1 /* This is the Linux kernel elf-loading code, ported into user space */
2 #include "qemu/osdep.h"
5 #include <sys/resource.h>
8 #include "disas/disas.h"
21 #define ELF_OSABI ELFOSABI_SYSV
23 /* from personality.h */
26 * Flags for bug emulation.
28 * These occupy the top three bytes.
31 ADDR_NO_RANDOMIZE = 0x0040000, /* disable randomization of VA space */
32 FDPIC_FUNCPTRS = 0x0080000, /* userspace function ptrs point to
33 descriptors (signal handling) */
34 MMAP_PAGE_ZERO = 0x0100000,
35 ADDR_COMPAT_LAYOUT = 0x0200000,
36 READ_IMPLIES_EXEC = 0x0400000,
37 ADDR_LIMIT_32BIT = 0x0800000,
38 SHORT_INODE = 0x1000000,
39 WHOLE_SECONDS = 0x2000000,
40 STICKY_TIMEOUTS = 0x4000000,
41 ADDR_LIMIT_3GB = 0x8000000,
47 * These go in the low byte. Avoid using the top bit, it will
48 * conflict with error returns.
52 PER_LINUX_32BIT = 0x0000 | ADDR_LIMIT_32BIT,
53 PER_LINUX_FDPIC = 0x0000 | FDPIC_FUNCPTRS,
54 PER_SVR4 = 0x0001 | STICKY_TIMEOUTS | MMAP_PAGE_ZERO,
55 PER_SVR3 = 0x0002 | STICKY_TIMEOUTS | SHORT_INODE,
56 PER_SCOSVR3 = 0x0003 | STICKY_TIMEOUTS | WHOLE_SECONDS | SHORT_INODE,
57 PER_OSR5 = 0x0003 | STICKY_TIMEOUTS | WHOLE_SECONDS,
58 PER_WYSEV386 = 0x0004 | STICKY_TIMEOUTS | SHORT_INODE,
59 PER_ISCR4 = 0x0005 | STICKY_TIMEOUTS,
61 PER_SUNOS = 0x0006 | STICKY_TIMEOUTS,
62 PER_XENIX = 0x0007 | STICKY_TIMEOUTS | SHORT_INODE,
64 PER_LINUX32_3GB = 0x0008 | ADDR_LIMIT_3GB,
65 PER_IRIX32 = 0x0009 | STICKY_TIMEOUTS,/* IRIX5 32-bit */
66 PER_IRIXN32 = 0x000a | STICKY_TIMEOUTS,/* IRIX6 new 32-bit */
67 PER_IRIX64 = 0x000b | STICKY_TIMEOUTS,/* IRIX6 64-bit */
69 PER_SOLARIS = 0x000d | STICKY_TIMEOUTS,
70 PER_UW7 = 0x000e | STICKY_TIMEOUTS | MMAP_PAGE_ZERO,
71 PER_OSF4 = 0x000f, /* OSF/1 v4 */
77 * Return the base personality without flags.
79 #define personality(pers) (pers & PER_MASK)
81 int info_is_fdpic(struct image_info *info)
83 return info->personality == PER_LINUX_FDPIC;
86 /* this flag is uneffective under linux too, should be deleted */
88 #define MAP_DENYWRITE 0
91 /* should probably go in elf.h */
96 #ifdef TARGET_WORDS_BIGENDIAN
97 #define ELF_DATA ELFDATA2MSB
99 #define ELF_DATA ELFDATA2LSB
102 #ifdef TARGET_ABI_MIPSN32
103 typedef abi_ullong target_elf_greg_t;
104 #define tswapreg(ptr) tswap64(ptr)
106 typedef abi_ulong target_elf_greg_t;
107 #define tswapreg(ptr) tswapal(ptr)
111 typedef abi_ushort target_uid_t;
112 typedef abi_ushort target_gid_t;
114 typedef abi_uint target_uid_t;
115 typedef abi_uint target_gid_t;
117 typedef abi_int target_pid_t;
121 #define ELF_PLATFORM get_elf_platform()
123 static const char *get_elf_platform(void)
125 static char elf_platform[] = "i386";
126 int family = object_property_get_int(OBJECT(thread_cpu), "family", NULL);
130 elf_platform[1] = '0' + family;
134 #define ELF_HWCAP get_elf_hwcap()
136 static uint32_t get_elf_hwcap(void)
138 X86CPU *cpu = X86_CPU(thread_cpu);
140 return cpu->env.features[FEAT_1_EDX];
144 #define ELF_START_MMAP 0x2aaaaab000ULL
146 #define ELF_CLASS ELFCLASS64
147 #define ELF_ARCH EM_X86_64
149 static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop)
152 regs->rsp = infop->start_stack;
153 regs->rip = infop->entry;
157 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
160 * Note that ELF_NREG should be 29 as there should be place for
161 * TRAPNO and ERR "registers" as well but linux doesn't dump
164 * See linux kernel: arch/x86/include/asm/elf.h
166 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUX86State *env)
168 (*regs)[0] = env->regs[15];
169 (*regs)[1] = env->regs[14];
170 (*regs)[2] = env->regs[13];
171 (*regs)[3] = env->regs[12];
172 (*regs)[4] = env->regs[R_EBP];
173 (*regs)[5] = env->regs[R_EBX];
174 (*regs)[6] = env->regs[11];
175 (*regs)[7] = env->regs[10];
176 (*regs)[8] = env->regs[9];
177 (*regs)[9] = env->regs[8];
178 (*regs)[10] = env->regs[R_EAX];
179 (*regs)[11] = env->regs[R_ECX];
180 (*regs)[12] = env->regs[R_EDX];
181 (*regs)[13] = env->regs[R_ESI];
182 (*regs)[14] = env->regs[R_EDI];
183 (*regs)[15] = env->regs[R_EAX]; /* XXX */
184 (*regs)[16] = env->eip;
185 (*regs)[17] = env->segs[R_CS].selector & 0xffff;
186 (*regs)[18] = env->eflags;
187 (*regs)[19] = env->regs[R_ESP];
188 (*regs)[20] = env->segs[R_SS].selector & 0xffff;
189 (*regs)[21] = env->segs[R_FS].selector & 0xffff;
190 (*regs)[22] = env->segs[R_GS].selector & 0xffff;
191 (*regs)[23] = env->segs[R_DS].selector & 0xffff;
192 (*regs)[24] = env->segs[R_ES].selector & 0xffff;
193 (*regs)[25] = env->segs[R_FS].selector & 0xffff;
194 (*regs)[26] = env->segs[R_GS].selector & 0xffff;
199 #define ELF_START_MMAP 0x80000000
202 * This is used to ensure we don't load something for the wrong architecture.
204 #define elf_check_arch(x) ( ((x) == EM_386) || ((x) == EM_486) )
207 * These are used to set parameters in the core dumps.
209 #define ELF_CLASS ELFCLASS32
210 #define ELF_ARCH EM_386
212 static inline void init_thread(struct target_pt_regs *regs,
213 struct image_info *infop)
215 regs->esp = infop->start_stack;
216 regs->eip = infop->entry;
218 /* SVR4/i386 ABI (pages 3-31, 3-32) says that when the program
219 starts %edx contains a pointer to a function which might be
220 registered using `atexit'. This provides a mean for the
221 dynamic linker to call DT_FINI functions for shared libraries
222 that have been loaded before the code runs.
224 A value of 0 tells we have no such handler. */
229 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
232 * Note that ELF_NREG should be 19 as there should be place for
233 * TRAPNO and ERR "registers" as well but linux doesn't dump
236 * See linux kernel: arch/x86/include/asm/elf.h
238 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUX86State *env)
240 (*regs)[0] = env->regs[R_EBX];
241 (*regs)[1] = env->regs[R_ECX];
242 (*regs)[2] = env->regs[R_EDX];
243 (*regs)[3] = env->regs[R_ESI];
244 (*regs)[4] = env->regs[R_EDI];
245 (*regs)[5] = env->regs[R_EBP];
246 (*regs)[6] = env->regs[R_EAX];
247 (*regs)[7] = env->segs[R_DS].selector & 0xffff;
248 (*regs)[8] = env->segs[R_ES].selector & 0xffff;
249 (*regs)[9] = env->segs[R_FS].selector & 0xffff;
250 (*regs)[10] = env->segs[R_GS].selector & 0xffff;
251 (*regs)[11] = env->regs[R_EAX]; /* XXX */
252 (*regs)[12] = env->eip;
253 (*regs)[13] = env->segs[R_CS].selector & 0xffff;
254 (*regs)[14] = env->eflags;
255 (*regs)[15] = env->regs[R_ESP];
256 (*regs)[16] = env->segs[R_SS].selector & 0xffff;
260 #define USE_ELF_CORE_DUMP
261 #define ELF_EXEC_PAGESIZE 4096
267 #ifndef TARGET_AARCH64
268 /* 32 bit ARM definitions */
270 #define ELF_START_MMAP 0x80000000
272 #define ELF_ARCH EM_ARM
273 #define ELF_CLASS ELFCLASS32
275 static inline void init_thread(struct target_pt_regs *regs,
276 struct image_info *infop)
278 abi_long stack = infop->start_stack;
279 memset(regs, 0, sizeof(*regs));
281 regs->uregs[16] = ARM_CPU_MODE_USR;
282 if (infop->entry & 1) {
283 regs->uregs[16] |= CPSR_T;
285 regs->uregs[15] = infop->entry & 0xfffffffe;
286 regs->uregs[13] = infop->start_stack;
287 /* FIXME - what to for failure of get_user()? */
288 get_user_ual(regs->uregs[2], stack + 8); /* envp */
289 get_user_ual(regs->uregs[1], stack + 4); /* envp */
290 /* XXX: it seems that r0 is zeroed after ! */
292 /* For uClinux PIC binaries. */
293 /* XXX: Linux does this only on ARM with no MMU (do we care ?) */
294 regs->uregs[10] = infop->start_data;
296 /* Support ARM FDPIC. */
297 if (info_is_fdpic(infop)) {
298 /* As described in the ABI document, r7 points to the loadmap info
299 * prepared by the kernel. If an interpreter is needed, r8 points
300 * to the interpreter loadmap and r9 points to the interpreter
301 * PT_DYNAMIC info. If no interpreter is needed, r8 is zero, and
302 * r9 points to the main program PT_DYNAMIC info.
304 regs->uregs[7] = infop->loadmap_addr;
305 if (infop->interpreter_loadmap_addr) {
306 /* Executable is dynamically loaded. */
307 regs->uregs[8] = infop->interpreter_loadmap_addr;
308 regs->uregs[9] = infop->interpreter_pt_dynamic_addr;
311 regs->uregs[9] = infop->pt_dynamic_addr;
317 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
319 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUARMState *env)
321 (*regs)[0] = tswapreg(env->regs[0]);
322 (*regs)[1] = tswapreg(env->regs[1]);
323 (*regs)[2] = tswapreg(env->regs[2]);
324 (*regs)[3] = tswapreg(env->regs[3]);
325 (*regs)[4] = tswapreg(env->regs[4]);
326 (*regs)[5] = tswapreg(env->regs[5]);
327 (*regs)[6] = tswapreg(env->regs[6]);
328 (*regs)[7] = tswapreg(env->regs[7]);
329 (*regs)[8] = tswapreg(env->regs[8]);
330 (*regs)[9] = tswapreg(env->regs[9]);
331 (*regs)[10] = tswapreg(env->regs[10]);
332 (*regs)[11] = tswapreg(env->regs[11]);
333 (*regs)[12] = tswapreg(env->regs[12]);
334 (*regs)[13] = tswapreg(env->regs[13]);
335 (*regs)[14] = tswapreg(env->regs[14]);
336 (*regs)[15] = tswapreg(env->regs[15]);
338 (*regs)[16] = tswapreg(cpsr_read((CPUARMState *)env));
339 (*regs)[17] = tswapreg(env->regs[0]); /* XXX */
342 #define USE_ELF_CORE_DUMP
343 #define ELF_EXEC_PAGESIZE 4096
347 ARM_HWCAP_ARM_SWP = 1 << 0,
348 ARM_HWCAP_ARM_HALF = 1 << 1,
349 ARM_HWCAP_ARM_THUMB = 1 << 2,
350 ARM_HWCAP_ARM_26BIT = 1 << 3,
351 ARM_HWCAP_ARM_FAST_MULT = 1 << 4,
352 ARM_HWCAP_ARM_FPA = 1 << 5,
353 ARM_HWCAP_ARM_VFP = 1 << 6,
354 ARM_HWCAP_ARM_EDSP = 1 << 7,
355 ARM_HWCAP_ARM_JAVA = 1 << 8,
356 ARM_HWCAP_ARM_IWMMXT = 1 << 9,
357 ARM_HWCAP_ARM_CRUNCH = 1 << 10,
358 ARM_HWCAP_ARM_THUMBEE = 1 << 11,
359 ARM_HWCAP_ARM_NEON = 1 << 12,
360 ARM_HWCAP_ARM_VFPv3 = 1 << 13,
361 ARM_HWCAP_ARM_VFPv3D16 = 1 << 14,
362 ARM_HWCAP_ARM_TLS = 1 << 15,
363 ARM_HWCAP_ARM_VFPv4 = 1 << 16,
364 ARM_HWCAP_ARM_IDIVA = 1 << 17,
365 ARM_HWCAP_ARM_IDIVT = 1 << 18,
366 ARM_HWCAP_ARM_VFPD32 = 1 << 19,
367 ARM_HWCAP_ARM_LPAE = 1 << 20,
368 ARM_HWCAP_ARM_EVTSTRM = 1 << 21,
372 ARM_HWCAP2_ARM_AES = 1 << 0,
373 ARM_HWCAP2_ARM_PMULL = 1 << 1,
374 ARM_HWCAP2_ARM_SHA1 = 1 << 2,
375 ARM_HWCAP2_ARM_SHA2 = 1 << 3,
376 ARM_HWCAP2_ARM_CRC32 = 1 << 4,
379 /* The commpage only exists for 32 bit kernels */
381 /* Return 1 if the proposed guest space is suitable for the guest.
382 * Return 0 if the proposed guest space isn't suitable, but another
383 * address space should be tried.
384 * Return -1 if there is no way the proposed guest space can be
385 * valid regardless of the base.
386 * The guest code may leave a page mapped and populate it if the
387 * address is suitable.
389 static int init_guest_commpage(unsigned long guest_base,
390 unsigned long guest_size)
392 unsigned long real_start, test_page_addr;
394 /* We need to check that we can force a fault on access to the
395 * commpage at 0xffff0fxx
397 test_page_addr = guest_base + (0xffff0f00 & qemu_host_page_mask);
399 /* If the commpage lies within the already allocated guest space,
400 * then there is no way we can allocate it.
402 * You may be thinking that that this check is redundant because
403 * we already validated the guest size against MAX_RESERVED_VA;
404 * but if qemu_host_page_mask is unusually large, then
405 * test_page_addr may be lower.
407 if (test_page_addr >= guest_base
408 && test_page_addr < (guest_base + guest_size)) {
412 /* Note it needs to be writeable to let us initialise it */
413 real_start = (unsigned long)
414 mmap((void *)test_page_addr, qemu_host_page_size,
415 PROT_READ | PROT_WRITE,
416 MAP_ANONYMOUS | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
418 /* If we can't map it then try another address */
419 if (real_start == -1ul) {
423 if (real_start != test_page_addr) {
424 /* OS didn't put the page where we asked - unmap and reject */
425 munmap((void *)real_start, qemu_host_page_size);
429 /* Leave the page mapped
430 * Populate it (mmap should have left it all 0'd)
433 /* Kernel helper versions */
434 __put_user(5, (uint32_t *)g2h(0xffff0ffcul));
436 /* Now it's populated make it RO */
437 if (mprotect((void *)test_page_addr, qemu_host_page_size, PROT_READ)) {
438 perror("Protecting guest commpage");
442 return 1; /* All good */
445 #define ELF_HWCAP get_elf_hwcap()
446 #define ELF_HWCAP2 get_elf_hwcap2()
448 static uint32_t get_elf_hwcap(void)
450 ARMCPU *cpu = ARM_CPU(thread_cpu);
453 hwcaps |= ARM_HWCAP_ARM_SWP;
454 hwcaps |= ARM_HWCAP_ARM_HALF;
455 hwcaps |= ARM_HWCAP_ARM_THUMB;
456 hwcaps |= ARM_HWCAP_ARM_FAST_MULT;
458 /* probe for the extra features */
459 #define GET_FEATURE(feat, hwcap) \
460 do { if (arm_feature(&cpu->env, feat)) { hwcaps |= hwcap; } } while (0)
461 /* EDSP is in v5TE and above, but all our v5 CPUs are v5TE */
462 GET_FEATURE(ARM_FEATURE_V5, ARM_HWCAP_ARM_EDSP);
463 GET_FEATURE(ARM_FEATURE_VFP, ARM_HWCAP_ARM_VFP);
464 GET_FEATURE(ARM_FEATURE_IWMMXT, ARM_HWCAP_ARM_IWMMXT);
465 GET_FEATURE(ARM_FEATURE_THUMB2EE, ARM_HWCAP_ARM_THUMBEE);
466 GET_FEATURE(ARM_FEATURE_NEON, ARM_HWCAP_ARM_NEON);
467 GET_FEATURE(ARM_FEATURE_VFP3, ARM_HWCAP_ARM_VFPv3);
468 GET_FEATURE(ARM_FEATURE_V6K, ARM_HWCAP_ARM_TLS);
469 GET_FEATURE(ARM_FEATURE_VFP4, ARM_HWCAP_ARM_VFPv4);
470 GET_FEATURE(ARM_FEATURE_ARM_DIV, ARM_HWCAP_ARM_IDIVA);
471 GET_FEATURE(ARM_FEATURE_THUMB_DIV, ARM_HWCAP_ARM_IDIVT);
472 /* All QEMU's VFPv3 CPUs have 32 registers, see VFP_DREG in translate.c.
473 * Note that the ARM_HWCAP_ARM_VFPv3D16 bit is always the inverse of
474 * ARM_HWCAP_ARM_VFPD32 (and so always clear for QEMU); it is unrelated
475 * to our VFP_FP16 feature bit.
477 GET_FEATURE(ARM_FEATURE_VFP3, ARM_HWCAP_ARM_VFPD32);
478 GET_FEATURE(ARM_FEATURE_LPAE, ARM_HWCAP_ARM_LPAE);
483 static uint32_t get_elf_hwcap2(void)
485 ARMCPU *cpu = ARM_CPU(thread_cpu);
488 GET_FEATURE(ARM_FEATURE_V8_AES, ARM_HWCAP2_ARM_AES);
489 GET_FEATURE(ARM_FEATURE_V8_PMULL, ARM_HWCAP2_ARM_PMULL);
490 GET_FEATURE(ARM_FEATURE_V8_SHA1, ARM_HWCAP2_ARM_SHA1);
491 GET_FEATURE(ARM_FEATURE_V8_SHA256, ARM_HWCAP2_ARM_SHA2);
492 GET_FEATURE(ARM_FEATURE_CRC, ARM_HWCAP2_ARM_CRC32);
499 /* 64 bit ARM definitions */
500 #define ELF_START_MMAP 0x80000000
502 #define ELF_ARCH EM_AARCH64
503 #define ELF_CLASS ELFCLASS64
504 #define ELF_PLATFORM "aarch64"
506 static inline void init_thread(struct target_pt_regs *regs,
507 struct image_info *infop)
509 abi_long stack = infop->start_stack;
510 memset(regs, 0, sizeof(*regs));
512 regs->pc = infop->entry & ~0x3ULL;
517 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
519 static void elf_core_copy_regs(target_elf_gregset_t *regs,
520 const CPUARMState *env)
524 for (i = 0; i < 32; i++) {
525 (*regs)[i] = tswapreg(env->xregs[i]);
527 (*regs)[32] = tswapreg(env->pc);
528 (*regs)[33] = tswapreg(pstate_read((CPUARMState *)env));
531 #define USE_ELF_CORE_DUMP
532 #define ELF_EXEC_PAGESIZE 4096
535 ARM_HWCAP_A64_FP = 1 << 0,
536 ARM_HWCAP_A64_ASIMD = 1 << 1,
537 ARM_HWCAP_A64_EVTSTRM = 1 << 2,
538 ARM_HWCAP_A64_AES = 1 << 3,
539 ARM_HWCAP_A64_PMULL = 1 << 4,
540 ARM_HWCAP_A64_SHA1 = 1 << 5,
541 ARM_HWCAP_A64_SHA2 = 1 << 6,
542 ARM_HWCAP_A64_CRC32 = 1 << 7,
543 ARM_HWCAP_A64_ATOMICS = 1 << 8,
544 ARM_HWCAP_A64_FPHP = 1 << 9,
545 ARM_HWCAP_A64_ASIMDHP = 1 << 10,
546 ARM_HWCAP_A64_CPUID = 1 << 11,
547 ARM_HWCAP_A64_ASIMDRDM = 1 << 12,
548 ARM_HWCAP_A64_JSCVT = 1 << 13,
549 ARM_HWCAP_A64_FCMA = 1 << 14,
550 ARM_HWCAP_A64_LRCPC = 1 << 15,
551 ARM_HWCAP_A64_DCPOP = 1 << 16,
552 ARM_HWCAP_A64_SHA3 = 1 << 17,
553 ARM_HWCAP_A64_SM3 = 1 << 18,
554 ARM_HWCAP_A64_SM4 = 1 << 19,
555 ARM_HWCAP_A64_ASIMDDP = 1 << 20,
556 ARM_HWCAP_A64_SHA512 = 1 << 21,
557 ARM_HWCAP_A64_SVE = 1 << 22,
560 #define ELF_HWCAP get_elf_hwcap()
562 static uint32_t get_elf_hwcap(void)
564 ARMCPU *cpu = ARM_CPU(thread_cpu);
567 hwcaps |= ARM_HWCAP_A64_FP;
568 hwcaps |= ARM_HWCAP_A64_ASIMD;
570 /* probe for the extra features */
571 #define GET_FEATURE(feat, hwcap) \
572 do { if (arm_feature(&cpu->env, feat)) { hwcaps |= hwcap; } } while (0)
573 GET_FEATURE(ARM_FEATURE_V8_AES, ARM_HWCAP_A64_AES);
574 GET_FEATURE(ARM_FEATURE_V8_PMULL, ARM_HWCAP_A64_PMULL);
575 GET_FEATURE(ARM_FEATURE_V8_SHA1, ARM_HWCAP_A64_SHA1);
576 GET_FEATURE(ARM_FEATURE_V8_SHA256, ARM_HWCAP_A64_SHA2);
577 GET_FEATURE(ARM_FEATURE_CRC, ARM_HWCAP_A64_CRC32);
578 GET_FEATURE(ARM_FEATURE_V8_SHA3, ARM_HWCAP_A64_SHA3);
579 GET_FEATURE(ARM_FEATURE_V8_SM3, ARM_HWCAP_A64_SM3);
580 GET_FEATURE(ARM_FEATURE_V8_SM4, ARM_HWCAP_A64_SM4);
581 GET_FEATURE(ARM_FEATURE_V8_SHA512, ARM_HWCAP_A64_SHA512);
582 GET_FEATURE(ARM_FEATURE_V8_FP16,
583 ARM_HWCAP_A64_FPHP | ARM_HWCAP_A64_ASIMDHP);
584 GET_FEATURE(ARM_FEATURE_V8_ATOMICS, ARM_HWCAP_A64_ATOMICS);
585 GET_FEATURE(ARM_FEATURE_V8_RDM, ARM_HWCAP_A64_ASIMDRDM);
586 GET_FEATURE(ARM_FEATURE_V8_FCMA, ARM_HWCAP_A64_FCMA);
592 #endif /* not TARGET_AARCH64 */
593 #endif /* TARGET_ARM */
596 #ifdef TARGET_SPARC64
598 #define ELF_START_MMAP 0x80000000
599 #define ELF_HWCAP (HWCAP_SPARC_FLUSH | HWCAP_SPARC_STBAR | HWCAP_SPARC_SWAP \
600 | HWCAP_SPARC_MULDIV | HWCAP_SPARC_V9)
602 #define elf_check_arch(x) ( (x) == EM_SPARCV9 || (x) == EM_SPARC32PLUS )
604 #define elf_check_arch(x) ( (x) == EM_SPARC32PLUS || (x) == EM_SPARC )
607 #define ELF_CLASS ELFCLASS64
608 #define ELF_ARCH EM_SPARCV9
610 #define STACK_BIAS 2047
612 static inline void init_thread(struct target_pt_regs *regs,
613 struct image_info *infop)
618 regs->pc = infop->entry;
619 regs->npc = regs->pc + 4;
622 regs->u_regs[14] = infop->start_stack - 16 * 4;
624 if (personality(infop->personality) == PER_LINUX32)
625 regs->u_regs[14] = infop->start_stack - 16 * 4;
627 regs->u_regs[14] = infop->start_stack - 16 * 8 - STACK_BIAS;
632 #define ELF_START_MMAP 0x80000000
633 #define ELF_HWCAP (HWCAP_SPARC_FLUSH | HWCAP_SPARC_STBAR | HWCAP_SPARC_SWAP \
634 | HWCAP_SPARC_MULDIV)
636 #define ELF_CLASS ELFCLASS32
637 #define ELF_ARCH EM_SPARC
639 static inline void init_thread(struct target_pt_regs *regs,
640 struct image_info *infop)
643 regs->pc = infop->entry;
644 regs->npc = regs->pc + 4;
646 regs->u_regs[14] = infop->start_stack - 16 * 4;
654 #define ELF_MACHINE PPC_ELF_MACHINE
655 #define ELF_START_MMAP 0x80000000
657 #if defined(TARGET_PPC64) && !defined(TARGET_ABI32)
659 #define elf_check_arch(x) ( (x) == EM_PPC64 )
661 #define ELF_CLASS ELFCLASS64
665 #define ELF_CLASS ELFCLASS32
669 #define ELF_ARCH EM_PPC
671 /* Feature masks for the Aux Vector Hardware Capabilities (AT_HWCAP).
672 See arch/powerpc/include/asm/cputable.h. */
674 QEMU_PPC_FEATURE_32 = 0x80000000,
675 QEMU_PPC_FEATURE_64 = 0x40000000,
676 QEMU_PPC_FEATURE_601_INSTR = 0x20000000,
677 QEMU_PPC_FEATURE_HAS_ALTIVEC = 0x10000000,
678 QEMU_PPC_FEATURE_HAS_FPU = 0x08000000,
679 QEMU_PPC_FEATURE_HAS_MMU = 0x04000000,
680 QEMU_PPC_FEATURE_HAS_4xxMAC = 0x02000000,
681 QEMU_PPC_FEATURE_UNIFIED_CACHE = 0x01000000,
682 QEMU_PPC_FEATURE_HAS_SPE = 0x00800000,
683 QEMU_PPC_FEATURE_HAS_EFP_SINGLE = 0x00400000,
684 QEMU_PPC_FEATURE_HAS_EFP_DOUBLE = 0x00200000,
685 QEMU_PPC_FEATURE_NO_TB = 0x00100000,
686 QEMU_PPC_FEATURE_POWER4 = 0x00080000,
687 QEMU_PPC_FEATURE_POWER5 = 0x00040000,
688 QEMU_PPC_FEATURE_POWER5_PLUS = 0x00020000,
689 QEMU_PPC_FEATURE_CELL = 0x00010000,
690 QEMU_PPC_FEATURE_BOOKE = 0x00008000,
691 QEMU_PPC_FEATURE_SMT = 0x00004000,
692 QEMU_PPC_FEATURE_ICACHE_SNOOP = 0x00002000,
693 QEMU_PPC_FEATURE_ARCH_2_05 = 0x00001000,
694 QEMU_PPC_FEATURE_PA6T = 0x00000800,
695 QEMU_PPC_FEATURE_HAS_DFP = 0x00000400,
696 QEMU_PPC_FEATURE_POWER6_EXT = 0x00000200,
697 QEMU_PPC_FEATURE_ARCH_2_06 = 0x00000100,
698 QEMU_PPC_FEATURE_HAS_VSX = 0x00000080,
699 QEMU_PPC_FEATURE_PSERIES_PERFMON_COMPAT = 0x00000040,
701 QEMU_PPC_FEATURE_TRUE_LE = 0x00000002,
702 QEMU_PPC_FEATURE_PPC_LE = 0x00000001,
704 /* Feature definitions in AT_HWCAP2. */
705 QEMU_PPC_FEATURE2_ARCH_2_07 = 0x80000000, /* ISA 2.07 */
706 QEMU_PPC_FEATURE2_HAS_HTM = 0x40000000, /* Hardware Transactional Memory */
707 QEMU_PPC_FEATURE2_HAS_DSCR = 0x20000000, /* Data Stream Control Register */
708 QEMU_PPC_FEATURE2_HAS_EBB = 0x10000000, /* Event Base Branching */
709 QEMU_PPC_FEATURE2_HAS_ISEL = 0x08000000, /* Integer Select */
710 QEMU_PPC_FEATURE2_HAS_TAR = 0x04000000, /* Target Address Register */
713 #define ELF_HWCAP get_elf_hwcap()
715 static uint32_t get_elf_hwcap(void)
717 PowerPCCPU *cpu = POWERPC_CPU(thread_cpu);
718 uint32_t features = 0;
720 /* We don't have to be terribly complete here; the high points are
721 Altivec/FP/SPE support. Anything else is just a bonus. */
722 #define GET_FEATURE(flag, feature) \
723 do { if (cpu->env.insns_flags & flag) { features |= feature; } } while (0)
724 #define GET_FEATURE2(flags, feature) \
726 if ((cpu->env.insns_flags2 & flags) == flags) { \
727 features |= feature; \
730 GET_FEATURE(PPC_64B, QEMU_PPC_FEATURE_64);
731 GET_FEATURE(PPC_FLOAT, QEMU_PPC_FEATURE_HAS_FPU);
732 GET_FEATURE(PPC_ALTIVEC, QEMU_PPC_FEATURE_HAS_ALTIVEC);
733 GET_FEATURE(PPC_SPE, QEMU_PPC_FEATURE_HAS_SPE);
734 GET_FEATURE(PPC_SPE_SINGLE, QEMU_PPC_FEATURE_HAS_EFP_SINGLE);
735 GET_FEATURE(PPC_SPE_DOUBLE, QEMU_PPC_FEATURE_HAS_EFP_DOUBLE);
736 GET_FEATURE(PPC_BOOKE, QEMU_PPC_FEATURE_BOOKE);
737 GET_FEATURE(PPC_405_MAC, QEMU_PPC_FEATURE_HAS_4xxMAC);
738 GET_FEATURE2(PPC2_DFP, QEMU_PPC_FEATURE_HAS_DFP);
739 GET_FEATURE2(PPC2_VSX, QEMU_PPC_FEATURE_HAS_VSX);
740 GET_FEATURE2((PPC2_PERM_ISA206 | PPC2_DIVE_ISA206 | PPC2_ATOMIC_ISA206 |
741 PPC2_FP_CVT_ISA206 | PPC2_FP_TST_ISA206),
742 QEMU_PPC_FEATURE_ARCH_2_06);
749 #define ELF_HWCAP2 get_elf_hwcap2()
751 static uint32_t get_elf_hwcap2(void)
753 PowerPCCPU *cpu = POWERPC_CPU(thread_cpu);
754 uint32_t features = 0;
756 #define GET_FEATURE(flag, feature) \
757 do { if (cpu->env.insns_flags & flag) { features |= feature; } } while (0)
758 #define GET_FEATURE2(flag, feature) \
759 do { if (cpu->env.insns_flags2 & flag) { features |= feature; } } while (0)
761 GET_FEATURE(PPC_ISEL, QEMU_PPC_FEATURE2_HAS_ISEL);
762 GET_FEATURE2(PPC2_BCTAR_ISA207, QEMU_PPC_FEATURE2_HAS_TAR);
763 GET_FEATURE2((PPC2_BCTAR_ISA207 | PPC2_LSQ_ISA207 | PPC2_ALTIVEC_207 |
764 PPC2_ISA207S), QEMU_PPC_FEATURE2_ARCH_2_07);
773 * The requirements here are:
774 * - keep the final alignment of sp (sp & 0xf)
775 * - make sure the 32-bit value at the first 16 byte aligned position of
776 * AUXV is greater than 16 for glibc compatibility.
777 * AT_IGNOREPPC is used for that.
778 * - for compatibility with glibc ARCH_DLINFO must always be defined on PPC,
779 * even if DLINFO_ARCH_ITEMS goes to zero or is undefined.
781 #define DLINFO_ARCH_ITEMS 5
782 #define ARCH_DLINFO \
784 PowerPCCPU *cpu = POWERPC_CPU(thread_cpu); \
786 * Handle glibc compatibility: these magic entries must \
787 * be at the lowest addresses in the final auxv. \
789 NEW_AUX_ENT(AT_IGNOREPPC, AT_IGNOREPPC); \
790 NEW_AUX_ENT(AT_IGNOREPPC, AT_IGNOREPPC); \
791 NEW_AUX_ENT(AT_DCACHEBSIZE, cpu->env.dcache_line_size); \
792 NEW_AUX_ENT(AT_ICACHEBSIZE, cpu->env.icache_line_size); \
793 NEW_AUX_ENT(AT_UCACHEBSIZE, 0); \
796 static inline void init_thread(struct target_pt_regs *_regs, struct image_info *infop)
798 _regs->gpr[1] = infop->start_stack;
799 #if defined(TARGET_PPC64) && !defined(TARGET_ABI32)
800 if (get_ppc64_abi(infop) < 2) {
802 get_user_u64(val, infop->entry + 8);
803 _regs->gpr[2] = val + infop->load_bias;
804 get_user_u64(val, infop->entry);
805 infop->entry = val + infop->load_bias;
807 _regs->gpr[12] = infop->entry; /* r12 set to global entry address */
810 _regs->nip = infop->entry;
813 /* See linux kernel: arch/powerpc/include/asm/elf.h. */
815 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
817 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUPPCState *env)
820 target_ulong ccr = 0;
822 for (i = 0; i < ARRAY_SIZE(env->gpr); i++) {
823 (*regs)[i] = tswapreg(env->gpr[i]);
826 (*regs)[32] = tswapreg(env->nip);
827 (*regs)[33] = tswapreg(env->msr);
828 (*regs)[35] = tswapreg(env->ctr);
829 (*regs)[36] = tswapreg(env->lr);
830 (*regs)[37] = tswapreg(env->xer);
832 for (i = 0; i < ARRAY_SIZE(env->crf); i++) {
833 ccr |= env->crf[i] << (32 - ((i + 1) * 4));
835 (*regs)[38] = tswapreg(ccr);
838 #define USE_ELF_CORE_DUMP
839 #define ELF_EXEC_PAGESIZE 4096
845 #define ELF_START_MMAP 0x80000000
848 #define ELF_CLASS ELFCLASS64
850 #define ELF_CLASS ELFCLASS32
852 #define ELF_ARCH EM_MIPS
854 static inline void init_thread(struct target_pt_regs *regs,
855 struct image_info *infop)
857 regs->cp0_status = 2 << CP0St_KSU;
858 regs->cp0_epc = infop->entry;
859 regs->regs[29] = infop->start_stack;
862 /* See linux kernel: arch/mips/include/asm/elf.h. */
864 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
866 /* See linux kernel: arch/mips/include/asm/reg.h. */
873 TARGET_EF_R26 = TARGET_EF_R0 + 26,
874 TARGET_EF_R27 = TARGET_EF_R0 + 27,
875 TARGET_EF_LO = TARGET_EF_R0 + 32,
876 TARGET_EF_HI = TARGET_EF_R0 + 33,
877 TARGET_EF_CP0_EPC = TARGET_EF_R0 + 34,
878 TARGET_EF_CP0_BADVADDR = TARGET_EF_R0 + 35,
879 TARGET_EF_CP0_STATUS = TARGET_EF_R0 + 36,
880 TARGET_EF_CP0_CAUSE = TARGET_EF_R0 + 37
883 /* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs. */
884 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUMIPSState *env)
888 for (i = 0; i < TARGET_EF_R0; i++) {
891 (*regs)[TARGET_EF_R0] = 0;
893 for (i = 1; i < ARRAY_SIZE(env->active_tc.gpr); i++) {
894 (*regs)[TARGET_EF_R0 + i] = tswapreg(env->active_tc.gpr[i]);
897 (*regs)[TARGET_EF_R26] = 0;
898 (*regs)[TARGET_EF_R27] = 0;
899 (*regs)[TARGET_EF_LO] = tswapreg(env->active_tc.LO[0]);
900 (*regs)[TARGET_EF_HI] = tswapreg(env->active_tc.HI[0]);
901 (*regs)[TARGET_EF_CP0_EPC] = tswapreg(env->active_tc.PC);
902 (*regs)[TARGET_EF_CP0_BADVADDR] = tswapreg(env->CP0_BadVAddr);
903 (*regs)[TARGET_EF_CP0_STATUS] = tswapreg(env->CP0_Status);
904 (*regs)[TARGET_EF_CP0_CAUSE] = tswapreg(env->CP0_Cause);
907 #define USE_ELF_CORE_DUMP
908 #define ELF_EXEC_PAGESIZE 4096
910 /* See arch/mips/include/uapi/asm/hwcap.h. */
912 HWCAP_MIPS_R6 = (1 << 0),
913 HWCAP_MIPS_MSA = (1 << 1),
916 #define ELF_HWCAP get_elf_hwcap()
918 static uint32_t get_elf_hwcap(void)
920 MIPSCPU *cpu = MIPS_CPU(thread_cpu);
923 #define GET_FEATURE(flag, hwcap) \
924 do { if (cpu->env.insn_flags & (flag)) { hwcaps |= hwcap; } } while (0)
926 GET_FEATURE(ISA_MIPS32R6 | ISA_MIPS64R6, HWCAP_MIPS_R6);
927 GET_FEATURE(ASE_MSA, HWCAP_MIPS_MSA);
934 #endif /* TARGET_MIPS */
936 #ifdef TARGET_MICROBLAZE
938 #define ELF_START_MMAP 0x80000000
940 #define elf_check_arch(x) ( (x) == EM_MICROBLAZE || (x) == EM_MICROBLAZE_OLD)
942 #define ELF_CLASS ELFCLASS32
943 #define ELF_ARCH EM_MICROBLAZE
945 static inline void init_thread(struct target_pt_regs *regs,
946 struct image_info *infop)
948 regs->pc = infop->entry;
949 regs->r1 = infop->start_stack;
953 #define ELF_EXEC_PAGESIZE 4096
955 #define USE_ELF_CORE_DUMP
957 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
959 /* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs. */
960 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUMBState *env)
964 for (i = 0; i < 32; i++) {
965 (*regs)[pos++] = tswapreg(env->regs[i]);
968 for (i = 0; i < 6; i++) {
969 (*regs)[pos++] = tswapreg(env->sregs[i]);
973 #endif /* TARGET_MICROBLAZE */
977 #define ELF_START_MMAP 0x80000000
979 #define elf_check_arch(x) ((x) == EM_ALTERA_NIOS2)
981 #define ELF_CLASS ELFCLASS32
982 #define ELF_ARCH EM_ALTERA_NIOS2
984 static void init_thread(struct target_pt_regs *regs, struct image_info *infop)
986 regs->ea = infop->entry;
987 regs->sp = infop->start_stack;
991 #define ELF_EXEC_PAGESIZE 4096
993 #define USE_ELF_CORE_DUMP
995 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
997 /* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs. */
998 static void elf_core_copy_regs(target_elf_gregset_t *regs,
999 const CPUNios2State *env)
1004 for (i = 1; i < 8; i++) /* r0-r7 */
1005 (*regs)[i] = tswapreg(env->regs[i + 7]);
1007 for (i = 8; i < 16; i++) /* r8-r15 */
1008 (*regs)[i] = tswapreg(env->regs[i - 8]);
1010 for (i = 16; i < 24; i++) /* r16-r23 */
1011 (*regs)[i] = tswapreg(env->regs[i + 7]);
1012 (*regs)[24] = -1; /* R_ET */
1013 (*regs)[25] = -1; /* R_BT */
1014 (*regs)[26] = tswapreg(env->regs[R_GP]);
1015 (*regs)[27] = tswapreg(env->regs[R_SP]);
1016 (*regs)[28] = tswapreg(env->regs[R_FP]);
1017 (*regs)[29] = tswapreg(env->regs[R_EA]);
1018 (*regs)[30] = -1; /* R_SSTATUS */
1019 (*regs)[31] = tswapreg(env->regs[R_RA]);
1021 (*regs)[32] = tswapreg(env->regs[R_PC]);
1023 (*regs)[33] = -1; /* R_STATUS */
1024 (*regs)[34] = tswapreg(env->regs[CR_ESTATUS]);
1026 for (i = 35; i < 49; i++) /* ... */
1030 #endif /* TARGET_NIOS2 */
1032 #ifdef TARGET_OPENRISC
1034 #define ELF_START_MMAP 0x08000000
1036 #define ELF_ARCH EM_OPENRISC
1037 #define ELF_CLASS ELFCLASS32
1038 #define ELF_DATA ELFDATA2MSB
1040 static inline void init_thread(struct target_pt_regs *regs,
1041 struct image_info *infop)
1043 regs->pc = infop->entry;
1044 regs->gpr[1] = infop->start_stack;
1047 #define USE_ELF_CORE_DUMP
1048 #define ELF_EXEC_PAGESIZE 8192
1050 /* See linux kernel arch/openrisc/include/asm/elf.h. */
1051 #define ELF_NREG 34 /* gprs and pc, sr */
1052 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
1054 static void elf_core_copy_regs(target_elf_gregset_t *regs,
1055 const CPUOpenRISCState *env)
1059 for (i = 0; i < 32; i++) {
1060 (*regs)[i] = tswapreg(cpu_get_gpr(env, i));
1062 (*regs)[32] = tswapreg(env->pc);
1063 (*regs)[33] = tswapreg(cpu_get_sr(env));
1066 #define ELF_PLATFORM NULL
1068 #endif /* TARGET_OPENRISC */
1072 #define ELF_START_MMAP 0x80000000
1074 #define ELF_CLASS ELFCLASS32
1075 #define ELF_ARCH EM_SH
1077 static inline void init_thread(struct target_pt_regs *regs,
1078 struct image_info *infop)
1080 /* Check other registers XXXXX */
1081 regs->pc = infop->entry;
1082 regs->regs[15] = infop->start_stack;
1085 /* See linux kernel: arch/sh/include/asm/elf.h. */
1087 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
1089 /* See linux kernel: arch/sh/include/asm/ptrace.h. */
1094 TARGET_REG_GBR = 19,
1095 TARGET_REG_MACH = 20,
1096 TARGET_REG_MACL = 21,
1097 TARGET_REG_SYSCALL = 22
1100 static inline void elf_core_copy_regs(target_elf_gregset_t *regs,
1101 const CPUSH4State *env)
1105 for (i = 0; i < 16; i++) {
1106 (*regs)[i] = tswapreg(env->gregs[i]);
1109 (*regs)[TARGET_REG_PC] = tswapreg(env->pc);
1110 (*regs)[TARGET_REG_PR] = tswapreg(env->pr);
1111 (*regs)[TARGET_REG_SR] = tswapreg(env->sr);
1112 (*regs)[TARGET_REG_GBR] = tswapreg(env->gbr);
1113 (*regs)[TARGET_REG_MACH] = tswapreg(env->mach);
1114 (*regs)[TARGET_REG_MACL] = tswapreg(env->macl);
1115 (*regs)[TARGET_REG_SYSCALL] = 0; /* FIXME */
1118 #define USE_ELF_CORE_DUMP
1119 #define ELF_EXEC_PAGESIZE 4096
1122 SH_CPU_HAS_FPU = 0x0001, /* Hardware FPU support */
1123 SH_CPU_HAS_P2_FLUSH_BUG = 0x0002, /* Need to flush the cache in P2 area */
1124 SH_CPU_HAS_MMU_PAGE_ASSOC = 0x0004, /* SH3: TLB way selection bit support */
1125 SH_CPU_HAS_DSP = 0x0008, /* SH-DSP: DSP support */
1126 SH_CPU_HAS_PERF_COUNTER = 0x0010, /* Hardware performance counters */
1127 SH_CPU_HAS_PTEA = 0x0020, /* PTEA register */
1128 SH_CPU_HAS_LLSC = 0x0040, /* movli.l/movco.l */
1129 SH_CPU_HAS_L2_CACHE = 0x0080, /* Secondary cache / URAM */
1130 SH_CPU_HAS_OP32 = 0x0100, /* 32-bit instruction support */
1131 SH_CPU_HAS_PTEAEX = 0x0200, /* PTE ASID Extension support */
1134 #define ELF_HWCAP get_elf_hwcap()
1136 static uint32_t get_elf_hwcap(void)
1138 SuperHCPU *cpu = SUPERH_CPU(thread_cpu);
1141 hwcap |= SH_CPU_HAS_FPU;
1143 if (cpu->env.features & SH_FEATURE_SH4A) {
1144 hwcap |= SH_CPU_HAS_LLSC;
1154 #define ELF_START_MMAP 0x80000000
1156 #define ELF_CLASS ELFCLASS32
1157 #define ELF_ARCH EM_CRIS
1159 static inline void init_thread(struct target_pt_regs *regs,
1160 struct image_info *infop)
1162 regs->erp = infop->entry;
1165 #define ELF_EXEC_PAGESIZE 8192
1171 #define ELF_START_MMAP 0x80000000
1173 #define ELF_CLASS ELFCLASS32
1174 #define ELF_ARCH EM_68K
1176 /* ??? Does this need to do anything?
1177 #define ELF_PLAT_INIT(_r) */
1179 static inline void init_thread(struct target_pt_regs *regs,
1180 struct image_info *infop)
1182 regs->usp = infop->start_stack;
1184 regs->pc = infop->entry;
1187 /* See linux kernel: arch/m68k/include/asm/elf.h. */
1189 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
1191 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUM68KState *env)
1193 (*regs)[0] = tswapreg(env->dregs[1]);
1194 (*regs)[1] = tswapreg(env->dregs[2]);
1195 (*regs)[2] = tswapreg(env->dregs[3]);
1196 (*regs)[3] = tswapreg(env->dregs[4]);
1197 (*regs)[4] = tswapreg(env->dregs[5]);
1198 (*regs)[5] = tswapreg(env->dregs[6]);
1199 (*regs)[6] = tswapreg(env->dregs[7]);
1200 (*regs)[7] = tswapreg(env->aregs[0]);
1201 (*regs)[8] = tswapreg(env->aregs[1]);
1202 (*regs)[9] = tswapreg(env->aregs[2]);
1203 (*regs)[10] = tswapreg(env->aregs[3]);
1204 (*regs)[11] = tswapreg(env->aregs[4]);
1205 (*regs)[12] = tswapreg(env->aregs[5]);
1206 (*regs)[13] = tswapreg(env->aregs[6]);
1207 (*regs)[14] = tswapreg(env->dregs[0]);
1208 (*regs)[15] = tswapreg(env->aregs[7]);
1209 (*regs)[16] = tswapreg(env->dregs[0]); /* FIXME: orig_d0 */
1210 (*regs)[17] = tswapreg(env->sr);
1211 (*regs)[18] = tswapreg(env->pc);
1212 (*regs)[19] = 0; /* FIXME: regs->format | regs->vector */
1215 #define USE_ELF_CORE_DUMP
1216 #define ELF_EXEC_PAGESIZE 8192
1222 #define ELF_START_MMAP (0x30000000000ULL)
1224 #define ELF_CLASS ELFCLASS64
1225 #define ELF_ARCH EM_ALPHA
1227 static inline void init_thread(struct target_pt_regs *regs,
1228 struct image_info *infop)
1230 regs->pc = infop->entry;
1232 regs->usp = infop->start_stack;
1235 #define ELF_EXEC_PAGESIZE 8192
1237 #endif /* TARGET_ALPHA */
1241 #define ELF_START_MMAP (0x20000000000ULL)
1243 #define ELF_CLASS ELFCLASS64
1244 #define ELF_DATA ELFDATA2MSB
1245 #define ELF_ARCH EM_S390
1247 static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop)
1249 regs->psw.addr = infop->entry;
1250 regs->psw.mask = PSW_MASK_64 | PSW_MASK_32;
1251 regs->gprs[15] = infop->start_stack;
1254 #endif /* TARGET_S390X */
1256 #ifdef TARGET_TILEGX
1258 /* 42 bits real used address, a half for user mode */
1259 #define ELF_START_MMAP (0x00000020000000000ULL)
1261 #define elf_check_arch(x) ((x) == EM_TILEGX)
1263 #define ELF_CLASS ELFCLASS64
1264 #define ELF_DATA ELFDATA2LSB
1265 #define ELF_ARCH EM_TILEGX
1267 static inline void init_thread(struct target_pt_regs *regs,
1268 struct image_info *infop)
1270 regs->pc = infop->entry;
1271 regs->sp = infop->start_stack;
1275 #define ELF_EXEC_PAGESIZE 65536 /* TILE-Gx page size is 64KB */
1277 #endif /* TARGET_TILEGX */
1281 #define ELF_START_MMAP 0x80000000
1282 #define ELF_ARCH EM_RISCV
1284 #ifdef TARGET_RISCV32
1285 #define ELF_CLASS ELFCLASS32
1287 #define ELF_CLASS ELFCLASS64
1290 static inline void init_thread(struct target_pt_regs *regs,
1291 struct image_info *infop)
1293 regs->sepc = infop->entry;
1294 regs->sp = infop->start_stack;
1297 #define ELF_EXEC_PAGESIZE 4096
1299 #endif /* TARGET_RISCV */
1303 #define ELF_START_MMAP 0x80000000
1304 #define ELF_CLASS ELFCLASS32
1305 #define ELF_ARCH EM_PARISC
1306 #define ELF_PLATFORM "PARISC"
1307 #define STACK_GROWS_DOWN 0
1308 #define STACK_ALIGNMENT 64
1310 static inline void init_thread(struct target_pt_regs *regs,
1311 struct image_info *infop)
1313 regs->iaoq[0] = infop->entry;
1314 regs->iaoq[1] = infop->entry + 4;
1316 regs->gr[24] = infop->arg_start;
1317 regs->gr[25] = (infop->arg_end - infop->arg_start) / sizeof(abi_ulong);
1318 /* The top-of-stack contains a linkage buffer. */
1319 regs->gr[30] = infop->start_stack + 64;
1320 regs->gr[31] = infop->entry;
1323 #endif /* TARGET_HPPA */
1325 #ifdef TARGET_XTENSA
1327 #define ELF_START_MMAP 0x20000000
1329 #define ELF_CLASS ELFCLASS32
1330 #define ELF_ARCH EM_XTENSA
1332 static inline void init_thread(struct target_pt_regs *regs,
1333 struct image_info *infop)
1335 regs->windowbase = 0;
1336 regs->windowstart = 1;
1337 regs->areg[1] = infop->start_stack;
1338 regs->pc = infop->entry;
1341 /* See linux kernel: arch/xtensa/include/asm/elf.h. */
1342 #define ELF_NREG 128
1343 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
1352 TARGET_REG_WINDOWSTART,
1353 TARGET_REG_WINDOWBASE,
1354 TARGET_REG_THREADPTR,
1355 TARGET_REG_AR0 = 64,
1358 static void elf_core_copy_regs(target_elf_gregset_t *regs,
1359 const CPUXtensaState *env)
1363 (*regs)[TARGET_REG_PC] = tswapreg(env->pc);
1364 (*regs)[TARGET_REG_PS] = tswapreg(env->sregs[PS] & ~PS_EXCM);
1365 (*regs)[TARGET_REG_LBEG] = tswapreg(env->sregs[LBEG]);
1366 (*regs)[TARGET_REG_LEND] = tswapreg(env->sregs[LEND]);
1367 (*regs)[TARGET_REG_LCOUNT] = tswapreg(env->sregs[LCOUNT]);
1368 (*regs)[TARGET_REG_SAR] = tswapreg(env->sregs[SAR]);
1369 (*regs)[TARGET_REG_WINDOWSTART] = tswapreg(env->sregs[WINDOW_START]);
1370 (*regs)[TARGET_REG_WINDOWBASE] = tswapreg(env->sregs[WINDOW_BASE]);
1371 (*regs)[TARGET_REG_THREADPTR] = tswapreg(env->uregs[THREADPTR]);
1372 xtensa_sync_phys_from_window((CPUXtensaState *)env);
1373 for (i = 0; i < env->config->nareg; ++i) {
1374 (*regs)[TARGET_REG_AR0 + i] = tswapreg(env->phys_regs[i]);
1378 #define USE_ELF_CORE_DUMP
1379 #define ELF_EXEC_PAGESIZE 4096
1381 #endif /* TARGET_XTENSA */
1383 #ifndef ELF_PLATFORM
1384 #define ELF_PLATFORM (NULL)
1388 #define ELF_MACHINE ELF_ARCH
1391 #ifndef elf_check_arch
1392 #define elf_check_arch(x) ((x) == ELF_ARCH)
1399 #ifndef STACK_GROWS_DOWN
1400 #define STACK_GROWS_DOWN 1
1403 #ifndef STACK_ALIGNMENT
1404 #define STACK_ALIGNMENT 16
1409 #define ELF_CLASS ELFCLASS32
1411 #define bswaptls(ptr) bswap32s(ptr)
1418 unsigned int a_info; /* Use macros N_MAGIC, etc for access */
1419 unsigned int a_text; /* length of text, in bytes */
1420 unsigned int a_data; /* length of data, in bytes */
1421 unsigned int a_bss; /* length of uninitialized data area, in bytes */
1422 unsigned int a_syms; /* length of symbol table data in file, in bytes */
1423 unsigned int a_entry; /* start address */
1424 unsigned int a_trsize; /* length of relocation info for text, in bytes */
1425 unsigned int a_drsize; /* length of relocation info for data, in bytes */
1429 #define N_MAGIC(exec) ((exec).a_info & 0xffff)
1435 /* Necessary parameters */
1436 #define TARGET_ELF_EXEC_PAGESIZE TARGET_PAGE_SIZE
1437 #define TARGET_ELF_PAGESTART(_v) ((_v) & \
1438 ~(abi_ulong)(TARGET_ELF_EXEC_PAGESIZE-1))
1439 #define TARGET_ELF_PAGEOFFSET(_v) ((_v) & (TARGET_ELF_EXEC_PAGESIZE-1))
1441 #define DLINFO_ITEMS 15
1443 static inline void memcpy_fromfs(void * to, const void * from, unsigned long n)
1445 memcpy(to, from, n);
1449 static void bswap_ehdr(struct elfhdr *ehdr)
1451 bswap16s(&ehdr->e_type); /* Object file type */
1452 bswap16s(&ehdr->e_machine); /* Architecture */
1453 bswap32s(&ehdr->e_version); /* Object file version */
1454 bswaptls(&ehdr->e_entry); /* Entry point virtual address */
1455 bswaptls(&ehdr->e_phoff); /* Program header table file offset */
1456 bswaptls(&ehdr->e_shoff); /* Section header table file offset */
1457 bswap32s(&ehdr->e_flags); /* Processor-specific flags */
1458 bswap16s(&ehdr->e_ehsize); /* ELF header size in bytes */
1459 bswap16s(&ehdr->e_phentsize); /* Program header table entry size */
1460 bswap16s(&ehdr->e_phnum); /* Program header table entry count */
1461 bswap16s(&ehdr->e_shentsize); /* Section header table entry size */
1462 bswap16s(&ehdr->e_shnum); /* Section header table entry count */
1463 bswap16s(&ehdr->e_shstrndx); /* Section header string table index */
1466 static void bswap_phdr(struct elf_phdr *phdr, int phnum)
1469 for (i = 0; i < phnum; ++i, ++phdr) {
1470 bswap32s(&phdr->p_type); /* Segment type */
1471 bswap32s(&phdr->p_flags); /* Segment flags */
1472 bswaptls(&phdr->p_offset); /* Segment file offset */
1473 bswaptls(&phdr->p_vaddr); /* Segment virtual address */
1474 bswaptls(&phdr->p_paddr); /* Segment physical address */
1475 bswaptls(&phdr->p_filesz); /* Segment size in file */
1476 bswaptls(&phdr->p_memsz); /* Segment size in memory */
1477 bswaptls(&phdr->p_align); /* Segment alignment */
1481 static void bswap_shdr(struct elf_shdr *shdr, int shnum)
1484 for (i = 0; i < shnum; ++i, ++shdr) {
1485 bswap32s(&shdr->sh_name);
1486 bswap32s(&shdr->sh_type);
1487 bswaptls(&shdr->sh_flags);
1488 bswaptls(&shdr->sh_addr);
1489 bswaptls(&shdr->sh_offset);
1490 bswaptls(&shdr->sh_size);
1491 bswap32s(&shdr->sh_link);
1492 bswap32s(&shdr->sh_info);
1493 bswaptls(&shdr->sh_addralign);
1494 bswaptls(&shdr->sh_entsize);
1498 static void bswap_sym(struct elf_sym *sym)
1500 bswap32s(&sym->st_name);
1501 bswaptls(&sym->st_value);
1502 bswaptls(&sym->st_size);
1503 bswap16s(&sym->st_shndx);
1506 static inline void bswap_ehdr(struct elfhdr *ehdr) { }
1507 static inline void bswap_phdr(struct elf_phdr *phdr, int phnum) { }
1508 static inline void bswap_shdr(struct elf_shdr *shdr, int shnum) { }
1509 static inline void bswap_sym(struct elf_sym *sym) { }
1512 #ifdef USE_ELF_CORE_DUMP
1513 static int elf_core_dump(int, const CPUArchState *);
1514 #endif /* USE_ELF_CORE_DUMP */
1515 static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias);
1517 /* Verify the portions of EHDR within E_IDENT for the target.
1518 This can be performed before bswapping the entire header. */
1519 static bool elf_check_ident(struct elfhdr *ehdr)
1521 return (ehdr->e_ident[EI_MAG0] == ELFMAG0
1522 && ehdr->e_ident[EI_MAG1] == ELFMAG1
1523 && ehdr->e_ident[EI_MAG2] == ELFMAG2
1524 && ehdr->e_ident[EI_MAG3] == ELFMAG3
1525 && ehdr->e_ident[EI_CLASS] == ELF_CLASS
1526 && ehdr->e_ident[EI_DATA] == ELF_DATA
1527 && ehdr->e_ident[EI_VERSION] == EV_CURRENT);
1530 /* Verify the portions of EHDR outside of E_IDENT for the target.
1531 This has to wait until after bswapping the header. */
1532 static bool elf_check_ehdr(struct elfhdr *ehdr)
1534 return (elf_check_arch(ehdr->e_machine)
1535 && ehdr->e_ehsize == sizeof(struct elfhdr)
1536 && ehdr->e_phentsize == sizeof(struct elf_phdr)
1537 && (ehdr->e_type == ET_EXEC || ehdr->e_type == ET_DYN));
1541 * 'copy_elf_strings()' copies argument/envelope strings from user
1542 * memory to free pages in kernel mem. These are in a format ready
1543 * to be put directly into the top of new user memory.
1546 static abi_ulong copy_elf_strings(int argc, char **argv, char *scratch,
1547 abi_ulong p, abi_ulong stack_limit)
1554 return 0; /* bullet-proofing */
1557 if (STACK_GROWS_DOWN) {
1558 int offset = ((p - 1) % TARGET_PAGE_SIZE) + 1;
1559 for (i = argc - 1; i >= 0; --i) {
1562 fprintf(stderr, "VFS: argc is wrong");
1565 len = strlen(tmp) + 1;
1568 if (len > (p - stack_limit)) {
1572 int bytes_to_copy = (len > offset) ? offset : len;
1573 tmp -= bytes_to_copy;
1575 offset -= bytes_to_copy;
1576 len -= bytes_to_copy;
1578 memcpy_fromfs(scratch + offset, tmp, bytes_to_copy);
1581 memcpy_to_target(p, scratch, top - p);
1583 offset = TARGET_PAGE_SIZE;
1588 memcpy_to_target(p, scratch + offset, top - p);
1591 int remaining = TARGET_PAGE_SIZE - (p % TARGET_PAGE_SIZE);
1592 for (i = 0; i < argc; ++i) {
1595 fprintf(stderr, "VFS: argc is wrong");
1598 len = strlen(tmp) + 1;
1599 if (len > (stack_limit - p)) {
1603 int bytes_to_copy = (len > remaining) ? remaining : len;
1605 memcpy_fromfs(scratch + (p - top), tmp, bytes_to_copy);
1607 tmp += bytes_to_copy;
1608 remaining -= bytes_to_copy;
1610 len -= bytes_to_copy;
1612 if (remaining == 0) {
1613 memcpy_to_target(top, scratch, p - top);
1615 remaining = TARGET_PAGE_SIZE;
1620 memcpy_to_target(top, scratch, p - top);
1627 /* Older linux kernels provide up to MAX_ARG_PAGES (default: 32) of
1628 * argument/environment space. Newer kernels (>2.6.33) allow more,
1629 * dependent on stack size, but guarantee at least 32 pages for
1630 * backwards compatibility.
1632 #define STACK_LOWER_LIMIT (32 * TARGET_PAGE_SIZE)
1634 static abi_ulong setup_arg_pages(struct linux_binprm *bprm,
1635 struct image_info *info)
1637 abi_ulong size, error, guard;
1639 size = guest_stack_size;
1640 if (size < STACK_LOWER_LIMIT) {
1641 size = STACK_LOWER_LIMIT;
1643 guard = TARGET_PAGE_SIZE;
1644 if (guard < qemu_real_host_page_size) {
1645 guard = qemu_real_host_page_size;
1648 error = target_mmap(0, size + guard, PROT_READ | PROT_WRITE,
1649 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
1651 perror("mmap stack");
1655 /* We reserve one extra page at the top of the stack as guard. */
1656 if (STACK_GROWS_DOWN) {
1657 target_mprotect(error, guard, PROT_NONE);
1658 info->stack_limit = error + guard;
1659 return info->stack_limit + size - sizeof(void *);
1661 target_mprotect(error + size, guard, PROT_NONE);
1662 info->stack_limit = error + size;
1667 /* Map and zero the bss. We need to explicitly zero any fractional pages
1668 after the data section (i.e. bss). */
1669 static void zero_bss(abi_ulong elf_bss, abi_ulong last_bss, int prot)
1671 uintptr_t host_start, host_map_start, host_end;
1673 last_bss = TARGET_PAGE_ALIGN(last_bss);
1675 /* ??? There is confusion between qemu_real_host_page_size and
1676 qemu_host_page_size here and elsewhere in target_mmap, which
1677 may lead to the end of the data section mapping from the file
1678 not being mapped. At least there was an explicit test and
1679 comment for that here, suggesting that "the file size must
1680 be known". The comment probably pre-dates the introduction
1681 of the fstat system call in target_mmap which does in fact
1682 find out the size. What isn't clear is if the workaround
1683 here is still actually needed. For now, continue with it,
1684 but merge it with the "normal" mmap that would allocate the bss. */
1686 host_start = (uintptr_t) g2h(elf_bss);
1687 host_end = (uintptr_t) g2h(last_bss);
1688 host_map_start = REAL_HOST_PAGE_ALIGN(host_start);
1690 if (host_map_start < host_end) {
1691 void *p = mmap((void *)host_map_start, host_end - host_map_start,
1692 prot, MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
1693 if (p == MAP_FAILED) {
1694 perror("cannot mmap brk");
1699 /* Ensure that the bss page(s) are valid */
1700 if ((page_get_flags(last_bss-1) & prot) != prot) {
1701 page_set_flags(elf_bss & TARGET_PAGE_MASK, last_bss, prot | PAGE_VALID);
1704 if (host_start < host_map_start) {
1705 memset((void *)host_start, 0, host_map_start - host_start);
1710 static int elf_is_fdpic(struct elfhdr *exec)
1712 return exec->e_ident[EI_OSABI] == ELFOSABI_ARM_FDPIC;
1715 /* Default implementation, always false. */
1716 static int elf_is_fdpic(struct elfhdr *exec)
1722 static abi_ulong loader_build_fdpic_loadmap(struct image_info *info, abi_ulong sp)
1725 struct elf32_fdpic_loadseg *loadsegs = info->loadsegs;
1727 /* elf32_fdpic_loadseg */
1731 put_user_u32(loadsegs[n].addr, sp+0);
1732 put_user_u32(loadsegs[n].p_vaddr, sp+4);
1733 put_user_u32(loadsegs[n].p_memsz, sp+8);
1736 /* elf32_fdpic_loadmap */
1738 put_user_u16(0, sp+0); /* version */
1739 put_user_u16(info->nsegs, sp+2); /* nsegs */
1741 info->personality = PER_LINUX_FDPIC;
1742 info->loadmap_addr = sp;
1747 static abi_ulong create_elf_tables(abi_ulong p, int argc, int envc,
1748 struct elfhdr *exec,
1749 struct image_info *info,
1750 struct image_info *interp_info)
1753 abi_ulong u_argc, u_argv, u_envp, u_auxv;
1756 abi_ulong u_rand_bytes;
1757 uint8_t k_rand_bytes[16];
1758 abi_ulong u_platform;
1759 const char *k_platform;
1760 const int n = sizeof(elf_addr_t);
1764 /* Needs to be before we load the env/argc/... */
1765 if (elf_is_fdpic(exec)) {
1766 /* Need 4 byte alignment for these structs */
1768 sp = loader_build_fdpic_loadmap(info, sp);
1769 info->other_info = interp_info;
1771 interp_info->other_info = info;
1772 sp = loader_build_fdpic_loadmap(interp_info, sp);
1773 info->interpreter_loadmap_addr = interp_info->loadmap_addr;
1774 info->interpreter_pt_dynamic_addr = interp_info->pt_dynamic_addr;
1776 info->interpreter_loadmap_addr = 0;
1777 info->interpreter_pt_dynamic_addr = 0;
1782 k_platform = ELF_PLATFORM;
1784 size_t len = strlen(k_platform) + 1;
1785 if (STACK_GROWS_DOWN) {
1786 sp -= (len + n - 1) & ~(n - 1);
1788 /* FIXME - check return value of memcpy_to_target() for failure */
1789 memcpy_to_target(sp, k_platform, len);
1791 memcpy_to_target(sp, k_platform, len);
1797 /* Provide 16 byte alignment for the PRNG, and basic alignment for
1798 * the argv and envp pointers.
1800 if (STACK_GROWS_DOWN) {
1801 sp = QEMU_ALIGN_DOWN(sp, 16);
1803 sp = QEMU_ALIGN_UP(sp, 16);
1807 * Generate 16 random bytes for userspace PRNG seeding (not
1808 * cryptically secure but it's not the aim of QEMU).
1810 for (i = 0; i < 16; i++) {
1811 k_rand_bytes[i] = rand();
1813 if (STACK_GROWS_DOWN) {
1816 /* FIXME - check return value of memcpy_to_target() for failure */
1817 memcpy_to_target(sp, k_rand_bytes, 16);
1819 memcpy_to_target(sp, k_rand_bytes, 16);
1824 size = (DLINFO_ITEMS + 1) * 2;
1827 #ifdef DLINFO_ARCH_ITEMS
1828 size += DLINFO_ARCH_ITEMS * 2;
1833 info->auxv_len = size * n;
1835 size += envc + argc + 2;
1836 size += 1; /* argc itself */
1839 /* Allocate space and finalize stack alignment for entry now. */
1840 if (STACK_GROWS_DOWN) {
1841 u_argc = QEMU_ALIGN_DOWN(sp - size, STACK_ALIGNMENT);
1845 sp = QEMU_ALIGN_UP(sp + size, STACK_ALIGNMENT);
1848 u_argv = u_argc + n;
1849 u_envp = u_argv + (argc + 1) * n;
1850 u_auxv = u_envp + (envc + 1) * n;
1851 info->saved_auxv = u_auxv;
1852 info->arg_start = u_argv;
1853 info->arg_end = u_argv + argc * n;
1855 /* This is correct because Linux defines
1856 * elf_addr_t as Elf32_Off / Elf64_Off
1858 #define NEW_AUX_ENT(id, val) do { \
1859 put_user_ual(id, u_auxv); u_auxv += n; \
1860 put_user_ual(val, u_auxv); u_auxv += n; \
1865 * ARCH_DLINFO must come first so platform specific code can enforce
1866 * special alignment requirements on the AUXV if necessary (eg. PPC).
1870 /* There must be exactly DLINFO_ITEMS entries here, or the assert
1871 * on info->auxv_len will trigger.
1873 NEW_AUX_ENT(AT_PHDR, (abi_ulong)(info->load_addr + exec->e_phoff));
1874 NEW_AUX_ENT(AT_PHENT, (abi_ulong)(sizeof (struct elf_phdr)));
1875 NEW_AUX_ENT(AT_PHNUM, (abi_ulong)(exec->e_phnum));
1876 NEW_AUX_ENT(AT_PAGESZ, (abi_ulong)(MAX(TARGET_PAGE_SIZE, getpagesize())));
1877 NEW_AUX_ENT(AT_BASE, (abi_ulong)(interp_info ? interp_info->load_addr : 0));
1878 NEW_AUX_ENT(AT_FLAGS, (abi_ulong)0);
1879 NEW_AUX_ENT(AT_ENTRY, info->entry);
1880 NEW_AUX_ENT(AT_UID, (abi_ulong) getuid());
1881 NEW_AUX_ENT(AT_EUID, (abi_ulong) geteuid());
1882 NEW_AUX_ENT(AT_GID, (abi_ulong) getgid());
1883 NEW_AUX_ENT(AT_EGID, (abi_ulong) getegid());
1884 NEW_AUX_ENT(AT_HWCAP, (abi_ulong) ELF_HWCAP);
1885 NEW_AUX_ENT(AT_CLKTCK, (abi_ulong) sysconf(_SC_CLK_TCK));
1886 NEW_AUX_ENT(AT_RANDOM, (abi_ulong) u_rand_bytes);
1887 NEW_AUX_ENT(AT_SECURE, (abi_ulong) qemu_getauxval(AT_SECURE));
1890 NEW_AUX_ENT(AT_HWCAP2, (abi_ulong) ELF_HWCAP2);
1894 NEW_AUX_ENT(AT_PLATFORM, u_platform);
1896 NEW_AUX_ENT (AT_NULL, 0);
1899 /* Check that our initial calculation of the auxv length matches how much
1900 * we actually put into it.
1902 assert(info->auxv_len == u_auxv - info->saved_auxv);
1904 put_user_ual(argc, u_argc);
1906 p = info->arg_strings;
1907 for (i = 0; i < argc; ++i) {
1908 put_user_ual(p, u_argv);
1910 p += target_strlen(p) + 1;
1912 put_user_ual(0, u_argv);
1914 p = info->env_strings;
1915 for (i = 0; i < envc; ++i) {
1916 put_user_ual(p, u_envp);
1918 p += target_strlen(p) + 1;
1920 put_user_ual(0, u_envp);
1925 unsigned long init_guest_space(unsigned long host_start,
1926 unsigned long host_size,
1927 unsigned long guest_start,
1930 unsigned long current_start, aligned_start;
1933 assert(host_start || host_size);
1935 /* If just a starting address is given, then just verify that
1937 if (host_start && !host_size) {
1938 #if defined(TARGET_ARM) && !defined(TARGET_AARCH64)
1939 if (init_guest_commpage(host_start, host_size) != 1) {
1940 return (unsigned long)-1;
1946 /* Setup the initial flags and start address. */
1947 current_start = host_start & qemu_host_page_mask;
1948 flags = MAP_ANONYMOUS | MAP_PRIVATE | MAP_NORESERVE;
1953 /* Otherwise, a non-zero size region of memory needs to be mapped
1956 #if defined(TARGET_ARM) && !defined(TARGET_AARCH64)
1957 /* On 32-bit ARM, we need to map not just the usable memory, but
1958 * also the commpage. Try to find a suitable place by allocating
1959 * a big chunk for all of it. If host_start, then the naive
1960 * strategy probably does good enough.
1963 unsigned long guest_full_size, host_full_size, real_start;
1966 (0xffff0f00 & qemu_host_page_mask) + qemu_host_page_size;
1967 host_full_size = guest_full_size - guest_start;
1968 real_start = (unsigned long)
1969 mmap(NULL, host_full_size, PROT_NONE, flags, -1, 0);
1970 if (real_start == (unsigned long)-1) {
1971 if (host_size < host_full_size - qemu_host_page_size) {
1972 /* We failed to map a continous segment, but we're
1973 * allowed to have a gap between the usable memory and
1974 * the commpage where other things can be mapped.
1975 * This sparseness gives us more flexibility to find
1980 return (unsigned long)-1;
1982 munmap((void *)real_start, host_full_size);
1983 if (real_start & ~qemu_host_page_mask) {
1984 /* The same thing again, but with an extra qemu_host_page_size
1985 * so that we can shift around alignment.
1987 unsigned long real_size = host_full_size + qemu_host_page_size;
1988 real_start = (unsigned long)
1989 mmap(NULL, real_size, PROT_NONE, flags, -1, 0);
1990 if (real_start == (unsigned long)-1) {
1991 if (host_size < host_full_size - qemu_host_page_size) {
1994 return (unsigned long)-1;
1996 munmap((void *)real_start, real_size);
1997 real_start = HOST_PAGE_ALIGN(real_start);
1999 current_start = real_start;
2005 unsigned long real_start, real_size, aligned_size;
2006 aligned_size = real_size = host_size;
2008 /* Do not use mmap_find_vma here because that is limited to the
2009 * guest address space. We are going to make the
2010 * guest address space fit whatever we're given.
2012 real_start = (unsigned long)
2013 mmap((void *)current_start, host_size, PROT_NONE, flags, -1, 0);
2014 if (real_start == (unsigned long)-1) {
2015 return (unsigned long)-1;
2018 /* Check to see if the address is valid. */
2019 if (host_start && real_start != current_start) {
2023 /* Ensure the address is properly aligned. */
2024 if (real_start & ~qemu_host_page_mask) {
2025 /* Ideally, we adjust like
2027 * pages: [ ][ ][ ][ ][ ]
2033 * But if there is something else mapped right after it,
2034 * then obviously it won't have room to grow, and the
2035 * kernel will put the new larger real someplace else with
2036 * unknown alignment (if we made it to here, then
2037 * fixed=false). Which is why we grow real by a full page
2038 * size, instead of by part of one; so that even if we get
2039 * moved, we can still guarantee alignment. But this does
2040 * mean that there is a padding of < 1 page both before
2041 * and after the aligned range; the "after" could could
2042 * cause problems for ARM emulation where it could butt in
2043 * to where we need to put the commpage.
2045 munmap((void *)real_start, host_size);
2046 real_size = aligned_size + qemu_host_page_size;
2047 real_start = (unsigned long)
2048 mmap((void *)real_start, real_size, PROT_NONE, flags, -1, 0);
2049 if (real_start == (unsigned long)-1) {
2050 return (unsigned long)-1;
2052 aligned_start = HOST_PAGE_ALIGN(real_start);
2054 aligned_start = real_start;
2057 #if defined(TARGET_ARM) && !defined(TARGET_AARCH64)
2058 /* On 32-bit ARM, we need to also be able to map the commpage. */
2059 int valid = init_guest_commpage(aligned_start - guest_start,
2060 aligned_size + guest_start);
2062 munmap((void *)real_start, real_size);
2063 return (unsigned long)-1;
2064 } else if (valid == 0) {
2069 /* If nothing has said `return -1` or `goto try_again` yet,
2070 * then the address we have is good.
2075 /* That address didn't work. Unmap and try a different one.
2076 * The address the host picked because is typically right at
2077 * the top of the host address space and leaves the guest with
2078 * no usable address space. Resort to a linear search. We
2079 * already compensated for mmap_min_addr, so this should not
2080 * happen often. Probably means we got unlucky and host
2081 * address space randomization put a shared library somewhere
2084 * This is probably a good strategy if host_start, but is
2085 * probably a bad strategy if not, which means we got here
2086 * because of trouble with ARM commpage setup.
2088 munmap((void *)real_start, real_size);
2089 current_start += qemu_host_page_size;
2090 if (host_start == current_start) {
2091 /* Theoretically possible if host doesn't have any suitably
2092 * aligned areas. Normally the first mmap will fail.
2094 return (unsigned long)-1;
2098 qemu_log_mask(CPU_LOG_PAGE, "Reserved 0x%lx bytes of guest address space\n", host_size);
2100 return aligned_start;
2103 static void probe_guest_base(const char *image_name,
2104 abi_ulong loaddr, abi_ulong hiaddr)
2106 /* Probe for a suitable guest base address, if the user has not set
2107 * it explicitly, and set guest_base appropriately.
2108 * In case of error we will print a suitable message and exit.
2111 if (!have_guest_base && !reserved_va) {
2112 unsigned long host_start, real_start, host_size;
2114 /* Round addresses to page boundaries. */
2115 loaddr &= qemu_host_page_mask;
2116 hiaddr = HOST_PAGE_ALIGN(hiaddr);
2118 if (loaddr < mmap_min_addr) {
2119 host_start = HOST_PAGE_ALIGN(mmap_min_addr);
2121 host_start = loaddr;
2122 if (host_start != loaddr) {
2123 errmsg = "Address overflow loading ELF binary";
2127 host_size = hiaddr - loaddr;
2129 /* Setup the initial guest memory space with ranges gleaned from
2130 * the ELF image that is being loaded.
2132 real_start = init_guest_space(host_start, host_size, loaddr, false);
2133 if (real_start == (unsigned long)-1) {
2134 errmsg = "Unable to find space for application";
2137 guest_base = real_start - loaddr;
2139 qemu_log_mask(CPU_LOG_PAGE, "Relocating guest address space from 0x"
2140 TARGET_ABI_FMT_lx " to 0x%lx\n",
2141 loaddr, real_start);
2146 fprintf(stderr, "%s: %s\n", image_name, errmsg);
2151 /* Load an ELF image into the address space.
2153 IMAGE_NAME is the filename of the image, to use in error messages.
2154 IMAGE_FD is the open file descriptor for the image.
2156 BPRM_BUF is a copy of the beginning of the file; this of course
2157 contains the elf file header at offset 0. It is assumed that this
2158 buffer is sufficiently aligned to present no problems to the host
2159 in accessing data at aligned offsets within the buffer.
2161 On return: INFO values will be filled in, as necessary or available. */
2163 static void load_elf_image(const char *image_name, int image_fd,
2164 struct image_info *info, char **pinterp_name,
2165 char bprm_buf[BPRM_BUF_SIZE])
2167 struct elfhdr *ehdr = (struct elfhdr *)bprm_buf;
2168 struct elf_phdr *phdr;
2169 abi_ulong load_addr, load_bias, loaddr, hiaddr, error;
2173 /* First of all, some simple consistency checks */
2174 errmsg = "Invalid ELF image for this architecture";
2175 if (!elf_check_ident(ehdr)) {
2179 if (!elf_check_ehdr(ehdr)) {
2183 i = ehdr->e_phnum * sizeof(struct elf_phdr);
2184 if (ehdr->e_phoff + i <= BPRM_BUF_SIZE) {
2185 phdr = (struct elf_phdr *)(bprm_buf + ehdr->e_phoff);
2187 phdr = (struct elf_phdr *) alloca(i);
2188 retval = pread(image_fd, phdr, i, ehdr->e_phoff);
2193 bswap_phdr(phdr, ehdr->e_phnum);
2196 info->pt_dynamic_addr = 0;
2200 /* Find the maximum size of the image and allocate an appropriate
2201 amount of memory to handle that. */
2202 loaddr = -1, hiaddr = 0;
2203 for (i = 0; i < ehdr->e_phnum; ++i) {
2204 if (phdr[i].p_type == PT_LOAD) {
2205 abi_ulong a = phdr[i].p_vaddr - phdr[i].p_offset;
2209 a = phdr[i].p_vaddr + phdr[i].p_memsz;
2218 if (ehdr->e_type == ET_DYN) {
2219 /* The image indicates that it can be loaded anywhere. Find a
2220 location that can hold the memory space required. If the
2221 image is pre-linked, LOADDR will be non-zero. Since we do
2222 not supply MAP_FIXED here we'll use that address if and
2223 only if it remains available. */
2224 load_addr = target_mmap(loaddr, hiaddr - loaddr, PROT_NONE,
2225 MAP_PRIVATE | MAP_ANON | MAP_NORESERVE,
2227 if (load_addr == -1) {
2230 } else if (pinterp_name != NULL) {
2231 /* This is the main executable. Make sure that the low
2232 address does not conflict with MMAP_MIN_ADDR or the
2233 QEMU application itself. */
2234 probe_guest_base(image_name, loaddr, hiaddr);
2236 load_bias = load_addr - loaddr;
2238 if (elf_is_fdpic(ehdr)) {
2239 struct elf32_fdpic_loadseg *loadsegs = info->loadsegs =
2240 g_malloc(sizeof(*loadsegs) * info->nsegs);
2242 for (i = 0; i < ehdr->e_phnum; ++i) {
2243 switch (phdr[i].p_type) {
2245 info->pt_dynamic_addr = phdr[i].p_vaddr + load_bias;
2248 loadsegs->addr = phdr[i].p_vaddr + load_bias;
2249 loadsegs->p_vaddr = phdr[i].p_vaddr;
2250 loadsegs->p_memsz = phdr[i].p_memsz;
2257 info->load_bias = load_bias;
2258 info->load_addr = load_addr;
2259 info->entry = ehdr->e_entry + load_bias;
2260 info->start_code = -1;
2262 info->start_data = -1;
2265 info->elf_flags = ehdr->e_flags;
2267 for (i = 0; i < ehdr->e_phnum; i++) {
2268 struct elf_phdr *eppnt = phdr + i;
2269 if (eppnt->p_type == PT_LOAD) {
2270 abi_ulong vaddr, vaddr_po, vaddr_ps, vaddr_ef, vaddr_em;
2273 if (eppnt->p_flags & PF_R) elf_prot = PROT_READ;
2274 if (eppnt->p_flags & PF_W) elf_prot |= PROT_WRITE;
2275 if (eppnt->p_flags & PF_X) elf_prot |= PROT_EXEC;
2277 vaddr = load_bias + eppnt->p_vaddr;
2278 vaddr_po = TARGET_ELF_PAGEOFFSET(vaddr);
2279 vaddr_ps = TARGET_ELF_PAGESTART(vaddr);
2281 error = target_mmap(vaddr_ps, eppnt->p_filesz + vaddr_po,
2282 elf_prot, MAP_PRIVATE | MAP_FIXED,
2283 image_fd, eppnt->p_offset - vaddr_po);
2288 vaddr_ef = vaddr + eppnt->p_filesz;
2289 vaddr_em = vaddr + eppnt->p_memsz;
2291 /* If the load segment requests extra zeros (e.g. bss), map it. */
2292 if (vaddr_ef < vaddr_em) {
2293 zero_bss(vaddr_ef, vaddr_em, elf_prot);
2296 /* Find the full program boundaries. */
2297 if (elf_prot & PROT_EXEC) {
2298 if (vaddr < info->start_code) {
2299 info->start_code = vaddr;
2301 if (vaddr_ef > info->end_code) {
2302 info->end_code = vaddr_ef;
2305 if (elf_prot & PROT_WRITE) {
2306 if (vaddr < info->start_data) {
2307 info->start_data = vaddr;
2309 if (vaddr_ef > info->end_data) {
2310 info->end_data = vaddr_ef;
2312 if (vaddr_em > info->brk) {
2313 info->brk = vaddr_em;
2316 } else if (eppnt->p_type == PT_INTERP && pinterp_name) {
2319 if (*pinterp_name) {
2320 errmsg = "Multiple PT_INTERP entries";
2323 interp_name = malloc(eppnt->p_filesz);
2328 if (eppnt->p_offset + eppnt->p_filesz <= BPRM_BUF_SIZE) {
2329 memcpy(interp_name, bprm_buf + eppnt->p_offset,
2332 retval = pread(image_fd, interp_name, eppnt->p_filesz,
2334 if (retval != eppnt->p_filesz) {
2338 if (interp_name[eppnt->p_filesz - 1] != 0) {
2339 errmsg = "Invalid PT_INTERP entry";
2342 *pinterp_name = interp_name;
2346 if (info->end_data == 0) {
2347 info->start_data = info->end_code;
2348 info->end_data = info->end_code;
2349 info->brk = info->end_code;
2352 if (qemu_log_enabled()) {
2353 load_symbols(ehdr, image_fd, load_bias);
2363 errmsg = "Incomplete read of file header";
2367 errmsg = strerror(errno);
2369 fprintf(stderr, "%s: %s\n", image_name, errmsg);
2373 static void load_elf_interp(const char *filename, struct image_info *info,
2374 char bprm_buf[BPRM_BUF_SIZE])
2378 fd = open(path(filename), O_RDONLY);
2383 retval = read(fd, bprm_buf, BPRM_BUF_SIZE);
2387 if (retval < BPRM_BUF_SIZE) {
2388 memset(bprm_buf + retval, 0, BPRM_BUF_SIZE - retval);
2391 load_elf_image(filename, fd, info, NULL, bprm_buf);
2395 fprintf(stderr, "%s: %s\n", filename, strerror(errno));
2399 static int symfind(const void *s0, const void *s1)
2401 target_ulong addr = *(target_ulong *)s0;
2402 struct elf_sym *sym = (struct elf_sym *)s1;
2404 if (addr < sym->st_value) {
2406 } else if (addr >= sym->st_value + sym->st_size) {
2412 static const char *lookup_symbolxx(struct syminfo *s, target_ulong orig_addr)
2414 #if ELF_CLASS == ELFCLASS32
2415 struct elf_sym *syms = s->disas_symtab.elf32;
2417 struct elf_sym *syms = s->disas_symtab.elf64;
2421 struct elf_sym *sym;
2423 sym = bsearch(&orig_addr, syms, s->disas_num_syms, sizeof(*syms), symfind);
2425 return s->disas_strtab + sym->st_name;
2431 /* FIXME: This should use elf_ops.h */
2432 static int symcmp(const void *s0, const void *s1)
2434 struct elf_sym *sym0 = (struct elf_sym *)s0;
2435 struct elf_sym *sym1 = (struct elf_sym *)s1;
2436 return (sym0->st_value < sym1->st_value)
2438 : ((sym0->st_value > sym1->st_value) ? 1 : 0);
2441 /* Best attempt to load symbols from this ELF object. */
2442 static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias)
2444 int i, shnum, nsyms, sym_idx = 0, str_idx = 0;
2446 struct elf_shdr *shdr;
2447 char *strings = NULL;
2448 struct syminfo *s = NULL;
2449 struct elf_sym *new_syms, *syms = NULL;
2451 shnum = hdr->e_shnum;
2452 i = shnum * sizeof(struct elf_shdr);
2453 shdr = (struct elf_shdr *)alloca(i);
2454 if (pread(fd, shdr, i, hdr->e_shoff) != i) {
2458 bswap_shdr(shdr, shnum);
2459 for (i = 0; i < shnum; ++i) {
2460 if (shdr[i].sh_type == SHT_SYMTAB) {
2462 str_idx = shdr[i].sh_link;
2467 /* There will be no symbol table if the file was stripped. */
2471 /* Now know where the strtab and symtab are. Snarf them. */
2472 s = g_try_new(struct syminfo, 1);
2477 segsz = shdr[str_idx].sh_size;
2478 s->disas_strtab = strings = g_try_malloc(segsz);
2480 pread(fd, strings, segsz, shdr[str_idx].sh_offset) != segsz) {
2484 segsz = shdr[sym_idx].sh_size;
2485 syms = g_try_malloc(segsz);
2486 if (!syms || pread(fd, syms, segsz, shdr[sym_idx].sh_offset) != segsz) {
2490 if (segsz / sizeof(struct elf_sym) > INT_MAX) {
2491 /* Implausibly large symbol table: give up rather than ploughing
2492 * on with the number of symbols calculation overflowing
2496 nsyms = segsz / sizeof(struct elf_sym);
2497 for (i = 0; i < nsyms; ) {
2498 bswap_sym(syms + i);
2499 /* Throw away entries which we do not need. */
2500 if (syms[i].st_shndx == SHN_UNDEF
2501 || syms[i].st_shndx >= SHN_LORESERVE
2502 || ELF_ST_TYPE(syms[i].st_info) != STT_FUNC) {
2504 syms[i] = syms[nsyms];
2507 #if defined(TARGET_ARM) || defined (TARGET_MIPS)
2508 /* The bottom address bit marks a Thumb or MIPS16 symbol. */
2509 syms[i].st_value &= ~(target_ulong)1;
2511 syms[i].st_value += load_bias;
2516 /* No "useful" symbol. */
2521 /* Attempt to free the storage associated with the local symbols
2522 that we threw away. Whether or not this has any effect on the
2523 memory allocation depends on the malloc implementation and how
2524 many symbols we managed to discard. */
2525 new_syms = g_try_renew(struct elf_sym, syms, nsyms);
2526 if (new_syms == NULL) {
2531 qsort(syms, nsyms, sizeof(*syms), symcmp);
2533 s->disas_num_syms = nsyms;
2534 #if ELF_CLASS == ELFCLASS32
2535 s->disas_symtab.elf32 = syms;
2537 s->disas_symtab.elf64 = syms;
2539 s->lookup_symbol = lookup_symbolxx;
2551 uint32_t get_elf_eflags(int fd)
2557 /* Read ELF header */
2558 offset = lseek(fd, 0, SEEK_SET);
2559 if (offset == (off_t) -1) {
2562 ret = read(fd, &ehdr, sizeof(ehdr));
2563 if (ret < sizeof(ehdr)) {
2566 offset = lseek(fd, offset, SEEK_SET);
2567 if (offset == (off_t) -1) {
2571 /* Check ELF signature */
2572 if (!elf_check_ident(&ehdr)) {
2578 if (!elf_check_ehdr(&ehdr)) {
2582 /* return architecture id */
2583 return ehdr.e_flags;
2586 int load_elf_binary(struct linux_binprm *bprm, struct image_info *info)
2588 struct image_info interp_info;
2589 struct elfhdr elf_ex;
2590 char *elf_interpreter = NULL;
2593 info->start_mmap = (abi_ulong)ELF_START_MMAP;
2595 load_elf_image(bprm->filename, bprm->fd, info,
2596 &elf_interpreter, bprm->buf);
2598 /* ??? We need a copy of the elf header for passing to create_elf_tables.
2599 If we do nothing, we'll have overwritten this when we re-use bprm->buf
2600 when we load the interpreter. */
2601 elf_ex = *(struct elfhdr *)bprm->buf;
2603 /* Do this so that we can load the interpreter, if need be. We will
2604 change some of these later */
2605 bprm->p = setup_arg_pages(bprm, info);
2607 scratch = g_new0(char, TARGET_PAGE_SIZE);
2608 if (STACK_GROWS_DOWN) {
2609 bprm->p = copy_elf_strings(1, &bprm->filename, scratch,
2610 bprm->p, info->stack_limit);
2611 info->file_string = bprm->p;
2612 bprm->p = copy_elf_strings(bprm->envc, bprm->envp, scratch,
2613 bprm->p, info->stack_limit);
2614 info->env_strings = bprm->p;
2615 bprm->p = copy_elf_strings(bprm->argc, bprm->argv, scratch,
2616 bprm->p, info->stack_limit);
2617 info->arg_strings = bprm->p;
2619 info->arg_strings = bprm->p;
2620 bprm->p = copy_elf_strings(bprm->argc, bprm->argv, scratch,
2621 bprm->p, info->stack_limit);
2622 info->env_strings = bprm->p;
2623 bprm->p = copy_elf_strings(bprm->envc, bprm->envp, scratch,
2624 bprm->p, info->stack_limit);
2625 info->file_string = bprm->p;
2626 bprm->p = copy_elf_strings(1, &bprm->filename, scratch,
2627 bprm->p, info->stack_limit);
2633 fprintf(stderr, "%s: %s\n", bprm->filename, strerror(E2BIG));
2637 if (elf_interpreter) {
2638 load_elf_interp(elf_interpreter, &interp_info, bprm->buf);
2640 /* If the program interpreter is one of these two, then assume
2641 an iBCS2 image. Otherwise assume a native linux image. */
2643 if (strcmp(elf_interpreter, "/usr/lib/libc.so.1") == 0
2644 || strcmp(elf_interpreter, "/usr/lib/ld.so.1") == 0) {
2645 info->personality = PER_SVR4;
2647 /* Why this, you ask??? Well SVr4 maps page 0 as read-only,
2648 and some applications "depend" upon this behavior. Since
2649 we do not have the power to recompile these, we emulate
2650 the SVr4 behavior. Sigh. */
2651 target_mmap(0, qemu_host_page_size, PROT_READ | PROT_EXEC,
2652 MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
2656 bprm->p = create_elf_tables(bprm->p, bprm->argc, bprm->envc, &elf_ex,
2657 info, (elf_interpreter ? &interp_info : NULL));
2658 info->start_stack = bprm->p;
2660 /* If we have an interpreter, set that as the program's entry point.
2661 Copy the load_bias as well, to help PPC64 interpret the entry
2662 point as a function descriptor. Do this after creating elf tables
2663 so that we copy the original program entry point into the AUXV. */
2664 if (elf_interpreter) {
2665 info->load_bias = interp_info.load_bias;
2666 info->entry = interp_info.entry;
2667 free(elf_interpreter);
2670 #ifdef USE_ELF_CORE_DUMP
2671 bprm->core_dump = &elf_core_dump;
2677 #ifdef USE_ELF_CORE_DUMP
2679 * Definitions to generate Intel SVR4-like core files.
2680 * These mostly have the same names as the SVR4 types with "target_elf_"
2681 * tacked on the front to prevent clashes with linux definitions,
2682 * and the typedef forms have been avoided. This is mostly like
2683 * the SVR4 structure, but more Linuxy, with things that Linux does
2684 * not support and which gdb doesn't really use excluded.
2686 * Fields we don't dump (their contents is zero) in linux-user qemu
2687 * are marked with XXX.
2689 * Core dump code is copied from linux kernel (fs/binfmt_elf.c).
2691 * Porting ELF coredump for target is (quite) simple process. First you
2692 * define USE_ELF_CORE_DUMP in target ELF code (where init_thread() for
2693 * the target resides):
2695 * #define USE_ELF_CORE_DUMP
2697 * Next you define type of register set used for dumping. ELF specification
2698 * says that it needs to be array of elf_greg_t that has size of ELF_NREG.
2700 * typedef <target_regtype> target_elf_greg_t;
2701 * #define ELF_NREG <number of registers>
2702 * typedef taret_elf_greg_t target_elf_gregset_t[ELF_NREG];
2704 * Last step is to implement target specific function that copies registers
2705 * from given cpu into just specified register set. Prototype is:
2707 * static void elf_core_copy_regs(taret_elf_gregset_t *regs,
2708 * const CPUArchState *env);
2711 * regs - copy register values into here (allocated and zeroed by caller)
2712 * env - copy registers from here
2714 * Example for ARM target is provided in this file.
2717 /* An ELF note in memory */
2721 size_t namesz_rounded;
2724 size_t datasz_rounded;
2729 struct target_elf_siginfo {
2730 abi_int si_signo; /* signal number */
2731 abi_int si_code; /* extra code */
2732 abi_int si_errno; /* errno */
2735 struct target_elf_prstatus {
2736 struct target_elf_siginfo pr_info; /* Info associated with signal */
2737 abi_short pr_cursig; /* Current signal */
2738 abi_ulong pr_sigpend; /* XXX */
2739 abi_ulong pr_sighold; /* XXX */
2740 target_pid_t pr_pid;
2741 target_pid_t pr_ppid;
2742 target_pid_t pr_pgrp;
2743 target_pid_t pr_sid;
2744 struct target_timeval pr_utime; /* XXX User time */
2745 struct target_timeval pr_stime; /* XXX System time */
2746 struct target_timeval pr_cutime; /* XXX Cumulative user time */
2747 struct target_timeval pr_cstime; /* XXX Cumulative system time */
2748 target_elf_gregset_t pr_reg; /* GP registers */
2749 abi_int pr_fpvalid; /* XXX */
2752 #define ELF_PRARGSZ (80) /* Number of chars for args */
2754 struct target_elf_prpsinfo {
2755 char pr_state; /* numeric process state */
2756 char pr_sname; /* char for pr_state */
2757 char pr_zomb; /* zombie */
2758 char pr_nice; /* nice val */
2759 abi_ulong pr_flag; /* flags */
2760 target_uid_t pr_uid;
2761 target_gid_t pr_gid;
2762 target_pid_t pr_pid, pr_ppid, pr_pgrp, pr_sid;
2764 char pr_fname[16]; /* filename of executable */
2765 char pr_psargs[ELF_PRARGSZ]; /* initial part of arg list */
2768 /* Here is the structure in which status of each thread is captured. */
2769 struct elf_thread_status {
2770 QTAILQ_ENTRY(elf_thread_status) ets_link;
2771 struct target_elf_prstatus prstatus; /* NT_PRSTATUS */
2773 elf_fpregset_t fpu; /* NT_PRFPREG */
2774 struct task_struct *thread;
2775 elf_fpxregset_t xfpu; /* ELF_CORE_XFPREG_TYPE */
2777 struct memelfnote notes[1];
2781 struct elf_note_info {
2782 struct memelfnote *notes;
2783 struct target_elf_prstatus *prstatus; /* NT_PRSTATUS */
2784 struct target_elf_prpsinfo *psinfo; /* NT_PRPSINFO */
2786 QTAILQ_HEAD(thread_list_head, elf_thread_status) thread_list;
2789 * Current version of ELF coredump doesn't support
2790 * dumping fp regs etc.
2792 elf_fpregset_t *fpu;
2793 elf_fpxregset_t *xfpu;
2794 int thread_status_size;
2800 struct vm_area_struct {
2801 target_ulong vma_start; /* start vaddr of memory region */
2802 target_ulong vma_end; /* end vaddr of memory region */
2803 abi_ulong vma_flags; /* protection etc. flags for the region */
2804 QTAILQ_ENTRY(vm_area_struct) vma_link;
2808 QTAILQ_HEAD(, vm_area_struct) mm_mmap;
2809 int mm_count; /* number of mappings */
2812 static struct mm_struct *vma_init(void);
2813 static void vma_delete(struct mm_struct *);
2814 static int vma_add_mapping(struct mm_struct *, target_ulong,
2815 target_ulong, abi_ulong);
2816 static int vma_get_mapping_count(const struct mm_struct *);
2817 static struct vm_area_struct *vma_first(const struct mm_struct *);
2818 static struct vm_area_struct *vma_next(struct vm_area_struct *);
2819 static abi_ulong vma_dump_size(const struct vm_area_struct *);
2820 static int vma_walker(void *priv, target_ulong start, target_ulong end,
2821 unsigned long flags);
2823 static void fill_elf_header(struct elfhdr *, int, uint16_t, uint32_t);
2824 static void fill_note(struct memelfnote *, const char *, int,
2825 unsigned int, void *);
2826 static void fill_prstatus(struct target_elf_prstatus *, const TaskState *, int);
2827 static int fill_psinfo(struct target_elf_prpsinfo *, const TaskState *);
2828 static void fill_auxv_note(struct memelfnote *, const TaskState *);
2829 static void fill_elf_note_phdr(struct elf_phdr *, int, off_t);
2830 static size_t note_size(const struct memelfnote *);
2831 static void free_note_info(struct elf_note_info *);
2832 static int fill_note_info(struct elf_note_info *, long, const CPUArchState *);
2833 static void fill_thread_info(struct elf_note_info *, const CPUArchState *);
2834 static int core_dump_filename(const TaskState *, char *, size_t);
2836 static int dump_write(int, const void *, size_t);
2837 static int write_note(struct memelfnote *, int);
2838 static int write_note_info(struct elf_note_info *, int);
2841 static void bswap_prstatus(struct target_elf_prstatus *prstatus)
2843 prstatus->pr_info.si_signo = tswap32(prstatus->pr_info.si_signo);
2844 prstatus->pr_info.si_code = tswap32(prstatus->pr_info.si_code);
2845 prstatus->pr_info.si_errno = tswap32(prstatus->pr_info.si_errno);
2846 prstatus->pr_cursig = tswap16(prstatus->pr_cursig);
2847 prstatus->pr_sigpend = tswapal(prstatus->pr_sigpend);
2848 prstatus->pr_sighold = tswapal(prstatus->pr_sighold);
2849 prstatus->pr_pid = tswap32(prstatus->pr_pid);
2850 prstatus->pr_ppid = tswap32(prstatus->pr_ppid);
2851 prstatus->pr_pgrp = tswap32(prstatus->pr_pgrp);
2852 prstatus->pr_sid = tswap32(prstatus->pr_sid);
2853 /* cpu times are not filled, so we skip them */
2854 /* regs should be in correct format already */
2855 prstatus->pr_fpvalid = tswap32(prstatus->pr_fpvalid);
2858 static void bswap_psinfo(struct target_elf_prpsinfo *psinfo)
2860 psinfo->pr_flag = tswapal(psinfo->pr_flag);
2861 psinfo->pr_uid = tswap16(psinfo->pr_uid);
2862 psinfo->pr_gid = tswap16(psinfo->pr_gid);
2863 psinfo->pr_pid = tswap32(psinfo->pr_pid);
2864 psinfo->pr_ppid = tswap32(psinfo->pr_ppid);
2865 psinfo->pr_pgrp = tswap32(psinfo->pr_pgrp);
2866 psinfo->pr_sid = tswap32(psinfo->pr_sid);
2869 static void bswap_note(struct elf_note *en)
2871 bswap32s(&en->n_namesz);
2872 bswap32s(&en->n_descsz);
2873 bswap32s(&en->n_type);
2876 static inline void bswap_prstatus(struct target_elf_prstatus *p) { }
2877 static inline void bswap_psinfo(struct target_elf_prpsinfo *p) {}
2878 static inline void bswap_note(struct elf_note *en) { }
2879 #endif /* BSWAP_NEEDED */
2882 * Minimal support for linux memory regions. These are needed
2883 * when we are finding out what memory exactly belongs to
2884 * emulated process. No locks needed here, as long as
2885 * thread that received the signal is stopped.
2888 static struct mm_struct *vma_init(void)
2890 struct mm_struct *mm;
2892 if ((mm = g_malloc(sizeof (*mm))) == NULL)
2896 QTAILQ_INIT(&mm->mm_mmap);
2901 static void vma_delete(struct mm_struct *mm)
2903 struct vm_area_struct *vma;
2905 while ((vma = vma_first(mm)) != NULL) {
2906 QTAILQ_REMOVE(&mm->mm_mmap, vma, vma_link);
2912 static int vma_add_mapping(struct mm_struct *mm, target_ulong start,
2913 target_ulong end, abi_ulong flags)
2915 struct vm_area_struct *vma;
2917 if ((vma = g_malloc0(sizeof (*vma))) == NULL)
2920 vma->vma_start = start;
2922 vma->vma_flags = flags;
2924 QTAILQ_INSERT_TAIL(&mm->mm_mmap, vma, vma_link);
2930 static struct vm_area_struct *vma_first(const struct mm_struct *mm)
2932 return (QTAILQ_FIRST(&mm->mm_mmap));
2935 static struct vm_area_struct *vma_next(struct vm_area_struct *vma)
2937 return (QTAILQ_NEXT(vma, vma_link));
2940 static int vma_get_mapping_count(const struct mm_struct *mm)
2942 return (mm->mm_count);
2946 * Calculate file (dump) size of given memory region.
2948 static abi_ulong vma_dump_size(const struct vm_area_struct *vma)
2950 /* if we cannot even read the first page, skip it */
2951 if (!access_ok(VERIFY_READ, vma->vma_start, TARGET_PAGE_SIZE))
2955 * Usually we don't dump executable pages as they contain
2956 * non-writable code that debugger can read directly from
2957 * target library etc. However, thread stacks are marked
2958 * also executable so we read in first page of given region
2959 * and check whether it contains elf header. If there is
2960 * no elf header, we dump it.
2962 if (vma->vma_flags & PROT_EXEC) {
2963 char page[TARGET_PAGE_SIZE];
2965 copy_from_user(page, vma->vma_start, sizeof (page));
2966 if ((page[EI_MAG0] == ELFMAG0) &&
2967 (page[EI_MAG1] == ELFMAG1) &&
2968 (page[EI_MAG2] == ELFMAG2) &&
2969 (page[EI_MAG3] == ELFMAG3)) {
2971 * Mappings are possibly from ELF binary. Don't dump
2978 return (vma->vma_end - vma->vma_start);
2981 static int vma_walker(void *priv, target_ulong start, target_ulong end,
2982 unsigned long flags)
2984 struct mm_struct *mm = (struct mm_struct *)priv;
2986 vma_add_mapping(mm, start, end, flags);
2990 static void fill_note(struct memelfnote *note, const char *name, int type,
2991 unsigned int sz, void *data)
2993 unsigned int namesz;
2995 namesz = strlen(name) + 1;
2997 note->namesz = namesz;
2998 note->namesz_rounded = roundup(namesz, sizeof (int32_t));
3001 note->datasz_rounded = roundup(sz, sizeof (int32_t));
3006 * We calculate rounded up note size here as specified by
3009 note->notesz = sizeof (struct elf_note) +
3010 note->namesz_rounded + note->datasz_rounded;
3013 static void fill_elf_header(struct elfhdr *elf, int segs, uint16_t machine,
3016 (void) memset(elf, 0, sizeof(*elf));
3018 (void) memcpy(elf->e_ident, ELFMAG, SELFMAG);
3019 elf->e_ident[EI_CLASS] = ELF_CLASS;
3020 elf->e_ident[EI_DATA] = ELF_DATA;
3021 elf->e_ident[EI_VERSION] = EV_CURRENT;
3022 elf->e_ident[EI_OSABI] = ELF_OSABI;
3024 elf->e_type = ET_CORE;
3025 elf->e_machine = machine;
3026 elf->e_version = EV_CURRENT;
3027 elf->e_phoff = sizeof(struct elfhdr);
3028 elf->e_flags = flags;
3029 elf->e_ehsize = sizeof(struct elfhdr);
3030 elf->e_phentsize = sizeof(struct elf_phdr);
3031 elf->e_phnum = segs;
3036 static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, off_t offset)
3038 phdr->p_type = PT_NOTE;
3039 phdr->p_offset = offset;
3042 phdr->p_filesz = sz;
3047 bswap_phdr(phdr, 1);
3050 static size_t note_size(const struct memelfnote *note)
3052 return (note->notesz);
3055 static void fill_prstatus(struct target_elf_prstatus *prstatus,
3056 const TaskState *ts, int signr)
3058 (void) memset(prstatus, 0, sizeof (*prstatus));
3059 prstatus->pr_info.si_signo = prstatus->pr_cursig = signr;
3060 prstatus->pr_pid = ts->ts_tid;
3061 prstatus->pr_ppid = getppid();
3062 prstatus->pr_pgrp = getpgrp();
3063 prstatus->pr_sid = getsid(0);
3065 bswap_prstatus(prstatus);
3068 static int fill_psinfo(struct target_elf_prpsinfo *psinfo, const TaskState *ts)
3070 char *base_filename;
3071 unsigned int i, len;
3073 (void) memset(psinfo, 0, sizeof (*psinfo));
3075 len = ts->info->arg_end - ts->info->arg_start;
3076 if (len >= ELF_PRARGSZ)
3077 len = ELF_PRARGSZ - 1;
3078 if (copy_from_user(&psinfo->pr_psargs, ts->info->arg_start, len))
3080 for (i = 0; i < len; i++)
3081 if (psinfo->pr_psargs[i] == 0)
3082 psinfo->pr_psargs[i] = ' ';
3083 psinfo->pr_psargs[len] = 0;
3085 psinfo->pr_pid = getpid();
3086 psinfo->pr_ppid = getppid();
3087 psinfo->pr_pgrp = getpgrp();
3088 psinfo->pr_sid = getsid(0);
3089 psinfo->pr_uid = getuid();
3090 psinfo->pr_gid = getgid();
3092 base_filename = g_path_get_basename(ts->bprm->filename);
3094 * Using strncpy here is fine: at max-length,
3095 * this field is not NUL-terminated.
3097 (void) strncpy(psinfo->pr_fname, base_filename,
3098 sizeof(psinfo->pr_fname));
3100 g_free(base_filename);
3101 bswap_psinfo(psinfo);
3105 static void fill_auxv_note(struct memelfnote *note, const TaskState *ts)
3107 elf_addr_t auxv = (elf_addr_t)ts->info->saved_auxv;
3108 elf_addr_t orig_auxv = auxv;
3110 int len = ts->info->auxv_len;
3113 * Auxiliary vector is stored in target process stack. It contains
3114 * {type, value} pairs that we need to dump into note. This is not
3115 * strictly necessary but we do it here for sake of completeness.
3118 /* read in whole auxv vector and copy it to memelfnote */
3119 ptr = lock_user(VERIFY_READ, orig_auxv, len, 0);
3121 fill_note(note, "CORE", NT_AUXV, len, ptr);
3122 unlock_user(ptr, auxv, len);
3127 * Constructs name of coredump file. We have following convention
3129 * qemu_<basename-of-target-binary>_<date>-<time>_<pid>.core
3131 * Returns 0 in case of success, -1 otherwise (errno is set).
3133 static int core_dump_filename(const TaskState *ts, char *buf,
3137 char *base_filename = NULL;
3141 assert(bufsize >= PATH_MAX);
3143 if (gettimeofday(&tv, NULL) < 0) {
3144 (void) fprintf(stderr, "unable to get current timestamp: %s",
3149 base_filename = g_path_get_basename(ts->bprm->filename);
3150 (void) strftime(timestamp, sizeof (timestamp), "%Y%m%d-%H%M%S",
3151 localtime_r(&tv.tv_sec, &tm));
3152 (void) snprintf(buf, bufsize, "qemu_%s_%s_%d.core",
3153 base_filename, timestamp, (int)getpid());
3154 g_free(base_filename);
3159 static int dump_write(int fd, const void *ptr, size_t size)
3161 const char *bufp = (const char *)ptr;
3162 ssize_t bytes_written, bytes_left;
3163 struct rlimit dumpsize;
3167 getrlimit(RLIMIT_CORE, &dumpsize);
3168 if ((pos = lseek(fd, 0, SEEK_CUR))==-1) {
3169 if (errno == ESPIPE) { /* not a seekable stream */
3175 if (dumpsize.rlim_cur <= pos) {
3177 } else if (dumpsize.rlim_cur == RLIM_INFINITY) {
3180 size_t limit_left=dumpsize.rlim_cur - pos;
3181 bytes_left = limit_left >= size ? size : limit_left ;
3186 * In normal conditions, single write(2) should do but
3187 * in case of socket etc. this mechanism is more portable.
3190 bytes_written = write(fd, bufp, bytes_left);
3191 if (bytes_written < 0) {
3195 } else if (bytes_written == 0) { /* eof */
3198 bufp += bytes_written;
3199 bytes_left -= bytes_written;
3200 } while (bytes_left > 0);
3205 static int write_note(struct memelfnote *men, int fd)
3209 en.n_namesz = men->namesz;
3210 en.n_type = men->type;
3211 en.n_descsz = men->datasz;
3215 if (dump_write(fd, &en, sizeof(en)) != 0)
3217 if (dump_write(fd, men->name, men->namesz_rounded) != 0)
3219 if (dump_write(fd, men->data, men->datasz_rounded) != 0)
3225 static void fill_thread_info(struct elf_note_info *info, const CPUArchState *env)
3227 CPUState *cpu = ENV_GET_CPU((CPUArchState *)env);
3228 TaskState *ts = (TaskState *)cpu->opaque;
3229 struct elf_thread_status *ets;
3231 ets = g_malloc0(sizeof (*ets));
3232 ets->num_notes = 1; /* only prstatus is dumped */
3233 fill_prstatus(&ets->prstatus, ts, 0);
3234 elf_core_copy_regs(&ets->prstatus.pr_reg, env);
3235 fill_note(&ets->notes[0], "CORE", NT_PRSTATUS, sizeof (ets->prstatus),
3238 QTAILQ_INSERT_TAIL(&info->thread_list, ets, ets_link);
3240 info->notes_size += note_size(&ets->notes[0]);
3243 static void init_note_info(struct elf_note_info *info)
3245 /* Initialize the elf_note_info structure so that it is at
3246 * least safe to call free_note_info() on it. Must be
3247 * called before calling fill_note_info().
3249 memset(info, 0, sizeof (*info));
3250 QTAILQ_INIT(&info->thread_list);
3253 static int fill_note_info(struct elf_note_info *info,
3254 long signr, const CPUArchState *env)
3257 CPUState *cpu = ENV_GET_CPU((CPUArchState *)env);
3258 TaskState *ts = (TaskState *)cpu->opaque;
3261 info->notes = g_new0(struct memelfnote, NUMNOTES);
3262 if (info->notes == NULL)
3264 info->prstatus = g_malloc0(sizeof (*info->prstatus));
3265 if (info->prstatus == NULL)
3267 info->psinfo = g_malloc0(sizeof (*info->psinfo));
3268 if (info->prstatus == NULL)
3272 * First fill in status (and registers) of current thread
3273 * including process info & aux vector.
3275 fill_prstatus(info->prstatus, ts, signr);
3276 elf_core_copy_regs(&info->prstatus->pr_reg, env);
3277 fill_note(&info->notes[0], "CORE", NT_PRSTATUS,
3278 sizeof (*info->prstatus), info->prstatus);
3279 fill_psinfo(info->psinfo, ts);
3280 fill_note(&info->notes[1], "CORE", NT_PRPSINFO,
3281 sizeof (*info->psinfo), info->psinfo);
3282 fill_auxv_note(&info->notes[2], ts);
3285 info->notes_size = 0;
3286 for (i = 0; i < info->numnote; i++)
3287 info->notes_size += note_size(&info->notes[i]);
3289 /* read and fill status of all threads */
3292 if (cpu == thread_cpu) {
3295 fill_thread_info(info, (CPUArchState *)cpu->env_ptr);
3302 static void free_note_info(struct elf_note_info *info)
3304 struct elf_thread_status *ets;
3306 while (!QTAILQ_EMPTY(&info->thread_list)) {
3307 ets = QTAILQ_FIRST(&info->thread_list);
3308 QTAILQ_REMOVE(&info->thread_list, ets, ets_link);
3312 g_free(info->prstatus);
3313 g_free(info->psinfo);
3314 g_free(info->notes);
3317 static int write_note_info(struct elf_note_info *info, int fd)
3319 struct elf_thread_status *ets;
3322 /* write prstatus, psinfo and auxv for current thread */
3323 for (i = 0; i < info->numnote; i++)
3324 if ((error = write_note(&info->notes[i], fd)) != 0)
3327 /* write prstatus for each thread */
3328 QTAILQ_FOREACH(ets, &info->thread_list, ets_link) {
3329 if ((error = write_note(&ets->notes[0], fd)) != 0)
3337 * Write out ELF coredump.
3339 * See documentation of ELF object file format in:
3340 * http://www.caldera.com/developers/devspecs/gabi41.pdf
3342 * Coredump format in linux is following:
3344 * 0 +----------------------+ \
3345 * | ELF header | ET_CORE |
3346 * +----------------------+ |
3347 * | ELF program headers | |--- headers
3348 * | - NOTE section | |
3349 * | - PT_LOAD sections | |
3350 * +----------------------+ /
3355 * +----------------------+ <-- aligned to target page
3356 * | Process memory dump |
3361 * +----------------------+
3363 * NT_PRSTATUS -> struct elf_prstatus (per thread)
3364 * NT_PRSINFO -> struct elf_prpsinfo
3365 * NT_AUXV is array of { type, value } pairs (see fill_auxv_note()).
3367 * Format follows System V format as close as possible. Current
3368 * version limitations are as follows:
3369 * - no floating point registers are dumped
3371 * Function returns 0 in case of success, negative errno otherwise.
3373 * TODO: make this work also during runtime: it should be
3374 * possible to force coredump from running process and then
3375 * continue processing. For example qemu could set up SIGUSR2
3376 * handler (provided that target process haven't registered
3377 * handler for that) that does the dump when signal is received.
3379 static int elf_core_dump(int signr, const CPUArchState *env)
3381 const CPUState *cpu = ENV_GET_CPU((CPUArchState *)env);
3382 const TaskState *ts = (const TaskState *)cpu->opaque;
3383 struct vm_area_struct *vma = NULL;
3384 char corefile[PATH_MAX];
3385 struct elf_note_info info;
3387 struct elf_phdr phdr;
3388 struct rlimit dumpsize;
3389 struct mm_struct *mm = NULL;
3390 off_t offset = 0, data_offset = 0;
3394 init_note_info(&info);
3397 getrlimit(RLIMIT_CORE, &dumpsize);
3398 if (dumpsize.rlim_cur == 0)
3401 if (core_dump_filename(ts, corefile, sizeof (corefile)) < 0)
3404 if ((fd = open(corefile, O_WRONLY | O_CREAT,
3405 S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)) < 0)
3409 * Walk through target process memory mappings and
3410 * set up structure containing this information. After
3411 * this point vma_xxx functions can be used.
3413 if ((mm = vma_init()) == NULL)
3416 walk_memory_regions(mm, vma_walker);
3417 segs = vma_get_mapping_count(mm);
3420 * Construct valid coredump ELF header. We also
3421 * add one more segment for notes.
3423 fill_elf_header(&elf, segs + 1, ELF_MACHINE, 0);
3424 if (dump_write(fd, &elf, sizeof (elf)) != 0)
3427 /* fill in the in-memory version of notes */
3428 if (fill_note_info(&info, signr, env) < 0)
3431 offset += sizeof (elf); /* elf header */
3432 offset += (segs + 1) * sizeof (struct elf_phdr); /* program headers */
3434 /* write out notes program header */
3435 fill_elf_note_phdr(&phdr, info.notes_size, offset);
3437 offset += info.notes_size;
3438 if (dump_write(fd, &phdr, sizeof (phdr)) != 0)
3442 * ELF specification wants data to start at page boundary so
3445 data_offset = offset = roundup(offset, ELF_EXEC_PAGESIZE);
3448 * Write program headers for memory regions mapped in
3449 * the target process.
3451 for (vma = vma_first(mm); vma != NULL; vma = vma_next(vma)) {
3452 (void) memset(&phdr, 0, sizeof (phdr));
3454 phdr.p_type = PT_LOAD;
3455 phdr.p_offset = offset;
3456 phdr.p_vaddr = vma->vma_start;
3458 phdr.p_filesz = vma_dump_size(vma);
3459 offset += phdr.p_filesz;
3460 phdr.p_memsz = vma->vma_end - vma->vma_start;
3461 phdr.p_flags = vma->vma_flags & PROT_READ ? PF_R : 0;
3462 if (vma->vma_flags & PROT_WRITE)
3463 phdr.p_flags |= PF_W;
3464 if (vma->vma_flags & PROT_EXEC)
3465 phdr.p_flags |= PF_X;
3466 phdr.p_align = ELF_EXEC_PAGESIZE;
3468 bswap_phdr(&phdr, 1);
3469 if (dump_write(fd, &phdr, sizeof(phdr)) != 0) {
3475 * Next we write notes just after program headers. No
3476 * alignment needed here.
3478 if (write_note_info(&info, fd) < 0)
3481 /* align data to page boundary */
3482 if (lseek(fd, data_offset, SEEK_SET) != data_offset)
3486 * Finally we can dump process memory into corefile as well.
3488 for (vma = vma_first(mm); vma != NULL; vma = vma_next(vma)) {
3492 end = vma->vma_start + vma_dump_size(vma);
3494 for (addr = vma->vma_start; addr < end;
3495 addr += TARGET_PAGE_SIZE) {
3496 char page[TARGET_PAGE_SIZE];
3500 * Read in page from target process memory and
3501 * write it to coredump file.
3503 error = copy_from_user(page, addr, sizeof (page));
3505 (void) fprintf(stderr, "unable to dump " TARGET_ABI_FMT_lx "\n",
3510 if (dump_write(fd, page, TARGET_PAGE_SIZE) < 0)
3516 free_note_info(&info);
3525 #endif /* USE_ELF_CORE_DUMP */
3527 void do_init_thread(struct target_pt_regs *regs, struct image_info *infop)
3529 init_thread(regs, infop);
projects / qemu.git / blob