2 * linux/fs/binfmt_elf.c
4 * These are the functions used to load ELF format executables as used
5 * on SVr4 machines. Information on the format may be found in the book
6 * "UNIX SYSTEM V RELEASE 4 Programmers Guide: Ansi C and Programming Support
9 * Copyright 1993, 1994: Eric Youngdale (ericy@cais.com).
12 #include <linux/module.h>
13 #include <linux/kernel.h>
16 #include <linux/mman.h>
17 #include <linux/errno.h>
18 #include <linux/signal.h>
19 #include <linux/binfmts.h>
20 #include <linux/string.h>
21 #include <linux/file.h>
22 #include <linux/slab.h>
23 #include <linux/personality.h>
24 #include <linux/elfcore.h>
25 #include <linux/init.h>
26 #include <linux/highuid.h>
27 #include <linux/compiler.h>
28 #include <linux/highmem.h>
29 #include <linux/pagemap.h>
30 #include <linux/vmalloc.h>
31 #include <linux/security.h>
32 #include <linux/random.h>
33 #include <linux/elf.h>
34 #include <linux/elf-randomize.h>
35 #include <linux/utsname.h>
36 #include <linux/coredump.h>
37 #include <linux/sched.h>
38 #include <linux/dax.h>
39 #include <asm/uaccess.h>
40 #include <asm/param.h>
44 #define user_long_t long
46 #ifndef user_siginfo_t
47 #define user_siginfo_t siginfo_t
50 static int load_elf_binary(struct linux_binprm *bprm);
51 static unsigned long elf_map(struct file *, unsigned long, struct elf_phdr *,
52 int, int, unsigned long);
55 static int load_elf_library(struct file *);
57 #define load_elf_library NULL
61 * If we don't support core dumping, then supply a NULL so we
64 #ifdef CONFIG_ELF_CORE
65 static int elf_core_dump(struct coredump_params *cprm);
67 #define elf_core_dump NULL
70 #if ELF_EXEC_PAGESIZE > PAGE_SIZE
71 #define ELF_MIN_ALIGN ELF_EXEC_PAGESIZE
73 #define ELF_MIN_ALIGN PAGE_SIZE
76 #ifndef ELF_CORE_EFLAGS
77 #define ELF_CORE_EFLAGS 0
80 #define ELF_PAGESTART(_v) ((_v) & ~(unsigned long)(ELF_MIN_ALIGN-1))
81 #define ELF_PAGEOFFSET(_v) ((_v) & (ELF_MIN_ALIGN-1))
82 #define ELF_PAGEALIGN(_v) (((_v) + ELF_MIN_ALIGN - 1) & ~(ELF_MIN_ALIGN - 1))
84 static struct linux_binfmt elf_format = {
85 .module = THIS_MODULE,
86 .load_binary = load_elf_binary,
87 .load_shlib = load_elf_library,
88 .core_dump = elf_core_dump,
89 .min_coredump = ELF_EXEC_PAGESIZE,
92 #define BAD_ADDR(x) ((unsigned long)(x) >= TASK_SIZE)
94 static int set_brk(unsigned long start, unsigned long end)
96 start = ELF_PAGEALIGN(start);
97 end = ELF_PAGEALIGN(end);
100 addr = vm_brk(start, end - start);
104 current->mm->start_brk = current->mm->brk = end;
108 /* We need to explicitly zero any fractional pages
109 after the data section (i.e. bss). This would
110 contain the junk from the file that should not
113 static int padzero(unsigned long elf_bss)
117 nbyte = ELF_PAGEOFFSET(elf_bss);
119 nbyte = ELF_MIN_ALIGN - nbyte;
120 if (clear_user((void __user *) elf_bss, nbyte))
126 /* Let's use some macros to make this stack manipulation a little clearer */
127 #ifdef CONFIG_STACK_GROWSUP
128 #define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) + (items))
129 #define STACK_ROUND(sp, items) \
130 ((15 + (unsigned long) ((sp) + (items))) &~ 15UL)
131 #define STACK_ALLOC(sp, len) ({ \
132 elf_addr_t __user *old_sp = (elf_addr_t __user *)sp; sp += len; \
135 #define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) - (items))
136 #define STACK_ROUND(sp, items) \
137 (((unsigned long) (sp - items)) &~ 15UL)
138 #define STACK_ALLOC(sp, len) ({ sp -= len ; sp; })
141 #ifndef ELF_BASE_PLATFORM
143 * AT_BASE_PLATFORM indicates the "real" hardware/microarchitecture.
144 * If the arch defines ELF_BASE_PLATFORM (in asm/elf.h), the value
145 * will be copied to the user stack in the same manner as AT_PLATFORM.
147 #define ELF_BASE_PLATFORM NULL
151 create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
152 unsigned long load_addr, unsigned long interp_load_addr)
154 unsigned long p = bprm->p;
155 int argc = bprm->argc;
156 int envc = bprm->envc;
157 elf_addr_t __user *argv;
158 elf_addr_t __user *envp;
159 elf_addr_t __user *sp;
160 elf_addr_t __user *u_platform;
161 elf_addr_t __user *u_base_platform;
162 elf_addr_t __user *u_rand_bytes;
163 const char *k_platform = ELF_PLATFORM;
164 const char *k_base_platform = ELF_BASE_PLATFORM;
165 unsigned char k_rand_bytes[16];
167 elf_addr_t *elf_info;
169 const struct cred *cred = current_cred();
170 struct vm_area_struct *vma;
173 * In some cases (e.g. Hyper-Threading), we want to avoid L1
174 * evictions by the processes running on the same package. One
175 * thing we can do is to shuffle the initial stack for them.
178 p = arch_align_stack(p);
181 * If this architecture has a platform capability string, copy it
182 * to userspace. In some cases (Sparc), this info is impossible
183 * for userspace to get any other way, in others (i386) it is
188 size_t len = strlen(k_platform) + 1;
190 u_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
191 if (__copy_to_user(u_platform, k_platform, len))
196 * If this architecture has a "base" platform capability
197 * string, copy it to userspace.
199 u_base_platform = NULL;
200 if (k_base_platform) {
201 size_t len = strlen(k_base_platform) + 1;
203 u_base_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
204 if (__copy_to_user(u_base_platform, k_base_platform, len))
209 * Generate 16 random bytes for userspace PRNG seeding.
211 get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes));
212 u_rand_bytes = (elf_addr_t __user *)
213 STACK_ALLOC(p, sizeof(k_rand_bytes));
214 if (__copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes)))
217 /* Create the ELF interpreter info */
218 elf_info = (elf_addr_t *)current->mm->saved_auxv;
219 /* update AT_VECTOR_SIZE_BASE if the number of NEW_AUX_ENT() changes */
220 #define NEW_AUX_ENT(id, val) \
222 elf_info[ei_index++] = id; \
223 elf_info[ei_index++] = val; \
228 * ARCH_DLINFO must come first so PPC can do its special alignment of
230 * update AT_VECTOR_SIZE_ARCH if the number of NEW_AUX_ENT() in
231 * ARCH_DLINFO changes
235 NEW_AUX_ENT(AT_HWCAP, ELF_HWCAP);
236 NEW_AUX_ENT(AT_PAGESZ, ELF_EXEC_PAGESIZE);
237 NEW_AUX_ENT(AT_CLKTCK, CLOCKS_PER_SEC);
238 NEW_AUX_ENT(AT_PHDR, load_addr + exec->e_phoff);
239 NEW_AUX_ENT(AT_PHENT, sizeof(struct elf_phdr));
240 NEW_AUX_ENT(AT_PHNUM, exec->e_phnum);
241 NEW_AUX_ENT(AT_BASE, interp_load_addr);
242 NEW_AUX_ENT(AT_FLAGS, 0);
243 NEW_AUX_ENT(AT_ENTRY, exec->e_entry);
244 NEW_AUX_ENT(AT_UID, from_kuid_munged(cred->user_ns, cred->uid));
245 NEW_AUX_ENT(AT_EUID, from_kuid_munged(cred->user_ns, cred->euid));
246 NEW_AUX_ENT(AT_GID, from_kgid_munged(cred->user_ns, cred->gid));
247 NEW_AUX_ENT(AT_EGID, from_kgid_munged(cred->user_ns, cred->egid));
248 NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm));
249 NEW_AUX_ENT(AT_RANDOM, (elf_addr_t)(unsigned long)u_rand_bytes);
251 NEW_AUX_ENT(AT_HWCAP2, ELF_HWCAP2);
253 NEW_AUX_ENT(AT_EXECFN, bprm->exec);
255 NEW_AUX_ENT(AT_PLATFORM,
256 (elf_addr_t)(unsigned long)u_platform);
258 if (k_base_platform) {
259 NEW_AUX_ENT(AT_BASE_PLATFORM,
260 (elf_addr_t)(unsigned long)u_base_platform);
262 if (bprm->interp_flags & BINPRM_FLAGS_EXECFD) {
263 NEW_AUX_ENT(AT_EXECFD, bprm->interp_data);
266 /* AT_NULL is zero; clear the rest too */
267 memset(&elf_info[ei_index], 0,
268 sizeof current->mm->saved_auxv - ei_index * sizeof elf_info[0]);
270 /* And advance past the AT_NULL entry. */
273 sp = STACK_ADD(p, ei_index);
275 items = (argc + 1) + (envc + 1) + 1;
276 bprm->p = STACK_ROUND(sp, items);
278 /* Point sp at the lowest address on the stack */
279 #ifdef CONFIG_STACK_GROWSUP
280 sp = (elf_addr_t __user *)bprm->p - items - ei_index;
281 bprm->exec = (unsigned long)sp; /* XXX: PARISC HACK */
283 sp = (elf_addr_t __user *)bprm->p;
288 * Grow the stack manually; some architectures have a limit on how
289 * far ahead a user-space access may be in order to grow the stack.
291 vma = find_extend_vma(current->mm, bprm->p);
295 /* Now, let's put argc (and argv, envp if appropriate) on the stack */
296 if (__put_user(argc, sp++))
299 envp = argv + argc + 1;
301 /* Populate argv and envp */
302 p = current->mm->arg_end = current->mm->arg_start;
305 if (__put_user((elf_addr_t)p, argv++))
307 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
308 if (!len || len > MAX_ARG_STRLEN)
312 if (__put_user(0, argv))
314 current->mm->arg_end = current->mm->env_start = p;
317 if (__put_user((elf_addr_t)p, envp++))
319 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
320 if (!len || len > MAX_ARG_STRLEN)
324 if (__put_user(0, envp))
326 current->mm->env_end = p;
328 /* Put the elf_info on the stack in the right place. */
329 sp = (elf_addr_t __user *)envp + 1;
330 if (copy_to_user(sp, elf_info, ei_index * sizeof(elf_addr_t)))
337 static unsigned long elf_map(struct file *filep, unsigned long addr,
338 struct elf_phdr *eppnt, int prot, int type,
339 unsigned long total_size)
341 unsigned long map_addr;
342 unsigned long size = eppnt->p_filesz + ELF_PAGEOFFSET(eppnt->p_vaddr);
343 unsigned long off = eppnt->p_offset - ELF_PAGEOFFSET(eppnt->p_vaddr);
344 addr = ELF_PAGESTART(addr);
345 size = ELF_PAGEALIGN(size);
347 /* mmap() will return -EINVAL if given a zero size, but a
348 * segment with zero filesize is perfectly valid */
353 * total_size is the size of the ELF (interpreter) image.
354 * The _first_ mmap needs to know the full size, otherwise
355 * randomization might put this image into an overlapping
356 * position with the ELF binary image. (since size < total_size)
357 * So we first map the 'big' image - and unmap the remainder at
358 * the end. (which unmap is needed for ELF images with holes.)
361 total_size = ELF_PAGEALIGN(total_size);
362 map_addr = vm_mmap(filep, addr, total_size, prot, type, off);
363 if (!BAD_ADDR(map_addr))
364 vm_munmap(map_addr+size, total_size-size);
366 map_addr = vm_mmap(filep, addr, size, prot, type, off);
371 #endif /* !elf_map */
373 static unsigned long total_mapping_size(struct elf_phdr *cmds, int nr)
375 int i, first_idx = -1, last_idx = -1;
377 for (i = 0; i < nr; i++) {
378 if (cmds[i].p_type == PT_LOAD) {
387 return cmds[last_idx].p_vaddr + cmds[last_idx].p_memsz -
388 ELF_PAGESTART(cmds[first_idx].p_vaddr);
392 * load_elf_phdrs() - load ELF program headers
393 * @elf_ex: ELF header of the binary whose program headers should be loaded
394 * @elf_file: the opened ELF binary file
396 * Loads ELF program headers from the binary file elf_file, which has the ELF
397 * header pointed to by elf_ex, into a newly allocated array. The caller is
398 * responsible for freeing the allocated data. Returns an ERR_PTR upon failure.
400 static struct elf_phdr *load_elf_phdrs(struct elfhdr *elf_ex,
401 struct file *elf_file)
403 struct elf_phdr *elf_phdata = NULL;
404 int retval, size, err = -1;
407 * If the size of this structure has changed, then punt, since
408 * we will be doing the wrong thing.
410 if (elf_ex->e_phentsize != sizeof(struct elf_phdr))
413 /* Sanity check the number of program headers... */
414 if (elf_ex->e_phnum < 1 ||
415 elf_ex->e_phnum > 65536U / sizeof(struct elf_phdr))
418 /* ...and their total size. */
419 size = sizeof(struct elf_phdr) * elf_ex->e_phnum;
420 if (size > ELF_MIN_ALIGN)
423 elf_phdata = kmalloc(size, GFP_KERNEL);
427 /* Read in the program headers */
428 retval = kernel_read(elf_file, elf_ex->e_phoff,
429 (char *)elf_phdata, size);
430 if (retval != size) {
431 err = (retval < 0) ? retval : -EIO;
445 #ifndef CONFIG_ARCH_BINFMT_ELF_STATE
448 * struct arch_elf_state - arch-specific ELF loading state
450 * This structure is used to preserve architecture specific data during
451 * the loading of an ELF file, throughout the checking of architecture
452 * specific ELF headers & through to the point where the ELF load is
453 * known to be proceeding (ie. SET_PERSONALITY).
455 * This implementation is a dummy for architectures which require no
458 struct arch_elf_state {
461 #define INIT_ARCH_ELF_STATE {}
464 * arch_elf_pt_proc() - check a PT_LOPROC..PT_HIPROC ELF program header
465 * @ehdr: The main ELF header
466 * @phdr: The program header to check
467 * @elf: The open ELF file
468 * @is_interp: True if the phdr is from the interpreter of the ELF being
469 * loaded, else false.
470 * @state: Architecture-specific state preserved throughout the process
471 * of loading the ELF.
473 * Inspects the program header phdr to validate its correctness and/or
474 * suitability for the system. Called once per ELF program header in the
475 * range PT_LOPROC to PT_HIPROC, for both the ELF being loaded and its
478 * Return: Zero to proceed with the ELF load, non-zero to fail the ELF load
479 * with that return code.
481 static inline int arch_elf_pt_proc(struct elfhdr *ehdr,
482 struct elf_phdr *phdr,
483 struct file *elf, bool is_interp,
484 struct arch_elf_state *state)
486 /* Dummy implementation, always proceed */
491 * arch_check_elf() - check an ELF executable
492 * @ehdr: The main ELF header
493 * @has_interp: True if the ELF has an interpreter, else false.
494 * @state: Architecture-specific state preserved throughout the process
495 * of loading the ELF.
497 * Provides a final opportunity for architecture code to reject the loading
498 * of the ELF & cause an exec syscall to return an error. This is called after
499 * all program headers to be checked by arch_elf_pt_proc have been.
501 * Return: Zero to proceed with the ELF load, non-zero to fail the ELF load
502 * with that return code.
504 static inline int arch_check_elf(struct elfhdr *ehdr, bool has_interp,
505 struct arch_elf_state *state)
507 /* Dummy implementation, always proceed */
511 #endif /* !CONFIG_ARCH_BINFMT_ELF_STATE */
513 /* This is much more generalized than the library routine read function,
514 so we keep this separate. Technically the library read function
515 is only provided so that we can read a.out libraries that have
518 static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
519 struct file *interpreter, unsigned long *interp_map_addr,
520 unsigned long no_base, struct elf_phdr *interp_elf_phdata)
522 struct elf_phdr *eppnt;
523 unsigned long load_addr = 0;
524 int load_addr_set = 0;
525 unsigned long last_bss = 0, elf_bss = 0;
526 unsigned long error = ~0UL;
527 unsigned long total_size;
530 /* First of all, some simple consistency checks */
531 if (interp_elf_ex->e_type != ET_EXEC &&
532 interp_elf_ex->e_type != ET_DYN)
534 if (!elf_check_arch(interp_elf_ex))
536 if (!interpreter->f_op->mmap)
539 total_size = total_mapping_size(interp_elf_phdata,
540 interp_elf_ex->e_phnum);
546 eppnt = interp_elf_phdata;
547 for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) {
548 if (eppnt->p_type == PT_LOAD) {
549 int elf_type = MAP_PRIVATE | MAP_DENYWRITE;
551 unsigned long vaddr = 0;
552 unsigned long k, map_addr;
554 if (eppnt->p_flags & PF_R)
555 elf_prot = PROT_READ;
556 if (eppnt->p_flags & PF_W)
557 elf_prot |= PROT_WRITE;
558 if (eppnt->p_flags & PF_X)
559 elf_prot |= PROT_EXEC;
560 vaddr = eppnt->p_vaddr;
561 if (interp_elf_ex->e_type == ET_EXEC || load_addr_set)
562 elf_type |= MAP_FIXED;
563 else if (no_base && interp_elf_ex->e_type == ET_DYN)
566 map_addr = elf_map(interpreter, load_addr + vaddr,
567 eppnt, elf_prot, elf_type, total_size);
569 if (!*interp_map_addr)
570 *interp_map_addr = map_addr;
572 if (BAD_ADDR(map_addr))
575 if (!load_addr_set &&
576 interp_elf_ex->e_type == ET_DYN) {
577 load_addr = map_addr - ELF_PAGESTART(vaddr);
582 * Check to see if the section's size will overflow the
583 * allowed task size. Note that p_filesz must always be
584 * <= p_memsize so it's only necessary to check p_memsz.
586 k = load_addr + eppnt->p_vaddr;
588 eppnt->p_filesz > eppnt->p_memsz ||
589 eppnt->p_memsz > TASK_SIZE ||
590 TASK_SIZE - eppnt->p_memsz < k) {
596 * Find the end of the file mapping for this phdr, and
597 * keep track of the largest address we see for this.
599 k = load_addr + eppnt->p_vaddr + eppnt->p_filesz;
604 * Do the same thing for the memory mapping - between
605 * elf_bss and last_bss is the bss section.
607 k = load_addr + eppnt->p_vaddr + eppnt->p_memsz;
614 * Now fill out the bss section: first pad the last page from
615 * the file up to the page boundary, and zero it from elf_bss
616 * up to the end of the page.
618 if (padzero(elf_bss)) {
623 * Next, align both the file and mem bss up to the page size,
624 * since this is where elf_bss was just zeroed up to, and where
625 * last_bss will end after the vm_brk() below.
627 elf_bss = ELF_PAGEALIGN(elf_bss);
628 last_bss = ELF_PAGEALIGN(last_bss);
629 /* Finally, if there is still more bss to allocate, do it. */
630 if (last_bss > elf_bss) {
631 error = vm_brk(elf_bss, last_bss - elf_bss);
642 * These are the functions used to load ELF style executables and shared
643 * libraries. There is no binary dependent code anywhere else.
646 #ifndef STACK_RND_MASK
647 #define STACK_RND_MASK (0x7ff >> (PAGE_SHIFT - 12)) /* 8MB of VA */
650 static unsigned long randomize_stack_top(unsigned long stack_top)
652 unsigned long random_variable = 0;
654 if ((current->flags & PF_RANDOMIZE) &&
655 !(current->personality & ADDR_NO_RANDOMIZE)) {
656 random_variable = (unsigned long) get_random_int();
657 random_variable &= STACK_RND_MASK;
658 random_variable <<= PAGE_SHIFT;
660 #ifdef CONFIG_STACK_GROWSUP
661 return PAGE_ALIGN(stack_top) + random_variable;
663 return PAGE_ALIGN(stack_top) - random_variable;
667 static int load_elf_binary(struct linux_binprm *bprm)
669 struct file *interpreter = NULL; /* to shut gcc up */
670 unsigned long load_addr = 0, load_bias = 0;
671 int load_addr_set = 0;
672 char * elf_interpreter = NULL;
674 struct elf_phdr *elf_ppnt, *elf_phdata, *interp_elf_phdata = NULL;
675 unsigned long elf_bss, elf_brk;
677 unsigned long elf_entry;
678 unsigned long interp_load_addr = 0;
679 unsigned long start_code, end_code, start_data, end_data;
680 unsigned long reloc_func_desc __maybe_unused = 0;
681 int executable_stack = EXSTACK_DEFAULT;
682 struct pt_regs *regs = current_pt_regs();
684 struct elfhdr elf_ex;
685 struct elfhdr interp_elf_ex;
687 struct arch_elf_state arch_state = INIT_ARCH_ELF_STATE;
689 loc = kmalloc(sizeof(*loc), GFP_KERNEL);
695 /* Get the exec-header */
696 loc->elf_ex = *((struct elfhdr *)bprm->buf);
699 /* First of all, some simple consistency checks */
700 if (memcmp(loc->elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
703 if (loc->elf_ex.e_type != ET_EXEC && loc->elf_ex.e_type != ET_DYN)
705 if (!elf_check_arch(&loc->elf_ex))
707 if (!bprm->file->f_op->mmap)
710 elf_phdata = load_elf_phdrs(&loc->elf_ex, bprm->file);
714 elf_ppnt = elf_phdata;
723 for (i = 0; i < loc->elf_ex.e_phnum; i++) {
724 if (elf_ppnt->p_type == PT_INTERP) {
725 /* This is the program interpreter used for
726 * shared libraries - for now assume that this
727 * is an a.out format binary
730 if (elf_ppnt->p_filesz > PATH_MAX ||
731 elf_ppnt->p_filesz < 2)
735 elf_interpreter = kmalloc(elf_ppnt->p_filesz,
737 if (!elf_interpreter)
740 retval = kernel_read(bprm->file, elf_ppnt->p_offset,
743 if (retval != elf_ppnt->p_filesz) {
746 goto out_free_interp;
748 /* make sure path is NULL terminated */
750 if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0')
751 goto out_free_interp;
753 interpreter = open_exec(elf_interpreter);
754 retval = PTR_ERR(interpreter);
755 if (IS_ERR(interpreter))
756 goto out_free_interp;
759 * If the binary is not readable then enforce
760 * mm->dumpable = 0 regardless of the interpreter's
763 would_dump(bprm, interpreter);
765 /* Get the exec headers */
766 retval = kernel_read(interpreter, 0,
767 (void *)&loc->interp_elf_ex,
768 sizeof(loc->interp_elf_ex));
769 if (retval != sizeof(loc->interp_elf_ex)) {
772 goto out_free_dentry;
780 elf_ppnt = elf_phdata;
781 for (i = 0; i < loc->elf_ex.e_phnum; i++, elf_ppnt++)
782 switch (elf_ppnt->p_type) {
784 if (elf_ppnt->p_flags & PF_X)
785 executable_stack = EXSTACK_ENABLE_X;
787 executable_stack = EXSTACK_DISABLE_X;
790 case PT_LOPROC ... PT_HIPROC:
791 retval = arch_elf_pt_proc(&loc->elf_ex, elf_ppnt,
795 goto out_free_dentry;
799 /* Some simple consistency checks for the interpreter */
800 if (elf_interpreter) {
802 /* Not an ELF interpreter */
803 if (memcmp(loc->interp_elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
804 goto out_free_dentry;
805 /* Verify the interpreter has a valid arch */
806 if (!elf_check_arch(&loc->interp_elf_ex))
807 goto out_free_dentry;
809 /* Load the interpreter program headers */
810 interp_elf_phdata = load_elf_phdrs(&loc->interp_elf_ex,
812 if (!interp_elf_phdata)
813 goto out_free_dentry;
815 /* Pass PT_LOPROC..PT_HIPROC headers to arch code */
816 elf_ppnt = interp_elf_phdata;
817 for (i = 0; i < loc->interp_elf_ex.e_phnum; i++, elf_ppnt++)
818 switch (elf_ppnt->p_type) {
819 case PT_LOPROC ... PT_HIPROC:
820 retval = arch_elf_pt_proc(&loc->interp_elf_ex,
821 elf_ppnt, interpreter,
824 goto out_free_dentry;
830 * Allow arch code to reject the ELF at this point, whilst it's
831 * still possible to return an error to the code that invoked
834 retval = arch_check_elf(&loc->elf_ex, !!interpreter, &arch_state);
836 goto out_free_dentry;
838 /* Flush all traces of the currently running executable */
839 retval = flush_old_exec(bprm);
841 goto out_free_dentry;
843 /* Do this immediately, since STACK_TOP as used in setup_arg_pages
844 may depend on the personality. */
845 SET_PERSONALITY2(loc->elf_ex, &arch_state);
846 if (elf_read_implies_exec(loc->elf_ex, executable_stack))
847 current->personality |= READ_IMPLIES_EXEC;
849 if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
850 current->flags |= PF_RANDOMIZE;
852 setup_new_exec(bprm);
854 /* Do this so that we can load the interpreter, if need be. We will
855 change some of these later */
856 retval = setup_arg_pages(bprm, randomize_stack_top(STACK_TOP),
859 goto out_free_dentry;
861 current->mm->start_stack = bprm->p;
863 /* Now we do a little grungy work by mmapping the ELF image into
864 the correct location in memory. */
865 for(i = 0, elf_ppnt = elf_phdata;
866 i < loc->elf_ex.e_phnum; i++, elf_ppnt++) {
867 int elf_prot = 0, elf_flags;
868 unsigned long k, vaddr;
869 unsigned long total_size = 0;
871 if (elf_ppnt->p_type != PT_LOAD)
874 if (unlikely (elf_brk > elf_bss)) {
877 /* There was a PT_LOAD segment with p_memsz > p_filesz
878 before this one. Map anonymous pages, if needed,
879 and clear the area. */
880 retval = set_brk(elf_bss + load_bias,
881 elf_brk + load_bias);
883 goto out_free_dentry;
884 nbyte = ELF_PAGEOFFSET(elf_bss);
886 nbyte = ELF_MIN_ALIGN - nbyte;
887 if (nbyte > elf_brk - elf_bss)
888 nbyte = elf_brk - elf_bss;
889 if (clear_user((void __user *)elf_bss +
892 * This bss-zeroing can fail if the ELF
893 * file specifies odd protections. So
894 * we don't check the return value
900 if (elf_ppnt->p_flags & PF_R)
901 elf_prot |= PROT_READ;
902 if (elf_ppnt->p_flags & PF_W)
903 elf_prot |= PROT_WRITE;
904 if (elf_ppnt->p_flags & PF_X)
905 elf_prot |= PROT_EXEC;
907 elf_flags = MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE;
909 vaddr = elf_ppnt->p_vaddr;
911 * If we are loading ET_EXEC or we have already performed
912 * the ET_DYN load_addr calculations, proceed normally.
914 if (loc->elf_ex.e_type == ET_EXEC || load_addr_set) {
915 elf_flags |= MAP_FIXED;
916 } else if (loc->elf_ex.e_type == ET_DYN) {
918 * This logic is run once for the first LOAD Program
919 * Header for ET_DYN binaries to calculate the
920 * randomization (load_bias) for all the LOAD
921 * Program Headers, and to calculate the entire
922 * size of the ELF mapping (total_size). (Note that
923 * load_addr_set is set to true later once the
924 * initial mapping is performed.)
926 * There are effectively two types of ET_DYN
927 * binaries: programs (i.e. PIE: ET_DYN with INTERP)
928 * and loaders (ET_DYN without INTERP, since they
929 * _are_ the ELF interpreter). The loaders must
930 * be loaded away from programs since the program
931 * may otherwise collide with the loader (especially
932 * for ET_EXEC which does not have a randomized
933 * position). For example to handle invocations of
934 * "./ld.so someprog" to test out a new version of
935 * the loader, the subsequent program that the
936 * loader loads must avoid the loader itself, so
937 * they cannot share the same load range. Sufficient
938 * room for the brk must be allocated with the
939 * loader as well, since brk must be available with
942 * Therefore, programs are loaded offset from
943 * ELF_ET_DYN_BASE and loaders are loaded into the
944 * independently randomized mmap region (0 load_bias
945 * without MAP_FIXED).
947 if (elf_interpreter) {
948 load_bias = ELF_ET_DYN_BASE;
949 if (current->flags & PF_RANDOMIZE)
950 load_bias += arch_mmap_rnd();
951 elf_flags |= MAP_FIXED;
956 * Since load_bias is used for all subsequent loading
957 * calculations, we must lower it by the first vaddr
958 * so that the remaining calculations based on the
959 * ELF vaddrs will be correctly offset. The result
960 * is then page aligned.
962 load_bias = ELF_PAGESTART(load_bias - vaddr);
964 total_size = total_mapping_size(elf_phdata,
965 loc->elf_ex.e_phnum);
968 goto out_free_dentry;
972 error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
973 elf_prot, elf_flags, total_size);
974 if (BAD_ADDR(error)) {
975 retval = IS_ERR((void *)error) ?
976 PTR_ERR((void*)error) : -EINVAL;
977 goto out_free_dentry;
980 if (!load_addr_set) {
982 load_addr = (elf_ppnt->p_vaddr - elf_ppnt->p_offset);
983 if (loc->elf_ex.e_type == ET_DYN) {
985 ELF_PAGESTART(load_bias + vaddr);
986 load_addr += load_bias;
987 reloc_func_desc = load_bias;
990 k = elf_ppnt->p_vaddr;
997 * Check to see if the section's size will overflow the
998 * allowed task size. Note that p_filesz must always be
999 * <= p_memsz so it is only necessary to check p_memsz.
1001 if (BAD_ADDR(k) || elf_ppnt->p_filesz > elf_ppnt->p_memsz ||
1002 elf_ppnt->p_memsz > TASK_SIZE ||
1003 TASK_SIZE - elf_ppnt->p_memsz < k) {
1004 /* set_brk can never work. Avoid overflows. */
1006 goto out_free_dentry;
1009 k = elf_ppnt->p_vaddr + elf_ppnt->p_filesz;
1013 if ((elf_ppnt->p_flags & PF_X) && end_code < k)
1017 k = elf_ppnt->p_vaddr + elf_ppnt->p_memsz;
1022 loc->elf_ex.e_entry += load_bias;
1023 elf_bss += load_bias;
1024 elf_brk += load_bias;
1025 start_code += load_bias;
1026 end_code += load_bias;
1027 start_data += load_bias;
1028 end_data += load_bias;
1030 /* Calling set_brk effectively mmaps the pages that we need
1031 * for the bss and break sections. We must do this before
1032 * mapping in the interpreter, to make sure it doesn't wind
1033 * up getting placed where the bss needs to go.
1035 retval = set_brk(elf_bss, elf_brk);
1037 goto out_free_dentry;
1038 if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
1039 retval = -EFAULT; /* Nobody gets to see this, but.. */
1040 goto out_free_dentry;
1043 if (elf_interpreter) {
1044 unsigned long interp_map_addr = 0;
1046 elf_entry = load_elf_interp(&loc->interp_elf_ex,
1049 load_bias, interp_elf_phdata);
1050 if (!IS_ERR((void *)elf_entry)) {
1052 * load_elf_interp() returns relocation
1055 interp_load_addr = elf_entry;
1056 elf_entry += loc->interp_elf_ex.e_entry;
1058 if (BAD_ADDR(elf_entry)) {
1059 retval = IS_ERR((void *)elf_entry) ?
1060 (int)elf_entry : -EINVAL;
1061 goto out_free_dentry;
1063 reloc_func_desc = interp_load_addr;
1065 allow_write_access(interpreter);
1067 kfree(elf_interpreter);
1069 elf_entry = loc->elf_ex.e_entry;
1070 if (BAD_ADDR(elf_entry)) {
1072 goto out_free_dentry;
1076 kfree(interp_elf_phdata);
1079 set_binfmt(&elf_format);
1081 #ifdef ARCH_HAS_SETUP_ADDITIONAL_PAGES
1082 retval = arch_setup_additional_pages(bprm, !!elf_interpreter);
1085 #endif /* ARCH_HAS_SETUP_ADDITIONAL_PAGES */
1087 install_exec_creds(bprm);
1088 retval = create_elf_tables(bprm, &loc->elf_ex,
1089 load_addr, interp_load_addr);
1092 /* N.B. passed_fileno might not be initialized? */
1093 current->mm->end_code = end_code;
1094 current->mm->start_code = start_code;
1095 current->mm->start_data = start_data;
1096 current->mm->end_data = end_data;
1097 current->mm->start_stack = bprm->p;
1099 if ((current->flags & PF_RANDOMIZE) && (randomize_va_space > 1)) {
1100 current->mm->brk = current->mm->start_brk =
1101 arch_randomize_brk(current->mm);
1102 #ifdef compat_brk_randomized
1103 current->brk_randomized = 1;
1107 if (current->personality & MMAP_PAGE_ZERO) {
1108 /* Why this, you ask??? Well SVr4 maps page 0 as read-only,
1109 and some applications "depend" upon this behavior.
1110 Since we do not have the power to recompile these, we
1111 emulate the SVr4 behavior. Sigh. */
1112 error = vm_mmap(NULL, 0, PAGE_SIZE, PROT_READ | PROT_EXEC,
1113 MAP_FIXED | MAP_PRIVATE, 0);
1116 #ifdef ELF_PLAT_INIT
1118 * The ABI may specify that certain registers be set up in special
1119 * ways (on i386 %edx is the address of a DT_FINI function, for
1120 * example. In addition, it may also specify (eg, PowerPC64 ELF)
1121 * that the e_entry field is the address of the function descriptor
1122 * for the startup routine, rather than the address of the startup
1123 * routine itself. This macro performs whatever initialization to
1124 * the regs structure is required as well as any relocations to the
1125 * function descriptor entries when executing dynamically links apps.
1127 ELF_PLAT_INIT(regs, reloc_func_desc);
1130 start_thread(regs, elf_entry, bprm->p);
1139 kfree(interp_elf_phdata);
1140 allow_write_access(interpreter);
1144 kfree(elf_interpreter);
1150 #ifdef CONFIG_USELIB
1151 /* This is really simpleminded and specialized - we are loading an
1152 a.out library that is given an ELF header. */
1153 static int load_elf_library(struct file *file)
1155 struct elf_phdr *elf_phdata;
1156 struct elf_phdr *eppnt;
1157 unsigned long elf_bss, bss, len;
1158 int retval, error, i, j;
1159 struct elfhdr elf_ex;
1162 retval = kernel_read(file, 0, (char *)&elf_ex, sizeof(elf_ex));
1163 if (retval != sizeof(elf_ex))
1166 if (memcmp(elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
1169 /* First of all, some simple consistency checks */
1170 if (elf_ex.e_type != ET_EXEC || elf_ex.e_phnum > 2 ||
1171 !elf_check_arch(&elf_ex) || !file->f_op->mmap)
1174 /* Now read in all of the header information */
1176 j = sizeof(struct elf_phdr) * elf_ex.e_phnum;
1177 /* j < ELF_MIN_ALIGN because elf_ex.e_phnum <= 2 */
1180 elf_phdata = kmalloc(j, GFP_KERNEL);
1186 retval = kernel_read(file, elf_ex.e_phoff, (char *)eppnt, j);
1190 for (j = 0, i = 0; i<elf_ex.e_phnum; i++)
1191 if ((eppnt + i)->p_type == PT_LOAD)
1196 while (eppnt->p_type != PT_LOAD)
1199 /* Now use mmap to map the library into memory. */
1200 error = vm_mmap(file,
1201 ELF_PAGESTART(eppnt->p_vaddr),
1203 ELF_PAGEOFFSET(eppnt->p_vaddr)),
1204 PROT_READ | PROT_WRITE | PROT_EXEC,
1205 MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE,
1207 ELF_PAGEOFFSET(eppnt->p_vaddr)));
1208 if (error != ELF_PAGESTART(eppnt->p_vaddr))
1211 elf_bss = eppnt->p_vaddr + eppnt->p_filesz;
1212 if (padzero(elf_bss)) {
1217 len = ELF_PAGESTART(eppnt->p_filesz + eppnt->p_vaddr +
1219 bss = eppnt->p_memsz + eppnt->p_vaddr;
1221 error = vm_brk(len, bss - len);
1222 if (BAD_ADDR(error))
1232 #endif /* #ifdef CONFIG_USELIB */
1234 #ifdef CONFIG_ELF_CORE
1238 * Modelled on fs/exec.c:aout_core_dump()
1239 * Jeremy Fitzhardinge <jeremy@sw.oz.au>
1243 * The purpose of always_dump_vma() is to make sure that special kernel mappings
1244 * that are useful for post-mortem analysis are included in every core dump.
1245 * In that way we ensure that the core dump is fully interpretable later
1246 * without matching up the same kernel and hardware config to see what PC values
1247 * meant. These special mappings include - vDSO, vsyscall, and other
1248 * architecture specific mappings
1250 static bool always_dump_vma(struct vm_area_struct *vma)
1252 /* Any vsyscall mappings? */
1253 if (vma == get_gate_vma(vma->vm_mm))
1257 * Assume that all vmas with a .name op should always be dumped.
1258 * If this changes, a new vm_ops field can easily be added.
1260 if (vma->vm_ops && vma->vm_ops->name && vma->vm_ops->name(vma))
1264 * arch_vma_name() returns non-NULL for special architecture mappings,
1265 * such as vDSO sections.
1267 if (arch_vma_name(vma))
1274 * Decide what to dump of a segment, part, all or none.
1276 static unsigned long vma_dump_size(struct vm_area_struct *vma,
1277 unsigned long mm_flags)
1279 #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type))
1281 /* always dump the vdso and vsyscall sections */
1282 if (always_dump_vma(vma))
1285 if (vma->vm_flags & VM_DONTDUMP)
1288 /* support for DAX */
1289 if (vma_is_dax(vma)) {
1290 if ((vma->vm_flags & VM_SHARED) && FILTER(DAX_SHARED))
1292 if (!(vma->vm_flags & VM_SHARED) && FILTER(DAX_PRIVATE))
1297 /* Hugetlb memory check */
1298 if (vma->vm_flags & VM_HUGETLB) {
1299 if ((vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_SHARED))
1301 if (!(vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_PRIVATE))
1306 /* Do not dump I/O mapped devices or special mappings */
1307 if (vma->vm_flags & VM_IO)
1310 /* By default, dump shared memory if mapped from an anonymous file. */
1311 if (vma->vm_flags & VM_SHARED) {
1312 if (file_inode(vma->vm_file)->i_nlink == 0 ?
1313 FILTER(ANON_SHARED) : FILTER(MAPPED_SHARED))
1318 /* Dump segments that have been written to. */
1319 if (vma->anon_vma && FILTER(ANON_PRIVATE))
1321 if (vma->vm_file == NULL)
1324 if (FILTER(MAPPED_PRIVATE))
1328 * If this looks like the beginning of a DSO or executable mapping,
1329 * check for an ELF header. If we find one, dump the first page to
1330 * aid in determining what was mapped here.
1332 if (FILTER(ELF_HEADERS) &&
1333 vma->vm_pgoff == 0 && (vma->vm_flags & VM_READ)) {
1334 u32 __user *header = (u32 __user *) vma->vm_start;
1336 mm_segment_t fs = get_fs();
1338 * Doing it this way gets the constant folded by GCC.
1342 char elfmag[SELFMAG];
1344 BUILD_BUG_ON(SELFMAG != sizeof word);
1345 magic.elfmag[EI_MAG0] = ELFMAG0;
1346 magic.elfmag[EI_MAG1] = ELFMAG1;
1347 magic.elfmag[EI_MAG2] = ELFMAG2;
1348 magic.elfmag[EI_MAG3] = ELFMAG3;
1350 * Switch to the user "segment" for get_user(),
1351 * then put back what elf_core_dump() had in place.
1354 if (unlikely(get_user(word, header)))
1357 if (word == magic.cmp)
1366 return vma->vm_end - vma->vm_start;
1369 /* An ELF note in memory */
1374 unsigned int datasz;
1378 static int notesize(struct memelfnote *en)
1382 sz = sizeof(struct elf_note);
1383 sz += roundup(strlen(en->name) + 1, 4);
1384 sz += roundup(en->datasz, 4);
1389 static int writenote(struct memelfnote *men, struct coredump_params *cprm)
1392 en.n_namesz = strlen(men->name) + 1;
1393 en.n_descsz = men->datasz;
1394 en.n_type = men->type;
1396 return dump_emit(cprm, &en, sizeof(en)) &&
1397 dump_emit(cprm, men->name, en.n_namesz) && dump_align(cprm, 4) &&
1398 dump_emit(cprm, men->data, men->datasz) && dump_align(cprm, 4);
1401 static void fill_elf_header(struct elfhdr *elf, int segs,
1402 u16 machine, u32 flags)
1404 memset(elf, 0, sizeof(*elf));
1406 memcpy(elf->e_ident, ELFMAG, SELFMAG);
1407 elf->e_ident[EI_CLASS] = ELF_CLASS;
1408 elf->e_ident[EI_DATA] = ELF_DATA;
1409 elf->e_ident[EI_VERSION] = EV_CURRENT;
1410 elf->e_ident[EI_OSABI] = ELF_OSABI;
1412 elf->e_type = ET_CORE;
1413 elf->e_machine = machine;
1414 elf->e_version = EV_CURRENT;
1415 elf->e_phoff = sizeof(struct elfhdr);
1416 elf->e_flags = flags;
1417 elf->e_ehsize = sizeof(struct elfhdr);
1418 elf->e_phentsize = sizeof(struct elf_phdr);
1419 elf->e_phnum = segs;
1424 static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, loff_t offset)
1426 phdr->p_type = PT_NOTE;
1427 phdr->p_offset = offset;
1430 phdr->p_filesz = sz;
1437 static void fill_note(struct memelfnote *note, const char *name, int type,
1438 unsigned int sz, void *data)
1448 * fill up all the fields in prstatus from the given task struct, except
1449 * registers which need to be filled up separately.
1451 static void fill_prstatus(struct elf_prstatus *prstatus,
1452 struct task_struct *p, long signr)
1454 prstatus->pr_info.si_signo = prstatus->pr_cursig = signr;
1455 prstatus->pr_sigpend = p->pending.signal.sig[0];
1456 prstatus->pr_sighold = p->blocked.sig[0];
1458 prstatus->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1460 prstatus->pr_pid = task_pid_vnr(p);
1461 prstatus->pr_pgrp = task_pgrp_vnr(p);
1462 prstatus->pr_sid = task_session_vnr(p);
1463 if (thread_group_leader(p)) {
1464 struct task_cputime cputime;
1467 * This is the record for the group leader. It shows the
1468 * group-wide total, not its individual thread total.
1470 thread_group_cputime(p, &cputime);
1471 cputime_to_timeval(cputime.utime, &prstatus->pr_utime);
1472 cputime_to_timeval(cputime.stime, &prstatus->pr_stime);
1474 cputime_t utime, stime;
1476 task_cputime(p, &utime, &stime);
1477 cputime_to_timeval(utime, &prstatus->pr_utime);
1478 cputime_to_timeval(stime, &prstatus->pr_stime);
1480 cputime_to_timeval(p->signal->cutime, &prstatus->pr_cutime);
1481 cputime_to_timeval(p->signal->cstime, &prstatus->pr_cstime);
1484 static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p,
1485 struct mm_struct *mm)
1487 const struct cred *cred;
1488 unsigned int i, len;
1490 /* first copy the parameters from user space */
1491 memset(psinfo, 0, sizeof(struct elf_prpsinfo));
1493 len = mm->arg_end - mm->arg_start;
1494 if (len >= ELF_PRARGSZ)
1495 len = ELF_PRARGSZ-1;
1496 if (copy_from_user(&psinfo->pr_psargs,
1497 (const char __user *)mm->arg_start, len))
1499 for(i = 0; i < len; i++)
1500 if (psinfo->pr_psargs[i] == 0)
1501 psinfo->pr_psargs[i] = ' ';
1502 psinfo->pr_psargs[len] = 0;
1505 psinfo->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1507 psinfo->pr_pid = task_pid_vnr(p);
1508 psinfo->pr_pgrp = task_pgrp_vnr(p);
1509 psinfo->pr_sid = task_session_vnr(p);
1511 i = p->state ? ffz(~p->state) + 1 : 0;
1512 psinfo->pr_state = i;
1513 psinfo->pr_sname = (i > 5) ? '.' : "RSDTZW"[i];
1514 psinfo->pr_zomb = psinfo->pr_sname == 'Z';
1515 psinfo->pr_nice = task_nice(p);
1516 psinfo->pr_flag = p->flags;
1518 cred = __task_cred(p);
1519 SET_UID(psinfo->pr_uid, from_kuid_munged(cred->user_ns, cred->uid));
1520 SET_GID(psinfo->pr_gid, from_kgid_munged(cred->user_ns, cred->gid));
1522 strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname));
1527 static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
1529 elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
1533 while (auxv[i - 2] != AT_NULL);
1534 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
1537 static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata,
1538 const siginfo_t *siginfo)
1540 mm_segment_t old_fs = get_fs();
1542 copy_siginfo_to_user((user_siginfo_t __user *) csigdata, siginfo);
1544 fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata);
1547 #define MAX_FILE_NOTE_SIZE (4*1024*1024)
1549 * Format of NT_FILE note:
1551 * long count -- how many files are mapped
1552 * long page_size -- units for file_ofs
1553 * array of [COUNT] elements of
1557 * followed by COUNT filenames in ASCII: "FILE1" NUL "FILE2" NUL...
1559 static int fill_files_note(struct memelfnote *note)
1561 struct vm_area_struct *vma;
1562 unsigned count, size, names_ofs, remaining, n;
1564 user_long_t *start_end_ofs;
1565 char *name_base, *name_curpos;
1567 /* *Estimated* file count and total data size needed */
1568 count = current->mm->map_count;
1571 names_ofs = (2 + 3 * count) * sizeof(data[0]);
1573 if (size >= MAX_FILE_NOTE_SIZE) /* paranoia check */
1575 size = round_up(size, PAGE_SIZE);
1576 data = vmalloc(size);
1580 start_end_ofs = data + 2;
1581 name_base = name_curpos = ((char *)data) + names_ofs;
1582 remaining = size - names_ofs;
1584 for (vma = current->mm->mmap; vma != NULL; vma = vma->vm_next) {
1586 const char *filename;
1588 file = vma->vm_file;
1591 filename = file_path(file, name_curpos, remaining);
1592 if (IS_ERR(filename)) {
1593 if (PTR_ERR(filename) == -ENAMETOOLONG) {
1595 size = size * 5 / 4;
1601 /* file_path() fills at the end, move name down */
1602 /* n = strlen(filename) + 1: */
1603 n = (name_curpos + remaining) - filename;
1604 remaining = filename - name_curpos;
1605 memmove(name_curpos, filename, n);
1608 *start_end_ofs++ = vma->vm_start;
1609 *start_end_ofs++ = vma->vm_end;
1610 *start_end_ofs++ = vma->vm_pgoff;
1614 /* Now we know exact count of files, can store it */
1616 data[1] = PAGE_SIZE;
1618 * Count usually is less than current->mm->map_count,
1619 * we need to move filenames down.
1621 n = current->mm->map_count - count;
1623 unsigned shift_bytes = n * 3 * sizeof(data[0]);
1624 memmove(name_base - shift_bytes, name_base,
1625 name_curpos - name_base);
1626 name_curpos -= shift_bytes;
1629 size = name_curpos - (char *)data;
1630 fill_note(note, "CORE", NT_FILE, size, data);
1634 #ifdef CORE_DUMP_USE_REGSET
1635 #include <linux/regset.h>
1637 struct elf_thread_core_info {
1638 struct elf_thread_core_info *next;
1639 struct task_struct *task;
1640 struct elf_prstatus prstatus;
1641 struct memelfnote notes[0];
1644 struct elf_note_info {
1645 struct elf_thread_core_info *thread;
1646 struct memelfnote psinfo;
1647 struct memelfnote signote;
1648 struct memelfnote auxv;
1649 struct memelfnote files;
1650 user_siginfo_t csigdata;
1656 * When a regset has a writeback hook, we call it on each thread before
1657 * dumping user memory. On register window machines, this makes sure the
1658 * user memory backing the register data is up to date before we read it.
1660 static void do_thread_regset_writeback(struct task_struct *task,
1661 const struct user_regset *regset)
1663 if (regset->writeback)
1664 regset->writeback(task, regset, 1);
1668 #define PR_REG_SIZE(S) sizeof(S)
1671 #ifndef PRSTATUS_SIZE
1672 #define PRSTATUS_SIZE(S) sizeof(S)
1676 #define PR_REG_PTR(S) (&((S)->pr_reg))
1679 #ifndef SET_PR_FPVALID
1680 #define SET_PR_FPVALID(S, V) ((S)->pr_fpvalid = (V))
1683 static int fill_thread_core_info(struct elf_thread_core_info *t,
1684 const struct user_regset_view *view,
1685 long signr, size_t *total)
1690 * NT_PRSTATUS is the one special case, because the regset data
1691 * goes into the pr_reg field inside the note contents, rather
1692 * than being the whole note contents. We fill the reset in here.
1693 * We assume that regset 0 is NT_PRSTATUS.
1695 fill_prstatus(&t->prstatus, t->task, signr);
1696 (void) view->regsets[0].get(t->task, &view->regsets[0],
1697 0, PR_REG_SIZE(t->prstatus.pr_reg),
1698 PR_REG_PTR(&t->prstatus), NULL);
1700 fill_note(&t->notes[0], "CORE", NT_PRSTATUS,
1701 PRSTATUS_SIZE(t->prstatus), &t->prstatus);
1702 *total += notesize(&t->notes[0]);
1704 do_thread_regset_writeback(t->task, &view->regsets[0]);
1707 * Each other regset might generate a note too. For each regset
1708 * that has no core_note_type or is inactive, we leave t->notes[i]
1709 * all zero and we'll know to skip writing it later.
1711 for (i = 1; i < view->n; ++i) {
1712 const struct user_regset *regset = &view->regsets[i];
1713 do_thread_regset_writeback(t->task, regset);
1714 if (regset->core_note_type && regset->get &&
1715 (!regset->active || regset->active(t->task, regset) > 0)) {
1717 size_t size = regset->n * regset->size;
1718 void *data = kmalloc(size, GFP_KERNEL);
1719 if (unlikely(!data))
1721 ret = regset->get(t->task, regset,
1722 0, size, data, NULL);
1726 if (regset->core_note_type != NT_PRFPREG)
1727 fill_note(&t->notes[i], "LINUX",
1728 regset->core_note_type,
1731 SET_PR_FPVALID(&t->prstatus, 1);
1732 fill_note(&t->notes[i], "CORE",
1733 NT_PRFPREG, size, data);
1735 *total += notesize(&t->notes[i]);
1743 static int fill_note_info(struct elfhdr *elf, int phdrs,
1744 struct elf_note_info *info,
1745 const siginfo_t *siginfo, struct pt_regs *regs)
1747 struct task_struct *dump_task = current;
1748 const struct user_regset_view *view = task_user_regset_view(dump_task);
1749 struct elf_thread_core_info *t;
1750 struct elf_prpsinfo *psinfo;
1751 struct core_thread *ct;
1755 info->thread = NULL;
1757 psinfo = kmalloc(sizeof(*psinfo), GFP_KERNEL);
1758 if (psinfo == NULL) {
1759 info->psinfo.data = NULL; /* So we don't free this wrongly */
1763 fill_note(&info->psinfo, "CORE", NT_PRPSINFO, sizeof(*psinfo), psinfo);
1766 * Figure out how many notes we're going to need for each thread.
1768 info->thread_notes = 0;
1769 for (i = 0; i < view->n; ++i)
1770 if (view->regsets[i].core_note_type != 0)
1771 ++info->thread_notes;
1774 * Sanity check. We rely on regset 0 being in NT_PRSTATUS,
1775 * since it is our one special case.
1777 if (unlikely(info->thread_notes == 0) ||
1778 unlikely(view->regsets[0].core_note_type != NT_PRSTATUS)) {
1784 * Initialize the ELF file header.
1786 fill_elf_header(elf, phdrs,
1787 view->e_machine, view->e_flags);
1790 * Allocate a structure for each thread.
1792 for (ct = &dump_task->mm->core_state->dumper; ct; ct = ct->next) {
1793 t = kzalloc(offsetof(struct elf_thread_core_info,
1794 notes[info->thread_notes]),
1800 if (ct->task == dump_task || !info->thread) {
1801 t->next = info->thread;
1805 * Make sure to keep the original task at
1806 * the head of the list.
1808 t->next = info->thread->next;
1809 info->thread->next = t;
1814 * Now fill in each thread's information.
1816 for (t = info->thread; t != NULL; t = t->next)
1817 if (!fill_thread_core_info(t, view, siginfo->si_signo, &info->size))
1821 * Fill in the two process-wide notes.
1823 fill_psinfo(psinfo, dump_task->group_leader, dump_task->mm);
1824 info->size += notesize(&info->psinfo);
1826 fill_siginfo_note(&info->signote, &info->csigdata, siginfo);
1827 info->size += notesize(&info->signote);
1829 fill_auxv_note(&info->auxv, current->mm);
1830 info->size += notesize(&info->auxv);
1832 if (fill_files_note(&info->files) == 0)
1833 info->size += notesize(&info->files);
1838 static size_t get_note_info_size(struct elf_note_info *info)
1844 * Write all the notes for each thread. When writing the first thread, the
1845 * process-wide notes are interleaved after the first thread-specific note.
1847 static int write_note_info(struct elf_note_info *info,
1848 struct coredump_params *cprm)
1851 struct elf_thread_core_info *t = info->thread;
1856 if (!writenote(&t->notes[0], cprm))
1859 if (first && !writenote(&info->psinfo, cprm))
1861 if (first && !writenote(&info->signote, cprm))
1863 if (first && !writenote(&info->auxv, cprm))
1865 if (first && info->files.data &&
1866 !writenote(&info->files, cprm))
1869 for (i = 1; i < info->thread_notes; ++i)
1870 if (t->notes[i].data &&
1871 !writenote(&t->notes[i], cprm))
1881 static void free_note_info(struct elf_note_info *info)
1883 struct elf_thread_core_info *threads = info->thread;
1886 struct elf_thread_core_info *t = threads;
1888 WARN_ON(t->notes[0].data && t->notes[0].data != &t->prstatus);
1889 for (i = 1; i < info->thread_notes; ++i)
1890 kfree(t->notes[i].data);
1893 kfree(info->psinfo.data);
1894 vfree(info->files.data);
1899 /* Here is the structure in which status of each thread is captured. */
1900 struct elf_thread_status
1902 struct list_head list;
1903 struct elf_prstatus prstatus; /* NT_PRSTATUS */
1904 elf_fpregset_t fpu; /* NT_PRFPREG */
1905 struct task_struct *thread;
1906 #ifdef ELF_CORE_COPY_XFPREGS
1907 elf_fpxregset_t xfpu; /* ELF_CORE_XFPREG_TYPE */
1909 struct memelfnote notes[3];
1914 * In order to add the specific thread information for the elf file format,
1915 * we need to keep a linked list of every threads pr_status and then create
1916 * a single section for them in the final core file.
1918 static int elf_dump_thread_status(long signr, struct elf_thread_status *t)
1921 struct task_struct *p = t->thread;
1924 fill_prstatus(&t->prstatus, p, signr);
1925 elf_core_copy_task_regs(p, &t->prstatus.pr_reg);
1927 fill_note(&t->notes[0], "CORE", NT_PRSTATUS, sizeof(t->prstatus),
1930 sz += notesize(&t->notes[0]);
1932 if ((t->prstatus.pr_fpvalid = elf_core_copy_task_fpregs(p, NULL,
1934 fill_note(&t->notes[1], "CORE", NT_PRFPREG, sizeof(t->fpu),
1937 sz += notesize(&t->notes[1]);
1940 #ifdef ELF_CORE_COPY_XFPREGS
1941 if (elf_core_copy_task_xfpregs(p, &t->xfpu)) {
1942 fill_note(&t->notes[2], "LINUX", ELF_CORE_XFPREG_TYPE,
1943 sizeof(t->xfpu), &t->xfpu);
1945 sz += notesize(&t->notes[2]);
1951 struct elf_note_info {
1952 struct memelfnote *notes;
1953 struct memelfnote *notes_files;
1954 struct elf_prstatus *prstatus; /* NT_PRSTATUS */
1955 struct elf_prpsinfo *psinfo; /* NT_PRPSINFO */
1956 struct list_head thread_list;
1957 elf_fpregset_t *fpu;
1958 #ifdef ELF_CORE_COPY_XFPREGS
1959 elf_fpxregset_t *xfpu;
1961 user_siginfo_t csigdata;
1962 int thread_status_size;
1966 static int elf_note_info_init(struct elf_note_info *info)
1968 memset(info, 0, sizeof(*info));
1969 INIT_LIST_HEAD(&info->thread_list);
1971 /* Allocate space for ELF notes */
1972 info->notes = kmalloc(8 * sizeof(struct memelfnote), GFP_KERNEL);
1975 info->psinfo = kmalloc(sizeof(*info->psinfo), GFP_KERNEL);
1978 info->prstatus = kmalloc(sizeof(*info->prstatus), GFP_KERNEL);
1979 if (!info->prstatus)
1981 info->fpu = kmalloc(sizeof(*info->fpu), GFP_KERNEL);
1984 #ifdef ELF_CORE_COPY_XFPREGS
1985 info->xfpu = kmalloc(sizeof(*info->xfpu), GFP_KERNEL);
1992 static int fill_note_info(struct elfhdr *elf, int phdrs,
1993 struct elf_note_info *info,
1994 const siginfo_t *siginfo, struct pt_regs *regs)
1996 struct list_head *t;
1997 struct core_thread *ct;
1998 struct elf_thread_status *ets;
2000 if (!elf_note_info_init(info))
2003 for (ct = current->mm->core_state->dumper.next;
2004 ct; ct = ct->next) {
2005 ets = kzalloc(sizeof(*ets), GFP_KERNEL);
2009 ets->thread = ct->task;
2010 list_add(&ets->list, &info->thread_list);
2013 list_for_each(t, &info->thread_list) {
2016 ets = list_entry(t, struct elf_thread_status, list);
2017 sz = elf_dump_thread_status(siginfo->si_signo, ets);
2018 info->thread_status_size += sz;
2020 /* now collect the dump for the current */
2021 memset(info->prstatus, 0, sizeof(*info->prstatus));
2022 fill_prstatus(info->prstatus, current, siginfo->si_signo);
2023 elf_core_copy_regs(&info->prstatus->pr_reg, regs);
2026 fill_elf_header(elf, phdrs, ELF_ARCH, ELF_CORE_EFLAGS);
2029 * Set up the notes in similar form to SVR4 core dumps made
2030 * with info from their /proc.
2033 fill_note(info->notes + 0, "CORE", NT_PRSTATUS,
2034 sizeof(*info->prstatus), info->prstatus);
2035 fill_psinfo(info->psinfo, current->group_leader, current->mm);
2036 fill_note(info->notes + 1, "CORE", NT_PRPSINFO,
2037 sizeof(*info->psinfo), info->psinfo);
2039 fill_siginfo_note(info->notes + 2, &info->csigdata, siginfo);
2040 fill_auxv_note(info->notes + 3, current->mm);
2043 if (fill_files_note(info->notes + info->numnote) == 0) {
2044 info->notes_files = info->notes + info->numnote;
2048 /* Try to dump the FPU. */
2049 info->prstatus->pr_fpvalid = elf_core_copy_task_fpregs(current, regs,
2051 if (info->prstatus->pr_fpvalid)
2052 fill_note(info->notes + info->numnote++,
2053 "CORE", NT_PRFPREG, sizeof(*info->fpu), info->fpu);
2054 #ifdef ELF_CORE_COPY_XFPREGS
2055 if (elf_core_copy_task_xfpregs(current, info->xfpu))
2056 fill_note(info->notes + info->numnote++,
2057 "LINUX", ELF_CORE_XFPREG_TYPE,
2058 sizeof(*info->xfpu), info->xfpu);
2064 static size_t get_note_info_size(struct elf_note_info *info)
2069 for (i = 0; i < info->numnote; i++)
2070 sz += notesize(info->notes + i);
2072 sz += info->thread_status_size;
2077 static int write_note_info(struct elf_note_info *info,
2078 struct coredump_params *cprm)
2081 struct list_head *t;
2083 for (i = 0; i < info->numnote; i++)
2084 if (!writenote(info->notes + i, cprm))
2087 /* write out the thread status notes section */
2088 list_for_each(t, &info->thread_list) {
2089 struct elf_thread_status *tmp =
2090 list_entry(t, struct elf_thread_status, list);
2092 for (i = 0; i < tmp->num_notes; i++)
2093 if (!writenote(&tmp->notes[i], cprm))
2100 static void free_note_info(struct elf_note_info *info)
2102 while (!list_empty(&info->thread_list)) {
2103 struct list_head *tmp = info->thread_list.next;
2105 kfree(list_entry(tmp, struct elf_thread_status, list));
2108 /* Free data possibly allocated by fill_files_note(): */
2109 if (info->notes_files)
2110 vfree(info->notes_files->data);
2112 kfree(info->prstatus);
2113 kfree(info->psinfo);
2116 #ifdef ELF_CORE_COPY_XFPREGS
2123 static struct vm_area_struct *first_vma(struct task_struct *tsk,
2124 struct vm_area_struct *gate_vma)
2126 struct vm_area_struct *ret = tsk->mm->mmap;
2133 * Helper function for iterating across a vma list. It ensures that the caller
2134 * will visit `gate_vma' prior to terminating the search.
2136 static struct vm_area_struct *next_vma(struct vm_area_struct *this_vma,
2137 struct vm_area_struct *gate_vma)
2139 struct vm_area_struct *ret;
2141 ret = this_vma->vm_next;
2144 if (this_vma == gate_vma)
2149 static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
2150 elf_addr_t e_shoff, int segs)
2152 elf->e_shoff = e_shoff;
2153 elf->e_shentsize = sizeof(*shdr4extnum);
2155 elf->e_shstrndx = SHN_UNDEF;
2157 memset(shdr4extnum, 0, sizeof(*shdr4extnum));
2159 shdr4extnum->sh_type = SHT_NULL;
2160 shdr4extnum->sh_size = elf->e_shnum;
2161 shdr4extnum->sh_link = elf->e_shstrndx;
2162 shdr4extnum->sh_info = segs;
2168 * This is a two-pass process; first we find the offsets of the bits,
2169 * and then they are actually written out. If we run out of core limit
2172 static int elf_core_dump(struct coredump_params *cprm)
2177 size_t vma_data_size = 0;
2178 struct vm_area_struct *vma, *gate_vma;
2179 struct elfhdr *elf = NULL;
2180 loff_t offset = 0, dataoff;
2181 struct elf_note_info info = { };
2182 struct elf_phdr *phdr4note = NULL;
2183 struct elf_shdr *shdr4extnum = NULL;
2186 elf_addr_t *vma_filesz = NULL;
2189 * We no longer stop all VM operations.
2191 * This is because those proceses that could possibly change map_count
2192 * or the mmap / vma pages are now blocked in do_exit on current
2193 * finishing this core dump.
2195 * Only ptrace can touch these memory addresses, but it doesn't change
2196 * the map_count or the pages allocated. So no possibility of crashing
2197 * exists while dumping the mm->vm_next areas to the core file.
2200 /* alloc memory for large data structures: too large to be on stack */
2201 elf = kmalloc(sizeof(*elf), GFP_KERNEL);
2205 * The number of segs are recored into ELF header as 16bit value.
2206 * Please check DEFAULT_MAX_MAP_COUNT definition when you modify here.
2208 segs = current->mm->map_count;
2209 segs += elf_core_extra_phdrs();
2211 gate_vma = get_gate_vma(current->mm);
2212 if (gate_vma != NULL)
2215 /* for notes section */
2218 /* If segs > PN_XNUM(0xffff), then e_phnum overflows. To avoid
2219 * this, kernel supports extended numbering. Have a look at
2220 * include/linux/elf.h for further information. */
2221 e_phnum = segs > PN_XNUM ? PN_XNUM : segs;
2224 * Collect all the non-memory information about the process for the
2225 * notes. This also sets up the file header.
2227 if (!fill_note_info(elf, e_phnum, &info, cprm->siginfo, cprm->regs))
2235 offset += sizeof(*elf); /* Elf header */
2236 offset += segs * sizeof(struct elf_phdr); /* Program headers */
2238 /* Write notes phdr entry */
2240 size_t sz = get_note_info_size(&info);
2242 sz += elf_coredump_extra_notes_size();
2244 phdr4note = kmalloc(sizeof(*phdr4note), GFP_KERNEL);
2248 fill_elf_note_phdr(phdr4note, sz, offset);
2252 dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
2254 vma_filesz = kmalloc_array(segs - 1, sizeof(*vma_filesz), GFP_KERNEL);
2258 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
2259 vma = next_vma(vma, gate_vma)) {
2260 unsigned long dump_size;
2262 dump_size = vma_dump_size(vma, cprm->mm_flags);
2263 vma_filesz[i++] = dump_size;
2264 vma_data_size += dump_size;
2267 offset += vma_data_size;
2268 offset += elf_core_extra_data_size();
2271 if (e_phnum == PN_XNUM) {
2272 shdr4extnum = kmalloc(sizeof(*shdr4extnum), GFP_KERNEL);
2275 fill_extnum_info(elf, shdr4extnum, e_shoff, segs);
2280 if (!dump_emit(cprm, elf, sizeof(*elf)))
2283 if (!dump_emit(cprm, phdr4note, sizeof(*phdr4note)))
2286 /* Write program headers for segments dump */
2287 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
2288 vma = next_vma(vma, gate_vma)) {
2289 struct elf_phdr phdr;
2291 phdr.p_type = PT_LOAD;
2292 phdr.p_offset = offset;
2293 phdr.p_vaddr = vma->vm_start;
2295 phdr.p_filesz = vma_filesz[i++];
2296 phdr.p_memsz = vma->vm_end - vma->vm_start;
2297 offset += phdr.p_filesz;
2298 phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
2299 if (vma->vm_flags & VM_WRITE)
2300 phdr.p_flags |= PF_W;
2301 if (vma->vm_flags & VM_EXEC)
2302 phdr.p_flags |= PF_X;
2303 phdr.p_align = ELF_EXEC_PAGESIZE;
2305 if (!dump_emit(cprm, &phdr, sizeof(phdr)))
2309 if (!elf_core_write_extra_phdrs(cprm, offset))
2312 /* write out the notes section */
2313 if (!write_note_info(&info, cprm))
2316 if (elf_coredump_extra_notes_write(cprm))
2320 if (!dump_skip(cprm, dataoff - cprm->written))
2323 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
2324 vma = next_vma(vma, gate_vma)) {
2328 end = vma->vm_start + vma_filesz[i++];
2330 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
2334 page = get_dump_page(addr);
2336 void *kaddr = kmap(page);
2337 stop = !dump_emit(cprm, kaddr, PAGE_SIZE);
2339 page_cache_release(page);
2341 stop = !dump_skip(cprm, PAGE_SIZE);
2346 dump_truncate(cprm);
2348 if (!elf_core_write_extra_data(cprm))
2351 if (e_phnum == PN_XNUM) {
2352 if (!dump_emit(cprm, shdr4extnum, sizeof(*shdr4extnum)))
2360 free_note_info(&info);
2369 #endif /* CONFIG_ELF_CORE */
2371 static int __init init_elf_binfmt(void)
2373 register_binfmt(&elf_format);
2377 static void __exit exit_elf_binfmt(void)
2379 /* Remove the COFF and ELF loaders. */
2380 unregister_binfmt(&elf_format);
2383 core_initcall(init_elf_binfmt);
2384 module_exit(exit_elf_binfmt);
2385 MODULE_LICENSE("GPL");
OSDN Git Service
