]> git.proxmox.com Git - qemu.git/blob - linux-user/elfload.c
projects / qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
linux-user: Fix pipe syscall return for SPARC
[qemu.git] / linux-user / elfload.c
1 /* This is the Linux kernel elf-loading code, ported into user space */
2 #include <sys/time.h>
3 #include <sys/param.h>
4
5 #include <stdio.h>
6 #include <sys/types.h>
7 #include <fcntl.h>
8 #include <errno.h>
9 #include <unistd.h>
10 #include <sys/mman.h>
11 #include <sys/resource.h>
12 #include <stdlib.h>
13 #include <string.h>
14 #include <time.h>
15
16 #include "qemu.h"
17 #include "disas/disas.h"
18
19 #ifdef _ARCH_PPC64
20 #undef ARCH_DLINFO
21 #undef ELF_PLATFORM
22 #undef ELF_HWCAP
23 #undef ELF_CLASS
24 #undef ELF_DATA
25 #undef ELF_ARCH
26 #endif
27
28 #define ELF_OSABI ELFOSABI_SYSV
29
30 /* from personality.h */
31
32 /*
33 * Flags for bug emulation.
34 *
35 * These occupy the top three bytes.
36 */
37 enum {
38 ADDR_NO_RANDOMIZE = 0x0040000, /* disable randomization of VA space */
39 FDPIC_FUNCPTRS = 0x0080000, /* userspace function ptrs point to
40 descriptors (signal handling) */
41 MMAP_PAGE_ZERO = 0x0100000,
42 ADDR_COMPAT_LAYOUT = 0x0200000,
43 READ_IMPLIES_EXEC = 0x0400000,
44 ADDR_LIMIT_32BIT = 0x0800000,
45 SHORT_INODE = 0x1000000,
46 WHOLE_SECONDS = 0x2000000,
47 STICKY_TIMEOUTS = 0x4000000,
48 ADDR_LIMIT_3GB = 0x8000000,
49 };
50
51 /*
52 * Personality types.
53 *
54 * These go in the low byte. Avoid using the top bit, it will
55 * conflict with error returns.
56 */
57 enum {
58 PER_LINUX = 0x0000,
59 PER_LINUX_32BIT = 0x0000 | ADDR_LIMIT_32BIT,
60 PER_LINUX_FDPIC = 0x0000 | FDPIC_FUNCPTRS,
61 PER_SVR4 = 0x0001 | STICKY_TIMEOUTS | MMAP_PAGE_ZERO,
62 PER_SVR3 = 0x0002 | STICKY_TIMEOUTS | SHORT_INODE,
63 PER_SCOSVR3 = 0x0003 | STICKY_TIMEOUTS | WHOLE_SECONDS | SHORT_INODE,
64 PER_OSR5 = 0x0003 | STICKY_TIMEOUTS | WHOLE_SECONDS,
65 PER_WYSEV386 = 0x0004 | STICKY_TIMEOUTS | SHORT_INODE,
66 PER_ISCR4 = 0x0005 | STICKY_TIMEOUTS,
67 PER_BSD = 0x0006,
68 PER_SUNOS = 0x0006 | STICKY_TIMEOUTS,
69 PER_XENIX = 0x0007 | STICKY_TIMEOUTS | SHORT_INODE,
70 PER_LINUX32 = 0x0008,
71 PER_LINUX32_3GB = 0x0008 | ADDR_LIMIT_3GB,
72 PER_IRIX32 = 0x0009 | STICKY_TIMEOUTS,/* IRIX5 32-bit */
73 PER_IRIXN32 = 0x000a | STICKY_TIMEOUTS,/* IRIX6 new 32-bit */
74 PER_IRIX64 = 0x000b | STICKY_TIMEOUTS,/* IRIX6 64-bit */
75 PER_RISCOS = 0x000c,
76 PER_SOLARIS = 0x000d | STICKY_TIMEOUTS,
77 PER_UW7 = 0x000e | STICKY_TIMEOUTS | MMAP_PAGE_ZERO,
78 PER_OSF4 = 0x000f, /* OSF/1 v4 */
79 PER_HPUX = 0x0010,
80 PER_MASK = 0x00ff,
81 };
82
83 /*
84 * Return the base personality without flags.
85 */
86 #define personality(pers) (pers & PER_MASK)
87
88 /* this flag is uneffective under linux too, should be deleted */
89 #ifndef MAP_DENYWRITE
90 #define MAP_DENYWRITE 0
91 #endif
92
93 /* should probably go in elf.h */
94 #ifndef ELIBBAD
95 #define ELIBBAD 80
96 #endif
97
98 #ifdef TARGET_WORDS_BIGENDIAN
99 #define ELF_DATA ELFDATA2MSB
100 #else
101 #define ELF_DATA ELFDATA2LSB
102 #endif
103
104 #ifdef TARGET_ABI_MIPSN32
105 typedef abi_ullong target_elf_greg_t;
106 #define tswapreg(ptr) tswap64(ptr)
107 #else
108 typedef abi_ulong target_elf_greg_t;
109 #define tswapreg(ptr) tswapal(ptr)
110 #endif
111
112 #ifdef USE_UID16
113 typedef abi_ushort target_uid_t;
114 typedef abi_ushort target_gid_t;
115 #else
116 typedef abi_uint target_uid_t;
117 typedef abi_uint target_gid_t;
118 #endif
119 typedef abi_int target_pid_t;
120
121 #ifdef TARGET_I386
122
123 #define ELF_PLATFORM get_elf_platform()
124
125 static const char *get_elf_platform(void)
126 {
127 static char elf_platform[] = "i386";
128 int family = object_property_get_int(OBJECT(thread_cpu), "family", NULL);
129 if (family > 6)
130 family = 6;
131 if (family >= 3)
132 elf_platform[1] = '0' + family;
133 return elf_platform;
134 }
135
136 #define ELF_HWCAP get_elf_hwcap()
137
138 static uint32_t get_elf_hwcap(void)
139 {
140 X86CPU *cpu = X86_CPU(thread_cpu);
141
142 return cpu->env.features[FEAT_1_EDX];
143 }
144
145 #ifdef TARGET_X86_64
146 #define ELF_START_MMAP 0x2aaaaab000ULL
147 #define elf_check_arch(x) ( ((x) == ELF_ARCH) )
148
149 #define ELF_CLASS ELFCLASS64
150 #define ELF_ARCH EM_X86_64
151
152 static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop)
153 {
154 regs->rax = 0;
155 regs->rsp = infop->start_stack;
156 regs->rip = infop->entry;
157 }
158
159 #define ELF_NREG 27
160 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
161
162 /*
163 * Note that ELF_NREG should be 29 as there should be place for
164 * TRAPNO and ERR "registers" as well but linux doesn't dump
165 * those.
166 *
167 * See linux kernel: arch/x86/include/asm/elf.h
168 */
169 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUX86State *env)
170 {
171 (*regs)[0] = env->regs[15];
172 (*regs)[1] = env->regs[14];
173 (*regs)[2] = env->regs[13];
174 (*regs)[3] = env->regs[12];
175 (*regs)[4] = env->regs[R_EBP];
176 (*regs)[5] = env->regs[R_EBX];
177 (*regs)[6] = env->regs[11];
178 (*regs)[7] = env->regs[10];
179 (*regs)[8] = env->regs[9];
180 (*regs)[9] = env->regs[8];
181 (*regs)[10] = env->regs[R_EAX];
182 (*regs)[11] = env->regs[R_ECX];
183 (*regs)[12] = env->regs[R_EDX];
184 (*regs)[13] = env->regs[R_ESI];
185 (*regs)[14] = env->regs[R_EDI];
186 (*regs)[15] = env->regs[R_EAX]; /* XXX */
187 (*regs)[16] = env->eip;
188 (*regs)[17] = env->segs[R_CS].selector & 0xffff;
189 (*regs)[18] = env->eflags;
190 (*regs)[19] = env->regs[R_ESP];
191 (*regs)[20] = env->segs[R_SS].selector & 0xffff;
192 (*regs)[21] = env->segs[R_FS].selector & 0xffff;
193 (*regs)[22] = env->segs[R_GS].selector & 0xffff;
194 (*regs)[23] = env->segs[R_DS].selector & 0xffff;
195 (*regs)[24] = env->segs[R_ES].selector & 0xffff;
196 (*regs)[25] = env->segs[R_FS].selector & 0xffff;
197 (*regs)[26] = env->segs[R_GS].selector & 0xffff;
198 }
199
200 #else
201
202 #define ELF_START_MMAP 0x80000000
203
204 /*
205 * This is used to ensure we don't load something for the wrong architecture.
206 */
207 #define elf_check_arch(x) ( ((x) == EM_386) || ((x) == EM_486) )
208
209 /*
210 * These are used to set parameters in the core dumps.
211 */
212 #define ELF_CLASS ELFCLASS32
213 #define ELF_ARCH EM_386
214
215 static inline void init_thread(struct target_pt_regs *regs,
216 struct image_info *infop)
217 {
218 regs->esp = infop->start_stack;
219 regs->eip = infop->entry;
220
221 /* SVR4/i386 ABI (pages 3-31, 3-32) says that when the program
222 starts %edx contains a pointer to a function which might be
223 registered using `atexit'. This provides a mean for the
224 dynamic linker to call DT_FINI functions for shared libraries
225 that have been loaded before the code runs.
226
227 A value of 0 tells we have no such handler. */
228 regs->edx = 0;
229 }
230
231 #define ELF_NREG 17
232 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
233
234 /*
235 * Note that ELF_NREG should be 19 as there should be place for
236 * TRAPNO and ERR "registers" as well but linux doesn't dump
237 * those.
238 *
239 * See linux kernel: arch/x86/include/asm/elf.h
240 */
241 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUX86State *env)
242 {
243 (*regs)[0] = env->regs[R_EBX];
244 (*regs)[1] = env->regs[R_ECX];
245 (*regs)[2] = env->regs[R_EDX];
246 (*regs)[3] = env->regs[R_ESI];
247 (*regs)[4] = env->regs[R_EDI];
248 (*regs)[5] = env->regs[R_EBP];
249 (*regs)[6] = env->regs[R_EAX];
250 (*regs)[7] = env->segs[R_DS].selector & 0xffff;
251 (*regs)[8] = env->segs[R_ES].selector & 0xffff;
252 (*regs)[9] = env->segs[R_FS].selector & 0xffff;
253 (*regs)[10] = env->segs[R_GS].selector & 0xffff;
254 (*regs)[11] = env->regs[R_EAX]; /* XXX */
255 (*regs)[12] = env->eip;
256 (*regs)[13] = env->segs[R_CS].selector & 0xffff;
257 (*regs)[14] = env->eflags;
258 (*regs)[15] = env->regs[R_ESP];
259 (*regs)[16] = env->segs[R_SS].selector & 0xffff;
260 }
261 #endif
262
263 #define USE_ELF_CORE_DUMP
264 #define ELF_EXEC_PAGESIZE 4096
265
266 #endif
267
268 #ifdef TARGET_ARM
269
270 #define ELF_START_MMAP 0x80000000
271
272 #define elf_check_arch(x) ( (x) == EM_ARM )
273
274 #define ELF_CLASS ELFCLASS32
275 #define ELF_ARCH EM_ARM
276
277 static inline void init_thread(struct target_pt_regs *regs,
278 struct image_info *infop)
279 {
280 abi_long stack = infop->start_stack;
281 memset(regs, 0, sizeof(*regs));
282 regs->ARM_cpsr = 0x10;
283 if (infop->entry & 1)
284 regs->ARM_cpsr |= CPSR_T;
285 regs->ARM_pc = infop->entry & 0xfffffffe;
286 regs->ARM_sp = infop->start_stack;
287 /* FIXME - what to for failure of get_user()? */
288 get_user_ual(regs->ARM_r2, stack + 8); /* envp */
289 get_user_ual(regs->ARM_r1, stack + 4); /* envp */
290 /* XXX: it seems that r0 is zeroed after ! */
291 regs->ARM_r0 = 0;
292 /* For uClinux PIC binaries. */
293 /* XXX: Linux does this only on ARM with no MMU (do we care ?) */
294 regs->ARM_r10 = infop->start_data;
295 }
296
297 #define ELF_NREG 18
298 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
299
300 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUARMState *env)
301 {
302 (*regs)[0] = tswapreg(env->regs[0]);
303 (*regs)[1] = tswapreg(env->regs[1]);
304 (*regs)[2] = tswapreg(env->regs[2]);
305 (*regs)[3] = tswapreg(env->regs[3]);
306 (*regs)[4] = tswapreg(env->regs[4]);
307 (*regs)[5] = tswapreg(env->regs[5]);
308 (*regs)[6] = tswapreg(env->regs[6]);
309 (*regs)[7] = tswapreg(env->regs[7]);
310 (*regs)[8] = tswapreg(env->regs[8]);
311 (*regs)[9] = tswapreg(env->regs[9]);
312 (*regs)[10] = tswapreg(env->regs[10]);
313 (*regs)[11] = tswapreg(env->regs[11]);
314 (*regs)[12] = tswapreg(env->regs[12]);
315 (*regs)[13] = tswapreg(env->regs[13]);
316 (*regs)[14] = tswapreg(env->regs[14]);
317 (*regs)[15] = tswapreg(env->regs[15]);
318
319 (*regs)[16] = tswapreg(cpsr_read((CPUARMState *)env));
320 (*regs)[17] = tswapreg(env->regs[0]); /* XXX */
321 }
322
323 #define USE_ELF_CORE_DUMP
324 #define ELF_EXEC_PAGESIZE 4096
325
326 enum
327 {
328 ARM_HWCAP_ARM_SWP = 1 << 0,
329 ARM_HWCAP_ARM_HALF = 1 << 1,
330 ARM_HWCAP_ARM_THUMB = 1 << 2,
331 ARM_HWCAP_ARM_26BIT = 1 << 3,
332 ARM_HWCAP_ARM_FAST_MULT = 1 << 4,
333 ARM_HWCAP_ARM_FPA = 1 << 5,
334 ARM_HWCAP_ARM_VFP = 1 << 6,
335 ARM_HWCAP_ARM_EDSP = 1 << 7,
336 ARM_HWCAP_ARM_JAVA = 1 << 8,
337 ARM_HWCAP_ARM_IWMMXT = 1 << 9,
338 ARM_HWCAP_ARM_THUMBEE = 1 << 10,
339 ARM_HWCAP_ARM_NEON = 1 << 11,
340 ARM_HWCAP_ARM_VFPv3 = 1 << 12,
341 ARM_HWCAP_ARM_VFPv3D16 = 1 << 13,
342 };
343
344 #define TARGET_HAS_VALIDATE_GUEST_SPACE
345 /* Return 1 if the proposed guest space is suitable for the guest.
346 * Return 0 if the proposed guest space isn't suitable, but another
347 * address space should be tried.
348 * Return -1 if there is no way the proposed guest space can be
349 * valid regardless of the base.
350 * The guest code may leave a page mapped and populate it if the
351 * address is suitable.
352 */
353 static int validate_guest_space(unsigned long guest_base,
354 unsigned long guest_size)
355 {
356 unsigned long real_start, test_page_addr;
357
358 /* We need to check that we can force a fault on access to the
359 * commpage at 0xffff0fxx
360 */
361 test_page_addr = guest_base + (0xffff0f00 & qemu_host_page_mask);
362
363 /* If the commpage lies within the already allocated guest space,
364 * then there is no way we can allocate it.
365 */
366 if (test_page_addr >= guest_base
367 && test_page_addr <= (guest_base + guest_size)) {
368 return -1;
369 }
370
371 /* Note it needs to be writeable to let us initialise it */
372 real_start = (unsigned long)
373 mmap((void *)test_page_addr, qemu_host_page_size,
374 PROT_READ | PROT_WRITE,
375 MAP_ANONYMOUS | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
376
377 /* If we can't map it then try another address */
378 if (real_start == -1ul) {
379 return 0;
380 }
381
382 if (real_start != test_page_addr) {
383 /* OS didn't put the page where we asked - unmap and reject */
384 munmap((void *)real_start, qemu_host_page_size);
385 return 0;
386 }
387
388 /* Leave the page mapped
389 * Populate it (mmap should have left it all 0'd)
390 */
391
392 /* Kernel helper versions */
393 __put_user(5, (uint32_t *)g2h(0xffff0ffcul));
394
395 /* Now it's populated make it RO */
396 if (mprotect((void *)test_page_addr, qemu_host_page_size, PROT_READ)) {
397 perror("Protecting guest commpage");
398 exit(-1);
399 }
400
401 return 1; /* All good */
402 }
403
404
405 #define ELF_HWCAP get_elf_hwcap()
406
407 static uint32_t get_elf_hwcap(void)
408 {
409 ARMCPU *cpu = ARM_CPU(thread_cpu);
410 uint32_t hwcaps = 0;
411
412 hwcaps |= ARM_HWCAP_ARM_SWP;
413 hwcaps |= ARM_HWCAP_ARM_HALF;
414 hwcaps |= ARM_HWCAP_ARM_THUMB;
415 hwcaps |= ARM_HWCAP_ARM_FAST_MULT;
416 hwcaps |= ARM_HWCAP_ARM_FPA;
417
418 /* probe for the extra features */
419 #define GET_FEATURE(feat, hwcap) \
420 do { if (arm_feature(&cpu->env, feat)) { hwcaps |= hwcap; } } while (0)
421 GET_FEATURE(ARM_FEATURE_VFP, ARM_HWCAP_ARM_VFP);
422 GET_FEATURE(ARM_FEATURE_IWMMXT, ARM_HWCAP_ARM_IWMMXT);
423 GET_FEATURE(ARM_FEATURE_THUMB2EE, ARM_HWCAP_ARM_THUMBEE);
424 GET_FEATURE(ARM_FEATURE_NEON, ARM_HWCAP_ARM_NEON);
425 GET_FEATURE(ARM_FEATURE_VFP3, ARM_HWCAP_ARM_VFPv3);
426 GET_FEATURE(ARM_FEATURE_VFP_FP16, ARM_HWCAP_ARM_VFPv3D16);
427 #undef GET_FEATURE
428
429 return hwcaps;
430 }
431
432 #endif
433
434 #ifdef TARGET_UNICORE32
435
436 #define ELF_START_MMAP 0x80000000
437
438 #define elf_check_arch(x) ((x) == EM_UNICORE32)
439
440 #define ELF_CLASS ELFCLASS32
441 #define ELF_DATA ELFDATA2LSB
442 #define ELF_ARCH EM_UNICORE32
443
444 static inline void init_thread(struct target_pt_regs *regs,
445 struct image_info *infop)
446 {
447 abi_long stack = infop->start_stack;
448 memset(regs, 0, sizeof(*regs));
449 regs->UC32_REG_asr = 0x10;
450 regs->UC32_REG_pc = infop->entry & 0xfffffffe;
451 regs->UC32_REG_sp = infop->start_stack;
452 /* FIXME - what to for failure of get_user()? */
453 get_user_ual(regs->UC32_REG_02, stack + 8); /* envp */
454 get_user_ual(regs->UC32_REG_01, stack + 4); /* envp */
455 /* XXX: it seems that r0 is zeroed after ! */
456 regs->UC32_REG_00 = 0;
457 }
458
459 #define ELF_NREG 34
460 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
461
462 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUUniCore32State *env)
463 {
464 (*regs)[0] = env->regs[0];
465 (*regs)[1] = env->regs[1];
466 (*regs)[2] = env->regs[2];
467 (*regs)[3] = env->regs[3];
468 (*regs)[4] = env->regs[4];
469 (*regs)[5] = env->regs[5];
470 (*regs)[6] = env->regs[6];
471 (*regs)[7] = env->regs[7];
472 (*regs)[8] = env->regs[8];
473 (*regs)[9] = env->regs[9];
474 (*regs)[10] = env->regs[10];
475 (*regs)[11] = env->regs[11];
476 (*regs)[12] = env->regs[12];
477 (*regs)[13] = env->regs[13];
478 (*regs)[14] = env->regs[14];
479 (*regs)[15] = env->regs[15];
480 (*regs)[16] = env->regs[16];
481 (*regs)[17] = env->regs[17];
482 (*regs)[18] = env->regs[18];
483 (*regs)[19] = env->regs[19];
484 (*regs)[20] = env->regs[20];
485 (*regs)[21] = env->regs[21];
486 (*regs)[22] = env->regs[22];
487 (*regs)[23] = env->regs[23];
488 (*regs)[24] = env->regs[24];
489 (*regs)[25] = env->regs[25];
490 (*regs)[26] = env->regs[26];
491 (*regs)[27] = env->regs[27];
492 (*regs)[28] = env->regs[28];
493 (*regs)[29] = env->regs[29];
494 (*regs)[30] = env->regs[30];
495 (*regs)[31] = env->regs[31];
496
497 (*regs)[32] = cpu_asr_read((CPUUniCore32State *)env);
498 (*regs)[33] = env->regs[0]; /* XXX */
499 }
500
501 #define USE_ELF_CORE_DUMP
502 #define ELF_EXEC_PAGESIZE 4096
503
504 #define ELF_HWCAP (UC32_HWCAP_CMOV | UC32_HWCAP_UCF64)
505
506 #endif
507
508 #ifdef TARGET_SPARC
509 #ifdef TARGET_SPARC64
510
511 #define ELF_START_MMAP 0x80000000
512 #define ELF_HWCAP (HWCAP_SPARC_FLUSH | HWCAP_SPARC_STBAR | HWCAP_SPARC_SWAP \
513 | HWCAP_SPARC_MULDIV | HWCAP_SPARC_V9)
514 #ifndef TARGET_ABI32
515 #define elf_check_arch(x) ( (x) == EM_SPARCV9 || (x) == EM_SPARC32PLUS )
516 #else
517 #define elf_check_arch(x) ( (x) == EM_SPARC32PLUS || (x) == EM_SPARC )
518 #endif
519
520 #define ELF_CLASS ELFCLASS64
521 #define ELF_ARCH EM_SPARCV9
522
523 #define STACK_BIAS 2047
524
525 static inline void init_thread(struct target_pt_regs *regs,
526 struct image_info *infop)
527 {
528 #ifndef TARGET_ABI32
529 regs->tstate = 0;
530 #endif
531 regs->pc = infop->entry;
532 regs->npc = regs->pc + 4;
533 regs->y = 0;
534 #ifdef TARGET_ABI32
535 regs->u_regs[14] = infop->start_stack - 16 * 4;
536 #else
537 if (personality(infop->personality) == PER_LINUX32)
538 regs->u_regs[14] = infop->start_stack - 16 * 4;
539 else
540 regs->u_regs[14] = infop->start_stack - 16 * 8 - STACK_BIAS;
541 #endif
542 }
543
544 #else
545 #define ELF_START_MMAP 0x80000000
546 #define ELF_HWCAP (HWCAP_SPARC_FLUSH | HWCAP_SPARC_STBAR | HWCAP_SPARC_SWAP \
547 | HWCAP_SPARC_MULDIV)
548 #define elf_check_arch(x) ( (x) == EM_SPARC )
549
550 #define ELF_CLASS ELFCLASS32
551 #define ELF_ARCH EM_SPARC
552
553 static inline void init_thread(struct target_pt_regs *regs,
554 struct image_info *infop)
555 {
556 regs->psr = 0;
557 regs->pc = infop->entry;
558 regs->npc = regs->pc + 4;
559 regs->y = 0;
560 regs->u_regs[14] = infop->start_stack - 16 * 4;
561 }
562
563 #endif
564 #endif
565
566 #ifdef TARGET_PPC
567
568 #define ELF_START_MMAP 0x80000000
569
570 #if defined(TARGET_PPC64) && !defined(TARGET_ABI32)
571
572 #define elf_check_arch(x) ( (x) == EM_PPC64 )
573
574 #define ELF_CLASS ELFCLASS64
575
576 #else
577
578 #define elf_check_arch(x) ( (x) == EM_PPC )
579
580 #define ELF_CLASS ELFCLASS32
581
582 #endif
583
584 #define ELF_ARCH EM_PPC
585
586 /* Feature masks for the Aux Vector Hardware Capabilities (AT_HWCAP).
587 See arch/powerpc/include/asm/cputable.h. */
588 enum {
589 QEMU_PPC_FEATURE_32 = 0x80000000,
590 QEMU_PPC_FEATURE_64 = 0x40000000,
591 QEMU_PPC_FEATURE_601_INSTR = 0x20000000,
592 QEMU_PPC_FEATURE_HAS_ALTIVEC = 0x10000000,
593 QEMU_PPC_FEATURE_HAS_FPU = 0x08000000,
594 QEMU_PPC_FEATURE_HAS_MMU = 0x04000000,
595 QEMU_PPC_FEATURE_HAS_4xxMAC = 0x02000000,
596 QEMU_PPC_FEATURE_UNIFIED_CACHE = 0x01000000,
597 QEMU_PPC_FEATURE_HAS_SPE = 0x00800000,
598 QEMU_PPC_FEATURE_HAS_EFP_SINGLE = 0x00400000,
599 QEMU_PPC_FEATURE_HAS_EFP_DOUBLE = 0x00200000,
600 QEMU_PPC_FEATURE_NO_TB = 0x00100000,
601 QEMU_PPC_FEATURE_POWER4 = 0x00080000,
602 QEMU_PPC_FEATURE_POWER5 = 0x00040000,
603 QEMU_PPC_FEATURE_POWER5_PLUS = 0x00020000,
604 QEMU_PPC_FEATURE_CELL = 0x00010000,
605 QEMU_PPC_FEATURE_BOOKE = 0x00008000,
606 QEMU_PPC_FEATURE_SMT = 0x00004000,
607 QEMU_PPC_FEATURE_ICACHE_SNOOP = 0x00002000,
608 QEMU_PPC_FEATURE_ARCH_2_05 = 0x00001000,
609 QEMU_PPC_FEATURE_PA6T = 0x00000800,
610 QEMU_PPC_FEATURE_HAS_DFP = 0x00000400,
611 QEMU_PPC_FEATURE_POWER6_EXT = 0x00000200,
612 QEMU_PPC_FEATURE_ARCH_2_06 = 0x00000100,
613 QEMU_PPC_FEATURE_HAS_VSX = 0x00000080,
614 QEMU_PPC_FEATURE_PSERIES_PERFMON_COMPAT = 0x00000040,
615
616 QEMU_PPC_FEATURE_TRUE_LE = 0x00000002,
617 QEMU_PPC_FEATURE_PPC_LE = 0x00000001,
618 };
619
620 #define ELF_HWCAP get_elf_hwcap()
621
622 static uint32_t get_elf_hwcap(void)
623 {
624 PowerPCCPU *cpu = POWERPC_CPU(thread_cpu);
625 uint32_t features = 0;
626
627 /* We don't have to be terribly complete here; the high points are
628 Altivec/FP/SPE support. Anything else is just a bonus. */
629 #define GET_FEATURE(flag, feature) \
630 do { if (cpu->env.insns_flags & flag) { features |= feature; } } while (0)
631 GET_FEATURE(PPC_64B, QEMU_PPC_FEATURE_64);
632 GET_FEATURE(PPC_FLOAT, QEMU_PPC_FEATURE_HAS_FPU);
633 GET_FEATURE(PPC_ALTIVEC, QEMU_PPC_FEATURE_HAS_ALTIVEC);
634 GET_FEATURE(PPC_SPE, QEMU_PPC_FEATURE_HAS_SPE);
635 GET_FEATURE(PPC_SPE_SINGLE, QEMU_PPC_FEATURE_HAS_EFP_SINGLE);
636 GET_FEATURE(PPC_SPE_DOUBLE, QEMU_PPC_FEATURE_HAS_EFP_DOUBLE);
637 GET_FEATURE(PPC_BOOKE, QEMU_PPC_FEATURE_BOOKE);
638 GET_FEATURE(PPC_405_MAC, QEMU_PPC_FEATURE_HAS_4xxMAC);
639 #undef GET_FEATURE
640
641 return features;
642 }
643
644 /*
645 * The requirements here are:
646 * - keep the final alignment of sp (sp & 0xf)
647 * - make sure the 32-bit value at the first 16 byte aligned position of
648 * AUXV is greater than 16 for glibc compatibility.
649 * AT_IGNOREPPC is used for that.
650 * - for compatibility with glibc ARCH_DLINFO must always be defined on PPC,
651 * even if DLINFO_ARCH_ITEMS goes to zero or is undefined.
652 */
653 #define DLINFO_ARCH_ITEMS 5
654 #define ARCH_DLINFO \
655 do { \
656 NEW_AUX_ENT(AT_DCACHEBSIZE, 0x20); \
657 NEW_AUX_ENT(AT_ICACHEBSIZE, 0x20); \
658 NEW_AUX_ENT(AT_UCACHEBSIZE, 0); \
659 /* \
660 * Now handle glibc compatibility. \
661 */ \
662 NEW_AUX_ENT(AT_IGNOREPPC, AT_IGNOREPPC); \
663 NEW_AUX_ENT(AT_IGNOREPPC, AT_IGNOREPPC); \
664 } while (0)
665
666 static inline void init_thread(struct target_pt_regs *_regs, struct image_info *infop)
667 {
668 _regs->gpr[1] = infop->start_stack;
669 #if defined(TARGET_PPC64) && !defined(TARGET_ABI32)
670 _regs->gpr[2] = ldq_raw(infop->entry + 8) + infop->load_bias;
671 infop->entry = ldq_raw(infop->entry) + infop->load_bias;
672 #endif
673 _regs->nip = infop->entry;
674 }
675
676 /* See linux kernel: arch/powerpc/include/asm/elf.h. */
677 #define ELF_NREG 48
678 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
679
680 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUPPCState *env)
681 {
682 int i;
683 target_ulong ccr = 0;
684
685 for (i = 0; i < ARRAY_SIZE(env->gpr); i++) {
686 (*regs)[i] = tswapreg(env->gpr[i]);
687 }
688
689 (*regs)[32] = tswapreg(env->nip);
690 (*regs)[33] = tswapreg(env->msr);
691 (*regs)[35] = tswapreg(env->ctr);
692 (*regs)[36] = tswapreg(env->lr);
693 (*regs)[37] = tswapreg(env->xer);
694
695 for (i = 0; i < ARRAY_SIZE(env->crf); i++) {
696 ccr |= env->crf[i] << (32 - ((i + 1) * 4));
697 }
698 (*regs)[38] = tswapreg(ccr);
699 }
700
701 #define USE_ELF_CORE_DUMP
702 #define ELF_EXEC_PAGESIZE 4096
703
704 #endif
705
706 #ifdef TARGET_MIPS
707
708 #define ELF_START_MMAP 0x80000000
709
710 #define elf_check_arch(x) ( (x) == EM_MIPS )
711
712 #ifdef TARGET_MIPS64
713 #define ELF_CLASS ELFCLASS64
714 #else
715 #define ELF_CLASS ELFCLASS32
716 #endif
717 #define ELF_ARCH EM_MIPS
718
719 static inline void init_thread(struct target_pt_regs *regs,
720 struct image_info *infop)
721 {
722 regs->cp0_status = 2 << CP0St_KSU;
723 regs->cp0_epc = infop->entry;
724 regs->regs[29] = infop->start_stack;
725 }
726
727 /* See linux kernel: arch/mips/include/asm/elf.h. */
728 #define ELF_NREG 45
729 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
730
731 /* See linux kernel: arch/mips/include/asm/reg.h. */
732 enum {
733 #ifdef TARGET_MIPS64
734 TARGET_EF_R0 = 0,
735 #else
736 TARGET_EF_R0 = 6,
737 #endif
738 TARGET_EF_R26 = TARGET_EF_R0 + 26,
739 TARGET_EF_R27 = TARGET_EF_R0 + 27,
740 TARGET_EF_LO = TARGET_EF_R0 + 32,
741 TARGET_EF_HI = TARGET_EF_R0 + 33,
742 TARGET_EF_CP0_EPC = TARGET_EF_R0 + 34,
743 TARGET_EF_CP0_BADVADDR = TARGET_EF_R0 + 35,
744 TARGET_EF_CP0_STATUS = TARGET_EF_R0 + 36,
745 TARGET_EF_CP0_CAUSE = TARGET_EF_R0 + 37
746 };
747
748 /* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs. */
749 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUMIPSState *env)
750 {
751 int i;
752
753 for (i = 0; i < TARGET_EF_R0; i++) {
754 (*regs)[i] = 0;
755 }
756 (*regs)[TARGET_EF_R0] = 0;
757
758 for (i = 1; i < ARRAY_SIZE(env->active_tc.gpr); i++) {
759 (*regs)[TARGET_EF_R0 + i] = tswapreg(env->active_tc.gpr[i]);
760 }
761
762 (*regs)[TARGET_EF_R26] = 0;
763 (*regs)[TARGET_EF_R27] = 0;
764 (*regs)[TARGET_EF_LO] = tswapreg(env->active_tc.LO[0]);
765 (*regs)[TARGET_EF_HI] = tswapreg(env->active_tc.HI[0]);
766 (*regs)[TARGET_EF_CP0_EPC] = tswapreg(env->active_tc.PC);
767 (*regs)[TARGET_EF_CP0_BADVADDR] = tswapreg(env->CP0_BadVAddr);
768 (*regs)[TARGET_EF_CP0_STATUS] = tswapreg(env->CP0_Status);
769 (*regs)[TARGET_EF_CP0_CAUSE] = tswapreg(env->CP0_Cause);
770 }
771
772 #define USE_ELF_CORE_DUMP
773 #define ELF_EXEC_PAGESIZE 4096
774
775 #endif /* TARGET_MIPS */
776
777 #ifdef TARGET_MICROBLAZE
778
779 #define ELF_START_MMAP 0x80000000
780
781 #define elf_check_arch(x) ( (x) == EM_MICROBLAZE || (x) == EM_MICROBLAZE_OLD)
782
783 #define ELF_CLASS ELFCLASS32
784 #define ELF_ARCH EM_MICROBLAZE
785
786 static inline void init_thread(struct target_pt_regs *regs,
787 struct image_info *infop)
788 {
789 regs->pc = infop->entry;
790 regs->r1 = infop->start_stack;
791
792 }
793
794 #define ELF_EXEC_PAGESIZE 4096
795
796 #define USE_ELF_CORE_DUMP
797 #define ELF_NREG 38
798 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
799
800 /* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs. */
801 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUMBState *env)
802 {
803 int i, pos = 0;
804
805 for (i = 0; i < 32; i++) {
806 (*regs)[pos++] = tswapreg(env->regs[i]);
807 }
808
809 for (i = 0; i < 6; i++) {
810 (*regs)[pos++] = tswapreg(env->sregs[i]);
811 }
812 }
813
814 #endif /* TARGET_MICROBLAZE */
815
816 #ifdef TARGET_OPENRISC
817
818 #define ELF_START_MMAP 0x08000000
819
820 #define elf_check_arch(x) ((x) == EM_OPENRISC)
821
822 #define ELF_ARCH EM_OPENRISC
823 #define ELF_CLASS ELFCLASS32
824 #define ELF_DATA ELFDATA2MSB
825
826 static inline void init_thread(struct target_pt_regs *regs,
827 struct image_info *infop)
828 {
829 regs->pc = infop->entry;
830 regs->gpr[1] = infop->start_stack;
831 }
832
833 #define USE_ELF_CORE_DUMP
834 #define ELF_EXEC_PAGESIZE 8192
835
836 /* See linux kernel arch/openrisc/include/asm/elf.h. */
837 #define ELF_NREG 34 /* gprs and pc, sr */
838 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
839
840 static void elf_core_copy_regs(target_elf_gregset_t *regs,
841 const CPUOpenRISCState *env)
842 {
843 int i;
844
845 for (i = 0; i < 32; i++) {
846 (*regs)[i] = tswapreg(env->gpr[i]);
847 }
848
849 (*regs)[32] = tswapreg(env->pc);
850 (*regs)[33] = tswapreg(env->sr);
851 }
852 #define ELF_HWCAP 0
853 #define ELF_PLATFORM NULL
854
855 #endif /* TARGET_OPENRISC */
856
857 #ifdef TARGET_SH4
858
859 #define ELF_START_MMAP 0x80000000
860
861 #define elf_check_arch(x) ( (x) == EM_SH )
862
863 #define ELF_CLASS ELFCLASS32
864 #define ELF_ARCH EM_SH
865
866 static inline void init_thread(struct target_pt_regs *regs,
867 struct image_info *infop)
868 {
869 /* Check other registers XXXXX */
870 regs->pc = infop->entry;
871 regs->regs[15] = infop->start_stack;
872 }
873
874 /* See linux kernel: arch/sh/include/asm/elf.h. */
875 #define ELF_NREG 23
876 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
877
878 /* See linux kernel: arch/sh/include/asm/ptrace.h. */
879 enum {
880 TARGET_REG_PC = 16,
881 TARGET_REG_PR = 17,
882 TARGET_REG_SR = 18,
883 TARGET_REG_GBR = 19,
884 TARGET_REG_MACH = 20,
885 TARGET_REG_MACL = 21,
886 TARGET_REG_SYSCALL = 22
887 };
888
889 static inline void elf_core_copy_regs(target_elf_gregset_t *regs,
890 const CPUSH4State *env)
891 {
892 int i;
893
894 for (i = 0; i < 16; i++) {
895 (*regs[i]) = tswapreg(env->gregs[i]);
896 }
897
898 (*regs)[TARGET_REG_PC] = tswapreg(env->pc);
899 (*regs)[TARGET_REG_PR] = tswapreg(env->pr);
900 (*regs)[TARGET_REG_SR] = tswapreg(env->sr);
901 (*regs)[TARGET_REG_GBR] = tswapreg(env->gbr);
902 (*regs)[TARGET_REG_MACH] = tswapreg(env->mach);
903 (*regs)[TARGET_REG_MACL] = tswapreg(env->macl);
904 (*regs)[TARGET_REG_SYSCALL] = 0; /* FIXME */
905 }
906
907 #define USE_ELF_CORE_DUMP
908 #define ELF_EXEC_PAGESIZE 4096
909
910 #endif
911
912 #ifdef TARGET_CRIS
913
914 #define ELF_START_MMAP 0x80000000
915
916 #define elf_check_arch(x) ( (x) == EM_CRIS )
917
918 #define ELF_CLASS ELFCLASS32
919 #define ELF_ARCH EM_CRIS
920
921 static inline void init_thread(struct target_pt_regs *regs,
922 struct image_info *infop)
923 {
924 regs->erp = infop->entry;
925 }
926
927 #define ELF_EXEC_PAGESIZE 8192
928
929 #endif
930
931 #ifdef TARGET_M68K
932
933 #define ELF_START_MMAP 0x80000000
934
935 #define elf_check_arch(x) ( (x) == EM_68K )
936
937 #define ELF_CLASS ELFCLASS32
938 #define ELF_ARCH EM_68K
939
940 /* ??? Does this need to do anything?
941 #define ELF_PLAT_INIT(_r) */
942
943 static inline void init_thread(struct target_pt_regs *regs,
944 struct image_info *infop)
945 {
946 regs->usp = infop->start_stack;
947 regs->sr = 0;
948 regs->pc = infop->entry;
949 }
950
951 /* See linux kernel: arch/m68k/include/asm/elf.h. */
952 #define ELF_NREG 20
953 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
954
955 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUM68KState *env)
956 {
957 (*regs)[0] = tswapreg(env->dregs[1]);
958 (*regs)[1] = tswapreg(env->dregs[2]);
959 (*regs)[2] = tswapreg(env->dregs[3]);
960 (*regs)[3] = tswapreg(env->dregs[4]);
961 (*regs)[4] = tswapreg(env->dregs[5]);
962 (*regs)[5] = tswapreg(env->dregs[6]);
963 (*regs)[6] = tswapreg(env->dregs[7]);
964 (*regs)[7] = tswapreg(env->aregs[0]);
965 (*regs)[8] = tswapreg(env->aregs[1]);
966 (*regs)[9] = tswapreg(env->aregs[2]);
967 (*regs)[10] = tswapreg(env->aregs[3]);
968 (*regs)[11] = tswapreg(env->aregs[4]);
969 (*regs)[12] = tswapreg(env->aregs[5]);
970 (*regs)[13] = tswapreg(env->aregs[6]);
971 (*regs)[14] = tswapreg(env->dregs[0]);
972 (*regs)[15] = tswapreg(env->aregs[7]);
973 (*regs)[16] = tswapreg(env->dregs[0]); /* FIXME: orig_d0 */
974 (*regs)[17] = tswapreg(env->sr);
975 (*regs)[18] = tswapreg(env->pc);
976 (*regs)[19] = 0; /* FIXME: regs->format | regs->vector */
977 }
978
979 #define USE_ELF_CORE_DUMP
980 #define ELF_EXEC_PAGESIZE 8192
981
982 #endif
983
984 #ifdef TARGET_ALPHA
985
986 #define ELF_START_MMAP (0x30000000000ULL)
987
988 #define elf_check_arch(x) ( (x) == ELF_ARCH )
989
990 #define ELF_CLASS ELFCLASS64
991 #define ELF_ARCH EM_ALPHA
992
993 static inline void init_thread(struct target_pt_regs *regs,
994 struct image_info *infop)
995 {
996 regs->pc = infop->entry;
997 regs->ps = 8;
998 regs->usp = infop->start_stack;
999 }
1000
1001 #define ELF_EXEC_PAGESIZE 8192
1002
1003 #endif /* TARGET_ALPHA */
1004
1005 #ifdef TARGET_S390X
1006
1007 #define ELF_START_MMAP (0x20000000000ULL)
1008
1009 #define elf_check_arch(x) ( (x) == ELF_ARCH )
1010
1011 #define ELF_CLASS ELFCLASS64
1012 #define ELF_DATA ELFDATA2MSB
1013 #define ELF_ARCH EM_S390
1014
1015 static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop)
1016 {
1017 regs->psw.addr = infop->entry;
1018 regs->psw.mask = PSW_MASK_64 | PSW_MASK_32;
1019 regs->gprs[15] = infop->start_stack;
1020 }
1021
1022 #endif /* TARGET_S390X */
1023
1024 #ifndef ELF_PLATFORM
1025 #define ELF_PLATFORM (NULL)
1026 #endif
1027
1028 #ifndef ELF_HWCAP
1029 #define ELF_HWCAP 0
1030 #endif
1031
1032 #ifdef TARGET_ABI32
1033 #undef ELF_CLASS
1034 #define ELF_CLASS ELFCLASS32
1035 #undef bswaptls
1036 #define bswaptls(ptr) bswap32s(ptr)
1037 #endif
1038
1039 #include "elf.h"
1040
1041 struct exec
1042 {
1043 unsigned int a_info; /* Use macros N_MAGIC, etc for access */
1044 unsigned int a_text; /* length of text, in bytes */
1045 unsigned int a_data; /* length of data, in bytes */
1046 unsigned int a_bss; /* length of uninitialized data area, in bytes */
1047 unsigned int a_syms; /* length of symbol table data in file, in bytes */
1048 unsigned int a_entry; /* start address */
1049 unsigned int a_trsize; /* length of relocation info for text, in bytes */
1050 unsigned int a_drsize; /* length of relocation info for data, in bytes */
1051 };
1052
1053
1054 #define N_MAGIC(exec) ((exec).a_info & 0xffff)
1055 #define OMAGIC 0407
1056 #define NMAGIC 0410
1057 #define ZMAGIC 0413
1058 #define QMAGIC 0314
1059
1060 /* Necessary parameters */
1061 #define TARGET_ELF_EXEC_PAGESIZE TARGET_PAGE_SIZE
1062 #define TARGET_ELF_PAGESTART(_v) ((_v) & ~(unsigned long)(TARGET_ELF_EXEC_PAGESIZE-1))
1063 #define TARGET_ELF_PAGEOFFSET(_v) ((_v) & (TARGET_ELF_EXEC_PAGESIZE-1))
1064
1065 #define DLINFO_ITEMS 13
1066
1067 static inline void memcpy_fromfs(void * to, const void * from, unsigned long n)
1068 {
1069 memcpy(to, from, n);
1070 }
1071
1072 #ifdef BSWAP_NEEDED
1073 static void bswap_ehdr(struct elfhdr *ehdr)
1074 {
1075 bswap16s(&ehdr->e_type); /* Object file type */
1076 bswap16s(&ehdr->e_machine); /* Architecture */
1077 bswap32s(&ehdr->e_version); /* Object file version */
1078 bswaptls(&ehdr->e_entry); /* Entry point virtual address */
1079 bswaptls(&ehdr->e_phoff); /* Program header table file offset */
1080 bswaptls(&ehdr->e_shoff); /* Section header table file offset */
1081 bswap32s(&ehdr->e_flags); /* Processor-specific flags */
1082 bswap16s(&ehdr->e_ehsize); /* ELF header size in bytes */
1083 bswap16s(&ehdr->e_phentsize); /* Program header table entry size */
1084 bswap16s(&ehdr->e_phnum); /* Program header table entry count */
1085 bswap16s(&ehdr->e_shentsize); /* Section header table entry size */
1086 bswap16s(&ehdr->e_shnum); /* Section header table entry count */
1087 bswap16s(&ehdr->e_shstrndx); /* Section header string table index */
1088 }
1089
1090 static void bswap_phdr(struct elf_phdr *phdr, int phnum)
1091 {
1092 int i;
1093 for (i = 0; i < phnum; ++i, ++phdr) {
1094 bswap32s(&phdr->p_type); /* Segment type */
1095 bswap32s(&phdr->p_flags); /* Segment flags */
1096 bswaptls(&phdr->p_offset); /* Segment file offset */
1097 bswaptls(&phdr->p_vaddr); /* Segment virtual address */
1098 bswaptls(&phdr->p_paddr); /* Segment physical address */
1099 bswaptls(&phdr->p_filesz); /* Segment size in file */
1100 bswaptls(&phdr->p_memsz); /* Segment size in memory */
1101 bswaptls(&phdr->p_align); /* Segment alignment */
1102 }
1103 }
1104
1105 static void bswap_shdr(struct elf_shdr *shdr, int shnum)
1106 {
1107 int i;
1108 for (i = 0; i < shnum; ++i, ++shdr) {
1109 bswap32s(&shdr->sh_name);
1110 bswap32s(&shdr->sh_type);
1111 bswaptls(&shdr->sh_flags);
1112 bswaptls(&shdr->sh_addr);
1113 bswaptls(&shdr->sh_offset);
1114 bswaptls(&shdr->sh_size);
1115 bswap32s(&shdr->sh_link);
1116 bswap32s(&shdr->sh_info);
1117 bswaptls(&shdr->sh_addralign);
1118 bswaptls(&shdr->sh_entsize);
1119 }
1120 }
1121
1122 static void bswap_sym(struct elf_sym *sym)
1123 {
1124 bswap32s(&sym->st_name);
1125 bswaptls(&sym->st_value);
1126 bswaptls(&sym->st_size);
1127 bswap16s(&sym->st_shndx);
1128 }
1129 #else
1130 static inline void bswap_ehdr(struct elfhdr *ehdr) { }
1131 static inline void bswap_phdr(struct elf_phdr *phdr, int phnum) { }
1132 static inline void bswap_shdr(struct elf_shdr *shdr, int shnum) { }
1133 static inline void bswap_sym(struct elf_sym *sym) { }
1134 #endif
1135
1136 #ifdef USE_ELF_CORE_DUMP
1137 static int elf_core_dump(int, const CPUArchState *);
1138 #endif /* USE_ELF_CORE_DUMP */
1139 static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias);
1140
1141 /* Verify the portions of EHDR within E_IDENT for the target.
1142 This can be performed before bswapping the entire header. */
1143 static bool elf_check_ident(struct elfhdr *ehdr)
1144 {
1145 return (ehdr->e_ident[EI_MAG0] == ELFMAG0
1146 && ehdr->e_ident[EI_MAG1] == ELFMAG1
1147 && ehdr->e_ident[EI_MAG2] == ELFMAG2
1148 && ehdr->e_ident[EI_MAG3] == ELFMAG3
1149 && ehdr->e_ident[EI_CLASS] == ELF_CLASS
1150 && ehdr->e_ident[EI_DATA] == ELF_DATA
1151 && ehdr->e_ident[EI_VERSION] == EV_CURRENT);
1152 }
1153
1154 /* Verify the portions of EHDR outside of E_IDENT for the target.
1155 This has to wait until after bswapping the header. */
1156 static bool elf_check_ehdr(struct elfhdr *ehdr)
1157 {
1158 return (elf_check_arch(ehdr->e_machine)
1159 && ehdr->e_ehsize == sizeof(struct elfhdr)
1160 && ehdr->e_phentsize == sizeof(struct elf_phdr)
1161 && ehdr->e_shentsize == sizeof(struct elf_shdr)
1162 && (ehdr->e_type == ET_EXEC || ehdr->e_type == ET_DYN));
1163 }
1164
1165 /*
1166 * 'copy_elf_strings()' copies argument/envelope strings from user
1167 * memory to free pages in kernel mem. These are in a format ready
1168 * to be put directly into the top of new user memory.
1169 *
1170 */
1171 static abi_ulong copy_elf_strings(int argc,char ** argv, void **page,
1172 abi_ulong p)
1173 {
1174 char *tmp, *tmp1, *pag = NULL;
1175 int len, offset = 0;
1176
1177 if (!p) {
1178 return 0; /* bullet-proofing */
1179 }
1180 while (argc-- > 0) {
1181 tmp = argv[argc];
1182 if (!tmp) {
1183 fprintf(stderr, "VFS: argc is wrong");
1184 exit(-1);
1185 }
1186 tmp1 = tmp;
1187 while (*tmp++);
1188 len = tmp - tmp1;
1189 if (p < len) { /* this shouldn't happen - 128kB */
1190 return 0;
1191 }
1192 while (len) {
1193 --p; --tmp; --len;
1194 if (--offset < 0) {
1195 offset = p % TARGET_PAGE_SIZE;
1196 pag = (char *)page[p/TARGET_PAGE_SIZE];
1197 if (!pag) {
1198 pag = g_try_malloc0(TARGET_PAGE_SIZE);
1199 page[p/TARGET_PAGE_SIZE] = pag;
1200 if (!pag)
1201 return 0;
1202 }
1203 }
1204 if (len == 0 || offset == 0) {
1205 *(pag + offset) = *tmp;
1206 }
1207 else {
1208 int bytes_to_copy = (len > offset) ? offset : len;
1209 tmp -= bytes_to_copy;
1210 p -= bytes_to_copy;
1211 offset -= bytes_to_copy;
1212 len -= bytes_to_copy;
1213 memcpy_fromfs(pag + offset, tmp, bytes_to_copy + 1);
1214 }
1215 }
1216 }
1217 return p;
1218 }
1219
1220 static abi_ulong setup_arg_pages(abi_ulong p, struct linux_binprm *bprm,
1221 struct image_info *info)
1222 {
1223 abi_ulong stack_base, size, error, guard;
1224 int i;
1225
1226 /* Create enough stack to hold everything. If we don't use
1227 it for args, we'll use it for something else. */
1228 size = guest_stack_size;
1229 if (size < MAX_ARG_PAGES*TARGET_PAGE_SIZE) {
1230 size = MAX_ARG_PAGES*TARGET_PAGE_SIZE;
1231 }
1232 guard = TARGET_PAGE_SIZE;
1233 if (guard < qemu_real_host_page_size) {
1234 guard = qemu_real_host_page_size;
1235 }
1236
1237 error = target_mmap(0, size + guard, PROT_READ | PROT_WRITE,
1238 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
1239 if (error == -1) {
1240 perror("mmap stack");
1241 exit(-1);
1242 }
1243
1244 /* We reserve one extra page at the top of the stack as guard. */
1245 target_mprotect(error, guard, PROT_NONE);
1246
1247 info->stack_limit = error + guard;
1248 stack_base = info->stack_limit + size - MAX_ARG_PAGES*TARGET_PAGE_SIZE;
1249 p += stack_base;
1250
1251 for (i = 0 ; i < MAX_ARG_PAGES ; i++) {
1252 if (bprm->page[i]) {
1253 info->rss++;
1254 /* FIXME - check return value of memcpy_to_target() for failure */
1255 memcpy_to_target(stack_base, bprm->page[i], TARGET_PAGE_SIZE);
1256 g_free(bprm->page[i]);
1257 }
1258 stack_base += TARGET_PAGE_SIZE;
1259 }
1260 return p;
1261 }
1262
1263 /* Map and zero the bss. We need to explicitly zero any fractional pages
1264 after the data section (i.e. bss). */
1265 static void zero_bss(abi_ulong elf_bss, abi_ulong last_bss, int prot)
1266 {
1267 uintptr_t host_start, host_map_start, host_end;
1268
1269 last_bss = TARGET_PAGE_ALIGN(last_bss);
1270
1271 /* ??? There is confusion between qemu_real_host_page_size and
1272 qemu_host_page_size here and elsewhere in target_mmap, which
1273 may lead to the end of the data section mapping from the file
1274 not being mapped. At least there was an explicit test and
1275 comment for that here, suggesting that "the file size must
1276 be known". The comment probably pre-dates the introduction
1277 of the fstat system call in target_mmap which does in fact
1278 find out the size. What isn't clear is if the workaround
1279 here is still actually needed. For now, continue with it,
1280 but merge it with the "normal" mmap that would allocate the bss. */
1281
1282 host_start = (uintptr_t) g2h(elf_bss);
1283 host_end = (uintptr_t) g2h(last_bss);
1284 host_map_start = (host_start + qemu_real_host_page_size - 1);
1285 host_map_start &= -qemu_real_host_page_size;
1286
1287 if (host_map_start < host_end) {
1288 void *p = mmap((void *)host_map_start, host_end - host_map_start,
1289 prot, MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
1290 if (p == MAP_FAILED) {
1291 perror("cannot mmap brk");
1292 exit(-1);
1293 }
1294
1295 /* Since we didn't use target_mmap, make sure to record
1296 the validity of the pages with qemu. */
1297 page_set_flags(elf_bss & TARGET_PAGE_MASK, last_bss, prot|PAGE_VALID);
1298 }
1299
1300 if (host_start < host_map_start) {
1301 memset((void *)host_start, 0, host_map_start - host_start);
1302 }
1303 }
1304
1305 #ifdef CONFIG_USE_FDPIC
1306 static abi_ulong loader_build_fdpic_loadmap(struct image_info *info, abi_ulong sp)
1307 {
1308 uint16_t n;
1309 struct elf32_fdpic_loadseg *loadsegs = info->loadsegs;
1310
1311 /* elf32_fdpic_loadseg */
1312 n = info->nsegs;
1313 while (n--) {
1314 sp -= 12;
1315 put_user_u32(loadsegs[n].addr, sp+0);
1316 put_user_u32(loadsegs[n].p_vaddr, sp+4);
1317 put_user_u32(loadsegs[n].p_memsz, sp+8);
1318 }
1319
1320 /* elf32_fdpic_loadmap */
1321 sp -= 4;
1322 put_user_u16(0, sp+0); /* version */
1323 put_user_u16(info->nsegs, sp+2); /* nsegs */
1324
1325 info->personality = PER_LINUX_FDPIC;
1326 info->loadmap_addr = sp;
1327
1328 return sp;
1329 }
1330 #endif
1331
1332 static abi_ulong create_elf_tables(abi_ulong p, int argc, int envc,
1333 struct elfhdr *exec,
1334 struct image_info *info,
1335 struct image_info *interp_info)
1336 {
1337 abi_ulong sp;
1338 abi_ulong sp_auxv;
1339 int size;
1340 int i;
1341 abi_ulong u_rand_bytes;
1342 uint8_t k_rand_bytes[16];
1343 abi_ulong u_platform;
1344 const char *k_platform;
1345 const int n = sizeof(elf_addr_t);
1346
1347 sp = p;
1348
1349 #ifdef CONFIG_USE_FDPIC
1350 /* Needs to be before we load the env/argc/... */
1351 if (elf_is_fdpic(exec)) {
1352 /* Need 4 byte alignment for these structs */
1353 sp &= ~3;
1354 sp = loader_build_fdpic_loadmap(info, sp);
1355 info->other_info = interp_info;
1356 if (interp_info) {
1357 interp_info->other_info = info;
1358 sp = loader_build_fdpic_loadmap(interp_info, sp);
1359 }
1360 }
1361 #endif
1362
1363 u_platform = 0;
1364 k_platform = ELF_PLATFORM;
1365 if (k_platform) {
1366 size_t len = strlen(k_platform) + 1;
1367 sp -= (len + n - 1) & ~(n - 1);
1368 u_platform = sp;
1369 /* FIXME - check return value of memcpy_to_target() for failure */
1370 memcpy_to_target(sp, k_platform, len);
1371 }
1372
1373 /*
1374 * Generate 16 random bytes for userspace PRNG seeding (not
1375 * cryptically secure but it's not the aim of QEMU).
1376 */
1377 srand((unsigned int) time(NULL));
1378 for (i = 0; i < 16; i++) {
1379 k_rand_bytes[i] = rand();
1380 }
1381 sp -= 16;
1382 u_rand_bytes = sp;
1383 /* FIXME - check return value of memcpy_to_target() for failure */
1384 memcpy_to_target(sp, k_rand_bytes, 16);
1385
1386 /*
1387 * Force 16 byte _final_ alignment here for generality.
1388 */
1389 sp = sp &~ (abi_ulong)15;
1390 size = (DLINFO_ITEMS + 1) * 2;
1391 if (k_platform)
1392 size += 2;
1393 #ifdef DLINFO_ARCH_ITEMS
1394 size += DLINFO_ARCH_ITEMS * 2;
1395 #endif
1396 size += envc + argc + 2;
1397 size += 1; /* argc itself */
1398 size *= n;
1399 if (size & 15)
1400 sp -= 16 - (size & 15);
1401
1402 /* This is correct because Linux defines
1403 * elf_addr_t as Elf32_Off / Elf64_Off
1404 */
1405 #define NEW_AUX_ENT(id, val) do { \
1406 sp -= n; put_user_ual(val, sp); \
1407 sp -= n; put_user_ual(id, sp); \
1408 } while(0)
1409
1410 sp_auxv = sp;
1411 NEW_AUX_ENT (AT_NULL, 0);
1412
1413 /* There must be exactly DLINFO_ITEMS entries here. */
1414 NEW_AUX_ENT(AT_PHDR, (abi_ulong)(info->load_addr + exec->e_phoff));
1415 NEW_AUX_ENT(AT_PHENT, (abi_ulong)(sizeof (struct elf_phdr)));
1416 NEW_AUX_ENT(AT_PHNUM, (abi_ulong)(exec->e_phnum));
1417 NEW_AUX_ENT(AT_PAGESZ, (abi_ulong)(TARGET_PAGE_SIZE));
1418 NEW_AUX_ENT(AT_BASE, (abi_ulong)(interp_info ? interp_info->load_addr : 0));
1419 NEW_AUX_ENT(AT_FLAGS, (abi_ulong)0);
1420 NEW_AUX_ENT(AT_ENTRY, info->entry);
1421 NEW_AUX_ENT(AT_UID, (abi_ulong) getuid());
1422 NEW_AUX_ENT(AT_EUID, (abi_ulong) geteuid());
1423 NEW_AUX_ENT(AT_GID, (abi_ulong) getgid());
1424 NEW_AUX_ENT(AT_EGID, (abi_ulong) getegid());
1425 NEW_AUX_ENT(AT_HWCAP, (abi_ulong) ELF_HWCAP);
1426 NEW_AUX_ENT(AT_CLKTCK, (abi_ulong) sysconf(_SC_CLK_TCK));
1427 NEW_AUX_ENT(AT_RANDOM, (abi_ulong) u_rand_bytes);
1428
1429 if (k_platform)
1430 NEW_AUX_ENT(AT_PLATFORM, u_platform);
1431 #ifdef ARCH_DLINFO
1432 /*
1433 * ARCH_DLINFO must come last so platform specific code can enforce
1434 * special alignment requirements on the AUXV if necessary (eg. PPC).
1435 */
1436 ARCH_DLINFO;
1437 #endif
1438 #undef NEW_AUX_ENT
1439
1440 info->saved_auxv = sp;
1441 info->auxv_len = sp_auxv - sp;
1442
1443 sp = loader_build_argptr(envc, argc, sp, p, 0);
1444 return sp;
1445 }
1446
1447 #ifndef TARGET_HAS_VALIDATE_GUEST_SPACE
1448 /* If the guest doesn't have a validation function just agree */
1449 static int validate_guest_space(unsigned long guest_base,
1450 unsigned long guest_size)
1451 {
1452 return 1;
1453 }
1454 #endif
1455
1456 unsigned long init_guest_space(unsigned long host_start,
1457 unsigned long host_size,
1458 unsigned long guest_start,
1459 bool fixed)
1460 {
1461 unsigned long current_start, real_start;
1462 int flags;
1463
1464 assert(host_start || host_size);
1465
1466 /* If just a starting address is given, then just verify that
1467 * address. */
1468 if (host_start && !host_size) {
1469 if (validate_guest_space(host_start, host_size) == 1) {
1470 return host_start;
1471 } else {
1472 return (unsigned long)-1;
1473 }
1474 }
1475
1476 /* Setup the initial flags and start address. */
1477 current_start = host_start & qemu_host_page_mask;
1478 flags = MAP_ANONYMOUS | MAP_PRIVATE | MAP_NORESERVE;
1479 if (fixed) {
1480 flags |= MAP_FIXED;
1481 }
1482
1483 /* Otherwise, a non-zero size region of memory needs to be mapped
1484 * and validated. */
1485 while (1) {
1486 unsigned long real_size = host_size;
1487
1488 /* Do not use mmap_find_vma here because that is limited to the
1489 * guest address space. We are going to make the
1490 * guest address space fit whatever we're given.
1491 */
1492 real_start = (unsigned long)
1493 mmap((void *)current_start, host_size, PROT_NONE, flags, -1, 0);
1494 if (real_start == (unsigned long)-1) {
1495 return (unsigned long)-1;
1496 }
1497
1498 /* Ensure the address is properly aligned. */
1499 if (real_start & ~qemu_host_page_mask) {
1500 munmap((void *)real_start, host_size);
1501 real_size = host_size + qemu_host_page_size;
1502 real_start = (unsigned long)
1503 mmap((void *)real_start, real_size, PROT_NONE, flags, -1, 0);
1504 if (real_start == (unsigned long)-1) {
1505 return (unsigned long)-1;
1506 }
1507 real_start = HOST_PAGE_ALIGN(real_start);
1508 }
1509
1510 /* Check to see if the address is valid. */
1511 if (!host_start || real_start == current_start) {
1512 int valid = validate_guest_space(real_start - guest_start,
1513 real_size);
1514 if (valid == 1) {
1515 break;
1516 } else if (valid == -1) {
1517 return (unsigned long)-1;
1518 }
1519 /* valid == 0, so try again. */
1520 }
1521
1522 /* That address didn't work. Unmap and try a different one.
1523 * The address the host picked because is typically right at
1524 * the top of the host address space and leaves the guest with
1525 * no usable address space. Resort to a linear search. We
1526 * already compensated for mmap_min_addr, so this should not
1527 * happen often. Probably means we got unlucky and host
1528 * address space randomization put a shared library somewhere
1529 * inconvenient.
1530 */
1531 munmap((void *)real_start, host_size);
1532 current_start += qemu_host_page_size;
1533 if (host_start == current_start) {
1534 /* Theoretically possible if host doesn't have any suitably
1535 * aligned areas. Normally the first mmap will fail.
1536 */
1537 return (unsigned long)-1;
1538 }
1539 }
1540
1541 qemu_log("Reserved 0x%lx bytes of guest address space\n", host_size);
1542
1543 return real_start;
1544 }
1545
1546 static void probe_guest_base(const char *image_name,
1547 abi_ulong loaddr, abi_ulong hiaddr)
1548 {
1549 /* Probe for a suitable guest base address, if the user has not set
1550 * it explicitly, and set guest_base appropriately.
1551 * In case of error we will print a suitable message and exit.
1552 */
1553 #if defined(CONFIG_USE_GUEST_BASE)
1554 const char *errmsg;
1555 if (!have_guest_base && !reserved_va) {
1556 unsigned long host_start, real_start, host_size;
1557
1558 /* Round addresses to page boundaries. */
1559 loaddr &= qemu_host_page_mask;
1560 hiaddr = HOST_PAGE_ALIGN(hiaddr);
1561
1562 if (loaddr < mmap_min_addr) {
1563 host_start = HOST_PAGE_ALIGN(mmap_min_addr);
1564 } else {
1565 host_start = loaddr;
1566 if (host_start != loaddr) {
1567 errmsg = "Address overflow loading ELF binary";
1568 goto exit_errmsg;
1569 }
1570 }
1571 host_size = hiaddr - loaddr;
1572
1573 /* Setup the initial guest memory space with ranges gleaned from
1574 * the ELF image that is being loaded.
1575 */
1576 real_start = init_guest_space(host_start, host_size, loaddr, false);
1577 if (real_start == (unsigned long)-1) {
1578 errmsg = "Unable to find space for application";
1579 goto exit_errmsg;
1580 }
1581 guest_base = real_start - loaddr;
1582
1583 qemu_log("Relocating guest address space from 0x"
1584 TARGET_ABI_FMT_lx " to 0x%lx\n",
1585 loaddr, real_start);
1586 }
1587 return;
1588
1589 exit_errmsg:
1590 fprintf(stderr, "%s: %s\n", image_name, errmsg);
1591 exit(-1);
1592 #endif
1593 }
1594
1595
1596 /* Load an ELF image into the address space.
1597
1598 IMAGE_NAME is the filename of the image, to use in error messages.
1599 IMAGE_FD is the open file descriptor for the image.
1600
1601 BPRM_BUF is a copy of the beginning of the file; this of course
1602 contains the elf file header at offset 0. It is assumed that this
1603 buffer is sufficiently aligned to present no problems to the host
1604 in accessing data at aligned offsets within the buffer.
1605
1606 On return: INFO values will be filled in, as necessary or available. */
1607
1608 static void load_elf_image(const char *image_name, int image_fd,
1609 struct image_info *info, char **pinterp_name,
1610 char bprm_buf[BPRM_BUF_SIZE])
1611 {
1612 struct elfhdr *ehdr = (struct elfhdr *)bprm_buf;
1613 struct elf_phdr *phdr;
1614 abi_ulong load_addr, load_bias, loaddr, hiaddr, error;
1615 int i, retval;
1616 const char *errmsg;
1617
1618 /* First of all, some simple consistency checks */
1619 errmsg = "Invalid ELF image for this architecture";
1620 if (!elf_check_ident(ehdr)) {
1621 goto exit_errmsg;
1622 }
1623 bswap_ehdr(ehdr);
1624 if (!elf_check_ehdr(ehdr)) {
1625 goto exit_errmsg;
1626 }
1627
1628 i = ehdr->e_phnum * sizeof(struct elf_phdr);
1629 if (ehdr->e_phoff + i <= BPRM_BUF_SIZE) {
1630 phdr = (struct elf_phdr *)(bprm_buf + ehdr->e_phoff);
1631 } else {
1632 phdr = (struct elf_phdr *) alloca(i);
1633 retval = pread(image_fd, phdr, i, ehdr->e_phoff);
1634 if (retval != i) {
1635 goto exit_read;
1636 }
1637 }
1638 bswap_phdr(phdr, ehdr->e_phnum);
1639
1640 #ifdef CONFIG_USE_FDPIC
1641 info->nsegs = 0;
1642 info->pt_dynamic_addr = 0;
1643 #endif
1644
1645 /* Find the maximum size of the image and allocate an appropriate
1646 amount of memory to handle that. */
1647 loaddr = -1, hiaddr = 0;
1648 for (i = 0; i < ehdr->e_phnum; ++i) {
1649 if (phdr[i].p_type == PT_LOAD) {
1650 abi_ulong a = phdr[i].p_vaddr;
1651 if (a < loaddr) {
1652 loaddr = a;
1653 }
1654 a += phdr[i].p_memsz;
1655 if (a > hiaddr) {
1656 hiaddr = a;
1657 }
1658 #ifdef CONFIG_USE_FDPIC
1659 ++info->nsegs;
1660 #endif
1661 }
1662 }
1663
1664 load_addr = loaddr;
1665 if (ehdr->e_type == ET_DYN) {
1666 /* The image indicates that it can be loaded anywhere. Find a
1667 location that can hold the memory space required. If the
1668 image is pre-linked, LOADDR will be non-zero. Since we do
1669 not supply MAP_FIXED here we'll use that address if and
1670 only if it remains available. */
1671 load_addr = target_mmap(loaddr, hiaddr - loaddr, PROT_NONE,
1672 MAP_PRIVATE | MAP_ANON | MAP_NORESERVE,
1673 -1, 0);
1674 if (load_addr == -1) {
1675 goto exit_perror;
1676 }
1677 } else if (pinterp_name != NULL) {
1678 /* This is the main executable. Make sure that the low
1679 address does not conflict with MMAP_MIN_ADDR or the
1680 QEMU application itself. */
1681 probe_guest_base(image_name, loaddr, hiaddr);
1682 }
1683 load_bias = load_addr - loaddr;
1684
1685 #ifdef CONFIG_USE_FDPIC
1686 {
1687 struct elf32_fdpic_loadseg *loadsegs = info->loadsegs =
1688 g_malloc(sizeof(*loadsegs) * info->nsegs);
1689
1690 for (i = 0; i < ehdr->e_phnum; ++i) {
1691 switch (phdr[i].p_type) {
1692 case PT_DYNAMIC:
1693 info->pt_dynamic_addr = phdr[i].p_vaddr + load_bias;
1694 break;
1695 case PT_LOAD:
1696 loadsegs->addr = phdr[i].p_vaddr + load_bias;
1697 loadsegs->p_vaddr = phdr[i].p_vaddr;
1698 loadsegs->p_memsz = phdr[i].p_memsz;
1699 ++loadsegs;
1700 break;
1701 }
1702 }
1703 }
1704 #endif
1705
1706 info->load_bias = load_bias;
1707 info->load_addr = load_addr;
1708 info->entry = ehdr->e_entry + load_bias;
1709 info->start_code = -1;
1710 info->end_code = 0;
1711 info->start_data = -1;
1712 info->end_data = 0;
1713 info->brk = 0;
1714 info->elf_flags = ehdr->e_flags;
1715
1716 for (i = 0; i < ehdr->e_phnum; i++) {
1717 struct elf_phdr *eppnt = phdr + i;
1718 if (eppnt->p_type == PT_LOAD) {
1719 abi_ulong vaddr, vaddr_po, vaddr_ps, vaddr_ef, vaddr_em;
1720 int elf_prot = 0;
1721
1722 if (eppnt->p_flags & PF_R) elf_prot = PROT_READ;
1723 if (eppnt->p_flags & PF_W) elf_prot |= PROT_WRITE;
1724 if (eppnt->p_flags & PF_X) elf_prot |= PROT_EXEC;
1725
1726 vaddr = load_bias + eppnt->p_vaddr;
1727 vaddr_po = TARGET_ELF_PAGEOFFSET(vaddr);
1728 vaddr_ps = TARGET_ELF_PAGESTART(vaddr);
1729
1730 error = target_mmap(vaddr_ps, eppnt->p_filesz + vaddr_po,
1731 elf_prot, MAP_PRIVATE | MAP_FIXED,
1732 image_fd, eppnt->p_offset - vaddr_po);
1733 if (error == -1) {
1734 goto exit_perror;
1735 }
1736
1737 vaddr_ef = vaddr + eppnt->p_filesz;
1738 vaddr_em = vaddr + eppnt->p_memsz;
1739
1740 /* If the load segment requests extra zeros (e.g. bss), map it. */
1741 if (vaddr_ef < vaddr_em) {
1742 zero_bss(vaddr_ef, vaddr_em, elf_prot);
1743 }
1744
1745 /* Find the full program boundaries. */
1746 if (elf_prot & PROT_EXEC) {
1747 if (vaddr < info->start_code) {
1748 info->start_code = vaddr;
1749 }
1750 if (vaddr_ef > info->end_code) {
1751 info->end_code = vaddr_ef;
1752 }
1753 }
1754 if (elf_prot & PROT_WRITE) {
1755 if (vaddr < info->start_data) {
1756 info->start_data = vaddr;
1757 }
1758 if (vaddr_ef > info->end_data) {
1759 info->end_data = vaddr_ef;
1760 }
1761 if (vaddr_em > info->brk) {
1762 info->brk = vaddr_em;
1763 }
1764 }
1765 } else if (eppnt->p_type == PT_INTERP && pinterp_name) {
1766 char *interp_name;
1767
1768 if (*pinterp_name) {
1769 errmsg = "Multiple PT_INTERP entries";
1770 goto exit_errmsg;
1771 }
1772 interp_name = malloc(eppnt->p_filesz);
1773 if (!interp_name) {
1774 goto exit_perror;
1775 }
1776
1777 if (eppnt->p_offset + eppnt->p_filesz <= BPRM_BUF_SIZE) {
1778 memcpy(interp_name, bprm_buf + eppnt->p_offset,
1779 eppnt->p_filesz);
1780 } else {
1781 retval = pread(image_fd, interp_name, eppnt->p_filesz,
1782 eppnt->p_offset);
1783 if (retval != eppnt->p_filesz) {
1784 goto exit_perror;
1785 }
1786 }
1787 if (interp_name[eppnt->p_filesz - 1] != 0) {
1788 errmsg = "Invalid PT_INTERP entry";
1789 goto exit_errmsg;
1790 }
1791 *pinterp_name = interp_name;
1792 }
1793 }
1794
1795 if (info->end_data == 0) {
1796 info->start_data = info->end_code;
1797 info->end_data = info->end_code;
1798 info->brk = info->end_code;
1799 }
1800
1801 if (qemu_log_enabled()) {
1802 load_symbols(ehdr, image_fd, load_bias);
1803 }
1804
1805 close(image_fd);
1806 return;
1807
1808 exit_read:
1809 if (retval >= 0) {
1810 errmsg = "Incomplete read of file header";
1811 goto exit_errmsg;
1812 }
1813 exit_perror:
1814 errmsg = strerror(errno);
1815 exit_errmsg:
1816 fprintf(stderr, "%s: %s\n", image_name, errmsg);
1817 exit(-1);
1818 }
1819
1820 static void load_elf_interp(const char *filename, struct image_info *info,
1821 char bprm_buf[BPRM_BUF_SIZE])
1822 {
1823 int fd, retval;
1824
1825 fd = open(path(filename), O_RDONLY);
1826 if (fd < 0) {
1827 goto exit_perror;
1828 }
1829
1830 retval = read(fd, bprm_buf, BPRM_BUF_SIZE);
1831 if (retval < 0) {
1832 goto exit_perror;
1833 }
1834 if (retval < BPRM_BUF_SIZE) {
1835 memset(bprm_buf + retval, 0, BPRM_BUF_SIZE - retval);
1836 }
1837
1838 load_elf_image(filename, fd, info, NULL, bprm_buf);
1839 return;
1840
1841 exit_perror:
1842 fprintf(stderr, "%s: %s\n", filename, strerror(errno));
1843 exit(-1);
1844 }
1845
1846 static int symfind(const void *s0, const void *s1)
1847 {
1848 target_ulong addr = *(target_ulong *)s0;
1849 struct elf_sym *sym = (struct elf_sym *)s1;
1850 int result = 0;
1851 if (addr < sym->st_value) {
1852 result = -1;
1853 } else if (addr >= sym->st_value + sym->st_size) {
1854 result = 1;
1855 }
1856 return result;
1857 }
1858
1859 static const char *lookup_symbolxx(struct syminfo *s, target_ulong orig_addr)
1860 {
1861 #if ELF_CLASS == ELFCLASS32
1862 struct elf_sym *syms = s->disas_symtab.elf32;
1863 #else
1864 struct elf_sym *syms = s->disas_symtab.elf64;
1865 #endif
1866
1867 // binary search
1868 struct elf_sym *sym;
1869
1870 sym = bsearch(&orig_addr, syms, s->disas_num_syms, sizeof(*syms), symfind);
1871 if (sym != NULL) {
1872 return s->disas_strtab + sym->st_name;
1873 }
1874
1875 return "";
1876 }
1877
1878 /* FIXME: This should use elf_ops.h */
1879 static int symcmp(const void *s0, const void *s1)
1880 {
1881 struct elf_sym *sym0 = (struct elf_sym *)s0;
1882 struct elf_sym *sym1 = (struct elf_sym *)s1;
1883 return (sym0->st_value < sym1->st_value)
1884 ? -1
1885 : ((sym0->st_value > sym1->st_value) ? 1 : 0);
1886 }
1887
1888 /* Best attempt to load symbols from this ELF object. */
1889 static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias)
1890 {
1891 int i, shnum, nsyms, sym_idx = 0, str_idx = 0;
1892 struct elf_shdr *shdr;
1893 char *strings = NULL;
1894 struct syminfo *s = NULL;
1895 struct elf_sym *new_syms, *syms = NULL;
1896
1897 shnum = hdr->e_shnum;
1898 i = shnum * sizeof(struct elf_shdr);
1899 shdr = (struct elf_shdr *)alloca(i);
1900 if (pread(fd, shdr, i, hdr->e_shoff) != i) {
1901 return;
1902 }
1903
1904 bswap_shdr(shdr, shnum);
1905 for (i = 0; i < shnum; ++i) {
1906 if (shdr[i].sh_type == SHT_SYMTAB) {
1907 sym_idx = i;
1908 str_idx = shdr[i].sh_link;
1909 goto found;
1910 }
1911 }
1912
1913 /* There will be no symbol table if the file was stripped. */
1914 return;
1915
1916 found:
1917 /* Now know where the strtab and symtab are. Snarf them. */
1918 s = malloc(sizeof(*s));
1919 if (!s) {
1920 goto give_up;
1921 }
1922
1923 i = shdr[str_idx].sh_size;
1924 s->disas_strtab = strings = malloc(i);
1925 if (!strings || pread(fd, strings, i, shdr[str_idx].sh_offset) != i) {
1926 goto give_up;
1927 }
1928
1929 i = shdr[sym_idx].sh_size;
1930 syms = malloc(i);
1931 if (!syms || pread(fd, syms, i, shdr[sym_idx].sh_offset) != i) {
1932 goto give_up;
1933 }
1934
1935 nsyms = i / sizeof(struct elf_sym);
1936 for (i = 0; i < nsyms; ) {
1937 bswap_sym(syms + i);
1938 /* Throw away entries which we do not need. */
1939 if (syms[i].st_shndx == SHN_UNDEF
1940 || syms[i].st_shndx >= SHN_LORESERVE
1941 || ELF_ST_TYPE(syms[i].st_info) != STT_FUNC) {
1942 if (i < --nsyms) {
1943 syms[i] = syms[nsyms];
1944 }
1945 } else {
1946 #if defined(TARGET_ARM) || defined (TARGET_MIPS)
1947 /* The bottom address bit marks a Thumb or MIPS16 symbol. */
1948 syms[i].st_value &= ~(target_ulong)1;
1949 #endif
1950 syms[i].st_value += load_bias;
1951 i++;
1952 }
1953 }
1954
1955 /* No "useful" symbol. */
1956 if (nsyms == 0) {
1957 goto give_up;
1958 }
1959
1960 /* Attempt to free the storage associated with the local symbols
1961 that we threw away. Whether or not this has any effect on the
1962 memory allocation depends on the malloc implementation and how
1963 many symbols we managed to discard. */
1964 new_syms = realloc(syms, nsyms * sizeof(*syms));
1965 if (new_syms == NULL) {
1966 goto give_up;
1967 }
1968 syms = new_syms;
1969
1970 qsort(syms, nsyms, sizeof(*syms), symcmp);
1971
1972 s->disas_num_syms = nsyms;
1973 #if ELF_CLASS == ELFCLASS32
1974 s->disas_symtab.elf32 = syms;
1975 #else
1976 s->disas_symtab.elf64 = syms;
1977 #endif
1978 s->lookup_symbol = lookup_symbolxx;
1979 s->next = syminfos;
1980 syminfos = s;
1981
1982 return;
1983
1984 give_up:
1985 free(s);
1986 free(strings);
1987 free(syms);
1988 }
1989
1990 int load_elf_binary(struct linux_binprm * bprm, struct target_pt_regs * regs,
1991 struct image_info * info)
1992 {
1993 struct image_info interp_info;
1994 struct elfhdr elf_ex;
1995 char *elf_interpreter = NULL;
1996
1997 info->start_mmap = (abi_ulong)ELF_START_MMAP;
1998 info->mmap = 0;
1999 info->rss = 0;
2000
2001 load_elf_image(bprm->filename, bprm->fd, info,
2002 &elf_interpreter, bprm->buf);
2003
2004 /* ??? We need a copy of the elf header for passing to create_elf_tables.
2005 If we do nothing, we'll have overwritten this when we re-use bprm->buf
2006 when we load the interpreter. */
2007 elf_ex = *(struct elfhdr *)bprm->buf;
2008
2009 bprm->p = copy_elf_strings(1, &bprm->filename, bprm->page, bprm->p);
2010 bprm->p = copy_elf_strings(bprm->envc,bprm->envp,bprm->page,bprm->p);
2011 bprm->p = copy_elf_strings(bprm->argc,bprm->argv,bprm->page,bprm->p);
2012 if (!bprm->p) {
2013 fprintf(stderr, "%s: %s\n", bprm->filename, strerror(E2BIG));
2014 exit(-1);
2015 }
2016
2017 /* Do this so that we can load the interpreter, if need be. We will
2018 change some of these later */
2019 bprm->p = setup_arg_pages(bprm->p, bprm, info);
2020
2021 if (elf_interpreter) {
2022 load_elf_interp(elf_interpreter, &interp_info, bprm->buf);
2023
2024 /* If the program interpreter is one of these two, then assume
2025 an iBCS2 image. Otherwise assume a native linux image. */
2026
2027 if (strcmp(elf_interpreter, "/usr/lib/libc.so.1") == 0
2028 || strcmp(elf_interpreter, "/usr/lib/ld.so.1") == 0) {
2029 info->personality = PER_SVR4;
2030
2031 /* Why this, you ask??? Well SVr4 maps page 0 as read-only,
2032 and some applications "depend" upon this behavior. Since
2033 we do not have the power to recompile these, we emulate
2034 the SVr4 behavior. Sigh. */
2035 target_mmap(0, qemu_host_page_size, PROT_READ | PROT_EXEC,
2036 MAP_FIXED | MAP_PRIVATE, -1, 0);
2037 }
2038 }
2039
2040 bprm->p = create_elf_tables(bprm->p, bprm->argc, bprm->envc, &elf_ex,
2041 info, (elf_interpreter ? &interp_info : NULL));
2042 info->start_stack = bprm->p;
2043
2044 /* If we have an interpreter, set that as the program's entry point.
2045 Copy the load_bias as well, to help PPC64 interpret the entry
2046 point as a function descriptor. Do this after creating elf tables
2047 so that we copy the original program entry point into the AUXV. */
2048 if (elf_interpreter) {
2049 info->load_bias = interp_info.load_bias;
2050 info->entry = interp_info.entry;
2051 free(elf_interpreter);
2052 }
2053
2054 #ifdef USE_ELF_CORE_DUMP
2055 bprm->core_dump = &elf_core_dump;
2056 #endif
2057
2058 return 0;
2059 }
2060
2061 #ifdef USE_ELF_CORE_DUMP
2062 /*
2063 * Definitions to generate Intel SVR4-like core files.
2064 * These mostly have the same names as the SVR4 types with "target_elf_"
2065 * tacked on the front to prevent clashes with linux definitions,
2066 * and the typedef forms have been avoided. This is mostly like
2067 * the SVR4 structure, but more Linuxy, with things that Linux does
2068 * not support and which gdb doesn't really use excluded.
2069 *
2070 * Fields we don't dump (their contents is zero) in linux-user qemu
2071 * are marked with XXX.
2072 *
2073 * Core dump code is copied from linux kernel (fs/binfmt_elf.c).
2074 *
2075 * Porting ELF coredump for target is (quite) simple process. First you
2076 * define USE_ELF_CORE_DUMP in target ELF code (where init_thread() for
2077 * the target resides):
2078 *
2079 * #define USE_ELF_CORE_DUMP
2080 *
2081 * Next you define type of register set used for dumping. ELF specification
2082 * says that it needs to be array of elf_greg_t that has size of ELF_NREG.
2083 *
2084 * typedef <target_regtype> target_elf_greg_t;
2085 * #define ELF_NREG <number of registers>
2086 * typedef taret_elf_greg_t target_elf_gregset_t[ELF_NREG];
2087 *
2088 * Last step is to implement target specific function that copies registers
2089 * from given cpu into just specified register set. Prototype is:
2090 *
2091 * static void elf_core_copy_regs(taret_elf_gregset_t *regs,
2092 * const CPUArchState *env);
2093 *
2094 * Parameters:
2095 * regs - copy register values into here (allocated and zeroed by caller)
2096 * env - copy registers from here
2097 *
2098 * Example for ARM target is provided in this file.
2099 */
2100
2101 /* An ELF note in memory */
2102 struct memelfnote {
2103 const char *name;
2104 size_t namesz;
2105 size_t namesz_rounded;
2106 int type;
2107 size_t datasz;
2108 size_t datasz_rounded;
2109 void *data;
2110 size_t notesz;
2111 };
2112
2113 struct target_elf_siginfo {
2114 abi_int si_signo; /* signal number */
2115 abi_int si_code; /* extra code */
2116 abi_int si_errno; /* errno */
2117 };
2118
2119 struct target_elf_prstatus {
2120 struct target_elf_siginfo pr_info; /* Info associated with signal */
2121 abi_short pr_cursig; /* Current signal */
2122 abi_ulong pr_sigpend; /* XXX */
2123 abi_ulong pr_sighold; /* XXX */
2124 target_pid_t pr_pid;
2125 target_pid_t pr_ppid;
2126 target_pid_t pr_pgrp;
2127 target_pid_t pr_sid;
2128 struct target_timeval pr_utime; /* XXX User time */
2129 struct target_timeval pr_stime; /* XXX System time */
2130 struct target_timeval pr_cutime; /* XXX Cumulative user time */
2131 struct target_timeval pr_cstime; /* XXX Cumulative system time */
2132 target_elf_gregset_t pr_reg; /* GP registers */
2133 abi_int pr_fpvalid; /* XXX */
2134 };
2135
2136 #define ELF_PRARGSZ (80) /* Number of chars for args */
2137
2138 struct target_elf_prpsinfo {
2139 char pr_state; /* numeric process state */
2140 char pr_sname; /* char for pr_state */
2141 char pr_zomb; /* zombie */
2142 char pr_nice; /* nice val */
2143 abi_ulong pr_flag; /* flags */
2144 target_uid_t pr_uid;
2145 target_gid_t pr_gid;
2146 target_pid_t pr_pid, pr_ppid, pr_pgrp, pr_sid;
2147 /* Lots missing */
2148 char pr_fname[16]; /* filename of executable */
2149 char pr_psargs[ELF_PRARGSZ]; /* initial part of arg list */
2150 };
2151
2152 /* Here is the structure in which status of each thread is captured. */
2153 struct elf_thread_status {
2154 QTAILQ_ENTRY(elf_thread_status) ets_link;
2155 struct target_elf_prstatus prstatus; /* NT_PRSTATUS */
2156 #if 0
2157 elf_fpregset_t fpu; /* NT_PRFPREG */
2158 struct task_struct *thread;
2159 elf_fpxregset_t xfpu; /* ELF_CORE_XFPREG_TYPE */
2160 #endif
2161 struct memelfnote notes[1];
2162 int num_notes;
2163 };
2164
2165 struct elf_note_info {
2166 struct memelfnote *notes;
2167 struct target_elf_prstatus *prstatus; /* NT_PRSTATUS */
2168 struct target_elf_prpsinfo *psinfo; /* NT_PRPSINFO */
2169
2170 QTAILQ_HEAD(thread_list_head, elf_thread_status) thread_list;
2171 #if 0
2172 /*
2173 * Current version of ELF coredump doesn't support
2174 * dumping fp regs etc.
2175 */
2176 elf_fpregset_t *fpu;
2177 elf_fpxregset_t *xfpu;
2178 int thread_status_size;
2179 #endif
2180 int notes_size;
2181 int numnote;
2182 };
2183
2184 struct vm_area_struct {
2185 abi_ulong vma_start; /* start vaddr of memory region */
2186 abi_ulong vma_end; /* end vaddr of memory region */
2187 abi_ulong vma_flags; /* protection etc. flags for the region */
2188 QTAILQ_ENTRY(vm_area_struct) vma_link;
2189 };
2190
2191 struct mm_struct {
2192 QTAILQ_HEAD(, vm_area_struct) mm_mmap;
2193 int mm_count; /* number of mappings */
2194 };
2195
2196 static struct mm_struct *vma_init(void);
2197 static void vma_delete(struct mm_struct *);
2198 static int vma_add_mapping(struct mm_struct *, abi_ulong,
2199 abi_ulong, abi_ulong);
2200 static int vma_get_mapping_count(const struct mm_struct *);
2201 static struct vm_area_struct *vma_first(const struct mm_struct *);
2202 static struct vm_area_struct *vma_next(struct vm_area_struct *);
2203 static abi_ulong vma_dump_size(const struct vm_area_struct *);
2204 static int vma_walker(void *priv, abi_ulong start, abi_ulong end,
2205 unsigned long flags);
2206
2207 static void fill_elf_header(struct elfhdr *, int, uint16_t, uint32_t);
2208 static void fill_note(struct memelfnote *, const char *, int,
2209 unsigned int, void *);
2210 static void fill_prstatus(struct target_elf_prstatus *, const TaskState *, int);
2211 static int fill_psinfo(struct target_elf_prpsinfo *, const TaskState *);
2212 static void fill_auxv_note(struct memelfnote *, const TaskState *);
2213 static void fill_elf_note_phdr(struct elf_phdr *, int, off_t);
2214 static size_t note_size(const struct memelfnote *);
2215 static void free_note_info(struct elf_note_info *);
2216 static int fill_note_info(struct elf_note_info *, long, const CPUArchState *);
2217 static void fill_thread_info(struct elf_note_info *, const CPUArchState *);
2218 static int core_dump_filename(const TaskState *, char *, size_t);
2219
2220 static int dump_write(int, const void *, size_t);
2221 static int write_note(struct memelfnote *, int);
2222 static int write_note_info(struct elf_note_info *, int);
2223
2224 #ifdef BSWAP_NEEDED
2225 static void bswap_prstatus(struct target_elf_prstatus *prstatus)
2226 {
2227 prstatus->pr_info.si_signo = tswap32(prstatus->pr_info.si_signo);
2228 prstatus->pr_info.si_code = tswap32(prstatus->pr_info.si_code);
2229 prstatus->pr_info.si_errno = tswap32(prstatus->pr_info.si_errno);
2230 prstatus->pr_cursig = tswap16(prstatus->pr_cursig);
2231 prstatus->pr_sigpend = tswapal(prstatus->pr_sigpend);
2232 prstatus->pr_sighold = tswapal(prstatus->pr_sighold);
2233 prstatus->pr_pid = tswap32(prstatus->pr_pid);
2234 prstatus->pr_ppid = tswap32(prstatus->pr_ppid);
2235 prstatus->pr_pgrp = tswap32(prstatus->pr_pgrp);
2236 prstatus->pr_sid = tswap32(prstatus->pr_sid);
2237 /* cpu times are not filled, so we skip them */
2238 /* regs should be in correct format already */
2239 prstatus->pr_fpvalid = tswap32(prstatus->pr_fpvalid);
2240 }
2241
2242 static void bswap_psinfo(struct target_elf_prpsinfo *psinfo)
2243 {
2244 psinfo->pr_flag = tswapal(psinfo->pr_flag);
2245 psinfo->pr_uid = tswap16(psinfo->pr_uid);
2246 psinfo->pr_gid = tswap16(psinfo->pr_gid);
2247 psinfo->pr_pid = tswap32(psinfo->pr_pid);
2248 psinfo->pr_ppid = tswap32(psinfo->pr_ppid);
2249 psinfo->pr_pgrp = tswap32(psinfo->pr_pgrp);
2250 psinfo->pr_sid = tswap32(psinfo->pr_sid);
2251 }
2252
2253 static void bswap_note(struct elf_note *en)
2254 {
2255 bswap32s(&en->n_namesz);
2256 bswap32s(&en->n_descsz);
2257 bswap32s(&en->n_type);
2258 }
2259 #else
2260 static inline void bswap_prstatus(struct target_elf_prstatus *p) { }
2261 static inline void bswap_psinfo(struct target_elf_prpsinfo *p) {}
2262 static inline void bswap_note(struct elf_note *en) { }
2263 #endif /* BSWAP_NEEDED */
2264
2265 /*
2266 * Minimal support for linux memory regions. These are needed
2267 * when we are finding out what memory exactly belongs to
2268 * emulated process. No locks needed here, as long as
2269 * thread that received the signal is stopped.
2270 */
2271
2272 static struct mm_struct *vma_init(void)
2273 {
2274 struct mm_struct *mm;
2275
2276 if ((mm = g_malloc(sizeof (*mm))) == NULL)
2277 return (NULL);
2278
2279 mm->mm_count = 0;
2280 QTAILQ_INIT(&mm->mm_mmap);
2281
2282 return (mm);
2283 }
2284
2285 static void vma_delete(struct mm_struct *mm)
2286 {
2287 struct vm_area_struct *vma;
2288
2289 while ((vma = vma_first(mm)) != NULL) {
2290 QTAILQ_REMOVE(&mm->mm_mmap, vma, vma_link);
2291 g_free(vma);
2292 }
2293 g_free(mm);
2294 }
2295
2296 static int vma_add_mapping(struct mm_struct *mm, abi_ulong start,
2297 abi_ulong end, abi_ulong flags)
2298 {
2299 struct vm_area_struct *vma;
2300
2301 if ((vma = g_malloc0(sizeof (*vma))) == NULL)
2302 return (-1);
2303
2304 vma->vma_start = start;
2305 vma->vma_end = end;
2306 vma->vma_flags = flags;
2307
2308 QTAILQ_INSERT_TAIL(&mm->mm_mmap, vma, vma_link);
2309 mm->mm_count++;
2310
2311 return (0);
2312 }
2313
2314 static struct vm_area_struct *vma_first(const struct mm_struct *mm)
2315 {
2316 return (QTAILQ_FIRST(&mm->mm_mmap));
2317 }
2318
2319 static struct vm_area_struct *vma_next(struct vm_area_struct *vma)
2320 {
2321 return (QTAILQ_NEXT(vma, vma_link));
2322 }
2323
2324 static int vma_get_mapping_count(const struct mm_struct *mm)
2325 {
2326 return (mm->mm_count);
2327 }
2328
2329 /*
2330 * Calculate file (dump) size of given memory region.
2331 */
2332 static abi_ulong vma_dump_size(const struct vm_area_struct *vma)
2333 {
2334 /* if we cannot even read the first page, skip it */
2335 if (!access_ok(VERIFY_READ, vma->vma_start, TARGET_PAGE_SIZE))
2336 return (0);
2337
2338 /*
2339 * Usually we don't dump executable pages as they contain
2340 * non-writable code that debugger can read directly from
2341 * target library etc. However, thread stacks are marked
2342 * also executable so we read in first page of given region
2343 * and check whether it contains elf header. If there is
2344 * no elf header, we dump it.
2345 */
2346 if (vma->vma_flags & PROT_EXEC) {
2347 char page[TARGET_PAGE_SIZE];
2348
2349 copy_from_user(page, vma->vma_start, sizeof (page));
2350 if ((page[EI_MAG0] == ELFMAG0) &&
2351 (page[EI_MAG1] == ELFMAG1) &&
2352 (page[EI_MAG2] == ELFMAG2) &&
2353 (page[EI_MAG3] == ELFMAG3)) {
2354 /*
2355 * Mappings are possibly from ELF binary. Don't dump
2356 * them.
2357 */
2358 return (0);
2359 }
2360 }
2361
2362 return (vma->vma_end - vma->vma_start);
2363 }
2364
2365 static int vma_walker(void *priv, abi_ulong start, abi_ulong end,
2366 unsigned long flags)
2367 {
2368 struct mm_struct *mm = (struct mm_struct *)priv;
2369
2370 vma_add_mapping(mm, start, end, flags);
2371 return (0);
2372 }
2373
2374 static void fill_note(struct memelfnote *note, const char *name, int type,
2375 unsigned int sz, void *data)
2376 {
2377 unsigned int namesz;
2378
2379 namesz = strlen(name) + 1;
2380 note->name = name;
2381 note->namesz = namesz;
2382 note->namesz_rounded = roundup(namesz, sizeof (int32_t));
2383 note->type = type;
2384 note->datasz = sz;
2385 note->datasz_rounded = roundup(sz, sizeof (int32_t));
2386
2387 note->data = data;
2388
2389 /*
2390 * We calculate rounded up note size here as specified by
2391 * ELF document.
2392 */
2393 note->notesz = sizeof (struct elf_note) +
2394 note->namesz_rounded + note->datasz_rounded;
2395 }
2396
2397 static void fill_elf_header(struct elfhdr *elf, int segs, uint16_t machine,
2398 uint32_t flags)
2399 {
2400 (void) memset(elf, 0, sizeof(*elf));
2401
2402 (void) memcpy(elf->e_ident, ELFMAG, SELFMAG);
2403 elf->e_ident[EI_CLASS] = ELF_CLASS;
2404 elf->e_ident[EI_DATA] = ELF_DATA;
2405 elf->e_ident[EI_VERSION] = EV_CURRENT;
2406 elf->e_ident[EI_OSABI] = ELF_OSABI;
2407
2408 elf->e_type = ET_CORE;
2409 elf->e_machine = machine;
2410 elf->e_version = EV_CURRENT;
2411 elf->e_phoff = sizeof(struct elfhdr);
2412 elf->e_flags = flags;
2413 elf->e_ehsize = sizeof(struct elfhdr);
2414 elf->e_phentsize = sizeof(struct elf_phdr);
2415 elf->e_phnum = segs;
2416
2417 bswap_ehdr(elf);
2418 }
2419
2420 static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, off_t offset)
2421 {
2422 phdr->p_type = PT_NOTE;
2423 phdr->p_offset = offset;
2424 phdr->p_vaddr = 0;
2425 phdr->p_paddr = 0;
2426 phdr->p_filesz = sz;
2427 phdr->p_memsz = 0;
2428 phdr->p_flags = 0;
2429 phdr->p_align = 0;
2430
2431 bswap_phdr(phdr, 1);
2432 }
2433
2434 static size_t note_size(const struct memelfnote *note)
2435 {
2436 return (note->notesz);
2437 }
2438
2439 static void fill_prstatus(struct target_elf_prstatus *prstatus,
2440 const TaskState *ts, int signr)
2441 {
2442 (void) memset(prstatus, 0, sizeof (*prstatus));
2443 prstatus->pr_info.si_signo = prstatus->pr_cursig = signr;
2444 prstatus->pr_pid = ts->ts_tid;
2445 prstatus->pr_ppid = getppid();
2446 prstatus->pr_pgrp = getpgrp();
2447 prstatus->pr_sid = getsid(0);
2448
2449 bswap_prstatus(prstatus);
2450 }
2451
2452 static int fill_psinfo(struct target_elf_prpsinfo *psinfo, const TaskState *ts)
2453 {
2454 char *base_filename;
2455 unsigned int i, len;
2456
2457 (void) memset(psinfo, 0, sizeof (*psinfo));
2458
2459 len = ts->info->arg_end - ts->info->arg_start;
2460 if (len >= ELF_PRARGSZ)
2461 len = ELF_PRARGSZ - 1;
2462 if (copy_from_user(&psinfo->pr_psargs, ts->info->arg_start, len))
2463 return -EFAULT;
2464 for (i = 0; i < len; i++)
2465 if (psinfo->pr_psargs[i] == 0)
2466 psinfo->pr_psargs[i] = ' ';
2467 psinfo->pr_psargs[len] = 0;
2468
2469 psinfo->pr_pid = getpid();
2470 psinfo->pr_ppid = getppid();
2471 psinfo->pr_pgrp = getpgrp();
2472 psinfo->pr_sid = getsid(0);
2473 psinfo->pr_uid = getuid();
2474 psinfo->pr_gid = getgid();
2475
2476 base_filename = g_path_get_basename(ts->bprm->filename);
2477 /*
2478 * Using strncpy here is fine: at max-length,
2479 * this field is not NUL-terminated.
2480 */
2481 (void) strncpy(psinfo->pr_fname, base_filename,
2482 sizeof(psinfo->pr_fname));
2483
2484 g_free(base_filename);
2485 bswap_psinfo(psinfo);
2486 return (0);
2487 }
2488
2489 static void fill_auxv_note(struct memelfnote *note, const TaskState *ts)
2490 {
2491 elf_addr_t auxv = (elf_addr_t)ts->info->saved_auxv;
2492 elf_addr_t orig_auxv = auxv;
2493 void *ptr;
2494 int len = ts->info->auxv_len;
2495
2496 /*
2497 * Auxiliary vector is stored in target process stack. It contains
2498 * {type, value} pairs that we need to dump into note. This is not
2499 * strictly necessary but we do it here for sake of completeness.
2500 */
2501
2502 /* read in whole auxv vector and copy it to memelfnote */
2503 ptr = lock_user(VERIFY_READ, orig_auxv, len, 0);
2504 if (ptr != NULL) {
2505 fill_note(note, "CORE", NT_AUXV, len, ptr);
2506 unlock_user(ptr, auxv, len);
2507 }
2508 }
2509
2510 /*
2511 * Constructs name of coredump file. We have following convention
2512 * for the name:
2513 * qemu_<basename-of-target-binary>_<date>-<time>_<pid>.core
2514 *
2515 * Returns 0 in case of success, -1 otherwise (errno is set).
2516 */
2517 static int core_dump_filename(const TaskState *ts, char *buf,
2518 size_t bufsize)
2519 {
2520 char timestamp[64];
2521 char *filename = NULL;
2522 char *base_filename = NULL;
2523 struct timeval tv;
2524 struct tm tm;
2525
2526 assert(bufsize >= PATH_MAX);
2527
2528 if (gettimeofday(&tv, NULL) < 0) {
2529 (void) fprintf(stderr, "unable to get current timestamp: %s",
2530 strerror(errno));
2531 return (-1);
2532 }
2533
2534 filename = strdup(ts->bprm->filename);
2535 base_filename = strdup(basename(filename));
2536 (void) strftime(timestamp, sizeof (timestamp), "%Y%m%d-%H%M%S",
2537 localtime_r(&tv.tv_sec, &tm));
2538 (void) snprintf(buf, bufsize, "qemu_%s_%s_%d.core",
2539 base_filename, timestamp, (int)getpid());
2540 free(base_filename);
2541 free(filename);
2542
2543 return (0);
2544 }
2545
2546 static int dump_write(int fd, const void *ptr, size_t size)
2547 {
2548 const char *bufp = (const char *)ptr;
2549 ssize_t bytes_written, bytes_left;
2550 struct rlimit dumpsize;
2551 off_t pos;
2552
2553 bytes_written = 0;
2554 getrlimit(RLIMIT_CORE, &dumpsize);
2555 if ((pos = lseek(fd, 0, SEEK_CUR))==-1) {
2556 if (errno == ESPIPE) { /* not a seekable stream */
2557 bytes_left = size;
2558 } else {
2559 return pos;
2560 }
2561 } else {
2562 if (dumpsize.rlim_cur <= pos) {
2563 return -1;
2564 } else if (dumpsize.rlim_cur == RLIM_INFINITY) {
2565 bytes_left = size;
2566 } else {
2567 size_t limit_left=dumpsize.rlim_cur - pos;
2568 bytes_left = limit_left >= size ? size : limit_left ;
2569 }
2570 }
2571
2572 /*
2573 * In normal conditions, single write(2) should do but
2574 * in case of socket etc. this mechanism is more portable.
2575 */
2576 do {
2577 bytes_written = write(fd, bufp, bytes_left);
2578 if (bytes_written < 0) {
2579 if (errno == EINTR)
2580 continue;
2581 return (-1);
2582 } else if (bytes_written == 0) { /* eof */
2583 return (-1);
2584 }
2585 bufp += bytes_written;
2586 bytes_left -= bytes_written;
2587 } while (bytes_left > 0);
2588
2589 return (0);
2590 }
2591
2592 static int write_note(struct memelfnote *men, int fd)
2593 {
2594 struct elf_note en;
2595
2596 en.n_namesz = men->namesz;
2597 en.n_type = men->type;
2598 en.n_descsz = men->datasz;
2599
2600 bswap_note(&en);
2601
2602 if (dump_write(fd, &en, sizeof(en)) != 0)
2603 return (-1);
2604 if (dump_write(fd, men->name, men->namesz_rounded) != 0)
2605 return (-1);
2606 if (dump_write(fd, men->data, men->datasz_rounded) != 0)
2607 return (-1);
2608
2609 return (0);
2610 }
2611
2612 static void fill_thread_info(struct elf_note_info *info, const CPUArchState *env)
2613 {
2614 TaskState *ts = (TaskState *)env->opaque;
2615 struct elf_thread_status *ets;
2616
2617 ets = g_malloc0(sizeof (*ets));
2618 ets->num_notes = 1; /* only prstatus is dumped */
2619 fill_prstatus(&ets->prstatus, ts, 0);
2620 elf_core_copy_regs(&ets->prstatus.pr_reg, env);
2621 fill_note(&ets->notes[0], "CORE", NT_PRSTATUS, sizeof (ets->prstatus),
2622 &ets->prstatus);
2623
2624 QTAILQ_INSERT_TAIL(&info->thread_list, ets, ets_link);
2625
2626 info->notes_size += note_size(&ets->notes[0]);
2627 }
2628
2629 static int fill_note_info(struct elf_note_info *info,
2630 long signr, const CPUArchState *env)
2631 {
2632 #define NUMNOTES 3
2633 CPUState *cpu = NULL;
2634 TaskState *ts = (TaskState *)env->opaque;
2635 int i;
2636
2637 (void) memset(info, 0, sizeof (*info));
2638
2639 QTAILQ_INIT(&info->thread_list);
2640
2641 info->notes = g_malloc0(NUMNOTES * sizeof (struct memelfnote));
2642 if (info->notes == NULL)
2643 return (-ENOMEM);
2644 info->prstatus = g_malloc0(sizeof (*info->prstatus));
2645 if (info->prstatus == NULL)
2646 return (-ENOMEM);
2647 info->psinfo = g_malloc0(sizeof (*info->psinfo));
2648 if (info->prstatus == NULL)
2649 return (-ENOMEM);
2650
2651 /*
2652 * First fill in status (and registers) of current thread
2653 * including process info & aux vector.
2654 */
2655 fill_prstatus(info->prstatus, ts, signr);
2656 elf_core_copy_regs(&info->prstatus->pr_reg, env);
2657 fill_note(&info->notes[0], "CORE", NT_PRSTATUS,
2658 sizeof (*info->prstatus), info->prstatus);
2659 fill_psinfo(info->psinfo, ts);
2660 fill_note(&info->notes[1], "CORE", NT_PRPSINFO,
2661 sizeof (*info->psinfo), info->psinfo);
2662 fill_auxv_note(&info->notes[2], ts);
2663 info->numnote = 3;
2664
2665 info->notes_size = 0;
2666 for (i = 0; i < info->numnote; i++)
2667 info->notes_size += note_size(&info->notes[i]);
2668
2669 /* read and fill status of all threads */
2670 cpu_list_lock();
2671 for (cpu = first_cpu; cpu != NULL; cpu = cpu->next_cpu) {
2672 if (cpu == thread_cpu) {
2673 continue;
2674 }
2675 fill_thread_info(info, (CPUArchState *)cpu->env_ptr);
2676 }
2677 cpu_list_unlock();
2678
2679 return (0);
2680 }
2681
2682 static void free_note_info(struct elf_note_info *info)
2683 {
2684 struct elf_thread_status *ets;
2685
2686 while (!QTAILQ_EMPTY(&info->thread_list)) {
2687 ets = QTAILQ_FIRST(&info->thread_list);
2688 QTAILQ_REMOVE(&info->thread_list, ets, ets_link);
2689 g_free(ets);
2690 }
2691
2692 g_free(info->prstatus);
2693 g_free(info->psinfo);
2694 g_free(info->notes);
2695 }
2696
2697 static int write_note_info(struct elf_note_info *info, int fd)
2698 {
2699 struct elf_thread_status *ets;
2700 int i, error = 0;
2701
2702 /* write prstatus, psinfo and auxv for current thread */
2703 for (i = 0; i < info->numnote; i++)
2704 if ((error = write_note(&info->notes[i], fd)) != 0)
2705 return (error);
2706
2707 /* write prstatus for each thread */
2708 for (ets = info->thread_list.tqh_first; ets != NULL;
2709 ets = ets->ets_link.tqe_next) {
2710 if ((error = write_note(&ets->notes[0], fd)) != 0)
2711 return (error);
2712 }
2713
2714 return (0);
2715 }
2716
2717 /*
2718 * Write out ELF coredump.
2719 *
2720 * See documentation of ELF object file format in:
2721 * http://www.caldera.com/developers/devspecs/gabi41.pdf
2722 *
2723 * Coredump format in linux is following:
2724 *
2725 * 0 +----------------------+ \
2726 * | ELF header | ET_CORE |
2727 * +----------------------+ |
2728 * | ELF program headers | |--- headers
2729 * | - NOTE section | |
2730 * | - PT_LOAD sections | |
2731 * +----------------------+ /
2732 * | NOTEs: |
2733 * | - NT_PRSTATUS |
2734 * | - NT_PRSINFO |
2735 * | - NT_AUXV |
2736 * +----------------------+ <-- aligned to target page
2737 * | Process memory dump |
2738 * : :
2739 * . .
2740 * : :
2741 * | |
2742 * +----------------------+
2743 *
2744 * NT_PRSTATUS -> struct elf_prstatus (per thread)
2745 * NT_PRSINFO -> struct elf_prpsinfo
2746 * NT_AUXV is array of { type, value } pairs (see fill_auxv_note()).
2747 *
2748 * Format follows System V format as close as possible. Current
2749 * version limitations are as follows:
2750 * - no floating point registers are dumped
2751 *
2752 * Function returns 0 in case of success, negative errno otherwise.
2753 *
2754 * TODO: make this work also during runtime: it should be
2755 * possible to force coredump from running process and then
2756 * continue processing. For example qemu could set up SIGUSR2
2757 * handler (provided that target process haven't registered
2758 * handler for that) that does the dump when signal is received.
2759 */
2760 static int elf_core_dump(int signr, const CPUArchState *env)
2761 {
2762 const TaskState *ts = (const TaskState *)env->opaque;
2763 struct vm_area_struct *vma = NULL;
2764 char corefile[PATH_MAX];
2765 struct elf_note_info info;
2766 struct elfhdr elf;
2767 struct elf_phdr phdr;
2768 struct rlimit dumpsize;
2769 struct mm_struct *mm = NULL;
2770 off_t offset = 0, data_offset = 0;
2771 int segs = 0;
2772 int fd = -1;
2773
2774 errno = 0;
2775 getrlimit(RLIMIT_CORE, &dumpsize);
2776 if (dumpsize.rlim_cur == 0)
2777 return 0;
2778
2779 if (core_dump_filename(ts, corefile, sizeof (corefile)) < 0)
2780 return (-errno);
2781
2782 if ((fd = open(corefile, O_WRONLY | O_CREAT,
2783 S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)) < 0)
2784 return (-errno);
2785
2786 /*
2787 * Walk through target process memory mappings and
2788 * set up structure containing this information. After
2789 * this point vma_xxx functions can be used.
2790 */
2791 if ((mm = vma_init()) == NULL)
2792 goto out;
2793
2794 walk_memory_regions(mm, vma_walker);
2795 segs = vma_get_mapping_count(mm);
2796
2797 /*
2798 * Construct valid coredump ELF header. We also
2799 * add one more segment for notes.
2800 */
2801 fill_elf_header(&elf, segs + 1, ELF_MACHINE, 0);
2802 if (dump_write(fd, &elf, sizeof (elf)) != 0)
2803 goto out;
2804
2805 /* fill in in-memory version of notes */
2806 if (fill_note_info(&info, signr, env) < 0)
2807 goto out;
2808
2809 offset += sizeof (elf); /* elf header */
2810 offset += (segs + 1) * sizeof (struct elf_phdr); /* program headers */
2811
2812 /* write out notes program header */
2813 fill_elf_note_phdr(&phdr, info.notes_size, offset);
2814
2815 offset += info.notes_size;
2816 if (dump_write(fd, &phdr, sizeof (phdr)) != 0)
2817 goto out;
2818
2819 /*
2820 * ELF specification wants data to start at page boundary so
2821 * we align it here.
2822 */
2823 data_offset = offset = roundup(offset, ELF_EXEC_PAGESIZE);
2824
2825 /*
2826 * Write program headers for memory regions mapped in
2827 * the target process.
2828 */
2829 for (vma = vma_first(mm); vma != NULL; vma = vma_next(vma)) {
2830 (void) memset(&phdr, 0, sizeof (phdr));
2831
2832 phdr.p_type = PT_LOAD;
2833 phdr.p_offset = offset;
2834 phdr.p_vaddr = vma->vma_start;
2835 phdr.p_paddr = 0;
2836 phdr.p_filesz = vma_dump_size(vma);
2837 offset += phdr.p_filesz;
2838 phdr.p_memsz = vma->vma_end - vma->vma_start;
2839 phdr.p_flags = vma->vma_flags & PROT_READ ? PF_R : 0;
2840 if (vma->vma_flags & PROT_WRITE)
2841 phdr.p_flags |= PF_W;
2842 if (vma->vma_flags & PROT_EXEC)
2843 phdr.p_flags |= PF_X;
2844 phdr.p_align = ELF_EXEC_PAGESIZE;
2845
2846 bswap_phdr(&phdr, 1);
2847 dump_write(fd, &phdr, sizeof (phdr));
2848 }
2849
2850 /*
2851 * Next we write notes just after program headers. No
2852 * alignment needed here.
2853 */
2854 if (write_note_info(&info, fd) < 0)
2855 goto out;
2856
2857 /* align data to page boundary */
2858 if (lseek(fd, data_offset, SEEK_SET) != data_offset)
2859 goto out;
2860
2861 /*
2862 * Finally we can dump process memory into corefile as well.
2863 */
2864 for (vma = vma_first(mm); vma != NULL; vma = vma_next(vma)) {
2865 abi_ulong addr;
2866 abi_ulong end;
2867
2868 end = vma->vma_start + vma_dump_size(vma);
2869
2870 for (addr = vma->vma_start; addr < end;
2871 addr += TARGET_PAGE_SIZE) {
2872 char page[TARGET_PAGE_SIZE];
2873 int error;
2874
2875 /*
2876 * Read in page from target process memory and
2877 * write it to coredump file.
2878 */
2879 error = copy_from_user(page, addr, sizeof (page));
2880 if (error != 0) {
2881 (void) fprintf(stderr, "unable to dump " TARGET_ABI_FMT_lx "\n",
2882 addr);
2883 errno = -error;
2884 goto out;
2885 }
2886 if (dump_write(fd, page, TARGET_PAGE_SIZE) < 0)
2887 goto out;
2888 }
2889 }
2890
2891 out:
2892 free_note_info(&info);
2893 if (mm != NULL)
2894 vma_delete(mm);
2895 (void) close(fd);
2896
2897 if (errno != 0)
2898 return (-errno);
2899 return (0);
2900 }
2901 #endif /* USE_ELF_CORE_DUMP */
2902
2903 void do_init_thread(struct target_pt_regs *regs, struct image_info *infop)
2904 {
2905 init_thread(regs, infop);
2906 }
Qemu copy for testing