summary refs log tree commit diff
path: root/sysdeps
diff options
context:
space:
mode:
Diffstat (limited to 'sysdeps')
-rw-r--r--sysdeps/powerpc/Makefile5
-rw-r--r--sysdeps/powerpc/dl-machine.c442
-rw-r--r--sysdeps/powerpc/dl-machine.h528
-rw-r--r--sysdeps/powerpc/dl-start.S111
4 files changed, 609 insertions, 477 deletions
diff --git a/sysdeps/powerpc/Makefile b/sysdeps/powerpc/Makefile
index 0f8860b1d0..d2f0eb275c 100644
--- a/sysdeps/powerpc/Makefile
+++ b/sysdeps/powerpc/Makefile
@@ -28,3 +28,8 @@ endif
 ifeq ($(subdir),string)
 CFLAGS-memcmp.c += -Wno-uninitialized
 endif
+
+ifeq ($(subdir),elf)
+dl-routines += dl-machine
+rtld-routines += dl-machine dl-start
+endif
diff --git a/sysdeps/powerpc/dl-machine.c b/sysdeps/powerpc/dl-machine.c
new file mode 100644
index 0000000000..095a3f21d8
--- /dev/null
+++ b/sysdeps/powerpc/dl-machine.c
@@ -0,0 +1,442 @@
+/* Machine-dependent ELF dynamic relocation functions.  PowerPC version.
+   Copyright (C) 1995, 1996, 1997, 1998 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Library General Public License as
+   published by the Free Software Foundation; either version 2 of the
+   License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Library General Public License for more details.
+
+   You should have received a copy of the GNU Library General Public
+   License along with the GNU C Library; see the file COPYING.LIB.  If not,
+   write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+   Boston, MA 02111-1307, USA.  */
+
+#include <unistd.h>
+#include <string.h>
+#include <sys/param.h>
+#include <link.h>
+#include <dl-machine.h>
+#include <elf/ldsodefs.h>
+#include <elf/dynamic-link.h>
+
+/* Because ld.so is now versioned, these functions can be in their own file;
+   no relocations need to be done to call them.
+   Of course, if ld.so is not versioned...  */
+#if !(DO_VERSIONING - 0)
+#error This will not work with versioning turned off, sorry.
+#endif
+
+
+/* stuff for the PLT */
+#define PLT_INITIAL_ENTRY_WORDS 18
+#define PLT_LONGBRANCH_ENTRY_WORDS 10
+#define PLT_DOUBLE_SIZE (1<<13)
+#define PLT_ENTRY_START_WORDS(entry_number) \
+  (PLT_INITIAL_ENTRY_WORDS + (entry_number)*2 + \
+   ((entry_number) > PLT_DOUBLE_SIZE ? \
+    ((entry_number) - PLT_DOUBLE_SIZE)*2 : \
+    0))
+#define PLT_DATA_START_WORDS(num_entries) PLT_ENTRY_START_WORDS(num_entries)
+
+#define OPCODE_ADDI(rd,ra,simm) \
+  (0x38000000 | (rd) << 21 | (ra) << 16 | (simm) & 0xffff)
+#define OPCODE_ADDIS(rd,ra,simm) \
+  (0x3c000000 | (rd) << 21 | (ra) << 16 | (simm) & 0xffff)
+#define OPCODE_ADD(rd,ra,rb) \
+  (0x7c000214 | (rd) << 21 | (ra) << 16 | (rb) << 11)
+#define OPCODE_B(target) (0x48000000 | (target) & 0x03fffffc)
+#define OPCODE_BA(target) (0x48000002 | (target) & 0x03fffffc)
+#define OPCODE_BCTR() 0x4e800420
+#define OPCODE_LWZ(rd,d,ra) \
+  (0x80000000 | (rd) << 21 | (ra) << 16 | (d) & 0xffff)
+#define OPCODE_MTCTR(rd) (0x7C0903A6 | (rd) << 21)
+#define OPCODE_RLWINM(ra,rs,sh,mb,me) \
+  (0x54000000 | (rs) << 21 | (ra) << 16 | (sh) << 11 | (mb) << 6 | (me) << 1)
+
+#define OPCODE_LI(rd,simm)    OPCODE_ADDI(rd,0,simm)
+#define OPCODE_SLWI(ra,rs,sh) OPCODE_RLWINM(ra,rs,sh,0,31-sh)
+
+
+#define PPC_DCBST(where) asm volatile ("dcbst 0,%0" : : "r"(where))
+#define PPC_SYNC asm volatile ("sync")
+#define PPC_ISYNC asm volatile ("sync; isync")
+#define PPC_ICBI(where) asm volatile ("icbi 0,%0" : : "r"(where))
+#define PPC_DIE asm volatile ("tweq 0,0")
+
+/* Use this when you've modified some code, but it won't be in the
+   instruction fetch queue (or when it doesn't matter if it is). */
+#define MODIFIED_CODE_NOQUEUE(where) \
+     do { PPC_DCBST(where); PPC_SYNC; PPC_ICBI(where); } while (0)
+/* Use this when it might be in the instruction queue. */
+#define MODIFIED_CODE(where) \
+     do { PPC_DCBST(where); PPC_SYNC; PPC_ICBI(where); PPC_ISYNC; } while (0)
+
+
+/* The idea here is that to conform to the ABI, we are supposed to try
+   to load dynamic objects between 0x10000 (we actually use 0x40000 as
+   the lower bound, to increase the chance of a memory reference from
+   a null pointer giving a segfault) and the program's load address;
+   this may allow us to use a branch instruction in the PLT rather
+   than a computed jump.  The address is only used as a preference for
+   mmap, so if we get it wrong the worst that happens is that it gets
+   mapped somewhere else.  */
+
+ElfW(Addr)
+__elf_preferred_address(struct link_map *loader, size_t maplength,
+			ElfW(Addr) mapstartpref)
+{
+  ElfW(Addr) low, high;
+  struct link_map *l;
+
+  /* If the object has a preference, load it there!  */
+  if (mapstartpref != 0)
+    return mapstartpref;
+
+  /* Otherwise, quickly look for a suitable gap between 0x3FFFF and
+     0x70000000.  0x3FFFF is so that references off NULL pointers will
+     cause a segfault, 0x70000000 is just paranoia (it should always
+     be superceded by the program's load address).  */
+  low =  0x0003FFFF;
+  high = 0x70000000;
+  for (l = _dl_loaded; l; l = l->l_next)
+    {
+      ElfW(Addr) mapstart, mapend;
+      mapstart = l->l_map_start & ~(_dl_pagesize - 1);
+      mapend = l->l_map_end | (_dl_pagesize - 1);
+      assert (mapend > mapstart);
+
+      if (mapend >= high && high >= mapstart)
+	high = mapstart;
+      else if (mapend >= low && low >= mapstart)
+	low = mapend;
+      else if (high >= mapend && mapstart >= low)
+	{
+	  if (high - mapend >= mapstart - low)
+	    low = mapend;
+	  else
+	    high = mapstart;
+	}
+    }
+
+  high -= 0x10000; /* Allow some room between objects.  */
+  maplength = (maplength | (_dl_pagesize-1)) + 1;
+  if (high <= low || high - low < maplength )
+    return 0;
+  return high - maplength;  /* Both high and maplength are page-aligned.  */
+}
+
+/* Set up the loaded object described by L so its unrelocated PLT
+   entries will jump to the on-demand fixup code in dl-runtime.c.
+   Also install a small trampoline to be used by entries that have
+   been relocated to an address too far away for a single branch.  */
+
+/* A PLT entry does one of three things:
+   (i)   Jumps to the actual routine. Such entries are set up above, in
+         elf_machine_rela.
+
+   (ii)  Jumps to the actual routine via glue at the start of the PLT.
+         We do this by putting the address of the routine in space
+         allocated at the end of the PLT, and when the PLT entry is
+         called we load the offset of that word (from the start of the
+         space) into r11, then call the glue, which loads the word and
+         branches to that address. These entries are set up in
+         elf_machine_rela, but the glue is set up here.
+
+   (iii) Loads the index of this PLT entry (we count the double-size
+	 entries as one entry for this purpose) into r11, then
+	 branches to code at the start of the PLT. This code then
+	 calls `fixup', in dl-runtime.c, via the glue in the macro
+	 ELF_MACHINE_RUNTIME_TRAMPOLINE, which resets the PLT entry to
+	 be one of the above two types. These entries are set up here.  */
+int
+__elf_machine_runtime_setup (struct link_map *map, int lazy, int profile)
+{
+  if (map->l_info[DT_JMPREL])
+    {
+      Elf32_Word i;
+      /* Fill in the PLT. Its initial contents are directed to a
+	 function earlier in the PLT which arranges for the dynamic
+	 linker to be called back.  */
+      Elf32_Word *plt = (Elf32_Word *) ((char *) map->l_addr
+					+ map->l_info[DT_PLTGOT]->d_un.d_val);
+      Elf32_Word num_plt_entries = (map->l_info[DT_PLTRELSZ]->d_un.d_val
+				    / sizeof (Elf32_Rela));
+      Elf32_Word rel_offset_words = PLT_DATA_START_WORDS (num_plt_entries);
+      Elf32_Word size_modified;
+      extern void _dl_runtime_resolve (void);
+      extern void _dl_prof_resolve (void);
+      Elf32_Word dlrr;
+
+      dlrr = (Elf32_Word)(char *)(profile
+				  ? _dl_prof_resolve
+				  : _dl_runtime_resolve);
+
+      if (lazy)
+	for (i = 0; i < num_plt_entries; i++)
+	{
+	  Elf32_Word offset = PLT_ENTRY_START_WORDS (i);
+
+	  if (i >= PLT_DOUBLE_SIZE)
+	    {
+	      plt[offset  ] = OPCODE_LI (11, i * 4);
+	      plt[offset+1] = OPCODE_ADDIS (11, 11, (i * 4 + 0x8000) >> 16);
+	      plt[offset+2] = OPCODE_B (-(4 * (offset + 2)));
+	    }
+	  else
+	    {
+	      plt[offset  ] = OPCODE_LI (11, i * 4);
+	      plt[offset+1] = OPCODE_B (-(4 * (offset + 1)));
+	    }
+	}
+
+      /* Multiply index of entry by 3 (in r11).  */
+      plt[0] = OPCODE_SLWI (12, 11, 1);
+      plt[1] = OPCODE_ADD (11, 12, 11);
+      if (dlrr <= 0x01fffffc || dlrr >= 0xfe000000)
+	{
+	  /* Load address of link map in r12.  */
+	  plt[2] = OPCODE_LI (12, (Elf32_Word) (char *) map);
+	  plt[3] = OPCODE_ADDIS (12, 12, (((Elf32_Word) (char *) map
+					   + 0x8000) >> 16));
+
+	  /* Call _dl_runtime_resolve.  */
+	  plt[4] = OPCODE_BA (dlrr);
+	}
+      else
+	{
+	  /* Get address of _dl_runtime_resolve in CTR.  */
+	  plt[2] = OPCODE_LI (12, dlrr);
+	  plt[3] = OPCODE_ADDIS (12, 12, (dlrr + 0x8000) >> 16);
+	  plt[4] = OPCODE_MTCTR (12);
+
+	  /* Load address of link map in r12.  */
+	  plt[5] = OPCODE_LI (12, (Elf32_Word) (char *) map);
+	  plt[6] = OPCODE_ADDIS (12, 12, (((Elf32_Word) (char *) map
+					   + 0x8000) >> 16));
+
+	  /* Call _dl_runtime_resolve.  */
+	  plt[7] = OPCODE_BCTR ();
+	}
+
+
+      /* Convert the index in r11 into an actual address, and get the
+	 word at that address.  */
+      plt[PLT_LONGBRANCH_ENTRY_WORDS] =
+	OPCODE_ADDIS (11, 11, (((Elf32_Word) (char*) (plt + rel_offset_words)
+				+ 0x8000) >> 16));
+      plt[PLT_LONGBRANCH_ENTRY_WORDS+1] =
+	OPCODE_LWZ (11, (Elf32_Word) (char*) (plt+rel_offset_words), 11);
+
+      /* Call the procedure at that address.  */
+      plt[PLT_LONGBRANCH_ENTRY_WORDS+2] = OPCODE_MTCTR (11);
+      plt[PLT_LONGBRANCH_ENTRY_WORDS+3] = OPCODE_BCTR ();
+
+
+      /* Now, we've modified code (quite a lot of code, possibly).  We
+	 need to write the changes from the data cache to a
+	 second-level unified cache, then make sure that stale data in
+	 the instruction cache is removed.  (In a multiprocessor
+	 system, the effect is more complex.)
+
+	 Assumes the cache line size is at least 32 bytes, or at least
+	 that dcbst and icbi apply to 32-byte lines. At present, all
+	 PowerPC processors have line sizes of exactly 32 bytes.  */
+
+      size_modified = lazy ? rel_offset_words : PLT_INITIAL_ENTRY_WORDS;
+      for (i = 0; i < size_modified; i+=8)
+	PPC_DCBST (plt + i);
+      PPC_SYNC;
+      for (i = 0; i < size_modified; i+=8)
+	PPC_ICBI (plt + i);
+      PPC_ISYNC;
+    }
+
+  return lazy;
+}
+
+void
+__elf_machine_fixup_plt(struct link_map *map, const Elf32_Rela *reloc,
+			Elf32_Addr *reloc_addr, Elf32_Addr finaladdr)
+{
+  Elf32_Sword delta = finaladdr - (Elf32_Word) (char *) reloc_addr;
+  if (delta << 6 >> 6 == delta)
+    *reloc_addr = OPCODE_B (delta);
+  else if (finaladdr <= 0x01fffffc || finaladdr >= 0xfe000000)
+    *reloc_addr = OPCODE_BA (finaladdr);
+  else
+    {
+      Elf32_Word *plt;
+      Elf32_Word index;
+
+      plt = (Elf32_Word *)((char *)map->l_addr
+			   + map->l_info[DT_PLTGOT]->d_un.d_val);
+      index = (reloc_addr - plt - PLT_INITIAL_ENTRY_WORDS)/2;
+      if (index >= PLT_DOUBLE_SIZE)
+	{
+	  /* Slots greater than or equal to 2^13 have 4 words available
+	     instead of two.  */
+	  /* FIXME: There are some possible race conditions in this code,
+	     when called from 'fixup'.
+
+	     1) Suppose that a lazy PLT entry is executing, a context switch
+	     between threads (or a signal) occurs, and the new thread or
+	     signal handler calls the same lazy PLT entry.  Then the PLT entry
+	     would be changed while it's being run, which will cause a segfault
+	     (almost always).
+
+	     2) Suppose the reverse: that a lazy PLT entry is being updated,
+	     a context switch occurs, and the new code calls the lazy PLT
+	     entry that is being updated.  Then the half-fixed PLT entry will
+	     be executed, which will also almost always cause a segfault.
+
+	     These problems don't happen with the 2-word entries, because
+	     only one of the two instructions are changed when a lazy entry
+	     is retargeted at the actual PLT entry; the li instruction stays
+	     the same (we have to update it anyway, because we might not be
+	     updating a lazy PLT entry).  */
+
+	  reloc_addr[0] = OPCODE_LI (11, finaladdr);
+	  reloc_addr[1] = OPCODE_ADDIS (11, 11, finaladdr + 0x8000 >> 16);
+	  reloc_addr[2] = OPCODE_MTCTR (11);
+	  reloc_addr[3] = OPCODE_BCTR ();
+	}
+      else
+	{
+	  Elf32_Word num_plt_entries;
+
+	  num_plt_entries = (map->l_info[DT_PLTRELSZ]->d_un.d_val
+			     / sizeof(Elf32_Rela));
+
+	  plt[index+PLT_DATA_START_WORDS (num_plt_entries)] = finaladdr;
+	  reloc_addr[0] = OPCODE_LI (11, index*4);
+	  reloc_addr[1] = OPCODE_B (-(4*(index*2
+					 + 1
+					 - PLT_LONGBRANCH_ENTRY_WORDS
+					 + PLT_INITIAL_ENTRY_WORDS)));
+	}
+    }
+  MODIFIED_CODE (reloc_addr);
+}
+
+void
+__process_machine_rela (struct link_map *map,
+			const Elf32_Rela *reloc,
+			const Elf32_Sym *sym,
+			const Elf32_Sym *refsym,
+			Elf32_Addr *const reloc_addr,
+			Elf32_Addr const finaladdr,
+			int rinfo)
+{
+  switch (rinfo)
+    {
+    case R_PPC_NONE:
+      return;
+
+    case R_PPC_ADDR32:
+    case R_PPC_UADDR32:
+    case R_PPC_GLOB_DAT:
+    case R_PPC_RELATIVE:
+      *reloc_addr = finaladdr;
+      return;
+
+    case R_PPC_ADDR24:
+      if (finaladdr > 0x01fffffc && finaladdr < 0xfe000000)
+	{
+	  _dl_signal_error(0, map->l_name,
+			   "R_PPC_ADDR24 relocation out of range");
+	}
+      *reloc_addr = *reloc_addr & 0xfc000003 | finaladdr & 0x3fffffc;
+      break;
+
+    case R_PPC_ADDR16:
+    case R_PPC_UADDR16:
+      if (finaladdr > 0x7fff && finaladdr < 0x8000)
+	{
+	  _dl_signal_error(0, map->l_name,
+			   "R_PPC_ADDR16 relocation out of range");
+	}
+      *(Elf32_Half*) reloc_addr = finaladdr;
+      break;
+
+    case R_PPC_ADDR16_LO:
+      *(Elf32_Half*) reloc_addr = finaladdr;
+      break;
+
+    case R_PPC_ADDR16_HI:
+      *(Elf32_Half*) reloc_addr = finaladdr >> 16;
+      break;
+
+    case R_PPC_ADDR16_HA:
+      *(Elf32_Half*) reloc_addr = (finaladdr + 0x8000) >> 16;
+      break;
+
+    case R_PPC_ADDR14:
+    case R_PPC_ADDR14_BRTAKEN:
+    case R_PPC_ADDR14_BRNTAKEN:
+      if (finaladdr > 0x7fff && finaladdr < 0x8000)
+	{
+	  _dl_signal_error(0, map->l_name,
+			   "R_PPC_ADDR14 relocation out of range");
+	}
+      *reloc_addr = *reloc_addr & 0xffff0003 | finaladdr & 0xfffc;
+      if (rinfo != R_PPC_ADDR14)
+	*reloc_addr = (*reloc_addr & 0xffdfffff
+		       | (rinfo == R_PPC_ADDR14_BRTAKEN
+			  ^ finaladdr >> 31) << 21);
+      break;
+
+    case R_PPC_REL24:
+      {
+	Elf32_Sword delta = finaladdr - (Elf32_Word) (char *) reloc_addr;
+	if (delta << 6 >> 6 != delta)
+	  {
+	    _dl_signal_error(0, map->l_name,
+			     "R_PPC_REL24 relocation out of range");
+	  }
+	*reloc_addr = *reloc_addr & 0xfc000003 | delta & 0x3fffffc;
+      }
+      break;
+
+    case R_PPC_COPY:
+      if (sym == NULL)
+	/* This can happen in trace mode when an object could not be
+	   found.  */
+	return;
+      if (sym->st_size > refsym->st_size
+	  || (_dl_verbose && sym->st_size < refsym->st_size))
+	{
+	  const char *strtab;
+
+	  strtab = ((void *) map->l_addr
+		    + map->l_info[DT_STRTAB]->d_un.d_ptr);
+	  _dl_sysdep_error (_dl_argv[0] ?: "<program name unknown>",
+			    ": Symbol `", strtab + refsym->st_name,
+			    "' has different size in shared object, "
+			    "consider re-linking\n", NULL);
+	}
+      memcpy (reloc_addr, (char *) finaladdr, MIN (sym->st_size,
+						   refsym->st_size));
+      return;
+
+    case R_PPC_REL32:
+      *reloc_addr = finaladdr - (Elf32_Word) (char *) reloc_addr;
+      return;
+
+    case R_PPC_JMP_SLOT:
+      elf_machine_fixup_plt(map, reloc, reloc_addr, finaladdr);
+      return;
+
+    default:
+      _dl_sysdep_error (_dl_argv[0] ?: "<program name unknown>",
+			": Unknown relocation type\n", NULL);
+      return;
+    }
+
+  MODIFIED_CODE_NOQUEUE (reloc_addr);
+}
diff --git a/sysdeps/powerpc/dl-machine.h b/sysdeps/powerpc/dl-machine.h
index ab75aa1390..bb449a9d34 100644
--- a/sysdeps/powerpc/dl-machine.h
+++ b/sysdeps/powerpc/dl-machine.h
@@ -23,57 +23,9 @@
 #define ELF_MACHINE_NAME "powerpc"
 
 #include <assert.h>
-#include <string.h>
-#include <link.h>
-#include <sys/param.h>
-
-
-/* stuff for the PLT */
-#define PLT_INITIAL_ENTRY_WORDS 18
-#define PLT_LONGBRANCH_ENTRY_WORDS 10
-#define PLT_DOUBLE_SIZE (1<<13)
-#define PLT_ENTRY_START_WORDS(entry_number) \
-  (PLT_INITIAL_ENTRY_WORDS + (entry_number)*2 + \
-   ((entry_number) > PLT_DOUBLE_SIZE ? \
-    ((entry_number) - PLT_DOUBLE_SIZE)*2 : \
-    0))
-#define PLT_DATA_START_WORDS(num_entries) PLT_ENTRY_START_WORDS(num_entries)
-
-#define OPCODE_ADDI(rd,ra,simm) \
-  (0x38000000 | (rd) << 21 | (ra) << 16 | (simm) & 0xffff)
-#define OPCODE_ADDIS(rd,ra,simm) \
-  (0x3c000000 | (rd) << 21 | (ra) << 16 | (simm) & 0xffff)
-#define OPCODE_ADD(rd,ra,rb) \
-  (0x7c000214 | (rd) << 21 | (ra) << 16 | (rb) << 11)
-#define OPCODE_B(target) (0x48000000 | (target) & 0x03fffffc)
-#define OPCODE_BA(target) (0x48000002 | (target) & 0x03fffffc)
-#define OPCODE_BCTR() 0x4e800420
-#define OPCODE_LWZ(rd,d,ra) \
-  (0x80000000 | (rd) << 21 | (ra) << 16 | (d) & 0xffff)
-#define OPCODE_MTCTR(rd) (0x7C0903A6 | (rd) << 21)
-#define OPCODE_RLWINM(ra,rs,sh,mb,me) \
-  (0x54000000 | (rs) << 21 | (ra) << 16 | (sh) << 11 | (mb) << 6 | (me) << 1)
-
-#define OPCODE_LI(rd,simm)    OPCODE_ADDI(rd,0,simm)
-#define OPCODE_SLWI(ra,rs,sh) OPCODE_RLWINM(ra,rs,sh,0,31-sh)
-
-#define PPC_DCBST(where) asm volatile ("dcbst 0,%0" : : "r"(where))
-#define PPC_SYNC asm volatile ("sync")
-#define PPC_ISYNC asm volatile ("sync; isync")
-#define PPC_ICBI(where) asm volatile ("icbi 0,%0" : : "r"(where))
-#define PPC_DIE asm volatile ("tweq 0,0")
-
-/* Use this when you've modified some code, but it won't be in the
-   instruction fetch queue (or when it doesn't matter if it is). */
-#define MODIFIED_CODE_NOQUEUE(where) \
-     do { PPC_DCBST(where); PPC_SYNC; PPC_ICBI(where); } while (0)
-/* Use this when it might be in the instruction queue. */
-#define MODIFIED_CODE(where) \
-     do { PPC_DCBST(where); PPC_SYNC; PPC_ICBI(where); PPC_ISYNC; } while (0)
-
 
 /* Return nonzero iff E_MACHINE is compatible with the running host.  */
-static inline int
+extern inline int
 elf_machine_matches_host (Elf32_Half e_machine)
 {
   return e_machine == EM_PPC;
@@ -82,7 +34,7 @@ elf_machine_matches_host (Elf32_Half e_machine)
 
 /* Return the link-time address of _DYNAMIC, stored as
    the first value in the GOT. */
-static inline Elf32_Addr
+extern inline Elf32_Addr
 elf_machine_dynamic (void)
 {
   Elf32_Addr *got;
@@ -248,150 +200,16 @@ _dl_prof_resolve:
 	.previous
 ");
 
-/* Initial entry point code for the dynamic linker.
-   The C function `_dl_start' is the real entry point;
-   its return value is the user program's entry point.	*/
-#define RTLD_START \
-static ElfW(Addr) _dl_start (void *arg) __attribute__((unused)); \
-asm ("\
-	.section \".text\"
-	.align 2
-	.globl _start
-	.type _start,@function
-_start:
- # We start with the following on the stack, from top:
- # argc (4 bytes);
- # arguments for program (terminated by NULL);
- # environment variables (terminated by NULL);
- # arguments for the program loader.
- # FIXME: perhaps this should do the same trick as elf/start.c?
-
- # Call _dl_start with one parameter pointing at argc
-	mr   3,1
- #  (we have to frob the stack pointer a bit to allow room for
- #   _dl_start to save the link register)
-	li   4,0
-	addi 1,1,-16
-	stw  4,0(1)
-	bl   _dl_start@local
-
- # Now, we do our main work of calling initialisation procedures.
- # The ELF ABI doesn't say anything about parameters for these,
- # so we just pass argc, argv, and the environment.
- # Changing these is strongly discouraged (not least because argc is
- # passed by value!).
-
- #  Put our GOT pointer in r31,
-	bl   _GLOBAL_OFFSET_TABLE_-4@local
-	mflr 31
- #  the address of _start in r30,
-	mr   30,3
- #  &_dl_argc in 29, &_dl_argv in 27, and _dl_default_scope in 28.
-	lwz  28,_dl_default_scope@got(31)
-	lwz  29,_dl_argc@got(31)
-	lwz  27,_dl_argv@got(31)
-0:
- #  Set initfunc = _dl_init_next(_dl_default_scope[2])
-	lwz  3,8(28)
-	bl   _dl_init_next@plt
- # If initfunc is NULL, we exit the loop; otherwise,
-	cmpwi 3,0
-	beq  1f
- # call initfunc(_dl_argc, _dl_argv, _dl_argv+_dl_argc+1)
-	mtlr 3
-	lwz  3,0(29)
-	lwz  4,0(27)
-	slwi 5,3,2
-	add  5,4,5
-	addi 5,5,4
-	blrl
- # and loop.
-	b    0b
-1:
- # Now, to conform to the ELF ABI, we have to:
- # Pass argc (actually _dl_argc) in r3;
-	lwz  3,0(29)
- # pass argv (actually _dl_argv) in r4;
-	lwz  4,0(27)
- # pass envp (actually _dl_argv+_dl_argc+1) in r5;
-	slwi 5,3,2
-	add  6,4,5
-	addi 5,6,4
- # pass the auxilary vector in r6. This is passed to us just after _envp.
-2:	lwzu 0,4(6)
-	cmpwi 0,0,0
-	bne  2b
-	addi 6,6,4
- # Pass a termination function pointer (in this case _dl_fini) in r7.
-	lwz  7,_dl_fini@got(31)
- # Now, call the start function in r30...
-	mtctr 30
-	lwz  26,_dl_starting_up@got(31)
- # Pass the stack pointer in r1 (so far so good), pointing to a NULL value.
- # (This lets our startup code distinguish between a program linked statically,
- # which linux will call with argc on top of the stack which will hopefully
- # never be zero, and a dynamically linked program which will always have
- # a NULL on the top of the stack).
- # Take the opportunity to clear LR, so anyone who accidentally returns
- # from _start gets SEGV.  Also clear the next few words of the stack.
-	li   31,0
-	stw  31,0(1)
-	mtlr 31
-	stw  31,4(1)
- 	stw  31,8(1)
-	stw  31,12(1)
- # Clear _dl_starting_up.
-	stw  31,0(26)
- # Go do it!
-	bctr
-0:
-	.size	 _start,0b-_start
- # Undo '.section text'.
-	.previous
-");
+/* The actual _start code is in dl-start.S.  Use a really
+   ugly bit of assembler to let dl-start.o see _dl_start.  */
+#define RTLD_START asm (".globl _dl_start");
 
-/* The idea here is that to conform to the ABI, we are supposed to try
-   to load dynamic objects between 0x10000 (we actually use 0x40000 as
-   the lower bound, to increase the chance of a memory reference from
-   a null pointer giving a segfault) and the program's load address.
-   Regrettably, in this code we can't find the program's load address,
-   so we punt and choose 0x01800000, which is below the ABI's
-   recommended default, and what GNU ld currently chooses. We only use
-   the address as a preference for mmap, so if we get it wrong the
-   worst that happens is that it gets mapped somewhere else.
-
-   FIXME: Unfortunately, 'somewhere else' is probably right after the
-   program's break, which causes malloc to fail.  We really need more
-   information here about the way memory is mapped.  */
-
-#define ELF_PREFERRED_ADDRESS_DATA					      \
-static ElfW(Addr) _dl_preferred_address = 1
-
-#define ELF_PREFERRED_ADDRESS(loader, maplength, mapstartpref)		      \
-( {									      \
-   ElfW(Addr) prefd;							      \
-   if (mapstartpref != 0 && _dl_preferred_address == 1)			      \
-     _dl_preferred_address = mapstartpref;				      \
-   if (mapstartpref != 0)						      \
-     prefd = mapstartpref;						      \
-   else if (_dl_preferred_address == 1)					      \
-     prefd = _dl_preferred_address =					      \
-	  (0x01800000 - maplength - 0x10000) &				      \
-	   ~(_dl_pagesize - 1);						      \
-   else if (_dl_preferred_address < maplength + 0x50000)		      \
-     prefd = 0;								      \
-   else									      \
-     prefd = _dl_preferred_address =					      \
-       ((_dl_preferred_address - maplength - 0x10000)			      \
-	& ~(_dl_pagesize - 1));						      \
-   prefd;								      \
-} )
-
-#define ELF_FIXED_ADDRESS(loader, mapstart)				      \
-( {									      \
-   if (mapstart != 0 && _dl_preferred_address == 1)			      \
-     _dl_preferred_address = mapstart;					      \
-} )
+/* Decide where a relocatable object should be loaded.  */
+extern ElfW(Addr)
+__elf_preferred_address(struct link_map *loader, size_t maplength,
+			ElfW(Addr) mapstartpref);
+#define ELF_PREFERRED_ADDRESS(loader, maplength, mapstartpref) \
+  __elf_preferred_address (loader, maplength, mapstartpref)
 
 /* Nonzero iff TYPE should not be allowed to resolve to one of
    the main executable's symbols, as for a COPY reloc.  */
@@ -417,203 +235,25 @@ static ElfW(Addr) _dl_preferred_address = 1
    entries will jump to the on-demand fixup code in dl-runtime.c.
    Also install a small trampoline to be used by entries that have
    been relocated to an address too far away for a single branch.  */
+extern int __elf_machine_runtime_setup (struct link_map *map,
+					int lazy, int profile);
+#define elf_machine_runtime_setup __elf_machine_runtime_setup
 
-/* A PLT entry does one of three things:
-   (i)   Jumps to the actual routine. Such entries are set up above, in
-         elf_machine_rela.
-
-   (ii)  Jumps to the actual routine via glue at the start of the PLT.
-         We do this by putting the address of the routine in space
-         allocated at the end of the PLT, and when the PLT entry is
-         called we load the offset of that word (from the start of the
-         space) into r11, then call the glue, which loads the word and
-         branches to that address. These entries are set up in
-         elf_machine_rela, but the glue is set up here.
-
-   (iii) Loads the index of this PLT entry (we count the double-size
-	 entries as one entry for this purpose) into r11, then
-	 branches to code at the start of the PLT. This code then
-	 calls `fixup', in dl-runtime.c, via the glue in the macro
-	 ELF_MACHINE_RUNTIME_TRAMPOLINE, which resets the PLT entry to
-	 be one of the above two types. These entries are set up here.  */
-static inline int
-elf_machine_runtime_setup (struct link_map *map, int lazy, int profile)
-{
-  if (map->l_info[DT_JMPREL])
-    {
-      Elf32_Word i;
-      /* Fill in the PLT. Its initial contents are directed to a
-	 function earlier in the PLT which arranges for the dynamic
-	 linker to be called back.  */
-      Elf32_Word *plt = (Elf32_Word *) ((char *) map->l_addr
-					+ map->l_info[DT_PLTGOT]->d_un.d_val);
-      Elf32_Word num_plt_entries = (map->l_info[DT_PLTRELSZ]->d_un.d_val
-				    / sizeof (Elf32_Rela));
-      Elf32_Word rel_offset_words = PLT_DATA_START_WORDS (num_plt_entries);
-      Elf32_Word size_modified;
-      extern void _dl_runtime_resolve (void);
-      extern void _dl_prof_resolve (void);
-      Elf32_Word dlrr;
-
-      dlrr = (Elf32_Word)(char *)(profile
-				  ? _dl_prof_resolve
-				  : _dl_runtime_resolve);
-
-      if (lazy)
-	for (i = 0; i < num_plt_entries; i++)
-	{
-	  Elf32_Word offset = PLT_ENTRY_START_WORDS (i);
-
-	  if (i >= PLT_DOUBLE_SIZE)
-	    {
-	      plt[offset  ] = OPCODE_LI (11, i * 4);
-	      plt[offset+1] = OPCODE_ADDIS (11, 11, (i * 4 + 0x8000) >> 16);
-	      plt[offset+2] = OPCODE_B (-(4 * (offset + 2)));
-	    }
-	  else
-	    {
-	      plt[offset  ] = OPCODE_LI (11, i * 4);
-	      plt[offset+1] = OPCODE_B (-(4 * (offset + 1)));
-	    }
-	}
-
-      /* Multiply index of entry by 3 (in r11).  */
-      plt[0] = OPCODE_SLWI (12, 11, 1);
-      plt[1] = OPCODE_ADD (11, 12, 11);
-      if (dlrr <= 0x01fffffc || dlrr >= 0xfe000000)
-	{
-	  /* Load address of link map in r12.  */
-	  plt[2] = OPCODE_LI (12, (Elf32_Word) (char *) map);
-	  plt[3] = OPCODE_ADDIS (12, 12, (((Elf32_Word) (char *) map
-					   + 0x8000) >> 16));
-
-	  /* Call _dl_runtime_resolve.  */
-	  plt[4] = OPCODE_BA (dlrr);
-	}
-      else
-	{
-	  /* Get address of _dl_runtime_resolve in CTR.  */
-	  plt[2] = OPCODE_LI (12, dlrr);
-	  plt[3] = OPCODE_ADDIS (12, 12, (dlrr + 0x8000) >> 16);
-	  plt[4] = OPCODE_MTCTR (12);
-
-	  /* Load address of link map in r12.  */
-	  plt[5] = OPCODE_LI (12, (Elf32_Word) (char *) map);
-	  plt[6] = OPCODE_ADDIS (12, 12, (((Elf32_Word) (char *) map
-					   + 0x8000) >> 16));
-
-	  /* Call _dl_runtime_resolve.  */
-	  plt[7] = OPCODE_BCTR ();
-	}
-
-
-      /* Convert the index in r11 into an actual address, and get the
-	 word at that address.  */
-      plt[PLT_LONGBRANCH_ENTRY_WORDS] =
-	OPCODE_ADDIS (11, 11, (((Elf32_Word) (char*) (plt + rel_offset_words)
-				+ 0x8000) >> 16));
-      plt[PLT_LONGBRANCH_ENTRY_WORDS+1] =
-	OPCODE_LWZ (11, (Elf32_Word) (char*) (plt+rel_offset_words), 11);
-
-      /* Call the procedure at that address.  */
-      plt[PLT_LONGBRANCH_ENTRY_WORDS+2] = OPCODE_MTCTR (11);
-      plt[PLT_LONGBRANCH_ENTRY_WORDS+3] = OPCODE_BCTR ();
-
-
-      /* Now, we've modified code (quite a lot of code, possibly).  We
-	 need to write the changes from the data cache to a
-	 second-level unified cache, then make sure that stale data in
-	 the instruction cache is removed.  (In a multiprocessor
-	 system, the effect is more complex.)
-
-	 Assumes the cache line size is at least 32 bytes, or at least
-	 that dcbst and icbi apply to 32-byte lines. At present, all
-	 PowerPC processors have line sizes of exactly 32 bytes.  */
-
-      size_modified = lazy ? rel_offset_words : PLT_INITIAL_ENTRY_WORDS;
-      for (i = 0; i < size_modified; i+=8)
-	PPC_DCBST (plt + i);
-      PPC_SYNC;
-      for (i = 0; i < size_modified; i+=8)
-	PPC_ICBI (plt + i);
-      PPC_ISYNC;
-    }
-
-  return lazy;
-}
-
-static inline void
+extern inline void
 elf_machine_lazy_rel (Elf32_Addr l_addr, const Elf32_Rela *reloc)
 {
   /* elf_machine_runtime_setup handles this. */
 }
 
-static inline void
-elf_machine_fixup_plt(struct link_map *map, const Elf32_Rela *reloc,
-                      Elf32_Addr *reloc_addr, Elf32_Addr finaladdr)
-{
-  Elf32_Sword delta = finaladdr - (Elf32_Word) (char *) reloc_addr;
-  if (delta << 6 >> 6 == delta)
-    *reloc_addr = OPCODE_B (delta);
-  else if (finaladdr <= 0x01fffffc || finaladdr >= 0xfe000000)
-    *reloc_addr = OPCODE_BA (finaladdr);
-  else
-    {
-      Elf32_Word *plt;
-      Elf32_Word index;
-
-      plt = (Elf32_Word *)((char *)map->l_addr
-			   + map->l_info[DT_PLTGOT]->d_un.d_val);
-      index = (reloc_addr - plt - PLT_INITIAL_ENTRY_WORDS)/2;
-      if (index >= PLT_DOUBLE_SIZE)
-	{
-	  /* Slots greater than or equal to 2^13 have 4 words available
-	     instead of two.  */
-	  /* FIXME: There are some possible race conditions in this code,
-	     when called from 'fixup'.
-
-	     1) Suppose that a lazy PLT entry is executing, a context switch
-	     between threads (or a signal) occurs, and the new thread or
-	     signal handler calls the same lazy PLT entry.  Then the PLT entry
-	     would be changed while it's being run, which will cause a segfault
-	     (almost always).
-
-	     2) Suppose the reverse: that a lazy PLT entry is being updated,
-	     a context switch occurs, and the new code calls the lazy PLT
-	     entry that is being updated.  Then the half-fixed PLT entry will
-	     be executed, which will also almost always cause a segfault.
-
-	     These problems don't happen with the 2-word entries, because
-	     only one of the two instructions are changed when a lazy entry
-	     is retargeted at the actual PLT entry; the li instruction stays
-	     the same (we have to update it anyway, because we might not be
-	     updating a lazy PLT entry).  */
-
-	  reloc_addr[0] = OPCODE_LI (11, finaladdr);
-	  reloc_addr[1] = OPCODE_ADDIS (11, 11, finaladdr + 0x8000 >> 16);
-	  reloc_addr[2] = OPCODE_MTCTR (11);
-	  reloc_addr[3] = OPCODE_BCTR ();
-	}
-      else
-	{
-	  Elf32_Word num_plt_entries;
-
-	  num_plt_entries = (map->l_info[DT_PLTRELSZ]->d_un.d_val
-			     / sizeof(Elf32_Rela));
-
-	  plt[index+PLT_DATA_START_WORDS (num_plt_entries)] = finaladdr;
-	  reloc_addr[0] = OPCODE_LI (11, index*4);
-	  reloc_addr[1] = OPCODE_B (-(4*(index*2
-					 + 1
-					 - PLT_LONGBRANCH_ENTRY_WORDS
-					 + PLT_INITIAL_ENTRY_WORDS)));
-	}
-    }
-  MODIFIED_CODE (reloc_addr);
-}
+/* Change the PLT entry whose reloc is 'reloc' to call the actual routine.  */
+extern void __elf_machine_fixup_plt(struct link_map *map,
+				    const Elf32_Rela *reloc,
+				    Elf32_Addr *reloc_addr,
+				    Elf32_Addr finaladdr);
+#define elf_machine_fixup_plt __elf_machine_fixup_plt
 
 /* Return the final value of a plt relocation.  */
-static inline Elf32_Addr
+extern inline Elf32_Addr
 elf_machine_plt_value (struct link_map *map, const Elf32_Rela *reloc,
 		       Elf32_Addr value)
 {
@@ -624,32 +264,38 @@ elf_machine_plt_value (struct link_map *map, const Elf32_Rela *reloc,
 
 #ifdef RESOLVE
 
+/* Do the actual processing of a reloc, once its target address
+   has been determined.  */
+extern void __process_machine_rela (struct link_map *map,
+				    const Elf32_Rela *reloc,
+				    const Elf32_Sym *sym,
+				    const Elf32_Sym *refsym,
+				    Elf32_Addr *const reloc_addr,
+				    Elf32_Addr finaladdr,
+				    int rinfo);
+
 /* Perform the relocation specified by RELOC and SYM (which is fully resolved).
    LOADADDR is the load address of the object; INFO is an array indexed
    by DT_* of the .dynamic section info.  */
 
-static void
+extern void
 elf_machine_rela (struct link_map *map, const Elf32_Rela *reloc,
 		  const Elf32_Sym *sym, const struct r_found_version *version,
 		  Elf32_Addr *const reloc_addr)
 {
-#ifndef RTLD_BOOTSTRAP
   const Elf32_Sym *const refsym = sym;
-  extern char **_dl_argv;
-#endif
   Elf32_Word loadbase, finaladdr;
   const int rinfo = ELF32_R_TYPE (reloc->r_info);
 
   if (rinfo == R_PPC_NONE)
     return;
 
-  assert (sym != NULL);
   /* The condition on the next two lines is a hack around a bug in Solaris
      tools on Sparc.  It's not clear whether it should really be here at all,
      but if not the binutils need to be changed.  */
-  if ((sym->st_shndx != SHN_UNDEF
-       && ELF32_ST_BIND (sym->st_info) == STB_LOCAL)
-      || rinfo == R_PPC_RELATIVE)
+  if (rinfo == R_PPC_RELATIVE
+      || (sym->st_shndx != SHN_UNDEF
+	  && ELF32_ST_BIND (sym->st_info) == STB_LOCAL))
     {
       /* Has already been relocated.  */
       loadbase = map->l_addr;
@@ -670,99 +316,27 @@ elf_machine_rela (struct link_map *map, const Elf32_Rela *reloc,
 		     + reloc->r_addend);
     }
 
-  /* This is still an if/else if chain because GCC uses the GOT to find
-     the table for table-based switch statements, and we haven't set it
-     up yet.  */
-  if (rinfo == R_PPC_UADDR32 ||
-      rinfo == R_PPC_GLOB_DAT ||
-      rinfo == R_PPC_ADDR32 ||
-      rinfo == R_PPC_RELATIVE)
+  /* A small amount of code is duplicated here for speed.  In libc,
+     more than 90% of the relocs are R_PPC_RELATIVE; in the X11 shared
+     libraries, 60% are R_PPC_RELATIVE, 24% are R_PPC_GLOB_DAT or
+     R_PPC_ADDR32, and 16% are R_PPC_JMP_SLOT (which this routine
+     wouldn't usually handle).  As an bonus, doing this here allows
+     the switch statement in __process_machine_rela to work.  */
+  if (rinfo == R_PPC_RELATIVE
+      || rinfo == R_PPC_GLOB_DAT
+      || rinfo == R_PPC_ADDR32)
     {
       *reloc_addr = finaladdr;
     }
-#ifndef RTLD_BOOTSTRAP
-  else if (rinfo == R_PPC_ADDR16_LO)
-    {
-      *(Elf32_Half*) reloc_addr = finaladdr;
-    }
-  else if (rinfo == R_PPC_ADDR16_HI)
-    {
-      *(Elf32_Half*) reloc_addr = finaladdr >> 16;
-    }
-  else if (rinfo == R_PPC_ADDR16_HA)
-    {
-      *(Elf32_Half*) reloc_addr = (finaladdr + 0x8000) >> 16;
-    }
-  else if (rinfo == R_PPC_REL24)
-    {
-      Elf32_Sword delta = finaladdr - (Elf32_Word) (char *) reloc_addr;
-      if (delta << 6 >> 6 != delta)
-	{
-	  _dl_signal_error(0, map->l_name,
-			   "R_PPC_REL24 relocation out of range");
-	}
-      *reloc_addr = *reloc_addr & 0xfc000003 | delta & 0x3fffffc;
-    }
-  else if (rinfo == R_PPC_ADDR24)
-    {
-      if (finaladdr << 6 >> 6 != finaladdr)
-	{
-	  _dl_signal_error(0, map->l_name,
-			   "R_PPC_ADDR24 relocation out of range");
-	}
-      *reloc_addr = *reloc_addr & 0xfc000003 | finaladdr & 0x3fffffc;
-    }
-  else if (rinfo == R_PPC_COPY)
-    {
-      if (sym == NULL)
-	/* This can happen in trace mode when an object could not be
-	   found.  */
-	return;
-      if (sym->st_size > refsym->st_size
-	  || (_dl_verbose && sym->st_size < refsym->st_size))
-	{
-	  const char *strtab;
-
-	  strtab = ((void *) map->l_addr
-		    + map->l_info[DT_STRTAB]->d_un.d_ptr);
-	  _dl_sysdep_error (_dl_argv[0] ?: "<program name unknown>",
-			    ": Symbol `", strtab + refsym->st_name,
-			    "' has different size in shared object, "
-			    "consider re-linking\n", NULL);
-	}
-      memcpy (reloc_addr, (char *) finaladdr, MIN (sym->st_size,
-						   refsym->st_size));
-    }
-#endif
-  else if (rinfo == R_PPC_REL32)
-    {
-      *reloc_addr = finaladdr - (Elf32_Word) (char *) reloc_addr;
-    }
-  else if (rinfo == R_PPC_JMP_SLOT)
-    {
-      elf_machine_fixup_plt (map, reloc, reloc_addr, finaladdr);
-    }
   else
-    {
-#ifdef RTLD_BOOTSTRAP
-      PPC_DIE;  /* There is no point calling _dl_sysdep_error, it
-		   almost certainly hasn't been relocated properly.  */
-#else
-      _dl_sysdep_error (_dl_argv[0] ?: "<program name unknown>",
-			": Unknown relocation type\n", NULL);
-#endif
-    }
-
-#ifndef RTLD_BOOTSTRAP
-  if (rinfo == R_PPC_ADDR16_LO ||
-      rinfo == R_PPC_ADDR16_HI ||
-      rinfo == R_PPC_ADDR16_HA ||
-      rinfo == R_PPC_REL24 ||
-      rinfo == R_PPC_ADDR24)
-    MODIFIED_CODE_NOQUEUE (reloc_addr);
-#endif
+    __process_machine_rela (map, reloc, sym, refsym,
+			    reloc_addr, finaladdr, rinfo);
 }
 
 #define ELF_MACHINE_NO_REL 1
 
+/* The SVR4 ABI specifies that the JMPREL relocs must be inside the
+   DT_RELA table.  */
+#define ELF_MACHINE_PLTREL_OVERLAP 1
+
 #endif /* RESOLVE */
diff --git a/sysdeps/powerpc/dl-start.S b/sysdeps/powerpc/dl-start.S
new file mode 100644
index 0000000000..91c0896a8f
--- /dev/null
+++ b/sysdeps/powerpc/dl-start.S
@@ -0,0 +1,111 @@
+/* Machine-dependent ELF startup code.  PowerPC version.
+   Copyright (C) 1995, 1996, 1997, 1998 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Library General Public License as
+   published by the Free Software Foundation; either version 2 of the
+   License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Library General Public License for more details.
+
+   You should have received a copy of the GNU Library General Public
+   License along with the GNU C Library; see the file COPYING.LIB.  If not,
+   write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+   Boston, MA 02111-1307, USA.  */
+
+#include <sysdep.h>
+
+/* Initial entry point code for the dynamic linker.
+   The C function `_dl_start' is the real entry point;
+   its return value is the user program's entry point.	*/
+ENTRY(_start)
+/* We start with the following on the stack, from top:
+   argc (4 bytes);
+   arguments for program (terminated by NULL);
+   environment variables (terminated by NULL);
+   arguments for the program loader. */
+
+/* Call _dl_start with one parameter pointing at argc */
+	mr	%r3,%r1
+/* (we have to frob the stack pointer a bit to allow room for
+   _dl_start to save the link register).  */
+	li	%r4,0
+	addi	%r1,%r1,-16
+	stw	%r4,0(%r1)
+	bl	_dl_start@local
+
+/* Now, we do our main work of calling initialisation procedures.
+   The ELF ABI doesn't say anything about parameters for these,
+   so we just pass argc, argv, and the environment.
+   Changing these is strongly discouraged (not least because argc is
+   passed by value!).  */
+
+/*  Put our GOT pointer in r31, */
+	bl	_GLOBAL_OFFSET_TABLE_-4@local
+	mflr	%r31
+/*  the address of _start in r30, */
+	mr	%r30,%r3
+/*  &_dl_argc in 29, &_dl_argv in 27, and _dl_default_scope in 28.  */
+	lwz	%r28,_dl_default_scope@got(%r31)
+	lwz	%r29,_dl_argc@got(%r31)
+	lwz	%r27,_dl_argv@got(%r31)
+0:
+/*  Set initfunc = _dl_init_next(_dl_default_scope[2]) */
+	lwz	%r3,8(%r28)
+	bl	_dl_init_next@plt
+/* If initfunc is NULL, we exit the loop; otherwise, */
+	cmpwi	%r3,0
+	beq	1f
+/* call initfunc(_dl_argc, _dl_argv, _dl_argv+_dl_argc+1) */
+	mtlr	%r3
+	lwz	%r3,0(%r29)
+	lwz	%r4,0(%r27)
+	slwi	%r5,%r3,2
+	add	%r5,%r4,%r5
+	addi	%r5,%r5,4
+	blrl
+/* and loop.  */
+	b	0b
+1:
+/* Now, to conform to the ELF ABI, we have to: */
+/* Pass argc (actually _dl_argc) in r3; */
+	lwz	%r3,0(%r29)
+/* pass argv (actually _dl_argv) in r4; */
+	lwz	%r4,0(%r27)
+/* pass envp (actually _dl_argv+_dl_argc+1) in r5; */
+	slwi	%r5,%r3,2
+	add	%r6,%r4,%r5
+	addi	%r5,%r6,4
+/* pass the auxilary vector in r6. This is passed to us just after _envp.  */
+2:	lwzu	%r0,4(%r6)
+	cmpwi	%r0,0
+	bne	2b
+	addi	%r6,%r6,4
+/* Pass a termination function pointer (in this case _dl_fini) in r7.  */
+	lwz	%r7,_dl_fini@got(%r31)
+/* Now, call the start function in r30... */
+	mtctr	%r30
+	lwz	%r26,_dl_starting_up@got(%r31)
+/* Pass the stack pointer in r1 (so far so good), pointing to a NULL value.
+   (This lets our startup code distinguish between a program linked statically,
+   which linux will call with argc on top of the stack which will hopefully
+   never be zero, and a dynamically linked program which will always have
+   a NULL on the top of the stack).
+   Take the opportunity to clear LR, so anyone who accidentally returns
+   from _start gets SEGV.  Also clear the next few words of the stack.  */
+
+	li	%r31,0
+	stw	%r31,0(%r1)
+	mtlr	%r31
+	stw	%r31,4(%r1)
+	stw	%r31,8(%r1)
+	stw	%r31,12(%r1)
+/* Clear _dl_starting_up.  */
+	stw	%r31,0(%r26)
+/* Go do it!  */
+	bctr
+END(_start)