Re: [Qemu-devel] qemu-user: relocating target code weakness

[Mulyadi Santosa]

Pardon me for any possibly stupid answer...so here we come :)

On Mon, Jan 24, 2011 at 18:34, Stefano Bonifazi
<address@hidden> wrote:
> First of all:
>>
>> info->start_mmap = (abi_ulong)ELF_START_MMAP;
>
> What is this?

Start address in which address the ELF code section, in reality (not
under qemu-user) should be mapped. in x86 32 bit it's 08048000, you
can check it by yourself by executing:
cat /proc/self/maps

however, as you already know, it might be relocated elsewhere if the
code is PIC or PIE (Position Independent Executable).

I wrote an article about understanding ELF years ago, here is the URL:
http://www.linuxforums.org/articles/understanding-elf-using-readelf-and-objdump_125.html

>what is start_mmap supposed to point at at the end? Why that
> static value is chosen at the beginning?

in qemu 0.13.0, linux-user/elfload.c, lines around 1728 to 1761, you
will find that start_mmap is kinda an address that is the result of
mmap operation that will be filled with the code in code section. It
will be a "hint" on which address the guest code really points when
dealing with memory address.

I dare to guess that, every code executed in the guest...when
referring to virtual address, will be get substracted by the delta of
ELF_START_MMAP and real_base.

 It's like "hey, it's written A in the code, but it's mapped in B, ok
so the delta is A-B, call it X. Then every address in the code should
be substracted (or added, depending on how you see it) with X, then it
will point in qemu mmaped VMA"

See the codes, read it slowly, you wil get the idea.
I am claiming I know it 100%, but I think that's the way it is

PS: IMHO the real guru is still the one and only  Fabrice Bellard, too
bad he's out of qemu.

-- 
regards,

Mulyadi Santosa
Freelance Linux trainer and consultant

blog: the-hydra.blogspot.com
training: mulyaditraining.blogspot.com