]> git.proxmox.com Git - mirror_ubuntu-hirsute-kernel.git/blob - fs/binfmt_elf.c
projects / mirror_ubuntu-hirsute-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge tag 'afs-fixes-20201016' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowe...
[mirror_ubuntu-hirsute-kernel.git] / fs / binfmt_elf.c
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * linux/fs/binfmt_elf.c
4 *
5 * These are the functions used to load ELF format executables as used
6 * on SVr4 machines. Information on the format may be found in the book
7 * "UNIX SYSTEM V RELEASE 4 Programmers Guide: Ansi C and Programming Support
8 * Tools".
9 *
10 * Copyright 1993, 1994: Eric Youngdale (ericy@cais.com).
11 */
12
13 #include <linux/module.h>
14 #include <linux/kernel.h>
15 #include <linux/fs.h>
16 #include <linux/log2.h>
17 #include <linux/mm.h>
18 #include <linux/mman.h>
19 #include <linux/errno.h>
20 #include <linux/signal.h>
21 #include <linux/binfmts.h>
22 #include <linux/string.h>
23 #include <linux/file.h>
24 #include <linux/slab.h>
25 #include <linux/personality.h>
26 #include <linux/elfcore.h>
27 #include <linux/init.h>
28 #include <linux/highuid.h>
29 #include <linux/compiler.h>
30 #include <linux/highmem.h>
31 #include <linux/hugetlb.h>
32 #include <linux/pagemap.h>
33 #include <linux/vmalloc.h>
34 #include <linux/security.h>
35 #include <linux/random.h>
36 #include <linux/elf.h>
37 #include <linux/elf-randomize.h>
38 #include <linux/utsname.h>
39 #include <linux/coredump.h>
40 #include <linux/sched.h>
41 #include <linux/sched/coredump.h>
42 #include <linux/sched/task_stack.h>
43 #include <linux/sched/cputime.h>
44 #include <linux/sizes.h>
45 #include <linux/types.h>
46 #include <linux/cred.h>
47 #include <linux/dax.h>
48 #include <linux/uaccess.h>
49 #include <asm/param.h>
50 #include <asm/page.h>
51
52 #ifndef ELF_COMPAT
53 #define ELF_COMPAT 0
54 #endif
55
56 #ifndef user_long_t
57 #define user_long_t long
58 #endif
59 #ifndef user_siginfo_t
60 #define user_siginfo_t siginfo_t
61 #endif
62
63 /* That's for binfmt_elf_fdpic to deal with */
64 #ifndef elf_check_fdpic
65 #define elf_check_fdpic(ex) false
66 #endif
67
68 static int load_elf_binary(struct linux_binprm *bprm);
69
70 #ifdef CONFIG_USELIB
71 static int load_elf_library(struct file *);
72 #else
73 #define load_elf_library NULL
74 #endif
75
76 /*
77 * If we don't support core dumping, then supply a NULL so we
78 * don't even try.
79 */
80 #ifdef CONFIG_ELF_CORE
81 static int elf_core_dump(struct coredump_params *cprm);
82 #else
83 #define elf_core_dump NULL
84 #endif
85
86 #if ELF_EXEC_PAGESIZE > PAGE_SIZE
87 #define ELF_MIN_ALIGN ELF_EXEC_PAGESIZE
88 #else
89 #define ELF_MIN_ALIGN PAGE_SIZE
90 #endif
91
92 #ifndef ELF_CORE_EFLAGS
93 #define ELF_CORE_EFLAGS 0
94 #endif
95
96 #define ELF_PAGESTART(_v) ((_v) & ~(unsigned long)(ELF_MIN_ALIGN-1))
97 #define ELF_PAGEOFFSET(_v) ((_v) & (ELF_MIN_ALIGN-1))
98 #define ELF_PAGEALIGN(_v) (((_v) + ELF_MIN_ALIGN - 1) & ~(ELF_MIN_ALIGN - 1))
99
100 static struct linux_binfmt elf_format = {
101 .module = THIS_MODULE,
102 .load_binary = load_elf_binary,
103 .load_shlib = load_elf_library,
104 .core_dump = elf_core_dump,
105 .min_coredump = ELF_EXEC_PAGESIZE,
106 };
107
108 #define BAD_ADDR(x) (unlikely((unsigned long)(x) >= TASK_SIZE))
109
110 static int set_brk(unsigned long start, unsigned long end, int prot)
111 {
112 start = ELF_PAGEALIGN(start);
113 end = ELF_PAGEALIGN(end);
114 if (end > start) {
115 /*
116 * Map the last of the bss segment.
117 * If the header is requesting these pages to be
118 * executable, honour that (ppc32 needs this).
119 */
120 int error = vm_brk_flags(start, end - start,
121 prot & PROT_EXEC ? VM_EXEC : 0);
122 if (error)
123 return error;
124 }
125 current->mm->start_brk = current->mm->brk = end;
126 return 0;
127 }
128
129 /* We need to explicitly zero any fractional pages
130 after the data section (i.e. bss). This would
131 contain the junk from the file that should not
132 be in memory
133 */
134 static int padzero(unsigned long elf_bss)
135 {
136 unsigned long nbyte;
137
138 nbyte = ELF_PAGEOFFSET(elf_bss);
139 if (nbyte) {
140 nbyte = ELF_MIN_ALIGN - nbyte;
141 if (clear_user((void __user *) elf_bss, nbyte))
142 return -EFAULT;
143 }
144 return 0;
145 }
146
147 /* Let's use some macros to make this stack manipulation a little clearer */
148 #ifdef CONFIG_STACK_GROWSUP
149 #define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) + (items))
150 #define STACK_ROUND(sp, items) \
151 ((15 + (unsigned long) ((sp) + (items))) &~ 15UL)
152 #define STACK_ALLOC(sp, len) ({ \
153 elf_addr_t __user *old_sp = (elf_addr_t __user *)sp; sp += len; \
154 old_sp; })
155 #else
156 #define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) - (items))
157 #define STACK_ROUND(sp, items) \
158 (((unsigned long) (sp - items)) &~ 15UL)
159 #define STACK_ALLOC(sp, len) ({ sp -= len ; sp; })
160 #endif
161
162 #ifndef ELF_BASE_PLATFORM
163 /*
164 * AT_BASE_PLATFORM indicates the "real" hardware/microarchitecture.
165 * If the arch defines ELF_BASE_PLATFORM (in asm/elf.h), the value
166 * will be copied to the user stack in the same manner as AT_PLATFORM.
167 */
168 #define ELF_BASE_PLATFORM NULL
169 #endif
170
171 static int
172 create_elf_tables(struct linux_binprm *bprm, const struct elfhdr *exec,
173 unsigned long load_addr, unsigned long interp_load_addr,
174 unsigned long e_entry)
175 {
176 struct mm_struct *mm = current->mm;
177 unsigned long p = bprm->p;
178 int argc = bprm->argc;
179 int envc = bprm->envc;
180 elf_addr_t __user *sp;
181 elf_addr_t __user *u_platform;
182 elf_addr_t __user *u_base_platform;
183 elf_addr_t __user *u_rand_bytes;
184 const char *k_platform = ELF_PLATFORM;
185 const char *k_base_platform = ELF_BASE_PLATFORM;
186 unsigned char k_rand_bytes[16];
187 int items;
188 elf_addr_t *elf_info;
189 int ei_index;
190 const struct cred *cred = current_cred();
191 struct vm_area_struct *vma;
192
193 /*
194 * In some cases (e.g. Hyper-Threading), we want to avoid L1
195 * evictions by the processes running on the same package. One
196 * thing we can do is to shuffle the initial stack for them.
197 */
198
199 p = arch_align_stack(p);
200
201 /*
202 * If this architecture has a platform capability string, copy it
203 * to userspace. In some cases (Sparc), this info is impossible
204 * for userspace to get any other way, in others (i386) it is
205 * merely difficult.
206 */
207 u_platform = NULL;
208 if (k_platform) {
209 size_t len = strlen(k_platform) + 1;
210
211 u_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
212 if (copy_to_user(u_platform, k_platform, len))
213 return -EFAULT;
214 }
215
216 /*
217 * If this architecture has a "base" platform capability
218 * string, copy it to userspace.
219 */
220 u_base_platform = NULL;
221 if (k_base_platform) {
222 size_t len = strlen(k_base_platform) + 1;
223
224 u_base_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
225 if (copy_to_user(u_base_platform, k_base_platform, len))
226 return -EFAULT;
227 }
228
229 /*
230 * Generate 16 random bytes for userspace PRNG seeding.
231 */
232 get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes));
233 u_rand_bytes = (elf_addr_t __user *)
234 STACK_ALLOC(p, sizeof(k_rand_bytes));
235 if (copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes)))
236 return -EFAULT;
237
238 /* Create the ELF interpreter info */
239 elf_info = (elf_addr_t *)mm->saved_auxv;
240 /* update AT_VECTOR_SIZE_BASE if the number of NEW_AUX_ENT() changes */
241 #define NEW_AUX_ENT(id, val) \
242 do { \
243 *elf_info++ = id; \
244 *elf_info++ = val; \
245 } while (0)
246
247 #ifdef ARCH_DLINFO
248 /*
249 * ARCH_DLINFO must come first so PPC can do its special alignment of
250 * AUXV.
251 * update AT_VECTOR_SIZE_ARCH if the number of NEW_AUX_ENT() in
252 * ARCH_DLINFO changes
253 */
254 ARCH_DLINFO;
255 #endif
256 NEW_AUX_ENT(AT_HWCAP, ELF_HWCAP);
257 NEW_AUX_ENT(AT_PAGESZ, ELF_EXEC_PAGESIZE);
258 NEW_AUX_ENT(AT_CLKTCK, CLOCKS_PER_SEC);
259 NEW_AUX_ENT(AT_PHDR, load_addr + exec->e_phoff);
260 NEW_AUX_ENT(AT_PHENT, sizeof(struct elf_phdr));
261 NEW_AUX_ENT(AT_PHNUM, exec->e_phnum);
262 NEW_AUX_ENT(AT_BASE, interp_load_addr);
263 NEW_AUX_ENT(AT_FLAGS, 0);
264 NEW_AUX_ENT(AT_ENTRY, e_entry);
265 NEW_AUX_ENT(AT_UID, from_kuid_munged(cred->user_ns, cred->uid));
266 NEW_AUX_ENT(AT_EUID, from_kuid_munged(cred->user_ns, cred->euid));
267 NEW_AUX_ENT(AT_GID, from_kgid_munged(cred->user_ns, cred->gid));
268 NEW_AUX_ENT(AT_EGID, from_kgid_munged(cred->user_ns, cred->egid));
269 NEW_AUX_ENT(AT_SECURE, bprm->secureexec);
270 NEW_AUX_ENT(AT_RANDOM, (elf_addr_t)(unsigned long)u_rand_bytes);
271 #ifdef ELF_HWCAP2
272 NEW_AUX_ENT(AT_HWCAP2, ELF_HWCAP2);
273 #endif
274 NEW_AUX_ENT(AT_EXECFN, bprm->exec);
275 if (k_platform) {
276 NEW_AUX_ENT(AT_PLATFORM,
277 (elf_addr_t)(unsigned long)u_platform);
278 }
279 if (k_base_platform) {
280 NEW_AUX_ENT(AT_BASE_PLATFORM,
281 (elf_addr_t)(unsigned long)u_base_platform);
282 }
283 if (bprm->have_execfd) {
284 NEW_AUX_ENT(AT_EXECFD, bprm->execfd);
285 }
286 #undef NEW_AUX_ENT
287 /* AT_NULL is zero; clear the rest too */
288 memset(elf_info, 0, (char *)mm->saved_auxv +
289 sizeof(mm->saved_auxv) - (char *)elf_info);
290
291 /* And advance past the AT_NULL entry. */
292 elf_info += 2;
293
294 ei_index = elf_info - (elf_addr_t *)mm->saved_auxv;
295 sp = STACK_ADD(p, ei_index);
296
297 items = (argc + 1) + (envc + 1) + 1;
298 bprm->p = STACK_ROUND(sp, items);
299
300 /* Point sp at the lowest address on the stack */
301 #ifdef CONFIG_STACK_GROWSUP
302 sp = (elf_addr_t __user *)bprm->p - items - ei_index;
303 bprm->exec = (unsigned long)sp; /* XXX: PARISC HACK */
304 #else
305 sp = (elf_addr_t __user *)bprm->p;
306 #endif
307
308
309 /*
310 * Grow the stack manually; some architectures have a limit on how
311 * far ahead a user-space access may be in order to grow the stack.
312 */
313 vma = find_extend_vma(mm, bprm->p);
314 if (!vma)
315 return -EFAULT;
316
317 /* Now, let's put argc (and argv, envp if appropriate) on the stack */
318 if (put_user(argc, sp++))
319 return -EFAULT;
320
321 /* Populate list of argv pointers back to argv strings. */
322 p = mm->arg_end = mm->arg_start;
323 while (argc-- > 0) {
324 size_t len;
325 if (put_user((elf_addr_t)p, sp++))
326 return -EFAULT;
327 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
328 if (!len || len > MAX_ARG_STRLEN)
329 return -EINVAL;
330 p += len;
331 }
332 if (put_user(0, sp++))
333 return -EFAULT;
334 mm->arg_end = p;
335
336 /* Populate list of envp pointers back to envp strings. */
337 mm->env_end = mm->env_start = p;
338 while (envc-- > 0) {
339 size_t len;
340 if (put_user((elf_addr_t)p, sp++))
341 return -EFAULT;
342 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
343 if (!len || len > MAX_ARG_STRLEN)
344 return -EINVAL;
345 p += len;
346 }
347 if (put_user(0, sp++))
348 return -EFAULT;
349 mm->env_end = p;
350
351 /* Put the elf_info on the stack in the right place. */
352 if (copy_to_user(sp, mm->saved_auxv, ei_index * sizeof(elf_addr_t)))
353 return -EFAULT;
354 return 0;
355 }
356
357 static unsigned long elf_map(struct file *filep, unsigned long addr,
358 const struct elf_phdr *eppnt, int prot, int type,
359 unsigned long total_size)
360 {
361 unsigned long map_addr;
362 unsigned long size = eppnt->p_filesz + ELF_PAGEOFFSET(eppnt->p_vaddr);
363 unsigned long off = eppnt->p_offset - ELF_PAGEOFFSET(eppnt->p_vaddr);
364 addr = ELF_PAGESTART(addr);
365 size = ELF_PAGEALIGN(size);
366
367 /* mmap() will return -EINVAL if given a zero size, but a
368 * segment with zero filesize is perfectly valid */
369 if (!size)
370 return addr;
371
372 /*
373 * total_size is the size of the ELF (interpreter) image.
374 * The _first_ mmap needs to know the full size, otherwise
375 * randomization might put this image into an overlapping
376 * position with the ELF binary image. (since size < total_size)
377 * So we first map the 'big' image - and unmap the remainder at
378 * the end. (which unmap is needed for ELF images with holes.)
379 */
380 if (total_size) {
381 total_size = ELF_PAGEALIGN(total_size);
382 map_addr = vm_mmap(filep, addr, total_size, prot, type, off);
383 if (!BAD_ADDR(map_addr))
384 vm_munmap(map_addr+size, total_size-size);
385 } else
386 map_addr = vm_mmap(filep, addr, size, prot, type, off);
387
388 if ((type & MAP_FIXED_NOREPLACE) &&
389 PTR_ERR((void *)map_addr) == -EEXIST)
390 pr_info("%d (%s): Uhuuh, elf segment at %px requested but the memory is mapped already\n",
391 task_pid_nr(current), current->comm, (void *)addr);
392
393 return(map_addr);
394 }
395
396 static unsigned long total_mapping_size(const struct elf_phdr *cmds, int nr)
397 {
398 int i, first_idx = -1, last_idx = -1;
399
400 for (i = 0; i < nr; i++) {
401 if (cmds[i].p_type == PT_LOAD) {
402 last_idx = i;
403 if (first_idx == -1)
404 first_idx = i;
405 }
406 }
407 if (first_idx == -1)
408 return 0;
409
410 return cmds[last_idx].p_vaddr + cmds[last_idx].p_memsz -
411 ELF_PAGESTART(cmds[first_idx].p_vaddr);
412 }
413
414 static int elf_read(struct file *file, void *buf, size_t len, loff_t pos)
415 {
416 ssize_t rv;
417
418 rv = kernel_read(file, buf, len, &pos);
419 if (unlikely(rv != len)) {
420 return (rv < 0) ? rv : -EIO;
421 }
422 return 0;
423 }
424
425 static unsigned long maximum_alignment(struct elf_phdr *cmds, int nr)
426 {
427 unsigned long alignment = 0;
428 int i;
429
430 for (i = 0; i < nr; i++) {
431 if (cmds[i].p_type == PT_LOAD) {
432 unsigned long p_align = cmds[i].p_align;
433
434 /* skip non-power of two alignments as invalid */
435 if (!is_power_of_2(p_align))
436 continue;
437 alignment = max(alignment, p_align);
438 }
439 }
440
441 /* ensure we align to at least one page */
442 return ELF_PAGEALIGN(alignment);
443 }
444
445 /**
446 * load_elf_phdrs() - load ELF program headers
447 * @elf_ex: ELF header of the binary whose program headers should be loaded
448 * @elf_file: the opened ELF binary file
449 *
450 * Loads ELF program headers from the binary file elf_file, which has the ELF
451 * header pointed to by elf_ex, into a newly allocated array. The caller is
452 * responsible for freeing the allocated data. Returns an ERR_PTR upon failure.
453 */
454 static struct elf_phdr *load_elf_phdrs(const struct elfhdr *elf_ex,
455 struct file *elf_file)
456 {
457 struct elf_phdr *elf_phdata = NULL;
458 int retval, err = -1;
459 unsigned int size;
460
461 /*
462 * If the size of this structure has changed, then punt, since
463 * we will be doing the wrong thing.
464 */
465 if (elf_ex->e_phentsize != sizeof(struct elf_phdr))
466 goto out;
467
468 /* Sanity check the number of program headers... */
469 /* ...and their total size. */
470 size = sizeof(struct elf_phdr) * elf_ex->e_phnum;
471 if (size == 0 || size > 65536 || size > ELF_MIN_ALIGN)
472 goto out;
473
474 elf_phdata = kmalloc(size, GFP_KERNEL);
475 if (!elf_phdata)
476 goto out;
477
478 /* Read in the program headers */
479 retval = elf_read(elf_file, elf_phdata, size, elf_ex->e_phoff);
480 if (retval < 0) {
481 err = retval;
482 goto out;
483 }
484
485 /* Success! */
486 err = 0;
487 out:
488 if (err) {
489 kfree(elf_phdata);
490 elf_phdata = NULL;
491 }
492 return elf_phdata;
493 }
494
495 #ifndef CONFIG_ARCH_BINFMT_ELF_STATE
496
497 /**
498 * struct arch_elf_state - arch-specific ELF loading state
499 *
500 * This structure is used to preserve architecture specific data during
501 * the loading of an ELF file, throughout the checking of architecture
502 * specific ELF headers & through to the point where the ELF load is
503 * known to be proceeding (ie. SET_PERSONALITY).
504 *
505 * This implementation is a dummy for architectures which require no
506 * specific state.
507 */
508 struct arch_elf_state {
509 };
510
511 #define INIT_ARCH_ELF_STATE {}
512
513 /**
514 * arch_elf_pt_proc() - check a PT_LOPROC..PT_HIPROC ELF program header
515 * @ehdr: The main ELF header
516 * @phdr: The program header to check
517 * @elf: The open ELF file
518 * @is_interp: True if the phdr is from the interpreter of the ELF being
519 * loaded, else false.
520 * @state: Architecture-specific state preserved throughout the process
521 * of loading the ELF.
522 *
523 * Inspects the program header phdr to validate its correctness and/or
524 * suitability for the system. Called once per ELF program header in the
525 * range PT_LOPROC to PT_HIPROC, for both the ELF being loaded and its
526 * interpreter.
527 *
528 * Return: Zero to proceed with the ELF load, non-zero to fail the ELF load
529 * with that return code.
530 */
531 static inline int arch_elf_pt_proc(struct elfhdr *ehdr,
532 struct elf_phdr *phdr,
533 struct file *elf, bool is_interp,
534 struct arch_elf_state *state)
535 {
536 /* Dummy implementation, always proceed */
537 return 0;
538 }
539
540 /**
541 * arch_check_elf() - check an ELF executable
542 * @ehdr: The main ELF header
543 * @has_interp: True if the ELF has an interpreter, else false.
544 * @interp_ehdr: The interpreter's ELF header
545 * @state: Architecture-specific state preserved throughout the process
546 * of loading the ELF.
547 *
548 * Provides a final opportunity for architecture code to reject the loading
549 * of the ELF & cause an exec syscall to return an error. This is called after
550 * all program headers to be checked by arch_elf_pt_proc have been.
551 *
552 * Return: Zero to proceed with the ELF load, non-zero to fail the ELF load
553 * with that return code.
554 */
555 static inline int arch_check_elf(struct elfhdr *ehdr, bool has_interp,
556 struct elfhdr *interp_ehdr,
557 struct arch_elf_state *state)
558 {
559 /* Dummy implementation, always proceed */
560 return 0;
561 }
562
563 #endif /* !CONFIG_ARCH_BINFMT_ELF_STATE */
564
565 static inline int make_prot(u32 p_flags, struct arch_elf_state *arch_state,
566 bool has_interp, bool is_interp)
567 {
568 int prot = 0;
569
570 if (p_flags & PF_R)
571 prot |= PROT_READ;
572 if (p_flags & PF_W)
573 prot |= PROT_WRITE;
574 if (p_flags & PF_X)
575 prot |= PROT_EXEC;
576
577 return arch_elf_adjust_prot(prot, arch_state, has_interp, is_interp);
578 }
579
580 /* This is much more generalized than the library routine read function,
581 so we keep this separate. Technically the library read function
582 is only provided so that we can read a.out libraries that have
583 an ELF header */
584
585 static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
586 struct file *interpreter,
587 unsigned long no_base, struct elf_phdr *interp_elf_phdata,
588 struct arch_elf_state *arch_state)
589 {
590 struct elf_phdr *eppnt;
591 unsigned long load_addr = 0;
592 int load_addr_set = 0;
593 unsigned long last_bss = 0, elf_bss = 0;
594 int bss_prot = 0;
595 unsigned long error = ~0UL;
596 unsigned long total_size;
597 int i;
598
599 /* First of all, some simple consistency checks */
600 if (interp_elf_ex->e_type != ET_EXEC &&
601 interp_elf_ex->e_type != ET_DYN)
602 goto out;
603 if (!elf_check_arch(interp_elf_ex) ||
604 elf_check_fdpic(interp_elf_ex))
605 goto out;
606 if (!interpreter->f_op->mmap)
607 goto out;
608
609 total_size = total_mapping_size(interp_elf_phdata,
610 interp_elf_ex->e_phnum);
611 if (!total_size) {
612 error = -EINVAL;
613 goto out;
614 }
615
616 eppnt = interp_elf_phdata;
617 for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) {
618 if (eppnt->p_type == PT_LOAD) {
619 int elf_type = MAP_PRIVATE | MAP_DENYWRITE;
620 int elf_prot = make_prot(eppnt->p_flags, arch_state,
621 true, true);
622 unsigned long vaddr = 0;
623 unsigned long k, map_addr;
624
625 vaddr = eppnt->p_vaddr;
626 if (interp_elf_ex->e_type == ET_EXEC || load_addr_set)
627 elf_type |= MAP_FIXED_NOREPLACE;
628 else if (no_base && interp_elf_ex->e_type == ET_DYN)
629 load_addr = -vaddr;
630
631 map_addr = elf_map(interpreter, load_addr + vaddr,
632 eppnt, elf_prot, elf_type, total_size);
633 total_size = 0;
634 error = map_addr;
635 if (BAD_ADDR(map_addr))
636 goto out;
637
638 if (!load_addr_set &&
639 interp_elf_ex->e_type == ET_DYN) {
640 load_addr = map_addr - ELF_PAGESTART(vaddr);
641 load_addr_set = 1;
642 }
643
644 /*
645 * Check to see if the section's size will overflow the
646 * allowed task size. Note that p_filesz must always be
647 * <= p_memsize so it's only necessary to check p_memsz.
648 */
649 k = load_addr + eppnt->p_vaddr;
650 if (BAD_ADDR(k) ||
651 eppnt->p_filesz > eppnt->p_memsz ||
652 eppnt->p_memsz > TASK_SIZE ||
653 TASK_SIZE - eppnt->p_memsz < k) {
654 error = -ENOMEM;
655 goto out;
656 }
657
658 /*
659 * Find the end of the file mapping for this phdr, and
660 * keep track of the largest address we see for this.
661 */
662 k = load_addr + eppnt->p_vaddr + eppnt->p_filesz;
663 if (k > elf_bss)
664 elf_bss = k;
665
666 /*
667 * Do the same thing for the memory mapping - between
668 * elf_bss and last_bss is the bss section.
669 */
670 k = load_addr + eppnt->p_vaddr + eppnt->p_memsz;
671 if (k > last_bss) {
672 last_bss = k;
673 bss_prot = elf_prot;
674 }
675 }
676 }
677
678 /*
679 * Now fill out the bss section: first pad the last page from
680 * the file up to the page boundary, and zero it from elf_bss
681 * up to the end of the page.
682 */
683 if (padzero(elf_bss)) {
684 error = -EFAULT;
685 goto out;
686 }
687 /*
688 * Next, align both the file and mem bss up to the page size,
689 * since this is where elf_bss was just zeroed up to, and where
690 * last_bss will end after the vm_brk_flags() below.
691 */
692 elf_bss = ELF_PAGEALIGN(elf_bss);
693 last_bss = ELF_PAGEALIGN(last_bss);
694 /* Finally, if there is still more bss to allocate, do it. */
695 if (last_bss > elf_bss) {
696 error = vm_brk_flags(elf_bss, last_bss - elf_bss,
697 bss_prot & PROT_EXEC ? VM_EXEC : 0);
698 if (error)
699 goto out;
700 }
701
702 error = load_addr;
703 out:
704 return error;
705 }
706
707 /*
708 * These are the functions used to load ELF style executables and shared
709 * libraries. There is no binary dependent code anywhere else.
710 */
711
712 static int parse_elf_property(const char *data, size_t *off, size_t datasz,
713 struct arch_elf_state *arch,
714 bool have_prev_type, u32 *prev_type)
715 {
716 size_t o, step;
717 const struct gnu_property *pr;
718 int ret;
719
720 if (*off == datasz)
721 return -ENOENT;
722
723 if (WARN_ON_ONCE(*off > datasz || *off % ELF_GNU_PROPERTY_ALIGN))
724 return -EIO;
725 o = *off;
726 datasz -= *off;
727
728 if (datasz < sizeof(*pr))
729 return -ENOEXEC;
730 pr = (const struct gnu_property *)(data + o);
731 o += sizeof(*pr);
732 datasz -= sizeof(*pr);
733
734 if (pr->pr_datasz > datasz)
735 return -ENOEXEC;
736
737 WARN_ON_ONCE(o % ELF_GNU_PROPERTY_ALIGN);
738 step = round_up(pr->pr_datasz, ELF_GNU_PROPERTY_ALIGN);
739 if (step > datasz)
740 return -ENOEXEC;
741
742 /* Properties are supposed to be unique and sorted on pr_type: */
743 if (have_prev_type && pr->pr_type <= *prev_type)
744 return -ENOEXEC;
745 *prev_type = pr->pr_type;
746
747 ret = arch_parse_elf_property(pr->pr_type, data + o,
748 pr->pr_datasz, ELF_COMPAT, arch);
749 if (ret)
750 return ret;
751
752 *off = o + step;
753 return 0;
754 }
755
756 #define NOTE_DATA_SZ SZ_1K
757 #define GNU_PROPERTY_TYPE_0_NAME "GNU"
758 #define NOTE_NAME_SZ (sizeof(GNU_PROPERTY_TYPE_0_NAME))
759
760 static int parse_elf_properties(struct file *f, const struct elf_phdr *phdr,
761 struct arch_elf_state *arch)
762 {
763 union {
764 struct elf_note nhdr;
765 char data[NOTE_DATA_SZ];
766 } note;
767 loff_t pos;
768 ssize_t n;
769 size_t off, datasz;
770 int ret;
771 bool have_prev_type;
772 u32 prev_type;
773
774 if (!IS_ENABLED(CONFIG_ARCH_USE_GNU_PROPERTY) || !phdr)
775 return 0;
776
777 /* load_elf_binary() shouldn't call us unless this is true... */
778 if (WARN_ON_ONCE(phdr->p_type != PT_GNU_PROPERTY))
779 return -ENOEXEC;
780
781 /* If the properties are crazy large, that's too bad (for now): */
782 if (phdr->p_filesz > sizeof(note))
783 return -ENOEXEC;
784
785 pos = phdr->p_offset;
786 n = kernel_read(f, &note, phdr->p_filesz, &pos);
787
788 BUILD_BUG_ON(sizeof(note) < sizeof(note.nhdr) + NOTE_NAME_SZ);
789 if (n < 0 || n < sizeof(note.nhdr) + NOTE_NAME_SZ)
790 return -EIO;
791
792 if (note.nhdr.n_type != NT_GNU_PROPERTY_TYPE_0 ||
793 note.nhdr.n_namesz != NOTE_NAME_SZ ||
794 strncmp(note.data + sizeof(note.nhdr),
795 GNU_PROPERTY_TYPE_0_NAME, n - sizeof(note.nhdr)))
796 return -ENOEXEC;
797
798 off = round_up(sizeof(note.nhdr) + NOTE_NAME_SZ,
799 ELF_GNU_PROPERTY_ALIGN);
800 if (off > n)
801 return -ENOEXEC;
802
803 if (note.nhdr.n_descsz > n - off)
804 return -ENOEXEC;
805 datasz = off + note.nhdr.n_descsz;
806
807 have_prev_type = false;
808 do {
809 ret = parse_elf_property(note.data, &off, datasz, arch,
810 have_prev_type, &prev_type);
811 have_prev_type = true;
812 } while (!ret);
813
814 return ret == -ENOENT ? 0 : ret;
815 }
816
817 static int load_elf_binary(struct linux_binprm *bprm)
818 {
819 struct file *interpreter = NULL; /* to shut gcc up */
820 unsigned long load_addr = 0, load_bias = 0;
821 int load_addr_set = 0;
822 unsigned long error;
823 struct elf_phdr *elf_ppnt, *elf_phdata, *interp_elf_phdata = NULL;
824 struct elf_phdr *elf_property_phdata = NULL;
825 unsigned long elf_bss, elf_brk;
826 int bss_prot = 0;
827 int retval, i;
828 unsigned long elf_entry;
829 unsigned long e_entry;
830 unsigned long interp_load_addr = 0;
831 unsigned long start_code, end_code, start_data, end_data;
832 unsigned long reloc_func_desc __maybe_unused = 0;
833 int executable_stack = EXSTACK_DEFAULT;
834 struct elfhdr *elf_ex = (struct elfhdr *)bprm->buf;
835 struct elfhdr *interp_elf_ex = NULL;
836 struct arch_elf_state arch_state = INIT_ARCH_ELF_STATE;
837 struct mm_struct *mm;
838 struct pt_regs *regs;
839
840 retval = -ENOEXEC;
841 /* First of all, some simple consistency checks */
842 if (memcmp(elf_ex->e_ident, ELFMAG, SELFMAG) != 0)
843 goto out;
844
845 if (elf_ex->e_type != ET_EXEC && elf_ex->e_type != ET_DYN)
846 goto out;
847 if (!elf_check_arch(elf_ex))
848 goto out;
849 if (elf_check_fdpic(elf_ex))
850 goto out;
851 if (!bprm->file->f_op->mmap)
852 goto out;
853
854 elf_phdata = load_elf_phdrs(elf_ex, bprm->file);
855 if (!elf_phdata)
856 goto out;
857
858 elf_ppnt = elf_phdata;
859 for (i = 0; i < elf_ex->e_phnum; i++, elf_ppnt++) {
860 char *elf_interpreter;
861
862 if (elf_ppnt->p_type == PT_GNU_PROPERTY) {
863 elf_property_phdata = elf_ppnt;
864 continue;
865 }
866
867 if (elf_ppnt->p_type != PT_INTERP)
868 continue;
869
870 /*
871 * This is the program interpreter used for shared libraries -
872 * for now assume that this is an a.out format binary.
873 */
874 retval = -ENOEXEC;
875 if (elf_ppnt->p_filesz > PATH_MAX || elf_ppnt->p_filesz < 2)
876 goto out_free_ph;
877
878 retval = -ENOMEM;
879 elf_interpreter = kmalloc(elf_ppnt->p_filesz, GFP_KERNEL);
880 if (!elf_interpreter)
881 goto out_free_ph;
882
883 retval = elf_read(bprm->file, elf_interpreter, elf_ppnt->p_filesz,
884 elf_ppnt->p_offset);
885 if (retval < 0)
886 goto out_free_interp;
887 /* make sure path is NULL terminated */
888 retval = -ENOEXEC;
889 if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0')
890 goto out_free_interp;
891
892 interpreter = open_exec(elf_interpreter);
893 kfree(elf_interpreter);
894 retval = PTR_ERR(interpreter);
895 if (IS_ERR(interpreter))
896 goto out_free_ph;
897
898 /*
899 * If the binary is not readable then enforce mm->dumpable = 0
900 * regardless of the interpreter's permissions.
901 */
902 would_dump(bprm, interpreter);
903
904 interp_elf_ex = kmalloc(sizeof(*interp_elf_ex), GFP_KERNEL);
905 if (!interp_elf_ex) {
906 retval = -ENOMEM;
907 goto out_free_ph;
908 }
909
910 /* Get the exec headers */
911 retval = elf_read(interpreter, interp_elf_ex,
912 sizeof(*interp_elf_ex), 0);
913 if (retval < 0)
914 goto out_free_dentry;
915
916 break;
917
918 out_free_interp:
919 kfree(elf_interpreter);
920 goto out_free_ph;
921 }
922
923 elf_ppnt = elf_phdata;
924 for (i = 0; i < elf_ex->e_phnum; i++, elf_ppnt++)
925 switch (elf_ppnt->p_type) {
926 case PT_GNU_STACK:
927 if (elf_ppnt->p_flags & PF_X)
928 executable_stack = EXSTACK_ENABLE_X;
929 else
930 executable_stack = EXSTACK_DISABLE_X;
931 break;
932
933 case PT_LOPROC ... PT_HIPROC:
934 retval = arch_elf_pt_proc(elf_ex, elf_ppnt,
935 bprm->file, false,
936 &arch_state);
937 if (retval)
938 goto out_free_dentry;
939 break;
940 }
941
942 /* Some simple consistency checks for the interpreter */
943 if (interpreter) {
944 retval = -ELIBBAD;
945 /* Not an ELF interpreter */
946 if (memcmp(interp_elf_ex->e_ident, ELFMAG, SELFMAG) != 0)
947 goto out_free_dentry;
948 /* Verify the interpreter has a valid arch */
949 if (!elf_check_arch(interp_elf_ex) ||
950 elf_check_fdpic(interp_elf_ex))
951 goto out_free_dentry;
952
953 /* Load the interpreter program headers */
954 interp_elf_phdata = load_elf_phdrs(interp_elf_ex,
955 interpreter);
956 if (!interp_elf_phdata)
957 goto out_free_dentry;
958
959 /* Pass PT_LOPROC..PT_HIPROC headers to arch code */
960 elf_property_phdata = NULL;
961 elf_ppnt = interp_elf_phdata;
962 for (i = 0; i < interp_elf_ex->e_phnum; i++, elf_ppnt++)
963 switch (elf_ppnt->p_type) {
964 case PT_GNU_PROPERTY:
965 elf_property_phdata = elf_ppnt;
966 break;
967
968 case PT_LOPROC ... PT_HIPROC:
969 retval = arch_elf_pt_proc(interp_elf_ex,
970 elf_ppnt, interpreter,
971 true, &arch_state);
972 if (retval)
973 goto out_free_dentry;
974 break;
975 }
976 }
977
978 retval = parse_elf_properties(interpreter ?: bprm->file,
979 elf_property_phdata, &arch_state);
980 if (retval)
981 goto out_free_dentry;
982
983 /*
984 * Allow arch code to reject the ELF at this point, whilst it's
985 * still possible to return an error to the code that invoked
986 * the exec syscall.
987 */
988 retval = arch_check_elf(elf_ex,
989 !!interpreter, interp_elf_ex,
990 &arch_state);
991 if (retval)
992 goto out_free_dentry;
993
994 /* Flush all traces of the currently running executable */
995 retval = begin_new_exec(bprm);
996 if (retval)
997 goto out_free_dentry;
998
999 /* Do this immediately, since STACK_TOP as used in setup_arg_pages
1000 may depend on the personality. */
1001 SET_PERSONALITY2(*elf_ex, &arch_state);
1002 if (elf_read_implies_exec(*elf_ex, executable_stack))
1003 current->personality |= READ_IMPLIES_EXEC;
1004
1005 if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
1006 current->flags |= PF_RANDOMIZE;
1007
1008 setup_new_exec(bprm);
1009
1010 /* Do this so that we can load the interpreter, if need be. We will
1011 change some of these later */
1012 retval = setup_arg_pages(bprm, randomize_stack_top(STACK_TOP),
1013 executable_stack);
1014 if (retval < 0)
1015 goto out_free_dentry;
1016
1017 elf_bss = 0;
1018 elf_brk = 0;
1019
1020 start_code = ~0UL;
1021 end_code = 0;
1022 start_data = 0;
1023 end_data = 0;
1024
1025 /* Now we do a little grungy work by mmapping the ELF image into
1026 the correct location in memory. */
1027 for(i = 0, elf_ppnt = elf_phdata;
1028 i < elf_ex->e_phnum; i++, elf_ppnt++) {
1029 int elf_prot, elf_flags;
1030 unsigned long k, vaddr;
1031 unsigned long total_size = 0;
1032 unsigned long alignment;
1033
1034 if (elf_ppnt->p_type != PT_LOAD)
1035 continue;
1036
1037 if (unlikely (elf_brk > elf_bss)) {
1038 unsigned long nbyte;
1039
1040 /* There was a PT_LOAD segment with p_memsz > p_filesz
1041 before this one. Map anonymous pages, if needed,
1042 and clear the area. */
1043 retval = set_brk(elf_bss + load_bias,
1044 elf_brk + load_bias,
1045 bss_prot);
1046 if (retval)
1047 goto out_free_dentry;
1048 nbyte = ELF_PAGEOFFSET(elf_bss);
1049 if (nbyte) {
1050 nbyte = ELF_MIN_ALIGN - nbyte;
1051 if (nbyte > elf_brk - elf_bss)
1052 nbyte = elf_brk - elf_bss;
1053 if (clear_user((void __user *)elf_bss +
1054 load_bias, nbyte)) {
1055 /*
1056 * This bss-zeroing can fail if the ELF
1057 * file specifies odd protections. So
1058 * we don't check the return value
1059 */
1060 }
1061 }
1062 }
1063
1064 elf_prot = make_prot(elf_ppnt->p_flags, &arch_state,
1065 !!interpreter, false);
1066
1067 elf_flags = MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE;
1068
1069 vaddr = elf_ppnt->p_vaddr;
1070 /*
1071 * If we are loading ET_EXEC or we have already performed
1072 * the ET_DYN load_addr calculations, proceed normally.
1073 */
1074 if (elf_ex->e_type == ET_EXEC || load_addr_set) {
1075 elf_flags |= MAP_FIXED;
1076 } else if (elf_ex->e_type == ET_DYN) {
1077 /*
1078 * This logic is run once for the first LOAD Program
1079 * Header for ET_DYN binaries to calculate the
1080 * randomization (load_bias) for all the LOAD
1081 * Program Headers, and to calculate the entire
1082 * size of the ELF mapping (total_size). (Note that
1083 * load_addr_set is set to true later once the
1084 * initial mapping is performed.)
1085 *
1086 * There are effectively two types of ET_DYN
1087 * binaries: programs (i.e. PIE: ET_DYN with INTERP)
1088 * and loaders (ET_DYN without INTERP, since they
1089 * _are_ the ELF interpreter). The loaders must
1090 * be loaded away from programs since the program
1091 * may otherwise collide with the loader (especially
1092 * for ET_EXEC which does not have a randomized
1093 * position). For example to handle invocations of
1094 * "./ld.so someprog" to test out a new version of
1095 * the loader, the subsequent program that the
1096 * loader loads must avoid the loader itself, so
1097 * they cannot share the same load range. Sufficient
1098 * room for the brk must be allocated with the
1099 * loader as well, since brk must be available with
1100 * the loader.
1101 *
1102 * Therefore, programs are loaded offset from
1103 * ELF_ET_DYN_BASE and loaders are loaded into the
1104 * independently randomized mmap region (0 load_bias
1105 * without MAP_FIXED).
1106 */
1107 if (interpreter) {
1108 load_bias = ELF_ET_DYN_BASE;
1109 if (current->flags & PF_RANDOMIZE)
1110 load_bias += arch_mmap_rnd();
1111 alignment = maximum_alignment(elf_phdata, elf_ex->e_phnum);
1112 if (alignment)
1113 load_bias &= ~(alignment - 1);
1114 elf_flags |= MAP_FIXED;
1115 } else
1116 load_bias = 0;
1117
1118 /*
1119 * Since load_bias is used for all subsequent loading
1120 * calculations, we must lower it by the first vaddr
1121 * so that the remaining calculations based on the
1122 * ELF vaddrs will be correctly offset. The result
1123 * is then page aligned.
1124 */
1125 load_bias = ELF_PAGESTART(load_bias - vaddr);
1126
1127 total_size = total_mapping_size(elf_phdata,
1128 elf_ex->e_phnum);
1129 if (!total_size) {
1130 retval = -EINVAL;
1131 goto out_free_dentry;
1132 }
1133 }
1134
1135 error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
1136 elf_prot, elf_flags, total_size);
1137 if (BAD_ADDR(error)) {
1138 retval = IS_ERR((void *)error) ?
1139 PTR_ERR((void*)error) : -EINVAL;
1140 goto out_free_dentry;
1141 }
1142
1143 if (!load_addr_set) {
1144 load_addr_set = 1;
1145 load_addr = (elf_ppnt->p_vaddr - elf_ppnt->p_offset);
1146 if (elf_ex->e_type == ET_DYN) {
1147 load_bias += error -
1148 ELF_PAGESTART(load_bias + vaddr);
1149 load_addr += load_bias;
1150 reloc_func_desc = load_bias;
1151 }
1152 }
1153 k = elf_ppnt->p_vaddr;
1154 if ((elf_ppnt->p_flags & PF_X) && k < start_code)
1155 start_code = k;
1156 if (start_data < k)
1157 start_data = k;
1158
1159 /*
1160 * Check to see if the section's size will overflow the
1161 * allowed task size. Note that p_filesz must always be
1162 * <= p_memsz so it is only necessary to check p_memsz.
1163 */
1164 if (BAD_ADDR(k) || elf_ppnt->p_filesz > elf_ppnt->p_memsz ||
1165 elf_ppnt->p_memsz > TASK_SIZE ||
1166 TASK_SIZE - elf_ppnt->p_memsz < k) {
1167 /* set_brk can never work. Avoid overflows. */
1168 retval = -EINVAL;
1169 goto out_free_dentry;
1170 }
1171
1172 k = elf_ppnt->p_vaddr + elf_ppnt->p_filesz;
1173
1174 if (k > elf_bss)
1175 elf_bss = k;
1176 if ((elf_ppnt->p_flags & PF_X) && end_code < k)
1177 end_code = k;
1178 if (end_data < k)
1179 end_data = k;
1180 k = elf_ppnt->p_vaddr + elf_ppnt->p_memsz;
1181 if (k > elf_brk) {
1182 bss_prot = elf_prot;
1183 elf_brk = k;
1184 }
1185 }
1186
1187 e_entry = elf_ex->e_entry + load_bias;
1188 elf_bss += load_bias;
1189 elf_brk += load_bias;
1190 start_code += load_bias;
1191 end_code += load_bias;
1192 start_data += load_bias;
1193 end_data += load_bias;
1194
1195 /* Calling set_brk effectively mmaps the pages that we need
1196 * for the bss and break sections. We must do this before
1197 * mapping in the interpreter, to make sure it doesn't wind
1198 * up getting placed where the bss needs to go.
1199 */
1200 retval = set_brk(elf_bss, elf_brk, bss_prot);
1201 if (retval)
1202 goto out_free_dentry;
1203 if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
1204 retval = -EFAULT; /* Nobody gets to see this, but.. */
1205 goto out_free_dentry;
1206 }
1207
1208 if (interpreter) {
1209 elf_entry = load_elf_interp(interp_elf_ex,
1210 interpreter,
1211 load_bias, interp_elf_phdata,
1212 &arch_state);
1213 if (!IS_ERR((void *)elf_entry)) {
1214 /*
1215 * load_elf_interp() returns relocation
1216 * adjustment
1217 */
1218 interp_load_addr = elf_entry;
1219 elf_entry += interp_elf_ex->e_entry;
1220 }
1221 if (BAD_ADDR(elf_entry)) {
1222 retval = IS_ERR((void *)elf_entry) ?
1223 (int)elf_entry : -EINVAL;
1224 goto out_free_dentry;
1225 }
1226 reloc_func_desc = interp_load_addr;
1227
1228 allow_write_access(interpreter);
1229 fput(interpreter);
1230
1231 kfree(interp_elf_ex);
1232 kfree(interp_elf_phdata);
1233 } else {
1234 elf_entry = e_entry;
1235 if (BAD_ADDR(elf_entry)) {
1236 retval = -EINVAL;
1237 goto out_free_dentry;
1238 }
1239 }
1240
1241 kfree(elf_phdata);
1242
1243 set_binfmt(&elf_format);
1244
1245 #ifdef ARCH_HAS_SETUP_ADDITIONAL_PAGES
1246 retval = arch_setup_additional_pages(bprm, !!interpreter);
1247 if (retval < 0)
1248 goto out;
1249 #endif /* ARCH_HAS_SETUP_ADDITIONAL_PAGES */
1250
1251 retval = create_elf_tables(bprm, elf_ex,
1252 load_addr, interp_load_addr, e_entry);
1253 if (retval < 0)
1254 goto out;
1255
1256 mm = current->mm;
1257 mm->end_code = end_code;
1258 mm->start_code = start_code;
1259 mm->start_data = start_data;
1260 mm->end_data = end_data;
1261 mm->start_stack = bprm->p;
1262
1263 if ((current->flags & PF_RANDOMIZE) && (randomize_va_space > 1)) {
1264 /*
1265 * For architectures with ELF randomization, when executing
1266 * a loader directly (i.e. no interpreter listed in ELF
1267 * headers), move the brk area out of the mmap region
1268 * (since it grows up, and may collide early with the stack
1269 * growing down), and into the unused ELF_ET_DYN_BASE region.
1270 */
1271 if (IS_ENABLED(CONFIG_ARCH_HAS_ELF_RANDOMIZE) &&
1272 elf_ex->e_type == ET_DYN && !interpreter) {
1273 mm->brk = mm->start_brk = ELF_ET_DYN_BASE;
1274 }
1275
1276 mm->brk = mm->start_brk = arch_randomize_brk(mm);
1277 #ifdef compat_brk_randomized
1278 current->brk_randomized = 1;
1279 #endif
1280 }
1281
1282 if (current->personality & MMAP_PAGE_ZERO) {
1283 /* Why this, you ask??? Well SVr4 maps page 0 as read-only,
1284 and some applications "depend" upon this behavior.
1285 Since we do not have the power to recompile these, we
1286 emulate the SVr4 behavior. Sigh. */
1287 error = vm_mmap(NULL, 0, PAGE_SIZE, PROT_READ | PROT_EXEC,
1288 MAP_FIXED | MAP_PRIVATE, 0);
1289 }
1290
1291 regs = current_pt_regs();
1292 #ifdef ELF_PLAT_INIT
1293 /*
1294 * The ABI may specify that certain registers be set up in special
1295 * ways (on i386 %edx is the address of a DT_FINI function, for
1296 * example. In addition, it may also specify (eg, PowerPC64 ELF)
1297 * that the e_entry field is the address of the function descriptor
1298 * for the startup routine, rather than the address of the startup
1299 * routine itself. This macro performs whatever initialization to
1300 * the regs structure is required as well as any relocations to the
1301 * function descriptor entries when executing dynamically links apps.
1302 */
1303 ELF_PLAT_INIT(regs, reloc_func_desc);
1304 #endif
1305
1306 finalize_exec(bprm);
1307 start_thread(regs, elf_entry, bprm->p);
1308 retval = 0;
1309 out:
1310 return retval;
1311
1312 /* error cleanup */
1313 out_free_dentry:
1314 kfree(interp_elf_ex);
1315 kfree(interp_elf_phdata);
1316 allow_write_access(interpreter);
1317 if (interpreter)
1318 fput(interpreter);
1319 out_free_ph:
1320 kfree(elf_phdata);
1321 goto out;
1322 }
1323
1324 #ifdef CONFIG_USELIB
1325 /* This is really simpleminded and specialized - we are loading an
1326 a.out library that is given an ELF header. */
1327 static int load_elf_library(struct file *file)
1328 {
1329 struct elf_phdr *elf_phdata;
1330 struct elf_phdr *eppnt;
1331 unsigned long elf_bss, bss, len;
1332 int retval, error, i, j;
1333 struct elfhdr elf_ex;
1334
1335 error = -ENOEXEC;
1336 retval = elf_read(file, &elf_ex, sizeof(elf_ex), 0);
1337 if (retval < 0)
1338 goto out;
1339
1340 if (memcmp(elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
1341 goto out;
1342
1343 /* First of all, some simple consistency checks */
1344 if (elf_ex.e_type != ET_EXEC || elf_ex.e_phnum > 2 ||
1345 !elf_check_arch(&elf_ex) || !file->f_op->mmap)
1346 goto out;
1347 if (elf_check_fdpic(&elf_ex))
1348 goto out;
1349
1350 /* Now read in all of the header information */
1351
1352 j = sizeof(struct elf_phdr) * elf_ex.e_phnum;
1353 /* j < ELF_MIN_ALIGN because elf_ex.e_phnum <= 2 */
1354
1355 error = -ENOMEM;
1356 elf_phdata = kmalloc(j, GFP_KERNEL);
1357 if (!elf_phdata)
1358 goto out;
1359
1360 eppnt = elf_phdata;
1361 error = -ENOEXEC;
1362 retval = elf_read(file, eppnt, j, elf_ex.e_phoff);
1363 if (retval < 0)
1364 goto out_free_ph;
1365
1366 for (j = 0, i = 0; i<elf_ex.e_phnum; i++)
1367 if ((eppnt + i)->p_type == PT_LOAD)
1368 j++;
1369 if (j != 1)
1370 goto out_free_ph;
1371
1372 while (eppnt->p_type != PT_LOAD)
1373 eppnt++;
1374
1375 /* Now use mmap to map the library into memory. */
1376 error = vm_mmap(file,
1377 ELF_PAGESTART(eppnt->p_vaddr),
1378 (eppnt->p_filesz +
1379 ELF_PAGEOFFSET(eppnt->p_vaddr)),
1380 PROT_READ | PROT_WRITE | PROT_EXEC,
1381 MAP_FIXED_NOREPLACE | MAP_PRIVATE | MAP_DENYWRITE,
1382 (eppnt->p_offset -
1383 ELF_PAGEOFFSET(eppnt->p_vaddr)));
1384 if (error != ELF_PAGESTART(eppnt->p_vaddr))
1385 goto out_free_ph;
1386
1387 elf_bss = eppnt->p_vaddr + eppnt->p_filesz;
1388 if (padzero(elf_bss)) {
1389 error = -EFAULT;
1390 goto out_free_ph;
1391 }
1392
1393 len = ELF_PAGEALIGN(eppnt->p_filesz + eppnt->p_vaddr);
1394 bss = ELF_PAGEALIGN(eppnt->p_memsz + eppnt->p_vaddr);
1395 if (bss > len) {
1396 error = vm_brk(len, bss - len);
1397 if (error)
1398 goto out_free_ph;
1399 }
1400 error = 0;
1401
1402 out_free_ph:
1403 kfree(elf_phdata);
1404 out:
1405 return error;
1406 }
1407 #endif /* #ifdef CONFIG_USELIB */
1408
1409 #ifdef CONFIG_ELF_CORE
1410 /*
1411 * ELF core dumper
1412 *
1413 * Modelled on fs/exec.c:aout_core_dump()
1414 * Jeremy Fitzhardinge <jeremy@sw.oz.au>
1415 */
1416
1417 /* An ELF note in memory */
1418 struct memelfnote
1419 {
1420 const char *name;
1421 int type;
1422 unsigned int datasz;
1423 void *data;
1424 };
1425
1426 static int notesize(struct memelfnote *en)
1427 {
1428 int sz;
1429
1430 sz = sizeof(struct elf_note);
1431 sz += roundup(strlen(en->name) + 1, 4);
1432 sz += roundup(en->datasz, 4);
1433
1434 return sz;
1435 }
1436
1437 static int writenote(struct memelfnote *men, struct coredump_params *cprm)
1438 {
1439 struct elf_note en;
1440 en.n_namesz = strlen(men->name) + 1;
1441 en.n_descsz = men->datasz;
1442 en.n_type = men->type;
1443
1444 return dump_emit(cprm, &en, sizeof(en)) &&
1445 dump_emit(cprm, men->name, en.n_namesz) && dump_align(cprm, 4) &&
1446 dump_emit(cprm, men->data, men->datasz) && dump_align(cprm, 4);
1447 }
1448
1449 static void fill_elf_header(struct elfhdr *elf, int segs,
1450 u16 machine, u32 flags)
1451 {
1452 memset(elf, 0, sizeof(*elf));
1453
1454 memcpy(elf->e_ident, ELFMAG, SELFMAG);
1455 elf->e_ident[EI_CLASS] = ELF_CLASS;
1456 elf->e_ident[EI_DATA] = ELF_DATA;
1457 elf->e_ident[EI_VERSION] = EV_CURRENT;
1458 elf->e_ident[EI_OSABI] = ELF_OSABI;
1459
1460 elf->e_type = ET_CORE;
1461 elf->e_machine = machine;
1462 elf->e_version = EV_CURRENT;
1463 elf->e_phoff = sizeof(struct elfhdr);
1464 elf->e_flags = flags;
1465 elf->e_ehsize = sizeof(struct elfhdr);
1466 elf->e_phentsize = sizeof(struct elf_phdr);
1467 elf->e_phnum = segs;
1468 }
1469
1470 static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, loff_t offset)
1471 {
1472 phdr->p_type = PT_NOTE;
1473 phdr->p_offset = offset;
1474 phdr->p_vaddr = 0;
1475 phdr->p_paddr = 0;
1476 phdr->p_filesz = sz;
1477 phdr->p_memsz = 0;
1478 phdr->p_flags = 0;
1479 phdr->p_align = 0;
1480 }
1481
1482 static void fill_note(struct memelfnote *note, const char *name, int type,
1483 unsigned int sz, void *data)
1484 {
1485 note->name = name;
1486 note->type = type;
1487 note->datasz = sz;
1488 note->data = data;
1489 }
1490
1491 /*
1492 * fill up all the fields in prstatus from the given task struct, except
1493 * registers which need to be filled up separately.
1494 */
1495 static void fill_prstatus(struct elf_prstatus *prstatus,
1496 struct task_struct *p, long signr)
1497 {
1498 prstatus->pr_info.si_signo = prstatus->pr_cursig = signr;
1499 prstatus->pr_sigpend = p->pending.signal.sig[0];
1500 prstatus->pr_sighold = p->blocked.sig[0];
1501 rcu_read_lock();
1502 prstatus->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1503 rcu_read_unlock();
1504 prstatus->pr_pid = task_pid_vnr(p);
1505 prstatus->pr_pgrp = task_pgrp_vnr(p);
1506 prstatus->pr_sid = task_session_vnr(p);
1507 if (thread_group_leader(p)) {
1508 struct task_cputime cputime;
1509
1510 /*
1511 * This is the record for the group leader. It shows the
1512 * group-wide total, not its individual thread total.
1513 */
1514 thread_group_cputime(p, &cputime);
1515 prstatus->pr_utime = ns_to_kernel_old_timeval(cputime.utime);
1516 prstatus->pr_stime = ns_to_kernel_old_timeval(cputime.stime);
1517 } else {
1518 u64 utime, stime;
1519
1520 task_cputime(p, &utime, &stime);
1521 prstatus->pr_utime = ns_to_kernel_old_timeval(utime);
1522 prstatus->pr_stime = ns_to_kernel_old_timeval(stime);
1523 }
1524
1525 prstatus->pr_cutime = ns_to_kernel_old_timeval(p->signal->cutime);
1526 prstatus->pr_cstime = ns_to_kernel_old_timeval(p->signal->cstime);
1527 }
1528
1529 static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p,
1530 struct mm_struct *mm)
1531 {
1532 const struct cred *cred;
1533 unsigned int i, len;
1534
1535 /* first copy the parameters from user space */
1536 memset(psinfo, 0, sizeof(struct elf_prpsinfo));
1537
1538 len = mm->arg_end - mm->arg_start;
1539 if (len >= ELF_PRARGSZ)
1540 len = ELF_PRARGSZ-1;
1541 if (copy_from_user(&psinfo->pr_psargs,
1542 (const char __user *)mm->arg_start, len))
1543 return -EFAULT;
1544 for(i = 0; i < len; i++)
1545 if (psinfo->pr_psargs[i] == 0)
1546 psinfo->pr_psargs[i] = ' ';
1547 psinfo->pr_psargs[len] = 0;
1548
1549 rcu_read_lock();
1550 psinfo->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1551 rcu_read_unlock();
1552 psinfo->pr_pid = task_pid_vnr(p);
1553 psinfo->pr_pgrp = task_pgrp_vnr(p);
1554 psinfo->pr_sid = task_session_vnr(p);
1555
1556 i = p->state ? ffz(~p->state) + 1 : 0;
1557 psinfo->pr_state = i;
1558 psinfo->pr_sname = (i > 5) ? '.' : "RSDTZW"[i];
1559 psinfo->pr_zomb = psinfo->pr_sname == 'Z';
1560 psinfo->pr_nice = task_nice(p);
1561 psinfo->pr_flag = p->flags;
1562 rcu_read_lock();
1563 cred = __task_cred(p);
1564 SET_UID(psinfo->pr_uid, from_kuid_munged(cred->user_ns, cred->uid));
1565 SET_GID(psinfo->pr_gid, from_kgid_munged(cred->user_ns, cred->gid));
1566 rcu_read_unlock();
1567 strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname));
1568
1569 return 0;
1570 }
1571
1572 static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
1573 {
1574 elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
1575 int i = 0;
1576 do
1577 i += 2;
1578 while (auxv[i - 2] != AT_NULL);
1579 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
1580 }
1581
1582 static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata,
1583 const kernel_siginfo_t *siginfo)
1584 {
1585 copy_siginfo_to_external(csigdata, siginfo);
1586 fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata);
1587 }
1588
1589 #define MAX_FILE_NOTE_SIZE (4*1024*1024)
1590 /*
1591 * Format of NT_FILE note:
1592 *
1593 * long count -- how many files are mapped
1594 * long page_size -- units for file_ofs
1595 * array of [COUNT] elements of
1596 * long start
1597 * long end
1598 * long file_ofs
1599 * followed by COUNT filenames in ASCII: "FILE1" NUL "FILE2" NUL...
1600 */
1601 static int fill_files_note(struct memelfnote *note)
1602 {
1603 struct mm_struct *mm = current->mm;
1604 struct vm_area_struct *vma;
1605 unsigned count, size, names_ofs, remaining, n;
1606 user_long_t *data;
1607 user_long_t *start_end_ofs;
1608 char *name_base, *name_curpos;
1609
1610 /* *Estimated* file count and total data size needed */
1611 count = mm->map_count;
1612 if (count > UINT_MAX / 64)
1613 return -EINVAL;
1614 size = count * 64;
1615
1616 names_ofs = (2 + 3 * count) * sizeof(data[0]);
1617 alloc:
1618 if (size >= MAX_FILE_NOTE_SIZE) /* paranoia check */
1619 return -EINVAL;
1620 size = round_up(size, PAGE_SIZE);
1621 /*
1622 * "size" can be 0 here legitimately.
1623 * Let it ENOMEM and omit NT_FILE section which will be empty anyway.
1624 */
1625 data = kvmalloc(size, GFP_KERNEL);
1626 if (ZERO_OR_NULL_PTR(data))
1627 return -ENOMEM;
1628
1629 start_end_ofs = data + 2;
1630 name_base = name_curpos = ((char *)data) + names_ofs;
1631 remaining = size - names_ofs;
1632 count = 0;
1633 for (vma = mm->mmap; vma != NULL; vma = vma->vm_next) {
1634 struct file *file;
1635 const char *filename;
1636
1637 file = vma->vm_file;
1638 if (!file)
1639 continue;
1640 filename = file_path(file, name_curpos, remaining);
1641 if (IS_ERR(filename)) {
1642 if (PTR_ERR(filename) == -ENAMETOOLONG) {
1643 kvfree(data);
1644 size = size * 5 / 4;
1645 goto alloc;
1646 }
1647 continue;
1648 }
1649
1650 /* file_path() fills at the end, move name down */
1651 /* n = strlen(filename) + 1: */
1652 n = (name_curpos + remaining) - filename;
1653 remaining = filename - name_curpos;
1654 memmove(name_curpos, filename, n);
1655 name_curpos += n;
1656
1657 *start_end_ofs++ = vma->vm_start;
1658 *start_end_ofs++ = vma->vm_end;
1659 *start_end_ofs++ = vma->vm_pgoff;
1660 count++;
1661 }
1662
1663 /* Now we know exact count of files, can store it */
1664 data[0] = count;
1665 data[1] = PAGE_SIZE;
1666 /*
1667 * Count usually is less than mm->map_count,
1668 * we need to move filenames down.
1669 */
1670 n = mm->map_count - count;
1671 if (n != 0) {
1672 unsigned shift_bytes = n * 3 * sizeof(data[0]);
1673 memmove(name_base - shift_bytes, name_base,
1674 name_curpos - name_base);
1675 name_curpos -= shift_bytes;
1676 }
1677
1678 size = name_curpos - (char *)data;
1679 fill_note(note, "CORE", NT_FILE, size, data);
1680 return 0;
1681 }
1682
1683 #ifdef CORE_DUMP_USE_REGSET
1684 #include <linux/regset.h>
1685
1686 struct elf_thread_core_info {
1687 struct elf_thread_core_info *next;
1688 struct task_struct *task;
1689 struct elf_prstatus prstatus;
1690 struct memelfnote notes[0];
1691 };
1692
1693 struct elf_note_info {
1694 struct elf_thread_core_info *thread;
1695 struct memelfnote psinfo;
1696 struct memelfnote signote;
1697 struct memelfnote auxv;
1698 struct memelfnote files;
1699 user_siginfo_t csigdata;
1700 size_t size;
1701 int thread_notes;
1702 };
1703
1704 /*
1705 * When a regset has a writeback hook, we call it on each thread before
1706 * dumping user memory. On register window machines, this makes sure the
1707 * user memory backing the register data is up to date before we read it.
1708 */
1709 static void do_thread_regset_writeback(struct task_struct *task,
1710 const struct user_regset *regset)
1711 {
1712 if (regset->writeback)
1713 regset->writeback(task, regset, 1);
1714 }
1715
1716 #ifndef PRSTATUS_SIZE
1717 #define PRSTATUS_SIZE(S, R) sizeof(S)
1718 #endif
1719
1720 #ifndef SET_PR_FPVALID
1721 #define SET_PR_FPVALID(S, V, R) ((S)->pr_fpvalid = (V))
1722 #endif
1723
1724 static int fill_thread_core_info(struct elf_thread_core_info *t,
1725 const struct user_regset_view *view,
1726 long signr, size_t *total)
1727 {
1728 unsigned int i;
1729 int regset0_size;
1730
1731 /*
1732 * NT_PRSTATUS is the one special case, because the regset data
1733 * goes into the pr_reg field inside the note contents, rather
1734 * than being the whole note contents. We fill the reset in here.
1735 * We assume that regset 0 is NT_PRSTATUS.
1736 */
1737 fill_prstatus(&t->prstatus, t->task, signr);
1738 regset0_size = regset_get(t->task, &view->regsets[0],
1739 sizeof(t->prstatus.pr_reg), &t->prstatus.pr_reg);
1740 if (regset0_size < 0)
1741 return 0;
1742
1743 fill_note(&t->notes[0], "CORE", NT_PRSTATUS,
1744 PRSTATUS_SIZE(t->prstatus, regset0_size), &t->prstatus);
1745 *total += notesize(&t->notes[0]);
1746
1747 do_thread_regset_writeback(t->task, &view->regsets[0]);
1748
1749 /*
1750 * Each other regset might generate a note too. For each regset
1751 * that has no core_note_type or is inactive, we leave t->notes[i]
1752 * all zero and we'll know to skip writing it later.
1753 */
1754 for (i = 1; i < view->n; ++i) {
1755 const struct user_regset *regset = &view->regsets[i];
1756 int note_type = regset->core_note_type;
1757 bool is_fpreg = note_type == NT_PRFPREG;
1758 void *data;
1759 int ret;
1760
1761 do_thread_regset_writeback(t->task, regset);
1762 if (!note_type) // not for coredumps
1763 continue;
1764 if (regset->active && regset->active(t->task, regset) <= 0)
1765 continue;
1766
1767 ret = regset_get_alloc(t->task, regset, ~0U, &data);
1768 if (ret < 0)
1769 continue;
1770
1771 if (is_fpreg)
1772 SET_PR_FPVALID(&t->prstatus, 1, regset0_size);
1773
1774 fill_note(&t->notes[i], is_fpreg ? "CORE" : "LINUX",
1775 note_type, ret, data);
1776
1777 *total += notesize(&t->notes[i]);
1778 }
1779
1780 return 1;
1781 }
1782
1783 static int fill_note_info(struct elfhdr *elf, int phdrs,
1784 struct elf_note_info *info,
1785 const kernel_siginfo_t *siginfo, struct pt_regs *regs)
1786 {
1787 struct task_struct *dump_task = current;
1788 const struct user_regset_view *view = task_user_regset_view(dump_task);
1789 struct elf_thread_core_info *t;
1790 struct elf_prpsinfo *psinfo;
1791 struct core_thread *ct;
1792 unsigned int i;
1793
1794 info->size = 0;
1795 info->thread = NULL;
1796
1797 psinfo = kmalloc(sizeof(*psinfo), GFP_KERNEL);
1798 if (psinfo == NULL) {
1799 info->psinfo.data = NULL; /* So we don't free this wrongly */
1800 return 0;
1801 }
1802
1803 fill_note(&info->psinfo, "CORE", NT_PRPSINFO, sizeof(*psinfo), psinfo);
1804
1805 /*
1806 * Figure out how many notes we're going to need for each thread.
1807 */
1808 info->thread_notes = 0;
1809 for (i = 0; i < view->n; ++i)
1810 if (view->regsets[i].core_note_type != 0)
1811 ++info->thread_notes;
1812
1813 /*
1814 * Sanity check. We rely on regset 0 being in NT_PRSTATUS,
1815 * since it is our one special case.
1816 */
1817 if (unlikely(info->thread_notes == 0) ||
1818 unlikely(view->regsets[0].core_note_type != NT_PRSTATUS)) {
1819 WARN_ON(1);
1820 return 0;
1821 }
1822
1823 /*
1824 * Initialize the ELF file header.
1825 */
1826 fill_elf_header(elf, phdrs,
1827 view->e_machine, view->e_flags);
1828
1829 /*
1830 * Allocate a structure for each thread.
1831 */
1832 for (ct = &dump_task->mm->core_state->dumper; ct; ct = ct->next) {
1833 t = kzalloc(offsetof(struct elf_thread_core_info,
1834 notes[info->thread_notes]),
1835 GFP_KERNEL);
1836 if (unlikely(!t))
1837 return 0;
1838
1839 t->task = ct->task;
1840 if (ct->task == dump_task || !info->thread) {
1841 t->next = info->thread;
1842 info->thread = t;
1843 } else {
1844 /*
1845 * Make sure to keep the original task at
1846 * the head of the list.
1847 */
1848 t->next = info->thread->next;
1849 info->thread->next = t;
1850 }
1851 }
1852
1853 /*
1854 * Now fill in each thread's information.
1855 */
1856 for (t = info->thread; t != NULL; t = t->next)
1857 if (!fill_thread_core_info(t, view, siginfo->si_signo, &info->size))
1858 return 0;
1859
1860 /*
1861 * Fill in the two process-wide notes.
1862 */
1863 fill_psinfo(psinfo, dump_task->group_leader, dump_task->mm);
1864 info->size += notesize(&info->psinfo);
1865
1866 fill_siginfo_note(&info->signote, &info->csigdata, siginfo);
1867 info->size += notesize(&info->signote);
1868
1869 fill_auxv_note(&info->auxv, current->mm);
1870 info->size += notesize(&info->auxv);
1871
1872 if (fill_files_note(&info->files) == 0)
1873 info->size += notesize(&info->files);
1874
1875 return 1;
1876 }
1877
1878 static size_t get_note_info_size(struct elf_note_info *info)
1879 {
1880 return info->size;
1881 }
1882
1883 /*
1884 * Write all the notes for each thread. When writing the first thread, the
1885 * process-wide notes are interleaved after the first thread-specific note.
1886 */
1887 static int write_note_info(struct elf_note_info *info,
1888 struct coredump_params *cprm)
1889 {
1890 bool first = true;
1891 struct elf_thread_core_info *t = info->thread;
1892
1893 do {
1894 int i;
1895
1896 if (!writenote(&t->notes[0], cprm))
1897 return 0;
1898
1899 if (first && !writenote(&info->psinfo, cprm))
1900 return 0;
1901 if (first && !writenote(&info->signote, cprm))
1902 return 0;
1903 if (first && !writenote(&info->auxv, cprm))
1904 return 0;
1905 if (first && info->files.data &&
1906 !writenote(&info->files, cprm))
1907 return 0;
1908
1909 for (i = 1; i < info->thread_notes; ++i)
1910 if (t->notes[i].data &&
1911 !writenote(&t->notes[i], cprm))
1912 return 0;
1913
1914 first = false;
1915 t = t->next;
1916 } while (t);
1917
1918 return 1;
1919 }
1920
1921 static void free_note_info(struct elf_note_info *info)
1922 {
1923 struct elf_thread_core_info *threads = info->thread;
1924 while (threads) {
1925 unsigned int i;
1926 struct elf_thread_core_info *t = threads;
1927 threads = t->next;
1928 WARN_ON(t->notes[0].data && t->notes[0].data != &t->prstatus);
1929 for (i = 1; i < info->thread_notes; ++i)
1930 kfree(t->notes[i].data);
1931 kfree(t);
1932 }
1933 kfree(info->psinfo.data);
1934 kvfree(info->files.data);
1935 }
1936
1937 #else
1938
1939 /* Here is the structure in which status of each thread is captured. */
1940 struct elf_thread_status
1941 {
1942 struct list_head list;
1943 struct elf_prstatus prstatus; /* NT_PRSTATUS */
1944 elf_fpregset_t fpu; /* NT_PRFPREG */
1945 struct task_struct *thread;
1946 struct memelfnote notes[3];
1947 int num_notes;
1948 };
1949
1950 /*
1951 * In order to add the specific thread information for the elf file format,
1952 * we need to keep a linked list of every threads pr_status and then create
1953 * a single section for them in the final core file.
1954 */
1955 static int elf_dump_thread_status(long signr, struct elf_thread_status *t)
1956 {
1957 int sz = 0;
1958 struct task_struct *p = t->thread;
1959 t->num_notes = 0;
1960
1961 fill_prstatus(&t->prstatus, p, signr);
1962 elf_core_copy_task_regs(p, &t->prstatus.pr_reg);
1963
1964 fill_note(&t->notes[0], "CORE", NT_PRSTATUS, sizeof(t->prstatus),
1965 &(t->prstatus));
1966 t->num_notes++;
1967 sz += notesize(&t->notes[0]);
1968
1969 if ((t->prstatus.pr_fpvalid = elf_core_copy_task_fpregs(p, NULL,
1970 &t->fpu))) {
1971 fill_note(&t->notes[1], "CORE", NT_PRFPREG, sizeof(t->fpu),
1972 &(t->fpu));
1973 t->num_notes++;
1974 sz += notesize(&t->notes[1]);
1975 }
1976 return sz;
1977 }
1978
1979 struct elf_note_info {
1980 struct memelfnote *notes;
1981 struct memelfnote *notes_files;
1982 struct elf_prstatus *prstatus; /* NT_PRSTATUS */
1983 struct elf_prpsinfo *psinfo; /* NT_PRPSINFO */
1984 struct list_head thread_list;
1985 elf_fpregset_t *fpu;
1986 user_siginfo_t csigdata;
1987 int thread_status_size;
1988 int numnote;
1989 };
1990
1991 static int elf_note_info_init(struct elf_note_info *info)
1992 {
1993 memset(info, 0, sizeof(*info));
1994 INIT_LIST_HEAD(&info->thread_list);
1995
1996 /* Allocate space for ELF notes */
1997 info->notes = kmalloc_array(8, sizeof(struct memelfnote), GFP_KERNEL);
1998 if (!info->notes)
1999 return 0;
2000 info->psinfo = kmalloc(sizeof(*info->psinfo), GFP_KERNEL);
2001 if (!info->psinfo)
2002 return 0;
2003 info->prstatus = kmalloc(sizeof(*info->prstatus), GFP_KERNEL);
2004 if (!info->prstatus)
2005 return 0;
2006 info->fpu = kmalloc(sizeof(*info->fpu), GFP_KERNEL);
2007 if (!info->fpu)
2008 return 0;
2009 return 1;
2010 }
2011
2012 static int fill_note_info(struct elfhdr *elf, int phdrs,
2013 struct elf_note_info *info,
2014 const kernel_siginfo_t *siginfo, struct pt_regs *regs)
2015 {
2016 struct core_thread *ct;
2017 struct elf_thread_status *ets;
2018
2019 if (!elf_note_info_init(info))
2020 return 0;
2021
2022 for (ct = current->mm->core_state->dumper.next;
2023 ct; ct = ct->next) {
2024 ets = kzalloc(sizeof(*ets), GFP_KERNEL);
2025 if (!ets)
2026 return 0;
2027
2028 ets->thread = ct->task;
2029 list_add(&ets->list, &info->thread_list);
2030 }
2031
2032 list_for_each_entry(ets, &info->thread_list, list) {
2033 int sz;
2034
2035 sz = elf_dump_thread_status(siginfo->si_signo, ets);
2036 info->thread_status_size += sz;
2037 }
2038 /* now collect the dump for the current */
2039 memset(info->prstatus, 0, sizeof(*info->prstatus));
2040 fill_prstatus(info->prstatus, current, siginfo->si_signo);
2041 elf_core_copy_regs(&info->prstatus->pr_reg, regs);
2042
2043 /* Set up header */
2044 fill_elf_header(elf, phdrs, ELF_ARCH, ELF_CORE_EFLAGS);
2045
2046 /*
2047 * Set up the notes in similar form to SVR4 core dumps made
2048 * with info from their /proc.
2049 */
2050
2051 fill_note(info->notes + 0, "CORE", NT_PRSTATUS,
2052 sizeof(*info->prstatus), info->prstatus);
2053 fill_psinfo(info->psinfo, current->group_leader, current->mm);
2054 fill_note(info->notes + 1, "CORE", NT_PRPSINFO,
2055 sizeof(*info->psinfo), info->psinfo);
2056
2057 fill_siginfo_note(info->notes + 2, &info->csigdata, siginfo);
2058 fill_auxv_note(info->notes + 3, current->mm);
2059 info->numnote = 4;
2060
2061 if (fill_files_note(info->notes + info->numnote) == 0) {
2062 info->notes_files = info->notes + info->numnote;
2063 info->numnote++;
2064 }
2065
2066 /* Try to dump the FPU. */
2067 info->prstatus->pr_fpvalid = elf_core_copy_task_fpregs(current, regs,
2068 info->fpu);
2069 if (info->prstatus->pr_fpvalid)
2070 fill_note(info->notes + info->numnote++,
2071 "CORE", NT_PRFPREG, sizeof(*info->fpu), info->fpu);
2072 return 1;
2073 }
2074
2075 static size_t get_note_info_size(struct elf_note_info *info)
2076 {
2077 int sz = 0;
2078 int i;
2079
2080 for (i = 0; i < info->numnote; i++)
2081 sz += notesize(info->notes + i);
2082
2083 sz += info->thread_status_size;
2084
2085 return sz;
2086 }
2087
2088 static int write_note_info(struct elf_note_info *info,
2089 struct coredump_params *cprm)
2090 {
2091 struct elf_thread_status *ets;
2092 int i;
2093
2094 for (i = 0; i < info->numnote; i++)
2095 if (!writenote(info->notes + i, cprm))
2096 return 0;
2097
2098 /* write out the thread status notes section */
2099 list_for_each_entry(ets, &info->thread_list, list) {
2100 for (i = 0; i < ets->num_notes; i++)
2101 if (!writenote(&ets->notes[i], cprm))
2102 return 0;
2103 }
2104
2105 return 1;
2106 }
2107
2108 static void free_note_info(struct elf_note_info *info)
2109 {
2110 while (!list_empty(&info->thread_list)) {
2111 struct list_head *tmp = info->thread_list.next;
2112 list_del(tmp);
2113 kfree(list_entry(tmp, struct elf_thread_status, list));
2114 }
2115
2116 /* Free data possibly allocated by fill_files_note(): */
2117 if (info->notes_files)
2118 kvfree(info->notes_files->data);
2119
2120 kfree(info->prstatus);
2121 kfree(info->psinfo);
2122 kfree(info->notes);
2123 kfree(info->fpu);
2124 }
2125
2126 #endif
2127
2128 static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
2129 elf_addr_t e_shoff, int segs)
2130 {
2131 elf->e_shoff = e_shoff;
2132 elf->e_shentsize = sizeof(*shdr4extnum);
2133 elf->e_shnum = 1;
2134 elf->e_shstrndx = SHN_UNDEF;
2135
2136 memset(shdr4extnum, 0, sizeof(*shdr4extnum));
2137
2138 shdr4extnum->sh_type = SHT_NULL;
2139 shdr4extnum->sh_size = elf->e_shnum;
2140 shdr4extnum->sh_link = elf->e_shstrndx;
2141 shdr4extnum->sh_info = segs;
2142 }
2143
2144 /*
2145 * Actual dumper
2146 *
2147 * This is a two-pass process; first we find the offsets of the bits,
2148 * and then they are actually written out. If we run out of core limit
2149 * we just truncate.
2150 */
2151 static int elf_core_dump(struct coredump_params *cprm)
2152 {
2153 int has_dumped = 0;
2154 int vma_count, segs, i;
2155 size_t vma_data_size;
2156 struct elfhdr elf;
2157 loff_t offset = 0, dataoff;
2158 struct elf_note_info info = { };
2159 struct elf_phdr *phdr4note = NULL;
2160 struct elf_shdr *shdr4extnum = NULL;
2161 Elf_Half e_phnum;
2162 elf_addr_t e_shoff;
2163 struct core_vma_metadata *vma_meta;
2164
2165 if (dump_vma_snapshot(cprm, &vma_count, &vma_meta, &vma_data_size))
2166 return 0;
2167
2168 /*
2169 * The number of segs are recored into ELF header as 16bit value.
2170 * Please check DEFAULT_MAX_MAP_COUNT definition when you modify here.
2171 */
2172 segs = vma_count + elf_core_extra_phdrs();
2173
2174 /* for notes section */
2175 segs++;
2176
2177 /* If segs > PN_XNUM(0xffff), then e_phnum overflows. To avoid
2178 * this, kernel supports extended numbering. Have a look at
2179 * include/linux/elf.h for further information. */
2180 e_phnum = segs > PN_XNUM ? PN_XNUM : segs;
2181
2182 /*
2183 * Collect all the non-memory information about the process for the
2184 * notes. This also sets up the file header.
2185 */
2186 if (!fill_note_info(&elf, e_phnum, &info, cprm->siginfo, cprm->regs))
2187 goto end_coredump;
2188
2189 has_dumped = 1;
2190
2191 offset += sizeof(elf); /* Elf header */
2192 offset += segs * sizeof(struct elf_phdr); /* Program headers */
2193
2194 /* Write notes phdr entry */
2195 {
2196 size_t sz = get_note_info_size(&info);
2197
2198 sz += elf_coredump_extra_notes_size();
2199
2200 phdr4note = kmalloc(sizeof(*phdr4note), GFP_KERNEL);
2201 if (!phdr4note)
2202 goto end_coredump;
2203
2204 fill_elf_note_phdr(phdr4note, sz, offset);
2205 offset += sz;
2206 }
2207
2208 dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
2209
2210 offset += vma_data_size;
2211 offset += elf_core_extra_data_size();
2212 e_shoff = offset;
2213
2214 if (e_phnum == PN_XNUM) {
2215 shdr4extnum = kmalloc(sizeof(*shdr4extnum), GFP_KERNEL);
2216 if (!shdr4extnum)
2217 goto end_coredump;
2218 fill_extnum_info(&elf, shdr4extnum, e_shoff, segs);
2219 }
2220
2221 offset = dataoff;
2222
2223 if (!dump_emit(cprm, &elf, sizeof(elf)))
2224 goto end_coredump;
2225
2226 if (!dump_emit(cprm, phdr4note, sizeof(*phdr4note)))
2227 goto end_coredump;
2228
2229 /* Write program headers for segments dump */
2230 for (i = 0; i < vma_count; i++) {
2231 struct core_vma_metadata *meta = vma_meta + i;
2232 struct elf_phdr phdr;
2233
2234 phdr.p_type = PT_LOAD;
2235 phdr.p_offset = offset;
2236 phdr.p_vaddr = meta->start;
2237 phdr.p_paddr = 0;
2238 phdr.p_filesz = meta->dump_size;
2239 phdr.p_memsz = meta->end - meta->start;
2240 offset += phdr.p_filesz;
2241 phdr.p_flags = 0;
2242 if (meta->flags & VM_READ)
2243 phdr.p_flags |= PF_R;
2244 if (meta->flags & VM_WRITE)
2245 phdr.p_flags |= PF_W;
2246 if (meta->flags & VM_EXEC)
2247 phdr.p_flags |= PF_X;
2248 phdr.p_align = ELF_EXEC_PAGESIZE;
2249
2250 if (!dump_emit(cprm, &phdr, sizeof(phdr)))
2251 goto end_coredump;
2252 }
2253
2254 if (!elf_core_write_extra_phdrs(cprm, offset))
2255 goto end_coredump;
2256
2257 /* write out the notes section */
2258 if (!write_note_info(&info, cprm))
2259 goto end_coredump;
2260
2261 if (elf_coredump_extra_notes_write(cprm))
2262 goto end_coredump;
2263
2264 /* Align to page */
2265 if (!dump_skip(cprm, dataoff - cprm->pos))
2266 goto end_coredump;
2267
2268 for (i = 0; i < vma_count; i++) {
2269 struct core_vma_metadata *meta = vma_meta + i;
2270
2271 if (!dump_user_range(cprm, meta->start, meta->dump_size))
2272 goto end_coredump;
2273 }
2274 dump_truncate(cprm);
2275
2276 if (!elf_core_write_extra_data(cprm))
2277 goto end_coredump;
2278
2279 if (e_phnum == PN_XNUM) {
2280 if (!dump_emit(cprm, shdr4extnum, sizeof(*shdr4extnum)))
2281 goto end_coredump;
2282 }
2283
2284 end_coredump:
2285 free_note_info(&info);
2286 kfree(shdr4extnum);
2287 kvfree(vma_meta);
2288 kfree(phdr4note);
2289 return has_dumped;
2290 }
2291
2292 #endif /* CONFIG_ELF_CORE */
2293
2294 static int __init init_elf_binfmt(void)
2295 {
2296 register_binfmt(&elf_format);
2297 return 0;
2298 }
2299
2300 static void __exit exit_elf_binfmt(void)
2301 {
2302 /* Remove the COFF and ELF loaders. */
2303 unregister_binfmt(&elf_format);
2304 }
2305
2306 core_initcall(init_elf_binfmt);
2307 module_exit(exit_elf_binfmt);
2308 MODULE_LICENSE("GPL");
Ubuntu Hirsute Linux kernel mirror