diff options
-rw-r--r-- | hw/sun4m.c | 49 | ||||
-rw-r--r-- | hw/sun4u.c | 25 | ||||
-rw-r--r-- | loader.c | 91 | ||||
-rw-r--r-- | sysemu.h | 11 |
4 files changed, 135 insertions, 41 deletions
@@ -182,7 +182,7 @@ static void nvram_init(m48t59_t *nvram, uint8_t *macaddr, const char *cmdline, header->kernel_image = cpu_to_be64((uint64_t)KERNEL_LOAD_ADDR); header->kernel_size = cpu_to_be64((uint64_t)kernel_size); if (cmdline) { - strcpy(phys_ram_base + CMDLINE_ADDR, cmdline); + pstrcpy_targphys(CMDLINE_ADDR, TARGET_PAGE_SIZE, cmdline); header->cmdline = cpu_to_be64((uint64_t)CMDLINE_ADDR); header->cmdline_size = cpu_to_be64((uint64_t)strlen(cmdline)); } @@ -315,7 +315,8 @@ static void secondary_cpu_reset(void *opaque) } static unsigned long sun4m_load_kernel(const char *kernel_filename, - const char *initrd_filename) + const char *initrd_filename, + ram_addr_t RAM_size) { int linux_boot; unsigned int i; @@ -328,11 +329,12 @@ static unsigned long sun4m_load_kernel(const char *kernel_filename, kernel_size = load_elf(kernel_filename, -0xf0000000ULL, NULL, NULL, NULL); if (kernel_size < 0) - kernel_size = load_aout(kernel_filename, - phys_ram_base + KERNEL_LOAD_ADDR); + kernel_size = load_aout(kernel_filename, KERNEL_LOAD_ADDR, + RAM_size - KERNEL_LOAD_ADDR); if (kernel_size < 0) - kernel_size = load_image(kernel_filename, - phys_ram_base + KERNEL_LOAD_ADDR); + kernel_size = load_image_targphys(kernel_filename, + KERNEL_LOAD_ADDR, + RAM_size - KERNEL_LOAD_ADDR); if (kernel_size < 0) { fprintf(stderr, "qemu: could not load kernel '%s'\n", kernel_filename); @@ -342,8 +344,9 @@ static unsigned long sun4m_load_kernel(const char *kernel_filename, /* load initrd */ initrd_size = 0; if (initrd_filename) { - initrd_size = load_image(initrd_filename, - phys_ram_base + INITRD_LOAD_ADDR); + initrd_size = load_image_targphys(initrd_filename, + INITRD_LOAD_ADDR, + RAM_size - INITRD_LOAD_ADDR); if (initrd_size < 0) { fprintf(stderr, "qemu: could not load initial ram disk '%s'\n", initrd_filename); @@ -352,12 +355,9 @@ static unsigned long sun4m_load_kernel(const char *kernel_filename, } if (initrd_size > 0) { for (i = 0; i < 64 * TARGET_PAGE_SIZE; i += TARGET_PAGE_SIZE) { - if (ldl_raw(phys_ram_base + KERNEL_LOAD_ADDR + i) - == 0x48647253) { // HdrS - stl_raw(phys_ram_base + KERNEL_LOAD_ADDR + i + 16, - INITRD_LOAD_ADDR); - stl_raw(phys_ram_base + KERNEL_LOAD_ADDR + i + 20, - initrd_size); + if (ldl_phys(KERNEL_LOAD_ADDR + i) == 0x48647253) { // HdrS + stl_phys(KERNEL_LOAD_ADDR + i + 16, INITRD_LOAD_ADDR); + stl_phys(KERNEL_LOAD_ADDR + i + 20, initrd_size); break; } } @@ -435,7 +435,7 @@ static void sun4m_hw_init(const struct hwdef *hwdef, ram_addr_t RAM_size, snprintf(buf, sizeof(buf), "%s/%s", bios_dir, bios_name); ret = load_elf(buf, hwdef->slavio_base - PROM_VADDR, NULL, NULL, NULL); if (ret < 0 || ret > PROM_SIZE_MAX) - ret = load_image(buf, phys_ram_base + prom_offset); + ret = load_image_targphys(buf, prom_offset, PROM_SIZE_MAX); if (ret < 0 || ret > PROM_SIZE_MAX) { fprintf(stderr, "qemu: could not load prom '%s'\n", buf); @@ -452,10 +452,12 @@ static void sun4m_hw_init(const struct hwdef *hwdef, ram_addr_t RAM_size, hwdef->clock_irq); if (hwdef->idreg_base != (target_phys_addr_t)-1) { - stl_raw(phys_ram_base + prom_offset, 0xfe810103); + static const uint8_t idreg_data[] = { 0xfe, 0x81, 0x01, 0x03 }; - cpu_register_physical_memory(hwdef->idreg_base, sizeof(uint32_t), + cpu_register_physical_memory(hwdef->idreg_base, sizeof(idreg_data), prom_offset | IO_MEM_ROM); + cpu_physical_memory_write_rom(hwdef->idreg_base, idreg_data, + sizeof(idreg_data)); } iommu = iommu_init(hwdef->iommu_base, hwdef->iommu_version, @@ -534,7 +536,8 @@ static void sun4m_hw_init(const struct hwdef *hwdef, ram_addr_t RAM_size, if (hwdef->cs_base != (target_phys_addr_t)-1) cs_init(hwdef->cs_base, hwdef->cs_irq, slavio_intctl); - kernel_size = sun4m_load_kernel(kernel_filename, initrd_filename); + kernel_size = sun4m_load_kernel(kernel_filename, initrd_filename, + RAM_size); nvram_init(nvram, (uint8_t *)&nd_table[0].macaddr, kernel_cmdline, boot_device, RAM_size, kernel_size, graphic_width, @@ -602,7 +605,7 @@ static void sun4c_hw_init(const struct hwdef *hwdef, ram_addr_t RAM_size, snprintf(buf, sizeof(buf), "%s/%s", bios_dir, bios_name); ret = load_elf(buf, hwdef->slavio_base - PROM_VADDR, NULL, NULL, NULL); if (ret < 0 || ret > PROM_SIZE_MAX) - ret = load_image(buf, phys_ram_base + prom_offset); + ret = load_image_targphys(buf, prom_offset, PROM_SIZE_MAX); if (ret < 0 || ret > PROM_SIZE_MAX) { fprintf(stderr, "qemu: could not load prom '%s'\n", buf); @@ -683,7 +686,8 @@ static void sun4c_hw_init(const struct hwdef *hwdef, ram_addr_t RAM_size, esp_scsi_attach(main_esp, drives_table[drive_index].bdrv, i); } - kernel_size = sun4m_load_kernel(kernel_filename, initrd_filename); + kernel_size = sun4m_load_kernel(kernel_filename, initrd_filename, + RAM_size); nvram_init(nvram, (uint8_t *)&nd_table[0].macaddr, kernel_cmdline, boot_device, RAM_size, kernel_size, graphic_width, @@ -1417,7 +1421,7 @@ static void sun4d_hw_init(const struct sun4d_hwdef *hwdef, ram_addr_t RAM_size, snprintf(buf, sizeof(buf), "%s/%s", bios_dir, bios_name); ret = load_elf(buf, hwdef->slavio_base - PROM_VADDR, NULL, NULL, NULL); if (ret < 0 || ret > PROM_SIZE_MAX) - ret = load_image(buf, phys_ram_base + prom_offset); + ret = load_image_targphys(buf, prom_offset, PROM_SIZE_MAX); if (ret < 0 || ret > PROM_SIZE_MAX) { fprintf(stderr, "qemu: could not load prom '%s'\n", buf); @@ -1486,7 +1490,8 @@ static void sun4d_hw_init(const struct sun4d_hwdef *hwdef, ram_addr_t RAM_size, esp_scsi_attach(main_esp, drives_table[drive_index].bdrv, i); } - kernel_size = sun4m_load_kernel(kernel_filename, initrd_filename); + kernel_size = sun4m_load_kernel(kernel_filename, initrd_filename, + RAM_size); nvram_init(nvram, (uint8_t *)&nd_table[0].macaddr, kernel_cmdline, boot_device, RAM_size, kernel_size, graphic_width, @@ -105,7 +105,7 @@ static int sun4u_NVRAM_set_params (m48t59_t *nvram, uint16_t NVRAM_size, header->kernel_image = cpu_to_be64((uint64_t)kernel_image); header->kernel_size = cpu_to_be64((uint64_t)kernel_size); if (cmdline) { - strcpy(phys_ram_base + CMDLINE_ADDR, cmdline); + pstrcpy_targphys(CMDLINE_ADDR, TARGET_PAGE_SIZE, cmdline); header->cmdline = cpu_to_be64((uint64_t)CMDLINE_ADDR); header->cmdline_size = cpu_to_be64((uint64_t)strlen(cmdline)); } @@ -289,11 +289,12 @@ static void sun4u_init(ram_addr_t RAM_size, int vga_ram_size, /* XXX: put correct offset */ kernel_size = load_elf(kernel_filename, 0, NULL, NULL, NULL); if (kernel_size < 0) - kernel_size = load_aout(kernel_filename, - phys_ram_base + KERNEL_LOAD_ADDR); + kernel_size = load_aout(kernel_filename, KERNEL_LOAD_ADDR, + ram_size - KERNEL_LOAD_ADDR); if (kernel_size < 0) - kernel_size = load_image(kernel_filename, - phys_ram_base + KERNEL_LOAD_ADDR); + kernel_size = load_image_targphys(kernel_filename, + KERNEL_LOAD_ADDR, + ram_size - KERNEL_LOAD_ADDR); if (kernel_size < 0) { fprintf(stderr, "qemu: could not load kernel '%s'\n", kernel_filename); @@ -302,8 +303,9 @@ static void sun4u_init(ram_addr_t RAM_size, int vga_ram_size, /* load initrd */ if (initrd_filename) { - initrd_size = load_image(initrd_filename, - phys_ram_base + INITRD_LOAD_ADDR); + initrd_size = load_image_targphys(initrd_filename, + INITRD_LOAD_ADDR, + ram_size - INITRD_LOAD_ADDR); if (initrd_size < 0) { fprintf(stderr, "qemu: could not load initial ram disk '%s'\n", initrd_filename); @@ -312,12 +314,9 @@ static void sun4u_init(ram_addr_t RAM_size, int vga_ram_size, } if (initrd_size > 0) { for (i = 0; i < 64 * TARGET_PAGE_SIZE; i += TARGET_PAGE_SIZE) { - if (ldl_raw(phys_ram_base + KERNEL_LOAD_ADDR + i) - == 0x48647253) { // HdrS - stl_raw(phys_ram_base + KERNEL_LOAD_ADDR + i + 16, - INITRD_LOAD_ADDR); - stl_raw(phys_ram_base + KERNEL_LOAD_ADDR + i + 20, - initrd_size); + if (ldl_phys(KERNEL_LOAD_ADDR + i) == 0x48647253) { // HdrS + stl_phys(KERNEL_LOAD_ADDR + i + 16, INITRD_LOAD_ADDR); + stl_phys(KERNEL_LOAD_ADDR + i + 20, initrd_size); break; } } @@ -39,6 +39,7 @@ int get_image_size(const char *filename) } /* return the size or -1 if error */ +/* deprecated, because caller does not specify buffer size! */ int load_image(const char *filename, uint8_t *addr) { int fd, size; @@ -55,6 +56,84 @@ int load_image(const char *filename, uint8_t *addr) return size; } +/* return the amount read, just like fread. 0 may mean error or eof */ +int fread_targphys(target_phys_addr_t dst_addr, size_t nbytes, FILE *f) +{ + uint8_t buf[4096]; + target_phys_addr_t dst_begin = dst_addr; + size_t want, did; + + while (nbytes) { + want = nbytes > sizeof(buf) ? sizeof(buf) : nbytes; + did = fread(buf, 1, want, f); + if (did != want) break; + + cpu_physical_memory_write_rom(dst_addr, buf, did); + dst_addr += did; + nbytes -= did; + } + return dst_addr - dst_begin; +} + +/* returns 0 on error, 1 if ok */ +int fread_targphys_ok(target_phys_addr_t dst_addr, size_t nbytes, FILE *f) +{ + return fread_targphys(dst_addr, nbytes, f) == nbytes; +} + +/* read()-like version */ +int read_targphys(int fd, target_phys_addr_t dst_addr, size_t nbytes) +{ + uint8_t buf[4096]; + target_phys_addr_t dst_begin = dst_addr; + size_t want, did; + + while (nbytes) { + want = nbytes > sizeof(buf) ? sizeof(buf) : nbytes; + did = read(fd, buf, want); + if (did != want) break; + + cpu_physical_memory_write_rom(dst_addr, buf, did); + dst_addr += did; + nbytes -= did; + } + return dst_addr - dst_begin; +} + +/* return the size or -1 if error */ +int load_image_targphys(const char *filename, + target_phys_addr_t addr, int max_sz) +{ + FILE *f; + size_t got; + + f = fopen(filename, "rb"); + if (!f) return -1; + + got = fread_targphys(addr, max_sz, f); + if (ferror(f)) { fclose(f); return -1; } + fclose(f); + + return got; +} + +void pstrcpy_targphys(target_phys_addr_t dest, int buf_size, + const char *source) +{ + static const uint8_t nul_byte = 0; + const char *nulp; + + if (buf_size <= 0) return; + nulp = memchr(source, 0, buf_size); + if (nulp) { + cpu_physical_memory_write_rom(dest, (uint8_t *)source, + (nulp - source) + 1); + } else { + cpu_physical_memory_write_rom(dest, (uint8_t *)source, buf_size - 1); + cpu_physical_memory_write_rom(dest, &nul_byte, 1); + } +} + /* A.OUT loader */ struct exec @@ -105,7 +184,7 @@ static void bswap_ahdr(struct exec *e) : (_N_SEGMENT_ROUND (_N_TXTENDADDR(x)))) -int load_aout(const char *filename, uint8_t *addr) +int load_aout(const char *filename, target_phys_addr_t addr, int max_sz) { int fd, size, ret; struct exec e; @@ -126,17 +205,21 @@ int load_aout(const char *filename, uint8_t *addr) case ZMAGIC: case QMAGIC: case OMAGIC: + if (e.a_text + e.a_data > max_sz) + goto fail; lseek(fd, N_TXTOFF(e), SEEK_SET); - size = read(fd, addr, e.a_text + e.a_data); + size = read_targphys(fd, addr, e.a_text + e.a_data); if (size < 0) goto fail; break; case NMAGIC: + if (N_DATADDR(e) + e.a_data > max_sz) + goto fail; lseek(fd, N_TXTOFF(e), SEEK_SET); - size = read(fd, addr, e.a_text); + size = read_targphys(fd, addr, e.a_text); if (size < 0) goto fail; - ret = read(fd, addr + N_DATADDR(e), e.a_data); + ret = read_targphys(fd, addr + N_DATADDR(e), e.a_data); if (ret < 0) goto fail; size += ret; @@ -151,11 +151,18 @@ extern CharDriverState *parallel_hds[MAX_PARALLEL_PORTS]; #ifdef NEED_CPU_H /* loader.c */ int get_image_size(const char *filename); -int load_image(const char *filename, uint8_t *addr); +int load_image(const char *filename, uint8_t *addr); /* deprecated */ +int load_image_targphys(const char *filename, target_phys_addr_t, int max_sz); int load_elf(const char *filename, int64_t virt_to_phys_addend, uint64_t *pentry, uint64_t *lowaddr, uint64_t *highaddr); -int load_aout(const char *filename, uint8_t *addr); +int load_aout(const char *filename, target_phys_addr_t addr, int max_sz); int load_uboot(const char *filename, target_ulong *ep, int *is_linux); + +int fread_targphys(target_phys_addr_t dst_addr, size_t nbytes, FILE *f); +int fread_targphys_ok(target_phys_addr_t dst_addr, size_t nbytes, FILE *f); +int read_targphys(int fd, target_phys_addr_t dst_addr, size_t nbytes); +void pstrcpy_targphys(target_phys_addr_t dest, int buf_size, + const char *source); #endif #ifdef HAS_AUDIO |