/*
* Copyright (c) 2008 Jiri Svoboda
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* - Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* - Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* - The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/** @addtogroup rtld rtld
* @brief
* @{
*/
/**
* @file
*/
#include <elf_dyn.h>
#include <rtld.h>
#include <pcb.h>
// for testing printf
#include <stdio.h>
void __main(void);
void __io_init(void);
void __exit(void);
static void kputint(unsigned i)
{
asm volatile (
"mr %%r3, %0\n"
"li %%r9, 31\n"
"sc\n"
:
: "r" (i)
: "%r3","%r9"
) ;
}
#define __L(ptr) ((uint32_t)(ptr) & 0x0000ffff)
#define __HA(ptr) ((uint32_t)(ptr) >> 16)
// ldis r11, .PLTtable@ha
static inline uint32_t _ldis(unsigned rD, uint16_t imm16)
{
/* Special case of addis: ldis rD,SIMM == addis rD,0,SIMM */
return 0x3C000000 | (rD << 21) | imm16;
}
static inline uint32_t _lwz(unsigned rD, uint16_t disp16, unsigned rA)
{
return 0x80000000 | (rD << 21) | (rA << 16) | disp16;
}
static inline uint32_t _mtctr(unsigned rS)
{
/* mtctr rD == mtspr 9, rD */
return 0x7c0003a6 | (rS << 21) | (9/*CTR*/ << 16);
}
static inline uint32_t _bctr()
{
/* bcctr 0x1f, 0 */
return 0x4c000420 | (0x1f/*always*/ << 21);
}
/* branch */
static inline uint32_t _b(uint32_t *addr, uint32_t *location)
{
uint32_t raddr = ((uint32_t)addr - (uint32_t)location) & 0x03fffffc;
return 0x48000000 | raddr;
}
void test_func(void)
{
kputint(-1);
kputint(42);
kputint(-1);
}
int test_var = 0x818283;
void __bootstrap(void);
void __bootstrap(void)
{
unsigned bias;
uint32_t *plt;
elf_dyn_t *dynamic;
void *dptr;
unsigned dval;
int i;
size_t rel_entries;
size_t r_offset;
elf_word r_info;
unsigned rel_type;
elf_word sym_idx;
uintptr_t sym_addr;
elf_symbol_t *sym_table;
elf_rela_t *rel_table;
elf_rela_t *jmp_rel_table;
size_t jmp_rel_entries;
pcb_t *pcb;
uint32_t a, res;
uint32_t *r_ptr;
uint32_t *_plt_ent;
kputint(42);
pcb = __pcb_get();
/* The program loader (iloader) kindly provided us with these */
dynamic = pcb->rtld_dynamic;
bias = pcb->rtld_bias;
kputint(bias);
kputint((unsigned)dynamic);
/* parse DYNAMIC */
plt = 0;
sym_table = 0;
rel_table = 0;
rel_entries = 0;
jmp_rel_table = 0;
jmp_rel_entries = 0;
i = 0;
while (dynamic[i].d_tag != 0) {
// kputint((uintptr_t)&dynamic[i]);
// kputint((uintptr_t)&(dynamic[i].d_tag));
// kputint(dynamic[i].d_tag);
dptr = (void *)(dynamic[i].d_un.d_val + bias);
dval = dynamic[i].d_un.d_val;
// kputint(0x10);
register unsigned tag = dynamic[i].d_tag;
/*
* Note that switches only work because we are using
* -fno-jump-tables.
*/
switch (tag) {
case DT_PLTRELSZ: jmp_rel_entries = dval/sizeof(elf_rela_t); break;
case DT_JMPREL: jmp_rel_table = dptr; break;
case DT_PLTGOT:
/* PLT address */
plt = dptr; break;
case DT_SYMTAB: sym_table = dptr; break;
case DT_RELA: rel_table = dptr; break;
case DT_RELASZ: rel_entries = dval / sizeof(elf_rela_t); break;
default: break;
}
// kputint(0x20);
++i;
}
kputint(1);
kputint((unsigned)sym_table);
kputint((unsigned)rel_table);
kputint((unsigned)rel_entries);
/* Now relocate all our dynsyms */
kputint(-1);
// PLT entries start here. However, each occupies 2 words
_plt_ent = plt + 18;
// By definition of the ppc ABI, there's 1:1 correspondence
// between JMPREL entries and PLT entries
unsigned plt_n = jmp_rel_entries;
uint32_t *_plt_table;
uint32_t *_plt_call;
uint32_t *_plt_resolve;
_plt_resolve = plt;
_plt_call = plt + 6;
_plt_table = plt + 18 + plt_n;
for (i=0; i<rel_entries; i++) {
// kputint(i);
r_offset = rel_table[i].r_offset;
r_info = rel_table[i].r_info;
r_ptr = (uint32_t *)(r_offset + bias);
a = rel_table[i].r_addend;
// kputint(-2);
// kputint(a);
// kputint(ELF32_R_TYPE(r_info));
// kputint(ELF32_R_SYM(r_info));
rel_type = ELF32_R_TYPE(r_info);
// kputint(rel_type);
// kputint(r_offset);
switch (rel_type) {
case R_PPC_JMP_SLOT:
// kputint(0xa);
sym_idx = ELF32_R_SYM(r_info);
sym_addr = sym_table[sym_idx].st_value + bias;
// kputint(sym_idx);
// kputint(sym_addr);
// r_ptr should point to a plt entry...
uint32_t pidx = (r_ptr - _plt_ent) / 2;
if (pidx >= plt_n) {
kputint(0xee00ee00);
while(1);
}
// _plt_table[pidx] = sym_addr;
// kputint(pidx);
plt[18+2*pidx] = _b((void *)sym_addr, &plt[18+2*pidx]);
// kputint(&plt[18]);
// kputint(plt[18]);
// while(1);
// while(1);
//*r_ptr = sym_addr;
break;
case R_PPC_ADDR32:
kputint(0xb);
sym_idx = ELF32_R_SYM(r_info);
sym_addr = sym_table[sym_idx].st_value + bias;
kputint(sym_idx);
kputint(sym_addr);
*r_ptr = a + sym_addr;
break;
case R_PPC_RELATIVE:
kputint(0xc);
*r_ptr = a + bias;
break;
case R_PPC_REL24:
kputint(0xd);
sym_idx = ELF32_R_SYM(r_info);
sym_addr = sym_table[sym_idx].st_value + bias;
kputint(sym_addr);
res = (sym_addr - (uint32_t)r_ptr + a) >> 2;
kputint(res);
if (res & 0xff000000) {
/* out of range?? */
kputint(0xeeeeeeee);
//while(1);
}
*r_ptr = (*r_ptr & ~0x00ffffff) | (res & 0x00ffffff);
kputint(0x1d);
break;
}
}
kputint(-3);
if (plt != 0) {
/* .PLTcall: */
plt[6] = _ldis(11, __HA(_plt_table)); // ldis r11, .PLTtable@ha
plt[7] = _lwz(11, __L(_plt_table), 11); // lwz r11, .PLTtable@l(r11)
plt[8] = _mtctr(11); // mtctr r11
plt[9] = _bctr();
/* .PLTi, i = 0..N-1 */
/* kputint(-4);
for (i = 0; i < plt_n; ++i) {
//_plt_table[i] == function address;
plt[18+i] = _b(_plt_call, &plt[18+i]); // b .PLTcall
}
*/
kputint(-5);
kputint(_plt_table[0]);
}
kputint(-6);
/* This will come in handy */
runtime_env.rtld_dynamic = dynamic;
runtime_env.rtld.bias = bias;
// volatile int ff=1;
// while(ff);
kputint(-7);
test_func();
kputint(0x42);
kputint(test_var);
// while(1);
// while(1);
/* Init libc and run rtld main */
kputint(0x22);
__main();
kputint(33);
__io_init();
kputint(-1);
kputint(0x52);
// printf("Hello, world! (from ppc rtld)\n");
kputint(0x62);
// while(1);
kputint(34);
_rtld_main();
kputint(35);
__exit();
kputint(36);
}
/** @}
*/