1 // SPDX-License-Identifier: GPL-2.0-only
3 * linux/fs/binfmt_elf.c
5 * These are the functions used to load ELF format executables as used
6 * on SVr4 machines. Information on the format may be found in the book
7 * "UNIX SYSTEM V RELEASE 4 Programmers Guide: Ansi C and Programming Support
10 * Copyright 1993, 1994: Eric Youngdale (ericy@cais.com).
13 #include <linux/module.h>
14 #include <linux/kernel.h>
17 #include <linux/mman.h>
18 #include <linux/errno.h>
19 #include <linux/signal.h>
20 #include <linux/binfmts.h>
21 #include <linux/string.h>
22 #include <linux/file.h>
23 #include <linux/slab.h>
24 #include <linux/personality.h>
25 #include <linux/elfcore.h>
26 #include <linux/init.h>
27 #include <linux/highuid.h>
28 #include <linux/compiler.h>
29 #include <linux/highmem.h>
30 #include <linux/hugetlb.h>
31 #include <linux/pagemap.h>
32 #include <linux/vmalloc.h>
33 #include <linux/security.h>
34 #include <linux/random.h>
35 #include <linux/elf.h>
36 #include <linux/elf-randomize.h>
37 #include <linux/utsname.h>
38 #include <linux/coredump.h>
39 #include <linux/sched.h>
40 #include <linux/sched/coredump.h>
41 #include <linux/sched/task_stack.h>
42 #include <linux/sched/cputime.h>
43 #include <linux/sizes.h>
44 #include <linux/types.h>
45 #include <linux/cred.h>
46 #include <linux/dax.h>
47 #include <linux/uaccess.h>
48 #include <asm/param.h>
56 #define user_long_t long
58 #ifndef user_siginfo_t
59 #define user_siginfo_t siginfo_t
62 /* That's for binfmt_elf_fdpic to deal with */
63 #ifndef elf_check_fdpic
64 #define elf_check_fdpic(ex) false
67 static int load_elf_binary(struct linux_binprm *bprm);
70 static int load_elf_library(struct file *);
72 #define load_elf_library NULL
76 * If we don't support core dumping, then supply a NULL so we
79 #ifdef CONFIG_ELF_CORE
80 static int elf_core_dump(struct coredump_params *cprm);
82 #define elf_core_dump NULL
85 #if ELF_EXEC_PAGESIZE > PAGE_SIZE
86 #define ELF_MIN_ALIGN ELF_EXEC_PAGESIZE
88 #define ELF_MIN_ALIGN PAGE_SIZE
91 #ifndef ELF_CORE_EFLAGS
92 #define ELF_CORE_EFLAGS 0
95 #define ELF_PAGESTART(_v) ((_v) & ~(unsigned long)(ELF_MIN_ALIGN-1))
96 #define ELF_PAGEOFFSET(_v) ((_v) & (ELF_MIN_ALIGN-1))
97 #define ELF_PAGEALIGN(_v) (((_v) + ELF_MIN_ALIGN - 1) & ~(ELF_MIN_ALIGN - 1))
99 static struct linux_binfmt elf_format = {
100 .module = THIS_MODULE,
101 .load_binary = load_elf_binary,
102 .load_shlib = load_elf_library,
103 .core_dump = elf_core_dump,
104 .min_coredump = ELF_EXEC_PAGESIZE,
107 #define BAD_ADDR(x) (unlikely((unsigned long)(x) >= TASK_SIZE))
109 static int set_brk(unsigned long start, unsigned long end, int prot)
111 start = ELF_PAGEALIGN(start);
112 end = ELF_PAGEALIGN(end);
115 * Map the last of the bss segment.
116 * If the header is requesting these pages to be
117 * executable, honour that (ppc32 needs this).
119 int error = vm_brk_flags(start, end - start,
120 prot & PROT_EXEC ? VM_EXEC : 0);
124 current->mm->start_brk = current->mm->brk = end;
128 /* We need to explicitly zero any fractional pages
129 after the data section (i.e. bss). This would
130 contain the junk from the file that should not
133 static int padzero(unsigned long elf_bss)
137 nbyte = ELF_PAGEOFFSET(elf_bss);
139 nbyte = ELF_MIN_ALIGN - nbyte;
140 if (clear_user((void __user *) elf_bss, nbyte))
146 /* Let's use some macros to make this stack manipulation a little clearer */
147 #ifdef CONFIG_STACK_GROWSUP
148 #define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) + (items))
149 #define STACK_ROUND(sp, items) \
150 ((15 + (unsigned long) ((sp) + (items))) &~ 15UL)
151 #define STACK_ALLOC(sp, len) ({ \
152 elf_addr_t __user *old_sp = (elf_addr_t __user *)sp; sp += len; \
155 #define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) - (items))
156 #define STACK_ROUND(sp, items) \
157 (((unsigned long) (sp - items)) &~ 15UL)
158 #define STACK_ALLOC(sp, len) ({ sp -= len ; sp; })
161 #ifndef ELF_BASE_PLATFORM
163 * AT_BASE_PLATFORM indicates the "real" hardware/microarchitecture.
164 * If the arch defines ELF_BASE_PLATFORM (in asm/elf.h), the value
165 * will be copied to the user stack in the same manner as AT_PLATFORM.
167 #define ELF_BASE_PLATFORM NULL
171 create_elf_tables(struct linux_binprm *bprm, const struct elfhdr *exec,
172 unsigned long load_addr, unsigned long interp_load_addr,
173 unsigned long e_entry)
175 struct mm_struct *mm = current->mm;
176 unsigned long p = bprm->p;
177 int argc = bprm->argc;
178 int envc = bprm->envc;
179 elf_addr_t __user *sp;
180 elf_addr_t __user *u_platform;
181 elf_addr_t __user *u_base_platform;
182 elf_addr_t __user *u_rand_bytes;
183 const char *k_platform = ELF_PLATFORM;
184 const char *k_base_platform = ELF_BASE_PLATFORM;
185 unsigned char k_rand_bytes[16];
187 elf_addr_t *elf_info;
189 const struct cred *cred = current_cred();
190 struct vm_area_struct *vma;
193 * In some cases (e.g. Hyper-Threading), we want to avoid L1
194 * evictions by the processes running on the same package. One
195 * thing we can do is to shuffle the initial stack for them.
198 p = arch_align_stack(p);
201 * If this architecture has a platform capability string, copy it
202 * to userspace. In some cases (Sparc), this info is impossible
203 * for userspace to get any other way, in others (i386) it is
208 size_t len = strlen(k_platform) + 1;
210 u_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
211 if (copy_to_user(u_platform, k_platform, len))
216 * If this architecture has a "base" platform capability
217 * string, copy it to userspace.
219 u_base_platform = NULL;
220 if (k_base_platform) {
221 size_t len = strlen(k_base_platform) + 1;
223 u_base_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
224 if (copy_to_user(u_base_platform, k_base_platform, len))
229 * Generate 16 random bytes for userspace PRNG seeding.
231 get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes));
232 u_rand_bytes = (elf_addr_t __user *)
233 STACK_ALLOC(p, sizeof(k_rand_bytes));
234 if (copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes)))
237 /* Create the ELF interpreter info */
238 elf_info = (elf_addr_t *)mm->saved_auxv;
239 /* update AT_VECTOR_SIZE_BASE if the number of NEW_AUX_ENT() changes */
240 #define NEW_AUX_ENT(id, val) \
248 * ARCH_DLINFO must come first so PPC can do its special alignment of
250 * update AT_VECTOR_SIZE_ARCH if the number of NEW_AUX_ENT() in
251 * ARCH_DLINFO changes
255 NEW_AUX_ENT(AT_HWCAP, ELF_HWCAP);
256 NEW_AUX_ENT(AT_PAGESZ, ELF_EXEC_PAGESIZE);
257 NEW_AUX_ENT(AT_CLKTCK, CLOCKS_PER_SEC);
258 NEW_AUX_ENT(AT_PHDR, load_addr + exec->e_phoff);
259 NEW_AUX_ENT(AT_PHENT, sizeof(struct elf_phdr));
260 NEW_AUX_ENT(AT_PHNUM, exec->e_phnum);
261 NEW_AUX_ENT(AT_BASE, interp_load_addr);
262 NEW_AUX_ENT(AT_FLAGS, 0);
263 NEW_AUX_ENT(AT_ENTRY, e_entry);
264 NEW_AUX_ENT(AT_UID, from_kuid_munged(cred->user_ns, cred->uid));
265 NEW_AUX_ENT(AT_EUID, from_kuid_munged(cred->user_ns, cred->euid));
266 NEW_AUX_ENT(AT_GID, from_kgid_munged(cred->user_ns, cred->gid));
267 NEW_AUX_ENT(AT_EGID, from_kgid_munged(cred->user_ns, cred->egid));
268 NEW_AUX_ENT(AT_SECURE, bprm->secureexec);
269 NEW_AUX_ENT(AT_RANDOM, (elf_addr_t)(unsigned long)u_rand_bytes);
271 NEW_AUX_ENT(AT_HWCAP2, ELF_HWCAP2);
273 NEW_AUX_ENT(AT_EXECFN, bprm->exec);
275 NEW_AUX_ENT(AT_PLATFORM,
276 (elf_addr_t)(unsigned long)u_platform);
278 if (k_base_platform) {
279 NEW_AUX_ENT(AT_BASE_PLATFORM,
280 (elf_addr_t)(unsigned long)u_base_platform);
282 if (bprm->have_execfd) {
283 NEW_AUX_ENT(AT_EXECFD, bprm->execfd);
286 /* AT_NULL is zero; clear the rest too */
287 memset(elf_info, 0, (char *)mm->saved_auxv +
288 sizeof(mm->saved_auxv) - (char *)elf_info);
290 /* And advance past the AT_NULL entry. */
293 ei_index = elf_info - (elf_addr_t *)mm->saved_auxv;
294 sp = STACK_ADD(p, ei_index);
296 items = (argc + 1) + (envc + 1) + 1;
297 bprm->p = STACK_ROUND(sp, items);
299 /* Point sp at the lowest address on the stack */
300 #ifdef CONFIG_STACK_GROWSUP
301 sp = (elf_addr_t __user *)bprm->p - items - ei_index;
302 bprm->exec = (unsigned long)sp; /* XXX: PARISC HACK */
304 sp = (elf_addr_t __user *)bprm->p;
309 * Grow the stack manually; some architectures have a limit on how
310 * far ahead a user-space access may be in order to grow the stack.
312 vma = find_extend_vma(mm, bprm->p);
316 /* Now, let's put argc (and argv, envp if appropriate) on the stack */
317 if (put_user(argc, sp++))
320 /* Populate list of argv pointers back to argv strings. */
321 p = mm->arg_end = mm->arg_start;
324 if (put_user((elf_addr_t)p, sp++))
326 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
327 if (!len || len > MAX_ARG_STRLEN)
331 if (put_user(0, sp++))
335 /* Populate list of envp pointers back to envp strings. */
336 mm->env_end = mm->env_start = p;
339 if (put_user((elf_addr_t)p, sp++))
341 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
342 if (!len || len > MAX_ARG_STRLEN)
346 if (put_user(0, sp++))
350 /* Put the elf_info on the stack in the right place. */
351 if (copy_to_user(sp, mm->saved_auxv, ei_index * sizeof(elf_addr_t)))
356 static unsigned long elf_map(struct file *filep, unsigned long addr,
357 const struct elf_phdr *eppnt, int prot, int type,
358 unsigned long total_size)
360 unsigned long map_addr;
361 unsigned long size = eppnt->p_filesz + ELF_PAGEOFFSET(eppnt->p_vaddr);
362 unsigned long off = eppnt->p_offset - ELF_PAGEOFFSET(eppnt->p_vaddr);
363 addr = ELF_PAGESTART(addr);
364 size = ELF_PAGEALIGN(size);
366 /* mmap() will return -EINVAL if given a zero size, but a
367 * segment with zero filesize is perfectly valid */
372 * total_size is the size of the ELF (interpreter) image.
373 * The _first_ mmap needs to know the full size, otherwise
374 * randomization might put this image into an overlapping
375 * position with the ELF binary image. (since size < total_size)
376 * So we first map the 'big' image - and unmap the remainder at
377 * the end. (which unmap is needed for ELF images with holes.)
380 total_size = ELF_PAGEALIGN(total_size);
381 map_addr = vm_mmap(filep, addr, total_size, prot, type, off);
382 if (!BAD_ADDR(map_addr))
383 vm_munmap(map_addr+size, total_size-size);
385 map_addr = vm_mmap(filep, addr, size, prot, type, off);
387 if ((type & MAP_FIXED_NOREPLACE) &&
388 PTR_ERR((void *)map_addr) == -EEXIST)
389 pr_info("%d (%s): Uhuuh, elf segment at %px requested but the memory is mapped already\n",
390 task_pid_nr(current), current->comm, (void *)addr);
395 static unsigned long total_mapping_size(const struct elf_phdr *cmds, int nr)
397 int i, first_idx = -1, last_idx = -1;
399 for (i = 0; i < nr; i++) {
400 if (cmds[i].p_type == PT_LOAD) {
409 return cmds[last_idx].p_vaddr + cmds[last_idx].p_memsz -
410 ELF_PAGESTART(cmds[first_idx].p_vaddr);
413 static int elf_read(struct file *file, void *buf, size_t len, loff_t pos)
417 rv = kernel_read(file, buf, len, &pos);
418 if (unlikely(rv != len)) {
419 return (rv < 0) ? rv : -EIO;
425 * load_elf_phdrs() - load ELF program headers
426 * @elf_ex: ELF header of the binary whose program headers should be loaded
427 * @elf_file: the opened ELF binary file
429 * Loads ELF program headers from the binary file elf_file, which has the ELF
430 * header pointed to by elf_ex, into a newly allocated array. The caller is
431 * responsible for freeing the allocated data. Returns an ERR_PTR upon failure.
433 static struct elf_phdr *load_elf_phdrs(const struct elfhdr *elf_ex,
434 struct file *elf_file)
436 struct elf_phdr *elf_phdata = NULL;
437 int retval, err = -1;
441 * If the size of this structure has changed, then punt, since
442 * we will be doing the wrong thing.
444 if (elf_ex->e_phentsize != sizeof(struct elf_phdr))
447 /* Sanity check the number of program headers... */
448 /* ...and their total size. */
449 size = sizeof(struct elf_phdr) * elf_ex->e_phnum;
450 if (size == 0 || size > 65536 || size > ELF_MIN_ALIGN)
453 elf_phdata = kmalloc(size, GFP_KERNEL);
457 /* Read in the program headers */
458 retval = elf_read(elf_file, elf_phdata, size, elf_ex->e_phoff);
474 #ifndef CONFIG_ARCH_BINFMT_ELF_STATE
477 * struct arch_elf_state - arch-specific ELF loading state
479 * This structure is used to preserve architecture specific data during
480 * the loading of an ELF file, throughout the checking of architecture
481 * specific ELF headers & through to the point where the ELF load is
482 * known to be proceeding (ie. SET_PERSONALITY).
484 * This implementation is a dummy for architectures which require no
487 struct arch_elf_state {
490 #define INIT_ARCH_ELF_STATE {}
493 * arch_elf_pt_proc() - check a PT_LOPROC..PT_HIPROC ELF program header
494 * @ehdr: The main ELF header
495 * @phdr: The program header to check
496 * @elf: The open ELF file
497 * @is_interp: True if the phdr is from the interpreter of the ELF being
498 * loaded, else false.
499 * @state: Architecture-specific state preserved throughout the process
500 * of loading the ELF.
502 * Inspects the program header phdr to validate its correctness and/or
503 * suitability for the system. Called once per ELF program header in the
504 * range PT_LOPROC to PT_HIPROC, for both the ELF being loaded and its
507 * Return: Zero to proceed with the ELF load, non-zero to fail the ELF load
508 * with that return code.
510 static inline int arch_elf_pt_proc(struct elfhdr *ehdr,
511 struct elf_phdr *phdr,
512 struct file *elf, bool is_interp,
513 struct arch_elf_state *state)
515 /* Dummy implementation, always proceed */
520 * arch_check_elf() - check an ELF executable
521 * @ehdr: The main ELF header
522 * @has_interp: True if the ELF has an interpreter, else false.
523 * @interp_ehdr: The interpreter's ELF header
524 * @state: Architecture-specific state preserved throughout the process
525 * of loading the ELF.
527 * Provides a final opportunity for architecture code to reject the loading
528 * of the ELF & cause an exec syscall to return an error. This is called after
529 * all program headers to be checked by arch_elf_pt_proc have been.
531 * Return: Zero to proceed with the ELF load, non-zero to fail the ELF load
532 * with that return code.
534 static inline int arch_check_elf(struct elfhdr *ehdr, bool has_interp,
535 struct elfhdr *interp_ehdr,
536 struct arch_elf_state *state)
538 /* Dummy implementation, always proceed */
542 #endif /* !CONFIG_ARCH_BINFMT_ELF_STATE */
544 static inline int make_prot(u32 p_flags, struct arch_elf_state *arch_state,
545 bool has_interp, bool is_interp)
556 return arch_elf_adjust_prot(prot, arch_state, has_interp, is_interp);
559 /* This is much more generalized than the library routine read function,
560 so we keep this separate. Technically the library read function
561 is only provided so that we can read a.out libraries that have
564 static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
565 struct file *interpreter,
566 unsigned long no_base, struct elf_phdr *interp_elf_phdata,
567 struct arch_elf_state *arch_state)
569 struct elf_phdr *eppnt;
570 unsigned long load_addr = 0;
571 int load_addr_set = 0;
572 unsigned long last_bss = 0, elf_bss = 0;
574 unsigned long error = ~0UL;
575 unsigned long total_size;
578 /* First of all, some simple consistency checks */
579 if (interp_elf_ex->e_type != ET_EXEC &&
580 interp_elf_ex->e_type != ET_DYN)
582 if (!elf_check_arch(interp_elf_ex) ||
583 elf_check_fdpic(interp_elf_ex))
585 if (!interpreter->f_op->mmap)
588 total_size = total_mapping_size(interp_elf_phdata,
589 interp_elf_ex->e_phnum);
595 eppnt = interp_elf_phdata;
596 for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) {
597 if (eppnt->p_type == PT_LOAD) {
598 int elf_type = MAP_PRIVATE | MAP_DENYWRITE;
599 int elf_prot = make_prot(eppnt->p_flags, arch_state,
601 unsigned long vaddr = 0;
602 unsigned long k, map_addr;
604 vaddr = eppnt->p_vaddr;
605 if (interp_elf_ex->e_type == ET_EXEC || load_addr_set)
606 elf_type |= MAP_FIXED_NOREPLACE;
607 else if (no_base && interp_elf_ex->e_type == ET_DYN)
610 map_addr = elf_map(interpreter, load_addr + vaddr,
611 eppnt, elf_prot, elf_type, total_size);
614 if (BAD_ADDR(map_addr))
617 if (!load_addr_set &&
618 interp_elf_ex->e_type == ET_DYN) {
619 load_addr = map_addr - ELF_PAGESTART(vaddr);
624 * Check to see if the section's size will overflow the
625 * allowed task size. Note that p_filesz must always be
626 * <= p_memsize so it's only necessary to check p_memsz.
628 k = load_addr + eppnt->p_vaddr;
630 eppnt->p_filesz > eppnt->p_memsz ||
631 eppnt->p_memsz > TASK_SIZE ||
632 TASK_SIZE - eppnt->p_memsz < k) {
638 * Find the end of the file mapping for this phdr, and
639 * keep track of the largest address we see for this.
641 k = load_addr + eppnt->p_vaddr + eppnt->p_filesz;
646 * Do the same thing for the memory mapping - between
647 * elf_bss and last_bss is the bss section.
649 k = load_addr + eppnt->p_vaddr + eppnt->p_memsz;
658 * Now fill out the bss section: first pad the last page from
659 * the file up to the page boundary, and zero it from elf_bss
660 * up to the end of the page.
662 if (padzero(elf_bss)) {
667 * Next, align both the file and mem bss up to the page size,
668 * since this is where elf_bss was just zeroed up to, and where
669 * last_bss will end after the vm_brk_flags() below.
671 elf_bss = ELF_PAGEALIGN(elf_bss);
672 last_bss = ELF_PAGEALIGN(last_bss);
673 /* Finally, if there is still more bss to allocate, do it. */
674 if (last_bss > elf_bss) {
675 error = vm_brk_flags(elf_bss, last_bss - elf_bss,
676 bss_prot & PROT_EXEC ? VM_EXEC : 0);
687 * These are the functions used to load ELF style executables and shared
688 * libraries. There is no binary dependent code anywhere else.
691 static int parse_elf_property(const char *data, size_t *off, size_t datasz,
692 struct arch_elf_state *arch,
693 bool have_prev_type, u32 *prev_type)
696 const struct gnu_property *pr;
702 if (WARN_ON_ONCE(*off > datasz || *off % ELF_GNU_PROPERTY_ALIGN))
707 if (datasz < sizeof(*pr))
709 pr = (const struct gnu_property *)(data + o);
711 datasz -= sizeof(*pr);
713 if (pr->pr_datasz > datasz)
716 WARN_ON_ONCE(o % ELF_GNU_PROPERTY_ALIGN);
717 step = round_up(pr->pr_datasz, ELF_GNU_PROPERTY_ALIGN);
721 /* Properties are supposed to be unique and sorted on pr_type: */
722 if (have_prev_type && pr->pr_type <= *prev_type)
724 *prev_type = pr->pr_type;
726 ret = arch_parse_elf_property(pr->pr_type, data + o,
727 pr->pr_datasz, ELF_COMPAT, arch);
735 #define NOTE_DATA_SZ SZ_1K
736 #define GNU_PROPERTY_TYPE_0_NAME "GNU"
737 #define NOTE_NAME_SZ (sizeof(GNU_PROPERTY_TYPE_0_NAME))
739 static int parse_elf_properties(struct file *f, const struct elf_phdr *phdr,
740 struct arch_elf_state *arch)
743 struct elf_note nhdr;
744 char data[NOTE_DATA_SZ];
753 if (!IS_ENABLED(CONFIG_ARCH_USE_GNU_PROPERTY) || !phdr)
756 /* load_elf_binary() shouldn't call us unless this is true... */
757 if (WARN_ON_ONCE(phdr->p_type != PT_GNU_PROPERTY))
760 /* If the properties are crazy large, that's too bad (for now): */
761 if (phdr->p_filesz > sizeof(note))
764 pos = phdr->p_offset;
765 n = kernel_read(f, ¬e, phdr->p_filesz, &pos);
767 BUILD_BUG_ON(sizeof(note) < sizeof(note.nhdr) + NOTE_NAME_SZ);
768 if (n < 0 || n < sizeof(note.nhdr) + NOTE_NAME_SZ)
771 if (note.nhdr.n_type != NT_GNU_PROPERTY_TYPE_0 ||
772 note.nhdr.n_namesz != NOTE_NAME_SZ ||
773 strncmp(note.data + sizeof(note.nhdr),
774 GNU_PROPERTY_TYPE_0_NAME, n - sizeof(note.nhdr)))
777 off = round_up(sizeof(note.nhdr) + NOTE_NAME_SZ,
778 ELF_GNU_PROPERTY_ALIGN);
782 if (note.nhdr.n_descsz > n - off)
784 datasz = off + note.nhdr.n_descsz;
786 have_prev_type = false;
788 ret = parse_elf_property(note.data, &off, datasz, arch,
789 have_prev_type, &prev_type);
790 have_prev_type = true;
793 return ret == -ENOENT ? 0 : ret;
796 static int load_elf_binary(struct linux_binprm *bprm)
798 struct file *interpreter = NULL; /* to shut gcc up */
799 unsigned long load_addr = 0, load_bias = 0;
800 int load_addr_set = 0;
802 struct elf_phdr *elf_ppnt, *elf_phdata, *interp_elf_phdata = NULL;
803 struct elf_phdr *elf_property_phdata = NULL;
804 unsigned long elf_bss, elf_brk;
807 unsigned long elf_entry;
808 unsigned long e_entry;
809 unsigned long interp_load_addr = 0;
810 unsigned long start_code, end_code, start_data, end_data;
811 unsigned long reloc_func_desc __maybe_unused = 0;
812 int executable_stack = EXSTACK_DEFAULT;
813 struct elfhdr *elf_ex = (struct elfhdr *)bprm->buf;
814 struct elfhdr *interp_elf_ex = NULL;
815 struct arch_elf_state arch_state = INIT_ARCH_ELF_STATE;
816 struct mm_struct *mm;
817 struct pt_regs *regs;
820 /* First of all, some simple consistency checks */
821 if (memcmp(elf_ex->e_ident, ELFMAG, SELFMAG) != 0)
824 if (elf_ex->e_type != ET_EXEC && elf_ex->e_type != ET_DYN)
826 if (!elf_check_arch(elf_ex))
828 if (elf_check_fdpic(elf_ex))
830 if (!bprm->file->f_op->mmap)
833 elf_phdata = load_elf_phdrs(elf_ex, bprm->file);
837 elf_ppnt = elf_phdata;
838 for (i = 0; i < elf_ex->e_phnum; i++, elf_ppnt++) {
839 char *elf_interpreter;
841 if (elf_ppnt->p_type == PT_GNU_PROPERTY) {
842 elf_property_phdata = elf_ppnt;
846 if (elf_ppnt->p_type != PT_INTERP)
850 * This is the program interpreter used for shared libraries -
851 * for now assume that this is an a.out format binary.
854 if (elf_ppnt->p_filesz > PATH_MAX || elf_ppnt->p_filesz < 2)
858 elf_interpreter = kmalloc(elf_ppnt->p_filesz, GFP_KERNEL);
859 if (!elf_interpreter)
862 retval = elf_read(bprm->file, elf_interpreter, elf_ppnt->p_filesz,
865 goto out_free_interp;
866 /* make sure path is NULL terminated */
868 if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0')
869 goto out_free_interp;
871 interpreter = open_exec(elf_interpreter);
872 kfree(elf_interpreter);
873 retval = PTR_ERR(interpreter);
874 if (IS_ERR(interpreter))
878 * If the binary is not readable then enforce mm->dumpable = 0
879 * regardless of the interpreter's permissions.
881 would_dump(bprm, interpreter);
883 interp_elf_ex = kmalloc(sizeof(*interp_elf_ex), GFP_KERNEL);
884 if (!interp_elf_ex) {
889 /* Get the exec headers */
890 retval = elf_read(interpreter, interp_elf_ex,
891 sizeof(*interp_elf_ex), 0);
893 goto out_free_dentry;
898 kfree(elf_interpreter);
902 elf_ppnt = elf_phdata;
903 for (i = 0; i < elf_ex->e_phnum; i++, elf_ppnt++)
904 switch (elf_ppnt->p_type) {
906 if (elf_ppnt->p_flags & PF_X)
907 executable_stack = EXSTACK_ENABLE_X;
909 executable_stack = EXSTACK_DISABLE_X;
912 case PT_LOPROC ... PT_HIPROC:
913 retval = arch_elf_pt_proc(elf_ex, elf_ppnt,
917 goto out_free_dentry;
921 /* Some simple consistency checks for the interpreter */
924 /* Not an ELF interpreter */
925 if (memcmp(interp_elf_ex->e_ident, ELFMAG, SELFMAG) != 0)
926 goto out_free_dentry;
927 /* Verify the interpreter has a valid arch */
928 if (!elf_check_arch(interp_elf_ex) ||
929 elf_check_fdpic(interp_elf_ex))
930 goto out_free_dentry;
932 /* Load the interpreter program headers */
933 interp_elf_phdata = load_elf_phdrs(interp_elf_ex,
935 if (!interp_elf_phdata)
936 goto out_free_dentry;
938 /* Pass PT_LOPROC..PT_HIPROC headers to arch code */
939 elf_property_phdata = NULL;
940 elf_ppnt = interp_elf_phdata;
941 for (i = 0; i < interp_elf_ex->e_phnum; i++, elf_ppnt++)
942 switch (elf_ppnt->p_type) {
943 case PT_GNU_PROPERTY:
944 elf_property_phdata = elf_ppnt;
947 case PT_LOPROC ... PT_HIPROC:
948 retval = arch_elf_pt_proc(interp_elf_ex,
949 elf_ppnt, interpreter,
952 goto out_free_dentry;
957 retval = parse_elf_properties(interpreter ?: bprm->file,
958 elf_property_phdata, &arch_state);
960 goto out_free_dentry;
963 * Allow arch code to reject the ELF at this point, whilst it's
964 * still possible to return an error to the code that invoked
967 retval = arch_check_elf(elf_ex,
968 !!interpreter, interp_elf_ex,
971 goto out_free_dentry;
973 /* Flush all traces of the currently running executable */
974 retval = begin_new_exec(bprm);
976 goto out_free_dentry;
978 /* Do this immediately, since STACK_TOP as used in setup_arg_pages
979 may depend on the personality. */
980 SET_PERSONALITY2(*elf_ex, &arch_state);
981 if (elf_read_implies_exec(*elf_ex, executable_stack))
982 current->personality |= READ_IMPLIES_EXEC;
984 if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
985 current->flags |= PF_RANDOMIZE;
987 setup_new_exec(bprm);
989 /* Do this so that we can load the interpreter, if need be. We will
990 change some of these later */
991 retval = setup_arg_pages(bprm, randomize_stack_top(STACK_TOP),
994 goto out_free_dentry;
1004 /* Now we do a little grungy work by mmapping the ELF image into
1005 the correct location in memory. */
1006 for(i = 0, elf_ppnt = elf_phdata;
1007 i < elf_ex->e_phnum; i++, elf_ppnt++) {
1008 int elf_prot, elf_flags;
1009 unsigned long k, vaddr;
1010 unsigned long total_size = 0;
1012 if (elf_ppnt->p_type != PT_LOAD)
1015 if (unlikely (elf_brk > elf_bss)) {
1016 unsigned long nbyte;
1018 /* There was a PT_LOAD segment with p_memsz > p_filesz
1019 before this one. Map anonymous pages, if needed,
1020 and clear the area. */
1021 retval = set_brk(elf_bss + load_bias,
1022 elf_brk + load_bias,
1025 goto out_free_dentry;
1026 nbyte = ELF_PAGEOFFSET(elf_bss);
1028 nbyte = ELF_MIN_ALIGN - nbyte;
1029 if (nbyte > elf_brk - elf_bss)
1030 nbyte = elf_brk - elf_bss;
1031 if (clear_user((void __user *)elf_bss +
1032 load_bias, nbyte)) {
1034 * This bss-zeroing can fail if the ELF
1035 * file specifies odd protections. So
1036 * we don't check the return value
1042 elf_prot = make_prot(elf_ppnt->p_flags, &arch_state,
1043 !!interpreter, false);
1045 elf_flags = MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE;
1047 vaddr = elf_ppnt->p_vaddr;
1049 * If we are loading ET_EXEC or we have already performed
1050 * the ET_DYN load_addr calculations, proceed normally.
1052 if (elf_ex->e_type == ET_EXEC || load_addr_set) {
1053 elf_flags |= MAP_FIXED;
1054 } else if (elf_ex->e_type == ET_DYN) {
1056 * This logic is run once for the first LOAD Program
1057 * Header for ET_DYN binaries to calculate the
1058 * randomization (load_bias) for all the LOAD
1059 * Program Headers, and to calculate the entire
1060 * size of the ELF mapping (total_size). (Note that
1061 * load_addr_set is set to true later once the
1062 * initial mapping is performed.)
1064 * There are effectively two types of ET_DYN
1065 * binaries: programs (i.e. PIE: ET_DYN with INTERP)
1066 * and loaders (ET_DYN without INTERP, since they
1067 * _are_ the ELF interpreter). The loaders must
1068 * be loaded away from programs since the program
1069 * may otherwise collide with the loader (especially
1070 * for ET_EXEC which does not have a randomized
1071 * position). For example to handle invocations of
1072 * "./ld.so someprog" to test out a new version of
1073 * the loader, the subsequent program that the
1074 * loader loads must avoid the loader itself, so
1075 * they cannot share the same load range. Sufficient
1076 * room for the brk must be allocated with the
1077 * loader as well, since brk must be available with
1080 * Therefore, programs are loaded offset from
1081 * ELF_ET_DYN_BASE and loaders are loaded into the
1082 * independently randomized mmap region (0 load_bias
1083 * without MAP_FIXED).
1086 load_bias = ELF_ET_DYN_BASE;
1087 if (current->flags & PF_RANDOMIZE)
1088 load_bias += arch_mmap_rnd();
1089 elf_flags |= MAP_FIXED;
1094 * Since load_bias is used for all subsequent loading
1095 * calculations, we must lower it by the first vaddr
1096 * so that the remaining calculations based on the
1097 * ELF vaddrs will be correctly offset. The result
1098 * is then page aligned.
1100 load_bias = ELF_PAGESTART(load_bias - vaddr);
1102 total_size = total_mapping_size(elf_phdata,
1106 goto out_free_dentry;
1110 error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
1111 elf_prot, elf_flags, total_size);
1112 if (BAD_ADDR(error)) {
1113 retval = IS_ERR((void *)error) ?
1114 PTR_ERR((void*)error) : -EINVAL;
1115 goto out_free_dentry;
1118 if (!load_addr_set) {
1120 load_addr = (elf_ppnt->p_vaddr - elf_ppnt->p_offset);
1121 if (elf_ex->e_type == ET_DYN) {
1122 load_bias += error -
1123 ELF_PAGESTART(load_bias + vaddr);
1124 load_addr += load_bias;
1125 reloc_func_desc = load_bias;
1128 k = elf_ppnt->p_vaddr;
1129 if ((elf_ppnt->p_flags & PF_X) && k < start_code)
1135 * Check to see if the section's size will overflow the
1136 * allowed task size. Note that p_filesz must always be
1137 * <= p_memsz so it is only necessary to check p_memsz.
1139 if (BAD_ADDR(k) || elf_ppnt->p_filesz > elf_ppnt->p_memsz ||
1140 elf_ppnt->p_memsz > TASK_SIZE ||
1141 TASK_SIZE - elf_ppnt->p_memsz < k) {
1142 /* set_brk can never work. Avoid overflows. */
1144 goto out_free_dentry;
1147 k = elf_ppnt->p_vaddr + elf_ppnt->p_filesz;
1151 if ((elf_ppnt->p_flags & PF_X) && end_code < k)
1155 k = elf_ppnt->p_vaddr + elf_ppnt->p_memsz;
1157 bss_prot = elf_prot;
1162 e_entry = elf_ex->e_entry + load_bias;
1163 elf_bss += load_bias;
1164 elf_brk += load_bias;
1165 start_code += load_bias;
1166 end_code += load_bias;
1167 start_data += load_bias;
1168 end_data += load_bias;
1170 /* Calling set_brk effectively mmaps the pages that we need
1171 * for the bss and break sections. We must do this before
1172 * mapping in the interpreter, to make sure it doesn't wind
1173 * up getting placed where the bss needs to go.
1175 retval = set_brk(elf_bss, elf_brk, bss_prot);
1177 goto out_free_dentry;
1178 if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
1179 retval = -EFAULT; /* Nobody gets to see this, but.. */
1180 goto out_free_dentry;
1184 elf_entry = load_elf_interp(interp_elf_ex,
1186 load_bias, interp_elf_phdata,
1188 if (!IS_ERR((void *)elf_entry)) {
1190 * load_elf_interp() returns relocation
1193 interp_load_addr = elf_entry;
1194 elf_entry += interp_elf_ex->e_entry;
1196 if (BAD_ADDR(elf_entry)) {
1197 retval = IS_ERR((void *)elf_entry) ?
1198 (int)elf_entry : -EINVAL;
1199 goto out_free_dentry;
1201 reloc_func_desc = interp_load_addr;
1203 allow_write_access(interpreter);
1206 kfree(interp_elf_ex);
1207 kfree(interp_elf_phdata);
1209 elf_entry = e_entry;
1210 if (BAD_ADDR(elf_entry)) {
1212 goto out_free_dentry;
1218 set_binfmt(&elf_format);
1220 #ifdef ARCH_HAS_SETUP_ADDITIONAL_PAGES
1221 retval = arch_setup_additional_pages(bprm, !!interpreter);
1224 #endif /* ARCH_HAS_SETUP_ADDITIONAL_PAGES */
1226 retval = create_elf_tables(bprm, elf_ex,
1227 load_addr, interp_load_addr, e_entry);
1232 mm->end_code = end_code;
1233 mm->start_code = start_code;
1234 mm->start_data = start_data;
1235 mm->end_data = end_data;
1236 mm->start_stack = bprm->p;
1238 if ((current->flags & PF_RANDOMIZE) && (randomize_va_space > 1)) {
1240 * For architectures with ELF randomization, when executing
1241 * a loader directly (i.e. no interpreter listed in ELF
1242 * headers), move the brk area out of the mmap region
1243 * (since it grows up, and may collide early with the stack
1244 * growing down), and into the unused ELF_ET_DYN_BASE region.
1246 if (IS_ENABLED(CONFIG_ARCH_HAS_ELF_RANDOMIZE) &&
1247 elf_ex->e_type == ET_DYN && !interpreter) {
1248 mm->brk = mm->start_brk = ELF_ET_DYN_BASE;
1251 mm->brk = mm->start_brk = arch_randomize_brk(mm);
1252 #ifdef compat_brk_randomized
1253 current->brk_randomized = 1;
1257 if (current->personality & MMAP_PAGE_ZERO) {
1258 /* Why this, you ask??? Well SVr4 maps page 0 as read-only,
1259 and some applications "depend" upon this behavior.
1260 Since we do not have the power to recompile these, we
1261 emulate the SVr4 behavior. Sigh. */
1262 error = vm_mmap(NULL, 0, PAGE_SIZE, PROT_READ | PROT_EXEC,
1263 MAP_FIXED | MAP_PRIVATE, 0);
1266 regs = current_pt_regs();
1267 #ifdef ELF_PLAT_INIT
1269 * The ABI may specify that certain registers be set up in special
1270 * ways (on i386 %edx is the address of a DT_FINI function, for
1271 * example. In addition, it may also specify (eg, PowerPC64 ELF)
1272 * that the e_entry field is the address of the function descriptor
1273 * for the startup routine, rather than the address of the startup
1274 * routine itself. This macro performs whatever initialization to
1275 * the regs structure is required as well as any relocations to the
1276 * function descriptor entries when executing dynamically links apps.
1278 ELF_PLAT_INIT(regs, reloc_func_desc);
1281 finalize_exec(bprm);
1282 start_thread(regs, elf_entry, bprm->p);
1289 kfree(interp_elf_ex);
1290 kfree(interp_elf_phdata);
1291 allow_write_access(interpreter);
1299 #ifdef CONFIG_USELIB
1300 /* This is really simpleminded and specialized - we are loading an
1301 a.out library that is given an ELF header. */
1302 static int load_elf_library(struct file *file)
1304 struct elf_phdr *elf_phdata;
1305 struct elf_phdr *eppnt;
1306 unsigned long elf_bss, bss, len;
1307 int retval, error, i, j;
1308 struct elfhdr elf_ex;
1311 retval = elf_read(file, &elf_ex, sizeof(elf_ex), 0);
1315 if (memcmp(elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
1318 /* First of all, some simple consistency checks */
1319 if (elf_ex.e_type != ET_EXEC || elf_ex.e_phnum > 2 ||
1320 !elf_check_arch(&elf_ex) || !file->f_op->mmap)
1322 if (elf_check_fdpic(&elf_ex))
1325 /* Now read in all of the header information */
1327 j = sizeof(struct elf_phdr) * elf_ex.e_phnum;
1328 /* j < ELF_MIN_ALIGN because elf_ex.e_phnum <= 2 */
1331 elf_phdata = kmalloc(j, GFP_KERNEL);
1337 retval = elf_read(file, eppnt, j, elf_ex.e_phoff);
1341 for (j = 0, i = 0; i<elf_ex.e_phnum; i++)
1342 if ((eppnt + i)->p_type == PT_LOAD)
1347 while (eppnt->p_type != PT_LOAD)
1350 /* Now use mmap to map the library into memory. */
1351 error = vm_mmap(file,
1352 ELF_PAGESTART(eppnt->p_vaddr),
1354 ELF_PAGEOFFSET(eppnt->p_vaddr)),
1355 PROT_READ | PROT_WRITE | PROT_EXEC,
1356 MAP_FIXED_NOREPLACE | MAP_PRIVATE | MAP_DENYWRITE,
1358 ELF_PAGEOFFSET(eppnt->p_vaddr)));
1359 if (error != ELF_PAGESTART(eppnt->p_vaddr))
1362 elf_bss = eppnt->p_vaddr + eppnt->p_filesz;
1363 if (padzero(elf_bss)) {
1368 len = ELF_PAGEALIGN(eppnt->p_filesz + eppnt->p_vaddr);
1369 bss = ELF_PAGEALIGN(eppnt->p_memsz + eppnt->p_vaddr);
1371 error = vm_brk(len, bss - len);
1382 #endif /* #ifdef CONFIG_USELIB */
1384 #ifdef CONFIG_ELF_CORE
1388 * Modelled on fs/exec.c:aout_core_dump()
1389 * Jeremy Fitzhardinge <jeremy@sw.oz.au>
1393 * The purpose of always_dump_vma() is to make sure that special kernel mappings
1394 * that are useful for post-mortem analysis are included in every core dump.
1395 * In that way we ensure that the core dump is fully interpretable later
1396 * without matching up the same kernel and hardware config to see what PC values
1397 * meant. These special mappings include - vDSO, vsyscall, and other
1398 * architecture specific mappings
1400 static bool always_dump_vma(struct vm_area_struct *vma)
1402 /* Any vsyscall mappings? */
1403 if (vma == get_gate_vma(vma->vm_mm))
1407 * Assume that all vmas with a .name op should always be dumped.
1408 * If this changes, a new vm_ops field can easily be added.
1410 if (vma->vm_ops && vma->vm_ops->name && vma->vm_ops->name(vma))
1414 * arch_vma_name() returns non-NULL for special architecture mappings,
1415 * such as vDSO sections.
1417 if (arch_vma_name(vma))
1424 * Decide what to dump of a segment, part, all or none.
1426 static unsigned long vma_dump_size(struct vm_area_struct *vma,
1427 unsigned long mm_flags)
1429 #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type))
1431 /* always dump the vdso and vsyscall sections */
1432 if (always_dump_vma(vma))
1435 if (vma->vm_flags & VM_DONTDUMP)
1438 /* support for DAX */
1439 if (vma_is_dax(vma)) {
1440 if ((vma->vm_flags & VM_SHARED) && FILTER(DAX_SHARED))
1442 if (!(vma->vm_flags & VM_SHARED) && FILTER(DAX_PRIVATE))
1447 /* Hugetlb memory check */
1448 if (is_vm_hugetlb_page(vma)) {
1449 if ((vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_SHARED))
1451 if (!(vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_PRIVATE))
1456 /* Do not dump I/O mapped devices or special mappings */
1457 if (vma->vm_flags & VM_IO)
1460 /* By default, dump shared memory if mapped from an anonymous file. */
1461 if (vma->vm_flags & VM_SHARED) {
1462 if (file_inode(vma->vm_file)->i_nlink == 0 ?
1463 FILTER(ANON_SHARED) : FILTER(MAPPED_SHARED))
1468 /* Dump segments that have been written to. */
1469 if (vma->anon_vma && FILTER(ANON_PRIVATE))
1471 if (vma->vm_file == NULL)
1474 if (FILTER(MAPPED_PRIVATE))
1478 * If this looks like the beginning of a DSO or executable mapping,
1479 * check for an ELF header. If we find one, dump the first page to
1480 * aid in determining what was mapped here.
1482 if (FILTER(ELF_HEADERS) &&
1483 vma->vm_pgoff == 0 && (vma->vm_flags & VM_READ)) {
1484 u32 __user *header = (u32 __user *) vma->vm_start;
1487 * Doing it this way gets the constant folded by GCC.
1491 char elfmag[SELFMAG];
1493 BUILD_BUG_ON(SELFMAG != sizeof word);
1494 magic.elfmag[EI_MAG0] = ELFMAG0;
1495 magic.elfmag[EI_MAG1] = ELFMAG1;
1496 magic.elfmag[EI_MAG2] = ELFMAG2;
1497 magic.elfmag[EI_MAG3] = ELFMAG3;
1498 if (unlikely(get_user(word, header)))
1500 if (word == magic.cmp)
1509 return vma->vm_end - vma->vm_start;
1512 /* An ELF note in memory */
1517 unsigned int datasz;
1521 static int notesize(struct memelfnote *en)
1525 sz = sizeof(struct elf_note);
1526 sz += roundup(strlen(en->name) + 1, 4);
1527 sz += roundup(en->datasz, 4);
1532 static int writenote(struct memelfnote *men, struct coredump_params *cprm)
1535 en.n_namesz = strlen(men->name) + 1;
1536 en.n_descsz = men->datasz;
1537 en.n_type = men->type;
1539 return dump_emit(cprm, &en, sizeof(en)) &&
1540 dump_emit(cprm, men->name, en.n_namesz) && dump_align(cprm, 4) &&
1541 dump_emit(cprm, men->data, men->datasz) && dump_align(cprm, 4);
1544 static void fill_elf_header(struct elfhdr *elf, int segs,
1545 u16 machine, u32 flags)
1547 memset(elf, 0, sizeof(*elf));
1549 memcpy(elf->e_ident, ELFMAG, SELFMAG);
1550 elf->e_ident[EI_CLASS] = ELF_CLASS;
1551 elf->e_ident[EI_DATA] = ELF_DATA;
1552 elf->e_ident[EI_VERSION] = EV_CURRENT;
1553 elf->e_ident[EI_OSABI] = ELF_OSABI;
1555 elf->e_type = ET_CORE;
1556 elf->e_machine = machine;
1557 elf->e_version = EV_CURRENT;
1558 elf->e_phoff = sizeof(struct elfhdr);
1559 elf->e_flags = flags;
1560 elf->e_ehsize = sizeof(struct elfhdr);
1561 elf->e_phentsize = sizeof(struct elf_phdr);
1562 elf->e_phnum = segs;
1565 static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, loff_t offset)
1567 phdr->p_type = PT_NOTE;
1568 phdr->p_offset = offset;
1571 phdr->p_filesz = sz;
1577 static void fill_note(struct memelfnote *note, const char *name, int type,
1578 unsigned int sz, void *data)
1587 * fill up all the fields in prstatus from the given task struct, except
1588 * registers which need to be filled up separately.
1590 static void fill_prstatus(struct elf_prstatus *prstatus,
1591 struct task_struct *p, long signr)
1593 prstatus->pr_info.si_signo = prstatus->pr_cursig = signr;
1594 prstatus->pr_sigpend = p->pending.signal.sig[0];
1595 prstatus->pr_sighold = p->blocked.sig[0];
1597 prstatus->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1599 prstatus->pr_pid = task_pid_vnr(p);
1600 prstatus->pr_pgrp = task_pgrp_vnr(p);
1601 prstatus->pr_sid = task_session_vnr(p);
1602 if (thread_group_leader(p)) {
1603 struct task_cputime cputime;
1606 * This is the record for the group leader. It shows the
1607 * group-wide total, not its individual thread total.
1609 thread_group_cputime(p, &cputime);
1610 prstatus->pr_utime = ns_to_kernel_old_timeval(cputime.utime);
1611 prstatus->pr_stime = ns_to_kernel_old_timeval(cputime.stime);
1615 task_cputime(p, &utime, &stime);
1616 prstatus->pr_utime = ns_to_kernel_old_timeval(utime);
1617 prstatus->pr_stime = ns_to_kernel_old_timeval(stime);
1620 prstatus->pr_cutime = ns_to_kernel_old_timeval(p->signal->cutime);
1621 prstatus->pr_cstime = ns_to_kernel_old_timeval(p->signal->cstime);
1624 static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p,
1625 struct mm_struct *mm)
1627 const struct cred *cred;
1628 unsigned int i, len;
1630 /* first copy the parameters from user space */
1631 memset(psinfo, 0, sizeof(struct elf_prpsinfo));
1633 len = mm->arg_end - mm->arg_start;
1634 if (len >= ELF_PRARGSZ)
1635 len = ELF_PRARGSZ-1;
1636 if (copy_from_user(&psinfo->pr_psargs,
1637 (const char __user *)mm->arg_start, len))
1639 for(i = 0; i < len; i++)
1640 if (psinfo->pr_psargs[i] == 0)
1641 psinfo->pr_psargs[i] = ' ';
1642 psinfo->pr_psargs[len] = 0;
1645 psinfo->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1647 psinfo->pr_pid = task_pid_vnr(p);
1648 psinfo->pr_pgrp = task_pgrp_vnr(p);
1649 psinfo->pr_sid = task_session_vnr(p);
1651 i = p->state ? ffz(~p->state) + 1 : 0;
1652 psinfo->pr_state = i;
1653 psinfo->pr_sname = (i > 5) ? '.' : "RSDTZW"[i];
1654 psinfo->pr_zomb = psinfo->pr_sname == 'Z';
1655 psinfo->pr_nice = task_nice(p);
1656 psinfo->pr_flag = p->flags;
1658 cred = __task_cred(p);
1659 SET_UID(psinfo->pr_uid, from_kuid_munged(cred->user_ns, cred->uid));
1660 SET_GID(psinfo->pr_gid, from_kgid_munged(cred->user_ns, cred->gid));
1662 strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname));
1667 static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
1669 elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
1673 while (auxv[i - 2] != AT_NULL);
1674 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
1677 static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata,
1678 const kernel_siginfo_t *siginfo)
1680 copy_siginfo_to_external(csigdata, siginfo);
1681 fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata);
1684 #define MAX_FILE_NOTE_SIZE (4*1024*1024)
1686 * Format of NT_FILE note:
1688 * long count -- how many files are mapped
1689 * long page_size -- units for file_ofs
1690 * array of [COUNT] elements of
1694 * followed by COUNT filenames in ASCII: "FILE1" NUL "FILE2" NUL...
1696 static int fill_files_note(struct memelfnote *note)
1698 struct mm_struct *mm = current->mm;
1699 struct vm_area_struct *vma;
1700 unsigned count, size, names_ofs, remaining, n;
1702 user_long_t *start_end_ofs;
1703 char *name_base, *name_curpos;
1705 /* *Estimated* file count and total data size needed */
1706 count = mm->map_count;
1707 if (count > UINT_MAX / 64)
1711 names_ofs = (2 + 3 * count) * sizeof(data[0]);
1713 if (size >= MAX_FILE_NOTE_SIZE) /* paranoia check */
1715 size = round_up(size, PAGE_SIZE);
1717 * "size" can be 0 here legitimately.
1718 * Let it ENOMEM and omit NT_FILE section which will be empty anyway.
1720 data = kvmalloc(size, GFP_KERNEL);
1721 if (ZERO_OR_NULL_PTR(data))
1724 start_end_ofs = data + 2;
1725 name_base = name_curpos = ((char *)data) + names_ofs;
1726 remaining = size - names_ofs;
1728 for (vma = mm->mmap; vma != NULL; vma = vma->vm_next) {
1730 const char *filename;
1732 file = vma->vm_file;
1735 filename = file_path(file, name_curpos, remaining);
1736 if (IS_ERR(filename)) {
1737 if (PTR_ERR(filename) == -ENAMETOOLONG) {
1739 size = size * 5 / 4;
1745 /* file_path() fills at the end, move name down */
1746 /* n = strlen(filename) + 1: */
1747 n = (name_curpos + remaining) - filename;
1748 remaining = filename - name_curpos;
1749 memmove(name_curpos, filename, n);
1752 *start_end_ofs++ = vma->vm_start;
1753 *start_end_ofs++ = vma->vm_end;
1754 *start_end_ofs++ = vma->vm_pgoff;
1758 /* Now we know exact count of files, can store it */
1760 data[1] = PAGE_SIZE;
1762 * Count usually is less than mm->map_count,
1763 * we need to move filenames down.
1765 n = mm->map_count - count;
1767 unsigned shift_bytes = n * 3 * sizeof(data[0]);
1768 memmove(name_base - shift_bytes, name_base,
1769 name_curpos - name_base);
1770 name_curpos -= shift_bytes;
1773 size = name_curpos - (char *)data;
1774 fill_note(note, "CORE", NT_FILE, size, data);
1778 #ifdef CORE_DUMP_USE_REGSET
1779 #include <linux/regset.h>
1781 struct elf_thread_core_info {
1782 struct elf_thread_core_info *next;
1783 struct task_struct *task;
1784 struct elf_prstatus prstatus;
1785 struct memelfnote notes[0];
1788 struct elf_note_info {
1789 struct elf_thread_core_info *thread;
1790 struct memelfnote psinfo;
1791 struct memelfnote signote;
1792 struct memelfnote auxv;
1793 struct memelfnote files;
1794 user_siginfo_t csigdata;
1800 * When a regset has a writeback hook, we call it on each thread before
1801 * dumping user memory. On register window machines, this makes sure the
1802 * user memory backing the register data is up to date before we read it.
1804 static void do_thread_regset_writeback(struct task_struct *task,
1805 const struct user_regset *regset)
1807 if (regset->writeback)
1808 regset->writeback(task, regset, 1);
1811 #ifndef PRSTATUS_SIZE
1812 #define PRSTATUS_SIZE(S, R) sizeof(S)
1815 #ifndef SET_PR_FPVALID
1816 #define SET_PR_FPVALID(S, V, R) ((S)->pr_fpvalid = (V))
1819 static int fill_thread_core_info(struct elf_thread_core_info *t,
1820 const struct user_regset_view *view,
1821 long signr, size_t *total)
1827 * NT_PRSTATUS is the one special case, because the regset data
1828 * goes into the pr_reg field inside the note contents, rather
1829 * than being the whole note contents. We fill the reset in here.
1830 * We assume that regset 0 is NT_PRSTATUS.
1832 fill_prstatus(&t->prstatus, t->task, signr);
1833 regset0_size = regset_get(t->task, &view->regsets[0],
1834 sizeof(t->prstatus.pr_reg), &t->prstatus.pr_reg);
1835 if (regset0_size < 0)
1838 fill_note(&t->notes[0], "CORE", NT_PRSTATUS,
1839 PRSTATUS_SIZE(t->prstatus, regset0_size), &t->prstatus);
1840 *total += notesize(&t->notes[0]);
1842 do_thread_regset_writeback(t->task, &view->regsets[0]);
1845 * Each other regset might generate a note too. For each regset
1846 * that has no core_note_type or is inactive, we leave t->notes[i]
1847 * all zero and we'll know to skip writing it later.
1849 for (i = 1; i < view->n; ++i) {
1850 const struct user_regset *regset = &view->regsets[i];
1851 int note_type = regset->core_note_type;
1852 bool is_fpreg = note_type == NT_PRFPREG;
1856 do_thread_regset_writeback(t->task, regset);
1857 if (!note_type) // not for coredumps
1859 if (regset->active && regset->active(t->task, regset) <= 0)
1862 ret = regset_get_alloc(t->task, regset, ~0U, &data);
1867 SET_PR_FPVALID(&t->prstatus, 1, regset0_size);
1869 fill_note(&t->notes[i], is_fpreg ? "CORE" : "LINUX",
1870 note_type, ret, data);
1872 *total += notesize(&t->notes[i]);
1878 static int fill_note_info(struct elfhdr *elf, int phdrs,
1879 struct elf_note_info *info,
1880 const kernel_siginfo_t *siginfo, struct pt_regs *regs)
1882 struct task_struct *dump_task = current;
1883 const struct user_regset_view *view = task_user_regset_view(dump_task);
1884 struct elf_thread_core_info *t;
1885 struct elf_prpsinfo *psinfo;
1886 struct core_thread *ct;
1890 info->thread = NULL;
1892 psinfo = kmalloc(sizeof(*psinfo), GFP_KERNEL);
1893 if (psinfo == NULL) {
1894 info->psinfo.data = NULL; /* So we don't free this wrongly */
1898 fill_note(&info->psinfo, "CORE", NT_PRPSINFO, sizeof(*psinfo), psinfo);
1901 * Figure out how many notes we're going to need for each thread.
1903 info->thread_notes = 0;
1904 for (i = 0; i < view->n; ++i)
1905 if (view->regsets[i].core_note_type != 0)
1906 ++info->thread_notes;
1909 * Sanity check. We rely on regset 0 being in NT_PRSTATUS,
1910 * since it is our one special case.
1912 if (unlikely(info->thread_notes == 0) ||
1913 unlikely(view->regsets[0].core_note_type != NT_PRSTATUS)) {
1919 * Initialize the ELF file header.
1921 fill_elf_header(elf, phdrs,
1922 view->e_machine, view->e_flags);
1925 * Allocate a structure for each thread.
1927 for (ct = &dump_task->mm->core_state->dumper; ct; ct = ct->next) {
1928 t = kzalloc(offsetof(struct elf_thread_core_info,
1929 notes[info->thread_notes]),
1935 if (ct->task == dump_task || !info->thread) {
1936 t->next = info->thread;
1940 * Make sure to keep the original task at
1941 * the head of the list.
1943 t->next = info->thread->next;
1944 info->thread->next = t;
1949 * Now fill in each thread's information.
1951 for (t = info->thread; t != NULL; t = t->next)
1952 if (!fill_thread_core_info(t, view, siginfo->si_signo, &info->size))
1956 * Fill in the two process-wide notes.
1958 fill_psinfo(psinfo, dump_task->group_leader, dump_task->mm);
1959 info->size += notesize(&info->psinfo);
1961 fill_siginfo_note(&info->signote, &info->csigdata, siginfo);
1962 info->size += notesize(&info->signote);
1964 fill_auxv_note(&info->auxv, current->mm);
1965 info->size += notesize(&info->auxv);
1967 if (fill_files_note(&info->files) == 0)
1968 info->size += notesize(&info->files);
1973 static size_t get_note_info_size(struct elf_note_info *info)
1979 * Write all the notes for each thread. When writing the first thread, the
1980 * process-wide notes are interleaved after the first thread-specific note.
1982 static int write_note_info(struct elf_note_info *info,
1983 struct coredump_params *cprm)
1986 struct elf_thread_core_info *t = info->thread;
1991 if (!writenote(&t->notes[0], cprm))
1994 if (first && !writenote(&info->psinfo, cprm))
1996 if (first && !writenote(&info->signote, cprm))
1998 if (first && !writenote(&info->auxv, cprm))
2000 if (first && info->files.data &&
2001 !writenote(&info->files, cprm))
2004 for (i = 1; i < info->thread_notes; ++i)
2005 if (t->notes[i].data &&
2006 !writenote(&t->notes[i], cprm))
2016 static void free_note_info(struct elf_note_info *info)
2018 struct elf_thread_core_info *threads = info->thread;
2021 struct elf_thread_core_info *t = threads;
2023 WARN_ON(t->notes[0].data && t->notes[0].data != &t->prstatus);
2024 for (i = 1; i < info->thread_notes; ++i)
2025 kfree(t->notes[i].data);
2028 kfree(info->psinfo.data);
2029 kvfree(info->files.data);
2034 /* Here is the structure in which status of each thread is captured. */
2035 struct elf_thread_status
2037 struct list_head list;
2038 struct elf_prstatus prstatus; /* NT_PRSTATUS */
2039 elf_fpregset_t fpu; /* NT_PRFPREG */
2040 struct task_struct *thread;
2041 struct memelfnote notes[3];
2046 * In order to add the specific thread information for the elf file format,
2047 * we need to keep a linked list of every threads pr_status and then create
2048 * a single section for them in the final core file.
2050 static int elf_dump_thread_status(long signr, struct elf_thread_status *t)
2053 struct task_struct *p = t->thread;
2056 fill_prstatus(&t->prstatus, p, signr);
2057 elf_core_copy_task_regs(p, &t->prstatus.pr_reg);
2059 fill_note(&t->notes[0], "CORE", NT_PRSTATUS, sizeof(t->prstatus),
2062 sz += notesize(&t->notes[0]);
2064 if ((t->prstatus.pr_fpvalid = elf_core_copy_task_fpregs(p, NULL,
2066 fill_note(&t->notes[1], "CORE", NT_PRFPREG, sizeof(t->fpu),
2069 sz += notesize(&t->notes[1]);
2074 struct elf_note_info {
2075 struct memelfnote *notes;
2076 struct memelfnote *notes_files;
2077 struct elf_prstatus *prstatus; /* NT_PRSTATUS */
2078 struct elf_prpsinfo *psinfo; /* NT_PRPSINFO */
2079 struct list_head thread_list;
2080 elf_fpregset_t *fpu;
2081 user_siginfo_t csigdata;
2082 int thread_status_size;
2086 static int elf_note_info_init(struct elf_note_info *info)
2088 memset(info, 0, sizeof(*info));
2089 INIT_LIST_HEAD(&info->thread_list);
2091 /* Allocate space for ELF notes */
2092 info->notes = kmalloc_array(8, sizeof(struct memelfnote), GFP_KERNEL);
2095 info->psinfo = kmalloc(sizeof(*info->psinfo), GFP_KERNEL);
2098 info->prstatus = kmalloc(sizeof(*info->prstatus), GFP_KERNEL);
2099 if (!info->prstatus)
2101 info->fpu = kmalloc(sizeof(*info->fpu), GFP_KERNEL);
2107 static int fill_note_info(struct elfhdr *elf, int phdrs,
2108 struct elf_note_info *info,
2109 const kernel_siginfo_t *siginfo, struct pt_regs *regs)
2111 struct core_thread *ct;
2112 struct elf_thread_status *ets;
2114 if (!elf_note_info_init(info))
2117 for (ct = current->mm->core_state->dumper.next;
2118 ct; ct = ct->next) {
2119 ets = kzalloc(sizeof(*ets), GFP_KERNEL);
2123 ets->thread = ct->task;
2124 list_add(&ets->list, &info->thread_list);
2127 list_for_each_entry(ets, &info->thread_list, list) {
2130 sz = elf_dump_thread_status(siginfo->si_signo, ets);
2131 info->thread_status_size += sz;
2133 /* now collect the dump for the current */
2134 memset(info->prstatus, 0, sizeof(*info->prstatus));
2135 fill_prstatus(info->prstatus, current, siginfo->si_signo);
2136 elf_core_copy_regs(&info->prstatus->pr_reg, regs);
2139 fill_elf_header(elf, phdrs, ELF_ARCH, ELF_CORE_EFLAGS);
2142 * Set up the notes in similar form to SVR4 core dumps made
2143 * with info from their /proc.
2146 fill_note(info->notes + 0, "CORE", NT_PRSTATUS,
2147 sizeof(*info->prstatus), info->prstatus);
2148 fill_psinfo(info->psinfo, current->group_leader, current->mm);
2149 fill_note(info->notes + 1, "CORE", NT_PRPSINFO,
2150 sizeof(*info->psinfo), info->psinfo);
2152 fill_siginfo_note(info->notes + 2, &info->csigdata, siginfo);
2153 fill_auxv_note(info->notes + 3, current->mm);
2156 if (fill_files_note(info->notes + info->numnote) == 0) {
2157 info->notes_files = info->notes + info->numnote;
2161 /* Try to dump the FPU. */
2162 info->prstatus->pr_fpvalid = elf_core_copy_task_fpregs(current, regs,
2164 if (info->prstatus->pr_fpvalid)
2165 fill_note(info->notes + info->numnote++,
2166 "CORE", NT_PRFPREG, sizeof(*info->fpu), info->fpu);
2170 static size_t get_note_info_size(struct elf_note_info *info)
2175 for (i = 0; i < info->numnote; i++)
2176 sz += notesize(info->notes + i);
2178 sz += info->thread_status_size;
2183 static int write_note_info(struct elf_note_info *info,
2184 struct coredump_params *cprm)
2186 struct elf_thread_status *ets;
2189 for (i = 0; i < info->numnote; i++)
2190 if (!writenote(info->notes + i, cprm))
2193 /* write out the thread status notes section */
2194 list_for_each_entry(ets, &info->thread_list, list) {
2195 for (i = 0; i < ets->num_notes; i++)
2196 if (!writenote(&ets->notes[i], cprm))
2203 static void free_note_info(struct elf_note_info *info)
2205 while (!list_empty(&info->thread_list)) {
2206 struct list_head *tmp = info->thread_list.next;
2208 kfree(list_entry(tmp, struct elf_thread_status, list));
2211 /* Free data possibly allocated by fill_files_note(): */
2212 if (info->notes_files)
2213 kvfree(info->notes_files->data);
2215 kfree(info->prstatus);
2216 kfree(info->psinfo);
2223 static struct vm_area_struct *first_vma(struct task_struct *tsk,
2224 struct vm_area_struct *gate_vma)
2226 struct vm_area_struct *ret = tsk->mm->mmap;
2233 * Helper function for iterating across a vma list. It ensures that the caller
2234 * will visit `gate_vma' prior to terminating the search.
2236 static struct vm_area_struct *next_vma(struct vm_area_struct *this_vma,
2237 struct vm_area_struct *gate_vma)
2239 struct vm_area_struct *ret;
2241 ret = this_vma->vm_next;
2244 if (this_vma == gate_vma)
2249 static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
2250 elf_addr_t e_shoff, int segs)
2252 elf->e_shoff = e_shoff;
2253 elf->e_shentsize = sizeof(*shdr4extnum);
2255 elf->e_shstrndx = SHN_UNDEF;
2257 memset(shdr4extnum, 0, sizeof(*shdr4extnum));
2259 shdr4extnum->sh_type = SHT_NULL;
2260 shdr4extnum->sh_size = elf->e_shnum;
2261 shdr4extnum->sh_link = elf->e_shstrndx;
2262 shdr4extnum->sh_info = segs;
2268 * This is a two-pass process; first we find the offsets of the bits,
2269 * and then they are actually written out. If we run out of core limit
2272 static int elf_core_dump(struct coredump_params *cprm)
2276 size_t vma_data_size = 0;
2277 struct vm_area_struct *vma, *gate_vma;
2279 loff_t offset = 0, dataoff;
2280 struct elf_note_info info = { };
2281 struct elf_phdr *phdr4note = NULL;
2282 struct elf_shdr *shdr4extnum = NULL;
2285 elf_addr_t *vma_filesz = NULL;
2288 * We no longer stop all VM operations.
2290 * This is because those proceses that could possibly change map_count
2291 * or the mmap / vma pages are now blocked in do_exit on current
2292 * finishing this core dump.
2294 * Only ptrace can touch these memory addresses, but it doesn't change
2295 * the map_count or the pages allocated. So no possibility of crashing
2296 * exists while dumping the mm->vm_next areas to the core file.
2300 * The number of segs are recored into ELF header as 16bit value.
2301 * Please check DEFAULT_MAX_MAP_COUNT definition when you modify here.
2303 segs = current->mm->map_count;
2304 segs += elf_core_extra_phdrs();
2306 gate_vma = get_gate_vma(current->mm);
2307 if (gate_vma != NULL)
2310 /* for notes section */
2313 /* If segs > PN_XNUM(0xffff), then e_phnum overflows. To avoid
2314 * this, kernel supports extended numbering. Have a look at
2315 * include/linux/elf.h for further information. */
2316 e_phnum = segs > PN_XNUM ? PN_XNUM : segs;
2319 * Collect all the non-memory information about the process for the
2320 * notes. This also sets up the file header.
2322 if (!fill_note_info(&elf, e_phnum, &info, cprm->siginfo, cprm->regs))
2327 offset += sizeof(elf); /* Elf header */
2328 offset += segs * sizeof(struct elf_phdr); /* Program headers */
2330 /* Write notes phdr entry */
2332 size_t sz = get_note_info_size(&info);
2334 sz += elf_coredump_extra_notes_size();
2336 phdr4note = kmalloc(sizeof(*phdr4note), GFP_KERNEL);
2340 fill_elf_note_phdr(phdr4note, sz, offset);
2344 dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
2347 * Zero vma process will get ZERO_SIZE_PTR here.
2348 * Let coredump continue for register state at least.
2350 vma_filesz = kvmalloc(array_size(sizeof(*vma_filesz), (segs - 1)),
2355 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
2356 vma = next_vma(vma, gate_vma)) {
2357 unsigned long dump_size;
2359 dump_size = vma_dump_size(vma, cprm->mm_flags);
2360 vma_filesz[i++] = dump_size;
2361 vma_data_size += dump_size;
2364 offset += vma_data_size;
2365 offset += elf_core_extra_data_size();
2368 if (e_phnum == PN_XNUM) {
2369 shdr4extnum = kmalloc(sizeof(*shdr4extnum), GFP_KERNEL);
2372 fill_extnum_info(&elf, shdr4extnum, e_shoff, segs);
2377 if (!dump_emit(cprm, &elf, sizeof(elf)))
2380 if (!dump_emit(cprm, phdr4note, sizeof(*phdr4note)))
2383 /* Write program headers for segments dump */
2384 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
2385 vma = next_vma(vma, gate_vma)) {
2386 struct elf_phdr phdr;
2388 phdr.p_type = PT_LOAD;
2389 phdr.p_offset = offset;
2390 phdr.p_vaddr = vma->vm_start;
2392 phdr.p_filesz = vma_filesz[i++];
2393 phdr.p_memsz = vma->vm_end - vma->vm_start;
2394 offset += phdr.p_filesz;
2395 phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
2396 if (vma->vm_flags & VM_WRITE)
2397 phdr.p_flags |= PF_W;
2398 if (vma->vm_flags & VM_EXEC)
2399 phdr.p_flags |= PF_X;
2400 phdr.p_align = ELF_EXEC_PAGESIZE;
2402 if (!dump_emit(cprm, &phdr, sizeof(phdr)))
2406 if (!elf_core_write_extra_phdrs(cprm, offset))
2409 /* write out the notes section */
2410 if (!write_note_info(&info, cprm))
2413 if (elf_coredump_extra_notes_write(cprm))
2417 if (!dump_skip(cprm, dataoff - cprm->pos))
2420 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
2421 vma = next_vma(vma, gate_vma)) {
2425 end = vma->vm_start + vma_filesz[i++];
2427 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
2431 page = get_dump_page(addr);
2433 void *kaddr = kmap(page);
2434 stop = !dump_emit(cprm, kaddr, PAGE_SIZE);
2438 stop = !dump_skip(cprm, PAGE_SIZE);
2443 dump_truncate(cprm);
2445 if (!elf_core_write_extra_data(cprm))
2448 if (e_phnum == PN_XNUM) {
2449 if (!dump_emit(cprm, shdr4extnum, sizeof(*shdr4extnum)))
2454 free_note_info(&info);
2461 #endif /* CONFIG_ELF_CORE */
2463 static int __init init_elf_binfmt(void)
2465 register_binfmt(&elf_format);
2469 static void __exit exit_elf_binfmt(void)
2471 /* Remove the COFF and ELF loaders. */
2472 unregister_binfmt(&elf_format);
2475 core_initcall(init_elf_binfmt);
2476 module_exit(exit_elf_binfmt);
2477 MODULE_LICENSE("GPL");
projects / linux-2.6-microblaze.git / blob