Merge branch 'dev' of github.com:xwings/qiling into dev

Author: xwings

qiling/debugger/gdb/utils.py

@@ -37,7 +37,7 @@ def initialize(self, ql, hook_address, exit_point=None, mappings=None):
     def entry_point_hook(self, ql, *args, **kwargs):
         self.ql.hook_del(self._tmp_hook)
         self.ql.hook_code(self.dbg_hook)
-        self.ql.os.stop()
+        self.ql.stop()
         self.ql.log.info("gdb> Stop at entry point: %#x" % self.ql.reg.arch_pc)
 
     def dbg_hook(self, ql, address, size):
@@ -64,7 +64,7 @@ def dbg_hook(self, ql, address, size):
                     self.skip_bp_count -= 1
                 else:
                     self.breakpoint_count += 1
-                    self.ql.os.stop()
+                    self.ql.stop()
                     self.last_bp = address
                     ql.log.info("gdb> Breakpoint found, stop at address: 0x%x" % address)
 
@@ -79,7 +79,7 @@ def dbg_hook(self, ql, address, size):
 
         except KeyboardInterrupt as ex:
             ql.log.info("gdb> Paused at 0x%x, instruction size = %u" % (address, size))
-            self.ql.os.stop()
+            self.ql.stop()
         except:
             raise    
 

qiling/os/linux/function_hook.py

@@ -814,7 +814,9 @@ def _parse(self):
 
             elif d.d_tag == DT_PLTREL:
                 if d.d_un != self.plt_rel_type:
-                    raise
+                    # FIXME: I don't why it is a error
+                    # but it is triggered in riscv32
+                    pass
             elif d.d_tag == DT_PLTRELSZ:
                 self.plt_rel_size = d.d_un
             elif d.d_tag == DT_JMPREL:

qiling/os/linux/map_syscall.py

@@ -2134,7 +2134,7 @@ def map_syscall(ql, syscall_num):
 	219: "keyctl",
 	220: "clone",
 	221: "execve",
-	222: "mmap",
+	222: "mmap2",
 	223: "fadvise64_64",
 	224: "swapon",
 	225: "swapoff",

qiling/os/posix/const.py

@@ -559,7 +559,7 @@
 
 FD_CLOEXEC = 1
 
-AT_FDCWD = 0xffffff9c # -100
+AT_FDCWD = -100
 
 # error code
 EPERM           = 1

qiling/os/posix/syscall/fcntl.py

@@ -98,12 +98,15 @@ def ql_syscall_openat(ql: Qiling, fd: int, path: int, flags: int, mode: int):
                 mode = 0
 
             flags = ql_open_flag_mapping(ql, flags)
-            try:
+            fd = ql.unpacks(ql.pack(fd))
+
+            if 0 <= fd < NR_OPEN:
                 dir_fd = ql.os.fd[fd].fileno()
-            except:
+            else:
                 dir_fd = None
 
             ql.os.fd[idx] = ql.os.fs_mapper.open_ql_file(file_path, flags, mode, dir_fd)
+
             regreturn = idx
         except QlSyscallError as e:
             regreturn = -e.errno

qiling/os/posix/syscall/mman.py

@@ -82,11 +82,7 @@ def syscall_mmap_impl(ql: Qiling, addr: int, mlen: int, prot: int, flags: int, f
 
     mmap_base = addr
     need_mmap = True
-    eff_mmap_size = ((mlen + 0x1000 - 1) // 0x1000) * 0x1000
-    
-    # align eff_mmap_size to page boundary
-    aligned_address = (addr >> 12) << 12
-    eff_mmap_size -= mmap_base - aligned_address
+    eff_mmap_size = mlen
 
     # initial ql.loader.mmap_address
     if addr != 0 and ql.mem.is_mapped(addr, mlen):
@@ -98,21 +94,24 @@ def syscall_mmap_impl(ql: Qiling, addr: int, mlen: int, prot: int, flags: int, f
                 ql.log.debug(e)
                 raise QlMemoryMappedError("Error: change protection at: 0x%x - 0x%x" % (addr, addr + mlen - 1))
             need_mmap = False
+        else:
+            addr = 0
 
     # initialized mapping
     if need_mmap:
-        if (flags & MAP_FIXED) > 0:
-            mmap_base = addr
-        else:
+        eff_mmap_size = ((mlen + 0x1000 - 1) // 0x1000) * 0x1000
+        if addr == 0:
             mmap_base = ql.loader.mmap_address
-        ql.loader.mmap_address = mmap_base + eff_mmap_size
-        ql.log.debug("%s - mapping needed for 0x%x" % (api_name, addr))
+            ql.loader.mmap_address = mmap_base + eff_mmap_size
+        # align eff_mmap_size to page boundary
+        aligned_address = (mmap_base >> 12) << 12
+        eff_mmap_size -= mmap_base - aligned_address
+        ql.log.debug("%s - mapping needed for 0x%x" % (api_name, mmap_base))
         try:
             ql.mem.map(mmap_base, eff_mmap_size, info=("[syscall_%s]" % api_name))
         except Exception as e:
             raise QlMemoryMappedError("Error: mapping needed but failed")
-
-    ql.log.debug("%s - addr range  0x%x - 0x%x: " % (api_name, mmap_base, mmap_base + eff_mmap_size - 1))
+        ql.log.debug("%s - addr range  0x%x - 0x%x: " % (api_name, mmap_base, mmap_base + eff_mmap_size - 1))
 
     # FIXME: MIPS32 Big Endian
     try:
@@ -192,4 +191,4 @@ def ql_syscall_shmat(ql: Qiling, shmid: int, shmaddr: int, shmflg: int):
     else:
         addr = ql.mem.map(shmaddr, size, info="[shm]")
 
-    return addr
+    return addr

qiling/os/posix/syscall/stat.py

@@ -5,6 +5,7 @@
 
 import os
 import ctypes
+import struct
 from typing import Callable
 
 from qiling import Qiling
@@ -1044,15 +1045,17 @@ def transform_path(ql: Qiling, dirfd: int, path: int):
         then the target file is the one referred to by the file descriptor dirfd.
     """
 
+    dirfd = ql.unpacks(ql.pack(dirfd))
     path = ql.os.utils.read_cstring(path)
-    
+
     if path.startswith('/'):
-        return None, ql.os.path.transform_to_relative_path(path)
+        return None, os.path.join(ql.rootfs, path)
 
     if dirfd == AT_FDCWD:
-        return -100, ql.os.path.transform_to_relative_path(os.path.join(ql.os.path.cwd, path))
+        return None, ql.os.path.transform_to_real_path(path)
 
-    return dirfd, path
+    if 0 < dirfd < NR_OPEN:
+        return ql.os.fd[dirfd].fileno(), path
 
 
 def ql_syscall_chmod(ql: Qiling, filename: int, mode: int):
@@ -1143,10 +1146,145 @@ def ql_syscall_stat(ql: Qiling, path: int, buf_ptr: int):
 def ql_syscall_stat64(ql: Qiling, path: int, buf_ptr: int):
     return statFamily(ql, path, buf_ptr, "stat64", Stat, pack_stat64_struct)
 
+class StatxTimestamp32(ctypes.Structure):
+    _fields_ = [
+        ('tv_sec', ctypes.c_int32),
+        ('tv_nsec', ctypes.c_uint32),
+        ('__statx_timestamp_pad1', ctypes.c_int32)
+    ]
+
+class Statx32(ctypes.Structure):
+    """ 
+        Reference:
+         - https://man7.org/linux/man-pages/man2/statx.2.html
+         - https://code.woboq.org/userspace/glibc/sysdeps/unix/sysv/linux/statx.c.html
+
+    """
+    _fields_ = [
+        ('stx_mask', ctypes.c_uint32),
+        ('stx_blksize', ctypes.c_uint32),
+        ('stx_attributes', ctypes.c_uint32),
+        ('stx_nlink', ctypes.c_uint32),
+        ('stx_uid', ctypes.c_uint32),
+        ('stx_gid', ctypes.c_uint32),
+        ('stx_mode', ctypes.c_uint16),
+        ('__statx_pad1', ctypes.c_uint16),
+        ('stx_ino', ctypes.c_uint32),
+        ('stx_size', ctypes.c_uint32),
+        ('stx_blocks', ctypes.c_uint32),
+        ('stx_attributes_mask', ctypes.c_uint32),
+        ('stx_atime', StatxTimestamp32),
+        ('stx_btime', StatxTimestamp32),
+        ('stx_ctime', StatxTimestamp32),
+        ('stx_mtime', StatxTimestamp32),
+        ('stx_rdev_major', ctypes.c_uint32),
+        ('stx_rdev_minor', ctypes.c_uint32),
+        ('stx_dev_major', ctypes.c_uint32),
+        ('stx_dev_minor', ctypes.c_uint32),
+        ('__statx_pad2', ctypes.c_uint32 * 14),
+    ]
+
+    _pack_ = 8
+
+class StatxTimestamp64(ctypes.Structure):
+    _fields_ = [
+        ('tv_sec', ctypes.c_int64),
+        ('tv_nsec', ctypes.c_uint32),
+        ('__statx_timestamp_pad1', ctypes.c_int32)
+    ]
+
+class Statx64(ctypes.Structure):
+    """ 
+        Reference:
+         - https://man7.org/linux/man-pages/man2/statx.2.html
+         - https://code.woboq.org/userspace/glibc/sysdeps/unix/sysv/linux/statx.c.html
+
+    """
+    _fields_ = [
+        ('stx_mask', ctypes.c_uint32),
+        ('stx_blksize', ctypes.c_uint32),
+        ('stx_attributes', ctypes.c_uint64),
+        ('stx_nlink', ctypes.c_uint32),
+        ('stx_uid', ctypes.c_uint32),
+        ('stx_gid', ctypes.c_uint32),
+        ('stx_mode', ctypes.c_uint16),
+        ('__statx_pad1', ctypes.c_uint16),
+        ('stx_ino', ctypes.c_uint64),
+        ('stx_size', ctypes.c_uint64),
+        ('stx_blocks', ctypes.c_uint64),
+        ('stx_attributes_mask', ctypes.c_uint64),
+        ('stx_atime', StatxTimestamp64),
+        ('stx_btime', StatxTimestamp64),
+        ('stx_ctime', StatxTimestamp64),
+        ('stx_mtime', StatxTimestamp64),
+        ('stx_rdev_major', ctypes.c_uint32),
+        ('stx_rdev_minor', ctypes.c_uint32),
+        ('stx_dev_major', ctypes.c_uint32),
+        ('stx_dev_minor', ctypes.c_uint32),
+        ('__statx_pad2', ctypes.c_uint64 * 14),
+    ]
+
+    _pack_ = 4
+
 # int statx(int dirfd, const char *restrict pathname, int flags,
 #                  unsigned int mask, struct statx *restrict statxbuf);
-def ql_syscall_statx(ql: Qiling, dirfd: int, path: int, flags: int, mask: int, statxbuf: int):
-    return 0
+def ql_syscall_statx(ql: Qiling, dirfd: int, path: int, flags: int, mask: int, buf_ptr: int):
+    def statx_convert_timestamp(tv_sec, tv_nsec):
+        tv_sec  = struct.unpack('i', struct.pack('f', tv_sec))[0]
+        tv_nsec = struct.unpack('i', struct.pack('f', tv_nsec))[0]
+
+        if ql.archbit == 32:
+            return StatxTimestamp32(tv_sec=tv_sec, tv_nsec=tv_nsec)
+        else:
+            return StatxTimestamp64(tv_sec=tv_sec, tv_nsec=tv_nsec)
+
+
+    def major(dev):
+        return ((dev >> 8) & 0xfff) | ((dev >> 32) & ~0xfff)
+
+    def minor(dev):
+        return (dev & 0xff) | ((dev >> 12) & ~0xff)
+
+    fd, real_path = transform_path(ql, dirfd, path)
+    
+    try:
+        if len(real_path) == 0:
+            st = ql.os.fd[dirfd].fstat()
+        else:
+            st = Stat(real_path, fd)
+        
+        if ql.archbit == 32:
+            Statx = Statx32
+        else:
+            Statx = Statx64
+
+        stx = Statx(
+            stx_mask = 0x07ff, # STATX_BASIC_STATS
+            stx_blksize = st.st_blksize,
+            stx_nlink = st.st_nlink,
+            stx_uid = st.st_uid,
+            stx_gid = st.st_gid,
+            stx_mode = st.st_mode,
+            stx_ino = st.st_ino,
+            stx_size = st.st_size,
+            stx_blocks = st.st_blocks,
+            stx_atime = statx_convert_timestamp(st.st_atime, st.st_atime_ns),
+            stx_ctime = statx_convert_timestamp(st.st_ctime, st.st_ctime_ns),
+            stx_mtime = statx_convert_timestamp(st.st_mtime, st.st_mtime_ns),
+            stx_rdev_major = major(st.st_rdev),
+            stx_rdev_minor = minor(st.st_rdev),
+            stx_dev_major = major(st.st_dev),
+            stx_dev_minor = minor(st.st_dev),
+        )
+
+        ql.mem.write(buf_ptr, bytes(stx))
+
+        regreturn = 0
+    
+    except Exception as e:
+        regreturn = -1
+
+    return regreturn
 
 def ql_syscall_lstat(ql: Qiling, path: int, buf_ptr: int):
     return statFamily(ql, path, buf_ptr, "lstat", Lstat, pack_stat64_struct)

tests/test_riscv.py

@@ -47,5 +47,15 @@ def test_riscv64_hello_dyn_linux(self):
 
         del ql
 
+    def test_riscv32_hello_dyn_linux(self):
+        stdout = SimpleOutStream(1)
+        ql = Qiling(['../examples/rootfs/riscv32_linux/bin/hello-linux'], '../examples/rootfs/riscv32_linux/', 
+                    verbose=QL_VERBOSE.DEFAULT, stdout=stdout)
+
+        ql.run()
+        self.assertTrue(stdout.read() == b'Hello, World!\n')
+
+        del ql
+
 if __name__ == "__main__":
     unittest.main()