Hi Matt,
On 21/5/26 07:58, Matt Turner wrote:
mips64/elfload.c uses #include "../mips/elfload.c" to share code. When
the compiler processes mips/elfload.c the quoted #include "target_elf.h"
resolves relative to the including file's directory, so it picks up
mips/target_elf.h instead of mips64/target_elf.h. mips/target_elf.h
pulls in mips/target_ptrace.h, whose target_pt_regs has a pad0[6] field
before regs[]. As a result elf_core_copy_regs writes:
r->pt.regs[i] -> reserved[6+i] (shifted by 6 from the correct index)
r->pt.cp0_epc -> reserved[40] (correct mips64 N64 index is 34)
The Linux kernel and glibc both use the mips64 N64 layout (no pad0): EPC
at reserved[34]. Debuggers and libunwind reading the core with N64
constants therefore see a completely wrong register set — EPC points to
GP, RA holds the branch target instead of the link address, etc.
Fix by:
- Guarding the mips32 elf_core_copy_regs in mips/elfload.c with #ifndef
TARGET_MIPS64 so it is not compiled for mips64/mipsn32 targets.
- Providing a mips64-specific elf_core_copy_regs in mips64/elfload.c
that writes directly to r->reserved[i] with the correct N64 indices,
bypassing the struct field names that are tainted by the wrong header
include.
The mipsn32 (TARGET_ABI_MIPSN32) and mips64el targets are covered by the
same mips64/elfload.c and benefit from the same fix.
Signed-off-by: Matt Turner <[email protected]>
Cc: [email protected]
---
linux-user/mips/elfload.c | 2 ++
linux-user/mips64/elfload.c | 29 +++++++++++++++++++++++++++++
2 files changed, 31 insertions(+)
diff --git ./linux-user/mips/elfload.c ./linux-user/mips/elfload.c
index cc5bbf05ab..1a46e180cf 100644
--- ./linux-user/mips/elfload.c
+++ ./linux-user/mips/elfload.c
@@ -131,6 +131,7 @@ const char *get_elf_base_platform(CPUState *cs)
#undef MATCH_PLATFORM_INSN
/* See linux kernel: arch/mips/kernel/process.c:elf_dump_regs. */
+#ifndef TARGET_MIPS64
void elf_core_copy_regs(target_elf_gregset_t *r, const CPUMIPSState *env)
{
for (int i = 1; i < ARRAY_SIZE(env->active_tc.gpr); i++) {
@@ -146,3 +147,4 @@ void elf_core_copy_regs(target_elf_gregset_t *r, const
CPUMIPSState *env)
r->pt.cp0_status = tswapl(env->CP0_Status);
r->pt.cp0_cause = tswapl(env->CP0_Cause);
tswapl now expands to tswap32 and could be inlined for clarity,
}
+#endif
diff --git ./linux-user/mips64/elfload.c ./linux-user/mips64/elfload.c
index b719555e65..d19e5f2439 100644
--- ./linux-user/mips64/elfload.c
+++ ./linux-user/mips64/elfload.c
@@ -1 +1,30 @@
#include "../mips/elfload.c"
+
+/*
+ * mips/elfload.c defines elf_core_copy_regs guarded by #ifndef TARGET_MIPS64.
+ *
+ * We must provide the mips64 version here. We cannot use r->pt.regs[] because
+ * when mips/elfload.c is #include'd above its "#include "target_elf.h""
resolves
+ * to mips/target_elf.h (compiler searches the including file's directory
first),
+ * which pulls in mips/target_ptrace.h. That struct has pad0[6] before regs[],
+ * so r->pt.regs[i] writes to reserved[6+i] — offset by 6 from what the kernel
+ * and glibc expect for the N64 ABI (EPC at reserved[34], not reserved[40]).
+ *
+ * Write directly to reserved[] using the mips64 N64 index layout:
+ * R0-R31 at reserved[0..31], LO at [32], HI at [33], EPC at [34].
+ */
+void elf_core_copy_regs(target_elf_gregset_t *r, const CPUMIPSState *env)
+{
+ /* R0 is always 0; r->reserved is zero-initialised by the caller */
+ for (int i = 1; i < 32; i++) {
+ r->reserved[i] = tswapl(env->active_tc.gpr[i]);
+ }
+ r->reserved[26] = 0; /* k0 */
+ r->reserved[27] = 0; /* k1 */
+ r->reserved[32] = tswapl(env->active_tc.LO[0]);
+ r->reserved[33] = tswapl(env->active_tc.HI[0]);
+ r->reserved[34] = tswapl(env->active_tc.PC);
+ r->reserved[35] = tswapl(env->CP0_BadVAddr);
+ r->reserved[36] = tswapl(env->CP0_Status);
+ r->reserved[37] = tswapl(env->CP0_Cause);
and this expands to tswap64; directly use it.
+}
