2 * linux/fs/binfmt_elf.c
4 * These are the functions used to load ELF format executables as used
5 * on SVr4 machines. Information on the format may be found in the book
6 * "UNIX SYSTEM V RELEASE 4 Programmers Guide: Ansi C and Programming Support
9 * Copyright 1993, 1994: Eric Youngdale (ericy@cais.com).
12 #include <linux/module.h>
13 #include <linux/kernel.h>
16 #include <linux/mman.h>
17 #include <linux/errno.h>
18 #include <linux/signal.h>
19 #include <linux/binfmts.h>
20 #include <linux/string.h>
21 #include <linux/file.h>
22 #include <linux/slab.h>
23 #include <linux/personality.h>
24 #include <linux/elfcore.h>
25 #include <linux/init.h>
26 #include <linux/highuid.h>
27 #include <linux/compiler.h>
28 #include <linux/highmem.h>
29 #include <linux/pagemap.h>
30 #include <linux/vmalloc.h>
31 #include <linux/security.h>
32 #include <linux/random.h>
33 #include <linux/elf.h>
34 #include <linux/elf-randomize.h>
35 #include <linux/utsname.h>
36 #include <linux/coredump.h>
37 #include <linux/sched.h>
38 #include <linux/dax.h>
39 #include <asm/uaccess.h>
40 #include <asm/param.h>
44 #define user_long_t long
46 #ifndef user_siginfo_t
47 #define user_siginfo_t siginfo_t
50 static int load_elf_binary(struct linux_binprm *bprm);
51 static unsigned long elf_map(struct file *, unsigned long, struct elf_phdr *,
52 int, int, unsigned long);
55 static int load_elf_library(struct file *);
57 #define load_elf_library NULL
61 * If we don't support core dumping, then supply a NULL so we
64 #ifdef CONFIG_ELF_CORE
65 static int elf_core_dump(struct coredump_params *cprm);
67 #define elf_core_dump NULL
70 #if ELF_EXEC_PAGESIZE > PAGE_SIZE
71 #define ELF_MIN_ALIGN ELF_EXEC_PAGESIZE
73 #define ELF_MIN_ALIGN PAGE_SIZE
76 #ifndef ELF_CORE_EFLAGS
77 #define ELF_CORE_EFLAGS 0
80 #define ELF_PAGESTART(_v) ((_v) & ~(unsigned long)(ELF_MIN_ALIGN-1))
81 #define ELF_PAGEOFFSET(_v) ((_v) & (ELF_MIN_ALIGN-1))
82 #define ELF_PAGEALIGN(_v) (((_v) + ELF_MIN_ALIGN - 1) & ~(ELF_MIN_ALIGN - 1))
84 static struct linux_binfmt elf_format = {
85 .module = THIS_MODULE,
86 .load_binary = load_elf_binary,
87 .load_shlib = load_elf_library,
88 .core_dump = elf_core_dump,
89 .min_coredump = ELF_EXEC_PAGESIZE,
92 #define BAD_ADDR(x) ((unsigned long)(x) >= TASK_SIZE)
94 static int set_brk(unsigned long start, unsigned long end)
96 start = ELF_PAGEALIGN(start);
97 end = ELF_PAGEALIGN(end);
100 addr = vm_brk(start, end - start);
104 current->mm->start_brk = current->mm->brk = end;
108 /* We need to explicitly zero any fractional pages
109 after the data section (i.e. bss). This would
110 contain the junk from the file that should not
113 static int padzero(unsigned long elf_bss)
117 nbyte = ELF_PAGEOFFSET(elf_bss);
119 nbyte = ELF_MIN_ALIGN - nbyte;
120 if (clear_user((void __user *) elf_bss, nbyte))
126 /* Let's use some macros to make this stack manipulation a little clearer */
127 #ifdef CONFIG_STACK_GROWSUP
128 #define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) + (items))
129 #define STACK_ROUND(sp, items) \
130 ((15 + (unsigned long) ((sp) + (items))) &~ 15UL)
131 #define STACK_ALLOC(sp, len) ({ \
132 elf_addr_t __user *old_sp = (elf_addr_t __user *)sp; sp += len; \
135 #define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) - (items))
136 #define STACK_ROUND(sp, items) \
137 (((unsigned long) (sp - items)) &~ 15UL)
138 #define STACK_ALLOC(sp, len) ({ sp -= len ; sp; })
141 #ifndef ELF_BASE_PLATFORM
143 * AT_BASE_PLATFORM indicates the "real" hardware/microarchitecture.
144 * If the arch defines ELF_BASE_PLATFORM (in asm/elf.h), the value
145 * will be copied to the user stack in the same manner as AT_PLATFORM.
147 #define ELF_BASE_PLATFORM NULL
151 create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
152 unsigned long load_addr, unsigned long interp_load_addr)
154 unsigned long p = bprm->p;
155 int argc = bprm->argc;
156 int envc = bprm->envc;
157 elf_addr_t __user *argv;
158 elf_addr_t __user *envp;
159 elf_addr_t __user *sp;
160 elf_addr_t __user *u_platform;
161 elf_addr_t __user *u_base_platform;
162 elf_addr_t __user *u_rand_bytes;
163 const char *k_platform = ELF_PLATFORM;
164 const char *k_base_platform = ELF_BASE_PLATFORM;
165 unsigned char k_rand_bytes[16];
167 elf_addr_t *elf_info;
169 const struct cred *cred = current_cred();
170 struct vm_area_struct *vma;
173 * In some cases (e.g. Hyper-Threading), we want to avoid L1
174 * evictions by the processes running on the same package. One
175 * thing we can do is to shuffle the initial stack for them.
178 p = arch_align_stack(p);
181 * If this architecture has a platform capability string, copy it
182 * to userspace. In some cases (Sparc), this info is impossible
183 * for userspace to get any other way, in others (i386) it is
188 size_t len = strlen(k_platform) + 1;
190 u_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
191 if (__copy_to_user(u_platform, k_platform, len))
196 * If this architecture has a "base" platform capability
197 * string, copy it to userspace.
199 u_base_platform = NULL;
200 if (k_base_platform) {
201 size_t len = strlen(k_base_platform) + 1;
203 u_base_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
204 if (__copy_to_user(u_base_platform, k_base_platform, len))
209 * Generate 16 random bytes for userspace PRNG seeding.
211 get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes));
212 u_rand_bytes = (elf_addr_t __user *)
213 STACK_ALLOC(p, sizeof(k_rand_bytes));
214 if (__copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes)))
217 /* Create the ELF interpreter info */
218 elf_info = (elf_addr_t *)current->mm->saved_auxv;
219 /* update AT_VECTOR_SIZE_BASE if the number of NEW_AUX_ENT() changes */
220 #define NEW_AUX_ENT(id, val) \
222 elf_info[ei_index++] = id; \
223 elf_info[ei_index++] = val; \
228 * ARCH_DLINFO must come first so PPC can do its special alignment of
230 * update AT_VECTOR_SIZE_ARCH if the number of NEW_AUX_ENT() in
231 * ARCH_DLINFO changes
235 NEW_AUX_ENT(AT_HWCAP, ELF_HWCAP);
236 NEW_AUX_ENT(AT_PAGESZ, ELF_EXEC_PAGESIZE);
237 NEW_AUX_ENT(AT_CLKTCK, CLOCKS_PER_SEC);
238 NEW_AUX_ENT(AT_PHDR, load_addr + exec->e_phoff);
239 NEW_AUX_ENT(AT_PHENT, sizeof(struct elf_phdr));
240 NEW_AUX_ENT(AT_PHNUM, exec->e_phnum);
241 NEW_AUX_ENT(AT_BASE, interp_load_addr);
242 NEW_AUX_ENT(AT_FLAGS, 0);
243 NEW_AUX_ENT(AT_ENTRY, exec->e_entry);
244 NEW_AUX_ENT(AT_UID, from_kuid_munged(cred->user_ns, cred->uid));
245 NEW_AUX_ENT(AT_EUID, from_kuid_munged(cred->user_ns, cred->euid));
246 NEW_AUX_ENT(AT_GID, from_kgid_munged(cred->user_ns, cred->gid));
247 NEW_AUX_ENT(AT_EGID, from_kgid_munged(cred->user_ns, cred->egid));
248 NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm));
249 NEW_AUX_ENT(AT_RANDOM, (elf_addr_t)(unsigned long)u_rand_bytes);
251 NEW_AUX_ENT(AT_HWCAP2, ELF_HWCAP2);
253 NEW_AUX_ENT(AT_EXECFN, bprm->exec);
255 NEW_AUX_ENT(AT_PLATFORM,
256 (elf_addr_t)(unsigned long)u_platform);
258 if (k_base_platform) {
259 NEW_AUX_ENT(AT_BASE_PLATFORM,
260 (elf_addr_t)(unsigned long)u_base_platform);
262 if (bprm->interp_flags & BINPRM_FLAGS_EXECFD) {
263 NEW_AUX_ENT(AT_EXECFD, bprm->interp_data);
266 /* AT_NULL is zero; clear the rest too */
267 memset(&elf_info[ei_index], 0,
268 sizeof current->mm->saved_auxv - ei_index * sizeof elf_info[0]);
270 /* And advance past the AT_NULL entry. */
273 sp = STACK_ADD(p, ei_index);
275 items = (argc + 1) + (envc + 1) + 1;
276 bprm->p = STACK_ROUND(sp, items);
278 /* Point sp at the lowest address on the stack */
279 #ifdef CONFIG_STACK_GROWSUP
280 sp = (elf_addr_t __user *)bprm->p - items - ei_index;
281 bprm->exec = (unsigned long)sp; /* XXX: PARISC HACK */
283 sp = (elf_addr_t __user *)bprm->p;
288 * Grow the stack manually; some architectures have a limit on how
289 * far ahead a user-space access may be in order to grow the stack.
291 vma = find_extend_vma(current->mm, bprm->p);
295 /* Now, let's put argc (and argv, envp if appropriate) on the stack */
296 if (__put_user(argc, sp++))
299 envp = argv + argc + 1;
301 /* Populate argv and envp */
302 p = current->mm->arg_end = current->mm->arg_start;
305 if (__put_user((elf_addr_t)p, argv++))
307 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
308 if (!len || len > MAX_ARG_STRLEN)
312 if (__put_user(0, argv))
314 current->mm->arg_end = current->mm->env_start = p;
317 if (__put_user((elf_addr_t)p, envp++))
319 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
320 if (!len || len > MAX_ARG_STRLEN)
324 if (__put_user(0, envp))
326 current->mm->env_end = p;
328 /* Put the elf_info on the stack in the right place. */
329 sp = (elf_addr_t __user *)envp + 1;
330 if (copy_to_user(sp, elf_info, ei_index * sizeof(elf_addr_t)))
337 static unsigned long elf_map(struct file *filep, unsigned long addr,
338 struct elf_phdr *eppnt, int prot, int type,
339 unsigned long total_size)
341 unsigned long map_addr;
342 unsigned long size = eppnt->p_filesz + ELF_PAGEOFFSET(eppnt->p_vaddr);
343 unsigned long off = eppnt->p_offset - ELF_PAGEOFFSET(eppnt->p_vaddr);
344 addr = ELF_PAGESTART(addr);
345 size = ELF_PAGEALIGN(size);
347 /* mmap() will return -EINVAL if given a zero size, but a
348 * segment with zero filesize is perfectly valid */
353 * total_size is the size of the ELF (interpreter) image.
354 * The _first_ mmap needs to know the full size, otherwise
355 * randomization might put this image into an overlapping
356 * position with the ELF binary image. (since size < total_size)
357 * So we first map the 'big' image - and unmap the remainder at
358 * the end. (which unmap is needed for ELF images with holes.)
361 total_size = ELF_PAGEALIGN(total_size);
362 map_addr = vm_mmap(filep, addr, total_size, prot, type, off);
363 if (!BAD_ADDR(map_addr))
364 vm_munmap(map_addr+size, total_size-size);
366 map_addr = vm_mmap(filep, addr, size, prot, type, off);
371 #endif /* !elf_map */
373 static unsigned long total_mapping_size(struct elf_phdr *cmds, int nr)
375 int i, first_idx = -1, last_idx = -1;
377 for (i = 0; i < nr; i++) {
378 if (cmds[i].p_type == PT_LOAD) {
387 return cmds[last_idx].p_vaddr + cmds[last_idx].p_memsz -
388 ELF_PAGESTART(cmds[first_idx].p_vaddr);
392 * load_elf_phdrs() - load ELF program headers
393 * @elf_ex: ELF header of the binary whose program headers should be loaded
394 * @elf_file: the opened ELF binary file
396 * Loads ELF program headers from the binary file elf_file, which has the ELF
397 * header pointed to by elf_ex, into a newly allocated array. The caller is
398 * responsible for freeing the allocated data. Returns an ERR_PTR upon failure.
400 static struct elf_phdr *load_elf_phdrs(struct elfhdr *elf_ex,
401 struct file *elf_file)
403 struct elf_phdr *elf_phdata = NULL;
404 int retval, size, err = -1;
407 * If the size of this structure has changed, then punt, since
408 * we will be doing the wrong thing.
410 if (elf_ex->e_phentsize != sizeof(struct elf_phdr))
413 /* Sanity check the number of program headers... */
414 if (elf_ex->e_phnum < 1 ||
415 elf_ex->e_phnum > 65536U / sizeof(struct elf_phdr))
418 /* ...and their total size. */
419 size = sizeof(struct elf_phdr) * elf_ex->e_phnum;
420 if (size > ELF_MIN_ALIGN)
423 elf_phdata = kmalloc(size, GFP_KERNEL);
427 /* Read in the program headers */
428 retval = kernel_read(elf_file, elf_ex->e_phoff,
429 (char *)elf_phdata, size);
430 if (retval != size) {
431 err = (retval < 0) ? retval : -EIO;
445 #ifndef CONFIG_ARCH_BINFMT_ELF_STATE
448 * struct arch_elf_state - arch-specific ELF loading state
450 * This structure is used to preserve architecture specific data during
451 * the loading of an ELF file, throughout the checking of architecture
452 * specific ELF headers & through to the point where the ELF load is
453 * known to be proceeding (ie. SET_PERSONALITY).
455 * This implementation is a dummy for architectures which require no
458 struct arch_elf_state {
461 #define INIT_ARCH_ELF_STATE {}
464 * arch_elf_pt_proc() - check a PT_LOPROC..PT_HIPROC ELF program header
465 * @ehdr: The main ELF header
466 * @phdr: The program header to check
467 * @elf: The open ELF file
468 * @is_interp: True if the phdr is from the interpreter of the ELF being
469 * loaded, else false.
470 * @state: Architecture-specific state preserved throughout the process
471 * of loading the ELF.
473 * Inspects the program header phdr to validate its correctness and/or
474 * suitability for the system. Called once per ELF program header in the
475 * range PT_LOPROC to PT_HIPROC, for both the ELF being loaded and its
478 * Return: Zero to proceed with the ELF load, non-zero to fail the ELF load
479 * with that return code.
481 static inline int arch_elf_pt_proc(struct elfhdr *ehdr,
482 struct elf_phdr *phdr,
483 struct file *elf, bool is_interp,
484 struct arch_elf_state *state)
486 /* Dummy implementation, always proceed */
491 * arch_check_elf() - check an ELF executable
492 * @ehdr: The main ELF header
493 * @has_interp: True if the ELF has an interpreter, else false.
494 * @interp_ehdr: The interpreter's ELF header
495 * @state: Architecture-specific state preserved throughout the process
496 * of loading the ELF.
498 * Provides a final opportunity for architecture code to reject the loading
499 * of the ELF & cause an exec syscall to return an error. This is called after
500 * all program headers to be checked by arch_elf_pt_proc have been.
502 * Return: Zero to proceed with the ELF load, non-zero to fail the ELF load
503 * with that return code.
505 static inline int arch_check_elf(struct elfhdr *ehdr, bool has_interp,
506 struct elfhdr *interp_ehdr,
507 struct arch_elf_state *state)
509 /* Dummy implementation, always proceed */
513 #endif /* !CONFIG_ARCH_BINFMT_ELF_STATE */
515 /* This is much more generalized than the library routine read function,
516 so we keep this separate. Technically the library read function
517 is only provided so that we can read a.out libraries that have
520 static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
521 struct file *interpreter, unsigned long *interp_map_addr,
522 unsigned long no_base, struct elf_phdr *interp_elf_phdata)
524 struct elf_phdr *eppnt;
525 unsigned long load_addr = 0;
526 int load_addr_set = 0;
527 unsigned long last_bss = 0, elf_bss = 0;
528 unsigned long error = ~0UL;
529 unsigned long total_size;
532 /* First of all, some simple consistency checks */
533 if (interp_elf_ex->e_type != ET_EXEC &&
534 interp_elf_ex->e_type != ET_DYN)
536 if (!elf_check_arch(interp_elf_ex))
538 if (!interpreter->f_op->mmap)
541 total_size = total_mapping_size(interp_elf_phdata,
542 interp_elf_ex->e_phnum);
548 eppnt = interp_elf_phdata;
549 for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) {
550 if (eppnt->p_type == PT_LOAD) {
551 int elf_type = MAP_PRIVATE | MAP_DENYWRITE;
553 unsigned long vaddr = 0;
554 unsigned long k, map_addr;
556 if (eppnt->p_flags & PF_R)
557 elf_prot = PROT_READ;
558 if (eppnt->p_flags & PF_W)
559 elf_prot |= PROT_WRITE;
560 if (eppnt->p_flags & PF_X)
561 elf_prot |= PROT_EXEC;
562 vaddr = eppnt->p_vaddr;
563 if (interp_elf_ex->e_type == ET_EXEC || load_addr_set)
564 elf_type |= MAP_FIXED;
565 else if (no_base && interp_elf_ex->e_type == ET_DYN)
568 map_addr = elf_map(interpreter, load_addr + vaddr,
569 eppnt, elf_prot, elf_type, total_size);
571 if (!*interp_map_addr)
572 *interp_map_addr = map_addr;
574 if (BAD_ADDR(map_addr))
577 if (!load_addr_set &&
578 interp_elf_ex->e_type == ET_DYN) {
579 load_addr = map_addr - ELF_PAGESTART(vaddr);
584 * Check to see if the section's size will overflow the
585 * allowed task size. Note that p_filesz must always be
586 * <= p_memsize so it's only necessary to check p_memsz.
588 k = load_addr + eppnt->p_vaddr;
590 eppnt->p_filesz > eppnt->p_memsz ||
591 eppnt->p_memsz > TASK_SIZE ||
592 TASK_SIZE - eppnt->p_memsz < k) {
598 * Find the end of the file mapping for this phdr, and
599 * keep track of the largest address we see for this.
601 k = load_addr + eppnt->p_vaddr + eppnt->p_filesz;
606 * Do the same thing for the memory mapping - between
607 * elf_bss and last_bss is the bss section.
609 k = load_addr + eppnt->p_vaddr + eppnt->p_memsz;
616 * Now fill out the bss section: first pad the last page from
617 * the file up to the page boundary, and zero it from elf_bss
618 * up to the end of the page.
620 if (padzero(elf_bss)) {
625 * Next, align both the file and mem bss up to the page size,
626 * since this is where elf_bss was just zeroed up to, and where
627 * last_bss will end after the vm_brk() below.
629 elf_bss = ELF_PAGEALIGN(elf_bss);
630 last_bss = ELF_PAGEALIGN(last_bss);
631 /* Finally, if there is still more bss to allocate, do it. */
632 if (last_bss > elf_bss) {
633 error = vm_brk(elf_bss, last_bss - elf_bss);
644 * These are the functions used to load ELF style executables and shared
645 * libraries. There is no binary dependent code anywhere else.
648 #ifndef STACK_RND_MASK
649 #define STACK_RND_MASK (0x7ff >> (PAGE_SHIFT - 12)) /* 8MB of VA */
652 static unsigned long randomize_stack_top(unsigned long stack_top)
654 unsigned long random_variable = 0;
656 if ((current->flags & PF_RANDOMIZE) &&
657 !(current->personality & ADDR_NO_RANDOMIZE)) {
658 random_variable = get_random_long();
659 random_variable &= STACK_RND_MASK;
660 random_variable <<= PAGE_SHIFT;
662 #ifdef CONFIG_STACK_GROWSUP
663 return PAGE_ALIGN(stack_top) + random_variable;
665 return PAGE_ALIGN(stack_top) - random_variable;
669 static int load_elf_binary(struct linux_binprm *bprm)
671 struct file *interpreter = NULL; /* to shut gcc up */
672 unsigned long load_addr = 0, load_bias = 0;
673 int load_addr_set = 0;
674 char elf_interpreter[PATH_MAX] __aligned(sizeof(long));
675 bool interp_present = false;
677 struct elf_phdr *elf_ppnt, *elf_phdata, *interp_elf_phdata = NULL;
678 unsigned long elf_bss, elf_brk;
680 unsigned long elf_entry;
681 unsigned long interp_load_addr = 0;
682 unsigned long start_code, end_code, start_data, end_data;
683 unsigned long reloc_func_desc __maybe_unused = 0;
684 int executable_stack = EXSTACK_DEFAULT;
685 struct pt_regs *regs = current_pt_regs();
687 struct elfhdr elf_ex;
688 struct elfhdr interp_elf_ex;
690 struct arch_elf_state arch_state = INIT_ARCH_ELF_STATE;
692 /* Get the exec-header */
693 loc.elf_ex = *((struct elfhdr *)bprm->buf);
696 /* First of all, some simple consistency checks */
697 if (memcmp(loc.elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
700 if (loc.elf_ex.e_type != ET_EXEC && loc.elf_ex.e_type != ET_DYN)
702 if (!elf_check_arch(&loc.elf_ex))
704 if (!bprm->file->f_op->mmap)
707 elf_phdata = load_elf_phdrs(&loc.elf_ex, bprm->file);
711 elf_ppnt = elf_phdata;
720 for (i = 0; i < loc.elf_ex.e_phnum; i++) {
721 if (elf_ppnt->p_type == PT_INTERP) {
722 /* This is the program interpreter used for
723 * shared libraries - for now assume that this
724 * is an a.out format binary
727 if (elf_ppnt->p_filesz > PATH_MAX ||
728 elf_ppnt->p_filesz < 2)
731 interp_present = true;
732 retval = kernel_read(bprm->file, elf_ppnt->p_offset,
735 if (retval != elf_ppnt->p_filesz) {
740 /* make sure path is NULL terminated */
742 if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0')
745 interpreter = open_exec(elf_interpreter);
746 retval = PTR_ERR(interpreter);
747 if (IS_ERR(interpreter))
751 * If the binary is not readable then enforce
752 * mm->dumpable = 0 regardless of the interpreter's
755 would_dump(bprm, interpreter);
757 /* Get the exec headers */
758 retval = kernel_read(interpreter, 0,
759 (void *)&loc.interp_elf_ex,
760 sizeof(loc.interp_elf_ex));
761 if (retval != sizeof(loc.interp_elf_ex)) {
764 goto out_free_dentry;
772 elf_ppnt = elf_phdata;
773 for (i = 0; i < loc.elf_ex.e_phnum; i++, elf_ppnt++)
774 switch (elf_ppnt->p_type) {
776 if (elf_ppnt->p_flags & PF_X)
777 executable_stack = EXSTACK_ENABLE_X;
779 executable_stack = EXSTACK_DISABLE_X;
782 case PT_LOPROC ... PT_HIPROC:
783 retval = arch_elf_pt_proc(&loc.elf_ex, elf_ppnt,
787 goto out_free_dentry;
791 /* Some simple consistency checks for the interpreter */
792 if (interp_present) {
794 /* Not an ELF interpreter */
795 if (memcmp(loc.interp_elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
796 goto out_free_dentry;
797 /* Verify the interpreter has a valid arch */
798 if (!elf_check_arch(&loc.interp_elf_ex))
799 goto out_free_dentry;
801 /* Load the interpreter program headers */
802 interp_elf_phdata = load_elf_phdrs(&loc.interp_elf_ex,
804 if (!interp_elf_phdata)
805 goto out_free_dentry;
807 /* Pass PT_LOPROC..PT_HIPROC headers to arch code */
808 elf_ppnt = interp_elf_phdata;
809 for (i = 0; i < loc.interp_elf_ex.e_phnum; i++, elf_ppnt++)
810 switch (elf_ppnt->p_type) {
811 case PT_LOPROC ... PT_HIPROC:
812 retval = arch_elf_pt_proc(&loc.interp_elf_ex,
813 elf_ppnt, interpreter,
816 goto out_free_dentry;
822 * Allow arch code to reject the ELF at this point, whilst it's
823 * still possible to return an error to the code that invoked
826 retval = arch_check_elf(&loc.elf_ex,
827 !!interpreter, &loc.interp_elf_ex,
830 goto out_free_dentry;
832 /* Flush all traces of the currently running executable */
833 retval = flush_old_exec(bprm);
835 goto out_free_dentry;
837 /* Do this immediately, since STACK_TOP as used in setup_arg_pages
838 may depend on the personality. */
839 SET_PERSONALITY2(loc.elf_ex, &arch_state);
840 if (elf_read_implies_exec(loc.elf_ex, executable_stack))
841 current->personality |= READ_IMPLIES_EXEC;
843 if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
844 current->flags |= PF_RANDOMIZE;
846 setup_new_exec(bprm);
847 install_exec_creds(bprm);
849 /* Do this so that we can load the interpreter, if need be. We will
850 change some of these later */
851 retval = setup_arg_pages(bprm, randomize_stack_top(STACK_TOP),
854 goto out_free_dentry;
856 current->mm->start_stack = bprm->p;
858 /* Now we do a little grungy work by mmapping the ELF image into
859 the correct location in memory. */
860 for(i = 0, elf_ppnt = elf_phdata;
861 i < loc.elf_ex.e_phnum; i++, elf_ppnt++) {
862 int elf_prot = 0, elf_flags;
863 unsigned long k, vaddr;
864 unsigned long total_size = 0;
866 if (elf_ppnt->p_type != PT_LOAD)
869 if (unlikely (elf_brk > elf_bss)) {
872 /* There was a PT_LOAD segment with p_memsz > p_filesz
873 before this one. Map anonymous pages, if needed,
874 and clear the area. */
875 retval = set_brk(elf_bss + load_bias,
876 elf_brk + load_bias);
878 goto out_free_dentry;
879 nbyte = ELF_PAGEOFFSET(elf_bss);
881 nbyte = ELF_MIN_ALIGN - nbyte;
882 if (nbyte > elf_brk - elf_bss)
883 nbyte = elf_brk - elf_bss;
884 if (clear_user((void __user *)elf_bss +
887 * This bss-zeroing can fail if the ELF
888 * file specifies odd protections. So
889 * we don't check the return value
895 if (elf_ppnt->p_flags & PF_R)
896 elf_prot |= PROT_READ;
897 if (elf_ppnt->p_flags & PF_W)
898 elf_prot |= PROT_WRITE;
899 if (elf_ppnt->p_flags & PF_X)
900 elf_prot |= PROT_EXEC;
902 elf_flags = MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE;
904 vaddr = elf_ppnt->p_vaddr;
906 * If we are loading ET_EXEC or we have already performed
907 * the ET_DYN load_addr calculations, proceed normally.
909 if (loc.elf_ex.e_type == ET_EXEC || load_addr_set) {
910 elf_flags |= MAP_FIXED;
911 } else if (loc.elf_ex.e_type == ET_DYN) {
913 * This logic is run once for the first LOAD Program
914 * Header for ET_DYN binaries to calculate the
915 * randomization (load_bias) for all the LOAD
916 * Program Headers, and to calculate the entire
917 * size of the ELF mapping (total_size). (Note that
918 * load_addr_set is set to true later once the
919 * initial mapping is performed.)
921 * There are effectively two types of ET_DYN
922 * binaries: programs (i.e. PIE: ET_DYN with INTERP)
923 * and loaders (ET_DYN without INTERP, since they
924 * _are_ the ELF interpreter). The loaders must
925 * be loaded away from programs since the program
926 * may otherwise collide with the loader (especially
927 * for ET_EXEC which does not have a randomized
928 * position). For example to handle invocations of
929 * "./ld.so someprog" to test out a new version of
930 * the loader, the subsequent program that the
931 * loader loads must avoid the loader itself, so
932 * they cannot share the same load range. Sufficient
933 * room for the brk must be allocated with the
934 * loader as well, since brk must be available with
937 * Therefore, programs are loaded offset from
938 * ELF_ET_DYN_BASE and loaders are loaded into the
939 * independently randomized mmap region (0 load_bias
940 * without MAP_FIXED).
942 if (interp_present) {
943 load_bias = ELF_ET_DYN_BASE;
944 if (current->flags & PF_RANDOMIZE)
945 load_bias += arch_mmap_rnd();
946 elf_flags |= MAP_FIXED;
951 * Since load_bias is used for all subsequent loading
952 * calculations, we must lower it by the first vaddr
953 * so that the remaining calculations based on the
954 * ELF vaddrs will be correctly offset. The result
955 * is then page aligned.
957 load_bias = ELF_PAGESTART(load_bias - vaddr);
959 total_size = total_mapping_size(elf_phdata,
963 goto out_free_dentry;
967 error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
968 elf_prot, elf_flags, total_size);
969 if (BAD_ADDR(error)) {
970 retval = IS_ERR((void *)error) ?
971 PTR_ERR((void*)error) : -EINVAL;
972 goto out_free_dentry;
975 if (!load_addr_set) {
977 load_addr = (elf_ppnt->p_vaddr - elf_ppnt->p_offset);
978 if (loc.elf_ex.e_type == ET_DYN) {
980 ELF_PAGESTART(load_bias + vaddr);
981 load_addr += load_bias;
982 reloc_func_desc = load_bias;
985 k = elf_ppnt->p_vaddr;
992 * Check to see if the section's size will overflow the
993 * allowed task size. Note that p_filesz must always be
994 * <= p_memsz so it is only necessary to check p_memsz.
996 if (BAD_ADDR(k) || elf_ppnt->p_filesz > elf_ppnt->p_memsz ||
997 elf_ppnt->p_memsz > TASK_SIZE ||
998 TASK_SIZE - elf_ppnt->p_memsz < k) {
999 /* set_brk can never work. Avoid overflows. */
1001 goto out_free_dentry;
1004 k = elf_ppnt->p_vaddr + elf_ppnt->p_filesz;
1008 if ((elf_ppnt->p_flags & PF_X) && end_code < k)
1012 k = elf_ppnt->p_vaddr + elf_ppnt->p_memsz;
1017 loc.elf_ex.e_entry += load_bias;
1018 elf_bss += load_bias;
1019 elf_brk += load_bias;
1020 start_code += load_bias;
1021 end_code += load_bias;
1022 start_data += load_bias;
1023 end_data += load_bias;
1025 /* Calling set_brk effectively mmaps the pages that we need
1026 * for the bss and break sections. We must do this before
1027 * mapping in the interpreter, to make sure it doesn't wind
1028 * up getting placed where the bss needs to go.
1030 retval = set_brk(elf_bss, elf_brk);
1032 goto out_free_dentry;
1033 if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
1034 retval = -EFAULT; /* Nobody gets to see this, but.. */
1035 goto out_free_dentry;
1038 if (interp_present) {
1039 unsigned long interp_map_addr = 0;
1041 elf_entry = load_elf_interp(&loc.interp_elf_ex,
1044 load_bias, interp_elf_phdata);
1045 if (!IS_ERR((void *)elf_entry)) {
1047 * load_elf_interp() returns relocation
1050 interp_load_addr = elf_entry;
1051 elf_entry += loc.interp_elf_ex.e_entry;
1053 if (BAD_ADDR(elf_entry)) {
1054 retval = IS_ERR((void *)elf_entry) ?
1055 (int)elf_entry : -EINVAL;
1056 goto out_free_dentry;
1058 reloc_func_desc = interp_load_addr;
1060 allow_write_access(interpreter);
1063 elf_entry = loc.elf_ex.e_entry;
1064 if (BAD_ADDR(elf_entry)) {
1066 goto out_free_dentry;
1070 kfree(interp_elf_phdata);
1073 set_binfmt(&elf_format);
1075 #ifdef ARCH_HAS_SETUP_ADDITIONAL_PAGES
1076 retval = arch_setup_additional_pages(bprm, interp_present);
1079 #endif /* ARCH_HAS_SETUP_ADDITIONAL_PAGES */
1081 retval = create_elf_tables(bprm, &loc.elf_ex,
1082 load_addr, interp_load_addr);
1085 /* N.B. passed_fileno might not be initialized? */
1086 current->mm->end_code = end_code;
1087 current->mm->start_code = start_code;
1088 current->mm->start_data = start_data;
1089 current->mm->end_data = end_data;
1090 current->mm->start_stack = bprm->p;
1092 if ((current->flags & PF_RANDOMIZE) && (randomize_va_space > 1)) {
1093 current->mm->brk = current->mm->start_brk =
1094 arch_randomize_brk(current->mm);
1095 #ifdef compat_brk_randomized
1096 current->brk_randomized = 1;
1100 if (current->personality & MMAP_PAGE_ZERO) {
1101 /* Why this, you ask??? Well SVr4 maps page 0 as read-only,
1102 and some applications "depend" upon this behavior.
1103 Since we do not have the power to recompile these, we
1104 emulate the SVr4 behavior. Sigh. */
1105 error = vm_mmap(NULL, 0, PAGE_SIZE, PROT_READ | PROT_EXEC,
1106 MAP_FIXED | MAP_PRIVATE, 0);
1109 #ifdef ELF_PLAT_INIT
1111 * The ABI may specify that certain registers be set up in special
1112 * ways (on i386 %edx is the address of a DT_FINI function, for
1113 * example. In addition, it may also specify (eg, PowerPC64 ELF)
1114 * that the e_entry field is the address of the function descriptor
1115 * for the startup routine, rather than the address of the startup
1116 * routine itself. This macro performs whatever initialization to
1117 * the regs structure is required as well as any relocations to the
1118 * function descriptor entries when executing dynamically links apps.
1120 ELF_PLAT_INIT(regs, reloc_func_desc);
1123 start_thread(regs, elf_entry, bprm->p);
1130 kfree(interp_elf_phdata);
1131 allow_write_access(interpreter);
1139 #ifdef CONFIG_USELIB
1140 /* This is really simpleminded and specialized - we are loading an
1141 a.out library that is given an ELF header. */
1142 static int load_elf_library(struct file *file)
1144 struct elf_phdr *elf_phdata;
1145 struct elf_phdr *eppnt;
1146 unsigned long elf_bss, bss, len;
1147 int retval, error, i, j;
1148 struct elfhdr elf_ex;
1151 retval = kernel_read(file, 0, (char *)&elf_ex, sizeof(elf_ex));
1152 if (retval != sizeof(elf_ex))
1155 if (memcmp(elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
1158 /* First of all, some simple consistency checks */
1159 if (elf_ex.e_type != ET_EXEC || elf_ex.e_phnum > 2 ||
1160 !elf_check_arch(&elf_ex) || !file->f_op->mmap)
1163 /* Now read in all of the header information */
1165 j = sizeof(struct elf_phdr) * elf_ex.e_phnum;
1166 /* j < ELF_MIN_ALIGN because elf_ex.e_phnum <= 2 */
1169 elf_phdata = kmalloc(j, GFP_KERNEL);
1175 retval = kernel_read(file, elf_ex.e_phoff, (char *)eppnt, j);
1179 for (j = 0, i = 0; i<elf_ex.e_phnum; i++)
1180 if ((eppnt + i)->p_type == PT_LOAD)
1185 while (eppnt->p_type != PT_LOAD)
1188 /* Now use mmap to map the library into memory. */
1189 error = vm_mmap(file,
1190 ELF_PAGESTART(eppnt->p_vaddr),
1192 ELF_PAGEOFFSET(eppnt->p_vaddr)),
1193 PROT_READ | PROT_WRITE | PROT_EXEC,
1194 MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE,
1196 ELF_PAGEOFFSET(eppnt->p_vaddr)));
1197 if (error != ELF_PAGESTART(eppnt->p_vaddr))
1200 elf_bss = eppnt->p_vaddr + eppnt->p_filesz;
1201 if (padzero(elf_bss)) {
1206 len = ELF_PAGEALIGN(eppnt->p_filesz + eppnt->p_vaddr);
1207 bss = ELF_PAGEALIGN(eppnt->p_memsz + eppnt->p_vaddr);
1209 error = vm_brk(len, bss - len);
1210 if (BAD_ADDR(error))
1220 #endif /* #ifdef CONFIG_USELIB */
1222 #ifdef CONFIG_ELF_CORE
1226 * Modelled on fs/exec.c:aout_core_dump()
1227 * Jeremy Fitzhardinge <jeremy@sw.oz.au>
1231 * The purpose of always_dump_vma() is to make sure that special kernel mappings
1232 * that are useful for post-mortem analysis are included in every core dump.
1233 * In that way we ensure that the core dump is fully interpretable later
1234 * without matching up the same kernel and hardware config to see what PC values
1235 * meant. These special mappings include - vDSO, vsyscall, and other
1236 * architecture specific mappings
1238 static bool always_dump_vma(struct vm_area_struct *vma)
1240 /* Any vsyscall mappings? */
1241 if (vma == get_gate_vma(vma->vm_mm))
1245 * Assume that all vmas with a .name op should always be dumped.
1246 * If this changes, a new vm_ops field can easily be added.
1248 if (vma->vm_ops && vma->vm_ops->name && vma->vm_ops->name(vma))
1252 * arch_vma_name() returns non-NULL for special architecture mappings,
1253 * such as vDSO sections.
1255 if (arch_vma_name(vma))
1262 * Decide what to dump of a segment, part, all or none.
1264 static unsigned long vma_dump_size(struct vm_area_struct *vma,
1265 unsigned long mm_flags)
1267 #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type))
1269 /* always dump the vdso and vsyscall sections */
1270 if (always_dump_vma(vma))
1273 if (vma->vm_flags & VM_DONTDUMP)
1276 /* support for DAX */
1277 if (vma_is_dax(vma)) {
1278 if ((vma->vm_flags & VM_SHARED) && FILTER(DAX_SHARED))
1280 if (!(vma->vm_flags & VM_SHARED) && FILTER(DAX_PRIVATE))
1285 /* Hugetlb memory check */
1286 if (vma->vm_flags & VM_HUGETLB) {
1287 if ((vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_SHARED))
1289 if (!(vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_PRIVATE))
1294 /* Do not dump I/O mapped devices or special mappings */
1295 if (vma->vm_flags & VM_IO)
1298 /* By default, dump shared memory if mapped from an anonymous file. */
1299 if (vma->vm_flags & VM_SHARED) {
1300 if (file_inode(vma->vm_file)->i_nlink == 0 ?
1301 FILTER(ANON_SHARED) : FILTER(MAPPED_SHARED))
1306 /* Dump segments that have been written to. */
1307 if (vma->anon_vma && FILTER(ANON_PRIVATE))
1309 if (vma->vm_file == NULL)
1312 if (FILTER(MAPPED_PRIVATE))
1316 * If this looks like the beginning of a DSO or executable mapping,
1317 * check for an ELF header. If we find one, dump the first page to
1318 * aid in determining what was mapped here.
1320 if (FILTER(ELF_HEADERS) &&
1321 vma->vm_pgoff == 0 && (vma->vm_flags & VM_READ)) {
1322 u32 __user *header = (u32 __user *) vma->vm_start;
1324 mm_segment_t fs = get_fs();
1326 * Doing it this way gets the constant folded by GCC.
1330 char elfmag[SELFMAG];
1332 BUILD_BUG_ON(SELFMAG != sizeof word);
1333 magic.elfmag[EI_MAG0] = ELFMAG0;
1334 magic.elfmag[EI_MAG1] = ELFMAG1;
1335 magic.elfmag[EI_MAG2] = ELFMAG2;
1336 magic.elfmag[EI_MAG3] = ELFMAG3;
1338 * Switch to the user "segment" for get_user(),
1339 * then put back what elf_core_dump() had in place.
1342 if (unlikely(get_user(word, header)))
1345 if (word == magic.cmp)
1354 return vma->vm_end - vma->vm_start;
1357 /* An ELF note in memory */
1362 unsigned int datasz;
1366 static int notesize(struct memelfnote *en)
1370 sz = sizeof(struct elf_note);
1371 sz += roundup(strlen(en->name) + 1, 4);
1372 sz += roundup(en->datasz, 4);
1377 static int writenote(struct memelfnote *men, struct coredump_params *cprm)
1380 en.n_namesz = strlen(men->name) + 1;
1381 en.n_descsz = men->datasz;
1382 en.n_type = men->type;
1384 return dump_emit(cprm, &en, sizeof(en)) &&
1385 dump_emit(cprm, men->name, en.n_namesz) && dump_align(cprm, 4) &&
1386 dump_emit(cprm, men->data, men->datasz) && dump_align(cprm, 4);
1389 static void fill_elf_header(struct elfhdr *elf, int segs,
1390 u16 machine, u32 flags)
1392 memset(elf, 0, sizeof(*elf));
1394 memcpy(elf->e_ident, ELFMAG, SELFMAG);
1395 elf->e_ident[EI_CLASS] = ELF_CLASS;
1396 elf->e_ident[EI_DATA] = ELF_DATA;
1397 elf->e_ident[EI_VERSION] = EV_CURRENT;
1398 elf->e_ident[EI_OSABI] = ELF_OSABI;
1400 elf->e_type = ET_CORE;
1401 elf->e_machine = machine;
1402 elf->e_version = EV_CURRENT;
1403 elf->e_phoff = sizeof(struct elfhdr);
1404 elf->e_flags = flags;
1405 elf->e_ehsize = sizeof(struct elfhdr);
1406 elf->e_phentsize = sizeof(struct elf_phdr);
1407 elf->e_phnum = segs;
1412 static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, loff_t offset)
1414 phdr->p_type = PT_NOTE;
1415 phdr->p_offset = offset;
1418 phdr->p_filesz = sz;
1425 static void fill_note(struct memelfnote *note, const char *name, int type,
1426 unsigned int sz, void *data)
1436 * fill up all the fields in prstatus from the given task struct, except
1437 * registers which need to be filled up separately.
1439 static void fill_prstatus(struct elf_prstatus *prstatus,
1440 struct task_struct *p, long signr)
1442 prstatus->pr_info.si_signo = prstatus->pr_cursig = signr;
1443 prstatus->pr_sigpend = p->pending.signal.sig[0];
1444 prstatus->pr_sighold = p->blocked.sig[0];
1446 prstatus->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1448 prstatus->pr_pid = task_pid_vnr(p);
1449 prstatus->pr_pgrp = task_pgrp_vnr(p);
1450 prstatus->pr_sid = task_session_vnr(p);
1451 if (thread_group_leader(p)) {
1452 struct task_cputime cputime;
1455 * This is the record for the group leader. It shows the
1456 * group-wide total, not its individual thread total.
1458 thread_group_cputime(p, &cputime);
1459 cputime_to_timeval(cputime.utime, &prstatus->pr_utime);
1460 cputime_to_timeval(cputime.stime, &prstatus->pr_stime);
1462 cputime_t utime, stime;
1464 task_cputime(p, &utime, &stime);
1465 cputime_to_timeval(utime, &prstatus->pr_utime);
1466 cputime_to_timeval(stime, &prstatus->pr_stime);
1468 cputime_to_timeval(p->signal->cutime, &prstatus->pr_cutime);
1469 cputime_to_timeval(p->signal->cstime, &prstatus->pr_cstime);
1472 static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p,
1473 struct mm_struct *mm)
1475 const struct cred *cred;
1476 unsigned int i, len;
1478 /* first copy the parameters from user space */
1479 memset(psinfo, 0, sizeof(struct elf_prpsinfo));
1481 len = mm->arg_end - mm->arg_start;
1482 if (len >= ELF_PRARGSZ)
1483 len = ELF_PRARGSZ-1;
1484 if (copy_from_user(&psinfo->pr_psargs,
1485 (const char __user *)mm->arg_start, len))
1487 for(i = 0; i < len; i++)
1488 if (psinfo->pr_psargs[i] == 0)
1489 psinfo->pr_psargs[i] = ' ';
1490 psinfo->pr_psargs[len] = 0;
1493 psinfo->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1495 psinfo->pr_pid = task_pid_vnr(p);
1496 psinfo->pr_pgrp = task_pgrp_vnr(p);
1497 psinfo->pr_sid = task_session_vnr(p);
1499 i = p->state ? ffz(~p->state) + 1 : 0;
1500 psinfo->pr_state = i;
1501 psinfo->pr_sname = (i > 5) ? '.' : "RSDTZW"[i];
1502 psinfo->pr_zomb = psinfo->pr_sname == 'Z';
1503 psinfo->pr_nice = task_nice(p);
1504 psinfo->pr_flag = p->flags;
1506 cred = __task_cred(p);
1507 SET_UID(psinfo->pr_uid, from_kuid_munged(cred->user_ns, cred->uid));
1508 SET_GID(psinfo->pr_gid, from_kgid_munged(cred->user_ns, cred->gid));
1510 strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname));
1515 static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
1517 elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
1521 while (auxv[i - 2] != AT_NULL);
1522 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
1525 static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata,
1526 const siginfo_t *siginfo)
1528 mm_segment_t old_fs = get_fs();
1530 copy_siginfo_to_user((user_siginfo_t __user *) csigdata, siginfo);
1532 fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata);
1535 #define MAX_FILE_NOTE_SIZE (4*1024*1024)
1537 * Format of NT_FILE note:
1539 * long count -- how many files are mapped
1540 * long page_size -- units for file_ofs
1541 * array of [COUNT] elements of
1545 * followed by COUNT filenames in ASCII: "FILE1" NUL "FILE2" NUL...
1547 static int fill_files_note(struct memelfnote *note)
1549 struct vm_area_struct *vma;
1550 unsigned count, size, names_ofs, remaining, n;
1552 user_long_t *start_end_ofs;
1553 char *name_base, *name_curpos;
1555 /* *Estimated* file count and total data size needed */
1556 count = current->mm->map_count;
1559 names_ofs = (2 + 3 * count) * sizeof(data[0]);
1561 if (size >= MAX_FILE_NOTE_SIZE) /* paranoia check */
1563 size = round_up(size, PAGE_SIZE);
1564 data = vmalloc(size);
1568 start_end_ofs = data + 2;
1569 name_base = name_curpos = ((char *)data) + names_ofs;
1570 remaining = size - names_ofs;
1572 for (vma = current->mm->mmap; vma != NULL; vma = vma->vm_next) {
1574 const char *filename;
1576 file = vma->vm_file;
1579 filename = file_path(file, name_curpos, remaining);
1580 if (IS_ERR(filename)) {
1581 if (PTR_ERR(filename) == -ENAMETOOLONG) {
1583 size = size * 5 / 4;
1589 /* file_path() fills at the end, move name down */
1590 /* n = strlen(filename) + 1: */
1591 n = (name_curpos + remaining) - filename;
1592 remaining = filename - name_curpos;
1593 memmove(name_curpos, filename, n);
1596 *start_end_ofs++ = vma->vm_start;
1597 *start_end_ofs++ = vma->vm_end;
1598 *start_end_ofs++ = vma->vm_pgoff;
1602 /* Now we know exact count of files, can store it */
1604 data[1] = PAGE_SIZE;
1606 * Count usually is less than current->mm->map_count,
1607 * we need to move filenames down.
1609 n = current->mm->map_count - count;
1611 unsigned shift_bytes = n * 3 * sizeof(data[0]);
1612 memmove(name_base - shift_bytes, name_base,
1613 name_curpos - name_base);
1614 name_curpos -= shift_bytes;
1617 size = name_curpos - (char *)data;
1618 fill_note(note, "CORE", NT_FILE, size, data);
1622 #ifdef CORE_DUMP_USE_REGSET
1623 #include <linux/regset.h>
1625 struct elf_thread_core_info {
1626 struct elf_thread_core_info *next;
1627 struct task_struct *task;
1628 struct elf_prstatus prstatus;
1629 struct memelfnote notes[0];
1632 struct elf_note_info {
1633 struct elf_thread_core_info *thread;
1634 struct memelfnote psinfo;
1635 struct memelfnote signote;
1636 struct memelfnote auxv;
1637 struct memelfnote files;
1638 user_siginfo_t csigdata;
1644 * When a regset has a writeback hook, we call it on each thread before
1645 * dumping user memory. On register window machines, this makes sure the
1646 * user memory backing the register data is up to date before we read it.
1648 static void do_thread_regset_writeback(struct task_struct *task,
1649 const struct user_regset *regset)
1651 if (regset->writeback)
1652 regset->writeback(task, regset, 1);
1656 #define PR_REG_SIZE(S) sizeof(S)
1659 #ifndef PRSTATUS_SIZE
1660 #define PRSTATUS_SIZE(S) sizeof(S)
1664 #define PR_REG_PTR(S) (&((S)->pr_reg))
1667 #ifndef SET_PR_FPVALID
1668 #define SET_PR_FPVALID(S, V) ((S)->pr_fpvalid = (V))
1671 static int fill_thread_core_info(struct elf_thread_core_info *t,
1672 const struct user_regset_view *view,
1673 long signr, size_t *total)
1678 * NT_PRSTATUS is the one special case, because the regset data
1679 * goes into the pr_reg field inside the note contents, rather
1680 * than being the whole note contents. We fill the reset in here.
1681 * We assume that regset 0 is NT_PRSTATUS.
1683 fill_prstatus(&t->prstatus, t->task, signr);
1684 (void) view->regsets[0].get(t->task, &view->regsets[0],
1685 0, PR_REG_SIZE(t->prstatus.pr_reg),
1686 PR_REG_PTR(&t->prstatus), NULL);
1688 fill_note(&t->notes[0], "CORE", NT_PRSTATUS,
1689 PRSTATUS_SIZE(t->prstatus), &t->prstatus);
1690 *total += notesize(&t->notes[0]);
1692 do_thread_regset_writeback(t->task, &view->regsets[0]);
1695 * Each other regset might generate a note too. For each regset
1696 * that has no core_note_type or is inactive, we leave t->notes[i]
1697 * all zero and we'll know to skip writing it later.
1699 for (i = 1; i < view->n; ++i) {
1700 const struct user_regset *regset = &view->regsets[i];
1701 do_thread_regset_writeback(t->task, regset);
1702 if (regset->core_note_type && regset->get &&
1703 (!regset->active || regset->active(t->task, regset) > 0)) {
1705 size_t size = regset->n * regset->size;
1706 void *data = kmalloc(size, GFP_KERNEL);
1707 if (unlikely(!data))
1709 ret = regset->get(t->task, regset,
1710 0, size, data, NULL);
1714 if (regset->core_note_type != NT_PRFPREG)
1715 fill_note(&t->notes[i], "LINUX",
1716 regset->core_note_type,
1719 SET_PR_FPVALID(&t->prstatus, 1);
1720 fill_note(&t->notes[i], "CORE",
1721 NT_PRFPREG, size, data);
1723 *total += notesize(&t->notes[i]);
1731 static int fill_note_info(struct elfhdr *elf, int phdrs,
1732 struct elf_note_info *info,
1733 const siginfo_t *siginfo, struct pt_regs *regs)
1735 struct task_struct *dump_task = current;
1736 const struct user_regset_view *view = task_user_regset_view(dump_task);
1737 struct elf_thread_core_info *t;
1738 struct elf_prpsinfo *psinfo;
1739 struct core_thread *ct;
1743 info->thread = NULL;
1745 psinfo = kmalloc(sizeof(*psinfo), GFP_KERNEL);
1746 if (psinfo == NULL) {
1747 info->psinfo.data = NULL; /* So we don't free this wrongly */
1751 fill_note(&info->psinfo, "CORE", NT_PRPSINFO, sizeof(*psinfo), psinfo);
1754 * Figure out how many notes we're going to need for each thread.
1756 info->thread_notes = 0;
1757 for (i = 0; i < view->n; ++i)
1758 if (view->regsets[i].core_note_type != 0)
1759 ++info->thread_notes;
1762 * Sanity check. We rely on regset 0 being in NT_PRSTATUS,
1763 * since it is our one special case.
1765 if (unlikely(info->thread_notes == 0) ||
1766 unlikely(view->regsets[0].core_note_type != NT_PRSTATUS)) {
1772 * Initialize the ELF file header.
1774 fill_elf_header(elf, phdrs,
1775 view->e_machine, view->e_flags);
1778 * Allocate a structure for each thread.
1780 for (ct = &dump_task->mm->core_state->dumper; ct; ct = ct->next) {
1781 t = kzalloc(offsetof(struct elf_thread_core_info,
1782 notes[info->thread_notes]),
1788 if (ct->task == dump_task || !info->thread) {
1789 t->next = info->thread;
1793 * Make sure to keep the original task at
1794 * the head of the list.
1796 t->next = info->thread->next;
1797 info->thread->next = t;
1802 * Now fill in each thread's information.
1804 for (t = info->thread; t != NULL; t = t->next)
1805 if (!fill_thread_core_info(t, view, siginfo->si_signo, &info->size))
1809 * Fill in the two process-wide notes.
1811 fill_psinfo(psinfo, dump_task->group_leader, dump_task->mm);
1812 info->size += notesize(&info->psinfo);
1814 fill_siginfo_note(&info->signote, &info->csigdata, siginfo);
1815 info->size += notesize(&info->signote);
1817 fill_auxv_note(&info->auxv, current->mm);
1818 info->size += notesize(&info->auxv);
1820 if (fill_files_note(&info->files) == 0)
1821 info->size += notesize(&info->files);
1826 static size_t get_note_info_size(struct elf_note_info *info)
1832 * Write all the notes for each thread. When writing the first thread, the
1833 * process-wide notes are interleaved after the first thread-specific note.
1835 static int write_note_info(struct elf_note_info *info,
1836 struct coredump_params *cprm)
1839 struct elf_thread_core_info *t = info->thread;
1844 if (!writenote(&t->notes[0], cprm))
1847 if (first && !writenote(&info->psinfo, cprm))
1849 if (first && !writenote(&info->signote, cprm))
1851 if (first && !writenote(&info->auxv, cprm))
1853 if (first && info->files.data &&
1854 !writenote(&info->files, cprm))
1857 for (i = 1; i < info->thread_notes; ++i)
1858 if (t->notes[i].data &&
1859 !writenote(&t->notes[i], cprm))
1869 static void free_note_info(struct elf_note_info *info)
1871 struct elf_thread_core_info *threads = info->thread;
1874 struct elf_thread_core_info *t = threads;
1876 WARN_ON(t->notes[0].data && t->notes[0].data != &t->prstatus);
1877 for (i = 1; i < info->thread_notes; ++i)
1878 kfree(t->notes[i].data);
1881 kfree(info->psinfo.data);
1882 vfree(info->files.data);
1887 /* Here is the structure in which status of each thread is captured. */
1888 struct elf_thread_status
1890 struct list_head list;
1891 struct elf_prstatus prstatus; /* NT_PRSTATUS */
1892 elf_fpregset_t fpu; /* NT_PRFPREG */
1893 struct task_struct *thread;
1894 #ifdef ELF_CORE_COPY_XFPREGS
1895 elf_fpxregset_t xfpu; /* ELF_CORE_XFPREG_TYPE */
1897 struct memelfnote notes[3];
1902 * In order to add the specific thread information for the elf file format,
1903 * we need to keep a linked list of every threads pr_status and then create
1904 * a single section for them in the final core file.
1906 static int elf_dump_thread_status(long signr, struct elf_thread_status *t)
1909 struct task_struct *p = t->thread;
1912 fill_prstatus(&t->prstatus, p, signr);
1913 elf_core_copy_task_regs(p, &t->prstatus.pr_reg);
1915 fill_note(&t->notes[0], "CORE", NT_PRSTATUS, sizeof(t->prstatus),
1918 sz += notesize(&t->notes[0]);
1920 if ((t->prstatus.pr_fpvalid = elf_core_copy_task_fpregs(p, NULL,
1922 fill_note(&t->notes[1], "CORE", NT_PRFPREG, sizeof(t->fpu),
1925 sz += notesize(&t->notes[1]);
1928 #ifdef ELF_CORE_COPY_XFPREGS
1929 if (elf_core_copy_task_xfpregs(p, &t->xfpu)) {
1930 fill_note(&t->notes[2], "LINUX", ELF_CORE_XFPREG_TYPE,
1931 sizeof(t->xfpu), &t->xfpu);
1933 sz += notesize(&t->notes[2]);
1939 struct elf_note_info {
1940 struct memelfnote *notes;
1941 struct memelfnote *notes_files;
1942 struct elf_prstatus *prstatus; /* NT_PRSTATUS */
1943 struct elf_prpsinfo *psinfo; /* NT_PRPSINFO */
1944 struct list_head thread_list;
1945 elf_fpregset_t *fpu;
1946 #ifdef ELF_CORE_COPY_XFPREGS
1947 elf_fpxregset_t *xfpu;
1949 user_siginfo_t csigdata;
1950 int thread_status_size;
1954 static int elf_note_info_init(struct elf_note_info *info)
1956 memset(info, 0, sizeof(*info));
1957 INIT_LIST_HEAD(&info->thread_list);
1959 /* Allocate space for ELF notes */
1960 info->notes = kmalloc(8 * sizeof(struct memelfnote), GFP_KERNEL);
1963 info->psinfo = kmalloc(sizeof(*info->psinfo), GFP_KERNEL);
1966 info->prstatus = kmalloc(sizeof(*info->prstatus), GFP_KERNEL);
1967 if (!info->prstatus)
1969 info->fpu = kmalloc(sizeof(*info->fpu), GFP_KERNEL);
1972 #ifdef ELF_CORE_COPY_XFPREGS
1973 info->xfpu = kmalloc(sizeof(*info->xfpu), GFP_KERNEL);
1980 static int fill_note_info(struct elfhdr *elf, int phdrs,
1981 struct elf_note_info *info,
1982 const siginfo_t *siginfo, struct pt_regs *regs)
1984 struct list_head *t;
1985 struct core_thread *ct;
1986 struct elf_thread_status *ets;
1988 if (!elf_note_info_init(info))
1991 for (ct = current->mm->core_state->dumper.next;
1992 ct; ct = ct->next) {
1993 ets = kzalloc(sizeof(*ets), GFP_KERNEL);
1997 ets->thread = ct->task;
1998 list_add(&ets->list, &info->thread_list);
2001 list_for_each(t, &info->thread_list) {
2004 ets = list_entry(t, struct elf_thread_status, list);
2005 sz = elf_dump_thread_status(siginfo->si_signo, ets);
2006 info->thread_status_size += sz;
2008 /* now collect the dump for the current */
2009 memset(info->prstatus, 0, sizeof(*info->prstatus));
2010 fill_prstatus(info->prstatus, current, siginfo->si_signo);
2011 elf_core_copy_regs(&info->prstatus->pr_reg, regs);
2014 fill_elf_header(elf, phdrs, ELF_ARCH, ELF_CORE_EFLAGS);
2017 * Set up the notes in similar form to SVR4 core dumps made
2018 * with info from their /proc.
2021 fill_note(info->notes + 0, "CORE", NT_PRSTATUS,
2022 sizeof(*info->prstatus), info->prstatus);
2023 fill_psinfo(info->psinfo, current->group_leader, current->mm);
2024 fill_note(info->notes + 1, "CORE", NT_PRPSINFO,
2025 sizeof(*info->psinfo), info->psinfo);
2027 fill_siginfo_note(info->notes + 2, &info->csigdata, siginfo);
2028 fill_auxv_note(info->notes + 3, current->mm);
2031 if (fill_files_note(info->notes + info->numnote) == 0) {
2032 info->notes_files = info->notes + info->numnote;
2036 /* Try to dump the FPU. */
2037 info->prstatus->pr_fpvalid = elf_core_copy_task_fpregs(current, regs,
2039 if (info->prstatus->pr_fpvalid)
2040 fill_note(info->notes + info->numnote++,
2041 "CORE", NT_PRFPREG, sizeof(*info->fpu), info->fpu);
2042 #ifdef ELF_CORE_COPY_XFPREGS
2043 if (elf_core_copy_task_xfpregs(current, info->xfpu))
2044 fill_note(info->notes + info->numnote++,
2045 "LINUX", ELF_CORE_XFPREG_TYPE,
2046 sizeof(*info->xfpu), info->xfpu);
2052 static size_t get_note_info_size(struct elf_note_info *info)
2057 for (i = 0; i < info->numnote; i++)
2058 sz += notesize(info->notes + i);
2060 sz += info->thread_status_size;
2065 static int write_note_info(struct elf_note_info *info,
2066 struct coredump_params *cprm)
2069 struct list_head *t;
2071 for (i = 0; i < info->numnote; i++)
2072 if (!writenote(info->notes + i, cprm))
2075 /* write out the thread status notes section */
2076 list_for_each(t, &info->thread_list) {
2077 struct elf_thread_status *tmp =
2078 list_entry(t, struct elf_thread_status, list);
2080 for (i = 0; i < tmp->num_notes; i++)
2081 if (!writenote(&tmp->notes[i], cprm))
2088 static void free_note_info(struct elf_note_info *info)
2090 while (!list_empty(&info->thread_list)) {
2091 struct list_head *tmp = info->thread_list.next;
2093 kfree(list_entry(tmp, struct elf_thread_status, list));
2096 /* Free data possibly allocated by fill_files_note(): */
2097 if (info->notes_files)
2098 vfree(info->notes_files->data);
2100 kfree(info->prstatus);
2101 kfree(info->psinfo);
2104 #ifdef ELF_CORE_COPY_XFPREGS
2111 static struct vm_area_struct *first_vma(struct task_struct *tsk,
2112 struct vm_area_struct *gate_vma)
2114 struct vm_area_struct *ret = tsk->mm->mmap;
2121 * Helper function for iterating across a vma list. It ensures that the caller
2122 * will visit `gate_vma' prior to terminating the search.
2124 static struct vm_area_struct *next_vma(struct vm_area_struct *this_vma,
2125 struct vm_area_struct *gate_vma)
2127 struct vm_area_struct *ret;
2129 ret = this_vma->vm_next;
2132 if (this_vma == gate_vma)
2137 static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
2138 elf_addr_t e_shoff, int segs)
2140 elf->e_shoff = e_shoff;
2141 elf->e_shentsize = sizeof(*shdr4extnum);
2143 elf->e_shstrndx = SHN_UNDEF;
2145 memset(shdr4extnum, 0, sizeof(*shdr4extnum));
2147 shdr4extnum->sh_type = SHT_NULL;
2148 shdr4extnum->sh_size = elf->e_shnum;
2149 shdr4extnum->sh_link = elf->e_shstrndx;
2150 shdr4extnum->sh_info = segs;
2156 * This is a two-pass process; first we find the offsets of the bits,
2157 * and then they are actually written out. If we run out of core limit
2160 static int elf_core_dump(struct coredump_params *cprm)
2165 size_t vma_data_size = 0;
2166 struct vm_area_struct *vma, *gate_vma;
2167 struct elfhdr *elf = NULL;
2168 loff_t offset = 0, dataoff;
2169 struct elf_note_info info = { };
2170 struct elf_phdr *phdr4note = NULL;
2171 struct elf_shdr *shdr4extnum = NULL;
2174 elf_addr_t *vma_filesz = NULL;
2177 * We no longer stop all VM operations.
2179 * This is because those proceses that could possibly change map_count
2180 * or the mmap / vma pages are now blocked in do_exit on current
2181 * finishing this core dump.
2183 * Only ptrace can touch these memory addresses, but it doesn't change
2184 * the map_count or the pages allocated. So no possibility of crashing
2185 * exists while dumping the mm->vm_next areas to the core file.
2188 /* alloc memory for large data structures: too large to be on stack */
2189 elf = kmalloc(sizeof(*elf), GFP_KERNEL);
2193 * The number of segs are recored into ELF header as 16bit value.
2194 * Please check DEFAULT_MAX_MAP_COUNT definition when you modify here.
2196 segs = current->mm->map_count;
2197 segs += elf_core_extra_phdrs();
2199 gate_vma = get_gate_vma(current->mm);
2200 if (gate_vma != NULL)
2203 /* for notes section */
2206 /* If segs > PN_XNUM(0xffff), then e_phnum overflows. To avoid
2207 * this, kernel supports extended numbering. Have a look at
2208 * include/linux/elf.h for further information. */
2209 e_phnum = segs > PN_XNUM ? PN_XNUM : segs;
2212 * Collect all the non-memory information about the process for the
2213 * notes. This also sets up the file header.
2215 if (!fill_note_info(elf, e_phnum, &info, cprm->siginfo, cprm->regs))
2223 offset += sizeof(*elf); /* Elf header */
2224 offset += segs * sizeof(struct elf_phdr); /* Program headers */
2226 /* Write notes phdr entry */
2228 size_t sz = get_note_info_size(&info);
2230 sz += elf_coredump_extra_notes_size();
2232 phdr4note = kmalloc(sizeof(*phdr4note), GFP_KERNEL);
2236 fill_elf_note_phdr(phdr4note, sz, offset);
2240 dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
2242 vma_filesz = kmalloc_array(segs - 1, sizeof(*vma_filesz), GFP_KERNEL);
2246 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
2247 vma = next_vma(vma, gate_vma)) {
2248 unsigned long dump_size;
2250 dump_size = vma_dump_size(vma, cprm->mm_flags);
2251 vma_filesz[i++] = dump_size;
2252 vma_data_size += dump_size;
2255 offset += vma_data_size;
2256 offset += elf_core_extra_data_size();
2259 if (e_phnum == PN_XNUM) {
2260 shdr4extnum = kmalloc(sizeof(*shdr4extnum), GFP_KERNEL);
2263 fill_extnum_info(elf, shdr4extnum, e_shoff, segs);
2268 if (!dump_emit(cprm, elf, sizeof(*elf)))
2271 if (!dump_emit(cprm, phdr4note, sizeof(*phdr4note)))
2274 /* Write program headers for segments dump */
2275 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
2276 vma = next_vma(vma, gate_vma)) {
2277 struct elf_phdr phdr;
2279 phdr.p_type = PT_LOAD;
2280 phdr.p_offset = offset;
2281 phdr.p_vaddr = vma->vm_start;
2283 phdr.p_filesz = vma_filesz[i++];
2284 phdr.p_memsz = vma->vm_end - vma->vm_start;
2285 offset += phdr.p_filesz;
2286 phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
2287 if (vma->vm_flags & VM_WRITE)
2288 phdr.p_flags |= PF_W;
2289 if (vma->vm_flags & VM_EXEC)
2290 phdr.p_flags |= PF_X;
2291 phdr.p_align = ELF_EXEC_PAGESIZE;
2293 if (!dump_emit(cprm, &phdr, sizeof(phdr)))
2297 if (!elf_core_write_extra_phdrs(cprm, offset))
2300 /* write out the notes section */
2301 if (!write_note_info(&info, cprm))
2304 if (elf_coredump_extra_notes_write(cprm))
2308 if (!dump_skip(cprm, dataoff - cprm->written))
2311 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
2312 vma = next_vma(vma, gate_vma)) {
2316 end = vma->vm_start + vma_filesz[i++];
2318 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
2322 page = get_dump_page(addr);
2324 void *kaddr = kmap(page);
2325 stop = !dump_emit(cprm, kaddr, PAGE_SIZE);
2327 page_cache_release(page);
2329 stop = !dump_skip(cprm, PAGE_SIZE);
2334 dump_truncate(cprm);
2336 if (!elf_core_write_extra_data(cprm))
2339 if (e_phnum == PN_XNUM) {
2340 if (!dump_emit(cprm, shdr4extnum, sizeof(*shdr4extnum)))
2348 free_note_info(&info);
2357 #endif /* CONFIG_ELF_CORE */
2359 static int __init init_elf_binfmt(void)
2361 register_binfmt(&elf_format);
2365 static void __exit exit_elf_binfmt(void)
2367 /* Remove the COFF and ELF loaders. */
2368 unregister_binfmt(&elf_format);
2371 core_initcall(init_elf_binfmt);
2372 module_exit(exit_elf_binfmt);
2373 MODULE_LICENSE("GPL");
OSDN Git Service
