blob: bdb201230bae93c408cf1972b6f9bb92ad37e478 [file] [log] [blame]
Linus Torvalds1da177e2005-04-16 15:20:36 -07001/*
2 * linux/fs/binfmt_elf.c
3 *
4 * These are the functions used to load ELF format executables as used
5 * on SVr4 machines. Information on the format may be found in the book
6 * "UNIX SYSTEM V RELEASE 4 Programmers Guide: Ansi C and Programming Support
7 * Tools".
8 *
9 * Copyright 1993, 1994: Eric Youngdale (ericy@cais.com).
10 */
11
12#include <linux/module.h>
13#include <linux/kernel.h>
14#include <linux/fs.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -070015#include <linux/mm.h>
16#include <linux/mman.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -070017#include <linux/errno.h>
18#include <linux/signal.h>
19#include <linux/binfmts.h>
20#include <linux/string.h>
21#include <linux/file.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -070022#include <linux/slab.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -070023#include <linux/personality.h>
24#include <linux/elfcore.h>
25#include <linux/init.h>
26#include <linux/highuid.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -070027#include <linux/compiler.h>
28#include <linux/highmem.h>
29#include <linux/pagemap.h>
Denys Vlasenko2aa362c2012-10-04 17:15:36 -070030#include <linux/vmalloc.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -070031#include <linux/security.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -070032#include <linux/random.h>
Jesper Juhlf4e5cc22006-06-23 02:05:35 -070033#include <linux/elf.h>
Kees Cookd1fd8362015-04-14 15:48:07 -070034#include <linux/elf-randomize.h>
Alexey Dobriyan7e80d0d2007-05-08 00:28:59 -070035#include <linux/utsname.h>
Daisuke HATAYAMA088e7af2010-03-05 13:44:06 -080036#include <linux/coredump.h>
Frederic Weisbecker6fac4822012-11-13 14:20:55 +010037#include <linux/sched.h>
Ingo Molnarf7ccbae2017-02-08 18:51:30 +010038#include <linux/sched/coredump.h>
Ingo Molnar68db0cf2017-02-08 18:51:37 +010039#include <linux/sched/task_stack.h>
Ingo Molnar32ef5512017-02-05 11:48:36 +010040#include <linux/sched/cputime.h>
Ingo Molnar5b825c32017-02-02 17:54:15 +010041#include <linux/cred.h>
Ross Zwisler50378352015-10-05 16:33:36 -060042#include <linux/dax.h>
Linus Torvalds7c0f6ba2016-12-24 11:46:01 -080043#include <linux/uaccess.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -070044#include <asm/param.h>
45#include <asm/page.h>
46
Denys Vlasenko2aa362c2012-10-04 17:15:36 -070047#ifndef user_long_t
48#define user_long_t long
49#endif
Denys Vlasenko49ae4d42012-10-04 17:15:35 -070050#ifndef user_siginfo_t
51#define user_siginfo_t siginfo_t
52#endif
53
Nicolas Pitre47552002017-08-16 16:05:13 -040054/* That's for binfmt_elf_fdpic to deal with */
55#ifndef elf_check_fdpic
56#define elf_check_fdpic(ex) false
57#endif
58
Al Viro71613c32012-10-20 22:00:48 -040059static int load_elf_binary(struct linux_binprm *bprm);
Andrew Mortonbb1ad822008-01-30 13:31:07 +010060static unsigned long elf_map(struct file *, unsigned long, struct elf_phdr *,
61 int, int, unsigned long);
Linus Torvalds1da177e2005-04-16 15:20:36 -070062
Josh Triplett69369a72014-04-03 14:48:27 -070063#ifdef CONFIG_USELIB
64static int load_elf_library(struct file *);
65#else
66#define load_elf_library NULL
67#endif
68
Linus Torvalds1da177e2005-04-16 15:20:36 -070069/*
70 * If we don't support core dumping, then supply a NULL so we
71 * don't even try.
72 */
Christoph Hellwig698ba7b2009-12-15 16:47:37 -080073#ifdef CONFIG_ELF_CORE
Masami Hiramatsuf6151df2009-12-17 15:27:16 -080074static int elf_core_dump(struct coredump_params *cprm);
Linus Torvalds1da177e2005-04-16 15:20:36 -070075#else
76#define elf_core_dump NULL
77#endif
78
79#if ELF_EXEC_PAGESIZE > PAGE_SIZE
Jesper Juhlf4e5cc22006-06-23 02:05:35 -070080#define ELF_MIN_ALIGN ELF_EXEC_PAGESIZE
Linus Torvalds1da177e2005-04-16 15:20:36 -070081#else
Jesper Juhlf4e5cc22006-06-23 02:05:35 -070082#define ELF_MIN_ALIGN PAGE_SIZE
Linus Torvalds1da177e2005-04-16 15:20:36 -070083#endif
84
85#ifndef ELF_CORE_EFLAGS
86#define ELF_CORE_EFLAGS 0
87#endif
88
89#define ELF_PAGESTART(_v) ((_v) & ~(unsigned long)(ELF_MIN_ALIGN-1))
90#define ELF_PAGEOFFSET(_v) ((_v) & (ELF_MIN_ALIGN-1))
91#define ELF_PAGEALIGN(_v) (((_v) + ELF_MIN_ALIGN - 1) & ~(ELF_MIN_ALIGN - 1))
92
93static struct linux_binfmt elf_format = {
Mikael Petterssonf670d0e2011-01-12 17:00:02 -080094 .module = THIS_MODULE,
95 .load_binary = load_elf_binary,
96 .load_shlib = load_elf_library,
97 .core_dump = elf_core_dump,
98 .min_coredump = ELF_EXEC_PAGESIZE,
Linus Torvalds1da177e2005-04-16 15:20:36 -070099};
100
Andrew Mortond4e3cc32007-07-21 04:37:32 -0700101#define BAD_ADDR(x) ((unsigned long)(x) >= TASK_SIZE)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700102
Denys Vlasenko16e72e92017-02-22 15:45:16 -0800103static int set_brk(unsigned long start, unsigned long end, int prot)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700104{
105 start = ELF_PAGEALIGN(start);
106 end = ELF_PAGEALIGN(end);
107 if (end > start) {
Denys Vlasenko16e72e92017-02-22 15:45:16 -0800108 /*
109 * Map the last of the bss segment.
110 * If the header is requesting these pages to be
111 * executable, honour that (ppc32 needs this).
112 */
113 int error = vm_brk_flags(start, end - start,
114 prot & PROT_EXEC ? VM_EXEC : 0);
Linus Torvalds5d22fc22016-05-27 15:57:31 -0700115 if (error)
116 return error;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700117 }
118 current->mm->start_brk = current->mm->brk = end;
119 return 0;
120}
121
Linus Torvalds1da177e2005-04-16 15:20:36 -0700122/* We need to explicitly zero any fractional pages
123 after the data section (i.e. bss). This would
124 contain the junk from the file that should not
Jesper Juhlf4e5cc22006-06-23 02:05:35 -0700125 be in memory
126 */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700127static int padzero(unsigned long elf_bss)
128{
129 unsigned long nbyte;
130
131 nbyte = ELF_PAGEOFFSET(elf_bss);
132 if (nbyte) {
133 nbyte = ELF_MIN_ALIGN - nbyte;
134 if (clear_user((void __user *) elf_bss, nbyte))
135 return -EFAULT;
136 }
137 return 0;
138}
139
Ohad Ben-Cohen09c6dd32008-02-03 18:05:15 +0200140/* Let's use some macros to make this stack manipulation a little clearer */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700141#ifdef CONFIG_STACK_GROWSUP
142#define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) + (items))
143#define STACK_ROUND(sp, items) \
144 ((15 + (unsigned long) ((sp) + (items))) &~ 15UL)
Jesper Juhlf4e5cc22006-06-23 02:05:35 -0700145#define STACK_ALLOC(sp, len) ({ \
146 elf_addr_t __user *old_sp = (elf_addr_t __user *)sp; sp += len; \
147 old_sp; })
Linus Torvalds1da177e2005-04-16 15:20:36 -0700148#else
149#define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) - (items))
150#define STACK_ROUND(sp, items) \
151 (((unsigned long) (sp - items)) &~ 15UL)
152#define STACK_ALLOC(sp, len) ({ sp -= len ; sp; })
153#endif
154
Nathan Lynch483fad12008-07-22 04:48:46 +1000155#ifndef ELF_BASE_PLATFORM
156/*
157 * AT_BASE_PLATFORM indicates the "real" hardware/microarchitecture.
158 * If the arch defines ELF_BASE_PLATFORM (in asm/elf.h), the value
159 * will be copied to the user stack in the same manner as AT_PLATFORM.
160 */
161#define ELF_BASE_PLATFORM NULL
162#endif
163
Linus Torvalds1da177e2005-04-16 15:20:36 -0700164static int
Jesper Juhlf4e5cc22006-06-23 02:05:35 -0700165create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
Andi Kleend20894a2008-02-08 04:21:54 -0800166 unsigned long load_addr, unsigned long interp_load_addr)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700167{
168 unsigned long p = bprm->p;
169 int argc = bprm->argc;
170 int envc = bprm->envc;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700171 elf_addr_t __user *sp;
172 elf_addr_t __user *u_platform;
Nathan Lynch483fad12008-07-22 04:48:46 +1000173 elf_addr_t __user *u_base_platform;
Kees Cookf06295b2009-01-07 18:08:52 -0800174 elf_addr_t __user *u_rand_bytes;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700175 const char *k_platform = ELF_PLATFORM;
Nathan Lynch483fad12008-07-22 04:48:46 +1000176 const char *k_base_platform = ELF_BASE_PLATFORM;
Kees Cookf06295b2009-01-07 18:08:52 -0800177 unsigned char k_rand_bytes[16];
Linus Torvalds1da177e2005-04-16 15:20:36 -0700178 int items;
179 elf_addr_t *elf_info;
180 int ei_index = 0;
David Howells86a264a2008-11-14 10:39:18 +1100181 const struct cred *cred = current_cred();
Ollie Wildb6a2fea2007-07-19 01:48:16 -0700182 struct vm_area_struct *vma;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700183
184 /*
Franck Bui-Huud68c9d62007-10-16 23:30:24 -0700185 * In some cases (e.g. Hyper-Threading), we want to avoid L1
186 * evictions by the processes running on the same package. One
187 * thing we can do is to shuffle the initial stack for them.
188 */
189
190 p = arch_align_stack(p);
191
192 /*
Linus Torvalds1da177e2005-04-16 15:20:36 -0700193 * If this architecture has a platform capability string, copy it
194 * to userspace. In some cases (Sparc), this info is impossible
195 * for userspace to get any other way, in others (i386) it is
196 * merely difficult.
197 */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700198 u_platform = NULL;
199 if (k_platform) {
200 size_t len = strlen(k_platform) + 1;
201
Linus Torvalds1da177e2005-04-16 15:20:36 -0700202 u_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
203 if (__copy_to_user(u_platform, k_platform, len))
204 return -EFAULT;
205 }
206
Nathan Lynch483fad12008-07-22 04:48:46 +1000207 /*
208 * If this architecture has a "base" platform capability
209 * string, copy it to userspace.
210 */
211 u_base_platform = NULL;
212 if (k_base_platform) {
213 size_t len = strlen(k_base_platform) + 1;
214
215 u_base_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
216 if (__copy_to_user(u_base_platform, k_base_platform, len))
217 return -EFAULT;
218 }
219
Kees Cookf06295b2009-01-07 18:08:52 -0800220 /*
221 * Generate 16 random bytes for userspace PRNG seeding.
222 */
223 get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes));
224 u_rand_bytes = (elf_addr_t __user *)
225 STACK_ALLOC(p, sizeof(k_rand_bytes));
226 if (__copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes)))
227 return -EFAULT;
228
Linus Torvalds1da177e2005-04-16 15:20:36 -0700229 /* Create the ELF interpreter info */
Jesper Juhl785d5572006-06-23 02:05:35 -0700230 elf_info = (elf_addr_t *)current->mm->saved_auxv;
Olaf Hering4f9a58d2007-10-16 23:30:12 -0700231 /* update AT_VECTOR_SIZE_BASE if the number of NEW_AUX_ENT() changes */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700232#define NEW_AUX_ENT(id, val) \
Jesper Juhlf4e5cc22006-06-23 02:05:35 -0700233 do { \
Jesper Juhl785d5572006-06-23 02:05:35 -0700234 elf_info[ei_index++] = id; \
235 elf_info[ei_index++] = val; \
Jesper Juhlf4e5cc22006-06-23 02:05:35 -0700236 } while (0)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700237
238#ifdef ARCH_DLINFO
239 /*
240 * ARCH_DLINFO must come first so PPC can do its special alignment of
241 * AUXV.
Olaf Hering4f9a58d2007-10-16 23:30:12 -0700242 * update AT_VECTOR_SIZE_ARCH if the number of NEW_AUX_ENT() in
243 * ARCH_DLINFO changes
Linus Torvalds1da177e2005-04-16 15:20:36 -0700244 */
245 ARCH_DLINFO;
246#endif
247 NEW_AUX_ENT(AT_HWCAP, ELF_HWCAP);
248 NEW_AUX_ENT(AT_PAGESZ, ELF_EXEC_PAGESIZE);
249 NEW_AUX_ENT(AT_CLKTCK, CLOCKS_PER_SEC);
250 NEW_AUX_ENT(AT_PHDR, load_addr + exec->e_phoff);
Jesper Juhlf4e5cc22006-06-23 02:05:35 -0700251 NEW_AUX_ENT(AT_PHENT, sizeof(struct elf_phdr));
Linus Torvalds1da177e2005-04-16 15:20:36 -0700252 NEW_AUX_ENT(AT_PHNUM, exec->e_phnum);
253 NEW_AUX_ENT(AT_BASE, interp_load_addr);
254 NEW_AUX_ENT(AT_FLAGS, 0);
255 NEW_AUX_ENT(AT_ENTRY, exec->e_entry);
Eric W. Biedermanebc887b2012-02-07 18:36:10 -0800256 NEW_AUX_ENT(AT_UID, from_kuid_munged(cred->user_ns, cred->uid));
257 NEW_AUX_ENT(AT_EUID, from_kuid_munged(cred->user_ns, cred->euid));
258 NEW_AUX_ENT(AT_GID, from_kgid_munged(cred->user_ns, cred->gid));
259 NEW_AUX_ENT(AT_EGID, from_kgid_munged(cred->user_ns, cred->egid));
Kees Cookc425e182017-07-18 15:25:22 -0700260 NEW_AUX_ENT(AT_SECURE, bprm->secureexec);
Kees Cookf06295b2009-01-07 18:08:52 -0800261 NEW_AUX_ENT(AT_RANDOM, (elf_addr_t)(unsigned long)u_rand_bytes);
Michael Neuling21713642013-04-17 17:33:11 +0000262#ifdef ELF_HWCAP2
263 NEW_AUX_ENT(AT_HWCAP2, ELF_HWCAP2);
264#endif
John Reiser65191082008-07-21 14:21:32 -0700265 NEW_AUX_ENT(AT_EXECFN, bprm->exec);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700266 if (k_platform) {
Jesper Juhlf4e5cc22006-06-23 02:05:35 -0700267 NEW_AUX_ENT(AT_PLATFORM,
Jesper Juhl785d5572006-06-23 02:05:35 -0700268 (elf_addr_t)(unsigned long)u_platform);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700269 }
Nathan Lynch483fad12008-07-22 04:48:46 +1000270 if (k_base_platform) {
271 NEW_AUX_ENT(AT_BASE_PLATFORM,
272 (elf_addr_t)(unsigned long)u_base_platform);
273 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700274 if (bprm->interp_flags & BINPRM_FLAGS_EXECFD) {
Jesper Juhl785d5572006-06-23 02:05:35 -0700275 NEW_AUX_ENT(AT_EXECFD, bprm->interp_data);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700276 }
277#undef NEW_AUX_ENT
278 /* AT_NULL is zero; clear the rest too */
279 memset(&elf_info[ei_index], 0,
280 sizeof current->mm->saved_auxv - ei_index * sizeof elf_info[0]);
281
282 /* And advance past the AT_NULL entry. */
283 ei_index += 2;
284
285 sp = STACK_ADD(p, ei_index);
286
Andi Kleend20894a2008-02-08 04:21:54 -0800287 items = (argc + 1) + (envc + 1) + 1;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700288 bprm->p = STACK_ROUND(sp, items);
289
290 /* Point sp at the lowest address on the stack */
291#ifdef CONFIG_STACK_GROWSUP
292 sp = (elf_addr_t __user *)bprm->p - items - ei_index;
Jesper Juhlf4e5cc22006-06-23 02:05:35 -0700293 bprm->exec = (unsigned long)sp; /* XXX: PARISC HACK */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700294#else
295 sp = (elf_addr_t __user *)bprm->p;
296#endif
297
Ollie Wildb6a2fea2007-07-19 01:48:16 -0700298
299 /*
300 * Grow the stack manually; some architectures have a limit on how
301 * far ahead a user-space access may be in order to grow the stack.
302 */
303 vma = find_extend_vma(current->mm, bprm->p);
304 if (!vma)
305 return -EFAULT;
306
Linus Torvalds1da177e2005-04-16 15:20:36 -0700307 /* Now, let's put argc (and argv, envp if appropriate) on the stack */
308 if (__put_user(argc, sp++))
309 return -EFAULT;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700310
Kees Cook67c67772017-07-10 15:52:54 -0700311 /* Populate list of argv pointers back to argv strings. */
Greg Kroah-Hartmana84a5052005-05-11 00:10:44 -0700312 p = current->mm->arg_end = current->mm->arg_start;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700313 while (argc-- > 0) {
314 size_t len;
Kees Cook67c67772017-07-10 15:52:54 -0700315 if (__put_user((elf_addr_t)p, sp++))
Heiko Carstens841d5fb2006-12-06 20:36:35 -0800316 return -EFAULT;
Ollie Wildb6a2fea2007-07-19 01:48:16 -0700317 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
318 if (!len || len > MAX_ARG_STRLEN)
WANG Cong23c49712008-05-08 21:52:33 +0800319 return -EINVAL;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700320 p += len;
321 }
Kees Cook67c67772017-07-10 15:52:54 -0700322 if (__put_user(0, sp++))
Linus Torvalds1da177e2005-04-16 15:20:36 -0700323 return -EFAULT;
Kees Cook67c67772017-07-10 15:52:54 -0700324 current->mm->arg_end = p;
325
326 /* Populate list of envp pointers back to envp strings. */
327 current->mm->env_end = current->mm->env_start = p;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700328 while (envc-- > 0) {
329 size_t len;
Kees Cook67c67772017-07-10 15:52:54 -0700330 if (__put_user((elf_addr_t)p, sp++))
Heiko Carstens841d5fb2006-12-06 20:36:35 -0800331 return -EFAULT;
Ollie Wildb6a2fea2007-07-19 01:48:16 -0700332 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
333 if (!len || len > MAX_ARG_STRLEN)
WANG Cong23c49712008-05-08 21:52:33 +0800334 return -EINVAL;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700335 p += len;
336 }
Kees Cook67c67772017-07-10 15:52:54 -0700337 if (__put_user(0, sp++))
Linus Torvalds1da177e2005-04-16 15:20:36 -0700338 return -EFAULT;
339 current->mm->env_end = p;
340
341 /* Put the elf_info on the stack in the right place. */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700342 if (copy_to_user(sp, elf_info, ei_index * sizeof(elf_addr_t)))
343 return -EFAULT;
344 return 0;
345}
346
James Hoganc07380b2011-05-09 10:58:40 +0100347#ifndef elf_map
348
Linus Torvalds1da177e2005-04-16 15:20:36 -0700349static unsigned long elf_map(struct file *filep, unsigned long addr,
Jiri Kosinacc503c12008-01-30 13:31:07 +0100350 struct elf_phdr *eppnt, int prot, int type,
351 unsigned long total_size)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700352{
353 unsigned long map_addr;
Jiri Kosinacc503c12008-01-30 13:31:07 +0100354 unsigned long size = eppnt->p_filesz + ELF_PAGEOFFSET(eppnt->p_vaddr);
355 unsigned long off = eppnt->p_offset - ELF_PAGEOFFSET(eppnt->p_vaddr);
356 addr = ELF_PAGESTART(addr);
357 size = ELF_PAGEALIGN(size);
Jan Kratochvil60bfba72007-07-15 23:40:06 -0700358
Andrew Mortond4e3cc32007-07-21 04:37:32 -0700359 /* mmap() will return -EINVAL if given a zero size, but a
360 * segment with zero filesize is perfectly valid */
Jiri Kosinacc503c12008-01-30 13:31:07 +0100361 if (!size)
362 return addr;
363
Jiri Kosinacc503c12008-01-30 13:31:07 +0100364 /*
365 * total_size is the size of the ELF (interpreter) image.
366 * The _first_ mmap needs to know the full size, otherwise
367 * randomization might put this image into an overlapping
368 * position with the ELF binary image. (since size < total_size)
369 * So we first map the 'big' image - and unmap the remainder at
370 * the end. (which unmap is needed for ELF images with holes.)
371 */
372 if (total_size) {
373 total_size = ELF_PAGEALIGN(total_size);
Al Viro5a5e4c22012-05-30 01:49:38 -0400374 map_addr = vm_mmap(filep, addr, total_size, prot, type, off);
Jiri Kosinacc503c12008-01-30 13:31:07 +0100375 if (!BAD_ADDR(map_addr))
Al Viro5a5e4c22012-05-30 01:49:38 -0400376 vm_munmap(map_addr+size, total_size-size);
Jiri Kosinacc503c12008-01-30 13:31:07 +0100377 } else
Al Viro5a5e4c22012-05-30 01:49:38 -0400378 map_addr = vm_mmap(filep, addr, size, prot, type, off);
Jiri Kosinacc503c12008-01-30 13:31:07 +0100379
Linus Torvalds1da177e2005-04-16 15:20:36 -0700380 return(map_addr);
381}
382
James Hoganc07380b2011-05-09 10:58:40 +0100383#endif /* !elf_map */
384
Jiri Kosinacc503c12008-01-30 13:31:07 +0100385static unsigned long total_mapping_size(struct elf_phdr *cmds, int nr)
386{
387 int i, first_idx = -1, last_idx = -1;
388
389 for (i = 0; i < nr; i++) {
390 if (cmds[i].p_type == PT_LOAD) {
391 last_idx = i;
392 if (first_idx == -1)
393 first_idx = i;
394 }
395 }
396 if (first_idx == -1)
397 return 0;
398
399 return cmds[last_idx].p_vaddr + cmds[last_idx].p_memsz -
400 ELF_PAGESTART(cmds[first_idx].p_vaddr);
401}
402
Paul Burton6a8d3892014-09-11 08:30:14 +0100403/**
404 * load_elf_phdrs() - load ELF program headers
405 * @elf_ex: ELF header of the binary whose program headers should be loaded
406 * @elf_file: the opened ELF binary file
407 *
408 * Loads ELF program headers from the binary file elf_file, which has the ELF
409 * header pointed to by elf_ex, into a newly allocated array. The caller is
410 * responsible for freeing the allocated data. Returns an ERR_PTR upon failure.
411 */
412static struct elf_phdr *load_elf_phdrs(struct elfhdr *elf_ex,
413 struct file *elf_file)
414{
415 struct elf_phdr *elf_phdata = NULL;
416 int retval, size, err = -1;
Christoph Hellwigbdd1d2d2017-09-01 17:39:13 +0200417 loff_t pos = elf_ex->e_phoff;
Paul Burton6a8d3892014-09-11 08:30:14 +0100418
419 /*
420 * If the size of this structure has changed, then punt, since
421 * we will be doing the wrong thing.
422 */
423 if (elf_ex->e_phentsize != sizeof(struct elf_phdr))
424 goto out;
425
426 /* Sanity check the number of program headers... */
427 if (elf_ex->e_phnum < 1 ||
428 elf_ex->e_phnum > 65536U / sizeof(struct elf_phdr))
429 goto out;
430
431 /* ...and their total size. */
432 size = sizeof(struct elf_phdr) * elf_ex->e_phnum;
433 if (size > ELF_MIN_ALIGN)
434 goto out;
435
436 elf_phdata = kmalloc(size, GFP_KERNEL);
437 if (!elf_phdata)
438 goto out;
439
440 /* Read in the program headers */
Christoph Hellwigbdd1d2d2017-09-01 17:39:13 +0200441 retval = kernel_read(elf_file, elf_phdata, size, &pos);
Paul Burton6a8d3892014-09-11 08:30:14 +0100442 if (retval != size) {
443 err = (retval < 0) ? retval : -EIO;
444 goto out;
445 }
446
447 /* Success! */
448 err = 0;
449out:
450 if (err) {
451 kfree(elf_phdata);
452 elf_phdata = NULL;
453 }
454 return elf_phdata;
455}
Jiri Kosinacc503c12008-01-30 13:31:07 +0100456
Paul Burton774c1052014-09-11 08:30:16 +0100457#ifndef CONFIG_ARCH_BINFMT_ELF_STATE
458
459/**
460 * struct arch_elf_state - arch-specific ELF loading state
461 *
462 * This structure is used to preserve architecture specific data during
463 * the loading of an ELF file, throughout the checking of architecture
464 * specific ELF headers & through to the point where the ELF load is
465 * known to be proceeding (ie. SET_PERSONALITY).
466 *
467 * This implementation is a dummy for architectures which require no
468 * specific state.
469 */
470struct arch_elf_state {
471};
472
473#define INIT_ARCH_ELF_STATE {}
474
475/**
476 * arch_elf_pt_proc() - check a PT_LOPROC..PT_HIPROC ELF program header
477 * @ehdr: The main ELF header
478 * @phdr: The program header to check
479 * @elf: The open ELF file
480 * @is_interp: True if the phdr is from the interpreter of the ELF being
481 * loaded, else false.
482 * @state: Architecture-specific state preserved throughout the process
483 * of loading the ELF.
484 *
485 * Inspects the program header phdr to validate its correctness and/or
486 * suitability for the system. Called once per ELF program header in the
487 * range PT_LOPROC to PT_HIPROC, for both the ELF being loaded and its
488 * interpreter.
489 *
490 * Return: Zero to proceed with the ELF load, non-zero to fail the ELF load
491 * with that return code.
492 */
493static inline int arch_elf_pt_proc(struct elfhdr *ehdr,
494 struct elf_phdr *phdr,
495 struct file *elf, bool is_interp,
496 struct arch_elf_state *state)
497{
498 /* Dummy implementation, always proceed */
499 return 0;
500}
501
502/**
Maciej W. Rozycki54d157142015-10-26 15:47:57 +0000503 * arch_check_elf() - check an ELF executable
Paul Burton774c1052014-09-11 08:30:16 +0100504 * @ehdr: The main ELF header
505 * @has_interp: True if the ELF has an interpreter, else false.
Maciej W. Rozyckieb4bc072015-11-13 00:47:48 +0000506 * @interp_ehdr: The interpreter's ELF header
Paul Burton774c1052014-09-11 08:30:16 +0100507 * @state: Architecture-specific state preserved throughout the process
508 * of loading the ELF.
509 *
510 * Provides a final opportunity for architecture code to reject the loading
511 * of the ELF & cause an exec syscall to return an error. This is called after
512 * all program headers to be checked by arch_elf_pt_proc have been.
513 *
514 * Return: Zero to proceed with the ELF load, non-zero to fail the ELF load
515 * with that return code.
516 */
517static inline int arch_check_elf(struct elfhdr *ehdr, bool has_interp,
Maciej W. Rozyckieb4bc072015-11-13 00:47:48 +0000518 struct elfhdr *interp_ehdr,
Paul Burton774c1052014-09-11 08:30:16 +0100519 struct arch_elf_state *state)
520{
521 /* Dummy implementation, always proceed */
522 return 0;
523}
524
525#endif /* !CONFIG_ARCH_BINFMT_ELF_STATE */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700526
527/* This is much more generalized than the library routine read function,
528 so we keep this separate. Technically the library read function
529 is only provided so that we can read a.out libraries that have
530 an ELF header */
531
Jesper Juhlf4e5cc22006-06-23 02:05:35 -0700532static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
Jiri Kosinacc503c12008-01-30 13:31:07 +0100533 struct file *interpreter, unsigned long *interp_map_addr,
Paul Burtona9d9ef12014-09-11 08:30:15 +0100534 unsigned long no_base, struct elf_phdr *interp_elf_phdata)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700535{
Linus Torvalds1da177e2005-04-16 15:20:36 -0700536 struct elf_phdr *eppnt;
537 unsigned long load_addr = 0;
538 int load_addr_set = 0;
539 unsigned long last_bss = 0, elf_bss = 0;
Denys Vlasenko16e72e92017-02-22 15:45:16 -0800540 int bss_prot = 0;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700541 unsigned long error = ~0UL;
Jiri Kosinacc503c12008-01-30 13:31:07 +0100542 unsigned long total_size;
Paul Burton6a8d3892014-09-11 08:30:14 +0100543 int i;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700544
545 /* First of all, some simple consistency checks */
546 if (interp_elf_ex->e_type != ET_EXEC &&
547 interp_elf_ex->e_type != ET_DYN)
548 goto out;
Nicolas Pitre47552002017-08-16 16:05:13 -0400549 if (!elf_check_arch(interp_elf_ex) ||
550 elf_check_fdpic(interp_elf_ex))
Linus Torvalds1da177e2005-04-16 15:20:36 -0700551 goto out;
Al Viro72c2d532013-09-22 16:27:52 -0400552 if (!interpreter->f_op->mmap)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700553 goto out;
554
Paul Burtona9d9ef12014-09-11 08:30:15 +0100555 total_size = total_mapping_size(interp_elf_phdata,
556 interp_elf_ex->e_phnum);
Jiri Kosinacc503c12008-01-30 13:31:07 +0100557 if (!total_size) {
558 error = -EINVAL;
Paul Burtona9d9ef12014-09-11 08:30:15 +0100559 goto out;
Jiri Kosinacc503c12008-01-30 13:31:07 +0100560 }
561
Paul Burtona9d9ef12014-09-11 08:30:15 +0100562 eppnt = interp_elf_phdata;
Jesper Juhlf4e5cc22006-06-23 02:05:35 -0700563 for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) {
564 if (eppnt->p_type == PT_LOAD) {
565 int elf_type = MAP_PRIVATE | MAP_DENYWRITE;
566 int elf_prot = 0;
567 unsigned long vaddr = 0;
568 unsigned long k, map_addr;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700569
Jesper Juhlf4e5cc22006-06-23 02:05:35 -0700570 if (eppnt->p_flags & PF_R)
571 elf_prot = PROT_READ;
572 if (eppnt->p_flags & PF_W)
573 elf_prot |= PROT_WRITE;
574 if (eppnt->p_flags & PF_X)
575 elf_prot |= PROT_EXEC;
576 vaddr = eppnt->p_vaddr;
577 if (interp_elf_ex->e_type == ET_EXEC || load_addr_set)
578 elf_type |= MAP_FIXED;
Jiri Kosinacc503c12008-01-30 13:31:07 +0100579 else if (no_base && interp_elf_ex->e_type == ET_DYN)
580 load_addr = -vaddr;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700581
Jesper Juhlf4e5cc22006-06-23 02:05:35 -0700582 map_addr = elf_map(interpreter, load_addr + vaddr,
Andrew Mortonbb1ad822008-01-30 13:31:07 +0100583 eppnt, elf_prot, elf_type, total_size);
Jiri Kosinacc503c12008-01-30 13:31:07 +0100584 total_size = 0;
585 if (!*interp_map_addr)
586 *interp_map_addr = map_addr;
Jesper Juhlf4e5cc22006-06-23 02:05:35 -0700587 error = map_addr;
588 if (BAD_ADDR(map_addr))
Paul Burtona9d9ef12014-09-11 08:30:15 +0100589 goto out;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700590
Jesper Juhlf4e5cc22006-06-23 02:05:35 -0700591 if (!load_addr_set &&
592 interp_elf_ex->e_type == ET_DYN) {
593 load_addr = map_addr - ELF_PAGESTART(vaddr);
594 load_addr_set = 1;
595 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700596
Jesper Juhlf4e5cc22006-06-23 02:05:35 -0700597 /*
598 * Check to see if the section's size will overflow the
599 * allowed task size. Note that p_filesz must always be
600 * <= p_memsize so it's only necessary to check p_memsz.
601 */
602 k = load_addr + eppnt->p_vaddr;
Chuck Ebbertce510592006-07-03 00:24:14 -0700603 if (BAD_ADDR(k) ||
Jesper Juhlf4e5cc22006-06-23 02:05:35 -0700604 eppnt->p_filesz > eppnt->p_memsz ||
605 eppnt->p_memsz > TASK_SIZE ||
606 TASK_SIZE - eppnt->p_memsz < k) {
607 error = -ENOMEM;
Paul Burtona9d9ef12014-09-11 08:30:15 +0100608 goto out;
Jesper Juhlf4e5cc22006-06-23 02:05:35 -0700609 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700610
Jesper Juhlf4e5cc22006-06-23 02:05:35 -0700611 /*
612 * Find the end of the file mapping for this phdr, and
613 * keep track of the largest address we see for this.
614 */
615 k = load_addr + eppnt->p_vaddr + eppnt->p_filesz;
616 if (k > elf_bss)
617 elf_bss = k;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700618
Jesper Juhlf4e5cc22006-06-23 02:05:35 -0700619 /*
620 * Do the same thing for the memory mapping - between
621 * elf_bss and last_bss is the bss section.
622 */
Kees Cook0036d1f2016-08-02 14:04:51 -0700623 k = load_addr + eppnt->p_vaddr + eppnt->p_memsz;
Denys Vlasenko16e72e92017-02-22 15:45:16 -0800624 if (k > last_bss) {
Jesper Juhlf4e5cc22006-06-23 02:05:35 -0700625 last_bss = k;
Denys Vlasenko16e72e92017-02-22 15:45:16 -0800626 bss_prot = elf_prot;
627 }
Jesper Juhlf4e5cc22006-06-23 02:05:35 -0700628 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700629 }
630
Kees Cook0036d1f2016-08-02 14:04:51 -0700631 /*
632 * Now fill out the bss section: first pad the last page from
633 * the file up to the page boundary, and zero it from elf_bss
634 * up to the end of the page.
635 */
636 if (padzero(elf_bss)) {
637 error = -EFAULT;
638 goto out;
639 }
640 /*
641 * Next, align both the file and mem bss up to the page size,
642 * since this is where elf_bss was just zeroed up to, and where
Denys Vlasenko16e72e92017-02-22 15:45:16 -0800643 * last_bss will end after the vm_brk_flags() below.
Kees Cook0036d1f2016-08-02 14:04:51 -0700644 */
645 elf_bss = ELF_PAGEALIGN(elf_bss);
646 last_bss = ELF_PAGEALIGN(last_bss);
647 /* Finally, if there is still more bss to allocate, do it. */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700648 if (last_bss > elf_bss) {
Denys Vlasenko16e72e92017-02-22 15:45:16 -0800649 error = vm_brk_flags(elf_bss, last_bss - elf_bss,
650 bss_prot & PROT_EXEC ? VM_EXEC : 0);
Linus Torvalds5d22fc22016-05-27 15:57:31 -0700651 if (error)
Paul Burtona9d9ef12014-09-11 08:30:15 +0100652 goto out;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700653 }
654
Jiri Kosinacc503c12008-01-30 13:31:07 +0100655 error = load_addr;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700656out:
657 return error;
658}
659
Linus Torvalds1da177e2005-04-16 15:20:36 -0700660/*
661 * These are the functions used to load ELF style executables and shared
662 * libraries. There is no binary dependent code anywhere else.
663 */
664
Andi Kleen913bd902006-03-25 16:29:09 +0100665#ifndef STACK_RND_MASK
James Bottomleyd1cabd632007-03-16 13:38:35 -0800666#define STACK_RND_MASK (0x7ff >> (PAGE_SHIFT - 12)) /* 8MB of VA */
Andi Kleen913bd902006-03-25 16:29:09 +0100667#endif
Linus Torvalds1da177e2005-04-16 15:20:36 -0700668
669static unsigned long randomize_stack_top(unsigned long stack_top)
670{
Hector Marco-Gisbert4e7c22d2015-02-14 09:33:50 -0800671 unsigned long random_variable = 0;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700672
Oleg Nesterov01578e32017-08-15 17:40:11 +0200673 if (current->flags & PF_RANDOMIZE) {
Daniel Cashman5ef11c32016-02-26 15:19:37 -0800674 random_variable = get_random_long();
Hector Marco-Gisbert4e7c22d2015-02-14 09:33:50 -0800675 random_variable &= STACK_RND_MASK;
Andi Kleen913bd902006-03-25 16:29:09 +0100676 random_variable <<= PAGE_SHIFT;
677 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700678#ifdef CONFIG_STACK_GROWSUP
Andi Kleen913bd902006-03-25 16:29:09 +0100679 return PAGE_ALIGN(stack_top) + random_variable;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700680#else
Andi Kleen913bd902006-03-25 16:29:09 +0100681 return PAGE_ALIGN(stack_top) - random_variable;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700682#endif
683}
684
Al Viro71613c32012-10-20 22:00:48 -0400685static int load_elf_binary(struct linux_binprm *bprm)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700686{
687 struct file *interpreter = NULL; /* to shut gcc up */
688 unsigned long load_addr = 0, load_bias = 0;
689 int load_addr_set = 0;
690 char * elf_interpreter = NULL;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700691 unsigned long error;
Paul Burtona9d9ef12014-09-11 08:30:15 +0100692 struct elf_phdr *elf_ppnt, *elf_phdata, *interp_elf_phdata = NULL;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700693 unsigned long elf_bss, elf_brk;
Denys Vlasenko16e72e92017-02-22 15:45:16 -0800694 int bss_prot = 0;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700695 int retval, i;
Jiri Kosinacc503c12008-01-30 13:31:07 +0100696 unsigned long elf_entry;
697 unsigned long interp_load_addr = 0;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700698 unsigned long start_code, end_code, start_data, end_data;
David Daney1a530a62011-03-22 16:34:48 -0700699 unsigned long reloc_func_desc __maybe_unused = 0;
David Rientjes8de61e62006-12-06 20:40:16 -0800700 int executable_stack = EXSTACK_DEFAULT;
Al Viro71613c32012-10-20 22:00:48 -0400701 struct pt_regs *regs = current_pt_regs();
Linus Torvalds1da177e2005-04-16 15:20:36 -0700702 struct {
703 struct elfhdr elf_ex;
704 struct elfhdr interp_elf_ex;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700705 } *loc;
Paul Burton774c1052014-09-11 08:30:16 +0100706 struct arch_elf_state arch_state = INIT_ARCH_ELF_STATE;
Christoph Hellwigbdd1d2d2017-09-01 17:39:13 +0200707 loff_t pos;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700708
709 loc = kmalloc(sizeof(*loc), GFP_KERNEL);
710 if (!loc) {
711 retval = -ENOMEM;
712 goto out_ret;
713 }
714
715 /* Get the exec-header */
Jesper Juhlf4e5cc22006-06-23 02:05:35 -0700716 loc->elf_ex = *((struct elfhdr *)bprm->buf);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700717
718 retval = -ENOEXEC;
719 /* First of all, some simple consistency checks */
720 if (memcmp(loc->elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
721 goto out;
722
723 if (loc->elf_ex.e_type != ET_EXEC && loc->elf_ex.e_type != ET_DYN)
724 goto out;
725 if (!elf_check_arch(&loc->elf_ex))
726 goto out;
Nicolas Pitre47552002017-08-16 16:05:13 -0400727 if (elf_check_fdpic(&loc->elf_ex))
728 goto out;
Al Viro72c2d532013-09-22 16:27:52 -0400729 if (!bprm->file->f_op->mmap)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700730 goto out;
731
Paul Burton6a8d3892014-09-11 08:30:14 +0100732 elf_phdata = load_elf_phdrs(&loc->elf_ex, bprm->file);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700733 if (!elf_phdata)
734 goto out;
735
Linus Torvalds1da177e2005-04-16 15:20:36 -0700736 elf_ppnt = elf_phdata;
737 elf_bss = 0;
738 elf_brk = 0;
739
740 start_code = ~0UL;
741 end_code = 0;
742 start_data = 0;
743 end_data = 0;
744
745 for (i = 0; i < loc->elf_ex.e_phnum; i++) {
746 if (elf_ppnt->p_type == PT_INTERP) {
747 /* This is the program interpreter used for
748 * shared libraries - for now assume that this
749 * is an a.out format binary
750 */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700751 retval = -ENOEXEC;
752 if (elf_ppnt->p_filesz > PATH_MAX ||
753 elf_ppnt->p_filesz < 2)
Al Viroe7b9b552009-03-29 16:31:16 -0400754 goto out_free_ph;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700755
756 retval = -ENOMEM;
Jesper Juhl792db3a2006-01-09 20:54:45 -0800757 elf_interpreter = kmalloc(elf_ppnt->p_filesz,
Jesper Juhlf4e5cc22006-06-23 02:05:35 -0700758 GFP_KERNEL);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700759 if (!elf_interpreter)
Al Viroe7b9b552009-03-29 16:31:16 -0400760 goto out_free_ph;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700761
Christoph Hellwigbdd1d2d2017-09-01 17:39:13 +0200762 pos = elf_ppnt->p_offset;
763 retval = kernel_read(bprm->file, elf_interpreter,
764 elf_ppnt->p_filesz, &pos);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700765 if (retval != elf_ppnt->p_filesz) {
766 if (retval >= 0)
767 retval = -EIO;
768 goto out_free_interp;
769 }
770 /* make sure path is NULL terminated */
771 retval = -ENOEXEC;
772 if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0')
773 goto out_free_interp;
774
Linus Torvalds1da177e2005-04-16 15:20:36 -0700775 interpreter = open_exec(elf_interpreter);
776 retval = PTR_ERR(interpreter);
777 if (IS_ERR(interpreter))
778 goto out_free_interp;
Alexey Dobriyan1fb84492007-01-26 00:57:16 -0800779
780 /*
781 * If the binary is not readable then enforce
782 * mm->dumpable = 0 regardless of the interpreter's
783 * permissions.
784 */
Al Viro1b5d7832011-06-19 12:49:47 -0400785 would_dump(bprm, interpreter);
Alexey Dobriyan1fb84492007-01-26 00:57:16 -0800786
Maciej W. Rozyckib582ef52015-10-26 15:48:19 +0000787 /* Get the exec headers */
Christoph Hellwigbdd1d2d2017-09-01 17:39:13 +0200788 pos = 0;
789 retval = kernel_read(interpreter, &loc->interp_elf_ex,
790 sizeof(loc->interp_elf_ex), &pos);
Maciej W. Rozyckib582ef52015-10-26 15:48:19 +0000791 if (retval != sizeof(loc->interp_elf_ex)) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700792 if (retval >= 0)
793 retval = -EIO;
794 goto out_free_dentry;
795 }
796
Linus Torvalds1da177e2005-04-16 15:20:36 -0700797 break;
798 }
799 elf_ppnt++;
800 }
801
802 elf_ppnt = elf_phdata;
803 for (i = 0; i < loc->elf_ex.e_phnum; i++, elf_ppnt++)
Paul Burton774c1052014-09-11 08:30:16 +0100804 switch (elf_ppnt->p_type) {
805 case PT_GNU_STACK:
Linus Torvalds1da177e2005-04-16 15:20:36 -0700806 if (elf_ppnt->p_flags & PF_X)
807 executable_stack = EXSTACK_ENABLE_X;
808 else
809 executable_stack = EXSTACK_DISABLE_X;
810 break;
Paul Burton774c1052014-09-11 08:30:16 +0100811
812 case PT_LOPROC ... PT_HIPROC:
813 retval = arch_elf_pt_proc(&loc->elf_ex, elf_ppnt,
814 bprm->file, false,
815 &arch_state);
816 if (retval)
817 goto out_free_dentry;
818 break;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700819 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700820
821 /* Some simple consistency checks for the interpreter */
822 if (elf_interpreter) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700823 retval = -ELIBBAD;
Andi Kleend20894a2008-02-08 04:21:54 -0800824 /* Not an ELF interpreter */
825 if (memcmp(loc->interp_elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700826 goto out_free_dentry;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700827 /* Verify the interpreter has a valid arch */
Nicolas Pitre47552002017-08-16 16:05:13 -0400828 if (!elf_check_arch(&loc->interp_elf_ex) ||
829 elf_check_fdpic(&loc->interp_elf_ex))
Linus Torvalds1da177e2005-04-16 15:20:36 -0700830 goto out_free_dentry;
Paul Burtona9d9ef12014-09-11 08:30:15 +0100831
832 /* Load the interpreter program headers */
833 interp_elf_phdata = load_elf_phdrs(&loc->interp_elf_ex,
834 interpreter);
835 if (!interp_elf_phdata)
836 goto out_free_dentry;
Paul Burton774c1052014-09-11 08:30:16 +0100837
838 /* Pass PT_LOPROC..PT_HIPROC headers to arch code */
839 elf_ppnt = interp_elf_phdata;
840 for (i = 0; i < loc->interp_elf_ex.e_phnum; i++, elf_ppnt++)
841 switch (elf_ppnt->p_type) {
842 case PT_LOPROC ... PT_HIPROC:
843 retval = arch_elf_pt_proc(&loc->interp_elf_ex,
844 elf_ppnt, interpreter,
845 true, &arch_state);
846 if (retval)
847 goto out_free_dentry;
848 break;
849 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700850 }
851
Paul Burton774c1052014-09-11 08:30:16 +0100852 /*
853 * Allow arch code to reject the ELF at this point, whilst it's
854 * still possible to return an error to the code that invoked
855 * the exec syscall.
856 */
Maciej W. Rozyckieb4bc072015-11-13 00:47:48 +0000857 retval = arch_check_elf(&loc->elf_ex,
858 !!interpreter, &loc->interp_elf_ex,
859 &arch_state);
Paul Burton774c1052014-09-11 08:30:16 +0100860 if (retval)
861 goto out_free_dentry;
862
Linus Torvalds1da177e2005-04-16 15:20:36 -0700863 /* Flush all traces of the currently running executable */
864 retval = flush_old_exec(bprm);
865 if (retval)
866 goto out_free_dentry;
867
Linus Torvalds1da177e2005-04-16 15:20:36 -0700868 /* Do this immediately, since STACK_TOP as used in setup_arg_pages
869 may depend on the personality. */
Paul Burton774c1052014-09-11 08:30:16 +0100870 SET_PERSONALITY2(loc->elf_ex, &arch_state);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700871 if (elf_read_implies_exec(loc->elf_ex, executable_stack))
872 current->personality |= READ_IMPLIES_EXEC;
873
Jesper Juhlf4e5cc22006-06-23 02:05:35 -0700874 if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700875 current->flags |= PF_RANDOMIZE;
Linus Torvalds221af7f2010-01-28 22:14:42 -0800876
877 setup_new_exec(bprm);
Linus Torvalds9f834ec2016-08-22 16:41:46 -0700878 install_exec_creds(bprm);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700879
880 /* Do this so that we can load the interpreter, if need be. We will
881 change some of these later */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700882 retval = setup_arg_pages(bprm, randomize_stack_top(STACK_TOP),
883 executable_stack);
Al Viro19d860a2014-05-04 20:11:36 -0400884 if (retval < 0)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700885 goto out_free_dentry;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700886
Linus Torvalds1da177e2005-04-16 15:20:36 -0700887 current->mm->start_stack = bprm->p;
888
André Goddard Rosaaf901ca2009-11-14 13:09:05 -0200889 /* Now we do a little grungy work by mmapping the ELF image into
Jiri Kosinacc503c12008-01-30 13:31:07 +0100890 the correct location in memory. */
Jesper Juhlf4e5cc22006-06-23 02:05:35 -0700891 for(i = 0, elf_ppnt = elf_phdata;
892 i < loc->elf_ex.e_phnum; i++, elf_ppnt++) {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700893 int elf_prot = 0, elf_flags;
894 unsigned long k, vaddr;
Michael Davidsona87938b2015-04-14 15:47:38 -0700895 unsigned long total_size = 0;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700896
897 if (elf_ppnt->p_type != PT_LOAD)
898 continue;
899
900 if (unlikely (elf_brk > elf_bss)) {
901 unsigned long nbyte;
902
903 /* There was a PT_LOAD segment with p_memsz > p_filesz
904 before this one. Map anonymous pages, if needed,
905 and clear the area. */
Mikael Petterssonf670d0e2011-01-12 17:00:02 -0800906 retval = set_brk(elf_bss + load_bias,
Denys Vlasenko16e72e92017-02-22 15:45:16 -0800907 elf_brk + load_bias,
908 bss_prot);
Al Viro19d860a2014-05-04 20:11:36 -0400909 if (retval)
Linus Torvalds1da177e2005-04-16 15:20:36 -0700910 goto out_free_dentry;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700911 nbyte = ELF_PAGEOFFSET(elf_bss);
912 if (nbyte) {
913 nbyte = ELF_MIN_ALIGN - nbyte;
914 if (nbyte > elf_brk - elf_bss)
915 nbyte = elf_brk - elf_bss;
916 if (clear_user((void __user *)elf_bss +
917 load_bias, nbyte)) {
918 /*
919 * This bss-zeroing can fail if the ELF
Jesper Juhlf4e5cc22006-06-23 02:05:35 -0700920 * file specifies odd protections. So
Linus Torvalds1da177e2005-04-16 15:20:36 -0700921 * we don't check the return value
922 */
923 }
924 }
925 }
926
Jesper Juhlf4e5cc22006-06-23 02:05:35 -0700927 if (elf_ppnt->p_flags & PF_R)
928 elf_prot |= PROT_READ;
929 if (elf_ppnt->p_flags & PF_W)
930 elf_prot |= PROT_WRITE;
931 if (elf_ppnt->p_flags & PF_X)
932 elf_prot |= PROT_EXEC;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700933
Jesper Juhlf4e5cc22006-06-23 02:05:35 -0700934 elf_flags = MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700935
936 vaddr = elf_ppnt->p_vaddr;
Kees Cookeab09532017-07-10 15:52:37 -0700937 /*
938 * If we are loading ET_EXEC or we have already performed
939 * the ET_DYN load_addr calculations, proceed normally.
940 */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700941 if (loc->elf_ex.e_type == ET_EXEC || load_addr_set) {
942 elf_flags |= MAP_FIXED;
943 } else if (loc->elf_ex.e_type == ET_DYN) {
Kees Cookeab09532017-07-10 15:52:37 -0700944 /*
945 * This logic is run once for the first LOAD Program
946 * Header for ET_DYN binaries to calculate the
947 * randomization (load_bias) for all the LOAD
948 * Program Headers, and to calculate the entire
949 * size of the ELF mapping (total_size). (Note that
950 * load_addr_set is set to true later once the
951 * initial mapping is performed.)
952 *
953 * There are effectively two types of ET_DYN
954 * binaries: programs (i.e. PIE: ET_DYN with INTERP)
955 * and loaders (ET_DYN without INTERP, since they
956 * _are_ the ELF interpreter). The loaders must
957 * be loaded away from programs since the program
958 * may otherwise collide with the loader (especially
959 * for ET_EXEC which does not have a randomized
960 * position). For example to handle invocations of
961 * "./ld.so someprog" to test out a new version of
962 * the loader, the subsequent program that the
963 * loader loads must avoid the loader itself, so
964 * they cannot share the same load range. Sufficient
965 * room for the brk must be allocated with the
966 * loader as well, since brk must be available with
967 * the loader.
968 *
969 * Therefore, programs are loaded offset from
970 * ELF_ET_DYN_BASE and loaders are loaded into the
971 * independently randomized mmap region (0 load_bias
972 * without MAP_FIXED).
973 */
974 if (elf_interpreter) {
975 load_bias = ELF_ET_DYN_BASE;
976 if (current->flags & PF_RANDOMIZE)
977 load_bias += arch_mmap_rnd();
978 elf_flags |= MAP_FIXED;
979 } else
980 load_bias = 0;
981
982 /*
983 * Since load_bias is used for all subsequent loading
984 * calculations, we must lower it by the first vaddr
985 * so that the remaining calculations based on the
986 * ELF vaddrs will be correctly offset. The result
987 * is then page aligned.
988 */
989 load_bias = ELF_PAGESTART(load_bias - vaddr);
990
Michael Davidsona87938b2015-04-14 15:47:38 -0700991 total_size = total_mapping_size(elf_phdata,
992 loc->elf_ex.e_phnum);
993 if (!total_size) {
Andrew Morton2b1d3ae2015-05-28 15:44:24 -0700994 retval = -EINVAL;
Michael Davidsona87938b2015-04-14 15:47:38 -0700995 goto out_free_dentry;
996 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700997 }
998
Jesper Juhlf4e5cc22006-06-23 02:05:35 -0700999 error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
Michael Davidsona87938b2015-04-14 15:47:38 -07001000 elf_prot, elf_flags, total_size);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001001 if (BAD_ADDR(error)) {
Alexey Kuznetsovb140f2512007-05-08 00:31:57 -07001002 retval = IS_ERR((void *)error) ?
1003 PTR_ERR((void*)error) : -EINVAL;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001004 goto out_free_dentry;
1005 }
1006
1007 if (!load_addr_set) {
1008 load_addr_set = 1;
1009 load_addr = (elf_ppnt->p_vaddr - elf_ppnt->p_offset);
1010 if (loc->elf_ex.e_type == ET_DYN) {
1011 load_bias += error -
1012 ELF_PAGESTART(load_bias + vaddr);
1013 load_addr += load_bias;
1014 reloc_func_desc = load_bias;
1015 }
1016 }
1017 k = elf_ppnt->p_vaddr;
Jesper Juhlf4e5cc22006-06-23 02:05:35 -07001018 if (k < start_code)
1019 start_code = k;
1020 if (start_data < k)
1021 start_data = k;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001022
1023 /*
1024 * Check to see if the section's size will overflow the
1025 * allowed task size. Note that p_filesz must always be
1026 * <= p_memsz so it is only necessary to check p_memsz.
1027 */
Chuck Ebbertce510592006-07-03 00:24:14 -07001028 if (BAD_ADDR(k) || elf_ppnt->p_filesz > elf_ppnt->p_memsz ||
Linus Torvalds1da177e2005-04-16 15:20:36 -07001029 elf_ppnt->p_memsz > TASK_SIZE ||
1030 TASK_SIZE - elf_ppnt->p_memsz < k) {
Jesper Juhlf4e5cc22006-06-23 02:05:35 -07001031 /* set_brk can never work. Avoid overflows. */
Alexey Kuznetsovb140f2512007-05-08 00:31:57 -07001032 retval = -EINVAL;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001033 goto out_free_dentry;
1034 }
1035
1036 k = elf_ppnt->p_vaddr + elf_ppnt->p_filesz;
1037
1038 if (k > elf_bss)
1039 elf_bss = k;
1040 if ((elf_ppnt->p_flags & PF_X) && end_code < k)
1041 end_code = k;
1042 if (end_data < k)
1043 end_data = k;
1044 k = elf_ppnt->p_vaddr + elf_ppnt->p_memsz;
Denys Vlasenko16e72e92017-02-22 15:45:16 -08001045 if (k > elf_brk) {
1046 bss_prot = elf_prot;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001047 elf_brk = k;
Denys Vlasenko16e72e92017-02-22 15:45:16 -08001048 }
Linus Torvalds1da177e2005-04-16 15:20:36 -07001049 }
1050
1051 loc->elf_ex.e_entry += load_bias;
1052 elf_bss += load_bias;
1053 elf_brk += load_bias;
1054 start_code += load_bias;
1055 end_code += load_bias;
1056 start_data += load_bias;
1057 end_data += load_bias;
1058
1059 /* Calling set_brk effectively mmaps the pages that we need
1060 * for the bss and break sections. We must do this before
1061 * mapping in the interpreter, to make sure it doesn't wind
1062 * up getting placed where the bss needs to go.
1063 */
Denys Vlasenko16e72e92017-02-22 15:45:16 -08001064 retval = set_brk(elf_bss, elf_brk, bss_prot);
Al Viro19d860a2014-05-04 20:11:36 -04001065 if (retval)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001066 goto out_free_dentry;
akpm@osdl.org6de50512005-10-11 08:29:08 -07001067 if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
Linus Torvalds1da177e2005-04-16 15:20:36 -07001068 retval = -EFAULT; /* Nobody gets to see this, but.. */
1069 goto out_free_dentry;
1070 }
1071
1072 if (elf_interpreter) {
Alan Cox6eec4822012-10-04 17:13:42 -07001073 unsigned long interp_map_addr = 0;
Jiri Kosinacc503c12008-01-30 13:31:07 +01001074
Andi Kleend20894a2008-02-08 04:21:54 -08001075 elf_entry = load_elf_interp(&loc->interp_elf_ex,
1076 interpreter,
1077 &interp_map_addr,
Paul Burtona9d9ef12014-09-11 08:30:15 +01001078 load_bias, interp_elf_phdata);
Andi Kleend20894a2008-02-08 04:21:54 -08001079 if (!IS_ERR((void *)elf_entry)) {
1080 /*
1081 * load_elf_interp() returns relocation
1082 * adjustment
1083 */
1084 interp_load_addr = elf_entry;
1085 elf_entry += loc->interp_elf_ex.e_entry;
Jiri Kosinacc503c12008-01-30 13:31:07 +01001086 }
Linus Torvalds1da177e2005-04-16 15:20:36 -07001087 if (BAD_ADDR(elf_entry)) {
Chuck Ebbertce510592006-07-03 00:24:14 -07001088 retval = IS_ERR((void *)elf_entry) ?
1089 (int)elf_entry : -EINVAL;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001090 goto out_free_dentry;
1091 }
1092 reloc_func_desc = interp_load_addr;
1093
1094 allow_write_access(interpreter);
1095 fput(interpreter);
1096 kfree(elf_interpreter);
1097 } else {
1098 elf_entry = loc->elf_ex.e_entry;
Suresh Siddha5342fba2006-02-26 04:18:28 +01001099 if (BAD_ADDR(elf_entry)) {
Chuck Ebbertce510592006-07-03 00:24:14 -07001100 retval = -EINVAL;
Suresh Siddha5342fba2006-02-26 04:18:28 +01001101 goto out_free_dentry;
1102 }
Linus Torvalds1da177e2005-04-16 15:20:36 -07001103 }
1104
Paul Burton774c1052014-09-11 08:30:16 +01001105 kfree(interp_elf_phdata);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001106 kfree(elf_phdata);
1107
Linus Torvalds1da177e2005-04-16 15:20:36 -07001108 set_binfmt(&elf_format);
1109
Benjamin Herrenschmidt547ee842005-04-16 15:24:35 -07001110#ifdef ARCH_HAS_SETUP_ADDITIONAL_PAGES
Martin Schwidefskyfc5243d2008-12-25 13:38:35 +01001111 retval = arch_setup_additional_pages(bprm, !!elf_interpreter);
Al Viro19d860a2014-05-04 20:11:36 -04001112 if (retval < 0)
Roland McGrath18c8baff2005-04-28 15:17:19 -07001113 goto out;
Benjamin Herrenschmidt547ee842005-04-16 15:24:35 -07001114#endif /* ARCH_HAS_SETUP_ADDITIONAL_PAGES */
1115
Ollie Wildb6a2fea2007-07-19 01:48:16 -07001116 retval = create_elf_tables(bprm, &loc->elf_ex,
Jesper Juhlf4e5cc22006-06-23 02:05:35 -07001117 load_addr, interp_load_addr);
Al Viro19d860a2014-05-04 20:11:36 -04001118 if (retval < 0)
Ollie Wildb6a2fea2007-07-19 01:48:16 -07001119 goto out;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001120 /* N.B. passed_fileno might not be initialized? */
Linus Torvalds1da177e2005-04-16 15:20:36 -07001121 current->mm->end_code = end_code;
1122 current->mm->start_code = start_code;
1123 current->mm->start_data = start_data;
1124 current->mm->end_data = end_data;
1125 current->mm->start_stack = bprm->p;
1126
Jiri Kosina4471a672011-04-14 15:22:09 -07001127 if ((current->flags & PF_RANDOMIZE) && (randomize_va_space > 1)) {
Jiri Kosinac1d171a2008-01-30 13:30:40 +01001128 current->mm->brk = current->mm->start_brk =
1129 arch_randomize_brk(current->mm);
Kees Cook204db6e2015-04-14 15:48:12 -07001130#ifdef compat_brk_randomized
Jiri Kosina4471a672011-04-14 15:22:09 -07001131 current->brk_randomized = 1;
1132#endif
1133 }
Jiri Kosinac1d171a2008-01-30 13:30:40 +01001134
Linus Torvalds1da177e2005-04-16 15:20:36 -07001135 if (current->personality & MMAP_PAGE_ZERO) {
1136 /* Why this, you ask??? Well SVr4 maps page 0 as read-only,
1137 and some applications "depend" upon this behavior.
1138 Since we do not have the power to recompile these, we
Jesper Juhlf4e5cc22006-06-23 02:05:35 -07001139 emulate the SVr4 behavior. Sigh. */
Linus Torvalds6be5ceb2012-04-20 17:13:58 -07001140 error = vm_mmap(NULL, 0, PAGE_SIZE, PROT_READ | PROT_EXEC,
Linus Torvalds1da177e2005-04-16 15:20:36 -07001141 MAP_FIXED | MAP_PRIVATE, 0);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001142 }
1143
1144#ifdef ELF_PLAT_INIT
1145 /*
1146 * The ABI may specify that certain registers be set up in special
1147 * ways (on i386 %edx is the address of a DT_FINI function, for
1148 * example. In addition, it may also specify (eg, PowerPC64 ELF)
1149 * that the e_entry field is the address of the function descriptor
1150 * for the startup routine, rather than the address of the startup
1151 * routine itself. This macro performs whatever initialization to
1152 * the regs structure is required as well as any relocations to the
1153 * function descriptor entries when executing dynamically links apps.
1154 */
1155 ELF_PLAT_INIT(regs, reloc_func_desc);
1156#endif
1157
1158 start_thread(regs, elf_entry, bprm->p);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001159 retval = 0;
1160out:
1161 kfree(loc);
1162out_ret:
1163 return retval;
1164
1165 /* error cleanup */
1166out_free_dentry:
Paul Burtona9d9ef12014-09-11 08:30:15 +01001167 kfree(interp_elf_phdata);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001168 allow_write_access(interpreter);
1169 if (interpreter)
1170 fput(interpreter);
1171out_free_interp:
Jesper Juhlf99d49a2005-11-07 01:01:34 -08001172 kfree(elf_interpreter);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001173out_free_ph:
1174 kfree(elf_phdata);
1175 goto out;
1176}
1177
Josh Triplett69369a72014-04-03 14:48:27 -07001178#ifdef CONFIG_USELIB
Linus Torvalds1da177e2005-04-16 15:20:36 -07001179/* This is really simpleminded and specialized - we are loading an
1180 a.out library that is given an ELF header. */
Linus Torvalds1da177e2005-04-16 15:20:36 -07001181static int load_elf_library(struct file *file)
1182{
1183 struct elf_phdr *elf_phdata;
1184 struct elf_phdr *eppnt;
1185 unsigned long elf_bss, bss, len;
1186 int retval, error, i, j;
1187 struct elfhdr elf_ex;
Christoph Hellwigbdd1d2d2017-09-01 17:39:13 +02001188 loff_t pos = 0;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001189
1190 error = -ENOEXEC;
Christoph Hellwigbdd1d2d2017-09-01 17:39:13 +02001191 retval = kernel_read(file, &elf_ex, sizeof(elf_ex), &pos);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001192 if (retval != sizeof(elf_ex))
1193 goto out;
1194
1195 if (memcmp(elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
1196 goto out;
1197
1198 /* First of all, some simple consistency checks */
1199 if (elf_ex.e_type != ET_EXEC || elf_ex.e_phnum > 2 ||
Al Viro72c2d532013-09-22 16:27:52 -04001200 !elf_check_arch(&elf_ex) || !file->f_op->mmap)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001201 goto out;
Nicolas Pitre47552002017-08-16 16:05:13 -04001202 if (elf_check_fdpic(&elf_ex))
1203 goto out;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001204
1205 /* Now read in all of the header information */
1206
1207 j = sizeof(struct elf_phdr) * elf_ex.e_phnum;
1208 /* j < ELF_MIN_ALIGN because elf_ex.e_phnum <= 2 */
1209
1210 error = -ENOMEM;
1211 elf_phdata = kmalloc(j, GFP_KERNEL);
1212 if (!elf_phdata)
1213 goto out;
1214
1215 eppnt = elf_phdata;
1216 error = -ENOEXEC;
Christoph Hellwigbdd1d2d2017-09-01 17:39:13 +02001217 pos = elf_ex.e_phoff;
1218 retval = kernel_read(file, eppnt, j, &pos);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001219 if (retval != j)
1220 goto out_free_ph;
1221
1222 for (j = 0, i = 0; i<elf_ex.e_phnum; i++)
1223 if ((eppnt + i)->p_type == PT_LOAD)
1224 j++;
1225 if (j != 1)
1226 goto out_free_ph;
1227
1228 while (eppnt->p_type != PT_LOAD)
1229 eppnt++;
1230
1231 /* Now use mmap to map the library into memory. */
Linus Torvalds6be5ceb2012-04-20 17:13:58 -07001232 error = vm_mmap(file,
Linus Torvalds1da177e2005-04-16 15:20:36 -07001233 ELF_PAGESTART(eppnt->p_vaddr),
1234 (eppnt->p_filesz +
1235 ELF_PAGEOFFSET(eppnt->p_vaddr)),
1236 PROT_READ | PROT_WRITE | PROT_EXEC,
1237 MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE,
1238 (eppnt->p_offset -
1239 ELF_PAGEOFFSET(eppnt->p_vaddr)));
Linus Torvalds1da177e2005-04-16 15:20:36 -07001240 if (error != ELF_PAGESTART(eppnt->p_vaddr))
1241 goto out_free_ph;
1242
1243 elf_bss = eppnt->p_vaddr + eppnt->p_filesz;
1244 if (padzero(elf_bss)) {
1245 error = -EFAULT;
1246 goto out_free_ph;
1247 }
1248
Jesper Juhlf4e5cc22006-06-23 02:05:35 -07001249 len = ELF_PAGESTART(eppnt->p_filesz + eppnt->p_vaddr +
1250 ELF_MIN_ALIGN - 1);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001251 bss = eppnt->p_memsz + eppnt->p_vaddr;
Michal Hockoecc2bc82016-05-23 16:25:39 -07001252 if (bss > len) {
1253 error = vm_brk(len, bss - len);
Linus Torvalds5d22fc22016-05-27 15:57:31 -07001254 if (error)
Michal Hockoecc2bc82016-05-23 16:25:39 -07001255 goto out_free_ph;
1256 }
Linus Torvalds1da177e2005-04-16 15:20:36 -07001257 error = 0;
1258
1259out_free_ph:
1260 kfree(elf_phdata);
1261out:
1262 return error;
1263}
Josh Triplett69369a72014-04-03 14:48:27 -07001264#endif /* #ifdef CONFIG_USELIB */
Linus Torvalds1da177e2005-04-16 15:20:36 -07001265
Christoph Hellwig698ba7b2009-12-15 16:47:37 -08001266#ifdef CONFIG_ELF_CORE
Linus Torvalds1da177e2005-04-16 15:20:36 -07001267/*
1268 * ELF core dumper
1269 *
1270 * Modelled on fs/exec.c:aout_core_dump()
1271 * Jeremy Fitzhardinge <jeremy@sw.oz.au>
1272 */
Linus Torvalds1da177e2005-04-16 15:20:36 -07001273
1274/*
Jason Baron909af762012-03-23 15:02:51 -07001275 * The purpose of always_dump_vma() is to make sure that special kernel mappings
1276 * that are useful for post-mortem analysis are included in every core dump.
1277 * In that way we ensure that the core dump is fully interpretable later
1278 * without matching up the same kernel and hardware config to see what PC values
1279 * meant. These special mappings include - vDSO, vsyscall, and other
1280 * architecture specific mappings
1281 */
1282static bool always_dump_vma(struct vm_area_struct *vma)
1283{
1284 /* Any vsyscall mappings? */
1285 if (vma == get_gate_vma(vma->vm_mm))
1286 return true;
Andy Lutomirski78d683e2014-05-19 15:58:32 -07001287
1288 /*
1289 * Assume that all vmas with a .name op should always be dumped.
1290 * If this changes, a new vm_ops field can easily be added.
1291 */
1292 if (vma->vm_ops && vma->vm_ops->name && vma->vm_ops->name(vma))
1293 return true;
1294
Jason Baron909af762012-03-23 15:02:51 -07001295 /*
1296 * arch_vma_name() returns non-NULL for special architecture mappings,
1297 * such as vDSO sections.
1298 */
1299 if (arch_vma_name(vma))
1300 return true;
1301
1302 return false;
1303}
1304
1305/*
Roland McGrath82df3972007-10-16 23:27:02 -07001306 * Decide what to dump of a segment, part, all or none.
Linus Torvalds1da177e2005-04-16 15:20:36 -07001307 */
Roland McGrath82df3972007-10-16 23:27:02 -07001308static unsigned long vma_dump_size(struct vm_area_struct *vma,
1309 unsigned long mm_flags)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001310{
KOSAKI Motohiroe575f112008-10-18 20:27:08 -07001311#define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type))
1312
Jason Baron909af762012-03-23 15:02:51 -07001313 /* always dump the vdso and vsyscall sections */
1314 if (always_dump_vma(vma))
Roland McGrath82df3972007-10-16 23:27:02 -07001315 goto whole;
Roland McGrathe5b97dd2007-01-26 00:56:48 -08001316
Konstantin Khlebnikov0103bd12012-10-08 16:28:59 -07001317 if (vma->vm_flags & VM_DONTDUMP)
Jason Baronaccb61f2012-03-23 15:02:51 -07001318 return 0;
1319
Ross Zwisler50378352015-10-05 16:33:36 -06001320 /* support for DAX */
1321 if (vma_is_dax(vma)) {
1322 if ((vma->vm_flags & VM_SHARED) && FILTER(DAX_SHARED))
1323 goto whole;
1324 if (!(vma->vm_flags & VM_SHARED) && FILTER(DAX_PRIVATE))
1325 goto whole;
1326 return 0;
1327 }
1328
KOSAKI Motohiroe575f112008-10-18 20:27:08 -07001329 /* Hugetlb memory check */
1330 if (vma->vm_flags & VM_HUGETLB) {
1331 if ((vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_SHARED))
1332 goto whole;
1333 if (!(vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_PRIVATE))
1334 goto whole;
Naoya Horiguchi23d9e482013-04-17 15:58:28 -07001335 return 0;
KOSAKI Motohiroe575f112008-10-18 20:27:08 -07001336 }
1337
Linus Torvalds1da177e2005-04-16 15:20:36 -07001338 /* Do not dump I/O mapped devices or special mappings */
Konstantin Khlebnikov314e51b2012-10-08 16:29:02 -07001339 if (vma->vm_flags & VM_IO)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001340 return 0;
1341
Kawai, Hidehiroa1b59e82007-07-19 01:48:29 -07001342 /* By default, dump shared memory if mapped from an anonymous file. */
1343 if (vma->vm_flags & VM_SHARED) {
Al Viro496ad9a2013-01-23 17:07:38 -05001344 if (file_inode(vma->vm_file)->i_nlink == 0 ?
Roland McGrath82df3972007-10-16 23:27:02 -07001345 FILTER(ANON_SHARED) : FILTER(MAPPED_SHARED))
1346 goto whole;
1347 return 0;
Kawai, Hidehiroa1b59e82007-07-19 01:48:29 -07001348 }
Linus Torvalds1da177e2005-04-16 15:20:36 -07001349
Roland McGrath82df3972007-10-16 23:27:02 -07001350 /* Dump segments that have been written to. */
1351 if (vma->anon_vma && FILTER(ANON_PRIVATE))
1352 goto whole;
1353 if (vma->vm_file == NULL)
1354 return 0;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001355
Roland McGrath82df3972007-10-16 23:27:02 -07001356 if (FILTER(MAPPED_PRIVATE))
1357 goto whole;
1358
1359 /*
1360 * If this looks like the beginning of a DSO or executable mapping,
1361 * check for an ELF header. If we find one, dump the first page to
1362 * aid in determining what was mapped here.
1363 */
Roland McGrath92dc07b2009-02-06 17:34:07 -08001364 if (FILTER(ELF_HEADERS) &&
1365 vma->vm_pgoff == 0 && (vma->vm_flags & VM_READ)) {
Roland McGrath82df3972007-10-16 23:27:02 -07001366 u32 __user *header = (u32 __user *) vma->vm_start;
1367 u32 word;
Roland McGrath92dc07b2009-02-06 17:34:07 -08001368 mm_segment_t fs = get_fs();
Roland McGrath82df3972007-10-16 23:27:02 -07001369 /*
1370 * Doing it this way gets the constant folded by GCC.
1371 */
1372 union {
1373 u32 cmp;
1374 char elfmag[SELFMAG];
1375 } magic;
1376 BUILD_BUG_ON(SELFMAG != sizeof word);
1377 magic.elfmag[EI_MAG0] = ELFMAG0;
1378 magic.elfmag[EI_MAG1] = ELFMAG1;
1379 magic.elfmag[EI_MAG2] = ELFMAG2;
1380 magic.elfmag[EI_MAG3] = ELFMAG3;
Roland McGrath92dc07b2009-02-06 17:34:07 -08001381 /*
1382 * Switch to the user "segment" for get_user(),
1383 * then put back what elf_core_dump() had in place.
1384 */
1385 set_fs(USER_DS);
1386 if (unlikely(get_user(word, header)))
1387 word = 0;
1388 set_fs(fs);
1389 if (word == magic.cmp)
Roland McGrath82df3972007-10-16 23:27:02 -07001390 return PAGE_SIZE;
1391 }
1392
1393#undef FILTER
1394
1395 return 0;
1396
1397whole:
1398 return vma->vm_end - vma->vm_start;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001399}
1400
Linus Torvalds1da177e2005-04-16 15:20:36 -07001401/* An ELF note in memory */
1402struct memelfnote
1403{
1404 const char *name;
1405 int type;
1406 unsigned int datasz;
1407 void *data;
1408};
1409
1410static int notesize(struct memelfnote *en)
1411{
1412 int sz;
1413
1414 sz = sizeof(struct elf_note);
1415 sz += roundup(strlen(en->name) + 1, 4);
1416 sz += roundup(en->datasz, 4);
1417
1418 return sz;
1419}
1420
Al Viroecc8c772013-10-05 15:32:35 -04001421static int writenote(struct memelfnote *men, struct coredump_params *cprm)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001422{
1423 struct elf_note en;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001424 en.n_namesz = strlen(men->name) + 1;
1425 en.n_descsz = men->datasz;
1426 en.n_type = men->type;
1427
Al Viroecc8c772013-10-05 15:32:35 -04001428 return dump_emit(cprm, &en, sizeof(en)) &&
Al Viro22a8cb82013-10-08 11:05:01 -04001429 dump_emit(cprm, men->name, en.n_namesz) && dump_align(cprm, 4) &&
1430 dump_emit(cprm, men->data, men->datasz) && dump_align(cprm, 4);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001431}
Linus Torvalds1da177e2005-04-16 15:20:36 -07001432
Roland McGrath3aba4812008-01-30 13:31:44 +01001433static void fill_elf_header(struct elfhdr *elf, int segs,
Zhang Yanfeid3330cf2013-02-21 16:44:20 -08001434 u16 machine, u32 flags)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001435{
Cyrill Gorcunov6970c8e2008-04-29 01:01:18 -07001436 memset(elf, 0, sizeof(*elf));
1437
Linus Torvalds1da177e2005-04-16 15:20:36 -07001438 memcpy(elf->e_ident, ELFMAG, SELFMAG);
1439 elf->e_ident[EI_CLASS] = ELF_CLASS;
1440 elf->e_ident[EI_DATA] = ELF_DATA;
1441 elf->e_ident[EI_VERSION] = EV_CURRENT;
1442 elf->e_ident[EI_OSABI] = ELF_OSABI;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001443
1444 elf->e_type = ET_CORE;
Roland McGrath3aba4812008-01-30 13:31:44 +01001445 elf->e_machine = machine;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001446 elf->e_version = EV_CURRENT;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001447 elf->e_phoff = sizeof(struct elfhdr);
Roland McGrath3aba4812008-01-30 13:31:44 +01001448 elf->e_flags = flags;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001449 elf->e_ehsize = sizeof(struct elfhdr);
1450 elf->e_phentsize = sizeof(struct elf_phdr);
1451 elf->e_phnum = segs;
Cyrill Gorcunov6970c8e2008-04-29 01:01:18 -07001452
Linus Torvalds1da177e2005-04-16 15:20:36 -07001453 return;
1454}
1455
Andrew Morton8d6b5eee2006-09-25 23:32:04 -07001456static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, loff_t offset)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001457{
1458 phdr->p_type = PT_NOTE;
1459 phdr->p_offset = offset;
1460 phdr->p_vaddr = 0;
1461 phdr->p_paddr = 0;
1462 phdr->p_filesz = sz;
1463 phdr->p_memsz = 0;
1464 phdr->p_flags = 0;
1465 phdr->p_align = 0;
1466 return;
1467}
1468
1469static void fill_note(struct memelfnote *note, const char *name, int type,
1470 unsigned int sz, void *data)
1471{
1472 note->name = name;
1473 note->type = type;
1474 note->datasz = sz;
1475 note->data = data;
1476 return;
1477}
1478
1479/*
Jesper Juhlf4e5cc22006-06-23 02:05:35 -07001480 * fill up all the fields in prstatus from the given task struct, except
1481 * registers which need to be filled up separately.
Linus Torvalds1da177e2005-04-16 15:20:36 -07001482 */
1483static void fill_prstatus(struct elf_prstatus *prstatus,
Jesper Juhlf4e5cc22006-06-23 02:05:35 -07001484 struct task_struct *p, long signr)
Linus Torvalds1da177e2005-04-16 15:20:36 -07001485{
1486 prstatus->pr_info.si_signo = prstatus->pr_cursig = signr;
1487 prstatus->pr_sigpend = p->pending.signal.sig[0];
1488 prstatus->pr_sighold = p->blocked.sig[0];
Oleg Nesterov3b34fc52009-06-17 16:27:38 -07001489 rcu_read_lock();
1490 prstatus->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1491 rcu_read_unlock();
Pavel Emelyanovb4888932007-10-18 23:40:14 -07001492 prstatus->pr_pid = task_pid_vnr(p);
Pavel Emelyanovb4888932007-10-18 23:40:14 -07001493 prstatus->pr_pgrp = task_pgrp_vnr(p);
1494 prstatus->pr_sid = task_session_vnr(p);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001495 if (thread_group_leader(p)) {
Frederic Weisbeckercd19c362017-01-31 04:09:27 +01001496 struct task_cputime cputime;
Frank Mayharf06febc2008-09-12 09:54:39 -07001497
Linus Torvalds1da177e2005-04-16 15:20:36 -07001498 /*
Frank Mayharf06febc2008-09-12 09:54:39 -07001499 * This is the record for the group leader. It shows the
1500 * group-wide total, not its individual thread total.
Linus Torvalds1da177e2005-04-16 15:20:36 -07001501 */
Frederic Weisbeckercd19c362017-01-31 04:09:27 +01001502 thread_group_cputime(p, &cputime);
1503 prstatus->pr_utime = ns_to_timeval(cputime.utime);
1504 prstatus->pr_stime = ns_to_timeval(cputime.stime);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001505 } else {
Frederic Weisbeckercd19c362017-01-31 04:09:27 +01001506 u64 utime, stime;
Frederic Weisbecker6fac4822012-11-13 14:20:55 +01001507
Frederic Weisbeckercd19c362017-01-31 04:09:27 +01001508 task_cputime(p, &utime, &stime);
1509 prstatus->pr_utime = ns_to_timeval(utime);
1510 prstatus->pr_stime = ns_to_timeval(stime);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001511 }
Frederic Weisbecker5613fda2017-01-31 04:09:23 +01001512
Frederic Weisbeckercd19c362017-01-31 04:09:27 +01001513 prstatus->pr_cutime = ns_to_timeval(p->signal->cutime);
1514 prstatus->pr_cstime = ns_to_timeval(p->signal->cstime);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001515}
1516
1517static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p,
1518 struct mm_struct *mm)
1519{
David Howellsc69e8d92008-11-14 10:39:19 +11001520 const struct cred *cred;
Greg Kroah-Hartmana84a5052005-05-11 00:10:44 -07001521 unsigned int i, len;
Linus Torvalds1da177e2005-04-16 15:20:36 -07001522
1523 /* first copy the parameters from user space */
1524 memset(psinfo, 0, sizeof(struct elf_prpsinfo));
1525
1526 len = mm->arg_end - mm->arg_start;
1527 if (len >= ELF_PRARGSZ)
1528 len = ELF_PRARGSZ-1;
1529 if (copy_from_user(&psinfo->pr_psargs,
1530 (const char __user *)mm->arg_start, len))
1531 return -EFAULT;
1532 for(i = 0; i < len; i++)
1533 if (psinfo->pr_psargs[i] == 0)
1534 psinfo->pr_psargs[i] = ' ';
1535 psinfo->pr_psargs[len] = 0;
1536
Oleg Nesterov3b34fc52009-06-17 16:27:38 -07001537 rcu_read_lock();
1538 psinfo->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1539 rcu_read_unlock();
Pavel Emelyanovb4888932007-10-18 23:40:14 -07001540 psinfo->pr_pid = task_pid_vnr(p);
Pavel Emelyanovb4888932007-10-18 23:40:14 -07001541 psinfo->pr_pgrp = task_pgrp_vnr(p);
1542 psinfo->pr_sid = task_session_vnr(p);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001543
1544 i = p->state ? ffz(~p->state) + 1 : 0;
1545 psinfo->pr_state = i;
Carsten Otte55148542006-03-25 03:08:22 -08001546 psinfo->pr_sname = (i > 5) ? '.' : "RSDTZW"[i];
Linus Torvalds1da177e2005-04-16 15:20:36 -07001547 psinfo->pr_zomb = psinfo->pr_sname == 'Z';
1548 psinfo->pr_nice = task_nice(p);
1549 psinfo->pr_flag = p->flags;
David Howellsc69e8d92008-11-14 10:39:19 +11001550 rcu_read_lock();
1551 cred = __task_cred(p);
Eric W. Biedermanebc887b2012-02-07 18:36:10 -08001552 SET_UID(psinfo->pr_uid, from_kuid_munged(cred->user_ns, cred->uid));
1553 SET_GID(psinfo->pr_gid, from_kgid_munged(cred->user_ns, cred->gid));
David Howellsc69e8d92008-11-14 10:39:19 +11001554 rcu_read_unlock();
Linus Torvalds1da177e2005-04-16 15:20:36 -07001555 strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname));
1556
1557 return 0;
1558}
1559
Roland McGrath3aba4812008-01-30 13:31:44 +01001560static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
1561{
1562 elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
1563 int i = 0;
1564 do
1565 i += 2;
1566 while (auxv[i - 2] != AT_NULL);
1567 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
1568}
1569
Denys Vlasenko49ae4d42012-10-04 17:15:35 -07001570static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata,
Al Viroce395962013-10-13 17:23:53 -04001571 const siginfo_t *siginfo)
Denys Vlasenko49ae4d42012-10-04 17:15:35 -07001572{
1573 mm_segment_t old_fs = get_fs();
1574 set_fs(KERNEL_DS);
1575 copy_siginfo_to_user((user_siginfo_t __user *) csigdata, siginfo);
1576 set_fs(old_fs);
1577 fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata);
1578}
1579
Denys Vlasenko2aa362c2012-10-04 17:15:36 -07001580#define MAX_FILE_NOTE_SIZE (4*1024*1024)
1581/*
1582 * Format of NT_FILE note:
1583 *
1584 * long count -- how many files are mapped
1585 * long page_size -- units for file_ofs
1586 * array of [COUNT] elements of
1587 * long start
1588 * long end
1589 * long file_ofs
1590 * followed by COUNT filenames in ASCII: "FILE1" NUL "FILE2" NUL...
1591 */
Dan Aloni72023652013-09-30 13:45:02 -07001592static int fill_files_note(struct memelfnote *note)
Denys Vlasenko2aa362c2012-10-04 17:15:36 -07001593{
1594 struct vm_area_struct *vma;
1595 unsigned count, size, names_ofs, remaining, n;
1596 user_long_t *data;
1597 user_long_t *start_end_ofs;
1598 char *name_base, *name_curpos;
1599
1600 /* *Estimated* file count and total data size needed */
1601 count = current->mm->map_count;
Alexey Dobriyan60c9d922018-02-06 15:39:13 -08001602 if (count > UINT_MAX / 64)
1603 return -EINVAL;
Denys Vlasenko2aa362c2012-10-04 17:15:36 -07001604 size = count * 64;
1605
1606 names_ofs = (2 + 3 * count) * sizeof(data[0]);
1607 alloc:
1608 if (size >= MAX_FILE_NOTE_SIZE) /* paranoia check */
Dan Aloni72023652013-09-30 13:45:02 -07001609 return -EINVAL;
Denys Vlasenko2aa362c2012-10-04 17:15:36 -07001610 size = round_up(size, PAGE_SIZE);
1611 data = vmalloc(size);
1612 if (!data)
Dan Aloni72023652013-09-30 13:45:02 -07001613 return -ENOMEM;
Denys Vlasenko2aa362c2012-10-04 17:15:36 -07001614
1615 start_end_ofs = data + 2;
1616 name_base = name_curpos = ((char *)data) + names_ofs;
1617 remaining = size - names_ofs;
1618 count = 0;
1619 for (vma = current->mm->mmap; vma != NULL; vma = vma->vm_next) {
1620 struct file *file;
1621 const char *filename;
1622
1623 file = vma->vm_file;
1624 if (!file)
1625 continue;
Miklos Szeredi9bf39ab2015-06-19 10:29:13 +02001626 filename = file_path(file, name_curpos, remaining);
Denys Vlasenko2aa362c2012-10-04 17:15:36 -07001627 if (IS_ERR(filename)) {
1628 if (PTR_ERR(filename) == -ENAMETOOLONG) {
1629 vfree(data);
1630 size = size * 5 / 4;
1631 goto alloc;
1632 }
1633 continue;
1634 }
1635
Miklos Szeredi9bf39ab2015-06-19 10:29:13 +02001636 /* file_path() fills at the end, move name down */
Denys Vlasenko2aa362c2012-10-04 17:15:36 -07001637 /* n = strlen(filename) + 1: */
1638 n = (name_curpos + remaining) - filename;
1639 remaining = filename - name_curpos;
1640 memmove(name_curpos, filename, n);
1641 name_curpos += n;
1642
1643 *start_end_ofs++ = vma->vm_start;
1644 *start_end_ofs++ = vma->vm_end;
1645 *start_end_ofs++ = vma->vm_pgoff;
1646 count++;
1647 }
1648
1649 /* Now we know exact count of files, can store it */
1650 data[0] = count;
1651 data[1] = PAGE_SIZE;
1652 /*
1653 * Count usually is less than current->mm->map_count,
1654 * we need to move filenames down.
1655 */
1656 n = current->mm->map_count - count;
1657 if (n != 0) {
1658 unsigned shift_bytes = n * 3 * sizeof(data[0]);
1659 memmove(name_base - shift_bytes, name_base,
1660 name_curpos - name_base);
1661 name_curpos -= shift_bytes;
1662 }
1663
1664 size = name_curpos - (char *)data;
1665 fill_note(note, "CORE", NT_FILE, size, data);
Dan Aloni72023652013-09-30 13:45:02 -07001666 return 0;
Denys Vlasenko2aa362c2012-10-04 17:15:36 -07001667}
1668
Roland McGrath4206d3a2008-01-30 13:31:45 +01001669#ifdef CORE_DUMP_USE_REGSET
1670#include <linux/regset.h>
1671
1672struct elf_thread_core_info {
1673 struct elf_thread_core_info *next;
1674 struct task_struct *task;
1675 struct elf_prstatus prstatus;
1676 struct memelfnote notes[0];
1677};
1678
1679struct elf_note_info {
1680 struct elf_thread_core_info *thread;
1681 struct memelfnote psinfo;
Denys Vlasenko49ae4d42012-10-04 17:15:35 -07001682 struct memelfnote signote;
Roland McGrath4206d3a2008-01-30 13:31:45 +01001683 struct memelfnote auxv;
Denys Vlasenko2aa362c2012-10-04 17:15:36 -07001684 struct memelfnote files;
Denys Vlasenko49ae4d42012-10-04 17:15:35 -07001685 user_siginfo_t csigdata;
Roland McGrath4206d3a2008-01-30 13:31:45 +01001686 size_t size;
1687 int thread_notes;
1688};
1689
Roland McGrathd31472b2008-03-04 14:28:30 -08001690/*
1691 * When a regset has a writeback hook, we call it on each thread before
1692 * dumping user memory. On register window machines, this makes sure the
1693 * user memory backing the register data is up to date before we read it.
1694 */
1695static void do_thread_regset_writeback(struct task_struct *task,
1696 const struct user_regset *regset)
1697{
1698 if (regset->writeback)
1699 regset->writeback(task, regset, 1);
1700}
1701
H. J. Lu0953f65d2012-02-14 13:34:52 -08001702#ifndef PRSTATUS_SIZE
Dmitry Safonov90954e72016-09-05 16:33:06 +03001703#define PRSTATUS_SIZE(S, R) sizeof(S)
H. J. Lu0953f65d2012-02-14 13:34:52 -08001704#endif
1705
1706#ifndef SET_PR_FPVALID
Dmitry Safonov90954e72016-09-05 16:33:06 +03001707#define SET_PR_FPVALID(S, V, R) ((S)->pr_fpvalid = (V))
H. J. Lu0953f65d2012-02-14 13:34:52 -08001708#endif
1709
Roland McGrath4206d3a2008-01-30 13:31:45 +01001710static int fill_thread_core_info(struct elf_thread_core_info *t,
1711 const struct user_regset_view *view,
1712 long signr, size_t *total)
1713{
1714 unsigned int i;
Dave Martin27e64b42017-10-31 15:50:53 +00001715 unsigned int regset0_size = regset_size(t->task, &view->regsets[0]);
Roland McGrath4206d3a2008-01-30 13:31:45 +01001716
1717 /*
1718 * NT_PRSTATUS is the one special case, because the regset data
1719 * goes into the pr_reg field inside the note contents, rather
1720 * than being the whole note contents. We fill the reset in here.
1721 * We assume that regset 0 is NT_PRSTATUS.
1722 */
1723 fill_prstatus(&t->prstatus, t->task, signr);
Dave Martin27e64b42017-10-31 15:50:53 +00001724 (void) view->regsets[0].get(t->task, &view->regsets[0], 0, regset0_size,
Dmitry Safonov90954e72016-09-05 16:33:06 +03001725 &t->prstatus.pr_reg, NULL);
Roland McGrath4206d3a2008-01-30 13:31:45 +01001726
1727 fill_note(&t->notes[0], "CORE", NT_PRSTATUS,
Dave Martin27e64b42017-10-31 15:50:53 +00001728 PRSTATUS_SIZE(t->prstatus, regset0_size), &t->prstatus);
Roland McGrath4206d3a2008-01-30 13:31:45 +01001729 *total += notesize(&t->notes[0]);
1730
Roland McGrathd31472b2008-03-04 14:28:30 -08001731 do_thread_regset_writeback(t->task, &view->regsets[0]);
1732
Roland McGrath4206d3a2008-01-30 13:31:45 +01001733 /*
1734 * Each other regset might generate a note too. For each regset
1735 * that has no core_note_type or is inactive, we leave t->notes[i]
1736 * all zero and we'll know to skip writing it later.
1737 */
1738 for (i = 1; i < view->n; ++i) {
1739 const struct user_regset *regset = &view->regsets[i];
Roland McGrathd31472b2008-03-04 14:28:30 -08001740 do_thread_regset_writeback(t->task, regset);
H. Peter Anvinc8e25252012-03-02 10:43:48 -08001741 if (regset->core_note_type && regset->get &&
Roland McGrath4206d3a2008-01-30 13:31:45 +01001742 (!regset->active || regset->active(t->task, regset))) {
1743 int ret;
Dave Martin27e64b42017-10-31 15:50:53 +00001744 size_t size = regset_size(t->task, regset);
Roland McGrath4206d3a2008-01-30 13:31:45 +01001745 void *data = kmalloc(size, GFP_KERNEL);
1746 if (unlikely(!data))
1747 return 0;
1748 ret = regset->get(t->task, regset,
1749 0, size, data, NULL);
1750 if (unlikely(ret))
1751 kfree(data);
1752 else {
1753 if (regset->core_note_type != NT_PRFPREG)
1754 fill_note(&t->notes[i], "LINUX",
1755 regset->core_note_type,
1756 size, data);
1757 else {
Dmitry Safonov90954e72016-09-05 16:33:06 +03001758 SET_PR_FPVALID(&t->prstatus,
Dave Martin27e64b42017-10-31 15:50:53 +00001759 1, regset0_size);
Roland McGrath4206d3a2008-01-30 13:31:45 +01001760 fill_note(&t->notes[i], "CORE",
1761 NT_PRFPREG, size, data);
1762 }
1763 *total += notesize(&t->notes[i]);
1764 }
1765 }
1766 }
1767
1768 return 1;
1769}
1770
1771static int fill_note_info(struct elfhdr *elf, int phdrs,
1772 struct elf_note_info *info,
Al Viroec579412013-10-13 17:57:29 -04001773 const siginfo_t *siginfo, struct pt_regs *regs)
Roland McGrath4206d3a2008-01-30 13:31:45 +01001774{
1775 struct task_struct *dump_task = current;
1776 const struct user_regset_view *view = task_user_regset_view(dump_task);
1777 struct elf_thread_core_info *t;
1778 struct elf_prpsinfo *psinfo;
Oleg Nesterov83914442008-07-25 01:47:45 -07001779 struct core_thread *ct;
Roland McGrath4206d3a2008-01-30 13:31:45 +01001780 unsigned int i;
1781
1782 info->size = 0;
1783 info->thread = NULL;
1784
1785 psinfo = kmalloc(sizeof(*psinfo), GFP_KERNEL);
Alan Cox6899e922012-12-17 16:02:09 -08001786 if (psinfo == NULL) {
1787 info->psinfo.data = NULL; /* So we don't free this wrongly */
Roland McGrath4206d3a2008-01-30 13:31:45 +01001788 return 0;
Alan Cox6899e922012-12-17 16:02:09 -08001789 }
Roland McGrath4206d3a2008-01-30 13:31:45 +01001790
Amerigo Wange2dbe122009-07-01 01:06:26 -04001791 fill_note(&info->psinfo, "CORE", NT_PRPSINFO, sizeof(*psinfo), psinfo);
1792
Roland McGrath4206d3a2008-01-30 13:31:45 +01001793 /*
1794 * Figure out how many notes we're going to need for each thread.
1795 */
1796 info->thread_notes = 0;
1797 for (i = 0; i < view->n; ++i)
1798 if (view->regsets[i].core_note_type != 0)
1799 ++info->thread_notes;
1800
1801 /*
1802 * Sanity check. We rely on regset 0 being in NT_PRSTATUS,
1803 * since it is our one special case.
1804 */
1805 if (unlikely(info->thread_notes == 0) ||
1806 unlikely(view->regsets[0].core_note_type != NT_PRSTATUS)) {
1807 WARN_ON(1);
1808 return 0;
1809 }
1810
1811 /*
1812 * Initialize the ELF file header.
1813 */
1814 fill_elf_header(elf, phdrs,
Zhang Yanfeid3330cf2013-02-21 16:44:20 -08001815 view->e_machine, view->e_flags);
Roland McGrath4206d3a2008-01-30 13:31:45 +01001816
1817 /*
1818 * Allocate a structure for each thread.
1819 */
Oleg Nesterov83914442008-07-25 01:47:45 -07001820 for (ct = &dump_task->mm->core_state->dumper; ct; ct = ct->next) {
1821 t = kzalloc(offsetof(struct elf_thread_core_info,
1822 notes[info->thread_notes]),
1823 GFP_KERNEL);
1824 if (unlikely(!t))
1825 return 0;
Oleg Nesterov24d52882008-07-25 01:47:40 -07001826
Oleg Nesterov83914442008-07-25 01:47:45 -07001827 t->task = ct->task;
1828 if (ct->task == dump_task || !info->thread) {
1829 t->next = info->thread;
1830 info->thread = t;
1831 } else {
1832 /*
1833 * Make sure to keep the original task at
1834 * the head of the list.
1835 */
1836 t->next = info->thread->next;
1837 info->thread->next = t;
Roland McGrath4206d3a2008-01-30 13:31:45 +01001838 }
Oleg Nesterov83914442008-07-25 01:47:45 -07001839 }
Roland McGrath4206d3a2008-01-30 13:31:45 +01001840
1841 /*
1842 * Now fill in each thread's information.
1843 */
1844 for (t = info->thread; t != NULL; t = t->next)
Denys Vlasenko5ab1c302012-10-04 17:15:29 -07001845 if (!fill_thread_core_info(t, view, siginfo->si_signo, &info->size))
Roland McGrath4206d3a2008-01-30 13:31:45 +01001846 return 0;
1847
1848 /*
1849 * Fill in the two process-wide notes.
1850 */
1851 fill_psinfo(psinfo, dump_task->group_leader, dump_task->mm);
1852 info->size += notesize(&info->psinfo);
1853
Denys Vlasenko49ae4d42012-10-04 17:15:35 -07001854 fill_siginfo_note(&info->signote, &info->csigdata, siginfo);
1855 info->size += notesize(&info->signote);
1856
Roland McGrath4206d3a2008-01-30 13:31:45 +01001857 fill_auxv_note(&info->auxv, current->mm);
1858 info->size += notesize(&info->auxv);
1859
Dan Aloni72023652013-09-30 13:45:02 -07001860 if (fill_files_note(&info->files) == 0)
1861 info->size += notesize(&info->files);
Denys Vlasenko2aa362c2012-10-04 17:15:36 -07001862
Roland McGrath4206d3a2008-01-30 13:31:45 +01001863 return 1;
1864}
1865
1866static size_t get_note_info_size(struct elf_note_info *info)
1867{
1868 return info->size;
1869}
1870
1871/*
1872 * Write all the notes for each thread. When writing the first thread, the
1873 * process-wide notes are interleaved after the first thread-specific note.
1874 */
1875static int write_note_info(struct elf_note_info *info,
Al Viroecc8c772013-10-05 15:32:35 -04001876 struct coredump_params *cprm)
Roland McGrath4206d3a2008-01-30 13:31:45 +01001877{
Fabian Frederickb219e252014-06-04 16:12:14 -07001878 bool first = true;
Roland McGrath4206d3a2008-01-30 13:31:45 +01001879 struct elf_thread_core_info *t = info->thread;
1880
1881 do {
1882 int i;
1883
Al Viroecc8c772013-10-05 15:32:35 -04001884 if (!writenote(&t->notes[0], cprm))
Roland McGrath4206d3a2008-01-30 13:31:45 +01001885 return 0;
1886
Al Viroecc8c772013-10-05 15:32:35 -04001887 if (first && !writenote(&info->psinfo, cprm))
Roland McGrath4206d3a2008-01-30 13:31:45 +01001888 return 0;
Al Viroecc8c772013-10-05 15:32:35 -04001889 if (first && !writenote(&info->signote, cprm))
Denys Vlasenko49ae4d42012-10-04 17:15:35 -07001890 return 0;
Al Viroecc8c772013-10-05 15:32:35 -04001891 if (first && !writenote(&info->auxv, cprm))
Roland McGrath4206d3a2008-01-30 13:31:45 +01001892 return 0;
Dan Aloni72023652013-09-30 13:45:02 -07001893 if (first && info->files.data &&
Al Viroecc8c772013-10-05 15:32:35 -04001894 !writenote(&info->files, cprm))
Denys Vlasenko2aa362c2012-10-04 17:15:36 -07001895 return 0;
Roland McGrath4206d3a2008-01-30 13:31:45 +01001896
1897 for (i = 1; i < info->thread_notes; ++i)
1898 if (t->notes[i].data &&
Al Viroecc8c772013-10-05 15:32:35 -04001899 !writenote(&t->notes[i], cprm))
Roland McGrath4206d3a2008-01-30 13:31:45 +01001900 return 0;
1901
Fabian Frederickb219e252014-06-04 16:12:14 -07001902 first = false;
Roland McGrath4206d3a2008-01-30 13:31:45 +01001903 t = t->next;
1904 } while (t);
1905
1906 return 1;
1907}
1908
1909static void free_note_info(struct elf_note_info *info)
1910{
1911 struct elf_thread_core_info *threads = info->thread;
1912 while (threads) {
1913 unsigned int i;
1914 struct elf_thread_core_info *t = threads;
1915 threads = t->next;
1916 WARN_ON(t->notes[0].data && t->notes[0].data != &t->prstatus);
1917 for (i = 1; i < info->thread_notes; ++i)
1918 kfree(t->notes[i].data);
1919 kfree(t);
1920 }
1921 kfree(info->psinfo.data);
Denys Vlasenko2aa362c2012-10-04 17:15:36 -07001922 vfree(info->files.data);
Roland McGrath4206d3a2008-01-30 13:31:45 +01001923}
1924
1925#else
1926
Linus Torvalds1da177e2005-04-16 15:20:36 -07001927/* Here is the structure in which status of each thread is captured. */
1928struct elf_thread_status
1929{
1930 struct list_head list;
1931 struct elf_prstatus prstatus; /* NT_PRSTATUS */
1932 elf_fpregset_t fpu; /* NT_PRFPREG */
1933 struct task_struct *thread;
1934#ifdef ELF_CORE_COPY_XFPREGS
Mark Nelson5b20cd82007-10-16 23:25:39 -07001935 elf_fpxregset_t xfpu; /* ELF_CORE_XFPREG_TYPE */
Linus Torvalds1da177e2005-04-16 15:20:36 -07001936#endif
1937 struct memelfnote notes[3];
1938 int num_notes;
1939};
1940
1941/*
1942 * In order to add the specific thread information for the elf file format,
Jesper Juhlf4e5cc22006-06-23 02:05:35 -07001943 * we need to keep a linked list of every threads pr_status and then create
1944 * a single section for them in the final core file.
Linus Torvalds1da177e2005-04-16 15:20:36 -07001945 */
1946static int elf_dump_thread_status(long signr, struct elf_thread_status *t)
1947{
1948 int sz = 0;
1949 struct task_struct *p = t->thread;
1950 t->num_notes = 0;
1951
1952 fill_prstatus(&t->prstatus, p, signr);
1953 elf_core_copy_task_regs(p, &t->prstatus.pr_reg);
1954
Jesper Juhlf4e5cc22006-06-23 02:05:35 -07001955 fill_note(&t->notes[0], "CORE", NT_PRSTATUS, sizeof(t->prstatus),
1956 &(t->prstatus));
Linus Torvalds1da177e2005-04-16 15:20:36 -07001957 t->num_notes++;
1958 sz += notesize(&t->notes[0]);
1959
Jesper Juhlf4e5cc22006-06-23 02:05:35 -07001960 if ((t->prstatus.pr_fpvalid = elf_core_copy_task_fpregs(p, NULL,
1961 &t->fpu))) {
1962 fill_note(&t->notes[1], "CORE", NT_PRFPREG, sizeof(t->fpu),
1963 &(t->fpu));
Linus Torvalds1da177e2005-04-16 15:20:36 -07001964 t->num_notes++;
1965 sz += notesize(&t->notes[1]);
1966 }
1967
1968#ifdef ELF_CORE_COPY_XFPREGS
1969 if (elf_core_copy_task_xfpregs(p, &t->xfpu)) {
Mark Nelson5b20cd82007-10-16 23:25:39 -07001970 fill_note(&t->notes[2], "LINUX", ELF_CORE_XFPREG_TYPE,
1971 sizeof(t->xfpu), &t->xfpu);
Linus Torvalds1da177e2005-04-16 15:20:36 -07001972 t->num_notes++;
1973 sz += notesize(&t->notes[2]);
1974 }
1975#endif
1976 return sz;
1977}
1978
Roland McGrath3aba4812008-01-30 13:31:44 +01001979struct elf_note_info {
1980 struct memelfnote *notes;
Dan Aloni72023652013-09-30 13:45:02 -07001981 struct memelfnote *notes_files;
Roland McGrath3aba4812008-01-30 13:31:44 +01001982 struct elf_prstatus *prstatus; /* NT_PRSTATUS */
1983 struct elf_prpsinfo *psinfo; /* NT_PRPSINFO */
1984 struct list_head thread_list;
1985 elf_fpregset_t *fpu;
1986#ifdef ELF_CORE_COPY_XFPREGS
1987 elf_fpxregset_t *xfpu;
1988#endif
Denys Vlasenko49ae4d42012-10-04 17:15:35 -07001989 user_siginfo_t csigdata;
Roland McGrath3aba4812008-01-30 13:31:44 +01001990 int thread_status_size;
1991 int numnote;
1992};
1993
Amerigo Wang0cf062d2009-09-23 15:57:05 -07001994static int elf_note_info_init(struct elf_note_info *info)
Roland McGrath3aba4812008-01-30 13:31:44 +01001995{
Amerigo Wang0cf062d2009-09-23 15:57:05 -07001996 memset(info, 0, sizeof(*info));
Roland McGrath3aba4812008-01-30 13:31:44 +01001997 INIT_LIST_HEAD(&info->thread_list);
1998
Denys Vlasenko49ae4d42012-10-04 17:15:35 -07001999 /* Allocate space for ELF notes */
Denys Vlasenko2aa362c2012-10-04 17:15:36 -07002000 info->notes = kmalloc(8 * sizeof(struct memelfnote), GFP_KERNEL);
Roland McGrath3aba4812008-01-30 13:31:44 +01002001 if (!info->notes)
2002 return 0;
2003 info->psinfo = kmalloc(sizeof(*info->psinfo), GFP_KERNEL);
2004 if (!info->psinfo)
Denys Vlasenkof34f9d12012-09-26 11:34:50 +10002005 return 0;
Roland McGrath3aba4812008-01-30 13:31:44 +01002006 info->prstatus = kmalloc(sizeof(*info->prstatus), GFP_KERNEL);
2007 if (!info->prstatus)
Denys Vlasenkof34f9d12012-09-26 11:34:50 +10002008 return 0;
Roland McGrath3aba4812008-01-30 13:31:44 +01002009 info->fpu = kmalloc(sizeof(*info->fpu), GFP_KERNEL);
2010 if (!info->fpu)
Denys Vlasenkof34f9d12012-09-26 11:34:50 +10002011 return 0;
Roland McGrath3aba4812008-01-30 13:31:44 +01002012#ifdef ELF_CORE_COPY_XFPREGS
2013 info->xfpu = kmalloc(sizeof(*info->xfpu), GFP_KERNEL);
2014 if (!info->xfpu)
Denys Vlasenkof34f9d12012-09-26 11:34:50 +10002015 return 0;
Roland McGrath3aba4812008-01-30 13:31:44 +01002016#endif
Amerigo Wang0cf062d2009-09-23 15:57:05 -07002017 return 1;
Amerigo Wang0cf062d2009-09-23 15:57:05 -07002018}
Roland McGrath3aba4812008-01-30 13:31:44 +01002019
Amerigo Wang0cf062d2009-09-23 15:57:05 -07002020static int fill_note_info(struct elfhdr *elf, int phdrs,
2021 struct elf_note_info *info,
Al Viroec579412013-10-13 17:57:29 -04002022 const siginfo_t *siginfo, struct pt_regs *regs)
Amerigo Wang0cf062d2009-09-23 15:57:05 -07002023{
2024 struct list_head *t;
Al Viroafabada2013-10-14 07:39:56 -04002025 struct core_thread *ct;
2026 struct elf_thread_status *ets;
Amerigo Wang0cf062d2009-09-23 15:57:05 -07002027
2028 if (!elf_note_info_init(info))
2029 return 0;
2030
Al Viroafabada2013-10-14 07:39:56 -04002031 for (ct = current->mm->core_state->dumper.next;
2032 ct; ct = ct->next) {
2033 ets = kzalloc(sizeof(*ets), GFP_KERNEL);
2034 if (!ets)
2035 return 0;
Oleg Nesterov24d52882008-07-25 01:47:40 -07002036
Al Viroafabada2013-10-14 07:39:56 -04002037 ets->thread = ct->task;
2038 list_add(&ets->list, &info->thread_list);
2039 }
Oleg Nesterov83914442008-07-25 01:47:45 -07002040
Al Viroafabada2013-10-14 07:39:56 -04002041 list_for_each(t, &info->thread_list) {
2042 int sz;
Oleg Nesterov83914442008-07-25 01:47:45 -07002043
Al Viroafabada2013-10-14 07:39:56 -04002044 ets = list_entry(t, struct elf_thread_status, list);
2045 sz = elf_dump_thread_status(siginfo->si_signo, ets);
2046 info->thread_status_size += sz;
Roland McGrath3aba4812008-01-30 13:31:44 +01002047 }
2048 /* now collect the dump for the current */
2049 memset(info->prstatus, 0, sizeof(*info->prstatus));
Denys Vlasenko5ab1c302012-10-04 17:15:29 -07002050 fill_prstatus(info->prstatus, current, siginfo->si_signo);
Roland McGrath3aba4812008-01-30 13:31:44 +01002051 elf_core_copy_regs(&info->prstatus->pr_reg, regs);
2052
2053 /* Set up header */
Zhang Yanfeid3330cf2013-02-21 16:44:20 -08002054 fill_elf_header(elf, phdrs, ELF_ARCH, ELF_CORE_EFLAGS);
Roland McGrath3aba4812008-01-30 13:31:44 +01002055
2056 /*
2057 * Set up the notes in similar form to SVR4 core dumps made
2058 * with info from their /proc.
2059 */
2060
2061 fill_note(info->notes + 0, "CORE", NT_PRSTATUS,
2062 sizeof(*info->prstatus), info->prstatus);
2063 fill_psinfo(info->psinfo, current->group_leader, current->mm);
2064 fill_note(info->notes + 1, "CORE", NT_PRPSINFO,
2065 sizeof(*info->psinfo), info->psinfo);
2066
Denys Vlasenko2aa362c2012-10-04 17:15:36 -07002067 fill_siginfo_note(info->notes + 2, &info->csigdata, siginfo);
2068 fill_auxv_note(info->notes + 3, current->mm);
Dan Aloni72023652013-09-30 13:45:02 -07002069 info->numnote = 4;
Roland McGrath3aba4812008-01-30 13:31:44 +01002070
Dan Aloni72023652013-09-30 13:45:02 -07002071 if (fill_files_note(info->notes + info->numnote) == 0) {
2072 info->notes_files = info->notes + info->numnote;
2073 info->numnote++;
2074 }
Roland McGrath3aba4812008-01-30 13:31:44 +01002075
2076 /* Try to dump the FPU. */
2077 info->prstatus->pr_fpvalid = elf_core_copy_task_fpregs(current, regs,
2078 info->fpu);
2079 if (info->prstatus->pr_fpvalid)
2080 fill_note(info->notes + info->numnote++,
2081 "CORE", NT_PRFPREG, sizeof(*info->fpu), info->fpu);
2082#ifdef ELF_CORE_COPY_XFPREGS
2083 if (elf_core_copy_task_xfpregs(current, info->xfpu))
2084 fill_note(info->notes + info->numnote++,
2085 "LINUX", ELF_CORE_XFPREG_TYPE,
2086 sizeof(*info->xfpu), info->xfpu);
2087#endif
2088
2089 return 1;
Roland McGrath3aba4812008-01-30 13:31:44 +01002090}
2091
2092static size_t get_note_info_size(struct elf_note_info *info)
2093{
2094 int sz = 0;
2095 int i;
2096
2097 for (i = 0; i < info->numnote; i++)
2098 sz += notesize(info->notes + i);
2099
2100 sz += info->thread_status_size;
2101
2102 return sz;
2103}
2104
2105static int write_note_info(struct elf_note_info *info,
Al Viroecc8c772013-10-05 15:32:35 -04002106 struct coredump_params *cprm)
Roland McGrath3aba4812008-01-30 13:31:44 +01002107{
2108 int i;
2109 struct list_head *t;
2110
2111 for (i = 0; i < info->numnote; i++)
Al Viroecc8c772013-10-05 15:32:35 -04002112 if (!writenote(info->notes + i, cprm))
Roland McGrath3aba4812008-01-30 13:31:44 +01002113 return 0;
2114
2115 /* write out the thread status notes section */
2116 list_for_each(t, &info->thread_list) {
2117 struct elf_thread_status *tmp =
2118 list_entry(t, struct elf_thread_status, list);
2119
2120 for (i = 0; i < tmp->num_notes; i++)
Al Viroecc8c772013-10-05 15:32:35 -04002121 if (!writenote(&tmp->notes[i], cprm))
Roland McGrath3aba4812008-01-30 13:31:44 +01002122 return 0;
2123 }
2124
2125 return 1;
2126}
2127
2128static void free_note_info(struct elf_note_info *info)
2129{
2130 while (!list_empty(&info->thread_list)) {
2131 struct list_head *tmp = info->thread_list.next;
2132 list_del(tmp);
2133 kfree(list_entry(tmp, struct elf_thread_status, list));
2134 }
2135
Dan Aloni72023652013-09-30 13:45:02 -07002136 /* Free data possibly allocated by fill_files_note(): */
2137 if (info->notes_files)
2138 vfree(info->notes_files->data);
Denys Vlasenko2aa362c2012-10-04 17:15:36 -07002139
Roland McGrath3aba4812008-01-30 13:31:44 +01002140 kfree(info->prstatus);
2141 kfree(info->psinfo);
2142 kfree(info->notes);
2143 kfree(info->fpu);
2144#ifdef ELF_CORE_COPY_XFPREGS
2145 kfree(info->xfpu);
2146#endif
2147}
2148
Roland McGrath4206d3a2008-01-30 13:31:45 +01002149#endif
2150
Roland McGrathf47aef52007-01-26 00:56:49 -08002151static struct vm_area_struct *first_vma(struct task_struct *tsk,
2152 struct vm_area_struct *gate_vma)
2153{
2154 struct vm_area_struct *ret = tsk->mm->mmap;
2155
2156 if (ret)
2157 return ret;
2158 return gate_vma;
2159}
2160/*
2161 * Helper function for iterating across a vma list. It ensures that the caller
2162 * will visit `gate_vma' prior to terminating the search.
2163 */
2164static struct vm_area_struct *next_vma(struct vm_area_struct *this_vma,
2165 struct vm_area_struct *gate_vma)
2166{
2167 struct vm_area_struct *ret;
2168
2169 ret = this_vma->vm_next;
2170 if (ret)
2171 return ret;
2172 if (this_vma == gate_vma)
2173 return NULL;
2174 return gate_vma;
2175}
2176
Daisuke HATAYAMA8d9032b2010-03-05 13:44:10 -08002177static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
2178 elf_addr_t e_shoff, int segs)
2179{
2180 elf->e_shoff = e_shoff;
2181 elf->e_shentsize = sizeof(*shdr4extnum);
2182 elf->e_shnum = 1;
2183 elf->e_shstrndx = SHN_UNDEF;
2184
2185 memset(shdr4extnum, 0, sizeof(*shdr4extnum));
2186
2187 shdr4extnum->sh_type = SHT_NULL;
2188 shdr4extnum->sh_size = elf->e_shnum;
2189 shdr4extnum->sh_link = elf->e_shstrndx;
2190 shdr4extnum->sh_info = segs;
2191}
2192
Linus Torvalds1da177e2005-04-16 15:20:36 -07002193/*
2194 * Actual dumper
2195 *
2196 * This is a two-pass process; first we find the offsets of the bits,
2197 * and then they are actually written out. If we run out of core limit
2198 * we just truncate.
2199 */
Masami Hiramatsuf6151df2009-12-17 15:27:16 -08002200static int elf_core_dump(struct coredump_params *cprm)
Linus Torvalds1da177e2005-04-16 15:20:36 -07002201{
Linus Torvalds1da177e2005-04-16 15:20:36 -07002202 int has_dumped = 0;
2203 mm_segment_t fs;
Jungseung Lee52f5592e2014-12-10 15:52:16 -08002204 int segs, i;
2205 size_t vma_data_size = 0;
Roland McGrathf47aef52007-01-26 00:56:49 -08002206 struct vm_area_struct *vma, *gate_vma;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002207 struct elfhdr *elf = NULL;
Al Virocdc3d562013-10-05 22:24:29 -04002208 loff_t offset = 0, dataoff;
Dan Aloni72023652013-09-30 13:45:02 -07002209 struct elf_note_info info = { };
Daisuke HATAYAMA93eb2112010-03-05 13:44:09 -08002210 struct elf_phdr *phdr4note = NULL;
Daisuke HATAYAMA8d9032b2010-03-05 13:44:10 -08002211 struct elf_shdr *shdr4extnum = NULL;
2212 Elf_Half e_phnum;
2213 elf_addr_t e_shoff;
Jungseung Lee52f5592e2014-12-10 15:52:16 -08002214 elf_addr_t *vma_filesz = NULL;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002215
2216 /*
2217 * We no longer stop all VM operations.
2218 *
Jesper Juhlf4e5cc22006-06-23 02:05:35 -07002219 * This is because those proceses that could possibly change map_count
2220 * or the mmap / vma pages are now blocked in do_exit on current
2221 * finishing this core dump.
Linus Torvalds1da177e2005-04-16 15:20:36 -07002222 *
2223 * Only ptrace can touch these memory addresses, but it doesn't change
Jesper Juhlf4e5cc22006-06-23 02:05:35 -07002224 * the map_count or the pages allocated. So no possibility of crashing
Linus Torvalds1da177e2005-04-16 15:20:36 -07002225 * exists while dumping the mm->vm_next areas to the core file.
2226 */
2227
2228 /* alloc memory for large data structures: too large to be on stack */
2229 elf = kmalloc(sizeof(*elf), GFP_KERNEL);
2230 if (!elf)
WANG Cong5f719552008-05-06 12:45:35 +08002231 goto out;
KAMEZAWA Hiroyuki341c87b2009-06-30 11:41:23 -07002232 /*
2233 * The number of segs are recored into ELF header as 16bit value.
2234 * Please check DEFAULT_MAX_MAP_COUNT definition when you modify here.
2235 */
Linus Torvalds1da177e2005-04-16 15:20:36 -07002236 segs = current->mm->map_count;
Daisuke HATAYAMA1fcccba2010-03-05 13:44:07 -08002237 segs += elf_core_extra_phdrs();
Linus Torvalds1da177e2005-04-16 15:20:36 -07002238
Stephen Wilson31db58b2011-03-13 15:49:15 -04002239 gate_vma = get_gate_vma(current->mm);
Roland McGrathf47aef52007-01-26 00:56:49 -08002240 if (gate_vma != NULL)
2241 segs++;
2242
Daisuke HATAYAMA8d9032b2010-03-05 13:44:10 -08002243 /* for notes section */
2244 segs++;
2245
2246 /* If segs > PN_XNUM(0xffff), then e_phnum overflows. To avoid
2247 * this, kernel supports extended numbering. Have a look at
2248 * include/linux/elf.h for further information. */
2249 e_phnum = segs > PN_XNUM ? PN_XNUM : segs;
2250
Roland McGrath3aba4812008-01-30 13:31:44 +01002251 /*
2252 * Collect all the non-memory information about the process for the
2253 * notes. This also sets up the file header.
2254 */
Denys Vlasenko5ab1c302012-10-04 17:15:29 -07002255 if (!fill_note_info(elf, e_phnum, &info, cprm->siginfo, cprm->regs))
Roland McGrath3aba4812008-01-30 13:31:44 +01002256 goto cleanup;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002257
2258 has_dumped = 1;
Oleg Nesterov079148b2013-04-30 15:28:16 -07002259
Linus Torvalds1da177e2005-04-16 15:20:36 -07002260 fs = get_fs();
2261 set_fs(KERNEL_DS);
2262
Linus Torvalds1da177e2005-04-16 15:20:36 -07002263 offset += sizeof(*elf); /* Elf header */
Daisuke HATAYAMA8d9032b2010-03-05 13:44:10 -08002264 offset += segs * sizeof(struct elf_phdr); /* Program headers */
Linus Torvalds1da177e2005-04-16 15:20:36 -07002265
2266 /* Write notes phdr entry */
2267 {
Roland McGrath3aba4812008-01-30 13:31:44 +01002268 size_t sz = get_note_info_size(&info);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002269
Michael Ellermane5501492007-09-19 14:38:12 +10002270 sz += elf_coredump_extra_notes_size();
Dwayne Grant McConnellbf1ab972006-11-23 00:46:37 +01002271
Daisuke HATAYAMA93eb2112010-03-05 13:44:09 -08002272 phdr4note = kmalloc(sizeof(*phdr4note), GFP_KERNEL);
2273 if (!phdr4note)
Daisuke HATAYAMA088e7af2010-03-05 13:44:06 -08002274 goto end_coredump;
Daisuke HATAYAMA93eb2112010-03-05 13:44:09 -08002275
2276 fill_elf_note_phdr(phdr4note, sz, offset);
2277 offset += sz;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002278 }
2279
Linus Torvalds1da177e2005-04-16 15:20:36 -07002280 dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
2281
Jason Baron30f74aa2016-12-12 16:46:40 -08002282 if (segs - 1 > ULONG_MAX / sizeof(*vma_filesz))
2283 goto end_coredump;
2284 vma_filesz = vmalloc((segs - 1) * sizeof(*vma_filesz));
Jungseung Lee52f5592e2014-12-10 15:52:16 -08002285 if (!vma_filesz)
2286 goto end_coredump;
2287
2288 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
2289 vma = next_vma(vma, gate_vma)) {
2290 unsigned long dump_size;
2291
2292 dump_size = vma_dump_size(vma, cprm->mm_flags);
2293 vma_filesz[i++] = dump_size;
2294 vma_data_size += dump_size;
2295 }
2296
2297 offset += vma_data_size;
Daisuke HATAYAMA8d9032b2010-03-05 13:44:10 -08002298 offset += elf_core_extra_data_size();
2299 e_shoff = offset;
2300
2301 if (e_phnum == PN_XNUM) {
2302 shdr4extnum = kmalloc(sizeof(*shdr4extnum), GFP_KERNEL);
2303 if (!shdr4extnum)
2304 goto end_coredump;
2305 fill_extnum_info(elf, shdr4extnum, e_shoff, segs);
2306 }
2307
2308 offset = dataoff;
2309
Al Viroecc8c772013-10-05 15:32:35 -04002310 if (!dump_emit(cprm, elf, sizeof(*elf)))
Daisuke HATAYAMA93eb2112010-03-05 13:44:09 -08002311 goto end_coredump;
2312
Al Viroecc8c772013-10-05 15:32:35 -04002313 if (!dump_emit(cprm, phdr4note, sizeof(*phdr4note)))
Daisuke HATAYAMA93eb2112010-03-05 13:44:09 -08002314 goto end_coredump;
2315
Linus Torvalds1da177e2005-04-16 15:20:36 -07002316 /* Write program headers for segments dump */
Jungseung Lee52f5592e2014-12-10 15:52:16 -08002317 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
Roland McGrathf47aef52007-01-26 00:56:49 -08002318 vma = next_vma(vma, gate_vma)) {
Linus Torvalds1da177e2005-04-16 15:20:36 -07002319 struct elf_phdr phdr;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002320
2321 phdr.p_type = PT_LOAD;
2322 phdr.p_offset = offset;
2323 phdr.p_vaddr = vma->vm_start;
2324 phdr.p_paddr = 0;
Jungseung Lee52f5592e2014-12-10 15:52:16 -08002325 phdr.p_filesz = vma_filesz[i++];
Roland McGrath82df3972007-10-16 23:27:02 -07002326 phdr.p_memsz = vma->vm_end - vma->vm_start;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002327 offset += phdr.p_filesz;
2328 phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
Jesper Juhlf4e5cc22006-06-23 02:05:35 -07002329 if (vma->vm_flags & VM_WRITE)
2330 phdr.p_flags |= PF_W;
2331 if (vma->vm_flags & VM_EXEC)
2332 phdr.p_flags |= PF_X;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002333 phdr.p_align = ELF_EXEC_PAGESIZE;
2334
Al Viroecc8c772013-10-05 15:32:35 -04002335 if (!dump_emit(cprm, &phdr, sizeof(phdr)))
Daisuke HATAYAMA088e7af2010-03-05 13:44:06 -08002336 goto end_coredump;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002337 }
2338
Al Viro506f21c2013-10-05 17:22:57 -04002339 if (!elf_core_write_extra_phdrs(cprm, offset))
Daisuke HATAYAMA1fcccba2010-03-05 13:44:07 -08002340 goto end_coredump;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002341
2342 /* write out the notes section */
Al Viroecc8c772013-10-05 15:32:35 -04002343 if (!write_note_info(&info, cprm))
Roland McGrath3aba4812008-01-30 13:31:44 +01002344 goto end_coredump;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002345
Al Virocdc3d562013-10-05 22:24:29 -04002346 if (elf_coredump_extra_notes_write(cprm))
Michael Ellermane5501492007-09-19 14:38:12 +10002347 goto end_coredump;
Dwayne Grant McConnellbf1ab972006-11-23 00:46:37 +01002348
Andi Kleend025c9d2006-09-30 23:29:28 -07002349 /* Align to page */
Mateusz Guzik1607f092016-06-05 23:14:14 +02002350 if (!dump_skip(cprm, dataoff - cprm->pos))
Hugh Dickinsf3e8fcc2009-09-21 17:03:25 -07002351 goto end_coredump;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002352
Jungseung Lee52f5592e2014-12-10 15:52:16 -08002353 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
Roland McGrathf47aef52007-01-26 00:56:49 -08002354 vma = next_vma(vma, gate_vma)) {
Linus Torvalds1da177e2005-04-16 15:20:36 -07002355 unsigned long addr;
Roland McGrath82df3972007-10-16 23:27:02 -07002356 unsigned long end;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002357
Jungseung Lee52f5592e2014-12-10 15:52:16 -08002358 end = vma->vm_start + vma_filesz[i++];
Linus Torvalds1da177e2005-04-16 15:20:36 -07002359
Roland McGrath82df3972007-10-16 23:27:02 -07002360 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
Jesper Juhlf4e5cc22006-06-23 02:05:35 -07002361 struct page *page;
Hugh Dickinsf3e8fcc2009-09-21 17:03:25 -07002362 int stop;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002363
Hugh Dickinsf3e8fcc2009-09-21 17:03:25 -07002364 page = get_dump_page(addr);
2365 if (page) {
2366 void *kaddr = kmap(page);
Al Viro13046ec2013-10-05 18:08:47 -04002367 stop = !dump_emit(cprm, kaddr, PAGE_SIZE);
Hugh Dickinsf3e8fcc2009-09-21 17:03:25 -07002368 kunmap(page);
Kirill A. Shutemov09cbfea2016-04-01 15:29:47 +03002369 put_page(page);
Hugh Dickinsf3e8fcc2009-09-21 17:03:25 -07002370 } else
Al Viro9b56d542013-10-08 09:26:08 -04002371 stop = !dump_skip(cprm, PAGE_SIZE);
Hugh Dickinsf3e8fcc2009-09-21 17:03:25 -07002372 if (stop)
2373 goto end_coredump;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002374 }
2375 }
Dave Kleikamp4d22c752017-01-11 13:25:00 -06002376 dump_truncate(cprm);
Linus Torvalds1da177e2005-04-16 15:20:36 -07002377
Al Viroaa3e7ea2013-10-05 17:50:15 -04002378 if (!elf_core_write_extra_data(cprm))
Daisuke HATAYAMA1fcccba2010-03-05 13:44:07 -08002379 goto end_coredump;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002380
Daisuke HATAYAMA8d9032b2010-03-05 13:44:10 -08002381 if (e_phnum == PN_XNUM) {
Al Viro13046ec2013-10-05 18:08:47 -04002382 if (!dump_emit(cprm, shdr4extnum, sizeof(*shdr4extnum)))
Daisuke HATAYAMA8d9032b2010-03-05 13:44:10 -08002383 goto end_coredump;
2384 }
2385
Linus Torvalds1da177e2005-04-16 15:20:36 -07002386end_coredump:
2387 set_fs(fs);
2388
2389cleanup:
Roland McGrath3aba4812008-01-30 13:31:44 +01002390 free_note_info(&info);
Daisuke HATAYAMA8d9032b2010-03-05 13:44:10 -08002391 kfree(shdr4extnum);
Jason Baron30f74aa2016-12-12 16:46:40 -08002392 vfree(vma_filesz);
Daisuke HATAYAMA93eb2112010-03-05 13:44:09 -08002393 kfree(phdr4note);
WANG Cong5f719552008-05-06 12:45:35 +08002394 kfree(elf);
2395out:
Linus Torvalds1da177e2005-04-16 15:20:36 -07002396 return has_dumped;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002397}
2398
Christoph Hellwig698ba7b2009-12-15 16:47:37 -08002399#endif /* CONFIG_ELF_CORE */
Linus Torvalds1da177e2005-04-16 15:20:36 -07002400
2401static int __init init_elf_binfmt(void)
2402{
Al Viro8fc3dc52012-03-17 03:05:16 -04002403 register_binfmt(&elf_format);
2404 return 0;
Linus Torvalds1da177e2005-04-16 15:20:36 -07002405}
2406
2407static void __exit exit_elf_binfmt(void)
2408{
2409 /* Remove the COFF and ELF loaders. */
2410 unregister_binfmt(&elf_format);
2411}
2412
2413core_initcall(init_elf_binfmt);
2414module_exit(exit_elf_binfmt);
2415MODULE_LICENSE("GPL");