1 /* This is the Linux kernel elf-loading code, ported into user space */ 2 #include "qemu/osdep.h" 3 #include <sys/param.h> 4 5 #include <sys/resource.h> 6 #include <sys/shm.h> 7 8 #include "qemu.h" 9 #include "user-internals.h" 10 #include "signal-common.h" 11 #include "loader.h" 12 #include "user-mmap.h" 13 #include "disas/disas.h" 14 #include "qemu/bitops.h" 15 #include "qemu/path.h" 16 #include "qemu/queue.h" 17 #include "qemu/guest-random.h" 18 #include "qemu/units.h" 19 #include "qemu/selfmap.h" 20 #include "qemu/lockable.h" 21 #include "qapi/error.h" 22 #include "qemu/error-report.h" 23 #include "target_signal.h" 24 #include "accel/tcg/debuginfo.h" 25 26 #ifdef _ARCH_PPC64 27 #undef ARCH_DLINFO 28 #undef ELF_PLATFORM 29 #undef ELF_HWCAP 30 #undef ELF_HWCAP2 31 #undef ELF_CLASS 32 #undef ELF_DATA 33 #undef ELF_ARCH 34 #endif 35 36 #ifndef TARGET_ARCH_HAS_SIGTRAMP_PAGE 37 #define TARGET_ARCH_HAS_SIGTRAMP_PAGE 0 38 #endif 39 40 typedef struct { 41 const uint8_t *image; 42 const uint32_t *relocs; 43 unsigned image_size; 44 unsigned reloc_count; 45 unsigned sigreturn_ofs; 46 unsigned rt_sigreturn_ofs; 47 } VdsoImageInfo; 48 49 #define ELF_OSABI ELFOSABI_SYSV 50 51 /* from personality.h */ 52 53 /* 54 * Flags for bug emulation. 55 * 56 * These occupy the top three bytes. 57 */ 58 enum { 59 ADDR_NO_RANDOMIZE = 0x0040000, /* disable randomization of VA space */ 60 FDPIC_FUNCPTRS = 0x0080000, /* userspace function ptrs point to 61 descriptors (signal handling) */ 62 MMAP_PAGE_ZERO = 0x0100000, 63 ADDR_COMPAT_LAYOUT = 0x0200000, 64 READ_IMPLIES_EXEC = 0x0400000, 65 ADDR_LIMIT_32BIT = 0x0800000, 66 SHORT_INODE = 0x1000000, 67 WHOLE_SECONDS = 0x2000000, 68 STICKY_TIMEOUTS = 0x4000000, 69 ADDR_LIMIT_3GB = 0x8000000, 70 }; 71 72 /* 73 * Personality types. 74 * 75 * These go in the low byte. Avoid using the top bit, it will 76 * conflict with error returns. 77 */ 78 enum { 79 PER_LINUX = 0x0000, 80 PER_LINUX_32BIT = 0x0000 | ADDR_LIMIT_32BIT, 81 PER_LINUX_FDPIC = 0x0000 | FDPIC_FUNCPTRS, 82 PER_SVR4 = 0x0001 | STICKY_TIMEOUTS | MMAP_PAGE_ZERO, 83 PER_SVR3 = 0x0002 | STICKY_TIMEOUTS | SHORT_INODE, 84 PER_SCOSVR3 = 0x0003 | STICKY_TIMEOUTS | WHOLE_SECONDS | SHORT_INODE, 85 PER_OSR5 = 0x0003 | STICKY_TIMEOUTS | WHOLE_SECONDS, 86 PER_WYSEV386 = 0x0004 | STICKY_TIMEOUTS | SHORT_INODE, 87 PER_ISCR4 = 0x0005 | STICKY_TIMEOUTS, 88 PER_BSD = 0x0006, 89 PER_SUNOS = 0x0006 | STICKY_TIMEOUTS, 90 PER_XENIX = 0x0007 | STICKY_TIMEOUTS | SHORT_INODE, 91 PER_LINUX32 = 0x0008, 92 PER_LINUX32_3GB = 0x0008 | ADDR_LIMIT_3GB, 93 PER_IRIX32 = 0x0009 | STICKY_TIMEOUTS,/* IRIX5 32-bit */ 94 PER_IRIXN32 = 0x000a | STICKY_TIMEOUTS,/* IRIX6 new 32-bit */ 95 PER_IRIX64 = 0x000b | STICKY_TIMEOUTS,/* IRIX6 64-bit */ 96 PER_RISCOS = 0x000c, 97 PER_SOLARIS = 0x000d | STICKY_TIMEOUTS, 98 PER_UW7 = 0x000e | STICKY_TIMEOUTS | MMAP_PAGE_ZERO, 99 PER_OSF4 = 0x000f, /* OSF/1 v4 */ 100 PER_HPUX = 0x0010, 101 PER_MASK = 0x00ff, 102 }; 103 104 /* 105 * Return the base personality without flags. 106 */ 107 #define personality(pers) (pers & PER_MASK) 108 109 int info_is_fdpic(struct image_info *info) 110 { 111 return info->personality == PER_LINUX_FDPIC; 112 } 113 114 /* this flag is uneffective under linux too, should be deleted */ 115 #ifndef MAP_DENYWRITE 116 #define MAP_DENYWRITE 0 117 #endif 118 119 /* should probably go in elf.h */ 120 #ifndef ELIBBAD 121 #define ELIBBAD 80 122 #endif 123 124 #if TARGET_BIG_ENDIAN 125 #define ELF_DATA ELFDATA2MSB 126 #else 127 #define ELF_DATA ELFDATA2LSB 128 #endif 129 130 #ifdef TARGET_ABI_MIPSN32 131 typedef abi_ullong target_elf_greg_t; 132 #define tswapreg(ptr) tswap64(ptr) 133 #else 134 typedef abi_ulong target_elf_greg_t; 135 #define tswapreg(ptr) tswapal(ptr) 136 #endif 137 138 #ifdef USE_UID16 139 typedef abi_ushort target_uid_t; 140 typedef abi_ushort target_gid_t; 141 #else 142 typedef abi_uint target_uid_t; 143 typedef abi_uint target_gid_t; 144 #endif 145 typedef abi_int target_pid_t; 146 147 #ifdef TARGET_I386 148 149 #define ELF_HWCAP get_elf_hwcap() 150 151 static uint32_t get_elf_hwcap(void) 152 { 153 X86CPU *cpu = X86_CPU(thread_cpu); 154 155 return cpu->env.features[FEAT_1_EDX]; 156 } 157 158 #ifdef TARGET_X86_64 159 #define ELF_CLASS ELFCLASS64 160 #define ELF_ARCH EM_X86_64 161 162 #define ELF_PLATFORM "x86_64" 163 164 static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop) 165 { 166 regs->rax = 0; 167 regs->rsp = infop->start_stack; 168 regs->rip = infop->entry; 169 } 170 171 #define ELF_NREG 27 172 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 173 174 /* 175 * Note that ELF_NREG should be 29 as there should be place for 176 * TRAPNO and ERR "registers" as well but linux doesn't dump 177 * those. 178 * 179 * See linux kernel: arch/x86/include/asm/elf.h 180 */ 181 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUX86State *env) 182 { 183 (*regs)[0] = tswapreg(env->regs[15]); 184 (*regs)[1] = tswapreg(env->regs[14]); 185 (*regs)[2] = tswapreg(env->regs[13]); 186 (*regs)[3] = tswapreg(env->regs[12]); 187 (*regs)[4] = tswapreg(env->regs[R_EBP]); 188 (*regs)[5] = tswapreg(env->regs[R_EBX]); 189 (*regs)[6] = tswapreg(env->regs[11]); 190 (*regs)[7] = tswapreg(env->regs[10]); 191 (*regs)[8] = tswapreg(env->regs[9]); 192 (*regs)[9] = tswapreg(env->regs[8]); 193 (*regs)[10] = tswapreg(env->regs[R_EAX]); 194 (*regs)[11] = tswapreg(env->regs[R_ECX]); 195 (*regs)[12] = tswapreg(env->regs[R_EDX]); 196 (*regs)[13] = tswapreg(env->regs[R_ESI]); 197 (*regs)[14] = tswapreg(env->regs[R_EDI]); 198 (*regs)[15] = tswapreg(env->regs[R_EAX]); /* XXX */ 199 (*regs)[16] = tswapreg(env->eip); 200 (*regs)[17] = tswapreg(env->segs[R_CS].selector & 0xffff); 201 (*regs)[18] = tswapreg(env->eflags); 202 (*regs)[19] = tswapreg(env->regs[R_ESP]); 203 (*regs)[20] = tswapreg(env->segs[R_SS].selector & 0xffff); 204 (*regs)[21] = tswapreg(env->segs[R_FS].selector & 0xffff); 205 (*regs)[22] = tswapreg(env->segs[R_GS].selector & 0xffff); 206 (*regs)[23] = tswapreg(env->segs[R_DS].selector & 0xffff); 207 (*regs)[24] = tswapreg(env->segs[R_ES].selector & 0xffff); 208 (*regs)[25] = tswapreg(env->segs[R_FS].selector & 0xffff); 209 (*regs)[26] = tswapreg(env->segs[R_GS].selector & 0xffff); 210 } 211 212 #if ULONG_MAX > UINT32_MAX 213 #define INIT_GUEST_COMMPAGE 214 static bool init_guest_commpage(void) 215 { 216 /* 217 * The vsyscall page is at a high negative address aka kernel space, 218 * which means that we cannot actually allocate it with target_mmap. 219 * We still should be able to use page_set_flags, unless the user 220 * has specified -R reserved_va, which would trigger an assert(). 221 */ 222 if (reserved_va != 0 && 223 TARGET_VSYSCALL_PAGE + TARGET_PAGE_SIZE - 1 > reserved_va) { 224 error_report("Cannot allocate vsyscall page"); 225 exit(EXIT_FAILURE); 226 } 227 page_set_flags(TARGET_VSYSCALL_PAGE, 228 TARGET_VSYSCALL_PAGE | ~TARGET_PAGE_MASK, 229 PAGE_EXEC | PAGE_VALID); 230 return true; 231 } 232 #endif 233 #else 234 235 /* 236 * This is used to ensure we don't load something for the wrong architecture. 237 */ 238 #define elf_check_arch(x) ( ((x) == EM_386) || ((x) == EM_486) ) 239 240 /* 241 * These are used to set parameters in the core dumps. 242 */ 243 #define ELF_CLASS ELFCLASS32 244 #define ELF_ARCH EM_386 245 246 #define ELF_PLATFORM get_elf_platform() 247 #define EXSTACK_DEFAULT true 248 249 static const char *get_elf_platform(void) 250 { 251 static char elf_platform[] = "i386"; 252 int family = object_property_get_int(OBJECT(thread_cpu), "family", NULL); 253 if (family > 6) { 254 family = 6; 255 } 256 if (family >= 3) { 257 elf_platform[1] = '0' + family; 258 } 259 return elf_platform; 260 } 261 262 static inline void init_thread(struct target_pt_regs *regs, 263 struct image_info *infop) 264 { 265 regs->esp = infop->start_stack; 266 regs->eip = infop->entry; 267 268 /* SVR4/i386 ABI (pages 3-31, 3-32) says that when the program 269 starts %edx contains a pointer to a function which might be 270 registered using `atexit'. This provides a mean for the 271 dynamic linker to call DT_FINI functions for shared libraries 272 that have been loaded before the code runs. 273 274 A value of 0 tells we have no such handler. */ 275 regs->edx = 0; 276 } 277 278 #define ELF_NREG 17 279 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 280 281 /* 282 * Note that ELF_NREG should be 19 as there should be place for 283 * TRAPNO and ERR "registers" as well but linux doesn't dump 284 * those. 285 * 286 * See linux kernel: arch/x86/include/asm/elf.h 287 */ 288 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUX86State *env) 289 { 290 (*regs)[0] = tswapreg(env->regs[R_EBX]); 291 (*regs)[1] = tswapreg(env->regs[R_ECX]); 292 (*regs)[2] = tswapreg(env->regs[R_EDX]); 293 (*regs)[3] = tswapreg(env->regs[R_ESI]); 294 (*regs)[4] = tswapreg(env->regs[R_EDI]); 295 (*regs)[5] = tswapreg(env->regs[R_EBP]); 296 (*regs)[6] = tswapreg(env->regs[R_EAX]); 297 (*regs)[7] = tswapreg(env->segs[R_DS].selector & 0xffff); 298 (*regs)[8] = tswapreg(env->segs[R_ES].selector & 0xffff); 299 (*regs)[9] = tswapreg(env->segs[R_FS].selector & 0xffff); 300 (*regs)[10] = tswapreg(env->segs[R_GS].selector & 0xffff); 301 (*regs)[11] = tswapreg(env->regs[R_EAX]); /* XXX */ 302 (*regs)[12] = tswapreg(env->eip); 303 (*regs)[13] = tswapreg(env->segs[R_CS].selector & 0xffff); 304 (*regs)[14] = tswapreg(env->eflags); 305 (*regs)[15] = tswapreg(env->regs[R_ESP]); 306 (*regs)[16] = tswapreg(env->segs[R_SS].selector & 0xffff); 307 } 308 309 /* 310 * i386 is the only target which supplies AT_SYSINFO for the vdso. 311 * All others only supply AT_SYSINFO_EHDR. 312 */ 313 #define DLINFO_ARCH_ITEMS (vdso_info != NULL) 314 #define ARCH_DLINFO \ 315 do { \ 316 if (vdso_info) { \ 317 NEW_AUX_ENT(AT_SYSINFO, vdso_info->entry); \ 318 } \ 319 } while (0) 320 321 #define VDSO_HEADER "vdso.c.inc" 322 323 #endif /* TARGET_X86_64 */ 324 325 #define USE_ELF_CORE_DUMP 326 #define ELF_EXEC_PAGESIZE 4096 327 328 #endif /* TARGET_I386 */ 329 330 #ifdef TARGET_ARM 331 332 #ifndef TARGET_AARCH64 333 /* 32 bit ARM definitions */ 334 335 #define ELF_ARCH EM_ARM 336 #define ELF_CLASS ELFCLASS32 337 #define EXSTACK_DEFAULT true 338 339 static inline void init_thread(struct target_pt_regs *regs, 340 struct image_info *infop) 341 { 342 abi_long stack = infop->start_stack; 343 memset(regs, 0, sizeof(*regs)); 344 345 regs->uregs[16] = ARM_CPU_MODE_USR; 346 if (infop->entry & 1) { 347 regs->uregs[16] |= CPSR_T; 348 } 349 regs->uregs[15] = infop->entry & 0xfffffffe; 350 regs->uregs[13] = infop->start_stack; 351 /* FIXME - what to for failure of get_user()? */ 352 get_user_ual(regs->uregs[2], stack + 8); /* envp */ 353 get_user_ual(regs->uregs[1], stack + 4); /* envp */ 354 /* XXX: it seems that r0 is zeroed after ! */ 355 regs->uregs[0] = 0; 356 /* For uClinux PIC binaries. */ 357 /* XXX: Linux does this only on ARM with no MMU (do we care ?) */ 358 regs->uregs[10] = infop->start_data; 359 360 /* Support ARM FDPIC. */ 361 if (info_is_fdpic(infop)) { 362 /* As described in the ABI document, r7 points to the loadmap info 363 * prepared by the kernel. If an interpreter is needed, r8 points 364 * to the interpreter loadmap and r9 points to the interpreter 365 * PT_DYNAMIC info. If no interpreter is needed, r8 is zero, and 366 * r9 points to the main program PT_DYNAMIC info. 367 */ 368 regs->uregs[7] = infop->loadmap_addr; 369 if (infop->interpreter_loadmap_addr) { 370 /* Executable is dynamically loaded. */ 371 regs->uregs[8] = infop->interpreter_loadmap_addr; 372 regs->uregs[9] = infop->interpreter_pt_dynamic_addr; 373 } else { 374 regs->uregs[8] = 0; 375 regs->uregs[9] = infop->pt_dynamic_addr; 376 } 377 } 378 } 379 380 #define ELF_NREG 18 381 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 382 383 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUARMState *env) 384 { 385 (*regs)[0] = tswapreg(env->regs[0]); 386 (*regs)[1] = tswapreg(env->regs[1]); 387 (*regs)[2] = tswapreg(env->regs[2]); 388 (*regs)[3] = tswapreg(env->regs[3]); 389 (*regs)[4] = tswapreg(env->regs[4]); 390 (*regs)[5] = tswapreg(env->regs[5]); 391 (*regs)[6] = tswapreg(env->regs[6]); 392 (*regs)[7] = tswapreg(env->regs[7]); 393 (*regs)[8] = tswapreg(env->regs[8]); 394 (*regs)[9] = tswapreg(env->regs[9]); 395 (*regs)[10] = tswapreg(env->regs[10]); 396 (*regs)[11] = tswapreg(env->regs[11]); 397 (*regs)[12] = tswapreg(env->regs[12]); 398 (*regs)[13] = tswapreg(env->regs[13]); 399 (*regs)[14] = tswapreg(env->regs[14]); 400 (*regs)[15] = tswapreg(env->regs[15]); 401 402 (*regs)[16] = tswapreg(cpsr_read((CPUARMState *)env)); 403 (*regs)[17] = tswapreg(env->regs[0]); /* XXX */ 404 } 405 406 #define USE_ELF_CORE_DUMP 407 #define ELF_EXEC_PAGESIZE 4096 408 409 enum 410 { 411 ARM_HWCAP_ARM_SWP = 1 << 0, 412 ARM_HWCAP_ARM_HALF = 1 << 1, 413 ARM_HWCAP_ARM_THUMB = 1 << 2, 414 ARM_HWCAP_ARM_26BIT = 1 << 3, 415 ARM_HWCAP_ARM_FAST_MULT = 1 << 4, 416 ARM_HWCAP_ARM_FPA = 1 << 5, 417 ARM_HWCAP_ARM_VFP = 1 << 6, 418 ARM_HWCAP_ARM_EDSP = 1 << 7, 419 ARM_HWCAP_ARM_JAVA = 1 << 8, 420 ARM_HWCAP_ARM_IWMMXT = 1 << 9, 421 ARM_HWCAP_ARM_CRUNCH = 1 << 10, 422 ARM_HWCAP_ARM_THUMBEE = 1 << 11, 423 ARM_HWCAP_ARM_NEON = 1 << 12, 424 ARM_HWCAP_ARM_VFPv3 = 1 << 13, 425 ARM_HWCAP_ARM_VFPv3D16 = 1 << 14, 426 ARM_HWCAP_ARM_TLS = 1 << 15, 427 ARM_HWCAP_ARM_VFPv4 = 1 << 16, 428 ARM_HWCAP_ARM_IDIVA = 1 << 17, 429 ARM_HWCAP_ARM_IDIVT = 1 << 18, 430 ARM_HWCAP_ARM_VFPD32 = 1 << 19, 431 ARM_HWCAP_ARM_LPAE = 1 << 20, 432 ARM_HWCAP_ARM_EVTSTRM = 1 << 21, 433 ARM_HWCAP_ARM_FPHP = 1 << 22, 434 ARM_HWCAP_ARM_ASIMDHP = 1 << 23, 435 ARM_HWCAP_ARM_ASIMDDP = 1 << 24, 436 ARM_HWCAP_ARM_ASIMDFHM = 1 << 25, 437 ARM_HWCAP_ARM_ASIMDBF16 = 1 << 26, 438 ARM_HWCAP_ARM_I8MM = 1 << 27, 439 }; 440 441 enum { 442 ARM_HWCAP2_ARM_AES = 1 << 0, 443 ARM_HWCAP2_ARM_PMULL = 1 << 1, 444 ARM_HWCAP2_ARM_SHA1 = 1 << 2, 445 ARM_HWCAP2_ARM_SHA2 = 1 << 3, 446 ARM_HWCAP2_ARM_CRC32 = 1 << 4, 447 ARM_HWCAP2_ARM_SB = 1 << 5, 448 ARM_HWCAP2_ARM_SSBS = 1 << 6, 449 }; 450 451 /* The commpage only exists for 32 bit kernels */ 452 453 #define HI_COMMPAGE (intptr_t)0xffff0f00u 454 455 static bool init_guest_commpage(void) 456 { 457 ARMCPU *cpu = ARM_CPU(thread_cpu); 458 abi_ptr commpage; 459 void *want; 460 void *addr; 461 462 /* 463 * M-profile allocates maximum of 2GB address space, so can never 464 * allocate the commpage. Skip it. 465 */ 466 if (arm_feature(&cpu->env, ARM_FEATURE_M)) { 467 return true; 468 } 469 470 commpage = HI_COMMPAGE & -qemu_host_page_size; 471 want = g2h_untagged(commpage); 472 addr = mmap(want, qemu_host_page_size, PROT_READ | PROT_WRITE, 473 MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0); 474 475 if (addr == MAP_FAILED) { 476 perror("Allocating guest commpage"); 477 exit(EXIT_FAILURE); 478 } 479 if (addr != want) { 480 return false; 481 } 482 483 /* Set kernel helper versions; rest of page is 0. */ 484 __put_user(5, (uint32_t *)g2h_untagged(0xffff0ffcu)); 485 486 if (mprotect(addr, qemu_host_page_size, PROT_READ)) { 487 perror("Protecting guest commpage"); 488 exit(EXIT_FAILURE); 489 } 490 491 page_set_flags(commpage, commpage | ~qemu_host_page_mask, 492 PAGE_READ | PAGE_EXEC | PAGE_VALID); 493 return true; 494 } 495 496 #define ELF_HWCAP get_elf_hwcap() 497 #define ELF_HWCAP2 get_elf_hwcap2() 498 499 uint32_t get_elf_hwcap(void) 500 { 501 ARMCPU *cpu = ARM_CPU(thread_cpu); 502 uint32_t hwcaps = 0; 503 504 hwcaps |= ARM_HWCAP_ARM_SWP; 505 hwcaps |= ARM_HWCAP_ARM_HALF; 506 hwcaps |= ARM_HWCAP_ARM_THUMB; 507 hwcaps |= ARM_HWCAP_ARM_FAST_MULT; 508 509 /* probe for the extra features */ 510 #define GET_FEATURE(feat, hwcap) \ 511 do { if (arm_feature(&cpu->env, feat)) { hwcaps |= hwcap; } } while (0) 512 513 #define GET_FEATURE_ID(feat, hwcap) \ 514 do { if (cpu_isar_feature(feat, cpu)) { hwcaps |= hwcap; } } while (0) 515 516 /* EDSP is in v5TE and above, but all our v5 CPUs are v5TE */ 517 GET_FEATURE(ARM_FEATURE_V5, ARM_HWCAP_ARM_EDSP); 518 GET_FEATURE(ARM_FEATURE_IWMMXT, ARM_HWCAP_ARM_IWMMXT); 519 GET_FEATURE(ARM_FEATURE_THUMB2EE, ARM_HWCAP_ARM_THUMBEE); 520 GET_FEATURE(ARM_FEATURE_NEON, ARM_HWCAP_ARM_NEON); 521 GET_FEATURE(ARM_FEATURE_V6K, ARM_HWCAP_ARM_TLS); 522 GET_FEATURE(ARM_FEATURE_LPAE, ARM_HWCAP_ARM_LPAE); 523 GET_FEATURE_ID(aa32_arm_div, ARM_HWCAP_ARM_IDIVA); 524 GET_FEATURE_ID(aa32_thumb_div, ARM_HWCAP_ARM_IDIVT); 525 GET_FEATURE_ID(aa32_vfp, ARM_HWCAP_ARM_VFP); 526 527 if (cpu_isar_feature(aa32_fpsp_v3, cpu) || 528 cpu_isar_feature(aa32_fpdp_v3, cpu)) { 529 hwcaps |= ARM_HWCAP_ARM_VFPv3; 530 if (cpu_isar_feature(aa32_simd_r32, cpu)) { 531 hwcaps |= ARM_HWCAP_ARM_VFPD32; 532 } else { 533 hwcaps |= ARM_HWCAP_ARM_VFPv3D16; 534 } 535 } 536 GET_FEATURE_ID(aa32_simdfmac, ARM_HWCAP_ARM_VFPv4); 537 /* 538 * MVFR1.FPHP and .SIMDHP must be in sync, and QEMU uses the same 539 * isar_feature function for both. The kernel reports them as two hwcaps. 540 */ 541 GET_FEATURE_ID(aa32_fp16_arith, ARM_HWCAP_ARM_FPHP); 542 GET_FEATURE_ID(aa32_fp16_arith, ARM_HWCAP_ARM_ASIMDHP); 543 GET_FEATURE_ID(aa32_dp, ARM_HWCAP_ARM_ASIMDDP); 544 GET_FEATURE_ID(aa32_fhm, ARM_HWCAP_ARM_ASIMDFHM); 545 GET_FEATURE_ID(aa32_bf16, ARM_HWCAP_ARM_ASIMDBF16); 546 GET_FEATURE_ID(aa32_i8mm, ARM_HWCAP_ARM_I8MM); 547 548 return hwcaps; 549 } 550 551 uint32_t get_elf_hwcap2(void) 552 { 553 ARMCPU *cpu = ARM_CPU(thread_cpu); 554 uint32_t hwcaps = 0; 555 556 GET_FEATURE_ID(aa32_aes, ARM_HWCAP2_ARM_AES); 557 GET_FEATURE_ID(aa32_pmull, ARM_HWCAP2_ARM_PMULL); 558 GET_FEATURE_ID(aa32_sha1, ARM_HWCAP2_ARM_SHA1); 559 GET_FEATURE_ID(aa32_sha2, ARM_HWCAP2_ARM_SHA2); 560 GET_FEATURE_ID(aa32_crc32, ARM_HWCAP2_ARM_CRC32); 561 GET_FEATURE_ID(aa32_sb, ARM_HWCAP2_ARM_SB); 562 GET_FEATURE_ID(aa32_ssbs, ARM_HWCAP2_ARM_SSBS); 563 return hwcaps; 564 } 565 566 const char *elf_hwcap_str(uint32_t bit) 567 { 568 static const char *hwcap_str[] = { 569 [__builtin_ctz(ARM_HWCAP_ARM_SWP )] = "swp", 570 [__builtin_ctz(ARM_HWCAP_ARM_HALF )] = "half", 571 [__builtin_ctz(ARM_HWCAP_ARM_THUMB )] = "thumb", 572 [__builtin_ctz(ARM_HWCAP_ARM_26BIT )] = "26bit", 573 [__builtin_ctz(ARM_HWCAP_ARM_FAST_MULT)] = "fast_mult", 574 [__builtin_ctz(ARM_HWCAP_ARM_FPA )] = "fpa", 575 [__builtin_ctz(ARM_HWCAP_ARM_VFP )] = "vfp", 576 [__builtin_ctz(ARM_HWCAP_ARM_EDSP )] = "edsp", 577 [__builtin_ctz(ARM_HWCAP_ARM_JAVA )] = "java", 578 [__builtin_ctz(ARM_HWCAP_ARM_IWMMXT )] = "iwmmxt", 579 [__builtin_ctz(ARM_HWCAP_ARM_CRUNCH )] = "crunch", 580 [__builtin_ctz(ARM_HWCAP_ARM_THUMBEE )] = "thumbee", 581 [__builtin_ctz(ARM_HWCAP_ARM_NEON )] = "neon", 582 [__builtin_ctz(ARM_HWCAP_ARM_VFPv3 )] = "vfpv3", 583 [__builtin_ctz(ARM_HWCAP_ARM_VFPv3D16 )] = "vfpv3d16", 584 [__builtin_ctz(ARM_HWCAP_ARM_TLS )] = "tls", 585 [__builtin_ctz(ARM_HWCAP_ARM_VFPv4 )] = "vfpv4", 586 [__builtin_ctz(ARM_HWCAP_ARM_IDIVA )] = "idiva", 587 [__builtin_ctz(ARM_HWCAP_ARM_IDIVT )] = "idivt", 588 [__builtin_ctz(ARM_HWCAP_ARM_VFPD32 )] = "vfpd32", 589 [__builtin_ctz(ARM_HWCAP_ARM_LPAE )] = "lpae", 590 [__builtin_ctz(ARM_HWCAP_ARM_EVTSTRM )] = "evtstrm", 591 [__builtin_ctz(ARM_HWCAP_ARM_FPHP )] = "fphp", 592 [__builtin_ctz(ARM_HWCAP_ARM_ASIMDHP )] = "asimdhp", 593 [__builtin_ctz(ARM_HWCAP_ARM_ASIMDDP )] = "asimddp", 594 [__builtin_ctz(ARM_HWCAP_ARM_ASIMDFHM )] = "asimdfhm", 595 [__builtin_ctz(ARM_HWCAP_ARM_ASIMDBF16)] = "asimdbf16", 596 [__builtin_ctz(ARM_HWCAP_ARM_I8MM )] = "i8mm", 597 }; 598 599 return bit < ARRAY_SIZE(hwcap_str) ? hwcap_str[bit] : NULL; 600 } 601 602 const char *elf_hwcap2_str(uint32_t bit) 603 { 604 static const char *hwcap_str[] = { 605 [__builtin_ctz(ARM_HWCAP2_ARM_AES )] = "aes", 606 [__builtin_ctz(ARM_HWCAP2_ARM_PMULL)] = "pmull", 607 [__builtin_ctz(ARM_HWCAP2_ARM_SHA1 )] = "sha1", 608 [__builtin_ctz(ARM_HWCAP2_ARM_SHA2 )] = "sha2", 609 [__builtin_ctz(ARM_HWCAP2_ARM_CRC32)] = "crc32", 610 [__builtin_ctz(ARM_HWCAP2_ARM_SB )] = "sb", 611 [__builtin_ctz(ARM_HWCAP2_ARM_SSBS )] = "ssbs", 612 }; 613 614 return bit < ARRAY_SIZE(hwcap_str) ? hwcap_str[bit] : NULL; 615 } 616 617 #undef GET_FEATURE 618 #undef GET_FEATURE_ID 619 620 #define ELF_PLATFORM get_elf_platform() 621 622 static const char *get_elf_platform(void) 623 { 624 CPUARMState *env = cpu_env(thread_cpu); 625 626 #if TARGET_BIG_ENDIAN 627 # define END "b" 628 #else 629 # define END "l" 630 #endif 631 632 if (arm_feature(env, ARM_FEATURE_V8)) { 633 return "v8" END; 634 } else if (arm_feature(env, ARM_FEATURE_V7)) { 635 if (arm_feature(env, ARM_FEATURE_M)) { 636 return "v7m" END; 637 } else { 638 return "v7" END; 639 } 640 } else if (arm_feature(env, ARM_FEATURE_V6)) { 641 return "v6" END; 642 } else if (arm_feature(env, ARM_FEATURE_V5)) { 643 return "v5" END; 644 } else { 645 return "v4" END; 646 } 647 648 #undef END 649 } 650 651 #else 652 /* 64 bit ARM definitions */ 653 654 #define ELF_ARCH EM_AARCH64 655 #define ELF_CLASS ELFCLASS64 656 #if TARGET_BIG_ENDIAN 657 # define ELF_PLATFORM "aarch64_be" 658 #else 659 # define ELF_PLATFORM "aarch64" 660 #endif 661 662 static inline void init_thread(struct target_pt_regs *regs, 663 struct image_info *infop) 664 { 665 abi_long stack = infop->start_stack; 666 memset(regs, 0, sizeof(*regs)); 667 668 regs->pc = infop->entry & ~0x3ULL; 669 regs->sp = stack; 670 } 671 672 #define ELF_NREG 34 673 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 674 675 static void elf_core_copy_regs(target_elf_gregset_t *regs, 676 const CPUARMState *env) 677 { 678 int i; 679 680 for (i = 0; i < 32; i++) { 681 (*regs)[i] = tswapreg(env->xregs[i]); 682 } 683 (*regs)[32] = tswapreg(env->pc); 684 (*regs)[33] = tswapreg(pstate_read((CPUARMState *)env)); 685 } 686 687 #define USE_ELF_CORE_DUMP 688 #define ELF_EXEC_PAGESIZE 4096 689 690 enum { 691 ARM_HWCAP_A64_FP = 1 << 0, 692 ARM_HWCAP_A64_ASIMD = 1 << 1, 693 ARM_HWCAP_A64_EVTSTRM = 1 << 2, 694 ARM_HWCAP_A64_AES = 1 << 3, 695 ARM_HWCAP_A64_PMULL = 1 << 4, 696 ARM_HWCAP_A64_SHA1 = 1 << 5, 697 ARM_HWCAP_A64_SHA2 = 1 << 6, 698 ARM_HWCAP_A64_CRC32 = 1 << 7, 699 ARM_HWCAP_A64_ATOMICS = 1 << 8, 700 ARM_HWCAP_A64_FPHP = 1 << 9, 701 ARM_HWCAP_A64_ASIMDHP = 1 << 10, 702 ARM_HWCAP_A64_CPUID = 1 << 11, 703 ARM_HWCAP_A64_ASIMDRDM = 1 << 12, 704 ARM_HWCAP_A64_JSCVT = 1 << 13, 705 ARM_HWCAP_A64_FCMA = 1 << 14, 706 ARM_HWCAP_A64_LRCPC = 1 << 15, 707 ARM_HWCAP_A64_DCPOP = 1 << 16, 708 ARM_HWCAP_A64_SHA3 = 1 << 17, 709 ARM_HWCAP_A64_SM3 = 1 << 18, 710 ARM_HWCAP_A64_SM4 = 1 << 19, 711 ARM_HWCAP_A64_ASIMDDP = 1 << 20, 712 ARM_HWCAP_A64_SHA512 = 1 << 21, 713 ARM_HWCAP_A64_SVE = 1 << 22, 714 ARM_HWCAP_A64_ASIMDFHM = 1 << 23, 715 ARM_HWCAP_A64_DIT = 1 << 24, 716 ARM_HWCAP_A64_USCAT = 1 << 25, 717 ARM_HWCAP_A64_ILRCPC = 1 << 26, 718 ARM_HWCAP_A64_FLAGM = 1 << 27, 719 ARM_HWCAP_A64_SSBS = 1 << 28, 720 ARM_HWCAP_A64_SB = 1 << 29, 721 ARM_HWCAP_A64_PACA = 1 << 30, 722 ARM_HWCAP_A64_PACG = 1UL << 31, 723 724 ARM_HWCAP2_A64_DCPODP = 1 << 0, 725 ARM_HWCAP2_A64_SVE2 = 1 << 1, 726 ARM_HWCAP2_A64_SVEAES = 1 << 2, 727 ARM_HWCAP2_A64_SVEPMULL = 1 << 3, 728 ARM_HWCAP2_A64_SVEBITPERM = 1 << 4, 729 ARM_HWCAP2_A64_SVESHA3 = 1 << 5, 730 ARM_HWCAP2_A64_SVESM4 = 1 << 6, 731 ARM_HWCAP2_A64_FLAGM2 = 1 << 7, 732 ARM_HWCAP2_A64_FRINT = 1 << 8, 733 ARM_HWCAP2_A64_SVEI8MM = 1 << 9, 734 ARM_HWCAP2_A64_SVEF32MM = 1 << 10, 735 ARM_HWCAP2_A64_SVEF64MM = 1 << 11, 736 ARM_HWCAP2_A64_SVEBF16 = 1 << 12, 737 ARM_HWCAP2_A64_I8MM = 1 << 13, 738 ARM_HWCAP2_A64_BF16 = 1 << 14, 739 ARM_HWCAP2_A64_DGH = 1 << 15, 740 ARM_HWCAP2_A64_RNG = 1 << 16, 741 ARM_HWCAP2_A64_BTI = 1 << 17, 742 ARM_HWCAP2_A64_MTE = 1 << 18, 743 ARM_HWCAP2_A64_ECV = 1 << 19, 744 ARM_HWCAP2_A64_AFP = 1 << 20, 745 ARM_HWCAP2_A64_RPRES = 1 << 21, 746 ARM_HWCAP2_A64_MTE3 = 1 << 22, 747 ARM_HWCAP2_A64_SME = 1 << 23, 748 ARM_HWCAP2_A64_SME_I16I64 = 1 << 24, 749 ARM_HWCAP2_A64_SME_F64F64 = 1 << 25, 750 ARM_HWCAP2_A64_SME_I8I32 = 1 << 26, 751 ARM_HWCAP2_A64_SME_F16F32 = 1 << 27, 752 ARM_HWCAP2_A64_SME_B16F32 = 1 << 28, 753 ARM_HWCAP2_A64_SME_F32F32 = 1 << 29, 754 ARM_HWCAP2_A64_SME_FA64 = 1 << 30, 755 ARM_HWCAP2_A64_WFXT = 1ULL << 31, 756 ARM_HWCAP2_A64_EBF16 = 1ULL << 32, 757 ARM_HWCAP2_A64_SVE_EBF16 = 1ULL << 33, 758 ARM_HWCAP2_A64_CSSC = 1ULL << 34, 759 ARM_HWCAP2_A64_RPRFM = 1ULL << 35, 760 ARM_HWCAP2_A64_SVE2P1 = 1ULL << 36, 761 ARM_HWCAP2_A64_SME2 = 1ULL << 37, 762 ARM_HWCAP2_A64_SME2P1 = 1ULL << 38, 763 ARM_HWCAP2_A64_SME_I16I32 = 1ULL << 39, 764 ARM_HWCAP2_A64_SME_BI32I32 = 1ULL << 40, 765 ARM_HWCAP2_A64_SME_B16B16 = 1ULL << 41, 766 ARM_HWCAP2_A64_SME_F16F16 = 1ULL << 42, 767 ARM_HWCAP2_A64_MOPS = 1ULL << 43, 768 ARM_HWCAP2_A64_HBC = 1ULL << 44, 769 }; 770 771 #define ELF_HWCAP get_elf_hwcap() 772 #define ELF_HWCAP2 get_elf_hwcap2() 773 774 #define GET_FEATURE_ID(feat, hwcap) \ 775 do { if (cpu_isar_feature(feat, cpu)) { hwcaps |= hwcap; } } while (0) 776 777 uint32_t get_elf_hwcap(void) 778 { 779 ARMCPU *cpu = ARM_CPU(thread_cpu); 780 uint32_t hwcaps = 0; 781 782 hwcaps |= ARM_HWCAP_A64_FP; 783 hwcaps |= ARM_HWCAP_A64_ASIMD; 784 hwcaps |= ARM_HWCAP_A64_CPUID; 785 786 /* probe for the extra features */ 787 788 GET_FEATURE_ID(aa64_aes, ARM_HWCAP_A64_AES); 789 GET_FEATURE_ID(aa64_pmull, ARM_HWCAP_A64_PMULL); 790 GET_FEATURE_ID(aa64_sha1, ARM_HWCAP_A64_SHA1); 791 GET_FEATURE_ID(aa64_sha256, ARM_HWCAP_A64_SHA2); 792 GET_FEATURE_ID(aa64_sha512, ARM_HWCAP_A64_SHA512); 793 GET_FEATURE_ID(aa64_crc32, ARM_HWCAP_A64_CRC32); 794 GET_FEATURE_ID(aa64_sha3, ARM_HWCAP_A64_SHA3); 795 GET_FEATURE_ID(aa64_sm3, ARM_HWCAP_A64_SM3); 796 GET_FEATURE_ID(aa64_sm4, ARM_HWCAP_A64_SM4); 797 GET_FEATURE_ID(aa64_fp16, ARM_HWCAP_A64_FPHP | ARM_HWCAP_A64_ASIMDHP); 798 GET_FEATURE_ID(aa64_atomics, ARM_HWCAP_A64_ATOMICS); 799 GET_FEATURE_ID(aa64_rdm, ARM_HWCAP_A64_ASIMDRDM); 800 GET_FEATURE_ID(aa64_dp, ARM_HWCAP_A64_ASIMDDP); 801 GET_FEATURE_ID(aa64_fcma, ARM_HWCAP_A64_FCMA); 802 GET_FEATURE_ID(aa64_sve, ARM_HWCAP_A64_SVE); 803 GET_FEATURE_ID(aa64_pauth, ARM_HWCAP_A64_PACA | ARM_HWCAP_A64_PACG); 804 GET_FEATURE_ID(aa64_fhm, ARM_HWCAP_A64_ASIMDFHM); 805 GET_FEATURE_ID(aa64_jscvt, ARM_HWCAP_A64_JSCVT); 806 GET_FEATURE_ID(aa64_sb, ARM_HWCAP_A64_SB); 807 GET_FEATURE_ID(aa64_condm_4, ARM_HWCAP_A64_FLAGM); 808 GET_FEATURE_ID(aa64_dcpop, ARM_HWCAP_A64_DCPOP); 809 GET_FEATURE_ID(aa64_rcpc_8_3, ARM_HWCAP_A64_LRCPC); 810 GET_FEATURE_ID(aa64_rcpc_8_4, ARM_HWCAP_A64_ILRCPC); 811 812 return hwcaps; 813 } 814 815 uint32_t get_elf_hwcap2(void) 816 { 817 ARMCPU *cpu = ARM_CPU(thread_cpu); 818 uint32_t hwcaps = 0; 819 820 GET_FEATURE_ID(aa64_dcpodp, ARM_HWCAP2_A64_DCPODP); 821 GET_FEATURE_ID(aa64_sve2, ARM_HWCAP2_A64_SVE2); 822 GET_FEATURE_ID(aa64_sve2_aes, ARM_HWCAP2_A64_SVEAES); 823 GET_FEATURE_ID(aa64_sve2_pmull128, ARM_HWCAP2_A64_SVEPMULL); 824 GET_FEATURE_ID(aa64_sve2_bitperm, ARM_HWCAP2_A64_SVEBITPERM); 825 GET_FEATURE_ID(aa64_sve2_sha3, ARM_HWCAP2_A64_SVESHA3); 826 GET_FEATURE_ID(aa64_sve2_sm4, ARM_HWCAP2_A64_SVESM4); 827 GET_FEATURE_ID(aa64_condm_5, ARM_HWCAP2_A64_FLAGM2); 828 GET_FEATURE_ID(aa64_frint, ARM_HWCAP2_A64_FRINT); 829 GET_FEATURE_ID(aa64_sve_i8mm, ARM_HWCAP2_A64_SVEI8MM); 830 GET_FEATURE_ID(aa64_sve_f32mm, ARM_HWCAP2_A64_SVEF32MM); 831 GET_FEATURE_ID(aa64_sve_f64mm, ARM_HWCAP2_A64_SVEF64MM); 832 GET_FEATURE_ID(aa64_sve_bf16, ARM_HWCAP2_A64_SVEBF16); 833 GET_FEATURE_ID(aa64_i8mm, ARM_HWCAP2_A64_I8MM); 834 GET_FEATURE_ID(aa64_bf16, ARM_HWCAP2_A64_BF16); 835 GET_FEATURE_ID(aa64_rndr, ARM_HWCAP2_A64_RNG); 836 GET_FEATURE_ID(aa64_bti, ARM_HWCAP2_A64_BTI); 837 GET_FEATURE_ID(aa64_mte, ARM_HWCAP2_A64_MTE); 838 GET_FEATURE_ID(aa64_sme, (ARM_HWCAP2_A64_SME | 839 ARM_HWCAP2_A64_SME_F32F32 | 840 ARM_HWCAP2_A64_SME_B16F32 | 841 ARM_HWCAP2_A64_SME_F16F32 | 842 ARM_HWCAP2_A64_SME_I8I32)); 843 GET_FEATURE_ID(aa64_sme_f64f64, ARM_HWCAP2_A64_SME_F64F64); 844 GET_FEATURE_ID(aa64_sme_i16i64, ARM_HWCAP2_A64_SME_I16I64); 845 GET_FEATURE_ID(aa64_sme_fa64, ARM_HWCAP2_A64_SME_FA64); 846 GET_FEATURE_ID(aa64_hbc, ARM_HWCAP2_A64_HBC); 847 GET_FEATURE_ID(aa64_mops, ARM_HWCAP2_A64_MOPS); 848 849 return hwcaps; 850 } 851 852 const char *elf_hwcap_str(uint32_t bit) 853 { 854 static const char *hwcap_str[] = { 855 [__builtin_ctz(ARM_HWCAP_A64_FP )] = "fp", 856 [__builtin_ctz(ARM_HWCAP_A64_ASIMD )] = "asimd", 857 [__builtin_ctz(ARM_HWCAP_A64_EVTSTRM )] = "evtstrm", 858 [__builtin_ctz(ARM_HWCAP_A64_AES )] = "aes", 859 [__builtin_ctz(ARM_HWCAP_A64_PMULL )] = "pmull", 860 [__builtin_ctz(ARM_HWCAP_A64_SHA1 )] = "sha1", 861 [__builtin_ctz(ARM_HWCAP_A64_SHA2 )] = "sha2", 862 [__builtin_ctz(ARM_HWCAP_A64_CRC32 )] = "crc32", 863 [__builtin_ctz(ARM_HWCAP_A64_ATOMICS )] = "atomics", 864 [__builtin_ctz(ARM_HWCAP_A64_FPHP )] = "fphp", 865 [__builtin_ctz(ARM_HWCAP_A64_ASIMDHP )] = "asimdhp", 866 [__builtin_ctz(ARM_HWCAP_A64_CPUID )] = "cpuid", 867 [__builtin_ctz(ARM_HWCAP_A64_ASIMDRDM)] = "asimdrdm", 868 [__builtin_ctz(ARM_HWCAP_A64_JSCVT )] = "jscvt", 869 [__builtin_ctz(ARM_HWCAP_A64_FCMA )] = "fcma", 870 [__builtin_ctz(ARM_HWCAP_A64_LRCPC )] = "lrcpc", 871 [__builtin_ctz(ARM_HWCAP_A64_DCPOP )] = "dcpop", 872 [__builtin_ctz(ARM_HWCAP_A64_SHA3 )] = "sha3", 873 [__builtin_ctz(ARM_HWCAP_A64_SM3 )] = "sm3", 874 [__builtin_ctz(ARM_HWCAP_A64_SM4 )] = "sm4", 875 [__builtin_ctz(ARM_HWCAP_A64_ASIMDDP )] = "asimddp", 876 [__builtin_ctz(ARM_HWCAP_A64_SHA512 )] = "sha512", 877 [__builtin_ctz(ARM_HWCAP_A64_SVE )] = "sve", 878 [__builtin_ctz(ARM_HWCAP_A64_ASIMDFHM)] = "asimdfhm", 879 [__builtin_ctz(ARM_HWCAP_A64_DIT )] = "dit", 880 [__builtin_ctz(ARM_HWCAP_A64_USCAT )] = "uscat", 881 [__builtin_ctz(ARM_HWCAP_A64_ILRCPC )] = "ilrcpc", 882 [__builtin_ctz(ARM_HWCAP_A64_FLAGM )] = "flagm", 883 [__builtin_ctz(ARM_HWCAP_A64_SSBS )] = "ssbs", 884 [__builtin_ctz(ARM_HWCAP_A64_SB )] = "sb", 885 [__builtin_ctz(ARM_HWCAP_A64_PACA )] = "paca", 886 [__builtin_ctz(ARM_HWCAP_A64_PACG )] = "pacg", 887 }; 888 889 return bit < ARRAY_SIZE(hwcap_str) ? hwcap_str[bit] : NULL; 890 } 891 892 const char *elf_hwcap2_str(uint32_t bit) 893 { 894 static const char *hwcap_str[] = { 895 [__builtin_ctz(ARM_HWCAP2_A64_DCPODP )] = "dcpodp", 896 [__builtin_ctz(ARM_HWCAP2_A64_SVE2 )] = "sve2", 897 [__builtin_ctz(ARM_HWCAP2_A64_SVEAES )] = "sveaes", 898 [__builtin_ctz(ARM_HWCAP2_A64_SVEPMULL )] = "svepmull", 899 [__builtin_ctz(ARM_HWCAP2_A64_SVEBITPERM )] = "svebitperm", 900 [__builtin_ctz(ARM_HWCAP2_A64_SVESHA3 )] = "svesha3", 901 [__builtin_ctz(ARM_HWCAP2_A64_SVESM4 )] = "svesm4", 902 [__builtin_ctz(ARM_HWCAP2_A64_FLAGM2 )] = "flagm2", 903 [__builtin_ctz(ARM_HWCAP2_A64_FRINT )] = "frint", 904 [__builtin_ctz(ARM_HWCAP2_A64_SVEI8MM )] = "svei8mm", 905 [__builtin_ctz(ARM_HWCAP2_A64_SVEF32MM )] = "svef32mm", 906 [__builtin_ctz(ARM_HWCAP2_A64_SVEF64MM )] = "svef64mm", 907 [__builtin_ctz(ARM_HWCAP2_A64_SVEBF16 )] = "svebf16", 908 [__builtin_ctz(ARM_HWCAP2_A64_I8MM )] = "i8mm", 909 [__builtin_ctz(ARM_HWCAP2_A64_BF16 )] = "bf16", 910 [__builtin_ctz(ARM_HWCAP2_A64_DGH )] = "dgh", 911 [__builtin_ctz(ARM_HWCAP2_A64_RNG )] = "rng", 912 [__builtin_ctz(ARM_HWCAP2_A64_BTI )] = "bti", 913 [__builtin_ctz(ARM_HWCAP2_A64_MTE )] = "mte", 914 [__builtin_ctz(ARM_HWCAP2_A64_ECV )] = "ecv", 915 [__builtin_ctz(ARM_HWCAP2_A64_AFP )] = "afp", 916 [__builtin_ctz(ARM_HWCAP2_A64_RPRES )] = "rpres", 917 [__builtin_ctz(ARM_HWCAP2_A64_MTE3 )] = "mte3", 918 [__builtin_ctz(ARM_HWCAP2_A64_SME )] = "sme", 919 [__builtin_ctz(ARM_HWCAP2_A64_SME_I16I64 )] = "smei16i64", 920 [__builtin_ctz(ARM_HWCAP2_A64_SME_F64F64 )] = "smef64f64", 921 [__builtin_ctz(ARM_HWCAP2_A64_SME_I8I32 )] = "smei8i32", 922 [__builtin_ctz(ARM_HWCAP2_A64_SME_F16F32 )] = "smef16f32", 923 [__builtin_ctz(ARM_HWCAP2_A64_SME_B16F32 )] = "smeb16f32", 924 [__builtin_ctz(ARM_HWCAP2_A64_SME_F32F32 )] = "smef32f32", 925 [__builtin_ctz(ARM_HWCAP2_A64_SME_FA64 )] = "smefa64", 926 [__builtin_ctz(ARM_HWCAP2_A64_WFXT )] = "wfxt", 927 [__builtin_ctzll(ARM_HWCAP2_A64_EBF16 )] = "ebf16", 928 [__builtin_ctzll(ARM_HWCAP2_A64_SVE_EBF16 )] = "sveebf16", 929 [__builtin_ctzll(ARM_HWCAP2_A64_CSSC )] = "cssc", 930 [__builtin_ctzll(ARM_HWCAP2_A64_RPRFM )] = "rprfm", 931 [__builtin_ctzll(ARM_HWCAP2_A64_SVE2P1 )] = "sve2p1", 932 [__builtin_ctzll(ARM_HWCAP2_A64_SME2 )] = "sme2", 933 [__builtin_ctzll(ARM_HWCAP2_A64_SME2P1 )] = "sme2p1", 934 [__builtin_ctzll(ARM_HWCAP2_A64_SME_I16I32 )] = "smei16i32", 935 [__builtin_ctzll(ARM_HWCAP2_A64_SME_BI32I32)] = "smebi32i32", 936 [__builtin_ctzll(ARM_HWCAP2_A64_SME_B16B16 )] = "smeb16b16", 937 [__builtin_ctzll(ARM_HWCAP2_A64_SME_F16F16 )] = "smef16f16", 938 [__builtin_ctzll(ARM_HWCAP2_A64_MOPS )] = "mops", 939 [__builtin_ctzll(ARM_HWCAP2_A64_HBC )] = "hbc", 940 }; 941 942 return bit < ARRAY_SIZE(hwcap_str) ? hwcap_str[bit] : NULL; 943 } 944 945 #undef GET_FEATURE_ID 946 947 #endif /* not TARGET_AARCH64 */ 948 #endif /* TARGET_ARM */ 949 950 #ifdef TARGET_SPARC 951 #ifdef TARGET_SPARC64 952 953 #define ELF_HWCAP (HWCAP_SPARC_FLUSH | HWCAP_SPARC_STBAR | HWCAP_SPARC_SWAP \ 954 | HWCAP_SPARC_MULDIV | HWCAP_SPARC_V9) 955 #ifndef TARGET_ABI32 956 #define elf_check_arch(x) ( (x) == EM_SPARCV9 || (x) == EM_SPARC32PLUS ) 957 #else 958 #define elf_check_arch(x) ( (x) == EM_SPARC32PLUS || (x) == EM_SPARC ) 959 #endif 960 961 #define ELF_CLASS ELFCLASS64 962 #define ELF_ARCH EM_SPARCV9 963 #else 964 #define ELF_HWCAP (HWCAP_SPARC_FLUSH | HWCAP_SPARC_STBAR | HWCAP_SPARC_SWAP \ 965 | HWCAP_SPARC_MULDIV) 966 #define ELF_CLASS ELFCLASS32 967 #define ELF_ARCH EM_SPARC 968 #endif /* TARGET_SPARC64 */ 969 970 static inline void init_thread(struct target_pt_regs *regs, 971 struct image_info *infop) 972 { 973 /* Note that target_cpu_copy_regs does not read psr/tstate. */ 974 regs->pc = infop->entry; 975 regs->npc = regs->pc + 4; 976 regs->y = 0; 977 regs->u_regs[14] = (infop->start_stack - 16 * sizeof(abi_ulong) 978 - TARGET_STACK_BIAS); 979 } 980 #endif /* TARGET_SPARC */ 981 982 #ifdef TARGET_PPC 983 984 #define ELF_MACHINE PPC_ELF_MACHINE 985 986 #if defined(TARGET_PPC64) 987 988 #define elf_check_arch(x) ( (x) == EM_PPC64 ) 989 990 #define ELF_CLASS ELFCLASS64 991 992 #else 993 994 #define ELF_CLASS ELFCLASS32 995 #define EXSTACK_DEFAULT true 996 997 #endif 998 999 #define ELF_ARCH EM_PPC 1000 1001 /* Feature masks for the Aux Vector Hardware Capabilities (AT_HWCAP). 1002 See arch/powerpc/include/asm/cputable.h. */ 1003 enum { 1004 QEMU_PPC_FEATURE_32 = 0x80000000, 1005 QEMU_PPC_FEATURE_64 = 0x40000000, 1006 QEMU_PPC_FEATURE_601_INSTR = 0x20000000, 1007 QEMU_PPC_FEATURE_HAS_ALTIVEC = 0x10000000, 1008 QEMU_PPC_FEATURE_HAS_FPU = 0x08000000, 1009 QEMU_PPC_FEATURE_HAS_MMU = 0x04000000, 1010 QEMU_PPC_FEATURE_HAS_4xxMAC = 0x02000000, 1011 QEMU_PPC_FEATURE_UNIFIED_CACHE = 0x01000000, 1012 QEMU_PPC_FEATURE_HAS_SPE = 0x00800000, 1013 QEMU_PPC_FEATURE_HAS_EFP_SINGLE = 0x00400000, 1014 QEMU_PPC_FEATURE_HAS_EFP_DOUBLE = 0x00200000, 1015 QEMU_PPC_FEATURE_NO_TB = 0x00100000, 1016 QEMU_PPC_FEATURE_POWER4 = 0x00080000, 1017 QEMU_PPC_FEATURE_POWER5 = 0x00040000, 1018 QEMU_PPC_FEATURE_POWER5_PLUS = 0x00020000, 1019 QEMU_PPC_FEATURE_CELL = 0x00010000, 1020 QEMU_PPC_FEATURE_BOOKE = 0x00008000, 1021 QEMU_PPC_FEATURE_SMT = 0x00004000, 1022 QEMU_PPC_FEATURE_ICACHE_SNOOP = 0x00002000, 1023 QEMU_PPC_FEATURE_ARCH_2_05 = 0x00001000, 1024 QEMU_PPC_FEATURE_PA6T = 0x00000800, 1025 QEMU_PPC_FEATURE_HAS_DFP = 0x00000400, 1026 QEMU_PPC_FEATURE_POWER6_EXT = 0x00000200, 1027 QEMU_PPC_FEATURE_ARCH_2_06 = 0x00000100, 1028 QEMU_PPC_FEATURE_HAS_VSX = 0x00000080, 1029 QEMU_PPC_FEATURE_PSERIES_PERFMON_COMPAT = 0x00000040, 1030 1031 QEMU_PPC_FEATURE_TRUE_LE = 0x00000002, 1032 QEMU_PPC_FEATURE_PPC_LE = 0x00000001, 1033 1034 /* Feature definitions in AT_HWCAP2. */ 1035 QEMU_PPC_FEATURE2_ARCH_2_07 = 0x80000000, /* ISA 2.07 */ 1036 QEMU_PPC_FEATURE2_HAS_HTM = 0x40000000, /* Hardware Transactional Memory */ 1037 QEMU_PPC_FEATURE2_HAS_DSCR = 0x20000000, /* Data Stream Control Register */ 1038 QEMU_PPC_FEATURE2_HAS_EBB = 0x10000000, /* Event Base Branching */ 1039 QEMU_PPC_FEATURE2_HAS_ISEL = 0x08000000, /* Integer Select */ 1040 QEMU_PPC_FEATURE2_HAS_TAR = 0x04000000, /* Target Address Register */ 1041 QEMU_PPC_FEATURE2_VEC_CRYPTO = 0x02000000, 1042 QEMU_PPC_FEATURE2_HTM_NOSC = 0x01000000, 1043 QEMU_PPC_FEATURE2_ARCH_3_00 = 0x00800000, /* ISA 3.00 */ 1044 QEMU_PPC_FEATURE2_HAS_IEEE128 = 0x00400000, /* VSX IEEE Bin Float 128-bit */ 1045 QEMU_PPC_FEATURE2_DARN = 0x00200000, /* darn random number insn */ 1046 QEMU_PPC_FEATURE2_SCV = 0x00100000, /* scv syscall */ 1047 QEMU_PPC_FEATURE2_HTM_NO_SUSPEND = 0x00080000, /* TM w/o suspended state */ 1048 QEMU_PPC_FEATURE2_ARCH_3_1 = 0x00040000, /* ISA 3.1 */ 1049 QEMU_PPC_FEATURE2_MMA = 0x00020000, /* Matrix-Multiply Assist */ 1050 }; 1051 1052 #define ELF_HWCAP get_elf_hwcap() 1053 1054 static uint32_t get_elf_hwcap(void) 1055 { 1056 PowerPCCPU *cpu = POWERPC_CPU(thread_cpu); 1057 uint32_t features = 0; 1058 1059 /* We don't have to be terribly complete here; the high points are 1060 Altivec/FP/SPE support. Anything else is just a bonus. */ 1061 #define GET_FEATURE(flag, feature) \ 1062 do { if (cpu->env.insns_flags & flag) { features |= feature; } } while (0) 1063 #define GET_FEATURE2(flags, feature) \ 1064 do { \ 1065 if ((cpu->env.insns_flags2 & flags) == flags) { \ 1066 features |= feature; \ 1067 } \ 1068 } while (0) 1069 GET_FEATURE(PPC_64B, QEMU_PPC_FEATURE_64); 1070 GET_FEATURE(PPC_FLOAT, QEMU_PPC_FEATURE_HAS_FPU); 1071 GET_FEATURE(PPC_ALTIVEC, QEMU_PPC_FEATURE_HAS_ALTIVEC); 1072 GET_FEATURE(PPC_SPE, QEMU_PPC_FEATURE_HAS_SPE); 1073 GET_FEATURE(PPC_SPE_SINGLE, QEMU_PPC_FEATURE_HAS_EFP_SINGLE); 1074 GET_FEATURE(PPC_SPE_DOUBLE, QEMU_PPC_FEATURE_HAS_EFP_DOUBLE); 1075 GET_FEATURE(PPC_BOOKE, QEMU_PPC_FEATURE_BOOKE); 1076 GET_FEATURE(PPC_405_MAC, QEMU_PPC_FEATURE_HAS_4xxMAC); 1077 GET_FEATURE2(PPC2_DFP, QEMU_PPC_FEATURE_HAS_DFP); 1078 GET_FEATURE2(PPC2_VSX, QEMU_PPC_FEATURE_HAS_VSX); 1079 GET_FEATURE2((PPC2_PERM_ISA206 | PPC2_DIVE_ISA206 | PPC2_ATOMIC_ISA206 | 1080 PPC2_FP_CVT_ISA206 | PPC2_FP_TST_ISA206), 1081 QEMU_PPC_FEATURE_ARCH_2_06); 1082 #undef GET_FEATURE 1083 #undef GET_FEATURE2 1084 1085 return features; 1086 } 1087 1088 #define ELF_HWCAP2 get_elf_hwcap2() 1089 1090 static uint32_t get_elf_hwcap2(void) 1091 { 1092 PowerPCCPU *cpu = POWERPC_CPU(thread_cpu); 1093 uint32_t features = 0; 1094 1095 #define GET_FEATURE(flag, feature) \ 1096 do { if (cpu->env.insns_flags & flag) { features |= feature; } } while (0) 1097 #define GET_FEATURE2(flag, feature) \ 1098 do { if (cpu->env.insns_flags2 & flag) { features |= feature; } } while (0) 1099 1100 GET_FEATURE(PPC_ISEL, QEMU_PPC_FEATURE2_HAS_ISEL); 1101 GET_FEATURE2(PPC2_BCTAR_ISA207, QEMU_PPC_FEATURE2_HAS_TAR); 1102 GET_FEATURE2((PPC2_BCTAR_ISA207 | PPC2_LSQ_ISA207 | PPC2_ALTIVEC_207 | 1103 PPC2_ISA207S), QEMU_PPC_FEATURE2_ARCH_2_07 | 1104 QEMU_PPC_FEATURE2_VEC_CRYPTO); 1105 GET_FEATURE2(PPC2_ISA300, QEMU_PPC_FEATURE2_ARCH_3_00 | 1106 QEMU_PPC_FEATURE2_DARN | QEMU_PPC_FEATURE2_HAS_IEEE128); 1107 GET_FEATURE2(PPC2_ISA310, QEMU_PPC_FEATURE2_ARCH_3_1 | 1108 QEMU_PPC_FEATURE2_MMA); 1109 1110 #undef GET_FEATURE 1111 #undef GET_FEATURE2 1112 1113 return features; 1114 } 1115 1116 /* 1117 * The requirements here are: 1118 * - keep the final alignment of sp (sp & 0xf) 1119 * - make sure the 32-bit value at the first 16 byte aligned position of 1120 * AUXV is greater than 16 for glibc compatibility. 1121 * AT_IGNOREPPC is used for that. 1122 * - for compatibility with glibc ARCH_DLINFO must always be defined on PPC, 1123 * even if DLINFO_ARCH_ITEMS goes to zero or is undefined. 1124 */ 1125 #define DLINFO_ARCH_ITEMS 5 1126 #define ARCH_DLINFO \ 1127 do { \ 1128 PowerPCCPU *cpu = POWERPC_CPU(thread_cpu); \ 1129 /* \ 1130 * Handle glibc compatibility: these magic entries must \ 1131 * be at the lowest addresses in the final auxv. \ 1132 */ \ 1133 NEW_AUX_ENT(AT_IGNOREPPC, AT_IGNOREPPC); \ 1134 NEW_AUX_ENT(AT_IGNOREPPC, AT_IGNOREPPC); \ 1135 NEW_AUX_ENT(AT_DCACHEBSIZE, cpu->env.dcache_line_size); \ 1136 NEW_AUX_ENT(AT_ICACHEBSIZE, cpu->env.icache_line_size); \ 1137 NEW_AUX_ENT(AT_UCACHEBSIZE, 0); \ 1138 } while (0) 1139 1140 static inline void init_thread(struct target_pt_regs *_regs, struct image_info *infop) 1141 { 1142 _regs->gpr[1] = infop->start_stack; 1143 #if defined(TARGET_PPC64) 1144 if (get_ppc64_abi(infop) < 2) { 1145 uint64_t val; 1146 get_user_u64(val, infop->entry + 8); 1147 _regs->gpr[2] = val + infop->load_bias; 1148 get_user_u64(val, infop->entry); 1149 infop->entry = val + infop->load_bias; 1150 } else { 1151 _regs->gpr[12] = infop->entry; /* r12 set to global entry address */ 1152 } 1153 #endif 1154 _regs->nip = infop->entry; 1155 } 1156 1157 /* See linux kernel: arch/powerpc/include/asm/elf.h. */ 1158 #define ELF_NREG 48 1159 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 1160 1161 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUPPCState *env) 1162 { 1163 int i; 1164 target_ulong ccr = 0; 1165 1166 for (i = 0; i < ARRAY_SIZE(env->gpr); i++) { 1167 (*regs)[i] = tswapreg(env->gpr[i]); 1168 } 1169 1170 (*regs)[32] = tswapreg(env->nip); 1171 (*regs)[33] = tswapreg(env->msr); 1172 (*regs)[35] = tswapreg(env->ctr); 1173 (*regs)[36] = tswapreg(env->lr); 1174 (*regs)[37] = tswapreg(cpu_read_xer(env)); 1175 1176 ccr = ppc_get_cr(env); 1177 (*regs)[38] = tswapreg(ccr); 1178 } 1179 1180 #define USE_ELF_CORE_DUMP 1181 #define ELF_EXEC_PAGESIZE 4096 1182 1183 #endif 1184 1185 #ifdef TARGET_LOONGARCH64 1186 1187 #define ELF_CLASS ELFCLASS64 1188 #define ELF_ARCH EM_LOONGARCH 1189 #define EXSTACK_DEFAULT true 1190 1191 #define elf_check_arch(x) ((x) == EM_LOONGARCH) 1192 1193 static inline void init_thread(struct target_pt_regs *regs, 1194 struct image_info *infop) 1195 { 1196 /*Set crmd PG,DA = 1,0 */ 1197 regs->csr.crmd = 2 << 3; 1198 regs->csr.era = infop->entry; 1199 regs->regs[3] = infop->start_stack; 1200 } 1201 1202 /* See linux kernel: arch/loongarch/include/asm/elf.h */ 1203 #define ELF_NREG 45 1204 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 1205 1206 enum { 1207 TARGET_EF_R0 = 0, 1208 TARGET_EF_CSR_ERA = TARGET_EF_R0 + 33, 1209 TARGET_EF_CSR_BADV = TARGET_EF_R0 + 34, 1210 }; 1211 1212 static void elf_core_copy_regs(target_elf_gregset_t *regs, 1213 const CPULoongArchState *env) 1214 { 1215 int i; 1216 1217 (*regs)[TARGET_EF_R0] = 0; 1218 1219 for (i = 1; i < ARRAY_SIZE(env->gpr); i++) { 1220 (*regs)[TARGET_EF_R0 + i] = tswapreg(env->gpr[i]); 1221 } 1222 1223 (*regs)[TARGET_EF_CSR_ERA] = tswapreg(env->pc); 1224 (*regs)[TARGET_EF_CSR_BADV] = tswapreg(env->CSR_BADV); 1225 } 1226 1227 #define USE_ELF_CORE_DUMP 1228 #define ELF_EXEC_PAGESIZE 4096 1229 1230 #define ELF_HWCAP get_elf_hwcap() 1231 1232 /* See arch/loongarch/include/uapi/asm/hwcap.h */ 1233 enum { 1234 HWCAP_LOONGARCH_CPUCFG = (1 << 0), 1235 HWCAP_LOONGARCH_LAM = (1 << 1), 1236 HWCAP_LOONGARCH_UAL = (1 << 2), 1237 HWCAP_LOONGARCH_FPU = (1 << 3), 1238 HWCAP_LOONGARCH_LSX = (1 << 4), 1239 HWCAP_LOONGARCH_LASX = (1 << 5), 1240 HWCAP_LOONGARCH_CRC32 = (1 << 6), 1241 HWCAP_LOONGARCH_COMPLEX = (1 << 7), 1242 HWCAP_LOONGARCH_CRYPTO = (1 << 8), 1243 HWCAP_LOONGARCH_LVZ = (1 << 9), 1244 HWCAP_LOONGARCH_LBT_X86 = (1 << 10), 1245 HWCAP_LOONGARCH_LBT_ARM = (1 << 11), 1246 HWCAP_LOONGARCH_LBT_MIPS = (1 << 12), 1247 }; 1248 1249 static uint32_t get_elf_hwcap(void) 1250 { 1251 LoongArchCPU *cpu = LOONGARCH_CPU(thread_cpu); 1252 uint32_t hwcaps = 0; 1253 1254 hwcaps |= HWCAP_LOONGARCH_CRC32; 1255 1256 if (FIELD_EX32(cpu->env.cpucfg[1], CPUCFG1, UAL)) { 1257 hwcaps |= HWCAP_LOONGARCH_UAL; 1258 } 1259 1260 if (FIELD_EX32(cpu->env.cpucfg[2], CPUCFG2, FP)) { 1261 hwcaps |= HWCAP_LOONGARCH_FPU; 1262 } 1263 1264 if (FIELD_EX32(cpu->env.cpucfg[2], CPUCFG2, LAM)) { 1265 hwcaps |= HWCAP_LOONGARCH_LAM; 1266 } 1267 1268 if (FIELD_EX32(cpu->env.cpucfg[2], CPUCFG2, LSX)) { 1269 hwcaps |= HWCAP_LOONGARCH_LSX; 1270 } 1271 1272 if (FIELD_EX32(cpu->env.cpucfg[2], CPUCFG2, LASX)) { 1273 hwcaps |= HWCAP_LOONGARCH_LASX; 1274 } 1275 1276 return hwcaps; 1277 } 1278 1279 #define ELF_PLATFORM "loongarch" 1280 1281 #endif /* TARGET_LOONGARCH64 */ 1282 1283 #ifdef TARGET_MIPS 1284 1285 #ifdef TARGET_MIPS64 1286 #define ELF_CLASS ELFCLASS64 1287 #else 1288 #define ELF_CLASS ELFCLASS32 1289 #endif 1290 #define ELF_ARCH EM_MIPS 1291 #define EXSTACK_DEFAULT true 1292 1293 #ifdef TARGET_ABI_MIPSN32 1294 #define elf_check_abi(x) ((x) & EF_MIPS_ABI2) 1295 #else 1296 #define elf_check_abi(x) (!((x) & EF_MIPS_ABI2)) 1297 #endif 1298 1299 #define ELF_BASE_PLATFORM get_elf_base_platform() 1300 1301 #define MATCH_PLATFORM_INSN(_flags, _base_platform) \ 1302 do { if ((cpu->env.insn_flags & (_flags)) == _flags) \ 1303 { return _base_platform; } } while (0) 1304 1305 static const char *get_elf_base_platform(void) 1306 { 1307 MIPSCPU *cpu = MIPS_CPU(thread_cpu); 1308 1309 /* 64 bit ISAs goes first */ 1310 MATCH_PLATFORM_INSN(CPU_MIPS64R6, "mips64r6"); 1311 MATCH_PLATFORM_INSN(CPU_MIPS64R5, "mips64r5"); 1312 MATCH_PLATFORM_INSN(CPU_MIPS64R2, "mips64r2"); 1313 MATCH_PLATFORM_INSN(CPU_MIPS64R1, "mips64"); 1314 MATCH_PLATFORM_INSN(CPU_MIPS5, "mips5"); 1315 MATCH_PLATFORM_INSN(CPU_MIPS4, "mips4"); 1316 MATCH_PLATFORM_INSN(CPU_MIPS3, "mips3"); 1317 1318 /* 32 bit ISAs */ 1319 MATCH_PLATFORM_INSN(CPU_MIPS32R6, "mips32r6"); 1320 MATCH_PLATFORM_INSN(CPU_MIPS32R5, "mips32r5"); 1321 MATCH_PLATFORM_INSN(CPU_MIPS32R2, "mips32r2"); 1322 MATCH_PLATFORM_INSN(CPU_MIPS32R1, "mips32"); 1323 MATCH_PLATFORM_INSN(CPU_MIPS2, "mips2"); 1324 1325 /* Fallback */ 1326 return "mips"; 1327 } 1328 #undef MATCH_PLATFORM_INSN 1329 1330 static inline void init_thread(struct target_pt_regs *regs, 1331 struct image_info *infop) 1332 { 1333 regs->cp0_status = 2 << CP0St_KSU; 1334 regs->cp0_epc = infop->entry; 1335 regs->regs[29] = infop->start_stack; 1336 } 1337 1338 /* See linux kernel: arch/mips/include/asm/elf.h. */ 1339 #define ELF_NREG 45 1340 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 1341 1342 /* See linux kernel: arch/mips/include/asm/reg.h. */ 1343 enum { 1344 #ifdef TARGET_MIPS64 1345 TARGET_EF_R0 = 0, 1346 #else 1347 TARGET_EF_R0 = 6, 1348 #endif 1349 TARGET_EF_R26 = TARGET_EF_R0 + 26, 1350 TARGET_EF_R27 = TARGET_EF_R0 + 27, 1351 TARGET_EF_LO = TARGET_EF_R0 + 32, 1352 TARGET_EF_HI = TARGET_EF_R0 + 33, 1353 TARGET_EF_CP0_EPC = TARGET_EF_R0 + 34, 1354 TARGET_EF_CP0_BADVADDR = TARGET_EF_R0 + 35, 1355 TARGET_EF_CP0_STATUS = TARGET_EF_R0 + 36, 1356 TARGET_EF_CP0_CAUSE = TARGET_EF_R0 + 37 1357 }; 1358 1359 /* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs. */ 1360 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUMIPSState *env) 1361 { 1362 int i; 1363 1364 for (i = 0; i < TARGET_EF_R0; i++) { 1365 (*regs)[i] = 0; 1366 } 1367 (*regs)[TARGET_EF_R0] = 0; 1368 1369 for (i = 1; i < ARRAY_SIZE(env->active_tc.gpr); i++) { 1370 (*regs)[TARGET_EF_R0 + i] = tswapreg(env->active_tc.gpr[i]); 1371 } 1372 1373 (*regs)[TARGET_EF_R26] = 0; 1374 (*regs)[TARGET_EF_R27] = 0; 1375 (*regs)[TARGET_EF_LO] = tswapreg(env->active_tc.LO[0]); 1376 (*regs)[TARGET_EF_HI] = tswapreg(env->active_tc.HI[0]); 1377 (*regs)[TARGET_EF_CP0_EPC] = tswapreg(env->active_tc.PC); 1378 (*regs)[TARGET_EF_CP0_BADVADDR] = tswapreg(env->CP0_BadVAddr); 1379 (*regs)[TARGET_EF_CP0_STATUS] = tswapreg(env->CP0_Status); 1380 (*regs)[TARGET_EF_CP0_CAUSE] = tswapreg(env->CP0_Cause); 1381 } 1382 1383 #define USE_ELF_CORE_DUMP 1384 #define ELF_EXEC_PAGESIZE 4096 1385 1386 /* See arch/mips/include/uapi/asm/hwcap.h. */ 1387 enum { 1388 HWCAP_MIPS_R6 = (1 << 0), 1389 HWCAP_MIPS_MSA = (1 << 1), 1390 HWCAP_MIPS_CRC32 = (1 << 2), 1391 HWCAP_MIPS_MIPS16 = (1 << 3), 1392 HWCAP_MIPS_MDMX = (1 << 4), 1393 HWCAP_MIPS_MIPS3D = (1 << 5), 1394 HWCAP_MIPS_SMARTMIPS = (1 << 6), 1395 HWCAP_MIPS_DSP = (1 << 7), 1396 HWCAP_MIPS_DSP2 = (1 << 8), 1397 HWCAP_MIPS_DSP3 = (1 << 9), 1398 HWCAP_MIPS_MIPS16E2 = (1 << 10), 1399 HWCAP_LOONGSON_MMI = (1 << 11), 1400 HWCAP_LOONGSON_EXT = (1 << 12), 1401 HWCAP_LOONGSON_EXT2 = (1 << 13), 1402 HWCAP_LOONGSON_CPUCFG = (1 << 14), 1403 }; 1404 1405 #define ELF_HWCAP get_elf_hwcap() 1406 1407 #define GET_FEATURE_INSN(_flag, _hwcap) \ 1408 do { if (cpu->env.insn_flags & (_flag)) { hwcaps |= _hwcap; } } while (0) 1409 1410 #define GET_FEATURE_REG_SET(_reg, _mask, _hwcap) \ 1411 do { if (cpu->env._reg & (_mask)) { hwcaps |= _hwcap; } } while (0) 1412 1413 #define GET_FEATURE_REG_EQU(_reg, _start, _length, _val, _hwcap) \ 1414 do { \ 1415 if (extract32(cpu->env._reg, (_start), (_length)) == (_val)) { \ 1416 hwcaps |= _hwcap; \ 1417 } \ 1418 } while (0) 1419 1420 static uint32_t get_elf_hwcap(void) 1421 { 1422 MIPSCPU *cpu = MIPS_CPU(thread_cpu); 1423 uint32_t hwcaps = 0; 1424 1425 GET_FEATURE_REG_EQU(CP0_Config0, CP0C0_AR, CP0C0_AR_LENGTH, 1426 2, HWCAP_MIPS_R6); 1427 GET_FEATURE_REG_SET(CP0_Config3, 1 << CP0C3_MSAP, HWCAP_MIPS_MSA); 1428 GET_FEATURE_INSN(ASE_LMMI, HWCAP_LOONGSON_MMI); 1429 GET_FEATURE_INSN(ASE_LEXT, HWCAP_LOONGSON_EXT); 1430 1431 return hwcaps; 1432 } 1433 1434 #undef GET_FEATURE_REG_EQU 1435 #undef GET_FEATURE_REG_SET 1436 #undef GET_FEATURE_INSN 1437 1438 #endif /* TARGET_MIPS */ 1439 1440 #ifdef TARGET_MICROBLAZE 1441 1442 #define elf_check_arch(x) ( (x) == EM_MICROBLAZE || (x) == EM_MICROBLAZE_OLD) 1443 1444 #define ELF_CLASS ELFCLASS32 1445 #define ELF_ARCH EM_MICROBLAZE 1446 1447 static inline void init_thread(struct target_pt_regs *regs, 1448 struct image_info *infop) 1449 { 1450 regs->pc = infop->entry; 1451 regs->r1 = infop->start_stack; 1452 1453 } 1454 1455 #define ELF_EXEC_PAGESIZE 4096 1456 1457 #define USE_ELF_CORE_DUMP 1458 #define ELF_NREG 38 1459 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 1460 1461 /* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs. */ 1462 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUMBState *env) 1463 { 1464 int i, pos = 0; 1465 1466 for (i = 0; i < 32; i++) { 1467 (*regs)[pos++] = tswapreg(env->regs[i]); 1468 } 1469 1470 (*regs)[pos++] = tswapreg(env->pc); 1471 (*regs)[pos++] = tswapreg(mb_cpu_read_msr(env)); 1472 (*regs)[pos++] = 0; 1473 (*regs)[pos++] = tswapreg(env->ear); 1474 (*regs)[pos++] = 0; 1475 (*regs)[pos++] = tswapreg(env->esr); 1476 } 1477 1478 #endif /* TARGET_MICROBLAZE */ 1479 1480 #ifdef TARGET_NIOS2 1481 1482 #define elf_check_arch(x) ((x) == EM_ALTERA_NIOS2) 1483 1484 #define ELF_CLASS ELFCLASS32 1485 #define ELF_ARCH EM_ALTERA_NIOS2 1486 1487 static void init_thread(struct target_pt_regs *regs, struct image_info *infop) 1488 { 1489 regs->ea = infop->entry; 1490 regs->sp = infop->start_stack; 1491 } 1492 1493 #define LO_COMMPAGE TARGET_PAGE_SIZE 1494 1495 static bool init_guest_commpage(void) 1496 { 1497 static const uint8_t kuser_page[4 + 2 * 64] = { 1498 /* __kuser_helper_version */ 1499 [0x00] = 0x02, 0x00, 0x00, 0x00, 1500 1501 /* __kuser_cmpxchg */ 1502 [0x04] = 0x3a, 0x6c, 0x3b, 0x00, /* trap 16 */ 1503 0x3a, 0x28, 0x00, 0xf8, /* ret */ 1504 1505 /* __kuser_sigtramp */ 1506 [0x44] = 0xc4, 0x22, 0x80, 0x00, /* movi r2, __NR_rt_sigreturn */ 1507 0x3a, 0x68, 0x3b, 0x00, /* trap 0 */ 1508 }; 1509 1510 void *want = g2h_untagged(LO_COMMPAGE & -qemu_host_page_size); 1511 void *addr = mmap(want, qemu_host_page_size, PROT_READ | PROT_WRITE, 1512 MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0); 1513 1514 if (addr == MAP_FAILED) { 1515 perror("Allocating guest commpage"); 1516 exit(EXIT_FAILURE); 1517 } 1518 if (addr != want) { 1519 return false; 1520 } 1521 1522 memcpy(addr, kuser_page, sizeof(kuser_page)); 1523 1524 if (mprotect(addr, qemu_host_page_size, PROT_READ)) { 1525 perror("Protecting guest commpage"); 1526 exit(EXIT_FAILURE); 1527 } 1528 1529 page_set_flags(LO_COMMPAGE, LO_COMMPAGE | ~TARGET_PAGE_MASK, 1530 PAGE_READ | PAGE_EXEC | PAGE_VALID); 1531 return true; 1532 } 1533 1534 #define ELF_EXEC_PAGESIZE 4096 1535 1536 #define USE_ELF_CORE_DUMP 1537 #define ELF_NREG 49 1538 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 1539 1540 /* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs. */ 1541 static void elf_core_copy_regs(target_elf_gregset_t *regs, 1542 const CPUNios2State *env) 1543 { 1544 int i; 1545 1546 (*regs)[0] = -1; 1547 for (i = 1; i < 8; i++) /* r0-r7 */ 1548 (*regs)[i] = tswapreg(env->regs[i + 7]); 1549 1550 for (i = 8; i < 16; i++) /* r8-r15 */ 1551 (*regs)[i] = tswapreg(env->regs[i - 8]); 1552 1553 for (i = 16; i < 24; i++) /* r16-r23 */ 1554 (*regs)[i] = tswapreg(env->regs[i + 7]); 1555 (*regs)[24] = -1; /* R_ET */ 1556 (*regs)[25] = -1; /* R_BT */ 1557 (*regs)[26] = tswapreg(env->regs[R_GP]); 1558 (*regs)[27] = tswapreg(env->regs[R_SP]); 1559 (*regs)[28] = tswapreg(env->regs[R_FP]); 1560 (*regs)[29] = tswapreg(env->regs[R_EA]); 1561 (*regs)[30] = -1; /* R_SSTATUS */ 1562 (*regs)[31] = tswapreg(env->regs[R_RA]); 1563 1564 (*regs)[32] = tswapreg(env->pc); 1565 1566 (*regs)[33] = -1; /* R_STATUS */ 1567 (*regs)[34] = tswapreg(env->regs[CR_ESTATUS]); 1568 1569 for (i = 35; i < 49; i++) /* ... */ 1570 (*regs)[i] = -1; 1571 } 1572 1573 #endif /* TARGET_NIOS2 */ 1574 1575 #ifdef TARGET_OPENRISC 1576 1577 #define ELF_ARCH EM_OPENRISC 1578 #define ELF_CLASS ELFCLASS32 1579 #define ELF_DATA ELFDATA2MSB 1580 1581 static inline void init_thread(struct target_pt_regs *regs, 1582 struct image_info *infop) 1583 { 1584 regs->pc = infop->entry; 1585 regs->gpr[1] = infop->start_stack; 1586 } 1587 1588 #define USE_ELF_CORE_DUMP 1589 #define ELF_EXEC_PAGESIZE 8192 1590 1591 /* See linux kernel arch/openrisc/include/asm/elf.h. */ 1592 #define ELF_NREG 34 /* gprs and pc, sr */ 1593 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 1594 1595 static void elf_core_copy_regs(target_elf_gregset_t *regs, 1596 const CPUOpenRISCState *env) 1597 { 1598 int i; 1599 1600 for (i = 0; i < 32; i++) { 1601 (*regs)[i] = tswapreg(cpu_get_gpr(env, i)); 1602 } 1603 (*regs)[32] = tswapreg(env->pc); 1604 (*regs)[33] = tswapreg(cpu_get_sr(env)); 1605 } 1606 #define ELF_HWCAP 0 1607 #define ELF_PLATFORM NULL 1608 1609 #endif /* TARGET_OPENRISC */ 1610 1611 #ifdef TARGET_SH4 1612 1613 #define ELF_CLASS ELFCLASS32 1614 #define ELF_ARCH EM_SH 1615 1616 static inline void init_thread(struct target_pt_regs *regs, 1617 struct image_info *infop) 1618 { 1619 /* Check other registers XXXXX */ 1620 regs->pc = infop->entry; 1621 regs->regs[15] = infop->start_stack; 1622 } 1623 1624 /* See linux kernel: arch/sh/include/asm/elf.h. */ 1625 #define ELF_NREG 23 1626 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 1627 1628 /* See linux kernel: arch/sh/include/asm/ptrace.h. */ 1629 enum { 1630 TARGET_REG_PC = 16, 1631 TARGET_REG_PR = 17, 1632 TARGET_REG_SR = 18, 1633 TARGET_REG_GBR = 19, 1634 TARGET_REG_MACH = 20, 1635 TARGET_REG_MACL = 21, 1636 TARGET_REG_SYSCALL = 22 1637 }; 1638 1639 static inline void elf_core_copy_regs(target_elf_gregset_t *regs, 1640 const CPUSH4State *env) 1641 { 1642 int i; 1643 1644 for (i = 0; i < 16; i++) { 1645 (*regs)[i] = tswapreg(env->gregs[i]); 1646 } 1647 1648 (*regs)[TARGET_REG_PC] = tswapreg(env->pc); 1649 (*regs)[TARGET_REG_PR] = tswapreg(env->pr); 1650 (*regs)[TARGET_REG_SR] = tswapreg(env->sr); 1651 (*regs)[TARGET_REG_GBR] = tswapreg(env->gbr); 1652 (*regs)[TARGET_REG_MACH] = tswapreg(env->mach); 1653 (*regs)[TARGET_REG_MACL] = tswapreg(env->macl); 1654 (*regs)[TARGET_REG_SYSCALL] = 0; /* FIXME */ 1655 } 1656 1657 #define USE_ELF_CORE_DUMP 1658 #define ELF_EXEC_PAGESIZE 4096 1659 1660 enum { 1661 SH_CPU_HAS_FPU = 0x0001, /* Hardware FPU support */ 1662 SH_CPU_HAS_P2_FLUSH_BUG = 0x0002, /* Need to flush the cache in P2 area */ 1663 SH_CPU_HAS_MMU_PAGE_ASSOC = 0x0004, /* SH3: TLB way selection bit support */ 1664 SH_CPU_HAS_DSP = 0x0008, /* SH-DSP: DSP support */ 1665 SH_CPU_HAS_PERF_COUNTER = 0x0010, /* Hardware performance counters */ 1666 SH_CPU_HAS_PTEA = 0x0020, /* PTEA register */ 1667 SH_CPU_HAS_LLSC = 0x0040, /* movli.l/movco.l */ 1668 SH_CPU_HAS_L2_CACHE = 0x0080, /* Secondary cache / URAM */ 1669 SH_CPU_HAS_OP32 = 0x0100, /* 32-bit instruction support */ 1670 SH_CPU_HAS_PTEAEX = 0x0200, /* PTE ASID Extension support */ 1671 }; 1672 1673 #define ELF_HWCAP get_elf_hwcap() 1674 1675 static uint32_t get_elf_hwcap(void) 1676 { 1677 SuperHCPU *cpu = SUPERH_CPU(thread_cpu); 1678 uint32_t hwcap = 0; 1679 1680 hwcap |= SH_CPU_HAS_FPU; 1681 1682 if (cpu->env.features & SH_FEATURE_SH4A) { 1683 hwcap |= SH_CPU_HAS_LLSC; 1684 } 1685 1686 return hwcap; 1687 } 1688 1689 #endif 1690 1691 #ifdef TARGET_CRIS 1692 1693 #define ELF_CLASS ELFCLASS32 1694 #define ELF_ARCH EM_CRIS 1695 1696 static inline void init_thread(struct target_pt_regs *regs, 1697 struct image_info *infop) 1698 { 1699 regs->erp = infop->entry; 1700 } 1701 1702 #define ELF_EXEC_PAGESIZE 8192 1703 1704 #endif 1705 1706 #ifdef TARGET_M68K 1707 1708 #define ELF_CLASS ELFCLASS32 1709 #define ELF_ARCH EM_68K 1710 1711 /* ??? Does this need to do anything? 1712 #define ELF_PLAT_INIT(_r) */ 1713 1714 static inline void init_thread(struct target_pt_regs *regs, 1715 struct image_info *infop) 1716 { 1717 regs->usp = infop->start_stack; 1718 regs->sr = 0; 1719 regs->pc = infop->entry; 1720 } 1721 1722 /* See linux kernel: arch/m68k/include/asm/elf.h. */ 1723 #define ELF_NREG 20 1724 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 1725 1726 static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUM68KState *env) 1727 { 1728 (*regs)[0] = tswapreg(env->dregs[1]); 1729 (*regs)[1] = tswapreg(env->dregs[2]); 1730 (*regs)[2] = tswapreg(env->dregs[3]); 1731 (*regs)[3] = tswapreg(env->dregs[4]); 1732 (*regs)[4] = tswapreg(env->dregs[5]); 1733 (*regs)[5] = tswapreg(env->dregs[6]); 1734 (*regs)[6] = tswapreg(env->dregs[7]); 1735 (*regs)[7] = tswapreg(env->aregs[0]); 1736 (*regs)[8] = tswapreg(env->aregs[1]); 1737 (*regs)[9] = tswapreg(env->aregs[2]); 1738 (*regs)[10] = tswapreg(env->aregs[3]); 1739 (*regs)[11] = tswapreg(env->aregs[4]); 1740 (*regs)[12] = tswapreg(env->aregs[5]); 1741 (*regs)[13] = tswapreg(env->aregs[6]); 1742 (*regs)[14] = tswapreg(env->dregs[0]); 1743 (*regs)[15] = tswapreg(env->aregs[7]); 1744 (*regs)[16] = tswapreg(env->dregs[0]); /* FIXME: orig_d0 */ 1745 (*regs)[17] = tswapreg(env->sr); 1746 (*regs)[18] = tswapreg(env->pc); 1747 (*regs)[19] = 0; /* FIXME: regs->format | regs->vector */ 1748 } 1749 1750 #define USE_ELF_CORE_DUMP 1751 #define ELF_EXEC_PAGESIZE 8192 1752 1753 #endif 1754 1755 #ifdef TARGET_ALPHA 1756 1757 #define ELF_CLASS ELFCLASS64 1758 #define ELF_ARCH EM_ALPHA 1759 1760 static inline void init_thread(struct target_pt_regs *regs, 1761 struct image_info *infop) 1762 { 1763 regs->pc = infop->entry; 1764 regs->ps = 8; 1765 regs->usp = infop->start_stack; 1766 } 1767 1768 #define ELF_EXEC_PAGESIZE 8192 1769 1770 #endif /* TARGET_ALPHA */ 1771 1772 #ifdef TARGET_S390X 1773 1774 #define ELF_CLASS ELFCLASS64 1775 #define ELF_DATA ELFDATA2MSB 1776 #define ELF_ARCH EM_S390 1777 1778 #include "elf.h" 1779 1780 #define ELF_HWCAP get_elf_hwcap() 1781 1782 #define GET_FEATURE(_feat, _hwcap) \ 1783 do { if (s390_has_feat(_feat)) { hwcap |= _hwcap; } } while (0) 1784 1785 uint32_t get_elf_hwcap(void) 1786 { 1787 /* 1788 * Let's assume we always have esan3 and zarch. 1789 * 31-bit processes can use 64-bit registers (high gprs). 1790 */ 1791 uint32_t hwcap = HWCAP_S390_ESAN3 | HWCAP_S390_ZARCH | HWCAP_S390_HIGH_GPRS; 1792 1793 GET_FEATURE(S390_FEAT_STFLE, HWCAP_S390_STFLE); 1794 GET_FEATURE(S390_FEAT_MSA, HWCAP_S390_MSA); 1795 GET_FEATURE(S390_FEAT_LONG_DISPLACEMENT, HWCAP_S390_LDISP); 1796 GET_FEATURE(S390_FEAT_EXTENDED_IMMEDIATE, HWCAP_S390_EIMM); 1797 if (s390_has_feat(S390_FEAT_EXTENDED_TRANSLATION_3) && 1798 s390_has_feat(S390_FEAT_ETF3_ENH)) { 1799 hwcap |= HWCAP_S390_ETF3EH; 1800 } 1801 GET_FEATURE(S390_FEAT_VECTOR, HWCAP_S390_VXRS); 1802 GET_FEATURE(S390_FEAT_VECTOR_ENH, HWCAP_S390_VXRS_EXT); 1803 GET_FEATURE(S390_FEAT_VECTOR_ENH2, HWCAP_S390_VXRS_EXT2); 1804 1805 return hwcap; 1806 } 1807 1808 const char *elf_hwcap_str(uint32_t bit) 1809 { 1810 static const char *hwcap_str[] = { 1811 [HWCAP_S390_NR_ESAN3] = "esan3", 1812 [HWCAP_S390_NR_ZARCH] = "zarch", 1813 [HWCAP_S390_NR_STFLE] = "stfle", 1814 [HWCAP_S390_NR_MSA] = "msa", 1815 [HWCAP_S390_NR_LDISP] = "ldisp", 1816 [HWCAP_S390_NR_EIMM] = "eimm", 1817 [HWCAP_S390_NR_DFP] = "dfp", 1818 [HWCAP_S390_NR_HPAGE] = "edat", 1819 [HWCAP_S390_NR_ETF3EH] = "etf3eh", 1820 [HWCAP_S390_NR_HIGH_GPRS] = "highgprs", 1821 [HWCAP_S390_NR_TE] = "te", 1822 [HWCAP_S390_NR_VXRS] = "vx", 1823 [HWCAP_S390_NR_VXRS_BCD] = "vxd", 1824 [HWCAP_S390_NR_VXRS_EXT] = "vxe", 1825 [HWCAP_S390_NR_GS] = "gs", 1826 [HWCAP_S390_NR_VXRS_EXT2] = "vxe2", 1827 [HWCAP_S390_NR_VXRS_PDE] = "vxp", 1828 [HWCAP_S390_NR_SORT] = "sort", 1829 [HWCAP_S390_NR_DFLT] = "dflt", 1830 [HWCAP_S390_NR_NNPA] = "nnpa", 1831 [HWCAP_S390_NR_PCI_MIO] = "pcimio", 1832 [HWCAP_S390_NR_SIE] = "sie", 1833 }; 1834 1835 return bit < ARRAY_SIZE(hwcap_str) ? hwcap_str[bit] : NULL; 1836 } 1837 1838 static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop) 1839 { 1840 regs->psw.addr = infop->entry; 1841 regs->psw.mask = PSW_MASK_DAT | PSW_MASK_IO | PSW_MASK_EXT | \ 1842 PSW_MASK_MCHECK | PSW_MASK_PSTATE | PSW_MASK_64 | \ 1843 PSW_MASK_32; 1844 regs->gprs[15] = infop->start_stack; 1845 } 1846 1847 /* See linux kernel: arch/s390/include/uapi/asm/ptrace.h (s390_regs). */ 1848 #define ELF_NREG 27 1849 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 1850 1851 enum { 1852 TARGET_REG_PSWM = 0, 1853 TARGET_REG_PSWA = 1, 1854 TARGET_REG_GPRS = 2, 1855 TARGET_REG_ARS = 18, 1856 TARGET_REG_ORIG_R2 = 26, 1857 }; 1858 1859 static void elf_core_copy_regs(target_elf_gregset_t *regs, 1860 const CPUS390XState *env) 1861 { 1862 int i; 1863 uint32_t *aregs; 1864 1865 (*regs)[TARGET_REG_PSWM] = tswapreg(env->psw.mask); 1866 (*regs)[TARGET_REG_PSWA] = tswapreg(env->psw.addr); 1867 for (i = 0; i < 16; i++) { 1868 (*regs)[TARGET_REG_GPRS + i] = tswapreg(env->regs[i]); 1869 } 1870 aregs = (uint32_t *)&((*regs)[TARGET_REG_ARS]); 1871 for (i = 0; i < 16; i++) { 1872 aregs[i] = tswap32(env->aregs[i]); 1873 } 1874 (*regs)[TARGET_REG_ORIG_R2] = 0; 1875 } 1876 1877 #define USE_ELF_CORE_DUMP 1878 #define ELF_EXEC_PAGESIZE 4096 1879 1880 #endif /* TARGET_S390X */ 1881 1882 #ifdef TARGET_RISCV 1883 1884 #define ELF_ARCH EM_RISCV 1885 1886 #ifdef TARGET_RISCV32 1887 #define ELF_CLASS ELFCLASS32 1888 #else 1889 #define ELF_CLASS ELFCLASS64 1890 #endif 1891 1892 #define ELF_HWCAP get_elf_hwcap() 1893 1894 static uint32_t get_elf_hwcap(void) 1895 { 1896 #define MISA_BIT(EXT) (1 << (EXT - 'A')) 1897 RISCVCPU *cpu = RISCV_CPU(thread_cpu); 1898 uint32_t mask = MISA_BIT('I') | MISA_BIT('M') | MISA_BIT('A') 1899 | MISA_BIT('F') | MISA_BIT('D') | MISA_BIT('C') 1900 | MISA_BIT('V'); 1901 1902 return cpu->env.misa_ext & mask; 1903 #undef MISA_BIT 1904 } 1905 1906 static inline void init_thread(struct target_pt_regs *regs, 1907 struct image_info *infop) 1908 { 1909 regs->sepc = infop->entry; 1910 regs->sp = infop->start_stack; 1911 } 1912 1913 #define ELF_EXEC_PAGESIZE 4096 1914 1915 #endif /* TARGET_RISCV */ 1916 1917 #ifdef TARGET_HPPA 1918 1919 #define ELF_CLASS ELFCLASS32 1920 #define ELF_ARCH EM_PARISC 1921 #define ELF_PLATFORM "PARISC" 1922 #define STACK_GROWS_DOWN 0 1923 #define STACK_ALIGNMENT 64 1924 1925 static inline void init_thread(struct target_pt_regs *regs, 1926 struct image_info *infop) 1927 { 1928 regs->iaoq[0] = infop->entry; 1929 regs->iaoq[1] = infop->entry + 4; 1930 regs->gr[23] = 0; 1931 regs->gr[24] = infop->argv; 1932 regs->gr[25] = infop->argc; 1933 /* The top-of-stack contains a linkage buffer. */ 1934 regs->gr[30] = infop->start_stack + 64; 1935 regs->gr[31] = infop->entry; 1936 } 1937 1938 #define LO_COMMPAGE 0 1939 1940 static bool init_guest_commpage(void) 1941 { 1942 void *want = g2h_untagged(LO_COMMPAGE); 1943 void *addr = mmap(want, qemu_host_page_size, PROT_NONE, 1944 MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0); 1945 1946 if (addr == MAP_FAILED) { 1947 perror("Allocating guest commpage"); 1948 exit(EXIT_FAILURE); 1949 } 1950 if (addr != want) { 1951 return false; 1952 } 1953 1954 /* 1955 * On Linux, page zero is normally marked execute only + gateway. 1956 * Normal read or write is supposed to fail (thus PROT_NONE above), 1957 * but specific offsets have kernel code mapped to raise permissions 1958 * and implement syscalls. Here, simply mark the page executable. 1959 * Special case the entry points during translation (see do_page_zero). 1960 */ 1961 page_set_flags(LO_COMMPAGE, LO_COMMPAGE | ~TARGET_PAGE_MASK, 1962 PAGE_EXEC | PAGE_VALID); 1963 return true; 1964 } 1965 1966 #endif /* TARGET_HPPA */ 1967 1968 #ifdef TARGET_XTENSA 1969 1970 #define ELF_CLASS ELFCLASS32 1971 #define ELF_ARCH EM_XTENSA 1972 1973 static inline void init_thread(struct target_pt_regs *regs, 1974 struct image_info *infop) 1975 { 1976 regs->windowbase = 0; 1977 regs->windowstart = 1; 1978 regs->areg[1] = infop->start_stack; 1979 regs->pc = infop->entry; 1980 if (info_is_fdpic(infop)) { 1981 regs->areg[4] = infop->loadmap_addr; 1982 regs->areg[5] = infop->interpreter_loadmap_addr; 1983 if (infop->interpreter_loadmap_addr) { 1984 regs->areg[6] = infop->interpreter_pt_dynamic_addr; 1985 } else { 1986 regs->areg[6] = infop->pt_dynamic_addr; 1987 } 1988 } 1989 } 1990 1991 /* See linux kernel: arch/xtensa/include/asm/elf.h. */ 1992 #define ELF_NREG 128 1993 typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG]; 1994 1995 enum { 1996 TARGET_REG_PC, 1997 TARGET_REG_PS, 1998 TARGET_REG_LBEG, 1999 TARGET_REG_LEND, 2000 TARGET_REG_LCOUNT, 2001 TARGET_REG_SAR, 2002 TARGET_REG_WINDOWSTART, 2003 TARGET_REG_WINDOWBASE, 2004 TARGET_REG_THREADPTR, 2005 TARGET_REG_AR0 = 64, 2006 }; 2007 2008 static void elf_core_copy_regs(target_elf_gregset_t *regs, 2009 const CPUXtensaState *env) 2010 { 2011 unsigned i; 2012 2013 (*regs)[TARGET_REG_PC] = tswapreg(env->pc); 2014 (*regs)[TARGET_REG_PS] = tswapreg(env->sregs[PS] & ~PS_EXCM); 2015 (*regs)[TARGET_REG_LBEG] = tswapreg(env->sregs[LBEG]); 2016 (*regs)[TARGET_REG_LEND] = tswapreg(env->sregs[LEND]); 2017 (*regs)[TARGET_REG_LCOUNT] = tswapreg(env->sregs[LCOUNT]); 2018 (*regs)[TARGET_REG_SAR] = tswapreg(env->sregs[SAR]); 2019 (*regs)[TARGET_REG_WINDOWSTART] = tswapreg(env->sregs[WINDOW_START]); 2020 (*regs)[TARGET_REG_WINDOWBASE] = tswapreg(env->sregs[WINDOW_BASE]); 2021 (*regs)[TARGET_REG_THREADPTR] = tswapreg(env->uregs[THREADPTR]); 2022 xtensa_sync_phys_from_window((CPUXtensaState *)env); 2023 for (i = 0; i < env->config->nareg; ++i) { 2024 (*regs)[TARGET_REG_AR0 + i] = tswapreg(env->phys_regs[i]); 2025 } 2026 } 2027 2028 #define USE_ELF_CORE_DUMP 2029 #define ELF_EXEC_PAGESIZE 4096 2030 2031 #endif /* TARGET_XTENSA */ 2032 2033 #ifdef TARGET_HEXAGON 2034 2035 #define ELF_CLASS ELFCLASS32 2036 #define ELF_ARCH EM_HEXAGON 2037 2038 static inline void init_thread(struct target_pt_regs *regs, 2039 struct image_info *infop) 2040 { 2041 regs->sepc = infop->entry; 2042 regs->sp = infop->start_stack; 2043 } 2044 2045 #endif /* TARGET_HEXAGON */ 2046 2047 #ifndef ELF_BASE_PLATFORM 2048 #define ELF_BASE_PLATFORM (NULL) 2049 #endif 2050 2051 #ifndef ELF_PLATFORM 2052 #define ELF_PLATFORM (NULL) 2053 #endif 2054 2055 #ifndef ELF_MACHINE 2056 #define ELF_MACHINE ELF_ARCH 2057 #endif 2058 2059 #ifndef elf_check_arch 2060 #define elf_check_arch(x) ((x) == ELF_ARCH) 2061 #endif 2062 2063 #ifndef elf_check_abi 2064 #define elf_check_abi(x) (1) 2065 #endif 2066 2067 #ifndef ELF_HWCAP 2068 #define ELF_HWCAP 0 2069 #endif 2070 2071 #ifndef STACK_GROWS_DOWN 2072 #define STACK_GROWS_DOWN 1 2073 #endif 2074 2075 #ifndef STACK_ALIGNMENT 2076 #define STACK_ALIGNMENT 16 2077 #endif 2078 2079 #ifdef TARGET_ABI32 2080 #undef ELF_CLASS 2081 #define ELF_CLASS ELFCLASS32 2082 #undef bswaptls 2083 #define bswaptls(ptr) bswap32s(ptr) 2084 #endif 2085 2086 #ifndef EXSTACK_DEFAULT 2087 #define EXSTACK_DEFAULT false 2088 #endif 2089 2090 #include "elf.h" 2091 2092 /* We must delay the following stanzas until after "elf.h". */ 2093 #if defined(TARGET_AARCH64) 2094 2095 static bool arch_parse_elf_property(uint32_t pr_type, uint32_t pr_datasz, 2096 const uint32_t *data, 2097 struct image_info *info, 2098 Error **errp) 2099 { 2100 if (pr_type == GNU_PROPERTY_AARCH64_FEATURE_1_AND) { 2101 if (pr_datasz != sizeof(uint32_t)) { 2102 error_setg(errp, "Ill-formed GNU_PROPERTY_AARCH64_FEATURE_1_AND"); 2103 return false; 2104 } 2105 /* We will extract GNU_PROPERTY_AARCH64_FEATURE_1_BTI later. */ 2106 info->note_flags = *data; 2107 } 2108 return true; 2109 } 2110 #define ARCH_USE_GNU_PROPERTY 1 2111 2112 #else 2113 2114 static bool arch_parse_elf_property(uint32_t pr_type, uint32_t pr_datasz, 2115 const uint32_t *data, 2116 struct image_info *info, 2117 Error **errp) 2118 { 2119 g_assert_not_reached(); 2120 } 2121 #define ARCH_USE_GNU_PROPERTY 0 2122 2123 #endif 2124 2125 struct exec 2126 { 2127 unsigned int a_info; /* Use macros N_MAGIC, etc for access */ 2128 unsigned int a_text; /* length of text, in bytes */ 2129 unsigned int a_data; /* length of data, in bytes */ 2130 unsigned int a_bss; /* length of uninitialized data area, in bytes */ 2131 unsigned int a_syms; /* length of symbol table data in file, in bytes */ 2132 unsigned int a_entry; /* start address */ 2133 unsigned int a_trsize; /* length of relocation info for text, in bytes */ 2134 unsigned int a_drsize; /* length of relocation info for data, in bytes */ 2135 }; 2136 2137 2138 #define N_MAGIC(exec) ((exec).a_info & 0xffff) 2139 #define OMAGIC 0407 2140 #define NMAGIC 0410 2141 #define ZMAGIC 0413 2142 #define QMAGIC 0314 2143 2144 #define DLINFO_ITEMS 16 2145 2146 static inline void memcpy_fromfs(void * to, const void * from, unsigned long n) 2147 { 2148 memcpy(to, from, n); 2149 } 2150 2151 #ifdef BSWAP_NEEDED 2152 static void bswap_ehdr(struct elfhdr *ehdr) 2153 { 2154 bswap16s(&ehdr->e_type); /* Object file type */ 2155 bswap16s(&ehdr->e_machine); /* Architecture */ 2156 bswap32s(&ehdr->e_version); /* Object file version */ 2157 bswaptls(&ehdr->e_entry); /* Entry point virtual address */ 2158 bswaptls(&ehdr->e_phoff); /* Program header table file offset */ 2159 bswaptls(&ehdr->e_shoff); /* Section header table file offset */ 2160 bswap32s(&ehdr->e_flags); /* Processor-specific flags */ 2161 bswap16s(&ehdr->e_ehsize); /* ELF header size in bytes */ 2162 bswap16s(&ehdr->e_phentsize); /* Program header table entry size */ 2163 bswap16s(&ehdr->e_phnum); /* Program header table entry count */ 2164 bswap16s(&ehdr->e_shentsize); /* Section header table entry size */ 2165 bswap16s(&ehdr->e_shnum); /* Section header table entry count */ 2166 bswap16s(&ehdr->e_shstrndx); /* Section header string table index */ 2167 } 2168 2169 static void bswap_phdr(struct elf_phdr *phdr, int phnum) 2170 { 2171 int i; 2172 for (i = 0; i < phnum; ++i, ++phdr) { 2173 bswap32s(&phdr->p_type); /* Segment type */ 2174 bswap32s(&phdr->p_flags); /* Segment flags */ 2175 bswaptls(&phdr->p_offset); /* Segment file offset */ 2176 bswaptls(&phdr->p_vaddr); /* Segment virtual address */ 2177 bswaptls(&phdr->p_paddr); /* Segment physical address */ 2178 bswaptls(&phdr->p_filesz); /* Segment size in file */ 2179 bswaptls(&phdr->p_memsz); /* Segment size in memory */ 2180 bswaptls(&phdr->p_align); /* Segment alignment */ 2181 } 2182 } 2183 2184 static void bswap_shdr(struct elf_shdr *shdr, int shnum) 2185 { 2186 int i; 2187 for (i = 0; i < shnum; ++i, ++shdr) { 2188 bswap32s(&shdr->sh_name); 2189 bswap32s(&shdr->sh_type); 2190 bswaptls(&shdr->sh_flags); 2191 bswaptls(&shdr->sh_addr); 2192 bswaptls(&shdr->sh_offset); 2193 bswaptls(&shdr->sh_size); 2194 bswap32s(&shdr->sh_link); 2195 bswap32s(&shdr->sh_info); 2196 bswaptls(&shdr->sh_addralign); 2197 bswaptls(&shdr->sh_entsize); 2198 } 2199 } 2200 2201 static void bswap_sym(struct elf_sym *sym) 2202 { 2203 bswap32s(&sym->st_name); 2204 bswaptls(&sym->st_value); 2205 bswaptls(&sym->st_size); 2206 bswap16s(&sym->st_shndx); 2207 } 2208 2209 #ifdef TARGET_MIPS 2210 static void bswap_mips_abiflags(Mips_elf_abiflags_v0 *abiflags) 2211 { 2212 bswap16s(&abiflags->version); 2213 bswap32s(&abiflags->ases); 2214 bswap32s(&abiflags->isa_ext); 2215 bswap32s(&abiflags->flags1); 2216 bswap32s(&abiflags->flags2); 2217 } 2218 #endif 2219 #else 2220 static inline void bswap_ehdr(struct elfhdr *ehdr) { } 2221 static inline void bswap_phdr(struct elf_phdr *phdr, int phnum) { } 2222 static inline void bswap_shdr(struct elf_shdr *shdr, int shnum) { } 2223 static inline void bswap_sym(struct elf_sym *sym) { } 2224 #ifdef TARGET_MIPS 2225 static inline void bswap_mips_abiflags(Mips_elf_abiflags_v0 *abiflags) { } 2226 #endif 2227 #endif 2228 2229 #ifdef USE_ELF_CORE_DUMP 2230 static int elf_core_dump(int, const CPUArchState *); 2231 #endif /* USE_ELF_CORE_DUMP */ 2232 static void load_symbols(struct elfhdr *hdr, const ImageSource *src, 2233 abi_ulong load_bias); 2234 2235 /* Verify the portions of EHDR within E_IDENT for the target. 2236 This can be performed before bswapping the entire header. */ 2237 static bool elf_check_ident(struct elfhdr *ehdr) 2238 { 2239 return (ehdr->e_ident[EI_MAG0] == ELFMAG0 2240 && ehdr->e_ident[EI_MAG1] == ELFMAG1 2241 && ehdr->e_ident[EI_MAG2] == ELFMAG2 2242 && ehdr->e_ident[EI_MAG3] == ELFMAG3 2243 && ehdr->e_ident[EI_CLASS] == ELF_CLASS 2244 && ehdr->e_ident[EI_DATA] == ELF_DATA 2245 && ehdr->e_ident[EI_VERSION] == EV_CURRENT); 2246 } 2247 2248 /* Verify the portions of EHDR outside of E_IDENT for the target. 2249 This has to wait until after bswapping the header. */ 2250 static bool elf_check_ehdr(struct elfhdr *ehdr) 2251 { 2252 return (elf_check_arch(ehdr->e_machine) 2253 && elf_check_abi(ehdr->e_flags) 2254 && ehdr->e_ehsize == sizeof(struct elfhdr) 2255 && ehdr->e_phentsize == sizeof(struct elf_phdr) 2256 && (ehdr->e_type == ET_EXEC || ehdr->e_type == ET_DYN)); 2257 } 2258 2259 /* 2260 * 'copy_elf_strings()' copies argument/envelope strings from user 2261 * memory to free pages in kernel mem. These are in a format ready 2262 * to be put directly into the top of new user memory. 2263 * 2264 */ 2265 static abi_ulong copy_elf_strings(int argc, char **argv, char *scratch, 2266 abi_ulong p, abi_ulong stack_limit) 2267 { 2268 char *tmp; 2269 int len, i; 2270 abi_ulong top = p; 2271 2272 if (!p) { 2273 return 0; /* bullet-proofing */ 2274 } 2275 2276 if (STACK_GROWS_DOWN) { 2277 int offset = ((p - 1) % TARGET_PAGE_SIZE) + 1; 2278 for (i = argc - 1; i >= 0; --i) { 2279 tmp = argv[i]; 2280 if (!tmp) { 2281 fprintf(stderr, "VFS: argc is wrong"); 2282 exit(-1); 2283 } 2284 len = strlen(tmp) + 1; 2285 tmp += len; 2286 2287 if (len > (p - stack_limit)) { 2288 return 0; 2289 } 2290 while (len) { 2291 int bytes_to_copy = (len > offset) ? offset : len; 2292 tmp -= bytes_to_copy; 2293 p -= bytes_to_copy; 2294 offset -= bytes_to_copy; 2295 len -= bytes_to_copy; 2296 2297 memcpy_fromfs(scratch + offset, tmp, bytes_to_copy); 2298 2299 if (offset == 0) { 2300 memcpy_to_target(p, scratch, top - p); 2301 top = p; 2302 offset = TARGET_PAGE_SIZE; 2303 } 2304 } 2305 } 2306 if (p != top) { 2307 memcpy_to_target(p, scratch + offset, top - p); 2308 } 2309 } else { 2310 int remaining = TARGET_PAGE_SIZE - (p % TARGET_PAGE_SIZE); 2311 for (i = 0; i < argc; ++i) { 2312 tmp = argv[i]; 2313 if (!tmp) { 2314 fprintf(stderr, "VFS: argc is wrong"); 2315 exit(-1); 2316 } 2317 len = strlen(tmp) + 1; 2318 if (len > (stack_limit - p)) { 2319 return 0; 2320 } 2321 while (len) { 2322 int bytes_to_copy = (len > remaining) ? remaining : len; 2323 2324 memcpy_fromfs(scratch + (p - top), tmp, bytes_to_copy); 2325 2326 tmp += bytes_to_copy; 2327 remaining -= bytes_to_copy; 2328 p += bytes_to_copy; 2329 len -= bytes_to_copy; 2330 2331 if (remaining == 0) { 2332 memcpy_to_target(top, scratch, p - top); 2333 top = p; 2334 remaining = TARGET_PAGE_SIZE; 2335 } 2336 } 2337 } 2338 if (p != top) { 2339 memcpy_to_target(top, scratch, p - top); 2340 } 2341 } 2342 2343 return p; 2344 } 2345 2346 /* Older linux kernels provide up to MAX_ARG_PAGES (default: 32) of 2347 * argument/environment space. Newer kernels (>2.6.33) allow more, 2348 * dependent on stack size, but guarantee at least 32 pages for 2349 * backwards compatibility. 2350 */ 2351 #define STACK_LOWER_LIMIT (32 * TARGET_PAGE_SIZE) 2352 2353 static abi_ulong setup_arg_pages(struct linux_binprm *bprm, 2354 struct image_info *info) 2355 { 2356 abi_ulong size, error, guard; 2357 int prot; 2358 2359 size = guest_stack_size; 2360 if (size < STACK_LOWER_LIMIT) { 2361 size = STACK_LOWER_LIMIT; 2362 } 2363 2364 if (STACK_GROWS_DOWN) { 2365 guard = TARGET_PAGE_SIZE; 2366 if (guard < qemu_real_host_page_size()) { 2367 guard = qemu_real_host_page_size(); 2368 } 2369 } else { 2370 /* no guard page for hppa target where stack grows upwards. */ 2371 guard = 0; 2372 } 2373 2374 prot = PROT_READ | PROT_WRITE; 2375 if (info->exec_stack) { 2376 prot |= PROT_EXEC; 2377 } 2378 error = target_mmap(0, size + guard, prot, 2379 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); 2380 if (error == -1) { 2381 perror("mmap stack"); 2382 exit(-1); 2383 } 2384 2385 /* We reserve one extra page at the top of the stack as guard. */ 2386 if (STACK_GROWS_DOWN) { 2387 target_mprotect(error, guard, PROT_NONE); 2388 info->stack_limit = error + guard; 2389 return info->stack_limit + size - sizeof(void *); 2390 } else { 2391 info->stack_limit = error + size; 2392 return error; 2393 } 2394 } 2395 2396 /** 2397 * zero_bss: 2398 * 2399 * Map and zero the bss. We need to explicitly zero any fractional pages 2400 * after the data section (i.e. bss). Return false on mapping failure. 2401 */ 2402 static bool zero_bss(abi_ulong start_bss, abi_ulong end_bss, 2403 int prot, Error **errp) 2404 { 2405 abi_ulong align_bss; 2406 2407 /* We only expect writable bss; the code segment shouldn't need this. */ 2408 if (!(prot & PROT_WRITE)) { 2409 error_setg(errp, "PT_LOAD with non-writable bss"); 2410 return false; 2411 } 2412 2413 align_bss = TARGET_PAGE_ALIGN(start_bss); 2414 end_bss = TARGET_PAGE_ALIGN(end_bss); 2415 2416 if (start_bss < align_bss) { 2417 int flags = page_get_flags(start_bss); 2418 2419 if (!(flags & PAGE_BITS)) { 2420 /* 2421 * The whole address space of the executable was reserved 2422 * at the start, therefore all pages will be VALID. 2423 * But assuming there are no PROT_NONE PT_LOAD segments, 2424 * a PROT_NONE page means no data all bss, and we can 2425 * simply extend the new anon mapping back to the start 2426 * of the page of bss. 2427 */ 2428 align_bss -= TARGET_PAGE_SIZE; 2429 } else { 2430 /* 2431 * The start of the bss shares a page with something. 2432 * The only thing that we expect is the data section, 2433 * which would already be marked writable. 2434 * Overlapping the RX code segment seems malformed. 2435 */ 2436 if (!(flags & PAGE_WRITE)) { 2437 error_setg(errp, "PT_LOAD with bss overlapping " 2438 "non-writable page"); 2439 return false; 2440 } 2441 2442 /* The page is already mapped and writable. */ 2443 memset(g2h_untagged(start_bss), 0, align_bss - start_bss); 2444 } 2445 } 2446 2447 if (align_bss < end_bss && 2448 target_mmap(align_bss, end_bss - align_bss, prot, 2449 MAP_FIXED | MAP_PRIVATE | MAP_ANON, -1, 0) == -1) { 2450 error_setg_errno(errp, errno, "Error mapping bss"); 2451 return false; 2452 } 2453 return true; 2454 } 2455 2456 #if defined(TARGET_ARM) 2457 static int elf_is_fdpic(struct elfhdr *exec) 2458 { 2459 return exec->e_ident[EI_OSABI] == ELFOSABI_ARM_FDPIC; 2460 } 2461 #elif defined(TARGET_XTENSA) 2462 static int elf_is_fdpic(struct elfhdr *exec) 2463 { 2464 return exec->e_ident[EI_OSABI] == ELFOSABI_XTENSA_FDPIC; 2465 } 2466 #else 2467 /* Default implementation, always false. */ 2468 static int elf_is_fdpic(struct elfhdr *exec) 2469 { 2470 return 0; 2471 } 2472 #endif 2473 2474 static abi_ulong loader_build_fdpic_loadmap(struct image_info *info, abi_ulong sp) 2475 { 2476 uint16_t n; 2477 struct elf32_fdpic_loadseg *loadsegs = info->loadsegs; 2478 2479 /* elf32_fdpic_loadseg */ 2480 n = info->nsegs; 2481 while (n--) { 2482 sp -= 12; 2483 put_user_u32(loadsegs[n].addr, sp+0); 2484 put_user_u32(loadsegs[n].p_vaddr, sp+4); 2485 put_user_u32(loadsegs[n].p_memsz, sp+8); 2486 } 2487 2488 /* elf32_fdpic_loadmap */ 2489 sp -= 4; 2490 put_user_u16(0, sp+0); /* version */ 2491 put_user_u16(info->nsegs, sp+2); /* nsegs */ 2492 2493 info->personality = PER_LINUX_FDPIC; 2494 info->loadmap_addr = sp; 2495 2496 return sp; 2497 } 2498 2499 static abi_ulong create_elf_tables(abi_ulong p, int argc, int envc, 2500 struct elfhdr *exec, 2501 struct image_info *info, 2502 struct image_info *interp_info, 2503 struct image_info *vdso_info) 2504 { 2505 abi_ulong sp; 2506 abi_ulong u_argc, u_argv, u_envp, u_auxv; 2507 int size; 2508 int i; 2509 abi_ulong u_rand_bytes; 2510 uint8_t k_rand_bytes[16]; 2511 abi_ulong u_platform, u_base_platform; 2512 const char *k_platform, *k_base_platform; 2513 const int n = sizeof(elf_addr_t); 2514 2515 sp = p; 2516 2517 /* Needs to be before we load the env/argc/... */ 2518 if (elf_is_fdpic(exec)) { 2519 /* Need 4 byte alignment for these structs */ 2520 sp &= ~3; 2521 sp = loader_build_fdpic_loadmap(info, sp); 2522 info->other_info = interp_info; 2523 if (interp_info) { 2524 interp_info->other_info = info; 2525 sp = loader_build_fdpic_loadmap(interp_info, sp); 2526 info->interpreter_loadmap_addr = interp_info->loadmap_addr; 2527 info->interpreter_pt_dynamic_addr = interp_info->pt_dynamic_addr; 2528 } else { 2529 info->interpreter_loadmap_addr = 0; 2530 info->interpreter_pt_dynamic_addr = 0; 2531 } 2532 } 2533 2534 u_base_platform = 0; 2535 k_base_platform = ELF_BASE_PLATFORM; 2536 if (k_base_platform) { 2537 size_t len = strlen(k_base_platform) + 1; 2538 if (STACK_GROWS_DOWN) { 2539 sp -= (len + n - 1) & ~(n - 1); 2540 u_base_platform = sp; 2541 /* FIXME - check return value of memcpy_to_target() for failure */ 2542 memcpy_to_target(sp, k_base_platform, len); 2543 } else { 2544 memcpy_to_target(sp, k_base_platform, len); 2545 u_base_platform = sp; 2546 sp += len + 1; 2547 } 2548 } 2549 2550 u_platform = 0; 2551 k_platform = ELF_PLATFORM; 2552 if (k_platform) { 2553 size_t len = strlen(k_platform) + 1; 2554 if (STACK_GROWS_DOWN) { 2555 sp -= (len + n - 1) & ~(n - 1); 2556 u_platform = sp; 2557 /* FIXME - check return value of memcpy_to_target() for failure */ 2558 memcpy_to_target(sp, k_platform, len); 2559 } else { 2560 memcpy_to_target(sp, k_platform, len); 2561 u_platform = sp; 2562 sp += len + 1; 2563 } 2564 } 2565 2566 /* Provide 16 byte alignment for the PRNG, and basic alignment for 2567 * the argv and envp pointers. 2568 */ 2569 if (STACK_GROWS_DOWN) { 2570 sp = QEMU_ALIGN_DOWN(sp, 16); 2571 } else { 2572 sp = QEMU_ALIGN_UP(sp, 16); 2573 } 2574 2575 /* 2576 * Generate 16 random bytes for userspace PRNG seeding. 2577 */ 2578 qemu_guest_getrandom_nofail(k_rand_bytes, sizeof(k_rand_bytes)); 2579 if (STACK_GROWS_DOWN) { 2580 sp -= 16; 2581 u_rand_bytes = sp; 2582 /* FIXME - check return value of memcpy_to_target() for failure */ 2583 memcpy_to_target(sp, k_rand_bytes, 16); 2584 } else { 2585 memcpy_to_target(sp, k_rand_bytes, 16); 2586 u_rand_bytes = sp; 2587 sp += 16; 2588 } 2589 2590 size = (DLINFO_ITEMS + 1) * 2; 2591 if (k_base_platform) { 2592 size += 2; 2593 } 2594 if (k_platform) { 2595 size += 2; 2596 } 2597 if (vdso_info) { 2598 size += 2; 2599 } 2600 #ifdef DLINFO_ARCH_ITEMS 2601 size += DLINFO_ARCH_ITEMS * 2; 2602 #endif 2603 #ifdef ELF_HWCAP2 2604 size += 2; 2605 #endif 2606 info->auxv_len = size * n; 2607 2608 size += envc + argc + 2; 2609 size += 1; /* argc itself */ 2610 size *= n; 2611 2612 /* Allocate space and finalize stack alignment for entry now. */ 2613 if (STACK_GROWS_DOWN) { 2614 u_argc = QEMU_ALIGN_DOWN(sp - size, STACK_ALIGNMENT); 2615 sp = u_argc; 2616 } else { 2617 u_argc = sp; 2618 sp = QEMU_ALIGN_UP(sp + size, STACK_ALIGNMENT); 2619 } 2620 2621 u_argv = u_argc + n; 2622 u_envp = u_argv + (argc + 1) * n; 2623 u_auxv = u_envp + (envc + 1) * n; 2624 info->saved_auxv = u_auxv; 2625 info->argc = argc; 2626 info->envc = envc; 2627 info->argv = u_argv; 2628 info->envp = u_envp; 2629 2630 /* This is correct because Linux defines 2631 * elf_addr_t as Elf32_Off / Elf64_Off 2632 */ 2633 #define NEW_AUX_ENT(id, val) do { \ 2634 put_user_ual(id, u_auxv); u_auxv += n; \ 2635 put_user_ual(val, u_auxv); u_auxv += n; \ 2636 } while(0) 2637 2638 #ifdef ARCH_DLINFO 2639 /* 2640 * ARCH_DLINFO must come first so platform specific code can enforce 2641 * special alignment requirements on the AUXV if necessary (eg. PPC). 2642 */ 2643 ARCH_DLINFO; 2644 #endif 2645 /* There must be exactly DLINFO_ITEMS entries here, or the assert 2646 * on info->auxv_len will trigger. 2647 */ 2648 NEW_AUX_ENT(AT_PHDR, (abi_ulong)(info->load_addr + exec->e_phoff)); 2649 NEW_AUX_ENT(AT_PHENT, (abi_ulong)(sizeof (struct elf_phdr))); 2650 NEW_AUX_ENT(AT_PHNUM, (abi_ulong)(exec->e_phnum)); 2651 if ((info->alignment & ~qemu_host_page_mask) != 0) { 2652 /* Target doesn't support host page size alignment */ 2653 NEW_AUX_ENT(AT_PAGESZ, (abi_ulong)(TARGET_PAGE_SIZE)); 2654 } else { 2655 NEW_AUX_ENT(AT_PAGESZ, (abi_ulong)(MAX(TARGET_PAGE_SIZE, 2656 qemu_host_page_size))); 2657 } 2658 NEW_AUX_ENT(AT_BASE, (abi_ulong)(interp_info ? interp_info->load_addr : 0)); 2659 NEW_AUX_ENT(AT_FLAGS, (abi_ulong)0); 2660 NEW_AUX_ENT(AT_ENTRY, info->entry); 2661 NEW_AUX_ENT(AT_UID, (abi_ulong) getuid()); 2662 NEW_AUX_ENT(AT_EUID, (abi_ulong) geteuid()); 2663 NEW_AUX_ENT(AT_GID, (abi_ulong) getgid()); 2664 NEW_AUX_ENT(AT_EGID, (abi_ulong) getegid()); 2665 NEW_AUX_ENT(AT_HWCAP, (abi_ulong) ELF_HWCAP); 2666 NEW_AUX_ENT(AT_CLKTCK, (abi_ulong) sysconf(_SC_CLK_TCK)); 2667 NEW_AUX_ENT(AT_RANDOM, (abi_ulong) u_rand_bytes); 2668 NEW_AUX_ENT(AT_SECURE, (abi_ulong) qemu_getauxval(AT_SECURE)); 2669 NEW_AUX_ENT(AT_EXECFN, info->file_string); 2670 2671 #ifdef ELF_HWCAP2 2672 NEW_AUX_ENT(AT_HWCAP2, (abi_ulong) ELF_HWCAP2); 2673 #endif 2674 2675 if (u_base_platform) { 2676 NEW_AUX_ENT(AT_BASE_PLATFORM, u_base_platform); 2677 } 2678 if (u_platform) { 2679 NEW_AUX_ENT(AT_PLATFORM, u_platform); 2680 } 2681 if (vdso_info) { 2682 NEW_AUX_ENT(AT_SYSINFO_EHDR, vdso_info->load_addr); 2683 } 2684 NEW_AUX_ENT (AT_NULL, 0); 2685 #undef NEW_AUX_ENT 2686 2687 /* Check that our initial calculation of the auxv length matches how much 2688 * we actually put into it. 2689 */ 2690 assert(info->auxv_len == u_auxv - info->saved_auxv); 2691 2692 put_user_ual(argc, u_argc); 2693 2694 p = info->arg_strings; 2695 for (i = 0; i < argc; ++i) { 2696 put_user_ual(p, u_argv); 2697 u_argv += n; 2698 p += target_strlen(p) + 1; 2699 } 2700 put_user_ual(0, u_argv); 2701 2702 p = info->env_strings; 2703 for (i = 0; i < envc; ++i) { 2704 put_user_ual(p, u_envp); 2705 u_envp += n; 2706 p += target_strlen(p) + 1; 2707 } 2708 put_user_ual(0, u_envp); 2709 2710 return sp; 2711 } 2712 2713 #if defined(HI_COMMPAGE) 2714 #define LO_COMMPAGE -1 2715 #elif defined(LO_COMMPAGE) 2716 #define HI_COMMPAGE 0 2717 #else 2718 #define HI_COMMPAGE 0 2719 #define LO_COMMPAGE -1 2720 #ifndef INIT_GUEST_COMMPAGE 2721 #define init_guest_commpage() true 2722 #endif 2723 #endif 2724 2725 /** 2726 * pgb_try_mmap: 2727 * @addr: host start address 2728 * @addr_last: host last address 2729 * @keep: do not unmap the probe region 2730 * 2731 * Return 1 if [@addr, @addr_last] is not mapped in the host, 2732 * return 0 if it is not available to map, and -1 on mmap error. 2733 * If @keep, the region is left mapped on success, otherwise unmapped. 2734 */ 2735 static int pgb_try_mmap(uintptr_t addr, uintptr_t addr_last, bool keep) 2736 { 2737 size_t size = addr_last - addr + 1; 2738 void *p = mmap((void *)addr, size, PROT_NONE, 2739 MAP_ANONYMOUS | MAP_PRIVATE | 2740 MAP_NORESERVE | MAP_FIXED_NOREPLACE, -1, 0); 2741 int ret; 2742 2743 if (p == MAP_FAILED) { 2744 return errno == EEXIST ? 0 : -1; 2745 } 2746 ret = p == (void *)addr; 2747 if (!keep || !ret) { 2748 munmap(p, size); 2749 } 2750 return ret; 2751 } 2752 2753 /** 2754 * pgb_try_mmap_skip_brk(uintptr_t addr, uintptr_t size, uintptr_t brk) 2755 * @addr: host address 2756 * @addr_last: host last address 2757 * @brk: host brk 2758 * 2759 * Like pgb_try_mmap, but additionally reserve some memory following brk. 2760 */ 2761 static int pgb_try_mmap_skip_brk(uintptr_t addr, uintptr_t addr_last, 2762 uintptr_t brk, bool keep) 2763 { 2764 uintptr_t brk_last = brk + 16 * MiB - 1; 2765 2766 /* Do not map anything close to the host brk. */ 2767 if (addr <= brk_last && brk <= addr_last) { 2768 return 0; 2769 } 2770 return pgb_try_mmap(addr, addr_last, keep); 2771 } 2772 2773 /** 2774 * pgb_try_mmap_set: 2775 * @ga: set of guest addrs 2776 * @base: guest_base 2777 * @brk: host brk 2778 * 2779 * Return true if all @ga can be mapped by the host at @base. 2780 * On success, retain the mapping at index 0 for reserved_va. 2781 */ 2782 2783 typedef struct PGBAddrs { 2784 uintptr_t bounds[3][2]; /* start/last pairs */ 2785 int nbounds; 2786 } PGBAddrs; 2787 2788 static bool pgb_try_mmap_set(const PGBAddrs *ga, uintptr_t base, uintptr_t brk) 2789 { 2790 for (int i = ga->nbounds - 1; i >= 0; --i) { 2791 if (pgb_try_mmap_skip_brk(ga->bounds[i][0] + base, 2792 ga->bounds[i][1] + base, 2793 brk, i == 0 && reserved_va) <= 0) { 2794 return false; 2795 } 2796 } 2797 return true; 2798 } 2799 2800 /** 2801 * pgb_addr_set: 2802 * @ga: output set of guest addrs 2803 * @guest_loaddr: guest image low address 2804 * @guest_loaddr: guest image high address 2805 * @identity: create for identity mapping 2806 * 2807 * Fill in @ga with the image, COMMPAGE and NULL page. 2808 */ 2809 static bool pgb_addr_set(PGBAddrs *ga, abi_ulong guest_loaddr, 2810 abi_ulong guest_hiaddr, bool try_identity) 2811 { 2812 int n; 2813 2814 /* 2815 * With a low commpage, or a guest mapped very low, 2816 * we may not be able to use the identity map. 2817 */ 2818 if (try_identity) { 2819 if (LO_COMMPAGE != -1 && LO_COMMPAGE < mmap_min_addr) { 2820 return false; 2821 } 2822 if (guest_loaddr != 0 && guest_loaddr < mmap_min_addr) { 2823 return false; 2824 } 2825 } 2826 2827 memset(ga, 0, sizeof(*ga)); 2828 n = 0; 2829 2830 if (reserved_va) { 2831 ga->bounds[n][0] = try_identity ? mmap_min_addr : 0; 2832 ga->bounds[n][1] = reserved_va; 2833 n++; 2834 /* LO_COMMPAGE and NULL handled by reserving from 0. */ 2835 } else { 2836 /* Add any LO_COMMPAGE or NULL page. */ 2837 if (LO_COMMPAGE != -1) { 2838 ga->bounds[n][0] = 0; 2839 ga->bounds[n][1] = LO_COMMPAGE + TARGET_PAGE_SIZE - 1; 2840 n++; 2841 } else if (!try_identity) { 2842 ga->bounds[n][0] = 0; 2843 ga->bounds[n][1] = TARGET_PAGE_SIZE - 1; 2844 n++; 2845 } 2846 2847 /* Add the guest image for ET_EXEC. */ 2848 if (guest_loaddr) { 2849 ga->bounds[n][0] = guest_loaddr; 2850 ga->bounds[n][1] = guest_hiaddr; 2851 n++; 2852 } 2853 } 2854 2855 /* 2856 * Temporarily disable 2857 * "comparison is always false due to limited range of data type" 2858 * due to comparison between unsigned and (possible) 0. 2859 */ 2860 #pragma GCC diagnostic push 2861 #pragma GCC diagnostic ignored "-Wtype-limits" 2862 2863 /* Add any HI_COMMPAGE not covered by reserved_va. */ 2864 if (reserved_va < HI_COMMPAGE) { 2865 ga->bounds[n][0] = HI_COMMPAGE & qemu_host_page_mask; 2866 ga->bounds[n][1] = HI_COMMPAGE + TARGET_PAGE_SIZE - 1; 2867 n++; 2868 } 2869 2870 #pragma GCC diagnostic pop 2871 2872 ga->nbounds = n; 2873 return true; 2874 } 2875 2876 static void pgb_fail_in_use(const char *image_name) 2877 { 2878 error_report("%s: requires virtual address space that is in use " 2879 "(omit the -B option or choose a different value)", 2880 image_name); 2881 exit(EXIT_FAILURE); 2882 } 2883 2884 static void pgb_fixed(const char *image_name, uintptr_t guest_loaddr, 2885 uintptr_t guest_hiaddr, uintptr_t align) 2886 { 2887 PGBAddrs ga; 2888 uintptr_t brk = (uintptr_t)sbrk(0); 2889 2890 if (!QEMU_IS_ALIGNED(guest_base, align)) { 2891 fprintf(stderr, "Requested guest base %p does not satisfy " 2892 "host minimum alignment (0x%" PRIxPTR ")\n", 2893 (void *)guest_base, align); 2894 exit(EXIT_FAILURE); 2895 } 2896 2897 if (!pgb_addr_set(&ga, guest_loaddr, guest_hiaddr, !guest_base) 2898 || !pgb_try_mmap_set(&ga, guest_base, brk)) { 2899 pgb_fail_in_use(image_name); 2900 } 2901 } 2902 2903 /** 2904 * pgb_find_fallback: 2905 * 2906 * This is a fallback method for finding holes in the host address space 2907 * if we don't have the benefit of being able to access /proc/self/map. 2908 * It can potentially take a very long time as we can only dumbly iterate 2909 * up the host address space seeing if the allocation would work. 2910 */ 2911 static uintptr_t pgb_find_fallback(const PGBAddrs *ga, uintptr_t align, 2912 uintptr_t brk) 2913 { 2914 /* TODO: come up with a better estimate of how much to skip. */ 2915 uintptr_t skip = sizeof(uintptr_t) == 4 ? MiB : GiB; 2916 2917 for (uintptr_t base = skip; ; base += skip) { 2918 base = ROUND_UP(base, align); 2919 if (pgb_try_mmap_set(ga, base, brk)) { 2920 return base; 2921 } 2922 if (base >= -skip) { 2923 return -1; 2924 } 2925 } 2926 } 2927 2928 static uintptr_t pgb_try_itree(const PGBAddrs *ga, uintptr_t base, 2929 IntervalTreeRoot *root) 2930 { 2931 for (int i = ga->nbounds - 1; i >= 0; --i) { 2932 uintptr_t s = base + ga->bounds[i][0]; 2933 uintptr_t l = base + ga->bounds[i][1]; 2934 IntervalTreeNode *n; 2935 2936 if (l < s) { 2937 /* Wraparound. Skip to advance S to mmap_min_addr. */ 2938 return mmap_min_addr - s; 2939 } 2940 2941 n = interval_tree_iter_first(root, s, l); 2942 if (n != NULL) { 2943 /* Conflict. Skip to advance S to LAST + 1. */ 2944 return n->last - s + 1; 2945 } 2946 } 2947 return 0; /* success */ 2948 } 2949 2950 static uintptr_t pgb_find_itree(const PGBAddrs *ga, IntervalTreeRoot *root, 2951 uintptr_t align, uintptr_t brk) 2952 { 2953 uintptr_t last = mmap_min_addr; 2954 uintptr_t base, skip; 2955 2956 while (true) { 2957 base = ROUND_UP(last, align); 2958 if (base < last) { 2959 return -1; 2960 } 2961 2962 skip = pgb_try_itree(ga, base, root); 2963 if (skip == 0) { 2964 break; 2965 } 2966 2967 last = base + skip; 2968 if (last < base) { 2969 return -1; 2970 } 2971 } 2972 2973 /* 2974 * We've chosen 'base' based on holes in the interval tree, 2975 * but we don't yet know if it is a valid host address. 2976 * Because it is the first matching hole, if the host addresses 2977 * are invalid we know there are no further matches. 2978 */ 2979 return pgb_try_mmap_set(ga, base, brk) ? base : -1; 2980 } 2981 2982 static void pgb_dynamic(const char *image_name, uintptr_t guest_loaddr, 2983 uintptr_t guest_hiaddr, uintptr_t align) 2984 { 2985 IntervalTreeRoot *root; 2986 uintptr_t brk, ret; 2987 PGBAddrs ga; 2988 2989 assert(QEMU_IS_ALIGNED(guest_loaddr, align)); 2990 2991 /* Try the identity map first. */ 2992 if (pgb_addr_set(&ga, guest_loaddr, guest_hiaddr, true)) { 2993 brk = (uintptr_t)sbrk(0); 2994 if (pgb_try_mmap_set(&ga, 0, brk)) { 2995 guest_base = 0; 2996 return; 2997 } 2998 } 2999 3000 /* 3001 * Rebuild the address set for non-identity map. 3002 * This differs in the mapping of the guest NULL page. 3003 */ 3004 pgb_addr_set(&ga, guest_loaddr, guest_hiaddr, false); 3005 3006 root = read_self_maps(); 3007 3008 /* Read brk after we've read the maps, which will malloc. */ 3009 brk = (uintptr_t)sbrk(0); 3010 3011 if (!root) { 3012 ret = pgb_find_fallback(&ga, align, brk); 3013 } else { 3014 /* 3015 * Reserve the area close to the host brk. 3016 * This will be freed with the rest of the tree. 3017 */ 3018 IntervalTreeNode *b = g_new0(IntervalTreeNode, 1); 3019 b->start = brk; 3020 b->last = brk + 16 * MiB - 1; 3021 interval_tree_insert(b, root); 3022 3023 ret = pgb_find_itree(&ga, root, align, brk); 3024 free_self_maps(root); 3025 } 3026 3027 if (ret == -1) { 3028 int w = TARGET_LONG_BITS / 4; 3029 3030 error_report("%s: Unable to find a guest_base to satisfy all " 3031 "guest address mapping requirements", image_name); 3032 3033 for (int i = 0; i < ga.nbounds; ++i) { 3034 error_printf(" %0*" PRIx64 "-%0*" PRIx64 "\n", 3035 w, (uint64_t)ga.bounds[i][0], 3036 w, (uint64_t)ga.bounds[i][1]); 3037 } 3038 exit(EXIT_FAILURE); 3039 } 3040 guest_base = ret; 3041 } 3042 3043 void probe_guest_base(const char *image_name, abi_ulong guest_loaddr, 3044 abi_ulong guest_hiaddr) 3045 { 3046 /* In order to use host shmat, we must be able to honor SHMLBA. */ 3047 uintptr_t align = MAX(SHMLBA, qemu_host_page_size); 3048 3049 /* Sanity check the guest binary. */ 3050 if (reserved_va) { 3051 if (guest_hiaddr > reserved_va) { 3052 error_report("%s: requires more than reserved virtual " 3053 "address space (0x%" PRIx64 " > 0x%lx)", 3054 image_name, (uint64_t)guest_hiaddr, reserved_va); 3055 exit(EXIT_FAILURE); 3056 } 3057 } else { 3058 if (guest_hiaddr != (uintptr_t)guest_hiaddr) { 3059 error_report("%s: requires more virtual address space " 3060 "than the host can provide (0x%" PRIx64 ")", 3061 image_name, (uint64_t)guest_hiaddr + 1); 3062 exit(EXIT_FAILURE); 3063 } 3064 } 3065 3066 if (have_guest_base) { 3067 pgb_fixed(image_name, guest_loaddr, guest_hiaddr, align); 3068 } else { 3069 pgb_dynamic(image_name, guest_loaddr, guest_hiaddr, align); 3070 } 3071 3072 /* Reserve and initialize the commpage. */ 3073 if (!init_guest_commpage()) { 3074 /* We have already probed for the commpage being free. */ 3075 g_assert_not_reached(); 3076 } 3077 3078 assert(QEMU_IS_ALIGNED(guest_base, align)); 3079 qemu_log_mask(CPU_LOG_PAGE, "Locating guest address space " 3080 "@ 0x%" PRIx64 "\n", (uint64_t)guest_base); 3081 } 3082 3083 enum { 3084 /* The string "GNU\0" as a magic number. */ 3085 GNU0_MAGIC = const_le32('G' | 'N' << 8 | 'U' << 16), 3086 NOTE_DATA_SZ = 1 * KiB, 3087 NOTE_NAME_SZ = 4, 3088 ELF_GNU_PROPERTY_ALIGN = ELF_CLASS == ELFCLASS32 ? 4 : 8, 3089 }; 3090 3091 /* 3092 * Process a single gnu_property entry. 3093 * Return false for error. 3094 */ 3095 static bool parse_elf_property(const uint32_t *data, int *off, int datasz, 3096 struct image_info *info, bool have_prev_type, 3097 uint32_t *prev_type, Error **errp) 3098 { 3099 uint32_t pr_type, pr_datasz, step; 3100 3101 if (*off > datasz || !QEMU_IS_ALIGNED(*off, ELF_GNU_PROPERTY_ALIGN)) { 3102 goto error_data; 3103 } 3104 datasz -= *off; 3105 data += *off / sizeof(uint32_t); 3106 3107 if (datasz < 2 * sizeof(uint32_t)) { 3108 goto error_data; 3109 } 3110 pr_type = data[0]; 3111 pr_datasz = data[1]; 3112 data += 2; 3113 datasz -= 2 * sizeof(uint32_t); 3114 step = ROUND_UP(pr_datasz, ELF_GNU_PROPERTY_ALIGN); 3115 if (step > datasz) { 3116 goto error_data; 3117 } 3118 3119 /* Properties are supposed to be unique and sorted on pr_type. */ 3120 if (have_prev_type && pr_type <= *prev_type) { 3121 if (pr_type == *prev_type) { 3122 error_setg(errp, "Duplicate property in PT_GNU_PROPERTY"); 3123 } else { 3124 error_setg(errp, "Unsorted property in PT_GNU_PROPERTY"); 3125 } 3126 return false; 3127 } 3128 *prev_type = pr_type; 3129 3130 if (!arch_parse_elf_property(pr_type, pr_datasz, data, info, errp)) { 3131 return false; 3132 } 3133 3134 *off += 2 * sizeof(uint32_t) + step; 3135 return true; 3136 3137 error_data: 3138 error_setg(errp, "Ill-formed property in PT_GNU_PROPERTY"); 3139 return false; 3140 } 3141 3142 /* Process NT_GNU_PROPERTY_TYPE_0. */ 3143 static bool parse_elf_properties(const ImageSource *src, 3144 struct image_info *info, 3145 const struct elf_phdr *phdr, 3146 Error **errp) 3147 { 3148 union { 3149 struct elf_note nhdr; 3150 uint32_t data[NOTE_DATA_SZ / sizeof(uint32_t)]; 3151 } note; 3152 3153 int n, off, datasz; 3154 bool have_prev_type; 3155 uint32_t prev_type; 3156 3157 /* Unless the arch requires properties, ignore them. */ 3158 if (!ARCH_USE_GNU_PROPERTY) { 3159 return true; 3160 } 3161 3162 /* If the properties are crazy large, that's too bad. */ 3163 n = phdr->p_filesz; 3164 if (n > sizeof(note)) { 3165 error_setg(errp, "PT_GNU_PROPERTY too large"); 3166 return false; 3167 } 3168 if (n < sizeof(note.nhdr)) { 3169 error_setg(errp, "PT_GNU_PROPERTY too small"); 3170 return false; 3171 } 3172 3173 if (!imgsrc_read(¬e, phdr->p_offset, n, src, errp)) { 3174 return false; 3175 } 3176 3177 /* 3178 * The contents of a valid PT_GNU_PROPERTY is a sequence 3179 * of uint32_t -- swap them all now. 3180 */ 3181 #ifdef BSWAP_NEEDED 3182 for (int i = 0; i < n / 4; i++) { 3183 bswap32s(note.data + i); 3184 } 3185 #endif 3186 3187 /* 3188 * Note that nhdr is 3 words, and that the "name" described by namesz 3189 * immediately follows nhdr and is thus at the 4th word. Further, all 3190 * of the inputs to the kernel's round_up are multiples of 4. 3191 */ 3192 if (note.nhdr.n_type != NT_GNU_PROPERTY_TYPE_0 || 3193 note.nhdr.n_namesz != NOTE_NAME_SZ || 3194 note.data[3] != GNU0_MAGIC) { 3195 error_setg(errp, "Invalid note in PT_GNU_PROPERTY"); 3196 return false; 3197 } 3198 off = sizeof(note.nhdr) + NOTE_NAME_SZ; 3199 3200 datasz = note.nhdr.n_descsz + off; 3201 if (datasz > n) { 3202 error_setg(errp, "Invalid note size in PT_GNU_PROPERTY"); 3203 return false; 3204 } 3205 3206 have_prev_type = false; 3207 prev_type = 0; 3208 while (1) { 3209 if (off == datasz) { 3210 return true; /* end, exit ok */ 3211 } 3212 if (!parse_elf_property(note.data, &off, datasz, info, 3213 have_prev_type, &prev_type, errp)) { 3214 return false; 3215 } 3216 have_prev_type = true; 3217 } 3218 } 3219 3220 /** 3221 * load_elf_image: Load an ELF image into the address space. 3222 * @image_name: the filename of the image, to use in error messages. 3223 * @src: the ImageSource from which to read. 3224 * @info: info collected from the loaded image. 3225 * @ehdr: the ELF header, not yet bswapped. 3226 * @pinterp_name: record any PT_INTERP string found. 3227 * 3228 * On return: @info values will be filled in, as necessary or available. 3229 */ 3230 3231 static void load_elf_image(const char *image_name, const ImageSource *src, 3232 struct image_info *info, struct elfhdr *ehdr, 3233 char **pinterp_name) 3234 { 3235 g_autofree struct elf_phdr *phdr = NULL; 3236 abi_ulong load_addr, load_bias, loaddr, hiaddr, error; 3237 int i, prot_exec; 3238 Error *err = NULL; 3239 3240 /* 3241 * First of all, some simple consistency checks. 3242 * Note that we rely on the bswapped ehdr staying in bprm_buf, 3243 * for later use by load_elf_binary and create_elf_tables. 3244 */ 3245 if (!imgsrc_read(ehdr, 0, sizeof(*ehdr), src, &err)) { 3246 goto exit_errmsg; 3247 } 3248 if (!elf_check_ident(ehdr)) { 3249 error_setg(&err, "Invalid ELF image for this architecture"); 3250 goto exit_errmsg; 3251 } 3252 bswap_ehdr(ehdr); 3253 if (!elf_check_ehdr(ehdr)) { 3254 error_setg(&err, "Invalid ELF image for this architecture"); 3255 goto exit_errmsg; 3256 } 3257 3258 phdr = imgsrc_read_alloc(ehdr->e_phoff, 3259 ehdr->e_phnum * sizeof(struct elf_phdr), 3260 src, &err); 3261 if (phdr == NULL) { 3262 goto exit_errmsg; 3263 } 3264 bswap_phdr(phdr, ehdr->e_phnum); 3265 3266 info->nsegs = 0; 3267 info->pt_dynamic_addr = 0; 3268 3269 mmap_lock(); 3270 3271 /* 3272 * Find the maximum size of the image and allocate an appropriate 3273 * amount of memory to handle that. Locate the interpreter, if any. 3274 */ 3275 loaddr = -1, hiaddr = 0; 3276 info->alignment = 0; 3277 info->exec_stack = EXSTACK_DEFAULT; 3278 for (i = 0; i < ehdr->e_phnum; ++i) { 3279 struct elf_phdr *eppnt = phdr + i; 3280 if (eppnt->p_type == PT_LOAD) { 3281 abi_ulong a = eppnt->p_vaddr - eppnt->p_offset; 3282 if (a < loaddr) { 3283 loaddr = a; 3284 } 3285 a = eppnt->p_vaddr + eppnt->p_memsz - 1; 3286 if (a > hiaddr) { 3287 hiaddr = a; 3288 } 3289 ++info->nsegs; 3290 info->alignment |= eppnt->p_align; 3291 } else if (eppnt->p_type == PT_INTERP && pinterp_name) { 3292 g_autofree char *interp_name = NULL; 3293 3294 if (*pinterp_name) { 3295 error_setg(&err, "Multiple PT_INTERP entries"); 3296 goto exit_errmsg; 3297 } 3298 3299 interp_name = imgsrc_read_alloc(eppnt->p_offset, eppnt->p_filesz, 3300 src, &err); 3301 if (interp_name == NULL) { 3302 goto exit_errmsg; 3303 } 3304 if (interp_name[eppnt->p_filesz - 1] != 0) { 3305 error_setg(&err, "Invalid PT_INTERP entry"); 3306 goto exit_errmsg; 3307 } 3308 *pinterp_name = g_steal_pointer(&interp_name); 3309 } else if (eppnt->p_type == PT_GNU_PROPERTY) { 3310 if (!parse_elf_properties(src, info, eppnt, &err)) { 3311 goto exit_errmsg; 3312 } 3313 } else if (eppnt->p_type == PT_GNU_STACK) { 3314 info->exec_stack = eppnt->p_flags & PF_X; 3315 } 3316 } 3317 3318 load_addr = loaddr; 3319 3320 if (pinterp_name != NULL) { 3321 if (ehdr->e_type == ET_EXEC) { 3322 /* 3323 * Make sure that the low address does not conflict with 3324 * MMAP_MIN_ADDR or the QEMU application itself. 3325 */ 3326 probe_guest_base(image_name, loaddr, hiaddr); 3327 } else { 3328 abi_ulong align; 3329 3330 /* 3331 * The binary is dynamic, but we still need to 3332 * select guest_base. In this case we pass a size. 3333 */ 3334 probe_guest_base(image_name, 0, hiaddr - loaddr); 3335 3336 /* 3337 * Avoid collision with the loader by providing a different 3338 * default load address. 3339 */ 3340 load_addr += elf_et_dyn_base; 3341 3342 /* 3343 * TODO: Better support for mmap alignment is desirable. 3344 * Since we do not have complete control over the guest 3345 * address space, we prefer the kernel to choose some address 3346 * rather than force the use of LOAD_ADDR via MAP_FIXED. 3347 * But without MAP_FIXED we cannot guarantee alignment, 3348 * only suggest it. 3349 */ 3350 align = pow2ceil(info->alignment); 3351 if (align) { 3352 load_addr &= -align; 3353 } 3354 } 3355 } 3356 3357 /* 3358 * Reserve address space for all of this. 3359 * 3360 * In the case of ET_EXEC, we supply MAP_FIXED_NOREPLACE so that we get 3361 * exactly the address range that is required. Without reserved_va, 3362 * the guest address space is not isolated. We have attempted to avoid 3363 * conflict with the host program itself via probe_guest_base, but using 3364 * MAP_FIXED_NOREPLACE instead of MAP_FIXED provides an extra check. 3365 * 3366 * Otherwise this is ET_DYN, and we are searching for a location 3367 * that can hold the memory space required. If the image is 3368 * pre-linked, LOAD_ADDR will be non-zero, and the kernel should 3369 * honor that address if it happens to be free. 3370 * 3371 * In both cases, we will overwrite pages in this range with mappings 3372 * from the executable. 3373 */ 3374 load_addr = target_mmap(load_addr, (size_t)hiaddr - loaddr + 1, PROT_NONE, 3375 MAP_PRIVATE | MAP_ANON | MAP_NORESERVE | 3376 (ehdr->e_type == ET_EXEC ? MAP_FIXED_NOREPLACE : 0), 3377 -1, 0); 3378 if (load_addr == -1) { 3379 goto exit_mmap; 3380 } 3381 load_bias = load_addr - loaddr; 3382 3383 if (elf_is_fdpic(ehdr)) { 3384 struct elf32_fdpic_loadseg *loadsegs = info->loadsegs = 3385 g_malloc(sizeof(*loadsegs) * info->nsegs); 3386 3387 for (i = 0; i < ehdr->e_phnum; ++i) { 3388 switch (phdr[i].p_type) { 3389 case PT_DYNAMIC: 3390 info->pt_dynamic_addr = phdr[i].p_vaddr + load_bias; 3391 break; 3392 case PT_LOAD: 3393 loadsegs->addr = phdr[i].p_vaddr + load_bias; 3394 loadsegs->p_vaddr = phdr[i].p_vaddr; 3395 loadsegs->p_memsz = phdr[i].p_memsz; 3396 ++loadsegs; 3397 break; 3398 } 3399 } 3400 } 3401 3402 info->load_bias = load_bias; 3403 info->code_offset = load_bias; 3404 info->data_offset = load_bias; 3405 info->load_addr = load_addr; 3406 info->entry = ehdr->e_entry + load_bias; 3407 info->start_code = -1; 3408 info->end_code = 0; 3409 info->start_data = -1; 3410 info->end_data = 0; 3411 /* Usual start for brk is after all sections of the main executable. */ 3412 info->brk = TARGET_PAGE_ALIGN(hiaddr + load_bias); 3413 info->elf_flags = ehdr->e_flags; 3414 3415 prot_exec = PROT_EXEC; 3416 #ifdef TARGET_AARCH64 3417 /* 3418 * If the BTI feature is present, this indicates that the executable 3419 * pages of the startup binary should be mapped with PROT_BTI, so that 3420 * branch targets are enforced. 3421 * 3422 * The startup binary is either the interpreter or the static executable. 3423 * The interpreter is responsible for all pages of a dynamic executable. 3424 * 3425 * Elf notes are backward compatible to older cpus. 3426 * Do not enable BTI unless it is supported. 3427 */ 3428 if ((info->note_flags & GNU_PROPERTY_AARCH64_FEATURE_1_BTI) 3429 && (pinterp_name == NULL || *pinterp_name == 0) 3430 && cpu_isar_feature(aa64_bti, ARM_CPU(thread_cpu))) { 3431 prot_exec |= TARGET_PROT_BTI; 3432 } 3433 #endif 3434 3435 for (i = 0; i < ehdr->e_phnum; i++) { 3436 struct elf_phdr *eppnt = phdr + i; 3437 if (eppnt->p_type == PT_LOAD) { 3438 abi_ulong vaddr, vaddr_po, vaddr_ps, vaddr_ef, vaddr_em; 3439 int elf_prot = 0; 3440 3441 if (eppnt->p_flags & PF_R) { 3442 elf_prot |= PROT_READ; 3443 } 3444 if (eppnt->p_flags & PF_W) { 3445 elf_prot |= PROT_WRITE; 3446 } 3447 if (eppnt->p_flags & PF_X) { 3448 elf_prot |= prot_exec; 3449 } 3450 3451 vaddr = load_bias + eppnt->p_vaddr; 3452 vaddr_po = vaddr & ~TARGET_PAGE_MASK; 3453 vaddr_ps = vaddr & TARGET_PAGE_MASK; 3454 3455 vaddr_ef = vaddr + eppnt->p_filesz; 3456 vaddr_em = vaddr + eppnt->p_memsz; 3457 3458 /* 3459 * Some segments may be completely empty, with a non-zero p_memsz 3460 * but no backing file segment. 3461 */ 3462 if (eppnt->p_filesz != 0) { 3463 error = imgsrc_mmap(vaddr_ps, eppnt->p_filesz + vaddr_po, 3464 elf_prot, MAP_PRIVATE | MAP_FIXED, 3465 src, eppnt->p_offset - vaddr_po); 3466 if (error == -1) { 3467 goto exit_mmap; 3468 } 3469 } 3470 3471 /* If the load segment requests extra zeros (e.g. bss), map it. */ 3472 if (vaddr_ef < vaddr_em && 3473 !zero_bss(vaddr_ef, vaddr_em, elf_prot, &err)) { 3474 goto exit_errmsg; 3475 } 3476 3477 /* Find the full program boundaries. */ 3478 if (elf_prot & PROT_EXEC) { 3479 if (vaddr < info->start_code) { 3480 info->start_code = vaddr; 3481 } 3482 if (vaddr_ef > info->end_code) { 3483 info->end_code = vaddr_ef; 3484 } 3485 } 3486 if (elf_prot & PROT_WRITE) { 3487 if (vaddr < info->start_data) { 3488 info->start_data = vaddr; 3489 } 3490 if (vaddr_ef > info->end_data) { 3491 info->end_data = vaddr_ef; 3492 } 3493 } 3494 #ifdef TARGET_MIPS 3495 } else if (eppnt->p_type == PT_MIPS_ABIFLAGS) { 3496 Mips_elf_abiflags_v0 abiflags; 3497 3498 if (!imgsrc_read(&abiflags, eppnt->p_offset, sizeof(abiflags), 3499 src, &err)) { 3500 goto exit_errmsg; 3501 } 3502 bswap_mips_abiflags(&abiflags); 3503 info->fp_abi = abiflags.fp_abi; 3504 #endif 3505 } 3506 } 3507 3508 if (info->end_data == 0) { 3509 info->start_data = info->end_code; 3510 info->end_data = info->end_code; 3511 } 3512 3513 if (qemu_log_enabled()) { 3514 load_symbols(ehdr, src, load_bias); 3515 } 3516 3517 debuginfo_report_elf(image_name, src->fd, load_bias); 3518 3519 mmap_unlock(); 3520 3521 close(src->fd); 3522 return; 3523 3524 exit_mmap: 3525 error_setg_errno(&err, errno, "Error mapping file"); 3526 goto exit_errmsg; 3527 exit_errmsg: 3528 error_reportf_err(err, "%s: ", image_name); 3529 exit(-1); 3530 } 3531 3532 static void load_elf_interp(const char *filename, struct image_info *info, 3533 char bprm_buf[BPRM_BUF_SIZE]) 3534 { 3535 struct elfhdr ehdr; 3536 ImageSource src; 3537 int fd, retval; 3538 Error *err = NULL; 3539 3540 fd = open(path(filename), O_RDONLY); 3541 if (fd < 0) { 3542 error_setg_file_open(&err, errno, filename); 3543 error_report_err(err); 3544 exit(-1); 3545 } 3546 3547 retval = read(fd, bprm_buf, BPRM_BUF_SIZE); 3548 if (retval < 0) { 3549 error_setg_errno(&err, errno, "Error reading file header"); 3550 error_reportf_err(err, "%s: ", filename); 3551 exit(-1); 3552 } 3553 3554 src.fd = fd; 3555 src.cache = bprm_buf; 3556 src.cache_size = retval; 3557 3558 load_elf_image(filename, &src, info, &ehdr, NULL); 3559 } 3560 3561 #ifdef VDSO_HEADER 3562 #include VDSO_HEADER 3563 #define vdso_image_info() &vdso_image_info 3564 #else 3565 #define vdso_image_info() NULL 3566 #endif 3567 3568 static void load_elf_vdso(struct image_info *info, const VdsoImageInfo *vdso) 3569 { 3570 ImageSource src; 3571 struct elfhdr ehdr; 3572 abi_ulong load_bias, load_addr; 3573 3574 src.fd = -1; 3575 src.cache = vdso->image; 3576 src.cache_size = vdso->image_size; 3577 3578 load_elf_image("<internal-vdso>", &src, info, &ehdr, NULL); 3579 load_addr = info->load_addr; 3580 load_bias = info->load_bias; 3581 3582 /* 3583 * We need to relocate the VDSO image. The one built into the kernel 3584 * is built for a fixed address. The one built for QEMU is not, since 3585 * that requires close control of the guest address space. 3586 * We pre-processed the image to locate all of the addresses that need 3587 * to be updated. 3588 */ 3589 for (unsigned i = 0, n = vdso->reloc_count; i < n; i++) { 3590 abi_ulong *addr = g2h_untagged(load_addr + vdso->relocs[i]); 3591 *addr = tswapal(tswapal(*addr) + load_bias); 3592 } 3593 3594 /* Install signal trampolines, if present. */ 3595 if (vdso->sigreturn_ofs) { 3596 default_sigreturn = load_addr + vdso->sigreturn_ofs; 3597 } 3598 if (vdso->rt_sigreturn_ofs) { 3599 default_rt_sigreturn = load_addr + vdso->rt_sigreturn_ofs; 3600 } 3601 3602 /* Remove write from VDSO segment. */ 3603 target_mprotect(info->start_data, info->end_data - info->start_data, 3604 PROT_READ | PROT_EXEC); 3605 } 3606 3607 static int symfind(const void *s0, const void *s1) 3608 { 3609 struct elf_sym *sym = (struct elf_sym *)s1; 3610 __typeof(sym->st_value) addr = *(uint64_t *)s0; 3611 int result = 0; 3612 3613 if (addr < sym->st_value) { 3614 result = -1; 3615 } else if (addr >= sym->st_value + sym->st_size) { 3616 result = 1; 3617 } 3618 return result; 3619 } 3620 3621 static const char *lookup_symbolxx(struct syminfo *s, uint64_t orig_addr) 3622 { 3623 #if ELF_CLASS == ELFCLASS32 3624 struct elf_sym *syms = s->disas_symtab.elf32; 3625 #else 3626 struct elf_sym *syms = s->disas_symtab.elf64; 3627 #endif 3628 3629 // binary search 3630 struct elf_sym *sym; 3631 3632 sym = bsearch(&orig_addr, syms, s->disas_num_syms, sizeof(*syms), symfind); 3633 if (sym != NULL) { 3634 return s->disas_strtab + sym->st_name; 3635 } 3636 3637 return ""; 3638 } 3639 3640 /* FIXME: This should use elf_ops.h */ 3641 static int symcmp(const void *s0, const void *s1) 3642 { 3643 struct elf_sym *sym0 = (struct elf_sym *)s0; 3644 struct elf_sym *sym1 = (struct elf_sym *)s1; 3645 return (sym0->st_value < sym1->st_value) 3646 ? -1 3647 : ((sym0->st_value > sym1->st_value) ? 1 : 0); 3648 } 3649 3650 /* Best attempt to load symbols from this ELF object. */ 3651 static void load_symbols(struct elfhdr *hdr, const ImageSource *src, 3652 abi_ulong load_bias) 3653 { 3654 int i, shnum, nsyms, sym_idx = 0, str_idx = 0; 3655 g_autofree struct elf_shdr *shdr = NULL; 3656 char *strings = NULL; 3657 struct elf_sym *syms = NULL; 3658 struct elf_sym *new_syms; 3659 uint64_t segsz; 3660 3661 shnum = hdr->e_shnum; 3662 shdr = imgsrc_read_alloc(hdr->e_shoff, shnum * sizeof(struct elf_shdr), 3663 src, NULL); 3664 if (shdr == NULL) { 3665 return; 3666 } 3667 3668 bswap_shdr(shdr, shnum); 3669 for (i = 0; i < shnum; ++i) { 3670 if (shdr[i].sh_type == SHT_SYMTAB) { 3671 sym_idx = i; 3672 str_idx = shdr[i].sh_link; 3673 goto found; 3674 } 3675 } 3676 3677 /* There will be no symbol table if the file was stripped. */ 3678 return; 3679 3680 found: 3681 /* Now know where the strtab and symtab are. Snarf them. */ 3682 3683 segsz = shdr[str_idx].sh_size; 3684 strings = g_try_malloc(segsz); 3685 if (!strings) { 3686 goto give_up; 3687 } 3688 if (!imgsrc_read(strings, shdr[str_idx].sh_offset, segsz, src, NULL)) { 3689 goto give_up; 3690 } 3691 3692 segsz = shdr[sym_idx].sh_size; 3693 if (segsz / sizeof(struct elf_sym) > INT_MAX) { 3694 /* 3695 * Implausibly large symbol table: give up rather than ploughing 3696 * on with the number of symbols calculation overflowing. 3697 */ 3698 goto give_up; 3699 } 3700 nsyms = segsz / sizeof(struct elf_sym); 3701 syms = g_try_malloc(segsz); 3702 if (!syms) { 3703 goto give_up; 3704 } 3705 if (!imgsrc_read(syms, shdr[sym_idx].sh_offset, segsz, src, NULL)) { 3706 goto give_up; 3707 } 3708 3709 for (i = 0; i < nsyms; ) { 3710 bswap_sym(syms + i); 3711 /* Throw away entries which we do not need. */ 3712 if (syms[i].st_shndx == SHN_UNDEF 3713 || syms[i].st_shndx >= SHN_LORESERVE 3714 || ELF_ST_TYPE(syms[i].st_info) != STT_FUNC) { 3715 if (i < --nsyms) { 3716 syms[i] = syms[nsyms]; 3717 } 3718 } else { 3719 #if defined(TARGET_ARM) || defined (TARGET_MIPS) 3720 /* The bottom address bit marks a Thumb or MIPS16 symbol. */ 3721 syms[i].st_value &= ~(target_ulong)1; 3722 #endif 3723 syms[i].st_value += load_bias; 3724 i++; 3725 } 3726 } 3727 3728 /* No "useful" symbol. */ 3729 if (nsyms == 0) { 3730 goto give_up; 3731 } 3732 3733 /* 3734 * Attempt to free the storage associated with the local symbols 3735 * that we threw away. Whether or not this has any effect on the 3736 * memory allocation depends on the malloc implementation and how 3737 * many symbols we managed to discard. 3738 */ 3739 new_syms = g_try_renew(struct elf_sym, syms, nsyms); 3740 if (new_syms == NULL) { 3741 goto give_up; 3742 } 3743 syms = new_syms; 3744 3745 qsort(syms, nsyms, sizeof(*syms), symcmp); 3746 3747 { 3748 struct syminfo *s = g_new(struct syminfo, 1); 3749 3750 s->disas_strtab = strings; 3751 s->disas_num_syms = nsyms; 3752 #if ELF_CLASS == ELFCLASS32 3753 s->disas_symtab.elf32 = syms; 3754 #else 3755 s->disas_symtab.elf64 = syms; 3756 #endif 3757 s->lookup_symbol = lookup_symbolxx; 3758 s->next = syminfos; 3759 syminfos = s; 3760 } 3761 return; 3762 3763 give_up: 3764 g_free(strings); 3765 g_free(syms); 3766 } 3767 3768 uint32_t get_elf_eflags(int fd) 3769 { 3770 struct elfhdr ehdr; 3771 off_t offset; 3772 int ret; 3773 3774 /* Read ELF header */ 3775 offset = lseek(fd, 0, SEEK_SET); 3776 if (offset == (off_t) -1) { 3777 return 0; 3778 } 3779 ret = read(fd, &ehdr, sizeof(ehdr)); 3780 if (ret < sizeof(ehdr)) { 3781 return 0; 3782 } 3783 offset = lseek(fd, offset, SEEK_SET); 3784 if (offset == (off_t) -1) { 3785 return 0; 3786 } 3787 3788 /* Check ELF signature */ 3789 if (!elf_check_ident(&ehdr)) { 3790 return 0; 3791 } 3792 3793 /* check header */ 3794 bswap_ehdr(&ehdr); 3795 if (!elf_check_ehdr(&ehdr)) { 3796 return 0; 3797 } 3798 3799 /* return architecture id */ 3800 return ehdr.e_flags; 3801 } 3802 3803 int load_elf_binary(struct linux_binprm *bprm, struct image_info *info) 3804 { 3805 /* 3806 * We need a copy of the elf header for passing to create_elf_tables. 3807 * We will have overwritten the original when we re-use bprm->buf 3808 * while loading the interpreter. Allocate the storage for this now 3809 * and let elf_load_image do any swapping that may be required. 3810 */ 3811 struct elfhdr ehdr; 3812 struct image_info interp_info, vdso_info; 3813 char *elf_interpreter = NULL; 3814 char *scratch; 3815 3816 memset(&interp_info, 0, sizeof(interp_info)); 3817 #ifdef TARGET_MIPS 3818 interp_info.fp_abi = MIPS_ABI_FP_UNKNOWN; 3819 #endif 3820 3821 load_elf_image(bprm->filename, &bprm->src, info, &ehdr, &elf_interpreter); 3822 3823 /* Do this so that we can load the interpreter, if need be. We will 3824 change some of these later */ 3825 bprm->p = setup_arg_pages(bprm, info); 3826 3827 scratch = g_new0(char, TARGET_PAGE_SIZE); 3828 if (STACK_GROWS_DOWN) { 3829 bprm->p = copy_elf_strings(1, &bprm->filename, scratch, 3830 bprm->p, info->stack_limit); 3831 info->file_string = bprm->p; 3832 bprm->p = copy_elf_strings(bprm->envc, bprm->envp, scratch, 3833 bprm->p, info->stack_limit); 3834 info->env_strings = bprm->p; 3835 bprm->p = copy_elf_strings(bprm->argc, bprm->argv, scratch, 3836 bprm->p, info->stack_limit); 3837 info->arg_strings = bprm->p; 3838 } else { 3839 info->arg_strings = bprm->p; 3840 bprm->p = copy_elf_strings(bprm->argc, bprm->argv, scratch, 3841 bprm->p, info->stack_limit); 3842 info->env_strings = bprm->p; 3843 bprm->p = copy_elf_strings(bprm->envc, bprm->envp, scratch, 3844 bprm->p, info->stack_limit); 3845 info->file_string = bprm->p; 3846 bprm->p = copy_elf_strings(1, &bprm->filename, scratch, 3847 bprm->p, info->stack_limit); 3848 } 3849 3850 g_free(scratch); 3851 3852 if (!bprm->p) { 3853 fprintf(stderr, "%s: %s\n", bprm->filename, strerror(E2BIG)); 3854 exit(-1); 3855 } 3856 3857 if (elf_interpreter) { 3858 load_elf_interp(elf_interpreter, &interp_info, bprm->buf); 3859 3860 /* 3861 * While unusual because of ELF_ET_DYN_BASE, if we are unlucky 3862 * with the mappings the interpreter can be loaded above but 3863 * near the main executable, which can leave very little room 3864 * for the heap. 3865 * If the current brk has less than 16MB, use the end of the 3866 * interpreter. 3867 */ 3868 if (interp_info.brk > info->brk && 3869 interp_info.load_bias - info->brk < 16 * MiB) { 3870 info->brk = interp_info.brk; 3871 } 3872 3873 /* If the program interpreter is one of these two, then assume 3874 an iBCS2 image. Otherwise assume a native linux image. */ 3875 3876 if (strcmp(elf_interpreter, "/usr/lib/libc.so.1") == 0 3877 || strcmp(elf_interpreter, "/usr/lib/ld.so.1") == 0) { 3878 info->personality = PER_SVR4; 3879 3880 /* Why this, you ask??? Well SVr4 maps page 0 as read-only, 3881 and some applications "depend" upon this behavior. Since 3882 we do not have the power to recompile these, we emulate 3883 the SVr4 behavior. Sigh. */ 3884 target_mmap(0, qemu_host_page_size, PROT_READ | PROT_EXEC, 3885 MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); 3886 } 3887 #ifdef TARGET_MIPS 3888 info->interp_fp_abi = interp_info.fp_abi; 3889 #endif 3890 } 3891 3892 /* 3893 * Load a vdso if available, which will amongst other things contain the 3894 * signal trampolines. Otherwise, allocate a separate page for them. 3895 */ 3896 const VdsoImageInfo *vdso = vdso_image_info(); 3897 if (vdso) { 3898 load_elf_vdso(&vdso_info, vdso); 3899 } else if (TARGET_ARCH_HAS_SIGTRAMP_PAGE) { 3900 abi_long tramp_page = target_mmap(0, TARGET_PAGE_SIZE, 3901 PROT_READ | PROT_WRITE, 3902 MAP_PRIVATE | MAP_ANON, -1, 0); 3903 if (tramp_page == -1) { 3904 return -errno; 3905 } 3906 3907 setup_sigtramp(tramp_page); 3908 target_mprotect(tramp_page, TARGET_PAGE_SIZE, PROT_READ | PROT_EXEC); 3909 } 3910 3911 bprm->p = create_elf_tables(bprm->p, bprm->argc, bprm->envc, &ehdr, info, 3912 elf_interpreter ? &interp_info : NULL, 3913 vdso ? &vdso_info : NULL); 3914 info->start_stack = bprm->p; 3915 3916 /* If we have an interpreter, set that as the program's entry point. 3917 Copy the load_bias as well, to help PPC64 interpret the entry 3918 point as a function descriptor. Do this after creating elf tables 3919 so that we copy the original program entry point into the AUXV. */ 3920 if (elf_interpreter) { 3921 info->load_bias = interp_info.load_bias; 3922 info->entry = interp_info.entry; 3923 g_free(elf_interpreter); 3924 } 3925 3926 #ifdef USE_ELF_CORE_DUMP 3927 bprm->core_dump = &elf_core_dump; 3928 #endif 3929 3930 return 0; 3931 } 3932 3933 #ifdef USE_ELF_CORE_DUMP 3934 /* 3935 * Definitions to generate Intel SVR4-like core files. 3936 * These mostly have the same names as the SVR4 types with "target_elf_" 3937 * tacked on the front to prevent clashes with linux definitions, 3938 * and the typedef forms have been avoided. This is mostly like 3939 * the SVR4 structure, but more Linuxy, with things that Linux does 3940 * not support and which gdb doesn't really use excluded. 3941 * 3942 * Fields we don't dump (their contents is zero) in linux-user qemu 3943 * are marked with XXX. 3944 * 3945 * Core dump code is copied from linux kernel (fs/binfmt_elf.c). 3946 * 3947 * Porting ELF coredump for target is (quite) simple process. First you 3948 * define USE_ELF_CORE_DUMP in target ELF code (where init_thread() for 3949 * the target resides): 3950 * 3951 * #define USE_ELF_CORE_DUMP 3952 * 3953 * Next you define type of register set used for dumping. ELF specification 3954 * says that it needs to be array of elf_greg_t that has size of ELF_NREG. 3955 * 3956 * typedef <target_regtype> target_elf_greg_t; 3957 * #define ELF_NREG <number of registers> 3958 * typedef taret_elf_greg_t target_elf_gregset_t[ELF_NREG]; 3959 * 3960 * Last step is to implement target specific function that copies registers 3961 * from given cpu into just specified register set. Prototype is: 3962 * 3963 * static void elf_core_copy_regs(taret_elf_gregset_t *regs, 3964 * const CPUArchState *env); 3965 * 3966 * Parameters: 3967 * regs - copy register values into here (allocated and zeroed by caller) 3968 * env - copy registers from here 3969 * 3970 * Example for ARM target is provided in this file. 3971 */ 3972 3973 /* An ELF note in memory */ 3974 struct memelfnote { 3975 const char *name; 3976 size_t namesz; 3977 size_t namesz_rounded; 3978 int type; 3979 size_t datasz; 3980 size_t datasz_rounded; 3981 void *data; 3982 size_t notesz; 3983 }; 3984 3985 struct target_elf_siginfo { 3986 abi_int si_signo; /* signal number */ 3987 abi_int si_code; /* extra code */ 3988 abi_int si_errno; /* errno */ 3989 }; 3990 3991 struct target_elf_prstatus { 3992 struct target_elf_siginfo pr_info; /* Info associated with signal */ 3993 abi_short pr_cursig; /* Current signal */ 3994 abi_ulong pr_sigpend; /* XXX */ 3995 abi_ulong pr_sighold; /* XXX */ 3996 target_pid_t pr_pid; 3997 target_pid_t pr_ppid; 3998 target_pid_t pr_pgrp; 3999 target_pid_t pr_sid; 4000 struct target_timeval pr_utime; /* XXX User time */ 4001 struct target_timeval pr_stime; /* XXX System time */ 4002 struct target_timeval pr_cutime; /* XXX Cumulative user time */ 4003 struct target_timeval pr_cstime; /* XXX Cumulative system time */ 4004 target_elf_gregset_t pr_reg; /* GP registers */ 4005 abi_int pr_fpvalid; /* XXX */ 4006 }; 4007 4008 #define ELF_PRARGSZ (80) /* Number of chars for args */ 4009 4010 struct target_elf_prpsinfo { 4011 char pr_state; /* numeric process state */ 4012 char pr_sname; /* char for pr_state */ 4013 char pr_zomb; /* zombie */ 4014 char pr_nice; /* nice val */ 4015 abi_ulong pr_flag; /* flags */ 4016 target_uid_t pr_uid; 4017 target_gid_t pr_gid; 4018 target_pid_t pr_pid, pr_ppid, pr_pgrp, pr_sid; 4019 /* Lots missing */ 4020 char pr_fname[16] QEMU_NONSTRING; /* filename of executable */ 4021 char pr_psargs[ELF_PRARGSZ]; /* initial part of arg list */ 4022 }; 4023 4024 /* Here is the structure in which status of each thread is captured. */ 4025 struct elf_thread_status { 4026 QTAILQ_ENTRY(elf_thread_status) ets_link; 4027 struct target_elf_prstatus prstatus; /* NT_PRSTATUS */ 4028 #if 0 4029 elf_fpregset_t fpu; /* NT_PRFPREG */ 4030 struct task_struct *thread; 4031 elf_fpxregset_t xfpu; /* ELF_CORE_XFPREG_TYPE */ 4032 #endif 4033 struct memelfnote notes[1]; 4034 int num_notes; 4035 }; 4036 4037 struct elf_note_info { 4038 struct memelfnote *notes; 4039 struct target_elf_prstatus *prstatus; /* NT_PRSTATUS */ 4040 struct target_elf_prpsinfo *psinfo; /* NT_PRPSINFO */ 4041 4042 QTAILQ_HEAD(, elf_thread_status) thread_list; 4043 #if 0 4044 /* 4045 * Current version of ELF coredump doesn't support 4046 * dumping fp regs etc. 4047 */ 4048 elf_fpregset_t *fpu; 4049 elf_fpxregset_t *xfpu; 4050 int thread_status_size; 4051 #endif 4052 int notes_size; 4053 int numnote; 4054 }; 4055 4056 struct vm_area_struct { 4057 target_ulong vma_start; /* start vaddr of memory region */ 4058 target_ulong vma_end; /* end vaddr of memory region */ 4059 abi_ulong vma_flags; /* protection etc. flags for the region */ 4060 QTAILQ_ENTRY(vm_area_struct) vma_link; 4061 }; 4062 4063 struct mm_struct { 4064 QTAILQ_HEAD(, vm_area_struct) mm_mmap; 4065 int mm_count; /* number of mappings */ 4066 }; 4067 4068 static struct mm_struct *vma_init(void); 4069 static void vma_delete(struct mm_struct *); 4070 static int vma_add_mapping(struct mm_struct *, target_ulong, 4071 target_ulong, abi_ulong); 4072 static int vma_get_mapping_count(const struct mm_struct *); 4073 static struct vm_area_struct *vma_first(const struct mm_struct *); 4074 static struct vm_area_struct *vma_next(struct vm_area_struct *); 4075 static abi_ulong vma_dump_size(const struct vm_area_struct *); 4076 static int vma_walker(void *priv, target_ulong start, target_ulong end, 4077 unsigned long flags); 4078 4079 static void fill_elf_header(struct elfhdr *, int, uint16_t, uint32_t); 4080 static void fill_note(struct memelfnote *, const char *, int, 4081 unsigned int, void *); 4082 static void fill_prstatus(struct target_elf_prstatus *, const TaskState *, int); 4083 static int fill_psinfo(struct target_elf_prpsinfo *, const TaskState *); 4084 static void fill_auxv_note(struct memelfnote *, const TaskState *); 4085 static void fill_elf_note_phdr(struct elf_phdr *, int, off_t); 4086 static size_t note_size(const struct memelfnote *); 4087 static void free_note_info(struct elf_note_info *); 4088 static int fill_note_info(struct elf_note_info *, long, const CPUArchState *); 4089 static void fill_thread_info(struct elf_note_info *, const CPUArchState *); 4090 4091 static int dump_write(int, const void *, size_t); 4092 static int write_note(struct memelfnote *, int); 4093 static int write_note_info(struct elf_note_info *, int); 4094 4095 #ifdef BSWAP_NEEDED 4096 static void bswap_prstatus(struct target_elf_prstatus *prstatus) 4097 { 4098 prstatus->pr_info.si_signo = tswap32(prstatus->pr_info.si_signo); 4099 prstatus->pr_info.si_code = tswap32(prstatus->pr_info.si_code); 4100 prstatus->pr_info.si_errno = tswap32(prstatus->pr_info.si_errno); 4101 prstatus->pr_cursig = tswap16(prstatus->pr_cursig); 4102 prstatus->pr_sigpend = tswapal(prstatus->pr_sigpend); 4103 prstatus->pr_sighold = tswapal(prstatus->pr_sighold); 4104 prstatus->pr_pid = tswap32(prstatus->pr_pid); 4105 prstatus->pr_ppid = tswap32(prstatus->pr_ppid); 4106 prstatus->pr_pgrp = tswap32(prstatus->pr_pgrp); 4107 prstatus->pr_sid = tswap32(prstatus->pr_sid); 4108 /* cpu times are not filled, so we skip them */ 4109 /* regs should be in correct format already */ 4110 prstatus->pr_fpvalid = tswap32(prstatus->pr_fpvalid); 4111 } 4112 4113 static void bswap_psinfo(struct target_elf_prpsinfo *psinfo) 4114 { 4115 psinfo->pr_flag = tswapal(psinfo->pr_flag); 4116 psinfo->pr_uid = tswap16(psinfo->pr_uid); 4117 psinfo->pr_gid = tswap16(psinfo->pr_gid); 4118 psinfo->pr_pid = tswap32(psinfo->pr_pid); 4119 psinfo->pr_ppid = tswap32(psinfo->pr_ppid); 4120 psinfo->pr_pgrp = tswap32(psinfo->pr_pgrp); 4121 psinfo->pr_sid = tswap32(psinfo->pr_sid); 4122 } 4123 4124 static void bswap_note(struct elf_note *en) 4125 { 4126 bswap32s(&en->n_namesz); 4127 bswap32s(&en->n_descsz); 4128 bswap32s(&en->n_type); 4129 } 4130 #else 4131 static inline void bswap_prstatus(struct target_elf_prstatus *p) { } 4132 static inline void bswap_psinfo(struct target_elf_prpsinfo *p) {} 4133 static inline void bswap_note(struct elf_note *en) { } 4134 #endif /* BSWAP_NEEDED */ 4135 4136 /* 4137 * Minimal support for linux memory regions. These are needed 4138 * when we are finding out what memory exactly belongs to 4139 * emulated process. No locks needed here, as long as 4140 * thread that received the signal is stopped. 4141 */ 4142 4143 static struct mm_struct *vma_init(void) 4144 { 4145 struct mm_struct *mm; 4146 4147 if ((mm = g_malloc(sizeof (*mm))) == NULL) 4148 return (NULL); 4149 4150 mm->mm_count = 0; 4151 QTAILQ_INIT(&mm->mm_mmap); 4152 4153 return (mm); 4154 } 4155 4156 static void vma_delete(struct mm_struct *mm) 4157 { 4158 struct vm_area_struct *vma; 4159 4160 while ((vma = vma_first(mm)) != NULL) { 4161 QTAILQ_REMOVE(&mm->mm_mmap, vma, vma_link); 4162 g_free(vma); 4163 } 4164 g_free(mm); 4165 } 4166 4167 static int vma_add_mapping(struct mm_struct *mm, target_ulong start, 4168 target_ulong end, abi_ulong flags) 4169 { 4170 struct vm_area_struct *vma; 4171 4172 if ((vma = g_malloc0(sizeof (*vma))) == NULL) 4173 return (-1); 4174 4175 vma->vma_start = start; 4176 vma->vma_end = end; 4177 vma->vma_flags = flags; 4178 4179 QTAILQ_INSERT_TAIL(&mm->mm_mmap, vma, vma_link); 4180 mm->mm_count++; 4181 4182 return (0); 4183 } 4184 4185 static struct vm_area_struct *vma_first(const struct mm_struct *mm) 4186 { 4187 return (QTAILQ_FIRST(&mm->mm_mmap)); 4188 } 4189 4190 static struct vm_area_struct *vma_next(struct vm_area_struct *vma) 4191 { 4192 return (QTAILQ_NEXT(vma, vma_link)); 4193 } 4194 4195 static int vma_get_mapping_count(const struct mm_struct *mm) 4196 { 4197 return (mm->mm_count); 4198 } 4199 4200 /* 4201 * Calculate file (dump) size of given memory region. 4202 */ 4203 static abi_ulong vma_dump_size(const struct vm_area_struct *vma) 4204 { 4205 /* if we cannot even read the first page, skip it */ 4206 if (!access_ok_untagged(VERIFY_READ, vma->vma_start, TARGET_PAGE_SIZE)) 4207 return (0); 4208 4209 /* 4210 * Usually we don't dump executable pages as they contain 4211 * non-writable code that debugger can read directly from 4212 * target library etc. However, thread stacks are marked 4213 * also executable so we read in first page of given region 4214 * and check whether it contains elf header. If there is 4215 * no elf header, we dump it. 4216 */ 4217 if (vma->vma_flags & PROT_EXEC) { 4218 char page[TARGET_PAGE_SIZE]; 4219 4220 if (copy_from_user(page, vma->vma_start, sizeof (page))) { 4221 return 0; 4222 } 4223 if ((page[EI_MAG0] == ELFMAG0) && 4224 (page[EI_MAG1] == ELFMAG1) && 4225 (page[EI_MAG2] == ELFMAG2) && 4226 (page[EI_MAG3] == ELFMAG3)) { 4227 /* 4228 * Mappings are possibly from ELF binary. Don't dump 4229 * them. 4230 */ 4231 return (0); 4232 } 4233 } 4234 4235 return (vma->vma_end - vma->vma_start); 4236 } 4237 4238 static int vma_walker(void *priv, target_ulong start, target_ulong end, 4239 unsigned long flags) 4240 { 4241 struct mm_struct *mm = (struct mm_struct *)priv; 4242 4243 vma_add_mapping(mm, start, end, flags); 4244 return (0); 4245 } 4246 4247 static void fill_note(struct memelfnote *note, const char *name, int type, 4248 unsigned int sz, void *data) 4249 { 4250 unsigned int namesz; 4251 4252 namesz = strlen(name) + 1; 4253 note->name = name; 4254 note->namesz = namesz; 4255 note->namesz_rounded = roundup(namesz, sizeof (int32_t)); 4256 note->type = type; 4257 note->datasz = sz; 4258 note->datasz_rounded = roundup(sz, sizeof (int32_t)); 4259 4260 note->data = data; 4261 4262 /* 4263 * We calculate rounded up note size here as specified by 4264 * ELF document. 4265 */ 4266 note->notesz = sizeof (struct elf_note) + 4267 note->namesz_rounded + note->datasz_rounded; 4268 } 4269 4270 static void fill_elf_header(struct elfhdr *elf, int segs, uint16_t machine, 4271 uint32_t flags) 4272 { 4273 (void) memset(elf, 0, sizeof(*elf)); 4274 4275 (void) memcpy(elf->e_ident, ELFMAG, SELFMAG); 4276 elf->e_ident[EI_CLASS] = ELF_CLASS; 4277 elf->e_ident[EI_DATA] = ELF_DATA; 4278 elf->e_ident[EI_VERSION] = EV_CURRENT; 4279 elf->e_ident[EI_OSABI] = ELF_OSABI; 4280 4281 elf->e_type = ET_CORE; 4282 elf->e_machine = machine; 4283 elf->e_version = EV_CURRENT; 4284 elf->e_phoff = sizeof(struct elfhdr); 4285 elf->e_flags = flags; 4286 elf->e_ehsize = sizeof(struct elfhdr); 4287 elf->e_phentsize = sizeof(struct elf_phdr); 4288 elf->e_phnum = segs; 4289 4290 bswap_ehdr(elf); 4291 } 4292 4293 static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, off_t offset) 4294 { 4295 phdr->p_type = PT_NOTE; 4296 phdr->p_offset = offset; 4297 phdr->p_vaddr = 0; 4298 phdr->p_paddr = 0; 4299 phdr->p_filesz = sz; 4300 phdr->p_memsz = 0; 4301 phdr->p_flags = 0; 4302 phdr->p_align = 0; 4303 4304 bswap_phdr(phdr, 1); 4305 } 4306 4307 static size_t note_size(const struct memelfnote *note) 4308 { 4309 return (note->notesz); 4310 } 4311 4312 static void fill_prstatus(struct target_elf_prstatus *prstatus, 4313 const TaskState *ts, int signr) 4314 { 4315 (void) memset(prstatus, 0, sizeof (*prstatus)); 4316 prstatus->pr_info.si_signo = prstatus->pr_cursig = signr; 4317 prstatus->pr_pid = ts->ts_tid; 4318 prstatus->pr_ppid = getppid(); 4319 prstatus->pr_pgrp = getpgrp(); 4320 prstatus->pr_sid = getsid(0); 4321 4322 bswap_prstatus(prstatus); 4323 } 4324 4325 static int fill_psinfo(struct target_elf_prpsinfo *psinfo, const TaskState *ts) 4326 { 4327 char *base_filename; 4328 unsigned int i, len; 4329 4330 (void) memset(psinfo, 0, sizeof (*psinfo)); 4331 4332 len = ts->info->env_strings - ts->info->arg_strings; 4333 if (len >= ELF_PRARGSZ) 4334 len = ELF_PRARGSZ - 1; 4335 if (copy_from_user(&psinfo->pr_psargs, ts->info->arg_strings, len)) { 4336 return -EFAULT; 4337 } 4338 for (i = 0; i < len; i++) 4339 if (psinfo->pr_psargs[i] == 0) 4340 psinfo->pr_psargs[i] = ' '; 4341 psinfo->pr_psargs[len] = 0; 4342 4343 psinfo->pr_pid = getpid(); 4344 psinfo->pr_ppid = getppid(); 4345 psinfo->pr_pgrp = getpgrp(); 4346 psinfo->pr_sid = getsid(0); 4347 psinfo->pr_uid = getuid(); 4348 psinfo->pr_gid = getgid(); 4349 4350 base_filename = g_path_get_basename(ts->bprm->filename); 4351 /* 4352 * Using strncpy here is fine: at max-length, 4353 * this field is not NUL-terminated. 4354 */ 4355 (void) strncpy(psinfo->pr_fname, base_filename, 4356 sizeof(psinfo->pr_fname)); 4357 4358 g_free(base_filename); 4359 bswap_psinfo(psinfo); 4360 return (0); 4361 } 4362 4363 static void fill_auxv_note(struct memelfnote *note, const TaskState *ts) 4364 { 4365 elf_addr_t auxv = (elf_addr_t)ts->info->saved_auxv; 4366 elf_addr_t orig_auxv = auxv; 4367 void *ptr; 4368 int len = ts->info->auxv_len; 4369 4370 /* 4371 * Auxiliary vector is stored in target process stack. It contains 4372 * {type, value} pairs that we need to dump into note. This is not 4373 * strictly necessary but we do it here for sake of completeness. 4374 */ 4375 4376 /* read in whole auxv vector and copy it to memelfnote */ 4377 ptr = lock_user(VERIFY_READ, orig_auxv, len, 0); 4378 if (ptr != NULL) { 4379 fill_note(note, "CORE", NT_AUXV, len, ptr); 4380 unlock_user(ptr, auxv, len); 4381 } 4382 } 4383 4384 /* 4385 * Constructs name of coredump file. We have following convention 4386 * for the name: 4387 * qemu_<basename-of-target-binary>_<date>-<time>_<pid>.core 4388 * 4389 * Returns the filename 4390 */ 4391 static char *core_dump_filename(const TaskState *ts) 4392 { 4393 g_autoptr(GDateTime) now = g_date_time_new_now_local(); 4394 g_autofree char *nowstr = g_date_time_format(now, "%Y%m%d-%H%M%S"); 4395 g_autofree char *base_filename = g_path_get_basename(ts->bprm->filename); 4396 4397 return g_strdup_printf("qemu_%s_%s_%d.core", 4398 base_filename, nowstr, (int)getpid()); 4399 } 4400 4401 static int dump_write(int fd, const void *ptr, size_t size) 4402 { 4403 const char *bufp = (const char *)ptr; 4404 ssize_t bytes_written, bytes_left; 4405 struct rlimit dumpsize; 4406 off_t pos; 4407 4408 bytes_written = 0; 4409 getrlimit(RLIMIT_CORE, &dumpsize); 4410 if ((pos = lseek(fd, 0, SEEK_CUR))==-1) { 4411 if (errno == ESPIPE) { /* not a seekable stream */ 4412 bytes_left = size; 4413 } else { 4414 return pos; 4415 } 4416 } else { 4417 if (dumpsize.rlim_cur <= pos) { 4418 return -1; 4419 } else if (dumpsize.rlim_cur == RLIM_INFINITY) { 4420 bytes_left = size; 4421 } else { 4422 size_t limit_left=dumpsize.rlim_cur - pos; 4423 bytes_left = limit_left >= size ? size : limit_left ; 4424 } 4425 } 4426 4427 /* 4428 * In normal conditions, single write(2) should do but 4429 * in case of socket etc. this mechanism is more portable. 4430 */ 4431 do { 4432 bytes_written = write(fd, bufp, bytes_left); 4433 if (bytes_written < 0) { 4434 if (errno == EINTR) 4435 continue; 4436 return (-1); 4437 } else if (bytes_written == 0) { /* eof */ 4438 return (-1); 4439 } 4440 bufp += bytes_written; 4441 bytes_left -= bytes_written; 4442 } while (bytes_left > 0); 4443 4444 return (0); 4445 } 4446 4447 static int write_note(struct memelfnote *men, int fd) 4448 { 4449 struct elf_note en; 4450 4451 en.n_namesz = men->namesz; 4452 en.n_type = men->type; 4453 en.n_descsz = men->datasz; 4454 4455 bswap_note(&en); 4456 4457 if (dump_write(fd, &en, sizeof(en)) != 0) 4458 return (-1); 4459 if (dump_write(fd, men->name, men->namesz_rounded) != 0) 4460 return (-1); 4461 if (dump_write(fd, men->data, men->datasz_rounded) != 0) 4462 return (-1); 4463 4464 return (0); 4465 } 4466 4467 static void fill_thread_info(struct elf_note_info *info, const CPUArchState *env) 4468 { 4469 CPUState *cpu = env_cpu((CPUArchState *)env); 4470 TaskState *ts = (TaskState *)cpu->opaque; 4471 struct elf_thread_status *ets; 4472 4473 ets = g_malloc0(sizeof (*ets)); 4474 ets->num_notes = 1; /* only prstatus is dumped */ 4475 fill_prstatus(&ets->prstatus, ts, 0); 4476 elf_core_copy_regs(&ets->prstatus.pr_reg, env); 4477 fill_note(&ets->notes[0], "CORE", NT_PRSTATUS, sizeof (ets->prstatus), 4478 &ets->prstatus); 4479 4480 QTAILQ_INSERT_TAIL(&info->thread_list, ets, ets_link); 4481 4482 info->notes_size += note_size(&ets->notes[0]); 4483 } 4484 4485 static void init_note_info(struct elf_note_info *info) 4486 { 4487 /* Initialize the elf_note_info structure so that it is at 4488 * least safe to call free_note_info() on it. Must be 4489 * called before calling fill_note_info(). 4490 */ 4491 memset(info, 0, sizeof (*info)); 4492 QTAILQ_INIT(&info->thread_list); 4493 } 4494 4495 static int fill_note_info(struct elf_note_info *info, 4496 long signr, const CPUArchState *env) 4497 { 4498 #define NUMNOTES 3 4499 CPUState *cpu = env_cpu((CPUArchState *)env); 4500 TaskState *ts = (TaskState *)cpu->opaque; 4501 int i; 4502 4503 info->notes = g_new0(struct memelfnote, NUMNOTES); 4504 if (info->notes == NULL) 4505 return (-ENOMEM); 4506 info->prstatus = g_malloc0(sizeof (*info->prstatus)); 4507 if (info->prstatus == NULL) 4508 return (-ENOMEM); 4509 info->psinfo = g_malloc0(sizeof (*info->psinfo)); 4510 if (info->prstatus == NULL) 4511 return (-ENOMEM); 4512 4513 /* 4514 * First fill in status (and registers) of current thread 4515 * including process info & aux vector. 4516 */ 4517 fill_prstatus(info->prstatus, ts, signr); 4518 elf_core_copy_regs(&info->prstatus->pr_reg, env); 4519 fill_note(&info->notes[0], "CORE", NT_PRSTATUS, 4520 sizeof (*info->prstatus), info->prstatus); 4521 fill_psinfo(info->psinfo, ts); 4522 fill_note(&info->notes[1], "CORE", NT_PRPSINFO, 4523 sizeof (*info->psinfo), info->psinfo); 4524 fill_auxv_note(&info->notes[2], ts); 4525 info->numnote = 3; 4526 4527 info->notes_size = 0; 4528 for (i = 0; i < info->numnote; i++) 4529 info->notes_size += note_size(&info->notes[i]); 4530 4531 /* read and fill status of all threads */ 4532 WITH_QEMU_LOCK_GUARD(&qemu_cpu_list_lock) { 4533 CPU_FOREACH(cpu) { 4534 if (cpu == thread_cpu) { 4535 continue; 4536 } 4537 fill_thread_info(info, cpu_env(cpu)); 4538 } 4539 } 4540 4541 return (0); 4542 } 4543 4544 static void free_note_info(struct elf_note_info *info) 4545 { 4546 struct elf_thread_status *ets; 4547 4548 while (!QTAILQ_EMPTY(&info->thread_list)) { 4549 ets = QTAILQ_FIRST(&info->thread_list); 4550 QTAILQ_REMOVE(&info->thread_list, ets, ets_link); 4551 g_free(ets); 4552 } 4553 4554 g_free(info->prstatus); 4555 g_free(info->psinfo); 4556 g_free(info->notes); 4557 } 4558 4559 static int write_note_info(struct elf_note_info *info, int fd) 4560 { 4561 struct elf_thread_status *ets; 4562 int i, error = 0; 4563 4564 /* write prstatus, psinfo and auxv for current thread */ 4565 for (i = 0; i < info->numnote; i++) 4566 if ((error = write_note(&info->notes[i], fd)) != 0) 4567 return (error); 4568 4569 /* write prstatus for each thread */ 4570 QTAILQ_FOREACH(ets, &info->thread_list, ets_link) { 4571 if ((error = write_note(&ets->notes[0], fd)) != 0) 4572 return (error); 4573 } 4574 4575 return (0); 4576 } 4577 4578 /* 4579 * Write out ELF coredump. 4580 * 4581 * See documentation of ELF object file format in: 4582 * http://www.caldera.com/developers/devspecs/gabi41.pdf 4583 * 4584 * Coredump format in linux is following: 4585 * 4586 * 0 +----------------------+ \ 4587 * | ELF header | ET_CORE | 4588 * +----------------------+ | 4589 * | ELF program headers | |--- headers 4590 * | - NOTE section | | 4591 * | - PT_LOAD sections | | 4592 * +----------------------+ / 4593 * | NOTEs: | 4594 * | - NT_PRSTATUS | 4595 * | - NT_PRSINFO | 4596 * | - NT_AUXV | 4597 * +----------------------+ <-- aligned to target page 4598 * | Process memory dump | 4599 * : : 4600 * . . 4601 * : : 4602 * | | 4603 * +----------------------+ 4604 * 4605 * NT_PRSTATUS -> struct elf_prstatus (per thread) 4606 * NT_PRSINFO -> struct elf_prpsinfo 4607 * NT_AUXV is array of { type, value } pairs (see fill_auxv_note()). 4608 * 4609 * Format follows System V format as close as possible. Current 4610 * version limitations are as follows: 4611 * - no floating point registers are dumped 4612 * 4613 * Function returns 0 in case of success, negative errno otherwise. 4614 * 4615 * TODO: make this work also during runtime: it should be 4616 * possible to force coredump from running process and then 4617 * continue processing. For example qemu could set up SIGUSR2 4618 * handler (provided that target process haven't registered 4619 * handler for that) that does the dump when signal is received. 4620 */ 4621 static int elf_core_dump(int signr, const CPUArchState *env) 4622 { 4623 const CPUState *cpu = env_cpu((CPUArchState *)env); 4624 const TaskState *ts = (const TaskState *)cpu->opaque; 4625 struct vm_area_struct *vma = NULL; 4626 g_autofree char *corefile = NULL; 4627 struct elf_note_info info; 4628 struct elfhdr elf; 4629 struct elf_phdr phdr; 4630 struct rlimit dumpsize; 4631 struct mm_struct *mm = NULL; 4632 off_t offset = 0, data_offset = 0; 4633 int segs = 0; 4634 int fd = -1; 4635 4636 init_note_info(&info); 4637 4638 errno = 0; 4639 getrlimit(RLIMIT_CORE, &dumpsize); 4640 if (dumpsize.rlim_cur == 0) 4641 return 0; 4642 4643 corefile = core_dump_filename(ts); 4644 4645 if ((fd = open(corefile, O_WRONLY | O_CREAT, 4646 S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)) < 0) 4647 return (-errno); 4648 4649 /* 4650 * Walk through target process memory mappings and 4651 * set up structure containing this information. After 4652 * this point vma_xxx functions can be used. 4653 */ 4654 if ((mm = vma_init()) == NULL) 4655 goto out; 4656 4657 walk_memory_regions(mm, vma_walker); 4658 segs = vma_get_mapping_count(mm); 4659 4660 /* 4661 * Construct valid coredump ELF header. We also 4662 * add one more segment for notes. 4663 */ 4664 fill_elf_header(&elf, segs + 1, ELF_MACHINE, 0); 4665 if (dump_write(fd, &elf, sizeof (elf)) != 0) 4666 goto out; 4667 4668 /* fill in the in-memory version of notes */ 4669 if (fill_note_info(&info, signr, env) < 0) 4670 goto out; 4671 4672 offset += sizeof (elf); /* elf header */ 4673 offset += (segs + 1) * sizeof (struct elf_phdr); /* program headers */ 4674 4675 /* write out notes program header */ 4676 fill_elf_note_phdr(&phdr, info.notes_size, offset); 4677 4678 offset += info.notes_size; 4679 if (dump_write(fd, &phdr, sizeof (phdr)) != 0) 4680 goto out; 4681 4682 /* 4683 * ELF specification wants data to start at page boundary so 4684 * we align it here. 4685 */ 4686 data_offset = offset = roundup(offset, ELF_EXEC_PAGESIZE); 4687 4688 /* 4689 * Write program headers for memory regions mapped in 4690 * the target process. 4691 */ 4692 for (vma = vma_first(mm); vma != NULL; vma = vma_next(vma)) { 4693 (void) memset(&phdr, 0, sizeof (phdr)); 4694 4695 phdr.p_type = PT_LOAD; 4696 phdr.p_offset = offset; 4697 phdr.p_vaddr = vma->vma_start; 4698 phdr.p_paddr = 0; 4699 phdr.p_filesz = vma_dump_size(vma); 4700 offset += phdr.p_filesz; 4701 phdr.p_memsz = vma->vma_end - vma->vma_start; 4702 phdr.p_flags = vma->vma_flags & PROT_READ ? PF_R : 0; 4703 if (vma->vma_flags & PROT_WRITE) 4704 phdr.p_flags |= PF_W; 4705 if (vma->vma_flags & PROT_EXEC) 4706 phdr.p_flags |= PF_X; 4707 phdr.p_align = ELF_EXEC_PAGESIZE; 4708 4709 bswap_phdr(&phdr, 1); 4710 if (dump_write(fd, &phdr, sizeof(phdr)) != 0) { 4711 goto out; 4712 } 4713 } 4714 4715 /* 4716 * Next we write notes just after program headers. No 4717 * alignment needed here. 4718 */ 4719 if (write_note_info(&info, fd) < 0) 4720 goto out; 4721 4722 /* align data to page boundary */ 4723 if (lseek(fd, data_offset, SEEK_SET) != data_offset) 4724 goto out; 4725 4726 /* 4727 * Finally we can dump process memory into corefile as well. 4728 */ 4729 for (vma = vma_first(mm); vma != NULL; vma = vma_next(vma)) { 4730 abi_ulong addr; 4731 abi_ulong end; 4732 4733 end = vma->vma_start + vma_dump_size(vma); 4734 4735 for (addr = vma->vma_start; addr < end; 4736 addr += TARGET_PAGE_SIZE) { 4737 char page[TARGET_PAGE_SIZE]; 4738 int error; 4739 4740 /* 4741 * Read in page from target process memory and 4742 * write it to coredump file. 4743 */ 4744 error = copy_from_user(page, addr, sizeof (page)); 4745 if (error != 0) { 4746 (void) fprintf(stderr, "unable to dump " TARGET_ABI_FMT_lx "\n", 4747 addr); 4748 errno = -error; 4749 goto out; 4750 } 4751 if (dump_write(fd, page, TARGET_PAGE_SIZE) < 0) 4752 goto out; 4753 } 4754 } 4755 4756 out: 4757 free_note_info(&info); 4758 if (mm != NULL) 4759 vma_delete(mm); 4760 (void) close(fd); 4761 4762 if (errno != 0) 4763 return (-errno); 4764 return (0); 4765 } 4766 #endif /* USE_ELF_CORE_DUMP */ 4767 4768 void do_init_thread(struct target_pt_regs *regs, struct image_info *infop) 4769 { 4770 init_thread(regs, infop); 4771 } 4772