Skip to content

Commit 8441714

Browse files
authored
Merge pull request #95 from sysprog21/style
Style tweaks
2 parents c69663d + fc2a9b0 commit 8441714

162 files changed

Lines changed: 6254 additions & 6073 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

src/core/bootstrap.c

Lines changed: 24 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -57,7 +57,9 @@ static bool append_boot_region(mem_region_t *regions,
5757
}
5858

5959
/* Emit one mem_region_t per PT_LOAD segment of an ELF image, offset by the
60-
* caller-supplied load base. Returns false if the boot region array fills up.
60+
* caller-supplied load base.
61+
*
62+
* Returns false if the boot region array fills up.
6163
*/
6264
static bool append_elf_segment_regions(mem_region_t *regions,
6365
int *nregions,
@@ -77,8 +79,8 @@ static bool append_elf_segment_regions(mem_region_t *regions,
7779

7880
/* Register one semantic guest_region_t per PT_LOAD segment of an ELF image.
7981
* va_load_base controls the guest-visible range, gpa_load_base controls the
80-
* backing GPA recorded in region metadata, and path is used for
81-
* /proc/self/maps reporting.
82+
* backing GPA recorded in region metadata, and path is used for /proc/self/maps
83+
* reporting.
8284
*/
8385
static void register_elf_segment_regions(guest_t *g,
8486
const elf_info_t *info,
@@ -519,10 +521,10 @@ int guest_bootstrap_prepare(guest_t *g,
519521

520522
t0 = startup_trace_now_ns();
521523
if (want_rosetta) {
522-
/* /proc/self/maps for a rosetta guest reports the rosetta translator
523-
* as a single anonymous region covering [VA, VA+size). The original
524-
* x86_64 binary is not loaded into guest memory; rosetta exposes it
525-
* via fd 3 once rosetta_finalize pre-opens it.
524+
/* /proc/self/maps for a rosetta guest reports the rosetta translator as
525+
* a single anonymous region covering [VA, VA+size). The original x86_64
526+
* binary is not loaded into guest memory; rosetta exposes it via fd 3
527+
* once rosetta_finalize pre-opens it.
526528
*/
527529
register_elf_segment_regions(g, &rr.rosetta_info, 0,
528530
g->rosetta_guest_base - g->rosetta_va_base,
@@ -612,10 +614,10 @@ int guest_bootstrap_prepare(guest_t *g,
612614
return -1;
613615
}
614616
startup_trace_step("build_linux_stack", t0);
615-
/* rosetta_argv was copied into the guest stack; the host allocation is
616-
* no longer needed. The strings themselves are constants (ROSETTA_PATH)
617-
* or owned by the caller (binary_path, guest_argv entries) so freeing
618-
* just the array is safe.
617+
/* rosetta_argv was copied into the guest stack; the host allocation is no
618+
* longer needed. The strings themselves are constants (ROSETTA_PATH) or
619+
* owned by the caller (binary_path, guest_argv entries) so freeing just the
620+
* array is safe.
619621
*/
620622
free(rosetta_argv);
621623

@@ -650,8 +652,8 @@ int guest_bootstrap_create_vcpu(guest_t *g,
650652
uint64_t t0;
651653
/* Rosetta needs TTBR1 walks enabled and TBI1=1 so the kbuf window at
652654
* KBUF_VA_BASE (bits-63-set) resolves and TaggedPointer extraction keeps
653-
* working. Aarch64 guests stay on the EPD1=1 variant which keeps the
654-
* upper VA range fault-clean.
655+
* working. Aarch64 guests stay on the EPD1=1 variant which keeps the upper
656+
* VA range fault-clean.
655657
*/
656658
uint64_t tcr_value = g->is_rosetta ? TCR_EL1_VALUE_KBUF : TCR_EL1_VALUE;
657659
uint64_t ttbr1_value = g->is_rosetta ? g->ttbr1 : 0;
@@ -684,10 +686,10 @@ int guest_bootstrap_create_vcpu(guest_t *g,
684686
HV_CHECK(hv_vcpu_set_sys_reg(vcpu, HV_SYS_REG_SP_EL0, sp_ipa));
685687
HV_CHECK(hv_vcpu_set_sys_reg(vcpu, HV_SYS_REG_SP_EL1, el1_sp));
686688

687-
/* Round-trip a sentinel through TPIDR_EL1 before installing the real
688-
* value. Validates only the hv_vcpu_{set,get}_sys_reg pre-run round
689-
* trip, not preservation across hv_vcpu_run -- the test-shim-identity
690-
* microbench is the end-to-end check for that.
689+
/* Round-trip a sentinel through TPIDR_EL1 before installing the real value.
690+
* Validates only the hv_vcpu_{set,get}_sys_reg pre-run round trip, not
691+
* preservation across hv_vcpu_run -- the test-shim-identity microbench is
692+
* the end-to-end check for that.
691693
*/
692694
if (shim_globals_self_test(vcpu) < 0)
693695
return -1;
@@ -790,11 +792,11 @@ int guest_bootstrap_rosetta_post_reset(guest_t *g,
790792
!out_stack_pointer || !out_ttbr0)
791793
return -1;
792794

793-
/* Re-anchor brk/stack to the Rosetta defaults. guest_reset already
794-
* restored mmap_next/mmap_end/mmap_rx_* to their initial values, but
795-
* brk/stack were tuned for the previous image, so reset them here.
796-
* The x86_64 target binary lives behind fd 3, not in guest memory,
797-
* so brk_base does not move with the target's load_max.
795+
/* Re-anchor brk/stack to the Rosetta defaults. guest_reset already restored
796+
* mmap_next/mmap_end/mmap_rx_* to their initial values, but brk/stack were
797+
* tuned for the previous image, so reset them here. The x86_64 target
798+
* binary lives behind fd 3, not in guest memory, so brk_base does not move
799+
* with the target's load_max.
798800
*/
799801
g->elf_load_min = ELF_DEFAULT_BASE;
800802
g->brk_base = BRK_BASE_DEFAULT;

src/core/bootstrap.h

Lines changed: 16 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -60,23 +60,24 @@ int guest_bootstrap_create_vcpu(guest_t *g,
6060
* proc_set_rosetta_active(true) so rosetta_prepare and rosettad gates
6161
* see the right runtime state
6262
*
63-
* elf_host_path is the macOS filesystem path used by rosetta_prepare to
64-
* open the binary (after sysroot/FUSE resolution). elf_guest_path is the
65-
* unresolved guest-visible path published through proc_set_elf_path and
66-
* rosetta_finalize's /proc/self/cmdline rewrite.
63+
* elf_host_path is the macOS filesystem path used by rosetta_prepare to open
64+
* the binary (after sysroot/FUSE resolution). elf_guest_path is the unresolved
65+
* guest-visible path published through proc_set_elf_path and rosetta_finalize's
66+
* /proc/self/cmdline rewrite.
6767
*
68-
* The helper runs rosetta_prepare, appends every region the page-table
69-
* builder needs, rebuilds page tables, registers guest_region_t entries
70-
* for /proc/self/maps, runs rosetta_finalize (pre-opens fd 3, installs the
71-
* kbuf user alias, publishes the binfmt-misc argv via proc_set_cmdline),
72-
* and builds the initial Linux stack using the rosetta image as the
73-
* AT_PHDR/AT_BASE ELF metadata. It does NOT touch the vCPU sysregs --
74-
* the caller writes TCR_EL1, TTBR0_EL1, TTBR1_EL1, ELR_EL1, SP_EL0, and
75-
* PC itself once the out_* fields are returned.
68+
* The helper runs rosetta_prepare, appends every region the page-table builder
69+
* needs, rebuilds page tables, registers guest_region_t entries for
70+
* /proc/self/maps, runs rosetta_finalize (pre-opens fd 3, installs the kbuf
71+
* user alias, publishes the binfmt-misc argv via proc_set_cmdline), and builds
72+
* the initial Linux stack using the rosetta image as the AT_PHDR/AT_BASE ELF
73+
* metadata. It does NOT touch the vCPU sysregs -- the caller writes TCR_EL1,
74+
* TTBR0_EL1, TTBR1_EL1, ELR_EL1, SP_EL0, and PC itself once the out_* fields
75+
* are returned.
7676
*
77-
* Returns 0 on success with out_entry_point, out_stack_pointer, out_ttbr0
78-
* set. Returns -1 on any internal failure; the caller is past the point of
79-
* no return and treats that as fatal.
77+
* Returns 0 on success with out_entry_point, out_stack_pointer, out_ttbr0 set.
78+
*
79+
* Returns -1 on any internal failure; the caller is past the point of no return
80+
* and treats that as fatal.
8081
*/
8182
int guest_bootstrap_rosetta_post_reset(guest_t *g,
8283
const char *elf_host_path,

src/core/elf.c

Lines changed: 29 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -145,8 +145,8 @@ int elf_load(const char *path, elf_info_t *info)
145145
long saved_pos = ftell(f);
146146
if (fseek(f, (long) ph->p_offset, SEEK_SET) == 0) {
147147
size_t n = fread(info->interp_path, 1, interp_len, f);
148-
/* interp_len includes the NUL from the ELF file.
149-
* On short read, clear the path (unusable). On full read,
148+
/* interp_len includes the NUL from the ELF file. On short
149+
* read, clear the path (unusable). On full read,
150150
* force-terminate as insurance.
151151
*/
152152
if (n < interp_len)
@@ -193,9 +193,9 @@ int elf_load(const char *path, elf_info_t *info)
193193
return -1;
194194
}
195195

196-
/* Store program header file offset for later phdr_gpa calculation.
197-
* The loader places program headers at the same GPA as they would be in
198-
* the first PT_LOAD segment (they are typically within it).
196+
/* Store program header file offset for later phdr_gpa calculation. The
197+
* loader places program headers at the same GPA as they would be in the
198+
* first PT_LOAD segment (they are typically within it).
199199
*/
200200
info->phdr_gpa = info->load_min + ehdr.e_phoff;
201201

@@ -213,9 +213,9 @@ int elf_map_segments(const elf_info_t *info,
213213
uint64_t infra_hi)
214214
{
215215
/* Half-open intersection test for [a, a+alen) and [b, b+blen). When
216-
* infra_lo == infra_hi the caller opted out (early bring-up before
217-
* guest_t is wired up); the host-side writes that follow still get
218-
* the existing guest_size bound check.
216+
* infra_lo == infra_hi the caller opted out (early bring-up before guest_t
217+
* is wired up); the host-side writes that follow still get the existing
218+
* guest_size bound check.
219219
*/
220220
bool infra_active = infra_lo < infra_hi;
221221
FILE *f = fopen(path, "rb");
@@ -231,9 +231,9 @@ int elf_map_segments(const elf_info_t *info,
231231
return -1;
232232
}
233233

234-
/* Read and parse program headers again to get file offsets. The size
235-
* was already bound-checked during elf_load(); recheck defensively in
236-
* case the header sizes changed since (e.g. corrupt file races).
234+
/* Read and parse program headers again to get file offsets. The size was
235+
* already bound-checked during elf_load(); recheck defensively in case the
236+
* header sizes changed since (e.g. corrupt file races).
237237
*/
238238
size_t ph_total = (size_t) ehdr.e_phnum * ehdr.e_phentsize;
239239
if (ph_total == 0 || ph_total > 65536) {
@@ -327,28 +327,28 @@ int elf_map_segments(const elf_info_t *info,
327327
return -1;
328328
}
329329

330-
/* PT_LOAD with memsz == 0 maps no bytes, but the page-tail zero
331-
* extent below still rounds up to the next page boundary. For an
332-
* unaligned gpa that means a crafted ELF could splat zeros across
333-
* the tail of a previously loaded segment in the same page, or
334-
* trip the infra-overlap check with no live mapping behind it.
335-
* Linux ignores zero-memsz PT_LOADs; mirror that here.
330+
/* PT_LOAD with memsz == 0 maps no bytes, but the page-tail zero extent
331+
* below still rounds up to the next page boundary. For an unaligned gpa
332+
* that means a crafted ELF could splat zeros across the tail of a
333+
* previously loaded segment in the same page, or trip the infra-overlap
334+
* check with no live mapping behind it. Linux ignores zero-memsz
335+
* PT_LOADs; mirror that here.
336336
*/
337337
if (memsz == 0) {
338338
seg_idx++;
339339
continue;
340340
}
341341

342-
/* The host memset zeros up to the next page boundary AFTER the
343-
* segment ends, so the infra-overlap check has to use the same
344-
* rounded extent. The end is PAGE_ALIGN_UP(gpa + memsz) rather
345-
* than gpa + PAGE_ALIGN_UP(memsz) because gpa is not always
346-
* page-aligned (e.g. ld.so's RW segment at vaddr 0x2f650): with
347-
* the older bytes-from-gpa formula the page covering the last
348-
* memsz byte kept its mid-page tail untouched, and execve into a
349-
* dynamic-linked target then read stale state from the prior
350-
* incarnation of the same interpreter at offsets ld.so allocates
351-
* from beyond memsz (e.g. the first link_map in _dl_new_object).
342+
/* The host memset zeros up to the next page boundary AFTER the segment
343+
* ends, so the infra-overlap check has to use the same rounded extent.
344+
* The end is PAGE_ALIGN_UP(gpa + memsz) rather than gpa +
345+
* PAGE_ALIGN_UP(memsz) because gpa is not always page-aligned (e.g.
346+
* ld.so's RW segment at vaddr 0x2f650): with the older bytes-from-gpa
347+
* formula the page covering the last memsz byte kept its mid-page tail
348+
* untouched, and execve into a dynamic-linked target then read stale
349+
* state from the prior incarnation of the same interpreter at offsets
350+
* ld.so allocates from beyond memsz (e.g. the first link_map in
351+
* _dl_new_object).
352352
*/
353353
uint64_t zero_len = PAGE_ALIGN_UP(gpa + memsz) - gpa;
354354
if (gpa + zero_len > guest_size)
@@ -415,8 +415,8 @@ void elf_resolve_interp(const char *sysroot,
415415
if (access(out, F_OK) == 0)
416416
return;
417417

418-
/* Strategy 2: sysroot/lib/basename. Handles store-style
419-
* interpreter paths such as /.../lib/ld-musl-aarch64.so.1
418+
/* Strategy 2: sysroot/lib/basename. Handles store-style interpreter
419+
* paths such as /.../lib/ld-musl-aarch64.so.1
420420
*/
421421
const char *base = strrchr(interp_path, '/');
422422
base = base ? base + 1 : interp_path;

src/core/elf.h

Lines changed: 15 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -4,8 +4,8 @@
44
* Copyright 2025 Moritz Angermann, zw3rk pte. ltd.
55
* SPDX-License-Identifier: Apache-2.0
66
*
7-
* Parses aarch64-linux ELF64 executables (static and dynamic), extracts
8-
* PT_LOAD segments, and copies them into guest memory.
7+
* Parses aarch64-linux ELF64 executables (static and dynamic), extracts PT_LOAD
8+
* segments, and copies them into guest memory.
99
*/
1010

1111
#pragma once
@@ -107,14 +107,14 @@ typedef struct {
107107
int elf_load(const char *path, elf_info_t *info);
108108

109109
/* Copy ELF segments into guest memory. Call after elf_load() and guest_init().
110-
* Also copies program headers into guest memory for AT_PHDR.
111-
* load_base is added to all virtual addresses (0 for ET_EXEC at link addr,
112-
* non-zero for ET_DYN loaded at a chosen base).
113-
* infra_lo and infra_hi delimit the runtime infra reserve (page-table pool,
114-
* shim text, shim_data, vDSO). Any PT_LOAD or PT_PHDR copy whose destination
115-
* intersects [infra_lo, infra_hi) is rejected: those writes go through
116-
* host_base directly and would otherwise bypass the EL1-only page-table
117-
* protection on shim_data. Pass 0,0 only when the guest_t is not yet built.
110+
* Also copies program headers into guest memory for AT_PHDR. load_base is added
111+
* to all virtual addresses (0 for ET_EXEC at link addr, non-zero for ET_DYN
112+
* loaded at a chosen base). infra_lo and infra_hi delimit the runtime infra
113+
* reserve (page-table pool, shim text, shim_data, vDSO). Any PT_LOAD or PT_PHDR
114+
* copy whose destination intersects [infra_lo, infra_hi) is rejected: those
115+
* writes go through host_base directly and would otherwise bypass the EL1-only
116+
* page-table protection on shim_data. Pass 0,0 only when the guest_t is not yet
117+
* built.
118118
* Returns 0 on success, -1 on failure.
119119
*/
120120
int elf_map_segments(const elf_info_t *info,
@@ -125,8 +125,7 @@ int elf_map_segments(const elf_info_t *info,
125125
uint64_t infra_lo,
126126
uint64_t infra_hi);
127127

128-
/* Resolve a PT_INTERP path against a sysroot directory.
129-
* Tries three strategies:
128+
/* Resolve a PT_INTERP path against a sysroot directory. Tries three strategies:
130129
* 1. sysroot + interp_path (standard /lib/ld-musl-*.so.1)
131130
* 2. sysroot/lib/basename(interp_path) (store-style paths)
132131
* 3. interp_path as-is (no sysroot or fallback)
@@ -138,11 +137,11 @@ void elf_resolve_interp(const char *sysroot,
138137
size_t out_sz);
139138

140139
/* Translate ELF program-header flags (PF_R=4, PF_W=2, PF_X=1) into the
141-
* R=1/W=2/X=4 bitset shared by both MEM_PERM_R/W/X (page-table permissions)
142-
* and LINUX_PROT_READ/WRITE/EXEC (mmap prot bits).
140+
* R=1/W=2/X=4 bitset shared by both MEM_PERM_R/W/X (page-table permissions) and
141+
* LINUX_PROT_READ/WRITE/EXEC (mmap prot bits).
143142
*
144-
* READ is implicit: every loaded segment gets the R bit even if PF_R is
145-
* absent, mirroring the kernel's behavior for ELF loading.
143+
* READ is implicit: every loaded segment gets the R bit even if PF_R is absent,
144+
* mirroring the kernel's behavior for ELF loading.
146145
*/
147146
static inline int elf_pf_to_prot(int pf)
148147
{

0 commit comments

Comments
 (0)