]> git.proxmox.com Git - qemu.git/blame - linux-user/elfload.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Use glib memory allocation and free functions
[qemu.git] / linux-user / elfload.c
CommitLineData
31e31b8a 1/* This is the Linux kernel elf-loading code, ported into user space */
edf8e2af
MW		 2#include <sys/time.h>
3#include <sys/param.h>
31e31b8a
FB		 4
5#include <stdio.h>
6#include <sys/types.h>
7#include <fcntl.h>
31e31b8a
FB		 8#include <errno.h>
9#include <unistd.h>
10#include <sys/mman.h>
edf8e2af 11#include <sys/resource.h>
31e31b8a
FB		 12#include <stdlib.h>
13#include <string.h>
edf8e2af 14#include <time.h>
31e31b8a 15
3ef693a0 16#include "qemu.h"
689f936f 17#include "disas.h"
31e31b8a 18
e58ffeb3 19#ifdef _ARCH_PPC64
a6cc84f4 20#undef ARCH_DLINFO
21#undef ELF_PLATFORM
22#undef ELF_HWCAP
23#undef ELF_CLASS
24#undef ELF_DATA
25#undef ELF_ARCH
26#endif
27
edf8e2af
MW		 28#define ELF_OSABI ELFOSABI_SYSV
29
cb33da57
BS		 30/* from personality.h */
31
32/*
33 * Flags for bug emulation.
34 *
35 * These occupy the top three bytes.
36 */
37enum {
d97ef72e
RH		 38 ADDR_NO_RANDOMIZE = 0x0040000, /* disable randomization of VA space */
39 FDPIC_FUNCPTRS = 0x0080000, /* userspace function ptrs point to
40 descriptors (signal handling) */
41 MMAP_PAGE_ZERO = 0x0100000,
42 ADDR_COMPAT_LAYOUT = 0x0200000,
43 READ_IMPLIES_EXEC = 0x0400000,
44 ADDR_LIMIT_32BIT = 0x0800000,
45 SHORT_INODE = 0x1000000,
46 WHOLE_SECONDS = 0x2000000,
47 STICKY_TIMEOUTS = 0x4000000,
48 ADDR_LIMIT_3GB = 0x8000000,
cb33da57
BS		 49};
50
51/*
52 * Personality types.
53 *
54 * These go in the low byte. Avoid using the top bit, it will
55 * conflict with error returns.
56 */
57enum {
d97ef72e
RH		 58 PER_LINUX = 0x0000,
59 PER_LINUX_32BIT = 0x0000 | ADDR_LIMIT_32BIT,
60 PER_LINUX_FDPIC = 0x0000 | FDPIC_FUNCPTRS,
61 PER_SVR4 = 0x0001 | STICKY_TIMEOUTS | MMAP_PAGE_ZERO,
62 PER_SVR3 = 0x0002 | STICKY_TIMEOUTS | SHORT_INODE,
63 PER_SCOSVR3 = 0x0003 | STICKY_TIMEOUTS | WHOLE_SECONDS | SHORT_INODE,
64 PER_OSR5 = 0x0003 | STICKY_TIMEOUTS | WHOLE_SECONDS,
65 PER_WYSEV386 = 0x0004 | STICKY_TIMEOUTS | SHORT_INODE,
66 PER_ISCR4 = 0x0005 | STICKY_TIMEOUTS,
67 PER_BSD = 0x0006,
68 PER_SUNOS = 0x0006 | STICKY_TIMEOUTS,
69 PER_XENIX = 0x0007 | STICKY_TIMEOUTS | SHORT_INODE,
70 PER_LINUX32 = 0x0008,
71 PER_LINUX32_3GB = 0x0008 | ADDR_LIMIT_3GB,
72 PER_IRIX32 = 0x0009 | STICKY_TIMEOUTS,/* IRIX5 32-bit */
73 PER_IRIXN32 = 0x000a | STICKY_TIMEOUTS,/* IRIX6 new 32-bit */
74 PER_IRIX64 = 0x000b | STICKY_TIMEOUTS,/* IRIX6 64-bit */
75 PER_RISCOS = 0x000c,
76 PER_SOLARIS = 0x000d | STICKY_TIMEOUTS,
77 PER_UW7 = 0x000e | STICKY_TIMEOUTS | MMAP_PAGE_ZERO,
78 PER_OSF4 = 0x000f, /* OSF/1 v4 */
79 PER_HPUX = 0x0010,
80 PER_MASK = 0x00ff,
cb33da57
BS		 81};
82
83/*
84 * Return the base personality without flags.
85 */
d97ef72e 86#define personality(pers) (pers & PER_MASK)
cb33da57 87
83fb7adf
FB		 88/* this flag is uneffective under linux too, should be deleted */
89#ifndef MAP_DENYWRITE
90#define MAP_DENYWRITE 0
91#endif
92
93/* should probably go in elf.h */
94#ifndef ELIBBAD
95#define ELIBBAD 80
96#endif
97
28490231
RH		 98#ifdef TARGET_WORDS_BIGENDIAN
99#define ELF_DATA ELFDATA2MSB
100#else
101#define ELF_DATA ELFDATA2LSB
102#endif
103
d97ef72e 104typedef target_ulong target_elf_greg_t;
21e807fa 105#ifdef USE_UID16
80f5ce75
LV		 106typedef target_ushort target_uid_t;
107typedef target_ushort target_gid_t;
21e807fa 108#else
80f5ce75
LV		 109typedef target_uint target_uid_t;
110typedef target_uint target_gid_t;
21e807fa 111#endif
80f5ce75 112typedef target_int target_pid_t;
21e807fa 113
30ac07d4
FB		 114#ifdef TARGET_I386
115
15338fd7
FB		 116#define ELF_PLATFORM get_elf_platform()
117
118static const char *get_elf_platform(void)
119{
120 static char elf_platform[] = "i386";
d5975363 121 int family = (thread_env->cpuid_version >> 8) & 0xff;
15338fd7
FB		 122 if (family > 6)
123 family = 6;
124 if (family >= 3)
125 elf_platform[1] = '0' + family;
126 return elf_platform;
127}
128
129#define ELF_HWCAP get_elf_hwcap()
130
131static uint32_t get_elf_hwcap(void)
132{
d97ef72e 133 return thread_env->cpuid_features;
15338fd7
FB		 134}
135
84409ddb
JM		 136#ifdef TARGET_X86_64
137#define ELF_START_MMAP 0x2aaaaab000ULL
138#define elf_check_arch(x) ( ((x) == ELF_ARCH) )
139
140#define ELF_CLASS ELFCLASS64
84409ddb
JM		 141#define ELF_ARCH EM_X86_64
142
143static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop)
144{
145 regs->rax = 0;
146 regs->rsp = infop->start_stack;
147 regs->rip = infop->entry;
148}
149
9edc5d79 150#define ELF_NREG 27
c227f099 151typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
9edc5d79
MW		 152
153/*
154 * Note that ELF_NREG should be 29 as there should be place for
155 * TRAPNO and ERR "registers" as well but linux doesn't dump
156 * those.
157 *
158 * See linux kernel: arch/x86/include/asm/elf.h
159 */
c227f099 160static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env)
9edc5d79
MW		 161{
162 (*regs)[0] = env->regs[15];
163 (*regs)[1] = env->regs[14];
164 (*regs)[2] = env->regs[13];
165 (*regs)[3] = env->regs[12];
166 (*regs)[4] = env->regs[R_EBP];
167 (*regs)[5] = env->regs[R_EBX];
168 (*regs)[6] = env->regs[11];
169 (*regs)[7] = env->regs[10];
170 (*regs)[8] = env->regs[9];
171 (*regs)[9] = env->regs[8];
172 (*regs)[10] = env->regs[R_EAX];
173 (*regs)[11] = env->regs[R_ECX];
174 (*regs)[12] = env->regs[R_EDX];
175 (*regs)[13] = env->regs[R_ESI];
176 (*regs)[14] = env->regs[R_EDI];
177 (*regs)[15] = env->regs[R_EAX]; /* XXX */
178 (*regs)[16] = env->eip;
179 (*regs)[17] = env->segs[R_CS].selector & 0xffff;
180 (*regs)[18] = env->eflags;
181 (*regs)[19] = env->regs[R_ESP];
182 (*regs)[20] = env->segs[R_SS].selector & 0xffff;
183 (*regs)[21] = env->segs[R_FS].selector & 0xffff;
184 (*regs)[22] = env->segs[R_GS].selector & 0xffff;
185 (*regs)[23] = env->segs[R_DS].selector & 0xffff;
186 (*regs)[24] = env->segs[R_ES].selector & 0xffff;
187 (*regs)[25] = env->segs[R_FS].selector & 0xffff;
188 (*regs)[26] = env->segs[R_GS].selector & 0xffff;
189}
190
84409ddb
JM		 191#else
192
30ac07d4
FB		 193#define ELF_START_MMAP 0x80000000
194
30ac07d4
FB		 195/*
196 * This is used to ensure we don't load something for the wrong architecture.
197 */
198#define elf_check_arch(x) ( ((x) == EM_386) || ((x) == EM_486) )
199
200/*
201 * These are used to set parameters in the core dumps.
202 */
d97ef72e 203#define ELF_CLASS ELFCLASS32
d97ef72e 204#define ELF_ARCH EM_386
30ac07d4 205
d97ef72e
RH		 206static inline void init_thread(struct target_pt_regs *regs,
207 struct image_info *infop)
b346ff46
FB		 208{
209 regs->esp = infop->start_stack;
210 regs->eip = infop->entry;
e5fe0c52
PB		 211
212 /* SVR4/i386 ABI (pages 3-31, 3-32) says that when the program
213 starts %edx contains a pointer to a function which might be
214 registered using `atexit'. This provides a mean for the
215 dynamic linker to call DT_FINI functions for shared libraries
216 that have been loaded before the code runs.
217
218 A value of 0 tells we have no such handler. */
219 regs->edx = 0;
b346ff46 220}
9edc5d79 221
9edc5d79 222#define ELF_NREG 17
c227f099 223typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
9edc5d79
MW		 224
225/*
226 * Note that ELF_NREG should be 19 as there should be place for
227 * TRAPNO and ERR "registers" as well but linux doesn't dump
228 * those.
229 *
230 * See linux kernel: arch/x86/include/asm/elf.h
231 */
c227f099 232static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env)
9edc5d79
MW		 233{
234 (*regs)[0] = env->regs[R_EBX];
235 (*regs)[1] = env->regs[R_ECX];
236 (*regs)[2] = env->regs[R_EDX];
237 (*regs)[3] = env->regs[R_ESI];
238 (*regs)[4] = env->regs[R_EDI];
239 (*regs)[5] = env->regs[R_EBP];
240 (*regs)[6] = env->regs[R_EAX];
241 (*regs)[7] = env->segs[R_DS].selector & 0xffff;
242 (*regs)[8] = env->segs[R_ES].selector & 0xffff;
243 (*regs)[9] = env->segs[R_FS].selector & 0xffff;
244 (*regs)[10] = env->segs[R_GS].selector & 0xffff;
245 (*regs)[11] = env->regs[R_EAX]; /* XXX */
246 (*regs)[12] = env->eip;
247 (*regs)[13] = env->segs[R_CS].selector & 0xffff;
248 (*regs)[14] = env->eflags;
249 (*regs)[15] = env->regs[R_ESP];
250 (*regs)[16] = env->segs[R_SS].selector & 0xffff;
251}
84409ddb 252#endif
b346ff46 253
9edc5d79 254#define USE_ELF_CORE_DUMP
d97ef72e 255#define ELF_EXEC_PAGESIZE 4096
b346ff46
FB		 256
257#endif
258
259#ifdef TARGET_ARM
260
261#define ELF_START_MMAP 0x80000000
262
263#define elf_check_arch(x) ( (x) == EM_ARM )
264
d97ef72e 265#define ELF_CLASS ELFCLASS32
d97ef72e 266#define ELF_ARCH EM_ARM
b346ff46 267
d97ef72e
RH		 268static inline void init_thread(struct target_pt_regs *regs,
269 struct image_info *infop)
b346ff46 270{
992f48a0 271 abi_long stack = infop->start_stack;
b346ff46
FB		 272 memset(regs, 0, sizeof(*regs));
273 regs->ARM_cpsr = 0x10;
0240ded8 274 if (infop->entry & 1)
d97ef72e 275 regs->ARM_cpsr |= CPSR_T;
0240ded8 276 regs->ARM_pc = infop->entry & 0xfffffffe;
b346ff46 277 regs->ARM_sp = infop->start_stack;
2f619698
FB		 278 /* FIXME - what to for failure of get_user()? */
279 get_user_ual(regs->ARM_r2, stack + 8); /* envp */
280 get_user_ual(regs->ARM_r1, stack + 4); /* envp */
a1516e92 281 /* XXX: it seems that r0 is zeroed after ! */
e5fe0c52
PB		 282 regs->ARM_r0 = 0;
283 /* For uClinux PIC binaries. */
863cf0b7 284 /* XXX: Linux does this only on ARM with no MMU (do we care ?) */
e5fe0c52 285 regs->ARM_r10 = infop->start_data;
b346ff46
FB		 286}
287
edf8e2af 288#define ELF_NREG 18
c227f099 289typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
edf8e2af 290
c227f099 291static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env)
edf8e2af 292{
d049e626
NF		 293 (*regs)[0] = tswapl(env->regs[0]);
294 (*regs)[1] = tswapl(env->regs[1]);
295 (*regs)[2] = tswapl(env->regs[2]);
296 (*regs)[3] = tswapl(env->regs[3]);
297 (*regs)[4] = tswapl(env->regs[4]);
298 (*regs)[5] = tswapl(env->regs[5]);
299 (*regs)[6] = tswapl(env->regs[6]);
300 (*regs)[7] = tswapl(env->regs[7]);
301 (*regs)[8] = tswapl(env->regs[8]);
302 (*regs)[9] = tswapl(env->regs[9]);
303 (*regs)[10] = tswapl(env->regs[10]);
304 (*regs)[11] = tswapl(env->regs[11]);
305 (*regs)[12] = tswapl(env->regs[12]);
306 (*regs)[13] = tswapl(env->regs[13]);
307 (*regs)[14] = tswapl(env->regs[14]);
308 (*regs)[15] = tswapl(env->regs[15]);
309
310 (*regs)[16] = tswapl(cpsr_read((CPUState *)env));
311 (*regs)[17] = tswapl(env->regs[0]); /* XXX */
edf8e2af
MW		 312}
313
30ac07d4 314#define USE_ELF_CORE_DUMP
d97ef72e 315#define ELF_EXEC_PAGESIZE 4096
30ac07d4 316
afce2927
FB		 317enum
318{
d97ef72e
RH		 319 ARM_HWCAP_ARM_SWP = 1 << 0,
320 ARM_HWCAP_ARM_HALF = 1 << 1,
321 ARM_HWCAP_ARM_THUMB = 1 << 2,
322 ARM_HWCAP_ARM_26BIT = 1 << 3,
323 ARM_HWCAP_ARM_FAST_MULT = 1 << 4,
324 ARM_HWCAP_ARM_FPA = 1 << 5,
325 ARM_HWCAP_ARM_VFP = 1 << 6,
326 ARM_HWCAP_ARM_EDSP = 1 << 7,
327 ARM_HWCAP_ARM_JAVA = 1 << 8,
328 ARM_HWCAP_ARM_IWMMXT = 1 << 9,
329 ARM_HWCAP_ARM_THUMBEE = 1 << 10,
330 ARM_HWCAP_ARM_NEON = 1 << 11,
331 ARM_HWCAP_ARM_VFPv3 = 1 << 12,
332 ARM_HWCAP_ARM_VFPv3D16 = 1 << 13,
afce2927
FB		 333};
334
d97ef72e
RH		 335#define ELF_HWCAP (ARM_HWCAP_ARM_SWP | ARM_HWCAP_ARM_HALF \
336 | ARM_HWCAP_ARM_THUMB | ARM_HWCAP_ARM_FAST_MULT \
337 | ARM_HWCAP_ARM_FPA | ARM_HWCAP_ARM_VFP \
338 | ARM_HWCAP_ARM_NEON | ARM_HWCAP_ARM_VFPv3 )
afce2927 339
30ac07d4
FB		 340#endif
341
d2fbca94
GX		 342#ifdef TARGET_UNICORE32
343
344#define ELF_START_MMAP 0x80000000
345
346#define elf_check_arch(x) ((x) == EM_UNICORE32)
347
348#define ELF_CLASS ELFCLASS32
349#define ELF_DATA ELFDATA2LSB
350#define ELF_ARCH EM_UNICORE32
351
352static inline void init_thread(struct target_pt_regs *regs,
353 struct image_info *infop)
354{
355 abi_long stack = infop->start_stack;
356 memset(regs, 0, sizeof(*regs));
357 regs->UC32_REG_asr = 0x10;
358 regs->UC32_REG_pc = infop->entry & 0xfffffffe;
359 regs->UC32_REG_sp = infop->start_stack;
360 /* FIXME - what to for failure of get_user()? */
361 get_user_ual(regs->UC32_REG_02, stack + 8); /* envp */
362 get_user_ual(regs->UC32_REG_01, stack + 4); /* envp */
363 /* XXX: it seems that r0 is zeroed after ! */
364 regs->UC32_REG_00 = 0;
365}
366
367#define ELF_NREG 34
368typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
369
370static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env)
371{
372 (*regs)[0] = env->regs[0];
373 (*regs)[1] = env->regs[1];
374 (*regs)[2] = env->regs[2];
375 (*regs)[3] = env->regs[3];
376 (*regs)[4] = env->regs[4];
377 (*regs)[5] = env->regs[5];
378 (*regs)[6] = env->regs[6];
379 (*regs)[7] = env->regs[7];
380 (*regs)[8] = env->regs[8];
381 (*regs)[9] = env->regs[9];
382 (*regs)[10] = env->regs[10];
383 (*regs)[11] = env->regs[11];
384 (*regs)[12] = env->regs[12];
385 (*regs)[13] = env->regs[13];
386 (*regs)[14] = env->regs[14];
387 (*regs)[15] = env->regs[15];
388 (*regs)[16] = env->regs[16];
389 (*regs)[17] = env->regs[17];
390 (*regs)[18] = env->regs[18];
391 (*regs)[19] = env->regs[19];
392 (*regs)[20] = env->regs[20];
393 (*regs)[21] = env->regs[21];
394 (*regs)[22] = env->regs[22];
395 (*regs)[23] = env->regs[23];
396 (*regs)[24] = env->regs[24];
397 (*regs)[25] = env->regs[25];
398 (*regs)[26] = env->regs[26];
399 (*regs)[27] = env->regs[27];
400 (*regs)[28] = env->regs[28];
401 (*regs)[29] = env->regs[29];
402 (*regs)[30] = env->regs[30];
403 (*regs)[31] = env->regs[31];
404
405 (*regs)[32] = cpu_asr_read((CPUState *)env);
406 (*regs)[33] = env->regs[0]; /* XXX */
407}
408
409#define USE_ELF_CORE_DUMP
410#define ELF_EXEC_PAGESIZE 4096
411
412#define ELF_HWCAP (UC32_HWCAP_CMOV | UC32_HWCAP_UCF64)
413
414#endif
415
853d6f7a 416#ifdef TARGET_SPARC
a315a145 417#ifdef TARGET_SPARC64
853d6f7a
FB		 418
419#define ELF_START_MMAP 0x80000000
cf973e46
AT		 420#define ELF_HWCAP (HWCAP_SPARC_FLUSH | HWCAP_SPARC_STBAR | HWCAP_SPARC_SWAP \
421 | HWCAP_SPARC_MULDIV | HWCAP_SPARC_V9)
992f48a0 422#ifndef TARGET_ABI32
cb33da57 423#define elf_check_arch(x) ( (x) == EM_SPARCV9 || (x) == EM_SPARC32PLUS )
992f48a0
BS		 424#else
425#define elf_check_arch(x) ( (x) == EM_SPARC32PLUS || (x) == EM_SPARC )
426#endif
853d6f7a 427
a315a145 428#define ELF_CLASS ELFCLASS64
5ef54116
FB		 429#define ELF_ARCH EM_SPARCV9
430
d97ef72e 431#define STACK_BIAS 2047
a315a145 432
d97ef72e
RH		 433static inline void init_thread(struct target_pt_regs *regs,
434 struct image_info *infop)
a315a145 435{
992f48a0 436#ifndef TARGET_ABI32
a315a145 437 regs->tstate = 0;
992f48a0 438#endif
a315a145
FB		 439 regs->pc = infop->entry;
440 regs->npc = regs->pc + 4;
441 regs->y = 0;
992f48a0
BS		 442#ifdef TARGET_ABI32
443 regs->u_regs[14] = infop->start_stack - 16 * 4;
444#else
cb33da57
BS		 445 if (personality(infop->personality) == PER_LINUX32)
446 regs->u_regs[14] = infop->start_stack - 16 * 4;
447 else
448 regs->u_regs[14] = infop->start_stack - 16 * 8 - STACK_BIAS;
992f48a0 449#endif
a315a145
FB		 450}
451
452#else
453#define ELF_START_MMAP 0x80000000
cf973e46
AT		 454#define ELF_HWCAP (HWCAP_SPARC_FLUSH | HWCAP_SPARC_STBAR | HWCAP_SPARC_SWAP \
455 | HWCAP_SPARC_MULDIV)
a315a145
FB		 456#define elf_check_arch(x) ( (x) == EM_SPARC )
457
853d6f7a 458#define ELF_CLASS ELFCLASS32
853d6f7a
FB		 459#define ELF_ARCH EM_SPARC
460
d97ef72e
RH		 461static inline void init_thread(struct target_pt_regs *regs,
462 struct image_info *infop)
853d6f7a 463{
f5155289
FB		 464 regs->psr = 0;
465 regs->pc = infop->entry;
466 regs->npc = regs->pc + 4;
467 regs->y = 0;
468 regs->u_regs[14] = infop->start_stack - 16 * 4;
853d6f7a
FB		 469}
470
a315a145 471#endif
853d6f7a
FB		 472#endif
473
67867308
FB		 474#ifdef TARGET_PPC
475
476#define ELF_START_MMAP 0x80000000
477
e85e7c6e 478#if defined(TARGET_PPC64) && !defined(TARGET_ABI32)
84409ddb
JM		 479
480#define elf_check_arch(x) ( (x) == EM_PPC64 )
481
d97ef72e 482#define ELF_CLASS ELFCLASS64
84409ddb
JM		 483
484#else
485
67867308
FB		 486#define elf_check_arch(x) ( (x) == EM_PPC )
487
d97ef72e 488#define ELF_CLASS ELFCLASS32
84409ddb
JM		 489
490#endif
491
d97ef72e 492#define ELF_ARCH EM_PPC
67867308 493
df84e4f3
NF		 494/* Feature masks for the Aux Vector Hardware Capabilities (AT_HWCAP).
495 See arch/powerpc/include/asm/cputable.h. */
496enum {
3efa9a67 497 QEMU_PPC_FEATURE_32 = 0x80000000,
498 QEMU_PPC_FEATURE_64 = 0x40000000,
499 QEMU_PPC_FEATURE_601_INSTR = 0x20000000,
500 QEMU_PPC_FEATURE_HAS_ALTIVEC = 0x10000000,
501 QEMU_PPC_FEATURE_HAS_FPU = 0x08000000,
502 QEMU_PPC_FEATURE_HAS_MMU = 0x04000000,
503 QEMU_PPC_FEATURE_HAS_4xxMAC = 0x02000000,
504 QEMU_PPC_FEATURE_UNIFIED_CACHE = 0x01000000,
505 QEMU_PPC_FEATURE_HAS_SPE = 0x00800000,
506 QEMU_PPC_FEATURE_HAS_EFP_SINGLE = 0x00400000,
507 QEMU_PPC_FEATURE_HAS_EFP_DOUBLE = 0x00200000,
508 QEMU_PPC_FEATURE_NO_TB = 0x00100000,
509 QEMU_PPC_FEATURE_POWER4 = 0x00080000,
510 QEMU_PPC_FEATURE_POWER5 = 0x00040000,
511 QEMU_PPC_FEATURE_POWER5_PLUS = 0x00020000,
512 QEMU_PPC_FEATURE_CELL = 0x00010000,
513 QEMU_PPC_FEATURE_BOOKE = 0x00008000,
514 QEMU_PPC_FEATURE_SMT = 0x00004000,
515 QEMU_PPC_FEATURE_ICACHE_SNOOP = 0x00002000,
516 QEMU_PPC_FEATURE_ARCH_2_05 = 0x00001000,
517 QEMU_PPC_FEATURE_PA6T = 0x00000800,
518 QEMU_PPC_FEATURE_HAS_DFP = 0x00000400,
519 QEMU_PPC_FEATURE_POWER6_EXT = 0x00000200,
520 QEMU_PPC_FEATURE_ARCH_2_06 = 0x00000100,
521 QEMU_PPC_FEATURE_HAS_VSX = 0x00000080,
522 QEMU_PPC_FEATURE_PSERIES_PERFMON_COMPAT = 0x00000040,
523
524 QEMU_PPC_FEATURE_TRUE_LE = 0x00000002,
525 QEMU_PPC_FEATURE_PPC_LE = 0x00000001,
df84e4f3
NF		 526};
527
528#define ELF_HWCAP get_elf_hwcap()
529
530static uint32_t get_elf_hwcap(void)
531{
532 CPUState *e = thread_env;
533 uint32_t features = 0;
534
535 /* We don't have to be terribly complete here; the high points are
536 Altivec/FP/SPE support. Anything else is just a bonus. */
d97ef72e 537#define GET_FEATURE(flag, feature) \
df84e4f3 538 do {if (e->insns_flags & flag) features |= feature; } while(0)
3efa9a67 539 GET_FEATURE(PPC_64B, QEMU_PPC_FEATURE_64);
540 GET_FEATURE(PPC_FLOAT, QEMU_PPC_FEATURE_HAS_FPU);
541 GET_FEATURE(PPC_ALTIVEC, QEMU_PPC_FEATURE_HAS_ALTIVEC);
542 GET_FEATURE(PPC_SPE, QEMU_PPC_FEATURE_HAS_SPE);
543 GET_FEATURE(PPC_SPE_SINGLE, QEMU_PPC_FEATURE_HAS_EFP_SINGLE);
544 GET_FEATURE(PPC_SPE_DOUBLE, QEMU_PPC_FEATURE_HAS_EFP_DOUBLE);
545 GET_FEATURE(PPC_BOOKE, QEMU_PPC_FEATURE_BOOKE);
546 GET_FEATURE(PPC_405_MAC, QEMU_PPC_FEATURE_HAS_4xxMAC);
df84e4f3
NF		 547#undef GET_FEATURE
548
549 return features;
550}
551
f5155289
FB		 552/*
553 * The requirements here are:
554 * - keep the final alignment of sp (sp & 0xf)
555 * - make sure the 32-bit value at the first 16 byte aligned position of
556 * AUXV is greater than 16 for glibc compatibility.
557 * AT_IGNOREPPC is used for that.
558 * - for compatibility with glibc ARCH_DLINFO must always be defined on PPC,
559 * even if DLINFO_ARCH_ITEMS goes to zero or is undefined.
560 */
0bccf03d 561#define DLINFO_ARCH_ITEMS 5
d97ef72e
RH		 562#define ARCH_DLINFO \
563 do { \
564 NEW_AUX_ENT(AT_DCACHEBSIZE, 0x20); \
565 NEW_AUX_ENT(AT_ICACHEBSIZE, 0x20); \
566 NEW_AUX_ENT(AT_UCACHEBSIZE, 0); \
567 /* \
568 * Now handle glibc compatibility. \
569 */ \
570 NEW_AUX_ENT(AT_IGNOREPPC, AT_IGNOREPPC); \
571 NEW_AUX_ENT(AT_IGNOREPPC, AT_IGNOREPPC); \
572 } while (0)
f5155289 573
67867308
FB		 574static inline void init_thread(struct target_pt_regs *_regs, struct image_info *infop)
575{
67867308 576 _regs->gpr[1] = infop->start_stack;
e85e7c6e 577#if defined(TARGET_PPC64) && !defined(TARGET_ABI32)
7983f435
RL		 578 _regs->gpr[2] = ldq_raw(infop->entry + 8) + infop->load_addr;
579 infop->entry = ldq_raw(infop->entry) + infop->load_addr;
84409ddb 580#endif
67867308
FB		 581 _regs->nip = infop->entry;
582}
583
e2f3e741
NF		 584/* See linux kernel: arch/powerpc/include/asm/elf.h. */
585#define ELF_NREG 48
586typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
587
588static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env)
589{
590 int i;
591 target_ulong ccr = 0;
592
593 for (i = 0; i < ARRAY_SIZE(env->gpr); i++) {
594 (*regs)[i] = tswapl(env->gpr[i]);
595 }
596
597 (*regs)[32] = tswapl(env->nip);
598 (*regs)[33] = tswapl(env->msr);
599 (*regs)[35] = tswapl(env->ctr);
600 (*regs)[36] = tswapl(env->lr);
601 (*regs)[37] = tswapl(env->xer);
602
603 for (i = 0; i < ARRAY_SIZE(env->crf); i++) {
604 ccr |= env->crf[i] << (32 - ((i + 1) * 4));
605 }
606 (*regs)[38] = tswapl(ccr);
607}
608
609#define USE_ELF_CORE_DUMP
d97ef72e 610#define ELF_EXEC_PAGESIZE 4096
67867308
FB		 611
612#endif
613
048f6b4d
FB		 614#ifdef TARGET_MIPS
615
616#define ELF_START_MMAP 0x80000000
617
618#define elf_check_arch(x) ( (x) == EM_MIPS )
619
388bb21a
TS		 620#ifdef TARGET_MIPS64
621#define ELF_CLASS ELFCLASS64
622#else
048f6b4d 623#define ELF_CLASS ELFCLASS32
388bb21a 624#endif
048f6b4d
FB		 625#define ELF_ARCH EM_MIPS
626
d97ef72e
RH		 627static inline void init_thread(struct target_pt_regs *regs,
628 struct image_info *infop)
048f6b4d 629{
623a930e 630 regs->cp0_status = 2 << CP0St_KSU;
048f6b4d
FB		 631 regs->cp0_epc = infop->entry;
632 regs->regs[29] = infop->start_stack;
633}
634
51e52606
NF		 635/* See linux kernel: arch/mips/include/asm/elf.h. */
636#define ELF_NREG 45
637typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
638
639/* See linux kernel: arch/mips/include/asm/reg.h. */
640enum {
641#ifdef TARGET_MIPS64
642 TARGET_EF_R0 = 0,
643#else
644 TARGET_EF_R0 = 6,
645#endif
646 TARGET_EF_R26 = TARGET_EF_R0 + 26,
647 TARGET_EF_R27 = TARGET_EF_R0 + 27,
648 TARGET_EF_LO = TARGET_EF_R0 + 32,
649 TARGET_EF_HI = TARGET_EF_R0 + 33,
650 TARGET_EF_CP0_EPC = TARGET_EF_R0 + 34,
651 TARGET_EF_CP0_BADVADDR = TARGET_EF_R0 + 35,
652 TARGET_EF_CP0_STATUS = TARGET_EF_R0 + 36,
653 TARGET_EF_CP0_CAUSE = TARGET_EF_R0 + 37
654};
655
656/* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs. */
657static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env)
658{
659 int i;
660
661 for (i = 0; i < TARGET_EF_R0; i++) {
662 (*regs)[i] = 0;
663 }
664 (*regs)[TARGET_EF_R0] = 0;
665
666 for (i = 1; i < ARRAY_SIZE(env->active_tc.gpr); i++) {
667 (*regs)[TARGET_EF_R0 + i] = tswapl(env->active_tc.gpr[i]);
668 }
669
670 (*regs)[TARGET_EF_R26] = 0;
671 (*regs)[TARGET_EF_R27] = 0;
672 (*regs)[TARGET_EF_LO] = tswapl(env->active_tc.LO[0]);
673 (*regs)[TARGET_EF_HI] = tswapl(env->active_tc.HI[0]);
674 (*regs)[TARGET_EF_CP0_EPC] = tswapl(env->active_tc.PC);
675 (*regs)[TARGET_EF_CP0_BADVADDR] = tswapl(env->CP0_BadVAddr);
676 (*regs)[TARGET_EF_CP0_STATUS] = tswapl(env->CP0_Status);
677 (*regs)[TARGET_EF_CP0_CAUSE] = tswapl(env->CP0_Cause);
678}
679
680#define USE_ELF_CORE_DUMP
388bb21a
TS		 681#define ELF_EXEC_PAGESIZE 4096
682
048f6b4d
FB		 683#endif /* TARGET_MIPS */
684
b779e29e
EI		 685#ifdef TARGET_MICROBLAZE
686
687#define ELF_START_MMAP 0x80000000
688
0d5d4699 689#define elf_check_arch(x) ( (x) == EM_MICROBLAZE || (x) == EM_MICROBLAZE_OLD)
b779e29e
EI		 690
691#define ELF_CLASS ELFCLASS32
0d5d4699 692#define ELF_ARCH EM_MICROBLAZE
b779e29e 693
d97ef72e
RH		 694static inline void init_thread(struct target_pt_regs *regs,
695 struct image_info *infop)
b779e29e
EI		 696{
697 regs->pc = infop->entry;
698 regs->r1 = infop->start_stack;
699
700}
701
b779e29e
EI		 702#define ELF_EXEC_PAGESIZE 4096
703
e4cbd44d
EI		 704#define USE_ELF_CORE_DUMP
705#define ELF_NREG 38
706typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
707
708/* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs. */
709static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env)
710{
711 int i, pos = 0;
712
713 for (i = 0; i < 32; i++) {
714 (*regs)[pos++] = tswapl(env->regs[i]);
715 }
716
717 for (i = 0; i < 6; i++) {
718 (*regs)[pos++] = tswapl(env->sregs[i]);
719 }
720}
721
b779e29e
EI		 722#endif /* TARGET_MICROBLAZE */
723
fdf9b3e8
FB		 724#ifdef TARGET_SH4
725
726#define ELF_START_MMAP 0x80000000
727
728#define elf_check_arch(x) ( (x) == EM_SH )
729
730#define ELF_CLASS ELFCLASS32
fdf9b3e8
FB		 731#define ELF_ARCH EM_SH
732
d97ef72e
RH		 733static inline void init_thread(struct target_pt_regs *regs,
734 struct image_info *infop)
fdf9b3e8 735{
d97ef72e
RH		 736 /* Check other registers XXXXX */
737 regs->pc = infop->entry;
738 regs->regs[15] = infop->start_stack;
fdf9b3e8
FB		 739}
740
7631c97e
NF		 741/* See linux kernel: arch/sh/include/asm/elf.h. */
742#define ELF_NREG 23
743typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
744
745/* See linux kernel: arch/sh/include/asm/ptrace.h. */
746enum {
747 TARGET_REG_PC = 16,
748 TARGET_REG_PR = 17,
749 TARGET_REG_SR = 18,
750 TARGET_REG_GBR = 19,
751 TARGET_REG_MACH = 20,
752 TARGET_REG_MACL = 21,
753 TARGET_REG_SYSCALL = 22
754};
755
d97ef72e
RH		 756static inline void elf_core_copy_regs(target_elf_gregset_t *regs,
757 const CPUState *env)
7631c97e
NF		 758{
759 int i;
760
761 for (i = 0; i < 16; i++) {
762 (*regs[i]) = tswapl(env->gregs[i]);
763 }
764
765 (*regs)[TARGET_REG_PC] = tswapl(env->pc);
766 (*regs)[TARGET_REG_PR] = tswapl(env->pr);
767 (*regs)[TARGET_REG_SR] = tswapl(env->sr);
768 (*regs)[TARGET_REG_GBR] = tswapl(env->gbr);
769 (*regs)[TARGET_REG_MACH] = tswapl(env->mach);
770 (*regs)[TARGET_REG_MACL] = tswapl(env->macl);
771 (*regs)[TARGET_REG_SYSCALL] = 0; /* FIXME */
772}
773
774#define USE_ELF_CORE_DUMP
fdf9b3e8
FB		 775#define ELF_EXEC_PAGESIZE 4096
776
777#endif
778
48733d19
TS		 779#ifdef TARGET_CRIS
780
781#define ELF_START_MMAP 0x80000000
782
783#define elf_check_arch(x) ( (x) == EM_CRIS )
784
785#define ELF_CLASS ELFCLASS32
48733d19
TS		 786#define ELF_ARCH EM_CRIS
787
d97ef72e
RH		 788static inline void init_thread(struct target_pt_regs *regs,
789 struct image_info *infop)
48733d19 790{
d97ef72e 791 regs->erp = infop->entry;
48733d19
TS		 792}
793
48733d19
TS		 794#define ELF_EXEC_PAGESIZE 8192
795
796#endif
797
e6e5906b
PB		 798#ifdef TARGET_M68K
799
800#define ELF_START_MMAP 0x80000000
801
802#define elf_check_arch(x) ( (x) == EM_68K )
803
d97ef72e 804#define ELF_CLASS ELFCLASS32
d97ef72e 805#define ELF_ARCH EM_68K
e6e5906b
PB		 806
807/* ??? Does this need to do anything?
d97ef72e 808 #define ELF_PLAT_INIT(_r) */
e6e5906b 809
d97ef72e
RH		 810static inline void init_thread(struct target_pt_regs *regs,
811 struct image_info *infop)
e6e5906b
PB		 812{
813 regs->usp = infop->start_stack;
814 regs->sr = 0;
815 regs->pc = infop->entry;
816}
817
7a93cc55
NF		 818/* See linux kernel: arch/m68k/include/asm/elf.h. */
819#define ELF_NREG 20
820typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
821
822static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env)
823{
824 (*regs)[0] = tswapl(env->dregs[1]);
825 (*regs)[1] = tswapl(env->dregs[2]);
826 (*regs)[2] = tswapl(env->dregs[3]);
827 (*regs)[3] = tswapl(env->dregs[4]);
828 (*regs)[4] = tswapl(env->dregs[5]);
829 (*regs)[5] = tswapl(env->dregs[6]);
830 (*regs)[6] = tswapl(env->dregs[7]);
831 (*regs)[7] = tswapl(env->aregs[0]);
832 (*regs)[8] = tswapl(env->aregs[1]);
833 (*regs)[9] = tswapl(env->aregs[2]);
834 (*regs)[10] = tswapl(env->aregs[3]);
835 (*regs)[11] = tswapl(env->aregs[4]);
836 (*regs)[12] = tswapl(env->aregs[5]);
837 (*regs)[13] = tswapl(env->aregs[6]);
838 (*regs)[14] = tswapl(env->dregs[0]);
839 (*regs)[15] = tswapl(env->aregs[7]);
840 (*regs)[16] = tswapl(env->dregs[0]); /* FIXME: orig_d0 */
841 (*regs)[17] = tswapl(env->sr);
842 (*regs)[18] = tswapl(env->pc);
843 (*regs)[19] = 0; /* FIXME: regs->format | regs->vector */
844}
845
846#define USE_ELF_CORE_DUMP
d97ef72e 847#define ELF_EXEC_PAGESIZE 8192
e6e5906b
PB		 848
849#endif
850
7a3148a9
JM		 851#ifdef TARGET_ALPHA
852
853#define ELF_START_MMAP (0x30000000000ULL)
854
855#define elf_check_arch(x) ( (x) == ELF_ARCH )
856
857#define ELF_CLASS ELFCLASS64
7a3148a9
JM		 858#define ELF_ARCH EM_ALPHA
859
d97ef72e
RH		 860static inline void init_thread(struct target_pt_regs *regs,
861 struct image_info *infop)
7a3148a9
JM		 862{
863 regs->pc = infop->entry;
864 regs->ps = 8;
865 regs->usp = infop->start_stack;
7a3148a9
JM		 866}
867
7a3148a9
JM		 868#define ELF_EXEC_PAGESIZE 8192
869
870#endif /* TARGET_ALPHA */
871
a4c075f1
UH		 872#ifdef TARGET_S390X
873
874#define ELF_START_MMAP (0x20000000000ULL)
875
876#define elf_check_arch(x) ( (x) == ELF_ARCH )
877
878#define ELF_CLASS ELFCLASS64
879#define ELF_DATA ELFDATA2MSB
880#define ELF_ARCH EM_S390
881
882static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop)
883{
884 regs->psw.addr = infop->entry;
885 regs->psw.mask = PSW_MASK_64 | PSW_MASK_32;
886 regs->gprs[15] = infop->start_stack;
887}
888
889#endif /* TARGET_S390X */
890
15338fd7
FB		 891#ifndef ELF_PLATFORM
892#define ELF_PLATFORM (NULL)
893#endif
894
895#ifndef ELF_HWCAP
896#define ELF_HWCAP 0
897#endif
898
992f48a0 899#ifdef TARGET_ABI32
cb33da57 900#undef ELF_CLASS
992f48a0 901#define ELF_CLASS ELFCLASS32
cb33da57
BS		 902#undef bswaptls
903#define bswaptls(ptr) bswap32s(ptr)
904#endif
905
31e31b8a 906#include "elf.h"
09bfb054 907
09bfb054
FB		 908struct exec
909{
d97ef72e
RH		 910 unsigned int a_info; /* Use macros N_MAGIC, etc for access */
911 unsigned int a_text; /* length of text, in bytes */
912 unsigned int a_data; /* length of data, in bytes */
913 unsigned int a_bss; /* length of uninitialized data area, in bytes */
914 unsigned int a_syms; /* length of symbol table data in file, in bytes */
915 unsigned int a_entry; /* start address */
916 unsigned int a_trsize; /* length of relocation info for text, in bytes */
917 unsigned int a_drsize; /* length of relocation info for data, in bytes */
09bfb054
FB		 918};
919
920
921#define N_MAGIC(exec) ((exec).a_info & 0xffff)
922#define OMAGIC 0407
923#define NMAGIC 0410
924#define ZMAGIC 0413
925#define QMAGIC 0314
926
31e31b8a 927/* Necessary parameters */
54936004
FB		 928#define TARGET_ELF_EXEC_PAGESIZE TARGET_PAGE_SIZE
929#define TARGET_ELF_PAGESTART(_v) ((_v) & ~(unsigned long)(TARGET_ELF_EXEC_PAGESIZE-1))
930#define TARGET_ELF_PAGEOFFSET(_v) ((_v) & (TARGET_ELF_EXEC_PAGESIZE-1))
31e31b8a 931
14322bad 932#define DLINFO_ITEMS 13
31e31b8a 933
09bfb054
FB		 934static inline void memcpy_fromfs(void * to, const void * from, unsigned long n)
935{
d97ef72e 936 memcpy(to, from, n);
09bfb054 937}
d691f669 938
31e31b8a 939#ifdef BSWAP_NEEDED
92a31b1f 940static void bswap_ehdr(struct elfhdr *ehdr)
31e31b8a 941{
d97ef72e
RH		 942 bswap16s(&ehdr->e_type); /* Object file type */
943 bswap16s(&ehdr->e_machine); /* Architecture */
944 bswap32s(&ehdr->e_version); /* Object file version */
945 bswaptls(&ehdr->e_entry); /* Entry point virtual address */
946 bswaptls(&ehdr->e_phoff); /* Program header table file offset */
947 bswaptls(&ehdr->e_shoff); /* Section header table file offset */
948 bswap32s(&ehdr->e_flags); /* Processor-specific flags */
949 bswap16s(&ehdr->e_ehsize); /* ELF header size in bytes */
950 bswap16s(&ehdr->e_phentsize); /* Program header table entry size */
951 bswap16s(&ehdr->e_phnum); /* Program header table entry count */
952 bswap16s(&ehdr->e_shentsize); /* Section header table entry size */
953 bswap16s(&ehdr->e_shnum); /* Section header table entry count */
954 bswap16s(&ehdr->e_shstrndx); /* Section header string table index */
31e31b8a
FB		 955}
956
991f8f0c 957static void bswap_phdr(struct elf_phdr *phdr, int phnum)
31e31b8a 958{
991f8f0c
RH		 959 int i;
960 for (i = 0; i < phnum; ++i, ++phdr) {
961 bswap32s(&phdr->p_type); /* Segment type */
962 bswap32s(&phdr->p_flags); /* Segment flags */
963 bswaptls(&phdr->p_offset); /* Segment file offset */
964 bswaptls(&phdr->p_vaddr); /* Segment virtual address */
965 bswaptls(&phdr->p_paddr); /* Segment physical address */
966 bswaptls(&phdr->p_filesz); /* Segment size in file */
967 bswaptls(&phdr->p_memsz); /* Segment size in memory */
968 bswaptls(&phdr->p_align); /* Segment alignment */
969 }
31e31b8a 970}
689f936f 971
991f8f0c 972static void bswap_shdr(struct elf_shdr *shdr, int shnum)
689f936f 973{
991f8f0c
RH		 974 int i;
975 for (i = 0; i < shnum; ++i, ++shdr) {
976 bswap32s(&shdr->sh_name);
977 bswap32s(&shdr->sh_type);
978 bswaptls(&shdr->sh_flags);
979 bswaptls(&shdr->sh_addr);
980 bswaptls(&shdr->sh_offset);
981 bswaptls(&shdr->sh_size);
982 bswap32s(&shdr->sh_link);
983 bswap32s(&shdr->sh_info);
984 bswaptls(&shdr->sh_addralign);
985 bswaptls(&shdr->sh_entsize);
986 }
689f936f
FB		 987}
988
7a3148a9 989static void bswap_sym(struct elf_sym *sym)
689f936f
FB		 990{
991 bswap32s(&sym->st_name);
7a3148a9
JM		 992 bswaptls(&sym->st_value);
993 bswaptls(&sym->st_size);
689f936f
FB		 994 bswap16s(&sym->st_shndx);
995}
991f8f0c
RH		 996#else
997static inline void bswap_ehdr(struct elfhdr *ehdr) { }
998static inline void bswap_phdr(struct elf_phdr *phdr, int phnum) { }
999static inline void bswap_shdr(struct elf_shdr *shdr, int shnum) { }
1000static inline void bswap_sym(struct elf_sym *sym) { }
31e31b8a
FB		 1001#endif
1002
edf8e2af
MW		 1003#ifdef USE_ELF_CORE_DUMP
1004static int elf_core_dump(int, const CPUState *);
edf8e2af 1005#endif /* USE_ELF_CORE_DUMP */
682674b8 1006static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias);
edf8e2af 1007
9058abdd
RH		 1008/* Verify the portions of EHDR within E_IDENT for the target.
1009 This can be performed before bswapping the entire header. */
1010static bool elf_check_ident(struct elfhdr *ehdr)
1011{
1012 return (ehdr->e_ident[EI_MAG0] == ELFMAG0
1013 && ehdr->e_ident[EI_MAG1] == ELFMAG1
1014 && ehdr->e_ident[EI_MAG2] == ELFMAG2
1015 && ehdr->e_ident[EI_MAG3] == ELFMAG3
1016 && ehdr->e_ident[EI_CLASS] == ELF_CLASS
1017 && ehdr->e_ident[EI_DATA] == ELF_DATA
1018 && ehdr->e_ident[EI_VERSION] == EV_CURRENT);
1019}
1020
1021/* Verify the portions of EHDR outside of E_IDENT for the target.
1022 This has to wait until after bswapping the header. */
1023static bool elf_check_ehdr(struct elfhdr *ehdr)
1024{
1025 return (elf_check_arch(ehdr->e_machine)
1026 && ehdr->e_ehsize == sizeof(struct elfhdr)
1027 && ehdr->e_phentsize == sizeof(struct elf_phdr)
1028 && ehdr->e_shentsize == sizeof(struct elf_shdr)
1029 && (ehdr->e_type == ET_EXEC || ehdr->e_type == ET_DYN));
1030}
1031
31e31b8a 1032/*
e5fe0c52 1033 * 'copy_elf_strings()' copies argument/envelope strings from user
31e31b8a
FB		 1034 * memory to free pages in kernel mem. These are in a format ready
1035 * to be put directly into the top of new user memory.
1036 *
1037 */
992f48a0
BS		 1038static abi_ulong copy_elf_strings(int argc,char ** argv, void **page,
1039 abi_ulong p)
31e31b8a
FB		 1040{
1041 char *tmp, *tmp1, *pag = NULL;
1042 int len, offset = 0;
1043
1044 if (!p) {
d97ef72e 1045 return 0; /* bullet-proofing */
31e31b8a
FB		 1046 }
1047 while (argc-- > 0) {
edf779ff
FB		 1048 tmp = argv[argc];
1049 if (!tmp) {
d97ef72e
RH		 1050 fprintf(stderr, "VFS: argc is wrong");
1051 exit(-1);
1052 }
edf779ff 1053 tmp1 = tmp;
d97ef72e
RH		 1054 while (*tmp++);
1055 len = tmp - tmp1;
1056 if (p < len) { /* this shouldn't happen - 128kB */
1057 return 0;
1058 }
1059 while (len) {
1060 --p; --tmp; --len;
1061 if (--offset < 0) {
1062 offset = p % TARGET_PAGE_SIZE;
53a5960a 1063 pag = (char *)page[p/TARGET_PAGE_SIZE];
44a91cae 1064 if (!pag) {
53a5960a 1065 pag = (char *)malloc(TARGET_PAGE_SIZE);
4118a970 1066 memset(pag, 0, TARGET_PAGE_SIZE);
53a5960a 1067 page[p/TARGET_PAGE_SIZE] = pag;
44a91cae
FB		 1068 if (!pag)
1069 return 0;
d97ef72e
RH		 1070 }
1071 }
1072 if (len == 0 || offset == 0) {
1073 *(pag + offset) = *tmp;
1074 }
1075 else {
1076 int bytes_to_copy = (len > offset) ? offset : len;
1077 tmp -= bytes_to_copy;
1078 p -= bytes_to_copy;
1079 offset -= bytes_to_copy;
1080 len -= bytes_to_copy;
1081 memcpy_fromfs(pag + offset, tmp, bytes_to_copy + 1);
1082 }
1083 }
31e31b8a
FB		 1084 }
1085 return p;
1086}
1087
992f48a0
BS		 1088static abi_ulong setup_arg_pages(abi_ulong p, struct linux_binprm *bprm,
1089 struct image_info *info)
53a5960a 1090{
60dcbcb5 1091 abi_ulong stack_base, size, error, guard;
31e31b8a 1092 int i;
31e31b8a 1093
09bfb054 1094 /* Create enough stack to hold everything. If we don't use
60dcbcb5 1095 it for args, we'll use it for something else. */
703e0e89 1096 size = guest_stack_size;
60dcbcb5 1097 if (size < MAX_ARG_PAGES*TARGET_PAGE_SIZE) {
54936004 1098 size = MAX_ARG_PAGES*TARGET_PAGE_SIZE;
60dcbcb5
RH		 1099 }
1100 guard = TARGET_PAGE_SIZE;
1101 if (guard < qemu_real_host_page_size) {
1102 guard = qemu_real_host_page_size;
1103 }
1104
1105 error = target_mmap(0, size + guard, PROT_READ | PROT_WRITE,
1106 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
09bfb054 1107 if (error == -1) {
60dcbcb5 1108 perror("mmap stack");
09bfb054
FB		 1109 exit(-1);
1110 }
31e31b8a 1111
60dcbcb5
RH		 1112 /* We reserve one extra page at the top of the stack as guard. */
1113 target_mprotect(error, guard, PROT_NONE);
1114
1115 info->stack_limit = error + guard;
1116 stack_base = info->stack_limit + size - MAX_ARG_PAGES*TARGET_PAGE_SIZE;
31e31b8a 1117 p += stack_base;
09bfb054 1118
31e31b8a 1119 for (i = 0 ; i < MAX_ARG_PAGES ; i++) {
d97ef72e
RH		 1120 if (bprm->page[i]) {
1121 info->rss++;
579a97f7 1122 /* FIXME - check return value of memcpy_to_target() for failure */
d97ef72e
RH		 1123 memcpy_to_target(stack_base, bprm->page[i], TARGET_PAGE_SIZE);
1124 free(bprm->page[i]);
1125 }
53a5960a 1126 stack_base += TARGET_PAGE_SIZE;
31e31b8a
FB		 1127 }
1128 return p;
1129}
1130
cf129f3a
RH		 1131/* Map and zero the bss. We need to explicitly zero any fractional pages
1132 after the data section (i.e. bss). */
1133static void zero_bss(abi_ulong elf_bss, abi_ulong last_bss, int prot)
31e31b8a 1134{
cf129f3a
RH		 1135 uintptr_t host_start, host_map_start, host_end;
1136
1137 last_bss = TARGET_PAGE_ALIGN(last_bss);
1138
1139 /* ??? There is confusion between qemu_real_host_page_size and
1140 qemu_host_page_size here and elsewhere in target_mmap, which
1141 may lead to the end of the data section mapping from the file
1142 not being mapped. At least there was an explicit test and
1143 comment for that here, suggesting that "the file size must
1144 be known". The comment probably pre-dates the introduction
1145 of the fstat system call in target_mmap which does in fact
1146 find out the size. What isn't clear is if the workaround
1147 here is still actually needed. For now, continue with it,
1148 but merge it with the "normal" mmap that would allocate the bss. */
1149
1150 host_start = (uintptr_t) g2h(elf_bss);
1151 host_end = (uintptr_t) g2h(last_bss);
1152 host_map_start = (host_start + qemu_real_host_page_size - 1);
1153 host_map_start &= -qemu_real_host_page_size;
1154
1155 if (host_map_start < host_end) {
1156 void *p = mmap((void *)host_map_start, host_end - host_map_start,
1157 prot, MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
1158 if (p == MAP_FAILED) {
1159 perror("cannot mmap brk");
1160 exit(-1);
853d6f7a
FB		 1161 }
1162
cf129f3a
RH		 1163 /* Since we didn't use target_mmap, make sure to record
1164 the validity of the pages with qemu. */
1165 page_set_flags(elf_bss & TARGET_PAGE_MASK, last_bss, prot|PAGE_VALID);
1166 }
31e31b8a 1167
cf129f3a
RH		 1168 if (host_start < host_map_start) {
1169 memset((void *)host_start, 0, host_map_start - host_start);
1170 }
1171}
53a5960a 1172
1af02e83
MF		 1173#ifdef CONFIG_USE_FDPIC
1174static abi_ulong loader_build_fdpic_loadmap(struct image_info *info, abi_ulong sp)
1175{
1176 uint16_t n;
1177 struct elf32_fdpic_loadseg *loadsegs = info->loadsegs;
1178
1179 /* elf32_fdpic_loadseg */
1180 n = info->nsegs;
1181 while (n--) {
1182 sp -= 12;
1183 put_user_u32(loadsegs[n].addr, sp+0);
1184 put_user_u32(loadsegs[n].p_vaddr, sp+4);
1185 put_user_u32(loadsegs[n].p_memsz, sp+8);
1186 }
1187
1188 /* elf32_fdpic_loadmap */
1189 sp -= 4;
1190 put_user_u16(0, sp+0); /* version */
1191 put_user_u16(info->nsegs, sp+2); /* nsegs */
1192
1193 info->personality = PER_LINUX_FDPIC;
1194 info->loadmap_addr = sp;
1195
1196 return sp;
1197}
1198#endif
1199
992f48a0 1200static abi_ulong create_elf_tables(abi_ulong p, int argc, int envc,
8e62a717
RH		 1201 struct elfhdr *exec,
1202 struct image_info *info,
1203 struct image_info *interp_info)
31e31b8a 1204{
d97ef72e
RH		 1205 abi_ulong sp;
1206 int size;
14322bad
LA		 1207 int i;
1208 abi_ulong u_rand_bytes;
1209 uint8_t k_rand_bytes[16];
d97ef72e
RH		 1210 abi_ulong u_platform;
1211 const char *k_platform;
1212 const int n = sizeof(elf_addr_t);
1213
1214 sp = p;
1af02e83
MF		 1215
1216#ifdef CONFIG_USE_FDPIC
1217 /* Needs to be before we load the env/argc/... */
1218 if (elf_is_fdpic(exec)) {
1219 /* Need 4 byte alignment for these structs */
1220 sp &= ~3;
1221 sp = loader_build_fdpic_loadmap(info, sp);
1222 info->other_info = interp_info;
1223 if (interp_info) {
1224 interp_info->other_info = info;
1225 sp = loader_build_fdpic_loadmap(interp_info, sp);
1226 }
1227 }
1228#endif
1229
d97ef72e
RH		 1230 u_platform = 0;
1231 k_platform = ELF_PLATFORM;
1232 if (k_platform) {
1233 size_t len = strlen(k_platform) + 1;
1234 sp -= (len + n - 1) & ~(n - 1);
1235 u_platform = sp;
1236 /* FIXME - check return value of memcpy_to_target() for failure */
1237 memcpy_to_target(sp, k_platform, len);
1238 }
14322bad
LA		 1239
1240 /*
1241 * Generate 16 random bytes for userspace PRNG seeding (not
1242 * cryptically secure but it's not the aim of QEMU).
1243 */
1244 srand((unsigned int) time(NULL));
1245 for (i = 0; i < 16; i++) {
1246 k_rand_bytes[i] = rand();
1247 }
1248 sp -= 16;
1249 u_rand_bytes = sp;
1250 /* FIXME - check return value of memcpy_to_target() for failure */
1251 memcpy_to_target(sp, k_rand_bytes, 16);
1252
d97ef72e
RH		 1253 /*
1254 * Force 16 byte _final_ alignment here for generality.
1255 */
1256 sp = sp &~ (abi_ulong)15;
1257 size = (DLINFO_ITEMS + 1) * 2;
1258 if (k_platform)
1259 size += 2;
f5155289 1260#ifdef DLINFO_ARCH_ITEMS
d97ef72e 1261 size += DLINFO_ARCH_ITEMS * 2;
f5155289 1262#endif
d97ef72e 1263 size += envc + argc + 2;
b9329d4b 1264 size += 1; /* argc itself */
d97ef72e
RH		 1265 size *= n;
1266 if (size & 15)
1267 sp -= 16 - (size & 15);
1268
1269 /* This is correct because Linux defines
1270 * elf_addr_t as Elf32_Off / Elf64_Off
1271 */
1272#define NEW_AUX_ENT(id, val) do { \
1273 sp -= n; put_user_ual(val, sp); \
1274 sp -= n; put_user_ual(id, sp); \
1275 } while(0)
1276
1277 NEW_AUX_ENT (AT_NULL, 0);
1278
1279 /* There must be exactly DLINFO_ITEMS entries here. */
8e62a717 1280 NEW_AUX_ENT(AT_PHDR, (abi_ulong)(info->load_addr + exec->e_phoff));
d97ef72e
RH		 1281 NEW_AUX_ENT(AT_PHENT, (abi_ulong)(sizeof (struct elf_phdr)));
1282 NEW_AUX_ENT(AT_PHNUM, (abi_ulong)(exec->e_phnum));
1283 NEW_AUX_ENT(AT_PAGESZ, (abi_ulong)(TARGET_PAGE_SIZE));
8e62a717 1284 NEW_AUX_ENT(AT_BASE, (abi_ulong)(interp_info ? interp_info->load_addr : 0));
d97ef72e 1285 NEW_AUX_ENT(AT_FLAGS, (abi_ulong)0);
8e62a717 1286 NEW_AUX_ENT(AT_ENTRY, info->entry);
d97ef72e
RH		 1287 NEW_AUX_ENT(AT_UID, (abi_ulong) getuid());
1288 NEW_AUX_ENT(AT_EUID, (abi_ulong) geteuid());
1289 NEW_AUX_ENT(AT_GID, (abi_ulong) getgid());
1290 NEW_AUX_ENT(AT_EGID, (abi_ulong) getegid());
1291 NEW_AUX_ENT(AT_HWCAP, (abi_ulong) ELF_HWCAP);
1292 NEW_AUX_ENT(AT_CLKTCK, (abi_ulong) sysconf(_SC_CLK_TCK));
14322bad
LA		 1293 NEW_AUX_ENT(AT_RANDOM, (abi_ulong) u_rand_bytes);
1294
d97ef72e
RH		 1295 if (k_platform)
1296 NEW_AUX_ENT(AT_PLATFORM, u_platform);
f5155289 1297#ifdef ARCH_DLINFO
d97ef72e
RH		 1298 /*
1299 * ARCH_DLINFO must come last so platform specific code can enforce
1300 * special alignment requirements on the AUXV if necessary (eg. PPC).
1301 */
1302 ARCH_DLINFO;
f5155289
FB		 1303#endif
1304#undef NEW_AUX_ENT
1305
d97ef72e 1306 info->saved_auxv = sp;
edf8e2af 1307
b9329d4b 1308 sp = loader_build_argptr(envc, argc, sp, p, 0);
d97ef72e 1309 return sp;
31e31b8a
FB		 1310}
1311
f3ed1f5d
PM		 1312static void probe_guest_base(const char *image_name,
1313 abi_ulong loaddr, abi_ulong hiaddr)
1314{
1315 /* Probe for a suitable guest base address, if the user has not set
1316 * it explicitly, and set guest_base appropriately.
1317 * In case of error we will print a suitable message and exit.
1318 */
1319#if defined(CONFIG_USE_GUEST_BASE)
1320 const char *errmsg;
1321 if (!have_guest_base && !reserved_va) {
1322 unsigned long host_start, real_start, host_size;
1323
1324 /* Round addresses to page boundaries. */
1325 loaddr &= qemu_host_page_mask;
1326 hiaddr = HOST_PAGE_ALIGN(hiaddr);
1327
1328 if (loaddr < mmap_min_addr) {
1329 host_start = HOST_PAGE_ALIGN(mmap_min_addr);
1330 } else {
1331 host_start = loaddr;
1332 if (host_start != loaddr) {
1333 errmsg = "Address overflow loading ELF binary";
1334 goto exit_errmsg;
1335 }
1336 }
1337 host_size = hiaddr - loaddr;
1338 while (1) {
1339 /* Do not use mmap_find_vma here because that is limited to the
1340 guest address space. We are going to make the
1341 guest address space fit whatever we're given. */
1342 real_start = (unsigned long)
1343 mmap((void *)host_start, host_size, PROT_NONE,
1344 MAP_ANONYMOUS | MAP_PRIVATE | MAP_NORESERVE, -1, 0);
1345 if (real_start == (unsigned long)-1) {
1346 goto exit_perror;
1347 }
1348 if (real_start == host_start) {
1349 break;
1350 }
1351 /* That address didn't work. Unmap and try a different one.
1352 The address the host picked because is typically right at
1353 the top of the host address space and leaves the guest with
1354 no usable address space. Resort to a linear search. We
1355 already compensated for mmap_min_addr, so this should not
1356 happen often. Probably means we got unlucky and host
1357 address space randomization put a shared library somewhere
1358 inconvenient. */
1359 munmap((void *)real_start, host_size);
1360 host_start += qemu_host_page_size;
1361 if (host_start == loaddr) {
1362 /* Theoretically possible if host doesn't have any suitably
1363 aligned areas. Normally the first mmap will fail. */
1364 errmsg = "Unable to find space for application";
1365 goto exit_errmsg;
1366 }
1367 }
1368 qemu_log("Relocating guest address space from 0x"
1369 TARGET_ABI_FMT_lx " to 0x%lx\n",
1370 loaddr, real_start);
1371 guest_base = real_start - loaddr;
1372 }
1373 return;
1374
1375exit_perror:
1376 errmsg = strerror(errno);
1377exit_errmsg:
1378 fprintf(stderr, "%s: %s\n", image_name, errmsg);
1379 exit(-1);
1380#endif
1381}
1382
1383
8e62a717 1384/* Load an ELF image into the address space.
31e31b8a 1385
8e62a717
RH		 1386 IMAGE_NAME is the filename of the image, to use in error messages.
1387 IMAGE_FD is the open file descriptor for the image.
1388
1389 BPRM_BUF is a copy of the beginning of the file; this of course
1390 contains the elf file header at offset 0. It is assumed that this
1391 buffer is sufficiently aligned to present no problems to the host
1392 in accessing data at aligned offsets within the buffer.
1393
1394 On return: INFO values will be filled in, as necessary or available. */
1395
1396static void load_elf_image(const char *image_name, int image_fd,
bf858897 1397 struct image_info *info, char **pinterp_name,
8e62a717 1398 char bprm_buf[BPRM_BUF_SIZE])
31e31b8a 1399{
8e62a717
RH		 1400 struct elfhdr *ehdr = (struct elfhdr *)bprm_buf;
1401 struct elf_phdr *phdr;
1402 abi_ulong load_addr, load_bias, loaddr, hiaddr, error;
1403 int i, retval;
1404 const char *errmsg;
5fafdf24 1405
8e62a717
RH		 1406 /* First of all, some simple consistency checks */
1407 errmsg = "Invalid ELF image for this architecture";
1408 if (!elf_check_ident(ehdr)) {
1409 goto exit_errmsg;
1410 }
1411 bswap_ehdr(ehdr);
1412 if (!elf_check_ehdr(ehdr)) {
1413 goto exit_errmsg;
d97ef72e 1414 }
5fafdf24 1415
8e62a717
RH		 1416 i = ehdr->e_phnum * sizeof(struct elf_phdr);
1417 if (ehdr->e_phoff + i <= BPRM_BUF_SIZE) {
1418 phdr = (struct elf_phdr *)(bprm_buf + ehdr->e_phoff);
9955ffac 1419 } else {
8e62a717
RH		 1420 phdr = (struct elf_phdr *) alloca(i);
1421 retval = pread(image_fd, phdr, i, ehdr->e_phoff);
9955ffac 1422 if (retval != i) {
8e62a717 1423 goto exit_read;
9955ffac 1424 }
d97ef72e 1425 }
8e62a717 1426 bswap_phdr(phdr, ehdr->e_phnum);
09bfb054 1427
1af02e83
MF		 1428#ifdef CONFIG_USE_FDPIC
1429 info->nsegs = 0;
1430 info->pt_dynamic_addr = 0;
1431#endif
1432
682674b8
RH		 1433 /* Find the maximum size of the image and allocate an appropriate
1434 amount of memory to handle that. */
1435 loaddr = -1, hiaddr = 0;
8e62a717
RH		 1436 for (i = 0; i < ehdr->e_phnum; ++i) {
1437 if (phdr[i].p_type == PT_LOAD) {
1438 abi_ulong a = phdr[i].p_vaddr;
682674b8
RH		 1439 if (a < loaddr) {
1440 loaddr = a;
1441 }
8e62a717 1442 a += phdr[i].p_memsz;
682674b8
RH		 1443 if (a > hiaddr) {
1444 hiaddr = a;
1445 }
1af02e83
MF		 1446#ifdef CONFIG_USE_FDPIC
1447 ++info->nsegs;
1448#endif
682674b8
RH		 1449 }
1450 }
1451
1452 load_addr = loaddr;
8e62a717 1453 if (ehdr->e_type == ET_DYN) {
682674b8
RH		 1454 /* The image indicates that it can be loaded anywhere. Find a
1455 location that can hold the memory space required. If the
1456 image is pre-linked, LOADDR will be non-zero. Since we do
1457 not supply MAP_FIXED here we'll use that address if and
1458 only if it remains available. */
1459 load_addr = target_mmap(loaddr, hiaddr - loaddr, PROT_NONE,
1460 MAP_PRIVATE | MAP_ANON | MAP_NORESERVE,
1461 -1, 0);
1462 if (load_addr == -1) {
8e62a717 1463 goto exit_perror;
d97ef72e 1464 }
bf858897
RH		 1465 } else if (pinterp_name != NULL) {
1466 /* This is the main executable. Make sure that the low
1467 address does not conflict with MMAP_MIN_ADDR or the
1468 QEMU application itself. */
f3ed1f5d 1469 probe_guest_base(image_name, loaddr, hiaddr);
d97ef72e 1470 }
682674b8 1471 load_bias = load_addr - loaddr;
d97ef72e 1472
1af02e83
MF		 1473#ifdef CONFIG_USE_FDPIC
1474 {
1475 struct elf32_fdpic_loadseg *loadsegs = info->loadsegs =
7267c094 1476 g_malloc(sizeof(*loadsegs) * info->nsegs);
1af02e83
MF		 1477
1478 for (i = 0; i < ehdr->e_phnum; ++i) {
1479 switch (phdr[i].p_type) {
1480 case PT_DYNAMIC:
1481 info->pt_dynamic_addr = phdr[i].p_vaddr + load_bias;
1482 break;
1483 case PT_LOAD:
1484 loadsegs->addr = phdr[i].p_vaddr + load_bias;
1485 loadsegs->p_vaddr = phdr[i].p_vaddr;
1486 loadsegs->p_memsz = phdr[i].p_memsz;
1487 ++loadsegs;
1488 break;
1489 }
1490 }
1491 }
1492#endif
1493
8e62a717
RH		 1494 info->load_bias = load_bias;
1495 info->load_addr = load_addr;
1496 info->entry = ehdr->e_entry + load_bias;
1497 info->start_code = -1;
1498 info->end_code = 0;
1499 info->start_data = -1;
1500 info->end_data = 0;
1501 info->brk = 0;
1502
1503 for (i = 0; i < ehdr->e_phnum; i++) {
1504 struct elf_phdr *eppnt = phdr + i;
d97ef72e 1505 if (eppnt->p_type == PT_LOAD) {
682674b8 1506 abi_ulong vaddr, vaddr_po, vaddr_ps, vaddr_ef, vaddr_em;
d97ef72e 1507 int elf_prot = 0;
d97ef72e
RH		 1508
1509 if (eppnt->p_flags & PF_R) elf_prot = PROT_READ;
1510 if (eppnt->p_flags & PF_W) elf_prot |= PROT_WRITE;
1511 if (eppnt->p_flags & PF_X) elf_prot |= PROT_EXEC;
d97ef72e 1512
682674b8
RH		 1513 vaddr = load_bias + eppnt->p_vaddr;
1514 vaddr_po = TARGET_ELF_PAGEOFFSET(vaddr);
1515 vaddr_ps = TARGET_ELF_PAGESTART(vaddr);
1516
1517 error = target_mmap(vaddr_ps, eppnt->p_filesz + vaddr_po,
1518 elf_prot, MAP_PRIVATE | MAP_FIXED,
8e62a717 1519 image_fd, eppnt->p_offset - vaddr_po);
09bfb054 1520 if (error == -1) {
8e62a717 1521 goto exit_perror;
09bfb054 1522 }
09bfb054 1523
682674b8
RH		 1524 vaddr_ef = vaddr + eppnt->p_filesz;
1525 vaddr_em = vaddr + eppnt->p_memsz;
31e31b8a 1526
cf129f3a 1527 /* If the load segment requests extra zeros (e.g. bss), map it. */
682674b8
RH		 1528 if (vaddr_ef < vaddr_em) {
1529 zero_bss(vaddr_ef, vaddr_em, elf_prot);
cf129f3a 1530 }
8e62a717
RH		 1531
1532 /* Find the full program boundaries. */
1533 if (elf_prot & PROT_EXEC) {
1534 if (vaddr < info->start_code) {
1535 info->start_code = vaddr;
1536 }
1537 if (vaddr_ef > info->end_code) {
1538 info->end_code = vaddr_ef;
1539 }
1540 }
1541 if (elf_prot & PROT_WRITE) {
1542 if (vaddr < info->start_data) {
1543 info->start_data = vaddr;
1544 }
1545 if (vaddr_ef > info->end_data) {
1546 info->end_data = vaddr_ef;
1547 }
1548 if (vaddr_em > info->brk) {
1549 info->brk = vaddr_em;
1550 }
1551 }
bf858897
RH		 1552 } else if (eppnt->p_type == PT_INTERP && pinterp_name) {
1553 char *interp_name;
1554
1555 if (*pinterp_name) {
1556 errmsg = "Multiple PT_INTERP entries";
1557 goto exit_errmsg;
1558 }
1559 interp_name = malloc(eppnt->p_filesz);
1560 if (!interp_name) {
1561 goto exit_perror;
1562 }
1563
1564 if (eppnt->p_offset + eppnt->p_filesz <= BPRM_BUF_SIZE) {
1565 memcpy(interp_name, bprm_buf + eppnt->p_offset,
1566 eppnt->p_filesz);
1567 } else {
1568 retval = pread(image_fd, interp_name, eppnt->p_filesz,
1569 eppnt->p_offset);
1570 if (retval != eppnt->p_filesz) {
1571 goto exit_perror;
1572 }
1573 }
1574 if (interp_name[eppnt->p_filesz - 1] != 0) {
1575 errmsg = "Invalid PT_INTERP entry";
1576 goto exit_errmsg;
1577 }
1578 *pinterp_name = interp_name;
d97ef72e 1579 }
682674b8 1580 }
5fafdf24 1581
8e62a717
RH		 1582 if (info->end_data == 0) {
1583 info->start_data = info->end_code;
1584 info->end_data = info->end_code;
1585 info->brk = info->end_code;
1586 }
1587
682674b8 1588 if (qemu_log_enabled()) {
8e62a717 1589 load_symbols(ehdr, image_fd, load_bias);
682674b8 1590 }
31e31b8a 1591
8e62a717
RH		 1592 close(image_fd);
1593 return;
1594
1595 exit_read:
1596 if (retval >= 0) {
1597 errmsg = "Incomplete read of file header";
1598 goto exit_errmsg;
1599 }
1600 exit_perror:
1601 errmsg = strerror(errno);
1602 exit_errmsg:
1603 fprintf(stderr, "%s: %s\n", image_name, errmsg);
1604 exit(-1);
1605}
1606
1607static void load_elf_interp(const char *filename, struct image_info *info,
1608 char bprm_buf[BPRM_BUF_SIZE])
1609{
1610 int fd, retval;
1611
1612 fd = open(path(filename), O_RDONLY);
1613 if (fd < 0) {
1614 goto exit_perror;
1615 }
31e31b8a 1616
8e62a717
RH		 1617 retval = read(fd, bprm_buf, BPRM_BUF_SIZE);
1618 if (retval < 0) {
1619 goto exit_perror;
1620 }
1621 if (retval < BPRM_BUF_SIZE) {
1622 memset(bprm_buf + retval, 0, BPRM_BUF_SIZE - retval);
1623 }
1624
bf858897 1625 load_elf_image(filename, fd, info, NULL, bprm_buf);
8e62a717
RH		 1626 return;
1627
1628 exit_perror:
1629 fprintf(stderr, "%s: %s\n", filename, strerror(errno));
1630 exit(-1);
31e31b8a
FB		 1631}
1632
49918a75
PB		 1633static int symfind(const void *s0, const void *s1)
1634{
1635 struct elf_sym *key = (struct elf_sym *)s0;
1636 struct elf_sym *sym = (struct elf_sym *)s1;
1637 int result = 0;
1638 if (key->st_value < sym->st_value) {
1639 result = -1;
ec822001 1640 } else if (key->st_value >= sym->st_value + sym->st_size) {
49918a75
PB		 1641 result = 1;
1642 }
1643 return result;
1644}
1645
1646static const char *lookup_symbolxx(struct syminfo *s, target_ulong orig_addr)
1647{
1648#if ELF_CLASS == ELFCLASS32
1649 struct elf_sym *syms = s->disas_symtab.elf32;
1650#else
1651 struct elf_sym *syms = s->disas_symtab.elf64;
1652#endif
1653
1654 // binary search
1655 struct elf_sym key;
1656 struct elf_sym *sym;
1657
1658 key.st_value = orig_addr;
1659
1660 sym = bsearch(&key, syms, s->disas_num_syms, sizeof(*syms), symfind);
7cba04f6 1661 if (sym != NULL) {
49918a75
PB		 1662 return s->disas_strtab + sym->st_name;
1663 }
1664
1665 return "";
1666}
1667
1668/* FIXME: This should use elf_ops.h */
1669static int symcmp(const void *s0, const void *s1)
1670{
1671 struct elf_sym *sym0 = (struct elf_sym *)s0;
1672 struct elf_sym *sym1 = (struct elf_sym *)s1;
1673 return (sym0->st_value < sym1->st_value)
1674 ? -1
1675 : ((sym0->st_value > sym1->st_value) ? 1 : 0);
1676}
1677
689f936f 1678/* Best attempt to load symbols from this ELF object. */
682674b8 1679static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias)
689f936f 1680{
682674b8
RH		 1681 int i, shnum, nsyms, sym_idx = 0, str_idx = 0;
1682 struct elf_shdr *shdr;
b9475279
CV		 1683 char *strings = NULL;
1684 struct syminfo *s = NULL;
1685 struct elf_sym *new_syms, *syms = NULL;
689f936f 1686
682674b8
RH		 1687 shnum = hdr->e_shnum;
1688 i = shnum * sizeof(struct elf_shdr);
1689 shdr = (struct elf_shdr *)alloca(i);
1690 if (pread(fd, shdr, i, hdr->e_shoff) != i) {
1691 return;
1692 }
1693
1694 bswap_shdr(shdr, shnum);
1695 for (i = 0; i < shnum; ++i) {
1696 if (shdr[i].sh_type == SHT_SYMTAB) {
1697 sym_idx = i;
1698 str_idx = shdr[i].sh_link;
49918a75
PB		 1699 goto found;
1700 }
689f936f 1701 }
682674b8
RH		 1702
1703 /* There will be no symbol table if the file was stripped. */
1704 return;
689f936f
FB		 1705
1706 found:
682674b8 1707 /* Now know where the strtab and symtab are. Snarf them. */
e80cfcfc 1708 s = malloc(sizeof(*s));
682674b8 1709 if (!s) {
b9475279 1710 goto give_up;
682674b8 1711 }
5fafdf24 1712
682674b8
RH		 1713 i = shdr[str_idx].sh_size;
1714 s->disas_strtab = strings = malloc(i);
1715 if (!strings || pread(fd, strings, i, shdr[str_idx].sh_offset) != i) {
b9475279 1716 goto give_up;
682674b8 1717 }
49918a75 1718
682674b8
RH		 1719 i = shdr[sym_idx].sh_size;
1720 syms = malloc(i);
1721 if (!syms || pread(fd, syms, i, shdr[sym_idx].sh_offset) != i) {
b9475279 1722 goto give_up;
682674b8 1723 }
31e31b8a 1724
682674b8
RH		 1725 nsyms = i / sizeof(struct elf_sym);
1726 for (i = 0; i < nsyms; ) {
49918a75 1727 bswap_sym(syms + i);
682674b8
RH		 1728 /* Throw away entries which we do not need. */
1729 if (syms[i].st_shndx == SHN_UNDEF
1730 || syms[i].st_shndx >= SHN_LORESERVE
1731 || ELF_ST_TYPE(syms[i].st_info) != STT_FUNC) {
1732 if (i < --nsyms) {
49918a75
PB		 1733 syms[i] = syms[nsyms];
1734 }
682674b8 1735 } else {
49918a75 1736#if defined(TARGET_ARM) || defined (TARGET_MIPS)
682674b8
RH		 1737 /* The bottom address bit marks a Thumb or MIPS16 symbol. */
1738 syms[i].st_value &= ~(target_ulong)1;
0774bed1 1739#endif
682674b8
RH		 1740 syms[i].st_value += load_bias;
1741 i++;
1742 }
0774bed1 1743 }
49918a75 1744
b9475279
CV		 1745 /* No "useful" symbol. */
1746 if (nsyms == 0) {
1747 goto give_up;
1748 }
1749
5d5c9930
RH		 1750 /* Attempt to free the storage associated with the local symbols
1751 that we threw away. Whether or not this has any effect on the
1752 memory allocation depends on the malloc implementation and how
1753 many symbols we managed to discard. */
8d79de6e
SW		 1754 new_syms = realloc(syms, nsyms * sizeof(*syms));
1755 if (new_syms == NULL) {
b9475279 1756 goto give_up;
5d5c9930 1757 }
8d79de6e 1758 syms = new_syms;
5d5c9930 1759
49918a75 1760 qsort(syms, nsyms, sizeof(*syms), symcmp);
689f936f 1761
49918a75
PB		 1762 s->disas_num_syms = nsyms;
1763#if ELF_CLASS == ELFCLASS32
1764 s->disas_symtab.elf32 = syms;
49918a75
PB		 1765#else
1766 s->disas_symtab.elf64 = syms;
49918a75 1767#endif
682674b8 1768 s->lookup_symbol = lookup_symbolxx;
e80cfcfc
FB		 1769 s->next = syminfos;
1770 syminfos = s;
b9475279
CV		 1771
1772 return;
1773
1774give_up:
1775 free(s);
1776 free(strings);
1777 free(syms);
689f936f 1778}
31e31b8a 1779
e5fe0c52
PB		 1780int load_elf_binary(struct linux_binprm * bprm, struct target_pt_regs * regs,
1781 struct image_info * info)
31e31b8a 1782{
8e62a717 1783 struct image_info interp_info;
31e31b8a 1784 struct elfhdr elf_ex;
8e62a717 1785 char *elf_interpreter = NULL;
31e31b8a 1786
bf858897
RH		 1787 info->start_mmap = (abi_ulong)ELF_START_MMAP;
1788 info->mmap = 0;
1789 info->rss = 0;
1790
1791 load_elf_image(bprm->filename, bprm->fd, info,
1792 &elf_interpreter, bprm->buf);
31e31b8a 1793
bf858897
RH		 1794 /* ??? We need a copy of the elf header for passing to create_elf_tables.
1795 If we do nothing, we'll have overwritten this when we re-use bprm->buf
1796 when we load the interpreter. */
1797 elf_ex = *(struct elfhdr *)bprm->buf;
31e31b8a 1798
e5fe0c52
PB		 1799 bprm->p = copy_elf_strings(1, &bprm->filename, bprm->page, bprm->p);
1800 bprm->p = copy_elf_strings(bprm->envc,bprm->envp,bprm->page,bprm->p);
1801 bprm->p = copy_elf_strings(bprm->argc,bprm->argv,bprm->page,bprm->p);
1802 if (!bprm->p) {
bf858897
RH		 1803 fprintf(stderr, "%s: %s\n", bprm->filename, strerror(E2BIG));
1804 exit(-1);
379f6698 1805 }
379f6698 1806
31e31b8a
FB		 1807 /* Do this so that we can load the interpreter, if need be. We will
1808 change some of these later */
31e31b8a 1809 bprm->p = setup_arg_pages(bprm->p, bprm, info);
31e31b8a 1810
8e62a717
RH		 1811 if (elf_interpreter) {
1812 load_elf_interp(elf_interpreter, &interp_info, bprm->buf);
31e31b8a 1813
8e62a717
RH		 1814 /* If the program interpreter is one of these two, then assume
1815 an iBCS2 image. Otherwise assume a native linux image. */
1816
1817 if (strcmp(elf_interpreter, "/usr/lib/libc.so.1") == 0
1818 || strcmp(elf_interpreter, "/usr/lib/ld.so.1") == 0) {
1819 info->personality = PER_SVR4;
31e31b8a 1820
8e62a717
RH		 1821 /* Why this, you ask??? Well SVr4 maps page 0 as read-only,
1822 and some applications "depend" upon this behavior. Since
1823 we do not have the power to recompile these, we emulate
1824 the SVr4 behavior. Sigh. */
1825 target_mmap(0, qemu_host_page_size, PROT_READ | PROT_EXEC,
1826 MAP_FIXED | MAP_PRIVATE, -1, 0);
1827 }
31e31b8a
FB		 1828 }
1829
8e62a717
RH		 1830 bprm->p = create_elf_tables(bprm->p, bprm->argc, bprm->envc, &elf_ex,
1831 info, (elf_interpreter ? &interp_info : NULL));
1832 info->start_stack = bprm->p;
1833
1834 /* If we have an interpreter, set that as the program's entry point.
1835 Copy the load_addr as well, to help PPC64 interpret the entry
1836 point as a function descriptor. Do this after creating elf tables
1837 so that we copy the original program entry point into the AUXV. */
1838 if (elf_interpreter) {
1839 info->load_addr = interp_info.load_addr;
1840 info->entry = interp_info.entry;
bf858897 1841 free(elf_interpreter);
8e62a717 1842 }
31e31b8a 1843
edf8e2af
MW		 1844#ifdef USE_ELF_CORE_DUMP
1845 bprm->core_dump = &elf_core_dump;
1846#endif
1847
31e31b8a
FB		 1848 return 0;
1849}
1850
edf8e2af 1851#ifdef USE_ELF_CORE_DUMP
edf8e2af
MW		 1852/*
1853 * Definitions to generate Intel SVR4-like core files.
a2547a13 1854 * These mostly have the same names as the SVR4 types with "target_elf_"
edf8e2af
MW		 1855 * tacked on the front to prevent clashes with linux definitions,
1856 * and the typedef forms have been avoided. This is mostly like
1857 * the SVR4 structure, but more Linuxy, with things that Linux does
1858 * not support and which gdb doesn't really use excluded.
1859 *
1860 * Fields we don't dump (their contents is zero) in linux-user qemu
1861 * are marked with XXX.
1862 *
1863 * Core dump code is copied from linux kernel (fs/binfmt_elf.c).
1864 *
1865 * Porting ELF coredump for target is (quite) simple process. First you
dd0a3651 1866 * define USE_ELF_CORE_DUMP in target ELF code (where init_thread() for
edf8e2af
MW		 1867 * the target resides):
1868 *
1869 * #define USE_ELF_CORE_DUMP
1870 *
1871 * Next you define type of register set used for dumping. ELF specification
1872 * says that it needs to be array of elf_greg_t that has size of ELF_NREG.
1873 *
c227f099 1874 * typedef <target_regtype> target_elf_greg_t;
edf8e2af 1875 * #define ELF_NREG <number of registers>
c227f099 1876 * typedef taret_elf_greg_t target_elf_gregset_t[ELF_NREG];
edf8e2af 1877 *
edf8e2af
MW		 1878 * Last step is to implement target specific function that copies registers
1879 * from given cpu into just specified register set. Prototype is:
1880 *
c227f099 1881 * static void elf_core_copy_regs(taret_elf_gregset_t *regs,
a2547a13 1882 * const CPUState *env);
edf8e2af
MW		 1883 *
1884 * Parameters:
1885 * regs - copy register values into here (allocated and zeroed by caller)
1886 * env - copy registers from here
1887 *
1888 * Example for ARM target is provided in this file.
1889 */
1890
1891/* An ELF note in memory */
1892struct memelfnote {
1893 const char *name;
1894 size_t namesz;
1895 size_t namesz_rounded;
1896 int type;
1897 size_t datasz;
80f5ce75 1898 size_t datasz_rounded;
edf8e2af
MW		 1899 void *data;
1900 size_t notesz;
1901};
1902
a2547a13 1903struct target_elf_siginfo {
80f5ce75
LV		 1904 target_int si_signo; /* signal number */
1905 target_int si_code; /* extra code */
1906 target_int si_errno; /* errno */
edf8e2af
MW		 1907};
1908
a2547a13
LD		 1909struct target_elf_prstatus {
1910 struct target_elf_siginfo pr_info; /* Info associated with signal */
80f5ce75 1911 target_short pr_cursig; /* Current signal */
edf8e2af
MW		 1912 target_ulong pr_sigpend; /* XXX */
1913 target_ulong pr_sighold; /* XXX */
c227f099
AL		 1914 target_pid_t pr_pid;
1915 target_pid_t pr_ppid;
1916 target_pid_t pr_pgrp;
1917 target_pid_t pr_sid;
edf8e2af
MW		 1918 struct target_timeval pr_utime; /* XXX User time */
1919 struct target_timeval pr_stime; /* XXX System time */
1920 struct target_timeval pr_cutime; /* XXX Cumulative user time */
1921 struct target_timeval pr_cstime; /* XXX Cumulative system time */
c227f099 1922 target_elf_gregset_t pr_reg; /* GP registers */
80f5ce75 1923 target_int pr_fpvalid; /* XXX */
edf8e2af
MW		 1924};
1925
1926#define ELF_PRARGSZ (80) /* Number of chars for args */
1927
a2547a13 1928struct target_elf_prpsinfo {
edf8e2af
MW		 1929 char pr_state; /* numeric process state */
1930 char pr_sname; /* char for pr_state */
1931 char pr_zomb; /* zombie */
1932 char pr_nice; /* nice val */
1933 target_ulong pr_flag; /* flags */
c227f099
AL		 1934 target_uid_t pr_uid;
1935 target_gid_t pr_gid;
1936 target_pid_t pr_pid, pr_ppid, pr_pgrp, pr_sid;
edf8e2af
MW		 1937 /* Lots missing */
1938 char pr_fname[16]; /* filename of executable */
1939 char pr_psargs[ELF_PRARGSZ]; /* initial part of arg list */
1940};
1941
1942/* Here is the structure in which status of each thread is captured. */
1943struct elf_thread_status {
72cf2d4f 1944 QTAILQ_ENTRY(elf_thread_status) ets_link;
a2547a13 1945 struct target_elf_prstatus prstatus; /* NT_PRSTATUS */
edf8e2af
MW		 1946#if 0
1947 elf_fpregset_t fpu; /* NT_PRFPREG */
1948 struct task_struct *thread;
1949 elf_fpxregset_t xfpu; /* ELF_CORE_XFPREG_TYPE */
1950#endif
1951 struct memelfnote notes[1];
1952 int num_notes;
1953};
1954
1955struct elf_note_info {
1956 struct memelfnote *notes;
a2547a13
LD		 1957 struct target_elf_prstatus *prstatus; /* NT_PRSTATUS */
1958 struct target_elf_prpsinfo *psinfo; /* NT_PRPSINFO */
edf8e2af 1959
72cf2d4f 1960 QTAILQ_HEAD(thread_list_head, elf_thread_status) thread_list;
edf8e2af
MW		 1961#if 0
1962 /*
1963 * Current version of ELF coredump doesn't support
1964 * dumping fp regs etc.
1965 */
1966 elf_fpregset_t *fpu;
1967 elf_fpxregset_t *xfpu;
1968 int thread_status_size;
1969#endif
1970 int notes_size;
1971 int numnote;
1972};
1973
1974struct vm_area_struct {
1975 abi_ulong vma_start; /* start vaddr of memory region */
1976 abi_ulong vma_end; /* end vaddr of memory region */
1977 abi_ulong vma_flags; /* protection etc. flags for the region */
72cf2d4f 1978 QTAILQ_ENTRY(vm_area_struct) vma_link;
edf8e2af
MW		 1979};
1980
1981struct mm_struct {
72cf2d4f 1982 QTAILQ_HEAD(, vm_area_struct) mm_mmap;
edf8e2af
MW		 1983 int mm_count; /* number of mappings */
1984};
1985
1986static struct mm_struct *vma_init(void);
1987static void vma_delete(struct mm_struct *);
1988static int vma_add_mapping(struct mm_struct *, abi_ulong,
d97ef72e 1989 abi_ulong, abi_ulong);
edf8e2af
MW		 1990static int vma_get_mapping_count(const struct mm_struct *);
1991static struct vm_area_struct *vma_first(const struct mm_struct *);
1992static struct vm_area_struct *vma_next(struct vm_area_struct *);
1993static abi_ulong vma_dump_size(const struct vm_area_struct *);
b480d9b7 1994static int vma_walker(void *priv, abi_ulong start, abi_ulong end,
d97ef72e 1995 unsigned long flags);
edf8e2af
MW		 1996
1997static void fill_elf_header(struct elfhdr *, int, uint16_t, uint32_t);
1998static void fill_note(struct memelfnote *, const char *, int,
d97ef72e 1999 unsigned int, void *);
a2547a13
LD		 2000static void fill_prstatus(struct target_elf_prstatus *, const TaskState *, int);
2001static int fill_psinfo(struct target_elf_prpsinfo *, const TaskState *);
edf8e2af
MW		 2002static void fill_auxv_note(struct memelfnote *, const TaskState *);
2003static void fill_elf_note_phdr(struct elf_phdr *, int, off_t);
2004static size_t note_size(const struct memelfnote *);
2005static void free_note_info(struct elf_note_info *);
2006static int fill_note_info(struct elf_note_info *, long, const CPUState *);
2007static void fill_thread_info(struct elf_note_info *, const CPUState *);
2008static int core_dump_filename(const TaskState *, char *, size_t);
2009
2010static int dump_write(int, const void *, size_t);
2011static int write_note(struct memelfnote *, int);
2012static int write_note_info(struct elf_note_info *, int);
2013
2014#ifdef BSWAP_NEEDED
a2547a13 2015static void bswap_prstatus(struct target_elf_prstatus *prstatus)
edf8e2af
MW		 2016{
2017 prstatus->pr_info.si_signo = tswapl(prstatus->pr_info.si_signo);
2018 prstatus->pr_info.si_code = tswapl(prstatus->pr_info.si_code);
2019 prstatus->pr_info.si_errno = tswapl(prstatus->pr_info.si_errno);
2020 prstatus->pr_cursig = tswap16(prstatus->pr_cursig);
2021 prstatus->pr_sigpend = tswapl(prstatus->pr_sigpend);
2022 prstatus->pr_sighold = tswapl(prstatus->pr_sighold);
2023 prstatus->pr_pid = tswap32(prstatus->pr_pid);
2024 prstatus->pr_ppid = tswap32(prstatus->pr_ppid);
2025 prstatus->pr_pgrp = tswap32(prstatus->pr_pgrp);
2026 prstatus->pr_sid = tswap32(prstatus->pr_sid);
2027 /* cpu times are not filled, so we skip them */
2028 /* regs should be in correct format already */
2029 prstatus->pr_fpvalid = tswap32(prstatus->pr_fpvalid);
2030}
2031
a2547a13 2032static void bswap_psinfo(struct target_elf_prpsinfo *psinfo)
edf8e2af
MW		 2033{
2034 psinfo->pr_flag = tswapl(psinfo->pr_flag);
2035 psinfo->pr_uid = tswap16(psinfo->pr_uid);
2036 psinfo->pr_gid = tswap16(psinfo->pr_gid);
2037 psinfo->pr_pid = tswap32(psinfo->pr_pid);
2038 psinfo->pr_ppid = tswap32(psinfo->pr_ppid);
2039 psinfo->pr_pgrp = tswap32(psinfo->pr_pgrp);
2040 psinfo->pr_sid = tswap32(psinfo->pr_sid);
2041}
991f8f0c
RH		 2042
2043static void bswap_note(struct elf_note *en)
2044{
2045 bswap32s(&en->n_namesz);
2046 bswap32s(&en->n_descsz);
2047 bswap32s(&en->n_type);
2048}
2049#else
2050static inline void bswap_prstatus(struct target_elf_prstatus *p) { }
2051static inline void bswap_psinfo(struct target_elf_prpsinfo *p) {}
2052static inline void bswap_note(struct elf_note *en) { }
edf8e2af
MW		 2053#endif /* BSWAP_NEEDED */
2054
2055/*
2056 * Minimal support for linux memory regions. These are needed
2057 * when we are finding out what memory exactly belongs to
2058 * emulated process. No locks needed here, as long as
2059 * thread that received the signal is stopped.
2060 */
2061
2062static struct mm_struct *vma_init(void)
2063{
2064 struct mm_struct *mm;
2065
7267c094 2066 if ((mm = g_malloc(sizeof (*mm))) == NULL)
edf8e2af
MW		 2067 return (NULL);
2068
2069 mm->mm_count = 0;
72cf2d4f 2070 QTAILQ_INIT(&mm->mm_mmap);
edf8e2af
MW		 2071
2072 return (mm);
2073}
2074
2075static void vma_delete(struct mm_struct *mm)
2076{
2077 struct vm_area_struct *vma;
2078
2079 while ((vma = vma_first(mm)) != NULL) {
72cf2d4f 2080 QTAILQ_REMOVE(&mm->mm_mmap, vma, vma_link);
7267c094 2081 g_free(vma);
edf8e2af 2082 }
7267c094 2083 g_free(mm);
edf8e2af
MW		 2084}
2085
2086static int vma_add_mapping(struct mm_struct *mm, abi_ulong start,
d97ef72e 2087 abi_ulong end, abi_ulong flags)
edf8e2af
MW		 2088{
2089 struct vm_area_struct *vma;
2090
7267c094 2091 if ((vma = g_malloc0(sizeof (*vma))) == NULL)
edf8e2af
MW		 2092 return (-1);
2093
2094 vma->vma_start = start;
2095 vma->vma_end = end;
2096 vma->vma_flags = flags;
2097
72cf2d4f 2098 QTAILQ_INSERT_TAIL(&mm->mm_mmap, vma, vma_link);
edf8e2af
MW		 2099 mm->mm_count++;
2100
2101 return (0);
2102}
2103
2104static struct vm_area_struct *vma_first(const struct mm_struct *mm)
2105{
72cf2d4f 2106 return (QTAILQ_FIRST(&mm->mm_mmap));
edf8e2af
MW		 2107}
2108
2109static struct vm_area_struct *vma_next(struct vm_area_struct *vma)
2110{
72cf2d4f 2111 return (QTAILQ_NEXT(vma, vma_link));
edf8e2af
MW		 2112}
2113
2114static int vma_get_mapping_count(const struct mm_struct *mm)
2115{
2116 return (mm->mm_count);
2117}
2118
2119/*
2120 * Calculate file (dump) size of given memory region.
2121 */
2122static abi_ulong vma_dump_size(const struct vm_area_struct *vma)
2123{
2124 /* if we cannot even read the first page, skip it */
2125 if (!access_ok(VERIFY_READ, vma->vma_start, TARGET_PAGE_SIZE))
2126 return (0);
2127
2128 /*
2129 * Usually we don't dump executable pages as they contain
2130 * non-writable code that debugger can read directly from
2131 * target library etc. However, thread stacks are marked
2132 * also executable so we read in first page of given region
2133 * and check whether it contains elf header. If there is
2134 * no elf header, we dump it.
2135 */
2136 if (vma->vma_flags & PROT_EXEC) {
2137 char page[TARGET_PAGE_SIZE];
2138
2139 copy_from_user(page, vma->vma_start, sizeof (page));
2140 if ((page[EI_MAG0] == ELFMAG0) &&
2141 (page[EI_MAG1] == ELFMAG1) &&
2142 (page[EI_MAG2] == ELFMAG2) &&
2143 (page[EI_MAG3] == ELFMAG3)) {
2144 /*
2145 * Mappings are possibly from ELF binary. Don't dump
2146 * them.
2147 */
2148 return (0);
2149 }
2150 }
2151
2152 return (vma->vma_end - vma->vma_start);
2153}
2154
b480d9b7 2155static int vma_walker(void *priv, abi_ulong start, abi_ulong end,
d97ef72e 2156 unsigned long flags)
edf8e2af
MW		 2157{
2158 struct mm_struct *mm = (struct mm_struct *)priv;
2159
edf8e2af
MW		 2160 vma_add_mapping(mm, start, end, flags);
2161 return (0);
2162}
2163
2164static void fill_note(struct memelfnote *note, const char *name, int type,
d97ef72e 2165 unsigned int sz, void *data)
edf8e2af
MW		 2166{
2167 unsigned int namesz;
2168
2169 namesz = strlen(name) + 1;
2170 note->name = name;
2171 note->namesz = namesz;
2172 note->namesz_rounded = roundup(namesz, sizeof (int32_t));
2173 note->type = type;
80f5ce75
LV		 2174 note->datasz = sz;
2175 note->datasz_rounded = roundup(sz, sizeof (int32_t));
2176
edf8e2af
MW		 2177 note->data = data;
2178
2179 /*
2180 * We calculate rounded up note size here as specified by
2181 * ELF document.
2182 */
2183 note->notesz = sizeof (struct elf_note) +
80f5ce75 2184 note->namesz_rounded + note->datasz_rounded;
edf8e2af
MW		 2185}
2186
2187static void fill_elf_header(struct elfhdr *elf, int segs, uint16_t machine,
d97ef72e 2188 uint32_t flags)
edf8e2af
MW		 2189{
2190 (void) memset(elf, 0, sizeof(*elf));
2191
2192 (void) memcpy(elf->e_ident, ELFMAG, SELFMAG);
2193 elf->e_ident[EI_CLASS] = ELF_CLASS;
2194 elf->e_ident[EI_DATA] = ELF_DATA;
2195 elf->e_ident[EI_VERSION] = EV_CURRENT;
2196 elf->e_ident[EI_OSABI] = ELF_OSABI;
2197
2198 elf->e_type = ET_CORE;
2199 elf->e_machine = machine;
2200 elf->e_version = EV_CURRENT;
2201 elf->e_phoff = sizeof(struct elfhdr);
2202 elf->e_flags = flags;
2203 elf->e_ehsize = sizeof(struct elfhdr);
2204 elf->e_phentsize = sizeof(struct elf_phdr);
2205 elf->e_phnum = segs;
2206
edf8e2af 2207 bswap_ehdr(elf);
edf8e2af
MW		 2208}
2209
2210static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, off_t offset)
2211{
2212 phdr->p_type = PT_NOTE;
2213 phdr->p_offset = offset;
2214 phdr->p_vaddr = 0;
2215 phdr->p_paddr = 0;
2216 phdr->p_filesz = sz;
2217 phdr->p_memsz = 0;
2218 phdr->p_flags = 0;
2219 phdr->p_align = 0;
2220
991f8f0c 2221 bswap_phdr(phdr, 1);
edf8e2af
MW		 2222}
2223
2224static size_t note_size(const struct memelfnote *note)
2225{
2226 return (note->notesz);
2227}
2228
a2547a13 2229static void fill_prstatus(struct target_elf_prstatus *prstatus,
d97ef72e 2230 const TaskState *ts, int signr)
edf8e2af
MW		 2231{
2232 (void) memset(prstatus, 0, sizeof (*prstatus));
2233 prstatus->pr_info.si_signo = prstatus->pr_cursig = signr;
2234 prstatus->pr_pid = ts->ts_tid;
2235 prstatus->pr_ppid = getppid();
2236 prstatus->pr_pgrp = getpgrp();
2237 prstatus->pr_sid = getsid(0);
2238
edf8e2af 2239 bswap_prstatus(prstatus);
edf8e2af
MW		 2240}
2241
a2547a13 2242static int fill_psinfo(struct target_elf_prpsinfo *psinfo, const TaskState *ts)
edf8e2af
MW		 2243{
2244 char *filename, *base_filename;
2245 unsigned int i, len;
2246
2247 (void) memset(psinfo, 0, sizeof (*psinfo));
2248
2249 len = ts->info->arg_end - ts->info->arg_start;
2250 if (len >= ELF_PRARGSZ)
2251 len = ELF_PRARGSZ - 1;
2252 if (copy_from_user(&psinfo->pr_psargs, ts->info->arg_start, len))
2253 return -EFAULT;
2254 for (i = 0; i < len; i++)
2255 if (psinfo->pr_psargs[i] == 0)
2256 psinfo->pr_psargs[i] = ' ';
2257 psinfo->pr_psargs[len] = 0;
2258
2259 psinfo->pr_pid = getpid();
2260 psinfo->pr_ppid = getppid();
2261 psinfo->pr_pgrp = getpgrp();
2262 psinfo->pr_sid = getsid(0);
2263 psinfo->pr_uid = getuid();
2264 psinfo->pr_gid = getgid();
2265
2266 filename = strdup(ts->bprm->filename);
2267 base_filename = strdup(basename(filename));
2268 (void) strncpy(psinfo->pr_fname, base_filename,
d97ef72e 2269 sizeof(psinfo->pr_fname));
edf8e2af
MW		 2270 free(base_filename);
2271 free(filename);
2272
edf8e2af 2273 bswap_psinfo(psinfo);
edf8e2af
MW		 2274 return (0);
2275}
2276
2277static void fill_auxv_note(struct memelfnote *note, const TaskState *ts)
2278{
2279 elf_addr_t auxv = (elf_addr_t)ts->info->saved_auxv;
2280 elf_addr_t orig_auxv = auxv;
2281 abi_ulong val;
2282 void *ptr;
2283 int i, len;
2284
2285 /*
2286 * Auxiliary vector is stored in target process stack. It contains
2287 * {type, value} pairs that we need to dump into note. This is not
2288 * strictly necessary but we do it here for sake of completeness.
2289 */
2290
2291 /* find out lenght of the vector, AT_NULL is terminator */
2292 i = len = 0;
2293 do {
2294 get_user_ual(val, auxv);
2295 i += 2;
2296 auxv += 2 * sizeof (elf_addr_t);
2297 } while (val != AT_NULL);
2298 len = i * sizeof (elf_addr_t);
2299
2300 /* read in whole auxv vector and copy it to memelfnote */
2301 ptr = lock_user(VERIFY_READ, orig_auxv, len, 0);
2302 if (ptr != NULL) {
2303 fill_note(note, "CORE", NT_AUXV, len, ptr);
2304 unlock_user(ptr, auxv, len);
2305 }
2306}
2307
2308/*
2309 * Constructs name of coredump file. We have following convention
2310 * for the name:
2311 * qemu_<basename-of-target-binary>_<date>-<time>_<pid>.core
2312 *
2313 * Returns 0 in case of success, -1 otherwise (errno is set).
2314 */
2315static int core_dump_filename(const TaskState *ts, char *buf,
d97ef72e 2316 size_t bufsize)
edf8e2af
MW		 2317{
2318 char timestamp[64];
2319 char *filename = NULL;
2320 char *base_filename = NULL;
2321 struct timeval tv;
2322 struct tm tm;
2323
2324 assert(bufsize >= PATH_MAX);
2325
2326 if (gettimeofday(&tv, NULL) < 0) {
2327 (void) fprintf(stderr, "unable to get current timestamp: %s",
d97ef72e 2328 strerror(errno));
edf8e2af
MW		 2329 return (-1);
2330 }
2331
2332 filename = strdup(ts->bprm->filename);
2333 base_filename = strdup(basename(filename));
2334 (void) strftime(timestamp, sizeof (timestamp), "%Y%m%d-%H%M%S",
d97ef72e 2335 localtime_r(&tv.tv_sec, &tm));
edf8e2af 2336 (void) snprintf(buf, bufsize, "qemu_%s_%s_%d.core",
d97ef72e 2337 base_filename, timestamp, (int)getpid());
edf8e2af
MW		 2338 free(base_filename);
2339 free(filename);
2340
2341 return (0);
2342}
2343
2344static int dump_write(int fd, const void *ptr, size_t size)
2345{
2346 const char *bufp = (const char *)ptr;
2347 ssize_t bytes_written, bytes_left;
2348 struct rlimit dumpsize;
2349 off_t pos;
2350
2351 bytes_written = 0;
2352 getrlimit(RLIMIT_CORE, &dumpsize);
2353 if ((pos = lseek(fd, 0, SEEK_CUR))==-1) {
2354 if (errno == ESPIPE) { /* not a seekable stream */
2355 bytes_left = size;
2356 } else {
2357 return pos;
2358 }
2359 } else {
2360 if (dumpsize.rlim_cur <= pos) {
2361 return -1;
2362 } else if (dumpsize.rlim_cur == RLIM_INFINITY) {
2363 bytes_left = size;
2364 } else {
2365 size_t limit_left=dumpsize.rlim_cur - pos;
2366 bytes_left = limit_left >= size ? size : limit_left ;
2367 }
2368 }
2369
2370 /*
2371 * In normal conditions, single write(2) should do but
2372 * in case of socket etc. this mechanism is more portable.
2373 */
2374 do {
2375 bytes_written = write(fd, bufp, bytes_left);
2376 if (bytes_written < 0) {
2377 if (errno == EINTR)
2378 continue;
2379 return (-1);
2380 } else if (bytes_written == 0) { /* eof */
2381 return (-1);
2382 }
2383 bufp += bytes_written;
2384 bytes_left -= bytes_written;
2385 } while (bytes_left > 0);
2386
2387 return (0);
2388}
2389
2390static int write_note(struct memelfnote *men, int fd)
2391{
2392 struct elf_note en;
2393
2394 en.n_namesz = men->namesz;
2395 en.n_type = men->type;
2396 en.n_descsz = men->datasz;
2397
edf8e2af 2398 bswap_note(&en);
edf8e2af
MW		 2399
2400 if (dump_write(fd, &en, sizeof(en)) != 0)
2401 return (-1);
2402 if (dump_write(fd, men->name, men->namesz_rounded) != 0)
2403 return (-1);
80f5ce75 2404 if (dump_write(fd, men->data, men->datasz_rounded) != 0)
edf8e2af
MW		 2405 return (-1);
2406
2407 return (0);
2408}
2409
2410static void fill_thread_info(struct elf_note_info *info, const CPUState *env)
2411{
2412 TaskState *ts = (TaskState *)env->opaque;
2413 struct elf_thread_status *ets;
2414
7267c094 2415 ets = g_malloc0(sizeof (*ets));
edf8e2af
MW		 2416 ets->num_notes = 1; /* only prstatus is dumped */
2417 fill_prstatus(&ets->prstatus, ts, 0);
2418 elf_core_copy_regs(&ets->prstatus.pr_reg, env);
2419 fill_note(&ets->notes[0], "CORE", NT_PRSTATUS, sizeof (ets->prstatus),
d97ef72e 2420 &ets->prstatus);
edf8e2af 2421
72cf2d4f 2422 QTAILQ_INSERT_TAIL(&info->thread_list, ets, ets_link);
edf8e2af
MW		 2423
2424 info->notes_size += note_size(&ets->notes[0]);
2425}
2426
2427static int fill_note_info(struct elf_note_info *info,
d97ef72e 2428 long signr, const CPUState *env)
edf8e2af
MW		 2429{
2430#define NUMNOTES 3
2431 CPUState *cpu = NULL;
2432 TaskState *ts = (TaskState *)env->opaque;
2433 int i;
2434
2435 (void) memset(info, 0, sizeof (*info));
2436
72cf2d4f 2437 QTAILQ_INIT(&info->thread_list);
edf8e2af 2438
7267c094 2439 info->notes = g_malloc0(NUMNOTES * sizeof (struct memelfnote));
edf8e2af
MW		 2440 if (info->notes == NULL)
2441 return (-ENOMEM);
7267c094 2442 info->prstatus = g_malloc0(sizeof (*info->prstatus));
edf8e2af
MW		 2443 if (info->prstatus == NULL)
2444 return (-ENOMEM);
7267c094 2445 info->psinfo = g_malloc0(sizeof (*info->psinfo));
edf8e2af
MW		 2446 if (info->prstatus == NULL)
2447 return (-ENOMEM);
2448
2449 /*
2450 * First fill in status (and registers) of current thread
2451 * including process info & aux vector.
2452 */
2453 fill_prstatus(info->prstatus, ts, signr);
2454 elf_core_copy_regs(&info->prstatus->pr_reg, env);
2455 fill_note(&info->notes[0], "CORE", NT_PRSTATUS,
d97ef72e 2456 sizeof (*info->prstatus), info->prstatus);
edf8e2af
MW		 2457 fill_psinfo(info->psinfo, ts);
2458 fill_note(&info->notes[1], "CORE", NT_PRPSINFO,
d97ef72e 2459 sizeof (*info->psinfo), info->psinfo);
edf8e2af
MW		 2460 fill_auxv_note(&info->notes[2], ts);
2461 info->numnote = 3;
2462
2463 info->notes_size = 0;
2464 for (i = 0; i < info->numnote; i++)
2465 info->notes_size += note_size(&info->notes[i]);
2466
2467 /* read and fill status of all threads */
2468 cpu_list_lock();
2469 for (cpu = first_cpu; cpu != NULL; cpu = cpu->next_cpu) {
2470 if (cpu == thread_env)
2471 continue;
2472 fill_thread_info(info, cpu);
2473 }
2474 cpu_list_unlock();
2475
2476 return (0);
2477}
2478
2479static void free_note_info(struct elf_note_info *info)
2480{
2481 struct elf_thread_status *ets;
2482
72cf2d4f
BS		 2483 while (!QTAILQ_EMPTY(&info->thread_list)) {
2484 ets = QTAILQ_FIRST(&info->thread_list);
2485 QTAILQ_REMOVE(&info->thread_list, ets, ets_link);
7267c094 2486 g_free(ets);
edf8e2af
MW		 2487 }
2488
7267c094
AL		 2489 g_free(info->prstatus);
2490 g_free(info->psinfo);
2491 g_free(info->notes);
edf8e2af
MW		 2492}
2493
2494static int write_note_info(struct elf_note_info *info, int fd)
2495{
2496 struct elf_thread_status *ets;
2497 int i, error = 0;
2498
2499 /* write prstatus, psinfo and auxv for current thread */
2500 for (i = 0; i < info->numnote; i++)
2501 if ((error = write_note(&info->notes[i], fd)) != 0)
2502 return (error);
2503
2504 /* write prstatus for each thread */
2505 for (ets = info->thread_list.tqh_first; ets != NULL;
d97ef72e 2506 ets = ets->ets_link.tqe_next) {
edf8e2af
MW		 2507 if ((error = write_note(&ets->notes[0], fd)) != 0)
2508 return (error);
2509 }
2510
2511 return (0);
2512}
2513
2514/*
2515 * Write out ELF coredump.
2516 *
2517 * See documentation of ELF object file format in:
2518 * http://www.caldera.com/developers/devspecs/gabi41.pdf
2519 *
2520 * Coredump format in linux is following:
2521 *
2522 * 0 +----------------------+ \
2523 * | ELF header | ET_CORE |
2524 * +----------------------+ |
2525 * | ELF program headers | |--- headers
2526 * | - NOTE section | |
2527 * | - PT_LOAD sections | |
2528 * +----------------------+ /
2529 * | NOTEs: |
2530 * | - NT_PRSTATUS |
2531 * | - NT_PRSINFO |
2532 * | - NT_AUXV |
2533 * +----------------------+ <-- aligned to target page
2534 * | Process memory dump |
2535 * : :
2536 * . .
2537 * : :
2538 * | |
2539 * +----------------------+
2540 *
2541 * NT_PRSTATUS -> struct elf_prstatus (per thread)
2542 * NT_PRSINFO -> struct elf_prpsinfo
2543 * NT_AUXV is array of { type, value } pairs (see fill_auxv_note()).
2544 *
2545 * Format follows System V format as close as possible. Current
2546 * version limitations are as follows:
2547 * - no floating point registers are dumped
2548 *
2549 * Function returns 0 in case of success, negative errno otherwise.
2550 *
2551 * TODO: make this work also during runtime: it should be
2552 * possible to force coredump from running process and then
2553 * continue processing. For example qemu could set up SIGUSR2
2554 * handler (provided that target process haven't registered
2555 * handler for that) that does the dump when signal is received.
2556 */
2557static int elf_core_dump(int signr, const CPUState *env)
2558{
2559 const TaskState *ts = (const TaskState *)env->opaque;
2560 struct vm_area_struct *vma = NULL;
2561 char corefile[PATH_MAX];
2562 struct elf_note_info info;
2563 struct elfhdr elf;
2564 struct elf_phdr phdr;
2565 struct rlimit dumpsize;
2566 struct mm_struct *mm = NULL;
2567 off_t offset = 0, data_offset = 0;
2568 int segs = 0;
2569 int fd = -1;
2570
2571 errno = 0;
2572 getrlimit(RLIMIT_CORE, &dumpsize);
2573 if (dumpsize.rlim_cur == 0)
d97ef72e 2574 return 0;
edf8e2af
MW		 2575
2576 if (core_dump_filename(ts, corefile, sizeof (corefile)) < 0)
2577 return (-errno);
2578
2579 if ((fd = open(corefile, O_WRONLY | O_CREAT,
d97ef72e 2580 S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)) < 0)
edf8e2af
MW		 2581 return (-errno);
2582
2583 /*
2584 * Walk through target process memory mappings and
2585 * set up structure containing this information. After
2586 * this point vma_xxx functions can be used.
2587 */
2588 if ((mm = vma_init()) == NULL)
2589 goto out;
2590
2591 walk_memory_regions(mm, vma_walker);
2592 segs = vma_get_mapping_count(mm);
2593
2594 /*
2595 * Construct valid coredump ELF header. We also
2596 * add one more segment for notes.
2597 */
2598 fill_elf_header(&elf, segs + 1, ELF_MACHINE, 0);
2599 if (dump_write(fd, &elf, sizeof (elf)) != 0)
2600 goto out;
2601
2602 /* fill in in-memory version of notes */
2603 if (fill_note_info(&info, signr, env) < 0)
2604 goto out;
2605
2606 offset += sizeof (elf); /* elf header */
2607 offset += (segs + 1) * sizeof (struct elf_phdr); /* program headers */
2608
2609 /* write out notes program header */
2610 fill_elf_note_phdr(&phdr, info.notes_size, offset);
2611
2612 offset += info.notes_size;
2613 if (dump_write(fd, &phdr, sizeof (phdr)) != 0)
2614 goto out;
2615
2616 /*
2617 * ELF specification wants data to start at page boundary so
2618 * we align it here.
2619 */
80f5ce75 2620 data_offset = offset = roundup(offset, ELF_EXEC_PAGESIZE);
edf8e2af
MW		 2621
2622 /*
2623 * Write program headers for memory regions mapped in
2624 * the target process.
2625 */
2626 for (vma = vma_first(mm); vma != NULL; vma = vma_next(vma)) {
2627 (void) memset(&phdr, 0, sizeof (phdr));
2628
2629 phdr.p_type = PT_LOAD;
2630 phdr.p_offset = offset;
2631 phdr.p_vaddr = vma->vma_start;
2632 phdr.p_paddr = 0;
2633 phdr.p_filesz = vma_dump_size(vma);
2634 offset += phdr.p_filesz;
2635 phdr.p_memsz = vma->vma_end - vma->vma_start;
2636 phdr.p_flags = vma->vma_flags & PROT_READ ? PF_R : 0;
2637 if (vma->vma_flags & PROT_WRITE)
2638 phdr.p_flags |= PF_W;
2639 if (vma->vma_flags & PROT_EXEC)
2640 phdr.p_flags |= PF_X;
2641 phdr.p_align = ELF_EXEC_PAGESIZE;
2642
80f5ce75 2643 bswap_phdr(&phdr, 1);
edf8e2af
MW		 2644 dump_write(fd, &phdr, sizeof (phdr));
2645 }
2646
2647 /*
2648 * Next we write notes just after program headers. No
2649 * alignment needed here.
2650 */
2651 if (write_note_info(&info, fd) < 0)
2652 goto out;
2653
2654 /* align data to page boundary */
edf8e2af
MW		 2655 if (lseek(fd, data_offset, SEEK_SET) != data_offset)
2656 goto out;
2657
2658 /*
2659 * Finally we can dump process memory into corefile as well.
2660 */
2661 for (vma = vma_first(mm); vma != NULL; vma = vma_next(vma)) {
2662 abi_ulong addr;
2663 abi_ulong end;
2664
2665 end = vma->vma_start + vma_dump_size(vma);
2666
2667 for (addr = vma->vma_start; addr < end;
d97ef72e 2668 addr += TARGET_PAGE_SIZE) {
edf8e2af
MW		 2669 char page[TARGET_PAGE_SIZE];
2670 int error;
2671
2672 /*
2673 * Read in page from target process memory and
2674 * write it to coredump file.
2675 */
2676 error = copy_from_user(page, addr, sizeof (page));
2677 if (error != 0) {
49995e17 2678 (void) fprintf(stderr, "unable to dump " TARGET_ABI_FMT_lx "\n",
d97ef72e 2679 addr);
edf8e2af
MW		 2680 errno = -error;
2681 goto out;
2682 }
2683 if (dump_write(fd, page, TARGET_PAGE_SIZE) < 0)
2684 goto out;
2685 }
2686 }
2687
d97ef72e 2688 out:
edf8e2af
MW		 2689 free_note_info(&info);
2690 if (mm != NULL)
2691 vma_delete(mm);
2692 (void) close(fd);
2693
2694 if (errno != 0)
2695 return (-errno);
2696 return (0);
2697}
edf8e2af
MW		 2698#endif /* USE_ELF_CORE_DUMP */
2699
e5fe0c52
PB		 2700void do_init_thread(struct target_pt_regs *regs, struct image_info *infop)
2701{
2702 init_thread(regs, infop);
2703}
Qemu copy for testing