fromfs(void * to, const void * from, unsigned long n) 2153 { 2154 memcpy(to, from, n); 2155 } 2156 2157 #ifdef BSWAP_NEEDED 2158 static void bswap_ehdr(struct elfhdr *ehdr) 2159 { 2160 bswap16s(&ehdr->e_type); /* Object file type */ 2161 bswap16s(&ehdr->e_machine); /* Architecture */ 2162 bswap32s(&ehdr->e_version); /* Object file version */ 2163 bswaptls(&ehdr->e_entry); /* Entry point virtual address */ 2164 bswaptls(&ehdr->e_phoff); /* Program header table file offset */ 2165 bswaptls(&ehdr->e_shoff); /* Section header table file offset */ 2166 bswap32s(&ehdr->e_flags); /* Processor-specific flags */ 2167 bswap16s(&ehdr->e_ehsize); /* ELF header size in bytes */ 2168 bswap16s(&ehdr->e_phentsize); /* Program header table entry size */ 2169 bswap16s(&ehdr->e_phnum); /* Program header table entry count */ 2170 bswap16s(&ehdr->e_shentsize); /* Section header table entry size */ 2171 bswap16s(&ehdr->e_shnum); /* Section header table entry count */ 2172 bswap16s(&ehdr->e_shstrndx); /* Section header string table index */ 2173 } 2174 2175 static void bswap_phdr(struct elf_phdr *phdr, int phnum) 2176 { 2177 int i; 2178 for (i = 0; i < phnum; ++i, ++phdr) { 2179 bswap32s(&phdr->p_type); /* Segment type */ 2180 bswap32s(&phdr->p_flags); /* Segment flags */ 2181 bswaptls(&phdr->p_offset); /* Segment file offset */ 2182 bswaptls(&phdr->p_vaddr); /* Segment virtual address */ 2183 bswaptls(&phdr->p_paddr); /* Segment physical address */ 2184 bswaptls(&phdr->p_filesz); /* Segment size in file */ 2185 bswaptls(&phdr->p_memsz); /* Segment size in memory */ 2186 bswaptls(&phdr->p_align); /* Segment alignment */ 2187 } 2188 } 2189 2190 static void bswap_shdr(struct elf_shdr *shdr, int shnum) 2191 { 2192 int i; 2193 for (i = 0; i < shnum; ++i, ++shdr) { 2194 bswap32s(&shdr->sh_name); 2195 bswap32s(&shdr->sh_type); 2196 bswaptls(&shdr->sh_flags); 2197 bswaptls(&shdr->sh_addr); 2198 bswaptls(&shdr->sh_offset); 2199 bswaptls(&shdr->sh_size); 2200 bswap32s(&shdr->sh_link); 2201 bswap32s(&shdr->sh_info); 2202 bswaptls(&shdr->sh_addralign); 2203 bswaptls(&shdr->sh_entsize); 2204 } 2205 } 2206 2207 static void bswap_sym(struct elf_sym *sym) 2208 { 2209 bswap32s(&sym->st_name); 2210 bswaptls(&sym->st_value); 2211 bswaptls(&sym->st_size); 2212 bswap16s(&sym->st_shndx); 2213 } 2214 2215 #ifdef TARGET_MIPS 2216 static void bswap_mips_abiflags(Mips_elf_abiflags_v0 *abiflags) 2217 { 2218 bswap16s(&abiflags->version); 2219 bswap32s(&abiflags->ases); 2220 bswap32s(&abiflags->isa_ext); 2221 bswap32s(&abiflags->flags1); 2222 bswap32s(&abiflags->flags2); 2223 } 2224 #endif 2225 #else 2226 static inline void bswap_ehdr(struct elfhdr *ehdr) { } 2227 static inline void bswap_phdr(struct elf_phdr *phdr, int phnum) { } 2228 static inline void bswap_shdr(struct elf_shdr *shdr, int shnum) { } 2229 static inline void bswap_sym(struct elf_sym *sym) { } 2230 #ifdef TARGET_MIPS 2231 static inline void bswap_mips_abiflags(Mips_elf_abiflags_v0 *abiflags) { } 2232 #endif 2233 #endif 2234 2235 #ifdef USE_ELF_CORE_DUMP 2236 static int elf_core_dump(int, const CPUArchState *); 2237 #endif /* USE_ELF_CORE_DUMP */ 2238 static void load_symbols(struct elfhdr *hdr, const ImageSource *src, 2239 abi_ulong load_bias); 2240 2241 /* Verify the portions of EHDR within E_IDENT for the target. 2242 This can be performed before bswapping the entire header. */ 2243 static bool elf_check_ident(struct elfhdr *ehdr) 2244 { 2245 return (ehdr->e_ident[EI_MAG0] == ELFMAG0 2246 && ehdr->e_ident[EI_MAG1] == ELFMAG1 2247 && ehdr->e_ident[EI_MAG2] == ELFMAG2 2248 && ehdr->e_ident[EI_MAG3] == ELFMAG3 2249 && ehdr->e_ident[EI_CLASS] == ELF_CLASS 2250 && ehdr->e_ident[EI_DATA] == ELF_DATA 2251 && ehdr->e_ident[EI_VERSION] == EV_CURRENT); 2252 } 2253 2254 /* Verify the portions of EHDR outside of E_IDENT for the target. 2255 This has to wait until after bswapping the header. */ 2256 static bool elf_check_ehdr(struct elfhdr *ehdr) 2257 { 2258 return (elf_check_arch(ehdr->e_machine) 2259 && elf_check_abi(ehdr->e_flags) 2260 && ehdr->e_ehsize == sizeof(struct elfhdr) 2261 && ehdr->e_phentsize == sizeof(struct elf_phdr) 2262 && (ehdr->e_type == ET_EXEC || ehdr->e_type == ET_DYN)); 2263 } 2264 2265 /* 2266 * 'copy_elf_strings()' copies argument/envelope strings from user 2267 * memory to free pages in kernel mem. These are in a format ready 2268 * to be put directly into the top of new user memory. 2269 * 2270 */ 2271 static abi_ulong copy_elf_strings(int argc, char **argv, char *scratch, 2272 abi_ulong p, abi_ulong stack_limit) 2273 { 2274 char *tmp; 2275 int len, i; 2276 abi_ulong top = p; 2277 2278 if (!p) { 2279 return 0; /* bullet-proofing */ 2280 } 2281 2282 if (STACK_GROWS_DOWN) { 2283 int offset = ((p - 1) % TARGET_PAGE_SIZE) + 1; 2284 for (i = argc - 1; i >= 0; --i) { 2285 tmp = argv[i]; 2286 if (!tmp) { 2287 fprintf(stderr, "VFS: argc is wrong"); 2288 exit(-1); 2289 } 2290 len = strlen(tmp) + 1; 2291 tmp += len; 2292 2293 if (len > (p - stack_limit)) { 2294 return 0; 2295 } 2296 while (len) { 2297 int bytes_to_copy = (len > offset) ? offset : len; 2298 tmp -= bytes_to_copy; 2299 p -= bytes_to_copy; 2300 offset -= bytes_to_copy; 2301 len -= bytes_to_copy; 2302 2303 memcpy_fromfs(scratch + offset, tmp, bytes_to_copy); 2304 2305 if (offset == 0) { 2306 memcpy_to_target(p, scratch, top - p); 2307 top = p; 2308 offset = TARGET_PAGE_SIZE; 2309 } 2310 } 2311 } 2312 if (p != top) { 2313 memcpy_to_target(p, scratch + offset, top - p); 2314 } 2315 } else { 2316 int remaining = TARGET_PAGE_SIZE - (p % TARGET_PAGE_SIZE); 2317 for (i = 0; i < argc; ++i) { 2318 tmp = argv[i]; 2319 if (!tmp) { 2320 fprintf(stderr, "VFS: argc is wrong"); 2321 exit(-1); 2322 } 2323 len = strlen(tmp) + 1; 2324 if (len > (stack_limit - p)) { 2325 return 0; 2326 } 2327 while (len) { 2328 int bytes_to_copy = (len > remaining) ? remaining : len; 2329 2330 memcpy_fromfs(scratch + (p - top), tmp, bytes_to_copy); 2331 2332 tmp += bytes_to_copy; 2333 remaining -= bytes_to_copy; 2334 p += bytes_to_copy; 2335 len -= bytes_to_copy; 2336 2337 if (remaining == 0) { 2338 memcpy_to_target(top, scratch, p - top); 2339 top = p; 2340 remaining = TARGET_PAGE_SIZE; 2341 } 2342 } 2343 } 2344 if (p != top) { 2345 memcpy_to_target(top, scratch, p - top); 2346 } 2347 } 2348 2349 return p; 2350 } 2351 2352 /* Older linux kernels provide up to MAX_ARG_PAGES (default: 32) of 2353 * argument/environment space. Newer kernels (>2.6.33) allow more, 2354 * dependent on stack size, but guarantee at least 32 pages for 2355 * backwards compatibility. 2356 */ 2357 #define STACK_LOWER_LIMIT (32 * TARGET_PAGE_SIZE) 2358 2359 static abi_ulong setup_arg_pages(struct linux_binprm *bprm, 2360 struct image_info *info) 2361 { 2362 abi_ulong size, error, guard; 2363 int prot; 2364 2365 size = guest_stack_size; 2366 if (size < STACK_LOWER_LIMIT) { 2367 size = STACK_LOWER_LIMIT; 2368 } 2369 2370 if (STACK_GROWS_DOWN) { 2371 guard = TARGET_PAGE_SIZE; 2372 if (guard < qemu_real_host_page_size()) { 2373 guard = qemu_real_host_page_size(); 2374 } 2375 } else { 2376 /* no guard page for hppa target where stack grows upwards. */ 2377 guard = 0; 2378 } 2379 2380 prot = PROT_READ | PROT_WRITE; 2381 if (info->exec_stack) { 2382 prot |= PROT_EXEC; 2383 } 2384 error = target_mmap(0, size + guard, prot, 2385 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); 2386 if (error == -1) { 2387 perror("mmap stack"); 2388 exit(-1); 2389 } 2390 2391 /* We reserve one extra page at the top of the stack as guard. */ 2392 if (STACK_GROWS_DOWN) { 2393 target_mprotect(error, guard, PROT_NONE); 2394 info->stack_limit = error + guard; 2395 return info->stack_limit + size - sizeof(void *); 2396 } else { 2397 info->stack_limit = error + size; 2398 return error; 2399 } 2400 } 2401 2402 /** 2403 * zero_bss: 2404 * 2405 * Map and zero the bss. We need to explicitly zero any fractional pages 2406 * after the data section (i.e. bss). Return false on mapping failure. 2407 */ 2408 static bool zero_bss(abi_ulong start_bss, abi_ulong end_bss, 2409 int prot, Error **errp) 2410 { 2411 abi_ulong align_bss; 2412 2413 /* We only expect writable bss; the code segment shouldn't need this. */ 2414 if (!(prot & PROT_WRITE)) { 2415 error_setg(errp, "PT_LOAD with non-writable bss"); 2416 return false; 2417 } 2418 2419 align_bss = TARGET_PAGE_ALIGN(start_bss); 2420 end_bss = TARGET_PAGE_ALIGN(end_bss); 2421 2422 if (start_bss < align_bss) { 2423 int flags = page_get_flags(start_bss); 2424 2425 if (!(flags & PAGE_BITS)) { 2426 /* 2427 * The whole address space of the executable was reserved 2428 * at the start, therefore all pages will be VALID. 2429 * But assuming there are no PROT_NONE PT_LOAD segments, 2430 * a PROT_NONE page means no data all bss, and we can 2431 * simply extend the new anon mapping back to the start 2432 * of the page of bss. 2433 */ 2434 align_bss -= TARGET_PAGE_SIZE; 2435 } else { 2436 /* 2437 * The start of the bss shares a page with something. 2438 * The only thing that we expect is the data section, 2439 * which would already be marked writable. 2440 * Overlapping the RX code segment seems malformed. 2441 */ 2442 if (!(flags & PAGE_WRITE)) { 2443 error_setg(errp, "PT_LOAD with bss overlapping " 2444 "non-writable page"); 2445 return false; 2446 } 2447 2448 /* The page is already mapped and writable. */ 2449 memset(g2h_untagged(start_bss), 0, align_bss - start_bss); 2450 } 2451 } 2452 2453 if (align_bss < end_bss && 2454 target_mmap(align_bss, end_bss - align_bss, prot, 2455 MAP_FIXED | MAP_PRIVATE | MAP_ANON, -1, 0) == -1) { 2456 error_setg_errno(errp, errno, "Error mapping bss"); 2457 return false; 2458 } 2459 return true; 2460 } 2461 2462 #if defined(TARGET_ARM) 2463 static int elf_is_fdpic(struct elfhdr *exec) 2464 { 2465 return exec->e_ident[EI_OSABI] == ELFOSABI_ARM_FDPIC; 2466 } 2467 #elif defined(TARGET_XTENSA) 2468 static int elf_is_fdpic(struct elfhdr *exec) 2469 { 2470 return exec->e_ident[EI_OSABI] == ELFOSABI_XTENSA_FDPIC; 2471 } 2472 #else 2473 /* Default implementation, always false. */ 2474 static int elf_is_fdpic(struct elfhdr *exec) 2475 { 2476 return 0; 2477 } 2478 #endif 2479 2480 static abi_ulong loader_build_fdpic_loadmap(struct image_info *info, abi_ulong sp) 2481 { 2482 uint16_t n; 2483 struct elf32_fdpic_loadseg *loadsegs = info->loadsegs; 2484 2485 /* elf32_fdpic_loadseg */ 2486 n = info->nsegs; 2487 while (n--) { 2488 sp -= 12; 2489 put_user_u32(loadsegs[n].addr, sp+0); 2490 put_user_u32(loadsegs[n].p_vaddr, sp+4); 2491 put_user_u32(loadsegs[n].p_memsz, sp+8); 2492 } 2493 2494 /* elf32_fdpic_loadmap */ 2495 sp -= 4; 2496 put_user_u16(0, sp+0); /* version */ 2497 put_user_u16(info->nsegs, sp+2); /* nsegs */ 2498 2499 info->personality = PER_LINUX_FDPIC; 2500 info->loadmap_addr = sp; 2501 2502 return sp; 2503 } 2504 2505 static abi_ulong create_elf_tables(abi_ulong p, int argc, int envc, 2506 struct elfhdr *exec, 2507 struct image_info *info, 2508 struct image_info *interp_info, 2509 struct image_info *vdso_info) 2510 { 2511 abi_ulong sp; 2512 abi_ulong u_argc, u_argv, u_envp, u_auxv; 2513 int size; 2514 int i; 2515 abi_ulong u_rand_bytes; 2516 uint8_t k_rand_bytes[16]; 2517 abi_ulong u_platform, u_base_platform; 2518 const char *k_platform, *k_base_platform; 2519 const int n = sizeof(elf_addr_t); 2520 2521 sp = p; 2522 2523 /* Needs to be before we load the env/argc/... */ 2524 if (elf_is_fdpic(exec)) { 2525 /* Need 4 byte alignment for these structs */ 2526 sp &= ~3; 2527 sp = loader_build_fdpic_loadmap(info, sp); 2528 info->other_info = interp_info; 2529 if (interp_info) { 2530 interp_info->other_info = info; 2531 sp = loader_build_fdpic_loadmap(interp_info, sp); 2532 info->interpreter_loadmap_addr = interp_info->loadmap_addr; 2533 info->interpreter_pt_dynamic_addr = interp_info->pt_dynamic_addr; 2534 } else { 2535 info->interpreter_loadmap_addr = 0; 2536 info->interpreter_pt_dynamic_addr = 0; 2537 } 2538 } 2539 2540 u_base_platform = 0; 2541 k_base_platform = ELF_BASE_PLATFORM; 2542 if (k_base_platform) { 2543 size_t len = strlen(k_base_platform) + 1; 2544 if (STACK_GROWS_DOWN) { 2545 sp -= (len + n - 1) & ~(n - 1); 2546 u_base_platform = sp; 2547 /* FIXME - check return value of memcpy_to_target() for failure */ 2548 memcpy_to_target(sp, k_base_platform, len); 2549 } else { 2550 memcpy_to_target(sp, k_base_platform, len); 2551 u_base_platform = sp; 2552 sp += len + 1; 2553 } 2554 } 2555 2556 u_platform = 0; 2557 k_platform = ELF_PLATFORM; 2558 if (k_platform) { 2559 size_t len = strlen(k_platform) + 1; 2560 if (STACK_GROWS_DOWN) { 2561 sp -= (len + n - 1) & ~(n - 1); 2562 u_platform = sp; 2563 /* FIXME - check return value of memcpy_to_target() for failure */ 2564 memcpy_to_target(sp, k_platform, len); 2565 } else { 2566 memcpy_to_target(sp, k_platform, len); 2567 u_platform = sp; 2568 sp += len + 1; 2569 } 2570 } 2571 2572 /* Provide 16 byte alignment for the PRNG, and basic alignment for 2573 * the argv and envp pointers. 2574 */ 2575 if (STACK_GROWS_DOWN) { 2576 sp = QEMU_ALIGN_DOWN(sp, 16); 2577 } else { 2578 sp = QEMU_ALIGN_UP(sp, 16); 2579 } 2580 2581 /* 2582 * Generate 16 random bytes for userspace PRNG seeding. 2583 */ 2584 qemu_guest_getrandom_nofail(k_rand_bytes, sizeof(k_rand_bytes)); 2585 if (STACK_GROWS_DOWN) { 2586 sp -= 16; 2587 u_rand_bytes = sp; 2588 /* FIXME - check return value of memcpy_to_target() for failure */ 2589 memcpy_to_target(sp, k_rand_bytes, 16); 2590 } else { 2591 memcpy_to_target(sp, k_rand_bytes, 16); 2592 u_rand_bytes = sp; 2593 sp += 16; 2594 } 2595 2596 size = (DLINFO_ITEMS + 1) * 2; 2597 if (k_base_platform) { 2598 size += 2; 2599 } 2600 if (k_platform) { 2601 size += 2; 2602 } 2603 if (vdso_info) { 2604 size += 2; 2605 } 2606 #ifdef DLINFO_ARCH_ITEMS 2607 size += DLINFO_ARCH_ITEMS * 2; 2608 #endif 2609 #ifdef ELF_HWCAP2 2610 size += 2; 2611 #endif 2612 info->auxv_len = size * n; 2613 2614 size += envc + argc + 2; 2615 size += 1; /* argc itself */ 2616 size *= n; 2617 2618 /* Allocate space and finalize stack alignment for entry now. */ 2619 if (STACK_GROWS_DOWN) { 2620 u_argc = QEMU_ALIGN_DOWN(sp - size, STACK_ALIGNMENT); 2621 sp = u_argc; 2622 } else { 2623 u_argc = sp; 2624 sp = QEMU_ALIGN_UP(sp + size, STACK_ALIGNMENT); 2625 } 2626 2627 u_argv = u_argc + n; 2628 u_envp = u_argv + (argc + 1) * n; 2629 u_auxv = u_envp + (envc + 1) * n; 2630 info->saved_auxv = u_auxv; 2631 info->argc = argc; 2632 info->envc = envc; 2633 info->argv = u_argv; 2634 info->envp = u_envp; 2635 2636 /* This is correct because Linux defines 2637 * elf_addr_t as Elf32_Off / Elf64_Off 2638 */ 2639 #define NEW_AUX_ENT(id, val) do { \ 2640 put_user_ual(id, u_auxv); u_auxv += n; \ 2641 put_user_ual(val, u_auxv); u_auxv += n; \ 2642 } while(0) 2643 2644 #ifdef ARCH_DLINFO 2645 /* 2646 * ARCH_DLINFO must come first so platform specific code can enforce 2647 * special alignment requirements on the AUXV if necessary (eg. PPC). 2648 */ 2649 ARCH_DLINFO; 2650 #endif 2651 /* There must be exactly DLINFO_ITEMS entries here, or the assert 2652 * on info->auxv_len will trigger. 2653 */ 2654 NEW_AUX_ENT(AT_PHDR, (abi_ulong)(info->load_addr + exec->e_phoff)); 2655 NEW_AUX_ENT(AT_PHENT, (abi_ulong)(sizeof (struct elf_phdr))); 2656 NEW_AUX_ENT(AT_PHNUM, (abi_ulong)(exec->e_phnum)); 2657 if ((info->alignment & ~qemu_host_page_mask) != 0) { 2658 /* Target doesn't support host page size alignment */ 2659 NEW_AUX_ENT(AT_PAGESZ, (abi_ulong)(TARGET_PAGE_SIZE)); 2660 } else { 2661 NEW_AUX_ENT(AT_PAGESZ, (abi_ulong)(MAX(TARGET_PAGE_SIZE, 2662 qemu_host_page_size))); 2663 } 2664 NEW_AUX_ENT(AT_BASE, (abi_ulong)(interp_info ? interp_info->load_addr : 0)); 2665 NEW_AUX_ENT(AT_FLAGS, (abi_ulong)0); 2666 NEW_AUX_ENT(AT_ENTRY, info->entry); 2667 NEW_AUX_ENT(AT_UID, (abi_ulong) getuid()); 2668 NEW_AUX_ENT(AT_EUID, (abi_ulong) geteuid()); 2669 NEW_AUX_ENT(AT_GID, (abi_ulong) getgid()); 2670 NEW_AUX_ENT(AT_EGID, (abi_ulong) getegid()); 2671 NEW_AUX_ENT(AT_HWCAP, (abi_ulong) ELF_HWCAP); 2672 NEW_AUX_ENT(AT_CLKTCK, (abi_ulong) sysconf(_SC_CLK_TCK)); 2673 NEW_AUX_ENT(AT_RANDOM, (abi_ulong) u_rand_bytes); 2674 NEW_AUX_ENT(AT_SECURE, (abi_ulong) qemu_getauxval(AT_SECURE)); 2675 NEW_AUX_ENT(AT_EXECFN, info->file_string); 2676 2677 #ifdef ELF_HWCAP2 2678 NEW_AUX_ENT(AT_HWCAP2, (abi_ulong) ELF_HWCAP2); 2679 #endif 2680 2681 if (u_base_platform) { 2682 NEW_AUX_ENT(AT_BASE_PLATFORM, u_base_platform); 2683 } 2684 if (u_platform) { 2685 NEW_AUX_ENT(AT_PLATFORM, u_platform); 2686 } 2687 if (vdso_info) { 2688 NEW_AUX_ENT(AT_SYSINFO_EHDR, vdso_info->load_addr); 2689 } 2690 NEW_AUX_ENT (AT_NULL, 0); 2691 #undef NEW_AUX_ENT 2692 2693 /* Check that our initial calculation of the auxv length matches how much 2694 * we actually put into it. 2695 */ 2696 assert(info->auxv_len == u_auxv - info->saved_auxv); 2697 2698 put_user_ual(argc, u_argc); 2699 2700 p = info->arg_strings; 2701 for (i = 0; i < argc; ++i) { 2702 put_user_ual(p, u_argv); 2703 u_argv += n; 2704 p += target_strlen(p) + 1; 2705 } 2706 put_user_ual(0, u_argv); 2707 2708 p = info->env_strings; 2709 for (i = 0; i < envc; ++i) { 2710 put_user_ual(p, u_envp); 2711 u_envp += n; 2712 p += target_strlen(p) + 1; 2713 } 2714 put_user_ual(0, u_envp); 2715 2716 return sp; 2717 } 2718 2719 #if defined(HI_COMMPAGE) 2720 #define LO_COMMPAGE -1 2721 #elif defined(LO_COMMPAGE) 2722 #define HI_COMMPAGE 0 2723 #else 2724 #define HI_COMMPAGE 0 2725 #define LO_COMMPAGE -1 2726 #ifndef INIT_GUEST_COMMPAGE 2727 #define init_guest_commpage() true 2728 #endif 2729 #endif 2730 2731 /** 2732 * pgb_try_mmap: 2733 * @addr: host start address 2734 * @addr_last: host last address 2735 * @keep: do not unmap the probe region 2736 * 2737 * Return 1 if [@addr, @addr_last] is not mapped in the host, 2738 * return 0 if it is not available to map, and -1 on mmap error. 2739 * If @keep, the region is left mapped on success, otherwise unmapped. 2740 */ 2741 static int pgb_try_mmap(uintptr_t addr, uintptr_t addr_last, bool keep) 2742 { 2743 size_t size = addr_last - addr + 1; 2744 void *p = mmap((void *)addr, size, PROT_NONE, 2745 MAP_ANONYMOUS | MAP_PRIVATE | 2746 MAP_NORESERVE | MAP_FIXED_NOREPLACE, -1, 0); 2747 int ret; 2748 2749 if (p == MAP_FAILED) { 2750 return errno == EEXIST ? 0 : -1; 2751 } 2752 ret = p == (void *)addr; 2753 if (!keep || !ret) { 2754 munmap(p, size); 2755 } 2756 return ret; 2757 } 2758 2759 /** 2760 * pgb_try_mmap_skip_brk(uintptr_t addr, uintptr_t size, uintptr_t brk) 2761 * @addr: host address 2762 * @addr_last: host last address 2763 * @brk: host brk 2764 * 2765 * Like pgb_try_mmap, but additionally reserve some memory following brk. 2766 */ 2767 static int pgb_try_mmap_skip_brk(uintptr_t addr, uintptr_t addr_last, 2768 uintptr_t brk, bool keep) 2769 { 2770 uintptr_t brk_last = brk + 16 * MiB - 1; 2771 2772 /* Do not map anything close to the host brk. */ 2773 if (addr <= brk_last && brk <= addr_last) { 2774 return 0; 2775 } 2776 return pgb_try_mmap(addr, addr_last, keep); 2777 } 2778 2779 /** 2780 * pgb_try_mmap_set: 2781 * @ga: set of guest addrs 2782 * @base: guest_base 2783 * @brk: host brk 2784 * 2785 * Return true if all @ga can be mapped by the host at @base. 2786 * On success, retain the mapping at index 0 for reserved_va. 2787 */ 2788 2789 typedef struct PGBAddrs { 2790 uintptr_t bounds[3][2]; /* start/last pairs */ 2791 int nbounds; 2792 } PGBAddrs; 2793 2794 static bool pgb_try_mmap_set(const PGBAddrs *ga, uintptr_t base, uintptr_t brk) 2795 { 2796 for (int i = ga->nbounds - 1; i >= 0; --i) { 2797 if (pgb_try_mmap_skip_brk(ga->bounds[i][0] + base, 2798 ga->bounds[i][1] + base, 2799 brk, i == 0 && reserved_va) <= 0) { 2800 return false; 2801 } 2802 } 2803 return true; 2804 } 2805 2806 /** 2807 * pgb_addr_set: 2808 * @ga: output set of guest addrs 2809 * @guest_loaddr: guest image low address 2810 * @guest_loaddr: guest image high address 2811 * @identity: create for identity mapping 2812 * 2813 * Fill in @ga with the image, COMMPAGE and NULL page. 2814 */ 2815 static bool pgb_addr_set(PGBAddrs *ga, abi_ulong guest_loaddr, 2816 abi_ulong guest_hiaddr, bool try_identity) 2817 { 2818 int n; 2819 2820 /* 2821 * With a low commpage, or a guest mapped very low, 2822 * we may not be able to use the identity map. 2823 */ 2824 if (try_identity) { 2825 if (LO_COMMPAGE != -1 && LO_COMMPAGE < mmap_min_addr) { 2826 return false; 2827 } 2828 if (guest_loaddr != 0 && guest_loaddr < mmap_min_addr) { 2829 return false; 2830 } 2831 } 2832 2833 memset(ga, 0, sizeof(*ga)); 2834 n = 0; 2835 2836 if (reserved_va) { 2837 ga->bounds[n][0] = try_identity ? mmap_min_addr : 0; 2838 ga->bounds[n][1] = reserved_va; 2839 n++; 2840 /* LO_COMMPAGE and NULL handled by reserving from 0. */ 2841 } else { 2842 /* Add any LO_COMMPAGE or NULL page. */ 2843 if (LO_COMMPAGE != -1) { 2844 ga->bounds[n][0] = 0; 2845 ga->bounds[n][1] = LO_COMMPAGE + TARGET_PAGE_SIZE - 1; 2846 n++; 2847 } else if (!try_identity) { 2848 ga->bounds[n][0] = 0; 2849 ga->bounds[n][1] = TARGET_PAGE_SIZE - 1; 2850 n++; 2851 } 2852 2853 /* Add the guest image for ET_EXEC. */ 2854 if (guest_loaddr) { 2855 ga->bounds[n][0] = guest_loaddr; 2856 ga->bounds[n][1] = guest_hiaddr; 2857 n++; 2858 } 2859 } 2860 2861 /* 2862 * Temporarily disable 2863 * "comparison is always false due to limited range of data type" 2864 * due to comparison between unsigned and (possible) 0. 2865 */ 2866 #pragma GCC diagnostic push 2867 #pragma GCC diagnostic ignored "-Wtype-limits" 2868 2869 /* Add any HI_COMMPAGE not covered by reserved_va. */ 2870 if (reserved_va < HI_COMMPAGE) { 2871 ga->bounds[n][0] = HI_COMMPAGE & qemu_host_page_mask; 2872 ga->bounds[n][1] = HI_COMMPAGE + TARGET_PAGE_SIZE - 1; 2873 n++; 2874 } 2875 2876 #pragma GCC diagnostic pop 2877 2878 ga->nbounds = n; 2879 return true; 2880 } 2881 2882 static void pgb_fail_in_use(const char *image_name) 2883 { 2884 error_report("%s: requires virtual address space that is in use " 2885 "(omit the -B option or choose a different value)", 2886 image_name); 2887 exit(EXIT_FAILURE); 2888 } 2889 2890 static void pgb_fixed(const char *image_name, uintptr_t guest_loaddr, 2891 uintptr_t guest_hiaddr, uintptr_t align) 2892 { 2893 PGBAddrs ga; 2894 uintptr_t brk = (uintptr_t)sbrk(0); 2895 2896 if (!QEMU_IS_ALIGNED(guest_base, align)) { 2897 fprintf(stderr, "Requested guest base %p does not satisfy " 2898 "host minimum alignment (0x%" PRIxPTR ")\n", 2899 (void *)guest_base, align); 2900 exit(EXIT_FAILURE); 2901 } 2902 2903 if (!pgb_addr_set(&ga, guest_loaddr, guest_hiaddr, !guest_base) 2904 || !pgb_try_mmap_set(&ga, guest_base, brk)) { 2905 pgb_fail_in_use(image_name); 2906 } 2907 } 2908 2909 /** 2910 * pgb_find_fallback: 2911 * 2912 * This is a fallback method for finding holes in the host address space 2913 * if we don't have the benefit of being able to access /proc/self/map. 2914 * It can potentially take a very long time as we can only dumbly iterate 2915 * up the host address space seeing if the allocation would work. 2916 */ 2917 static uintptr_t pgb_find_fallback(const PGBAddrs *ga, uintptr_t align, 2918 uintptr_t brk) 2919 { 2920 /* TODO: come up with a better estimate of how much to skip. */ 2921 uintptr_t skip = sizeof(uintptr_t) == 4 ? MiB : GiB; 2922 2923 for (uintptr_t base = skip; ; base += skip) { 2924 base = ROUND_UP(base, align); 2925 if (pgb_try_mmap_set(ga, base, brk)) { 2926 return base; 2927 } 2928 if (base >= -skip) { 2929 return -1; 2930 } 2931 } 2932 } 2933 2934 static uintptr_t pgb_try_itree(const PGBAddrs *ga, uintptr_t base, 2935 IntervalTreeRoot *root) 2936 { 2937 for (int i = ga->nbounds - 1; i >= 0; --i) { 2938 uintptr_t s = base + ga->bounds[i][0]; 2939 uintptr_t l = base + ga->bounds[i][1]; 2940 IntervalTreeNode *n; 2941 2942 if (l < s) { 2943 /* Wraparound. Skip to advance S to mmap_min_addr. */ 2944 return mmap_min_addr - s; 2945 } 2946 2947 n = interval_tree_iter_first(root, s, l); 2948 if (n != NULL) { 2949 /* Conflict. Skip to advance S to LAST + 1. */ 2950 return n->last - s + 1; 2951 } 2952 } 2953 return 0; /* success */ 2954 } 2955 2956 static uintptr_t pgb_find_itree(const PGBAddrs *ga, IntervalTreeRoot *root, 2957 uintptr_t align, uintptr_t brk) 2958 { 2959 uintptr_t last = mmap_min_addr; 2960 uintptr_t base, skip; 2961 2962 while (true) { 2963 base = ROUND_UP(last, align); 2964 if (base < last) { 2965 return -1; 2966 } 2967 2968 skip = pgb_try_itree(ga, base, root); 2969 if (skip == 0) { 2970 break; 2971 } 2972 2973 last = base + skip; 2974 if (last < base) { 2975 return -1; 2976 } 2977 } 2978 2979 /* 2980 * We've chosen 'base' based on holes in the interval tree, 2981 * but we don't yet know if it is a valid host address. 2982 * Because it is the first matching hole, if the host addresses 2983 * are invalid we know there are no further matches. 2984 */ 2985 return pgb_try_mmap_set(ga, base, brk) ? base : -1; 2986 } 2987 2988 static void pgb_dynamic(const char *image_name, uintptr_t guest_loaddr, 2989 uintptr_t guest_hiaddr, uintptr_t align) 2990 { 2991 IntervalTreeRoot *root; 2992 uintptr_t brk, ret; 2993 PGBAddrs ga; 2994 2995 assert(QEMU_IS_ALIGNED(guest_loaddr, align)); 2996 2997 /* Try the identity map first. */ 2998 if (pgb_addr_set(&ga, guest_loaddr, guest_hiaddr, true)) { 2999 brk = (uintptr_t)sbrk(0); 3000 if (pgb_try_mmap_set(&ga, 0, brk)) { 3001 guest_base = 0; 3002 return; 3003 } 3004 } 3005 3006 /* 3007 * Rebuild the address set for non-identity map. 3008 * This differs in the mapping of the guest NULL page. 3009 */ 3010 pgb_addr_set(&ga, guest_loaddr, guest_hiaddr, false); 3011 3012 root = read_self_maps(); 3013 3014 /* Read brk after we've read the maps, which will malloc. */ 3015 brk = (uintptr_t)sbrk(0); 3016 3017 if (!root) { 3018 ret = pgb_find_fallback(&ga, align, brk); 3019 } else { 3020 /* 3021 * Reserve the area close to the host brk. 3022 * This will be freed with the rest of the tree. 3023 */ 3024 IntervalTreeNode *b = g_new0(IntervalTreeNode, 1); 3025 b->start = brk; 3026 b->last = brk + 16 * MiB - 1; 3027 interval_tree_insert(b, root); 3028 3029 ret = pgb_find_itree(&ga, root, align, brk); 3030 free_self_maps(root); 3031 } 3032 3033 if (ret == -1) { 3034 int w = TARGET_LONG_BITS / 4; 3035 3036 error_report("%s: Unable to find a guest_base to satisfy all " 3037 "guest address mapping requirements", image_name); 3038 3039 for (int i = 0; i < ga.nbounds; ++i) { 3040 error_printf(" %0*" PRIx64 "-%0*" PRIx64 "\n", 3041 w, (uint64_t)ga.bounds[i][0], 3042 w, (uint64_t)ga.bounds[i][1]); 3043 } 3044 exit(EXIT_FAILURE); 3045 } 3046 guest_base = ret; 3047 } 3048 3049 void probe_guest_base(const char *image_name, abi_ulong guest_loaddr, 3050 abi_ulong guest_hiaddr) 3051 { 3052 /* In order to use host shmat, we must be able to honor SHMLBA. */ 3053 uintptr_t align = MAX(SHMLBA, qemu_host_page_size); 3054 3055 /* Sanity check the guest binary. */ 3056 if (reserved_va) { 3057 if (guest_hiaddr > reserved_va) { 3058 error_report("%s: requires more than reserved virtual " 3059 "address space (0x%" PRIx64 " > 0x%lx)", 3060 image_name, (uint64_t)guest_hiaddr, reserved_va); 3061 exit(EXIT_FAILURE); 3062 } 3063 } else { 3064 if (guest_hiaddr != (uintptr_t)guest_hiaddr) { 3065 error_report("%s: requires more virtual address space " 3066 "than the host can provide (0x%" PRIx64 ")", 3067 image_name, (uint64_t)guest_hiaddr + 1); 3068 exit(EXIT_FAILURE); 3069 } 3070 } 3071 3072 if (have_guest_base) { 3073 pgb_fixed(image_name, guest_loaddr, guest_hiaddr, align); 3074 } else { 3075 pgb_dynamic(image_name, guest_loaddr, guest_hiaddr, align); 3076 } 3077 3078 /* Reserve and initialize the commpage. */ 3079 if (!init_guest_commpage()) { 3080 /* We have already probed for the commpage being free. */ 3081 g_assert_not_reached(); 3082 } 3083 3084 assert(QEMU_IS_ALIGNED(guest_base, align)); 3085 qemu_log_mask(CPU_LOG_PAGE, "Locating guest address space " 3086 "@ 0x%" PRIx64 "\n", (uint64_t)guest_base); 3087 } 3088 3089 enum { 3090 /* The string "GNU\0" as a magic number. */ 3091 GNU0_MAGIC = const_le32('G' | 'N' << 8 | 'U' << 16), 3092 NOTE_DATA_SZ = 1 * KiB, 3093 NOTE_NAME_SZ = 4, 3094 ELF_GNU_PROPERTY_ALIGN = ELF_CLASS == ELFCLASS32 ? 4 : 8, 3095 }; 3096 3097 /* 3098 * Process a single gnu_property entry. 3099 * Return false for error. 3100 */ 3101 static bool parse_elf_property(const uint32_t *data, int *off, int datasz, 3102 struct image_info *info, bool have_prev_type, 3103 uint32_t *prev_type, Error **errp) 3104 { 3105 uint32_t pr_type, pr_datasz, step; 3106 3107 if (*off > datasz || !QEMU_IS_ALIGNED(*off, ELF_GNU_PROPERTY_ALIGN)) { 3108 goto error_data; 3109 } 3110 datasz -= *off; 3111 data += *off / sizeof(uint32_t); 3112 3113 if (datasz < 2 * sizeof(uint32_t)) { 3114 goto error_data; 3115 } 3116 pr_type = data[0]; 3117 pr_datasz = data[1]; 3118 data += 2; 3119 datasz -= 2 * sizeof(uint32_t); 3120 step = ROUND_UP(pr_datasz, ELF_GNU_PROPERTY_ALIGN); 3121 if (step > datasz) { 3122 goto error_data; 3123 } 3124 3125 /* Properties are supposed to be unique and sorted on pr_type. */ 3126 if (have_prev_type && pr_type <= *prev_type) { 3127 if (pr_type == *prev_type) { 3128 error_setg(errp, "Duplicate property in PT_GNU_PROPERTY"); 3129 } else { 3130 error_setg(errp, "Unsorted property in PT_GNU_PROPERTY"); 3131 } 3132 return false; 3133 } 3134 *prev_type = pr_type; 3135 3136 if (!arch_parse_elf_property(pr_type, pr_datasz, data, info, errp)) { 3137 return false; 3138 } 3139 3140 *off += 2 * sizeof(uint32_t) + step; 3141 return true; 3142 3143 error_data: 3144 error_setg(errp, "Ill-formed property in PT_GNU_PROPERTY"); 3145 return false; 3146 } 3147 3148 /* Process NT_GNU_PROPERTY_TYPE_0. */ 3149 static bool parse_elf_properties(const ImageSource *src, 3150 struct image_info *info, 3151 const struct elf_phdr *phdr, 3152 Error **errp) 3153 { 3154 union { 3155 struct elf_note nhdr; 3156 uint32_t data[NOTE_DATA_SZ / sizeof(uint32_t)]; 3157 } note; 3158 3159 int n, off, datasz; 3160 bool have_prev_type; 3161 uint32_t prev_type; 3162 3163 /* Unless the arch requires properties, ignore them. */ 3164 if (!ARCH_USE_GNU_PROPERTY) { 3165 return true; 3166 } 3167 3168 /* If the properties are crazy large, that's too bad. */ 3169 n = phdr->p_filesz; 3170 if (n > sizeof(note)) { 3171 error_setg(errp, "PT_GNU_PROPERTY too large"); 3172 return false; 3173 } 3174 if (n < sizeof(note.nhdr)) { 3175 error_setg(errp, "PT_GNU_PROPERTY too small"); 3176 return false; 3177 } 3178 3179 if (!imgsrc_read(¬e, phdr->p_offset, n, src, errp)) { 3180 return false; 3181 } 3182 3183 /* 3184 * The contents of a valid PT_GNU_PROPERTY is a sequence 3185 * of uint32_t -- swap them all now. 3186 */ 3187 #ifdef BSWAP_NEEDED 3188 for (int i = 0; i < n / 4; i++) { 3189 bswap32s(note.data + i); 3190 } 3191 #endif 3192 3193 /* 3194 * Note that nhdr is 3 words, and that the "name" described by namesz 3195 * immediately follows nhdr and is thus at the 4th word. Further, all 3196 * of the inputs to the kernel's round_up are multiples of 4. 3197 */ 3198 if (note.nhdr.n_type != NT_GNU_PROPERTY_TYPE_0 || 3199 note.nhdr.n_namesz != NOTE_NAME_SZ || 3200 note.data[3] != GNU0_MAGIC) { 3201 error_setg(errp, "Invalid note in PT_GNU_PROPERTY"); 3202 return false; 3203 } 3204 off = sizeof(note.nhdr) + NOTE_NAME_SZ; 3205 3206 datasz = note.nhdr.n_descsz + off; 3207 if (datasz > n) { 3208 error_setg(errp, "Invalid note size in PT_GNU_PROPERTY"); 3209 return false; 3210 } 3211 3212 have_prev_type = false; 3213 prev_type = 0; 3214 while (1) { 3215 if (off == datasz) { 3216 return true; /* end, exit ok */ 3217 } 3218 if (!parse_elf_property(note.data, &off, datasz, info, 3219 have_prev_type, &prev_type, errp)) { 3220 return false; 3221 } 3222 have_prev_type = true; 3223 } 3224 } 3225 3226 /** 3227 * load_elf_image: Load an ELF image into the address space. 3228 * @image_name: the filename of the image, to use in error messages. 3229 * @src: the ImageSource from which to read. 3230 * @info: info collected from the loaded image. 3231 * @ehdr: the ELF header, not yet bswapped. 3232 * @pinterp_name: record any PT_INTERP string found. 3233 * 3234 * On return: @info values will be filled in, as necessary or available. 3235 */ 3236 3237 static void load_elf_image(const char *image_name, const ImageSource *src, 3238 struct image_info *info, struct elfhdr *ehdr, 3239 char **pinterp_name) 3240 { 3241 g_autofree struct elf_phdr *phdr = NULL; 3242 abi_ulong load_addr, load_bias, loaddr, hiaddr, error; 3243 int i, prot_exec; 3244 Error *err = NULL; 3245 3246 /* 3247 * First of all, some simple consistency checks. 3248 * Note that we rely on the bswapped ehdr staying in bprm_buf, 3249 * for later use by load_elf_binary and create_elf_tables. 3250 */ 3251 if (!imgsrc_read(ehdr, 0, sizeof(*ehdr), src, &err)) { 3252 goto exit_errmsg; 3253 } 3254 if (!elf_check_ident(ehdr)) { 3255 error_setg(&err, "Invalid ELF image for this architecture"); 3256 goto exit_errmsg; 3257 } 3258 bswap_ehdr(ehdr); 3259 if (!elf_check_ehdr(ehdr)) { 3260 error_setg(&err, "Invalid ELF image for this architecture"); 3261 goto exit_errmsg; 3262 } 3263 3264 phdr = imgsrc_read_alloc(ehdr->e_phoff, 3265 ehdr->e_phnum * sizeof(struct elf_phdr), 3266 src, &err); 3267 if (phdr == NULL) { 3268 goto exit_errmsg; 3269 } 3270 bswap_phdr(phdr, ehdr->e_phnum); 3271 3272 info->nsegs = 0; 3273 info->pt_dynamic_addr = 0; 3274 3275 mmap_lock(); 3276 3277 /* 3278 * Find the maximum size of the image and allocate an appropriate 3279 * amount of memory to handle that. Locate the interpreter, if any. 3280 */ 3281 loaddr = -1, hiaddr = 0; 3282 info->alignment = 0; 3283 info->exec_stack = EXSTACK_DEFAULT; 3284 for (i = 0; i < ehdr->e_phnum; ++i) { 3285 struct elf_phdr *eppnt = phdr + i; 3286 if (eppnt->p_type == PT_LOAD) { 3287 abi_ulong a = eppnt->p_vaddr - eppnt->p_offset; 3288 if (a < loaddr) { 3289 loaddr = a; 3290 } 3291 a = eppnt->p_vaddr + eppnt->p_memsz - 1; 3292 if (a > hiaddr) { 3293 hiaddr = a; 3294 } 3295 ++info->nsegs; 3296 info->alignment |= eppnt->p_align; 3297 } else if (eppnt->p_type == PT_INTERP && pinterp_name) { 3298 g_autofree char *interp_name = NULL; 3299 3300 if (*pinterp_name) { 3301 error_setg(&err, "Multiple PT_INTERP entries"); 3302 goto exit_errmsg; 3303 } 3304 3305 interp_name = imgsrc_read_alloc(eppnt->p_offset, eppnt->p_filesz, 3306 src, &err); 3307 if (interp_name == NULL) { 3308 goto exit_errmsg; 3309 } 3310 if (interp_name[eppnt->p_filesz - 1] != 0) { 3311 error_setg(&err, "Invalid PT_INTERP entry"); 3312 goto exit_errmsg; 3313 } 3314 *pinterp_name = g_steal_pointer(&interp_name); 3315 } else if (eppnt->p_type == PT_GNU_PROPERTY) { 3316 if (!parse_elf_properties(src, info, eppnt, &err)) { 3317 goto exit_errmsg; 3318 } 3319 } else if (eppnt->p_type == PT_GNU_STACK) { 3320 info->exec_stack = eppnt->p_flags & PF_X; 3321 } 3322 } 3323 3324 load_addr = loaddr; 3325 3326 if (pinterp_name != NULL) { 3327 if (ehdr->e_type == ET_EXEC) { 3328 /* 3329 * Make sure that the low address does not conflict with 3330 * MMAP_MIN_ADDR or the QEMU application itself. 3331 */ 3332 probe_guest_base(image_name, loaddr, hiaddr); 3333 } else { 3334 abi_ulong align; 3335 3336 /* 3337 * The binary is dynamic, but we still need to 3338 * select guest_base. In this case we pass a size. 3339 */ 3340 probe_guest_base(image_name, 0, hiaddr - loaddr); 3341 3342 /* 3343 * Avoid collision with the loader by providing a different 3344 * default load address. 3345 */ 3346 load_addr += elf_et_dyn_base; 3347 3348 /* 3349 * TODO: Better support for mmap alignment is desirable. 3350 * Since we do not have complete control over the guest 3351 * address space, we prefer the kernel to choose some address 3352 * rather than force the use of LOAD_ADDR via MAP_FIXED. 3353 * But without MAP_FIXED we cannot guarantee alignment, 3354 * only suggest it. 3355 */ 3356 align = pow2ceil(info->alignment); 3357 if (align) { 3358 load_addr &= -align; 3359 } 3360 } 3361 } 3362 3363 /* 3364 * Reserve address space for all of this. 3365 * 3366 * In the case of ET_EXEC, we supply MAP_FIXED_NOREPLACE so that we get 3367 * exactly the address range that is required. Without reserved_va, 3368 * the guest address space is not isolated. We have attempted to avoid 3369 * conflict with the host program itself via probe_guest_base, but using 3370 * MAP_FIXED_NOREPLACE instead of MAP_FIXED provides an extra check. 3371 * 3372 * Otherwise this is ET_DYN, and we are searching for a location 3373 * that can hold the memory space required. If the image is 3374 * pre-linked, LOAD_ADDR will be non-zero, and the kernel should 3375 * honor that address if it happens to be free. 3376 * 3377 * In both cases, we will overwrite pages in this range with mappings 3378 * from the executable. 3379 */ 3380 load_addr = target_mmap(load_addr, (size_t)hiaddr - loaddr + 1, PROT_NONE, 3381 MAP_PRIVATE | MAP_ANON | MAP_NORESERVE | 3382 (ehdr->e_type == ET_EXEC ? MAP_FIXED_NOREPLACE : 0), 3383 -1, 0); 3384 if (load_addr == -1) { 3385 goto exit_mmap; 3386 } 3387 load_bias = load_addr - loaddr; 3388 3389 if (elf_is_fdpic(ehdr)) { 3390 struct elf32_fdpic_loadseg *loadsegs = info->loadsegs = 3391 g_malloc(sizeof(*loadsegs) * info->nsegs); 3392 3393 for (i = 0; i < ehdr->e_phnum; ++i) { 3394 switch (phdr[i].p_type) { 3395 case PT_DYNAMIC: 3396 info->pt_dynamic_addr = phdr[i].p_vaddr + load_bias; 3397 break; 3398 case PT_LOAD: 3399 loadsegs->addr = phdr[i].p_vaddr + load_bias; 3400 loadsegs->p_vaddr = phdr[i].p_vaddr; 3401 loadsegs->p_memsz = phdr[i].p_memsz; 3402 ++loadsegs; 3403 break; 3404 } 3405 } 3406 } 3407 3408 info->load_bias = load_bias; 3409 info->code_offset = load_bias; 3410 info->data_offset = load_bias; 3411 info->load_addr = load_addr; 3412 info->entry = ehdr->e_entry + load_bias; 3413 info->start_code = -1; 3414 info->end_code = 0; 3415 info->start_data = -1; 3416 info->end_data = 0; 3417 /* Usual start for brk is after all sections of the main executable. */ 3418 info->brk = TARGET_PAGE_ALIGN(hiaddr + load_bias); 3419 info->elf_flags = ehdr->e_flags; 3420 3421 prot_exec = PROT_EXEC; 3422 #ifdef TARGET_AARCH64 3423 /* 3424 * If the BTI feature is present, this indicates that the executable 3425 * pages of the startup binary should be mapped with PROT_BTI, so that 3426 * branch targets are enforced. 3427 * 3428 * The startup binary is either the interpreter or the static executable. 3429 * The interpreter is responsible for all pages of a dynamic executable. 3430 * 3431 * Elf notes are backward compatible to older cpus. 3432 * Do not enable BTI unless it is supported. 3433 */ 3434 if ((info->note_flags & GNU_PROPERTY_AARCH64_FEATURE_1_BTI) 3435 && (pinterp_name == NULL || *pinterp_name == 0) 3436 && cpu_isar_feature(aa64_bti, ARM_CPU(thread_cpu))) { 3437 prot_exec |= TARGET_PROT_BTI; 3438 } 3439 #endif 3440 3441 for (i = 0; i < ehdr->e_phnum; i++) { 3442 struct elf_phdr *eppnt = phdr + i; 3443 if (eppnt->p_type == PT_LOAD) { 3444 abi_ulong vaddr, vaddr_po, vaddr_ps, vaddr_ef, vaddr_em; 3445 int elf_prot = 0; 3446 3447 if (eppnt->p_flags & PF_R) { 3448 elf_prot |= PROT_READ; 3449 } 3450 if (eppnt->p_flags & PF_W) { 3451 elf_prot |= PROT_WRITE; 3452 } 3453 if (eppnt->p_flags & PF_X) { 3454 elf_prot |= prot_exec; 3455 } 3456 3457 vaddr = load_bias + eppnt->p_vaddr; 3458 vaddr_po = vaddr & ~TARGET_PAGE_MASK; 3459 vaddr_ps = vaddr & TARGET_PAGE_MASK; 3460 3461 vaddr_ef = vaddr + eppnt->p_filesz; 3462 vaddr_em = vaddr + eppnt->p_memsz; 3463 3464 /* 3465 * Some segments may be completely empty, with a non-zero p_memsz 3466 * but no backing file segment. 3467 */ 3468 if (eppnt->p_filesz != 0) { 3469 error = imgsrc_mmap(vaddr_ps, eppnt->p_filesz + vaddr_po, 3470 elf_prot, MAP_PRIVATE | MAP_FIXED, 3471 src, eppnt->p_offset - vaddr_po); 3472 if (error == -1) { 3473 goto exit_mmap; 3474 } 3475 } 3476 3477 /* If the load segment requests extra zeros (e.g. bss), map it. */ 3478 if (vaddr_ef < vaddr_em && 3479 !zero_bss(vaddr_ef, vaddr_em, elf_prot, &err)) { 3480 goto exit_errmsg; 3481 } 3482 3483 /* Find the full program boundaries. */ 3484 if (elf_prot & PROT_EXEC) { 3485 if (vaddr < info->start_code) { 3486 info->start_code = vaddr; 3487 } 3488 if (vaddr_ef > info->end_code) { 3489 info->end_code = vaddr_ef; 3490 } 3491 } 3492 if (elf_prot & PROT_WRITE) { 3493 if (vaddr < info->start_data) { 3494 info->start_data = vaddr; 3495 } 3496 if (vaddr_ef > info->end_data) { 3497 info->end_data = vaddr_ef; 3498 } 3499 } 3500 #ifdef TARGET_MIPS 3501 } else if (eppnt->p_type == PT_MIPS_ABIFLAGS) { 3502 Mips_elf_abiflags_v0 abiflags; 3503 3504 if (!imgsrc_read(&abiflags, eppnt->p_offset, sizeof(abiflags), 3505 src, &err)) { 3506 goto exit_errmsg; 3507 } 3508 bswap_mips_abiflags(&abiflags); 3509 info->fp_abi = abiflags.fp_abi; 3510 #endif 3511 } 3512 } 3513 3514 if (info->end_data == 0) { 3515 info->start_data = info->end_code; 3516 info->end_data = info->end_code; 3517 } 3518 3519 if (qemu_log_enabled()) { 3520 load_symbols(ehdr, src, load_bias); 3521 } 3522 3523 debuginfo_report_elf(image_name, src->fd, load_bias); 3524 3525 mmap_unlock(); 3526 3527 close(src->fd); 3528 return; 3529 3530 exit_mmap: 3531 error_setg_errno(&err, errno, "Error mapping file"); 3532 goto exit_errmsg; 3533 exit_errmsg: 3534 error_reportf_err(err, "%s: ", image_name); 3535 exit(-1); 3536 } 3537 3538 static void load_elf_interp(const char *filename, struct image_info *info, 3539 char bprm_buf[BPRM_BUF_SIZE]) 3540 { 3541 struct elfhdr ehdr; 3542 ImageSource src; 3543 int fd, retval; 3544 Error *err = NULL; 3545 3546 fd = open(path(filename), O_RDONLY); 3547 if (fd < 0) { 3548 error_setg_file_open(&err, errno, filename); 3549 error_report_err(err); 3550 exit(-1); 3551 } 3552 3553 retval = read(fd, bprm_buf, BPRM_BUF_SIZE); 3554 if (retval < 0) { 3555 error_setg_errno(&err, errno, "Error reading file header"); 3556 error_reportf_err(err, "%s: ", filename); 3557 exit(-1); 3558 } 3559 3560 src.fd = fd; 3561 src.cache = bprm_buf; 3562 src.cache_size = retval; 3563 3564 load_elf_image(filename, &src, info, &ehdr, NULL); 3565 } 3566 3567 #ifdef VDSO_HEADER 3568 #include VDSO_HEADER 3569 #define vdso_image_info() &vdso_image_info 3570 #else 3571 #define vdso_image_info() NULL 3572 #endif 3573 3574 static void load_elf_vdso(struct image_info *info, const VdsoImageInfo *vdso) 3575 { 3576 ImageSource src; 3577 struct elfhdr ehdr; 3578 abi_ulong load_bias, load_addr; 3579 3580 src.fd = -1; 3581 src.cache = vdso->image; 3582 src.cache_size = vdso->image_size; 3583 3584 load_elf_image("<internal-vdso>", &src, info, &ehdr, NULL); 3585 load_addr = info->load_addr; 3586 load_bias = info->load_bias; 3587 3588 /* 3589 * We need to relocate the VDSO image. The one built into the kernel 3590 * is built for a fixed address. The one built for QEMU is not, since 3591 * that requires close control of the guest address space. 3592 * We pre-processed the image to locate all of the addresses that need 3593 * to be updated. 3594 */ 3595 for (unsigned i = 0, n = vdso->reloc_count; i < n; i++) { 3596 abi_ulong *addr = g2h_untagged(load_addr + vdso->relocs[i]); 3597 *addr = tswapal(tswapal(*addr) + load_bias); 3598 } 3599 3600 /* Install signal trampolines, if present. */ 3601 if (vdso->sigreturn_ofs) { 3602 default_sigreturn = load_addr + vdso->sigreturn_ofs; 3603 } 3604 if (vdso->rt_sigreturn_ofs) { 3605 default_rt_sigreturn = load_addr + vdso->rt_sigreturn_ofs; 3606 } 3607 3608 /* Remove write from VDSO segment. */ 3609 target_mprotect(info->start_data, info->end_data - info->start_data, 3610 PROT_READ | PROT_EXEC); 3611 } 3612 3613 static int symfind(const void *s0, const void *s1) 3614 { 3615 struct elf_sym *sym = (struct elf_sym *)s1; 3616 __typeof(sym->st_value) addr = *(uint64_t *)s0; 3617 int result = 0; 3618 3619 if (addr < sym->st_value) { 3620 result = -1; 3621 } else if (addr >= sym->st_value + sym->st_size) { 3622 result = 1; 3623 } 3624 return result; 3625 } 3626 3627 static const char *lookup_symbolxx(struct syminfo *s, uint64_t orig_addr) 3628 { 3629 #if ELF_CLASS == ELFCLASS32 3630 struct elf_sym *syms = s->disas_symtab.elf32; 3631 #else 3632 struct elf_sym *syms = s->disas_symtab.elf64; 3633 #endif 3634 3635 // binary search 3636 struct elf_sym *sym; 3637 3638 sym = bsearch(&orig_addr, syms, s->disas_num_syms, sizeof(*syms), symfind); 3639 if (sym != NULL) { 3640 return s->disas_strtab + sym->st_name; 3641 } 3642 3643 return ""; 3644 } 3645 3646 /* FIXME: This should use elf_ops.h */ 3647 static int symcmp(const void *s0, const void *s1) 3648 { 3649 struct elf_sym *sym0 = (struct elf_sym *)s0; 3650 struct elf_sym *sym1 = (struct elf_sym *)s1; 3651 return (sym0->st_value < sym1->st_value) 3652 ? -1 3653 : ((sym0->st_value > sym1->st_value) ? 1 : 0); 3654 } 3655 3656 /* Best attempt to load symbols from this ELF object. */ 3657 static void load_symbols(struct elfhdr *hdr, const ImageSource *src, 3658 abi_ulong load_bias) 3659 { 3660 int i, shnum, nsyms, sym_idx = 0, str_idx = 0; 3661 g_autofree struct elf_shdr *shdr = NULL; 3662 char *strings = NULL; 3663 struct elf_sym *syms = NULL; 3664 struct elf_sym *new_syms; 3665 uint64_t segsz; 3666 3667 shnum = hdr->e_shnum; 3668 shdr = imgsrc_read_alloc(hdr->e_shoff, shnum * sizeof(struct elf_shdr), 3669 src, NULL); 3670 if (shdr == NULL) { 3671 return; 3672 } 3673 3674 bswap_shdr(shdr, shnum); 3675 for (i = 0; i < shnum; ++i) { 3676 if (shdr[i].sh_type == SHT_SYMTAB) { 3677 sym_idx = i; 3678 str_idx = shdr[i].sh_link; 3679 goto found; 3680 } 3681 } 3682 3683 /* There will be no symbol table if the file was stripped. */ 3684 return; 3685 3686 found: 3687 /* Now know where the strtab and symtab are. Snarf them. */ 3688 3689 segsz = shdr[str_idx].sh_size; 3690 strings = g_try_malloc(segsz); 3691 if (!strings) { 3692 goto give_up; 3693 } 3694 if (!imgsrc_read(strings, shdr[str_idx].sh_offset, segsz, src, NULL)) { 3695 goto give_up; 3696 } 3697 3698 segsz = shdr[sym_idx].sh_size; 3699 if (segsz / sizeof(struct elf_sym) > INT_MAX) { 3700 /* 3701 * Implausibly large symbol table: give up rather than ploughing 3702 * on with the number of symbols calculation overflowing. 3703 */ 3704 goto give_up; 3705 } 3706 nsyms = segsz / sizeof(struct elf_sym); 3707 syms = g_try_malloc(segsz); 3708 if (!syms) { 3709 goto give_up; 3710 } 3711 if (!imgsrc_read(syms, shdr[sym_idx].sh_offset, segsz, src, NULL)) { 3712 goto give_up; 3713 } 3714 3715 for (i = 0; i < nsyms; ) { 3716 bswap_sym(syms + i); 3717 /* Throw away entries which we do not need. */ 3718 if (syms[i].st_shndx == SHN_UNDEF 3719 || syms[i].st_shndx >= SHN_LORESERVE 3720 || ELF_ST_TYPE(syms[i].st_info) != STT_FUNC) { 3721 if (i < --nsyms) { 3722 syms[i] = syms[nsyms]; 3723 } 3724 } else { 3725 #if defined(TARGET_ARM) || defined (TARGET_MIPS) 3726 /* The bottom address bit marks a Thumb or MIPS16 symbol. */ 3727 syms[i].st_value &= ~(target_ulong)1; 3728 #endif 3729 syms[i].st_value += load_bias; 3730 i++; 3731 } 3732 } 3733 3734 /* No "useful" symbol. */ 3735 if (nsyms == 0) { 3736 goto give_up; 3737 } 3738 3739 /* 3740 * Attempt to free the storage associated with the local symbols 3741 * that we threw away. Whether or not this has any effect on the 3742 * memory allocation depends on the malloc implementation and how 3743 * many symbols we managed to discard. 3744 */ 3745 new_syms = g_try_renew(struct elf_sym, syms, nsyms); 3746 if (new_syms == NULL) { 3747 goto give_up; 3748 } 3749 syms = new_syms; 3750 3751 qsort(syms, nsyms, sizeof(*syms), symcmp); 3752 3753 { 3754 struct syminfo *s = g_new(struct syminfo, 1); 3755 3756 s->disas_strtab = strings; 3757 s->disas_num_syms = nsyms; 3758 #if ELF_CLASS == ELFCLASS32 3759 s->disas_symtab.elf32 = syms; 3760 #else 3761 s->disas_symtab.elf64 = syms; 3762 #endif 3763 s->lookup_symbol = lookup_symbolxx; 3764 s->next = syminfos; 3765 syminfos = s; 3766 } 3767 return; 3768 3769 give_up: 3770 g_free(strings); 3771 g_free(syms); 3772 } 3773 3774 uint32_t get_elf_eflags(int fd) 3775 { 3776 struct elfhdr ehdr; 3777 off_t offset; 3778 int ret; 3779 3780 /* Read ELF header */ 3781 offset = lseek(fd, 0, SEEK_SET); 3782 if (offset == (off_t) -1) { 3783 return 0; 3784 } 3785 ret = read(fd, &ehdr, sizeof(ehdr)); 3786 if (ret < sizeof(ehdr)) { 3787 return 0; 3788 } 3789 offset = lseek(fd, offset, SEEK_SET); 3790 if (offset == (off_t) -1) { 3791 return 0; 3792 } 3793 3794 /* Check ELF signature */ 3795 if (!elf_check_ident(&ehdr)) { 3796 return 0; 3797 } 3798 3799 /* check header */ 3800 bswap_ehdr(&ehdr); 3801 if (!elf_check_ehdr(&ehdr)) { 3802 return 0; 3803 } 3804 3805 /* return architecture id */ 3806 return ehdr.e_flags; 3807 } 3808 3809 int load_elf_binary(struct linux_binprm *bprm, struct image_info *info) 3810 { 3811 /* 3812 * We need a copy of the elf header for passing to create_elf_tables. 3813 * We will have overwritten the original when we re-use bprm->buf 3814 * while loading the interpreter. Allocate the storage for this now 3815 * and let elf_load_image do any swapping that may be required. 3816 */ 3817 struct elfhdr ehdr; 3818 struct image_info interp_info, vdso_info; 3819 char *elf_interpreter = NULL; 3820 char *scratch; 3821 3822 memset(&interp_info, 0, sizeof(interp_info)); 3823 #ifdef TARGET_MIPS 3824 interp_info.fp_abi = MIPS_ABI_FP_UNKNOWN; 3825 #endif 3826 3827 load_elf_image(bprm->filename, &bprm->src, info, &ehdr, &elf_interpreter); 3828 3829 /* Do this so that we can load the interpreter, if need be. We will 3830 change some of these later */ 3831 bprm->p = setup_arg_pages(bprm, info); 3832 3833 scratch = g_new0(char, TARGET_PAGE_SIZE); 3834 if (STACK_GROWS_DOWN) { 3835 bprm->p = copy_elf_strings(1, &bprm->filename, scratch, 3836 bprm->p, info->stack_limit); 3837 info->file_string = bprm->p; 3838 bprm->p = copy_elf_strings(bprm->envc, bprm->envp, scratch, 3839 bprm->p, info->stack_limit); 3840 info->env_strings = bprm->p; 3841 bprm->p = copy_elf_strings(bprm->argc, bprm->argv, scratch, 3842 bprm->p, info->stack_limit); 3843 info->arg_strings = bprm->p; 3844 } else { 3845 info->arg_strings = bprm->p; 3846 bprm->p = copy_elf_strings(bprm->argc, bprm->argv, scratch, 3847 bprm->p, info->stack_limit); 3848 info->env_strings = bprm->p; 3849 bprm->p = copy_elf_strings(bprm->envc, bprm->envp, scratch, 3850 bprm->p, info->stack_limit); 3851 info->file_string = bprm->p; 3852 bprm->p = copy_elf_strings(1, &bprm->filename, scratch, 3853 bprm->p, info->stack_limit); 3854 } 3855 3856 g_free(scratch); 3857 3858 if (!bprm->p) { 3859 fprintf(stderr, "%s: %s\n", bprm->filename, strerror(E2BIG)); 3860 exit(-1); 3861 } 3862 3863 if (elf_interpreter) { 3864 load_elf_interp(elf_interpreter, &interp_info, bprm->buf); 3865 3866 /* 3867 * While unusual because of ELF_ET_DYN_BASE, if we are unlucky 3868 * with the mappings the interpreter can be loaded above but 3869 * near the main executable, which can leave very little room 3870 * for the heap. 3871 * If the current brk has less than 16MB, use the end of the 3872 * interpreter. 3873 */ 3874 if (interp_info.brk > info->brk && 3875 interp_info.load_bias - info->brk < 16 * MiB) { 3876 info->brk = interp_info.brk; 3877 } 3878 3879 /* If the program interpreter is one of these two, then assume 3880 an iBCS2 image. Otherwise assume a native linux image. */ 3881 3882 if (strcmp(elf_interpreter, "/usr/lib/libc.so.1") == 0 3883 || strcmp(elf_interpreter, "/usr/lib/ld.so.1") == 0) { 3884 info->personality = PER_SVR4; 3885 3886 /* Why this, you ask??? Well SVr4 maps page 0 as read-only, 3887 and some applications "depend" upon this behavior. Since 3888 we do not have the power to recompile these, we emulate 3889 the SVr4 behavior. Sigh. */ 3890 target_mmap(0, qemu_host_page_size, PROT_READ | PROT_EXEC, 3891 MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); 3892 } 3893 #ifdef TARGET_MIPS 3894 info->interp_fp_abi = interp_info.fp_abi; 3895 #endif 3896 } 3897 3898 /* 3899 * Load a vdso if available, which will amongst other things contain the 3900 * signal trampolines. Otherwise, allocate a separate page for them. 3901 */ 3902 const VdsoImageInfo *vdso = vdso_image_info(); 3903 if (vdso) { 3904 load_elf_vdso(&vdso_info, vdso); 3905 } else if (TARGET_ARCH_HAS_SIGTRAMP_PAGE) { 3906 abi_long tramp_page = target_mmap(0, TARGET_PAGE_SIZE, 3907 PROT_READ | PROT_WRITE, 3908 MAP_PRIVATE | MAP_ANON, -1, 0); 3909 if (tramp_page == -1) { 3910 return -errno; 3911 } 3912 3913 setup_sigtramp(tramp_page); 3914 target_mprotect(tramp_page, TARGET_PAGE_SIZE, PROT_READ | PROT_EXEC); 3915 } 3916 3917 bprm->p = create_elf_tables(bprm->p, bprm->argc, bprm->envc, &ehdr, info, 3918 elf_interpreter ? &interp_info : NULL, 3919 vdso ? &vdso_info : NULL); 3920 info->start_stack = bprm->p; 3921 3922 /* If we have an interpreter, set that as the program's entry point. 3923 Copy the load_bias as well, to help PPC64 interpret the entry 3924 point as a function descriptor. Do this after creating elf tables 3925 so that we copy the original program entry point into the AUXV. */ 3926 if (elf_interpreter) { 3927 info->load_bias = interp_info.load_bias; 3928 info->entry = interp_info.entry; 3929 g_free(elf_interpreter); 3930 } 3931 3932 #ifdef USE_ELF_CORE_DUMP 3933 bprm->core_dump = &elf_core_dump; 3934 #endif 3935 3936 return 0; 3937 } 3938 3939 #ifdef USE_ELF_CORE_DUMP 3940 /* 3941 * Definitions to generate Intel SVR4-like core files. 3942 * These mostly have the same names as the SVR4 types with "target_elf_" 3943 * tacked on the front to prevent clashes with linux definitions, 3944 * and the typedef forms have been avoided. This is mostly like 3945 * the SVR4 structure, but more Linuxy, with things that Linux does 3946 * not support and which gdb doesn't really use excluded. 3947 * 3948 * Fields we don't dump (their contents is zero) in linux-user qemu 3949 * are marked with XXX. 3950 * 3951 * Core dump code is copied from linux kernel (fs/binfmt_elf.c). 3952 * 3953 * Porting ELF coredump for target is (quite) simple process. First you 3954 * define USE_ELF_CORE_DUMP in target ELF code (where init_thread() for 3955 * the target resides): 3956 * 3957 * #define USE_ELF_CORE_DUMP 3958 * 3959 * Next you define type of register set used for dumping. ELF specification 3960 * says that it needs to be array of elf_greg_t that has size of ELF_NREG. 3961 * 3962 * typedef <target_regtype> target_elf_greg_t; 3963 * #define ELF_NREG <number of registers> 3964 * typedef taret_elf_greg_t target_elf_gregset_t[ELF_NREG]; 3965 * 3966 * Last step is to implement target specific function that copies registers 3967 * from given cpu into just specified register set. Prototype is: 3968 * 3969 * static void elf_core_copy_regs(taret_elf_gregset_t *regs, 3970 * const CPUArchState *env); 3971 * 3972 * Parameters: 3973 * regs - copy register values into here (allocated and zeroed by caller) 3974 * env - copy registers from here 3975 * 3976 * Example for ARM target is provided in this file. 3977 */ 3978 3979 /* An ELF note in memory */ 3980 struct memelfnote { 3981 const char *name; 3982 size_t namesz; 3983 size_t namesz_rounded; 3984 int type; 3985 size_t datasz; 3986 size_t datasz_rounded; 3987 void *data; 3988 size_t notesz; 3989 }; 3990 3991 struct target_elf_siginfo { 3992 abi_int si_signo; /* signal number */ 3993 abi_int si_code; /* extra code */ 3994 abi_int si_errno; /* errno */ 3995 }; 3996 3997 struct target_elf_prstatus { 3998 struct target_elf_siginfo pr_info; /* Info associated with signal */ 3999 abi_short pr_cursig; /* Current signal */ 4000 abi_ulong pr_sigpend; /* XXX */ 4001 abi_ulong pr_sighold; /* XXX */ 4002 target_pid_t pr_pid; 4003 target_pid_t pr_ppid; 4004 target_pid_t pr_pgrp; 4005 target_pid_t pr_sid; 4006 struct target_timeval pr_utime; /* XXX User time */ 4007 struct target_timeval pr_stime; /* XXX System time */ 4008 struct target_timeval pr_cutime; /* XXX Cumulative user time */ 4009 struct target_timeval pr_cstime; /* XXX Cumulative system time */ 4010 target_elf_gregset_t pr_reg; /* GP registers */ 4011 abi_int pr_fpvalid; /* XXX */ 4012 }; 4013 4014 #define ELF_PRARGSZ (80) /* Number of chars for args */ 4015 4016 struct target_elf_prpsinfo { 4017 char pr_state; /* numeric process state */ 4018 char pr_sname; /* char for pr_state */ 4019 char pr_zomb; /* zombie */ 4020 char pr_nice; /* nice val */ 4021 abi_ulong pr_flag; /* flags */ 4022 target_uid_t pr_uid; 4023 target_gid_t pr_gid; 4024 target_pid_t pr_pid, pr_ppid, pr_pgrp, pr_sid; 4025 /* Lots missing */ 4026 char pr_fname[16] QEMU_NONSTRING; /* filename of executable */ 4027 char pr_psargs[ELF_PRARGSZ]; /* initial part of arg list */ 4028 }; 4029 4030 /* Here is the structure in which status of each thread is captured. */ 4031 struct elf_thread_status { 4032 QTAILQ_ENTRY(elf_thread_status) ets_link; 4033 struct target_elf_prstatus prstatus; /* NT_PRSTATUS */ 4034 #if 0 4035 elf_fpregset_t fpu; /* NT_PRFPREG */ 4036 struct task_struct *thread; 4037 elf_fpxregset_t xfpu; /* ELF_CORE_XFPREG_TYPE */ 4038 #endif 4039 struct memelfnote notes[1]; 4040 int num_notes; 4041 }; 4042 4043 struct elf_note_info { 4044 struct memelfnote *notes; 4045 struct target_elf_prstatus *prstatus; /* NT_PRSTATUS */ 4046 struct target_elf_prpsinfo *psinfo; /* NT_PRPSINFO */ 4047 4048 QTAILQ_HEAD(, elf_thread_status) thread_list; 4049 #if 0 4050 /* 4051 * Current version of ELF coredump doesn't support 4052 * dumping fp regs etc. 4053 */ 4054 elf_fpregset_t *fpu; 4055 elf_fpxregset_t *xfpu; 4056 int thread_status_size; 4057 #endif 4058 int notes_size; 4059 int numnote; 4060 }; 4061 4062 struct vm_area_struct { 4063 target_ulong vma_start; /* start vaddr of memory region */ 4064 target_ulong vma_end; /* end vaddr of memory region */ 4065 abi_ulong vma_flags; /* protection etc. flags for the region */ 4066 QTAILQ_ENTRY(vm_area_struct) vma_link; 4067 }; 4068 4069 struct mm_struct { 4070 QTAILQ_HEAD(, vm_area_struct) mm_mmap; 4071 int mm_count; /* number of mappings */ 4072 }; 4073 4074 static struct mm_struct *vma_init(void); 4075 static void vma_delete(struct mm_struct *); 4076 static int vma_add_mapping(struct mm_struct *, target_ulong, 4077 target_ulong, abi_ulong); 4078 static int vma_get_mapping_count(const struct mm_struct *); 4079 static struct vm_area_struct *vma_first(const struct mm_struct *); 4080 static struct vm_area_struct *vma_next(struct vm_area_struct *); 4081 static abi_ulong vma_dump_size(const struct vm_area_struct *); 4082 static int vma_walker(void *priv, target_ulong start, target_ulong end, 4083 unsigned long flags); 4084 4085 static void fill_elf_header(struct elfhdr *, int, uint16_t, uint32_t); 4086 static void fill_note(struct memelfnote *, const char *, int, 4087 unsigned int, void *); 4088 static void fill_prstatus(struct target_elf_prstatus *, const TaskState *, int); 4089 static int fill_psinfo(struct target_elf_prpsinfo *, const TaskState *); 4090 static void fill_auxv_note(struct memelfnote *, const TaskState *); 4091 static void fill_elf_note_phdr(struct elf_phdr *, int, off_t); 4092 static size_t note_size(const struct memelfnote *); 4093 static void free_note_info(struct elf_note_info *); 4094 static int fill_note_info(struct elf_note_info *, long, const CPUArchState *); 4095 static void fill_thread_info(struct elf_note_info *, const CPUArchState *); 4096 4097 static int dump_write(int, const void *, size_t); 4098 static int write_note(struct memelfnote *, int); 4099 static int write_note_info(struct elf_note_info *, int); 4100 4101 #ifdef BSWAP_NEEDED 4102 static void bswap_prstatus(struct target_elf_prstatus *prstatus) 4103 { 4104 prstatus->pr_info.si_signo = tswap32(prstatus->pr_info.si_signo); 4105 prstatus->pr_info.si_code = tswap32(prstatus->pr_info.si_code); 4106 prstatus->pr_info.si_errno = tswap32(prstatus->pr_info.si_errno); 4107 prstatus->pr_cursig = tswap16(prstatus->pr_cursig); 4108 prstatus->pr_sigpend = tswapal(prstatus->pr_sigpend); 4109 prstatus->pr_sighold = tswapal(prstatus->pr_sighold); 4110 prstatus->pr_pid = tswap32(prstatus->pr_pid); 4111 prstatus->pr_ppid = tswap32(prstatus->pr_ppid); 4112 prstatus->pr_pgrp = tswap32(prstatus->pr_pgrp); 4113 prstatus->pr_sid = tswap32(prstatus->pr_sid); 4114 /* cpu times are not filled, so we skip them */ 4115 /* regs should be in correct format already */ 4116 prstatus->pr_fpvalid = tswap32(prstatus->pr_fpvalid); 4117 } 4118 4119 static void bswap_psinfo(struct target_elf_prpsinfo *psinfo) 4120 { 4121 psinfo->pr_flag = tswapal(psinfo->pr_flag); 4122 psinfo->pr_uid = tswap16(psinfo->pr_uid); 4123 psinfo->pr_gid = tswap16(psinfo->pr_gid); 4124 psinfo->pr_pid = tswap32(psinfo->pr_pid); 4125 psinfo->pr_ppid = tswap32(psinfo->pr_ppid); 4126 psinfo->pr_pgrp = tswap32(psinfo->pr_pgrp); 4127 psinfo->pr_sid = tswap32(psinfo->pr_sid); 4128 } 4129 4130 static void bswap_note(struct elf_note *en) 4131 { 4132 bswap32s(&en->n_namesz); 4133 bswap32s(&en->n_descsz); 4134 bswap32s(&en->n_type); 4135 } 4136 #else 4137 static inline void bswap_prstatus(struct target_elf_prstatus *p) { } 4138 static inline void bswap_psinfo(struct target_elf_prpsinfo *p) {} 4139 static inline void bswap_note(struct elf_note *en) { } 4140 #endif /* BSWAP_NEEDED */ 4141 4142 /* 4143 * Minimal support for linux memory regions. These are needed 4144 * when we are finding out what memory exactly belongs to 4145 * emulated process. No locks needed here, as long as 4146 * thread that received the signal is stopped. 4147 */ 4148 4149 static struct mm_struct *vma_init(void) 4150 { 4151 struct mm_struct *mm; 4152 4153 if ((mm = g_malloc(sizeof (*mm))) == NULL) 4154 return (NULL); 4155 4156 mm->mm_count = 0; 4157 QTAILQ_INIT(&mm->mm_mmap); 4158 4159 return (mm); 4160 } 4161 4162 static void vma_delete(struct mm_struct *mm) 4163 { 4164 struct vm_area_struct *vma; 4165 4166 while ((vma = vma_first(mm)) != NULL) { 4167 QTAILQ_REMOVE(&mm->mm_mmap, vma, vma_link); 4168 g_free(vma); 4169 } 4170 g_free(mm); 4171 } 4172 4173 static int vma_add_mapping(struct mm_struct *mm, target_ulong start, 4174 target_ulong end, abi_ulong flags) 4175 { 4176 struct vm_area_struct *vma; 4177 4178 if ((vma = g_malloc0(sizeof (*vma))) == NULL) 4179 return (-1); 4180 4181 vma->vma_start = start; 4182 vma->vma_end = end; 4183 vma->vma_flags = flags; 4184 4185 QTAILQ_INSERT_TAIL(&mm->mm_mmap, vma, vma_link); 4186 mm->mm_count++; 4187 4188 return (0); 4189 } 4190 4191 static struct vm_area_struct *vma_first(const struct mm_struct *mm) 4192 { 4193 return (QTAILQ_FIRST(&mm->mm_mmap)); 4194 } 4195 4196 static struct vm_area_struct *vma_next(struct vm_area_struct *vma) 4197 { 4198 return (QTAILQ_NEXT(vma, vma_link)); 4199 } 4200 4201 static int vma_get_mapping_count(const struct mm_struct *mm) 4202 { 4203 return (mm->mm_count); 4204 } 4205 4206 /* 4207 * Calculate file (dump) size of given memory region. 4208 */ 4209 static abi_ulong vma_dump_size(const struct vm_area_struct *vma) 4210 { 4211 /* if we cannot even read the first page, skip it */ 4212 if (!access_ok_untagged(VERIFY_READ, vma->vma_start, TARGET_PAGE_SIZE)) 4213 return (0); 4214 4215 /* 4216 * Usually we don't dump executable pages as they contain 4217 * non-writable code that debugger can read directly from 4218 * target library etc. However, thread stacks are marked 4219 * also executable so we read in first page of given region 4220 * and check whether it contains elf header. If there is 4221 * no elf header, we dump it. 4222 */ 4223 if (vma->vma_flags & PROT_EXEC) { 4224 char page[TARGET_PAGE_SIZE]; 4225 4226 if (copy_from_user(page, vma->vma_start, sizeof (page))) { 4227 return 0; 4228 } 4229 if ((page[EI_MAG0] == ELFMAG0) && 4230 (page[EI_MAG1] == ELFMAG1) && 4231 (page[EI_MAG2] == ELFMAG2) && 4232 (page[EI_MAG3] == ELFMAG3)) { 4233 /* 4234 * Mappings are possibly from ELF binary. Don't dump 4235 * them. 4236 */ 4237 return (0); 4238 } 4239 } 4240 4241 return (vma->vma_end - vma->vma_start); 4242 } 4243 4244 static int vma_walker(void *priv, target_ulong start, target_ulong end, 4245 unsigned long flags) 4246 { 4247 struct mm_struct *mm = (struct mm_struct *)priv; 4248 4249 vma_add_mapping(mm, start, end, flags); 4250 return (0); 4251 } 4252 4253 static void fill_note(struct memelfnote *note, const char *name, int type, 4254 unsigned int sz, void *data) 4255 { 4256 unsigned int namesz; 4257 4258 namesz = strlen(name) + 1; 4259 note->name = name; 4260 note->namesz = namesz; 4261 note->namesz_rounded = roundup(namesz, sizeof (int32_t)); 4262 note->type = type; 4263 note->datasz = sz; 4264 note->datasz_rounded = roundup(sz, sizeof (int32_t)); 4265 4266 note->data = data; 4267 4268 /* 4269 * We calculate rounded up note size here as specified by 4270 * ELF document. 4271 */ 4272 note->notesz = sizeof (struct elf_note) + 4273 note->namesz_rounded + note->datasz_rounded; 4274 } 4275 4276 static void fill_elf_header(struct elfhdr *elf, int segs, uint16_t machine, 4277 uint32_t flags) 4278 { 4279 (void) memset(elf, 0, sizeof(*elf)); 4280 4281 (void) memcpy(elf->e_ident, ELFMAG, SELFMAG); 4282 elf->e_ident[EI_CLASS] = ELF_CLASS; 4283 elf->e_ident[EI_DATA] = ELF_DATA; 4284 elf->e_ident[EI_VERSION] = EV_CURRENT; 4285 elf->e_ident[EI_OSABI] = ELF_OSABI; 4286 4287 elf->e_type = ET_CORE; 4288 elf->e_machine = machine; 4289 elf->e_version = EV_CURRENT; 4290 elf->e_phoff = sizeof(struct elfhdr); 4291 elf->e_flags = flags; 4292 elf->e_ehsize = sizeof(struct elfhdr); 4293 elf->e_phentsize = sizeof(struct elf_phdr); 4294 elf->e_phnum = segs; 4295 4296 bswap_ehdr(elf); 4297 } 4298 4299 static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, off_t offset) 4300 { 4301 phdr->p_type = PT_NOTE; 4302 phdr->p_offset = offset; 4303 phdr->p_vaddr = 0; 4304 phdr->p_paddr = 0; 4305 phdr->p_filesz = sz; 4306 phdr->p_memsz = 0; 4307 phdr->p_flags = 0; 4308 phdr->p_align = 0; 4309 4310 bswap_phdr(phdr, 1); 4311 } 4312 4313 static size_t note_size(const struct memelfnote *note) 4314 { 4315 return (note->notesz); 4316 } 4317 4318 static void fill_prstatus(struct target_elf_prstatus *prstatus, 4319 const TaskState *ts, int signr) 4320 { 4321 (void) memset(prstatus, 0, sizeof (*prstatus)); 4322 prstatus->pr_info.si_signo = prstatus->pr_cursig = signr; 4323 prstatus->pr_pid = ts->ts_tid; 4324 prstatus->pr_ppid = getppid(); 4325 prstatus->pr_pgrp = getpgrp(); 4326 prstatus->pr_sid = getsid(0); 4327 4328 bswap_prstatus(prstatus); 4329 } 4330 4331 static int fill_psinfo(struct target_elf_prpsinfo *psinfo, const TaskState *ts) 4332 { 4333 char *base_filename; 4334 unsigned int i, len; 4335 4336 (void) memset(psinfo, 0, sizeof (*psinfo)); 4337 4338 len = ts->info->env_strings - ts->info->arg_strings; 4339 if (len >= ELF_PRARGSZ) 4340 len = ELF_PRARGSZ - 1; 4341 if (copy_from_user(&psinfo->pr_psargs, ts->info->arg_strings, len)) { 4342 return -EFAULT; 4343 } 4344 for (i = 0; i < len; i++) 4345 if (psinfo->pr_psargs[i] == 0) 4346 psinfo->pr_psargs[i] = ' '; 4347 psinfo->pr_psargs[len] = 0; 4348 4349 psinfo->pr_pid = getpid(); 4350 psinfo->pr_ppid = getppid(); 4351 psinfo->pr_pgrp = getpgrp(); 4352 psinfo->pr_sid = getsid(0); 4353 psinfo->pr_uid = getuid(); 4354 psinfo->pr_gid = getgid(); 4355 4356 base_filename = g_path_get_basename(ts->bprm->filename); 4357 /* 4358 * Using strncpy here is fine: at max-length, 4359 * this field is not NUL-terminated. 4360 */ 4361 (void) strncpy(psinfo->pr_fname, base_filename, 4362 sizeof(psinfo->pr_fname)); 4363 4364 g_free(base_filename); 4365 bswap_psinfo(psinfo); 4366 return (0); 4367 } 4368 4369 static void fill_auxv_note(struct memelfnote *note, const TaskState *ts) 4370 { 4371 elf_addr_t auxv = (elf_addr_t)ts->info->saved_auxv; 4372 elf_addr_t orig_auxv = auxv; 4373 void *ptr; 4374 int len = ts->info->auxv_len; 4375 4376 /* 4377 * Auxiliary vector is stored in target process stack. It contains 4378 * {type, value} pairs that we need to dump into note. This is not 4379 * strictly necessary but we do it here for sake of completeness. 4380 */ 4381 4382 /* read in whole auxv vector and copy it to memelfnote */ 4383 ptr = lock_user(VERIFY_READ, orig_auxv, len, 0); 4384 if (ptr != NULL) { 4385 fill_note(note, "CORE", NT_AUXV, len, ptr); 4386 unlock_user(ptr, auxv, len); 4387 } 4388 } 4389 4390 /* 4391 * Constructs name of coredump file. We have following convention 4392 * for the name: 4393 * qemu_<basename-of-target-binary>_<date>-<time>_<pid>.core 4394 * 4395 * Returns the filename 4396 */ 4397 static char *core_dump_filename(const TaskState *ts) 4398 { 4399 g_autoptr(GDateTime) now = g_date_time_new_now_local(); 4400 g_autofree char *nowstr = g_date_time_format(now, "%Y%m%d-%H%M%S"); 4401 g_autofree char *base_filename = g_path_get_basename(ts->bprm->filename); 4402 4403 return g_strdup_printf("qemu_%s_%s_%d.core", 4404 base_filename, nowstr, (int)getpid()); 4405 } 4406 4407 static int dump_write(int fd, const void *ptr, size_t size) 4408 { 4409 const char *bufp = (const char *)ptr; 4410 ssize_t bytes_written, bytes_left; 4411 struct rlimit dumpsize; 4412 off_t pos; 4413 4414 bytes_written = 0; 4415 getrlimit(RLIMIT_CORE, &dumpsize); 4416 if ((pos = lseek(fd, 0, SEEK_CUR))==-1) { 4417 if (errno == ESPIPE) { /* not a seekable stream */ 4418 bytes_left = size; 4419 } else { 4420 return pos; 4421 } 4422 } else { 4423 if (dumpsize.rlim_cur <= pos) { 4424 return -1; 4425 } else if (dumpsize.rlim_cur == RLIM_INFINITY) { 4426 bytes_left = size; 4427 } else { 4428 size_t limit_left=dumpsize.rlim_cur - pos; 4429 bytes_left = limit_left >= size ? size : limit_left ; 4430 } 4431 } 4432 4433 /* 4434 * In normal conditions, single write(2) should do but 4435 * in case of socket etc. this mechanism is more portable. 4436 */ 4437 do { 4438 bytes_written = write(fd, bufp, bytes_left); 4439 if (bytes_written < 0) { 4440 if (errno == EINTR) 4441 continue; 4442 return (-1); 4443 } else if (bytes_written == 0) { /* eof */ 4444 return (-1); 4445 } 4446 bufp += bytes_written; 4447 bytes_left -= bytes_written; 4448 } while (bytes_left > 0); 4449 4450 return (0); 4451 } 4452 4453 static int write_note(struct memelfnote *men, int fd) 4454 { 4455 struct elf_note en; 4456 4457 en.n_namesz = men->namesz; 4458 en.n_type = men->type; 4459 en.n_descsz = men->datasz; 4460 4461 bswap_note(&en); 4462 4463 if (dump_write(fd, &en, sizeof(en)) != 0) 4464 return (-1); 4465 if (dump_write(fd, men->name, men->namesz_rounded) != 0) 4466 return (-1); 4467 if (dump_write(fd, men->data, men->datasz_rounded) != 0) 4468 return (-1); 4469 4470 return (0); 4471 } 4472 4473 static void fill_thread_info(struct elf_note_info *info, const CPUArchState *env) 4474 { 4475 CPUState *cpu = env_cpu((CPUArchState *)env); 4476 TaskState *ts = (TaskState *)cpu->opaque; 4477 struct elf_thread_status *ets; 4478 4479 ets = g_malloc0(sizeof (*ets)); 4480 ets->num_notes = 1; /* only prstatus is dumped */ 4481 fill_prstatus(&ets->prstatus, ts, 0); 4482 elf_core_copy_regs(&ets->prstatus.pr_reg, env); 4483 fill_note(&ets->notes[0], "CORE", NT_PRSTATUS, sizeof (ets->prstatus), 4484 &ets->prstatus); 4485 4486 QTAILQ_INSERT_TAIL(&info->thread_list, ets, ets_link); 4487 4488 info->notes_size += note_size(&ets->notes[0]); 4489 } 4490 4491 static void init_note_info(struct elf_note_info *info) 4492 { 4493 /* Initialize the elf_note_info structure so that it is at 4494 * least safe to call free_note_info() on it. Must be 4495 * called before calling fill_note_info(). 4496 */ 4497 memset(info, 0, sizeof (*info)); 4498 QTAILQ_INIT(&info->thread_list); 4499 } 4500 4501 static int fill_note_info(struct elf_note_info *info, 4502 long signr, const CPUArchState *env) 4503 { 4504 #define NUMNOTES 3 4505 CPUState *cpu = env_cpu((CPUArchState *)env); 4506 TaskState *ts = (TaskState *)cpu->opaque; 4507 int i; 4508 4509 info->notes = g_new0(struct memelfnote, NUMNOTES); 4510 if (info->notes == NULL) 4511 return (-ENOMEM); 4512 info->prstatus = g_malloc0(sizeof (*info->prstatus)); 4513 if (info->prstatus == NULL) 4514 return (-ENOMEM); 4515 info->psinfo = g_malloc0(sizeof (*info->psinfo)); 4516 if (info->prstatus == NULL) 4517 return (-ENOMEM); 4518 4519 /* 4520 * First fill in status (and registers) of current thread 4521 * including process info & aux vector. 4522 */ 4523 fill_prstatus(info->prstatus, ts, signr); 4524 elf_core_copy_regs(&info->prstatus->pr_reg, env); 4525 fill_note(&info->notes[0], "CORE", NT_PRSTATUS, 4526 sizeof (*info->prstatus), info->prstatus); 4527 fill_psinfo(info->psinfo, ts); 4528 fill_note(&info->notes[1], "CORE", NT_PRPSINFO, 4529 sizeof (*info->psinfo), info->psinfo); 4530 fill_auxv_note(&info->notes[2], ts); 4531 info->numnote = 3; 4532 4533 info->notes_size = 0; 4534 for (i = 0; i < info->numnote; i++) 4535 info->notes_size += note_size(&info->notes[i]); 4536 4537 /* read and fill status of all threads */ 4538 WITH_QEMU_LOCK_GUARD(&qemu_cpu_list_lock) { 4539 CPU_FOREACH(cpu) { 4540 if (cpu == thread_cpu) { 4541 continue; 4542 } 4543 fill_thread_info(info, cpu_env(cpu)); 4544 } 4545 } 4546 4547 return (0); 4548 } 4549 4550 static void free_note_info(struct elf_note_info *info) 4551 { 4552 struct elf_thread_status *ets; 4553 4554 while (!QTAILQ_EMPTY(&info->thread_list)) { 4555 ets = QTAILQ_FIRST(&info->thread_list); 4556 QTAILQ_REMOVE(&info->thread_list, ets, ets_link); 4557 g_free(ets); 4558 } 4559 4560 g_free(info->prstatus); 4561 g_free(info->psinfo); 4562 g_free(info->notes); 4563 } 4564 4565 static int write_note_info(struct elf_note_info *info, int fd) 4566 { 4567 struct elf_thread_status *ets; 4568 int i, error = 0; 4569 4570 /* write prstatus, psinfo and auxv for current thread */ 4571 for (i = 0; i < info->numnote; i++) 4572 if ((error = write_note(&info->notes[i], fd)) != 0) 4573 return (error); 4574 4575 /* write prstatus for each thread */ 4576 QTAILQ_FOREACH(ets, &info->thread_list, ets_link) { 4577 if ((error = write_note(&ets->notes[0], fd)) != 0) 4578 return (error); 4579 } 4580 4581 return (0); 4582 } 4583 4584 /* 4585 * Write out ELF coredump. 4586 * 4587 * See documentation of ELF object file format in: 4588 * http://www.caldera.com/developers/devspecs/gabi41.pdf 4589 * 4590 * Coredump format in linux is following: 4591 * 4592 * 0 +----------------------+ \ 4593 * | ELF header | ET_CORE | 4594 * +----------------------+ | 4595 * | ELF program headers | |--- headers 4596 * | - NOTE section | | 4597 * | - PT_LOAD sections | | 4598 * +----------------------+ / 4599 * | NOTEs: | 4600 * | - NT_PRSTATUS | 4601 * | - NT_PRSINFO | 4602 * | - NT_AUXV | 4603 * +----------------------+ <-- aligned to target page 4604 * | Process memory dump | 4605 * : : 4606 * . . 4607 * : : 4608 * | | 4609 * +----------------------+ 4610 * 4611 * NT_PRSTATUS -> struct elf_prstatus (per thread) 4612 * NT_PRSINFO -> struct elf_prpsinfo 4613 * NT_AUXV is array of { type, value } pairs (see fill_auxv_note()). 4614 * 4615 * Format follows System V format as close as possible. Current 4616 * version limitations are as follows: 4617 * - no floating point registers are dumped 4618 * 4619 * Function returns 0 in case of success, negative errno otherwise. 4620 * 4621 * TODO: make this work also during runtime: it should be 4622 * possible to force coredump from running process and then 4623 * continue processing. For example qemu could set up SIGUSR2 4624 * handler (provided that target process haven't registered 4625 * handler for that) that does the dump when signal is received. 4626 */ 4627 static int elf_core_dump(int signr, const CPUArchState *env) 4628 { 4629 const CPUState *cpu = env_cpu((CPUArchState *)env); 4630 const TaskState *ts = (const TaskState *)cpu->opaque; 4631 struct vm_area_struct *vma = NULL; 4632 g_autofree char *corefile = NULL; 4633 struct elf_note_info info; 4634 struct elfhdr elf; 4635 struct elf_phdr phdr; 4636 struct rlimit dumpsize; 4637 struct mm_struct *mm = NULL; 4638 off_t offset = 0, data_offset = 0; 4639 int segs = 0; 4640 int fd = -1; 4641 4642 init_note_info(&info); 4643 4644 errno = 0; 4645 getrlimit(RLIMIT_CORE, &dumpsize); 4646 if (dumpsize.rlim_cur == 0) 4647 return 0; 4648 4649 corefile = core_dump_filename(ts); 4650 4651 if ((fd = open(corefile, O_WRONLY | O_CREAT, 4652 S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)) < 0) 4653 return (-errno); 4654 4655 /* 4656 * Walk through target process memory mappings and 4657 * set up structure containing this information. After 4658 * this point vma_xxx functions can be used. 4659 */ 4660 if ((mm = vma_init()) == NULL) 4661 goto out; 4662 4663 walk_memory_regions(mm, vma_walker); 4664 segs = vma_get_mapping_count(mm); 4665 4666 /* 4667 * Construct valid coredump ELF header. We also 4668 * add one more segment for notes. 4669 */ 4670 fill_elf_header(&elf, segs + 1, ELF_MACHINE, 0); 4671 if (dump_write(fd, &elf, sizeof (elf)) != 0) 4672 goto out; 4673 4674 /* fill in the in-memory version of notes */ 4675 if (fill_note_info(&info, signr, env) < 0) 4676 goto out; 4677 4678 offset += sizeof (elf); /* elf header */ 4679 offset += (segs + 1) * sizeof (struct elf_phdr); /* program headers */ 4680 4681 /* write out notes program header */ 4682 fill_elf_note_phdr(&phdr, info.notes_size, offset); 4683 4684 offset += info.notes_size; 4685 if (dump_write(fd, &phdr, sizeof (phdr)) != 0) 4686 goto out; 4687 4688 /* 4689 * ELF specification wants data to start at page boundary so 4690 * we align it here. 4691 */ 4692 data_offset = offset = roundup(offset, ELF_EXEC_PAGESIZE); 4693 4694 /* 4695 * Write program headers for memory regions mapped in 4696 * the target process. 4697 */ 4698 for (vma = vma_first(mm); vma != NULL; vma = vma_next(vma)) { 4699 (void) memset(&phdr, 0, sizeof (phdr)); 4700 4701 phdr.p_type = PT_LOAD; 4702 phdr.p_offset = offset; 4703 phdr.p_vaddr = vma->vma_start; 4704 phdr.p_paddr = 0; 4705 phdr.p_filesz = vma_dump_size(vma); 4706 offset += phdr.p_filesz; 4707 phdr.p_memsz = vma->vma_end - vma->vma_start; 4708 phdr.p_flags = vma->vma_flags & PROT_READ ? PF_R : 0; 4709 if (vma->vma_flags & PROT_WRITE) 4710 phdr.p_flags |= PF_W; 4711 if (vma->vma_flags & PROT_EXEC) 4712 phdr.p_flags |= PF_X; 4713 phdr.p_align = ELF_EXEC_PAGESIZE; 4714 4715 bswap_phdr(&phdr, 1); 4716 if (dump_write(fd, &phdr, sizeof(phdr)) != 0) { 4717 goto out; 4718 } 4719 } 4720 4721 /* 4722 * Next we write notes just after program headers. No 4723 * alignment needed here. 4724 */ 4725 if (write_note_info(&info, fd) < 0) 4726 goto out; 4727 4728 /* align data to page boundary */ 4729 if (lseek(fd, data_offset, SEEK_SET) != data_offset) 4730 goto out; 4731 4732 /* 4733 * Finally we can dump process memory into corefile as well. 4734 */ 4735 for (vma = vma_first(mm); vma != NULL; vma = vma_next(vma)) { 4736 abi_ulong addr; 4737 abi_ulong end; 4738 4739 end = vma->vma_start + vma_dump_size(vma); 4740 4741 for (addr = vma->vma_start; addr < end; 4742 addr += TARGET_PAGE_SIZE) { 4743 char page[TARGET_PAGE_SIZE]; 4744 int error; 4745 4746 /* 4747 * Read in page from target process memory and 4748 * write it to coredump file. 4749 */ 4750 error = copy_from_user(page, addr, sizeof (page)); 4751 if (error != 0) { 4752 (void) fprintf(stderr, "unable to dump " TARGET_ABI_FMT_lx "\n", 4753 addr); 4754 errno = -error; 4755 goto out; 4756 } 4757 if (dump_write(fd, page, TARGET_PAGE_SIZE) < 0) 4758 goto out; 4759 } 4760 } 4761 4762 out: 4763 free_note_info(&info); 4764 if (mm != NULL) 4765 vma_delete(mm); 4766 (void) close(fd); 4767 4768 if (errno != 0) 4769 return (-errno); 4770 return (0); 4771 } 4772 #endif /* USE_ELF_CORE_DUMP */ 4773 4774 void do_init_thread(struct target_pt_regs *regs, struct image_info *infop) 4775 { 4776 init_thread(regs, infop); 4777 } 4778