Loading...
1/* binfmt_elf_fdpic.c: FDPIC ELF binary format
2 *
3 * Copyright (C) 2003, 2004, 2006 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 * Derived from binfmt_elf.c
6 *
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License
9 * as published by the Free Software Foundation; either version
10 * 2 of the License, or (at your option) any later version.
11 */
12
13#include <linux/module.h>
14
15#include <linux/fs.h>
16#include <linux/stat.h>
17#include <linux/sched.h>
18#include <linux/mm.h>
19#include <linux/mman.h>
20#include <linux/errno.h>
21#include <linux/signal.h>
22#include <linux/binfmts.h>
23#include <linux/string.h>
24#include <linux/file.h>
25#include <linux/fcntl.h>
26#include <linux/slab.h>
27#include <linux/pagemap.h>
28#include <linux/security.h>
29#include <linux/highmem.h>
30#include <linux/highuid.h>
31#include <linux/personality.h>
32#include <linux/ptrace.h>
33#include <linux/init.h>
34#include <linux/elf.h>
35#include <linux/elf-fdpic.h>
36#include <linux/elfcore.h>
37#include <linux/coredump.h>
38
39#include <asm/uaccess.h>
40#include <asm/param.h>
41#include <asm/pgalloc.h>
42#include <asm/exec.h>
43
44typedef char *elf_caddr_t;
45
46#if 0
47#define kdebug(fmt, ...) printk("FDPIC "fmt"\n" ,##__VA_ARGS__ )
48#else
49#define kdebug(fmt, ...) do {} while(0)
50#endif
51
52#if 0
53#define kdcore(fmt, ...) printk("FDPIC "fmt"\n" ,##__VA_ARGS__ )
54#else
55#define kdcore(fmt, ...) do {} while(0)
56#endif
57
58MODULE_LICENSE("GPL");
59
60static int load_elf_fdpic_binary(struct linux_binprm *, struct pt_regs *);
61static int elf_fdpic_fetch_phdrs(struct elf_fdpic_params *, struct file *);
62static int elf_fdpic_map_file(struct elf_fdpic_params *, struct file *,
63 struct mm_struct *, const char *);
64
65static int create_elf_fdpic_tables(struct linux_binprm *, struct mm_struct *,
66 struct elf_fdpic_params *,
67 struct elf_fdpic_params *);
68
69#ifndef CONFIG_MMU
70static int elf_fdpic_transfer_args_to_stack(struct linux_binprm *,
71 unsigned long *);
72static int elf_fdpic_map_file_constdisp_on_uclinux(struct elf_fdpic_params *,
73 struct file *,
74 struct mm_struct *);
75#endif
76
77static int elf_fdpic_map_file_by_direct_mmap(struct elf_fdpic_params *,
78 struct file *, struct mm_struct *);
79
80#ifdef CONFIG_ELF_CORE
81static int elf_fdpic_core_dump(struct coredump_params *cprm);
82#endif
83
84static struct linux_binfmt elf_fdpic_format = {
85 .module = THIS_MODULE,
86 .load_binary = load_elf_fdpic_binary,
87#ifdef CONFIG_ELF_CORE
88 .core_dump = elf_fdpic_core_dump,
89#endif
90 .min_coredump = ELF_EXEC_PAGESIZE,
91};
92
93static int __init init_elf_fdpic_binfmt(void)
94{
95 register_binfmt(&elf_fdpic_format);
96 return 0;
97}
98
99static void __exit exit_elf_fdpic_binfmt(void)
100{
101 unregister_binfmt(&elf_fdpic_format);
102}
103
104core_initcall(init_elf_fdpic_binfmt);
105module_exit(exit_elf_fdpic_binfmt);
106
107static int is_elf_fdpic(struct elfhdr *hdr, struct file *file)
108{
109 if (memcmp(hdr->e_ident, ELFMAG, SELFMAG) != 0)
110 return 0;
111 if (hdr->e_type != ET_EXEC && hdr->e_type != ET_DYN)
112 return 0;
113 if (!elf_check_arch(hdr) || !elf_check_fdpic(hdr))
114 return 0;
115 if (!file->f_op || !file->f_op->mmap)
116 return 0;
117 return 1;
118}
119
120/*****************************************************************************/
121/*
122 * read the program headers table into memory
123 */
124static int elf_fdpic_fetch_phdrs(struct elf_fdpic_params *params,
125 struct file *file)
126{
127 struct elf32_phdr *phdr;
128 unsigned long size;
129 int retval, loop;
130
131 if (params->hdr.e_phentsize != sizeof(struct elf_phdr))
132 return -ENOMEM;
133 if (params->hdr.e_phnum > 65536U / sizeof(struct elf_phdr))
134 return -ENOMEM;
135
136 size = params->hdr.e_phnum * sizeof(struct elf_phdr);
137 params->phdrs = kmalloc(size, GFP_KERNEL);
138 if (!params->phdrs)
139 return -ENOMEM;
140
141 retval = kernel_read(file, params->hdr.e_phoff,
142 (char *) params->phdrs, size);
143 if (unlikely(retval != size))
144 return retval < 0 ? retval : -ENOEXEC;
145
146 /* determine stack size for this binary */
147 phdr = params->phdrs;
148 for (loop = 0; loop < params->hdr.e_phnum; loop++, phdr++) {
149 if (phdr->p_type != PT_GNU_STACK)
150 continue;
151
152 if (phdr->p_flags & PF_X)
153 params->flags |= ELF_FDPIC_FLAG_EXEC_STACK;
154 else
155 params->flags |= ELF_FDPIC_FLAG_NOEXEC_STACK;
156
157 params->stack_size = phdr->p_memsz;
158 break;
159 }
160
161 return 0;
162}
163
164/*****************************************************************************/
165/*
166 * load an fdpic binary into various bits of memory
167 */
168static int load_elf_fdpic_binary(struct linux_binprm *bprm,
169 struct pt_regs *regs)
170{
171 struct elf_fdpic_params exec_params, interp_params;
172 struct elf_phdr *phdr;
173 unsigned long stack_size, entryaddr;
174#ifdef ELF_FDPIC_PLAT_INIT
175 unsigned long dynaddr;
176#endif
177#ifndef CONFIG_MMU
178 unsigned long stack_prot;
179#endif
180 struct file *interpreter = NULL; /* to shut gcc up */
181 char *interpreter_name = NULL;
182 int executable_stack;
183 int retval, i;
184
185 kdebug("____ LOAD %d ____", current->pid);
186
187 memset(&exec_params, 0, sizeof(exec_params));
188 memset(&interp_params, 0, sizeof(interp_params));
189
190 exec_params.hdr = *(struct elfhdr *) bprm->buf;
191 exec_params.flags = ELF_FDPIC_FLAG_PRESENT | ELF_FDPIC_FLAG_EXECUTABLE;
192
193 /* check that this is a binary we know how to deal with */
194 retval = -ENOEXEC;
195 if (!is_elf_fdpic(&exec_params.hdr, bprm->file))
196 goto error;
197
198 /* read the program header table */
199 retval = elf_fdpic_fetch_phdrs(&exec_params, bprm->file);
200 if (retval < 0)
201 goto error;
202
203 /* scan for a program header that specifies an interpreter */
204 phdr = exec_params.phdrs;
205
206 for (i = 0; i < exec_params.hdr.e_phnum; i++, phdr++) {
207 switch (phdr->p_type) {
208 case PT_INTERP:
209 retval = -ENOMEM;
210 if (phdr->p_filesz > PATH_MAX)
211 goto error;
212 retval = -ENOENT;
213 if (phdr->p_filesz < 2)
214 goto error;
215
216 /* read the name of the interpreter into memory */
217 interpreter_name = kmalloc(phdr->p_filesz, GFP_KERNEL);
218 if (!interpreter_name)
219 goto error;
220
221 retval = kernel_read(bprm->file,
222 phdr->p_offset,
223 interpreter_name,
224 phdr->p_filesz);
225 if (unlikely(retval != phdr->p_filesz)) {
226 if (retval >= 0)
227 retval = -ENOEXEC;
228 goto error;
229 }
230
231 retval = -ENOENT;
232 if (interpreter_name[phdr->p_filesz - 1] != '\0')
233 goto error;
234
235 kdebug("Using ELF interpreter %s", interpreter_name);
236
237 /* replace the program with the interpreter */
238 interpreter = open_exec(interpreter_name);
239 retval = PTR_ERR(interpreter);
240 if (IS_ERR(interpreter)) {
241 interpreter = NULL;
242 goto error;
243 }
244
245 /*
246 * If the binary is not readable then enforce
247 * mm->dumpable = 0 regardless of the interpreter's
248 * permissions.
249 */
250 would_dump(bprm, interpreter);
251
252 retval = kernel_read(interpreter, 0, bprm->buf,
253 BINPRM_BUF_SIZE);
254 if (unlikely(retval != BINPRM_BUF_SIZE)) {
255 if (retval >= 0)
256 retval = -ENOEXEC;
257 goto error;
258 }
259
260 interp_params.hdr = *((struct elfhdr *) bprm->buf);
261 break;
262
263 case PT_LOAD:
264#ifdef CONFIG_MMU
265 if (exec_params.load_addr == 0)
266 exec_params.load_addr = phdr->p_vaddr;
267#endif
268 break;
269 }
270
271 }
272
273 if (elf_check_const_displacement(&exec_params.hdr))
274 exec_params.flags |= ELF_FDPIC_FLAG_CONSTDISP;
275
276 /* perform insanity checks on the interpreter */
277 if (interpreter_name) {
278 retval = -ELIBBAD;
279 if (!is_elf_fdpic(&interp_params.hdr, interpreter))
280 goto error;
281
282 interp_params.flags = ELF_FDPIC_FLAG_PRESENT;
283
284 /* read the interpreter's program header table */
285 retval = elf_fdpic_fetch_phdrs(&interp_params, interpreter);
286 if (retval < 0)
287 goto error;
288 }
289
290 stack_size = exec_params.stack_size;
291 if (exec_params.flags & ELF_FDPIC_FLAG_EXEC_STACK)
292 executable_stack = EXSTACK_ENABLE_X;
293 else if (exec_params.flags & ELF_FDPIC_FLAG_NOEXEC_STACK)
294 executable_stack = EXSTACK_DISABLE_X;
295 else
296 executable_stack = EXSTACK_DEFAULT;
297
298 if (stack_size == 0) {
299 stack_size = interp_params.stack_size;
300 if (interp_params.flags & ELF_FDPIC_FLAG_EXEC_STACK)
301 executable_stack = EXSTACK_ENABLE_X;
302 else if (interp_params.flags & ELF_FDPIC_FLAG_NOEXEC_STACK)
303 executable_stack = EXSTACK_DISABLE_X;
304 else
305 executable_stack = EXSTACK_DEFAULT;
306 }
307
308 retval = -ENOEXEC;
309 if (stack_size == 0)
310 goto error;
311
312 if (elf_check_const_displacement(&interp_params.hdr))
313 interp_params.flags |= ELF_FDPIC_FLAG_CONSTDISP;
314
315 /* flush all traces of the currently running executable */
316 retval = flush_old_exec(bprm);
317 if (retval)
318 goto error;
319
320 /* there's now no turning back... the old userspace image is dead,
321 * defunct, deceased, etc. after this point we have to exit via
322 * error_kill */
323 set_personality(PER_LINUX_FDPIC);
324 if (elf_read_implies_exec(&exec_params.hdr, executable_stack))
325 current->personality |= READ_IMPLIES_EXEC;
326
327 setup_new_exec(bprm);
328
329 set_binfmt(&elf_fdpic_format);
330
331 current->mm->start_code = 0;
332 current->mm->end_code = 0;
333 current->mm->start_stack = 0;
334 current->mm->start_data = 0;
335 current->mm->end_data = 0;
336 current->mm->context.exec_fdpic_loadmap = 0;
337 current->mm->context.interp_fdpic_loadmap = 0;
338
339#ifdef CONFIG_MMU
340 elf_fdpic_arch_lay_out_mm(&exec_params,
341 &interp_params,
342 ¤t->mm->start_stack,
343 ¤t->mm->start_brk);
344
345 retval = setup_arg_pages(bprm, current->mm->start_stack,
346 executable_stack);
347 if (retval < 0) {
348 send_sig(SIGKILL, current, 0);
349 goto error_kill;
350 }
351#endif
352
353 /* load the executable and interpreter into memory */
354 retval = elf_fdpic_map_file(&exec_params, bprm->file, current->mm,
355 "executable");
356 if (retval < 0)
357 goto error_kill;
358
359 if (interpreter_name) {
360 retval = elf_fdpic_map_file(&interp_params, interpreter,
361 current->mm, "interpreter");
362 if (retval < 0) {
363 printk(KERN_ERR "Unable to load interpreter\n");
364 goto error_kill;
365 }
366
367 allow_write_access(interpreter);
368 fput(interpreter);
369 interpreter = NULL;
370 }
371
372#ifdef CONFIG_MMU
373 if (!current->mm->start_brk)
374 current->mm->start_brk = current->mm->end_data;
375
376 current->mm->brk = current->mm->start_brk =
377 PAGE_ALIGN(current->mm->start_brk);
378
379#else
380 /* create a stack and brk area big enough for everyone
381 * - the brk heap starts at the bottom and works up
382 * - the stack starts at the top and works down
383 */
384 stack_size = (stack_size + PAGE_SIZE - 1) & PAGE_MASK;
385 if (stack_size < PAGE_SIZE * 2)
386 stack_size = PAGE_SIZE * 2;
387
388 stack_prot = PROT_READ | PROT_WRITE;
389 if (executable_stack == EXSTACK_ENABLE_X ||
390 (executable_stack == EXSTACK_DEFAULT && VM_STACK_FLAGS & VM_EXEC))
391 stack_prot |= PROT_EXEC;
392
393 current->mm->start_brk = vm_mmap(NULL, 0, stack_size, stack_prot,
394 MAP_PRIVATE | MAP_ANONYMOUS |
395 MAP_UNINITIALIZED | MAP_GROWSDOWN,
396 0);
397
398 if (IS_ERR_VALUE(current->mm->start_brk)) {
399 retval = current->mm->start_brk;
400 current->mm->start_brk = 0;
401 goto error_kill;
402 }
403
404 current->mm->brk = current->mm->start_brk;
405 current->mm->context.end_brk = current->mm->start_brk;
406 current->mm->context.end_brk +=
407 (stack_size > PAGE_SIZE) ? (stack_size - PAGE_SIZE) : 0;
408 current->mm->start_stack = current->mm->start_brk + stack_size;
409#endif
410
411 install_exec_creds(bprm);
412 if (create_elf_fdpic_tables(bprm, current->mm,
413 &exec_params, &interp_params) < 0)
414 goto error_kill;
415
416 kdebug("- start_code %lx", current->mm->start_code);
417 kdebug("- end_code %lx", current->mm->end_code);
418 kdebug("- start_data %lx", current->mm->start_data);
419 kdebug("- end_data %lx", current->mm->end_data);
420 kdebug("- start_brk %lx", current->mm->start_brk);
421 kdebug("- brk %lx", current->mm->brk);
422 kdebug("- start_stack %lx", current->mm->start_stack);
423
424#ifdef ELF_FDPIC_PLAT_INIT
425 /*
426 * The ABI may specify that certain registers be set up in special
427 * ways (on i386 %edx is the address of a DT_FINI function, for
428 * example. This macro performs whatever initialization to
429 * the regs structure is required.
430 */
431 dynaddr = interp_params.dynamic_addr ?: exec_params.dynamic_addr;
432 ELF_FDPIC_PLAT_INIT(regs, exec_params.map_addr, interp_params.map_addr,
433 dynaddr);
434#endif
435
436 /* everything is now ready... get the userspace context ready to roll */
437 entryaddr = interp_params.entry_addr ?: exec_params.entry_addr;
438 start_thread(regs, entryaddr, current->mm->start_stack);
439
440 retval = 0;
441
442error:
443 if (interpreter) {
444 allow_write_access(interpreter);
445 fput(interpreter);
446 }
447 kfree(interpreter_name);
448 kfree(exec_params.phdrs);
449 kfree(exec_params.loadmap);
450 kfree(interp_params.phdrs);
451 kfree(interp_params.loadmap);
452 return retval;
453
454 /* unrecoverable error - kill the process */
455error_kill:
456 send_sig(SIGSEGV, current, 0);
457 goto error;
458
459}
460
461/*****************************************************************************/
462
463#ifndef ELF_BASE_PLATFORM
464/*
465 * AT_BASE_PLATFORM indicates the "real" hardware/microarchitecture.
466 * If the arch defines ELF_BASE_PLATFORM (in asm/elf.h), the value
467 * will be copied to the user stack in the same manner as AT_PLATFORM.
468 */
469#define ELF_BASE_PLATFORM NULL
470#endif
471
472/*
473 * present useful information to the program by shovelling it onto the new
474 * process's stack
475 */
476static int create_elf_fdpic_tables(struct linux_binprm *bprm,
477 struct mm_struct *mm,
478 struct elf_fdpic_params *exec_params,
479 struct elf_fdpic_params *interp_params)
480{
481 const struct cred *cred = current_cred();
482 unsigned long sp, csp, nitems;
483 elf_caddr_t __user *argv, *envp;
484 size_t platform_len = 0, len;
485 char *k_platform, *k_base_platform;
486 char __user *u_platform, *u_base_platform, *p;
487 long hwcap;
488 int loop;
489 int nr; /* reset for each csp adjustment */
490
491#ifdef CONFIG_MMU
492 /* In some cases (e.g. Hyper-Threading), we want to avoid L1 evictions
493 * by the processes running on the same package. One thing we can do is
494 * to shuffle the initial stack for them, so we give the architecture
495 * an opportunity to do so here.
496 */
497 sp = arch_align_stack(bprm->p);
498#else
499 sp = mm->start_stack;
500
501 /* stack the program arguments and environment */
502 if (elf_fdpic_transfer_args_to_stack(bprm, &sp) < 0)
503 return -EFAULT;
504#endif
505
506 hwcap = ELF_HWCAP;
507
508 /*
509 * If this architecture has a platform capability string, copy it
510 * to userspace. In some cases (Sparc), this info is impossible
511 * for userspace to get any other way, in others (i386) it is
512 * merely difficult.
513 */
514 k_platform = ELF_PLATFORM;
515 u_platform = NULL;
516
517 if (k_platform) {
518 platform_len = strlen(k_platform) + 1;
519 sp -= platform_len;
520 u_platform = (char __user *) sp;
521 if (__copy_to_user(u_platform, k_platform, platform_len) != 0)
522 return -EFAULT;
523 }
524
525 /*
526 * If this architecture has a "base" platform capability
527 * string, copy it to userspace.
528 */
529 k_base_platform = ELF_BASE_PLATFORM;
530 u_base_platform = NULL;
531
532 if (k_base_platform) {
533 platform_len = strlen(k_base_platform) + 1;
534 sp -= platform_len;
535 u_base_platform = (char __user *) sp;
536 if (__copy_to_user(u_base_platform, k_base_platform, platform_len) != 0)
537 return -EFAULT;
538 }
539
540 sp &= ~7UL;
541
542 /* stack the load map(s) */
543 len = sizeof(struct elf32_fdpic_loadmap);
544 len += sizeof(struct elf32_fdpic_loadseg) * exec_params->loadmap->nsegs;
545 sp = (sp - len) & ~7UL;
546 exec_params->map_addr = sp;
547
548 if (copy_to_user((void __user *) sp, exec_params->loadmap, len) != 0)
549 return -EFAULT;
550
551 current->mm->context.exec_fdpic_loadmap = (unsigned long) sp;
552
553 if (interp_params->loadmap) {
554 len = sizeof(struct elf32_fdpic_loadmap);
555 len += sizeof(struct elf32_fdpic_loadseg) *
556 interp_params->loadmap->nsegs;
557 sp = (sp - len) & ~7UL;
558 interp_params->map_addr = sp;
559
560 if (copy_to_user((void __user *) sp, interp_params->loadmap,
561 len) != 0)
562 return -EFAULT;
563
564 current->mm->context.interp_fdpic_loadmap = (unsigned long) sp;
565 }
566
567 /* force 16 byte _final_ alignment here for generality */
568#define DLINFO_ITEMS 15
569
570 nitems = 1 + DLINFO_ITEMS + (k_platform ? 1 : 0) +
571 (k_base_platform ? 1 : 0) + AT_VECTOR_SIZE_ARCH;
572
573 if (bprm->interp_flags & BINPRM_FLAGS_EXECFD)
574 nitems++;
575
576 csp = sp;
577 sp -= nitems * 2 * sizeof(unsigned long);
578 sp -= (bprm->envc + 1) * sizeof(char *); /* envv[] */
579 sp -= (bprm->argc + 1) * sizeof(char *); /* argv[] */
580 sp -= 1 * sizeof(unsigned long); /* argc */
581
582 csp -= sp & 15UL;
583 sp -= sp & 15UL;
584
585 /* put the ELF interpreter info on the stack */
586#define NEW_AUX_ENT(id, val) \
587 do { \
588 struct { unsigned long _id, _val; } __user *ent; \
589 \
590 ent = (void __user *) csp; \
591 __put_user((id), &ent[nr]._id); \
592 __put_user((val), &ent[nr]._val); \
593 nr++; \
594 } while (0)
595
596 nr = 0;
597 csp -= 2 * sizeof(unsigned long);
598 NEW_AUX_ENT(AT_NULL, 0);
599 if (k_platform) {
600 nr = 0;
601 csp -= 2 * sizeof(unsigned long);
602 NEW_AUX_ENT(AT_PLATFORM,
603 (elf_addr_t) (unsigned long) u_platform);
604 }
605
606 if (k_base_platform) {
607 nr = 0;
608 csp -= 2 * sizeof(unsigned long);
609 NEW_AUX_ENT(AT_BASE_PLATFORM,
610 (elf_addr_t) (unsigned long) u_base_platform);
611 }
612
613 if (bprm->interp_flags & BINPRM_FLAGS_EXECFD) {
614 nr = 0;
615 csp -= 2 * sizeof(unsigned long);
616 NEW_AUX_ENT(AT_EXECFD, bprm->interp_data);
617 }
618
619 nr = 0;
620 csp -= DLINFO_ITEMS * 2 * sizeof(unsigned long);
621 NEW_AUX_ENT(AT_HWCAP, hwcap);
622 NEW_AUX_ENT(AT_PAGESZ, PAGE_SIZE);
623 NEW_AUX_ENT(AT_CLKTCK, CLOCKS_PER_SEC);
624 NEW_AUX_ENT(AT_PHDR, exec_params->ph_addr);
625 NEW_AUX_ENT(AT_PHENT, sizeof(struct elf_phdr));
626 NEW_AUX_ENT(AT_PHNUM, exec_params->hdr.e_phnum);
627 NEW_AUX_ENT(AT_BASE, interp_params->elfhdr_addr);
628 NEW_AUX_ENT(AT_FLAGS, 0);
629 NEW_AUX_ENT(AT_ENTRY, exec_params->entry_addr);
630 NEW_AUX_ENT(AT_UID, (elf_addr_t) from_kuid_munged(cred->user_ns, cred->uid));
631 NEW_AUX_ENT(AT_EUID, (elf_addr_t) from_kuid_munged(cred->user_ns, cred->euid));
632 NEW_AUX_ENT(AT_GID, (elf_addr_t) from_kgid_munged(cred->user_ns, cred->gid));
633 NEW_AUX_ENT(AT_EGID, (elf_addr_t) from_kgid_munged(cred->user_ns, cred->egid));
634 NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm));
635 NEW_AUX_ENT(AT_EXECFN, bprm->exec);
636
637#ifdef ARCH_DLINFO
638 nr = 0;
639 csp -= AT_VECTOR_SIZE_ARCH * 2 * sizeof(unsigned long);
640
641 /* ARCH_DLINFO must come last so platform specific code can enforce
642 * special alignment requirements on the AUXV if necessary (eg. PPC).
643 */
644 ARCH_DLINFO;
645#endif
646#undef NEW_AUX_ENT
647
648 /* allocate room for argv[] and envv[] */
649 csp -= (bprm->envc + 1) * sizeof(elf_caddr_t);
650 envp = (elf_caddr_t __user *) csp;
651 csp -= (bprm->argc + 1) * sizeof(elf_caddr_t);
652 argv = (elf_caddr_t __user *) csp;
653
654 /* stack argc */
655 csp -= sizeof(unsigned long);
656 __put_user(bprm->argc, (unsigned long __user *) csp);
657
658 BUG_ON(csp != sp);
659
660 /* fill in the argv[] array */
661#ifdef CONFIG_MMU
662 current->mm->arg_start = bprm->p;
663#else
664 current->mm->arg_start = current->mm->start_stack -
665 (MAX_ARG_PAGES * PAGE_SIZE - bprm->p);
666#endif
667
668 p = (char __user *) current->mm->arg_start;
669 for (loop = bprm->argc; loop > 0; loop--) {
670 __put_user((elf_caddr_t) p, argv++);
671 len = strnlen_user(p, MAX_ARG_STRLEN);
672 if (!len || len > MAX_ARG_STRLEN)
673 return -EINVAL;
674 p += len;
675 }
676 __put_user(NULL, argv);
677 current->mm->arg_end = (unsigned long) p;
678
679 /* fill in the envv[] array */
680 current->mm->env_start = (unsigned long) p;
681 for (loop = bprm->envc; loop > 0; loop--) {
682 __put_user((elf_caddr_t)(unsigned long) p, envp++);
683 len = strnlen_user(p, MAX_ARG_STRLEN);
684 if (!len || len > MAX_ARG_STRLEN)
685 return -EINVAL;
686 p += len;
687 }
688 __put_user(NULL, envp);
689 current->mm->env_end = (unsigned long) p;
690
691 mm->start_stack = (unsigned long) sp;
692 return 0;
693}
694
695/*****************************************************************************/
696/*
697 * transfer the program arguments and environment from the holding pages onto
698 * the stack
699 */
700#ifndef CONFIG_MMU
701static int elf_fdpic_transfer_args_to_stack(struct linux_binprm *bprm,
702 unsigned long *_sp)
703{
704 unsigned long index, stop, sp;
705 char *src;
706 int ret = 0;
707
708 stop = bprm->p >> PAGE_SHIFT;
709 sp = *_sp;
710
711 for (index = MAX_ARG_PAGES - 1; index >= stop; index--) {
712 src = kmap(bprm->page[index]);
713 sp -= PAGE_SIZE;
714 if (copy_to_user((void *) sp, src, PAGE_SIZE) != 0)
715 ret = -EFAULT;
716 kunmap(bprm->page[index]);
717 if (ret < 0)
718 goto out;
719 }
720
721 *_sp = (*_sp - (MAX_ARG_PAGES * PAGE_SIZE - bprm->p)) & ~15;
722
723out:
724 return ret;
725}
726#endif
727
728/*****************************************************************************/
729/*
730 * load the appropriate binary image (executable or interpreter) into memory
731 * - we assume no MMU is available
732 * - if no other PIC bits are set in params->hdr->e_flags
733 * - we assume that the LOADable segments in the binary are independently relocatable
734 * - we assume R/O executable segments are shareable
735 * - else
736 * - we assume the loadable parts of the image to require fixed displacement
737 * - the image is not shareable
738 */
739static int elf_fdpic_map_file(struct elf_fdpic_params *params,
740 struct file *file,
741 struct mm_struct *mm,
742 const char *what)
743{
744 struct elf32_fdpic_loadmap *loadmap;
745#ifdef CONFIG_MMU
746 struct elf32_fdpic_loadseg *mseg;
747#endif
748 struct elf32_fdpic_loadseg *seg;
749 struct elf32_phdr *phdr;
750 unsigned long load_addr, stop;
751 unsigned nloads, tmp;
752 size_t size;
753 int loop, ret;
754
755 /* allocate a load map table */
756 nloads = 0;
757 for (loop = 0; loop < params->hdr.e_phnum; loop++)
758 if (params->phdrs[loop].p_type == PT_LOAD)
759 nloads++;
760
761 if (nloads == 0)
762 return -ELIBBAD;
763
764 size = sizeof(*loadmap) + nloads * sizeof(*seg);
765 loadmap = kzalloc(size, GFP_KERNEL);
766 if (!loadmap)
767 return -ENOMEM;
768
769 params->loadmap = loadmap;
770
771 loadmap->version = ELF32_FDPIC_LOADMAP_VERSION;
772 loadmap->nsegs = nloads;
773
774 load_addr = params->load_addr;
775 seg = loadmap->segs;
776
777 /* map the requested LOADs into the memory space */
778 switch (params->flags & ELF_FDPIC_FLAG_ARRANGEMENT) {
779 case ELF_FDPIC_FLAG_CONSTDISP:
780 case ELF_FDPIC_FLAG_CONTIGUOUS:
781#ifndef CONFIG_MMU
782 ret = elf_fdpic_map_file_constdisp_on_uclinux(params, file, mm);
783 if (ret < 0)
784 return ret;
785 break;
786#endif
787 default:
788 ret = elf_fdpic_map_file_by_direct_mmap(params, file, mm);
789 if (ret < 0)
790 return ret;
791 break;
792 }
793
794 /* map the entry point */
795 if (params->hdr.e_entry) {
796 seg = loadmap->segs;
797 for (loop = loadmap->nsegs; loop > 0; loop--, seg++) {
798 if (params->hdr.e_entry >= seg->p_vaddr &&
799 params->hdr.e_entry < seg->p_vaddr + seg->p_memsz) {
800 params->entry_addr =
801 (params->hdr.e_entry - seg->p_vaddr) +
802 seg->addr;
803 break;
804 }
805 }
806 }
807
808 /* determine where the program header table has wound up if mapped */
809 stop = params->hdr.e_phoff;
810 stop += params->hdr.e_phnum * sizeof (struct elf_phdr);
811 phdr = params->phdrs;
812
813 for (loop = 0; loop < params->hdr.e_phnum; loop++, phdr++) {
814 if (phdr->p_type != PT_LOAD)
815 continue;
816
817 if (phdr->p_offset > params->hdr.e_phoff ||
818 phdr->p_offset + phdr->p_filesz < stop)
819 continue;
820
821 seg = loadmap->segs;
822 for (loop = loadmap->nsegs; loop > 0; loop--, seg++) {
823 if (phdr->p_vaddr >= seg->p_vaddr &&
824 phdr->p_vaddr + phdr->p_filesz <=
825 seg->p_vaddr + seg->p_memsz) {
826 params->ph_addr =
827 (phdr->p_vaddr - seg->p_vaddr) +
828 seg->addr +
829 params->hdr.e_phoff - phdr->p_offset;
830 break;
831 }
832 }
833 break;
834 }
835
836 /* determine where the dynamic section has wound up if there is one */
837 phdr = params->phdrs;
838 for (loop = 0; loop < params->hdr.e_phnum; loop++, phdr++) {
839 if (phdr->p_type != PT_DYNAMIC)
840 continue;
841
842 seg = loadmap->segs;
843 for (loop = loadmap->nsegs; loop > 0; loop--, seg++) {
844 if (phdr->p_vaddr >= seg->p_vaddr &&
845 phdr->p_vaddr + phdr->p_memsz <=
846 seg->p_vaddr + seg->p_memsz) {
847 params->dynamic_addr =
848 (phdr->p_vaddr - seg->p_vaddr) +
849 seg->addr;
850
851 /* check the dynamic section contains at least
852 * one item, and that the last item is a NULL
853 * entry */
854 if (phdr->p_memsz == 0 ||
855 phdr->p_memsz % sizeof(Elf32_Dyn) != 0)
856 goto dynamic_error;
857
858 tmp = phdr->p_memsz / sizeof(Elf32_Dyn);
859 if (((Elf32_Dyn *)
860 params->dynamic_addr)[tmp - 1].d_tag != 0)
861 goto dynamic_error;
862 break;
863 }
864 }
865 break;
866 }
867
868 /* now elide adjacent segments in the load map on MMU linux
869 * - on uClinux the holes between may actually be filled with system
870 * stuff or stuff from other processes
871 */
872#ifdef CONFIG_MMU
873 nloads = loadmap->nsegs;
874 mseg = loadmap->segs;
875 seg = mseg + 1;
876 for (loop = 1; loop < nloads; loop++) {
877 /* see if we have a candidate for merging */
878 if (seg->p_vaddr - mseg->p_vaddr == seg->addr - mseg->addr) {
879 load_addr = PAGE_ALIGN(mseg->addr + mseg->p_memsz);
880 if (load_addr == (seg->addr & PAGE_MASK)) {
881 mseg->p_memsz +=
882 load_addr -
883 (mseg->addr + mseg->p_memsz);
884 mseg->p_memsz += seg->addr & ~PAGE_MASK;
885 mseg->p_memsz += seg->p_memsz;
886 loadmap->nsegs--;
887 continue;
888 }
889 }
890
891 mseg++;
892 if (mseg != seg)
893 *mseg = *seg;
894 }
895#endif
896
897 kdebug("Mapped Object [%s]:", what);
898 kdebug("- elfhdr : %lx", params->elfhdr_addr);
899 kdebug("- entry : %lx", params->entry_addr);
900 kdebug("- PHDR[] : %lx", params->ph_addr);
901 kdebug("- DYNAMIC[]: %lx", params->dynamic_addr);
902 seg = loadmap->segs;
903 for (loop = 0; loop < loadmap->nsegs; loop++, seg++)
904 kdebug("- LOAD[%d] : %08x-%08x [va=%x ms=%x]",
905 loop,
906 seg->addr, seg->addr + seg->p_memsz - 1,
907 seg->p_vaddr, seg->p_memsz);
908
909 return 0;
910
911dynamic_error:
912 printk("ELF FDPIC %s with invalid DYNAMIC section (inode=%lu)\n",
913 what, file->f_path.dentry->d_inode->i_ino);
914 return -ELIBBAD;
915}
916
917/*****************************************************************************/
918/*
919 * map a file with constant displacement under uClinux
920 */
921#ifndef CONFIG_MMU
922static int elf_fdpic_map_file_constdisp_on_uclinux(
923 struct elf_fdpic_params *params,
924 struct file *file,
925 struct mm_struct *mm)
926{
927 struct elf32_fdpic_loadseg *seg;
928 struct elf32_phdr *phdr;
929 unsigned long load_addr, base = ULONG_MAX, top = 0, maddr = 0, mflags;
930 loff_t fpos;
931 int loop, ret;
932
933 load_addr = params->load_addr;
934 seg = params->loadmap->segs;
935
936 /* determine the bounds of the contiguous overall allocation we must
937 * make */
938 phdr = params->phdrs;
939 for (loop = 0; loop < params->hdr.e_phnum; loop++, phdr++) {
940 if (params->phdrs[loop].p_type != PT_LOAD)
941 continue;
942
943 if (base > phdr->p_vaddr)
944 base = phdr->p_vaddr;
945 if (top < phdr->p_vaddr + phdr->p_memsz)
946 top = phdr->p_vaddr + phdr->p_memsz;
947 }
948
949 /* allocate one big anon block for everything */
950 mflags = MAP_PRIVATE;
951 if (params->flags & ELF_FDPIC_FLAG_EXECUTABLE)
952 mflags |= MAP_EXECUTABLE;
953
954 maddr = vm_mmap(NULL, load_addr, top - base,
955 PROT_READ | PROT_WRITE | PROT_EXEC, mflags, 0);
956 if (IS_ERR_VALUE(maddr))
957 return (int) maddr;
958
959 if (load_addr != 0)
960 load_addr += PAGE_ALIGN(top - base);
961
962 /* and then load the file segments into it */
963 phdr = params->phdrs;
964 for (loop = 0; loop < params->hdr.e_phnum; loop++, phdr++) {
965 if (params->phdrs[loop].p_type != PT_LOAD)
966 continue;
967
968 fpos = phdr->p_offset;
969
970 seg->addr = maddr + (phdr->p_vaddr - base);
971 seg->p_vaddr = phdr->p_vaddr;
972 seg->p_memsz = phdr->p_memsz;
973
974 ret = file->f_op->read(file, (void *) seg->addr,
975 phdr->p_filesz, &fpos);
976 if (ret < 0)
977 return ret;
978
979 /* map the ELF header address if in this segment */
980 if (phdr->p_offset == 0)
981 params->elfhdr_addr = seg->addr;
982
983 /* clear any space allocated but not loaded */
984 if (phdr->p_filesz < phdr->p_memsz) {
985 if (clear_user((void *) (seg->addr + phdr->p_filesz),
986 phdr->p_memsz - phdr->p_filesz))
987 return -EFAULT;
988 }
989
990 if (mm) {
991 if (phdr->p_flags & PF_X) {
992 if (!mm->start_code) {
993 mm->start_code = seg->addr;
994 mm->end_code = seg->addr +
995 phdr->p_memsz;
996 }
997 } else if (!mm->start_data) {
998 mm->start_data = seg->addr;
999 mm->end_data = seg->addr + phdr->p_memsz;
1000 }
1001 }
1002
1003 seg++;
1004 }
1005
1006 return 0;
1007}
1008#endif
1009
1010/*****************************************************************************/
1011/*
1012 * map a binary by direct mmap() of the individual PT_LOAD segments
1013 */
1014static int elf_fdpic_map_file_by_direct_mmap(struct elf_fdpic_params *params,
1015 struct file *file,
1016 struct mm_struct *mm)
1017{
1018 struct elf32_fdpic_loadseg *seg;
1019 struct elf32_phdr *phdr;
1020 unsigned long load_addr, delta_vaddr;
1021 int loop, dvset;
1022
1023 load_addr = params->load_addr;
1024 delta_vaddr = 0;
1025 dvset = 0;
1026
1027 seg = params->loadmap->segs;
1028
1029 /* deal with each load segment separately */
1030 phdr = params->phdrs;
1031 for (loop = 0; loop < params->hdr.e_phnum; loop++, phdr++) {
1032 unsigned long maddr, disp, excess, excess1;
1033 int prot = 0, flags;
1034
1035 if (phdr->p_type != PT_LOAD)
1036 continue;
1037
1038 kdebug("[LOAD] va=%lx of=%lx fs=%lx ms=%lx",
1039 (unsigned long) phdr->p_vaddr,
1040 (unsigned long) phdr->p_offset,
1041 (unsigned long) phdr->p_filesz,
1042 (unsigned long) phdr->p_memsz);
1043
1044 /* determine the mapping parameters */
1045 if (phdr->p_flags & PF_R) prot |= PROT_READ;
1046 if (phdr->p_flags & PF_W) prot |= PROT_WRITE;
1047 if (phdr->p_flags & PF_X) prot |= PROT_EXEC;
1048
1049 flags = MAP_PRIVATE | MAP_DENYWRITE;
1050 if (params->flags & ELF_FDPIC_FLAG_EXECUTABLE)
1051 flags |= MAP_EXECUTABLE;
1052
1053 maddr = 0;
1054
1055 switch (params->flags & ELF_FDPIC_FLAG_ARRANGEMENT) {
1056 case ELF_FDPIC_FLAG_INDEPENDENT:
1057 /* PT_LOADs are independently locatable */
1058 break;
1059
1060 case ELF_FDPIC_FLAG_HONOURVADDR:
1061 /* the specified virtual address must be honoured */
1062 maddr = phdr->p_vaddr;
1063 flags |= MAP_FIXED;
1064 break;
1065
1066 case ELF_FDPIC_FLAG_CONSTDISP:
1067 /* constant displacement
1068 * - can be mapped anywhere, but must be mapped as a
1069 * unit
1070 */
1071 if (!dvset) {
1072 maddr = load_addr;
1073 delta_vaddr = phdr->p_vaddr;
1074 dvset = 1;
1075 } else {
1076 maddr = load_addr + phdr->p_vaddr - delta_vaddr;
1077 flags |= MAP_FIXED;
1078 }
1079 break;
1080
1081 case ELF_FDPIC_FLAG_CONTIGUOUS:
1082 /* contiguity handled later */
1083 break;
1084
1085 default:
1086 BUG();
1087 }
1088
1089 maddr &= PAGE_MASK;
1090
1091 /* create the mapping */
1092 disp = phdr->p_vaddr & ~PAGE_MASK;
1093 maddr = vm_mmap(file, maddr, phdr->p_memsz + disp, prot, flags,
1094 phdr->p_offset - disp);
1095
1096 kdebug("mmap[%d] <file> sz=%lx pr=%x fl=%x of=%lx --> %08lx",
1097 loop, phdr->p_memsz + disp, prot, flags,
1098 phdr->p_offset - disp, maddr);
1099
1100 if (IS_ERR_VALUE(maddr))
1101 return (int) maddr;
1102
1103 if ((params->flags & ELF_FDPIC_FLAG_ARRANGEMENT) ==
1104 ELF_FDPIC_FLAG_CONTIGUOUS)
1105 load_addr += PAGE_ALIGN(phdr->p_memsz + disp);
1106
1107 seg->addr = maddr + disp;
1108 seg->p_vaddr = phdr->p_vaddr;
1109 seg->p_memsz = phdr->p_memsz;
1110
1111 /* map the ELF header address if in this segment */
1112 if (phdr->p_offset == 0)
1113 params->elfhdr_addr = seg->addr;
1114
1115 /* clear the bit between beginning of mapping and beginning of
1116 * PT_LOAD */
1117 if (prot & PROT_WRITE && disp > 0) {
1118 kdebug("clear[%d] ad=%lx sz=%lx", loop, maddr, disp);
1119 if (clear_user((void __user *) maddr, disp))
1120 return -EFAULT;
1121 maddr += disp;
1122 }
1123
1124 /* clear any space allocated but not loaded
1125 * - on uClinux we can just clear the lot
1126 * - on MMU linux we'll get a SIGBUS beyond the last page
1127 * extant in the file
1128 */
1129 excess = phdr->p_memsz - phdr->p_filesz;
1130 excess1 = PAGE_SIZE - ((maddr + phdr->p_filesz) & ~PAGE_MASK);
1131
1132#ifdef CONFIG_MMU
1133 if (excess > excess1) {
1134 unsigned long xaddr = maddr + phdr->p_filesz + excess1;
1135 unsigned long xmaddr;
1136
1137 flags |= MAP_FIXED | MAP_ANONYMOUS;
1138 xmaddr = vm_mmap(NULL, xaddr, excess - excess1,
1139 prot, flags, 0);
1140
1141 kdebug("mmap[%d] <anon>"
1142 " ad=%lx sz=%lx pr=%x fl=%x of=0 --> %08lx",
1143 loop, xaddr, excess - excess1, prot, flags,
1144 xmaddr);
1145
1146 if (xmaddr != xaddr)
1147 return -ENOMEM;
1148 }
1149
1150 if (prot & PROT_WRITE && excess1 > 0) {
1151 kdebug("clear[%d] ad=%lx sz=%lx",
1152 loop, maddr + phdr->p_filesz, excess1);
1153 if (clear_user((void __user *) maddr + phdr->p_filesz,
1154 excess1))
1155 return -EFAULT;
1156 }
1157
1158#else
1159 if (excess > 0) {
1160 kdebug("clear[%d] ad=%lx sz=%lx",
1161 loop, maddr + phdr->p_filesz, excess);
1162 if (clear_user((void *) maddr + phdr->p_filesz, excess))
1163 return -EFAULT;
1164 }
1165#endif
1166
1167 if (mm) {
1168 if (phdr->p_flags & PF_X) {
1169 if (!mm->start_code) {
1170 mm->start_code = maddr;
1171 mm->end_code = maddr + phdr->p_memsz;
1172 }
1173 } else if (!mm->start_data) {
1174 mm->start_data = maddr;
1175 mm->end_data = maddr + phdr->p_memsz;
1176 }
1177 }
1178
1179 seg++;
1180 }
1181
1182 return 0;
1183}
1184
1185/*****************************************************************************/
1186/*
1187 * ELF-FDPIC core dumper
1188 *
1189 * Modelled on fs/exec.c:aout_core_dump()
1190 * Jeremy Fitzhardinge <jeremy@sw.oz.au>
1191 *
1192 * Modelled on fs/binfmt_elf.c core dumper
1193 */
1194#ifdef CONFIG_ELF_CORE
1195
1196/*
1197 * Decide whether a segment is worth dumping; default is yes to be
1198 * sure (missing info is worse than too much; etc).
1199 * Personally I'd include everything, and use the coredump limit...
1200 *
1201 * I think we should skip something. But I am not sure how. H.J.
1202 */
1203static int maydump(struct vm_area_struct *vma, unsigned long mm_flags)
1204{
1205 int dump_ok;
1206
1207 /* Do not dump I/O mapped devices or special mappings */
1208 if (vma->vm_flags & (VM_IO | VM_RESERVED)) {
1209 kdcore("%08lx: %08lx: no (IO)", vma->vm_start, vma->vm_flags);
1210 return 0;
1211 }
1212
1213 /* If we may not read the contents, don't allow us to dump
1214 * them either. "dump_write()" can't handle it anyway.
1215 */
1216 if (!(vma->vm_flags & VM_READ)) {
1217 kdcore("%08lx: %08lx: no (!read)", vma->vm_start, vma->vm_flags);
1218 return 0;
1219 }
1220
1221 /* By default, dump shared memory if mapped from an anonymous file. */
1222 if (vma->vm_flags & VM_SHARED) {
1223 if (vma->vm_file->f_path.dentry->d_inode->i_nlink == 0) {
1224 dump_ok = test_bit(MMF_DUMP_ANON_SHARED, &mm_flags);
1225 kdcore("%08lx: %08lx: %s (share)", vma->vm_start,
1226 vma->vm_flags, dump_ok ? "yes" : "no");
1227 return dump_ok;
1228 }
1229
1230 dump_ok = test_bit(MMF_DUMP_MAPPED_SHARED, &mm_flags);
1231 kdcore("%08lx: %08lx: %s (share)", vma->vm_start,
1232 vma->vm_flags, dump_ok ? "yes" : "no");
1233 return dump_ok;
1234 }
1235
1236#ifdef CONFIG_MMU
1237 /* By default, if it hasn't been written to, don't write it out */
1238 if (!vma->anon_vma) {
1239 dump_ok = test_bit(MMF_DUMP_MAPPED_PRIVATE, &mm_flags);
1240 kdcore("%08lx: %08lx: %s (!anon)", vma->vm_start,
1241 vma->vm_flags, dump_ok ? "yes" : "no");
1242 return dump_ok;
1243 }
1244#endif
1245
1246 dump_ok = test_bit(MMF_DUMP_ANON_PRIVATE, &mm_flags);
1247 kdcore("%08lx: %08lx: %s", vma->vm_start, vma->vm_flags,
1248 dump_ok ? "yes" : "no");
1249 return dump_ok;
1250}
1251
1252/* An ELF note in memory */
1253struct memelfnote
1254{
1255 const char *name;
1256 int type;
1257 unsigned int datasz;
1258 void *data;
1259};
1260
1261static int notesize(struct memelfnote *en)
1262{
1263 int sz;
1264
1265 sz = sizeof(struct elf_note);
1266 sz += roundup(strlen(en->name) + 1, 4);
1267 sz += roundup(en->datasz, 4);
1268
1269 return sz;
1270}
1271
1272/* #define DEBUG */
1273
1274#define DUMP_WRITE(addr, nr, foffset) \
1275 do { if (!dump_write(file, (addr), (nr))) return 0; *foffset += (nr); } while(0)
1276
1277static int alignfile(struct file *file, loff_t *foffset)
1278{
1279 static const char buf[4] = { 0, };
1280 DUMP_WRITE(buf, roundup(*foffset, 4) - *foffset, foffset);
1281 return 1;
1282}
1283
1284static int writenote(struct memelfnote *men, struct file *file,
1285 loff_t *foffset)
1286{
1287 struct elf_note en;
1288 en.n_namesz = strlen(men->name) + 1;
1289 en.n_descsz = men->datasz;
1290 en.n_type = men->type;
1291
1292 DUMP_WRITE(&en, sizeof(en), foffset);
1293 DUMP_WRITE(men->name, en.n_namesz, foffset);
1294 if (!alignfile(file, foffset))
1295 return 0;
1296 DUMP_WRITE(men->data, men->datasz, foffset);
1297 if (!alignfile(file, foffset))
1298 return 0;
1299
1300 return 1;
1301}
1302#undef DUMP_WRITE
1303
1304static inline void fill_elf_fdpic_header(struct elfhdr *elf, int segs)
1305{
1306 memcpy(elf->e_ident, ELFMAG, SELFMAG);
1307 elf->e_ident[EI_CLASS] = ELF_CLASS;
1308 elf->e_ident[EI_DATA] = ELF_DATA;
1309 elf->e_ident[EI_VERSION] = EV_CURRENT;
1310 elf->e_ident[EI_OSABI] = ELF_OSABI;
1311 memset(elf->e_ident+EI_PAD, 0, EI_NIDENT-EI_PAD);
1312
1313 elf->e_type = ET_CORE;
1314 elf->e_machine = ELF_ARCH;
1315 elf->e_version = EV_CURRENT;
1316 elf->e_entry = 0;
1317 elf->e_phoff = sizeof(struct elfhdr);
1318 elf->e_shoff = 0;
1319 elf->e_flags = ELF_FDPIC_CORE_EFLAGS;
1320 elf->e_ehsize = sizeof(struct elfhdr);
1321 elf->e_phentsize = sizeof(struct elf_phdr);
1322 elf->e_phnum = segs;
1323 elf->e_shentsize = 0;
1324 elf->e_shnum = 0;
1325 elf->e_shstrndx = 0;
1326 return;
1327}
1328
1329static inline void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, loff_t offset)
1330{
1331 phdr->p_type = PT_NOTE;
1332 phdr->p_offset = offset;
1333 phdr->p_vaddr = 0;
1334 phdr->p_paddr = 0;
1335 phdr->p_filesz = sz;
1336 phdr->p_memsz = 0;
1337 phdr->p_flags = 0;
1338 phdr->p_align = 0;
1339 return;
1340}
1341
1342static inline void fill_note(struct memelfnote *note, const char *name, int type,
1343 unsigned int sz, void *data)
1344{
1345 note->name = name;
1346 note->type = type;
1347 note->datasz = sz;
1348 note->data = data;
1349 return;
1350}
1351
1352/*
1353 * fill up all the fields in prstatus from the given task struct, except
1354 * registers which need to be filled up separately.
1355 */
1356static void fill_prstatus(struct elf_prstatus *prstatus,
1357 struct task_struct *p, long signr)
1358{
1359 prstatus->pr_info.si_signo = prstatus->pr_cursig = signr;
1360 prstatus->pr_sigpend = p->pending.signal.sig[0];
1361 prstatus->pr_sighold = p->blocked.sig[0];
1362 rcu_read_lock();
1363 prstatus->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1364 rcu_read_unlock();
1365 prstatus->pr_pid = task_pid_vnr(p);
1366 prstatus->pr_pgrp = task_pgrp_vnr(p);
1367 prstatus->pr_sid = task_session_vnr(p);
1368 if (thread_group_leader(p)) {
1369 struct task_cputime cputime;
1370
1371 /*
1372 * This is the record for the group leader. It shows the
1373 * group-wide total, not its individual thread total.
1374 */
1375 thread_group_cputime(p, &cputime);
1376 cputime_to_timeval(cputime.utime, &prstatus->pr_utime);
1377 cputime_to_timeval(cputime.stime, &prstatus->pr_stime);
1378 } else {
1379 cputime_to_timeval(p->utime, &prstatus->pr_utime);
1380 cputime_to_timeval(p->stime, &prstatus->pr_stime);
1381 }
1382 cputime_to_timeval(p->signal->cutime, &prstatus->pr_cutime);
1383 cputime_to_timeval(p->signal->cstime, &prstatus->pr_cstime);
1384
1385 prstatus->pr_exec_fdpic_loadmap = p->mm->context.exec_fdpic_loadmap;
1386 prstatus->pr_interp_fdpic_loadmap = p->mm->context.interp_fdpic_loadmap;
1387}
1388
1389static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p,
1390 struct mm_struct *mm)
1391{
1392 const struct cred *cred;
1393 unsigned int i, len;
1394
1395 /* first copy the parameters from user space */
1396 memset(psinfo, 0, sizeof(struct elf_prpsinfo));
1397
1398 len = mm->arg_end - mm->arg_start;
1399 if (len >= ELF_PRARGSZ)
1400 len = ELF_PRARGSZ - 1;
1401 if (copy_from_user(&psinfo->pr_psargs,
1402 (const char __user *) mm->arg_start, len))
1403 return -EFAULT;
1404 for (i = 0; i < len; i++)
1405 if (psinfo->pr_psargs[i] == 0)
1406 psinfo->pr_psargs[i] = ' ';
1407 psinfo->pr_psargs[len] = 0;
1408
1409 rcu_read_lock();
1410 psinfo->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1411 rcu_read_unlock();
1412 psinfo->pr_pid = task_pid_vnr(p);
1413 psinfo->pr_pgrp = task_pgrp_vnr(p);
1414 psinfo->pr_sid = task_session_vnr(p);
1415
1416 i = p->state ? ffz(~p->state) + 1 : 0;
1417 psinfo->pr_state = i;
1418 psinfo->pr_sname = (i > 5) ? '.' : "RSDTZW"[i];
1419 psinfo->pr_zomb = psinfo->pr_sname == 'Z';
1420 psinfo->pr_nice = task_nice(p);
1421 psinfo->pr_flag = p->flags;
1422 rcu_read_lock();
1423 cred = __task_cred(p);
1424 SET_UID(psinfo->pr_uid, from_kuid_munged(cred->user_ns, cred->uid));
1425 SET_GID(psinfo->pr_gid, from_kgid_munged(cred->user_ns, cred->gid));
1426 rcu_read_unlock();
1427 strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname));
1428
1429 return 0;
1430}
1431
1432/* Here is the structure in which status of each thread is captured. */
1433struct elf_thread_status
1434{
1435 struct list_head list;
1436 struct elf_prstatus prstatus; /* NT_PRSTATUS */
1437 elf_fpregset_t fpu; /* NT_PRFPREG */
1438 struct task_struct *thread;
1439#ifdef ELF_CORE_COPY_XFPREGS
1440 elf_fpxregset_t xfpu; /* ELF_CORE_XFPREG_TYPE */
1441#endif
1442 struct memelfnote notes[3];
1443 int num_notes;
1444};
1445
1446/*
1447 * In order to add the specific thread information for the elf file format,
1448 * we need to keep a linked list of every thread's pr_status and then create
1449 * a single section for them in the final core file.
1450 */
1451static int elf_dump_thread_status(long signr, struct elf_thread_status *t)
1452{
1453 struct task_struct *p = t->thread;
1454 int sz = 0;
1455
1456 t->num_notes = 0;
1457
1458 fill_prstatus(&t->prstatus, p, signr);
1459 elf_core_copy_task_regs(p, &t->prstatus.pr_reg);
1460
1461 fill_note(&t->notes[0], "CORE", NT_PRSTATUS, sizeof(t->prstatus),
1462 &t->prstatus);
1463 t->num_notes++;
1464 sz += notesize(&t->notes[0]);
1465
1466 t->prstatus.pr_fpvalid = elf_core_copy_task_fpregs(p, NULL, &t->fpu);
1467 if (t->prstatus.pr_fpvalid) {
1468 fill_note(&t->notes[1], "CORE", NT_PRFPREG, sizeof(t->fpu),
1469 &t->fpu);
1470 t->num_notes++;
1471 sz += notesize(&t->notes[1]);
1472 }
1473
1474#ifdef ELF_CORE_COPY_XFPREGS
1475 if (elf_core_copy_task_xfpregs(p, &t->xfpu)) {
1476 fill_note(&t->notes[2], "LINUX", ELF_CORE_XFPREG_TYPE,
1477 sizeof(t->xfpu), &t->xfpu);
1478 t->num_notes++;
1479 sz += notesize(&t->notes[2]);
1480 }
1481#endif
1482 return sz;
1483}
1484
1485static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
1486 elf_addr_t e_shoff, int segs)
1487{
1488 elf->e_shoff = e_shoff;
1489 elf->e_shentsize = sizeof(*shdr4extnum);
1490 elf->e_shnum = 1;
1491 elf->e_shstrndx = SHN_UNDEF;
1492
1493 memset(shdr4extnum, 0, sizeof(*shdr4extnum));
1494
1495 shdr4extnum->sh_type = SHT_NULL;
1496 shdr4extnum->sh_size = elf->e_shnum;
1497 shdr4extnum->sh_link = elf->e_shstrndx;
1498 shdr4extnum->sh_info = segs;
1499}
1500
1501/*
1502 * dump the segments for an MMU process
1503 */
1504#ifdef CONFIG_MMU
1505static int elf_fdpic_dump_segments(struct file *file, size_t *size,
1506 unsigned long *limit, unsigned long mm_flags)
1507{
1508 struct vm_area_struct *vma;
1509 int err = 0;
1510
1511 for (vma = current->mm->mmap; vma; vma = vma->vm_next) {
1512 unsigned long addr;
1513
1514 if (!maydump(vma, mm_flags))
1515 continue;
1516
1517 for (addr = vma->vm_start; addr < vma->vm_end;
1518 addr += PAGE_SIZE) {
1519 struct page *page = get_dump_page(addr);
1520 if (page) {
1521 void *kaddr = kmap(page);
1522 *size += PAGE_SIZE;
1523 if (*size > *limit)
1524 err = -EFBIG;
1525 else if (!dump_write(file, kaddr, PAGE_SIZE))
1526 err = -EIO;
1527 kunmap(page);
1528 page_cache_release(page);
1529 } else if (!dump_seek(file, PAGE_SIZE))
1530 err = -EFBIG;
1531 if (err)
1532 goto out;
1533 }
1534 }
1535out:
1536 return err;
1537}
1538#endif
1539
1540/*
1541 * dump the segments for a NOMMU process
1542 */
1543#ifndef CONFIG_MMU
1544static int elf_fdpic_dump_segments(struct file *file, size_t *size,
1545 unsigned long *limit, unsigned long mm_flags)
1546{
1547 struct vm_area_struct *vma;
1548
1549 for (vma = current->mm->mmap; vma; vma = vma->vm_next) {
1550 if (!maydump(vma, mm_flags))
1551 continue;
1552
1553 if ((*size += PAGE_SIZE) > *limit)
1554 return -EFBIG;
1555
1556 if (!dump_write(file, (void *) vma->vm_start,
1557 vma->vm_end - vma->vm_start))
1558 return -EIO;
1559 }
1560
1561 return 0;
1562}
1563#endif
1564
1565static size_t elf_core_vma_data_size(unsigned long mm_flags)
1566{
1567 struct vm_area_struct *vma;
1568 size_t size = 0;
1569
1570 for (vma = current->mm->mmap; vma; vma = vma->vm_next)
1571 if (maydump(vma, mm_flags))
1572 size += vma->vm_end - vma->vm_start;
1573 return size;
1574}
1575
1576/*
1577 * Actual dumper
1578 *
1579 * This is a two-pass process; first we find the offsets of the bits,
1580 * and then they are actually written out. If we run out of core limit
1581 * we just truncate.
1582 */
1583static int elf_fdpic_core_dump(struct coredump_params *cprm)
1584{
1585#define NUM_NOTES 6
1586 int has_dumped = 0;
1587 mm_segment_t fs;
1588 int segs;
1589 size_t size = 0;
1590 int i;
1591 struct vm_area_struct *vma;
1592 struct elfhdr *elf = NULL;
1593 loff_t offset = 0, dataoff, foffset;
1594 int numnote;
1595 struct memelfnote *notes = NULL;
1596 struct elf_prstatus *prstatus = NULL; /* NT_PRSTATUS */
1597 struct elf_prpsinfo *psinfo = NULL; /* NT_PRPSINFO */
1598 LIST_HEAD(thread_list);
1599 struct list_head *t;
1600 elf_fpregset_t *fpu = NULL;
1601#ifdef ELF_CORE_COPY_XFPREGS
1602 elf_fpxregset_t *xfpu = NULL;
1603#endif
1604 int thread_status_size = 0;
1605 elf_addr_t *auxv;
1606 struct elf_phdr *phdr4note = NULL;
1607 struct elf_shdr *shdr4extnum = NULL;
1608 Elf_Half e_phnum;
1609 elf_addr_t e_shoff;
1610
1611 /*
1612 * We no longer stop all VM operations.
1613 *
1614 * This is because those proceses that could possibly change map_count
1615 * or the mmap / vma pages are now blocked in do_exit on current
1616 * finishing this core dump.
1617 *
1618 * Only ptrace can touch these memory addresses, but it doesn't change
1619 * the map_count or the pages allocated. So no possibility of crashing
1620 * exists while dumping the mm->vm_next areas to the core file.
1621 */
1622
1623 /* alloc memory for large data structures: too large to be on stack */
1624 elf = kmalloc(sizeof(*elf), GFP_KERNEL);
1625 if (!elf)
1626 goto cleanup;
1627 prstatus = kzalloc(sizeof(*prstatus), GFP_KERNEL);
1628 if (!prstatus)
1629 goto cleanup;
1630 psinfo = kmalloc(sizeof(*psinfo), GFP_KERNEL);
1631 if (!psinfo)
1632 goto cleanup;
1633 notes = kmalloc(NUM_NOTES * sizeof(struct memelfnote), GFP_KERNEL);
1634 if (!notes)
1635 goto cleanup;
1636 fpu = kmalloc(sizeof(*fpu), GFP_KERNEL);
1637 if (!fpu)
1638 goto cleanup;
1639#ifdef ELF_CORE_COPY_XFPREGS
1640 xfpu = kmalloc(sizeof(*xfpu), GFP_KERNEL);
1641 if (!xfpu)
1642 goto cleanup;
1643#endif
1644
1645 if (cprm->signr) {
1646 struct core_thread *ct;
1647 struct elf_thread_status *tmp;
1648
1649 for (ct = current->mm->core_state->dumper.next;
1650 ct; ct = ct->next) {
1651 tmp = kzalloc(sizeof(*tmp), GFP_KERNEL);
1652 if (!tmp)
1653 goto cleanup;
1654
1655 tmp->thread = ct->task;
1656 list_add(&tmp->list, &thread_list);
1657 }
1658
1659 list_for_each(t, &thread_list) {
1660 struct elf_thread_status *tmp;
1661 int sz;
1662
1663 tmp = list_entry(t, struct elf_thread_status, list);
1664 sz = elf_dump_thread_status(cprm->signr, tmp);
1665 thread_status_size += sz;
1666 }
1667 }
1668
1669 /* now collect the dump for the current */
1670 fill_prstatus(prstatus, current, cprm->signr);
1671 elf_core_copy_regs(&prstatus->pr_reg, cprm->regs);
1672
1673 segs = current->mm->map_count;
1674 segs += elf_core_extra_phdrs();
1675
1676 /* for notes section */
1677 segs++;
1678
1679 /* If segs > PN_XNUM(0xffff), then e_phnum overflows. To avoid
1680 * this, kernel supports extended numbering. Have a look at
1681 * include/linux/elf.h for further information. */
1682 e_phnum = segs > PN_XNUM ? PN_XNUM : segs;
1683
1684 /* Set up header */
1685 fill_elf_fdpic_header(elf, e_phnum);
1686
1687 has_dumped = 1;
1688 current->flags |= PF_DUMPCORE;
1689
1690 /*
1691 * Set up the notes in similar form to SVR4 core dumps made
1692 * with info from their /proc.
1693 */
1694
1695 fill_note(notes + 0, "CORE", NT_PRSTATUS, sizeof(*prstatus), prstatus);
1696 fill_psinfo(psinfo, current->group_leader, current->mm);
1697 fill_note(notes + 1, "CORE", NT_PRPSINFO, sizeof(*psinfo), psinfo);
1698
1699 numnote = 2;
1700
1701 auxv = (elf_addr_t *) current->mm->saved_auxv;
1702
1703 i = 0;
1704 do
1705 i += 2;
1706 while (auxv[i - 2] != AT_NULL);
1707 fill_note(¬es[numnote++], "CORE", NT_AUXV,
1708 i * sizeof(elf_addr_t), auxv);
1709
1710 /* Try to dump the FPU. */
1711 if ((prstatus->pr_fpvalid =
1712 elf_core_copy_task_fpregs(current, cprm->regs, fpu)))
1713 fill_note(notes + numnote++,
1714 "CORE", NT_PRFPREG, sizeof(*fpu), fpu);
1715#ifdef ELF_CORE_COPY_XFPREGS
1716 if (elf_core_copy_task_xfpregs(current, xfpu))
1717 fill_note(notes + numnote++,
1718 "LINUX", ELF_CORE_XFPREG_TYPE, sizeof(*xfpu), xfpu);
1719#endif
1720
1721 fs = get_fs();
1722 set_fs(KERNEL_DS);
1723
1724 offset += sizeof(*elf); /* Elf header */
1725 offset += segs * sizeof(struct elf_phdr); /* Program headers */
1726 foffset = offset;
1727
1728 /* Write notes phdr entry */
1729 {
1730 int sz = 0;
1731
1732 for (i = 0; i < numnote; i++)
1733 sz += notesize(notes + i);
1734
1735 sz += thread_status_size;
1736
1737 phdr4note = kmalloc(sizeof(*phdr4note), GFP_KERNEL);
1738 if (!phdr4note)
1739 goto end_coredump;
1740
1741 fill_elf_note_phdr(phdr4note, sz, offset);
1742 offset += sz;
1743 }
1744
1745 /* Page-align dumped data */
1746 dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
1747
1748 offset += elf_core_vma_data_size(cprm->mm_flags);
1749 offset += elf_core_extra_data_size();
1750 e_shoff = offset;
1751
1752 if (e_phnum == PN_XNUM) {
1753 shdr4extnum = kmalloc(sizeof(*shdr4extnum), GFP_KERNEL);
1754 if (!shdr4extnum)
1755 goto end_coredump;
1756 fill_extnum_info(elf, shdr4extnum, e_shoff, segs);
1757 }
1758
1759 offset = dataoff;
1760
1761 size += sizeof(*elf);
1762 if (size > cprm->limit || !dump_write(cprm->file, elf, sizeof(*elf)))
1763 goto end_coredump;
1764
1765 size += sizeof(*phdr4note);
1766 if (size > cprm->limit
1767 || !dump_write(cprm->file, phdr4note, sizeof(*phdr4note)))
1768 goto end_coredump;
1769
1770 /* write program headers for segments dump */
1771 for (vma = current->mm->mmap; vma; vma = vma->vm_next) {
1772 struct elf_phdr phdr;
1773 size_t sz;
1774
1775 sz = vma->vm_end - vma->vm_start;
1776
1777 phdr.p_type = PT_LOAD;
1778 phdr.p_offset = offset;
1779 phdr.p_vaddr = vma->vm_start;
1780 phdr.p_paddr = 0;
1781 phdr.p_filesz = maydump(vma, cprm->mm_flags) ? sz : 0;
1782 phdr.p_memsz = sz;
1783 offset += phdr.p_filesz;
1784 phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
1785 if (vma->vm_flags & VM_WRITE)
1786 phdr.p_flags |= PF_W;
1787 if (vma->vm_flags & VM_EXEC)
1788 phdr.p_flags |= PF_X;
1789 phdr.p_align = ELF_EXEC_PAGESIZE;
1790
1791 size += sizeof(phdr);
1792 if (size > cprm->limit
1793 || !dump_write(cprm->file, &phdr, sizeof(phdr)))
1794 goto end_coredump;
1795 }
1796
1797 if (!elf_core_write_extra_phdrs(cprm->file, offset, &size, cprm->limit))
1798 goto end_coredump;
1799
1800 /* write out the notes section */
1801 for (i = 0; i < numnote; i++)
1802 if (!writenote(notes + i, cprm->file, &foffset))
1803 goto end_coredump;
1804
1805 /* write out the thread status notes section */
1806 list_for_each(t, &thread_list) {
1807 struct elf_thread_status *tmp =
1808 list_entry(t, struct elf_thread_status, list);
1809
1810 for (i = 0; i < tmp->num_notes; i++)
1811 if (!writenote(&tmp->notes[i], cprm->file, &foffset))
1812 goto end_coredump;
1813 }
1814
1815 if (!dump_seek(cprm->file, dataoff - foffset))
1816 goto end_coredump;
1817
1818 if (elf_fdpic_dump_segments(cprm->file, &size, &cprm->limit,
1819 cprm->mm_flags) < 0)
1820 goto end_coredump;
1821
1822 if (!elf_core_write_extra_data(cprm->file, &size, cprm->limit))
1823 goto end_coredump;
1824
1825 if (e_phnum == PN_XNUM) {
1826 size += sizeof(*shdr4extnum);
1827 if (size > cprm->limit
1828 || !dump_write(cprm->file, shdr4extnum,
1829 sizeof(*shdr4extnum)))
1830 goto end_coredump;
1831 }
1832
1833 if (cprm->file->f_pos != offset) {
1834 /* Sanity check */
1835 printk(KERN_WARNING
1836 "elf_core_dump: file->f_pos (%lld) != offset (%lld)\n",
1837 cprm->file->f_pos, offset);
1838 }
1839
1840end_coredump:
1841 set_fs(fs);
1842
1843cleanup:
1844 while (!list_empty(&thread_list)) {
1845 struct list_head *tmp = thread_list.next;
1846 list_del(tmp);
1847 kfree(list_entry(tmp, struct elf_thread_status, list));
1848 }
1849 kfree(phdr4note);
1850 kfree(elf);
1851 kfree(prstatus);
1852 kfree(psinfo);
1853 kfree(notes);
1854 kfree(fpu);
1855 kfree(shdr4extnum);
1856#ifdef ELF_CORE_COPY_XFPREGS
1857 kfree(xfpu);
1858#endif
1859 return has_dumped;
1860#undef NUM_NOTES
1861}
1862
1863#endif /* CONFIG_ELF_CORE */
1// SPDX-License-Identifier: GPL-2.0-or-later
2/* binfmt_elf_fdpic.c: FDPIC ELF binary format
3 *
4 * Copyright (C) 2003, 2004, 2006 Red Hat, Inc. All Rights Reserved.
5 * Written by David Howells (dhowells@redhat.com)
6 * Derived from binfmt_elf.c
7 */
8
9#include <linux/module.h>
10
11#include <linux/fs.h>
12#include <linux/stat.h>
13#include <linux/sched.h>
14#include <linux/sched/coredump.h>
15#include <linux/sched/task_stack.h>
16#include <linux/sched/cputime.h>
17#include <linux/mm.h>
18#include <linux/mman.h>
19#include <linux/errno.h>
20#include <linux/signal.h>
21#include <linux/binfmts.h>
22#include <linux/string.h>
23#include <linux/file.h>
24#include <linux/fcntl.h>
25#include <linux/slab.h>
26#include <linux/pagemap.h>
27#include <linux/security.h>
28#include <linux/highmem.h>
29#include <linux/highuid.h>
30#include <linux/personality.h>
31#include <linux/ptrace.h>
32#include <linux/init.h>
33#include <linux/elf.h>
34#include <linux/elf-fdpic.h>
35#include <linux/elfcore.h>
36#include <linux/coredump.h>
37#include <linux/dax.h>
38#include <linux/regset.h>
39
40#include <linux/uaccess.h>
41#include <asm/param.h>
42
43typedef char *elf_caddr_t;
44
45#if 0
46#define kdebug(fmt, ...) printk("FDPIC "fmt"\n" ,##__VA_ARGS__ )
47#else
48#define kdebug(fmt, ...) do {} while(0)
49#endif
50
51#if 0
52#define kdcore(fmt, ...) printk("FDPIC "fmt"\n" ,##__VA_ARGS__ )
53#else
54#define kdcore(fmt, ...) do {} while(0)
55#endif
56
57MODULE_LICENSE("GPL");
58
59static int load_elf_fdpic_binary(struct linux_binprm *);
60static int elf_fdpic_fetch_phdrs(struct elf_fdpic_params *, struct file *);
61static int elf_fdpic_map_file(struct elf_fdpic_params *, struct file *,
62 struct mm_struct *, const char *);
63
64static int create_elf_fdpic_tables(struct linux_binprm *, struct mm_struct *,
65 struct elf_fdpic_params *,
66 struct elf_fdpic_params *);
67
68#ifndef CONFIG_MMU
69static int elf_fdpic_map_file_constdisp_on_uclinux(struct elf_fdpic_params *,
70 struct file *,
71 struct mm_struct *);
72#endif
73
74static int elf_fdpic_map_file_by_direct_mmap(struct elf_fdpic_params *,
75 struct file *, struct mm_struct *);
76
77#ifdef CONFIG_ELF_CORE
78static int elf_fdpic_core_dump(struct coredump_params *cprm);
79#endif
80
81static struct linux_binfmt elf_fdpic_format = {
82 .module = THIS_MODULE,
83 .load_binary = load_elf_fdpic_binary,
84#ifdef CONFIG_ELF_CORE
85 .core_dump = elf_fdpic_core_dump,
86 .min_coredump = ELF_EXEC_PAGESIZE,
87#endif
88};
89
90static int __init init_elf_fdpic_binfmt(void)
91{
92 register_binfmt(&elf_fdpic_format);
93 return 0;
94}
95
96static void __exit exit_elf_fdpic_binfmt(void)
97{
98 unregister_binfmt(&elf_fdpic_format);
99}
100
101core_initcall(init_elf_fdpic_binfmt);
102module_exit(exit_elf_fdpic_binfmt);
103
104static int is_elf(struct elfhdr *hdr, struct file *file)
105{
106 if (memcmp(hdr->e_ident, ELFMAG, SELFMAG) != 0)
107 return 0;
108 if (hdr->e_type != ET_EXEC && hdr->e_type != ET_DYN)
109 return 0;
110 if (!elf_check_arch(hdr))
111 return 0;
112 if (!file->f_op->mmap)
113 return 0;
114 return 1;
115}
116
117#ifndef elf_check_fdpic
118#define elf_check_fdpic(x) 0
119#endif
120
121#ifndef elf_check_const_displacement
122#define elf_check_const_displacement(x) 0
123#endif
124
125static int is_constdisp(struct elfhdr *hdr)
126{
127 if (!elf_check_fdpic(hdr))
128 return 1;
129 if (elf_check_const_displacement(hdr))
130 return 1;
131 return 0;
132}
133
134/*****************************************************************************/
135/*
136 * read the program headers table into memory
137 */
138static int elf_fdpic_fetch_phdrs(struct elf_fdpic_params *params,
139 struct file *file)
140{
141 struct elf_phdr *phdr;
142 unsigned long size;
143 int retval, loop;
144 loff_t pos = params->hdr.e_phoff;
145
146 if (params->hdr.e_phentsize != sizeof(struct elf_phdr))
147 return -ENOMEM;
148 if (params->hdr.e_phnum > 65536U / sizeof(struct elf_phdr))
149 return -ENOMEM;
150
151 size = params->hdr.e_phnum * sizeof(struct elf_phdr);
152 params->phdrs = kmalloc(size, GFP_KERNEL);
153 if (!params->phdrs)
154 return -ENOMEM;
155
156 retval = kernel_read(file, params->phdrs, size, &pos);
157 if (unlikely(retval != size))
158 return retval < 0 ? retval : -ENOEXEC;
159
160 /* determine stack size for this binary */
161 phdr = params->phdrs;
162 for (loop = 0; loop < params->hdr.e_phnum; loop++, phdr++) {
163 if (phdr->p_type != PT_GNU_STACK)
164 continue;
165
166 if (phdr->p_flags & PF_X)
167 params->flags |= ELF_FDPIC_FLAG_EXEC_STACK;
168 else
169 params->flags |= ELF_FDPIC_FLAG_NOEXEC_STACK;
170
171 params->stack_size = phdr->p_memsz;
172 break;
173 }
174
175 return 0;
176}
177
178/*****************************************************************************/
179/*
180 * load an fdpic binary into various bits of memory
181 */
182static int load_elf_fdpic_binary(struct linux_binprm *bprm)
183{
184 struct elf_fdpic_params exec_params, interp_params;
185 struct pt_regs *regs = current_pt_regs();
186 struct elf_phdr *phdr;
187 unsigned long stack_size, entryaddr;
188#ifdef ELF_FDPIC_PLAT_INIT
189 unsigned long dynaddr;
190#endif
191#ifndef CONFIG_MMU
192 unsigned long stack_prot;
193#endif
194 struct file *interpreter = NULL; /* to shut gcc up */
195 char *interpreter_name = NULL;
196 int executable_stack;
197 int retval, i;
198 loff_t pos;
199
200 kdebug("____ LOAD %d ____", current->pid);
201
202 memset(&exec_params, 0, sizeof(exec_params));
203 memset(&interp_params, 0, sizeof(interp_params));
204
205 exec_params.hdr = *(struct elfhdr *) bprm->buf;
206 exec_params.flags = ELF_FDPIC_FLAG_PRESENT | ELF_FDPIC_FLAG_EXECUTABLE;
207
208 /* check that this is a binary we know how to deal with */
209 retval = -ENOEXEC;
210 if (!is_elf(&exec_params.hdr, bprm->file))
211 goto error;
212 if (!elf_check_fdpic(&exec_params.hdr)) {
213#ifdef CONFIG_MMU
214 /* binfmt_elf handles non-fdpic elf except on nommu */
215 goto error;
216#else
217 /* nommu can only load ET_DYN (PIE) ELF */
218 if (exec_params.hdr.e_type != ET_DYN)
219 goto error;
220#endif
221 }
222
223 /* read the program header table */
224 retval = elf_fdpic_fetch_phdrs(&exec_params, bprm->file);
225 if (retval < 0)
226 goto error;
227
228 /* scan for a program header that specifies an interpreter */
229 phdr = exec_params.phdrs;
230
231 for (i = 0; i < exec_params.hdr.e_phnum; i++, phdr++) {
232 switch (phdr->p_type) {
233 case PT_INTERP:
234 retval = -ENOMEM;
235 if (phdr->p_filesz > PATH_MAX)
236 goto error;
237 retval = -ENOENT;
238 if (phdr->p_filesz < 2)
239 goto error;
240
241 /* read the name of the interpreter into memory */
242 interpreter_name = kmalloc(phdr->p_filesz, GFP_KERNEL);
243 if (!interpreter_name)
244 goto error;
245
246 pos = phdr->p_offset;
247 retval = kernel_read(bprm->file, interpreter_name,
248 phdr->p_filesz, &pos);
249 if (unlikely(retval != phdr->p_filesz)) {
250 if (retval >= 0)
251 retval = -ENOEXEC;
252 goto error;
253 }
254
255 retval = -ENOENT;
256 if (interpreter_name[phdr->p_filesz - 1] != '\0')
257 goto error;
258
259 kdebug("Using ELF interpreter %s", interpreter_name);
260
261 /* replace the program with the interpreter */
262 interpreter = open_exec(interpreter_name);
263 retval = PTR_ERR(interpreter);
264 if (IS_ERR(interpreter)) {
265 interpreter = NULL;
266 goto error;
267 }
268
269 /*
270 * If the binary is not readable then enforce
271 * mm->dumpable = 0 regardless of the interpreter's
272 * permissions.
273 */
274 would_dump(bprm, interpreter);
275
276 pos = 0;
277 retval = kernel_read(interpreter, bprm->buf,
278 BINPRM_BUF_SIZE, &pos);
279 if (unlikely(retval != BINPRM_BUF_SIZE)) {
280 if (retval >= 0)
281 retval = -ENOEXEC;
282 goto error;
283 }
284
285 interp_params.hdr = *((struct elfhdr *) bprm->buf);
286 break;
287
288 case PT_LOAD:
289#ifdef CONFIG_MMU
290 if (exec_params.load_addr == 0)
291 exec_params.load_addr = phdr->p_vaddr;
292#endif
293 break;
294 }
295
296 }
297
298 if (is_constdisp(&exec_params.hdr))
299 exec_params.flags |= ELF_FDPIC_FLAG_CONSTDISP;
300
301 /* perform insanity checks on the interpreter */
302 if (interpreter_name) {
303 retval = -ELIBBAD;
304 if (!is_elf(&interp_params.hdr, interpreter))
305 goto error;
306
307 interp_params.flags = ELF_FDPIC_FLAG_PRESENT;
308
309 /* read the interpreter's program header table */
310 retval = elf_fdpic_fetch_phdrs(&interp_params, interpreter);
311 if (retval < 0)
312 goto error;
313 }
314
315 stack_size = exec_params.stack_size;
316 if (exec_params.flags & ELF_FDPIC_FLAG_EXEC_STACK)
317 executable_stack = EXSTACK_ENABLE_X;
318 else if (exec_params.flags & ELF_FDPIC_FLAG_NOEXEC_STACK)
319 executable_stack = EXSTACK_DISABLE_X;
320 else
321 executable_stack = EXSTACK_DEFAULT;
322
323 if (stack_size == 0 && interp_params.flags & ELF_FDPIC_FLAG_PRESENT) {
324 stack_size = interp_params.stack_size;
325 if (interp_params.flags & ELF_FDPIC_FLAG_EXEC_STACK)
326 executable_stack = EXSTACK_ENABLE_X;
327 else if (interp_params.flags & ELF_FDPIC_FLAG_NOEXEC_STACK)
328 executable_stack = EXSTACK_DISABLE_X;
329 else
330 executable_stack = EXSTACK_DEFAULT;
331 }
332
333 retval = -ENOEXEC;
334 if (stack_size == 0)
335 stack_size = 131072UL; /* same as exec.c's default commit */
336
337 if (is_constdisp(&interp_params.hdr))
338 interp_params.flags |= ELF_FDPIC_FLAG_CONSTDISP;
339
340 /* flush all traces of the currently running executable */
341 retval = begin_new_exec(bprm);
342 if (retval)
343 goto error;
344
345 /* there's now no turning back... the old userspace image is dead,
346 * defunct, deceased, etc.
347 */
348 SET_PERSONALITY(exec_params.hdr);
349 if (elf_check_fdpic(&exec_params.hdr))
350 current->personality |= PER_LINUX_FDPIC;
351 if (elf_read_implies_exec(&exec_params.hdr, executable_stack))
352 current->personality |= READ_IMPLIES_EXEC;
353
354 setup_new_exec(bprm);
355
356 set_binfmt(&elf_fdpic_format);
357
358 current->mm->start_code = 0;
359 current->mm->end_code = 0;
360 current->mm->start_stack = 0;
361 current->mm->start_data = 0;
362 current->mm->end_data = 0;
363 current->mm->context.exec_fdpic_loadmap = 0;
364 current->mm->context.interp_fdpic_loadmap = 0;
365
366#ifdef CONFIG_MMU
367 elf_fdpic_arch_lay_out_mm(&exec_params,
368 &interp_params,
369 ¤t->mm->start_stack,
370 ¤t->mm->start_brk);
371
372 retval = setup_arg_pages(bprm, current->mm->start_stack,
373 executable_stack);
374 if (retval < 0)
375 goto error;
376#ifdef ARCH_HAS_SETUP_ADDITIONAL_PAGES
377 retval = arch_setup_additional_pages(bprm, !!interpreter_name);
378 if (retval < 0)
379 goto error;
380#endif
381#endif
382
383 /* load the executable and interpreter into memory */
384 retval = elf_fdpic_map_file(&exec_params, bprm->file, current->mm,
385 "executable");
386 if (retval < 0)
387 goto error;
388
389 if (interpreter_name) {
390 retval = elf_fdpic_map_file(&interp_params, interpreter,
391 current->mm, "interpreter");
392 if (retval < 0) {
393 printk(KERN_ERR "Unable to load interpreter\n");
394 goto error;
395 }
396
397 allow_write_access(interpreter);
398 fput(interpreter);
399 interpreter = NULL;
400 }
401
402#ifdef CONFIG_MMU
403 if (!current->mm->start_brk)
404 current->mm->start_brk = current->mm->end_data;
405
406 current->mm->brk = current->mm->start_brk =
407 PAGE_ALIGN(current->mm->start_brk);
408
409#else
410 /* create a stack area and zero-size brk area */
411 stack_size = (stack_size + PAGE_SIZE - 1) & PAGE_MASK;
412 if (stack_size < PAGE_SIZE * 2)
413 stack_size = PAGE_SIZE * 2;
414
415 stack_prot = PROT_READ | PROT_WRITE;
416 if (executable_stack == EXSTACK_ENABLE_X ||
417 (executable_stack == EXSTACK_DEFAULT && VM_STACK_FLAGS & VM_EXEC))
418 stack_prot |= PROT_EXEC;
419
420 current->mm->start_brk = vm_mmap(NULL, 0, stack_size, stack_prot,
421 MAP_PRIVATE | MAP_ANONYMOUS |
422 MAP_UNINITIALIZED | MAP_GROWSDOWN,
423 0);
424
425 if (IS_ERR_VALUE(current->mm->start_brk)) {
426 retval = current->mm->start_brk;
427 current->mm->start_brk = 0;
428 goto error;
429 }
430
431 current->mm->brk = current->mm->start_brk;
432 current->mm->context.end_brk = current->mm->start_brk;
433 current->mm->start_stack = current->mm->start_brk + stack_size;
434#endif
435
436 retval = create_elf_fdpic_tables(bprm, current->mm, &exec_params,
437 &interp_params);
438 if (retval < 0)
439 goto error;
440
441 kdebug("- start_code %lx", current->mm->start_code);
442 kdebug("- end_code %lx", current->mm->end_code);
443 kdebug("- start_data %lx", current->mm->start_data);
444 kdebug("- end_data %lx", current->mm->end_data);
445 kdebug("- start_brk %lx", current->mm->start_brk);
446 kdebug("- brk %lx", current->mm->brk);
447 kdebug("- start_stack %lx", current->mm->start_stack);
448
449#ifdef ELF_FDPIC_PLAT_INIT
450 /*
451 * The ABI may specify that certain registers be set up in special
452 * ways (on i386 %edx is the address of a DT_FINI function, for
453 * example. This macro performs whatever initialization to
454 * the regs structure is required.
455 */
456 dynaddr = interp_params.dynamic_addr ?: exec_params.dynamic_addr;
457 ELF_FDPIC_PLAT_INIT(regs, exec_params.map_addr, interp_params.map_addr,
458 dynaddr);
459#endif
460
461 finalize_exec(bprm);
462 /* everything is now ready... get the userspace context ready to roll */
463 entryaddr = interp_params.entry_addr ?: exec_params.entry_addr;
464 start_thread(regs, entryaddr, current->mm->start_stack);
465
466 retval = 0;
467
468error:
469 if (interpreter) {
470 allow_write_access(interpreter);
471 fput(interpreter);
472 }
473 kfree(interpreter_name);
474 kfree(exec_params.phdrs);
475 kfree(exec_params.loadmap);
476 kfree(interp_params.phdrs);
477 kfree(interp_params.loadmap);
478 return retval;
479}
480
481/*****************************************************************************/
482
483#ifndef ELF_BASE_PLATFORM
484/*
485 * AT_BASE_PLATFORM indicates the "real" hardware/microarchitecture.
486 * If the arch defines ELF_BASE_PLATFORM (in asm/elf.h), the value
487 * will be copied to the user stack in the same manner as AT_PLATFORM.
488 */
489#define ELF_BASE_PLATFORM NULL
490#endif
491
492/*
493 * present useful information to the program by shovelling it onto the new
494 * process's stack
495 */
496static int create_elf_fdpic_tables(struct linux_binprm *bprm,
497 struct mm_struct *mm,
498 struct elf_fdpic_params *exec_params,
499 struct elf_fdpic_params *interp_params)
500{
501 const struct cred *cred = current_cred();
502 unsigned long sp, csp, nitems;
503 elf_caddr_t __user *argv, *envp;
504 size_t platform_len = 0, len;
505 char *k_platform, *k_base_platform;
506 char __user *u_platform, *u_base_platform, *p;
507 int loop;
508 unsigned long flags = 0;
509 int ei_index;
510 elf_addr_t *elf_info;
511
512#ifdef CONFIG_MMU
513 /* In some cases (e.g. Hyper-Threading), we want to avoid L1 evictions
514 * by the processes running on the same package. One thing we can do is
515 * to shuffle the initial stack for them, so we give the architecture
516 * an opportunity to do so here.
517 */
518 sp = arch_align_stack(bprm->p);
519#else
520 sp = mm->start_stack;
521
522 /* stack the program arguments and environment */
523 if (transfer_args_to_stack(bprm, &sp) < 0)
524 return -EFAULT;
525 sp &= ~15;
526#endif
527
528 /*
529 * If this architecture has a platform capability string, copy it
530 * to userspace. In some cases (Sparc), this info is impossible
531 * for userspace to get any other way, in others (i386) it is
532 * merely difficult.
533 */
534 k_platform = ELF_PLATFORM;
535 u_platform = NULL;
536
537 if (k_platform) {
538 platform_len = strlen(k_platform) + 1;
539 sp -= platform_len;
540 u_platform = (char __user *) sp;
541 if (copy_to_user(u_platform, k_platform, platform_len) != 0)
542 return -EFAULT;
543 }
544
545 /*
546 * If this architecture has a "base" platform capability
547 * string, copy it to userspace.
548 */
549 k_base_platform = ELF_BASE_PLATFORM;
550 u_base_platform = NULL;
551
552 if (k_base_platform) {
553 platform_len = strlen(k_base_platform) + 1;
554 sp -= platform_len;
555 u_base_platform = (char __user *) sp;
556 if (copy_to_user(u_base_platform, k_base_platform, platform_len) != 0)
557 return -EFAULT;
558 }
559
560 sp &= ~7UL;
561
562 /* stack the load map(s) */
563 len = sizeof(struct elf_fdpic_loadmap);
564 len += sizeof(struct elf_fdpic_loadseg) * exec_params->loadmap->nsegs;
565 sp = (sp - len) & ~7UL;
566 exec_params->map_addr = sp;
567
568 if (copy_to_user((void __user *) sp, exec_params->loadmap, len) != 0)
569 return -EFAULT;
570
571 current->mm->context.exec_fdpic_loadmap = (unsigned long) sp;
572
573 if (interp_params->loadmap) {
574 len = sizeof(struct elf_fdpic_loadmap);
575 len += sizeof(struct elf_fdpic_loadseg) *
576 interp_params->loadmap->nsegs;
577 sp = (sp - len) & ~7UL;
578 interp_params->map_addr = sp;
579
580 if (copy_to_user((void __user *) sp, interp_params->loadmap,
581 len) != 0)
582 return -EFAULT;
583
584 current->mm->context.interp_fdpic_loadmap = (unsigned long) sp;
585 }
586
587 /* force 16 byte _final_ alignment here for generality */
588#define DLINFO_ITEMS 15
589
590 nitems = 1 + DLINFO_ITEMS + (k_platform ? 1 : 0) +
591 (k_base_platform ? 1 : 0) + AT_VECTOR_SIZE_ARCH;
592
593 if (bprm->have_execfd)
594 nitems++;
595#ifdef ELF_HWCAP2
596 nitems++;
597#endif
598
599 csp = sp;
600 sp -= nitems * 2 * sizeof(unsigned long);
601 sp -= (bprm->envc + 1) * sizeof(char *); /* envv[] */
602 sp -= (bprm->argc + 1) * sizeof(char *); /* argv[] */
603 sp -= 1 * sizeof(unsigned long); /* argc */
604
605 csp -= sp & 15UL;
606 sp -= sp & 15UL;
607
608 /* Create the ELF interpreter info */
609 elf_info = (elf_addr_t *)mm->saved_auxv;
610 /* update AT_VECTOR_SIZE_BASE if the number of NEW_AUX_ENT() changes */
611#define NEW_AUX_ENT(id, val) \
612 do { \
613 *elf_info++ = id; \
614 *elf_info++ = val; \
615 } while (0)
616
617#ifdef ARCH_DLINFO
618 /*
619 * ARCH_DLINFO must come first so PPC can do its special alignment of
620 * AUXV.
621 * update AT_VECTOR_SIZE_ARCH if the number of NEW_AUX_ENT() in
622 * ARCH_DLINFO changes
623 */
624 ARCH_DLINFO;
625#endif
626 NEW_AUX_ENT(AT_HWCAP, ELF_HWCAP);
627#ifdef ELF_HWCAP2
628 NEW_AUX_ENT(AT_HWCAP2, ELF_HWCAP2);
629#endif
630#ifdef ELF_HWCAP3
631 NEW_AUX_ENT(AT_HWCAP3, ELF_HWCAP3);
632#endif
633#ifdef ELF_HWCAP4
634 NEW_AUX_ENT(AT_HWCAP4, ELF_HWCAP4);
635#endif
636 NEW_AUX_ENT(AT_PAGESZ, PAGE_SIZE);
637 NEW_AUX_ENT(AT_CLKTCK, CLOCKS_PER_SEC);
638 NEW_AUX_ENT(AT_PHDR, exec_params->ph_addr);
639 NEW_AUX_ENT(AT_PHENT, sizeof(struct elf_phdr));
640 NEW_AUX_ENT(AT_PHNUM, exec_params->hdr.e_phnum);
641 NEW_AUX_ENT(AT_BASE, interp_params->elfhdr_addr);
642 if (bprm->interp_flags & BINPRM_FLAGS_PRESERVE_ARGV0)
643 flags |= AT_FLAGS_PRESERVE_ARGV0;
644 NEW_AUX_ENT(AT_FLAGS, flags);
645 NEW_AUX_ENT(AT_ENTRY, exec_params->entry_addr);
646 NEW_AUX_ENT(AT_UID, (elf_addr_t) from_kuid_munged(cred->user_ns, cred->uid));
647 NEW_AUX_ENT(AT_EUID, (elf_addr_t) from_kuid_munged(cred->user_ns, cred->euid));
648 NEW_AUX_ENT(AT_GID, (elf_addr_t) from_kgid_munged(cred->user_ns, cred->gid));
649 NEW_AUX_ENT(AT_EGID, (elf_addr_t) from_kgid_munged(cred->user_ns, cred->egid));
650 NEW_AUX_ENT(AT_SECURE, bprm->secureexec);
651 NEW_AUX_ENT(AT_EXECFN, bprm->exec);
652 if (k_platform)
653 NEW_AUX_ENT(AT_PLATFORM,
654 (elf_addr_t)(unsigned long)u_platform);
655 if (k_base_platform)
656 NEW_AUX_ENT(AT_BASE_PLATFORM,
657 (elf_addr_t)(unsigned long)u_base_platform);
658 if (bprm->have_execfd)
659 NEW_AUX_ENT(AT_EXECFD, bprm->execfd);
660#undef NEW_AUX_ENT
661 /* AT_NULL is zero; clear the rest too */
662 memset(elf_info, 0, (char *)mm->saved_auxv +
663 sizeof(mm->saved_auxv) - (char *)elf_info);
664
665 /* And advance past the AT_NULL entry. */
666 elf_info += 2;
667
668 ei_index = elf_info - (elf_addr_t *)mm->saved_auxv;
669 csp -= ei_index * sizeof(elf_addr_t);
670
671 /* Put the elf_info on the stack in the right place. */
672 if (copy_to_user((void __user *)csp, mm->saved_auxv,
673 ei_index * sizeof(elf_addr_t)))
674 return -EFAULT;
675
676 /* allocate room for argv[] and envv[] */
677 csp -= (bprm->envc + 1) * sizeof(elf_caddr_t);
678 envp = (elf_caddr_t __user *) csp;
679 csp -= (bprm->argc + 1) * sizeof(elf_caddr_t);
680 argv = (elf_caddr_t __user *) csp;
681
682 /* stack argc */
683 csp -= sizeof(unsigned long);
684 if (put_user(bprm->argc, (unsigned long __user *) csp))
685 return -EFAULT;
686
687 BUG_ON(csp != sp);
688
689 /* fill in the argv[] array */
690#ifdef CONFIG_MMU
691 current->mm->arg_start = bprm->p;
692#else
693 current->mm->arg_start = current->mm->start_stack -
694 (MAX_ARG_PAGES * PAGE_SIZE - bprm->p);
695#endif
696
697 p = (char __user *) current->mm->arg_start;
698 for (loop = bprm->argc; loop > 0; loop--) {
699 if (put_user((elf_caddr_t) p, argv++))
700 return -EFAULT;
701 len = strnlen_user(p, MAX_ARG_STRLEN);
702 if (!len || len > MAX_ARG_STRLEN)
703 return -EINVAL;
704 p += len;
705 }
706 if (put_user(NULL, argv))
707 return -EFAULT;
708 current->mm->arg_end = (unsigned long) p;
709
710 /* fill in the envv[] array */
711 current->mm->env_start = (unsigned long) p;
712 for (loop = bprm->envc; loop > 0; loop--) {
713 if (put_user((elf_caddr_t)(unsigned long) p, envp++))
714 return -EFAULT;
715 len = strnlen_user(p, MAX_ARG_STRLEN);
716 if (!len || len > MAX_ARG_STRLEN)
717 return -EINVAL;
718 p += len;
719 }
720 if (put_user(NULL, envp))
721 return -EFAULT;
722 current->mm->env_end = (unsigned long) p;
723
724 mm->start_stack = (unsigned long) sp;
725 return 0;
726}
727
728/*****************************************************************************/
729/*
730 * load the appropriate binary image (executable or interpreter) into memory
731 * - we assume no MMU is available
732 * - if no other PIC bits are set in params->hdr->e_flags
733 * - we assume that the LOADable segments in the binary are independently relocatable
734 * - we assume R/O executable segments are shareable
735 * - else
736 * - we assume the loadable parts of the image to require fixed displacement
737 * - the image is not shareable
738 */
739static int elf_fdpic_map_file(struct elf_fdpic_params *params,
740 struct file *file,
741 struct mm_struct *mm,
742 const char *what)
743{
744 struct elf_fdpic_loadmap *loadmap;
745#ifdef CONFIG_MMU
746 struct elf_fdpic_loadseg *mseg;
747 unsigned long load_addr;
748#endif
749 struct elf_fdpic_loadseg *seg;
750 struct elf_phdr *phdr;
751 unsigned nloads, tmp;
752 unsigned long stop;
753 int loop, ret;
754
755 /* allocate a load map table */
756 nloads = 0;
757 for (loop = 0; loop < params->hdr.e_phnum; loop++)
758 if (params->phdrs[loop].p_type == PT_LOAD)
759 nloads++;
760
761 if (nloads == 0)
762 return -ELIBBAD;
763
764 loadmap = kzalloc(struct_size(loadmap, segs, nloads), GFP_KERNEL);
765 if (!loadmap)
766 return -ENOMEM;
767
768 params->loadmap = loadmap;
769
770 loadmap->version = ELF_FDPIC_LOADMAP_VERSION;
771 loadmap->nsegs = nloads;
772
773 /* map the requested LOADs into the memory space */
774 switch (params->flags & ELF_FDPIC_FLAG_ARRANGEMENT) {
775 case ELF_FDPIC_FLAG_CONSTDISP:
776 case ELF_FDPIC_FLAG_CONTIGUOUS:
777#ifndef CONFIG_MMU
778 ret = elf_fdpic_map_file_constdisp_on_uclinux(params, file, mm);
779 if (ret < 0)
780 return ret;
781 break;
782#endif
783 default:
784 ret = elf_fdpic_map_file_by_direct_mmap(params, file, mm);
785 if (ret < 0)
786 return ret;
787 break;
788 }
789
790 /* map the entry point */
791 if (params->hdr.e_entry) {
792 seg = loadmap->segs;
793 for (loop = loadmap->nsegs; loop > 0; loop--, seg++) {
794 if (params->hdr.e_entry >= seg->p_vaddr &&
795 params->hdr.e_entry < seg->p_vaddr + seg->p_memsz) {
796 params->entry_addr =
797 (params->hdr.e_entry - seg->p_vaddr) +
798 seg->addr;
799 break;
800 }
801 }
802 }
803
804 /* determine where the program header table has wound up if mapped */
805 stop = params->hdr.e_phoff;
806 stop += params->hdr.e_phnum * sizeof (struct elf_phdr);
807 phdr = params->phdrs;
808
809 for (loop = 0; loop < params->hdr.e_phnum; loop++, phdr++) {
810 if (phdr->p_type != PT_LOAD)
811 continue;
812
813 if (phdr->p_offset > params->hdr.e_phoff ||
814 phdr->p_offset + phdr->p_filesz < stop)
815 continue;
816
817 seg = loadmap->segs;
818 for (loop = loadmap->nsegs; loop > 0; loop--, seg++) {
819 if (phdr->p_vaddr >= seg->p_vaddr &&
820 phdr->p_vaddr + phdr->p_filesz <=
821 seg->p_vaddr + seg->p_memsz) {
822 params->ph_addr =
823 (phdr->p_vaddr - seg->p_vaddr) +
824 seg->addr +
825 params->hdr.e_phoff - phdr->p_offset;
826 break;
827 }
828 }
829 break;
830 }
831
832 /* determine where the dynamic section has wound up if there is one */
833 phdr = params->phdrs;
834 for (loop = 0; loop < params->hdr.e_phnum; loop++, phdr++) {
835 if (phdr->p_type != PT_DYNAMIC)
836 continue;
837
838 seg = loadmap->segs;
839 for (loop = loadmap->nsegs; loop > 0; loop--, seg++) {
840 if (phdr->p_vaddr >= seg->p_vaddr &&
841 phdr->p_vaddr + phdr->p_memsz <=
842 seg->p_vaddr + seg->p_memsz) {
843 Elf_Dyn __user *dyn;
844 Elf_Sword d_tag;
845
846 params->dynamic_addr =
847 (phdr->p_vaddr - seg->p_vaddr) +
848 seg->addr;
849
850 /* check the dynamic section contains at least
851 * one item, and that the last item is a NULL
852 * entry */
853 if (phdr->p_memsz == 0 ||
854 phdr->p_memsz % sizeof(Elf_Dyn) != 0)
855 goto dynamic_error;
856
857 tmp = phdr->p_memsz / sizeof(Elf_Dyn);
858 dyn = (Elf_Dyn __user *)params->dynamic_addr;
859 if (get_user(d_tag, &dyn[tmp - 1].d_tag) ||
860 d_tag != 0)
861 goto dynamic_error;
862 break;
863 }
864 }
865 break;
866 }
867
868 /* now elide adjacent segments in the load map on MMU linux
869 * - on uClinux the holes between may actually be filled with system
870 * stuff or stuff from other processes
871 */
872#ifdef CONFIG_MMU
873 nloads = loadmap->nsegs;
874 mseg = loadmap->segs;
875 seg = mseg + 1;
876 for (loop = 1; loop < nloads; loop++) {
877 /* see if we have a candidate for merging */
878 if (seg->p_vaddr - mseg->p_vaddr == seg->addr - mseg->addr) {
879 load_addr = PAGE_ALIGN(mseg->addr + mseg->p_memsz);
880 if (load_addr == (seg->addr & PAGE_MASK)) {
881 mseg->p_memsz +=
882 load_addr -
883 (mseg->addr + mseg->p_memsz);
884 mseg->p_memsz += seg->addr & ~PAGE_MASK;
885 mseg->p_memsz += seg->p_memsz;
886 loadmap->nsegs--;
887 continue;
888 }
889 }
890
891 mseg++;
892 if (mseg != seg)
893 *mseg = *seg;
894 }
895#endif
896
897 kdebug("Mapped Object [%s]:", what);
898 kdebug("- elfhdr : %lx", params->elfhdr_addr);
899 kdebug("- entry : %lx", params->entry_addr);
900 kdebug("- PHDR[] : %lx", params->ph_addr);
901 kdebug("- DYNAMIC[]: %lx", params->dynamic_addr);
902 seg = loadmap->segs;
903 for (loop = 0; loop < loadmap->nsegs; loop++, seg++)
904 kdebug("- LOAD[%d] : %08llx-%08llx [va=%llx ms=%llx]",
905 loop,
906 (unsigned long long) seg->addr,
907 (unsigned long long) seg->addr + seg->p_memsz - 1,
908 (unsigned long long) seg->p_vaddr,
909 (unsigned long long) seg->p_memsz);
910
911 return 0;
912
913dynamic_error:
914 printk("ELF FDPIC %s with invalid DYNAMIC section (inode=%lu)\n",
915 what, file_inode(file)->i_ino);
916 return -ELIBBAD;
917}
918
919/*****************************************************************************/
920/*
921 * map a file with constant displacement under uClinux
922 */
923#ifndef CONFIG_MMU
924static int elf_fdpic_map_file_constdisp_on_uclinux(
925 struct elf_fdpic_params *params,
926 struct file *file,
927 struct mm_struct *mm)
928{
929 struct elf_fdpic_loadseg *seg;
930 struct elf_phdr *phdr;
931 unsigned long load_addr, base = ULONG_MAX, top = 0, maddr = 0;
932 int loop, ret;
933
934 load_addr = params->load_addr;
935 seg = params->loadmap->segs;
936
937 /* determine the bounds of the contiguous overall allocation we must
938 * make */
939 phdr = params->phdrs;
940 for (loop = 0; loop < params->hdr.e_phnum; loop++, phdr++) {
941 if (params->phdrs[loop].p_type != PT_LOAD)
942 continue;
943
944 if (base > phdr->p_vaddr)
945 base = phdr->p_vaddr;
946 if (top < phdr->p_vaddr + phdr->p_memsz)
947 top = phdr->p_vaddr + phdr->p_memsz;
948 }
949
950 /* allocate one big anon block for everything */
951 maddr = vm_mmap(NULL, load_addr, top - base,
952 PROT_READ | PROT_WRITE | PROT_EXEC, MAP_PRIVATE, 0);
953 if (IS_ERR_VALUE(maddr))
954 return (int) maddr;
955
956 if (load_addr != 0)
957 load_addr += PAGE_ALIGN(top - base);
958
959 /* and then load the file segments into it */
960 phdr = params->phdrs;
961 for (loop = 0; loop < params->hdr.e_phnum; loop++, phdr++) {
962 if (params->phdrs[loop].p_type != PT_LOAD)
963 continue;
964
965 seg->addr = maddr + (phdr->p_vaddr - base);
966 seg->p_vaddr = phdr->p_vaddr;
967 seg->p_memsz = phdr->p_memsz;
968
969 ret = read_code(file, seg->addr, phdr->p_offset,
970 phdr->p_filesz);
971 if (ret < 0)
972 return ret;
973
974 /* map the ELF header address if in this segment */
975 if (phdr->p_offset == 0)
976 params->elfhdr_addr = seg->addr;
977
978 /* clear any space allocated but not loaded */
979 if (phdr->p_filesz < phdr->p_memsz) {
980 if (clear_user((void *) (seg->addr + phdr->p_filesz),
981 phdr->p_memsz - phdr->p_filesz))
982 return -EFAULT;
983 }
984
985 if (mm) {
986 if (phdr->p_flags & PF_X) {
987 if (!mm->start_code) {
988 mm->start_code = seg->addr;
989 mm->end_code = seg->addr +
990 phdr->p_memsz;
991 }
992 } else if (!mm->start_data) {
993 mm->start_data = seg->addr;
994 mm->end_data = seg->addr + phdr->p_memsz;
995 }
996 }
997
998 seg++;
999 }
1000
1001 return 0;
1002}
1003#endif
1004
1005/*****************************************************************************/
1006/*
1007 * map a binary by direct mmap() of the individual PT_LOAD segments
1008 */
1009static int elf_fdpic_map_file_by_direct_mmap(struct elf_fdpic_params *params,
1010 struct file *file,
1011 struct mm_struct *mm)
1012{
1013 struct elf_fdpic_loadseg *seg;
1014 struct elf_phdr *phdr;
1015 unsigned long load_addr, delta_vaddr;
1016 int loop, dvset;
1017
1018 load_addr = params->load_addr;
1019 delta_vaddr = 0;
1020 dvset = 0;
1021
1022 seg = params->loadmap->segs;
1023
1024 /* deal with each load segment separately */
1025 phdr = params->phdrs;
1026 for (loop = 0; loop < params->hdr.e_phnum; loop++, phdr++) {
1027 unsigned long maddr, disp, excess, excess1;
1028 int prot = 0, flags;
1029
1030 if (phdr->p_type != PT_LOAD)
1031 continue;
1032
1033 kdebug("[LOAD] va=%lx of=%lx fs=%lx ms=%lx",
1034 (unsigned long) phdr->p_vaddr,
1035 (unsigned long) phdr->p_offset,
1036 (unsigned long) phdr->p_filesz,
1037 (unsigned long) phdr->p_memsz);
1038
1039 /* determine the mapping parameters */
1040 if (phdr->p_flags & PF_R) prot |= PROT_READ;
1041 if (phdr->p_flags & PF_W) prot |= PROT_WRITE;
1042 if (phdr->p_flags & PF_X) prot |= PROT_EXEC;
1043
1044 flags = MAP_PRIVATE;
1045 maddr = 0;
1046
1047 switch (params->flags & ELF_FDPIC_FLAG_ARRANGEMENT) {
1048 case ELF_FDPIC_FLAG_INDEPENDENT:
1049 /* PT_LOADs are independently locatable */
1050 break;
1051
1052 case ELF_FDPIC_FLAG_HONOURVADDR:
1053 /* the specified virtual address must be honoured */
1054 maddr = phdr->p_vaddr;
1055 flags |= MAP_FIXED;
1056 break;
1057
1058 case ELF_FDPIC_FLAG_CONSTDISP:
1059 /* constant displacement
1060 * - can be mapped anywhere, but must be mapped as a
1061 * unit
1062 */
1063 if (!dvset) {
1064 maddr = load_addr;
1065 delta_vaddr = phdr->p_vaddr;
1066 dvset = 1;
1067 } else {
1068 maddr = load_addr + phdr->p_vaddr - delta_vaddr;
1069 flags |= MAP_FIXED;
1070 }
1071 break;
1072
1073 case ELF_FDPIC_FLAG_CONTIGUOUS:
1074 /* contiguity handled later */
1075 break;
1076
1077 default:
1078 BUG();
1079 }
1080
1081 maddr &= PAGE_MASK;
1082
1083 /* create the mapping */
1084 disp = phdr->p_vaddr & ~PAGE_MASK;
1085 maddr = vm_mmap(file, maddr, phdr->p_memsz + disp, prot, flags,
1086 phdr->p_offset - disp);
1087
1088 kdebug("mmap[%d] <file> sz=%llx pr=%x fl=%x of=%llx --> %08lx",
1089 loop, (unsigned long long) phdr->p_memsz + disp,
1090 prot, flags, (unsigned long long) phdr->p_offset - disp,
1091 maddr);
1092
1093 if (IS_ERR_VALUE(maddr))
1094 return (int) maddr;
1095
1096 if ((params->flags & ELF_FDPIC_FLAG_ARRANGEMENT) ==
1097 ELF_FDPIC_FLAG_CONTIGUOUS)
1098 load_addr += PAGE_ALIGN(phdr->p_memsz + disp);
1099
1100 seg->addr = maddr + disp;
1101 seg->p_vaddr = phdr->p_vaddr;
1102 seg->p_memsz = phdr->p_memsz;
1103
1104 /* map the ELF header address if in this segment */
1105 if (phdr->p_offset == 0)
1106 params->elfhdr_addr = seg->addr;
1107
1108 /* clear the bit between beginning of mapping and beginning of
1109 * PT_LOAD */
1110 if (prot & PROT_WRITE && disp > 0) {
1111 kdebug("clear[%d] ad=%lx sz=%lx", loop, maddr, disp);
1112 if (clear_user((void __user *) maddr, disp))
1113 return -EFAULT;
1114 maddr += disp;
1115 }
1116
1117 /* clear any space allocated but not loaded
1118 * - on uClinux we can just clear the lot
1119 * - on MMU linux we'll get a SIGBUS beyond the last page
1120 * extant in the file
1121 */
1122 excess = phdr->p_memsz - phdr->p_filesz;
1123 excess1 = PAGE_SIZE - ((maddr + phdr->p_filesz) & ~PAGE_MASK);
1124
1125#ifdef CONFIG_MMU
1126 if (excess > excess1) {
1127 unsigned long xaddr = maddr + phdr->p_filesz + excess1;
1128 unsigned long xmaddr;
1129
1130 flags |= MAP_FIXED | MAP_ANONYMOUS;
1131 xmaddr = vm_mmap(NULL, xaddr, excess - excess1,
1132 prot, flags, 0);
1133
1134 kdebug("mmap[%d] <anon>"
1135 " ad=%lx sz=%lx pr=%x fl=%x of=0 --> %08lx",
1136 loop, xaddr, excess - excess1, prot, flags,
1137 xmaddr);
1138
1139 if (xmaddr != xaddr)
1140 return -ENOMEM;
1141 }
1142
1143 if (prot & PROT_WRITE && excess1 > 0) {
1144 kdebug("clear[%d] ad=%lx sz=%lx",
1145 loop, maddr + phdr->p_filesz, excess1);
1146 if (clear_user((void __user *) maddr + phdr->p_filesz,
1147 excess1))
1148 return -EFAULT;
1149 }
1150
1151#else
1152 if (excess > 0) {
1153 kdebug("clear[%d] ad=%llx sz=%lx", loop,
1154 (unsigned long long) maddr + phdr->p_filesz,
1155 excess);
1156 if (clear_user((void *) maddr + phdr->p_filesz, excess))
1157 return -EFAULT;
1158 }
1159#endif
1160
1161 if (mm) {
1162 if (phdr->p_flags & PF_X) {
1163 if (!mm->start_code) {
1164 mm->start_code = maddr;
1165 mm->end_code = maddr + phdr->p_memsz;
1166 }
1167 } else if (!mm->start_data) {
1168 mm->start_data = maddr;
1169 mm->end_data = maddr + phdr->p_memsz;
1170 }
1171 }
1172
1173 seg++;
1174 }
1175
1176 return 0;
1177}
1178
1179/*****************************************************************************/
1180/*
1181 * ELF-FDPIC core dumper
1182 *
1183 * Modelled on fs/exec.c:aout_core_dump()
1184 * Jeremy Fitzhardinge <jeremy@sw.oz.au>
1185 *
1186 * Modelled on fs/binfmt_elf.c core dumper
1187 */
1188#ifdef CONFIG_ELF_CORE
1189
1190struct elf_prstatus_fdpic
1191{
1192 struct elf_prstatus_common common;
1193 elf_gregset_t pr_reg; /* GP registers */
1194 /* When using FDPIC, the loadmap addresses need to be communicated
1195 * to GDB in order for GDB to do the necessary relocations. The
1196 * fields (below) used to communicate this information are placed
1197 * immediately after ``pr_reg'', so that the loadmap addresses may
1198 * be viewed as part of the register set if so desired.
1199 */
1200 unsigned long pr_exec_fdpic_loadmap;
1201 unsigned long pr_interp_fdpic_loadmap;
1202 int pr_fpvalid; /* True if math co-processor being used. */
1203};
1204
1205/* An ELF note in memory */
1206struct memelfnote
1207{
1208 const char *name;
1209 int type;
1210 unsigned int datasz;
1211 void *data;
1212};
1213
1214static int notesize(struct memelfnote *en)
1215{
1216 int sz;
1217
1218 sz = sizeof(struct elf_note);
1219 sz += roundup(strlen(en->name) + 1, 4);
1220 sz += roundup(en->datasz, 4);
1221
1222 return sz;
1223}
1224
1225/* #define DEBUG */
1226
1227static int writenote(struct memelfnote *men, struct coredump_params *cprm)
1228{
1229 struct elf_note en;
1230 en.n_namesz = strlen(men->name) + 1;
1231 en.n_descsz = men->datasz;
1232 en.n_type = men->type;
1233
1234 return dump_emit(cprm, &en, sizeof(en)) &&
1235 dump_emit(cprm, men->name, en.n_namesz) && dump_align(cprm, 4) &&
1236 dump_emit(cprm, men->data, men->datasz) && dump_align(cprm, 4);
1237}
1238
1239static inline void fill_elf_fdpic_header(struct elfhdr *elf, int segs)
1240{
1241 memcpy(elf->e_ident, ELFMAG, SELFMAG);
1242 elf->e_ident[EI_CLASS] = ELF_CLASS;
1243 elf->e_ident[EI_DATA] = ELF_DATA;
1244 elf->e_ident[EI_VERSION] = EV_CURRENT;
1245 elf->e_ident[EI_OSABI] = ELF_OSABI;
1246 memset(elf->e_ident+EI_PAD, 0, EI_NIDENT-EI_PAD);
1247
1248 elf->e_type = ET_CORE;
1249 elf->e_machine = ELF_ARCH;
1250 elf->e_version = EV_CURRENT;
1251 elf->e_entry = 0;
1252 elf->e_phoff = sizeof(struct elfhdr);
1253 elf->e_shoff = 0;
1254 elf->e_flags = ELF_FDPIC_CORE_EFLAGS;
1255 elf->e_ehsize = sizeof(struct elfhdr);
1256 elf->e_phentsize = sizeof(struct elf_phdr);
1257 elf->e_phnum = segs;
1258 elf->e_shentsize = 0;
1259 elf->e_shnum = 0;
1260 elf->e_shstrndx = 0;
1261 return;
1262}
1263
1264static inline void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, loff_t offset)
1265{
1266 phdr->p_type = PT_NOTE;
1267 phdr->p_offset = offset;
1268 phdr->p_vaddr = 0;
1269 phdr->p_paddr = 0;
1270 phdr->p_filesz = sz;
1271 phdr->p_memsz = 0;
1272 phdr->p_flags = 0;
1273 phdr->p_align = 4;
1274 return;
1275}
1276
1277static inline void fill_note(struct memelfnote *note, const char *name, int type,
1278 unsigned int sz, void *data)
1279{
1280 note->name = name;
1281 note->type = type;
1282 note->datasz = sz;
1283 note->data = data;
1284 return;
1285}
1286
1287/*
1288 * fill up all the fields in prstatus from the given task struct, except
1289 * registers which need to be filled up separately.
1290 */
1291static void fill_prstatus(struct elf_prstatus_common *prstatus,
1292 struct task_struct *p, long signr)
1293{
1294 prstatus->pr_info.si_signo = prstatus->pr_cursig = signr;
1295 prstatus->pr_sigpend = p->pending.signal.sig[0];
1296 prstatus->pr_sighold = p->blocked.sig[0];
1297 rcu_read_lock();
1298 prstatus->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1299 rcu_read_unlock();
1300 prstatus->pr_pid = task_pid_vnr(p);
1301 prstatus->pr_pgrp = task_pgrp_vnr(p);
1302 prstatus->pr_sid = task_session_vnr(p);
1303 if (thread_group_leader(p)) {
1304 struct task_cputime cputime;
1305
1306 /*
1307 * This is the record for the group leader. It shows the
1308 * group-wide total, not its individual thread total.
1309 */
1310 thread_group_cputime(p, &cputime);
1311 prstatus->pr_utime = ns_to_kernel_old_timeval(cputime.utime);
1312 prstatus->pr_stime = ns_to_kernel_old_timeval(cputime.stime);
1313 } else {
1314 u64 utime, stime;
1315
1316 task_cputime(p, &utime, &stime);
1317 prstatus->pr_utime = ns_to_kernel_old_timeval(utime);
1318 prstatus->pr_stime = ns_to_kernel_old_timeval(stime);
1319 }
1320 prstatus->pr_cutime = ns_to_kernel_old_timeval(p->signal->cutime);
1321 prstatus->pr_cstime = ns_to_kernel_old_timeval(p->signal->cstime);
1322}
1323
1324static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p,
1325 struct mm_struct *mm)
1326{
1327 const struct cred *cred;
1328 unsigned int i, len;
1329 unsigned int state;
1330
1331 /* first copy the parameters from user space */
1332 memset(psinfo, 0, sizeof(struct elf_prpsinfo));
1333
1334 len = mm->arg_end - mm->arg_start;
1335 if (len >= ELF_PRARGSZ)
1336 len = ELF_PRARGSZ - 1;
1337 if (copy_from_user(&psinfo->pr_psargs,
1338 (const char __user *) mm->arg_start, len))
1339 return -EFAULT;
1340 for (i = 0; i < len; i++)
1341 if (psinfo->pr_psargs[i] == 0)
1342 psinfo->pr_psargs[i] = ' ';
1343 psinfo->pr_psargs[len] = 0;
1344
1345 rcu_read_lock();
1346 psinfo->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1347 rcu_read_unlock();
1348 psinfo->pr_pid = task_pid_vnr(p);
1349 psinfo->pr_pgrp = task_pgrp_vnr(p);
1350 psinfo->pr_sid = task_session_vnr(p);
1351
1352 state = READ_ONCE(p->__state);
1353 i = state ? ffz(~state) + 1 : 0;
1354 psinfo->pr_state = i;
1355 psinfo->pr_sname = (i > 5) ? '.' : "RSDTZW"[i];
1356 psinfo->pr_zomb = psinfo->pr_sname == 'Z';
1357 psinfo->pr_nice = task_nice(p);
1358 psinfo->pr_flag = p->flags;
1359 rcu_read_lock();
1360 cred = __task_cred(p);
1361 SET_UID(psinfo->pr_uid, from_kuid_munged(cred->user_ns, cred->uid));
1362 SET_GID(psinfo->pr_gid, from_kgid_munged(cred->user_ns, cred->gid));
1363 rcu_read_unlock();
1364 get_task_comm(psinfo->pr_fname, p);
1365
1366 return 0;
1367}
1368
1369/* Here is the structure in which status of each thread is captured. */
1370struct elf_thread_status
1371{
1372 struct elf_thread_status *next;
1373 struct elf_prstatus_fdpic prstatus; /* NT_PRSTATUS */
1374 elf_fpregset_t fpu; /* NT_PRFPREG */
1375 struct memelfnote notes[2];
1376 int num_notes;
1377};
1378
1379/*
1380 * In order to add the specific thread information for the elf file format,
1381 * we need to keep a linked list of every thread's pr_status and then create
1382 * a single section for them in the final core file.
1383 */
1384static struct elf_thread_status *elf_dump_thread_status(long signr, struct task_struct *p, int *sz)
1385{
1386 const struct user_regset_view *view = task_user_regset_view(p);
1387 struct elf_thread_status *t;
1388 int i, ret;
1389
1390 t = kzalloc(sizeof(struct elf_thread_status), GFP_KERNEL);
1391 if (!t)
1392 return t;
1393
1394 fill_prstatus(&t->prstatus.common, p, signr);
1395 t->prstatus.pr_exec_fdpic_loadmap = p->mm->context.exec_fdpic_loadmap;
1396 t->prstatus.pr_interp_fdpic_loadmap = p->mm->context.interp_fdpic_loadmap;
1397 regset_get(p, &view->regsets[0],
1398 sizeof(t->prstatus.pr_reg), &t->prstatus.pr_reg);
1399
1400 fill_note(&t->notes[0], "CORE", NT_PRSTATUS, sizeof(t->prstatus),
1401 &t->prstatus);
1402 t->num_notes++;
1403 *sz += notesize(&t->notes[0]);
1404
1405 for (i = 1; i < view->n; ++i) {
1406 const struct user_regset *regset = &view->regsets[i];
1407 if (regset->core_note_type != NT_PRFPREG)
1408 continue;
1409 if (regset->active && regset->active(p, regset) <= 0)
1410 continue;
1411 ret = regset_get(p, regset, sizeof(t->fpu), &t->fpu);
1412 if (ret >= 0)
1413 t->prstatus.pr_fpvalid = 1;
1414 break;
1415 }
1416
1417 if (t->prstatus.pr_fpvalid) {
1418 fill_note(&t->notes[1], "CORE", NT_PRFPREG, sizeof(t->fpu),
1419 &t->fpu);
1420 t->num_notes++;
1421 *sz += notesize(&t->notes[1]);
1422 }
1423 return t;
1424}
1425
1426static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
1427 elf_addr_t e_shoff, int segs)
1428{
1429 elf->e_shoff = e_shoff;
1430 elf->e_shentsize = sizeof(*shdr4extnum);
1431 elf->e_shnum = 1;
1432 elf->e_shstrndx = SHN_UNDEF;
1433
1434 memset(shdr4extnum, 0, sizeof(*shdr4extnum));
1435
1436 shdr4extnum->sh_type = SHT_NULL;
1437 shdr4extnum->sh_size = elf->e_shnum;
1438 shdr4extnum->sh_link = elf->e_shstrndx;
1439 shdr4extnum->sh_info = segs;
1440}
1441
1442/*
1443 * dump the segments for an MMU process
1444 */
1445static bool elf_fdpic_dump_segments(struct coredump_params *cprm,
1446 struct core_vma_metadata *vma_meta,
1447 int vma_count)
1448{
1449 int i;
1450
1451 for (i = 0; i < vma_count; i++) {
1452 struct core_vma_metadata *meta = vma_meta + i;
1453
1454 if (!dump_user_range(cprm, meta->start, meta->dump_size))
1455 return false;
1456 }
1457 return true;
1458}
1459
1460/*
1461 * Actual dumper
1462 *
1463 * This is a two-pass process; first we find the offsets of the bits,
1464 * and then they are actually written out. If we run out of core limit
1465 * we just truncate.
1466 */
1467static int elf_fdpic_core_dump(struct coredump_params *cprm)
1468{
1469 int has_dumped = 0;
1470 int segs;
1471 int i;
1472 struct elfhdr *elf = NULL;
1473 loff_t offset = 0, dataoff;
1474 struct memelfnote psinfo_note, auxv_note;
1475 struct elf_prpsinfo *psinfo = NULL; /* NT_PRPSINFO */
1476 struct elf_thread_status *thread_list = NULL;
1477 int thread_status_size = 0;
1478 elf_addr_t *auxv;
1479 struct elf_phdr *phdr4note = NULL;
1480 struct elf_shdr *shdr4extnum = NULL;
1481 Elf_Half e_phnum;
1482 elf_addr_t e_shoff;
1483 struct core_thread *ct;
1484 struct elf_thread_status *tmp;
1485
1486 /* alloc memory for large data structures: too large to be on stack */
1487 elf = kmalloc(sizeof(*elf), GFP_KERNEL);
1488 if (!elf)
1489 goto end_coredump;
1490 psinfo = kmalloc(sizeof(*psinfo), GFP_KERNEL);
1491 if (!psinfo)
1492 goto end_coredump;
1493
1494 for (ct = current->signal->core_state->dumper.next;
1495 ct; ct = ct->next) {
1496 tmp = elf_dump_thread_status(cprm->siginfo->si_signo,
1497 ct->task, &thread_status_size);
1498 if (!tmp)
1499 goto end_coredump;
1500
1501 tmp->next = thread_list;
1502 thread_list = tmp;
1503 }
1504
1505 /* now collect the dump for the current */
1506 tmp = elf_dump_thread_status(cprm->siginfo->si_signo,
1507 current, &thread_status_size);
1508 if (!tmp)
1509 goto end_coredump;
1510 tmp->next = thread_list;
1511 thread_list = tmp;
1512
1513 segs = cprm->vma_count + elf_core_extra_phdrs(cprm);
1514
1515 /* for notes section */
1516 segs++;
1517
1518 /* If segs > PN_XNUM(0xffff), then e_phnum overflows. To avoid
1519 * this, kernel supports extended numbering. Have a look at
1520 * include/linux/elf.h for further information. */
1521 e_phnum = segs > PN_XNUM ? PN_XNUM : segs;
1522
1523 /* Set up header */
1524 fill_elf_fdpic_header(elf, e_phnum);
1525
1526 has_dumped = 1;
1527 /*
1528 * Set up the notes in similar form to SVR4 core dumps made
1529 * with info from their /proc.
1530 */
1531
1532 fill_psinfo(psinfo, current->group_leader, current->mm);
1533 fill_note(&psinfo_note, "CORE", NT_PRPSINFO, sizeof(*psinfo), psinfo);
1534 thread_status_size += notesize(&psinfo_note);
1535
1536 auxv = (elf_addr_t *) current->mm->saved_auxv;
1537 i = 0;
1538 do
1539 i += 2;
1540 while (auxv[i - 2] != AT_NULL);
1541 fill_note(&auxv_note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
1542 thread_status_size += notesize(&auxv_note);
1543
1544 offset = sizeof(*elf); /* ELF header */
1545 offset += segs * sizeof(struct elf_phdr); /* Program headers */
1546
1547 /* Write notes phdr entry */
1548 phdr4note = kmalloc(sizeof(*phdr4note), GFP_KERNEL);
1549 if (!phdr4note)
1550 goto end_coredump;
1551
1552 fill_elf_note_phdr(phdr4note, thread_status_size, offset);
1553 offset += thread_status_size;
1554
1555 /* Page-align dumped data */
1556 dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
1557
1558 offset += cprm->vma_data_size;
1559 offset += elf_core_extra_data_size(cprm);
1560 e_shoff = offset;
1561
1562 if (e_phnum == PN_XNUM) {
1563 shdr4extnum = kmalloc(sizeof(*shdr4extnum), GFP_KERNEL);
1564 if (!shdr4extnum)
1565 goto end_coredump;
1566 fill_extnum_info(elf, shdr4extnum, e_shoff, segs);
1567 }
1568
1569 offset = dataoff;
1570
1571 if (!dump_emit(cprm, elf, sizeof(*elf)))
1572 goto end_coredump;
1573
1574 if (!dump_emit(cprm, phdr4note, sizeof(*phdr4note)))
1575 goto end_coredump;
1576
1577 /* write program headers for segments dump */
1578 for (i = 0; i < cprm->vma_count; i++) {
1579 struct core_vma_metadata *meta = cprm->vma_meta + i;
1580 struct elf_phdr phdr;
1581 size_t sz;
1582
1583 sz = meta->end - meta->start;
1584
1585 phdr.p_type = PT_LOAD;
1586 phdr.p_offset = offset;
1587 phdr.p_vaddr = meta->start;
1588 phdr.p_paddr = 0;
1589 phdr.p_filesz = meta->dump_size;
1590 phdr.p_memsz = sz;
1591 offset += phdr.p_filesz;
1592 phdr.p_flags = 0;
1593 if (meta->flags & VM_READ)
1594 phdr.p_flags |= PF_R;
1595 if (meta->flags & VM_WRITE)
1596 phdr.p_flags |= PF_W;
1597 if (meta->flags & VM_EXEC)
1598 phdr.p_flags |= PF_X;
1599 phdr.p_align = ELF_EXEC_PAGESIZE;
1600
1601 if (!dump_emit(cprm, &phdr, sizeof(phdr)))
1602 goto end_coredump;
1603 }
1604
1605 if (!elf_core_write_extra_phdrs(cprm, offset))
1606 goto end_coredump;
1607
1608 /* write out the notes section */
1609 if (!writenote(thread_list->notes, cprm))
1610 goto end_coredump;
1611 if (!writenote(&psinfo_note, cprm))
1612 goto end_coredump;
1613 if (!writenote(&auxv_note, cprm))
1614 goto end_coredump;
1615 for (i = 1; i < thread_list->num_notes; i++)
1616 if (!writenote(thread_list->notes + i, cprm))
1617 goto end_coredump;
1618
1619 /* write out the thread status notes section */
1620 for (tmp = thread_list->next; tmp; tmp = tmp->next) {
1621 for (i = 0; i < tmp->num_notes; i++)
1622 if (!writenote(&tmp->notes[i], cprm))
1623 goto end_coredump;
1624 }
1625
1626 dump_skip_to(cprm, dataoff);
1627
1628 if (!elf_fdpic_dump_segments(cprm, cprm->vma_meta, cprm->vma_count))
1629 goto end_coredump;
1630
1631 if (!elf_core_write_extra_data(cprm))
1632 goto end_coredump;
1633
1634 if (e_phnum == PN_XNUM) {
1635 if (!dump_emit(cprm, shdr4extnum, sizeof(*shdr4extnum)))
1636 goto end_coredump;
1637 }
1638
1639 if (cprm->file->f_pos != offset) {
1640 /* Sanity check */
1641 printk(KERN_WARNING
1642 "elf_core_dump: file->f_pos (%lld) != offset (%lld)\n",
1643 cprm->file->f_pos, offset);
1644 }
1645
1646end_coredump:
1647 while (thread_list) {
1648 tmp = thread_list;
1649 thread_list = thread_list->next;
1650 kfree(tmp);
1651 }
1652 kfree(phdr4note);
1653 kfree(elf);
1654 kfree(psinfo);
1655 kfree(shdr4extnum);
1656 return has_dumped;
1657}
1658
1659#endif /* CONFIG_ELF_CORE */