On 19.06.2026 00:54, Helge Deller wrote:
From: Akshit Yadav <[email protected]>When a binary is patched or relocated such that the program header table is moved into a separate PT_LOAD segment (rather than sitting at the start of the first loadable segment), QEMU's AT_PHDR auxv entry becomes incorrect. The loader was computing AT_PHDR as load_addr + e_phoff, which assumes the headers are mapped 1:1 from file offset 0. This breaks when the headers are elsewhere. The Linux kernel instead locates the PT_LOAD segment that contains e_phoff, then computes the in-memory address as p_vaddr + (e_phoff - p_offset). This correctly handles relocated headers. Fix by: 1. Add phdr_addr field to image_info to cache the resolved address. 2. Initialize to load_addr + e_phoff (fallback for headers outside any PT_LOAD). 3. In the PT_LOAD mapping loop, detect if the segment contains e_phoff and override with the segment-relative address. 4. Use info->phdr_addr for AT_PHDR instead of the incorrect formula. Signed-off-by: Akshit Yadav <[email protected]> Reviewed-by: Helge Deller <[email protected]> --- linux-user/elfload.c | 21 ++++++++++++++++++++- linux-user/qemu.h | 1 + 2 files changed, 21 insertions(+), 1 deletion(-)
Despite being a sort-of niche issue, it looks like a good candidate for stable qemu series too, - this didn't come out of void and had real impact. I'm picking this one up for current stable qemu series (10.0, 10.2, 11.0), please let me know if I shouldn't. Thanks, /mjt
