1 // SPDX-License-Identifier: GPL-2.0-only
3 * linux/fs/binfmt_elf.c
5 * These are the functions used to load ELF format executables as used
6 * on SVr4 machines. Information on the format may be found in the book
7 * "UNIX SYSTEM V RELEASE 4 Programmers Guide: Ansi C and Programming Support
10 * Copyright 1993, 1994: Eric Youngdale (ericy@cais.com).
13 #include <linux/module.h>
14 #include <linux/kernel.h>
17 #include <linux/mman.h>
18 #include <linux/errno.h>
19 #include <linux/signal.h>
20 #include <linux/binfmts.h>
21 #include <linux/string.h>
22 #include <linux/file.h>
23 #include <linux/slab.h>
24 #include <linux/personality.h>
25 #include <linux/elfcore.h>
26 #include <linux/init.h>
27 #include <linux/highuid.h>
28 #include <linux/compiler.h>
29 #include <linux/highmem.h>
30 #include <linux/pagemap.h>
31 #include <linux/vmalloc.h>
32 #include <linux/security.h>
33 #include <linux/random.h>
34 #include <linux/elf.h>
35 #include <linux/elf-randomize.h>
36 #include <linux/utsname.h>
37 #include <linux/coredump.h>
38 #include <linux/sched.h>
39 #include <linux/sched/coredump.h>
40 #include <linux/sched/task_stack.h>
41 #include <linux/sched/cputime.h>
42 #include <linux/cred.h>
43 #include <linux/dax.h>
44 #include <linux/uaccess.h>
45 #include <asm/param.h>
49 #define user_long_t long
51 #ifndef user_siginfo_t
52 #define user_siginfo_t siginfo_t
55 /* That's for binfmt_elf_fdpic to deal with */
56 #ifndef elf_check_fdpic
57 #define elf_check_fdpic(ex) false
60 static int load_elf_binary(struct linux_binprm *bprm);
63 static int load_elf_library(struct file *);
65 #define load_elf_library NULL
69 * If we don't support core dumping, then supply a NULL so we
72 #ifdef CONFIG_ELF_CORE
73 static int elf_core_dump(struct coredump_params *cprm);
75 #define elf_core_dump NULL
78 #if ELF_EXEC_PAGESIZE > PAGE_SIZE
79 #define ELF_MIN_ALIGN ELF_EXEC_PAGESIZE
81 #define ELF_MIN_ALIGN PAGE_SIZE
84 #ifndef ELF_CORE_EFLAGS
85 #define ELF_CORE_EFLAGS 0
88 #define ELF_PAGESTART(_v) ((_v) & ~(unsigned long)(ELF_MIN_ALIGN-1))
89 #define ELF_PAGEOFFSET(_v) ((_v) & (ELF_MIN_ALIGN-1))
90 #define ELF_PAGEALIGN(_v) (((_v) + ELF_MIN_ALIGN - 1) & ~(ELF_MIN_ALIGN - 1))
92 static struct linux_binfmt elf_format = {
93 .module = THIS_MODULE,
94 .load_binary = load_elf_binary,
95 .load_shlib = load_elf_library,
96 .core_dump = elf_core_dump,
97 .min_coredump = ELF_EXEC_PAGESIZE,
100 #define BAD_ADDR(x) ((unsigned long)(x) >= TASK_SIZE)
102 static int set_brk(unsigned long start, unsigned long end, int prot)
104 start = ELF_PAGEALIGN(start);
105 end = ELF_PAGEALIGN(end);
108 * Map the last of the bss segment.
109 * If the header is requesting these pages to be
110 * executable, honour that (ppc32 needs this).
112 int error = vm_brk_flags(start, end - start,
113 prot & PROT_EXEC ? VM_EXEC : 0);
117 current->mm->start_brk = current->mm->brk = end;
121 /* We need to explicitly zero any fractional pages
122 after the data section (i.e. bss). This would
123 contain the junk from the file that should not
126 static int padzero(unsigned long elf_bss)
130 nbyte = ELF_PAGEOFFSET(elf_bss);
132 nbyte = ELF_MIN_ALIGN - nbyte;
133 if (clear_user((void __user *) elf_bss, nbyte))
139 /* Let's use some macros to make this stack manipulation a little clearer */
140 #ifdef CONFIG_STACK_GROWSUP
141 #define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) + (items))
142 #define STACK_ROUND(sp, items) \
143 ((15 + (unsigned long) ((sp) + (items))) &~ 15UL)
144 #define STACK_ALLOC(sp, len) ({ \
145 elf_addr_t __user *old_sp = (elf_addr_t __user *)sp; sp += len; \
148 #define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) - (items))
149 #define STACK_ROUND(sp, items) \
150 (((unsigned long) (sp - items)) &~ 15UL)
151 #define STACK_ALLOC(sp, len) ({ sp -= len ; sp; })
154 #ifndef ELF_BASE_PLATFORM
156 * AT_BASE_PLATFORM indicates the "real" hardware/microarchitecture.
157 * If the arch defines ELF_BASE_PLATFORM (in asm/elf.h), the value
158 * will be copied to the user stack in the same manner as AT_PLATFORM.
160 #define ELF_BASE_PLATFORM NULL
164 create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
165 unsigned long load_addr, unsigned long interp_load_addr)
167 unsigned long p = bprm->p;
168 int argc = bprm->argc;
169 int envc = bprm->envc;
170 elf_addr_t __user *sp;
171 elf_addr_t __user *u_platform;
172 elf_addr_t __user *u_base_platform;
173 elf_addr_t __user *u_rand_bytes;
174 const char *k_platform = ELF_PLATFORM;
175 const char *k_base_platform = ELF_BASE_PLATFORM;
176 unsigned char k_rand_bytes[16];
178 elf_addr_t *elf_info;
180 const struct cred *cred = current_cred();
181 struct vm_area_struct *vma;
184 * In some cases (e.g. Hyper-Threading), we want to avoid L1
185 * evictions by the processes running on the same package. One
186 * thing we can do is to shuffle the initial stack for them.
189 p = arch_align_stack(p);
192 * If this architecture has a platform capability string, copy it
193 * to userspace. In some cases (Sparc), this info is impossible
194 * for userspace to get any other way, in others (i386) it is
199 size_t len = strlen(k_platform) + 1;
201 u_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
202 if (__copy_to_user(u_platform, k_platform, len))
207 * If this architecture has a "base" platform capability
208 * string, copy it to userspace.
210 u_base_platform = NULL;
211 if (k_base_platform) {
212 size_t len = strlen(k_base_platform) + 1;
214 u_base_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
215 if (__copy_to_user(u_base_platform, k_base_platform, len))
220 * Generate 16 random bytes for userspace PRNG seeding.
222 get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes));
223 u_rand_bytes = (elf_addr_t __user *)
224 STACK_ALLOC(p, sizeof(k_rand_bytes));
225 if (__copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes)))
228 /* Create the ELF interpreter info */
229 elf_info = (elf_addr_t *)current->mm->saved_auxv;
230 /* update AT_VECTOR_SIZE_BASE if the number of NEW_AUX_ENT() changes */
231 #define NEW_AUX_ENT(id, val) \
233 elf_info[ei_index++] = id; \
234 elf_info[ei_index++] = val; \
239 * ARCH_DLINFO must come first so PPC can do its special alignment of
241 * update AT_VECTOR_SIZE_ARCH if the number of NEW_AUX_ENT() in
242 * ARCH_DLINFO changes
246 NEW_AUX_ENT(AT_HWCAP, ELF_HWCAP);
247 NEW_AUX_ENT(AT_PAGESZ, ELF_EXEC_PAGESIZE);
248 NEW_AUX_ENT(AT_CLKTCK, CLOCKS_PER_SEC);
249 NEW_AUX_ENT(AT_PHDR, load_addr + exec->e_phoff);
250 NEW_AUX_ENT(AT_PHENT, sizeof(struct elf_phdr));
251 NEW_AUX_ENT(AT_PHNUM, exec->e_phnum);
252 NEW_AUX_ENT(AT_BASE, interp_load_addr);
253 NEW_AUX_ENT(AT_FLAGS, 0);
254 NEW_AUX_ENT(AT_ENTRY, exec->e_entry);
255 NEW_AUX_ENT(AT_UID, from_kuid_munged(cred->user_ns, cred->uid));
256 NEW_AUX_ENT(AT_EUID, from_kuid_munged(cred->user_ns, cred->euid));
257 NEW_AUX_ENT(AT_GID, from_kgid_munged(cred->user_ns, cred->gid));
258 NEW_AUX_ENT(AT_EGID, from_kgid_munged(cred->user_ns, cred->egid));
259 NEW_AUX_ENT(AT_SECURE, bprm->secureexec);
260 NEW_AUX_ENT(AT_RANDOM, (elf_addr_t)(unsigned long)u_rand_bytes);
262 NEW_AUX_ENT(AT_HWCAP2, ELF_HWCAP2);
264 NEW_AUX_ENT(AT_EXECFN, bprm->exec);
266 NEW_AUX_ENT(AT_PLATFORM,
267 (elf_addr_t)(unsigned long)u_platform);
269 if (k_base_platform) {
270 NEW_AUX_ENT(AT_BASE_PLATFORM,
271 (elf_addr_t)(unsigned long)u_base_platform);
273 if (bprm->interp_flags & BINPRM_FLAGS_EXECFD) {
274 NEW_AUX_ENT(AT_EXECFD, bprm->interp_data);
277 /* AT_NULL is zero; clear the rest too */
278 memset(&elf_info[ei_index], 0,
279 sizeof current->mm->saved_auxv - ei_index * sizeof elf_info[0]);
281 /* And advance past the AT_NULL entry. */
284 sp = STACK_ADD(p, ei_index);
286 items = (argc + 1) + (envc + 1) + 1;
287 bprm->p = STACK_ROUND(sp, items);
289 /* Point sp at the lowest address on the stack */
290 #ifdef CONFIG_STACK_GROWSUP
291 sp = (elf_addr_t __user *)bprm->p - items - ei_index;
292 bprm->exec = (unsigned long)sp; /* XXX: PARISC HACK */
294 sp = (elf_addr_t __user *)bprm->p;
299 * Grow the stack manually; some architectures have a limit on how
300 * far ahead a user-space access may be in order to grow the stack.
302 vma = find_extend_vma(current->mm, bprm->p);
306 /* Now, let's put argc (and argv, envp if appropriate) on the stack */
307 if (__put_user(argc, sp++))
310 /* Populate list of argv pointers back to argv strings. */
311 p = current->mm->arg_end = current->mm->arg_start;
314 if (__put_user((elf_addr_t)p, sp++))
316 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
317 if (!len || len > MAX_ARG_STRLEN)
321 if (__put_user(0, sp++))
323 current->mm->arg_end = p;
325 /* Populate list of envp pointers back to envp strings. */
326 current->mm->env_end = current->mm->env_start = p;
329 if (__put_user((elf_addr_t)p, sp++))
331 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
332 if (!len || len > MAX_ARG_STRLEN)
336 if (__put_user(0, sp++))
338 current->mm->env_end = p;
340 /* Put the elf_info on the stack in the right place. */
341 if (copy_to_user(sp, elf_info, ei_index * sizeof(elf_addr_t)))
348 static unsigned long elf_map(struct file *filep, unsigned long addr,
349 const struct elf_phdr *eppnt, int prot, int type,
350 unsigned long total_size)
352 unsigned long map_addr;
353 unsigned long size = eppnt->p_filesz + ELF_PAGEOFFSET(eppnt->p_vaddr);
354 unsigned long off = eppnt->p_offset - ELF_PAGEOFFSET(eppnt->p_vaddr);
355 addr = ELF_PAGESTART(addr);
356 size = ELF_PAGEALIGN(size);
358 /* mmap() will return -EINVAL if given a zero size, but a
359 * segment with zero filesize is perfectly valid */
364 * total_size is the size of the ELF (interpreter) image.
365 * The _first_ mmap needs to know the full size, otherwise
366 * randomization might put this image into an overlapping
367 * position with the ELF binary image. (since size < total_size)
368 * So we first map the 'big' image - and unmap the remainder at
369 * the end. (which unmap is needed for ELF images with holes.)
372 total_size = ELF_PAGEALIGN(total_size);
373 map_addr = vm_mmap(filep, addr, total_size, prot, type, off);
374 if (!BAD_ADDR(map_addr))
375 vm_munmap(map_addr+size, total_size-size);
377 map_addr = vm_mmap(filep, addr, size, prot, type, off);
379 if ((type & MAP_FIXED_NOREPLACE) &&
380 PTR_ERR((void *)map_addr) == -EEXIST)
381 pr_info("%d (%s): Uhuuh, elf segment at %px requested but the memory is mapped already\n",
382 task_pid_nr(current), current->comm, (void *)addr);
387 #endif /* !elf_map */
389 static unsigned long total_mapping_size(const struct elf_phdr *cmds, int nr)
391 int i, first_idx = -1, last_idx = -1;
393 for (i = 0; i < nr; i++) {
394 if (cmds[i].p_type == PT_LOAD) {
403 return cmds[last_idx].p_vaddr + cmds[last_idx].p_memsz -
404 ELF_PAGESTART(cmds[first_idx].p_vaddr);
408 * load_elf_phdrs() - load ELF program headers
409 * @elf_ex: ELF header of the binary whose program headers should be loaded
410 * @elf_file: the opened ELF binary file
412 * Loads ELF program headers from the binary file elf_file, which has the ELF
413 * header pointed to by elf_ex, into a newly allocated array. The caller is
414 * responsible for freeing the allocated data. Returns an ERR_PTR upon failure.
416 static struct elf_phdr *load_elf_phdrs(const struct elfhdr *elf_ex,
417 struct file *elf_file)
419 struct elf_phdr *elf_phdata = NULL;
420 int retval, err = -1;
421 loff_t pos = elf_ex->e_phoff;
425 * If the size of this structure has changed, then punt, since
426 * we will be doing the wrong thing.
428 if (elf_ex->e_phentsize != sizeof(struct elf_phdr))
431 /* Sanity check the number of program headers... */
432 /* ...and their total size. */
433 size = sizeof(struct elf_phdr) * elf_ex->e_phnum;
434 if (size == 0 || size > 65536 || size > ELF_MIN_ALIGN)
437 elf_phdata = kmalloc(size, GFP_KERNEL);
441 /* Read in the program headers */
442 retval = kernel_read(elf_file, elf_phdata, size, &pos);
443 if (retval != size) {
444 err = (retval < 0) ? retval : -EIO;
458 #ifndef CONFIG_ARCH_BINFMT_ELF_STATE
461 * struct arch_elf_state - arch-specific ELF loading state
463 * This structure is used to preserve architecture specific data during
464 * the loading of an ELF file, throughout the checking of architecture
465 * specific ELF headers & through to the point where the ELF load is
466 * known to be proceeding (ie. SET_PERSONALITY).
468 * This implementation is a dummy for architectures which require no
471 struct arch_elf_state {
474 #define INIT_ARCH_ELF_STATE {}
477 * arch_elf_pt_proc() - check a PT_LOPROC..PT_HIPROC ELF program header
478 * @ehdr: The main ELF header
479 * @phdr: The program header to check
480 * @elf: The open ELF file
481 * @is_interp: True if the phdr is from the interpreter of the ELF being
482 * loaded, else false.
483 * @state: Architecture-specific state preserved throughout the process
484 * of loading the ELF.
486 * Inspects the program header phdr to validate its correctness and/or
487 * suitability for the system. Called once per ELF program header in the
488 * range PT_LOPROC to PT_HIPROC, for both the ELF being loaded and its
491 * Return: Zero to proceed with the ELF load, non-zero to fail the ELF load
492 * with that return code.
494 static inline int arch_elf_pt_proc(struct elfhdr *ehdr,
495 struct elf_phdr *phdr,
496 struct file *elf, bool is_interp,
497 struct arch_elf_state *state)
499 /* Dummy implementation, always proceed */
504 * arch_check_elf() - check an ELF executable
505 * @ehdr: The main ELF header
506 * @has_interp: True if the ELF has an interpreter, else false.
507 * @interp_ehdr: The interpreter's ELF header
508 * @state: Architecture-specific state preserved throughout the process
509 * of loading the ELF.
511 * Provides a final opportunity for architecture code to reject the loading
512 * of the ELF & cause an exec syscall to return an error. This is called after
513 * all program headers to be checked by arch_elf_pt_proc have been.
515 * Return: Zero to proceed with the ELF load, non-zero to fail the ELF load
516 * with that return code.
518 static inline int arch_check_elf(struct elfhdr *ehdr, bool has_interp,
519 struct elfhdr *interp_ehdr,
520 struct arch_elf_state *state)
522 /* Dummy implementation, always proceed */
526 #endif /* !CONFIG_ARCH_BINFMT_ELF_STATE */
528 static inline int make_prot(u32 p_flags)
541 /* This is much more generalized than the library routine read function,
542 so we keep this separate. Technically the library read function
543 is only provided so that we can read a.out libraries that have
546 static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
547 struct file *interpreter,
548 unsigned long no_base, struct elf_phdr *interp_elf_phdata)
550 struct elf_phdr *eppnt;
551 unsigned long load_addr = 0;
552 int load_addr_set = 0;
553 unsigned long last_bss = 0, elf_bss = 0;
555 unsigned long error = ~0UL;
556 unsigned long total_size;
559 /* First of all, some simple consistency checks */
560 if (interp_elf_ex->e_type != ET_EXEC &&
561 interp_elf_ex->e_type != ET_DYN)
563 if (!elf_check_arch(interp_elf_ex) ||
564 elf_check_fdpic(interp_elf_ex))
566 if (!interpreter->f_op->mmap)
569 total_size = total_mapping_size(interp_elf_phdata,
570 interp_elf_ex->e_phnum);
576 eppnt = interp_elf_phdata;
577 for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) {
578 if (eppnt->p_type == PT_LOAD) {
579 int elf_type = MAP_PRIVATE | MAP_DENYWRITE;
580 int elf_prot = make_prot(eppnt->p_flags);
581 unsigned long vaddr = 0;
582 unsigned long k, map_addr;
584 vaddr = eppnt->p_vaddr;
585 if (interp_elf_ex->e_type == ET_EXEC || load_addr_set)
586 elf_type |= MAP_FIXED_NOREPLACE;
587 else if (no_base && interp_elf_ex->e_type == ET_DYN)
590 map_addr = elf_map(interpreter, load_addr + vaddr,
591 eppnt, elf_prot, elf_type, total_size);
594 if (BAD_ADDR(map_addr))
597 if (!load_addr_set &&
598 interp_elf_ex->e_type == ET_DYN) {
599 load_addr = map_addr - ELF_PAGESTART(vaddr);
604 * Check to see if the section's size will overflow the
605 * allowed task size. Note that p_filesz must always be
606 * <= p_memsize so it's only necessary to check p_memsz.
608 k = load_addr + eppnt->p_vaddr;
610 eppnt->p_filesz > eppnt->p_memsz ||
611 eppnt->p_memsz > TASK_SIZE ||
612 TASK_SIZE - eppnt->p_memsz < k) {
618 * Find the end of the file mapping for this phdr, and
619 * keep track of the largest address we see for this.
621 k = load_addr + eppnt->p_vaddr + eppnt->p_filesz;
626 * Do the same thing for the memory mapping - between
627 * elf_bss and last_bss is the bss section.
629 k = load_addr + eppnt->p_vaddr + eppnt->p_memsz;
638 * Now fill out the bss section: first pad the last page from
639 * the file up to the page boundary, and zero it from elf_bss
640 * up to the end of the page.
642 if (padzero(elf_bss)) {
647 * Next, align both the file and mem bss up to the page size,
648 * since this is where elf_bss was just zeroed up to, and where
649 * last_bss will end after the vm_brk_flags() below.
651 elf_bss = ELF_PAGEALIGN(elf_bss);
652 last_bss = ELF_PAGEALIGN(last_bss);
653 /* Finally, if there is still more bss to allocate, do it. */
654 if (last_bss > elf_bss) {
655 error = vm_brk_flags(elf_bss, last_bss - elf_bss,
656 bss_prot & PROT_EXEC ? VM_EXEC : 0);
667 * These are the functions used to load ELF style executables and shared
668 * libraries. There is no binary dependent code anywhere else.
671 static int load_elf_binary(struct linux_binprm *bprm)
673 struct file *interpreter = NULL; /* to shut gcc up */
674 unsigned long load_addr = 0, load_bias = 0;
675 int load_addr_set = 0;
677 struct elf_phdr *elf_ppnt, *elf_phdata, *interp_elf_phdata = NULL;
678 unsigned long elf_bss, elf_brk;
681 unsigned long elf_entry;
682 unsigned long interp_load_addr = 0;
683 unsigned long start_code, end_code, start_data, end_data;
684 unsigned long reloc_func_desc __maybe_unused = 0;
685 int executable_stack = EXSTACK_DEFAULT;
687 struct elfhdr elf_ex;
688 struct elfhdr interp_elf_ex;
690 struct arch_elf_state arch_state = INIT_ARCH_ELF_STATE;
691 struct pt_regs *regs;
693 loc = kmalloc(sizeof(*loc), GFP_KERNEL);
699 /* Get the exec-header */
700 loc->elf_ex = *((struct elfhdr *)bprm->buf);
703 /* First of all, some simple consistency checks */
704 if (memcmp(loc->elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
707 if (loc->elf_ex.e_type != ET_EXEC && loc->elf_ex.e_type != ET_DYN)
709 if (!elf_check_arch(&loc->elf_ex))
711 if (elf_check_fdpic(&loc->elf_ex))
713 if (!bprm->file->f_op->mmap)
716 elf_phdata = load_elf_phdrs(&loc->elf_ex, bprm->file);
720 elf_ppnt = elf_phdata;
721 for (i = 0; i < loc->elf_ex.e_phnum; i++, elf_ppnt++) {
722 char *elf_interpreter;
725 if (elf_ppnt->p_type != PT_INTERP)
729 * This is the program interpreter used for shared libraries -
730 * for now assume that this is an a.out format binary.
733 if (elf_ppnt->p_filesz > PATH_MAX || elf_ppnt->p_filesz < 2)
737 elf_interpreter = kmalloc(elf_ppnt->p_filesz, GFP_KERNEL);
738 if (!elf_interpreter)
741 pos = elf_ppnt->p_offset;
742 retval = kernel_read(bprm->file, elf_interpreter,
743 elf_ppnt->p_filesz, &pos);
744 if (retval != elf_ppnt->p_filesz) {
747 goto out_free_interp;
749 /* make sure path is NULL terminated */
751 if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0')
752 goto out_free_interp;
754 interpreter = open_exec(elf_interpreter);
755 kfree(elf_interpreter);
756 retval = PTR_ERR(interpreter);
757 if (IS_ERR(interpreter))
761 * If the binary is not readable then enforce mm->dumpable = 0
762 * regardless of the interpreter's permissions.
764 would_dump(bprm, interpreter);
766 /* Get the exec headers */
768 retval = kernel_read(interpreter, &loc->interp_elf_ex,
769 sizeof(loc->interp_elf_ex), &pos);
770 if (retval != sizeof(loc->interp_elf_ex)) {
773 goto out_free_dentry;
779 kfree(elf_interpreter);
783 elf_ppnt = elf_phdata;
784 for (i = 0; i < loc->elf_ex.e_phnum; i++, elf_ppnt++)
785 switch (elf_ppnt->p_type) {
787 if (elf_ppnt->p_flags & PF_X)
788 executable_stack = EXSTACK_ENABLE_X;
790 executable_stack = EXSTACK_DISABLE_X;
793 case PT_LOPROC ... PT_HIPROC:
794 retval = arch_elf_pt_proc(&loc->elf_ex, elf_ppnt,
798 goto out_free_dentry;
802 /* Some simple consistency checks for the interpreter */
805 /* Not an ELF interpreter */
806 if (memcmp(loc->interp_elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
807 goto out_free_dentry;
808 /* Verify the interpreter has a valid arch */
809 if (!elf_check_arch(&loc->interp_elf_ex) ||
810 elf_check_fdpic(&loc->interp_elf_ex))
811 goto out_free_dentry;
813 /* Load the interpreter program headers */
814 interp_elf_phdata = load_elf_phdrs(&loc->interp_elf_ex,
816 if (!interp_elf_phdata)
817 goto out_free_dentry;
819 /* Pass PT_LOPROC..PT_HIPROC headers to arch code */
820 elf_ppnt = interp_elf_phdata;
821 for (i = 0; i < loc->interp_elf_ex.e_phnum; i++, elf_ppnt++)
822 switch (elf_ppnt->p_type) {
823 case PT_LOPROC ... PT_HIPROC:
824 retval = arch_elf_pt_proc(&loc->interp_elf_ex,
825 elf_ppnt, interpreter,
828 goto out_free_dentry;
834 * Allow arch code to reject the ELF at this point, whilst it's
835 * still possible to return an error to the code that invoked
838 retval = arch_check_elf(&loc->elf_ex,
839 !!interpreter, &loc->interp_elf_ex,
842 goto out_free_dentry;
844 /* Flush all traces of the currently running executable */
845 retval = flush_old_exec(bprm);
847 goto out_free_dentry;
849 /* Do this immediately, since STACK_TOP as used in setup_arg_pages
850 may depend on the personality. */
851 SET_PERSONALITY2(loc->elf_ex, &arch_state);
852 if (elf_read_implies_exec(loc->elf_ex, executable_stack))
853 current->personality |= READ_IMPLIES_EXEC;
855 if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
856 current->flags |= PF_RANDOMIZE;
858 setup_new_exec(bprm);
859 install_exec_creds(bprm);
861 /* Do this so that we can load the interpreter, if need be. We will
862 change some of these later */
863 retval = setup_arg_pages(bprm, randomize_stack_top(STACK_TOP),
866 goto out_free_dentry;
876 /* Now we do a little grungy work by mmapping the ELF image into
877 the correct location in memory. */
878 for(i = 0, elf_ppnt = elf_phdata;
879 i < loc->elf_ex.e_phnum; i++, elf_ppnt++) {
880 int elf_prot, elf_flags;
881 unsigned long k, vaddr;
882 unsigned long total_size = 0;
884 if (elf_ppnt->p_type != PT_LOAD)
887 if (unlikely (elf_brk > elf_bss)) {
890 /* There was a PT_LOAD segment with p_memsz > p_filesz
891 before this one. Map anonymous pages, if needed,
892 and clear the area. */
893 retval = set_brk(elf_bss + load_bias,
897 goto out_free_dentry;
898 nbyte = ELF_PAGEOFFSET(elf_bss);
900 nbyte = ELF_MIN_ALIGN - nbyte;
901 if (nbyte > elf_brk - elf_bss)
902 nbyte = elf_brk - elf_bss;
903 if (clear_user((void __user *)elf_bss +
906 * This bss-zeroing can fail if the ELF
907 * file specifies odd protections. So
908 * we don't check the return value
914 elf_prot = make_prot(elf_ppnt->p_flags);
916 elf_flags = MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE;
918 vaddr = elf_ppnt->p_vaddr;
920 * If we are loading ET_EXEC or we have already performed
921 * the ET_DYN load_addr calculations, proceed normally.
923 if (loc->elf_ex.e_type == ET_EXEC || load_addr_set) {
924 elf_flags |= MAP_FIXED;
925 } else if (loc->elf_ex.e_type == ET_DYN) {
927 * This logic is run once for the first LOAD Program
928 * Header for ET_DYN binaries to calculate the
929 * randomization (load_bias) for all the LOAD
930 * Program Headers, and to calculate the entire
931 * size of the ELF mapping (total_size). (Note that
932 * load_addr_set is set to true later once the
933 * initial mapping is performed.)
935 * There are effectively two types of ET_DYN
936 * binaries: programs (i.e. PIE: ET_DYN with INTERP)
937 * and loaders (ET_DYN without INTERP, since they
938 * _are_ the ELF interpreter). The loaders must
939 * be loaded away from programs since the program
940 * may otherwise collide with the loader (especially
941 * for ET_EXEC which does not have a randomized
942 * position). For example to handle invocations of
943 * "./ld.so someprog" to test out a new version of
944 * the loader, the subsequent program that the
945 * loader loads must avoid the loader itself, so
946 * they cannot share the same load range. Sufficient
947 * room for the brk must be allocated with the
948 * loader as well, since brk must be available with
951 * Therefore, programs are loaded offset from
952 * ELF_ET_DYN_BASE and loaders are loaded into the
953 * independently randomized mmap region (0 load_bias
954 * without MAP_FIXED).
957 load_bias = ELF_ET_DYN_BASE;
958 if (current->flags & PF_RANDOMIZE)
959 load_bias += arch_mmap_rnd();
960 elf_flags |= MAP_FIXED;
965 * Since load_bias is used for all subsequent loading
966 * calculations, we must lower it by the first vaddr
967 * so that the remaining calculations based on the
968 * ELF vaddrs will be correctly offset. The result
969 * is then page aligned.
971 load_bias = ELF_PAGESTART(load_bias - vaddr);
973 total_size = total_mapping_size(elf_phdata,
974 loc->elf_ex.e_phnum);
977 goto out_free_dentry;
981 error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
982 elf_prot, elf_flags, total_size);
983 if (BAD_ADDR(error)) {
984 retval = IS_ERR((void *)error) ?
985 PTR_ERR((void*)error) : -EINVAL;
986 goto out_free_dentry;
989 if (!load_addr_set) {
991 load_addr = (elf_ppnt->p_vaddr - elf_ppnt->p_offset);
992 if (loc->elf_ex.e_type == ET_DYN) {
994 ELF_PAGESTART(load_bias + vaddr);
995 load_addr += load_bias;
996 reloc_func_desc = load_bias;
999 k = elf_ppnt->p_vaddr;
1006 * Check to see if the section's size will overflow the
1007 * allowed task size. Note that p_filesz must always be
1008 * <= p_memsz so it is only necessary to check p_memsz.
1010 if (BAD_ADDR(k) || elf_ppnt->p_filesz > elf_ppnt->p_memsz ||
1011 elf_ppnt->p_memsz > TASK_SIZE ||
1012 TASK_SIZE - elf_ppnt->p_memsz < k) {
1013 /* set_brk can never work. Avoid overflows. */
1015 goto out_free_dentry;
1018 k = elf_ppnt->p_vaddr + elf_ppnt->p_filesz;
1022 if ((elf_ppnt->p_flags & PF_X) && end_code < k)
1026 k = elf_ppnt->p_vaddr + elf_ppnt->p_memsz;
1028 bss_prot = elf_prot;
1033 loc->elf_ex.e_entry += load_bias;
1034 elf_bss += load_bias;
1035 elf_brk += load_bias;
1036 start_code += load_bias;
1037 end_code += load_bias;
1038 start_data += load_bias;
1039 end_data += load_bias;
1041 /* Calling set_brk effectively mmaps the pages that we need
1042 * for the bss and break sections. We must do this before
1043 * mapping in the interpreter, to make sure it doesn't wind
1044 * up getting placed where the bss needs to go.
1046 retval = set_brk(elf_bss, elf_brk, bss_prot);
1048 goto out_free_dentry;
1049 if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
1050 retval = -EFAULT; /* Nobody gets to see this, but.. */
1051 goto out_free_dentry;
1055 elf_entry = load_elf_interp(&loc->interp_elf_ex,
1057 load_bias, interp_elf_phdata);
1058 if (!IS_ERR((void *)elf_entry)) {
1060 * load_elf_interp() returns relocation
1063 interp_load_addr = elf_entry;
1064 elf_entry += loc->interp_elf_ex.e_entry;
1066 if (BAD_ADDR(elf_entry)) {
1067 retval = IS_ERR((void *)elf_entry) ?
1068 (int)elf_entry : -EINVAL;
1069 goto out_free_dentry;
1071 reloc_func_desc = interp_load_addr;
1073 allow_write_access(interpreter);
1076 elf_entry = loc->elf_ex.e_entry;
1077 if (BAD_ADDR(elf_entry)) {
1079 goto out_free_dentry;
1083 kfree(interp_elf_phdata);
1086 set_binfmt(&elf_format);
1088 #ifdef ARCH_HAS_SETUP_ADDITIONAL_PAGES
1089 retval = arch_setup_additional_pages(bprm, !!interpreter);
1092 #endif /* ARCH_HAS_SETUP_ADDITIONAL_PAGES */
1094 retval = create_elf_tables(bprm, &loc->elf_ex,
1095 load_addr, interp_load_addr);
1098 current->mm->end_code = end_code;
1099 current->mm->start_code = start_code;
1100 current->mm->start_data = start_data;
1101 current->mm->end_data = end_data;
1102 current->mm->start_stack = bprm->p;
1104 if ((current->flags & PF_RANDOMIZE) && (randomize_va_space > 1)) {
1106 * For architectures with ELF randomization, when executing
1107 * a loader directly (i.e. no interpreter listed in ELF
1108 * headers), move the brk area out of the mmap region
1109 * (since it grows up, and may collide early with the stack
1110 * growing down), and into the unused ELF_ET_DYN_BASE region.
1112 if (IS_ENABLED(CONFIG_ARCH_HAS_ELF_RANDOMIZE) &&
1113 loc->elf_ex.e_type == ET_DYN && !interpreter)
1114 current->mm->brk = current->mm->start_brk =
1117 current->mm->brk = current->mm->start_brk =
1118 arch_randomize_brk(current->mm);
1119 #ifdef compat_brk_randomized
1120 current->brk_randomized = 1;
1124 if (current->personality & MMAP_PAGE_ZERO) {
1125 /* Why this, you ask??? Well SVr4 maps page 0 as read-only,
1126 and some applications "depend" upon this behavior.
1127 Since we do not have the power to recompile these, we
1128 emulate the SVr4 behavior. Sigh. */
1129 error = vm_mmap(NULL, 0, PAGE_SIZE, PROT_READ | PROT_EXEC,
1130 MAP_FIXED | MAP_PRIVATE, 0);
1133 regs = current_pt_regs();
1134 #ifdef ELF_PLAT_INIT
1136 * The ABI may specify that certain registers be set up in special
1137 * ways (on i386 %edx is the address of a DT_FINI function, for
1138 * example. In addition, it may also specify (eg, PowerPC64 ELF)
1139 * that the e_entry field is the address of the function descriptor
1140 * for the startup routine, rather than the address of the startup
1141 * routine itself. This macro performs whatever initialization to
1142 * the regs structure is required as well as any relocations to the
1143 * function descriptor entries when executing dynamically links apps.
1145 ELF_PLAT_INIT(regs, reloc_func_desc);
1148 finalize_exec(bprm);
1149 start_thread(regs, elf_entry, bprm->p);
1158 kfree(interp_elf_phdata);
1159 allow_write_access(interpreter);
1167 #ifdef CONFIG_USELIB
1168 /* This is really simpleminded and specialized - we are loading an
1169 a.out library that is given an ELF header. */
1170 static int load_elf_library(struct file *file)
1172 struct elf_phdr *elf_phdata;
1173 struct elf_phdr *eppnt;
1174 unsigned long elf_bss, bss, len;
1175 int retval, error, i, j;
1176 struct elfhdr elf_ex;
1180 retval = kernel_read(file, &elf_ex, sizeof(elf_ex), &pos);
1181 if (retval != sizeof(elf_ex))
1184 if (memcmp(elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
1187 /* First of all, some simple consistency checks */
1188 if (elf_ex.e_type != ET_EXEC || elf_ex.e_phnum > 2 ||
1189 !elf_check_arch(&elf_ex) || !file->f_op->mmap)
1191 if (elf_check_fdpic(&elf_ex))
1194 /* Now read in all of the header information */
1196 j = sizeof(struct elf_phdr) * elf_ex.e_phnum;
1197 /* j < ELF_MIN_ALIGN because elf_ex.e_phnum <= 2 */
1200 elf_phdata = kmalloc(j, GFP_KERNEL);
1206 pos = elf_ex.e_phoff;
1207 retval = kernel_read(file, eppnt, j, &pos);
1211 for (j = 0, i = 0; i<elf_ex.e_phnum; i++)
1212 if ((eppnt + i)->p_type == PT_LOAD)
1217 while (eppnt->p_type != PT_LOAD)
1220 /* Now use mmap to map the library into memory. */
1221 error = vm_mmap(file,
1222 ELF_PAGESTART(eppnt->p_vaddr),
1224 ELF_PAGEOFFSET(eppnt->p_vaddr)),
1225 PROT_READ | PROT_WRITE | PROT_EXEC,
1226 MAP_FIXED_NOREPLACE | MAP_PRIVATE | MAP_DENYWRITE,
1228 ELF_PAGEOFFSET(eppnt->p_vaddr)));
1229 if (error != ELF_PAGESTART(eppnt->p_vaddr))
1232 elf_bss = eppnt->p_vaddr + eppnt->p_filesz;
1233 if (padzero(elf_bss)) {
1238 len = ELF_PAGEALIGN(eppnt->p_filesz + eppnt->p_vaddr);
1239 bss = ELF_PAGEALIGN(eppnt->p_memsz + eppnt->p_vaddr);
1241 error = vm_brk(len, bss - len);
1252 #endif /* #ifdef CONFIG_USELIB */
1254 #ifdef CONFIG_ELF_CORE
1258 * Modelled on fs/exec.c:aout_core_dump()
1259 * Jeremy Fitzhardinge <jeremy@sw.oz.au>
1263 * The purpose of always_dump_vma() is to make sure that special kernel mappings
1264 * that are useful for post-mortem analysis are included in every core dump.
1265 * In that way we ensure that the core dump is fully interpretable later
1266 * without matching up the same kernel and hardware config to see what PC values
1267 * meant. These special mappings include - vDSO, vsyscall, and other
1268 * architecture specific mappings
1270 static bool always_dump_vma(struct vm_area_struct *vma)
1272 /* Any vsyscall mappings? */
1273 if (vma == get_gate_vma(vma->vm_mm))
1277 * Assume that all vmas with a .name op should always be dumped.
1278 * If this changes, a new vm_ops field can easily be added.
1280 if (vma->vm_ops && vma->vm_ops->name && vma->vm_ops->name(vma))
1284 * arch_vma_name() returns non-NULL for special architecture mappings,
1285 * such as vDSO sections.
1287 if (arch_vma_name(vma))
1294 * Decide what to dump of a segment, part, all or none.
1296 static unsigned long vma_dump_size(struct vm_area_struct *vma,
1297 unsigned long mm_flags)
1299 #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type))
1301 /* always dump the vdso and vsyscall sections */
1302 if (always_dump_vma(vma))
1305 if (vma->vm_flags & VM_DONTDUMP)
1308 /* support for DAX */
1309 if (vma_is_dax(vma)) {
1310 if ((vma->vm_flags & VM_SHARED) && FILTER(DAX_SHARED))
1312 if (!(vma->vm_flags & VM_SHARED) && FILTER(DAX_PRIVATE))
1317 /* Hugetlb memory check */
1318 if (vma->vm_flags & VM_HUGETLB) {
1319 if ((vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_SHARED))
1321 if (!(vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_PRIVATE))
1326 /* Do not dump I/O mapped devices or special mappings */
1327 if (vma->vm_flags & VM_IO)
1330 /* By default, dump shared memory if mapped from an anonymous file. */
1331 if (vma->vm_flags & VM_SHARED) {
1332 if (file_inode(vma->vm_file)->i_nlink == 0 ?
1333 FILTER(ANON_SHARED) : FILTER(MAPPED_SHARED))
1338 /* Dump segments that have been written to. */
1339 if (vma->anon_vma && FILTER(ANON_PRIVATE))
1341 if (vma->vm_file == NULL)
1344 if (FILTER(MAPPED_PRIVATE))
1348 * If this looks like the beginning of a DSO or executable mapping,
1349 * check for an ELF header. If we find one, dump the first page to
1350 * aid in determining what was mapped here.
1352 if (FILTER(ELF_HEADERS) &&
1353 vma->vm_pgoff == 0 && (vma->vm_flags & VM_READ)) {
1354 u32 __user *header = (u32 __user *) vma->vm_start;
1356 mm_segment_t fs = get_fs();
1358 * Doing it this way gets the constant folded by GCC.
1362 char elfmag[SELFMAG];
1364 BUILD_BUG_ON(SELFMAG != sizeof word);
1365 magic.elfmag[EI_MAG0] = ELFMAG0;
1366 magic.elfmag[EI_MAG1] = ELFMAG1;
1367 magic.elfmag[EI_MAG2] = ELFMAG2;
1368 magic.elfmag[EI_MAG3] = ELFMAG3;
1370 * Switch to the user "segment" for get_user(),
1371 * then put back what elf_core_dump() had in place.
1374 if (unlikely(get_user(word, header)))
1377 if (word == magic.cmp)
1386 return vma->vm_end - vma->vm_start;
1389 /* An ELF note in memory */
1394 unsigned int datasz;
1398 static int notesize(struct memelfnote *en)
1402 sz = sizeof(struct elf_note);
1403 sz += roundup(strlen(en->name) + 1, 4);
1404 sz += roundup(en->datasz, 4);
1409 static int writenote(struct memelfnote *men, struct coredump_params *cprm)
1412 en.n_namesz = strlen(men->name) + 1;
1413 en.n_descsz = men->datasz;
1414 en.n_type = men->type;
1416 return dump_emit(cprm, &en, sizeof(en)) &&
1417 dump_emit(cprm, men->name, en.n_namesz) && dump_align(cprm, 4) &&
1418 dump_emit(cprm, men->data, men->datasz) && dump_align(cprm, 4);
1421 static void fill_elf_header(struct elfhdr *elf, int segs,
1422 u16 machine, u32 flags)
1424 memset(elf, 0, sizeof(*elf));
1426 memcpy(elf->e_ident, ELFMAG, SELFMAG);
1427 elf->e_ident[EI_CLASS] = ELF_CLASS;
1428 elf->e_ident[EI_DATA] = ELF_DATA;
1429 elf->e_ident[EI_VERSION] = EV_CURRENT;
1430 elf->e_ident[EI_OSABI] = ELF_OSABI;
1432 elf->e_type = ET_CORE;
1433 elf->e_machine = machine;
1434 elf->e_version = EV_CURRENT;
1435 elf->e_phoff = sizeof(struct elfhdr);
1436 elf->e_flags = flags;
1437 elf->e_ehsize = sizeof(struct elfhdr);
1438 elf->e_phentsize = sizeof(struct elf_phdr);
1439 elf->e_phnum = segs;
1442 static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, loff_t offset)
1444 phdr->p_type = PT_NOTE;
1445 phdr->p_offset = offset;
1448 phdr->p_filesz = sz;
1454 static void fill_note(struct memelfnote *note, const char *name, int type,
1455 unsigned int sz, void *data)
1464 * fill up all the fields in prstatus from the given task struct, except
1465 * registers which need to be filled up separately.
1467 static void fill_prstatus(struct elf_prstatus *prstatus,
1468 struct task_struct *p, long signr)
1470 prstatus->pr_info.si_signo = prstatus->pr_cursig = signr;
1471 prstatus->pr_sigpend = p->pending.signal.sig[0];
1472 prstatus->pr_sighold = p->blocked.sig[0];
1474 prstatus->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1476 prstatus->pr_pid = task_pid_vnr(p);
1477 prstatus->pr_pgrp = task_pgrp_vnr(p);
1478 prstatus->pr_sid = task_session_vnr(p);
1479 if (thread_group_leader(p)) {
1480 struct task_cputime cputime;
1483 * This is the record for the group leader. It shows the
1484 * group-wide total, not its individual thread total.
1486 thread_group_cputime(p, &cputime);
1487 prstatus->pr_utime = ns_to_kernel_old_timeval(cputime.utime);
1488 prstatus->pr_stime = ns_to_kernel_old_timeval(cputime.stime);
1492 task_cputime(p, &utime, &stime);
1493 prstatus->pr_utime = ns_to_kernel_old_timeval(utime);
1494 prstatus->pr_stime = ns_to_kernel_old_timeval(stime);
1497 prstatus->pr_cutime = ns_to_kernel_old_timeval(p->signal->cutime);
1498 prstatus->pr_cstime = ns_to_kernel_old_timeval(p->signal->cstime);
1501 static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p,
1502 struct mm_struct *mm)
1504 const struct cred *cred;
1505 unsigned int i, len;
1507 /* first copy the parameters from user space */
1508 memset(psinfo, 0, sizeof(struct elf_prpsinfo));
1510 len = mm->arg_end - mm->arg_start;
1511 if (len >= ELF_PRARGSZ)
1512 len = ELF_PRARGSZ-1;
1513 if (copy_from_user(&psinfo->pr_psargs,
1514 (const char __user *)mm->arg_start, len))
1516 for(i = 0; i < len; i++)
1517 if (psinfo->pr_psargs[i] == 0)
1518 psinfo->pr_psargs[i] = ' ';
1519 psinfo->pr_psargs[len] = 0;
1522 psinfo->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1524 psinfo->pr_pid = task_pid_vnr(p);
1525 psinfo->pr_pgrp = task_pgrp_vnr(p);
1526 psinfo->pr_sid = task_session_vnr(p);
1528 i = p->state ? ffz(~p->state) + 1 : 0;
1529 psinfo->pr_state = i;
1530 psinfo->pr_sname = (i > 5) ? '.' : "RSDTZW"[i];
1531 psinfo->pr_zomb = psinfo->pr_sname == 'Z';
1532 psinfo->pr_nice = task_nice(p);
1533 psinfo->pr_flag = p->flags;
1535 cred = __task_cred(p);
1536 SET_UID(psinfo->pr_uid, from_kuid_munged(cred->user_ns, cred->uid));
1537 SET_GID(psinfo->pr_gid, from_kgid_munged(cred->user_ns, cred->gid));
1539 strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname));
1544 static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
1546 elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
1550 while (auxv[i - 2] != AT_NULL);
1551 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
1554 static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata,
1555 const kernel_siginfo_t *siginfo)
1557 mm_segment_t old_fs = get_fs();
1559 copy_siginfo_to_user((user_siginfo_t __user *) csigdata, siginfo);
1561 fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata);
1564 #define MAX_FILE_NOTE_SIZE (4*1024*1024)
1566 * Format of NT_FILE note:
1568 * long count -- how many files are mapped
1569 * long page_size -- units for file_ofs
1570 * array of [COUNT] elements of
1574 * followed by COUNT filenames in ASCII: "FILE1" NUL "FILE2" NUL...
1576 static int fill_files_note(struct memelfnote *note)
1578 struct vm_area_struct *vma;
1579 unsigned count, size, names_ofs, remaining, n;
1581 user_long_t *start_end_ofs;
1582 char *name_base, *name_curpos;
1584 /* *Estimated* file count and total data size needed */
1585 count = current->mm->map_count;
1586 if (count > UINT_MAX / 64)
1590 names_ofs = (2 + 3 * count) * sizeof(data[0]);
1592 if (size >= MAX_FILE_NOTE_SIZE) /* paranoia check */
1594 size = round_up(size, PAGE_SIZE);
1595 data = kvmalloc(size, GFP_KERNEL);
1596 if (ZERO_OR_NULL_PTR(data))
1599 start_end_ofs = data + 2;
1600 name_base = name_curpos = ((char *)data) + names_ofs;
1601 remaining = size - names_ofs;
1603 for (vma = current->mm->mmap; vma != NULL; vma = vma->vm_next) {
1605 const char *filename;
1607 file = vma->vm_file;
1610 filename = file_path(file, name_curpos, remaining);
1611 if (IS_ERR(filename)) {
1612 if (PTR_ERR(filename) == -ENAMETOOLONG) {
1614 size = size * 5 / 4;
1620 /* file_path() fills at the end, move name down */
1621 /* n = strlen(filename) + 1: */
1622 n = (name_curpos + remaining) - filename;
1623 remaining = filename - name_curpos;
1624 memmove(name_curpos, filename, n);
1627 *start_end_ofs++ = vma->vm_start;
1628 *start_end_ofs++ = vma->vm_end;
1629 *start_end_ofs++ = vma->vm_pgoff;
1633 /* Now we know exact count of files, can store it */
1635 data[1] = PAGE_SIZE;
1637 * Count usually is less than current->mm->map_count,
1638 * we need to move filenames down.
1640 n = current->mm->map_count - count;
1642 unsigned shift_bytes = n * 3 * sizeof(data[0]);
1643 memmove(name_base - shift_bytes, name_base,
1644 name_curpos - name_base);
1645 name_curpos -= shift_bytes;
1648 size = name_curpos - (char *)data;
1649 fill_note(note, "CORE", NT_FILE, size, data);
1653 #ifdef CORE_DUMP_USE_REGSET
1654 #include <linux/regset.h>
1656 struct elf_thread_core_info {
1657 struct elf_thread_core_info *next;
1658 struct task_struct *task;
1659 struct elf_prstatus prstatus;
1660 struct memelfnote notes[0];
1663 struct elf_note_info {
1664 struct elf_thread_core_info *thread;
1665 struct memelfnote psinfo;
1666 struct memelfnote signote;
1667 struct memelfnote auxv;
1668 struct memelfnote files;
1669 user_siginfo_t csigdata;
1675 * When a regset has a writeback hook, we call it on each thread before
1676 * dumping user memory. On register window machines, this makes sure the
1677 * user memory backing the register data is up to date before we read it.
1679 static void do_thread_regset_writeback(struct task_struct *task,
1680 const struct user_regset *regset)
1682 if (regset->writeback)
1683 regset->writeback(task, regset, 1);
1686 #ifndef PRSTATUS_SIZE
1687 #define PRSTATUS_SIZE(S, R) sizeof(S)
1690 #ifndef SET_PR_FPVALID
1691 #define SET_PR_FPVALID(S, V, R) ((S)->pr_fpvalid = (V))
1694 static int fill_thread_core_info(struct elf_thread_core_info *t,
1695 const struct user_regset_view *view,
1696 long signr, size_t *total)
1699 unsigned int regset0_size = regset_size(t->task, &view->regsets[0]);
1702 * NT_PRSTATUS is the one special case, because the regset data
1703 * goes into the pr_reg field inside the note contents, rather
1704 * than being the whole note contents. We fill the reset in here.
1705 * We assume that regset 0 is NT_PRSTATUS.
1707 fill_prstatus(&t->prstatus, t->task, signr);
1708 (void) view->regsets[0].get(t->task, &view->regsets[0], 0, regset0_size,
1709 &t->prstatus.pr_reg, NULL);
1711 fill_note(&t->notes[0], "CORE", NT_PRSTATUS,
1712 PRSTATUS_SIZE(t->prstatus, regset0_size), &t->prstatus);
1713 *total += notesize(&t->notes[0]);
1715 do_thread_regset_writeback(t->task, &view->regsets[0]);
1718 * Each other regset might generate a note too. For each regset
1719 * that has no core_note_type or is inactive, we leave t->notes[i]
1720 * all zero and we'll know to skip writing it later.
1722 for (i = 1; i < view->n; ++i) {
1723 const struct user_regset *regset = &view->regsets[i];
1724 do_thread_regset_writeback(t->task, regset);
1725 if (regset->core_note_type && regset->get &&
1726 (!regset->active || regset->active(t->task, regset) > 0)) {
1728 size_t size = regset_size(t->task, regset);
1729 void *data = kmalloc(size, GFP_KERNEL);
1730 if (unlikely(!data))
1732 ret = regset->get(t->task, regset,
1733 0, size, data, NULL);
1737 if (regset->core_note_type != NT_PRFPREG)
1738 fill_note(&t->notes[i], "LINUX",
1739 regset->core_note_type,
1742 SET_PR_FPVALID(&t->prstatus,
1744 fill_note(&t->notes[i], "CORE",
1745 NT_PRFPREG, size, data);
1747 *total += notesize(&t->notes[i]);
1755 static int fill_note_info(struct elfhdr *elf, int phdrs,
1756 struct elf_note_info *info,
1757 const kernel_siginfo_t *siginfo, struct pt_regs *regs)
1759 struct task_struct *dump_task = current;
1760 const struct user_regset_view *view = task_user_regset_view(dump_task);
1761 struct elf_thread_core_info *t;
1762 struct elf_prpsinfo *psinfo;
1763 struct core_thread *ct;
1767 info->thread = NULL;
1769 psinfo = kmalloc(sizeof(*psinfo), GFP_KERNEL);
1770 if (psinfo == NULL) {
1771 info->psinfo.data = NULL; /* So we don't free this wrongly */
1775 fill_note(&info->psinfo, "CORE", NT_PRPSINFO, sizeof(*psinfo), psinfo);
1778 * Figure out how many notes we're going to need for each thread.
1780 info->thread_notes = 0;
1781 for (i = 0; i < view->n; ++i)
1782 if (view->regsets[i].core_note_type != 0)
1783 ++info->thread_notes;
1786 * Sanity check. We rely on regset 0 being in NT_PRSTATUS,
1787 * since it is our one special case.
1789 if (unlikely(info->thread_notes == 0) ||
1790 unlikely(view->regsets[0].core_note_type != NT_PRSTATUS)) {
1796 * Initialize the ELF file header.
1798 fill_elf_header(elf, phdrs,
1799 view->e_machine, view->e_flags);
1802 * Allocate a structure for each thread.
1804 for (ct = &dump_task->mm->core_state->dumper; ct; ct = ct->next) {
1805 t = kzalloc(offsetof(struct elf_thread_core_info,
1806 notes[info->thread_notes]),
1812 if (ct->task == dump_task || !info->thread) {
1813 t->next = info->thread;
1817 * Make sure to keep the original task at
1818 * the head of the list.
1820 t->next = info->thread->next;
1821 info->thread->next = t;
1826 * Now fill in each thread's information.
1828 for (t = info->thread; t != NULL; t = t->next)
1829 if (!fill_thread_core_info(t, view, siginfo->si_signo, &info->size))
1833 * Fill in the two process-wide notes.
1835 fill_psinfo(psinfo, dump_task->group_leader, dump_task->mm);
1836 info->size += notesize(&info->psinfo);
1838 fill_siginfo_note(&info->signote, &info->csigdata, siginfo);
1839 info->size += notesize(&info->signote);
1841 fill_auxv_note(&info->auxv, current->mm);
1842 info->size += notesize(&info->auxv);
1844 if (fill_files_note(&info->files) == 0)
1845 info->size += notesize(&info->files);
1850 static size_t get_note_info_size(struct elf_note_info *info)
1856 * Write all the notes for each thread. When writing the first thread, the
1857 * process-wide notes are interleaved after the first thread-specific note.
1859 static int write_note_info(struct elf_note_info *info,
1860 struct coredump_params *cprm)
1863 struct elf_thread_core_info *t = info->thread;
1868 if (!writenote(&t->notes[0], cprm))
1871 if (first && !writenote(&info->psinfo, cprm))
1873 if (first && !writenote(&info->signote, cprm))
1875 if (first && !writenote(&info->auxv, cprm))
1877 if (first && info->files.data &&
1878 !writenote(&info->files, cprm))
1881 for (i = 1; i < info->thread_notes; ++i)
1882 if (t->notes[i].data &&
1883 !writenote(&t->notes[i], cprm))
1893 static void free_note_info(struct elf_note_info *info)
1895 struct elf_thread_core_info *threads = info->thread;
1898 struct elf_thread_core_info *t = threads;
1900 WARN_ON(t->notes[0].data && t->notes[0].data != &t->prstatus);
1901 for (i = 1; i < info->thread_notes; ++i)
1902 kfree(t->notes[i].data);
1905 kfree(info->psinfo.data);
1906 kvfree(info->files.data);
1911 /* Here is the structure in which status of each thread is captured. */
1912 struct elf_thread_status
1914 struct list_head list;
1915 struct elf_prstatus prstatus; /* NT_PRSTATUS */
1916 elf_fpregset_t fpu; /* NT_PRFPREG */
1917 struct task_struct *thread;
1918 #ifdef ELF_CORE_COPY_XFPREGS
1919 elf_fpxregset_t xfpu; /* ELF_CORE_XFPREG_TYPE */
1921 struct memelfnote notes[3];
1926 * In order to add the specific thread information for the elf file format,
1927 * we need to keep a linked list of every threads pr_status and then create
1928 * a single section for them in the final core file.
1930 static int elf_dump_thread_status(long signr, struct elf_thread_status *t)
1933 struct task_struct *p = t->thread;
1936 fill_prstatus(&t->prstatus, p, signr);
1937 elf_core_copy_task_regs(p, &t->prstatus.pr_reg);
1939 fill_note(&t->notes[0], "CORE", NT_PRSTATUS, sizeof(t->prstatus),
1942 sz += notesize(&t->notes[0]);
1944 if ((t->prstatus.pr_fpvalid = elf_core_copy_task_fpregs(p, NULL,
1946 fill_note(&t->notes[1], "CORE", NT_PRFPREG, sizeof(t->fpu),
1949 sz += notesize(&t->notes[1]);
1952 #ifdef ELF_CORE_COPY_XFPREGS
1953 if (elf_core_copy_task_xfpregs(p, &t->xfpu)) {
1954 fill_note(&t->notes[2], "LINUX", ELF_CORE_XFPREG_TYPE,
1955 sizeof(t->xfpu), &t->xfpu);
1957 sz += notesize(&t->notes[2]);
1963 struct elf_note_info {
1964 struct memelfnote *notes;
1965 struct memelfnote *notes_files;
1966 struct elf_prstatus *prstatus; /* NT_PRSTATUS */
1967 struct elf_prpsinfo *psinfo; /* NT_PRPSINFO */
1968 struct list_head thread_list;
1969 elf_fpregset_t *fpu;
1970 #ifdef ELF_CORE_COPY_XFPREGS
1971 elf_fpxregset_t *xfpu;
1973 user_siginfo_t csigdata;
1974 int thread_status_size;
1978 static int elf_note_info_init(struct elf_note_info *info)
1980 memset(info, 0, sizeof(*info));
1981 INIT_LIST_HEAD(&info->thread_list);
1983 /* Allocate space for ELF notes */
1984 info->notes = kmalloc_array(8, sizeof(struct memelfnote), GFP_KERNEL);
1987 info->psinfo = kmalloc(sizeof(*info->psinfo), GFP_KERNEL);
1990 info->prstatus = kmalloc(sizeof(*info->prstatus), GFP_KERNEL);
1991 if (!info->prstatus)
1993 info->fpu = kmalloc(sizeof(*info->fpu), GFP_KERNEL);
1996 #ifdef ELF_CORE_COPY_XFPREGS
1997 info->xfpu = kmalloc(sizeof(*info->xfpu), GFP_KERNEL);
2004 static int fill_note_info(struct elfhdr *elf, int phdrs,
2005 struct elf_note_info *info,
2006 const kernel_siginfo_t *siginfo, struct pt_regs *regs)
2008 struct core_thread *ct;
2009 struct elf_thread_status *ets;
2011 if (!elf_note_info_init(info))
2014 for (ct = current->mm->core_state->dumper.next;
2015 ct; ct = ct->next) {
2016 ets = kzalloc(sizeof(*ets), GFP_KERNEL);
2020 ets->thread = ct->task;
2021 list_add(&ets->list, &info->thread_list);
2024 list_for_each_entry(ets, &info->thread_list, list) {
2027 sz = elf_dump_thread_status(siginfo->si_signo, ets);
2028 info->thread_status_size += sz;
2030 /* now collect the dump for the current */
2031 memset(info->prstatus, 0, sizeof(*info->prstatus));
2032 fill_prstatus(info->prstatus, current, siginfo->si_signo);
2033 elf_core_copy_regs(&info->prstatus->pr_reg, regs);
2036 fill_elf_header(elf, phdrs, ELF_ARCH, ELF_CORE_EFLAGS);
2039 * Set up the notes in similar form to SVR4 core dumps made
2040 * with info from their /proc.
2043 fill_note(info->notes + 0, "CORE", NT_PRSTATUS,
2044 sizeof(*info->prstatus), info->prstatus);
2045 fill_psinfo(info->psinfo, current->group_leader, current->mm);
2046 fill_note(info->notes + 1, "CORE", NT_PRPSINFO,
2047 sizeof(*info->psinfo), info->psinfo);
2049 fill_siginfo_note(info->notes + 2, &info->csigdata, siginfo);
2050 fill_auxv_note(info->notes + 3, current->mm);
2053 if (fill_files_note(info->notes + info->numnote) == 0) {
2054 info->notes_files = info->notes + info->numnote;
2058 /* Try to dump the FPU. */
2059 info->prstatus->pr_fpvalid = elf_core_copy_task_fpregs(current, regs,
2061 if (info->prstatus->pr_fpvalid)
2062 fill_note(info->notes + info->numnote++,
2063 "CORE", NT_PRFPREG, sizeof(*info->fpu), info->fpu);
2064 #ifdef ELF_CORE_COPY_XFPREGS
2065 if (elf_core_copy_task_xfpregs(current, info->xfpu))
2066 fill_note(info->notes + info->numnote++,
2067 "LINUX", ELF_CORE_XFPREG_TYPE,
2068 sizeof(*info->xfpu), info->xfpu);
2074 static size_t get_note_info_size(struct elf_note_info *info)
2079 for (i = 0; i < info->numnote; i++)
2080 sz += notesize(info->notes + i);
2082 sz += info->thread_status_size;
2087 static int write_note_info(struct elf_note_info *info,
2088 struct coredump_params *cprm)
2090 struct elf_thread_status *ets;
2093 for (i = 0; i < info->numnote; i++)
2094 if (!writenote(info->notes + i, cprm))
2097 /* write out the thread status notes section */
2098 list_for_each_entry(ets, &info->thread_list, list) {
2099 for (i = 0; i < ets->num_notes; i++)
2100 if (!writenote(&ets->notes[i], cprm))
2107 static void free_note_info(struct elf_note_info *info)
2109 while (!list_empty(&info->thread_list)) {
2110 struct list_head *tmp = info->thread_list.next;
2112 kfree(list_entry(tmp, struct elf_thread_status, list));
2115 /* Free data possibly allocated by fill_files_note(): */
2116 if (info->notes_files)
2117 kvfree(info->notes_files->data);
2119 kfree(info->prstatus);
2120 kfree(info->psinfo);
2123 #ifdef ELF_CORE_COPY_XFPREGS
2130 static struct vm_area_struct *first_vma(struct task_struct *tsk,
2131 struct vm_area_struct *gate_vma)
2133 struct vm_area_struct *ret = tsk->mm->mmap;
2140 * Helper function for iterating across a vma list. It ensures that the caller
2141 * will visit `gate_vma' prior to terminating the search.
2143 static struct vm_area_struct *next_vma(struct vm_area_struct *this_vma,
2144 struct vm_area_struct *gate_vma)
2146 struct vm_area_struct *ret;
2148 ret = this_vma->vm_next;
2151 if (this_vma == gate_vma)
2156 static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
2157 elf_addr_t e_shoff, int segs)
2159 elf->e_shoff = e_shoff;
2160 elf->e_shentsize = sizeof(*shdr4extnum);
2162 elf->e_shstrndx = SHN_UNDEF;
2164 memset(shdr4extnum, 0, sizeof(*shdr4extnum));
2166 shdr4extnum->sh_type = SHT_NULL;
2167 shdr4extnum->sh_size = elf->e_shnum;
2168 shdr4extnum->sh_link = elf->e_shstrndx;
2169 shdr4extnum->sh_info = segs;
2175 * This is a two-pass process; first we find the offsets of the bits,
2176 * and then they are actually written out. If we run out of core limit
2179 static int elf_core_dump(struct coredump_params *cprm)
2184 size_t vma_data_size = 0;
2185 struct vm_area_struct *vma, *gate_vma;
2186 struct elfhdr *elf = NULL;
2187 loff_t offset = 0, dataoff;
2188 struct elf_note_info info = { };
2189 struct elf_phdr *phdr4note = NULL;
2190 struct elf_shdr *shdr4extnum = NULL;
2193 elf_addr_t *vma_filesz = NULL;
2196 * We no longer stop all VM operations.
2198 * This is because those proceses that could possibly change map_count
2199 * or the mmap / vma pages are now blocked in do_exit on current
2200 * finishing this core dump.
2202 * Only ptrace can touch these memory addresses, but it doesn't change
2203 * the map_count or the pages allocated. So no possibility of crashing
2204 * exists while dumping the mm->vm_next areas to the core file.
2207 /* alloc memory for large data structures: too large to be on stack */
2208 elf = kmalloc(sizeof(*elf), GFP_KERNEL);
2212 * The number of segs are recored into ELF header as 16bit value.
2213 * Please check DEFAULT_MAX_MAP_COUNT definition when you modify here.
2215 segs = current->mm->map_count;
2216 segs += elf_core_extra_phdrs();
2218 gate_vma = get_gate_vma(current->mm);
2219 if (gate_vma != NULL)
2222 /* for notes section */
2225 /* If segs > PN_XNUM(0xffff), then e_phnum overflows. To avoid
2226 * this, kernel supports extended numbering. Have a look at
2227 * include/linux/elf.h for further information. */
2228 e_phnum = segs > PN_XNUM ? PN_XNUM : segs;
2231 * Collect all the non-memory information about the process for the
2232 * notes. This also sets up the file header.
2234 if (!fill_note_info(elf, e_phnum, &info, cprm->siginfo, cprm->regs))
2242 offset += sizeof(*elf); /* Elf header */
2243 offset += segs * sizeof(struct elf_phdr); /* Program headers */
2245 /* Write notes phdr entry */
2247 size_t sz = get_note_info_size(&info);
2249 sz += elf_coredump_extra_notes_size();
2251 phdr4note = kmalloc(sizeof(*phdr4note), GFP_KERNEL);
2255 fill_elf_note_phdr(phdr4note, sz, offset);
2259 dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
2261 if (segs - 1 > ULONG_MAX / sizeof(*vma_filesz))
2263 vma_filesz = kvmalloc(array_size(sizeof(*vma_filesz), (segs - 1)),
2265 if (ZERO_OR_NULL_PTR(vma_filesz))
2268 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
2269 vma = next_vma(vma, gate_vma)) {
2270 unsigned long dump_size;
2272 dump_size = vma_dump_size(vma, cprm->mm_flags);
2273 vma_filesz[i++] = dump_size;
2274 vma_data_size += dump_size;
2277 offset += vma_data_size;
2278 offset += elf_core_extra_data_size();
2281 if (e_phnum == PN_XNUM) {
2282 shdr4extnum = kmalloc(sizeof(*shdr4extnum), GFP_KERNEL);
2285 fill_extnum_info(elf, shdr4extnum, e_shoff, segs);
2290 if (!dump_emit(cprm, elf, sizeof(*elf)))
2293 if (!dump_emit(cprm, phdr4note, sizeof(*phdr4note)))
2296 /* Write program headers for segments dump */
2297 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
2298 vma = next_vma(vma, gate_vma)) {
2299 struct elf_phdr phdr;
2301 phdr.p_type = PT_LOAD;
2302 phdr.p_offset = offset;
2303 phdr.p_vaddr = vma->vm_start;
2305 phdr.p_filesz = vma_filesz[i++];
2306 phdr.p_memsz = vma->vm_end - vma->vm_start;
2307 offset += phdr.p_filesz;
2308 phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
2309 if (vma->vm_flags & VM_WRITE)
2310 phdr.p_flags |= PF_W;
2311 if (vma->vm_flags & VM_EXEC)
2312 phdr.p_flags |= PF_X;
2313 phdr.p_align = ELF_EXEC_PAGESIZE;
2315 if (!dump_emit(cprm, &phdr, sizeof(phdr)))
2319 if (!elf_core_write_extra_phdrs(cprm, offset))
2322 /* write out the notes section */
2323 if (!write_note_info(&info, cprm))
2326 if (elf_coredump_extra_notes_write(cprm))
2330 if (!dump_skip(cprm, dataoff - cprm->pos))
2333 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
2334 vma = next_vma(vma, gate_vma)) {
2338 end = vma->vm_start + vma_filesz[i++];
2340 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
2344 page = get_dump_page(addr);
2346 void *kaddr = kmap(page);
2347 stop = !dump_emit(cprm, kaddr, PAGE_SIZE);
2351 stop = !dump_skip(cprm, PAGE_SIZE);
2356 dump_truncate(cprm);
2358 if (!elf_core_write_extra_data(cprm))
2361 if (e_phnum == PN_XNUM) {
2362 if (!dump_emit(cprm, shdr4extnum, sizeof(*shdr4extnum)))
2370 free_note_info(&info);
2379 #endif /* CONFIG_ELF_CORE */
2381 static int __init init_elf_binfmt(void)
2383 register_binfmt(&elf_format);
2387 static void __exit exit_elf_binfmt(void)
2389 /* Remove the COFF and ELF loaders. */
2390 unregister_binfmt(&elf_format);
2393 core_initcall(init_elf_binfmt);
2394 module_exit(exit_elf_binfmt);
2395 MODULE_LICENSE("GPL");
projects / linux.git / blob