xref: /openbmc/qemu/linux-user/elfload.c (revision fe44dc91)
1 /* This is the Linux kernel elf-loading code, ported into user space */
2 #include "qemu/osdep.h"
3 #include <sys/param.h>
4 
5 #include <sys/resource.h>
6 
7 #include "qemu.h"
8 #include "disas/disas.h"
9 #include "qemu/path.h"
10 
11 #ifdef _ARCH_PPC64
12 #undef ARCH_DLINFO
13 #undef ELF_PLATFORM
14 #undef ELF_HWCAP
15 #undef ELF_HWCAP2
16 #undef ELF_CLASS
17 #undef ELF_DATA
18 #undef ELF_ARCH
19 #endif
20 
21 #define ELF_OSABI   ELFOSABI_SYSV
22 
23 /* from personality.h */
24 
25 /*
26  * Flags for bug emulation.
27  *
28  * These occupy the top three bytes.
29  */
30 enum {
31     ADDR_NO_RANDOMIZE = 0x0040000,      /* disable randomization of VA space */
32     FDPIC_FUNCPTRS =    0x0080000,      /* userspace function ptrs point to
33                                            descriptors (signal handling) */
34     MMAP_PAGE_ZERO =    0x0100000,
35     ADDR_COMPAT_LAYOUT = 0x0200000,
36     READ_IMPLIES_EXEC = 0x0400000,
37     ADDR_LIMIT_32BIT =  0x0800000,
38     SHORT_INODE =       0x1000000,
39     WHOLE_SECONDS =     0x2000000,
40     STICKY_TIMEOUTS =   0x4000000,
41     ADDR_LIMIT_3GB =    0x8000000,
42 };
43 
44 /*
45  * Personality types.
46  *
47  * These go in the low byte.  Avoid using the top bit, it will
48  * conflict with error returns.
49  */
50 enum {
51     PER_LINUX =         0x0000,
52     PER_LINUX_32BIT =   0x0000 | ADDR_LIMIT_32BIT,
53     PER_LINUX_FDPIC =   0x0000 | FDPIC_FUNCPTRS,
54     PER_SVR4 =          0x0001 | STICKY_TIMEOUTS | MMAP_PAGE_ZERO,
55     PER_SVR3 =          0x0002 | STICKY_TIMEOUTS | SHORT_INODE,
56     PER_SCOSVR3 =       0x0003 | STICKY_TIMEOUTS | WHOLE_SECONDS | SHORT_INODE,
57     PER_OSR5 =          0x0003 | STICKY_TIMEOUTS | WHOLE_SECONDS,
58     PER_WYSEV386 =      0x0004 | STICKY_TIMEOUTS | SHORT_INODE,
59     PER_ISCR4 =         0x0005 | STICKY_TIMEOUTS,
60     PER_BSD =           0x0006,
61     PER_SUNOS =         0x0006 | STICKY_TIMEOUTS,
62     PER_XENIX =         0x0007 | STICKY_TIMEOUTS | SHORT_INODE,
63     PER_LINUX32 =       0x0008,
64     PER_LINUX32_3GB =   0x0008 | ADDR_LIMIT_3GB,
65     PER_IRIX32 =        0x0009 | STICKY_TIMEOUTS,/* IRIX5 32-bit */
66     PER_IRIXN32 =       0x000a | STICKY_TIMEOUTS,/* IRIX6 new 32-bit */
67     PER_IRIX64 =        0x000b | STICKY_TIMEOUTS,/* IRIX6 64-bit */
68     PER_RISCOS =        0x000c,
69     PER_SOLARIS =       0x000d | STICKY_TIMEOUTS,
70     PER_UW7 =           0x000e | STICKY_TIMEOUTS | MMAP_PAGE_ZERO,
71     PER_OSF4 =          0x000f,                  /* OSF/1 v4 */
72     PER_HPUX =          0x0010,
73     PER_MASK =          0x00ff,
74 };
75 
76 /*
77  * Return the base personality without flags.
78  */
79 #define personality(pers)       (pers & PER_MASK)
80 
81 /* this flag is uneffective under linux too, should be deleted */
82 #ifndef MAP_DENYWRITE
83 #define MAP_DENYWRITE 0
84 #endif
85 
86 /* should probably go in elf.h */
87 #ifndef ELIBBAD
88 #define ELIBBAD 80
89 #endif
90 
91 #ifdef TARGET_WORDS_BIGENDIAN
92 #define ELF_DATA        ELFDATA2MSB
93 #else
94 #define ELF_DATA        ELFDATA2LSB
95 #endif
96 
97 #ifdef TARGET_ABI_MIPSN32
98 typedef abi_ullong      target_elf_greg_t;
99 #define tswapreg(ptr)   tswap64(ptr)
100 #else
101 typedef abi_ulong       target_elf_greg_t;
102 #define tswapreg(ptr)   tswapal(ptr)
103 #endif
104 
105 #ifdef USE_UID16
106 typedef abi_ushort      target_uid_t;
107 typedef abi_ushort      target_gid_t;
108 #else
109 typedef abi_uint        target_uid_t;
110 typedef abi_uint        target_gid_t;
111 #endif
112 typedef abi_int         target_pid_t;
113 
114 #ifdef TARGET_I386
115 
116 #define ELF_PLATFORM get_elf_platform()
117 
118 static const char *get_elf_platform(void)
119 {
120     static char elf_platform[] = "i386";
121     int family = object_property_get_int(OBJECT(thread_cpu), "family", NULL);
122     if (family > 6)
123         family = 6;
124     if (family >= 3)
125         elf_platform[1] = '0' + family;
126     return elf_platform;
127 }
128 
129 #define ELF_HWCAP get_elf_hwcap()
130 
131 static uint32_t get_elf_hwcap(void)
132 {
133     X86CPU *cpu = X86_CPU(thread_cpu);
134 
135     return cpu->env.features[FEAT_1_EDX];
136 }
137 
138 #ifdef TARGET_X86_64
139 #define ELF_START_MMAP 0x2aaaaab000ULL
140 
141 #define ELF_CLASS      ELFCLASS64
142 #define ELF_ARCH       EM_X86_64
143 
144 static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop)
145 {
146     regs->rax = 0;
147     regs->rsp = infop->start_stack;
148     regs->rip = infop->entry;
149 }
150 
151 #define ELF_NREG    27
152 typedef target_elf_greg_t  target_elf_gregset_t[ELF_NREG];
153 
154 /*
155  * Note that ELF_NREG should be 29 as there should be place for
156  * TRAPNO and ERR "registers" as well but linux doesn't dump
157  * those.
158  *
159  * See linux kernel: arch/x86/include/asm/elf.h
160  */
161 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUX86State *env)
162 {
163     (*regs)[0] = env->regs[15];
164     (*regs)[1] = env->regs[14];
165     (*regs)[2] = env->regs[13];
166     (*regs)[3] = env->regs[12];
167     (*regs)[4] = env->regs[R_EBP];
168     (*regs)[5] = env->regs[R_EBX];
169     (*regs)[6] = env->regs[11];
170     (*regs)[7] = env->regs[10];
171     (*regs)[8] = env->regs[9];
172     (*regs)[9] = env->regs[8];
173     (*regs)[10] = env->regs[R_EAX];
174     (*regs)[11] = env->regs[R_ECX];
175     (*regs)[12] = env->regs[R_EDX];
176     (*regs)[13] = env->regs[R_ESI];
177     (*regs)[14] = env->regs[R_EDI];
178     (*regs)[15] = env->regs[R_EAX]; /* XXX */
179     (*regs)[16] = env->eip;
180     (*regs)[17] = env->segs[R_CS].selector & 0xffff;
181     (*regs)[18] = env->eflags;
182     (*regs)[19] = env->regs[R_ESP];
183     (*regs)[20] = env->segs[R_SS].selector & 0xffff;
184     (*regs)[21] = env->segs[R_FS].selector & 0xffff;
185     (*regs)[22] = env->segs[R_GS].selector & 0xffff;
186     (*regs)[23] = env->segs[R_DS].selector & 0xffff;
187     (*regs)[24] = env->segs[R_ES].selector & 0xffff;
188     (*regs)[25] = env->segs[R_FS].selector & 0xffff;
189     (*regs)[26] = env->segs[R_GS].selector & 0xffff;
190 }
191 
192 #else
193 
194 #define ELF_START_MMAP 0x80000000
195 
196 /*
197  * This is used to ensure we don't load something for the wrong architecture.
198  */
199 #define elf_check_arch(x) ( ((x) == EM_386) || ((x) == EM_486) )
200 
201 /*
202  * These are used to set parameters in the core dumps.
203  */
204 #define ELF_CLASS       ELFCLASS32
205 #define ELF_ARCH        EM_386
206 
207 static inline void init_thread(struct target_pt_regs *regs,
208                                struct image_info *infop)
209 {
210     regs->esp = infop->start_stack;
211     regs->eip = infop->entry;
212 
213     /* SVR4/i386 ABI (pages 3-31, 3-32) says that when the program
214        starts %edx contains a pointer to a function which might be
215        registered using `atexit'.  This provides a mean for the
216        dynamic linker to call DT_FINI functions for shared libraries
217        that have been loaded before the code runs.
218 
219        A value of 0 tells we have no such handler.  */
220     regs->edx = 0;
221 }
222 
223 #define ELF_NREG    17
224 typedef target_elf_greg_t  target_elf_gregset_t[ELF_NREG];
225 
226 /*
227  * Note that ELF_NREG should be 19 as there should be place for
228  * TRAPNO and ERR "registers" as well but linux doesn't dump
229  * those.
230  *
231  * See linux kernel: arch/x86/include/asm/elf.h
232  */
233 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUX86State *env)
234 {
235     (*regs)[0] = env->regs[R_EBX];
236     (*regs)[1] = env->regs[R_ECX];
237     (*regs)[2] = env->regs[R_EDX];
238     (*regs)[3] = env->regs[R_ESI];
239     (*regs)[4] = env->regs[R_EDI];
240     (*regs)[5] = env->regs[R_EBP];
241     (*regs)[6] = env->regs[R_EAX];
242     (*regs)[7] = env->segs[R_DS].selector & 0xffff;
243     (*regs)[8] = env->segs[R_ES].selector & 0xffff;
244     (*regs)[9] = env->segs[R_FS].selector & 0xffff;
245     (*regs)[10] = env->segs[R_GS].selector & 0xffff;
246     (*regs)[11] = env->regs[R_EAX]; /* XXX */
247     (*regs)[12] = env->eip;
248     (*regs)[13] = env->segs[R_CS].selector & 0xffff;
249     (*regs)[14] = env->eflags;
250     (*regs)[15] = env->regs[R_ESP];
251     (*regs)[16] = env->segs[R_SS].selector & 0xffff;
252 }
253 #endif
254 
255 #define USE_ELF_CORE_DUMP
256 #define ELF_EXEC_PAGESIZE       4096
257 
258 #endif
259 
260 #ifdef TARGET_ARM
261 
262 #ifndef TARGET_AARCH64
263 /* 32 bit ARM definitions */
264 
265 #define ELF_START_MMAP 0x80000000
266 
267 #define ELF_ARCH        EM_ARM
268 #define ELF_CLASS       ELFCLASS32
269 
270 static inline void init_thread(struct target_pt_regs *regs,
271                                struct image_info *infop)
272 {
273     abi_long stack = infop->start_stack;
274     memset(regs, 0, sizeof(*regs));
275 
276     regs->uregs[16] = ARM_CPU_MODE_USR;
277     if (infop->entry & 1) {
278         regs->uregs[16] |= CPSR_T;
279     }
280     regs->uregs[15] = infop->entry & 0xfffffffe;
281     regs->uregs[13] = infop->start_stack;
282     /* FIXME - what to for failure of get_user()? */
283     get_user_ual(regs->uregs[2], stack + 8); /* envp */
284     get_user_ual(regs->uregs[1], stack + 4); /* envp */
285     /* XXX: it seems that r0 is zeroed after ! */
286     regs->uregs[0] = 0;
287     /* For uClinux PIC binaries.  */
288     /* XXX: Linux does this only on ARM with no MMU (do we care ?) */
289     regs->uregs[10] = infop->start_data;
290 }
291 
292 #define ELF_NREG    18
293 typedef target_elf_greg_t  target_elf_gregset_t[ELF_NREG];
294 
295 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUARMState *env)
296 {
297     (*regs)[0] = tswapreg(env->regs[0]);
298     (*regs)[1] = tswapreg(env->regs[1]);
299     (*regs)[2] = tswapreg(env->regs[2]);
300     (*regs)[3] = tswapreg(env->regs[3]);
301     (*regs)[4] = tswapreg(env->regs[4]);
302     (*regs)[5] = tswapreg(env->regs[5]);
303     (*regs)[6] = tswapreg(env->regs[6]);
304     (*regs)[7] = tswapreg(env->regs[7]);
305     (*regs)[8] = tswapreg(env->regs[8]);
306     (*regs)[9] = tswapreg(env->regs[9]);
307     (*regs)[10] = tswapreg(env->regs[10]);
308     (*regs)[11] = tswapreg(env->regs[11]);
309     (*regs)[12] = tswapreg(env->regs[12]);
310     (*regs)[13] = tswapreg(env->regs[13]);
311     (*regs)[14] = tswapreg(env->regs[14]);
312     (*regs)[15] = tswapreg(env->regs[15]);
313 
314     (*regs)[16] = tswapreg(cpsr_read((CPUARMState *)env));
315     (*regs)[17] = tswapreg(env->regs[0]); /* XXX */
316 }
317 
318 #define USE_ELF_CORE_DUMP
319 #define ELF_EXEC_PAGESIZE       4096
320 
321 enum
322 {
323     ARM_HWCAP_ARM_SWP       = 1 << 0,
324     ARM_HWCAP_ARM_HALF      = 1 << 1,
325     ARM_HWCAP_ARM_THUMB     = 1 << 2,
326     ARM_HWCAP_ARM_26BIT     = 1 << 3,
327     ARM_HWCAP_ARM_FAST_MULT = 1 << 4,
328     ARM_HWCAP_ARM_FPA       = 1 << 5,
329     ARM_HWCAP_ARM_VFP       = 1 << 6,
330     ARM_HWCAP_ARM_EDSP      = 1 << 7,
331     ARM_HWCAP_ARM_JAVA      = 1 << 8,
332     ARM_HWCAP_ARM_IWMMXT    = 1 << 9,
333     ARM_HWCAP_ARM_CRUNCH    = 1 << 10,
334     ARM_HWCAP_ARM_THUMBEE   = 1 << 11,
335     ARM_HWCAP_ARM_NEON      = 1 << 12,
336     ARM_HWCAP_ARM_VFPv3     = 1 << 13,
337     ARM_HWCAP_ARM_VFPv3D16  = 1 << 14,
338     ARM_HWCAP_ARM_TLS       = 1 << 15,
339     ARM_HWCAP_ARM_VFPv4     = 1 << 16,
340     ARM_HWCAP_ARM_IDIVA     = 1 << 17,
341     ARM_HWCAP_ARM_IDIVT     = 1 << 18,
342     ARM_HWCAP_ARM_VFPD32    = 1 << 19,
343     ARM_HWCAP_ARM_LPAE      = 1 << 20,
344     ARM_HWCAP_ARM_EVTSTRM   = 1 << 21,
345 };
346 
347 enum {
348     ARM_HWCAP2_ARM_AES      = 1 << 0,
349     ARM_HWCAP2_ARM_PMULL    = 1 << 1,
350     ARM_HWCAP2_ARM_SHA1     = 1 << 2,
351     ARM_HWCAP2_ARM_SHA2     = 1 << 3,
352     ARM_HWCAP2_ARM_CRC32    = 1 << 4,
353 };
354 
355 /* The commpage only exists for 32 bit kernels */
356 
357 #define TARGET_HAS_VALIDATE_GUEST_SPACE
358 /* Return 1 if the proposed guest space is suitable for the guest.
359  * Return 0 if the proposed guest space isn't suitable, but another
360  * address space should be tried.
361  * Return -1 if there is no way the proposed guest space can be
362  * valid regardless of the base.
363  * The guest code may leave a page mapped and populate it if the
364  * address is suitable.
365  */
366 static int validate_guest_space(unsigned long guest_base,
367                                 unsigned long guest_size)
368 {
369     unsigned long real_start, test_page_addr;
370 
371     /* We need to check that we can force a fault on access to the
372      * commpage at 0xffff0fxx
373      */
374     test_page_addr = guest_base + (0xffff0f00 & qemu_host_page_mask);
375 
376     /* If the commpage lies within the already allocated guest space,
377      * then there is no way we can allocate it.
378      */
379     if (test_page_addr >= guest_base
380         && test_page_addr <= (guest_base + guest_size)) {
381         return -1;
382     }
383 
384     /* Note it needs to be writeable to let us initialise it */
385     real_start = (unsigned long)
386                  mmap((void *)test_page_addr, qemu_host_page_size,
387                      PROT_READ | PROT_WRITE,
388                      MAP_ANONYMOUS | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
389 
390     /* If we can't map it then try another address */
391     if (real_start == -1ul) {
392         return 0;
393     }
394 
395     if (real_start != test_page_addr) {
396         /* OS didn't put the page where we asked - unmap and reject */
397         munmap((void *)real_start, qemu_host_page_size);
398         return 0;
399     }
400 
401     /* Leave the page mapped
402      * Populate it (mmap should have left it all 0'd)
403      */
404 
405     /* Kernel helper versions */
406     __put_user(5, (uint32_t *)g2h(0xffff0ffcul));
407 
408     /* Now it's populated make it RO */
409     if (mprotect((void *)test_page_addr, qemu_host_page_size, PROT_READ)) {
410         perror("Protecting guest commpage");
411         exit(-1);
412     }
413 
414     return 1; /* All good */
415 }
416 
417 #define ELF_HWCAP get_elf_hwcap()
418 #define ELF_HWCAP2 get_elf_hwcap2()
419 
420 static uint32_t get_elf_hwcap(void)
421 {
422     ARMCPU *cpu = ARM_CPU(thread_cpu);
423     uint32_t hwcaps = 0;
424 
425     hwcaps |= ARM_HWCAP_ARM_SWP;
426     hwcaps |= ARM_HWCAP_ARM_HALF;
427     hwcaps |= ARM_HWCAP_ARM_THUMB;
428     hwcaps |= ARM_HWCAP_ARM_FAST_MULT;
429 
430     /* probe for the extra features */
431 #define GET_FEATURE(feat, hwcap) \
432     do { if (arm_feature(&cpu->env, feat)) { hwcaps |= hwcap; } } while (0)
433     /* EDSP is in v5TE and above, but all our v5 CPUs are v5TE */
434     GET_FEATURE(ARM_FEATURE_V5, ARM_HWCAP_ARM_EDSP);
435     GET_FEATURE(ARM_FEATURE_VFP, ARM_HWCAP_ARM_VFP);
436     GET_FEATURE(ARM_FEATURE_IWMMXT, ARM_HWCAP_ARM_IWMMXT);
437     GET_FEATURE(ARM_FEATURE_THUMB2EE, ARM_HWCAP_ARM_THUMBEE);
438     GET_FEATURE(ARM_FEATURE_NEON, ARM_HWCAP_ARM_NEON);
439     GET_FEATURE(ARM_FEATURE_VFP3, ARM_HWCAP_ARM_VFPv3);
440     GET_FEATURE(ARM_FEATURE_V6K, ARM_HWCAP_ARM_TLS);
441     GET_FEATURE(ARM_FEATURE_VFP4, ARM_HWCAP_ARM_VFPv4);
442     GET_FEATURE(ARM_FEATURE_ARM_DIV, ARM_HWCAP_ARM_IDIVA);
443     GET_FEATURE(ARM_FEATURE_THUMB_DIV, ARM_HWCAP_ARM_IDIVT);
444     /* All QEMU's VFPv3 CPUs have 32 registers, see VFP_DREG in translate.c.
445      * Note that the ARM_HWCAP_ARM_VFPv3D16 bit is always the inverse of
446      * ARM_HWCAP_ARM_VFPD32 (and so always clear for QEMU); it is unrelated
447      * to our VFP_FP16 feature bit.
448      */
449     GET_FEATURE(ARM_FEATURE_VFP3, ARM_HWCAP_ARM_VFPD32);
450     GET_FEATURE(ARM_FEATURE_LPAE, ARM_HWCAP_ARM_LPAE);
451 
452     return hwcaps;
453 }
454 
455 static uint32_t get_elf_hwcap2(void)
456 {
457     ARMCPU *cpu = ARM_CPU(thread_cpu);
458     uint32_t hwcaps = 0;
459 
460     GET_FEATURE(ARM_FEATURE_V8_AES, ARM_HWCAP2_ARM_AES);
461     GET_FEATURE(ARM_FEATURE_V8_PMULL, ARM_HWCAP2_ARM_PMULL);
462     GET_FEATURE(ARM_FEATURE_V8_SHA1, ARM_HWCAP2_ARM_SHA1);
463     GET_FEATURE(ARM_FEATURE_V8_SHA256, ARM_HWCAP2_ARM_SHA2);
464     GET_FEATURE(ARM_FEATURE_CRC, ARM_HWCAP2_ARM_CRC32);
465     return hwcaps;
466 }
467 
468 #undef GET_FEATURE
469 
470 #else
471 /* 64 bit ARM definitions */
472 #define ELF_START_MMAP 0x80000000
473 
474 #define ELF_ARCH        EM_AARCH64
475 #define ELF_CLASS       ELFCLASS64
476 #define ELF_PLATFORM    "aarch64"
477 
478 static inline void init_thread(struct target_pt_regs *regs,
479                                struct image_info *infop)
480 {
481     abi_long stack = infop->start_stack;
482     memset(regs, 0, sizeof(*regs));
483 
484     regs->pc = infop->entry & ~0x3ULL;
485     regs->sp = stack;
486 }
487 
488 #define ELF_NREG    34
489 typedef target_elf_greg_t  target_elf_gregset_t[ELF_NREG];
490 
491 static void elf_core_copy_regs(target_elf_gregset_t *regs,
492                                const CPUARMState *env)
493 {
494     int i;
495 
496     for (i = 0; i < 32; i++) {
497         (*regs)[i] = tswapreg(env->xregs[i]);
498     }
499     (*regs)[32] = tswapreg(env->pc);
500     (*regs)[33] = tswapreg(pstate_read((CPUARMState *)env));
501 }
502 
503 #define USE_ELF_CORE_DUMP
504 #define ELF_EXEC_PAGESIZE       4096
505 
506 enum {
507     ARM_HWCAP_A64_FP            = 1 << 0,
508     ARM_HWCAP_A64_ASIMD         = 1 << 1,
509     ARM_HWCAP_A64_EVTSTRM       = 1 << 2,
510     ARM_HWCAP_A64_AES           = 1 << 3,
511     ARM_HWCAP_A64_PMULL         = 1 << 4,
512     ARM_HWCAP_A64_SHA1          = 1 << 5,
513     ARM_HWCAP_A64_SHA2          = 1 << 6,
514     ARM_HWCAP_A64_CRC32         = 1 << 7,
515 };
516 
517 #define ELF_HWCAP get_elf_hwcap()
518 
519 static uint32_t get_elf_hwcap(void)
520 {
521     ARMCPU *cpu = ARM_CPU(thread_cpu);
522     uint32_t hwcaps = 0;
523 
524     hwcaps |= ARM_HWCAP_A64_FP;
525     hwcaps |= ARM_HWCAP_A64_ASIMD;
526 
527     /* probe for the extra features */
528 #define GET_FEATURE(feat, hwcap) \
529     do { if (arm_feature(&cpu->env, feat)) { hwcaps |= hwcap; } } while (0)
530     GET_FEATURE(ARM_FEATURE_V8_AES, ARM_HWCAP_A64_AES);
531     GET_FEATURE(ARM_FEATURE_V8_PMULL, ARM_HWCAP_A64_PMULL);
532     GET_FEATURE(ARM_FEATURE_V8_SHA1, ARM_HWCAP_A64_SHA1);
533     GET_FEATURE(ARM_FEATURE_V8_SHA256, ARM_HWCAP_A64_SHA2);
534     GET_FEATURE(ARM_FEATURE_CRC, ARM_HWCAP_A64_CRC32);
535 #undef GET_FEATURE
536 
537     return hwcaps;
538 }
539 
540 #endif /* not TARGET_AARCH64 */
541 #endif /* TARGET_ARM */
542 
543 #ifdef TARGET_UNICORE32
544 
545 #define ELF_START_MMAP          0x80000000
546 
547 #define ELF_CLASS               ELFCLASS32
548 #define ELF_DATA                ELFDATA2LSB
549 #define ELF_ARCH                EM_UNICORE32
550 
551 static inline void init_thread(struct target_pt_regs *regs,
552         struct image_info *infop)
553 {
554     abi_long stack = infop->start_stack;
555     memset(regs, 0, sizeof(*regs));
556     regs->UC32_REG_asr = 0x10;
557     regs->UC32_REG_pc = infop->entry & 0xfffffffe;
558     regs->UC32_REG_sp = infop->start_stack;
559     /* FIXME - what to for failure of get_user()? */
560     get_user_ual(regs->UC32_REG_02, stack + 8); /* envp */
561     get_user_ual(regs->UC32_REG_01, stack + 4); /* envp */
562     /* XXX: it seems that r0 is zeroed after ! */
563     regs->UC32_REG_00 = 0;
564 }
565 
566 #define ELF_NREG    34
567 typedef target_elf_greg_t  target_elf_gregset_t[ELF_NREG];
568 
569 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUUniCore32State *env)
570 {
571     (*regs)[0] = env->regs[0];
572     (*regs)[1] = env->regs[1];
573     (*regs)[2] = env->regs[2];
574     (*regs)[3] = env->regs[3];
575     (*regs)[4] = env->regs[4];
576     (*regs)[5] = env->regs[5];
577     (*regs)[6] = env->regs[6];
578     (*regs)[7] = env->regs[7];
579     (*regs)[8] = env->regs[8];
580     (*regs)[9] = env->regs[9];
581     (*regs)[10] = env->regs[10];
582     (*regs)[11] = env->regs[11];
583     (*regs)[12] = env->regs[12];
584     (*regs)[13] = env->regs[13];
585     (*regs)[14] = env->regs[14];
586     (*regs)[15] = env->regs[15];
587     (*regs)[16] = env->regs[16];
588     (*regs)[17] = env->regs[17];
589     (*regs)[18] = env->regs[18];
590     (*regs)[19] = env->regs[19];
591     (*regs)[20] = env->regs[20];
592     (*regs)[21] = env->regs[21];
593     (*regs)[22] = env->regs[22];
594     (*regs)[23] = env->regs[23];
595     (*regs)[24] = env->regs[24];
596     (*regs)[25] = env->regs[25];
597     (*regs)[26] = env->regs[26];
598     (*regs)[27] = env->regs[27];
599     (*regs)[28] = env->regs[28];
600     (*regs)[29] = env->regs[29];
601     (*regs)[30] = env->regs[30];
602     (*regs)[31] = env->regs[31];
603 
604     (*regs)[32] = cpu_asr_read((CPUUniCore32State *)env);
605     (*regs)[33] = env->regs[0]; /* XXX */
606 }
607 
608 #define USE_ELF_CORE_DUMP
609 #define ELF_EXEC_PAGESIZE               4096
610 
611 #define ELF_HWCAP                       (UC32_HWCAP_CMOV | UC32_HWCAP_UCF64)
612 
613 #endif
614 
615 #ifdef TARGET_SPARC
616 #ifdef TARGET_SPARC64
617 
618 #define ELF_START_MMAP 0x80000000
619 #define ELF_HWCAP  (HWCAP_SPARC_FLUSH | HWCAP_SPARC_STBAR | HWCAP_SPARC_SWAP \
620                     | HWCAP_SPARC_MULDIV | HWCAP_SPARC_V9)
621 #ifndef TARGET_ABI32
622 #define elf_check_arch(x) ( (x) == EM_SPARCV9 || (x) == EM_SPARC32PLUS )
623 #else
624 #define elf_check_arch(x) ( (x) == EM_SPARC32PLUS || (x) == EM_SPARC )
625 #endif
626 
627 #define ELF_CLASS   ELFCLASS64
628 #define ELF_ARCH    EM_SPARCV9
629 
630 #define STACK_BIAS              2047
631 
632 static inline void init_thread(struct target_pt_regs *regs,
633                                struct image_info *infop)
634 {
635 #ifndef TARGET_ABI32
636     regs->tstate = 0;
637 #endif
638     regs->pc = infop->entry;
639     regs->npc = regs->pc + 4;
640     regs->y = 0;
641 #ifdef TARGET_ABI32
642     regs->u_regs[14] = infop->start_stack - 16 * 4;
643 #else
644     if (personality(infop->personality) == PER_LINUX32)
645         regs->u_regs[14] = infop->start_stack - 16 * 4;
646     else
647         regs->u_regs[14] = infop->start_stack - 16 * 8 - STACK_BIAS;
648 #endif
649 }
650 
651 #else
652 #define ELF_START_MMAP 0x80000000
653 #define ELF_HWCAP  (HWCAP_SPARC_FLUSH | HWCAP_SPARC_STBAR | HWCAP_SPARC_SWAP \
654                     | HWCAP_SPARC_MULDIV)
655 
656 #define ELF_CLASS   ELFCLASS32
657 #define ELF_ARCH    EM_SPARC
658 
659 static inline void init_thread(struct target_pt_regs *regs,
660                                struct image_info *infop)
661 {
662     regs->psr = 0;
663     regs->pc = infop->entry;
664     regs->npc = regs->pc + 4;
665     regs->y = 0;
666     regs->u_regs[14] = infop->start_stack - 16 * 4;
667 }
668 
669 #endif
670 #endif
671 
672 #ifdef TARGET_PPC
673 
674 #define ELF_MACHINE    PPC_ELF_MACHINE
675 #define ELF_START_MMAP 0x80000000
676 
677 #if defined(TARGET_PPC64) && !defined(TARGET_ABI32)
678 
679 #define elf_check_arch(x) ( (x) == EM_PPC64 )
680 
681 #define ELF_CLASS       ELFCLASS64
682 
683 #else
684 
685 #define ELF_CLASS       ELFCLASS32
686 
687 #endif
688 
689 #define ELF_ARCH        EM_PPC
690 
691 /* Feature masks for the Aux Vector Hardware Capabilities (AT_HWCAP).
692    See arch/powerpc/include/asm/cputable.h.  */
693 enum {
694     QEMU_PPC_FEATURE_32 = 0x80000000,
695     QEMU_PPC_FEATURE_64 = 0x40000000,
696     QEMU_PPC_FEATURE_601_INSTR = 0x20000000,
697     QEMU_PPC_FEATURE_HAS_ALTIVEC = 0x10000000,
698     QEMU_PPC_FEATURE_HAS_FPU = 0x08000000,
699     QEMU_PPC_FEATURE_HAS_MMU = 0x04000000,
700     QEMU_PPC_FEATURE_HAS_4xxMAC = 0x02000000,
701     QEMU_PPC_FEATURE_UNIFIED_CACHE = 0x01000000,
702     QEMU_PPC_FEATURE_HAS_SPE = 0x00800000,
703     QEMU_PPC_FEATURE_HAS_EFP_SINGLE = 0x00400000,
704     QEMU_PPC_FEATURE_HAS_EFP_DOUBLE = 0x00200000,
705     QEMU_PPC_FEATURE_NO_TB = 0x00100000,
706     QEMU_PPC_FEATURE_POWER4 = 0x00080000,
707     QEMU_PPC_FEATURE_POWER5 = 0x00040000,
708     QEMU_PPC_FEATURE_POWER5_PLUS = 0x00020000,
709     QEMU_PPC_FEATURE_CELL = 0x00010000,
710     QEMU_PPC_FEATURE_BOOKE = 0x00008000,
711     QEMU_PPC_FEATURE_SMT = 0x00004000,
712     QEMU_PPC_FEATURE_ICACHE_SNOOP = 0x00002000,
713     QEMU_PPC_FEATURE_ARCH_2_05 = 0x00001000,
714     QEMU_PPC_FEATURE_PA6T = 0x00000800,
715     QEMU_PPC_FEATURE_HAS_DFP = 0x00000400,
716     QEMU_PPC_FEATURE_POWER6_EXT = 0x00000200,
717     QEMU_PPC_FEATURE_ARCH_2_06 = 0x00000100,
718     QEMU_PPC_FEATURE_HAS_VSX = 0x00000080,
719     QEMU_PPC_FEATURE_PSERIES_PERFMON_COMPAT = 0x00000040,
720 
721     QEMU_PPC_FEATURE_TRUE_LE = 0x00000002,
722     QEMU_PPC_FEATURE_PPC_LE = 0x00000001,
723 
724     /* Feature definitions in AT_HWCAP2.  */
725     QEMU_PPC_FEATURE2_ARCH_2_07 = 0x80000000, /* ISA 2.07 */
726     QEMU_PPC_FEATURE2_HAS_HTM = 0x40000000, /* Hardware Transactional Memory */
727     QEMU_PPC_FEATURE2_HAS_DSCR = 0x20000000, /* Data Stream Control Register */
728     QEMU_PPC_FEATURE2_HAS_EBB = 0x10000000, /* Event Base Branching */
729     QEMU_PPC_FEATURE2_HAS_ISEL = 0x08000000, /* Integer Select */
730     QEMU_PPC_FEATURE2_HAS_TAR = 0x04000000, /* Target Address Register */
731 };
732 
733 #define ELF_HWCAP get_elf_hwcap()
734 
735 static uint32_t get_elf_hwcap(void)
736 {
737     PowerPCCPU *cpu = POWERPC_CPU(thread_cpu);
738     uint32_t features = 0;
739 
740     /* We don't have to be terribly complete here; the high points are
741        Altivec/FP/SPE support.  Anything else is just a bonus.  */
742 #define GET_FEATURE(flag, feature)                                      \
743     do { if (cpu->env.insns_flags & flag) { features |= feature; } } while (0)
744 #define GET_FEATURE2(flags, feature) \
745     do { \
746         if ((cpu->env.insns_flags2 & flags) == flags) { \
747             features |= feature; \
748         } \
749     } while (0)
750     GET_FEATURE(PPC_64B, QEMU_PPC_FEATURE_64);
751     GET_FEATURE(PPC_FLOAT, QEMU_PPC_FEATURE_HAS_FPU);
752     GET_FEATURE(PPC_ALTIVEC, QEMU_PPC_FEATURE_HAS_ALTIVEC);
753     GET_FEATURE(PPC_SPE, QEMU_PPC_FEATURE_HAS_SPE);
754     GET_FEATURE(PPC_SPE_SINGLE, QEMU_PPC_FEATURE_HAS_EFP_SINGLE);
755     GET_FEATURE(PPC_SPE_DOUBLE, QEMU_PPC_FEATURE_HAS_EFP_DOUBLE);
756     GET_FEATURE(PPC_BOOKE, QEMU_PPC_FEATURE_BOOKE);
757     GET_FEATURE(PPC_405_MAC, QEMU_PPC_FEATURE_HAS_4xxMAC);
758     GET_FEATURE2(PPC2_DFP, QEMU_PPC_FEATURE_HAS_DFP);
759     GET_FEATURE2(PPC2_VSX, QEMU_PPC_FEATURE_HAS_VSX);
760     GET_FEATURE2((PPC2_PERM_ISA206 | PPC2_DIVE_ISA206 | PPC2_ATOMIC_ISA206 |
761                   PPC2_FP_CVT_ISA206 | PPC2_FP_TST_ISA206),
762                   QEMU_PPC_FEATURE_ARCH_2_06);
763 #undef GET_FEATURE
764 #undef GET_FEATURE2
765 
766     return features;
767 }
768 
769 #define ELF_HWCAP2 get_elf_hwcap2()
770 
771 static uint32_t get_elf_hwcap2(void)
772 {
773     PowerPCCPU *cpu = POWERPC_CPU(thread_cpu);
774     uint32_t features = 0;
775 
776 #define GET_FEATURE(flag, feature)                                      \
777     do { if (cpu->env.insns_flags & flag) { features |= feature; } } while (0)
778 #define GET_FEATURE2(flag, feature)                                      \
779     do { if (cpu->env.insns_flags2 & flag) { features |= feature; } } while (0)
780 
781     GET_FEATURE(PPC_ISEL, QEMU_PPC_FEATURE2_HAS_ISEL);
782     GET_FEATURE2(PPC2_BCTAR_ISA207, QEMU_PPC_FEATURE2_HAS_TAR);
783     GET_FEATURE2((PPC2_BCTAR_ISA207 | PPC2_LSQ_ISA207 | PPC2_ALTIVEC_207 |
784                   PPC2_ISA207S), QEMU_PPC_FEATURE2_ARCH_2_07);
785 
786 #undef GET_FEATURE
787 #undef GET_FEATURE2
788 
789     return features;
790 }
791 
792 /*
793  * The requirements here are:
794  * - keep the final alignment of sp (sp & 0xf)
795  * - make sure the 32-bit value at the first 16 byte aligned position of
796  *   AUXV is greater than 16 for glibc compatibility.
797  *   AT_IGNOREPPC is used for that.
798  * - for compatibility with glibc ARCH_DLINFO must always be defined on PPC,
799  *   even if DLINFO_ARCH_ITEMS goes to zero or is undefined.
800  */
801 #define DLINFO_ARCH_ITEMS       5
802 #define ARCH_DLINFO                                     \
803     do {                                                \
804         PowerPCCPU *cpu = POWERPC_CPU(thread_cpu);              \
805         NEW_AUX_ENT(AT_DCACHEBSIZE, cpu->env.dcache_line_size); \
806         NEW_AUX_ENT(AT_ICACHEBSIZE, cpu->env.icache_line_size); \
807         NEW_AUX_ENT(AT_UCACHEBSIZE, 0);                 \
808         /*                                              \
809          * Now handle glibc compatibility.              \
810          */                                             \
811         NEW_AUX_ENT(AT_IGNOREPPC, AT_IGNOREPPC);        \
812         NEW_AUX_ENT(AT_IGNOREPPC, AT_IGNOREPPC);        \
813     } while (0)
814 
815 static inline void init_thread(struct target_pt_regs *_regs, struct image_info *infop)
816 {
817     _regs->gpr[1] = infop->start_stack;
818 #if defined(TARGET_PPC64) && !defined(TARGET_ABI32)
819     if (get_ppc64_abi(infop) < 2) {
820         uint64_t val;
821         get_user_u64(val, infop->entry + 8);
822         _regs->gpr[2] = val + infop->load_bias;
823         get_user_u64(val, infop->entry);
824         infop->entry = val + infop->load_bias;
825     } else {
826         _regs->gpr[12] = infop->entry;  /* r12 set to global entry address */
827     }
828 #endif
829     _regs->nip = infop->entry;
830 }
831 
832 /* See linux kernel: arch/powerpc/include/asm/elf.h.  */
833 #define ELF_NREG 48
834 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
835 
836 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUPPCState *env)
837 {
838     int i;
839     target_ulong ccr = 0;
840 
841     for (i = 0; i < ARRAY_SIZE(env->gpr); i++) {
842         (*regs)[i] = tswapreg(env->gpr[i]);
843     }
844 
845     (*regs)[32] = tswapreg(env->nip);
846     (*regs)[33] = tswapreg(env->msr);
847     (*regs)[35] = tswapreg(env->ctr);
848     (*regs)[36] = tswapreg(env->lr);
849     (*regs)[37] = tswapreg(env->xer);
850 
851     for (i = 0; i < ARRAY_SIZE(env->crf); i++) {
852         ccr |= env->crf[i] << (32 - ((i + 1) * 4));
853     }
854     (*regs)[38] = tswapreg(ccr);
855 }
856 
857 #define USE_ELF_CORE_DUMP
858 #define ELF_EXEC_PAGESIZE       4096
859 
860 #endif
861 
862 #ifdef TARGET_MIPS
863 
864 #define ELF_START_MMAP 0x80000000
865 
866 #ifdef TARGET_MIPS64
867 #define ELF_CLASS   ELFCLASS64
868 #else
869 #define ELF_CLASS   ELFCLASS32
870 #endif
871 #define ELF_ARCH    EM_MIPS
872 
873 static inline void init_thread(struct target_pt_regs *regs,
874                                struct image_info *infop)
875 {
876     regs->cp0_status = 2 << CP0St_KSU;
877     regs->cp0_epc = infop->entry;
878     regs->regs[29] = infop->start_stack;
879 }
880 
881 /* See linux kernel: arch/mips/include/asm/elf.h.  */
882 #define ELF_NREG 45
883 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
884 
885 /* See linux kernel: arch/mips/include/asm/reg.h.  */
886 enum {
887 #ifdef TARGET_MIPS64
888     TARGET_EF_R0 = 0,
889 #else
890     TARGET_EF_R0 = 6,
891 #endif
892     TARGET_EF_R26 = TARGET_EF_R0 + 26,
893     TARGET_EF_R27 = TARGET_EF_R0 + 27,
894     TARGET_EF_LO = TARGET_EF_R0 + 32,
895     TARGET_EF_HI = TARGET_EF_R0 + 33,
896     TARGET_EF_CP0_EPC = TARGET_EF_R0 + 34,
897     TARGET_EF_CP0_BADVADDR = TARGET_EF_R0 + 35,
898     TARGET_EF_CP0_STATUS = TARGET_EF_R0 + 36,
899     TARGET_EF_CP0_CAUSE = TARGET_EF_R0 + 37
900 };
901 
902 /* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs.  */
903 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUMIPSState *env)
904 {
905     int i;
906 
907     for (i = 0; i < TARGET_EF_R0; i++) {
908         (*regs)[i] = 0;
909     }
910     (*regs)[TARGET_EF_R0] = 0;
911 
912     for (i = 1; i < ARRAY_SIZE(env->active_tc.gpr); i++) {
913         (*regs)[TARGET_EF_R0 + i] = tswapreg(env->active_tc.gpr[i]);
914     }
915 
916     (*regs)[TARGET_EF_R26] = 0;
917     (*regs)[TARGET_EF_R27] = 0;
918     (*regs)[TARGET_EF_LO] = tswapreg(env->active_tc.LO[0]);
919     (*regs)[TARGET_EF_HI] = tswapreg(env->active_tc.HI[0]);
920     (*regs)[TARGET_EF_CP0_EPC] = tswapreg(env->active_tc.PC);
921     (*regs)[TARGET_EF_CP0_BADVADDR] = tswapreg(env->CP0_BadVAddr);
922     (*regs)[TARGET_EF_CP0_STATUS] = tswapreg(env->CP0_Status);
923     (*regs)[TARGET_EF_CP0_CAUSE] = tswapreg(env->CP0_Cause);
924 }
925 
926 #define USE_ELF_CORE_DUMP
927 #define ELF_EXEC_PAGESIZE        4096
928 
929 #endif /* TARGET_MIPS */
930 
931 #ifdef TARGET_MICROBLAZE
932 
933 #define ELF_START_MMAP 0x80000000
934 
935 #define elf_check_arch(x) ( (x) == EM_MICROBLAZE || (x) == EM_MICROBLAZE_OLD)
936 
937 #define ELF_CLASS   ELFCLASS32
938 #define ELF_ARCH    EM_MICROBLAZE
939 
940 static inline void init_thread(struct target_pt_regs *regs,
941                                struct image_info *infop)
942 {
943     regs->pc = infop->entry;
944     regs->r1 = infop->start_stack;
945 
946 }
947 
948 #define ELF_EXEC_PAGESIZE        4096
949 
950 #define USE_ELF_CORE_DUMP
951 #define ELF_NREG 38
952 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
953 
954 /* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs.  */
955 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUMBState *env)
956 {
957     int i, pos = 0;
958 
959     for (i = 0; i < 32; i++) {
960         (*regs)[pos++] = tswapreg(env->regs[i]);
961     }
962 
963     for (i = 0; i < 6; i++) {
964         (*regs)[pos++] = tswapreg(env->sregs[i]);
965     }
966 }
967 
968 #endif /* TARGET_MICROBLAZE */
969 
970 #ifdef TARGET_OPENRISC
971 
972 #define ELF_START_MMAP 0x08000000
973 
974 #define ELF_ARCH EM_OPENRISC
975 #define ELF_CLASS ELFCLASS32
976 #define ELF_DATA  ELFDATA2MSB
977 
978 static inline void init_thread(struct target_pt_regs *regs,
979                                struct image_info *infop)
980 {
981     regs->pc = infop->entry;
982     regs->gpr[1] = infop->start_stack;
983 }
984 
985 #define USE_ELF_CORE_DUMP
986 #define ELF_EXEC_PAGESIZE 8192
987 
988 /* See linux kernel arch/openrisc/include/asm/elf.h.  */
989 #define ELF_NREG 34 /* gprs and pc, sr */
990 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
991 
992 static void elf_core_copy_regs(target_elf_gregset_t *regs,
993                                const CPUOpenRISCState *env)
994 {
995     int i;
996 
997     for (i = 0; i < 32; i++) {
998         (*regs)[i] = tswapreg(env->gpr[i]);
999     }
1000 
1001     (*regs)[32] = tswapreg(env->pc);
1002     (*regs)[33] = tswapreg(env->sr);
1003 }
1004 #define ELF_HWCAP 0
1005 #define ELF_PLATFORM NULL
1006 
1007 #endif /* TARGET_OPENRISC */
1008 
1009 #ifdef TARGET_SH4
1010 
1011 #define ELF_START_MMAP 0x80000000
1012 
1013 #define ELF_CLASS ELFCLASS32
1014 #define ELF_ARCH  EM_SH
1015 
1016 static inline void init_thread(struct target_pt_regs *regs,
1017                                struct image_info *infop)
1018 {
1019     /* Check other registers XXXXX */
1020     regs->pc = infop->entry;
1021     regs->regs[15] = infop->start_stack;
1022 }
1023 
1024 /* See linux kernel: arch/sh/include/asm/elf.h.  */
1025 #define ELF_NREG 23
1026 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
1027 
1028 /* See linux kernel: arch/sh/include/asm/ptrace.h.  */
1029 enum {
1030     TARGET_REG_PC = 16,
1031     TARGET_REG_PR = 17,
1032     TARGET_REG_SR = 18,
1033     TARGET_REG_GBR = 19,
1034     TARGET_REG_MACH = 20,
1035     TARGET_REG_MACL = 21,
1036     TARGET_REG_SYSCALL = 22
1037 };
1038 
1039 static inline void elf_core_copy_regs(target_elf_gregset_t *regs,
1040                                       const CPUSH4State *env)
1041 {
1042     int i;
1043 
1044     for (i = 0; i < 16; i++) {
1045         (*regs[i]) = tswapreg(env->gregs[i]);
1046     }
1047 
1048     (*regs)[TARGET_REG_PC] = tswapreg(env->pc);
1049     (*regs)[TARGET_REG_PR] = tswapreg(env->pr);
1050     (*regs)[TARGET_REG_SR] = tswapreg(env->sr);
1051     (*regs)[TARGET_REG_GBR] = tswapreg(env->gbr);
1052     (*regs)[TARGET_REG_MACH] = tswapreg(env->mach);
1053     (*regs)[TARGET_REG_MACL] = tswapreg(env->macl);
1054     (*regs)[TARGET_REG_SYSCALL] = 0; /* FIXME */
1055 }
1056 
1057 #define USE_ELF_CORE_DUMP
1058 #define ELF_EXEC_PAGESIZE        4096
1059 
1060 enum {
1061     SH_CPU_HAS_FPU            = 0x0001, /* Hardware FPU support */
1062     SH_CPU_HAS_P2_FLUSH_BUG   = 0x0002, /* Need to flush the cache in P2 area */
1063     SH_CPU_HAS_MMU_PAGE_ASSOC = 0x0004, /* SH3: TLB way selection bit support */
1064     SH_CPU_HAS_DSP            = 0x0008, /* SH-DSP: DSP support */
1065     SH_CPU_HAS_PERF_COUNTER   = 0x0010, /* Hardware performance counters */
1066     SH_CPU_HAS_PTEA           = 0x0020, /* PTEA register */
1067     SH_CPU_HAS_LLSC           = 0x0040, /* movli.l/movco.l */
1068     SH_CPU_HAS_L2_CACHE       = 0x0080, /* Secondary cache / URAM */
1069     SH_CPU_HAS_OP32           = 0x0100, /* 32-bit instruction support */
1070     SH_CPU_HAS_PTEAEX         = 0x0200, /* PTE ASID Extension support */
1071 };
1072 
1073 #define ELF_HWCAP get_elf_hwcap()
1074 
1075 static uint32_t get_elf_hwcap(void)
1076 {
1077     SuperHCPU *cpu = SUPERH_CPU(thread_cpu);
1078     uint32_t hwcap = 0;
1079 
1080     hwcap |= SH_CPU_HAS_FPU;
1081 
1082     if (cpu->env.features & SH_FEATURE_SH4A) {
1083         hwcap |= SH_CPU_HAS_LLSC;
1084     }
1085 
1086     return hwcap;
1087 }
1088 
1089 #endif
1090 
1091 #ifdef TARGET_CRIS
1092 
1093 #define ELF_START_MMAP 0x80000000
1094 
1095 #define ELF_CLASS ELFCLASS32
1096 #define ELF_ARCH  EM_CRIS
1097 
1098 static inline void init_thread(struct target_pt_regs *regs,
1099                                struct image_info *infop)
1100 {
1101     regs->erp = infop->entry;
1102 }
1103 
1104 #define ELF_EXEC_PAGESIZE        8192
1105 
1106 #endif
1107 
1108 #ifdef TARGET_M68K
1109 
1110 #define ELF_START_MMAP 0x80000000
1111 
1112 #define ELF_CLASS       ELFCLASS32
1113 #define ELF_ARCH        EM_68K
1114 
1115 /* ??? Does this need to do anything?
1116    #define ELF_PLAT_INIT(_r) */
1117 
1118 static inline void init_thread(struct target_pt_regs *regs,
1119                                struct image_info *infop)
1120 {
1121     regs->usp = infop->start_stack;
1122     regs->sr = 0;
1123     regs->pc = infop->entry;
1124 }
1125 
1126 /* See linux kernel: arch/m68k/include/asm/elf.h.  */
1127 #define ELF_NREG 20
1128 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
1129 
1130 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUM68KState *env)
1131 {
1132     (*regs)[0] = tswapreg(env->dregs[1]);
1133     (*regs)[1] = tswapreg(env->dregs[2]);
1134     (*regs)[2] = tswapreg(env->dregs[3]);
1135     (*regs)[3] = tswapreg(env->dregs[4]);
1136     (*regs)[4] = tswapreg(env->dregs[5]);
1137     (*regs)[5] = tswapreg(env->dregs[6]);
1138     (*regs)[6] = tswapreg(env->dregs[7]);
1139     (*regs)[7] = tswapreg(env->aregs[0]);
1140     (*regs)[8] = tswapreg(env->aregs[1]);
1141     (*regs)[9] = tswapreg(env->aregs[2]);
1142     (*regs)[10] = tswapreg(env->aregs[3]);
1143     (*regs)[11] = tswapreg(env->aregs[4]);
1144     (*regs)[12] = tswapreg(env->aregs[5]);
1145     (*regs)[13] = tswapreg(env->aregs[6]);
1146     (*regs)[14] = tswapreg(env->dregs[0]);
1147     (*regs)[15] = tswapreg(env->aregs[7]);
1148     (*regs)[16] = tswapreg(env->dregs[0]); /* FIXME: orig_d0 */
1149     (*regs)[17] = tswapreg(env->sr);
1150     (*regs)[18] = tswapreg(env->pc);
1151     (*regs)[19] = 0;  /* FIXME: regs->format | regs->vector */
1152 }
1153 
1154 #define USE_ELF_CORE_DUMP
1155 #define ELF_EXEC_PAGESIZE       8192
1156 
1157 #endif
1158 
1159 #ifdef TARGET_ALPHA
1160 
1161 #define ELF_START_MMAP (0x30000000000ULL)
1162 
1163 #define ELF_CLASS      ELFCLASS64
1164 #define ELF_ARCH       EM_ALPHA
1165 
1166 static inline void init_thread(struct target_pt_regs *regs,
1167                                struct image_info *infop)
1168 {
1169     regs->pc = infop->entry;
1170     regs->ps = 8;
1171     regs->usp = infop->start_stack;
1172 }
1173 
1174 #define ELF_EXEC_PAGESIZE        8192
1175 
1176 #endif /* TARGET_ALPHA */
1177 
1178 #ifdef TARGET_S390X
1179 
1180 #define ELF_START_MMAP (0x20000000000ULL)
1181 
1182 #define ELF_CLASS	ELFCLASS64
1183 #define ELF_DATA	ELFDATA2MSB
1184 #define ELF_ARCH	EM_S390
1185 
1186 static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop)
1187 {
1188     regs->psw.addr = infop->entry;
1189     regs->psw.mask = PSW_MASK_64 | PSW_MASK_32;
1190     regs->gprs[15] = infop->start_stack;
1191 }
1192 
1193 #endif /* TARGET_S390X */
1194 
1195 #ifdef TARGET_TILEGX
1196 
1197 /* 42 bits real used address, a half for user mode */
1198 #define ELF_START_MMAP (0x00000020000000000ULL)
1199 
1200 #define elf_check_arch(x) ((x) == EM_TILEGX)
1201 
1202 #define ELF_CLASS   ELFCLASS64
1203 #define ELF_DATA    ELFDATA2LSB
1204 #define ELF_ARCH    EM_TILEGX
1205 
1206 static inline void init_thread(struct target_pt_regs *regs,
1207                                struct image_info *infop)
1208 {
1209     regs->pc = infop->entry;
1210     regs->sp = infop->start_stack;
1211 
1212 }
1213 
1214 #define ELF_EXEC_PAGESIZE        65536 /* TILE-Gx page size is 64KB */
1215 
1216 #endif /* TARGET_TILEGX */
1217 
1218 #ifdef TARGET_HPPA
1219 
1220 #define ELF_START_MMAP  0x80000000
1221 #define ELF_CLASS       ELFCLASS32
1222 #define ELF_ARCH        EM_PARISC
1223 #define ELF_PLATFORM    "PARISC"
1224 #define STACK_GROWS_DOWN 0
1225 #define STACK_ALIGNMENT  64
1226 
1227 static inline void init_thread(struct target_pt_regs *regs,
1228                                struct image_info *infop)
1229 {
1230     regs->iaoq[0] = infop->entry;
1231     regs->iaoq[1] = infop->entry + 4;
1232     regs->gr[23] = 0;
1233     regs->gr[24] = infop->arg_start;
1234     regs->gr[25] = (infop->arg_end - infop->arg_start) / sizeof(abi_ulong);
1235     /* The top-of-stack contains a linkage buffer.  */
1236     regs->gr[30] = infop->start_stack + 64;
1237     regs->gr[31] = infop->entry;
1238 }
1239 
1240 #endif /* TARGET_HPPA */
1241 
1242 #ifndef ELF_PLATFORM
1243 #define ELF_PLATFORM (NULL)
1244 #endif
1245 
1246 #ifndef ELF_MACHINE
1247 #define ELF_MACHINE ELF_ARCH
1248 #endif
1249 
1250 #ifndef elf_check_arch
1251 #define elf_check_arch(x) ((x) == ELF_ARCH)
1252 #endif
1253 
1254 #ifndef ELF_HWCAP
1255 #define ELF_HWCAP 0
1256 #endif
1257 
1258 #ifndef STACK_GROWS_DOWN
1259 #define STACK_GROWS_DOWN 1
1260 #endif
1261 
1262 #ifndef STACK_ALIGNMENT
1263 #define STACK_ALIGNMENT 16
1264 #endif
1265 
1266 #ifdef TARGET_ABI32
1267 #undef ELF_CLASS
1268 #define ELF_CLASS ELFCLASS32
1269 #undef bswaptls
1270 #define bswaptls(ptr) bswap32s(ptr)
1271 #endif
1272 
1273 #include "elf.h"
1274 
1275 struct exec
1276 {
1277     unsigned int a_info;   /* Use macros N_MAGIC, etc for access */
1278     unsigned int a_text;   /* length of text, in bytes */
1279     unsigned int a_data;   /* length of data, in bytes */
1280     unsigned int a_bss;    /* length of uninitialized data area, in bytes */
1281     unsigned int a_syms;   /* length of symbol table data in file, in bytes */
1282     unsigned int a_entry;  /* start address */
1283     unsigned int a_trsize; /* length of relocation info for text, in bytes */
1284     unsigned int a_drsize; /* length of relocation info for data, in bytes */
1285 };
1286 
1287 
1288 #define N_MAGIC(exec) ((exec).a_info & 0xffff)
1289 #define OMAGIC 0407
1290 #define NMAGIC 0410
1291 #define ZMAGIC 0413
1292 #define QMAGIC 0314
1293 
1294 /* Necessary parameters */
1295 #define TARGET_ELF_EXEC_PAGESIZE TARGET_PAGE_SIZE
1296 #define TARGET_ELF_PAGESTART(_v) ((_v) & \
1297                                  ~(abi_ulong)(TARGET_ELF_EXEC_PAGESIZE-1))
1298 #define TARGET_ELF_PAGEOFFSET(_v) ((_v) & (TARGET_ELF_EXEC_PAGESIZE-1))
1299 
1300 #define DLINFO_ITEMS 14
1301 
1302 static inline void memcpy_fromfs(void * to, const void * from, unsigned long n)
1303 {
1304     memcpy(to, from, n);
1305 }
1306 
1307 #ifdef BSWAP_NEEDED
1308 static void bswap_ehdr(struct elfhdr *ehdr)
1309 {
1310     bswap16s(&ehdr->e_type);            /* Object file type */
1311     bswap16s(&ehdr->e_machine);         /* Architecture */
1312     bswap32s(&ehdr->e_version);         /* Object file version */
1313     bswaptls(&ehdr->e_entry);           /* Entry point virtual address */
1314     bswaptls(&ehdr->e_phoff);           /* Program header table file offset */
1315     bswaptls(&ehdr->e_shoff);           /* Section header table file offset */
1316     bswap32s(&ehdr->e_flags);           /* Processor-specific flags */
1317     bswap16s(&ehdr->e_ehsize);          /* ELF header size in bytes */
1318     bswap16s(&ehdr->e_phentsize);       /* Program header table entry size */
1319     bswap16s(&ehdr->e_phnum);           /* Program header table entry count */
1320     bswap16s(&ehdr->e_shentsize);       /* Section header table entry size */
1321     bswap16s(&ehdr->e_shnum);           /* Section header table entry count */
1322     bswap16s(&ehdr->e_shstrndx);        /* Section header string table index */
1323 }
1324 
1325 static void bswap_phdr(struct elf_phdr *phdr, int phnum)
1326 {
1327     int i;
1328     for (i = 0; i < phnum; ++i, ++phdr) {
1329         bswap32s(&phdr->p_type);        /* Segment type */
1330         bswap32s(&phdr->p_flags);       /* Segment flags */
1331         bswaptls(&phdr->p_offset);      /* Segment file offset */
1332         bswaptls(&phdr->p_vaddr);       /* Segment virtual address */
1333         bswaptls(&phdr->p_paddr);       /* Segment physical address */
1334         bswaptls(&phdr->p_filesz);      /* Segment size in file */
1335         bswaptls(&phdr->p_memsz);       /* Segment size in memory */
1336         bswaptls(&phdr->p_align);       /* Segment alignment */
1337     }
1338 }
1339 
1340 static void bswap_shdr(struct elf_shdr *shdr, int shnum)
1341 {
1342     int i;
1343     for (i = 0; i < shnum; ++i, ++shdr) {
1344         bswap32s(&shdr->sh_name);
1345         bswap32s(&shdr->sh_type);
1346         bswaptls(&shdr->sh_flags);
1347         bswaptls(&shdr->sh_addr);
1348         bswaptls(&shdr->sh_offset);
1349         bswaptls(&shdr->sh_size);
1350         bswap32s(&shdr->sh_link);
1351         bswap32s(&shdr->sh_info);
1352         bswaptls(&shdr->sh_addralign);
1353         bswaptls(&shdr->sh_entsize);
1354     }
1355 }
1356 
1357 static void bswap_sym(struct elf_sym *sym)
1358 {
1359     bswap32s(&sym->st_name);
1360     bswaptls(&sym->st_value);
1361     bswaptls(&sym->st_size);
1362     bswap16s(&sym->st_shndx);
1363 }
1364 #else
1365 static inline void bswap_ehdr(struct elfhdr *ehdr) { }
1366 static inline void bswap_phdr(struct elf_phdr *phdr, int phnum) { }
1367 static inline void bswap_shdr(struct elf_shdr *shdr, int shnum) { }
1368 static inline void bswap_sym(struct elf_sym *sym) { }
1369 #endif
1370 
1371 #ifdef USE_ELF_CORE_DUMP
1372 static int elf_core_dump(int, const CPUArchState *);
1373 #endif /* USE_ELF_CORE_DUMP */
1374 static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias);
1375 
1376 /* Verify the portions of EHDR within E_IDENT for the target.
1377    This can be performed before bswapping the entire header.  */
1378 static bool elf_check_ident(struct elfhdr *ehdr)
1379 {
1380     return (ehdr->e_ident[EI_MAG0] == ELFMAG0
1381             && ehdr->e_ident[EI_MAG1] == ELFMAG1
1382             && ehdr->e_ident[EI_MAG2] == ELFMAG2
1383             && ehdr->e_ident[EI_MAG3] == ELFMAG3
1384             && ehdr->e_ident[EI_CLASS] == ELF_CLASS
1385             && ehdr->e_ident[EI_DATA] == ELF_DATA
1386             && ehdr->e_ident[EI_VERSION] == EV_CURRENT);
1387 }
1388 
1389 /* Verify the portions of EHDR outside of E_IDENT for the target.
1390    This has to wait until after bswapping the header.  */
1391 static bool elf_check_ehdr(struct elfhdr *ehdr)
1392 {
1393     return (elf_check_arch(ehdr->e_machine)
1394             && ehdr->e_ehsize == sizeof(struct elfhdr)
1395             && ehdr->e_phentsize == sizeof(struct elf_phdr)
1396             && (ehdr->e_type == ET_EXEC || ehdr->e_type == ET_DYN));
1397 }
1398 
1399 /*
1400  * 'copy_elf_strings()' copies argument/envelope strings from user
1401  * memory to free pages in kernel mem. These are in a format ready
1402  * to be put directly into the top of new user memory.
1403  *
1404  */
1405 static abi_ulong copy_elf_strings(int argc, char **argv, char *scratch,
1406                                   abi_ulong p, abi_ulong stack_limit)
1407 {
1408     char *tmp;
1409     int len, i;
1410     abi_ulong top = p;
1411 
1412     if (!p) {
1413         return 0;       /* bullet-proofing */
1414     }
1415 
1416     if (STACK_GROWS_DOWN) {
1417         int offset = ((p - 1) % TARGET_PAGE_SIZE) + 1;
1418         for (i = argc - 1; i >= 0; --i) {
1419             tmp = argv[i];
1420             if (!tmp) {
1421                 fprintf(stderr, "VFS: argc is wrong");
1422                 exit(-1);
1423             }
1424             len = strlen(tmp) + 1;
1425             tmp += len;
1426 
1427             if (len > (p - stack_limit)) {
1428                 return 0;
1429             }
1430             while (len) {
1431                 int bytes_to_copy = (len > offset) ? offset : len;
1432                 tmp -= bytes_to_copy;
1433                 p -= bytes_to_copy;
1434                 offset -= bytes_to_copy;
1435                 len -= bytes_to_copy;
1436 
1437                 memcpy_fromfs(scratch + offset, tmp, bytes_to_copy);
1438 
1439                 if (offset == 0) {
1440                     memcpy_to_target(p, scratch, top - p);
1441                     top = p;
1442                     offset = TARGET_PAGE_SIZE;
1443                 }
1444             }
1445         }
1446         if (p != top) {
1447             memcpy_to_target(p, scratch + offset, top - p);
1448         }
1449     } else {
1450         int remaining = TARGET_PAGE_SIZE - (p % TARGET_PAGE_SIZE);
1451         for (i = 0; i < argc; ++i) {
1452             tmp = argv[i];
1453             if (!tmp) {
1454                 fprintf(stderr, "VFS: argc is wrong");
1455                 exit(-1);
1456             }
1457             len = strlen(tmp) + 1;
1458             if (len > (stack_limit - p)) {
1459                 return 0;
1460             }
1461             while (len) {
1462                 int bytes_to_copy = (len > remaining) ? remaining : len;
1463 
1464                 memcpy_fromfs(scratch + (p - top), tmp, bytes_to_copy);
1465 
1466                 tmp += bytes_to_copy;
1467                 remaining -= bytes_to_copy;
1468                 p += bytes_to_copy;
1469                 len -= bytes_to_copy;
1470 
1471                 if (remaining == 0) {
1472                     memcpy_to_target(top, scratch, p - top);
1473                     top = p;
1474                     remaining = TARGET_PAGE_SIZE;
1475                 }
1476             }
1477         }
1478         if (p != top) {
1479             memcpy_to_target(top, scratch, p - top);
1480         }
1481     }
1482 
1483     return p;
1484 }
1485 
1486 /* Older linux kernels provide up to MAX_ARG_PAGES (default: 32) of
1487  * argument/environment space. Newer kernels (>2.6.33) allow more,
1488  * dependent on stack size, but guarantee at least 32 pages for
1489  * backwards compatibility.
1490  */
1491 #define STACK_LOWER_LIMIT (32 * TARGET_PAGE_SIZE)
1492 
1493 static abi_ulong setup_arg_pages(struct linux_binprm *bprm,
1494                                  struct image_info *info)
1495 {
1496     abi_ulong size, error, guard;
1497 
1498     size = guest_stack_size;
1499     if (size < STACK_LOWER_LIMIT) {
1500         size = STACK_LOWER_LIMIT;
1501     }
1502     guard = TARGET_PAGE_SIZE;
1503     if (guard < qemu_real_host_page_size) {
1504         guard = qemu_real_host_page_size;
1505     }
1506 
1507     error = target_mmap(0, size + guard, PROT_READ | PROT_WRITE,
1508                         MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
1509     if (error == -1) {
1510         perror("mmap stack");
1511         exit(-1);
1512     }
1513 
1514     /* We reserve one extra page at the top of the stack as guard.  */
1515     if (STACK_GROWS_DOWN) {
1516         target_mprotect(error, guard, PROT_NONE);
1517         info->stack_limit = error + guard;
1518         return info->stack_limit + size - sizeof(void *);
1519     } else {
1520         target_mprotect(error + size, guard, PROT_NONE);
1521         info->stack_limit = error + size;
1522         return error;
1523     }
1524 }
1525 
1526 /* Map and zero the bss.  We need to explicitly zero any fractional pages
1527    after the data section (i.e. bss).  */
1528 static void zero_bss(abi_ulong elf_bss, abi_ulong last_bss, int prot)
1529 {
1530     uintptr_t host_start, host_map_start, host_end;
1531 
1532     last_bss = TARGET_PAGE_ALIGN(last_bss);
1533 
1534     /* ??? There is confusion between qemu_real_host_page_size and
1535        qemu_host_page_size here and elsewhere in target_mmap, which
1536        may lead to the end of the data section mapping from the file
1537        not being mapped.  At least there was an explicit test and
1538        comment for that here, suggesting that "the file size must
1539        be known".  The comment probably pre-dates the introduction
1540        of the fstat system call in target_mmap which does in fact
1541        find out the size.  What isn't clear is if the workaround
1542        here is still actually needed.  For now, continue with it,
1543        but merge it with the "normal" mmap that would allocate the bss.  */
1544 
1545     host_start = (uintptr_t) g2h(elf_bss);
1546     host_end = (uintptr_t) g2h(last_bss);
1547     host_map_start = REAL_HOST_PAGE_ALIGN(host_start);
1548 
1549     if (host_map_start < host_end) {
1550         void *p = mmap((void *)host_map_start, host_end - host_map_start,
1551                        prot, MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
1552         if (p == MAP_FAILED) {
1553             perror("cannot mmap brk");
1554             exit(-1);
1555         }
1556     }
1557 
1558     /* Ensure that the bss page(s) are valid */
1559     if ((page_get_flags(last_bss-1) & prot) != prot) {
1560         page_set_flags(elf_bss & TARGET_PAGE_MASK, last_bss, prot | PAGE_VALID);
1561     }
1562 
1563     if (host_start < host_map_start) {
1564         memset((void *)host_start, 0, host_map_start - host_start);
1565     }
1566 }
1567 
1568 #ifdef CONFIG_USE_FDPIC
1569 static abi_ulong loader_build_fdpic_loadmap(struct image_info *info, abi_ulong sp)
1570 {
1571     uint16_t n;
1572     struct elf32_fdpic_loadseg *loadsegs = info->loadsegs;
1573 
1574     /* elf32_fdpic_loadseg */
1575     n = info->nsegs;
1576     while (n--) {
1577         sp -= 12;
1578         put_user_u32(loadsegs[n].addr, sp+0);
1579         put_user_u32(loadsegs[n].p_vaddr, sp+4);
1580         put_user_u32(loadsegs[n].p_memsz, sp+8);
1581     }
1582 
1583     /* elf32_fdpic_loadmap */
1584     sp -= 4;
1585     put_user_u16(0, sp+0); /* version */
1586     put_user_u16(info->nsegs, sp+2); /* nsegs */
1587 
1588     info->personality = PER_LINUX_FDPIC;
1589     info->loadmap_addr = sp;
1590 
1591     return sp;
1592 }
1593 #endif
1594 
1595 static abi_ulong create_elf_tables(abi_ulong p, int argc, int envc,
1596                                    struct elfhdr *exec,
1597                                    struct image_info *info,
1598                                    struct image_info *interp_info)
1599 {
1600     abi_ulong sp;
1601     abi_ulong u_argc, u_argv, u_envp, u_auxv;
1602     int size;
1603     int i;
1604     abi_ulong u_rand_bytes;
1605     uint8_t k_rand_bytes[16];
1606     abi_ulong u_platform;
1607     const char *k_platform;
1608     const int n = sizeof(elf_addr_t);
1609 
1610     sp = p;
1611 
1612 #ifdef CONFIG_USE_FDPIC
1613     /* Needs to be before we load the env/argc/... */
1614     if (elf_is_fdpic(exec)) {
1615         /* Need 4 byte alignment for these structs */
1616         sp &= ~3;
1617         sp = loader_build_fdpic_loadmap(info, sp);
1618         info->other_info = interp_info;
1619         if (interp_info) {
1620             interp_info->other_info = info;
1621             sp = loader_build_fdpic_loadmap(interp_info, sp);
1622         }
1623     }
1624 #endif
1625 
1626     u_platform = 0;
1627     k_platform = ELF_PLATFORM;
1628     if (k_platform) {
1629         size_t len = strlen(k_platform) + 1;
1630         if (STACK_GROWS_DOWN) {
1631             sp -= (len + n - 1) & ~(n - 1);
1632             u_platform = sp;
1633             /* FIXME - check return value of memcpy_to_target() for failure */
1634             memcpy_to_target(sp, k_platform, len);
1635         } else {
1636             memcpy_to_target(sp, k_platform, len);
1637             u_platform = sp;
1638             sp += len + 1;
1639         }
1640     }
1641 
1642     /* Provide 16 byte alignment for the PRNG, and basic alignment for
1643      * the argv and envp pointers.
1644      */
1645     if (STACK_GROWS_DOWN) {
1646         sp = QEMU_ALIGN_DOWN(sp, 16);
1647     } else {
1648         sp = QEMU_ALIGN_UP(sp, 16);
1649     }
1650 
1651     /*
1652      * Generate 16 random bytes for userspace PRNG seeding (not
1653      * cryptically secure but it's not the aim of QEMU).
1654      */
1655     for (i = 0; i < 16; i++) {
1656         k_rand_bytes[i] = rand();
1657     }
1658     if (STACK_GROWS_DOWN) {
1659         sp -= 16;
1660         u_rand_bytes = sp;
1661         /* FIXME - check return value of memcpy_to_target() for failure */
1662         memcpy_to_target(sp, k_rand_bytes, 16);
1663     } else {
1664         memcpy_to_target(sp, k_rand_bytes, 16);
1665         u_rand_bytes = sp;
1666         sp += 16;
1667     }
1668 
1669     size = (DLINFO_ITEMS + 1) * 2;
1670     if (k_platform)
1671         size += 2;
1672 #ifdef DLINFO_ARCH_ITEMS
1673     size += DLINFO_ARCH_ITEMS * 2;
1674 #endif
1675 #ifdef ELF_HWCAP2
1676     size += 2;
1677 #endif
1678     size += envc + argc + 2;
1679     size += 1;  /* argc itself */
1680     size *= n;
1681 
1682     /* Allocate space and finalize stack alignment for entry now.  */
1683     if (STACK_GROWS_DOWN) {
1684         u_argc = QEMU_ALIGN_DOWN(sp - size, STACK_ALIGNMENT);
1685         sp = u_argc;
1686     } else {
1687         u_argc = sp;
1688         sp = QEMU_ALIGN_UP(sp + size, STACK_ALIGNMENT);
1689     }
1690 
1691     u_argv = u_argc + n;
1692     u_envp = u_argv + (argc + 1) * n;
1693     u_auxv = u_envp + (envc + 1) * n;
1694     info->saved_auxv = u_auxv;
1695     info->arg_start = u_argv;
1696     info->arg_end = u_argv + argc * n;
1697 
1698     /* This is correct because Linux defines
1699      * elf_addr_t as Elf32_Off / Elf64_Off
1700      */
1701 #define NEW_AUX_ENT(id, val) do {               \
1702         put_user_ual(id, u_auxv);  u_auxv += n; \
1703         put_user_ual(val, u_auxv); u_auxv += n; \
1704     } while(0)
1705 
1706     /* There must be exactly DLINFO_ITEMS entries here.  */
1707     NEW_AUX_ENT(AT_PHDR, (abi_ulong)(info->load_addr + exec->e_phoff));
1708     NEW_AUX_ENT(AT_PHENT, (abi_ulong)(sizeof (struct elf_phdr)));
1709     NEW_AUX_ENT(AT_PHNUM, (abi_ulong)(exec->e_phnum));
1710     NEW_AUX_ENT(AT_PAGESZ, (abi_ulong)(MAX(TARGET_PAGE_SIZE, getpagesize())));
1711     NEW_AUX_ENT(AT_BASE, (abi_ulong)(interp_info ? interp_info->load_addr : 0));
1712     NEW_AUX_ENT(AT_FLAGS, (abi_ulong)0);
1713     NEW_AUX_ENT(AT_ENTRY, info->entry);
1714     NEW_AUX_ENT(AT_UID, (abi_ulong) getuid());
1715     NEW_AUX_ENT(AT_EUID, (abi_ulong) geteuid());
1716     NEW_AUX_ENT(AT_GID, (abi_ulong) getgid());
1717     NEW_AUX_ENT(AT_EGID, (abi_ulong) getegid());
1718     NEW_AUX_ENT(AT_HWCAP, (abi_ulong) ELF_HWCAP);
1719     NEW_AUX_ENT(AT_CLKTCK, (abi_ulong) sysconf(_SC_CLK_TCK));
1720     NEW_AUX_ENT(AT_RANDOM, (abi_ulong) u_rand_bytes);
1721 
1722 #ifdef ELF_HWCAP2
1723     NEW_AUX_ENT(AT_HWCAP2, (abi_ulong) ELF_HWCAP2);
1724 #endif
1725 
1726     if (u_platform) {
1727         NEW_AUX_ENT(AT_PLATFORM, u_platform);
1728     }
1729 #ifdef ARCH_DLINFO
1730     /*
1731      * ARCH_DLINFO must come last so platform specific code can enforce
1732      * special alignment requirements on the AUXV if necessary (eg. PPC).
1733      */
1734     ARCH_DLINFO;
1735 #endif
1736     NEW_AUX_ENT (AT_NULL, 0);
1737 #undef NEW_AUX_ENT
1738 
1739     info->auxv_len = u_argv - info->saved_auxv;
1740 
1741     put_user_ual(argc, u_argc);
1742 
1743     p = info->arg_strings;
1744     for (i = 0; i < argc; ++i) {
1745         put_user_ual(p, u_argv);
1746         u_argv += n;
1747         p += target_strlen(p) + 1;
1748     }
1749     put_user_ual(0, u_argv);
1750 
1751     p = info->env_strings;
1752     for (i = 0; i < envc; ++i) {
1753         put_user_ual(p, u_envp);
1754         u_envp += n;
1755         p += target_strlen(p) + 1;
1756     }
1757     put_user_ual(0, u_envp);
1758 
1759     return sp;
1760 }
1761 
1762 #ifndef TARGET_HAS_VALIDATE_GUEST_SPACE
1763 /* If the guest doesn't have a validation function just agree */
1764 static int validate_guest_space(unsigned long guest_base,
1765                                 unsigned long guest_size)
1766 {
1767     return 1;
1768 }
1769 #endif
1770 
1771 unsigned long init_guest_space(unsigned long host_start,
1772                                unsigned long host_size,
1773                                unsigned long guest_start,
1774                                bool fixed)
1775 {
1776     unsigned long current_start, real_start;
1777     int flags;
1778 
1779     assert(host_start || host_size);
1780 
1781     /* If just a starting address is given, then just verify that
1782      * address.  */
1783     if (host_start && !host_size) {
1784         if (validate_guest_space(host_start, host_size) == 1) {
1785             return host_start;
1786         } else {
1787             return (unsigned long)-1;
1788         }
1789     }
1790 
1791     /* Setup the initial flags and start address.  */
1792     current_start = host_start & qemu_host_page_mask;
1793     flags = MAP_ANONYMOUS | MAP_PRIVATE | MAP_NORESERVE;
1794     if (fixed) {
1795         flags |= MAP_FIXED;
1796     }
1797 
1798     /* Otherwise, a non-zero size region of memory needs to be mapped
1799      * and validated.  */
1800     while (1) {
1801         unsigned long real_size = host_size;
1802 
1803         /* Do not use mmap_find_vma here because that is limited to the
1804          * guest address space.  We are going to make the
1805          * guest address space fit whatever we're given.
1806          */
1807         real_start = (unsigned long)
1808             mmap((void *)current_start, host_size, PROT_NONE, flags, -1, 0);
1809         if (real_start == (unsigned long)-1) {
1810             return (unsigned long)-1;
1811         }
1812 
1813         /* Ensure the address is properly aligned.  */
1814         if (real_start & ~qemu_host_page_mask) {
1815             munmap((void *)real_start, host_size);
1816             real_size = host_size + qemu_host_page_size;
1817             real_start = (unsigned long)
1818                 mmap((void *)real_start, real_size, PROT_NONE, flags, -1, 0);
1819             if (real_start == (unsigned long)-1) {
1820                 return (unsigned long)-1;
1821             }
1822             real_start = HOST_PAGE_ALIGN(real_start);
1823         }
1824 
1825         /* Check to see if the address is valid.  */
1826         if (!host_start || real_start == current_start) {
1827             int valid = validate_guest_space(real_start - guest_start,
1828                                              real_size);
1829             if (valid == 1) {
1830                 break;
1831             } else if (valid == -1) {
1832                 return (unsigned long)-1;
1833             }
1834             /* valid == 0, so try again. */
1835         }
1836 
1837         /* That address didn't work.  Unmap and try a different one.
1838          * The address the host picked because is typically right at
1839          * the top of the host address space and leaves the guest with
1840          * no usable address space.  Resort to a linear search.  We
1841          * already compensated for mmap_min_addr, so this should not
1842          * happen often.  Probably means we got unlucky and host
1843          * address space randomization put a shared library somewhere
1844          * inconvenient.
1845          */
1846         munmap((void *)real_start, host_size);
1847         current_start += qemu_host_page_size;
1848         if (host_start == current_start) {
1849             /* Theoretically possible if host doesn't have any suitably
1850              * aligned areas.  Normally the first mmap will fail.
1851              */
1852             return (unsigned long)-1;
1853         }
1854     }
1855 
1856     qemu_log_mask(CPU_LOG_PAGE, "Reserved 0x%lx bytes of guest address space\n", host_size);
1857 
1858     return real_start;
1859 }
1860 
1861 static void probe_guest_base(const char *image_name,
1862                              abi_ulong loaddr, abi_ulong hiaddr)
1863 {
1864     /* Probe for a suitable guest base address, if the user has not set
1865      * it explicitly, and set guest_base appropriately.
1866      * In case of error we will print a suitable message and exit.
1867      */
1868     const char *errmsg;
1869     if (!have_guest_base && !reserved_va) {
1870         unsigned long host_start, real_start, host_size;
1871 
1872         /* Round addresses to page boundaries.  */
1873         loaddr &= qemu_host_page_mask;
1874         hiaddr = HOST_PAGE_ALIGN(hiaddr);
1875 
1876         if (loaddr < mmap_min_addr) {
1877             host_start = HOST_PAGE_ALIGN(mmap_min_addr);
1878         } else {
1879             host_start = loaddr;
1880             if (host_start != loaddr) {
1881                 errmsg = "Address overflow loading ELF binary";
1882                 goto exit_errmsg;
1883             }
1884         }
1885         host_size = hiaddr - loaddr;
1886 
1887         /* Setup the initial guest memory space with ranges gleaned from
1888          * the ELF image that is being loaded.
1889          */
1890         real_start = init_guest_space(host_start, host_size, loaddr, false);
1891         if (real_start == (unsigned long)-1) {
1892             errmsg = "Unable to find space for application";
1893             goto exit_errmsg;
1894         }
1895         guest_base = real_start - loaddr;
1896 
1897         qemu_log_mask(CPU_LOG_PAGE, "Relocating guest address space from 0x"
1898                       TARGET_ABI_FMT_lx " to 0x%lx\n",
1899                       loaddr, real_start);
1900     }
1901     return;
1902 
1903 exit_errmsg:
1904     fprintf(stderr, "%s: %s\n", image_name, errmsg);
1905     exit(-1);
1906 }
1907 
1908 
1909 /* Load an ELF image into the address space.
1910 
1911    IMAGE_NAME is the filename of the image, to use in error messages.
1912    IMAGE_FD is the open file descriptor for the image.
1913 
1914    BPRM_BUF is a copy of the beginning of the file; this of course
1915    contains the elf file header at offset 0.  It is assumed that this
1916    buffer is sufficiently aligned to present no problems to the host
1917    in accessing data at aligned offsets within the buffer.
1918 
1919    On return: INFO values will be filled in, as necessary or available.  */
1920 
1921 static void load_elf_image(const char *image_name, int image_fd,
1922                            struct image_info *info, char **pinterp_name,
1923                            char bprm_buf[BPRM_BUF_SIZE])
1924 {
1925     struct elfhdr *ehdr = (struct elfhdr *)bprm_buf;
1926     struct elf_phdr *phdr;
1927     abi_ulong load_addr, load_bias, loaddr, hiaddr, error;
1928     int i, retval;
1929     const char *errmsg;
1930 
1931     /* First of all, some simple consistency checks */
1932     errmsg = "Invalid ELF image for this architecture";
1933     if (!elf_check_ident(ehdr)) {
1934         goto exit_errmsg;
1935     }
1936     bswap_ehdr(ehdr);
1937     if (!elf_check_ehdr(ehdr)) {
1938         goto exit_errmsg;
1939     }
1940 
1941     i = ehdr->e_phnum * sizeof(struct elf_phdr);
1942     if (ehdr->e_phoff + i <= BPRM_BUF_SIZE) {
1943         phdr = (struct elf_phdr *)(bprm_buf + ehdr->e_phoff);
1944     } else {
1945         phdr = (struct elf_phdr *) alloca(i);
1946         retval = pread(image_fd, phdr, i, ehdr->e_phoff);
1947         if (retval != i) {
1948             goto exit_read;
1949         }
1950     }
1951     bswap_phdr(phdr, ehdr->e_phnum);
1952 
1953 #ifdef CONFIG_USE_FDPIC
1954     info->nsegs = 0;
1955     info->pt_dynamic_addr = 0;
1956 #endif
1957 
1958     mmap_lock();
1959 
1960     /* Find the maximum size of the image and allocate an appropriate
1961        amount of memory to handle that.  */
1962     loaddr = -1, hiaddr = 0;
1963     for (i = 0; i < ehdr->e_phnum; ++i) {
1964         if (phdr[i].p_type == PT_LOAD) {
1965             abi_ulong a = phdr[i].p_vaddr - phdr[i].p_offset;
1966             if (a < loaddr) {
1967                 loaddr = a;
1968             }
1969             a = phdr[i].p_vaddr + phdr[i].p_memsz;
1970             if (a > hiaddr) {
1971                 hiaddr = a;
1972             }
1973 #ifdef CONFIG_USE_FDPIC
1974             ++info->nsegs;
1975 #endif
1976         }
1977     }
1978 
1979     load_addr = loaddr;
1980     if (ehdr->e_type == ET_DYN) {
1981         /* The image indicates that it can be loaded anywhere.  Find a
1982            location that can hold the memory space required.  If the
1983            image is pre-linked, LOADDR will be non-zero.  Since we do
1984            not supply MAP_FIXED here we'll use that address if and
1985            only if it remains available.  */
1986         load_addr = target_mmap(loaddr, hiaddr - loaddr, PROT_NONE,
1987                                 MAP_PRIVATE | MAP_ANON | MAP_NORESERVE,
1988                                 -1, 0);
1989         if (load_addr == -1) {
1990             goto exit_perror;
1991         }
1992     } else if (pinterp_name != NULL) {
1993         /* This is the main executable.  Make sure that the low
1994            address does not conflict with MMAP_MIN_ADDR or the
1995            QEMU application itself.  */
1996         probe_guest_base(image_name, loaddr, hiaddr);
1997     }
1998     load_bias = load_addr - loaddr;
1999 
2000 #ifdef CONFIG_USE_FDPIC
2001     {
2002         struct elf32_fdpic_loadseg *loadsegs = info->loadsegs =
2003             g_malloc(sizeof(*loadsegs) * info->nsegs);
2004 
2005         for (i = 0; i < ehdr->e_phnum; ++i) {
2006             switch (phdr[i].p_type) {
2007             case PT_DYNAMIC:
2008                 info->pt_dynamic_addr = phdr[i].p_vaddr + load_bias;
2009                 break;
2010             case PT_LOAD:
2011                 loadsegs->addr = phdr[i].p_vaddr + load_bias;
2012                 loadsegs->p_vaddr = phdr[i].p_vaddr;
2013                 loadsegs->p_memsz = phdr[i].p_memsz;
2014                 ++loadsegs;
2015                 break;
2016             }
2017         }
2018     }
2019 #endif
2020 
2021     info->load_bias = load_bias;
2022     info->load_addr = load_addr;
2023     info->entry = ehdr->e_entry + load_bias;
2024     info->start_code = -1;
2025     info->end_code = 0;
2026     info->start_data = -1;
2027     info->end_data = 0;
2028     info->brk = 0;
2029     info->elf_flags = ehdr->e_flags;
2030 
2031     for (i = 0; i < ehdr->e_phnum; i++) {
2032         struct elf_phdr *eppnt = phdr + i;
2033         if (eppnt->p_type == PT_LOAD) {
2034             abi_ulong vaddr, vaddr_po, vaddr_ps, vaddr_ef, vaddr_em;
2035             int elf_prot = 0;
2036 
2037             if (eppnt->p_flags & PF_R) elf_prot =  PROT_READ;
2038             if (eppnt->p_flags & PF_W) elf_prot |= PROT_WRITE;
2039             if (eppnt->p_flags & PF_X) elf_prot |= PROT_EXEC;
2040 
2041             vaddr = load_bias + eppnt->p_vaddr;
2042             vaddr_po = TARGET_ELF_PAGEOFFSET(vaddr);
2043             vaddr_ps = TARGET_ELF_PAGESTART(vaddr);
2044 
2045             error = target_mmap(vaddr_ps, eppnt->p_filesz + vaddr_po,
2046                                 elf_prot, MAP_PRIVATE | MAP_FIXED,
2047                                 image_fd, eppnt->p_offset - vaddr_po);
2048             if (error == -1) {
2049                 goto exit_perror;
2050             }
2051 
2052             vaddr_ef = vaddr + eppnt->p_filesz;
2053             vaddr_em = vaddr + eppnt->p_memsz;
2054 
2055             /* If the load segment requests extra zeros (e.g. bss), map it.  */
2056             if (vaddr_ef < vaddr_em) {
2057                 zero_bss(vaddr_ef, vaddr_em, elf_prot);
2058             }
2059 
2060             /* Find the full program boundaries.  */
2061             if (elf_prot & PROT_EXEC) {
2062                 if (vaddr < info->start_code) {
2063                     info->start_code = vaddr;
2064                 }
2065                 if (vaddr_ef > info->end_code) {
2066                     info->end_code = vaddr_ef;
2067                 }
2068             }
2069             if (elf_prot & PROT_WRITE) {
2070                 if (vaddr < info->start_data) {
2071                     info->start_data = vaddr;
2072                 }
2073                 if (vaddr_ef > info->end_data) {
2074                     info->end_data = vaddr_ef;
2075                 }
2076                 if (vaddr_em > info->brk) {
2077                     info->brk = vaddr_em;
2078                 }
2079             }
2080         } else if (eppnt->p_type == PT_INTERP && pinterp_name) {
2081             char *interp_name;
2082 
2083             if (*pinterp_name) {
2084                 errmsg = "Multiple PT_INTERP entries";
2085                 goto exit_errmsg;
2086             }
2087             interp_name = malloc(eppnt->p_filesz);
2088             if (!interp_name) {
2089                 goto exit_perror;
2090             }
2091 
2092             if (eppnt->p_offset + eppnt->p_filesz <= BPRM_BUF_SIZE) {
2093                 memcpy(interp_name, bprm_buf + eppnt->p_offset,
2094                        eppnt->p_filesz);
2095             } else {
2096                 retval = pread(image_fd, interp_name, eppnt->p_filesz,
2097                                eppnt->p_offset);
2098                 if (retval != eppnt->p_filesz) {
2099                     goto exit_perror;
2100                 }
2101             }
2102             if (interp_name[eppnt->p_filesz - 1] != 0) {
2103                 errmsg = "Invalid PT_INTERP entry";
2104                 goto exit_errmsg;
2105             }
2106             *pinterp_name = interp_name;
2107         }
2108     }
2109 
2110     if (info->end_data == 0) {
2111         info->start_data = info->end_code;
2112         info->end_data = info->end_code;
2113         info->brk = info->end_code;
2114     }
2115 
2116     if (qemu_log_enabled()) {
2117         load_symbols(ehdr, image_fd, load_bias);
2118     }
2119 
2120     mmap_unlock();
2121 
2122     close(image_fd);
2123     return;
2124 
2125  exit_read:
2126     if (retval >= 0) {
2127         errmsg = "Incomplete read of file header";
2128         goto exit_errmsg;
2129     }
2130  exit_perror:
2131     errmsg = strerror(errno);
2132  exit_errmsg:
2133     fprintf(stderr, "%s: %s\n", image_name, errmsg);
2134     exit(-1);
2135 }
2136 
2137 static void load_elf_interp(const char *filename, struct image_info *info,
2138                             char bprm_buf[BPRM_BUF_SIZE])
2139 {
2140     int fd, retval;
2141 
2142     fd = open(path(filename), O_RDONLY);
2143     if (fd < 0) {
2144         goto exit_perror;
2145     }
2146 
2147     retval = read(fd, bprm_buf, BPRM_BUF_SIZE);
2148     if (retval < 0) {
2149         goto exit_perror;
2150     }
2151     if (retval < BPRM_BUF_SIZE) {
2152         memset(bprm_buf + retval, 0, BPRM_BUF_SIZE - retval);
2153     }
2154 
2155     load_elf_image(filename, fd, info, NULL, bprm_buf);
2156     return;
2157 
2158  exit_perror:
2159     fprintf(stderr, "%s: %s\n", filename, strerror(errno));
2160     exit(-1);
2161 }
2162 
2163 static int symfind(const void *s0, const void *s1)
2164 {
2165     target_ulong addr = *(target_ulong *)s0;
2166     struct elf_sym *sym = (struct elf_sym *)s1;
2167     int result = 0;
2168     if (addr < sym->st_value) {
2169         result = -1;
2170     } else if (addr >= sym->st_value + sym->st_size) {
2171         result = 1;
2172     }
2173     return result;
2174 }
2175 
2176 static const char *lookup_symbolxx(struct syminfo *s, target_ulong orig_addr)
2177 {
2178 #if ELF_CLASS == ELFCLASS32
2179     struct elf_sym *syms = s->disas_symtab.elf32;
2180 #else
2181     struct elf_sym *syms = s->disas_symtab.elf64;
2182 #endif
2183 
2184     // binary search
2185     struct elf_sym *sym;
2186 
2187     sym = bsearch(&orig_addr, syms, s->disas_num_syms, sizeof(*syms), symfind);
2188     if (sym != NULL) {
2189         return s->disas_strtab + sym->st_name;
2190     }
2191 
2192     return "";
2193 }
2194 
2195 /* FIXME: This should use elf_ops.h  */
2196 static int symcmp(const void *s0, const void *s1)
2197 {
2198     struct elf_sym *sym0 = (struct elf_sym *)s0;
2199     struct elf_sym *sym1 = (struct elf_sym *)s1;
2200     return (sym0->st_value < sym1->st_value)
2201         ? -1
2202         : ((sym0->st_value > sym1->st_value) ? 1 : 0);
2203 }
2204 
2205 /* Best attempt to load symbols from this ELF object. */
2206 static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias)
2207 {
2208     int i, shnum, nsyms, sym_idx = 0, str_idx = 0;
2209     struct elf_shdr *shdr;
2210     char *strings = NULL;
2211     struct syminfo *s = NULL;
2212     struct elf_sym *new_syms, *syms = NULL;
2213 
2214     shnum = hdr->e_shnum;
2215     i = shnum * sizeof(struct elf_shdr);
2216     shdr = (struct elf_shdr *)alloca(i);
2217     if (pread(fd, shdr, i, hdr->e_shoff) != i) {
2218         return;
2219     }
2220 
2221     bswap_shdr(shdr, shnum);
2222     for (i = 0; i < shnum; ++i) {
2223         if (shdr[i].sh_type == SHT_SYMTAB) {
2224             sym_idx = i;
2225             str_idx = shdr[i].sh_link;
2226             goto found;
2227         }
2228     }
2229 
2230     /* There will be no symbol table if the file was stripped.  */
2231     return;
2232 
2233  found:
2234     /* Now know where the strtab and symtab are.  Snarf them.  */
2235     s = g_try_new(struct syminfo, 1);
2236     if (!s) {
2237         goto give_up;
2238     }
2239 
2240     i = shdr[str_idx].sh_size;
2241     s->disas_strtab = strings = g_try_malloc(i);
2242     if (!strings || pread(fd, strings, i, shdr[str_idx].sh_offset) != i) {
2243         goto give_up;
2244     }
2245 
2246     i = shdr[sym_idx].sh_size;
2247     syms = g_try_malloc(i);
2248     if (!syms || pread(fd, syms, i, shdr[sym_idx].sh_offset) != i) {
2249         goto give_up;
2250     }
2251 
2252     nsyms = i / sizeof(struct elf_sym);
2253     for (i = 0; i < nsyms; ) {
2254         bswap_sym(syms + i);
2255         /* Throw away entries which we do not need.  */
2256         if (syms[i].st_shndx == SHN_UNDEF
2257             || syms[i].st_shndx >= SHN_LORESERVE
2258             || ELF_ST_TYPE(syms[i].st_info) != STT_FUNC) {
2259             if (i < --nsyms) {
2260                 syms[i] = syms[nsyms];
2261             }
2262         } else {
2263 #if defined(TARGET_ARM) || defined (TARGET_MIPS)
2264             /* The bottom address bit marks a Thumb or MIPS16 symbol.  */
2265             syms[i].st_value &= ~(target_ulong)1;
2266 #endif
2267             syms[i].st_value += load_bias;
2268             i++;
2269         }
2270     }
2271 
2272     /* No "useful" symbol.  */
2273     if (nsyms == 0) {
2274         goto give_up;
2275     }
2276 
2277     /* Attempt to free the storage associated with the local symbols
2278        that we threw away.  Whether or not this has any effect on the
2279        memory allocation depends on the malloc implementation and how
2280        many symbols we managed to discard.  */
2281     new_syms = g_try_renew(struct elf_sym, syms, nsyms);
2282     if (new_syms == NULL) {
2283         goto give_up;
2284     }
2285     syms = new_syms;
2286 
2287     qsort(syms, nsyms, sizeof(*syms), symcmp);
2288 
2289     s->disas_num_syms = nsyms;
2290 #if ELF_CLASS == ELFCLASS32
2291     s->disas_symtab.elf32 = syms;
2292 #else
2293     s->disas_symtab.elf64 = syms;
2294 #endif
2295     s->lookup_symbol = lookup_symbolxx;
2296     s->next = syminfos;
2297     syminfos = s;
2298 
2299     return;
2300 
2301 give_up:
2302     g_free(s);
2303     g_free(strings);
2304     g_free(syms);
2305 }
2306 
2307 int load_elf_binary(struct linux_binprm *bprm, struct image_info *info)
2308 {
2309     struct image_info interp_info;
2310     struct elfhdr elf_ex;
2311     char *elf_interpreter = NULL;
2312     char *scratch;
2313 
2314     info->start_mmap = (abi_ulong)ELF_START_MMAP;
2315 
2316     load_elf_image(bprm->filename, bprm->fd, info,
2317                    &elf_interpreter, bprm->buf);
2318 
2319     /* ??? We need a copy of the elf header for passing to create_elf_tables.
2320        If we do nothing, we'll have overwritten this when we re-use bprm->buf
2321        when we load the interpreter.  */
2322     elf_ex = *(struct elfhdr *)bprm->buf;
2323 
2324     /* Do this so that we can load the interpreter, if need be.  We will
2325        change some of these later */
2326     bprm->p = setup_arg_pages(bprm, info);
2327 
2328     scratch = g_new0(char, TARGET_PAGE_SIZE);
2329     if (STACK_GROWS_DOWN) {
2330         bprm->p = copy_elf_strings(1, &bprm->filename, scratch,
2331                                    bprm->p, info->stack_limit);
2332         info->file_string = bprm->p;
2333         bprm->p = copy_elf_strings(bprm->envc, bprm->envp, scratch,
2334                                    bprm->p, info->stack_limit);
2335         info->env_strings = bprm->p;
2336         bprm->p = copy_elf_strings(bprm->argc, bprm->argv, scratch,
2337                                    bprm->p, info->stack_limit);
2338         info->arg_strings = bprm->p;
2339     } else {
2340         info->arg_strings = bprm->p;
2341         bprm->p = copy_elf_strings(bprm->argc, bprm->argv, scratch,
2342                                    bprm->p, info->stack_limit);
2343         info->env_strings = bprm->p;
2344         bprm->p = copy_elf_strings(bprm->envc, bprm->envp, scratch,
2345                                    bprm->p, info->stack_limit);
2346         info->file_string = bprm->p;
2347         bprm->p = copy_elf_strings(1, &bprm->filename, scratch,
2348                                    bprm->p, info->stack_limit);
2349     }
2350 
2351     g_free(scratch);
2352 
2353     if (!bprm->p) {
2354         fprintf(stderr, "%s: %s\n", bprm->filename, strerror(E2BIG));
2355         exit(-1);
2356     }
2357 
2358     if (elf_interpreter) {
2359         load_elf_interp(elf_interpreter, &interp_info, bprm->buf);
2360 
2361         /* If the program interpreter is one of these two, then assume
2362            an iBCS2 image.  Otherwise assume a native linux image.  */
2363 
2364         if (strcmp(elf_interpreter, "/usr/lib/libc.so.1") == 0
2365             || strcmp(elf_interpreter, "/usr/lib/ld.so.1") == 0) {
2366             info->personality = PER_SVR4;
2367 
2368             /* Why this, you ask???  Well SVr4 maps page 0 as read-only,
2369                and some applications "depend" upon this behavior.  Since
2370                we do not have the power to recompile these, we emulate
2371                the SVr4 behavior.  Sigh.  */
2372             target_mmap(0, qemu_host_page_size, PROT_READ | PROT_EXEC,
2373                         MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
2374         }
2375     }
2376 
2377     bprm->p = create_elf_tables(bprm->p, bprm->argc, bprm->envc, &elf_ex,
2378                                 info, (elf_interpreter ? &interp_info : NULL));
2379     info->start_stack = bprm->p;
2380 
2381     /* If we have an interpreter, set that as the program's entry point.
2382        Copy the load_bias as well, to help PPC64 interpret the entry
2383        point as a function descriptor.  Do this after creating elf tables
2384        so that we copy the original program entry point into the AUXV.  */
2385     if (elf_interpreter) {
2386         info->load_bias = interp_info.load_bias;
2387         info->entry = interp_info.entry;
2388         free(elf_interpreter);
2389     }
2390 
2391 #ifdef USE_ELF_CORE_DUMP
2392     bprm->core_dump = &elf_core_dump;
2393 #endif
2394 
2395     return 0;
2396 }
2397 
2398 #ifdef USE_ELF_CORE_DUMP
2399 /*
2400  * Definitions to generate Intel SVR4-like core files.
2401  * These mostly have the same names as the SVR4 types with "target_elf_"
2402  * tacked on the front to prevent clashes with linux definitions,
2403  * and the typedef forms have been avoided.  This is mostly like
2404  * the SVR4 structure, but more Linuxy, with things that Linux does
2405  * not support and which gdb doesn't really use excluded.
2406  *
2407  * Fields we don't dump (their contents is zero) in linux-user qemu
2408  * are marked with XXX.
2409  *
2410  * Core dump code is copied from linux kernel (fs/binfmt_elf.c).
2411  *
2412  * Porting ELF coredump for target is (quite) simple process.  First you
2413  * define USE_ELF_CORE_DUMP in target ELF code (where init_thread() for
2414  * the target resides):
2415  *
2416  * #define USE_ELF_CORE_DUMP
2417  *
2418  * Next you define type of register set used for dumping.  ELF specification
2419  * says that it needs to be array of elf_greg_t that has size of ELF_NREG.
2420  *
2421  * typedef <target_regtype> target_elf_greg_t;
2422  * #define ELF_NREG <number of registers>
2423  * typedef taret_elf_greg_t target_elf_gregset_t[ELF_NREG];
2424  *
2425  * Last step is to implement target specific function that copies registers
2426  * from given cpu into just specified register set.  Prototype is:
2427  *
2428  * static void elf_core_copy_regs(taret_elf_gregset_t *regs,
2429  *                                const CPUArchState *env);
2430  *
2431  * Parameters:
2432  *     regs - copy register values into here (allocated and zeroed by caller)
2433  *     env - copy registers from here
2434  *
2435  * Example for ARM target is provided in this file.
2436  */
2437 
2438 /* An ELF note in memory */
2439 struct memelfnote {
2440     const char *name;
2441     size_t     namesz;
2442     size_t     namesz_rounded;
2443     int        type;
2444     size_t     datasz;
2445     size_t     datasz_rounded;
2446     void       *data;
2447     size_t     notesz;
2448 };
2449 
2450 struct target_elf_siginfo {
2451     abi_int    si_signo; /* signal number */
2452     abi_int    si_code;  /* extra code */
2453     abi_int    si_errno; /* errno */
2454 };
2455 
2456 struct target_elf_prstatus {
2457     struct target_elf_siginfo pr_info;      /* Info associated with signal */
2458     abi_short          pr_cursig;    /* Current signal */
2459     abi_ulong          pr_sigpend;   /* XXX */
2460     abi_ulong          pr_sighold;   /* XXX */
2461     target_pid_t       pr_pid;
2462     target_pid_t       pr_ppid;
2463     target_pid_t       pr_pgrp;
2464     target_pid_t       pr_sid;
2465     struct target_timeval pr_utime;  /* XXX User time */
2466     struct target_timeval pr_stime;  /* XXX System time */
2467     struct target_timeval pr_cutime; /* XXX Cumulative user time */
2468     struct target_timeval pr_cstime; /* XXX Cumulative system time */
2469     target_elf_gregset_t      pr_reg;       /* GP registers */
2470     abi_int            pr_fpvalid;   /* XXX */
2471 };
2472 
2473 #define ELF_PRARGSZ     (80) /* Number of chars for args */
2474 
2475 struct target_elf_prpsinfo {
2476     char         pr_state;       /* numeric process state */
2477     char         pr_sname;       /* char for pr_state */
2478     char         pr_zomb;        /* zombie */
2479     char         pr_nice;        /* nice val */
2480     abi_ulong    pr_flag;        /* flags */
2481     target_uid_t pr_uid;
2482     target_gid_t pr_gid;
2483     target_pid_t pr_pid, pr_ppid, pr_pgrp, pr_sid;
2484     /* Lots missing */
2485     char    pr_fname[16];           /* filename of executable */
2486     char    pr_psargs[ELF_PRARGSZ]; /* initial part of arg list */
2487 };
2488 
2489 /* Here is the structure in which status of each thread is captured. */
2490 struct elf_thread_status {
2491     QTAILQ_ENTRY(elf_thread_status)  ets_link;
2492     struct target_elf_prstatus prstatus;   /* NT_PRSTATUS */
2493 #if 0
2494     elf_fpregset_t fpu;             /* NT_PRFPREG */
2495     struct task_struct *thread;
2496     elf_fpxregset_t xfpu;           /* ELF_CORE_XFPREG_TYPE */
2497 #endif
2498     struct memelfnote notes[1];
2499     int num_notes;
2500 };
2501 
2502 struct elf_note_info {
2503     struct memelfnote   *notes;
2504     struct target_elf_prstatus *prstatus;  /* NT_PRSTATUS */
2505     struct target_elf_prpsinfo *psinfo;    /* NT_PRPSINFO */
2506 
2507     QTAILQ_HEAD(thread_list_head, elf_thread_status) thread_list;
2508 #if 0
2509     /*
2510      * Current version of ELF coredump doesn't support
2511      * dumping fp regs etc.
2512      */
2513     elf_fpregset_t *fpu;
2514     elf_fpxregset_t *xfpu;
2515     int thread_status_size;
2516 #endif
2517     int notes_size;
2518     int numnote;
2519 };
2520 
2521 struct vm_area_struct {
2522     target_ulong   vma_start;  /* start vaddr of memory region */
2523     target_ulong   vma_end;    /* end vaddr of memory region */
2524     abi_ulong      vma_flags;  /* protection etc. flags for the region */
2525     QTAILQ_ENTRY(vm_area_struct) vma_link;
2526 };
2527 
2528 struct mm_struct {
2529     QTAILQ_HEAD(, vm_area_struct) mm_mmap;
2530     int mm_count;           /* number of mappings */
2531 };
2532 
2533 static struct mm_struct *vma_init(void);
2534 static void vma_delete(struct mm_struct *);
2535 static int vma_add_mapping(struct mm_struct *, target_ulong,
2536                            target_ulong, abi_ulong);
2537 static int vma_get_mapping_count(const struct mm_struct *);
2538 static struct vm_area_struct *vma_first(const struct mm_struct *);
2539 static struct vm_area_struct *vma_next(struct vm_area_struct *);
2540 static abi_ulong vma_dump_size(const struct vm_area_struct *);
2541 static int vma_walker(void *priv, target_ulong start, target_ulong end,
2542                       unsigned long flags);
2543 
2544 static void fill_elf_header(struct elfhdr *, int, uint16_t, uint32_t);
2545 static void fill_note(struct memelfnote *, const char *, int,
2546                       unsigned int, void *);
2547 static void fill_prstatus(struct target_elf_prstatus *, const TaskState *, int);
2548 static int fill_psinfo(struct target_elf_prpsinfo *, const TaskState *);
2549 static void fill_auxv_note(struct memelfnote *, const TaskState *);
2550 static void fill_elf_note_phdr(struct elf_phdr *, int, off_t);
2551 static size_t note_size(const struct memelfnote *);
2552 static void free_note_info(struct elf_note_info *);
2553 static int fill_note_info(struct elf_note_info *, long, const CPUArchState *);
2554 static void fill_thread_info(struct elf_note_info *, const CPUArchState *);
2555 static int core_dump_filename(const TaskState *, char *, size_t);
2556 
2557 static int dump_write(int, const void *, size_t);
2558 static int write_note(struct memelfnote *, int);
2559 static int write_note_info(struct elf_note_info *, int);
2560 
2561 #ifdef BSWAP_NEEDED
2562 static void bswap_prstatus(struct target_elf_prstatus *prstatus)
2563 {
2564     prstatus->pr_info.si_signo = tswap32(prstatus->pr_info.si_signo);
2565     prstatus->pr_info.si_code = tswap32(prstatus->pr_info.si_code);
2566     prstatus->pr_info.si_errno = tswap32(prstatus->pr_info.si_errno);
2567     prstatus->pr_cursig = tswap16(prstatus->pr_cursig);
2568     prstatus->pr_sigpend = tswapal(prstatus->pr_sigpend);
2569     prstatus->pr_sighold = tswapal(prstatus->pr_sighold);
2570     prstatus->pr_pid = tswap32(prstatus->pr_pid);
2571     prstatus->pr_ppid = tswap32(prstatus->pr_ppid);
2572     prstatus->pr_pgrp = tswap32(prstatus->pr_pgrp);
2573     prstatus->pr_sid = tswap32(prstatus->pr_sid);
2574     /* cpu times are not filled, so we skip them */
2575     /* regs should be in correct format already */
2576     prstatus->pr_fpvalid = tswap32(prstatus->pr_fpvalid);
2577 }
2578 
2579 static void bswap_psinfo(struct target_elf_prpsinfo *psinfo)
2580 {
2581     psinfo->pr_flag = tswapal(psinfo->pr_flag);
2582     psinfo->pr_uid = tswap16(psinfo->pr_uid);
2583     psinfo->pr_gid = tswap16(psinfo->pr_gid);
2584     psinfo->pr_pid = tswap32(psinfo->pr_pid);
2585     psinfo->pr_ppid = tswap32(psinfo->pr_ppid);
2586     psinfo->pr_pgrp = tswap32(psinfo->pr_pgrp);
2587     psinfo->pr_sid = tswap32(psinfo->pr_sid);
2588 }
2589 
2590 static void bswap_note(struct elf_note *en)
2591 {
2592     bswap32s(&en->n_namesz);
2593     bswap32s(&en->n_descsz);
2594     bswap32s(&en->n_type);
2595 }
2596 #else
2597 static inline void bswap_prstatus(struct target_elf_prstatus *p) { }
2598 static inline void bswap_psinfo(struct target_elf_prpsinfo *p) {}
2599 static inline void bswap_note(struct elf_note *en) { }
2600 #endif /* BSWAP_NEEDED */
2601 
2602 /*
2603  * Minimal support for linux memory regions.  These are needed
2604  * when we are finding out what memory exactly belongs to
2605  * emulated process.  No locks needed here, as long as
2606  * thread that received the signal is stopped.
2607  */
2608 
2609 static struct mm_struct *vma_init(void)
2610 {
2611     struct mm_struct *mm;
2612 
2613     if ((mm = g_malloc(sizeof (*mm))) == NULL)
2614         return (NULL);
2615 
2616     mm->mm_count = 0;
2617     QTAILQ_INIT(&mm->mm_mmap);
2618 
2619     return (mm);
2620 }
2621 
2622 static void vma_delete(struct mm_struct *mm)
2623 {
2624     struct vm_area_struct *vma;
2625 
2626     while ((vma = vma_first(mm)) != NULL) {
2627         QTAILQ_REMOVE(&mm->mm_mmap, vma, vma_link);
2628         g_free(vma);
2629     }
2630     g_free(mm);
2631 }
2632 
2633 static int vma_add_mapping(struct mm_struct *mm, target_ulong start,
2634                            target_ulong end, abi_ulong flags)
2635 {
2636     struct vm_area_struct *vma;
2637 
2638     if ((vma = g_malloc0(sizeof (*vma))) == NULL)
2639         return (-1);
2640 
2641     vma->vma_start = start;
2642     vma->vma_end = end;
2643     vma->vma_flags = flags;
2644 
2645     QTAILQ_INSERT_TAIL(&mm->mm_mmap, vma, vma_link);
2646     mm->mm_count++;
2647 
2648     return (0);
2649 }
2650 
2651 static struct vm_area_struct *vma_first(const struct mm_struct *mm)
2652 {
2653     return (QTAILQ_FIRST(&mm->mm_mmap));
2654 }
2655 
2656 static struct vm_area_struct *vma_next(struct vm_area_struct *vma)
2657 {
2658     return (QTAILQ_NEXT(vma, vma_link));
2659 }
2660 
2661 static int vma_get_mapping_count(const struct mm_struct *mm)
2662 {
2663     return (mm->mm_count);
2664 }
2665 
2666 /*
2667  * Calculate file (dump) size of given memory region.
2668  */
2669 static abi_ulong vma_dump_size(const struct vm_area_struct *vma)
2670 {
2671     /* if we cannot even read the first page, skip it */
2672     if (!access_ok(VERIFY_READ, vma->vma_start, TARGET_PAGE_SIZE))
2673         return (0);
2674 
2675     /*
2676      * Usually we don't dump executable pages as they contain
2677      * non-writable code that debugger can read directly from
2678      * target library etc.  However, thread stacks are marked
2679      * also executable so we read in first page of given region
2680      * and check whether it contains elf header.  If there is
2681      * no elf header, we dump it.
2682      */
2683     if (vma->vma_flags & PROT_EXEC) {
2684         char page[TARGET_PAGE_SIZE];
2685 
2686         copy_from_user(page, vma->vma_start, sizeof (page));
2687         if ((page[EI_MAG0] == ELFMAG0) &&
2688             (page[EI_MAG1] == ELFMAG1) &&
2689             (page[EI_MAG2] == ELFMAG2) &&
2690             (page[EI_MAG3] == ELFMAG3)) {
2691             /*
2692              * Mappings are possibly from ELF binary.  Don't dump
2693              * them.
2694              */
2695             return (0);
2696         }
2697     }
2698 
2699     return (vma->vma_end - vma->vma_start);
2700 }
2701 
2702 static int vma_walker(void *priv, target_ulong start, target_ulong end,
2703                       unsigned long flags)
2704 {
2705     struct mm_struct *mm = (struct mm_struct *)priv;
2706 
2707     vma_add_mapping(mm, start, end, flags);
2708     return (0);
2709 }
2710 
2711 static void fill_note(struct memelfnote *note, const char *name, int type,
2712                       unsigned int sz, void *data)
2713 {
2714     unsigned int namesz;
2715 
2716     namesz = strlen(name) + 1;
2717     note->name = name;
2718     note->namesz = namesz;
2719     note->namesz_rounded = roundup(namesz, sizeof (int32_t));
2720     note->type = type;
2721     note->datasz = sz;
2722     note->datasz_rounded = roundup(sz, sizeof (int32_t));
2723 
2724     note->data = data;
2725 
2726     /*
2727      * We calculate rounded up note size here as specified by
2728      * ELF document.
2729      */
2730     note->notesz = sizeof (struct elf_note) +
2731         note->namesz_rounded + note->datasz_rounded;
2732 }
2733 
2734 static void fill_elf_header(struct elfhdr *elf, int segs, uint16_t machine,
2735                             uint32_t flags)
2736 {
2737     (void) memset(elf, 0, sizeof(*elf));
2738 
2739     (void) memcpy(elf->e_ident, ELFMAG, SELFMAG);
2740     elf->e_ident[EI_CLASS] = ELF_CLASS;
2741     elf->e_ident[EI_DATA] = ELF_DATA;
2742     elf->e_ident[EI_VERSION] = EV_CURRENT;
2743     elf->e_ident[EI_OSABI] = ELF_OSABI;
2744 
2745     elf->e_type = ET_CORE;
2746     elf->e_machine = machine;
2747     elf->e_version = EV_CURRENT;
2748     elf->e_phoff = sizeof(struct elfhdr);
2749     elf->e_flags = flags;
2750     elf->e_ehsize = sizeof(struct elfhdr);
2751     elf->e_phentsize = sizeof(struct elf_phdr);
2752     elf->e_phnum = segs;
2753 
2754     bswap_ehdr(elf);
2755 }
2756 
2757 static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, off_t offset)
2758 {
2759     phdr->p_type = PT_NOTE;
2760     phdr->p_offset = offset;
2761     phdr->p_vaddr = 0;
2762     phdr->p_paddr = 0;
2763     phdr->p_filesz = sz;
2764     phdr->p_memsz = 0;
2765     phdr->p_flags = 0;
2766     phdr->p_align = 0;
2767 
2768     bswap_phdr(phdr, 1);
2769 }
2770 
2771 static size_t note_size(const struct memelfnote *note)
2772 {
2773     return (note->notesz);
2774 }
2775 
2776 static void fill_prstatus(struct target_elf_prstatus *prstatus,
2777                           const TaskState *ts, int signr)
2778 {
2779     (void) memset(prstatus, 0, sizeof (*prstatus));
2780     prstatus->pr_info.si_signo = prstatus->pr_cursig = signr;
2781     prstatus->pr_pid = ts->ts_tid;
2782     prstatus->pr_ppid = getppid();
2783     prstatus->pr_pgrp = getpgrp();
2784     prstatus->pr_sid = getsid(0);
2785 
2786     bswap_prstatus(prstatus);
2787 }
2788 
2789 static int fill_psinfo(struct target_elf_prpsinfo *psinfo, const TaskState *ts)
2790 {
2791     char *base_filename;
2792     unsigned int i, len;
2793 
2794     (void) memset(psinfo, 0, sizeof (*psinfo));
2795 
2796     len = ts->info->arg_end - ts->info->arg_start;
2797     if (len >= ELF_PRARGSZ)
2798         len = ELF_PRARGSZ - 1;
2799     if (copy_from_user(&psinfo->pr_psargs, ts->info->arg_start, len))
2800         return -EFAULT;
2801     for (i = 0; i < len; i++)
2802         if (psinfo->pr_psargs[i] == 0)
2803             psinfo->pr_psargs[i] = ' ';
2804     psinfo->pr_psargs[len] = 0;
2805 
2806     psinfo->pr_pid = getpid();
2807     psinfo->pr_ppid = getppid();
2808     psinfo->pr_pgrp = getpgrp();
2809     psinfo->pr_sid = getsid(0);
2810     psinfo->pr_uid = getuid();
2811     psinfo->pr_gid = getgid();
2812 
2813     base_filename = g_path_get_basename(ts->bprm->filename);
2814     /*
2815      * Using strncpy here is fine: at max-length,
2816      * this field is not NUL-terminated.
2817      */
2818     (void) strncpy(psinfo->pr_fname, base_filename,
2819                    sizeof(psinfo->pr_fname));
2820 
2821     g_free(base_filename);
2822     bswap_psinfo(psinfo);
2823     return (0);
2824 }
2825 
2826 static void fill_auxv_note(struct memelfnote *note, const TaskState *ts)
2827 {
2828     elf_addr_t auxv = (elf_addr_t)ts->info->saved_auxv;
2829     elf_addr_t orig_auxv = auxv;
2830     void *ptr;
2831     int len = ts->info->auxv_len;
2832 
2833     /*
2834      * Auxiliary vector is stored in target process stack.  It contains
2835      * {type, value} pairs that we need to dump into note.  This is not
2836      * strictly necessary but we do it here for sake of completeness.
2837      */
2838 
2839     /* read in whole auxv vector and copy it to memelfnote */
2840     ptr = lock_user(VERIFY_READ, orig_auxv, len, 0);
2841     if (ptr != NULL) {
2842         fill_note(note, "CORE", NT_AUXV, len, ptr);
2843         unlock_user(ptr, auxv, len);
2844     }
2845 }
2846 
2847 /*
2848  * Constructs name of coredump file.  We have following convention
2849  * for the name:
2850  *     qemu_<basename-of-target-binary>_<date>-<time>_<pid>.core
2851  *
2852  * Returns 0 in case of success, -1 otherwise (errno is set).
2853  */
2854 static int core_dump_filename(const TaskState *ts, char *buf,
2855                               size_t bufsize)
2856 {
2857     char timestamp[64];
2858     char *base_filename = NULL;
2859     struct timeval tv;
2860     struct tm tm;
2861 
2862     assert(bufsize >= PATH_MAX);
2863 
2864     if (gettimeofday(&tv, NULL) < 0) {
2865         (void) fprintf(stderr, "unable to get current timestamp: %s",
2866                        strerror(errno));
2867         return (-1);
2868     }
2869 
2870     base_filename = g_path_get_basename(ts->bprm->filename);
2871     (void) strftime(timestamp, sizeof (timestamp), "%Y%m%d-%H%M%S",
2872                     localtime_r(&tv.tv_sec, &tm));
2873     (void) snprintf(buf, bufsize, "qemu_%s_%s_%d.core",
2874                     base_filename, timestamp, (int)getpid());
2875     g_free(base_filename);
2876 
2877     return (0);
2878 }
2879 
2880 static int dump_write(int fd, const void *ptr, size_t size)
2881 {
2882     const char *bufp = (const char *)ptr;
2883     ssize_t bytes_written, bytes_left;
2884     struct rlimit dumpsize;
2885     off_t pos;
2886 
2887     bytes_written = 0;
2888     getrlimit(RLIMIT_CORE, &dumpsize);
2889     if ((pos = lseek(fd, 0, SEEK_CUR))==-1) {
2890         if (errno == ESPIPE) { /* not a seekable stream */
2891             bytes_left = size;
2892         } else {
2893             return pos;
2894         }
2895     } else {
2896         if (dumpsize.rlim_cur <= pos) {
2897             return -1;
2898         } else if (dumpsize.rlim_cur == RLIM_INFINITY) {
2899             bytes_left = size;
2900         } else {
2901             size_t limit_left=dumpsize.rlim_cur - pos;
2902             bytes_left = limit_left >= size ? size : limit_left ;
2903         }
2904     }
2905 
2906     /*
2907      * In normal conditions, single write(2) should do but
2908      * in case of socket etc. this mechanism is more portable.
2909      */
2910     do {
2911         bytes_written = write(fd, bufp, bytes_left);
2912         if (bytes_written < 0) {
2913             if (errno == EINTR)
2914                 continue;
2915             return (-1);
2916         } else if (bytes_written == 0) { /* eof */
2917             return (-1);
2918         }
2919         bufp += bytes_written;
2920         bytes_left -= bytes_written;
2921     } while (bytes_left > 0);
2922 
2923     return (0);
2924 }
2925 
2926 static int write_note(struct memelfnote *men, int fd)
2927 {
2928     struct elf_note en;
2929 
2930     en.n_namesz = men->namesz;
2931     en.n_type = men->type;
2932     en.n_descsz = men->datasz;
2933 
2934     bswap_note(&en);
2935 
2936     if (dump_write(fd, &en, sizeof(en)) != 0)
2937         return (-1);
2938     if (dump_write(fd, men->name, men->namesz_rounded) != 0)
2939         return (-1);
2940     if (dump_write(fd, men->data, men->datasz_rounded) != 0)
2941         return (-1);
2942 
2943     return (0);
2944 }
2945 
2946 static void fill_thread_info(struct elf_note_info *info, const CPUArchState *env)
2947 {
2948     CPUState *cpu = ENV_GET_CPU((CPUArchState *)env);
2949     TaskState *ts = (TaskState *)cpu->opaque;
2950     struct elf_thread_status *ets;
2951 
2952     ets = g_malloc0(sizeof (*ets));
2953     ets->num_notes = 1; /* only prstatus is dumped */
2954     fill_prstatus(&ets->prstatus, ts, 0);
2955     elf_core_copy_regs(&ets->prstatus.pr_reg, env);
2956     fill_note(&ets->notes[0], "CORE", NT_PRSTATUS, sizeof (ets->prstatus),
2957               &ets->prstatus);
2958 
2959     QTAILQ_INSERT_TAIL(&info->thread_list, ets, ets_link);
2960 
2961     info->notes_size += note_size(&ets->notes[0]);
2962 }
2963 
2964 static void init_note_info(struct elf_note_info *info)
2965 {
2966     /* Initialize the elf_note_info structure so that it is at
2967      * least safe to call free_note_info() on it. Must be
2968      * called before calling fill_note_info().
2969      */
2970     memset(info, 0, sizeof (*info));
2971     QTAILQ_INIT(&info->thread_list);
2972 }
2973 
2974 static int fill_note_info(struct elf_note_info *info,
2975                           long signr, const CPUArchState *env)
2976 {
2977 #define NUMNOTES 3
2978     CPUState *cpu = ENV_GET_CPU((CPUArchState *)env);
2979     TaskState *ts = (TaskState *)cpu->opaque;
2980     int i;
2981 
2982     info->notes = g_new0(struct memelfnote, NUMNOTES);
2983     if (info->notes == NULL)
2984         return (-ENOMEM);
2985     info->prstatus = g_malloc0(sizeof (*info->prstatus));
2986     if (info->prstatus == NULL)
2987         return (-ENOMEM);
2988     info->psinfo = g_malloc0(sizeof (*info->psinfo));
2989     if (info->prstatus == NULL)
2990         return (-ENOMEM);
2991 
2992     /*
2993      * First fill in status (and registers) of current thread
2994      * including process info & aux vector.
2995      */
2996     fill_prstatus(info->prstatus, ts, signr);
2997     elf_core_copy_regs(&info->prstatus->pr_reg, env);
2998     fill_note(&info->notes[0], "CORE", NT_PRSTATUS,
2999               sizeof (*info->prstatus), info->prstatus);
3000     fill_psinfo(info->psinfo, ts);
3001     fill_note(&info->notes[1], "CORE", NT_PRPSINFO,
3002               sizeof (*info->psinfo), info->psinfo);
3003     fill_auxv_note(&info->notes[2], ts);
3004     info->numnote = 3;
3005 
3006     info->notes_size = 0;
3007     for (i = 0; i < info->numnote; i++)
3008         info->notes_size += note_size(&info->notes[i]);
3009 
3010     /* read and fill status of all threads */
3011     cpu_list_lock();
3012     CPU_FOREACH(cpu) {
3013         if (cpu == thread_cpu) {
3014             continue;
3015         }
3016         fill_thread_info(info, (CPUArchState *)cpu->env_ptr);
3017     }
3018     cpu_list_unlock();
3019 
3020     return (0);
3021 }
3022 
3023 static void free_note_info(struct elf_note_info *info)
3024 {
3025     struct elf_thread_status *ets;
3026 
3027     while (!QTAILQ_EMPTY(&info->thread_list)) {
3028         ets = QTAILQ_FIRST(&info->thread_list);
3029         QTAILQ_REMOVE(&info->thread_list, ets, ets_link);
3030         g_free(ets);
3031     }
3032 
3033     g_free(info->prstatus);
3034     g_free(info->psinfo);
3035     g_free(info->notes);
3036 }
3037 
3038 static int write_note_info(struct elf_note_info *info, int fd)
3039 {
3040     struct elf_thread_status *ets;
3041     int i, error = 0;
3042 
3043     /* write prstatus, psinfo and auxv for current thread */
3044     for (i = 0; i < info->numnote; i++)
3045         if ((error = write_note(&info->notes[i], fd)) != 0)
3046             return (error);
3047 
3048     /* write prstatus for each thread */
3049     QTAILQ_FOREACH(ets, &info->thread_list, ets_link) {
3050         if ((error = write_note(&ets->notes[0], fd)) != 0)
3051             return (error);
3052     }
3053 
3054     return (0);
3055 }
3056 
3057 /*
3058  * Write out ELF coredump.
3059  *
3060  * See documentation of ELF object file format in:
3061  * http://www.caldera.com/developers/devspecs/gabi41.pdf
3062  *
3063  * Coredump format in linux is following:
3064  *
3065  * 0   +----------------------+         \
3066  *     | ELF header           | ET_CORE  |
3067  *     +----------------------+          |
3068  *     | ELF program headers  |          |--- headers
3069  *     | - NOTE section       |          |
3070  *     | - PT_LOAD sections   |          |
3071  *     +----------------------+         /
3072  *     | NOTEs:               |
3073  *     | - NT_PRSTATUS        |
3074  *     | - NT_PRSINFO         |
3075  *     | - NT_AUXV            |
3076  *     +----------------------+ <-- aligned to target page
3077  *     | Process memory dump  |
3078  *     :                      :
3079  *     .                      .
3080  *     :                      :
3081  *     |                      |
3082  *     +----------------------+
3083  *
3084  * NT_PRSTATUS -> struct elf_prstatus (per thread)
3085  * NT_PRSINFO  -> struct elf_prpsinfo
3086  * NT_AUXV is array of { type, value } pairs (see fill_auxv_note()).
3087  *
3088  * Format follows System V format as close as possible.  Current
3089  * version limitations are as follows:
3090  *     - no floating point registers are dumped
3091  *
3092  * Function returns 0 in case of success, negative errno otherwise.
3093  *
3094  * TODO: make this work also during runtime: it should be
3095  * possible to force coredump from running process and then
3096  * continue processing.  For example qemu could set up SIGUSR2
3097  * handler (provided that target process haven't registered
3098  * handler for that) that does the dump when signal is received.
3099  */
3100 static int elf_core_dump(int signr, const CPUArchState *env)
3101 {
3102     const CPUState *cpu = ENV_GET_CPU((CPUArchState *)env);
3103     const TaskState *ts = (const TaskState *)cpu->opaque;
3104     struct vm_area_struct *vma = NULL;
3105     char corefile[PATH_MAX];
3106     struct elf_note_info info;
3107     struct elfhdr elf;
3108     struct elf_phdr phdr;
3109     struct rlimit dumpsize;
3110     struct mm_struct *mm = NULL;
3111     off_t offset = 0, data_offset = 0;
3112     int segs = 0;
3113     int fd = -1;
3114 
3115     init_note_info(&info);
3116 
3117     errno = 0;
3118     getrlimit(RLIMIT_CORE, &dumpsize);
3119     if (dumpsize.rlim_cur == 0)
3120         return 0;
3121 
3122     if (core_dump_filename(ts, corefile, sizeof (corefile)) < 0)
3123         return (-errno);
3124 
3125     if ((fd = open(corefile, O_WRONLY | O_CREAT,
3126                    S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)) < 0)
3127         return (-errno);
3128 
3129     /*
3130      * Walk through target process memory mappings and
3131      * set up structure containing this information.  After
3132      * this point vma_xxx functions can be used.
3133      */
3134     if ((mm = vma_init()) == NULL)
3135         goto out;
3136 
3137     walk_memory_regions(mm, vma_walker);
3138     segs = vma_get_mapping_count(mm);
3139 
3140     /*
3141      * Construct valid coredump ELF header.  We also
3142      * add one more segment for notes.
3143      */
3144     fill_elf_header(&elf, segs + 1, ELF_MACHINE, 0);
3145     if (dump_write(fd, &elf, sizeof (elf)) != 0)
3146         goto out;
3147 
3148     /* fill in the in-memory version of notes */
3149     if (fill_note_info(&info, signr, env) < 0)
3150         goto out;
3151 
3152     offset += sizeof (elf);                             /* elf header */
3153     offset += (segs + 1) * sizeof (struct elf_phdr);    /* program headers */
3154 
3155     /* write out notes program header */
3156     fill_elf_note_phdr(&phdr, info.notes_size, offset);
3157 
3158     offset += info.notes_size;
3159     if (dump_write(fd, &phdr, sizeof (phdr)) != 0)
3160         goto out;
3161 
3162     /*
3163      * ELF specification wants data to start at page boundary so
3164      * we align it here.
3165      */
3166     data_offset = offset = roundup(offset, ELF_EXEC_PAGESIZE);
3167 
3168     /*
3169      * Write program headers for memory regions mapped in
3170      * the target process.
3171      */
3172     for (vma = vma_first(mm); vma != NULL; vma = vma_next(vma)) {
3173         (void) memset(&phdr, 0, sizeof (phdr));
3174 
3175         phdr.p_type = PT_LOAD;
3176         phdr.p_offset = offset;
3177         phdr.p_vaddr = vma->vma_start;
3178         phdr.p_paddr = 0;
3179         phdr.p_filesz = vma_dump_size(vma);
3180         offset += phdr.p_filesz;
3181         phdr.p_memsz = vma->vma_end - vma->vma_start;
3182         phdr.p_flags = vma->vma_flags & PROT_READ ? PF_R : 0;
3183         if (vma->vma_flags & PROT_WRITE)
3184             phdr.p_flags |= PF_W;
3185         if (vma->vma_flags & PROT_EXEC)
3186             phdr.p_flags |= PF_X;
3187         phdr.p_align = ELF_EXEC_PAGESIZE;
3188 
3189         bswap_phdr(&phdr, 1);
3190         if (dump_write(fd, &phdr, sizeof(phdr)) != 0) {
3191             goto out;
3192         }
3193     }
3194 
3195     /*
3196      * Next we write notes just after program headers.  No
3197      * alignment needed here.
3198      */
3199     if (write_note_info(&info, fd) < 0)
3200         goto out;
3201 
3202     /* align data to page boundary */
3203     if (lseek(fd, data_offset, SEEK_SET) != data_offset)
3204         goto out;
3205 
3206     /*
3207      * Finally we can dump process memory into corefile as well.
3208      */
3209     for (vma = vma_first(mm); vma != NULL; vma = vma_next(vma)) {
3210         abi_ulong addr;
3211         abi_ulong end;
3212 
3213         end = vma->vma_start + vma_dump_size(vma);
3214 
3215         for (addr = vma->vma_start; addr < end;
3216              addr += TARGET_PAGE_SIZE) {
3217             char page[TARGET_PAGE_SIZE];
3218             int error;
3219 
3220             /*
3221              *  Read in page from target process memory and
3222              *  write it to coredump file.
3223              */
3224             error = copy_from_user(page, addr, sizeof (page));
3225             if (error != 0) {
3226                 (void) fprintf(stderr, "unable to dump " TARGET_ABI_FMT_lx "\n",
3227                                addr);
3228                 errno = -error;
3229                 goto out;
3230             }
3231             if (dump_write(fd, page, TARGET_PAGE_SIZE) < 0)
3232                 goto out;
3233         }
3234     }
3235 
3236  out:
3237     free_note_info(&info);
3238     if (mm != NULL)
3239         vma_delete(mm);
3240     (void) close(fd);
3241 
3242     if (errno != 0)
3243         return (-errno);
3244     return (0);
3245 }
3246 #endif /* USE_ELF_CORE_DUMP */
3247 
3248 void do_init_thread(struct target_pt_regs *regs, struct image_info *infop)
3249 {
3250     init_thread(regs, infop);
3251 }
3252