aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--hw/sun4m.c49
-rw-r--r--hw/sun4u.c25
-rw-r--r--loader.c91
-rw-r--r--sysemu.h11
4 files changed, 135 insertions, 41 deletions
diff --git a/hw/sun4m.c b/hw/sun4m.c
index 5e0eca4..af7278c 100644
--- a/hw/sun4m.c
+++ b/hw/sun4m.c
@@ -182,7 +182,7 @@ static void nvram_init(m48t59_t *nvram, uint8_t *macaddr, const char *cmdline,
header->kernel_image = cpu_to_be64((uint64_t)KERNEL_LOAD_ADDR);
header->kernel_size = cpu_to_be64((uint64_t)kernel_size);
if (cmdline) {
- strcpy(phys_ram_base + CMDLINE_ADDR, cmdline);
+ pstrcpy_targphys(CMDLINE_ADDR, TARGET_PAGE_SIZE, cmdline);
header->cmdline = cpu_to_be64((uint64_t)CMDLINE_ADDR);
header->cmdline_size = cpu_to_be64((uint64_t)strlen(cmdline));
}
@@ -315,7 +315,8 @@ static void secondary_cpu_reset(void *opaque)
}
static unsigned long sun4m_load_kernel(const char *kernel_filename,
- const char *initrd_filename)
+ const char *initrd_filename,
+ ram_addr_t RAM_size)
{
int linux_boot;
unsigned int i;
@@ -328,11 +329,12 @@ static unsigned long sun4m_load_kernel(const char *kernel_filename,
kernel_size = load_elf(kernel_filename, -0xf0000000ULL, NULL, NULL,
NULL);
if (kernel_size < 0)
- kernel_size = load_aout(kernel_filename,
- phys_ram_base + KERNEL_LOAD_ADDR);
+ kernel_size = load_aout(kernel_filename, KERNEL_LOAD_ADDR,
+ RAM_size - KERNEL_LOAD_ADDR);
if (kernel_size < 0)
- kernel_size = load_image(kernel_filename,
- phys_ram_base + KERNEL_LOAD_ADDR);
+ kernel_size = load_image_targphys(kernel_filename,
+ KERNEL_LOAD_ADDR,
+ RAM_size - KERNEL_LOAD_ADDR);
if (kernel_size < 0) {
fprintf(stderr, "qemu: could not load kernel '%s'\n",
kernel_filename);
@@ -342,8 +344,9 @@ static unsigned long sun4m_load_kernel(const char *kernel_filename,
/* load initrd */
initrd_size = 0;
if (initrd_filename) {
- initrd_size = load_image(initrd_filename,
- phys_ram_base + INITRD_LOAD_ADDR);
+ initrd_size = load_image_targphys(initrd_filename,
+ INITRD_LOAD_ADDR,
+ RAM_size - INITRD_LOAD_ADDR);
if (initrd_size < 0) {
fprintf(stderr, "qemu: could not load initial ram disk '%s'\n",
initrd_filename);
@@ -352,12 +355,9 @@ static unsigned long sun4m_load_kernel(const char *kernel_filename,
}
if (initrd_size > 0) {
for (i = 0; i < 64 * TARGET_PAGE_SIZE; i += TARGET_PAGE_SIZE) {
- if (ldl_raw(phys_ram_base + KERNEL_LOAD_ADDR + i)
- == 0x48647253) { // HdrS
- stl_raw(phys_ram_base + KERNEL_LOAD_ADDR + i + 16,
- INITRD_LOAD_ADDR);
- stl_raw(phys_ram_base + KERNEL_LOAD_ADDR + i + 20,
- initrd_size);
+ if (ldl_phys(KERNEL_LOAD_ADDR + i) == 0x48647253) { // HdrS
+ stl_phys(KERNEL_LOAD_ADDR + i + 16, INITRD_LOAD_ADDR);
+ stl_phys(KERNEL_LOAD_ADDR + i + 20, initrd_size);
break;
}
}
@@ -435,7 +435,7 @@ static void sun4m_hw_init(const struct hwdef *hwdef, ram_addr_t RAM_size,
snprintf(buf, sizeof(buf), "%s/%s", bios_dir, bios_name);
ret = load_elf(buf, hwdef->slavio_base - PROM_VADDR, NULL, NULL, NULL);
if (ret < 0 || ret > PROM_SIZE_MAX)
- ret = load_image(buf, phys_ram_base + prom_offset);
+ ret = load_image_targphys(buf, prom_offset, PROM_SIZE_MAX);
if (ret < 0 || ret > PROM_SIZE_MAX) {
fprintf(stderr, "qemu: could not load prom '%s'\n",
buf);
@@ -452,10 +452,12 @@ static void sun4m_hw_init(const struct hwdef *hwdef, ram_addr_t RAM_size,
hwdef->clock_irq);
if (hwdef->idreg_base != (target_phys_addr_t)-1) {
- stl_raw(phys_ram_base + prom_offset, 0xfe810103);
+ static const uint8_t idreg_data[] = { 0xfe, 0x81, 0x01, 0x03 };
- cpu_register_physical_memory(hwdef->idreg_base, sizeof(uint32_t),
+ cpu_register_physical_memory(hwdef->idreg_base, sizeof(idreg_data),
prom_offset | IO_MEM_ROM);
+ cpu_physical_memory_write_rom(hwdef->idreg_base, idreg_data,
+ sizeof(idreg_data));
}
iommu = iommu_init(hwdef->iommu_base, hwdef->iommu_version,
@@ -534,7 +536,8 @@ static void sun4m_hw_init(const struct hwdef *hwdef, ram_addr_t RAM_size,
if (hwdef->cs_base != (target_phys_addr_t)-1)
cs_init(hwdef->cs_base, hwdef->cs_irq, slavio_intctl);
- kernel_size = sun4m_load_kernel(kernel_filename, initrd_filename);
+ kernel_size = sun4m_load_kernel(kernel_filename, initrd_filename,
+ RAM_size);
nvram_init(nvram, (uint8_t *)&nd_table[0].macaddr, kernel_cmdline,
boot_device, RAM_size, kernel_size, graphic_width,
@@ -602,7 +605,7 @@ static void sun4c_hw_init(const struct hwdef *hwdef, ram_addr_t RAM_size,
snprintf(buf, sizeof(buf), "%s/%s", bios_dir, bios_name);
ret = load_elf(buf, hwdef->slavio_base - PROM_VADDR, NULL, NULL, NULL);
if (ret < 0 || ret > PROM_SIZE_MAX)
- ret = load_image(buf, phys_ram_base + prom_offset);
+ ret = load_image_targphys(buf, prom_offset, PROM_SIZE_MAX);
if (ret < 0 || ret > PROM_SIZE_MAX) {
fprintf(stderr, "qemu: could not load prom '%s'\n",
buf);
@@ -683,7 +686,8 @@ static void sun4c_hw_init(const struct hwdef *hwdef, ram_addr_t RAM_size,
esp_scsi_attach(main_esp, drives_table[drive_index].bdrv, i);
}
- kernel_size = sun4m_load_kernel(kernel_filename, initrd_filename);
+ kernel_size = sun4m_load_kernel(kernel_filename, initrd_filename,
+ RAM_size);
nvram_init(nvram, (uint8_t *)&nd_table[0].macaddr, kernel_cmdline,
boot_device, RAM_size, kernel_size, graphic_width,
@@ -1417,7 +1421,7 @@ static void sun4d_hw_init(const struct sun4d_hwdef *hwdef, ram_addr_t RAM_size,
snprintf(buf, sizeof(buf), "%s/%s", bios_dir, bios_name);
ret = load_elf(buf, hwdef->slavio_base - PROM_VADDR, NULL, NULL, NULL);
if (ret < 0 || ret > PROM_SIZE_MAX)
- ret = load_image(buf, phys_ram_base + prom_offset);
+ ret = load_image_targphys(buf, prom_offset, PROM_SIZE_MAX);
if (ret < 0 || ret > PROM_SIZE_MAX) {
fprintf(stderr, "qemu: could not load prom '%s'\n",
buf);
@@ -1486,7 +1490,8 @@ static void sun4d_hw_init(const struct sun4d_hwdef *hwdef, ram_addr_t RAM_size,
esp_scsi_attach(main_esp, drives_table[drive_index].bdrv, i);
}
- kernel_size = sun4m_load_kernel(kernel_filename, initrd_filename);
+ kernel_size = sun4m_load_kernel(kernel_filename, initrd_filename,
+ RAM_size);
nvram_init(nvram, (uint8_t *)&nd_table[0].macaddr, kernel_cmdline,
boot_device, RAM_size, kernel_size, graphic_width,
diff --git a/hw/sun4u.c b/hw/sun4u.c
index 8c06176..0cc04f9 100644
--- a/hw/sun4u.c
+++ b/hw/sun4u.c
@@ -105,7 +105,7 @@ static int sun4u_NVRAM_set_params (m48t59_t *nvram, uint16_t NVRAM_size,
header->kernel_image = cpu_to_be64((uint64_t)kernel_image);
header->kernel_size = cpu_to_be64((uint64_t)kernel_size);
if (cmdline) {
- strcpy(phys_ram_base + CMDLINE_ADDR, cmdline);
+ pstrcpy_targphys(CMDLINE_ADDR, TARGET_PAGE_SIZE, cmdline);
header->cmdline = cpu_to_be64((uint64_t)CMDLINE_ADDR);
header->cmdline_size = cpu_to_be64((uint64_t)strlen(cmdline));
}
@@ -289,11 +289,12 @@ static void sun4u_init(ram_addr_t RAM_size, int vga_ram_size,
/* XXX: put correct offset */
kernel_size = load_elf(kernel_filename, 0, NULL, NULL, NULL);
if (kernel_size < 0)
- kernel_size = load_aout(kernel_filename,
- phys_ram_base + KERNEL_LOAD_ADDR);
+ kernel_size = load_aout(kernel_filename, KERNEL_LOAD_ADDR,
+ ram_size - KERNEL_LOAD_ADDR);
if (kernel_size < 0)
- kernel_size = load_image(kernel_filename,
- phys_ram_base + KERNEL_LOAD_ADDR);
+ kernel_size = load_image_targphys(kernel_filename,
+ KERNEL_LOAD_ADDR,
+ ram_size - KERNEL_LOAD_ADDR);
if (kernel_size < 0) {
fprintf(stderr, "qemu: could not load kernel '%s'\n",
kernel_filename);
@@ -302,8 +303,9 @@ static void sun4u_init(ram_addr_t RAM_size, int vga_ram_size,
/* load initrd */
if (initrd_filename) {
- initrd_size = load_image(initrd_filename,
- phys_ram_base + INITRD_LOAD_ADDR);
+ initrd_size = load_image_targphys(initrd_filename,
+ INITRD_LOAD_ADDR,
+ ram_size - INITRD_LOAD_ADDR);
if (initrd_size < 0) {
fprintf(stderr, "qemu: could not load initial ram disk '%s'\n",
initrd_filename);
@@ -312,12 +314,9 @@ static void sun4u_init(ram_addr_t RAM_size, int vga_ram_size,
}
if (initrd_size > 0) {
for (i = 0; i < 64 * TARGET_PAGE_SIZE; i += TARGET_PAGE_SIZE) {
- if (ldl_raw(phys_ram_base + KERNEL_LOAD_ADDR + i)
- == 0x48647253) { // HdrS
- stl_raw(phys_ram_base + KERNEL_LOAD_ADDR + i + 16,
- INITRD_LOAD_ADDR);
- stl_raw(phys_ram_base + KERNEL_LOAD_ADDR + i + 20,
- initrd_size);
+ if (ldl_phys(KERNEL_LOAD_ADDR + i) == 0x48647253) { // HdrS
+ stl_phys(KERNEL_LOAD_ADDR + i + 16, INITRD_LOAD_ADDR);
+ stl_phys(KERNEL_LOAD_ADDR + i + 20, initrd_size);
break;
}
}
diff --git a/loader.c b/loader.c
index 062dee4..289ba0f 100644
--- a/loader.c
+++ b/loader.c
@@ -39,6 +39,7 @@ int get_image_size(const char *filename)
}
/* return the size or -1 if error */
+/* deprecated, because caller does not specify buffer size! */
int load_image(const char *filename, uint8_t *addr)
{
int fd, size;
@@ -55,6 +56,84 @@ int load_image(const char *filename, uint8_t *addr)
return size;
}
+/* return the amount read, just like fread. 0 may mean error or eof */
+int fread_targphys(target_phys_addr_t dst_addr, size_t nbytes, FILE *f)
+{
+ uint8_t buf[4096];
+ target_phys_addr_t dst_begin = dst_addr;
+ size_t want, did;
+
+ while (nbytes) {
+ want = nbytes > sizeof(buf) ? sizeof(buf) : nbytes;
+ did = fread(buf, 1, want, f);
+ if (did != want) break;
+
+ cpu_physical_memory_write_rom(dst_addr, buf, did);
+ dst_addr += did;
+ nbytes -= did;
+ }
+ return dst_addr - dst_begin;
+}
+
+/* returns 0 on error, 1 if ok */
+int fread_targphys_ok(target_phys_addr_t dst_addr, size_t nbytes, FILE *f)
+{
+ return fread_targphys(dst_addr, nbytes, f) == nbytes;
+}
+
+/* read()-like version */
+int read_targphys(int fd, target_phys_addr_t dst_addr, size_t nbytes)
+{
+ uint8_t buf[4096];
+ target_phys_addr_t dst_begin = dst_addr;
+ size_t want, did;
+
+ while (nbytes) {
+ want = nbytes > sizeof(buf) ? sizeof(buf) : nbytes;
+ did = read(fd, buf, want);
+ if (did != want) break;
+
+ cpu_physical_memory_write_rom(dst_addr, buf, did);
+ dst_addr += did;
+ nbytes -= did;
+ }
+ return dst_addr - dst_begin;
+}
+
+/* return the size or -1 if error */
+int load_image_targphys(const char *filename,
+ target_phys_addr_t addr, int max_sz)
+{
+ FILE *f;
+ size_t got;
+
+ f = fopen(filename, "rb");
+ if (!f) return -1;
+
+ got = fread_targphys(addr, max_sz, f);
+ if (ferror(f)) { fclose(f); return -1; }
+ fclose(f);
+
+ return got;
+}
+
+void pstrcpy_targphys(target_phys_addr_t dest, int buf_size,
+ const char *source)
+{
+ static const uint8_t nul_byte = 0;
+ const char *nulp;
+
+ if (buf_size <= 0) return;
+ nulp = memchr(source, 0, buf_size);
+ if (nulp) {
+ cpu_physical_memory_write_rom(dest, (uint8_t *)source,
+ (nulp - source) + 1);
+ } else {
+ cpu_physical_memory_write_rom(dest, (uint8_t *)source, buf_size - 1);
+ cpu_physical_memory_write_rom(dest, &nul_byte, 1);
+ }
+}
+
/* A.OUT loader */
struct exec
@@ -105,7 +184,7 @@ static void bswap_ahdr(struct exec *e)
: (_N_SEGMENT_ROUND (_N_TXTENDADDR(x))))
-int load_aout(const char *filename, uint8_t *addr)
+int load_aout(const char *filename, target_phys_addr_t addr, int max_sz)
{
int fd, size, ret;
struct exec e;
@@ -126,17 +205,21 @@ int load_aout(const char *filename, uint8_t *addr)
case ZMAGIC:
case QMAGIC:
case OMAGIC:
+ if (e.a_text + e.a_data > max_sz)
+ goto fail;
lseek(fd, N_TXTOFF(e), SEEK_SET);
- size = read(fd, addr, e.a_text + e.a_data);
+ size = read_targphys(fd, addr, e.a_text + e.a_data);
if (size < 0)
goto fail;
break;
case NMAGIC:
+ if (N_DATADDR(e) + e.a_data > max_sz)
+ goto fail;
lseek(fd, N_TXTOFF(e), SEEK_SET);
- size = read(fd, addr, e.a_text);
+ size = read_targphys(fd, addr, e.a_text);
if (size < 0)
goto fail;
- ret = read(fd, addr + N_DATADDR(e), e.a_data);
+ ret = read_targphys(fd, addr + N_DATADDR(e), e.a_data);
if (ret < 0)
goto fail;
size += ret;
diff --git a/sysemu.h b/sysemu.h
index a8fd299..f666f73 100644
--- a/sysemu.h
+++ b/sysemu.h
@@ -151,11 +151,18 @@ extern CharDriverState *parallel_hds[MAX_PARALLEL_PORTS];
#ifdef NEED_CPU_H
/* loader.c */
int get_image_size(const char *filename);
-int load_image(const char *filename, uint8_t *addr);
+int load_image(const char *filename, uint8_t *addr); /* deprecated */
+int load_image_targphys(const char *filename, target_phys_addr_t, int max_sz);
int load_elf(const char *filename, int64_t virt_to_phys_addend,
uint64_t *pentry, uint64_t *lowaddr, uint64_t *highaddr);
-int load_aout(const char *filename, uint8_t *addr);
+int load_aout(const char *filename, target_phys_addr_t addr, int max_sz);
int load_uboot(const char *filename, target_ulong *ep, int *is_linux);
+
+int fread_targphys(target_phys_addr_t dst_addr, size_t nbytes, FILE *f);
+int fread_targphys_ok(target_phys_addr_t dst_addr, size_t nbytes, FILE *f);
+int read_targphys(int fd, target_phys_addr_t dst_addr, size_t nbytes);
+void pstrcpy_targphys(target_phys_addr_t dest, int buf_size,
+ const char *source);
#endif
#ifdef HAS_AUDIO