1 /* 2 * linux/fs/binfmt_elf.c 3 * 4 * These are the functions used to load ELF format executables as used 5 * on SVr4 machines. Information on the format may be found in the book 6 * "UNIX SYSTEM V RELEASE 4 Programmers Guide: Ansi C and Programming Support 7 * Tools". 8 * 9 * Copyright 1993, 1994: Eric Youngdale (ericy@cais.com). 10 */ 11 12 #include <linux/module.h> 13 #include <linux/kernel.h> 14 #include <linux/fs.h> 15 #include <linux/mm.h> 16 #include <linux/mman.h> 17 #include <linux/errno.h> 18 #include <linux/signal.h> 19 #include <linux/binfmts.h> 20 #include <linux/string.h> 21 #include <linux/file.h> 22 #include <linux/slab.h> 23 #include <linux/personality.h> 24 #include <linux/elfcore.h> 25 #include <linux/init.h> 26 #include <linux/highuid.h> 27 #include <linux/compiler.h> 28 #include <linux/highmem.h> 29 #include <linux/pagemap.h> 30 #include <linux/vmalloc.h> 31 #include <linux/security.h> 32 #include <linux/random.h> 33 #include <linux/elf.h> 34 #include <linux/elf-randomize.h> 35 #include <linux/utsname.h> 36 #include <linux/coredump.h> 37 #include <linux/sched.h> 38 #include <linux/dax.h> 39 #include <asm/uaccess.h> 40 #include <asm/param.h> 41 #include <asm/page.h> 42 43 #ifndef user_long_t 44 #define user_long_t long 45 #endif 46 #ifndef user_siginfo_t 47 #define user_siginfo_t siginfo_t 48 #endif 49 50 static int load_elf_binary(struct linux_binprm *bprm); 51 static unsigned long elf_map(struct file *, unsigned long, struct elf_phdr *, 52 int, int, unsigned long); 53 54 #ifdef CONFIG_USELIB 55 static int load_elf_library(struct file *); 56 #else 57 #define load_elf_library NULL 58 #endif 59 60 /* 61 * If we don't support core dumping, then supply a NULL so we 62 * don't even try. 63 */ 64 #ifdef CONFIG_ELF_CORE 65 static int elf_core_dump(struct coredump_params *cprm); 66 #else 67 #define elf_core_dump NULL 68 #endif 69 70 #if ELF_EXEC_PAGESIZE > PAGE_SIZE 71 #define ELF_MIN_ALIGN ELF_EXEC_PAGESIZE 72 #else 73 #define ELF_MIN_ALIGN PAGE_SIZE 74 #endif 75 76 #ifndef ELF_CORE_EFLAGS 77 #define ELF_CORE_EFLAGS 0 78 #endif 79 80 #define ELF_PAGESTART(_v) ((_v) & ~(unsigned long)(ELF_MIN_ALIGN-1)) 81 #define ELF_PAGEOFFSET(_v) ((_v) & (ELF_MIN_ALIGN-1)) 82 #define ELF_PAGEALIGN(_v) (((_v) + ELF_MIN_ALIGN - 1) & ~(ELF_MIN_ALIGN - 1)) 83 84 static struct linux_binfmt elf_format = { 85 .module = THIS_MODULE, 86 .load_binary = load_elf_binary, 87 .load_shlib = load_elf_library, 88 .core_dump = elf_core_dump, 89 .min_coredump = ELF_EXEC_PAGESIZE, 90 }; 91 92 #define BAD_ADDR(x) ((unsigned long)(x) >= TASK_SIZE) 93 94 static int set_brk(unsigned long start, unsigned long end) 95 { 96 start = ELF_PAGEALIGN(start); 97 end = ELF_PAGEALIGN(end); 98 if (end > start) { 99 int error = vm_brk(start, end - start); 100 if (error) 101 return error; 102 } 103 current->mm->start_brk = current->mm->brk = end; 104 return 0; 105 } 106 107 /* We need to explicitly zero any fractional pages 108 after the data section (i.e. bss). This would 109 contain the junk from the file that should not 110 be in memory 111 */ 112 static int padzero(unsigned long elf_bss) 113 { 114 unsigned long nbyte; 115 116 nbyte = ELF_PAGEOFFSET(elf_bss); 117 if (nbyte) { 118 nbyte = ELF_MIN_ALIGN - nbyte; 119 if (clear_user((void __user *) elf_bss, nbyte)) 120 return -EFAULT; 121 } 122 return 0; 123 } 124 125 /* Let's use some macros to make this stack manipulation a little clearer */ 126 #ifdef CONFIG_STACK_GROWSUP 127 #define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) + (items)) 128 #define STACK_ROUND(sp, items) \ 129 ((15 + (unsigned long) ((sp) + (items))) &~ 15UL) 130 #define STACK_ALLOC(sp, len) ({ \ 131 elf_addr_t __user *old_sp = (elf_addr_t __user *)sp; sp += len; \ 132 old_sp; }) 133 #else 134 #define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) - (items)) 135 #define STACK_ROUND(sp, items) \ 136 (((unsigned long) (sp - items)) &~ 15UL) 137 #define STACK_ALLOC(sp, len) ({ sp -= len ; sp; }) 138 #endif 139 140 #ifndef ELF_BASE_PLATFORM 141 /* 142 * AT_BASE_PLATFORM indicates the "real" hardware/microarchitecture. 143 * If the arch defines ELF_BASE_PLATFORM (in asm/elf.h), the value 144 * will be copied to the user stack in the same manner as AT_PLATFORM. 145 */ 146 #define ELF_BASE_PLATFORM NULL 147 #endif 148 149 static int 150 create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec, 151 unsigned long load_addr, unsigned long interp_load_addr) 152 { 153 unsigned long p = bprm->p; 154 int argc = bprm->argc; 155 int envc = bprm->envc; 156 elf_addr_t __user *argv; 157 elf_addr_t __user *envp; 158 elf_addr_t __user *sp; 159 elf_addr_t __user *u_platform; 160 elf_addr_t __user *u_base_platform; 161 elf_addr_t __user *u_rand_bytes; 162 const char *k_platform = ELF_PLATFORM; 163 const char *k_base_platform = ELF_BASE_PLATFORM; 164 unsigned char k_rand_bytes[16]; 165 int items; 166 elf_addr_t *elf_info; 167 int ei_index = 0; 168 const struct cred *cred = current_cred(); 169 struct vm_area_struct *vma; 170 171 /* 172 * In some cases (e.g. Hyper-Threading), we want to avoid L1 173 * evictions by the processes running on the same package. One 174 * thing we can do is to shuffle the initial stack for them. 175 */ 176 177 p = arch_align_stack(p); 178 179 /* 180 * If this architecture has a platform capability string, copy it 181 * to userspace. In some cases (Sparc), this info is impossible 182 * for userspace to get any other way, in others (i386) it is 183 * merely difficult. 184 */ 185 u_platform = NULL; 186 if (k_platform) { 187 size_t len = strlen(k_platform) + 1; 188 189 u_platform = (elf_addr_t __user *)STACK_ALLOC(p, len); 190 if (__copy_to_user(u_platform, k_platform, len)) 191 return -EFAULT; 192 } 193 194 /* 195 * If this architecture has a "base" platform capability 196 * string, copy it to userspace. 197 */ 198 u_base_platform = NULL; 199 if (k_base_platform) { 200 size_t len = strlen(k_base_platform) + 1; 201 202 u_base_platform = (elf_addr_t __user *)STACK_ALLOC(p, len); 203 if (__copy_to_user(u_base_platform, k_base_platform, len)) 204 return -EFAULT; 205 } 206 207 /* 208 * Generate 16 random bytes for userspace PRNG seeding. 209 */ 210 get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes)); 211 u_rand_bytes = (elf_addr_t __user *) 212 STACK_ALLOC(p, sizeof(k_rand_bytes)); 213 if (__copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes))) 214 return -EFAULT; 215 216 /* Create the ELF interpreter info */ 217 elf_info = (elf_addr_t *)current->mm->saved_auxv; 218 /* update AT_VECTOR_SIZE_BASE if the number of NEW_AUX_ENT() changes */ 219 #define NEW_AUX_ENT(id, val) \ 220 do { \ 221 elf_info[ei_index++] = id; \ 222 elf_info[ei_index++] = val; \ 223 } while (0) 224 225 #ifdef ARCH_DLINFO 226 /* 227 * ARCH_DLINFO must come first so PPC can do its special alignment of 228 * AUXV. 229 * update AT_VECTOR_SIZE_ARCH if the number of NEW_AUX_ENT() in 230 * ARCH_DLINFO changes 231 */ 232 ARCH_DLINFO; 233 #endif 234 NEW_AUX_ENT(AT_HWCAP, ELF_HWCAP); 235 NEW_AUX_ENT(AT_PAGESZ, ELF_EXEC_PAGESIZE); 236 NEW_AUX_ENT(AT_CLKTCK, CLOCKS_PER_SEC); 237 NEW_AUX_ENT(AT_PHDR, load_addr + exec->e_phoff); 238 NEW_AUX_ENT(AT_PHENT, sizeof(struct elf_phdr)); 239 NEW_AUX_ENT(AT_PHNUM, exec->e_phnum); 240 NEW_AUX_ENT(AT_BASE, interp_load_addr); 241 NEW_AUX_ENT(AT_FLAGS, 0); 242 NEW_AUX_ENT(AT_ENTRY, exec->e_entry); 243 NEW_AUX_ENT(AT_UID, from_kuid_munged(cred->user_ns, cred->uid)); 244 NEW_AUX_ENT(AT_EUID, from_kuid_munged(cred->user_ns, cred->euid)); 245 NEW_AUX_ENT(AT_GID, from_kgid_munged(cred->user_ns, cred->gid)); 246 NEW_AUX_ENT(AT_EGID, from_kgid_munged(cred->user_ns, cred->egid)); 247 NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm)); 248 NEW_AUX_ENT(AT_RANDOM, (elf_addr_t)(unsigned long)u_rand_bytes); 249 #ifdef ELF_HWCAP2 250 NEW_AUX_ENT(AT_HWCAP2, ELF_HWCAP2); 251 #endif 252 NEW_AUX_ENT(AT_EXECFN, bprm->exec); 253 if (k_platform) { 254 NEW_AUX_ENT(AT_PLATFORM, 255 (elf_addr_t)(unsigned long)u_platform); 256 } 257 if (k_base_platform) { 258 NEW_AUX_ENT(AT_BASE_PLATFORM, 259 (elf_addr_t)(unsigned long)u_base_platform); 260 } 261 if (bprm->interp_flags & BINPRM_FLAGS_EXECFD) { 262 NEW_AUX_ENT(AT_EXECFD, bprm->interp_data); 263 } 264 #undef NEW_AUX_ENT 265 /* AT_NULL is zero; clear the rest too */ 266 memset(&elf_info[ei_index], 0, 267 sizeof current->mm->saved_auxv - ei_index * sizeof elf_info[0]); 268 269 /* And advance past the AT_NULL entry. */ 270 ei_index += 2; 271 272 sp = STACK_ADD(p, ei_index); 273 274 items = (argc + 1) + (envc + 1) + 1; 275 bprm->p = STACK_ROUND(sp, items); 276 277 /* Point sp at the lowest address on the stack */ 278 #ifdef CONFIG_STACK_GROWSUP 279 sp = (elf_addr_t __user *)bprm->p - items - ei_index; 280 bprm->exec = (unsigned long)sp; /* XXX: PARISC HACK */ 281 #else 282 sp = (elf_addr_t __user *)bprm->p; 283 #endif 284 285 286 /* 287 * Grow the stack manually; some architectures have a limit on how 288 * far ahead a user-space access may be in order to grow the stack. 289 */ 290 vma = find_extend_vma(current->mm, bprm->p); 291 if (!vma) 292 return -EFAULT; 293 294 /* Now, let's put argc (and argv, envp if appropriate) on the stack */ 295 if (__put_user(argc, sp++)) 296 return -EFAULT; 297 argv = sp; 298 envp = argv + argc + 1; 299 300 /* Populate argv and envp */ 301 p = current->mm->arg_end = current->mm->arg_start; 302 while (argc-- > 0) { 303 size_t len; 304 if (__put_user((elf_addr_t)p, argv++)) 305 return -EFAULT; 306 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN); 307 if (!len || len > MAX_ARG_STRLEN) 308 return -EINVAL; 309 p += len; 310 } 311 if (__put_user(0, argv)) 312 return -EFAULT; 313 current->mm->arg_end = current->mm->env_start = p; 314 while (envc-- > 0) { 315 size_t len; 316 if (__put_user((elf_addr_t)p, envp++)) 317 return -EFAULT; 318 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN); 319 if (!len || len > MAX_ARG_STRLEN) 320 return -EINVAL; 321 p += len; 322 } 323 if (__put_user(0, envp)) 324 return -EFAULT; 325 current->mm->env_end = p; 326 327 /* Put the elf_info on the stack in the right place. */ 328 sp = (elf_addr_t __user *)envp + 1; 329 if (copy_to_user(sp, elf_info, ei_index * sizeof(elf_addr_t))) 330 return -EFAULT; 331 return 0; 332 } 333 334 #ifndef elf_map 335 336 static unsigned long elf_map(struct file *filep, unsigned long addr, 337 struct elf_phdr *eppnt, int prot, int type, 338 unsigned long total_size) 339 { 340 unsigned long map_addr; 341 unsigned long size = eppnt->p_filesz + ELF_PAGEOFFSET(eppnt->p_vaddr); 342 unsigned long off = eppnt->p_offset - ELF_PAGEOFFSET(eppnt->p_vaddr); 343 addr = ELF_PAGESTART(addr); 344 size = ELF_PAGEALIGN(size); 345 346 /* mmap() will return -EINVAL if given a zero size, but a 347 * segment with zero filesize is perfectly valid */ 348 if (!size) 349 return addr; 350 351 /* 352 * total_size is the size of the ELF (interpreter) image. 353 * The _first_ mmap needs to know the full size, otherwise 354 * randomization might put this image into an overlapping 355 * position with the ELF binary image. (since size < total_size) 356 * So we first map the 'big' image - and unmap the remainder at 357 * the end. (which unmap is needed for ELF images with holes.) 358 */ 359 if (total_size) { 360 total_size = ELF_PAGEALIGN(total_size); 361 map_addr = vm_mmap(filep, addr, total_size, prot, type, off); 362 if (!BAD_ADDR(map_addr)) 363 vm_munmap(map_addr+size, total_size-size); 364 } else 365 map_addr = vm_mmap(filep, addr, size, prot, type, off); 366 367 return(map_addr); 368 } 369 370 #endif /* !elf_map */ 371 372 static unsigned long total_mapping_size(struct elf_phdr *cmds, int nr) 373 { 374 int i, first_idx = -1, last_idx = -1; 375 376 for (i = 0; i < nr; i++) { 377 if (cmds[i].p_type == PT_LOAD) { 378 last_idx = i; 379 if (first_idx == -1) 380 first_idx = i; 381 } 382 } 383 if (first_idx == -1) 384 return 0; 385 386 return cmds[last_idx].p_vaddr + cmds[last_idx].p_memsz - 387 ELF_PAGESTART(cmds[first_idx].p_vaddr); 388 } 389 390 /** 391 * load_elf_phdrs() - load ELF program headers 392 * @elf_ex: ELF header of the binary whose program headers should be loaded 393 * @elf_file: the opened ELF binary file 394 * 395 * Loads ELF program headers from the binary file elf_file, which has the ELF 396 * header pointed to by elf_ex, into a newly allocated array. The caller is 397 * responsible for freeing the allocated data. Returns an ERR_PTR upon failure. 398 */ 399 static struct elf_phdr *load_elf_phdrs(struct elfhdr *elf_ex, 400 struct file *elf_file) 401 { 402 struct elf_phdr *elf_phdata = NULL; 403 int retval, size, err = -1; 404 405 /* 406 * If the size of this structure has changed, then punt, since 407 * we will be doing the wrong thing. 408 */ 409 if (elf_ex->e_phentsize != sizeof(struct elf_phdr)) 410 goto out; 411 412 /* Sanity check the number of program headers... */ 413 if (elf_ex->e_phnum < 1 || 414 elf_ex->e_phnum > 65536U / sizeof(struct elf_phdr)) 415 goto out; 416 417 /* ...and their total size. */ 418 size = sizeof(struct elf_phdr) * elf_ex->e_phnum; 419 if (size > ELF_MIN_ALIGN) 420 goto out; 421 422 elf_phdata = kmalloc(size, GFP_KERNEL); 423 if (!elf_phdata) 424 goto out; 425 426 /* Read in the program headers */ 427 retval = kernel_read(elf_file, elf_ex->e_phoff, 428 (char *)elf_phdata, size); 429 if (retval != size) { 430 err = (retval < 0) ? retval : -EIO; 431 goto out; 432 } 433 434 /* Success! */ 435 err = 0; 436 out: 437 if (err) { 438 kfree(elf_phdata); 439 elf_phdata = NULL; 440 } 441 return elf_phdata; 442 } 443 444 #ifndef CONFIG_ARCH_BINFMT_ELF_STATE 445 446 /** 447 * struct arch_elf_state - arch-specific ELF loading state 448 * 449 * This structure is used to preserve architecture specific data during 450 * the loading of an ELF file, throughout the checking of architecture 451 * specific ELF headers & through to the point where the ELF load is 452 * known to be proceeding (ie. SET_PERSONALITY). 453 * 454 * This implementation is a dummy for architectures which require no 455 * specific state. 456 */ 457 struct arch_elf_state { 458 }; 459 460 #define INIT_ARCH_ELF_STATE {} 461 462 /** 463 * arch_elf_pt_proc() - check a PT_LOPROC..PT_HIPROC ELF program header 464 * @ehdr: The main ELF header 465 * @phdr: The program header to check 466 * @elf: The open ELF file 467 * @is_interp: True if the phdr is from the interpreter of the ELF being 468 * loaded, else false. 469 * @state: Architecture-specific state preserved throughout the process 470 * of loading the ELF. 471 * 472 * Inspects the program header phdr to validate its correctness and/or 473 * suitability for the system. Called once per ELF program header in the 474 * range PT_LOPROC to PT_HIPROC, for both the ELF being loaded and its 475 * interpreter. 476 * 477 * Return: Zero to proceed with the ELF load, non-zero to fail the ELF load 478 * with that return code. 479 */ 480 static inline int arch_elf_pt_proc(struct elfhdr *ehdr, 481 struct elf_phdr *phdr, 482 struct file *elf, bool is_interp, 483 struct arch_elf_state *state) 484 { 485 /* Dummy implementation, always proceed */ 486 return 0; 487 } 488 489 /** 490 * arch_check_elf() - check an ELF executable 491 * @ehdr: The main ELF header 492 * @has_interp: True if the ELF has an interpreter, else false. 493 * @interp_ehdr: The interpreter's ELF header 494 * @state: Architecture-specific state preserved throughout the process 495 * of loading the ELF. 496 * 497 * Provides a final opportunity for architecture code to reject the loading 498 * of the ELF & cause an exec syscall to return an error. This is called after 499 * all program headers to be checked by arch_elf_pt_proc have been. 500 * 501 * Return: Zero to proceed with the ELF load, non-zero to fail the ELF load 502 * with that return code. 503 */ 504 static inline int arch_check_elf(struct elfhdr *ehdr, bool has_interp, 505 struct elfhdr *interp_ehdr, 506 struct arch_elf_state *state) 507 { 508 /* Dummy implementation, always proceed */ 509 return 0; 510 } 511 512 #endif /* !CONFIG_ARCH_BINFMT_ELF_STATE */ 513 514 /* This is much more generalized than the library routine read function, 515 so we keep this separate. Technically the library read function 516 is only provided so that we can read a.out libraries that have 517 an ELF header */ 518 519 static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, 520 struct file *interpreter, unsigned long *interp_map_addr, 521 unsigned long no_base, struct elf_phdr *interp_elf_phdata) 522 { 523 struct elf_phdr *eppnt; 524 unsigned long load_addr = 0; 525 int load_addr_set = 0; 526 unsigned long last_bss = 0, elf_bss = 0; 527 unsigned long error = ~0UL; 528 unsigned long total_size; 529 int i; 530 531 /* First of all, some simple consistency checks */ 532 if (interp_elf_ex->e_type != ET_EXEC && 533 interp_elf_ex->e_type != ET_DYN) 534 goto out; 535 if (!elf_check_arch(interp_elf_ex)) 536 goto out; 537 if (!interpreter->f_op->mmap) 538 goto out; 539 540 total_size = total_mapping_size(interp_elf_phdata, 541 interp_elf_ex->e_phnum); 542 if (!total_size) { 543 error = -EINVAL; 544 goto out; 545 } 546 547 eppnt = interp_elf_phdata; 548 for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) { 549 if (eppnt->p_type == PT_LOAD) { 550 int elf_type = MAP_PRIVATE | MAP_DENYWRITE; 551 int elf_prot = 0; 552 unsigned long vaddr = 0; 553 unsigned long k, map_addr; 554 555 if (eppnt->p_flags & PF_R) 556 elf_prot = PROT_READ; 557 if (eppnt->p_flags & PF_W) 558 elf_prot |= PROT_WRITE; 559 if (eppnt->p_flags & PF_X) 560 elf_prot |= PROT_EXEC; 561 vaddr = eppnt->p_vaddr; 562 if (interp_elf_ex->e_type == ET_EXEC || load_addr_set) 563 elf_type |= MAP_FIXED; 564 else if (no_base && interp_elf_ex->e_type == ET_DYN) 565 load_addr = -vaddr; 566 567 map_addr = elf_map(interpreter, load_addr + vaddr, 568 eppnt, elf_prot, elf_type, total_size); 569 total_size = 0; 570 if (!*interp_map_addr) 571 *interp_map_addr = map_addr; 572 error = map_addr; 573 if (BAD_ADDR(map_addr)) 574 goto out; 575 576 if (!load_addr_set && 577 interp_elf_ex->e_type == ET_DYN) { 578 load_addr = map_addr - ELF_PAGESTART(vaddr); 579 load_addr_set = 1; 580 } 581 582 /* 583 * Check to see if the section's size will overflow the 584 * allowed task size. Note that p_filesz must always be 585 * <= p_memsize so it's only necessary to check p_memsz. 586 */ 587 k = load_addr + eppnt->p_vaddr; 588 if (BAD_ADDR(k) || 589 eppnt->p_filesz > eppnt->p_memsz || 590 eppnt->p_memsz > TASK_SIZE || 591 TASK_SIZE - eppnt->p_memsz < k) { 592 error = -ENOMEM; 593 goto out; 594 } 595 596 /* 597 * Find the end of the file mapping for this phdr, and 598 * keep track of the largest address we see for this. 599 */ 600 k = load_addr + eppnt->p_vaddr + eppnt->p_filesz; 601 if (k > elf_bss) 602 elf_bss = k; 603 604 /* 605 * Do the same thing for the memory mapping - between 606 * elf_bss and last_bss is the bss section. 607 */ 608 k = load_addr + eppnt->p_memsz + eppnt->p_vaddr; 609 if (k > last_bss) 610 last_bss = k; 611 } 612 } 613 614 if (last_bss > elf_bss) { 615 /* 616 * Now fill out the bss section. First pad the last page up 617 * to the page boundary, and then perform a mmap to make sure 618 * that there are zero-mapped pages up to and including the 619 * last bss page. 620 */ 621 if (padzero(elf_bss)) { 622 error = -EFAULT; 623 goto out; 624 } 625 626 /* What we have mapped so far */ 627 elf_bss = ELF_PAGESTART(elf_bss + ELF_MIN_ALIGN - 1); 628 629 /* Map the last of the bss segment */ 630 error = vm_brk(elf_bss, last_bss - elf_bss); 631 if (error) 632 goto out; 633 } 634 635 error = load_addr; 636 out: 637 return error; 638 } 639 640 /* 641 * These are the functions used to load ELF style executables and shared 642 * libraries. There is no binary dependent code anywhere else. 643 */ 644 645 #ifndef STACK_RND_MASK 646 #define STACK_RND_MASK (0x7ff >> (PAGE_SHIFT - 12)) /* 8MB of VA */ 647 #endif 648 649 static unsigned long randomize_stack_top(unsigned long stack_top) 650 { 651 unsigned long random_variable = 0; 652 653 if ((current->flags & PF_RANDOMIZE) && 654 !(current->personality & ADDR_NO_RANDOMIZE)) { 655 random_variable = get_random_long(); 656 random_variable &= STACK_RND_MASK; 657 random_variable <<= PAGE_SHIFT; 658 } 659 #ifdef CONFIG_STACK_GROWSUP 660 return PAGE_ALIGN(stack_top) + random_variable; 661 #else 662 return PAGE_ALIGN(stack_top) - random_variable; 663 #endif 664 } 665 666 static int load_elf_binary(struct linux_binprm *bprm) 667 { 668 struct file *interpreter = NULL; /* to shut gcc up */ 669 unsigned long load_addr = 0, load_bias = 0; 670 int load_addr_set = 0; 671 char * elf_interpreter = NULL; 672 unsigned long error; 673 struct elf_phdr *elf_ppnt, *elf_phdata, *interp_elf_phdata = NULL; 674 unsigned long elf_bss, elf_brk; 675 int retval, i; 676 unsigned long elf_entry; 677 unsigned long interp_load_addr = 0; 678 unsigned long start_code, end_code, start_data, end_data; 679 unsigned long reloc_func_desc __maybe_unused = 0; 680 int executable_stack = EXSTACK_DEFAULT; 681 struct pt_regs *regs = current_pt_regs(); 682 struct { 683 struct elfhdr elf_ex; 684 struct elfhdr interp_elf_ex; 685 } *loc; 686 struct arch_elf_state arch_state = INIT_ARCH_ELF_STATE; 687 688 loc = kmalloc(sizeof(*loc), GFP_KERNEL); 689 if (!loc) { 690 retval = -ENOMEM; 691 goto out_ret; 692 } 693 694 /* Get the exec-header */ 695 loc->elf_ex = *((struct elfhdr *)bprm->buf); 696 697 retval = -ENOEXEC; 698 /* First of all, some simple consistency checks */ 699 if (memcmp(loc->elf_ex.e_ident, ELFMAG, SELFMAG) != 0) 700 goto out; 701 702 if (loc->elf_ex.e_type != ET_EXEC && loc->elf_ex.e_type != ET_DYN) 703 goto out; 704 if (!elf_check_arch(&loc->elf_ex)) 705 goto out; 706 if (!bprm->file->f_op->mmap) 707 goto out; 708 709 elf_phdata = load_elf_phdrs(&loc->elf_ex, bprm->file); 710 if (!elf_phdata) 711 goto out; 712 713 elf_ppnt = elf_phdata; 714 elf_bss = 0; 715 elf_brk = 0; 716 717 start_code = ~0UL; 718 end_code = 0; 719 start_data = 0; 720 end_data = 0; 721 722 for (i = 0; i < loc->elf_ex.e_phnum; i++) { 723 if (elf_ppnt->p_type == PT_INTERP) { 724 /* This is the program interpreter used for 725 * shared libraries - for now assume that this 726 * is an a.out format binary 727 */ 728 retval = -ENOEXEC; 729 if (elf_ppnt->p_filesz > PATH_MAX || 730 elf_ppnt->p_filesz < 2) 731 goto out_free_ph; 732 733 retval = -ENOMEM; 734 elf_interpreter = kmalloc(elf_ppnt->p_filesz, 735 GFP_KERNEL); 736 if (!elf_interpreter) 737 goto out_free_ph; 738 739 retval = kernel_read(bprm->file, elf_ppnt->p_offset, 740 elf_interpreter, 741 elf_ppnt->p_filesz); 742 if (retval != elf_ppnt->p_filesz) { 743 if (retval >= 0) 744 retval = -EIO; 745 goto out_free_interp; 746 } 747 /* make sure path is NULL terminated */ 748 retval = -ENOEXEC; 749 if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0') 750 goto out_free_interp; 751 752 interpreter = open_exec(elf_interpreter); 753 retval = PTR_ERR(interpreter); 754 if (IS_ERR(interpreter)) 755 goto out_free_interp; 756 757 /* 758 * If the binary is not readable then enforce 759 * mm->dumpable = 0 regardless of the interpreter's 760 * permissions. 761 */ 762 would_dump(bprm, interpreter); 763 764 /* Get the exec headers */ 765 retval = kernel_read(interpreter, 0, 766 (void *)&loc->interp_elf_ex, 767 sizeof(loc->interp_elf_ex)); 768 if (retval != sizeof(loc->interp_elf_ex)) { 769 if (retval >= 0) 770 retval = -EIO; 771 goto out_free_dentry; 772 } 773 774 break; 775 } 776 elf_ppnt++; 777 } 778 779 elf_ppnt = elf_phdata; 780 for (i = 0; i < loc->elf_ex.e_phnum; i++, elf_ppnt++) 781 switch (elf_ppnt->p_type) { 782 case PT_GNU_STACK: 783 if (elf_ppnt->p_flags & PF_X) 784 executable_stack = EXSTACK_ENABLE_X; 785 else 786 executable_stack = EXSTACK_DISABLE_X; 787 break; 788 789 case PT_LOPROC ... PT_HIPROC: 790 retval = arch_elf_pt_proc(&loc->elf_ex, elf_ppnt, 791 bprm->file, false, 792 &arch_state); 793 if (retval) 794 goto out_free_dentry; 795 break; 796 } 797 798 /* Some simple consistency checks for the interpreter */ 799 if (elf_interpreter) { 800 retval = -ELIBBAD; 801 /* Not an ELF interpreter */ 802 if (memcmp(loc->interp_elf_ex.e_ident, ELFMAG, SELFMAG) != 0) 803 goto out_free_dentry; 804 /* Verify the interpreter has a valid arch */ 805 if (!elf_check_arch(&loc->interp_elf_ex)) 806 goto out_free_dentry; 807 808 /* Load the interpreter program headers */ 809 interp_elf_phdata = load_elf_phdrs(&loc->interp_elf_ex, 810 interpreter); 811 if (!interp_elf_phdata) 812 goto out_free_dentry; 813 814 /* Pass PT_LOPROC..PT_HIPROC headers to arch code */ 815 elf_ppnt = interp_elf_phdata; 816 for (i = 0; i < loc->interp_elf_ex.e_phnum; i++, elf_ppnt++) 817 switch (elf_ppnt->p_type) { 818 case PT_LOPROC ... PT_HIPROC: 819 retval = arch_elf_pt_proc(&loc->interp_elf_ex, 820 elf_ppnt, interpreter, 821 true, &arch_state); 822 if (retval) 823 goto out_free_dentry; 824 break; 825 } 826 } 827 828 /* 829 * Allow arch code to reject the ELF at this point, whilst it's 830 * still possible to return an error to the code that invoked 831 * the exec syscall. 832 */ 833 retval = arch_check_elf(&loc->elf_ex, 834 !!interpreter, &loc->interp_elf_ex, 835 &arch_state); 836 if (retval) 837 goto out_free_dentry; 838 839 /* Flush all traces of the currently running executable */ 840 retval = flush_old_exec(bprm); 841 if (retval) 842 goto out_free_dentry; 843 844 /* Do this immediately, since STACK_TOP as used in setup_arg_pages 845 may depend on the personality. */ 846 SET_PERSONALITY2(loc->elf_ex, &arch_state); 847 if (elf_read_implies_exec(loc->elf_ex, executable_stack)) 848 current->personality |= READ_IMPLIES_EXEC; 849 850 if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space) 851 current->flags |= PF_RANDOMIZE; 852 853 setup_new_exec(bprm); 854 855 /* Do this so that we can load the interpreter, if need be. We will 856 change some of these later */ 857 retval = setup_arg_pages(bprm, randomize_stack_top(STACK_TOP), 858 executable_stack); 859 if (retval < 0) 860 goto out_free_dentry; 861 862 current->mm->start_stack = bprm->p; 863 864 /* Now we do a little grungy work by mmapping the ELF image into 865 the correct location in memory. */ 866 for(i = 0, elf_ppnt = elf_phdata; 867 i < loc->elf_ex.e_phnum; i++, elf_ppnt++) { 868 int elf_prot = 0, elf_flags; 869 unsigned long k, vaddr; 870 unsigned long total_size = 0; 871 872 if (elf_ppnt->p_type != PT_LOAD) 873 continue; 874 875 if (unlikely (elf_brk > elf_bss)) { 876 unsigned long nbyte; 877 878 /* There was a PT_LOAD segment with p_memsz > p_filesz 879 before this one. Map anonymous pages, if needed, 880 and clear the area. */ 881 retval = set_brk(elf_bss + load_bias, 882 elf_brk + load_bias); 883 if (retval) 884 goto out_free_dentry; 885 nbyte = ELF_PAGEOFFSET(elf_bss); 886 if (nbyte) { 887 nbyte = ELF_MIN_ALIGN - nbyte; 888 if (nbyte > elf_brk - elf_bss) 889 nbyte = elf_brk - elf_bss; 890 if (clear_user((void __user *)elf_bss + 891 load_bias, nbyte)) { 892 /* 893 * This bss-zeroing can fail if the ELF 894 * file specifies odd protections. So 895 * we don't check the return value 896 */ 897 } 898 } 899 } 900 901 if (elf_ppnt->p_flags & PF_R) 902 elf_prot |= PROT_READ; 903 if (elf_ppnt->p_flags & PF_W) 904 elf_prot |= PROT_WRITE; 905 if (elf_ppnt->p_flags & PF_X) 906 elf_prot |= PROT_EXEC; 907 908 elf_flags = MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE; 909 910 vaddr = elf_ppnt->p_vaddr; 911 if (loc->elf_ex.e_type == ET_EXEC || load_addr_set) { 912 elf_flags |= MAP_FIXED; 913 } else if (loc->elf_ex.e_type == ET_DYN) { 914 /* Try and get dynamic programs out of the way of the 915 * default mmap base, as well as whatever program they 916 * might try to exec. This is because the brk will 917 * follow the loader, and is not movable. */ 918 load_bias = ELF_ET_DYN_BASE - vaddr; 919 if (current->flags & PF_RANDOMIZE) 920 load_bias += arch_mmap_rnd(); 921 load_bias = ELF_PAGESTART(load_bias); 922 total_size = total_mapping_size(elf_phdata, 923 loc->elf_ex.e_phnum); 924 if (!total_size) { 925 retval = -EINVAL; 926 goto out_free_dentry; 927 } 928 } 929 930 error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, 931 elf_prot, elf_flags, total_size); 932 if (BAD_ADDR(error)) { 933 retval = IS_ERR((void *)error) ? 934 PTR_ERR((void*)error) : -EINVAL; 935 goto out_free_dentry; 936 } 937 938 if (!load_addr_set) { 939 load_addr_set = 1; 940 load_addr = (elf_ppnt->p_vaddr - elf_ppnt->p_offset); 941 if (loc->elf_ex.e_type == ET_DYN) { 942 load_bias += error - 943 ELF_PAGESTART(load_bias + vaddr); 944 load_addr += load_bias; 945 reloc_func_desc = load_bias; 946 } 947 } 948 k = elf_ppnt->p_vaddr; 949 if (k < start_code) 950 start_code = k; 951 if (start_data < k) 952 start_data = k; 953 954 /* 955 * Check to see if the section's size will overflow the 956 * allowed task size. Note that p_filesz must always be 957 * <= p_memsz so it is only necessary to check p_memsz. 958 */ 959 if (BAD_ADDR(k) || elf_ppnt->p_filesz > elf_ppnt->p_memsz || 960 elf_ppnt->p_memsz > TASK_SIZE || 961 TASK_SIZE - elf_ppnt->p_memsz < k) { 962 /* set_brk can never work. Avoid overflows. */ 963 retval = -EINVAL; 964 goto out_free_dentry; 965 } 966 967 k = elf_ppnt->p_vaddr + elf_ppnt->p_filesz; 968 969 if (k > elf_bss) 970 elf_bss = k; 971 if ((elf_ppnt->p_flags & PF_X) && end_code < k) 972 end_code = k; 973 if (end_data < k) 974 end_data = k; 975 k = elf_ppnt->p_vaddr + elf_ppnt->p_memsz; 976 if (k > elf_brk) 977 elf_brk = k; 978 } 979 980 loc->elf_ex.e_entry += load_bias; 981 elf_bss += load_bias; 982 elf_brk += load_bias; 983 start_code += load_bias; 984 end_code += load_bias; 985 start_data += load_bias; 986 end_data += load_bias; 987 988 /* Calling set_brk effectively mmaps the pages that we need 989 * for the bss and break sections. We must do this before 990 * mapping in the interpreter, to make sure it doesn't wind 991 * up getting placed where the bss needs to go. 992 */ 993 retval = set_brk(elf_bss, elf_brk); 994 if (retval) 995 goto out_free_dentry; 996 if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) { 997 retval = -EFAULT; /* Nobody gets to see this, but.. */ 998 goto out_free_dentry; 999 } 1000 1001 if (elf_interpreter) { 1002 unsigned long interp_map_addr = 0; 1003 1004 elf_entry = load_elf_interp(&loc->interp_elf_ex, 1005 interpreter, 1006 &interp_map_addr, 1007 load_bias, interp_elf_phdata); 1008 if (!IS_ERR((void *)elf_entry)) { 1009 /* 1010 * load_elf_interp() returns relocation 1011 * adjustment 1012 */ 1013 interp_load_addr = elf_entry; 1014 elf_entry += loc->interp_elf_ex.e_entry; 1015 } 1016 if (BAD_ADDR(elf_entry)) { 1017 retval = IS_ERR((void *)elf_entry) ? 1018 (int)elf_entry : -EINVAL; 1019 goto out_free_dentry; 1020 } 1021 reloc_func_desc = interp_load_addr; 1022 1023 allow_write_access(interpreter); 1024 fput(interpreter); 1025 kfree(elf_interpreter); 1026 } else { 1027 elf_entry = loc->elf_ex.e_entry; 1028 if (BAD_ADDR(elf_entry)) { 1029 retval = -EINVAL; 1030 goto out_free_dentry; 1031 } 1032 } 1033 1034 kfree(interp_elf_phdata); 1035 kfree(elf_phdata); 1036 1037 set_binfmt(&elf_format); 1038 1039 #ifdef ARCH_HAS_SETUP_ADDITIONAL_PAGES 1040 retval = arch_setup_additional_pages(bprm, !!elf_interpreter); 1041 if (retval < 0) 1042 goto out; 1043 #endif /* ARCH_HAS_SETUP_ADDITIONAL_PAGES */ 1044 1045 install_exec_creds(bprm); 1046 retval = create_elf_tables(bprm, &loc->elf_ex, 1047 load_addr, interp_load_addr); 1048 if (retval < 0) 1049 goto out; 1050 /* N.B. passed_fileno might not be initialized? */ 1051 current->mm->end_code = end_code; 1052 current->mm->start_code = start_code; 1053 current->mm->start_data = start_data; 1054 current->mm->end_data = end_data; 1055 current->mm->start_stack = bprm->p; 1056 1057 if ((current->flags & PF_RANDOMIZE) && (randomize_va_space > 1)) { 1058 current->mm->brk = current->mm->start_brk = 1059 arch_randomize_brk(current->mm); 1060 #ifdef compat_brk_randomized 1061 current->brk_randomized = 1; 1062 #endif 1063 } 1064 1065 if (current->personality & MMAP_PAGE_ZERO) { 1066 /* Why this, you ask??? Well SVr4 maps page 0 as read-only, 1067 and some applications "depend" upon this behavior. 1068 Since we do not have the power to recompile these, we 1069 emulate the SVr4 behavior. Sigh. */ 1070 error = vm_mmap(NULL, 0, PAGE_SIZE, PROT_READ | PROT_EXEC, 1071 MAP_FIXED | MAP_PRIVATE, 0); 1072 } 1073 1074 #ifdef ELF_PLAT_INIT 1075 /* 1076 * The ABI may specify that certain registers be set up in special 1077 * ways (on i386 %edx is the address of a DT_FINI function, for 1078 * example. In addition, it may also specify (eg, PowerPC64 ELF) 1079 * that the e_entry field is the address of the function descriptor 1080 * for the startup routine, rather than the address of the startup 1081 * routine itself. This macro performs whatever initialization to 1082 * the regs structure is required as well as any relocations to the 1083 * function descriptor entries when executing dynamically links apps. 1084 */ 1085 ELF_PLAT_INIT(regs, reloc_func_desc); 1086 #endif 1087 1088 start_thread(regs, elf_entry, bprm->p); 1089 retval = 0; 1090 out: 1091 kfree(loc); 1092 out_ret: 1093 return retval; 1094 1095 /* error cleanup */ 1096 out_free_dentry: 1097 kfree(interp_elf_phdata); 1098 allow_write_access(interpreter); 1099 if (interpreter) 1100 fput(interpreter); 1101 out_free_interp: 1102 kfree(elf_interpreter); 1103 out_free_ph: 1104 kfree(elf_phdata); 1105 goto out; 1106 } 1107 1108 #ifdef CONFIG_USELIB 1109 /* This is really simpleminded and specialized - we are loading an 1110 a.out library that is given an ELF header. */ 1111 static int load_elf_library(struct file *file) 1112 { 1113 struct elf_phdr *elf_phdata; 1114 struct elf_phdr *eppnt; 1115 unsigned long elf_bss, bss, len; 1116 int retval, error, i, j; 1117 struct elfhdr elf_ex; 1118 1119 error = -ENOEXEC; 1120 retval = kernel_read(file, 0, (char *)&elf_ex, sizeof(elf_ex)); 1121 if (retval != sizeof(elf_ex)) 1122 goto out; 1123 1124 if (memcmp(elf_ex.e_ident, ELFMAG, SELFMAG) != 0) 1125 goto out; 1126 1127 /* First of all, some simple consistency checks */ 1128 if (elf_ex.e_type != ET_EXEC || elf_ex.e_phnum > 2 || 1129 !elf_check_arch(&elf_ex) || !file->f_op->mmap) 1130 goto out; 1131 1132 /* Now read in all of the header information */ 1133 1134 j = sizeof(struct elf_phdr) * elf_ex.e_phnum; 1135 /* j < ELF_MIN_ALIGN because elf_ex.e_phnum <= 2 */ 1136 1137 error = -ENOMEM; 1138 elf_phdata = kmalloc(j, GFP_KERNEL); 1139 if (!elf_phdata) 1140 goto out; 1141 1142 eppnt = elf_phdata; 1143 error = -ENOEXEC; 1144 retval = kernel_read(file, elf_ex.e_phoff, (char *)eppnt, j); 1145 if (retval != j) 1146 goto out_free_ph; 1147 1148 for (j = 0, i = 0; i<elf_ex.e_phnum; i++) 1149 if ((eppnt + i)->p_type == PT_LOAD) 1150 j++; 1151 if (j != 1) 1152 goto out_free_ph; 1153 1154 while (eppnt->p_type != PT_LOAD) 1155 eppnt++; 1156 1157 /* Now use mmap to map the library into memory. */ 1158 error = vm_mmap(file, 1159 ELF_PAGESTART(eppnt->p_vaddr), 1160 (eppnt->p_filesz + 1161 ELF_PAGEOFFSET(eppnt->p_vaddr)), 1162 PROT_READ | PROT_WRITE | PROT_EXEC, 1163 MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE, 1164 (eppnt->p_offset - 1165 ELF_PAGEOFFSET(eppnt->p_vaddr))); 1166 if (error != ELF_PAGESTART(eppnt->p_vaddr)) 1167 goto out_free_ph; 1168 1169 elf_bss = eppnt->p_vaddr + eppnt->p_filesz; 1170 if (padzero(elf_bss)) { 1171 error = -EFAULT; 1172 goto out_free_ph; 1173 } 1174 1175 len = ELF_PAGESTART(eppnt->p_filesz + eppnt->p_vaddr + 1176 ELF_MIN_ALIGN - 1); 1177 bss = eppnt->p_memsz + eppnt->p_vaddr; 1178 if (bss > len) { 1179 error = vm_brk(len, bss - len); 1180 if (error) 1181 goto out_free_ph; 1182 } 1183 error = 0; 1184 1185 out_free_ph: 1186 kfree(elf_phdata); 1187 out: 1188 return error; 1189 } 1190 #endif /* #ifdef CONFIG_USELIB */ 1191 1192 #ifdef CONFIG_ELF_CORE 1193 /* 1194 * ELF core dumper 1195 * 1196 * Modelled on fs/exec.c:aout_core_dump() 1197 * Jeremy Fitzhardinge <jeremy@sw.oz.au> 1198 */ 1199 1200 /* 1201 * The purpose of always_dump_vma() is to make sure that special kernel mappings 1202 * that are useful for post-mortem analysis are included in every core dump. 1203 * In that way we ensure that the core dump is fully interpretable later 1204 * without matching up the same kernel and hardware config to see what PC values 1205 * meant. These special mappings include - vDSO, vsyscall, and other 1206 * architecture specific mappings 1207 */ 1208 static bool always_dump_vma(struct vm_area_struct *vma) 1209 { 1210 /* Any vsyscall mappings? */ 1211 if (vma == get_gate_vma(vma->vm_mm)) 1212 return true; 1213 1214 /* 1215 * Assume that all vmas with a .name op should always be dumped. 1216 * If this changes, a new vm_ops field can easily be added. 1217 */ 1218 if (vma->vm_ops && vma->vm_ops->name && vma->vm_ops->name(vma)) 1219 return true; 1220 1221 /* 1222 * arch_vma_name() returns non-NULL for special architecture mappings, 1223 * such as vDSO sections. 1224 */ 1225 if (arch_vma_name(vma)) 1226 return true; 1227 1228 return false; 1229 } 1230 1231 /* 1232 * Decide what to dump of a segment, part, all or none. 1233 */ 1234 static unsigned long vma_dump_size(struct vm_area_struct *vma, 1235 unsigned long mm_flags) 1236 { 1237 #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type)) 1238 1239 /* always dump the vdso and vsyscall sections */ 1240 if (always_dump_vma(vma)) 1241 goto whole; 1242 1243 if (vma->vm_flags & VM_DONTDUMP) 1244 return 0; 1245 1246 /* support for DAX */ 1247 if (vma_is_dax(vma)) { 1248 if ((vma->vm_flags & VM_SHARED) && FILTER(DAX_SHARED)) 1249 goto whole; 1250 if (!(vma->vm_flags & VM_SHARED) && FILTER(DAX_PRIVATE)) 1251 goto whole; 1252 return 0; 1253 } 1254 1255 /* Hugetlb memory check */ 1256 if (vma->vm_flags & VM_HUGETLB) { 1257 if ((vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_SHARED)) 1258 goto whole; 1259 if (!(vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_PRIVATE)) 1260 goto whole; 1261 return 0; 1262 } 1263 1264 /* Do not dump I/O mapped devices or special mappings */ 1265 if (vma->vm_flags & VM_IO) 1266 return 0; 1267 1268 /* By default, dump shared memory if mapped from an anonymous file. */ 1269 if (vma->vm_flags & VM_SHARED) { 1270 if (file_inode(vma->vm_file)->i_nlink == 0 ? 1271 FILTER(ANON_SHARED) : FILTER(MAPPED_SHARED)) 1272 goto whole; 1273 return 0; 1274 } 1275 1276 /* Dump segments that have been written to. */ 1277 if (vma->anon_vma && FILTER(ANON_PRIVATE)) 1278 goto whole; 1279 if (vma->vm_file == NULL) 1280 return 0; 1281 1282 if (FILTER(MAPPED_PRIVATE)) 1283 goto whole; 1284 1285 /* 1286 * If this looks like the beginning of a DSO or executable mapping, 1287 * check for an ELF header. If we find one, dump the first page to 1288 * aid in determining what was mapped here. 1289 */ 1290 if (FILTER(ELF_HEADERS) && 1291 vma->vm_pgoff == 0 && (vma->vm_flags & VM_READ)) { 1292 u32 __user *header = (u32 __user *) vma->vm_start; 1293 u32 word; 1294 mm_segment_t fs = get_fs(); 1295 /* 1296 * Doing it this way gets the constant folded by GCC. 1297 */ 1298 union { 1299 u32 cmp; 1300 char elfmag[SELFMAG]; 1301 } magic; 1302 BUILD_BUG_ON(SELFMAG != sizeof word); 1303 magic.elfmag[EI_MAG0] = ELFMAG0; 1304 magic.elfmag[EI_MAG1] = ELFMAG1; 1305 magic.elfmag[EI_MAG2] = ELFMAG2; 1306 magic.elfmag[EI_MAG3] = ELFMAG3; 1307 /* 1308 * Switch to the user "segment" for get_user(), 1309 * then put back what elf_core_dump() had in place. 1310 */ 1311 set_fs(USER_DS); 1312 if (unlikely(get_user(word, header))) 1313 word = 0; 1314 set_fs(fs); 1315 if (word == magic.cmp) 1316 return PAGE_SIZE; 1317 } 1318 1319 #undef FILTER 1320 1321 return 0; 1322 1323 whole: 1324 return vma->vm_end - vma->vm_start; 1325 } 1326 1327 /* An ELF note in memory */ 1328 struct memelfnote 1329 { 1330 const char *name; 1331 int type; 1332 unsigned int datasz; 1333 void *data; 1334 }; 1335 1336 static int notesize(struct memelfnote *en) 1337 { 1338 int sz; 1339 1340 sz = sizeof(struct elf_note); 1341 sz += roundup(strlen(en->name) + 1, 4); 1342 sz += roundup(en->datasz, 4); 1343 1344 return sz; 1345 } 1346 1347 static int writenote(struct memelfnote *men, struct coredump_params *cprm) 1348 { 1349 struct elf_note en; 1350 en.n_namesz = strlen(men->name) + 1; 1351 en.n_descsz = men->datasz; 1352 en.n_type = men->type; 1353 1354 return dump_emit(cprm, &en, sizeof(en)) && 1355 dump_emit(cprm, men->name, en.n_namesz) && dump_align(cprm, 4) && 1356 dump_emit(cprm, men->data, men->datasz) && dump_align(cprm, 4); 1357 } 1358 1359 static void fill_elf_header(struct elfhdr *elf, int segs, 1360 u16 machine, u32 flags) 1361 { 1362 memset(elf, 0, sizeof(*elf)); 1363 1364 memcpy(elf->e_ident, ELFMAG, SELFMAG); 1365 elf->e_ident[EI_CLASS] = ELF_CLASS; 1366 elf->e_ident[EI_DATA] = ELF_DATA; 1367 elf->e_ident[EI_VERSION] = EV_CURRENT; 1368 elf->e_ident[EI_OSABI] = ELF_OSABI; 1369 1370 elf->e_type = ET_CORE; 1371 elf->e_machine = machine; 1372 elf->e_version = EV_CURRENT; 1373 elf->e_phoff = sizeof(struct elfhdr); 1374 elf->e_flags = flags; 1375 elf->e_ehsize = sizeof(struct elfhdr); 1376 elf->e_phentsize = sizeof(struct elf_phdr); 1377 elf->e_phnum = segs; 1378 1379 return; 1380 } 1381 1382 static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, loff_t offset) 1383 { 1384 phdr->p_type = PT_NOTE; 1385 phdr->p_offset = offset; 1386 phdr->p_vaddr = 0; 1387 phdr->p_paddr = 0; 1388 phdr->p_filesz = sz; 1389 phdr->p_memsz = 0; 1390 phdr->p_flags = 0; 1391 phdr->p_align = 0; 1392 return; 1393 } 1394 1395 static void fill_note(struct memelfnote *note, const char *name, int type, 1396 unsigned int sz, void *data) 1397 { 1398 note->name = name; 1399 note->type = type; 1400 note->datasz = sz; 1401 note->data = data; 1402 return; 1403 } 1404 1405 /* 1406 * fill up all the fields in prstatus from the given task struct, except 1407 * registers which need to be filled up separately. 1408 */ 1409 static void fill_prstatus(struct elf_prstatus *prstatus, 1410 struct task_struct *p, long signr) 1411 { 1412 prstatus->pr_info.si_signo = prstatus->pr_cursig = signr; 1413 prstatus->pr_sigpend = p->pending.signal.sig[0]; 1414 prstatus->pr_sighold = p->blocked.sig[0]; 1415 rcu_read_lock(); 1416 prstatus->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent)); 1417 rcu_read_unlock(); 1418 prstatus->pr_pid = task_pid_vnr(p); 1419 prstatus->pr_pgrp = task_pgrp_vnr(p); 1420 prstatus->pr_sid = task_session_vnr(p); 1421 if (thread_group_leader(p)) { 1422 struct task_cputime cputime; 1423 1424 /* 1425 * This is the record for the group leader. It shows the 1426 * group-wide total, not its individual thread total. 1427 */ 1428 thread_group_cputime(p, &cputime); 1429 cputime_to_timeval(cputime.utime, &prstatus->pr_utime); 1430 cputime_to_timeval(cputime.stime, &prstatus->pr_stime); 1431 } else { 1432 cputime_t utime, stime; 1433 1434 task_cputime(p, &utime, &stime); 1435 cputime_to_timeval(utime, &prstatus->pr_utime); 1436 cputime_to_timeval(stime, &prstatus->pr_stime); 1437 } 1438 cputime_to_timeval(p->signal->cutime, &prstatus->pr_cutime); 1439 cputime_to_timeval(p->signal->cstime, &prstatus->pr_cstime); 1440 } 1441 1442 static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p, 1443 struct mm_struct *mm) 1444 { 1445 const struct cred *cred; 1446 unsigned int i, len; 1447 1448 /* first copy the parameters from user space */ 1449 memset(psinfo, 0, sizeof(struct elf_prpsinfo)); 1450 1451 len = mm->arg_end - mm->arg_start; 1452 if (len >= ELF_PRARGSZ) 1453 len = ELF_PRARGSZ-1; 1454 if (copy_from_user(&psinfo->pr_psargs, 1455 (const char __user *)mm->arg_start, len)) 1456 return -EFAULT; 1457 for(i = 0; i < len; i++) 1458 if (psinfo->pr_psargs[i] == 0) 1459 psinfo->pr_psargs[i] = ' '; 1460 psinfo->pr_psargs[len] = 0; 1461 1462 rcu_read_lock(); 1463 psinfo->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent)); 1464 rcu_read_unlock(); 1465 psinfo->pr_pid = task_pid_vnr(p); 1466 psinfo->pr_pgrp = task_pgrp_vnr(p); 1467 psinfo->pr_sid = task_session_vnr(p); 1468 1469 i = p->state ? ffz(~p->state) + 1 : 0; 1470 psinfo->pr_state = i; 1471 psinfo->pr_sname = (i > 5) ? '.' : "RSDTZW"[i]; 1472 psinfo->pr_zomb = psinfo->pr_sname == 'Z'; 1473 psinfo->pr_nice = task_nice(p); 1474 psinfo->pr_flag = p->flags; 1475 rcu_read_lock(); 1476 cred = __task_cred(p); 1477 SET_UID(psinfo->pr_uid, from_kuid_munged(cred->user_ns, cred->uid)); 1478 SET_GID(psinfo->pr_gid, from_kgid_munged(cred->user_ns, cred->gid)); 1479 rcu_read_unlock(); 1480 strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname)); 1481 1482 return 0; 1483 } 1484 1485 static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) 1486 { 1487 elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv; 1488 int i = 0; 1489 do 1490 i += 2; 1491 while (auxv[i - 2] != AT_NULL); 1492 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv); 1493 } 1494 1495 static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata, 1496 const siginfo_t *siginfo) 1497 { 1498 mm_segment_t old_fs = get_fs(); 1499 set_fs(KERNEL_DS); 1500 copy_siginfo_to_user((user_siginfo_t __user *) csigdata, siginfo); 1501 set_fs(old_fs); 1502 fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata); 1503 } 1504 1505 #define MAX_FILE_NOTE_SIZE (4*1024*1024) 1506 /* 1507 * Format of NT_FILE note: 1508 * 1509 * long count -- how many files are mapped 1510 * long page_size -- units for file_ofs 1511 * array of [COUNT] elements of 1512 * long start 1513 * long end 1514 * long file_ofs 1515 * followed by COUNT filenames in ASCII: "FILE1" NUL "FILE2" NUL... 1516 */ 1517 static int fill_files_note(struct memelfnote *note) 1518 { 1519 struct vm_area_struct *vma; 1520 unsigned count, size, names_ofs, remaining, n; 1521 user_long_t *data; 1522 user_long_t *start_end_ofs; 1523 char *name_base, *name_curpos; 1524 1525 /* *Estimated* file count and total data size needed */ 1526 count = current->mm->map_count; 1527 size = count * 64; 1528 1529 names_ofs = (2 + 3 * count) * sizeof(data[0]); 1530 alloc: 1531 if (size >= MAX_FILE_NOTE_SIZE) /* paranoia check */ 1532 return -EINVAL; 1533 size = round_up(size, PAGE_SIZE); 1534 data = vmalloc(size); 1535 if (!data) 1536 return -ENOMEM; 1537 1538 start_end_ofs = data + 2; 1539 name_base = name_curpos = ((char *)data) + names_ofs; 1540 remaining = size - names_ofs; 1541 count = 0; 1542 for (vma = current->mm->mmap; vma != NULL; vma = vma->vm_next) { 1543 struct file *file; 1544 const char *filename; 1545 1546 file = vma->vm_file; 1547 if (!file) 1548 continue; 1549 filename = file_path(file, name_curpos, remaining); 1550 if (IS_ERR(filename)) { 1551 if (PTR_ERR(filename) == -ENAMETOOLONG) { 1552 vfree(data); 1553 size = size * 5 / 4; 1554 goto alloc; 1555 } 1556 continue; 1557 } 1558 1559 /* file_path() fills at the end, move name down */ 1560 /* n = strlen(filename) + 1: */ 1561 n = (name_curpos + remaining) - filename; 1562 remaining = filename - name_curpos; 1563 memmove(name_curpos, filename, n); 1564 name_curpos += n; 1565 1566 *start_end_ofs++ = vma->vm_start; 1567 *start_end_ofs++ = vma->vm_end; 1568 *start_end_ofs++ = vma->vm_pgoff; 1569 count++; 1570 } 1571 1572 /* Now we know exact count of files, can store it */ 1573 data[0] = count; 1574 data[1] = PAGE_SIZE; 1575 /* 1576 * Count usually is less than current->mm->map_count, 1577 * we need to move filenames down. 1578 */ 1579 n = current->mm->map_count - count; 1580 if (n != 0) { 1581 unsigned shift_bytes = n * 3 * sizeof(data[0]); 1582 memmove(name_base - shift_bytes, name_base, 1583 name_curpos - name_base); 1584 name_curpos -= shift_bytes; 1585 } 1586 1587 size = name_curpos - (char *)data; 1588 fill_note(note, "CORE", NT_FILE, size, data); 1589 return 0; 1590 } 1591 1592 #ifdef CORE_DUMP_USE_REGSET 1593 #include <linux/regset.h> 1594 1595 struct elf_thread_core_info { 1596 struct elf_thread_core_info *next; 1597 struct task_struct *task; 1598 struct elf_prstatus prstatus; 1599 struct memelfnote notes[0]; 1600 }; 1601 1602 struct elf_note_info { 1603 struct elf_thread_core_info *thread; 1604 struct memelfnote psinfo; 1605 struct memelfnote signote; 1606 struct memelfnote auxv; 1607 struct memelfnote files; 1608 user_siginfo_t csigdata; 1609 size_t size; 1610 int thread_notes; 1611 }; 1612 1613 /* 1614 * When a regset has a writeback hook, we call it on each thread before 1615 * dumping user memory. On register window machines, this makes sure the 1616 * user memory backing the register data is up to date before we read it. 1617 */ 1618 static void do_thread_regset_writeback(struct task_struct *task, 1619 const struct user_regset *regset) 1620 { 1621 if (regset->writeback) 1622 regset->writeback(task, regset, 1); 1623 } 1624 1625 #ifndef PR_REG_SIZE 1626 #define PR_REG_SIZE(S) sizeof(S) 1627 #endif 1628 1629 #ifndef PRSTATUS_SIZE 1630 #define PRSTATUS_SIZE(S) sizeof(S) 1631 #endif 1632 1633 #ifndef PR_REG_PTR 1634 #define PR_REG_PTR(S) (&((S)->pr_reg)) 1635 #endif 1636 1637 #ifndef SET_PR_FPVALID 1638 #define SET_PR_FPVALID(S, V) ((S)->pr_fpvalid = (V)) 1639 #endif 1640 1641 static int fill_thread_core_info(struct elf_thread_core_info *t, 1642 const struct user_regset_view *view, 1643 long signr, size_t *total) 1644 { 1645 unsigned int i; 1646 1647 /* 1648 * NT_PRSTATUS is the one special case, because the regset data 1649 * goes into the pr_reg field inside the note contents, rather 1650 * than being the whole note contents. We fill the reset in here. 1651 * We assume that regset 0 is NT_PRSTATUS. 1652 */ 1653 fill_prstatus(&t->prstatus, t->task, signr); 1654 (void) view->regsets[0].get(t->task, &view->regsets[0], 1655 0, PR_REG_SIZE(t->prstatus.pr_reg), 1656 PR_REG_PTR(&t->prstatus), NULL); 1657 1658 fill_note(&t->notes[0], "CORE", NT_PRSTATUS, 1659 PRSTATUS_SIZE(t->prstatus), &t->prstatus); 1660 *total += notesize(&t->notes[0]); 1661 1662 do_thread_regset_writeback(t->task, &view->regsets[0]); 1663 1664 /* 1665 * Each other regset might generate a note too. For each regset 1666 * that has no core_note_type or is inactive, we leave t->notes[i] 1667 * all zero and we'll know to skip writing it later. 1668 */ 1669 for (i = 1; i < view->n; ++i) { 1670 const struct user_regset *regset = &view->regsets[i]; 1671 do_thread_regset_writeback(t->task, regset); 1672 if (regset->core_note_type && regset->get && 1673 (!regset->active || regset->active(t->task, regset))) { 1674 int ret; 1675 size_t size = regset->n * regset->size; 1676 void *data = kmalloc(size, GFP_KERNEL); 1677 if (unlikely(!data)) 1678 return 0; 1679 ret = regset->get(t->task, regset, 1680 0, size, data, NULL); 1681 if (unlikely(ret)) 1682 kfree(data); 1683 else { 1684 if (regset->core_note_type != NT_PRFPREG) 1685 fill_note(&t->notes[i], "LINUX", 1686 regset->core_note_type, 1687 size, data); 1688 else { 1689 SET_PR_FPVALID(&t->prstatus, 1); 1690 fill_note(&t->notes[i], "CORE", 1691 NT_PRFPREG, size, data); 1692 } 1693 *total += notesize(&t->notes[i]); 1694 } 1695 } 1696 } 1697 1698 return 1; 1699 } 1700 1701 static int fill_note_info(struct elfhdr *elf, int phdrs, 1702 struct elf_note_info *info, 1703 const siginfo_t *siginfo, struct pt_regs *regs) 1704 { 1705 struct task_struct *dump_task = current; 1706 const struct user_regset_view *view = task_user_regset_view(dump_task); 1707 struct elf_thread_core_info *t; 1708 struct elf_prpsinfo *psinfo; 1709 struct core_thread *ct; 1710 unsigned int i; 1711 1712 info->size = 0; 1713 info->thread = NULL; 1714 1715 psinfo = kmalloc(sizeof(*psinfo), GFP_KERNEL); 1716 if (psinfo == NULL) { 1717 info->psinfo.data = NULL; /* So we don't free this wrongly */ 1718 return 0; 1719 } 1720 1721 fill_note(&info->psinfo, "CORE", NT_PRPSINFO, sizeof(*psinfo), psinfo); 1722 1723 /* 1724 * Figure out how many notes we're going to need for each thread. 1725 */ 1726 info->thread_notes = 0; 1727 for (i = 0; i < view->n; ++i) 1728 if (view->regsets[i].core_note_type != 0) 1729 ++info->thread_notes; 1730 1731 /* 1732 * Sanity check. We rely on regset 0 being in NT_PRSTATUS, 1733 * since it is our one special case. 1734 */ 1735 if (unlikely(info->thread_notes == 0) || 1736 unlikely(view->regsets[0].core_note_type != NT_PRSTATUS)) { 1737 WARN_ON(1); 1738 return 0; 1739 } 1740 1741 /* 1742 * Initialize the ELF file header. 1743 */ 1744 fill_elf_header(elf, phdrs, 1745 view->e_machine, view->e_flags); 1746 1747 /* 1748 * Allocate a structure for each thread. 1749 */ 1750 for (ct = &dump_task->mm->core_state->dumper; ct; ct = ct->next) { 1751 t = kzalloc(offsetof(struct elf_thread_core_info, 1752 notes[info->thread_notes]), 1753 GFP_KERNEL); 1754 if (unlikely(!t)) 1755 return 0; 1756 1757 t->task = ct->task; 1758 if (ct->task == dump_task || !info->thread) { 1759 t->next = info->thread; 1760 info->thread = t; 1761 } else { 1762 /* 1763 * Make sure to keep the original task at 1764 * the head of the list. 1765 */ 1766 t->next = info->thread->next; 1767 info->thread->next = t; 1768 } 1769 } 1770 1771 /* 1772 * Now fill in each thread's information. 1773 */ 1774 for (t = info->thread; t != NULL; t = t->next) 1775 if (!fill_thread_core_info(t, view, siginfo->si_signo, &info->size)) 1776 return 0; 1777 1778 /* 1779 * Fill in the two process-wide notes. 1780 */ 1781 fill_psinfo(psinfo, dump_task->group_leader, dump_task->mm); 1782 info->size += notesize(&info->psinfo); 1783 1784 fill_siginfo_note(&info->signote, &info->csigdata, siginfo); 1785 info->size += notesize(&info->signote); 1786 1787 fill_auxv_note(&info->auxv, current->mm); 1788 info->size += notesize(&info->auxv); 1789 1790 if (fill_files_note(&info->files) == 0) 1791 info->size += notesize(&info->files); 1792 1793 return 1; 1794 } 1795 1796 static size_t get_note_info_size(struct elf_note_info *info) 1797 { 1798 return info->size; 1799 } 1800 1801 /* 1802 * Write all the notes for each thread. When writing the first thread, the 1803 * process-wide notes are interleaved after the first thread-specific note. 1804 */ 1805 static int write_note_info(struct elf_note_info *info, 1806 struct coredump_params *cprm) 1807 { 1808 bool first = true; 1809 struct elf_thread_core_info *t = info->thread; 1810 1811 do { 1812 int i; 1813 1814 if (!writenote(&t->notes[0], cprm)) 1815 return 0; 1816 1817 if (first && !writenote(&info->psinfo, cprm)) 1818 return 0; 1819 if (first && !writenote(&info->signote, cprm)) 1820 return 0; 1821 if (first && !writenote(&info->auxv, cprm)) 1822 return 0; 1823 if (first && info->files.data && 1824 !writenote(&info->files, cprm)) 1825 return 0; 1826 1827 for (i = 1; i < info->thread_notes; ++i) 1828 if (t->notes[i].data && 1829 !writenote(&t->notes[i], cprm)) 1830 return 0; 1831 1832 first = false; 1833 t = t->next; 1834 } while (t); 1835 1836 return 1; 1837 } 1838 1839 static void free_note_info(struct elf_note_info *info) 1840 { 1841 struct elf_thread_core_info *threads = info->thread; 1842 while (threads) { 1843 unsigned int i; 1844 struct elf_thread_core_info *t = threads; 1845 threads = t->next; 1846 WARN_ON(t->notes[0].data && t->notes[0].data != &t->prstatus); 1847 for (i = 1; i < info->thread_notes; ++i) 1848 kfree(t->notes[i].data); 1849 kfree(t); 1850 } 1851 kfree(info->psinfo.data); 1852 vfree(info->files.data); 1853 } 1854 1855 #else 1856 1857 /* Here is the structure in which status of each thread is captured. */ 1858 struct elf_thread_status 1859 { 1860 struct list_head list; 1861 struct elf_prstatus prstatus; /* NT_PRSTATUS */ 1862 elf_fpregset_t fpu; /* NT_PRFPREG */ 1863 struct task_struct *thread; 1864 #ifdef ELF_CORE_COPY_XFPREGS 1865 elf_fpxregset_t xfpu; /* ELF_CORE_XFPREG_TYPE */ 1866 #endif 1867 struct memelfnote notes[3]; 1868 int num_notes; 1869 }; 1870 1871 /* 1872 * In order to add the specific thread information for the elf file format, 1873 * we need to keep a linked list of every threads pr_status and then create 1874 * a single section for them in the final core file. 1875 */ 1876 static int elf_dump_thread_status(long signr, struct elf_thread_status *t) 1877 { 1878 int sz = 0; 1879 struct task_struct *p = t->thread; 1880 t->num_notes = 0; 1881 1882 fill_prstatus(&t->prstatus, p, signr); 1883 elf_core_copy_task_regs(p, &t->prstatus.pr_reg); 1884 1885 fill_note(&t->notes[0], "CORE", NT_PRSTATUS, sizeof(t->prstatus), 1886 &(t->prstatus)); 1887 t->num_notes++; 1888 sz += notesize(&t->notes[0]); 1889 1890 if ((t->prstatus.pr_fpvalid = elf_core_copy_task_fpregs(p, NULL, 1891 &t->fpu))) { 1892 fill_note(&t->notes[1], "CORE", NT_PRFPREG, sizeof(t->fpu), 1893 &(t->fpu)); 1894 t->num_notes++; 1895 sz += notesize(&t->notes[1]); 1896 } 1897 1898 #ifdef ELF_CORE_COPY_XFPREGS 1899 if (elf_core_copy_task_xfpregs(p, &t->xfpu)) { 1900 fill_note(&t->notes[2], "LINUX", ELF_CORE_XFPREG_TYPE, 1901 sizeof(t->xfpu), &t->xfpu); 1902 t->num_notes++; 1903 sz += notesize(&t->notes[2]); 1904 } 1905 #endif 1906 return sz; 1907 } 1908 1909 struct elf_note_info { 1910 struct memelfnote *notes; 1911 struct memelfnote *notes_files; 1912 struct elf_prstatus *prstatus; /* NT_PRSTATUS */ 1913 struct elf_prpsinfo *psinfo; /* NT_PRPSINFO */ 1914 struct list_head thread_list; 1915 elf_fpregset_t *fpu; 1916 #ifdef ELF_CORE_COPY_XFPREGS 1917 elf_fpxregset_t *xfpu; 1918 #endif 1919 user_siginfo_t csigdata; 1920 int thread_status_size; 1921 int numnote; 1922 }; 1923 1924 static int elf_note_info_init(struct elf_note_info *info) 1925 { 1926 memset(info, 0, sizeof(*info)); 1927 INIT_LIST_HEAD(&info->thread_list); 1928 1929 /* Allocate space for ELF notes */ 1930 info->notes = kmalloc(8 * sizeof(struct memelfnote), GFP_KERNEL); 1931 if (!info->notes) 1932 return 0; 1933 info->psinfo = kmalloc(sizeof(*info->psinfo), GFP_KERNEL); 1934 if (!info->psinfo) 1935 return 0; 1936 info->prstatus = kmalloc(sizeof(*info->prstatus), GFP_KERNEL); 1937 if (!info->prstatus) 1938 return 0; 1939 info->fpu = kmalloc(sizeof(*info->fpu), GFP_KERNEL); 1940 if (!info->fpu) 1941 return 0; 1942 #ifdef ELF_CORE_COPY_XFPREGS 1943 info->xfpu = kmalloc(sizeof(*info->xfpu), GFP_KERNEL); 1944 if (!info->xfpu) 1945 return 0; 1946 #endif 1947 return 1; 1948 } 1949 1950 static int fill_note_info(struct elfhdr *elf, int phdrs, 1951 struct elf_note_info *info, 1952 const siginfo_t *siginfo, struct pt_regs *regs) 1953 { 1954 struct list_head *t; 1955 struct core_thread *ct; 1956 struct elf_thread_status *ets; 1957 1958 if (!elf_note_info_init(info)) 1959 return 0; 1960 1961 for (ct = current->mm->core_state->dumper.next; 1962 ct; ct = ct->next) { 1963 ets = kzalloc(sizeof(*ets), GFP_KERNEL); 1964 if (!ets) 1965 return 0; 1966 1967 ets->thread = ct->task; 1968 list_add(&ets->list, &info->thread_list); 1969 } 1970 1971 list_for_each(t, &info->thread_list) { 1972 int sz; 1973 1974 ets = list_entry(t, struct elf_thread_status, list); 1975 sz = elf_dump_thread_status(siginfo->si_signo, ets); 1976 info->thread_status_size += sz; 1977 } 1978 /* now collect the dump for the current */ 1979 memset(info->prstatus, 0, sizeof(*info->prstatus)); 1980 fill_prstatus(info->prstatus, current, siginfo->si_signo); 1981 elf_core_copy_regs(&info->prstatus->pr_reg, regs); 1982 1983 /* Set up header */ 1984 fill_elf_header(elf, phdrs, ELF_ARCH, ELF_CORE_EFLAGS); 1985 1986 /* 1987 * Set up the notes in similar form to SVR4 core dumps made 1988 * with info from their /proc. 1989 */ 1990 1991 fill_note(info->notes + 0, "CORE", NT_PRSTATUS, 1992 sizeof(*info->prstatus), info->prstatus); 1993 fill_psinfo(info->psinfo, current->group_leader, current->mm); 1994 fill_note(info->notes + 1, "CORE", NT_PRPSINFO, 1995 sizeof(*info->psinfo), info->psinfo); 1996 1997 fill_siginfo_note(info->notes + 2, &info->csigdata, siginfo); 1998 fill_auxv_note(info->notes + 3, current->mm); 1999 info->numnote = 4; 2000 2001 if (fill_files_note(info->notes + info->numnote) == 0) { 2002 info->notes_files = info->notes + info->numnote; 2003 info->numnote++; 2004 } 2005 2006 /* Try to dump the FPU. */ 2007 info->prstatus->pr_fpvalid = elf_core_copy_task_fpregs(current, regs, 2008 info->fpu); 2009 if (info->prstatus->pr_fpvalid) 2010 fill_note(info->notes + info->numnote++, 2011 "CORE", NT_PRFPREG, sizeof(*info->fpu), info->fpu); 2012 #ifdef ELF_CORE_COPY_XFPREGS 2013 if (elf_core_copy_task_xfpregs(current, info->xfpu)) 2014 fill_note(info->notes + info->numnote++, 2015 "LINUX", ELF_CORE_XFPREG_TYPE, 2016 sizeof(*info->xfpu), info->xfpu); 2017 #endif 2018 2019 return 1; 2020 } 2021 2022 static size_t get_note_info_size(struct elf_note_info *info) 2023 { 2024 int sz = 0; 2025 int i; 2026 2027 for (i = 0; i < info->numnote; i++) 2028 sz += notesize(info->notes + i); 2029 2030 sz += info->thread_status_size; 2031 2032 return sz; 2033 } 2034 2035 static int write_note_info(struct elf_note_info *info, 2036 struct coredump_params *cprm) 2037 { 2038 int i; 2039 struct list_head *t; 2040 2041 for (i = 0; i < info->numnote; i++) 2042 if (!writenote(info->notes + i, cprm)) 2043 return 0; 2044 2045 /* write out the thread status notes section */ 2046 list_for_each(t, &info->thread_list) { 2047 struct elf_thread_status *tmp = 2048 list_entry(t, struct elf_thread_status, list); 2049 2050 for (i = 0; i < tmp->num_notes; i++) 2051 if (!writenote(&tmp->notes[i], cprm)) 2052 return 0; 2053 } 2054 2055 return 1; 2056 } 2057 2058 static void free_note_info(struct elf_note_info *info) 2059 { 2060 while (!list_empty(&info->thread_list)) { 2061 struct list_head *tmp = info->thread_list.next; 2062 list_del(tmp); 2063 kfree(list_entry(tmp, struct elf_thread_status, list)); 2064 } 2065 2066 /* Free data possibly allocated by fill_files_note(): */ 2067 if (info->notes_files) 2068 vfree(info->notes_files->data); 2069 2070 kfree(info->prstatus); 2071 kfree(info->psinfo); 2072 kfree(info->notes); 2073 kfree(info->fpu); 2074 #ifdef ELF_CORE_COPY_XFPREGS 2075 kfree(info->xfpu); 2076 #endif 2077 } 2078 2079 #endif 2080 2081 static struct vm_area_struct *first_vma(struct task_struct *tsk, 2082 struct vm_area_struct *gate_vma) 2083 { 2084 struct vm_area_struct *ret = tsk->mm->mmap; 2085 2086 if (ret) 2087 return ret; 2088 return gate_vma; 2089 } 2090 /* 2091 * Helper function for iterating across a vma list. It ensures that the caller 2092 * will visit `gate_vma' prior to terminating the search. 2093 */ 2094 static struct vm_area_struct *next_vma(struct vm_area_struct *this_vma, 2095 struct vm_area_struct *gate_vma) 2096 { 2097 struct vm_area_struct *ret; 2098 2099 ret = this_vma->vm_next; 2100 if (ret) 2101 return ret; 2102 if (this_vma == gate_vma) 2103 return NULL; 2104 return gate_vma; 2105 } 2106 2107 static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, 2108 elf_addr_t e_shoff, int segs) 2109 { 2110 elf->e_shoff = e_shoff; 2111 elf->e_shentsize = sizeof(*shdr4extnum); 2112 elf->e_shnum = 1; 2113 elf->e_shstrndx = SHN_UNDEF; 2114 2115 memset(shdr4extnum, 0, sizeof(*shdr4extnum)); 2116 2117 shdr4extnum->sh_type = SHT_NULL; 2118 shdr4extnum->sh_size = elf->e_shnum; 2119 shdr4extnum->sh_link = elf->e_shstrndx; 2120 shdr4extnum->sh_info = segs; 2121 } 2122 2123 /* 2124 * Actual dumper 2125 * 2126 * This is a two-pass process; first we find the offsets of the bits, 2127 * and then they are actually written out. If we run out of core limit 2128 * we just truncate. 2129 */ 2130 static int elf_core_dump(struct coredump_params *cprm) 2131 { 2132 int has_dumped = 0; 2133 mm_segment_t fs; 2134 int segs, i; 2135 size_t vma_data_size = 0; 2136 struct vm_area_struct *vma, *gate_vma; 2137 struct elfhdr *elf = NULL; 2138 loff_t offset = 0, dataoff; 2139 struct elf_note_info info = { }; 2140 struct elf_phdr *phdr4note = NULL; 2141 struct elf_shdr *shdr4extnum = NULL; 2142 Elf_Half e_phnum; 2143 elf_addr_t e_shoff; 2144 elf_addr_t *vma_filesz = NULL; 2145 2146 /* 2147 * We no longer stop all VM operations. 2148 * 2149 * This is because those proceses that could possibly change map_count 2150 * or the mmap / vma pages are now blocked in do_exit on current 2151 * finishing this core dump. 2152 * 2153 * Only ptrace can touch these memory addresses, but it doesn't change 2154 * the map_count or the pages allocated. So no possibility of crashing 2155 * exists while dumping the mm->vm_next areas to the core file. 2156 */ 2157 2158 /* alloc memory for large data structures: too large to be on stack */ 2159 elf = kmalloc(sizeof(*elf), GFP_KERNEL); 2160 if (!elf) 2161 goto out; 2162 /* 2163 * The number of segs are recored into ELF header as 16bit value. 2164 * Please check DEFAULT_MAX_MAP_COUNT definition when you modify here. 2165 */ 2166 segs = current->mm->map_count; 2167 segs += elf_core_extra_phdrs(); 2168 2169 gate_vma = get_gate_vma(current->mm); 2170 if (gate_vma != NULL) 2171 segs++; 2172 2173 /* for notes section */ 2174 segs++; 2175 2176 /* If segs > PN_XNUM(0xffff), then e_phnum overflows. To avoid 2177 * this, kernel supports extended numbering. Have a look at 2178 * include/linux/elf.h for further information. */ 2179 e_phnum = segs > PN_XNUM ? PN_XNUM : segs; 2180 2181 /* 2182 * Collect all the non-memory information about the process for the 2183 * notes. This also sets up the file header. 2184 */ 2185 if (!fill_note_info(elf, e_phnum, &info, cprm->siginfo, cprm->regs)) 2186 goto cleanup; 2187 2188 has_dumped = 1; 2189 2190 fs = get_fs(); 2191 set_fs(KERNEL_DS); 2192 2193 offset += sizeof(*elf); /* Elf header */ 2194 offset += segs * sizeof(struct elf_phdr); /* Program headers */ 2195 2196 /* Write notes phdr entry */ 2197 { 2198 size_t sz = get_note_info_size(&info); 2199 2200 sz += elf_coredump_extra_notes_size(); 2201 2202 phdr4note = kmalloc(sizeof(*phdr4note), GFP_KERNEL); 2203 if (!phdr4note) 2204 goto end_coredump; 2205 2206 fill_elf_note_phdr(phdr4note, sz, offset); 2207 offset += sz; 2208 } 2209 2210 dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE); 2211 2212 vma_filesz = kmalloc_array(segs - 1, sizeof(*vma_filesz), GFP_KERNEL); 2213 if (!vma_filesz) 2214 goto end_coredump; 2215 2216 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL; 2217 vma = next_vma(vma, gate_vma)) { 2218 unsigned long dump_size; 2219 2220 dump_size = vma_dump_size(vma, cprm->mm_flags); 2221 vma_filesz[i++] = dump_size; 2222 vma_data_size += dump_size; 2223 } 2224 2225 offset += vma_data_size; 2226 offset += elf_core_extra_data_size(); 2227 e_shoff = offset; 2228 2229 if (e_phnum == PN_XNUM) { 2230 shdr4extnum = kmalloc(sizeof(*shdr4extnum), GFP_KERNEL); 2231 if (!shdr4extnum) 2232 goto end_coredump; 2233 fill_extnum_info(elf, shdr4extnum, e_shoff, segs); 2234 } 2235 2236 offset = dataoff; 2237 2238 if (!dump_emit(cprm, elf, sizeof(*elf))) 2239 goto end_coredump; 2240 2241 if (!dump_emit(cprm, phdr4note, sizeof(*phdr4note))) 2242 goto end_coredump; 2243 2244 /* Write program headers for segments dump */ 2245 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL; 2246 vma = next_vma(vma, gate_vma)) { 2247 struct elf_phdr phdr; 2248 2249 phdr.p_type = PT_LOAD; 2250 phdr.p_offset = offset; 2251 phdr.p_vaddr = vma->vm_start; 2252 phdr.p_paddr = 0; 2253 phdr.p_filesz = vma_filesz[i++]; 2254 phdr.p_memsz = vma->vm_end - vma->vm_start; 2255 offset += phdr.p_filesz; 2256 phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0; 2257 if (vma->vm_flags & VM_WRITE) 2258 phdr.p_flags |= PF_W; 2259 if (vma->vm_flags & VM_EXEC) 2260 phdr.p_flags |= PF_X; 2261 phdr.p_align = ELF_EXEC_PAGESIZE; 2262 2263 if (!dump_emit(cprm, &phdr, sizeof(phdr))) 2264 goto end_coredump; 2265 } 2266 2267 if (!elf_core_write_extra_phdrs(cprm, offset)) 2268 goto end_coredump; 2269 2270 /* write out the notes section */ 2271 if (!write_note_info(&info, cprm)) 2272 goto end_coredump; 2273 2274 if (elf_coredump_extra_notes_write(cprm)) 2275 goto end_coredump; 2276 2277 /* Align to page */ 2278 if (!dump_skip(cprm, dataoff - cprm->file->f_pos)) 2279 goto end_coredump; 2280 2281 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL; 2282 vma = next_vma(vma, gate_vma)) { 2283 unsigned long addr; 2284 unsigned long end; 2285 2286 end = vma->vm_start + vma_filesz[i++]; 2287 2288 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) { 2289 struct page *page; 2290 int stop; 2291 2292 page = get_dump_page(addr); 2293 if (page) { 2294 void *kaddr = kmap(page); 2295 stop = !dump_emit(cprm, kaddr, PAGE_SIZE); 2296 kunmap(page); 2297 put_page(page); 2298 } else 2299 stop = !dump_skip(cprm, PAGE_SIZE); 2300 if (stop) 2301 goto end_coredump; 2302 } 2303 } 2304 2305 if (!elf_core_write_extra_data(cprm)) 2306 goto end_coredump; 2307 2308 if (e_phnum == PN_XNUM) { 2309 if (!dump_emit(cprm, shdr4extnum, sizeof(*shdr4extnum))) 2310 goto end_coredump; 2311 } 2312 2313 end_coredump: 2314 set_fs(fs); 2315 2316 cleanup: 2317 free_note_info(&info); 2318 kfree(shdr4extnum); 2319 kfree(vma_filesz); 2320 kfree(phdr4note); 2321 kfree(elf); 2322 out: 2323 return has_dumped; 2324 } 2325 2326 #endif /* CONFIG_ELF_CORE */ 2327 2328 static int __init init_elf_binfmt(void) 2329 { 2330 register_binfmt(&elf_format); 2331 return 0; 2332 } 2333 2334 static void __exit exit_elf_binfmt(void) 2335 { 2336 /* Remove the COFF and ELF loaders. */ 2337 unregister_binfmt(&elf_format); 2338 } 2339 2340 core_initcall(init_elf_binfmt); 2341 module_exit(exit_elf_binfmt); 2342 MODULE_LICENSE("GPL"); 2343