2 * linux/fs/binfmt_elf.c
4 * These are the functions used to load ELF format executables as used
5 * on SVr4 machines. Information on the format may be found in the book
6 * "UNIX SYSTEM V RELEASE 4 Programmers Guide: Ansi C and Programming Support
9 * Copyright 1993, 1994: Eric Youngdale (ericy@cais.com).
12 #include <linux/module.h>
13 #include <linux/kernel.h>
16 #include <linux/mman.h>
17 #include <linux/errno.h>
18 #include <linux/signal.h>
19 #include <linux/binfmts.h>
20 #include <linux/string.h>
21 #include <linux/file.h>
22 #include <linux/slab.h>
23 #include <linux/personality.h>
24 #include <linux/elfcore.h>
25 #include <linux/init.h>
26 #include <linux/highuid.h>
27 #include <linux/compiler.h>
28 #include <linux/highmem.h>
29 #include <linux/pagemap.h>
30 #include <linux/security.h>
31 #include <linux/random.h>
32 #include <linux/elf.h>
33 #include <linux/utsname.h>
34 #include <linux/coredump.h>
35 #include <asm/uaccess.h>
36 #include <asm/param.h>
40 #ifndef user_siginfo_t
41 #define user_siginfo_t siginfo_t
44 static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs);
45 static int load_elf_library(struct file *);
46 static unsigned long elf_map(struct file *, unsigned long, struct elf_phdr *,
47 int, int, unsigned long);
50 * If we don't support core dumping, then supply a NULL so we
53 #ifdef CONFIG_ELF_CORE
54 static int elf_core_dump(struct coredump_params *cprm);
56 #define elf_core_dump NULL
59 #if ELF_EXEC_PAGESIZE > PAGE_SIZE
60 #define ELF_MIN_ALIGN ELF_EXEC_PAGESIZE
62 #define ELF_MIN_ALIGN PAGE_SIZE
65 #ifndef ELF_CORE_EFLAGS
66 #define ELF_CORE_EFLAGS 0
69 #define ELF_PAGESTART(_v) ((_v) & ~(unsigned long)(ELF_MIN_ALIGN-1))
70 #define ELF_PAGEOFFSET(_v) ((_v) & (ELF_MIN_ALIGN-1))
71 #define ELF_PAGEALIGN(_v) (((_v) + ELF_MIN_ALIGN - 1) & ~(ELF_MIN_ALIGN - 1))
73 static struct linux_binfmt elf_format = {
74 .module = THIS_MODULE,
75 .load_binary = load_elf_binary,
76 .load_shlib = load_elf_library,
77 .core_dump = elf_core_dump,
78 .min_coredump = ELF_EXEC_PAGESIZE,
81 #define BAD_ADDR(x) ((unsigned long)(x) >= TASK_SIZE)
83 static int set_brk(unsigned long start, unsigned long end)
85 start = ELF_PAGEALIGN(start);
86 end = ELF_PAGEALIGN(end);
89 addr = vm_brk(start, end - start);
93 current->mm->start_brk = current->mm->brk = end;
97 /* We need to explicitly zero any fractional pages
98 after the data section (i.e. bss). This would
99 contain the junk from the file that should not
102 static int padzero(unsigned long elf_bss)
106 nbyte = ELF_PAGEOFFSET(elf_bss);
108 nbyte = ELF_MIN_ALIGN - nbyte;
109 if (clear_user((void __user *) elf_bss, nbyte))
115 /* Let's use some macros to make this stack manipulation a little clearer */
116 #ifdef CONFIG_STACK_GROWSUP
117 #define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) + (items))
118 #define STACK_ROUND(sp, items) \
119 ((15 + (unsigned long) ((sp) + (items))) &~ 15UL)
120 #define STACK_ALLOC(sp, len) ({ \
121 elf_addr_t __user *old_sp = (elf_addr_t __user *)sp; sp += len; \
124 #define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) - (items))
125 #define STACK_ROUND(sp, items) \
126 (((unsigned long) (sp - items)) &~ 15UL)
127 #define STACK_ALLOC(sp, len) ({ sp -= len ; sp; })
130 #ifndef ELF_BASE_PLATFORM
132 * AT_BASE_PLATFORM indicates the "real" hardware/microarchitecture.
133 * If the arch defines ELF_BASE_PLATFORM (in asm/elf.h), the value
134 * will be copied to the user stack in the same manner as AT_PLATFORM.
136 #define ELF_BASE_PLATFORM NULL
140 create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
141 unsigned long load_addr, unsigned long interp_load_addr)
143 unsigned long p = bprm->p;
144 int argc = bprm->argc;
145 int envc = bprm->envc;
146 elf_addr_t __user *argv;
147 elf_addr_t __user *envp;
148 elf_addr_t __user *sp;
149 elf_addr_t __user *u_platform;
150 elf_addr_t __user *u_base_platform;
151 elf_addr_t __user *u_rand_bytes;
152 const char *k_platform = ELF_PLATFORM;
153 const char *k_base_platform = ELF_BASE_PLATFORM;
154 unsigned char k_rand_bytes[16];
156 elf_addr_t *elf_info;
158 const struct cred *cred = current_cred();
159 struct vm_area_struct *vma;
162 * In some cases (e.g. Hyper-Threading), we want to avoid L1
163 * evictions by the processes running on the same package. One
164 * thing we can do is to shuffle the initial stack for them.
167 p = arch_align_stack(p);
170 * If this architecture has a platform capability string, copy it
171 * to userspace. In some cases (Sparc), this info is impossible
172 * for userspace to get any other way, in others (i386) it is
177 size_t len = strlen(k_platform) + 1;
179 u_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
180 if (__copy_to_user(u_platform, k_platform, len))
185 * If this architecture has a "base" platform capability
186 * string, copy it to userspace.
188 u_base_platform = NULL;
189 if (k_base_platform) {
190 size_t len = strlen(k_base_platform) + 1;
192 u_base_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
193 if (__copy_to_user(u_base_platform, k_base_platform, len))
198 * Generate 16 random bytes for userspace PRNG seeding.
200 get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes));
201 u_rand_bytes = (elf_addr_t __user *)
202 STACK_ALLOC(p, sizeof(k_rand_bytes));
203 if (__copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes)))
206 /* Create the ELF interpreter info */
207 elf_info = (elf_addr_t *)current->mm->saved_auxv;
208 /* update AT_VECTOR_SIZE_BASE if the number of NEW_AUX_ENT() changes */
209 #define NEW_AUX_ENT(id, val) \
211 elf_info[ei_index++] = id; \
212 elf_info[ei_index++] = val; \
217 * ARCH_DLINFO must come first so PPC can do its special alignment of
219 * update AT_VECTOR_SIZE_ARCH if the number of NEW_AUX_ENT() in
220 * ARCH_DLINFO changes
224 NEW_AUX_ENT(AT_HWCAP, ELF_HWCAP);
225 NEW_AUX_ENT(AT_PAGESZ, ELF_EXEC_PAGESIZE);
226 NEW_AUX_ENT(AT_CLKTCK, CLOCKS_PER_SEC);
227 NEW_AUX_ENT(AT_PHDR, load_addr + exec->e_phoff);
228 NEW_AUX_ENT(AT_PHENT, sizeof(struct elf_phdr));
229 NEW_AUX_ENT(AT_PHNUM, exec->e_phnum);
230 NEW_AUX_ENT(AT_BASE, interp_load_addr);
231 NEW_AUX_ENT(AT_FLAGS, 0);
232 NEW_AUX_ENT(AT_ENTRY, exec->e_entry);
233 NEW_AUX_ENT(AT_UID, from_kuid_munged(cred->user_ns, cred->uid));
234 NEW_AUX_ENT(AT_EUID, from_kuid_munged(cred->user_ns, cred->euid));
235 NEW_AUX_ENT(AT_GID, from_kgid_munged(cred->user_ns, cred->gid));
236 NEW_AUX_ENT(AT_EGID, from_kgid_munged(cred->user_ns, cred->egid));
237 NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm));
238 NEW_AUX_ENT(AT_RANDOM, (elf_addr_t)(unsigned long)u_rand_bytes);
239 NEW_AUX_ENT(AT_EXECFN, bprm->exec);
241 NEW_AUX_ENT(AT_PLATFORM,
242 (elf_addr_t)(unsigned long)u_platform);
244 if (k_base_platform) {
245 NEW_AUX_ENT(AT_BASE_PLATFORM,
246 (elf_addr_t)(unsigned long)u_base_platform);
248 if (bprm->interp_flags & BINPRM_FLAGS_EXECFD) {
249 NEW_AUX_ENT(AT_EXECFD, bprm->interp_data);
252 /* AT_NULL is zero; clear the rest too */
253 memset(&elf_info[ei_index], 0,
254 sizeof current->mm->saved_auxv - ei_index * sizeof elf_info[0]);
256 /* And advance past the AT_NULL entry. */
259 sp = STACK_ADD(p, ei_index);
261 items = (argc + 1) + (envc + 1) + 1;
262 bprm->p = STACK_ROUND(sp, items);
264 /* Point sp at the lowest address on the stack */
265 #ifdef CONFIG_STACK_GROWSUP
266 sp = (elf_addr_t __user *)bprm->p - items - ei_index;
267 bprm->exec = (unsigned long)sp; /* XXX: PARISC HACK */
269 sp = (elf_addr_t __user *)bprm->p;
274 * Grow the stack manually; some architectures have a limit on how
275 * far ahead a user-space access may be in order to grow the stack.
277 vma = find_extend_vma(current->mm, bprm->p);
281 /* Now, let's put argc (and argv, envp if appropriate) on the stack */
282 if (__put_user(argc, sp++))
285 envp = argv + argc + 1;
287 /* Populate argv and envp */
288 p = current->mm->arg_end = current->mm->arg_start;
291 if (__put_user((elf_addr_t)p, argv++))
293 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
294 if (!len || len > MAX_ARG_STRLEN)
298 if (__put_user(0, argv))
300 current->mm->arg_end = current->mm->env_start = p;
303 if (__put_user((elf_addr_t)p, envp++))
305 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
306 if (!len || len > MAX_ARG_STRLEN)
310 if (__put_user(0, envp))
312 current->mm->env_end = p;
314 /* Put the elf_info on the stack in the right place. */
315 sp = (elf_addr_t __user *)envp + 1;
316 if (copy_to_user(sp, elf_info, ei_index * sizeof(elf_addr_t)))
321 static unsigned long elf_map(struct file *filep, unsigned long addr,
322 struct elf_phdr *eppnt, int prot, int type,
323 unsigned long total_size)
325 unsigned long map_addr;
326 unsigned long size = eppnt->p_filesz + ELF_PAGEOFFSET(eppnt->p_vaddr);
327 unsigned long off = eppnt->p_offset - ELF_PAGEOFFSET(eppnt->p_vaddr);
328 addr = ELF_PAGESTART(addr);
329 size = ELF_PAGEALIGN(size);
331 /* mmap() will return -EINVAL if given a zero size, but a
332 * segment with zero filesize is perfectly valid */
337 * total_size is the size of the ELF (interpreter) image.
338 * The _first_ mmap needs to know the full size, otherwise
339 * randomization might put this image into an overlapping
340 * position with the ELF binary image. (since size < total_size)
341 * So we first map the 'big' image - and unmap the remainder at
342 * the end. (which unmap is needed for ELF images with holes.)
345 total_size = ELF_PAGEALIGN(total_size);
346 map_addr = vm_mmap(filep, addr, total_size, prot, type, off);
347 if (!BAD_ADDR(map_addr))
348 vm_munmap(map_addr+size, total_size-size);
350 map_addr = vm_mmap(filep, addr, size, prot, type, off);
355 static unsigned long total_mapping_size(struct elf_phdr *cmds, int nr)
357 int i, first_idx = -1, last_idx = -1;
359 for (i = 0; i < nr; i++) {
360 if (cmds[i].p_type == PT_LOAD) {
369 return cmds[last_idx].p_vaddr + cmds[last_idx].p_memsz -
370 ELF_PAGESTART(cmds[first_idx].p_vaddr);
374 /* This is much more generalized than the library routine read function,
375 so we keep this separate. Technically the library read function
376 is only provided so that we can read a.out libraries that have
379 static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
380 struct file *interpreter, unsigned long *interp_map_addr,
381 unsigned long no_base)
383 struct elf_phdr *elf_phdata;
384 struct elf_phdr *eppnt;
385 unsigned long load_addr = 0;
386 int load_addr_set = 0;
387 unsigned long last_bss = 0, elf_bss = 0;
388 unsigned long error = ~0UL;
389 unsigned long total_size;
392 /* First of all, some simple consistency checks */
393 if (interp_elf_ex->e_type != ET_EXEC &&
394 interp_elf_ex->e_type != ET_DYN)
396 if (!elf_check_arch(interp_elf_ex))
398 if (!interpreter->f_op || !interpreter->f_op->mmap)
402 * If the size of this structure has changed, then punt, since
403 * we will be doing the wrong thing.
405 if (interp_elf_ex->e_phentsize != sizeof(struct elf_phdr))
407 if (interp_elf_ex->e_phnum < 1 ||
408 interp_elf_ex->e_phnum > 65536U / sizeof(struct elf_phdr))
411 /* Now read in all of the header information */
412 size = sizeof(struct elf_phdr) * interp_elf_ex->e_phnum;
413 if (size > ELF_MIN_ALIGN)
415 elf_phdata = kmalloc(size, GFP_KERNEL);
419 retval = kernel_read(interpreter, interp_elf_ex->e_phoff,
420 (char *)elf_phdata, size);
422 if (retval != size) {
428 total_size = total_mapping_size(elf_phdata, interp_elf_ex->e_phnum);
435 for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) {
436 if (eppnt->p_type == PT_LOAD) {
437 int elf_type = MAP_PRIVATE | MAP_DENYWRITE;
439 unsigned long vaddr = 0;
440 unsigned long k, map_addr;
442 if (eppnt->p_flags & PF_R)
443 elf_prot = PROT_READ;
444 if (eppnt->p_flags & PF_W)
445 elf_prot |= PROT_WRITE;
446 if (eppnt->p_flags & PF_X)
447 elf_prot |= PROT_EXEC;
448 vaddr = eppnt->p_vaddr;
449 if (interp_elf_ex->e_type == ET_EXEC || load_addr_set)
450 elf_type |= MAP_FIXED;
451 else if (no_base && interp_elf_ex->e_type == ET_DYN)
454 map_addr = elf_map(interpreter, load_addr + vaddr,
455 eppnt, elf_prot, elf_type, total_size);
457 if (!*interp_map_addr)
458 *interp_map_addr = map_addr;
460 if (BAD_ADDR(map_addr))
463 if (!load_addr_set &&
464 interp_elf_ex->e_type == ET_DYN) {
465 load_addr = map_addr - ELF_PAGESTART(vaddr);
470 * Check to see if the section's size will overflow the
471 * allowed task size. Note that p_filesz must always be
472 * <= p_memsize so it's only necessary to check p_memsz.
474 k = load_addr + eppnt->p_vaddr;
476 eppnt->p_filesz > eppnt->p_memsz ||
477 eppnt->p_memsz > TASK_SIZE ||
478 TASK_SIZE - eppnt->p_memsz < k) {
484 * Find the end of the file mapping for this phdr, and
485 * keep track of the largest address we see for this.
487 k = load_addr + eppnt->p_vaddr + eppnt->p_filesz;
492 * Do the same thing for the memory mapping - between
493 * elf_bss and last_bss is the bss section.
495 k = load_addr + eppnt->p_memsz + eppnt->p_vaddr;
501 if (last_bss > elf_bss) {
503 * Now fill out the bss section. First pad the last page up
504 * to the page boundary, and then perform a mmap to make sure
505 * that there are zero-mapped pages up to and including the
508 if (padzero(elf_bss)) {
513 /* What we have mapped so far */
514 elf_bss = ELF_PAGESTART(elf_bss + ELF_MIN_ALIGN - 1);
516 /* Map the last of the bss segment */
517 error = vm_brk(elf_bss, last_bss - elf_bss);
531 * These are the functions used to load ELF style executables and shared
532 * libraries. There is no binary dependent code anywhere else.
535 #define INTERPRETER_NONE 0
536 #define INTERPRETER_ELF 2
538 #ifndef STACK_RND_MASK
539 #define STACK_RND_MASK (0x7ff >> (PAGE_SHIFT - 12)) /* 8MB of VA */
542 static unsigned long randomize_stack_top(unsigned long stack_top)
544 unsigned int random_variable = 0;
546 if ((current->flags & PF_RANDOMIZE) &&
547 !(current->personality & ADDR_NO_RANDOMIZE)) {
548 random_variable = get_random_int() & STACK_RND_MASK;
549 random_variable <<= PAGE_SHIFT;
551 #ifdef CONFIG_STACK_GROWSUP
552 return PAGE_ALIGN(stack_top) + random_variable;
554 return PAGE_ALIGN(stack_top) - random_variable;
558 static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
560 struct file *interpreter = NULL; /* to shut gcc up */
561 unsigned long load_addr = 0, load_bias = 0;
562 int load_addr_set = 0;
563 char * elf_interpreter = NULL;
565 struct elf_phdr *elf_ppnt, *elf_phdata;
566 unsigned long elf_bss, elf_brk;
569 unsigned long elf_entry;
570 unsigned long interp_load_addr = 0;
571 unsigned long start_code, end_code, start_data, end_data;
572 unsigned long reloc_func_desc __maybe_unused = 0;
573 int executable_stack = EXSTACK_DEFAULT;
574 unsigned long def_flags = 0;
576 struct elfhdr elf_ex;
577 struct elfhdr interp_elf_ex;
580 loc = kmalloc(sizeof(*loc), GFP_KERNEL);
586 /* Get the exec-header */
587 loc->elf_ex = *((struct elfhdr *)bprm->buf);
590 /* First of all, some simple consistency checks */
591 if (memcmp(loc->elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
594 if (loc->elf_ex.e_type != ET_EXEC && loc->elf_ex.e_type != ET_DYN)
596 if (!elf_check_arch(&loc->elf_ex))
598 if (!bprm->file->f_op || !bprm->file->f_op->mmap)
601 /* Now read in all of the header information */
602 if (loc->elf_ex.e_phentsize != sizeof(struct elf_phdr))
604 if (loc->elf_ex.e_phnum < 1 ||
605 loc->elf_ex.e_phnum > 65536U / sizeof(struct elf_phdr))
607 size = loc->elf_ex.e_phnum * sizeof(struct elf_phdr);
609 elf_phdata = kmalloc(size, GFP_KERNEL);
613 retval = kernel_read(bprm->file, loc->elf_ex.e_phoff,
614 (char *)elf_phdata, size);
615 if (retval != size) {
621 elf_ppnt = elf_phdata;
630 for (i = 0; i < loc->elf_ex.e_phnum; i++) {
631 if (elf_ppnt->p_type == PT_INTERP) {
632 /* This is the program interpreter used for
633 * shared libraries - for now assume that this
634 * is an a.out format binary
637 if (elf_ppnt->p_filesz > PATH_MAX ||
638 elf_ppnt->p_filesz < 2)
642 elf_interpreter = kmalloc(elf_ppnt->p_filesz,
644 if (!elf_interpreter)
647 retval = kernel_read(bprm->file, elf_ppnt->p_offset,
650 if (retval != elf_ppnt->p_filesz) {
653 goto out_free_interp;
655 /* make sure path is NULL terminated */
657 if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0')
658 goto out_free_interp;
660 interpreter = open_exec(elf_interpreter);
661 retval = PTR_ERR(interpreter);
662 if (IS_ERR(interpreter))
663 goto out_free_interp;
666 * If the binary is not readable then enforce
667 * mm->dumpable = 0 regardless of the interpreter's
670 would_dump(bprm, interpreter);
672 retval = kernel_read(interpreter, 0, bprm->buf,
674 if (retval != BINPRM_BUF_SIZE) {
677 goto out_free_dentry;
680 /* Get the exec headers */
681 loc->interp_elf_ex = *((struct elfhdr *)bprm->buf);
687 elf_ppnt = elf_phdata;
688 for (i = 0; i < loc->elf_ex.e_phnum; i++, elf_ppnt++)
689 if (elf_ppnt->p_type == PT_GNU_STACK) {
690 if (elf_ppnt->p_flags & PF_X)
691 executable_stack = EXSTACK_ENABLE_X;
693 executable_stack = EXSTACK_DISABLE_X;
697 /* Some simple consistency checks for the interpreter */
698 if (elf_interpreter) {
700 /* Not an ELF interpreter */
701 if (memcmp(loc->interp_elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
702 goto out_free_dentry;
703 /* Verify the interpreter has a valid arch */
704 if (!elf_check_arch(&loc->interp_elf_ex))
705 goto out_free_dentry;
708 /* Flush all traces of the currently running executable */
709 retval = flush_old_exec(bprm);
711 goto out_free_dentry;
713 /* OK, This is the point of no return */
714 current->mm->def_flags = def_flags;
716 /* Do this immediately, since STACK_TOP as used in setup_arg_pages
717 may depend on the personality. */
718 SET_PERSONALITY(loc->elf_ex);
719 if (elf_read_implies_exec(loc->elf_ex, executable_stack))
720 current->personality |= READ_IMPLIES_EXEC;
722 if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
723 current->flags |= PF_RANDOMIZE;
725 setup_new_exec(bprm);
727 /* Do this so that we can load the interpreter, if need be. We will
728 change some of these later */
729 current->mm->free_area_cache = current->mm->mmap_base;
730 current->mm->cached_hole_size = 0;
731 retval = setup_arg_pages(bprm, randomize_stack_top(STACK_TOP),
734 send_sig(SIGKILL, current, 0);
735 goto out_free_dentry;
738 current->mm->start_stack = bprm->p;
740 /* Now we do a little grungy work by mmapping the ELF image into
741 the correct location in memory. */
742 for(i = 0, elf_ppnt = elf_phdata;
743 i < loc->elf_ex.e_phnum; i++, elf_ppnt++) {
744 int elf_prot = 0, elf_flags;
745 unsigned long k, vaddr;
747 if (elf_ppnt->p_type != PT_LOAD)
750 if (unlikely (elf_brk > elf_bss)) {
753 /* There was a PT_LOAD segment with p_memsz > p_filesz
754 before this one. Map anonymous pages, if needed,
755 and clear the area. */
756 retval = set_brk(elf_bss + load_bias,
757 elf_brk + load_bias);
759 send_sig(SIGKILL, current, 0);
760 goto out_free_dentry;
762 nbyte = ELF_PAGEOFFSET(elf_bss);
764 nbyte = ELF_MIN_ALIGN - nbyte;
765 if (nbyte > elf_brk - elf_bss)
766 nbyte = elf_brk - elf_bss;
767 if (clear_user((void __user *)elf_bss +
770 * This bss-zeroing can fail if the ELF
771 * file specifies odd protections. So
772 * we don't check the return value
778 if (elf_ppnt->p_flags & PF_R)
779 elf_prot |= PROT_READ;
780 if (elf_ppnt->p_flags & PF_W)
781 elf_prot |= PROT_WRITE;
782 if (elf_ppnt->p_flags & PF_X)
783 elf_prot |= PROT_EXEC;
785 elf_flags = MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE;
787 vaddr = elf_ppnt->p_vaddr;
788 if (loc->elf_ex.e_type == ET_EXEC || load_addr_set) {
789 elf_flags |= MAP_FIXED;
790 } else if (loc->elf_ex.e_type == ET_DYN) {
791 /* Try and get dynamic programs out of the way of the
792 * default mmap base, as well as whatever program they
793 * might try to exec. This is because the brk will
794 * follow the loader, and is not movable. */
795 #ifdef CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE
796 /* Memory randomization might have been switched off
797 * in runtime via sysctl.
798 * If that is the case, retain the original non-zero
799 * load_bias value in order to establish proper
800 * non-randomized mappings.
802 if (current->flags & PF_RANDOMIZE)
805 load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
807 load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
811 error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
812 elf_prot, elf_flags, 0);
813 if (BAD_ADDR(error)) {
814 send_sig(SIGKILL, current, 0);
815 retval = IS_ERR((void *)error) ?
816 PTR_ERR((void*)error) : -EINVAL;
817 goto out_free_dentry;
820 if (!load_addr_set) {
822 load_addr = (elf_ppnt->p_vaddr - elf_ppnt->p_offset);
823 if (loc->elf_ex.e_type == ET_DYN) {
825 ELF_PAGESTART(load_bias + vaddr);
826 load_addr += load_bias;
827 reloc_func_desc = load_bias;
830 k = elf_ppnt->p_vaddr;
837 * Check to see if the section's size will overflow the
838 * allowed task size. Note that p_filesz must always be
839 * <= p_memsz so it is only necessary to check p_memsz.
841 if (BAD_ADDR(k) || elf_ppnt->p_filesz > elf_ppnt->p_memsz ||
842 elf_ppnt->p_memsz > TASK_SIZE ||
843 TASK_SIZE - elf_ppnt->p_memsz < k) {
844 /* set_brk can never work. Avoid overflows. */
845 send_sig(SIGKILL, current, 0);
847 goto out_free_dentry;
850 k = elf_ppnt->p_vaddr + elf_ppnt->p_filesz;
854 if ((elf_ppnt->p_flags & PF_X) && end_code < k)
858 k = elf_ppnt->p_vaddr + elf_ppnt->p_memsz;
863 loc->elf_ex.e_entry += load_bias;
864 elf_bss += load_bias;
865 elf_brk += load_bias;
866 start_code += load_bias;
867 end_code += load_bias;
868 start_data += load_bias;
869 end_data += load_bias;
871 /* Calling set_brk effectively mmaps the pages that we need
872 * for the bss and break sections. We must do this before
873 * mapping in the interpreter, to make sure it doesn't wind
874 * up getting placed where the bss needs to go.
876 retval = set_brk(elf_bss, elf_brk);
878 send_sig(SIGKILL, current, 0);
879 goto out_free_dentry;
881 if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
882 send_sig(SIGSEGV, current, 0);
883 retval = -EFAULT; /* Nobody gets to see this, but.. */
884 goto out_free_dentry;
887 if (elf_interpreter) {
888 unsigned long interp_map_addr = 0;
890 elf_entry = load_elf_interp(&loc->interp_elf_ex,
894 if (!IS_ERR((void *)elf_entry)) {
896 * load_elf_interp() returns relocation
899 interp_load_addr = elf_entry;
900 elf_entry += loc->interp_elf_ex.e_entry;
902 if (BAD_ADDR(elf_entry)) {
903 force_sig(SIGSEGV, current);
904 retval = IS_ERR((void *)elf_entry) ?
905 (int)elf_entry : -EINVAL;
906 goto out_free_dentry;
908 reloc_func_desc = interp_load_addr;
910 allow_write_access(interpreter);
912 kfree(elf_interpreter);
914 elf_entry = loc->elf_ex.e_entry;
915 if (BAD_ADDR(elf_entry)) {
916 force_sig(SIGSEGV, current);
918 goto out_free_dentry;
924 set_binfmt(&elf_format);
926 #ifdef ARCH_HAS_SETUP_ADDITIONAL_PAGES
927 retval = arch_setup_additional_pages(bprm, !!elf_interpreter);
929 send_sig(SIGKILL, current, 0);
932 #endif /* ARCH_HAS_SETUP_ADDITIONAL_PAGES */
934 install_exec_creds(bprm);
935 retval = create_elf_tables(bprm, &loc->elf_ex,
936 load_addr, interp_load_addr);
938 send_sig(SIGKILL, current, 0);
941 /* N.B. passed_fileno might not be initialized? */
942 current->mm->end_code = end_code;
943 current->mm->start_code = start_code;
944 current->mm->start_data = start_data;
945 current->mm->end_data = end_data;
946 current->mm->start_stack = bprm->p;
948 #ifdef arch_randomize_brk
949 if ((current->flags & PF_RANDOMIZE) && (randomize_va_space > 1)) {
950 current->mm->brk = current->mm->start_brk =
951 arch_randomize_brk(current->mm);
952 #ifdef CONFIG_COMPAT_BRK
953 current->brk_randomized = 1;
958 if (current->personality & MMAP_PAGE_ZERO) {
959 /* Why this, you ask??? Well SVr4 maps page 0 as read-only,
960 and some applications "depend" upon this behavior.
961 Since we do not have the power to recompile these, we
962 emulate the SVr4 behavior. Sigh. */
963 error = vm_mmap(NULL, 0, PAGE_SIZE, PROT_READ | PROT_EXEC,
964 MAP_FIXED | MAP_PRIVATE, 0);
969 * The ABI may specify that certain registers be set up in special
970 * ways (on i386 %edx is the address of a DT_FINI function, for
971 * example. In addition, it may also specify (eg, PowerPC64 ELF)
972 * that the e_entry field is the address of the function descriptor
973 * for the startup routine, rather than the address of the startup
974 * routine itself. This macro performs whatever initialization to
975 * the regs structure is required as well as any relocations to the
976 * function descriptor entries when executing dynamically links apps.
978 ELF_PLAT_INIT(regs, reloc_func_desc);
981 start_thread(regs, elf_entry, bprm->p);
990 allow_write_access(interpreter);
994 kfree(elf_interpreter);
1000 /* This is really simpleminded and specialized - we are loading an
1001 a.out library that is given an ELF header. */
1002 static int load_elf_library(struct file *file)
1004 struct elf_phdr *elf_phdata;
1005 struct elf_phdr *eppnt;
1006 unsigned long elf_bss, bss, len;
1007 int retval, error, i, j;
1008 struct elfhdr elf_ex;
1011 retval = kernel_read(file, 0, (char *)&elf_ex, sizeof(elf_ex));
1012 if (retval != sizeof(elf_ex))
1015 if (memcmp(elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
1018 /* First of all, some simple consistency checks */
1019 if (elf_ex.e_type != ET_EXEC || elf_ex.e_phnum > 2 ||
1020 !elf_check_arch(&elf_ex) || !file->f_op || !file->f_op->mmap)
1023 /* Now read in all of the header information */
1025 j = sizeof(struct elf_phdr) * elf_ex.e_phnum;
1026 /* j < ELF_MIN_ALIGN because elf_ex.e_phnum <= 2 */
1029 elf_phdata = kmalloc(j, GFP_KERNEL);
1035 retval = kernel_read(file, elf_ex.e_phoff, (char *)eppnt, j);
1039 for (j = 0, i = 0; i<elf_ex.e_phnum; i++)
1040 if ((eppnt + i)->p_type == PT_LOAD)
1045 while (eppnt->p_type != PT_LOAD)
1048 /* Now use mmap to map the library into memory. */
1049 error = vm_mmap(file,
1050 ELF_PAGESTART(eppnt->p_vaddr),
1052 ELF_PAGEOFFSET(eppnt->p_vaddr)),
1053 PROT_READ | PROT_WRITE | PROT_EXEC,
1054 MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE,
1056 ELF_PAGEOFFSET(eppnt->p_vaddr)));
1057 if (error != ELF_PAGESTART(eppnt->p_vaddr))
1060 elf_bss = eppnt->p_vaddr + eppnt->p_filesz;
1061 if (padzero(elf_bss)) {
1066 len = ELF_PAGESTART(eppnt->p_filesz + eppnt->p_vaddr +
1068 bss = eppnt->p_memsz + eppnt->p_vaddr;
1070 vm_brk(len, bss - len);
1079 #ifdef CONFIG_ELF_CORE
1083 * Modelled on fs/exec.c:aout_core_dump()
1084 * Jeremy Fitzhardinge <jeremy@sw.oz.au>
1088 * The purpose of always_dump_vma() is to make sure that special kernel mappings
1089 * that are useful for post-mortem analysis are included in every core dump.
1090 * In that way we ensure that the core dump is fully interpretable later
1091 * without matching up the same kernel and hardware config to see what PC values
1092 * meant. These special mappings include - vDSO, vsyscall, and other
1093 * architecture specific mappings
1095 static bool always_dump_vma(struct vm_area_struct *vma)
1097 /* Any vsyscall mappings? */
1098 if (vma == get_gate_vma(vma->vm_mm))
1101 * arch_vma_name() returns non-NULL for special architecture mappings,
1102 * such as vDSO sections.
1104 if (arch_vma_name(vma))
1111 * Decide what to dump of a segment, part, all or none.
1113 static unsigned long vma_dump_size(struct vm_area_struct *vma,
1114 unsigned long mm_flags)
1116 #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type))
1118 /* always dump the vdso and vsyscall sections */
1119 if (always_dump_vma(vma))
1122 if (vma->vm_flags & VM_NODUMP)
1125 /* Hugetlb memory check */
1126 if (vma->vm_flags & VM_HUGETLB) {
1127 if ((vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_SHARED))
1129 if (!(vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_PRIVATE))
1133 /* Do not dump I/O mapped devices or special mappings */
1134 if (vma->vm_flags & (VM_IO | VM_RESERVED))
1137 /* By default, dump shared memory if mapped from an anonymous file. */
1138 if (vma->vm_flags & VM_SHARED) {
1139 if (vma->vm_file->f_path.dentry->d_inode->i_nlink == 0 ?
1140 FILTER(ANON_SHARED) : FILTER(MAPPED_SHARED))
1145 /* Dump segments that have been written to. */
1146 if (vma->anon_vma && FILTER(ANON_PRIVATE))
1148 if (vma->vm_file == NULL)
1151 if (FILTER(MAPPED_PRIVATE))
1155 * If this looks like the beginning of a DSO or executable mapping,
1156 * check for an ELF header. If we find one, dump the first page to
1157 * aid in determining what was mapped here.
1159 if (FILTER(ELF_HEADERS) &&
1160 vma->vm_pgoff == 0 && (vma->vm_flags & VM_READ)) {
1161 u32 __user *header = (u32 __user *) vma->vm_start;
1163 mm_segment_t fs = get_fs();
1165 * Doing it this way gets the constant folded by GCC.
1169 char elfmag[SELFMAG];
1171 BUILD_BUG_ON(SELFMAG != sizeof word);
1172 magic.elfmag[EI_MAG0] = ELFMAG0;
1173 magic.elfmag[EI_MAG1] = ELFMAG1;
1174 magic.elfmag[EI_MAG2] = ELFMAG2;
1175 magic.elfmag[EI_MAG3] = ELFMAG3;
1177 * Switch to the user "segment" for get_user(),
1178 * then put back what elf_core_dump() had in place.
1181 if (unlikely(get_user(word, header)))
1184 if (word == magic.cmp)
1193 return vma->vm_end - vma->vm_start;
1196 /* An ELF note in memory */
1201 unsigned int datasz;
1205 static int notesize(struct memelfnote *en)
1209 sz = sizeof(struct elf_note);
1210 sz += roundup(strlen(en->name) + 1, 4);
1211 sz += roundup(en->datasz, 4);
1216 #define DUMP_WRITE(addr, nr, foffset) \
1217 do { if (!dump_write(file, (addr), (nr))) return 0; *foffset += (nr); } while(0)
1219 static int alignfile(struct file *file, loff_t *foffset)
1221 static const char buf[4] = { 0, };
1222 DUMP_WRITE(buf, roundup(*foffset, 4) - *foffset, foffset);
1226 static int writenote(struct memelfnote *men, struct file *file,
1230 en.n_namesz = strlen(men->name) + 1;
1231 en.n_descsz = men->datasz;
1232 en.n_type = men->type;
1234 DUMP_WRITE(&en, sizeof(en), foffset);
1235 DUMP_WRITE(men->name, en.n_namesz, foffset);
1236 if (!alignfile(file, foffset))
1238 DUMP_WRITE(men->data, men->datasz, foffset);
1239 if (!alignfile(file, foffset))
1246 static void fill_elf_header(struct elfhdr *elf, int segs,
1247 u16 machine, u32 flags, u8 osabi)
1249 memset(elf, 0, sizeof(*elf));
1251 memcpy(elf->e_ident, ELFMAG, SELFMAG);
1252 elf->e_ident[EI_CLASS] = ELF_CLASS;
1253 elf->e_ident[EI_DATA] = ELF_DATA;
1254 elf->e_ident[EI_VERSION] = EV_CURRENT;
1255 elf->e_ident[EI_OSABI] = ELF_OSABI;
1257 elf->e_type = ET_CORE;
1258 elf->e_machine = machine;
1259 elf->e_version = EV_CURRENT;
1260 elf->e_phoff = sizeof(struct elfhdr);
1261 elf->e_flags = flags;
1262 elf->e_ehsize = sizeof(struct elfhdr);
1263 elf->e_phentsize = sizeof(struct elf_phdr);
1264 elf->e_phnum = segs;
1269 static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, loff_t offset)
1271 phdr->p_type = PT_NOTE;
1272 phdr->p_offset = offset;
1275 phdr->p_filesz = sz;
1282 static void fill_note(struct memelfnote *note, const char *name, int type,
1283 unsigned int sz, void *data)
1293 * fill up all the fields in prstatus from the given task struct, except
1294 * registers which need to be filled up separately.
1296 static void fill_prstatus(struct elf_prstatus *prstatus,
1297 struct task_struct *p, long signr)
1299 prstatus->pr_info.si_signo = prstatus->pr_cursig = signr;
1300 prstatus->pr_sigpend = p->pending.signal.sig[0];
1301 prstatus->pr_sighold = p->blocked.sig[0];
1303 prstatus->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1305 prstatus->pr_pid = task_pid_vnr(p);
1306 prstatus->pr_pgrp = task_pgrp_vnr(p);
1307 prstatus->pr_sid = task_session_vnr(p);
1308 if (thread_group_leader(p)) {
1309 struct task_cputime cputime;
1312 * This is the record for the group leader. It shows the
1313 * group-wide total, not its individual thread total.
1315 thread_group_cputime(p, &cputime);
1316 cputime_to_timeval(cputime.utime, &prstatus->pr_utime);
1317 cputime_to_timeval(cputime.stime, &prstatus->pr_stime);
1319 cputime_to_timeval(p->utime, &prstatus->pr_utime);
1320 cputime_to_timeval(p->stime, &prstatus->pr_stime);
1322 cputime_to_timeval(p->signal->cutime, &prstatus->pr_cutime);
1323 cputime_to_timeval(p->signal->cstime, &prstatus->pr_cstime);
1326 static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p,
1327 struct mm_struct *mm)
1329 const struct cred *cred;
1330 unsigned int i, len;
1332 /* first copy the parameters from user space */
1333 memset(psinfo, 0, sizeof(struct elf_prpsinfo));
1335 len = mm->arg_end - mm->arg_start;
1336 if (len >= ELF_PRARGSZ)
1337 len = ELF_PRARGSZ-1;
1338 if (copy_from_user(&psinfo->pr_psargs,
1339 (const char __user *)mm->arg_start, len))
1341 for(i = 0; i < len; i++)
1342 if (psinfo->pr_psargs[i] == 0)
1343 psinfo->pr_psargs[i] = ' ';
1344 psinfo->pr_psargs[len] = 0;
1347 psinfo->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1349 psinfo->pr_pid = task_pid_vnr(p);
1350 psinfo->pr_pgrp = task_pgrp_vnr(p);
1351 psinfo->pr_sid = task_session_vnr(p);
1353 i = p->state ? ffz(~p->state) + 1 : 0;
1354 psinfo->pr_state = i;
1355 psinfo->pr_sname = (i > 5) ? '.' : "RSDTZW"[i];
1356 psinfo->pr_zomb = psinfo->pr_sname == 'Z';
1357 psinfo->pr_nice = task_nice(p);
1358 psinfo->pr_flag = p->flags;
1360 cred = __task_cred(p);
1361 SET_UID(psinfo->pr_uid, from_kuid_munged(cred->user_ns, cred->uid));
1362 SET_GID(psinfo->pr_gid, from_kgid_munged(cred->user_ns, cred->gid));
1364 strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname));
1369 static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
1371 elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
1375 while (auxv[i - 2] != AT_NULL);
1376 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
1379 static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata,
1382 mm_segment_t old_fs = get_fs();
1384 copy_siginfo_to_user((user_siginfo_t __user *) csigdata, siginfo);
1386 fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata);
1389 #ifdef CORE_DUMP_USE_REGSET
1390 #include <linux/regset.h>
1392 struct elf_thread_core_info {
1393 struct elf_thread_core_info *next;
1394 struct task_struct *task;
1395 struct elf_prstatus prstatus;
1396 struct memelfnote notes[0];
1399 struct elf_note_info {
1400 struct elf_thread_core_info *thread;
1401 struct memelfnote psinfo;
1402 struct memelfnote signote;
1403 struct memelfnote auxv;
1404 user_siginfo_t csigdata;
1410 * When a regset has a writeback hook, we call it on each thread before
1411 * dumping user memory. On register window machines, this makes sure the
1412 * user memory backing the register data is up to date before we read it.
1414 static void do_thread_regset_writeback(struct task_struct *task,
1415 const struct user_regset *regset)
1417 if (regset->writeback)
1418 regset->writeback(task, regset, 1);
1422 #define PR_REG_SIZE(S) sizeof(S)
1425 #ifndef PRSTATUS_SIZE
1426 #define PRSTATUS_SIZE(S) sizeof(S)
1430 #define PR_REG_PTR(S) (&((S)->pr_reg))
1433 #ifndef SET_PR_FPVALID
1434 #define SET_PR_FPVALID(S, V) ((S)->pr_fpvalid = (V))
1437 static int fill_thread_core_info(struct elf_thread_core_info *t,
1438 const struct user_regset_view *view,
1439 long signr, size_t *total)
1444 * NT_PRSTATUS is the one special case, because the regset data
1445 * goes into the pr_reg field inside the note contents, rather
1446 * than being the whole note contents. We fill the reset in here.
1447 * We assume that regset 0 is NT_PRSTATUS.
1449 fill_prstatus(&t->prstatus, t->task, signr);
1450 (void) view->regsets[0].get(t->task, &view->regsets[0],
1451 0, PR_REG_SIZE(t->prstatus.pr_reg),
1452 PR_REG_PTR(&t->prstatus), NULL);
1454 fill_note(&t->notes[0], "CORE", NT_PRSTATUS,
1455 PRSTATUS_SIZE(t->prstatus), &t->prstatus);
1456 *total += notesize(&t->notes[0]);
1458 do_thread_regset_writeback(t->task, &view->regsets[0]);
1461 * Each other regset might generate a note too. For each regset
1462 * that has no core_note_type or is inactive, we leave t->notes[i]
1463 * all zero and we'll know to skip writing it later.
1465 for (i = 1; i < view->n; ++i) {
1466 const struct user_regset *regset = &view->regsets[i];
1467 do_thread_regset_writeback(t->task, regset);
1468 if (regset->core_note_type && regset->get &&
1469 (!regset->active || regset->active(t->task, regset))) {
1471 size_t size = regset->n * regset->size;
1472 void *data = kmalloc(size, GFP_KERNEL);
1473 if (unlikely(!data))
1475 ret = regset->get(t->task, regset,
1476 0, size, data, NULL);
1480 if (regset->core_note_type != NT_PRFPREG)
1481 fill_note(&t->notes[i], "LINUX",
1482 regset->core_note_type,
1485 SET_PR_FPVALID(&t->prstatus, 1);
1486 fill_note(&t->notes[i], "CORE",
1487 NT_PRFPREG, size, data);
1489 *total += notesize(&t->notes[i]);
1497 static int fill_note_info(struct elfhdr *elf, int phdrs,
1498 struct elf_note_info *info,
1499 siginfo_t *siginfo, struct pt_regs *regs)
1501 struct task_struct *dump_task = current;
1502 const struct user_regset_view *view = task_user_regset_view(dump_task);
1503 struct elf_thread_core_info *t;
1504 struct elf_prpsinfo *psinfo;
1505 struct core_thread *ct;
1509 info->thread = NULL;
1511 psinfo = kmalloc(sizeof(*psinfo), GFP_KERNEL);
1515 fill_note(&info->psinfo, "CORE", NT_PRPSINFO, sizeof(*psinfo), psinfo);
1518 * Figure out how many notes we're going to need for each thread.
1520 info->thread_notes = 0;
1521 for (i = 0; i < view->n; ++i)
1522 if (view->regsets[i].core_note_type != 0)
1523 ++info->thread_notes;
1526 * Sanity check. We rely on regset 0 being in NT_PRSTATUS,
1527 * since it is our one special case.
1529 if (unlikely(info->thread_notes == 0) ||
1530 unlikely(view->regsets[0].core_note_type != NT_PRSTATUS)) {
1536 * Initialize the ELF file header.
1538 fill_elf_header(elf, phdrs,
1539 view->e_machine, view->e_flags, view->ei_osabi);
1542 * Allocate a structure for each thread.
1544 for (ct = &dump_task->mm->core_state->dumper; ct; ct = ct->next) {
1545 t = kzalloc(offsetof(struct elf_thread_core_info,
1546 notes[info->thread_notes]),
1552 if (ct->task == dump_task || !info->thread) {
1553 t->next = info->thread;
1557 * Make sure to keep the original task at
1558 * the head of the list.
1560 t->next = info->thread->next;
1561 info->thread->next = t;
1566 * Now fill in each thread's information.
1568 for (t = info->thread; t != NULL; t = t->next)
1569 if (!fill_thread_core_info(t, view, siginfo->si_signo, &info->size))
1573 * Fill in the two process-wide notes.
1575 fill_psinfo(psinfo, dump_task->group_leader, dump_task->mm);
1576 info->size += notesize(&info->psinfo);
1578 fill_siginfo_note(&info->signote, &info->csigdata, siginfo);
1579 info->size += notesize(&info->signote);
1581 fill_auxv_note(&info->auxv, current->mm);
1582 info->size += notesize(&info->auxv);
1587 static size_t get_note_info_size(struct elf_note_info *info)
1593 * Write all the notes for each thread. When writing the first thread, the
1594 * process-wide notes are interleaved after the first thread-specific note.
1596 static int write_note_info(struct elf_note_info *info,
1597 struct file *file, loff_t *foffset)
1600 struct elf_thread_core_info *t = info->thread;
1605 if (!writenote(&t->notes[0], file, foffset))
1608 if (first && !writenote(&info->psinfo, file, foffset))
1610 if (first && !writenote(&info->signote, file, foffset))
1612 if (first && !writenote(&info->auxv, file, foffset))
1615 for (i = 1; i < info->thread_notes; ++i)
1616 if (t->notes[i].data &&
1617 !writenote(&t->notes[i], file, foffset))
1627 static void free_note_info(struct elf_note_info *info)
1629 struct elf_thread_core_info *threads = info->thread;
1632 struct elf_thread_core_info *t = threads;
1634 WARN_ON(t->notes[0].data && t->notes[0].data != &t->prstatus);
1635 for (i = 1; i < info->thread_notes; ++i)
1636 kfree(t->notes[i].data);
1639 kfree(info->psinfo.data);
1644 /* Here is the structure in which status of each thread is captured. */
1645 struct elf_thread_status
1647 struct list_head list;
1648 struct elf_prstatus prstatus; /* NT_PRSTATUS */
1649 elf_fpregset_t fpu; /* NT_PRFPREG */
1650 struct task_struct *thread;
1651 #ifdef ELF_CORE_COPY_XFPREGS
1652 elf_fpxregset_t xfpu; /* ELF_CORE_XFPREG_TYPE */
1654 struct memelfnote notes[3];
1659 * In order to add the specific thread information for the elf file format,
1660 * we need to keep a linked list of every threads pr_status and then create
1661 * a single section for them in the final core file.
1663 static int elf_dump_thread_status(long signr, struct elf_thread_status *t)
1666 struct task_struct *p = t->thread;
1669 fill_prstatus(&t->prstatus, p, signr);
1670 elf_core_copy_task_regs(p, &t->prstatus.pr_reg);
1672 fill_note(&t->notes[0], "CORE", NT_PRSTATUS, sizeof(t->prstatus),
1675 sz += notesize(&t->notes[0]);
1677 if ((t->prstatus.pr_fpvalid = elf_core_copy_task_fpregs(p, NULL,
1679 fill_note(&t->notes[1], "CORE", NT_PRFPREG, sizeof(t->fpu),
1682 sz += notesize(&t->notes[1]);
1685 #ifdef ELF_CORE_COPY_XFPREGS
1686 if (elf_core_copy_task_xfpregs(p, &t->xfpu)) {
1687 fill_note(&t->notes[2], "LINUX", ELF_CORE_XFPREG_TYPE,
1688 sizeof(t->xfpu), &t->xfpu);
1690 sz += notesize(&t->notes[2]);
1696 struct elf_note_info {
1697 struct memelfnote *notes;
1698 struct elf_prstatus *prstatus; /* NT_PRSTATUS */
1699 struct elf_prpsinfo *psinfo; /* NT_PRPSINFO */
1700 struct list_head thread_list;
1701 elf_fpregset_t *fpu;
1702 #ifdef ELF_CORE_COPY_XFPREGS
1703 elf_fpxregset_t *xfpu;
1705 user_siginfo_t csigdata;
1706 int thread_status_size;
1710 static int elf_note_info_init(struct elf_note_info *info)
1712 memset(info, 0, sizeof(*info));
1713 INIT_LIST_HEAD(&info->thread_list);
1715 /* Allocate space for ELF notes */
1716 info->notes = kmalloc(7 * sizeof(struct memelfnote), GFP_KERNEL);
1719 info->psinfo = kmalloc(sizeof(*info->psinfo), GFP_KERNEL);
1722 info->prstatus = kmalloc(sizeof(*info->prstatus), GFP_KERNEL);
1723 if (!info->prstatus)
1725 info->fpu = kmalloc(sizeof(*info->fpu), GFP_KERNEL);
1728 #ifdef ELF_CORE_COPY_XFPREGS
1729 info->xfpu = kmalloc(sizeof(*info->xfpu), GFP_KERNEL);
1736 static int fill_note_info(struct elfhdr *elf, int phdrs,
1737 struct elf_note_info *info,
1738 siginfo_t *siginfo, struct pt_regs *regs)
1740 struct list_head *t;
1742 if (!elf_note_info_init(info))
1745 if (siginfo->si_signo) {
1746 struct core_thread *ct;
1747 struct elf_thread_status *ets;
1749 for (ct = current->mm->core_state->dumper.next;
1750 ct; ct = ct->next) {
1751 ets = kzalloc(sizeof(*ets), GFP_KERNEL);
1755 ets->thread = ct->task;
1756 list_add(&ets->list, &info->thread_list);
1759 list_for_each(t, &info->thread_list) {
1762 ets = list_entry(t, struct elf_thread_status, list);
1763 sz = elf_dump_thread_status(siginfo->si_signo, ets);
1764 info->thread_status_size += sz;
1767 /* now collect the dump for the current */
1768 memset(info->prstatus, 0, sizeof(*info->prstatus));
1769 fill_prstatus(info->prstatus, current, siginfo->si_signo);
1770 elf_core_copy_regs(&info->prstatus->pr_reg, regs);
1773 fill_elf_header(elf, phdrs, ELF_ARCH, ELF_CORE_EFLAGS, ELF_OSABI);
1776 * Set up the notes in similar form to SVR4 core dumps made
1777 * with info from their /proc.
1780 fill_note(info->notes + 0, "CORE", NT_PRSTATUS,
1781 sizeof(*info->prstatus), info->prstatus);
1782 fill_psinfo(info->psinfo, current->group_leader, current->mm);
1783 fill_note(info->notes + 1, "CORE", NT_PRPSINFO,
1784 sizeof(*info->psinfo), info->psinfo);
1788 fill_siginfo_note(&info->notes[info->numnote++], &info->csigdata, siginfo);
1789 fill_auxv_note(&info->notes[info->numnote++], current->mm);
1791 /* Try to dump the FPU. */
1792 info->prstatus->pr_fpvalid = elf_core_copy_task_fpregs(current, regs,
1794 if (info->prstatus->pr_fpvalid)
1795 fill_note(info->notes + info->numnote++,
1796 "CORE", NT_PRFPREG, sizeof(*info->fpu), info->fpu);
1797 #ifdef ELF_CORE_COPY_XFPREGS
1798 if (elf_core_copy_task_xfpregs(current, info->xfpu))
1799 fill_note(info->notes + info->numnote++,
1800 "LINUX", ELF_CORE_XFPREG_TYPE,
1801 sizeof(*info->xfpu), info->xfpu);
1807 static size_t get_note_info_size(struct elf_note_info *info)
1812 for (i = 0; i < info->numnote; i++)
1813 sz += notesize(info->notes + i);
1815 sz += info->thread_status_size;
1820 static int write_note_info(struct elf_note_info *info,
1821 struct file *file, loff_t *foffset)
1824 struct list_head *t;
1826 for (i = 0; i < info->numnote; i++)
1827 if (!writenote(info->notes + i, file, foffset))
1830 /* write out the thread status notes section */
1831 list_for_each(t, &info->thread_list) {
1832 struct elf_thread_status *tmp =
1833 list_entry(t, struct elf_thread_status, list);
1835 for (i = 0; i < tmp->num_notes; i++)
1836 if (!writenote(&tmp->notes[i], file, foffset))
1843 static void free_note_info(struct elf_note_info *info)
1845 while (!list_empty(&info->thread_list)) {
1846 struct list_head *tmp = info->thread_list.next;
1848 kfree(list_entry(tmp, struct elf_thread_status, list));
1851 kfree(info->prstatus);
1852 kfree(info->psinfo);
1855 #ifdef ELF_CORE_COPY_XFPREGS
1862 static struct vm_area_struct *first_vma(struct task_struct *tsk,
1863 struct vm_area_struct *gate_vma)
1865 struct vm_area_struct *ret = tsk->mm->mmap;
1872 * Helper function for iterating across a vma list. It ensures that the caller
1873 * will visit `gate_vma' prior to terminating the search.
1875 static struct vm_area_struct *next_vma(struct vm_area_struct *this_vma,
1876 struct vm_area_struct *gate_vma)
1878 struct vm_area_struct *ret;
1880 ret = this_vma->vm_next;
1883 if (this_vma == gate_vma)
1888 static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
1889 elf_addr_t e_shoff, int segs)
1891 elf->e_shoff = e_shoff;
1892 elf->e_shentsize = sizeof(*shdr4extnum);
1894 elf->e_shstrndx = SHN_UNDEF;
1896 memset(shdr4extnum, 0, sizeof(*shdr4extnum));
1898 shdr4extnum->sh_type = SHT_NULL;
1899 shdr4extnum->sh_size = elf->e_shnum;
1900 shdr4extnum->sh_link = elf->e_shstrndx;
1901 shdr4extnum->sh_info = segs;
1904 static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma,
1905 unsigned long mm_flags)
1907 struct vm_area_struct *vma;
1910 for (vma = first_vma(current, gate_vma); vma != NULL;
1911 vma = next_vma(vma, gate_vma))
1912 size += vma_dump_size(vma, mm_flags);
1919 * This is a two-pass process; first we find the offsets of the bits,
1920 * and then they are actually written out. If we run out of core limit
1923 static int elf_core_dump(struct coredump_params *cprm)
1929 struct vm_area_struct *vma, *gate_vma;
1930 struct elfhdr *elf = NULL;
1931 loff_t offset = 0, dataoff, foffset;
1932 struct elf_note_info info;
1933 struct elf_phdr *phdr4note = NULL;
1934 struct elf_shdr *shdr4extnum = NULL;
1939 * We no longer stop all VM operations.
1941 * This is because those proceses that could possibly change map_count
1942 * or the mmap / vma pages are now blocked in do_exit on current
1943 * finishing this core dump.
1945 * Only ptrace can touch these memory addresses, but it doesn't change
1946 * the map_count or the pages allocated. So no possibility of crashing
1947 * exists while dumping the mm->vm_next areas to the core file.
1950 /* alloc memory for large data structures: too large to be on stack */
1951 elf = kmalloc(sizeof(*elf), GFP_KERNEL);
1955 * The number of segs are recored into ELF header as 16bit value.
1956 * Please check DEFAULT_MAX_MAP_COUNT definition when you modify here.
1958 segs = current->mm->map_count;
1959 segs += elf_core_extra_phdrs();
1961 gate_vma = get_gate_vma(current->mm);
1962 if (gate_vma != NULL)
1965 /* for notes section */
1968 /* If segs > PN_XNUM(0xffff), then e_phnum overflows. To avoid
1969 * this, kernel supports extended numbering. Have a look at
1970 * include/linux/elf.h for further information. */
1971 e_phnum = segs > PN_XNUM ? PN_XNUM : segs;
1974 * Collect all the non-memory information about the process for the
1975 * notes. This also sets up the file header.
1977 if (!fill_note_info(elf, e_phnum, &info, cprm->siginfo, cprm->regs))
1981 current->flags |= PF_DUMPCORE;
1986 offset += sizeof(*elf); /* Elf header */
1987 offset += segs * sizeof(struct elf_phdr); /* Program headers */
1990 /* Write notes phdr entry */
1992 size_t sz = get_note_info_size(&info);
1994 sz += elf_coredump_extra_notes_size();
1996 phdr4note = kmalloc(sizeof(*phdr4note), GFP_KERNEL);
2000 fill_elf_note_phdr(phdr4note, sz, offset);
2004 dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
2006 offset += elf_core_vma_data_size(gate_vma, cprm->mm_flags);
2007 offset += elf_core_extra_data_size();
2010 if (e_phnum == PN_XNUM) {
2011 shdr4extnum = kmalloc(sizeof(*shdr4extnum), GFP_KERNEL);
2014 fill_extnum_info(elf, shdr4extnum, e_shoff, segs);
2019 size += sizeof(*elf);
2020 if (size > cprm->limit || !dump_write(cprm->file, elf, sizeof(*elf)))
2023 size += sizeof(*phdr4note);
2024 if (size > cprm->limit
2025 || !dump_write(cprm->file, phdr4note, sizeof(*phdr4note)))
2028 /* Write program headers for segments dump */
2029 for (vma = first_vma(current, gate_vma); vma != NULL;
2030 vma = next_vma(vma, gate_vma)) {
2031 struct elf_phdr phdr;
2033 phdr.p_type = PT_LOAD;
2034 phdr.p_offset = offset;
2035 phdr.p_vaddr = vma->vm_start;
2037 phdr.p_filesz = vma_dump_size(vma, cprm->mm_flags);
2038 phdr.p_memsz = vma->vm_end - vma->vm_start;
2039 offset += phdr.p_filesz;
2040 phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
2041 if (vma->vm_flags & VM_WRITE)
2042 phdr.p_flags |= PF_W;
2043 if (vma->vm_flags & VM_EXEC)
2044 phdr.p_flags |= PF_X;
2045 phdr.p_align = ELF_EXEC_PAGESIZE;
2047 size += sizeof(phdr);
2048 if (size > cprm->limit
2049 || !dump_write(cprm->file, &phdr, sizeof(phdr)))
2053 if (!elf_core_write_extra_phdrs(cprm->file, offset, &size, cprm->limit))
2056 /* write out the notes section */
2057 if (!write_note_info(&info, cprm->file, &foffset))
2060 if (elf_coredump_extra_notes_write(cprm->file, &foffset))
2064 if (!dump_seek(cprm->file, dataoff - foffset))
2067 for (vma = first_vma(current, gate_vma); vma != NULL;
2068 vma = next_vma(vma, gate_vma)) {
2072 end = vma->vm_start + vma_dump_size(vma, cprm->mm_flags);
2074 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
2078 page = get_dump_page(addr);
2080 void *kaddr = kmap(page);
2081 stop = ((size += PAGE_SIZE) > cprm->limit) ||
2082 !dump_write(cprm->file, kaddr,
2085 page_cache_release(page);
2087 stop = !dump_seek(cprm->file, PAGE_SIZE);
2093 if (!elf_core_write_extra_data(cprm->file, &size, cprm->limit))
2096 if (e_phnum == PN_XNUM) {
2097 size += sizeof(*shdr4extnum);
2098 if (size > cprm->limit
2099 || !dump_write(cprm->file, shdr4extnum,
2100 sizeof(*shdr4extnum)))
2108 free_note_info(&info);
2116 #endif /* CONFIG_ELF_CORE */
2118 static int __init init_elf_binfmt(void)
2120 register_binfmt(&elf_format);
2124 static void __exit exit_elf_binfmt(void)
2126 /* Remove the COFF and ELF loaders. */
2127 unregister_binfmt(&elf_format);
2130 core_initcall(init_elf_binfmt);
2131 module_exit(exit_elf_binfmt);
2132 MODULE_LICENSE("GPL");
projects / firefly-linux-kernel-4.4.55.git / blob