2 * linux/fs/binfmt_elf.c
4 * These are the functions used to load ELF format executables as used
5 * on SVr4 machines. Information on the format may be found in the book
6 * "UNIX SYSTEM V RELEASE 4 Programmers Guide: Ansi C and Programming Support
9 * Copyright 1993, 1994: Eric Youngdale (ericy@cais.com).
12 #include <linux/module.h>
13 #include <linux/kernel.h>
16 #include <linux/mman.h>
17 #include <linux/errno.h>
18 #include <linux/signal.h>
19 #include <linux/binfmts.h>
20 #include <linux/string.h>
21 #include <linux/file.h>
22 #include <linux/slab.h>
23 #include <linux/personality.h>
24 #include <linux/elfcore.h>
25 #include <linux/init.h>
26 #include <linux/highuid.h>
27 #include <linux/compiler.h>
28 #include <linux/highmem.h>
29 #include <linux/pagemap.h>
30 #include <linux/vmalloc.h>
31 #include <linux/security.h>
32 #include <linux/random.h>
33 #include <linux/elf.h>
34 #include <linux/elf-randomize.h>
35 #include <linux/utsname.h>
36 #include <linux/coredump.h>
37 #include <linux/sched.h>
38 #include <linux/sched/coredump.h>
39 #include <linux/sched/task_stack.h>
40 #include <linux/sched/cputime.h>
41 #include <linux/cred.h>
42 #include <linux/dax.h>
43 #include <linux/uaccess.h>
44 #include <asm/param.h>
48 #define user_long_t long
50 #ifndef user_siginfo_t
51 #define user_siginfo_t siginfo_t
54 /* That's for binfmt_elf_fdpic to deal with */
55 #ifndef elf_check_fdpic
56 #define elf_check_fdpic(ex) false
59 static int load_elf_binary(struct linux_binprm *bprm);
62 static int load_elf_library(struct file *);
64 #define load_elf_library NULL
68 * If we don't support core dumping, then supply a NULL so we
71 #ifdef CONFIG_ELF_CORE
72 static int elf_core_dump(struct coredump_params *cprm);
74 #define elf_core_dump NULL
77 #if ELF_EXEC_PAGESIZE > PAGE_SIZE
78 #define ELF_MIN_ALIGN ELF_EXEC_PAGESIZE
80 #define ELF_MIN_ALIGN PAGE_SIZE
83 #ifndef ELF_CORE_EFLAGS
84 #define ELF_CORE_EFLAGS 0
87 #define ELF_PAGESTART(_v) ((_v) & ~(unsigned long)(ELF_MIN_ALIGN-1))
88 #define ELF_PAGEOFFSET(_v) ((_v) & (ELF_MIN_ALIGN-1))
89 #define ELF_PAGEALIGN(_v) (((_v) + ELF_MIN_ALIGN - 1) & ~(ELF_MIN_ALIGN - 1))
91 static struct linux_binfmt elf_format = {
92 .module = THIS_MODULE,
93 .load_binary = load_elf_binary,
94 .load_shlib = load_elf_library,
95 .core_dump = elf_core_dump,
96 .min_coredump = ELF_EXEC_PAGESIZE,
99 #define BAD_ADDR(x) ((unsigned long)(x) >= TASK_SIZE)
101 static int set_brk(unsigned long start, unsigned long end, int prot)
103 start = ELF_PAGEALIGN(start);
104 end = ELF_PAGEALIGN(end);
107 * Map the last of the bss segment.
108 * If the header is requesting these pages to be
109 * executable, honour that (ppc32 needs this).
111 int error = vm_brk_flags(start, end - start,
112 prot & PROT_EXEC ? VM_EXEC : 0);
116 current->mm->start_brk = current->mm->brk = end;
120 /* We need to explicitly zero any fractional pages
121 after the data section (i.e. bss). This would
122 contain the junk from the file that should not
125 static int padzero(unsigned long elf_bss)
129 nbyte = ELF_PAGEOFFSET(elf_bss);
131 nbyte = ELF_MIN_ALIGN - nbyte;
132 if (clear_user((void __user *) elf_bss, nbyte))
138 /* Let's use some macros to make this stack manipulation a little clearer */
139 #ifdef CONFIG_STACK_GROWSUP
140 #define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) + (items))
141 #define STACK_ROUND(sp, items) \
142 ((15 + (unsigned long) ((sp) + (items))) &~ 15UL)
143 #define STACK_ALLOC(sp, len) ({ \
144 elf_addr_t __user *old_sp = (elf_addr_t __user *)sp; sp += len; \
147 #define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) - (items))
148 #define STACK_ROUND(sp, items) \
149 (((unsigned long) (sp - items)) &~ 15UL)
150 #define STACK_ALLOC(sp, len) ({ sp -= len ; sp; })
153 #ifndef ELF_BASE_PLATFORM
155 * AT_BASE_PLATFORM indicates the "real" hardware/microarchitecture.
156 * If the arch defines ELF_BASE_PLATFORM (in asm/elf.h), the value
157 * will be copied to the user stack in the same manner as AT_PLATFORM.
159 #define ELF_BASE_PLATFORM NULL
163 create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
164 unsigned long load_addr, unsigned long interp_load_addr)
166 unsigned long p = bprm->p;
167 int argc = bprm->argc;
168 int envc = bprm->envc;
169 elf_addr_t __user *sp;
170 elf_addr_t __user *u_platform;
171 elf_addr_t __user *u_base_platform;
172 elf_addr_t __user *u_rand_bytes;
173 const char *k_platform = ELF_PLATFORM;
174 const char *k_base_platform = ELF_BASE_PLATFORM;
175 unsigned char k_rand_bytes[16];
177 elf_addr_t *elf_info;
179 const struct cred *cred = current_cred();
180 struct vm_area_struct *vma;
183 * In some cases (e.g. Hyper-Threading), we want to avoid L1
184 * evictions by the processes running on the same package. One
185 * thing we can do is to shuffle the initial stack for them.
188 p = arch_align_stack(p);
191 * If this architecture has a platform capability string, copy it
192 * to userspace. In some cases (Sparc), this info is impossible
193 * for userspace to get any other way, in others (i386) it is
198 size_t len = strlen(k_platform) + 1;
200 u_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
201 if (__copy_to_user(u_platform, k_platform, len))
206 * If this architecture has a "base" platform capability
207 * string, copy it to userspace.
209 u_base_platform = NULL;
210 if (k_base_platform) {
211 size_t len = strlen(k_base_platform) + 1;
213 u_base_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
214 if (__copy_to_user(u_base_platform, k_base_platform, len))
219 * Generate 16 random bytes for userspace PRNG seeding.
221 get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes));
222 u_rand_bytes = (elf_addr_t __user *)
223 STACK_ALLOC(p, sizeof(k_rand_bytes));
224 if (__copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes)))
227 /* Create the ELF interpreter info */
228 elf_info = (elf_addr_t *)current->mm->saved_auxv;
229 /* update AT_VECTOR_SIZE_BASE if the number of NEW_AUX_ENT() changes */
230 #define NEW_AUX_ENT(id, val) \
232 elf_info[ei_index++] = id; \
233 elf_info[ei_index++] = val; \
238 * ARCH_DLINFO must come first so PPC can do its special alignment of
240 * update AT_VECTOR_SIZE_ARCH if the number of NEW_AUX_ENT() in
241 * ARCH_DLINFO changes
245 NEW_AUX_ENT(AT_HWCAP, ELF_HWCAP);
246 NEW_AUX_ENT(AT_PAGESZ, ELF_EXEC_PAGESIZE);
247 NEW_AUX_ENT(AT_CLKTCK, CLOCKS_PER_SEC);
248 NEW_AUX_ENT(AT_PHDR, load_addr + exec->e_phoff);
249 NEW_AUX_ENT(AT_PHENT, sizeof(struct elf_phdr));
250 NEW_AUX_ENT(AT_PHNUM, exec->e_phnum);
251 NEW_AUX_ENT(AT_BASE, interp_load_addr);
252 NEW_AUX_ENT(AT_FLAGS, 0);
253 NEW_AUX_ENT(AT_ENTRY, exec->e_entry);
254 NEW_AUX_ENT(AT_UID, from_kuid_munged(cred->user_ns, cred->uid));
255 NEW_AUX_ENT(AT_EUID, from_kuid_munged(cred->user_ns, cred->euid));
256 NEW_AUX_ENT(AT_GID, from_kgid_munged(cred->user_ns, cred->gid));
257 NEW_AUX_ENT(AT_EGID, from_kgid_munged(cred->user_ns, cred->egid));
258 NEW_AUX_ENT(AT_SECURE, bprm->secureexec);
259 NEW_AUX_ENT(AT_RANDOM, (elf_addr_t)(unsigned long)u_rand_bytes);
261 NEW_AUX_ENT(AT_HWCAP2, ELF_HWCAP2);
263 NEW_AUX_ENT(AT_EXECFN, bprm->exec);
265 NEW_AUX_ENT(AT_PLATFORM,
266 (elf_addr_t)(unsigned long)u_platform);
268 if (k_base_platform) {
269 NEW_AUX_ENT(AT_BASE_PLATFORM,
270 (elf_addr_t)(unsigned long)u_base_platform);
272 if (bprm->interp_flags & BINPRM_FLAGS_EXECFD) {
273 NEW_AUX_ENT(AT_EXECFD, bprm->interp_data);
276 /* AT_NULL is zero; clear the rest too */
277 memset(&elf_info[ei_index], 0,
278 sizeof current->mm->saved_auxv - ei_index * sizeof elf_info[0]);
280 /* And advance past the AT_NULL entry. */
283 sp = STACK_ADD(p, ei_index);
285 items = (argc + 1) + (envc + 1) + 1;
286 bprm->p = STACK_ROUND(sp, items);
288 /* Point sp at the lowest address on the stack */
289 #ifdef CONFIG_STACK_GROWSUP
290 sp = (elf_addr_t __user *)bprm->p - items - ei_index;
291 bprm->exec = (unsigned long)sp; /* XXX: PARISC HACK */
293 sp = (elf_addr_t __user *)bprm->p;
298 * Grow the stack manually; some architectures have a limit on how
299 * far ahead a user-space access may be in order to grow the stack.
301 vma = find_extend_vma(current->mm, bprm->p);
305 /* Now, let's put argc (and argv, envp if appropriate) on the stack */
306 if (__put_user(argc, sp++))
309 /* Populate list of argv pointers back to argv strings. */
310 p = current->mm->arg_end = current->mm->arg_start;
313 if (__put_user((elf_addr_t)p, sp++))
315 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
316 if (!len || len > MAX_ARG_STRLEN)
320 if (__put_user(0, sp++))
322 current->mm->arg_end = p;
324 /* Populate list of envp pointers back to envp strings. */
325 current->mm->env_end = current->mm->env_start = p;
328 if (__put_user((elf_addr_t)p, sp++))
330 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
331 if (!len || len > MAX_ARG_STRLEN)
335 if (__put_user(0, sp++))
337 current->mm->env_end = p;
339 /* Put the elf_info on the stack in the right place. */
340 if (copy_to_user(sp, elf_info, ei_index * sizeof(elf_addr_t)))
347 static unsigned long elf_map(struct file *filep, unsigned long addr,
348 const struct elf_phdr *eppnt, int prot, int type,
349 unsigned long total_size)
351 unsigned long map_addr;
352 unsigned long size = eppnt->p_filesz + ELF_PAGEOFFSET(eppnt->p_vaddr);
353 unsigned long off = eppnt->p_offset - ELF_PAGEOFFSET(eppnt->p_vaddr);
354 addr = ELF_PAGESTART(addr);
355 size = ELF_PAGEALIGN(size);
357 /* mmap() will return -EINVAL if given a zero size, but a
358 * segment with zero filesize is perfectly valid */
363 * total_size is the size of the ELF (interpreter) image.
364 * The _first_ mmap needs to know the full size, otherwise
365 * randomization might put this image into an overlapping
366 * position with the ELF binary image. (since size < total_size)
367 * So we first map the 'big' image - and unmap the remainder at
368 * the end. (which unmap is needed for ELF images with holes.)
371 total_size = ELF_PAGEALIGN(total_size);
372 map_addr = vm_mmap(filep, addr, total_size, prot, type, off);
373 if (!BAD_ADDR(map_addr))
374 vm_munmap(map_addr+size, total_size-size);
376 map_addr = vm_mmap(filep, addr, size, prot, type, off);
378 if ((type & MAP_FIXED_NOREPLACE) &&
379 PTR_ERR((void *)map_addr) == -EEXIST)
380 pr_info("%d (%s): Uhuuh, elf segment at %px requested but the memory is mapped already\n",
381 task_pid_nr(current), current->comm, (void *)addr);
386 #endif /* !elf_map */
388 static unsigned long total_mapping_size(const struct elf_phdr *cmds, int nr)
390 int i, first_idx = -1, last_idx = -1;
392 for (i = 0; i < nr; i++) {
393 if (cmds[i].p_type == PT_LOAD) {
402 return cmds[last_idx].p_vaddr + cmds[last_idx].p_memsz -
403 ELF_PAGESTART(cmds[first_idx].p_vaddr);
407 * load_elf_phdrs() - load ELF program headers
408 * @elf_ex: ELF header of the binary whose program headers should be loaded
409 * @elf_file: the opened ELF binary file
411 * Loads ELF program headers from the binary file elf_file, which has the ELF
412 * header pointed to by elf_ex, into a newly allocated array. The caller is
413 * responsible for freeing the allocated data. Returns an ERR_PTR upon failure.
415 static struct elf_phdr *load_elf_phdrs(const struct elfhdr *elf_ex,
416 struct file *elf_file)
418 struct elf_phdr *elf_phdata = NULL;
419 int retval, err = -1;
420 loff_t pos = elf_ex->e_phoff;
424 * If the size of this structure has changed, then punt, since
425 * we will be doing the wrong thing.
427 if (elf_ex->e_phentsize != sizeof(struct elf_phdr))
430 /* Sanity check the number of program headers... */
431 /* ...and their total size. */
432 size = sizeof(struct elf_phdr) * elf_ex->e_phnum;
433 if (size == 0 || size > 65536 || size > ELF_MIN_ALIGN)
436 elf_phdata = kmalloc(size, GFP_KERNEL);
440 /* Read in the program headers */
441 retval = kernel_read(elf_file, elf_phdata, size, &pos);
442 if (retval != size) {
443 err = (retval < 0) ? retval : -EIO;
457 #ifndef CONFIG_ARCH_BINFMT_ELF_STATE
460 * struct arch_elf_state - arch-specific ELF loading state
462 * This structure is used to preserve architecture specific data during
463 * the loading of an ELF file, throughout the checking of architecture
464 * specific ELF headers & through to the point where the ELF load is
465 * known to be proceeding (ie. SET_PERSONALITY).
467 * This implementation is a dummy for architectures which require no
470 struct arch_elf_state {
473 #define INIT_ARCH_ELF_STATE {}
476 * arch_elf_pt_proc() - check a PT_LOPROC..PT_HIPROC ELF program header
477 * @ehdr: The main ELF header
478 * @phdr: The program header to check
479 * @elf: The open ELF file
480 * @is_interp: True if the phdr is from the interpreter of the ELF being
481 * loaded, else false.
482 * @state: Architecture-specific state preserved throughout the process
483 * of loading the ELF.
485 * Inspects the program header phdr to validate its correctness and/or
486 * suitability for the system. Called once per ELF program header in the
487 * range PT_LOPROC to PT_HIPROC, for both the ELF being loaded and its
490 * Return: Zero to proceed with the ELF load, non-zero to fail the ELF load
491 * with that return code.
493 static inline int arch_elf_pt_proc(struct elfhdr *ehdr,
494 struct elf_phdr *phdr,
495 struct file *elf, bool is_interp,
496 struct arch_elf_state *state)
498 /* Dummy implementation, always proceed */
503 * arch_check_elf() - check an ELF executable
504 * @ehdr: The main ELF header
505 * @has_interp: True if the ELF has an interpreter, else false.
506 * @interp_ehdr: The interpreter's ELF header
507 * @state: Architecture-specific state preserved throughout the process
508 * of loading the ELF.
510 * Provides a final opportunity for architecture code to reject the loading
511 * of the ELF & cause an exec syscall to return an error. This is called after
512 * all program headers to be checked by arch_elf_pt_proc have been.
514 * Return: Zero to proceed with the ELF load, non-zero to fail the ELF load
515 * with that return code.
517 static inline int arch_check_elf(struct elfhdr *ehdr, bool has_interp,
518 struct elfhdr *interp_ehdr,
519 struct arch_elf_state *state)
521 /* Dummy implementation, always proceed */
525 #endif /* !CONFIG_ARCH_BINFMT_ELF_STATE */
527 /* This is much more generalized than the library routine read function,
528 so we keep this separate. Technically the library read function
529 is only provided so that we can read a.out libraries that have
532 static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
533 struct file *interpreter, unsigned long *interp_map_addr,
534 unsigned long no_base, struct elf_phdr *interp_elf_phdata)
536 struct elf_phdr *eppnt;
537 unsigned long load_addr = 0;
538 int load_addr_set = 0;
539 unsigned long last_bss = 0, elf_bss = 0;
541 unsigned long error = ~0UL;
542 unsigned long total_size;
545 /* First of all, some simple consistency checks */
546 if (interp_elf_ex->e_type != ET_EXEC &&
547 interp_elf_ex->e_type != ET_DYN)
549 if (!elf_check_arch(interp_elf_ex) ||
550 elf_check_fdpic(interp_elf_ex))
552 if (!interpreter->f_op->mmap)
555 total_size = total_mapping_size(interp_elf_phdata,
556 interp_elf_ex->e_phnum);
562 eppnt = interp_elf_phdata;
563 for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) {
564 if (eppnt->p_type == PT_LOAD) {
565 int elf_type = MAP_PRIVATE | MAP_DENYWRITE;
567 unsigned long vaddr = 0;
568 unsigned long k, map_addr;
570 if (eppnt->p_flags & PF_R)
571 elf_prot = PROT_READ;
572 if (eppnt->p_flags & PF_W)
573 elf_prot |= PROT_WRITE;
574 if (eppnt->p_flags & PF_X)
575 elf_prot |= PROT_EXEC;
576 vaddr = eppnt->p_vaddr;
577 if (interp_elf_ex->e_type == ET_EXEC || load_addr_set)
578 elf_type |= MAP_FIXED_NOREPLACE;
579 else if (no_base && interp_elf_ex->e_type == ET_DYN)
582 map_addr = elf_map(interpreter, load_addr + vaddr,
583 eppnt, elf_prot, elf_type, total_size);
585 if (!*interp_map_addr)
586 *interp_map_addr = map_addr;
588 if (BAD_ADDR(map_addr))
591 if (!load_addr_set &&
592 interp_elf_ex->e_type == ET_DYN) {
593 load_addr = map_addr - ELF_PAGESTART(vaddr);
598 * Check to see if the section's size will overflow the
599 * allowed task size. Note that p_filesz must always be
600 * <= p_memsize so it's only necessary to check p_memsz.
602 k = load_addr + eppnt->p_vaddr;
604 eppnt->p_filesz > eppnt->p_memsz ||
605 eppnt->p_memsz > TASK_SIZE ||
606 TASK_SIZE - eppnt->p_memsz < k) {
612 * Find the end of the file mapping for this phdr, and
613 * keep track of the largest address we see for this.
615 k = load_addr + eppnt->p_vaddr + eppnt->p_filesz;
620 * Do the same thing for the memory mapping - between
621 * elf_bss and last_bss is the bss section.
623 k = load_addr + eppnt->p_vaddr + eppnt->p_memsz;
632 * Now fill out the bss section: first pad the last page from
633 * the file up to the page boundary, and zero it from elf_bss
634 * up to the end of the page.
636 if (padzero(elf_bss)) {
641 * Next, align both the file and mem bss up to the page size,
642 * since this is where elf_bss was just zeroed up to, and where
643 * last_bss will end after the vm_brk_flags() below.
645 elf_bss = ELF_PAGEALIGN(elf_bss);
646 last_bss = ELF_PAGEALIGN(last_bss);
647 /* Finally, if there is still more bss to allocate, do it. */
648 if (last_bss > elf_bss) {
649 error = vm_brk_flags(elf_bss, last_bss - elf_bss,
650 bss_prot & PROT_EXEC ? VM_EXEC : 0);
661 * These are the functions used to load ELF style executables and shared
662 * libraries. There is no binary dependent code anywhere else.
665 #ifndef STACK_RND_MASK
666 #define STACK_RND_MASK (0x7ff >> (PAGE_SHIFT - 12)) /* 8MB of VA */
669 static unsigned long randomize_stack_top(unsigned long stack_top)
671 unsigned long random_variable = 0;
673 if (current->flags & PF_RANDOMIZE) {
674 random_variable = get_random_long();
675 random_variable &= STACK_RND_MASK;
676 random_variable <<= PAGE_SHIFT;
678 #ifdef CONFIG_STACK_GROWSUP
679 return PAGE_ALIGN(stack_top) + random_variable;
681 return PAGE_ALIGN(stack_top) - random_variable;
685 static int load_elf_binary(struct linux_binprm *bprm)
687 struct file *interpreter = NULL; /* to shut gcc up */
688 unsigned long load_addr = 0, load_bias = 0;
689 int load_addr_set = 0;
690 char * elf_interpreter = NULL;
692 struct elf_phdr *elf_ppnt, *elf_phdata, *interp_elf_phdata = NULL;
693 unsigned long elf_bss, elf_brk;
696 unsigned long elf_entry;
697 unsigned long interp_load_addr = 0;
698 unsigned long start_code, end_code, start_data, end_data;
699 unsigned long reloc_func_desc __maybe_unused = 0;
700 int executable_stack = EXSTACK_DEFAULT;
701 struct pt_regs *regs = current_pt_regs();
703 struct elfhdr elf_ex;
704 struct elfhdr interp_elf_ex;
706 struct arch_elf_state arch_state = INIT_ARCH_ELF_STATE;
709 loc = kmalloc(sizeof(*loc), GFP_KERNEL);
715 /* Get the exec-header */
716 loc->elf_ex = *((struct elfhdr *)bprm->buf);
719 /* First of all, some simple consistency checks */
720 if (memcmp(loc->elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
723 if (loc->elf_ex.e_type != ET_EXEC && loc->elf_ex.e_type != ET_DYN)
725 if (!elf_check_arch(&loc->elf_ex))
727 if (elf_check_fdpic(&loc->elf_ex))
729 if (!bprm->file->f_op->mmap)
732 elf_phdata = load_elf_phdrs(&loc->elf_ex, bprm->file);
736 elf_ppnt = elf_phdata;
745 for (i = 0; i < loc->elf_ex.e_phnum; i++) {
746 if (elf_ppnt->p_type == PT_INTERP) {
747 /* This is the program interpreter used for
748 * shared libraries - for now assume that this
749 * is an a.out format binary
752 if (elf_ppnt->p_filesz > PATH_MAX ||
753 elf_ppnt->p_filesz < 2)
757 elf_interpreter = kmalloc(elf_ppnt->p_filesz,
759 if (!elf_interpreter)
762 pos = elf_ppnt->p_offset;
763 retval = kernel_read(bprm->file, elf_interpreter,
764 elf_ppnt->p_filesz, &pos);
765 if (retval != elf_ppnt->p_filesz) {
768 goto out_free_interp;
770 /* make sure path is NULL terminated */
772 if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0')
773 goto out_free_interp;
775 interpreter = open_exec(elf_interpreter);
776 retval = PTR_ERR(interpreter);
777 if (IS_ERR(interpreter))
778 goto out_free_interp;
781 * If the binary is not readable then enforce
782 * mm->dumpable = 0 regardless of the interpreter's
785 would_dump(bprm, interpreter);
787 /* Get the exec headers */
789 retval = kernel_read(interpreter, &loc->interp_elf_ex,
790 sizeof(loc->interp_elf_ex), &pos);
791 if (retval != sizeof(loc->interp_elf_ex)) {
794 goto out_free_dentry;
802 elf_ppnt = elf_phdata;
803 for (i = 0; i < loc->elf_ex.e_phnum; i++, elf_ppnt++)
804 switch (elf_ppnt->p_type) {
806 if (elf_ppnt->p_flags & PF_X)
807 executable_stack = EXSTACK_ENABLE_X;
809 executable_stack = EXSTACK_DISABLE_X;
812 case PT_LOPROC ... PT_HIPROC:
813 retval = arch_elf_pt_proc(&loc->elf_ex, elf_ppnt,
817 goto out_free_dentry;
821 /* Some simple consistency checks for the interpreter */
822 if (elf_interpreter) {
824 /* Not an ELF interpreter */
825 if (memcmp(loc->interp_elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
826 goto out_free_dentry;
827 /* Verify the interpreter has a valid arch */
828 if (!elf_check_arch(&loc->interp_elf_ex) ||
829 elf_check_fdpic(&loc->interp_elf_ex))
830 goto out_free_dentry;
832 /* Load the interpreter program headers */
833 interp_elf_phdata = load_elf_phdrs(&loc->interp_elf_ex,
835 if (!interp_elf_phdata)
836 goto out_free_dentry;
838 /* Pass PT_LOPROC..PT_HIPROC headers to arch code */
839 elf_ppnt = interp_elf_phdata;
840 for (i = 0; i < loc->interp_elf_ex.e_phnum; i++, elf_ppnt++)
841 switch (elf_ppnt->p_type) {
842 case PT_LOPROC ... PT_HIPROC:
843 retval = arch_elf_pt_proc(&loc->interp_elf_ex,
844 elf_ppnt, interpreter,
847 goto out_free_dentry;
853 * Allow arch code to reject the ELF at this point, whilst it's
854 * still possible to return an error to the code that invoked
857 retval = arch_check_elf(&loc->elf_ex,
858 !!interpreter, &loc->interp_elf_ex,
861 goto out_free_dentry;
863 /* Flush all traces of the currently running executable */
864 retval = flush_old_exec(bprm);
866 goto out_free_dentry;
868 /* Do this immediately, since STACK_TOP as used in setup_arg_pages
869 may depend on the personality. */
870 SET_PERSONALITY2(loc->elf_ex, &arch_state);
871 if (elf_read_implies_exec(loc->elf_ex, executable_stack))
872 current->personality |= READ_IMPLIES_EXEC;
874 if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
875 current->flags |= PF_RANDOMIZE;
877 setup_new_exec(bprm);
878 install_exec_creds(bprm);
880 /* Do this so that we can load the interpreter, if need be. We will
881 change some of these later */
882 retval = setup_arg_pages(bprm, randomize_stack_top(STACK_TOP),
885 goto out_free_dentry;
887 current->mm->start_stack = bprm->p;
889 /* Now we do a little grungy work by mmapping the ELF image into
890 the correct location in memory. */
891 for(i = 0, elf_ppnt = elf_phdata;
892 i < loc->elf_ex.e_phnum; i++, elf_ppnt++) {
893 int elf_prot = 0, elf_flags, elf_fixed = MAP_FIXED_NOREPLACE;
894 unsigned long k, vaddr;
895 unsigned long total_size = 0;
897 if (elf_ppnt->p_type != PT_LOAD)
900 if (unlikely (elf_brk > elf_bss)) {
903 /* There was a PT_LOAD segment with p_memsz > p_filesz
904 before this one. Map anonymous pages, if needed,
905 and clear the area. */
906 retval = set_brk(elf_bss + load_bias,
910 goto out_free_dentry;
911 nbyte = ELF_PAGEOFFSET(elf_bss);
913 nbyte = ELF_MIN_ALIGN - nbyte;
914 if (nbyte > elf_brk - elf_bss)
915 nbyte = elf_brk - elf_bss;
916 if (clear_user((void __user *)elf_bss +
919 * This bss-zeroing can fail if the ELF
920 * file specifies odd protections. So
921 * we don't check the return value
927 * Some binaries have overlapping elf segments and then
928 * we have to forcefully map over an existing mapping
929 * e.g. over this newly established brk mapping.
931 elf_fixed = MAP_FIXED;
934 if (elf_ppnt->p_flags & PF_R)
935 elf_prot |= PROT_READ;
936 if (elf_ppnt->p_flags & PF_W)
937 elf_prot |= PROT_WRITE;
938 if (elf_ppnt->p_flags & PF_X)
939 elf_prot |= PROT_EXEC;
941 elf_flags = MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE;
943 vaddr = elf_ppnt->p_vaddr;
945 * If we are loading ET_EXEC or we have already performed
946 * the ET_DYN load_addr calculations, proceed normally.
948 if (loc->elf_ex.e_type == ET_EXEC || load_addr_set) {
949 elf_flags |= elf_fixed;
950 } else if (loc->elf_ex.e_type == ET_DYN) {
952 * This logic is run once for the first LOAD Program
953 * Header for ET_DYN binaries to calculate the
954 * randomization (load_bias) for all the LOAD
955 * Program Headers, and to calculate the entire
956 * size of the ELF mapping (total_size). (Note that
957 * load_addr_set is set to true later once the
958 * initial mapping is performed.)
960 * There are effectively two types of ET_DYN
961 * binaries: programs (i.e. PIE: ET_DYN with INTERP)
962 * and loaders (ET_DYN without INTERP, since they
963 * _are_ the ELF interpreter). The loaders must
964 * be loaded away from programs since the program
965 * may otherwise collide with the loader (especially
966 * for ET_EXEC which does not have a randomized
967 * position). For example to handle invocations of
968 * "./ld.so someprog" to test out a new version of
969 * the loader, the subsequent program that the
970 * loader loads must avoid the loader itself, so
971 * they cannot share the same load range. Sufficient
972 * room for the brk must be allocated with the
973 * loader as well, since brk must be available with
976 * Therefore, programs are loaded offset from
977 * ELF_ET_DYN_BASE and loaders are loaded into the
978 * independently randomized mmap region (0 load_bias
979 * without MAP_FIXED).
981 if (elf_interpreter) {
982 load_bias = ELF_ET_DYN_BASE;
983 if (current->flags & PF_RANDOMIZE)
984 load_bias += arch_mmap_rnd();
985 elf_flags |= elf_fixed;
990 * Since load_bias is used for all subsequent loading
991 * calculations, we must lower it by the first vaddr
992 * so that the remaining calculations based on the
993 * ELF vaddrs will be correctly offset. The result
994 * is then page aligned.
996 load_bias = ELF_PAGESTART(load_bias - vaddr);
998 total_size = total_mapping_size(elf_phdata,
999 loc->elf_ex.e_phnum);
1002 goto out_free_dentry;
1006 error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
1007 elf_prot, elf_flags, total_size);
1008 if (BAD_ADDR(error)) {
1009 retval = IS_ERR((void *)error) ?
1010 PTR_ERR((void*)error) : -EINVAL;
1011 goto out_free_dentry;
1014 if (!load_addr_set) {
1016 load_addr = (elf_ppnt->p_vaddr - elf_ppnt->p_offset);
1017 if (loc->elf_ex.e_type == ET_DYN) {
1018 load_bias += error -
1019 ELF_PAGESTART(load_bias + vaddr);
1020 load_addr += load_bias;
1021 reloc_func_desc = load_bias;
1024 k = elf_ppnt->p_vaddr;
1031 * Check to see if the section's size will overflow the
1032 * allowed task size. Note that p_filesz must always be
1033 * <= p_memsz so it is only necessary to check p_memsz.
1035 if (BAD_ADDR(k) || elf_ppnt->p_filesz > elf_ppnt->p_memsz ||
1036 elf_ppnt->p_memsz > TASK_SIZE ||
1037 TASK_SIZE - elf_ppnt->p_memsz < k) {
1038 /* set_brk can never work. Avoid overflows. */
1040 goto out_free_dentry;
1043 k = elf_ppnt->p_vaddr + elf_ppnt->p_filesz;
1047 if ((elf_ppnt->p_flags & PF_X) && end_code < k)
1051 k = elf_ppnt->p_vaddr + elf_ppnt->p_memsz;
1053 bss_prot = elf_prot;
1058 loc->elf_ex.e_entry += load_bias;
1059 elf_bss += load_bias;
1060 elf_brk += load_bias;
1061 start_code += load_bias;
1062 end_code += load_bias;
1063 start_data += load_bias;
1064 end_data += load_bias;
1066 /* Calling set_brk effectively mmaps the pages that we need
1067 * for the bss and break sections. We must do this before
1068 * mapping in the interpreter, to make sure it doesn't wind
1069 * up getting placed where the bss needs to go.
1071 retval = set_brk(elf_bss, elf_brk, bss_prot);
1073 goto out_free_dentry;
1074 if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
1075 retval = -EFAULT; /* Nobody gets to see this, but.. */
1076 goto out_free_dentry;
1079 if (elf_interpreter) {
1080 unsigned long interp_map_addr = 0;
1082 elf_entry = load_elf_interp(&loc->interp_elf_ex,
1085 load_bias, interp_elf_phdata);
1086 if (!IS_ERR((void *)elf_entry)) {
1088 * load_elf_interp() returns relocation
1091 interp_load_addr = elf_entry;
1092 elf_entry += loc->interp_elf_ex.e_entry;
1094 if (BAD_ADDR(elf_entry)) {
1095 retval = IS_ERR((void *)elf_entry) ?
1096 (int)elf_entry : -EINVAL;
1097 goto out_free_dentry;
1099 reloc_func_desc = interp_load_addr;
1101 allow_write_access(interpreter);
1103 kfree(elf_interpreter);
1105 elf_entry = loc->elf_ex.e_entry;
1106 if (BAD_ADDR(elf_entry)) {
1108 goto out_free_dentry;
1112 kfree(interp_elf_phdata);
1115 set_binfmt(&elf_format);
1117 #ifdef ARCH_HAS_SETUP_ADDITIONAL_PAGES
1118 retval = arch_setup_additional_pages(bprm, !!elf_interpreter);
1121 #endif /* ARCH_HAS_SETUP_ADDITIONAL_PAGES */
1123 retval = create_elf_tables(bprm, &loc->elf_ex,
1124 load_addr, interp_load_addr);
1127 /* N.B. passed_fileno might not be initialized? */
1128 current->mm->end_code = end_code;
1129 current->mm->start_code = start_code;
1130 current->mm->start_data = start_data;
1131 current->mm->end_data = end_data;
1132 current->mm->start_stack = bprm->p;
1134 if ((current->flags & PF_RANDOMIZE) && (randomize_va_space > 1)) {
1135 current->mm->brk = current->mm->start_brk =
1136 arch_randomize_brk(current->mm);
1137 #ifdef compat_brk_randomized
1138 current->brk_randomized = 1;
1142 if (current->personality & MMAP_PAGE_ZERO) {
1143 /* Why this, you ask??? Well SVr4 maps page 0 as read-only,
1144 and some applications "depend" upon this behavior.
1145 Since we do not have the power to recompile these, we
1146 emulate the SVr4 behavior. Sigh. */
1147 error = vm_mmap(NULL, 0, PAGE_SIZE, PROT_READ | PROT_EXEC,
1148 MAP_FIXED | MAP_PRIVATE, 0);
1151 #ifdef ELF_PLAT_INIT
1153 * The ABI may specify that certain registers be set up in special
1154 * ways (on i386 %edx is the address of a DT_FINI function, for
1155 * example. In addition, it may also specify (eg, PowerPC64 ELF)
1156 * that the e_entry field is the address of the function descriptor
1157 * for the startup routine, rather than the address of the startup
1158 * routine itself. This macro performs whatever initialization to
1159 * the regs structure is required as well as any relocations to the
1160 * function descriptor entries when executing dynamically links apps.
1162 ELF_PLAT_INIT(regs, reloc_func_desc);
1165 finalize_exec(bprm);
1166 start_thread(regs, elf_entry, bprm->p);
1175 kfree(interp_elf_phdata);
1176 allow_write_access(interpreter);
1180 kfree(elf_interpreter);
1186 #ifdef CONFIG_USELIB
1187 /* This is really simpleminded and specialized - we are loading an
1188 a.out library that is given an ELF header. */
1189 static int load_elf_library(struct file *file)
1191 struct elf_phdr *elf_phdata;
1192 struct elf_phdr *eppnt;
1193 unsigned long elf_bss, bss, len;
1194 int retval, error, i, j;
1195 struct elfhdr elf_ex;
1199 retval = kernel_read(file, &elf_ex, sizeof(elf_ex), &pos);
1200 if (retval != sizeof(elf_ex))
1203 if (memcmp(elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
1206 /* First of all, some simple consistency checks */
1207 if (elf_ex.e_type != ET_EXEC || elf_ex.e_phnum > 2 ||
1208 !elf_check_arch(&elf_ex) || !file->f_op->mmap)
1210 if (elf_check_fdpic(&elf_ex))
1213 /* Now read in all of the header information */
1215 j = sizeof(struct elf_phdr) * elf_ex.e_phnum;
1216 /* j < ELF_MIN_ALIGN because elf_ex.e_phnum <= 2 */
1219 elf_phdata = kmalloc(j, GFP_KERNEL);
1225 pos = elf_ex.e_phoff;
1226 retval = kernel_read(file, eppnt, j, &pos);
1230 for (j = 0, i = 0; i<elf_ex.e_phnum; i++)
1231 if ((eppnt + i)->p_type == PT_LOAD)
1236 while (eppnt->p_type != PT_LOAD)
1239 /* Now use mmap to map the library into memory. */
1240 error = vm_mmap(file,
1241 ELF_PAGESTART(eppnt->p_vaddr),
1243 ELF_PAGEOFFSET(eppnt->p_vaddr)),
1244 PROT_READ | PROT_WRITE | PROT_EXEC,
1245 MAP_FIXED_NOREPLACE | MAP_PRIVATE | MAP_DENYWRITE,
1247 ELF_PAGEOFFSET(eppnt->p_vaddr)));
1248 if (error != ELF_PAGESTART(eppnt->p_vaddr))
1251 elf_bss = eppnt->p_vaddr + eppnt->p_filesz;
1252 if (padzero(elf_bss)) {
1257 len = ELF_PAGEALIGN(eppnt->p_filesz + eppnt->p_vaddr);
1258 bss = ELF_PAGEALIGN(eppnt->p_memsz + eppnt->p_vaddr);
1260 error = vm_brk(len, bss - len);
1271 #endif /* #ifdef CONFIG_USELIB */
1273 #ifdef CONFIG_ELF_CORE
1277 * Modelled on fs/exec.c:aout_core_dump()
1278 * Jeremy Fitzhardinge <jeremy@sw.oz.au>
1282 * The purpose of always_dump_vma() is to make sure that special kernel mappings
1283 * that are useful for post-mortem analysis are included in every core dump.
1284 * In that way we ensure that the core dump is fully interpretable later
1285 * without matching up the same kernel and hardware config to see what PC values
1286 * meant. These special mappings include - vDSO, vsyscall, and other
1287 * architecture specific mappings
1289 static bool always_dump_vma(struct vm_area_struct *vma)
1291 /* Any vsyscall mappings? */
1292 if (vma == get_gate_vma(vma->vm_mm))
1296 * Assume that all vmas with a .name op should always be dumped.
1297 * If this changes, a new vm_ops field can easily be added.
1299 if (vma->vm_ops && vma->vm_ops->name && vma->vm_ops->name(vma))
1303 * arch_vma_name() returns non-NULL for special architecture mappings,
1304 * such as vDSO sections.
1306 if (arch_vma_name(vma))
1313 * Decide what to dump of a segment, part, all or none.
1315 static unsigned long vma_dump_size(struct vm_area_struct *vma,
1316 unsigned long mm_flags)
1318 #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type))
1320 /* always dump the vdso and vsyscall sections */
1321 if (always_dump_vma(vma))
1324 if (vma->vm_flags & VM_DONTDUMP)
1327 /* support for DAX */
1328 if (vma_is_dax(vma)) {
1329 if ((vma->vm_flags & VM_SHARED) && FILTER(DAX_SHARED))
1331 if (!(vma->vm_flags & VM_SHARED) && FILTER(DAX_PRIVATE))
1336 /* Hugetlb memory check */
1337 if (vma->vm_flags & VM_HUGETLB) {
1338 if ((vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_SHARED))
1340 if (!(vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_PRIVATE))
1345 /* Do not dump I/O mapped devices or special mappings */
1346 if (vma->vm_flags & VM_IO)
1349 /* By default, dump shared memory if mapped from an anonymous file. */
1350 if (vma->vm_flags & VM_SHARED) {
1351 if (file_inode(vma->vm_file)->i_nlink == 0 ?
1352 FILTER(ANON_SHARED) : FILTER(MAPPED_SHARED))
1357 /* Dump segments that have been written to. */
1358 if (vma->anon_vma && FILTER(ANON_PRIVATE))
1360 if (vma->vm_file == NULL)
1363 if (FILTER(MAPPED_PRIVATE))
1367 * If this looks like the beginning of a DSO or executable mapping,
1368 * check for an ELF header. If we find one, dump the first page to
1369 * aid in determining what was mapped here.
1371 if (FILTER(ELF_HEADERS) &&
1372 vma->vm_pgoff == 0 && (vma->vm_flags & VM_READ)) {
1373 u32 __user *header = (u32 __user *) vma->vm_start;
1375 mm_segment_t fs = get_fs();
1377 * Doing it this way gets the constant folded by GCC.
1381 char elfmag[SELFMAG];
1383 BUILD_BUG_ON(SELFMAG != sizeof word);
1384 magic.elfmag[EI_MAG0] = ELFMAG0;
1385 magic.elfmag[EI_MAG1] = ELFMAG1;
1386 magic.elfmag[EI_MAG2] = ELFMAG2;
1387 magic.elfmag[EI_MAG3] = ELFMAG3;
1389 * Switch to the user "segment" for get_user(),
1390 * then put back what elf_core_dump() had in place.
1393 if (unlikely(get_user(word, header)))
1396 if (word == magic.cmp)
1405 return vma->vm_end - vma->vm_start;
1408 /* An ELF note in memory */
1413 unsigned int datasz;
1417 static int notesize(struct memelfnote *en)
1421 sz = sizeof(struct elf_note);
1422 sz += roundup(strlen(en->name) + 1, 4);
1423 sz += roundup(en->datasz, 4);
1428 static int writenote(struct memelfnote *men, struct coredump_params *cprm)
1431 en.n_namesz = strlen(men->name) + 1;
1432 en.n_descsz = men->datasz;
1433 en.n_type = men->type;
1435 return dump_emit(cprm, &en, sizeof(en)) &&
1436 dump_emit(cprm, men->name, en.n_namesz) && dump_align(cprm, 4) &&
1437 dump_emit(cprm, men->data, men->datasz) && dump_align(cprm, 4);
1440 static void fill_elf_header(struct elfhdr *elf, int segs,
1441 u16 machine, u32 flags)
1443 memset(elf, 0, sizeof(*elf));
1445 memcpy(elf->e_ident, ELFMAG, SELFMAG);
1446 elf->e_ident[EI_CLASS] = ELF_CLASS;
1447 elf->e_ident[EI_DATA] = ELF_DATA;
1448 elf->e_ident[EI_VERSION] = EV_CURRENT;
1449 elf->e_ident[EI_OSABI] = ELF_OSABI;
1451 elf->e_type = ET_CORE;
1452 elf->e_machine = machine;
1453 elf->e_version = EV_CURRENT;
1454 elf->e_phoff = sizeof(struct elfhdr);
1455 elf->e_flags = flags;
1456 elf->e_ehsize = sizeof(struct elfhdr);
1457 elf->e_phentsize = sizeof(struct elf_phdr);
1458 elf->e_phnum = segs;
1463 static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, loff_t offset)
1465 phdr->p_type = PT_NOTE;
1466 phdr->p_offset = offset;
1469 phdr->p_filesz = sz;
1476 static void fill_note(struct memelfnote *note, const char *name, int type,
1477 unsigned int sz, void *data)
1487 * fill up all the fields in prstatus from the given task struct, except
1488 * registers which need to be filled up separately.
1490 static void fill_prstatus(struct elf_prstatus *prstatus,
1491 struct task_struct *p, long signr)
1493 prstatus->pr_info.si_signo = prstatus->pr_cursig = signr;
1494 prstatus->pr_sigpend = p->pending.signal.sig[0];
1495 prstatus->pr_sighold = p->blocked.sig[0];
1497 prstatus->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1499 prstatus->pr_pid = task_pid_vnr(p);
1500 prstatus->pr_pgrp = task_pgrp_vnr(p);
1501 prstatus->pr_sid = task_session_vnr(p);
1502 if (thread_group_leader(p)) {
1503 struct task_cputime cputime;
1506 * This is the record for the group leader. It shows the
1507 * group-wide total, not its individual thread total.
1509 thread_group_cputime(p, &cputime);
1510 prstatus->pr_utime = ns_to_timeval(cputime.utime);
1511 prstatus->pr_stime = ns_to_timeval(cputime.stime);
1515 task_cputime(p, &utime, &stime);
1516 prstatus->pr_utime = ns_to_timeval(utime);
1517 prstatus->pr_stime = ns_to_timeval(stime);
1520 prstatus->pr_cutime = ns_to_timeval(p->signal->cutime);
1521 prstatus->pr_cstime = ns_to_timeval(p->signal->cstime);
1524 static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p,
1525 struct mm_struct *mm)
1527 const struct cred *cred;
1528 unsigned int i, len;
1530 /* first copy the parameters from user space */
1531 memset(psinfo, 0, sizeof(struct elf_prpsinfo));
1533 len = mm->arg_end - mm->arg_start;
1534 if (len >= ELF_PRARGSZ)
1535 len = ELF_PRARGSZ-1;
1536 if (copy_from_user(&psinfo->pr_psargs,
1537 (const char __user *)mm->arg_start, len))
1539 for(i = 0; i < len; i++)
1540 if (psinfo->pr_psargs[i] == 0)
1541 psinfo->pr_psargs[i] = ' ';
1542 psinfo->pr_psargs[len] = 0;
1545 psinfo->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1547 psinfo->pr_pid = task_pid_vnr(p);
1548 psinfo->pr_pgrp = task_pgrp_vnr(p);
1549 psinfo->pr_sid = task_session_vnr(p);
1551 i = p->state ? ffz(~p->state) + 1 : 0;
1552 psinfo->pr_state = i;
1553 psinfo->pr_sname = (i > 5) ? '.' : "RSDTZW"[i];
1554 psinfo->pr_zomb = psinfo->pr_sname == 'Z';
1555 psinfo->pr_nice = task_nice(p);
1556 psinfo->pr_flag = p->flags;
1558 cred = __task_cred(p);
1559 SET_UID(psinfo->pr_uid, from_kuid_munged(cred->user_ns, cred->uid));
1560 SET_GID(psinfo->pr_gid, from_kgid_munged(cred->user_ns, cred->gid));
1562 strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname));
1567 static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
1569 elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
1573 while (auxv[i - 2] != AT_NULL);
1574 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
1577 static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata,
1578 const kernel_siginfo_t *siginfo)
1580 mm_segment_t old_fs = get_fs();
1582 copy_siginfo_to_user((user_siginfo_t __user *) csigdata, siginfo);
1584 fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata);
1587 #define MAX_FILE_NOTE_SIZE (4*1024*1024)
1589 * Format of NT_FILE note:
1591 * long count -- how many files are mapped
1592 * long page_size -- units for file_ofs
1593 * array of [COUNT] elements of
1597 * followed by COUNT filenames in ASCII: "FILE1" NUL "FILE2" NUL...
1599 static int fill_files_note(struct memelfnote *note)
1601 struct vm_area_struct *vma;
1602 unsigned count, size, names_ofs, remaining, n;
1604 user_long_t *start_end_ofs;
1605 char *name_base, *name_curpos;
1607 /* *Estimated* file count and total data size needed */
1608 count = current->mm->map_count;
1609 if (count > UINT_MAX / 64)
1613 names_ofs = (2 + 3 * count) * sizeof(data[0]);
1615 if (size >= MAX_FILE_NOTE_SIZE) /* paranoia check */
1617 size = round_up(size, PAGE_SIZE);
1618 data = kvmalloc(size, GFP_KERNEL);
1619 if (ZERO_OR_NULL_PTR(data))
1622 start_end_ofs = data + 2;
1623 name_base = name_curpos = ((char *)data) + names_ofs;
1624 remaining = size - names_ofs;
1626 for (vma = current->mm->mmap; vma != NULL; vma = vma->vm_next) {
1628 const char *filename;
1630 file = vma->vm_file;
1633 filename = file_path(file, name_curpos, remaining);
1634 if (IS_ERR(filename)) {
1635 if (PTR_ERR(filename) == -ENAMETOOLONG) {
1637 size = size * 5 / 4;
1643 /* file_path() fills at the end, move name down */
1644 /* n = strlen(filename) + 1: */
1645 n = (name_curpos + remaining) - filename;
1646 remaining = filename - name_curpos;
1647 memmove(name_curpos, filename, n);
1650 *start_end_ofs++ = vma->vm_start;
1651 *start_end_ofs++ = vma->vm_end;
1652 *start_end_ofs++ = vma->vm_pgoff;
1656 /* Now we know exact count of files, can store it */
1658 data[1] = PAGE_SIZE;
1660 * Count usually is less than current->mm->map_count,
1661 * we need to move filenames down.
1663 n = current->mm->map_count - count;
1665 unsigned shift_bytes = n * 3 * sizeof(data[0]);
1666 memmove(name_base - shift_bytes, name_base,
1667 name_curpos - name_base);
1668 name_curpos -= shift_bytes;
1671 size = name_curpos - (char *)data;
1672 fill_note(note, "CORE", NT_FILE, size, data);
1676 #ifdef CORE_DUMP_USE_REGSET
1677 #include <linux/regset.h>
1679 struct elf_thread_core_info {
1680 struct elf_thread_core_info *next;
1681 struct task_struct *task;
1682 struct elf_prstatus prstatus;
1683 struct memelfnote notes[0];
1686 struct elf_note_info {
1687 struct elf_thread_core_info *thread;
1688 struct memelfnote psinfo;
1689 struct memelfnote signote;
1690 struct memelfnote auxv;
1691 struct memelfnote files;
1692 user_siginfo_t csigdata;
1698 * When a regset has a writeback hook, we call it on each thread before
1699 * dumping user memory. On register window machines, this makes sure the
1700 * user memory backing the register data is up to date before we read it.
1702 static void do_thread_regset_writeback(struct task_struct *task,
1703 const struct user_regset *regset)
1705 if (regset->writeback)
1706 regset->writeback(task, regset, 1);
1709 #ifndef PRSTATUS_SIZE
1710 #define PRSTATUS_SIZE(S, R) sizeof(S)
1713 #ifndef SET_PR_FPVALID
1714 #define SET_PR_FPVALID(S, V, R) ((S)->pr_fpvalid = (V))
1717 static int fill_thread_core_info(struct elf_thread_core_info *t,
1718 const struct user_regset_view *view,
1719 long signr, size_t *total)
1722 unsigned int regset0_size = regset_size(t->task, &view->regsets[0]);
1725 * NT_PRSTATUS is the one special case, because the regset data
1726 * goes into the pr_reg field inside the note contents, rather
1727 * than being the whole note contents. We fill the reset in here.
1728 * We assume that regset 0 is NT_PRSTATUS.
1730 fill_prstatus(&t->prstatus, t->task, signr);
1731 (void) view->regsets[0].get(t->task, &view->regsets[0], 0, regset0_size,
1732 &t->prstatus.pr_reg, NULL);
1734 fill_note(&t->notes[0], "CORE", NT_PRSTATUS,
1735 PRSTATUS_SIZE(t->prstatus, regset0_size), &t->prstatus);
1736 *total += notesize(&t->notes[0]);
1738 do_thread_regset_writeback(t->task, &view->regsets[0]);
1741 * Each other regset might generate a note too. For each regset
1742 * that has no core_note_type or is inactive, we leave t->notes[i]
1743 * all zero and we'll know to skip writing it later.
1745 for (i = 1; i < view->n; ++i) {
1746 const struct user_regset *regset = &view->regsets[i];
1747 do_thread_regset_writeback(t->task, regset);
1748 if (regset->core_note_type && regset->get &&
1749 (!regset->active || regset->active(t->task, regset) > 0)) {
1751 size_t size = regset_size(t->task, regset);
1752 void *data = kmalloc(size, GFP_KERNEL);
1753 if (unlikely(!data))
1755 ret = regset->get(t->task, regset,
1756 0, size, data, NULL);
1760 if (regset->core_note_type != NT_PRFPREG)
1761 fill_note(&t->notes[i], "LINUX",
1762 regset->core_note_type,
1765 SET_PR_FPVALID(&t->prstatus,
1767 fill_note(&t->notes[i], "CORE",
1768 NT_PRFPREG, size, data);
1770 *total += notesize(&t->notes[i]);
1778 static int fill_note_info(struct elfhdr *elf, int phdrs,
1779 struct elf_note_info *info,
1780 const kernel_siginfo_t *siginfo, struct pt_regs *regs)
1782 struct task_struct *dump_task = current;
1783 const struct user_regset_view *view = task_user_regset_view(dump_task);
1784 struct elf_thread_core_info *t;
1785 struct elf_prpsinfo *psinfo;
1786 struct core_thread *ct;
1790 info->thread = NULL;
1792 psinfo = kmalloc(sizeof(*psinfo), GFP_KERNEL);
1793 if (psinfo == NULL) {
1794 info->psinfo.data = NULL; /* So we don't free this wrongly */
1798 fill_note(&info->psinfo, "CORE", NT_PRPSINFO, sizeof(*psinfo), psinfo);
1801 * Figure out how many notes we're going to need for each thread.
1803 info->thread_notes = 0;
1804 for (i = 0; i < view->n; ++i)
1805 if (view->regsets[i].core_note_type != 0)
1806 ++info->thread_notes;
1809 * Sanity check. We rely on regset 0 being in NT_PRSTATUS,
1810 * since it is our one special case.
1812 if (unlikely(info->thread_notes == 0) ||
1813 unlikely(view->regsets[0].core_note_type != NT_PRSTATUS)) {
1819 * Initialize the ELF file header.
1821 fill_elf_header(elf, phdrs,
1822 view->e_machine, view->e_flags);
1825 * Allocate a structure for each thread.
1827 for (ct = &dump_task->mm->core_state->dumper; ct; ct = ct->next) {
1828 t = kzalloc(offsetof(struct elf_thread_core_info,
1829 notes[info->thread_notes]),
1835 if (ct->task == dump_task || !info->thread) {
1836 t->next = info->thread;
1840 * Make sure to keep the original task at
1841 * the head of the list.
1843 t->next = info->thread->next;
1844 info->thread->next = t;
1849 * Now fill in each thread's information.
1851 for (t = info->thread; t != NULL; t = t->next)
1852 if (!fill_thread_core_info(t, view, siginfo->si_signo, &info->size))
1856 * Fill in the two process-wide notes.
1858 fill_psinfo(psinfo, dump_task->group_leader, dump_task->mm);
1859 info->size += notesize(&info->psinfo);
1861 fill_siginfo_note(&info->signote, &info->csigdata, siginfo);
1862 info->size += notesize(&info->signote);
1864 fill_auxv_note(&info->auxv, current->mm);
1865 info->size += notesize(&info->auxv);
1867 if (fill_files_note(&info->files) == 0)
1868 info->size += notesize(&info->files);
1873 static size_t get_note_info_size(struct elf_note_info *info)
1879 * Write all the notes for each thread. When writing the first thread, the
1880 * process-wide notes are interleaved after the first thread-specific note.
1882 static int write_note_info(struct elf_note_info *info,
1883 struct coredump_params *cprm)
1886 struct elf_thread_core_info *t = info->thread;
1891 if (!writenote(&t->notes[0], cprm))
1894 if (first && !writenote(&info->psinfo, cprm))
1896 if (first && !writenote(&info->signote, cprm))
1898 if (first && !writenote(&info->auxv, cprm))
1900 if (first && info->files.data &&
1901 !writenote(&info->files, cprm))
1904 for (i = 1; i < info->thread_notes; ++i)
1905 if (t->notes[i].data &&
1906 !writenote(&t->notes[i], cprm))
1916 static void free_note_info(struct elf_note_info *info)
1918 struct elf_thread_core_info *threads = info->thread;
1921 struct elf_thread_core_info *t = threads;
1923 WARN_ON(t->notes[0].data && t->notes[0].data != &t->prstatus);
1924 for (i = 1; i < info->thread_notes; ++i)
1925 kfree(t->notes[i].data);
1928 kfree(info->psinfo.data);
1929 kvfree(info->files.data);
1934 /* Here is the structure in which status of each thread is captured. */
1935 struct elf_thread_status
1937 struct list_head list;
1938 struct elf_prstatus prstatus; /* NT_PRSTATUS */
1939 elf_fpregset_t fpu; /* NT_PRFPREG */
1940 struct task_struct *thread;
1941 #ifdef ELF_CORE_COPY_XFPREGS
1942 elf_fpxregset_t xfpu; /* ELF_CORE_XFPREG_TYPE */
1944 struct memelfnote notes[3];
1949 * In order to add the specific thread information for the elf file format,
1950 * we need to keep a linked list of every threads pr_status and then create
1951 * a single section for them in the final core file.
1953 static int elf_dump_thread_status(long signr, struct elf_thread_status *t)
1956 struct task_struct *p = t->thread;
1959 fill_prstatus(&t->prstatus, p, signr);
1960 elf_core_copy_task_regs(p, &t->prstatus.pr_reg);
1962 fill_note(&t->notes[0], "CORE", NT_PRSTATUS, sizeof(t->prstatus),
1965 sz += notesize(&t->notes[0]);
1967 if ((t->prstatus.pr_fpvalid = elf_core_copy_task_fpregs(p, NULL,
1969 fill_note(&t->notes[1], "CORE", NT_PRFPREG, sizeof(t->fpu),
1972 sz += notesize(&t->notes[1]);
1975 #ifdef ELF_CORE_COPY_XFPREGS
1976 if (elf_core_copy_task_xfpregs(p, &t->xfpu)) {
1977 fill_note(&t->notes[2], "LINUX", ELF_CORE_XFPREG_TYPE,
1978 sizeof(t->xfpu), &t->xfpu);
1980 sz += notesize(&t->notes[2]);
1986 struct elf_note_info {
1987 struct memelfnote *notes;
1988 struct memelfnote *notes_files;
1989 struct elf_prstatus *prstatus; /* NT_PRSTATUS */
1990 struct elf_prpsinfo *psinfo; /* NT_PRPSINFO */
1991 struct list_head thread_list;
1992 elf_fpregset_t *fpu;
1993 #ifdef ELF_CORE_COPY_XFPREGS
1994 elf_fpxregset_t *xfpu;
1996 user_siginfo_t csigdata;
1997 int thread_status_size;
2001 static int elf_note_info_init(struct elf_note_info *info)
2003 memset(info, 0, sizeof(*info));
2004 INIT_LIST_HEAD(&info->thread_list);
2006 /* Allocate space for ELF notes */
2007 info->notes = kmalloc_array(8, sizeof(struct memelfnote), GFP_KERNEL);
2010 info->psinfo = kmalloc(sizeof(*info->psinfo), GFP_KERNEL);
2013 info->prstatus = kmalloc(sizeof(*info->prstatus), GFP_KERNEL);
2014 if (!info->prstatus)
2016 info->fpu = kmalloc(sizeof(*info->fpu), GFP_KERNEL);
2019 #ifdef ELF_CORE_COPY_XFPREGS
2020 info->xfpu = kmalloc(sizeof(*info->xfpu), GFP_KERNEL);
2027 static int fill_note_info(struct elfhdr *elf, int phdrs,
2028 struct elf_note_info *info,
2029 const kernel_siginfo_t *siginfo, struct pt_regs *regs)
2031 struct core_thread *ct;
2032 struct elf_thread_status *ets;
2034 if (!elf_note_info_init(info))
2037 for (ct = current->mm->core_state->dumper.next;
2038 ct; ct = ct->next) {
2039 ets = kzalloc(sizeof(*ets), GFP_KERNEL);
2043 ets->thread = ct->task;
2044 list_add(&ets->list, &info->thread_list);
2047 list_for_each_entry(ets, &info->thread_list, list) {
2050 sz = elf_dump_thread_status(siginfo->si_signo, ets);
2051 info->thread_status_size += sz;
2053 /* now collect the dump for the current */
2054 memset(info->prstatus, 0, sizeof(*info->prstatus));
2055 fill_prstatus(info->prstatus, current, siginfo->si_signo);
2056 elf_core_copy_regs(&info->prstatus->pr_reg, regs);
2059 fill_elf_header(elf, phdrs, ELF_ARCH, ELF_CORE_EFLAGS);
2062 * Set up the notes in similar form to SVR4 core dumps made
2063 * with info from their /proc.
2066 fill_note(info->notes + 0, "CORE", NT_PRSTATUS,
2067 sizeof(*info->prstatus), info->prstatus);
2068 fill_psinfo(info->psinfo, current->group_leader, current->mm);
2069 fill_note(info->notes + 1, "CORE", NT_PRPSINFO,
2070 sizeof(*info->psinfo), info->psinfo);
2072 fill_siginfo_note(info->notes + 2, &info->csigdata, siginfo);
2073 fill_auxv_note(info->notes + 3, current->mm);
2076 if (fill_files_note(info->notes + info->numnote) == 0) {
2077 info->notes_files = info->notes + info->numnote;
2081 /* Try to dump the FPU. */
2082 info->prstatus->pr_fpvalid = elf_core_copy_task_fpregs(current, regs,
2084 if (info->prstatus->pr_fpvalid)
2085 fill_note(info->notes + info->numnote++,
2086 "CORE", NT_PRFPREG, sizeof(*info->fpu), info->fpu);
2087 #ifdef ELF_CORE_COPY_XFPREGS
2088 if (elf_core_copy_task_xfpregs(current, info->xfpu))
2089 fill_note(info->notes + info->numnote++,
2090 "LINUX", ELF_CORE_XFPREG_TYPE,
2091 sizeof(*info->xfpu), info->xfpu);
2097 static size_t get_note_info_size(struct elf_note_info *info)
2102 for (i = 0; i < info->numnote; i++)
2103 sz += notesize(info->notes + i);
2105 sz += info->thread_status_size;
2110 static int write_note_info(struct elf_note_info *info,
2111 struct coredump_params *cprm)
2113 struct elf_thread_status *ets;
2116 for (i = 0; i < info->numnote; i++)
2117 if (!writenote(info->notes + i, cprm))
2120 /* write out the thread status notes section */
2121 list_for_each_entry(ets, &info->thread_list, list) {
2122 for (i = 0; i < ets->num_notes; i++)
2123 if (!writenote(&ets->notes[i], cprm))
2130 static void free_note_info(struct elf_note_info *info)
2132 while (!list_empty(&info->thread_list)) {
2133 struct list_head *tmp = info->thread_list.next;
2135 kfree(list_entry(tmp, struct elf_thread_status, list));
2138 /* Free data possibly allocated by fill_files_note(): */
2139 if (info->notes_files)
2140 kvfree(info->notes_files->data);
2142 kfree(info->prstatus);
2143 kfree(info->psinfo);
2146 #ifdef ELF_CORE_COPY_XFPREGS
2153 static struct vm_area_struct *first_vma(struct task_struct *tsk,
2154 struct vm_area_struct *gate_vma)
2156 struct vm_area_struct *ret = tsk->mm->mmap;
2163 * Helper function for iterating across a vma list. It ensures that the caller
2164 * will visit `gate_vma' prior to terminating the search.
2166 static struct vm_area_struct *next_vma(struct vm_area_struct *this_vma,
2167 struct vm_area_struct *gate_vma)
2169 struct vm_area_struct *ret;
2171 ret = this_vma->vm_next;
2174 if (this_vma == gate_vma)
2179 static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
2180 elf_addr_t e_shoff, int segs)
2182 elf->e_shoff = e_shoff;
2183 elf->e_shentsize = sizeof(*shdr4extnum);
2185 elf->e_shstrndx = SHN_UNDEF;
2187 memset(shdr4extnum, 0, sizeof(*shdr4extnum));
2189 shdr4extnum->sh_type = SHT_NULL;
2190 shdr4extnum->sh_size = elf->e_shnum;
2191 shdr4extnum->sh_link = elf->e_shstrndx;
2192 shdr4extnum->sh_info = segs;
2198 * This is a two-pass process; first we find the offsets of the bits,
2199 * and then they are actually written out. If we run out of core limit
2202 static int elf_core_dump(struct coredump_params *cprm)
2207 size_t vma_data_size = 0;
2208 struct vm_area_struct *vma, *gate_vma;
2209 struct elfhdr *elf = NULL;
2210 loff_t offset = 0, dataoff;
2211 struct elf_note_info info = { };
2212 struct elf_phdr *phdr4note = NULL;
2213 struct elf_shdr *shdr4extnum = NULL;
2216 elf_addr_t *vma_filesz = NULL;
2219 * We no longer stop all VM operations.
2221 * This is because those proceses that could possibly change map_count
2222 * or the mmap / vma pages are now blocked in do_exit on current
2223 * finishing this core dump.
2225 * Only ptrace can touch these memory addresses, but it doesn't change
2226 * the map_count or the pages allocated. So no possibility of crashing
2227 * exists while dumping the mm->vm_next areas to the core file.
2230 /* alloc memory for large data structures: too large to be on stack */
2231 elf = kmalloc(sizeof(*elf), GFP_KERNEL);
2235 * The number of segs are recored into ELF header as 16bit value.
2236 * Please check DEFAULT_MAX_MAP_COUNT definition when you modify here.
2238 segs = current->mm->map_count;
2239 segs += elf_core_extra_phdrs();
2241 gate_vma = get_gate_vma(current->mm);
2242 if (gate_vma != NULL)
2245 /* for notes section */
2248 /* If segs > PN_XNUM(0xffff), then e_phnum overflows. To avoid
2249 * this, kernel supports extended numbering. Have a look at
2250 * include/linux/elf.h for further information. */
2251 e_phnum = segs > PN_XNUM ? PN_XNUM : segs;
2254 * Collect all the non-memory information about the process for the
2255 * notes. This also sets up the file header.
2257 if (!fill_note_info(elf, e_phnum, &info, cprm->siginfo, cprm->regs))
2265 offset += sizeof(*elf); /* Elf header */
2266 offset += segs * sizeof(struct elf_phdr); /* Program headers */
2268 /* Write notes phdr entry */
2270 size_t sz = get_note_info_size(&info);
2272 sz += elf_coredump_extra_notes_size();
2274 phdr4note = kmalloc(sizeof(*phdr4note), GFP_KERNEL);
2278 fill_elf_note_phdr(phdr4note, sz, offset);
2282 dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
2284 if (segs - 1 > ULONG_MAX / sizeof(*vma_filesz))
2286 vma_filesz = kvmalloc(array_size(sizeof(*vma_filesz), (segs - 1)),
2288 if (ZERO_OR_NULL_PTR(vma_filesz))
2291 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
2292 vma = next_vma(vma, gate_vma)) {
2293 unsigned long dump_size;
2295 dump_size = vma_dump_size(vma, cprm->mm_flags);
2296 vma_filesz[i++] = dump_size;
2297 vma_data_size += dump_size;
2300 offset += vma_data_size;
2301 offset += elf_core_extra_data_size();
2304 if (e_phnum == PN_XNUM) {
2305 shdr4extnum = kmalloc(sizeof(*shdr4extnum), GFP_KERNEL);
2308 fill_extnum_info(elf, shdr4extnum, e_shoff, segs);
2313 if (!dump_emit(cprm, elf, sizeof(*elf)))
2316 if (!dump_emit(cprm, phdr4note, sizeof(*phdr4note)))
2319 /* Write program headers for segments dump */
2320 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
2321 vma = next_vma(vma, gate_vma)) {
2322 struct elf_phdr phdr;
2324 phdr.p_type = PT_LOAD;
2325 phdr.p_offset = offset;
2326 phdr.p_vaddr = vma->vm_start;
2328 phdr.p_filesz = vma_filesz[i++];
2329 phdr.p_memsz = vma->vm_end - vma->vm_start;
2330 offset += phdr.p_filesz;
2331 phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
2332 if (vma->vm_flags & VM_WRITE)
2333 phdr.p_flags |= PF_W;
2334 if (vma->vm_flags & VM_EXEC)
2335 phdr.p_flags |= PF_X;
2336 phdr.p_align = ELF_EXEC_PAGESIZE;
2338 if (!dump_emit(cprm, &phdr, sizeof(phdr)))
2342 if (!elf_core_write_extra_phdrs(cprm, offset))
2345 /* write out the notes section */
2346 if (!write_note_info(&info, cprm))
2349 if (elf_coredump_extra_notes_write(cprm))
2353 if (!dump_skip(cprm, dataoff - cprm->pos))
2356 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
2357 vma = next_vma(vma, gate_vma)) {
2361 end = vma->vm_start + vma_filesz[i++];
2363 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
2367 page = get_dump_page(addr);
2369 void *kaddr = kmap(page);
2370 stop = !dump_emit(cprm, kaddr, PAGE_SIZE);
2374 stop = !dump_skip(cprm, PAGE_SIZE);
2379 dump_truncate(cprm);
2381 if (!elf_core_write_extra_data(cprm))
2384 if (e_phnum == PN_XNUM) {
2385 if (!dump_emit(cprm, shdr4extnum, sizeof(*shdr4extnum)))
2393 free_note_info(&info);
2402 #endif /* CONFIG_ELF_CORE */
2404 static int __init init_elf_binfmt(void)
2406 register_binfmt(&elf_format);
2410 static void __exit exit_elf_binfmt(void)
2412 /* Remove the COFF and ELF loaders. */
2413 unregister_binfmt(&elf_format);
2416 core_initcall(init_elf_binfmt);
2417 module_exit(exit_elf_binfmt);
2418 MODULE_LICENSE("GPL");
git.samba.org / sfrench / cifs-2.6.git / blob