File:  [Qemu by Fabrice Bellard] / qemu / linux-user / elfload.c
Revision 1.1.1.12 (vendor branch): download - view: text, annotated - select for diffs
Tue Apr 24 18:35:43 2018 UTC (3 years, 3 months ago) by root
Branches: qemu, MAIN
CVS tags: qemu0150, qemu0141, qemu0140, HEAD
qemu 0.14.0

    1: /* This is the Linux kernel elf-loading code, ported into user space */
    2: #include <sys/time.h>
    3: #include <sys/param.h>
    4: 
    5: #include <stdio.h>
    6: #include <sys/types.h>
    7: #include <fcntl.h>
    8: #include <errno.h>
    9: #include <unistd.h>
   10: #include <sys/mman.h>
   11: #include <sys/resource.h>
   12: #include <stdlib.h>
   13: #include <string.h>
   14: #include <time.h>
   15: 
   16: #include "qemu.h"
   17: #include "disas.h"
   18: 
   19: #ifdef _ARCH_PPC64
   20: #undef ARCH_DLINFO
   21: #undef ELF_PLATFORM
   22: #undef ELF_HWCAP
   23: #undef ELF_CLASS
   24: #undef ELF_DATA
   25: #undef ELF_ARCH
   26: #endif
   27: 
   28: #define ELF_OSABI   ELFOSABI_SYSV
   29: 
   30: /* from personality.h */
   31: 
   32: /*
   33:  * Flags for bug emulation.
   34:  *
   35:  * These occupy the top three bytes.
   36:  */
   37: enum {
   38:     ADDR_NO_RANDOMIZE = 0x0040000,      /* disable randomization of VA space */
   39:     FDPIC_FUNCPTRS =    0x0080000,      /* userspace function ptrs point to
   40:                                            descriptors (signal handling) */
   41:     MMAP_PAGE_ZERO =    0x0100000,
   42:     ADDR_COMPAT_LAYOUT = 0x0200000,
   43:     READ_IMPLIES_EXEC = 0x0400000,
   44:     ADDR_LIMIT_32BIT =  0x0800000,
   45:     SHORT_INODE =       0x1000000,
   46:     WHOLE_SECONDS =     0x2000000,
   47:     STICKY_TIMEOUTS =   0x4000000,
   48:     ADDR_LIMIT_3GB =    0x8000000,
   49: };
   50: 
   51: /*
   52:  * Personality types.
   53:  *
   54:  * These go in the low byte.  Avoid using the top bit, it will
   55:  * conflict with error returns.
   56:  */
   57: enum {
   58:     PER_LINUX =         0x0000,
   59:     PER_LINUX_32BIT =   0x0000 | ADDR_LIMIT_32BIT,
   60:     PER_LINUX_FDPIC =   0x0000 | FDPIC_FUNCPTRS,
   61:     PER_SVR4 =          0x0001 | STICKY_TIMEOUTS | MMAP_PAGE_ZERO,
   62:     PER_SVR3 =          0x0002 | STICKY_TIMEOUTS | SHORT_INODE,
   63:     PER_SCOSVR3 =       0x0003 | STICKY_TIMEOUTS | WHOLE_SECONDS | SHORT_INODE,
   64:     PER_OSR5 =          0x0003 | STICKY_TIMEOUTS | WHOLE_SECONDS,
   65:     PER_WYSEV386 =      0x0004 | STICKY_TIMEOUTS | SHORT_INODE,
   66:     PER_ISCR4 =         0x0005 | STICKY_TIMEOUTS,
   67:     PER_BSD =           0x0006,
   68:     PER_SUNOS =         0x0006 | STICKY_TIMEOUTS,
   69:     PER_XENIX =         0x0007 | STICKY_TIMEOUTS | SHORT_INODE,
   70:     PER_LINUX32 =       0x0008,
   71:     PER_LINUX32_3GB =   0x0008 | ADDR_LIMIT_3GB,
   72:     PER_IRIX32 =        0x0009 | STICKY_TIMEOUTS,/* IRIX5 32-bit */
   73:     PER_IRIXN32 =       0x000a | STICKY_TIMEOUTS,/* IRIX6 new 32-bit */
   74:     PER_IRIX64 =        0x000b | STICKY_TIMEOUTS,/* IRIX6 64-bit */
   75:     PER_RISCOS =        0x000c,
   76:     PER_SOLARIS =       0x000d | STICKY_TIMEOUTS,
   77:     PER_UW7 =           0x000e | STICKY_TIMEOUTS | MMAP_PAGE_ZERO,
   78:     PER_OSF4 =          0x000f,                  /* OSF/1 v4 */
   79:     PER_HPUX =          0x0010,
   80:     PER_MASK =          0x00ff,
   81: };
   82: 
   83: /*
   84:  * Return the base personality without flags.
   85:  */
   86: #define personality(pers)       (pers & PER_MASK)
   87: 
   88: /* this flag is uneffective under linux too, should be deleted */
   89: #ifndef MAP_DENYWRITE
   90: #define MAP_DENYWRITE 0
   91: #endif
   92: 
   93: /* should probably go in elf.h */
   94: #ifndef ELIBBAD
   95: #define ELIBBAD 80
   96: #endif
   97: 
   98: #ifdef TARGET_WORDS_BIGENDIAN
   99: #define ELF_DATA        ELFDATA2MSB
  100: #else
  101: #define ELF_DATA        ELFDATA2LSB
  102: #endif
  103: 
  104: typedef target_ulong    target_elf_greg_t;
  105: #ifdef USE_UID16
  106: typedef uint16_t        target_uid_t;
  107: typedef uint16_t        target_gid_t;
  108: #else
  109: typedef uint32_t        target_uid_t;
  110: typedef uint32_t        target_gid_t;
  111: #endif
  112: typedef int32_t         target_pid_t;
  113: 
  114: #ifdef TARGET_I386
  115: 
  116: #define ELF_PLATFORM get_elf_platform()
  117: 
  118: static const char *get_elf_platform(void)
  119: {
  120:     static char elf_platform[] = "i386";
  121:     int family = (thread_env->cpuid_version >> 8) & 0xff;
  122:     if (family > 6)
  123:         family = 6;
  124:     if (family >= 3)
  125:         elf_platform[1] = '0' + family;
  126:     return elf_platform;
  127: }
  128: 
  129: #define ELF_HWCAP get_elf_hwcap()
  130: 
  131: static uint32_t get_elf_hwcap(void)
  132: {
  133:     return thread_env->cpuid_features;
  134: }
  135: 
  136: #ifdef TARGET_X86_64
  137: #define ELF_START_MMAP 0x2aaaaab000ULL
  138: #define elf_check_arch(x) ( ((x) == ELF_ARCH) )
  139: 
  140: #define ELF_CLASS      ELFCLASS64
  141: #define ELF_ARCH       EM_X86_64
  142: 
  143: static inline void init_thread(struct target_pt_regs *regs, struct image_info *infop)
  144: {
  145:     regs->rax = 0;
  146:     regs->rsp = infop->start_stack;
  147:     regs->rip = infop->entry;
  148: }
  149: 
  150: #define ELF_NREG    27
  151: typedef target_elf_greg_t  target_elf_gregset_t[ELF_NREG];
  152: 
  153: /*
  154:  * Note that ELF_NREG should be 29 as there should be place for
  155:  * TRAPNO and ERR "registers" as well but linux doesn't dump
  156:  * those.
  157:  *
  158:  * See linux kernel: arch/x86/include/asm/elf.h
  159:  */
  160: static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env)
  161: {
  162:     (*regs)[0] = env->regs[15];
  163:     (*regs)[1] = env->regs[14];
  164:     (*regs)[2] = env->regs[13];
  165:     (*regs)[3] = env->regs[12];
  166:     (*regs)[4] = env->regs[R_EBP];
  167:     (*regs)[5] = env->regs[R_EBX];
  168:     (*regs)[6] = env->regs[11];
  169:     (*regs)[7] = env->regs[10];
  170:     (*regs)[8] = env->regs[9];
  171:     (*regs)[9] = env->regs[8];
  172:     (*regs)[10] = env->regs[R_EAX];
  173:     (*regs)[11] = env->regs[R_ECX];
  174:     (*regs)[12] = env->regs[R_EDX];
  175:     (*regs)[13] = env->regs[R_ESI];
  176:     (*regs)[14] = env->regs[R_EDI];
  177:     (*regs)[15] = env->regs[R_EAX]; /* XXX */
  178:     (*regs)[16] = env->eip;
  179:     (*regs)[17] = env->segs[R_CS].selector & 0xffff;
  180:     (*regs)[18] = env->eflags;
  181:     (*regs)[19] = env->regs[R_ESP];
  182:     (*regs)[20] = env->segs[R_SS].selector & 0xffff;
  183:     (*regs)[21] = env->segs[R_FS].selector & 0xffff;
  184:     (*regs)[22] = env->segs[R_GS].selector & 0xffff;
  185:     (*regs)[23] = env->segs[R_DS].selector & 0xffff;
  186:     (*regs)[24] = env->segs[R_ES].selector & 0xffff;
  187:     (*regs)[25] = env->segs[R_FS].selector & 0xffff;
  188:     (*regs)[26] = env->segs[R_GS].selector & 0xffff;
  189: }
  190: 
  191: #else
  192: 
  193: #define ELF_START_MMAP 0x80000000
  194: 
  195: /*
  196:  * This is used to ensure we don't load something for the wrong architecture.
  197:  */
  198: #define elf_check_arch(x) ( ((x) == EM_386) || ((x) == EM_486) )
  199: 
  200: /*
  201:  * These are used to set parameters in the core dumps.
  202:  */
  203: #define ELF_CLASS       ELFCLASS32
  204: #define ELF_ARCH        EM_386
  205: 
  206: static inline void init_thread(struct target_pt_regs *regs,
  207:                                struct image_info *infop)
  208: {
  209:     regs->esp = infop->start_stack;
  210:     regs->eip = infop->entry;
  211: 
  212:     /* SVR4/i386 ABI (pages 3-31, 3-32) says that when the program
  213:        starts %edx contains a pointer to a function which might be
  214:        registered using `atexit'.  This provides a mean for the
  215:        dynamic linker to call DT_FINI functions for shared libraries
  216:        that have been loaded before the code runs.
  217: 
  218:        A value of 0 tells we have no such handler.  */
  219:     regs->edx = 0;
  220: }
  221: 
  222: #define ELF_NREG    17
  223: typedef target_elf_greg_t  target_elf_gregset_t[ELF_NREG];
  224: 
  225: /*
  226:  * Note that ELF_NREG should be 19 as there should be place for
  227:  * TRAPNO and ERR "registers" as well but linux doesn't dump
  228:  * those.
  229:  *
  230:  * See linux kernel: arch/x86/include/asm/elf.h
  231:  */
  232: static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env)
  233: {
  234:     (*regs)[0] = env->regs[R_EBX];
  235:     (*regs)[1] = env->regs[R_ECX];
  236:     (*regs)[2] = env->regs[R_EDX];
  237:     (*regs)[3] = env->regs[R_ESI];
  238:     (*regs)[4] = env->regs[R_EDI];
  239:     (*regs)[5] = env->regs[R_EBP];
  240:     (*regs)[6] = env->regs[R_EAX];
  241:     (*regs)[7] = env->segs[R_DS].selector & 0xffff;
  242:     (*regs)[8] = env->segs[R_ES].selector & 0xffff;
  243:     (*regs)[9] = env->segs[R_FS].selector & 0xffff;
  244:     (*regs)[10] = env->segs[R_GS].selector & 0xffff;
  245:     (*regs)[11] = env->regs[R_EAX]; /* XXX */
  246:     (*regs)[12] = env->eip;
  247:     (*regs)[13] = env->segs[R_CS].selector & 0xffff;
  248:     (*regs)[14] = env->eflags;
  249:     (*regs)[15] = env->regs[R_ESP];
  250:     (*regs)[16] = env->segs[R_SS].selector & 0xffff;
  251: }
  252: #endif
  253: 
  254: #define USE_ELF_CORE_DUMP
  255: #define ELF_EXEC_PAGESIZE       4096
  256: 
  257: #endif
  258: 
  259: #ifdef TARGET_ARM
  260: 
  261: #define ELF_START_MMAP 0x80000000
  262: 
  263: #define elf_check_arch(x) ( (x) == EM_ARM )
  264: 
  265: #define ELF_CLASS       ELFCLASS32
  266: #define ELF_ARCH        EM_ARM
  267: 
  268: static inline void init_thread(struct target_pt_regs *regs,
  269:                                struct image_info *infop)
  270: {
  271:     abi_long stack = infop->start_stack;
  272:     memset(regs, 0, sizeof(*regs));
  273:     regs->ARM_cpsr = 0x10;
  274:     if (infop->entry & 1)
  275:         regs->ARM_cpsr |= CPSR_T;
  276:     regs->ARM_pc = infop->entry & 0xfffffffe;
  277:     regs->ARM_sp = infop->start_stack;
  278:     /* FIXME - what to for failure of get_user()? */
  279:     get_user_ual(regs->ARM_r2, stack + 8); /* envp */
  280:     get_user_ual(regs->ARM_r1, stack + 4); /* envp */
  281:     /* XXX: it seems that r0 is zeroed after ! */
  282:     regs->ARM_r0 = 0;
  283:     /* For uClinux PIC binaries.  */
  284:     /* XXX: Linux does this only on ARM with no MMU (do we care ?) */
  285:     regs->ARM_r10 = infop->start_data;
  286: }
  287: 
  288: #define ELF_NREG    18
  289: typedef target_elf_greg_t  target_elf_gregset_t[ELF_NREG];
  290: 
  291: static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env)
  292: {
  293:     (*regs)[0] = tswapl(env->regs[0]);
  294:     (*regs)[1] = tswapl(env->regs[1]);
  295:     (*regs)[2] = tswapl(env->regs[2]);
  296:     (*regs)[3] = tswapl(env->regs[3]);
  297:     (*regs)[4] = tswapl(env->regs[4]);
  298:     (*regs)[5] = tswapl(env->regs[5]);
  299:     (*regs)[6] = tswapl(env->regs[6]);
  300:     (*regs)[7] = tswapl(env->regs[7]);
  301:     (*regs)[8] = tswapl(env->regs[8]);
  302:     (*regs)[9] = tswapl(env->regs[9]);
  303:     (*regs)[10] = tswapl(env->regs[10]);
  304:     (*regs)[11] = tswapl(env->regs[11]);
  305:     (*regs)[12] = tswapl(env->regs[12]);
  306:     (*regs)[13] = tswapl(env->regs[13]);
  307:     (*regs)[14] = tswapl(env->regs[14]);
  308:     (*regs)[15] = tswapl(env->regs[15]);
  309: 
  310:     (*regs)[16] = tswapl(cpsr_read((CPUState *)env));
  311:     (*regs)[17] = tswapl(env->regs[0]); /* XXX */
  312: }
  313: 
  314: #define USE_ELF_CORE_DUMP
  315: #define ELF_EXEC_PAGESIZE       4096
  316: 
  317: enum
  318: {
  319:     ARM_HWCAP_ARM_SWP       = 1 << 0,
  320:     ARM_HWCAP_ARM_HALF      = 1 << 1,
  321:     ARM_HWCAP_ARM_THUMB     = 1 << 2,
  322:     ARM_HWCAP_ARM_26BIT     = 1 << 3,
  323:     ARM_HWCAP_ARM_FAST_MULT = 1 << 4,
  324:     ARM_HWCAP_ARM_FPA       = 1 << 5,
  325:     ARM_HWCAP_ARM_VFP       = 1 << 6,
  326:     ARM_HWCAP_ARM_EDSP      = 1 << 7,
  327:     ARM_HWCAP_ARM_JAVA      = 1 << 8,
  328:     ARM_HWCAP_ARM_IWMMXT    = 1 << 9,
  329:     ARM_HWCAP_ARM_THUMBEE   = 1 << 10,
  330:     ARM_HWCAP_ARM_NEON      = 1 << 11,
  331:     ARM_HWCAP_ARM_VFPv3     = 1 << 12,
  332:     ARM_HWCAP_ARM_VFPv3D16  = 1 << 13,
  333: };
  334: 
  335: #define ELF_HWCAP (ARM_HWCAP_ARM_SWP | ARM_HWCAP_ARM_HALF               \
  336:                    | ARM_HWCAP_ARM_THUMB | ARM_HWCAP_ARM_FAST_MULT      \
  337:                    | ARM_HWCAP_ARM_FPA | ARM_HWCAP_ARM_VFP              \
  338:                    | ARM_HWCAP_ARM_NEON | ARM_HWCAP_ARM_VFPv3 )
  339: 
  340: #endif
  341: 
  342: #ifdef TARGET_SPARC
  343: #ifdef TARGET_SPARC64
  344: 
  345: #define ELF_START_MMAP 0x80000000
  346: 
  347: #ifndef TARGET_ABI32
  348: #define elf_check_arch(x) ( (x) == EM_SPARCV9 || (x) == EM_SPARC32PLUS )
  349: #else
  350: #define elf_check_arch(x) ( (x) == EM_SPARC32PLUS || (x) == EM_SPARC )
  351: #endif
  352: 
  353: #define ELF_CLASS   ELFCLASS64
  354: #define ELF_ARCH    EM_SPARCV9
  355: 
  356: #define STACK_BIAS              2047
  357: 
  358: static inline void init_thread(struct target_pt_regs *regs,
  359:                                struct image_info *infop)
  360: {
  361: #ifndef TARGET_ABI32
  362:     regs->tstate = 0;
  363: #endif
  364:     regs->pc = infop->entry;
  365:     regs->npc = regs->pc + 4;
  366:     regs->y = 0;
  367: #ifdef TARGET_ABI32
  368:     regs->u_regs[14] = infop->start_stack - 16 * 4;
  369: #else
  370:     if (personality(infop->personality) == PER_LINUX32)
  371:         regs->u_regs[14] = infop->start_stack - 16 * 4;
  372:     else
  373:         regs->u_regs[14] = infop->start_stack - 16 * 8 - STACK_BIAS;
  374: #endif
  375: }
  376: 
  377: #else
  378: #define ELF_START_MMAP 0x80000000
  379: 
  380: #define elf_check_arch(x) ( (x) == EM_SPARC )
  381: 
  382: #define ELF_CLASS   ELFCLASS32
  383: #define ELF_ARCH    EM_SPARC
  384: 
  385: static inline void init_thread(struct target_pt_regs *regs,
  386:                                struct image_info *infop)
  387: {
  388:     regs->psr = 0;
  389:     regs->pc = infop->entry;
  390:     regs->npc = regs->pc + 4;
  391:     regs->y = 0;
  392:     regs->u_regs[14] = infop->start_stack - 16 * 4;
  393: }
  394: 
  395: #endif
  396: #endif
  397: 
  398: #ifdef TARGET_PPC
  399: 
  400: #define ELF_START_MMAP 0x80000000
  401: 
  402: #if defined(TARGET_PPC64) && !defined(TARGET_ABI32)
  403: 
  404: #define elf_check_arch(x) ( (x) == EM_PPC64 )
  405: 
  406: #define ELF_CLASS       ELFCLASS64
  407: 
  408: #else
  409: 
  410: #define elf_check_arch(x) ( (x) == EM_PPC )
  411: 
  412: #define ELF_CLASS       ELFCLASS32
  413: 
  414: #endif
  415: 
  416: #define ELF_ARCH        EM_PPC
  417: 
  418: /* Feature masks for the Aux Vector Hardware Capabilities (AT_HWCAP).
  419:    See arch/powerpc/include/asm/cputable.h.  */
  420: enum {
  421:     QEMU_PPC_FEATURE_32 = 0x80000000,
  422:     QEMU_PPC_FEATURE_64 = 0x40000000,
  423:     QEMU_PPC_FEATURE_601_INSTR = 0x20000000,
  424:     QEMU_PPC_FEATURE_HAS_ALTIVEC = 0x10000000,
  425:     QEMU_PPC_FEATURE_HAS_FPU = 0x08000000,
  426:     QEMU_PPC_FEATURE_HAS_MMU = 0x04000000,
  427:     QEMU_PPC_FEATURE_HAS_4xxMAC = 0x02000000,
  428:     QEMU_PPC_FEATURE_UNIFIED_CACHE = 0x01000000,
  429:     QEMU_PPC_FEATURE_HAS_SPE = 0x00800000,
  430:     QEMU_PPC_FEATURE_HAS_EFP_SINGLE = 0x00400000,
  431:     QEMU_PPC_FEATURE_HAS_EFP_DOUBLE = 0x00200000,
  432:     QEMU_PPC_FEATURE_NO_TB = 0x00100000,
  433:     QEMU_PPC_FEATURE_POWER4 = 0x00080000,
  434:     QEMU_PPC_FEATURE_POWER5 = 0x00040000,
  435:     QEMU_PPC_FEATURE_POWER5_PLUS = 0x00020000,
  436:     QEMU_PPC_FEATURE_CELL = 0x00010000,
  437:     QEMU_PPC_FEATURE_BOOKE = 0x00008000,
  438:     QEMU_PPC_FEATURE_SMT = 0x00004000,
  439:     QEMU_PPC_FEATURE_ICACHE_SNOOP = 0x00002000,
  440:     QEMU_PPC_FEATURE_ARCH_2_05 = 0x00001000,
  441:     QEMU_PPC_FEATURE_PA6T = 0x00000800,
  442:     QEMU_PPC_FEATURE_HAS_DFP = 0x00000400,
  443:     QEMU_PPC_FEATURE_POWER6_EXT = 0x00000200,
  444:     QEMU_PPC_FEATURE_ARCH_2_06 = 0x00000100,
  445:     QEMU_PPC_FEATURE_HAS_VSX = 0x00000080,
  446:     QEMU_PPC_FEATURE_PSERIES_PERFMON_COMPAT = 0x00000040,
  447: 
  448:     QEMU_PPC_FEATURE_TRUE_LE = 0x00000002,
  449:     QEMU_PPC_FEATURE_PPC_LE = 0x00000001,
  450: };
  451: 
  452: #define ELF_HWCAP get_elf_hwcap()
  453: 
  454: static uint32_t get_elf_hwcap(void)
  455: {
  456:     CPUState *e = thread_env;
  457:     uint32_t features = 0;
  458: 
  459:     /* We don't have to be terribly complete here; the high points are
  460:        Altivec/FP/SPE support.  Anything else is just a bonus.  */
  461: #define GET_FEATURE(flag, feature)                                      \
  462:     do {if (e->insns_flags & flag) features |= feature; } while(0)
  463:     GET_FEATURE(PPC_64B, QEMU_PPC_FEATURE_64);
  464:     GET_FEATURE(PPC_FLOAT, QEMU_PPC_FEATURE_HAS_FPU);
  465:     GET_FEATURE(PPC_ALTIVEC, QEMU_PPC_FEATURE_HAS_ALTIVEC);
  466:     GET_FEATURE(PPC_SPE, QEMU_PPC_FEATURE_HAS_SPE);
  467:     GET_FEATURE(PPC_SPE_SINGLE, QEMU_PPC_FEATURE_HAS_EFP_SINGLE);
  468:     GET_FEATURE(PPC_SPE_DOUBLE, QEMU_PPC_FEATURE_HAS_EFP_DOUBLE);
  469:     GET_FEATURE(PPC_BOOKE, QEMU_PPC_FEATURE_BOOKE);
  470:     GET_FEATURE(PPC_405_MAC, QEMU_PPC_FEATURE_HAS_4xxMAC);
  471: #undef GET_FEATURE
  472: 
  473:     return features;
  474: }
  475: 
  476: /*
  477:  * The requirements here are:
  478:  * - keep the final alignment of sp (sp & 0xf)
  479:  * - make sure the 32-bit value at the first 16 byte aligned position of
  480:  *   AUXV is greater than 16 for glibc compatibility.
  481:  *   AT_IGNOREPPC is used for that.
  482:  * - for compatibility with glibc ARCH_DLINFO must always be defined on PPC,
  483:  *   even if DLINFO_ARCH_ITEMS goes to zero or is undefined.
  484:  */
  485: #define DLINFO_ARCH_ITEMS       5
  486: #define ARCH_DLINFO                                     \
  487:     do {                                                \
  488:         NEW_AUX_ENT(AT_DCACHEBSIZE, 0x20);              \
  489:         NEW_AUX_ENT(AT_ICACHEBSIZE, 0x20);              \
  490:         NEW_AUX_ENT(AT_UCACHEBSIZE, 0);                 \
  491:         /*                                              \
  492:          * Now handle glibc compatibility.              \
  493:          */                                             \
  494:         NEW_AUX_ENT(AT_IGNOREPPC, AT_IGNOREPPC);        \
  495:         NEW_AUX_ENT(AT_IGNOREPPC, AT_IGNOREPPC);        \
  496:     } while (0)
  497: 
  498: static inline void init_thread(struct target_pt_regs *_regs, struct image_info *infop)
  499: {
  500:     _regs->gpr[1] = infop->start_stack;
  501: #if defined(TARGET_PPC64) && !defined(TARGET_ABI32)
  502:     _regs->gpr[2] = ldq_raw(infop->entry + 8) + infop->load_addr;
  503:     infop->entry = ldq_raw(infop->entry) + infop->load_addr;
  504: #endif
  505:     _regs->nip = infop->entry;
  506: }
  507: 
  508: /* See linux kernel: arch/powerpc/include/asm/elf.h.  */
  509: #define ELF_NREG 48
  510: typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
  511: 
  512: static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env)
  513: {
  514:     int i;
  515:     target_ulong ccr = 0;
  516: 
  517:     for (i = 0; i < ARRAY_SIZE(env->gpr); i++) {
  518:         (*regs)[i] = tswapl(env->gpr[i]);
  519:     }
  520: 
  521:     (*regs)[32] = tswapl(env->nip);
  522:     (*regs)[33] = tswapl(env->msr);
  523:     (*regs)[35] = tswapl(env->ctr);
  524:     (*regs)[36] = tswapl(env->lr);
  525:     (*regs)[37] = tswapl(env->xer);
  526: 
  527:     for (i = 0; i < ARRAY_SIZE(env->crf); i++) {
  528:         ccr |= env->crf[i] << (32 - ((i + 1) * 4));
  529:     }
  530:     (*regs)[38] = tswapl(ccr);
  531: }
  532: 
  533: #define USE_ELF_CORE_DUMP
  534: #define ELF_EXEC_PAGESIZE       4096
  535: 
  536: #endif
  537: 
  538: #ifdef TARGET_MIPS
  539: 
  540: #define ELF_START_MMAP 0x80000000
  541: 
  542: #define elf_check_arch(x) ( (x) == EM_MIPS )
  543: 
  544: #ifdef TARGET_MIPS64
  545: #define ELF_CLASS   ELFCLASS64
  546: #else
  547: #define ELF_CLASS   ELFCLASS32
  548: #endif
  549: #define ELF_ARCH    EM_MIPS
  550: 
  551: static inline void init_thread(struct target_pt_regs *regs,
  552:                                struct image_info *infop)
  553: {
  554:     regs->cp0_status = 2 << CP0St_KSU;
  555:     regs->cp0_epc = infop->entry;
  556:     regs->regs[29] = infop->start_stack;
  557: }
  558: 
  559: /* See linux kernel: arch/mips/include/asm/elf.h.  */
  560: #define ELF_NREG 45
  561: typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
  562: 
  563: /* See linux kernel: arch/mips/include/asm/reg.h.  */
  564: enum {
  565: #ifdef TARGET_MIPS64
  566:     TARGET_EF_R0 = 0,
  567: #else
  568:     TARGET_EF_R0 = 6,
  569: #endif
  570:     TARGET_EF_R26 = TARGET_EF_R0 + 26,
  571:     TARGET_EF_R27 = TARGET_EF_R0 + 27,
  572:     TARGET_EF_LO = TARGET_EF_R0 + 32,
  573:     TARGET_EF_HI = TARGET_EF_R0 + 33,
  574:     TARGET_EF_CP0_EPC = TARGET_EF_R0 + 34,
  575:     TARGET_EF_CP0_BADVADDR = TARGET_EF_R0 + 35,
  576:     TARGET_EF_CP0_STATUS = TARGET_EF_R0 + 36,
  577:     TARGET_EF_CP0_CAUSE = TARGET_EF_R0 + 37
  578: };
  579: 
  580: /* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs.  */
  581: static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env)
  582: {
  583:     int i;
  584: 
  585:     for (i = 0; i < TARGET_EF_R0; i++) {
  586:         (*regs)[i] = 0;
  587:     }
  588:     (*regs)[TARGET_EF_R0] = 0;
  589: 
  590:     for (i = 1; i < ARRAY_SIZE(env->active_tc.gpr); i++) {
  591:         (*regs)[TARGET_EF_R0 + i] = tswapl(env->active_tc.gpr[i]);
  592:     }
  593: 
  594:     (*regs)[TARGET_EF_R26] = 0;
  595:     (*regs)[TARGET_EF_R27] = 0;
  596:     (*regs)[TARGET_EF_LO] = tswapl(env->active_tc.LO[0]);
  597:     (*regs)[TARGET_EF_HI] = tswapl(env->active_tc.HI[0]);
  598:     (*regs)[TARGET_EF_CP0_EPC] = tswapl(env->active_tc.PC);
  599:     (*regs)[TARGET_EF_CP0_BADVADDR] = tswapl(env->CP0_BadVAddr);
  600:     (*regs)[TARGET_EF_CP0_STATUS] = tswapl(env->CP0_Status);
  601:     (*regs)[TARGET_EF_CP0_CAUSE] = tswapl(env->CP0_Cause);
  602: }
  603: 
  604: #define USE_ELF_CORE_DUMP
  605: #define ELF_EXEC_PAGESIZE        4096
  606: 
  607: #endif /* TARGET_MIPS */
  608: 
  609: #ifdef TARGET_MICROBLAZE
  610: 
  611: #define ELF_START_MMAP 0x80000000
  612: 
  613: #define elf_check_arch(x) ( (x) == EM_MICROBLAZE || (x) == EM_MICROBLAZE_OLD)
  614: 
  615: #define ELF_CLASS   ELFCLASS32
  616: #define ELF_ARCH    EM_MICROBLAZE
  617: 
  618: static inline void init_thread(struct target_pt_regs *regs,
  619:                                struct image_info *infop)
  620: {
  621:     regs->pc = infop->entry;
  622:     regs->r1 = infop->start_stack;
  623: 
  624: }
  625: 
  626: #define ELF_EXEC_PAGESIZE        4096
  627: 
  628: #define USE_ELF_CORE_DUMP
  629: #define ELF_NREG 38
  630: typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
  631: 
  632: /* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs.  */
  633: static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env)
  634: {
  635:     int i, pos = 0;
  636: 
  637:     for (i = 0; i < 32; i++) {
  638:         (*regs)[pos++] = tswapl(env->regs[i]);
  639:     }
  640: 
  641:     for (i = 0; i < 6; i++) {
  642:         (*regs)[pos++] = tswapl(env->sregs[i]);
  643:     }
  644: }
  645: 
  646: #endif /* TARGET_MICROBLAZE */
  647: 
  648: #ifdef TARGET_SH4
  649: 
  650: #define ELF_START_MMAP 0x80000000
  651: 
  652: #define elf_check_arch(x) ( (x) == EM_SH )
  653: 
  654: #define ELF_CLASS ELFCLASS32
  655: #define ELF_ARCH  EM_SH
  656: 
  657: static inline void init_thread(struct target_pt_regs *regs,
  658:                                struct image_info *infop)
  659: {
  660:     /* Check other registers XXXXX */
  661:     regs->pc = infop->entry;
  662:     regs->regs[15] = infop->start_stack;
  663: }
  664: 
  665: /* See linux kernel: arch/sh/include/asm/elf.h.  */
  666: #define ELF_NREG 23
  667: typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
  668: 
  669: /* See linux kernel: arch/sh/include/asm/ptrace.h.  */
  670: enum {
  671:     TARGET_REG_PC = 16,
  672:     TARGET_REG_PR = 17,
  673:     TARGET_REG_SR = 18,
  674:     TARGET_REG_GBR = 19,
  675:     TARGET_REG_MACH = 20,
  676:     TARGET_REG_MACL = 21,
  677:     TARGET_REG_SYSCALL = 22
  678: };
  679: 
  680: static inline void elf_core_copy_regs(target_elf_gregset_t *regs,
  681:                                       const CPUState *env)
  682: {
  683:     int i;
  684: 
  685:     for (i = 0; i < 16; i++) {
  686:         (*regs[i]) = tswapl(env->gregs[i]);
  687:     }
  688: 
  689:     (*regs)[TARGET_REG_PC] = tswapl(env->pc);
  690:     (*regs)[TARGET_REG_PR] = tswapl(env->pr);
  691:     (*regs)[TARGET_REG_SR] = tswapl(env->sr);
  692:     (*regs)[TARGET_REG_GBR] = tswapl(env->gbr);
  693:     (*regs)[TARGET_REG_MACH] = tswapl(env->mach);
  694:     (*regs)[TARGET_REG_MACL] = tswapl(env->macl);
  695:     (*regs)[TARGET_REG_SYSCALL] = 0; /* FIXME */
  696: }
  697: 
  698: #define USE_ELF_CORE_DUMP
  699: #define ELF_EXEC_PAGESIZE        4096
  700: 
  701: #endif
  702: 
  703: #ifdef TARGET_CRIS
  704: 
  705: #define ELF_START_MMAP 0x80000000
  706: 
  707: #define elf_check_arch(x) ( (x) == EM_CRIS )
  708: 
  709: #define ELF_CLASS ELFCLASS32
  710: #define ELF_ARCH  EM_CRIS
  711: 
  712: static inline void init_thread(struct target_pt_regs *regs,
  713:                                struct image_info *infop)
  714: {
  715:     regs->erp = infop->entry;
  716: }
  717: 
  718: #define ELF_EXEC_PAGESIZE        8192
  719: 
  720: #endif
  721: 
  722: #ifdef TARGET_M68K
  723: 
  724: #define ELF_START_MMAP 0x80000000
  725: 
  726: #define elf_check_arch(x) ( (x) == EM_68K )
  727: 
  728: #define ELF_CLASS       ELFCLASS32
  729: #define ELF_ARCH        EM_68K
  730: 
  731: /* ??? Does this need to do anything?
  732:    #define ELF_PLAT_INIT(_r) */
  733: 
  734: static inline void init_thread(struct target_pt_regs *regs,
  735:                                struct image_info *infop)
  736: {
  737:     regs->usp = infop->start_stack;
  738:     regs->sr = 0;
  739:     regs->pc = infop->entry;
  740: }
  741: 
  742: /* See linux kernel: arch/m68k/include/asm/elf.h.  */
  743: #define ELF_NREG 20
  744: typedef target_elf_greg_t target_elf_gregset_t[ELF_NREG];
  745: 
  746: static void elf_core_copy_regs(target_elf_gregset_t *regs, const CPUState *env)
  747: {
  748:     (*regs)[0] = tswapl(env->dregs[1]);
  749:     (*regs)[1] = tswapl(env->dregs[2]);
  750:     (*regs)[2] = tswapl(env->dregs[3]);
  751:     (*regs)[3] = tswapl(env->dregs[4]);
  752:     (*regs)[4] = tswapl(env->dregs[5]);
  753:     (*regs)[5] = tswapl(env->dregs[6]);
  754:     (*regs)[6] = tswapl(env->dregs[7]);
  755:     (*regs)[7] = tswapl(env->aregs[0]);
  756:     (*regs)[8] = tswapl(env->aregs[1]);
  757:     (*regs)[9] = tswapl(env->aregs[2]);
  758:     (*regs)[10] = tswapl(env->aregs[3]);
  759:     (*regs)[11] = tswapl(env->aregs[4]);
  760:     (*regs)[12] = tswapl(env->aregs[5]);
  761:     (*regs)[13] = tswapl(env->aregs[6]);
  762:     (*regs)[14] = tswapl(env->dregs[0]);
  763:     (*regs)[15] = tswapl(env->aregs[7]);
  764:     (*regs)[16] = tswapl(env->dregs[0]); /* FIXME: orig_d0 */
  765:     (*regs)[17] = tswapl(env->sr);
  766:     (*regs)[18] = tswapl(env->pc);
  767:     (*regs)[19] = 0;  /* FIXME: regs->format | regs->vector */
  768: }
  769: 
  770: #define USE_ELF_CORE_DUMP
  771: #define ELF_EXEC_PAGESIZE       8192
  772: 
  773: #endif
  774: 
  775: #ifdef TARGET_ALPHA
  776: 
  777: #define ELF_START_MMAP (0x30000000000ULL)
  778: 
  779: #define elf_check_arch(x) ( (x) == ELF_ARCH )
  780: 
  781: #define ELF_CLASS      ELFCLASS64
  782: #define ELF_ARCH       EM_ALPHA
  783: 
  784: static inline void init_thread(struct target_pt_regs *regs,
  785:                                struct image_info *infop)
  786: {
  787:     regs->pc = infop->entry;
  788:     regs->ps = 8;
  789:     regs->usp = infop->start_stack;
  790: }
  791: 
  792: #define ELF_EXEC_PAGESIZE        8192
  793: 
  794: #endif /* TARGET_ALPHA */
  795: 
  796: #ifndef ELF_PLATFORM
  797: #define ELF_PLATFORM (NULL)
  798: #endif
  799: 
  800: #ifndef ELF_HWCAP
  801: #define ELF_HWCAP 0
  802: #endif
  803: 
  804: #ifdef TARGET_ABI32
  805: #undef ELF_CLASS
  806: #define ELF_CLASS ELFCLASS32
  807: #undef bswaptls
  808: #define bswaptls(ptr) bswap32s(ptr)
  809: #endif
  810: 
  811: #include "elf.h"
  812: 
  813: struct exec
  814: {
  815:     unsigned int a_info;   /* Use macros N_MAGIC, etc for access */
  816:     unsigned int a_text;   /* length of text, in bytes */
  817:     unsigned int a_data;   /* length of data, in bytes */
  818:     unsigned int a_bss;    /* length of uninitialized data area, in bytes */
  819:     unsigned int a_syms;   /* length of symbol table data in file, in bytes */
  820:     unsigned int a_entry;  /* start address */
  821:     unsigned int a_trsize; /* length of relocation info for text, in bytes */
  822:     unsigned int a_drsize; /* length of relocation info for data, in bytes */
  823: };
  824: 
  825: 
  826: #define N_MAGIC(exec) ((exec).a_info & 0xffff)
  827: #define OMAGIC 0407
  828: #define NMAGIC 0410
  829: #define ZMAGIC 0413
  830: #define QMAGIC 0314
  831: 
  832: /* Necessary parameters */
  833: #define TARGET_ELF_EXEC_PAGESIZE TARGET_PAGE_SIZE
  834: #define TARGET_ELF_PAGESTART(_v) ((_v) & ~(unsigned long)(TARGET_ELF_EXEC_PAGESIZE-1))
  835: #define TARGET_ELF_PAGEOFFSET(_v) ((_v) & (TARGET_ELF_EXEC_PAGESIZE-1))
  836: 
  837: #define DLINFO_ITEMS 12
  838: 
  839: static inline void memcpy_fromfs(void * to, const void * from, unsigned long n)
  840: {
  841:     memcpy(to, from, n);
  842: }
  843: 
  844: #ifdef BSWAP_NEEDED
  845: static void bswap_ehdr(struct elfhdr *ehdr)
  846: {
  847:     bswap16s(&ehdr->e_type);            /* Object file type */
  848:     bswap16s(&ehdr->e_machine);         /* Architecture */
  849:     bswap32s(&ehdr->e_version);         /* Object file version */
  850:     bswaptls(&ehdr->e_entry);           /* Entry point virtual address */
  851:     bswaptls(&ehdr->e_phoff);           /* Program header table file offset */
  852:     bswaptls(&ehdr->e_shoff);           /* Section header table file offset */
  853:     bswap32s(&ehdr->e_flags);           /* Processor-specific flags */
  854:     bswap16s(&ehdr->e_ehsize);          /* ELF header size in bytes */
  855:     bswap16s(&ehdr->e_phentsize);       /* Program header table entry size */
  856:     bswap16s(&ehdr->e_phnum);           /* Program header table entry count */
  857:     bswap16s(&ehdr->e_shentsize);       /* Section header table entry size */
  858:     bswap16s(&ehdr->e_shnum);           /* Section header table entry count */
  859:     bswap16s(&ehdr->e_shstrndx);        /* Section header string table index */
  860: }
  861: 
  862: static void bswap_phdr(struct elf_phdr *phdr, int phnum)
  863: {
  864:     int i;
  865:     for (i = 0; i < phnum; ++i, ++phdr) {
  866:         bswap32s(&phdr->p_type);        /* Segment type */
  867:         bswap32s(&phdr->p_flags);       /* Segment flags */
  868:         bswaptls(&phdr->p_offset);      /* Segment file offset */
  869:         bswaptls(&phdr->p_vaddr);       /* Segment virtual address */
  870:         bswaptls(&phdr->p_paddr);       /* Segment physical address */
  871:         bswaptls(&phdr->p_filesz);      /* Segment size in file */
  872:         bswaptls(&phdr->p_memsz);       /* Segment size in memory */
  873:         bswaptls(&phdr->p_align);       /* Segment alignment */
  874:     }
  875: }
  876: 
  877: static void bswap_shdr(struct elf_shdr *shdr, int shnum)
  878: {
  879:     int i;
  880:     for (i = 0; i < shnum; ++i, ++shdr) {
  881:         bswap32s(&shdr->sh_name);
  882:         bswap32s(&shdr->sh_type);
  883:         bswaptls(&shdr->sh_flags);
  884:         bswaptls(&shdr->sh_addr);
  885:         bswaptls(&shdr->sh_offset);
  886:         bswaptls(&shdr->sh_size);
  887:         bswap32s(&shdr->sh_link);
  888:         bswap32s(&shdr->sh_info);
  889:         bswaptls(&shdr->sh_addralign);
  890:         bswaptls(&shdr->sh_entsize);
  891:     }
  892: }
  893: 
  894: static void bswap_sym(struct elf_sym *sym)
  895: {
  896:     bswap32s(&sym->st_name);
  897:     bswaptls(&sym->st_value);
  898:     bswaptls(&sym->st_size);
  899:     bswap16s(&sym->st_shndx);
  900: }
  901: #else
  902: static inline void bswap_ehdr(struct elfhdr *ehdr) { }
  903: static inline void bswap_phdr(struct elf_phdr *phdr, int phnum) { }
  904: static inline void bswap_shdr(struct elf_shdr *shdr, int shnum) { }
  905: static inline void bswap_sym(struct elf_sym *sym) { }
  906: #endif
  907: 
  908: #ifdef USE_ELF_CORE_DUMP
  909: static int elf_core_dump(int, const CPUState *);
  910: #endif /* USE_ELF_CORE_DUMP */
  911: static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias);
  912: 
  913: /* Verify the portions of EHDR within E_IDENT for the target.
  914:    This can be performed before bswapping the entire header.  */
  915: static bool elf_check_ident(struct elfhdr *ehdr)
  916: {
  917:     return (ehdr->e_ident[EI_MAG0] == ELFMAG0
  918:             && ehdr->e_ident[EI_MAG1] == ELFMAG1
  919:             && ehdr->e_ident[EI_MAG2] == ELFMAG2
  920:             && ehdr->e_ident[EI_MAG3] == ELFMAG3
  921:             && ehdr->e_ident[EI_CLASS] == ELF_CLASS
  922:             && ehdr->e_ident[EI_DATA] == ELF_DATA
  923:             && ehdr->e_ident[EI_VERSION] == EV_CURRENT);
  924: }
  925: 
  926: /* Verify the portions of EHDR outside of E_IDENT for the target.
  927:    This has to wait until after bswapping the header.  */
  928: static bool elf_check_ehdr(struct elfhdr *ehdr)
  929: {
  930:     return (elf_check_arch(ehdr->e_machine)
  931:             && ehdr->e_ehsize == sizeof(struct elfhdr)
  932:             && ehdr->e_phentsize == sizeof(struct elf_phdr)
  933:             && ehdr->e_shentsize == sizeof(struct elf_shdr)
  934:             && (ehdr->e_type == ET_EXEC || ehdr->e_type == ET_DYN));
  935: }
  936: 
  937: /*
  938:  * 'copy_elf_strings()' copies argument/envelope strings from user
  939:  * memory to free pages in kernel mem. These are in a format ready
  940:  * to be put directly into the top of new user memory.
  941:  *
  942:  */
  943: static abi_ulong copy_elf_strings(int argc,char ** argv, void **page,
  944:                                   abi_ulong p)
  945: {
  946:     char *tmp, *tmp1, *pag = NULL;
  947:     int len, offset = 0;
  948: 
  949:     if (!p) {
  950:         return 0;       /* bullet-proofing */
  951:     }
  952:     while (argc-- > 0) {
  953:         tmp = argv[argc];
  954:         if (!tmp) {
  955:             fprintf(stderr, "VFS: argc is wrong");
  956:             exit(-1);
  957:         }
  958:         tmp1 = tmp;
  959:         while (*tmp++);
  960:         len = tmp - tmp1;
  961:         if (p < len) {  /* this shouldn't happen - 128kB */
  962:             return 0;
  963:         }
  964:         while (len) {
  965:             --p; --tmp; --len;
  966:             if (--offset < 0) {
  967:                 offset = p % TARGET_PAGE_SIZE;
  968:                 pag = (char *)page[p/TARGET_PAGE_SIZE];
  969:                 if (!pag) {
  970:                     pag = (char *)malloc(TARGET_PAGE_SIZE);
  971:                     memset(pag, 0, TARGET_PAGE_SIZE);
  972:                     page[p/TARGET_PAGE_SIZE] = pag;
  973:                     if (!pag)
  974:                         return 0;
  975:                 }
  976:             }
  977:             if (len == 0 || offset == 0) {
  978:                 *(pag + offset) = *tmp;
  979:             }
  980:             else {
  981:                 int bytes_to_copy = (len > offset) ? offset : len;
  982:                 tmp -= bytes_to_copy;
  983:                 p -= bytes_to_copy;
  984:                 offset -= bytes_to_copy;
  985:                 len -= bytes_to_copy;
  986:                 memcpy_fromfs(pag + offset, tmp, bytes_to_copy + 1);
  987:             }
  988:         }
  989:     }
  990:     return p;
  991: }
  992: 
  993: static abi_ulong setup_arg_pages(abi_ulong p, struct linux_binprm *bprm,
  994:                                  struct image_info *info)
  995: {
  996:     abi_ulong stack_base, size, error, guard;
  997:     int i;
  998: 
  999:     /* Create enough stack to hold everything.  If we don't use
 1000:        it for args, we'll use it for something else.  */
 1001:     size = guest_stack_size;
 1002:     if (size < MAX_ARG_PAGES*TARGET_PAGE_SIZE) {
 1003:         size = MAX_ARG_PAGES*TARGET_PAGE_SIZE;
 1004:     }
 1005:     guard = TARGET_PAGE_SIZE;
 1006:     if (guard < qemu_real_host_page_size) {
 1007:         guard = qemu_real_host_page_size;
 1008:     }
 1009: 
 1010:     error = target_mmap(0, size + guard, PROT_READ | PROT_WRITE,
 1011:                         MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
 1012:     if (error == -1) {
 1013:         perror("mmap stack");
 1014:         exit(-1);
 1015:     }
 1016: 
 1017:     /* We reserve one extra page at the top of the stack as guard.  */
 1018:     target_mprotect(error, guard, PROT_NONE);
 1019: 
 1020:     info->stack_limit = error + guard;
 1021:     stack_base = info->stack_limit + size - MAX_ARG_PAGES*TARGET_PAGE_SIZE;
 1022:     p += stack_base;
 1023: 
 1024:     for (i = 0 ; i < MAX_ARG_PAGES ; i++) {
 1025:         if (bprm->page[i]) {
 1026:             info->rss++;
 1027:             /* FIXME - check return value of memcpy_to_target() for failure */
 1028:             memcpy_to_target(stack_base, bprm->page[i], TARGET_PAGE_SIZE);
 1029:             free(bprm->page[i]);
 1030:         }
 1031:         stack_base += TARGET_PAGE_SIZE;
 1032:     }
 1033:     return p;
 1034: }
 1035: 
 1036: /* Map and zero the bss.  We need to explicitly zero any fractional pages
 1037:    after the data section (i.e. bss).  */
 1038: static void zero_bss(abi_ulong elf_bss, abi_ulong last_bss, int prot)
 1039: {
 1040:     uintptr_t host_start, host_map_start, host_end;
 1041: 
 1042:     last_bss = TARGET_PAGE_ALIGN(last_bss);
 1043: 
 1044:     /* ??? There is confusion between qemu_real_host_page_size and
 1045:        qemu_host_page_size here and elsewhere in target_mmap, which
 1046:        may lead to the end of the data section mapping from the file
 1047:        not being mapped.  At least there was an explicit test and
 1048:        comment for that here, suggesting that "the file size must
 1049:        be known".  The comment probably pre-dates the introduction
 1050:        of the fstat system call in target_mmap which does in fact
 1051:        find out the size.  What isn't clear is if the workaround
 1052:        here is still actually needed.  For now, continue with it,
 1053:        but merge it with the "normal" mmap that would allocate the bss.  */
 1054: 
 1055:     host_start = (uintptr_t) g2h(elf_bss);
 1056:     host_end = (uintptr_t) g2h(last_bss);
 1057:     host_map_start = (host_start + qemu_real_host_page_size - 1);
 1058:     host_map_start &= -qemu_real_host_page_size;
 1059: 
 1060:     if (host_map_start < host_end) {
 1061:         void *p = mmap((void *)host_map_start, host_end - host_map_start,
 1062:                        prot, MAP_FIXED | MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
 1063:         if (p == MAP_FAILED) {
 1064:             perror("cannot mmap brk");
 1065:             exit(-1);
 1066:         }
 1067: 
 1068:         /* Since we didn't use target_mmap, make sure to record
 1069:            the validity of the pages with qemu.  */
 1070:         page_set_flags(elf_bss & TARGET_PAGE_MASK, last_bss, prot|PAGE_VALID);
 1071:     }
 1072: 
 1073:     if (host_start < host_map_start) {
 1074:         memset((void *)host_start, 0, host_map_start - host_start);
 1075:     }
 1076: }
 1077: 
 1078: static abi_ulong create_elf_tables(abi_ulong p, int argc, int envc,
 1079:                                    struct elfhdr *exec,
 1080:                                    struct image_info *info,
 1081:                                    struct image_info *interp_info)
 1082: {
 1083:     abi_ulong sp;
 1084:     int size;
 1085:     abi_ulong u_platform;
 1086:     const char *k_platform;
 1087:     const int n = sizeof(elf_addr_t);
 1088: 
 1089:     sp = p;
 1090:     u_platform = 0;
 1091:     k_platform = ELF_PLATFORM;
 1092:     if (k_platform) {
 1093:         size_t len = strlen(k_platform) + 1;
 1094:         sp -= (len + n - 1) & ~(n - 1);
 1095:         u_platform = sp;
 1096:         /* FIXME - check return value of memcpy_to_target() for failure */
 1097:         memcpy_to_target(sp, k_platform, len);
 1098:     }
 1099:     /*
 1100:      * Force 16 byte _final_ alignment here for generality.
 1101:      */
 1102:     sp = sp &~ (abi_ulong)15;
 1103:     size = (DLINFO_ITEMS + 1) * 2;
 1104:     if (k_platform)
 1105:         size += 2;
 1106: #ifdef DLINFO_ARCH_ITEMS
 1107:     size += DLINFO_ARCH_ITEMS * 2;
 1108: #endif
 1109:     size += envc + argc + 2;
 1110:     size += 1;  /* argc itself */
 1111:     size *= n;
 1112:     if (size & 15)
 1113:         sp -= 16 - (size & 15);
 1114: 
 1115:     /* This is correct because Linux defines
 1116:      * elf_addr_t as Elf32_Off / Elf64_Off
 1117:      */
 1118: #define NEW_AUX_ENT(id, val) do {               \
 1119:         sp -= n; put_user_ual(val, sp);         \
 1120:         sp -= n; put_user_ual(id, sp);          \
 1121:     } while(0)
 1122: 
 1123:     NEW_AUX_ENT (AT_NULL, 0);
 1124: 
 1125:     /* There must be exactly DLINFO_ITEMS entries here.  */
 1126:     NEW_AUX_ENT(AT_PHDR, (abi_ulong)(info->load_addr + exec->e_phoff));
 1127:     NEW_AUX_ENT(AT_PHENT, (abi_ulong)(sizeof (struct elf_phdr)));
 1128:     NEW_AUX_ENT(AT_PHNUM, (abi_ulong)(exec->e_phnum));
 1129:     NEW_AUX_ENT(AT_PAGESZ, (abi_ulong)(TARGET_PAGE_SIZE));
 1130:     NEW_AUX_ENT(AT_BASE, (abi_ulong)(interp_info ? interp_info->load_addr : 0));
 1131:     NEW_AUX_ENT(AT_FLAGS, (abi_ulong)0);
 1132:     NEW_AUX_ENT(AT_ENTRY, info->entry);
 1133:     NEW_AUX_ENT(AT_UID, (abi_ulong) getuid());
 1134:     NEW_AUX_ENT(AT_EUID, (abi_ulong) geteuid());
 1135:     NEW_AUX_ENT(AT_GID, (abi_ulong) getgid());
 1136:     NEW_AUX_ENT(AT_EGID, (abi_ulong) getegid());
 1137:     NEW_AUX_ENT(AT_HWCAP, (abi_ulong) ELF_HWCAP);
 1138:     NEW_AUX_ENT(AT_CLKTCK, (abi_ulong) sysconf(_SC_CLK_TCK));
 1139:     if (k_platform)
 1140:         NEW_AUX_ENT(AT_PLATFORM, u_platform);
 1141: #ifdef ARCH_DLINFO
 1142:     /*
 1143:      * ARCH_DLINFO must come last so platform specific code can enforce
 1144:      * special alignment requirements on the AUXV if necessary (eg. PPC).
 1145:      */
 1146:     ARCH_DLINFO;
 1147: #endif
 1148: #undef NEW_AUX_ENT
 1149: 
 1150:     info->saved_auxv = sp;
 1151: 
 1152:     sp = loader_build_argptr(envc, argc, sp, p, 0);
 1153:     return sp;
 1154: }
 1155: 
 1156: /* Load an ELF image into the address space.
 1157: 
 1158:    IMAGE_NAME is the filename of the image, to use in error messages.
 1159:    IMAGE_FD is the open file descriptor for the image.
 1160: 
 1161:    BPRM_BUF is a copy of the beginning of the file; this of course
 1162:    contains the elf file header at offset 0.  It is assumed that this
 1163:    buffer is sufficiently aligned to present no problems to the host
 1164:    in accessing data at aligned offsets within the buffer.
 1165: 
 1166:    On return: INFO values will be filled in, as necessary or available.  */
 1167: 
 1168: static void load_elf_image(const char *image_name, int image_fd,
 1169:                            struct image_info *info, char **pinterp_name,
 1170:                            char bprm_buf[BPRM_BUF_SIZE])
 1171: {
 1172:     struct elfhdr *ehdr = (struct elfhdr *)bprm_buf;
 1173:     struct elf_phdr *phdr;
 1174:     abi_ulong load_addr, load_bias, loaddr, hiaddr, error;
 1175:     int i, retval;
 1176:     const char *errmsg;
 1177: 
 1178:     /* First of all, some simple consistency checks */
 1179:     errmsg = "Invalid ELF image for this architecture";
 1180:     if (!elf_check_ident(ehdr)) {
 1181:         goto exit_errmsg;
 1182:     }
 1183:     bswap_ehdr(ehdr);
 1184:     if (!elf_check_ehdr(ehdr)) {
 1185:         goto exit_errmsg;
 1186:     }
 1187: 
 1188:     i = ehdr->e_phnum * sizeof(struct elf_phdr);
 1189:     if (ehdr->e_phoff + i <= BPRM_BUF_SIZE) {
 1190:         phdr = (struct elf_phdr *)(bprm_buf + ehdr->e_phoff);
 1191:     } else {
 1192:         phdr = (struct elf_phdr *) alloca(i);
 1193:         retval = pread(image_fd, phdr, i, ehdr->e_phoff);
 1194:         if (retval != i) {
 1195:             goto exit_read;
 1196:         }
 1197:     }
 1198:     bswap_phdr(phdr, ehdr->e_phnum);
 1199: 
 1200:     /* Find the maximum size of the image and allocate an appropriate
 1201:        amount of memory to handle that.  */
 1202:     loaddr = -1, hiaddr = 0;
 1203:     for (i = 0; i < ehdr->e_phnum; ++i) {
 1204:         if (phdr[i].p_type == PT_LOAD) {
 1205:             abi_ulong a = phdr[i].p_vaddr;
 1206:             if (a < loaddr) {
 1207:                 loaddr = a;
 1208:             }
 1209:             a += phdr[i].p_memsz;
 1210:             if (a > hiaddr) {
 1211:                 hiaddr = a;
 1212:             }
 1213:         }
 1214:     }
 1215: 
 1216:     load_addr = loaddr;
 1217:     if (ehdr->e_type == ET_DYN) {
 1218:         /* The image indicates that it can be loaded anywhere.  Find a
 1219:            location that can hold the memory space required.  If the
 1220:            image is pre-linked, LOADDR will be non-zero.  Since we do
 1221:            not supply MAP_FIXED here we'll use that address if and
 1222:            only if it remains available.  */
 1223:         load_addr = target_mmap(loaddr, hiaddr - loaddr, PROT_NONE,
 1224:                                 MAP_PRIVATE | MAP_ANON | MAP_NORESERVE,
 1225:                                 -1, 0);
 1226:         if (load_addr == -1) {
 1227:             goto exit_perror;
 1228:         }
 1229:     } else if (pinterp_name != NULL) {
 1230:         /* This is the main executable.  Make sure that the low
 1231:            address does not conflict with MMAP_MIN_ADDR or the
 1232:            QEMU application itself.  */
 1233: #if defined(CONFIG_USE_GUEST_BASE)
 1234:         /*
 1235:          * In case where user has not explicitly set the guest_base, we
 1236:          * probe here that should we set it automatically.
 1237:          */
 1238:         if (!have_guest_base && !reserved_va) {
 1239:             unsigned long host_start, real_start, host_size;
 1240: 
 1241:             /* Round addresses to page boundaries.  */
 1242:             loaddr &= qemu_host_page_mask;
 1243:             hiaddr = HOST_PAGE_ALIGN(hiaddr);
 1244: 
 1245:             if (loaddr < mmap_min_addr) {
 1246:                 host_start = HOST_PAGE_ALIGN(mmap_min_addr);
 1247:             } else {
 1248:                 host_start = loaddr;
 1249:                 if (host_start != loaddr) {
 1250:                     errmsg = "Address overflow loading ELF binary";
 1251:                     goto exit_errmsg;
 1252:                 }
 1253:             }
 1254:             host_size = hiaddr - loaddr;
 1255:             while (1) {
 1256:                 /* Do not use mmap_find_vma here because that is limited to the
 1257:                    guest address space.  We are going to make the
 1258:                    guest address space fit whatever we're given.  */
 1259:                 real_start = (unsigned long)
 1260:                     mmap((void *)host_start, host_size, PROT_NONE,
 1261:                          MAP_ANONYMOUS | MAP_PRIVATE | MAP_NORESERVE, -1, 0);
 1262:                 if (real_start == (unsigned long)-1) {
 1263:                     goto exit_perror;
 1264:                 }
 1265:                 if (real_start == host_start) {
 1266:                     break;
 1267:                 }
 1268:                 /* That address didn't work.  Unmap and try a different one.
 1269:                    The address the host picked because is typically right at
 1270:                    the top of the host address space and leaves the guest with
 1271:                    no usable address space.  Resort to a linear search.  We
 1272:                    already compensated for mmap_min_addr, so this should not
 1273:                    happen often.  Probably means we got unlucky and host
 1274:                    address space randomization put a shared library somewhere
 1275:                    inconvenient.  */
 1276:                 munmap((void *)real_start, host_size);
 1277:                 host_start += qemu_host_page_size;
 1278:                 if (host_start == loaddr) {
 1279:                     /* Theoretically possible if host doesn't have any suitably
 1280:                        aligned areas.  Normally the first mmap will fail.  */
 1281:                     errmsg = "Unable to find space for application";
 1282:                     goto exit_errmsg;
 1283:                 }
 1284:             }
 1285:             qemu_log("Relocating guest address space from 0x"
 1286:                      TARGET_ABI_FMT_lx " to 0x%lx\n", loaddr, real_start);
 1287:             guest_base = real_start - loaddr;
 1288:         }
 1289: #endif
 1290:     }
 1291:     load_bias = load_addr - loaddr;
 1292: 
 1293:     info->load_bias = load_bias;
 1294:     info->load_addr = load_addr;
 1295:     info->entry = ehdr->e_entry + load_bias;
 1296:     info->start_code = -1;
 1297:     info->end_code = 0;
 1298:     info->start_data = -1;
 1299:     info->end_data = 0;
 1300:     info->brk = 0;
 1301: 
 1302:     for (i = 0; i < ehdr->e_phnum; i++) {
 1303:         struct elf_phdr *eppnt = phdr + i;
 1304:         if (eppnt->p_type == PT_LOAD) {
 1305:             abi_ulong vaddr, vaddr_po, vaddr_ps, vaddr_ef, vaddr_em;
 1306:             int elf_prot = 0;
 1307: 
 1308:             if (eppnt->p_flags & PF_R) elf_prot =  PROT_READ;
 1309:             if (eppnt->p_flags & PF_W) elf_prot |= PROT_WRITE;
 1310:             if (eppnt->p_flags & PF_X) elf_prot |= PROT_EXEC;
 1311: 
 1312:             vaddr = load_bias + eppnt->p_vaddr;
 1313:             vaddr_po = TARGET_ELF_PAGEOFFSET(vaddr);
 1314:             vaddr_ps = TARGET_ELF_PAGESTART(vaddr);
 1315: 
 1316:             error = target_mmap(vaddr_ps, eppnt->p_filesz + vaddr_po,
 1317:                                 elf_prot, MAP_PRIVATE | MAP_FIXED,
 1318:                                 image_fd, eppnt->p_offset - vaddr_po);
 1319:             if (error == -1) {
 1320:                 goto exit_perror;
 1321:             }
 1322: 
 1323:             vaddr_ef = vaddr + eppnt->p_filesz;
 1324:             vaddr_em = vaddr + eppnt->p_memsz;
 1325: 
 1326:             /* If the load segment requests extra zeros (e.g. bss), map it.  */
 1327:             if (vaddr_ef < vaddr_em) {
 1328:                 zero_bss(vaddr_ef, vaddr_em, elf_prot);
 1329:             }
 1330: 
 1331:             /* Find the full program boundaries.  */
 1332:             if (elf_prot & PROT_EXEC) {
 1333:                 if (vaddr < info->start_code) {
 1334:                     info->start_code = vaddr;
 1335:                 }
 1336:                 if (vaddr_ef > info->end_code) {
 1337:                     info->end_code = vaddr_ef;
 1338:                 }
 1339:             }
 1340:             if (elf_prot & PROT_WRITE) {
 1341:                 if (vaddr < info->start_data) {
 1342:                     info->start_data = vaddr;
 1343:                 }
 1344:                 if (vaddr_ef > info->end_data) {
 1345:                     info->end_data = vaddr_ef;
 1346:                 }
 1347:                 if (vaddr_em > info->brk) {
 1348:                     info->brk = vaddr_em;
 1349:                 }
 1350:             }
 1351:         } else if (eppnt->p_type == PT_INTERP && pinterp_name) {
 1352:             char *interp_name;
 1353: 
 1354:             if (*pinterp_name) {
 1355:                 errmsg = "Multiple PT_INTERP entries";
 1356:                 goto exit_errmsg;
 1357:             }
 1358:             interp_name = malloc(eppnt->p_filesz);
 1359:             if (!interp_name) {
 1360:                 goto exit_perror;
 1361:             }
 1362: 
 1363:             if (eppnt->p_offset + eppnt->p_filesz <= BPRM_BUF_SIZE) {
 1364:                 memcpy(interp_name, bprm_buf + eppnt->p_offset,
 1365:                        eppnt->p_filesz);
 1366:             } else {
 1367:                 retval = pread(image_fd, interp_name, eppnt->p_filesz,
 1368:                                eppnt->p_offset);
 1369:                 if (retval != eppnt->p_filesz) {
 1370:                     goto exit_perror;
 1371:                 }
 1372:             }
 1373:             if (interp_name[eppnt->p_filesz - 1] != 0) {
 1374:                 errmsg = "Invalid PT_INTERP entry";
 1375:                 goto exit_errmsg;
 1376:             }
 1377:             *pinterp_name = interp_name;
 1378:         }
 1379:     }
 1380: 
 1381:     if (info->end_data == 0) {
 1382:         info->start_data = info->end_code;
 1383:         info->end_data = info->end_code;
 1384:         info->brk = info->end_code;
 1385:     }
 1386: 
 1387:     if (qemu_log_enabled()) {
 1388:         load_symbols(ehdr, image_fd, load_bias);
 1389:     }
 1390: 
 1391:     close(image_fd);
 1392:     return;
 1393: 
 1394:  exit_read:
 1395:     if (retval >= 0) {
 1396:         errmsg = "Incomplete read of file header";
 1397:         goto exit_errmsg;
 1398:     }
 1399:  exit_perror:
 1400:     errmsg = strerror(errno);
 1401:  exit_errmsg:
 1402:     fprintf(stderr, "%s: %s\n", image_name, errmsg);
 1403:     exit(-1);
 1404: }
 1405: 
 1406: static void load_elf_interp(const char *filename, struct image_info *info,
 1407:                             char bprm_buf[BPRM_BUF_SIZE])
 1408: {
 1409:     int fd, retval;
 1410: 
 1411:     fd = open(path(filename), O_RDONLY);
 1412:     if (fd < 0) {
 1413:         goto exit_perror;
 1414:     }
 1415: 
 1416:     retval = read(fd, bprm_buf, BPRM_BUF_SIZE);
 1417:     if (retval < 0) {
 1418:         goto exit_perror;
 1419:     }
 1420:     if (retval < BPRM_BUF_SIZE) {
 1421:         memset(bprm_buf + retval, 0, BPRM_BUF_SIZE - retval);
 1422:     }
 1423: 
 1424:     load_elf_image(filename, fd, info, NULL, bprm_buf);
 1425:     return;
 1426: 
 1427:  exit_perror:
 1428:     fprintf(stderr, "%s: %s\n", filename, strerror(errno));
 1429:     exit(-1);
 1430: }
 1431: 
 1432: static int symfind(const void *s0, const void *s1)
 1433: {
 1434:     struct elf_sym *key = (struct elf_sym *)s0;
 1435:     struct elf_sym *sym = (struct elf_sym *)s1;
 1436:     int result = 0;
 1437:     if (key->st_value < sym->st_value) {
 1438:         result = -1;
 1439:     } else if (key->st_value >= sym->st_value + sym->st_size) {
 1440:         result = 1;
 1441:     }
 1442:     return result;
 1443: }
 1444: 
 1445: static const char *lookup_symbolxx(struct syminfo *s, target_ulong orig_addr)
 1446: {
 1447: #if ELF_CLASS == ELFCLASS32
 1448:     struct elf_sym *syms = s->disas_symtab.elf32;
 1449: #else
 1450:     struct elf_sym *syms = s->disas_symtab.elf64;
 1451: #endif
 1452: 
 1453:     // binary search
 1454:     struct elf_sym key;
 1455:     struct elf_sym *sym;
 1456: 
 1457:     key.st_value = orig_addr;
 1458: 
 1459:     sym = bsearch(&key, syms, s->disas_num_syms, sizeof(*syms), symfind);
 1460:     if (sym != NULL) {
 1461:         return s->disas_strtab + sym->st_name;
 1462:     }
 1463: 
 1464:     return "";
 1465: }
 1466: 
 1467: /* FIXME: This should use elf_ops.h  */
 1468: static int symcmp(const void *s0, const void *s1)
 1469: {
 1470:     struct elf_sym *sym0 = (struct elf_sym *)s0;
 1471:     struct elf_sym *sym1 = (struct elf_sym *)s1;
 1472:     return (sym0->st_value < sym1->st_value)
 1473:         ? -1
 1474:         : ((sym0->st_value > sym1->st_value) ? 1 : 0);
 1475: }
 1476: 
 1477: /* Best attempt to load symbols from this ELF object. */
 1478: static void load_symbols(struct elfhdr *hdr, int fd, abi_ulong load_bias)
 1479: {
 1480:     int i, shnum, nsyms, sym_idx = 0, str_idx = 0;
 1481:     struct elf_shdr *shdr;
 1482:     char *strings;
 1483:     struct syminfo *s;
 1484:     struct elf_sym *syms, *new_syms;
 1485: 
 1486:     shnum = hdr->e_shnum;
 1487:     i = shnum * sizeof(struct elf_shdr);
 1488:     shdr = (struct elf_shdr *)alloca(i);
 1489:     if (pread(fd, shdr, i, hdr->e_shoff) != i) {
 1490:         return;
 1491:     }
 1492: 
 1493:     bswap_shdr(shdr, shnum);
 1494:     for (i = 0; i < shnum; ++i) {
 1495:         if (shdr[i].sh_type == SHT_SYMTAB) {
 1496:             sym_idx = i;
 1497:             str_idx = shdr[i].sh_link;
 1498:             goto found;
 1499:         }
 1500:     }
 1501: 
 1502:     /* There will be no symbol table if the file was stripped.  */
 1503:     return;
 1504: 
 1505:  found:
 1506:     /* Now know where the strtab and symtab are.  Snarf them.  */
 1507:     s = malloc(sizeof(*s));
 1508:     if (!s) {
 1509:         return;
 1510:     }
 1511: 
 1512:     i = shdr[str_idx].sh_size;
 1513:     s->disas_strtab = strings = malloc(i);
 1514:     if (!strings || pread(fd, strings, i, shdr[str_idx].sh_offset) != i) {
 1515:         free(s);
 1516:         free(strings);
 1517:         return;
 1518:     }
 1519: 
 1520:     i = shdr[sym_idx].sh_size;
 1521:     syms = malloc(i);
 1522:     if (!syms || pread(fd, syms, i, shdr[sym_idx].sh_offset) != i) {
 1523:         free(s);
 1524:         free(strings);
 1525:         free(syms);
 1526:         return;
 1527:     }
 1528: 
 1529:     nsyms = i / sizeof(struct elf_sym);
 1530:     for (i = 0; i < nsyms; ) {
 1531:         bswap_sym(syms + i);
 1532:         /* Throw away entries which we do not need.  */
 1533:         if (syms[i].st_shndx == SHN_UNDEF
 1534:             || syms[i].st_shndx >= SHN_LORESERVE
 1535:             || ELF_ST_TYPE(syms[i].st_info) != STT_FUNC) {
 1536:             if (i < --nsyms) {
 1537:                 syms[i] = syms[nsyms];
 1538:             }
 1539:         } else {
 1540: #if defined(TARGET_ARM) || defined (TARGET_MIPS)
 1541:             /* The bottom address bit marks a Thumb or MIPS16 symbol.  */
 1542:             syms[i].st_value &= ~(target_ulong)1;
 1543: #endif
 1544:             syms[i].st_value += load_bias;
 1545:             i++;
 1546:         }
 1547:     }
 1548: 
 1549:     /* Attempt to free the storage associated with the local symbols
 1550:        that we threw away.  Whether or not this has any effect on the
 1551:        memory allocation depends on the malloc implementation and how
 1552:        many symbols we managed to discard.  */
 1553:     new_syms = realloc(syms, nsyms * sizeof(*syms));
 1554:     if (new_syms == NULL) {
 1555:         free(s);
 1556:         free(syms);
 1557:         free(strings);
 1558:         return;
 1559:     }
 1560:     syms = new_syms;
 1561: 
 1562:     qsort(syms, nsyms, sizeof(*syms), symcmp);
 1563: 
 1564:     s->disas_num_syms = nsyms;
 1565: #if ELF_CLASS == ELFCLASS32
 1566:     s->disas_symtab.elf32 = syms;
 1567: #else
 1568:     s->disas_symtab.elf64 = syms;
 1569: #endif
 1570:     s->lookup_symbol = lookup_symbolxx;
 1571:     s->next = syminfos;
 1572:     syminfos = s;
 1573: }
 1574: 
 1575: int load_elf_binary(struct linux_binprm * bprm, struct target_pt_regs * regs,
 1576:                     struct image_info * info)
 1577: {
 1578:     struct image_info interp_info;
 1579:     struct elfhdr elf_ex;
 1580:     char *elf_interpreter = NULL;
 1581: 
 1582:     info->start_mmap = (abi_ulong)ELF_START_MMAP;
 1583:     info->mmap = 0;
 1584:     info->rss = 0;
 1585: 
 1586:     load_elf_image(bprm->filename, bprm->fd, info,
 1587:                    &elf_interpreter, bprm->buf);
 1588: 
 1589:     /* ??? We need a copy of the elf header for passing to create_elf_tables.
 1590:        If we do nothing, we'll have overwritten this when we re-use bprm->buf
 1591:        when we load the interpreter.  */
 1592:     elf_ex = *(struct elfhdr *)bprm->buf;
 1593: 
 1594:     bprm->p = copy_elf_strings(1, &bprm->filename, bprm->page, bprm->p);
 1595:     bprm->p = copy_elf_strings(bprm->envc,bprm->envp,bprm->page,bprm->p);
 1596:     bprm->p = copy_elf_strings(bprm->argc,bprm->argv,bprm->page,bprm->p);
 1597:     if (!bprm->p) {
 1598:         fprintf(stderr, "%s: %s\n", bprm->filename, strerror(E2BIG));
 1599:         exit(-1);
 1600:     }
 1601: 
 1602:     /* Do this so that we can load the interpreter, if need be.  We will
 1603:        change some of these later */
 1604:     bprm->p = setup_arg_pages(bprm->p, bprm, info);
 1605: 
 1606:     if (elf_interpreter) {
 1607:         load_elf_interp(elf_interpreter, &interp_info, bprm->buf);
 1608: 
 1609:         /* If the program interpreter is one of these two, then assume
 1610:            an iBCS2 image.  Otherwise assume a native linux image.  */
 1611: 
 1612:         if (strcmp(elf_interpreter, "/usr/lib/libc.so.1") == 0
 1613:             || strcmp(elf_interpreter, "/usr/lib/ld.so.1") == 0) {
 1614:             info->personality = PER_SVR4;
 1615: 
 1616:             /* Why this, you ask???  Well SVr4 maps page 0 as read-only,
 1617:                and some applications "depend" upon this behavior.  Since
 1618:                we do not have the power to recompile these, we emulate
 1619:                the SVr4 behavior.  Sigh.  */
 1620:             target_mmap(0, qemu_host_page_size, PROT_READ | PROT_EXEC,
 1621:                         MAP_FIXED | MAP_PRIVATE, -1, 0);
 1622:         }
 1623:     }
 1624: 
 1625:     bprm->p = create_elf_tables(bprm->p, bprm->argc, bprm->envc, &elf_ex,
 1626:                                 info, (elf_interpreter ? &interp_info : NULL));
 1627:     info->start_stack = bprm->p;
 1628: 
 1629:     /* If we have an interpreter, set that as the program's entry point.
 1630:        Copy the load_addr as well, to help PPC64 interpret the entry
 1631:        point as a function descriptor.  Do this after creating elf tables
 1632:        so that we copy the original program entry point into the AUXV.  */
 1633:     if (elf_interpreter) {
 1634:         info->load_addr = interp_info.load_addr;
 1635:         info->entry = interp_info.entry;
 1636:         free(elf_interpreter);
 1637:     }
 1638: 
 1639: #ifdef USE_ELF_CORE_DUMP
 1640:     bprm->core_dump = &elf_core_dump;
 1641: #endif
 1642: 
 1643:     return 0;
 1644: }
 1645: 
 1646: #ifdef USE_ELF_CORE_DUMP
 1647: /*
 1648:  * Definitions to generate Intel SVR4-like core files.
 1649:  * These mostly have the same names as the SVR4 types with "target_elf_"
 1650:  * tacked on the front to prevent clashes with linux definitions,
 1651:  * and the typedef forms have been avoided.  This is mostly like
 1652:  * the SVR4 structure, but more Linuxy, with things that Linux does
 1653:  * not support and which gdb doesn't really use excluded.
 1654:  *
 1655:  * Fields we don't dump (their contents is zero) in linux-user qemu
 1656:  * are marked with XXX.
 1657:  *
 1658:  * Core dump code is copied from linux kernel (fs/binfmt_elf.c).
 1659:  *
 1660:  * Porting ELF coredump for target is (quite) simple process.  First you
 1661:  * define USE_ELF_CORE_DUMP in target ELF code (where init_thread() for
 1662:  * the target resides):
 1663:  *
 1664:  * #define USE_ELF_CORE_DUMP
 1665:  *
 1666:  * Next you define type of register set used for dumping.  ELF specification
 1667:  * says that it needs to be array of elf_greg_t that has size of ELF_NREG.
 1668:  *
 1669:  * typedef <target_regtype> target_elf_greg_t;
 1670:  * #define ELF_NREG <number of registers>
 1671:  * typedef taret_elf_greg_t target_elf_gregset_t[ELF_NREG];
 1672:  *
 1673:  * Last step is to implement target specific function that copies registers
 1674:  * from given cpu into just specified register set.  Prototype is:
 1675:  *
 1676:  * static void elf_core_copy_regs(taret_elf_gregset_t *regs,
 1677:  *                                const CPUState *env);
 1678:  *
 1679:  * Parameters:
 1680:  *     regs - copy register values into here (allocated and zeroed by caller)
 1681:  *     env - copy registers from here
 1682:  *
 1683:  * Example for ARM target is provided in this file.
 1684:  */
 1685: 
 1686: /* An ELF note in memory */
 1687: struct memelfnote {
 1688:     const char *name;
 1689:     size_t     namesz;
 1690:     size_t     namesz_rounded;
 1691:     int        type;
 1692:     size_t     datasz;
 1693:     void       *data;
 1694:     size_t     notesz;
 1695: };
 1696: 
 1697: struct target_elf_siginfo {
 1698:     int  si_signo; /* signal number */
 1699:     int  si_code;  /* extra code */
 1700:     int  si_errno; /* errno */
 1701: };
 1702: 
 1703: struct target_elf_prstatus {
 1704:     struct target_elf_siginfo pr_info;      /* Info associated with signal */
 1705:     short              pr_cursig;    /* Current signal */
 1706:     target_ulong       pr_sigpend;   /* XXX */
 1707:     target_ulong       pr_sighold;   /* XXX */
 1708:     target_pid_t       pr_pid;
 1709:     target_pid_t       pr_ppid;
 1710:     target_pid_t       pr_pgrp;
 1711:     target_pid_t       pr_sid;
 1712:     struct target_timeval pr_utime;  /* XXX User time */
 1713:     struct target_timeval pr_stime;  /* XXX System time */
 1714:     struct target_timeval pr_cutime; /* XXX Cumulative user time */
 1715:     struct target_timeval pr_cstime; /* XXX Cumulative system time */
 1716:     target_elf_gregset_t      pr_reg;       /* GP registers */
 1717:     int                pr_fpvalid;   /* XXX */
 1718: };
 1719: 
 1720: #define ELF_PRARGSZ     (80) /* Number of chars for args */
 1721: 
 1722: struct target_elf_prpsinfo {
 1723:     char         pr_state;       /* numeric process state */
 1724:     char         pr_sname;       /* char for pr_state */
 1725:     char         pr_zomb;        /* zombie */
 1726:     char         pr_nice;        /* nice val */
 1727:     target_ulong pr_flag;        /* flags */
 1728:     target_uid_t pr_uid;
 1729:     target_gid_t pr_gid;
 1730:     target_pid_t pr_pid, pr_ppid, pr_pgrp, pr_sid;
 1731:     /* Lots missing */
 1732:     char    pr_fname[16];           /* filename of executable */
 1733:     char    pr_psargs[ELF_PRARGSZ]; /* initial part of arg list */
 1734: };
 1735: 
 1736: /* Here is the structure in which status of each thread is captured. */
 1737: struct elf_thread_status {
 1738:     QTAILQ_ENTRY(elf_thread_status)  ets_link;
 1739:     struct target_elf_prstatus prstatus;   /* NT_PRSTATUS */
 1740: #if 0
 1741:     elf_fpregset_t fpu;             /* NT_PRFPREG */
 1742:     struct task_struct *thread;
 1743:     elf_fpxregset_t xfpu;           /* ELF_CORE_XFPREG_TYPE */
 1744: #endif
 1745:     struct memelfnote notes[1];
 1746:     int num_notes;
 1747: };
 1748: 
 1749: struct elf_note_info {
 1750:     struct memelfnote   *notes;
 1751:     struct target_elf_prstatus *prstatus;  /* NT_PRSTATUS */
 1752:     struct target_elf_prpsinfo *psinfo;    /* NT_PRPSINFO */
 1753: 
 1754:     QTAILQ_HEAD(thread_list_head, elf_thread_status) thread_list;
 1755: #if 0
 1756:     /*
 1757:      * Current version of ELF coredump doesn't support
 1758:      * dumping fp regs etc.
 1759:      */
 1760:     elf_fpregset_t *fpu;
 1761:     elf_fpxregset_t *xfpu;
 1762:     int thread_status_size;
 1763: #endif
 1764:     int notes_size;
 1765:     int numnote;
 1766: };
 1767: 
 1768: struct vm_area_struct {
 1769:     abi_ulong   vma_start;  /* start vaddr of memory region */
 1770:     abi_ulong   vma_end;    /* end vaddr of memory region */
 1771:     abi_ulong   vma_flags;  /* protection etc. flags for the region */
 1772:     QTAILQ_ENTRY(vm_area_struct) vma_link;
 1773: };
 1774: 
 1775: struct mm_struct {
 1776:     QTAILQ_HEAD(, vm_area_struct) mm_mmap;
 1777:     int mm_count;           /* number of mappings */
 1778: };
 1779: 
 1780: static struct mm_struct *vma_init(void);
 1781: static void vma_delete(struct mm_struct *);
 1782: static int vma_add_mapping(struct mm_struct *, abi_ulong,
 1783:                            abi_ulong, abi_ulong);
 1784: static int vma_get_mapping_count(const struct mm_struct *);
 1785: static struct vm_area_struct *vma_first(const struct mm_struct *);
 1786: static struct vm_area_struct *vma_next(struct vm_area_struct *);
 1787: static abi_ulong vma_dump_size(const struct vm_area_struct *);
 1788: static int vma_walker(void *priv, abi_ulong start, abi_ulong end,
 1789:                       unsigned long flags);
 1790: 
 1791: static void fill_elf_header(struct elfhdr *, int, uint16_t, uint32_t);
 1792: static void fill_note(struct memelfnote *, const char *, int,
 1793:                       unsigned int, void *);
 1794: static void fill_prstatus(struct target_elf_prstatus *, const TaskState *, int);
 1795: static int fill_psinfo(struct target_elf_prpsinfo *, const TaskState *);
 1796: static void fill_auxv_note(struct memelfnote *, const TaskState *);
 1797: static void fill_elf_note_phdr(struct elf_phdr *, int, off_t);
 1798: static size_t note_size(const struct memelfnote *);
 1799: static void free_note_info(struct elf_note_info *);
 1800: static int fill_note_info(struct elf_note_info *, long, const CPUState *);
 1801: static void fill_thread_info(struct elf_note_info *, const CPUState *);
 1802: static int core_dump_filename(const TaskState *, char *, size_t);
 1803: 
 1804: static int dump_write(int, const void *, size_t);
 1805: static int write_note(struct memelfnote *, int);
 1806: static int write_note_info(struct elf_note_info *, int);
 1807: 
 1808: #ifdef BSWAP_NEEDED
 1809: static void bswap_prstatus(struct target_elf_prstatus *prstatus)
 1810: {
 1811:     prstatus->pr_info.si_signo = tswapl(prstatus->pr_info.si_signo);
 1812:     prstatus->pr_info.si_code = tswapl(prstatus->pr_info.si_code);
 1813:     prstatus->pr_info.si_errno = tswapl(prstatus->pr_info.si_errno);
 1814:     prstatus->pr_cursig = tswap16(prstatus->pr_cursig);
 1815:     prstatus->pr_sigpend = tswapl(prstatus->pr_sigpend);
 1816:     prstatus->pr_sighold = tswapl(prstatus->pr_sighold);
 1817:     prstatus->pr_pid = tswap32(prstatus->pr_pid);
 1818:     prstatus->pr_ppid = tswap32(prstatus->pr_ppid);
 1819:     prstatus->pr_pgrp = tswap32(prstatus->pr_pgrp);
 1820:     prstatus->pr_sid = tswap32(prstatus->pr_sid);
 1821:     /* cpu times are not filled, so we skip them */
 1822:     /* regs should be in correct format already */
 1823:     prstatus->pr_fpvalid = tswap32(prstatus->pr_fpvalid);
 1824: }
 1825: 
 1826: static void bswap_psinfo(struct target_elf_prpsinfo *psinfo)
 1827: {
 1828:     psinfo->pr_flag = tswapl(psinfo->pr_flag);
 1829:     psinfo->pr_uid = tswap16(psinfo->pr_uid);
 1830:     psinfo->pr_gid = tswap16(psinfo->pr_gid);
 1831:     psinfo->pr_pid = tswap32(psinfo->pr_pid);
 1832:     psinfo->pr_ppid = tswap32(psinfo->pr_ppid);
 1833:     psinfo->pr_pgrp = tswap32(psinfo->pr_pgrp);
 1834:     psinfo->pr_sid = tswap32(psinfo->pr_sid);
 1835: }
 1836: 
 1837: static void bswap_note(struct elf_note *en)
 1838: {
 1839:     bswap32s(&en->n_namesz);
 1840:     bswap32s(&en->n_descsz);
 1841:     bswap32s(&en->n_type);
 1842: }
 1843: #else
 1844: static inline void bswap_prstatus(struct target_elf_prstatus *p) { }
 1845: static inline void bswap_psinfo(struct target_elf_prpsinfo *p) {}
 1846: static inline void bswap_note(struct elf_note *en) { }
 1847: #endif /* BSWAP_NEEDED */
 1848: 
 1849: /*
 1850:  * Minimal support for linux memory regions.  These are needed
 1851:  * when we are finding out what memory exactly belongs to
 1852:  * emulated process.  No locks needed here, as long as
 1853:  * thread that received the signal is stopped.
 1854:  */
 1855: 
 1856: static struct mm_struct *vma_init(void)
 1857: {
 1858:     struct mm_struct *mm;
 1859: 
 1860:     if ((mm = qemu_malloc(sizeof (*mm))) == NULL)
 1861:         return (NULL);
 1862: 
 1863:     mm->mm_count = 0;
 1864:     QTAILQ_INIT(&mm->mm_mmap);
 1865: 
 1866:     return (mm);
 1867: }
 1868: 
 1869: static void vma_delete(struct mm_struct *mm)
 1870: {
 1871:     struct vm_area_struct *vma;
 1872: 
 1873:     while ((vma = vma_first(mm)) != NULL) {
 1874:         QTAILQ_REMOVE(&mm->mm_mmap, vma, vma_link);
 1875:         qemu_free(vma);
 1876:     }
 1877:     qemu_free(mm);
 1878: }
 1879: 
 1880: static int vma_add_mapping(struct mm_struct *mm, abi_ulong start,
 1881:                            abi_ulong end, abi_ulong flags)
 1882: {
 1883:     struct vm_area_struct *vma;
 1884: 
 1885:     if ((vma = qemu_mallocz(sizeof (*vma))) == NULL)
 1886:         return (-1);
 1887: 
 1888:     vma->vma_start = start;
 1889:     vma->vma_end = end;
 1890:     vma->vma_flags = flags;
 1891: 
 1892:     QTAILQ_INSERT_TAIL(&mm->mm_mmap, vma, vma_link);
 1893:     mm->mm_count++;
 1894: 
 1895:     return (0);
 1896: }
 1897: 
 1898: static struct vm_area_struct *vma_first(const struct mm_struct *mm)
 1899: {
 1900:     return (QTAILQ_FIRST(&mm->mm_mmap));
 1901: }
 1902: 
 1903: static struct vm_area_struct *vma_next(struct vm_area_struct *vma)
 1904: {
 1905:     return (QTAILQ_NEXT(vma, vma_link));
 1906: }
 1907: 
 1908: static int vma_get_mapping_count(const struct mm_struct *mm)
 1909: {
 1910:     return (mm->mm_count);
 1911: }
 1912: 
 1913: /*
 1914:  * Calculate file (dump) size of given memory region.
 1915:  */
 1916: static abi_ulong vma_dump_size(const struct vm_area_struct *vma)
 1917: {
 1918:     /* if we cannot even read the first page, skip it */
 1919:     if (!access_ok(VERIFY_READ, vma->vma_start, TARGET_PAGE_SIZE))
 1920:         return (0);
 1921: 
 1922:     /*
 1923:      * Usually we don't dump executable pages as they contain
 1924:      * non-writable code that debugger can read directly from
 1925:      * target library etc.  However, thread stacks are marked
 1926:      * also executable so we read in first page of given region
 1927:      * and check whether it contains elf header.  If there is
 1928:      * no elf header, we dump it.
 1929:      */
 1930:     if (vma->vma_flags & PROT_EXEC) {
 1931:         char page[TARGET_PAGE_SIZE];
 1932: 
 1933:         copy_from_user(page, vma->vma_start, sizeof (page));
 1934:         if ((page[EI_MAG0] == ELFMAG0) &&
 1935:             (page[EI_MAG1] == ELFMAG1) &&
 1936:             (page[EI_MAG2] == ELFMAG2) &&
 1937:             (page[EI_MAG3] == ELFMAG3)) {
 1938:             /*
 1939:              * Mappings are possibly from ELF binary.  Don't dump
 1940:              * them.
 1941:              */
 1942:             return (0);
 1943:         }
 1944:     }
 1945: 
 1946:     return (vma->vma_end - vma->vma_start);
 1947: }
 1948: 
 1949: static int vma_walker(void *priv, abi_ulong start, abi_ulong end,
 1950:                       unsigned long flags)
 1951: {
 1952:     struct mm_struct *mm = (struct mm_struct *)priv;
 1953: 
 1954:     vma_add_mapping(mm, start, end, flags);
 1955:     return (0);
 1956: }
 1957: 
 1958: static void fill_note(struct memelfnote *note, const char *name, int type,
 1959:                       unsigned int sz, void *data)
 1960: {
 1961:     unsigned int namesz;
 1962: 
 1963:     namesz = strlen(name) + 1;
 1964:     note->name = name;
 1965:     note->namesz = namesz;
 1966:     note->namesz_rounded = roundup(namesz, sizeof (int32_t));
 1967:     note->type = type;
 1968:     note->datasz = roundup(sz, sizeof (int32_t));;
 1969:     note->data = data;
 1970: 
 1971:     /*
 1972:      * We calculate rounded up note size here as specified by
 1973:      * ELF document.
 1974:      */
 1975:     note->notesz = sizeof (struct elf_note) +
 1976:         note->namesz_rounded + note->datasz;
 1977: }
 1978: 
 1979: static void fill_elf_header(struct elfhdr *elf, int segs, uint16_t machine,
 1980:                             uint32_t flags)
 1981: {
 1982:     (void) memset(elf, 0, sizeof(*elf));
 1983: 
 1984:     (void) memcpy(elf->e_ident, ELFMAG, SELFMAG);
 1985:     elf->e_ident[EI_CLASS] = ELF_CLASS;
 1986:     elf->e_ident[EI_DATA] = ELF_DATA;
 1987:     elf->e_ident[EI_VERSION] = EV_CURRENT;
 1988:     elf->e_ident[EI_OSABI] = ELF_OSABI;
 1989: 
 1990:     elf->e_type = ET_CORE;
 1991:     elf->e_machine = machine;
 1992:     elf->e_version = EV_CURRENT;
 1993:     elf->e_phoff = sizeof(struct elfhdr);
 1994:     elf->e_flags = flags;
 1995:     elf->e_ehsize = sizeof(struct elfhdr);
 1996:     elf->e_phentsize = sizeof(struct elf_phdr);
 1997:     elf->e_phnum = segs;
 1998: 
 1999:     bswap_ehdr(elf);
 2000: }
 2001: 
 2002: static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, off_t offset)
 2003: {
 2004:     phdr->p_type = PT_NOTE;
 2005:     phdr->p_offset = offset;
 2006:     phdr->p_vaddr = 0;
 2007:     phdr->p_paddr = 0;
 2008:     phdr->p_filesz = sz;
 2009:     phdr->p_memsz = 0;
 2010:     phdr->p_flags = 0;
 2011:     phdr->p_align = 0;
 2012: 
 2013:     bswap_phdr(phdr, 1);
 2014: }
 2015: 
 2016: static size_t note_size(const struct memelfnote *note)
 2017: {
 2018:     return (note->notesz);
 2019: }
 2020: 
 2021: static void fill_prstatus(struct target_elf_prstatus *prstatus,
 2022:                           const TaskState *ts, int signr)
 2023: {
 2024:     (void) memset(prstatus, 0, sizeof (*prstatus));
 2025:     prstatus->pr_info.si_signo = prstatus->pr_cursig = signr;
 2026:     prstatus->pr_pid = ts->ts_tid;
 2027:     prstatus->pr_ppid = getppid();
 2028:     prstatus->pr_pgrp = getpgrp();
 2029:     prstatus->pr_sid = getsid(0);
 2030: 
 2031:     bswap_prstatus(prstatus);
 2032: }
 2033: 
 2034: static int fill_psinfo(struct target_elf_prpsinfo *psinfo, const TaskState *ts)
 2035: {
 2036:     char *filename, *base_filename;
 2037:     unsigned int i, len;
 2038: 
 2039:     (void) memset(psinfo, 0, sizeof (*psinfo));
 2040: 
 2041:     len = ts->info->arg_end - ts->info->arg_start;
 2042:     if (len >= ELF_PRARGSZ)
 2043:         len = ELF_PRARGSZ - 1;
 2044:     if (copy_from_user(&psinfo->pr_psargs, ts->info->arg_start, len))
 2045:         return -EFAULT;
 2046:     for (i = 0; i < len; i++)
 2047:         if (psinfo->pr_psargs[i] == 0)
 2048:             psinfo->pr_psargs[i] = ' ';
 2049:     psinfo->pr_psargs[len] = 0;
 2050: 
 2051:     psinfo->pr_pid = getpid();
 2052:     psinfo->pr_ppid = getppid();
 2053:     psinfo->pr_pgrp = getpgrp();
 2054:     psinfo->pr_sid = getsid(0);
 2055:     psinfo->pr_uid = getuid();
 2056:     psinfo->pr_gid = getgid();
 2057: 
 2058:     filename = strdup(ts->bprm->filename);
 2059:     base_filename = strdup(basename(filename));
 2060:     (void) strncpy(psinfo->pr_fname, base_filename,
 2061:                    sizeof(psinfo->pr_fname));
 2062:     free(base_filename);
 2063:     free(filename);
 2064: 
 2065:     bswap_psinfo(psinfo);
 2066:     return (0);
 2067: }
 2068: 
 2069: static void fill_auxv_note(struct memelfnote *note, const TaskState *ts)
 2070: {
 2071:     elf_addr_t auxv = (elf_addr_t)ts->info->saved_auxv;
 2072:     elf_addr_t orig_auxv = auxv;
 2073:     abi_ulong val;
 2074:     void *ptr;
 2075:     int i, len;
 2076: 
 2077:     /*
 2078:      * Auxiliary vector is stored in target process stack.  It contains
 2079:      * {type, value} pairs that we need to dump into note.  This is not
 2080:      * strictly necessary but we do it here for sake of completeness.
 2081:      */
 2082: 
 2083:     /* find out lenght of the vector, AT_NULL is terminator */
 2084:     i = len = 0;
 2085:     do {
 2086:         get_user_ual(val, auxv);
 2087:         i += 2;
 2088:         auxv += 2 * sizeof (elf_addr_t);
 2089:     } while (val != AT_NULL);
 2090:     len = i * sizeof (elf_addr_t);
 2091: 
 2092:     /* read in whole auxv vector and copy it to memelfnote */
 2093:     ptr = lock_user(VERIFY_READ, orig_auxv, len, 0);
 2094:     if (ptr != NULL) {
 2095:         fill_note(note, "CORE", NT_AUXV, len, ptr);
 2096:         unlock_user(ptr, auxv, len);
 2097:     }
 2098: }
 2099: 
 2100: /*
 2101:  * Constructs name of coredump file.  We have following convention
 2102:  * for the name:
 2103:  *     qemu_<basename-of-target-binary>_<date>-<time>_<pid>.core
 2104:  *
 2105:  * Returns 0 in case of success, -1 otherwise (errno is set).
 2106:  */
 2107: static int core_dump_filename(const TaskState *ts, char *buf,
 2108:                               size_t bufsize)
 2109: {
 2110:     char timestamp[64];
 2111:     char *filename = NULL;
 2112:     char *base_filename = NULL;
 2113:     struct timeval tv;
 2114:     struct tm tm;
 2115: 
 2116:     assert(bufsize >= PATH_MAX);
 2117: 
 2118:     if (gettimeofday(&tv, NULL) < 0) {
 2119:         (void) fprintf(stderr, "unable to get current timestamp: %s",
 2120:                        strerror(errno));
 2121:         return (-1);
 2122:     }
 2123: 
 2124:     filename = strdup(ts->bprm->filename);
 2125:     base_filename = strdup(basename(filename));
 2126:     (void) strftime(timestamp, sizeof (timestamp), "%Y%m%d-%H%M%S",
 2127:                     localtime_r(&tv.tv_sec, &tm));
 2128:     (void) snprintf(buf, bufsize, "qemu_%s_%s_%d.core",
 2129:                     base_filename, timestamp, (int)getpid());
 2130:     free(base_filename);
 2131:     free(filename);
 2132: 
 2133:     return (0);
 2134: }
 2135: 
 2136: static int dump_write(int fd, const void *ptr, size_t size)
 2137: {
 2138:     const char *bufp = (const char *)ptr;
 2139:     ssize_t bytes_written, bytes_left;
 2140:     struct rlimit dumpsize;
 2141:     off_t pos;
 2142: 
 2143:     bytes_written = 0;
 2144:     getrlimit(RLIMIT_CORE, &dumpsize);
 2145:     if ((pos = lseek(fd, 0, SEEK_CUR))==-1) {
 2146:         if (errno == ESPIPE) { /* not a seekable stream */
 2147:             bytes_left = size;
 2148:         } else {
 2149:             return pos;
 2150:         }
 2151:     } else {
 2152:         if (dumpsize.rlim_cur <= pos) {
 2153:             return -1;
 2154:         } else if (dumpsize.rlim_cur == RLIM_INFINITY) {
 2155:             bytes_left = size;
 2156:         } else {
 2157:             size_t limit_left=dumpsize.rlim_cur - pos;
 2158:             bytes_left = limit_left >= size ? size : limit_left ;
 2159:         }
 2160:     }
 2161: 
 2162:     /*
 2163:      * In normal conditions, single write(2) should do but
 2164:      * in case of socket etc. this mechanism is more portable.
 2165:      */
 2166:     do {
 2167:         bytes_written = write(fd, bufp, bytes_left);
 2168:         if (bytes_written < 0) {
 2169:             if (errno == EINTR)
 2170:                 continue;
 2171:             return (-1);
 2172:         } else if (bytes_written == 0) { /* eof */
 2173:             return (-1);
 2174:         }
 2175:         bufp += bytes_written;
 2176:         bytes_left -= bytes_written;
 2177:     } while (bytes_left > 0);
 2178: 
 2179:     return (0);
 2180: }
 2181: 
 2182: static int write_note(struct memelfnote *men, int fd)
 2183: {
 2184:     struct elf_note en;
 2185: 
 2186:     en.n_namesz = men->namesz;
 2187:     en.n_type = men->type;
 2188:     en.n_descsz = men->datasz;
 2189: 
 2190:     bswap_note(&en);
 2191: 
 2192:     if (dump_write(fd, &en, sizeof(en)) != 0)
 2193:         return (-1);
 2194:     if (dump_write(fd, men->name, men->namesz_rounded) != 0)
 2195:         return (-1);
 2196:     if (dump_write(fd, men->data, men->datasz) != 0)
 2197:         return (-1);
 2198: 
 2199:     return (0);
 2200: }
 2201: 
 2202: static void fill_thread_info(struct elf_note_info *info, const CPUState *env)
 2203: {
 2204:     TaskState *ts = (TaskState *)env->opaque;
 2205:     struct elf_thread_status *ets;
 2206: 
 2207:     ets = qemu_mallocz(sizeof (*ets));
 2208:     ets->num_notes = 1; /* only prstatus is dumped */
 2209:     fill_prstatus(&ets->prstatus, ts, 0);
 2210:     elf_core_copy_regs(&ets->prstatus.pr_reg, env);
 2211:     fill_note(&ets->notes[0], "CORE", NT_PRSTATUS, sizeof (ets->prstatus),
 2212:               &ets->prstatus);
 2213: 
 2214:     QTAILQ_INSERT_TAIL(&info->thread_list, ets, ets_link);
 2215: 
 2216:     info->notes_size += note_size(&ets->notes[0]);
 2217: }
 2218: 
 2219: static int fill_note_info(struct elf_note_info *info,
 2220:                           long signr, const CPUState *env)
 2221: {
 2222: #define NUMNOTES 3
 2223:     CPUState *cpu = NULL;
 2224:     TaskState *ts = (TaskState *)env->opaque;
 2225:     int i;
 2226: 
 2227:     (void) memset(info, 0, sizeof (*info));
 2228: 
 2229:     QTAILQ_INIT(&info->thread_list);
 2230: 
 2231:     info->notes = qemu_mallocz(NUMNOTES * sizeof (struct memelfnote));
 2232:     if (info->notes == NULL)
 2233:         return (-ENOMEM);
 2234:     info->prstatus = qemu_mallocz(sizeof (*info->prstatus));
 2235:     if (info->prstatus == NULL)
 2236:         return (-ENOMEM);
 2237:     info->psinfo = qemu_mallocz(sizeof (*info->psinfo));
 2238:     if (info->prstatus == NULL)
 2239:         return (-ENOMEM);
 2240: 
 2241:     /*
 2242:      * First fill in status (and registers) of current thread
 2243:      * including process info & aux vector.
 2244:      */
 2245:     fill_prstatus(info->prstatus, ts, signr);
 2246:     elf_core_copy_regs(&info->prstatus->pr_reg, env);
 2247:     fill_note(&info->notes[0], "CORE", NT_PRSTATUS,
 2248:               sizeof (*info->prstatus), info->prstatus);
 2249:     fill_psinfo(info->psinfo, ts);
 2250:     fill_note(&info->notes[1], "CORE", NT_PRPSINFO,
 2251:               sizeof (*info->psinfo), info->psinfo);
 2252:     fill_auxv_note(&info->notes[2], ts);
 2253:     info->numnote = 3;
 2254: 
 2255:     info->notes_size = 0;
 2256:     for (i = 0; i < info->numnote; i++)
 2257:         info->notes_size += note_size(&info->notes[i]);
 2258: 
 2259:     /* read and fill status of all threads */
 2260:     cpu_list_lock();
 2261:     for (cpu = first_cpu; cpu != NULL; cpu = cpu->next_cpu) {
 2262:         if (cpu == thread_env)
 2263:             continue;
 2264:         fill_thread_info(info, cpu);
 2265:     }
 2266:     cpu_list_unlock();
 2267: 
 2268:     return (0);
 2269: }
 2270: 
 2271: static void free_note_info(struct elf_note_info *info)
 2272: {
 2273:     struct elf_thread_status *ets;
 2274: 
 2275:     while (!QTAILQ_EMPTY(&info->thread_list)) {
 2276:         ets = QTAILQ_FIRST(&info->thread_list);
 2277:         QTAILQ_REMOVE(&info->thread_list, ets, ets_link);
 2278:         qemu_free(ets);
 2279:     }
 2280: 
 2281:     qemu_free(info->prstatus);
 2282:     qemu_free(info->psinfo);
 2283:     qemu_free(info->notes);
 2284: }
 2285: 
 2286: static int write_note_info(struct elf_note_info *info, int fd)
 2287: {
 2288:     struct elf_thread_status *ets;
 2289:     int i, error = 0;
 2290: 
 2291:     /* write prstatus, psinfo and auxv for current thread */
 2292:     for (i = 0; i < info->numnote; i++)
 2293:         if ((error = write_note(&info->notes[i], fd)) != 0)
 2294:             return (error);
 2295: 
 2296:     /* write prstatus for each thread */
 2297:     for (ets = info->thread_list.tqh_first; ets != NULL;
 2298:          ets = ets->ets_link.tqe_next) {
 2299:         if ((error = write_note(&ets->notes[0], fd)) != 0)
 2300:             return (error);
 2301:     }
 2302: 
 2303:     return (0);
 2304: }
 2305: 
 2306: /*
 2307:  * Write out ELF coredump.
 2308:  *
 2309:  * See documentation of ELF object file format in:
 2310:  * http://www.caldera.com/developers/devspecs/gabi41.pdf
 2311:  *
 2312:  * Coredump format in linux is following:
 2313:  *
 2314:  * 0   +----------------------+         \
 2315:  *     | ELF header           | ET_CORE  |
 2316:  *     +----------------------+          |
 2317:  *     | ELF program headers  |          |--- headers
 2318:  *     | - NOTE section       |          |
 2319:  *     | - PT_LOAD sections   |          |
 2320:  *     +----------------------+         /
 2321:  *     | NOTEs:               |
 2322:  *     | - NT_PRSTATUS        |
 2323:  *     | - NT_PRSINFO         |
 2324:  *     | - NT_AUXV            |
 2325:  *     +----------------------+ <-- aligned to target page
 2326:  *     | Process memory dump  |
 2327:  *     :                      :
 2328:  *     .                      .
 2329:  *     :                      :
 2330:  *     |                      |
 2331:  *     +----------------------+
 2332:  *
 2333:  * NT_PRSTATUS -> struct elf_prstatus (per thread)
 2334:  * NT_PRSINFO  -> struct elf_prpsinfo
 2335:  * NT_AUXV is array of { type, value } pairs (see fill_auxv_note()).
 2336:  *
 2337:  * Format follows System V format as close as possible.  Current
 2338:  * version limitations are as follows:
 2339:  *     - no floating point registers are dumped
 2340:  *
 2341:  * Function returns 0 in case of success, negative errno otherwise.
 2342:  *
 2343:  * TODO: make this work also during runtime: it should be
 2344:  * possible to force coredump from running process and then
 2345:  * continue processing.  For example qemu could set up SIGUSR2
 2346:  * handler (provided that target process haven't registered
 2347:  * handler for that) that does the dump when signal is received.
 2348:  */
 2349: static int elf_core_dump(int signr, const CPUState *env)
 2350: {
 2351:     const TaskState *ts = (const TaskState *)env->opaque;
 2352:     struct vm_area_struct *vma = NULL;
 2353:     char corefile[PATH_MAX];
 2354:     struct elf_note_info info;
 2355:     struct elfhdr elf;
 2356:     struct elf_phdr phdr;
 2357:     struct rlimit dumpsize;
 2358:     struct mm_struct *mm = NULL;
 2359:     off_t offset = 0, data_offset = 0;
 2360:     int segs = 0;
 2361:     int fd = -1;
 2362: 
 2363:     errno = 0;
 2364:     getrlimit(RLIMIT_CORE, &dumpsize);
 2365:     if (dumpsize.rlim_cur == 0)
 2366:         return 0;
 2367: 
 2368:     if (core_dump_filename(ts, corefile, sizeof (corefile)) < 0)
 2369:         return (-errno);
 2370: 
 2371:     if ((fd = open(corefile, O_WRONLY | O_CREAT,
 2372:                    S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH)) < 0)
 2373:         return (-errno);
 2374: 
 2375:     /*
 2376:      * Walk through target process memory mappings and
 2377:      * set up structure containing this information.  After
 2378:      * this point vma_xxx functions can be used.
 2379:      */
 2380:     if ((mm = vma_init()) == NULL)
 2381:         goto out;
 2382: 
 2383:     walk_memory_regions(mm, vma_walker);
 2384:     segs = vma_get_mapping_count(mm);
 2385: 
 2386:     /*
 2387:      * Construct valid coredump ELF header.  We also
 2388:      * add one more segment for notes.
 2389:      */
 2390:     fill_elf_header(&elf, segs + 1, ELF_MACHINE, 0);
 2391:     if (dump_write(fd, &elf, sizeof (elf)) != 0)
 2392:         goto out;
 2393: 
 2394:     /* fill in in-memory version of notes */
 2395:     if (fill_note_info(&info, signr, env) < 0)
 2396:         goto out;
 2397: 
 2398:     offset += sizeof (elf);                             /* elf header */
 2399:     offset += (segs + 1) * sizeof (struct elf_phdr);    /* program headers */
 2400: 
 2401:     /* write out notes program header */
 2402:     fill_elf_note_phdr(&phdr, info.notes_size, offset);
 2403: 
 2404:     offset += info.notes_size;
 2405:     if (dump_write(fd, &phdr, sizeof (phdr)) != 0)
 2406:         goto out;
 2407: 
 2408:     /*
 2409:      * ELF specification wants data to start at page boundary so
 2410:      * we align it here.
 2411:      */
 2412:     offset = roundup(offset, ELF_EXEC_PAGESIZE);
 2413: 
 2414:     /*
 2415:      * Write program headers for memory regions mapped in
 2416:      * the target process.
 2417:      */
 2418:     for (vma = vma_first(mm); vma != NULL; vma = vma_next(vma)) {
 2419:         (void) memset(&phdr, 0, sizeof (phdr));
 2420: 
 2421:         phdr.p_type = PT_LOAD;
 2422:         phdr.p_offset = offset;
 2423:         phdr.p_vaddr = vma->vma_start;
 2424:         phdr.p_paddr = 0;
 2425:         phdr.p_filesz = vma_dump_size(vma);
 2426:         offset += phdr.p_filesz;
 2427:         phdr.p_memsz = vma->vma_end - vma->vma_start;
 2428:         phdr.p_flags = vma->vma_flags & PROT_READ ? PF_R : 0;
 2429:         if (vma->vma_flags & PROT_WRITE)
 2430:             phdr.p_flags |= PF_W;
 2431:         if (vma->vma_flags & PROT_EXEC)
 2432:             phdr.p_flags |= PF_X;
 2433:         phdr.p_align = ELF_EXEC_PAGESIZE;
 2434: 
 2435:         dump_write(fd, &phdr, sizeof (phdr));
 2436:     }
 2437: 
 2438:     /*
 2439:      * Next we write notes just after program headers.  No
 2440:      * alignment needed here.
 2441:      */
 2442:     if (write_note_info(&info, fd) < 0)
 2443:         goto out;
 2444: 
 2445:     /* align data to page boundary */
 2446:     data_offset = lseek(fd, 0, SEEK_CUR);
 2447:     data_offset = TARGET_PAGE_ALIGN(data_offset);
 2448:     if (lseek(fd, data_offset, SEEK_SET) != data_offset)
 2449:         goto out;
 2450: 
 2451:     /*
 2452:      * Finally we can dump process memory into corefile as well.
 2453:      */
 2454:     for (vma = vma_first(mm); vma != NULL; vma = vma_next(vma)) {
 2455:         abi_ulong addr;
 2456:         abi_ulong end;
 2457: 
 2458:         end = vma->vma_start + vma_dump_size(vma);
 2459: 
 2460:         for (addr = vma->vma_start; addr < end;
 2461:              addr += TARGET_PAGE_SIZE) {
 2462:             char page[TARGET_PAGE_SIZE];
 2463:             int error;
 2464: 
 2465:             /*
 2466:              *  Read in page from target process memory and
 2467:              *  write it to coredump file.
 2468:              */
 2469:             error = copy_from_user(page, addr, sizeof (page));
 2470:             if (error != 0) {
 2471:                 (void) fprintf(stderr, "unable to dump " TARGET_ABI_FMT_lx "\n",
 2472:                                addr);
 2473:                 errno = -error;
 2474:                 goto out;
 2475:             }
 2476:             if (dump_write(fd, page, TARGET_PAGE_SIZE) < 0)
 2477:                 goto out;
 2478:         }
 2479:     }
 2480: 
 2481:  out:
 2482:     free_note_info(&info);
 2483:     if (mm != NULL)
 2484:         vma_delete(mm);
 2485:     (void) close(fd);
 2486: 
 2487:     if (errno != 0)
 2488:         return (-errno);
 2489:     return (0);
 2490: }
 2491: #endif /* USE_ELF_CORE_DUMP */
 2492: 
 2493: void do_init_thread(struct target_pt_regs *regs, struct image_info *infop)
 2494: {
 2495:     init_thread(regs, infop);
 2496: }

unix.superglobalmegacorp.com