xref: /illumos-kvm-cmd/linux-user/elfload.c (revision 68396ea9)
1 /* This is the Linux kernel elf-loading code, ported into user space */
2 #include <sys/time.h>
3 #include <sys/param.h>
4 
5 #include <stdio.h>
6 #include <sys/types.h>
7 #include <fcntl.h>
8 #include <errno.h>
9 #include <unistd.h>
10 #include <sys/mman.h>
11 #include <sys/resource.h>
12 #include <stdlib.h>
13 #include <string.h>
14 #include <time.h>
15 
16 #include "qemu.h"
17 #include "disas.h"
18 
19 #ifdef _ARCH_PPC64
20 #undef ARCH_DLINFO
21 #undef ELF_PLATFORM
22 #undef ELF_HWCAP
23 #undef ELF_CLASS
24 #undef ELF_DATA
25 #undef ELF_ARCH
26 #endif
27 
28 #define ELF_OSABI   ELFOSABI_SYSV
29 
30 /* from personality.h */
31 
32 /*
33  * Flags for bug emulation.
34  *
35  * These occupy the top three bytes.
36  */
37 enum {
38     ADDR_NO_RANDOMIZE = 0x0040000,      /* disable randomization of VA space */
39     FDPIC_FUNCPTRS =    0x0080000,      /* userspace function ptrs point to
40                                            descriptors (signal handling) */
41     MMAP_PAGE_ZERO =    0x0100000,
42     ADDR_COMPAT_LAYOUT = 0x0200000,
43     READ_IMPLIES_EXEC = 0x0400000,
44     ADDR_LIMIT_32BIT =  0x0800000,
45     SHORT_INODE =       0x1000000,
46     WHOLE_SECONDS =     0x2000000,
47     STICKY_TIMEOUTS =   0x4000000,
48     ADDR_LIMIT_3GB =    0x8000000,
49 };
50 
51 /*
52  * Personality types.
53  *
54  * These go in the low byte.  Avoid using the top bit, it will
55  * conflict with error returns.
56  */
57 enum {
58     PER_LINUX =         0x0000,
59     PER_LINUX_32BIT =   0x0000 | ADDR_LIMIT_32BIT,
60     PER_LINUX_FDPIC =   0x0000 | FDPIC_FUNCPTRS,
61     PER_SVR4 =          0x0001 | STICKY_TIMEOUTS | MMAP_PAGE_ZERO,
62     PER_SVR3 =          0x0002 | STICKY_TIMEOUTS | SHORT_INODE,
63     PER_SCOSVR3 =       0x0003 | STICKY_TIMEOUTS | WHOLE_SECONDS | SHORT_INODE,
64     PER_OSR5 =          0x0003 | STICKY_TIMEOUTS | WHOLE_SECONDS,
65     PER_WYSEV386 =      0x0004 | STICKY_TIMEOUTS | SHORT_INODE,
66     PER_ISCR4 =         0x0005 | STICKY_TIMEOUTS,
67     PER_BSD =           0x0006,
68     PER_SUNOS =         0x0006 | STICKY_TIMEOUTS,
69     PER_XENIX =         0x0007 | STICKY_TIMEOUTS | SHORT_INODE,
70     PER_LINUX32 =       0x0008,
71     PER_LINUX32_3GB =   0x0008 | ADDR_LIMIT_3GB,
72     PER_IRIX32 =        0x0009 | STICKY_TIMEOUTS,/* IRIX5 32-bit */
73     PER_IRIXN32 =       0x000a | STICKY_TIMEOUTS,/* IRIX6 new 32-bit */
74     PER_IRIX64 =        0x000b | STICKY_TIMEOUTS,/* IRIX6 64-bit */
75     PER_RISCOS =        0x000c,
76     PER_SOLARIS =       0x000d | STICKY_TIMEOUTS,
77     PER_UW7 =           0x000e | STICKY_TIMEOUTS | MMAP_PAGE_ZERO,
78     PER_OSF4 =          0x000f,                  /* OSF/1 v4 */
79     PER_HPUX =          0x0010,
80     PER_MASK =          0x00ff,
81 };
82 
83 /*
84  * Return the base personality without flags.
85  */
86 #define personality(pers)       (pers & PER_MASK)
87 
88 /* this flag is uneffective under linux too, should be deleted */
89 #ifndef MAP_DENYWRITE
90 #define MAP_DENYWRITE 0
91 #endif
92 
93 /* should probably go in elf.h */
94 #ifndef ELIBBAD
95 #define ELIBBAD 80
96 #endif
97 
98 #ifdef TARGET_WORDS_BIGENDIAN
99 #define ELF_DATA        ELFDATA2MSB
100 #else
101 #define ELF_DATA        ELFDATA2LSB
102 #endif
103 
104 typedef target_ulong    target_elf_greg_t;
105 #ifdef USE_UID16
106 typedef uint16_t        target_uid_t;
107 typedef uint16_t        target_gid_t;
108 #else
109 typedef uint32_t        target_uid_t;
110 typedef uint32_t        target_gid_t;
111 #endif
112 typedef int32_t         target_pid_t;
113 
114 #ifdef TARGET_I386
115 
116 #define ELF_PLATFORM get_elf_platform()
117 
get_elf_platform(void)118 static const char *get_elf_platform(void)
119 {
120     static char elf_platform[] = "i386";
121     int family = (thread_env->cpuid_version >> 8) & 0xff;
122     if (family > 6)
123         family = 6;
124     if (family >= 3)
125         elf_platform[1] = '0' + family;
126     return elf_platform;
127 }
128 
129 #define ELF_HWCAP get_elf_hwcap()
130 
get_elf_hwcap(void)131 static uint32_t get_elf_hwcap(void)
132 {
133     return thread_env->cpuid_features;
134 }
135 
136 #ifdef TARGET_X86_64
137 #define ELF_START_MMAP 0x2aaaaab000ULL
138 #define elf_check_arch(x) ( ((x) == ELF_ARCH) )
139 
140 #define ELF_CLASS      ELFCLASS64
141 #define ELF_ARCH       EM_X86_64
142 
init_thread(struct target_pt_regs * regs,struct image_info * infop)143 static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop)
144 {
145     regs->rax = 0;
146     regs->rsp = infop->start_stack;
147     regs->rip = infop->entry;
148 }
149 
150 #define ELF_NREG    27
151 typedef target_elf_greg_t  target_elf_gregset_t[ELF_NREG];
152 
153 /*
154  * Note that ELF_NREG should be 29 as there should be place for
155  * TRAPNO and ERR "registers" as well but linux doesn't dump
156  * those.
157  *
158  * See linux kernel: arch/x86/include/asm/elf.h
159  */
elf_core_copy_regs(target_elf_gregset_t * regs,const CPUState * env)160 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env)
161 {
162     (*regs)[0] = env->regs[15];
163     (*regs)[1] = env->regs[14];
164     (*regs)[2] = env->regs[13];
165     (*regs)[3] = env->regs[12];
166     (*regs)[4] = env->regs[R_EBP];
167     (*regs)[5] = env->regs[R_EBX];
168     (*regs)[6] = env->regs[11];
169     (*regs)[7] = env->regs[10];
170     (*regs)[8] = env->regs[9];
171     (*regs)[9] = env->regs[8];
172     (*regs)[10] = env->regs[R_EAX];
173     (*regs)[11] = env->regs[R_ECX];
174     (*regs)[12] = env->regs[R_EDX];
175     (*regs)[13] = env->regs[R_ESI];
176     (*regs)[14] = env->regs[R_EDI];
177     (*regs)[15] = env->regs[R_EAX]; /* XXX */
178     (*regs)[16] = env->eip;
179     (*regs)[17] = env->segs[R_CS].selector & 0xffff;
180     (*regs)[18] = env->eflags;
181     (*regs)[19] = env->regs[R_ESP];
182     (*regs)[20] = env->segs[R_SS].selector & 0xffff;
183     (*regs)[21] = env->segs[R_FS].selector & 0xffff;
184     (*regs)[22] = env->segs[R_GS].selector & 0xffff;
185     (*regs)[23] = env->segs[R_DS].selector & 0xffff;
186     (*regs)[24] = env->segs[R_ES].selector & 0xffff;
187     (*regs)[25] = env->segs[R_FS].selector & 0xffff;
188     (*regs)[26] = env->segs[R_GS].selector & 0xffff;
189 }
190 
191 #else
192 
193 #define ELF_START_MMAP 0x80000000
194 
195 /*
196  * This is used to ensure we don't load something for the wrong architecture.
197  */
198 #define elf_check_arch(x) ( ((x) == EM_386) || ((x) == EM_486) )
199 
200 /*
201  * These are used to set parameters in the core dumps.
202  */
203 #define ELF_CLASS       ELFCLASS32
204 #define ELF_ARCH        EM_386
205 
init_thread(struct target_pt_regs * regs,struct image_info * infop)206 static inline void init_thread(struct target_pt_regs *regs,
207                                struct image_info *infop)
208 {
209     regs->esp = infop->start_stack;
210     regs->eip = infop->entry;
211 
212     /* SVR4/i386 ABI (pages 3-31, 3-32) says that when the program
213        starts %edx contains a pointer to a function which might be
214        registered using `atexit'.  This provides a mean for the
215        dynamic linker to call DT_FINI functions for shared libraries
216        that have been loaded before the code runs.
217 
218        A value of 0 tells we have no such handler.  */
219     regs->edx = 0;
220 }
221 
222 #define ELF_NREG    17
223 typedef target_elf_greg_t  target_elf_gregset_t[ELF_NREG];
224 
225 /*
226  * Note that ELF_NREG should be 19 as there should be place for
227  * TRAPNO and ERR "registers" as well but linux doesn't dump
228  * those.
229  *
230  * See linux kernel: arch/x86/include/asm/elf.h
231  */
elf_core_copy_regs(target_elf_gregset_t * regs,const CPUState * env)232 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env)
233 {
234     (*regs)[0] = env->regs[R_EBX];
235     (*regs)[1] = env->regs[R_ECX];
236     (*regs)[2] = env->regs[R_EDX];
237     (*regs)[3] = env->regs[R_ESI];
238     (*regs)[4] = env->regs[R_EDI];
239     (*regs)[5] = env->regs[R_EBP];
240     (*regs)[6] = env->regs[R_EAX];
241     (*regs)[7] = env->segs[R_DS].selector & 0xffff;
242     (*regs)[8] = env->segs[R_ES].selector & 0xffff;
243     (*regs)[9] = env->segs[R_FS].selector & 0xffff;
244     (*regs)[10] = env->segs[R_GS].selector & 0xffff;
245     (*regs)[11] = env->regs[R_EAX]; /* XXX */
246     (*regs)[12] = env->eip;
247     (*regs)[13] = env->segs[R_CS].selector & 0xffff;
248     (*regs)[14] = env->eflags;
249     (*regs)[15] = env->regs[R_ESP];
250     (*regs)[16] = env->segs[R_SS].selector & 0xffff;
251 }
252 #endif
253 
254 #define USE_ELF_CORE_DUMP
255 #define ELF_EXEC_PAGESIZE       4096
256 
257 #endif
258 
259 #ifdef TARGET_ARM
260 
261 #define ELF_START_MMAP 0x80000000
262 
263 #define elf_check_arch(x) ( (x) == EM_ARM )
264 
265 #define ELF_CLASS       ELFCLASS32
266 #define ELF_ARCH        EM_ARM
267 
init_thread(struct target_pt_regs * regs,struct image_info * infop)268 static inline void init_thread(struct target_pt_regs *regs,
269                                struct image_info *infop)
270 {
271     abi_long stack = infop->start_stack;
272     memset(regs, 0, sizeof(*regs));
273     regs->ARM_cpsr = 0x10;
274     if (infop->entry & 1)
275         regs->ARM_cpsr |= CPSR_T;
276     regs->ARM_pc = infop->entry & 0xfffffffe;
277     regs->ARM_sp = infop->start_stack;
278     /* FIXME - what to for failure of get_user()? */
279     get_user_ual(regs->ARM_r2, stack + 8); /* envp */
280     get_user_ual(regs->ARM_r1, stack + 4); /* envp */
281     /* XXX: it seems that r0 is zeroed after ! */
282     regs->ARM_r0 = 0;
283     /* For uClinux PIC binaries.  */
284     /* XXX: Linux does this only on ARM with no MMU (do we care ?) */
285     regs->ARM_r10 = infop->start_data;
286 }
287 
288 #define ELF_NREG    18
289 typedef target_elf_greg_t  target_elf_gregset_t[ELF_NREG];
290 
elf_core_copy_regs(target_elf_gregset_t * regs,const CPUState * env)291 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env)
292 {
293     (*regs)[0] = tswapl(env->regs[0]);
294     (*regs)[1] = tswapl(env->regs[1]);
295     (*regs)[2] = tswapl(env->regs[2]);
296     (*regs)[3] = tswapl(env->regs[3]);
297     (*regs)[4] = tswapl(env->regs[4]);
298     (*regs)[5] = tswapl(env->regs[5]);
299     (*regs)[6] = tswapl(env->regs[6]);
300     (*regs)[7] = tswapl(env->regs[7]);
301     (*regs)[8] = tswapl(env->regs[8]);
302     (*regs)[9] = tswapl(env->regs[9]);
303     (*regs)[10] = tswapl(env->regs[10]);
304     (*regs)[11] = tswapl(env->regs[11]);
305     (*regs)[12] = tswapl(env->regs[12]);
306     (*regs)[13] = tswapl(env->regs[13]);
307     (*regs)[14] = tswapl(env->regs[14]);
308     (*regs)[15] = tswapl(env->regs[15]);
309 
310     (*regs)[16] = tswapl(cpsr_read((CPUState *)env));
311     (*regs)[17] = tswapl(env->regs[0]); /* XXX */
312 }
313 
314 #define USE_ELF_CORE_DUMP
315 #define ELF_EXEC_PAGESIZE       4096
316 
317 enum
318 {
319     ARM_HWCAP_ARM_SWP       = 1 << 0,
320     ARM_HWCAP_ARM_HALF      = 1 << 1,
321     ARM_HWCAP_ARM_THUMB     = 1 << 2,
322     ARM_HWCAP_ARM_26BIT     = 1 << 3,
323     ARM_HWCAP_ARM_FAST_MULT = 1 << 4,
324     ARM_HWCAP_ARM_FPA       = 1 << 5,
325     ARM_HWCAP_ARM_VFP       = 1 << 6,
326     ARM_HWCAP_ARM_EDSP      = 1 << 7,
327     ARM_HWCAP_ARM_JAVA      = 1 << 8,
328     ARM_HWCAP_ARM_IWMMXT    = 1 << 9,
329     ARM_HWCAP_ARM_THUMBEE   = 1 << 10,
330     ARM_HWCAP_ARM_NEON      = 1 << 11,
331     ARM_HWCAP_ARM_VFPv3     = 1 << 12,
332     ARM_HWCAP_ARM_VFPv3D16  = 1 << 13,
333 };
334 
335 #define ELF_HWCAP (ARM_HWCAP_ARM_SWP | ARM_HWCAP_ARM_HALF               \
336                    | ARM_HWCAP_ARM_THUMB | ARM_HWCAP_ARM_FAST_MULT      \
337                    | ARM_HWCAP_ARM_FPA | ARM_HWCAP_ARM_VFP              \
338                    | ARM_HWCAP_ARM_NEON | ARM_HWCAP_ARM_VFPv3 )
339 
340 #endif
341 
342 #ifdef TARGET_SPARC
343 #ifdef TARGET_SPARC64
344 
345 #define ELF_START_MMAP 0x80000000
346 
347 #ifndef TARGET_ABI32
348 #define elf_check_arch(x) ( (x) == EM_SPARCV9 || (x) == EM_SPARC32PLUS )
349 #else
350 #define elf_check_arch(x) ( (x) == EM_SPARC32PLUS || (x) == EM_SPARC )
351 #endif
352 
353 #define ELF_CLASS   ELFCLASS64
354 #define ELF_ARCH    EM_SPARCV9
355 
356 #define STACK_BIAS              2047
357 
init_thread(struct target_pt_regs * regs,struct image_info * infop)358 static inline void init_thread(struct target_pt_regs *regs,
359                                struct image_info *infop)
360 {
361 #ifndef TARGET_ABI32
362     regs->tstate = 0;
363 #endif
364     regs->pc = infop->entry;
365     regs->npc = regs->pc + 4;
366     regs->y = 0;
367 #ifdef TARGET_ABI32
368     regs->u_regs[14] = infop->start_stack - 16 * 4;
369 #else
370     if (personality(infop->personality) == PER_LINUX32)
371         regs->u_regs[14] = infop->start_stack - 16 * 4;
372     else
373         regs->u_regs[14] = infop->start_stack - 16 * 8 - STACK_BIAS;
374 #endif
375 }
376 
377 #else
378 #define ELF_START_MMAP 0x80000000
379 
380 #define elf_check_arch(x) ( (x) == EM_SPARC )
381 
382 #define ELF_CLASS   ELFCLASS32
383 #define ELF_ARCH    EM_SPARC
384 
init_thread(struct target_pt_regs * regs,struct image_info * infop)385 static inline void init_thread(struct target_pt_regs *regs,
386                                struct image_info *infop)
387 {
388     regs->psr = 0;
389     regs->pc = infop->entry;
390     regs->npc = regs->pc + 4;
391     regs->y = 0;
392     regs->u_regs[14] = infop->start_stack - 16 * 4;
393 }
394 
395 #endif
396 #endif
397 
398 #ifdef TARGET_PPC
399 
400 #define ELF_START_MMAP 0x80000000
401 
402 #if defined(TARGET_PPC64) && !defined(TARGET_ABI32)
403 
404 #define elf_check_arch(x) ( (x) == EM_PPC64 )
405 
406 #define ELF_CLASS       ELFCLASS64
407 
408 #else
409 
410 #define elf_check_arch(x) ( (x) == EM_PPC )
411 
412 #define ELF_CLASS       ELFCLASS32
413 
414 #endif
415 
416 #define ELF_ARCH        EM_PPC
417 
418 /* Feature masks for the Aux Vector Hardware Capabilities (AT_HWCAP).
419    See arch/powerpc/include/asm/cputable.h.  */
420 enum {
421     QEMU_PPC_FEATURE_32 = 0x80000000,
422     QEMU_PPC_FEATURE_64 = 0x40000000,
423     QEMU_PPC_FEATURE_601_INSTR = 0x20000000,
424     QEMU_PPC_FEATURE_HAS_ALTIVEC = 0x10000000,
425     QEMU_PPC_FEATURE_HAS_FPU = 0x08000000,
426     QEMU_PPC_FEATURE_HAS_MMU = 0x04000000,
427     QEMU_PPC_FEATURE_HAS_4xxMAC = 0x02000000,
428     QEMU_PPC_FEATURE_UNIFIED_CACHE = 0x01000000,
429     QEMU_PPC_FEATURE_HAS_SPE = 0x00800000,
430     QEMU_PPC_FEATURE_HAS_EFP_SINGLE = 0x00400000,
431     QEMU_PPC_FEATURE_HAS_EFP_DOUBLE = 0x00200000,
432     QEMU_PPC_FEATURE_NO_TB = 0x00100000,
433     QEMU_PPC_FEATURE_POWER4 = 0x00080000,
434     QEMU_PPC_FEATURE_POWER5 = 0x00040000,
435     QEMU_PPC_FEATURE_POWER5_PLUS = 0x00020000,
436     QEMU_PPC_FEATURE_CELL = 0x00010000,
437     QEMU_PPC_FEATURE_BOOKE = 0x00008000,
438     QEMU_PPC_FEATURE_SMT = 0x00004000,
439     QEMU_PPC_FEATURE_ICACHE_SNOOP = 0x00002000,
440     QEMU_PPC_FEATURE_ARCH_2_05 = 0x00001000,
441     QEMU_PPC_FEATURE_PA6T = 0x00000800,
442     QEMU_PPC_FEATURE_HAS_DFP = 0x00000400,
443     QEMU_PPC_FEATURE_POWER6_EXT = 0x00000200,
444     QEMU_PPC_FEATURE_ARCH_2_06 = 0x00000100,
445     QEMU_PPC_FEATURE_HAS_VSX = 0x00000080,
446     QEMU_PPC_FEATURE_PSERIES_PERFMON_COMPAT = 0x00000040,
447 
448     QEMU_PPC_FEATURE_TRUE_LE = 0x00000002,
449     QEMU_PPC_FEATURE_PPC_LE = 0x00000001,
450 };
451 
452 #define ELF_HWCAP get_elf_hwcap()
453 
get_elf_hwcap(void)454 static uint32_t get_elf_hwcap(void)
455 {
456     CPUState *e = thread_env;
457     uint32_t features = 0;
458 
459     /* We don't have to be terribly complete here; the high points are
460        Altivec/FP/SPE support.  Anything else is just a bonus.  */
461 #define GET_FEATURE(flag, feature)                                      \
462     do {if (e->insns_flags & flag) features |= feature; } while(0)
463     GET_FEATURE(PPC_64B, QEMU_PPC_FEATURE_64);
464     GET_FEATURE(PPC_FLOAT, QEMU_PPC_FEATURE_HAS_FPU);
465     GET_FEATURE(PPC_ALTIVEC, QEMU_PPC_FEATURE_HAS_ALTIVEC);
466     GET_FEATURE(PPC_SPE, QEMU_PPC_FEATURE_HAS_SPE);
467     GET_FEATURE(PPC_SPE_SINGLE, QEMU_PPC_FEATURE_HAS_EFP_SINGLE);
468     GET_FEATURE(PPC_SPE_DOUBLE, QEMU_PPC_FEATURE_HAS_EFP_DOUBLE);
469     GET_FEATURE(PPC_BOOKE, QEMU_PPC_FEATURE_BOOKE);
470     GET_FEATURE(PPC_405_MAC, QEMU_PPC_FEATURE_HAS_4xxMAC);
471 #undef GET_FEATURE
472 
473     return features;
474 }
475 
476 /*
477  * The requirements here are:
478  * - keep the final alignment of sp (sp & 0xf)
479  * - make sure the 32-bit value at the first 16 byte aligned position of
480  *   AUXV is greater than 16 for glibc compatibility.
481  *   AT_IGNOREPPC is used for that.
482  * - for compatibility with glibc ARCH_DLINFO must always be defined on PPC,
483  *   even if DLINFO_ARCH_ITEMS goes to zero or is undefined.
484  */
485 #define DLINFO_ARCH_ITEMS       5
486 #define ARCH_DLINFO                                     \
487     do {                                                \
488         NEW_AUX_ENT(AT_DCACHEBSIZE, 0x20);              \
489         NEW_AUX_ENT(AT_ICACHEBSIZE, 0x20);              \
490         NEW_AUX_ENT(AT_UCACHEBSIZE, 0);                 \
491         /*                                              \
492          * Now handle glibc compatibility.              \
493          */                                             \
494         NEW_AUX_ENT(AT_IGNOREPPC, AT_IGNOREPPC);        \
495         NEW_AUX_ENT(AT_IGNOREPPC, AT_IGNOREPPC);        \
496     } while (0)
497 
init_thread(struct target_pt_regs * _regs,struct image_info * infop)498 static inline void init_thread(struct target_pt_regs *_regs, struct image_info *infop)
499 {
500     _regs->gpr[1] = infop->start_stack;
501 #if defined(TARGET_PPC64) && !defined(TARGET_ABI32)
502     _regs->gpr[2] = ldq_raw(infop->entry + 8) + infop->load_addr;
503     infop->entry = ldq_raw(infop->entry) + infop->load_addr;
504 #endif
505     _regs->nip = infop->entry;
506 }
507 
508 /* See linux kernel: arch/powerpc/include/asm/elf.h.  */
509 #define ELF_NREG 48
510 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
511 
elf_core_copy_regs(target_elf_gregset_t * regs,const CPUState * env)512 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env)
513 {
514     int i;
515     target_ulong ccr = 0;
516 
517     for (i = 0; i < ARRAY_SIZE(env->gpr); i++) {
518         (*regs)[i] = tswapl(env->gpr[i]);
519     }
520 
521     (*regs)[32] = tswapl(env->nip);
522     (*regs)[33] = tswapl(env->msr);
523     (*regs)[35] = tswapl(env->ctr);
524     (*regs)[36] = tswapl(env->lr);
525     (*regs)[37] = tswapl(env->xer);
526 
527     for (i = 0; i < ARRAY_SIZE(env->crf); i++) {
528         ccr |= env->crf[i] << (32 - ((i + 1) * 4));
529     }
530     (*regs)[38] = tswapl(ccr);
531 }
532 
533 #define USE_ELF_CORE_DUMP
534 #define ELF_EXEC_PAGESIZE       4096
535 
536 #endif
537 
538 #ifdef TARGET_MIPS
539 
540 #define ELF_START_MMAP 0x80000000
541 
542 #define elf_check_arch(x) ( (x) == EM_MIPS )
543 
544 #ifdef TARGET_MIPS64
545 #define ELF_CLASS   ELFCLASS64
546 #else
547 #define ELF_CLASS   ELFCLASS32
548 #endif
549 #define ELF_ARCH    EM_MIPS
550 
init_thread(struct target_pt_regs * regs,struct image_info * infop)551 static inline void init_thread(struct target_pt_regs *regs,
552                                struct image_info *infop)
553 {
554     regs->cp0_status = 2 << CP0St_KSU;
555     regs->cp0_epc = infop->entry;
556     regs->regs[29] = infop->start_stack;
557 }
558 
559 /* See linux kernel: arch/mips/include/asm/elf.h.  */
560 #define ELF_NREG 45
561 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
562 
563 /* See linux kernel: arch/mips/include/asm/reg.h.  */
564 enum {
565 #ifdef TARGET_MIPS64
566     TARGET_EF_R0 = 0,
567 #else
568     TARGET_EF_R0 = 6,
569 #endif
570     TARGET_EF_R26 = TARGET_EF_R0 + 26,
571     TARGET_EF_R27 = TARGET_EF_R0 + 27,
572     TARGET_EF_LO = TARGET_EF_R0 + 32,
573     TARGET_EF_HI = TARGET_EF_R0 + 33,
574     TARGET_EF_CP0_EPC = TARGET_EF_R0 + 34,
575     TARGET_EF_CP0_BADVADDR = TARGET_EF_R0 + 35,
576     TARGET_EF_CP0_STATUS = TARGET_EF_R0 + 36,
577     TARGET_EF_CP0_CAUSE = TARGET_EF_R0 + 37
578 };
579 
580 /* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs.  */
elf_core_copy_regs(target_elf_gregset_t * regs,const CPUState * env)581 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env)
582 {
583     int i;
584 
585     for (i = 0; i < TARGET_EF_R0; i++) {
586         (*regs)[i] = 0;
587     }
588     (*regs)[TARGET_EF_R0] = 0;
589 
590     for (i = 1; i < ARRAY_SIZE(env->active_tc.gpr); i++) {
591         (*regs)[TARGET_EF_R0 + i] = tswapl(env->active_tc.gpr[i]);
592     }
593 
594     (*regs)[TARGET_EF_R26] = 0;
595     (*regs)[TARGET_EF_R27] = 0;
596     (*regs)[TARGET_EF_LO] = tswapl(env->active_tc.LO[0]);
597     (*regs)[TARGET_EF_HI] = tswapl(env->active_tc.HI[0]);
598     (*regs)[TARGET_EF_CP0_EPC] = tswapl(env->active_tc.PC);
599     (*regs)[TARGET_EF_CP0_BADVADDR] = tswapl(env->CP0_BadVAddr);
600     (*regs)[TARGET_EF_CP0_STATUS] = tswapl(env->CP0_Status);
601     (*regs)[TARGET_EF_CP0_CAUSE] = tswapl(env->CP0_Cause);
602 }
603 
604 #define USE_ELF_CORE_DUMP
605 #define ELF_EXEC_PAGESIZE        4096
606 
607 #endif /* TARGET_MIPS */
608 
609 #ifdef TARGET_MICROBLAZE
610 
611 #define ELF_START_MMAP 0x80000000
612 
613 #define elf_check_arch(x) ( (x) == EM_MICROBLAZE || (x) == EM_MICROBLAZE_OLD)
614 
615 #define ELF_CLASS   ELFCLASS32
616 #define ELF_ARCH    EM_MICROBLAZE
617 
init_thread(struct target_pt_regs * regs,struct image_info * infop)618 static inline void init_thread(struct target_pt_regs *regs,
619                                struct image_info *infop)
620 {
621     regs->pc = infop->entry;
622     regs->r1 = infop->start_stack;
623 
624 }
625 
626 #define ELF_EXEC_PAGESIZE        4096
627 
628 #define USE_ELF_CORE_DUMP
629 #define ELF_NREG 38
630 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
631 
632 /* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs.  */
elf_core_copy_regs(target_elf_gregset_t * regs,const CPUState * env)633 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env)
634 {
635     int i, pos = 0;
636 
637     for (i = 0; i < 32; i++) {
638         (*regs)[pos++] = tswapl(env->regs[i]);
639     }
640 
641     for (i = 0; i < 6; i++) {
642         (*regs)[pos++] = tswapl(env->sregs[i]);
643     }
644 }
645 
646 #endif /* TARGET_MICROBLAZE */
647 
648 #ifdef TARGET_SH4
649 
650 #define ELF_START_MMAP 0x80000000
651 
652 #define elf_check_arch(x) ( (x) == EM_SH )
653 
654 #define ELF_CLASS ELFCLASS32
655 #define ELF_ARCH  EM_SH
656 
init_thread(struct target_pt_regs * regs,struct image_info * infop)657 static inline void init_thread(struct target_pt_regs *regs,
658                                struct image_info *infop)
659 {
660     /* Check other registers XXXXX */
661     regs->pc = infop->entry;
662     regs->regs[15] = infop->start_stack;
663 }
664 
665 /* See linux kernel: arch/sh/include/asm/elf.h.  */
666 #define ELF_NREG 23
667 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
668 
669 /* See linux kernel: arch/sh/include/asm/ptrace.h.  */
670 enum {
671     TARGET_REG_PC = 16,
672     TARGET_REG_PR = 17,
673     TARGET_REG_SR = 18,
674     TARGET_REG_GBR = 19,
675     TARGET_REG_MACH = 20,
676     TARGET_REG_MACL = 21,
677     TARGET_REG_SYSCALL = 22
678 };
679 
elf_core_copy_regs(target_elf_gregset_t * regs,const CPUState * env)680 static inline void elf_core_copy_regs(target_elf_gregset_t *regs,
681                                       const CPUState *env)
682 {
683     int i;
684 
685     for (i = 0; i < 16; i++) {
686         (*regs[i]) = tswapl(env->gregs[i]);
687     }
688 
689     (*regs)[TARGET_REG_PC] = tswapl(env->pc);
690     (*regs)[TARGET_REG_PR] = tswapl(env->pr);
691     (*regs)[TARGET_REG_SR] = tswapl(env->sr);
692     (*regs)[TARGET_REG_GBR] = tswapl(env->gbr);
693     (*regs)[TARGET_REG_MACH] = tswapl(env->mach);
694     (*regs)[TARGET_REG_MACL] = tswapl(env->macl);
695     (*regs)[TARGET_REG_SYSCALL] = 0; /* FIXME */
696 }
697 
698 #define USE_ELF_CORE_DUMP
699 #define ELF_EXEC_PAGESIZE        4096
700 
701 #endif
702 
703 #ifdef TARGET_CRIS
704 
705 #define ELF_START_MMAP 0x80000000
706 
707 #define elf_check_arch(x) ( (x) == EM_CRIS )
708 
709 #define ELF_CLASS ELFCLASS32
710 #define ELF_ARCH  EM_CRIS
711 
init_thread(struct target_pt_regs * regs,struct image_info * infop)712 static inline void init_thread(struct target_pt_regs *regs,
713                                struct image_info *infop)
714 {
715     regs->erp = infop->entry;
716 }
717 
718 #define ELF_EXEC_PAGESIZE        8192
719 
720 #endif
721 
722 #ifdef TARGET_M68K
723 
724 #define ELF_START_MMAP 0x80000000
725 
726 #define elf_check_arch(x) ( (x) == EM_68K )
727 
728 #define ELF_CLASS       ELFCLASS32
729 #define ELF_ARCH        EM_68K
730 
731 /* ??? Does this need to do anything?
732    #define ELF_PLAT_INIT(_r) */
733 
init_thread(struct target_pt_regs * regs,struct image_info * infop)734 static inline void init_thread(struct target_pt_regs *regs,
735                                struct image_info *infop)
736 {
737     regs->usp = infop->start_stack;
738     regs->sr = 0;
739     regs->pc = infop->entry;
740 }
741 
742 /* See linux kernel: arch/m68k/include/asm/elf.h.  */
743 #define ELF_NREG 20
744 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
745 
elf_core_copy_regs(target_elf_gregset_t * regs,const CPUState * env)746 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env)
747 {
748     (*regs)[0] = tswapl(env->dregs[1]);
749     (*regs)[1] = tswapl(env->dregs[2]);
750     (*regs)[2] = tswapl(env->dregs[3]);
751     (*regs)[3] = tswapl(env->dregs[4]);
752     (*regs)[4] = tswapl(env->dregs[5]);
753     (*regs)[5] = tswapl(env->dregs[6]);
754     (*regs)[6] = tswapl(env->dregs[7]);
755     (*regs)[7] = tswapl(env->aregs[0]);
756     (*regs)[8] = tswapl(env->aregs[1]);
757     (*regs)[9] = tswapl(env->aregs[2]);
758     (*regs)[10] = tswapl(env->aregs[3]);
759     (*regs)[11] = tswapl(env->aregs[4]);
760     (*regs)[12] = tswapl(env->aregs[5]);
761     (*regs)[13] = tswapl(env->aregs[6]);
762     (*regs)[14] = tswapl(env->dregs[0]);
763     (*regs)[15] = tswapl(env->aregs[7]);
764     (*regs)[16] = tswapl(env->dregs[0]); /* FIXME: orig_d0 */
765     (*regs)[17] = tswapl(env->sr);
766     (*regs)[18] = tswapl(env->pc);
767     (*regs)[19] = 0;  /* FIXME: regs->format | regs->vector */
768 }
769 
770 #define USE_ELF_CORE_DUMP
771 #define ELF_EXEC_PAGESIZE       8192
772 
773 #endif
774 
775 #ifdef TARGET_ALPHA
776 
777 #define ELF_START_MMAP (0x30000000000ULL)
778 
779 #define elf_check_arch(x) ( (x) == ELF_ARCH )
780 
781 #define ELF_CLASS      ELFCLASS64
782 #define ELF_ARCH       EM_ALPHA
783 
init_thread(struct target_pt_regs * regs,struct image_info * infop)784 static inline void init_thread(struct target_pt_regs *regs,
785                                struct image_info *infop)
786 {
787     regs->pc = infop->entry;
788     regs->ps = 8;
789     regs->usp = infop->start_stack;
790 }
791 
792 #define ELF_EXEC_PAGESIZE        8192
793 
794 #endif /* TARGET_ALPHA */
795 
796 #ifndef ELF_PLATFORM
797 #define ELF_PLATFORM (NULL)
798 #endif
799 
800 #ifndef ELF_HWCAP
801 #define ELF_HWCAP 0
802 #endif
803 
804 #ifdef TARGET_ABI32
805 #undef ELF_CLASS
806 #define ELF_CLASS ELFCLASS32
807 #undef bswaptls
808 #define bswaptls(ptr) bswap32s(ptr)
809 #endif
810 
811 #include "elf.h"
812 
813 struct exec
814 {
815     unsigned int a_info;   /* Use macros N_MAGIC, etc for access */
816     unsigned int a_text;   /* length of text, in bytes */
817     unsigned int a_data;   /* length of data, in bytes */
818     unsigned int a_bss;    /* length of uninitialized data area, in bytes */
819     unsigned int a_syms;   /* length of symbol table data in file, in bytes */
820     unsigned int a_entry;  /* start address */
821     unsigned int a_trsize; /* length of relocation info for text, in bytes */
822     unsigned int a_drsize; /* length of relocation info for data, in bytes */
823 };
824 
825 
826 #define N_MAGIC(exec) ((exec).a_info & 0xffff)
827 #define OMAGIC 0407
828 #define NMAGIC 0410
829 #define ZMAGIC 0413
830 #define QMAGIC 0314
831 
832 /* Necessary parameters */
833 #define TARGET_ELF_EXEC_PAGESIZE TARGET_PAGE_SIZE
834 #define TARGET_ELF_PAGESTART(_v) ((_v) & ~(unsigned long)(TARGET_ELF_EXEC_PAGESIZE-1))
835 #define TARGET_ELF_PAGEOFFSET(_v) ((_v) & (TARGET_ELF_EXEC_PAGESIZE-1))
836 
837 #define DLINFO_ITEMS 12
838 
memcpy_fromfs(void * to,const void * from,unsigned long n)839 static inline void memcpy_fromfs(void * to, const void * from, unsigned long n)
840 {
841     memcpy(to, from, n);
842 }
843 
844 #ifdef BSWAP_NEEDED
bswap_ehdr(struct elfhdr * ehdr)845 static void bswap_ehdr(struct elfhdr *ehdr)
846 {
847     bswap16s(&ehdr->e_type);            /* Object file type */
848     bswap16s(&ehdr->e_machine);         /* Architecture */
849     bswap32s(&ehdr->e_version);         /* Object file version */
850     bswaptls(&ehdr->e_entry);           /* Entry point virtual address */
851     bswaptls(&ehdr->e_phoff);           /* Program header table file offset */
852     bswaptls(&ehdr->e_shoff);           /* Section header table file offset */
853     bswap32s(&ehdr->e_flags);           /* Processor-specific flags */
854     bswap16s(&ehdr->e_ehsize);          /* ELF header size in bytes */
855     bswap16s(&ehdr->e_phentsize);       /* Program header table entry size */
856     bswap16s(&ehdr->e_phnum);           /* Program header table entry count */
857     bswap16s(&ehdr->e_shentsize);       /* Section header table entry size */
858     bswap16s(&ehdr->e_shnum);           /* Section header table entry count */
859     bswap16s(&ehdr->e_shstrndx);        /* Section header string table index */
860 }
861 
bswap_phdr(struct elf_phdr * phdr,int phnum)862 static void bswap_phdr(struct elf_phdr *phdr, int phnum)
863 {
864     int i;
865     for (i = 0; i < phnum; ++i, ++phdr) {
866         bswap32s(&phdr->p_type);        /* Segment type */
867         bswap32s(&phdr->p_flags);       /* Segment flags */
868         bswaptls(&phdr->p_offset);      /* Segment file offset */
869         bswaptls(&phdr->p_vaddr);       /* Segment virtual address */
870         bswaptls(&phdr->p_paddr);       /* Segment physical address */
871         bswaptls(&phdr->p_filesz);      /* Segment size in file */
872         bswaptls(&phdr->p_memsz);       /* Segment size in memory */
873         bswaptls(&phdr->p_align);       /* Segment alignment */
874     }
875 }
876 
bswap_shdr(struct elf_shdr * shdr,int shnum)877 static void bswap_shdr(struct elf_shdr *shdr, int shnum)
878 {
879     int i;
880     for (i = 0; i < shnum; ++i, ++shdr) {
881         bswap32s(&shdr->sh_name);
882         bswap32s(&shdr->sh_type);
883         bswaptls(&shdr->sh_flags);
884         bswaptls(&shdr->sh_addr);
885         bswaptls(&shdr->sh_offset);
886         bswaptls(&shdr->sh_size);
887         bswap32s(&shdr->sh_link);
888         bswap32s(&shdr->sh_info);
889         bswaptls(&shdr->sh_addralign);
890         bswaptls(&shdr->sh_entsize);
891     }
892 }
893 
bswap_sym(struct elf_sym * sym)894 static void bswap_sym(struct elf_sym *sym)
895 {
896     bswap32s(&sym->st_name);
897     bswaptls(&sym->st_value);
898     bswaptls(&sym->st_size);
899     bswap16s(&sym->st_shndx);
900 }
901 #else
bswap_ehdr(struct elfhdr * ehdr)902 static inline void bswap_ehdr(struct elfhdr *ehdr) { }
bswap_phdr(struct elf_phdr * phdr,int phnum)903 static inline void bswap_phdr(struct elf_phdr *phdr, int phnum) { }
bswap_shdr(struct elf_shdr * shdr,int shnum)904 static inline void bswap_shdr(struct elf_shdr *shdr, int shnum) { }
bswap_sym(struct elf_sym * sym)905 static inline void bswap_sym(struct elf_sym *sym) { }
906 #endif
907 
908 #ifdef USE_ELF_CORE_DUMP
909 static int elf_core_dump(int, const CPUState *);
910 #endif /* USE_ELF_CORE_DUMP */
911 static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias);
912 
913 /* Verify the portions of EHDR within E_IDENT for the target.
914    This can be performed before bswapping the entire header.  */
elf_check_ident(struct elfhdr * ehdr)915 static bool elf_check_ident(struct elfhdr *ehdr)
916 {
917     return (ehdr->e_ident[EI_MAG0] == ELFMAG0
918             && ehdr->e_ident[EI_MAG1] == ELFMAG1
919             && ehdr->e_ident[EI_MAG2] == ELFMAG2
920             && ehdr->e_ident[EI_MAG3] == ELFMAG3
921             && ehdr->e_ident[EI_CLASS] == ELF_CLASS
922             && ehdr->e_ident[EI_DATA] == ELF_DATA
923             && ehdr->e_ident[EI_VERSION] == EV_CURRENT);
924 }
925 
926 /* Verify the portions of EHDR outside of E_IDENT for the target.
927    This has to wait until after bswapping the header.  */
elf_check_ehdr(struct elfhdr * ehdr)928 static bool elf_check_ehdr(struct elfhdr *ehdr)
929 {
930     return (elf_check_arch(ehdr->e_machine)
931             && ehdr->e_ehsize == sizeof(struct elfhdr)
932             && ehdr->e_phentsize == sizeof(struct elf_phdr)
933             && ehdr->e_shentsize == sizeof(struct elf_shdr)
934             && (ehdr->e_type == ET_EXEC || ehdr->e_type == ET_DYN));
935 }
936 
937 /*
938  * 'copy_elf_strings()' copies argument/envelope strings from user
939  * memory to free pages in kernel mem. These are in a format ready
940  * to be put directly into the top of new user memory.
941  *
942  */
copy_elf_strings(int argc,char ** argv,void ** page,abi_ulong p)943 static abi_ulong copy_elf_strings(int argc,char ** argv, void **page,
944                                   abi_ulong p)
945 {
946     char *tmp, *tmp1, *pag = NULL;
947     int len, offset = 0;
948 
949     if (!p) {
950         return 0;       /* bullet-proofing */
951     }
952     while (argc-- > 0) {
953         tmp = argv[argc];
954         if (!tmp) {
955             fprintf(stderr, "VFS: argc is wrong");
956             exit(-1);
957         }
958         tmp1 = tmp;
959         while (*tmp++);
960         len = tmp - tmp1;
961         if (p < len) {  /* this shouldn't happen - 128kB */
962             return 0;
963         }
964         while (len) {
965             --p; --tmp; --len;
966             if (--offset < 0) {
967                 offset = p % TARGET_PAGE_SIZE;
968                 pag = (char *)page[p/TARGET_PAGE_SIZE];
969                 if (!pag) {
970                     pag = (char *)malloc(TARGET_PAGE_SIZE);
971                     memset(pag, 0, TARGET_PAGE_SIZE);
972                     page[p/TARGET_PAGE_SIZE] = pag;
973                     if (!pag)
974                         return 0;
975                 }
976             }
977             if (len == 0 || offset == 0) {
978                 *(pag + offset) = *tmp;
979             }
980             else {
981                 int bytes_to_copy = (len > offset) ? offset : len;
982                 tmp -= bytes_to_copy;
983                 p -= bytes_to_copy;
984                 offset -= bytes_to_copy;
985                 len -= bytes_to_copy;
986                 memcpy_fromfs(pag + offset, tmp, bytes_to_copy + 1);
987             }
988         }
989     }
990     return p;
991 }
992 
setup_arg_pages(abi_ulong p,struct linux_binprm * bprm,struct image_info * info)993 static abi_ulong setup_arg_pages(abi_ulong p, struct linux_binprm *bprm,
994                                  struct image_info *info)
995 {
996     abi_ulong stack_base, size, error, guard;
997     int i;
998 
999     /* Create enough stack to hold everything.  If we don't use
1000        it for args, we'll use it for something else.  */
1001     size = guest_stack_size;
1002     if (size < MAX_ARG_PAGES*TARGET_PAGE_SIZE) {
1003         size = MAX_ARG_PAGES*TARGET_PAGE_SIZE;
1004     }
1005     guard = TARGET_PAGE_SIZE;
1006     if (guard < qemu_real_host_page_size) {
1007         guard = qemu_real_host_page_size;
1008     }
1009 
1010     error = target_mmap(0, size + guard, PROT_READ | PROT_WRITE,
1011                         MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
1012     if (error == -1) {
1013         perror("mmap stack");
1014         exit(-1);
1015     }
1016 
1017     /* We reserve one extra page at the top of the stack as guard.  */
1018     target_mprotect(error, guard, PROT_NONE);
1019 
1020     info->stack_limit = error + guard;
1021     stack_base = info->stack_limit + size - MAX_ARG_PAGES*TARGET_PAGE_SIZE;
1022     p += stack_base;
1023 
1024     for (i = 0 ; i < MAX_ARG_PAGES ; i++) {
1025         if (bprm->page[i]) {
1026             info->rss++;
1027             /* FIXME - check return value of memcpy_to_target() for failure */
1028             memcpy_to_target(stack_base, bprm->page[i], TARGET_PAGE_SIZE);
1029             free(bprm->page[i]);
1030         }
1031         stack_base += TARGET_PAGE_SIZE;
1032     }
1033     return p;
1034 }
1035 
1036 /* Map and zero the bss.  We need to explicitly zero any fractional pages
1037    after the data section (i.e. bss).  */
zero_bss(abi_ulong elf_bss,abi_ulong last_bss,int prot)1038 static void zero_bss(abi_ulong elf_bss, abi_ulong last_bss, int prot)
1039 {
1040     uintptr_t host_start, host_map_start, host_end;
1041 
1042     last_bss = TARGET_PAGE_ALIGN(last_bss);
1043 
1044     /* ??? There is confusion between qemu_real_host_page_size and
1045        qemu_host_page_size here and elsewhere in target_mmap, which
1046        may lead to the end of the data section mapping from the file
1047        not being mapped.  At least there was an explicit test and
1048        comment for that here, suggesting that "the file size must
1049        be known".  The comment probably pre-dates the introduction
1050        of the fstat system call in target_mmap which does in fact
1051        find out the size.  What isn't clear is if the workaround
1052        here is still actually needed.  For now, continue with it,
1053        but merge it with the "normal" mmap that would allocate the bss.  */
1054 
1055     host_start = (uintptr_t) g2h(elf_bss);
1056     host_end = (uintptr_t) g2h(last_bss);
1057     host_map_start = (host_start + qemu_real_host_page_size - 1);
1058     host_map_start &= -qemu_real_host_page_size;
1059 
1060     if (host_map_start < host_end) {
1061         void *p = mmap((void *)host_map_start, host_end - host_map_start,
1062                        prot, MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
1063         if (p == MAP_FAILED) {
1064             perror("cannot mmap brk");
1065             exit(-1);
1066         }
1067 
1068         /* Since we didn't use target_mmap, make sure to record
1069            the validity of the pages with qemu.  */
1070         page_set_flags(elf_bss & TARGET_PAGE_MASK, last_bss, prot|PAGE_VALID);
1071     }
1072 
1073     if (host_start < host_map_start) {
1074         memset((void *)host_start, 0, host_map_start - host_start);
1075     }
1076 }
1077 
create_elf_tables(abi_ulong p,int argc,int envc,struct elfhdr * exec,struct image_info * info,struct image_info * interp_info)1078 static abi_ulong create_elf_tables(abi_ulong p, int argc, int envc,
1079                                    struct elfhdr *exec,
1080                                    struct image_info *info,
1081                                    struct image_info *interp_info)
1082 {
1083     abi_ulong sp;
1084     int size;
1085     abi_ulong u_platform;
1086     const char *k_platform;
1087     const int n = sizeof(elf_addr_t);
1088 
1089     sp = p;
1090     u_platform = 0;
1091     k_platform = ELF_PLATFORM;
1092     if (k_platform) {
1093         size_t len = strlen(k_platform) + 1;
1094         sp -= (len + n - 1) & ~(n - 1);
1095         u_platform = sp;
1096         /* FIXME - check return value of memcpy_to_target() for failure */
1097         memcpy_to_target(sp, k_platform, len);
1098     }
1099     /*
1100      * Force 16 byte _final_ alignment here for generality.
1101      */
1102     sp = sp &~ (abi_ulong)15;
1103     size = (DLINFO_ITEMS + 1) * 2;
1104     if (k_platform)
1105         size += 2;
1106 #ifdef DLINFO_ARCH_ITEMS
1107     size += DLINFO_ARCH_ITEMS * 2;
1108 #endif
1109     size += envc + argc + 2;
1110     size += 1;  /* argc itself */
1111     size *= n;
1112     if (size & 15)
1113         sp -= 16 - (size & 15);
1114 
1115     /* This is correct because Linux defines
1116      * elf_addr_t as Elf32_Off / Elf64_Off
1117      */
1118 #define NEW_AUX_ENT(id, val) do {               \
1119         sp -= n; put_user_ual(val, sp);         \
1120         sp -= n; put_user_ual(id, sp);          \
1121     } while(0)
1122 
1123     NEW_AUX_ENT (AT_NULL, 0);
1124 
1125     /* There must be exactly DLINFO_ITEMS entries here.  */
1126     NEW_AUX_ENT(AT_PHDR, (abi_ulong)(info->load_addr + exec->e_phoff));
1127     NEW_AUX_ENT(AT_PHENT, (abi_ulong)(sizeof (struct elf_phdr)));
1128     NEW_AUX_ENT(AT_PHNUM, (abi_ulong)(exec->e_phnum));
1129     NEW_AUX_ENT(AT_PAGESZ, (abi_ulong)(TARGET_PAGE_SIZE));
1130     NEW_AUX_ENT(AT_BASE, (abi_ulong)(interp_info ? interp_info->load_addr : 0));
1131     NEW_AUX_ENT(AT_FLAGS, (abi_ulong)0);
1132     NEW_AUX_ENT(AT_ENTRY, info->entry);
1133     NEW_AUX_ENT(AT_UID, (abi_ulong) getuid());
1134     NEW_AUX_ENT(AT_EUID, (abi_ulong) geteuid());
1135     NEW_AUX_ENT(AT_GID, (abi_ulong) getgid());
1136     NEW_AUX_ENT(AT_EGID, (abi_ulong) getegid());
1137     NEW_AUX_ENT(AT_HWCAP, (abi_ulong) ELF_HWCAP);
1138     NEW_AUX_ENT(AT_CLKTCK, (abi_ulong) sysconf(_SC_CLK_TCK));
1139     if (k_platform)
1140         NEW_AUX_ENT(AT_PLATFORM, u_platform);
1141 #ifdef ARCH_DLINFO
1142     /*
1143      * ARCH_DLINFO must come last so platform specific code can enforce
1144      * special alignment requirements on the AUXV if necessary (eg. PPC).
1145      */
1146     ARCH_DLINFO;
1147 #endif
1148 #undef NEW_AUX_ENT
1149 
1150     info->saved_auxv = sp;
1151 
1152     sp = loader_build_argptr(envc, argc, sp, p, 0);
1153     return sp;
1154 }
1155 
1156 /* Load an ELF image into the address space.
1157 
1158    IMAGE_NAME is the filename of the image, to use in error messages.
1159    IMAGE_FD is the open file descriptor for the image.
1160 
1161    BPRM_BUF is a copy of the beginning of the file; this of course
1162    contains the elf file header at offset 0.  It is assumed that this
1163    buffer is sufficiently aligned to present no problems to the host
1164    in accessing data at aligned offsets within the buffer.
1165 
1166    On return: INFO values will be filled in, as necessary or available.  */
1167 
load_elf_image(const char * image_name,int image_fd,struct image_info * info,char ** pinterp_name,char bprm_buf[BPRM_BUF_SIZE])1168 static void load_elf_image(const char *image_name, int image_fd,
1169                            struct image_info *info, char **pinterp_name,
1170                            char bprm_buf[BPRM_BUF_SIZE])
1171 {
1172     struct elfhdr *ehdr = (struct elfhdr *)bprm_buf;
1173     struct elf_phdr *phdr;
1174     abi_ulong load_addr, load_bias, loaddr, hiaddr, error;
1175     int i, retval;
1176     const char *errmsg;
1177 
1178     /* First of all, some simple consistency checks */
1179     errmsg = "Invalid ELF image for this architecture";
1180     if (!elf_check_ident(ehdr)) {
1181         goto exit_errmsg;
1182     }
1183     bswap_ehdr(ehdr);
1184     if (!elf_check_ehdr(ehdr)) {
1185         goto exit_errmsg;
1186     }
1187 
1188     i = ehdr->e_phnum * sizeof(struct elf_phdr);
1189     if (ehdr->e_phoff + i <= BPRM_BUF_SIZE) {
1190         phdr = (struct elf_phdr *)(bprm_buf + ehdr->e_phoff);
1191     } else {
1192         phdr = (struct elf_phdr *) alloca(i);
1193         retval = pread(image_fd, phdr, i, ehdr->e_phoff);
1194         if (retval != i) {
1195             goto exit_read;
1196         }
1197     }
1198     bswap_phdr(phdr, ehdr->e_phnum);
1199 
1200     /* Find the maximum size of the image and allocate an appropriate
1201        amount of memory to handle that.  */
1202     loaddr = -1, hiaddr = 0;
1203     for (i = 0; i < ehdr->e_phnum; ++i) {
1204         if (phdr[i].p_type == PT_LOAD) {
1205             abi_ulong a = phdr[i].p_vaddr;
1206             if (a < loaddr) {
1207                 loaddr = a;
1208             }
1209             a += phdr[i].p_memsz;
1210             if (a > hiaddr) {
1211                 hiaddr = a;
1212             }
1213         }
1214     }
1215 
1216     load_addr = loaddr;
1217     if (ehdr->e_type == ET_DYN) {
1218         /* The image indicates that it can be loaded anywhere.  Find a
1219            location that can hold the memory space required.  If the
1220            image is pre-linked, LOADDR will be non-zero.  Since we do
1221            not supply MAP_FIXED here we'll use that address if and
1222            only if it remains available.  */
1223         load_addr = target_mmap(loaddr, hiaddr - loaddr, PROT_NONE,
1224                                 MAP_PRIVATE | MAP_ANON | MAP_NORESERVE,
1225                                 -1, 0);
1226         if (load_addr == -1) {
1227             goto exit_perror;
1228         }
1229     } else if (pinterp_name != NULL) {
1230         /* This is the main executable.  Make sure that the low
1231            address does not conflict with MMAP_MIN_ADDR or the
1232            QEMU application itself.  */
1233 #if defined(CONFIG_USE_GUEST_BASE)
1234         /*
1235          * In case where user has not explicitly set the guest_base, we
1236          * probe here that should we set it automatically.
1237          */
1238         if (!have_guest_base && !reserved_va) {
1239             unsigned long host_start, real_start, host_size;
1240 
1241             /* Round addresses to page boundaries.  */
1242             loaddr &= qemu_host_page_mask;
1243             hiaddr = HOST_PAGE_ALIGN(hiaddr);
1244 
1245             if (loaddr < mmap_min_addr) {
1246                 host_start = HOST_PAGE_ALIGN(mmap_min_addr);
1247             } else {
1248                 host_start = loaddr;
1249                 if (host_start != loaddr) {
1250                     errmsg = "Address overflow loading ELF binary";
1251                     goto exit_errmsg;
1252                 }
1253             }
1254             host_size = hiaddr - loaddr;
1255             while (1) {
1256                 /* Do not use mmap_find_vma here because that is limited to the
1257                    guest address space.  We are going to make the
1258                    guest address space fit whatever we're given.  */
1259                 real_start = (unsigned long)
1260                     mmap((void *)host_start, host_size, PROT_NONE,
1261                          MAP_ANONYMOUS | MAP_PRIVATE | MAP_NORESERVE, -1, 0);
1262                 if (real_start == (unsigned long)-1) {
1263                     goto exit_perror;
1264                 }
1265                 if (real_start == host_start) {
1266                     break;
1267                 }
1268                 /* That address didn't work.  Unmap and try a different one.
1269                    The address the host picked because is typically right at
1270                    the top of the host address space and leaves the guest with
1271                    no usable address space.  Resort to a linear search.  We
1272                    already compensated for mmap_min_addr, so this should not
1273                    happen often.  Probably means we got unlucky and host
1274                    address space randomization put a shared library somewhere
1275                    inconvenient.  */
1276                 munmap((void *)real_start, host_size);
1277                 host_start += qemu_host_page_size;
1278                 if (host_start == loaddr) {
1279                     /* Theoretically possible if host doesn't have any suitably
1280                        aligned areas.  Normally the first mmap will fail.  */
1281                     errmsg = "Unable to find space for application";
1282                     goto exit_errmsg;
1283                 }
1284             }
1285             qemu_log("Relocating guest address space from 0x"
1286                      TARGET_ABI_FMT_lx " to 0x%lx\n", loaddr, real_start);
1287             guest_base = real_start - loaddr;
1288         }
1289 #endif
1290     }
1291     load_bias = load_addr - loaddr;
1292 
1293     info->load_bias = load_bias;
1294     info->load_addr = load_addr;
1295     info->entry = ehdr->e_entry + load_bias;
1296     info->start_code = -1;
1297     info->end_code = 0;
1298     info->start_data = -1;
1299     info->end_data = 0;
1300     info->brk = 0;
1301 
1302     for (i = 0; i < ehdr->e_phnum; i++) {
1303         struct elf_phdr *eppnt = phdr + i;
1304         if (eppnt->p_type == PT_LOAD) {
1305             abi_ulong vaddr, vaddr_po, vaddr_ps, vaddr_ef, vaddr_em;
1306             int elf_prot = 0;
1307 
1308             if (eppnt->p_flags & PF_R) elf_prot =  PROT_READ;
1309             if (eppnt->p_flags & PF_W) elf_prot |= PROT_WRITE;
1310             if (eppnt->p_flags & PF_X) elf_prot |= PROT_EXEC;
1311 
1312             vaddr = load_bias + eppnt->p_vaddr;
1313             vaddr_po = TARGET_ELF_PAGEOFFSET(vaddr);
1314             vaddr_ps = TARGET_ELF_PAGESTART(vaddr);
1315 
1316             error = target_mmap(vaddr_ps, eppnt->p_filesz + vaddr_po,
1317                                 elf_prot, MAP_PRIVATE | MAP_FIXED,
1318                                 image_fd, eppnt->p_offset - vaddr_po);
1319             if (error == -1) {
1320                 goto exit_perror;
1321             }
1322 
1323             vaddr_ef = vaddr + eppnt->p_filesz;
1324             vaddr_em = vaddr + eppnt->p_memsz;
1325 
1326             /* If the load segment requests extra zeros (e.g. bss), map it.  */
1327             if (vaddr_ef < vaddr_em) {
1328                 zero_bss(vaddr_ef, vaddr_em, elf_prot);
1329             }
1330 
1331             /* Find the full program boundaries.  */
1332             if (elf_prot & PROT_EXEC) {
1333                 if (vaddr < info->start_code) {
1334                     info->start_code = vaddr;
1335                 }
1336                 if (vaddr_ef > info->end_code) {
1337                     info->end_code = vaddr_ef;
1338                 }
1339             }
1340             if (elf_prot & PROT_WRITE) {
1341                 if (vaddr < info->start_data) {
1342                     info->start_data = vaddr;
1343                 }
1344                 if (vaddr_ef > info->end_data) {
1345                     info->end_data = vaddr_ef;
1346                 }
1347                 if (vaddr_em > info->brk) {
1348                     info->brk = vaddr_em;
1349                 }
1350             }
1351         } else if (eppnt->p_type == PT_INTERP && pinterp_name) {
1352             char *interp_name;
1353 
1354             if (*pinterp_name) {
1355                 errmsg = "Multiple PT_INTERP entries";
1356                 goto exit_errmsg;
1357             }
1358             interp_name = malloc(eppnt->p_filesz);
1359             if (!interp_name) {
1360                 goto exit_perror;
1361             }
1362 
1363             if (eppnt->p_offset + eppnt->p_filesz <= BPRM_BUF_SIZE) {
1364                 memcpy(interp_name, bprm_buf + eppnt->p_offset,
1365                        eppnt->p_filesz);
1366             } else {
1367                 retval = pread(image_fd, interp_name, eppnt->p_filesz,
1368                                eppnt->p_offset);
1369                 if (retval != eppnt->p_filesz) {
1370                     goto exit_perror;
1371                 }
1372             }
1373             if (interp_name[eppnt->p_filesz - 1] != 0) {
1374                 errmsg = "Invalid PT_INTERP entry";
1375                 goto exit_errmsg;
1376             }
1377             *pinterp_name = interp_name;
1378         }
1379     }
1380 
1381     if (info->end_data == 0) {
1382         info->start_data = info->end_code;
1383         info->end_data = info->end_code;
1384         info->brk = info->end_code;
1385     }
1386 
1387     if (qemu_log_enabled()) {
1388         load_symbols(ehdr, image_fd, load_bias);
1389     }
1390 
1391     close(image_fd);
1392     return;
1393 
1394  exit_read:
1395     if (retval >= 0) {
1396         errmsg = "Incomplete read of file header";
1397         goto exit_errmsg;
1398     }
1399  exit_perror:
1400     errmsg = strerror(errno);
1401  exit_errmsg:
1402     fprintf(stderr, "%s: %s\n", image_name, errmsg);
1403     exit(-1);
1404 }
1405 
load_elf_interp(const char * filename,struct image_info * info,char bprm_buf[BPRM_BUF_SIZE])1406 static void load_elf_interp(const char *filename, struct image_info *info,
1407                             char bprm_buf[BPRM_BUF_SIZE])
1408 {
1409     int fd, retval;
1410 
1411     fd = open(path(filename), O_RDONLY);
1412     if (fd < 0) {
1413         goto exit_perror;
1414     }
1415 
1416     retval = read(fd, bprm_buf, BPRM_BUF_SIZE);
1417     if (retval < 0) {
1418         goto exit_perror;
1419     }
1420     if (retval < BPRM_BUF_SIZE) {
1421         memset(bprm_buf + retval, 0, BPRM_BUF_SIZE - retval);
1422     }
1423 
1424     load_elf_image(filename, fd, info, NULL, bprm_buf);
1425     return;
1426 
1427  exit_perror:
1428     fprintf(stderr, "%s: %s\n", filename, strerror(errno));
1429     exit(-1);
1430 }
1431 
symfind(const void * s0,const void * s1)1432 static int symfind(const void *s0, const void *s1)
1433 {
1434     struct elf_sym *key = (struct elf_sym *)s0;
1435     struct elf_sym *sym = (struct elf_sym *)s1;
1436     int result = 0;
1437     if (key->st_value < sym->st_value) {
1438         result = -1;
1439     } else if (key->st_value >= sym->st_value + sym->st_size) {
1440         result = 1;
1441     }
1442     return result;
1443 }
1444 
lookup_symbolxx(struct syminfo * s,target_ulong orig_addr)1445 static const char *lookup_symbolxx(struct syminfo *s, target_ulong orig_addr)
1446 {
1447 #if ELF_CLASS == ELFCLASS32
1448     struct elf_sym *syms = s->disas_symtab.elf32;
1449 #else
1450     struct elf_sym *syms = s->disas_symtab.elf64;
1451 #endif
1452 
1453     // binary search
1454     struct elf_sym key;
1455     struct elf_sym *sym;
1456 
1457     key.st_value = orig_addr;
1458 
1459     sym = bsearch(&key, syms, s->disas_num_syms, sizeof(*syms), symfind);
1460     if (sym != NULL) {
1461         return s->disas_strtab + sym->st_name;
1462     }
1463 
1464     return "";
1465 }
1466 
1467 /* FIXME: This should use elf_ops.h  */
symcmp(const void * s0,const void * s1)1468 static int symcmp(const void *s0, const void *s1)
1469 {
1470     struct elf_sym *sym0 = (struct elf_sym *)s0;
1471     struct elf_sym *sym1 = (struct elf_sym *)s1;
1472     return (sym0->st_value < sym1->st_value)
1473         ? -1
1474         : ((sym0->st_value > sym1->st_value) ? 1 : 0);
1475 }
1476 
1477 /* Best attempt to load symbols from this ELF object. */
load_symbols(struct elfhdr * hdr,int fd,abi_ulong load_bias)1478 static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias)
1479 {
1480     int i, shnum, nsyms, sym_idx = 0, str_idx = 0;
1481     struct elf_shdr *shdr;
1482     char *strings;
1483     struct syminfo *s;
1484     struct elf_sym *syms, *new_syms;
1485 
1486     shnum = hdr->e_shnum;
1487     i = shnum * sizeof(struct elf_shdr);
1488     shdr = (struct elf_shdr *)alloca(i);
1489     if (pread(fd, shdr, i, hdr->e_shoff) != i) {
1490         return;
1491     }
1492 
1493     bswap_shdr(shdr, shnum);
1494     for (i = 0; i < shnum; ++i) {
1495         if (shdr[i].sh_type == SHT_SYMTAB) {
1496             sym_idx = i;
1497             str_idx = shdr[i].sh_link;
1498             goto found;
1499         }
1500     }
1501 
1502     /* There will be no symbol table if the file was stripped.  */
1503     return;
1504 
1505  found:
1506     /* Now know where the strtab and symtab are.  Snarf them.  */
1507     s = malloc(sizeof(*s));
1508     if (!s) {
1509         return;
1510     }
1511 
1512     i = shdr[str_idx].sh_size;
1513     s->disas_strtab = strings = malloc(i);
1514     if (!strings || pread(fd, strings, i, shdr[str_idx].sh_offset) != i) {
1515         free(s);
1516         free(strings);
1517         return;
1518     }
1519 
1520     i = shdr[sym_idx].sh_size;
1521     syms = malloc(i);
1522     if (!syms || pread(fd, syms, i, shdr[sym_idx].sh_offset) != i) {
1523         free(s);
1524         free(strings);
1525         free(syms);
1526         return;
1527     }
1528 
1529     nsyms = i / sizeof(struct elf_sym);
1530     for (i = 0; i < nsyms; ) {
1531         bswap_sym(syms + i);
1532         /* Throw away entries which we do not need.  */
1533         if (syms[i].st_shndx == SHN_UNDEF
1534             || syms[i].st_shndx >= SHN_LORESERVE
1535             || ELF_ST_TYPE(syms[i].st_info) != STT_FUNC) {
1536             if (i < --nsyms) {
1537                 syms[i] = syms[nsyms];
1538             }
1539         } else {
1540 #if defined(TARGET_ARM) || defined (TARGET_MIPS)
1541             /* The bottom address bit marks a Thumb or MIPS16 symbol.  */
1542             syms[i].st_value &= ~(target_ulong)1;
1543 #endif
1544             syms[i].st_value += load_bias;
1545             i++;
1546         }
1547     }
1548 
1549     /* Attempt to free the storage associated with the local symbols
1550        that we threw away.  Whether or not this has any effect on the
1551        memory allocation depends on the malloc implementation and how
1552        many symbols we managed to discard.  */
1553     new_syms = realloc(syms, nsyms * sizeof(*syms));
1554     if (new_syms == NULL) {
1555         free(s);
1556         free(syms);
1557         free(strings);
1558         return;
1559     }
1560     syms = new_syms;
1561 
1562     qsort(syms, nsyms, sizeof(*syms), symcmp);
1563 
1564     s->disas_num_syms = nsyms;
1565 #if ELF_CLASS == ELFCLASS32
1566     s->disas_symtab.elf32 = syms;
1567 #else
1568     s->disas_symtab.elf64 = syms;
1569 #endif
1570     s->lookup_symbol = lookup_symbolxx;
1571     s->next = syminfos;
1572     syminfos = s;
1573 }
1574 
load_elf_binary(struct linux_binprm * bprm,struct target_pt_regs * regs,struct image_info * info)1575 int load_elf_binary(struct linux_binprm * bprm, struct target_pt_regs * regs,
1576                     struct image_info * info)
1577 {
1578     struct image_info interp_info;
1579     struct elfhdr elf_ex;
1580     char *elf_interpreter = NULL;
1581 
1582     info->start_mmap = (abi_ulong)ELF_START_MMAP;
1583     info->mmap = 0;
1584     info->rss = 0;
1585 
1586     load_elf_image(bprm->filename, bprm->fd, info,
1587                    &elf_interpreter, bprm->buf);
1588 
1589     /* ??? We need a copy of the elf header for passing to create_elf_tables.
1590        If we do nothing, we'll have overwritten this when we re-use bprm->buf
1591        when we load the interpreter.  */
1592     elf_ex = *(struct elfhdr *)bprm->buf;
1593 
1594     bprm->p = copy_elf_strings(1, &bprm->filename, bprm->page, bprm->p);
1595     bprm->p = copy_elf_strings(bprm->envc,bprm->envp,bprm->page,bprm->p);
1596     bprm->p = copy_elf_strings(bprm->argc,bprm->argv,bprm->page,bprm->p);
1597     if (!bprm->p) {
1598         fprintf(stderr, "%s: %s\n", bprm->filename, strerror(E2BIG));
1599         exit(-1);
1600     }
1601 
1602     /* Do this so that we can load the interpreter, if need be.  We will
1603        change some of these later */
1604     bprm->p = setup_arg_pages(bprm->p, bprm, info);
1605 
1606     if (elf_interpreter) {
1607         load_elf_interp(elf_interpreter, &interp_info, bprm->buf);
1608 
1609         /* If the program interpreter is one of these two, then assume
1610            an iBCS2 image.  Otherwise assume a native linux image.  */
1611 
1612         if (strcmp(elf_interpreter, "/usr/lib/libc.so.1") == 0
1613             || strcmp(elf_interpreter, "/usr/lib/ld.so.1") == 0) {
1614             info->personality = PER_SVR4;
1615 
1616             /* Why this, you ask???  Well SVr4 maps page 0 as read-only,
1617                and some applications "depend" upon this behavior.  Since
1618                we do not have the power to recompile these, we emulate
1619                the SVr4 behavior.  Sigh.  */
1620             target_mmap(0, qemu_host_page_size, PROT_READ | PROT_EXEC,
1621                         MAP_FIXED | MAP_PRIVATE, -1, 0);
1622         }
1623     }
1624 
1625     bprm->p = create_elf_tables(bprm->p, bprm->argc, bprm->envc, &elf_ex,
1626                                 info, (elf_interpreter ? &interp_info : NULL));
1627     info->start_stack = bprm->p;
1628 
1629     /* If we have an interpreter, set that as the program's entry point.
1630        Copy the load_addr as well, to help PPC64 interpret the entry
1631        point as a function descriptor.  Do this after creating elf tables
1632        so that we copy the original program entry point into the AUXV.  */
1633     if (elf_interpreter) {
1634         info->load_addr = interp_info.load_addr;
1635         info->entry = interp_info.entry;
1636         free(elf_interpreter);
1637     }
1638 
1639 #ifdef USE_ELF_CORE_DUMP
1640     bprm->core_dump = &elf_core_dump;
1641 #endif
1642 
1643     return 0;
1644 }
1645 
1646 #ifdef USE_ELF_CORE_DUMP
1647 /*
1648  * Definitions to generate Intel SVR4-like core files.
1649  * These mostly have the same names as the SVR4 types with "target_elf_"
1650  * tacked on the front to prevent clashes with linux definitions,
1651  * and the typedef forms have been avoided.  This is mostly like
1652  * the SVR4 structure, but more Linuxy, with things that Linux does
1653  * not support and which gdb doesn't really use excluded.
1654  *
1655  * Fields we don't dump (their contents is zero) in linux-user qemu
1656  * are marked with XXX.
1657  *
1658  * Core dump code is copied from linux kernel (fs/binfmt_elf.c).
1659  *
1660  * Porting ELF coredump for target is (quite) simple process.  First you
1661  * define USE_ELF_CORE_DUMP in target ELF code (where init_thread() for
1662  * the target resides):
1663  *
1664  * #define USE_ELF_CORE_DUMP
1665  *
1666  * Next you define type of register set used for dumping.  ELF specification
1667  * says that it needs to be array of elf_greg_t that has size of ELF_NREG.
1668  *
1669  * typedef <target_regtype> target_elf_greg_t;
1670  * #define ELF_NREG <number of registers>
1671  * typedef taret_elf_greg_t target_elf_gregset_t[ELF_NREG];
1672  *
1673  * Last step is to implement target specific function that copies registers
1674  * from given cpu into just specified register set.  Prototype is:
1675  *
1676  * static void elf_core_copy_regs(taret_elf_gregset_t *regs,
1677  *                                const CPUState *env);
1678  *
1679  * Parameters:
1680  *     regs - copy register values into here (allocated and zeroed by caller)
1681  *     env - copy registers from here
1682  *
1683  * Example for ARM target is provided in this file.
1684  */
1685 
1686 /* An ELF note in memory */
1687 struct memelfnote {
1688     const char *name;
1689     size_t     namesz;
1690     size_t     namesz_rounded;
1691     int        type;
1692     size_t     datasz;
1693     void       *data;
1694     size_t     notesz;
1695 };
1696 
1697 struct target_elf_siginfo {
1698     int  si_signo; /* signal number */
1699     int  si_code;  /* extra code */
1700     int  si_errno; /* errno */
1701 };
1702 
1703 struct target_elf_prstatus {
1704     struct target_elf_siginfo pr_info;      /* Info associated with signal */
1705     short              pr_cursig;    /* Current signal */
1706     target_ulong       pr_sigpend;   /* XXX */
1707     target_ulong       pr_sighold;   /* XXX */
1708     target_pid_t       pr_pid;
1709     target_pid_t       pr_ppid;
1710     target_pid_t       pr_pgrp;
1711     target_pid_t       pr_sid;
1712     struct target_timeval pr_utime;  /* XXX User time */
1713     struct target_timeval pr_stime;  /* XXX System time */
1714     struct target_timeval pr_cutime; /* XXX Cumulative user time */
1715     struct target_timeval pr_cstime; /* XXX Cumulative system time */
1716     target_elf_gregset_t      pr_reg;       /* GP registers */
1717     int                pr_fpvalid;   /* XXX */
1718 };
1719 
1720 #define ELF_PRARGSZ     (80) /* Number of chars for args */
1721 
1722 struct target_elf_prpsinfo {
1723     char         pr_state;       /* numeric process state */
1724     char         pr_sname;       /* char for pr_state */
1725     char         pr_zomb;        /* zombie */
1726     char         pr_nice;        /* nice val */
1727     target_ulong pr_flag;        /* flags */
1728     target_uid_t pr_uid;
1729     target_gid_t pr_gid;
1730     target_pid_t pr_pid, pr_ppid, pr_pgrp, pr_sid;
1731     /* Lots missing */
1732     char    pr_fname[16];           /* filename of executable */
1733     char    pr_psargs[ELF_PRARGSZ]; /* initial part of arg list */
1734 };
1735 
1736 /* Here is the structure in which status of each thread is captured. */
1737 struct elf_thread_status {
1738     QTAILQ_ENTRY(elf_thread_status)  ets_link;
1739     struct target_elf_prstatus prstatus;   /* NT_PRSTATUS */
1740 #if 0
1741     elf_fpregset_t fpu;             /* NT_PRFPREG */
1742     struct task_struct *thread;
1743     elf_fpxregset_t xfpu;           /* ELF_CORE_XFPREG_TYPE */
1744 #endif
1745     struct memelfnote notes[1];
1746     int num_notes;
1747 };
1748 
1749 struct elf_note_info {
1750     struct memelfnote   *notes;
1751     struct target_elf_prstatus *prstatus;  /* NT_PRSTATUS */
1752     struct target_elf_prpsinfo *psinfo;    /* NT_PRPSINFO */
1753 
1754     QTAILQ_HEAD(thread_list_head, elf_thread_status) thread_list;
1755 #if 0
1756     /*
1757      * Current version of ELF coredump doesn't support
1758      * dumping fp regs etc.
1759      */
1760     elf_fpregset_t *fpu;
1761     elf_fpxregset_t *xfpu;
1762     int thread_status_size;
1763 #endif
1764     int notes_size;
1765     int numnote;
1766 };
1767 
1768 struct vm_area_struct {
1769     abi_ulong   vma_start;  /* start vaddr of memory region */
1770     abi_ulong   vma_end;    /* end vaddr of memory region */
1771     abi_ulong   vma_flags;  /* protection etc. flags for the region */
1772     QTAILQ_ENTRY(vm_area_struct) vma_link;
1773 };
1774 
1775 struct mm_struct {
1776     QTAILQ_HEAD(, vm_area_struct) mm_mmap;
1777     int mm_count;           /* number of mappings */
1778 };
1779 
1780 static struct mm_struct *vma_init(void);
1781 static void vma_delete(struct mm_struct *);
1782 static int vma_add_mapping(struct mm_struct *, abi_ulong,
1783                            abi_ulong, abi_ulong);
1784 static int vma_get_mapping_count(const struct mm_struct *);
1785 static struct vm_area_struct *vma_first(const struct mm_struct *);
1786 static struct vm_area_struct *vma_next(struct vm_area_struct *);
1787 static abi_ulong vma_dump_size(const struct vm_area_struct *);
1788 static int vma_walker(void *priv, abi_ulong start, abi_ulong end,
1789                       unsigned long flags);
1790 
1791 static void fill_elf_header(struct elfhdr *, int, uint16_t, uint32_t);
1792 static void fill_note(struct memelfnote *, const char *, int,
1793                       unsigned int, void *);
1794 static void fill_prstatus(struct target_elf_prstatus *, const TaskState *, int);
1795 static int fill_psinfo(struct target_elf_prpsinfo *, const TaskState *);
1796 static void fill_auxv_note(struct memelfnote *, const TaskState *);
1797 static void fill_elf_note_phdr(struct elf_phdr *, int, off_t);
1798 static size_t note_size(const struct memelfnote *);
1799 static void free_note_info(struct elf_note_info *);
1800 static int fill_note_info(struct elf_note_info *, long, const CPUState *);
1801 static void fill_thread_info(struct elf_note_info *, const CPUState *);
1802 static int core_dump_filename(const TaskState *, char *, size_t);
1803 
1804 static int dump_write(int, const void *, size_t);
1805 static int write_note(struct memelfnote *, int);
1806 static int write_note_info(struct elf_note_info *, int);
1807 
1808 #ifdef BSWAP_NEEDED
bswap_prstatus(struct target_elf_prstatus * prstatus)1809 static void bswap_prstatus(struct target_elf_prstatus *prstatus)
1810 {
1811     prstatus->pr_info.si_signo = tswapl(prstatus->pr_info.si_signo);
1812     prstatus->pr_info.si_code = tswapl(prstatus->pr_info.si_code);
1813     prstatus->pr_info.si_errno = tswapl(prstatus->pr_info.si_errno);
1814     prstatus->pr_cursig = tswap16(prstatus->pr_cursig);
1815     prstatus->pr_sigpend = tswapl(prstatus->pr_sigpend);
1816     prstatus->pr_sighold = tswapl(prstatus->pr_sighold);
1817     prstatus->pr_pid = tswap32(prstatus->pr_pid);
1818     prstatus->pr_ppid = tswap32(prstatus->pr_ppid);
1819     prstatus->pr_pgrp = tswap32(prstatus->pr_pgrp);
1820     prstatus->pr_sid = tswap32(prstatus->pr_sid);
1821     /* cpu times are not filled, so we skip them */
1822     /* regs should be in correct format already */
1823     prstatus->pr_fpvalid = tswap32(prstatus->pr_fpvalid);
1824 }
1825 
bswap_psinfo(struct target_elf_prpsinfo * psinfo)1826 static void bswap_psinfo(struct target_elf_prpsinfo *psinfo)
1827 {
1828     psinfo->pr_flag = tswapl(psinfo->pr_flag);
1829     psinfo->pr_uid = tswap16(psinfo->pr_uid);
1830     psinfo->pr_gid = tswap16(psinfo->pr_gid);
1831     psinfo->pr_pid = tswap32(psinfo->pr_pid);
1832     psinfo->pr_ppid = tswap32(psinfo->pr_ppid);
1833     psinfo->pr_pgrp = tswap32(psinfo->pr_pgrp);
1834     psinfo->pr_sid = tswap32(psinfo->pr_sid);
1835 }
1836 
bswap_note(struct elf_note * en)1837 static void bswap_note(struct elf_note *en)
1838 {
1839     bswap32s(&en->n_namesz);
1840     bswap32s(&en->n_descsz);
1841     bswap32s(&en->n_type);
1842 }
1843 #else
bswap_prstatus(struct target_elf_prstatus * p)1844 static inline void bswap_prstatus(struct target_elf_prstatus *p) { }
bswap_psinfo(struct target_elf_prpsinfo * p)1845 static inline void bswap_psinfo(struct target_elf_prpsinfo *p) {}
bswap_note(struct elf_note * en)1846 static inline void bswap_note(struct elf_note *en) { }
1847 #endif /* BSWAP_NEEDED */
1848 
1849 /*
1850  * Minimal support for linux memory regions.  These are needed
1851  * when we are finding out what memory exactly belongs to
1852  * emulated process.  No locks needed here, as long as
1853  * thread that received the signal is stopped.
1854  */
1855 
vma_init(void)1856 static struct mm_struct *vma_init(void)
1857 {
1858     struct mm_struct *mm;
1859 
1860     if ((mm = qemu_malloc(sizeof (*mm))) == NULL)
1861         return (NULL);
1862 
1863     mm->mm_count = 0;
1864     QTAILQ_INIT(&mm->mm_mmap);
1865 
1866     return (mm);
1867 }
1868 
vma_delete(struct mm_struct * mm)1869 static void vma_delete(struct mm_struct *mm)
1870 {
1871     struct vm_area_struct *vma;
1872 
1873     while ((vma = vma_first(mm)) != NULL) {
1874         QTAILQ_REMOVE(&mm->mm_mmap, vma, vma_link);
1875         qemu_free(vma);
1876     }
1877     qemu_free(mm);
1878 }
1879 
vma_add_mapping(struct mm_struct * mm,abi_ulong start,abi_ulong end,abi_ulong flags)1880 static int vma_add_mapping(struct mm_struct *mm, abi_ulong start,
1881                            abi_ulong end, abi_ulong flags)
1882 {
1883     struct vm_area_struct *vma;
1884 
1885     if ((vma = qemu_mallocz(sizeof (*vma))) == NULL)
1886         return (-1);
1887 
1888     vma->vma_start = start;
1889     vma->vma_end = end;
1890     vma->vma_flags = flags;
1891 
1892     QTAILQ_INSERT_TAIL(&mm->mm_mmap, vma, vma_link);
1893     mm->mm_count++;
1894 
1895     return (0);
1896 }
1897 
vma_first(const struct mm_struct * mm)1898 static struct vm_area_struct *vma_first(const struct mm_struct *mm)
1899 {
1900     return (QTAILQ_FIRST(&mm->mm_mmap));
1901 }
1902 
vma_next(struct vm_area_struct * vma)1903 static struct vm_area_struct *vma_next(struct vm_area_struct *vma)
1904 {
1905     return (QTAILQ_NEXT(vma, vma_link));
1906 }
1907 
vma_get_mapping_count(const struct mm_struct * mm)1908 static int vma_get_mapping_count(const struct mm_struct *mm)
1909 {
1910     return (mm->mm_count);
1911 }
1912 
1913 /*
1914  * Calculate file (dump) size of given memory region.
1915  */
vma_dump_size(const struct vm_area_struct * vma)1916 static abi_ulong vma_dump_size(const struct vm_area_struct *vma)
1917 {
1918     /* if we cannot even read the first page, skip it */
1919     if (!access_ok(VERIFY_READ, vma->vma_start, TARGET_PAGE_SIZE))
1920         return (0);
1921 
1922     /*
1923      * Usually we don't dump executable pages as they contain
1924      * non-writable code that debugger can read directly from
1925      * target library etc.  However, thread stacks are marked
1926      * also executable so we read in first page of given region
1927      * and check whether it contains elf header.  If there is
1928      * no elf header, we dump it.
1929      */
1930     if (vma->vma_flags & PROT_EXEC) {
1931         char page[TARGET_PAGE_SIZE];
1932 
1933         copy_from_user(page, vma->vma_start, sizeof (page));
1934         if ((page[EI_MAG0] == ELFMAG0) &&
1935             (page[EI_MAG1] == ELFMAG1) &&
1936             (page[EI_MAG2] == ELFMAG2) &&
1937             (page[EI_MAG3] == ELFMAG3)) {
1938             /*
1939              * Mappings are possibly from ELF binary.  Don't dump
1940              * them.
1941              */
1942             return (0);
1943         }
1944     }
1945 
1946     return (vma->vma_end - vma->vma_start);
1947 }
1948 
vma_walker(void * priv,abi_ulong start,abi_ulong end,unsigned long flags)1949 static int vma_walker(void *priv, abi_ulong start, abi_ulong end,
1950                       unsigned long flags)
1951 {
1952     struct mm_struct *mm = (struct mm_struct *)priv;
1953 
1954     vma_add_mapping(mm, start, end, flags);
1955     return (0);
1956 }
1957 
fill_note(struct memelfnote * note,const char * name,int type,unsigned int sz,void * data)1958 static void fill_note(struct memelfnote *note, const char *name, int type,
1959                       unsigned int sz, void *data)
1960 {
1961     unsigned int namesz;
1962 
1963     namesz = strlen(name) + 1;
1964     note->name = name;
1965     note->namesz = namesz;
1966     note->namesz_rounded = roundup(namesz, sizeof (int32_t));
1967     note->type = type;
1968     note->datasz = roundup(sz, sizeof (int32_t));;
1969     note->data = data;
1970 
1971     /*
1972      * We calculate rounded up note size here as specified by
1973      * ELF document.
1974      */
1975     note->notesz = sizeof (struct elf_note) +
1976         note->namesz_rounded + note->datasz;
1977 }
1978 
fill_elf_header(struct elfhdr * elf,int segs,uint16_t machine,uint32_t flags)1979 static void fill_elf_header(struct elfhdr *elf, int segs, uint16_t machine,
1980                             uint32_t flags)
1981 {
1982     (void) memset(elf, 0, sizeof(*elf));
1983 
1984     (void) memcpy(elf->e_ident, ELFMAG, SELFMAG);
1985     elf->e_ident[EI_CLASS] = ELF_CLASS;
1986     elf->e_ident[EI_DATA] = ELF_DATA;
1987     elf->e_ident[EI_VERSION] = EV_CURRENT;
1988     elf->e_ident[EI_OSABI] = ELF_OSABI;
1989 
1990     elf->e_type = ET_CORE;
1991     elf->e_machine = machine;
1992     elf->e_version = EV_CURRENT;
1993     elf->e_phoff = sizeof(struct elfhdr);
1994     elf->e_flags = flags;
1995     elf->e_ehsize = sizeof(struct elfhdr);
1996     elf->e_phentsize = sizeof(struct elf_phdr);
1997     elf->e_phnum = segs;
1998 
1999     bswap_ehdr(elf);
2000 }
2001 
fill_elf_note_phdr(struct elf_phdr * phdr,int sz,off_t offset)2002 static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, off_t offset)
2003 {
2004     phdr->p_type = PT_NOTE;
2005     phdr->p_offset = offset;
2006     phdr->p_vaddr = 0;
2007     phdr->p_paddr = 0;
2008     phdr->p_filesz = sz;
2009     phdr->p_memsz = 0;
2010     phdr->p_flags = 0;
2011     phdr->p_align = 0;
2012 
2013     bswap_phdr(phdr, 1);
2014 }
2015 
note_size(const struct memelfnote * note)2016 static size_t note_size(const struct memelfnote *note)
2017 {
2018     return (note->notesz);
2019 }
2020 
fill_prstatus(struct target_elf_prstatus * prstatus,const TaskState * ts,int signr)2021 static void fill_prstatus(struct target_elf_prstatus *prstatus,
2022                           const TaskState *ts, int signr)
2023 {
2024     (void) memset(prstatus, 0, sizeof (*prstatus));
2025     prstatus->pr_info.si_signo = prstatus->pr_cursig = signr;
2026     prstatus->pr_pid = ts->ts_tid;
2027     prstatus->pr_ppid = getppid();
2028     prstatus->pr_pgrp = getpgrp();
2029     prstatus->pr_sid = getsid(0);
2030 
2031     bswap_prstatus(prstatus);
2032 }
2033 
fill_psinfo(struct target_elf_prpsinfo * psinfo,const TaskState * ts)2034 static int fill_psinfo(struct target_elf_prpsinfo *psinfo, const TaskState *ts)
2035 {
2036     char *filename, *base_filename;
2037     unsigned int i, len;
2038 
2039     (void) memset(psinfo, 0, sizeof (*psinfo));
2040 
2041     len = ts->info->arg_end - ts->info->arg_start;
2042     if (len >= ELF_PRARGSZ)
2043         len = ELF_PRARGSZ - 1;
2044     if (copy_from_user(&psinfo->pr_psargs, ts->info->arg_start, len))
2045         return -EFAULT;
2046     for (i = 0; i < len; i++)
2047         if (psinfo->pr_psargs[i] == 0)
2048             psinfo->pr_psargs[i] = ' ';
2049     psinfo->pr_psargs[len] = 0;
2050 
2051     psinfo->pr_pid = getpid();
2052     psinfo->pr_ppid = getppid();
2053     psinfo->pr_pgrp = getpgrp();
2054     psinfo->pr_sid = getsid(0);
2055     psinfo->pr_uid = getuid();
2056     psinfo->pr_gid = getgid();
2057 
2058     filename = strdup(ts->bprm->filename);
2059     base_filename = strdup(basename(filename));
2060     (void) strncpy(psinfo->pr_fname, base_filename,
2061                    sizeof(psinfo->pr_fname));
2062     free(base_filename);
2063     free(filename);
2064 
2065     bswap_psinfo(psinfo);
2066     return (0);
2067 }
2068 
fill_auxv_note(struct memelfnote * note,const TaskState * ts)2069 static void fill_auxv_note(struct memelfnote *note, const TaskState *ts)
2070 {
2071     elf_addr_t auxv = (elf_addr_t)ts->info->saved_auxv;
2072     elf_addr_t orig_auxv = auxv;
2073     abi_ulong val;
2074     void *ptr;
2075     int i, len;
2076 
2077     /*
2078      * Auxiliary vector is stored in target process stack.  It contains
2079      * {type, value} pairs that we need to dump into note.  This is not
2080      * strictly necessary but we do it here for sake of completeness.
2081      */
2082 
2083     /* find out lenght of the vector, AT_NULL is terminator */
2084     i = len = 0;
2085     do {
2086         get_user_ual(val, auxv);
2087         i += 2;
2088         auxv += 2 * sizeof (elf_addr_t);
2089     } while (val != AT_NULL);
2090     len = i * sizeof (elf_addr_t);
2091 
2092     /* read in whole auxv vector and copy it to memelfnote */
2093     ptr = lock_user(VERIFY_READ, orig_auxv, len, 0);
2094     if (ptr != NULL) {
2095         fill_note(note, "CORE", NT_AUXV, len, ptr);
2096         unlock_user(ptr, auxv, len);
2097     }
2098 }
2099 
2100 /*
2101  * Constructs name of coredump file.  We have following convention
2102  * for the name:
2103  *     qemu_<basename-of-target-binary>_<date>-<time>_<pid>.core
2104  *
2105  * Returns 0 in case of success, -1 otherwise (errno is set).
2106  */
core_dump_filename(const TaskState * ts,char * buf,size_t bufsize)2107 static int core_dump_filename(const TaskState *ts, char *buf,
2108                               size_t bufsize)
2109 {
2110     char timestamp[64];
2111     char *filename = NULL;
2112     char *base_filename = NULL;
2113     struct timeval tv;
2114     struct tm tm;
2115 
2116     assert(bufsize >= PATH_MAX);
2117 
2118     if (gettimeofday(&tv, NULL) < 0) {
2119         (void) fprintf(stderr, "unable to get current timestamp: %s",
2120                        strerror(errno));
2121         return (-1);
2122     }
2123 
2124     filename = strdup(ts->bprm->filename);
2125     base_filename = strdup(basename(filename));
2126     (void) strftime(timestamp, sizeof (timestamp), "%Y%m%d-%H%M%S",
2127                     localtime_r(&tv.tv_sec, &tm));
2128     (void) snprintf(buf, bufsize, "qemu_%s_%s_%d.core",
2129                     base_filename, timestamp, (int)getpid());
2130     free(base_filename);
2131     free(filename);
2132 
2133     return (0);
2134 }
2135 
dump_write(int fd,const void * ptr,size_t size)2136 static int dump_write(int fd, const void *ptr, size_t size)
2137 {
2138     const char *bufp = (const char *)ptr;
2139     ssize_t bytes_written, bytes_left;
2140     struct rlimit dumpsize;
2141     off_t pos;
2142 
2143     bytes_written = 0;
2144     getrlimit(RLIMIT_CORE, &dumpsize);
2145     if ((pos = lseek(fd, 0, SEEK_CUR))==-1) {
2146         if (errno == ESPIPE) { /* not a seekable stream */
2147             bytes_left = size;
2148         } else {
2149             return pos;
2150         }
2151     } else {
2152         if (dumpsize.rlim_cur <= pos) {
2153             return -1;
2154         } else if (dumpsize.rlim_cur == RLIM_INFINITY) {
2155             bytes_left = size;
2156         } else {
2157             size_t limit_left=dumpsize.rlim_cur - pos;
2158             bytes_left = limit_left >= size ? size : limit_left ;
2159         }
2160     }
2161 
2162     /*
2163      * In normal conditions, single write(2) should do but
2164      * in case of socket etc. this mechanism is more portable.
2165      */
2166     do {
2167         bytes_written = write(fd, bufp, bytes_left);
2168         if (bytes_written < 0) {
2169             if (errno == EINTR)
2170                 continue;
2171             return (-1);
2172         } else if (bytes_written == 0) { /* eof */
2173             return (-1);
2174         }
2175         bufp += bytes_written;
2176         bytes_left -= bytes_written;
2177     } while (bytes_left > 0);
2178 
2179     return (0);
2180 }
2181 
write_note(struct memelfnote * men,int fd)2182 static int write_note(struct memelfnote *men, int fd)
2183 {
2184     struct elf_note en;
2185 
2186     en.n_namesz = men->namesz;
2187     en.n_type = men->type;
2188     en.n_descsz = men->datasz;
2189 
2190     bswap_note(&en);
2191 
2192     if (dump_write(fd, &en, sizeof(en)) != 0)
2193         return (-1);
2194     if (dump_write(fd, men->name, men->namesz_rounded) != 0)
2195         return (-1);
2196     if (dump_write(fd, men->data, men->datasz) != 0)
2197         return (-1);
2198 
2199     return (0);
2200 }
2201 
fill_thread_info(struct elf_note_info * info,const CPUState * env)2202 static void fill_thread_info(struct elf_note_info *info, const CPUState *env)
2203 {
2204     TaskState *ts = (TaskState *)env->opaque;
2205     struct elf_thread_status *ets;
2206 
2207     ets = qemu_mallocz(sizeof (*ets));
2208     ets->num_notes = 1; /* only prstatus is dumped */
2209     fill_prstatus(&ets->prstatus, ts, 0);
2210     elf_core_copy_regs(&ets->prstatus.pr_reg, env);
2211     fill_note(&ets->notes[0], "CORE", NT_PRSTATUS, sizeof (ets->prstatus),
2212               &ets->prstatus);
2213 
2214     QTAILQ_INSERT_TAIL(&info->thread_list, ets, ets_link);
2215 
2216     info->notes_size += note_size(&ets->notes[0]);
2217 }
2218 
fill_note_info(struct elf_note_info * info,long signr,const CPUState * env)2219 static int fill_note_info(struct elf_note_info *info,
2220                           long signr, const CPUState *env)
2221 {
2222 #define NUMNOTES 3
2223     CPUState *cpu = NULL;
2224     TaskState *ts = (TaskState *)env->opaque;
2225     int i;
2226 
2227     (void) memset(info, 0, sizeof (*info));
2228 
2229     QTAILQ_INIT(&info->thread_list);
2230 
2231     info->notes = qemu_mallocz(NUMNOTES * sizeof (struct memelfnote));
2232     if (info->notes == NULL)
2233         return (-ENOMEM);
2234     info->prstatus = qemu_mallocz(sizeof (*info->prstatus));
2235     if (info->prstatus == NULL)
2236         return (-ENOMEM);
2237     info->psinfo = qemu_mallocz(sizeof (*info->psinfo));
2238     if (info->prstatus == NULL)
2239         return (-ENOMEM);
2240 
2241     /*
2242      * First fill in status (and registers) of current thread
2243      * including process info & aux vector.
2244      */
2245     fill_prstatus(info->prstatus, ts, signr);
2246     elf_core_copy_regs(&info->prstatus->pr_reg, env);
2247     fill_note(&info->notes[0], "CORE", NT_PRSTATUS,
2248               sizeof (*info->prstatus), info->prstatus);
2249     fill_psinfo(info->psinfo, ts);
2250     fill_note(&info->notes[1], "CORE", NT_PRPSINFO,
2251               sizeof (*info->psinfo), info->psinfo);
2252     fill_auxv_note(&info->notes[2], ts);
2253     info->numnote = 3;
2254 
2255     info->notes_size = 0;
2256     for (i = 0; i < info->numnote; i++)
2257         info->notes_size += note_size(&info->notes[i]);
2258 
2259     /* read and fill status of all threads */
2260     cpu_list_lock();
2261     for (cpu = first_cpu; cpu != NULL; cpu = cpu->next_cpu) {
2262         if (cpu == thread_env)
2263             continue;
2264         fill_thread_info(info, cpu);
2265     }
2266     cpu_list_unlock();
2267 
2268     return (0);
2269 }
2270 
free_note_info(struct elf_note_info * info)2271 static void free_note_info(struct elf_note_info *info)
2272 {
2273     struct elf_thread_status *ets;
2274 
2275     while (!QTAILQ_EMPTY(&info->thread_list)) {
2276         ets = QTAILQ_FIRST(&info->thread_list);
2277         QTAILQ_REMOVE(&info->thread_list, ets, ets_link);
2278         qemu_free(ets);
2279     }
2280 
2281     qemu_free(info->prstatus);
2282     qemu_free(info->psinfo);
2283     qemu_free(info->notes);
2284 }
2285 
write_note_info(struct elf_note_info * info,int fd)2286 static int write_note_info(struct elf_note_info *info, int fd)
2287 {
2288     struct elf_thread_status *ets;
2289     int i, error = 0;
2290 
2291     /* write prstatus, psinfo and auxv for current thread */
2292     for (i = 0; i < info->numnote; i++)
2293         if ((error = write_note(&info->notes[i], fd)) != 0)
2294             return (error);
2295 
2296     /* write prstatus for each thread */
2297     for (ets = info->thread_list.tqh_first; ets != NULL;
2298          ets = ets->ets_link.tqe_next) {
2299         if ((error = write_note(&ets->notes[0], fd)) != 0)
2300             return (error);
2301     }
2302 
2303     return (0);
2304 }
2305 
2306 /*
2307  * Write out ELF coredump.
2308  *
2309  * See documentation of ELF object file format in:
2310  * http://www.caldera.com/developers/devspecs/gabi41.pdf
2311  *
2312  * Coredump format in linux is following:
2313  *
2314  * 0   +----------------------+         \
2315  *     | ELF header           | ET_CORE  |
2316  *     +----------------------+          |
2317  *     | ELF program headers  |          |--- headers
2318  *     | - NOTE section       |          |
2319  *     | - PT_LOAD sections   |          |
2320  *     +----------------------+         /
2321  *     | NOTEs:               |
2322  *     | - NT_PRSTATUS        |
2323  *     | - NT_PRSINFO         |
2324  *     | - NT_AUXV            |
2325  *     +----------------------+ <-- aligned to target page
2326  *     | Process memory dump  |
2327  *     :                      :
2328  *     .                      .
2329  *     :                      :
2330  *     |                      |
2331  *     +----------------------+
2332  *
2333  * NT_PRSTATUS -> struct elf_prstatus (per thread)
2334  * NT_PRSINFO  -> struct elf_prpsinfo
2335  * NT_AUXV is array of { type, value } pairs (see fill_auxv_note()).
2336  *
2337  * Format follows System V format as close as possible.  Current
2338  * version limitations are as follows:
2339  *     - no floating point registers are dumped
2340  *
2341  * Function returns 0 in case of success, negative errno otherwise.
2342  *
2343  * TODO: make this work also during runtime: it should be
2344  * possible to force coredump from running process and then
2345  * continue processing.  For example qemu could set up SIGUSR2
2346  * handler (provided that target process haven't registered
2347  * handler for that) that does the dump when signal is received.
2348  */
elf_core_dump(int signr,const CPUState * env)2349 static int elf_core_dump(int signr, const CPUState *env)
2350 {
2351     const TaskState *ts = (const TaskState *)env->opaque;
2352     struct vm_area_struct *vma = NULL;
2353     char corefile[PATH_MAX];
2354     struct elf_note_info info;
2355     struct elfhdr elf;
2356     struct elf_phdr phdr;
2357     struct rlimit dumpsize;
2358     struct mm_struct *mm = NULL;
2359     off_t offset = 0, data_offset = 0;
2360     int segs = 0;
2361     int fd = -1;
2362 
2363     errno = 0;
2364     getrlimit(RLIMIT_CORE, &dumpsize);
2365     if (dumpsize.rlim_cur == 0)
2366         return 0;
2367 
2368     if (core_dump_filename(ts, corefile, sizeof (corefile)) < 0)
2369         return (-errno);
2370 
2371     if ((fd = open(corefile, O_WRONLY | O_CREAT,
2372                    S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)) < 0)
2373         return (-errno);
2374 
2375     /*
2376      * Walk through target process memory mappings and
2377      * set up structure containing this information.  After
2378      * this point vma_xxx functions can be used.
2379      */
2380     if ((mm = vma_init()) == NULL)
2381         goto out;
2382 
2383     walk_memory_regions(mm, vma_walker);
2384     segs = vma_get_mapping_count(mm);
2385 
2386     /*
2387      * Construct valid coredump ELF header.  We also
2388      * add one more segment for notes.
2389      */
2390     fill_elf_header(&elf, segs + 1, ELF_MACHINE, 0);
2391     if (dump_write(fd, &elf, sizeof (elf)) != 0)
2392         goto out;
2393 
2394     /* fill in in-memory version of notes */
2395     if (fill_note_info(&info, signr, env) < 0)
2396         goto out;
2397 
2398     offset += sizeof (elf);                             /* elf header */
2399     offset += (segs + 1) * sizeof (struct elf_phdr);    /* program headers */
2400 
2401     /* write out notes program header */
2402     fill_elf_note_phdr(&phdr, info.notes_size, offset);
2403 
2404     offset += info.notes_size;
2405     if (dump_write(fd, &phdr, sizeof (phdr)) != 0)
2406         goto out;
2407 
2408     /*
2409      * ELF specification wants data to start at page boundary so
2410      * we align it here.
2411      */
2412     offset = roundup(offset, ELF_EXEC_PAGESIZE);
2413 
2414     /*
2415      * Write program headers for memory regions mapped in
2416      * the target process.
2417      */
2418     for (vma = vma_first(mm); vma != NULL; vma = vma_next(vma)) {
2419         (void) memset(&phdr, 0, sizeof (phdr));
2420 
2421         phdr.p_type = PT_LOAD;
2422         phdr.p_offset = offset;
2423         phdr.p_vaddr = vma->vma_start;
2424         phdr.p_paddr = 0;
2425         phdr.p_filesz = vma_dump_size(vma);
2426         offset += phdr.p_filesz;
2427         phdr.p_memsz = vma->vma_end - vma->vma_start;
2428         phdr.p_flags = vma->vma_flags & PROT_READ ? PF_R : 0;
2429         if (vma->vma_flags & PROT_WRITE)
2430             phdr.p_flags |= PF_W;
2431         if (vma->vma_flags & PROT_EXEC)
2432             phdr.p_flags |= PF_X;
2433         phdr.p_align = ELF_EXEC_PAGESIZE;
2434 
2435         dump_write(fd, &phdr, sizeof (phdr));
2436     }
2437 
2438     /*
2439      * Next we write notes just after program headers.  No
2440      * alignment needed here.
2441      */
2442     if (write_note_info(&info, fd) < 0)
2443         goto out;
2444 
2445     /* align data to page boundary */
2446     data_offset = lseek(fd, 0, SEEK_CUR);
2447     data_offset = TARGET_PAGE_ALIGN(data_offset);
2448     if (lseek(fd, data_offset, SEEK_SET) != data_offset)
2449         goto out;
2450 
2451     /*
2452      * Finally we can dump process memory into corefile as well.
2453      */
2454     for (vma = vma_first(mm); vma != NULL; vma = vma_next(vma)) {
2455         abi_ulong addr;
2456         abi_ulong end;
2457 
2458         end = vma->vma_start + vma_dump_size(vma);
2459 
2460         for (addr = vma->vma_start; addr < end;
2461              addr += TARGET_PAGE_SIZE) {
2462             char page[TARGET_PAGE_SIZE];
2463             int error;
2464 
2465             /*
2466              *  Read in page from target process memory and
2467              *  write it to coredump file.
2468              */
2469             error = copy_from_user(page, addr, sizeof (page));
2470             if (error != 0) {
2471                 (void) fprintf(stderr, "unable to dump " TARGET_ABI_FMT_lx "\n",
2472                                addr);
2473                 errno = -error;
2474                 goto out;
2475             }
2476             if (dump_write(fd, page, TARGET_PAGE_SIZE) < 0)
2477                 goto out;
2478         }
2479     }
2480 
2481  out:
2482     free_note_info(&info);
2483     if (mm != NULL)
2484         vma_delete(mm);
2485     (void) close(fd);
2486 
2487     if (errno != 0)
2488         return (-errno);
2489     return (0);
2490 }
2491 #endif /* USE_ELF_CORE_DUMP */
2492 
do_init_thread(struct target_pt_regs * regs,struct image_info * infop)2493 void do_init_thread(struct target_pt_regs *regs, struct image_info *infop)
2494 {
2495     init_thread(regs, infop);
2496 }
2497