]> Git Repo - linux.git/blame - fs/binfmt_elf.c
projects / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
fs/binfmt_elf: use PT_LOAD p_align values for suitable start address
[linux.git] / fs / binfmt_elf.c
CommitLineData
09c434b8 1// SPDX-License-Identifier: GPL-2.0-only
1da177e4
LT		 2/*
3 * linux/fs/binfmt_elf.c
4 *
5 * These are the functions used to load ELF format executables as used
6 * on SVr4 machines. Information on the format may be found in the book
7 * "UNIX SYSTEM V RELEASE 4 Programmers Guide: Ansi C and Programming Support
8 * Tools".
9 *
10 * Copyright 1993, 1994: Eric Youngdale ([email protected]).
11 */
12
13#include <linux/module.h>
14#include <linux/kernel.h>
15#include <linux/fs.h>
ce81bb25 16#include <linux/log2.h>
1da177e4
LT		 17#include <linux/mm.h>
18#include <linux/mman.h>
1da177e4
LT		 19#include <linux/errno.h>
20#include <linux/signal.h>
21#include <linux/binfmts.h>
22#include <linux/string.h>
23#include <linux/file.h>
1da177e4 24#include <linux/slab.h>
1da177e4
LT		 25#include <linux/personality.h>
26#include <linux/elfcore.h>
27#include <linux/init.h>
28#include <linux/highuid.h>
1da177e4
LT		 29#include <linux/compiler.h>
30#include <linux/highmem.h>
03911132 31#include <linux/hugetlb.h>
1da177e4 32#include <linux/pagemap.h>
2aa362c4 33#include <linux/vmalloc.h>
1da177e4 34#include <linux/security.h>
1da177e4 35#include <linux/random.h>
f4e5cc2c 36#include <linux/elf.h>
d1fd836d 37#include <linux/elf-randomize.h>
7e80d0d0 38#include <linux/utsname.h>
088e7af7 39#include <linux/coredump.h>
6fac4829 40#include <linux/sched.h>
f7ccbae4 41#include <linux/sched/coredump.h>
68db0cf1 42#include <linux/sched/task_stack.h>
32ef5517 43#include <linux/sched/cputime.h>
00e19cee
DM		 44#include <linux/sizes.h>
45#include <linux/types.h>
5b825c3a 46#include <linux/cred.h>
5037835c 47#include <linux/dax.h>
7c0f6ba6 48#include <linux/uaccess.h>
1da177e4
LT		 49#include <asm/param.h>
50#include <asm/page.h>
51
00e19cee
DM		 52#ifndef ELF_COMPAT
53#define ELF_COMPAT 0
54#endif
55
2aa362c4
DV		 56#ifndef user_long_t
57#define user_long_t long
58#endif
49ae4d4b
DV		 59#ifndef user_siginfo_t
60#define user_siginfo_t siginfo_t
61#endif
62
4755200b
NP		 63/* That's for binfmt_elf_fdpic to deal with */
64#ifndef elf_check_fdpic
65#define elf_check_fdpic(ex) false
66#endif
67
71613c3b 68static int load_elf_binary(struct linux_binprm *bprm);
1da177e4 69
69369a70
JT		 70#ifdef CONFIG_USELIB
71static int load_elf_library(struct file *);
72#else
73#define load_elf_library NULL
74#endif
75
1da177e4
LT		 76/*
77 * If we don't support core dumping, then supply a NULL so we
78 * don't even try.
79 */
698ba7b5 80#ifdef CONFIG_ELF_CORE
f6151dfe 81static int elf_core_dump(struct coredump_params *cprm);
1da177e4
LT		 82#else
83#define elf_core_dump NULL
84#endif
85
86#if ELF_EXEC_PAGESIZE > PAGE_SIZE
f4e5cc2c 87#define ELF_MIN_ALIGN ELF_EXEC_PAGESIZE
1da177e4 88#else
f4e5cc2c 89#define ELF_MIN_ALIGN PAGE_SIZE
1da177e4
LT		 90#endif
91
92#ifndef ELF_CORE_EFLAGS
93#define ELF_CORE_EFLAGS 0
94#endif
95
96#define ELF_PAGESTART(_v) ((_v) & ~(unsigned long)(ELF_MIN_ALIGN-1))
97#define ELF_PAGEOFFSET(_v) ((_v) & (ELF_MIN_ALIGN-1))
98#define ELF_PAGEALIGN(_v) (((_v) + ELF_MIN_ALIGN - 1) & ~(ELF_MIN_ALIGN - 1))
99
100static struct linux_binfmt elf_format = {
f670d0ec
MP		 101 .module = THIS_MODULE,
102 .load_binary = load_elf_binary,
103 .load_shlib = load_elf_library,
104 .core_dump = elf_core_dump,
105 .min_coredump = ELF_EXEC_PAGESIZE,
1da177e4
LT		 106};
107
18676ffc 108#define BAD_ADDR(x) (unlikely((unsigned long)(x) >= TASK_SIZE))
1da177e4 109
16e72e9b 110static int set_brk(unsigned long start, unsigned long end, int prot)
1da177e4
LT		 111{
112 start = ELF_PAGEALIGN(start);
113 end = ELF_PAGEALIGN(end);
114 if (end > start) {
16e72e9b
DV		 115 /*
116 * Map the last of the bss segment.
117 * If the header is requesting these pages to be
118 * executable, honour that (ppc32 needs this).
119 */
120 int error = vm_brk_flags(start, end - start,
121 prot & PROT_EXEC ? VM_EXEC : 0);
5d22fc25
LT		 122 if (error)
123 return error;
1da177e4
LT		 124 }
125 current->mm->start_brk = current->mm->brk = end;
126 return 0;
127}
128
1da177e4
LT		 129/* We need to explicitly zero any fractional pages
130 after the data section (i.e. bss). This would
131 contain the junk from the file that should not
f4e5cc2c
JJ		 132 be in memory
133 */
1da177e4
LT		 134static int padzero(unsigned long elf_bss)
135{
136 unsigned long nbyte;
137
138 nbyte = ELF_PAGEOFFSET(elf_bss);
139 if (nbyte) {
140 nbyte = ELF_MIN_ALIGN - nbyte;
141 if (clear_user((void __user *) elf_bss, nbyte))
142 return -EFAULT;
143 }
144 return 0;
145}
146
09c6dd3c 147/* Let's use some macros to make this stack manipulation a little clearer */
1da177e4
LT		 148#ifdef CONFIG_STACK_GROWSUP
149#define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) + (items))
150#define STACK_ROUND(sp, items) \
151 ((15 + (unsigned long) ((sp) + (items))) &~ 15UL)
f4e5cc2c
JJ		 152#define STACK_ALLOC(sp, len) ({ \
153 elf_addr_t __user *old_sp = (elf_addr_t __user *)sp; sp += len; \
154 old_sp; })
1da177e4
LT		 155#else
156#define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) - (items))
157#define STACK_ROUND(sp, items) \
158 (((unsigned long) (sp - items)) &~ 15UL)
159#define STACK_ALLOC(sp, len) ({ sp -= len ; sp; })
160#endif
161
483fad1c
NL		 162#ifndef ELF_BASE_PLATFORM
163/*
164 * AT_BASE_PLATFORM indicates the "real" hardware/microarchitecture.
165 * If the arch defines ELF_BASE_PLATFORM (in asm/elf.h), the value
166 * will be copied to the user stack in the same manner as AT_PLATFORM.
167 */
168#define ELF_BASE_PLATFORM NULL
169#endif
170
1da177e4 171static int
a62c5b1b
AD		 172create_elf_tables(struct linux_binprm *bprm, const struct elfhdr *exec,
173 unsigned long load_addr, unsigned long interp_load_addr,
174 unsigned long e_entry)
1da177e4 175{
03c6d723 176 struct mm_struct *mm = current->mm;
1da177e4
LT		 177 unsigned long p = bprm->p;
178 int argc = bprm->argc;
179 int envc = bprm->envc;
1da177e4
LT		 180 elf_addr_t __user *sp;
181 elf_addr_t __user *u_platform;
483fad1c 182 elf_addr_t __user *u_base_platform;
f06295b4 183 elf_addr_t __user *u_rand_bytes;
1da177e4 184 const char *k_platform = ELF_PLATFORM;
483fad1c 185 const char *k_base_platform = ELF_BASE_PLATFORM;
f06295b4 186 unsigned char k_rand_bytes[16];
1da177e4
LT		 187 int items;
188 elf_addr_t *elf_info;
1f83d806 189 int ei_index;
86a264ab 190 const struct cred *cred = current_cred();
b6a2fea3 191 struct vm_area_struct *vma;
1da177e4 192
d68c9d6a
FBH		 193 /*
194 * In some cases (e.g. Hyper-Threading), we want to avoid L1
195 * evictions by the processes running on the same package. One
196 * thing we can do is to shuffle the initial stack for them.
197 */
198
199 p = arch_align_stack(p);
200
1da177e4
LT		 201 /*
202 * If this architecture has a platform capability string, copy it
203 * to userspace. In some cases (Sparc), this info is impossible
204 * for userspace to get any other way, in others (i386) it is
205 * merely difficult.
206 */
1da177e4
LT		 207 u_platform = NULL;
208 if (k_platform) {
209 size_t len = strlen(k_platform) + 1;
210
1da177e4 211 u_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
646e84de 212 if (copy_to_user(u_platform, k_platform, len))
1da177e4
LT		 213 return -EFAULT;
214 }
215
483fad1c
NL		 216 /*
217 * If this architecture has a "base" platform capability
218 * string, copy it to userspace.
219 */
220 u_base_platform = NULL;
221 if (k_base_platform) {
222 size_t len = strlen(k_base_platform) + 1;
223
224 u_base_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
646e84de 225 if (copy_to_user(u_base_platform, k_base_platform, len))
483fad1c
NL		 226 return -EFAULT;
227 }
228
f06295b4
KC		 229 /*
230 * Generate 16 random bytes for userspace PRNG seeding.
231 */
232 get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes));
233 u_rand_bytes = (elf_addr_t __user *)
234 STACK_ALLOC(p, sizeof(k_rand_bytes));
646e84de 235 if (copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes)))
f06295b4
KC		 236 return -EFAULT;
237
1da177e4 238 /* Create the ELF interpreter info */
03c6d723 239 elf_info = (elf_addr_t *)mm->saved_auxv;
4f9a58d7 240 /* update AT_VECTOR_SIZE_BASE if the number of NEW_AUX_ENT() changes */
1da177e4 241#define NEW_AUX_ENT(id, val) \
f4e5cc2c 242 do { \
1f83d806
AD		 243 *elf_info++ = id; \
244 *elf_info++ = val; \
f4e5cc2c 245 } while (0)
1da177e4
LT		 246
247#ifdef ARCH_DLINFO
248 /*
249 * ARCH_DLINFO must come first so PPC can do its special alignment of
250 * AUXV.
4f9a58d7
OH		 251 * update AT_VECTOR_SIZE_ARCH if the number of NEW_AUX_ENT() in
252 * ARCH_DLINFO changes
1da177e4
LT		 253 */
254 ARCH_DLINFO;
255#endif
256 NEW_AUX_ENT(AT_HWCAP, ELF_HWCAP);
257 NEW_AUX_ENT(AT_PAGESZ, ELF_EXEC_PAGESIZE);
258 NEW_AUX_ENT(AT_CLKTCK, CLOCKS_PER_SEC);
259 NEW_AUX_ENT(AT_PHDR, load_addr + exec->e_phoff);
f4e5cc2c 260 NEW_AUX_ENT(AT_PHENT, sizeof(struct elf_phdr));
1da177e4
LT		 261 NEW_AUX_ENT(AT_PHNUM, exec->e_phnum);
262 NEW_AUX_ENT(AT_BASE, interp_load_addr);
263 NEW_AUX_ENT(AT_FLAGS, 0);
a62c5b1b 264 NEW_AUX_ENT(AT_ENTRY, e_entry);
ebc887b2
EB		 265 NEW_AUX_ENT(AT_UID, from_kuid_munged(cred->user_ns, cred->uid));
266 NEW_AUX_ENT(AT_EUID, from_kuid_munged(cred->user_ns, cred->euid));
267 NEW_AUX_ENT(AT_GID, from_kgid_munged(cred->user_ns, cred->gid));
268 NEW_AUX_ENT(AT_EGID, from_kgid_munged(cred->user_ns, cred->egid));
c425e189 269 NEW_AUX_ENT(AT_SECURE, bprm->secureexec);
f06295b4 270 NEW_AUX_ENT(AT_RANDOM, (elf_addr_t)(unsigned long)u_rand_bytes);
2171364d
MN		 271#ifdef ELF_HWCAP2
272 NEW_AUX_ENT(AT_HWCAP2, ELF_HWCAP2);
273#endif
65191087 274 NEW_AUX_ENT(AT_EXECFN, bprm->exec);
1da177e4 275 if (k_platform) {
f4e5cc2c 276 NEW_AUX_ENT(AT_PLATFORM,
785d5570 277 (elf_addr_t)(unsigned long)u_platform);
1da177e4 278 }
483fad1c
NL		 279 if (k_base_platform) {
280 NEW_AUX_ENT(AT_BASE_PLATFORM,
281 (elf_addr_t)(unsigned long)u_base_platform);
282 }
b8a61c9e
EB		 283 if (bprm->have_execfd) {
284 NEW_AUX_ENT(AT_EXECFD, bprm->execfd);
1da177e4
LT		 285 }
286#undef NEW_AUX_ENT
287 /* AT_NULL is zero; clear the rest too */
03c6d723
AD		 288 memset(elf_info, 0, (char *)mm->saved_auxv +
289 sizeof(mm->saved_auxv) - (char *)elf_info);
1da177e4
LT		 290
291 /* And advance past the AT_NULL entry. */
1f83d806 292 elf_info += 2;
1da177e4 293
03c6d723 294 ei_index = elf_info - (elf_addr_t *)mm->saved_auxv;
1da177e4
LT		 295 sp = STACK_ADD(p, ei_index);
296
d20894a2 297 items = (argc + 1) + (envc + 1) + 1;
1da177e4
LT		 298 bprm->p = STACK_ROUND(sp, items);
299
300 /* Point sp at the lowest address on the stack */
301#ifdef CONFIG_STACK_GROWSUP
302 sp = (elf_addr_t __user *)bprm->p - items - ei_index;
f4e5cc2c 303 bprm->exec = (unsigned long)sp; /* XXX: PARISC HACK */
1da177e4
LT		 304#else
305 sp = (elf_addr_t __user *)bprm->p;
306#endif
307
b6a2fea3
OW		 308
309 /*
310 * Grow the stack manually; some architectures have a limit on how
311 * far ahead a user-space access may be in order to grow the stack.
312 */
03c6d723 313 vma = find_extend_vma(mm, bprm->p);
b6a2fea3
OW		 314 if (!vma)
315 return -EFAULT;
316
1da177e4 317 /* Now, let's put argc (and argv, envp if appropriate) on the stack */
646e84de 318 if (put_user(argc, sp++))
1da177e4 319 return -EFAULT;
1da177e4 320
67c6777a 321 /* Populate list of argv pointers back to argv strings. */
03c6d723 322 p = mm->arg_end = mm->arg_start;
1da177e4
LT		 323 while (argc-- > 0) {
324 size_t len;
646e84de 325 if (put_user((elf_addr_t)p, sp++))
841d5fb7 326 return -EFAULT;
b6a2fea3
OW		 327 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
328 if (!len || len > MAX_ARG_STRLEN)
23c4971e 329 return -EINVAL;
1da177e4
LT		 330 p += len;
331 }
646e84de 332 if (put_user(0, sp++))
1da177e4 333 return -EFAULT;
03c6d723 334 mm->arg_end = p;
67c6777a
KC		 335
336 /* Populate list of envp pointers back to envp strings. */
03c6d723 337 mm->env_end = mm->env_start = p;
1da177e4
LT		 338 while (envc-- > 0) {
339 size_t len;
646e84de 340 if (put_user((elf_addr_t)p, sp++))
841d5fb7 341 return -EFAULT;
b6a2fea3
OW		 342 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
343 if (!len || len > MAX_ARG_STRLEN)
23c4971e 344 return -EINVAL;
1da177e4
LT		 345 p += len;
346 }
646e84de 347 if (put_user(0, sp++))
1da177e4 348 return -EFAULT;
03c6d723 349 mm->env_end = p;
1da177e4
LT		 350
351 /* Put the elf_info on the stack in the right place. */
03c6d723 352 if (copy_to_user(sp, mm->saved_auxv, ei_index * sizeof(elf_addr_t)))
1da177e4
LT		 353 return -EFAULT;
354 return 0;
355}
356
1da177e4 357static unsigned long elf_map(struct file *filep, unsigned long addr,
49ac9819 358 const struct elf_phdr *eppnt, int prot, int type,
cc503c1b 359 unsigned long total_size)
1da177e4
LT		 360{
361 unsigned long map_addr;
cc503c1b
JK		 362 unsigned long size = eppnt->p_filesz + ELF_PAGEOFFSET(eppnt->p_vaddr);
363 unsigned long off = eppnt->p_offset - ELF_PAGEOFFSET(eppnt->p_vaddr);
364 addr = ELF_PAGESTART(addr);
365 size = ELF_PAGEALIGN(size);
1da177e4 366
dda6ebde
DG		 367 /* mmap() will return -EINVAL if given a zero size, but a
368 * segment with zero filesize is perfectly valid */
cc503c1b
JK		 369 if (!size)
370 return addr;
371
cc503c1b
JK		 372 /*
373 * total_size is the size of the ELF (interpreter) image.
374 * The _first_ mmap needs to know the full size, otherwise
375 * randomization might put this image into an overlapping
376 * position with the ELF binary image. (since size < total_size)
377 * So we first map the 'big' image - and unmap the remainder at
378 * the end. (which unmap is needed for ELF images with holes.)
379 */
380 if (total_size) {
381 total_size = ELF_PAGEALIGN(total_size);
5a5e4c2e 382 map_addr = vm_mmap(filep, addr, total_size, prot, type, off);
cc503c1b 383 if (!BAD_ADDR(map_addr))
5a5e4c2e 384 vm_munmap(map_addr+size, total_size-size);
cc503c1b 385 } else
5a5e4c2e 386 map_addr = vm_mmap(filep, addr, size, prot, type, off);
cc503c1b 387
d23a61ee
TH		 388 if ((type & MAP_FIXED_NOREPLACE) &&
389 PTR_ERR((void *)map_addr) == -EEXIST)
390 pr_info("%d (%s): Uhuuh, elf segment at %px requested but the memory is mapped already\n",
391 task_pid_nr(current), current->comm, (void *)addr);
4ed28639 392
1da177e4
LT		 393 return(map_addr);
394}
395
49ac9819 396static unsigned long total_mapping_size(const struct elf_phdr *cmds, int nr)
cc503c1b
JK		 397{
398 int i, first_idx = -1, last_idx = -1;
399
400 for (i = 0; i < nr; i++) {
401 if (cmds[i].p_type == PT_LOAD) {
402 last_idx = i;
403 if (first_idx == -1)
404 first_idx = i;
405 }
406 }
407 if (first_idx == -1)
408 return 0;
409
410 return cmds[last_idx].p_vaddr + cmds[last_idx].p_memsz -
411 ELF_PAGESTART(cmds[first_idx].p_vaddr);
412}
413
658c0335
AD		 414static int elf_read(struct file *file, void *buf, size_t len, loff_t pos)
415{
416 ssize_t rv;
417
418 rv = kernel_read(file, buf, len, &pos);
419 if (unlikely(rv != len)) {
420 return (rv < 0) ? rv : -EIO;
421 }
422 return 0;
423}
424
ce81bb25
CK		 425static unsigned long maximum_alignment(struct elf_phdr *cmds, int nr)
426{
427 unsigned long alignment = 0;
428 int i;
429
430 for (i = 0; i < nr; i++) {
431 if (cmds[i].p_type == PT_LOAD) {
432 unsigned long p_align = cmds[i].p_align;
433
434 /* skip non-power of two alignments as invalid */
435 if (!is_power_of_2(p_align))
436 continue;
437 alignment = max(alignment, p_align);
438 }
439 }
440
441 /* ensure we align to at least one page */
442 return ELF_PAGEALIGN(alignment);
443}
444
6a8d3894
PB		 445/**
446 * load_elf_phdrs() - load ELF program headers
447 * @elf_ex: ELF header of the binary whose program headers should be loaded
448 * @elf_file: the opened ELF binary file
449 *
450 * Loads ELF program headers from the binary file elf_file, which has the ELF
451 * header pointed to by elf_ex, into a newly allocated array. The caller is
452 * responsible for freeing the allocated data. Returns an ERR_PTR upon failure.
453 */
49ac9819 454static struct elf_phdr *load_elf_phdrs(const struct elfhdr *elf_ex,
6a8d3894
PB		 455 struct file *elf_file)
456{
457 struct elf_phdr *elf_phdata = NULL;
faf1c315 458 int retval, err = -1;
faf1c315 459 unsigned int size;
6a8d3894
PB		 460
461 /*
462 * If the size of this structure has changed, then punt, since
463 * we will be doing the wrong thing.
464 */
465 if (elf_ex->e_phentsize != sizeof(struct elf_phdr))
466 goto out;
467
468 /* Sanity check the number of program headers... */
6a8d3894
PB		 469 /* ...and their total size. */
470 size = sizeof(struct elf_phdr) * elf_ex->e_phnum;
faf1c315 471 if (size == 0 || size > 65536 || size > ELF_MIN_ALIGN)
6a8d3894
PB		 472 goto out;
473
474 elf_phdata = kmalloc(size, GFP_KERNEL);
475 if (!elf_phdata)
476 goto out;
477
478 /* Read in the program headers */
658c0335
AD		 479 retval = elf_read(elf_file, elf_phdata, size, elf_ex->e_phoff);
480 if (retval < 0) {
481 err = retval;
6a8d3894
PB		 482 goto out;
483 }
484
485 /* Success! */
486 err = 0;
487out:
488 if (err) {
489 kfree(elf_phdata);
490 elf_phdata = NULL;
491 }
492 return elf_phdata;
493}
cc503c1b 494
774c105e
PB		 495#ifndef CONFIG_ARCH_BINFMT_ELF_STATE
496
497/**
498 * struct arch_elf_state - arch-specific ELF loading state
499 *
500 * This structure is used to preserve architecture specific data during
501 * the loading of an ELF file, throughout the checking of architecture
502 * specific ELF headers & through to the point where the ELF load is
503 * known to be proceeding (ie. SET_PERSONALITY).
504 *
505 * This implementation is a dummy for architectures which require no
506 * specific state.
507 */
508struct arch_elf_state {
509};
510
511#define INIT_ARCH_ELF_STATE {}
512
513/**
514 * arch_elf_pt_proc() - check a PT_LOPROC..PT_HIPROC ELF program header
515 * @ehdr: The main ELF header
516 * @phdr: The program header to check
517 * @elf: The open ELF file
518 * @is_interp: True if the phdr is from the interpreter of the ELF being
519 * loaded, else false.
520 * @state: Architecture-specific state preserved throughout the process
521 * of loading the ELF.
522 *
523 * Inspects the program header phdr to validate its correctness and/or
524 * suitability for the system. Called once per ELF program header in the
525 * range PT_LOPROC to PT_HIPROC, for both the ELF being loaded and its
526 * interpreter.
527 *
528 * Return: Zero to proceed with the ELF load, non-zero to fail the ELF load
529 * with that return code.
530 */
531static inline int arch_elf_pt_proc(struct elfhdr *ehdr,
532 struct elf_phdr *phdr,
533 struct file *elf, bool is_interp,
534 struct arch_elf_state *state)
535{
536 /* Dummy implementation, always proceed */
537 return 0;
538}
539
540/**
54d15714 541 * arch_check_elf() - check an ELF executable
774c105e
PB		 542 * @ehdr: The main ELF header
543 * @has_interp: True if the ELF has an interpreter, else false.
eb4bc076 544 * @interp_ehdr: The interpreter's ELF header
774c105e
PB		 545 * @state: Architecture-specific state preserved throughout the process
546 * of loading the ELF.
547 *
548 * Provides a final opportunity for architecture code to reject the loading
549 * of the ELF & cause an exec syscall to return an error. This is called after
550 * all program headers to be checked by arch_elf_pt_proc have been.
551 *
552 * Return: Zero to proceed with the ELF load, non-zero to fail the ELF load
553 * with that return code.
554 */
555static inline int arch_check_elf(struct elfhdr *ehdr, bool has_interp,
eb4bc076 556 struct elfhdr *interp_ehdr,
774c105e
PB		 557 struct arch_elf_state *state)
558{
559 /* Dummy implementation, always proceed */
560 return 0;
561}
562
563#endif /* !CONFIG_ARCH_BINFMT_ELF_STATE */
cc503c1b 564
fe0f6766
DM		 565static inline int make_prot(u32 p_flags, struct arch_elf_state *arch_state,
566 bool has_interp, bool is_interp)
d8e7cb39
AD		 567{
568 int prot = 0;
569
570 if (p_flags & PF_R)
571 prot |= PROT_READ;
572 if (p_flags & PF_W)
573 prot |= PROT_WRITE;
574 if (p_flags & PF_X)
575 prot |= PROT_EXEC;
fe0f6766
DM		 576
577 return arch_elf_adjust_prot(prot, arch_state, has_interp, is_interp);
d8e7cb39
AD		 578}
579
1da177e4
LT		 580/* This is much more generalized than the library routine read function,
581 so we keep this separate. Technically the library read function
582 is only provided so that we can read a.out libraries that have
583 an ELF header */
584
f4e5cc2c 585static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
81696d5d 586 struct file *interpreter,
fe0f6766
DM		 587 unsigned long no_base, struct elf_phdr *interp_elf_phdata,
588 struct arch_elf_state *arch_state)
1da177e4 589{
1da177e4
LT		 590 struct elf_phdr *eppnt;
591 unsigned long load_addr = 0;
592 int load_addr_set = 0;
593 unsigned long last_bss = 0, elf_bss = 0;
16e72e9b 594 int bss_prot = 0;
1da177e4 595 unsigned long error = ~0UL;
cc503c1b 596 unsigned long total_size;
6a8d3894 597 int i;
1da177e4
LT		 598
599 /* First of all, some simple consistency checks */
600 if (interp_elf_ex->e_type != ET_EXEC &&
601 interp_elf_ex->e_type != ET_DYN)
602 goto out;
4755200b
NP		 603 if (!elf_check_arch(interp_elf_ex) ||
604 elf_check_fdpic(interp_elf_ex))
1da177e4 605 goto out;
72c2d531 606 if (!interpreter->f_op->mmap)
1da177e4
LT		 607 goto out;
608
a9d9ef13
PB		 609 total_size = total_mapping_size(interp_elf_phdata,
610 interp_elf_ex->e_phnum);
cc503c1b
JK		 611 if (!total_size) {
612 error = -EINVAL;
a9d9ef13 613 goto out;
cc503c1b
JK		 614 }
615
a9d9ef13 616 eppnt = interp_elf_phdata;
f4e5cc2c
JJ		 617 for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) {
618 if (eppnt->p_type == PT_LOAD) {
619 int elf_type = MAP_PRIVATE | MAP_DENYWRITE;
fe0f6766
DM		 620 int elf_prot = make_prot(eppnt->p_flags, arch_state,
621 true, true);
f4e5cc2c
JJ		 622 unsigned long vaddr = 0;
623 unsigned long k, map_addr;
624
f4e5cc2c
JJ		 625 vaddr = eppnt->p_vaddr;
626 if (interp_elf_ex->e_type == ET_EXEC || load_addr_set)
4ed28639 627 elf_type |= MAP_FIXED_NOREPLACE;
cc503c1b
JK		 628 else if (no_base && interp_elf_ex->e_type == ET_DYN)
629 load_addr = -vaddr;
f4e5cc2c
JJ		 630
631 map_addr = elf_map(interpreter, load_addr + vaddr,
bb1ad820 632 eppnt, elf_prot, elf_type, total_size);
cc503c1b 633 total_size = 0;
f4e5cc2c
JJ		 634 error = map_addr;
635 if (BAD_ADDR(map_addr))
a9d9ef13 636 goto out;
f4e5cc2c
JJ		 637
638 if (!load_addr_set &&
639 interp_elf_ex->e_type == ET_DYN) {
640 load_addr = map_addr - ELF_PAGESTART(vaddr);
641 load_addr_set = 1;
642 }
643
644 /*
645 * Check to see if the section's size will overflow the
646 * allowed task size. Note that p_filesz must always be
647 * <= p_memsize so it's only necessary to check p_memsz.
648 */
649 k = load_addr + eppnt->p_vaddr;
ce51059b 650 if (BAD_ADDR(k) ||
f4e5cc2c
JJ		 651 eppnt->p_filesz > eppnt->p_memsz ||
652 eppnt->p_memsz > TASK_SIZE ||
653 TASK_SIZE - eppnt->p_memsz < k) {
654 error = -ENOMEM;
a9d9ef13 655 goto out;
f4e5cc2c
JJ		 656 }
657
658 /*
659 * Find the end of the file mapping for this phdr, and
660 * keep track of the largest address we see for this.
661 */
662 k = load_addr + eppnt->p_vaddr + eppnt->p_filesz;
663 if (k > elf_bss)
664 elf_bss = k;
665
666 /*
667 * Do the same thing for the memory mapping - between
668 * elf_bss and last_bss is the bss section.
669 */
0036d1f7 670 k = load_addr + eppnt->p_vaddr + eppnt->p_memsz;
16e72e9b 671 if (k > last_bss) {
f4e5cc2c 672 last_bss = k;
16e72e9b
DV		 673 bss_prot = elf_prot;
674 }
f4e5cc2c 675 }
1da177e4
LT		 676 }
677
0036d1f7
KC		 678 /*
679 * Now fill out the bss section: first pad the last page from
680 * the file up to the page boundary, and zero it from elf_bss
681 * up to the end of the page.
682 */
683 if (padzero(elf_bss)) {
684 error = -EFAULT;
685 goto out;
686 }
687 /*
688 * Next, align both the file and mem bss up to the page size,
689 * since this is where elf_bss was just zeroed up to, and where
16e72e9b 690 * last_bss will end after the vm_brk_flags() below.
0036d1f7
KC		 691 */
692 elf_bss = ELF_PAGEALIGN(elf_bss);
693 last_bss = ELF_PAGEALIGN(last_bss);
694 /* Finally, if there is still more bss to allocate, do it. */
752015d1 695 if (last_bss > elf_bss) {
16e72e9b
DV		 696 error = vm_brk_flags(elf_bss, last_bss - elf_bss,
697 bss_prot & PROT_EXEC ? VM_EXEC : 0);
5d22fc25 698 if (error)
a9d9ef13 699 goto out;
1da177e4
LT		 700 }
701
cc503c1b 702 error = load_addr;
1da177e4
LT		 703out:
704 return error;
705}
706
1da177e4
LT		 707/*
708 * These are the functions used to load ELF style executables and shared
709 * libraries. There is no binary dependent code anywhere else.
710 */
711
00e19cee
DM		 712static int parse_elf_property(const char *data, size_t *off, size_t datasz,
713 struct arch_elf_state *arch,
714 bool have_prev_type, u32 *prev_type)
715{
716 size_t o, step;
717 const struct gnu_property *pr;
718 int ret;
719
720 if (*off == datasz)
721 return -ENOENT;
722
723 if (WARN_ON_ONCE(*off > datasz || *off % ELF_GNU_PROPERTY_ALIGN))
724 return -EIO;
725 o = *off;
726 datasz -= *off;
727
728 if (datasz < sizeof(*pr))
729 return -ENOEXEC;
730 pr = (const struct gnu_property *)(data + o);
731 o += sizeof(*pr);
732 datasz -= sizeof(*pr);
733
734 if (pr->pr_datasz > datasz)
735 return -ENOEXEC;
736
737 WARN_ON_ONCE(o % ELF_GNU_PROPERTY_ALIGN);
738 step = round_up(pr->pr_datasz, ELF_GNU_PROPERTY_ALIGN);
739 if (step > datasz)
740 return -ENOEXEC;
741
742 /* Properties are supposed to be unique and sorted on pr_type: */
743 if (have_prev_type && pr->pr_type <= *prev_type)
744 return -ENOEXEC;
745 *prev_type = pr->pr_type;
746
747 ret = arch_parse_elf_property(pr->pr_type, data + o,
748 pr->pr_datasz, ELF_COMPAT, arch);
749 if (ret)
750 return ret;
751
752 *off = o + step;
753 return 0;
754}
755
756#define NOTE_DATA_SZ SZ_1K
757#define GNU_PROPERTY_TYPE_0_NAME "GNU"
758#define NOTE_NAME_SZ (sizeof(GNU_PROPERTY_TYPE_0_NAME))
759
760static int parse_elf_properties(struct file *f, const struct elf_phdr *phdr,
761 struct arch_elf_state *arch)
762{
763 union {
764 struct elf_note nhdr;
765 char data[NOTE_DATA_SZ];
766 } note;
767 loff_t pos;
768 ssize_t n;
769 size_t off, datasz;
770 int ret;
771 bool have_prev_type;
772 u32 prev_type;
773
774 if (!IS_ENABLED(CONFIG_ARCH_USE_GNU_PROPERTY) || !phdr)
775 return 0;
776
777 /* load_elf_binary() shouldn't call us unless this is true... */
778 if (WARN_ON_ONCE(phdr->p_type != PT_GNU_PROPERTY))
779 return -ENOEXEC;
780
781 /* If the properties are crazy large, that's too bad (for now): */
782 if (phdr->p_filesz > sizeof(note))
783 return -ENOEXEC;
784
785 pos = phdr->p_offset;
786 n = kernel_read(f, &note, phdr->p_filesz, &pos);
787
788 BUILD_BUG_ON(sizeof(note) < sizeof(note.nhdr) + NOTE_NAME_SZ);
789 if (n < 0 || n < sizeof(note.nhdr) + NOTE_NAME_SZ)
790 return -EIO;
791
792 if (note.nhdr.n_type != NT_GNU_PROPERTY_TYPE_0 ||
793 note.nhdr.n_namesz != NOTE_NAME_SZ ||
794 strncmp(note.data + sizeof(note.nhdr),
795 GNU_PROPERTY_TYPE_0_NAME, n - sizeof(note.nhdr)))
796 return -ENOEXEC;
797
798 off = round_up(sizeof(note.nhdr) + NOTE_NAME_SZ,
799 ELF_GNU_PROPERTY_ALIGN);
800 if (off > n)
801 return -ENOEXEC;
802
803 if (note.nhdr.n_descsz > n - off)
804 return -ENOEXEC;
805 datasz = off + note.nhdr.n_descsz;
806
807 have_prev_type = false;
808 do {
809 ret = parse_elf_property(note.data, &off, datasz, arch,
810 have_prev_type, &prev_type);
811 have_prev_type = true;
812 } while (!ret);
813
814 return ret == -ENOENT ? 0 : ret;
815}
816
71613c3b 817static int load_elf_binary(struct linux_binprm *bprm)
1da177e4
LT		 818{
819 struct file *interpreter = NULL; /* to shut gcc up */
820 unsigned long load_addr = 0, load_bias = 0;
821 int load_addr_set = 0;
1da177e4 822 unsigned long error;
a9d9ef13 823 struct elf_phdr *elf_ppnt, *elf_phdata, *interp_elf_phdata = NULL;
00e19cee 824 struct elf_phdr *elf_property_phdata = NULL;
1da177e4 825 unsigned long elf_bss, elf_brk;
16e72e9b 826 int bss_prot = 0;
1da177e4 827 int retval, i;
cc503c1b 828 unsigned long elf_entry;
a62c5b1b 829 unsigned long e_entry;
cc503c1b 830 unsigned long interp_load_addr = 0;
1da177e4 831 unsigned long start_code, end_code, start_data, end_data;
1a530a6f 832 unsigned long reloc_func_desc __maybe_unused = 0;
8de61e69 833 int executable_stack = EXSTACK_DEFAULT;
a62c5b1b 834 struct elfhdr *elf_ex = (struct elfhdr *)bprm->buf;
0693ffeb 835 struct elfhdr *interp_elf_ex = NULL;
774c105e 836 struct arch_elf_state arch_state = INIT_ARCH_ELF_STATE;
03c6d723 837 struct mm_struct *mm;
249b08e4 838 struct pt_regs *regs;
1da177e4 839
1da177e4
LT		 840 retval = -ENOEXEC;
841 /* First of all, some simple consistency checks */
a62c5b1b 842 if (memcmp(elf_ex->e_ident, ELFMAG, SELFMAG) != 0)
1da177e4
LT		 843 goto out;
844
a62c5b1b 845 if (elf_ex->e_type != ET_EXEC && elf_ex->e_type != ET_DYN)
1da177e4 846 goto out;
a62c5b1b 847 if (!elf_check_arch(elf_ex))
1da177e4 848 goto out;
a62c5b1b 849 if (elf_check_fdpic(elf_ex))
4755200b 850 goto out;
72c2d531 851 if (!bprm->file->f_op->mmap)
1da177e4
LT		 852 goto out;
853
a62c5b1b 854 elf_phdata = load_elf_phdrs(elf_ex, bprm->file);
1da177e4
LT		 855 if (!elf_phdata)
856 goto out;
857
1da177e4 858 elf_ppnt = elf_phdata;
a62c5b1b 859 for (i = 0; i < elf_ex->e_phnum; i++, elf_ppnt++) {
be0deb58 860 char *elf_interpreter;
1da177e4 861
00e19cee
DM		 862 if (elf_ppnt->p_type == PT_GNU_PROPERTY) {
863 elf_property_phdata = elf_ppnt;
864 continue;
865 }
866
be0deb58
AD		 867 if (elf_ppnt->p_type != PT_INTERP)
868 continue;
1fb84496 869
be0deb58
AD		 870 /*
871 * This is the program interpreter used for shared libraries -
872 * for now assume that this is an a.out format binary.
873 */
874 retval = -ENOEXEC;
875 if (elf_ppnt->p_filesz > PATH_MAX || elf_ppnt->p_filesz < 2)
876 goto out_free_ph;
1da177e4 877
be0deb58
AD		 878 retval = -ENOMEM;
879 elf_interpreter = kmalloc(elf_ppnt->p_filesz, GFP_KERNEL);
880 if (!elf_interpreter)
881 goto out_free_ph;
cc338010 882
658c0335
AD		 883 retval = elf_read(bprm->file, elf_interpreter, elf_ppnt->p_filesz,
884 elf_ppnt->p_offset);
885 if (retval < 0)
be0deb58 886 goto out_free_interp;
be0deb58
AD		 887 /* make sure path is NULL terminated */
888 retval = -ENOEXEC;
889 if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0')
890 goto out_free_interp;
891
892 interpreter = open_exec(elf_interpreter);
893 kfree(elf_interpreter);
894 retval = PTR_ERR(interpreter);
895 if (IS_ERR(interpreter))
cc338010 896 goto out_free_ph;
be0deb58
AD		 897
898 /*
899 * If the binary is not readable then enforce mm->dumpable = 0
900 * regardless of the interpreter's permissions.
901 */
902 would_dump(bprm, interpreter);
903
0693ffeb
AD		 904 interp_elf_ex = kmalloc(sizeof(*interp_elf_ex), GFP_KERNEL);
905 if (!interp_elf_ex) {
906 retval = -ENOMEM;
907 goto out_free_ph;
908 }
909
be0deb58 910 /* Get the exec headers */
c69bcc93
AD		 911 retval = elf_read(interpreter, interp_elf_ex,
912 sizeof(*interp_elf_ex), 0);
658c0335 913 if (retval < 0)
be0deb58 914 goto out_free_dentry;
be0deb58
AD		 915
916 break;
917
918out_free_interp:
919 kfree(elf_interpreter);
920 goto out_free_ph;
1da177e4
LT		 921 }
922
923 elf_ppnt = elf_phdata;
a62c5b1b 924 for (i = 0; i < elf_ex->e_phnum; i++, elf_ppnt++)
774c105e
PB		 925 switch (elf_ppnt->p_type) {
926 case PT_GNU_STACK:
1da177e4
LT		 927 if (elf_ppnt->p_flags & PF_X)
928 executable_stack = EXSTACK_ENABLE_X;
929 else
930 executable_stack = EXSTACK_DISABLE_X;
931 break;
774c105e
PB		 932
933 case PT_LOPROC ... PT_HIPROC:
a62c5b1b 934 retval = arch_elf_pt_proc(elf_ex, elf_ppnt,
774c105e
PB		 935 bprm->file, false,
936 &arch_state);
937 if (retval)
938 goto out_free_dentry;
939 break;
1da177e4 940 }
1da177e4
LT		 941
942 /* Some simple consistency checks for the interpreter */
cc338010 943 if (interpreter) {
1da177e4 944 retval = -ELIBBAD;
d20894a2 945 /* Not an ELF interpreter */
c69bcc93 946 if (memcmp(interp_elf_ex->e_ident, ELFMAG, SELFMAG) != 0)
1da177e4 947 goto out_free_dentry;
1da177e4 948 /* Verify the interpreter has a valid arch */
c69bcc93
AD		 949 if (!elf_check_arch(interp_elf_ex) ||
950 elf_check_fdpic(interp_elf_ex))
1da177e4 951 goto out_free_dentry;
a9d9ef13
PB		 952
953 /* Load the interpreter program headers */
c69bcc93 954 interp_elf_phdata = load_elf_phdrs(interp_elf_ex,
a9d9ef13
PB		 955 interpreter);
956 if (!interp_elf_phdata)
957 goto out_free_dentry;
774c105e
PB		 958
959 /* Pass PT_LOPROC..PT_HIPROC headers to arch code */
00e19cee 960 elf_property_phdata = NULL;
774c105e 961 elf_ppnt = interp_elf_phdata;
c69bcc93 962 for (i = 0; i < interp_elf_ex->e_phnum; i++, elf_ppnt++)
774c105e 963 switch (elf_ppnt->p_type) {
00e19cee
DM		 964 case PT_GNU_PROPERTY:
965 elf_property_phdata = elf_ppnt;
966 break;
967
774c105e 968 case PT_LOPROC ... PT_HIPROC:
c69bcc93 969 retval = arch_elf_pt_proc(interp_elf_ex,
774c105e
PB		 970 elf_ppnt, interpreter,
971 true, &arch_state);
972 if (retval)
973 goto out_free_dentry;
974 break;
975 }
1da177e4
LT		 976 }
977
00e19cee
DM		 978 retval = parse_elf_properties(interpreter ?: bprm->file,
979 elf_property_phdata, &arch_state);
980 if (retval)
981 goto out_free_dentry;
982
774c105e
PB		 983 /*
984 * Allow arch code to reject the ELF at this point, whilst it's
985 * still possible to return an error to the code that invoked
986 * the exec syscall.
987 */
a62c5b1b 988 retval = arch_check_elf(elf_ex,
c69bcc93 989 !!interpreter, interp_elf_ex,
eb4bc076 990 &arch_state);
774c105e
PB		 991 if (retval)
992 goto out_free_dentry;
993
1da177e4 994 /* Flush all traces of the currently running executable */
2388777a 995 retval = begin_new_exec(bprm);
1da177e4
LT		 996 if (retval)
997 goto out_free_dentry;
998
1da177e4
LT		 999 /* Do this immediately, since STACK_TOP as used in setup_arg_pages
1000 may depend on the personality. */
a62c5b1b
AD		 1001 SET_PERSONALITY2(*elf_ex, &arch_state);
1002 if (elf_read_implies_exec(*elf_ex, executable_stack))
1da177e4
LT		 1003 current->personality |= READ_IMPLIES_EXEC;
1004
f4e5cc2c 1005 if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
1da177e4 1006 current->flags |= PF_RANDOMIZE;
221af7f8
LT		 1007
1008 setup_new_exec(bprm);
1da177e4
LT		 1009
1010 /* Do this so that we can load the interpreter, if need be. We will
1011 change some of these later */
1da177e4
LT		 1012 retval = setup_arg_pages(bprm, randomize_stack_top(STACK_TOP),
1013 executable_stack);
19d860a1 1014 if (retval < 0)
1da177e4 1015 goto out_free_dentry;
1da177e4 1016
85264316
AD		 1017 elf_bss = 0;
1018 elf_brk = 0;
1019
1020 start_code = ~0UL;
1021 end_code = 0;
1022 start_data = 0;
1023 end_data = 0;
1024
af901ca1 1025 /* Now we do a little grungy work by mmapping the ELF image into
cc503c1b 1026 the correct location in memory. */
f4e5cc2c 1027 for(i = 0, elf_ppnt = elf_phdata;
a62c5b1b 1028 i < elf_ex->e_phnum; i++, elf_ppnt++) {
b212921b 1029 int elf_prot, elf_flags;
1da177e4 1030 unsigned long k, vaddr;
a87938b2 1031 unsigned long total_size = 0;
ce81bb25 1032 unsigned long alignment;
1da177e4
LT		 1033
1034 if (elf_ppnt->p_type != PT_LOAD)
1035 continue;
1036
1037 if (unlikely (elf_brk > elf_bss)) {
1038 unsigned long nbyte;
1039
1040 /* There was a PT_LOAD segment with p_memsz > p_filesz
1041 before this one. Map anonymous pages, if needed,
1042 and clear the area. */
f670d0ec 1043 retval = set_brk(elf_bss + load_bias,
16e72e9b
DV		 1044 elf_brk + load_bias,
1045 bss_prot);
19d860a1 1046 if (retval)
1da177e4 1047 goto out_free_dentry;
1da177e4
LT		 1048 nbyte = ELF_PAGEOFFSET(elf_bss);
1049 if (nbyte) {
1050 nbyte = ELF_MIN_ALIGN - nbyte;
1051 if (nbyte > elf_brk - elf_bss)
1052 nbyte = elf_brk - elf_bss;
1053 if (clear_user((void __user *)elf_bss +
1054 load_bias, nbyte)) {
1055 /*
1056 * This bss-zeroing can fail if the ELF
f4e5cc2c 1057 * file specifies odd protections. So
1da177e4
LT		 1058 * we don't check the return value
1059 */
1060 }
1061 }
1062 }
1063
fe0f6766
DM		 1064 elf_prot = make_prot(elf_ppnt->p_flags, &arch_state,
1065 !!interpreter, false);
1da177e4 1066
f4e5cc2c 1067 elf_flags = MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE;
1da177e4
LT		 1068
1069 vaddr = elf_ppnt->p_vaddr;
eab09532
KC		 1070 /*
1071 * If we are loading ET_EXEC or we have already performed
1072 * the ET_DYN load_addr calculations, proceed normally.
1073 */
a62c5b1b 1074 if (elf_ex->e_type == ET_EXEC || load_addr_set) {
b212921b 1075 elf_flags |= MAP_FIXED;
a62c5b1b 1076 } else if (elf_ex->e_type == ET_DYN) {
eab09532
KC		 1077 /*
1078 * This logic is run once for the first LOAD Program
1079 * Header for ET_DYN binaries to calculate the
1080 * randomization (load_bias) for all the LOAD
1081 * Program Headers, and to calculate the entire
1082 * size of the ELF mapping (total_size). (Note that
1083 * load_addr_set is set to true later once the
1084 * initial mapping is performed.)
1085 *
1086 * There are effectively two types of ET_DYN
1087 * binaries: programs (i.e. PIE: ET_DYN with INTERP)
1088 * and loaders (ET_DYN without INTERP, since they
1089 * _are_ the ELF interpreter). The loaders must
1090 * be loaded away from programs since the program
1091 * may otherwise collide with the loader (especially
1092 * for ET_EXEC which does not have a randomized
1093 * position). For example to handle invocations of
1094 * "./ld.so someprog" to test out a new version of
1095 * the loader, the subsequent program that the
1096 * loader loads must avoid the loader itself, so
1097 * they cannot share the same load range. Sufficient
1098 * room for the brk must be allocated with the
1099 * loader as well, since brk must be available with
1100 * the loader.
1101 *
1102 * Therefore, programs are loaded offset from
1103 * ELF_ET_DYN_BASE and loaders are loaded into the
1104 * independently randomized mmap region (0 load_bias
1105 * without MAP_FIXED).
1106 */
cc338010 1107 if (interpreter) {
eab09532
KC		 1108 load_bias = ELF_ET_DYN_BASE;
1109 if (current->flags & PF_RANDOMIZE)
1110 load_bias += arch_mmap_rnd();
ce81bb25
CK		 1111 alignment = maximum_alignment(elf_phdata, elf_ex->e_phnum);
1112 if (alignment)
1113 load_bias &= ~(alignment - 1);
b212921b 1114 elf_flags |= MAP_FIXED;
eab09532
KC		 1115 } else
1116 load_bias = 0;
1117
1118 /*
1119 * Since load_bias is used for all subsequent loading
1120 * calculations, we must lower it by the first vaddr
1121 * so that the remaining calculations based on the
1122 * ELF vaddrs will be correctly offset. The result
1123 * is then page aligned.
1124 */
1125 load_bias = ELF_PAGESTART(load_bias - vaddr);
1126
a87938b2 1127 total_size = total_mapping_size(elf_phdata,
a62c5b1b 1128 elf_ex->e_phnum);
a87938b2 1129 if (!total_size) {
2b1d3ae9 1130 retval = -EINVAL;
a87938b2
MD		 1131 goto out_free_dentry;
1132 }
1da177e4
LT		 1133 }
1134
f4e5cc2c 1135 error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
a87938b2 1136 elf_prot, elf_flags, total_size);
1da177e4 1137 if (BAD_ADDR(error)) {
b140f251
AK		 1138 retval = IS_ERR((void *)error) ?
1139 PTR_ERR((void*)error) : -EINVAL;
1da177e4
LT		 1140 goto out_free_dentry;
1141 }
1142
1143 if (!load_addr_set) {
1144 load_addr_set = 1;
1145 load_addr = (elf_ppnt->p_vaddr - elf_ppnt->p_offset);
a62c5b1b 1146 if (elf_ex->e_type == ET_DYN) {
1da177e4
LT		 1147 load_bias += error -
1148 ELF_PAGESTART(load_bias + vaddr);
1149 load_addr += load_bias;
1150 reloc_func_desc = load_bias;
1151 }
1152 }
1153 k = elf_ppnt->p_vaddr;
f67ef446 1154 if ((elf_ppnt->p_flags & PF_X) && k < start_code)
f4e5cc2c
JJ		 1155 start_code = k;
1156 if (start_data < k)
1157 start_data = k;
1da177e4
LT		 1158
1159 /*
1160 * Check to see if the section's size will overflow the
1161 * allowed task size. Note that p_filesz must always be
1162 * <= p_memsz so it is only necessary to check p_memsz.
1163 */
ce51059b 1164 if (BAD_ADDR(k) || elf_ppnt->p_filesz > elf_ppnt->p_memsz ||
1da177e4
LT		 1165 elf_ppnt->p_memsz > TASK_SIZE ||
1166 TASK_SIZE - elf_ppnt->p_memsz < k) {
f4e5cc2c 1167 /* set_brk can never work. Avoid overflows. */
b140f251 1168 retval = -EINVAL;
1da177e4
LT		 1169 goto out_free_dentry;
1170 }
1171
1172 k = elf_ppnt->p_vaddr + elf_ppnt->p_filesz;
1173
1174 if (k > elf_bss)
1175 elf_bss = k;
1176 if ((elf_ppnt->p_flags & PF_X) && end_code < k)
1177 end_code = k;
1178 if (end_data < k)
1179 end_data = k;
1180 k = elf_ppnt->p_vaddr + elf_ppnt->p_memsz;
16e72e9b
DV		 1181 if (k > elf_brk) {
1182 bss_prot = elf_prot;
1da177e4 1183 elf_brk = k;
16e72e9b 1184 }
1da177e4
LT		 1185 }
1186
a62c5b1b 1187 e_entry = elf_ex->e_entry + load_bias;
1da177e4
LT		 1188 elf_bss += load_bias;
1189 elf_brk += load_bias;
1190 start_code += load_bias;
1191 end_code += load_bias;
1192 start_data += load_bias;
1193 end_data += load_bias;
1194
1195 /* Calling set_brk effectively mmaps the pages that we need
1196 * for the bss and break sections. We must do this before
1197 * mapping in the interpreter, to make sure it doesn't wind
1198 * up getting placed where the bss needs to go.
1199 */
16e72e9b 1200 retval = set_brk(elf_bss, elf_brk, bss_prot);
19d860a1 1201 if (retval)
1da177e4 1202 goto out_free_dentry;
6de50517 1203 if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
1da177e4
LT		 1204 retval = -EFAULT; /* Nobody gets to see this, but.. */
1205 goto out_free_dentry;
1206 }
1207
cc338010 1208 if (interpreter) {
c69bcc93 1209 elf_entry = load_elf_interp(interp_elf_ex,
d20894a2 1210 interpreter,
fe0f6766
DM		 1211 load_bias, interp_elf_phdata,
1212 &arch_state);
d20894a2
AK		 1213 if (!IS_ERR((void *)elf_entry)) {
1214 /*
1215 * load_elf_interp() returns relocation
1216 * adjustment
1217 */
1218 interp_load_addr = elf_entry;
c69bcc93 1219 elf_entry += interp_elf_ex->e_entry;
cc503c1b 1220 }
1da177e4 1221 if (BAD_ADDR(elf_entry)) {
ce51059b
CE		 1222 retval = IS_ERR((void *)elf_entry) ?
1223 (int)elf_entry : -EINVAL;
1da177e4
LT		 1224 goto out_free_dentry;
1225 }
1226 reloc_func_desc = interp_load_addr;
1227
1228 allow_write_access(interpreter);
1229 fput(interpreter);
0693ffeb
AD		 1230
1231 kfree(interp_elf_ex);
aa0d1564 1232 kfree(interp_elf_phdata);
1da177e4 1233 } else {
a62c5b1b 1234 elf_entry = e_entry;
5342fba5 1235 if (BAD_ADDR(elf_entry)) {
ce51059b 1236 retval = -EINVAL;
5342fba5
SS		 1237 goto out_free_dentry;
1238 }
1da177e4
LT		 1239 }
1240
1241 kfree(elf_phdata);
1242
1da177e4
LT		 1243 set_binfmt(&elf_format);
1244
547ee84c 1245#ifdef ARCH_HAS_SETUP_ADDITIONAL_PAGES
cc338010 1246 retval = arch_setup_additional_pages(bprm, !!interpreter);
19d860a1 1247 if (retval < 0)
18c8baff 1248 goto out;
547ee84c
BH		 1249#endif /* ARCH_HAS_SETUP_ADDITIONAL_PAGES */
1250
a62c5b1b
AD		 1251 retval = create_elf_tables(bprm, elf_ex,
1252 load_addr, interp_load_addr, e_entry);
19d860a1 1253 if (retval < 0)
b6a2fea3 1254 goto out;
03c6d723
AD		 1255
1256 mm = current->mm;
1257 mm->end_code = end_code;
1258 mm->start_code = start_code;
1259 mm->start_data = start_data;
1260 mm->end_data = end_data;
1261 mm->start_stack = bprm->p;
1da177e4 1262
4471a675 1263 if ((current->flags & PF_RANDOMIZE) && (randomize_va_space > 1)) {
bbdc6076
KC		 1264 /*
1265 * For architectures with ELF randomization, when executing
1266 * a loader directly (i.e. no interpreter listed in ELF
1267 * headers), move the brk area out of the mmap region
1268 * (since it grows up, and may collide early with the stack
1269 * growing down), and into the unused ELF_ET_DYN_BASE region.
1270 */
7be3cb01 1271 if (IS_ENABLED(CONFIG_ARCH_HAS_ELF_RANDOMIZE) &&
03c6d723
AD		 1272 elf_ex->e_type == ET_DYN && !interpreter) {
1273 mm->brk = mm->start_brk = ELF_ET_DYN_BASE;
1274 }
bbdc6076 1275
03c6d723 1276 mm->brk = mm->start_brk = arch_randomize_brk(mm);
204db6ed 1277#ifdef compat_brk_randomized
4471a675
JK		 1278 current->brk_randomized = 1;
1279#endif
1280 }
c1d171a0 1281
1da177e4
LT		 1282 if (current->personality & MMAP_PAGE_ZERO) {
1283 /* Why this, you ask??? Well SVr4 maps page 0 as read-only,
1284 and some applications "depend" upon this behavior.
1285 Since we do not have the power to recompile these, we
f4e5cc2c 1286 emulate the SVr4 behavior. Sigh. */
6be5ceb0 1287 error = vm_mmap(NULL, 0, PAGE_SIZE, PROT_READ | PROT_EXEC,
1da177e4 1288 MAP_FIXED | MAP_PRIVATE, 0);
1da177e4
LT		 1289 }
1290
249b08e4 1291 regs = current_pt_regs();
1da177e4
LT		 1292#ifdef ELF_PLAT_INIT
1293 /*
1294 * The ABI may specify that certain registers be set up in special
1295 * ways (on i386 %edx is the address of a DT_FINI function, for
1296 * example. In addition, it may also specify (eg, PowerPC64 ELF)
1297 * that the e_entry field is the address of the function descriptor
1298 * for the startup routine, rather than the address of the startup
1299 * routine itself. This macro performs whatever initialization to
1300 * the regs structure is required as well as any relocations to the
1301 * function descriptor entries when executing dynamically links apps.
1302 */
1303 ELF_PLAT_INIT(regs, reloc_func_desc);
1304#endif
1305
b8383831 1306 finalize_exec(bprm);
1da177e4 1307 start_thread(regs, elf_entry, bprm->p);
1da177e4
LT		 1308 retval = 0;
1309out:
1da177e4
LT		 1310 return retval;
1311
1312 /* error cleanup */
1313out_free_dentry:
0693ffeb 1314 kfree(interp_elf_ex);
a9d9ef13 1315 kfree(interp_elf_phdata);
1da177e4
LT		 1316 allow_write_access(interpreter);
1317 if (interpreter)
1318 fput(interpreter);
1da177e4
LT		 1319out_free_ph:
1320 kfree(elf_phdata);
1321 goto out;
1322}
1323
69369a70 1324#ifdef CONFIG_USELIB
1da177e4
LT		 1325/* This is really simpleminded and specialized - we are loading an
1326 a.out library that is given an ELF header. */
1da177e4
LT		 1327static int load_elf_library(struct file *file)
1328{
1329 struct elf_phdr *elf_phdata;
1330 struct elf_phdr *eppnt;
1331 unsigned long elf_bss, bss, len;
1332 int retval, error, i, j;
1333 struct elfhdr elf_ex;
1334
1335 error = -ENOEXEC;
658c0335
AD		 1336 retval = elf_read(file, &elf_ex, sizeof(elf_ex), 0);
1337 if (retval < 0)
1da177e4
LT		 1338 goto out;
1339
1340 if (memcmp(elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
1341 goto out;
1342
1343 /* First of all, some simple consistency checks */
1344 if (elf_ex.e_type != ET_EXEC || elf_ex.e_phnum > 2 ||
72c2d531 1345 !elf_check_arch(&elf_ex) || !file->f_op->mmap)
1da177e4 1346 goto out;
4755200b
NP		 1347 if (elf_check_fdpic(&elf_ex))
1348 goto out;
1da177e4
LT		 1349
1350 /* Now read in all of the header information */
1351
1352 j = sizeof(struct elf_phdr) * elf_ex.e_phnum;
1353 /* j < ELF_MIN_ALIGN because elf_ex.e_phnum <= 2 */
1354
1355 error = -ENOMEM;
1356 elf_phdata = kmalloc(j, GFP_KERNEL);
1357 if (!elf_phdata)
1358 goto out;
1359
1360 eppnt = elf_phdata;
1361 error = -ENOEXEC;
658c0335
AD		 1362 retval = elf_read(file, eppnt, j, elf_ex.e_phoff);
1363 if (retval < 0)
1da177e4
LT		 1364 goto out_free_ph;
1365
1366 for (j = 0, i = 0; i<elf_ex.e_phnum; i++)
1367 if ((eppnt + i)->p_type == PT_LOAD)
1368 j++;
1369 if (j != 1)
1370 goto out_free_ph;
1371
1372 while (eppnt->p_type != PT_LOAD)
1373 eppnt++;
1374
1375 /* Now use mmap to map the library into memory. */
6be5ceb0 1376 error = vm_mmap(file,
1da177e4
LT		 1377 ELF_PAGESTART(eppnt->p_vaddr),
1378 (eppnt->p_filesz +
1379 ELF_PAGEOFFSET(eppnt->p_vaddr)),
1380 PROT_READ | PROT_WRITE | PROT_EXEC,
4ed28639 1381 MAP_FIXED_NOREPLACE | MAP_PRIVATE | MAP_DENYWRITE,
1da177e4
LT		 1382 (eppnt->p_offset -
1383 ELF_PAGEOFFSET(eppnt->p_vaddr)));
1da177e4
LT		 1384 if (error != ELF_PAGESTART(eppnt->p_vaddr))
1385 goto out_free_ph;
1386
1387 elf_bss = eppnt->p_vaddr + eppnt->p_filesz;
1388 if (padzero(elf_bss)) {
1389 error = -EFAULT;
1390 goto out_free_ph;
1391 }
1392
24962af7
OS		 1393 len = ELF_PAGEALIGN(eppnt->p_filesz + eppnt->p_vaddr);
1394 bss = ELF_PAGEALIGN(eppnt->p_memsz + eppnt->p_vaddr);
ecc2bc8a
MH		 1395 if (bss > len) {
1396 error = vm_brk(len, bss - len);
5d22fc25 1397 if (error)
ecc2bc8a
MH		 1398 goto out_free_ph;
1399 }
1da177e4
LT		 1400 error = 0;
1401
1402out_free_ph:
1403 kfree(elf_phdata);
1404out:
1405 return error;
1406}
69369a70 1407#endif /* #ifdef CONFIG_USELIB */
1da177e4 1408
698ba7b5 1409#ifdef CONFIG_ELF_CORE
1da177e4
LT		 1410/*
1411 * ELF core dumper
1412 *
1413 * Modelled on fs/exec.c:aout_core_dump()
1414 * Jeremy Fitzhardinge <[email protected]>
1415 */
1da177e4 1416
909af768
JB		 1417/*
1418 * The purpose of always_dump_vma() is to make sure that special kernel mappings
1419 * that are useful for post-mortem analysis are included in every core dump.
1420 * In that way we ensure that the core dump is fully interpretable later
1421 * without matching up the same kernel and hardware config to see what PC values
1422 * meant. These special mappings include - vDSO, vsyscall, and other
1423 * architecture specific mappings
1424 */
1425static bool always_dump_vma(struct vm_area_struct *vma)
1426{
1427 /* Any vsyscall mappings? */
1428 if (vma == get_gate_vma(vma->vm_mm))
1429 return true;
78d683e8
AL		 1430
1431 /*
1432 * Assume that all vmas with a .name op should always be dumped.
1433 * If this changes, a new vm_ops field can easily be added.
1434 */
1435 if (vma->vm_ops && vma->vm_ops->name && vma->vm_ops->name(vma))
1436 return true;
1437
909af768
JB		 1438 /*
1439 * arch_vma_name() returns non-NULL for special architecture mappings,
1440 * such as vDSO sections.
1441 */
1442 if (arch_vma_name(vma))
1443 return true;
1444
1445 return false;
1446}
1447
1da177e4 1448/*
82df3973 1449 * Decide what to dump of a segment, part, all or none.
1da177e4 1450 */
82df3973
RM		 1451static unsigned long vma_dump_size(struct vm_area_struct *vma,
1452 unsigned long mm_flags)
1da177e4 1453{
e575f111
KM		 1454#define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type))
1455
909af768
JB		 1456 /* always dump the vdso and vsyscall sections */
1457 if (always_dump_vma(vma))
82df3973 1458 goto whole;
e5b97dde 1459
0103bd16 1460 if (vma->vm_flags & VM_DONTDUMP)
accb61fe
JB		 1461 return 0;
1462
5037835c
RZ		 1463 /* support for DAX */
1464 if (vma_is_dax(vma)) {
1465 if ((vma->vm_flags & VM_SHARED) && FILTER(DAX_SHARED))
1466 goto whole;
1467 if (!(vma->vm_flags & VM_SHARED) && FILTER(DAX_PRIVATE))
1468 goto whole;
1469 return 0;
1470 }
1471
e575f111 1472 /* Hugetlb memory check */
03911132 1473 if (is_vm_hugetlb_page(vma)) {
e575f111
KM		 1474 if ((vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_SHARED))
1475 goto whole;
1476 if (!(vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_PRIVATE))
1477 goto whole;
23d9e482 1478 return 0;
e575f111
KM		 1479 }
1480
1da177e4 1481 /* Do not dump I/O mapped devices or special mappings */
314e51b9 1482 if (vma->vm_flags & VM_IO)
1da177e4
LT		 1483 return 0;
1484
a1b59e80
KH		 1485 /* By default, dump shared memory if mapped from an anonymous file. */
1486 if (vma->vm_flags & VM_SHARED) {
496ad9aa 1487 if (file_inode(vma->vm_file)->i_nlink == 0 ?
82df3973
RM		 1488 FILTER(ANON_SHARED) : FILTER(MAPPED_SHARED))
1489 goto whole;
1490 return 0;
a1b59e80 1491 }
1da177e4 1492
82df3973
RM		 1493 /* Dump segments that have been written to. */
1494 if (vma->anon_vma && FILTER(ANON_PRIVATE))
1495 goto whole;
1496 if (vma->vm_file == NULL)
1497 return 0;
1da177e4 1498
82df3973
RM		 1499 if (FILTER(MAPPED_PRIVATE))
1500 goto whole;
1501
1502 /*
1503 * If this looks like the beginning of a DSO or executable mapping,
1504 * check for an ELF header. If we find one, dump the first page to
1505 * aid in determining what was mapped here.
1506 */
92dc07b1
RM		 1507 if (FILTER(ELF_HEADERS) &&
1508 vma->vm_pgoff == 0 && (vma->vm_flags & VM_READ)) {
82df3973
RM		 1509 u32 __user *header = (u32 __user *) vma->vm_start;
1510 u32 word;
1511 /*
1512 * Doing it this way gets the constant folded by GCC.
1513 */
1514 union {
1515 u32 cmp;
1516 char elfmag[SELFMAG];
1517 } magic;
1518 BUILD_BUG_ON(SELFMAG != sizeof word);
1519 magic.elfmag[EI_MAG0] = ELFMAG0;
1520 magic.elfmag[EI_MAG1] = ELFMAG1;
1521 magic.elfmag[EI_MAG2] = ELFMAG2;
1522 magic.elfmag[EI_MAG3] = ELFMAG3;
92dc07b1
RM		 1523 if (unlikely(get_user(word, header)))
1524 word = 0;
92dc07b1 1525 if (word == magic.cmp)
82df3973
RM		 1526 return PAGE_SIZE;
1527 }
1528
1529#undef FILTER
1530
1531 return 0;
1532
1533whole:
1534 return vma->vm_end - vma->vm_start;
1da177e4
LT		 1535}
1536
1da177e4
LT		 1537/* An ELF note in memory */
1538struct memelfnote
1539{
1540 const char *name;
1541 int type;
1542 unsigned int datasz;
1543 void *data;
1544};
1545
1546static int notesize(struct memelfnote *en)
1547{
1548 int sz;
1549
1550 sz = sizeof(struct elf_note);
1551 sz += roundup(strlen(en->name) + 1, 4);
1552 sz += roundup(en->datasz, 4);
1553
1554 return sz;
1555}
1556
ecc8c772 1557static int writenote(struct memelfnote *men, struct coredump_params *cprm)
d025c9db
AK		 1558{
1559 struct elf_note en;
1da177e4
LT		 1560 en.n_namesz = strlen(men->name) + 1;
1561 en.n_descsz = men->datasz;
1562 en.n_type = men->type;
1563
ecc8c772 1564 return dump_emit(cprm, &en, sizeof(en)) &&
22a8cb82
AV		 1565 dump_emit(cprm, men->name, en.n_namesz) && dump_align(cprm, 4) &&
1566 dump_emit(cprm, men->data, men->datasz) && dump_align(cprm, 4);
1da177e4 1567}
1da177e4 1568
3aba481f 1569static void fill_elf_header(struct elfhdr *elf, int segs,
d3330cf0 1570 u16 machine, u32 flags)
1da177e4 1571{
6970c8ef
CG		 1572 memset(elf, 0, sizeof(*elf));
1573
1da177e4
LT		 1574 memcpy(elf->e_ident, ELFMAG, SELFMAG);
1575 elf->e_ident[EI_CLASS] = ELF_CLASS;
1576 elf->e_ident[EI_DATA] = ELF_DATA;
1577 elf->e_ident[EI_VERSION] = EV_CURRENT;
1578 elf->e_ident[EI_OSABI] = ELF_OSABI;
1da177e4
LT		 1579
1580 elf->e_type = ET_CORE;
3aba481f 1581 elf->e_machine = machine;
1da177e4 1582 elf->e_version = EV_CURRENT;
1da177e4 1583 elf->e_phoff = sizeof(struct elfhdr);
3aba481f 1584 elf->e_flags = flags;
1da177e4
LT		 1585 elf->e_ehsize = sizeof(struct elfhdr);
1586 elf->e_phentsize = sizeof(struct elf_phdr);
1587 elf->e_phnum = segs;
1da177e4
LT		 1588}
1589
8d6b5eee 1590static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, loff_t offset)
1da177e4
LT		 1591{
1592 phdr->p_type = PT_NOTE;
1593 phdr->p_offset = offset;
1594 phdr->p_vaddr = 0;
1595 phdr->p_paddr = 0;
1596 phdr->p_filesz = sz;
1597 phdr->p_memsz = 0;
1598 phdr->p_flags = 0;
1599 phdr->p_align = 0;
1da177e4
LT		 1600}
1601
1602static void fill_note(struct memelfnote *note, const char *name, int type,
1603 unsigned int sz, void *data)
1604{
1605 note->name = name;
1606 note->type = type;
1607 note->datasz = sz;
1608 note->data = data;
1da177e4
LT		 1609}
1610
1611/*
f4e5cc2c
JJ		 1612 * fill up all the fields in prstatus from the given task struct, except
1613 * registers which need to be filled up separately.
1da177e4
LT		 1614 */
1615static void fill_prstatus(struct elf_prstatus *prstatus,
f4e5cc2c 1616 struct task_struct *p, long signr)
1da177e4
LT		 1617{
1618 prstatus->pr_info.si_signo = prstatus->pr_cursig = signr;
1619 prstatus->pr_sigpend = p->pending.signal.sig[0];
1620 prstatus->pr_sighold = p->blocked.sig[0];
3b34fc58
ON		 1621 rcu_read_lock();
1622 prstatus->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1623 rcu_read_unlock();
b488893a 1624 prstatus->pr_pid = task_pid_vnr(p);
b488893a
PE		 1625 prstatus->pr_pgrp = task_pgrp_vnr(p);
1626 prstatus->pr_sid = task_session_vnr(p);
1da177e4 1627 if (thread_group_leader(p)) {
cd19c364 1628 struct task_cputime cputime;
f06febc9 1629
1da177e4 1630 /*
f06febc9
FM		 1631 * This is the record for the group leader. It shows the
1632 * group-wide total, not its individual thread total.
1da177e4 1633 */
cd19c364 1634 thread_group_cputime(p, &cputime);
e2bb80d5
AB		 1635 prstatus->pr_utime = ns_to_kernel_old_timeval(cputime.utime);
1636 prstatus->pr_stime = ns_to_kernel_old_timeval(cputime.stime);
1da177e4 1637 } else {
cd19c364 1638 u64 utime, stime;
6fac4829 1639
cd19c364 1640 task_cputime(p, &utime, &stime);
e2bb80d5
AB		 1641 prstatus->pr_utime = ns_to_kernel_old_timeval(utime);
1642 prstatus->pr_stime = ns_to_kernel_old_timeval(stime);
1da177e4 1643 }
5613fda9 1644
e2bb80d5
AB		 1645 prstatus->pr_cutime = ns_to_kernel_old_timeval(p->signal->cutime);
1646 prstatus->pr_cstime = ns_to_kernel_old_timeval(p->signal->cstime);
1da177e4
LT		 1647}
1648
1649static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p,
1650 struct mm_struct *mm)
1651{
c69e8d9c 1652 const struct cred *cred;
a84a5059 1653 unsigned int i, len;
1da177e4
LT		 1654
1655 /* first copy the parameters from user space */
1656 memset(psinfo, 0, sizeof(struct elf_prpsinfo));
1657
1658 len = mm->arg_end - mm->arg_start;
1659 if (len >= ELF_PRARGSZ)
1660 len = ELF_PRARGSZ-1;
1661 if (copy_from_user(&psinfo->pr_psargs,
1662 (const char __user *)mm->arg_start, len))
1663 return -EFAULT;
1664 for(i = 0; i < len; i++)
1665 if (psinfo->pr_psargs[i] == 0)
1666 psinfo->pr_psargs[i] = ' ';
1667 psinfo->pr_psargs[len] = 0;
1668
3b34fc58
ON		 1669 rcu_read_lock();
1670 psinfo->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1671 rcu_read_unlock();
b488893a 1672 psinfo->pr_pid = task_pid_vnr(p);
b488893a
PE		 1673 psinfo->pr_pgrp = task_pgrp_vnr(p);
1674 psinfo->pr_sid = task_session_vnr(p);
1da177e4
LT		 1675
1676 i = p->state ? ffz(~p->state) + 1 : 0;
1677 psinfo->pr_state = i;
55148548 1678 psinfo->pr_sname = (i > 5) ? '.' : "RSDTZW"[i];
1da177e4
LT		 1679 psinfo->pr_zomb = psinfo->pr_sname == 'Z';
1680 psinfo->pr_nice = task_nice(p);
1681 psinfo->pr_flag = p->flags;
c69e8d9c
DH		 1682 rcu_read_lock();
1683 cred = __task_cred(p);
ebc887b2
EB		 1684 SET_UID(psinfo->pr_uid, from_kuid_munged(cred->user_ns, cred->uid));
1685 SET_GID(psinfo->pr_gid, from_kgid_munged(cred->user_ns, cred->gid));
c69e8d9c 1686 rcu_read_unlock();
1da177e4
LT		 1687 strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname));
1688
1689 return 0;
1690}
1691
3aba481f
RM		 1692static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
1693{
1694 elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
1695 int i = 0;
1696 do
1697 i += 2;
1698 while (auxv[i - 2] != AT_NULL);
1699 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
1700}
1701
49ae4d4b 1702static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata,
ae7795bc 1703 const kernel_siginfo_t *siginfo)
49ae4d4b 1704{
fa4751f4 1705 copy_siginfo_to_external(csigdata, siginfo);
49ae4d4b
DV		 1706 fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata);
1707}
1708
2aa362c4
DV		 1709#define MAX_FILE_NOTE_SIZE (4*1024*1024)
1710/*
1711 * Format of NT_FILE note:
1712 *
1713 * long count -- how many files are mapped
1714 * long page_size -- units for file_ofs
1715 * array of [COUNT] elements of
1716 * long start
1717 * long end
1718 * long file_ofs
1719 * followed by COUNT filenames in ASCII: "FILE1" NUL "FILE2" NUL...
1720 */
72023656 1721static int fill_files_note(struct memelfnote *note)
2aa362c4 1722{
03c6d723 1723 struct mm_struct *mm = current->mm;
2aa362c4
DV		 1724 struct vm_area_struct *vma;
1725 unsigned count, size, names_ofs, remaining, n;
1726 user_long_t *data;
1727 user_long_t *start_end_ofs;
1728 char *name_base, *name_curpos;
1729
1730 /* *Estimated* file count and total data size needed */
03c6d723 1731 count = mm->map_count;
60c9d92f
AD		 1732 if (count > UINT_MAX / 64)
1733 return -EINVAL;
2aa362c4
DV		 1734 size = count * 64;
1735
1736 names_ofs = (2 + 3 * count) * sizeof(data[0]);
1737 alloc:
1738 if (size >= MAX_FILE_NOTE_SIZE) /* paranoia check */
72023656 1739 return -EINVAL;
2aa362c4 1740 size = round_up(size, PAGE_SIZE);
1fbede6e
AD		 1741 /*
1742 * "size" can be 0 here legitimately.
1743 * Let it ENOMEM and omit NT_FILE section which will be empty anyway.
1744 */
86a2bb5a
AD		 1745 data = kvmalloc(size, GFP_KERNEL);
1746 if (ZERO_OR_NULL_PTR(data))
72023656 1747 return -ENOMEM;
2aa362c4
DV		 1748
1749 start_end_ofs = data + 2;
1750 name_base = name_curpos = ((char *)data) + names_ofs;
1751 remaining = size - names_ofs;
1752 count = 0;
03c6d723 1753 for (vma = mm->mmap; vma != NULL; vma = vma->vm_next) {
2aa362c4
DV		 1754 struct file *file;
1755 const char *filename;
1756
1757 file = vma->vm_file;
1758 if (!file)
1759 continue;
9bf39ab2 1760 filename = file_path(file, name_curpos, remaining);
2aa362c4
DV		 1761 if (IS_ERR(filename)) {
1762 if (PTR_ERR(filename) == -ENAMETOOLONG) {
86a2bb5a 1763 kvfree(data);
2aa362c4
DV		 1764 size = size * 5 / 4;
1765 goto alloc;
1766 }
1767 continue;
1768 }
1769
9bf39ab2 1770 /* file_path() fills at the end, move name down */
2aa362c4
DV		 1771 /* n = strlen(filename) + 1: */
1772 n = (name_curpos + remaining) - filename;
1773 remaining = filename - name_curpos;
1774 memmove(name_curpos, filename, n);
1775 name_curpos += n;
1776
1777 *start_end_ofs++ = vma->vm_start;
1778 *start_end_ofs++ = vma->vm_end;
1779 *start_end_ofs++ = vma->vm_pgoff;
1780 count++;
1781 }
1782
1783 /* Now we know exact count of files, can store it */
1784 data[0] = count;
1785 data[1] = PAGE_SIZE;
1786 /*
03c6d723 1787 * Count usually is less than mm->map_count,
2aa362c4
DV		 1788 * we need to move filenames down.
1789 */
03c6d723 1790 n = mm->map_count - count;
2aa362c4
DV		 1791 if (n != 0) {
1792 unsigned shift_bytes = n * 3 * sizeof(data[0]);
1793 memmove(name_base - shift_bytes, name_base,
1794 name_curpos - name_base);
1795 name_curpos -= shift_bytes;
1796 }
1797
1798 size = name_curpos - (char *)data;
1799 fill_note(note, "CORE", NT_FILE, size, data);
72023656 1800 return 0;
2aa362c4
DV		 1801}
1802
4206d3aa
RM		 1803#ifdef CORE_DUMP_USE_REGSET
1804#include <linux/regset.h>
1805
1806struct elf_thread_core_info {
1807 struct elf_thread_core_info *next;
1808 struct task_struct *task;
1809 struct elf_prstatus prstatus;
1810 struct memelfnote notes[0];
1811};
1812
1813struct elf_note_info {
1814 struct elf_thread_core_info *thread;
1815 struct memelfnote psinfo;
49ae4d4b 1816 struct memelfnote signote;
4206d3aa 1817 struct memelfnote auxv;
2aa362c4 1818 struct memelfnote files;
49ae4d4b 1819 user_siginfo_t csigdata;
4206d3aa
RM		 1820 size_t size;
1821 int thread_notes;
1822};
1823
d31472b6
RM		 1824/*
1825 * When a regset has a writeback hook, we call it on each thread before
1826 * dumping user memory. On register window machines, this makes sure the
1827 * user memory backing the register data is up to date before we read it.
1828 */
1829static void do_thread_regset_writeback(struct task_struct *task,
1830 const struct user_regset *regset)
1831{
1832 if (regset->writeback)
1833 regset->writeback(task, regset, 1);
1834}
1835
0953f65d 1836#ifndef PRSTATUS_SIZE
90954e7b 1837#define PRSTATUS_SIZE(S, R) sizeof(S)
0953f65d
L		 1838#endif
1839
1840#ifndef SET_PR_FPVALID
90954e7b 1841#define SET_PR_FPVALID(S, V, R) ((S)->pr_fpvalid = (V))
0953f65d
L		 1842#endif
1843
4206d3aa
RM		 1844static int fill_thread_core_info(struct elf_thread_core_info *t,
1845 const struct user_regset_view *view,
1846 long signr, size_t *total)
1847{
1848 unsigned int i;
b4e9c954 1849 int regset0_size;
4206d3aa
RM		 1850
1851 /*
1852 * NT_PRSTATUS is the one special case, because the regset data
1853 * goes into the pr_reg field inside the note contents, rather
1854 * than being the whole note contents. We fill the reset in here.
1855 * We assume that regset 0 is NT_PRSTATUS.
1856 */
1857 fill_prstatus(&t->prstatus, t->task, signr);
b4e9c954
AV		 1858 regset0_size = regset_get(t->task, &view->regsets[0],
1859 sizeof(t->prstatus.pr_reg), &t->prstatus.pr_reg);
1860 if (regset0_size < 0)
1861 return 0;
4206d3aa
RM		 1862
1863 fill_note(&t->notes[0], "CORE", NT_PRSTATUS,
27e64b4b 1864 PRSTATUS_SIZE(t->prstatus, regset0_size), &t->prstatus);
4206d3aa
RM		 1865 *total += notesize(&t->notes[0]);
1866
d31472b6
RM		 1867 do_thread_regset_writeback(t->task, &view->regsets[0]);
1868
4206d3aa
RM		 1869 /*
1870 * Each other regset might generate a note too. For each regset
1871 * that has no core_note_type or is inactive, we leave t->notes[i]
1872 * all zero and we'll know to skip writing it later.
1873 */
1874 for (i = 1; i < view->n; ++i) {
1875 const struct user_regset *regset = &view->regsets[i];
b4e9c954
AV		 1876 int note_type = regset->core_note_type;
1877 bool is_fpreg = note_type == NT_PRFPREG;
1878 void *data;
1879 int ret;
1880
d31472b6 1881 do_thread_regset_writeback(t->task, regset);
b4e9c954
AV		 1882 if (!note_type) // not for coredumps
1883 continue;
1884 if (regset->active && regset->active(t->task, regset) <= 0)
1885 continue;
1886
1887 ret = regset_get_alloc(t->task, regset, ~0U, &data);
1888 if (ret < 0)
1889 continue;
1890
1891 if (is_fpreg)
1892 SET_PR_FPVALID(&t->prstatus, 1, regset0_size);
1893
1894 fill_note(&t->notes[i], is_fpreg ? "CORE" : "LINUX",
1895 note_type, ret, data);
1896
1897 *total += notesize(&t->notes[i]);
4206d3aa
RM		 1898 }
1899
1900 return 1;
1901}
1902
1903static int fill_note_info(struct elfhdr *elf, int phdrs,
1904 struct elf_note_info *info,
ae7795bc 1905 const kernel_siginfo_t *siginfo, struct pt_regs *regs)
4206d3aa
RM		 1906{
1907 struct task_struct *dump_task = current;
1908 const struct user_regset_view *view = task_user_regset_view(dump_task);
1909 struct elf_thread_core_info *t;
1910 struct elf_prpsinfo *psinfo;
83914441 1911 struct core_thread *ct;
4206d3aa
RM		 1912 unsigned int i;
1913
1914 info->size = 0;
1915 info->thread = NULL;
1916
1917 psinfo = kmalloc(sizeof(*psinfo), GFP_KERNEL);
6899e92d
AC		 1918 if (psinfo == NULL) {
1919 info->psinfo.data = NULL; /* So we don't free this wrongly */
4206d3aa 1920 return 0;
6899e92d 1921 }
4206d3aa 1922
e2dbe125
AW		 1923 fill_note(&info->psinfo, "CORE", NT_PRPSINFO, sizeof(*psinfo), psinfo);
1924
4206d3aa
RM		 1925 /*
1926 * Figure out how many notes we're going to need for each thread.
1927 */
1928 info->thread_notes = 0;
1929 for (i = 0; i < view->n; ++i)
1930 if (view->regsets[i].core_note_type != 0)
1931 ++info->thread_notes;
1932
1933 /*
1934 * Sanity check. We rely on regset 0 being in NT_PRSTATUS,
1935 * since it is our one special case.
1936 */
1937 if (unlikely(info->thread_notes == 0) ||
1938 unlikely(view->regsets[0].core_note_type != NT_PRSTATUS)) {
1939 WARN_ON(1);
1940 return 0;
1941 }
1942
1943 /*
1944 * Initialize the ELF file header.
1945 */
1946 fill_elf_header(elf, phdrs,
d3330cf0 1947 view->e_machine, view->e_flags);
4206d3aa
RM		 1948
1949 /*
1950 * Allocate a structure for each thread.
1951 */
83914441
ON		 1952 for (ct = &dump_task->mm->core_state->dumper; ct; ct = ct->next) {
1953 t = kzalloc(offsetof(struct elf_thread_core_info,
1954 notes[info->thread_notes]),
1955 GFP_KERNEL);
1956 if (unlikely(!t))
1957 return 0;
1958
1959 t->task = ct->task;
1960 if (ct->task == dump_task || !info->thread) {
1961 t->next = info->thread;
1962 info->thread = t;
1963 } else {
1964 /*
1965 * Make sure to keep the original task at
1966 * the head of the list.
1967 */
1968 t->next = info->thread->next;
1969 info->thread->next = t;
4206d3aa 1970 }
83914441 1971 }
4206d3aa
RM		 1972
1973 /*
1974 * Now fill in each thread's information.
1975 */
1976 for (t = info->thread; t != NULL; t = t->next)
5ab1c309 1977 if (!fill_thread_core_info(t, view, siginfo->si_signo, &info->size))
4206d3aa
RM		 1978 return 0;
1979
1980 /*
1981 * Fill in the two process-wide notes.
1982 */
1983 fill_psinfo(psinfo, dump_task->group_leader, dump_task->mm);
1984 info->size += notesize(&info->psinfo);
1985
49ae4d4b
DV		 1986 fill_siginfo_note(&info->signote, &info->csigdata, siginfo);
1987 info->size += notesize(&info->signote);
1988
4206d3aa
RM		 1989 fill_auxv_note(&info->auxv, current->mm);
1990 info->size += notesize(&info->auxv);
1991
72023656
DA		 1992 if (fill_files_note(&info->files) == 0)
1993 info->size += notesize(&info->files);
2aa362c4 1994
4206d3aa
RM		 1995 return 1;
1996}
1997
1998static size_t get_note_info_size(struct elf_note_info *info)
1999{
2000 return info->size;
2001}
2002
2003/*
2004 * Write all the notes for each thread. When writing the first thread, the
2005 * process-wide notes are interleaved after the first thread-specific note.
2006 */
2007static int write_note_info(struct elf_note_info *info,
ecc8c772 2008 struct coredump_params *cprm)
4206d3aa 2009{
b219e25f 2010 bool first = true;
4206d3aa
RM		 2011 struct elf_thread_core_info *t = info->thread;
2012
2013 do {
2014 int i;
2015
ecc8c772 2016 if (!writenote(&t->notes[0], cprm))
4206d3aa
RM		 2017 return 0;
2018
ecc8c772 2019 if (first && !writenote(&info->psinfo, cprm))
4206d3aa 2020 return 0;
ecc8c772 2021 if (first && !writenote(&info->signote, cprm))
49ae4d4b 2022 return 0;
ecc8c772 2023 if (first && !writenote(&info->auxv, cprm))
4206d3aa 2024 return 0;
72023656 2025 if (first && info->files.data &&
ecc8c772 2026 !writenote(&info->files, cprm))
2aa362c4 2027 return 0;
4206d3aa
RM		 2028
2029 for (i = 1; i < info->thread_notes; ++i)
2030 if (t->notes[i].data &&
ecc8c772 2031 !writenote(&t->notes[i], cprm))
4206d3aa
RM		 2032 return 0;
2033
b219e25f 2034 first = false;
4206d3aa
RM		 2035 t = t->next;
2036 } while (t);
2037
2038 return 1;
2039}
2040
2041static void free_note_info(struct elf_note_info *info)
2042{
2043 struct elf_thread_core_info *threads = info->thread;
2044 while (threads) {
2045 unsigned int i;
2046 struct elf_thread_core_info *t = threads;
2047 threads = t->next;
2048 WARN_ON(t->notes[0].data && t->notes[0].data != &t->prstatus);
2049 for (i = 1; i < info->thread_notes; ++i)
2050 kfree(t->notes[i].data);
2051 kfree(t);
2052 }
2053 kfree(info->psinfo.data);
86a2bb5a 2054 kvfree(info->files.data);
4206d3aa
RM		 2055}
2056
2057#else
2058
1da177e4
LT		 2059/* Here is the structure in which status of each thread is captured. */
2060struct elf_thread_status
2061{
2062 struct list_head list;
2063 struct elf_prstatus prstatus; /* NT_PRSTATUS */
2064 elf_fpregset_t fpu; /* NT_PRFPREG */
2065 struct task_struct *thread;
1da177e4
LT		 2066 struct memelfnote notes[3];
2067 int num_notes;
2068};
2069
2070/*
2071 * In order to add the specific thread information for the elf file format,
f4e5cc2c
JJ		 2072 * we need to keep a linked list of every threads pr_status and then create
2073 * a single section for them in the final core file.
1da177e4
LT		 2074 */
2075static int elf_dump_thread_status(long signr, struct elf_thread_status *t)
2076{
2077 int sz = 0;
2078 struct task_struct *p = t->thread;
2079 t->num_notes = 0;
2080
2081 fill_prstatus(&t->prstatus, p, signr);
2082 elf_core_copy_task_regs(p, &t->prstatus.pr_reg);
2083
f4e5cc2c
JJ		 2084 fill_note(&t->notes[0], "CORE", NT_PRSTATUS, sizeof(t->prstatus),
2085 &(t->prstatus));
1da177e4
LT		 2086 t->num_notes++;
2087 sz += notesize(&t->notes[0]);
2088
f4e5cc2c
JJ		 2089 if ((t->prstatus.pr_fpvalid = elf_core_copy_task_fpregs(p, NULL,
2090 &t->fpu))) {
2091 fill_note(&t->notes[1], "CORE", NT_PRFPREG, sizeof(t->fpu),
2092 &(t->fpu));
1da177e4
LT		 2093 t->num_notes++;
2094 sz += notesize(&t->notes[1]);
2095 }
1da177e4
LT		 2096 return sz;
2097}
2098
3aba481f
RM		 2099struct elf_note_info {
2100 struct memelfnote *notes;
72023656 2101 struct memelfnote *notes_files;
3aba481f
RM		 2102 struct elf_prstatus *prstatus; /* NT_PRSTATUS */
2103 struct elf_prpsinfo *psinfo; /* NT_PRPSINFO */
2104 struct list_head thread_list;
2105 elf_fpregset_t *fpu;
49ae4d4b 2106 user_siginfo_t csigdata;
3aba481f
RM		 2107 int thread_status_size;
2108 int numnote;
2109};
2110
0cf062d0 2111static int elf_note_info_init(struct elf_note_info *info)
3aba481f 2112{
0cf062d0 2113 memset(info, 0, sizeof(*info));
3aba481f
RM		 2114 INIT_LIST_HEAD(&info->thread_list);
2115
49ae4d4b 2116 /* Allocate space for ELF notes */
6da2ec56 2117 info->notes = kmalloc_array(8, sizeof(struct memelfnote), GFP_KERNEL);
3aba481f
RM		 2118 if (!info->notes)
2119 return 0;
2120 info->psinfo = kmalloc(sizeof(*info->psinfo), GFP_KERNEL);
2121 if (!info->psinfo)
f34f9d18 2122 return 0;
3aba481f
RM		 2123 info->prstatus = kmalloc(sizeof(*info->prstatus), GFP_KERNEL);
2124 if (!info->prstatus)
f34f9d18 2125 return 0;
3aba481f
RM		 2126 info->fpu = kmalloc(sizeof(*info->fpu), GFP_KERNEL);
2127 if (!info->fpu)
f34f9d18 2128 return 0;
0cf062d0 2129 return 1;
0cf062d0
AW		 2130}
2131
2132static int fill_note_info(struct elfhdr *elf, int phdrs,
2133 struct elf_note_info *info,
ae7795bc 2134 const kernel_siginfo_t *siginfo, struct pt_regs *regs)
0cf062d0 2135{
afabada9
AV		 2136 struct core_thread *ct;
2137 struct elf_thread_status *ets;
0cf062d0
AW		 2138
2139 if (!elf_note_info_init(info))
2140 return 0;
3aba481f 2141
afabada9
AV		 2142 for (ct = current->mm->core_state->dumper.next;
2143 ct; ct = ct->next) {
2144 ets = kzalloc(sizeof(*ets), GFP_KERNEL);
2145 if (!ets)
2146 return 0;
83914441 2147
afabada9
AV		 2148 ets->thread = ct->task;
2149 list_add(&ets->list, &info->thread_list);
2150 }
83914441 2151
93f044e2 2152 list_for_each_entry(ets, &info->thread_list, list) {
afabada9 2153 int sz;
3aba481f 2154
afabada9
AV		 2155 sz = elf_dump_thread_status(siginfo->si_signo, ets);
2156 info->thread_status_size += sz;
3aba481f
RM		 2157 }
2158 /* now collect the dump for the current */
2159 memset(info->prstatus, 0, sizeof(*info->prstatus));
5ab1c309 2160 fill_prstatus(info->prstatus, current, siginfo->si_signo);
3aba481f
RM		 2161 elf_core_copy_regs(&info->prstatus->pr_reg, regs);
2162
2163 /* Set up header */
d3330cf0 2164 fill_elf_header(elf, phdrs, ELF_ARCH, ELF_CORE_EFLAGS);
3aba481f
RM		 2165
2166 /*
2167 * Set up the notes in similar form to SVR4 core dumps made
2168 * with info from their /proc.
2169 */
2170
2171 fill_note(info->notes + 0, "CORE", NT_PRSTATUS,
2172 sizeof(*info->prstatus), info->prstatus);
2173 fill_psinfo(info->psinfo, current->group_leader, current->mm);
2174 fill_note(info->notes + 1, "CORE", NT_PRPSINFO,
2175 sizeof(*info->psinfo), info->psinfo);
2176
2aa362c4
DV		 2177 fill_siginfo_note(info->notes + 2, &info->csigdata, siginfo);
2178 fill_auxv_note(info->notes + 3, current->mm);
72023656 2179 info->numnote = 4;
3aba481f 2180
72023656
DA		 2181 if (fill_files_note(info->notes + info->numnote) == 0) {
2182 info->notes_files = info->notes + info->numnote;
2183 info->numnote++;
2184 }
3aba481f
RM		 2185
2186 /* Try to dump the FPU. */
2187 info->prstatus->pr_fpvalid = elf_core_copy_task_fpregs(current, regs,
2188 info->fpu);
2189 if (info->prstatus->pr_fpvalid)
2190 fill_note(info->notes + info->numnote++,
2191 "CORE", NT_PRFPREG, sizeof(*info->fpu), info->fpu);
3aba481f 2192 return 1;
3aba481f
RM		 2193}
2194
2195static size_t get_note_info_size(struct elf_note_info *info)
2196{
2197 int sz = 0;
2198 int i;
2199
2200 for (i = 0; i < info->numnote; i++)
2201 sz += notesize(info->notes + i);
2202
2203 sz += info->thread_status_size;
2204
2205 return sz;
2206}
2207
2208static int write_note_info(struct elf_note_info *info,
ecc8c772 2209 struct coredump_params *cprm)
3aba481f 2210{
93f044e2 2211 struct elf_thread_status *ets;
3aba481f 2212 int i;
3aba481f
RM		 2213
2214 for (i = 0; i < info->numnote; i++)
ecc8c772 2215 if (!writenote(info->notes + i, cprm))
3aba481f
RM		 2216 return 0;
2217
2218 /* write out the thread status notes section */
93f044e2
AD		 2219 list_for_each_entry(ets, &info->thread_list, list) {
2220 for (i = 0; i < ets->num_notes; i++)
2221 if (!writenote(&ets->notes[i], cprm))
3aba481f
RM		 2222 return 0;
2223 }
2224
2225 return 1;
2226}
2227
2228static void free_note_info(struct elf_note_info *info)
2229{
2230 while (!list_empty(&info->thread_list)) {
2231 struct list_head *tmp = info->thread_list.next;
2232 list_del(tmp);
2233 kfree(list_entry(tmp, struct elf_thread_status, list));
2234 }
2235
72023656
DA		 2236 /* Free data possibly allocated by fill_files_note(): */
2237 if (info->notes_files)
86a2bb5a 2238 kvfree(info->notes_files->data);
2aa362c4 2239
3aba481f
RM		 2240 kfree(info->prstatus);
2241 kfree(info->psinfo);
2242 kfree(info->notes);
2243 kfree(info->fpu);
3aba481f
RM		 2244}
2245
4206d3aa
RM		 2246#endif
2247
f47aef55
RM		 2248static struct vm_area_struct *first_vma(struct task_struct *tsk,
2249 struct vm_area_struct *gate_vma)
2250{
2251 struct vm_area_struct *ret = tsk->mm->mmap;
2252
2253 if (ret)
2254 return ret;
2255 return gate_vma;
2256}
2257/*
2258 * Helper function for iterating across a vma list. It ensures that the caller
2259 * will visit `gate_vma' prior to terminating the search.
2260 */
2261static struct vm_area_struct *next_vma(struct vm_area_struct *this_vma,
2262 struct vm_area_struct *gate_vma)
2263{
2264 struct vm_area_struct *ret;
2265
2266 ret = this_vma->vm_next;
2267 if (ret)
2268 return ret;
2269 if (this_vma == gate_vma)
2270 return NULL;
2271 return gate_vma;
2272}
2273
8d9032bb
DH		 2274static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
2275 elf_addr_t e_shoff, int segs)
2276{
2277 elf->e_shoff = e_shoff;
2278 elf->e_shentsize = sizeof(*shdr4extnum);
2279 elf->e_shnum = 1;
2280 elf->e_shstrndx = SHN_UNDEF;
2281
2282 memset(shdr4extnum, 0, sizeof(*shdr4extnum));
2283
2284 shdr4extnum->sh_type = SHT_NULL;
2285 shdr4extnum->sh_size = elf->e_shnum;
2286 shdr4extnum->sh_link = elf->e_shstrndx;
2287 shdr4extnum->sh_info = segs;
2288}
2289
1da177e4
LT		 2290/*
2291 * Actual dumper
2292 *
2293 * This is a two-pass process; first we find the offsets of the bits,
2294 * and then they are actually written out. If we run out of core limit
2295 * we just truncate.
2296 */
f6151dfe 2297static int elf_core_dump(struct coredump_params *cprm)
1da177e4 2298{
1da177e4 2299 int has_dumped = 0;
52f5592e
JL		 2300 int segs, i;
2301 size_t vma_data_size = 0;
f47aef55 2302 struct vm_area_struct *vma, *gate_vma;
225a3f53 2303 struct elfhdr elf;
cdc3d562 2304 loff_t offset = 0, dataoff;
72023656 2305 struct elf_note_info info = { };
93eb211e 2306 struct elf_phdr *phdr4note = NULL;
8d9032bb
DH		 2307 struct elf_shdr *shdr4extnum = NULL;
2308 Elf_Half e_phnum;
2309 elf_addr_t e_shoff;
52f5592e 2310 elf_addr_t *vma_filesz = NULL;
1da177e4
LT		 2311
2312 /*
2313 * We no longer stop all VM operations.
2314 *
f4e5cc2c
JJ		 2315 * This is because those proceses that could possibly change map_count
2316 * or the mmap / vma pages are now blocked in do_exit on current
2317 * finishing this core dump.
1da177e4
LT		 2318 *
2319 * Only ptrace can touch these memory addresses, but it doesn't change
f4e5cc2c 2320 * the map_count or the pages allocated. So no possibility of crashing
1da177e4
LT		 2321 * exists while dumping the mm->vm_next areas to the core file.
2322 */
2323
341c87bf
KH		 2324 /*
2325 * The number of segs are recored into ELF header as 16bit value.
2326 * Please check DEFAULT_MAX_MAP_COUNT definition when you modify here.
2327 */
1da177e4 2328 segs = current->mm->map_count;
1fcccbac 2329 segs += elf_core_extra_phdrs();
1da177e4 2330
31db58b3 2331 gate_vma = get_gate_vma(current->mm);
f47aef55
RM		 2332 if (gate_vma != NULL)
2333 segs++;
2334
8d9032bb
DH		 2335 /* for notes section */
2336 segs++;
2337
2338 /* If segs > PN_XNUM(0xffff), then e_phnum overflows. To avoid
2339 * this, kernel supports extended numbering. Have a look at
2340 * include/linux/elf.h for further information. */
2341 e_phnum = segs > PN_XNUM ? PN_XNUM : segs;
2342
1da177e4 2343 /*
3aba481f
RM		 2344 * Collect all the non-memory information about the process for the
2345 * notes. This also sets up the file header.
1da177e4 2346 */
225a3f53 2347 if (!fill_note_info(&elf, e_phnum, &info, cprm->siginfo, cprm->regs))
d2530b43 2348 goto end_coredump;
1da177e4 2349
3aba481f 2350 has_dumped = 1;
079148b9 2351
225a3f53 2352 offset += sizeof(elf); /* Elf header */
8d9032bb 2353 offset += segs * sizeof(struct elf_phdr); /* Program headers */
1da177e4
LT		 2354
2355 /* Write notes phdr entry */
2356 {
3aba481f 2357 size_t sz = get_note_info_size(&info);
1da177e4 2358
e5501492 2359 sz += elf_coredump_extra_notes_size();
bf1ab978 2360
93eb211e
DH		 2361 phdr4note = kmalloc(sizeof(*phdr4note), GFP_KERNEL);
2362 if (!phdr4note)
088e7af7 2363 goto end_coredump;
93eb211e
DH		 2364
2365 fill_elf_note_phdr(phdr4note, sz, offset);
2366 offset += sz;
1da177e4
LT		 2367 }
2368
1da177e4
LT		 2369 dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
2370
1fbede6e
AD		 2371 /*
2372 * Zero vma process will get ZERO_SIZE_PTR here.
2373 * Let coredump continue for register state at least.
2374 */
86a2bb5a
AD		 2375 vma_filesz = kvmalloc(array_size(sizeof(*vma_filesz), (segs - 1)),
2376 GFP_KERNEL);
1fbede6e 2377 if (!vma_filesz)
52f5592e
JL		 2378 goto end_coredump;
2379
2380 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
2381 vma = next_vma(vma, gate_vma)) {
2382 unsigned long dump_size;
2383
2384 dump_size = vma_dump_size(vma, cprm->mm_flags);
2385 vma_filesz[i++] = dump_size;
2386 vma_data_size += dump_size;
2387 }
2388
2389 offset += vma_data_size;
8d9032bb
DH		 2390 offset += elf_core_extra_data_size();
2391 e_shoff = offset;
2392
2393 if (e_phnum == PN_XNUM) {
2394 shdr4extnum = kmalloc(sizeof(*shdr4extnum), GFP_KERNEL);
2395 if (!shdr4extnum)
2396 goto end_coredump;
225a3f53 2397 fill_extnum_info(&elf, shdr4extnum, e_shoff, segs);
8d9032bb
DH		 2398 }
2399
2400 offset = dataoff;
2401
225a3f53 2402 if (!dump_emit(cprm, &elf, sizeof(elf)))
93eb211e
DH		 2403 goto end_coredump;
2404
ecc8c772 2405 if (!dump_emit(cprm, phdr4note, sizeof(*phdr4note)))
93eb211e
DH		 2406 goto end_coredump;
2407
1da177e4 2408 /* Write program headers for segments dump */
52f5592e 2409 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
f47aef55 2410 vma = next_vma(vma, gate_vma)) {
1da177e4 2411 struct elf_phdr phdr;
1da177e4
LT		 2412
2413 phdr.p_type = PT_LOAD;
2414 phdr.p_offset = offset;
2415 phdr.p_vaddr = vma->vm_start;
2416 phdr.p_paddr = 0;
52f5592e 2417 phdr.p_filesz = vma_filesz[i++];
82df3973 2418 phdr.p_memsz = vma->vm_end - vma->vm_start;
1da177e4
LT		 2419 offset += phdr.p_filesz;
2420 phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
f4e5cc2c
JJ		 2421 if (vma->vm_flags & VM_WRITE)
2422 phdr.p_flags |= PF_W;
2423 if (vma->vm_flags & VM_EXEC)
2424 phdr.p_flags |= PF_X;
1da177e4
LT		 2425 phdr.p_align = ELF_EXEC_PAGESIZE;
2426
ecc8c772 2427 if (!dump_emit(cprm, &phdr, sizeof(phdr)))
088e7af7 2428 goto end_coredump;
1da177e4
LT		 2429 }
2430
506f21c5 2431 if (!elf_core_write_extra_phdrs(cprm, offset))
1fcccbac 2432 goto end_coredump;
1da177e4
LT		 2433
2434 /* write out the notes section */
ecc8c772 2435 if (!write_note_info(&info, cprm))
3aba481f 2436 goto end_coredump;
1da177e4 2437
cdc3d562 2438 if (elf_coredump_extra_notes_write(cprm))
e5501492 2439 goto end_coredump;
bf1ab978 2440
d025c9db 2441 /* Align to page */
1607f09c 2442 if (!dump_skip(cprm, dataoff - cprm->pos))
f3e8fccd 2443 goto end_coredump;
1da177e4 2444
52f5592e 2445 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
f47aef55 2446 vma = next_vma(vma, gate_vma)) {
1da177e4 2447 unsigned long addr;
82df3973 2448 unsigned long end;
1da177e4 2449
52f5592e 2450 end = vma->vm_start + vma_filesz[i++];
1da177e4 2451
82df3973 2452 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
f4e5cc2c 2453 struct page *page;
f3e8fccd
HD		 2454 int stop;
2455
2456 page = get_dump_page(addr);
2457 if (page) {
2458 void *kaddr = kmap(page);
13046ece 2459 stop = !dump_emit(cprm, kaddr, PAGE_SIZE);
f3e8fccd 2460 kunmap(page);
09cbfeaf 2461 put_page(page);
f3e8fccd 2462 } else
9b56d543 2463 stop = !dump_skip(cprm, PAGE_SIZE);
f3e8fccd
HD		 2464 if (stop)
2465 goto end_coredump;
1da177e4
LT		 2466 }
2467 }
4d22c75d 2468 dump_truncate(cprm);
1da177e4 2469
aa3e7eaf 2470 if (!elf_core_write_extra_data(cprm))
1fcccbac 2471 goto end_coredump;
1da177e4 2472
8d9032bb 2473 if (e_phnum == PN_XNUM) {
13046ece 2474 if (!dump_emit(cprm, shdr4extnum, sizeof(*shdr4extnum)))
8d9032bb
DH		 2475 goto end_coredump;
2476 }
2477
1da177e4 2478end_coredump:
3aba481f 2479 free_note_info(&info);
8d9032bb 2480 kfree(shdr4extnum);
86a2bb5a 2481 kvfree(vma_filesz);
93eb211e 2482 kfree(phdr4note);
1da177e4 2483 return has_dumped;
1da177e4
LT		 2484}
2485
698ba7b5 2486#endif /* CONFIG_ELF_CORE */
1da177e4
LT		 2487
2488static int __init init_elf_binfmt(void)
2489{
8fc3dc5a
AV		 2490 register_binfmt(&elf_format);
2491 return 0;
1da177e4
LT		 2492}
2493
2494static void __exit exit_elf_binfmt(void)
2495{
2496 /* Remove the COFF and ELF loaders. */
2497 unregister_binfmt(&elf_format);
2498}
2499
2500core_initcall(init_elf_binfmt);
2501module_exit(exit_elf_binfmt);
2502MODULE_LICENSE("GPL");
Empty description
This page took 1.643389 seconds and 4 git commands to generate.