ELF2: FIx powerpc64* lzma

also follow-ons for https://github.com/upx/upx/issues/834 modified: ../misc/testsuite/upx_testsuite_1-expected_sha256sums.sh modified: p_lx_elf.cpp modified: stub/Makefile modified: stub/src/amd64-linux.elf-main2.c modified: stub/src/arch/powerpc/64le/lzma_d-common.S modified: stub/src/arch/powerpc/64le/lzma_d.S modified: stub/src/arch/powerpc/64le/ppc_regs.h modified: stub/src/powerpc64-expand.S modified: stub/src/powerpc64-linux.elf-fold.S plus generated *.h *.map *.dump
2024-07-02 11:15:52 -07:00
parent a9b7a0cb27
commit c8a0540fd2
15 changed files with 3183 additions and 3133 deletions
@@ -66,7 +66,7 @@ e7bfe2365ce83121ef757f8be47aa158da537e8992c3b2082e08a0fc4512708b *mips-linux.elf
 fcbd8b4709ee324eb772e5de45a85bac5b8e560460fb1d50d0958f2ce568be97 *mipsel-linux.elf/upx-3.95
 16b0df199ae2055fb98ddf8cf77a0ee2ea3fa9a386e9cc6dd940647532130c2f *powerpc-linux.elf/upx-3.91
 1561a7e36653475eeabe33f65890e9a25e9e00b69ffcfa7928f68d4c0f6b2179 *powerpc-linux.elf/upx-3.95
-cf9174c4302d0670debde60baef584277dac91b8334a6440adfc295e1a24351b *powerpc64le-linux.elf/upx-3.95
+037374e757fdac5832e00fc5901545543279bc5dc492a583dcf47275939c1ce0 *powerpc64le-linux.elf/upx-3.95
 "
 expected_sha256sums__t120_compress_ucl_nrv2d_3_no_filter="\
 84328c2e1cf60ede2d14f4146f6894a5f88bfd027ffccdcad411a05f4b11c6c4 *amd64-linux.elf/upx-3.91
@@ -89,7 +89,7 @@ ee769694227b4f2e6195852ce6cbd899fc0c3308f978dcb85c9fc768d21ce37f *mipsel-linux.e
 73c3d6cee83136438b884e8dd3af19c9cb8298401e295bf0428616c75589090b *mipsel-linux.elf/upx-3.95
 d05786b4b729f13a9b325322c2ea41ca7db6f60fee9f82c58874a25ee7eca086 *powerpc-linux.elf/upx-3.91
 5068e792280ded5f51eb7003807514bdb7fce8739170952fa3ec631d9743bb69 *powerpc-linux.elf/upx-3.95
-c643acd0fbea82520dd9e659e3b246f1069d66baf13bce030c2523488ff151a3 *powerpc64le-linux.elf/upx-3.95
+2f50e82cfca013d37d0081982f8731590bbb79cf95257736ef2dfa3ad4a42d93 *powerpc64le-linux.elf/upx-3.95
 "
 expected_sha256sums__t130_compress_ucl_nrv2e_3_no_filter="\
 24f1c2077016095f0cdebcef1546777e39fd1a76b39ce0ef9be2f11bb5e4a49f *amd64-linux.elf/upx-3.91
@@ -112,7 +112,7 @@ d18aa30ba7a8bc500517b8dcdd16976806c88c5a49e721f8a54d216fb7f7b230 *mipsel-linux.e
 fa3be8f93006a88c7ad3d9fd13f600c4f69745859eb76f7eab317a5b87d256ea *mipsel-linux.elf/upx-3.95
 1eaa5a0165d9d7cd6c0dd1f6c223f60cb5c213ff8f74af78764b075a7202f334 *powerpc-linux.elf/upx-3.91
 39133844ee0264df192e96e2447f5383e7cef42dbf08e9dd5b8928328894f62b *powerpc-linux.elf/upx-3.95
-aaeb2c121f815cad87d3a9b0c784894ae15e8c689d47cb934f433edc57d2928c *powerpc64le-linux.elf/upx-3.95
+9f0562baf5988ec9bc11b07593a64bd7428cd77405dbefb52ff9a380c91d3d21 *powerpc64le-linux.elf/upx-3.95
 "
 expected_sha256sums__t140_compress_lzma_2_no_filter="\
 5e382e35684d069e54b1c3e06065049f604c6c63a326008fc5a8b07dfe580a09 *amd64-linux.elf/upx-3.91
@@ -135,7 +135,7 @@ bfbcb18537081e3393c6d144101675bfe935192390405c3072449fbfa3b38069 *mipsel-linux.e
 c8b1cbc45bc1c34f481bdf535bb21ea62d2a6a7ce8bcfb1460cb8c5de85e3c43 *mipsel-linux.elf/upx-3.95
 d2ee5c94812125bcc8970f42dd363ebe0f0fd9b3bdfe8973214e956978bc1dad *powerpc-linux.elf/upx-3.91
 a214c035d403c1dc7b5d80d6cfd8e00e2278f8600332875f2e53e1c61648fdc2 *powerpc-linux.elf/upx-3.95
-cc619c9dd1375c13acd41e8627fc7f441987b8d5c779e0815d4eda707fe1a94e *powerpc64le-linux.elf/upx-3.95
+4018c5dcc8d1479ab64977c8b714421235a72b900d406c891c6913195bfc3a6c *powerpc64le-linux.elf/upx-3.95
 "
 expected_sha256sums__t150_compress_ucl_2_all_filters="\
 352c29b1409142882f937699929b7b5dc06bba8838f5bf3ca1395bc5ae182f48 *amd64-linux.elf/upx-3.91
@@ -158,7 +158,7 @@ c30fa4adac1d1b0838e452e7f6591d433352ed719d32b161e6383828927e9b13 *mipsel-linux.e
 b5ece56b5e674b8ba1a6bdd488ad41495d52a8a9e594bd84651e1d7f393d5e23 *mipsel-linux.elf/upx-3.95
 e3825daa7fb8d509590c1db347a8403dbd899da453fb43850ebf1d31abbe0cba *powerpc-linux.elf/upx-3.91
 20e2b5270c00b18770cc7fd9b2c4d523b2a33b215d354fb00d129d35219094f0 *powerpc-linux.elf/upx-3.95
-b5c35549d81261e8cba45acb9a622421e26953aeb09355a2aeb46915c15cef5f *powerpc64le-linux.elf/upx-3.95
+7bb92d8d8a53d9ff563d1512c47874ad9bc6bf0ecb06f1c2da92ec22b4206de5 *powerpc64le-linux.elf/upx-3.95
 "
 expected_sha256sums__t160_compress_all_methods_1_no_filter="\
 095796a3c7949b8f7776a87983fe74f70e61dd47254bd3f1834234b11ae4f6bf *amd64-linux.elf/upx-3.91
@@ -181,7 +181,7 @@ c4cf58843905b62b0fe50266b926f46041a7329ca1f8237a5743fc54a6daed68 *mipsel-linux.e
 558047321b8771a5445bd56741334a954f1d722d9e70764ca13a1075ad139378 *mipsel-linux.elf/upx-3.95
 4a57ba95ab87a2710d2e3f93a344b3f56cae08043c5b3f2ce55965a59d13762e *powerpc-linux.elf/upx-3.91
 c37806b0d68697276cdd208ab37c92e01055bfbab73c6bbdf054c95fe9cef3b9 *powerpc-linux.elf/upx-3.95
-90cc5c0105a941e4dd72d5a44557639618440cd4ef339b7c181d90541348d207 *powerpc64le-linux.elf/upx-3.95
+8747ba2fc2b332588fe3aa50fcc303fcd516798552e0092699b8a9b718096ad5 *powerpc64le-linux.elf/upx-3.95
 "
 expected_sha256sums__t170_compress_all_methods_no_lzma_5_no_filter="\
 9c0cbd5abc56d506be45a411613883079adbf3e5ff7f5652fd6cc2808bc4212a *amd64-linux.elf/upx-3.91
@@ -204,6 +204,6 @@ eb01b6f27798690115cabb88314551579da509455232bbaa3276eddc25106d0d *i386-win32.pe/
 b34e08324b5f078b1f7408afcf72f7b6fb7f2a25e76332459aa30c020124f04c *mipsel-linux.elf/upx-3.95
 1c0fde4880d16710cba3d2d285d8af01aff2b50bd8f0203afcd3a338a8a0b0b1 *powerpc-linux.elf/upx-3.91
 60f7c8153f3e0ae5d793645b88b6323630fd1b8caf40511a26836835aa99228d *powerpc-linux.elf/upx-3.95
-ee0faaac156f1111862566023e1b5d662bbe8c256d027504976d74bb148b8c66 *powerpc64le-linux.elf/upx-3.95
+d6ff4a6d2f0d4edd68dd8ab7c1c219a5d7820d53ccd512cc1eb6837b58b237d4 *powerpc64le-linux.elf/upx-3.95
 "
 ########## end .sha256sums.recreate
@@ -8333,39 +8333,43 @@ Elf32_Sym const *PackLinuxElf32::elf_lookup(char const *name) const
            throwCantPack("bad gnu_shift %#x", gnu_shift);
        }
        if ((file_size + file_image) <= (void const *)hasharr) {
-            char msg[80]; snprintf(msg, sizeof(msg),
+            throwCantPack("bad n_bucket %#x\n", n_bucket);
                "bad n_bucket %#x\n", n_bucket);
            throwCantPack(msg);
        }
        if (!n_bitmask
        || (unsigned)(file_size - ((char const *)bitmask - (char const *)(void const *)file_image))
                <= sizeof(unsigned)*n_bitmask ) {
            throwCantPack("bad n_bitmask %#x\n", n_bitmask);
        }
-        if (n_bucket) {
+        if (n_bucket) { // -rust-musl can have "empty" hashtab
            unsigned const h = gnu_hash(name);
            unsigned const hbit1 = 037& h;
            unsigned const hbit2 = 037& (h>>gnu_shift);
            unsigned const w = get_te32(&bitmask[(n_bitmask -1) & (h>>5)]);
            if (1& (w>>hbit1) & (w>>hbit2)) {
-                unsigned bucket = get_te32(&buckets[h % n_bucket]);
+                unsigned const hhead = get_te32(&buckets[h % n_bucket]);
-                if (n_bucket <= bucket) {
+                if (n_bucket <= (hhead - symbias)) {
-                    throwCantPack("bad DT_GNU_HASH n_bucket{%#x} <= buckets[%d]{%#x}\n",
+                    throwCantPack("bad DT_GNU_HASH n_bucket{%#x} <= buckets[%d]{%#x} - symbias{%#x}\n",
-                            n_bucket, h % n_bucket, bucket);
+                            n_bucket, h % n_bucket, hhead, symbias);
                }
-                if (0!=bucket) {
+                if (hhead) {
-                    Elf32_Sym const *dsp = &dynsym[bucket];
+                    Elf32_Sym const *dsp = &dynsym[hhead];
-                    unsigned const *hp = &hasharr[bucket - symbias];
+                    unsigned const *hp = &hasharr[hhead - symbias];
-                    do if (0==((h ^ get_te32(hp))>>1)) {
+                    unsigned k;
-                        unsigned st_name = get_te32(&dsp->st_name);
+                    do {
                        if (gashend <= hp) {
                            throwCantPack("bad DT_GNU_HASH[%#x]  head=%u",
                                (unsigned)(hp - hasharr), hhead);
                        }
                        k = get_te32(hp);
                        if (0==((h ^ k)>>1)) {
                            unsigned const st_name = get_te32(&dsp->st_name);
                            char const *const p = get_str_name(st_name, (unsigned)-1);
                            if (0==strcmp(name, p)) {
                                return dsp;
                            }
-                    } while (++dsp,
+                        }
-                        ((char const *)hp < (char const *)(file_size + file_image))
+                    } while (++dsp, ++hp, 0==(1u& k));
                        &&  0==(1u& get_te32(hp++)));
                }
            }
        }
@@ -1688,7 +1688,7 @@ tmp/powerpc64-darwin.macho-main.o : $(srcdir)/src/$$T.c
 powerpc64le-linux.elf%.h : tc_list = powerpc64le-linux.elf default
 powerpc64le-linux.elf%.h : tc_bfdname = elf64-powerpcle
-tc.powerpc64le-linux.elf.gcc  = powerpc64-linux-gcc-4.9.2 -m64 -mlittle-endian -DBIG_ENDIAN=0 -nostdinc -MMD -MT $@
+tc.powerpc64le-linux.elf.gcc  = powerpc64-linux-gcc-4.9.2 -m64 -mlittle-endian -DBIG_ENDIAN=0 -DDAISY_CHAIN=1 -nostdinc -MMD -MT $@
 tc.powerpc64le-linux.elf.gcc += -fno-exceptions -fno-asynchronous-unwind-tables -fno-stack-protector
 tc.powerpc64le-linux.elf.gcc += -Wall -W -Wcast-align -Wcast-qual -Wstrict-prototypes -Wwrite-strings -Werror
@@ -1746,7 +1746,7 @@ tmp/powerpc64le-linux.elf-main2.s: $(srcdir)/src/$$T.c $(srcdir)/src/amd64-linux
 powerpc64-linux.elf%.h : tc_list = powerpc64-linux.elf default
 powerpc64-linux.elf%.h : tc_bfdname = elf64-powerpc
-tc.powerpc64-linux.elf.gcc  = powerpc64-linux-gcc-4.9.2 -m64 -mbig-endian -DBIG_ENDIAN=1 -DUSE_TOC=1 -nostdinc -MMD -MT $@
+tc.powerpc64-linux.elf.gcc  = powerpc64-linux-gcc-4.9.2 -m64 -mbig-endian -DBIG_ENDIAN=1 -DUSE_TOC=1 -DDAISY_CHAIN=1 -nostdinc -MMD -MT $@
 tc.powerpc64-linux.elf.gcc += -fno-exceptions -fno-asynchronous-unwind-tables -fno-stack-protector
 tc.powerpc64-linux.elf.gcc += -mno-longcall -mno-toc
 tc.powerpc64-linux.elf.gcc += -Wall -W -Wcast-align -Wcast-qual -Wstrict-prototypes -Wwrite-strings -Werror
@@ -1776,7 +1776,7 @@ powerpc64-linux.elf-fold.h : $(srcdir)/src/$$T.lds \
 #auxv_up:
 #    .quad   .L7L.auxv_up,.TOC.@tocbase
 #    .previous
-	$(call tc,gcc) -E  -DBIG_ENDIAN=1 -DUSE_TOC=1 \
+	$(call tc,gcc) -E  -DBIG_ENDIAN=1 -DUSE_TOC=1 -DDAISY_CHAIN=1 \
 		tmp/powerpc64-linux.elf-fold-2.S \
 	    | > tmp/powerpc64-linux.elf-fold-3.S \
 	      sed -e '/\.section\s*"\.toc","aw"/d' \
@@ -119,8 +119,6 @@ extern void my_bkpt(void *, ...);
 static int dprintf(char const *fmt, ...); // forward
 #endif  /*}*/
 extern void my_bkpt(void *, ...);
 /*************************************************************************
 // configuration section
 **************************************************************************/
@@ -29,9 +29,9 @@
 #include "ppc_regs.h"
 // http://refspecs.linuxfoundation.org/ELF/ppc64/PPC-elf64abi.html#STACK
-SZ_LINK= 6*8  // (sp,cr,lr, xx,yy,zz) save area per calling convention
+SZ_LINK= 6*NBPW  // (sp,cr,lr, xx,yy,zz) save area per calling convention
-SZ_PSAV= 8*8  // for spilling a0-a7 if necessary
+SZ_PSAV= 8*NBPW  // for spilling a0-a7 if necessary
-retaddr = 2*8  // lr === pc
+retaddr = 2*NBPW  // lr === pc
 #define section .section
@@ -56,8 +56,7 @@ retaddr = 2*8  // lr === pc
 #define M_LZMA          14
        cmplwi cr0,meth,M_LZMA
        bne   cr0,not_lzma
-        stdu sp,-(SZ_LINK+SZ_PSAV)(sp)  // FR_10  defend against callers who omit the linkage area
+        mr a7,sp  // sp of caller
        mflr r0
 //Prepare for call to:
 //LzmaDecode(  // from lzmaSDK/C/7zip/Compress/LZMA_C/LzmaDecode.h
@@ -73,7 +72,6 @@ retaddr = 2*8  // lr === pc
        la    a1,2(src)  // inp
        lbz t2,0(src)  // first byte, replaces LzmaDecodeProperties()
        std r0,retaddr(sp)  // save return address in caller's frame
        rldicl t1,t2,64-3,3  // t1= (t2>>3)==(lit_context-bits + lit_pos_bits)
        clrldi t2,t2,64-3    // t2= (7& t2)==pos_bits
@@ -83,46 +81,60 @@ retaddr = 2*8  // lr === pc
        li   a0,-2*LZMA_LIT_SIZE
        sld  a0,a0,t1  // -2*LZMA_LIT_SIZE << (lit_context_bits + lit_pos_bits)
-        addi a0,a0,-6*8 - 2*LZMA_BASE_SIZE
+        addi a0,a0,-6*NBPW - 2*LZMA_BASE_SIZE
 // alloca{sp,ra,orig_dst,&outSizeProcessed,slot(inSizeProcessed),*_bits, CLzmaDecoderState}
        mr a3,sp
        add sp,sp,a0  // FR_11  allocate
        clrrdi sp,sp,6  // (1<<6) byte align (round down)
        li r0,0
-        mr a0,a3  // old sp
+        mr a0,a7  // old sp
        stw r0,0(a6)  // outSizeProcessed= 0;  XXX 32 BITS
 1:
        stdu r0,-8(a0)  // clear CLzmaDecoderState on stack
        cmpld cr0,sp,a0  // compare logical ==> compare unsigned
        blt cr0,1b
        std a3,0(sp)  // FR_11  chain
        lbz r0,-1(a1)  // second byte, replaces LzmaDecodeProperties()
-        la a3,4*8 + BIG_ENDIAN*4(sp)  // &inSizeProcessed  XXX 32 BITS
+        la a3,4*NBPW + BIG_ENDIAN*4(sp)  // &inSizeProcessed  XXX 32 BITS
-        la a0,5*8               (sp)  // &CLzmaDecoderState
+        la a0,5*NBPW               (sp)  // &CLzmaDecoderState
        stb t2,2(a0)  // pos_bits
-        std a4,2*8(sp)  // outp
+        std a4,2*NBPW(sp)  // outp
-        std a6,3*8(sp)  // &outSizeProcessed
+        std a6,3*NBPW(sp)  // &outSizeProcessed
        rldicl t1,r0,64-4,4  // t1= (r0>>4)==lit_pos_bits
        clrldi r0,r0,64-4    // r0= (0xf& r0)==lit_context_bits
        stb t1,1(a0)  // lit_pos_bits
        stb r0,0(a0)  // lit_context_bits
-        stdu sp,-(SZ_LINK+SZ_PSAV)(sp)  // FR_12  defend against callers who omit the linkage area
+        stdu a7,-(SZ_LINK+SZ_PSAV)(sp)  // FR_12  defend against callers who omit the linkage area
        mflr r0
        std r0,retaddr(sp)  // save return address in caller's frame
        bl lzma_go  // invoke LzmaDecode
 // LZMA_DEC10 or LZMA_DEC20 returns here
        ld r0,retaddr(sp)  // in f_expand
        ld sp,0(sp)  // FR_12  de-allocate CLzmaDecoderState and bits
        mtlr r0
        blr  // normal return from decompress to f_expand
 lzma_go:  // fall through into LzmaDecode: use LZMA_DEC10 or LZMA_DEC20 as subroutine
 // LZMA_DEC30 is not used?
  section LZMA_DEC30  // Out: a0= retval; a2= &hi stored; a4= &lo stored; lr= retaddr
-        la   sp,SZ_LINK+SZ_PSAV(sp) // FR_12  un-defend
+/*1*/   la   sp,SZ_LINK+SZ_PSAV(sp) // FR_12  un-defend
-        ld   a2,3*8(sp)  // &outSizeProcessed
+        ld   a2,3*NBPW(sp)  // &outSizeProcessed
-        ld   a4,2*8(sp)  // &lowest byte stored
+        ld   a4,2*NBPW(sp)  // &lowest byte stored
        lwz  a2,0(a2)  // outSizeProcessed  XXX 32 BITS
-        ld   sp,0(sp)  // FR_11  de-alloc CLzmaDecoderState, incl. array of probabilities
+/*2*/   ld   sp,0(sp)  // FR_11  de-alloc CLzmaDecoderState, incl. array of probabilities
        add  a2,a2,a4  // &next byte to store
        ld r0,retaddr(sp)
         addi a2,a2,-1  // &highest byte stored
        ld   sp,0(sp)   // FR_10  un-allocate and un-chain
        mtlr r0
        ld   sp,0(sp)   // FR_10  un-allocate and un-chain
-not_lzma:
+#if !defined(WINDOWS_BACK) && defined(DAISY_CHAIN)  //{ subroutine return
        blr  // return to *-expand.S: f_expand ==> decompress
 #endif
 not_lzma:  // fall into daisy chain
 // vi:ts=8:et
@@ -2,16 +2,12 @@
 // can contain endian-dependent code in the "64" and "64le" directories,
 // but otherwise use lzma_d-common.S
-#include "lzma_d-common.S"
+#include "../64le/lzma_d-common.S"
  section LZMA_DEC10
 #include "lzma_d_cs.S"
  section LZMA_DEC20
        bl   lzma_dec20
        b    eof_dec20
 lzma_dec20:
 #include "lzma_d_cf.S"
 eof_dec20:
 // vi:ts=8:et
@@ -34,11 +34,13 @@ r29= 29
 r30= 30
 r31= 31
 NBPW= 8  // Number of Bytes Per Word
 /* Stack pointer */
 sp= 1
-SZ_FRAME= 6*8 + 8*8  // (sp,cr,lr, tmp.xlc,tmp.ld,save.toc) + spill area for a0-a7
+SZ_FRAME= 6*NBPW + 8*NBPW  // (sp,cr,lr, tmp.xlc,tmp.ld,save.toc) + spill area for a0-a7
 F_TOC=    SZ_FRAME  // where is the fake TOC
-SZ_FRAME= SZ_FRAME + 2*2*8  // space for 2 [short] TOC entries
+SZ_FRAME= SZ_FRAME + 2*2*NBPW  // space for 2 [short] TOC entries
 // http://refspecs.linuxfoundation.org/ELF/ppc64/PPC-elf64abi.html#REG
 // r0        Volatile register used in function prologs
@@ -59,7 +59,7 @@ f_expand: .globl f_expand // f_expand(b_info *, dst, &dstlen)
 #define fx_dst    a1
 #define fx_dstlen a2
    mflr r0
-    PUSH4 fx_src,fx_dst,fx_dstlen,r0  // params to unfilter and sync_cache
+    PUSH4 fx_src,fx_dst,fx_dstlen,r0  // MATCH_80  params to unfilter and sync_cache
 // Input to de-compressor:
 #define xsrc    a0
@@ -75,16 +75,16 @@ f_expand: .globl f_expand // f_expand(b_info *, dst, &dstlen)
    call decompress
    movr a3,a0  // save retval
-    POP3 a2,a0,a1   // fx_src,fx_dst,fx_dstlen; keep f_expand.retaddr
+    POP3 a2,a0,a1   // MATCH_80 fx_src,fx_dst,fx_dstlen; keep f_expand.retaddr
    ld a1,0(a1)  // actual length used by decompressor
-    PUSH3 a0,a1,a3  // params for sync_cache
+    PUSH3 a0,a1,a3  // MATCH_81  params for sync_cache
    lbz a3,b_ftid(a2)
    lbz a2,b_cto8(a2)
    cmpi cr0,a3,0; beq no_unf
    call unfilter
 no_unf:
-    POP2 a0,a1   // dst, len
+    POP2 a0,a1   // MATCH_81  dst, len
    add a1,a1,a0  // lo, hi
 CACHELINE=32
@@ -98,7 +98,7 @@ cfl_nrv:
        sync   // wait for all memory operations to finish
        isync  // discard prefetched instructions (if any)
 cfl_ret:
-    POP2 a0,r0   // retval, retaddr from f_expand
+    POP2 a0,r0   // MATCH_80, MATCH_81  retval, retaddr from f_expand
    mtlr r0
    ret
 //    .unreq fx_src
@@ -121,6 +121,27 @@ get_page_mask: .globl get_page_mask
        ld r3,PAGE_MASK - 0b(r3)
        bctr
 Pprotect: .globl Pprotect
        mflr r0; bl 0f; 0: mflr r6; mtlr r0; ld r0,PAGE_MASK - 0b(r6)
        andc r0,a0,r0  // offset within page
        sub a0,a0,r0
        add a1,a1,r0
        b mprotect
 Pmap: .globl Pmap
        mflr r0; bl 0f; 0: mflr r6; mtlr r0; ld r0,PAGE_MASK - 0b(r6)
        andc r0,a0,r0  // offset within page
        sub a0,a0,r0
        add a1,a1,r0
        b mmap
 Punmap: .globl Punmap
        mflr r0; bl 0f; 0: mflr r6; mtlr r0; ld r0,PAGE_MASK - 0b(r6)
        andc r0,a0,r0  // offset within page
        sub a0,a0,r0
        add a1,a1,r0
        b munmap
 fold_begin:
 ////    teq r0,r0  // debugging
        mtctr r0  // # words of stuff   FIXME
@@ -264,8 +285,7 @@ sz_auxv= 2*NBPW
        ld r0,-NBPW(av_hi)  // &hatch
        mtctr r0
-        ld r0,0(av_hi)  // entry address
+        std r_exp,SZ_FRAME + (-1+ 31)*NBPW(sp)  // hatch: "movr r12,r31" for musl 1.1.16
        std r0,SZ_FRAME + (-1+ 31)*NBPW(sp)  // hatch: "movr r12,r31" for musl 1.1.16
        mr a0,r_ADRU
        mr a1,r_LENU
@@ -310,6 +330,7 @@ sz_auxv= 2*NBPW
        bctr  // goto escape hatch
  section SYSCALLS
    li r0,0x999; teq r0,r0  // detect fall-through into this seciion
 SYS_exit=  1
 SYS_fork=  2
@@ -326,11 +347,6 @@ SYS_ftruncate= 93
 SYS_mprotect= 125
 SYS_memfd_create= 360
 Pmap: .globl Pmap
        li r0, 0xfff  // ~PAGE_MASK  (FIXME: probably use 4th arg)
        and r0,a0,r0
        sub a0,a0,r0
        add a1,a1,r0
 mmap: .globl mmap
        clrldi  a4,a4,32  // truncate fd to 32 bits; kernel is picky?
        li 0,SYS_mmap
@@ -341,21 +357,10 @@ sysgo:
 no_fail:
        ret
 Pprotect: .globl Pprotect
 mprotect: .globl mprotect
        li r0, 0xfff  // ~PAGE_MASK  (FIXME: probably use 4th arg)
        and r0,a0,r0
        sub a0,a0,r0
        add a1,a1,r0
        li r0,SYS_mprotect; 5: b 5f
 Punmap: .globl Punmap
        li r0, 0xfff  // ~PAGE_MASK  (FIXME: probably use 4th arg)
        and r0,a0,r0
        sub a0,a0,r0
        add a1,a1,r0
 munmap: .globl munmap
-        li r0,SYS_munmap;   5: b sysgo
+        li 0,SYS_munmap; 5: b 5f
 mprotect: .globl mprotect
        li 0,SYS_mprotect; 5: b 5f
 memfd_create: .globl memfd_create
        li r0,SYS_memfd_create; 5: b 5f
 ftruncate: .globl ftruncate
@@ -8,14 +8,17 @@ Linker script and memory map
 TARGET(elf64-powerpc)
-.text           0x0000000000000000      0xd6c
+.text           0x0000000000000000      0xdd4
 *(.text)
- .text          0x0000000000000000      0xd6c tmp/powerpc64-linux.elf-fold.o
+ .text          0x0000000000000000      0xdd4 tmp/powerpc64-linux.elf-fold.o
                0x0000000000000014                get_page_mask
-                0x0000000000000b48                underlay
+                0x000000000000002c                Pprotect
-                0x0000000000000bd4                upx_main
+                0x0000000000000050                Pmap
                0x0000000000000074                Punmap
                0x0000000000000bb0                underlay
                0x0000000000000c3c                upx_main
 *(.data)
- .data          0x0000000000000d6c        0x0 tmp/powerpc64-linux.elf-fold.o
+ .data          0x0000000000000dd4        0x0 tmp/powerpc64-linux.elf-fold.o
 .data
 LOAD tmp/powerpc64-linux.elf-fold.o
@@ -24,26 +27,23 @@ OUTPUT(tmp/powerpc64-linux.elf-fold.bin elf64-powerpc)
 .bss            0x0000000000000000        0x0
 .bss           0x0000000000000000        0x0 tmp/powerpc64-linux.elf-fold.o
-SYSCALLS        0x0000000000000000      0x11c
+SYSCALLS        0x0000000000000000       0xf4
- SYSCALLS       0x0000000000000000      0x11c tmp/powerpc64-linux.elf-fold.o
+ SYSCALLS       0x0000000000000000       0xf4 tmp/powerpc64-linux.elf-fold.o
-                0x0000000000000000                Pmap
+                0x0000000000000008                mmap
-                0x0000000000000010                mmap
+                0x0000000000000020                munmap
                0x0000000000000028                Pprotect
                0x0000000000000028                mprotect
-                0x0000000000000040                Punmap
+                0x0000000000000030                memfd_create
-                0x0000000000000050                munmap
+                0x0000000000000038                ftruncate
-                0x0000000000000058                memfd_create
+                0x0000000000000040                exit
-                0x0000000000000060                ftruncate
+                0x0000000000000048                brk
-                0x0000000000000068                exit
+                0x0000000000000050                readlink
-                0x0000000000000070                brk
+                0x0000000000000058                write
-                0x0000000000000078                readlink
+                0x0000000000000060                read
-                0x0000000000000080                write
+                0x0000000000000068                open
-                0x0000000000000088                read
+                0x0000000000000070                close
-                0x0000000000000090                open
+                0x0000000000000078                upxfd_create
-                0x0000000000000098                close
+                0x00000000000000d0                memcpy
-                0x00000000000000a0                upxfd_create
+                0x00000000000000ec                my_bkpt
                0x00000000000000f8                memcpy
                0x0000000000000114                my_bkpt
 .comment        0x0000000000000000       0x33
 .comment       0x0000000000000000       0x33 tmp/powerpc64-linux.elf-fold.o
@@ -70,11 +70,11 @@ NRV2D           0x0000000000000000      0x13c
 NRV2B           0x0000000000000000       0xf8
 NRV2B          0x0000000000000000       0xf8 tmp/powerpc64-linux.elf-fold.o
-LZMA_ELF00      0x0000000000000000       0x94
+LZMA_ELF00      0x0000000000000000       0xa0
- LZMA_ELF00     0x0000000000000000       0x94 tmp/powerpc64-linux.elf-fold.o
+ LZMA_ELF00     0x0000000000000000       0xa0 tmp/powerpc64-linux.elf-fold.o
-LZMA_DEC30      0x0000000000000000       0x28
+LZMA_DEC30      0x0000000000000000       0x2c
- LZMA_DEC30     0x0000000000000000       0x28 tmp/powerpc64-linux.elf-fold.o
+ LZMA_DEC30     0x0000000000000000       0x2c tmp/powerpc64-linux.elf-fold.o
 LZMA_DEC10      0x0000000000000000      0xbc0
 LZMA_DEC10     0x0000000000000000      0xbc0 tmp/powerpc64-linux.elf-fold.o
@@ -8,14 +8,17 @@ Linker script and memory map
 TARGET(elf64-powerpcle)
-.text           0x0000000000000000      0xd94
+.text           0x0000000000000000      0xdfc
 *(.text)
- .text          0x0000000000000000      0xd94 tmp/powerpc64le-linux.elf-fold.o
+ .text          0x0000000000000000      0xdfc tmp/powerpc64le-linux.elf-fold.o
                0x0000000000000014                get_page_mask
-                0x0000000000000b70                underlay
+                0x000000000000002c                Pprotect
-                0x0000000000000bfc                upx_main
+                0x0000000000000050                Pmap
                0x0000000000000074                Punmap
                0x0000000000000bd8                underlay
                0x0000000000000c64                upx_main
 *(.data)
- .data          0x0000000000000d94        0x0 tmp/powerpc64le-linux.elf-fold.o
+ .data          0x0000000000000dfc        0x0 tmp/powerpc64le-linux.elf-fold.o
 .data
 LOAD tmp/powerpc64le-linux.elf-fold.o
@@ -24,26 +27,23 @@ OUTPUT(tmp/powerpc64le-linux.elf-fold.bin elf64-powerpcle)
 .bss            0x0000000000000000        0x0
 .bss           0x0000000000000000        0x0 tmp/powerpc64le-linux.elf-fold.o
-SYSCALLS        0x0000000000000000      0x11c
+SYSCALLS        0x0000000000000000       0xf4
- SYSCALLS       0x0000000000000000      0x11c tmp/powerpc64le-linux.elf-fold.o
+ SYSCALLS       0x0000000000000000       0xf4 tmp/powerpc64le-linux.elf-fold.o
-                0x0000000000000000                Pmap
+                0x0000000000000008                mmap
-                0x0000000000000010                mmap
+                0x0000000000000020                munmap
                0x0000000000000028                Pprotect
                0x0000000000000028                mprotect
-                0x0000000000000040                Punmap
+                0x0000000000000030                memfd_create
-                0x0000000000000050                munmap
+                0x0000000000000038                ftruncate
-                0x0000000000000058                memfd_create
+                0x0000000000000040                exit
-                0x0000000000000060                ftruncate
+                0x0000000000000048                brk
-                0x0000000000000068                exit
+                0x0000000000000050                readlink
-                0x0000000000000070                brk
+                0x0000000000000058                write
-                0x0000000000000078                readlink
+                0x0000000000000060                read
-                0x0000000000000080                write
+                0x0000000000000068                open
-                0x0000000000000088                read
+                0x0000000000000070                close
-                0x0000000000000090                open
+                0x0000000000000078                upxfd_create
-                0x0000000000000098                close
+                0x00000000000000d0                memcpy
-                0x00000000000000a0                upxfd_create
+                0x00000000000000ec                my_bkpt
                0x00000000000000f8                memcpy
                0x0000000000000114                my_bkpt
 .comment        0x0000000000000000       0x33
 .comment       0x0000000000000000       0x33 tmp/powerpc64le-linux.elf-fold.o
@@ -70,14 +70,14 @@ NRV2D           0x0000000000000000      0x13c
 NRV2B           0x0000000000000000       0xf8
 NRV2B          0x0000000000000000       0xf8 tmp/powerpc64le-linux.elf-fold.o
-LZMA_ELF00      0x0000000000000000       0x94
+LZMA_ELF00      0x0000000000000000       0xa0
- LZMA_ELF00     0x0000000000000000       0x94 tmp/powerpc64le-linux.elf-fold.o
+ LZMA_ELF00     0x0000000000000000       0xa0 tmp/powerpc64le-linux.elf-fold.o
-LZMA_DEC30      0x0000000000000000       0x28
+LZMA_DEC30      0x0000000000000000       0x2c
- LZMA_DEC30     0x0000000000000000       0x28 tmp/powerpc64le-linux.elf-fold.o
+ LZMA_DEC30     0x0000000000000000       0x2c tmp/powerpc64le-linux.elf-fold.o
 LZMA_DEC10      0x0000000000000000      0xbb8
 LZMA_DEC10     0x0000000000000000      0xbb8 tmp/powerpc64le-linux.elf-fold.o
-LZMA_DEC20      0x0000000000000000      0xc74
+LZMA_DEC20      0x0000000000000000      0xc6c
- LZMA_DEC20     0x0000000000000000      0xc74 tmp/powerpc64le-linux.elf-fold.o
+ LZMA_DEC20     0x0000000000000000      0xc6c tmp/powerpc64le-linux.elf-fold.o
@@ -12,11 +12,11 @@ Idx Name          Size      VMA               LMA               File off  Algn
  7 NRV_TAIL      01c  0  0  043c  2**0  CONTENTS
  8 CFLUSH        024  0  0  0458  2**0  CONTENTS
  9 LZMA          0  0  0  047c  2**0  CONTENTS
- 10 LZMA_ELF00    094  0  0  047c  2**0  CONTENTS
+ 10 LZMA_ELF00    0a0  0  0  047c  2**0  CONTENTS
- 11 LZMA_DEC30    028  0  0  0510  2**0  CONTENTS
+ 11 LZMA_DEC30    02c  0  0  051c  2**0  CONTENTS
- 12 LZMA_DEC10    0bb8  0  0  0538  2**0  CONTENTS
+ 12 LZMA_DEC10    0bb8  0  0  0548  2**0  CONTENTS
- 13 LZMA_DEC20    0c74  0  0  010f0  2**0  CONTENTS
+ 13 LZMA_DEC20    0c6c  0  0  01100  2**0  CONTENTS
- 14 UPX1HEAD      020  0  0  01d64  2**0  CONTENTS
+ 14 UPX1HEAD      020  0  0  01d6c  2**0  CONTENTS
 SYMBOL TABLE:
 0000000000000000 l    d  LINUX020 0 LINUX020
 0000000000000000 l    d  LINUX030 0 LINUX030
@@ -60,4 +60,4 @@ OFFSET           TYPE              VALUE
 RELOCATION RECORDS FOR [LZMA_ELF00]:
 OFFSET           TYPE              VALUE
-0000000000000004 R_PPC64_REL14     LZMA_DEC30+0x0000000000000028
+0000000000000004 R_PPC64_REL14     LZMA_DEC30+0x000000000000002c