| blob | 4da9a8b9760b42f98e6634ea9d83954d9caf1d0b |
2 /*--------------------------------------------------------------------*/
3 /*--- Startup: create initial process image on Linux ---*/
4 /*--- initimg-linux.c ---*/
5 /*--------------------------------------------------------------------*/
7 /*
8 This file is part of Valgrind, a dynamic binary instrumentation
9 framework.
11 Copyright (C) 2000-2017 Julian Seward
12 jseward@acm.org
14 This program is free software; you can redistribute it and/or
15 modify it under the terms of the GNU General Public License as
16 published by the Free Software Foundation; either version 2 of the
17 License, or (at your option) any later version.
19 This program is distributed in the hope that it will be useful, but
20 WITHOUT ANY WARRANTY; without even the implied warranty of
21 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
22 General Public License for more details.
24 You should have received a copy of the GNU General Public License
25 along with this program; if not, see <http://www.gnu.org/licenses/>.
27 The GNU General Public License is contained in the file COPYING.
28 */
30 #if defined(VGO_linux)
53 /* --- !!! --- EXTERNAL HEADERS start --- !!! --- */
54 #define _GNU_SOURCE
55 #define _FILE_OFFSET_BITS 64
56 /* This is for ELF types etc, and also the AT_ constants. */
57 #include <elf.h>
58 /* --- !!! --- EXTERNAL HEADERS end --- !!! --- */
61 /*====================================================================*/
62 /*=== Loading the client ===*/
63 /*====================================================================*/
65 /* Load the client whose name is VG_(argv_the_exename). */
70 {
72 Int ret;
73 SysRes res;
81 }
87 }
89 // The client was successfully loaded! Continue.
91 /* Get hold of a file descriptor which refers to the client
92 executable. This is needed for attaching to GDB. */
97 /* Copy necessary bits of 'info' that were filled in */
101 }
104 /*====================================================================*/
105 /*=== Setting up the client's environment ===*/
106 /*====================================================================*/
108 /* Prepare the client's environment. This is basically a copy of our
109 environment, except:
111 LD_PRELOAD=$VALGRIND_LIB/vgpreload_core-PLATFORM.so:
112 ($VALGRIND_LIB/vgpreload_TOOL-PLATFORM.so:)?
113 $LD_PRELOAD
115 If this is missing, then it is added.
117 Also, remove any binding for VALGRIND_LAUNCHER=. The client should
118 not be able to see this.
120 If this needs to handle any more variables it should be hacked
121 into something table driven. The copy is VG_(malloc)'d space.
122 */
123 static HChar** setup_client_env ( HChar** origenv, const HChar* toolname, Bool use_stack_cache_tunable)
124 {
142 /* Alloc space for the vgpreload_core.so path and vgpreload_<tool>.so
143 paths. We might not need the space for vgpreload_<tool>.so, but it
144 doesn't hurt to over-allocate briefly. The 16s are just cautious
145 slop. */
152 preload_string_len);
153 /* Determine if there's a vgpreload_<tool>_<platform>.so file, and setup
154 preload_string. */
164 }
170 /* Count the original size of the env */
174 envc++;
176 }
178 /* Allocate a new space
179 * Size is envc + 1 new entry + maybe one for GLIBC_TUNABLES + NULL */
183 /* copy it over */
187 }
192 /* Walk over the new environment, mashing as we go */
204 }
206 /* overwrite value found with zeroes */
213 }
215 }
216 }
218 }
220 /* Add the missing bits */
229 }
232 ret[envc++] = VG_(strdup)("initimg-linux.sce.6", "GLIBC_TUNABLES=glibc.pthread.stack_cache_size=0");
233 }
235 /* ret[0 .. envc-1] is live now. */
236 /* Find and remove a binding for VALGRIND_LAUNCHER. */
244 envc--;
245 }
252 }
255 }
258 /*====================================================================*/
259 /*=== Setting up the client's stack ===*/
260 /*====================================================================*/
262 #ifndef AT_DCACHEBSIZE
263 #define AT_DCACHEBSIZE 19
266 #ifndef AT_ICACHEBSIZE
267 #define AT_ICACHEBSIZE 20
270 #ifndef AT_UCACHEBSIZE
271 #define AT_UCACHEBSIZE 21
274 #ifndef AT_BASE_PLATFORM
275 #define AT_BASE_PLATFORM 24
278 #ifndef AT_RANDOM
279 #define AT_RANDOM 25
282 #ifndef AT_HWCAP2
283 #define AT_HWCAP2 26
286 #ifndef AT_EXECFN
287 #define AT_EXECFN 31
290 #ifndef AT_SYSINFO
291 #define AT_SYSINFO 32
294 #ifndef AT_SYSINFO_EHDR
295 #define AT_SYSINFO_EHDR 33
298 #ifndef AT_SECURE
302 /* Add a string onto the string table, and return its address */
304 {
318 }
321 /* ----------------------------------------------------------------
323 This sets up the client's initial stack, containing the args,
324 environment and aux vector.
326 The format of the stack is:
328 higher address +-----------------+ <- clstack_end
329 | |
330 : string table :
331 | |
332 +-----------------+
333 | AT_NULL |
334 - -
335 | auxv |
336 +-----------------+
337 | NULL |
338 - -
339 | envp |
340 +-----------------+
341 | NULL |
342 - -
343 | argv |
344 +-----------------+
345 | argc |
346 lower address +-----------------+ <- sp
347 | undefined |
348 : :
350 Allocate and create the initial client stack. It is allocated down
351 from clstack_end, which was previously determined by the address
352 space manager. The returned value is the SP value for the client.
354 The client's auxv is created by copying and modifying our own one.
355 As a side effect of scanning our own auxv, some important bits of
356 info are collected:
358 VG_(cache_line_size_ppc32) // ppc32 only -- cache line size
359 VG_(have_altivec_ppc32) // ppc32 only -- is Altivec supported?
361 ---------------------------------------------------------------- */
363 struct auxv
364 {
365 Word a_type;
368 Word a_val;
370 };
372 static
374 {
378 sp++;
379 sp++;
382 sp++;
383 sp++;
385 #if defined(VGA_ppc32) || defined(VGA_ppc64be) || defined(VGA_ppc64le)
386 # if defined AT_IGNOREPPC
389 # endif
390 #endif
393 }
395 static
400 Addr clstack_end,
401 SizeT clstack_max_size,
403 {
404 /* The HW configuration setting (hwcaps) of the target can be
405 * checked against the Vex settings of the host platform as given
406 * by the values in vex_archinfo.
407 */
409 SysRes res;
423 Addr clstack_start;
424 Int i;
429 /* use our own auxv as a prototype */
432 /* ==================== compute sizes ==================== */
434 /* first of all, work out how big the client stack will be */
437 /* paste on the extra args if the loader needs them (ie, the #!
438 interpreter and its argument) */
441 argc++;
443 }
445 argc++;
447 }
449 /* now scan the args we're given... */
453 argc++;
457 }
459 /* ...and the environment */
462 envc++;
464 }
466 /* now, how big is the auxv? */
477 }
479 # if defined(VGP_ppc32_linux) || defined(VGP_ppc64be_linux) \
480 || defined(VGP_ppc64le_linux)
482 # endif
484 /* OK, now we know how big the client stack is */
485 stacksize =
497 /* client_SP is the client's stack pointer */
501 /* base of the string table (aligned) */
507 /* The max stack size */
517 /* ==================== allocate space ==================== */
524 Bool ok;
526 /* So far we've only accounted for space requirements down to the
527 stack pointer. If this target's ABI requires a redzone below
528 the stack pointer, we need to allocate an extra page, to
529 handle the worst case in which the stack pointer is almost at
530 the bottom of a page, and so there is insufficient room left
531 over to put the redzone in. In this case the simple thing to
532 do is allocate an extra page, by shrinking the reservation by
533 one page and growing the anonymous area by a corresponding
534 page. */
542 }
550 # ifdef ENABLE_INNER
552 # endif
558 /* Create a shrinkable reservation followed by an anonymous
559 segment. Together these constitute a growdown stack. */
562 resvn_start,
564 SmUpper,
565 anon_size +inner_HACK
566 );
568 /* allocate a stack - mmap enough space for the stack */
572 info->stack_prot
573 );
574 }
576 /* Allocation of the stack failed. We have to stop. */
583 }
588 /* Record stack extent -- needed for stack-change code. */
592 }
594 /* ==================== create client stack ==================== */
598 /* --- client argc --- */
601 /* --- client argv --- */
613 );
614 }
617 /* --- envp --- */
623 /* --- auxv --- */
627 // ??? According to 'man proc', auxv is a array of unsigned long
628 // terminated by two zeros. Why is valgrind working with UInt ?
629 // We do not take ULong* (as ULong 8 bytes on a 32 bits),
630 // => we take UWord*
632 # if defined(VGP_ppc32_linux) || defined(VGP_ppc64be_linux) \
633 || defined(VGP_ppc64le_linux)
639 # endif
643 /* copy the entry... */
646 /* ...and fix up / examine the copy */
659 # if !defined(VGPV_arm_linux_android) \
660 && !defined(VGPV_x86_linux_android) \
661 && !defined(VGPV_mips32_linux_android) \
662 && !defined(VGPV_arm64_linux_android)
664 # endif
665 /* All these are pointerless, so we don't need to do
666 anything about them. */
672 else
679 else
689 /* points to a platform description string */
698 # if defined(VGP_arm_linux)
704 # define VKI_HWCAP_TLS 32768
706 # undef VKI_HWCAP_TLS
710 /* If real hw sets properly HWCAP_TLS, we might
711 use this info to decide to really execute set_tls syscall
712 in syswrap-arm-linux.c rather than to base this on
713 conditional compilation. */
714 }
715 # elif defined(VGP_s390x_linux)
716 {
717 /* Out of the hardware features available on the platform,
718 advertise those "below" TE, as well as the ones explicitly
719 ORed in the expression below. Anything else, such as TE
720 itself, is not supported by Valgrind. */
722 | VKI_HWCAP_S390_VXRS
723 | VKI_HWCAP_S390_VXRS_EXT
725 }
726 # elif defined(VGP_arm64_linux)
727 {
728 /* Limit the AT_HWCAP to just those features we explicitly
729 support in VEX. */
730 #define ARM64_SUPPORTED_HWCAP (VKI_HWCAP_ATOMICS \
731 | VKI_HWCAP_AES \
732 | VKI_HWCAP_PMULL \
733 | VKI_HWCAP_SHA1 \
734 | VKI_HWCAP_SHA2 \
735 | VKI_HWCAP_CRC32 \
736 | VKI_HWCAP_FP \
737 | VKI_HWCAP_ASIMD)
739 }
740 # endif
742 # if defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux)
747 Bool auxv_scv_supported;
749 /* The HWCAP2 field may contain an arch_2_07 entry that indicates
750 * if the processor is compliant with the 2.07 ISA. (i.e. Power 8
751 * or beyond). The Valgrind vai.hwcaps value
752 * (coregrind/m_machine.c) has the VEX_HWCAPS_PPC64_ISA2_07
753 * flag set so Valgrind knows about Power8. Need to pass the
754 * HWCAP2 value along so the user level programs can detect that
755 * the processor supports ISA 2.07 and beyond.
756 */
757 /* Power Architecture 64-Bit ELF V2 ABI Specification
758 July 21, 2014, version 1.0, Page 124
759 www-03.ibm.com/technologyconnect/tgcm/TGCMServlet.wss?alias=OpenPOWER&linkid=1n0000
761 AT_HWCAP2
762 The a_val member of this entry is a bit map of hardware
763 capabilities. Some bit mask values include:
765 PPC_FEATURE2_ARCH_2_07 0x80000000
766 PPC_FEATURE2_HAS_HTM 0x40000000
767 PPC_FEATURE2_HAS_DSCR 0x20000000
768 PPC_FEATURE2_HAS_EBB 0x10000000
769 PPC_FEATURE2_HAS_ISEL 0x08000000
770 PPC_FEATURE2_HAS_TAR 0x04000000
771 PPC_FEATURE2_HAS_VCRYPTO 0x02000000
772 PPC_FEATURE2_HTM_NOSC 0x01000000
773 PPC_FEATURE2_ARCH_3_00 0x00800000
774 PPC_FEATURE2_HAS_IEEE128 0x00400000
775 PPC_FEATURE2_DARN 0x00200000
776 PPC_FEATURE2_SCV 0x00100000
777 PPC_FEATURE2_HTM_NO_SUSPEND 0x00080000
778 PPC_FEATURE2_ARCH_3_1 0x00040000
779 PPC_FEATURE2_MMA 0x00020000
780 */
785 /* Verify the PPC_FEATURE2_ARCH_2_07 setting in HWCAP2
786 * matches the setting in VEX HWCAPS.
787 */
790 /* Power ISA version 3.0B
791 March 29, 2017
792 https://ibm.ent.box.com/s/1hzcwkwf8rbju5h9iyf44wm94amnlcrv
794 https://openpowerfoundation.org/technical/resource-catalog/
795 http://openpowerfoundation.org/wp-content/uploads/resources/leabi/leabi-20170510.pdf
796 64-bit ELF V2 ABI specification for Power. HWCAP2 bit pattern
797 for ISA 3.0, page 112.
799 */
800 /* ISA 3.0 */
805 /* Verify the PPC_FEATURE2_ARCH_3_00 setting in HWCAP2
806 * matches the setting in VEX HWCAPS.
807 */
810 /* Power ISA version 3.1
811 https://ibm.ent.box.com/s/hhjfw0x0lrbtyzmiaffnbxh2fuo0fog0
813 64-bit ELF V? ABI specification for Power. HWCAP2 bit pattern
814 for ISA 3.0, page ?.
816 ADD PUBLIC LINK WHEN AVAILABLE
817 */
819 /* Check for SCV support, Can not test scv instruction to see
820 if the system supports scv. Issuing an scv intruction on a
821 system that does not have scv in the HWCAPS results in a
822 message in dmsg "Facility 'SCV' unavailable (12), exception".
823 Will have to just use the scv setting from HWCAPS2 to determine
824 if the host supports scv. */
830 /* ISA 3.1 */
835 /* Verify the PPC_FEATURE2_ARCH_3_1 setting in HWCAP2
836 * matches the setting in VEX HWCAPS.
837 */
840 /* Mask unrecognized HWCAP bits. Only keep the bits that have
841 * explicit support in VEX. Filter out HTM bits since the
842 * transaction begin instruction (tbegin) is always failed in
843 * Valgrind causing the code to execute the failure path.
844 * The DARN random number (bug #411189) and the SCV syscall
845 * (bug #431157) have been fixed. Can now include them in the
846 * HWCAP bits.
847 */
860 }
863 # endif
868 # if defined(VGP_ppc32_linux)
869 /* acquire cache info */
875 }
876 # elif defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux)
877 /* acquire cache info */
883 }
884 # endif
887 # if defined(VGP_ppc32_linux) || defined(VGP_ppc64be_linux) \
888 || defined(VGP_ppc64le_linux)
891 # endif
894 /* If this is 1, then it means that this program is
895 running suid, and therefore the dynamic linker should
896 be careful about LD_PRELOAD, etc. However, since
897 stage1 (the thing the kernel actually execve's) should
898 never be SUID, and we need LD_PRELOAD to work for the
899 client, we set AT_SECURE to 0. */
904 /* Trash this, because we don't reproduce it */
908 # if !defined(VGP_ppc32_linux) && !defined(VGP_ppc64be_linux) \
909 && !defined(VGP_ppc64le_linux) \
910 && !defined(VGP_mips32_linux) && !defined(VGP_mips64_linux) \
911 && !defined(VGP_nanomips_linux) \
912 && !defined(VGP_s390x_linux)
914 /* Trash this, because we don't reproduce it */
920 }
921 # endif
924 /* points to 16 random bytes - we need to ensure this is
925 propagated to the client as glibc will assume it is
926 present if it is built for kernel 2.6.29 or later */
933 /* points to the executable filename */
938 /* stomp out anything we don't know about */
944 }
945 }
951 /* client_SP is pointing at client's argc/argv */
955 }
958 /* Allocate the client data segment. It is an expandable anonymous
959 mapping abutting a shrinkable reservation of size max_dseg_size.
960 The data segment starts at VG_(brk_base), which is page-aligned,
961 and runs up to VG_(brk_limit), which isn't. */
964 {
965 Bool ok;
966 SysRes sres;
977 /* Because there's been no brk activity yet: */
980 /* Try to create the data seg and associated reservation where
981 VG_(brk_base) says. */
983 resvn_start,
984 resvn_size,
985 SmLower,
986 anon_size
987 );
990 /* Hmm, that didn't work. Well, let aspacem suggest an address
991 it likes better, and try again with that. */
997 resvn_start,
998 resvn_size,
999 SmLower,
1000 anon_size
1001 );
1004 }
1005 /* that too might have failed, but if it has, we're hosed: there
1006 is no Plan C. */
1007 }
1010 /* We make the data segment (heap) executable because LinuxThreads on
1011 ppc32 creates trampolines in this area. Also, on x86/Linux the data
1012 segment is RWX natively, at least according to /proc/self/maps.
1013 Also, having a non-executable data seg would kill any program which
1014 tried to create code in the data seg and then run it. */
1016 anon_start,
1017 anon_size,
1019 );
1022 }
1024 /*
1025 * In glibc 2.34 we need to use the TUNABLE mechanism to
1026 * disable stack cache when --sim-hints=no-nptl-pthread-stackcache
1027 * is specified. This needs to be done in the same manner
1028 * as LD_PRELOAD.
1029 *
1030 * See https://bugs.kde.org/show_bug.cgi?id=444488
1031 */
1033 {
1038 }
1039 }
1041 }
1043 }
1045 /*====================================================================*/
1046 /*=== TOP-LEVEL: VG_(setup_client_initial_image) ===*/
1047 /*====================================================================*/
1049 /* Create the client's initial memory image. */
1052 {
1053 ExeInfo info;
1056 IIFinaliseImageInfo iifii = {
1063 };
1065 //--------------------------------------------------------------
1066 // Load client executable, finding in $PATH if necessary
1067 // p: get_helprequest_and_toolname() [for 'exec', 'need_help']
1068 // p: layout_remaining_space [so there's space]
1069 //--------------------------------------------------------------
1080 //--------------------------------------------------------------
1081 // Set up client's environment
1082 // p: set-libdir [for VG_(libdir)]
1083 // p: get_helprequest_and_toolname [for toolname]
1084 //--------------------------------------------------------------
1088 //--------------------------------------------------------------
1089 // Setup client stack, eip, and VG_(client_arg[cv])
1090 // p: load_client() [for 'info']
1091 // p: fix_environment() [for 'env']
1092 //--------------------------------------------------------------
1093 {
1094 /* When allocating space for the client stack on Linux, take
1095 notice of the --main-stacksize value. This makes it possible
1096 to run programs with very large (primary) stack requirements
1097 simply by specifying --main-stacksize. */
1098 /* Logic is as follows:
1099 - by default, use the client's current stack rlimit
1100 - if that exceeds 16M, clamp to 16M
1101 - if a larger --main-stacksize value is specified, use that instead
1102 - in all situations, the minimum allowed stack size is 1M
1103 */
1118 iifii.initial_client_SP
1122 vex_archinfo );
1127 "Client info: "
1133 "Client info: "
1137 }
1139 //--------------------------------------------------------------
1140 // Setup client data (brk) segment. Initially a 1-page segment
1141 // which abuts a shrinkable reservation.
1142 // p: load_client() [for 'info' and hence VG_(brk_base)]
1143 //--------------------------------------------------------------
1144 {
1154 }
1159 }
1162 /*====================================================================*/
1163 /*=== TOP-LEVEL: VG_(finalise_thread1state) ===*/
1164 /*====================================================================*/
1166 /* Just before starting the client, we may need to make final
1167 adjustments to its initial image. Also we need to set up the VEX
1168 guest state for thread 1 (the root thread) and copy in essential
1169 starting values. This is handed the IIFinaliseImageInfo created by
1170 VG_(ii_create_image).
1171 */
1173 {
1176 /* On Linux we get client_{ip/sp/toc}, and start the client with
1177 all other registers zeroed. */
1179 # if defined(VGP_x86_linux)
1182 /* Zero out the initial state, and set up the simulated FPU in a
1183 sane way. */
1186 /* Zero out the shadow areas. */
1190 /* Put essential stuff into the new state. */
1194 /* initialise %cs, %ds and %ss to point at the operating systems
1195 default code, data and stack segments. Also %es (see #291253). */
1201 # elif defined(VGP_amd64_linux)
1204 /* Zero out the initial state, and set up the simulated FPU in a
1205 sane way. */
1208 /* Zero out the shadow areas. */
1212 /* Put essential stuff into the new state. */
1216 # elif defined(VGP_ppc32_linux)
1219 /* Zero out the initial state, and set up the simulated FPU in a
1220 sane way. */
1223 /* Zero out the shadow areas. */
1227 /* Put essential stuff into the new state. */
1231 # elif defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux)
1234 /* Zero out the initial state, and set up the simulated FPU in a
1235 sane way. */
1238 /* Zero out the shadow areas. */
1242 /* Put essential stuff into the new state. */
1246 #if defined(VGP_ppc64le_linux)
1248 #endif
1250 # elif defined(VGP_arm_linux)
1251 /* Zero out the initial state, and set up the simulated FPU in a
1252 sane way. */
1255 /* Zero out the shadow areas. */
1262 /* This is just EABI stuff. */
1263 // FIXME jrs: what's this for?
1266 # elif defined(VGP_arm64_linux)
1267 /* Zero out the initial state. */
1270 /* Zero out the shadow areas. */
1277 # elif defined(VGP_s390x_linux)
1280 /* Zero out the initial state. This also sets the guest_fpc to 0, which
1281 is also done by the kernel for the fpc during execve. */
1284 /* Mark all registers as undefined ... */
1287 /* ... except SP, FPC, and IA */
1292 /* Put essential stuff into the new state. */
1295 /* See sys_execve in <linux>/arch/s390/kernel/process.c */
1298 /* Tell the tool about the registers we just wrote */
1303 /* At the end of this function there is code to mark all guest state
1304 registers as defined. For s390 that would be wrong, because the ABI
1305 says that all registers except SP, IA, and FPC are undefined upon
1306 process startup. */
1307 #define PRECISE_GUEST_REG_DEFINEDNESS_AT_STARTUP 1
1309 # elif defined(VGP_mips32_linux) || defined(VGP_nanomips_linux)
1311 /* Zero out the initial state, and set up the simulated FPU in a
1312 sane way. */
1315 /* Zero out the shadow areas. */
1323 # if !defined(VGP_nanomips_linux)
1326 }
1328 # endif
1329 # elif defined(VGP_mips64_linux)
1331 /* Zero out the initial state, and set up the simulated FPU in a
1332 sane way. */
1335 /* Zero out the shadow areas. */
1343 # else
1344 # error Unknown platform
1345 # endif
1347 # if !defined(PRECISE_GUEST_REG_DEFINEDNESS_AT_STARTUP)
1348 /* Tell the tool that we just wrote to the registers. */
1351 # endif
1353 /* Tell the tool about the client data segment and then kill it which will
1354 make it inaccessible/unaddressable. */
1361 }
1365 /*--------------------------------------------------------------------*/
1366 /*--- ---*/
1367 /*--------------------------------------------------------------------*/