Replace AT_EXECFN in auxiliary vectors of programs executed on Android

* exec/exec.c (insert_args, exec_0): On non-MIPS systems, copy
NAME and its length to the loader area.  State that MIPS support
is not yet available (though it will be pending the availability
of a functioning emulator).

* exec/loader-aarch64.s (_start):

* exec/loader-armeabi.s (_start):

* exec/loader-x86.s (_start):

* exec/loader-x86_64.s (_start): Displace auxv, environ, and
argv to create sufficient space for the provided file name, and
copy the file name there.  Replace AT_EXECFN to refer to this
space.

Author: Po Lu

exec/exec.c

@@ -831,7 +831,7 @@ insert_args (struct exec_tracee *tracee, USER_REGS_STRUCT *regs,
   assert (new3 == new + effective_size);
 
   /* And that it is properly aligned.  */
-  assert (!(new3 & (sizeof new3 - 2)));
+  assert (!(new3 & (sizeof new3 - 1)));
 
   /* Now modify the system call argument to point to new +
      text_size.  */
@@ -916,6 +916,9 @@ exec_0 (char *name, struct exec_tracee *tracee,
   program_header program;
   USER_WORD entry, program_entry, offset;
   USER_WORD header_offset;
+#ifndef __mips__
+  USER_WORD name_len, aligned_len;
+#endif /* !__mips__ */
   struct exec_jump_command jump;
 #if defined __mips__ && !defined MIPS_NABI
   int fpu_mode;
@@ -1146,6 +1149,26 @@ exec_0 (char *name, struct exec_tracee *tracee,
 	  sizeof jump);
   loader_area_used += sizeof jump;
 
+  /* TODO: MIPS support.  */
+#ifndef __mips__
+  /* Copy the length of NAME and NAME itself to the loader area.  */
+  name_len = strlen (name);
+  aligned_len = ((name_len + 1 + sizeof name_len - 1)
+		 & -sizeof name_len);
+  if (sizeof loader_area - loader_area_used
+      < aligned_len + sizeof name_len)
+    goto fail1;
+  memcpy (loader_area + loader_area_used, &name_len, sizeof name_len);
+  loader_area_used += sizeof name_len;
+  memcpy (loader_area + loader_area_used, name, name_len + 1);
+  loader_area_used += name_len + 1;
+
+  /* Properly align the loader area.  */
+  offset = aligned_len - (name_len + 1);
+  while (offset--)
+    loader_area[loader_area_used++] = '\0';
+#endif /* !__mips__ */
+
   /* Close the file descriptor and return the number of bytes
      used.  */
 

exec/loader-aarch64.s

@@ -22,88 +22,88 @@
 	.section .text
 	.global _start
 _start:
-	//mov	x8, 101			// SYS_nanosleep
-	//adr	x0, timespec		// req
-	//mov	x1, #0			// rem
-	//svc	#0			// syscall
+	// mov	x8, 101			// SYS_nanosleep
+	// adr	x0, timespec		// req
+	// mov	x1, #0			// rem
+	// svc	#0			// syscall
 	mov	x20, sp			// x20 = sp
 	ldr	x10, [x20]		// x10 = original SP
 	add	x20, x20, #16		// x20 = start of load area
 	mov	x28, #-1		// x28 = secondary fd
-.next_action:
+next_action:
 	ldr	x11, [x20]		// action number
 	and	x12, x11, #-17		// actual action number
-	cbz	x12, .open_file		// open file?
+	cbz	x12, open_file		// open file?
 	cmp	x12, #3			// jump?
-	beq	.rest_of_exec
+	beq	rest_of_exec
 	cmp	x12, #4			// anonymous mmap?
-	beq	.do_mmap_anon
-.do_mmap:
+	beq	do_mmap_anon
+do_mmap:
 	ldr	x0, [x20, 8]		// vm_address
 	ldr	x1, [x20, 32]		// length
 	ldr	x2, [x20, 24]		// protection
 	ldr	x3, [x20, 40]		// flags
 	tst	x11, #16		// primary fd?
 	mov	x4, x29			// primary fd
-	beq	.do_mmap_1
+	beq	do_mmap_1
 	mov	x4, x28			// secondary fd
-.do_mmap_1:
+do_mmap_1:
 	mov	x8, #222		// SYS_mmap
 	ldr	x5, [x20, 16]		// file_offset
 	svc	#0			// syscall
 	ldr	x9, [x20, 8]		// length
 	cmp	x0, x9			// mmap result
-	bne	.perror			// print error
+	bne	perror			// print error
 	ldr	x3, [x20, 48]		// clear
 	add	x1, x1, x0		// x1 = vm_address + end
 	sub	x3, x1, x3		// x3 = x1 - clear
 	mov	x0, #0			// x0 = 0
-.fill64:
+fill64:
 	sub	x2, x1, x3		// x2 = x1 - x3
 	cmp	x2, #63			// x2 >= 64?
-	ble	.fillb			// start filling bytes
+	ble	fillb			// start filling bytes
 	stp	x0, x0, [x3]		// x3[0] = 0, x3[1] = 0
 	stp	x0, x0, [x3, 16]	// x3[2] = 0, x3[3] = 0
 	stp	x0, x0, [x3, 32]	// x3[4] = 0, x3[5] = 0
 	stp	x0, x0, [x3, 48]	// x3[6] = 0, x3[7] = 0
 	add	x3, x3, #64		// x3 += 8
-	b	.fill64
-.fillb:
+	b	fill64
+fillb:
 	cmp	x1, x3			// x1 == x3?
-	beq	.continue		// done
+	beq	continue		// done
 	strb	w0, [x3], #1		// ((char *) x3)++ = 0
-	b	.fillb
-.continue:
+	b	fillb
+continue:
 	add	x20, x20, #56		// next action
-	b	.next_action
-.do_mmap_anon:
+	b	next_action
+do_mmap_anon:
 	ldr	x0, [x20, 8]		// vm_address
 	ldr	x1, [x20, 32]		// length
 	ldr	x2, [x20, 24]		// protection
 	ldr	x3, [x20, 40]		// flags
 	mov	x4, #-1			// fd
-	b	.do_mmap_1
-.open_file:
+	b	do_mmap_1
+open_file:
 	mov	x8, #56			// SYS_openat
 	mov	x0, #-100		// AT_FDCWD
 	add	x1, x20, #8		// file name
 	mov	x2, #0			// O_RDONLY
 	mov	x3, #0			// mode
 	svc	#0			// syscall
 	cmp	x0, #-1			// rc < 0?
-	ble	.perror
+	ble	perror
 	mov	x19, x1			// x19 == x1
-.nextc:
+nextc:
 	ldrb	w2, [x1], #1		// b = *x1++
 	cmp	w2, #47			// dir separator?
-	bne	.nextc1			// not dir separator
+	bne	nextc1			// not dir separator
 	mov	x19, x1			// x19 = char past separator
-.nextc1:
-	cbnz	w2, .nextc		// b?
+nextc1:
+	cbnz	w2, nextc		// b?
 	add	x1, x1, #7		// round up x1
 	and	x20, x1, #-8		// mask for round, set x20
 	tst	x11, #16		// primary fd?
-	bne	.secondary		// secondary fd
+	bne	secondary		// secondary fd
 	mov	x29, x0			// primary fd
 	mov	x8, #167		// SYS_prctl
 	mov	x0, #15			// PR_SET_NAME
@@ -113,75 +113,117 @@ _start:
 	mov	x4, #0			// arg4
 	mov	x5, #0			// arg5
 	svc	#0			// syscall
-	b	.next_action		// next action
-.secondary:
+	b	next_action		// next action
+secondary:
 	mov	x28, x0			// secondary fd
-	b	.next_action		// next action.
-.perror:
+	b	next_action		// next action.
+perror:
 	mov	x8, #93			// SYS_exit
 	mvn	x0, x0			// x1 = ~x0
 	add	x0, x0, 1		// x1 += 1
 	svc	#0			// exit
-.rest_of_exec:
+rest_of_exec:
 	mov	x7, x20			// x7 = x20
-	mov	x20, x10		// x20 = x10
-	ldr	x9, [x20]		// argc
-	add	x9, x9, #2		// x9 += 2
+	mov	x8, x10			// x8 = x10
+	ldr	x9, [x8], #16		// (void *) x8 += 2
 	lsl	x9, x9, #3		// argc * 8
-	add	x20, x20, x9		// now past argv
-.skipenv:
-	ldr	x9, [x20], #8		// x9 = *envp++
-	cbnz	x9, .skipenv		// x9?
-.one_auxv:
-	ldr	x9, [x20], #16		// x9 = *sp, sp += 2
-	cbz	x9, .cleanup		// !x9?
-	cmp	x9, #3			// is AT_PHDR?
-	beq	.replace_phdr		// replace
-	cmp	x9, #4			// is AT_PHENT?
-	beq	.replace_phent		// replace
-	cmp	x9, #5			// is AT_PHNUM?
-	beq	.replace_phnum		// replace
-	cmp	x9, #9			// is AT_ENTRY?
-	beq	.replace_entry		// replace
-	cmp	x9, #7			// is AT_BASE?
-	beq	.replace_base		// replace
-	b	.one_auxv		// next auxv
-.replace_phdr:
-	ldr	x9, [x7, 40]		// at_phdr
-	str	x9, [x20, -8]		// store value
-	b	.one_auxv
-.replace_phent:
-	ldr	x9, [x7, 24]		// at_phent
-	str	x9, [x20, -8]		// store value
-	b	.one_auxv
-.replace_phnum:
-	ldr	x9, [x7, 32]		// at_phnum
-	str	x9, [x20, -8]		// store value
-	b	.one_auxv
-.replace_entry:
-	ldr	x9, [x7, 16]		// at_entry
-	str	x9, [x20, -8]		// store value
-	b	.one_auxv
-.replace_base:
-	ldr	x9, [x7, 48]		// at_base
-	str	x9, [x20, -8]		// store value
-	b	.one_auxv
-.cleanup:
-	cmp	x28, #-1		// is secondary fd set?
-	bne	.cleanup1		// not set
+	add	x8, x8, x9		// now past argv
+skip_environ:
+	ldr	x9, [x8], #8		// x9 = *envp++
+	cbnz	x9, skip_environ	// x9?
+	// Skip the auxiliary vector.
+1:	ldp	x11, x12, [x8], #16	// a_type, a_un.a_val
+	cbnz	x11, 1b			// a_type != NULL
+	// Prepare sufficient space at x20 for the file name string.
+	// Load the aforesaid string, and its length.
+	ldr	x6, [x7, 56]		// string length
+	add	x6, x6, 1
+	add	x5, x7, 64		// string pointer
+	sub	x4, x10, x8		// number of elements to copy
+	sub	x7, x8, x6		// AT_EXECFN location
+	and	x7, x7, -8		// align value
+	add	x4, x7, x4		// destination argc
+	and	x4, x4, -16		// align destination argc
+	// Load values that must be into registers x14-x19.
+	// x14 = cmd->entry
+	// x15 = cmd->at_entry
+	// x16 = cmd->at_phent
+	// x17 = cmd->at_phnum
+	// x18 = cmd->at_phdr
+	// x19 = cmd->at_base
+	ldp	x14, x15, [x20, 8]
+	ldp	x16, x17, [x20, 24]
+	ldp	x18, x19, [x20, 40]
+	// Move the string to a safe location, if necessary.
+	sub	x3, x4, x5		// distance from dest to string
+	cmp	x3, x6			// distance > length
+	bge	copy_env_and_args 	// not necessary
+	mov	x2, x5			// src
+	sub	x5, x4, x6		// backup string
+	mov	x1, x5			// dst
+	add	x9, x2, x6		// src end
+	cmp	x2, x9
+	bcs	copy_env_and_args
+1:	ldrb	w3, [x2], #1
+	strb	w3, [x1], #1
+	cmp	x2, x9
+	bls	1b
+copy_env_and_args:
+	// Copy argc and the environment array.
+	mov	x8, x10
+	mov	x10, x4
+1:	ldr	x9, [x8], #8		//  envp
+	str	x9, [x4], #8
+	cbnz	x9, 1b
+1:	ldr	x9, [x8], #8		// environ
+	str	x9, [x4], #8
+	cbnz	x9, 1b
+copy_auxv:
+	ldp	x11, x12, [x8], #16	// a_type, a_un.a_val
+	stp	x11, x12, [x4], #16	// write value
+	cbz	x11, cleanup		// AT_NULL
+	cmp	x11, #3			// AT_PHDR
+	csel	x12, x18, x12, eq
+	cmp	x11, #4			// AT_PHENT
+	csel	x12, x16, x12, eq
+	cmp	x11, #5			// AT_PHNUM
+	csel	x12, x17, x12, eq
+	cmp	x11, #9			// AT_ENTRY
+	csel	x12, x15, x12, eq
+	cmp	x11, #7			// AT_BASE
+	csel	x12, x19, x12, eq
+	cmp	x11, #31		// AT_EXECFN
+	csel	x12, x7, x12, eq
+	str	x12, [x4, -8]		// replace value
+	b	copy_auxv
+cleanup:
+	// Copy the filename.
+	add	x9, x5, x6		// end
+	cmp	x5, x9
+	bcs	2f
+1:	ldrb	w3, [x5], #1
+	strb	w3, [x7], #1
+	cmp	x5, x9
+	bls	1b
+	// Close file descriptors.
+2:	cmp	x28, #-1		// is secondary fd set?
+	beq	cleanup1		// not set
 	mov	x8, #57			// SYS_close
 	mov	x0, x28			// secondary fd
 	svc	#0			// syscall
-.cleanup1:
+cleanup1:
 	mov	x8, #57			// SYS_close
 	mov	x0, x29			// primary fd
 	svc	#0			// syscall
-.enter:
+enter:
 	mov	sp, x10			// restore original SP
 	mov	x0, #0			// clear rtld_fini
-	ldr	x1, [x7, 8]		// branch to code
-	br	x1
+	br	x14
 
-timespec:
-	.quad 10
-	.quad 10
+// timespec:
+// 	.quad 10
+// 	.quad 10
+
+// Local Variables:
+// asm-comment-char: ?/
+// End: