boot2

elf-pvh-note.c (3615B)

---

 /* elf-pvh-note — append a PT_NOTE program header pointing at the
  * existing `.note.Xen` section, and retype that section as SHT_NOTE.
  *
  * Why: tcc 0.9.26's linker emits only PT_LOAD program headers and
  * marks every assembler-created section as SHT_PROGBITS, so QEMU's
  * PVH `-kernel` path (which scans PT_NOTE phdrs for the Xen 18 note
  * to find the 32-bit entry) refuses the kernel with "Error loading
  * uncompressed kernel without PVH ELF Note".  Patching the linker is
  * a much bigger change than rewriting six fields after the fact;
  * tcc reserves the post-Ehdr program-header area only large enough
  * for its declared phnum, but the next section content lives at
  * 0x200000 (s_align), so writing one extra Phdr at phoff+phnum*phentsize
  * fits in the gap.
  *
  * Usage: elf-pvh-note <elf-path>
  */
 
 extern int   open(const char *, int, ...);
 extern long  lseek(int, long, int);
 extern long  read(int, void *, unsigned long);
 extern long  write(int, const void *, unsigned long);
 extern int   close(int);
 extern void *malloc(unsigned long);
 extern int   strcmp(const char *, const char *);
 extern int   printf(const char *, ...);
 
 #define O_RDWR     2
 #define SEEK_SET   0
 #define SEEK_END   2
 
 #define PT_NOTE    4
 #define PF_R       4
 #define SHT_NOTE   7
 
 typedef unsigned long  u64;
 typedef unsigned int   u32;
 typedef unsigned short u16;
 typedef unsigned char  u8;
 
 static u16 r16(u8 *p) { return (u16)p[0] | ((u16)p[1] << 8); }
 static u32 r32(u8 *p) {
     return (u32)p[0] | ((u32)p[1] << 8) | ((u32)p[2] << 16) | ((u32)p[3] << 24);
 }
 static u64 r64(u8 *p) {
     return (u64)r32(p) | ((u64)r32(p + 4) << 32);
 }
 static void w16(u8 *p, u16 v) { p[0] = v; p[1] = v >> 8; }
 static void w32(u8 *p, u32 v) {
     p[0] = v; p[1] = v >> 8; p[2] = v >> 16; p[3] = v >> 24;
 }
 static void w64(u8 *p, u64 v) { w32(p, (u32)v); w32(p + 4, (u32)(v >> 32)); }
 
 int main(int argc, char **argv) {
     if (argc != 2) { printf("usage: elf-pvh-note <elf>\n"); return 2; }
     int fd = open(argv[1], O_RDWR);
     if (fd < 0) { printf("elf-pvh-note: open failed\n"); return 1; }
     long size = lseek(fd, 0, SEEK_END);
     lseek(fd, 0, SEEK_SET);
     u8 *buf = (u8 *)malloc(size);
     if (read(fd, buf, size) != size) { printf("elf-pvh-note: short read\n"); return 1; }
 
     u64 phoff      = r64(buf + 0x20);
     u16 phentsize  = r16(buf + 0x36);
     u16 phnum      = r16(buf + 0x38);
     u64 shoff      = r64(buf + 0x28);
     u16 shentsize  = r16(buf + 0x3a);
     u16 shnum      = r16(buf + 0x3c);
     u16 shstrndx   = r16(buf + 0x3e);
 
     u64 shstrtab_off = r64(buf + shoff + shstrndx * shentsize + 0x18);
 
     u64 note_off = 0, note_size = 0, note_addr = 0;
     int found = 0;
     for (int i = 0; i < shnum; i++) {
         u8 *sh = buf + shoff + i * shentsize;
         u32 name_off = r32(sh);
         if (strcmp((char *)(buf + shstrtab_off + name_off), ".note.Xen") == 0) {
             note_addr = r64(sh + 0x10);
             note_off  = r64(sh + 0x18);
             note_size = r64(sh + 0x20);
             w32(sh + 4, SHT_NOTE);
             found = 1;
             break;
         }
     }
     if (!found) { printf("elf-pvh-note: no .note.Xen section\n"); return 1; }
 
     u8 *ph = buf + phoff + phnum * phentsize;
     w32(ph + 0,  PT_NOTE);
     w32(ph + 4,  PF_R);
     w64(ph + 8,  note_off);
     w64(ph + 16, note_addr);
     w64(ph + 24, note_addr);
     w64(ph + 32, note_size);
     w64(ph + 40, note_size);
     w64(ph + 48, 4);
     w16(buf + 0x38, phnum + 1);
 
     lseek(fd, 0, SEEK_SET);
     if (write(fd, buf, size) != size) { printf("elf-pvh-note: short write\n"); return 1; }
     close(fd);
     return 0;
 }