1 // SPDX-License-Identifier: GPL-2.0-only
3 * linux/fs/binfmt_elf.c
5 * These are the functions used to load ELF format executables as used
6 * on SVr4 machines. Information on the format may be found in the book
7 * "UNIX SYSTEM V RELEASE 4 Programmers Guide: Ansi C and Programming Support
10 * Copyright 1993, 1994: Eric Youngdale (ericy@cais.com).
13 #include <linux/module.h>
14 #include <linux/kernel.h>
16 #include <linux/log2.h>
18 #include <linux/mman.h>
19 #include <linux/errno.h>
20 #include <linux/signal.h>
21 #include <linux/binfmts.h>
22 #include <linux/string.h>
23 #include <linux/file.h>
24 #include <linux/slab.h>
25 #include <linux/personality.h>
26 #include <linux/elfcore.h>
27 #include <linux/init.h>
28 #include <linux/highuid.h>
29 #include <linux/compiler.h>
30 #include <linux/highmem.h>
31 #include <linux/hugetlb.h>
32 #include <linux/pagemap.h>
33 #include <linux/vmalloc.h>
34 #include <linux/security.h>
35 #include <linux/random.h>
36 #include <linux/elf.h>
37 #include <linux/elf-randomize.h>
38 #include <linux/utsname.h>
39 #include <linux/coredump.h>
40 #include <linux/sched.h>
41 #include <linux/sched/coredump.h>
42 #include <linux/sched/task_stack.h>
43 #include <linux/sched/cputime.h>
44 #include <linux/sizes.h>
45 #include <linux/types.h>
46 #include <linux/cred.h>
47 #include <linux/dax.h>
48 #include <linux/uaccess.h>
49 #include <asm/param.h>
57 #define user_long_t long
59 #ifndef user_siginfo_t
60 #define user_siginfo_t siginfo_t
63 /* That's for binfmt_elf_fdpic to deal with */
64 #ifndef elf_check_fdpic
65 #define elf_check_fdpic(ex) false
68 static int load_elf_binary(struct linux_binprm *bprm);
71 static int load_elf_library(struct file *);
73 #define load_elf_library NULL
77 * If we don't support core dumping, then supply a NULL so we
80 #ifdef CONFIG_ELF_CORE
81 static int elf_core_dump(struct coredump_params *cprm);
83 #define elf_core_dump NULL
86 #if ELF_EXEC_PAGESIZE > PAGE_SIZE
87 #define ELF_MIN_ALIGN ELF_EXEC_PAGESIZE
89 #define ELF_MIN_ALIGN PAGE_SIZE
92 #ifndef ELF_CORE_EFLAGS
93 #define ELF_CORE_EFLAGS 0
96 #define ELF_PAGESTART(_v) ((_v) & ~(unsigned long)(ELF_MIN_ALIGN-1))
97 #define ELF_PAGEOFFSET(_v) ((_v) & (ELF_MIN_ALIGN-1))
98 #define ELF_PAGEALIGN(_v) (((_v) + ELF_MIN_ALIGN - 1) & ~(ELF_MIN_ALIGN - 1))
100 static struct linux_binfmt elf_format = {
101 .module = THIS_MODULE,
102 .load_binary = load_elf_binary,
103 .load_shlib = load_elf_library,
104 .core_dump = elf_core_dump,
105 .min_coredump = ELF_EXEC_PAGESIZE,
108 #define BAD_ADDR(x) (unlikely((unsigned long)(x) >= TASK_SIZE))
110 static int set_brk(unsigned long start, unsigned long end, int prot)
112 start = ELF_PAGEALIGN(start);
113 end = ELF_PAGEALIGN(end);
116 * Map the last of the bss segment.
117 * If the header is requesting these pages to be
118 * executable, honour that (ppc32 needs this).
120 int error = vm_brk_flags(start, end - start,
121 prot & PROT_EXEC ? VM_EXEC : 0);
125 current->mm->start_brk = current->mm->brk = end;
129 /* We need to explicitly zero any fractional pages
130 after the data section (i.e. bss). This would
131 contain the junk from the file that should not
134 static int padzero(unsigned long elf_bss)
138 nbyte = ELF_PAGEOFFSET(elf_bss);
140 nbyte = ELF_MIN_ALIGN - nbyte;
141 if (clear_user((void __user *) elf_bss, nbyte))
147 /* Let's use some macros to make this stack manipulation a little clearer */
148 #ifdef CONFIG_STACK_GROWSUP
149 #define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) + (items))
150 #define STACK_ROUND(sp, items) \
151 ((15 + (unsigned long) ((sp) + (items))) &~ 15UL)
152 #define STACK_ALLOC(sp, len) ({ \
153 elf_addr_t __user *old_sp = (elf_addr_t __user *)sp; sp += len; \
156 #define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) - (items))
157 #define STACK_ROUND(sp, items) \
158 (((unsigned long) (sp - items)) &~ 15UL)
159 #define STACK_ALLOC(sp, len) ({ sp -= len ; sp; })
162 #ifndef ELF_BASE_PLATFORM
164 * AT_BASE_PLATFORM indicates the "real" hardware/microarchitecture.
165 * If the arch defines ELF_BASE_PLATFORM (in asm/elf.h), the value
166 * will be copied to the user stack in the same manner as AT_PLATFORM.
168 #define ELF_BASE_PLATFORM NULL
172 create_elf_tables(struct linux_binprm *bprm, const struct elfhdr *exec,
173 unsigned long interp_load_addr,
174 unsigned long e_entry, unsigned long phdr_addr)
176 struct mm_struct *mm = current->mm;
177 unsigned long p = bprm->p;
178 int argc = bprm->argc;
179 int envc = bprm->envc;
180 elf_addr_t __user *sp;
181 elf_addr_t __user *u_platform;
182 elf_addr_t __user *u_base_platform;
183 elf_addr_t __user *u_rand_bytes;
184 const char *k_platform = ELF_PLATFORM;
185 const char *k_base_platform = ELF_BASE_PLATFORM;
186 unsigned char k_rand_bytes[16];
188 elf_addr_t *elf_info;
190 const struct cred *cred = current_cred();
191 struct vm_area_struct *vma;
194 * In some cases (e.g. Hyper-Threading), we want to avoid L1
195 * evictions by the processes running on the same package. One
196 * thing we can do is to shuffle the initial stack for them.
199 p = arch_align_stack(p);
202 * If this architecture has a platform capability string, copy it
203 * to userspace. In some cases (Sparc), this info is impossible
204 * for userspace to get any other way, in others (i386) it is
209 size_t len = strlen(k_platform) + 1;
211 u_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
212 if (copy_to_user(u_platform, k_platform, len))
217 * If this architecture has a "base" platform capability
218 * string, copy it to userspace.
220 u_base_platform = NULL;
221 if (k_base_platform) {
222 size_t len = strlen(k_base_platform) + 1;
224 u_base_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
225 if (copy_to_user(u_base_platform, k_base_platform, len))
230 * Generate 16 random bytes for userspace PRNG seeding.
232 get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes));
233 u_rand_bytes = (elf_addr_t __user *)
234 STACK_ALLOC(p, sizeof(k_rand_bytes));
235 if (copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes)))
238 /* Create the ELF interpreter info */
239 elf_info = (elf_addr_t *)mm->saved_auxv;
240 /* update AT_VECTOR_SIZE_BASE if the number of NEW_AUX_ENT() changes */
241 #define NEW_AUX_ENT(id, val) \
249 * ARCH_DLINFO must come first so PPC can do its special alignment of
251 * update AT_VECTOR_SIZE_ARCH if the number of NEW_AUX_ENT() in
252 * ARCH_DLINFO changes
256 NEW_AUX_ENT(AT_HWCAP, ELF_HWCAP);
257 NEW_AUX_ENT(AT_PAGESZ, ELF_EXEC_PAGESIZE);
258 NEW_AUX_ENT(AT_CLKTCK, CLOCKS_PER_SEC);
259 NEW_AUX_ENT(AT_PHDR, phdr_addr);
260 NEW_AUX_ENT(AT_PHENT, sizeof(struct elf_phdr));
261 NEW_AUX_ENT(AT_PHNUM, exec->e_phnum);
262 NEW_AUX_ENT(AT_BASE, interp_load_addr);
263 NEW_AUX_ENT(AT_FLAGS, 0);
264 NEW_AUX_ENT(AT_ENTRY, e_entry);
265 NEW_AUX_ENT(AT_UID, from_kuid_munged(cred->user_ns, cred->uid));
266 NEW_AUX_ENT(AT_EUID, from_kuid_munged(cred->user_ns, cred->euid));
267 NEW_AUX_ENT(AT_GID, from_kgid_munged(cred->user_ns, cred->gid));
268 NEW_AUX_ENT(AT_EGID, from_kgid_munged(cred->user_ns, cred->egid));
269 NEW_AUX_ENT(AT_SECURE, bprm->secureexec);
270 NEW_AUX_ENT(AT_RANDOM, (elf_addr_t)(unsigned long)u_rand_bytes);
272 NEW_AUX_ENT(AT_HWCAP2, ELF_HWCAP2);
274 NEW_AUX_ENT(AT_EXECFN, bprm->exec);
276 NEW_AUX_ENT(AT_PLATFORM,
277 (elf_addr_t)(unsigned long)u_platform);
279 if (k_base_platform) {
280 NEW_AUX_ENT(AT_BASE_PLATFORM,
281 (elf_addr_t)(unsigned long)u_base_platform);
283 if (bprm->have_execfd) {
284 NEW_AUX_ENT(AT_EXECFD, bprm->execfd);
287 /* AT_NULL is zero; clear the rest too */
288 memset(elf_info, 0, (char *)mm->saved_auxv +
289 sizeof(mm->saved_auxv) - (char *)elf_info);
291 /* And advance past the AT_NULL entry. */
294 ei_index = elf_info - (elf_addr_t *)mm->saved_auxv;
295 sp = STACK_ADD(p, ei_index);
297 items = (argc + 1) + (envc + 1) + 1;
298 bprm->p = STACK_ROUND(sp, items);
300 /* Point sp at the lowest address on the stack */
301 #ifdef CONFIG_STACK_GROWSUP
302 sp = (elf_addr_t __user *)bprm->p - items - ei_index;
303 bprm->exec = (unsigned long)sp; /* XXX: PARISC HACK */
305 sp = (elf_addr_t __user *)bprm->p;
310 * Grow the stack manually; some architectures have a limit on how
311 * far ahead a user-space access may be in order to grow the stack.
313 if (mmap_read_lock_killable(mm))
315 vma = find_extend_vma(mm, bprm->p);
316 mmap_read_unlock(mm);
320 /* Now, let's put argc (and argv, envp if appropriate) on the stack */
321 if (put_user(argc, sp++))
324 /* Populate list of argv pointers back to argv strings. */
325 p = mm->arg_end = mm->arg_start;
328 if (put_user((elf_addr_t)p, sp++))
330 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
331 if (!len || len > MAX_ARG_STRLEN)
335 if (put_user(0, sp++))
339 /* Populate list of envp pointers back to envp strings. */
340 mm->env_end = mm->env_start = p;
343 if (put_user((elf_addr_t)p, sp++))
345 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
346 if (!len || len > MAX_ARG_STRLEN)
350 if (put_user(0, sp++))
354 /* Put the elf_info on the stack in the right place. */
355 if (copy_to_user(sp, mm->saved_auxv, ei_index * sizeof(elf_addr_t)))
360 static unsigned long elf_map(struct file *filep, unsigned long addr,
361 const struct elf_phdr *eppnt, int prot, int type,
362 unsigned long total_size)
364 unsigned long map_addr;
365 unsigned long size = eppnt->p_filesz + ELF_PAGEOFFSET(eppnt->p_vaddr);
366 unsigned long off = eppnt->p_offset - ELF_PAGEOFFSET(eppnt->p_vaddr);
367 addr = ELF_PAGESTART(addr);
368 size = ELF_PAGEALIGN(size);
370 /* mmap() will return -EINVAL if given a zero size, but a
371 * segment with zero filesize is perfectly valid */
376 * total_size is the size of the ELF (interpreter) image.
377 * The _first_ mmap needs to know the full size, otherwise
378 * randomization might put this image into an overlapping
379 * position with the ELF binary image. (since size < total_size)
380 * So we first map the 'big' image - and unmap the remainder at
381 * the end. (which unmap is needed for ELF images with holes.)
384 total_size = ELF_PAGEALIGN(total_size);
385 map_addr = vm_mmap(filep, addr, total_size, prot, type, off);
386 if (!BAD_ADDR(map_addr))
387 vm_munmap(map_addr+size, total_size-size);
389 map_addr = vm_mmap(filep, addr, size, prot, type, off);
391 if ((type & MAP_FIXED_NOREPLACE) &&
392 PTR_ERR((void *)map_addr) == -EEXIST)
393 pr_info("%d (%s): Uhuuh, elf segment at %px requested but the memory is mapped already\n",
394 task_pid_nr(current), current->comm, (void *)addr);
399 static unsigned long total_mapping_size(const struct elf_phdr *cmds, int nr)
401 int i, first_idx = -1, last_idx = -1;
403 for (i = 0; i < nr; i++) {
404 if (cmds[i].p_type == PT_LOAD) {
413 return cmds[last_idx].p_vaddr + cmds[last_idx].p_memsz -
414 ELF_PAGESTART(cmds[first_idx].p_vaddr);
417 static int elf_read(struct file *file, void *buf, size_t len, loff_t pos)
421 rv = kernel_read(file, buf, len, &pos);
422 if (unlikely(rv != len)) {
423 return (rv < 0) ? rv : -EIO;
428 static unsigned long maximum_alignment(struct elf_phdr *cmds, int nr)
430 unsigned long alignment = 0;
433 for (i = 0; i < nr; i++) {
434 if (cmds[i].p_type == PT_LOAD) {
435 unsigned long p_align = cmds[i].p_align;
437 /* skip non-power of two alignments as invalid */
438 if (!is_power_of_2(p_align))
440 alignment = max(alignment, p_align);
444 /* ensure we align to at least one page */
445 return ELF_PAGEALIGN(alignment);
449 * load_elf_phdrs() - load ELF program headers
450 * @elf_ex: ELF header of the binary whose program headers should be loaded
451 * @elf_file: the opened ELF binary file
453 * Loads ELF program headers from the binary file elf_file, which has the ELF
454 * header pointed to by elf_ex, into a newly allocated array. The caller is
455 * responsible for freeing the allocated data. Returns an ERR_PTR upon failure.
457 static struct elf_phdr *load_elf_phdrs(const struct elfhdr *elf_ex,
458 struct file *elf_file)
460 struct elf_phdr *elf_phdata = NULL;
461 int retval, err = -1;
465 * If the size of this structure has changed, then punt, since
466 * we will be doing the wrong thing.
468 if (elf_ex->e_phentsize != sizeof(struct elf_phdr))
471 /* Sanity check the number of program headers... */
472 /* ...and their total size. */
473 size = sizeof(struct elf_phdr) * elf_ex->e_phnum;
474 if (size == 0 || size > 65536 || size > ELF_MIN_ALIGN)
477 elf_phdata = kmalloc(size, GFP_KERNEL);
481 /* Read in the program headers */
482 retval = elf_read(elf_file, elf_phdata, size, elf_ex->e_phoff);
498 #ifndef CONFIG_ARCH_BINFMT_ELF_STATE
501 * struct arch_elf_state - arch-specific ELF loading state
503 * This structure is used to preserve architecture specific data during
504 * the loading of an ELF file, throughout the checking of architecture
505 * specific ELF headers & through to the point where the ELF load is
506 * known to be proceeding (ie. SET_PERSONALITY).
508 * This implementation is a dummy for architectures which require no
511 struct arch_elf_state {
514 #define INIT_ARCH_ELF_STATE {}
517 * arch_elf_pt_proc() - check a PT_LOPROC..PT_HIPROC ELF program header
518 * @ehdr: The main ELF header
519 * @phdr: The program header to check
520 * @elf: The open ELF file
521 * @is_interp: True if the phdr is from the interpreter of the ELF being
522 * loaded, else false.
523 * @state: Architecture-specific state preserved throughout the process
524 * of loading the ELF.
526 * Inspects the program header phdr to validate its correctness and/or
527 * suitability for the system. Called once per ELF program header in the
528 * range PT_LOPROC to PT_HIPROC, for both the ELF being loaded and its
531 * Return: Zero to proceed with the ELF load, non-zero to fail the ELF load
532 * with that return code.
534 static inline int arch_elf_pt_proc(struct elfhdr *ehdr,
535 struct elf_phdr *phdr,
536 struct file *elf, bool is_interp,
537 struct arch_elf_state *state)
539 /* Dummy implementation, always proceed */
544 * arch_check_elf() - check an ELF executable
545 * @ehdr: The main ELF header
546 * @has_interp: True if the ELF has an interpreter, else false.
547 * @interp_ehdr: The interpreter's ELF header
548 * @state: Architecture-specific state preserved throughout the process
549 * of loading the ELF.
551 * Provides a final opportunity for architecture code to reject the loading
552 * of the ELF & cause an exec syscall to return an error. This is called after
553 * all program headers to be checked by arch_elf_pt_proc have been.
555 * Return: Zero to proceed with the ELF load, non-zero to fail the ELF load
556 * with that return code.
558 static inline int arch_check_elf(struct elfhdr *ehdr, bool has_interp,
559 struct elfhdr *interp_ehdr,
560 struct arch_elf_state *state)
562 /* Dummy implementation, always proceed */
566 #endif /* !CONFIG_ARCH_BINFMT_ELF_STATE */
568 static inline int make_prot(u32 p_flags, struct arch_elf_state *arch_state,
569 bool has_interp, bool is_interp)
580 return arch_elf_adjust_prot(prot, arch_state, has_interp, is_interp);
583 /* This is much more generalized than the library routine read function,
584 so we keep this separate. Technically the library read function
585 is only provided so that we can read a.out libraries that have
588 static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
589 struct file *interpreter,
590 unsigned long no_base, struct elf_phdr *interp_elf_phdata,
591 struct arch_elf_state *arch_state)
593 struct elf_phdr *eppnt;
594 unsigned long load_addr = 0;
595 int load_addr_set = 0;
596 unsigned long last_bss = 0, elf_bss = 0;
598 unsigned long error = ~0UL;
599 unsigned long total_size;
602 /* First of all, some simple consistency checks */
603 if (interp_elf_ex->e_type != ET_EXEC &&
604 interp_elf_ex->e_type != ET_DYN)
606 if (!elf_check_arch(interp_elf_ex) ||
607 elf_check_fdpic(interp_elf_ex))
609 if (!interpreter->f_op->mmap)
612 total_size = total_mapping_size(interp_elf_phdata,
613 interp_elf_ex->e_phnum);
619 eppnt = interp_elf_phdata;
620 for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) {
621 if (eppnt->p_type == PT_LOAD) {
622 int elf_type = MAP_PRIVATE | MAP_DENYWRITE;
623 int elf_prot = make_prot(eppnt->p_flags, arch_state,
625 unsigned long vaddr = 0;
626 unsigned long k, map_addr;
628 vaddr = eppnt->p_vaddr;
629 if (interp_elf_ex->e_type == ET_EXEC || load_addr_set)
630 elf_type |= MAP_FIXED;
631 else if (no_base && interp_elf_ex->e_type == ET_DYN)
634 map_addr = elf_map(interpreter, load_addr + vaddr,
635 eppnt, elf_prot, elf_type, total_size);
638 if (BAD_ADDR(map_addr))
641 if (!load_addr_set &&
642 interp_elf_ex->e_type == ET_DYN) {
643 load_addr = map_addr - ELF_PAGESTART(vaddr);
648 * Check to see if the section's size will overflow the
649 * allowed task size. Note that p_filesz must always be
650 * <= p_memsize so it's only necessary to check p_memsz.
652 k = load_addr + eppnt->p_vaddr;
654 eppnt->p_filesz > eppnt->p_memsz ||
655 eppnt->p_memsz > TASK_SIZE ||
656 TASK_SIZE - eppnt->p_memsz < k) {
662 * Find the end of the file mapping for this phdr, and
663 * keep track of the largest address we see for this.
665 k = load_addr + eppnt->p_vaddr + eppnt->p_filesz;
670 * Do the same thing for the memory mapping - between
671 * elf_bss and last_bss is the bss section.
673 k = load_addr + eppnt->p_vaddr + eppnt->p_memsz;
682 * Now fill out the bss section: first pad the last page from
683 * the file up to the page boundary, and zero it from elf_bss
684 * up to the end of the page.
686 if (padzero(elf_bss)) {
691 * Next, align both the file and mem bss up to the page size,
692 * since this is where elf_bss was just zeroed up to, and where
693 * last_bss will end after the vm_brk_flags() below.
695 elf_bss = ELF_PAGEALIGN(elf_bss);
696 last_bss = ELF_PAGEALIGN(last_bss);
697 /* Finally, if there is still more bss to allocate, do it. */
698 if (last_bss > elf_bss) {
699 error = vm_brk_flags(elf_bss, last_bss - elf_bss,
700 bss_prot & PROT_EXEC ? VM_EXEC : 0);
711 * These are the functions used to load ELF style executables and shared
712 * libraries. There is no binary dependent code anywhere else.
715 static int parse_elf_property(const char *data, size_t *off, size_t datasz,
716 struct arch_elf_state *arch,
717 bool have_prev_type, u32 *prev_type)
720 const struct gnu_property *pr;
726 if (WARN_ON_ONCE(*off > datasz || *off % ELF_GNU_PROPERTY_ALIGN))
731 if (datasz < sizeof(*pr))
733 pr = (const struct gnu_property *)(data + o);
735 datasz -= sizeof(*pr);
737 if (pr->pr_datasz > datasz)
740 WARN_ON_ONCE(o % ELF_GNU_PROPERTY_ALIGN);
741 step = round_up(pr->pr_datasz, ELF_GNU_PROPERTY_ALIGN);
745 /* Properties are supposed to be unique and sorted on pr_type: */
746 if (have_prev_type && pr->pr_type <= *prev_type)
748 *prev_type = pr->pr_type;
750 ret = arch_parse_elf_property(pr->pr_type, data + o,
751 pr->pr_datasz, ELF_COMPAT, arch);
759 #define NOTE_DATA_SZ SZ_1K
760 #define GNU_PROPERTY_TYPE_0_NAME "GNU"
761 #define NOTE_NAME_SZ (sizeof(GNU_PROPERTY_TYPE_0_NAME))
763 static int parse_elf_properties(struct file *f, const struct elf_phdr *phdr,
764 struct arch_elf_state *arch)
767 struct elf_note nhdr;
768 char data[NOTE_DATA_SZ];
777 if (!IS_ENABLED(CONFIG_ARCH_USE_GNU_PROPERTY) || !phdr)
780 /* load_elf_binary() shouldn't call us unless this is true... */
781 if (WARN_ON_ONCE(phdr->p_type != PT_GNU_PROPERTY))
784 /* If the properties are crazy large, that's too bad (for now): */
785 if (phdr->p_filesz > sizeof(note))
788 pos = phdr->p_offset;
789 n = kernel_read(f, ¬e, phdr->p_filesz, &pos);
791 BUILD_BUG_ON(sizeof(note) < sizeof(note.nhdr) + NOTE_NAME_SZ);
792 if (n < 0 || n < sizeof(note.nhdr) + NOTE_NAME_SZ)
795 if (note.nhdr.n_type != NT_GNU_PROPERTY_TYPE_0 ||
796 note.nhdr.n_namesz != NOTE_NAME_SZ ||
797 strncmp(note.data + sizeof(note.nhdr),
798 GNU_PROPERTY_TYPE_0_NAME, n - sizeof(note.nhdr)))
801 off = round_up(sizeof(note.nhdr) + NOTE_NAME_SZ,
802 ELF_GNU_PROPERTY_ALIGN);
806 if (note.nhdr.n_descsz > n - off)
808 datasz = off + note.nhdr.n_descsz;
810 have_prev_type = false;
812 ret = parse_elf_property(note.data, &off, datasz, arch,
813 have_prev_type, &prev_type);
814 have_prev_type = true;
817 return ret == -ENOENT ? 0 : ret;
820 static int load_elf_binary(struct linux_binprm *bprm)
822 struct file *interpreter = NULL; /* to shut gcc up */
823 unsigned long load_addr, load_bias = 0, phdr_addr = 0;
824 int load_addr_set = 0;
826 struct elf_phdr *elf_ppnt, *elf_phdata, *interp_elf_phdata = NULL;
827 struct elf_phdr *elf_property_phdata = NULL;
828 unsigned long elf_bss, elf_brk;
831 unsigned long elf_entry;
832 unsigned long e_entry;
833 unsigned long interp_load_addr = 0;
834 unsigned long start_code, end_code, start_data, end_data;
835 unsigned long reloc_func_desc __maybe_unused = 0;
836 int executable_stack = EXSTACK_DEFAULT;
837 struct elfhdr *elf_ex = (struct elfhdr *)bprm->buf;
838 struct elfhdr *interp_elf_ex = NULL;
839 struct arch_elf_state arch_state = INIT_ARCH_ELF_STATE;
840 struct mm_struct *mm;
841 struct pt_regs *regs;
844 /* First of all, some simple consistency checks */
845 if (memcmp(elf_ex->e_ident, ELFMAG, SELFMAG) != 0)
848 if (elf_ex->e_type != ET_EXEC && elf_ex->e_type != ET_DYN)
850 if (!elf_check_arch(elf_ex))
852 if (elf_check_fdpic(elf_ex))
854 if (!bprm->file->f_op->mmap)
857 elf_phdata = load_elf_phdrs(elf_ex, bprm->file);
861 elf_ppnt = elf_phdata;
862 for (i = 0; i < elf_ex->e_phnum; i++, elf_ppnt++) {
863 char *elf_interpreter;
865 if (elf_ppnt->p_type == PT_GNU_PROPERTY) {
866 elf_property_phdata = elf_ppnt;
870 if (elf_ppnt->p_type != PT_INTERP)
874 * This is the program interpreter used for shared libraries -
875 * for now assume that this is an a.out format binary.
878 if (elf_ppnt->p_filesz > PATH_MAX || elf_ppnt->p_filesz < 2)
882 elf_interpreter = kmalloc(elf_ppnt->p_filesz, GFP_KERNEL);
883 if (!elf_interpreter)
886 retval = elf_read(bprm->file, elf_interpreter, elf_ppnt->p_filesz,
889 goto out_free_interp;
890 /* make sure path is NULL terminated */
892 if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0')
893 goto out_free_interp;
895 interpreter = open_exec(elf_interpreter);
896 kfree(elf_interpreter);
897 retval = PTR_ERR(interpreter);
898 if (IS_ERR(interpreter))
902 * If the binary is not readable then enforce mm->dumpable = 0
903 * regardless of the interpreter's permissions.
905 would_dump(bprm, interpreter);
907 interp_elf_ex = kmalloc(sizeof(*interp_elf_ex), GFP_KERNEL);
908 if (!interp_elf_ex) {
913 /* Get the exec headers */
914 retval = elf_read(interpreter, interp_elf_ex,
915 sizeof(*interp_elf_ex), 0);
917 goto out_free_dentry;
922 kfree(elf_interpreter);
926 elf_ppnt = elf_phdata;
927 for (i = 0; i < elf_ex->e_phnum; i++, elf_ppnt++)
928 switch (elf_ppnt->p_type) {
930 if (elf_ppnt->p_flags & PF_X)
931 executable_stack = EXSTACK_ENABLE_X;
933 executable_stack = EXSTACK_DISABLE_X;
936 case PT_LOPROC ... PT_HIPROC:
937 retval = arch_elf_pt_proc(elf_ex, elf_ppnt,
941 goto out_free_dentry;
945 /* Some simple consistency checks for the interpreter */
948 /* Not an ELF interpreter */
949 if (memcmp(interp_elf_ex->e_ident, ELFMAG, SELFMAG) != 0)
950 goto out_free_dentry;
951 /* Verify the interpreter has a valid arch */
952 if (!elf_check_arch(interp_elf_ex) ||
953 elf_check_fdpic(interp_elf_ex))
954 goto out_free_dentry;
956 /* Load the interpreter program headers */
957 interp_elf_phdata = load_elf_phdrs(interp_elf_ex,
959 if (!interp_elf_phdata)
960 goto out_free_dentry;
962 /* Pass PT_LOPROC..PT_HIPROC headers to arch code */
963 elf_property_phdata = NULL;
964 elf_ppnt = interp_elf_phdata;
965 for (i = 0; i < interp_elf_ex->e_phnum; i++, elf_ppnt++)
966 switch (elf_ppnt->p_type) {
967 case PT_GNU_PROPERTY:
968 elf_property_phdata = elf_ppnt;
971 case PT_LOPROC ... PT_HIPROC:
972 retval = arch_elf_pt_proc(interp_elf_ex,
973 elf_ppnt, interpreter,
976 goto out_free_dentry;
981 retval = parse_elf_properties(interpreter ?: bprm->file,
982 elf_property_phdata, &arch_state);
984 goto out_free_dentry;
987 * Allow arch code to reject the ELF at this point, whilst it's
988 * still possible to return an error to the code that invoked
991 retval = arch_check_elf(elf_ex,
992 !!interpreter, interp_elf_ex,
995 goto out_free_dentry;
997 /* Flush all traces of the currently running executable */
998 retval = begin_new_exec(bprm);
1000 goto out_free_dentry;
1002 /* Do this immediately, since STACK_TOP as used in setup_arg_pages
1003 may depend on the personality. */
1004 SET_PERSONALITY2(*elf_ex, &arch_state);
1005 if (elf_read_implies_exec(*elf_ex, executable_stack))
1006 current->personality |= READ_IMPLIES_EXEC;
1008 if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
1009 current->flags |= PF_RANDOMIZE;
1011 setup_new_exec(bprm);
1013 /* Do this so that we can load the interpreter, if need be. We will
1014 change some of these later */
1015 retval = setup_arg_pages(bprm, randomize_stack_top(STACK_TOP),
1018 goto out_free_dentry;
1028 /* Now we do a little grungy work by mmapping the ELF image into
1029 the correct location in memory. */
1030 for(i = 0, elf_ppnt = elf_phdata;
1031 i < elf_ex->e_phnum; i++, elf_ppnt++) {
1032 int elf_prot, elf_flags;
1033 unsigned long k, vaddr;
1034 unsigned long total_size = 0;
1035 unsigned long alignment;
1037 if (elf_ppnt->p_type != PT_LOAD)
1040 if (unlikely (elf_brk > elf_bss)) {
1041 unsigned long nbyte;
1043 /* There was a PT_LOAD segment with p_memsz > p_filesz
1044 before this one. Map anonymous pages, if needed,
1045 and clear the area. */
1046 retval = set_brk(elf_bss + load_bias,
1047 elf_brk + load_bias,
1050 goto out_free_dentry;
1051 nbyte = ELF_PAGEOFFSET(elf_bss);
1053 nbyte = ELF_MIN_ALIGN - nbyte;
1054 if (nbyte > elf_brk - elf_bss)
1055 nbyte = elf_brk - elf_bss;
1056 if (clear_user((void __user *)elf_bss +
1057 load_bias, nbyte)) {
1059 * This bss-zeroing can fail if the ELF
1060 * file specifies odd protections. So
1061 * we don't check the return value
1067 elf_prot = make_prot(elf_ppnt->p_flags, &arch_state,
1068 !!interpreter, false);
1070 elf_flags = MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE;
1072 vaddr = elf_ppnt->p_vaddr;
1074 * If we are loading ET_EXEC or we have already performed
1075 * the ET_DYN load_addr calculations, proceed normally.
1077 if (elf_ex->e_type == ET_EXEC || load_addr_set) {
1078 elf_flags |= MAP_FIXED;
1079 } else if (elf_ex->e_type == ET_DYN) {
1081 * This logic is run once for the first LOAD Program
1082 * Header for ET_DYN binaries to calculate the
1083 * randomization (load_bias) for all the LOAD
1084 * Program Headers, and to calculate the entire
1085 * size of the ELF mapping (total_size). (Note that
1086 * load_addr_set is set to true later once the
1087 * initial mapping is performed.)
1089 * There are effectively two types of ET_DYN
1090 * binaries: programs (i.e. PIE: ET_DYN with INTERP)
1091 * and loaders (ET_DYN without INTERP, since they
1092 * _are_ the ELF interpreter). The loaders must
1093 * be loaded away from programs since the program
1094 * may otherwise collide with the loader (especially
1095 * for ET_EXEC which does not have a randomized
1096 * position). For example to handle invocations of
1097 * "./ld.so someprog" to test out a new version of
1098 * the loader, the subsequent program that the
1099 * loader loads must avoid the loader itself, so
1100 * they cannot share the same load range. Sufficient
1101 * room for the brk must be allocated with the
1102 * loader as well, since brk must be available with
1105 * Therefore, programs are loaded offset from
1106 * ELF_ET_DYN_BASE and loaders are loaded into the
1107 * independently randomized mmap region (0 load_bias
1108 * without MAP_FIXED).
1111 load_bias = ELF_ET_DYN_BASE;
1112 if (current->flags & PF_RANDOMIZE)
1113 load_bias += arch_mmap_rnd();
1114 alignment = maximum_alignment(elf_phdata, elf_ex->e_phnum);
1116 load_bias &= ~(alignment - 1);
1117 elf_flags |= MAP_FIXED;
1122 * Since load_bias is used for all subsequent loading
1123 * calculations, we must lower it by the first vaddr
1124 * so that the remaining calculations based on the
1125 * ELF vaddrs will be correctly offset. The result
1126 * is then page aligned.
1128 load_bias = ELF_PAGESTART(load_bias - vaddr);
1130 total_size = total_mapping_size(elf_phdata,
1134 goto out_free_dentry;
1138 error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
1139 elf_prot, elf_flags, total_size);
1140 if (BAD_ADDR(error)) {
1141 retval = IS_ERR((void *)error) ?
1142 PTR_ERR((void*)error) : -EINVAL;
1143 goto out_free_dentry;
1146 if (!load_addr_set) {
1148 load_addr = (elf_ppnt->p_vaddr - elf_ppnt->p_offset);
1149 if (elf_ex->e_type == ET_DYN) {
1150 load_bias += error -
1151 ELF_PAGESTART(load_bias + vaddr);
1152 load_addr += load_bias;
1153 reloc_func_desc = load_bias;
1158 * Figure out which segment in the file contains the Program
1159 * Header table, and map to the associated memory address.
1161 if (elf_ppnt->p_offset <= elf_ex->e_phoff &&
1162 elf_ex->e_phoff < elf_ppnt->p_offset + elf_ppnt->p_filesz) {
1163 phdr_addr = elf_ex->e_phoff - elf_ppnt->p_offset +
1167 k = elf_ppnt->p_vaddr;
1168 if ((elf_ppnt->p_flags & PF_X) && k < start_code)
1174 * Check to see if the section's size will overflow the
1175 * allowed task size. Note that p_filesz must always be
1176 * <= p_memsz so it is only necessary to check p_memsz.
1178 if (BAD_ADDR(k) || elf_ppnt->p_filesz > elf_ppnt->p_memsz ||
1179 elf_ppnt->p_memsz > TASK_SIZE ||
1180 TASK_SIZE - elf_ppnt->p_memsz < k) {
1181 /* set_brk can never work. Avoid overflows. */
1183 goto out_free_dentry;
1186 k = elf_ppnt->p_vaddr + elf_ppnt->p_filesz;
1190 if ((elf_ppnt->p_flags & PF_X) && end_code < k)
1194 k = elf_ppnt->p_vaddr + elf_ppnt->p_memsz;
1196 bss_prot = elf_prot;
1201 e_entry = elf_ex->e_entry + load_bias;
1202 phdr_addr += load_bias;
1203 elf_bss += load_bias;
1204 elf_brk += load_bias;
1205 start_code += load_bias;
1206 end_code += load_bias;
1207 start_data += load_bias;
1208 end_data += load_bias;
1210 /* Calling set_brk effectively mmaps the pages that we need
1211 * for the bss and break sections. We must do this before
1212 * mapping in the interpreter, to make sure it doesn't wind
1213 * up getting placed where the bss needs to go.
1215 retval = set_brk(elf_bss, elf_brk, bss_prot);
1217 goto out_free_dentry;
1218 if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
1219 retval = -EFAULT; /* Nobody gets to see this, but.. */
1220 goto out_free_dentry;
1224 elf_entry = load_elf_interp(interp_elf_ex,
1226 load_bias, interp_elf_phdata,
1228 if (!IS_ERR((void *)elf_entry)) {
1230 * load_elf_interp() returns relocation
1233 interp_load_addr = elf_entry;
1234 elf_entry += interp_elf_ex->e_entry;
1236 if (BAD_ADDR(elf_entry)) {
1237 retval = IS_ERR((void *)elf_entry) ?
1238 (int)elf_entry : -EINVAL;
1239 goto out_free_dentry;
1241 reloc_func_desc = interp_load_addr;
1243 allow_write_access(interpreter);
1246 kfree(interp_elf_ex);
1247 kfree(interp_elf_phdata);
1249 elf_entry = e_entry;
1250 if (BAD_ADDR(elf_entry)) {
1252 goto out_free_dentry;
1258 set_binfmt(&elf_format);
1260 #ifdef ARCH_HAS_SETUP_ADDITIONAL_PAGES
1261 retval = arch_setup_additional_pages(bprm, !!interpreter);
1264 #endif /* ARCH_HAS_SETUP_ADDITIONAL_PAGES */
1266 retval = create_elf_tables(bprm, elf_ex, interp_load_addr,
1267 e_entry, phdr_addr);
1272 mm->end_code = end_code;
1273 mm->start_code = start_code;
1274 mm->start_data = start_data;
1275 mm->end_data = end_data;
1276 mm->start_stack = bprm->p;
1278 if ((current->flags & PF_RANDOMIZE) && (randomize_va_space > 1)) {
1280 * For architectures with ELF randomization, when executing
1281 * a loader directly (i.e. no interpreter listed in ELF
1282 * headers), move the brk area out of the mmap region
1283 * (since it grows up, and may collide early with the stack
1284 * growing down), and into the unused ELF_ET_DYN_BASE region.
1286 if (IS_ENABLED(CONFIG_ARCH_HAS_ELF_RANDOMIZE) &&
1287 elf_ex->e_type == ET_DYN && !interpreter) {
1288 mm->brk = mm->start_brk = ELF_ET_DYN_BASE;
1291 mm->brk = mm->start_brk = arch_randomize_brk(mm);
1292 #ifdef compat_brk_randomized
1293 current->brk_randomized = 1;
1297 if (current->personality & MMAP_PAGE_ZERO) {
1298 /* Why this, you ask??? Well SVr4 maps page 0 as read-only,
1299 and some applications "depend" upon this behavior.
1300 Since we do not have the power to recompile these, we
1301 emulate the SVr4 behavior. Sigh. */
1302 error = vm_mmap(NULL, 0, PAGE_SIZE, PROT_READ | PROT_EXEC,
1303 MAP_FIXED | MAP_PRIVATE, 0);
1306 regs = current_pt_regs();
1307 #ifdef ELF_PLAT_INIT
1309 * The ABI may specify that certain registers be set up in special
1310 * ways (on i386 %edx is the address of a DT_FINI function, for
1311 * example. In addition, it may also specify (eg, PowerPC64 ELF)
1312 * that the e_entry field is the address of the function descriptor
1313 * for the startup routine, rather than the address of the startup
1314 * routine itself. This macro performs whatever initialization to
1315 * the regs structure is required as well as any relocations to the
1316 * function descriptor entries when executing dynamically links apps.
1318 ELF_PLAT_INIT(regs, reloc_func_desc);
1321 finalize_exec(bprm);
1322 start_thread(regs, elf_entry, bprm->p);
1329 kfree(interp_elf_ex);
1330 kfree(interp_elf_phdata);
1332 allow_write_access(interpreter);
1340 #ifdef CONFIG_USELIB
1341 /* This is really simpleminded and specialized - we are loading an
1342 a.out library that is given an ELF header. */
1343 static int load_elf_library(struct file *file)
1345 struct elf_phdr *elf_phdata;
1346 struct elf_phdr *eppnt;
1347 unsigned long elf_bss, bss, len;
1348 int retval, error, i, j;
1349 struct elfhdr elf_ex;
1352 retval = elf_read(file, &elf_ex, sizeof(elf_ex), 0);
1356 if (memcmp(elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
1359 /* First of all, some simple consistency checks */
1360 if (elf_ex.e_type != ET_EXEC || elf_ex.e_phnum > 2 ||
1361 !elf_check_arch(&elf_ex) || !file->f_op->mmap)
1363 if (elf_check_fdpic(&elf_ex))
1366 /* Now read in all of the header information */
1368 j = sizeof(struct elf_phdr) * elf_ex.e_phnum;
1369 /* j < ELF_MIN_ALIGN because elf_ex.e_phnum <= 2 */
1372 elf_phdata = kmalloc(j, GFP_KERNEL);
1378 retval = elf_read(file, eppnt, j, elf_ex.e_phoff);
1382 for (j = 0, i = 0; i<elf_ex.e_phnum; i++)
1383 if ((eppnt + i)->p_type == PT_LOAD)
1388 while (eppnt->p_type != PT_LOAD)
1391 /* Now use mmap to map the library into memory. */
1392 error = vm_mmap(file,
1393 ELF_PAGESTART(eppnt->p_vaddr),
1395 ELF_PAGEOFFSET(eppnt->p_vaddr)),
1396 PROT_READ | PROT_WRITE | PROT_EXEC,
1397 MAP_FIXED_NOREPLACE | MAP_PRIVATE | MAP_DENYWRITE,
1399 ELF_PAGEOFFSET(eppnt->p_vaddr)));
1400 if (error != ELF_PAGESTART(eppnt->p_vaddr))
1403 elf_bss = eppnt->p_vaddr + eppnt->p_filesz;
1404 if (padzero(elf_bss)) {
1409 len = ELF_PAGEALIGN(eppnt->p_filesz + eppnt->p_vaddr);
1410 bss = ELF_PAGEALIGN(eppnt->p_memsz + eppnt->p_vaddr);
1412 error = vm_brk(len, bss - len);
1423 #endif /* #ifdef CONFIG_USELIB */
1425 #ifdef CONFIG_ELF_CORE
1429 * Modelled on fs/exec.c:aout_core_dump()
1430 * Jeremy Fitzhardinge <jeremy@sw.oz.au>
1433 /* An ELF note in memory */
1438 unsigned int datasz;
1442 static int notesize(struct memelfnote *en)
1446 sz = sizeof(struct elf_note);
1447 sz += roundup(strlen(en->name) + 1, 4);
1448 sz += roundup(en->datasz, 4);
1453 static int writenote(struct memelfnote *men, struct coredump_params *cprm)
1456 en.n_namesz = strlen(men->name) + 1;
1457 en.n_descsz = men->datasz;
1458 en.n_type = men->type;
1460 return dump_emit(cprm, &en, sizeof(en)) &&
1461 dump_emit(cprm, men->name, en.n_namesz) && dump_align(cprm, 4) &&
1462 dump_emit(cprm, men->data, men->datasz) && dump_align(cprm, 4);
1465 static void fill_elf_header(struct elfhdr *elf, int segs,
1466 u16 machine, u32 flags)
1468 memset(elf, 0, sizeof(*elf));
1470 memcpy(elf->e_ident, ELFMAG, SELFMAG);
1471 elf->e_ident[EI_CLASS] = ELF_CLASS;
1472 elf->e_ident[EI_DATA] = ELF_DATA;
1473 elf->e_ident[EI_VERSION] = EV_CURRENT;
1474 elf->e_ident[EI_OSABI] = ELF_OSABI;
1476 elf->e_type = ET_CORE;
1477 elf->e_machine = machine;
1478 elf->e_version = EV_CURRENT;
1479 elf->e_phoff = sizeof(struct elfhdr);
1480 elf->e_flags = flags;
1481 elf->e_ehsize = sizeof(struct elfhdr);
1482 elf->e_phentsize = sizeof(struct elf_phdr);
1483 elf->e_phnum = segs;
1486 static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, loff_t offset)
1488 phdr->p_type = PT_NOTE;
1489 phdr->p_offset = offset;
1492 phdr->p_filesz = sz;
1498 static void fill_note(struct memelfnote *note, const char *name, int type,
1499 unsigned int sz, void *data)
1508 * fill up all the fields in prstatus from the given task struct, except
1509 * registers which need to be filled up separately.
1511 static void fill_prstatus(struct elf_prstatus *prstatus,
1512 struct task_struct *p, long signr)
1514 prstatus->pr_info.si_signo = prstatus->pr_cursig = signr;
1515 prstatus->pr_sigpend = p->pending.signal.sig[0];
1516 prstatus->pr_sighold = p->blocked.sig[0];
1518 prstatus->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1520 prstatus->pr_pid = task_pid_vnr(p);
1521 prstatus->pr_pgrp = task_pgrp_vnr(p);
1522 prstatus->pr_sid = task_session_vnr(p);
1523 if (thread_group_leader(p)) {
1524 struct task_cputime cputime;
1527 * This is the record for the group leader. It shows the
1528 * group-wide total, not its individual thread total.
1530 thread_group_cputime(p, &cputime);
1531 prstatus->pr_utime = ns_to_kernel_old_timeval(cputime.utime);
1532 prstatus->pr_stime = ns_to_kernel_old_timeval(cputime.stime);
1536 task_cputime(p, &utime, &stime);
1537 prstatus->pr_utime = ns_to_kernel_old_timeval(utime);
1538 prstatus->pr_stime = ns_to_kernel_old_timeval(stime);
1541 prstatus->pr_cutime = ns_to_kernel_old_timeval(p->signal->cutime);
1542 prstatus->pr_cstime = ns_to_kernel_old_timeval(p->signal->cstime);
1545 static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p,
1546 struct mm_struct *mm)
1548 const struct cred *cred;
1549 unsigned int i, len;
1551 /* first copy the parameters from user space */
1552 memset(psinfo, 0, sizeof(struct elf_prpsinfo));
1554 len = mm->arg_end - mm->arg_start;
1555 if (len >= ELF_PRARGSZ)
1556 len = ELF_PRARGSZ-1;
1557 if (copy_from_user(&psinfo->pr_psargs,
1558 (const char __user *)mm->arg_start, len))
1560 for(i = 0; i < len; i++)
1561 if (psinfo->pr_psargs[i] == 0)
1562 psinfo->pr_psargs[i] = ' ';
1563 psinfo->pr_psargs[len] = 0;
1566 psinfo->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1568 psinfo->pr_pid = task_pid_vnr(p);
1569 psinfo->pr_pgrp = task_pgrp_vnr(p);
1570 psinfo->pr_sid = task_session_vnr(p);
1572 i = p->state ? ffz(~p->state) + 1 : 0;
1573 psinfo->pr_state = i;
1574 psinfo->pr_sname = (i > 5) ? '.' : "RSDTZW"[i];
1575 psinfo->pr_zomb = psinfo->pr_sname == 'Z';
1576 psinfo->pr_nice = task_nice(p);
1577 psinfo->pr_flag = p->flags;
1579 cred = __task_cred(p);
1580 SET_UID(psinfo->pr_uid, from_kuid_munged(cred->user_ns, cred->uid));
1581 SET_GID(psinfo->pr_gid, from_kgid_munged(cred->user_ns, cred->gid));
1583 strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname));
1588 static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
1590 elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
1594 while (auxv[i - 2] != AT_NULL);
1595 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
1598 static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata,
1599 const kernel_siginfo_t *siginfo)
1601 copy_siginfo_to_external(csigdata, siginfo);
1602 fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata);
1605 #define MAX_FILE_NOTE_SIZE (4*1024*1024)
1607 * Format of NT_FILE note:
1609 * long count -- how many files are mapped
1610 * long page_size -- units for file_ofs
1611 * array of [COUNT] elements of
1615 * followed by COUNT filenames in ASCII: "FILE1" NUL "FILE2" NUL...
1617 static int fill_files_note(struct memelfnote *note, struct coredump_params *cprm)
1619 unsigned count, size, names_ofs, remaining, n;
1621 user_long_t *start_end_ofs;
1622 char *name_base, *name_curpos;
1625 /* *Estimated* file count and total data size needed */
1626 count = cprm->vma_count;
1627 if (count > UINT_MAX / 64)
1631 names_ofs = (2 + 3 * count) * sizeof(data[0]);
1633 if (size >= MAX_FILE_NOTE_SIZE) /* paranoia check */
1635 size = round_up(size, PAGE_SIZE);
1637 * "size" can be 0 here legitimately.
1638 * Let it ENOMEM and omit NT_FILE section which will be empty anyway.
1640 data = kvmalloc(size, GFP_KERNEL);
1641 if (ZERO_OR_NULL_PTR(data))
1644 start_end_ofs = data + 2;
1645 name_base = name_curpos = ((char *)data) + names_ofs;
1646 remaining = size - names_ofs;
1648 for (i = 0; i < cprm->vma_count; i++) {
1649 struct core_vma_metadata *m = &cprm->vma_meta[i];
1651 const char *filename;
1656 filename = file_path(file, name_curpos, remaining);
1657 if (IS_ERR(filename)) {
1658 if (PTR_ERR(filename) == -ENAMETOOLONG) {
1660 size = size * 5 / 4;
1666 /* file_path() fills at the end, move name down */
1667 /* n = strlen(filename) + 1: */
1668 n = (name_curpos + remaining) - filename;
1669 remaining = filename - name_curpos;
1670 memmove(name_curpos, filename, n);
1673 *start_end_ofs++ = m->start;
1674 *start_end_ofs++ = m->end;
1675 *start_end_ofs++ = m->pgoff;
1679 /* Now we know exact count of files, can store it */
1681 data[1] = PAGE_SIZE;
1683 * Count usually is less than mm->map_count,
1684 * we need to move filenames down.
1686 n = cprm->vma_count - count;
1688 unsigned shift_bytes = n * 3 * sizeof(data[0]);
1689 memmove(name_base - shift_bytes, name_base,
1690 name_curpos - name_base);
1691 name_curpos -= shift_bytes;
1694 size = name_curpos - (char *)data;
1695 fill_note(note, "CORE", NT_FILE, size, data);
1699 #ifdef CORE_DUMP_USE_REGSET
1700 #include <linux/regset.h>
1702 struct elf_thread_core_info {
1703 struct elf_thread_core_info *next;
1704 struct task_struct *task;
1705 struct elf_prstatus prstatus;
1706 struct memelfnote notes[];
1709 struct elf_note_info {
1710 struct elf_thread_core_info *thread;
1711 struct memelfnote psinfo;
1712 struct memelfnote signote;
1713 struct memelfnote auxv;
1714 struct memelfnote files;
1715 user_siginfo_t csigdata;
1721 * When a regset has a writeback hook, we call it on each thread before
1722 * dumping user memory. On register window machines, this makes sure the
1723 * user memory backing the register data is up to date before we read it.
1725 static void do_thread_regset_writeback(struct task_struct *task,
1726 const struct user_regset *regset)
1728 if (regset->writeback)
1729 regset->writeback(task, regset, 1);
1732 #ifndef PRSTATUS_SIZE
1733 #define PRSTATUS_SIZE(S, R) sizeof(S)
1736 #ifndef SET_PR_FPVALID
1737 #define SET_PR_FPVALID(S, V, R) ((S)->pr_fpvalid = (V))
1740 static int fill_thread_core_info(struct elf_thread_core_info *t,
1741 const struct user_regset_view *view,
1742 long signr, size_t *total)
1748 * NT_PRSTATUS is the one special case, because the regset data
1749 * goes into the pr_reg field inside the note contents, rather
1750 * than being the whole note contents. We fill the reset in here.
1751 * We assume that regset 0 is NT_PRSTATUS.
1753 fill_prstatus(&t->prstatus, t->task, signr);
1754 regset0_size = regset_get(t->task, &view->regsets[0],
1755 sizeof(t->prstatus.pr_reg), &t->prstatus.pr_reg);
1756 if (regset0_size < 0)
1759 fill_note(&t->notes[0], "CORE", NT_PRSTATUS,
1760 PRSTATUS_SIZE(t->prstatus, regset0_size), &t->prstatus);
1761 *total += notesize(&t->notes[0]);
1763 do_thread_regset_writeback(t->task, &view->regsets[0]);
1766 * Each other regset might generate a note too. For each regset
1767 * that has no core_note_type or is inactive, we leave t->notes[i]
1768 * all zero and we'll know to skip writing it later.
1770 for (i = 1; i < view->n; ++i) {
1771 const struct user_regset *regset = &view->regsets[i];
1772 int note_type = regset->core_note_type;
1773 bool is_fpreg = note_type == NT_PRFPREG;
1777 do_thread_regset_writeback(t->task, regset);
1778 if (!note_type) // not for coredumps
1780 if (regset->active && regset->active(t->task, regset) <= 0)
1783 ret = regset_get_alloc(t->task, regset, ~0U, &data);
1788 SET_PR_FPVALID(&t->prstatus, 1, regset0_size);
1790 fill_note(&t->notes[i], is_fpreg ? "CORE" : "LINUX",
1791 note_type, ret, data);
1793 *total += notesize(&t->notes[i]);
1799 static int fill_note_info(struct elfhdr *elf, int phdrs,
1800 struct elf_note_info *info,
1801 struct coredump_params *cprm)
1803 struct task_struct *dump_task = current;
1804 const struct user_regset_view *view = task_user_regset_view(dump_task);
1805 struct elf_thread_core_info *t;
1806 struct elf_prpsinfo *psinfo;
1807 struct core_thread *ct;
1811 info->thread = NULL;
1813 psinfo = kmalloc(sizeof(*psinfo), GFP_KERNEL);
1814 if (psinfo == NULL) {
1815 info->psinfo.data = NULL; /* So we don't free this wrongly */
1819 fill_note(&info->psinfo, "CORE", NT_PRPSINFO, sizeof(*psinfo), psinfo);
1822 * Figure out how many notes we're going to need for each thread.
1824 info->thread_notes = 0;
1825 for (i = 0; i < view->n; ++i)
1826 if (view->regsets[i].core_note_type != 0)
1827 ++info->thread_notes;
1830 * Sanity check. We rely on regset 0 being in NT_PRSTATUS,
1831 * since it is our one special case.
1833 if (unlikely(info->thread_notes == 0) ||
1834 unlikely(view->regsets[0].core_note_type != NT_PRSTATUS)) {
1840 * Initialize the ELF file header.
1842 fill_elf_header(elf, phdrs,
1843 view->e_machine, view->e_flags);
1846 * Allocate a structure for each thread.
1848 for (ct = &dump_task->mm->core_state->dumper; ct; ct = ct->next) {
1849 t = kzalloc(offsetof(struct elf_thread_core_info,
1850 notes[info->thread_notes]),
1856 if (ct->task == dump_task || !info->thread) {
1857 t->next = info->thread;
1861 * Make sure to keep the original task at
1862 * the head of the list.
1864 t->next = info->thread->next;
1865 info->thread->next = t;
1870 * Now fill in each thread's information.
1872 for (t = info->thread; t != NULL; t = t->next)
1873 if (!fill_thread_core_info(t, view, cprm->siginfo->si_signo, &info->size))
1877 * Fill in the two process-wide notes.
1879 fill_psinfo(psinfo, dump_task->group_leader, dump_task->mm);
1880 info->size += notesize(&info->psinfo);
1882 fill_siginfo_note(&info->signote, &info->csigdata, cprm->siginfo);
1883 info->size += notesize(&info->signote);
1885 fill_auxv_note(&info->auxv, current->mm);
1886 info->size += notesize(&info->auxv);
1888 if (fill_files_note(&info->files, cprm) == 0)
1889 info->size += notesize(&info->files);
1894 static size_t get_note_info_size(struct elf_note_info *info)
1900 * Write all the notes for each thread. When writing the first thread, the
1901 * process-wide notes are interleaved after the first thread-specific note.
1903 static int write_note_info(struct elf_note_info *info,
1904 struct coredump_params *cprm)
1907 struct elf_thread_core_info *t = info->thread;
1912 if (!writenote(&t->notes[0], cprm))
1915 if (first && !writenote(&info->psinfo, cprm))
1917 if (first && !writenote(&info->signote, cprm))
1919 if (first && !writenote(&info->auxv, cprm))
1921 if (first && info->files.data &&
1922 !writenote(&info->files, cprm))
1925 for (i = 1; i < info->thread_notes; ++i)
1926 if (t->notes[i].data &&
1927 !writenote(&t->notes[i], cprm))
1937 static void free_note_info(struct elf_note_info *info)
1939 struct elf_thread_core_info *threads = info->thread;
1942 struct elf_thread_core_info *t = threads;
1944 WARN_ON(t->notes[0].data && t->notes[0].data != &t->prstatus);
1945 for (i = 1; i < info->thread_notes; ++i)
1946 kfree(t->notes[i].data);
1949 kfree(info->psinfo.data);
1950 kvfree(info->files.data);
1955 /* Here is the structure in which status of each thread is captured. */
1956 struct elf_thread_status
1958 struct list_head list;
1959 struct elf_prstatus prstatus; /* NT_PRSTATUS */
1960 elf_fpregset_t fpu; /* NT_PRFPREG */
1961 struct task_struct *thread;
1962 struct memelfnote notes[3];
1967 * In order to add the specific thread information for the elf file format,
1968 * we need to keep a linked list of every threads pr_status and then create
1969 * a single section for them in the final core file.
1971 static int elf_dump_thread_status(long signr, struct elf_thread_status *t)
1974 struct task_struct *p = t->thread;
1977 fill_prstatus(&t->prstatus, p, signr);
1978 elf_core_copy_task_regs(p, &t->prstatus.pr_reg);
1980 fill_note(&t->notes[0], "CORE", NT_PRSTATUS, sizeof(t->prstatus),
1983 sz += notesize(&t->notes[0]);
1985 if ((t->prstatus.pr_fpvalid = elf_core_copy_task_fpregs(p, NULL,
1987 fill_note(&t->notes[1], "CORE", NT_PRFPREG, sizeof(t->fpu),
1990 sz += notesize(&t->notes[1]);
1995 struct elf_note_info {
1996 struct memelfnote *notes;
1997 struct memelfnote *notes_files;
1998 struct elf_prstatus *prstatus; /* NT_PRSTATUS */
1999 struct elf_prpsinfo *psinfo; /* NT_PRPSINFO */
2000 struct list_head thread_list;
2001 elf_fpregset_t *fpu;
2002 user_siginfo_t csigdata;
2003 int thread_status_size;
2007 static int elf_note_info_init(struct elf_note_info *info)
2009 memset(info, 0, sizeof(*info));
2010 INIT_LIST_HEAD(&info->thread_list);
2012 /* Allocate space for ELF notes */
2013 info->notes = kmalloc_array(8, sizeof(struct memelfnote), GFP_KERNEL);
2016 info->psinfo = kmalloc(sizeof(*info->psinfo), GFP_KERNEL);
2019 info->prstatus = kmalloc(sizeof(*info->prstatus), GFP_KERNEL);
2020 if (!info->prstatus)
2022 info->fpu = kmalloc(sizeof(*info->fpu), GFP_KERNEL);
2028 static int fill_note_info(struct elfhdr *elf, int phdrs,
2029 struct elf_note_info *info,
2030 struct coredump_params *cprm)
2032 struct core_thread *ct;
2033 struct elf_thread_status *ets;
2035 if (!elf_note_info_init(info))
2038 for (ct = current->mm->core_state->dumper.next;
2039 ct; ct = ct->next) {
2040 ets = kzalloc(sizeof(*ets), GFP_KERNEL);
2044 ets->thread = ct->task;
2045 list_add(&ets->list, &info->thread_list);
2048 list_for_each_entry(ets, &info->thread_list, list) {
2051 sz = elf_dump_thread_status(cprm->siginfo->si_signo, ets);
2052 info->thread_status_size += sz;
2054 /* now collect the dump for the current */
2055 memset(info->prstatus, 0, sizeof(*info->prstatus));
2056 fill_prstatus(info->prstatus, current, cprm->siginfo->si_signo);
2057 elf_core_copy_regs(&info->prstatus->pr_reg, cprm->regs);
2060 fill_elf_header(elf, phdrs, ELF_ARCH, ELF_CORE_EFLAGS);
2063 * Set up the notes in similar form to SVR4 core dumps made
2064 * with info from their /proc.
2067 fill_note(info->notes + 0, "CORE", NT_PRSTATUS,
2068 sizeof(*info->prstatus), info->prstatus);
2069 fill_psinfo(info->psinfo, current->group_leader, current->mm);
2070 fill_note(info->notes + 1, "CORE", NT_PRPSINFO,
2071 sizeof(*info->psinfo), info->psinfo);
2073 fill_siginfo_note(info->notes + 2, &info->csigdata, cprm->siginfo);
2074 fill_auxv_note(info->notes + 3, current->mm);
2077 if (fill_files_note(info->notes + info->numnote, cprm) == 0) {
2078 info->notes_files = info->notes + info->numnote;
2082 /* Try to dump the FPU. */
2083 info->prstatus->pr_fpvalid =
2084 elf_core_copy_task_fpregs(current, cprm->regs, info->fpu);
2085 if (info->prstatus->pr_fpvalid)
2086 fill_note(info->notes + info->numnote++,
2087 "CORE", NT_PRFPREG, sizeof(*info->fpu), info->fpu);
2091 static size_t get_note_info_size(struct elf_note_info *info)
2096 for (i = 0; i < info->numnote; i++)
2097 sz += notesize(info->notes + i);
2099 sz += info->thread_status_size;
2104 static int write_note_info(struct elf_note_info *info,
2105 struct coredump_params *cprm)
2107 struct elf_thread_status *ets;
2110 for (i = 0; i < info->numnote; i++)
2111 if (!writenote(info->notes + i, cprm))
2114 /* write out the thread status notes section */
2115 list_for_each_entry(ets, &info->thread_list, list) {
2116 for (i = 0; i < ets->num_notes; i++)
2117 if (!writenote(&ets->notes[i], cprm))
2124 static void free_note_info(struct elf_note_info *info)
2126 while (!list_empty(&info->thread_list)) {
2127 struct list_head *tmp = info->thread_list.next;
2129 kfree(list_entry(tmp, struct elf_thread_status, list));
2132 /* Free data possibly allocated by fill_files_note(): */
2133 if (info->notes_files)
2134 kvfree(info->notes_files->data);
2136 kfree(info->prstatus);
2137 kfree(info->psinfo);
2144 static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
2145 elf_addr_t e_shoff, int segs)
2147 elf->e_shoff = e_shoff;
2148 elf->e_shentsize = sizeof(*shdr4extnum);
2150 elf->e_shstrndx = SHN_UNDEF;
2152 memset(shdr4extnum, 0, sizeof(*shdr4extnum));
2154 shdr4extnum->sh_type = SHT_NULL;
2155 shdr4extnum->sh_size = elf->e_shnum;
2156 shdr4extnum->sh_link = elf->e_shstrndx;
2157 shdr4extnum->sh_info = segs;
2163 * This is a two-pass process; first we find the offsets of the bits,
2164 * and then they are actually written out. If we run out of core limit
2167 static int elf_core_dump(struct coredump_params *cprm)
2172 loff_t offset = 0, dataoff;
2173 struct elf_note_info info = { };
2174 struct elf_phdr *phdr4note = NULL;
2175 struct elf_shdr *shdr4extnum = NULL;
2180 * The number of segs are recored into ELF header as 16bit value.
2181 * Please check DEFAULT_MAX_MAP_COUNT definition when you modify here.
2183 segs = cprm->vma_count + elf_core_extra_phdrs();
2185 /* for notes section */
2188 /* If segs > PN_XNUM(0xffff), then e_phnum overflows. To avoid
2189 * this, kernel supports extended numbering. Have a look at
2190 * include/linux/elf.h for further information. */
2191 e_phnum = segs > PN_XNUM ? PN_XNUM : segs;
2194 * Collect all the non-memory information about the process for the
2195 * notes. This also sets up the file header.
2197 if (!fill_note_info(&elf, e_phnum, &info, cprm))
2202 offset += sizeof(elf); /* Elf header */
2203 offset += segs * sizeof(struct elf_phdr); /* Program headers */
2205 /* Write notes phdr entry */
2207 size_t sz = get_note_info_size(&info);
2209 sz += elf_coredump_extra_notes_size();
2211 phdr4note = kmalloc(sizeof(*phdr4note), GFP_KERNEL);
2215 fill_elf_note_phdr(phdr4note, sz, offset);
2219 dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
2221 offset += cprm->vma_data_size;
2222 offset += elf_core_extra_data_size();
2225 if (e_phnum == PN_XNUM) {
2226 shdr4extnum = kmalloc(sizeof(*shdr4extnum), GFP_KERNEL);
2229 fill_extnum_info(&elf, shdr4extnum, e_shoff, segs);
2234 if (!dump_emit(cprm, &elf, sizeof(elf)))
2237 if (!dump_emit(cprm, phdr4note, sizeof(*phdr4note)))
2240 /* Write program headers for segments dump */
2241 for (i = 0; i < cprm->vma_count; i++) {
2242 struct core_vma_metadata *meta = cprm->vma_meta + i;
2243 struct elf_phdr phdr;
2245 phdr.p_type = PT_LOAD;
2246 phdr.p_offset = offset;
2247 phdr.p_vaddr = meta->start;
2249 phdr.p_filesz = meta->dump_size;
2250 phdr.p_memsz = meta->end - meta->start;
2251 offset += phdr.p_filesz;
2253 if (meta->flags & VM_READ)
2254 phdr.p_flags |= PF_R;
2255 if (meta->flags & VM_WRITE)
2256 phdr.p_flags |= PF_W;
2257 if (meta->flags & VM_EXEC)
2258 phdr.p_flags |= PF_X;
2259 phdr.p_align = ELF_EXEC_PAGESIZE;
2261 if (!dump_emit(cprm, &phdr, sizeof(phdr)))
2265 if (!elf_core_write_extra_phdrs(cprm, offset))
2268 /* write out the notes section */
2269 if (!write_note_info(&info, cprm))
2272 if (elf_coredump_extra_notes_write(cprm))
2276 if (!dump_skip(cprm, dataoff - cprm->pos))
2279 for (i = 0; i < cprm->vma_count; i++) {
2280 struct core_vma_metadata *meta = cprm->vma_meta + i;
2282 if (!dump_user_range(cprm, meta->start, meta->dump_size))
2285 dump_truncate(cprm);
2287 if (!elf_core_write_extra_data(cprm))
2290 if (e_phnum == PN_XNUM) {
2291 if (!dump_emit(cprm, shdr4extnum, sizeof(*shdr4extnum)))
2296 free_note_info(&info);
2302 #endif /* CONFIG_ELF_CORE */
2304 static int __init init_elf_binfmt(void)
2306 register_binfmt(&elf_format);
2310 static void __exit exit_elf_binfmt(void)
2312 /* Remove the COFF and ELF loaders. */
2313 unregister_binfmt(&elf_format);
2316 core_initcall(init_elf_binfmt);
2317 module_exit(exit_elf_binfmt);
2318 MODULE_LICENSE("GPL");
projects / releases.git / blob