2 * linux/fs/binfmt_elf.c
4 * These are the functions used to load ELF format executables as used
5 * on SVr4 machines. Information on the format may be found in the book
6 * "UNIX SYSTEM V RELEASE 4 Programmers Guide: Ansi C and Programming Support
9 * Copyright 1993, 1994: Eric Youngdale (ericy@cais.com).
12 #include <linux/module.h>
13 #include <linux/kernel.h>
16 #include <linux/mman.h>
17 #include <linux/errno.h>
18 #include <linux/signal.h>
19 #include <linux/binfmts.h>
20 #include <linux/string.h>
21 #include <linux/file.h>
22 #include <linux/slab.h>
23 #include <linux/personality.h>
24 #include <linux/elfcore.h>
25 #include <linux/init.h>
26 #include <linux/highuid.h>
27 #include <linux/compiler.h>
28 #include <linux/highmem.h>
29 #include <linux/pagemap.h>
30 #include <linux/vmalloc.h>
31 #include <linux/security.h>
32 #include <linux/random.h>
33 #include <linux/elf.h>
34 #include <linux/elf-randomize.h>
35 #include <linux/utsname.h>
36 #include <linux/coredump.h>
37 #include <linux/sched.h>
38 #include <linux/sched/coredump.h>
39 #include <linux/sched/task_stack.h>
40 #include <linux/sched/cputime.h>
41 #include <linux/cred.h>
42 #include <linux/dax.h>
43 #include <linux/uaccess.h>
44 #include <asm/param.h>
48 #define user_long_t long
50 #ifndef user_siginfo_t
51 #define user_siginfo_t siginfo_t
54 /* That's for binfmt_elf_fdpic to deal with */
55 #ifndef elf_check_fdpic
56 #define elf_check_fdpic(ex) false
59 static int load_elf_binary(struct linux_binprm *bprm);
60 static unsigned long elf_map(struct file *, unsigned long, struct elf_phdr *,
61 int, int, unsigned long);
64 static int load_elf_library(struct file *);
66 #define load_elf_library NULL
70 * If we don't support core dumping, then supply a NULL so we
73 #ifdef CONFIG_ELF_CORE
74 static int elf_core_dump(struct coredump_params *cprm);
76 #define elf_core_dump NULL
79 #if ELF_EXEC_PAGESIZE > PAGE_SIZE
80 #define ELF_MIN_ALIGN ELF_EXEC_PAGESIZE
82 #define ELF_MIN_ALIGN PAGE_SIZE
85 #ifndef ELF_CORE_EFLAGS
86 #define ELF_CORE_EFLAGS 0
89 #define ELF_PAGESTART(_v) ((_v) & ~(unsigned long)(ELF_MIN_ALIGN-1))
90 #define ELF_PAGEOFFSET(_v) ((_v) & (ELF_MIN_ALIGN-1))
91 #define ELF_PAGEALIGN(_v) (((_v) + ELF_MIN_ALIGN - 1) & ~(ELF_MIN_ALIGN - 1))
93 static struct linux_binfmt elf_format = {
94 .module = THIS_MODULE,
95 .load_binary = load_elf_binary,
96 .load_shlib = load_elf_library,
97 .core_dump = elf_core_dump,
98 .min_coredump = ELF_EXEC_PAGESIZE,
101 #define BAD_ADDR(x) ((unsigned long)(x) >= TASK_SIZE)
103 static int set_brk(unsigned long start, unsigned long end, int prot)
105 start = ELF_PAGEALIGN(start);
106 end = ELF_PAGEALIGN(end);
109 * Map the last of the bss segment.
110 * If the header is requesting these pages to be
111 * executable, honour that (ppc32 needs this).
113 int error = vm_brk_flags(start, end - start,
114 prot & PROT_EXEC ? VM_EXEC : 0);
118 current->mm->start_brk = current->mm->brk = end;
122 /* We need to explicitly zero any fractional pages
123 after the data section (i.e. bss). This would
124 contain the junk from the file that should not
127 static int padzero(unsigned long elf_bss)
131 nbyte = ELF_PAGEOFFSET(elf_bss);
133 nbyte = ELF_MIN_ALIGN - nbyte;
134 if (clear_user((void __user *) elf_bss, nbyte))
140 /* Let's use some macros to make this stack manipulation a little clearer */
141 #ifdef CONFIG_STACK_GROWSUP
142 #define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) + (items))
143 #define STACK_ROUND(sp, items) \
144 ((15 + (unsigned long) ((sp) + (items))) &~ 15UL)
145 #define STACK_ALLOC(sp, len) ({ \
146 elf_addr_t __user *old_sp = (elf_addr_t __user *)sp; sp += len; \
149 #define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) - (items))
150 #define STACK_ROUND(sp, items) \
151 (((unsigned long) (sp - items)) &~ 15UL)
152 #define STACK_ALLOC(sp, len) ({ sp -= len ; sp; })
155 #ifndef ELF_BASE_PLATFORM
157 * AT_BASE_PLATFORM indicates the "real" hardware/microarchitecture.
158 * If the arch defines ELF_BASE_PLATFORM (in asm/elf.h), the value
159 * will be copied to the user stack in the same manner as AT_PLATFORM.
161 #define ELF_BASE_PLATFORM NULL
165 create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
166 unsigned long load_addr, unsigned long interp_load_addr)
168 unsigned long p = bprm->p;
169 int argc = bprm->argc;
170 int envc = bprm->envc;
171 elf_addr_t __user *sp;
172 elf_addr_t __user *u_platform;
173 elf_addr_t __user *u_base_platform;
174 elf_addr_t __user *u_rand_bytes;
175 const char *k_platform = ELF_PLATFORM;
176 const char *k_base_platform = ELF_BASE_PLATFORM;
177 unsigned char k_rand_bytes[16];
179 elf_addr_t *elf_info;
181 const struct cred *cred = current_cred();
182 struct vm_area_struct *vma;
185 * In some cases (e.g. Hyper-Threading), we want to avoid L1
186 * evictions by the processes running on the same package. One
187 * thing we can do is to shuffle the initial stack for them.
190 p = arch_align_stack(p);
193 * If this architecture has a platform capability string, copy it
194 * to userspace. In some cases (Sparc), this info is impossible
195 * for userspace to get any other way, in others (i386) it is
200 size_t len = strlen(k_platform) + 1;
202 u_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
203 if (__copy_to_user(u_platform, k_platform, len))
208 * If this architecture has a "base" platform capability
209 * string, copy it to userspace.
211 u_base_platform = NULL;
212 if (k_base_platform) {
213 size_t len = strlen(k_base_platform) + 1;
215 u_base_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
216 if (__copy_to_user(u_base_platform, k_base_platform, len))
221 * Generate 16 random bytes for userspace PRNG seeding.
223 get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes));
224 u_rand_bytes = (elf_addr_t __user *)
225 STACK_ALLOC(p, sizeof(k_rand_bytes));
226 if (__copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes)))
229 /* Create the ELF interpreter info */
230 elf_info = (elf_addr_t *)current->mm->saved_auxv;
231 /* update AT_VECTOR_SIZE_BASE if the number of NEW_AUX_ENT() changes */
232 #define NEW_AUX_ENT(id, val) \
234 elf_info[ei_index++] = id; \
235 elf_info[ei_index++] = val; \
240 * ARCH_DLINFO must come first so PPC can do its special alignment of
242 * update AT_VECTOR_SIZE_ARCH if the number of NEW_AUX_ENT() in
243 * ARCH_DLINFO changes
247 NEW_AUX_ENT(AT_HWCAP, ELF_HWCAP);
248 NEW_AUX_ENT(AT_PAGESZ, ELF_EXEC_PAGESIZE);
249 NEW_AUX_ENT(AT_CLKTCK, CLOCKS_PER_SEC);
250 NEW_AUX_ENT(AT_PHDR, load_addr + exec->e_phoff);
251 NEW_AUX_ENT(AT_PHENT, sizeof(struct elf_phdr));
252 NEW_AUX_ENT(AT_PHNUM, exec->e_phnum);
253 NEW_AUX_ENT(AT_BASE, interp_load_addr);
254 NEW_AUX_ENT(AT_FLAGS, 0);
255 NEW_AUX_ENT(AT_ENTRY, exec->e_entry);
256 NEW_AUX_ENT(AT_UID, from_kuid_munged(cred->user_ns, cred->uid));
257 NEW_AUX_ENT(AT_EUID, from_kuid_munged(cred->user_ns, cred->euid));
258 NEW_AUX_ENT(AT_GID, from_kgid_munged(cred->user_ns, cred->gid));
259 NEW_AUX_ENT(AT_EGID, from_kgid_munged(cred->user_ns, cred->egid));
260 NEW_AUX_ENT(AT_SECURE, bprm->secureexec);
261 NEW_AUX_ENT(AT_RANDOM, (elf_addr_t)(unsigned long)u_rand_bytes);
263 NEW_AUX_ENT(AT_HWCAP2, ELF_HWCAP2);
265 NEW_AUX_ENT(AT_EXECFN, bprm->exec);
267 NEW_AUX_ENT(AT_PLATFORM,
268 (elf_addr_t)(unsigned long)u_platform);
270 if (k_base_platform) {
271 NEW_AUX_ENT(AT_BASE_PLATFORM,
272 (elf_addr_t)(unsigned long)u_base_platform);
274 if (bprm->interp_flags & BINPRM_FLAGS_EXECFD) {
275 NEW_AUX_ENT(AT_EXECFD, bprm->interp_data);
278 /* AT_NULL is zero; clear the rest too */
279 memset(&elf_info[ei_index], 0,
280 sizeof current->mm->saved_auxv - ei_index * sizeof elf_info[0]);
282 /* And advance past the AT_NULL entry. */
285 sp = STACK_ADD(p, ei_index);
287 items = (argc + 1) + (envc + 1) + 1;
288 bprm->p = STACK_ROUND(sp, items);
290 /* Point sp at the lowest address on the stack */
291 #ifdef CONFIG_STACK_GROWSUP
292 sp = (elf_addr_t __user *)bprm->p - items - ei_index;
293 bprm->exec = (unsigned long)sp; /* XXX: PARISC HACK */
295 sp = (elf_addr_t __user *)bprm->p;
300 * Grow the stack manually; some architectures have a limit on how
301 * far ahead a user-space access may be in order to grow the stack.
303 vma = find_extend_vma(current->mm, bprm->p);
307 /* Now, let's put argc (and argv, envp if appropriate) on the stack */
308 if (__put_user(argc, sp++))
311 /* Populate list of argv pointers back to argv strings. */
312 p = current->mm->arg_end = current->mm->arg_start;
315 if (__put_user((elf_addr_t)p, sp++))
317 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
318 if (!len || len > MAX_ARG_STRLEN)
322 if (__put_user(0, sp++))
324 current->mm->arg_end = p;
326 /* Populate list of envp pointers back to envp strings. */
327 current->mm->env_end = current->mm->env_start = p;
330 if (__put_user((elf_addr_t)p, sp++))
332 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
333 if (!len || len > MAX_ARG_STRLEN)
337 if (__put_user(0, sp++))
339 current->mm->env_end = p;
341 /* Put the elf_info on the stack in the right place. */
342 if (copy_to_user(sp, elf_info, ei_index * sizeof(elf_addr_t)))
349 static unsigned long elf_map(struct file *filep, unsigned long addr,
350 struct elf_phdr *eppnt, int prot, int type,
351 unsigned long total_size)
353 unsigned long map_addr;
354 unsigned long size = eppnt->p_filesz + ELF_PAGEOFFSET(eppnt->p_vaddr);
355 unsigned long off = eppnt->p_offset - ELF_PAGEOFFSET(eppnt->p_vaddr);
356 addr = ELF_PAGESTART(addr);
357 size = ELF_PAGEALIGN(size);
359 /* mmap() will return -EINVAL if given a zero size, but a
360 * segment with zero filesize is perfectly valid */
365 * total_size is the size of the ELF (interpreter) image.
366 * The _first_ mmap needs to know the full size, otherwise
367 * randomization might put this image into an overlapping
368 * position with the ELF binary image. (since size < total_size)
369 * So we first map the 'big' image - and unmap the remainder at
370 * the end. (which unmap is needed for ELF images with holes.)
373 total_size = ELF_PAGEALIGN(total_size);
374 map_addr = vm_mmap(filep, addr, total_size, prot, type, off);
375 if (!BAD_ADDR(map_addr))
376 vm_munmap(map_addr+size, total_size-size);
378 map_addr = vm_mmap(filep, addr, size, prot, type, off);
380 if ((type & MAP_FIXED_NOREPLACE) &&
381 PTR_ERR((void *)map_addr) == -EEXIST)
382 pr_info("%d (%s): Uhuuh, elf segment at %px requested but the memory is mapped already\n",
383 task_pid_nr(current), current->comm, (void *)addr);
388 #endif /* !elf_map */
390 static unsigned long total_mapping_size(struct elf_phdr *cmds, int nr)
392 int i, first_idx = -1, last_idx = -1;
394 for (i = 0; i < nr; i++) {
395 if (cmds[i].p_type == PT_LOAD) {
404 return cmds[last_idx].p_vaddr + cmds[last_idx].p_memsz -
405 ELF_PAGESTART(cmds[first_idx].p_vaddr);
409 * load_elf_phdrs() - load ELF program headers
410 * @elf_ex: ELF header of the binary whose program headers should be loaded
411 * @elf_file: the opened ELF binary file
413 * Loads ELF program headers from the binary file elf_file, which has the ELF
414 * header pointed to by elf_ex, into a newly allocated array. The caller is
415 * responsible for freeing the allocated data. Returns an ERR_PTR upon failure.
417 static struct elf_phdr *load_elf_phdrs(struct elfhdr *elf_ex,
418 struct file *elf_file)
420 struct elf_phdr *elf_phdata = NULL;
421 int retval, err = -1;
422 loff_t pos = elf_ex->e_phoff;
426 * If the size of this structure has changed, then punt, since
427 * we will be doing the wrong thing.
429 if (elf_ex->e_phentsize != sizeof(struct elf_phdr))
432 /* Sanity check the number of program headers... */
433 /* ...and their total size. */
434 size = sizeof(struct elf_phdr) * elf_ex->e_phnum;
435 if (size == 0 || size > 65536 || size > ELF_MIN_ALIGN)
438 elf_phdata = kmalloc(size, GFP_KERNEL);
442 /* Read in the program headers */
443 retval = kernel_read(elf_file, elf_phdata, size, &pos);
444 if (retval != size) {
445 err = (retval < 0) ? retval : -EIO;
459 #ifndef CONFIG_ARCH_BINFMT_ELF_STATE
462 * struct arch_elf_state - arch-specific ELF loading state
464 * This structure is used to preserve architecture specific data during
465 * the loading of an ELF file, throughout the checking of architecture
466 * specific ELF headers & through to the point where the ELF load is
467 * known to be proceeding (ie. SET_PERSONALITY).
469 * This implementation is a dummy for architectures which require no
472 struct arch_elf_state {
475 #define INIT_ARCH_ELF_STATE {}
478 * arch_elf_pt_proc() - check a PT_LOPROC..PT_HIPROC ELF program header
479 * @ehdr: The main ELF header
480 * @phdr: The program header to check
481 * @elf: The open ELF file
482 * @is_interp: True if the phdr is from the interpreter of the ELF being
483 * loaded, else false.
484 * @state: Architecture-specific state preserved throughout the process
485 * of loading the ELF.
487 * Inspects the program header phdr to validate its correctness and/or
488 * suitability for the system. Called once per ELF program header in the
489 * range PT_LOPROC to PT_HIPROC, for both the ELF being loaded and its
492 * Return: Zero to proceed with the ELF load, non-zero to fail the ELF load
493 * with that return code.
495 static inline int arch_elf_pt_proc(struct elfhdr *ehdr,
496 struct elf_phdr *phdr,
497 struct file *elf, bool is_interp,
498 struct arch_elf_state *state)
500 /* Dummy implementation, always proceed */
505 * arch_check_elf() - check an ELF executable
506 * @ehdr: The main ELF header
507 * @has_interp: True if the ELF has an interpreter, else false.
508 * @interp_ehdr: The interpreter's ELF header
509 * @state: Architecture-specific state preserved throughout the process
510 * of loading the ELF.
512 * Provides a final opportunity for architecture code to reject the loading
513 * of the ELF & cause an exec syscall to return an error. This is called after
514 * all program headers to be checked by arch_elf_pt_proc have been.
516 * Return: Zero to proceed with the ELF load, non-zero to fail the ELF load
517 * with that return code.
519 static inline int arch_check_elf(struct elfhdr *ehdr, bool has_interp,
520 struct elfhdr *interp_ehdr,
521 struct arch_elf_state *state)
523 /* Dummy implementation, always proceed */
527 #endif /* !CONFIG_ARCH_BINFMT_ELF_STATE */
529 /* This is much more generalized than the library routine read function,
530 so we keep this separate. Technically the library read function
531 is only provided so that we can read a.out libraries that have
534 static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
535 struct file *interpreter, unsigned long *interp_map_addr,
536 unsigned long no_base, struct elf_phdr *interp_elf_phdata)
538 struct elf_phdr *eppnt;
539 unsigned long load_addr = 0;
540 int load_addr_set = 0;
541 unsigned long last_bss = 0, elf_bss = 0;
543 unsigned long error = ~0UL;
544 unsigned long total_size;
547 /* First of all, some simple consistency checks */
548 if (interp_elf_ex->e_type != ET_EXEC &&
549 interp_elf_ex->e_type != ET_DYN)
551 if (!elf_check_arch(interp_elf_ex) ||
552 elf_check_fdpic(interp_elf_ex))
554 if (!interpreter->f_op->mmap)
557 total_size = total_mapping_size(interp_elf_phdata,
558 interp_elf_ex->e_phnum);
564 eppnt = interp_elf_phdata;
565 for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) {
566 if (eppnt->p_type == PT_LOAD) {
567 int elf_type = MAP_PRIVATE | MAP_DENYWRITE;
569 unsigned long vaddr = 0;
570 unsigned long k, map_addr;
572 if (eppnt->p_flags & PF_R)
573 elf_prot = PROT_READ;
574 if (eppnt->p_flags & PF_W)
575 elf_prot |= PROT_WRITE;
576 if (eppnt->p_flags & PF_X)
577 elf_prot |= PROT_EXEC;
578 vaddr = eppnt->p_vaddr;
579 if (interp_elf_ex->e_type == ET_EXEC || load_addr_set)
580 elf_type |= MAP_FIXED_NOREPLACE;
581 else if (no_base && interp_elf_ex->e_type == ET_DYN)
584 map_addr = elf_map(interpreter, load_addr + vaddr,
585 eppnt, elf_prot, elf_type, total_size);
587 if (!*interp_map_addr)
588 *interp_map_addr = map_addr;
590 if (BAD_ADDR(map_addr))
593 if (!load_addr_set &&
594 interp_elf_ex->e_type == ET_DYN) {
595 load_addr = map_addr - ELF_PAGESTART(vaddr);
600 * Check to see if the section's size will overflow the
601 * allowed task size. Note that p_filesz must always be
602 * <= p_memsize so it's only necessary to check p_memsz.
604 k = load_addr + eppnt->p_vaddr;
606 eppnt->p_filesz > eppnt->p_memsz ||
607 eppnt->p_memsz > TASK_SIZE ||
608 TASK_SIZE - eppnt->p_memsz < k) {
614 * Find the end of the file mapping for this phdr, and
615 * keep track of the largest address we see for this.
617 k = load_addr + eppnt->p_vaddr + eppnt->p_filesz;
622 * Do the same thing for the memory mapping - between
623 * elf_bss and last_bss is the bss section.
625 k = load_addr + eppnt->p_vaddr + eppnt->p_memsz;
634 * Now fill out the bss section: first pad the last page from
635 * the file up to the page boundary, and zero it from elf_bss
636 * up to the end of the page.
638 if (padzero(elf_bss)) {
643 * Next, align both the file and mem bss up to the page size,
644 * since this is where elf_bss was just zeroed up to, and where
645 * last_bss will end after the vm_brk_flags() below.
647 elf_bss = ELF_PAGEALIGN(elf_bss);
648 last_bss = ELF_PAGEALIGN(last_bss);
649 /* Finally, if there is still more bss to allocate, do it. */
650 if (last_bss > elf_bss) {
651 error = vm_brk_flags(elf_bss, last_bss - elf_bss,
652 bss_prot & PROT_EXEC ? VM_EXEC : 0);
663 * These are the functions used to load ELF style executables and shared
664 * libraries. There is no binary dependent code anywhere else.
667 #ifndef STACK_RND_MASK
668 #define STACK_RND_MASK (0x7ff >> (PAGE_SHIFT - 12)) /* 8MB of VA */
671 static unsigned long randomize_stack_top(unsigned long stack_top)
673 unsigned long random_variable = 0;
675 if (current->flags & PF_RANDOMIZE) {
676 random_variable = get_random_long();
677 random_variable &= STACK_RND_MASK;
678 random_variable <<= PAGE_SHIFT;
680 #ifdef CONFIG_STACK_GROWSUP
681 return PAGE_ALIGN(stack_top) + random_variable;
683 return PAGE_ALIGN(stack_top) - random_variable;
687 static int load_elf_binary(struct linux_binprm *bprm)
689 struct file *interpreter = NULL; /* to shut gcc up */
690 unsigned long load_addr = 0, load_bias = 0;
691 int load_addr_set = 0;
692 char * elf_interpreter = NULL;
694 struct elf_phdr *elf_ppnt, *elf_phdata, *interp_elf_phdata = NULL;
695 unsigned long elf_bss, elf_brk;
698 unsigned long elf_entry;
699 unsigned long interp_load_addr = 0;
700 unsigned long start_code, end_code, start_data, end_data;
701 unsigned long reloc_func_desc __maybe_unused = 0;
702 int executable_stack = EXSTACK_DEFAULT;
703 struct pt_regs *regs = current_pt_regs();
705 struct elfhdr elf_ex;
706 struct elfhdr interp_elf_ex;
708 struct arch_elf_state arch_state = INIT_ARCH_ELF_STATE;
711 loc = kmalloc(sizeof(*loc), GFP_KERNEL);
717 /* Get the exec-header */
718 loc->elf_ex = *((struct elfhdr *)bprm->buf);
721 /* First of all, some simple consistency checks */
722 if (memcmp(loc->elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
725 if (loc->elf_ex.e_type != ET_EXEC && loc->elf_ex.e_type != ET_DYN)
727 if (!elf_check_arch(&loc->elf_ex))
729 if (elf_check_fdpic(&loc->elf_ex))
731 if (!bprm->file->f_op->mmap)
734 elf_phdata = load_elf_phdrs(&loc->elf_ex, bprm->file);
738 elf_ppnt = elf_phdata;
747 for (i = 0; i < loc->elf_ex.e_phnum; i++) {
748 if (elf_ppnt->p_type == PT_INTERP) {
749 /* This is the program interpreter used for
750 * shared libraries - for now assume that this
751 * is an a.out format binary
754 if (elf_ppnt->p_filesz > PATH_MAX ||
755 elf_ppnt->p_filesz < 2)
759 elf_interpreter = kmalloc(elf_ppnt->p_filesz,
761 if (!elf_interpreter)
764 pos = elf_ppnt->p_offset;
765 retval = kernel_read(bprm->file, elf_interpreter,
766 elf_ppnt->p_filesz, &pos);
767 if (retval != elf_ppnt->p_filesz) {
770 goto out_free_interp;
772 /* make sure path is NULL terminated */
774 if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0')
775 goto out_free_interp;
777 interpreter = open_exec(elf_interpreter);
778 retval = PTR_ERR(interpreter);
779 if (IS_ERR(interpreter))
780 goto out_free_interp;
783 * If the binary is not readable then enforce
784 * mm->dumpable = 0 regardless of the interpreter's
787 would_dump(bprm, interpreter);
789 /* Get the exec headers */
791 retval = kernel_read(interpreter, &loc->interp_elf_ex,
792 sizeof(loc->interp_elf_ex), &pos);
793 if (retval != sizeof(loc->interp_elf_ex)) {
796 goto out_free_dentry;
804 elf_ppnt = elf_phdata;
805 for (i = 0; i < loc->elf_ex.e_phnum; i++, elf_ppnt++)
806 switch (elf_ppnt->p_type) {
808 if (elf_ppnt->p_flags & PF_X)
809 executable_stack = EXSTACK_ENABLE_X;
811 executable_stack = EXSTACK_DISABLE_X;
814 case PT_LOPROC ... PT_HIPROC:
815 retval = arch_elf_pt_proc(&loc->elf_ex, elf_ppnt,
819 goto out_free_dentry;
823 /* Some simple consistency checks for the interpreter */
824 if (elf_interpreter) {
826 /* Not an ELF interpreter */
827 if (memcmp(loc->interp_elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
828 goto out_free_dentry;
829 /* Verify the interpreter has a valid arch */
830 if (!elf_check_arch(&loc->interp_elf_ex) ||
831 elf_check_fdpic(&loc->interp_elf_ex))
832 goto out_free_dentry;
834 /* Load the interpreter program headers */
835 interp_elf_phdata = load_elf_phdrs(&loc->interp_elf_ex,
837 if (!interp_elf_phdata)
838 goto out_free_dentry;
840 /* Pass PT_LOPROC..PT_HIPROC headers to arch code */
841 elf_ppnt = interp_elf_phdata;
842 for (i = 0; i < loc->interp_elf_ex.e_phnum; i++, elf_ppnt++)
843 switch (elf_ppnt->p_type) {
844 case PT_LOPROC ... PT_HIPROC:
845 retval = arch_elf_pt_proc(&loc->interp_elf_ex,
846 elf_ppnt, interpreter,
849 goto out_free_dentry;
855 * Allow arch code to reject the ELF at this point, whilst it's
856 * still possible to return an error to the code that invoked
859 retval = arch_check_elf(&loc->elf_ex,
860 !!interpreter, &loc->interp_elf_ex,
863 goto out_free_dentry;
865 /* Flush all traces of the currently running executable */
866 retval = flush_old_exec(bprm);
868 goto out_free_dentry;
870 /* Do this immediately, since STACK_TOP as used in setup_arg_pages
871 may depend on the personality. */
872 SET_PERSONALITY2(loc->elf_ex, &arch_state);
873 if (elf_read_implies_exec(loc->elf_ex, executable_stack))
874 current->personality |= READ_IMPLIES_EXEC;
876 if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
877 current->flags |= PF_RANDOMIZE;
879 setup_new_exec(bprm);
880 install_exec_creds(bprm);
882 /* Do this so that we can load the interpreter, if need be. We will
883 change some of these later */
884 retval = setup_arg_pages(bprm, randomize_stack_top(STACK_TOP),
887 goto out_free_dentry;
889 current->mm->start_stack = bprm->p;
891 /* Now we do a little grungy work by mmapping the ELF image into
892 the correct location in memory. */
893 for(i = 0, elf_ppnt = elf_phdata;
894 i < loc->elf_ex.e_phnum; i++, elf_ppnt++) {
895 int elf_prot = 0, elf_flags, elf_fixed = MAP_FIXED_NOREPLACE;
896 unsigned long k, vaddr;
897 unsigned long total_size = 0;
899 if (elf_ppnt->p_type != PT_LOAD)
902 if (unlikely (elf_brk > elf_bss)) {
905 /* There was a PT_LOAD segment with p_memsz > p_filesz
906 before this one. Map anonymous pages, if needed,
907 and clear the area. */
908 retval = set_brk(elf_bss + load_bias,
912 goto out_free_dentry;
913 nbyte = ELF_PAGEOFFSET(elf_bss);
915 nbyte = ELF_MIN_ALIGN - nbyte;
916 if (nbyte > elf_brk - elf_bss)
917 nbyte = elf_brk - elf_bss;
918 if (clear_user((void __user *)elf_bss +
921 * This bss-zeroing can fail if the ELF
922 * file specifies odd protections. So
923 * we don't check the return value
929 * Some binaries have overlapping elf segments and then
930 * we have to forcefully map over an existing mapping
931 * e.g. over this newly established brk mapping.
933 elf_fixed = MAP_FIXED;
936 if (elf_ppnt->p_flags & PF_R)
937 elf_prot |= PROT_READ;
938 if (elf_ppnt->p_flags & PF_W)
939 elf_prot |= PROT_WRITE;
940 if (elf_ppnt->p_flags & PF_X)
941 elf_prot |= PROT_EXEC;
943 elf_flags = MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE;
945 vaddr = elf_ppnt->p_vaddr;
947 * If we are loading ET_EXEC or we have already performed
948 * the ET_DYN load_addr calculations, proceed normally.
950 if (loc->elf_ex.e_type == ET_EXEC || load_addr_set) {
951 elf_flags |= elf_fixed;
952 } else if (loc->elf_ex.e_type == ET_DYN) {
954 * This logic is run once for the first LOAD Program
955 * Header for ET_DYN binaries to calculate the
956 * randomization (load_bias) for all the LOAD
957 * Program Headers, and to calculate the entire
958 * size of the ELF mapping (total_size). (Note that
959 * load_addr_set is set to true later once the
960 * initial mapping is performed.)
962 * There are effectively two types of ET_DYN
963 * binaries: programs (i.e. PIE: ET_DYN with INTERP)
964 * and loaders (ET_DYN without INTERP, since they
965 * _are_ the ELF interpreter). The loaders must
966 * be loaded away from programs since the program
967 * may otherwise collide with the loader (especially
968 * for ET_EXEC which does not have a randomized
969 * position). For example to handle invocations of
970 * "./ld.so someprog" to test out a new version of
971 * the loader, the subsequent program that the
972 * loader loads must avoid the loader itself, so
973 * they cannot share the same load range. Sufficient
974 * room for the brk must be allocated with the
975 * loader as well, since brk must be available with
978 * Therefore, programs are loaded offset from
979 * ELF_ET_DYN_BASE and loaders are loaded into the
980 * independently randomized mmap region (0 load_bias
981 * without MAP_FIXED).
983 if (elf_interpreter) {
984 load_bias = ELF_ET_DYN_BASE;
985 if (current->flags & PF_RANDOMIZE)
986 load_bias += arch_mmap_rnd();
987 elf_flags |= elf_fixed;
992 * Since load_bias is used for all subsequent loading
993 * calculations, we must lower it by the first vaddr
994 * so that the remaining calculations based on the
995 * ELF vaddrs will be correctly offset. The result
996 * is then page aligned.
998 load_bias = ELF_PAGESTART(load_bias - vaddr);
1000 total_size = total_mapping_size(elf_phdata,
1001 loc->elf_ex.e_phnum);
1004 goto out_free_dentry;
1008 error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
1009 elf_prot, elf_flags, total_size);
1010 if (BAD_ADDR(error)) {
1011 retval = IS_ERR((void *)error) ?
1012 PTR_ERR((void*)error) : -EINVAL;
1013 goto out_free_dentry;
1016 if (!load_addr_set) {
1018 load_addr = (elf_ppnt->p_vaddr - elf_ppnt->p_offset);
1019 if (loc->elf_ex.e_type == ET_DYN) {
1020 load_bias += error -
1021 ELF_PAGESTART(load_bias + vaddr);
1022 load_addr += load_bias;
1023 reloc_func_desc = load_bias;
1026 k = elf_ppnt->p_vaddr;
1033 * Check to see if the section's size will overflow the
1034 * allowed task size. Note that p_filesz must always be
1035 * <= p_memsz so it is only necessary to check p_memsz.
1037 if (BAD_ADDR(k) || elf_ppnt->p_filesz > elf_ppnt->p_memsz ||
1038 elf_ppnt->p_memsz > TASK_SIZE ||
1039 TASK_SIZE - elf_ppnt->p_memsz < k) {
1040 /* set_brk can never work. Avoid overflows. */
1042 goto out_free_dentry;
1045 k = elf_ppnt->p_vaddr + elf_ppnt->p_filesz;
1049 if ((elf_ppnt->p_flags & PF_X) && end_code < k)
1053 k = elf_ppnt->p_vaddr + elf_ppnt->p_memsz;
1055 bss_prot = elf_prot;
1060 loc->elf_ex.e_entry += load_bias;
1061 elf_bss += load_bias;
1062 elf_brk += load_bias;
1063 start_code += load_bias;
1064 end_code += load_bias;
1065 start_data += load_bias;
1066 end_data += load_bias;
1068 /* Calling set_brk effectively mmaps the pages that we need
1069 * for the bss and break sections. We must do this before
1070 * mapping in the interpreter, to make sure it doesn't wind
1071 * up getting placed where the bss needs to go.
1073 retval = set_brk(elf_bss, elf_brk, bss_prot);
1075 goto out_free_dentry;
1076 if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
1077 retval = -EFAULT; /* Nobody gets to see this, but.. */
1078 goto out_free_dentry;
1081 if (elf_interpreter) {
1082 unsigned long interp_map_addr = 0;
1084 elf_entry = load_elf_interp(&loc->interp_elf_ex,
1087 load_bias, interp_elf_phdata);
1088 if (!IS_ERR((void *)elf_entry)) {
1090 * load_elf_interp() returns relocation
1093 interp_load_addr = elf_entry;
1094 elf_entry += loc->interp_elf_ex.e_entry;
1096 if (BAD_ADDR(elf_entry)) {
1097 retval = IS_ERR((void *)elf_entry) ?
1098 (int)elf_entry : -EINVAL;
1099 goto out_free_dentry;
1101 reloc_func_desc = interp_load_addr;
1103 allow_write_access(interpreter);
1105 kfree(elf_interpreter);
1107 elf_entry = loc->elf_ex.e_entry;
1108 if (BAD_ADDR(elf_entry)) {
1110 goto out_free_dentry;
1114 kfree(interp_elf_phdata);
1117 set_binfmt(&elf_format);
1119 #ifdef ARCH_HAS_SETUP_ADDITIONAL_PAGES
1120 retval = arch_setup_additional_pages(bprm, !!elf_interpreter);
1123 #endif /* ARCH_HAS_SETUP_ADDITIONAL_PAGES */
1125 retval = create_elf_tables(bprm, &loc->elf_ex,
1126 load_addr, interp_load_addr);
1129 /* N.B. passed_fileno might not be initialized? */
1130 current->mm->end_code = end_code;
1131 current->mm->start_code = start_code;
1132 current->mm->start_data = start_data;
1133 current->mm->end_data = end_data;
1134 current->mm->start_stack = bprm->p;
1136 if ((current->flags & PF_RANDOMIZE) && (randomize_va_space > 1)) {
1137 current->mm->brk = current->mm->start_brk =
1138 arch_randomize_brk(current->mm);
1139 #ifdef compat_brk_randomized
1140 current->brk_randomized = 1;
1144 if (current->personality & MMAP_PAGE_ZERO) {
1145 /* Why this, you ask??? Well SVr4 maps page 0 as read-only,
1146 and some applications "depend" upon this behavior.
1147 Since we do not have the power to recompile these, we
1148 emulate the SVr4 behavior. Sigh. */
1149 error = vm_mmap(NULL, 0, PAGE_SIZE, PROT_READ | PROT_EXEC,
1150 MAP_FIXED | MAP_PRIVATE, 0);
1153 #ifdef ELF_PLAT_INIT
1155 * The ABI may specify that certain registers be set up in special
1156 * ways (on i386 %edx is the address of a DT_FINI function, for
1157 * example. In addition, it may also specify (eg, PowerPC64 ELF)
1158 * that the e_entry field is the address of the function descriptor
1159 * for the startup routine, rather than the address of the startup
1160 * routine itself. This macro performs whatever initialization to
1161 * the regs structure is required as well as any relocations to the
1162 * function descriptor entries when executing dynamically links apps.
1164 ELF_PLAT_INIT(regs, reloc_func_desc);
1167 finalize_exec(bprm);
1168 start_thread(regs, elf_entry, bprm->p);
1177 kfree(interp_elf_phdata);
1178 allow_write_access(interpreter);
1182 kfree(elf_interpreter);
1188 #ifdef CONFIG_USELIB
1189 /* This is really simpleminded and specialized - we are loading an
1190 a.out library that is given an ELF header. */
1191 static int load_elf_library(struct file *file)
1193 struct elf_phdr *elf_phdata;
1194 struct elf_phdr *eppnt;
1195 unsigned long elf_bss, bss, len;
1196 int retval, error, i, j;
1197 struct elfhdr elf_ex;
1201 retval = kernel_read(file, &elf_ex, sizeof(elf_ex), &pos);
1202 if (retval != sizeof(elf_ex))
1205 if (memcmp(elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
1208 /* First of all, some simple consistency checks */
1209 if (elf_ex.e_type != ET_EXEC || elf_ex.e_phnum > 2 ||
1210 !elf_check_arch(&elf_ex) || !file->f_op->mmap)
1212 if (elf_check_fdpic(&elf_ex))
1215 /* Now read in all of the header information */
1217 j = sizeof(struct elf_phdr) * elf_ex.e_phnum;
1218 /* j < ELF_MIN_ALIGN because elf_ex.e_phnum <= 2 */
1221 elf_phdata = kmalloc(j, GFP_KERNEL);
1227 pos = elf_ex.e_phoff;
1228 retval = kernel_read(file, eppnt, j, &pos);
1232 for (j = 0, i = 0; i<elf_ex.e_phnum; i++)
1233 if ((eppnt + i)->p_type == PT_LOAD)
1238 while (eppnt->p_type != PT_LOAD)
1241 /* Now use mmap to map the library into memory. */
1242 error = vm_mmap(file,
1243 ELF_PAGESTART(eppnt->p_vaddr),
1245 ELF_PAGEOFFSET(eppnt->p_vaddr)),
1246 PROT_READ | PROT_WRITE | PROT_EXEC,
1247 MAP_FIXED_NOREPLACE | MAP_PRIVATE | MAP_DENYWRITE,
1249 ELF_PAGEOFFSET(eppnt->p_vaddr)));
1250 if (error != ELF_PAGESTART(eppnt->p_vaddr))
1253 elf_bss = eppnt->p_vaddr + eppnt->p_filesz;
1254 if (padzero(elf_bss)) {
1259 len = ELF_PAGEALIGN(eppnt->p_filesz + eppnt->p_vaddr);
1260 bss = ELF_PAGEALIGN(eppnt->p_memsz + eppnt->p_vaddr);
1262 error = vm_brk(len, bss - len);
1273 #endif /* #ifdef CONFIG_USELIB */
1275 #ifdef CONFIG_ELF_CORE
1279 * Modelled on fs/exec.c:aout_core_dump()
1280 * Jeremy Fitzhardinge <jeremy@sw.oz.au>
1284 * The purpose of always_dump_vma() is to make sure that special kernel mappings
1285 * that are useful for post-mortem analysis are included in every core dump.
1286 * In that way we ensure that the core dump is fully interpretable later
1287 * without matching up the same kernel and hardware config to see what PC values
1288 * meant. These special mappings include - vDSO, vsyscall, and other
1289 * architecture specific mappings
1291 static bool always_dump_vma(struct vm_area_struct *vma)
1293 /* Any vsyscall mappings? */
1294 if (vma == get_gate_vma(vma->vm_mm))
1298 * Assume that all vmas with a .name op should always be dumped.
1299 * If this changes, a new vm_ops field can easily be added.
1301 if (vma->vm_ops && vma->vm_ops->name && vma->vm_ops->name(vma))
1305 * arch_vma_name() returns non-NULL for special architecture mappings,
1306 * such as vDSO sections.
1308 if (arch_vma_name(vma))
1315 * Decide what to dump of a segment, part, all or none.
1317 static unsigned long vma_dump_size(struct vm_area_struct *vma,
1318 unsigned long mm_flags)
1320 #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type))
1322 /* always dump the vdso and vsyscall sections */
1323 if (always_dump_vma(vma))
1326 if (vma->vm_flags & VM_DONTDUMP)
1329 /* support for DAX */
1330 if (vma_is_dax(vma)) {
1331 if ((vma->vm_flags & VM_SHARED) && FILTER(DAX_SHARED))
1333 if (!(vma->vm_flags & VM_SHARED) && FILTER(DAX_PRIVATE))
1338 /* Hugetlb memory check */
1339 if (vma->vm_flags & VM_HUGETLB) {
1340 if ((vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_SHARED))
1342 if (!(vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_PRIVATE))
1347 /* Do not dump I/O mapped devices or special mappings */
1348 if (vma->vm_flags & VM_IO)
1351 /* By default, dump shared memory if mapped from an anonymous file. */
1352 if (vma->vm_flags & VM_SHARED) {
1353 if (file_inode(vma->vm_file)->i_nlink == 0 ?
1354 FILTER(ANON_SHARED) : FILTER(MAPPED_SHARED))
1359 /* Dump segments that have been written to. */
1360 if (vma->anon_vma && FILTER(ANON_PRIVATE))
1362 if (vma->vm_file == NULL)
1365 if (FILTER(MAPPED_PRIVATE))
1369 * If this looks like the beginning of a DSO or executable mapping,
1370 * check for an ELF header. If we find one, dump the first page to
1371 * aid in determining what was mapped here.
1373 if (FILTER(ELF_HEADERS) &&
1374 vma->vm_pgoff == 0 && (vma->vm_flags & VM_READ)) {
1375 u32 __user *header = (u32 __user *) vma->vm_start;
1377 mm_segment_t fs = get_fs();
1379 * Doing it this way gets the constant folded by GCC.
1383 char elfmag[SELFMAG];
1385 BUILD_BUG_ON(SELFMAG != sizeof word);
1386 magic.elfmag[EI_MAG0] = ELFMAG0;
1387 magic.elfmag[EI_MAG1] = ELFMAG1;
1388 magic.elfmag[EI_MAG2] = ELFMAG2;
1389 magic.elfmag[EI_MAG3] = ELFMAG3;
1391 * Switch to the user "segment" for get_user(),
1392 * then put back what elf_core_dump() had in place.
1395 if (unlikely(get_user(word, header)))
1398 if (word == magic.cmp)
1407 return vma->vm_end - vma->vm_start;
1410 /* An ELF note in memory */
1415 unsigned int datasz;
1419 static int notesize(struct memelfnote *en)
1423 sz = sizeof(struct elf_note);
1424 sz += roundup(strlen(en->name) + 1, 4);
1425 sz += roundup(en->datasz, 4);
1430 static int writenote(struct memelfnote *men, struct coredump_params *cprm)
1433 en.n_namesz = strlen(men->name) + 1;
1434 en.n_descsz = men->datasz;
1435 en.n_type = men->type;
1437 return dump_emit(cprm, &en, sizeof(en)) &&
1438 dump_emit(cprm, men->name, en.n_namesz) && dump_align(cprm, 4) &&
1439 dump_emit(cprm, men->data, men->datasz) && dump_align(cprm, 4);
1442 static void fill_elf_header(struct elfhdr *elf, int segs,
1443 u16 machine, u32 flags)
1445 memset(elf, 0, sizeof(*elf));
1447 memcpy(elf->e_ident, ELFMAG, SELFMAG);
1448 elf->e_ident[EI_CLASS] = ELF_CLASS;
1449 elf->e_ident[EI_DATA] = ELF_DATA;
1450 elf->e_ident[EI_VERSION] = EV_CURRENT;
1451 elf->e_ident[EI_OSABI] = ELF_OSABI;
1453 elf->e_type = ET_CORE;
1454 elf->e_machine = machine;
1455 elf->e_version = EV_CURRENT;
1456 elf->e_phoff = sizeof(struct elfhdr);
1457 elf->e_flags = flags;
1458 elf->e_ehsize = sizeof(struct elfhdr);
1459 elf->e_phentsize = sizeof(struct elf_phdr);
1460 elf->e_phnum = segs;
1465 static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, loff_t offset)
1467 phdr->p_type = PT_NOTE;
1468 phdr->p_offset = offset;
1471 phdr->p_filesz = sz;
1478 static void fill_note(struct memelfnote *note, const char *name, int type,
1479 unsigned int sz, void *data)
1489 * fill up all the fields in prstatus from the given task struct, except
1490 * registers which need to be filled up separately.
1492 static void fill_prstatus(struct elf_prstatus *prstatus,
1493 struct task_struct *p, long signr)
1495 prstatus->pr_info.si_signo = prstatus->pr_cursig = signr;
1496 prstatus->pr_sigpend = p->pending.signal.sig[0];
1497 prstatus->pr_sighold = p->blocked.sig[0];
1499 prstatus->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1501 prstatus->pr_pid = task_pid_vnr(p);
1502 prstatus->pr_pgrp = task_pgrp_vnr(p);
1503 prstatus->pr_sid = task_session_vnr(p);
1504 if (thread_group_leader(p)) {
1505 struct task_cputime cputime;
1508 * This is the record for the group leader. It shows the
1509 * group-wide total, not its individual thread total.
1511 thread_group_cputime(p, &cputime);
1512 prstatus->pr_utime = ns_to_timeval(cputime.utime);
1513 prstatus->pr_stime = ns_to_timeval(cputime.stime);
1517 task_cputime(p, &utime, &stime);
1518 prstatus->pr_utime = ns_to_timeval(utime);
1519 prstatus->pr_stime = ns_to_timeval(stime);
1522 prstatus->pr_cutime = ns_to_timeval(p->signal->cutime);
1523 prstatus->pr_cstime = ns_to_timeval(p->signal->cstime);
1526 static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p,
1527 struct mm_struct *mm)
1529 const struct cred *cred;
1530 unsigned int i, len;
1532 /* first copy the parameters from user space */
1533 memset(psinfo, 0, sizeof(struct elf_prpsinfo));
1535 len = mm->arg_end - mm->arg_start;
1536 if (len >= ELF_PRARGSZ)
1537 len = ELF_PRARGSZ-1;
1538 if (copy_from_user(&psinfo->pr_psargs,
1539 (const char __user *)mm->arg_start, len))
1541 for(i = 0; i < len; i++)
1542 if (psinfo->pr_psargs[i] == 0)
1543 psinfo->pr_psargs[i] = ' ';
1544 psinfo->pr_psargs[len] = 0;
1547 psinfo->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1549 psinfo->pr_pid = task_pid_vnr(p);
1550 psinfo->pr_pgrp = task_pgrp_vnr(p);
1551 psinfo->pr_sid = task_session_vnr(p);
1553 i = p->state ? ffz(~p->state) + 1 : 0;
1554 psinfo->pr_state = i;
1555 psinfo->pr_sname = (i > 5) ? '.' : "RSDTZW"[i];
1556 psinfo->pr_zomb = psinfo->pr_sname == 'Z';
1557 psinfo->pr_nice = task_nice(p);
1558 psinfo->pr_flag = p->flags;
1560 cred = __task_cred(p);
1561 SET_UID(psinfo->pr_uid, from_kuid_munged(cred->user_ns, cred->uid));
1562 SET_GID(psinfo->pr_gid, from_kgid_munged(cred->user_ns, cred->gid));
1564 strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname));
1569 static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
1571 elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
1575 while (auxv[i - 2] != AT_NULL);
1576 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
1579 static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata,
1580 const kernel_siginfo_t *siginfo)
1582 mm_segment_t old_fs = get_fs();
1584 copy_siginfo_to_user((user_siginfo_t __user *) csigdata, siginfo);
1586 fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata);
1589 #define MAX_FILE_NOTE_SIZE (4*1024*1024)
1591 * Format of NT_FILE note:
1593 * long count -- how many files are mapped
1594 * long page_size -- units for file_ofs
1595 * array of [COUNT] elements of
1599 * followed by COUNT filenames in ASCII: "FILE1" NUL "FILE2" NUL...
1601 static int fill_files_note(struct memelfnote *note)
1603 struct vm_area_struct *vma;
1604 unsigned count, size, names_ofs, remaining, n;
1606 user_long_t *start_end_ofs;
1607 char *name_base, *name_curpos;
1609 /* *Estimated* file count and total data size needed */
1610 count = current->mm->map_count;
1611 if (count > UINT_MAX / 64)
1615 names_ofs = (2 + 3 * count) * sizeof(data[0]);
1617 if (size >= MAX_FILE_NOTE_SIZE) /* paranoia check */
1619 size = round_up(size, PAGE_SIZE);
1620 data = kvmalloc(size, GFP_KERNEL);
1621 if (ZERO_OR_NULL_PTR(data))
1624 start_end_ofs = data + 2;
1625 name_base = name_curpos = ((char *)data) + names_ofs;
1626 remaining = size - names_ofs;
1628 for (vma = current->mm->mmap; vma != NULL; vma = vma->vm_next) {
1630 const char *filename;
1632 file = vma->vm_file;
1635 filename = file_path(file, name_curpos, remaining);
1636 if (IS_ERR(filename)) {
1637 if (PTR_ERR(filename) == -ENAMETOOLONG) {
1639 size = size * 5 / 4;
1645 /* file_path() fills at the end, move name down */
1646 /* n = strlen(filename) + 1: */
1647 n = (name_curpos + remaining) - filename;
1648 remaining = filename - name_curpos;
1649 memmove(name_curpos, filename, n);
1652 *start_end_ofs++ = vma->vm_start;
1653 *start_end_ofs++ = vma->vm_end;
1654 *start_end_ofs++ = vma->vm_pgoff;
1658 /* Now we know exact count of files, can store it */
1660 data[1] = PAGE_SIZE;
1662 * Count usually is less than current->mm->map_count,
1663 * we need to move filenames down.
1665 n = current->mm->map_count - count;
1667 unsigned shift_bytes = n * 3 * sizeof(data[0]);
1668 memmove(name_base - shift_bytes, name_base,
1669 name_curpos - name_base);
1670 name_curpos -= shift_bytes;
1673 size = name_curpos - (char *)data;
1674 fill_note(note, "CORE", NT_FILE, size, data);
1678 #ifdef CORE_DUMP_USE_REGSET
1679 #include <linux/regset.h>
1681 struct elf_thread_core_info {
1682 struct elf_thread_core_info *next;
1683 struct task_struct *task;
1684 struct elf_prstatus prstatus;
1685 struct memelfnote notes[0];
1688 struct elf_note_info {
1689 struct elf_thread_core_info *thread;
1690 struct memelfnote psinfo;
1691 struct memelfnote signote;
1692 struct memelfnote auxv;
1693 struct memelfnote files;
1694 user_siginfo_t csigdata;
1700 * When a regset has a writeback hook, we call it on each thread before
1701 * dumping user memory. On register window machines, this makes sure the
1702 * user memory backing the register data is up to date before we read it.
1704 static void do_thread_regset_writeback(struct task_struct *task,
1705 const struct user_regset *regset)
1707 if (regset->writeback)
1708 regset->writeback(task, regset, 1);
1711 #ifndef PRSTATUS_SIZE
1712 #define PRSTATUS_SIZE(S, R) sizeof(S)
1715 #ifndef SET_PR_FPVALID
1716 #define SET_PR_FPVALID(S, V, R) ((S)->pr_fpvalid = (V))
1719 static int fill_thread_core_info(struct elf_thread_core_info *t,
1720 const struct user_regset_view *view,
1721 long signr, size_t *total)
1724 unsigned int regset0_size = regset_size(t->task, &view->regsets[0]);
1727 * NT_PRSTATUS is the one special case, because the regset data
1728 * goes into the pr_reg field inside the note contents, rather
1729 * than being the whole note contents. We fill the reset in here.
1730 * We assume that regset 0 is NT_PRSTATUS.
1732 fill_prstatus(&t->prstatus, t->task, signr);
1733 (void) view->regsets[0].get(t->task, &view->regsets[0], 0, regset0_size,
1734 &t->prstatus.pr_reg, NULL);
1736 fill_note(&t->notes[0], "CORE", NT_PRSTATUS,
1737 PRSTATUS_SIZE(t->prstatus, regset0_size), &t->prstatus);
1738 *total += notesize(&t->notes[0]);
1740 do_thread_regset_writeback(t->task, &view->regsets[0]);
1743 * Each other regset might generate a note too. For each regset
1744 * that has no core_note_type or is inactive, we leave t->notes[i]
1745 * all zero and we'll know to skip writing it later.
1747 for (i = 1; i < view->n; ++i) {
1748 const struct user_regset *regset = &view->regsets[i];
1749 do_thread_regset_writeback(t->task, regset);
1750 if (regset->core_note_type && regset->get &&
1751 (!regset->active || regset->active(t->task, regset) > 0)) {
1753 size_t size = regset_size(t->task, regset);
1754 void *data = kmalloc(size, GFP_KERNEL);
1755 if (unlikely(!data))
1757 ret = regset->get(t->task, regset,
1758 0, size, data, NULL);
1762 if (regset->core_note_type != NT_PRFPREG)
1763 fill_note(&t->notes[i], "LINUX",
1764 regset->core_note_type,
1767 SET_PR_FPVALID(&t->prstatus,
1769 fill_note(&t->notes[i], "CORE",
1770 NT_PRFPREG, size, data);
1772 *total += notesize(&t->notes[i]);
1780 static int fill_note_info(struct elfhdr *elf, int phdrs,
1781 struct elf_note_info *info,
1782 const kernel_siginfo_t *siginfo, struct pt_regs *regs)
1784 struct task_struct *dump_task = current;
1785 const struct user_regset_view *view = task_user_regset_view(dump_task);
1786 struct elf_thread_core_info *t;
1787 struct elf_prpsinfo *psinfo;
1788 struct core_thread *ct;
1792 info->thread = NULL;
1794 psinfo = kmalloc(sizeof(*psinfo), GFP_KERNEL);
1795 if (psinfo == NULL) {
1796 info->psinfo.data = NULL; /* So we don't free this wrongly */
1800 fill_note(&info->psinfo, "CORE", NT_PRPSINFO, sizeof(*psinfo), psinfo);
1803 * Figure out how many notes we're going to need for each thread.
1805 info->thread_notes = 0;
1806 for (i = 0; i < view->n; ++i)
1807 if (view->regsets[i].core_note_type != 0)
1808 ++info->thread_notes;
1811 * Sanity check. We rely on regset 0 being in NT_PRSTATUS,
1812 * since it is our one special case.
1814 if (unlikely(info->thread_notes == 0) ||
1815 unlikely(view->regsets[0].core_note_type != NT_PRSTATUS)) {
1821 * Initialize the ELF file header.
1823 fill_elf_header(elf, phdrs,
1824 view->e_machine, view->e_flags);
1827 * Allocate a structure for each thread.
1829 for (ct = &dump_task->mm->core_state->dumper; ct; ct = ct->next) {
1830 t = kzalloc(offsetof(struct elf_thread_core_info,
1831 notes[info->thread_notes]),
1837 if (ct->task == dump_task || !info->thread) {
1838 t->next = info->thread;
1842 * Make sure to keep the original task at
1843 * the head of the list.
1845 t->next = info->thread->next;
1846 info->thread->next = t;
1851 * Now fill in each thread's information.
1853 for (t = info->thread; t != NULL; t = t->next)
1854 if (!fill_thread_core_info(t, view, siginfo->si_signo, &info->size))
1858 * Fill in the two process-wide notes.
1860 fill_psinfo(psinfo, dump_task->group_leader, dump_task->mm);
1861 info->size += notesize(&info->psinfo);
1863 fill_siginfo_note(&info->signote, &info->csigdata, siginfo);
1864 info->size += notesize(&info->signote);
1866 fill_auxv_note(&info->auxv, current->mm);
1867 info->size += notesize(&info->auxv);
1869 if (fill_files_note(&info->files) == 0)
1870 info->size += notesize(&info->files);
1875 static size_t get_note_info_size(struct elf_note_info *info)
1881 * Write all the notes for each thread. When writing the first thread, the
1882 * process-wide notes are interleaved after the first thread-specific note.
1884 static int write_note_info(struct elf_note_info *info,
1885 struct coredump_params *cprm)
1888 struct elf_thread_core_info *t = info->thread;
1893 if (!writenote(&t->notes[0], cprm))
1896 if (first && !writenote(&info->psinfo, cprm))
1898 if (first && !writenote(&info->signote, cprm))
1900 if (first && !writenote(&info->auxv, cprm))
1902 if (first && info->files.data &&
1903 !writenote(&info->files, cprm))
1906 for (i = 1; i < info->thread_notes; ++i)
1907 if (t->notes[i].data &&
1908 !writenote(&t->notes[i], cprm))
1918 static void free_note_info(struct elf_note_info *info)
1920 struct elf_thread_core_info *threads = info->thread;
1923 struct elf_thread_core_info *t = threads;
1925 WARN_ON(t->notes[0].data && t->notes[0].data != &t->prstatus);
1926 for (i = 1; i < info->thread_notes; ++i)
1927 kfree(t->notes[i].data);
1930 kfree(info->psinfo.data);
1931 kvfree(info->files.data);
1936 /* Here is the structure in which status of each thread is captured. */
1937 struct elf_thread_status
1939 struct list_head list;
1940 struct elf_prstatus prstatus; /* NT_PRSTATUS */
1941 elf_fpregset_t fpu; /* NT_PRFPREG */
1942 struct task_struct *thread;
1943 #ifdef ELF_CORE_COPY_XFPREGS
1944 elf_fpxregset_t xfpu; /* ELF_CORE_XFPREG_TYPE */
1946 struct memelfnote notes[3];
1951 * In order to add the specific thread information for the elf file format,
1952 * we need to keep a linked list of every threads pr_status and then create
1953 * a single section for them in the final core file.
1955 static int elf_dump_thread_status(long signr, struct elf_thread_status *t)
1958 struct task_struct *p = t->thread;
1961 fill_prstatus(&t->prstatus, p, signr);
1962 elf_core_copy_task_regs(p, &t->prstatus.pr_reg);
1964 fill_note(&t->notes[0], "CORE", NT_PRSTATUS, sizeof(t->prstatus),
1967 sz += notesize(&t->notes[0]);
1969 if ((t->prstatus.pr_fpvalid = elf_core_copy_task_fpregs(p, NULL,
1971 fill_note(&t->notes[1], "CORE", NT_PRFPREG, sizeof(t->fpu),
1974 sz += notesize(&t->notes[1]);
1977 #ifdef ELF_CORE_COPY_XFPREGS
1978 if (elf_core_copy_task_xfpregs(p, &t->xfpu)) {
1979 fill_note(&t->notes[2], "LINUX", ELF_CORE_XFPREG_TYPE,
1980 sizeof(t->xfpu), &t->xfpu);
1982 sz += notesize(&t->notes[2]);
1988 struct elf_note_info {
1989 struct memelfnote *notes;
1990 struct memelfnote *notes_files;
1991 struct elf_prstatus *prstatus; /* NT_PRSTATUS */
1992 struct elf_prpsinfo *psinfo; /* NT_PRPSINFO */
1993 struct list_head thread_list;
1994 elf_fpregset_t *fpu;
1995 #ifdef ELF_CORE_COPY_XFPREGS
1996 elf_fpxregset_t *xfpu;
1998 user_siginfo_t csigdata;
1999 int thread_status_size;
2003 static int elf_note_info_init(struct elf_note_info *info)
2005 memset(info, 0, sizeof(*info));
2006 INIT_LIST_HEAD(&info->thread_list);
2008 /* Allocate space for ELF notes */
2009 info->notes = kmalloc_array(8, sizeof(struct memelfnote), GFP_KERNEL);
2012 info->psinfo = kmalloc(sizeof(*info->psinfo), GFP_KERNEL);
2015 info->prstatus = kmalloc(sizeof(*info->prstatus), GFP_KERNEL);
2016 if (!info->prstatus)
2018 info->fpu = kmalloc(sizeof(*info->fpu), GFP_KERNEL);
2021 #ifdef ELF_CORE_COPY_XFPREGS
2022 info->xfpu = kmalloc(sizeof(*info->xfpu), GFP_KERNEL);
2029 static int fill_note_info(struct elfhdr *elf, int phdrs,
2030 struct elf_note_info *info,
2031 const kernel_siginfo_t *siginfo, struct pt_regs *regs)
2033 struct list_head *t;
2034 struct core_thread *ct;
2035 struct elf_thread_status *ets;
2037 if (!elf_note_info_init(info))
2040 for (ct = current->mm->core_state->dumper.next;
2041 ct; ct = ct->next) {
2042 ets = kzalloc(sizeof(*ets), GFP_KERNEL);
2046 ets->thread = ct->task;
2047 list_add(&ets->list, &info->thread_list);
2050 list_for_each(t, &info->thread_list) {
2053 ets = list_entry(t, struct elf_thread_status, list);
2054 sz = elf_dump_thread_status(siginfo->si_signo, ets);
2055 info->thread_status_size += sz;
2057 /* now collect the dump for the current */
2058 memset(info->prstatus, 0, sizeof(*info->prstatus));
2059 fill_prstatus(info->prstatus, current, siginfo->si_signo);
2060 elf_core_copy_regs(&info->prstatus->pr_reg, regs);
2063 fill_elf_header(elf, phdrs, ELF_ARCH, ELF_CORE_EFLAGS);
2066 * Set up the notes in similar form to SVR4 core dumps made
2067 * with info from their /proc.
2070 fill_note(info->notes + 0, "CORE", NT_PRSTATUS,
2071 sizeof(*info->prstatus), info->prstatus);
2072 fill_psinfo(info->psinfo, current->group_leader, current->mm);
2073 fill_note(info->notes + 1, "CORE", NT_PRPSINFO,
2074 sizeof(*info->psinfo), info->psinfo);
2076 fill_siginfo_note(info->notes + 2, &info->csigdata, siginfo);
2077 fill_auxv_note(info->notes + 3, current->mm);
2080 if (fill_files_note(info->notes + info->numnote) == 0) {
2081 info->notes_files = info->notes + info->numnote;
2085 /* Try to dump the FPU. */
2086 info->prstatus->pr_fpvalid = elf_core_copy_task_fpregs(current, regs,
2088 if (info->prstatus->pr_fpvalid)
2089 fill_note(info->notes + info->numnote++,
2090 "CORE", NT_PRFPREG, sizeof(*info->fpu), info->fpu);
2091 #ifdef ELF_CORE_COPY_XFPREGS
2092 if (elf_core_copy_task_xfpregs(current, info->xfpu))
2093 fill_note(info->notes + info->numnote++,
2094 "LINUX", ELF_CORE_XFPREG_TYPE,
2095 sizeof(*info->xfpu), info->xfpu);
2101 static size_t get_note_info_size(struct elf_note_info *info)
2106 for (i = 0; i < info->numnote; i++)
2107 sz += notesize(info->notes + i);
2109 sz += info->thread_status_size;
2114 static int write_note_info(struct elf_note_info *info,
2115 struct coredump_params *cprm)
2118 struct list_head *t;
2120 for (i = 0; i < info->numnote; i++)
2121 if (!writenote(info->notes + i, cprm))
2124 /* write out the thread status notes section */
2125 list_for_each(t, &info->thread_list) {
2126 struct elf_thread_status *tmp =
2127 list_entry(t, struct elf_thread_status, list);
2129 for (i = 0; i < tmp->num_notes; i++)
2130 if (!writenote(&tmp->notes[i], cprm))
2137 static void free_note_info(struct elf_note_info *info)
2139 while (!list_empty(&info->thread_list)) {
2140 struct list_head *tmp = info->thread_list.next;
2142 kfree(list_entry(tmp, struct elf_thread_status, list));
2145 /* Free data possibly allocated by fill_files_note(): */
2146 if (info->notes_files)
2147 kvfree(info->notes_files->data);
2149 kfree(info->prstatus);
2150 kfree(info->psinfo);
2153 #ifdef ELF_CORE_COPY_XFPREGS
2160 static struct vm_area_struct *first_vma(struct task_struct *tsk,
2161 struct vm_area_struct *gate_vma)
2163 struct vm_area_struct *ret = tsk->mm->mmap;
2170 * Helper function for iterating across a vma list. It ensures that the caller
2171 * will visit `gate_vma' prior to terminating the search.
2173 static struct vm_area_struct *next_vma(struct vm_area_struct *this_vma,
2174 struct vm_area_struct *gate_vma)
2176 struct vm_area_struct *ret;
2178 ret = this_vma->vm_next;
2181 if (this_vma == gate_vma)
2186 static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
2187 elf_addr_t e_shoff, int segs)
2189 elf->e_shoff = e_shoff;
2190 elf->e_shentsize = sizeof(*shdr4extnum);
2192 elf->e_shstrndx = SHN_UNDEF;
2194 memset(shdr4extnum, 0, sizeof(*shdr4extnum));
2196 shdr4extnum->sh_type = SHT_NULL;
2197 shdr4extnum->sh_size = elf->e_shnum;
2198 shdr4extnum->sh_link = elf->e_shstrndx;
2199 shdr4extnum->sh_info = segs;
2205 * This is a two-pass process; first we find the offsets of the bits,
2206 * and then they are actually written out. If we run out of core limit
2209 static int elf_core_dump(struct coredump_params *cprm)
2214 size_t vma_data_size = 0;
2215 struct vm_area_struct *vma, *gate_vma;
2216 struct elfhdr *elf = NULL;
2217 loff_t offset = 0, dataoff;
2218 struct elf_note_info info = { };
2219 struct elf_phdr *phdr4note = NULL;
2220 struct elf_shdr *shdr4extnum = NULL;
2223 elf_addr_t *vma_filesz = NULL;
2226 * We no longer stop all VM operations.
2228 * This is because those proceses that could possibly change map_count
2229 * or the mmap / vma pages are now blocked in do_exit on current
2230 * finishing this core dump.
2232 * Only ptrace can touch these memory addresses, but it doesn't change
2233 * the map_count or the pages allocated. So no possibility of crashing
2234 * exists while dumping the mm->vm_next areas to the core file.
2237 /* alloc memory for large data structures: too large to be on stack */
2238 elf = kmalloc(sizeof(*elf), GFP_KERNEL);
2242 * The number of segs are recored into ELF header as 16bit value.
2243 * Please check DEFAULT_MAX_MAP_COUNT definition when you modify here.
2245 segs = current->mm->map_count;
2246 segs += elf_core_extra_phdrs();
2248 gate_vma = get_gate_vma(current->mm);
2249 if (gate_vma != NULL)
2252 /* for notes section */
2255 /* If segs > PN_XNUM(0xffff), then e_phnum overflows. To avoid
2256 * this, kernel supports extended numbering. Have a look at
2257 * include/linux/elf.h for further information. */
2258 e_phnum = segs > PN_XNUM ? PN_XNUM : segs;
2261 * Collect all the non-memory information about the process for the
2262 * notes. This also sets up the file header.
2264 if (!fill_note_info(elf, e_phnum, &info, cprm->siginfo, cprm->regs))
2272 offset += sizeof(*elf); /* Elf header */
2273 offset += segs * sizeof(struct elf_phdr); /* Program headers */
2275 /* Write notes phdr entry */
2277 size_t sz = get_note_info_size(&info);
2279 sz += elf_coredump_extra_notes_size();
2281 phdr4note = kmalloc(sizeof(*phdr4note), GFP_KERNEL);
2285 fill_elf_note_phdr(phdr4note, sz, offset);
2289 dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
2291 if (segs - 1 > ULONG_MAX / sizeof(*vma_filesz))
2293 vma_filesz = kvmalloc(array_size(sizeof(*vma_filesz), (segs - 1)),
2295 if (ZERO_OR_NULL_PTR(vma_filesz))
2298 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
2299 vma = next_vma(vma, gate_vma)) {
2300 unsigned long dump_size;
2302 dump_size = vma_dump_size(vma, cprm->mm_flags);
2303 vma_filesz[i++] = dump_size;
2304 vma_data_size += dump_size;
2307 offset += vma_data_size;
2308 offset += elf_core_extra_data_size();
2311 if (e_phnum == PN_XNUM) {
2312 shdr4extnum = kmalloc(sizeof(*shdr4extnum), GFP_KERNEL);
2315 fill_extnum_info(elf, shdr4extnum, e_shoff, segs);
2320 if (!dump_emit(cprm, elf, sizeof(*elf)))
2323 if (!dump_emit(cprm, phdr4note, sizeof(*phdr4note)))
2326 /* Write program headers for segments dump */
2327 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
2328 vma = next_vma(vma, gate_vma)) {
2329 struct elf_phdr phdr;
2331 phdr.p_type = PT_LOAD;
2332 phdr.p_offset = offset;
2333 phdr.p_vaddr = vma->vm_start;
2335 phdr.p_filesz = vma_filesz[i++];
2336 phdr.p_memsz = vma->vm_end - vma->vm_start;
2337 offset += phdr.p_filesz;
2338 phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
2339 if (vma->vm_flags & VM_WRITE)
2340 phdr.p_flags |= PF_W;
2341 if (vma->vm_flags & VM_EXEC)
2342 phdr.p_flags |= PF_X;
2343 phdr.p_align = ELF_EXEC_PAGESIZE;
2345 if (!dump_emit(cprm, &phdr, sizeof(phdr)))
2349 if (!elf_core_write_extra_phdrs(cprm, offset))
2352 /* write out the notes section */
2353 if (!write_note_info(&info, cprm))
2356 if (elf_coredump_extra_notes_write(cprm))
2360 if (!dump_skip(cprm, dataoff - cprm->pos))
2363 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
2364 vma = next_vma(vma, gate_vma)) {
2368 end = vma->vm_start + vma_filesz[i++];
2370 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
2374 page = get_dump_page(addr);
2376 void *kaddr = kmap(page);
2377 stop = !dump_emit(cprm, kaddr, PAGE_SIZE);
2381 stop = !dump_skip(cprm, PAGE_SIZE);
2386 dump_truncate(cprm);
2388 if (!elf_core_write_extra_data(cprm))
2391 if (e_phnum == PN_XNUM) {
2392 if (!dump_emit(cprm, shdr4extnum, sizeof(*shdr4extnum)))
2400 free_note_info(&info);
2409 #endif /* CONFIG_ELF_CORE */
2411 static int __init init_elf_binfmt(void)
2413 register_binfmt(&elf_format);
2417 static void __exit exit_elf_binfmt(void)
2419 /* Remove the COFF and ELF loaders. */
2420 unregister_binfmt(&elf_format);
2423 core_initcall(init_elf_binfmt);
2424 module_exit(exit_elf_binfmt);
2425 MODULE_LICENSE("GPL");
projects / linux.git / blob