1 /*- 2 * Copyright 1996-1998 John D. Polstra. 3 * Copyright (c) 2015 Ruslan Bukin <br@bsdpad.com> 4 * Copyright (c) 2016 Yukishige Shibata <y-shibat@mtd.biglobe.ne.jp> 5 * All rights reserved. 6 * 7 * Portions of this software were developed by SRI International and the 8 * University of Cambridge Computer Laboratory under DARPA/AFRL contract 9 * FA8750-10-C-0237 ("CTSRD"), as part of the DARPA CRASH research programme. 10 * 11 * Portions of this software were developed by the University of Cambridge 12 * Computer Laboratory as part of the CTSRD Project, with support from the 13 * UK Higher Education Innovation Fund (HEIF). 14 * 15 * Redistribution and use in source and binary forms, with or without 16 * modification, are permitted provided that the following conditions 17 * are met: 18 * 1. Redistributions of source code must retain the above copyright 19 * notice, this list of conditions and the following disclaimer. 20 * 2. Redistributions in binary form must reproduce the above copyright 21 * notice, this list of conditions and the following disclaimer in the 22 * documentation and/or other materials provided with the distribution. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 */ 36 37 #include <sys/cdefs.h> 38 __FBSDID("$FreeBSD$"); 39 40 #include <sys/param.h> 41 #include <sys/kernel.h> 42 #include <sys/systm.h> 43 #include <sys/exec.h> 44 #include <sys/imgact.h> 45 #include <sys/linker.h> 46 #include <sys/proc.h> 47 #include <sys/reg.h> 48 #include <sys/sysctl.h> 49 #include <sys/sysent.h> 50 #include <sys/imgact_elf.h> 51 #include <sys/syscall.h> 52 #include <sys/signalvar.h> 53 #include <sys/vnode.h> 54 55 #include <vm/vm.h> 56 #include <vm/pmap.h> 57 #include <vm/vm_param.h> 58 59 #include <machine/elf.h> 60 #include <machine/md_var.h> 61 62 static const char *riscv_machine_arch(struct proc *p); 63 64 u_long elf_hwcap; 65 66 static struct sysentvec elf64_freebsd_sysvec = { 67 .sv_size = SYS_MAXSYSCALL, 68 .sv_table = sysent, 69 .sv_fixup = __elfN(freebsd_fixup), 70 .sv_sendsig = sendsig, 71 .sv_sigcode = sigcode, 72 .sv_szsigcode = &szsigcode, 73 .sv_name = "FreeBSD ELF64", 74 .sv_coredump = __elfN(coredump), 75 .sv_elf_core_osabi = ELFOSABI_FREEBSD, 76 .sv_elf_core_abi_vendor = FREEBSD_ABI_VENDOR, 77 .sv_elf_core_prepare_notes = __elfN(prepare_notes), 78 .sv_imgact_try = NULL, 79 .sv_minsigstksz = MINSIGSTKSZ, 80 .sv_minuser = VM_MIN_ADDRESS, 81 .sv_maxuser = 0, /* Filled in during boot. */ 82 .sv_usrstack = 0, /* Filled in during boot. */ 83 .sv_psstrings = 0, /* Filled in during boot. */ 84 .sv_psstringssz = sizeof(struct ps_strings), 85 .sv_stackprot = VM_PROT_READ | VM_PROT_WRITE, 86 .sv_copyout_auxargs = __elfN(freebsd_copyout_auxargs), 87 .sv_copyout_strings = exec_copyout_strings, 88 .sv_setregs = exec_setregs, 89 .sv_fixlimit = NULL, 90 .sv_maxssiz = NULL, 91 .sv_flags = SV_ABI_FREEBSD | SV_LP64 | SV_SHP | SV_TIMEKEEP | 92 SV_ASLR | SV_RNG_SEED_VER, 93 .sv_set_syscall_retval = cpu_set_syscall_retval, 94 .sv_fetch_syscall_args = cpu_fetch_syscall_args, 95 .sv_syscallnames = syscallnames, 96 .sv_shared_page_base = 0, /* Filled in during boot. */ 97 .sv_shared_page_len = PAGE_SIZE, 98 .sv_schedtail = NULL, 99 .sv_thread_detach = NULL, 100 .sv_trap = NULL, 101 .sv_hwcap = &elf_hwcap, 102 .sv_machine_arch = riscv_machine_arch, 103 .sv_onexec_old = exec_onexec_old, 104 .sv_onexit = exit_onexit, 105 .sv_regset_begin = SET_BEGIN(__elfN(regset)), 106 .sv_regset_end = SET_LIMIT(__elfN(regset)), 107 }; 108 INIT_SYSENTVEC(elf64_sysvec, &elf64_freebsd_sysvec); 109 110 static const char * 111 riscv_machine_arch(struct proc *p) 112 { 113 114 if ((p->p_elf_flags & EF_RISCV_FLOAT_ABI_MASK) == 115 EF_RISCV_FLOAT_ABI_SOFT) 116 return (MACHINE_ARCH "sf"); 117 return (MACHINE_ARCH); 118 } 119 120 static Elf64_Brandinfo freebsd_brand_info = { 121 .brand = ELFOSABI_FREEBSD, 122 .machine = EM_RISCV, 123 .compat_3_brand = "FreeBSD", 124 .emul_path = NULL, 125 .interp_path = "/libexec/ld-elf.so.1", 126 .sysvec = &elf64_freebsd_sysvec, 127 .interp_newpath = NULL, 128 .brand_note = &elf64_freebsd_brandnote, 129 .flags = BI_CAN_EXEC_DYN | BI_BRAND_NOTE 130 }; 131 SYSINIT(elf64, SI_SUB_EXEC, SI_ORDER_FIRST, 132 (sysinit_cfunc_t)elf64_insert_brand_entry, &freebsd_brand_info); 133 134 static void 135 elf64_register_sysvec(void *arg) 136 { 137 struct sysentvec *sv; 138 139 sv = arg; 140 switch (pmap_mode) { 141 case PMAP_MODE_SV48: 142 sv->sv_maxuser = VM_MAX_USER_ADDRESS_SV48; 143 sv->sv_usrstack = USRSTACK_SV48; 144 sv->sv_psstrings = PS_STRINGS_SV48; 145 sv->sv_shared_page_base = SHAREDPAGE_SV48; 146 break; 147 case PMAP_MODE_SV39: 148 sv->sv_maxuser = VM_MAX_USER_ADDRESS_SV39; 149 sv->sv_usrstack = USRSTACK_SV39; 150 sv->sv_psstrings = PS_STRINGS_SV39; 151 sv->sv_shared_page_base = SHAREDPAGE_SV39; 152 break; 153 } 154 } 155 SYSINIT(elf64_register_sysvec, SI_SUB_VM, SI_ORDER_ANY, elf64_register_sysvec, 156 &elf64_freebsd_sysvec); 157 158 static bool debug_kld; 159 SYSCTL_BOOL(_debug, OID_AUTO, kld_reloc, CTLFLAG_RW, &debug_kld, 0, 160 "Activate debug prints in elf_reloc_internal()"); 161 162 struct type2str_ent { 163 int type; 164 const char *str; 165 }; 166 167 void 168 elf64_dump_thread(struct thread *td, void *dst, size_t *off) 169 { 170 171 } 172 173 /* 174 * Following 4 functions are used to manipulate bits on 32bit integer value. 175 * FIXME: I implemetend for ease-to-understand rather than for well-optimized. 176 */ 177 static uint32_t 178 gen_bitmask(int msb, int lsb) 179 { 180 uint32_t mask; 181 182 if (msb == sizeof(mask) * 8 - 1) 183 mask = ~0; 184 else 185 mask = (1U << (msb + 1)) - 1; 186 187 if (lsb > 0) 188 mask &= ~((1U << lsb) - 1); 189 190 return (mask); 191 } 192 193 static uint32_t 194 extract_bits(uint32_t x, int msb, int lsb) 195 { 196 uint32_t mask; 197 198 mask = gen_bitmask(msb, lsb); 199 200 x &= mask; 201 x >>= lsb; 202 203 return (x); 204 } 205 206 static uint32_t 207 insert_bits(uint32_t d, uint32_t s, int msb, int lsb) 208 { 209 uint32_t mask; 210 211 mask = gen_bitmask(msb, lsb); 212 213 d &= ~mask; 214 215 s <<= lsb; 216 s &= mask; 217 218 return (d | s); 219 } 220 221 static uint32_t 222 insert_imm(uint32_t insn, uint32_t imm, int imm_msb, int imm_lsb, 223 int insn_lsb) 224 { 225 int insn_msb; 226 uint32_t v; 227 228 v = extract_bits(imm, imm_msb, imm_lsb); 229 insn_msb = (imm_msb - imm_lsb) + insn_lsb; 230 231 return (insert_bits(insn, v, insn_msb, insn_lsb)); 232 } 233 234 /* 235 * The RISC-V ISA is designed so that all of immediate values are 236 * sign-extended. 237 * An immediate value is sometimes generated at runtime by adding 238 * 12bit sign integer and 20bit signed integer. This requests 20bit 239 * immediate value to be ajusted if the MSB of the 12bit immediate 240 * value is asserted (sign-extended value is treated as negative value). 241 * 242 * For example, 0x123800 can be calculated by adding upper 20 bit of 243 * 0x124000 and sign-extended 12bit immediate whose bit pattern is 244 * 0x800 as follows: 245 * 0x123800 246 * = 0x123000 + 0x800 247 * = (0x123000 + 0x1000) + (-0x1000 + 0x800) 248 * = (0x123000 + 0x1000) + (0xff...ff800) 249 * = 0x124000 + sign-extention(0x800) 250 */ 251 static uint32_t 252 calc_hi20_imm(uint32_t value) 253 { 254 /* 255 * There is the arithmetical hack that can remove conditional 256 * statement. But I implement it in straightforward way. 257 */ 258 if ((value & 0x800) != 0) 259 value += 0x1000; 260 return (value & ~0xfff); 261 } 262 263 static const struct type2str_ent t2s[] = { 264 { R_RISCV_NONE, "R_RISCV_NONE" }, 265 { R_RISCV_64, "R_RISCV_64" }, 266 { R_RISCV_JUMP_SLOT, "R_RISCV_JUMP_SLOT" }, 267 { R_RISCV_RELATIVE, "R_RISCV_RELATIVE" }, 268 { R_RISCV_JAL, "R_RISCV_JAL" }, 269 { R_RISCV_CALL, "R_RISCV_CALL" }, 270 { R_RISCV_PCREL_HI20, "R_RISCV_PCREL_HI20" }, 271 { R_RISCV_PCREL_LO12_I, "R_RISCV_PCREL_LO12_I" }, 272 { R_RISCV_PCREL_LO12_S, "R_RISCV_PCREL_LO12_S" }, 273 { R_RISCV_HI20, "R_RISCV_HI20" }, 274 { R_RISCV_LO12_I, "R_RISCV_LO12_I" }, 275 { R_RISCV_LO12_S, "R_RISCV_LO12_S" }, 276 }; 277 278 static const char * 279 reloctype_to_str(int type) 280 { 281 int i; 282 283 for (i = 0; i < sizeof(t2s) / sizeof(t2s[0]); ++i) { 284 if (type == t2s[i].type) 285 return t2s[i].str; 286 } 287 288 return "*unknown*"; 289 } 290 291 bool 292 elf_is_ifunc_reloc(Elf_Size r_info __unused) 293 { 294 295 return (false); 296 } 297 298 /* 299 * Currently kernel loadable module for RISCV is compiled with -fPIC option. 300 * (see also additional CFLAGS definition for RISCV in sys/conf/kmod.mk) 301 * Only R_RISCV_64, R_RISCV_JUMP_SLOT and RISCV_RELATIVE are emitted in 302 * the module. Other relocations will be processed when kernel loadable 303 * modules are built in non-PIC. 304 * 305 * FIXME: only RISCV64 is supported. 306 */ 307 static int 308 elf_reloc_internal(linker_file_t lf, Elf_Addr relocbase, const void *data, 309 int type, int local, elf_lookup_fn lookup) 310 { 311 Elf_Size rtype, symidx; 312 const Elf_Rela *rela; 313 Elf_Addr val, addr; 314 Elf64_Addr *where; 315 Elf_Addr addend; 316 uint32_t before32_1; 317 uint32_t before32; 318 uint64_t before64; 319 uint32_t *insn32p; 320 uint32_t imm20; 321 int error; 322 323 switch (type) { 324 case ELF_RELOC_RELA: 325 rela = (const Elf_Rela *)data; 326 where = (Elf_Addr *)(relocbase + rela->r_offset); 327 insn32p = (uint32_t *)where; 328 addend = rela->r_addend; 329 rtype = ELF_R_TYPE(rela->r_info); 330 symidx = ELF_R_SYM(rela->r_info); 331 break; 332 default: 333 printf("%s:%d unknown reloc type %d\n", 334 __FUNCTION__, __LINE__, type); 335 return (-1); 336 } 337 338 switch (rtype) { 339 case R_RISCV_NONE: 340 break; 341 342 case R_RISCV_64: 343 error = lookup(lf, symidx, 1, &addr); 344 if (error != 0) 345 return (-1); 346 347 before64 = *where; 348 *where = addr + addend; 349 if (debug_kld) 350 printf("%p %c %-24s %016lx -> %016lx\n", where, 351 (local ? 'l' : 'g'), reloctype_to_str(rtype), 352 before64, *where); 353 break; 354 355 case R_RISCV_JUMP_SLOT: 356 error = lookup(lf, symidx, 1, &addr); 357 if (error != 0) 358 return (-1); 359 360 before64 = *where; 361 *where = addr; 362 if (debug_kld) 363 printf("%p %c %-24s %016lx -> %016lx\n", where, 364 (local ? 'l' : 'g'), reloctype_to_str(rtype), 365 before64, *where); 366 break; 367 368 case R_RISCV_RELATIVE: 369 before64 = *where; 370 *where = elf_relocaddr(lf, relocbase + addend); 371 if (debug_kld) 372 printf("%p %c %-24s %016lx -> %016lx\n", where, 373 (local ? 'l' : 'g'), reloctype_to_str(rtype), 374 before64, *where); 375 break; 376 377 case R_RISCV_JAL: 378 error = lookup(lf, symidx, 1, &addr); 379 if (error != 0) 380 return (-1); 381 382 val = addr - (Elf_Addr)where; 383 if (val <= -(1UL << 20) || (1UL << 20) <= val) { 384 printf("kldload: huge offset against R_RISCV_JAL\n"); 385 return (-1); 386 } 387 388 before32 = *insn32p; 389 *insn32p = insert_imm(*insn32p, val, 20, 20, 31); 390 *insn32p = insert_imm(*insn32p, val, 10, 1, 21); 391 *insn32p = insert_imm(*insn32p, val, 11, 11, 20); 392 *insn32p = insert_imm(*insn32p, val, 19, 12, 12); 393 if (debug_kld) 394 printf("%p %c %-24s %08x -> %08x\n", where, 395 (local ? 'l' : 'g'), reloctype_to_str(rtype), 396 before32, *insn32p); 397 break; 398 399 case R_RISCV_CALL: 400 /* 401 * R_RISCV_CALL relocates 8-byte region that consists 402 * of the sequence of AUIPC and JALR. 403 */ 404 /* Calculate and check the pc relative offset. */ 405 error = lookup(lf, symidx, 1, &addr); 406 if (error != 0) 407 return (-1); 408 409 val = addr - (Elf_Addr)where; 410 if (val <= -(1UL << 32) || (1UL << 32) <= val) { 411 printf("kldload: huge offset against R_RISCV_CALL\n"); 412 return (-1); 413 } 414 415 /* Relocate AUIPC. */ 416 before32 = insn32p[0]; 417 imm20 = calc_hi20_imm(val); 418 insn32p[0] = insert_imm(insn32p[0], imm20, 31, 12, 12); 419 420 /* Relocate JALR. */ 421 before32_1 = insn32p[1]; 422 insn32p[1] = insert_imm(insn32p[1], val, 11, 0, 20); 423 if (debug_kld) 424 printf("%p %c %-24s %08x %08x -> %08x %08x\n", where, 425 (local ? 'l' : 'g'), reloctype_to_str(rtype), 426 before32, insn32p[0], before32_1, insn32p[1]); 427 break; 428 429 case R_RISCV_PCREL_HI20: 430 error = lookup(lf, symidx, 1, &addr); 431 if (error != 0) 432 return (-1); 433 434 val = addr - (Elf_Addr)where; 435 insn32p = (uint32_t *)where; 436 before32 = *insn32p; 437 imm20 = calc_hi20_imm(val); 438 *insn32p = insert_imm(*insn32p, imm20, 31, 12, 12); 439 if (debug_kld) 440 printf("%p %c %-24s %08x -> %08x\n", where, 441 (local ? 'l' : 'g'), reloctype_to_str(rtype), 442 before32, *insn32p); 443 break; 444 445 case R_RISCV_PCREL_LO12_I: 446 error = lookup(lf, symidx, 1, &addr); 447 if (error != 0) 448 return (-1); 449 450 val = addr - (Elf_Addr)where; 451 insn32p = (uint32_t *)where; 452 before32 = *insn32p; 453 *insn32p = insert_imm(*insn32p, addr, 11, 0, 20); 454 if (debug_kld) 455 printf("%p %c %-24s %08x -> %08x\n", where, 456 (local ? 'l' : 'g'), reloctype_to_str(rtype), 457 before32, *insn32p); 458 break; 459 460 case R_RISCV_PCREL_LO12_S: 461 error = lookup(lf, symidx, 1, &addr); 462 if (error != 0) 463 return (-1); 464 465 val = addr - (Elf_Addr)where; 466 insn32p = (uint32_t *)where; 467 before32 = *insn32p; 468 *insn32p = insert_imm(*insn32p, addr, 11, 5, 25); 469 *insn32p = insert_imm(*insn32p, addr, 4, 0, 7); 470 if (debug_kld) 471 printf("%p %c %-24s %08x -> %08x\n", where, 472 (local ? 'l' : 'g'), reloctype_to_str(rtype), 473 before32, *insn32p); 474 break; 475 476 case R_RISCV_HI20: 477 error = lookup(lf, symidx, 1, &addr); 478 if (error != 0) 479 return (-1); 480 481 val = addr; 482 insn32p = (uint32_t *)where; 483 before32 = *insn32p; 484 imm20 = calc_hi20_imm(val); 485 *insn32p = insert_imm(*insn32p, imm20, 31, 12, 12); 486 if (debug_kld) 487 printf("%p %c %-24s %08x -> %08x\n", where, 488 (local ? 'l' : 'g'), reloctype_to_str(rtype), 489 before32, *insn32p); 490 break; 491 492 case R_RISCV_LO12_I: 493 error = lookup(lf, symidx, 1, &addr); 494 if (error != 0) 495 return (-1); 496 497 val = addr; 498 insn32p = (uint32_t *)where; 499 before32 = *insn32p; 500 *insn32p = insert_imm(*insn32p, addr, 11, 0, 20); 501 if (debug_kld) 502 printf("%p %c %-24s %08x -> %08x\n", where, 503 (local ? 'l' : 'g'), reloctype_to_str(rtype), 504 before32, *insn32p); 505 break; 506 507 case R_RISCV_LO12_S: 508 error = lookup(lf, symidx, 1, &addr); 509 if (error != 0) 510 return (-1); 511 512 val = addr; 513 insn32p = (uint32_t *)where; 514 before32 = *insn32p; 515 *insn32p = insert_imm(*insn32p, addr, 11, 5, 25); 516 *insn32p = insert_imm(*insn32p, addr, 4, 0, 7); 517 if (debug_kld) 518 printf("%p %c %-24s %08x -> %08x\n", where, 519 (local ? 'l' : 'g'), reloctype_to_str(rtype), 520 before32, *insn32p); 521 break; 522 523 default: 524 printf("kldload: unexpected relocation type %ld, " 525 "symbol index %ld\n", rtype, symidx); 526 return (-1); 527 } 528 529 return (0); 530 } 531 532 int 533 elf_reloc(linker_file_t lf, Elf_Addr relocbase, const void *data, int type, 534 elf_lookup_fn lookup) 535 { 536 537 return (elf_reloc_internal(lf, relocbase, data, type, 0, lookup)); 538 } 539 540 int 541 elf_reloc_local(linker_file_t lf, Elf_Addr relocbase, const void *data, 542 int type, elf_lookup_fn lookup) 543 { 544 545 return (elf_reloc_internal(lf, relocbase, data, type, 1, lookup)); 546 } 547 548 int 549 elf_cpu_load_file(linker_file_t lf __unused) 550 { 551 552 return (0); 553 } 554 555 int 556 elf_cpu_unload_file(linker_file_t lf __unused) 557 { 558 559 return (0); 560 } 561 562 int 563 elf_cpu_parse_dynamic(caddr_t loadbase __unused, Elf_Dyn *dynamic __unused) 564 { 565 566 return (0); 567 } 568