mips64/elfload.c uses #include "../mips/elfload.c" to share code. When the compiler processes mips/elfload.c the quoted #include "target_elf.h" resolves relative to the including file's directory, so it picks up mips/target_elf.h instead of mips64/target_elf.h. mips/target_elf.h pulls in mips/target_ptrace.h, whose target_pt_regs has a pad0[6] field before regs[]. As a result elf_core_copy_regs writes:
r->pt.regs[i] -> reserved[6+i] (shifted by 6 from the correct index) r->pt.cp0_epc -> reserved[40] (correct mips64 N64 index is 34) The Linux kernel and glibc both use the mips64 N64 layout (no pad0): EPC at reserved[34]. Debuggers and libunwind reading the core with N64 constants therefore see a completely wrong register set — EPC points to GP, RA holds the branch target instead of the link address, etc. Fix by: - Guarding the mips32 elf_core_copy_regs in mips/elfload.c with #ifndef TARGET_MIPS64 so it is not compiled for mips64/mipsn32 targets. - Providing a mips64-specific elf_core_copy_regs in mips64/elfload.c that writes directly to r->reserved[i] with the correct N64 indices, bypassing the struct field names that are tainted by the wrong header include. The mipsn32 (TARGET_ABI_MIPSN32) and mips64el targets are covered by the same mips64/elfload.c and benefit from the same fix. Signed-off-by: Matt Turner <[email protected]> Cc: [email protected] --- linux-user/mips/elfload.c | 2 ++ linux-user/mips64/elfload.c | 29 +++++++++++++++++++++++++++++ 2 files changed, 31 insertions(+) diff --git ./linux-user/mips/elfload.c ./linux-user/mips/elfload.c index cc5bbf05ab..1a46e180cf 100644 --- ./linux-user/mips/elfload.c +++ ./linux-user/mips/elfload.c @@ -131,6 +131,7 @@ const char *get_elf_base_platform(CPUState *cs) #undef MATCH_PLATFORM_INSN /* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs. */ +#ifndef TARGET_MIPS64 void elf_core_copy_regs(target_elf_gregset_t *r, const CPUMIPSState *env) { for (int i = 1; i < ARRAY_SIZE(env->active_tc.gpr); i++) { @@ -146,3 +147,4 @@ void elf_core_copy_regs(target_elf_gregset_t *r, const CPUMIPSState *env) r->pt.cp0_status = tswapl(env->CP0_Status); r->pt.cp0_cause = tswapl(env->CP0_Cause); } +#endif diff --git ./linux-user/mips64/elfload.c ./linux-user/mips64/elfload.c index b719555e65..d19e5f2439 100644 --- ./linux-user/mips64/elfload.c +++ ./linux-user/mips64/elfload.c @@ -1 +1,30 @@ #include "../mips/elfload.c" + +/* + * mips/elfload.c defines elf_core_copy_regs guarded by #ifndef TARGET_MIPS64. + * + * We must provide the mips64 version here. We cannot use r->pt.regs[] because + * when mips/elfload.c is #include'd above its "#include "target_elf.h"" resolves + * to mips/target_elf.h (compiler searches the including file's directory first), + * which pulls in mips/target_ptrace.h. That struct has pad0[6] before regs[], + * so r->pt.regs[i] writes to reserved[6+i] — offset by 6 from what the kernel + * and glibc expect for the N64 ABI (EPC at reserved[34], not reserved[40]). + * + * Write directly to reserved[] using the mips64 N64 index layout: + * R0-R31 at reserved[0..31], LO at [32], HI at [33], EPC at [34]. + */ +void elf_core_copy_regs(target_elf_gregset_t *r, const CPUMIPSState *env) +{ + /* R0 is always 0; r->reserved is zero-initialised by the caller */ + for (int i = 1; i < 32; i++) { + r->reserved[i] = tswapl(env->active_tc.gpr[i]); + } + r->reserved[26] = 0; /* k0 */ + r->reserved[27] = 0; /* k1 */ + r->reserved[32] = tswapl(env->active_tc.LO[0]); + r->reserved[33] = tswapl(env->active_tc.HI[0]); + r->reserved[34] = tswapl(env->active_tc.PC); + r->reserved[35] = tswapl(env->CP0_BadVAddr); + r->reserved[36] = tswapl(env->CP0_Status); + r->reserved[37] = tswapl(env->CP0_Cause); +} -- 2.53.0
