1 2 /*--------------------------------------------------------------------*/ 3 /*--- User-mode execve() for ELF executables m_ume_elf.c ---*/ 4 /*--------------------------------------------------------------------*/ 5 6 /* 7 This file is part of Valgrind, a dynamic binary instrumentation 8 framework. 9 10 Copyright (C) 2000-2017 Julian Seward 11 jseward (at) acm.org 12 13 This program is free software; you can redistribute it and/or 14 modify it under the terms of the GNU General Public License as 15 published by the Free Software Foundation; either version 2 of the 16 License, or (at your option) any later version. 17 18 This program is distributed in the hope that it will be useful, but 19 WITHOUT ANY WARRANTY; without even the implied warranty of 20 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 21 General Public License for more details. 22 23 You should have received a copy of the GNU General Public License 24 along with this program; if not, write to the Free Software 25 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 26 02111-1307, USA. 27 28 The GNU General Public License is contained in the file COPYING. 29 */ 30 31 #if defined(VGO_linux) || defined(VGO_solaris) 32 33 #include "pub_core_basics.h" 34 #include "pub_core_vki.h" 35 36 #include "pub_core_aspacemgr.h" // various mapping fns 37 #include "pub_core_debuglog.h" 38 #include "pub_core_libcassert.h" // VG_(exit), vg_assert 39 #include "pub_core_libcbase.h" // VG_(memcmp), etc 40 #include "pub_core_libcprint.h" 41 #include "pub_core_libcfile.h" // VG_(open) et al 42 #include "pub_core_machine.h" // VG_ELF_CLASS (XXX: which should be moved) 43 #include "pub_core_mallocfree.h" // VG_(malloc), VG_(free) 44 #include "pub_core_syscall.h" // VG_(strerror) 45 #include "pub_core_ume.h" // self 46 47 #include "priv_ume.h" 48 49 /* --- !!! --- EXTERNAL HEADERS start --- !!! --- */ 50 #if defined(VGO_linux) 51 # define _GNU_SOURCE 52 # define _FILE_OFFSET_BITS 64 53 #endif 54 /* This is for ELF types etc, and also the AT_ constants. */ 55 #include <elf.h> 56 #if defined(VGO_solaris) 57 # include <sys/fasttrap.h> // PT_SUNWDTRACE_SIZE 58 # if defined(SOLARIS_PT_SUNDWTRACE_THRP) 59 # define PT_SUNWDTRACE_PROTECTION (PF_R) 60 # else 61 # define PT_SUNWDTRACE_PROTECTION (PF_R | PF_W | PF_X) 62 # endif 63 #endif 64 /* --- !!! --- EXTERNAL HEADERS end --- !!! --- */ 65 66 67 #if VG_WORDSIZE == 8 68 #define ESZ(x) Elf64_##x 69 #elif VG_WORDSIZE == 4 70 #define ESZ(x) Elf32_##x 71 #else 72 #error VG_WORDSIZE needs to ==4 or ==8 73 #endif 74 75 struct elfinfo 76 { 77 ESZ(Ehdr) e; 78 ESZ(Phdr) *p; 79 Int fd; 80 }; 81 82 #if defined(VGO_linux) 83 84 /* 85 arch_elf_pt_proc() - check a PT_LOPROC..PT_HIPROC ELF program header 86 @ehdr: The main ELF header 87 @phdr: The program header to check 88 @fd: The ELF file filedescriptor 89 @is_interpreter: True if the phdr is from the interpreter of the ELF 90 being loaded, else false. 91 @state: Architecture-specific state preserved throughout the process 92 of loading the ELF. 93 94 Inspects the program header phdr to validate its correctness and/or 95 suitability for the system. Called once per ELF program header in the 96 range PT_LOPROC to PT_HIPROC, for both the ELF being loaded and its 97 interpreter. 98 99 Return: Zero to proceed with the ELF load, non-zero to fail the ELF load 100 with that return code. 101 102 arch_check_elf() 103 @ehdr: The main ELF header 104 @has_interpreter: True if the ELF has an interpreter, else false. 105 @state: Architecture-specific state preserved throughout the process 106 of loading the ELF. 107 108 Provides a final opportunity for architecture code to reject the loading 109 of the ELF. This is called after all program headers to be checked by 110 arch_elf_pt_proc have been. 111 112 Return: Zero to proceed with the ELF load, non-zero to fail the ELF load 113 with that return code. 114 115 Ref: linux/fs/binfmt_elf.c 116 */ 117 118 # if defined(VGP_mips32_linux) 119 120 /* Ref: linux/arch/mips/kernel/elf.c */ 121 static inline Int arch_elf_pt_proc(ESZ(Ehdr) *ehdr, 122 ESZ(Phdr) *phdr, 123 Int fd, Bool is_interpreter, 124 struct vki_arch_elf_state *state) 125 { 126 struct vki_mips_elf_abiflags_v0 abiflags; 127 SysRes sres; 128 129 if ( (ehdr->e_ident[EI_CLASS] == ELFCLASS32) && 130 (ehdr->e_flags & VKI_EF_MIPS_FP64) ) { 131 /* 132 * Set MIPS_ABI_FP_OLD_64 for EF_MIPS_FP64. We will override it 133 * later if needed 134 */ 135 if (is_interpreter) 136 state->interp_fp_abi = VKI_MIPS_ABI_FP_OLD_64; 137 else 138 state->fp_abi = VKI_MIPS_ABI_FP_OLD_64; 139 } 140 141 if (phdr->p_type != VKI_PT_MIPS_ABIFLAGS) 142 return 0; 143 144 if (phdr->p_filesz < sizeof(abiflags)) 145 return VKI_EINVAL; 146 147 sres = VG_(pread)(fd, &abiflags, sizeof(abiflags), phdr->p_offset); 148 149 if (sr_isError(sres)) 150 return sr_Err(sres); 151 152 if (sr_Res(sres) != sizeof(abiflags)) 153 return VKI_EIO; 154 155 /* Record the required FP ABIs for use by arch_check_elf */ 156 if (is_interpreter) 157 state->interp_fp_abi = abiflags.fp_abi; 158 else 159 state->fp_abi = abiflags.fp_abi; 160 161 return 0; 162 } 163 164 /* Ref: linux/arch/mips/kernel/elf.c */ 165 static inline Int arch_check_elf(ESZ(Ehdr) *ehdr, 166 Bool has_interpreter, 167 struct vki_arch_elf_state *state) 168 { 169 struct mode_req { 170 Bool single; 171 Bool soft; 172 Bool fr1; 173 Bool frdefault; 174 Bool fre; 175 }; 176 177 struct mode_req fpu_reqs[] = { 178 [VKI_MIPS_ABI_FP_ANY] = { True, True, True, True, True }, 179 [VKI_MIPS_ABI_FP_DOUBLE] = { False, False, False, True, True }, 180 [VKI_MIPS_ABI_FP_SINGLE] = { True, False, False, False, False }, 181 [VKI_MIPS_ABI_FP_SOFT] = { False, True, False, False, False }, 182 [VKI_MIPS_ABI_FP_OLD_64] = { False, False, False, False, False }, 183 [VKI_MIPS_ABI_FP_XX] = { False, False, True, True, True }, 184 [VKI_MIPS_ABI_FP_64] = { False, False, True, False, False }, 185 [VKI_MIPS_ABI_FP_64A] = { False, False, True, False, True } 186 }; 187 188 /* Mode requirements when .MIPS.abiflags is not present in the ELF. 189 Not present means that everything is acceptable except FR1. */ 190 struct mode_req none_req = { True, True, False, True, True }; 191 192 struct mode_req prog_req, interp_req; 193 Int fp_abi, interp_fp_abi, abi0, abi1, max_abi; 194 Bool is_mips64; 195 196 VexArchInfo vai; 197 VG_(machine_get_VexArchInfo)(NULL, &vai); 198 199 fp_abi = state->fp_abi; 200 201 if (has_interpreter) { 202 interp_fp_abi = state->interp_fp_abi; 203 204 abi0 = VG_MIN(fp_abi, interp_fp_abi); 205 abi1 = VG_MAX(fp_abi, interp_fp_abi); 206 } else { 207 abi0 = abi1 = fp_abi; 208 } 209 210 is_mips64 = (ehdr->e_ident[EI_CLASS] == ELFCLASS64) || 211 (ehdr->e_flags & EF_MIPS_ABI2); 212 213 if (is_mips64) { 214 /* MIPS64 code always uses FR=1, thus the default is easy */ 215 state->overall_fp_mode = VKI_FP_FR1; 216 217 /* Disallow access to the various FPXX & FP64 ABIs */ 218 max_abi = VKI_MIPS_ABI_FP_SOFT; 219 } else { 220 /* Default to a mode capable of running code expecting FR=0 */ 221 222 /* TODO: Should be changed during implementation of MIPS-R6 support. 223 state->overall_fp_mode = cpu_has_mips_r6 ? VKI_FP_FRE : VKI_FP_FR0; */ 224 state->overall_fp_mode = VKI_FP_FR0; 225 226 /* Allow all ABIs we know about */ 227 max_abi = VKI_MIPS_ABI_FP_64A; 228 } 229 230 if ((abi0 > max_abi && abi0 != VKI_MIPS_ABI_FP_UNKNOWN) || 231 (abi1 > max_abi && abi1 != VKI_MIPS_ABI_FP_UNKNOWN)) 232 return VKI_ELIBBAD; 233 234 /* It's time to determine the FPU mode requirements */ 235 prog_req = (abi0 == VKI_MIPS_ABI_FP_UNKNOWN) ? none_req : fpu_reqs[abi0]; 236 interp_req = (abi1 == VKI_MIPS_ABI_FP_UNKNOWN) ? none_req : fpu_reqs[abi1]; 237 238 /* Check whether the program's and interp's ABIs have a matching FPU 239 mode requirement. */ 240 prog_req.single = interp_req.single && prog_req.single; 241 prog_req.soft = interp_req.soft && prog_req.soft; 242 prog_req.fr1 = interp_req.fr1 && prog_req.fr1; 243 prog_req.frdefault = interp_req.frdefault && prog_req.frdefault; 244 prog_req.fre = interp_req.fre && prog_req.fre; 245 246 /* Determine the desired FPU mode 247 248 Decision making: 249 250 - We want FR_FRE if FRE=1 and both FR=1 and FR=0 are false. This 251 means that we have a combination of program and interpreter 252 that inherently require the hybrid FP mode. 253 - If FR1 and FRDEFAULT is true, that means we hit the any-abi or 254 fpxx case. This is because, in any-ABI (or no-ABI) we have no FPU 255 instructions so we don't care about the mode. We will simply use 256 the one preferred by the hardware. In fpxx case, that ABI can 257 handle both FR=1 and FR=0, so, again, we simply choose the one 258 preferred by the hardware. Next, if we only use single-precision 259 FPU instructions, and the default ABI FPU mode is not good 260 (ie single + any ABI combination), we set again the FPU mode to the 261 one is preferred by the hardware. Next, if we know that the code 262 will only use single-precision instructions, shown by single being 263 true but frdefault being false, then we again set the FPU mode to 264 the one that is preferred by the hardware. 265 - We want FP_FR1 if that's the only matching mode and the default one 266 is not good. 267 - Return with ELIBADD if we can't find a matching FPU mode. */ 268 if (prog_req.fre && !prog_req.frdefault && !prog_req.fr1) 269 state->overall_fp_mode = VKI_FP_FRE; 270 else if ((prog_req.fr1 && prog_req.frdefault) || 271 (prog_req.single && !prog_req.frdefault)) 272 state->overall_fp_mode = VEX_MIPS_HOST_FP_MODE(vai.hwcaps) ? 273 VKI_FP_FR1 : VKI_FP_FR0; 274 else if (prog_req.fr1) 275 state->overall_fp_mode = VKI_FP_FR1; 276 else if (!prog_req.fre && !prog_req.frdefault && 277 !prog_req.fr1 && !prog_req.single && !prog_req.soft) 278 return VKI_ELIBBAD; 279 280 /* TODO: Currently, Valgrind doesn't support FRE and doesn't support FR1 281 emulation on FR0 system, so in those cases we are forced to 282 reject the ELF. */ 283 if ((state->overall_fp_mode == VKI_FP_FRE) || 284 ((state->overall_fp_mode == VKI_FP_FR1) && 285 !VEX_MIPS_HOST_FP_MODE(vai.hwcaps))) 286 return VKI_ELIBBAD; 287 288 return 0; 289 } 290 291 # else 292 293 static inline Int arch_elf_pt_proc(ESZ(Ehdr) *ehdr, 294 ESZ(Phdr) *phdr, 295 Int fd, Bool is_interpreter, 296 struct vki_arch_elf_state *state) 297 { 298 /* Dummy implementation, always proceed */ 299 return 0; 300 } 301 302 static inline Int arch_check_elf(ESZ(Ehdr) *ehdr, 303 Bool has_interpreter, 304 struct vki_arch_elf_state *state) 305 { 306 /* Dummy implementation, always proceed */ 307 return 0; 308 } 309 310 # endif 311 #endif 312 313 static void check_mmap(SysRes res, Addr base, SizeT len) 314 { 315 if (sr_isError(res)) { 316 VG_(printf)("valgrind: mmap(0x%llx, %lld) failed in UME " 317 "with error %lu (%s).\n", 318 (ULong)base, (Long)len, 319 sr_Err(res), VG_(strerror)(sr_Err(res)) ); 320 if (sr_Err(res) == VKI_EINVAL) { 321 VG_(printf)("valgrind: this can be caused by executables with " 322 "very large text, data or bss segments.\n"); 323 } 324 VG_(exit)(1); 325 } 326 } 327 328 /*------------------------------------------------------------*/ 329 /*--- Loading ELF files ---*/ 330 /*------------------------------------------------------------*/ 331 332 static 333 struct elfinfo *readelf(Int fd, const HChar *filename) 334 { 335 SysRes sres; 336 struct elfinfo *e = VG_(malloc)("ume.re.1", sizeof(*e)); 337 Int phsz; 338 339 e->fd = fd; 340 341 sres = VG_(pread)(fd, &e->e, sizeof(e->e), 0); 342 if (sr_isError(sres) || sr_Res(sres) != sizeof(e->e)) { 343 VG_(printf)("valgrind: %s: can't read ELF header: %s\n", 344 filename, VG_(strerror)(sr_Err(sres))); 345 goto bad; 346 } 347 348 if (VG_(memcmp)(&e->e.e_ident[0], ELFMAG, SELFMAG) != 0) { 349 VG_(printf)("valgrind: %s: bad ELF magic number\n", filename); 350 goto bad; 351 } 352 if (e->e.e_ident[EI_CLASS] != VG_ELF_CLASS) { 353 VG_(printf)("valgrind: wrong ELF executable class " 354 "(eg. 32-bit instead of 64-bit)\n"); 355 goto bad; 356 } 357 if (e->e.e_ident[EI_DATA] != VG_ELF_DATA2XXX) { 358 VG_(printf)("valgrind: executable has wrong endian-ness\n"); 359 goto bad; 360 } 361 if (!(e->e.e_type == ET_EXEC || e->e.e_type == ET_DYN)) { 362 VG_(printf)("valgrind: this is not an executable\n"); 363 goto bad; 364 } 365 366 if (e->e.e_machine != VG_ELF_MACHINE) { 367 VG_(printf)("valgrind: executable is not for " 368 "this architecture\n"); 369 goto bad; 370 } 371 372 if (e->e.e_phentsize != sizeof(ESZ(Phdr))) { 373 VG_(printf)("valgrind: sizeof ELF Phdr wrong\n"); 374 goto bad; 375 } 376 377 phsz = sizeof(ESZ(Phdr)) * e->e.e_phnum; 378 e->p = VG_(malloc)("ume.re.2", phsz); 379 380 sres = VG_(pread)(fd, e->p, phsz, e->e.e_phoff); 381 if (sr_isError(sres) || sr_Res(sres) != phsz) { 382 VG_(printf)("valgrind: can't read phdr: %s\n", 383 VG_(strerror)(sr_Err(sres))); 384 VG_(free)(e->p); 385 goto bad; 386 } 387 388 return e; 389 390 bad: 391 VG_(free)(e); 392 return NULL; 393 } 394 395 /* Map an ELF file. Returns the brk address. */ 396 static 397 ESZ(Addr) mapelf(struct elfinfo *e, ESZ(Addr) base) 398 { 399 Int i; 400 SysRes res; 401 ESZ(Addr) elfbrk = 0; 402 403 for (i = 0; i < e->e.e_phnum; i++) { 404 ESZ(Phdr) *ph = &e->p[i]; 405 ESZ(Addr) addr, brkaddr; 406 ESZ(Word) memsz; 407 408 if (ph->p_type != PT_LOAD) 409 continue; 410 411 addr = ph->p_vaddr+base; 412 memsz = ph->p_memsz; 413 brkaddr = addr+memsz; 414 415 if (brkaddr > elfbrk) 416 elfbrk = brkaddr; 417 } 418 419 for (i = 0; i < e->e.e_phnum; i++) { 420 ESZ(Phdr) *ph = &e->p[i]; 421 ESZ(Addr) addr, bss, brkaddr; 422 ESZ(Off) off; 423 ESZ(Word) filesz; 424 ESZ(Word) memsz; 425 unsigned prot = 0; 426 427 if (ph->p_type != PT_LOAD) 428 continue; 429 430 if (ph->p_flags & PF_X) prot |= VKI_PROT_EXEC; 431 if (ph->p_flags & PF_W) prot |= VKI_PROT_WRITE; 432 if (ph->p_flags & PF_R) prot |= VKI_PROT_READ; 433 434 addr = ph->p_vaddr+base; 435 off = ph->p_offset; 436 filesz = ph->p_filesz; 437 bss = addr+filesz; 438 memsz = ph->p_memsz; 439 brkaddr = addr+memsz; 440 441 // Tom says: In the following, do what the Linux kernel does and only 442 // map the pages that are required instead of rounding everything to 443 // the specified alignment (ph->p_align). (AMD64 doesn't work if you 444 // use ph->p_align -- part of stage2's memory gets trashed somehow.) 445 // 446 // The condition handles the case of a zero-length segment. 447 if (VG_PGROUNDUP(bss)-VG_PGROUNDDN(addr) > 0) { 448 if (0) VG_(debugLog)(0,"ume","mmap_file_fixed_client #1\n"); 449 res = VG_(am_mmap_file_fixed_client)( 450 VG_PGROUNDDN(addr), 451 VG_PGROUNDUP(bss)-VG_PGROUNDDN(addr), 452 prot, /*VKI_MAP_FIXED|VKI_MAP_PRIVATE, */ 453 e->fd, VG_PGROUNDDN(off) 454 ); 455 if (0) VG_(am_show_nsegments)(0,"after #1"); 456 check_mmap(res, VG_PGROUNDDN(addr), 457 VG_PGROUNDUP(bss)-VG_PGROUNDDN(addr)); 458 } 459 460 // if memsz > filesz, fill the remainder with zeroed pages 461 if (memsz > filesz) { 462 UInt bytes; 463 464 bytes = VG_PGROUNDUP(brkaddr)-VG_PGROUNDUP(bss); 465 if (bytes > 0) { 466 if (0) VG_(debugLog)(0,"ume","mmap_anon_fixed_client #2\n"); 467 res = VG_(am_mmap_anon_fixed_client)( 468 VG_PGROUNDUP(bss), bytes, 469 prot 470 ); 471 if (0) VG_(am_show_nsegments)(0,"after #2"); 472 check_mmap(res, VG_PGROUNDUP(bss), bytes); 473 } 474 475 bytes = bss & (VKI_PAGE_SIZE - 1); 476 477 // The 'prot' condition allows for a read-only bss 478 if ((prot & VKI_PROT_WRITE) && (bytes > 0)) { 479 bytes = VKI_PAGE_SIZE - bytes; 480 VG_(memset)((void *)bss, 0, bytes); 481 } 482 } 483 } 484 485 return elfbrk; 486 } 487 488 Bool VG_(match_ELF)(const void *hdr, SizeT len) 489 { 490 const ESZ(Ehdr) *e = hdr; 491 return (len > sizeof(*e)) && VG_(memcmp)(&e->e_ident[0], ELFMAG, SELFMAG) == 0; 492 } 493 494 495 /* load_ELF pulls an ELF executable into the address space, prepares 496 it for execution, and writes info about it into INFO. In 497 particular it fills in .init_eip, which is the starting point. 498 499 Returns zero on success, non-zero (a VKI_E.. value) on failure. 500 501 The sequence of activities is roughly as follows: 502 503 - use readelf() to extract program header info from the exe file. 504 505 - scan the program header, collecting info (not sure what all those 506 info-> fields are, or whether they are used, but still) and in 507 particular looking out fo the PT_INTERP header, which describes 508 the interpreter. If such a field is found, the space needed to 509 hold the interpreter is computed into interp_size. 510 511 - map the executable in, by calling mapelf(). This maps in all 512 loadable sections, and I _think_ also creates any .bss areas 513 required. mapelf() returns the address just beyond the end of 514 the furthest-along mapping it creates. The executable is mapped 515 starting at EBASE, which is usually read from it (eg, 0x8048000 516 etc) except if it's a PIE, in which case I'm not sure what 517 happens. 518 519 The returned address is recorded in info->brkbase as the start 520 point of the brk (data) segment, as it is traditional to place 521 the data segment just after the executable. Neither load_ELF nor 522 mapelf creates the brk segment, though: that is for the caller of 523 load_ELF to attend to. 524 525 - If the initial phdr scan didn't find any mention of an 526 interpreter (interp == NULL), this must be a statically linked 527 executable, and we're pretty much done. 528 529 - Otherwise, we need to use mapelf() a second time to load the 530 interpreter. The interpreter can go anywhere, but mapelf() wants 531 to be told a specific address to put it at. So an advisory query 532 is passed to aspacem, asking where it would put an anonymous 533 client mapping of size INTERP_SIZE. That address is then used 534 as the mapping address for the interpreter. 535 536 - The entry point in INFO is set to the interpreter's entry point, 537 and we're done. */ 538 Int VG_(load_ELF)(Int fd, const HChar* name, /*MOD*/ExeInfo* info) 539 { 540 SysRes sres; 541 struct elfinfo *e; 542 struct elfinfo *interp = NULL; 543 ESZ(Addr) minaddr = ~0; /* lowest mapped address */ 544 ESZ(Addr) maxaddr = 0; /* highest mapped address */ 545 ESZ(Addr) interp_addr = 0; /* interpreter (ld.so) address */ 546 ESZ(Word) interp_size = 0; /* interpreter size */ 547 /* ESZ(Word) interp_align = VKI_PAGE_SIZE; */ /* UNUSED */ 548 Int i; 549 void *entry; 550 ESZ(Addr) ebase = 0; 551 # if defined(VGO_solaris) 552 ESZ(Addr) thrptr_addr = 0; 553 # endif 554 555 # if defined(VGO_linux) 556 Int retval; 557 # endif 558 559 # if defined(HAVE_PIE) 560 ebase = info->exe_base; 561 # endif 562 563 e = readelf(fd, name); 564 565 if (e == NULL) 566 return VKI_ENOEXEC; 567 568 /* The kernel maps position-independent executables at TASK_SIZE*2/3; 569 duplicate this behavior as close as we can. */ 570 if (e->e.e_type == ET_DYN && ebase == 0) { 571 ebase = VG_PGROUNDDN(info->exe_base 572 + (info->exe_end - info->exe_base) * 2 / 3); 573 /* We really don't want to load PIEs at zero or too close. It 574 works, but it's unrobust (NULL pointer reads and writes 575 become legit, which is really bad) and causes problems for 576 exp-ptrcheck, which assumes all numbers below 1MB are 577 nonpointers. So, hackily, move it above 1MB. */ 578 /* Later .. it appears ppc32-linux tries to put [vdso] at 1MB, 579 which totally screws things up, because nothing else can go 580 there. The size of [vdso] is around 2 or 3 pages, so bump 581 the hacky load address along by 8 * VKI_PAGE_SIZE to be safe. */ 582 /* Later .. on mips64 we can't use 0x108000, because mapelf will 583 fail. */ 584 # if defined(VGP_mips64_linux) 585 if (ebase < 0x100000) 586 ebase = 0x100000; 587 # else 588 vg_assert(VKI_PAGE_SIZE >= 4096); /* stay sane */ 589 ESZ(Addr) hacky_load_address = 0x100000 + 8 * VKI_PAGE_SIZE; 590 if (ebase < hacky_load_address) 591 ebase = hacky_load_address; 592 # endif 593 594 # if defined(VGO_solaris) 595 /* Record for later use in AT_BASE. */ 596 info->interp_offset = ebase; 597 # endif 598 } 599 600 info->phnum = e->e.e_phnum; 601 info->entry = e->e.e_entry + ebase; 602 info->phdr = 0; 603 info->stack_prot = VKI_PROT_READ|VKI_PROT_WRITE|VKI_PROT_EXEC; 604 605 for (i = 0; i < e->e.e_phnum; i++) { 606 ESZ(Phdr) *ph = &e->p[i]; 607 608 switch(ph->p_type) { 609 case PT_PHDR: 610 info->phdr = ph->p_vaddr + ebase; 611 # if defined(VGO_solaris) 612 info->real_phdr_present = True; 613 # endif 614 break; 615 616 case PT_LOAD: 617 if (ph->p_vaddr < minaddr) 618 minaddr = ph->p_vaddr; 619 if (ph->p_vaddr+ph->p_memsz > maxaddr) 620 maxaddr = ph->p_vaddr+ph->p_memsz; 621 break; 622 623 # if defined(VGO_solaris) 624 case PT_SUNWDTRACE: 625 if (ph->p_memsz < PT_SUNWDTRACE_SIZE) { 626 VG_(printf)("valgrind: m_ume.c: too small SUNWDTRACE size\n"); 627 return VKI_ENOEXEC; 628 } 629 if ((ph->p_flags & (PF_R | PF_W | PF_X)) != PT_SUNWDTRACE_PROTECTION) { 630 VG_(printf)("valgrind: m_ume.c: SUNWDTRACE protection mismatch\n"); 631 return VKI_ENOEXEC; 632 } 633 634 info->init_thrptr = ph->p_vaddr + ebase; 635 break; 636 # endif 637 638 case PT_INTERP: { 639 HChar *buf = VG_(malloc)("ume.LE.1", ph->p_filesz+1); 640 Int j; 641 Int intfd; 642 Int baseaddr_set; 643 644 VG_(pread)(fd, buf, ph->p_filesz, ph->p_offset); 645 buf[ph->p_filesz] = '\0'; 646 647 sres = VG_(open)(buf, VKI_O_RDONLY, 0); 648 if (sr_isError(sres)) { 649 VG_(printf)("valgrind: m_ume.c: can't open interpreter\n"); 650 VG_(exit)(1); 651 } 652 intfd = sr_Res(sres); 653 654 interp = readelf(intfd, buf); 655 if (interp == NULL) { 656 VG_(printf)("valgrind: m_ume.c: can't read interpreter\n"); 657 return 1; 658 } 659 VG_(free)(buf); 660 661 baseaddr_set = 0; 662 for (j = 0; j < interp->e.e_phnum; j++) { 663 ESZ(Phdr) *iph = &interp->p[j]; 664 ESZ(Addr) end; 665 666 # if defined(VGO_solaris) 667 if (iph->p_type == PT_SUNWDTRACE) { 668 if (iph->p_memsz < PT_SUNWDTRACE_SIZE) { 669 VG_(printf)("valgrind: m_ume.c: too small SUNWDTRACE size\n"); 670 return VKI_ENOEXEC; 671 } 672 if ((iph->p_flags & (PF_R | PF_W | PF_X)) 673 != PT_SUNWDTRACE_PROTECTION) { 674 VG_(printf)("valgrind: m_ume.c: SUNWDTRACE protection " 675 "mismatch\n"); 676 return VKI_ENOEXEC; 677 } 678 679 /* Store the thrptr value into a temporary because we do not 680 know yet where the interpreter is mapped. */ 681 thrptr_addr = iph->p_vaddr; 682 } 683 # endif 684 685 # if defined(VGO_linux) 686 if ((iph->p_type >= PT_LOPROC) && (iph->p_type <= PT_HIPROC)) { 687 retval = arch_elf_pt_proc(&interp->e, iph, intfd, True, 688 info->arch_elf_state); 689 if (retval) 690 return retval; 691 } 692 # endif 693 694 if (iph->p_type != PT_LOAD || iph->p_memsz == 0) 695 continue; 696 697 if (!baseaddr_set) { 698 interp_addr = iph->p_vaddr; 699 /* interp_align = iph->p_align; */ /* UNUSED */ 700 baseaddr_set = 1; 701 } 702 703 /* assumes that all segments in the interp are close */ 704 end = (iph->p_vaddr - interp_addr) + iph->p_memsz; 705 706 if (end > interp_size) 707 interp_size = end; 708 } 709 break; 710 } 711 712 # if defined(PT_GNU_STACK) || defined(PT_SUNWSTACK) 713 # if defined(PT_GNU_STACK) 714 /* Android's elf.h doesn't appear to have PT_GNU_STACK. */ 715 case PT_GNU_STACK: 716 # endif 717 # if defined(PT_SUNWSTACK) 718 /* Solaris-specific program header. */ 719 case PT_SUNWSTACK: 720 # endif 721 if ((ph->p_flags & PF_X) == 0) info->stack_prot &= ~VKI_PROT_EXEC; 722 if ((ph->p_flags & PF_W) == 0) info->stack_prot &= ~VKI_PROT_WRITE; 723 if ((ph->p_flags & PF_R) == 0) info->stack_prot &= ~VKI_PROT_READ; 724 break; 725 # endif 726 727 # if defined(PT_SUNW_SYSSTAT) 728 /* Solaris-specific program header which requires link-time support. */ 729 case PT_SUNW_SYSSTAT: 730 VG_(unimplemented)("Support for program header PT_SUNW_SYSSTAT."); 731 break; 732 # endif 733 # if defined(PT_SUNW_SYSSTAT_ZONE) 734 /* Solaris-specific program header which requires link-time support. */ 735 case PT_SUNW_SYSSTAT_ZONE: 736 VG_(unimplemented)("Support for program header PT_SUNW_SYSSTAT_ZONE."); 737 break; 738 # endif 739 740 # if defined(VGO_linux) 741 case PT_LOPROC ... PT_HIPROC: 742 retval = arch_elf_pt_proc(&e->e, ph, fd, False, info->arch_elf_state); 743 if (retval) 744 return retval; 745 break; 746 # endif 747 748 default: 749 // do nothing 750 break; 751 } 752 } 753 754 # if defined(VGO_linux) 755 retval = arch_check_elf(&e->e, 756 interp != NULL, 757 info->arch_elf_state); 758 if (retval) 759 return retval; 760 # endif 761 762 if (info->phdr == 0) 763 info->phdr = minaddr + ebase + e->e.e_phoff; 764 765 if (info->exe_base != info->exe_end) { 766 if (minaddr >= maxaddr || 767 (minaddr + ebase < info->exe_base || 768 maxaddr + ebase > info->exe_end)) { 769 VG_(printf)("Executable range %p-%p is outside the\n" 770 "acceptable range %p-%p\n", 771 (char *)minaddr + ebase, (char *)maxaddr + ebase, 772 (char *)info->exe_base, (char *)info->exe_end); 773 return VKI_ENOMEM; 774 } 775 } 776 777 info->brkbase = mapelf(e, ebase); /* map the executable */ 778 779 if (info->brkbase == 0) 780 return VKI_ENOMEM; 781 782 if (interp != NULL) { 783 /* reserve a chunk of address space for interpreter */ 784 MapRequest mreq; 785 Addr advised; 786 Bool ok; 787 788 /* Don't actually reserve the space. Just get an advisory 789 indicating where it would be allocated, and pass that to 790 mapelf(), which in turn asks aspacem to do some fixed maps at 791 the specified address. This is a bit of hack, but it should 792 work because there should be no intervening transactions with 793 aspacem which could cause those fixed maps to fail. 794 795 Placement policy is: 796 797 if the interpreter asks to be loaded at zero 798 ignore that and put it wherever we like (mappings at zero 799 are bad news) 800 else 801 try and put it where it asks for, but if that doesn't work, 802 just put it anywhere. 803 */ 804 if (interp_addr == 0) { 805 mreq.rkind = MAny; 806 mreq.start = 0; 807 mreq.len = interp_size; 808 } else { 809 mreq.rkind = MHint; 810 mreq.start = interp_addr; 811 mreq.len = interp_size; 812 } 813 814 advised = VG_(am_get_advisory)( &mreq, True/*client*/, &ok ); 815 816 if (!ok) { 817 /* bomb out */ 818 SysRes res = VG_(mk_SysRes_Error)(VKI_EINVAL); 819 if (0) VG_(printf)("reserve for interp: failed\n"); 820 check_mmap(res, (Addr)interp_addr, interp_size); 821 /*NOTREACHED*/ 822 } 823 824 (void)mapelf(interp, (ESZ(Addr))advised - interp_addr); 825 826 VG_(close)(interp->fd); 827 828 entry = (void *)(advised - interp_addr + interp->e.e_entry); 829 830 info->interp_offset = advised - interp_addr; 831 # if defined(VGO_solaris) 832 if (thrptr_addr) 833 info->init_thrptr = thrptr_addr + info->interp_offset; 834 # endif 835 836 VG_(free)(interp->p); 837 VG_(free)(interp); 838 } else { 839 entry = (void *)(ebase + e->e.e_entry); 840 841 # if defined(VGO_solaris) 842 if (e->e.e_type == ET_DYN) 843 info->ldsoexec = True; 844 # endif 845 } 846 847 info->exe_base = minaddr + ebase; 848 info->exe_end = maxaddr + ebase; 849 850 #if defined(VGP_ppc64be_linux) 851 /* On PPC64BE, ELF ver 1, a func ptr is represented by a TOC entry ptr. 852 This TOC entry contains three words; the first word is the function 853 address, the second word is the TOC ptr (r2), and the third word 854 is the static chain value. */ 855 info->init_ip = ((ULong*)entry)[0]; 856 info->init_toc = ((ULong*)entry)[1]; 857 info->init_ip += info->interp_offset; 858 info->init_toc += info->interp_offset; 859 #elif defined(VGP_ppc64le_linux) 860 /* On PPC64LE, ELF ver 2. API doesn't use a func ptr */ 861 info->init_ip = (Addr)entry; 862 info->init_toc = 0; /* meaningless on this platform */ 863 #else 864 info->init_ip = (Addr)entry; 865 info->init_toc = 0; /* meaningless on this platform */ 866 #endif 867 VG_(free)(e->p); 868 VG_(free)(e); 869 870 return 0; 871 } 872 873 #endif // defined(VGO_linux) || defined(VGO_solaris) 874 875 /*--------------------------------------------------------------------*/ 876 /*--- end ---*/ 877 /*--------------------------------------------------------------------*/ 878
