Fix 32-bit overflow in parallels image support
[qemu-kvm/fedora.git] / linux-user / elfload.c
blobd283f73ca75135455db9e5399d096b725c5791c7
1 /* This is the Linux kernel elf-loading code, ported into user space */
2 #include <sys/time.h>
3 #include <sys/param.h>
5 #include <stdio.h>
6 #include <sys/types.h>
7 #include <fcntl.h>
8 #include <errno.h>
9 #include <unistd.h>
10 #include <sys/mman.h>
11 #include <sys/resource.h>
12 #include <stdlib.h>
13 #include <string.h>
14 #include <time.h>
16 #include "qemu.h"
17 #include "disas.h"
19 #ifdef _ARCH_PPC64
20 #undef ARCH_DLINFO
21 #undef ELF_PLATFORM
22 #undef ELF_HWCAP
23 #undef ELF_CLASS
24 #undef ELF_DATA
25 #undef ELF_ARCH
26 #endif
28 #define ELF_OSABI ELFOSABI_SYSV
30 /* from personality.h */
33 * Flags for bug emulation.
35 * These occupy the top three bytes.
37 enum {
38 ADDR_NO_RANDOMIZE = 0x0040000, /* disable randomization of VA space */
39 FDPIC_FUNCPTRS = 0x0080000, /* userspace function ptrs point to descriptors
40 * (signal handling)
42 MMAP_PAGE_ZERO = 0x0100000,
43 ADDR_COMPAT_LAYOUT = 0x0200000,
44 READ_IMPLIES_EXEC = 0x0400000,
45 ADDR_LIMIT_32BIT = 0x0800000,
46 SHORT_INODE = 0x1000000,
47 WHOLE_SECONDS = 0x2000000,
48 STICKY_TIMEOUTS = 0x4000000,
49 ADDR_LIMIT_3GB = 0x8000000,
53 * Personality types.
55 * These go in the low byte. Avoid using the top bit, it will
56 * conflict with error returns.
58 enum {
59 PER_LINUX = 0x0000,
60 PER_LINUX_32BIT = 0x0000 | ADDR_LIMIT_32BIT,
61 PER_LINUX_FDPIC = 0x0000 | FDPIC_FUNCPTRS,
62 PER_SVR4 = 0x0001 | STICKY_TIMEOUTS | MMAP_PAGE_ZERO,
63 PER_SVR3 = 0x0002 | STICKY_TIMEOUTS | SHORT_INODE,
64 PER_SCOSVR3 = 0x0003 | STICKY_TIMEOUTS |
65 WHOLE_SECONDS | SHORT_INODE,
66 PER_OSR5 = 0x0003 | STICKY_TIMEOUTS | WHOLE_SECONDS,
67 PER_WYSEV386 = 0x0004 | STICKY_TIMEOUTS | SHORT_INODE,
68 PER_ISCR4 = 0x0005 | STICKY_TIMEOUTS,
69 PER_BSD = 0x0006,
70 PER_SUNOS = 0x0006 | STICKY_TIMEOUTS,
71 PER_XENIX = 0x0007 | STICKY_TIMEOUTS | SHORT_INODE,
72 PER_LINUX32 = 0x0008,
73 PER_LINUX32_3GB = 0x0008 | ADDR_LIMIT_3GB,
74 PER_IRIX32 = 0x0009 | STICKY_TIMEOUTS,/* IRIX5 32-bit */
75 PER_IRIXN32 = 0x000a | STICKY_TIMEOUTS,/* IRIX6 new 32-bit */
76 PER_IRIX64 = 0x000b | STICKY_TIMEOUTS,/* IRIX6 64-bit */
77 PER_RISCOS = 0x000c,
78 PER_SOLARIS = 0x000d | STICKY_TIMEOUTS,
79 PER_UW7 = 0x000e | STICKY_TIMEOUTS | MMAP_PAGE_ZERO,
80 PER_OSF4 = 0x000f, /* OSF/1 v4 */
81 PER_HPUX = 0x0010,
82 PER_MASK = 0x00ff,
86 * Return the base personality without flags.
88 #define personality(pers) (pers & PER_MASK)
90 /* this flag is uneffective under linux too, should be deleted */
91 #ifndef MAP_DENYWRITE
92 #define MAP_DENYWRITE 0
93 #endif
95 /* should probably go in elf.h */
96 #ifndef ELIBBAD
97 #define ELIBBAD 80
98 #endif
100 #ifdef TARGET_I386
102 #define ELF_PLATFORM get_elf_platform()
104 static const char *get_elf_platform(void)
106 static char elf_platform[] = "i386";
107 int family = (thread_env->cpuid_version >> 8) & 0xff;
108 if (family > 6)
109 family = 6;
110 if (family >= 3)
111 elf_platform[1] = '0' + family;
112 return elf_platform;
115 #define ELF_HWCAP get_elf_hwcap()
117 static uint32_t get_elf_hwcap(void)
119 return thread_env->cpuid_features;
122 #ifdef TARGET_X86_64
123 #define ELF_START_MMAP 0x2aaaaab000ULL
124 #define elf_check_arch(x) ( ((x) == ELF_ARCH) )
126 #define ELF_CLASS ELFCLASS64
127 #define ELF_DATA ELFDATA2LSB
128 #define ELF_ARCH EM_X86_64
130 static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop)
132 regs->rax = 0;
133 regs->rsp = infop->start_stack;
134 regs->rip = infop->entry;
137 #ifdef FIX_BROKEN_PPC_BUILD
138 typedef target_ulong elf_greg_t;
139 typedef uint32_t target_uid_t;
140 typedef uint32_t target_gid_t;
141 typedef int32_t target_pid_t;
143 #define ELF_NREG 27
144 typedef elf_greg_t elf_gregset_t[ELF_NREG];
147 * Note that ELF_NREG should be 29 as there should be place for
148 * TRAPNO and ERR "registers" as well but linux doesn't dump
149 * those.
151 * See linux kernel: arch/x86/include/asm/elf.h
153 static void elf_core_copy_regs(elf_gregset_t *regs, const CPUState *env)
155 (*regs)[0] = env->regs[15];
156 (*regs)[1] = env->regs[14];
157 (*regs)[2] = env->regs[13];
158 (*regs)[3] = env->regs[12];
159 (*regs)[4] = env->regs[R_EBP];
160 (*regs)[5] = env->regs[R_EBX];
161 (*regs)[6] = env->regs[11];
162 (*regs)[7] = env->regs[10];
163 (*regs)[8] = env->regs[9];
164 (*regs)[9] = env->regs[8];
165 (*regs)[10] = env->regs[R_EAX];
166 (*regs)[11] = env->regs[R_ECX];
167 (*regs)[12] = env->regs[R_EDX];
168 (*regs)[13] = env->regs[R_ESI];
169 (*regs)[14] = env->regs[R_EDI];
170 (*regs)[15] = env->regs[R_EAX]; /* XXX */
171 (*regs)[16] = env->eip;
172 (*regs)[17] = env->segs[R_CS].selector & 0xffff;
173 (*regs)[18] = env->eflags;
174 (*regs)[19] = env->regs[R_ESP];
175 (*regs)[20] = env->segs[R_SS].selector & 0xffff;
176 (*regs)[21] = env->segs[R_FS].selector & 0xffff;
177 (*regs)[22] = env->segs[R_GS].selector & 0xffff;
178 (*regs)[23] = env->segs[R_DS].selector & 0xffff;
179 (*regs)[24] = env->segs[R_ES].selector & 0xffff;
180 (*regs)[25] = env->segs[R_FS].selector & 0xffff;
181 (*regs)[26] = env->segs[R_GS].selector & 0xffff;
183 #endif /* FIX_BROKEN_PPC_BUILD */
185 #else
187 #define ELF_START_MMAP 0x80000000
190 * This is used to ensure we don't load something for the wrong architecture.
192 #define elf_check_arch(x) ( ((x) == EM_386) || ((x) == EM_486) )
195 * These are used to set parameters in the core dumps.
197 #define ELF_CLASS ELFCLASS32
198 #define ELF_DATA ELFDATA2LSB
199 #define ELF_ARCH EM_386
201 static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop)
203 regs->esp = infop->start_stack;
204 regs->eip = infop->entry;
206 /* SVR4/i386 ABI (pages 3-31, 3-32) says that when the program
207 starts %edx contains a pointer to a function which might be
208 registered using `atexit'. This provides a mean for the
209 dynamic linker to call DT_FINI functions for shared libraries
210 that have been loaded before the code runs.
212 A value of 0 tells we have no such handler. */
213 regs->edx = 0;
216 #ifdef FIX_BROKEN_PPC_BUILD
217 typedef target_ulong elf_greg_t;
218 typedef uint16_t target_uid_t;
219 typedef uint16_t target_gid_t;
220 typedef int32_t target_pid_t;
222 #define ELF_NREG 17
223 typedef elf_greg_t elf_gregset_t[ELF_NREG];
226 * Note that ELF_NREG should be 19 as there should be place for
227 * TRAPNO and ERR "registers" as well but linux doesn't dump
228 * those.
230 * See linux kernel: arch/x86/include/asm/elf.h
232 static void elf_core_copy_regs(elf_gregset_t *regs, const CPUState *env)
234 (*regs)[0] = env->regs[R_EBX];
235 (*regs)[1] = env->regs[R_ECX];
236 (*regs)[2] = env->regs[R_EDX];
237 (*regs)[3] = env->regs[R_ESI];
238 (*regs)[4] = env->regs[R_EDI];
239 (*regs)[5] = env->regs[R_EBP];
240 (*regs)[6] = env->regs[R_EAX];
241 (*regs)[7] = env->segs[R_DS].selector & 0xffff;
242 (*regs)[8] = env->segs[R_ES].selector & 0xffff;
243 (*regs)[9] = env->segs[R_FS].selector & 0xffff;
244 (*regs)[10] = env->segs[R_GS].selector & 0xffff;
245 (*regs)[11] = env->regs[R_EAX]; /* XXX */
246 (*regs)[12] = env->eip;
247 (*regs)[13] = env->segs[R_CS].selector & 0xffff;
248 (*regs)[14] = env->eflags;
249 (*regs)[15] = env->regs[R_ESP];
250 (*regs)[16] = env->segs[R_SS].selector & 0xffff;
252 #endif /* FIX_BROKEN_PPC_BUILD */
253 #endif
255 #ifdef FIX_BROKEN_PPC_BUILD
256 #define USE_ELF_CORE_DUMP
257 #endif /* FIX_BROKEN_PPC_BUILD */
258 #define ELF_EXEC_PAGESIZE 4096
260 #endif
262 #ifdef TARGET_ARM
264 #define ELF_START_MMAP 0x80000000
266 #define elf_check_arch(x) ( (x) == EM_ARM )
268 #define ELF_CLASS ELFCLASS32
269 #ifdef TARGET_WORDS_BIGENDIAN
270 #define ELF_DATA ELFDATA2MSB
271 #else
272 #define ELF_DATA ELFDATA2LSB
273 #endif
274 #define ELF_ARCH EM_ARM
276 static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop)
278 abi_long stack = infop->start_stack;
279 memset(regs, 0, sizeof(*regs));
280 regs->ARM_cpsr = 0x10;
281 if (infop->entry & 1)
282 regs->ARM_cpsr |= CPSR_T;
283 regs->ARM_pc = infop->entry & 0xfffffffe;
284 regs->ARM_sp = infop->start_stack;
285 /* FIXME - what to for failure of get_user()? */
286 get_user_ual(regs->ARM_r2, stack + 8); /* envp */
287 get_user_ual(regs->ARM_r1, stack + 4); /* envp */
288 /* XXX: it seems that r0 is zeroed after ! */
289 regs->ARM_r0 = 0;
290 /* For uClinux PIC binaries. */
291 /* XXX: Linux does this only on ARM with no MMU (do we care ?) */
292 regs->ARM_r10 = infop->start_data;
295 #ifdef FIX_BROKEN_PPC_BUILD
296 typedef uint32_t elf_greg_t;
297 typedef uint16_t target_uid_t;
298 typedef uint16_t target_gid_t;
299 typedef int32_t target_pid_t;
301 #define ELF_NREG 18
302 typedef elf_greg_t elf_gregset_t[ELF_NREG];
304 static void elf_core_copy_regs(elf_gregset_t *regs, const CPUState *env)
306 (*regs)[0] = env->regs[0];
307 (*regs)[1] = env->regs[1];
308 (*regs)[2] = env->regs[2];
309 (*regs)[3] = env->regs[3];
310 (*regs)[4] = env->regs[4];
311 (*regs)[5] = env->regs[5];
312 (*regs)[6] = env->regs[6];
313 (*regs)[7] = env->regs[7];
314 (*regs)[8] = env->regs[8];
315 (*regs)[9] = env->regs[9];
316 (*regs)[10] = env->regs[10];
317 (*regs)[11] = env->regs[11];
318 (*regs)[12] = env->regs[12];
319 (*regs)[13] = env->regs[13];
320 (*regs)[14] = env->regs[14];
321 (*regs)[15] = env->regs[15];
323 (*regs)[16] = cpsr_read((CPUState *)env);
324 (*regs)[17] = env->regs[0]; /* XXX */
327 #define USE_ELF_CORE_DUMP
328 #endif /* FIX_BROKEN_PPC_BUILD */
329 #define ELF_EXEC_PAGESIZE 4096
331 enum
333 ARM_HWCAP_ARM_SWP = 1 << 0,
334 ARM_HWCAP_ARM_HALF = 1 << 1,
335 ARM_HWCAP_ARM_THUMB = 1 << 2,
336 ARM_HWCAP_ARM_26BIT = 1 << 3,
337 ARM_HWCAP_ARM_FAST_MULT = 1 << 4,
338 ARM_HWCAP_ARM_FPA = 1 << 5,
339 ARM_HWCAP_ARM_VFP = 1 << 6,
340 ARM_HWCAP_ARM_EDSP = 1 << 7,
343 #define ELF_HWCAP (ARM_HWCAP_ARM_SWP | ARM_HWCAP_ARM_HALF \
344 | ARM_HWCAP_ARM_THUMB | ARM_HWCAP_ARM_FAST_MULT \
345 | ARM_HWCAP_ARM_FPA | ARM_HWCAP_ARM_VFP)
347 #endif
349 #ifdef TARGET_SPARC
350 #ifdef TARGET_SPARC64
352 #define ELF_START_MMAP 0x80000000
354 #ifndef TARGET_ABI32
355 #define elf_check_arch(x) ( (x) == EM_SPARCV9 || (x) == EM_SPARC32PLUS )
356 #else
357 #define elf_check_arch(x) ( (x) == EM_SPARC32PLUS || (x) == EM_SPARC )
358 #endif
360 #define ELF_CLASS ELFCLASS64
361 #define ELF_DATA ELFDATA2MSB
362 #define ELF_ARCH EM_SPARCV9
364 #define STACK_BIAS 2047
366 static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop)
368 #ifndef TARGET_ABI32
369 regs->tstate = 0;
370 #endif
371 regs->pc = infop->entry;
372 regs->npc = regs->pc + 4;
373 regs->y = 0;
374 #ifdef TARGET_ABI32
375 regs->u_regs[14] = infop->start_stack - 16 * 4;
376 #else
377 if (personality(infop->personality) == PER_LINUX32)
378 regs->u_regs[14] = infop->start_stack - 16 * 4;
379 else
380 regs->u_regs[14] = infop->start_stack - 16 * 8 - STACK_BIAS;
381 #endif
384 #else
385 #define ELF_START_MMAP 0x80000000
387 #define elf_check_arch(x) ( (x) == EM_SPARC )
389 #define ELF_CLASS ELFCLASS32
390 #define ELF_DATA ELFDATA2MSB
391 #define ELF_ARCH EM_SPARC
393 static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop)
395 regs->psr = 0;
396 regs->pc = infop->entry;
397 regs->npc = regs->pc + 4;
398 regs->y = 0;
399 regs->u_regs[14] = infop->start_stack - 16 * 4;
402 #endif
403 #endif
405 #ifdef TARGET_PPC
407 #define ELF_START_MMAP 0x80000000
409 #if defined(TARGET_PPC64) && !defined(TARGET_ABI32)
411 #define elf_check_arch(x) ( (x) == EM_PPC64 )
413 #define ELF_CLASS ELFCLASS64
415 #else
417 #define elf_check_arch(x) ( (x) == EM_PPC )
419 #define ELF_CLASS ELFCLASS32
421 #endif
423 #ifdef TARGET_WORDS_BIGENDIAN
424 #define ELF_DATA ELFDATA2MSB
425 #else
426 #define ELF_DATA ELFDATA2LSB
427 #endif
428 #define ELF_ARCH EM_PPC
430 /* Feature masks for the Aux Vector Hardware Capabilities (AT_HWCAP).
431 See arch/powerpc/include/asm/cputable.h. */
432 #ifndef PPC_FEATURE_32
433 enum {
434 PPC_FEATURE_32 = 0x80000000,
435 PPC_FEATURE_64 = 0x40000000,
436 PPC_FEATURE_601_INSTR = 0x20000000,
437 PPC_FEATURE_HAS_ALTIVEC = 0x10000000,
438 PPC_FEATURE_HAS_FPU = 0x08000000,
439 PPC_FEATURE_HAS_MMU = 0x04000000,
440 PPC_FEATURE_HAS_4xxMAC = 0x02000000,
441 PPC_FEATURE_UNIFIED_CACHE = 0x01000000,
442 PPC_FEATURE_HAS_SPE = 0x00800000,
443 PPC_FEATURE_HAS_EFP_SINGLE = 0x00400000,
444 PPC_FEATURE_HAS_EFP_DOUBLE = 0x00200000,
445 PPC_FEATURE_NO_TB = 0x00100000,
446 PPC_FEATURE_POWER4 = 0x00080000,
447 PPC_FEATURE_POWER5 = 0x00040000,
448 PPC_FEATURE_POWER5_PLUS = 0x00020000,
449 PPC_FEATURE_CELL = 0x00010000,
450 PPC_FEATURE_BOOKE = 0x00008000,
451 PPC_FEATURE_SMT = 0x00004000,
452 PPC_FEATURE_ICACHE_SNOOP = 0x00002000,
453 PPC_FEATURE_ARCH_2_05 = 0x00001000,
454 PPC_FEATURE_PA6T = 0x00000800,
455 PPC_FEATURE_HAS_DFP = 0x00000400,
456 PPC_FEATURE_POWER6_EXT = 0x00000200,
457 PPC_FEATURE_ARCH_2_06 = 0x00000100,
458 PPC_FEATURE_HAS_VSX = 0x00000080,
459 PPC_FEATURE_PSERIES_PERFMON_COMPAT = 0x00000040,
461 PPC_FEATURE_TRUE_LE = 0x00000002,
462 PPC_FEATURE_PPC_LE = 0x00000001,
464 #endif /* !defined(PPC_FEATURE_32) */
466 #define ELF_HWCAP get_elf_hwcap()
468 static uint32_t get_elf_hwcap(void)
470 CPUState *e = thread_env;
471 uint32_t features = 0;
473 /* We don't have to be terribly complete here; the high points are
474 Altivec/FP/SPE support. Anything else is just a bonus. */
475 #define GET_FEATURE(flag, feature) \
476 do {if (e->insns_flags & flag) features |= feature; } while(0)
477 GET_FEATURE(PPC_64B, PPC_FEATURE_64);
478 GET_FEATURE(PPC_FLOAT, PPC_FEATURE_HAS_FPU);
479 GET_FEATURE(PPC_ALTIVEC, PPC_FEATURE_HAS_ALTIVEC);
480 GET_FEATURE(PPC_SPE, PPC_FEATURE_HAS_SPE);
481 GET_FEATURE(PPC_SPE_SINGLE, PPC_FEATURE_HAS_EFP_SINGLE);
482 GET_FEATURE(PPC_SPE_DOUBLE, PPC_FEATURE_HAS_EFP_DOUBLE);
483 GET_FEATURE(PPC_BOOKE, PPC_FEATURE_BOOKE);
484 GET_FEATURE(PPC_405_MAC, PPC_FEATURE_HAS_4xxMAC);
485 #undef GET_FEATURE
487 return features;
491 * We need to put in some extra aux table entries to tell glibc what
492 * the cache block size is, so it can use the dcbz instruction safely.
494 #define AT_DCACHEBSIZE 19
495 #define AT_ICACHEBSIZE 20
496 #define AT_UCACHEBSIZE 21
497 /* A special ignored type value for PPC, for glibc compatibility. */
498 #define AT_IGNOREPPC 22
500 * The requirements here are:
501 * - keep the final alignment of sp (sp & 0xf)
502 * - make sure the 32-bit value at the first 16 byte aligned position of
503 * AUXV is greater than 16 for glibc compatibility.
504 * AT_IGNOREPPC is used for that.
505 * - for compatibility with glibc ARCH_DLINFO must always be defined on PPC,
506 * even if DLINFO_ARCH_ITEMS goes to zero or is undefined.
508 #define DLINFO_ARCH_ITEMS 5
509 #define ARCH_DLINFO \
510 do { \
511 NEW_AUX_ENT(AT_DCACHEBSIZE, 0x20); \
512 NEW_AUX_ENT(AT_ICACHEBSIZE, 0x20); \
513 NEW_AUX_ENT(AT_UCACHEBSIZE, 0); \
514 /* \
515 * Now handle glibc compatibility. \
516 */ \
517 NEW_AUX_ENT(AT_IGNOREPPC, AT_IGNOREPPC); \
518 NEW_AUX_ENT(AT_IGNOREPPC, AT_IGNOREPPC); \
519 } while (0)
521 static inline void init_thread(struct target_pt_regs *_regs, struct image_info *infop)
523 abi_ulong pos = infop->start_stack;
524 abi_ulong tmp;
525 #if defined(TARGET_PPC64) && !defined(TARGET_ABI32)
526 abi_ulong entry, toc;
527 #endif
529 _regs->gpr[1] = infop->start_stack;
530 #if defined(TARGET_PPC64) && !defined(TARGET_ABI32)
531 entry = ldq_raw(infop->entry) + infop->load_addr;
532 toc = ldq_raw(infop->entry + 8) + infop->load_addr;
533 _regs->gpr[2] = toc;
534 infop->entry = entry;
535 #endif
536 _regs->nip = infop->entry;
537 /* Note that isn't exactly what regular kernel does
538 * but this is what the ABI wants and is needed to allow
539 * execution of PPC BSD programs.
541 /* FIXME - what to for failure of get_user()? */
542 get_user_ual(_regs->gpr[3], pos);
543 pos += sizeof(abi_ulong);
544 _regs->gpr[4] = pos;
545 for (tmp = 1; tmp != 0; pos += sizeof(abi_ulong))
546 tmp = ldl(pos);
547 _regs->gpr[5] = pos;
550 #define ELF_EXEC_PAGESIZE 4096
552 #endif
554 #ifdef TARGET_MIPS
556 #define ELF_START_MMAP 0x80000000
558 #define elf_check_arch(x) ( (x) == EM_MIPS )
560 #ifdef TARGET_MIPS64
561 #define ELF_CLASS ELFCLASS64
562 #else
563 #define ELF_CLASS ELFCLASS32
564 #endif
565 #ifdef TARGET_WORDS_BIGENDIAN
566 #define ELF_DATA ELFDATA2MSB
567 #else
568 #define ELF_DATA ELFDATA2LSB
569 #endif
570 #define ELF_ARCH EM_MIPS
572 static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop)
574 regs->cp0_status = 2 << CP0St_KSU;
575 regs->cp0_epc = infop->entry;
576 regs->regs[29] = infop->start_stack;
579 #define ELF_EXEC_PAGESIZE 4096
581 #endif /* TARGET_MIPS */
583 #ifdef TARGET_MICROBLAZE
585 #define ELF_START_MMAP 0x80000000
587 #define elf_check_arch(x) ( (x) == EM_XILINX_MICROBLAZE )
589 #define ELF_CLASS ELFCLASS32
590 #define ELF_DATA ELFDATA2MSB
591 #define ELF_ARCH EM_MIPS
593 static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop)
595 regs->pc = infop->entry;
596 regs->r1 = infop->start_stack;
600 #define ELF_EXEC_PAGESIZE 4096
602 #endif /* TARGET_MICROBLAZE */
604 #ifdef TARGET_SH4
606 #define ELF_START_MMAP 0x80000000
608 #define elf_check_arch(x) ( (x) == EM_SH )
610 #define ELF_CLASS ELFCLASS32
611 #define ELF_DATA ELFDATA2LSB
612 #define ELF_ARCH EM_SH
614 static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop)
616 /* Check other registers XXXXX */
617 regs->pc = infop->entry;
618 regs->regs[15] = infop->start_stack;
621 #define ELF_EXEC_PAGESIZE 4096
623 #endif
625 #ifdef TARGET_CRIS
627 #define ELF_START_MMAP 0x80000000
629 #define elf_check_arch(x) ( (x) == EM_CRIS )
631 #define ELF_CLASS ELFCLASS32
632 #define ELF_DATA ELFDATA2LSB
633 #define ELF_ARCH EM_CRIS
635 static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop)
637 regs->erp = infop->entry;
640 #define ELF_EXEC_PAGESIZE 8192
642 #endif
644 #ifdef TARGET_M68K
646 #define ELF_START_MMAP 0x80000000
648 #define elf_check_arch(x) ( (x) == EM_68K )
650 #define ELF_CLASS ELFCLASS32
651 #define ELF_DATA ELFDATA2MSB
652 #define ELF_ARCH EM_68K
654 /* ??? Does this need to do anything?
655 #define ELF_PLAT_INIT(_r) */
657 static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop)
659 regs->usp = infop->start_stack;
660 regs->sr = 0;
661 regs->pc = infop->entry;
664 #define ELF_EXEC_PAGESIZE 8192
666 #endif
668 #ifdef TARGET_ALPHA
670 #define ELF_START_MMAP (0x30000000000ULL)
672 #define elf_check_arch(x) ( (x) == ELF_ARCH )
674 #define ELF_CLASS ELFCLASS64
675 #define ELF_DATA ELFDATA2MSB
676 #define ELF_ARCH EM_ALPHA
678 static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop)
680 regs->pc = infop->entry;
681 regs->ps = 8;
682 regs->usp = infop->start_stack;
683 regs->unique = infop->start_data; /* ? */
684 printf("Set unique value to " TARGET_FMT_lx " (" TARGET_FMT_lx ")\n",
685 regs->unique, infop->start_data);
688 #define ELF_EXEC_PAGESIZE 8192
690 #endif /* TARGET_ALPHA */
692 #ifndef ELF_PLATFORM
693 #define ELF_PLATFORM (NULL)
694 #endif
696 #ifndef ELF_HWCAP
697 #define ELF_HWCAP 0
698 #endif
700 #ifdef TARGET_ABI32
701 #undef ELF_CLASS
702 #define ELF_CLASS ELFCLASS32
703 #undef bswaptls
704 #define bswaptls(ptr) bswap32s(ptr)
705 #endif
707 #include "elf.h"
709 struct exec
711 unsigned int a_info; /* Use macros N_MAGIC, etc for access */
712 unsigned int a_text; /* length of text, in bytes */
713 unsigned int a_data; /* length of data, in bytes */
714 unsigned int a_bss; /* length of uninitialized data area, in bytes */
715 unsigned int a_syms; /* length of symbol table data in file, in bytes */
716 unsigned int a_entry; /* start address */
717 unsigned int a_trsize; /* length of relocation info for text, in bytes */
718 unsigned int a_drsize; /* length of relocation info for data, in bytes */
722 #define N_MAGIC(exec) ((exec).a_info & 0xffff)
723 #define OMAGIC 0407
724 #define NMAGIC 0410
725 #define ZMAGIC 0413
726 #define QMAGIC 0314
728 /* max code+data+bss space allocated to elf interpreter */
729 #define INTERP_MAP_SIZE (32 * 1024 * 1024)
731 /* max code+data+bss+brk space allocated to ET_DYN executables */
732 #define ET_DYN_MAP_SIZE (128 * 1024 * 1024)
734 /* Necessary parameters */
735 #define TARGET_ELF_EXEC_PAGESIZE TARGET_PAGE_SIZE
736 #define TARGET_ELF_PAGESTART(_v) ((_v) & ~(unsigned long)(TARGET_ELF_EXEC_PAGESIZE-1))
737 #define TARGET_ELF_PAGEOFFSET(_v) ((_v) & (TARGET_ELF_EXEC_PAGESIZE-1))
739 #define INTERPRETER_NONE 0
740 #define INTERPRETER_AOUT 1
741 #define INTERPRETER_ELF 2
743 #define DLINFO_ITEMS 12
745 static inline void memcpy_fromfs(void * to, const void * from, unsigned long n)
747 memcpy(to, from, n);
750 static int load_aout_interp(void * exptr, int interp_fd);
752 #ifdef BSWAP_NEEDED
753 static void bswap_ehdr(struct elfhdr *ehdr)
755 bswap16s(&ehdr->e_type); /* Object file type */
756 bswap16s(&ehdr->e_machine); /* Architecture */
757 bswap32s(&ehdr->e_version); /* Object file version */
758 bswaptls(&ehdr->e_entry); /* Entry point virtual address */
759 bswaptls(&ehdr->e_phoff); /* Program header table file offset */
760 bswaptls(&ehdr->e_shoff); /* Section header table file offset */
761 bswap32s(&ehdr->e_flags); /* Processor-specific flags */
762 bswap16s(&ehdr->e_ehsize); /* ELF header size in bytes */
763 bswap16s(&ehdr->e_phentsize); /* Program header table entry size */
764 bswap16s(&ehdr->e_phnum); /* Program header table entry count */
765 bswap16s(&ehdr->e_shentsize); /* Section header table entry size */
766 bswap16s(&ehdr->e_shnum); /* Section header table entry count */
767 bswap16s(&ehdr->e_shstrndx); /* Section header string table index */
770 static void bswap_phdr(struct elf_phdr *phdr)
772 bswap32s(&phdr->p_type); /* Segment type */
773 bswaptls(&phdr->p_offset); /* Segment file offset */
774 bswaptls(&phdr->p_vaddr); /* Segment virtual address */
775 bswaptls(&phdr->p_paddr); /* Segment physical address */
776 bswaptls(&phdr->p_filesz); /* Segment size in file */
777 bswaptls(&phdr->p_memsz); /* Segment size in memory */
778 bswap32s(&phdr->p_flags); /* Segment flags */
779 bswaptls(&phdr->p_align); /* Segment alignment */
782 static void bswap_shdr(struct elf_shdr *shdr)
784 bswap32s(&shdr->sh_name);
785 bswap32s(&shdr->sh_type);
786 bswaptls(&shdr->sh_flags);
787 bswaptls(&shdr->sh_addr);
788 bswaptls(&shdr->sh_offset);
789 bswaptls(&shdr->sh_size);
790 bswap32s(&shdr->sh_link);
791 bswap32s(&shdr->sh_info);
792 bswaptls(&shdr->sh_addralign);
793 bswaptls(&shdr->sh_entsize);
796 static void bswap_sym(struct elf_sym *sym)
798 bswap32s(&sym->st_name);
799 bswaptls(&sym->st_value);
800 bswaptls(&sym->st_size);
801 bswap16s(&sym->st_shndx);
803 #endif
805 #ifdef USE_ELF_CORE_DUMP
806 static int elf_core_dump(int, const CPUState *);
808 #ifdef BSWAP_NEEDED
809 static void bswap_note(struct elf_note *en)
811 bswaptls(&en->n_namesz);
812 bswaptls(&en->n_descsz);
813 bswaptls(&en->n_type);
815 #endif /* BSWAP_NEEDED */
817 #endif /* USE_ELF_CORE_DUMP */
820 * 'copy_elf_strings()' copies argument/envelope strings from user
821 * memory to free pages in kernel mem. These are in a format ready
822 * to be put directly into the top of new user memory.
825 static abi_ulong copy_elf_strings(int argc,char ** argv, void **page,
826 abi_ulong p)
828 char *tmp, *tmp1, *pag = NULL;
829 int len, offset = 0;
831 if (!p) {
832 return 0; /* bullet-proofing */
834 while (argc-- > 0) {
835 tmp = argv[argc];
836 if (!tmp) {
837 fprintf(stderr, "VFS: argc is wrong");
838 exit(-1);
840 tmp1 = tmp;
841 while (*tmp++);
842 len = tmp - tmp1;
843 if (p < len) { /* this shouldn't happen - 128kB */
844 return 0;
846 while (len) {
847 --p; --tmp; --len;
848 if (--offset < 0) {
849 offset = p % TARGET_PAGE_SIZE;
850 pag = (char *)page[p/TARGET_PAGE_SIZE];
851 if (!pag) {
852 pag = (char *)malloc(TARGET_PAGE_SIZE);
853 memset(pag, 0, TARGET_PAGE_SIZE);
854 page[p/TARGET_PAGE_SIZE] = pag;
855 if (!pag)
856 return 0;
859 if (len == 0 || offset == 0) {
860 *(pag + offset) = *tmp;
862 else {
863 int bytes_to_copy = (len > offset) ? offset : len;
864 tmp -= bytes_to_copy;
865 p -= bytes_to_copy;
866 offset -= bytes_to_copy;
867 len -= bytes_to_copy;
868 memcpy_fromfs(pag + offset, tmp, bytes_to_copy + 1);
872 return p;
875 static abi_ulong setup_arg_pages(abi_ulong p, struct linux_binprm *bprm,
876 struct image_info *info)
878 abi_ulong stack_base, size, error;
879 int i;
881 /* Create enough stack to hold everything. If we don't use
882 * it for args, we'll use it for something else...
884 size = x86_stack_size;
885 if (size < MAX_ARG_PAGES*TARGET_PAGE_SIZE)
886 size = MAX_ARG_PAGES*TARGET_PAGE_SIZE;
887 error = target_mmap(0,
888 size + qemu_host_page_size,
889 PROT_READ | PROT_WRITE,
890 MAP_PRIVATE | MAP_ANONYMOUS,
891 -1, 0);
892 if (error == -1) {
893 perror("stk mmap");
894 exit(-1);
896 /* we reserve one extra page at the top of the stack as guard */
897 target_mprotect(error + size, qemu_host_page_size, PROT_NONE);
899 stack_base = error + size - MAX_ARG_PAGES*TARGET_PAGE_SIZE;
900 p += stack_base;
902 for (i = 0 ; i < MAX_ARG_PAGES ; i++) {
903 if (bprm->page[i]) {
904 info->rss++;
905 /* FIXME - check return value of memcpy_to_target() for failure */
906 memcpy_to_target(stack_base, bprm->page[i], TARGET_PAGE_SIZE);
907 free(bprm->page[i]);
909 stack_base += TARGET_PAGE_SIZE;
911 return p;
914 static void set_brk(abi_ulong start, abi_ulong end)
916 /* page-align the start and end addresses... */
917 start = HOST_PAGE_ALIGN(start);
918 end = HOST_PAGE_ALIGN(end);
919 if (end <= start)
920 return;
921 if(target_mmap(start, end - start,
922 PROT_READ | PROT_WRITE | PROT_EXEC,
923 MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0) == -1) {
924 perror("cannot mmap brk");
925 exit(-1);
930 /* We need to explicitly zero any fractional pages after the data
931 section (i.e. bss). This would contain the junk from the file that
932 should not be in memory. */
933 static void padzero(abi_ulong elf_bss, abi_ulong last_bss)
935 abi_ulong nbyte;
937 if (elf_bss >= last_bss)
938 return;
940 /* XXX: this is really a hack : if the real host page size is
941 smaller than the target page size, some pages after the end
942 of the file may not be mapped. A better fix would be to
943 patch target_mmap(), but it is more complicated as the file
944 size must be known */
945 if (qemu_real_host_page_size < qemu_host_page_size) {
946 abi_ulong end_addr, end_addr1;
947 end_addr1 = (elf_bss + qemu_real_host_page_size - 1) &
948 ~(qemu_real_host_page_size - 1);
949 end_addr = HOST_PAGE_ALIGN(elf_bss);
950 if (end_addr1 < end_addr) {
951 mmap((void *)g2h(end_addr1), end_addr - end_addr1,
952 PROT_READ|PROT_WRITE|PROT_EXEC,
953 MAP_FIXED|MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
957 nbyte = elf_bss & (qemu_host_page_size-1);
958 if (nbyte) {
959 nbyte = qemu_host_page_size - nbyte;
960 do {
961 /* FIXME - what to do if put_user() fails? */
962 put_user_u8(0, elf_bss);
963 elf_bss++;
964 } while (--nbyte);
969 static abi_ulong create_elf_tables(abi_ulong p, int argc, int envc,
970 struct elfhdr * exec,
971 abi_ulong load_addr,
972 abi_ulong load_bias,
973 abi_ulong interp_load_addr, int ibcs,
974 struct image_info *info)
976 abi_ulong sp;
977 int size;
978 abi_ulong u_platform;
979 const char *k_platform;
980 const int n = sizeof(elf_addr_t);
982 sp = p;
983 u_platform = 0;
984 k_platform = ELF_PLATFORM;
985 if (k_platform) {
986 size_t len = strlen(k_platform) + 1;
987 sp -= (len + n - 1) & ~(n - 1);
988 u_platform = sp;
989 /* FIXME - check return value of memcpy_to_target() for failure */
990 memcpy_to_target(sp, k_platform, len);
993 * Force 16 byte _final_ alignment here for generality.
995 sp = sp &~ (abi_ulong)15;
996 size = (DLINFO_ITEMS + 1) * 2;
997 if (k_platform)
998 size += 2;
999 #ifdef DLINFO_ARCH_ITEMS
1000 size += DLINFO_ARCH_ITEMS * 2;
1001 #endif
1002 size += envc + argc + 2;
1003 size += (!ibcs ? 3 : 1); /* argc itself */
1004 size *= n;
1005 if (size & 15)
1006 sp -= 16 - (size & 15);
1008 /* This is correct because Linux defines
1009 * elf_addr_t as Elf32_Off / Elf64_Off
1011 #define NEW_AUX_ENT(id, val) do { \
1012 sp -= n; put_user_ual(val, sp); \
1013 sp -= n; put_user_ual(id, sp); \
1014 } while(0)
1016 NEW_AUX_ENT (AT_NULL, 0);
1018 /* There must be exactly DLINFO_ITEMS entries here. */
1019 NEW_AUX_ENT(AT_PHDR, (abi_ulong)(load_addr + exec->e_phoff));
1020 NEW_AUX_ENT(AT_PHENT, (abi_ulong)(sizeof (struct elf_phdr)));
1021 NEW_AUX_ENT(AT_PHNUM, (abi_ulong)(exec->e_phnum));
1022 NEW_AUX_ENT(AT_PAGESZ, (abi_ulong)(TARGET_PAGE_SIZE));
1023 NEW_AUX_ENT(AT_BASE, (abi_ulong)(interp_load_addr));
1024 NEW_AUX_ENT(AT_FLAGS, (abi_ulong)0);
1025 NEW_AUX_ENT(AT_ENTRY, load_bias + exec->e_entry);
1026 NEW_AUX_ENT(AT_UID, (abi_ulong) getuid());
1027 NEW_AUX_ENT(AT_EUID, (abi_ulong) geteuid());
1028 NEW_AUX_ENT(AT_GID, (abi_ulong) getgid());
1029 NEW_AUX_ENT(AT_EGID, (abi_ulong) getegid());
1030 NEW_AUX_ENT(AT_HWCAP, (abi_ulong) ELF_HWCAP);
1031 NEW_AUX_ENT(AT_CLKTCK, (abi_ulong) sysconf(_SC_CLK_TCK));
1032 if (k_platform)
1033 NEW_AUX_ENT(AT_PLATFORM, u_platform);
1034 #ifdef ARCH_DLINFO
1036 * ARCH_DLINFO must come last so platform specific code can enforce
1037 * special alignment requirements on the AUXV if necessary (eg. PPC).
1039 ARCH_DLINFO;
1040 #endif
1041 #undef NEW_AUX_ENT
1043 info->saved_auxv = sp;
1045 sp = loader_build_argptr(envc, argc, sp, p, !ibcs);
1046 return sp;
1050 static abi_ulong load_elf_interp(struct elfhdr * interp_elf_ex,
1051 int interpreter_fd,
1052 abi_ulong *interp_load_addr)
1054 struct elf_phdr *elf_phdata = NULL;
1055 struct elf_phdr *eppnt;
1056 abi_ulong load_addr = 0;
1057 int load_addr_set = 0;
1058 int retval;
1059 abi_ulong last_bss, elf_bss;
1060 abi_ulong error;
1061 int i;
1063 elf_bss = 0;
1064 last_bss = 0;
1065 error = 0;
1067 #ifdef BSWAP_NEEDED
1068 bswap_ehdr(interp_elf_ex);
1069 #endif
1070 /* First of all, some simple consistency checks */
1071 if ((interp_elf_ex->e_type != ET_EXEC &&
1072 interp_elf_ex->e_type != ET_DYN) ||
1073 !elf_check_arch(interp_elf_ex->e_machine)) {
1074 return ~((abi_ulong)0UL);
1078 /* Now read in all of the header information */
1080 if (sizeof(struct elf_phdr) * interp_elf_ex->e_phnum > TARGET_PAGE_SIZE)
1081 return ~(abi_ulong)0UL;
1083 elf_phdata = (struct elf_phdr *)
1084 malloc(sizeof(struct elf_phdr) * interp_elf_ex->e_phnum);
1086 if (!elf_phdata)
1087 return ~((abi_ulong)0UL);
1090 * If the size of this structure has changed, then punt, since
1091 * we will be doing the wrong thing.
1093 if (interp_elf_ex->e_phentsize != sizeof(struct elf_phdr)) {
1094 free(elf_phdata);
1095 return ~((abi_ulong)0UL);
1098 retval = lseek(interpreter_fd, interp_elf_ex->e_phoff, SEEK_SET);
1099 if(retval >= 0) {
1100 retval = read(interpreter_fd,
1101 (char *) elf_phdata,
1102 sizeof(struct elf_phdr) * interp_elf_ex->e_phnum);
1104 if (retval < 0) {
1105 perror("load_elf_interp");
1106 exit(-1);
1107 free (elf_phdata);
1108 return retval;
1110 #ifdef BSWAP_NEEDED
1111 eppnt = elf_phdata;
1112 for (i=0; i<interp_elf_ex->e_phnum; i++, eppnt++) {
1113 bswap_phdr(eppnt);
1115 #endif
1117 if (interp_elf_ex->e_type == ET_DYN) {
1118 /* in order to avoid hardcoding the interpreter load
1119 address in qemu, we allocate a big enough memory zone */
1120 error = target_mmap(0, INTERP_MAP_SIZE,
1121 PROT_NONE, MAP_PRIVATE | MAP_ANON,
1122 -1, 0);
1123 if (error == -1) {
1124 perror("mmap");
1125 exit(-1);
1127 load_addr = error;
1128 load_addr_set = 1;
1131 eppnt = elf_phdata;
1132 for(i=0; i<interp_elf_ex->e_phnum; i++, eppnt++)
1133 if (eppnt->p_type == PT_LOAD) {
1134 int elf_type = MAP_PRIVATE | MAP_DENYWRITE;
1135 int elf_prot = 0;
1136 abi_ulong vaddr = 0;
1137 abi_ulong k;
1139 if (eppnt->p_flags & PF_R) elf_prot = PROT_READ;
1140 if (eppnt->p_flags & PF_W) elf_prot |= PROT_WRITE;
1141 if (eppnt->p_flags & PF_X) elf_prot |= PROT_EXEC;
1142 if (interp_elf_ex->e_type == ET_EXEC || load_addr_set) {
1143 elf_type |= MAP_FIXED;
1144 vaddr = eppnt->p_vaddr;
1146 error = target_mmap(load_addr+TARGET_ELF_PAGESTART(vaddr),
1147 eppnt->p_filesz + TARGET_ELF_PAGEOFFSET(eppnt->p_vaddr),
1148 elf_prot,
1149 elf_type,
1150 interpreter_fd,
1151 eppnt->p_offset - TARGET_ELF_PAGEOFFSET(eppnt->p_vaddr));
1153 if (error == -1) {
1154 /* Real error */
1155 close(interpreter_fd);
1156 free(elf_phdata);
1157 return ~((abi_ulong)0UL);
1160 if (!load_addr_set && interp_elf_ex->e_type == ET_DYN) {
1161 load_addr = error;
1162 load_addr_set = 1;
1166 * Find the end of the file mapping for this phdr, and keep
1167 * track of the largest address we see for this.
1169 k = load_addr + eppnt->p_vaddr + eppnt->p_filesz;
1170 if (k > elf_bss) elf_bss = k;
1173 * Do the same thing for the memory mapping - between
1174 * elf_bss and last_bss is the bss section.
1176 k = load_addr + eppnt->p_memsz + eppnt->p_vaddr;
1177 if (k > last_bss) last_bss = k;
1180 /* Now use mmap to map the library into memory. */
1182 close(interpreter_fd);
1185 * Now fill out the bss section. First pad the last page up
1186 * to the page boundary, and then perform a mmap to make sure
1187 * that there are zeromapped pages up to and including the last
1188 * bss page.
1190 padzero(elf_bss, last_bss);
1191 elf_bss = TARGET_ELF_PAGESTART(elf_bss + qemu_host_page_size - 1); /* What we have mapped so far */
1193 /* Map the last of the bss segment */
1194 if (last_bss > elf_bss) {
1195 target_mmap(elf_bss, last_bss-elf_bss,
1196 PROT_READ|PROT_WRITE|PROT_EXEC,
1197 MAP_FIXED|MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
1199 free(elf_phdata);
1201 *interp_load_addr = load_addr;
1202 return ((abi_ulong) interp_elf_ex->e_entry) + load_addr;
1205 static int symfind(const void *s0, const void *s1)
1207 struct elf_sym *key = (struct elf_sym *)s0;
1208 struct elf_sym *sym = (struct elf_sym *)s1;
1209 int result = 0;
1210 if (key->st_value < sym->st_value) {
1211 result = -1;
1212 } else if (key->st_value >= sym->st_value + sym->st_size) {
1213 result = 1;
1215 return result;
1218 static const char *lookup_symbolxx(struct syminfo *s, target_ulong orig_addr)
1220 #if ELF_CLASS == ELFCLASS32
1221 struct elf_sym *syms = s->disas_symtab.elf32;
1222 #else
1223 struct elf_sym *syms = s->disas_symtab.elf64;
1224 #endif
1226 // binary search
1227 struct elf_sym key;
1228 struct elf_sym *sym;
1230 key.st_value = orig_addr;
1232 sym = bsearch(&key, syms, s->disas_num_syms, sizeof(*syms), symfind);
1233 if (sym != NULL) {
1234 return s->disas_strtab + sym->st_name;
1237 return "";
1240 /* FIXME: This should use elf_ops.h */
1241 static int symcmp(const void *s0, const void *s1)
1243 struct elf_sym *sym0 = (struct elf_sym *)s0;
1244 struct elf_sym *sym1 = (struct elf_sym *)s1;
1245 return (sym0->st_value < sym1->st_value)
1246 ? -1
1247 : ((sym0->st_value > sym1->st_value) ? 1 : 0);
1250 /* Best attempt to load symbols from this ELF object. */
1251 static void load_symbols(struct elfhdr *hdr, int fd)
1253 unsigned int i, nsyms;
1254 struct elf_shdr sechdr, symtab, strtab;
1255 char *strings;
1256 struct syminfo *s;
1257 struct elf_sym *syms;
1259 lseek(fd, hdr->e_shoff, SEEK_SET);
1260 for (i = 0; i < hdr->e_shnum; i++) {
1261 if (read(fd, &sechdr, sizeof(sechdr)) != sizeof(sechdr))
1262 return;
1263 #ifdef BSWAP_NEEDED
1264 bswap_shdr(&sechdr);
1265 #endif
1266 if (sechdr.sh_type == SHT_SYMTAB) {
1267 symtab = sechdr;
1268 lseek(fd, hdr->e_shoff
1269 + sizeof(sechdr) * sechdr.sh_link, SEEK_SET);
1270 if (read(fd, &strtab, sizeof(strtab))
1271 != sizeof(strtab))
1272 return;
1273 #ifdef BSWAP_NEEDED
1274 bswap_shdr(&strtab);
1275 #endif
1276 goto found;
1279 return; /* Shouldn't happen... */
1281 found:
1282 /* Now know where the strtab and symtab are. Snarf them. */
1283 s = malloc(sizeof(*s));
1284 syms = malloc(symtab.sh_size);
1285 if (!syms)
1286 return;
1287 s->disas_strtab = strings = malloc(strtab.sh_size);
1288 if (!s->disas_strtab)
1289 return;
1291 lseek(fd, symtab.sh_offset, SEEK_SET);
1292 if (read(fd, syms, symtab.sh_size) != symtab.sh_size)
1293 return;
1295 nsyms = symtab.sh_size / sizeof(struct elf_sym);
1297 i = 0;
1298 while (i < nsyms) {
1299 #ifdef BSWAP_NEEDED
1300 bswap_sym(syms + i);
1301 #endif
1302 // Throw away entries which we do not need.
1303 if (syms[i].st_shndx == SHN_UNDEF ||
1304 syms[i].st_shndx >= SHN_LORESERVE ||
1305 ELF_ST_TYPE(syms[i].st_info) != STT_FUNC) {
1306 nsyms--;
1307 if (i < nsyms) {
1308 syms[i] = syms[nsyms];
1310 continue;
1312 #if defined(TARGET_ARM) || defined (TARGET_MIPS)
1313 /* The bottom address bit marks a Thumb or MIPS16 symbol. */
1314 syms[i].st_value &= ~(target_ulong)1;
1315 #endif
1316 i++;
1318 syms = realloc(syms, nsyms * sizeof(*syms));
1320 qsort(syms, nsyms, sizeof(*syms), symcmp);
1322 lseek(fd, strtab.sh_offset, SEEK_SET);
1323 if (read(fd, strings, strtab.sh_size) != strtab.sh_size)
1324 return;
1325 s->disas_num_syms = nsyms;
1326 #if ELF_CLASS == ELFCLASS32
1327 s->disas_symtab.elf32 = syms;
1328 s->lookup_symbol = lookup_symbolxx;
1329 #else
1330 s->disas_symtab.elf64 = syms;
1331 s->lookup_symbol = lookup_symbolxx;
1332 #endif
1333 s->next = syminfos;
1334 syminfos = s;
1337 int load_elf_binary(struct linux_binprm * bprm, struct target_pt_regs * regs,
1338 struct image_info * info)
1340 struct elfhdr elf_ex;
1341 struct elfhdr interp_elf_ex;
1342 struct exec interp_ex;
1343 int interpreter_fd = -1; /* avoid warning */
1344 abi_ulong load_addr, load_bias;
1345 int load_addr_set = 0;
1346 unsigned int interpreter_type = INTERPRETER_NONE;
1347 unsigned char ibcs2_interpreter;
1348 int i;
1349 abi_ulong mapped_addr;
1350 struct elf_phdr * elf_ppnt;
1351 struct elf_phdr *elf_phdata;
1352 abi_ulong elf_bss, k, elf_brk;
1353 int retval;
1354 char * elf_interpreter;
1355 abi_ulong elf_entry, interp_load_addr = 0;
1356 int status;
1357 abi_ulong start_code, end_code, start_data, end_data;
1358 abi_ulong reloc_func_desc = 0;
1359 abi_ulong elf_stack;
1360 char passed_fileno[6];
1362 ibcs2_interpreter = 0;
1363 status = 0;
1364 load_addr = 0;
1365 load_bias = 0;
1366 elf_ex = *((struct elfhdr *) bprm->buf); /* exec-header */
1367 #ifdef BSWAP_NEEDED
1368 bswap_ehdr(&elf_ex);
1369 #endif
1371 /* First of all, some simple consistency checks */
1372 if ((elf_ex.e_type != ET_EXEC && elf_ex.e_type != ET_DYN) ||
1373 (! elf_check_arch(elf_ex.e_machine))) {
1374 return -ENOEXEC;
1377 bprm->p = copy_elf_strings(1, &bprm->filename, bprm->page, bprm->p);
1378 bprm->p = copy_elf_strings(bprm->envc,bprm->envp,bprm->page,bprm->p);
1379 bprm->p = copy_elf_strings(bprm->argc,bprm->argv,bprm->page,bprm->p);
1380 if (!bprm->p) {
1381 retval = -E2BIG;
1384 /* Now read in all of the header information */
1385 elf_phdata = (struct elf_phdr *)malloc(elf_ex.e_phentsize*elf_ex.e_phnum);
1386 if (elf_phdata == NULL) {
1387 return -ENOMEM;
1390 retval = lseek(bprm->fd, elf_ex.e_phoff, SEEK_SET);
1391 if(retval > 0) {
1392 retval = read(bprm->fd, (char *) elf_phdata,
1393 elf_ex.e_phentsize * elf_ex.e_phnum);
1396 if (retval < 0) {
1397 perror("load_elf_binary");
1398 exit(-1);
1399 free (elf_phdata);
1400 return -errno;
1403 #ifdef BSWAP_NEEDED
1404 elf_ppnt = elf_phdata;
1405 for (i=0; i<elf_ex.e_phnum; i++, elf_ppnt++) {
1406 bswap_phdr(elf_ppnt);
1408 #endif
1409 elf_ppnt = elf_phdata;
1411 elf_bss = 0;
1412 elf_brk = 0;
1415 elf_stack = ~((abi_ulong)0UL);
1416 elf_interpreter = NULL;
1417 start_code = ~((abi_ulong)0UL);
1418 end_code = 0;
1419 start_data = 0;
1420 end_data = 0;
1421 interp_ex.a_info = 0;
1423 for(i=0;i < elf_ex.e_phnum; i++) {
1424 if (elf_ppnt->p_type == PT_INTERP) {
1425 if ( elf_interpreter != NULL )
1427 free (elf_phdata);
1428 free(elf_interpreter);
1429 close(bprm->fd);
1430 return -EINVAL;
1433 /* This is the program interpreter used for
1434 * shared libraries - for now assume that this
1435 * is an a.out format binary
1438 elf_interpreter = (char *)malloc(elf_ppnt->p_filesz);
1440 if (elf_interpreter == NULL) {
1441 free (elf_phdata);
1442 close(bprm->fd);
1443 return -ENOMEM;
1446 retval = lseek(bprm->fd, elf_ppnt->p_offset, SEEK_SET);
1447 if(retval >= 0) {
1448 retval = read(bprm->fd, elf_interpreter, elf_ppnt->p_filesz);
1450 if(retval < 0) {
1451 perror("load_elf_binary2");
1452 exit(-1);
1455 /* If the program interpreter is one of these two,
1456 then assume an iBCS2 image. Otherwise assume
1457 a native linux image. */
1459 /* JRP - Need to add X86 lib dir stuff here... */
1461 if (strcmp(elf_interpreter,"/usr/lib/libc.so.1") == 0 ||
1462 strcmp(elf_interpreter,"/usr/lib/ld.so.1") == 0) {
1463 ibcs2_interpreter = 1;
1466 #if 0
1467 printf("Using ELF interpreter %s\n", elf_interpreter);
1468 #endif
1469 if (retval >= 0) {
1470 retval = open(path(elf_interpreter), O_RDONLY);
1471 if(retval >= 0) {
1472 interpreter_fd = retval;
1474 else {
1475 perror(elf_interpreter);
1476 exit(-1);
1477 /* retval = -errno; */
1481 if (retval >= 0) {
1482 retval = lseek(interpreter_fd, 0, SEEK_SET);
1483 if(retval >= 0) {
1484 retval = read(interpreter_fd,bprm->buf,128);
1487 if (retval >= 0) {
1488 interp_ex = *((struct exec *) bprm->buf); /* aout exec-header */
1489 interp_elf_ex=*((struct elfhdr *) bprm->buf); /* elf exec-header */
1491 if (retval < 0) {
1492 perror("load_elf_binary3");
1493 exit(-1);
1494 free (elf_phdata);
1495 free(elf_interpreter);
1496 close(bprm->fd);
1497 return retval;
1500 elf_ppnt++;
1503 /* Some simple consistency checks for the interpreter */
1504 if (elf_interpreter){
1505 interpreter_type = INTERPRETER_ELF | INTERPRETER_AOUT;
1507 /* Now figure out which format our binary is */
1508 if ((N_MAGIC(interp_ex) != OMAGIC) && (N_MAGIC(interp_ex) != ZMAGIC) &&
1509 (N_MAGIC(interp_ex) != QMAGIC)) {
1510 interpreter_type = INTERPRETER_ELF;
1513 if (interp_elf_ex.e_ident[0] != 0x7f ||
1514 strncmp((char *)&interp_elf_ex.e_ident[1], "ELF",3) != 0) {
1515 interpreter_type &= ~INTERPRETER_ELF;
1518 if (!interpreter_type) {
1519 free(elf_interpreter);
1520 free(elf_phdata);
1521 close(bprm->fd);
1522 return -ELIBBAD;
1526 /* OK, we are done with that, now set up the arg stuff,
1527 and then start this sucker up */
1530 char * passed_p;
1532 if (interpreter_type == INTERPRETER_AOUT) {
1533 snprintf(passed_fileno, sizeof(passed_fileno), "%d", bprm->fd);
1534 passed_p = passed_fileno;
1536 if (elf_interpreter) {
1537 bprm->p = copy_elf_strings(1,&passed_p,bprm->page,bprm->p);
1538 bprm->argc++;
1541 if (!bprm->p) {
1542 if (elf_interpreter) {
1543 free(elf_interpreter);
1545 free (elf_phdata);
1546 close(bprm->fd);
1547 return -E2BIG;
1551 /* OK, This is the point of no return */
1552 info->end_data = 0;
1553 info->end_code = 0;
1554 info->start_mmap = (abi_ulong)ELF_START_MMAP;
1555 info->mmap = 0;
1556 elf_entry = (abi_ulong) elf_ex.e_entry;
1558 /* Do this so that we can load the interpreter, if need be. We will
1559 change some of these later */
1560 info->rss = 0;
1561 bprm->p = setup_arg_pages(bprm->p, bprm, info);
1562 info->start_stack = bprm->p;
1564 /* Now we do a little grungy work by mmaping the ELF image into
1565 * the correct location in memory. At this point, we assume that
1566 * the image should be loaded at fixed address, not at a variable
1567 * address.
1570 for(i = 0, elf_ppnt = elf_phdata; i < elf_ex.e_phnum; i++, elf_ppnt++) {
1571 int elf_prot = 0;
1572 int elf_flags = 0;
1573 abi_ulong error;
1575 if (elf_ppnt->p_type != PT_LOAD)
1576 continue;
1578 if (elf_ppnt->p_flags & PF_R) elf_prot |= PROT_READ;
1579 if (elf_ppnt->p_flags & PF_W) elf_prot |= PROT_WRITE;
1580 if (elf_ppnt->p_flags & PF_X) elf_prot |= PROT_EXEC;
1581 elf_flags = MAP_PRIVATE | MAP_DENYWRITE;
1582 if (elf_ex.e_type == ET_EXEC || load_addr_set) {
1583 elf_flags |= MAP_FIXED;
1584 } else if (elf_ex.e_type == ET_DYN) {
1585 /* Try and get dynamic programs out of the way of the default mmap
1586 base, as well as whatever program they might try to exec. This
1587 is because the brk will follow the loader, and is not movable. */
1588 /* NOTE: for qemu, we do a big mmap to get enough space
1589 without hardcoding any address */
1590 error = target_mmap(0, ET_DYN_MAP_SIZE,
1591 PROT_NONE, MAP_PRIVATE | MAP_ANON,
1592 -1, 0);
1593 if (error == -1) {
1594 perror("mmap");
1595 exit(-1);
1597 load_bias = TARGET_ELF_PAGESTART(error - elf_ppnt->p_vaddr);
1600 error = target_mmap(TARGET_ELF_PAGESTART(load_bias + elf_ppnt->p_vaddr),
1601 (elf_ppnt->p_filesz +
1602 TARGET_ELF_PAGEOFFSET(elf_ppnt->p_vaddr)),
1603 elf_prot,
1604 (MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE),
1605 bprm->fd,
1606 (elf_ppnt->p_offset -
1607 TARGET_ELF_PAGEOFFSET(elf_ppnt->p_vaddr)));
1608 if (error == -1) {
1609 perror("mmap");
1610 exit(-1);
1613 #ifdef LOW_ELF_STACK
1614 if (TARGET_ELF_PAGESTART(elf_ppnt->p_vaddr) < elf_stack)
1615 elf_stack = TARGET_ELF_PAGESTART(elf_ppnt->p_vaddr);
1616 #endif
1618 if (!load_addr_set) {
1619 load_addr_set = 1;
1620 load_addr = elf_ppnt->p_vaddr - elf_ppnt->p_offset;
1621 if (elf_ex.e_type == ET_DYN) {
1622 load_bias += error -
1623 TARGET_ELF_PAGESTART(load_bias + elf_ppnt->p_vaddr);
1624 load_addr += load_bias;
1625 reloc_func_desc = load_bias;
1628 k = elf_ppnt->p_vaddr;
1629 if (k < start_code)
1630 start_code = k;
1631 if (start_data < k)
1632 start_data = k;
1633 k = elf_ppnt->p_vaddr + elf_ppnt->p_filesz;
1634 if (k > elf_bss)
1635 elf_bss = k;
1636 if ((elf_ppnt->p_flags & PF_X) && end_code < k)
1637 end_code = k;
1638 if (end_data < k)
1639 end_data = k;
1640 k = elf_ppnt->p_vaddr + elf_ppnt->p_memsz;
1641 if (k > elf_brk) elf_brk = k;
1644 elf_entry += load_bias;
1645 elf_bss += load_bias;
1646 elf_brk += load_bias;
1647 start_code += load_bias;
1648 end_code += load_bias;
1649 start_data += load_bias;
1650 end_data += load_bias;
1652 if (elf_interpreter) {
1653 if (interpreter_type & 1) {
1654 elf_entry = load_aout_interp(&interp_ex, interpreter_fd);
1656 else if (interpreter_type & 2) {
1657 elf_entry = load_elf_interp(&interp_elf_ex, interpreter_fd,
1658 &interp_load_addr);
1660 reloc_func_desc = interp_load_addr;
1662 close(interpreter_fd);
1663 free(elf_interpreter);
1665 if (elf_entry == ~((abi_ulong)0UL)) {
1666 printf("Unable to load interpreter\n");
1667 free(elf_phdata);
1668 exit(-1);
1669 return 0;
1673 free(elf_phdata);
1675 if (qemu_log_enabled())
1676 load_symbols(&elf_ex, bprm->fd);
1678 if (interpreter_type != INTERPRETER_AOUT) close(bprm->fd);
1679 info->personality = (ibcs2_interpreter ? PER_SVR4 : PER_LINUX);
1681 #ifdef LOW_ELF_STACK
1682 info->start_stack = bprm->p = elf_stack - 4;
1683 #endif
1684 bprm->p = create_elf_tables(bprm->p,
1685 bprm->argc,
1686 bprm->envc,
1687 &elf_ex,
1688 load_addr, load_bias,
1689 interp_load_addr,
1690 (interpreter_type == INTERPRETER_AOUT ? 0 : 1),
1691 info);
1692 info->load_addr = reloc_func_desc;
1693 info->start_brk = info->brk = elf_brk;
1694 info->end_code = end_code;
1695 info->start_code = start_code;
1696 info->start_data = start_data;
1697 info->end_data = end_data;
1698 info->start_stack = bprm->p;
1700 /* Calling set_brk effectively mmaps the pages that we need for the bss and break
1701 sections */
1702 set_brk(elf_bss, elf_brk);
1704 padzero(elf_bss, elf_brk);
1706 #if 0
1707 printf("(start_brk) %x\n" , info->start_brk);
1708 printf("(end_code) %x\n" , info->end_code);
1709 printf("(start_code) %x\n" , info->start_code);
1710 printf("(end_data) %x\n" , info->end_data);
1711 printf("(start_stack) %x\n" , info->start_stack);
1712 printf("(brk) %x\n" , info->brk);
1713 #endif
1715 if ( info->personality == PER_SVR4 )
1717 /* Why this, you ask??? Well SVr4 maps page 0 as read-only,
1718 and some applications "depend" upon this behavior.
1719 Since we do not have the power to recompile these, we
1720 emulate the SVr4 behavior. Sigh. */
1721 mapped_addr = target_mmap(0, qemu_host_page_size, PROT_READ | PROT_EXEC,
1722 MAP_FIXED | MAP_PRIVATE, -1, 0);
1725 info->entry = elf_entry;
1727 #ifdef USE_ELF_CORE_DUMP
1728 bprm->core_dump = &elf_core_dump;
1729 #endif
1731 return 0;
1734 #ifdef USE_ELF_CORE_DUMP
1737 * Definitions to generate Intel SVR4-like core files.
1738 * These mostly have the same names as the SVR4 types with "elf_"
1739 * tacked on the front to prevent clashes with linux definitions,
1740 * and the typedef forms have been avoided. This is mostly like
1741 * the SVR4 structure, but more Linuxy, with things that Linux does
1742 * not support and which gdb doesn't really use excluded.
1744 * Fields we don't dump (their contents is zero) in linux-user qemu
1745 * are marked with XXX.
1747 * Core dump code is copied from linux kernel (fs/binfmt_elf.c).
1749 * Porting ELF coredump for target is (quite) simple process. First you
1750 * define ELF_USE_CORE_DUMP in target ELF code (where init_thread() for
1751 * the target resides):
1753 * #define USE_ELF_CORE_DUMP
1755 * Next you define type of register set used for dumping. ELF specification
1756 * says that it needs to be array of elf_greg_t that has size of ELF_NREG.
1758 * typedef <target_regtype> elf_greg_t;
1759 * #define ELF_NREG <number of registers>
1760 * typedef elf_greg_t elf_gregset_t[ELF_NREG];
1762 * Then define following types to match target types. Actual types can
1763 * be found from linux kernel (arch/<ARCH>/include/asm/posix_types.h):
1765 * typedef <target_uid_type> target_uid_t;
1766 * typedef <target_gid_type> target_gid_t;
1767 * typedef <target_pid_type> target_pid_t;
1769 * Last step is to implement target specific function that copies registers
1770 * from given cpu into just specified register set. Prototype is:
1772 * static void elf_core_copy_regs(elf_gregset_t *regs, const CPUState *env);
1774 * Parameters:
1775 * regs - copy register values into here (allocated and zeroed by caller)
1776 * env - copy registers from here
1778 * Example for ARM target is provided in this file.
1781 /* An ELF note in memory */
1782 struct memelfnote {
1783 const char *name;
1784 size_t namesz;
1785 size_t namesz_rounded;
1786 int type;
1787 size_t datasz;
1788 void *data;
1789 size_t notesz;
1792 struct elf_siginfo {
1793 int si_signo; /* signal number */
1794 int si_code; /* extra code */
1795 int si_errno; /* errno */
1798 struct elf_prstatus {
1799 struct elf_siginfo pr_info; /* Info associated with signal */
1800 short pr_cursig; /* Current signal */
1801 target_ulong pr_sigpend; /* XXX */
1802 target_ulong pr_sighold; /* XXX */
1803 target_pid_t pr_pid;
1804 target_pid_t pr_ppid;
1805 target_pid_t pr_pgrp;
1806 target_pid_t pr_sid;
1807 struct target_timeval pr_utime; /* XXX User time */
1808 struct target_timeval pr_stime; /* XXX System time */
1809 struct target_timeval pr_cutime; /* XXX Cumulative user time */
1810 struct target_timeval pr_cstime; /* XXX Cumulative system time */
1811 elf_gregset_t pr_reg; /* GP registers */
1812 int pr_fpvalid; /* XXX */
1815 #define ELF_PRARGSZ (80) /* Number of chars for args */
1817 struct elf_prpsinfo {
1818 char pr_state; /* numeric process state */
1819 char pr_sname; /* char for pr_state */
1820 char pr_zomb; /* zombie */
1821 char pr_nice; /* nice val */
1822 target_ulong pr_flag; /* flags */
1823 target_uid_t pr_uid;
1824 target_gid_t pr_gid;
1825 target_pid_t pr_pid, pr_ppid, pr_pgrp, pr_sid;
1826 /* Lots missing */
1827 char pr_fname[16]; /* filename of executable */
1828 char pr_psargs[ELF_PRARGSZ]; /* initial part of arg list */
1831 /* Here is the structure in which status of each thread is captured. */
1832 struct elf_thread_status {
1833 TAILQ_ENTRY(elf_thread_status) ets_link;
1834 struct elf_prstatus prstatus; /* NT_PRSTATUS */
1835 #if 0
1836 elf_fpregset_t fpu; /* NT_PRFPREG */
1837 struct task_struct *thread;
1838 elf_fpxregset_t xfpu; /* ELF_CORE_XFPREG_TYPE */
1839 #endif
1840 struct memelfnote notes[1];
1841 int num_notes;
1844 struct elf_note_info {
1845 struct memelfnote *notes;
1846 struct elf_prstatus *prstatus; /* NT_PRSTATUS */
1847 struct elf_prpsinfo *psinfo; /* NT_PRPSINFO */
1849 TAILQ_HEAD(thread_list_head, elf_thread_status) thread_list;
1850 #if 0
1852 * Current version of ELF coredump doesn't support
1853 * dumping fp regs etc.
1855 elf_fpregset_t *fpu;
1856 elf_fpxregset_t *xfpu;
1857 int thread_status_size;
1858 #endif
1859 int notes_size;
1860 int numnote;
1863 struct vm_area_struct {
1864 abi_ulong vma_start; /* start vaddr of memory region */
1865 abi_ulong vma_end; /* end vaddr of memory region */
1866 abi_ulong vma_flags; /* protection etc. flags for the region */
1867 TAILQ_ENTRY(vm_area_struct) vma_link;
1870 struct mm_struct {
1871 TAILQ_HEAD(, vm_area_struct) mm_mmap;
1872 int mm_count; /* number of mappings */
1875 static struct mm_struct *vma_init(void);
1876 static void vma_delete(struct mm_struct *);
1877 static int vma_add_mapping(struct mm_struct *, abi_ulong,
1878 abi_ulong, abi_ulong);
1879 static int vma_get_mapping_count(const struct mm_struct *);
1880 static struct vm_area_struct *vma_first(const struct mm_struct *);
1881 static struct vm_area_struct *vma_next(struct vm_area_struct *);
1882 static abi_ulong vma_dump_size(const struct vm_area_struct *);
1883 static int vma_walker(void *priv, unsigned long start, unsigned long end,
1884 unsigned long flags);
1886 static void fill_elf_header(struct elfhdr *, int, uint16_t, uint32_t);
1887 static void fill_note(struct memelfnote *, const char *, int,
1888 unsigned int, void *);
1889 static void fill_prstatus(struct elf_prstatus *, const TaskState *, int);
1890 static int fill_psinfo(struct elf_prpsinfo *, const TaskState *);
1891 static void fill_auxv_note(struct memelfnote *, const TaskState *);
1892 static void fill_elf_note_phdr(struct elf_phdr *, int, off_t);
1893 static size_t note_size(const struct memelfnote *);
1894 static void free_note_info(struct elf_note_info *);
1895 static int fill_note_info(struct elf_note_info *, long, const CPUState *);
1896 static void fill_thread_info(struct elf_note_info *, const CPUState *);
1897 static int core_dump_filename(const TaskState *, char *, size_t);
1899 static int dump_write(int, const void *, size_t);
1900 static int write_note(struct memelfnote *, int);
1901 static int write_note_info(struct elf_note_info *, int);
1903 #ifdef BSWAP_NEEDED
1904 static void bswap_prstatus(struct elf_prstatus *);
1905 static void bswap_psinfo(struct elf_prpsinfo *);
1907 static void bswap_prstatus(struct elf_prstatus *prstatus)
1909 prstatus->pr_info.si_signo = tswapl(prstatus->pr_info.si_signo);
1910 prstatus->pr_info.si_code = tswapl(prstatus->pr_info.si_code);
1911 prstatus->pr_info.si_errno = tswapl(prstatus->pr_info.si_errno);
1912 prstatus->pr_cursig = tswap16(prstatus->pr_cursig);
1913 prstatus->pr_sigpend = tswapl(prstatus->pr_sigpend);
1914 prstatus->pr_sighold = tswapl(prstatus->pr_sighold);
1915 prstatus->pr_pid = tswap32(prstatus->pr_pid);
1916 prstatus->pr_ppid = tswap32(prstatus->pr_ppid);
1917 prstatus->pr_pgrp = tswap32(prstatus->pr_pgrp);
1918 prstatus->pr_sid = tswap32(prstatus->pr_sid);
1919 /* cpu times are not filled, so we skip them */
1920 /* regs should be in correct format already */
1921 prstatus->pr_fpvalid = tswap32(prstatus->pr_fpvalid);
1924 static void bswap_psinfo(struct elf_prpsinfo *psinfo)
1926 psinfo->pr_flag = tswapl(psinfo->pr_flag);
1927 psinfo->pr_uid = tswap16(psinfo->pr_uid);
1928 psinfo->pr_gid = tswap16(psinfo->pr_gid);
1929 psinfo->pr_pid = tswap32(psinfo->pr_pid);
1930 psinfo->pr_ppid = tswap32(psinfo->pr_ppid);
1931 psinfo->pr_pgrp = tswap32(psinfo->pr_pgrp);
1932 psinfo->pr_sid = tswap32(psinfo->pr_sid);
1934 #endif /* BSWAP_NEEDED */
1937 * Minimal support for linux memory regions. These are needed
1938 * when we are finding out what memory exactly belongs to
1939 * emulated process. No locks needed here, as long as
1940 * thread that received the signal is stopped.
1943 static struct mm_struct *vma_init(void)
1945 struct mm_struct *mm;
1947 if ((mm = qemu_malloc(sizeof (*mm))) == NULL)
1948 return (NULL);
1950 mm->mm_count = 0;
1951 TAILQ_INIT(&mm->mm_mmap);
1953 return (mm);
1956 static void vma_delete(struct mm_struct *mm)
1958 struct vm_area_struct *vma;
1960 while ((vma = vma_first(mm)) != NULL) {
1961 TAILQ_REMOVE(&mm->mm_mmap, vma, vma_link);
1962 qemu_free(vma);
1964 qemu_free(mm);
1967 static int vma_add_mapping(struct mm_struct *mm, abi_ulong start,
1968 abi_ulong end, abi_ulong flags)
1970 struct vm_area_struct *vma;
1972 if ((vma = qemu_mallocz(sizeof (*vma))) == NULL)
1973 return (-1);
1975 vma->vma_start = start;
1976 vma->vma_end = end;
1977 vma->vma_flags = flags;
1979 TAILQ_INSERT_TAIL(&mm->mm_mmap, vma, vma_link);
1980 mm->mm_count++;
1982 return (0);
1985 static struct vm_area_struct *vma_first(const struct mm_struct *mm)
1987 return (TAILQ_FIRST(&mm->mm_mmap));
1990 static struct vm_area_struct *vma_next(struct vm_area_struct *vma)
1992 return (TAILQ_NEXT(vma, vma_link));
1995 static int vma_get_mapping_count(const struct mm_struct *mm)
1997 return (mm->mm_count);
2001 * Calculate file (dump) size of given memory region.
2003 static abi_ulong vma_dump_size(const struct vm_area_struct *vma)
2005 /* if we cannot even read the first page, skip it */
2006 if (!access_ok(VERIFY_READ, vma->vma_start, TARGET_PAGE_SIZE))
2007 return (0);
2010 * Usually we don't dump executable pages as they contain
2011 * non-writable code that debugger can read directly from
2012 * target library etc. However, thread stacks are marked
2013 * also executable so we read in first page of given region
2014 * and check whether it contains elf header. If there is
2015 * no elf header, we dump it.
2017 if (vma->vma_flags & PROT_EXEC) {
2018 char page[TARGET_PAGE_SIZE];
2020 copy_from_user(page, vma->vma_start, sizeof (page));
2021 if ((page[EI_MAG0] == ELFMAG0) &&
2022 (page[EI_MAG1] == ELFMAG1) &&
2023 (page[EI_MAG2] == ELFMAG2) &&
2024 (page[EI_MAG3] == ELFMAG3)) {
2026 * Mappings are possibly from ELF binary. Don't dump
2027 * them.
2029 return (0);
2033 return (vma->vma_end - vma->vma_start);
2036 static int vma_walker(void *priv, unsigned long start, unsigned long end,
2037 unsigned long flags)
2039 struct mm_struct *mm = (struct mm_struct *)priv;
2042 * Don't dump anything that qemu has reserved for internal use.
2044 if (flags & PAGE_RESERVED)
2045 return (0);
2047 vma_add_mapping(mm, start, end, flags);
2048 return (0);
2051 static void fill_note(struct memelfnote *note, const char *name, int type,
2052 unsigned int sz, void *data)
2054 unsigned int namesz;
2056 namesz = strlen(name) + 1;
2057 note->name = name;
2058 note->namesz = namesz;
2059 note->namesz_rounded = roundup(namesz, sizeof (int32_t));
2060 note->type = type;
2061 note->datasz = roundup(sz, sizeof (int32_t));;
2062 note->data = data;
2065 * We calculate rounded up note size here as specified by
2066 * ELF document.
2068 note->notesz = sizeof (struct elf_note) +
2069 note->namesz_rounded + note->datasz;
2072 static void fill_elf_header(struct elfhdr *elf, int segs, uint16_t machine,
2073 uint32_t flags)
2075 (void) memset(elf, 0, sizeof(*elf));
2077 (void) memcpy(elf->e_ident, ELFMAG, SELFMAG);
2078 elf->e_ident[EI_CLASS] = ELF_CLASS;
2079 elf->e_ident[EI_DATA] = ELF_DATA;
2080 elf->e_ident[EI_VERSION] = EV_CURRENT;
2081 elf->e_ident[EI_OSABI] = ELF_OSABI;
2083 elf->e_type = ET_CORE;
2084 elf->e_machine = machine;
2085 elf->e_version = EV_CURRENT;
2086 elf->e_phoff = sizeof(struct elfhdr);
2087 elf->e_flags = flags;
2088 elf->e_ehsize = sizeof(struct elfhdr);
2089 elf->e_phentsize = sizeof(struct elf_phdr);
2090 elf->e_phnum = segs;
2092 #ifdef BSWAP_NEEDED
2093 bswap_ehdr(elf);
2094 #endif
2097 static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, off_t offset)
2099 phdr->p_type = PT_NOTE;
2100 phdr->p_offset = offset;
2101 phdr->p_vaddr = 0;
2102 phdr->p_paddr = 0;
2103 phdr->p_filesz = sz;
2104 phdr->p_memsz = 0;
2105 phdr->p_flags = 0;
2106 phdr->p_align = 0;
2108 #ifdef BSWAP_NEEDED
2109 bswap_phdr(phdr);
2110 #endif
2113 static size_t note_size(const struct memelfnote *note)
2115 return (note->notesz);
2118 static void fill_prstatus(struct elf_prstatus *prstatus,
2119 const TaskState *ts, int signr)
2121 (void) memset(prstatus, 0, sizeof (*prstatus));
2122 prstatus->pr_info.si_signo = prstatus->pr_cursig = signr;
2123 prstatus->pr_pid = ts->ts_tid;
2124 prstatus->pr_ppid = getppid();
2125 prstatus->pr_pgrp = getpgrp();
2126 prstatus->pr_sid = getsid(0);
2128 #ifdef BSWAP_NEEDED
2129 bswap_prstatus(prstatus);
2130 #endif
2133 static int fill_psinfo(struct elf_prpsinfo *psinfo, const TaskState *ts)
2135 char *filename, *base_filename;
2136 unsigned int i, len;
2138 (void) memset(psinfo, 0, sizeof (*psinfo));
2140 len = ts->info->arg_end - ts->info->arg_start;
2141 if (len >= ELF_PRARGSZ)
2142 len = ELF_PRARGSZ - 1;
2143 if (copy_from_user(&psinfo->pr_psargs, ts->info->arg_start, len))
2144 return -EFAULT;
2145 for (i = 0; i < len; i++)
2146 if (psinfo->pr_psargs[i] == 0)
2147 psinfo->pr_psargs[i] = ' ';
2148 psinfo->pr_psargs[len] = 0;
2150 psinfo->pr_pid = getpid();
2151 psinfo->pr_ppid = getppid();
2152 psinfo->pr_pgrp = getpgrp();
2153 psinfo->pr_sid = getsid(0);
2154 psinfo->pr_uid = getuid();
2155 psinfo->pr_gid = getgid();
2157 filename = strdup(ts->bprm->filename);
2158 base_filename = strdup(basename(filename));
2159 (void) strncpy(psinfo->pr_fname, base_filename,
2160 sizeof(psinfo->pr_fname));
2161 free(base_filename);
2162 free(filename);
2164 #ifdef BSWAP_NEEDED
2165 bswap_psinfo(psinfo);
2166 #endif
2167 return (0);
2170 static void fill_auxv_note(struct memelfnote *note, const TaskState *ts)
2172 elf_addr_t auxv = (elf_addr_t)ts->info->saved_auxv;
2173 elf_addr_t orig_auxv = auxv;
2174 abi_ulong val;
2175 void *ptr;
2176 int i, len;
2179 * Auxiliary vector is stored in target process stack. It contains
2180 * {type, value} pairs that we need to dump into note. This is not
2181 * strictly necessary but we do it here for sake of completeness.
2184 /* find out lenght of the vector, AT_NULL is terminator */
2185 i = len = 0;
2186 do {
2187 get_user_ual(val, auxv);
2188 i += 2;
2189 auxv += 2 * sizeof (elf_addr_t);
2190 } while (val != AT_NULL);
2191 len = i * sizeof (elf_addr_t);
2193 /* read in whole auxv vector and copy it to memelfnote */
2194 ptr = lock_user(VERIFY_READ, orig_auxv, len, 0);
2195 if (ptr != NULL) {
2196 fill_note(note, "CORE", NT_AUXV, len, ptr);
2197 unlock_user(ptr, auxv, len);
2202 * Constructs name of coredump file. We have following convention
2203 * for the name:
2204 * qemu_<basename-of-target-binary>_<date>-<time>_<pid>.core
2206 * Returns 0 in case of success, -1 otherwise (errno is set).
2208 static int core_dump_filename(const TaskState *ts, char *buf,
2209 size_t bufsize)
2211 char timestamp[64];
2212 char *filename = NULL;
2213 char *base_filename = NULL;
2214 struct timeval tv;
2215 struct tm tm;
2217 assert(bufsize >= PATH_MAX);
2219 if (gettimeofday(&tv, NULL) < 0) {
2220 (void) fprintf(stderr, "unable to get current timestamp: %s",
2221 strerror(errno));
2222 return (-1);
2225 filename = strdup(ts->bprm->filename);
2226 base_filename = strdup(basename(filename));
2227 (void) strftime(timestamp, sizeof (timestamp), "%Y%m%d-%H%M%S",
2228 localtime_r(&tv.tv_sec, &tm));
2229 (void) snprintf(buf, bufsize, "qemu_%s_%s_%d.core",
2230 base_filename, timestamp, (int)getpid());
2231 free(base_filename);
2232 free(filename);
2234 return (0);
2237 static int dump_write(int fd, const void *ptr, size_t size)
2239 const char *bufp = (const char *)ptr;
2240 ssize_t bytes_written, bytes_left;
2241 struct rlimit dumpsize;
2242 off_t pos;
2244 bytes_written = 0;
2245 getrlimit(RLIMIT_CORE, &dumpsize);
2246 if ((pos = lseek(fd, 0, SEEK_CUR))==-1) {
2247 if (errno == ESPIPE) { /* not a seekable stream */
2248 bytes_left = size;
2249 } else {
2250 return pos;
2252 } else {
2253 if (dumpsize.rlim_cur <= pos) {
2254 return -1;
2255 } else if (dumpsize.rlim_cur == RLIM_INFINITY) {
2256 bytes_left = size;
2257 } else {
2258 size_t limit_left=dumpsize.rlim_cur - pos;
2259 bytes_left = limit_left >= size ? size : limit_left ;
2264 * In normal conditions, single write(2) should do but
2265 * in case of socket etc. this mechanism is more portable.
2267 do {
2268 bytes_written = write(fd, bufp, bytes_left);
2269 if (bytes_written < 0) {
2270 if (errno == EINTR)
2271 continue;
2272 return (-1);
2273 } else if (bytes_written == 0) { /* eof */
2274 return (-1);
2276 bufp += bytes_written;
2277 bytes_left -= bytes_written;
2278 } while (bytes_left > 0);
2280 return (0);
2283 static int write_note(struct memelfnote *men, int fd)
2285 struct elf_note en;
2287 en.n_namesz = men->namesz;
2288 en.n_type = men->type;
2289 en.n_descsz = men->datasz;
2291 #ifdef BSWAP_NEEDED
2292 bswap_note(&en);
2293 #endif
2295 if (dump_write(fd, &en, sizeof(en)) != 0)
2296 return (-1);
2297 if (dump_write(fd, men->name, men->namesz_rounded) != 0)
2298 return (-1);
2299 if (dump_write(fd, men->data, men->datasz) != 0)
2300 return (-1);
2302 return (0);
2305 static void fill_thread_info(struct elf_note_info *info, const CPUState *env)
2307 TaskState *ts = (TaskState *)env->opaque;
2308 struct elf_thread_status *ets;
2310 ets = qemu_mallocz(sizeof (*ets));
2311 ets->num_notes = 1; /* only prstatus is dumped */
2312 fill_prstatus(&ets->prstatus, ts, 0);
2313 elf_core_copy_regs(&ets->prstatus.pr_reg, env);
2314 fill_note(&ets->notes[0], "CORE", NT_PRSTATUS, sizeof (ets->prstatus),
2315 &ets->prstatus);
2317 TAILQ_INSERT_TAIL(&info->thread_list, ets, ets_link);
2319 info->notes_size += note_size(&ets->notes[0]);
2322 static int fill_note_info(struct elf_note_info *info,
2323 long signr, const CPUState *env)
2325 #define NUMNOTES 3
2326 CPUState *cpu = NULL;
2327 TaskState *ts = (TaskState *)env->opaque;
2328 int i;
2330 (void) memset(info, 0, sizeof (*info));
2332 TAILQ_INIT(&info->thread_list);
2334 info->notes = qemu_mallocz(NUMNOTES * sizeof (struct memelfnote));
2335 if (info->notes == NULL)
2336 return (-ENOMEM);
2337 info->prstatus = qemu_mallocz(sizeof (*info->prstatus));
2338 if (info->prstatus == NULL)
2339 return (-ENOMEM);
2340 info->psinfo = qemu_mallocz(sizeof (*info->psinfo));
2341 if (info->prstatus == NULL)
2342 return (-ENOMEM);
2345 * First fill in status (and registers) of current thread
2346 * including process info & aux vector.
2348 fill_prstatus(info->prstatus, ts, signr);
2349 elf_core_copy_regs(&info->prstatus->pr_reg, env);
2350 fill_note(&info->notes[0], "CORE", NT_PRSTATUS,
2351 sizeof (*info->prstatus), info->prstatus);
2352 fill_psinfo(info->psinfo, ts);
2353 fill_note(&info->notes[1], "CORE", NT_PRPSINFO,
2354 sizeof (*info->psinfo), info->psinfo);
2355 fill_auxv_note(&info->notes[2], ts);
2356 info->numnote = 3;
2358 info->notes_size = 0;
2359 for (i = 0; i < info->numnote; i++)
2360 info->notes_size += note_size(&info->notes[i]);
2362 /* read and fill status of all threads */
2363 cpu_list_lock();
2364 for (cpu = first_cpu; cpu != NULL; cpu = cpu->next_cpu) {
2365 if (cpu == thread_env)
2366 continue;
2367 fill_thread_info(info, cpu);
2369 cpu_list_unlock();
2371 return (0);
2374 static void free_note_info(struct elf_note_info *info)
2376 struct elf_thread_status *ets;
2378 while (!TAILQ_EMPTY(&info->thread_list)) {
2379 ets = TAILQ_FIRST(&info->thread_list);
2380 TAILQ_REMOVE(&info->thread_list, ets, ets_link);
2381 qemu_free(ets);
2384 qemu_free(info->prstatus);
2385 qemu_free(info->psinfo);
2386 qemu_free(info->notes);
2389 static int write_note_info(struct elf_note_info *info, int fd)
2391 struct elf_thread_status *ets;
2392 int i, error = 0;
2394 /* write prstatus, psinfo and auxv for current thread */
2395 for (i = 0; i < info->numnote; i++)
2396 if ((error = write_note(&info->notes[i], fd)) != 0)
2397 return (error);
2399 /* write prstatus for each thread */
2400 for (ets = info->thread_list.tqh_first; ets != NULL;
2401 ets = ets->ets_link.tqe_next) {
2402 if ((error = write_note(&ets->notes[0], fd)) != 0)
2403 return (error);
2406 return (0);
2410 * Write out ELF coredump.
2412 * See documentation of ELF object file format in:
2413 * http://www.caldera.com/developers/devspecs/gabi41.pdf
2415 * Coredump format in linux is following:
2417 * 0 +----------------------+ \
2418 * | ELF header | ET_CORE |
2419 * +----------------------+ |
2420 * | ELF program headers | |--- headers
2421 * | - NOTE section | |
2422 * | - PT_LOAD sections | |
2423 * +----------------------+ /
2424 * | NOTEs: |
2425 * | - NT_PRSTATUS |
2426 * | - NT_PRSINFO |
2427 * | - NT_AUXV |
2428 * +----------------------+ <-- aligned to target page
2429 * | Process memory dump |
2430 * : :
2431 * . .
2432 * : :
2433 * | |
2434 * +----------------------+
2436 * NT_PRSTATUS -> struct elf_prstatus (per thread)
2437 * NT_PRSINFO -> struct elf_prpsinfo
2438 * NT_AUXV is array of { type, value } pairs (see fill_auxv_note()).
2440 * Format follows System V format as close as possible. Current
2441 * version limitations are as follows:
2442 * - no floating point registers are dumped
2444 * Function returns 0 in case of success, negative errno otherwise.
2446 * TODO: make this work also during runtime: it should be
2447 * possible to force coredump from running process and then
2448 * continue processing. For example qemu could set up SIGUSR2
2449 * handler (provided that target process haven't registered
2450 * handler for that) that does the dump when signal is received.
2452 static int elf_core_dump(int signr, const CPUState *env)
2454 const TaskState *ts = (const TaskState *)env->opaque;
2455 struct vm_area_struct *vma = NULL;
2456 char corefile[PATH_MAX];
2457 struct elf_note_info info;
2458 struct elfhdr elf;
2459 struct elf_phdr phdr;
2460 struct rlimit dumpsize;
2461 struct mm_struct *mm = NULL;
2462 off_t offset = 0, data_offset = 0;
2463 int segs = 0;
2464 int fd = -1;
2466 errno = 0;
2467 getrlimit(RLIMIT_CORE, &dumpsize);
2468 if (dumpsize.rlim_cur == 0)
2469 return 0;
2471 if (core_dump_filename(ts, corefile, sizeof (corefile)) < 0)
2472 return (-errno);
2474 if ((fd = open(corefile, O_WRONLY | O_CREAT,
2475 S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)) < 0)
2476 return (-errno);
2479 * Walk through target process memory mappings and
2480 * set up structure containing this information. After
2481 * this point vma_xxx functions can be used.
2483 if ((mm = vma_init()) == NULL)
2484 goto out;
2486 walk_memory_regions(mm, vma_walker);
2487 segs = vma_get_mapping_count(mm);
2490 * Construct valid coredump ELF header. We also
2491 * add one more segment for notes.
2493 fill_elf_header(&elf, segs + 1, ELF_MACHINE, 0);
2494 if (dump_write(fd, &elf, sizeof (elf)) != 0)
2495 goto out;
2497 /* fill in in-memory version of notes */
2498 if (fill_note_info(&info, signr, env) < 0)
2499 goto out;
2501 offset += sizeof (elf); /* elf header */
2502 offset += (segs + 1) * sizeof (struct elf_phdr); /* program headers */
2504 /* write out notes program header */
2505 fill_elf_note_phdr(&phdr, info.notes_size, offset);
2507 offset += info.notes_size;
2508 if (dump_write(fd, &phdr, sizeof (phdr)) != 0)
2509 goto out;
2512 * ELF specification wants data to start at page boundary so
2513 * we align it here.
2515 offset = roundup(offset, ELF_EXEC_PAGESIZE);
2518 * Write program headers for memory regions mapped in
2519 * the target process.
2521 for (vma = vma_first(mm); vma != NULL; vma = vma_next(vma)) {
2522 (void) memset(&phdr, 0, sizeof (phdr));
2524 phdr.p_type = PT_LOAD;
2525 phdr.p_offset = offset;
2526 phdr.p_vaddr = vma->vma_start;
2527 phdr.p_paddr = 0;
2528 phdr.p_filesz = vma_dump_size(vma);
2529 offset += phdr.p_filesz;
2530 phdr.p_memsz = vma->vma_end - vma->vma_start;
2531 phdr.p_flags = vma->vma_flags & PROT_READ ? PF_R : 0;
2532 if (vma->vma_flags & PROT_WRITE)
2533 phdr.p_flags |= PF_W;
2534 if (vma->vma_flags & PROT_EXEC)
2535 phdr.p_flags |= PF_X;
2536 phdr.p_align = ELF_EXEC_PAGESIZE;
2538 dump_write(fd, &phdr, sizeof (phdr));
2542 * Next we write notes just after program headers. No
2543 * alignment needed here.
2545 if (write_note_info(&info, fd) < 0)
2546 goto out;
2548 /* align data to page boundary */
2549 data_offset = lseek(fd, 0, SEEK_CUR);
2550 data_offset = TARGET_PAGE_ALIGN(data_offset);
2551 if (lseek(fd, data_offset, SEEK_SET) != data_offset)
2552 goto out;
2555 * Finally we can dump process memory into corefile as well.
2557 for (vma = vma_first(mm); vma != NULL; vma = vma_next(vma)) {
2558 abi_ulong addr;
2559 abi_ulong end;
2561 end = vma->vma_start + vma_dump_size(vma);
2563 for (addr = vma->vma_start; addr < end;
2564 addr += TARGET_PAGE_SIZE) {
2565 char page[TARGET_PAGE_SIZE];
2566 int error;
2569 * Read in page from target process memory and
2570 * write it to coredump file.
2572 error = copy_from_user(page, addr, sizeof (page));
2573 if (error != 0) {
2574 (void) fprintf(stderr, "unable to dump " TARGET_FMT_lx "\n",
2575 addr);
2576 errno = -error;
2577 goto out;
2579 if (dump_write(fd, page, TARGET_PAGE_SIZE) < 0)
2580 goto out;
2584 out:
2585 free_note_info(&info);
2586 if (mm != NULL)
2587 vma_delete(mm);
2588 (void) close(fd);
2590 if (errno != 0)
2591 return (-errno);
2592 return (0);
2595 #endif /* USE_ELF_CORE_DUMP */
2597 static int load_aout_interp(void * exptr, int interp_fd)
2599 printf("a.out interpreter not yet supported\n");
2600 return(0);
2603 void do_init_thread(struct target_pt_regs *regs, struct image_info *infop)
2605 init_thread(regs, infop);