1 /* This is the Linux kernel elf-loading code, ported into user space */
11 #include <sys/resource.h>
17 #include "disas/disas.h"
28 #define ELF_OSABI ELFOSABI_SYSV
30 /* from personality.h */
33 * Flags for bug emulation.
35 * These occupy the top three bytes.
38 ADDR_NO_RANDOMIZE = 0x0040000, /* disable randomization of VA space */
39 FDPIC_FUNCPTRS = 0x0080000, /* userspace function ptrs point to
40 descriptors (signal handling) */
41 MMAP_PAGE_ZERO = 0x0100000,
42 ADDR_COMPAT_LAYOUT = 0x0200000,
43 READ_IMPLIES_EXEC = 0x0400000,
44 ADDR_LIMIT_32BIT = 0x0800000,
45 SHORT_INODE = 0x1000000,
46 WHOLE_SECONDS = 0x2000000,
47 STICKY_TIMEOUTS = 0x4000000,
48 ADDR_LIMIT_3GB = 0x8000000,
54 * These go in the low byte. Avoid using the top bit, it will
55 * conflict with error returns.
59 PER_LINUX_32BIT = 0x0000 | ADDR_LIMIT_32BIT,
60 PER_LINUX_FDPIC = 0x0000 | FDPIC_FUNCPTRS,
61 PER_SVR4 = 0x0001 | STICKY_TIMEOUTS | MMAP_PAGE_ZERO,
62 PER_SVR3 = 0x0002 | STICKY_TIMEOUTS | SHORT_INODE,
63 PER_SCOSVR3 = 0x0003 | STICKY_TIMEOUTS | WHOLE_SECONDS | SHORT_INODE,
64 PER_OSR5 = 0x0003 | STICKY_TIMEOUTS | WHOLE_SECONDS,
65 PER_WYSEV386 = 0x0004 | STICKY_TIMEOUTS | SHORT_INODE,
66 PER_ISCR4 = 0x0005 | STICKY_TIMEOUTS,
68 PER_SUNOS = 0x0006 | STICKY_TIMEOUTS,
69 PER_XENIX = 0x0007 | STICKY_TIMEOUTS | SHORT_INODE,
71 PER_LINUX32_3GB = 0x0008 | ADDR_LIMIT_3GB,
72 PER_IRIX32 = 0x0009 | STICKY_TIMEOUTS,/* IRIX5 32-bit */
73 PER_IRIXN32 = 0x000a | STICKY_TIMEOUTS,/* IRIX6 new 32-bit */
74 PER_IRIX64 = 0x000b | STICKY_TIMEOUTS,/* IRIX6 64-bit */
76 PER_SOLARIS = 0x000d | STICKY_TIMEOUTS,
77 PER_UW7 = 0x000e | STICKY_TIMEOUTS | MMAP_PAGE_ZERO,
78 PER_OSF4 = 0x000f, /* OSF/1 v4 */
84 * Return the base personality without flags.
86 #define personality(pers) (pers & PER_MASK)
88 /* this flag is uneffective under linux too, should be deleted */
90 #define MAP_DENYWRITE 0
93 /* should probably go in elf.h */
98 #ifdef TARGET_WORDS_BIGENDIAN
99 #define ELF_DATA ELFDATA2MSB
101 #define ELF_DATA ELFDATA2LSB
104 #ifdef TARGET_ABI_MIPSN32
105 typedef abi_ullong target_elf_greg_t;
106 #define tswapreg(ptr) tswap64(ptr)
108 typedef abi_ulong target_elf_greg_t;
109 #define tswapreg(ptr) tswapal(ptr)
113 typedef abi_ushort target_uid_t;
114 typedef abi_ushort target_gid_t;
116 typedef abi_uint target_uid_t;
117 typedef abi_uint target_gid_t;
119 typedef abi_int target_pid_t;
123 #define ELF_PLATFORM get_elf_platform()
125 static const char *get_elf_platform(void)
127 static char elf_platform[] = "i386";
128 int family = object_property_get_int(OBJECT(thread_cpu), "family", NULL);
132 elf_platform[1] = '0' + family;
136 #define ELF_HWCAP get_elf_hwcap()
138 static uint32_t get_elf_hwcap(void)
140 X86CPU *cpu = X86_CPU(thread_cpu);
142 return cpu->env.features[FEAT_1_EDX];
146 #define ELF_START_MMAP 0x2aaaaab000ULL
147 #define elf_check_arch(x) ( ((x) == ELF_ARCH) )
149 #define ELF_CLASS ELFCLASS64
150 #define ELF_ARCH EM_X86_64
152 static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop)
155 regs->rsp = infop->start_stack;
156 regs->rip = infop->entry;
160 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
163 * Note that ELF_NREG should be 29 as there should be place for
164 * TRAPNO and ERR "registers" as well but linux doesn't dump
167 * See linux kernel: arch/x86/include/asm/elf.h
169 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUX86State *env)
171 (*regs)[0] = env->regs[15];
172 (*regs)[1] = env->regs[14];
173 (*regs)[2] = env->regs[13];
174 (*regs)[3] = env->regs[12];
175 (*regs)[4] = env->regs[R_EBP];
176 (*regs)[5] = env->regs[R_EBX];
177 (*regs)[6] = env->regs[11];
178 (*regs)[7] = env->regs[10];
179 (*regs)[8] = env->regs[9];
180 (*regs)[9] = env->regs[8];
181 (*regs)[10] = env->regs[R_EAX];
182 (*regs)[11] = env->regs[R_ECX];
183 (*regs)[12] = env->regs[R_EDX];
184 (*regs)[13] = env->regs[R_ESI];
185 (*regs)[14] = env->regs[R_EDI];
186 (*regs)[15] = env->regs[R_EAX]; /* XXX */
187 (*regs)[16] = env->eip;
188 (*regs)[17] = env->segs[R_CS].selector & 0xffff;
189 (*regs)[18] = env->eflags;
190 (*regs)[19] = env->regs[R_ESP];
191 (*regs)[20] = env->segs[R_SS].selector & 0xffff;
192 (*regs)[21] = env->segs[R_FS].selector & 0xffff;
193 (*regs)[22] = env->segs[R_GS].selector & 0xffff;
194 (*regs)[23] = env->segs[R_DS].selector & 0xffff;
195 (*regs)[24] = env->segs[R_ES].selector & 0xffff;
196 (*regs)[25] = env->segs[R_FS].selector & 0xffff;
197 (*regs)[26] = env->segs[R_GS].selector & 0xffff;
202 #define ELF_START_MMAP 0x80000000
205 * This is used to ensure we don't load something for the wrong architecture.
207 #define elf_check_arch(x) ( ((x) == EM_386) || ((x) == EM_486) )
210 * These are used to set parameters in the core dumps.
212 #define ELF_CLASS ELFCLASS32
213 #define ELF_ARCH EM_386
215 static inline void init_thread(struct target_pt_regs *regs,
216 struct image_info *infop)
218 regs->esp = infop->start_stack;
219 regs->eip = infop->entry;
221 /* SVR4/i386 ABI (pages 3-31, 3-32) says that when the program
222 starts %edx contains a pointer to a function which might be
223 registered using `atexit'. This provides a mean for the
224 dynamic linker to call DT_FINI functions for shared libraries
225 that have been loaded before the code runs.
227 A value of 0 tells we have no such handler. */
232 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
235 * Note that ELF_NREG should be 19 as there should be place for
236 * TRAPNO and ERR "registers" as well but linux doesn't dump
239 * See linux kernel: arch/x86/include/asm/elf.h
241 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUX86State *env)
243 (*regs)[0] = env->regs[R_EBX];
244 (*regs)[1] = env->regs[R_ECX];
245 (*regs)[2] = env->regs[R_EDX];
246 (*regs)[3] = env->regs[R_ESI];
247 (*regs)[4] = env->regs[R_EDI];
248 (*regs)[5] = env->regs[R_EBP];
249 (*regs)[6] = env->regs[R_EAX];
250 (*regs)[7] = env->segs[R_DS].selector & 0xffff;
251 (*regs)[8] = env->segs[R_ES].selector & 0xffff;
252 (*regs)[9] = env->segs[R_FS].selector & 0xffff;
253 (*regs)[10] = env->segs[R_GS].selector & 0xffff;
254 (*regs)[11] = env->regs[R_EAX]; /* XXX */
255 (*regs)[12] = env->eip;
256 (*regs)[13] = env->segs[R_CS].selector & 0xffff;
257 (*regs)[14] = env->eflags;
258 (*regs)[15] = env->regs[R_ESP];
259 (*regs)[16] = env->segs[R_SS].selector & 0xffff;
263 #define USE_ELF_CORE_DUMP
264 #define ELF_EXEC_PAGESIZE 4096
270 #define ELF_START_MMAP 0x80000000
272 #define elf_check_arch(x) ((x) == ELF_MACHINE)
274 #define ELF_ARCH ELF_MACHINE
276 #ifdef TARGET_AARCH64
277 #define ELF_CLASS ELFCLASS64
279 #define ELF_CLASS ELFCLASS32
282 static inline void init_thread(struct target_pt_regs *regs,
283 struct image_info *infop)
285 abi_long stack = infop->start_stack;
286 memset(regs, 0, sizeof(*regs));
288 #ifdef TARGET_AARCH64
289 regs->pc = infop->entry & ~0x3ULL;
292 regs->ARM_cpsr = 0x10;
293 if (infop->entry & 1)
294 regs->ARM_cpsr |= CPSR_T;
295 regs->ARM_pc = infop->entry & 0xfffffffe;
296 regs->ARM_sp = infop->start_stack;
297 /* FIXME - what to for failure of get_user()? */
298 get_user_ual(regs->ARM_r2, stack + 8); /* envp */
299 get_user_ual(regs->ARM_r1, stack + 4); /* envp */
300 /* XXX: it seems that r0 is zeroed after ! */
302 /* For uClinux PIC binaries. */
303 /* XXX: Linux does this only on ARM with no MMU (do we care ?) */
304 regs->ARM_r10 = infop->start_data;
309 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
311 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUARMState *env)
313 (*regs)[0] = tswapreg(env->regs[0]);
314 (*regs)[1] = tswapreg(env->regs[1]);
315 (*regs)[2] = tswapreg(env->regs[2]);
316 (*regs)[3] = tswapreg(env->regs[3]);
317 (*regs)[4] = tswapreg(env->regs[4]);
318 (*regs)[5] = tswapreg(env->regs[5]);
319 (*regs)[6] = tswapreg(env->regs[6]);
320 (*regs)[7] = tswapreg(env->regs[7]);
321 (*regs)[8] = tswapreg(env->regs[8]);
322 (*regs)[9] = tswapreg(env->regs[9]);
323 (*regs)[10] = tswapreg(env->regs[10]);
324 (*regs)[11] = tswapreg(env->regs[11]);
325 (*regs)[12] = tswapreg(env->regs[12]);
326 (*regs)[13] = tswapreg(env->regs[13]);
327 (*regs)[14] = tswapreg(env->regs[14]);
328 (*regs)[15] = tswapreg(env->regs[15]);
330 (*regs)[16] = tswapreg(cpsr_read((CPUARMState *)env));
331 (*regs)[17] = tswapreg(env->regs[0]); /* XXX */
334 #define USE_ELF_CORE_DUMP
335 #define ELF_EXEC_PAGESIZE 4096
339 ARM_HWCAP_ARM_SWP = 1 << 0,
340 ARM_HWCAP_ARM_HALF = 1 << 1,
341 ARM_HWCAP_ARM_THUMB = 1 << 2,
342 ARM_HWCAP_ARM_26BIT = 1 << 3,
343 ARM_HWCAP_ARM_FAST_MULT = 1 << 4,
344 ARM_HWCAP_ARM_FPA = 1 << 5,
345 ARM_HWCAP_ARM_VFP = 1 << 6,
346 ARM_HWCAP_ARM_EDSP = 1 << 7,
347 ARM_HWCAP_ARM_JAVA = 1 << 8,
348 ARM_HWCAP_ARM_IWMMXT = 1 << 9,
349 ARM_HWCAP_ARM_THUMBEE = 1 << 10,
350 ARM_HWCAP_ARM_NEON = 1 << 11,
351 ARM_HWCAP_ARM_VFPv3 = 1 << 12,
352 ARM_HWCAP_ARM_VFPv3D16 = 1 << 13,
355 #define TARGET_HAS_VALIDATE_GUEST_SPACE
356 /* Return 1 if the proposed guest space is suitable for the guest.
357 * Return 0 if the proposed guest space isn't suitable, but another
358 * address space should be tried.
359 * Return -1 if there is no way the proposed guest space can be
360 * valid regardless of the base.
361 * The guest code may leave a page mapped and populate it if the
362 * address is suitable.
364 static int validate_guest_space(unsigned long guest_base,
365 unsigned long guest_size)
367 unsigned long real_start, test_page_addr;
369 /* We need to check that we can force a fault on access to the
370 * commpage at 0xffff0fxx
372 test_page_addr = guest_base + (0xffff0f00 & qemu_host_page_mask);
374 /* If the commpage lies within the already allocated guest space,
375 * then there is no way we can allocate it.
377 if (test_page_addr >= guest_base
378 && test_page_addr <= (guest_base + guest_size)) {
382 /* Note it needs to be writeable to let us initialise it */
383 real_start = (unsigned long)
384 mmap((void *)test_page_addr, qemu_host_page_size,
385 PROT_READ | PROT_WRITE,
386 MAP_ANONYMOUS | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
388 /* If we can't map it then try another address */
389 if (real_start == -1ul) {
393 if (real_start != test_page_addr) {
394 /* OS didn't put the page where we asked - unmap and reject */
395 munmap((void *)real_start, qemu_host_page_size);
399 /* Leave the page mapped
400 * Populate it (mmap should have left it all 0'd)
403 /* Kernel helper versions */
404 __put_user(5, (uint32_t *)g2h(0xffff0ffcul));
406 /* Now it's populated make it RO */
407 if (mprotect((void *)test_page_addr, qemu_host_page_size, PROT_READ)) {
408 perror("Protecting guest commpage");
412 return 1; /* All good */
416 #define ELF_HWCAP get_elf_hwcap()
418 static uint32_t get_elf_hwcap(void)
420 ARMCPU *cpu = ARM_CPU(thread_cpu);
423 hwcaps |= ARM_HWCAP_ARM_SWP;
424 hwcaps |= ARM_HWCAP_ARM_HALF;
425 hwcaps |= ARM_HWCAP_ARM_THUMB;
426 hwcaps |= ARM_HWCAP_ARM_FAST_MULT;
427 hwcaps |= ARM_HWCAP_ARM_FPA;
429 /* probe for the extra features */
430 #define GET_FEATURE(feat, hwcap) \
431 do { if (arm_feature(&cpu->env, feat)) { hwcaps |= hwcap; } } while (0)
432 GET_FEATURE(ARM_FEATURE_VFP, ARM_HWCAP_ARM_VFP);
433 GET_FEATURE(ARM_FEATURE_IWMMXT, ARM_HWCAP_ARM_IWMMXT);
434 GET_FEATURE(ARM_FEATURE_THUMB2EE, ARM_HWCAP_ARM_THUMBEE);
435 GET_FEATURE(ARM_FEATURE_NEON, ARM_HWCAP_ARM_NEON);
436 GET_FEATURE(ARM_FEATURE_VFP3, ARM_HWCAP_ARM_VFPv3);
437 GET_FEATURE(ARM_FEATURE_VFP_FP16, ARM_HWCAP_ARM_VFPv3D16);
445 #ifdef TARGET_UNICORE32
447 #define ELF_START_MMAP 0x80000000
449 #define elf_check_arch(x) ((x) == EM_UNICORE32)
451 #define ELF_CLASS ELFCLASS32
452 #define ELF_DATA ELFDATA2LSB
453 #define ELF_ARCH EM_UNICORE32
455 static inline void init_thread(struct target_pt_regs *regs,
456 struct image_info *infop)
458 abi_long stack = infop->start_stack;
459 memset(regs, 0, sizeof(*regs));
460 regs->UC32_REG_asr = 0x10;
461 regs->UC32_REG_pc = infop->entry & 0xfffffffe;
462 regs->UC32_REG_sp = infop->start_stack;
463 /* FIXME - what to for failure of get_user()? */
464 get_user_ual(regs->UC32_REG_02, stack + 8); /* envp */
465 get_user_ual(regs->UC32_REG_01, stack + 4); /* envp */
466 /* XXX: it seems that r0 is zeroed after ! */
467 regs->UC32_REG_00 = 0;
471 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
473 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUUniCore32State *env)
475 (*regs)[0] = env->regs[0];
476 (*regs)[1] = env->regs[1];
477 (*regs)[2] = env->regs[2];
478 (*regs)[3] = env->regs[3];
479 (*regs)[4] = env->regs[4];
480 (*regs)[5] = env->regs[5];
481 (*regs)[6] = env->regs[6];
482 (*regs)[7] = env->regs[7];
483 (*regs)[8] = env->regs[8];
484 (*regs)[9] = env->regs[9];
485 (*regs)[10] = env->regs[10];
486 (*regs)[11] = env->regs[11];
487 (*regs)[12] = env->regs[12];
488 (*regs)[13] = env->regs[13];
489 (*regs)[14] = env->regs[14];
490 (*regs)[15] = env->regs[15];
491 (*regs)[16] = env->regs[16];
492 (*regs)[17] = env->regs[17];
493 (*regs)[18] = env->regs[18];
494 (*regs)[19] = env->regs[19];
495 (*regs)[20] = env->regs[20];
496 (*regs)[21] = env->regs[21];
497 (*regs)[22] = env->regs[22];
498 (*regs)[23] = env->regs[23];
499 (*regs)[24] = env->regs[24];
500 (*regs)[25] = env->regs[25];
501 (*regs)[26] = env->regs[26];
502 (*regs)[27] = env->regs[27];
503 (*regs)[28] = env->regs[28];
504 (*regs)[29] = env->regs[29];
505 (*regs)[30] = env->regs[30];
506 (*regs)[31] = env->regs[31];
508 (*regs)[32] = cpu_asr_read((CPUUniCore32State *)env);
509 (*regs)[33] = env->regs[0]; /* XXX */
512 #define USE_ELF_CORE_DUMP
513 #define ELF_EXEC_PAGESIZE 4096
515 #define ELF_HWCAP (UC32_HWCAP_CMOV | UC32_HWCAP_UCF64)
520 #ifdef TARGET_SPARC64
522 #define ELF_START_MMAP 0x80000000
523 #define ELF_HWCAP (HWCAP_SPARC_FLUSH | HWCAP_SPARC_STBAR | HWCAP_SPARC_SWAP \
524 | HWCAP_SPARC_MULDIV | HWCAP_SPARC_V9)
526 #define elf_check_arch(x) ( (x) == EM_SPARCV9 || (x) == EM_SPARC32PLUS )
528 #define elf_check_arch(x) ( (x) == EM_SPARC32PLUS || (x) == EM_SPARC )
531 #define ELF_CLASS ELFCLASS64
532 #define ELF_ARCH EM_SPARCV9
534 #define STACK_BIAS 2047
536 static inline void init_thread(struct target_pt_regs *regs,
537 struct image_info *infop)
542 regs->pc = infop->entry;
543 regs->npc = regs->pc + 4;
546 regs->u_regs[14] = infop->start_stack - 16 * 4;
548 if (personality(infop->personality) == PER_LINUX32)
549 regs->u_regs[14] = infop->start_stack - 16 * 4;
551 regs->u_regs[14] = infop->start_stack - 16 * 8 - STACK_BIAS;
556 #define ELF_START_MMAP 0x80000000
557 #define ELF_HWCAP (HWCAP_SPARC_FLUSH | HWCAP_SPARC_STBAR | HWCAP_SPARC_SWAP \
558 | HWCAP_SPARC_MULDIV)
559 #define elf_check_arch(x) ( (x) == EM_SPARC )
561 #define ELF_CLASS ELFCLASS32
562 #define ELF_ARCH EM_SPARC
564 static inline void init_thread(struct target_pt_regs *regs,
565 struct image_info *infop)
568 regs->pc = infop->entry;
569 regs->npc = regs->pc + 4;
571 regs->u_regs[14] = infop->start_stack - 16 * 4;
579 #define ELF_START_MMAP 0x80000000
581 #if defined(TARGET_PPC64) && !defined(TARGET_ABI32)
583 #define elf_check_arch(x) ( (x) == EM_PPC64 )
585 #define ELF_CLASS ELFCLASS64
589 #define elf_check_arch(x) ( (x) == EM_PPC )
591 #define ELF_CLASS ELFCLASS32
595 #define ELF_ARCH EM_PPC
597 /* Feature masks for the Aux Vector Hardware Capabilities (AT_HWCAP).
598 See arch/powerpc/include/asm/cputable.h. */
600 QEMU_PPC_FEATURE_32 = 0x80000000,
601 QEMU_PPC_FEATURE_64 = 0x40000000,
602 QEMU_PPC_FEATURE_601_INSTR = 0x20000000,
603 QEMU_PPC_FEATURE_HAS_ALTIVEC = 0x10000000,
604 QEMU_PPC_FEATURE_HAS_FPU = 0x08000000,
605 QEMU_PPC_FEATURE_HAS_MMU = 0x04000000,
606 QEMU_PPC_FEATURE_HAS_4xxMAC = 0x02000000,
607 QEMU_PPC_FEATURE_UNIFIED_CACHE = 0x01000000,
608 QEMU_PPC_FEATURE_HAS_SPE = 0x00800000,
609 QEMU_PPC_FEATURE_HAS_EFP_SINGLE = 0x00400000,
610 QEMU_PPC_FEATURE_HAS_EFP_DOUBLE = 0x00200000,
611 QEMU_PPC_FEATURE_NO_TB = 0x00100000,
612 QEMU_PPC_FEATURE_POWER4 = 0x00080000,
613 QEMU_PPC_FEATURE_POWER5 = 0x00040000,
614 QEMU_PPC_FEATURE_POWER5_PLUS = 0x00020000,
615 QEMU_PPC_FEATURE_CELL = 0x00010000,
616 QEMU_PPC_FEATURE_BOOKE = 0x00008000,
617 QEMU_PPC_FEATURE_SMT = 0x00004000,
618 QEMU_PPC_FEATURE_ICACHE_SNOOP = 0x00002000,
619 QEMU_PPC_FEATURE_ARCH_2_05 = 0x00001000,
620 QEMU_PPC_FEATURE_PA6T = 0x00000800,
621 QEMU_PPC_FEATURE_HAS_DFP = 0x00000400,
622 QEMU_PPC_FEATURE_POWER6_EXT = 0x00000200,
623 QEMU_PPC_FEATURE_ARCH_2_06 = 0x00000100,
624 QEMU_PPC_FEATURE_HAS_VSX = 0x00000080,
625 QEMU_PPC_FEATURE_PSERIES_PERFMON_COMPAT = 0x00000040,
627 QEMU_PPC_FEATURE_TRUE_LE = 0x00000002,
628 QEMU_PPC_FEATURE_PPC_LE = 0x00000001,
631 #define ELF_HWCAP get_elf_hwcap()
633 static uint32_t get_elf_hwcap(void)
635 PowerPCCPU *cpu = POWERPC_CPU(thread_cpu);
636 uint32_t features = 0;
638 /* We don't have to be terribly complete here; the high points are
639 Altivec/FP/SPE support. Anything else is just a bonus. */
640 #define GET_FEATURE(flag, feature) \
641 do { if (cpu->env.insns_flags & flag) { features |= feature; } } while (0)
642 GET_FEATURE(PPC_64B, QEMU_PPC_FEATURE_64);
643 GET_FEATURE(PPC_FLOAT, QEMU_PPC_FEATURE_HAS_FPU);
644 GET_FEATURE(PPC_ALTIVEC, QEMU_PPC_FEATURE_HAS_ALTIVEC);
645 GET_FEATURE(PPC_SPE, QEMU_PPC_FEATURE_HAS_SPE);
646 GET_FEATURE(PPC_SPE_SINGLE, QEMU_PPC_FEATURE_HAS_EFP_SINGLE);
647 GET_FEATURE(PPC_SPE_DOUBLE, QEMU_PPC_FEATURE_HAS_EFP_DOUBLE);
648 GET_FEATURE(PPC_BOOKE, QEMU_PPC_FEATURE_BOOKE);
649 GET_FEATURE(PPC_405_MAC, QEMU_PPC_FEATURE_HAS_4xxMAC);
656 * The requirements here are:
657 * - keep the final alignment of sp (sp & 0xf)
658 * - make sure the 32-bit value at the first 16 byte aligned position of
659 * AUXV is greater than 16 for glibc compatibility.
660 * AT_IGNOREPPC is used for that.
661 * - for compatibility with glibc ARCH_DLINFO must always be defined on PPC,
662 * even if DLINFO_ARCH_ITEMS goes to zero or is undefined.
664 #define DLINFO_ARCH_ITEMS 5
665 #define ARCH_DLINFO \
667 NEW_AUX_ENT(AT_DCACHEBSIZE, 0x20); \
668 NEW_AUX_ENT(AT_ICACHEBSIZE, 0x20); \
669 NEW_AUX_ENT(AT_UCACHEBSIZE, 0); \
671 * Now handle glibc compatibility. \
673 NEW_AUX_ENT(AT_IGNOREPPC, AT_IGNOREPPC); \
674 NEW_AUX_ENT(AT_IGNOREPPC, AT_IGNOREPPC); \
677 static inline void init_thread(struct target_pt_regs *_regs, struct image_info *infop)
679 _regs->gpr[1] = infop->start_stack;
680 #if defined(TARGET_PPC64) && !defined(TARGET_ABI32)
681 _regs->gpr[2] = ldq_raw(infop->entry + 8) + infop->load_bias;
682 infop->entry = ldq_raw(infop->entry) + infop->load_bias;
684 _regs->nip = infop->entry;
687 /* See linux kernel: arch/powerpc/include/asm/elf.h. */
689 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
691 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUPPCState *env)
694 target_ulong ccr = 0;
696 for (i = 0; i < ARRAY_SIZE(env->gpr); i++) {
697 (*regs)[i] = tswapreg(env->gpr[i]);
700 (*regs)[32] = tswapreg(env->nip);
701 (*regs)[33] = tswapreg(env->msr);
702 (*regs)[35] = tswapreg(env->ctr);
703 (*regs)[36] = tswapreg(env->lr);
704 (*regs)[37] = tswapreg(env->xer);
706 for (i = 0; i < ARRAY_SIZE(env->crf); i++) {
707 ccr |= env->crf[i] << (32 - ((i + 1) * 4));
709 (*regs)[38] = tswapreg(ccr);
712 #define USE_ELF_CORE_DUMP
713 #define ELF_EXEC_PAGESIZE 4096
719 #define ELF_START_MMAP 0x80000000
721 #define elf_check_arch(x) ( (x) == EM_MIPS )
724 #define ELF_CLASS ELFCLASS64
726 #define ELF_CLASS ELFCLASS32
728 #define ELF_ARCH EM_MIPS
730 static inline void init_thread(struct target_pt_regs *regs,
731 struct image_info *infop)
733 regs->cp0_status = 2 << CP0St_KSU;
734 regs->cp0_epc = infop->entry;
735 regs->regs[29] = infop->start_stack;
738 /* See linux kernel: arch/mips/include/asm/elf.h. */
740 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
742 /* See linux kernel: arch/mips/include/asm/reg.h. */
749 TARGET_EF_R26 = TARGET_EF_R0 + 26,
750 TARGET_EF_R27 = TARGET_EF_R0 + 27,
751 TARGET_EF_LO = TARGET_EF_R0 + 32,
752 TARGET_EF_HI = TARGET_EF_R0 + 33,
753 TARGET_EF_CP0_EPC = TARGET_EF_R0 + 34,
754 TARGET_EF_CP0_BADVADDR = TARGET_EF_R0 + 35,
755 TARGET_EF_CP0_STATUS = TARGET_EF_R0 + 36,
756 TARGET_EF_CP0_CAUSE = TARGET_EF_R0 + 37
759 /* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs. */
760 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUMIPSState *env)
764 for (i = 0; i < TARGET_EF_R0; i++) {
767 (*regs)[TARGET_EF_R0] = 0;
769 for (i = 1; i < ARRAY_SIZE(env->active_tc.gpr); i++) {
770 (*regs)[TARGET_EF_R0 + i] = tswapreg(env->active_tc.gpr[i]);
773 (*regs)[TARGET_EF_R26] = 0;
774 (*regs)[TARGET_EF_R27] = 0;
775 (*regs)[TARGET_EF_LO] = tswapreg(env->active_tc.LO[0]);
776 (*regs)[TARGET_EF_HI] = tswapreg(env->active_tc.HI[0]);
777 (*regs)[TARGET_EF_CP0_EPC] = tswapreg(env->active_tc.PC);
778 (*regs)[TARGET_EF_CP0_BADVADDR] = tswapreg(env->CP0_BadVAddr);
779 (*regs)[TARGET_EF_CP0_STATUS] = tswapreg(env->CP0_Status);
780 (*regs)[TARGET_EF_CP0_CAUSE] = tswapreg(env->CP0_Cause);
783 #define USE_ELF_CORE_DUMP
784 #define ELF_EXEC_PAGESIZE 4096
786 #endif /* TARGET_MIPS */
788 #ifdef TARGET_MICROBLAZE
790 #define ELF_START_MMAP 0x80000000
792 #define elf_check_arch(x) ( (x) == EM_MICROBLAZE || (x) == EM_MICROBLAZE_OLD)
794 #define ELF_CLASS ELFCLASS32
795 #define ELF_ARCH EM_MICROBLAZE
797 static inline void init_thread(struct target_pt_regs *regs,
798 struct image_info *infop)
800 regs->pc = infop->entry;
801 regs->r1 = infop->start_stack;
805 #define ELF_EXEC_PAGESIZE 4096
807 #define USE_ELF_CORE_DUMP
809 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
811 /* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs. */
812 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUMBState *env)
816 for (i = 0; i < 32; i++) {
817 (*regs)[pos++] = tswapreg(env->regs[i]);
820 for (i = 0; i < 6; i++) {
821 (*regs)[pos++] = tswapreg(env->sregs[i]);
825 #endif /* TARGET_MICROBLAZE */
827 #ifdef TARGET_OPENRISC
829 #define ELF_START_MMAP 0x08000000
831 #define elf_check_arch(x) ((x) == EM_OPENRISC)
833 #define ELF_ARCH EM_OPENRISC
834 #define ELF_CLASS ELFCLASS32
835 #define ELF_DATA ELFDATA2MSB
837 static inline void init_thread(struct target_pt_regs *regs,
838 struct image_info *infop)
840 regs->pc = infop->entry;
841 regs->gpr[1] = infop->start_stack;
844 #define USE_ELF_CORE_DUMP
845 #define ELF_EXEC_PAGESIZE 8192
847 /* See linux kernel arch/openrisc/include/asm/elf.h. */
848 #define ELF_NREG 34 /* gprs and pc, sr */
849 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
851 static void elf_core_copy_regs(target_elf_gregset_t *regs,
852 const CPUOpenRISCState *env)
856 for (i = 0; i < 32; i++) {
857 (*regs)[i] = tswapreg(env->gpr[i]);
860 (*regs)[32] = tswapreg(env->pc);
861 (*regs)[33] = tswapreg(env->sr);
864 #define ELF_PLATFORM NULL
866 #endif /* TARGET_OPENRISC */
870 #define ELF_START_MMAP 0x80000000
872 #define elf_check_arch(x) ( (x) == EM_SH )
874 #define ELF_CLASS ELFCLASS32
875 #define ELF_ARCH EM_SH
877 static inline void init_thread(struct target_pt_regs *regs,
878 struct image_info *infop)
880 /* Check other registers XXXXX */
881 regs->pc = infop->entry;
882 regs->regs[15] = infop->start_stack;
885 /* See linux kernel: arch/sh/include/asm/elf.h. */
887 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
889 /* See linux kernel: arch/sh/include/asm/ptrace.h. */
895 TARGET_REG_MACH = 20,
896 TARGET_REG_MACL = 21,
897 TARGET_REG_SYSCALL = 22
900 static inline void elf_core_copy_regs(target_elf_gregset_t *regs,
901 const CPUSH4State *env)
905 for (i = 0; i < 16; i++) {
906 (*regs[i]) = tswapreg(env->gregs[i]);
909 (*regs)[TARGET_REG_PC] = tswapreg(env->pc);
910 (*regs)[TARGET_REG_PR] = tswapreg(env->pr);
911 (*regs)[TARGET_REG_SR] = tswapreg(env->sr);
912 (*regs)[TARGET_REG_GBR] = tswapreg(env->gbr);
913 (*regs)[TARGET_REG_MACH] = tswapreg(env->mach);
914 (*regs)[TARGET_REG_MACL] = tswapreg(env->macl);
915 (*regs)[TARGET_REG_SYSCALL] = 0; /* FIXME */
918 #define USE_ELF_CORE_DUMP
919 #define ELF_EXEC_PAGESIZE 4096
925 #define ELF_START_MMAP 0x80000000
927 #define elf_check_arch(x) ( (x) == EM_CRIS )
929 #define ELF_CLASS ELFCLASS32
930 #define ELF_ARCH EM_CRIS
932 static inline void init_thread(struct target_pt_regs *regs,
933 struct image_info *infop)
935 regs->erp = infop->entry;
938 #define ELF_EXEC_PAGESIZE 8192
944 #define ELF_START_MMAP 0x80000000
946 #define elf_check_arch(x) ( (x) == EM_68K )
948 #define ELF_CLASS ELFCLASS32
949 #define ELF_ARCH EM_68K
951 /* ??? Does this need to do anything?
952 #define ELF_PLAT_INIT(_r) */
954 static inline void init_thread(struct target_pt_regs *regs,
955 struct image_info *infop)
957 regs->usp = infop->start_stack;
959 regs->pc = infop->entry;
962 /* See linux kernel: arch/m68k/include/asm/elf.h. */
964 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
966 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUM68KState *env)
968 (*regs)[0] = tswapreg(env->dregs[1]);
969 (*regs)[1] = tswapreg(env->dregs[2]);
970 (*regs)[2] = tswapreg(env->dregs[3]);
971 (*regs)[3] = tswapreg(env->dregs[4]);
972 (*regs)[4] = tswapreg(env->dregs[5]);
973 (*regs)[5] = tswapreg(env->dregs[6]);
974 (*regs)[6] = tswapreg(env->dregs[7]);
975 (*regs)[7] = tswapreg(env->aregs[0]);
976 (*regs)[8] = tswapreg(env->aregs[1]);
977 (*regs)[9] = tswapreg(env->aregs[2]);
978 (*regs)[10] = tswapreg(env->aregs[3]);
979 (*regs)[11] = tswapreg(env->aregs[4]);
980 (*regs)[12] = tswapreg(env->aregs[5]);
981 (*regs)[13] = tswapreg(env->aregs[6]);
982 (*regs)[14] = tswapreg(env->dregs[0]);
983 (*regs)[15] = tswapreg(env->aregs[7]);
984 (*regs)[16] = tswapreg(env->dregs[0]); /* FIXME: orig_d0 */
985 (*regs)[17] = tswapreg(env->sr);
986 (*regs)[18] = tswapreg(env->pc);
987 (*regs)[19] = 0; /* FIXME: regs->format | regs->vector */
990 #define USE_ELF_CORE_DUMP
991 #define ELF_EXEC_PAGESIZE 8192
997 #define ELF_START_MMAP (0x30000000000ULL)
999 #define elf_check_arch(x) ( (x) == ELF_ARCH )
1001 #define ELF_CLASS ELFCLASS64
1002 #define ELF_ARCH EM_ALPHA
1004 static inline void init_thread(struct target_pt_regs *regs,
1005 struct image_info *infop)
1007 regs->pc = infop->entry;
1009 regs->usp = infop->start_stack;
1012 #define ELF_EXEC_PAGESIZE 8192
1014 #endif /* TARGET_ALPHA */
1018 #define ELF_START_MMAP (0x20000000000ULL)
1020 #define elf_check_arch(x) ( (x) == ELF_ARCH )
1022 #define ELF_CLASS ELFCLASS64
1023 #define ELF_DATA ELFDATA2MSB
1024 #define ELF_ARCH EM_S390
1026 static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop)
1028 regs->psw.addr = infop->entry;
1029 regs->psw.mask = PSW_MASK_64 | PSW_MASK_32;
1030 regs->gprs[15] = infop->start_stack;
1033 #endif /* TARGET_S390X */
1035 #ifndef ELF_PLATFORM
1036 #define ELF_PLATFORM (NULL)
1045 #define ELF_CLASS ELFCLASS32
1047 #define bswaptls(ptr) bswap32s(ptr)
1054 unsigned int a_info; /* Use macros N_MAGIC, etc for access */
1055 unsigned int a_text; /* length of text, in bytes */
1056 unsigned int a_data; /* length of data, in bytes */
1057 unsigned int a_bss; /* length of uninitialized data area, in bytes */
1058 unsigned int a_syms; /* length of symbol table data in file, in bytes */
1059 unsigned int a_entry; /* start address */
1060 unsigned int a_trsize; /* length of relocation info for text, in bytes */
1061 unsigned int a_drsize; /* length of relocation info for data, in bytes */
1065 #define N_MAGIC(exec) ((exec).a_info & 0xffff)
1071 /* Necessary parameters */
1072 #define TARGET_ELF_EXEC_PAGESIZE TARGET_PAGE_SIZE
1073 #define TARGET_ELF_PAGESTART(_v) ((_v) & ~(unsigned long)(TARGET_ELF_EXEC_PAGESIZE-1))
1074 #define TARGET_ELF_PAGEOFFSET(_v) ((_v) & (TARGET_ELF_EXEC_PAGESIZE-1))
1076 #define DLINFO_ITEMS 13
1078 static inline void memcpy_fromfs(void * to, const void * from, unsigned long n)
1080 memcpy(to, from, n);
1084 static void bswap_ehdr(struct elfhdr *ehdr)
1086 bswap16s(&ehdr->e_type); /* Object file type */
1087 bswap16s(&ehdr->e_machine); /* Architecture */
1088 bswap32s(&ehdr->e_version); /* Object file version */
1089 bswaptls(&ehdr->e_entry); /* Entry point virtual address */
1090 bswaptls(&ehdr->e_phoff); /* Program header table file offset */
1091 bswaptls(&ehdr->e_shoff); /* Section header table file offset */
1092 bswap32s(&ehdr->e_flags); /* Processor-specific flags */
1093 bswap16s(&ehdr->e_ehsize); /* ELF header size in bytes */
1094 bswap16s(&ehdr->e_phentsize); /* Program header table entry size */
1095 bswap16s(&ehdr->e_phnum); /* Program header table entry count */
1096 bswap16s(&ehdr->e_shentsize); /* Section header table entry size */
1097 bswap16s(&ehdr->e_shnum); /* Section header table entry count */
1098 bswap16s(&ehdr->e_shstrndx); /* Section header string table index */
1101 static void bswap_phdr(struct elf_phdr *phdr, int phnum)
1104 for (i = 0; i < phnum; ++i, ++phdr) {
1105 bswap32s(&phdr->p_type); /* Segment type */
1106 bswap32s(&phdr->p_flags); /* Segment flags */
1107 bswaptls(&phdr->p_offset); /* Segment file offset */
1108 bswaptls(&phdr->p_vaddr); /* Segment virtual address */
1109 bswaptls(&phdr->p_paddr); /* Segment physical address */
1110 bswaptls(&phdr->p_filesz); /* Segment size in file */
1111 bswaptls(&phdr->p_memsz); /* Segment size in memory */
1112 bswaptls(&phdr->p_align); /* Segment alignment */
1116 static void bswap_shdr(struct elf_shdr *shdr, int shnum)
1119 for (i = 0; i < shnum; ++i, ++shdr) {
1120 bswap32s(&shdr->sh_name);
1121 bswap32s(&shdr->sh_type);
1122 bswaptls(&shdr->sh_flags);
1123 bswaptls(&shdr->sh_addr);
1124 bswaptls(&shdr->sh_offset);
1125 bswaptls(&shdr->sh_size);
1126 bswap32s(&shdr->sh_link);
1127 bswap32s(&shdr->sh_info);
1128 bswaptls(&shdr->sh_addralign);
1129 bswaptls(&shdr->sh_entsize);
1133 static void bswap_sym(struct elf_sym *sym)
1135 bswap32s(&sym->st_name);
1136 bswaptls(&sym->st_value);
1137 bswaptls(&sym->st_size);
1138 bswap16s(&sym->st_shndx);
1141 static inline void bswap_ehdr(struct elfhdr *ehdr) { }
1142 static inline void bswap_phdr(struct elf_phdr *phdr, int phnum) { }
1143 static inline void bswap_shdr(struct elf_shdr *shdr, int shnum) { }
1144 static inline void bswap_sym(struct elf_sym *sym) { }
1147 #ifdef USE_ELF_CORE_DUMP
1148 static int elf_core_dump(int, const CPUArchState *);
1149 #endif /* USE_ELF_CORE_DUMP */
1150 static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias);
1152 /* Verify the portions of EHDR within E_IDENT for the target.
1153 This can be performed before bswapping the entire header. */
1154 static bool elf_check_ident(struct elfhdr *ehdr)
1156 return (ehdr->e_ident[EI_MAG0] == ELFMAG0
1157 && ehdr->e_ident[EI_MAG1] == ELFMAG1
1158 && ehdr->e_ident[EI_MAG2] == ELFMAG2
1159 && ehdr->e_ident[EI_MAG3] == ELFMAG3
1160 && ehdr->e_ident[EI_CLASS] == ELF_CLASS
1161 && ehdr->e_ident[EI_DATA] == ELF_DATA
1162 && ehdr->e_ident[EI_VERSION] == EV_CURRENT);
1165 /* Verify the portions of EHDR outside of E_IDENT for the target.
1166 This has to wait until after bswapping the header. */
1167 static bool elf_check_ehdr(struct elfhdr *ehdr)
1169 return (elf_check_arch(ehdr->e_machine)
1170 && ehdr->e_ehsize == sizeof(struct elfhdr)
1171 && ehdr->e_phentsize == sizeof(struct elf_phdr)
1172 && ehdr->e_shentsize == sizeof(struct elf_shdr)
1173 && (ehdr->e_type == ET_EXEC || ehdr->e_type == ET_DYN));
1177 * 'copy_elf_strings()' copies argument/envelope strings from user
1178 * memory to free pages in kernel mem. These are in a format ready
1179 * to be put directly into the top of new user memory.
1182 static abi_ulong copy_elf_strings(int argc,char ** argv, void **page,
1185 char *tmp, *tmp1, *pag = NULL;
1186 int len, offset = 0;
1189 return 0; /* bullet-proofing */
1191 while (argc-- > 0) {
1194 fprintf(stderr, "VFS: argc is wrong");
1200 if (p < len) { /* this shouldn't happen - 128kB */
1206 offset = p % TARGET_PAGE_SIZE;
1207 pag = (char *)page[p/TARGET_PAGE_SIZE];
1209 pag = g_try_malloc0(TARGET_PAGE_SIZE);
1210 page[p/TARGET_PAGE_SIZE] = pag;
1215 if (len == 0 || offset == 0) {
1216 *(pag + offset) = *tmp;
1219 int bytes_to_copy = (len > offset) ? offset : len;
1220 tmp -= bytes_to_copy;
1222 offset -= bytes_to_copy;
1223 len -= bytes_to_copy;
1224 memcpy_fromfs(pag + offset, tmp, bytes_to_copy + 1);
1231 static abi_ulong setup_arg_pages(abi_ulong p, struct linux_binprm *bprm,
1232 struct image_info *info)
1234 abi_ulong stack_base, size, error, guard;
1237 /* Create enough stack to hold everything. If we don't use
1238 it for args, we'll use it for something else. */
1239 size = guest_stack_size;
1240 if (size < MAX_ARG_PAGES*TARGET_PAGE_SIZE) {
1241 size = MAX_ARG_PAGES*TARGET_PAGE_SIZE;
1243 guard = TARGET_PAGE_SIZE;
1244 if (guard < qemu_real_host_page_size) {
1245 guard = qemu_real_host_page_size;
1248 error = target_mmap(0, size + guard, PROT_READ | PROT_WRITE,
1249 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
1251 perror("mmap stack");
1255 /* We reserve one extra page at the top of the stack as guard. */
1256 target_mprotect(error, guard, PROT_NONE);
1258 info->stack_limit = error + guard;
1259 stack_base = info->stack_limit + size - MAX_ARG_PAGES*TARGET_PAGE_SIZE;
1262 for (i = 0 ; i < MAX_ARG_PAGES ; i++) {
1263 if (bprm->page[i]) {
1265 /* FIXME - check return value of memcpy_to_target() for failure */
1266 memcpy_to_target(stack_base, bprm->page[i], TARGET_PAGE_SIZE);
1267 g_free(bprm->page[i]);
1269 stack_base += TARGET_PAGE_SIZE;
1274 /* Map and zero the bss. We need to explicitly zero any fractional pages
1275 after the data section (i.e. bss). */
1276 static void zero_bss(abi_ulong elf_bss, abi_ulong last_bss, int prot)
1278 uintptr_t host_start, host_map_start, host_end;
1280 last_bss = TARGET_PAGE_ALIGN(last_bss);
1282 /* ??? There is confusion between qemu_real_host_page_size and
1283 qemu_host_page_size here and elsewhere in target_mmap, which
1284 may lead to the end of the data section mapping from the file
1285 not being mapped. At least there was an explicit test and
1286 comment for that here, suggesting that "the file size must
1287 be known". The comment probably pre-dates the introduction
1288 of the fstat system call in target_mmap which does in fact
1289 find out the size. What isn't clear is if the workaround
1290 here is still actually needed. For now, continue with it,
1291 but merge it with the "normal" mmap that would allocate the bss. */
1293 host_start = (uintptr_t) g2h(elf_bss);
1294 host_end = (uintptr_t) g2h(last_bss);
1295 host_map_start = (host_start + qemu_real_host_page_size - 1);
1296 host_map_start &= -qemu_real_host_page_size;
1298 if (host_map_start < host_end) {
1299 void *p = mmap((void *)host_map_start, host_end - host_map_start,
1300 prot, MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
1301 if (p == MAP_FAILED) {
1302 perror("cannot mmap brk");
1306 /* Since we didn't use target_mmap, make sure to record
1307 the validity of the pages with qemu. */
1308 page_set_flags(elf_bss & TARGET_PAGE_MASK, last_bss, prot|PAGE_VALID);
1311 if (host_start < host_map_start) {
1312 memset((void *)host_start, 0, host_map_start - host_start);
1316 #ifdef CONFIG_USE_FDPIC
1317 static abi_ulong loader_build_fdpic_loadmap(struct image_info *info, abi_ulong sp)
1320 struct elf32_fdpic_loadseg *loadsegs = info->loadsegs;
1322 /* elf32_fdpic_loadseg */
1326 put_user_u32(loadsegs[n].addr, sp+0);
1327 put_user_u32(loadsegs[n].p_vaddr, sp+4);
1328 put_user_u32(loadsegs[n].p_memsz, sp+8);
1331 /* elf32_fdpic_loadmap */
1333 put_user_u16(0, sp+0); /* version */
1334 put_user_u16(info->nsegs, sp+2); /* nsegs */
1336 info->personality = PER_LINUX_FDPIC;
1337 info->loadmap_addr = sp;
1343 static abi_ulong create_elf_tables(abi_ulong p, int argc, int envc,
1344 struct elfhdr *exec,
1345 struct image_info *info,
1346 struct image_info *interp_info)
1352 abi_ulong u_rand_bytes;
1353 uint8_t k_rand_bytes[16];
1354 abi_ulong u_platform;
1355 const char *k_platform;
1356 const int n = sizeof(elf_addr_t);
1360 #ifdef CONFIG_USE_FDPIC
1361 /* Needs to be before we load the env/argc/... */
1362 if (elf_is_fdpic(exec)) {
1363 /* Need 4 byte alignment for these structs */
1365 sp = loader_build_fdpic_loadmap(info, sp);
1366 info->other_info = interp_info;
1368 interp_info->other_info = info;
1369 sp = loader_build_fdpic_loadmap(interp_info, sp);
1375 k_platform = ELF_PLATFORM;
1377 size_t len = strlen(k_platform) + 1;
1378 sp -= (len + n - 1) & ~(n - 1);
1380 /* FIXME - check return value of memcpy_to_target() for failure */
1381 memcpy_to_target(sp, k_platform, len);
1385 * Generate 16 random bytes for userspace PRNG seeding (not
1386 * cryptically secure but it's not the aim of QEMU).
1388 srand((unsigned int) time(NULL));
1389 for (i = 0; i < 16; i++) {
1390 k_rand_bytes[i] = rand();
1394 /* FIXME - check return value of memcpy_to_target() for failure */
1395 memcpy_to_target(sp, k_rand_bytes, 16);
1398 * Force 16 byte _final_ alignment here for generality.
1400 sp = sp &~ (abi_ulong)15;
1401 size = (DLINFO_ITEMS + 1) * 2;
1404 #ifdef DLINFO_ARCH_ITEMS
1405 size += DLINFO_ARCH_ITEMS * 2;
1407 size += envc + argc + 2;
1408 size += 1; /* argc itself */
1411 sp -= 16 - (size & 15);
1413 /* This is correct because Linux defines
1414 * elf_addr_t as Elf32_Off / Elf64_Off
1416 #define NEW_AUX_ENT(id, val) do { \
1417 sp -= n; put_user_ual(val, sp); \
1418 sp -= n; put_user_ual(id, sp); \
1422 NEW_AUX_ENT (AT_NULL, 0);
1424 /* There must be exactly DLINFO_ITEMS entries here. */
1425 NEW_AUX_ENT(AT_PHDR, (abi_ulong)(info->load_addr + exec->e_phoff));
1426 NEW_AUX_ENT(AT_PHENT, (abi_ulong)(sizeof (struct elf_phdr)));
1427 NEW_AUX_ENT(AT_PHNUM, (abi_ulong)(exec->e_phnum));
1428 NEW_AUX_ENT(AT_PAGESZ, (abi_ulong)(TARGET_PAGE_SIZE));
1429 NEW_AUX_ENT(AT_BASE, (abi_ulong)(interp_info ? interp_info->load_addr : 0));
1430 NEW_AUX_ENT(AT_FLAGS, (abi_ulong)0);
1431 NEW_AUX_ENT(AT_ENTRY, info->entry);
1432 NEW_AUX_ENT(AT_UID, (abi_ulong) getuid());
1433 NEW_AUX_ENT(AT_EUID, (abi_ulong) geteuid());
1434 NEW_AUX_ENT(AT_GID, (abi_ulong) getgid());
1435 NEW_AUX_ENT(AT_EGID, (abi_ulong) getegid());
1436 NEW_AUX_ENT(AT_HWCAP, (abi_ulong) ELF_HWCAP);
1437 NEW_AUX_ENT(AT_CLKTCK, (abi_ulong) sysconf(_SC_CLK_TCK));
1438 NEW_AUX_ENT(AT_RANDOM, (abi_ulong) u_rand_bytes);
1441 NEW_AUX_ENT(AT_PLATFORM, u_platform);
1444 * ARCH_DLINFO must come last so platform specific code can enforce
1445 * special alignment requirements on the AUXV if necessary (eg. PPC).
1451 info->saved_auxv = sp;
1452 info->auxv_len = sp_auxv - sp;
1454 sp = loader_build_argptr(envc, argc, sp, p, 0);
1458 #ifndef TARGET_HAS_VALIDATE_GUEST_SPACE
1459 /* If the guest doesn't have a validation function just agree */
1460 static int validate_guest_space(unsigned long guest_base,
1461 unsigned long guest_size)
1467 unsigned long init_guest_space(unsigned long host_start,
1468 unsigned long host_size,
1469 unsigned long guest_start,
1472 unsigned long current_start, real_start;
1475 assert(host_start || host_size);
1477 /* If just a starting address is given, then just verify that
1479 if (host_start && !host_size) {
1480 if (validate_guest_space(host_start, host_size) == 1) {
1483 return (unsigned long)-1;
1487 /* Setup the initial flags and start address. */
1488 current_start = host_start & qemu_host_page_mask;
1489 flags = MAP_ANONYMOUS | MAP_PRIVATE | MAP_NORESERVE;
1494 /* Otherwise, a non-zero size region of memory needs to be mapped
1497 unsigned long real_size = host_size;
1499 /* Do not use mmap_find_vma here because that is limited to the
1500 * guest address space. We are going to make the
1501 * guest address space fit whatever we're given.
1503 real_start = (unsigned long)
1504 mmap((void *)current_start, host_size, PROT_NONE, flags, -1, 0);
1505 if (real_start == (unsigned long)-1) {
1506 return (unsigned long)-1;
1509 /* Ensure the address is properly aligned. */
1510 if (real_start & ~qemu_host_page_mask) {
1511 munmap((void *)real_start, host_size);
1512 real_size = host_size + qemu_host_page_size;
1513 real_start = (unsigned long)
1514 mmap((void *)real_start, real_size, PROT_NONE, flags, -1, 0);
1515 if (real_start == (unsigned long)-1) {
1516 return (unsigned long)-1;
1518 real_start = HOST_PAGE_ALIGN(real_start);
1521 /* Check to see if the address is valid. */
1522 if (!host_start || real_start == current_start) {
1523 int valid = validate_guest_space(real_start - guest_start,
1527 } else if (valid == -1) {
1528 return (unsigned long)-1;
1530 /* valid == 0, so try again. */
1533 /* That address didn't work. Unmap and try a different one.
1534 * The address the host picked because is typically right at
1535 * the top of the host address space and leaves the guest with
1536 * no usable address space. Resort to a linear search. We
1537 * already compensated for mmap_min_addr, so this should not
1538 * happen often. Probably means we got unlucky and host
1539 * address space randomization put a shared library somewhere
1542 munmap((void *)real_start, host_size);
1543 current_start += qemu_host_page_size;
1544 if (host_start == current_start) {
1545 /* Theoretically possible if host doesn't have any suitably
1546 * aligned areas. Normally the first mmap will fail.
1548 return (unsigned long)-1;
1552 qemu_log("Reserved 0x%lx bytes of guest address space\n", host_size);
1557 static void probe_guest_base(const char *image_name,
1558 abi_ulong loaddr, abi_ulong hiaddr)
1560 /* Probe for a suitable guest base address, if the user has not set
1561 * it explicitly, and set guest_base appropriately.
1562 * In case of error we will print a suitable message and exit.
1564 #if defined(CONFIG_USE_GUEST_BASE)
1566 if (!have_guest_base && !reserved_va) {
1567 unsigned long host_start, real_start, host_size;
1569 /* Round addresses to page boundaries. */
1570 loaddr &= qemu_host_page_mask;
1571 hiaddr = HOST_PAGE_ALIGN(hiaddr);
1573 if (loaddr < mmap_min_addr) {
1574 host_start = HOST_PAGE_ALIGN(mmap_min_addr);
1576 host_start = loaddr;
1577 if (host_start != loaddr) {
1578 errmsg = "Address overflow loading ELF binary";
1582 host_size = hiaddr - loaddr;
1584 /* Setup the initial guest memory space with ranges gleaned from
1585 * the ELF image that is being loaded.
1587 real_start = init_guest_space(host_start, host_size, loaddr, false);
1588 if (real_start == (unsigned long)-1) {
1589 errmsg = "Unable to find space for application";
1592 guest_base = real_start - loaddr;
1594 qemu_log("Relocating guest address space from 0x"
1595 TARGET_ABI_FMT_lx " to 0x%lx\n",
1596 loaddr, real_start);
1601 fprintf(stderr, "%s: %s\n", image_name, errmsg);
1607 /* Load an ELF image into the address space.
1609 IMAGE_NAME is the filename of the image, to use in error messages.
1610 IMAGE_FD is the open file descriptor for the image.
1612 BPRM_BUF is a copy of the beginning of the file; this of course
1613 contains the elf file header at offset 0. It is assumed that this
1614 buffer is sufficiently aligned to present no problems to the host
1615 in accessing data at aligned offsets within the buffer.
1617 On return: INFO values will be filled in, as necessary or available. */
1619 static void load_elf_image(const char *image_name, int image_fd,
1620 struct image_info *info, char **pinterp_name,
1621 char bprm_buf[BPRM_BUF_SIZE])
1623 struct elfhdr *ehdr = (struct elfhdr *)bprm_buf;
1624 struct elf_phdr *phdr;
1625 abi_ulong load_addr, load_bias, loaddr, hiaddr, error;
1629 /* First of all, some simple consistency checks */
1630 errmsg = "Invalid ELF image for this architecture";
1631 if (!elf_check_ident(ehdr)) {
1635 if (!elf_check_ehdr(ehdr)) {
1639 i = ehdr->e_phnum * sizeof(struct elf_phdr);
1640 if (ehdr->e_phoff + i <= BPRM_BUF_SIZE) {
1641 phdr = (struct elf_phdr *)(bprm_buf + ehdr->e_phoff);
1643 phdr = (struct elf_phdr *) alloca(i);
1644 retval = pread(image_fd, phdr, i, ehdr->e_phoff);
1649 bswap_phdr(phdr, ehdr->e_phnum);
1651 #ifdef CONFIG_USE_FDPIC
1653 info->pt_dynamic_addr = 0;
1656 /* Find the maximum size of the image and allocate an appropriate
1657 amount of memory to handle that. */
1658 loaddr = -1, hiaddr = 0;
1659 for (i = 0; i < ehdr->e_phnum; ++i) {
1660 if (phdr[i].p_type == PT_LOAD) {
1661 abi_ulong a = phdr[i].p_vaddr;
1665 a += phdr[i].p_memsz;
1669 #ifdef CONFIG_USE_FDPIC
1676 if (ehdr->e_type == ET_DYN) {
1677 /* The image indicates that it can be loaded anywhere. Find a
1678 location that can hold the memory space required. If the
1679 image is pre-linked, LOADDR will be non-zero. Since we do
1680 not supply MAP_FIXED here we'll use that address if and
1681 only if it remains available. */
1682 load_addr = target_mmap(loaddr, hiaddr - loaddr, PROT_NONE,
1683 MAP_PRIVATE | MAP_ANON | MAP_NORESERVE,
1685 if (load_addr == -1) {
1688 } else if (pinterp_name != NULL) {
1689 /* This is the main executable. Make sure that the low
1690 address does not conflict with MMAP_MIN_ADDR or the
1691 QEMU application itself. */
1692 probe_guest_base(image_name, loaddr, hiaddr);
1694 load_bias = load_addr - loaddr;
1696 #ifdef CONFIG_USE_FDPIC
1698 struct elf32_fdpic_loadseg *loadsegs = info->loadsegs =
1699 g_malloc(sizeof(*loadsegs) * info->nsegs);
1701 for (i = 0; i < ehdr->e_phnum; ++i) {
1702 switch (phdr[i].p_type) {
1704 info->pt_dynamic_addr = phdr[i].p_vaddr + load_bias;
1707 loadsegs->addr = phdr[i].p_vaddr + load_bias;
1708 loadsegs->p_vaddr = phdr[i].p_vaddr;
1709 loadsegs->p_memsz = phdr[i].p_memsz;
1717 info->load_bias = load_bias;
1718 info->load_addr = load_addr;
1719 info->entry = ehdr->e_entry + load_bias;
1720 info->start_code = -1;
1722 info->start_data = -1;
1725 info->elf_flags = ehdr->e_flags;
1727 for (i = 0; i < ehdr->e_phnum; i++) {
1728 struct elf_phdr *eppnt = phdr + i;
1729 if (eppnt->p_type == PT_LOAD) {
1730 abi_ulong vaddr, vaddr_po, vaddr_ps, vaddr_ef, vaddr_em;
1733 if (eppnt->p_flags & PF_R) elf_prot = PROT_READ;
1734 if (eppnt->p_flags & PF_W) elf_prot |= PROT_WRITE;
1735 if (eppnt->p_flags & PF_X) elf_prot |= PROT_EXEC;
1737 vaddr = load_bias + eppnt->p_vaddr;
1738 vaddr_po = TARGET_ELF_PAGEOFFSET(vaddr);
1739 vaddr_ps = TARGET_ELF_PAGESTART(vaddr);
1741 error = target_mmap(vaddr_ps, eppnt->p_filesz + vaddr_po,
1742 elf_prot, MAP_PRIVATE | MAP_FIXED,
1743 image_fd, eppnt->p_offset - vaddr_po);
1748 vaddr_ef = vaddr + eppnt->p_filesz;
1749 vaddr_em = vaddr + eppnt->p_memsz;
1751 /* If the load segment requests extra zeros (e.g. bss), map it. */
1752 if (vaddr_ef < vaddr_em) {
1753 zero_bss(vaddr_ef, vaddr_em, elf_prot);
1756 /* Find the full program boundaries. */
1757 if (elf_prot & PROT_EXEC) {
1758 if (vaddr < info->start_code) {
1759 info->start_code = vaddr;
1761 if (vaddr_ef > info->end_code) {
1762 info->end_code = vaddr_ef;
1765 if (elf_prot & PROT_WRITE) {
1766 if (vaddr < info->start_data) {
1767 info->start_data = vaddr;
1769 if (vaddr_ef > info->end_data) {
1770 info->end_data = vaddr_ef;
1772 if (vaddr_em > info->brk) {
1773 info->brk = vaddr_em;
1776 } else if (eppnt->p_type == PT_INTERP && pinterp_name) {
1779 if (*pinterp_name) {
1780 errmsg = "Multiple PT_INTERP entries";
1783 interp_name = malloc(eppnt->p_filesz);
1788 if (eppnt->p_offset + eppnt->p_filesz <= BPRM_BUF_SIZE) {
1789 memcpy(interp_name, bprm_buf + eppnt->p_offset,
1792 retval = pread(image_fd, interp_name, eppnt->p_filesz,
1794 if (retval != eppnt->p_filesz) {
1798 if (interp_name[eppnt->p_filesz - 1] != 0) {
1799 errmsg = "Invalid PT_INTERP entry";
1802 *pinterp_name = interp_name;
1806 if (info->end_data == 0) {
1807 info->start_data = info->end_code;
1808 info->end_data = info->end_code;
1809 info->brk = info->end_code;
1812 if (qemu_log_enabled()) {
1813 load_symbols(ehdr, image_fd, load_bias);
1821 errmsg = "Incomplete read of file header";
1825 errmsg = strerror(errno);
1827 fprintf(stderr, "%s: %s\n", image_name, errmsg);
1831 static void load_elf_interp(const char *filename, struct image_info *info,
1832 char bprm_buf[BPRM_BUF_SIZE])
1836 fd = open(path(filename), O_RDONLY);
1841 retval = read(fd, bprm_buf, BPRM_BUF_SIZE);
1845 if (retval < BPRM_BUF_SIZE) {
1846 memset(bprm_buf + retval, 0, BPRM_BUF_SIZE - retval);
1849 load_elf_image(filename, fd, info, NULL, bprm_buf);
1853 fprintf(stderr, "%s: %s\n", filename, strerror(errno));
1857 static int symfind(const void *s0, const void *s1)
1859 target_ulong addr = *(target_ulong *)s0;
1860 struct elf_sym *sym = (struct elf_sym *)s1;
1862 if (addr < sym->st_value) {
1864 } else if (addr >= sym->st_value + sym->st_size) {
1870 static const char *lookup_symbolxx(struct syminfo *s, target_ulong orig_addr)
1872 #if ELF_CLASS == ELFCLASS32
1873 struct elf_sym *syms = s->disas_symtab.elf32;
1875 struct elf_sym *syms = s->disas_symtab.elf64;
1879 struct elf_sym *sym;
1881 sym = bsearch(&orig_addr, syms, s->disas_num_syms, sizeof(*syms), symfind);
1883 return s->disas_strtab + sym->st_name;
1889 /* FIXME: This should use elf_ops.h */
1890 static int symcmp(const void *s0, const void *s1)
1892 struct elf_sym *sym0 = (struct elf_sym *)s0;
1893 struct elf_sym *sym1 = (struct elf_sym *)s1;
1894 return (sym0->st_value < sym1->st_value)
1896 : ((sym0->st_value > sym1->st_value) ? 1 : 0);
1899 /* Best attempt to load symbols from this ELF object. */
1900 static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias)
1902 int i, shnum, nsyms, sym_idx = 0, str_idx = 0;
1903 struct elf_shdr *shdr;
1904 char *strings = NULL;
1905 struct syminfo *s = NULL;
1906 struct elf_sym *new_syms, *syms = NULL;
1908 shnum = hdr->e_shnum;
1909 i = shnum * sizeof(struct elf_shdr);
1910 shdr = (struct elf_shdr *)alloca(i);
1911 if (pread(fd, shdr, i, hdr->e_shoff) != i) {
1915 bswap_shdr(shdr, shnum);
1916 for (i = 0; i < shnum; ++i) {
1917 if (shdr[i].sh_type == SHT_SYMTAB) {
1919 str_idx = shdr[i].sh_link;
1924 /* There will be no symbol table if the file was stripped. */
1928 /* Now know where the strtab and symtab are. Snarf them. */
1929 s = malloc(sizeof(*s));
1934 i = shdr[str_idx].sh_size;
1935 s->disas_strtab = strings = malloc(i);
1936 if (!strings || pread(fd, strings, i, shdr[str_idx].sh_offset) != i) {
1940 i = shdr[sym_idx].sh_size;
1942 if (!syms || pread(fd, syms, i, shdr[sym_idx].sh_offset) != i) {
1946 nsyms = i / sizeof(struct elf_sym);
1947 for (i = 0; i < nsyms; ) {
1948 bswap_sym(syms + i);
1949 /* Throw away entries which we do not need. */
1950 if (syms[i].st_shndx == SHN_UNDEF
1951 || syms[i].st_shndx >= SHN_LORESERVE
1952 || ELF_ST_TYPE(syms[i].st_info) != STT_FUNC) {
1954 syms[i] = syms[nsyms];
1957 #if defined(TARGET_ARM) || defined (TARGET_MIPS)
1958 /* The bottom address bit marks a Thumb or MIPS16 symbol. */
1959 syms[i].st_value &= ~(target_ulong)1;
1961 syms[i].st_value += load_bias;
1966 /* No "useful" symbol. */
1971 /* Attempt to free the storage associated with the local symbols
1972 that we threw away. Whether or not this has any effect on the
1973 memory allocation depends on the malloc implementation and how
1974 many symbols we managed to discard. */
1975 new_syms = realloc(syms, nsyms * sizeof(*syms));
1976 if (new_syms == NULL) {
1981 qsort(syms, nsyms, sizeof(*syms), symcmp);
1983 s->disas_num_syms = nsyms;
1984 #if ELF_CLASS == ELFCLASS32
1985 s->disas_symtab.elf32 = syms;
1987 s->disas_symtab.elf64 = syms;
1989 s->lookup_symbol = lookup_symbolxx;
2001 int load_elf_binary(struct linux_binprm *bprm, struct image_info *info)
2003 struct image_info interp_info;
2004 struct elfhdr elf_ex;
2005 char *elf_interpreter = NULL;
2007 info->start_mmap = (abi_ulong)ELF_START_MMAP;
2011 load_elf_image(bprm->filename, bprm->fd, info,
2012 &elf_interpreter, bprm->buf);
2014 /* ??? We need a copy of the elf header for passing to create_elf_tables.
2015 If we do nothing, we'll have overwritten this when we re-use bprm->buf
2016 when we load the interpreter. */
2017 elf_ex = *(struct elfhdr *)bprm->buf;
2019 bprm->p = copy_elf_strings(1, &bprm->filename, bprm->page, bprm->p);
2020 bprm->p = copy_elf_strings(bprm->envc,bprm->envp,bprm->page,bprm->p);
2021 bprm->p = copy_elf_strings(bprm->argc,bprm->argv,bprm->page,bprm->p);
2023 fprintf(stderr, "%s: %s\n", bprm->filename, strerror(E2BIG));
2027 /* Do this so that we can load the interpreter, if need be. We will
2028 change some of these later */
2029 bprm->p = setup_arg_pages(bprm->p, bprm, info);
2031 if (elf_interpreter) {
2032 load_elf_interp(elf_interpreter, &interp_info, bprm->buf);
2034 /* If the program interpreter is one of these two, then assume
2035 an iBCS2 image. Otherwise assume a native linux image. */
2037 if (strcmp(elf_interpreter, "/usr/lib/libc.so.1") == 0
2038 || strcmp(elf_interpreter, "/usr/lib/ld.so.1") == 0) {
2039 info->personality = PER_SVR4;
2041 /* Why this, you ask??? Well SVr4 maps page 0 as read-only,
2042 and some applications "depend" upon this behavior. Since
2043 we do not have the power to recompile these, we emulate
2044 the SVr4 behavior. Sigh. */
2045 target_mmap(0, qemu_host_page_size, PROT_READ | PROT_EXEC,
2046 MAP_FIXED | MAP_PRIVATE, -1, 0);
2050 bprm->p = create_elf_tables(bprm->p, bprm->argc, bprm->envc, &elf_ex,
2051 info, (elf_interpreter ? &interp_info : NULL));
2052 info->start_stack = bprm->p;
2054 /* If we have an interpreter, set that as the program's entry point.
2055 Copy the load_bias as well, to help PPC64 interpret the entry
2056 point as a function descriptor. Do this after creating elf tables
2057 so that we copy the original program entry point into the AUXV. */
2058 if (elf_interpreter) {
2059 info->load_bias = interp_info.load_bias;
2060 info->entry = interp_info.entry;
2061 free(elf_interpreter);
2064 #ifdef USE_ELF_CORE_DUMP
2065 bprm->core_dump = &elf_core_dump;
2071 #ifdef USE_ELF_CORE_DUMP
2073 * Definitions to generate Intel SVR4-like core files.
2074 * These mostly have the same names as the SVR4 types with "target_elf_"
2075 * tacked on the front to prevent clashes with linux definitions,
2076 * and the typedef forms have been avoided. This is mostly like
2077 * the SVR4 structure, but more Linuxy, with things that Linux does
2078 * not support and which gdb doesn't really use excluded.
2080 * Fields we don't dump (their contents is zero) in linux-user qemu
2081 * are marked with XXX.
2083 * Core dump code is copied from linux kernel (fs/binfmt_elf.c).
2085 * Porting ELF coredump for target is (quite) simple process. First you
2086 * define USE_ELF_CORE_DUMP in target ELF code (where init_thread() for
2087 * the target resides):
2089 * #define USE_ELF_CORE_DUMP
2091 * Next you define type of register set used for dumping. ELF specification
2092 * says that it needs to be array of elf_greg_t that has size of ELF_NREG.
2094 * typedef <target_regtype> target_elf_greg_t;
2095 * #define ELF_NREG <number of registers>
2096 * typedef taret_elf_greg_t target_elf_gregset_t[ELF_NREG];
2098 * Last step is to implement target specific function that copies registers
2099 * from given cpu into just specified register set. Prototype is:
2101 * static void elf_core_copy_regs(taret_elf_gregset_t *regs,
2102 * const CPUArchState *env);
2105 * regs - copy register values into here (allocated and zeroed by caller)
2106 * env - copy registers from here
2108 * Example for ARM target is provided in this file.
2111 /* An ELF note in memory */
2115 size_t namesz_rounded;
2118 size_t datasz_rounded;
2123 struct target_elf_siginfo {
2124 abi_int si_signo; /* signal number */
2125 abi_int si_code; /* extra code */
2126 abi_int si_errno; /* errno */
2129 struct target_elf_prstatus {
2130 struct target_elf_siginfo pr_info; /* Info associated with signal */
2131 abi_short pr_cursig; /* Current signal */
2132 abi_ulong pr_sigpend; /* XXX */
2133 abi_ulong pr_sighold; /* XXX */
2134 target_pid_t pr_pid;
2135 target_pid_t pr_ppid;
2136 target_pid_t pr_pgrp;
2137 target_pid_t pr_sid;
2138 struct target_timeval pr_utime; /* XXX User time */
2139 struct target_timeval pr_stime; /* XXX System time */
2140 struct target_timeval pr_cutime; /* XXX Cumulative user time */
2141 struct target_timeval pr_cstime; /* XXX Cumulative system time */
2142 target_elf_gregset_t pr_reg; /* GP registers */
2143 abi_int pr_fpvalid; /* XXX */
2146 #define ELF_PRARGSZ (80) /* Number of chars for args */
2148 struct target_elf_prpsinfo {
2149 char pr_state; /* numeric process state */
2150 char pr_sname; /* char for pr_state */
2151 char pr_zomb; /* zombie */
2152 char pr_nice; /* nice val */
2153 abi_ulong pr_flag; /* flags */
2154 target_uid_t pr_uid;
2155 target_gid_t pr_gid;
2156 target_pid_t pr_pid, pr_ppid, pr_pgrp, pr_sid;
2158 char pr_fname[16]; /* filename of executable */
2159 char pr_psargs[ELF_PRARGSZ]; /* initial part of arg list */
2162 /* Here is the structure in which status of each thread is captured. */
2163 struct elf_thread_status {
2164 QTAILQ_ENTRY(elf_thread_status) ets_link;
2165 struct target_elf_prstatus prstatus; /* NT_PRSTATUS */
2167 elf_fpregset_t fpu; /* NT_PRFPREG */
2168 struct task_struct *thread;
2169 elf_fpxregset_t xfpu; /* ELF_CORE_XFPREG_TYPE */
2171 struct memelfnote notes[1];
2175 struct elf_note_info {
2176 struct memelfnote *notes;
2177 struct target_elf_prstatus *prstatus; /* NT_PRSTATUS */
2178 struct target_elf_prpsinfo *psinfo; /* NT_PRPSINFO */
2180 QTAILQ_HEAD(thread_list_head, elf_thread_status) thread_list;
2183 * Current version of ELF coredump doesn't support
2184 * dumping fp regs etc.
2186 elf_fpregset_t *fpu;
2187 elf_fpxregset_t *xfpu;
2188 int thread_status_size;
2194 struct vm_area_struct {
2195 abi_ulong vma_start; /* start vaddr of memory region */
2196 abi_ulong vma_end; /* end vaddr of memory region */
2197 abi_ulong vma_flags; /* protection etc. flags for the region */
2198 QTAILQ_ENTRY(vm_area_struct) vma_link;
2202 QTAILQ_HEAD(, vm_area_struct) mm_mmap;
2203 int mm_count; /* number of mappings */
2206 static struct mm_struct *vma_init(void);
2207 static void vma_delete(struct mm_struct *);
2208 static int vma_add_mapping(struct mm_struct *, abi_ulong,
2209 abi_ulong, abi_ulong);
2210 static int vma_get_mapping_count(const struct mm_struct *);
2211 static struct vm_area_struct *vma_first(const struct mm_struct *);
2212 static struct vm_area_struct *vma_next(struct vm_area_struct *);
2213 static abi_ulong vma_dump_size(const struct vm_area_struct *);
2214 static int vma_walker(void *priv, abi_ulong start, abi_ulong end,
2215 unsigned long flags);
2217 static void fill_elf_header(struct elfhdr *, int, uint16_t, uint32_t);
2218 static void fill_note(struct memelfnote *, const char *, int,
2219 unsigned int, void *);
2220 static void fill_prstatus(struct target_elf_prstatus *, const TaskState *, int);
2221 static int fill_psinfo(struct target_elf_prpsinfo *, const TaskState *);
2222 static void fill_auxv_note(struct memelfnote *, const TaskState *);
2223 static void fill_elf_note_phdr(struct elf_phdr *, int, off_t);
2224 static size_t note_size(const struct memelfnote *);
2225 static void free_note_info(struct elf_note_info *);
2226 static int fill_note_info(struct elf_note_info *, long, const CPUArchState *);
2227 static void fill_thread_info(struct elf_note_info *, const CPUArchState *);
2228 static int core_dump_filename(const TaskState *, char *, size_t);
2230 static int dump_write(int, const void *, size_t);
2231 static int write_note(struct memelfnote *, int);
2232 static int write_note_info(struct elf_note_info *, int);
2235 static void bswap_prstatus(struct target_elf_prstatus *prstatus)
2237 prstatus->pr_info.si_signo = tswap32(prstatus->pr_info.si_signo);
2238 prstatus->pr_info.si_code = tswap32(prstatus->pr_info.si_code);
2239 prstatus->pr_info.si_errno = tswap32(prstatus->pr_info.si_errno);
2240 prstatus->pr_cursig = tswap16(prstatus->pr_cursig);
2241 prstatus->pr_sigpend = tswapal(prstatus->pr_sigpend);
2242 prstatus->pr_sighold = tswapal(prstatus->pr_sighold);
2243 prstatus->pr_pid = tswap32(prstatus->pr_pid);
2244 prstatus->pr_ppid = tswap32(prstatus->pr_ppid);
2245 prstatus->pr_pgrp = tswap32(prstatus->pr_pgrp);
2246 prstatus->pr_sid = tswap32(prstatus->pr_sid);
2247 /* cpu times are not filled, so we skip them */
2248 /* regs should be in correct format already */
2249 prstatus->pr_fpvalid = tswap32(prstatus->pr_fpvalid);
2252 static void bswap_psinfo(struct target_elf_prpsinfo *psinfo)
2254 psinfo->pr_flag = tswapal(psinfo->pr_flag);
2255 psinfo->pr_uid = tswap16(psinfo->pr_uid);
2256 psinfo->pr_gid = tswap16(psinfo->pr_gid);
2257 psinfo->pr_pid = tswap32(psinfo->pr_pid);
2258 psinfo->pr_ppid = tswap32(psinfo->pr_ppid);
2259 psinfo->pr_pgrp = tswap32(psinfo->pr_pgrp);
2260 psinfo->pr_sid = tswap32(psinfo->pr_sid);
2263 static void bswap_note(struct elf_note *en)
2265 bswap32s(&en->n_namesz);
2266 bswap32s(&en->n_descsz);
2267 bswap32s(&en->n_type);
2270 static inline void bswap_prstatus(struct target_elf_prstatus *p) { }
2271 static inline void bswap_psinfo(struct target_elf_prpsinfo *p) {}
2272 static inline void bswap_note(struct elf_note *en) { }
2273 #endif /* BSWAP_NEEDED */
2276 * Minimal support for linux memory regions. These are needed
2277 * when we are finding out what memory exactly belongs to
2278 * emulated process. No locks needed here, as long as
2279 * thread that received the signal is stopped.
2282 static struct mm_struct *vma_init(void)
2284 struct mm_struct *mm;
2286 if ((mm = g_malloc(sizeof (*mm))) == NULL)
2290 QTAILQ_INIT(&mm->mm_mmap);
2295 static void vma_delete(struct mm_struct *mm)
2297 struct vm_area_struct *vma;
2299 while ((vma = vma_first(mm)) != NULL) {
2300 QTAILQ_REMOVE(&mm->mm_mmap, vma, vma_link);
2306 static int vma_add_mapping(struct mm_struct *mm, abi_ulong start,
2307 abi_ulong end, abi_ulong flags)
2309 struct vm_area_struct *vma;
2311 if ((vma = g_malloc0(sizeof (*vma))) == NULL)
2314 vma->vma_start = start;
2316 vma->vma_flags = flags;
2318 QTAILQ_INSERT_TAIL(&mm->mm_mmap, vma, vma_link);
2324 static struct vm_area_struct *vma_first(const struct mm_struct *mm)
2326 return (QTAILQ_FIRST(&mm->mm_mmap));
2329 static struct vm_area_struct *vma_next(struct vm_area_struct *vma)
2331 return (QTAILQ_NEXT(vma, vma_link));
2334 static int vma_get_mapping_count(const struct mm_struct *mm)
2336 return (mm->mm_count);
2340 * Calculate file (dump) size of given memory region.
2342 static abi_ulong vma_dump_size(const struct vm_area_struct *vma)
2344 /* if we cannot even read the first page, skip it */
2345 if (!access_ok(VERIFY_READ, vma->vma_start, TARGET_PAGE_SIZE))
2349 * Usually we don't dump executable pages as they contain
2350 * non-writable code that debugger can read directly from
2351 * target library etc. However, thread stacks are marked
2352 * also executable so we read in first page of given region
2353 * and check whether it contains elf header. If there is
2354 * no elf header, we dump it.
2356 if (vma->vma_flags & PROT_EXEC) {
2357 char page[TARGET_PAGE_SIZE];
2359 copy_from_user(page, vma->vma_start, sizeof (page));
2360 if ((page[EI_MAG0] == ELFMAG0) &&
2361 (page[EI_MAG1] == ELFMAG1) &&
2362 (page[EI_MAG2] == ELFMAG2) &&
2363 (page[EI_MAG3] == ELFMAG3)) {
2365 * Mappings are possibly from ELF binary. Don't dump
2372 return (vma->vma_end - vma->vma_start);
2375 static int vma_walker(void *priv, abi_ulong start, abi_ulong end,
2376 unsigned long flags)
2378 struct mm_struct *mm = (struct mm_struct *)priv;
2380 vma_add_mapping(mm, start, end, flags);
2384 static void fill_note(struct memelfnote *note, const char *name, int type,
2385 unsigned int sz, void *data)
2387 unsigned int namesz;
2389 namesz = strlen(name) + 1;
2391 note->namesz = namesz;
2392 note->namesz_rounded = roundup(namesz, sizeof (int32_t));
2395 note->datasz_rounded = roundup(sz, sizeof (int32_t));
2400 * We calculate rounded up note size here as specified by
2403 note->notesz = sizeof (struct elf_note) +
2404 note->namesz_rounded + note->datasz_rounded;
2407 static void fill_elf_header(struct elfhdr *elf, int segs, uint16_t machine,
2410 (void) memset(elf, 0, sizeof(*elf));
2412 (void) memcpy(elf->e_ident, ELFMAG, SELFMAG);
2413 elf->e_ident[EI_CLASS] = ELF_CLASS;
2414 elf->e_ident[EI_DATA] = ELF_DATA;
2415 elf->e_ident[EI_VERSION] = EV_CURRENT;
2416 elf->e_ident[EI_OSABI] = ELF_OSABI;
2418 elf->e_type = ET_CORE;
2419 elf->e_machine = machine;
2420 elf->e_version = EV_CURRENT;
2421 elf->e_phoff = sizeof(struct elfhdr);
2422 elf->e_flags = flags;
2423 elf->e_ehsize = sizeof(struct elfhdr);
2424 elf->e_phentsize = sizeof(struct elf_phdr);
2425 elf->e_phnum = segs;
2430 static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, off_t offset)
2432 phdr->p_type = PT_NOTE;
2433 phdr->p_offset = offset;
2436 phdr->p_filesz = sz;
2441 bswap_phdr(phdr, 1);
2444 static size_t note_size(const struct memelfnote *note)
2446 return (note->notesz);
2449 static void fill_prstatus(struct target_elf_prstatus *prstatus,
2450 const TaskState *ts, int signr)
2452 (void) memset(prstatus, 0, sizeof (*prstatus));
2453 prstatus->pr_info.si_signo = prstatus->pr_cursig = signr;
2454 prstatus->pr_pid = ts->ts_tid;
2455 prstatus->pr_ppid = getppid();
2456 prstatus->pr_pgrp = getpgrp();
2457 prstatus->pr_sid = getsid(0);
2459 bswap_prstatus(prstatus);
2462 static int fill_psinfo(struct target_elf_prpsinfo *psinfo, const TaskState *ts)
2464 char *base_filename;
2465 unsigned int i, len;
2467 (void) memset(psinfo, 0, sizeof (*psinfo));
2469 len = ts->info->arg_end - ts->info->arg_start;
2470 if (len >= ELF_PRARGSZ)
2471 len = ELF_PRARGSZ - 1;
2472 if (copy_from_user(&psinfo->pr_psargs, ts->info->arg_start, len))
2474 for (i = 0; i < len; i++)
2475 if (psinfo->pr_psargs[i] == 0)
2476 psinfo->pr_psargs[i] = ' ';
2477 psinfo->pr_psargs[len] = 0;
2479 psinfo->pr_pid = getpid();
2480 psinfo->pr_ppid = getppid();
2481 psinfo->pr_pgrp = getpgrp();
2482 psinfo->pr_sid = getsid(0);
2483 psinfo->pr_uid = getuid();
2484 psinfo->pr_gid = getgid();
2486 base_filename = g_path_get_basename(ts->bprm->filename);
2488 * Using strncpy here is fine: at max-length,
2489 * this field is not NUL-terminated.
2491 (void) strncpy(psinfo->pr_fname, base_filename,
2492 sizeof(psinfo->pr_fname));
2494 g_free(base_filename);
2495 bswap_psinfo(psinfo);
2499 static void fill_auxv_note(struct memelfnote *note, const TaskState *ts)
2501 elf_addr_t auxv = (elf_addr_t)ts->info->saved_auxv;
2502 elf_addr_t orig_auxv = auxv;
2504 int len = ts->info->auxv_len;
2507 * Auxiliary vector is stored in target process stack. It contains
2508 * {type, value} pairs that we need to dump into note. This is not
2509 * strictly necessary but we do it here for sake of completeness.
2512 /* read in whole auxv vector and copy it to memelfnote */
2513 ptr = lock_user(VERIFY_READ, orig_auxv, len, 0);
2515 fill_note(note, "CORE", NT_AUXV, len, ptr);
2516 unlock_user(ptr, auxv, len);
2521 * Constructs name of coredump file. We have following convention
2523 * qemu_<basename-of-target-binary>_<date>-<time>_<pid>.core
2525 * Returns 0 in case of success, -1 otherwise (errno is set).
2527 static int core_dump_filename(const TaskState *ts, char *buf,
2531 char *filename = NULL;
2532 char *base_filename = NULL;
2536 assert(bufsize >= PATH_MAX);
2538 if (gettimeofday(&tv, NULL) < 0) {
2539 (void) fprintf(stderr, "unable to get current timestamp: %s",
2544 filename = strdup(ts->bprm->filename);
2545 base_filename = strdup(basename(filename));
2546 (void) strftime(timestamp, sizeof (timestamp), "%Y%m%d-%H%M%S",
2547 localtime_r(&tv.tv_sec, &tm));
2548 (void) snprintf(buf, bufsize, "qemu_%s_%s_%d.core",
2549 base_filename, timestamp, (int)getpid());
2550 free(base_filename);
2556 static int dump_write(int fd, const void *ptr, size_t size)
2558 const char *bufp = (const char *)ptr;
2559 ssize_t bytes_written, bytes_left;
2560 struct rlimit dumpsize;
2564 getrlimit(RLIMIT_CORE, &dumpsize);
2565 if ((pos = lseek(fd, 0, SEEK_CUR))==-1) {
2566 if (errno == ESPIPE) { /* not a seekable stream */
2572 if (dumpsize.rlim_cur <= pos) {
2574 } else if (dumpsize.rlim_cur == RLIM_INFINITY) {
2577 size_t limit_left=dumpsize.rlim_cur - pos;
2578 bytes_left = limit_left >= size ? size : limit_left ;
2583 * In normal conditions, single write(2) should do but
2584 * in case of socket etc. this mechanism is more portable.
2587 bytes_written = write(fd, bufp, bytes_left);
2588 if (bytes_written < 0) {
2592 } else if (bytes_written == 0) { /* eof */
2595 bufp += bytes_written;
2596 bytes_left -= bytes_written;
2597 } while (bytes_left > 0);
2602 static int write_note(struct memelfnote *men, int fd)
2606 en.n_namesz = men->namesz;
2607 en.n_type = men->type;
2608 en.n_descsz = men->datasz;
2612 if (dump_write(fd, &en, sizeof(en)) != 0)
2614 if (dump_write(fd, men->name, men->namesz_rounded) != 0)
2616 if (dump_write(fd, men->data, men->datasz_rounded) != 0)
2622 static void fill_thread_info(struct elf_note_info *info, const CPUArchState *env)
2624 TaskState *ts = (TaskState *)env->opaque;
2625 struct elf_thread_status *ets;
2627 ets = g_malloc0(sizeof (*ets));
2628 ets->num_notes = 1; /* only prstatus is dumped */
2629 fill_prstatus(&ets->prstatus, ts, 0);
2630 elf_core_copy_regs(&ets->prstatus.pr_reg, env);
2631 fill_note(&ets->notes[0], "CORE", NT_PRSTATUS, sizeof (ets->prstatus),
2634 QTAILQ_INSERT_TAIL(&info->thread_list, ets, ets_link);
2636 info->notes_size += note_size(&ets->notes[0]);
2639 static int fill_note_info(struct elf_note_info *info,
2640 long signr, const CPUArchState *env)
2643 CPUState *cpu = NULL;
2644 TaskState *ts = (TaskState *)env->opaque;
2647 (void) memset(info, 0, sizeof (*info));
2649 QTAILQ_INIT(&info->thread_list);
2651 info->notes = g_malloc0(NUMNOTES * sizeof (struct memelfnote));
2652 if (info->notes == NULL)
2654 info->prstatus = g_malloc0(sizeof (*info->prstatus));
2655 if (info->prstatus == NULL)
2657 info->psinfo = g_malloc0(sizeof (*info->psinfo));
2658 if (info->prstatus == NULL)
2662 * First fill in status (and registers) of current thread
2663 * including process info & aux vector.
2665 fill_prstatus(info->prstatus, ts, signr);
2666 elf_core_copy_regs(&info->prstatus->pr_reg, env);
2667 fill_note(&info->notes[0], "CORE", NT_PRSTATUS,
2668 sizeof (*info->prstatus), info->prstatus);
2669 fill_psinfo(info->psinfo, ts);
2670 fill_note(&info->notes[1], "CORE", NT_PRPSINFO,
2671 sizeof (*info->psinfo), info->psinfo);
2672 fill_auxv_note(&info->notes[2], ts);
2675 info->notes_size = 0;
2676 for (i = 0; i < info->numnote; i++)
2677 info->notes_size += note_size(&info->notes[i]);
2679 /* read and fill status of all threads */
2682 if (cpu == thread_cpu) {
2685 fill_thread_info(info, (CPUArchState *)cpu->env_ptr);
2692 static void free_note_info(struct elf_note_info *info)
2694 struct elf_thread_status *ets;
2696 while (!QTAILQ_EMPTY(&info->thread_list)) {
2697 ets = QTAILQ_FIRST(&info->thread_list);
2698 QTAILQ_REMOVE(&info->thread_list, ets, ets_link);
2702 g_free(info->prstatus);
2703 g_free(info->psinfo);
2704 g_free(info->notes);
2707 static int write_note_info(struct elf_note_info *info, int fd)
2709 struct elf_thread_status *ets;
2712 /* write prstatus, psinfo and auxv for current thread */
2713 for (i = 0; i < info->numnote; i++)
2714 if ((error = write_note(&info->notes[i], fd)) != 0)
2717 /* write prstatus for each thread */
2718 for (ets = info->thread_list.tqh_first; ets != NULL;
2719 ets = ets->ets_link.tqe_next) {
2720 if ((error = write_note(&ets->notes[0], fd)) != 0)
2728 * Write out ELF coredump.
2730 * See documentation of ELF object file format in:
2731 * http://www.caldera.com/developers/devspecs/gabi41.pdf
2733 * Coredump format in linux is following:
2735 * 0 +----------------------+ \
2736 * | ELF header | ET_CORE |
2737 * +----------------------+ |
2738 * | ELF program headers | |--- headers
2739 * | - NOTE section | |
2740 * | - PT_LOAD sections | |
2741 * +----------------------+ /
2746 * +----------------------+ <-- aligned to target page
2747 * | Process memory dump |
2752 * +----------------------+
2754 * NT_PRSTATUS -> struct elf_prstatus (per thread)
2755 * NT_PRSINFO -> struct elf_prpsinfo
2756 * NT_AUXV is array of { type, value } pairs (see fill_auxv_note()).
2758 * Format follows System V format as close as possible. Current
2759 * version limitations are as follows:
2760 * - no floating point registers are dumped
2762 * Function returns 0 in case of success, negative errno otherwise.
2764 * TODO: make this work also during runtime: it should be
2765 * possible to force coredump from running process and then
2766 * continue processing. For example qemu could set up SIGUSR2
2767 * handler (provided that target process haven't registered
2768 * handler for that) that does the dump when signal is received.
2770 static int elf_core_dump(int signr, const CPUArchState *env)
2772 const TaskState *ts = (const TaskState *)env->opaque;
2773 struct vm_area_struct *vma = NULL;
2774 char corefile[PATH_MAX];
2775 struct elf_note_info info;
2777 struct elf_phdr phdr;
2778 struct rlimit dumpsize;
2779 struct mm_struct *mm = NULL;
2780 off_t offset = 0, data_offset = 0;
2785 getrlimit(RLIMIT_CORE, &dumpsize);
2786 if (dumpsize.rlim_cur == 0)
2789 if (core_dump_filename(ts, corefile, sizeof (corefile)) < 0)
2792 if ((fd = open(corefile, O_WRONLY | O_CREAT,
2793 S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)) < 0)
2797 * Walk through target process memory mappings and
2798 * set up structure containing this information. After
2799 * this point vma_xxx functions can be used.
2801 if ((mm = vma_init()) == NULL)
2804 walk_memory_regions(mm, vma_walker);
2805 segs = vma_get_mapping_count(mm);
2808 * Construct valid coredump ELF header. We also
2809 * add one more segment for notes.
2811 fill_elf_header(&elf, segs + 1, ELF_MACHINE, 0);
2812 if (dump_write(fd, &elf, sizeof (elf)) != 0)
2815 /* fill in in-memory version of notes */
2816 if (fill_note_info(&info, signr, env) < 0)
2819 offset += sizeof (elf); /* elf header */
2820 offset += (segs + 1) * sizeof (struct elf_phdr); /* program headers */
2822 /* write out notes program header */
2823 fill_elf_note_phdr(&phdr, info.notes_size, offset);
2825 offset += info.notes_size;
2826 if (dump_write(fd, &phdr, sizeof (phdr)) != 0)
2830 * ELF specification wants data to start at page boundary so
2833 data_offset = offset = roundup(offset, ELF_EXEC_PAGESIZE);
2836 * Write program headers for memory regions mapped in
2837 * the target process.
2839 for (vma = vma_first(mm); vma != NULL; vma = vma_next(vma)) {
2840 (void) memset(&phdr, 0, sizeof (phdr));
2842 phdr.p_type = PT_LOAD;
2843 phdr.p_offset = offset;
2844 phdr.p_vaddr = vma->vma_start;
2846 phdr.p_filesz = vma_dump_size(vma);
2847 offset += phdr.p_filesz;
2848 phdr.p_memsz = vma->vma_end - vma->vma_start;
2849 phdr.p_flags = vma->vma_flags & PROT_READ ? PF_R : 0;
2850 if (vma->vma_flags & PROT_WRITE)
2851 phdr.p_flags |= PF_W;
2852 if (vma->vma_flags & PROT_EXEC)
2853 phdr.p_flags |= PF_X;
2854 phdr.p_align = ELF_EXEC_PAGESIZE;
2856 bswap_phdr(&phdr, 1);
2857 dump_write(fd, &phdr, sizeof (phdr));
2861 * Next we write notes just after program headers. No
2862 * alignment needed here.
2864 if (write_note_info(&info, fd) < 0)
2867 /* align data to page boundary */
2868 if (lseek(fd, data_offset, SEEK_SET) != data_offset)
2872 * Finally we can dump process memory into corefile as well.
2874 for (vma = vma_first(mm); vma != NULL; vma = vma_next(vma)) {
2878 end = vma->vma_start + vma_dump_size(vma);
2880 for (addr = vma->vma_start; addr < end;
2881 addr += TARGET_PAGE_SIZE) {
2882 char page[TARGET_PAGE_SIZE];
2886 * Read in page from target process memory and
2887 * write it to coredump file.
2889 error = copy_from_user(page, addr, sizeof (page));
2891 (void) fprintf(stderr, "unable to dump " TARGET_ABI_FMT_lx "\n",
2896 if (dump_write(fd, page, TARGET_PAGE_SIZE) < 0)
2902 free_note_info(&info);
2911 #endif /* USE_ELF_CORE_DUMP */
2913 void do_init_thread(struct target_pt_regs *regs, struct image_info *infop)
2915 init_thread(regs, infop);
projects / qemu.git / blob