1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * Load ELF vmlinux file for the kexec_file_load syscall.
4 *
5 * Copyright (C) 2004 Adam Litke (agl@us.ibm.com)
6 * Copyright (C) 2004 IBM Corp.
7 * Copyright (C) 2005 R Sharada (sharada@in.ibm.com)
8 * Copyright (C) 2006 Mohan Kumar M (mohan@in.ibm.com)
9 * Copyright (C) 2016 IBM Corporation
10 *
11 * Based on kexec-tools' kexec-elf-exec.c and kexec-elf-ppc64.c.
12 * Heavily modified for the kernel by
13 * Thiago Jung Bauermann <bauerman@linux.vnet.ibm.com>.
14 */
15
16 #define pr_fmt(fmt) "kexec_elf: " fmt
17
18 #include <linux/elf.h>
19 #include <linux/kexec.h>
20 #include <linux/module.h>
21 #include <linux/slab.h>
22 #include <linux/types.h>
23
elf_is_elf_file(const struct elfhdr * ehdr)24 static inline bool elf_is_elf_file(const struct elfhdr *ehdr)
25 {
26 return memcmp(ehdr->e_ident, ELFMAG, SELFMAG) == 0;
27 }
28
elf64_to_cpu(const struct elfhdr * ehdr,uint64_t value)29 static uint64_t elf64_to_cpu(const struct elfhdr *ehdr, uint64_t value)
30 {
31 if (ehdr->e_ident[EI_DATA] == ELFDATA2LSB)
32 value = le64_to_cpu(value);
33 else if (ehdr->e_ident[EI_DATA] == ELFDATA2MSB)
34 value = be64_to_cpu(value);
35
36 return value;
37 }
38
elf32_to_cpu(const struct elfhdr * ehdr,uint32_t value)39 static uint32_t elf32_to_cpu(const struct elfhdr *ehdr, uint32_t value)
40 {
41 if (ehdr->e_ident[EI_DATA] == ELFDATA2LSB)
42 value = le32_to_cpu(value);
43 else if (ehdr->e_ident[EI_DATA] == ELFDATA2MSB)
44 value = be32_to_cpu(value);
45
46 return value;
47 }
48
elf16_to_cpu(const struct elfhdr * ehdr,uint16_t value)49 static uint16_t elf16_to_cpu(const struct elfhdr *ehdr, uint16_t value)
50 {
51 if (ehdr->e_ident[EI_DATA] == ELFDATA2LSB)
52 value = le16_to_cpu(value);
53 else if (ehdr->e_ident[EI_DATA] == ELFDATA2MSB)
54 value = be16_to_cpu(value);
55
56 return value;
57 }
58
59 /**
60 * elf_is_ehdr_sane - check that it is safe to use the ELF header
61 * @buf_len: size of the buffer in which the ELF file is loaded.
62 */
elf_is_ehdr_sane(const struct elfhdr * ehdr,size_t buf_len)63 static bool elf_is_ehdr_sane(const struct elfhdr *ehdr, size_t buf_len)
64 {
65 if (ehdr->e_phnum > 0 && ehdr->e_phentsize != sizeof(struct elf_phdr)) {
66 pr_debug("Bad program header size.\n");
67 return false;
68 } else if (ehdr->e_shnum > 0 &&
69 ehdr->e_shentsize != sizeof(struct elf_shdr)) {
70 pr_debug("Bad section header size.\n");
71 return false;
72 } else if (ehdr->e_ident[EI_VERSION] != EV_CURRENT ||
73 ehdr->e_version != EV_CURRENT) {
74 pr_debug("Unknown ELF version.\n");
75 return false;
76 }
77
78 if (ehdr->e_phoff > 0 && ehdr->e_phnum > 0) {
79 size_t phdr_size;
80
81 /*
82 * e_phnum is at most 65535 so calculating the size of the
83 * program header cannot overflow.
84 */
85 phdr_size = sizeof(struct elf_phdr) * ehdr->e_phnum;
86
87 /* Sanity check the program header table location. */
88 if (ehdr->e_phoff + phdr_size < ehdr->e_phoff) {
89 pr_debug("Program headers at invalid location.\n");
90 return false;
91 } else if (ehdr->e_phoff + phdr_size > buf_len) {
92 pr_debug("Program headers truncated.\n");
93 return false;
94 }
95 }
96
97 if (ehdr->e_shoff > 0 && ehdr->e_shnum > 0) {
98 size_t shdr_size;
99
100 /*
101 * e_shnum is at most 65536 so calculating
102 * the size of the section header cannot overflow.
103 */
104 shdr_size = sizeof(struct elf_shdr) * ehdr->e_shnum;
105
106 /* Sanity check the section header table location. */
107 if (ehdr->e_shoff + shdr_size < ehdr->e_shoff) {
108 pr_debug("Section headers at invalid location.\n");
109 return false;
110 } else if (ehdr->e_shoff + shdr_size > buf_len) {
111 pr_debug("Section headers truncated.\n");
112 return false;
113 }
114 }
115
116 return true;
117 }
118
elf_read_ehdr(const char * buf,size_t len,struct elfhdr * ehdr)119 static int elf_read_ehdr(const char *buf, size_t len, struct elfhdr *ehdr)
120 {
121 struct elfhdr *buf_ehdr;
122
123 if (len < sizeof(*buf_ehdr)) {
124 pr_debug("Buffer is too small to hold ELF header.\n");
125 return -ENOEXEC;
126 }
127
128 memset(ehdr, 0, sizeof(*ehdr));
129 memcpy(ehdr->e_ident, buf, sizeof(ehdr->e_ident));
130 if (!elf_is_elf_file(ehdr)) {
131 pr_debug("No ELF header magic.\n");
132 return -ENOEXEC;
133 }
134
135 if (ehdr->e_ident[EI_CLASS] != ELF_CLASS) {
136 pr_debug("Not a supported ELF class.\n");
137 return -ENOEXEC;
138 } else if (ehdr->e_ident[EI_DATA] != ELFDATA2LSB &&
139 ehdr->e_ident[EI_DATA] != ELFDATA2MSB) {
140 pr_debug("Not a supported ELF data format.\n");
141 return -ENOEXEC;
142 }
143
144 buf_ehdr = (struct elfhdr *) buf;
145 if (elf16_to_cpu(ehdr, buf_ehdr->e_ehsize) != sizeof(*buf_ehdr)) {
146 pr_debug("Bad ELF header size.\n");
147 return -ENOEXEC;
148 }
149
150 ehdr->e_type = elf16_to_cpu(ehdr, buf_ehdr->e_type);
151 ehdr->e_machine = elf16_to_cpu(ehdr, buf_ehdr->e_machine);
152 ehdr->e_version = elf32_to_cpu(ehdr, buf_ehdr->e_version);
153 ehdr->e_flags = elf32_to_cpu(ehdr, buf_ehdr->e_flags);
154 ehdr->e_phentsize = elf16_to_cpu(ehdr, buf_ehdr->e_phentsize);
155 ehdr->e_phnum = elf16_to_cpu(ehdr, buf_ehdr->e_phnum);
156 ehdr->e_shentsize = elf16_to_cpu(ehdr, buf_ehdr->e_shentsize);
157 ehdr->e_shnum = elf16_to_cpu(ehdr, buf_ehdr->e_shnum);
158 ehdr->e_shstrndx = elf16_to_cpu(ehdr, buf_ehdr->e_shstrndx);
159
160 switch (ehdr->e_ident[EI_CLASS]) {
161 case ELFCLASS64:
162 ehdr->e_entry = elf64_to_cpu(ehdr, buf_ehdr->e_entry);
163 ehdr->e_phoff = elf64_to_cpu(ehdr, buf_ehdr->e_phoff);
164 ehdr->e_shoff = elf64_to_cpu(ehdr, buf_ehdr->e_shoff);
165 break;
166
167 case ELFCLASS32:
168 ehdr->e_entry = elf32_to_cpu(ehdr, buf_ehdr->e_entry);
169 ehdr->e_phoff = elf32_to_cpu(ehdr, buf_ehdr->e_phoff);
170 ehdr->e_shoff = elf32_to_cpu(ehdr, buf_ehdr->e_shoff);
171 break;
172
173 default:
174 pr_debug("Unknown ELF class.\n");
175 return -EINVAL;
176 }
177
178 return elf_is_ehdr_sane(ehdr, len) ? 0 : -ENOEXEC;
179 }
180
181 /**
182 * elf_is_phdr_sane - check that it is safe to use the program header
183 * @buf_len: size of the buffer in which the ELF file is loaded.
184 */
elf_is_phdr_sane(const struct elf_phdr * phdr,size_t buf_len)185 static bool elf_is_phdr_sane(const struct elf_phdr *phdr, size_t buf_len)
186 {
187
188 if (phdr->p_offset + phdr->p_filesz < phdr->p_offset) {
189 pr_debug("ELF segment location wraps around.\n");
190 return false;
191 } else if (phdr->p_offset + phdr->p_filesz > buf_len) {
192 pr_debug("ELF segment not in file.\n");
193 return false;
194 } else if (phdr->p_paddr + phdr->p_memsz < phdr->p_paddr) {
195 pr_debug("ELF segment address wraps around.\n");
196 return false;
197 }
198
199 return true;
200 }
201
elf_read_phdr(const char * buf,size_t len,struct kexec_elf_info * elf_info,int idx)202 static int elf_read_phdr(const char *buf, size_t len,
203 struct kexec_elf_info *elf_info,
204 int idx)
205 {
206 /* Override the const in proghdrs, we are the ones doing the loading. */
207 struct elf_phdr *phdr = (struct elf_phdr *) &elf_info->proghdrs[idx];
208 const struct elfhdr *ehdr = elf_info->ehdr;
209 const char *pbuf;
210 struct elf_phdr *buf_phdr;
211
212 pbuf = buf + elf_info->ehdr->e_phoff + (idx * sizeof(*buf_phdr));
213 buf_phdr = (struct elf_phdr *) pbuf;
214
215 phdr->p_type = elf32_to_cpu(elf_info->ehdr, buf_phdr->p_type);
216 phdr->p_flags = elf32_to_cpu(elf_info->ehdr, buf_phdr->p_flags);
217
218 switch (ehdr->e_ident[EI_CLASS]) {
219 case ELFCLASS64:
220 phdr->p_offset = elf64_to_cpu(ehdr, buf_phdr->p_offset);
221 phdr->p_paddr = elf64_to_cpu(ehdr, buf_phdr->p_paddr);
222 phdr->p_vaddr = elf64_to_cpu(ehdr, buf_phdr->p_vaddr);
223 phdr->p_filesz = elf64_to_cpu(ehdr, buf_phdr->p_filesz);
224 phdr->p_memsz = elf64_to_cpu(ehdr, buf_phdr->p_memsz);
225 phdr->p_align = elf64_to_cpu(ehdr, buf_phdr->p_align);
226 break;
227
228 case ELFCLASS32:
229 phdr->p_offset = elf32_to_cpu(ehdr, buf_phdr->p_offset);
230 phdr->p_paddr = elf32_to_cpu(ehdr, buf_phdr->p_paddr);
231 phdr->p_vaddr = elf32_to_cpu(ehdr, buf_phdr->p_vaddr);
232 phdr->p_filesz = elf32_to_cpu(ehdr, buf_phdr->p_filesz);
233 phdr->p_memsz = elf32_to_cpu(ehdr, buf_phdr->p_memsz);
234 phdr->p_align = elf32_to_cpu(ehdr, buf_phdr->p_align);
235 break;
236
237 default:
238 pr_debug("Unknown ELF class.\n");
239 return -EINVAL;
240 }
241
242 return elf_is_phdr_sane(phdr, len) ? 0 : -ENOEXEC;
243 }
244
245 /**
246 * elf_read_phdrs - read the program headers from the buffer
247 *
248 * This function assumes that the program header table was checked for sanity.
249 * Use elf_is_ehdr_sane() if it wasn't.
250 */
elf_read_phdrs(const char * buf,size_t len,struct kexec_elf_info * elf_info)251 static int elf_read_phdrs(const char *buf, size_t len,
252 struct kexec_elf_info *elf_info)
253 {
254 size_t phdr_size, i;
255 const struct elfhdr *ehdr = elf_info->ehdr;
256
257 /*
258 * e_phnum is at most 65535 so calculating the size of the
259 * program header cannot overflow.
260 */
261 phdr_size = sizeof(struct elf_phdr) * ehdr->e_phnum;
262
263 elf_info->proghdrs = kzalloc(phdr_size, GFP_KERNEL);
264 if (!elf_info->proghdrs)
265 return -ENOMEM;
266
267 for (i = 0; i < ehdr->e_phnum; i++) {
268 int ret;
269
270 ret = elf_read_phdr(buf, len, elf_info, i);
271 if (ret) {
272 kfree(elf_info->proghdrs);
273 elf_info->proghdrs = NULL;
274 return ret;
275 }
276 }
277
278 return 0;
279 }
280
281 /**
282 * elf_read_from_buffer - read ELF file and sets up ELF header and ELF info
283 * @buf: Buffer to read ELF file from.
284 * @len: Size of @buf.
285 * @ehdr: Pointer to existing struct which will be populated.
286 * @elf_info: Pointer to existing struct which will be populated.
287 *
288 * This function allows reading ELF files with different byte order than
289 * the kernel, byte-swapping the fields as needed.
290 *
291 * Return:
292 * On success returns 0, and the caller should call
293 * kexec_free_elf_info(elf_info) to free the memory allocated for the section
294 * and program headers.
295 */
elf_read_from_buffer(const char * buf,size_t len,struct elfhdr * ehdr,struct kexec_elf_info * elf_info)296 static int elf_read_from_buffer(const char *buf, size_t len,
297 struct elfhdr *ehdr,
298 struct kexec_elf_info *elf_info)
299 {
300 int ret;
301
302 ret = elf_read_ehdr(buf, len, ehdr);
303 if (ret)
304 return ret;
305
306 elf_info->buffer = buf;
307 elf_info->ehdr = ehdr;
308 if (ehdr->e_phoff > 0 && ehdr->e_phnum > 0) {
309 ret = elf_read_phdrs(buf, len, elf_info);
310 if (ret)
311 return ret;
312 }
313 return 0;
314 }
315
316 /**
317 * kexec_free_elf_info - free memory allocated by elf_read_from_buffer
318 */
kexec_free_elf_info(struct kexec_elf_info * elf_info)319 void kexec_free_elf_info(struct kexec_elf_info *elf_info)
320 {
321 kfree(elf_info->proghdrs);
322 memset(elf_info, 0, sizeof(*elf_info));
323 }
324 /**
325 * kexec_build_elf_info - read ELF executable and check that we can use it
326 */
kexec_build_elf_info(const char * buf,size_t len,struct elfhdr * ehdr,struct kexec_elf_info * elf_info)327 int kexec_build_elf_info(const char *buf, size_t len, struct elfhdr *ehdr,
328 struct kexec_elf_info *elf_info)
329 {
330 int i;
331 int ret;
332
333 ret = elf_read_from_buffer(buf, len, ehdr, elf_info);
334 if (ret)
335 return ret;
336
337 /* Big endian vmlinux has type ET_DYN. */
338 if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN) {
339 pr_err("Not an ELF executable.\n");
340 goto error;
341 } else if (!elf_info->proghdrs) {
342 pr_err("No ELF program header.\n");
343 goto error;
344 }
345
346 for (i = 0; i < ehdr->e_phnum; i++) {
347 /*
348 * Kexec does not support loading interpreters.
349 * In addition this check keeps us from attempting
350 * to kexec ordinay executables.
351 */
352 if (elf_info->proghdrs[i].p_type == PT_INTERP) {
353 pr_err("Requires an ELF interpreter.\n");
354 goto error;
355 }
356 }
357
358 return 0;
359 error:
360 kexec_free_elf_info(elf_info);
361 return -ENOEXEC;
362 }
363
364
kexec_elf_probe(const char * buf,unsigned long len)365 int kexec_elf_probe(const char *buf, unsigned long len)
366 {
367 struct elfhdr ehdr;
368 struct kexec_elf_info elf_info;
369 int ret;
370
371 ret = kexec_build_elf_info(buf, len, &ehdr, &elf_info);
372 if (ret)
373 return ret;
374
375 kexec_free_elf_info(&elf_info);
376
377 return elf_check_arch(&ehdr) ? 0 : -ENOEXEC;
378 }
379
380 /**
381 * kexec_elf_load - load ELF executable image
382 * @lowest_load_addr: On return, will be the address where the first PT_LOAD
383 * section will be loaded in memory.
384 *
385 * Return:
386 * 0 on success, negative value on failure.
387 */
kexec_elf_load(struct kimage * image,struct elfhdr * ehdr,struct kexec_elf_info * elf_info,struct kexec_buf * kbuf,unsigned long * lowest_load_addr)388 int kexec_elf_load(struct kimage *image, struct elfhdr *ehdr,
389 struct kexec_elf_info *elf_info,
390 struct kexec_buf *kbuf,
391 unsigned long *lowest_load_addr)
392 {
393 unsigned long lowest_addr = UINT_MAX;
394 int ret;
395 size_t i;
396
397 /* Read in the PT_LOAD segments. */
398 for (i = 0; i < ehdr->e_phnum; i++) {
399 unsigned long load_addr;
400 size_t size;
401 const struct elf_phdr *phdr;
402
403 phdr = &elf_info->proghdrs[i];
404 if (phdr->p_type != PT_LOAD)
405 continue;
406
407 size = phdr->p_filesz;
408 if (size > phdr->p_memsz)
409 size = phdr->p_memsz;
410
411 kbuf->buffer = (void *) elf_info->buffer + phdr->p_offset;
412 kbuf->bufsz = size;
413 kbuf->memsz = phdr->p_memsz;
414 kbuf->buf_align = phdr->p_align;
415 kbuf->buf_min = phdr->p_paddr;
416 kbuf->mem = KEXEC_BUF_MEM_UNKNOWN;
417 ret = kexec_add_buffer(kbuf);
418 if (ret)
419 goto out;
420 load_addr = kbuf->mem;
421
422 if (load_addr < lowest_addr)
423 lowest_addr = load_addr;
424 }
425
426 *lowest_load_addr = lowest_addr;
427 ret = 0;
428 out:
429 return ret;
430 }
431