2 * linux/fs/binfmt_elf.c
4 * These are the functions used to load ELF format executables as used
5 * on SVr4 machines. Information on the format may be found in the book
6 * "UNIX SYSTEM V RELEASE 4 Programmers Guide: Ansi C and Programming Support
9 * Copyright 1993, 1994: Eric Youngdale (ericy@cais.com).
12 #include <linux/module.h>
13 #include <linux/kernel.h>
16 #include <linux/mman.h>
17 #include <linux/errno.h>
18 #include <linux/signal.h>
19 #include <linux/binfmts.h>
20 #include <linux/string.h>
21 #include <linux/file.h>
22 #include <linux/slab.h>
23 #include <linux/personality.h>
24 #include <linux/elfcore.h>
25 #include <linux/init.h>
26 #include <linux/highuid.h>
27 #include <linux/compiler.h>
28 #include <linux/highmem.h>
29 #include <linux/pagemap.h>
30 #include <linux/vmalloc.h>
31 #include <linux/security.h>
32 #include <linux/random.h>
33 #include <linux/elf.h>
34 #include <linux/elf-randomize.h>
35 #include <linux/utsname.h>
36 #include <linux/coredump.h>
37 #include <linux/sched.h>
38 #include <linux/sched/coredump.h>
39 #include <linux/sched/task_stack.h>
40 #include <linux/sched/cputime.h>
41 #include <linux/cred.h>
42 #include <linux/dax.h>
43 #include <linux/uaccess.h>
44 #include <asm/param.h>
48 #define user_long_t long
50 #ifndef user_siginfo_t
51 #define user_siginfo_t siginfo_t
54 /* That's for binfmt_elf_fdpic to deal with */
55 #ifndef elf_check_fdpic
56 #define elf_check_fdpic(ex) false
59 static int load_elf_binary(struct linux_binprm *bprm);
62 static int load_elf_library(struct file *);
64 #define load_elf_library NULL
68 * If we don't support core dumping, then supply a NULL so we
71 #ifdef CONFIG_ELF_CORE
72 static int elf_core_dump(struct coredump_params *cprm);
74 #define elf_core_dump NULL
77 #if ELF_EXEC_PAGESIZE > PAGE_SIZE
78 #define ELF_MIN_ALIGN ELF_EXEC_PAGESIZE
80 #define ELF_MIN_ALIGN PAGE_SIZE
83 #ifndef ELF_CORE_EFLAGS
84 #define ELF_CORE_EFLAGS 0
87 #define ELF_PAGESTART(_v) ((_v) & ~(unsigned long)(ELF_MIN_ALIGN-1))
88 #define ELF_PAGEOFFSET(_v) ((_v) & (ELF_MIN_ALIGN-1))
89 #define ELF_PAGEALIGN(_v) (((_v) + ELF_MIN_ALIGN - 1) & ~(ELF_MIN_ALIGN - 1))
91 static struct linux_binfmt elf_format = {
92 .module = THIS_MODULE,
93 .load_binary = load_elf_binary,
94 .load_shlib = load_elf_library,
95 .core_dump = elf_core_dump,
96 .min_coredump = ELF_EXEC_PAGESIZE,
99 #define BAD_ADDR(x) ((unsigned long)(x) >= TASK_SIZE)
101 static int set_brk(unsigned long start, unsigned long end, int prot)
103 start = ELF_PAGEALIGN(start);
104 end = ELF_PAGEALIGN(end);
107 * Map the last of the bss segment.
108 * If the header is requesting these pages to be
109 * executable, honour that (ppc32 needs this).
111 int error = vm_brk_flags(start, end - start,
112 prot & PROT_EXEC ? VM_EXEC : 0);
116 current->mm->start_brk = current->mm->brk = end;
120 /* We need to explicitly zero any fractional pages
121 after the data section (i.e. bss). This would
122 contain the junk from the file that should not
125 static int padzero(unsigned long elf_bss)
129 nbyte = ELF_PAGEOFFSET(elf_bss);
131 nbyte = ELF_MIN_ALIGN - nbyte;
132 if (clear_user((void __user *) elf_bss, nbyte))
138 /* Let's use some macros to make this stack manipulation a little clearer */
139 #ifdef CONFIG_STACK_GROWSUP
140 #define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) + (items))
141 #define STACK_ROUND(sp, items) \
142 ((15 + (unsigned long) ((sp) + (items))) &~ 15UL)
143 #define STACK_ALLOC(sp, len) ({ \
144 elf_addr_t __user *old_sp = (elf_addr_t __user *)sp; sp += len; \
147 #define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) - (items))
148 #define STACK_ROUND(sp, items) \
149 (((unsigned long) (sp - items)) &~ 15UL)
150 #define STACK_ALLOC(sp, len) ({ sp -= len ; sp; })
153 #ifndef ELF_BASE_PLATFORM
155 * AT_BASE_PLATFORM indicates the "real" hardware/microarchitecture.
156 * If the arch defines ELF_BASE_PLATFORM (in asm/elf.h), the value
157 * will be copied to the user stack in the same manner as AT_PLATFORM.
159 #define ELF_BASE_PLATFORM NULL
163 create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
164 unsigned long load_addr, unsigned long interp_load_addr)
166 unsigned long p = bprm->p;
167 int argc = bprm->argc;
168 int envc = bprm->envc;
169 elf_addr_t __user *sp;
170 elf_addr_t __user *u_platform;
171 elf_addr_t __user *u_base_platform;
172 elf_addr_t __user *u_rand_bytes;
173 const char *k_platform = ELF_PLATFORM;
174 const char *k_base_platform = ELF_BASE_PLATFORM;
175 unsigned char k_rand_bytes[16];
177 elf_addr_t *elf_info;
179 const struct cred *cred = current_cred();
180 struct vm_area_struct *vma;
183 * In some cases (e.g. Hyper-Threading), we want to avoid L1
184 * evictions by the processes running on the same package. One
185 * thing we can do is to shuffle the initial stack for them.
188 p = arch_align_stack(p);
191 * If this architecture has a platform capability string, copy it
192 * to userspace. In some cases (Sparc), this info is impossible
193 * for userspace to get any other way, in others (i386) it is
198 size_t len = strlen(k_platform) + 1;
200 u_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
201 if (__copy_to_user(u_platform, k_platform, len))
206 * If this architecture has a "base" platform capability
207 * string, copy it to userspace.
209 u_base_platform = NULL;
210 if (k_base_platform) {
211 size_t len = strlen(k_base_platform) + 1;
213 u_base_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
214 if (__copy_to_user(u_base_platform, k_base_platform, len))
219 * Generate 16 random bytes for userspace PRNG seeding.
221 get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes));
222 u_rand_bytes = (elf_addr_t __user *)
223 STACK_ALLOC(p, sizeof(k_rand_bytes));
224 if (__copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes)))
227 /* Create the ELF interpreter info */
228 elf_info = (elf_addr_t *)current->mm->saved_auxv;
229 /* update AT_VECTOR_SIZE_BASE if the number of NEW_AUX_ENT() changes */
230 #define NEW_AUX_ENT(id, val) \
232 elf_info[ei_index++] = id; \
233 elf_info[ei_index++] = val; \
238 * ARCH_DLINFO must come first so PPC can do its special alignment of
240 * update AT_VECTOR_SIZE_ARCH if the number of NEW_AUX_ENT() in
241 * ARCH_DLINFO changes
245 NEW_AUX_ENT(AT_HWCAP, ELF_HWCAP);
246 NEW_AUX_ENT(AT_PAGESZ, ELF_EXEC_PAGESIZE);
247 NEW_AUX_ENT(AT_CLKTCK, CLOCKS_PER_SEC);
248 NEW_AUX_ENT(AT_PHDR, load_addr + exec->e_phoff);
249 NEW_AUX_ENT(AT_PHENT, sizeof(struct elf_phdr));
250 NEW_AUX_ENT(AT_PHNUM, exec->e_phnum);
251 NEW_AUX_ENT(AT_BASE, interp_load_addr);
252 NEW_AUX_ENT(AT_FLAGS, 0);
253 NEW_AUX_ENT(AT_ENTRY, exec->e_entry);
254 NEW_AUX_ENT(AT_UID, from_kuid_munged(cred->user_ns, cred->uid));
255 NEW_AUX_ENT(AT_EUID, from_kuid_munged(cred->user_ns, cred->euid));
256 NEW_AUX_ENT(AT_GID, from_kgid_munged(cred->user_ns, cred->gid));
257 NEW_AUX_ENT(AT_EGID, from_kgid_munged(cred->user_ns, cred->egid));
258 NEW_AUX_ENT(AT_SECURE, bprm->secureexec);
259 NEW_AUX_ENT(AT_RANDOM, (elf_addr_t)(unsigned long)u_rand_bytes);
261 NEW_AUX_ENT(AT_HWCAP2, ELF_HWCAP2);
263 NEW_AUX_ENT(AT_EXECFN, bprm->exec);
265 NEW_AUX_ENT(AT_PLATFORM,
266 (elf_addr_t)(unsigned long)u_platform);
268 if (k_base_platform) {
269 NEW_AUX_ENT(AT_BASE_PLATFORM,
270 (elf_addr_t)(unsigned long)u_base_platform);
272 if (bprm->interp_flags & BINPRM_FLAGS_EXECFD) {
273 NEW_AUX_ENT(AT_EXECFD, bprm->interp_data);
276 /* AT_NULL is zero; clear the rest too */
277 memset(&elf_info[ei_index], 0,
278 sizeof current->mm->saved_auxv - ei_index * sizeof elf_info[0]);
280 /* And advance past the AT_NULL entry. */
283 sp = STACK_ADD(p, ei_index);
285 items = (argc + 1) + (envc + 1) + 1;
286 bprm->p = STACK_ROUND(sp, items);
288 /* Point sp at the lowest address on the stack */
289 #ifdef CONFIG_STACK_GROWSUP
290 sp = (elf_addr_t __user *)bprm->p - items - ei_index;
291 bprm->exec = (unsigned long)sp; /* XXX: PARISC HACK */
293 sp = (elf_addr_t __user *)bprm->p;
298 * Grow the stack manually; some architectures have a limit on how
299 * far ahead a user-space access may be in order to grow the stack.
301 vma = find_extend_vma(current->mm, bprm->p);
305 /* Now, let's put argc (and argv, envp if appropriate) on the stack */
306 if (__put_user(argc, sp++))
309 /* Populate list of argv pointers back to argv strings. */
310 p = current->mm->arg_end = current->mm->arg_start;
313 if (__put_user((elf_addr_t)p, sp++))
315 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
316 if (!len || len > MAX_ARG_STRLEN)
320 if (__put_user(0, sp++))
322 current->mm->arg_end = p;
324 /* Populate list of envp pointers back to envp strings. */
325 current->mm->env_end = current->mm->env_start = p;
328 if (__put_user((elf_addr_t)p, sp++))
330 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
331 if (!len || len > MAX_ARG_STRLEN)
335 if (__put_user(0, sp++))
337 current->mm->env_end = p;
339 /* Put the elf_info on the stack in the right place. */
340 if (copy_to_user(sp, elf_info, ei_index * sizeof(elf_addr_t)))
347 static unsigned long elf_map(struct file *filep, unsigned long addr,
348 const struct elf_phdr *eppnt, int prot, int type,
349 unsigned long total_size)
351 unsigned long map_addr;
352 unsigned long size = eppnt->p_filesz + ELF_PAGEOFFSET(eppnt->p_vaddr);
353 unsigned long off = eppnt->p_offset - ELF_PAGEOFFSET(eppnt->p_vaddr);
354 addr = ELF_PAGESTART(addr);
355 size = ELF_PAGEALIGN(size);
357 /* mmap() will return -EINVAL if given a zero size, but a
358 * segment with zero filesize is perfectly valid */
363 * total_size is the size of the ELF (interpreter) image.
364 * The _first_ mmap needs to know the full size, otherwise
365 * randomization might put this image into an overlapping
366 * position with the ELF binary image. (since size < total_size)
367 * So we first map the 'big' image - and unmap the remainder at
368 * the end. (which unmap is needed for ELF images with holes.)
371 total_size = ELF_PAGEALIGN(total_size);
372 map_addr = vm_mmap(filep, addr, total_size, prot, type, off);
373 if (!BAD_ADDR(map_addr))
374 vm_munmap(map_addr+size, total_size-size);
376 map_addr = vm_mmap(filep, addr, size, prot, type, off);
378 if ((type & MAP_FIXED_NOREPLACE) &&
379 PTR_ERR((void *)map_addr) == -EEXIST)
380 pr_info("%d (%s): Uhuuh, elf segment at %px requested but the memory is mapped already\n",
381 task_pid_nr(current), current->comm, (void *)addr);
386 #endif /* !elf_map */
388 static unsigned long total_mapping_size(const struct elf_phdr *cmds, int nr)
390 int i, first_idx = -1, last_idx = -1;
392 for (i = 0; i < nr; i++) {
393 if (cmds[i].p_type == PT_LOAD) {
402 return cmds[last_idx].p_vaddr + cmds[last_idx].p_memsz -
403 ELF_PAGESTART(cmds[first_idx].p_vaddr);
407 * load_elf_phdrs() - load ELF program headers
408 * @elf_ex: ELF header of the binary whose program headers should be loaded
409 * @elf_file: the opened ELF binary file
411 * Loads ELF program headers from the binary file elf_file, which has the ELF
412 * header pointed to by elf_ex, into a newly allocated array. The caller is
413 * responsible for freeing the allocated data. Returns an ERR_PTR upon failure.
415 static struct elf_phdr *load_elf_phdrs(const struct elfhdr *elf_ex,
416 struct file *elf_file)
418 struct elf_phdr *elf_phdata = NULL;
419 int retval, err = -1;
420 loff_t pos = elf_ex->e_phoff;
424 * If the size of this structure has changed, then punt, since
425 * we will be doing the wrong thing.
427 if (elf_ex->e_phentsize != sizeof(struct elf_phdr))
430 /* Sanity check the number of program headers... */
431 /* ...and their total size. */
432 size = sizeof(struct elf_phdr) * elf_ex->e_phnum;
433 if (size == 0 || size > 65536 || size > ELF_MIN_ALIGN)
436 elf_phdata = kmalloc(size, GFP_KERNEL);
440 /* Read in the program headers */
441 retval = kernel_read(elf_file, elf_phdata, size, &pos);
442 if (retval != size) {
443 err = (retval < 0) ? retval : -EIO;
457 #ifndef CONFIG_ARCH_BINFMT_ELF_STATE
460 * struct arch_elf_state - arch-specific ELF loading state
462 * This structure is used to preserve architecture specific data during
463 * the loading of an ELF file, throughout the checking of architecture
464 * specific ELF headers & through to the point where the ELF load is
465 * known to be proceeding (ie. SET_PERSONALITY).
467 * This implementation is a dummy for architectures which require no
470 struct arch_elf_state {
473 #define INIT_ARCH_ELF_STATE {}
476 * arch_elf_pt_proc() - check a PT_LOPROC..PT_HIPROC ELF program header
477 * @ehdr: The main ELF header
478 * @phdr: The program header to check
479 * @elf: The open ELF file
480 * @is_interp: True if the phdr is from the interpreter of the ELF being
481 * loaded, else false.
482 * @state: Architecture-specific state preserved throughout the process
483 * of loading the ELF.
485 * Inspects the program header phdr to validate its correctness and/or
486 * suitability for the system. Called once per ELF program header in the
487 * range PT_LOPROC to PT_HIPROC, for both the ELF being loaded and its
490 * Return: Zero to proceed with the ELF load, non-zero to fail the ELF load
491 * with that return code.
493 static inline int arch_elf_pt_proc(struct elfhdr *ehdr,
494 struct elf_phdr *phdr,
495 struct file *elf, bool is_interp,
496 struct arch_elf_state *state)
498 /* Dummy implementation, always proceed */
503 * arch_check_elf() - check an ELF executable
504 * @ehdr: The main ELF header
505 * @has_interp: True if the ELF has an interpreter, else false.
506 * @interp_ehdr: The interpreter's ELF header
507 * @state: Architecture-specific state preserved throughout the process
508 * of loading the ELF.
510 * Provides a final opportunity for architecture code to reject the loading
511 * of the ELF & cause an exec syscall to return an error. This is called after
512 * all program headers to be checked by arch_elf_pt_proc have been.
514 * Return: Zero to proceed with the ELF load, non-zero to fail the ELF load
515 * with that return code.
517 static inline int arch_check_elf(struct elfhdr *ehdr, bool has_interp,
518 struct elfhdr *interp_ehdr,
519 struct arch_elf_state *state)
521 /* Dummy implementation, always proceed */
525 #endif /* !CONFIG_ARCH_BINFMT_ELF_STATE */
527 static inline int make_prot(u32 p_flags)
540 /* This is much more generalized than the library routine read function,
541 so we keep this separate. Technically the library read function
542 is only provided so that we can read a.out libraries that have
545 static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
546 struct file *interpreter, unsigned long *interp_map_addr,
547 unsigned long no_base, struct elf_phdr *interp_elf_phdata)
549 struct elf_phdr *eppnt;
550 unsigned long load_addr = 0;
551 int load_addr_set = 0;
552 unsigned long last_bss = 0, elf_bss = 0;
554 unsigned long error = ~0UL;
555 unsigned long total_size;
558 /* First of all, some simple consistency checks */
559 if (interp_elf_ex->e_type != ET_EXEC &&
560 interp_elf_ex->e_type != ET_DYN)
562 if (!elf_check_arch(interp_elf_ex) ||
563 elf_check_fdpic(interp_elf_ex))
565 if (!interpreter->f_op->mmap)
568 total_size = total_mapping_size(interp_elf_phdata,
569 interp_elf_ex->e_phnum);
575 eppnt = interp_elf_phdata;
576 for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) {
577 if (eppnt->p_type == PT_LOAD) {
578 int elf_type = MAP_PRIVATE | MAP_DENYWRITE;
579 int elf_prot = make_prot(eppnt->p_flags);
580 unsigned long vaddr = 0;
581 unsigned long k, map_addr;
583 vaddr = eppnt->p_vaddr;
584 if (interp_elf_ex->e_type == ET_EXEC || load_addr_set)
585 elf_type |= MAP_FIXED_NOREPLACE;
586 else if (no_base && interp_elf_ex->e_type == ET_DYN)
589 map_addr = elf_map(interpreter, load_addr + vaddr,
590 eppnt, elf_prot, elf_type, total_size);
592 if (!*interp_map_addr)
593 *interp_map_addr = map_addr;
595 if (BAD_ADDR(map_addr))
598 if (!load_addr_set &&
599 interp_elf_ex->e_type == ET_DYN) {
600 load_addr = map_addr - ELF_PAGESTART(vaddr);
605 * Check to see if the section's size will overflow the
606 * allowed task size. Note that p_filesz must always be
607 * <= p_memsize so it's only necessary to check p_memsz.
609 k = load_addr + eppnt->p_vaddr;
611 eppnt->p_filesz > eppnt->p_memsz ||
612 eppnt->p_memsz > TASK_SIZE ||
613 TASK_SIZE - eppnt->p_memsz < k) {
619 * Find the end of the file mapping for this phdr, and
620 * keep track of the largest address we see for this.
622 k = load_addr + eppnt->p_vaddr + eppnt->p_filesz;
627 * Do the same thing for the memory mapping - between
628 * elf_bss and last_bss is the bss section.
630 k = load_addr + eppnt->p_vaddr + eppnt->p_memsz;
639 * Now fill out the bss section: first pad the last page from
640 * the file up to the page boundary, and zero it from elf_bss
641 * up to the end of the page.
643 if (padzero(elf_bss)) {
648 * Next, align both the file and mem bss up to the page size,
649 * since this is where elf_bss was just zeroed up to, and where
650 * last_bss will end after the vm_brk_flags() below.
652 elf_bss = ELF_PAGEALIGN(elf_bss);
653 last_bss = ELF_PAGEALIGN(last_bss);
654 /* Finally, if there is still more bss to allocate, do it. */
655 if (last_bss > elf_bss) {
656 error = vm_brk_flags(elf_bss, last_bss - elf_bss,
657 bss_prot & PROT_EXEC ? VM_EXEC : 0);
668 * These are the functions used to load ELF style executables and shared
669 * libraries. There is no binary dependent code anywhere else.
672 #ifndef STACK_RND_MASK
673 #define STACK_RND_MASK (0x7ff >> (PAGE_SHIFT - 12)) /* 8MB of VA */
676 static unsigned long randomize_stack_top(unsigned long stack_top)
678 unsigned long random_variable = 0;
680 if (current->flags & PF_RANDOMIZE) {
681 random_variable = get_random_long();
682 random_variable &= STACK_RND_MASK;
683 random_variable <<= PAGE_SHIFT;
685 #ifdef CONFIG_STACK_GROWSUP
686 return PAGE_ALIGN(stack_top) + random_variable;
688 return PAGE_ALIGN(stack_top) - random_variable;
692 static int load_elf_binary(struct linux_binprm *bprm)
694 struct file *interpreter = NULL; /* to shut gcc up */
695 unsigned long load_addr = 0, load_bias = 0;
696 int load_addr_set = 0;
698 struct elf_phdr *elf_ppnt, *elf_phdata, *interp_elf_phdata = NULL;
699 unsigned long elf_bss, elf_brk;
702 unsigned long elf_entry;
703 unsigned long interp_load_addr = 0;
704 unsigned long start_code, end_code, start_data, end_data;
705 unsigned long reloc_func_desc __maybe_unused = 0;
706 int executable_stack = EXSTACK_DEFAULT;
708 struct elfhdr elf_ex;
709 struct elfhdr interp_elf_ex;
711 struct arch_elf_state arch_state = INIT_ARCH_ELF_STATE;
712 struct pt_regs *regs;
714 loc = kmalloc(sizeof(*loc), GFP_KERNEL);
720 /* Get the exec-header */
721 loc->elf_ex = *((struct elfhdr *)bprm->buf);
724 /* First of all, some simple consistency checks */
725 if (memcmp(loc->elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
728 if (loc->elf_ex.e_type != ET_EXEC && loc->elf_ex.e_type != ET_DYN)
730 if (!elf_check_arch(&loc->elf_ex))
732 if (elf_check_fdpic(&loc->elf_ex))
734 if (!bprm->file->f_op->mmap)
737 elf_phdata = load_elf_phdrs(&loc->elf_ex, bprm->file);
741 elf_ppnt = elf_phdata;
742 for (i = 0; i < loc->elf_ex.e_phnum; i++, elf_ppnt++) {
743 char *elf_interpreter;
746 if (elf_ppnt->p_type != PT_INTERP)
750 * This is the program interpreter used for shared libraries -
751 * for now assume that this is an a.out format binary.
754 if (elf_ppnt->p_filesz > PATH_MAX || elf_ppnt->p_filesz < 2)
758 elf_interpreter = kmalloc(elf_ppnt->p_filesz, GFP_KERNEL);
759 if (!elf_interpreter)
762 pos = elf_ppnt->p_offset;
763 retval = kernel_read(bprm->file, elf_interpreter,
764 elf_ppnt->p_filesz, &pos);
765 if (retval != elf_ppnt->p_filesz) {
768 goto out_free_interp;
770 /* make sure path is NULL terminated */
772 if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0')
773 goto out_free_interp;
775 interpreter = open_exec(elf_interpreter);
776 kfree(elf_interpreter);
777 retval = PTR_ERR(interpreter);
778 if (IS_ERR(interpreter))
782 * If the binary is not readable then enforce mm->dumpable = 0
783 * regardless of the interpreter's permissions.
785 would_dump(bprm, interpreter);
787 /* Get the exec headers */
789 retval = kernel_read(interpreter, &loc->interp_elf_ex,
790 sizeof(loc->interp_elf_ex), &pos);
791 if (retval != sizeof(loc->interp_elf_ex)) {
794 goto out_free_dentry;
800 kfree(elf_interpreter);
804 elf_ppnt = elf_phdata;
805 for (i = 0; i < loc->elf_ex.e_phnum; i++, elf_ppnt++)
806 switch (elf_ppnt->p_type) {
808 if (elf_ppnt->p_flags & PF_X)
809 executable_stack = EXSTACK_ENABLE_X;
811 executable_stack = EXSTACK_DISABLE_X;
814 case PT_LOPROC ... PT_HIPROC:
815 retval = arch_elf_pt_proc(&loc->elf_ex, elf_ppnt,
819 goto out_free_dentry;
823 /* Some simple consistency checks for the interpreter */
826 /* Not an ELF interpreter */
827 if (memcmp(loc->interp_elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
828 goto out_free_dentry;
829 /* Verify the interpreter has a valid arch */
830 if (!elf_check_arch(&loc->interp_elf_ex) ||
831 elf_check_fdpic(&loc->interp_elf_ex))
832 goto out_free_dentry;
834 /* Load the interpreter program headers */
835 interp_elf_phdata = load_elf_phdrs(&loc->interp_elf_ex,
837 if (!interp_elf_phdata)
838 goto out_free_dentry;
840 /* Pass PT_LOPROC..PT_HIPROC headers to arch code */
841 elf_ppnt = interp_elf_phdata;
842 for (i = 0; i < loc->interp_elf_ex.e_phnum; i++, elf_ppnt++)
843 switch (elf_ppnt->p_type) {
844 case PT_LOPROC ... PT_HIPROC:
845 retval = arch_elf_pt_proc(&loc->interp_elf_ex,
846 elf_ppnt, interpreter,
849 goto out_free_dentry;
855 * Allow arch code to reject the ELF at this point, whilst it's
856 * still possible to return an error to the code that invoked
859 retval = arch_check_elf(&loc->elf_ex,
860 !!interpreter, &loc->interp_elf_ex,
863 goto out_free_dentry;
865 /* Flush all traces of the currently running executable */
866 retval = flush_old_exec(bprm);
868 goto out_free_dentry;
870 /* Do this immediately, since STACK_TOP as used in setup_arg_pages
871 may depend on the personality. */
872 SET_PERSONALITY2(loc->elf_ex, &arch_state);
873 if (elf_read_implies_exec(loc->elf_ex, executable_stack))
874 current->personality |= READ_IMPLIES_EXEC;
876 if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
877 current->flags |= PF_RANDOMIZE;
879 setup_new_exec(bprm);
880 install_exec_creds(bprm);
882 /* Do this so that we can load the interpreter, if need be. We will
883 change some of these later */
884 retval = setup_arg_pages(bprm, randomize_stack_top(STACK_TOP),
887 goto out_free_dentry;
897 /* Now we do a little grungy work by mmapping the ELF image into
898 the correct location in memory. */
899 for(i = 0, elf_ppnt = elf_phdata;
900 i < loc->elf_ex.e_phnum; i++, elf_ppnt++) {
901 int elf_prot, elf_flags, elf_fixed = MAP_FIXED_NOREPLACE;
902 unsigned long k, vaddr;
903 unsigned long total_size = 0;
905 if (elf_ppnt->p_type != PT_LOAD)
908 if (unlikely (elf_brk > elf_bss)) {
911 /* There was a PT_LOAD segment with p_memsz > p_filesz
912 before this one. Map anonymous pages, if needed,
913 and clear the area. */
914 retval = set_brk(elf_bss + load_bias,
918 goto out_free_dentry;
919 nbyte = ELF_PAGEOFFSET(elf_bss);
921 nbyte = ELF_MIN_ALIGN - nbyte;
922 if (nbyte > elf_brk - elf_bss)
923 nbyte = elf_brk - elf_bss;
924 if (clear_user((void __user *)elf_bss +
927 * This bss-zeroing can fail if the ELF
928 * file specifies odd protections. So
929 * we don't check the return value
935 * Some binaries have overlapping elf segments and then
936 * we have to forcefully map over an existing mapping
937 * e.g. over this newly established brk mapping.
939 elf_fixed = MAP_FIXED;
942 elf_prot = make_prot(elf_ppnt->p_flags);
944 elf_flags = MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE;
946 vaddr = elf_ppnt->p_vaddr;
948 * If we are loading ET_EXEC or we have already performed
949 * the ET_DYN load_addr calculations, proceed normally.
951 if (loc->elf_ex.e_type == ET_EXEC || load_addr_set) {
952 elf_flags |= elf_fixed;
953 } else if (loc->elf_ex.e_type == ET_DYN) {
955 * This logic is run once for the first LOAD Program
956 * Header for ET_DYN binaries to calculate the
957 * randomization (load_bias) for all the LOAD
958 * Program Headers, and to calculate the entire
959 * size of the ELF mapping (total_size). (Note that
960 * load_addr_set is set to true later once the
961 * initial mapping is performed.)
963 * There are effectively two types of ET_DYN
964 * binaries: programs (i.e. PIE: ET_DYN with INTERP)
965 * and loaders (ET_DYN without INTERP, since they
966 * _are_ the ELF interpreter). The loaders must
967 * be loaded away from programs since the program
968 * may otherwise collide with the loader (especially
969 * for ET_EXEC which does not have a randomized
970 * position). For example to handle invocations of
971 * "./ld.so someprog" to test out a new version of
972 * the loader, the subsequent program that the
973 * loader loads must avoid the loader itself, so
974 * they cannot share the same load range. Sufficient
975 * room for the brk must be allocated with the
976 * loader as well, since brk must be available with
979 * Therefore, programs are loaded offset from
980 * ELF_ET_DYN_BASE and loaders are loaded into the
981 * independently randomized mmap region (0 load_bias
982 * without MAP_FIXED).
985 load_bias = ELF_ET_DYN_BASE;
986 if (current->flags & PF_RANDOMIZE)
987 load_bias += arch_mmap_rnd();
988 elf_flags |= elf_fixed;
993 * Since load_bias is used for all subsequent loading
994 * calculations, we must lower it by the first vaddr
995 * so that the remaining calculations based on the
996 * ELF vaddrs will be correctly offset. The result
997 * is then page aligned.
999 load_bias = ELF_PAGESTART(load_bias - vaddr);
1001 total_size = total_mapping_size(elf_phdata,
1002 loc->elf_ex.e_phnum);
1005 goto out_free_dentry;
1009 error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
1010 elf_prot, elf_flags, total_size);
1011 if (BAD_ADDR(error)) {
1012 retval = IS_ERR((void *)error) ?
1013 PTR_ERR((void*)error) : -EINVAL;
1014 goto out_free_dentry;
1017 if (!load_addr_set) {
1019 load_addr = (elf_ppnt->p_vaddr - elf_ppnt->p_offset);
1020 if (loc->elf_ex.e_type == ET_DYN) {
1021 load_bias += error -
1022 ELF_PAGESTART(load_bias + vaddr);
1023 load_addr += load_bias;
1024 reloc_func_desc = load_bias;
1027 k = elf_ppnt->p_vaddr;
1034 * Check to see if the section's size will overflow the
1035 * allowed task size. Note that p_filesz must always be
1036 * <= p_memsz so it is only necessary to check p_memsz.
1038 if (BAD_ADDR(k) || elf_ppnt->p_filesz > elf_ppnt->p_memsz ||
1039 elf_ppnt->p_memsz > TASK_SIZE ||
1040 TASK_SIZE - elf_ppnt->p_memsz < k) {
1041 /* set_brk can never work. Avoid overflows. */
1043 goto out_free_dentry;
1046 k = elf_ppnt->p_vaddr + elf_ppnt->p_filesz;
1050 if ((elf_ppnt->p_flags & PF_X) && end_code < k)
1054 k = elf_ppnt->p_vaddr + elf_ppnt->p_memsz;
1056 bss_prot = elf_prot;
1061 loc->elf_ex.e_entry += load_bias;
1062 elf_bss += load_bias;
1063 elf_brk += load_bias;
1064 start_code += load_bias;
1065 end_code += load_bias;
1066 start_data += load_bias;
1067 end_data += load_bias;
1069 /* Calling set_brk effectively mmaps the pages that we need
1070 * for the bss and break sections. We must do this before
1071 * mapping in the interpreter, to make sure it doesn't wind
1072 * up getting placed where the bss needs to go.
1074 retval = set_brk(elf_bss, elf_brk, bss_prot);
1076 goto out_free_dentry;
1077 if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
1078 retval = -EFAULT; /* Nobody gets to see this, but.. */
1079 goto out_free_dentry;
1083 unsigned long interp_map_addr = 0;
1085 elf_entry = load_elf_interp(&loc->interp_elf_ex,
1088 load_bias, interp_elf_phdata);
1089 if (!IS_ERR((void *)elf_entry)) {
1091 * load_elf_interp() returns relocation
1094 interp_load_addr = elf_entry;
1095 elf_entry += loc->interp_elf_ex.e_entry;
1097 if (BAD_ADDR(elf_entry)) {
1098 retval = IS_ERR((void *)elf_entry) ?
1099 (int)elf_entry : -EINVAL;
1100 goto out_free_dentry;
1102 reloc_func_desc = interp_load_addr;
1104 allow_write_access(interpreter);
1107 elf_entry = loc->elf_ex.e_entry;
1108 if (BAD_ADDR(elf_entry)) {
1110 goto out_free_dentry;
1114 kfree(interp_elf_phdata);
1117 set_binfmt(&elf_format);
1119 #ifdef ARCH_HAS_SETUP_ADDITIONAL_PAGES
1120 retval = arch_setup_additional_pages(bprm, !!interpreter);
1123 #endif /* ARCH_HAS_SETUP_ADDITIONAL_PAGES */
1125 retval = create_elf_tables(bprm, &loc->elf_ex,
1126 load_addr, interp_load_addr);
1129 /* N.B. passed_fileno might not be initialized? */
1130 current->mm->end_code = end_code;
1131 current->mm->start_code = start_code;
1132 current->mm->start_data = start_data;
1133 current->mm->end_data = end_data;
1134 current->mm->start_stack = bprm->p;
1136 if ((current->flags & PF_RANDOMIZE) && (randomize_va_space > 1)) {
1138 * For architectures with ELF randomization, when executing
1139 * a loader directly (i.e. no interpreter listed in ELF
1140 * headers), move the brk area out of the mmap region
1141 * (since it grows up, and may collide early with the stack
1142 * growing down), and into the unused ELF_ET_DYN_BASE region.
1144 if (IS_ENABLED(CONFIG_ARCH_HAS_ELF_RANDOMIZE) && !interpreter)
1145 current->mm->brk = current->mm->start_brk =
1148 current->mm->brk = current->mm->start_brk =
1149 arch_randomize_brk(current->mm);
1150 #ifdef compat_brk_randomized
1151 current->brk_randomized = 1;
1155 if (current->personality & MMAP_PAGE_ZERO) {
1156 /* Why this, you ask??? Well SVr4 maps page 0 as read-only,
1157 and some applications "depend" upon this behavior.
1158 Since we do not have the power to recompile these, we
1159 emulate the SVr4 behavior. Sigh. */
1160 error = vm_mmap(NULL, 0, PAGE_SIZE, PROT_READ | PROT_EXEC,
1161 MAP_FIXED | MAP_PRIVATE, 0);
1164 regs = current_pt_regs();
1165 #ifdef ELF_PLAT_INIT
1167 * The ABI may specify that certain registers be set up in special
1168 * ways (on i386 %edx is the address of a DT_FINI function, for
1169 * example. In addition, it may also specify (eg, PowerPC64 ELF)
1170 * that the e_entry field is the address of the function descriptor
1171 * for the startup routine, rather than the address of the startup
1172 * routine itself. This macro performs whatever initialization to
1173 * the regs structure is required as well as any relocations to the
1174 * function descriptor entries when executing dynamically links apps.
1176 ELF_PLAT_INIT(regs, reloc_func_desc);
1179 finalize_exec(bprm);
1180 start_thread(regs, elf_entry, bprm->p);
1189 kfree(interp_elf_phdata);
1190 allow_write_access(interpreter);
1198 #ifdef CONFIG_USELIB
1199 /* This is really simpleminded and specialized - we are loading an
1200 a.out library that is given an ELF header. */
1201 static int load_elf_library(struct file *file)
1203 struct elf_phdr *elf_phdata;
1204 struct elf_phdr *eppnt;
1205 unsigned long elf_bss, bss, len;
1206 int retval, error, i, j;
1207 struct elfhdr elf_ex;
1211 retval = kernel_read(file, &elf_ex, sizeof(elf_ex), &pos);
1212 if (retval != sizeof(elf_ex))
1215 if (memcmp(elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
1218 /* First of all, some simple consistency checks */
1219 if (elf_ex.e_type != ET_EXEC || elf_ex.e_phnum > 2 ||
1220 !elf_check_arch(&elf_ex) || !file->f_op->mmap)
1222 if (elf_check_fdpic(&elf_ex))
1225 /* Now read in all of the header information */
1227 j = sizeof(struct elf_phdr) * elf_ex.e_phnum;
1228 /* j < ELF_MIN_ALIGN because elf_ex.e_phnum <= 2 */
1231 elf_phdata = kmalloc(j, GFP_KERNEL);
1237 pos = elf_ex.e_phoff;
1238 retval = kernel_read(file, eppnt, j, &pos);
1242 for (j = 0, i = 0; i<elf_ex.e_phnum; i++)
1243 if ((eppnt + i)->p_type == PT_LOAD)
1248 while (eppnt->p_type != PT_LOAD)
1251 /* Now use mmap to map the library into memory. */
1252 error = vm_mmap(file,
1253 ELF_PAGESTART(eppnt->p_vaddr),
1255 ELF_PAGEOFFSET(eppnt->p_vaddr)),
1256 PROT_READ | PROT_WRITE | PROT_EXEC,
1257 MAP_FIXED_NOREPLACE | MAP_PRIVATE | MAP_DENYWRITE,
1259 ELF_PAGEOFFSET(eppnt->p_vaddr)));
1260 if (error != ELF_PAGESTART(eppnt->p_vaddr))
1263 elf_bss = eppnt->p_vaddr + eppnt->p_filesz;
1264 if (padzero(elf_bss)) {
1269 len = ELF_PAGEALIGN(eppnt->p_filesz + eppnt->p_vaddr);
1270 bss = ELF_PAGEALIGN(eppnt->p_memsz + eppnt->p_vaddr);
1272 error = vm_brk(len, bss - len);
1283 #endif /* #ifdef CONFIG_USELIB */
1285 #ifdef CONFIG_ELF_CORE
1289 * Modelled on fs/exec.c:aout_core_dump()
1290 * Jeremy Fitzhardinge <jeremy@sw.oz.au>
1294 * The purpose of always_dump_vma() is to make sure that special kernel mappings
1295 * that are useful for post-mortem analysis are included in every core dump.
1296 * In that way we ensure that the core dump is fully interpretable later
1297 * without matching up the same kernel and hardware config to see what PC values
1298 * meant. These special mappings include - vDSO, vsyscall, and other
1299 * architecture specific mappings
1301 static bool always_dump_vma(struct vm_area_struct *vma)
1303 /* Any vsyscall mappings? */
1304 if (vma == get_gate_vma(vma->vm_mm))
1308 * Assume that all vmas with a .name op should always be dumped.
1309 * If this changes, a new vm_ops field can easily be added.
1311 if (vma->vm_ops && vma->vm_ops->name && vma->vm_ops->name(vma))
1315 * arch_vma_name() returns non-NULL for special architecture mappings,
1316 * such as vDSO sections.
1318 if (arch_vma_name(vma))
1325 * Decide what to dump of a segment, part, all or none.
1327 static unsigned long vma_dump_size(struct vm_area_struct *vma,
1328 unsigned long mm_flags)
1330 #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type))
1332 /* always dump the vdso and vsyscall sections */
1333 if (always_dump_vma(vma))
1336 if (vma->vm_flags & VM_DONTDUMP)
1339 /* support for DAX */
1340 if (vma_is_dax(vma)) {
1341 if ((vma->vm_flags & VM_SHARED) && FILTER(DAX_SHARED))
1343 if (!(vma->vm_flags & VM_SHARED) && FILTER(DAX_PRIVATE))
1348 /* Hugetlb memory check */
1349 if (vma->vm_flags & VM_HUGETLB) {
1350 if ((vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_SHARED))
1352 if (!(vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_PRIVATE))
1357 /* Do not dump I/O mapped devices or special mappings */
1358 if (vma->vm_flags & VM_IO)
1361 /* By default, dump shared memory if mapped from an anonymous file. */
1362 if (vma->vm_flags & VM_SHARED) {
1363 if (file_inode(vma->vm_file)->i_nlink == 0 ?
1364 FILTER(ANON_SHARED) : FILTER(MAPPED_SHARED))
1369 /* Dump segments that have been written to. */
1370 if (vma->anon_vma && FILTER(ANON_PRIVATE))
1372 if (vma->vm_file == NULL)
1375 if (FILTER(MAPPED_PRIVATE))
1379 * If this looks like the beginning of a DSO or executable mapping,
1380 * check for an ELF header. If we find one, dump the first page to
1381 * aid in determining what was mapped here.
1383 if (FILTER(ELF_HEADERS) &&
1384 vma->vm_pgoff == 0 && (vma->vm_flags & VM_READ)) {
1385 u32 __user *header = (u32 __user *) vma->vm_start;
1387 mm_segment_t fs = get_fs();
1389 * Doing it this way gets the constant folded by GCC.
1393 char elfmag[SELFMAG];
1395 BUILD_BUG_ON(SELFMAG != sizeof word);
1396 magic.elfmag[EI_MAG0] = ELFMAG0;
1397 magic.elfmag[EI_MAG1] = ELFMAG1;
1398 magic.elfmag[EI_MAG2] = ELFMAG2;
1399 magic.elfmag[EI_MAG3] = ELFMAG3;
1401 * Switch to the user "segment" for get_user(),
1402 * then put back what elf_core_dump() had in place.
1405 if (unlikely(get_user(word, header)))
1408 if (word == magic.cmp)
1417 return vma->vm_end - vma->vm_start;
1420 /* An ELF note in memory */
1425 unsigned int datasz;
1429 static int notesize(struct memelfnote *en)
1433 sz = sizeof(struct elf_note);
1434 sz += roundup(strlen(en->name) + 1, 4);
1435 sz += roundup(en->datasz, 4);
1440 static int writenote(struct memelfnote *men, struct coredump_params *cprm)
1443 en.n_namesz = strlen(men->name) + 1;
1444 en.n_descsz = men->datasz;
1445 en.n_type = men->type;
1447 return dump_emit(cprm, &en, sizeof(en)) &&
1448 dump_emit(cprm, men->name, en.n_namesz) && dump_align(cprm, 4) &&
1449 dump_emit(cprm, men->data, men->datasz) && dump_align(cprm, 4);
1452 static void fill_elf_header(struct elfhdr *elf, int segs,
1453 u16 machine, u32 flags)
1455 memset(elf, 0, sizeof(*elf));
1457 memcpy(elf->e_ident, ELFMAG, SELFMAG);
1458 elf->e_ident[EI_CLASS] = ELF_CLASS;
1459 elf->e_ident[EI_DATA] = ELF_DATA;
1460 elf->e_ident[EI_VERSION] = EV_CURRENT;
1461 elf->e_ident[EI_OSABI] = ELF_OSABI;
1463 elf->e_type = ET_CORE;
1464 elf->e_machine = machine;
1465 elf->e_version = EV_CURRENT;
1466 elf->e_phoff = sizeof(struct elfhdr);
1467 elf->e_flags = flags;
1468 elf->e_ehsize = sizeof(struct elfhdr);
1469 elf->e_phentsize = sizeof(struct elf_phdr);
1470 elf->e_phnum = segs;
1473 static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, loff_t offset)
1475 phdr->p_type = PT_NOTE;
1476 phdr->p_offset = offset;
1479 phdr->p_filesz = sz;
1485 static void fill_note(struct memelfnote *note, const char *name, int type,
1486 unsigned int sz, void *data)
1495 * fill up all the fields in prstatus from the given task struct, except
1496 * registers which need to be filled up separately.
1498 static void fill_prstatus(struct elf_prstatus *prstatus,
1499 struct task_struct *p, long signr)
1501 prstatus->pr_info.si_signo = prstatus->pr_cursig = signr;
1502 prstatus->pr_sigpend = p->pending.signal.sig[0];
1503 prstatus->pr_sighold = p->blocked.sig[0];
1505 prstatus->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1507 prstatus->pr_pid = task_pid_vnr(p);
1508 prstatus->pr_pgrp = task_pgrp_vnr(p);
1509 prstatus->pr_sid = task_session_vnr(p);
1510 if (thread_group_leader(p)) {
1511 struct task_cputime cputime;
1514 * This is the record for the group leader. It shows the
1515 * group-wide total, not its individual thread total.
1517 thread_group_cputime(p, &cputime);
1518 prstatus->pr_utime = ns_to_timeval(cputime.utime);
1519 prstatus->pr_stime = ns_to_timeval(cputime.stime);
1523 task_cputime(p, &utime, &stime);
1524 prstatus->pr_utime = ns_to_timeval(utime);
1525 prstatus->pr_stime = ns_to_timeval(stime);
1528 prstatus->pr_cutime = ns_to_timeval(p->signal->cutime);
1529 prstatus->pr_cstime = ns_to_timeval(p->signal->cstime);
1532 static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p,
1533 struct mm_struct *mm)
1535 const struct cred *cred;
1536 unsigned int i, len;
1538 /* first copy the parameters from user space */
1539 memset(psinfo, 0, sizeof(struct elf_prpsinfo));
1541 len = mm->arg_end - mm->arg_start;
1542 if (len >= ELF_PRARGSZ)
1543 len = ELF_PRARGSZ-1;
1544 if (copy_from_user(&psinfo->pr_psargs,
1545 (const char __user *)mm->arg_start, len))
1547 for(i = 0; i < len; i++)
1548 if (psinfo->pr_psargs[i] == 0)
1549 psinfo->pr_psargs[i] = ' ';
1550 psinfo->pr_psargs[len] = 0;
1553 psinfo->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1555 psinfo->pr_pid = task_pid_vnr(p);
1556 psinfo->pr_pgrp = task_pgrp_vnr(p);
1557 psinfo->pr_sid = task_session_vnr(p);
1559 i = p->state ? ffz(~p->state) + 1 : 0;
1560 psinfo->pr_state = i;
1561 psinfo->pr_sname = (i > 5) ? '.' : "RSDTZW"[i];
1562 psinfo->pr_zomb = psinfo->pr_sname == 'Z';
1563 psinfo->pr_nice = task_nice(p);
1564 psinfo->pr_flag = p->flags;
1566 cred = __task_cred(p);
1567 SET_UID(psinfo->pr_uid, from_kuid_munged(cred->user_ns, cred->uid));
1568 SET_GID(psinfo->pr_gid, from_kgid_munged(cred->user_ns, cred->gid));
1570 strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname));
1575 static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
1577 elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
1581 while (auxv[i - 2] != AT_NULL);
1582 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
1585 static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata,
1586 const kernel_siginfo_t *siginfo)
1588 mm_segment_t old_fs = get_fs();
1590 copy_siginfo_to_user((user_siginfo_t __user *) csigdata, siginfo);
1592 fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata);
1595 #define MAX_FILE_NOTE_SIZE (4*1024*1024)
1597 * Format of NT_FILE note:
1599 * long count -- how many files are mapped
1600 * long page_size -- units for file_ofs
1601 * array of [COUNT] elements of
1605 * followed by COUNT filenames in ASCII: "FILE1" NUL "FILE2" NUL...
1607 static int fill_files_note(struct memelfnote *note)
1609 struct vm_area_struct *vma;
1610 unsigned count, size, names_ofs, remaining, n;
1612 user_long_t *start_end_ofs;
1613 char *name_base, *name_curpos;
1615 /* *Estimated* file count and total data size needed */
1616 count = current->mm->map_count;
1617 if (count > UINT_MAX / 64)
1621 names_ofs = (2 + 3 * count) * sizeof(data[0]);
1623 if (size >= MAX_FILE_NOTE_SIZE) /* paranoia check */
1625 size = round_up(size, PAGE_SIZE);
1626 data = kvmalloc(size, GFP_KERNEL);
1627 if (ZERO_OR_NULL_PTR(data))
1630 start_end_ofs = data + 2;
1631 name_base = name_curpos = ((char *)data) + names_ofs;
1632 remaining = size - names_ofs;
1634 for (vma = current->mm->mmap; vma != NULL; vma = vma->vm_next) {
1636 const char *filename;
1638 file = vma->vm_file;
1641 filename = file_path(file, name_curpos, remaining);
1642 if (IS_ERR(filename)) {
1643 if (PTR_ERR(filename) == -ENAMETOOLONG) {
1645 size = size * 5 / 4;
1651 /* file_path() fills at the end, move name down */
1652 /* n = strlen(filename) + 1: */
1653 n = (name_curpos + remaining) - filename;
1654 remaining = filename - name_curpos;
1655 memmove(name_curpos, filename, n);
1658 *start_end_ofs++ = vma->vm_start;
1659 *start_end_ofs++ = vma->vm_end;
1660 *start_end_ofs++ = vma->vm_pgoff;
1664 /* Now we know exact count of files, can store it */
1666 data[1] = PAGE_SIZE;
1668 * Count usually is less than current->mm->map_count,
1669 * we need to move filenames down.
1671 n = current->mm->map_count - count;
1673 unsigned shift_bytes = n * 3 * sizeof(data[0]);
1674 memmove(name_base - shift_bytes, name_base,
1675 name_curpos - name_base);
1676 name_curpos -= shift_bytes;
1679 size = name_curpos - (char *)data;
1680 fill_note(note, "CORE", NT_FILE, size, data);
1684 #ifdef CORE_DUMP_USE_REGSET
1685 #include <linux/regset.h>
1687 struct elf_thread_core_info {
1688 struct elf_thread_core_info *next;
1689 struct task_struct *task;
1690 struct elf_prstatus prstatus;
1691 struct memelfnote notes[0];
1694 struct elf_note_info {
1695 struct elf_thread_core_info *thread;
1696 struct memelfnote psinfo;
1697 struct memelfnote signote;
1698 struct memelfnote auxv;
1699 struct memelfnote files;
1700 user_siginfo_t csigdata;
1706 * When a regset has a writeback hook, we call it on each thread before
1707 * dumping user memory. On register window machines, this makes sure the
1708 * user memory backing the register data is up to date before we read it.
1710 static void do_thread_regset_writeback(struct task_struct *task,
1711 const struct user_regset *regset)
1713 if (regset->writeback)
1714 regset->writeback(task, regset, 1);
1717 #ifndef PRSTATUS_SIZE
1718 #define PRSTATUS_SIZE(S, R) sizeof(S)
1721 #ifndef SET_PR_FPVALID
1722 #define SET_PR_FPVALID(S, V, R) ((S)->pr_fpvalid = (V))
1725 static int fill_thread_core_info(struct elf_thread_core_info *t,
1726 const struct user_regset_view *view,
1727 long signr, size_t *total)
1730 unsigned int regset0_size = regset_size(t->task, &view->regsets[0]);
1733 * NT_PRSTATUS is the one special case, because the regset data
1734 * goes into the pr_reg field inside the note contents, rather
1735 * than being the whole note contents. We fill the reset in here.
1736 * We assume that regset 0 is NT_PRSTATUS.
1738 fill_prstatus(&t->prstatus, t->task, signr);
1739 (void) view->regsets[0].get(t->task, &view->regsets[0], 0, regset0_size,
1740 &t->prstatus.pr_reg, NULL);
1742 fill_note(&t->notes[0], "CORE", NT_PRSTATUS,
1743 PRSTATUS_SIZE(t->prstatus, regset0_size), &t->prstatus);
1744 *total += notesize(&t->notes[0]);
1746 do_thread_regset_writeback(t->task, &view->regsets[0]);
1749 * Each other regset might generate a note too. For each regset
1750 * that has no core_note_type or is inactive, we leave t->notes[i]
1751 * all zero and we'll know to skip writing it later.
1753 for (i = 1; i < view->n; ++i) {
1754 const struct user_regset *regset = &view->regsets[i];
1755 do_thread_regset_writeback(t->task, regset);
1756 if (regset->core_note_type && regset->get &&
1757 (!regset->active || regset->active(t->task, regset) > 0)) {
1759 size_t size = regset_size(t->task, regset);
1760 void *data = kmalloc(size, GFP_KERNEL);
1761 if (unlikely(!data))
1763 ret = regset->get(t->task, regset,
1764 0, size, data, NULL);
1768 if (regset->core_note_type != NT_PRFPREG)
1769 fill_note(&t->notes[i], "LINUX",
1770 regset->core_note_type,
1773 SET_PR_FPVALID(&t->prstatus,
1775 fill_note(&t->notes[i], "CORE",
1776 NT_PRFPREG, size, data);
1778 *total += notesize(&t->notes[i]);
1786 static int fill_note_info(struct elfhdr *elf, int phdrs,
1787 struct elf_note_info *info,
1788 const kernel_siginfo_t *siginfo, struct pt_regs *regs)
1790 struct task_struct *dump_task = current;
1791 const struct user_regset_view *view = task_user_regset_view(dump_task);
1792 struct elf_thread_core_info *t;
1793 struct elf_prpsinfo *psinfo;
1794 struct core_thread *ct;
1798 info->thread = NULL;
1800 psinfo = kmalloc(sizeof(*psinfo), GFP_KERNEL);
1801 if (psinfo == NULL) {
1802 info->psinfo.data = NULL; /* So we don't free this wrongly */
1806 fill_note(&info->psinfo, "CORE", NT_PRPSINFO, sizeof(*psinfo), psinfo);
1809 * Figure out how many notes we're going to need for each thread.
1811 info->thread_notes = 0;
1812 for (i = 0; i < view->n; ++i)
1813 if (view->regsets[i].core_note_type != 0)
1814 ++info->thread_notes;
1817 * Sanity check. We rely on regset 0 being in NT_PRSTATUS,
1818 * since it is our one special case.
1820 if (unlikely(info->thread_notes == 0) ||
1821 unlikely(view->regsets[0].core_note_type != NT_PRSTATUS)) {
1827 * Initialize the ELF file header.
1829 fill_elf_header(elf, phdrs,
1830 view->e_machine, view->e_flags);
1833 * Allocate a structure for each thread.
1835 for (ct = &dump_task->mm->core_state->dumper; ct; ct = ct->next) {
1836 t = kzalloc(offsetof(struct elf_thread_core_info,
1837 notes[info->thread_notes]),
1843 if (ct->task == dump_task || !info->thread) {
1844 t->next = info->thread;
1848 * Make sure to keep the original task at
1849 * the head of the list.
1851 t->next = info->thread->next;
1852 info->thread->next = t;
1857 * Now fill in each thread's information.
1859 for (t = info->thread; t != NULL; t = t->next)
1860 if (!fill_thread_core_info(t, view, siginfo->si_signo, &info->size))
1864 * Fill in the two process-wide notes.
1866 fill_psinfo(psinfo, dump_task->group_leader, dump_task->mm);
1867 info->size += notesize(&info->psinfo);
1869 fill_siginfo_note(&info->signote, &info->csigdata, siginfo);
1870 info->size += notesize(&info->signote);
1872 fill_auxv_note(&info->auxv, current->mm);
1873 info->size += notesize(&info->auxv);
1875 if (fill_files_note(&info->files) == 0)
1876 info->size += notesize(&info->files);
1881 static size_t get_note_info_size(struct elf_note_info *info)
1887 * Write all the notes for each thread. When writing the first thread, the
1888 * process-wide notes are interleaved after the first thread-specific note.
1890 static int write_note_info(struct elf_note_info *info,
1891 struct coredump_params *cprm)
1894 struct elf_thread_core_info *t = info->thread;
1899 if (!writenote(&t->notes[0], cprm))
1902 if (first && !writenote(&info->psinfo, cprm))
1904 if (first && !writenote(&info->signote, cprm))
1906 if (first && !writenote(&info->auxv, cprm))
1908 if (first && info->files.data &&
1909 !writenote(&info->files, cprm))
1912 for (i = 1; i < info->thread_notes; ++i)
1913 if (t->notes[i].data &&
1914 !writenote(&t->notes[i], cprm))
1924 static void free_note_info(struct elf_note_info *info)
1926 struct elf_thread_core_info *threads = info->thread;
1929 struct elf_thread_core_info *t = threads;
1931 WARN_ON(t->notes[0].data && t->notes[0].data != &t->prstatus);
1932 for (i = 1; i < info->thread_notes; ++i)
1933 kfree(t->notes[i].data);
1936 kfree(info->psinfo.data);
1937 kvfree(info->files.data);
1942 /* Here is the structure in which status of each thread is captured. */
1943 struct elf_thread_status
1945 struct list_head list;
1946 struct elf_prstatus prstatus; /* NT_PRSTATUS */
1947 elf_fpregset_t fpu; /* NT_PRFPREG */
1948 struct task_struct *thread;
1949 #ifdef ELF_CORE_COPY_XFPREGS
1950 elf_fpxregset_t xfpu; /* ELF_CORE_XFPREG_TYPE */
1952 struct memelfnote notes[3];
1957 * In order to add the specific thread information for the elf file format,
1958 * we need to keep a linked list of every threads pr_status and then create
1959 * a single section for them in the final core file.
1961 static int elf_dump_thread_status(long signr, struct elf_thread_status *t)
1964 struct task_struct *p = t->thread;
1967 fill_prstatus(&t->prstatus, p, signr);
1968 elf_core_copy_task_regs(p, &t->prstatus.pr_reg);
1970 fill_note(&t->notes[0], "CORE", NT_PRSTATUS, sizeof(t->prstatus),
1973 sz += notesize(&t->notes[0]);
1975 if ((t->prstatus.pr_fpvalid = elf_core_copy_task_fpregs(p, NULL,
1977 fill_note(&t->notes[1], "CORE", NT_PRFPREG, sizeof(t->fpu),
1980 sz += notesize(&t->notes[1]);
1983 #ifdef ELF_CORE_COPY_XFPREGS
1984 if (elf_core_copy_task_xfpregs(p, &t->xfpu)) {
1985 fill_note(&t->notes[2], "LINUX", ELF_CORE_XFPREG_TYPE,
1986 sizeof(t->xfpu), &t->xfpu);
1988 sz += notesize(&t->notes[2]);
1994 struct elf_note_info {
1995 struct memelfnote *notes;
1996 struct memelfnote *notes_files;
1997 struct elf_prstatus *prstatus; /* NT_PRSTATUS */
1998 struct elf_prpsinfo *psinfo; /* NT_PRPSINFO */
1999 struct list_head thread_list;
2000 elf_fpregset_t *fpu;
2001 #ifdef ELF_CORE_COPY_XFPREGS
2002 elf_fpxregset_t *xfpu;
2004 user_siginfo_t csigdata;
2005 int thread_status_size;
2009 static int elf_note_info_init(struct elf_note_info *info)
2011 memset(info, 0, sizeof(*info));
2012 INIT_LIST_HEAD(&info->thread_list);
2014 /* Allocate space for ELF notes */
2015 info->notes = kmalloc_array(8, sizeof(struct memelfnote), GFP_KERNEL);
2018 info->psinfo = kmalloc(sizeof(*info->psinfo), GFP_KERNEL);
2021 info->prstatus = kmalloc(sizeof(*info->prstatus), GFP_KERNEL);
2022 if (!info->prstatus)
2024 info->fpu = kmalloc(sizeof(*info->fpu), GFP_KERNEL);
2027 #ifdef ELF_CORE_COPY_XFPREGS
2028 info->xfpu = kmalloc(sizeof(*info->xfpu), GFP_KERNEL);
2035 static int fill_note_info(struct elfhdr *elf, int phdrs,
2036 struct elf_note_info *info,
2037 const kernel_siginfo_t *siginfo, struct pt_regs *regs)
2039 struct core_thread *ct;
2040 struct elf_thread_status *ets;
2042 if (!elf_note_info_init(info))
2045 for (ct = current->mm->core_state->dumper.next;
2046 ct; ct = ct->next) {
2047 ets = kzalloc(sizeof(*ets), GFP_KERNEL);
2051 ets->thread = ct->task;
2052 list_add(&ets->list, &info->thread_list);
2055 list_for_each_entry(ets, &info->thread_list, list) {
2058 sz = elf_dump_thread_status(siginfo->si_signo, ets);
2059 info->thread_status_size += sz;
2061 /* now collect the dump for the current */
2062 memset(info->prstatus, 0, sizeof(*info->prstatus));
2063 fill_prstatus(info->prstatus, current, siginfo->si_signo);
2064 elf_core_copy_regs(&info->prstatus->pr_reg, regs);
2067 fill_elf_header(elf, phdrs, ELF_ARCH, ELF_CORE_EFLAGS);
2070 * Set up the notes in similar form to SVR4 core dumps made
2071 * with info from their /proc.
2074 fill_note(info->notes + 0, "CORE", NT_PRSTATUS,
2075 sizeof(*info->prstatus), info->prstatus);
2076 fill_psinfo(info->psinfo, current->group_leader, current->mm);
2077 fill_note(info->notes + 1, "CORE", NT_PRPSINFO,
2078 sizeof(*info->psinfo), info->psinfo);
2080 fill_siginfo_note(info->notes + 2, &info->csigdata, siginfo);
2081 fill_auxv_note(info->notes + 3, current->mm);
2084 if (fill_files_note(info->notes + info->numnote) == 0) {
2085 info->notes_files = info->notes + info->numnote;
2089 /* Try to dump the FPU. */
2090 info->prstatus->pr_fpvalid = elf_core_copy_task_fpregs(current, regs,
2092 if (info->prstatus->pr_fpvalid)
2093 fill_note(info->notes + info->numnote++,
2094 "CORE", NT_PRFPREG, sizeof(*info->fpu), info->fpu);
2095 #ifdef ELF_CORE_COPY_XFPREGS
2096 if (elf_core_copy_task_xfpregs(current, info->xfpu))
2097 fill_note(info->notes + info->numnote++,
2098 "LINUX", ELF_CORE_XFPREG_TYPE,
2099 sizeof(*info->xfpu), info->xfpu);
2105 static size_t get_note_info_size(struct elf_note_info *info)
2110 for (i = 0; i < info->numnote; i++)
2111 sz += notesize(info->notes + i);
2113 sz += info->thread_status_size;
2118 static int write_note_info(struct elf_note_info *info,
2119 struct coredump_params *cprm)
2121 struct elf_thread_status *ets;
2124 for (i = 0; i < info->numnote; i++)
2125 if (!writenote(info->notes + i, cprm))
2128 /* write out the thread status notes section */
2129 list_for_each_entry(ets, &info->thread_list, list) {
2130 for (i = 0; i < ets->num_notes; i++)
2131 if (!writenote(&ets->notes[i], cprm))
2138 static void free_note_info(struct elf_note_info *info)
2140 while (!list_empty(&info->thread_list)) {
2141 struct list_head *tmp = info->thread_list.next;
2143 kfree(list_entry(tmp, struct elf_thread_status, list));
2146 /* Free data possibly allocated by fill_files_note(): */
2147 if (info->notes_files)
2148 kvfree(info->notes_files->data);
2150 kfree(info->prstatus);
2151 kfree(info->psinfo);
2154 #ifdef ELF_CORE_COPY_XFPREGS
2161 static struct vm_area_struct *first_vma(struct task_struct *tsk,
2162 struct vm_area_struct *gate_vma)
2164 struct vm_area_struct *ret = tsk->mm->mmap;
2171 * Helper function for iterating across a vma list. It ensures that the caller
2172 * will visit `gate_vma' prior to terminating the search.
2174 static struct vm_area_struct *next_vma(struct vm_area_struct *this_vma,
2175 struct vm_area_struct *gate_vma)
2177 struct vm_area_struct *ret;
2179 ret = this_vma->vm_next;
2182 if (this_vma == gate_vma)
2187 static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
2188 elf_addr_t e_shoff, int segs)
2190 elf->e_shoff = e_shoff;
2191 elf->e_shentsize = sizeof(*shdr4extnum);
2193 elf->e_shstrndx = SHN_UNDEF;
2195 memset(shdr4extnum, 0, sizeof(*shdr4extnum));
2197 shdr4extnum->sh_type = SHT_NULL;
2198 shdr4extnum->sh_size = elf->e_shnum;
2199 shdr4extnum->sh_link = elf->e_shstrndx;
2200 shdr4extnum->sh_info = segs;
2206 * This is a two-pass process; first we find the offsets of the bits,
2207 * and then they are actually written out. If we run out of core limit
2210 static int elf_core_dump(struct coredump_params *cprm)
2215 size_t vma_data_size = 0;
2216 struct vm_area_struct *vma, *gate_vma;
2217 struct elfhdr *elf = NULL;
2218 loff_t offset = 0, dataoff;
2219 struct elf_note_info info = { };
2220 struct elf_phdr *phdr4note = NULL;
2221 struct elf_shdr *shdr4extnum = NULL;
2224 elf_addr_t *vma_filesz = NULL;
2227 * We no longer stop all VM operations.
2229 * This is because those proceses that could possibly change map_count
2230 * or the mmap / vma pages are now blocked in do_exit on current
2231 * finishing this core dump.
2233 * Only ptrace can touch these memory addresses, but it doesn't change
2234 * the map_count or the pages allocated. So no possibility of crashing
2235 * exists while dumping the mm->vm_next areas to the core file.
2238 /* alloc memory for large data structures: too large to be on stack */
2239 elf = kmalloc(sizeof(*elf), GFP_KERNEL);
2243 * The number of segs are recored into ELF header as 16bit value.
2244 * Please check DEFAULT_MAX_MAP_COUNT definition when you modify here.
2246 segs = current->mm->map_count;
2247 segs += elf_core_extra_phdrs();
2249 gate_vma = get_gate_vma(current->mm);
2250 if (gate_vma != NULL)
2253 /* for notes section */
2256 /* If segs > PN_XNUM(0xffff), then e_phnum overflows. To avoid
2257 * this, kernel supports extended numbering. Have a look at
2258 * include/linux/elf.h for further information. */
2259 e_phnum = segs > PN_XNUM ? PN_XNUM : segs;
2262 * Collect all the non-memory information about the process for the
2263 * notes. This also sets up the file header.
2265 if (!fill_note_info(elf, e_phnum, &info, cprm->siginfo, cprm->regs))
2273 offset += sizeof(*elf); /* Elf header */
2274 offset += segs * sizeof(struct elf_phdr); /* Program headers */
2276 /* Write notes phdr entry */
2278 size_t sz = get_note_info_size(&info);
2280 sz += elf_coredump_extra_notes_size();
2282 phdr4note = kmalloc(sizeof(*phdr4note), GFP_KERNEL);
2286 fill_elf_note_phdr(phdr4note, sz, offset);
2290 dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
2292 if (segs - 1 > ULONG_MAX / sizeof(*vma_filesz))
2294 vma_filesz = kvmalloc(array_size(sizeof(*vma_filesz), (segs - 1)),
2296 if (ZERO_OR_NULL_PTR(vma_filesz))
2299 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
2300 vma = next_vma(vma, gate_vma)) {
2301 unsigned long dump_size;
2303 dump_size = vma_dump_size(vma, cprm->mm_flags);
2304 vma_filesz[i++] = dump_size;
2305 vma_data_size += dump_size;
2308 offset += vma_data_size;
2309 offset += elf_core_extra_data_size();
2312 if (e_phnum == PN_XNUM) {
2313 shdr4extnum = kmalloc(sizeof(*shdr4extnum), GFP_KERNEL);
2316 fill_extnum_info(elf, shdr4extnum, e_shoff, segs);
2321 if (!dump_emit(cprm, elf, sizeof(*elf)))
2324 if (!dump_emit(cprm, phdr4note, sizeof(*phdr4note)))
2327 /* Write program headers for segments dump */
2328 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
2329 vma = next_vma(vma, gate_vma)) {
2330 struct elf_phdr phdr;
2332 phdr.p_type = PT_LOAD;
2333 phdr.p_offset = offset;
2334 phdr.p_vaddr = vma->vm_start;
2336 phdr.p_filesz = vma_filesz[i++];
2337 phdr.p_memsz = vma->vm_end - vma->vm_start;
2338 offset += phdr.p_filesz;
2339 phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
2340 if (vma->vm_flags & VM_WRITE)
2341 phdr.p_flags |= PF_W;
2342 if (vma->vm_flags & VM_EXEC)
2343 phdr.p_flags |= PF_X;
2344 phdr.p_align = ELF_EXEC_PAGESIZE;
2346 if (!dump_emit(cprm, &phdr, sizeof(phdr)))
2350 if (!elf_core_write_extra_phdrs(cprm, offset))
2353 /* write out the notes section */
2354 if (!write_note_info(&info, cprm))
2357 if (elf_coredump_extra_notes_write(cprm))
2361 if (!dump_skip(cprm, dataoff - cprm->pos))
2364 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
2365 vma = next_vma(vma, gate_vma)) {
2369 end = vma->vm_start + vma_filesz[i++];
2371 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
2375 page = get_dump_page(addr);
2377 void *kaddr = kmap(page);
2378 stop = !dump_emit(cprm, kaddr, PAGE_SIZE);
2382 stop = !dump_skip(cprm, PAGE_SIZE);
2387 dump_truncate(cprm);
2389 if (!elf_core_write_extra_data(cprm))
2392 if (e_phnum == PN_XNUM) {
2393 if (!dump_emit(cprm, shdr4extnum, sizeof(*shdr4extnum)))
2401 free_note_info(&info);
2410 #endif /* CONFIG_ELF_CORE */
2412 static int __init init_elf_binfmt(void)
2414 register_binfmt(&elf_format);
2418 static void __exit exit_elf_binfmt(void)
2420 /* Remove the COFF and ELF loaders. */
2421 unregister_binfmt(&elf_format);
2424 core_initcall(init_elf_binfmt);
2425 module_exit(exit_elf_binfmt);
2426 MODULE_LICENSE("GPL");
projects / linux-2.6-microblaze.git / blob