2 * linux/fs/binfmt_elf.c
4 * These are the functions used to load ELF format executables as used
5 * on SVr4 machines. Information on the format may be found in the book
6 * "UNIX SYSTEM V RELEASE 4 Programmers Guide: Ansi C and Programming Support
9 * Copyright 1993, 1994: Eric Youngdale (ericy@cais.com).
12 #include <linux/module.h>
13 #include <linux/kernel.h>
16 #include <linux/mman.h>
17 #include <linux/errno.h>
18 #include <linux/signal.h>
19 #include <linux/binfmts.h>
20 #include <linux/string.h>
21 #include <linux/file.h>
22 #include <linux/slab.h>
23 #include <linux/personality.h>
24 #include <linux/elfcore.h>
25 #include <linux/init.h>
26 #include <linux/highuid.h>
27 #include <linux/compiler.h>
28 #include <linux/highmem.h>
29 #include <linux/pagemap.h>
30 #include <linux/vmalloc.h>
31 #include <linux/security.h>
32 #include <linux/random.h>
33 #include <linux/elf.h>
34 #include <linux/elf-randomize.h>
35 #include <linux/utsname.h>
36 #include <linux/coredump.h>
37 #include <linux/sched.h>
38 #include <linux/sched/coredump.h>
39 #include <linux/sched/task_stack.h>
40 #include <linux/sched/cputime.h>
41 #include <linux/cred.h>
42 #include <linux/dax.h>
43 #include <linux/uaccess.h>
44 #include <asm/param.h>
48 #define user_long_t long
50 #ifndef user_siginfo_t
51 #define user_siginfo_t siginfo_t
54 /* That's for binfmt_elf_fdpic to deal with */
55 #ifndef elf_check_fdpic
56 #define elf_check_fdpic(ex) false
59 static int load_elf_binary(struct linux_binprm *bprm);
62 static int load_elf_library(struct file *);
64 #define load_elf_library NULL
68 * If we don't support core dumping, then supply a NULL so we
71 #ifdef CONFIG_ELF_CORE
72 static int elf_core_dump(struct coredump_params *cprm);
74 #define elf_core_dump NULL
77 #if ELF_EXEC_PAGESIZE > PAGE_SIZE
78 #define ELF_MIN_ALIGN ELF_EXEC_PAGESIZE
80 #define ELF_MIN_ALIGN PAGE_SIZE
83 #ifndef ELF_CORE_EFLAGS
84 #define ELF_CORE_EFLAGS 0
87 #define ELF_PAGESTART(_v) ((_v) & ~(unsigned long)(ELF_MIN_ALIGN-1))
88 #define ELF_PAGEOFFSET(_v) ((_v) & (ELF_MIN_ALIGN-1))
89 #define ELF_PAGEALIGN(_v) (((_v) + ELF_MIN_ALIGN - 1) & ~(ELF_MIN_ALIGN - 1))
91 static struct linux_binfmt elf_format = {
92 .module = THIS_MODULE,
93 .load_binary = load_elf_binary,
94 .load_shlib = load_elf_library,
95 .core_dump = elf_core_dump,
96 .min_coredump = ELF_EXEC_PAGESIZE,
99 #define BAD_ADDR(x) ((unsigned long)(x) >= TASK_SIZE)
101 static int set_brk(unsigned long start, unsigned long end, int prot)
103 start = ELF_PAGEALIGN(start);
104 end = ELF_PAGEALIGN(end);
107 * Map the last of the bss segment.
108 * If the header is requesting these pages to be
109 * executable, honour that (ppc32 needs this).
111 int error = vm_brk_flags(start, end - start,
112 prot & PROT_EXEC ? VM_EXEC : 0);
116 current->mm->start_brk = current->mm->brk = end;
120 /* We need to explicitly zero any fractional pages
121 after the data section (i.e. bss). This would
122 contain the junk from the file that should not
125 static int padzero(unsigned long elf_bss)
129 nbyte = ELF_PAGEOFFSET(elf_bss);
131 nbyte = ELF_MIN_ALIGN - nbyte;
132 if (clear_user((void __user *) elf_bss, nbyte))
138 /* Let's use some macros to make this stack manipulation a little clearer */
139 #ifdef CONFIG_STACK_GROWSUP
140 #define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) + (items))
141 #define STACK_ROUND(sp, items) \
142 ((15 + (unsigned long) ((sp) + (items))) &~ 15UL)
143 #define STACK_ALLOC(sp, len) ({ \
144 elf_addr_t __user *old_sp = (elf_addr_t __user *)sp; sp += len; \
147 #define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) - (items))
148 #define STACK_ROUND(sp, items) \
149 (((unsigned long) (sp - items)) &~ 15UL)
150 #define STACK_ALLOC(sp, len) ({ sp -= len ; sp; })
153 #ifndef ELF_BASE_PLATFORM
155 * AT_BASE_PLATFORM indicates the "real" hardware/microarchitecture.
156 * If the arch defines ELF_BASE_PLATFORM (in asm/elf.h), the value
157 * will be copied to the user stack in the same manner as AT_PLATFORM.
159 #define ELF_BASE_PLATFORM NULL
163 create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
164 unsigned long load_addr, unsigned long interp_load_addr)
166 unsigned long p = bprm->p;
167 int argc = bprm->argc;
168 int envc = bprm->envc;
169 elf_addr_t __user *sp;
170 elf_addr_t __user *u_platform;
171 elf_addr_t __user *u_base_platform;
172 elf_addr_t __user *u_rand_bytes;
173 const char *k_platform = ELF_PLATFORM;
174 const char *k_base_platform = ELF_BASE_PLATFORM;
175 unsigned char k_rand_bytes[16];
177 elf_addr_t *elf_info;
179 const struct cred *cred = current_cred();
180 struct vm_area_struct *vma;
183 * In some cases (e.g. Hyper-Threading), we want to avoid L1
184 * evictions by the processes running on the same package. One
185 * thing we can do is to shuffle the initial stack for them.
188 p = arch_align_stack(p);
191 * If this architecture has a platform capability string, copy it
192 * to userspace. In some cases (Sparc), this info is impossible
193 * for userspace to get any other way, in others (i386) it is
198 size_t len = strlen(k_platform) + 1;
200 u_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
201 if (__copy_to_user(u_platform, k_platform, len))
206 * If this architecture has a "base" platform capability
207 * string, copy it to userspace.
209 u_base_platform = NULL;
210 if (k_base_platform) {
211 size_t len = strlen(k_base_platform) + 1;
213 u_base_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
214 if (__copy_to_user(u_base_platform, k_base_platform, len))
219 * Generate 16 random bytes for userspace PRNG seeding.
221 get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes));
222 u_rand_bytes = (elf_addr_t __user *)
223 STACK_ALLOC(p, sizeof(k_rand_bytes));
224 if (__copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes)))
227 /* Create the ELF interpreter info */
228 elf_info = (elf_addr_t *)current->mm->saved_auxv;
229 /* update AT_VECTOR_SIZE_BASE if the number of NEW_AUX_ENT() changes */
230 #define NEW_AUX_ENT(id, val) \
232 elf_info[ei_index++] = id; \
233 elf_info[ei_index++] = val; \
238 * ARCH_DLINFO must come first so PPC can do its special alignment of
240 * update AT_VECTOR_SIZE_ARCH if the number of NEW_AUX_ENT() in
241 * ARCH_DLINFO changes
245 NEW_AUX_ENT(AT_HWCAP, ELF_HWCAP);
246 NEW_AUX_ENT(AT_PAGESZ, ELF_EXEC_PAGESIZE);
247 NEW_AUX_ENT(AT_CLKTCK, CLOCKS_PER_SEC);
248 NEW_AUX_ENT(AT_PHDR, load_addr + exec->e_phoff);
249 NEW_AUX_ENT(AT_PHENT, sizeof(struct elf_phdr));
250 NEW_AUX_ENT(AT_PHNUM, exec->e_phnum);
251 NEW_AUX_ENT(AT_BASE, interp_load_addr);
252 NEW_AUX_ENT(AT_FLAGS, 0);
253 NEW_AUX_ENT(AT_ENTRY, exec->e_entry);
254 NEW_AUX_ENT(AT_UID, from_kuid_munged(cred->user_ns, cred->uid));
255 NEW_AUX_ENT(AT_EUID, from_kuid_munged(cred->user_ns, cred->euid));
256 NEW_AUX_ENT(AT_GID, from_kgid_munged(cred->user_ns, cred->gid));
257 NEW_AUX_ENT(AT_EGID, from_kgid_munged(cred->user_ns, cred->egid));
258 NEW_AUX_ENT(AT_SECURE, bprm->secureexec);
259 NEW_AUX_ENT(AT_RANDOM, (elf_addr_t)(unsigned long)u_rand_bytes);
261 NEW_AUX_ENT(AT_HWCAP2, ELF_HWCAP2);
263 NEW_AUX_ENT(AT_EXECFN, bprm->exec);
265 NEW_AUX_ENT(AT_PLATFORM,
266 (elf_addr_t)(unsigned long)u_platform);
268 if (k_base_platform) {
269 NEW_AUX_ENT(AT_BASE_PLATFORM,
270 (elf_addr_t)(unsigned long)u_base_platform);
272 if (bprm->interp_flags & BINPRM_FLAGS_EXECFD) {
273 NEW_AUX_ENT(AT_EXECFD, bprm->interp_data);
276 /* AT_NULL is zero; clear the rest too */
277 memset(&elf_info[ei_index], 0,
278 sizeof current->mm->saved_auxv - ei_index * sizeof elf_info[0]);
280 /* And advance past the AT_NULL entry. */
283 sp = STACK_ADD(p, ei_index);
285 items = (argc + 1) + (envc + 1) + 1;
286 bprm->p = STACK_ROUND(sp, items);
288 /* Point sp at the lowest address on the stack */
289 #ifdef CONFIG_STACK_GROWSUP
290 sp = (elf_addr_t __user *)bprm->p - items - ei_index;
291 bprm->exec = (unsigned long)sp; /* XXX: PARISC HACK */
293 sp = (elf_addr_t __user *)bprm->p;
298 * Grow the stack manually; some architectures have a limit on how
299 * far ahead a user-space access may be in order to grow the stack.
301 vma = find_extend_vma(current->mm, bprm->p);
305 /* Now, let's put argc (and argv, envp if appropriate) on the stack */
306 if (__put_user(argc, sp++))
309 /* Populate list of argv pointers back to argv strings. */
310 p = current->mm->arg_end = current->mm->arg_start;
313 if (__put_user((elf_addr_t)p, sp++))
315 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
316 if (!len || len > MAX_ARG_STRLEN)
320 if (__put_user(0, sp++))
322 current->mm->arg_end = p;
324 /* Populate list of envp pointers back to envp strings. */
325 current->mm->env_end = current->mm->env_start = p;
328 if (__put_user((elf_addr_t)p, sp++))
330 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
331 if (!len || len > MAX_ARG_STRLEN)
335 if (__put_user(0, sp++))
337 current->mm->env_end = p;
339 /* Put the elf_info on the stack in the right place. */
340 if (copy_to_user(sp, elf_info, ei_index * sizeof(elf_addr_t)))
347 static unsigned long elf_map(struct file *filep, unsigned long addr,
348 const struct elf_phdr *eppnt, int prot, int type,
349 unsigned long total_size)
351 unsigned long map_addr;
352 unsigned long size = eppnt->p_filesz + ELF_PAGEOFFSET(eppnt->p_vaddr);
353 unsigned long off = eppnt->p_offset - ELF_PAGEOFFSET(eppnt->p_vaddr);
354 addr = ELF_PAGESTART(addr);
355 size = ELF_PAGEALIGN(size);
357 /* mmap() will return -EINVAL if given a zero size, but a
358 * segment with zero filesize is perfectly valid */
363 * total_size is the size of the ELF (interpreter) image.
364 * The _first_ mmap needs to know the full size, otherwise
365 * randomization might put this image into an overlapping
366 * position with the ELF binary image. (since size < total_size)
367 * So we first map the 'big' image - and unmap the remainder at
368 * the end. (which unmap is needed for ELF images with holes.)
371 total_size = ELF_PAGEALIGN(total_size);
372 map_addr = vm_mmap(filep, addr, total_size, prot, type, off);
373 if (!BAD_ADDR(map_addr))
374 vm_munmap(map_addr+size, total_size-size);
376 map_addr = vm_mmap(filep, addr, size, prot, type, off);
378 if ((type & MAP_FIXED_NOREPLACE) &&
379 PTR_ERR((void *)map_addr) == -EEXIST)
380 pr_info("%d (%s): Uhuuh, elf segment at %px requested but the memory is mapped already\n",
381 task_pid_nr(current), current->comm, (void *)addr);
386 #endif /* !elf_map */
388 static unsigned long total_mapping_size(const struct elf_phdr *cmds, int nr)
390 int i, first_idx = -1, last_idx = -1;
392 for (i = 0; i < nr; i++) {
393 if (cmds[i].p_type == PT_LOAD) {
402 return cmds[last_idx].p_vaddr + cmds[last_idx].p_memsz -
403 ELF_PAGESTART(cmds[first_idx].p_vaddr);
407 * load_elf_phdrs() - load ELF program headers
408 * @elf_ex: ELF header of the binary whose program headers should be loaded
409 * @elf_file: the opened ELF binary file
411 * Loads ELF program headers from the binary file elf_file, which has the ELF
412 * header pointed to by elf_ex, into a newly allocated array. The caller is
413 * responsible for freeing the allocated data. Returns an ERR_PTR upon failure.
415 static struct elf_phdr *load_elf_phdrs(const struct elfhdr *elf_ex,
416 struct file *elf_file)
418 struct elf_phdr *elf_phdata = NULL;
419 int retval, err = -1;
420 loff_t pos = elf_ex->e_phoff;
424 * If the size of this structure has changed, then punt, since
425 * we will be doing the wrong thing.
427 if (elf_ex->e_phentsize != sizeof(struct elf_phdr))
430 /* Sanity check the number of program headers... */
431 /* ...and their total size. */
432 size = sizeof(struct elf_phdr) * elf_ex->e_phnum;
433 if (size == 0 || size > 65536 || size > ELF_MIN_ALIGN)
436 elf_phdata = kmalloc(size, GFP_KERNEL);
440 /* Read in the program headers */
441 retval = kernel_read(elf_file, elf_phdata, size, &pos);
442 if (retval != size) {
443 err = (retval < 0) ? retval : -EIO;
457 #ifndef CONFIG_ARCH_BINFMT_ELF_STATE
460 * struct arch_elf_state - arch-specific ELF loading state
462 * This structure is used to preserve architecture specific data during
463 * the loading of an ELF file, throughout the checking of architecture
464 * specific ELF headers & through to the point where the ELF load is
465 * known to be proceeding (ie. SET_PERSONALITY).
467 * This implementation is a dummy for architectures which require no
470 struct arch_elf_state {
473 #define INIT_ARCH_ELF_STATE {}
476 * arch_elf_pt_proc() - check a PT_LOPROC..PT_HIPROC ELF program header
477 * @ehdr: The main ELF header
478 * @phdr: The program header to check
479 * @elf: The open ELF file
480 * @is_interp: True if the phdr is from the interpreter of the ELF being
481 * loaded, else false.
482 * @state: Architecture-specific state preserved throughout the process
483 * of loading the ELF.
485 * Inspects the program header phdr to validate its correctness and/or
486 * suitability for the system. Called once per ELF program header in the
487 * range PT_LOPROC to PT_HIPROC, for both the ELF being loaded and its
490 * Return: Zero to proceed with the ELF load, non-zero to fail the ELF load
491 * with that return code.
493 static inline int arch_elf_pt_proc(struct elfhdr *ehdr,
494 struct elf_phdr *phdr,
495 struct file *elf, bool is_interp,
496 struct arch_elf_state *state)
498 /* Dummy implementation, always proceed */
503 * arch_check_elf() - check an ELF executable
504 * @ehdr: The main ELF header
505 * @has_interp: True if the ELF has an interpreter, else false.
506 * @interp_ehdr: The interpreter's ELF header
507 * @state: Architecture-specific state preserved throughout the process
508 * of loading the ELF.
510 * Provides a final opportunity for architecture code to reject the loading
511 * of the ELF & cause an exec syscall to return an error. This is called after
512 * all program headers to be checked by arch_elf_pt_proc have been.
514 * Return: Zero to proceed with the ELF load, non-zero to fail the ELF load
515 * with that return code.
517 static inline int arch_check_elf(struct elfhdr *ehdr, bool has_interp,
518 struct elfhdr *interp_ehdr,
519 struct arch_elf_state *state)
521 /* Dummy implementation, always proceed */
525 #endif /* !CONFIG_ARCH_BINFMT_ELF_STATE */
527 static inline int make_prot(u32 p_flags)
540 /* This is much more generalized than the library routine read function,
541 so we keep this separate. Technically the library read function
542 is only provided so that we can read a.out libraries that have
545 static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
546 struct file *interpreter, unsigned long *interp_map_addr,
547 unsigned long no_base, struct elf_phdr *interp_elf_phdata)
549 struct elf_phdr *eppnt;
550 unsigned long load_addr = 0;
551 int load_addr_set = 0;
552 unsigned long last_bss = 0, elf_bss = 0;
554 unsigned long error = ~0UL;
555 unsigned long total_size;
558 /* First of all, some simple consistency checks */
559 if (interp_elf_ex->e_type != ET_EXEC &&
560 interp_elf_ex->e_type != ET_DYN)
562 if (!elf_check_arch(interp_elf_ex) ||
563 elf_check_fdpic(interp_elf_ex))
565 if (!interpreter->f_op->mmap)
568 total_size = total_mapping_size(interp_elf_phdata,
569 interp_elf_ex->e_phnum);
575 eppnt = interp_elf_phdata;
576 for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) {
577 if (eppnt->p_type == PT_LOAD) {
578 int elf_type = MAP_PRIVATE | MAP_DENYWRITE;
579 int elf_prot = make_prot(eppnt->p_flags);
580 unsigned long vaddr = 0;
581 unsigned long k, map_addr;
583 vaddr = eppnt->p_vaddr;
584 if (interp_elf_ex->e_type == ET_EXEC || load_addr_set)
585 elf_type |= MAP_FIXED_NOREPLACE;
586 else if (no_base && interp_elf_ex->e_type == ET_DYN)
589 map_addr = elf_map(interpreter, load_addr + vaddr,
590 eppnt, elf_prot, elf_type, total_size);
592 if (!*interp_map_addr)
593 *interp_map_addr = map_addr;
595 if (BAD_ADDR(map_addr))
598 if (!load_addr_set &&
599 interp_elf_ex->e_type == ET_DYN) {
600 load_addr = map_addr - ELF_PAGESTART(vaddr);
605 * Check to see if the section's size will overflow the
606 * allowed task size. Note that p_filesz must always be
607 * <= p_memsize so it's only necessary to check p_memsz.
609 k = load_addr + eppnt->p_vaddr;
611 eppnt->p_filesz > eppnt->p_memsz ||
612 eppnt->p_memsz > TASK_SIZE ||
613 TASK_SIZE - eppnt->p_memsz < k) {
619 * Find the end of the file mapping for this phdr, and
620 * keep track of the largest address we see for this.
622 k = load_addr + eppnt->p_vaddr + eppnt->p_filesz;
627 * Do the same thing for the memory mapping - between
628 * elf_bss and last_bss is the bss section.
630 k = load_addr + eppnt->p_vaddr + eppnt->p_memsz;
639 * Now fill out the bss section: first pad the last page from
640 * the file up to the page boundary, and zero it from elf_bss
641 * up to the end of the page.
643 if (padzero(elf_bss)) {
648 * Next, align both the file and mem bss up to the page size,
649 * since this is where elf_bss was just zeroed up to, and where
650 * last_bss will end after the vm_brk_flags() below.
652 elf_bss = ELF_PAGEALIGN(elf_bss);
653 last_bss = ELF_PAGEALIGN(last_bss);
654 /* Finally, if there is still more bss to allocate, do it. */
655 if (last_bss > elf_bss) {
656 error = vm_brk_flags(elf_bss, last_bss - elf_bss,
657 bss_prot & PROT_EXEC ? VM_EXEC : 0);
668 * These are the functions used to load ELF style executables and shared
669 * libraries. There is no binary dependent code anywhere else.
672 #ifndef STACK_RND_MASK
673 #define STACK_RND_MASK (0x7ff >> (PAGE_SHIFT - 12)) /* 8MB of VA */
676 static unsigned long randomize_stack_top(unsigned long stack_top)
678 unsigned long random_variable = 0;
680 if (current->flags & PF_RANDOMIZE) {
681 random_variable = get_random_long();
682 random_variable &= STACK_RND_MASK;
683 random_variable <<= PAGE_SHIFT;
685 #ifdef CONFIG_STACK_GROWSUP
686 return PAGE_ALIGN(stack_top) + random_variable;
688 return PAGE_ALIGN(stack_top) - random_variable;
692 static int load_elf_binary(struct linux_binprm *bprm)
694 struct file *interpreter = NULL; /* to shut gcc up */
695 unsigned long load_addr = 0, load_bias = 0;
696 int load_addr_set = 0;
698 struct elf_phdr *elf_ppnt, *elf_phdata, *interp_elf_phdata = NULL;
699 unsigned long elf_bss, elf_brk;
702 unsigned long elf_entry;
703 unsigned long interp_load_addr = 0;
704 unsigned long start_code, end_code, start_data, end_data;
705 unsigned long reloc_func_desc __maybe_unused = 0;
706 int executable_stack = EXSTACK_DEFAULT;
707 struct pt_regs *regs = current_pt_regs();
709 struct elfhdr elf_ex;
710 struct elfhdr interp_elf_ex;
712 struct arch_elf_state arch_state = INIT_ARCH_ELF_STATE;
714 loc = kmalloc(sizeof(*loc), GFP_KERNEL);
720 /* Get the exec-header */
721 loc->elf_ex = *((struct elfhdr *)bprm->buf);
724 /* First of all, some simple consistency checks */
725 if (memcmp(loc->elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
728 if (loc->elf_ex.e_type != ET_EXEC && loc->elf_ex.e_type != ET_DYN)
730 if (!elf_check_arch(&loc->elf_ex))
732 if (elf_check_fdpic(&loc->elf_ex))
734 if (!bprm->file->f_op->mmap)
737 elf_phdata = load_elf_phdrs(&loc->elf_ex, bprm->file);
741 elf_ppnt = elf_phdata;
742 for (i = 0; i < loc->elf_ex.e_phnum; i++, elf_ppnt++) {
743 char *elf_interpreter;
746 if (elf_ppnt->p_type != PT_INTERP)
750 * This is the program interpreter used for shared libraries -
751 * for now assume that this is an a.out format binary.
754 if (elf_ppnt->p_filesz > PATH_MAX || elf_ppnt->p_filesz < 2)
758 elf_interpreter = kmalloc(elf_ppnt->p_filesz, GFP_KERNEL);
759 if (!elf_interpreter)
762 pos = elf_ppnt->p_offset;
763 retval = kernel_read(bprm->file, elf_interpreter,
764 elf_ppnt->p_filesz, &pos);
765 if (retval != elf_ppnt->p_filesz) {
768 goto out_free_interp;
770 /* make sure path is NULL terminated */
772 if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0')
773 goto out_free_interp;
775 interpreter = open_exec(elf_interpreter);
776 kfree(elf_interpreter);
777 retval = PTR_ERR(interpreter);
778 if (IS_ERR(interpreter))
782 * If the binary is not readable then enforce mm->dumpable = 0
783 * regardless of the interpreter's permissions.
785 would_dump(bprm, interpreter);
787 /* Get the exec headers */
789 retval = kernel_read(interpreter, &loc->interp_elf_ex,
790 sizeof(loc->interp_elf_ex), &pos);
791 if (retval != sizeof(loc->interp_elf_ex)) {
794 goto out_free_dentry;
800 kfree(elf_interpreter);
804 elf_ppnt = elf_phdata;
805 for (i = 0; i < loc->elf_ex.e_phnum; i++, elf_ppnt++)
806 switch (elf_ppnt->p_type) {
808 if (elf_ppnt->p_flags & PF_X)
809 executable_stack = EXSTACK_ENABLE_X;
811 executable_stack = EXSTACK_DISABLE_X;
814 case PT_LOPROC ... PT_HIPROC:
815 retval = arch_elf_pt_proc(&loc->elf_ex, elf_ppnt,
819 goto out_free_dentry;
823 /* Some simple consistency checks for the interpreter */
826 /* Not an ELF interpreter */
827 if (memcmp(loc->interp_elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
828 goto out_free_dentry;
829 /* Verify the interpreter has a valid arch */
830 if (!elf_check_arch(&loc->interp_elf_ex) ||
831 elf_check_fdpic(&loc->interp_elf_ex))
832 goto out_free_dentry;
834 /* Load the interpreter program headers */
835 interp_elf_phdata = load_elf_phdrs(&loc->interp_elf_ex,
837 if (!interp_elf_phdata)
838 goto out_free_dentry;
840 /* Pass PT_LOPROC..PT_HIPROC headers to arch code */
841 elf_ppnt = interp_elf_phdata;
842 for (i = 0; i < loc->interp_elf_ex.e_phnum; i++, elf_ppnt++)
843 switch (elf_ppnt->p_type) {
844 case PT_LOPROC ... PT_HIPROC:
845 retval = arch_elf_pt_proc(&loc->interp_elf_ex,
846 elf_ppnt, interpreter,
849 goto out_free_dentry;
855 * Allow arch code to reject the ELF at this point, whilst it's
856 * still possible to return an error to the code that invoked
859 retval = arch_check_elf(&loc->elf_ex,
860 !!interpreter, &loc->interp_elf_ex,
863 goto out_free_dentry;
865 /* Flush all traces of the currently running executable */
866 retval = flush_old_exec(bprm);
868 goto out_free_dentry;
870 /* Do this immediately, since STACK_TOP as used in setup_arg_pages
871 may depend on the personality. */
872 SET_PERSONALITY2(loc->elf_ex, &arch_state);
873 if (elf_read_implies_exec(loc->elf_ex, executable_stack))
874 current->personality |= READ_IMPLIES_EXEC;
876 if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
877 current->flags |= PF_RANDOMIZE;
879 setup_new_exec(bprm);
880 install_exec_creds(bprm);
882 /* Do this so that we can load the interpreter, if need be. We will
883 change some of these later */
884 retval = setup_arg_pages(bprm, randomize_stack_top(STACK_TOP),
887 goto out_free_dentry;
897 /* Now we do a little grungy work by mmapping the ELF image into
898 the correct location in memory. */
899 for(i = 0, elf_ppnt = elf_phdata;
900 i < loc->elf_ex.e_phnum; i++, elf_ppnt++) {
901 int elf_prot, elf_flags, elf_fixed = MAP_FIXED_NOREPLACE;
902 unsigned long k, vaddr;
903 unsigned long total_size = 0;
905 if (elf_ppnt->p_type != PT_LOAD)
908 if (unlikely (elf_brk > elf_bss)) {
911 /* There was a PT_LOAD segment with p_memsz > p_filesz
912 before this one. Map anonymous pages, if needed,
913 and clear the area. */
914 retval = set_brk(elf_bss + load_bias,
918 goto out_free_dentry;
919 nbyte = ELF_PAGEOFFSET(elf_bss);
921 nbyte = ELF_MIN_ALIGN - nbyte;
922 if (nbyte > elf_brk - elf_bss)
923 nbyte = elf_brk - elf_bss;
924 if (clear_user((void __user *)elf_bss +
927 * This bss-zeroing can fail if the ELF
928 * file specifies odd protections. So
929 * we don't check the return value
935 * Some binaries have overlapping elf segments and then
936 * we have to forcefully map over an existing mapping
937 * e.g. over this newly established brk mapping.
939 elf_fixed = MAP_FIXED;
942 elf_prot = make_prot(elf_ppnt->p_flags);
944 elf_flags = MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE;
946 vaddr = elf_ppnt->p_vaddr;
948 * If we are loading ET_EXEC or we have already performed
949 * the ET_DYN load_addr calculations, proceed normally.
951 if (loc->elf_ex.e_type == ET_EXEC || load_addr_set) {
952 elf_flags |= elf_fixed;
953 } else if (loc->elf_ex.e_type == ET_DYN) {
955 * This logic is run once for the first LOAD Program
956 * Header for ET_DYN binaries to calculate the
957 * randomization (load_bias) for all the LOAD
958 * Program Headers, and to calculate the entire
959 * size of the ELF mapping (total_size). (Note that
960 * load_addr_set is set to true later once the
961 * initial mapping is performed.)
963 * There are effectively two types of ET_DYN
964 * binaries: programs (i.e. PIE: ET_DYN with INTERP)
965 * and loaders (ET_DYN without INTERP, since they
966 * _are_ the ELF interpreter). The loaders must
967 * be loaded away from programs since the program
968 * may otherwise collide with the loader (especially
969 * for ET_EXEC which does not have a randomized
970 * position). For example to handle invocations of
971 * "./ld.so someprog" to test out a new version of
972 * the loader, the subsequent program that the
973 * loader loads must avoid the loader itself, so
974 * they cannot share the same load range. Sufficient
975 * room for the brk must be allocated with the
976 * loader as well, since brk must be available with
979 * Therefore, programs are loaded offset from
980 * ELF_ET_DYN_BASE and loaders are loaded into the
981 * independently randomized mmap region (0 load_bias
982 * without MAP_FIXED).
985 load_bias = ELF_ET_DYN_BASE;
986 if (current->flags & PF_RANDOMIZE)
987 load_bias += arch_mmap_rnd();
988 elf_flags |= elf_fixed;
993 * Since load_bias is used for all subsequent loading
994 * calculations, we must lower it by the first vaddr
995 * so that the remaining calculations based on the
996 * ELF vaddrs will be correctly offset. The result
997 * is then page aligned.
999 load_bias = ELF_PAGESTART(load_bias - vaddr);
1001 total_size = total_mapping_size(elf_phdata,
1002 loc->elf_ex.e_phnum);
1005 goto out_free_dentry;
1009 error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
1010 elf_prot, elf_flags, total_size);
1011 if (BAD_ADDR(error)) {
1012 retval = IS_ERR((void *)error) ?
1013 PTR_ERR((void*)error) : -EINVAL;
1014 goto out_free_dentry;
1017 if (!load_addr_set) {
1019 load_addr = (elf_ppnt->p_vaddr - elf_ppnt->p_offset);
1020 if (loc->elf_ex.e_type == ET_DYN) {
1021 load_bias += error -
1022 ELF_PAGESTART(load_bias + vaddr);
1023 load_addr += load_bias;
1024 reloc_func_desc = load_bias;
1027 k = elf_ppnt->p_vaddr;
1034 * Check to see if the section's size will overflow the
1035 * allowed task size. Note that p_filesz must always be
1036 * <= p_memsz so it is only necessary to check p_memsz.
1038 if (BAD_ADDR(k) || elf_ppnt->p_filesz > elf_ppnt->p_memsz ||
1039 elf_ppnt->p_memsz > TASK_SIZE ||
1040 TASK_SIZE - elf_ppnt->p_memsz < k) {
1041 /* set_brk can never work. Avoid overflows. */
1043 goto out_free_dentry;
1046 k = elf_ppnt->p_vaddr + elf_ppnt->p_filesz;
1050 if ((elf_ppnt->p_flags & PF_X) && end_code < k)
1054 k = elf_ppnt->p_vaddr + elf_ppnt->p_memsz;
1056 bss_prot = elf_prot;
1061 loc->elf_ex.e_entry += load_bias;
1062 elf_bss += load_bias;
1063 elf_brk += load_bias;
1064 start_code += load_bias;
1065 end_code += load_bias;
1066 start_data += load_bias;
1067 end_data += load_bias;
1069 /* Calling set_brk effectively mmaps the pages that we need
1070 * for the bss and break sections. We must do this before
1071 * mapping in the interpreter, to make sure it doesn't wind
1072 * up getting placed where the bss needs to go.
1074 retval = set_brk(elf_bss, elf_brk, bss_prot);
1076 goto out_free_dentry;
1077 if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
1078 retval = -EFAULT; /* Nobody gets to see this, but.. */
1079 goto out_free_dentry;
1083 unsigned long interp_map_addr = 0;
1085 elf_entry = load_elf_interp(&loc->interp_elf_ex,
1088 load_bias, interp_elf_phdata);
1089 if (!IS_ERR((void *)elf_entry)) {
1091 * load_elf_interp() returns relocation
1094 interp_load_addr = elf_entry;
1095 elf_entry += loc->interp_elf_ex.e_entry;
1097 if (BAD_ADDR(elf_entry)) {
1098 retval = IS_ERR((void *)elf_entry) ?
1099 (int)elf_entry : -EINVAL;
1100 goto out_free_dentry;
1102 reloc_func_desc = interp_load_addr;
1104 allow_write_access(interpreter);
1107 elf_entry = loc->elf_ex.e_entry;
1108 if (BAD_ADDR(elf_entry)) {
1110 goto out_free_dentry;
1114 kfree(interp_elf_phdata);
1117 set_binfmt(&elf_format);
1119 #ifdef ARCH_HAS_SETUP_ADDITIONAL_PAGES
1120 retval = arch_setup_additional_pages(bprm, !!interpreter);
1123 #endif /* ARCH_HAS_SETUP_ADDITIONAL_PAGES */
1125 retval = create_elf_tables(bprm, &loc->elf_ex,
1126 load_addr, interp_load_addr);
1129 /* N.B. passed_fileno might not be initialized? */
1130 current->mm->end_code = end_code;
1131 current->mm->start_code = start_code;
1132 current->mm->start_data = start_data;
1133 current->mm->end_data = end_data;
1134 current->mm->start_stack = bprm->p;
1136 if ((current->flags & PF_RANDOMIZE) && (randomize_va_space > 1)) {
1137 current->mm->brk = current->mm->start_brk =
1138 arch_randomize_brk(current->mm);
1139 #ifdef compat_brk_randomized
1140 current->brk_randomized = 1;
1144 if (current->personality & MMAP_PAGE_ZERO) {
1145 /* Why this, you ask??? Well SVr4 maps page 0 as read-only,
1146 and some applications "depend" upon this behavior.
1147 Since we do not have the power to recompile these, we
1148 emulate the SVr4 behavior. Sigh. */
1149 error = vm_mmap(NULL, 0, PAGE_SIZE, PROT_READ | PROT_EXEC,
1150 MAP_FIXED | MAP_PRIVATE, 0);
1153 #ifdef ELF_PLAT_INIT
1155 * The ABI may specify that certain registers be set up in special
1156 * ways (on i386 %edx is the address of a DT_FINI function, for
1157 * example. In addition, it may also specify (eg, PowerPC64 ELF)
1158 * that the e_entry field is the address of the function descriptor
1159 * for the startup routine, rather than the address of the startup
1160 * routine itself. This macro performs whatever initialization to
1161 * the regs structure is required as well as any relocations to the
1162 * function descriptor entries when executing dynamically links apps.
1164 ELF_PLAT_INIT(regs, reloc_func_desc);
1167 finalize_exec(bprm);
1168 start_thread(regs, elf_entry, bprm->p);
1177 kfree(interp_elf_phdata);
1178 allow_write_access(interpreter);
1186 #ifdef CONFIG_USELIB
1187 /* This is really simpleminded and specialized - we are loading an
1188 a.out library that is given an ELF header. */
1189 static int load_elf_library(struct file *file)
1191 struct elf_phdr *elf_phdata;
1192 struct elf_phdr *eppnt;
1193 unsigned long elf_bss, bss, len;
1194 int retval, error, i, j;
1195 struct elfhdr elf_ex;
1199 retval = kernel_read(file, &elf_ex, sizeof(elf_ex), &pos);
1200 if (retval != sizeof(elf_ex))
1203 if (memcmp(elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
1206 /* First of all, some simple consistency checks */
1207 if (elf_ex.e_type != ET_EXEC || elf_ex.e_phnum > 2 ||
1208 !elf_check_arch(&elf_ex) || !file->f_op->mmap)
1210 if (elf_check_fdpic(&elf_ex))
1213 /* Now read in all of the header information */
1215 j = sizeof(struct elf_phdr) * elf_ex.e_phnum;
1216 /* j < ELF_MIN_ALIGN because elf_ex.e_phnum <= 2 */
1219 elf_phdata = kmalloc(j, GFP_KERNEL);
1225 pos = elf_ex.e_phoff;
1226 retval = kernel_read(file, eppnt, j, &pos);
1230 for (j = 0, i = 0; i<elf_ex.e_phnum; i++)
1231 if ((eppnt + i)->p_type == PT_LOAD)
1236 while (eppnt->p_type != PT_LOAD)
1239 /* Now use mmap to map the library into memory. */
1240 error = vm_mmap(file,
1241 ELF_PAGESTART(eppnt->p_vaddr),
1243 ELF_PAGEOFFSET(eppnt->p_vaddr)),
1244 PROT_READ | PROT_WRITE | PROT_EXEC,
1245 MAP_FIXED_NOREPLACE | MAP_PRIVATE | MAP_DENYWRITE,
1247 ELF_PAGEOFFSET(eppnt->p_vaddr)));
1248 if (error != ELF_PAGESTART(eppnt->p_vaddr))
1251 elf_bss = eppnt->p_vaddr + eppnt->p_filesz;
1252 if (padzero(elf_bss)) {
1257 len = ELF_PAGEALIGN(eppnt->p_filesz + eppnt->p_vaddr);
1258 bss = ELF_PAGEALIGN(eppnt->p_memsz + eppnt->p_vaddr);
1260 error = vm_brk(len, bss - len);
1271 #endif /* #ifdef CONFIG_USELIB */
1273 #ifdef CONFIG_ELF_CORE
1277 * Modelled on fs/exec.c:aout_core_dump()
1278 * Jeremy Fitzhardinge <jeremy@sw.oz.au>
1282 * The purpose of always_dump_vma() is to make sure that special kernel mappings
1283 * that are useful for post-mortem analysis are included in every core dump.
1284 * In that way we ensure that the core dump is fully interpretable later
1285 * without matching up the same kernel and hardware config to see what PC values
1286 * meant. These special mappings include - vDSO, vsyscall, and other
1287 * architecture specific mappings
1289 static bool always_dump_vma(struct vm_area_struct *vma)
1291 /* Any vsyscall mappings? */
1292 if (vma == get_gate_vma(vma->vm_mm))
1296 * Assume that all vmas with a .name op should always be dumped.
1297 * If this changes, a new vm_ops field can easily be added.
1299 if (vma->vm_ops && vma->vm_ops->name && vma->vm_ops->name(vma))
1303 * arch_vma_name() returns non-NULL for special architecture mappings,
1304 * such as vDSO sections.
1306 if (arch_vma_name(vma))
1313 * Decide what to dump of a segment, part, all or none.
1315 static unsigned long vma_dump_size(struct vm_area_struct *vma,
1316 unsigned long mm_flags)
1318 #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type))
1320 /* always dump the vdso and vsyscall sections */
1321 if (always_dump_vma(vma))
1324 if (vma->vm_flags & VM_DONTDUMP)
1327 /* support for DAX */
1328 if (vma_is_dax(vma)) {
1329 if ((vma->vm_flags & VM_SHARED) && FILTER(DAX_SHARED))
1331 if (!(vma->vm_flags & VM_SHARED) && FILTER(DAX_PRIVATE))
1336 /* Hugetlb memory check */
1337 if (vma->vm_flags & VM_HUGETLB) {
1338 if ((vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_SHARED))
1340 if (!(vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_PRIVATE))
1345 /* Do not dump I/O mapped devices or special mappings */
1346 if (vma->vm_flags & VM_IO)
1349 /* By default, dump shared memory if mapped from an anonymous file. */
1350 if (vma->vm_flags & VM_SHARED) {
1351 if (file_inode(vma->vm_file)->i_nlink == 0 ?
1352 FILTER(ANON_SHARED) : FILTER(MAPPED_SHARED))
1357 /* Dump segments that have been written to. */
1358 if (vma->anon_vma && FILTER(ANON_PRIVATE))
1360 if (vma->vm_file == NULL)
1363 if (FILTER(MAPPED_PRIVATE))
1367 * If this looks like the beginning of a DSO or executable mapping,
1368 * check for an ELF header. If we find one, dump the first page to
1369 * aid in determining what was mapped here.
1371 if (FILTER(ELF_HEADERS) &&
1372 vma->vm_pgoff == 0 && (vma->vm_flags & VM_READ)) {
1373 u32 __user *header = (u32 __user *) vma->vm_start;
1375 mm_segment_t fs = get_fs();
1377 * Doing it this way gets the constant folded by GCC.
1381 char elfmag[SELFMAG];
1383 BUILD_BUG_ON(SELFMAG != sizeof word);
1384 magic.elfmag[EI_MAG0] = ELFMAG0;
1385 magic.elfmag[EI_MAG1] = ELFMAG1;
1386 magic.elfmag[EI_MAG2] = ELFMAG2;
1387 magic.elfmag[EI_MAG3] = ELFMAG3;
1389 * Switch to the user "segment" for get_user(),
1390 * then put back what elf_core_dump() had in place.
1393 if (unlikely(get_user(word, header)))
1396 if (word == magic.cmp)
1405 return vma->vm_end - vma->vm_start;
1408 /* An ELF note in memory */
1413 unsigned int datasz;
1417 static int notesize(struct memelfnote *en)
1421 sz = sizeof(struct elf_note);
1422 sz += roundup(strlen(en->name) + 1, 4);
1423 sz += roundup(en->datasz, 4);
1428 static int writenote(struct memelfnote *men, struct coredump_params *cprm)
1431 en.n_namesz = strlen(men->name) + 1;
1432 en.n_descsz = men->datasz;
1433 en.n_type = men->type;
1435 return dump_emit(cprm, &en, sizeof(en)) &&
1436 dump_emit(cprm, men->name, en.n_namesz) && dump_align(cprm, 4) &&
1437 dump_emit(cprm, men->data, men->datasz) && dump_align(cprm, 4);
1440 static void fill_elf_header(struct elfhdr *elf, int segs,
1441 u16 machine, u32 flags)
1443 memset(elf, 0, sizeof(*elf));
1445 memcpy(elf->e_ident, ELFMAG, SELFMAG);
1446 elf->e_ident[EI_CLASS] = ELF_CLASS;
1447 elf->e_ident[EI_DATA] = ELF_DATA;
1448 elf->e_ident[EI_VERSION] = EV_CURRENT;
1449 elf->e_ident[EI_OSABI] = ELF_OSABI;
1451 elf->e_type = ET_CORE;
1452 elf->e_machine = machine;
1453 elf->e_version = EV_CURRENT;
1454 elf->e_phoff = sizeof(struct elfhdr);
1455 elf->e_flags = flags;
1456 elf->e_ehsize = sizeof(struct elfhdr);
1457 elf->e_phentsize = sizeof(struct elf_phdr);
1458 elf->e_phnum = segs;
1461 static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, loff_t offset)
1463 phdr->p_type = PT_NOTE;
1464 phdr->p_offset = offset;
1467 phdr->p_filesz = sz;
1473 static void fill_note(struct memelfnote *note, const char *name, int type,
1474 unsigned int sz, void *data)
1483 * fill up all the fields in prstatus from the given task struct, except
1484 * registers which need to be filled up separately.
1486 static void fill_prstatus(struct elf_prstatus *prstatus,
1487 struct task_struct *p, long signr)
1489 prstatus->pr_info.si_signo = prstatus->pr_cursig = signr;
1490 prstatus->pr_sigpend = p->pending.signal.sig[0];
1491 prstatus->pr_sighold = p->blocked.sig[0];
1493 prstatus->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1495 prstatus->pr_pid = task_pid_vnr(p);
1496 prstatus->pr_pgrp = task_pgrp_vnr(p);
1497 prstatus->pr_sid = task_session_vnr(p);
1498 if (thread_group_leader(p)) {
1499 struct task_cputime cputime;
1502 * This is the record for the group leader. It shows the
1503 * group-wide total, not its individual thread total.
1505 thread_group_cputime(p, &cputime);
1506 prstatus->pr_utime = ns_to_timeval(cputime.utime);
1507 prstatus->pr_stime = ns_to_timeval(cputime.stime);
1511 task_cputime(p, &utime, &stime);
1512 prstatus->pr_utime = ns_to_timeval(utime);
1513 prstatus->pr_stime = ns_to_timeval(stime);
1516 prstatus->pr_cutime = ns_to_timeval(p->signal->cutime);
1517 prstatus->pr_cstime = ns_to_timeval(p->signal->cstime);
1520 static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p,
1521 struct mm_struct *mm)
1523 const struct cred *cred;
1524 unsigned int i, len;
1526 /* first copy the parameters from user space */
1527 memset(psinfo, 0, sizeof(struct elf_prpsinfo));
1529 len = mm->arg_end - mm->arg_start;
1530 if (len >= ELF_PRARGSZ)
1531 len = ELF_PRARGSZ-1;
1532 if (copy_from_user(&psinfo->pr_psargs,
1533 (const char __user *)mm->arg_start, len))
1535 for(i = 0; i < len; i++)
1536 if (psinfo->pr_psargs[i] == 0)
1537 psinfo->pr_psargs[i] = ' ';
1538 psinfo->pr_psargs[len] = 0;
1541 psinfo->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1543 psinfo->pr_pid = task_pid_vnr(p);
1544 psinfo->pr_pgrp = task_pgrp_vnr(p);
1545 psinfo->pr_sid = task_session_vnr(p);
1547 i = p->state ? ffz(~p->state) + 1 : 0;
1548 psinfo->pr_state = i;
1549 psinfo->pr_sname = (i > 5) ? '.' : "RSDTZW"[i];
1550 psinfo->pr_zomb = psinfo->pr_sname == 'Z';
1551 psinfo->pr_nice = task_nice(p);
1552 psinfo->pr_flag = p->flags;
1554 cred = __task_cred(p);
1555 SET_UID(psinfo->pr_uid, from_kuid_munged(cred->user_ns, cred->uid));
1556 SET_GID(psinfo->pr_gid, from_kgid_munged(cred->user_ns, cred->gid));
1558 strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname));
1563 static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
1565 elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
1569 while (auxv[i - 2] != AT_NULL);
1570 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
1573 static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata,
1574 const kernel_siginfo_t *siginfo)
1576 mm_segment_t old_fs = get_fs();
1578 copy_siginfo_to_user((user_siginfo_t __user *) csigdata, siginfo);
1580 fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata);
1583 #define MAX_FILE_NOTE_SIZE (4*1024*1024)
1585 * Format of NT_FILE note:
1587 * long count -- how many files are mapped
1588 * long page_size -- units for file_ofs
1589 * array of [COUNT] elements of
1593 * followed by COUNT filenames in ASCII: "FILE1" NUL "FILE2" NUL...
1595 static int fill_files_note(struct memelfnote *note)
1597 struct vm_area_struct *vma;
1598 unsigned count, size, names_ofs, remaining, n;
1600 user_long_t *start_end_ofs;
1601 char *name_base, *name_curpos;
1603 /* *Estimated* file count and total data size needed */
1604 count = current->mm->map_count;
1605 if (count > UINT_MAX / 64)
1609 names_ofs = (2 + 3 * count) * sizeof(data[0]);
1611 if (size >= MAX_FILE_NOTE_SIZE) /* paranoia check */
1613 size = round_up(size, PAGE_SIZE);
1614 data = kvmalloc(size, GFP_KERNEL);
1615 if (ZERO_OR_NULL_PTR(data))
1618 start_end_ofs = data + 2;
1619 name_base = name_curpos = ((char *)data) + names_ofs;
1620 remaining = size - names_ofs;
1622 for (vma = current->mm->mmap; vma != NULL; vma = vma->vm_next) {
1624 const char *filename;
1626 file = vma->vm_file;
1629 filename = file_path(file, name_curpos, remaining);
1630 if (IS_ERR(filename)) {
1631 if (PTR_ERR(filename) == -ENAMETOOLONG) {
1633 size = size * 5 / 4;
1639 /* file_path() fills at the end, move name down */
1640 /* n = strlen(filename) + 1: */
1641 n = (name_curpos + remaining) - filename;
1642 remaining = filename - name_curpos;
1643 memmove(name_curpos, filename, n);
1646 *start_end_ofs++ = vma->vm_start;
1647 *start_end_ofs++ = vma->vm_end;
1648 *start_end_ofs++ = vma->vm_pgoff;
1652 /* Now we know exact count of files, can store it */
1654 data[1] = PAGE_SIZE;
1656 * Count usually is less than current->mm->map_count,
1657 * we need to move filenames down.
1659 n = current->mm->map_count - count;
1661 unsigned shift_bytes = n * 3 * sizeof(data[0]);
1662 memmove(name_base - shift_bytes, name_base,
1663 name_curpos - name_base);
1664 name_curpos -= shift_bytes;
1667 size = name_curpos - (char *)data;
1668 fill_note(note, "CORE", NT_FILE, size, data);
1672 #ifdef CORE_DUMP_USE_REGSET
1673 #include <linux/regset.h>
1675 struct elf_thread_core_info {
1676 struct elf_thread_core_info *next;
1677 struct task_struct *task;
1678 struct elf_prstatus prstatus;
1679 struct memelfnote notes[0];
1682 struct elf_note_info {
1683 struct elf_thread_core_info *thread;
1684 struct memelfnote psinfo;
1685 struct memelfnote signote;
1686 struct memelfnote auxv;
1687 struct memelfnote files;
1688 user_siginfo_t csigdata;
1694 * When a regset has a writeback hook, we call it on each thread before
1695 * dumping user memory. On register window machines, this makes sure the
1696 * user memory backing the register data is up to date before we read it.
1698 static void do_thread_regset_writeback(struct task_struct *task,
1699 const struct user_regset *regset)
1701 if (regset->writeback)
1702 regset->writeback(task, regset, 1);
1705 #ifndef PRSTATUS_SIZE
1706 #define PRSTATUS_SIZE(S, R) sizeof(S)
1709 #ifndef SET_PR_FPVALID
1710 #define SET_PR_FPVALID(S, V, R) ((S)->pr_fpvalid = (V))
1713 static int fill_thread_core_info(struct elf_thread_core_info *t,
1714 const struct user_regset_view *view,
1715 long signr, size_t *total)
1718 unsigned int regset0_size = regset_size(t->task, &view->regsets[0]);
1721 * NT_PRSTATUS is the one special case, because the regset data
1722 * goes into the pr_reg field inside the note contents, rather
1723 * than being the whole note contents. We fill the reset in here.
1724 * We assume that regset 0 is NT_PRSTATUS.
1726 fill_prstatus(&t->prstatus, t->task, signr);
1727 (void) view->regsets[0].get(t->task, &view->regsets[0], 0, regset0_size,
1728 &t->prstatus.pr_reg, NULL);
1730 fill_note(&t->notes[0], "CORE", NT_PRSTATUS,
1731 PRSTATUS_SIZE(t->prstatus, regset0_size), &t->prstatus);
1732 *total += notesize(&t->notes[0]);
1734 do_thread_regset_writeback(t->task, &view->regsets[0]);
1737 * Each other regset might generate a note too. For each regset
1738 * that has no core_note_type or is inactive, we leave t->notes[i]
1739 * all zero and we'll know to skip writing it later.
1741 for (i = 1; i < view->n; ++i) {
1742 const struct user_regset *regset = &view->regsets[i];
1743 do_thread_regset_writeback(t->task, regset);
1744 if (regset->core_note_type && regset->get &&
1745 (!regset->active || regset->active(t->task, regset) > 0)) {
1747 size_t size = regset_size(t->task, regset);
1748 void *data = kmalloc(size, GFP_KERNEL);
1749 if (unlikely(!data))
1751 ret = regset->get(t->task, regset,
1752 0, size, data, NULL);
1756 if (regset->core_note_type != NT_PRFPREG)
1757 fill_note(&t->notes[i], "LINUX",
1758 regset->core_note_type,
1761 SET_PR_FPVALID(&t->prstatus,
1763 fill_note(&t->notes[i], "CORE",
1764 NT_PRFPREG, size, data);
1766 *total += notesize(&t->notes[i]);
1774 static int fill_note_info(struct elfhdr *elf, int phdrs,
1775 struct elf_note_info *info,
1776 const kernel_siginfo_t *siginfo, struct pt_regs *regs)
1778 struct task_struct *dump_task = current;
1779 const struct user_regset_view *view = task_user_regset_view(dump_task);
1780 struct elf_thread_core_info *t;
1781 struct elf_prpsinfo *psinfo;
1782 struct core_thread *ct;
1786 info->thread = NULL;
1788 psinfo = kmalloc(sizeof(*psinfo), GFP_KERNEL);
1789 if (psinfo == NULL) {
1790 info->psinfo.data = NULL; /* So we don't free this wrongly */
1794 fill_note(&info->psinfo, "CORE", NT_PRPSINFO, sizeof(*psinfo), psinfo);
1797 * Figure out how many notes we're going to need for each thread.
1799 info->thread_notes = 0;
1800 for (i = 0; i < view->n; ++i)
1801 if (view->regsets[i].core_note_type != 0)
1802 ++info->thread_notes;
1805 * Sanity check. We rely on regset 0 being in NT_PRSTATUS,
1806 * since it is our one special case.
1808 if (unlikely(info->thread_notes == 0) ||
1809 unlikely(view->regsets[0].core_note_type != NT_PRSTATUS)) {
1815 * Initialize the ELF file header.
1817 fill_elf_header(elf, phdrs,
1818 view->e_machine, view->e_flags);
1821 * Allocate a structure for each thread.
1823 for (ct = &dump_task->mm->core_state->dumper; ct; ct = ct->next) {
1824 t = kzalloc(offsetof(struct elf_thread_core_info,
1825 notes[info->thread_notes]),
1831 if (ct->task == dump_task || !info->thread) {
1832 t->next = info->thread;
1836 * Make sure to keep the original task at
1837 * the head of the list.
1839 t->next = info->thread->next;
1840 info->thread->next = t;
1845 * Now fill in each thread's information.
1847 for (t = info->thread; t != NULL; t = t->next)
1848 if (!fill_thread_core_info(t, view, siginfo->si_signo, &info->size))
1852 * Fill in the two process-wide notes.
1854 fill_psinfo(psinfo, dump_task->group_leader, dump_task->mm);
1855 info->size += notesize(&info->psinfo);
1857 fill_siginfo_note(&info->signote, &info->csigdata, siginfo);
1858 info->size += notesize(&info->signote);
1860 fill_auxv_note(&info->auxv, current->mm);
1861 info->size += notesize(&info->auxv);
1863 if (fill_files_note(&info->files) == 0)
1864 info->size += notesize(&info->files);
1869 static size_t get_note_info_size(struct elf_note_info *info)
1875 * Write all the notes for each thread. When writing the first thread, the
1876 * process-wide notes are interleaved after the first thread-specific note.
1878 static int write_note_info(struct elf_note_info *info,
1879 struct coredump_params *cprm)
1882 struct elf_thread_core_info *t = info->thread;
1887 if (!writenote(&t->notes[0], cprm))
1890 if (first && !writenote(&info->psinfo, cprm))
1892 if (first && !writenote(&info->signote, cprm))
1894 if (first && !writenote(&info->auxv, cprm))
1896 if (first && info->files.data &&
1897 !writenote(&info->files, cprm))
1900 for (i = 1; i < info->thread_notes; ++i)
1901 if (t->notes[i].data &&
1902 !writenote(&t->notes[i], cprm))
1912 static void free_note_info(struct elf_note_info *info)
1914 struct elf_thread_core_info *threads = info->thread;
1917 struct elf_thread_core_info *t = threads;
1919 WARN_ON(t->notes[0].data && t->notes[0].data != &t->prstatus);
1920 for (i = 1; i < info->thread_notes; ++i)
1921 kfree(t->notes[i].data);
1924 kfree(info->psinfo.data);
1925 kvfree(info->files.data);
1930 /* Here is the structure in which status of each thread is captured. */
1931 struct elf_thread_status
1933 struct list_head list;
1934 struct elf_prstatus prstatus; /* NT_PRSTATUS */
1935 elf_fpregset_t fpu; /* NT_PRFPREG */
1936 struct task_struct *thread;
1937 #ifdef ELF_CORE_COPY_XFPREGS
1938 elf_fpxregset_t xfpu; /* ELF_CORE_XFPREG_TYPE */
1940 struct memelfnote notes[3];
1945 * In order to add the specific thread information for the elf file format,
1946 * we need to keep a linked list of every threads pr_status and then create
1947 * a single section for them in the final core file.
1949 static int elf_dump_thread_status(long signr, struct elf_thread_status *t)
1952 struct task_struct *p = t->thread;
1955 fill_prstatus(&t->prstatus, p, signr);
1956 elf_core_copy_task_regs(p, &t->prstatus.pr_reg);
1958 fill_note(&t->notes[0], "CORE", NT_PRSTATUS, sizeof(t->prstatus),
1961 sz += notesize(&t->notes[0]);
1963 if ((t->prstatus.pr_fpvalid = elf_core_copy_task_fpregs(p, NULL,
1965 fill_note(&t->notes[1], "CORE", NT_PRFPREG, sizeof(t->fpu),
1968 sz += notesize(&t->notes[1]);
1971 #ifdef ELF_CORE_COPY_XFPREGS
1972 if (elf_core_copy_task_xfpregs(p, &t->xfpu)) {
1973 fill_note(&t->notes[2], "LINUX", ELF_CORE_XFPREG_TYPE,
1974 sizeof(t->xfpu), &t->xfpu);
1976 sz += notesize(&t->notes[2]);
1982 struct elf_note_info {
1983 struct memelfnote *notes;
1984 struct memelfnote *notes_files;
1985 struct elf_prstatus *prstatus; /* NT_PRSTATUS */
1986 struct elf_prpsinfo *psinfo; /* NT_PRPSINFO */
1987 struct list_head thread_list;
1988 elf_fpregset_t *fpu;
1989 #ifdef ELF_CORE_COPY_XFPREGS
1990 elf_fpxregset_t *xfpu;
1992 user_siginfo_t csigdata;
1993 int thread_status_size;
1997 static int elf_note_info_init(struct elf_note_info *info)
1999 memset(info, 0, sizeof(*info));
2000 INIT_LIST_HEAD(&info->thread_list);
2002 /* Allocate space for ELF notes */
2003 info->notes = kmalloc_array(8, sizeof(struct memelfnote), GFP_KERNEL);
2006 info->psinfo = kmalloc(sizeof(*info->psinfo), GFP_KERNEL);
2009 info->prstatus = kmalloc(sizeof(*info->prstatus), GFP_KERNEL);
2010 if (!info->prstatus)
2012 info->fpu = kmalloc(sizeof(*info->fpu), GFP_KERNEL);
2015 #ifdef ELF_CORE_COPY_XFPREGS
2016 info->xfpu = kmalloc(sizeof(*info->xfpu), GFP_KERNEL);
2023 static int fill_note_info(struct elfhdr *elf, int phdrs,
2024 struct elf_note_info *info,
2025 const kernel_siginfo_t *siginfo, struct pt_regs *regs)
2027 struct core_thread *ct;
2028 struct elf_thread_status *ets;
2030 if (!elf_note_info_init(info))
2033 for (ct = current->mm->core_state->dumper.next;
2034 ct; ct = ct->next) {
2035 ets = kzalloc(sizeof(*ets), GFP_KERNEL);
2039 ets->thread = ct->task;
2040 list_add(&ets->list, &info->thread_list);
2043 list_for_each_entry(ets, &info->thread_list, list) {
2046 sz = elf_dump_thread_status(siginfo->si_signo, ets);
2047 info->thread_status_size += sz;
2049 /* now collect the dump for the current */
2050 memset(info->prstatus, 0, sizeof(*info->prstatus));
2051 fill_prstatus(info->prstatus, current, siginfo->si_signo);
2052 elf_core_copy_regs(&info->prstatus->pr_reg, regs);
2055 fill_elf_header(elf, phdrs, ELF_ARCH, ELF_CORE_EFLAGS);
2058 * Set up the notes in similar form to SVR4 core dumps made
2059 * with info from their /proc.
2062 fill_note(info->notes + 0, "CORE", NT_PRSTATUS,
2063 sizeof(*info->prstatus), info->prstatus);
2064 fill_psinfo(info->psinfo, current->group_leader, current->mm);
2065 fill_note(info->notes + 1, "CORE", NT_PRPSINFO,
2066 sizeof(*info->psinfo), info->psinfo);
2068 fill_siginfo_note(info->notes + 2, &info->csigdata, siginfo);
2069 fill_auxv_note(info->notes + 3, current->mm);
2072 if (fill_files_note(info->notes + info->numnote) == 0) {
2073 info->notes_files = info->notes + info->numnote;
2077 /* Try to dump the FPU. */
2078 info->prstatus->pr_fpvalid = elf_core_copy_task_fpregs(current, regs,
2080 if (info->prstatus->pr_fpvalid)
2081 fill_note(info->notes + info->numnote++,
2082 "CORE", NT_PRFPREG, sizeof(*info->fpu), info->fpu);
2083 #ifdef ELF_CORE_COPY_XFPREGS
2084 if (elf_core_copy_task_xfpregs(current, info->xfpu))
2085 fill_note(info->notes + info->numnote++,
2086 "LINUX", ELF_CORE_XFPREG_TYPE,
2087 sizeof(*info->xfpu), info->xfpu);
2093 static size_t get_note_info_size(struct elf_note_info *info)
2098 for (i = 0; i < info->numnote; i++)
2099 sz += notesize(info->notes + i);
2101 sz += info->thread_status_size;
2106 static int write_note_info(struct elf_note_info *info,
2107 struct coredump_params *cprm)
2109 struct elf_thread_status *ets;
2112 for (i = 0; i < info->numnote; i++)
2113 if (!writenote(info->notes + i, cprm))
2116 /* write out the thread status notes section */
2117 list_for_each_entry(ets, &info->thread_list, list) {
2118 for (i = 0; i < ets->num_notes; i++)
2119 if (!writenote(&ets->notes[i], cprm))
2126 static void free_note_info(struct elf_note_info *info)
2128 while (!list_empty(&info->thread_list)) {
2129 struct list_head *tmp = info->thread_list.next;
2131 kfree(list_entry(tmp, struct elf_thread_status, list));
2134 /* Free data possibly allocated by fill_files_note(): */
2135 if (info->notes_files)
2136 kvfree(info->notes_files->data);
2138 kfree(info->prstatus);
2139 kfree(info->psinfo);
2142 #ifdef ELF_CORE_COPY_XFPREGS
2149 static struct vm_area_struct *first_vma(struct task_struct *tsk,
2150 struct vm_area_struct *gate_vma)
2152 struct vm_area_struct *ret = tsk->mm->mmap;
2159 * Helper function for iterating across a vma list. It ensures that the caller
2160 * will visit `gate_vma' prior to terminating the search.
2162 static struct vm_area_struct *next_vma(struct vm_area_struct *this_vma,
2163 struct vm_area_struct *gate_vma)
2165 struct vm_area_struct *ret;
2167 ret = this_vma->vm_next;
2170 if (this_vma == gate_vma)
2175 static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
2176 elf_addr_t e_shoff, int segs)
2178 elf->e_shoff = e_shoff;
2179 elf->e_shentsize = sizeof(*shdr4extnum);
2181 elf->e_shstrndx = SHN_UNDEF;
2183 memset(shdr4extnum, 0, sizeof(*shdr4extnum));
2185 shdr4extnum->sh_type = SHT_NULL;
2186 shdr4extnum->sh_size = elf->e_shnum;
2187 shdr4extnum->sh_link = elf->e_shstrndx;
2188 shdr4extnum->sh_info = segs;
2194 * This is a two-pass process; first we find the offsets of the bits,
2195 * and then they are actually written out. If we run out of core limit
2198 static int elf_core_dump(struct coredump_params *cprm)
2203 size_t vma_data_size = 0;
2204 struct vm_area_struct *vma, *gate_vma;
2205 struct elfhdr *elf = NULL;
2206 loff_t offset = 0, dataoff;
2207 struct elf_note_info info = { };
2208 struct elf_phdr *phdr4note = NULL;
2209 struct elf_shdr *shdr4extnum = NULL;
2212 elf_addr_t *vma_filesz = NULL;
2215 * We no longer stop all VM operations.
2217 * This is because those proceses that could possibly change map_count
2218 * or the mmap / vma pages are now blocked in do_exit on current
2219 * finishing this core dump.
2221 * Only ptrace can touch these memory addresses, but it doesn't change
2222 * the map_count or the pages allocated. So no possibility of crashing
2223 * exists while dumping the mm->vm_next areas to the core file.
2226 /* alloc memory for large data structures: too large to be on stack */
2227 elf = kmalloc(sizeof(*elf), GFP_KERNEL);
2231 * The number of segs are recored into ELF header as 16bit value.
2232 * Please check DEFAULT_MAX_MAP_COUNT definition when you modify here.
2234 segs = current->mm->map_count;
2235 segs += elf_core_extra_phdrs();
2237 gate_vma = get_gate_vma(current->mm);
2238 if (gate_vma != NULL)
2241 /* for notes section */
2244 /* If segs > PN_XNUM(0xffff), then e_phnum overflows. To avoid
2245 * this, kernel supports extended numbering. Have a look at
2246 * include/linux/elf.h for further information. */
2247 e_phnum = segs > PN_XNUM ? PN_XNUM : segs;
2250 * Collect all the non-memory information about the process for the
2251 * notes. This also sets up the file header.
2253 if (!fill_note_info(elf, e_phnum, &info, cprm->siginfo, cprm->regs))
2261 offset += sizeof(*elf); /* Elf header */
2262 offset += segs * sizeof(struct elf_phdr); /* Program headers */
2264 /* Write notes phdr entry */
2266 size_t sz = get_note_info_size(&info);
2268 sz += elf_coredump_extra_notes_size();
2270 phdr4note = kmalloc(sizeof(*phdr4note), GFP_KERNEL);
2274 fill_elf_note_phdr(phdr4note, sz, offset);
2278 dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
2280 if (segs - 1 > ULONG_MAX / sizeof(*vma_filesz))
2282 vma_filesz = kvmalloc(array_size(sizeof(*vma_filesz), (segs - 1)),
2284 if (ZERO_OR_NULL_PTR(vma_filesz))
2287 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
2288 vma = next_vma(vma, gate_vma)) {
2289 unsigned long dump_size;
2291 dump_size = vma_dump_size(vma, cprm->mm_flags);
2292 vma_filesz[i++] = dump_size;
2293 vma_data_size += dump_size;
2296 offset += vma_data_size;
2297 offset += elf_core_extra_data_size();
2300 if (e_phnum == PN_XNUM) {
2301 shdr4extnum = kmalloc(sizeof(*shdr4extnum), GFP_KERNEL);
2304 fill_extnum_info(elf, shdr4extnum, e_shoff, segs);
2309 if (!dump_emit(cprm, elf, sizeof(*elf)))
2312 if (!dump_emit(cprm, phdr4note, sizeof(*phdr4note)))
2315 /* Write program headers for segments dump */
2316 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
2317 vma = next_vma(vma, gate_vma)) {
2318 struct elf_phdr phdr;
2320 phdr.p_type = PT_LOAD;
2321 phdr.p_offset = offset;
2322 phdr.p_vaddr = vma->vm_start;
2324 phdr.p_filesz = vma_filesz[i++];
2325 phdr.p_memsz = vma->vm_end - vma->vm_start;
2326 offset += phdr.p_filesz;
2327 phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
2328 if (vma->vm_flags & VM_WRITE)
2329 phdr.p_flags |= PF_W;
2330 if (vma->vm_flags & VM_EXEC)
2331 phdr.p_flags |= PF_X;
2332 phdr.p_align = ELF_EXEC_PAGESIZE;
2334 if (!dump_emit(cprm, &phdr, sizeof(phdr)))
2338 if (!elf_core_write_extra_phdrs(cprm, offset))
2341 /* write out the notes section */
2342 if (!write_note_info(&info, cprm))
2345 if (elf_coredump_extra_notes_write(cprm))
2349 if (!dump_skip(cprm, dataoff - cprm->pos))
2352 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
2353 vma = next_vma(vma, gate_vma)) {
2357 end = vma->vm_start + vma_filesz[i++];
2359 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
2363 page = get_dump_page(addr);
2365 void *kaddr = kmap(page);
2366 stop = !dump_emit(cprm, kaddr, PAGE_SIZE);
2370 stop = !dump_skip(cprm, PAGE_SIZE);
2375 dump_truncate(cprm);
2377 if (!elf_core_write_extra_data(cprm))
2380 if (e_phnum == PN_XNUM) {
2381 if (!dump_emit(cprm, shdr4extnum, sizeof(*shdr4extnum)))
2389 free_note_info(&info);
2398 #endif /* CONFIG_ELF_CORE */
2400 static int __init init_elf_binfmt(void)
2402 register_binfmt(&elf_format);
2406 static void __exit exit_elf_binfmt(void)
2408 /* Remove the COFF and ELF loaders. */
2409 unregister_binfmt(&elf_format);
2412 core_initcall(init_elf_binfmt);
2413 module_exit(exit_elf_binfmt);
2414 MODULE_LICENSE("GPL");
projects / linux.git / blob