2 * linux/fs/binfmt_elf.c
4 * These are the functions used to load ELF format executables as used
5 * on SVr4 machines. Information on the format may be found in the book
6 * "UNIX SYSTEM V RELEASE 4 Programmers Guide: Ansi C and Programming Support
9 * Copyright 1993, 1994: Eric Youngdale (ericy@cais.com).
12 #include <linux/module.h>
13 #include <linux/kernel.h>
16 #include <linux/mman.h>
17 #include <linux/errno.h>
18 #include <linux/signal.h>
19 #include <linux/binfmts.h>
20 #include <linux/string.h>
21 #include <linux/file.h>
22 #include <linux/slab.h>
23 #include <linux/personality.h>
24 #include <linux/elfcore.h>
25 #include <linux/init.h>
26 #include <linux/highuid.h>
27 #include <linux/compiler.h>
28 #include <linux/highmem.h>
29 #include <linux/pagemap.h>
30 #include <linux/vmalloc.h>
31 #include <linux/security.h>
32 #include <linux/random.h>
33 #include <linux/elf.h>
34 #include <linux/utsname.h>
35 #include <linux/coredump.h>
36 #include <asm/uaccess.h>
37 #include <asm/param.h>
41 #define user_long_t long
43 #ifndef user_siginfo_t
44 #define user_siginfo_t siginfo_t
47 static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs);
48 static int load_elf_library(struct file *);
49 static unsigned long elf_map(struct file *, unsigned long, struct elf_phdr *,
50 int, int, unsigned long);
53 * If we don't support core dumping, then supply a NULL so we
56 #ifdef CONFIG_ELF_CORE
57 static int elf_core_dump(struct coredump_params *cprm);
59 #define elf_core_dump NULL
62 #if ELF_EXEC_PAGESIZE > PAGE_SIZE
63 #define ELF_MIN_ALIGN ELF_EXEC_PAGESIZE
65 #define ELF_MIN_ALIGN PAGE_SIZE
68 #ifndef ELF_CORE_EFLAGS
69 #define ELF_CORE_EFLAGS 0
72 #define ELF_PAGESTART(_v) ((_v) & ~(unsigned long)(ELF_MIN_ALIGN-1))
73 #define ELF_PAGEOFFSET(_v) ((_v) & (ELF_MIN_ALIGN-1))
74 #define ELF_PAGEALIGN(_v) (((_v) + ELF_MIN_ALIGN - 1) & ~(ELF_MIN_ALIGN - 1))
76 static struct linux_binfmt elf_format = {
77 .module = THIS_MODULE,
78 .load_binary = load_elf_binary,
79 .load_shlib = load_elf_library,
80 .core_dump = elf_core_dump,
81 .min_coredump = ELF_EXEC_PAGESIZE,
84 #define BAD_ADDR(x) ((unsigned long)(x) >= TASK_SIZE)
86 static int set_brk(unsigned long start, unsigned long end)
88 start = ELF_PAGEALIGN(start);
89 end = ELF_PAGEALIGN(end);
92 addr = vm_brk(start, end - start);
96 current->mm->start_brk = current->mm->brk = end;
100 /* We need to explicitly zero any fractional pages
101 after the data section (i.e. bss). This would
102 contain the junk from the file that should not
105 static int padzero(unsigned long elf_bss)
109 nbyte = ELF_PAGEOFFSET(elf_bss);
111 nbyte = ELF_MIN_ALIGN - nbyte;
112 if (clear_user((void __user *) elf_bss, nbyte))
118 /* Let's use some macros to make this stack manipulation a little clearer */
119 #ifdef CONFIG_STACK_GROWSUP
120 #define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) + (items))
121 #define STACK_ROUND(sp, items) \
122 ((15 + (unsigned long) ((sp) + (items))) &~ 15UL)
123 #define STACK_ALLOC(sp, len) ({ \
124 elf_addr_t __user *old_sp = (elf_addr_t __user *)sp; sp += len; \
127 #define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) - (items))
128 #define STACK_ROUND(sp, items) \
129 (((unsigned long) (sp - items)) &~ 15UL)
130 #define STACK_ALLOC(sp, len) ({ sp -= len ; sp; })
133 #ifndef ELF_BASE_PLATFORM
135 * AT_BASE_PLATFORM indicates the "real" hardware/microarchitecture.
136 * If the arch defines ELF_BASE_PLATFORM (in asm/elf.h), the value
137 * will be copied to the user stack in the same manner as AT_PLATFORM.
139 #define ELF_BASE_PLATFORM NULL
143 create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
144 unsigned long load_addr, unsigned long interp_load_addr)
146 unsigned long p = bprm->p;
147 int argc = bprm->argc;
148 int envc = bprm->envc;
149 elf_addr_t __user *argv;
150 elf_addr_t __user *envp;
151 elf_addr_t __user *sp;
152 elf_addr_t __user *u_platform;
153 elf_addr_t __user *u_base_platform;
154 elf_addr_t __user *u_rand_bytes;
155 const char *k_platform = ELF_PLATFORM;
156 const char *k_base_platform = ELF_BASE_PLATFORM;
157 unsigned char k_rand_bytes[16];
159 elf_addr_t *elf_info;
161 const struct cred *cred = current_cred();
162 struct vm_area_struct *vma;
165 * In some cases (e.g. Hyper-Threading), we want to avoid L1
166 * evictions by the processes running on the same package. One
167 * thing we can do is to shuffle the initial stack for them.
170 p = arch_align_stack(p);
173 * If this architecture has a platform capability string, copy it
174 * to userspace. In some cases (Sparc), this info is impossible
175 * for userspace to get any other way, in others (i386) it is
180 size_t len = strlen(k_platform) + 1;
182 u_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
183 if (__copy_to_user(u_platform, k_platform, len))
188 * If this architecture has a "base" platform capability
189 * string, copy it to userspace.
191 u_base_platform = NULL;
192 if (k_base_platform) {
193 size_t len = strlen(k_base_platform) + 1;
195 u_base_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
196 if (__copy_to_user(u_base_platform, k_base_platform, len))
201 * Generate 16 random bytes for userspace PRNG seeding.
203 get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes));
204 u_rand_bytes = (elf_addr_t __user *)
205 STACK_ALLOC(p, sizeof(k_rand_bytes));
206 if (__copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes)))
209 /* Create the ELF interpreter info */
210 elf_info = (elf_addr_t *)current->mm->saved_auxv;
211 /* update AT_VECTOR_SIZE_BASE if the number of NEW_AUX_ENT() changes */
212 #define NEW_AUX_ENT(id, val) \
214 elf_info[ei_index++] = id; \
215 elf_info[ei_index++] = val; \
220 * ARCH_DLINFO must come first so PPC can do its special alignment of
222 * update AT_VECTOR_SIZE_ARCH if the number of NEW_AUX_ENT() in
223 * ARCH_DLINFO changes
227 NEW_AUX_ENT(AT_HWCAP, ELF_HWCAP);
228 NEW_AUX_ENT(AT_PAGESZ, ELF_EXEC_PAGESIZE);
229 NEW_AUX_ENT(AT_CLKTCK, CLOCKS_PER_SEC);
230 NEW_AUX_ENT(AT_PHDR, load_addr + exec->e_phoff);
231 NEW_AUX_ENT(AT_PHENT, sizeof(struct elf_phdr));
232 NEW_AUX_ENT(AT_PHNUM, exec->e_phnum);
233 NEW_AUX_ENT(AT_BASE, interp_load_addr);
234 NEW_AUX_ENT(AT_FLAGS, 0);
235 NEW_AUX_ENT(AT_ENTRY, exec->e_entry);
236 NEW_AUX_ENT(AT_UID, from_kuid_munged(cred->user_ns, cred->uid));
237 NEW_AUX_ENT(AT_EUID, from_kuid_munged(cred->user_ns, cred->euid));
238 NEW_AUX_ENT(AT_GID, from_kgid_munged(cred->user_ns, cred->gid));
239 NEW_AUX_ENT(AT_EGID, from_kgid_munged(cred->user_ns, cred->egid));
240 NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm));
241 NEW_AUX_ENT(AT_RANDOM, (elf_addr_t)(unsigned long)u_rand_bytes);
242 NEW_AUX_ENT(AT_EXECFN, bprm->exec);
244 NEW_AUX_ENT(AT_PLATFORM,
245 (elf_addr_t)(unsigned long)u_platform);
247 if (k_base_platform) {
248 NEW_AUX_ENT(AT_BASE_PLATFORM,
249 (elf_addr_t)(unsigned long)u_base_platform);
251 if (bprm->interp_flags & BINPRM_FLAGS_EXECFD) {
252 NEW_AUX_ENT(AT_EXECFD, bprm->interp_data);
255 /* AT_NULL is zero; clear the rest too */
256 memset(&elf_info[ei_index], 0,
257 sizeof current->mm->saved_auxv - ei_index * sizeof elf_info[0]);
259 /* And advance past the AT_NULL entry. */
262 sp = STACK_ADD(p, ei_index);
264 items = (argc + 1) + (envc + 1) + 1;
265 bprm->p = STACK_ROUND(sp, items);
267 /* Point sp at the lowest address on the stack */
268 #ifdef CONFIG_STACK_GROWSUP
269 sp = (elf_addr_t __user *)bprm->p - items - ei_index;
270 bprm->exec = (unsigned long)sp; /* XXX: PARISC HACK */
272 sp = (elf_addr_t __user *)bprm->p;
277 * Grow the stack manually; some architectures have a limit on how
278 * far ahead a user-space access may be in order to grow the stack.
280 vma = find_extend_vma(current->mm, bprm->p);
284 /* Now, let's put argc (and argv, envp if appropriate) on the stack */
285 if (__put_user(argc, sp++))
288 envp = argv + argc + 1;
290 /* Populate argv and envp */
291 p = current->mm->arg_end = current->mm->arg_start;
294 if (__put_user((elf_addr_t)p, argv++))
296 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
297 if (!len || len > MAX_ARG_STRLEN)
301 if (__put_user(0, argv))
303 current->mm->arg_end = current->mm->env_start = p;
306 if (__put_user((elf_addr_t)p, envp++))
308 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
309 if (!len || len > MAX_ARG_STRLEN)
313 if (__put_user(0, envp))
315 current->mm->env_end = p;
317 /* Put the elf_info on the stack in the right place. */
318 sp = (elf_addr_t __user *)envp + 1;
319 if (copy_to_user(sp, elf_info, ei_index * sizeof(elf_addr_t)))
324 static unsigned long elf_map(struct file *filep, unsigned long addr,
325 struct elf_phdr *eppnt, int prot, int type,
326 unsigned long total_size)
328 unsigned long map_addr;
329 unsigned long size = eppnt->p_filesz + ELF_PAGEOFFSET(eppnt->p_vaddr);
330 unsigned long off = eppnt->p_offset - ELF_PAGEOFFSET(eppnt->p_vaddr);
331 addr = ELF_PAGESTART(addr);
332 size = ELF_PAGEALIGN(size);
334 /* mmap() will return -EINVAL if given a zero size, but a
335 * segment with zero filesize is perfectly valid */
340 * total_size is the size of the ELF (interpreter) image.
341 * The _first_ mmap needs to know the full size, otherwise
342 * randomization might put this image into an overlapping
343 * position with the ELF binary image. (since size < total_size)
344 * So we first map the 'big' image - and unmap the remainder at
345 * the end. (which unmap is needed for ELF images with holes.)
348 total_size = ELF_PAGEALIGN(total_size);
349 map_addr = vm_mmap(filep, addr, total_size, prot, type, off);
350 if (!BAD_ADDR(map_addr))
351 vm_munmap(map_addr+size, total_size-size);
353 map_addr = vm_mmap(filep, addr, size, prot, type, off);
358 static unsigned long total_mapping_size(struct elf_phdr *cmds, int nr)
360 int i, first_idx = -1, last_idx = -1;
362 for (i = 0; i < nr; i++) {
363 if (cmds[i].p_type == PT_LOAD) {
372 return cmds[last_idx].p_vaddr + cmds[last_idx].p_memsz -
373 ELF_PAGESTART(cmds[first_idx].p_vaddr);
377 /* This is much more generalized than the library routine read function,
378 so we keep this separate. Technically the library read function
379 is only provided so that we can read a.out libraries that have
382 static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
383 struct file *interpreter, unsigned long *interp_map_addr,
384 unsigned long no_base)
386 struct elf_phdr *elf_phdata;
387 struct elf_phdr *eppnt;
388 unsigned long load_addr = 0;
389 int load_addr_set = 0;
390 unsigned long last_bss = 0, elf_bss = 0;
391 unsigned long error = ~0UL;
392 unsigned long total_size;
395 /* First of all, some simple consistency checks */
396 if (interp_elf_ex->e_type != ET_EXEC &&
397 interp_elf_ex->e_type != ET_DYN)
399 if (!elf_check_arch(interp_elf_ex))
401 if (!interpreter->f_op || !interpreter->f_op->mmap)
405 * If the size of this structure has changed, then punt, since
406 * we will be doing the wrong thing.
408 if (interp_elf_ex->e_phentsize != sizeof(struct elf_phdr))
410 if (interp_elf_ex->e_phnum < 1 ||
411 interp_elf_ex->e_phnum > 65536U / sizeof(struct elf_phdr))
414 /* Now read in all of the header information */
415 size = sizeof(struct elf_phdr) * interp_elf_ex->e_phnum;
416 if (size > ELF_MIN_ALIGN)
418 elf_phdata = kmalloc(size, GFP_KERNEL);
422 retval = kernel_read(interpreter, interp_elf_ex->e_phoff,
423 (char *)elf_phdata, size);
425 if (retval != size) {
431 total_size = total_mapping_size(elf_phdata, interp_elf_ex->e_phnum);
438 for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) {
439 if (eppnt->p_type == PT_LOAD) {
440 int elf_type = MAP_PRIVATE | MAP_DENYWRITE;
442 unsigned long vaddr = 0;
443 unsigned long k, map_addr;
445 if (eppnt->p_flags & PF_R)
446 elf_prot = PROT_READ;
447 if (eppnt->p_flags & PF_W)
448 elf_prot |= PROT_WRITE;
449 if (eppnt->p_flags & PF_X)
450 elf_prot |= PROT_EXEC;
451 vaddr = eppnt->p_vaddr;
452 if (interp_elf_ex->e_type == ET_EXEC || load_addr_set)
453 elf_type |= MAP_FIXED;
454 else if (no_base && interp_elf_ex->e_type == ET_DYN)
457 map_addr = elf_map(interpreter, load_addr + vaddr,
458 eppnt, elf_prot, elf_type, total_size);
460 if (!*interp_map_addr)
461 *interp_map_addr = map_addr;
463 if (BAD_ADDR(map_addr))
466 if (!load_addr_set &&
467 interp_elf_ex->e_type == ET_DYN) {
468 load_addr = map_addr - ELF_PAGESTART(vaddr);
473 * Check to see if the section's size will overflow the
474 * allowed task size. Note that p_filesz must always be
475 * <= p_memsize so it's only necessary to check p_memsz.
477 k = load_addr + eppnt->p_vaddr;
479 eppnt->p_filesz > eppnt->p_memsz ||
480 eppnt->p_memsz > TASK_SIZE ||
481 TASK_SIZE - eppnt->p_memsz < k) {
487 * Find the end of the file mapping for this phdr, and
488 * keep track of the largest address we see for this.
490 k = load_addr + eppnt->p_vaddr + eppnt->p_filesz;
495 * Do the same thing for the memory mapping - between
496 * elf_bss and last_bss is the bss section.
498 k = load_addr + eppnt->p_memsz + eppnt->p_vaddr;
504 if (last_bss > elf_bss) {
506 * Now fill out the bss section. First pad the last page up
507 * to the page boundary, and then perform a mmap to make sure
508 * that there are zero-mapped pages up to and including the
511 if (padzero(elf_bss)) {
516 /* What we have mapped so far */
517 elf_bss = ELF_PAGESTART(elf_bss + ELF_MIN_ALIGN - 1);
519 /* Map the last of the bss segment */
520 error = vm_brk(elf_bss, last_bss - elf_bss);
534 * These are the functions used to load ELF style executables and shared
535 * libraries. There is no binary dependent code anywhere else.
538 #define INTERPRETER_NONE 0
539 #define INTERPRETER_ELF 2
541 #ifndef STACK_RND_MASK
542 #define STACK_RND_MASK (0x7ff >> (PAGE_SHIFT - 12)) /* 8MB of VA */
545 static unsigned long randomize_stack_top(unsigned long stack_top)
547 unsigned int random_variable = 0;
549 if ((current->flags & PF_RANDOMIZE) &&
550 !(current->personality & ADDR_NO_RANDOMIZE)) {
551 random_variable = get_random_int() & STACK_RND_MASK;
552 random_variable <<= PAGE_SHIFT;
554 #ifdef CONFIG_STACK_GROWSUP
555 return PAGE_ALIGN(stack_top) + random_variable;
557 return PAGE_ALIGN(stack_top) - random_variable;
561 static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
563 struct file *interpreter = NULL; /* to shut gcc up */
564 unsigned long load_addr = 0, load_bias = 0;
565 int load_addr_set = 0;
566 char * elf_interpreter = NULL;
568 struct elf_phdr *elf_ppnt, *elf_phdata;
569 unsigned long elf_bss, elf_brk;
572 unsigned long elf_entry;
573 unsigned long interp_load_addr = 0;
574 unsigned long start_code, end_code, start_data, end_data;
575 unsigned long reloc_func_desc __maybe_unused = 0;
576 int executable_stack = EXSTACK_DEFAULT;
577 unsigned long def_flags = 0;
579 struct elfhdr elf_ex;
580 struct elfhdr interp_elf_ex;
583 loc = kmalloc(sizeof(*loc), GFP_KERNEL);
589 /* Get the exec-header */
590 loc->elf_ex = *((struct elfhdr *)bprm->buf);
593 /* First of all, some simple consistency checks */
594 if (memcmp(loc->elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
597 if (loc->elf_ex.e_type != ET_EXEC && loc->elf_ex.e_type != ET_DYN)
599 if (!elf_check_arch(&loc->elf_ex))
601 if (!bprm->file->f_op || !bprm->file->f_op->mmap)
604 /* Now read in all of the header information */
605 if (loc->elf_ex.e_phentsize != sizeof(struct elf_phdr))
607 if (loc->elf_ex.e_phnum < 1 ||
608 loc->elf_ex.e_phnum > 65536U / sizeof(struct elf_phdr))
610 size = loc->elf_ex.e_phnum * sizeof(struct elf_phdr);
612 elf_phdata = kmalloc(size, GFP_KERNEL);
616 retval = kernel_read(bprm->file, loc->elf_ex.e_phoff,
617 (char *)elf_phdata, size);
618 if (retval != size) {
624 elf_ppnt = elf_phdata;
633 for (i = 0; i < loc->elf_ex.e_phnum; i++) {
634 if (elf_ppnt->p_type == PT_INTERP) {
635 /* This is the program interpreter used for
636 * shared libraries - for now assume that this
637 * is an a.out format binary
640 if (elf_ppnt->p_filesz > PATH_MAX ||
641 elf_ppnt->p_filesz < 2)
645 elf_interpreter = kmalloc(elf_ppnt->p_filesz,
647 if (!elf_interpreter)
650 retval = kernel_read(bprm->file, elf_ppnt->p_offset,
653 if (retval != elf_ppnt->p_filesz) {
656 goto out_free_interp;
658 /* make sure path is NULL terminated */
660 if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0')
661 goto out_free_interp;
663 interpreter = open_exec(elf_interpreter);
664 retval = PTR_ERR(interpreter);
665 if (IS_ERR(interpreter))
666 goto out_free_interp;
669 * If the binary is not readable then enforce
670 * mm->dumpable = 0 regardless of the interpreter's
673 would_dump(bprm, interpreter);
675 retval = kernel_read(interpreter, 0, bprm->buf,
677 if (retval != BINPRM_BUF_SIZE) {
680 goto out_free_dentry;
683 /* Get the exec headers */
684 loc->interp_elf_ex = *((struct elfhdr *)bprm->buf);
690 elf_ppnt = elf_phdata;
691 for (i = 0; i < loc->elf_ex.e_phnum; i++, elf_ppnt++)
692 if (elf_ppnt->p_type == PT_GNU_STACK) {
693 if (elf_ppnt->p_flags & PF_X)
694 executable_stack = EXSTACK_ENABLE_X;
696 executable_stack = EXSTACK_DISABLE_X;
700 /* Some simple consistency checks for the interpreter */
701 if (elf_interpreter) {
703 /* Not an ELF interpreter */
704 if (memcmp(loc->interp_elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
705 goto out_free_dentry;
706 /* Verify the interpreter has a valid arch */
707 if (!elf_check_arch(&loc->interp_elf_ex))
708 goto out_free_dentry;
711 /* Flush all traces of the currently running executable */
712 retval = flush_old_exec(bprm);
714 goto out_free_dentry;
716 /* OK, This is the point of no return */
717 current->mm->def_flags = def_flags;
719 /* Do this immediately, since STACK_TOP as used in setup_arg_pages
720 may depend on the personality. */
721 SET_PERSONALITY(loc->elf_ex);
722 if (elf_read_implies_exec(loc->elf_ex, executable_stack))
723 current->personality |= READ_IMPLIES_EXEC;
725 if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
726 current->flags |= PF_RANDOMIZE;
728 setup_new_exec(bprm);
730 /* Do this so that we can load the interpreter, if need be. We will
731 change some of these later */
732 current->mm->free_area_cache = current->mm->mmap_base;
733 current->mm->cached_hole_size = 0;
734 retval = setup_arg_pages(bprm, randomize_stack_top(STACK_TOP),
737 send_sig(SIGKILL, current, 0);
738 goto out_free_dentry;
741 current->mm->start_stack = bprm->p;
743 /* Now we do a little grungy work by mmapping the ELF image into
744 the correct location in memory. */
745 for(i = 0, elf_ppnt = elf_phdata;
746 i < loc->elf_ex.e_phnum; i++, elf_ppnt++) {
747 int elf_prot = 0, elf_flags;
748 unsigned long k, vaddr;
750 if (elf_ppnt->p_type != PT_LOAD)
753 if (unlikely (elf_brk > elf_bss)) {
756 /* There was a PT_LOAD segment with p_memsz > p_filesz
757 before this one. Map anonymous pages, if needed,
758 and clear the area. */
759 retval = set_brk(elf_bss + load_bias,
760 elf_brk + load_bias);
762 send_sig(SIGKILL, current, 0);
763 goto out_free_dentry;
765 nbyte = ELF_PAGEOFFSET(elf_bss);
767 nbyte = ELF_MIN_ALIGN - nbyte;
768 if (nbyte > elf_brk - elf_bss)
769 nbyte = elf_brk - elf_bss;
770 if (clear_user((void __user *)elf_bss +
773 * This bss-zeroing can fail if the ELF
774 * file specifies odd protections. So
775 * we don't check the return value
781 if (elf_ppnt->p_flags & PF_R)
782 elf_prot |= PROT_READ;
783 if (elf_ppnt->p_flags & PF_W)
784 elf_prot |= PROT_WRITE;
785 if (elf_ppnt->p_flags & PF_X)
786 elf_prot |= PROT_EXEC;
788 elf_flags = MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE;
790 vaddr = elf_ppnt->p_vaddr;
791 if (loc->elf_ex.e_type == ET_EXEC || load_addr_set) {
792 elf_flags |= MAP_FIXED;
793 } else if (loc->elf_ex.e_type == ET_DYN) {
794 /* Try and get dynamic programs out of the way of the
795 * default mmap base, as well as whatever program they
796 * might try to exec. This is because the brk will
797 * follow the loader, and is not movable. */
798 #ifdef CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE
799 /* Memory randomization might have been switched off
800 * in runtime via sysctl.
801 * If that is the case, retain the original non-zero
802 * load_bias value in order to establish proper
803 * non-randomized mappings.
805 if (current->flags & PF_RANDOMIZE)
808 load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
810 load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
814 error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
815 elf_prot, elf_flags, 0);
816 if (BAD_ADDR(error)) {
817 send_sig(SIGKILL, current, 0);
818 retval = IS_ERR((void *)error) ?
819 PTR_ERR((void*)error) : -EINVAL;
820 goto out_free_dentry;
823 if (!load_addr_set) {
825 load_addr = (elf_ppnt->p_vaddr - elf_ppnt->p_offset);
826 if (loc->elf_ex.e_type == ET_DYN) {
828 ELF_PAGESTART(load_bias + vaddr);
829 load_addr += load_bias;
830 reloc_func_desc = load_bias;
833 k = elf_ppnt->p_vaddr;
840 * Check to see if the section's size will overflow the
841 * allowed task size. Note that p_filesz must always be
842 * <= p_memsz so it is only necessary to check p_memsz.
844 if (BAD_ADDR(k) || elf_ppnt->p_filesz > elf_ppnt->p_memsz ||
845 elf_ppnt->p_memsz > TASK_SIZE ||
846 TASK_SIZE - elf_ppnt->p_memsz < k) {
847 /* set_brk can never work. Avoid overflows. */
848 send_sig(SIGKILL, current, 0);
850 goto out_free_dentry;
853 k = elf_ppnt->p_vaddr + elf_ppnt->p_filesz;
857 if ((elf_ppnt->p_flags & PF_X) && end_code < k)
861 k = elf_ppnt->p_vaddr + elf_ppnt->p_memsz;
866 loc->elf_ex.e_entry += load_bias;
867 elf_bss += load_bias;
868 elf_brk += load_bias;
869 start_code += load_bias;
870 end_code += load_bias;
871 start_data += load_bias;
872 end_data += load_bias;
874 /* Calling set_brk effectively mmaps the pages that we need
875 * for the bss and break sections. We must do this before
876 * mapping in the interpreter, to make sure it doesn't wind
877 * up getting placed where the bss needs to go.
879 retval = set_brk(elf_bss, elf_brk);
881 send_sig(SIGKILL, current, 0);
882 goto out_free_dentry;
884 if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
885 send_sig(SIGSEGV, current, 0);
886 retval = -EFAULT; /* Nobody gets to see this, but.. */
887 goto out_free_dentry;
890 if (elf_interpreter) {
891 unsigned long interp_map_addr = 0;
893 elf_entry = load_elf_interp(&loc->interp_elf_ex,
897 if (!IS_ERR((void *)elf_entry)) {
899 * load_elf_interp() returns relocation
902 interp_load_addr = elf_entry;
903 elf_entry += loc->interp_elf_ex.e_entry;
905 if (BAD_ADDR(elf_entry)) {
906 force_sig(SIGSEGV, current);
907 retval = IS_ERR((void *)elf_entry) ?
908 (int)elf_entry : -EINVAL;
909 goto out_free_dentry;
911 reloc_func_desc = interp_load_addr;
913 allow_write_access(interpreter);
915 kfree(elf_interpreter);
917 elf_entry = loc->elf_ex.e_entry;
918 if (BAD_ADDR(elf_entry)) {
919 force_sig(SIGSEGV, current);
921 goto out_free_dentry;
927 set_binfmt(&elf_format);
929 #ifdef ARCH_HAS_SETUP_ADDITIONAL_PAGES
930 retval = arch_setup_additional_pages(bprm, !!elf_interpreter);
932 send_sig(SIGKILL, current, 0);
935 #endif /* ARCH_HAS_SETUP_ADDITIONAL_PAGES */
937 install_exec_creds(bprm);
938 retval = create_elf_tables(bprm, &loc->elf_ex,
939 load_addr, interp_load_addr);
941 send_sig(SIGKILL, current, 0);
944 /* N.B. passed_fileno might not be initialized? */
945 current->mm->end_code = end_code;
946 current->mm->start_code = start_code;
947 current->mm->start_data = start_data;
948 current->mm->end_data = end_data;
949 current->mm->start_stack = bprm->p;
951 #ifdef arch_randomize_brk
952 if ((current->flags & PF_RANDOMIZE) && (randomize_va_space > 1)) {
953 current->mm->brk = current->mm->start_brk =
954 arch_randomize_brk(current->mm);
955 #ifdef CONFIG_COMPAT_BRK
956 current->brk_randomized = 1;
961 if (current->personality & MMAP_PAGE_ZERO) {
962 /* Why this, you ask??? Well SVr4 maps page 0 as read-only,
963 and some applications "depend" upon this behavior.
964 Since we do not have the power to recompile these, we
965 emulate the SVr4 behavior. Sigh. */
966 error = vm_mmap(NULL, 0, PAGE_SIZE, PROT_READ | PROT_EXEC,
967 MAP_FIXED | MAP_PRIVATE, 0);
972 * The ABI may specify that certain registers be set up in special
973 * ways (on i386 %edx is the address of a DT_FINI function, for
974 * example. In addition, it may also specify (eg, PowerPC64 ELF)
975 * that the e_entry field is the address of the function descriptor
976 * for the startup routine, rather than the address of the startup
977 * routine itself. This macro performs whatever initialization to
978 * the regs structure is required as well as any relocations to the
979 * function descriptor entries when executing dynamically links apps.
981 ELF_PLAT_INIT(regs, reloc_func_desc);
984 start_thread(regs, elf_entry, bprm->p);
993 allow_write_access(interpreter);
997 kfree(elf_interpreter);
1003 /* This is really simpleminded and specialized - we are loading an
1004 a.out library that is given an ELF header. */
1005 static int load_elf_library(struct file *file)
1007 struct elf_phdr *elf_phdata;
1008 struct elf_phdr *eppnt;
1009 unsigned long elf_bss, bss, len;
1010 int retval, error, i, j;
1011 struct elfhdr elf_ex;
1014 retval = kernel_read(file, 0, (char *)&elf_ex, sizeof(elf_ex));
1015 if (retval != sizeof(elf_ex))
1018 if (memcmp(elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
1021 /* First of all, some simple consistency checks */
1022 if (elf_ex.e_type != ET_EXEC || elf_ex.e_phnum > 2 ||
1023 !elf_check_arch(&elf_ex) || !file->f_op || !file->f_op->mmap)
1026 /* Now read in all of the header information */
1028 j = sizeof(struct elf_phdr) * elf_ex.e_phnum;
1029 /* j < ELF_MIN_ALIGN because elf_ex.e_phnum <= 2 */
1032 elf_phdata = kmalloc(j, GFP_KERNEL);
1038 retval = kernel_read(file, elf_ex.e_phoff, (char *)eppnt, j);
1042 for (j = 0, i = 0; i<elf_ex.e_phnum; i++)
1043 if ((eppnt + i)->p_type == PT_LOAD)
1048 while (eppnt->p_type != PT_LOAD)
1051 /* Now use mmap to map the library into memory. */
1052 error = vm_mmap(file,
1053 ELF_PAGESTART(eppnt->p_vaddr),
1055 ELF_PAGEOFFSET(eppnt->p_vaddr)),
1056 PROT_READ | PROT_WRITE | PROT_EXEC,
1057 MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE,
1059 ELF_PAGEOFFSET(eppnt->p_vaddr)));
1060 if (error != ELF_PAGESTART(eppnt->p_vaddr))
1063 elf_bss = eppnt->p_vaddr + eppnt->p_filesz;
1064 if (padzero(elf_bss)) {
1069 len = ELF_PAGESTART(eppnt->p_filesz + eppnt->p_vaddr +
1071 bss = eppnt->p_memsz + eppnt->p_vaddr;
1073 vm_brk(len, bss - len);
1082 #ifdef CONFIG_ELF_CORE
1086 * Modelled on fs/exec.c:aout_core_dump()
1087 * Jeremy Fitzhardinge <jeremy@sw.oz.au>
1091 * The purpose of always_dump_vma() is to make sure that special kernel mappings
1092 * that are useful for post-mortem analysis are included in every core dump.
1093 * In that way we ensure that the core dump is fully interpretable later
1094 * without matching up the same kernel and hardware config to see what PC values
1095 * meant. These special mappings include - vDSO, vsyscall, and other
1096 * architecture specific mappings
1098 static bool always_dump_vma(struct vm_area_struct *vma)
1100 /* Any vsyscall mappings? */
1101 if (vma == get_gate_vma(vma->vm_mm))
1104 * arch_vma_name() returns non-NULL for special architecture mappings,
1105 * such as vDSO sections.
1107 if (arch_vma_name(vma))
1114 * Decide what to dump of a segment, part, all or none.
1116 static unsigned long vma_dump_size(struct vm_area_struct *vma,
1117 unsigned long mm_flags)
1119 #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type))
1121 /* always dump the vdso and vsyscall sections */
1122 if (always_dump_vma(vma))
1125 if (vma->vm_flags & VM_DONTDUMP)
1128 /* Hugetlb memory check */
1129 if (vma->vm_flags & VM_HUGETLB) {
1130 if ((vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_SHARED))
1132 if (!(vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_PRIVATE))
1136 /* Do not dump I/O mapped devices or special mappings */
1137 if (vma->vm_flags & VM_IO)
1140 /* By default, dump shared memory if mapped from an anonymous file. */
1141 if (vma->vm_flags & VM_SHARED) {
1142 if (vma->vm_file->f_path.dentry->d_inode->i_nlink == 0 ?
1143 FILTER(ANON_SHARED) : FILTER(MAPPED_SHARED))
1148 /* Dump segments that have been written to. */
1149 if (vma->anon_vma && FILTER(ANON_PRIVATE))
1151 if (vma->vm_file == NULL)
1154 if (FILTER(MAPPED_PRIVATE))
1158 * If this looks like the beginning of a DSO or executable mapping,
1159 * check for an ELF header. If we find one, dump the first page to
1160 * aid in determining what was mapped here.
1162 if (FILTER(ELF_HEADERS) &&
1163 vma->vm_pgoff == 0 && (vma->vm_flags & VM_READ)) {
1164 u32 __user *header = (u32 __user *) vma->vm_start;
1166 mm_segment_t fs = get_fs();
1168 * Doing it this way gets the constant folded by GCC.
1172 char elfmag[SELFMAG];
1174 BUILD_BUG_ON(SELFMAG != sizeof word);
1175 magic.elfmag[EI_MAG0] = ELFMAG0;
1176 magic.elfmag[EI_MAG1] = ELFMAG1;
1177 magic.elfmag[EI_MAG2] = ELFMAG2;
1178 magic.elfmag[EI_MAG3] = ELFMAG3;
1180 * Switch to the user "segment" for get_user(),
1181 * then put back what elf_core_dump() had in place.
1184 if (unlikely(get_user(word, header)))
1187 if (word == magic.cmp)
1196 return vma->vm_end - vma->vm_start;
1199 /* An ELF note in memory */
1204 unsigned int datasz;
1208 static int notesize(struct memelfnote *en)
1212 sz = sizeof(struct elf_note);
1213 sz += roundup(strlen(en->name) + 1, 4);
1214 sz += roundup(en->datasz, 4);
1219 #define DUMP_WRITE(addr, nr, foffset) \
1220 do { if (!dump_write(file, (addr), (nr))) return 0; *foffset += (nr); } while(0)
1222 static int alignfile(struct file *file, loff_t *foffset)
1224 static const char buf[4] = { 0, };
1225 DUMP_WRITE(buf, roundup(*foffset, 4) - *foffset, foffset);
1229 static int writenote(struct memelfnote *men, struct file *file,
1233 en.n_namesz = strlen(men->name) + 1;
1234 en.n_descsz = men->datasz;
1235 en.n_type = men->type;
1237 DUMP_WRITE(&en, sizeof(en), foffset);
1238 DUMP_WRITE(men->name, en.n_namesz, foffset);
1239 if (!alignfile(file, foffset))
1241 DUMP_WRITE(men->data, men->datasz, foffset);
1242 if (!alignfile(file, foffset))
1249 static void fill_elf_header(struct elfhdr *elf, int segs,
1250 u16 machine, u32 flags, u8 osabi)
1252 memset(elf, 0, sizeof(*elf));
1254 memcpy(elf->e_ident, ELFMAG, SELFMAG);
1255 elf->e_ident[EI_CLASS] = ELF_CLASS;
1256 elf->e_ident[EI_DATA] = ELF_DATA;
1257 elf->e_ident[EI_VERSION] = EV_CURRENT;
1258 elf->e_ident[EI_OSABI] = ELF_OSABI;
1260 elf->e_type = ET_CORE;
1261 elf->e_machine = machine;
1262 elf->e_version = EV_CURRENT;
1263 elf->e_phoff = sizeof(struct elfhdr);
1264 elf->e_flags = flags;
1265 elf->e_ehsize = sizeof(struct elfhdr);
1266 elf->e_phentsize = sizeof(struct elf_phdr);
1267 elf->e_phnum = segs;
1272 static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, loff_t offset)
1274 phdr->p_type = PT_NOTE;
1275 phdr->p_offset = offset;
1278 phdr->p_filesz = sz;
1285 static void fill_note(struct memelfnote *note, const char *name, int type,
1286 unsigned int sz, void *data)
1296 * fill up all the fields in prstatus from the given task struct, except
1297 * registers which need to be filled up separately.
1299 static void fill_prstatus(struct elf_prstatus *prstatus,
1300 struct task_struct *p, long signr)
1302 prstatus->pr_info.si_signo = prstatus->pr_cursig = signr;
1303 prstatus->pr_sigpend = p->pending.signal.sig[0];
1304 prstatus->pr_sighold = p->blocked.sig[0];
1306 prstatus->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1308 prstatus->pr_pid = task_pid_vnr(p);
1309 prstatus->pr_pgrp = task_pgrp_vnr(p);
1310 prstatus->pr_sid = task_session_vnr(p);
1311 if (thread_group_leader(p)) {
1312 struct task_cputime cputime;
1315 * This is the record for the group leader. It shows the
1316 * group-wide total, not its individual thread total.
1318 thread_group_cputime(p, &cputime);
1319 cputime_to_timeval(cputime.utime, &prstatus->pr_utime);
1320 cputime_to_timeval(cputime.stime, &prstatus->pr_stime);
1322 cputime_to_timeval(p->utime, &prstatus->pr_utime);
1323 cputime_to_timeval(p->stime, &prstatus->pr_stime);
1325 cputime_to_timeval(p->signal->cutime, &prstatus->pr_cutime);
1326 cputime_to_timeval(p->signal->cstime, &prstatus->pr_cstime);
1329 static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p,
1330 struct mm_struct *mm)
1332 const struct cred *cred;
1333 unsigned int i, len;
1335 /* first copy the parameters from user space */
1336 memset(psinfo, 0, sizeof(struct elf_prpsinfo));
1338 len = mm->arg_end - mm->arg_start;
1339 if (len >= ELF_PRARGSZ)
1340 len = ELF_PRARGSZ-1;
1341 if (copy_from_user(&psinfo->pr_psargs,
1342 (const char __user *)mm->arg_start, len))
1344 for(i = 0; i < len; i++)
1345 if (psinfo->pr_psargs[i] == 0)
1346 psinfo->pr_psargs[i] = ' ';
1347 psinfo->pr_psargs[len] = 0;
1350 psinfo->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1352 psinfo->pr_pid = task_pid_vnr(p);
1353 psinfo->pr_pgrp = task_pgrp_vnr(p);
1354 psinfo->pr_sid = task_session_vnr(p);
1356 i = p->state ? ffz(~p->state) + 1 : 0;
1357 psinfo->pr_state = i;
1358 psinfo->pr_sname = (i > 5) ? '.' : "RSDTZW"[i];
1359 psinfo->pr_zomb = psinfo->pr_sname == 'Z';
1360 psinfo->pr_nice = task_nice(p);
1361 psinfo->pr_flag = p->flags;
1363 cred = __task_cred(p);
1364 SET_UID(psinfo->pr_uid, from_kuid_munged(cred->user_ns, cred->uid));
1365 SET_GID(psinfo->pr_gid, from_kgid_munged(cred->user_ns, cred->gid));
1367 strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname));
1372 static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
1374 elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
1378 while (auxv[i - 2] != AT_NULL);
1379 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
1382 static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata,
1385 mm_segment_t old_fs = get_fs();
1387 copy_siginfo_to_user((user_siginfo_t __user *) csigdata, siginfo);
1389 fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata);
1392 #define MAX_FILE_NOTE_SIZE (4*1024*1024)
1394 * Format of NT_FILE note:
1396 * long count -- how many files are mapped
1397 * long page_size -- units for file_ofs
1398 * array of [COUNT] elements of
1402 * followed by COUNT filenames in ASCII: "FILE1" NUL "FILE2" NUL...
1404 static void fill_files_note(struct memelfnote *note)
1406 struct vm_area_struct *vma;
1407 unsigned count, size, names_ofs, remaining, n;
1409 user_long_t *start_end_ofs;
1410 char *name_base, *name_curpos;
1412 /* *Estimated* file count and total data size needed */
1413 count = current->mm->map_count;
1416 names_ofs = (2 + 3 * count) * sizeof(data[0]);
1418 if (size >= MAX_FILE_NOTE_SIZE) /* paranoia check */
1420 size = round_up(size, PAGE_SIZE);
1421 data = vmalloc(size);
1425 start_end_ofs = data + 2;
1426 name_base = name_curpos = ((char *)data) + names_ofs;
1427 remaining = size - names_ofs;
1429 for (vma = current->mm->mmap; vma != NULL; vma = vma->vm_next) {
1431 const char *filename;
1433 file = vma->vm_file;
1436 filename = d_path(&file->f_path, name_curpos, remaining);
1437 if (IS_ERR(filename)) {
1438 if (PTR_ERR(filename) == -ENAMETOOLONG) {
1440 size = size * 5 / 4;
1446 /* d_path() fills at the end, move name down */
1447 /* n = strlen(filename) + 1: */
1448 n = (name_curpos + remaining) - filename;
1449 remaining = filename - name_curpos;
1450 memmove(name_curpos, filename, n);
1453 *start_end_ofs++ = vma->vm_start;
1454 *start_end_ofs++ = vma->vm_end;
1455 *start_end_ofs++ = vma->vm_pgoff;
1459 /* Now we know exact count of files, can store it */
1461 data[1] = PAGE_SIZE;
1463 * Count usually is less than current->mm->map_count,
1464 * we need to move filenames down.
1466 n = current->mm->map_count - count;
1468 unsigned shift_bytes = n * 3 * sizeof(data[0]);
1469 memmove(name_base - shift_bytes, name_base,
1470 name_curpos - name_base);
1471 name_curpos -= shift_bytes;
1474 size = name_curpos - (char *)data;
1475 fill_note(note, "CORE", NT_FILE, size, data);
1479 #ifdef CORE_DUMP_USE_REGSET
1480 #include <linux/regset.h>
1482 struct elf_thread_core_info {
1483 struct elf_thread_core_info *next;
1484 struct task_struct *task;
1485 struct elf_prstatus prstatus;
1486 struct memelfnote notes[0];
1489 struct elf_note_info {
1490 struct elf_thread_core_info *thread;
1491 struct memelfnote psinfo;
1492 struct memelfnote signote;
1493 struct memelfnote auxv;
1494 struct memelfnote files;
1495 user_siginfo_t csigdata;
1501 * When a regset has a writeback hook, we call it on each thread before
1502 * dumping user memory. On register window machines, this makes sure the
1503 * user memory backing the register data is up to date before we read it.
1505 static void do_thread_regset_writeback(struct task_struct *task,
1506 const struct user_regset *regset)
1508 if (regset->writeback)
1509 regset->writeback(task, regset, 1);
1513 #define PR_REG_SIZE(S) sizeof(S)
1516 #ifndef PRSTATUS_SIZE
1517 #define PRSTATUS_SIZE(S) sizeof(S)
1521 #define PR_REG_PTR(S) (&((S)->pr_reg))
1524 #ifndef SET_PR_FPVALID
1525 #define SET_PR_FPVALID(S, V) ((S)->pr_fpvalid = (V))
1528 static int fill_thread_core_info(struct elf_thread_core_info *t,
1529 const struct user_regset_view *view,
1530 long signr, size_t *total)
1535 * NT_PRSTATUS is the one special case, because the regset data
1536 * goes into the pr_reg field inside the note contents, rather
1537 * than being the whole note contents. We fill the reset in here.
1538 * We assume that regset 0 is NT_PRSTATUS.
1540 fill_prstatus(&t->prstatus, t->task, signr);
1541 (void) view->regsets[0].get(t->task, &view->regsets[0],
1542 0, PR_REG_SIZE(t->prstatus.pr_reg),
1543 PR_REG_PTR(&t->prstatus), NULL);
1545 fill_note(&t->notes[0], "CORE", NT_PRSTATUS,
1546 PRSTATUS_SIZE(t->prstatus), &t->prstatus);
1547 *total += notesize(&t->notes[0]);
1549 do_thread_regset_writeback(t->task, &view->regsets[0]);
1552 * Each other regset might generate a note too. For each regset
1553 * that has no core_note_type or is inactive, we leave t->notes[i]
1554 * all zero and we'll know to skip writing it later.
1556 for (i = 1; i < view->n; ++i) {
1557 const struct user_regset *regset = &view->regsets[i];
1558 do_thread_regset_writeback(t->task, regset);
1559 if (regset->core_note_type && regset->get &&
1560 (!regset->active || regset->active(t->task, regset))) {
1562 size_t size = regset->n * regset->size;
1563 void *data = kmalloc(size, GFP_KERNEL);
1564 if (unlikely(!data))
1566 ret = regset->get(t->task, regset,
1567 0, size, data, NULL);
1571 if (regset->core_note_type != NT_PRFPREG)
1572 fill_note(&t->notes[i], "LINUX",
1573 regset->core_note_type,
1576 SET_PR_FPVALID(&t->prstatus, 1);
1577 fill_note(&t->notes[i], "CORE",
1578 NT_PRFPREG, size, data);
1580 *total += notesize(&t->notes[i]);
1588 static int fill_note_info(struct elfhdr *elf, int phdrs,
1589 struct elf_note_info *info,
1590 siginfo_t *siginfo, struct pt_regs *regs)
1592 struct task_struct *dump_task = current;
1593 const struct user_regset_view *view = task_user_regset_view(dump_task);
1594 struct elf_thread_core_info *t;
1595 struct elf_prpsinfo *psinfo;
1596 struct core_thread *ct;
1600 info->thread = NULL;
1602 psinfo = kmalloc(sizeof(*psinfo), GFP_KERNEL);
1606 fill_note(&info->psinfo, "CORE", NT_PRPSINFO, sizeof(*psinfo), psinfo);
1609 * Figure out how many notes we're going to need for each thread.
1611 info->thread_notes = 0;
1612 for (i = 0; i < view->n; ++i)
1613 if (view->regsets[i].core_note_type != 0)
1614 ++info->thread_notes;
1617 * Sanity check. We rely on regset 0 being in NT_PRSTATUS,
1618 * since it is our one special case.
1620 if (unlikely(info->thread_notes == 0) ||
1621 unlikely(view->regsets[0].core_note_type != NT_PRSTATUS)) {
1627 * Initialize the ELF file header.
1629 fill_elf_header(elf, phdrs,
1630 view->e_machine, view->e_flags, view->ei_osabi);
1633 * Allocate a structure for each thread.
1635 for (ct = &dump_task->mm->core_state->dumper; ct; ct = ct->next) {
1636 t = kzalloc(offsetof(struct elf_thread_core_info,
1637 notes[info->thread_notes]),
1643 if (ct->task == dump_task || !info->thread) {
1644 t->next = info->thread;
1648 * Make sure to keep the original task at
1649 * the head of the list.
1651 t->next = info->thread->next;
1652 info->thread->next = t;
1657 * Now fill in each thread's information.
1659 for (t = info->thread; t != NULL; t = t->next)
1660 if (!fill_thread_core_info(t, view, siginfo->si_signo, &info->size))
1664 * Fill in the two process-wide notes.
1666 fill_psinfo(psinfo, dump_task->group_leader, dump_task->mm);
1667 info->size += notesize(&info->psinfo);
1669 fill_siginfo_note(&info->signote, &info->csigdata, siginfo);
1670 info->size += notesize(&info->signote);
1672 fill_auxv_note(&info->auxv, current->mm);
1673 info->size += notesize(&info->auxv);
1675 fill_files_note(&info->files);
1676 info->size += notesize(&info->files);
1681 static size_t get_note_info_size(struct elf_note_info *info)
1687 * Write all the notes for each thread. When writing the first thread, the
1688 * process-wide notes are interleaved after the first thread-specific note.
1690 static int write_note_info(struct elf_note_info *info,
1691 struct file *file, loff_t *foffset)
1694 struct elf_thread_core_info *t = info->thread;
1699 if (!writenote(&t->notes[0], file, foffset))
1702 if (first && !writenote(&info->psinfo, file, foffset))
1704 if (first && !writenote(&info->signote, file, foffset))
1706 if (first && !writenote(&info->auxv, file, foffset))
1708 if (first && !writenote(&info->files, file, foffset))
1711 for (i = 1; i < info->thread_notes; ++i)
1712 if (t->notes[i].data &&
1713 !writenote(&t->notes[i], file, foffset))
1723 static void free_note_info(struct elf_note_info *info)
1725 struct elf_thread_core_info *threads = info->thread;
1728 struct elf_thread_core_info *t = threads;
1730 WARN_ON(t->notes[0].data && t->notes[0].data != &t->prstatus);
1731 for (i = 1; i < info->thread_notes; ++i)
1732 kfree(t->notes[i].data);
1735 kfree(info->psinfo.data);
1736 vfree(info->files.data);
1741 /* Here is the structure in which status of each thread is captured. */
1742 struct elf_thread_status
1744 struct list_head list;
1745 struct elf_prstatus prstatus; /* NT_PRSTATUS */
1746 elf_fpregset_t fpu; /* NT_PRFPREG */
1747 struct task_struct *thread;
1748 #ifdef ELF_CORE_COPY_XFPREGS
1749 elf_fpxregset_t xfpu; /* ELF_CORE_XFPREG_TYPE */
1751 struct memelfnote notes[3];
1756 * In order to add the specific thread information for the elf file format,
1757 * we need to keep a linked list of every threads pr_status and then create
1758 * a single section for them in the final core file.
1760 static int elf_dump_thread_status(long signr, struct elf_thread_status *t)
1763 struct task_struct *p = t->thread;
1766 fill_prstatus(&t->prstatus, p, signr);
1767 elf_core_copy_task_regs(p, &t->prstatus.pr_reg);
1769 fill_note(&t->notes[0], "CORE", NT_PRSTATUS, sizeof(t->prstatus),
1772 sz += notesize(&t->notes[0]);
1774 if ((t->prstatus.pr_fpvalid = elf_core_copy_task_fpregs(p, NULL,
1776 fill_note(&t->notes[1], "CORE", NT_PRFPREG, sizeof(t->fpu),
1779 sz += notesize(&t->notes[1]);
1782 #ifdef ELF_CORE_COPY_XFPREGS
1783 if (elf_core_copy_task_xfpregs(p, &t->xfpu)) {
1784 fill_note(&t->notes[2], "LINUX", ELF_CORE_XFPREG_TYPE,
1785 sizeof(t->xfpu), &t->xfpu);
1787 sz += notesize(&t->notes[2]);
1793 struct elf_note_info {
1794 struct memelfnote *notes;
1795 struct elf_prstatus *prstatus; /* NT_PRSTATUS */
1796 struct elf_prpsinfo *psinfo; /* NT_PRPSINFO */
1797 struct list_head thread_list;
1798 elf_fpregset_t *fpu;
1799 #ifdef ELF_CORE_COPY_XFPREGS
1800 elf_fpxregset_t *xfpu;
1802 user_siginfo_t csigdata;
1803 int thread_status_size;
1807 static int elf_note_info_init(struct elf_note_info *info)
1809 memset(info, 0, sizeof(*info));
1810 INIT_LIST_HEAD(&info->thread_list);
1812 /* Allocate space for ELF notes */
1813 info->notes = kmalloc(8 * sizeof(struct memelfnote), GFP_KERNEL);
1816 info->psinfo = kmalloc(sizeof(*info->psinfo), GFP_KERNEL);
1819 info->prstatus = kmalloc(sizeof(*info->prstatus), GFP_KERNEL);
1820 if (!info->prstatus)
1822 info->fpu = kmalloc(sizeof(*info->fpu), GFP_KERNEL);
1825 #ifdef ELF_CORE_COPY_XFPREGS
1826 info->xfpu = kmalloc(sizeof(*info->xfpu), GFP_KERNEL);
1833 static int fill_note_info(struct elfhdr *elf, int phdrs,
1834 struct elf_note_info *info,
1835 siginfo_t *siginfo, struct pt_regs *regs)
1837 struct list_head *t;
1839 if (!elf_note_info_init(info))
1842 if (siginfo->si_signo) {
1843 struct core_thread *ct;
1844 struct elf_thread_status *ets;
1846 for (ct = current->mm->core_state->dumper.next;
1847 ct; ct = ct->next) {
1848 ets = kzalloc(sizeof(*ets), GFP_KERNEL);
1852 ets->thread = ct->task;
1853 list_add(&ets->list, &info->thread_list);
1856 list_for_each(t, &info->thread_list) {
1859 ets = list_entry(t, struct elf_thread_status, list);
1860 sz = elf_dump_thread_status(siginfo->si_signo, ets);
1861 info->thread_status_size += sz;
1864 /* now collect the dump for the current */
1865 memset(info->prstatus, 0, sizeof(*info->prstatus));
1866 fill_prstatus(info->prstatus, current, siginfo->si_signo);
1867 elf_core_copy_regs(&info->prstatus->pr_reg, regs);
1870 fill_elf_header(elf, phdrs, ELF_ARCH, ELF_CORE_EFLAGS, ELF_OSABI);
1873 * Set up the notes in similar form to SVR4 core dumps made
1874 * with info from their /proc.
1877 fill_note(info->notes + 0, "CORE", NT_PRSTATUS,
1878 sizeof(*info->prstatus), info->prstatus);
1879 fill_psinfo(info->psinfo, current->group_leader, current->mm);
1880 fill_note(info->notes + 1, "CORE", NT_PRPSINFO,
1881 sizeof(*info->psinfo), info->psinfo);
1883 fill_siginfo_note(info->notes + 2, &info->csigdata, siginfo);
1884 fill_auxv_note(info->notes + 3, current->mm);
1885 fill_files_note(info->notes + 4);
1889 /* Try to dump the FPU. */
1890 info->prstatus->pr_fpvalid = elf_core_copy_task_fpregs(current, regs,
1892 if (info->prstatus->pr_fpvalid)
1893 fill_note(info->notes + info->numnote++,
1894 "CORE", NT_PRFPREG, sizeof(*info->fpu), info->fpu);
1895 #ifdef ELF_CORE_COPY_XFPREGS
1896 if (elf_core_copy_task_xfpregs(current, info->xfpu))
1897 fill_note(info->notes + info->numnote++,
1898 "LINUX", ELF_CORE_XFPREG_TYPE,
1899 sizeof(*info->xfpu), info->xfpu);
1905 static size_t get_note_info_size(struct elf_note_info *info)
1910 for (i = 0; i < info->numnote; i++)
1911 sz += notesize(info->notes + i);
1913 sz += info->thread_status_size;
1918 static int write_note_info(struct elf_note_info *info,
1919 struct file *file, loff_t *foffset)
1922 struct list_head *t;
1924 for (i = 0; i < info->numnote; i++)
1925 if (!writenote(info->notes + i, file, foffset))
1928 /* write out the thread status notes section */
1929 list_for_each(t, &info->thread_list) {
1930 struct elf_thread_status *tmp =
1931 list_entry(t, struct elf_thread_status, list);
1933 for (i = 0; i < tmp->num_notes; i++)
1934 if (!writenote(&tmp->notes[i], file, foffset))
1941 static void free_note_info(struct elf_note_info *info)
1943 while (!list_empty(&info->thread_list)) {
1944 struct list_head *tmp = info->thread_list.next;
1946 kfree(list_entry(tmp, struct elf_thread_status, list));
1949 /* Free data allocated by fill_files_note(): */
1950 vfree(info->notes[4].data);
1952 kfree(info->prstatus);
1953 kfree(info->psinfo);
1956 #ifdef ELF_CORE_COPY_XFPREGS
1963 static struct vm_area_struct *first_vma(struct task_struct *tsk,
1964 struct vm_area_struct *gate_vma)
1966 struct vm_area_struct *ret = tsk->mm->mmap;
1973 * Helper function for iterating across a vma list. It ensures that the caller
1974 * will visit `gate_vma' prior to terminating the search.
1976 static struct vm_area_struct *next_vma(struct vm_area_struct *this_vma,
1977 struct vm_area_struct *gate_vma)
1979 struct vm_area_struct *ret;
1981 ret = this_vma->vm_next;
1984 if (this_vma == gate_vma)
1989 static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
1990 elf_addr_t e_shoff, int segs)
1992 elf->e_shoff = e_shoff;
1993 elf->e_shentsize = sizeof(*shdr4extnum);
1995 elf->e_shstrndx = SHN_UNDEF;
1997 memset(shdr4extnum, 0, sizeof(*shdr4extnum));
1999 shdr4extnum->sh_type = SHT_NULL;
2000 shdr4extnum->sh_size = elf->e_shnum;
2001 shdr4extnum->sh_link = elf->e_shstrndx;
2002 shdr4extnum->sh_info = segs;
2005 static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma,
2006 unsigned long mm_flags)
2008 struct vm_area_struct *vma;
2011 for (vma = first_vma(current, gate_vma); vma != NULL;
2012 vma = next_vma(vma, gate_vma))
2013 size += vma_dump_size(vma, mm_flags);
2020 * This is a two-pass process; first we find the offsets of the bits,
2021 * and then they are actually written out. If we run out of core limit
2024 static int elf_core_dump(struct coredump_params *cprm)
2030 struct vm_area_struct *vma, *gate_vma;
2031 struct elfhdr *elf = NULL;
2032 loff_t offset = 0, dataoff, foffset;
2033 struct elf_note_info info;
2034 struct elf_phdr *phdr4note = NULL;
2035 struct elf_shdr *shdr4extnum = NULL;
2040 * We no longer stop all VM operations.
2042 * This is because those proceses that could possibly change map_count
2043 * or the mmap / vma pages are now blocked in do_exit on current
2044 * finishing this core dump.
2046 * Only ptrace can touch these memory addresses, but it doesn't change
2047 * the map_count or the pages allocated. So no possibility of crashing
2048 * exists while dumping the mm->vm_next areas to the core file.
2051 /* alloc memory for large data structures: too large to be on stack */
2052 elf = kmalloc(sizeof(*elf), GFP_KERNEL);
2056 * The number of segs are recored into ELF header as 16bit value.
2057 * Please check DEFAULT_MAX_MAP_COUNT definition when you modify here.
2059 segs = current->mm->map_count;
2060 segs += elf_core_extra_phdrs();
2062 gate_vma = get_gate_vma(current->mm);
2063 if (gate_vma != NULL)
2066 /* for notes section */
2069 /* If segs > PN_XNUM(0xffff), then e_phnum overflows. To avoid
2070 * this, kernel supports extended numbering. Have a look at
2071 * include/linux/elf.h for further information. */
2072 e_phnum = segs > PN_XNUM ? PN_XNUM : segs;
2075 * Collect all the non-memory information about the process for the
2076 * notes. This also sets up the file header.
2078 if (!fill_note_info(elf, e_phnum, &info, cprm->siginfo, cprm->regs))
2082 current->flags |= PF_DUMPCORE;
2087 offset += sizeof(*elf); /* Elf header */
2088 offset += segs * sizeof(struct elf_phdr); /* Program headers */
2091 /* Write notes phdr entry */
2093 size_t sz = get_note_info_size(&info);
2095 sz += elf_coredump_extra_notes_size();
2097 phdr4note = kmalloc(sizeof(*phdr4note), GFP_KERNEL);
2101 fill_elf_note_phdr(phdr4note, sz, offset);
2105 dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
2107 offset += elf_core_vma_data_size(gate_vma, cprm->mm_flags);
2108 offset += elf_core_extra_data_size();
2111 if (e_phnum == PN_XNUM) {
2112 shdr4extnum = kmalloc(sizeof(*shdr4extnum), GFP_KERNEL);
2115 fill_extnum_info(elf, shdr4extnum, e_shoff, segs);
2120 size += sizeof(*elf);
2121 if (size > cprm->limit || !dump_write(cprm->file, elf, sizeof(*elf)))
2124 size += sizeof(*phdr4note);
2125 if (size > cprm->limit
2126 || !dump_write(cprm->file, phdr4note, sizeof(*phdr4note)))
2129 /* Write program headers for segments dump */
2130 for (vma = first_vma(current, gate_vma); vma != NULL;
2131 vma = next_vma(vma, gate_vma)) {
2132 struct elf_phdr phdr;
2134 phdr.p_type = PT_LOAD;
2135 phdr.p_offset = offset;
2136 phdr.p_vaddr = vma->vm_start;
2138 phdr.p_filesz = vma_dump_size(vma, cprm->mm_flags);
2139 phdr.p_memsz = vma->vm_end - vma->vm_start;
2140 offset += phdr.p_filesz;
2141 phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
2142 if (vma->vm_flags & VM_WRITE)
2143 phdr.p_flags |= PF_W;
2144 if (vma->vm_flags & VM_EXEC)
2145 phdr.p_flags |= PF_X;
2146 phdr.p_align = ELF_EXEC_PAGESIZE;
2148 size += sizeof(phdr);
2149 if (size > cprm->limit
2150 || !dump_write(cprm->file, &phdr, sizeof(phdr)))
2154 if (!elf_core_write_extra_phdrs(cprm->file, offset, &size, cprm->limit))
2157 /* write out the notes section */
2158 if (!write_note_info(&info, cprm->file, &foffset))
2161 if (elf_coredump_extra_notes_write(cprm->file, &foffset))
2165 if (!dump_seek(cprm->file, dataoff - foffset))
2168 for (vma = first_vma(current, gate_vma); vma != NULL;
2169 vma = next_vma(vma, gate_vma)) {
2173 end = vma->vm_start + vma_dump_size(vma, cprm->mm_flags);
2175 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
2179 page = get_dump_page(addr);
2181 void *kaddr = kmap(page);
2182 stop = ((size += PAGE_SIZE) > cprm->limit) ||
2183 !dump_write(cprm->file, kaddr,
2186 page_cache_release(page);
2188 stop = !dump_seek(cprm->file, PAGE_SIZE);
2194 if (!elf_core_write_extra_data(cprm->file, &size, cprm->limit))
2197 if (e_phnum == PN_XNUM) {
2198 size += sizeof(*shdr4extnum);
2199 if (size > cprm->limit
2200 || !dump_write(cprm->file, shdr4extnum,
2201 sizeof(*shdr4extnum)))
2209 free_note_info(&info);
2217 #endif /* CONFIG_ELF_CORE */
2219 static int __init init_elf_binfmt(void)
2221 register_binfmt(&elf_format);
2225 static void __exit exit_elf_binfmt(void)
2227 /* Remove the COFF and ELF loaders. */
2228 unregister_binfmt(&elf_format);
2231 core_initcall(init_elf_binfmt);
2232 module_exit(exit_elf_binfmt);
2233 MODULE_LICENSE("GPL");
git.openpandora.org / pandora-kernel.git / blob