Ronald G. Minnich | a8a133d | 2013-12-30 13:16:18 -0800 | [diff] [blame] | 1 | /* |
| 2 | * elf header parsing. |
| 3 | * |
| 4 | * Copyright (C) 2013 Google, Inc. |
| 5 | * |
| 6 | * This program is free software; you can redistribute it and/or modify |
| 7 | * it under the terms of the GNU General Public License as published by |
| 8 | * the Free Software Foundation; version 2 of the License. |
| 9 | * |
| 10 | * This program is distributed in the hope that it will be useful, |
| 11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 13 | * GNU General Public License for more details. |
| 14 | * |
| 15 | * You should have received a copy of the GNU General Public License |
| 16 | * along with this program; if not, write to the Free Software |
| 17 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA, 02110-1301 USA |
| 18 | */ |
| 19 | |
| 20 | #include <stdio.h> |
| 21 | #include <stdlib.h> |
| 22 | #include <string.h> |
| 23 | |
| 24 | #include "elf.h" |
| 25 | #include "common.h" |
| 26 | #include "cbfs.h" |
| 27 | |
| 28 | /* |
| 29 | * Short form: this is complicated, but we've tried making it simple |
| 30 | * and we keep hitting problems with our ELF parsing. |
| 31 | * |
| 32 | * The ELF parsing situation has always been a bit tricky. In fact, |
| 33 | * we (and most others) have been getting it wrong in small ways for |
| 34 | * years. Recently this has caused real trouble for the ARM V8 build. |
| 35 | * In this file we attempt to finally get it right for all variations |
| 36 | * of endian-ness and word size and target architectures and |
| 37 | * architectures we might get run on. Phew!. To do this we borrow a |
| 38 | * page from the FreeBSD NFS xdr model (see elf_ehdr and elf_phdr), |
| 39 | * the Plan 9 endianness functions (see xdr.c), and Go interfaces (see |
| 40 | * how we use buffer structs in this file). This ends up being a bit |
| 41 | * wordy at the lowest level, but greatly simplifies the elf parsing |
| 42 | * code and removes a common source of bugs, namely, forgetting to |
| 43 | * flip type endianness when referencing a struct member. |
| 44 | * |
| 45 | * ELF files can have four combinations of data layout: 32/64, and |
| 46 | * big/little endian. Further, to add to the fun, depending on the |
| 47 | * word size, the size of the ELF structs varies. The coreboot SELF |
| 48 | * format is simpler in theory: it's supposed to be always BE, and the |
| 49 | * various struct members allow room for growth: the entry point is |
| 50 | * always 64 bits, for example, so the size of a SELF struct is |
| 51 | * constant, regardless of target architecture word size. Hence, we |
| 52 | * need to do some transformation of the ELF files. |
| 53 | * |
| 54 | * A given architecture, realistically, only supports one of the four |
| 55 | * combinations at a time as the 'native' format. Hence, our code has |
| 56 | * been sprinkled with every variation of [nh]to[hn][sll] over the |
| 57 | * years. We've never quite gotten it all right, however, and a quick |
| 58 | * pass over this code revealed another bug. It's all worked because, |
| 59 | * until now, all the working platforms that had CBFS were 32 LE. Even then, |
| 60 | * however, bugs crept in: we recently realized that we're not |
| 61 | * transforming the entry point to big format when we store into the |
| 62 | * SELF image. |
| 63 | * |
| 64 | * The problem is essentially an XDR operation: |
| 65 | * we have something in a foreign format and need to transform it. |
| 66 | * It's most like XDR because: |
| 67 | * 1) the byte order can be wrong |
| 68 | * 2) the word size can be wrong |
| 69 | * 3) the size of elements in the stream depends on the value |
| 70 | * of other elements in the stream |
| 71 | * it's not like XDR because: |
| 72 | * 1) the byte order can be right |
| 73 | * 2) the word size can be right |
| 74 | * 3) the struct members are all on a natural alignment |
| 75 | * |
| 76 | * Hence, this new approach. To cover word size issues, we *always* |
| 77 | * transform the two structs we care about, the file header and |
| 78 | * program header, into a native struct in the 64 bit format: |
| 79 | * |
| 80 | * [32,little] -> [Elf64_Ehdr, Elf64_Phdr] |
| 81 | * [64,little] -> [Elf64_Ehdr, Elf64_Phdr] |
| 82 | * [32,big] -> [Elf64_Ehdr, Elf64_Phdr] |
| 83 | * [64,big] -> [Elf64_Ehdr, Elf64_Phdr] |
| 84 | * Then we just use those structs, and all the need for inline ntoh* goes away, |
| 85 | * as well as all the chances for error. |
| 86 | * This works because all the SELF structs have fields large enough for |
| 87 | * the largest ELF 64 struct members, and all the Elf64 struct members |
| 88 | * are at least large enough for all ELF 32 struct members. |
| 89 | * We end up with one function to do all our ELF parsing, and two functions |
| 90 | * to transform the headers. For the put case, we also have |
| 91 | * XDR functions, and hopefully we'll never again spend 5 years with the |
| 92 | * wrong endian-ness on an output value :-) |
| 93 | * This should work for all word sizes and endianness we hope to target. |
| 94 | * I *really* don't want to be here for 128 bit addresses. |
| 95 | * |
| 96 | * The parse functions are called with a pointer to an input buffer |
| 97 | * struct. One might ask: are there enough bytes in the input buffer? |
| 98 | * We know there need to be at *least* sizeof(Elf32_Ehdr) + |
| 99 | * sizeof(Elf32_Phdr) bytes. Realistically, there has to be some data |
| 100 | * too. If we start to worry, though we have not in the past, we |
| 101 | * might apply the simple test: the input buffer needs to be at least |
| 102 | * sizeof(Elf64_Ehdr) + sizeof(Elf64_Phdr) bytes because, even if it's |
| 103 | * ELF 32, there's got to be *some* data! This is not theoretically |
| 104 | * accurate but it is actually good enough in practice. It allows the |
| 105 | * header transformation code to ignore the possibility of underrun. |
| 106 | * |
| 107 | * We also must accomodate different ELF files, and hence formats, |
| 108 | * in the same cbfs invocation. We might load a 64-bit payload |
| 109 | * on a 32-bit machine; we might even have a mixed armv7/armv8 |
| 110 | * SOC or even a system with an x86/ARM! |
| 111 | * |
| 112 | * A possibly problematic (though unlikely to be so) assumption |
| 113 | * is that we expect the BIOS to remain in the lowest 32 bits |
| 114 | * of the physical address space. Since ARMV8 has standardized |
| 115 | * on that, and x86_64 also has, this seems a safe assumption. |
| 116 | * |
| 117 | * To repeat, ELF structs are different sizes because ELF struct |
| 118 | * members are different sizes, depending on values in the ELF file |
| 119 | * header. For this we use the functions defined in xdr.c, which |
| 120 | * consume bytes, convert the endianness, and advance the data pointer |
| 121 | * in the buffer struct. |
| 122 | */ |
| 123 | |
| 124 | /* Get the ident array, so we can figure out |
| 125 | * endian-ness, word size, and in future other useful |
| 126 | * parameters |
| 127 | */ |
| 128 | static void |
| 129 | elf_eident(struct buffer *input, Elf64_Ehdr *ehdr) |
| 130 | { |
| 131 | memmove(ehdr->e_ident, input->data, sizeof(ehdr->e_ident)); |
| 132 | input->data += sizeof(ehdr->e_ident); |
| 133 | input->size -= sizeof(ehdr->e_ident); |
| 134 | } |
| 135 | |
| 136 | |
| 137 | static void |
| 138 | elf_ehdr(struct buffer *input, Elf64_Ehdr *ehdr, struct xdr *xdr, int bit64) |
| 139 | { |
| 140 | ehdr->e_type = xdr->get16(input); |
| 141 | ehdr->e_machine = xdr->get16(input); |
| 142 | ehdr->e_version = xdr->get32(input); |
| 143 | if (bit64){ |
| 144 | ehdr->e_entry = xdr->get64(input); |
| 145 | ehdr->e_phoff = xdr->get64(input); |
| 146 | ehdr->e_shoff = xdr->get64(input); |
| 147 | } else { |
| 148 | ehdr->e_entry = xdr->get32(input); |
| 149 | ehdr->e_phoff = xdr->get32(input); |
| 150 | ehdr->e_shoff = xdr->get32(input); |
| 151 | } |
| 152 | ehdr->e_flags = xdr->get32(input); |
| 153 | ehdr->e_ehsize = xdr->get16(input); |
| 154 | ehdr->e_phentsize = xdr->get16(input); |
| 155 | ehdr->e_phnum = xdr->get16(input); |
| 156 | ehdr->e_shentsize = xdr->get16(input); |
| 157 | ehdr->e_shnum = xdr->get16(input); |
| 158 | ehdr->e_shstrndx = xdr->get16(input); |
| 159 | } |
| 160 | |
| 161 | static void |
| 162 | elf_phdr(struct buffer *pinput, Elf64_Phdr *phdr, |
| 163 | int entsize, struct xdr *xdr, int bit64) |
| 164 | { |
| 165 | /* |
| 166 | * The entsize need not be sizeof(*phdr). |
| 167 | * Hence, it is easier to keep a copy of the input, |
| 168 | * as the xdr functions may not advance the input |
| 169 | * pointer the full entsize; rather than get tricky |
| 170 | * we just advance it below. |
| 171 | */ |
| 172 | struct buffer input = *pinput; |
| 173 | if (bit64){ |
| 174 | phdr->p_type = xdr->get32(&input); |
| 175 | phdr->p_flags = xdr->get32(&input); |
| 176 | phdr->p_offset = xdr->get64(&input); |
| 177 | phdr->p_vaddr = xdr->get64(&input); |
| 178 | phdr->p_paddr = xdr->get64(&input); |
| 179 | phdr->p_filesz = xdr->get64(&input); |
| 180 | phdr->p_memsz = xdr->get64(&input); |
| 181 | phdr->p_align = xdr->get64(&input); |
| 182 | } else { |
| 183 | phdr->p_type = xdr->get32(&input); |
| 184 | phdr->p_offset = xdr->get32(&input); |
| 185 | phdr->p_vaddr = xdr->get32(&input); |
| 186 | phdr->p_paddr = xdr->get32(&input); |
| 187 | phdr->p_filesz = xdr->get32(&input); |
| 188 | phdr->p_memsz = xdr->get32(&input); |
| 189 | phdr->p_flags = xdr->get32(&input); |
| 190 | phdr->p_align = xdr->get32(&input); |
| 191 | } |
| 192 | pinput->size -= entsize; |
| 193 | pinput->data += entsize; |
| 194 | } |
| 195 | |
| 196 | static void |
| 197 | elf_shdr(struct buffer *pinput, Elf64_Shdr *shdr, |
| 198 | int entsize, struct xdr *xdr, int bit64) |
| 199 | { |
| 200 | /* |
| 201 | * The entsize need not be sizeof(*shdr). |
| 202 | * Hence, it is easier to keep a copy of the input, |
| 203 | * as the xdr functions may not advance the input |
| 204 | * pointer the full entsize; rather than get tricky |
| 205 | * we just advance it below. |
| 206 | */ |
| 207 | struct buffer input = *pinput; |
| 208 | if (bit64){ |
| 209 | shdr->sh_name = xdr->get32(&input); |
| 210 | shdr->sh_type = xdr->get32(&input); |
| 211 | shdr->sh_flags = xdr->get64(&input); |
| 212 | shdr->sh_addr = xdr->get64(&input); |
| 213 | shdr->sh_offset = xdr->get64(&input); |
| 214 | shdr->sh_size= xdr->get64(&input); |
| 215 | shdr->sh_link = xdr->get32(&input); |
| 216 | shdr->sh_info = xdr->get32(&input); |
| 217 | shdr->sh_addralign = xdr->get64(&input); |
| 218 | shdr->sh_entsize = xdr->get64(&input); |
| 219 | } else { |
| 220 | shdr->sh_name = xdr->get32(&input); |
| 221 | shdr->sh_type = xdr->get32(&input); |
| 222 | shdr->sh_flags = xdr->get32(&input); |
| 223 | shdr->sh_addr = xdr->get32(&input); |
| 224 | shdr->sh_offset = xdr->get32(&input); |
| 225 | shdr->sh_size = xdr->get32(&input); |
| 226 | shdr->sh_link = xdr->get32(&input); |
| 227 | shdr->sh_info = xdr->get32(&input); |
| 228 | shdr->sh_addralign = xdr->get32(&input); |
| 229 | shdr->sh_entsize = xdr->get32(&input); |
| 230 | } |
| 231 | pinput->size -= entsize; |
| 232 | pinput->data += entsize; |
| 233 | } |
| 234 | |
| 235 | /* Get the headers from the buffer. |
| 236 | * Return -1 in the event of an error. |
| 237 | * The section headers are optional; if NULL |
| 238 | * is passed in for pshdr they won't be parsed. |
| 239 | * We don't (yet) make payload parsing optional |
| 240 | * because we've never seen a use case. |
| 241 | */ |
| 242 | int |
| 243 | elf_headers(const struct buffer *pinput, |
Alexandru Gagniuc | 35850ae | 2014-02-02 22:37:28 -0600 | [diff] [blame] | 244 | uint32_t arch, |
Ronald G. Minnich | a8a133d | 2013-12-30 13:16:18 -0800 | [diff] [blame] | 245 | Elf64_Ehdr *ehdr, |
| 246 | Elf64_Phdr **pphdr, |
| 247 | Elf64_Shdr **pshdr) |
| 248 | { |
| 249 | int i; |
| 250 | struct xdr *xdr = &xdr_le; |
| 251 | int bit64 = 0; |
| 252 | struct buffer input = *(struct buffer *)pinput; |
| 253 | struct buffer phdr_buf; |
| 254 | struct buffer shdr_buf; |
| 255 | Elf64_Phdr *phdr; |
| 256 | Elf64_Shdr *shdr; |
| 257 | |
| 258 | if (!iself((unsigned char *)pinput->data)) { |
| 259 | ERROR("The stage file is not in ELF format!\n"); |
| 260 | return -1; |
| 261 | } |
| 262 | |
| 263 | elf_eident(&input, ehdr); |
| 264 | bit64 = ehdr->e_ident[EI_CLASS] == ELFCLASS64; |
| 265 | /* Assume LE unless we are sure otherwise. |
| 266 | * We're not going to take on the task of |
| 267 | * fully validating the ELF file. That way |
| 268 | * lies madness. |
| 269 | */ |
| 270 | if (ehdr->e_ident[EI_DATA] == ELFDATA2MSB) |
| 271 | xdr = &xdr_be; |
| 272 | |
| 273 | elf_ehdr(&input, ehdr, xdr, bit64); |
| 274 | |
| 275 | // The tool may work in architecture-independent way. |
| 276 | if (arch != CBFS_ARCHITECTURE_UNKNOWN && |
| 277 | !((ehdr->e_machine == EM_ARM) && (arch == CBFS_ARCHITECTURE_ARMV7)) && |
| 278 | !((ehdr->e_machine == EM_386) && (arch == CBFS_ARCHITECTURE_X86))) { |
| 279 | ERROR("The stage file has the wrong architecture\n"); |
| 280 | return -1; |
| 281 | } |
| 282 | |
| 283 | if (pinput->size < ehdr->e_phoff){ |
| 284 | ERROR("The program header offset is greater than " |
| 285 | "the remaining file size." |
| 286 | "%ld bytes left, program header offset is %ld \n", |
| 287 | pinput->size, ehdr->e_phoff); |
| 288 | return -1; |
| 289 | } |
| 290 | /* cons up an input buffer for the headers. |
| 291 | * Note that the program headers can be anywhere, |
| 292 | * per the ELF spec, You'd be surprised how many ELF |
| 293 | * readers miss this little detail. |
| 294 | */ |
| 295 | phdr_buf.data = &pinput->data[ehdr->e_phoff]; |
| 296 | phdr_buf.size = ehdr->e_phentsize * ehdr->e_phnum; |
| 297 | if (phdr_buf.size > (pinput->size - ehdr->e_phoff)){ |
| 298 | ERROR("The file is not large enough for the program headers." |
| 299 | "%ld bytes left, %ld bytes of headers\n", |
| 300 | pinput->size - ehdr->e_phoff, phdr_buf.size); |
| 301 | return -1; |
| 302 | } |
| 303 | /* gather up all the phdrs. |
| 304 | * We do them all at once because there is more |
| 305 | * than one loop over all the phdrs. |
| 306 | */ |
| 307 | phdr = calloc(sizeof(*phdr), ehdr->e_phnum); |
| 308 | for (i = 0; i < ehdr->e_phnum; i++) |
| 309 | elf_phdr(&phdr_buf, &phdr[i], ehdr->e_phentsize, xdr, bit64); |
| 310 | *pphdr = phdr; |
| 311 | |
| 312 | if (!pshdr) |
| 313 | return 0; |
| 314 | |
| 315 | if (pinput->size < ehdr->e_shoff){ |
| 316 | ERROR("The section header offset is greater than " |
| 317 | "the remaining file size." |
| 318 | "%ld bytes left, program header offset is %ld \n", |
| 319 | pinput->size, ehdr->e_shoff); |
| 320 | return -1; |
| 321 | } |
| 322 | /* cons up an input buffer for the section headers. |
| 323 | * Note that the section headers can be anywhere, |
| 324 | * per the ELF spec, You'd be surprised how many ELF |
| 325 | * readers miss this little detail. |
| 326 | */ |
| 327 | shdr_buf.data = &pinput->data[ehdr->e_shoff]; |
| 328 | shdr_buf.size = ehdr->e_shentsize * ehdr->e_shnum; |
| 329 | if (shdr_buf.size > (pinput->size - ehdr->e_shoff)){ |
| 330 | ERROR("The file is not large enough for the section headers." |
| 331 | "%ld bytes left, %ld bytes of headers\n", |
| 332 | pinput->size - ehdr->e_shoff, shdr_buf.size); |
| 333 | return -1; |
| 334 | } |
| 335 | /* gather up all the shdrs. */ |
| 336 | |
| 337 | shdr = calloc(sizeof(*shdr), ehdr->e_shnum); |
| 338 | for (i = 0; i < ehdr->e_shnum; i++) |
| 339 | elf_shdr(&shdr_buf, &shdr[i], ehdr->e_shentsize, xdr, bit64); |
| 340 | *pshdr = shdr; |
| 341 | |
| 342 | return 0; |
| 343 | } |
| 344 | |