2 * linux/fs/binfmt_elf.c
4 * These are the functions used to load ELF format executables as used
5 * on SVr4 machines. Information on the format may be found in the book
6 * "UNIX SYSTEM V RELEASE 4 Programmers Guide: Ansi C and Programming Support
9 * Copyright 1993, 1994: Eric Youngdale (ericy@cais.com).
12 #include <linux/module.h>
13 #include <linux/kernel.h>
16 #include <linux/mman.h>
17 #include <linux/errno.h>
18 #include <linux/signal.h>
19 #include <linux/binfmts.h>
20 #include <linux/string.h>
21 #include <linux/file.h>
22 #include <linux/slab.h>
23 #include <linux/personality.h>
24 #include <linux/elfcore.h>
25 #include <linux/init.h>
26 #include <linux/highuid.h>
27 #include <linux/compiler.h>
28 #include <linux/highmem.h>
29 #include <linux/pagemap.h>
30 #include <linux/vmalloc.h>
31 #include <linux/security.h>
32 #include <linux/random.h>
33 #include <linux/elf.h>
34 #include <linux/elf-randomize.h>
35 #include <linux/utsname.h>
36 #include <linux/coredump.h>
37 #include <linux/sched.h>
38 #include <linux/dax.h>
39 #include <asm/uaccess.h>
40 #include <asm/param.h>
44 #define user_long_t long
46 #ifndef user_siginfo_t
47 #define user_siginfo_t siginfo_t
50 static int load_elf_binary(struct linux_binprm *bprm);
51 static unsigned long elf_map(struct file *, unsigned long, struct elf_phdr *,
52 int, int, unsigned long);
55 static int load_elf_library(struct file *);
57 #define load_elf_library NULL
61 * If we don't support core dumping, then supply a NULL so we
64 #ifdef CONFIG_ELF_CORE
65 static int elf_core_dump(struct coredump_params *cprm);
67 #define elf_core_dump NULL
70 #if ELF_EXEC_PAGESIZE > PAGE_SIZE
71 #define ELF_MIN_ALIGN ELF_EXEC_PAGESIZE
73 #define ELF_MIN_ALIGN PAGE_SIZE
76 #ifndef ELF_CORE_EFLAGS
77 #define ELF_CORE_EFLAGS 0
80 #define ELF_PAGESTART(_v) ((_v) & ~(unsigned long)(ELF_MIN_ALIGN-1))
81 #define ELF_PAGEOFFSET(_v) ((_v) & (ELF_MIN_ALIGN-1))
82 #define ELF_PAGEALIGN(_v) (((_v) + ELF_MIN_ALIGN - 1) & ~(ELF_MIN_ALIGN - 1))
84 static struct linux_binfmt elf_format = {
85 .module = THIS_MODULE,
86 .load_binary = load_elf_binary,
87 .load_shlib = load_elf_library,
88 .core_dump = elf_core_dump,
89 .min_coredump = ELF_EXEC_PAGESIZE,
92 #define BAD_ADDR(x) ((unsigned long)(x) >= TASK_SIZE)
94 static int set_brk(unsigned long start, unsigned long end)
96 start = ELF_PAGEALIGN(start);
97 end = ELF_PAGEALIGN(end);
99 int error = vm_brk(start, end - start);
103 current->mm->start_brk = current->mm->brk = end;
107 /* We need to explicitly zero any fractional pages
108 after the data section (i.e. bss). This would
109 contain the junk from the file that should not
112 static int padzero(unsigned long elf_bss)
116 nbyte = ELF_PAGEOFFSET(elf_bss);
118 nbyte = ELF_MIN_ALIGN - nbyte;
119 if (clear_user((void __user *) elf_bss, nbyte))
125 /* Let's use some macros to make this stack manipulation a little clearer */
126 #ifdef CONFIG_STACK_GROWSUP
127 #define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) + (items))
128 #define STACK_ROUND(sp, items) \
129 ((15 + (unsigned long) ((sp) + (items))) &~ 15UL)
130 #define STACK_ALLOC(sp, len) ({ \
131 elf_addr_t __user *old_sp = (elf_addr_t __user *)sp; sp += len; \
134 #define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) - (items))
135 #define STACK_ROUND(sp, items) \
136 (((unsigned long) (sp - items)) &~ 15UL)
137 #define STACK_ALLOC(sp, len) ({ sp -= len ; sp; })
140 #ifndef ELF_BASE_PLATFORM
142 * AT_BASE_PLATFORM indicates the "real" hardware/microarchitecture.
143 * If the arch defines ELF_BASE_PLATFORM (in asm/elf.h), the value
144 * will be copied to the user stack in the same manner as AT_PLATFORM.
146 #define ELF_BASE_PLATFORM NULL
150 create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
151 unsigned long load_addr, unsigned long interp_load_addr)
153 unsigned long p = bprm->p;
154 int argc = bprm->argc;
155 int envc = bprm->envc;
156 elf_addr_t __user *argv;
157 elf_addr_t __user *envp;
158 elf_addr_t __user *sp;
159 elf_addr_t __user *u_platform;
160 elf_addr_t __user *u_base_platform;
161 elf_addr_t __user *u_rand_bytes;
162 const char *k_platform = ELF_PLATFORM;
163 const char *k_base_platform = ELF_BASE_PLATFORM;
164 unsigned char k_rand_bytes[16];
166 elf_addr_t *elf_info;
168 const struct cred *cred = current_cred();
169 struct vm_area_struct *vma;
172 * In some cases (e.g. Hyper-Threading), we want to avoid L1
173 * evictions by the processes running on the same package. One
174 * thing we can do is to shuffle the initial stack for them.
177 p = arch_align_stack(p);
180 * If this architecture has a platform capability string, copy it
181 * to userspace. In some cases (Sparc), this info is impossible
182 * for userspace to get any other way, in others (i386) it is
187 size_t len = strlen(k_platform) + 1;
189 u_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
190 if (__copy_to_user(u_platform, k_platform, len))
195 * If this architecture has a "base" platform capability
196 * string, copy it to userspace.
198 u_base_platform = NULL;
199 if (k_base_platform) {
200 size_t len = strlen(k_base_platform) + 1;
202 u_base_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
203 if (__copy_to_user(u_base_platform, k_base_platform, len))
208 * Generate 16 random bytes for userspace PRNG seeding.
210 get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes));
211 u_rand_bytes = (elf_addr_t __user *)
212 STACK_ALLOC(p, sizeof(k_rand_bytes));
213 if (__copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes)))
216 /* Create the ELF interpreter info */
217 elf_info = (elf_addr_t *)current->mm->saved_auxv;
218 /* update AT_VECTOR_SIZE_BASE if the number of NEW_AUX_ENT() changes */
219 #define NEW_AUX_ENT(id, val) \
221 elf_info[ei_index++] = id; \
222 elf_info[ei_index++] = val; \
227 * ARCH_DLINFO must come first so PPC can do its special alignment of
229 * update AT_VECTOR_SIZE_ARCH if the number of NEW_AUX_ENT() in
230 * ARCH_DLINFO changes
234 NEW_AUX_ENT(AT_HWCAP, ELF_HWCAP);
235 NEW_AUX_ENT(AT_PAGESZ, ELF_EXEC_PAGESIZE);
236 NEW_AUX_ENT(AT_CLKTCK, CLOCKS_PER_SEC);
237 NEW_AUX_ENT(AT_PHDR, load_addr + exec->e_phoff);
238 NEW_AUX_ENT(AT_PHENT, sizeof(struct elf_phdr));
239 NEW_AUX_ENT(AT_PHNUM, exec->e_phnum);
240 NEW_AUX_ENT(AT_BASE, interp_load_addr);
241 NEW_AUX_ENT(AT_FLAGS, 0);
242 NEW_AUX_ENT(AT_ENTRY, exec->e_entry);
243 NEW_AUX_ENT(AT_UID, from_kuid_munged(cred->user_ns, cred->uid));
244 NEW_AUX_ENT(AT_EUID, from_kuid_munged(cred->user_ns, cred->euid));
245 NEW_AUX_ENT(AT_GID, from_kgid_munged(cred->user_ns, cred->gid));
246 NEW_AUX_ENT(AT_EGID, from_kgid_munged(cred->user_ns, cred->egid));
247 NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm));
248 NEW_AUX_ENT(AT_RANDOM, (elf_addr_t)(unsigned long)u_rand_bytes);
250 NEW_AUX_ENT(AT_HWCAP2, ELF_HWCAP2);
252 NEW_AUX_ENT(AT_EXECFN, bprm->exec);
254 NEW_AUX_ENT(AT_PLATFORM,
255 (elf_addr_t)(unsigned long)u_platform);
257 if (k_base_platform) {
258 NEW_AUX_ENT(AT_BASE_PLATFORM,
259 (elf_addr_t)(unsigned long)u_base_platform);
261 if (bprm->interp_flags & BINPRM_FLAGS_EXECFD) {
262 NEW_AUX_ENT(AT_EXECFD, bprm->interp_data);
265 /* AT_NULL is zero; clear the rest too */
266 memset(&elf_info[ei_index], 0,
267 sizeof current->mm->saved_auxv - ei_index * sizeof elf_info[0]);
269 /* And advance past the AT_NULL entry. */
272 sp = STACK_ADD(p, ei_index);
274 items = (argc + 1) + (envc + 1) + 1;
275 bprm->p = STACK_ROUND(sp, items);
277 /* Point sp at the lowest address on the stack */
278 #ifdef CONFIG_STACK_GROWSUP
279 sp = (elf_addr_t __user *)bprm->p - items - ei_index;
280 bprm->exec = (unsigned long)sp; /* XXX: PARISC HACK */
282 sp = (elf_addr_t __user *)bprm->p;
287 * Grow the stack manually; some architectures have a limit on how
288 * far ahead a user-space access may be in order to grow the stack.
290 vma = find_extend_vma(current->mm, bprm->p);
294 /* Now, let's put argc (and argv, envp if appropriate) on the stack */
295 if (__put_user(argc, sp++))
298 envp = argv + argc + 1;
300 /* Populate argv and envp */
301 p = current->mm->arg_end = current->mm->arg_start;
304 if (__put_user((elf_addr_t)p, argv++))
306 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
307 if (!len || len > MAX_ARG_STRLEN)
311 if (__put_user(0, argv))
313 current->mm->arg_end = current->mm->env_start = p;
316 if (__put_user((elf_addr_t)p, envp++))
318 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
319 if (!len || len > MAX_ARG_STRLEN)
323 if (__put_user(0, envp))
325 current->mm->env_end = p;
327 /* Put the elf_info on the stack in the right place. */
328 sp = (elf_addr_t __user *)envp + 1;
329 if (copy_to_user(sp, elf_info, ei_index * sizeof(elf_addr_t)))
336 static unsigned long elf_map(struct file *filep, unsigned long addr,
337 struct elf_phdr *eppnt, int prot, int type,
338 unsigned long total_size)
340 unsigned long map_addr;
341 unsigned long size = eppnt->p_filesz + ELF_PAGEOFFSET(eppnt->p_vaddr);
342 unsigned long off = eppnt->p_offset - ELF_PAGEOFFSET(eppnt->p_vaddr);
343 addr = ELF_PAGESTART(addr);
344 size = ELF_PAGEALIGN(size);
346 /* mmap() will return -EINVAL if given a zero size, but a
347 * segment with zero filesize is perfectly valid */
352 * total_size is the size of the ELF (interpreter) image.
353 * The _first_ mmap needs to know the full size, otherwise
354 * randomization might put this image into an overlapping
355 * position with the ELF binary image. (since size < total_size)
356 * So we first map the 'big' image - and unmap the remainder at
357 * the end. (which unmap is needed for ELF images with holes.)
360 total_size = ELF_PAGEALIGN(total_size);
361 map_addr = vm_mmap(filep, addr, total_size, prot, type, off);
362 if (!BAD_ADDR(map_addr))
363 vm_munmap(map_addr+size, total_size-size);
365 map_addr = vm_mmap(filep, addr, size, prot, type, off);
370 #endif /* !elf_map */
372 static unsigned long total_mapping_size(struct elf_phdr *cmds, int nr)
374 int i, first_idx = -1, last_idx = -1;
376 for (i = 0; i < nr; i++) {
377 if (cmds[i].p_type == PT_LOAD) {
386 return cmds[last_idx].p_vaddr + cmds[last_idx].p_memsz -
387 ELF_PAGESTART(cmds[first_idx].p_vaddr);
391 * load_elf_phdrs() - load ELF program headers
392 * @elf_ex: ELF header of the binary whose program headers should be loaded
393 * @elf_file: the opened ELF binary file
395 * Loads ELF program headers from the binary file elf_file, which has the ELF
396 * header pointed to by elf_ex, into a newly allocated array. The caller is
397 * responsible for freeing the allocated data. Returns an ERR_PTR upon failure.
399 static struct elf_phdr *load_elf_phdrs(struct elfhdr *elf_ex,
400 struct file *elf_file)
402 struct elf_phdr *elf_phdata = NULL;
403 int retval, size, err = -1;
406 * If the size of this structure has changed, then punt, since
407 * we will be doing the wrong thing.
409 if (elf_ex->e_phentsize != sizeof(struct elf_phdr))
412 /* Sanity check the number of program headers... */
413 if (elf_ex->e_phnum < 1 ||
414 elf_ex->e_phnum > 65536U / sizeof(struct elf_phdr))
417 /* ...and their total size. */
418 size = sizeof(struct elf_phdr) * elf_ex->e_phnum;
419 if (size > ELF_MIN_ALIGN)
422 elf_phdata = kmalloc(size, GFP_KERNEL);
426 /* Read in the program headers */
427 retval = kernel_read(elf_file, elf_ex->e_phoff,
428 (char *)elf_phdata, size);
429 if (retval != size) {
430 err = (retval < 0) ? retval : -EIO;
444 #ifndef CONFIG_ARCH_BINFMT_ELF_STATE
447 * struct arch_elf_state - arch-specific ELF loading state
449 * This structure is used to preserve architecture specific data during
450 * the loading of an ELF file, throughout the checking of architecture
451 * specific ELF headers & through to the point where the ELF load is
452 * known to be proceeding (ie. SET_PERSONALITY).
454 * This implementation is a dummy for architectures which require no
457 struct arch_elf_state {
460 #define INIT_ARCH_ELF_STATE {}
463 * arch_elf_pt_proc() - check a PT_LOPROC..PT_HIPROC ELF program header
464 * @ehdr: The main ELF header
465 * @phdr: The program header to check
466 * @elf: The open ELF file
467 * @is_interp: True if the phdr is from the interpreter of the ELF being
468 * loaded, else false.
469 * @state: Architecture-specific state preserved throughout the process
470 * of loading the ELF.
472 * Inspects the program header phdr to validate its correctness and/or
473 * suitability for the system. Called once per ELF program header in the
474 * range PT_LOPROC to PT_HIPROC, for both the ELF being loaded and its
477 * Return: Zero to proceed with the ELF load, non-zero to fail the ELF load
478 * with that return code.
480 static inline int arch_elf_pt_proc(struct elfhdr *ehdr,
481 struct elf_phdr *phdr,
482 struct file *elf, bool is_interp,
483 struct arch_elf_state *state)
485 /* Dummy implementation, always proceed */
490 * arch_check_elf() - check an ELF executable
491 * @ehdr: The main ELF header
492 * @has_interp: True if the ELF has an interpreter, else false.
493 * @interp_ehdr: The interpreter's ELF header
494 * @state: Architecture-specific state preserved throughout the process
495 * of loading the ELF.
497 * Provides a final opportunity for architecture code to reject the loading
498 * of the ELF & cause an exec syscall to return an error. This is called after
499 * all program headers to be checked by arch_elf_pt_proc have been.
501 * Return: Zero to proceed with the ELF load, non-zero to fail the ELF load
502 * with that return code.
504 static inline int arch_check_elf(struct elfhdr *ehdr, bool has_interp,
505 struct elfhdr *interp_ehdr,
506 struct arch_elf_state *state)
508 /* Dummy implementation, always proceed */
512 #endif /* !CONFIG_ARCH_BINFMT_ELF_STATE */
514 /* This is much more generalized than the library routine read function,
515 so we keep this separate. Technically the library read function
516 is only provided so that we can read a.out libraries that have
519 static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
520 struct file *interpreter, unsigned long *interp_map_addr,
521 unsigned long no_base, struct elf_phdr *interp_elf_phdata)
523 struct elf_phdr *eppnt;
524 unsigned long load_addr = 0;
525 int load_addr_set = 0;
526 unsigned long last_bss = 0, elf_bss = 0;
527 unsigned long error = ~0UL;
528 unsigned long total_size;
531 /* First of all, some simple consistency checks */
532 if (interp_elf_ex->e_type != ET_EXEC &&
533 interp_elf_ex->e_type != ET_DYN)
535 if (!elf_check_arch(interp_elf_ex))
537 if (!interpreter->f_op->mmap)
540 total_size = total_mapping_size(interp_elf_phdata,
541 interp_elf_ex->e_phnum);
547 eppnt = interp_elf_phdata;
548 for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) {
549 if (eppnt->p_type == PT_LOAD) {
550 int elf_type = MAP_PRIVATE | MAP_DENYWRITE;
552 unsigned long vaddr = 0;
553 unsigned long k, map_addr;
555 if (eppnt->p_flags & PF_R)
556 elf_prot = PROT_READ;
557 if (eppnt->p_flags & PF_W)
558 elf_prot |= PROT_WRITE;
559 if (eppnt->p_flags & PF_X)
560 elf_prot |= PROT_EXEC;
561 vaddr = eppnt->p_vaddr;
562 if (interp_elf_ex->e_type == ET_EXEC || load_addr_set)
563 elf_type |= MAP_FIXED;
564 else if (no_base && interp_elf_ex->e_type == ET_DYN)
567 map_addr = elf_map(interpreter, load_addr + vaddr,
568 eppnt, elf_prot, elf_type, total_size);
570 if (!*interp_map_addr)
571 *interp_map_addr = map_addr;
573 if (BAD_ADDR(map_addr))
576 if (!load_addr_set &&
577 interp_elf_ex->e_type == ET_DYN) {
578 load_addr = map_addr - ELF_PAGESTART(vaddr);
583 * Check to see if the section's size will overflow the
584 * allowed task size. Note that p_filesz must always be
585 * <= p_memsize so it's only necessary to check p_memsz.
587 k = load_addr + eppnt->p_vaddr;
589 eppnt->p_filesz > eppnt->p_memsz ||
590 eppnt->p_memsz > TASK_SIZE ||
591 TASK_SIZE - eppnt->p_memsz < k) {
597 * Find the end of the file mapping for this phdr, and
598 * keep track of the largest address we see for this.
600 k = load_addr + eppnt->p_vaddr + eppnt->p_filesz;
605 * Do the same thing for the memory mapping - between
606 * elf_bss and last_bss is the bss section.
608 k = load_addr + eppnt->p_vaddr + eppnt->p_memsz;
615 * Now fill out the bss section: first pad the last page from
616 * the file up to the page boundary, and zero it from elf_bss
617 * up to the end of the page.
619 if (padzero(elf_bss)) {
624 * Next, align both the file and mem bss up to the page size,
625 * since this is where elf_bss was just zeroed up to, and where
626 * last_bss will end after the vm_brk() below.
628 elf_bss = ELF_PAGEALIGN(elf_bss);
629 last_bss = ELF_PAGEALIGN(last_bss);
630 /* Finally, if there is still more bss to allocate, do it. */
631 if (last_bss > elf_bss) {
632 error = vm_brk(elf_bss, last_bss - elf_bss);
643 * These are the functions used to load ELF style executables and shared
644 * libraries. There is no binary dependent code anywhere else.
647 #ifndef STACK_RND_MASK
648 #define STACK_RND_MASK (0x7ff >> (PAGE_SHIFT - 12)) /* 8MB of VA */
651 static unsigned long randomize_stack_top(unsigned long stack_top)
653 unsigned long random_variable = 0;
655 if ((current->flags & PF_RANDOMIZE) &&
656 !(current->personality & ADDR_NO_RANDOMIZE)) {
657 random_variable = get_random_long();
658 random_variable &= STACK_RND_MASK;
659 random_variable <<= PAGE_SHIFT;
661 #ifdef CONFIG_STACK_GROWSUP
662 return PAGE_ALIGN(stack_top) + random_variable;
664 return PAGE_ALIGN(stack_top) - random_variable;
668 static int load_elf_binary(struct linux_binprm *bprm)
670 struct file *interpreter = NULL; /* to shut gcc up */
671 unsigned long load_addr = 0, load_bias = 0;
672 int load_addr_set = 0;
673 char * elf_interpreter = NULL;
675 struct elf_phdr *elf_ppnt, *elf_phdata, *interp_elf_phdata = NULL;
676 unsigned long elf_bss, elf_brk;
678 unsigned long elf_entry;
679 unsigned long interp_load_addr = 0;
680 unsigned long start_code, end_code, start_data, end_data;
681 unsigned long reloc_func_desc __maybe_unused = 0;
682 int executable_stack = EXSTACK_DEFAULT;
683 struct pt_regs *regs = current_pt_regs();
685 struct elfhdr elf_ex;
686 struct elfhdr interp_elf_ex;
688 struct arch_elf_state arch_state = INIT_ARCH_ELF_STATE;
690 loc = kmalloc(sizeof(*loc), GFP_KERNEL);
696 /* Get the exec-header */
697 loc->elf_ex = *((struct elfhdr *)bprm->buf);
700 /* First of all, some simple consistency checks */
701 if (memcmp(loc->elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
704 if (loc->elf_ex.e_type != ET_EXEC && loc->elf_ex.e_type != ET_DYN)
706 if (!elf_check_arch(&loc->elf_ex))
708 if (!bprm->file->f_op->mmap)
711 elf_phdata = load_elf_phdrs(&loc->elf_ex, bprm->file);
715 elf_ppnt = elf_phdata;
724 for (i = 0; i < loc->elf_ex.e_phnum; i++) {
725 if (elf_ppnt->p_type == PT_INTERP) {
726 /* This is the program interpreter used for
727 * shared libraries - for now assume that this
728 * is an a.out format binary
731 if (elf_ppnt->p_filesz > PATH_MAX ||
732 elf_ppnt->p_filesz < 2)
736 elf_interpreter = kmalloc(elf_ppnt->p_filesz,
738 if (!elf_interpreter)
741 retval = kernel_read(bprm->file, elf_ppnt->p_offset,
744 if (retval != elf_ppnt->p_filesz) {
747 goto out_free_interp;
749 /* make sure path is NULL terminated */
751 if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0')
752 goto out_free_interp;
754 interpreter = open_exec(elf_interpreter);
755 retval = PTR_ERR(interpreter);
756 if (IS_ERR(interpreter))
757 goto out_free_interp;
760 * If the binary is not readable then enforce
761 * mm->dumpable = 0 regardless of the interpreter's
764 would_dump(bprm, interpreter);
766 /* Get the exec headers */
767 retval = kernel_read(interpreter, 0,
768 (void *)&loc->interp_elf_ex,
769 sizeof(loc->interp_elf_ex));
770 if (retval != sizeof(loc->interp_elf_ex)) {
773 goto out_free_dentry;
781 elf_ppnt = elf_phdata;
782 for (i = 0; i < loc->elf_ex.e_phnum; i++, elf_ppnt++)
783 switch (elf_ppnt->p_type) {
785 if (elf_ppnt->p_flags & PF_X)
786 executable_stack = EXSTACK_ENABLE_X;
788 executable_stack = EXSTACK_DISABLE_X;
791 case PT_LOPROC ... PT_HIPROC:
792 retval = arch_elf_pt_proc(&loc->elf_ex, elf_ppnt,
796 goto out_free_dentry;
800 /* Some simple consistency checks for the interpreter */
801 if (elf_interpreter) {
803 /* Not an ELF interpreter */
804 if (memcmp(loc->interp_elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
805 goto out_free_dentry;
806 /* Verify the interpreter has a valid arch */
807 if (!elf_check_arch(&loc->interp_elf_ex))
808 goto out_free_dentry;
810 /* Load the interpreter program headers */
811 interp_elf_phdata = load_elf_phdrs(&loc->interp_elf_ex,
813 if (!interp_elf_phdata)
814 goto out_free_dentry;
816 /* Pass PT_LOPROC..PT_HIPROC headers to arch code */
817 elf_ppnt = interp_elf_phdata;
818 for (i = 0; i < loc->interp_elf_ex.e_phnum; i++, elf_ppnt++)
819 switch (elf_ppnt->p_type) {
820 case PT_LOPROC ... PT_HIPROC:
821 retval = arch_elf_pt_proc(&loc->interp_elf_ex,
822 elf_ppnt, interpreter,
825 goto out_free_dentry;
831 * Allow arch code to reject the ELF at this point, whilst it's
832 * still possible to return an error to the code that invoked
835 retval = arch_check_elf(&loc->elf_ex,
836 !!interpreter, &loc->interp_elf_ex,
839 goto out_free_dentry;
841 /* Flush all traces of the currently running executable */
842 retval = flush_old_exec(bprm);
844 goto out_free_dentry;
846 /* Do this immediately, since STACK_TOP as used in setup_arg_pages
847 may depend on the personality. */
848 SET_PERSONALITY2(loc->elf_ex, &arch_state);
849 if (elf_read_implies_exec(loc->elf_ex, executable_stack))
850 current->personality |= READ_IMPLIES_EXEC;
852 if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
853 current->flags |= PF_RANDOMIZE;
855 setup_new_exec(bprm);
856 install_exec_creds(bprm);
858 /* Do this so that we can load the interpreter, if need be. We will
859 change some of these later */
860 retval = setup_arg_pages(bprm, randomize_stack_top(STACK_TOP),
863 goto out_free_dentry;
865 current->mm->start_stack = bprm->p;
867 /* Now we do a little grungy work by mmapping the ELF image into
868 the correct location in memory. */
869 for(i = 0, elf_ppnt = elf_phdata;
870 i < loc->elf_ex.e_phnum; i++, elf_ppnt++) {
871 int elf_prot = 0, elf_flags;
872 unsigned long k, vaddr;
873 unsigned long total_size = 0;
875 if (elf_ppnt->p_type != PT_LOAD)
878 if (unlikely (elf_brk > elf_bss)) {
881 /* There was a PT_LOAD segment with p_memsz > p_filesz
882 before this one. Map anonymous pages, if needed,
883 and clear the area. */
884 retval = set_brk(elf_bss + load_bias,
885 elf_brk + load_bias);
887 goto out_free_dentry;
888 nbyte = ELF_PAGEOFFSET(elf_bss);
890 nbyte = ELF_MIN_ALIGN - nbyte;
891 if (nbyte > elf_brk - elf_bss)
892 nbyte = elf_brk - elf_bss;
893 if (clear_user((void __user *)elf_bss +
896 * This bss-zeroing can fail if the ELF
897 * file specifies odd protections. So
898 * we don't check the return value
904 if (elf_ppnt->p_flags & PF_R)
905 elf_prot |= PROT_READ;
906 if (elf_ppnt->p_flags & PF_W)
907 elf_prot |= PROT_WRITE;
908 if (elf_ppnt->p_flags & PF_X)
909 elf_prot |= PROT_EXEC;
911 elf_flags = MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE;
913 vaddr = elf_ppnt->p_vaddr;
915 * If we are loading ET_EXEC or we have already performed
916 * the ET_DYN load_addr calculations, proceed normally.
918 if (loc->elf_ex.e_type == ET_EXEC || load_addr_set) {
919 elf_flags |= MAP_FIXED;
920 } else if (loc->elf_ex.e_type == ET_DYN) {
922 * This logic is run once for the first LOAD Program
923 * Header for ET_DYN binaries to calculate the
924 * randomization (load_bias) for all the LOAD
925 * Program Headers, and to calculate the entire
926 * size of the ELF mapping (total_size). (Note that
927 * load_addr_set is set to true later once the
928 * initial mapping is performed.)
930 * There are effectively two types of ET_DYN
931 * binaries: programs (i.e. PIE: ET_DYN with INTERP)
932 * and loaders (ET_DYN without INTERP, since they
933 * _are_ the ELF interpreter). The loaders must
934 * be loaded away from programs since the program
935 * may otherwise collide with the loader (especially
936 * for ET_EXEC which does not have a randomized
937 * position). For example to handle invocations of
938 * "./ld.so someprog" to test out a new version of
939 * the loader, the subsequent program that the
940 * loader loads must avoid the loader itself, so
941 * they cannot share the same load range. Sufficient
942 * room for the brk must be allocated with the
943 * loader as well, since brk must be available with
946 * Therefore, programs are loaded offset from
947 * ELF_ET_DYN_BASE and loaders are loaded into the
948 * independently randomized mmap region (0 load_bias
949 * without MAP_FIXED).
951 if (elf_interpreter) {
952 load_bias = ELF_ET_DYN_BASE;
953 if (current->flags & PF_RANDOMIZE)
954 load_bias += arch_mmap_rnd();
955 elf_flags |= MAP_FIXED;
960 * Since load_bias is used for all subsequent loading
961 * calculations, we must lower it by the first vaddr
962 * so that the remaining calculations based on the
963 * ELF vaddrs will be correctly offset. The result
964 * is then page aligned.
966 load_bias = ELF_PAGESTART(load_bias - vaddr);
968 total_size = total_mapping_size(elf_phdata,
969 loc->elf_ex.e_phnum);
972 goto out_free_dentry;
976 error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
977 elf_prot, elf_flags, total_size);
978 if (BAD_ADDR(error)) {
979 retval = IS_ERR((void *)error) ?
980 PTR_ERR((void*)error) : -EINVAL;
981 goto out_free_dentry;
984 if (!load_addr_set) {
986 load_addr = (elf_ppnt->p_vaddr - elf_ppnt->p_offset);
987 if (loc->elf_ex.e_type == ET_DYN) {
989 ELF_PAGESTART(load_bias + vaddr);
990 load_addr += load_bias;
991 reloc_func_desc = load_bias;
994 k = elf_ppnt->p_vaddr;
1001 * Check to see if the section's size will overflow the
1002 * allowed task size. Note that p_filesz must always be
1003 * <= p_memsz so it is only necessary to check p_memsz.
1005 if (BAD_ADDR(k) || elf_ppnt->p_filesz > elf_ppnt->p_memsz ||
1006 elf_ppnt->p_memsz > TASK_SIZE ||
1007 TASK_SIZE - elf_ppnt->p_memsz < k) {
1008 /* set_brk can never work. Avoid overflows. */
1010 goto out_free_dentry;
1013 k = elf_ppnt->p_vaddr + elf_ppnt->p_filesz;
1017 if ((elf_ppnt->p_flags & PF_X) && end_code < k)
1021 k = elf_ppnt->p_vaddr + elf_ppnt->p_memsz;
1026 loc->elf_ex.e_entry += load_bias;
1027 elf_bss += load_bias;
1028 elf_brk += load_bias;
1029 start_code += load_bias;
1030 end_code += load_bias;
1031 start_data += load_bias;
1032 end_data += load_bias;
1034 /* Calling set_brk effectively mmaps the pages that we need
1035 * for the bss and break sections. We must do this before
1036 * mapping in the interpreter, to make sure it doesn't wind
1037 * up getting placed where the bss needs to go.
1039 retval = set_brk(elf_bss, elf_brk);
1041 goto out_free_dentry;
1042 if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
1043 retval = -EFAULT; /* Nobody gets to see this, but.. */
1044 goto out_free_dentry;
1047 if (elf_interpreter) {
1048 unsigned long interp_map_addr = 0;
1050 elf_entry = load_elf_interp(&loc->interp_elf_ex,
1053 load_bias, interp_elf_phdata);
1054 if (!IS_ERR((void *)elf_entry)) {
1056 * load_elf_interp() returns relocation
1059 interp_load_addr = elf_entry;
1060 elf_entry += loc->interp_elf_ex.e_entry;
1062 if (BAD_ADDR(elf_entry)) {
1063 retval = IS_ERR((void *)elf_entry) ?
1064 (int)elf_entry : -EINVAL;
1065 goto out_free_dentry;
1067 reloc_func_desc = interp_load_addr;
1069 allow_write_access(interpreter);
1071 kfree(elf_interpreter);
1073 elf_entry = loc->elf_ex.e_entry;
1074 if (BAD_ADDR(elf_entry)) {
1076 goto out_free_dentry;
1080 kfree(interp_elf_phdata);
1083 set_binfmt(&elf_format);
1085 #ifdef ARCH_HAS_SETUP_ADDITIONAL_PAGES
1086 retval = arch_setup_additional_pages(bprm, !!elf_interpreter);
1089 #endif /* ARCH_HAS_SETUP_ADDITIONAL_PAGES */
1091 retval = create_elf_tables(bprm, &loc->elf_ex,
1092 load_addr, interp_load_addr);
1095 /* N.B. passed_fileno might not be initialized? */
1096 current->mm->end_code = end_code;
1097 current->mm->start_code = start_code;
1098 current->mm->start_data = start_data;
1099 current->mm->end_data = end_data;
1100 current->mm->start_stack = bprm->p;
1102 if ((current->flags & PF_RANDOMIZE) && (randomize_va_space > 1)) {
1104 * For architectures with ELF randomization, when executing
1105 * a loader directly (i.e. no interpreter listed in ELF
1106 * headers), move the brk area out of the mmap region
1107 * (since it grows up, and may collide early with the stack
1108 * growing down), and into the unused ELF_ET_DYN_BASE region.
1110 if (IS_ENABLED(CONFIG_ARCH_HAS_ELF_RANDOMIZE) &&
1111 loc->elf_ex.e_type == ET_DYN && !interpreter)
1112 current->mm->brk = current->mm->start_brk =
1115 current->mm->brk = current->mm->start_brk =
1116 arch_randomize_brk(current->mm);
1117 #ifdef compat_brk_randomized
1118 current->brk_randomized = 1;
1122 if (current->personality & MMAP_PAGE_ZERO) {
1123 /* Why this, you ask??? Well SVr4 maps page 0 as read-only,
1124 and some applications "depend" upon this behavior.
1125 Since we do not have the power to recompile these, we
1126 emulate the SVr4 behavior. Sigh. */
1127 error = vm_mmap(NULL, 0, PAGE_SIZE, PROT_READ | PROT_EXEC,
1128 MAP_FIXED | MAP_PRIVATE, 0);
1131 #ifdef ELF_PLAT_INIT
1133 * The ABI may specify that certain registers be set up in special
1134 * ways (on i386 %edx is the address of a DT_FINI function, for
1135 * example. In addition, it may also specify (eg, PowerPC64 ELF)
1136 * that the e_entry field is the address of the function descriptor
1137 * for the startup routine, rather than the address of the startup
1138 * routine itself. This macro performs whatever initialization to
1139 * the regs structure is required as well as any relocations to the
1140 * function descriptor entries when executing dynamically links apps.
1142 ELF_PLAT_INIT(regs, reloc_func_desc);
1145 start_thread(regs, elf_entry, bprm->p);
1154 kfree(interp_elf_phdata);
1155 allow_write_access(interpreter);
1159 kfree(elf_interpreter);
1165 #ifdef CONFIG_USELIB
1166 /* This is really simpleminded and specialized - we are loading an
1167 a.out library that is given an ELF header. */
1168 static int load_elf_library(struct file *file)
1170 struct elf_phdr *elf_phdata;
1171 struct elf_phdr *eppnt;
1172 unsigned long elf_bss, bss, len;
1173 int retval, error, i, j;
1174 struct elfhdr elf_ex;
1177 retval = kernel_read(file, 0, (char *)&elf_ex, sizeof(elf_ex));
1178 if (retval != sizeof(elf_ex))
1181 if (memcmp(elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
1184 /* First of all, some simple consistency checks */
1185 if (elf_ex.e_type != ET_EXEC || elf_ex.e_phnum > 2 ||
1186 !elf_check_arch(&elf_ex) || !file->f_op->mmap)
1189 /* Now read in all of the header information */
1191 j = sizeof(struct elf_phdr) * elf_ex.e_phnum;
1192 /* j < ELF_MIN_ALIGN because elf_ex.e_phnum <= 2 */
1195 elf_phdata = kmalloc(j, GFP_KERNEL);
1201 retval = kernel_read(file, elf_ex.e_phoff, (char *)eppnt, j);
1205 for (j = 0, i = 0; i<elf_ex.e_phnum; i++)
1206 if ((eppnt + i)->p_type == PT_LOAD)
1211 while (eppnt->p_type != PT_LOAD)
1214 /* Now use mmap to map the library into memory. */
1215 error = vm_mmap(file,
1216 ELF_PAGESTART(eppnt->p_vaddr),
1218 ELF_PAGEOFFSET(eppnt->p_vaddr)),
1219 PROT_READ | PROT_WRITE | PROT_EXEC,
1220 MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE,
1222 ELF_PAGEOFFSET(eppnt->p_vaddr)));
1223 if (error != ELF_PAGESTART(eppnt->p_vaddr))
1226 elf_bss = eppnt->p_vaddr + eppnt->p_filesz;
1227 if (padzero(elf_bss)) {
1232 len = ELF_PAGEALIGN(eppnt->p_filesz + eppnt->p_vaddr);
1233 bss = ELF_PAGEALIGN(eppnt->p_memsz + eppnt->p_vaddr);
1235 error = vm_brk(len, bss - len);
1246 #endif /* #ifdef CONFIG_USELIB */
1248 #ifdef CONFIG_ELF_CORE
1252 * Modelled on fs/exec.c:aout_core_dump()
1253 * Jeremy Fitzhardinge <jeremy@sw.oz.au>
1257 * The purpose of always_dump_vma() is to make sure that special kernel mappings
1258 * that are useful for post-mortem analysis are included in every core dump.
1259 * In that way we ensure that the core dump is fully interpretable later
1260 * without matching up the same kernel and hardware config to see what PC values
1261 * meant. These special mappings include - vDSO, vsyscall, and other
1262 * architecture specific mappings
1264 static bool always_dump_vma(struct vm_area_struct *vma)
1266 /* Any vsyscall mappings? */
1267 if (vma == get_gate_vma(vma->vm_mm))
1271 * Assume that all vmas with a .name op should always be dumped.
1272 * If this changes, a new vm_ops field can easily be added.
1274 if (vma->vm_ops && vma->vm_ops->name && vma->vm_ops->name(vma))
1278 * arch_vma_name() returns non-NULL for special architecture mappings,
1279 * such as vDSO sections.
1281 if (arch_vma_name(vma))
1288 * Decide what to dump of a segment, part, all or none.
1290 static unsigned long vma_dump_size(struct vm_area_struct *vma,
1291 unsigned long mm_flags)
1293 #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type))
1295 /* always dump the vdso and vsyscall sections */
1296 if (always_dump_vma(vma))
1299 if (vma->vm_flags & VM_DONTDUMP)
1302 /* support for DAX */
1303 if (vma_is_dax(vma)) {
1304 if ((vma->vm_flags & VM_SHARED) && FILTER(DAX_SHARED))
1306 if (!(vma->vm_flags & VM_SHARED) && FILTER(DAX_PRIVATE))
1311 /* Hugetlb memory check */
1312 if (vma->vm_flags & VM_HUGETLB) {
1313 if ((vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_SHARED))
1315 if (!(vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_PRIVATE))
1320 /* Do not dump I/O mapped devices or special mappings */
1321 if (vma->vm_flags & VM_IO)
1324 /* By default, dump shared memory if mapped from an anonymous file. */
1325 if (vma->vm_flags & VM_SHARED) {
1326 if (file_inode(vma->vm_file)->i_nlink == 0 ?
1327 FILTER(ANON_SHARED) : FILTER(MAPPED_SHARED))
1332 /* Dump segments that have been written to. */
1333 if (vma->anon_vma && FILTER(ANON_PRIVATE))
1335 if (vma->vm_file == NULL)
1338 if (FILTER(MAPPED_PRIVATE))
1342 * If this looks like the beginning of a DSO or executable mapping,
1343 * check for an ELF header. If we find one, dump the first page to
1344 * aid in determining what was mapped here.
1346 if (FILTER(ELF_HEADERS) &&
1347 vma->vm_pgoff == 0 && (vma->vm_flags & VM_READ)) {
1348 u32 __user *header = (u32 __user *) vma->vm_start;
1350 mm_segment_t fs = get_fs();
1352 * Doing it this way gets the constant folded by GCC.
1356 char elfmag[SELFMAG];
1358 BUILD_BUG_ON(SELFMAG != sizeof word);
1359 magic.elfmag[EI_MAG0] = ELFMAG0;
1360 magic.elfmag[EI_MAG1] = ELFMAG1;
1361 magic.elfmag[EI_MAG2] = ELFMAG2;
1362 magic.elfmag[EI_MAG3] = ELFMAG3;
1364 * Switch to the user "segment" for get_user(),
1365 * then put back what elf_core_dump() had in place.
1368 if (unlikely(get_user(word, header)))
1371 if (word == magic.cmp)
1380 return vma->vm_end - vma->vm_start;
1383 /* An ELF note in memory */
1388 unsigned int datasz;
1392 static int notesize(struct memelfnote *en)
1396 sz = sizeof(struct elf_note);
1397 sz += roundup(strlen(en->name) + 1, 4);
1398 sz += roundup(en->datasz, 4);
1403 static int writenote(struct memelfnote *men, struct coredump_params *cprm)
1406 en.n_namesz = strlen(men->name) + 1;
1407 en.n_descsz = men->datasz;
1408 en.n_type = men->type;
1410 return dump_emit(cprm, &en, sizeof(en)) &&
1411 dump_emit(cprm, men->name, en.n_namesz) && dump_align(cprm, 4) &&
1412 dump_emit(cprm, men->data, men->datasz) && dump_align(cprm, 4);
1415 static void fill_elf_header(struct elfhdr *elf, int segs,
1416 u16 machine, u32 flags)
1418 memset(elf, 0, sizeof(*elf));
1420 memcpy(elf->e_ident, ELFMAG, SELFMAG);
1421 elf->e_ident[EI_CLASS] = ELF_CLASS;
1422 elf->e_ident[EI_DATA] = ELF_DATA;
1423 elf->e_ident[EI_VERSION] = EV_CURRENT;
1424 elf->e_ident[EI_OSABI] = ELF_OSABI;
1426 elf->e_type = ET_CORE;
1427 elf->e_machine = machine;
1428 elf->e_version = EV_CURRENT;
1429 elf->e_phoff = sizeof(struct elfhdr);
1430 elf->e_flags = flags;
1431 elf->e_ehsize = sizeof(struct elfhdr);
1432 elf->e_phentsize = sizeof(struct elf_phdr);
1433 elf->e_phnum = segs;
1438 static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, loff_t offset)
1440 phdr->p_type = PT_NOTE;
1441 phdr->p_offset = offset;
1444 phdr->p_filesz = sz;
1451 static void fill_note(struct memelfnote *note, const char *name, int type,
1452 unsigned int sz, void *data)
1462 * fill up all the fields in prstatus from the given task struct, except
1463 * registers which need to be filled up separately.
1465 static void fill_prstatus(struct elf_prstatus *prstatus,
1466 struct task_struct *p, long signr)
1468 prstatus->pr_info.si_signo = prstatus->pr_cursig = signr;
1469 prstatus->pr_sigpend = p->pending.signal.sig[0];
1470 prstatus->pr_sighold = p->blocked.sig[0];
1472 prstatus->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1474 prstatus->pr_pid = task_pid_vnr(p);
1475 prstatus->pr_pgrp = task_pgrp_vnr(p);
1476 prstatus->pr_sid = task_session_vnr(p);
1477 if (thread_group_leader(p)) {
1478 struct task_cputime cputime;
1481 * This is the record for the group leader. It shows the
1482 * group-wide total, not its individual thread total.
1484 thread_group_cputime(p, &cputime);
1485 cputime_to_timeval(cputime.utime, &prstatus->pr_utime);
1486 cputime_to_timeval(cputime.stime, &prstatus->pr_stime);
1488 cputime_t utime, stime;
1490 task_cputime(p, &utime, &stime);
1491 cputime_to_timeval(utime, &prstatus->pr_utime);
1492 cputime_to_timeval(stime, &prstatus->pr_stime);
1494 cputime_to_timeval(p->signal->cutime, &prstatus->pr_cutime);
1495 cputime_to_timeval(p->signal->cstime, &prstatus->pr_cstime);
1498 static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p,
1499 struct mm_struct *mm)
1501 const struct cred *cred;
1502 unsigned int i, len;
1504 /* first copy the parameters from user space */
1505 memset(psinfo, 0, sizeof(struct elf_prpsinfo));
1507 len = mm->arg_end - mm->arg_start;
1508 if (len >= ELF_PRARGSZ)
1509 len = ELF_PRARGSZ-1;
1510 if (copy_from_user(&psinfo->pr_psargs,
1511 (const char __user *)mm->arg_start, len))
1513 for(i = 0; i < len; i++)
1514 if (psinfo->pr_psargs[i] == 0)
1515 psinfo->pr_psargs[i] = ' ';
1516 psinfo->pr_psargs[len] = 0;
1519 psinfo->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1521 psinfo->pr_pid = task_pid_vnr(p);
1522 psinfo->pr_pgrp = task_pgrp_vnr(p);
1523 psinfo->pr_sid = task_session_vnr(p);
1525 i = p->state ? ffz(~p->state) + 1 : 0;
1526 psinfo->pr_state = i;
1527 psinfo->pr_sname = (i > 5) ? '.' : "RSDTZW"[i];
1528 psinfo->pr_zomb = psinfo->pr_sname == 'Z';
1529 psinfo->pr_nice = task_nice(p);
1530 psinfo->pr_flag = p->flags;
1532 cred = __task_cred(p);
1533 SET_UID(psinfo->pr_uid, from_kuid_munged(cred->user_ns, cred->uid));
1534 SET_GID(psinfo->pr_gid, from_kgid_munged(cred->user_ns, cred->gid));
1536 strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname));
1541 static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
1543 elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
1547 while (auxv[i - 2] != AT_NULL);
1548 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
1551 static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata,
1552 const siginfo_t *siginfo)
1554 mm_segment_t old_fs = get_fs();
1556 copy_siginfo_to_user((user_siginfo_t __user *) csigdata, siginfo);
1558 fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata);
1561 #define MAX_FILE_NOTE_SIZE (4*1024*1024)
1563 * Format of NT_FILE note:
1565 * long count -- how many files are mapped
1566 * long page_size -- units for file_ofs
1567 * array of [COUNT] elements of
1571 * followed by COUNT filenames in ASCII: "FILE1" NUL "FILE2" NUL...
1573 static int fill_files_note(struct memelfnote *note)
1575 struct vm_area_struct *vma;
1576 unsigned count, size, names_ofs, remaining, n;
1578 user_long_t *start_end_ofs;
1579 char *name_base, *name_curpos;
1581 /* *Estimated* file count and total data size needed */
1582 count = current->mm->map_count;
1585 names_ofs = (2 + 3 * count) * sizeof(data[0]);
1587 if (size >= MAX_FILE_NOTE_SIZE) /* paranoia check */
1589 size = round_up(size, PAGE_SIZE);
1590 data = vmalloc(size);
1594 start_end_ofs = data + 2;
1595 name_base = name_curpos = ((char *)data) + names_ofs;
1596 remaining = size - names_ofs;
1598 for (vma = current->mm->mmap; vma != NULL; vma = vma->vm_next) {
1600 const char *filename;
1602 file = vma->vm_file;
1605 filename = file_path(file, name_curpos, remaining);
1606 if (IS_ERR(filename)) {
1607 if (PTR_ERR(filename) == -ENAMETOOLONG) {
1609 size = size * 5 / 4;
1615 /* file_path() fills at the end, move name down */
1616 /* n = strlen(filename) + 1: */
1617 n = (name_curpos + remaining) - filename;
1618 remaining = filename - name_curpos;
1619 memmove(name_curpos, filename, n);
1622 *start_end_ofs++ = vma->vm_start;
1623 *start_end_ofs++ = vma->vm_end;
1624 *start_end_ofs++ = vma->vm_pgoff;
1628 /* Now we know exact count of files, can store it */
1630 data[1] = PAGE_SIZE;
1632 * Count usually is less than current->mm->map_count,
1633 * we need to move filenames down.
1635 n = current->mm->map_count - count;
1637 unsigned shift_bytes = n * 3 * sizeof(data[0]);
1638 memmove(name_base - shift_bytes, name_base,
1639 name_curpos - name_base);
1640 name_curpos -= shift_bytes;
1643 size = name_curpos - (char *)data;
1644 fill_note(note, "CORE", NT_FILE, size, data);
1648 #ifdef CORE_DUMP_USE_REGSET
1649 #include <linux/regset.h>
1651 struct elf_thread_core_info {
1652 struct elf_thread_core_info *next;
1653 struct task_struct *task;
1654 struct elf_prstatus prstatus;
1655 struct memelfnote notes[0];
1658 struct elf_note_info {
1659 struct elf_thread_core_info *thread;
1660 struct memelfnote psinfo;
1661 struct memelfnote signote;
1662 struct memelfnote auxv;
1663 struct memelfnote files;
1664 user_siginfo_t csigdata;
1670 * When a regset has a writeback hook, we call it on each thread before
1671 * dumping user memory. On register window machines, this makes sure the
1672 * user memory backing the register data is up to date before we read it.
1674 static void do_thread_regset_writeback(struct task_struct *task,
1675 const struct user_regset *regset)
1677 if (regset->writeback)
1678 regset->writeback(task, regset, 1);
1681 #ifndef PRSTATUS_SIZE
1682 #define PRSTATUS_SIZE(S, R) sizeof(S)
1685 #ifndef SET_PR_FPVALID
1686 #define SET_PR_FPVALID(S, V, R) ((S)->pr_fpvalid = (V))
1689 static int fill_thread_core_info(struct elf_thread_core_info *t,
1690 const struct user_regset_view *view,
1691 long signr, size_t *total)
1694 unsigned int regset_size = view->regsets[0].n * view->regsets[0].size;
1697 * NT_PRSTATUS is the one special case, because the regset data
1698 * goes into the pr_reg field inside the note contents, rather
1699 * than being the whole note contents. We fill the reset in here.
1700 * We assume that regset 0 is NT_PRSTATUS.
1702 fill_prstatus(&t->prstatus, t->task, signr);
1703 (void) view->regsets[0].get(t->task, &view->regsets[0], 0, regset_size,
1704 &t->prstatus.pr_reg, NULL);
1706 fill_note(&t->notes[0], "CORE", NT_PRSTATUS,
1707 PRSTATUS_SIZE(t->prstatus, regset_size), &t->prstatus);
1708 *total += notesize(&t->notes[0]);
1710 do_thread_regset_writeback(t->task, &view->regsets[0]);
1713 * Each other regset might generate a note too. For each regset
1714 * that has no core_note_type or is inactive, we leave t->notes[i]
1715 * all zero and we'll know to skip writing it later.
1717 for (i = 1; i < view->n; ++i) {
1718 const struct user_regset *regset = &view->regsets[i];
1719 do_thread_regset_writeback(t->task, regset);
1720 if (regset->core_note_type && regset->get &&
1721 (!regset->active || regset->active(t->task, regset) > 0)) {
1723 size_t size = regset->n * regset->size;
1724 void *data = kzalloc(size, GFP_KERNEL);
1725 if (unlikely(!data))
1727 ret = regset->get(t->task, regset,
1728 0, size, data, NULL);
1732 if (regset->core_note_type != NT_PRFPREG)
1733 fill_note(&t->notes[i], "LINUX",
1734 regset->core_note_type,
1737 SET_PR_FPVALID(&t->prstatus,
1739 fill_note(&t->notes[i], "CORE",
1740 NT_PRFPREG, size, data);
1742 *total += notesize(&t->notes[i]);
1750 static int fill_note_info(struct elfhdr *elf, int phdrs,
1751 struct elf_note_info *info,
1752 const siginfo_t *siginfo, struct pt_regs *regs)
1754 struct task_struct *dump_task = current;
1755 const struct user_regset_view *view = task_user_regset_view(dump_task);
1756 struct elf_thread_core_info *t;
1757 struct elf_prpsinfo *psinfo;
1758 struct core_thread *ct;
1762 info->thread = NULL;
1764 psinfo = kmalloc(sizeof(*psinfo), GFP_KERNEL);
1765 if (psinfo == NULL) {
1766 info->psinfo.data = NULL; /* So we don't free this wrongly */
1770 fill_note(&info->psinfo, "CORE", NT_PRPSINFO, sizeof(*psinfo), psinfo);
1773 * Figure out how many notes we're going to need for each thread.
1775 info->thread_notes = 0;
1776 for (i = 0; i < view->n; ++i)
1777 if (view->regsets[i].core_note_type != 0)
1778 ++info->thread_notes;
1781 * Sanity check. We rely on regset 0 being in NT_PRSTATUS,
1782 * since it is our one special case.
1784 if (unlikely(info->thread_notes == 0) ||
1785 unlikely(view->regsets[0].core_note_type != NT_PRSTATUS)) {
1791 * Initialize the ELF file header.
1793 fill_elf_header(elf, phdrs,
1794 view->e_machine, view->e_flags);
1797 * Allocate a structure for each thread.
1799 for (ct = &dump_task->mm->core_state->dumper; ct; ct = ct->next) {
1800 t = kzalloc(offsetof(struct elf_thread_core_info,
1801 notes[info->thread_notes]),
1807 if (ct->task == dump_task || !info->thread) {
1808 t->next = info->thread;
1812 * Make sure to keep the original task at
1813 * the head of the list.
1815 t->next = info->thread->next;
1816 info->thread->next = t;
1821 * Now fill in each thread's information.
1823 for (t = info->thread; t != NULL; t = t->next)
1824 if (!fill_thread_core_info(t, view, siginfo->si_signo, &info->size))
1828 * Fill in the two process-wide notes.
1830 fill_psinfo(psinfo, dump_task->group_leader, dump_task->mm);
1831 info->size += notesize(&info->psinfo);
1833 fill_siginfo_note(&info->signote, &info->csigdata, siginfo);
1834 info->size += notesize(&info->signote);
1836 fill_auxv_note(&info->auxv, current->mm);
1837 info->size += notesize(&info->auxv);
1839 if (fill_files_note(&info->files) == 0)
1840 info->size += notesize(&info->files);
1845 static size_t get_note_info_size(struct elf_note_info *info)
1851 * Write all the notes for each thread. When writing the first thread, the
1852 * process-wide notes are interleaved after the first thread-specific note.
1854 static int write_note_info(struct elf_note_info *info,
1855 struct coredump_params *cprm)
1858 struct elf_thread_core_info *t = info->thread;
1863 if (!writenote(&t->notes[0], cprm))
1866 if (first && !writenote(&info->psinfo, cprm))
1868 if (first && !writenote(&info->signote, cprm))
1870 if (first && !writenote(&info->auxv, cprm))
1872 if (first && info->files.data &&
1873 !writenote(&info->files, cprm))
1876 for (i = 1; i < info->thread_notes; ++i)
1877 if (t->notes[i].data &&
1878 !writenote(&t->notes[i], cprm))
1888 static void free_note_info(struct elf_note_info *info)
1890 struct elf_thread_core_info *threads = info->thread;
1893 struct elf_thread_core_info *t = threads;
1895 WARN_ON(t->notes[0].data && t->notes[0].data != &t->prstatus);
1896 for (i = 1; i < info->thread_notes; ++i)
1897 kfree(t->notes[i].data);
1900 kfree(info->psinfo.data);
1901 vfree(info->files.data);
1906 /* Here is the structure in which status of each thread is captured. */
1907 struct elf_thread_status
1909 struct list_head list;
1910 struct elf_prstatus prstatus; /* NT_PRSTATUS */
1911 elf_fpregset_t fpu; /* NT_PRFPREG */
1912 struct task_struct *thread;
1913 #ifdef ELF_CORE_COPY_XFPREGS
1914 elf_fpxregset_t xfpu; /* ELF_CORE_XFPREG_TYPE */
1916 struct memelfnote notes[3];
1921 * In order to add the specific thread information for the elf file format,
1922 * we need to keep a linked list of every threads pr_status and then create
1923 * a single section for them in the final core file.
1925 static int elf_dump_thread_status(long signr, struct elf_thread_status *t)
1928 struct task_struct *p = t->thread;
1931 fill_prstatus(&t->prstatus, p, signr);
1932 elf_core_copy_task_regs(p, &t->prstatus.pr_reg);
1934 fill_note(&t->notes[0], "CORE", NT_PRSTATUS, sizeof(t->prstatus),
1937 sz += notesize(&t->notes[0]);
1939 if ((t->prstatus.pr_fpvalid = elf_core_copy_task_fpregs(p, NULL,
1941 fill_note(&t->notes[1], "CORE", NT_PRFPREG, sizeof(t->fpu),
1944 sz += notesize(&t->notes[1]);
1947 #ifdef ELF_CORE_COPY_XFPREGS
1948 if (elf_core_copy_task_xfpregs(p, &t->xfpu)) {
1949 fill_note(&t->notes[2], "LINUX", ELF_CORE_XFPREG_TYPE,
1950 sizeof(t->xfpu), &t->xfpu);
1952 sz += notesize(&t->notes[2]);
1958 struct elf_note_info {
1959 struct memelfnote *notes;
1960 struct memelfnote *notes_files;
1961 struct elf_prstatus *prstatus; /* NT_PRSTATUS */
1962 struct elf_prpsinfo *psinfo; /* NT_PRPSINFO */
1963 struct list_head thread_list;
1964 elf_fpregset_t *fpu;
1965 #ifdef ELF_CORE_COPY_XFPREGS
1966 elf_fpxregset_t *xfpu;
1968 user_siginfo_t csigdata;
1969 int thread_status_size;
1973 static int elf_note_info_init(struct elf_note_info *info)
1975 memset(info, 0, sizeof(*info));
1976 INIT_LIST_HEAD(&info->thread_list);
1978 /* Allocate space for ELF notes */
1979 info->notes = kmalloc(8 * sizeof(struct memelfnote), GFP_KERNEL);
1982 info->psinfo = kmalloc(sizeof(*info->psinfo), GFP_KERNEL);
1985 info->prstatus = kmalloc(sizeof(*info->prstatus), GFP_KERNEL);
1986 if (!info->prstatus)
1988 info->fpu = kmalloc(sizeof(*info->fpu), GFP_KERNEL);
1991 #ifdef ELF_CORE_COPY_XFPREGS
1992 info->xfpu = kmalloc(sizeof(*info->xfpu), GFP_KERNEL);
1999 static int fill_note_info(struct elfhdr *elf, int phdrs,
2000 struct elf_note_info *info,
2001 const siginfo_t *siginfo, struct pt_regs *regs)
2003 struct list_head *t;
2004 struct core_thread *ct;
2005 struct elf_thread_status *ets;
2007 if (!elf_note_info_init(info))
2010 for (ct = current->mm->core_state->dumper.next;
2011 ct; ct = ct->next) {
2012 ets = kzalloc(sizeof(*ets), GFP_KERNEL);
2016 ets->thread = ct->task;
2017 list_add(&ets->list, &info->thread_list);
2020 list_for_each(t, &info->thread_list) {
2023 ets = list_entry(t, struct elf_thread_status, list);
2024 sz = elf_dump_thread_status(siginfo->si_signo, ets);
2025 info->thread_status_size += sz;
2027 /* now collect the dump for the current */
2028 memset(info->prstatus, 0, sizeof(*info->prstatus));
2029 fill_prstatus(info->prstatus, current, siginfo->si_signo);
2030 elf_core_copy_regs(&info->prstatus->pr_reg, regs);
2033 fill_elf_header(elf, phdrs, ELF_ARCH, ELF_CORE_EFLAGS);
2036 * Set up the notes in similar form to SVR4 core dumps made
2037 * with info from their /proc.
2040 fill_note(info->notes + 0, "CORE", NT_PRSTATUS,
2041 sizeof(*info->prstatus), info->prstatus);
2042 fill_psinfo(info->psinfo, current->group_leader, current->mm);
2043 fill_note(info->notes + 1, "CORE", NT_PRPSINFO,
2044 sizeof(*info->psinfo), info->psinfo);
2046 fill_siginfo_note(info->notes + 2, &info->csigdata, siginfo);
2047 fill_auxv_note(info->notes + 3, current->mm);
2050 if (fill_files_note(info->notes + info->numnote) == 0) {
2051 info->notes_files = info->notes + info->numnote;
2055 /* Try to dump the FPU. */
2056 info->prstatus->pr_fpvalid = elf_core_copy_task_fpregs(current, regs,
2058 if (info->prstatus->pr_fpvalid)
2059 fill_note(info->notes + info->numnote++,
2060 "CORE", NT_PRFPREG, sizeof(*info->fpu), info->fpu);
2061 #ifdef ELF_CORE_COPY_XFPREGS
2062 if (elf_core_copy_task_xfpregs(current, info->xfpu))
2063 fill_note(info->notes + info->numnote++,
2064 "LINUX", ELF_CORE_XFPREG_TYPE,
2065 sizeof(*info->xfpu), info->xfpu);
2071 static size_t get_note_info_size(struct elf_note_info *info)
2076 for (i = 0; i < info->numnote; i++)
2077 sz += notesize(info->notes + i);
2079 sz += info->thread_status_size;
2084 static int write_note_info(struct elf_note_info *info,
2085 struct coredump_params *cprm)
2088 struct list_head *t;
2090 for (i = 0; i < info->numnote; i++)
2091 if (!writenote(info->notes + i, cprm))
2094 /* write out the thread status notes section */
2095 list_for_each(t, &info->thread_list) {
2096 struct elf_thread_status *tmp =
2097 list_entry(t, struct elf_thread_status, list);
2099 for (i = 0; i < tmp->num_notes; i++)
2100 if (!writenote(&tmp->notes[i], cprm))
2107 static void free_note_info(struct elf_note_info *info)
2109 while (!list_empty(&info->thread_list)) {
2110 struct list_head *tmp = info->thread_list.next;
2112 kfree(list_entry(tmp, struct elf_thread_status, list));
2115 /* Free data possibly allocated by fill_files_note(): */
2116 if (info->notes_files)
2117 vfree(info->notes_files->data);
2119 kfree(info->prstatus);
2120 kfree(info->psinfo);
2123 #ifdef ELF_CORE_COPY_XFPREGS
2130 static struct vm_area_struct *first_vma(struct task_struct *tsk,
2131 struct vm_area_struct *gate_vma)
2133 struct vm_area_struct *ret = tsk->mm->mmap;
2140 * Helper function for iterating across a vma list. It ensures that the caller
2141 * will visit `gate_vma' prior to terminating the search.
2143 static struct vm_area_struct *next_vma(struct vm_area_struct *this_vma,
2144 struct vm_area_struct *gate_vma)
2146 struct vm_area_struct *ret;
2148 ret = this_vma->vm_next;
2151 if (this_vma == gate_vma)
2156 static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
2157 elf_addr_t e_shoff, int segs)
2159 elf->e_shoff = e_shoff;
2160 elf->e_shentsize = sizeof(*shdr4extnum);
2162 elf->e_shstrndx = SHN_UNDEF;
2164 memset(shdr4extnum, 0, sizeof(*shdr4extnum));
2166 shdr4extnum->sh_type = SHT_NULL;
2167 shdr4extnum->sh_size = elf->e_shnum;
2168 shdr4extnum->sh_link = elf->e_shstrndx;
2169 shdr4extnum->sh_info = segs;
2175 * This is a two-pass process; first we find the offsets of the bits,
2176 * and then they are actually written out. If we run out of core limit
2179 static int elf_core_dump(struct coredump_params *cprm)
2184 size_t vma_data_size = 0;
2185 struct vm_area_struct *vma, *gate_vma;
2186 struct elfhdr *elf = NULL;
2187 loff_t offset = 0, dataoff;
2188 struct elf_note_info info = { };
2189 struct elf_phdr *phdr4note = NULL;
2190 struct elf_shdr *shdr4extnum = NULL;
2193 elf_addr_t *vma_filesz = NULL;
2196 * We no longer stop all VM operations.
2198 * This is because those proceses that could possibly change map_count
2199 * or the mmap / vma pages are now blocked in do_exit on current
2200 * finishing this core dump.
2202 * Only ptrace can touch these memory addresses, but it doesn't change
2203 * the map_count or the pages allocated. So no possibility of crashing
2204 * exists while dumping the mm->vm_next areas to the core file.
2207 /* alloc memory for large data structures: too large to be on stack */
2208 elf = kmalloc(sizeof(*elf), GFP_KERNEL);
2212 * The number of segs are recored into ELF header as 16bit value.
2213 * Please check DEFAULT_MAX_MAP_COUNT definition when you modify here.
2215 segs = current->mm->map_count;
2216 segs += elf_core_extra_phdrs();
2218 gate_vma = get_gate_vma(current->mm);
2219 if (gate_vma != NULL)
2222 /* for notes section */
2225 /* If segs > PN_XNUM(0xffff), then e_phnum overflows. To avoid
2226 * this, kernel supports extended numbering. Have a look at
2227 * include/linux/elf.h for further information. */
2228 e_phnum = segs > PN_XNUM ? PN_XNUM : segs;
2231 * Collect all the non-memory information about the process for the
2232 * notes. This also sets up the file header.
2234 if (!fill_note_info(elf, e_phnum, &info, cprm->siginfo, cprm->regs))
2242 offset += sizeof(*elf); /* Elf header */
2243 offset += segs * sizeof(struct elf_phdr); /* Program headers */
2245 /* Write notes phdr entry */
2247 size_t sz = get_note_info_size(&info);
2249 sz += elf_coredump_extra_notes_size();
2251 phdr4note = kmalloc(sizeof(*phdr4note), GFP_KERNEL);
2255 fill_elf_note_phdr(phdr4note, sz, offset);
2259 dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
2261 vma_filesz = kmalloc_array(segs - 1, sizeof(*vma_filesz), GFP_KERNEL);
2265 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
2266 vma = next_vma(vma, gate_vma)) {
2267 unsigned long dump_size;
2269 dump_size = vma_dump_size(vma, cprm->mm_flags);
2270 vma_filesz[i++] = dump_size;
2271 vma_data_size += dump_size;
2274 offset += vma_data_size;
2275 offset += elf_core_extra_data_size();
2278 if (e_phnum == PN_XNUM) {
2279 shdr4extnum = kmalloc(sizeof(*shdr4extnum), GFP_KERNEL);
2282 fill_extnum_info(elf, shdr4extnum, e_shoff, segs);
2287 if (!dump_emit(cprm, elf, sizeof(*elf)))
2290 if (!dump_emit(cprm, phdr4note, sizeof(*phdr4note)))
2293 /* Write program headers for segments dump */
2294 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
2295 vma = next_vma(vma, gate_vma)) {
2296 struct elf_phdr phdr;
2298 phdr.p_type = PT_LOAD;
2299 phdr.p_offset = offset;
2300 phdr.p_vaddr = vma->vm_start;
2302 phdr.p_filesz = vma_filesz[i++];
2303 phdr.p_memsz = vma->vm_end - vma->vm_start;
2304 offset += phdr.p_filesz;
2305 phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
2306 if (vma->vm_flags & VM_WRITE)
2307 phdr.p_flags |= PF_W;
2308 if (vma->vm_flags & VM_EXEC)
2309 phdr.p_flags |= PF_X;
2310 phdr.p_align = ELF_EXEC_PAGESIZE;
2312 if (!dump_emit(cprm, &phdr, sizeof(phdr)))
2316 if (!elf_core_write_extra_phdrs(cprm, offset))
2319 /* write out the notes section */
2320 if (!write_note_info(&info, cprm))
2323 if (elf_coredump_extra_notes_write(cprm))
2327 if (!dump_skip(cprm, dataoff - cprm->pos))
2330 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
2331 vma = next_vma(vma, gate_vma)) {
2335 end = vma->vm_start + vma_filesz[i++];
2337 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
2341 page = get_dump_page(addr);
2343 void *kaddr = kmap(page);
2344 stop = !dump_emit(cprm, kaddr, PAGE_SIZE);
2348 stop = !dump_skip(cprm, PAGE_SIZE);
2353 dump_truncate(cprm);
2355 if (!elf_core_write_extra_data(cprm))
2358 if (e_phnum == PN_XNUM) {
2359 if (!dump_emit(cprm, shdr4extnum, sizeof(*shdr4extnum)))
2367 free_note_info(&info);
2376 #endif /* CONFIG_ELF_CORE */
2378 static int __init init_elf_binfmt(void)
2380 register_binfmt(&elf_format);
2384 static void __exit exit_elf_binfmt(void)
2386 /* Remove the COFF and ELF loaders. */
2387 unregister_binfmt(&elf_format);
2390 core_initcall(init_elf_binfmt);
2391 module_exit(exit_elf_binfmt);
2392 MODULE_LICENSE("GPL");
projects / releases.git / blob