Loading...
1/*
2 * linux/fs/binfmt_elf.c
3 *
4 * These are the functions used to load ELF format executables as used
5 * on SVr4 machines. Information on the format may be found in the book
6 * "UNIX SYSTEM V RELEASE 4 Programmers Guide: Ansi C and Programming Support
7 * Tools".
8 *
9 * Copyright 1993, 1994: Eric Youngdale (ericy@cais.com).
10 */
11
12#include <linux/module.h>
13#include <linux/kernel.h>
14#include <linux/fs.h>
15#include <linux/mm.h>
16#include <linux/mman.h>
17#include <linux/errno.h>
18#include <linux/signal.h>
19#include <linux/binfmts.h>
20#include <linux/string.h>
21#include <linux/file.h>
22#include <linux/slab.h>
23#include <linux/personality.h>
24#include <linux/elfcore.h>
25#include <linux/init.h>
26#include <linux/highuid.h>
27#include <linux/compiler.h>
28#include <linux/highmem.h>
29#include <linux/pagemap.h>
30#include <linux/vmalloc.h>
31#include <linux/security.h>
32#include <linux/random.h>
33#include <linux/elf.h>
34#include <linux/elf-randomize.h>
35#include <linux/utsname.h>
36#include <linux/coredump.h>
37#include <linux/sched.h>
38#include <linux/dax.h>
39#include <linux/uaccess.h>
40#include <asm/param.h>
41#include <asm/page.h>
42
43#ifndef user_long_t
44#define user_long_t long
45#endif
46#ifndef user_siginfo_t
47#define user_siginfo_t siginfo_t
48#endif
49
50static int load_elf_binary(struct linux_binprm *bprm);
51static unsigned long elf_map(struct file *, unsigned long, struct elf_phdr *,
52 int, int, unsigned long);
53
54#ifdef CONFIG_USELIB
55static int load_elf_library(struct file *);
56#else
57#define load_elf_library NULL
58#endif
59
60/*
61 * If we don't support core dumping, then supply a NULL so we
62 * don't even try.
63 */
64#ifdef CONFIG_ELF_CORE
65static int elf_core_dump(struct coredump_params *cprm);
66#else
67#define elf_core_dump NULL
68#endif
69
70#if ELF_EXEC_PAGESIZE > PAGE_SIZE
71#define ELF_MIN_ALIGN ELF_EXEC_PAGESIZE
72#else
73#define ELF_MIN_ALIGN PAGE_SIZE
74#endif
75
76#ifndef ELF_CORE_EFLAGS
77#define ELF_CORE_EFLAGS 0
78#endif
79
80#define ELF_PAGESTART(_v) ((_v) & ~(unsigned long)(ELF_MIN_ALIGN-1))
81#define ELF_PAGEOFFSET(_v) ((_v) & (ELF_MIN_ALIGN-1))
82#define ELF_PAGEALIGN(_v) (((_v) + ELF_MIN_ALIGN - 1) & ~(ELF_MIN_ALIGN - 1))
83
84static struct linux_binfmt elf_format = {
85 .module = THIS_MODULE,
86 .load_binary = load_elf_binary,
87 .load_shlib = load_elf_library,
88 .core_dump = elf_core_dump,
89 .min_coredump = ELF_EXEC_PAGESIZE,
90};
91
92#define BAD_ADDR(x) ((unsigned long)(x) >= TASK_SIZE)
93
94static int set_brk(unsigned long start, unsigned long end)
95{
96 start = ELF_PAGEALIGN(start);
97 end = ELF_PAGEALIGN(end);
98 if (end > start) {
99 int error = vm_brk(start, end - start);
100 if (error)
101 return error;
102 }
103 current->mm->start_brk = current->mm->brk = end;
104 return 0;
105}
106
107/* We need to explicitly zero any fractional pages
108 after the data section (i.e. bss). This would
109 contain the junk from the file that should not
110 be in memory
111 */
112static int padzero(unsigned long elf_bss)
113{
114 unsigned long nbyte;
115
116 nbyte = ELF_PAGEOFFSET(elf_bss);
117 if (nbyte) {
118 nbyte = ELF_MIN_ALIGN - nbyte;
119 if (clear_user((void __user *) elf_bss, nbyte))
120 return -EFAULT;
121 }
122 return 0;
123}
124
125/* Let's use some macros to make this stack manipulation a little clearer */
126#ifdef CONFIG_STACK_GROWSUP
127#define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) + (items))
128#define STACK_ROUND(sp, items) \
129 ((15 + (unsigned long) ((sp) + (items))) &~ 15UL)
130#define STACK_ALLOC(sp, len) ({ \
131 elf_addr_t __user *old_sp = (elf_addr_t __user *)sp; sp += len; \
132 old_sp; })
133#else
134#define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) - (items))
135#define STACK_ROUND(sp, items) \
136 (((unsigned long) (sp - items)) &~ 15UL)
137#define STACK_ALLOC(sp, len) ({ sp -= len ; sp; })
138#endif
139
140#ifndef ELF_BASE_PLATFORM
141/*
142 * AT_BASE_PLATFORM indicates the "real" hardware/microarchitecture.
143 * If the arch defines ELF_BASE_PLATFORM (in asm/elf.h), the value
144 * will be copied to the user stack in the same manner as AT_PLATFORM.
145 */
146#define ELF_BASE_PLATFORM NULL
147#endif
148
149static int
150create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
151 unsigned long load_addr, unsigned long interp_load_addr)
152{
153 unsigned long p = bprm->p;
154 int argc = bprm->argc;
155 int envc = bprm->envc;
156 elf_addr_t __user *argv;
157 elf_addr_t __user *envp;
158 elf_addr_t __user *sp;
159 elf_addr_t __user *u_platform;
160 elf_addr_t __user *u_base_platform;
161 elf_addr_t __user *u_rand_bytes;
162 const char *k_platform = ELF_PLATFORM;
163 const char *k_base_platform = ELF_BASE_PLATFORM;
164 unsigned char k_rand_bytes[16];
165 int items;
166 elf_addr_t *elf_info;
167 int ei_index = 0;
168 const struct cred *cred = current_cred();
169 struct vm_area_struct *vma;
170
171 /*
172 * In some cases (e.g. Hyper-Threading), we want to avoid L1
173 * evictions by the processes running on the same package. One
174 * thing we can do is to shuffle the initial stack for them.
175 */
176
177 p = arch_align_stack(p);
178
179 /*
180 * If this architecture has a platform capability string, copy it
181 * to userspace. In some cases (Sparc), this info is impossible
182 * for userspace to get any other way, in others (i386) it is
183 * merely difficult.
184 */
185 u_platform = NULL;
186 if (k_platform) {
187 size_t len = strlen(k_platform) + 1;
188
189 u_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
190 if (__copy_to_user(u_platform, k_platform, len))
191 return -EFAULT;
192 }
193
194 /*
195 * If this architecture has a "base" platform capability
196 * string, copy it to userspace.
197 */
198 u_base_platform = NULL;
199 if (k_base_platform) {
200 size_t len = strlen(k_base_platform) + 1;
201
202 u_base_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
203 if (__copy_to_user(u_base_platform, k_base_platform, len))
204 return -EFAULT;
205 }
206
207 /*
208 * Generate 16 random bytes for userspace PRNG seeding.
209 */
210 get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes));
211 u_rand_bytes = (elf_addr_t __user *)
212 STACK_ALLOC(p, sizeof(k_rand_bytes));
213 if (__copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes)))
214 return -EFAULT;
215
216 /* Create the ELF interpreter info */
217 elf_info = (elf_addr_t *)current->mm->saved_auxv;
218 /* update AT_VECTOR_SIZE_BASE if the number of NEW_AUX_ENT() changes */
219#define NEW_AUX_ENT(id, val) \
220 do { \
221 elf_info[ei_index++] = id; \
222 elf_info[ei_index++] = val; \
223 } while (0)
224
225#ifdef ARCH_DLINFO
226 /*
227 * ARCH_DLINFO must come first so PPC can do its special alignment of
228 * AUXV.
229 * update AT_VECTOR_SIZE_ARCH if the number of NEW_AUX_ENT() in
230 * ARCH_DLINFO changes
231 */
232 ARCH_DLINFO;
233#endif
234 NEW_AUX_ENT(AT_HWCAP, ELF_HWCAP);
235 NEW_AUX_ENT(AT_PAGESZ, ELF_EXEC_PAGESIZE);
236 NEW_AUX_ENT(AT_CLKTCK, CLOCKS_PER_SEC);
237 NEW_AUX_ENT(AT_PHDR, load_addr + exec->e_phoff);
238 NEW_AUX_ENT(AT_PHENT, sizeof(struct elf_phdr));
239 NEW_AUX_ENT(AT_PHNUM, exec->e_phnum);
240 NEW_AUX_ENT(AT_BASE, interp_load_addr);
241 NEW_AUX_ENT(AT_FLAGS, 0);
242 NEW_AUX_ENT(AT_ENTRY, exec->e_entry);
243 NEW_AUX_ENT(AT_UID, from_kuid_munged(cred->user_ns, cred->uid));
244 NEW_AUX_ENT(AT_EUID, from_kuid_munged(cred->user_ns, cred->euid));
245 NEW_AUX_ENT(AT_GID, from_kgid_munged(cred->user_ns, cred->gid));
246 NEW_AUX_ENT(AT_EGID, from_kgid_munged(cred->user_ns, cred->egid));
247 NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm));
248 NEW_AUX_ENT(AT_RANDOM, (elf_addr_t)(unsigned long)u_rand_bytes);
249#ifdef ELF_HWCAP2
250 NEW_AUX_ENT(AT_HWCAP2, ELF_HWCAP2);
251#endif
252 NEW_AUX_ENT(AT_EXECFN, bprm->exec);
253 if (k_platform) {
254 NEW_AUX_ENT(AT_PLATFORM,
255 (elf_addr_t)(unsigned long)u_platform);
256 }
257 if (k_base_platform) {
258 NEW_AUX_ENT(AT_BASE_PLATFORM,
259 (elf_addr_t)(unsigned long)u_base_platform);
260 }
261 if (bprm->interp_flags & BINPRM_FLAGS_EXECFD) {
262 NEW_AUX_ENT(AT_EXECFD, bprm->interp_data);
263 }
264#undef NEW_AUX_ENT
265 /* AT_NULL is zero; clear the rest too */
266 memset(&elf_info[ei_index], 0,
267 sizeof current->mm->saved_auxv - ei_index * sizeof elf_info[0]);
268
269 /* And advance past the AT_NULL entry. */
270 ei_index += 2;
271
272 sp = STACK_ADD(p, ei_index);
273
274 items = (argc + 1) + (envc + 1) + 1;
275 bprm->p = STACK_ROUND(sp, items);
276
277 /* Point sp at the lowest address on the stack */
278#ifdef CONFIG_STACK_GROWSUP
279 sp = (elf_addr_t __user *)bprm->p - items - ei_index;
280 bprm->exec = (unsigned long)sp; /* XXX: PARISC HACK */
281#else
282 sp = (elf_addr_t __user *)bprm->p;
283#endif
284
285
286 /*
287 * Grow the stack manually; some architectures have a limit on how
288 * far ahead a user-space access may be in order to grow the stack.
289 */
290 vma = find_extend_vma(current->mm, bprm->p);
291 if (!vma)
292 return -EFAULT;
293
294 /* Now, let's put argc (and argv, envp if appropriate) on the stack */
295 if (__put_user(argc, sp++))
296 return -EFAULT;
297 argv = sp;
298 envp = argv + argc + 1;
299
300 /* Populate argv and envp */
301 p = current->mm->arg_end = current->mm->arg_start;
302 while (argc-- > 0) {
303 size_t len;
304 if (__put_user((elf_addr_t)p, argv++))
305 return -EFAULT;
306 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
307 if (!len || len > MAX_ARG_STRLEN)
308 return -EINVAL;
309 p += len;
310 }
311 if (__put_user(0, argv))
312 return -EFAULT;
313 current->mm->arg_end = current->mm->env_start = p;
314 while (envc-- > 0) {
315 size_t len;
316 if (__put_user((elf_addr_t)p, envp++))
317 return -EFAULT;
318 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
319 if (!len || len > MAX_ARG_STRLEN)
320 return -EINVAL;
321 p += len;
322 }
323 if (__put_user(0, envp))
324 return -EFAULT;
325 current->mm->env_end = p;
326
327 /* Put the elf_info on the stack in the right place. */
328 sp = (elf_addr_t __user *)envp + 1;
329 if (copy_to_user(sp, elf_info, ei_index * sizeof(elf_addr_t)))
330 return -EFAULT;
331 return 0;
332}
333
334#ifndef elf_map
335
336static unsigned long elf_map(struct file *filep, unsigned long addr,
337 struct elf_phdr *eppnt, int prot, int type,
338 unsigned long total_size)
339{
340 unsigned long map_addr;
341 unsigned long size = eppnt->p_filesz + ELF_PAGEOFFSET(eppnt->p_vaddr);
342 unsigned long off = eppnt->p_offset - ELF_PAGEOFFSET(eppnt->p_vaddr);
343 addr = ELF_PAGESTART(addr);
344 size = ELF_PAGEALIGN(size);
345
346 /* mmap() will return -EINVAL if given a zero size, but a
347 * segment with zero filesize is perfectly valid */
348 if (!size)
349 return addr;
350
351 /*
352 * total_size is the size of the ELF (interpreter) image.
353 * The _first_ mmap needs to know the full size, otherwise
354 * randomization might put this image into an overlapping
355 * position with the ELF binary image. (since size < total_size)
356 * So we first map the 'big' image - and unmap the remainder at
357 * the end. (which unmap is needed for ELF images with holes.)
358 */
359 if (total_size) {
360 total_size = ELF_PAGEALIGN(total_size);
361 map_addr = vm_mmap(filep, addr, total_size, prot, type, off);
362 if (!BAD_ADDR(map_addr))
363 vm_munmap(map_addr+size, total_size-size);
364 } else
365 map_addr = vm_mmap(filep, addr, size, prot, type, off);
366
367 return(map_addr);
368}
369
370#endif /* !elf_map */
371
372static unsigned long total_mapping_size(struct elf_phdr *cmds, int nr)
373{
374 int i, first_idx = -1, last_idx = -1;
375
376 for (i = 0; i < nr; i++) {
377 if (cmds[i].p_type == PT_LOAD) {
378 last_idx = i;
379 if (first_idx == -1)
380 first_idx = i;
381 }
382 }
383 if (first_idx == -1)
384 return 0;
385
386 return cmds[last_idx].p_vaddr + cmds[last_idx].p_memsz -
387 ELF_PAGESTART(cmds[first_idx].p_vaddr);
388}
389
390/**
391 * load_elf_phdrs() - load ELF program headers
392 * @elf_ex: ELF header of the binary whose program headers should be loaded
393 * @elf_file: the opened ELF binary file
394 *
395 * Loads ELF program headers from the binary file elf_file, which has the ELF
396 * header pointed to by elf_ex, into a newly allocated array. The caller is
397 * responsible for freeing the allocated data. Returns an ERR_PTR upon failure.
398 */
399static struct elf_phdr *load_elf_phdrs(struct elfhdr *elf_ex,
400 struct file *elf_file)
401{
402 struct elf_phdr *elf_phdata = NULL;
403 int retval, size, err = -1;
404
405 /*
406 * If the size of this structure has changed, then punt, since
407 * we will be doing the wrong thing.
408 */
409 if (elf_ex->e_phentsize != sizeof(struct elf_phdr))
410 goto out;
411
412 /* Sanity check the number of program headers... */
413 if (elf_ex->e_phnum < 1 ||
414 elf_ex->e_phnum > 65536U / sizeof(struct elf_phdr))
415 goto out;
416
417 /* ...and their total size. */
418 size = sizeof(struct elf_phdr) * elf_ex->e_phnum;
419 if (size > ELF_MIN_ALIGN)
420 goto out;
421
422 elf_phdata = kmalloc(size, GFP_KERNEL);
423 if (!elf_phdata)
424 goto out;
425
426 /* Read in the program headers */
427 retval = kernel_read(elf_file, elf_ex->e_phoff,
428 (char *)elf_phdata, size);
429 if (retval != size) {
430 err = (retval < 0) ? retval : -EIO;
431 goto out;
432 }
433
434 /* Success! */
435 err = 0;
436out:
437 if (err) {
438 kfree(elf_phdata);
439 elf_phdata = NULL;
440 }
441 return elf_phdata;
442}
443
444#ifndef CONFIG_ARCH_BINFMT_ELF_STATE
445
446/**
447 * struct arch_elf_state - arch-specific ELF loading state
448 *
449 * This structure is used to preserve architecture specific data during
450 * the loading of an ELF file, throughout the checking of architecture
451 * specific ELF headers & through to the point where the ELF load is
452 * known to be proceeding (ie. SET_PERSONALITY).
453 *
454 * This implementation is a dummy for architectures which require no
455 * specific state.
456 */
457struct arch_elf_state {
458};
459
460#define INIT_ARCH_ELF_STATE {}
461
462/**
463 * arch_elf_pt_proc() - check a PT_LOPROC..PT_HIPROC ELF program header
464 * @ehdr: The main ELF header
465 * @phdr: The program header to check
466 * @elf: The open ELF file
467 * @is_interp: True if the phdr is from the interpreter of the ELF being
468 * loaded, else false.
469 * @state: Architecture-specific state preserved throughout the process
470 * of loading the ELF.
471 *
472 * Inspects the program header phdr to validate its correctness and/or
473 * suitability for the system. Called once per ELF program header in the
474 * range PT_LOPROC to PT_HIPROC, for both the ELF being loaded and its
475 * interpreter.
476 *
477 * Return: Zero to proceed with the ELF load, non-zero to fail the ELF load
478 * with that return code.
479 */
480static inline int arch_elf_pt_proc(struct elfhdr *ehdr,
481 struct elf_phdr *phdr,
482 struct file *elf, bool is_interp,
483 struct arch_elf_state *state)
484{
485 /* Dummy implementation, always proceed */
486 return 0;
487}
488
489/**
490 * arch_check_elf() - check an ELF executable
491 * @ehdr: The main ELF header
492 * @has_interp: True if the ELF has an interpreter, else false.
493 * @interp_ehdr: The interpreter's ELF header
494 * @state: Architecture-specific state preserved throughout the process
495 * of loading the ELF.
496 *
497 * Provides a final opportunity for architecture code to reject the loading
498 * of the ELF & cause an exec syscall to return an error. This is called after
499 * all program headers to be checked by arch_elf_pt_proc have been.
500 *
501 * Return: Zero to proceed with the ELF load, non-zero to fail the ELF load
502 * with that return code.
503 */
504static inline int arch_check_elf(struct elfhdr *ehdr, bool has_interp,
505 struct elfhdr *interp_ehdr,
506 struct arch_elf_state *state)
507{
508 /* Dummy implementation, always proceed */
509 return 0;
510}
511
512#endif /* !CONFIG_ARCH_BINFMT_ELF_STATE */
513
514/* This is much more generalized than the library routine read function,
515 so we keep this separate. Technically the library read function
516 is only provided so that we can read a.out libraries that have
517 an ELF header */
518
519static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
520 struct file *interpreter, unsigned long *interp_map_addr,
521 unsigned long no_base, struct elf_phdr *interp_elf_phdata)
522{
523 struct elf_phdr *eppnt;
524 unsigned long load_addr = 0;
525 int load_addr_set = 0;
526 unsigned long last_bss = 0, elf_bss = 0;
527 unsigned long error = ~0UL;
528 unsigned long total_size;
529 int i;
530
531 /* First of all, some simple consistency checks */
532 if (interp_elf_ex->e_type != ET_EXEC &&
533 interp_elf_ex->e_type != ET_DYN)
534 goto out;
535 if (!elf_check_arch(interp_elf_ex))
536 goto out;
537 if (!interpreter->f_op->mmap)
538 goto out;
539
540 total_size = total_mapping_size(interp_elf_phdata,
541 interp_elf_ex->e_phnum);
542 if (!total_size) {
543 error = -EINVAL;
544 goto out;
545 }
546
547 eppnt = interp_elf_phdata;
548 for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) {
549 if (eppnt->p_type == PT_LOAD) {
550 int elf_type = MAP_PRIVATE | MAP_DENYWRITE;
551 int elf_prot = 0;
552 unsigned long vaddr = 0;
553 unsigned long k, map_addr;
554
555 if (eppnt->p_flags & PF_R)
556 elf_prot = PROT_READ;
557 if (eppnt->p_flags & PF_W)
558 elf_prot |= PROT_WRITE;
559 if (eppnt->p_flags & PF_X)
560 elf_prot |= PROT_EXEC;
561 vaddr = eppnt->p_vaddr;
562 if (interp_elf_ex->e_type == ET_EXEC || load_addr_set)
563 elf_type |= MAP_FIXED;
564 else if (no_base && interp_elf_ex->e_type == ET_DYN)
565 load_addr = -vaddr;
566
567 map_addr = elf_map(interpreter, load_addr + vaddr,
568 eppnt, elf_prot, elf_type, total_size);
569 total_size = 0;
570 if (!*interp_map_addr)
571 *interp_map_addr = map_addr;
572 error = map_addr;
573 if (BAD_ADDR(map_addr))
574 goto out;
575
576 if (!load_addr_set &&
577 interp_elf_ex->e_type == ET_DYN) {
578 load_addr = map_addr - ELF_PAGESTART(vaddr);
579 load_addr_set = 1;
580 }
581
582 /*
583 * Check to see if the section's size will overflow the
584 * allowed task size. Note that p_filesz must always be
585 * <= p_memsize so it's only necessary to check p_memsz.
586 */
587 k = load_addr + eppnt->p_vaddr;
588 if (BAD_ADDR(k) ||
589 eppnt->p_filesz > eppnt->p_memsz ||
590 eppnt->p_memsz > TASK_SIZE ||
591 TASK_SIZE - eppnt->p_memsz < k) {
592 error = -ENOMEM;
593 goto out;
594 }
595
596 /*
597 * Find the end of the file mapping for this phdr, and
598 * keep track of the largest address we see for this.
599 */
600 k = load_addr + eppnt->p_vaddr + eppnt->p_filesz;
601 if (k > elf_bss)
602 elf_bss = k;
603
604 /*
605 * Do the same thing for the memory mapping - between
606 * elf_bss and last_bss is the bss section.
607 */
608 k = load_addr + eppnt->p_vaddr + eppnt->p_memsz;
609 if (k > last_bss)
610 last_bss = k;
611 }
612 }
613
614 /*
615 * Now fill out the bss section: first pad the last page from
616 * the file up to the page boundary, and zero it from elf_bss
617 * up to the end of the page.
618 */
619 if (padzero(elf_bss)) {
620 error = -EFAULT;
621 goto out;
622 }
623 /*
624 * Next, align both the file and mem bss up to the page size,
625 * since this is where elf_bss was just zeroed up to, and where
626 * last_bss will end after the vm_brk() below.
627 */
628 elf_bss = ELF_PAGEALIGN(elf_bss);
629 last_bss = ELF_PAGEALIGN(last_bss);
630 /* Finally, if there is still more bss to allocate, do it. */
631 if (last_bss > elf_bss) {
632 error = vm_brk(elf_bss, last_bss - elf_bss);
633 if (error)
634 goto out;
635 }
636
637 error = load_addr;
638out:
639 return error;
640}
641
642/*
643 * These are the functions used to load ELF style executables and shared
644 * libraries. There is no binary dependent code anywhere else.
645 */
646
647#ifndef STACK_RND_MASK
648#define STACK_RND_MASK (0x7ff >> (PAGE_SHIFT - 12)) /* 8MB of VA */
649#endif
650
651static unsigned long randomize_stack_top(unsigned long stack_top)
652{
653 unsigned long random_variable = 0;
654
655 if ((current->flags & PF_RANDOMIZE) &&
656 !(current->personality & ADDR_NO_RANDOMIZE)) {
657 random_variable = get_random_long();
658 random_variable &= STACK_RND_MASK;
659 random_variable <<= PAGE_SHIFT;
660 }
661#ifdef CONFIG_STACK_GROWSUP
662 return PAGE_ALIGN(stack_top) + random_variable;
663#else
664 return PAGE_ALIGN(stack_top) - random_variable;
665#endif
666}
667
668static int load_elf_binary(struct linux_binprm *bprm)
669{
670 struct file *interpreter = NULL; /* to shut gcc up */
671 unsigned long load_addr = 0, load_bias = 0;
672 int load_addr_set = 0;
673 char * elf_interpreter = NULL;
674 unsigned long error;
675 struct elf_phdr *elf_ppnt, *elf_phdata, *interp_elf_phdata = NULL;
676 unsigned long elf_bss, elf_brk;
677 int retval, i;
678 unsigned long elf_entry;
679 unsigned long interp_load_addr = 0;
680 unsigned long start_code, end_code, start_data, end_data;
681 unsigned long reloc_func_desc __maybe_unused = 0;
682 int executable_stack = EXSTACK_DEFAULT;
683 struct pt_regs *regs = current_pt_regs();
684 struct {
685 struct elfhdr elf_ex;
686 struct elfhdr interp_elf_ex;
687 } *loc;
688 struct arch_elf_state arch_state = INIT_ARCH_ELF_STATE;
689
690 loc = kmalloc(sizeof(*loc), GFP_KERNEL);
691 if (!loc) {
692 retval = -ENOMEM;
693 goto out_ret;
694 }
695
696 /* Get the exec-header */
697 loc->elf_ex = *((struct elfhdr *)bprm->buf);
698
699 retval = -ENOEXEC;
700 /* First of all, some simple consistency checks */
701 if (memcmp(loc->elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
702 goto out;
703
704 if (loc->elf_ex.e_type != ET_EXEC && loc->elf_ex.e_type != ET_DYN)
705 goto out;
706 if (!elf_check_arch(&loc->elf_ex))
707 goto out;
708 if (!bprm->file->f_op->mmap)
709 goto out;
710
711 elf_phdata = load_elf_phdrs(&loc->elf_ex, bprm->file);
712 if (!elf_phdata)
713 goto out;
714
715 elf_ppnt = elf_phdata;
716 elf_bss = 0;
717 elf_brk = 0;
718
719 start_code = ~0UL;
720 end_code = 0;
721 start_data = 0;
722 end_data = 0;
723
724 for (i = 0; i < loc->elf_ex.e_phnum; i++) {
725 if (elf_ppnt->p_type == PT_INTERP) {
726 /* This is the program interpreter used for
727 * shared libraries - for now assume that this
728 * is an a.out format binary
729 */
730 retval = -ENOEXEC;
731 if (elf_ppnt->p_filesz > PATH_MAX ||
732 elf_ppnt->p_filesz < 2)
733 goto out_free_ph;
734
735 retval = -ENOMEM;
736 elf_interpreter = kmalloc(elf_ppnt->p_filesz,
737 GFP_KERNEL);
738 if (!elf_interpreter)
739 goto out_free_ph;
740
741 retval = kernel_read(bprm->file, elf_ppnt->p_offset,
742 elf_interpreter,
743 elf_ppnt->p_filesz);
744 if (retval != elf_ppnt->p_filesz) {
745 if (retval >= 0)
746 retval = -EIO;
747 goto out_free_interp;
748 }
749 /* make sure path is NULL terminated */
750 retval = -ENOEXEC;
751 if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0')
752 goto out_free_interp;
753
754 interpreter = open_exec(elf_interpreter);
755 retval = PTR_ERR(interpreter);
756 if (IS_ERR(interpreter))
757 goto out_free_interp;
758
759 /*
760 * If the binary is not readable then enforce
761 * mm->dumpable = 0 regardless of the interpreter's
762 * permissions.
763 */
764 would_dump(bprm, interpreter);
765
766 /* Get the exec headers */
767 retval = kernel_read(interpreter, 0,
768 (void *)&loc->interp_elf_ex,
769 sizeof(loc->interp_elf_ex));
770 if (retval != sizeof(loc->interp_elf_ex)) {
771 if (retval >= 0)
772 retval = -EIO;
773 goto out_free_dentry;
774 }
775
776 break;
777 }
778 elf_ppnt++;
779 }
780
781 elf_ppnt = elf_phdata;
782 for (i = 0; i < loc->elf_ex.e_phnum; i++, elf_ppnt++)
783 switch (elf_ppnt->p_type) {
784 case PT_GNU_STACK:
785 if (elf_ppnt->p_flags & PF_X)
786 executable_stack = EXSTACK_ENABLE_X;
787 else
788 executable_stack = EXSTACK_DISABLE_X;
789 break;
790
791 case PT_LOPROC ... PT_HIPROC:
792 retval = arch_elf_pt_proc(&loc->elf_ex, elf_ppnt,
793 bprm->file, false,
794 &arch_state);
795 if (retval)
796 goto out_free_dentry;
797 break;
798 }
799
800 /* Some simple consistency checks for the interpreter */
801 if (elf_interpreter) {
802 retval = -ELIBBAD;
803 /* Not an ELF interpreter */
804 if (memcmp(loc->interp_elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
805 goto out_free_dentry;
806 /* Verify the interpreter has a valid arch */
807 if (!elf_check_arch(&loc->interp_elf_ex))
808 goto out_free_dentry;
809
810 /* Load the interpreter program headers */
811 interp_elf_phdata = load_elf_phdrs(&loc->interp_elf_ex,
812 interpreter);
813 if (!interp_elf_phdata)
814 goto out_free_dentry;
815
816 /* Pass PT_LOPROC..PT_HIPROC headers to arch code */
817 elf_ppnt = interp_elf_phdata;
818 for (i = 0; i < loc->interp_elf_ex.e_phnum; i++, elf_ppnt++)
819 switch (elf_ppnt->p_type) {
820 case PT_LOPROC ... PT_HIPROC:
821 retval = arch_elf_pt_proc(&loc->interp_elf_ex,
822 elf_ppnt, interpreter,
823 true, &arch_state);
824 if (retval)
825 goto out_free_dentry;
826 break;
827 }
828 }
829
830 /*
831 * Allow arch code to reject the ELF at this point, whilst it's
832 * still possible to return an error to the code that invoked
833 * the exec syscall.
834 */
835 retval = arch_check_elf(&loc->elf_ex,
836 !!interpreter, &loc->interp_elf_ex,
837 &arch_state);
838 if (retval)
839 goto out_free_dentry;
840
841 /* Flush all traces of the currently running executable */
842 retval = flush_old_exec(bprm);
843 if (retval)
844 goto out_free_dentry;
845
846 /* Do this immediately, since STACK_TOP as used in setup_arg_pages
847 may depend on the personality. */
848 SET_PERSONALITY2(loc->elf_ex, &arch_state);
849 if (elf_read_implies_exec(loc->elf_ex, executable_stack))
850 current->personality |= READ_IMPLIES_EXEC;
851
852 if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
853 current->flags |= PF_RANDOMIZE;
854
855 setup_new_exec(bprm);
856 install_exec_creds(bprm);
857
858 /* Do this so that we can load the interpreter, if need be. We will
859 change some of these later */
860 retval = setup_arg_pages(bprm, randomize_stack_top(STACK_TOP),
861 executable_stack);
862 if (retval < 0)
863 goto out_free_dentry;
864
865 current->mm->start_stack = bprm->p;
866
867 /* Now we do a little grungy work by mmapping the ELF image into
868 the correct location in memory. */
869 for(i = 0, elf_ppnt = elf_phdata;
870 i < loc->elf_ex.e_phnum; i++, elf_ppnt++) {
871 int elf_prot = 0, elf_flags;
872 unsigned long k, vaddr;
873 unsigned long total_size = 0;
874
875 if (elf_ppnt->p_type != PT_LOAD)
876 continue;
877
878 if (unlikely (elf_brk > elf_bss)) {
879 unsigned long nbyte;
880
881 /* There was a PT_LOAD segment with p_memsz > p_filesz
882 before this one. Map anonymous pages, if needed,
883 and clear the area. */
884 retval = set_brk(elf_bss + load_bias,
885 elf_brk + load_bias);
886 if (retval)
887 goto out_free_dentry;
888 nbyte = ELF_PAGEOFFSET(elf_bss);
889 if (nbyte) {
890 nbyte = ELF_MIN_ALIGN - nbyte;
891 if (nbyte > elf_brk - elf_bss)
892 nbyte = elf_brk - elf_bss;
893 if (clear_user((void __user *)elf_bss +
894 load_bias, nbyte)) {
895 /*
896 * This bss-zeroing can fail if the ELF
897 * file specifies odd protections. So
898 * we don't check the return value
899 */
900 }
901 }
902 }
903
904 if (elf_ppnt->p_flags & PF_R)
905 elf_prot |= PROT_READ;
906 if (elf_ppnt->p_flags & PF_W)
907 elf_prot |= PROT_WRITE;
908 if (elf_ppnt->p_flags & PF_X)
909 elf_prot |= PROT_EXEC;
910
911 elf_flags = MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE;
912
913 vaddr = elf_ppnt->p_vaddr;
914 if (loc->elf_ex.e_type == ET_EXEC || load_addr_set) {
915 elf_flags |= MAP_FIXED;
916 } else if (loc->elf_ex.e_type == ET_DYN) {
917 /* Try and get dynamic programs out of the way of the
918 * default mmap base, as well as whatever program they
919 * might try to exec. This is because the brk will
920 * follow the loader, and is not movable. */
921 load_bias = ELF_ET_DYN_BASE - vaddr;
922 if (current->flags & PF_RANDOMIZE)
923 load_bias += arch_mmap_rnd();
924 load_bias = ELF_PAGESTART(load_bias);
925 total_size = total_mapping_size(elf_phdata,
926 loc->elf_ex.e_phnum);
927 if (!total_size) {
928 retval = -EINVAL;
929 goto out_free_dentry;
930 }
931 }
932
933 error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
934 elf_prot, elf_flags, total_size);
935 if (BAD_ADDR(error)) {
936 retval = IS_ERR((void *)error) ?
937 PTR_ERR((void*)error) : -EINVAL;
938 goto out_free_dentry;
939 }
940
941 if (!load_addr_set) {
942 load_addr_set = 1;
943 load_addr = (elf_ppnt->p_vaddr - elf_ppnt->p_offset);
944 if (loc->elf_ex.e_type == ET_DYN) {
945 load_bias += error -
946 ELF_PAGESTART(load_bias + vaddr);
947 load_addr += load_bias;
948 reloc_func_desc = load_bias;
949 }
950 }
951 k = elf_ppnt->p_vaddr;
952 if (k < start_code)
953 start_code = k;
954 if (start_data < k)
955 start_data = k;
956
957 /*
958 * Check to see if the section's size will overflow the
959 * allowed task size. Note that p_filesz must always be
960 * <= p_memsz so it is only necessary to check p_memsz.
961 */
962 if (BAD_ADDR(k) || elf_ppnt->p_filesz > elf_ppnt->p_memsz ||
963 elf_ppnt->p_memsz > TASK_SIZE ||
964 TASK_SIZE - elf_ppnt->p_memsz < k) {
965 /* set_brk can never work. Avoid overflows. */
966 retval = -EINVAL;
967 goto out_free_dentry;
968 }
969
970 k = elf_ppnt->p_vaddr + elf_ppnt->p_filesz;
971
972 if (k > elf_bss)
973 elf_bss = k;
974 if ((elf_ppnt->p_flags & PF_X) && end_code < k)
975 end_code = k;
976 if (end_data < k)
977 end_data = k;
978 k = elf_ppnt->p_vaddr + elf_ppnt->p_memsz;
979 if (k > elf_brk)
980 elf_brk = k;
981 }
982
983 loc->elf_ex.e_entry += load_bias;
984 elf_bss += load_bias;
985 elf_brk += load_bias;
986 start_code += load_bias;
987 end_code += load_bias;
988 start_data += load_bias;
989 end_data += load_bias;
990
991 /* Calling set_brk effectively mmaps the pages that we need
992 * for the bss and break sections. We must do this before
993 * mapping in the interpreter, to make sure it doesn't wind
994 * up getting placed where the bss needs to go.
995 */
996 retval = set_brk(elf_bss, elf_brk);
997 if (retval)
998 goto out_free_dentry;
999 if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
1000 retval = -EFAULT; /* Nobody gets to see this, but.. */
1001 goto out_free_dentry;
1002 }
1003
1004 if (elf_interpreter) {
1005 unsigned long interp_map_addr = 0;
1006
1007 elf_entry = load_elf_interp(&loc->interp_elf_ex,
1008 interpreter,
1009 &interp_map_addr,
1010 load_bias, interp_elf_phdata);
1011 if (!IS_ERR((void *)elf_entry)) {
1012 /*
1013 * load_elf_interp() returns relocation
1014 * adjustment
1015 */
1016 interp_load_addr = elf_entry;
1017 elf_entry += loc->interp_elf_ex.e_entry;
1018 }
1019 if (BAD_ADDR(elf_entry)) {
1020 retval = IS_ERR((void *)elf_entry) ?
1021 (int)elf_entry : -EINVAL;
1022 goto out_free_dentry;
1023 }
1024 reloc_func_desc = interp_load_addr;
1025
1026 allow_write_access(interpreter);
1027 fput(interpreter);
1028 kfree(elf_interpreter);
1029 } else {
1030 elf_entry = loc->elf_ex.e_entry;
1031 if (BAD_ADDR(elf_entry)) {
1032 retval = -EINVAL;
1033 goto out_free_dentry;
1034 }
1035 }
1036
1037 kfree(interp_elf_phdata);
1038 kfree(elf_phdata);
1039
1040 set_binfmt(&elf_format);
1041
1042#ifdef ARCH_HAS_SETUP_ADDITIONAL_PAGES
1043 retval = arch_setup_additional_pages(bprm, !!elf_interpreter);
1044 if (retval < 0)
1045 goto out;
1046#endif /* ARCH_HAS_SETUP_ADDITIONAL_PAGES */
1047
1048 retval = create_elf_tables(bprm, &loc->elf_ex,
1049 load_addr, interp_load_addr);
1050 if (retval < 0)
1051 goto out;
1052 /* N.B. passed_fileno might not be initialized? */
1053 current->mm->end_code = end_code;
1054 current->mm->start_code = start_code;
1055 current->mm->start_data = start_data;
1056 current->mm->end_data = end_data;
1057 current->mm->start_stack = bprm->p;
1058
1059 if ((current->flags & PF_RANDOMIZE) && (randomize_va_space > 1)) {
1060 current->mm->brk = current->mm->start_brk =
1061 arch_randomize_brk(current->mm);
1062#ifdef compat_brk_randomized
1063 current->brk_randomized = 1;
1064#endif
1065 }
1066
1067 if (current->personality & MMAP_PAGE_ZERO) {
1068 /* Why this, you ask??? Well SVr4 maps page 0 as read-only,
1069 and some applications "depend" upon this behavior.
1070 Since we do not have the power to recompile these, we
1071 emulate the SVr4 behavior. Sigh. */
1072 error = vm_mmap(NULL, 0, PAGE_SIZE, PROT_READ | PROT_EXEC,
1073 MAP_FIXED | MAP_PRIVATE, 0);
1074 }
1075
1076#ifdef ELF_PLAT_INIT
1077 /*
1078 * The ABI may specify that certain registers be set up in special
1079 * ways (on i386 %edx is the address of a DT_FINI function, for
1080 * example. In addition, it may also specify (eg, PowerPC64 ELF)
1081 * that the e_entry field is the address of the function descriptor
1082 * for the startup routine, rather than the address of the startup
1083 * routine itself. This macro performs whatever initialization to
1084 * the regs structure is required as well as any relocations to the
1085 * function descriptor entries when executing dynamically links apps.
1086 */
1087 ELF_PLAT_INIT(regs, reloc_func_desc);
1088#endif
1089
1090 start_thread(regs, elf_entry, bprm->p);
1091 retval = 0;
1092out:
1093 kfree(loc);
1094out_ret:
1095 return retval;
1096
1097 /* error cleanup */
1098out_free_dentry:
1099 kfree(interp_elf_phdata);
1100 allow_write_access(interpreter);
1101 if (interpreter)
1102 fput(interpreter);
1103out_free_interp:
1104 kfree(elf_interpreter);
1105out_free_ph:
1106 kfree(elf_phdata);
1107 goto out;
1108}
1109
1110#ifdef CONFIG_USELIB
1111/* This is really simpleminded and specialized - we are loading an
1112 a.out library that is given an ELF header. */
1113static int load_elf_library(struct file *file)
1114{
1115 struct elf_phdr *elf_phdata;
1116 struct elf_phdr *eppnt;
1117 unsigned long elf_bss, bss, len;
1118 int retval, error, i, j;
1119 struct elfhdr elf_ex;
1120
1121 error = -ENOEXEC;
1122 retval = kernel_read(file, 0, (char *)&elf_ex, sizeof(elf_ex));
1123 if (retval != sizeof(elf_ex))
1124 goto out;
1125
1126 if (memcmp(elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
1127 goto out;
1128
1129 /* First of all, some simple consistency checks */
1130 if (elf_ex.e_type != ET_EXEC || elf_ex.e_phnum > 2 ||
1131 !elf_check_arch(&elf_ex) || !file->f_op->mmap)
1132 goto out;
1133
1134 /* Now read in all of the header information */
1135
1136 j = sizeof(struct elf_phdr) * elf_ex.e_phnum;
1137 /* j < ELF_MIN_ALIGN because elf_ex.e_phnum <= 2 */
1138
1139 error = -ENOMEM;
1140 elf_phdata = kmalloc(j, GFP_KERNEL);
1141 if (!elf_phdata)
1142 goto out;
1143
1144 eppnt = elf_phdata;
1145 error = -ENOEXEC;
1146 retval = kernel_read(file, elf_ex.e_phoff, (char *)eppnt, j);
1147 if (retval != j)
1148 goto out_free_ph;
1149
1150 for (j = 0, i = 0; i<elf_ex.e_phnum; i++)
1151 if ((eppnt + i)->p_type == PT_LOAD)
1152 j++;
1153 if (j != 1)
1154 goto out_free_ph;
1155
1156 while (eppnt->p_type != PT_LOAD)
1157 eppnt++;
1158
1159 /* Now use mmap to map the library into memory. */
1160 error = vm_mmap(file,
1161 ELF_PAGESTART(eppnt->p_vaddr),
1162 (eppnt->p_filesz +
1163 ELF_PAGEOFFSET(eppnt->p_vaddr)),
1164 PROT_READ | PROT_WRITE | PROT_EXEC,
1165 MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE,
1166 (eppnt->p_offset -
1167 ELF_PAGEOFFSET(eppnt->p_vaddr)));
1168 if (error != ELF_PAGESTART(eppnt->p_vaddr))
1169 goto out_free_ph;
1170
1171 elf_bss = eppnt->p_vaddr + eppnt->p_filesz;
1172 if (padzero(elf_bss)) {
1173 error = -EFAULT;
1174 goto out_free_ph;
1175 }
1176
1177 len = ELF_PAGESTART(eppnt->p_filesz + eppnt->p_vaddr +
1178 ELF_MIN_ALIGN - 1);
1179 bss = eppnt->p_memsz + eppnt->p_vaddr;
1180 if (bss > len) {
1181 error = vm_brk(len, bss - len);
1182 if (error)
1183 goto out_free_ph;
1184 }
1185 error = 0;
1186
1187out_free_ph:
1188 kfree(elf_phdata);
1189out:
1190 return error;
1191}
1192#endif /* #ifdef CONFIG_USELIB */
1193
1194#ifdef CONFIG_ELF_CORE
1195/*
1196 * ELF core dumper
1197 *
1198 * Modelled on fs/exec.c:aout_core_dump()
1199 * Jeremy Fitzhardinge <jeremy@sw.oz.au>
1200 */
1201
1202/*
1203 * The purpose of always_dump_vma() is to make sure that special kernel mappings
1204 * that are useful for post-mortem analysis are included in every core dump.
1205 * In that way we ensure that the core dump is fully interpretable later
1206 * without matching up the same kernel and hardware config to see what PC values
1207 * meant. These special mappings include - vDSO, vsyscall, and other
1208 * architecture specific mappings
1209 */
1210static bool always_dump_vma(struct vm_area_struct *vma)
1211{
1212 /* Any vsyscall mappings? */
1213 if (vma == get_gate_vma(vma->vm_mm))
1214 return true;
1215
1216 /*
1217 * Assume that all vmas with a .name op should always be dumped.
1218 * If this changes, a new vm_ops field can easily be added.
1219 */
1220 if (vma->vm_ops && vma->vm_ops->name && vma->vm_ops->name(vma))
1221 return true;
1222
1223 /*
1224 * arch_vma_name() returns non-NULL for special architecture mappings,
1225 * such as vDSO sections.
1226 */
1227 if (arch_vma_name(vma))
1228 return true;
1229
1230 return false;
1231}
1232
1233/*
1234 * Decide what to dump of a segment, part, all or none.
1235 */
1236static unsigned long vma_dump_size(struct vm_area_struct *vma,
1237 unsigned long mm_flags)
1238{
1239#define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type))
1240
1241 /* always dump the vdso and vsyscall sections */
1242 if (always_dump_vma(vma))
1243 goto whole;
1244
1245 if (vma->vm_flags & VM_DONTDUMP)
1246 return 0;
1247
1248 /* support for DAX */
1249 if (vma_is_dax(vma)) {
1250 if ((vma->vm_flags & VM_SHARED) && FILTER(DAX_SHARED))
1251 goto whole;
1252 if (!(vma->vm_flags & VM_SHARED) && FILTER(DAX_PRIVATE))
1253 goto whole;
1254 return 0;
1255 }
1256
1257 /* Hugetlb memory check */
1258 if (vma->vm_flags & VM_HUGETLB) {
1259 if ((vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_SHARED))
1260 goto whole;
1261 if (!(vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_PRIVATE))
1262 goto whole;
1263 return 0;
1264 }
1265
1266 /* Do not dump I/O mapped devices or special mappings */
1267 if (vma->vm_flags & VM_IO)
1268 return 0;
1269
1270 /* By default, dump shared memory if mapped from an anonymous file. */
1271 if (vma->vm_flags & VM_SHARED) {
1272 if (file_inode(vma->vm_file)->i_nlink == 0 ?
1273 FILTER(ANON_SHARED) : FILTER(MAPPED_SHARED))
1274 goto whole;
1275 return 0;
1276 }
1277
1278 /* Dump segments that have been written to. */
1279 if (vma->anon_vma && FILTER(ANON_PRIVATE))
1280 goto whole;
1281 if (vma->vm_file == NULL)
1282 return 0;
1283
1284 if (FILTER(MAPPED_PRIVATE))
1285 goto whole;
1286
1287 /*
1288 * If this looks like the beginning of a DSO or executable mapping,
1289 * check for an ELF header. If we find one, dump the first page to
1290 * aid in determining what was mapped here.
1291 */
1292 if (FILTER(ELF_HEADERS) &&
1293 vma->vm_pgoff == 0 && (vma->vm_flags & VM_READ)) {
1294 u32 __user *header = (u32 __user *) vma->vm_start;
1295 u32 word;
1296 mm_segment_t fs = get_fs();
1297 /*
1298 * Doing it this way gets the constant folded by GCC.
1299 */
1300 union {
1301 u32 cmp;
1302 char elfmag[SELFMAG];
1303 } magic;
1304 BUILD_BUG_ON(SELFMAG != sizeof word);
1305 magic.elfmag[EI_MAG0] = ELFMAG0;
1306 magic.elfmag[EI_MAG1] = ELFMAG1;
1307 magic.elfmag[EI_MAG2] = ELFMAG2;
1308 magic.elfmag[EI_MAG3] = ELFMAG3;
1309 /*
1310 * Switch to the user "segment" for get_user(),
1311 * then put back what elf_core_dump() had in place.
1312 */
1313 set_fs(USER_DS);
1314 if (unlikely(get_user(word, header)))
1315 word = 0;
1316 set_fs(fs);
1317 if (word == magic.cmp)
1318 return PAGE_SIZE;
1319 }
1320
1321#undef FILTER
1322
1323 return 0;
1324
1325whole:
1326 return vma->vm_end - vma->vm_start;
1327}
1328
1329/* An ELF note in memory */
1330struct memelfnote
1331{
1332 const char *name;
1333 int type;
1334 unsigned int datasz;
1335 void *data;
1336};
1337
1338static int notesize(struct memelfnote *en)
1339{
1340 int sz;
1341
1342 sz = sizeof(struct elf_note);
1343 sz += roundup(strlen(en->name) + 1, 4);
1344 sz += roundup(en->datasz, 4);
1345
1346 return sz;
1347}
1348
1349static int writenote(struct memelfnote *men, struct coredump_params *cprm)
1350{
1351 struct elf_note en;
1352 en.n_namesz = strlen(men->name) + 1;
1353 en.n_descsz = men->datasz;
1354 en.n_type = men->type;
1355
1356 return dump_emit(cprm, &en, sizeof(en)) &&
1357 dump_emit(cprm, men->name, en.n_namesz) && dump_align(cprm, 4) &&
1358 dump_emit(cprm, men->data, men->datasz) && dump_align(cprm, 4);
1359}
1360
1361static void fill_elf_header(struct elfhdr *elf, int segs,
1362 u16 machine, u32 flags)
1363{
1364 memset(elf, 0, sizeof(*elf));
1365
1366 memcpy(elf->e_ident, ELFMAG, SELFMAG);
1367 elf->e_ident[EI_CLASS] = ELF_CLASS;
1368 elf->e_ident[EI_DATA] = ELF_DATA;
1369 elf->e_ident[EI_VERSION] = EV_CURRENT;
1370 elf->e_ident[EI_OSABI] = ELF_OSABI;
1371
1372 elf->e_type = ET_CORE;
1373 elf->e_machine = machine;
1374 elf->e_version = EV_CURRENT;
1375 elf->e_phoff = sizeof(struct elfhdr);
1376 elf->e_flags = flags;
1377 elf->e_ehsize = sizeof(struct elfhdr);
1378 elf->e_phentsize = sizeof(struct elf_phdr);
1379 elf->e_phnum = segs;
1380
1381 return;
1382}
1383
1384static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, loff_t offset)
1385{
1386 phdr->p_type = PT_NOTE;
1387 phdr->p_offset = offset;
1388 phdr->p_vaddr = 0;
1389 phdr->p_paddr = 0;
1390 phdr->p_filesz = sz;
1391 phdr->p_memsz = 0;
1392 phdr->p_flags = 0;
1393 phdr->p_align = 0;
1394 return;
1395}
1396
1397static void fill_note(struct memelfnote *note, const char *name, int type,
1398 unsigned int sz, void *data)
1399{
1400 note->name = name;
1401 note->type = type;
1402 note->datasz = sz;
1403 note->data = data;
1404 return;
1405}
1406
1407/*
1408 * fill up all the fields in prstatus from the given task struct, except
1409 * registers which need to be filled up separately.
1410 */
1411static void fill_prstatus(struct elf_prstatus *prstatus,
1412 struct task_struct *p, long signr)
1413{
1414 prstatus->pr_info.si_signo = prstatus->pr_cursig = signr;
1415 prstatus->pr_sigpend = p->pending.signal.sig[0];
1416 prstatus->pr_sighold = p->blocked.sig[0];
1417 rcu_read_lock();
1418 prstatus->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1419 rcu_read_unlock();
1420 prstatus->pr_pid = task_pid_vnr(p);
1421 prstatus->pr_pgrp = task_pgrp_vnr(p);
1422 prstatus->pr_sid = task_session_vnr(p);
1423 if (thread_group_leader(p)) {
1424 struct task_cputime cputime;
1425
1426 /*
1427 * This is the record for the group leader. It shows the
1428 * group-wide total, not its individual thread total.
1429 */
1430 thread_group_cputime(p, &cputime);
1431 cputime_to_timeval(cputime.utime, &prstatus->pr_utime);
1432 cputime_to_timeval(cputime.stime, &prstatus->pr_stime);
1433 } else {
1434 cputime_t utime, stime;
1435
1436 task_cputime(p, &utime, &stime);
1437 cputime_to_timeval(utime, &prstatus->pr_utime);
1438 cputime_to_timeval(stime, &prstatus->pr_stime);
1439 }
1440 cputime_to_timeval(p->signal->cutime, &prstatus->pr_cutime);
1441 cputime_to_timeval(p->signal->cstime, &prstatus->pr_cstime);
1442}
1443
1444static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p,
1445 struct mm_struct *mm)
1446{
1447 const struct cred *cred;
1448 unsigned int i, len;
1449
1450 /* first copy the parameters from user space */
1451 memset(psinfo, 0, sizeof(struct elf_prpsinfo));
1452
1453 len = mm->arg_end - mm->arg_start;
1454 if (len >= ELF_PRARGSZ)
1455 len = ELF_PRARGSZ-1;
1456 if (copy_from_user(&psinfo->pr_psargs,
1457 (const char __user *)mm->arg_start, len))
1458 return -EFAULT;
1459 for(i = 0; i < len; i++)
1460 if (psinfo->pr_psargs[i] == 0)
1461 psinfo->pr_psargs[i] = ' ';
1462 psinfo->pr_psargs[len] = 0;
1463
1464 rcu_read_lock();
1465 psinfo->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1466 rcu_read_unlock();
1467 psinfo->pr_pid = task_pid_vnr(p);
1468 psinfo->pr_pgrp = task_pgrp_vnr(p);
1469 psinfo->pr_sid = task_session_vnr(p);
1470
1471 i = p->state ? ffz(~p->state) + 1 : 0;
1472 psinfo->pr_state = i;
1473 psinfo->pr_sname = (i > 5) ? '.' : "RSDTZW"[i];
1474 psinfo->pr_zomb = psinfo->pr_sname == 'Z';
1475 psinfo->pr_nice = task_nice(p);
1476 psinfo->pr_flag = p->flags;
1477 rcu_read_lock();
1478 cred = __task_cred(p);
1479 SET_UID(psinfo->pr_uid, from_kuid_munged(cred->user_ns, cred->uid));
1480 SET_GID(psinfo->pr_gid, from_kgid_munged(cred->user_ns, cred->gid));
1481 rcu_read_unlock();
1482 strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname));
1483
1484 return 0;
1485}
1486
1487static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
1488{
1489 elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
1490 int i = 0;
1491 do
1492 i += 2;
1493 while (auxv[i - 2] != AT_NULL);
1494 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
1495}
1496
1497static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata,
1498 const siginfo_t *siginfo)
1499{
1500 mm_segment_t old_fs = get_fs();
1501 set_fs(KERNEL_DS);
1502 copy_siginfo_to_user((user_siginfo_t __user *) csigdata, siginfo);
1503 set_fs(old_fs);
1504 fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata);
1505}
1506
1507#define MAX_FILE_NOTE_SIZE (4*1024*1024)
1508/*
1509 * Format of NT_FILE note:
1510 *
1511 * long count -- how many files are mapped
1512 * long page_size -- units for file_ofs
1513 * array of [COUNT] elements of
1514 * long start
1515 * long end
1516 * long file_ofs
1517 * followed by COUNT filenames in ASCII: "FILE1" NUL "FILE2" NUL...
1518 */
1519static int fill_files_note(struct memelfnote *note)
1520{
1521 struct vm_area_struct *vma;
1522 unsigned count, size, names_ofs, remaining, n;
1523 user_long_t *data;
1524 user_long_t *start_end_ofs;
1525 char *name_base, *name_curpos;
1526
1527 /* *Estimated* file count and total data size needed */
1528 count = current->mm->map_count;
1529 size = count * 64;
1530
1531 names_ofs = (2 + 3 * count) * sizeof(data[0]);
1532 alloc:
1533 if (size >= MAX_FILE_NOTE_SIZE) /* paranoia check */
1534 return -EINVAL;
1535 size = round_up(size, PAGE_SIZE);
1536 data = vmalloc(size);
1537 if (!data)
1538 return -ENOMEM;
1539
1540 start_end_ofs = data + 2;
1541 name_base = name_curpos = ((char *)data) + names_ofs;
1542 remaining = size - names_ofs;
1543 count = 0;
1544 for (vma = current->mm->mmap; vma != NULL; vma = vma->vm_next) {
1545 struct file *file;
1546 const char *filename;
1547
1548 file = vma->vm_file;
1549 if (!file)
1550 continue;
1551 filename = file_path(file, name_curpos, remaining);
1552 if (IS_ERR(filename)) {
1553 if (PTR_ERR(filename) == -ENAMETOOLONG) {
1554 vfree(data);
1555 size = size * 5 / 4;
1556 goto alloc;
1557 }
1558 continue;
1559 }
1560
1561 /* file_path() fills at the end, move name down */
1562 /* n = strlen(filename) + 1: */
1563 n = (name_curpos + remaining) - filename;
1564 remaining = filename - name_curpos;
1565 memmove(name_curpos, filename, n);
1566 name_curpos += n;
1567
1568 *start_end_ofs++ = vma->vm_start;
1569 *start_end_ofs++ = vma->vm_end;
1570 *start_end_ofs++ = vma->vm_pgoff;
1571 count++;
1572 }
1573
1574 /* Now we know exact count of files, can store it */
1575 data[0] = count;
1576 data[1] = PAGE_SIZE;
1577 /*
1578 * Count usually is less than current->mm->map_count,
1579 * we need to move filenames down.
1580 */
1581 n = current->mm->map_count - count;
1582 if (n != 0) {
1583 unsigned shift_bytes = n * 3 * sizeof(data[0]);
1584 memmove(name_base - shift_bytes, name_base,
1585 name_curpos - name_base);
1586 name_curpos -= shift_bytes;
1587 }
1588
1589 size = name_curpos - (char *)data;
1590 fill_note(note, "CORE", NT_FILE, size, data);
1591 return 0;
1592}
1593
1594#ifdef CORE_DUMP_USE_REGSET
1595#include <linux/regset.h>
1596
1597struct elf_thread_core_info {
1598 struct elf_thread_core_info *next;
1599 struct task_struct *task;
1600 struct elf_prstatus prstatus;
1601 struct memelfnote notes[0];
1602};
1603
1604struct elf_note_info {
1605 struct elf_thread_core_info *thread;
1606 struct memelfnote psinfo;
1607 struct memelfnote signote;
1608 struct memelfnote auxv;
1609 struct memelfnote files;
1610 user_siginfo_t csigdata;
1611 size_t size;
1612 int thread_notes;
1613};
1614
1615/*
1616 * When a regset has a writeback hook, we call it on each thread before
1617 * dumping user memory. On register window machines, this makes sure the
1618 * user memory backing the register data is up to date before we read it.
1619 */
1620static void do_thread_regset_writeback(struct task_struct *task,
1621 const struct user_regset *regset)
1622{
1623 if (regset->writeback)
1624 regset->writeback(task, regset, 1);
1625}
1626
1627#ifndef PRSTATUS_SIZE
1628#define PRSTATUS_SIZE(S, R) sizeof(S)
1629#endif
1630
1631#ifndef SET_PR_FPVALID
1632#define SET_PR_FPVALID(S, V, R) ((S)->pr_fpvalid = (V))
1633#endif
1634
1635static int fill_thread_core_info(struct elf_thread_core_info *t,
1636 const struct user_regset_view *view,
1637 long signr, size_t *total)
1638{
1639 unsigned int i;
1640 unsigned int regset_size = view->regsets[0].n * view->regsets[0].size;
1641
1642 /*
1643 * NT_PRSTATUS is the one special case, because the regset data
1644 * goes into the pr_reg field inside the note contents, rather
1645 * than being the whole note contents. We fill the reset in here.
1646 * We assume that regset 0 is NT_PRSTATUS.
1647 */
1648 fill_prstatus(&t->prstatus, t->task, signr);
1649 (void) view->regsets[0].get(t->task, &view->regsets[0], 0, regset_size,
1650 &t->prstatus.pr_reg, NULL);
1651
1652 fill_note(&t->notes[0], "CORE", NT_PRSTATUS,
1653 PRSTATUS_SIZE(t->prstatus, regset_size), &t->prstatus);
1654 *total += notesize(&t->notes[0]);
1655
1656 do_thread_regset_writeback(t->task, &view->regsets[0]);
1657
1658 /*
1659 * Each other regset might generate a note too. For each regset
1660 * that has no core_note_type or is inactive, we leave t->notes[i]
1661 * all zero and we'll know to skip writing it later.
1662 */
1663 for (i = 1; i < view->n; ++i) {
1664 const struct user_regset *regset = &view->regsets[i];
1665 do_thread_regset_writeback(t->task, regset);
1666 if (regset->core_note_type && regset->get &&
1667 (!regset->active || regset->active(t->task, regset))) {
1668 int ret;
1669 size_t size = regset->n * regset->size;
1670 void *data = kmalloc(size, GFP_KERNEL);
1671 if (unlikely(!data))
1672 return 0;
1673 ret = regset->get(t->task, regset,
1674 0, size, data, NULL);
1675 if (unlikely(ret))
1676 kfree(data);
1677 else {
1678 if (regset->core_note_type != NT_PRFPREG)
1679 fill_note(&t->notes[i], "LINUX",
1680 regset->core_note_type,
1681 size, data);
1682 else {
1683 SET_PR_FPVALID(&t->prstatus,
1684 1, regset_size);
1685 fill_note(&t->notes[i], "CORE",
1686 NT_PRFPREG, size, data);
1687 }
1688 *total += notesize(&t->notes[i]);
1689 }
1690 }
1691 }
1692
1693 return 1;
1694}
1695
1696static int fill_note_info(struct elfhdr *elf, int phdrs,
1697 struct elf_note_info *info,
1698 const siginfo_t *siginfo, struct pt_regs *regs)
1699{
1700 struct task_struct *dump_task = current;
1701 const struct user_regset_view *view = task_user_regset_view(dump_task);
1702 struct elf_thread_core_info *t;
1703 struct elf_prpsinfo *psinfo;
1704 struct core_thread *ct;
1705 unsigned int i;
1706
1707 info->size = 0;
1708 info->thread = NULL;
1709
1710 psinfo = kmalloc(sizeof(*psinfo), GFP_KERNEL);
1711 if (psinfo == NULL) {
1712 info->psinfo.data = NULL; /* So we don't free this wrongly */
1713 return 0;
1714 }
1715
1716 fill_note(&info->psinfo, "CORE", NT_PRPSINFO, sizeof(*psinfo), psinfo);
1717
1718 /*
1719 * Figure out how many notes we're going to need for each thread.
1720 */
1721 info->thread_notes = 0;
1722 for (i = 0; i < view->n; ++i)
1723 if (view->regsets[i].core_note_type != 0)
1724 ++info->thread_notes;
1725
1726 /*
1727 * Sanity check. We rely on regset 0 being in NT_PRSTATUS,
1728 * since it is our one special case.
1729 */
1730 if (unlikely(info->thread_notes == 0) ||
1731 unlikely(view->regsets[0].core_note_type != NT_PRSTATUS)) {
1732 WARN_ON(1);
1733 return 0;
1734 }
1735
1736 /*
1737 * Initialize the ELF file header.
1738 */
1739 fill_elf_header(elf, phdrs,
1740 view->e_machine, view->e_flags);
1741
1742 /*
1743 * Allocate a structure for each thread.
1744 */
1745 for (ct = &dump_task->mm->core_state->dumper; ct; ct = ct->next) {
1746 t = kzalloc(offsetof(struct elf_thread_core_info,
1747 notes[info->thread_notes]),
1748 GFP_KERNEL);
1749 if (unlikely(!t))
1750 return 0;
1751
1752 t->task = ct->task;
1753 if (ct->task == dump_task || !info->thread) {
1754 t->next = info->thread;
1755 info->thread = t;
1756 } else {
1757 /*
1758 * Make sure to keep the original task at
1759 * the head of the list.
1760 */
1761 t->next = info->thread->next;
1762 info->thread->next = t;
1763 }
1764 }
1765
1766 /*
1767 * Now fill in each thread's information.
1768 */
1769 for (t = info->thread; t != NULL; t = t->next)
1770 if (!fill_thread_core_info(t, view, siginfo->si_signo, &info->size))
1771 return 0;
1772
1773 /*
1774 * Fill in the two process-wide notes.
1775 */
1776 fill_psinfo(psinfo, dump_task->group_leader, dump_task->mm);
1777 info->size += notesize(&info->psinfo);
1778
1779 fill_siginfo_note(&info->signote, &info->csigdata, siginfo);
1780 info->size += notesize(&info->signote);
1781
1782 fill_auxv_note(&info->auxv, current->mm);
1783 info->size += notesize(&info->auxv);
1784
1785 if (fill_files_note(&info->files) == 0)
1786 info->size += notesize(&info->files);
1787
1788 return 1;
1789}
1790
1791static size_t get_note_info_size(struct elf_note_info *info)
1792{
1793 return info->size;
1794}
1795
1796/*
1797 * Write all the notes for each thread. When writing the first thread, the
1798 * process-wide notes are interleaved after the first thread-specific note.
1799 */
1800static int write_note_info(struct elf_note_info *info,
1801 struct coredump_params *cprm)
1802{
1803 bool first = true;
1804 struct elf_thread_core_info *t = info->thread;
1805
1806 do {
1807 int i;
1808
1809 if (!writenote(&t->notes[0], cprm))
1810 return 0;
1811
1812 if (first && !writenote(&info->psinfo, cprm))
1813 return 0;
1814 if (first && !writenote(&info->signote, cprm))
1815 return 0;
1816 if (first && !writenote(&info->auxv, cprm))
1817 return 0;
1818 if (first && info->files.data &&
1819 !writenote(&info->files, cprm))
1820 return 0;
1821
1822 for (i = 1; i < info->thread_notes; ++i)
1823 if (t->notes[i].data &&
1824 !writenote(&t->notes[i], cprm))
1825 return 0;
1826
1827 first = false;
1828 t = t->next;
1829 } while (t);
1830
1831 return 1;
1832}
1833
1834static void free_note_info(struct elf_note_info *info)
1835{
1836 struct elf_thread_core_info *threads = info->thread;
1837 while (threads) {
1838 unsigned int i;
1839 struct elf_thread_core_info *t = threads;
1840 threads = t->next;
1841 WARN_ON(t->notes[0].data && t->notes[0].data != &t->prstatus);
1842 for (i = 1; i < info->thread_notes; ++i)
1843 kfree(t->notes[i].data);
1844 kfree(t);
1845 }
1846 kfree(info->psinfo.data);
1847 vfree(info->files.data);
1848}
1849
1850#else
1851
1852/* Here is the structure in which status of each thread is captured. */
1853struct elf_thread_status
1854{
1855 struct list_head list;
1856 struct elf_prstatus prstatus; /* NT_PRSTATUS */
1857 elf_fpregset_t fpu; /* NT_PRFPREG */
1858 struct task_struct *thread;
1859#ifdef ELF_CORE_COPY_XFPREGS
1860 elf_fpxregset_t xfpu; /* ELF_CORE_XFPREG_TYPE */
1861#endif
1862 struct memelfnote notes[3];
1863 int num_notes;
1864};
1865
1866/*
1867 * In order to add the specific thread information for the elf file format,
1868 * we need to keep a linked list of every threads pr_status and then create
1869 * a single section for them in the final core file.
1870 */
1871static int elf_dump_thread_status(long signr, struct elf_thread_status *t)
1872{
1873 int sz = 0;
1874 struct task_struct *p = t->thread;
1875 t->num_notes = 0;
1876
1877 fill_prstatus(&t->prstatus, p, signr);
1878 elf_core_copy_task_regs(p, &t->prstatus.pr_reg);
1879
1880 fill_note(&t->notes[0], "CORE", NT_PRSTATUS, sizeof(t->prstatus),
1881 &(t->prstatus));
1882 t->num_notes++;
1883 sz += notesize(&t->notes[0]);
1884
1885 if ((t->prstatus.pr_fpvalid = elf_core_copy_task_fpregs(p, NULL,
1886 &t->fpu))) {
1887 fill_note(&t->notes[1], "CORE", NT_PRFPREG, sizeof(t->fpu),
1888 &(t->fpu));
1889 t->num_notes++;
1890 sz += notesize(&t->notes[1]);
1891 }
1892
1893#ifdef ELF_CORE_COPY_XFPREGS
1894 if (elf_core_copy_task_xfpregs(p, &t->xfpu)) {
1895 fill_note(&t->notes[2], "LINUX", ELF_CORE_XFPREG_TYPE,
1896 sizeof(t->xfpu), &t->xfpu);
1897 t->num_notes++;
1898 sz += notesize(&t->notes[2]);
1899 }
1900#endif
1901 return sz;
1902}
1903
1904struct elf_note_info {
1905 struct memelfnote *notes;
1906 struct memelfnote *notes_files;
1907 struct elf_prstatus *prstatus; /* NT_PRSTATUS */
1908 struct elf_prpsinfo *psinfo; /* NT_PRPSINFO */
1909 struct list_head thread_list;
1910 elf_fpregset_t *fpu;
1911#ifdef ELF_CORE_COPY_XFPREGS
1912 elf_fpxregset_t *xfpu;
1913#endif
1914 user_siginfo_t csigdata;
1915 int thread_status_size;
1916 int numnote;
1917};
1918
1919static int elf_note_info_init(struct elf_note_info *info)
1920{
1921 memset(info, 0, sizeof(*info));
1922 INIT_LIST_HEAD(&info->thread_list);
1923
1924 /* Allocate space for ELF notes */
1925 info->notes = kmalloc(8 * sizeof(struct memelfnote), GFP_KERNEL);
1926 if (!info->notes)
1927 return 0;
1928 info->psinfo = kmalloc(sizeof(*info->psinfo), GFP_KERNEL);
1929 if (!info->psinfo)
1930 return 0;
1931 info->prstatus = kmalloc(sizeof(*info->prstatus), GFP_KERNEL);
1932 if (!info->prstatus)
1933 return 0;
1934 info->fpu = kmalloc(sizeof(*info->fpu), GFP_KERNEL);
1935 if (!info->fpu)
1936 return 0;
1937#ifdef ELF_CORE_COPY_XFPREGS
1938 info->xfpu = kmalloc(sizeof(*info->xfpu), GFP_KERNEL);
1939 if (!info->xfpu)
1940 return 0;
1941#endif
1942 return 1;
1943}
1944
1945static int fill_note_info(struct elfhdr *elf, int phdrs,
1946 struct elf_note_info *info,
1947 const siginfo_t *siginfo, struct pt_regs *regs)
1948{
1949 struct list_head *t;
1950 struct core_thread *ct;
1951 struct elf_thread_status *ets;
1952
1953 if (!elf_note_info_init(info))
1954 return 0;
1955
1956 for (ct = current->mm->core_state->dumper.next;
1957 ct; ct = ct->next) {
1958 ets = kzalloc(sizeof(*ets), GFP_KERNEL);
1959 if (!ets)
1960 return 0;
1961
1962 ets->thread = ct->task;
1963 list_add(&ets->list, &info->thread_list);
1964 }
1965
1966 list_for_each(t, &info->thread_list) {
1967 int sz;
1968
1969 ets = list_entry(t, struct elf_thread_status, list);
1970 sz = elf_dump_thread_status(siginfo->si_signo, ets);
1971 info->thread_status_size += sz;
1972 }
1973 /* now collect the dump for the current */
1974 memset(info->prstatus, 0, sizeof(*info->prstatus));
1975 fill_prstatus(info->prstatus, current, siginfo->si_signo);
1976 elf_core_copy_regs(&info->prstatus->pr_reg, regs);
1977
1978 /* Set up header */
1979 fill_elf_header(elf, phdrs, ELF_ARCH, ELF_CORE_EFLAGS);
1980
1981 /*
1982 * Set up the notes in similar form to SVR4 core dumps made
1983 * with info from their /proc.
1984 */
1985
1986 fill_note(info->notes + 0, "CORE", NT_PRSTATUS,
1987 sizeof(*info->prstatus), info->prstatus);
1988 fill_psinfo(info->psinfo, current->group_leader, current->mm);
1989 fill_note(info->notes + 1, "CORE", NT_PRPSINFO,
1990 sizeof(*info->psinfo), info->psinfo);
1991
1992 fill_siginfo_note(info->notes + 2, &info->csigdata, siginfo);
1993 fill_auxv_note(info->notes + 3, current->mm);
1994 info->numnote = 4;
1995
1996 if (fill_files_note(info->notes + info->numnote) == 0) {
1997 info->notes_files = info->notes + info->numnote;
1998 info->numnote++;
1999 }
2000
2001 /* Try to dump the FPU. */
2002 info->prstatus->pr_fpvalid = elf_core_copy_task_fpregs(current, regs,
2003 info->fpu);
2004 if (info->prstatus->pr_fpvalid)
2005 fill_note(info->notes + info->numnote++,
2006 "CORE", NT_PRFPREG, sizeof(*info->fpu), info->fpu);
2007#ifdef ELF_CORE_COPY_XFPREGS
2008 if (elf_core_copy_task_xfpregs(current, info->xfpu))
2009 fill_note(info->notes + info->numnote++,
2010 "LINUX", ELF_CORE_XFPREG_TYPE,
2011 sizeof(*info->xfpu), info->xfpu);
2012#endif
2013
2014 return 1;
2015}
2016
2017static size_t get_note_info_size(struct elf_note_info *info)
2018{
2019 int sz = 0;
2020 int i;
2021
2022 for (i = 0; i < info->numnote; i++)
2023 sz += notesize(info->notes + i);
2024
2025 sz += info->thread_status_size;
2026
2027 return sz;
2028}
2029
2030static int write_note_info(struct elf_note_info *info,
2031 struct coredump_params *cprm)
2032{
2033 int i;
2034 struct list_head *t;
2035
2036 for (i = 0; i < info->numnote; i++)
2037 if (!writenote(info->notes + i, cprm))
2038 return 0;
2039
2040 /* write out the thread status notes section */
2041 list_for_each(t, &info->thread_list) {
2042 struct elf_thread_status *tmp =
2043 list_entry(t, struct elf_thread_status, list);
2044
2045 for (i = 0; i < tmp->num_notes; i++)
2046 if (!writenote(&tmp->notes[i], cprm))
2047 return 0;
2048 }
2049
2050 return 1;
2051}
2052
2053static void free_note_info(struct elf_note_info *info)
2054{
2055 while (!list_empty(&info->thread_list)) {
2056 struct list_head *tmp = info->thread_list.next;
2057 list_del(tmp);
2058 kfree(list_entry(tmp, struct elf_thread_status, list));
2059 }
2060
2061 /* Free data possibly allocated by fill_files_note(): */
2062 if (info->notes_files)
2063 vfree(info->notes_files->data);
2064
2065 kfree(info->prstatus);
2066 kfree(info->psinfo);
2067 kfree(info->notes);
2068 kfree(info->fpu);
2069#ifdef ELF_CORE_COPY_XFPREGS
2070 kfree(info->xfpu);
2071#endif
2072}
2073
2074#endif
2075
2076static struct vm_area_struct *first_vma(struct task_struct *tsk,
2077 struct vm_area_struct *gate_vma)
2078{
2079 struct vm_area_struct *ret = tsk->mm->mmap;
2080
2081 if (ret)
2082 return ret;
2083 return gate_vma;
2084}
2085/*
2086 * Helper function for iterating across a vma list. It ensures that the caller
2087 * will visit `gate_vma' prior to terminating the search.
2088 */
2089static struct vm_area_struct *next_vma(struct vm_area_struct *this_vma,
2090 struct vm_area_struct *gate_vma)
2091{
2092 struct vm_area_struct *ret;
2093
2094 ret = this_vma->vm_next;
2095 if (ret)
2096 return ret;
2097 if (this_vma == gate_vma)
2098 return NULL;
2099 return gate_vma;
2100}
2101
2102static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
2103 elf_addr_t e_shoff, int segs)
2104{
2105 elf->e_shoff = e_shoff;
2106 elf->e_shentsize = sizeof(*shdr4extnum);
2107 elf->e_shnum = 1;
2108 elf->e_shstrndx = SHN_UNDEF;
2109
2110 memset(shdr4extnum, 0, sizeof(*shdr4extnum));
2111
2112 shdr4extnum->sh_type = SHT_NULL;
2113 shdr4extnum->sh_size = elf->e_shnum;
2114 shdr4extnum->sh_link = elf->e_shstrndx;
2115 shdr4extnum->sh_info = segs;
2116}
2117
2118/*
2119 * Actual dumper
2120 *
2121 * This is a two-pass process; first we find the offsets of the bits,
2122 * and then they are actually written out. If we run out of core limit
2123 * we just truncate.
2124 */
2125static int elf_core_dump(struct coredump_params *cprm)
2126{
2127 int has_dumped = 0;
2128 mm_segment_t fs;
2129 int segs, i;
2130 size_t vma_data_size = 0;
2131 struct vm_area_struct *vma, *gate_vma;
2132 struct elfhdr *elf = NULL;
2133 loff_t offset = 0, dataoff;
2134 struct elf_note_info info = { };
2135 struct elf_phdr *phdr4note = NULL;
2136 struct elf_shdr *shdr4extnum = NULL;
2137 Elf_Half e_phnum;
2138 elf_addr_t e_shoff;
2139 elf_addr_t *vma_filesz = NULL;
2140
2141 /*
2142 * We no longer stop all VM operations.
2143 *
2144 * This is because those proceses that could possibly change map_count
2145 * or the mmap / vma pages are now blocked in do_exit on current
2146 * finishing this core dump.
2147 *
2148 * Only ptrace can touch these memory addresses, but it doesn't change
2149 * the map_count or the pages allocated. So no possibility of crashing
2150 * exists while dumping the mm->vm_next areas to the core file.
2151 */
2152
2153 /* alloc memory for large data structures: too large to be on stack */
2154 elf = kmalloc(sizeof(*elf), GFP_KERNEL);
2155 if (!elf)
2156 goto out;
2157 /*
2158 * The number of segs are recored into ELF header as 16bit value.
2159 * Please check DEFAULT_MAX_MAP_COUNT definition when you modify here.
2160 */
2161 segs = current->mm->map_count;
2162 segs += elf_core_extra_phdrs();
2163
2164 gate_vma = get_gate_vma(current->mm);
2165 if (gate_vma != NULL)
2166 segs++;
2167
2168 /* for notes section */
2169 segs++;
2170
2171 /* If segs > PN_XNUM(0xffff), then e_phnum overflows. To avoid
2172 * this, kernel supports extended numbering. Have a look at
2173 * include/linux/elf.h for further information. */
2174 e_phnum = segs > PN_XNUM ? PN_XNUM : segs;
2175
2176 /*
2177 * Collect all the non-memory information about the process for the
2178 * notes. This also sets up the file header.
2179 */
2180 if (!fill_note_info(elf, e_phnum, &info, cprm->siginfo, cprm->regs))
2181 goto cleanup;
2182
2183 has_dumped = 1;
2184
2185 fs = get_fs();
2186 set_fs(KERNEL_DS);
2187
2188 offset += sizeof(*elf); /* Elf header */
2189 offset += segs * sizeof(struct elf_phdr); /* Program headers */
2190
2191 /* Write notes phdr entry */
2192 {
2193 size_t sz = get_note_info_size(&info);
2194
2195 sz += elf_coredump_extra_notes_size();
2196
2197 phdr4note = kmalloc(sizeof(*phdr4note), GFP_KERNEL);
2198 if (!phdr4note)
2199 goto end_coredump;
2200
2201 fill_elf_note_phdr(phdr4note, sz, offset);
2202 offset += sz;
2203 }
2204
2205 dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
2206
2207 if (segs - 1 > ULONG_MAX / sizeof(*vma_filesz))
2208 goto end_coredump;
2209 vma_filesz = vmalloc((segs - 1) * sizeof(*vma_filesz));
2210 if (!vma_filesz)
2211 goto end_coredump;
2212
2213 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
2214 vma = next_vma(vma, gate_vma)) {
2215 unsigned long dump_size;
2216
2217 dump_size = vma_dump_size(vma, cprm->mm_flags);
2218 vma_filesz[i++] = dump_size;
2219 vma_data_size += dump_size;
2220 }
2221
2222 offset += vma_data_size;
2223 offset += elf_core_extra_data_size();
2224 e_shoff = offset;
2225
2226 if (e_phnum == PN_XNUM) {
2227 shdr4extnum = kmalloc(sizeof(*shdr4extnum), GFP_KERNEL);
2228 if (!shdr4extnum)
2229 goto end_coredump;
2230 fill_extnum_info(elf, shdr4extnum, e_shoff, segs);
2231 }
2232
2233 offset = dataoff;
2234
2235 if (!dump_emit(cprm, elf, sizeof(*elf)))
2236 goto end_coredump;
2237
2238 if (!dump_emit(cprm, phdr4note, sizeof(*phdr4note)))
2239 goto end_coredump;
2240
2241 /* Write program headers for segments dump */
2242 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
2243 vma = next_vma(vma, gate_vma)) {
2244 struct elf_phdr phdr;
2245
2246 phdr.p_type = PT_LOAD;
2247 phdr.p_offset = offset;
2248 phdr.p_vaddr = vma->vm_start;
2249 phdr.p_paddr = 0;
2250 phdr.p_filesz = vma_filesz[i++];
2251 phdr.p_memsz = vma->vm_end - vma->vm_start;
2252 offset += phdr.p_filesz;
2253 phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
2254 if (vma->vm_flags & VM_WRITE)
2255 phdr.p_flags |= PF_W;
2256 if (vma->vm_flags & VM_EXEC)
2257 phdr.p_flags |= PF_X;
2258 phdr.p_align = ELF_EXEC_PAGESIZE;
2259
2260 if (!dump_emit(cprm, &phdr, sizeof(phdr)))
2261 goto end_coredump;
2262 }
2263
2264 if (!elf_core_write_extra_phdrs(cprm, offset))
2265 goto end_coredump;
2266
2267 /* write out the notes section */
2268 if (!write_note_info(&info, cprm))
2269 goto end_coredump;
2270
2271 if (elf_coredump_extra_notes_write(cprm))
2272 goto end_coredump;
2273
2274 /* Align to page */
2275 if (!dump_skip(cprm, dataoff - cprm->pos))
2276 goto end_coredump;
2277
2278 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
2279 vma = next_vma(vma, gate_vma)) {
2280 unsigned long addr;
2281 unsigned long end;
2282
2283 end = vma->vm_start + vma_filesz[i++];
2284
2285 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
2286 struct page *page;
2287 int stop;
2288
2289 page = get_dump_page(addr);
2290 if (page) {
2291 void *kaddr = kmap(page);
2292 stop = !dump_emit(cprm, kaddr, PAGE_SIZE);
2293 kunmap(page);
2294 put_page(page);
2295 } else
2296 stop = !dump_skip(cprm, PAGE_SIZE);
2297 if (stop)
2298 goto end_coredump;
2299 }
2300 }
2301 dump_truncate(cprm);
2302
2303 if (!elf_core_write_extra_data(cprm))
2304 goto end_coredump;
2305
2306 if (e_phnum == PN_XNUM) {
2307 if (!dump_emit(cprm, shdr4extnum, sizeof(*shdr4extnum)))
2308 goto end_coredump;
2309 }
2310
2311end_coredump:
2312 set_fs(fs);
2313
2314cleanup:
2315 free_note_info(&info);
2316 kfree(shdr4extnum);
2317 vfree(vma_filesz);
2318 kfree(phdr4note);
2319 kfree(elf);
2320out:
2321 return has_dumped;
2322}
2323
2324#endif /* CONFIG_ELF_CORE */
2325
2326static int __init init_elf_binfmt(void)
2327{
2328 register_binfmt(&elf_format);
2329 return 0;
2330}
2331
2332static void __exit exit_elf_binfmt(void)
2333{
2334 /* Remove the COFF and ELF loaders. */
2335 unregister_binfmt(&elf_format);
2336}
2337
2338core_initcall(init_elf_binfmt);
2339module_exit(exit_elf_binfmt);
2340MODULE_LICENSE("GPL");
1// SPDX-License-Identifier: GPL-2.0-only
2/*
3 * linux/fs/binfmt_elf.c
4 *
5 * These are the functions used to load ELF format executables as used
6 * on SVr4 machines. Information on the format may be found in the book
7 * "UNIX SYSTEM V RELEASE 4 Programmers Guide: Ansi C and Programming Support
8 * Tools".
9 *
10 * Copyright 1993, 1994: Eric Youngdale (ericy@cais.com).
11 */
12
13#include <linux/module.h>
14#include <linux/kernel.h>
15#include <linux/fs.h>
16#include <linux/mm.h>
17#include <linux/mman.h>
18#include <linux/errno.h>
19#include <linux/signal.h>
20#include <linux/binfmts.h>
21#include <linux/string.h>
22#include <linux/file.h>
23#include <linux/slab.h>
24#include <linux/personality.h>
25#include <linux/elfcore.h>
26#include <linux/init.h>
27#include <linux/highuid.h>
28#include <linux/compiler.h>
29#include <linux/highmem.h>
30#include <linux/hugetlb.h>
31#include <linux/pagemap.h>
32#include <linux/vmalloc.h>
33#include <linux/security.h>
34#include <linux/random.h>
35#include <linux/elf.h>
36#include <linux/elf-randomize.h>
37#include <linux/utsname.h>
38#include <linux/coredump.h>
39#include <linux/sched.h>
40#include <linux/sched/coredump.h>
41#include <linux/sched/task_stack.h>
42#include <linux/sched/cputime.h>
43#include <linux/sizes.h>
44#include <linux/types.h>
45#include <linux/cred.h>
46#include <linux/dax.h>
47#include <linux/uaccess.h>
48#include <asm/param.h>
49#include <asm/page.h>
50
51#ifndef ELF_COMPAT
52#define ELF_COMPAT 0
53#endif
54
55#ifndef user_long_t
56#define user_long_t long
57#endif
58#ifndef user_siginfo_t
59#define user_siginfo_t siginfo_t
60#endif
61
62/* That's for binfmt_elf_fdpic to deal with */
63#ifndef elf_check_fdpic
64#define elf_check_fdpic(ex) false
65#endif
66
67static int load_elf_binary(struct linux_binprm *bprm);
68
69#ifdef CONFIG_USELIB
70static int load_elf_library(struct file *);
71#else
72#define load_elf_library NULL
73#endif
74
75/*
76 * If we don't support core dumping, then supply a NULL so we
77 * don't even try.
78 */
79#ifdef CONFIG_ELF_CORE
80static int elf_core_dump(struct coredump_params *cprm);
81#else
82#define elf_core_dump NULL
83#endif
84
85#if ELF_EXEC_PAGESIZE > PAGE_SIZE
86#define ELF_MIN_ALIGN ELF_EXEC_PAGESIZE
87#else
88#define ELF_MIN_ALIGN PAGE_SIZE
89#endif
90
91#ifndef ELF_CORE_EFLAGS
92#define ELF_CORE_EFLAGS 0
93#endif
94
95#define ELF_PAGESTART(_v) ((_v) & ~(unsigned long)(ELF_MIN_ALIGN-1))
96#define ELF_PAGEOFFSET(_v) ((_v) & (ELF_MIN_ALIGN-1))
97#define ELF_PAGEALIGN(_v) (((_v) + ELF_MIN_ALIGN - 1) & ~(ELF_MIN_ALIGN - 1))
98
99static struct linux_binfmt elf_format = {
100 .module = THIS_MODULE,
101 .load_binary = load_elf_binary,
102 .load_shlib = load_elf_library,
103 .core_dump = elf_core_dump,
104 .min_coredump = ELF_EXEC_PAGESIZE,
105};
106
107#define BAD_ADDR(x) (unlikely((unsigned long)(x) >= TASK_SIZE))
108
109static int set_brk(unsigned long start, unsigned long end, int prot)
110{
111 start = ELF_PAGEALIGN(start);
112 end = ELF_PAGEALIGN(end);
113 if (end > start) {
114 /*
115 * Map the last of the bss segment.
116 * If the header is requesting these pages to be
117 * executable, honour that (ppc32 needs this).
118 */
119 int error = vm_brk_flags(start, end - start,
120 prot & PROT_EXEC ? VM_EXEC : 0);
121 if (error)
122 return error;
123 }
124 current->mm->start_brk = current->mm->brk = end;
125 return 0;
126}
127
128/* We need to explicitly zero any fractional pages
129 after the data section (i.e. bss). This would
130 contain the junk from the file that should not
131 be in memory
132 */
133static int padzero(unsigned long elf_bss)
134{
135 unsigned long nbyte;
136
137 nbyte = ELF_PAGEOFFSET(elf_bss);
138 if (nbyte) {
139 nbyte = ELF_MIN_ALIGN - nbyte;
140 if (clear_user((void __user *) elf_bss, nbyte))
141 return -EFAULT;
142 }
143 return 0;
144}
145
146/* Let's use some macros to make this stack manipulation a little clearer */
147#ifdef CONFIG_STACK_GROWSUP
148#define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) + (items))
149#define STACK_ROUND(sp, items) \
150 ((15 + (unsigned long) ((sp) + (items))) &~ 15UL)
151#define STACK_ALLOC(sp, len) ({ \
152 elf_addr_t __user *old_sp = (elf_addr_t __user *)sp; sp += len; \
153 old_sp; })
154#else
155#define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) - (items))
156#define STACK_ROUND(sp, items) \
157 (((unsigned long) (sp - items)) &~ 15UL)
158#define STACK_ALLOC(sp, len) ({ sp -= len ; sp; })
159#endif
160
161#ifndef ELF_BASE_PLATFORM
162/*
163 * AT_BASE_PLATFORM indicates the "real" hardware/microarchitecture.
164 * If the arch defines ELF_BASE_PLATFORM (in asm/elf.h), the value
165 * will be copied to the user stack in the same manner as AT_PLATFORM.
166 */
167#define ELF_BASE_PLATFORM NULL
168#endif
169
170static int
171create_elf_tables(struct linux_binprm *bprm, const struct elfhdr *exec,
172 unsigned long load_addr, unsigned long interp_load_addr,
173 unsigned long e_entry)
174{
175 struct mm_struct *mm = current->mm;
176 unsigned long p = bprm->p;
177 int argc = bprm->argc;
178 int envc = bprm->envc;
179 elf_addr_t __user *sp;
180 elf_addr_t __user *u_platform;
181 elf_addr_t __user *u_base_platform;
182 elf_addr_t __user *u_rand_bytes;
183 const char *k_platform = ELF_PLATFORM;
184 const char *k_base_platform = ELF_BASE_PLATFORM;
185 unsigned char k_rand_bytes[16];
186 int items;
187 elf_addr_t *elf_info;
188 int ei_index;
189 const struct cred *cred = current_cred();
190 struct vm_area_struct *vma;
191
192 /*
193 * In some cases (e.g. Hyper-Threading), we want to avoid L1
194 * evictions by the processes running on the same package. One
195 * thing we can do is to shuffle the initial stack for them.
196 */
197
198 p = arch_align_stack(p);
199
200 /*
201 * If this architecture has a platform capability string, copy it
202 * to userspace. In some cases (Sparc), this info is impossible
203 * for userspace to get any other way, in others (i386) it is
204 * merely difficult.
205 */
206 u_platform = NULL;
207 if (k_platform) {
208 size_t len = strlen(k_platform) + 1;
209
210 u_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
211 if (copy_to_user(u_platform, k_platform, len))
212 return -EFAULT;
213 }
214
215 /*
216 * If this architecture has a "base" platform capability
217 * string, copy it to userspace.
218 */
219 u_base_platform = NULL;
220 if (k_base_platform) {
221 size_t len = strlen(k_base_platform) + 1;
222
223 u_base_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
224 if (copy_to_user(u_base_platform, k_base_platform, len))
225 return -EFAULT;
226 }
227
228 /*
229 * Generate 16 random bytes for userspace PRNG seeding.
230 */
231 get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes));
232 u_rand_bytes = (elf_addr_t __user *)
233 STACK_ALLOC(p, sizeof(k_rand_bytes));
234 if (copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes)))
235 return -EFAULT;
236
237 /* Create the ELF interpreter info */
238 elf_info = (elf_addr_t *)mm->saved_auxv;
239 /* update AT_VECTOR_SIZE_BASE if the number of NEW_AUX_ENT() changes */
240#define NEW_AUX_ENT(id, val) \
241 do { \
242 *elf_info++ = id; \
243 *elf_info++ = val; \
244 } while (0)
245
246#ifdef ARCH_DLINFO
247 /*
248 * ARCH_DLINFO must come first so PPC can do its special alignment of
249 * AUXV.
250 * update AT_VECTOR_SIZE_ARCH if the number of NEW_AUX_ENT() in
251 * ARCH_DLINFO changes
252 */
253 ARCH_DLINFO;
254#endif
255 NEW_AUX_ENT(AT_HWCAP, ELF_HWCAP);
256 NEW_AUX_ENT(AT_PAGESZ, ELF_EXEC_PAGESIZE);
257 NEW_AUX_ENT(AT_CLKTCK, CLOCKS_PER_SEC);
258 NEW_AUX_ENT(AT_PHDR, load_addr + exec->e_phoff);
259 NEW_AUX_ENT(AT_PHENT, sizeof(struct elf_phdr));
260 NEW_AUX_ENT(AT_PHNUM, exec->e_phnum);
261 NEW_AUX_ENT(AT_BASE, interp_load_addr);
262 NEW_AUX_ENT(AT_FLAGS, 0);
263 NEW_AUX_ENT(AT_ENTRY, e_entry);
264 NEW_AUX_ENT(AT_UID, from_kuid_munged(cred->user_ns, cred->uid));
265 NEW_AUX_ENT(AT_EUID, from_kuid_munged(cred->user_ns, cred->euid));
266 NEW_AUX_ENT(AT_GID, from_kgid_munged(cred->user_ns, cred->gid));
267 NEW_AUX_ENT(AT_EGID, from_kgid_munged(cred->user_ns, cred->egid));
268 NEW_AUX_ENT(AT_SECURE, bprm->secureexec);
269 NEW_AUX_ENT(AT_RANDOM, (elf_addr_t)(unsigned long)u_rand_bytes);
270#ifdef ELF_HWCAP2
271 NEW_AUX_ENT(AT_HWCAP2, ELF_HWCAP2);
272#endif
273 NEW_AUX_ENT(AT_EXECFN, bprm->exec);
274 if (k_platform) {
275 NEW_AUX_ENT(AT_PLATFORM,
276 (elf_addr_t)(unsigned long)u_platform);
277 }
278 if (k_base_platform) {
279 NEW_AUX_ENT(AT_BASE_PLATFORM,
280 (elf_addr_t)(unsigned long)u_base_platform);
281 }
282 if (bprm->have_execfd) {
283 NEW_AUX_ENT(AT_EXECFD, bprm->execfd);
284 }
285#undef NEW_AUX_ENT
286 /* AT_NULL is zero; clear the rest too */
287 memset(elf_info, 0, (char *)mm->saved_auxv +
288 sizeof(mm->saved_auxv) - (char *)elf_info);
289
290 /* And advance past the AT_NULL entry. */
291 elf_info += 2;
292
293 ei_index = elf_info - (elf_addr_t *)mm->saved_auxv;
294 sp = STACK_ADD(p, ei_index);
295
296 items = (argc + 1) + (envc + 1) + 1;
297 bprm->p = STACK_ROUND(sp, items);
298
299 /* Point sp at the lowest address on the stack */
300#ifdef CONFIG_STACK_GROWSUP
301 sp = (elf_addr_t __user *)bprm->p - items - ei_index;
302 bprm->exec = (unsigned long)sp; /* XXX: PARISC HACK */
303#else
304 sp = (elf_addr_t __user *)bprm->p;
305#endif
306
307
308 /*
309 * Grow the stack manually; some architectures have a limit on how
310 * far ahead a user-space access may be in order to grow the stack.
311 */
312 vma = find_extend_vma(mm, bprm->p);
313 if (!vma)
314 return -EFAULT;
315
316 /* Now, let's put argc (and argv, envp if appropriate) on the stack */
317 if (put_user(argc, sp++))
318 return -EFAULT;
319
320 /* Populate list of argv pointers back to argv strings. */
321 p = mm->arg_end = mm->arg_start;
322 while (argc-- > 0) {
323 size_t len;
324 if (put_user((elf_addr_t)p, sp++))
325 return -EFAULT;
326 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
327 if (!len || len > MAX_ARG_STRLEN)
328 return -EINVAL;
329 p += len;
330 }
331 if (put_user(0, sp++))
332 return -EFAULT;
333 mm->arg_end = p;
334
335 /* Populate list of envp pointers back to envp strings. */
336 mm->env_end = mm->env_start = p;
337 while (envc-- > 0) {
338 size_t len;
339 if (put_user((elf_addr_t)p, sp++))
340 return -EFAULT;
341 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
342 if (!len || len > MAX_ARG_STRLEN)
343 return -EINVAL;
344 p += len;
345 }
346 if (put_user(0, sp++))
347 return -EFAULT;
348 mm->env_end = p;
349
350 /* Put the elf_info on the stack in the right place. */
351 if (copy_to_user(sp, mm->saved_auxv, ei_index * sizeof(elf_addr_t)))
352 return -EFAULT;
353 return 0;
354}
355
356static unsigned long elf_map(struct file *filep, unsigned long addr,
357 const struct elf_phdr *eppnt, int prot, int type,
358 unsigned long total_size)
359{
360 unsigned long map_addr;
361 unsigned long size = eppnt->p_filesz + ELF_PAGEOFFSET(eppnt->p_vaddr);
362 unsigned long off = eppnt->p_offset - ELF_PAGEOFFSET(eppnt->p_vaddr);
363 addr = ELF_PAGESTART(addr);
364 size = ELF_PAGEALIGN(size);
365
366 /* mmap() will return -EINVAL if given a zero size, but a
367 * segment with zero filesize is perfectly valid */
368 if (!size)
369 return addr;
370
371 /*
372 * total_size is the size of the ELF (interpreter) image.
373 * The _first_ mmap needs to know the full size, otherwise
374 * randomization might put this image into an overlapping
375 * position with the ELF binary image. (since size < total_size)
376 * So we first map the 'big' image - and unmap the remainder at
377 * the end. (which unmap is needed for ELF images with holes.)
378 */
379 if (total_size) {
380 total_size = ELF_PAGEALIGN(total_size);
381 map_addr = vm_mmap(filep, addr, total_size, prot, type, off);
382 if (!BAD_ADDR(map_addr))
383 vm_munmap(map_addr+size, total_size-size);
384 } else
385 map_addr = vm_mmap(filep, addr, size, prot, type, off);
386
387 if ((type & MAP_FIXED_NOREPLACE) &&
388 PTR_ERR((void *)map_addr) == -EEXIST)
389 pr_info("%d (%s): Uhuuh, elf segment at %px requested but the memory is mapped already\n",
390 task_pid_nr(current), current->comm, (void *)addr);
391
392 return(map_addr);
393}
394
395static unsigned long total_mapping_size(const struct elf_phdr *cmds, int nr)
396{
397 int i, first_idx = -1, last_idx = -1;
398
399 for (i = 0; i < nr; i++) {
400 if (cmds[i].p_type == PT_LOAD) {
401 last_idx = i;
402 if (first_idx == -1)
403 first_idx = i;
404 }
405 }
406 if (first_idx == -1)
407 return 0;
408
409 return cmds[last_idx].p_vaddr + cmds[last_idx].p_memsz -
410 ELF_PAGESTART(cmds[first_idx].p_vaddr);
411}
412
413static int elf_read(struct file *file, void *buf, size_t len, loff_t pos)
414{
415 ssize_t rv;
416
417 rv = kernel_read(file, buf, len, &pos);
418 if (unlikely(rv != len)) {
419 return (rv < 0) ? rv : -EIO;
420 }
421 return 0;
422}
423
424/**
425 * load_elf_phdrs() - load ELF program headers
426 * @elf_ex: ELF header of the binary whose program headers should be loaded
427 * @elf_file: the opened ELF binary file
428 *
429 * Loads ELF program headers from the binary file elf_file, which has the ELF
430 * header pointed to by elf_ex, into a newly allocated array. The caller is
431 * responsible for freeing the allocated data. Returns an ERR_PTR upon failure.
432 */
433static struct elf_phdr *load_elf_phdrs(const struct elfhdr *elf_ex,
434 struct file *elf_file)
435{
436 struct elf_phdr *elf_phdata = NULL;
437 int retval, err = -1;
438 unsigned int size;
439
440 /*
441 * If the size of this structure has changed, then punt, since
442 * we will be doing the wrong thing.
443 */
444 if (elf_ex->e_phentsize != sizeof(struct elf_phdr))
445 goto out;
446
447 /* Sanity check the number of program headers... */
448 /* ...and their total size. */
449 size = sizeof(struct elf_phdr) * elf_ex->e_phnum;
450 if (size == 0 || size > 65536 || size > ELF_MIN_ALIGN)
451 goto out;
452
453 elf_phdata = kmalloc(size, GFP_KERNEL);
454 if (!elf_phdata)
455 goto out;
456
457 /* Read in the program headers */
458 retval = elf_read(elf_file, elf_phdata, size, elf_ex->e_phoff);
459 if (retval < 0) {
460 err = retval;
461 goto out;
462 }
463
464 /* Success! */
465 err = 0;
466out:
467 if (err) {
468 kfree(elf_phdata);
469 elf_phdata = NULL;
470 }
471 return elf_phdata;
472}
473
474#ifndef CONFIG_ARCH_BINFMT_ELF_STATE
475
476/**
477 * struct arch_elf_state - arch-specific ELF loading state
478 *
479 * This structure is used to preserve architecture specific data during
480 * the loading of an ELF file, throughout the checking of architecture
481 * specific ELF headers & through to the point where the ELF load is
482 * known to be proceeding (ie. SET_PERSONALITY).
483 *
484 * This implementation is a dummy for architectures which require no
485 * specific state.
486 */
487struct arch_elf_state {
488};
489
490#define INIT_ARCH_ELF_STATE {}
491
492/**
493 * arch_elf_pt_proc() - check a PT_LOPROC..PT_HIPROC ELF program header
494 * @ehdr: The main ELF header
495 * @phdr: The program header to check
496 * @elf: The open ELF file
497 * @is_interp: True if the phdr is from the interpreter of the ELF being
498 * loaded, else false.
499 * @state: Architecture-specific state preserved throughout the process
500 * of loading the ELF.
501 *
502 * Inspects the program header phdr to validate its correctness and/or
503 * suitability for the system. Called once per ELF program header in the
504 * range PT_LOPROC to PT_HIPROC, for both the ELF being loaded and its
505 * interpreter.
506 *
507 * Return: Zero to proceed with the ELF load, non-zero to fail the ELF load
508 * with that return code.
509 */
510static inline int arch_elf_pt_proc(struct elfhdr *ehdr,
511 struct elf_phdr *phdr,
512 struct file *elf, bool is_interp,
513 struct arch_elf_state *state)
514{
515 /* Dummy implementation, always proceed */
516 return 0;
517}
518
519/**
520 * arch_check_elf() - check an ELF executable
521 * @ehdr: The main ELF header
522 * @has_interp: True if the ELF has an interpreter, else false.
523 * @interp_ehdr: The interpreter's ELF header
524 * @state: Architecture-specific state preserved throughout the process
525 * of loading the ELF.
526 *
527 * Provides a final opportunity for architecture code to reject the loading
528 * of the ELF & cause an exec syscall to return an error. This is called after
529 * all program headers to be checked by arch_elf_pt_proc have been.
530 *
531 * Return: Zero to proceed with the ELF load, non-zero to fail the ELF load
532 * with that return code.
533 */
534static inline int arch_check_elf(struct elfhdr *ehdr, bool has_interp,
535 struct elfhdr *interp_ehdr,
536 struct arch_elf_state *state)
537{
538 /* Dummy implementation, always proceed */
539 return 0;
540}
541
542#endif /* !CONFIG_ARCH_BINFMT_ELF_STATE */
543
544static inline int make_prot(u32 p_flags, struct arch_elf_state *arch_state,
545 bool has_interp, bool is_interp)
546{
547 int prot = 0;
548
549 if (p_flags & PF_R)
550 prot |= PROT_READ;
551 if (p_flags & PF_W)
552 prot |= PROT_WRITE;
553 if (p_flags & PF_X)
554 prot |= PROT_EXEC;
555
556 return arch_elf_adjust_prot(prot, arch_state, has_interp, is_interp);
557}
558
559/* This is much more generalized than the library routine read function,
560 so we keep this separate. Technically the library read function
561 is only provided so that we can read a.out libraries that have
562 an ELF header */
563
564static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
565 struct file *interpreter,
566 unsigned long no_base, struct elf_phdr *interp_elf_phdata,
567 struct arch_elf_state *arch_state)
568{
569 struct elf_phdr *eppnt;
570 unsigned long load_addr = 0;
571 int load_addr_set = 0;
572 unsigned long last_bss = 0, elf_bss = 0;
573 int bss_prot = 0;
574 unsigned long error = ~0UL;
575 unsigned long total_size;
576 int i;
577
578 /* First of all, some simple consistency checks */
579 if (interp_elf_ex->e_type != ET_EXEC &&
580 interp_elf_ex->e_type != ET_DYN)
581 goto out;
582 if (!elf_check_arch(interp_elf_ex) ||
583 elf_check_fdpic(interp_elf_ex))
584 goto out;
585 if (!interpreter->f_op->mmap)
586 goto out;
587
588 total_size = total_mapping_size(interp_elf_phdata,
589 interp_elf_ex->e_phnum);
590 if (!total_size) {
591 error = -EINVAL;
592 goto out;
593 }
594
595 eppnt = interp_elf_phdata;
596 for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) {
597 if (eppnt->p_type == PT_LOAD) {
598 int elf_type = MAP_PRIVATE | MAP_DENYWRITE;
599 int elf_prot = make_prot(eppnt->p_flags, arch_state,
600 true, true);
601 unsigned long vaddr = 0;
602 unsigned long k, map_addr;
603
604 vaddr = eppnt->p_vaddr;
605 if (interp_elf_ex->e_type == ET_EXEC || load_addr_set)
606 elf_type |= MAP_FIXED_NOREPLACE;
607 else if (no_base && interp_elf_ex->e_type == ET_DYN)
608 load_addr = -vaddr;
609
610 map_addr = elf_map(interpreter, load_addr + vaddr,
611 eppnt, elf_prot, elf_type, total_size);
612 total_size = 0;
613 error = map_addr;
614 if (BAD_ADDR(map_addr))
615 goto out;
616
617 if (!load_addr_set &&
618 interp_elf_ex->e_type == ET_DYN) {
619 load_addr = map_addr - ELF_PAGESTART(vaddr);
620 load_addr_set = 1;
621 }
622
623 /*
624 * Check to see if the section's size will overflow the
625 * allowed task size. Note that p_filesz must always be
626 * <= p_memsize so it's only necessary to check p_memsz.
627 */
628 k = load_addr + eppnt->p_vaddr;
629 if (BAD_ADDR(k) ||
630 eppnt->p_filesz > eppnt->p_memsz ||
631 eppnt->p_memsz > TASK_SIZE ||
632 TASK_SIZE - eppnt->p_memsz < k) {
633 error = -ENOMEM;
634 goto out;
635 }
636
637 /*
638 * Find the end of the file mapping for this phdr, and
639 * keep track of the largest address we see for this.
640 */
641 k = load_addr + eppnt->p_vaddr + eppnt->p_filesz;
642 if (k > elf_bss)
643 elf_bss = k;
644
645 /*
646 * Do the same thing for the memory mapping - between
647 * elf_bss and last_bss is the bss section.
648 */
649 k = load_addr + eppnt->p_vaddr + eppnt->p_memsz;
650 if (k > last_bss) {
651 last_bss = k;
652 bss_prot = elf_prot;
653 }
654 }
655 }
656
657 /*
658 * Now fill out the bss section: first pad the last page from
659 * the file up to the page boundary, and zero it from elf_bss
660 * up to the end of the page.
661 */
662 if (padzero(elf_bss)) {
663 error = -EFAULT;
664 goto out;
665 }
666 /*
667 * Next, align both the file and mem bss up to the page size,
668 * since this is where elf_bss was just zeroed up to, and where
669 * last_bss will end after the vm_brk_flags() below.
670 */
671 elf_bss = ELF_PAGEALIGN(elf_bss);
672 last_bss = ELF_PAGEALIGN(last_bss);
673 /* Finally, if there is still more bss to allocate, do it. */
674 if (last_bss > elf_bss) {
675 error = vm_brk_flags(elf_bss, last_bss - elf_bss,
676 bss_prot & PROT_EXEC ? VM_EXEC : 0);
677 if (error)
678 goto out;
679 }
680
681 error = load_addr;
682out:
683 return error;
684}
685
686/*
687 * These are the functions used to load ELF style executables and shared
688 * libraries. There is no binary dependent code anywhere else.
689 */
690
691static int parse_elf_property(const char *data, size_t *off, size_t datasz,
692 struct arch_elf_state *arch,
693 bool have_prev_type, u32 *prev_type)
694{
695 size_t o, step;
696 const struct gnu_property *pr;
697 int ret;
698
699 if (*off == datasz)
700 return -ENOENT;
701
702 if (WARN_ON_ONCE(*off > datasz || *off % ELF_GNU_PROPERTY_ALIGN))
703 return -EIO;
704 o = *off;
705 datasz -= *off;
706
707 if (datasz < sizeof(*pr))
708 return -ENOEXEC;
709 pr = (const struct gnu_property *)(data + o);
710 o += sizeof(*pr);
711 datasz -= sizeof(*pr);
712
713 if (pr->pr_datasz > datasz)
714 return -ENOEXEC;
715
716 WARN_ON_ONCE(o % ELF_GNU_PROPERTY_ALIGN);
717 step = round_up(pr->pr_datasz, ELF_GNU_PROPERTY_ALIGN);
718 if (step > datasz)
719 return -ENOEXEC;
720
721 /* Properties are supposed to be unique and sorted on pr_type: */
722 if (have_prev_type && pr->pr_type <= *prev_type)
723 return -ENOEXEC;
724 *prev_type = pr->pr_type;
725
726 ret = arch_parse_elf_property(pr->pr_type, data + o,
727 pr->pr_datasz, ELF_COMPAT, arch);
728 if (ret)
729 return ret;
730
731 *off = o + step;
732 return 0;
733}
734
735#define NOTE_DATA_SZ SZ_1K
736#define GNU_PROPERTY_TYPE_0_NAME "GNU"
737#define NOTE_NAME_SZ (sizeof(GNU_PROPERTY_TYPE_0_NAME))
738
739static int parse_elf_properties(struct file *f, const struct elf_phdr *phdr,
740 struct arch_elf_state *arch)
741{
742 union {
743 struct elf_note nhdr;
744 char data[NOTE_DATA_SZ];
745 } note;
746 loff_t pos;
747 ssize_t n;
748 size_t off, datasz;
749 int ret;
750 bool have_prev_type;
751 u32 prev_type;
752
753 if (!IS_ENABLED(CONFIG_ARCH_USE_GNU_PROPERTY) || !phdr)
754 return 0;
755
756 /* load_elf_binary() shouldn't call us unless this is true... */
757 if (WARN_ON_ONCE(phdr->p_type != PT_GNU_PROPERTY))
758 return -ENOEXEC;
759
760 /* If the properties are crazy large, that's too bad (for now): */
761 if (phdr->p_filesz > sizeof(note))
762 return -ENOEXEC;
763
764 pos = phdr->p_offset;
765 n = kernel_read(f, ¬e, phdr->p_filesz, &pos);
766
767 BUILD_BUG_ON(sizeof(note) < sizeof(note.nhdr) + NOTE_NAME_SZ);
768 if (n < 0 || n < sizeof(note.nhdr) + NOTE_NAME_SZ)
769 return -EIO;
770
771 if (note.nhdr.n_type != NT_GNU_PROPERTY_TYPE_0 ||
772 note.nhdr.n_namesz != NOTE_NAME_SZ ||
773 strncmp(note.data + sizeof(note.nhdr),
774 GNU_PROPERTY_TYPE_0_NAME, n - sizeof(note.nhdr)))
775 return -ENOEXEC;
776
777 off = round_up(sizeof(note.nhdr) + NOTE_NAME_SZ,
778 ELF_GNU_PROPERTY_ALIGN);
779 if (off > n)
780 return -ENOEXEC;
781
782 if (note.nhdr.n_descsz > n - off)
783 return -ENOEXEC;
784 datasz = off + note.nhdr.n_descsz;
785
786 have_prev_type = false;
787 do {
788 ret = parse_elf_property(note.data, &off, datasz, arch,
789 have_prev_type, &prev_type);
790 have_prev_type = true;
791 } while (!ret);
792
793 return ret == -ENOENT ? 0 : ret;
794}
795
796static int load_elf_binary(struct linux_binprm *bprm)
797{
798 struct file *interpreter = NULL; /* to shut gcc up */
799 unsigned long load_addr = 0, load_bias = 0;
800 int load_addr_set = 0;
801 unsigned long error;
802 struct elf_phdr *elf_ppnt, *elf_phdata, *interp_elf_phdata = NULL;
803 struct elf_phdr *elf_property_phdata = NULL;
804 unsigned long elf_bss, elf_brk;
805 int bss_prot = 0;
806 int retval, i;
807 unsigned long elf_entry;
808 unsigned long e_entry;
809 unsigned long interp_load_addr = 0;
810 unsigned long start_code, end_code, start_data, end_data;
811 unsigned long reloc_func_desc __maybe_unused = 0;
812 int executable_stack = EXSTACK_DEFAULT;
813 struct elfhdr *elf_ex = (struct elfhdr *)bprm->buf;
814 struct elfhdr *interp_elf_ex = NULL;
815 struct arch_elf_state arch_state = INIT_ARCH_ELF_STATE;
816 struct mm_struct *mm;
817 struct pt_regs *regs;
818
819 retval = -ENOEXEC;
820 /* First of all, some simple consistency checks */
821 if (memcmp(elf_ex->e_ident, ELFMAG, SELFMAG) != 0)
822 goto out;
823
824 if (elf_ex->e_type != ET_EXEC && elf_ex->e_type != ET_DYN)
825 goto out;
826 if (!elf_check_arch(elf_ex))
827 goto out;
828 if (elf_check_fdpic(elf_ex))
829 goto out;
830 if (!bprm->file->f_op->mmap)
831 goto out;
832
833 elf_phdata = load_elf_phdrs(elf_ex, bprm->file);
834 if (!elf_phdata)
835 goto out;
836
837 elf_ppnt = elf_phdata;
838 for (i = 0; i < elf_ex->e_phnum; i++, elf_ppnt++) {
839 char *elf_interpreter;
840
841 if (elf_ppnt->p_type == PT_GNU_PROPERTY) {
842 elf_property_phdata = elf_ppnt;
843 continue;
844 }
845
846 if (elf_ppnt->p_type != PT_INTERP)
847 continue;
848
849 /*
850 * This is the program interpreter used for shared libraries -
851 * for now assume that this is an a.out format binary.
852 */
853 retval = -ENOEXEC;
854 if (elf_ppnt->p_filesz > PATH_MAX || elf_ppnt->p_filesz < 2)
855 goto out_free_ph;
856
857 retval = -ENOMEM;
858 elf_interpreter = kmalloc(elf_ppnt->p_filesz, GFP_KERNEL);
859 if (!elf_interpreter)
860 goto out_free_ph;
861
862 retval = elf_read(bprm->file, elf_interpreter, elf_ppnt->p_filesz,
863 elf_ppnt->p_offset);
864 if (retval < 0)
865 goto out_free_interp;
866 /* make sure path is NULL terminated */
867 retval = -ENOEXEC;
868 if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0')
869 goto out_free_interp;
870
871 interpreter = open_exec(elf_interpreter);
872 kfree(elf_interpreter);
873 retval = PTR_ERR(interpreter);
874 if (IS_ERR(interpreter))
875 goto out_free_ph;
876
877 /*
878 * If the binary is not readable then enforce mm->dumpable = 0
879 * regardless of the interpreter's permissions.
880 */
881 would_dump(bprm, interpreter);
882
883 interp_elf_ex = kmalloc(sizeof(*interp_elf_ex), GFP_KERNEL);
884 if (!interp_elf_ex) {
885 retval = -ENOMEM;
886 goto out_free_ph;
887 }
888
889 /* Get the exec headers */
890 retval = elf_read(interpreter, interp_elf_ex,
891 sizeof(*interp_elf_ex), 0);
892 if (retval < 0)
893 goto out_free_dentry;
894
895 break;
896
897out_free_interp:
898 kfree(elf_interpreter);
899 goto out_free_ph;
900 }
901
902 elf_ppnt = elf_phdata;
903 for (i = 0; i < elf_ex->e_phnum; i++, elf_ppnt++)
904 switch (elf_ppnt->p_type) {
905 case PT_GNU_STACK:
906 if (elf_ppnt->p_flags & PF_X)
907 executable_stack = EXSTACK_ENABLE_X;
908 else
909 executable_stack = EXSTACK_DISABLE_X;
910 break;
911
912 case PT_LOPROC ... PT_HIPROC:
913 retval = arch_elf_pt_proc(elf_ex, elf_ppnt,
914 bprm->file, false,
915 &arch_state);
916 if (retval)
917 goto out_free_dentry;
918 break;
919 }
920
921 /* Some simple consistency checks for the interpreter */
922 if (interpreter) {
923 retval = -ELIBBAD;
924 /* Not an ELF interpreter */
925 if (memcmp(interp_elf_ex->e_ident, ELFMAG, SELFMAG) != 0)
926 goto out_free_dentry;
927 /* Verify the interpreter has a valid arch */
928 if (!elf_check_arch(interp_elf_ex) ||
929 elf_check_fdpic(interp_elf_ex))
930 goto out_free_dentry;
931
932 /* Load the interpreter program headers */
933 interp_elf_phdata = load_elf_phdrs(interp_elf_ex,
934 interpreter);
935 if (!interp_elf_phdata)
936 goto out_free_dentry;
937
938 /* Pass PT_LOPROC..PT_HIPROC headers to arch code */
939 elf_property_phdata = NULL;
940 elf_ppnt = interp_elf_phdata;
941 for (i = 0; i < interp_elf_ex->e_phnum; i++, elf_ppnt++)
942 switch (elf_ppnt->p_type) {
943 case PT_GNU_PROPERTY:
944 elf_property_phdata = elf_ppnt;
945 break;
946
947 case PT_LOPROC ... PT_HIPROC:
948 retval = arch_elf_pt_proc(interp_elf_ex,
949 elf_ppnt, interpreter,
950 true, &arch_state);
951 if (retval)
952 goto out_free_dentry;
953 break;
954 }
955 }
956
957 retval = parse_elf_properties(interpreter ?: bprm->file,
958 elf_property_phdata, &arch_state);
959 if (retval)
960 goto out_free_dentry;
961
962 /*
963 * Allow arch code to reject the ELF at this point, whilst it's
964 * still possible to return an error to the code that invoked
965 * the exec syscall.
966 */
967 retval = arch_check_elf(elf_ex,
968 !!interpreter, interp_elf_ex,
969 &arch_state);
970 if (retval)
971 goto out_free_dentry;
972
973 /* Flush all traces of the currently running executable */
974 retval = begin_new_exec(bprm);
975 if (retval)
976 goto out_free_dentry;
977
978 /* Do this immediately, since STACK_TOP as used in setup_arg_pages
979 may depend on the personality. */
980 SET_PERSONALITY2(*elf_ex, &arch_state);
981 if (elf_read_implies_exec(*elf_ex, executable_stack))
982 current->personality |= READ_IMPLIES_EXEC;
983
984 if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
985 current->flags |= PF_RANDOMIZE;
986
987 setup_new_exec(bprm);
988
989 /* Do this so that we can load the interpreter, if need be. We will
990 change some of these later */
991 retval = setup_arg_pages(bprm, randomize_stack_top(STACK_TOP),
992 executable_stack);
993 if (retval < 0)
994 goto out_free_dentry;
995
996 elf_bss = 0;
997 elf_brk = 0;
998
999 start_code = ~0UL;
1000 end_code = 0;
1001 start_data = 0;
1002 end_data = 0;
1003
1004 /* Now we do a little grungy work by mmapping the ELF image into
1005 the correct location in memory. */
1006 for(i = 0, elf_ppnt = elf_phdata;
1007 i < elf_ex->e_phnum; i++, elf_ppnt++) {
1008 int elf_prot, elf_flags;
1009 unsigned long k, vaddr;
1010 unsigned long total_size = 0;
1011
1012 if (elf_ppnt->p_type != PT_LOAD)
1013 continue;
1014
1015 if (unlikely (elf_brk > elf_bss)) {
1016 unsigned long nbyte;
1017
1018 /* There was a PT_LOAD segment with p_memsz > p_filesz
1019 before this one. Map anonymous pages, if needed,
1020 and clear the area. */
1021 retval = set_brk(elf_bss + load_bias,
1022 elf_brk + load_bias,
1023 bss_prot);
1024 if (retval)
1025 goto out_free_dentry;
1026 nbyte = ELF_PAGEOFFSET(elf_bss);
1027 if (nbyte) {
1028 nbyte = ELF_MIN_ALIGN - nbyte;
1029 if (nbyte > elf_brk - elf_bss)
1030 nbyte = elf_brk - elf_bss;
1031 if (clear_user((void __user *)elf_bss +
1032 load_bias, nbyte)) {
1033 /*
1034 * This bss-zeroing can fail if the ELF
1035 * file specifies odd protections. So
1036 * we don't check the return value
1037 */
1038 }
1039 }
1040 }
1041
1042 elf_prot = make_prot(elf_ppnt->p_flags, &arch_state,
1043 !!interpreter, false);
1044
1045 elf_flags = MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE;
1046
1047 vaddr = elf_ppnt->p_vaddr;
1048 /*
1049 * If we are loading ET_EXEC or we have already performed
1050 * the ET_DYN load_addr calculations, proceed normally.
1051 */
1052 if (elf_ex->e_type == ET_EXEC || load_addr_set) {
1053 elf_flags |= MAP_FIXED;
1054 } else if (elf_ex->e_type == ET_DYN) {
1055 /*
1056 * This logic is run once for the first LOAD Program
1057 * Header for ET_DYN binaries to calculate the
1058 * randomization (load_bias) for all the LOAD
1059 * Program Headers, and to calculate the entire
1060 * size of the ELF mapping (total_size). (Note that
1061 * load_addr_set is set to true later once the
1062 * initial mapping is performed.)
1063 *
1064 * There are effectively two types of ET_DYN
1065 * binaries: programs (i.e. PIE: ET_DYN with INTERP)
1066 * and loaders (ET_DYN without INTERP, since they
1067 * _are_ the ELF interpreter). The loaders must
1068 * be loaded away from programs since the program
1069 * may otherwise collide with the loader (especially
1070 * for ET_EXEC which does not have a randomized
1071 * position). For example to handle invocations of
1072 * "./ld.so someprog" to test out a new version of
1073 * the loader, the subsequent program that the
1074 * loader loads must avoid the loader itself, so
1075 * they cannot share the same load range. Sufficient
1076 * room for the brk must be allocated with the
1077 * loader as well, since brk must be available with
1078 * the loader.
1079 *
1080 * Therefore, programs are loaded offset from
1081 * ELF_ET_DYN_BASE and loaders are loaded into the
1082 * independently randomized mmap region (0 load_bias
1083 * without MAP_FIXED).
1084 */
1085 if (interpreter) {
1086 load_bias = ELF_ET_DYN_BASE;
1087 if (current->flags & PF_RANDOMIZE)
1088 load_bias += arch_mmap_rnd();
1089 elf_flags |= MAP_FIXED;
1090 } else
1091 load_bias = 0;
1092
1093 /*
1094 * Since load_bias is used for all subsequent loading
1095 * calculations, we must lower it by the first vaddr
1096 * so that the remaining calculations based on the
1097 * ELF vaddrs will be correctly offset. The result
1098 * is then page aligned.
1099 */
1100 load_bias = ELF_PAGESTART(load_bias - vaddr);
1101
1102 total_size = total_mapping_size(elf_phdata,
1103 elf_ex->e_phnum);
1104 if (!total_size) {
1105 retval = -EINVAL;
1106 goto out_free_dentry;
1107 }
1108 }
1109
1110 error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
1111 elf_prot, elf_flags, total_size);
1112 if (BAD_ADDR(error)) {
1113 retval = IS_ERR((void *)error) ?
1114 PTR_ERR((void*)error) : -EINVAL;
1115 goto out_free_dentry;
1116 }
1117
1118 if (!load_addr_set) {
1119 load_addr_set = 1;
1120 load_addr = (elf_ppnt->p_vaddr - elf_ppnt->p_offset);
1121 if (elf_ex->e_type == ET_DYN) {
1122 load_bias += error -
1123 ELF_PAGESTART(load_bias + vaddr);
1124 load_addr += load_bias;
1125 reloc_func_desc = load_bias;
1126 }
1127 }
1128 k = elf_ppnt->p_vaddr;
1129 if ((elf_ppnt->p_flags & PF_X) && k < start_code)
1130 start_code = k;
1131 if (start_data < k)
1132 start_data = k;
1133
1134 /*
1135 * Check to see if the section's size will overflow the
1136 * allowed task size. Note that p_filesz must always be
1137 * <= p_memsz so it is only necessary to check p_memsz.
1138 */
1139 if (BAD_ADDR(k) || elf_ppnt->p_filesz > elf_ppnt->p_memsz ||
1140 elf_ppnt->p_memsz > TASK_SIZE ||
1141 TASK_SIZE - elf_ppnt->p_memsz < k) {
1142 /* set_brk can never work. Avoid overflows. */
1143 retval = -EINVAL;
1144 goto out_free_dentry;
1145 }
1146
1147 k = elf_ppnt->p_vaddr + elf_ppnt->p_filesz;
1148
1149 if (k > elf_bss)
1150 elf_bss = k;
1151 if ((elf_ppnt->p_flags & PF_X) && end_code < k)
1152 end_code = k;
1153 if (end_data < k)
1154 end_data = k;
1155 k = elf_ppnt->p_vaddr + elf_ppnt->p_memsz;
1156 if (k > elf_brk) {
1157 bss_prot = elf_prot;
1158 elf_brk = k;
1159 }
1160 }
1161
1162 e_entry = elf_ex->e_entry + load_bias;
1163 elf_bss += load_bias;
1164 elf_brk += load_bias;
1165 start_code += load_bias;
1166 end_code += load_bias;
1167 start_data += load_bias;
1168 end_data += load_bias;
1169
1170 /* Calling set_brk effectively mmaps the pages that we need
1171 * for the bss and break sections. We must do this before
1172 * mapping in the interpreter, to make sure it doesn't wind
1173 * up getting placed where the bss needs to go.
1174 */
1175 retval = set_brk(elf_bss, elf_brk, bss_prot);
1176 if (retval)
1177 goto out_free_dentry;
1178 if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
1179 retval = -EFAULT; /* Nobody gets to see this, but.. */
1180 goto out_free_dentry;
1181 }
1182
1183 if (interpreter) {
1184 elf_entry = load_elf_interp(interp_elf_ex,
1185 interpreter,
1186 load_bias, interp_elf_phdata,
1187 &arch_state);
1188 if (!IS_ERR((void *)elf_entry)) {
1189 /*
1190 * load_elf_interp() returns relocation
1191 * adjustment
1192 */
1193 interp_load_addr = elf_entry;
1194 elf_entry += interp_elf_ex->e_entry;
1195 }
1196 if (BAD_ADDR(elf_entry)) {
1197 retval = IS_ERR((void *)elf_entry) ?
1198 (int)elf_entry : -EINVAL;
1199 goto out_free_dentry;
1200 }
1201 reloc_func_desc = interp_load_addr;
1202
1203 allow_write_access(interpreter);
1204 fput(interpreter);
1205
1206 kfree(interp_elf_ex);
1207 kfree(interp_elf_phdata);
1208 } else {
1209 elf_entry = e_entry;
1210 if (BAD_ADDR(elf_entry)) {
1211 retval = -EINVAL;
1212 goto out_free_dentry;
1213 }
1214 }
1215
1216 kfree(elf_phdata);
1217
1218 set_binfmt(&elf_format);
1219
1220#ifdef ARCH_HAS_SETUP_ADDITIONAL_PAGES
1221 retval = arch_setup_additional_pages(bprm, !!interpreter);
1222 if (retval < 0)
1223 goto out;
1224#endif /* ARCH_HAS_SETUP_ADDITIONAL_PAGES */
1225
1226 retval = create_elf_tables(bprm, elf_ex,
1227 load_addr, interp_load_addr, e_entry);
1228 if (retval < 0)
1229 goto out;
1230
1231 mm = current->mm;
1232 mm->end_code = end_code;
1233 mm->start_code = start_code;
1234 mm->start_data = start_data;
1235 mm->end_data = end_data;
1236 mm->start_stack = bprm->p;
1237
1238 if ((current->flags & PF_RANDOMIZE) && (randomize_va_space > 1)) {
1239 /*
1240 * For architectures with ELF randomization, when executing
1241 * a loader directly (i.e. no interpreter listed in ELF
1242 * headers), move the brk area out of the mmap region
1243 * (since it grows up, and may collide early with the stack
1244 * growing down), and into the unused ELF_ET_DYN_BASE region.
1245 */
1246 if (IS_ENABLED(CONFIG_ARCH_HAS_ELF_RANDOMIZE) &&
1247 elf_ex->e_type == ET_DYN && !interpreter) {
1248 mm->brk = mm->start_brk = ELF_ET_DYN_BASE;
1249 }
1250
1251 mm->brk = mm->start_brk = arch_randomize_brk(mm);
1252#ifdef compat_brk_randomized
1253 current->brk_randomized = 1;
1254#endif
1255 }
1256
1257 if (current->personality & MMAP_PAGE_ZERO) {
1258 /* Why this, you ask??? Well SVr4 maps page 0 as read-only,
1259 and some applications "depend" upon this behavior.
1260 Since we do not have the power to recompile these, we
1261 emulate the SVr4 behavior. Sigh. */
1262 error = vm_mmap(NULL, 0, PAGE_SIZE, PROT_READ | PROT_EXEC,
1263 MAP_FIXED | MAP_PRIVATE, 0);
1264 }
1265
1266 regs = current_pt_regs();
1267#ifdef ELF_PLAT_INIT
1268 /*
1269 * The ABI may specify that certain registers be set up in special
1270 * ways (on i386 %edx is the address of a DT_FINI function, for
1271 * example. In addition, it may also specify (eg, PowerPC64 ELF)
1272 * that the e_entry field is the address of the function descriptor
1273 * for the startup routine, rather than the address of the startup
1274 * routine itself. This macro performs whatever initialization to
1275 * the regs structure is required as well as any relocations to the
1276 * function descriptor entries when executing dynamically links apps.
1277 */
1278 ELF_PLAT_INIT(regs, reloc_func_desc);
1279#endif
1280
1281 finalize_exec(bprm);
1282 start_thread(regs, elf_entry, bprm->p);
1283 retval = 0;
1284out:
1285 return retval;
1286
1287 /* error cleanup */
1288out_free_dentry:
1289 kfree(interp_elf_ex);
1290 kfree(interp_elf_phdata);
1291 allow_write_access(interpreter);
1292 if (interpreter)
1293 fput(interpreter);
1294out_free_ph:
1295 kfree(elf_phdata);
1296 goto out;
1297}
1298
1299#ifdef CONFIG_USELIB
1300/* This is really simpleminded and specialized - we are loading an
1301 a.out library that is given an ELF header. */
1302static int load_elf_library(struct file *file)
1303{
1304 struct elf_phdr *elf_phdata;
1305 struct elf_phdr *eppnt;
1306 unsigned long elf_bss, bss, len;
1307 int retval, error, i, j;
1308 struct elfhdr elf_ex;
1309
1310 error = -ENOEXEC;
1311 retval = elf_read(file, &elf_ex, sizeof(elf_ex), 0);
1312 if (retval < 0)
1313 goto out;
1314
1315 if (memcmp(elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
1316 goto out;
1317
1318 /* First of all, some simple consistency checks */
1319 if (elf_ex.e_type != ET_EXEC || elf_ex.e_phnum > 2 ||
1320 !elf_check_arch(&elf_ex) || !file->f_op->mmap)
1321 goto out;
1322 if (elf_check_fdpic(&elf_ex))
1323 goto out;
1324
1325 /* Now read in all of the header information */
1326
1327 j = sizeof(struct elf_phdr) * elf_ex.e_phnum;
1328 /* j < ELF_MIN_ALIGN because elf_ex.e_phnum <= 2 */
1329
1330 error = -ENOMEM;
1331 elf_phdata = kmalloc(j, GFP_KERNEL);
1332 if (!elf_phdata)
1333 goto out;
1334
1335 eppnt = elf_phdata;
1336 error = -ENOEXEC;
1337 retval = elf_read(file, eppnt, j, elf_ex.e_phoff);
1338 if (retval < 0)
1339 goto out_free_ph;
1340
1341 for (j = 0, i = 0; i<elf_ex.e_phnum; i++)
1342 if ((eppnt + i)->p_type == PT_LOAD)
1343 j++;
1344 if (j != 1)
1345 goto out_free_ph;
1346
1347 while (eppnt->p_type != PT_LOAD)
1348 eppnt++;
1349
1350 /* Now use mmap to map the library into memory. */
1351 error = vm_mmap(file,
1352 ELF_PAGESTART(eppnt->p_vaddr),
1353 (eppnt->p_filesz +
1354 ELF_PAGEOFFSET(eppnt->p_vaddr)),
1355 PROT_READ | PROT_WRITE | PROT_EXEC,
1356 MAP_FIXED_NOREPLACE | MAP_PRIVATE | MAP_DENYWRITE,
1357 (eppnt->p_offset -
1358 ELF_PAGEOFFSET(eppnt->p_vaddr)));
1359 if (error != ELF_PAGESTART(eppnt->p_vaddr))
1360 goto out_free_ph;
1361
1362 elf_bss = eppnt->p_vaddr + eppnt->p_filesz;
1363 if (padzero(elf_bss)) {
1364 error = -EFAULT;
1365 goto out_free_ph;
1366 }
1367
1368 len = ELF_PAGEALIGN(eppnt->p_filesz + eppnt->p_vaddr);
1369 bss = ELF_PAGEALIGN(eppnt->p_memsz + eppnt->p_vaddr);
1370 if (bss > len) {
1371 error = vm_brk(len, bss - len);
1372 if (error)
1373 goto out_free_ph;
1374 }
1375 error = 0;
1376
1377out_free_ph:
1378 kfree(elf_phdata);
1379out:
1380 return error;
1381}
1382#endif /* #ifdef CONFIG_USELIB */
1383
1384#ifdef CONFIG_ELF_CORE
1385/*
1386 * ELF core dumper
1387 *
1388 * Modelled on fs/exec.c:aout_core_dump()
1389 * Jeremy Fitzhardinge <jeremy@sw.oz.au>
1390 */
1391
1392/*
1393 * The purpose of always_dump_vma() is to make sure that special kernel mappings
1394 * that are useful for post-mortem analysis are included in every core dump.
1395 * In that way we ensure that the core dump is fully interpretable later
1396 * without matching up the same kernel and hardware config to see what PC values
1397 * meant. These special mappings include - vDSO, vsyscall, and other
1398 * architecture specific mappings
1399 */
1400static bool always_dump_vma(struct vm_area_struct *vma)
1401{
1402 /* Any vsyscall mappings? */
1403 if (vma == get_gate_vma(vma->vm_mm))
1404 return true;
1405
1406 /*
1407 * Assume that all vmas with a .name op should always be dumped.
1408 * If this changes, a new vm_ops field can easily be added.
1409 */
1410 if (vma->vm_ops && vma->vm_ops->name && vma->vm_ops->name(vma))
1411 return true;
1412
1413 /*
1414 * arch_vma_name() returns non-NULL for special architecture mappings,
1415 * such as vDSO sections.
1416 */
1417 if (arch_vma_name(vma))
1418 return true;
1419
1420 return false;
1421}
1422
1423/*
1424 * Decide what to dump of a segment, part, all or none.
1425 */
1426static unsigned long vma_dump_size(struct vm_area_struct *vma,
1427 unsigned long mm_flags)
1428{
1429#define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type))
1430
1431 /* always dump the vdso and vsyscall sections */
1432 if (always_dump_vma(vma))
1433 goto whole;
1434
1435 if (vma->vm_flags & VM_DONTDUMP)
1436 return 0;
1437
1438 /* support for DAX */
1439 if (vma_is_dax(vma)) {
1440 if ((vma->vm_flags & VM_SHARED) && FILTER(DAX_SHARED))
1441 goto whole;
1442 if (!(vma->vm_flags & VM_SHARED) && FILTER(DAX_PRIVATE))
1443 goto whole;
1444 return 0;
1445 }
1446
1447 /* Hugetlb memory check */
1448 if (is_vm_hugetlb_page(vma)) {
1449 if ((vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_SHARED))
1450 goto whole;
1451 if (!(vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_PRIVATE))
1452 goto whole;
1453 return 0;
1454 }
1455
1456 /* Do not dump I/O mapped devices or special mappings */
1457 if (vma->vm_flags & VM_IO)
1458 return 0;
1459
1460 /* By default, dump shared memory if mapped from an anonymous file. */
1461 if (vma->vm_flags & VM_SHARED) {
1462 if (file_inode(vma->vm_file)->i_nlink == 0 ?
1463 FILTER(ANON_SHARED) : FILTER(MAPPED_SHARED))
1464 goto whole;
1465 return 0;
1466 }
1467
1468 /* Dump segments that have been written to. */
1469 if (vma->anon_vma && FILTER(ANON_PRIVATE))
1470 goto whole;
1471 if (vma->vm_file == NULL)
1472 return 0;
1473
1474 if (FILTER(MAPPED_PRIVATE))
1475 goto whole;
1476
1477 /*
1478 * If this looks like the beginning of a DSO or executable mapping,
1479 * check for an ELF header. If we find one, dump the first page to
1480 * aid in determining what was mapped here.
1481 */
1482 if (FILTER(ELF_HEADERS) &&
1483 vma->vm_pgoff == 0 && (vma->vm_flags & VM_READ)) {
1484 u32 __user *header = (u32 __user *) vma->vm_start;
1485 u32 word;
1486 /*
1487 * Doing it this way gets the constant folded by GCC.
1488 */
1489 union {
1490 u32 cmp;
1491 char elfmag[SELFMAG];
1492 } magic;
1493 BUILD_BUG_ON(SELFMAG != sizeof word);
1494 magic.elfmag[EI_MAG0] = ELFMAG0;
1495 magic.elfmag[EI_MAG1] = ELFMAG1;
1496 magic.elfmag[EI_MAG2] = ELFMAG2;
1497 magic.elfmag[EI_MAG3] = ELFMAG3;
1498 if (unlikely(get_user(word, header)))
1499 word = 0;
1500 if (word == magic.cmp)
1501 return PAGE_SIZE;
1502 }
1503
1504#undef FILTER
1505
1506 return 0;
1507
1508whole:
1509 return vma->vm_end - vma->vm_start;
1510}
1511
1512/* An ELF note in memory */
1513struct memelfnote
1514{
1515 const char *name;
1516 int type;
1517 unsigned int datasz;
1518 void *data;
1519};
1520
1521static int notesize(struct memelfnote *en)
1522{
1523 int sz;
1524
1525 sz = sizeof(struct elf_note);
1526 sz += roundup(strlen(en->name) + 1, 4);
1527 sz += roundup(en->datasz, 4);
1528
1529 return sz;
1530}
1531
1532static int writenote(struct memelfnote *men, struct coredump_params *cprm)
1533{
1534 struct elf_note en;
1535 en.n_namesz = strlen(men->name) + 1;
1536 en.n_descsz = men->datasz;
1537 en.n_type = men->type;
1538
1539 return dump_emit(cprm, &en, sizeof(en)) &&
1540 dump_emit(cprm, men->name, en.n_namesz) && dump_align(cprm, 4) &&
1541 dump_emit(cprm, men->data, men->datasz) && dump_align(cprm, 4);
1542}
1543
1544static void fill_elf_header(struct elfhdr *elf, int segs,
1545 u16 machine, u32 flags)
1546{
1547 memset(elf, 0, sizeof(*elf));
1548
1549 memcpy(elf->e_ident, ELFMAG, SELFMAG);
1550 elf->e_ident[EI_CLASS] = ELF_CLASS;
1551 elf->e_ident[EI_DATA] = ELF_DATA;
1552 elf->e_ident[EI_VERSION] = EV_CURRENT;
1553 elf->e_ident[EI_OSABI] = ELF_OSABI;
1554
1555 elf->e_type = ET_CORE;
1556 elf->e_machine = machine;
1557 elf->e_version = EV_CURRENT;
1558 elf->e_phoff = sizeof(struct elfhdr);
1559 elf->e_flags = flags;
1560 elf->e_ehsize = sizeof(struct elfhdr);
1561 elf->e_phentsize = sizeof(struct elf_phdr);
1562 elf->e_phnum = segs;
1563}
1564
1565static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, loff_t offset)
1566{
1567 phdr->p_type = PT_NOTE;
1568 phdr->p_offset = offset;
1569 phdr->p_vaddr = 0;
1570 phdr->p_paddr = 0;
1571 phdr->p_filesz = sz;
1572 phdr->p_memsz = 0;
1573 phdr->p_flags = 0;
1574 phdr->p_align = 0;
1575}
1576
1577static void fill_note(struct memelfnote *note, const char *name, int type,
1578 unsigned int sz, void *data)
1579{
1580 note->name = name;
1581 note->type = type;
1582 note->datasz = sz;
1583 note->data = data;
1584}
1585
1586/*
1587 * fill up all the fields in prstatus from the given task struct, except
1588 * registers which need to be filled up separately.
1589 */
1590static void fill_prstatus(struct elf_prstatus *prstatus,
1591 struct task_struct *p, long signr)
1592{
1593 prstatus->pr_info.si_signo = prstatus->pr_cursig = signr;
1594 prstatus->pr_sigpend = p->pending.signal.sig[0];
1595 prstatus->pr_sighold = p->blocked.sig[0];
1596 rcu_read_lock();
1597 prstatus->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1598 rcu_read_unlock();
1599 prstatus->pr_pid = task_pid_vnr(p);
1600 prstatus->pr_pgrp = task_pgrp_vnr(p);
1601 prstatus->pr_sid = task_session_vnr(p);
1602 if (thread_group_leader(p)) {
1603 struct task_cputime cputime;
1604
1605 /*
1606 * This is the record for the group leader. It shows the
1607 * group-wide total, not its individual thread total.
1608 */
1609 thread_group_cputime(p, &cputime);
1610 prstatus->pr_utime = ns_to_kernel_old_timeval(cputime.utime);
1611 prstatus->pr_stime = ns_to_kernel_old_timeval(cputime.stime);
1612 } else {
1613 u64 utime, stime;
1614
1615 task_cputime(p, &utime, &stime);
1616 prstatus->pr_utime = ns_to_kernel_old_timeval(utime);
1617 prstatus->pr_stime = ns_to_kernel_old_timeval(stime);
1618 }
1619
1620 prstatus->pr_cutime = ns_to_kernel_old_timeval(p->signal->cutime);
1621 prstatus->pr_cstime = ns_to_kernel_old_timeval(p->signal->cstime);
1622}
1623
1624static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p,
1625 struct mm_struct *mm)
1626{
1627 const struct cred *cred;
1628 unsigned int i, len;
1629
1630 /* first copy the parameters from user space */
1631 memset(psinfo, 0, sizeof(struct elf_prpsinfo));
1632
1633 len = mm->arg_end - mm->arg_start;
1634 if (len >= ELF_PRARGSZ)
1635 len = ELF_PRARGSZ-1;
1636 if (copy_from_user(&psinfo->pr_psargs,
1637 (const char __user *)mm->arg_start, len))
1638 return -EFAULT;
1639 for(i = 0; i < len; i++)
1640 if (psinfo->pr_psargs[i] == 0)
1641 psinfo->pr_psargs[i] = ' ';
1642 psinfo->pr_psargs[len] = 0;
1643
1644 rcu_read_lock();
1645 psinfo->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1646 rcu_read_unlock();
1647 psinfo->pr_pid = task_pid_vnr(p);
1648 psinfo->pr_pgrp = task_pgrp_vnr(p);
1649 psinfo->pr_sid = task_session_vnr(p);
1650
1651 i = p->state ? ffz(~p->state) + 1 : 0;
1652 psinfo->pr_state = i;
1653 psinfo->pr_sname = (i > 5) ? '.' : "RSDTZW"[i];
1654 psinfo->pr_zomb = psinfo->pr_sname == 'Z';
1655 psinfo->pr_nice = task_nice(p);
1656 psinfo->pr_flag = p->flags;
1657 rcu_read_lock();
1658 cred = __task_cred(p);
1659 SET_UID(psinfo->pr_uid, from_kuid_munged(cred->user_ns, cred->uid));
1660 SET_GID(psinfo->pr_gid, from_kgid_munged(cred->user_ns, cred->gid));
1661 rcu_read_unlock();
1662 strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname));
1663
1664 return 0;
1665}
1666
1667static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
1668{
1669 elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
1670 int i = 0;
1671 do
1672 i += 2;
1673 while (auxv[i - 2] != AT_NULL);
1674 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
1675}
1676
1677static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata,
1678 const kernel_siginfo_t *siginfo)
1679{
1680 copy_siginfo_to_external(csigdata, siginfo);
1681 fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata);
1682}
1683
1684#define MAX_FILE_NOTE_SIZE (4*1024*1024)
1685/*
1686 * Format of NT_FILE note:
1687 *
1688 * long count -- how many files are mapped
1689 * long page_size -- units for file_ofs
1690 * array of [COUNT] elements of
1691 * long start
1692 * long end
1693 * long file_ofs
1694 * followed by COUNT filenames in ASCII: "FILE1" NUL "FILE2" NUL...
1695 */
1696static int fill_files_note(struct memelfnote *note)
1697{
1698 struct mm_struct *mm = current->mm;
1699 struct vm_area_struct *vma;
1700 unsigned count, size, names_ofs, remaining, n;
1701 user_long_t *data;
1702 user_long_t *start_end_ofs;
1703 char *name_base, *name_curpos;
1704
1705 /* *Estimated* file count and total data size needed */
1706 count = mm->map_count;
1707 if (count > UINT_MAX / 64)
1708 return -EINVAL;
1709 size = count * 64;
1710
1711 names_ofs = (2 + 3 * count) * sizeof(data[0]);
1712 alloc:
1713 if (size >= MAX_FILE_NOTE_SIZE) /* paranoia check */
1714 return -EINVAL;
1715 size = round_up(size, PAGE_SIZE);
1716 /*
1717 * "size" can be 0 here legitimately.
1718 * Let it ENOMEM and omit NT_FILE section which will be empty anyway.
1719 */
1720 data = kvmalloc(size, GFP_KERNEL);
1721 if (ZERO_OR_NULL_PTR(data))
1722 return -ENOMEM;
1723
1724 start_end_ofs = data + 2;
1725 name_base = name_curpos = ((char *)data) + names_ofs;
1726 remaining = size - names_ofs;
1727 count = 0;
1728 for (vma = mm->mmap; vma != NULL; vma = vma->vm_next) {
1729 struct file *file;
1730 const char *filename;
1731
1732 file = vma->vm_file;
1733 if (!file)
1734 continue;
1735 filename = file_path(file, name_curpos, remaining);
1736 if (IS_ERR(filename)) {
1737 if (PTR_ERR(filename) == -ENAMETOOLONG) {
1738 kvfree(data);
1739 size = size * 5 / 4;
1740 goto alloc;
1741 }
1742 continue;
1743 }
1744
1745 /* file_path() fills at the end, move name down */
1746 /* n = strlen(filename) + 1: */
1747 n = (name_curpos + remaining) - filename;
1748 remaining = filename - name_curpos;
1749 memmove(name_curpos, filename, n);
1750 name_curpos += n;
1751
1752 *start_end_ofs++ = vma->vm_start;
1753 *start_end_ofs++ = vma->vm_end;
1754 *start_end_ofs++ = vma->vm_pgoff;
1755 count++;
1756 }
1757
1758 /* Now we know exact count of files, can store it */
1759 data[0] = count;
1760 data[1] = PAGE_SIZE;
1761 /*
1762 * Count usually is less than mm->map_count,
1763 * we need to move filenames down.
1764 */
1765 n = mm->map_count - count;
1766 if (n != 0) {
1767 unsigned shift_bytes = n * 3 * sizeof(data[0]);
1768 memmove(name_base - shift_bytes, name_base,
1769 name_curpos - name_base);
1770 name_curpos -= shift_bytes;
1771 }
1772
1773 size = name_curpos - (char *)data;
1774 fill_note(note, "CORE", NT_FILE, size, data);
1775 return 0;
1776}
1777
1778#ifdef CORE_DUMP_USE_REGSET
1779#include <linux/regset.h>
1780
1781struct elf_thread_core_info {
1782 struct elf_thread_core_info *next;
1783 struct task_struct *task;
1784 struct elf_prstatus prstatus;
1785 struct memelfnote notes[0];
1786};
1787
1788struct elf_note_info {
1789 struct elf_thread_core_info *thread;
1790 struct memelfnote psinfo;
1791 struct memelfnote signote;
1792 struct memelfnote auxv;
1793 struct memelfnote files;
1794 user_siginfo_t csigdata;
1795 size_t size;
1796 int thread_notes;
1797};
1798
1799/*
1800 * When a regset has a writeback hook, we call it on each thread before
1801 * dumping user memory. On register window machines, this makes sure the
1802 * user memory backing the register data is up to date before we read it.
1803 */
1804static void do_thread_regset_writeback(struct task_struct *task,
1805 const struct user_regset *regset)
1806{
1807 if (regset->writeback)
1808 regset->writeback(task, regset, 1);
1809}
1810
1811#ifndef PRSTATUS_SIZE
1812#define PRSTATUS_SIZE(S, R) sizeof(S)
1813#endif
1814
1815#ifndef SET_PR_FPVALID
1816#define SET_PR_FPVALID(S, V, R) ((S)->pr_fpvalid = (V))
1817#endif
1818
1819static int fill_thread_core_info(struct elf_thread_core_info *t,
1820 const struct user_regset_view *view,
1821 long signr, size_t *total)
1822{
1823 unsigned int i;
1824 int regset0_size;
1825
1826 /*
1827 * NT_PRSTATUS is the one special case, because the regset data
1828 * goes into the pr_reg field inside the note contents, rather
1829 * than being the whole note contents. We fill the reset in here.
1830 * We assume that regset 0 is NT_PRSTATUS.
1831 */
1832 fill_prstatus(&t->prstatus, t->task, signr);
1833 regset0_size = regset_get(t->task, &view->regsets[0],
1834 sizeof(t->prstatus.pr_reg), &t->prstatus.pr_reg);
1835 if (regset0_size < 0)
1836 return 0;
1837
1838 fill_note(&t->notes[0], "CORE", NT_PRSTATUS,
1839 PRSTATUS_SIZE(t->prstatus, regset0_size), &t->prstatus);
1840 *total += notesize(&t->notes[0]);
1841
1842 do_thread_regset_writeback(t->task, &view->regsets[0]);
1843
1844 /*
1845 * Each other regset might generate a note too. For each regset
1846 * that has no core_note_type or is inactive, we leave t->notes[i]
1847 * all zero and we'll know to skip writing it later.
1848 */
1849 for (i = 1; i < view->n; ++i) {
1850 const struct user_regset *regset = &view->regsets[i];
1851 int note_type = regset->core_note_type;
1852 bool is_fpreg = note_type == NT_PRFPREG;
1853 void *data;
1854 int ret;
1855
1856 do_thread_regset_writeback(t->task, regset);
1857 if (!note_type) // not for coredumps
1858 continue;
1859 if (regset->active && regset->active(t->task, regset) <= 0)
1860 continue;
1861
1862 ret = regset_get_alloc(t->task, regset, ~0U, &data);
1863 if (ret < 0)
1864 continue;
1865
1866 if (is_fpreg)
1867 SET_PR_FPVALID(&t->prstatus, 1, regset0_size);
1868
1869 fill_note(&t->notes[i], is_fpreg ? "CORE" : "LINUX",
1870 note_type, ret, data);
1871
1872 *total += notesize(&t->notes[i]);
1873 }
1874
1875 return 1;
1876}
1877
1878static int fill_note_info(struct elfhdr *elf, int phdrs,
1879 struct elf_note_info *info,
1880 const kernel_siginfo_t *siginfo, struct pt_regs *regs)
1881{
1882 struct task_struct *dump_task = current;
1883 const struct user_regset_view *view = task_user_regset_view(dump_task);
1884 struct elf_thread_core_info *t;
1885 struct elf_prpsinfo *psinfo;
1886 struct core_thread *ct;
1887 unsigned int i;
1888
1889 info->size = 0;
1890 info->thread = NULL;
1891
1892 psinfo = kmalloc(sizeof(*psinfo), GFP_KERNEL);
1893 if (psinfo == NULL) {
1894 info->psinfo.data = NULL; /* So we don't free this wrongly */
1895 return 0;
1896 }
1897
1898 fill_note(&info->psinfo, "CORE", NT_PRPSINFO, sizeof(*psinfo), psinfo);
1899
1900 /*
1901 * Figure out how many notes we're going to need for each thread.
1902 */
1903 info->thread_notes = 0;
1904 for (i = 0; i < view->n; ++i)
1905 if (view->regsets[i].core_note_type != 0)
1906 ++info->thread_notes;
1907
1908 /*
1909 * Sanity check. We rely on regset 0 being in NT_PRSTATUS,
1910 * since it is our one special case.
1911 */
1912 if (unlikely(info->thread_notes == 0) ||
1913 unlikely(view->regsets[0].core_note_type != NT_PRSTATUS)) {
1914 WARN_ON(1);
1915 return 0;
1916 }
1917
1918 /*
1919 * Initialize the ELF file header.
1920 */
1921 fill_elf_header(elf, phdrs,
1922 view->e_machine, view->e_flags);
1923
1924 /*
1925 * Allocate a structure for each thread.
1926 */
1927 for (ct = &dump_task->mm->core_state->dumper; ct; ct = ct->next) {
1928 t = kzalloc(offsetof(struct elf_thread_core_info,
1929 notes[info->thread_notes]),
1930 GFP_KERNEL);
1931 if (unlikely(!t))
1932 return 0;
1933
1934 t->task = ct->task;
1935 if (ct->task == dump_task || !info->thread) {
1936 t->next = info->thread;
1937 info->thread = t;
1938 } else {
1939 /*
1940 * Make sure to keep the original task at
1941 * the head of the list.
1942 */
1943 t->next = info->thread->next;
1944 info->thread->next = t;
1945 }
1946 }
1947
1948 /*
1949 * Now fill in each thread's information.
1950 */
1951 for (t = info->thread; t != NULL; t = t->next)
1952 if (!fill_thread_core_info(t, view, siginfo->si_signo, &info->size))
1953 return 0;
1954
1955 /*
1956 * Fill in the two process-wide notes.
1957 */
1958 fill_psinfo(psinfo, dump_task->group_leader, dump_task->mm);
1959 info->size += notesize(&info->psinfo);
1960
1961 fill_siginfo_note(&info->signote, &info->csigdata, siginfo);
1962 info->size += notesize(&info->signote);
1963
1964 fill_auxv_note(&info->auxv, current->mm);
1965 info->size += notesize(&info->auxv);
1966
1967 if (fill_files_note(&info->files) == 0)
1968 info->size += notesize(&info->files);
1969
1970 return 1;
1971}
1972
1973static size_t get_note_info_size(struct elf_note_info *info)
1974{
1975 return info->size;
1976}
1977
1978/*
1979 * Write all the notes for each thread. When writing the first thread, the
1980 * process-wide notes are interleaved after the first thread-specific note.
1981 */
1982static int write_note_info(struct elf_note_info *info,
1983 struct coredump_params *cprm)
1984{
1985 bool first = true;
1986 struct elf_thread_core_info *t = info->thread;
1987
1988 do {
1989 int i;
1990
1991 if (!writenote(&t->notes[0], cprm))
1992 return 0;
1993
1994 if (first && !writenote(&info->psinfo, cprm))
1995 return 0;
1996 if (first && !writenote(&info->signote, cprm))
1997 return 0;
1998 if (first && !writenote(&info->auxv, cprm))
1999 return 0;
2000 if (first && info->files.data &&
2001 !writenote(&info->files, cprm))
2002 return 0;
2003
2004 for (i = 1; i < info->thread_notes; ++i)
2005 if (t->notes[i].data &&
2006 !writenote(&t->notes[i], cprm))
2007 return 0;
2008
2009 first = false;
2010 t = t->next;
2011 } while (t);
2012
2013 return 1;
2014}
2015
2016static void free_note_info(struct elf_note_info *info)
2017{
2018 struct elf_thread_core_info *threads = info->thread;
2019 while (threads) {
2020 unsigned int i;
2021 struct elf_thread_core_info *t = threads;
2022 threads = t->next;
2023 WARN_ON(t->notes[0].data && t->notes[0].data != &t->prstatus);
2024 for (i = 1; i < info->thread_notes; ++i)
2025 kfree(t->notes[i].data);
2026 kfree(t);
2027 }
2028 kfree(info->psinfo.data);
2029 kvfree(info->files.data);
2030}
2031
2032#else
2033
2034/* Here is the structure in which status of each thread is captured. */
2035struct elf_thread_status
2036{
2037 struct list_head list;
2038 struct elf_prstatus prstatus; /* NT_PRSTATUS */
2039 elf_fpregset_t fpu; /* NT_PRFPREG */
2040 struct task_struct *thread;
2041 struct memelfnote notes[3];
2042 int num_notes;
2043};
2044
2045/*
2046 * In order to add the specific thread information for the elf file format,
2047 * we need to keep a linked list of every threads pr_status and then create
2048 * a single section for them in the final core file.
2049 */
2050static int elf_dump_thread_status(long signr, struct elf_thread_status *t)
2051{
2052 int sz = 0;
2053 struct task_struct *p = t->thread;
2054 t->num_notes = 0;
2055
2056 fill_prstatus(&t->prstatus, p, signr);
2057 elf_core_copy_task_regs(p, &t->prstatus.pr_reg);
2058
2059 fill_note(&t->notes[0], "CORE", NT_PRSTATUS, sizeof(t->prstatus),
2060 &(t->prstatus));
2061 t->num_notes++;
2062 sz += notesize(&t->notes[0]);
2063
2064 if ((t->prstatus.pr_fpvalid = elf_core_copy_task_fpregs(p, NULL,
2065 &t->fpu))) {
2066 fill_note(&t->notes[1], "CORE", NT_PRFPREG, sizeof(t->fpu),
2067 &(t->fpu));
2068 t->num_notes++;
2069 sz += notesize(&t->notes[1]);
2070 }
2071 return sz;
2072}
2073
2074struct elf_note_info {
2075 struct memelfnote *notes;
2076 struct memelfnote *notes_files;
2077 struct elf_prstatus *prstatus; /* NT_PRSTATUS */
2078 struct elf_prpsinfo *psinfo; /* NT_PRPSINFO */
2079 struct list_head thread_list;
2080 elf_fpregset_t *fpu;
2081 user_siginfo_t csigdata;
2082 int thread_status_size;
2083 int numnote;
2084};
2085
2086static int elf_note_info_init(struct elf_note_info *info)
2087{
2088 memset(info, 0, sizeof(*info));
2089 INIT_LIST_HEAD(&info->thread_list);
2090
2091 /* Allocate space for ELF notes */
2092 info->notes = kmalloc_array(8, sizeof(struct memelfnote), GFP_KERNEL);
2093 if (!info->notes)
2094 return 0;
2095 info->psinfo = kmalloc(sizeof(*info->psinfo), GFP_KERNEL);
2096 if (!info->psinfo)
2097 return 0;
2098 info->prstatus = kmalloc(sizeof(*info->prstatus), GFP_KERNEL);
2099 if (!info->prstatus)
2100 return 0;
2101 info->fpu = kmalloc(sizeof(*info->fpu), GFP_KERNEL);
2102 if (!info->fpu)
2103 return 0;
2104 return 1;
2105}
2106
2107static int fill_note_info(struct elfhdr *elf, int phdrs,
2108 struct elf_note_info *info,
2109 const kernel_siginfo_t *siginfo, struct pt_regs *regs)
2110{
2111 struct core_thread *ct;
2112 struct elf_thread_status *ets;
2113
2114 if (!elf_note_info_init(info))
2115 return 0;
2116
2117 for (ct = current->mm->core_state->dumper.next;
2118 ct; ct = ct->next) {
2119 ets = kzalloc(sizeof(*ets), GFP_KERNEL);
2120 if (!ets)
2121 return 0;
2122
2123 ets->thread = ct->task;
2124 list_add(&ets->list, &info->thread_list);
2125 }
2126
2127 list_for_each_entry(ets, &info->thread_list, list) {
2128 int sz;
2129
2130 sz = elf_dump_thread_status(siginfo->si_signo, ets);
2131 info->thread_status_size += sz;
2132 }
2133 /* now collect the dump for the current */
2134 memset(info->prstatus, 0, sizeof(*info->prstatus));
2135 fill_prstatus(info->prstatus, current, siginfo->si_signo);
2136 elf_core_copy_regs(&info->prstatus->pr_reg, regs);
2137
2138 /* Set up header */
2139 fill_elf_header(elf, phdrs, ELF_ARCH, ELF_CORE_EFLAGS);
2140
2141 /*
2142 * Set up the notes in similar form to SVR4 core dumps made
2143 * with info from their /proc.
2144 */
2145
2146 fill_note(info->notes + 0, "CORE", NT_PRSTATUS,
2147 sizeof(*info->prstatus), info->prstatus);
2148 fill_psinfo(info->psinfo, current->group_leader, current->mm);
2149 fill_note(info->notes + 1, "CORE", NT_PRPSINFO,
2150 sizeof(*info->psinfo), info->psinfo);
2151
2152 fill_siginfo_note(info->notes + 2, &info->csigdata, siginfo);
2153 fill_auxv_note(info->notes + 3, current->mm);
2154 info->numnote = 4;
2155
2156 if (fill_files_note(info->notes + info->numnote) == 0) {
2157 info->notes_files = info->notes + info->numnote;
2158 info->numnote++;
2159 }
2160
2161 /* Try to dump the FPU. */
2162 info->prstatus->pr_fpvalid = elf_core_copy_task_fpregs(current, regs,
2163 info->fpu);
2164 if (info->prstatus->pr_fpvalid)
2165 fill_note(info->notes + info->numnote++,
2166 "CORE", NT_PRFPREG, sizeof(*info->fpu), info->fpu);
2167 return 1;
2168}
2169
2170static size_t get_note_info_size(struct elf_note_info *info)
2171{
2172 int sz = 0;
2173 int i;
2174
2175 for (i = 0; i < info->numnote; i++)
2176 sz += notesize(info->notes + i);
2177
2178 sz += info->thread_status_size;
2179
2180 return sz;
2181}
2182
2183static int write_note_info(struct elf_note_info *info,
2184 struct coredump_params *cprm)
2185{
2186 struct elf_thread_status *ets;
2187 int i;
2188
2189 for (i = 0; i < info->numnote; i++)
2190 if (!writenote(info->notes + i, cprm))
2191 return 0;
2192
2193 /* write out the thread status notes section */
2194 list_for_each_entry(ets, &info->thread_list, list) {
2195 for (i = 0; i < ets->num_notes; i++)
2196 if (!writenote(&ets->notes[i], cprm))
2197 return 0;
2198 }
2199
2200 return 1;
2201}
2202
2203static void free_note_info(struct elf_note_info *info)
2204{
2205 while (!list_empty(&info->thread_list)) {
2206 struct list_head *tmp = info->thread_list.next;
2207 list_del(tmp);
2208 kfree(list_entry(tmp, struct elf_thread_status, list));
2209 }
2210
2211 /* Free data possibly allocated by fill_files_note(): */
2212 if (info->notes_files)
2213 kvfree(info->notes_files->data);
2214
2215 kfree(info->prstatus);
2216 kfree(info->psinfo);
2217 kfree(info->notes);
2218 kfree(info->fpu);
2219}
2220
2221#endif
2222
2223static struct vm_area_struct *first_vma(struct task_struct *tsk,
2224 struct vm_area_struct *gate_vma)
2225{
2226 struct vm_area_struct *ret = tsk->mm->mmap;
2227
2228 if (ret)
2229 return ret;
2230 return gate_vma;
2231}
2232/*
2233 * Helper function for iterating across a vma list. It ensures that the caller
2234 * will visit `gate_vma' prior to terminating the search.
2235 */
2236static struct vm_area_struct *next_vma(struct vm_area_struct *this_vma,
2237 struct vm_area_struct *gate_vma)
2238{
2239 struct vm_area_struct *ret;
2240
2241 ret = this_vma->vm_next;
2242 if (ret)
2243 return ret;
2244 if (this_vma == gate_vma)
2245 return NULL;
2246 return gate_vma;
2247}
2248
2249static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
2250 elf_addr_t e_shoff, int segs)
2251{
2252 elf->e_shoff = e_shoff;
2253 elf->e_shentsize = sizeof(*shdr4extnum);
2254 elf->e_shnum = 1;
2255 elf->e_shstrndx = SHN_UNDEF;
2256
2257 memset(shdr4extnum, 0, sizeof(*shdr4extnum));
2258
2259 shdr4extnum->sh_type = SHT_NULL;
2260 shdr4extnum->sh_size = elf->e_shnum;
2261 shdr4extnum->sh_link = elf->e_shstrndx;
2262 shdr4extnum->sh_info = segs;
2263}
2264
2265/*
2266 * Actual dumper
2267 *
2268 * This is a two-pass process; first we find the offsets of the bits,
2269 * and then they are actually written out. If we run out of core limit
2270 * we just truncate.
2271 */
2272static int elf_core_dump(struct coredump_params *cprm)
2273{
2274 int has_dumped = 0;
2275 int segs, i;
2276 size_t vma_data_size = 0;
2277 struct vm_area_struct *vma, *gate_vma;
2278 struct elfhdr elf;
2279 loff_t offset = 0, dataoff;
2280 struct elf_note_info info = { };
2281 struct elf_phdr *phdr4note = NULL;
2282 struct elf_shdr *shdr4extnum = NULL;
2283 Elf_Half e_phnum;
2284 elf_addr_t e_shoff;
2285 elf_addr_t *vma_filesz = NULL;
2286
2287 /*
2288 * We no longer stop all VM operations.
2289 *
2290 * This is because those proceses that could possibly change map_count
2291 * or the mmap / vma pages are now blocked in do_exit on current
2292 * finishing this core dump.
2293 *
2294 * Only ptrace can touch these memory addresses, but it doesn't change
2295 * the map_count or the pages allocated. So no possibility of crashing
2296 * exists while dumping the mm->vm_next areas to the core file.
2297 */
2298
2299 /*
2300 * The number of segs are recored into ELF header as 16bit value.
2301 * Please check DEFAULT_MAX_MAP_COUNT definition when you modify here.
2302 */
2303 segs = current->mm->map_count;
2304 segs += elf_core_extra_phdrs();
2305
2306 gate_vma = get_gate_vma(current->mm);
2307 if (gate_vma != NULL)
2308 segs++;
2309
2310 /* for notes section */
2311 segs++;
2312
2313 /* If segs > PN_XNUM(0xffff), then e_phnum overflows. To avoid
2314 * this, kernel supports extended numbering. Have a look at
2315 * include/linux/elf.h for further information. */
2316 e_phnum = segs > PN_XNUM ? PN_XNUM : segs;
2317
2318 /*
2319 * Collect all the non-memory information about the process for the
2320 * notes. This also sets up the file header.
2321 */
2322 if (!fill_note_info(&elf, e_phnum, &info, cprm->siginfo, cprm->regs))
2323 goto end_coredump;
2324
2325 has_dumped = 1;
2326
2327 offset += sizeof(elf); /* Elf header */
2328 offset += segs * sizeof(struct elf_phdr); /* Program headers */
2329
2330 /* Write notes phdr entry */
2331 {
2332 size_t sz = get_note_info_size(&info);
2333
2334 sz += elf_coredump_extra_notes_size();
2335
2336 phdr4note = kmalloc(sizeof(*phdr4note), GFP_KERNEL);
2337 if (!phdr4note)
2338 goto end_coredump;
2339
2340 fill_elf_note_phdr(phdr4note, sz, offset);
2341 offset += sz;
2342 }
2343
2344 dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
2345
2346 /*
2347 * Zero vma process will get ZERO_SIZE_PTR here.
2348 * Let coredump continue for register state at least.
2349 */
2350 vma_filesz = kvmalloc(array_size(sizeof(*vma_filesz), (segs - 1)),
2351 GFP_KERNEL);
2352 if (!vma_filesz)
2353 goto end_coredump;
2354
2355 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
2356 vma = next_vma(vma, gate_vma)) {
2357 unsigned long dump_size;
2358
2359 dump_size = vma_dump_size(vma, cprm->mm_flags);
2360 vma_filesz[i++] = dump_size;
2361 vma_data_size += dump_size;
2362 }
2363
2364 offset += vma_data_size;
2365 offset += elf_core_extra_data_size();
2366 e_shoff = offset;
2367
2368 if (e_phnum == PN_XNUM) {
2369 shdr4extnum = kmalloc(sizeof(*shdr4extnum), GFP_KERNEL);
2370 if (!shdr4extnum)
2371 goto end_coredump;
2372 fill_extnum_info(&elf, shdr4extnum, e_shoff, segs);
2373 }
2374
2375 offset = dataoff;
2376
2377 if (!dump_emit(cprm, &elf, sizeof(elf)))
2378 goto end_coredump;
2379
2380 if (!dump_emit(cprm, phdr4note, sizeof(*phdr4note)))
2381 goto end_coredump;
2382
2383 /* Write program headers for segments dump */
2384 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
2385 vma = next_vma(vma, gate_vma)) {
2386 struct elf_phdr phdr;
2387
2388 phdr.p_type = PT_LOAD;
2389 phdr.p_offset = offset;
2390 phdr.p_vaddr = vma->vm_start;
2391 phdr.p_paddr = 0;
2392 phdr.p_filesz = vma_filesz[i++];
2393 phdr.p_memsz = vma->vm_end - vma->vm_start;
2394 offset += phdr.p_filesz;
2395 phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
2396 if (vma->vm_flags & VM_WRITE)
2397 phdr.p_flags |= PF_W;
2398 if (vma->vm_flags & VM_EXEC)
2399 phdr.p_flags |= PF_X;
2400 phdr.p_align = ELF_EXEC_PAGESIZE;
2401
2402 if (!dump_emit(cprm, &phdr, sizeof(phdr)))
2403 goto end_coredump;
2404 }
2405
2406 if (!elf_core_write_extra_phdrs(cprm, offset))
2407 goto end_coredump;
2408
2409 /* write out the notes section */
2410 if (!write_note_info(&info, cprm))
2411 goto end_coredump;
2412
2413 if (elf_coredump_extra_notes_write(cprm))
2414 goto end_coredump;
2415
2416 /* Align to page */
2417 if (!dump_skip(cprm, dataoff - cprm->pos))
2418 goto end_coredump;
2419
2420 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
2421 vma = next_vma(vma, gate_vma)) {
2422 unsigned long addr;
2423 unsigned long end;
2424
2425 end = vma->vm_start + vma_filesz[i++];
2426
2427 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
2428 struct page *page;
2429 int stop;
2430
2431 page = get_dump_page(addr);
2432 if (page) {
2433 void *kaddr = kmap(page);
2434 stop = !dump_emit(cprm, kaddr, PAGE_SIZE);
2435 kunmap(page);
2436 put_page(page);
2437 } else
2438 stop = !dump_skip(cprm, PAGE_SIZE);
2439 if (stop)
2440 goto end_coredump;
2441 }
2442 }
2443 dump_truncate(cprm);
2444
2445 if (!elf_core_write_extra_data(cprm))
2446 goto end_coredump;
2447
2448 if (e_phnum == PN_XNUM) {
2449 if (!dump_emit(cprm, shdr4extnum, sizeof(*shdr4extnum)))
2450 goto end_coredump;
2451 }
2452
2453end_coredump:
2454 free_note_info(&info);
2455 kfree(shdr4extnum);
2456 kvfree(vma_filesz);
2457 kfree(phdr4note);
2458 return has_dumped;
2459}
2460
2461#endif /* CONFIG_ELF_CORE */
2462
2463static int __init init_elf_binfmt(void)
2464{
2465 register_binfmt(&elf_format);
2466 return 0;
2467}
2468
2469static void __exit exit_elf_binfmt(void)
2470{
2471 /* Remove the COFF and ELF loaders. */
2472 unregister_binfmt(&elf_format);
2473}
2474
2475core_initcall(init_elf_binfmt);
2476module_exit(exit_elf_binfmt);
2477MODULE_LICENSE("GPL");