1 // SPDX-License-Identifier: GPL-2.0-only
3 * linux/fs/binfmt_elf.c
5 * These are the functions used to load ELF format executables as used
6 * on SVr4 machines. Information on the format may be found in the book
7 * "UNIX SYSTEM V RELEASE 4 Programmers Guide: Ansi C and Programming Support
10 * Copyright 1993, 1994: Eric Youngdale (ericy@cais.com).
13 #include <linux/module.h>
14 #include <linux/kernel.h>
16 #include <linux/log2.h>
18 #include <linux/mman.h>
19 #include <linux/errno.h>
20 #include <linux/signal.h>
21 #include <linux/binfmts.h>
22 #include <linux/string.h>
23 #include <linux/file.h>
24 #include <linux/slab.h>
25 #include <linux/personality.h>
26 #include <linux/elfcore.h>
27 #include <linux/init.h>
28 #include <linux/highuid.h>
29 #include <linux/compiler.h>
30 #include <linux/highmem.h>
31 #include <linux/hugetlb.h>
32 #include <linux/pagemap.h>
33 #include <linux/vmalloc.h>
34 #include <linux/security.h>
35 #include <linux/random.h>
36 #include <linux/elf.h>
37 #include <linux/elf-randomize.h>
38 #include <linux/utsname.h>
39 #include <linux/coredump.h>
40 #include <linux/sched.h>
41 #include <linux/sched/coredump.h>
42 #include <linux/sched/task_stack.h>
43 #include <linux/sched/cputime.h>
44 #include <linux/sizes.h>
45 #include <linux/types.h>
46 #include <linux/cred.h>
47 #include <linux/dax.h>
48 #include <linux/uaccess.h>
49 #include <asm/param.h>
57 #define user_long_t long
59 #ifndef user_siginfo_t
60 #define user_siginfo_t siginfo_t
63 /* That's for binfmt_elf_fdpic to deal with */
64 #ifndef elf_check_fdpic
65 #define elf_check_fdpic(ex) false
68 static int load_elf_binary(struct linux_binprm *bprm);
71 static int load_elf_library(struct file *);
73 #define load_elf_library NULL
77 * If we don't support core dumping, then supply a NULL so we
80 #ifdef CONFIG_ELF_CORE
81 static int elf_core_dump(struct coredump_params *cprm);
83 #define elf_core_dump NULL
86 #if ELF_EXEC_PAGESIZE > PAGE_SIZE
87 #define ELF_MIN_ALIGN ELF_EXEC_PAGESIZE
89 #define ELF_MIN_ALIGN PAGE_SIZE
92 #ifndef ELF_CORE_EFLAGS
93 #define ELF_CORE_EFLAGS 0
96 #define ELF_PAGESTART(_v) ((_v) & ~(int)(ELF_MIN_ALIGN-1))
97 #define ELF_PAGEOFFSET(_v) ((_v) & (ELF_MIN_ALIGN-1))
98 #define ELF_PAGEALIGN(_v) (((_v) + ELF_MIN_ALIGN - 1) & ~(ELF_MIN_ALIGN - 1))
100 static struct linux_binfmt elf_format = {
101 .module = THIS_MODULE,
102 .load_binary = load_elf_binary,
103 .load_shlib = load_elf_library,
104 #ifdef CONFIG_COREDUMP
105 .core_dump = elf_core_dump,
106 .min_coredump = ELF_EXEC_PAGESIZE,
110 #define BAD_ADDR(x) (unlikely((unsigned long)(x) >= TASK_SIZE))
112 static int set_brk(unsigned long start, unsigned long end, int prot)
114 start = ELF_PAGEALIGN(start);
115 end = ELF_PAGEALIGN(end);
118 * Map the last of the bss segment.
119 * If the header is requesting these pages to be
120 * executable, honour that (ppc32 needs this).
122 int error = vm_brk_flags(start, end - start,
123 prot & PROT_EXEC ? VM_EXEC : 0);
127 current->mm->start_brk = current->mm->brk = end;
131 /* We need to explicitly zero any fractional pages
132 after the data section (i.e. bss). This would
133 contain the junk from the file that should not
136 static int padzero(unsigned long elf_bss)
140 nbyte = ELF_PAGEOFFSET(elf_bss);
142 nbyte = ELF_MIN_ALIGN - nbyte;
143 if (clear_user((void __user *) elf_bss, nbyte))
149 /* Let's use some macros to make this stack manipulation a little clearer */
150 #ifdef CONFIG_STACK_GROWSUP
151 #define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) + (items))
152 #define STACK_ROUND(sp, items) \
153 ((15 + (unsigned long) ((sp) + (items))) &~ 15UL)
154 #define STACK_ALLOC(sp, len) ({ \
155 elf_addr_t __user *old_sp = (elf_addr_t __user *)sp; sp += len; \
158 #define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) - (items))
159 #define STACK_ROUND(sp, items) \
160 (((unsigned long) (sp - items)) &~ 15UL)
161 #define STACK_ALLOC(sp, len) (sp -= len)
164 #ifndef ELF_BASE_PLATFORM
166 * AT_BASE_PLATFORM indicates the "real" hardware/microarchitecture.
167 * If the arch defines ELF_BASE_PLATFORM (in asm/elf.h), the value
168 * will be copied to the user stack in the same manner as AT_PLATFORM.
170 #define ELF_BASE_PLATFORM NULL
174 create_elf_tables(struct linux_binprm *bprm, const struct elfhdr *exec,
175 unsigned long interp_load_addr,
176 unsigned long e_entry, unsigned long phdr_addr)
178 struct mm_struct *mm = current->mm;
179 unsigned long p = bprm->p;
180 int argc = bprm->argc;
181 int envc = bprm->envc;
182 elf_addr_t __user *sp;
183 elf_addr_t __user *u_platform;
184 elf_addr_t __user *u_base_platform;
185 elf_addr_t __user *u_rand_bytes;
186 const char *k_platform = ELF_PLATFORM;
187 const char *k_base_platform = ELF_BASE_PLATFORM;
188 unsigned char k_rand_bytes[16];
190 elf_addr_t *elf_info;
191 elf_addr_t flags = 0;
193 const struct cred *cred = current_cred();
194 struct vm_area_struct *vma;
197 * In some cases (e.g. Hyper-Threading), we want to avoid L1
198 * evictions by the processes running on the same package. One
199 * thing we can do is to shuffle the initial stack for them.
202 p = arch_align_stack(p);
205 * If this architecture has a platform capability string, copy it
206 * to userspace. In some cases (Sparc), this info is impossible
207 * for userspace to get any other way, in others (i386) it is
212 size_t len = strlen(k_platform) + 1;
214 u_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
215 if (copy_to_user(u_platform, k_platform, len))
220 * If this architecture has a "base" platform capability
221 * string, copy it to userspace.
223 u_base_platform = NULL;
224 if (k_base_platform) {
225 size_t len = strlen(k_base_platform) + 1;
227 u_base_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
228 if (copy_to_user(u_base_platform, k_base_platform, len))
233 * Generate 16 random bytes for userspace PRNG seeding.
235 get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes));
236 u_rand_bytes = (elf_addr_t __user *)
237 STACK_ALLOC(p, sizeof(k_rand_bytes));
238 if (copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes)))
241 /* Create the ELF interpreter info */
242 elf_info = (elf_addr_t *)mm->saved_auxv;
243 /* update AT_VECTOR_SIZE_BASE if the number of NEW_AUX_ENT() changes */
244 #define NEW_AUX_ENT(id, val) \
252 * ARCH_DLINFO must come first so PPC can do its special alignment of
254 * update AT_VECTOR_SIZE_ARCH if the number of NEW_AUX_ENT() in
255 * ARCH_DLINFO changes
259 NEW_AUX_ENT(AT_HWCAP, ELF_HWCAP);
260 NEW_AUX_ENT(AT_PAGESZ, ELF_EXEC_PAGESIZE);
261 NEW_AUX_ENT(AT_CLKTCK, CLOCKS_PER_SEC);
262 NEW_AUX_ENT(AT_PHDR, phdr_addr);
263 NEW_AUX_ENT(AT_PHENT, sizeof(struct elf_phdr));
264 NEW_AUX_ENT(AT_PHNUM, exec->e_phnum);
265 NEW_AUX_ENT(AT_BASE, interp_load_addr);
266 if (bprm->interp_flags & BINPRM_FLAGS_PRESERVE_ARGV0)
267 flags |= AT_FLAGS_PRESERVE_ARGV0;
268 NEW_AUX_ENT(AT_FLAGS, flags);
269 NEW_AUX_ENT(AT_ENTRY, e_entry);
270 NEW_AUX_ENT(AT_UID, from_kuid_munged(cred->user_ns, cred->uid));
271 NEW_AUX_ENT(AT_EUID, from_kuid_munged(cred->user_ns, cred->euid));
272 NEW_AUX_ENT(AT_GID, from_kgid_munged(cred->user_ns, cred->gid));
273 NEW_AUX_ENT(AT_EGID, from_kgid_munged(cred->user_ns, cred->egid));
274 NEW_AUX_ENT(AT_SECURE, bprm->secureexec);
275 NEW_AUX_ENT(AT_RANDOM, (elf_addr_t)(unsigned long)u_rand_bytes);
277 NEW_AUX_ENT(AT_HWCAP2, ELF_HWCAP2);
279 NEW_AUX_ENT(AT_EXECFN, bprm->exec);
281 NEW_AUX_ENT(AT_PLATFORM,
282 (elf_addr_t)(unsigned long)u_platform);
284 if (k_base_platform) {
285 NEW_AUX_ENT(AT_BASE_PLATFORM,
286 (elf_addr_t)(unsigned long)u_base_platform);
288 if (bprm->have_execfd) {
289 NEW_AUX_ENT(AT_EXECFD, bprm->execfd);
292 /* AT_NULL is zero; clear the rest too */
293 memset(elf_info, 0, (char *)mm->saved_auxv +
294 sizeof(mm->saved_auxv) - (char *)elf_info);
296 /* And advance past the AT_NULL entry. */
299 ei_index = elf_info - (elf_addr_t *)mm->saved_auxv;
300 sp = STACK_ADD(p, ei_index);
302 items = (argc + 1) + (envc + 1) + 1;
303 bprm->p = STACK_ROUND(sp, items);
305 /* Point sp at the lowest address on the stack */
306 #ifdef CONFIG_STACK_GROWSUP
307 sp = (elf_addr_t __user *)bprm->p - items - ei_index;
308 bprm->exec = (unsigned long)sp; /* XXX: PARISC HACK */
310 sp = (elf_addr_t __user *)bprm->p;
315 * Grow the stack manually; some architectures have a limit on how
316 * far ahead a user-space access may be in order to grow the stack.
318 if (mmap_read_lock_killable(mm))
320 vma = find_extend_vma(mm, bprm->p);
321 mmap_read_unlock(mm);
325 /* Now, let's put argc (and argv, envp if appropriate) on the stack */
326 if (put_user(argc, sp++))
329 /* Populate list of argv pointers back to argv strings. */
330 p = mm->arg_end = mm->arg_start;
333 if (put_user((elf_addr_t)p, sp++))
335 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
336 if (!len || len > MAX_ARG_STRLEN)
340 if (put_user(0, sp++))
344 /* Populate list of envp pointers back to envp strings. */
345 mm->env_end = mm->env_start = p;
348 if (put_user((elf_addr_t)p, sp++))
350 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
351 if (!len || len > MAX_ARG_STRLEN)
355 if (put_user(0, sp++))
359 /* Put the elf_info on the stack in the right place. */
360 if (copy_to_user(sp, mm->saved_auxv, ei_index * sizeof(elf_addr_t)))
365 static unsigned long elf_map(struct file *filep, unsigned long addr,
366 const struct elf_phdr *eppnt, int prot, int type,
367 unsigned long total_size)
369 unsigned long map_addr;
370 unsigned long size = eppnt->p_filesz + ELF_PAGEOFFSET(eppnt->p_vaddr);
371 unsigned long off = eppnt->p_offset - ELF_PAGEOFFSET(eppnt->p_vaddr);
372 addr = ELF_PAGESTART(addr);
373 size = ELF_PAGEALIGN(size);
375 /* mmap() will return -EINVAL if given a zero size, but a
376 * segment with zero filesize is perfectly valid */
381 * total_size is the size of the ELF (interpreter) image.
382 * The _first_ mmap needs to know the full size, otherwise
383 * randomization might put this image into an overlapping
384 * position with the ELF binary image. (since size < total_size)
385 * So we first map the 'big' image - and unmap the remainder at
386 * the end. (which unmap is needed for ELF images with holes.)
389 total_size = ELF_PAGEALIGN(total_size);
390 map_addr = vm_mmap(filep, addr, total_size, prot, type, off);
391 if (!BAD_ADDR(map_addr))
392 vm_munmap(map_addr+size, total_size-size);
394 map_addr = vm_mmap(filep, addr, size, prot, type, off);
396 if ((type & MAP_FIXED_NOREPLACE) &&
397 PTR_ERR((void *)map_addr) == -EEXIST)
398 pr_info("%d (%s): Uhuuh, elf segment at %px requested but the memory is mapped already\n",
399 task_pid_nr(current), current->comm, (void *)addr);
404 static unsigned long total_mapping_size(const struct elf_phdr *phdr, int nr)
406 elf_addr_t min_addr = -1;
407 elf_addr_t max_addr = 0;
408 bool pt_load = false;
411 for (i = 0; i < nr; i++) {
412 if (phdr[i].p_type == PT_LOAD) {
413 min_addr = min(min_addr, ELF_PAGESTART(phdr[i].p_vaddr));
414 max_addr = max(max_addr, phdr[i].p_vaddr + phdr[i].p_memsz);
418 return pt_load ? (max_addr - min_addr) : 0;
421 static int elf_read(struct file *file, void *buf, size_t len, loff_t pos)
425 rv = kernel_read(file, buf, len, &pos);
426 if (unlikely(rv != len)) {
427 return (rv < 0) ? rv : -EIO;
432 static unsigned long maximum_alignment(struct elf_phdr *cmds, int nr)
434 unsigned long alignment = 0;
437 for (i = 0; i < nr; i++) {
438 if (cmds[i].p_type == PT_LOAD) {
439 unsigned long p_align = cmds[i].p_align;
441 /* skip non-power of two alignments as invalid */
442 if (!is_power_of_2(p_align))
444 alignment = max(alignment, p_align);
448 /* ensure we align to at least one page */
449 return ELF_PAGEALIGN(alignment);
453 * load_elf_phdrs() - load ELF program headers
454 * @elf_ex: ELF header of the binary whose program headers should be loaded
455 * @elf_file: the opened ELF binary file
457 * Loads ELF program headers from the binary file elf_file, which has the ELF
458 * header pointed to by elf_ex, into a newly allocated array. The caller is
459 * responsible for freeing the allocated data. Returns an ERR_PTR upon failure.
461 static struct elf_phdr *load_elf_phdrs(const struct elfhdr *elf_ex,
462 struct file *elf_file)
464 struct elf_phdr *elf_phdata = NULL;
465 int retval, err = -1;
469 * If the size of this structure has changed, then punt, since
470 * we will be doing the wrong thing.
472 if (elf_ex->e_phentsize != sizeof(struct elf_phdr))
475 /* Sanity check the number of program headers... */
476 /* ...and their total size. */
477 size = sizeof(struct elf_phdr) * elf_ex->e_phnum;
478 if (size == 0 || size > 65536 || size > ELF_MIN_ALIGN)
481 elf_phdata = kmalloc(size, GFP_KERNEL);
485 /* Read in the program headers */
486 retval = elf_read(elf_file, elf_phdata, size, elf_ex->e_phoff);
502 #ifndef CONFIG_ARCH_BINFMT_ELF_STATE
505 * struct arch_elf_state - arch-specific ELF loading state
507 * This structure is used to preserve architecture specific data during
508 * the loading of an ELF file, throughout the checking of architecture
509 * specific ELF headers & through to the point where the ELF load is
510 * known to be proceeding (ie. SET_PERSONALITY).
512 * This implementation is a dummy for architectures which require no
515 struct arch_elf_state {
518 #define INIT_ARCH_ELF_STATE {}
521 * arch_elf_pt_proc() - check a PT_LOPROC..PT_HIPROC ELF program header
522 * @ehdr: The main ELF header
523 * @phdr: The program header to check
524 * @elf: The open ELF file
525 * @is_interp: True if the phdr is from the interpreter of the ELF being
526 * loaded, else false.
527 * @state: Architecture-specific state preserved throughout the process
528 * of loading the ELF.
530 * Inspects the program header phdr to validate its correctness and/or
531 * suitability for the system. Called once per ELF program header in the
532 * range PT_LOPROC to PT_HIPROC, for both the ELF being loaded and its
535 * Return: Zero to proceed with the ELF load, non-zero to fail the ELF load
536 * with that return code.
538 static inline int arch_elf_pt_proc(struct elfhdr *ehdr,
539 struct elf_phdr *phdr,
540 struct file *elf, bool is_interp,
541 struct arch_elf_state *state)
543 /* Dummy implementation, always proceed */
548 * arch_check_elf() - check an ELF executable
549 * @ehdr: The main ELF header
550 * @has_interp: True if the ELF has an interpreter, else false.
551 * @interp_ehdr: The interpreter's ELF header
552 * @state: Architecture-specific state preserved throughout the process
553 * of loading the ELF.
555 * Provides a final opportunity for architecture code to reject the loading
556 * of the ELF & cause an exec syscall to return an error. This is called after
557 * all program headers to be checked by arch_elf_pt_proc have been.
559 * Return: Zero to proceed with the ELF load, non-zero to fail the ELF load
560 * with that return code.
562 static inline int arch_check_elf(struct elfhdr *ehdr, bool has_interp,
563 struct elfhdr *interp_ehdr,
564 struct arch_elf_state *state)
566 /* Dummy implementation, always proceed */
570 #endif /* !CONFIG_ARCH_BINFMT_ELF_STATE */
572 static inline int make_prot(u32 p_flags, struct arch_elf_state *arch_state,
573 bool has_interp, bool is_interp)
584 return arch_elf_adjust_prot(prot, arch_state, has_interp, is_interp);
587 /* This is much more generalized than the library routine read function,
588 so we keep this separate. Technically the library read function
589 is only provided so that we can read a.out libraries that have
592 static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
593 struct file *interpreter,
594 unsigned long no_base, struct elf_phdr *interp_elf_phdata,
595 struct arch_elf_state *arch_state)
597 struct elf_phdr *eppnt;
598 unsigned long load_addr = 0;
599 int load_addr_set = 0;
600 unsigned long last_bss = 0, elf_bss = 0;
602 unsigned long error = ~0UL;
603 unsigned long total_size;
606 /* First of all, some simple consistency checks */
607 if (interp_elf_ex->e_type != ET_EXEC &&
608 interp_elf_ex->e_type != ET_DYN)
610 if (!elf_check_arch(interp_elf_ex) ||
611 elf_check_fdpic(interp_elf_ex))
613 if (!interpreter->f_op->mmap)
616 total_size = total_mapping_size(interp_elf_phdata,
617 interp_elf_ex->e_phnum);
623 eppnt = interp_elf_phdata;
624 for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) {
625 if (eppnt->p_type == PT_LOAD) {
626 int elf_type = MAP_PRIVATE;
627 int elf_prot = make_prot(eppnt->p_flags, arch_state,
629 unsigned long vaddr = 0;
630 unsigned long k, map_addr;
632 vaddr = eppnt->p_vaddr;
633 if (interp_elf_ex->e_type == ET_EXEC || load_addr_set)
634 elf_type |= MAP_FIXED;
635 else if (no_base && interp_elf_ex->e_type == ET_DYN)
638 map_addr = elf_map(interpreter, load_addr + vaddr,
639 eppnt, elf_prot, elf_type, total_size);
642 if (BAD_ADDR(map_addr))
645 if (!load_addr_set &&
646 interp_elf_ex->e_type == ET_DYN) {
647 load_addr = map_addr - ELF_PAGESTART(vaddr);
652 * Check to see if the section's size will overflow the
653 * allowed task size. Note that p_filesz must always be
654 * <= p_memsize so it's only necessary to check p_memsz.
656 k = load_addr + eppnt->p_vaddr;
658 eppnt->p_filesz > eppnt->p_memsz ||
659 eppnt->p_memsz > TASK_SIZE ||
660 TASK_SIZE - eppnt->p_memsz < k) {
666 * Find the end of the file mapping for this phdr, and
667 * keep track of the largest address we see for this.
669 k = load_addr + eppnt->p_vaddr + eppnt->p_filesz;
674 * Do the same thing for the memory mapping - between
675 * elf_bss and last_bss is the bss section.
677 k = load_addr + eppnt->p_vaddr + eppnt->p_memsz;
686 * Now fill out the bss section: first pad the last page from
687 * the file up to the page boundary, and zero it from elf_bss
688 * up to the end of the page.
690 if (padzero(elf_bss)) {
695 * Next, align both the file and mem bss up to the page size,
696 * since this is where elf_bss was just zeroed up to, and where
697 * last_bss will end after the vm_brk_flags() below.
699 elf_bss = ELF_PAGEALIGN(elf_bss);
700 last_bss = ELF_PAGEALIGN(last_bss);
701 /* Finally, if there is still more bss to allocate, do it. */
702 if (last_bss > elf_bss) {
703 error = vm_brk_flags(elf_bss, last_bss - elf_bss,
704 bss_prot & PROT_EXEC ? VM_EXEC : 0);
715 * These are the functions used to load ELF style executables and shared
716 * libraries. There is no binary dependent code anywhere else.
719 static int parse_elf_property(const char *data, size_t *off, size_t datasz,
720 struct arch_elf_state *arch,
721 bool have_prev_type, u32 *prev_type)
724 const struct gnu_property *pr;
730 if (WARN_ON_ONCE(*off > datasz || *off % ELF_GNU_PROPERTY_ALIGN))
735 if (datasz < sizeof(*pr))
737 pr = (const struct gnu_property *)(data + o);
739 datasz -= sizeof(*pr);
741 if (pr->pr_datasz > datasz)
744 WARN_ON_ONCE(o % ELF_GNU_PROPERTY_ALIGN);
745 step = round_up(pr->pr_datasz, ELF_GNU_PROPERTY_ALIGN);
749 /* Properties are supposed to be unique and sorted on pr_type: */
750 if (have_prev_type && pr->pr_type <= *prev_type)
752 *prev_type = pr->pr_type;
754 ret = arch_parse_elf_property(pr->pr_type, data + o,
755 pr->pr_datasz, ELF_COMPAT, arch);
763 #define NOTE_DATA_SZ SZ_1K
764 #define GNU_PROPERTY_TYPE_0_NAME "GNU"
765 #define NOTE_NAME_SZ (sizeof(GNU_PROPERTY_TYPE_0_NAME))
767 static int parse_elf_properties(struct file *f, const struct elf_phdr *phdr,
768 struct arch_elf_state *arch)
771 struct elf_note nhdr;
772 char data[NOTE_DATA_SZ];
781 if (!IS_ENABLED(CONFIG_ARCH_USE_GNU_PROPERTY) || !phdr)
784 /* load_elf_binary() shouldn't call us unless this is true... */
785 if (WARN_ON_ONCE(phdr->p_type != PT_GNU_PROPERTY))
788 /* If the properties are crazy large, that's too bad (for now): */
789 if (phdr->p_filesz > sizeof(note))
792 pos = phdr->p_offset;
793 n = kernel_read(f, ¬e, phdr->p_filesz, &pos);
795 BUILD_BUG_ON(sizeof(note) < sizeof(note.nhdr) + NOTE_NAME_SZ);
796 if (n < 0 || n < sizeof(note.nhdr) + NOTE_NAME_SZ)
799 if (note.nhdr.n_type != NT_GNU_PROPERTY_TYPE_0 ||
800 note.nhdr.n_namesz != NOTE_NAME_SZ ||
801 strncmp(note.data + sizeof(note.nhdr),
802 GNU_PROPERTY_TYPE_0_NAME, n - sizeof(note.nhdr)))
805 off = round_up(sizeof(note.nhdr) + NOTE_NAME_SZ,
806 ELF_GNU_PROPERTY_ALIGN);
810 if (note.nhdr.n_descsz > n - off)
812 datasz = off + note.nhdr.n_descsz;
814 have_prev_type = false;
816 ret = parse_elf_property(note.data, &off, datasz, arch,
817 have_prev_type, &prev_type);
818 have_prev_type = true;
821 return ret == -ENOENT ? 0 : ret;
824 static int load_elf_binary(struct linux_binprm *bprm)
826 struct file *interpreter = NULL; /* to shut gcc up */
827 unsigned long load_bias = 0, phdr_addr = 0;
828 int first_pt_load = 1;
830 struct elf_phdr *elf_ppnt, *elf_phdata, *interp_elf_phdata = NULL;
831 struct elf_phdr *elf_property_phdata = NULL;
832 unsigned long elf_bss, elf_brk;
835 unsigned long elf_entry;
836 unsigned long e_entry;
837 unsigned long interp_load_addr = 0;
838 unsigned long start_code, end_code, start_data, end_data;
839 unsigned long reloc_func_desc __maybe_unused = 0;
840 int executable_stack = EXSTACK_DEFAULT;
841 struct elfhdr *elf_ex = (struct elfhdr *)bprm->buf;
842 struct elfhdr *interp_elf_ex = NULL;
843 struct arch_elf_state arch_state = INIT_ARCH_ELF_STATE;
844 struct mm_struct *mm;
845 struct pt_regs *regs;
848 /* First of all, some simple consistency checks */
849 if (memcmp(elf_ex->e_ident, ELFMAG, SELFMAG) != 0)
852 if (elf_ex->e_type != ET_EXEC && elf_ex->e_type != ET_DYN)
854 if (!elf_check_arch(elf_ex))
856 if (elf_check_fdpic(elf_ex))
858 if (!bprm->file->f_op->mmap)
861 elf_phdata = load_elf_phdrs(elf_ex, bprm->file);
865 elf_ppnt = elf_phdata;
866 for (i = 0; i < elf_ex->e_phnum; i++, elf_ppnt++) {
867 char *elf_interpreter;
869 if (elf_ppnt->p_type == PT_GNU_PROPERTY) {
870 elf_property_phdata = elf_ppnt;
874 if (elf_ppnt->p_type != PT_INTERP)
878 * This is the program interpreter used for shared libraries -
879 * for now assume that this is an a.out format binary.
882 if (elf_ppnt->p_filesz > PATH_MAX || elf_ppnt->p_filesz < 2)
886 elf_interpreter = kmalloc(elf_ppnt->p_filesz, GFP_KERNEL);
887 if (!elf_interpreter)
890 retval = elf_read(bprm->file, elf_interpreter, elf_ppnt->p_filesz,
893 goto out_free_interp;
894 /* make sure path is NULL terminated */
896 if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0')
897 goto out_free_interp;
899 interpreter = open_exec(elf_interpreter);
900 kfree(elf_interpreter);
901 retval = PTR_ERR(interpreter);
902 if (IS_ERR(interpreter))
906 * If the binary is not readable then enforce mm->dumpable = 0
907 * regardless of the interpreter's permissions.
909 would_dump(bprm, interpreter);
911 interp_elf_ex = kmalloc(sizeof(*interp_elf_ex), GFP_KERNEL);
912 if (!interp_elf_ex) {
917 /* Get the exec headers */
918 retval = elf_read(interpreter, interp_elf_ex,
919 sizeof(*interp_elf_ex), 0);
921 goto out_free_dentry;
926 kfree(elf_interpreter);
930 elf_ppnt = elf_phdata;
931 for (i = 0; i < elf_ex->e_phnum; i++, elf_ppnt++)
932 switch (elf_ppnt->p_type) {
934 if (elf_ppnt->p_flags & PF_X)
935 executable_stack = EXSTACK_ENABLE_X;
937 executable_stack = EXSTACK_DISABLE_X;
940 case PT_LOPROC ... PT_HIPROC:
941 retval = arch_elf_pt_proc(elf_ex, elf_ppnt,
945 goto out_free_dentry;
949 /* Some simple consistency checks for the interpreter */
952 /* Not an ELF interpreter */
953 if (memcmp(interp_elf_ex->e_ident, ELFMAG, SELFMAG) != 0)
954 goto out_free_dentry;
955 /* Verify the interpreter has a valid arch */
956 if (!elf_check_arch(interp_elf_ex) ||
957 elf_check_fdpic(interp_elf_ex))
958 goto out_free_dentry;
960 /* Load the interpreter program headers */
961 interp_elf_phdata = load_elf_phdrs(interp_elf_ex,
963 if (!interp_elf_phdata)
964 goto out_free_dentry;
966 /* Pass PT_LOPROC..PT_HIPROC headers to arch code */
967 elf_property_phdata = NULL;
968 elf_ppnt = interp_elf_phdata;
969 for (i = 0; i < interp_elf_ex->e_phnum; i++, elf_ppnt++)
970 switch (elf_ppnt->p_type) {
971 case PT_GNU_PROPERTY:
972 elf_property_phdata = elf_ppnt;
975 case PT_LOPROC ... PT_HIPROC:
976 retval = arch_elf_pt_proc(interp_elf_ex,
977 elf_ppnt, interpreter,
980 goto out_free_dentry;
985 retval = parse_elf_properties(interpreter ?: bprm->file,
986 elf_property_phdata, &arch_state);
988 goto out_free_dentry;
991 * Allow arch code to reject the ELF at this point, whilst it's
992 * still possible to return an error to the code that invoked
995 retval = arch_check_elf(elf_ex,
996 !!interpreter, interp_elf_ex,
999 goto out_free_dentry;
1001 /* Flush all traces of the currently running executable */
1002 retval = begin_new_exec(bprm);
1004 goto out_free_dentry;
1006 /* Do this immediately, since STACK_TOP as used in setup_arg_pages
1007 may depend on the personality. */
1008 SET_PERSONALITY2(*elf_ex, &arch_state);
1009 if (elf_read_implies_exec(*elf_ex, executable_stack))
1010 current->personality |= READ_IMPLIES_EXEC;
1012 if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
1013 current->flags |= PF_RANDOMIZE;
1015 setup_new_exec(bprm);
1017 /* Do this so that we can load the interpreter, if need be. We will
1018 change some of these later */
1019 retval = setup_arg_pages(bprm, randomize_stack_top(STACK_TOP),
1022 goto out_free_dentry;
1032 /* Now we do a little grungy work by mmapping the ELF image into
1033 the correct location in memory. */
1034 for(i = 0, elf_ppnt = elf_phdata;
1035 i < elf_ex->e_phnum; i++, elf_ppnt++) {
1036 int elf_prot, elf_flags;
1037 unsigned long k, vaddr;
1038 unsigned long total_size = 0;
1039 unsigned long alignment;
1041 if (elf_ppnt->p_type != PT_LOAD)
1044 if (unlikely (elf_brk > elf_bss)) {
1045 unsigned long nbyte;
1047 /* There was a PT_LOAD segment with p_memsz > p_filesz
1048 before this one. Map anonymous pages, if needed,
1049 and clear the area. */
1050 retval = set_brk(elf_bss + load_bias,
1051 elf_brk + load_bias,
1054 goto out_free_dentry;
1055 nbyte = ELF_PAGEOFFSET(elf_bss);
1057 nbyte = ELF_MIN_ALIGN - nbyte;
1058 if (nbyte > elf_brk - elf_bss)
1059 nbyte = elf_brk - elf_bss;
1060 if (clear_user((void __user *)elf_bss +
1061 load_bias, nbyte)) {
1063 * This bss-zeroing can fail if the ELF
1064 * file specifies odd protections. So
1065 * we don't check the return value
1071 elf_prot = make_prot(elf_ppnt->p_flags, &arch_state,
1072 !!interpreter, false);
1074 elf_flags = MAP_PRIVATE;
1076 vaddr = elf_ppnt->p_vaddr;
1078 * The first time through the loop, first_pt_load is true:
1079 * layout will be calculated. Once set, use MAP_FIXED since
1080 * we know we've already safely mapped the entire region with
1081 * MAP_FIXED_NOREPLACE in the once-per-binary logic following.
1083 if (!first_pt_load) {
1084 elf_flags |= MAP_FIXED;
1085 } else if (elf_ex->e_type == ET_EXEC) {
1087 * This logic is run once for the first LOAD Program
1088 * Header for ET_EXEC binaries. No special handling
1091 elf_flags |= MAP_FIXED_NOREPLACE;
1092 } else if (elf_ex->e_type == ET_DYN) {
1094 * This logic is run once for the first LOAD Program
1095 * Header for ET_DYN binaries to calculate the
1096 * randomization (load_bias) for all the LOAD
1099 * There are effectively two types of ET_DYN
1100 * binaries: programs (i.e. PIE: ET_DYN with INTERP)
1101 * and loaders (ET_DYN without INTERP, since they
1102 * _are_ the ELF interpreter). The loaders must
1103 * be loaded away from programs since the program
1104 * may otherwise collide with the loader (especially
1105 * for ET_EXEC which does not have a randomized
1106 * position). For example to handle invocations of
1107 * "./ld.so someprog" to test out a new version of
1108 * the loader, the subsequent program that the
1109 * loader loads must avoid the loader itself, so
1110 * they cannot share the same load range. Sufficient
1111 * room for the brk must be allocated with the
1112 * loader as well, since brk must be available with
1115 * Therefore, programs are loaded offset from
1116 * ELF_ET_DYN_BASE and loaders are loaded into the
1117 * independently randomized mmap region (0 load_bias
1118 * without MAP_FIXED nor MAP_FIXED_NOREPLACE).
1121 load_bias = ELF_ET_DYN_BASE;
1122 if (current->flags & PF_RANDOMIZE)
1123 load_bias += arch_mmap_rnd();
1124 alignment = maximum_alignment(elf_phdata, elf_ex->e_phnum);
1126 load_bias &= ~(alignment - 1);
1127 elf_flags |= MAP_FIXED_NOREPLACE;
1132 * Since load_bias is used for all subsequent loading
1133 * calculations, we must lower it by the first vaddr
1134 * so that the remaining calculations based on the
1135 * ELF vaddrs will be correctly offset. The result
1136 * is then page aligned.
1138 load_bias = ELF_PAGESTART(load_bias - vaddr);
1141 * Calculate the entire size of the ELF mapping
1142 * (total_size), used for the initial mapping,
1143 * due to load_addr_set which is set to true later
1144 * once the initial mapping is performed.
1146 * Note that this is only sensible when the LOAD
1147 * segments are contiguous (or overlapping). If
1148 * used for LOADs that are far apart, this would
1149 * cause the holes between LOADs to be mapped,
1150 * running the risk of having the mapping fail,
1151 * as it would be larger than the ELF file itself.
1153 * As a result, only ET_DYN does this, since
1154 * some ET_EXEC (e.g. ia64) may have large virtual
1155 * memory holes between LOADs.
1158 total_size = total_mapping_size(elf_phdata,
1162 goto out_free_dentry;
1166 error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
1167 elf_prot, elf_flags, total_size);
1168 if (BAD_ADDR(error)) {
1169 retval = IS_ERR((void *)error) ?
1170 PTR_ERR((void*)error) : -EINVAL;
1171 goto out_free_dentry;
1174 if (first_pt_load) {
1176 if (elf_ex->e_type == ET_DYN) {
1177 load_bias += error -
1178 ELF_PAGESTART(load_bias + vaddr);
1179 reloc_func_desc = load_bias;
1184 * Figure out which segment in the file contains the Program
1185 * Header table, and map to the associated memory address.
1187 if (elf_ppnt->p_offset <= elf_ex->e_phoff &&
1188 elf_ex->e_phoff < elf_ppnt->p_offset + elf_ppnt->p_filesz) {
1189 phdr_addr = elf_ex->e_phoff - elf_ppnt->p_offset +
1193 k = elf_ppnt->p_vaddr;
1194 if ((elf_ppnt->p_flags & PF_X) && k < start_code)
1200 * Check to see if the section's size will overflow the
1201 * allowed task size. Note that p_filesz must always be
1202 * <= p_memsz so it is only necessary to check p_memsz.
1204 if (BAD_ADDR(k) || elf_ppnt->p_filesz > elf_ppnt->p_memsz ||
1205 elf_ppnt->p_memsz > TASK_SIZE ||
1206 TASK_SIZE - elf_ppnt->p_memsz < k) {
1207 /* set_brk can never work. Avoid overflows. */
1209 goto out_free_dentry;
1212 k = elf_ppnt->p_vaddr + elf_ppnt->p_filesz;
1216 if ((elf_ppnt->p_flags & PF_X) && end_code < k)
1220 k = elf_ppnt->p_vaddr + elf_ppnt->p_memsz;
1222 bss_prot = elf_prot;
1227 e_entry = elf_ex->e_entry + load_bias;
1228 phdr_addr += load_bias;
1229 elf_bss += load_bias;
1230 elf_brk += load_bias;
1231 start_code += load_bias;
1232 end_code += load_bias;
1233 start_data += load_bias;
1234 end_data += load_bias;
1236 /* Calling set_brk effectively mmaps the pages that we need
1237 * for the bss and break sections. We must do this before
1238 * mapping in the interpreter, to make sure it doesn't wind
1239 * up getting placed where the bss needs to go.
1241 retval = set_brk(elf_bss, elf_brk, bss_prot);
1243 goto out_free_dentry;
1244 if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
1245 retval = -EFAULT; /* Nobody gets to see this, but.. */
1246 goto out_free_dentry;
1250 elf_entry = load_elf_interp(interp_elf_ex,
1252 load_bias, interp_elf_phdata,
1254 if (!IS_ERR((void *)elf_entry)) {
1256 * load_elf_interp() returns relocation
1259 interp_load_addr = elf_entry;
1260 elf_entry += interp_elf_ex->e_entry;
1262 if (BAD_ADDR(elf_entry)) {
1263 retval = IS_ERR((void *)elf_entry) ?
1264 (int)elf_entry : -EINVAL;
1265 goto out_free_dentry;
1267 reloc_func_desc = interp_load_addr;
1269 allow_write_access(interpreter);
1272 kfree(interp_elf_ex);
1273 kfree(interp_elf_phdata);
1275 elf_entry = e_entry;
1276 if (BAD_ADDR(elf_entry)) {
1278 goto out_free_dentry;
1284 set_binfmt(&elf_format);
1286 #ifdef ARCH_HAS_SETUP_ADDITIONAL_PAGES
1287 retval = ARCH_SETUP_ADDITIONAL_PAGES(bprm, elf_ex, !!interpreter);
1290 #endif /* ARCH_HAS_SETUP_ADDITIONAL_PAGES */
1292 retval = create_elf_tables(bprm, elf_ex, interp_load_addr,
1293 e_entry, phdr_addr);
1298 mm->end_code = end_code;
1299 mm->start_code = start_code;
1300 mm->start_data = start_data;
1301 mm->end_data = end_data;
1302 mm->start_stack = bprm->p;
1304 if ((current->flags & PF_RANDOMIZE) && (randomize_va_space > 1)) {
1306 * For architectures with ELF randomization, when executing
1307 * a loader directly (i.e. no interpreter listed in ELF
1308 * headers), move the brk area out of the mmap region
1309 * (since it grows up, and may collide early with the stack
1310 * growing down), and into the unused ELF_ET_DYN_BASE region.
1312 if (IS_ENABLED(CONFIG_ARCH_HAS_ELF_RANDOMIZE) &&
1313 elf_ex->e_type == ET_DYN && !interpreter) {
1314 mm->brk = mm->start_brk = ELF_ET_DYN_BASE;
1317 mm->brk = mm->start_brk = arch_randomize_brk(mm);
1318 #ifdef compat_brk_randomized
1319 current->brk_randomized = 1;
1323 if (current->personality & MMAP_PAGE_ZERO) {
1324 /* Why this, you ask??? Well SVr4 maps page 0 as read-only,
1325 and some applications "depend" upon this behavior.
1326 Since we do not have the power to recompile these, we
1327 emulate the SVr4 behavior. Sigh. */
1328 error = vm_mmap(NULL, 0, PAGE_SIZE, PROT_READ | PROT_EXEC,
1329 MAP_FIXED | MAP_PRIVATE, 0);
1332 regs = current_pt_regs();
1333 #ifdef ELF_PLAT_INIT
1335 * The ABI may specify that certain registers be set up in special
1336 * ways (on i386 %edx is the address of a DT_FINI function, for
1337 * example. In addition, it may also specify (eg, PowerPC64 ELF)
1338 * that the e_entry field is the address of the function descriptor
1339 * for the startup routine, rather than the address of the startup
1340 * routine itself. This macro performs whatever initialization to
1341 * the regs structure is required as well as any relocations to the
1342 * function descriptor entries when executing dynamically links apps.
1344 ELF_PLAT_INIT(regs, reloc_func_desc);
1347 finalize_exec(bprm);
1348 START_THREAD(elf_ex, regs, elf_entry, bprm->p);
1355 kfree(interp_elf_ex);
1356 kfree(interp_elf_phdata);
1357 allow_write_access(interpreter);
1365 #ifdef CONFIG_USELIB
1366 /* This is really simpleminded and specialized - we are loading an
1367 a.out library that is given an ELF header. */
1368 static int load_elf_library(struct file *file)
1370 struct elf_phdr *elf_phdata;
1371 struct elf_phdr *eppnt;
1372 unsigned long elf_bss, bss, len;
1373 int retval, error, i, j;
1374 struct elfhdr elf_ex;
1377 retval = elf_read(file, &elf_ex, sizeof(elf_ex), 0);
1381 if (memcmp(elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
1384 /* First of all, some simple consistency checks */
1385 if (elf_ex.e_type != ET_EXEC || elf_ex.e_phnum > 2 ||
1386 !elf_check_arch(&elf_ex) || !file->f_op->mmap)
1388 if (elf_check_fdpic(&elf_ex))
1391 /* Now read in all of the header information */
1393 j = sizeof(struct elf_phdr) * elf_ex.e_phnum;
1394 /* j < ELF_MIN_ALIGN because elf_ex.e_phnum <= 2 */
1397 elf_phdata = kmalloc(j, GFP_KERNEL);
1403 retval = elf_read(file, eppnt, j, elf_ex.e_phoff);
1407 for (j = 0, i = 0; i<elf_ex.e_phnum; i++)
1408 if ((eppnt + i)->p_type == PT_LOAD)
1413 while (eppnt->p_type != PT_LOAD)
1416 /* Now use mmap to map the library into memory. */
1417 error = vm_mmap(file,
1418 ELF_PAGESTART(eppnt->p_vaddr),
1420 ELF_PAGEOFFSET(eppnt->p_vaddr)),
1421 PROT_READ | PROT_WRITE | PROT_EXEC,
1422 MAP_FIXED_NOREPLACE | MAP_PRIVATE,
1424 ELF_PAGEOFFSET(eppnt->p_vaddr)));
1425 if (error != ELF_PAGESTART(eppnt->p_vaddr))
1428 elf_bss = eppnt->p_vaddr + eppnt->p_filesz;
1429 if (padzero(elf_bss)) {
1434 len = ELF_PAGEALIGN(eppnt->p_filesz + eppnt->p_vaddr);
1435 bss = ELF_PAGEALIGN(eppnt->p_memsz + eppnt->p_vaddr);
1437 error = vm_brk(len, bss - len);
1448 #endif /* #ifdef CONFIG_USELIB */
1450 #ifdef CONFIG_ELF_CORE
1454 * Modelled on fs/exec.c:aout_core_dump()
1455 * Jeremy Fitzhardinge <jeremy@sw.oz.au>
1458 /* An ELF note in memory */
1463 unsigned int datasz;
1467 static int notesize(struct memelfnote *en)
1471 sz = sizeof(struct elf_note);
1472 sz += roundup(strlen(en->name) + 1, 4);
1473 sz += roundup(en->datasz, 4);
1478 static int writenote(struct memelfnote *men, struct coredump_params *cprm)
1481 en.n_namesz = strlen(men->name) + 1;
1482 en.n_descsz = men->datasz;
1483 en.n_type = men->type;
1485 return dump_emit(cprm, &en, sizeof(en)) &&
1486 dump_emit(cprm, men->name, en.n_namesz) && dump_align(cprm, 4) &&
1487 dump_emit(cprm, men->data, men->datasz) && dump_align(cprm, 4);
1490 static void fill_elf_header(struct elfhdr *elf, int segs,
1491 u16 machine, u32 flags)
1493 memset(elf, 0, sizeof(*elf));
1495 memcpy(elf->e_ident, ELFMAG, SELFMAG);
1496 elf->e_ident[EI_CLASS] = ELF_CLASS;
1497 elf->e_ident[EI_DATA] = ELF_DATA;
1498 elf->e_ident[EI_VERSION] = EV_CURRENT;
1499 elf->e_ident[EI_OSABI] = ELF_OSABI;
1501 elf->e_type = ET_CORE;
1502 elf->e_machine = machine;
1503 elf->e_version = EV_CURRENT;
1504 elf->e_phoff = sizeof(struct elfhdr);
1505 elf->e_flags = flags;
1506 elf->e_ehsize = sizeof(struct elfhdr);
1507 elf->e_phentsize = sizeof(struct elf_phdr);
1508 elf->e_phnum = segs;
1511 static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, loff_t offset)
1513 phdr->p_type = PT_NOTE;
1514 phdr->p_offset = offset;
1517 phdr->p_filesz = sz;
1523 static void fill_note(struct memelfnote *note, const char *name, int type,
1524 unsigned int sz, void *data)
1533 * fill up all the fields in prstatus from the given task struct, except
1534 * registers which need to be filled up separately.
1536 static void fill_prstatus(struct elf_prstatus_common *prstatus,
1537 struct task_struct *p, long signr)
1539 prstatus->pr_info.si_signo = prstatus->pr_cursig = signr;
1540 prstatus->pr_sigpend = p->pending.signal.sig[0];
1541 prstatus->pr_sighold = p->blocked.sig[0];
1543 prstatus->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1545 prstatus->pr_pid = task_pid_vnr(p);
1546 prstatus->pr_pgrp = task_pgrp_vnr(p);
1547 prstatus->pr_sid = task_session_vnr(p);
1548 if (thread_group_leader(p)) {
1549 struct task_cputime cputime;
1552 * This is the record for the group leader. It shows the
1553 * group-wide total, not its individual thread total.
1555 thread_group_cputime(p, &cputime);
1556 prstatus->pr_utime = ns_to_kernel_old_timeval(cputime.utime);
1557 prstatus->pr_stime = ns_to_kernel_old_timeval(cputime.stime);
1561 task_cputime(p, &utime, &stime);
1562 prstatus->pr_utime = ns_to_kernel_old_timeval(utime);
1563 prstatus->pr_stime = ns_to_kernel_old_timeval(stime);
1566 prstatus->pr_cutime = ns_to_kernel_old_timeval(p->signal->cutime);
1567 prstatus->pr_cstime = ns_to_kernel_old_timeval(p->signal->cstime);
1570 static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p,
1571 struct mm_struct *mm)
1573 const struct cred *cred;
1574 unsigned int i, len;
1577 /* first copy the parameters from user space */
1578 memset(psinfo, 0, sizeof(struct elf_prpsinfo));
1580 len = mm->arg_end - mm->arg_start;
1581 if (len >= ELF_PRARGSZ)
1582 len = ELF_PRARGSZ-1;
1583 if (copy_from_user(&psinfo->pr_psargs,
1584 (const char __user *)mm->arg_start, len))
1586 for(i = 0; i < len; i++)
1587 if (psinfo->pr_psargs[i] == 0)
1588 psinfo->pr_psargs[i] = ' ';
1589 psinfo->pr_psargs[len] = 0;
1592 psinfo->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1594 psinfo->pr_pid = task_pid_vnr(p);
1595 psinfo->pr_pgrp = task_pgrp_vnr(p);
1596 psinfo->pr_sid = task_session_vnr(p);
1598 state = READ_ONCE(p->__state);
1599 i = state ? ffz(~state) + 1 : 0;
1600 psinfo->pr_state = i;
1601 psinfo->pr_sname = (i > 5) ? '.' : "RSDTZW"[i];
1602 psinfo->pr_zomb = psinfo->pr_sname == 'Z';
1603 psinfo->pr_nice = task_nice(p);
1604 psinfo->pr_flag = p->flags;
1606 cred = __task_cred(p);
1607 SET_UID(psinfo->pr_uid, from_kuid_munged(cred->user_ns, cred->uid));
1608 SET_GID(psinfo->pr_gid, from_kgid_munged(cred->user_ns, cred->gid));
1610 get_task_comm(psinfo->pr_fname, p);
1615 static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
1617 elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
1621 while (auxv[i - 2] != AT_NULL);
1622 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
1625 static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata,
1626 const kernel_siginfo_t *siginfo)
1628 copy_siginfo_to_external(csigdata, siginfo);
1629 fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata);
1632 #define MAX_FILE_NOTE_SIZE (4*1024*1024)
1634 * Format of NT_FILE note:
1636 * long count -- how many files are mapped
1637 * long page_size -- units for file_ofs
1638 * array of [COUNT] elements of
1642 * followed by COUNT filenames in ASCII: "FILE1" NUL "FILE2" NUL...
1644 static int fill_files_note(struct memelfnote *note, struct coredump_params *cprm)
1646 unsigned count, size, names_ofs, remaining, n;
1648 user_long_t *start_end_ofs;
1649 char *name_base, *name_curpos;
1652 /* *Estimated* file count and total data size needed */
1653 count = cprm->vma_count;
1654 if (count > UINT_MAX / 64)
1658 names_ofs = (2 + 3 * count) * sizeof(data[0]);
1660 if (size >= MAX_FILE_NOTE_SIZE) /* paranoia check */
1662 size = round_up(size, PAGE_SIZE);
1664 * "size" can be 0 here legitimately.
1665 * Let it ENOMEM and omit NT_FILE section which will be empty anyway.
1667 data = kvmalloc(size, GFP_KERNEL);
1668 if (ZERO_OR_NULL_PTR(data))
1671 start_end_ofs = data + 2;
1672 name_base = name_curpos = ((char *)data) + names_ofs;
1673 remaining = size - names_ofs;
1675 for (i = 0; i < cprm->vma_count; i++) {
1676 struct core_vma_metadata *m = &cprm->vma_meta[i];
1678 const char *filename;
1683 filename = file_path(file, name_curpos, remaining);
1684 if (IS_ERR(filename)) {
1685 if (PTR_ERR(filename) == -ENAMETOOLONG) {
1687 size = size * 5 / 4;
1693 /* file_path() fills at the end, move name down */
1694 /* n = strlen(filename) + 1: */
1695 n = (name_curpos + remaining) - filename;
1696 remaining = filename - name_curpos;
1697 memmove(name_curpos, filename, n);
1700 *start_end_ofs++ = m->start;
1701 *start_end_ofs++ = m->end;
1702 *start_end_ofs++ = m->pgoff;
1706 /* Now we know exact count of files, can store it */
1708 data[1] = PAGE_SIZE;
1710 * Count usually is less than mm->map_count,
1711 * we need to move filenames down.
1713 n = cprm->vma_count - count;
1715 unsigned shift_bytes = n * 3 * sizeof(data[0]);
1716 memmove(name_base - shift_bytes, name_base,
1717 name_curpos - name_base);
1718 name_curpos -= shift_bytes;
1721 size = name_curpos - (char *)data;
1722 fill_note(note, "CORE", NT_FILE, size, data);
1726 #ifdef CORE_DUMP_USE_REGSET
1727 #include <linux/regset.h>
1729 struct elf_thread_core_info {
1730 struct elf_thread_core_info *next;
1731 struct task_struct *task;
1732 struct elf_prstatus prstatus;
1733 struct memelfnote notes[];
1736 struct elf_note_info {
1737 struct elf_thread_core_info *thread;
1738 struct memelfnote psinfo;
1739 struct memelfnote signote;
1740 struct memelfnote auxv;
1741 struct memelfnote files;
1742 user_siginfo_t csigdata;
1748 * When a regset has a writeback hook, we call it on each thread before
1749 * dumping user memory. On register window machines, this makes sure the
1750 * user memory backing the register data is up to date before we read it.
1752 static void do_thread_regset_writeback(struct task_struct *task,
1753 const struct user_regset *regset)
1755 if (regset->writeback)
1756 regset->writeback(task, regset, 1);
1759 #ifndef PRSTATUS_SIZE
1760 #define PRSTATUS_SIZE sizeof(struct elf_prstatus)
1763 #ifndef SET_PR_FPVALID
1764 #define SET_PR_FPVALID(S) ((S)->pr_fpvalid = 1)
1767 static int fill_thread_core_info(struct elf_thread_core_info *t,
1768 const struct user_regset_view *view,
1769 long signr, struct elf_note_info *info)
1771 unsigned int note_iter, view_iter;
1774 * NT_PRSTATUS is the one special case, because the regset data
1775 * goes into the pr_reg field inside the note contents, rather
1776 * than being the whole note contents. We fill the reset in here.
1777 * We assume that regset 0 is NT_PRSTATUS.
1779 fill_prstatus(&t->prstatus.common, t->task, signr);
1780 regset_get(t->task, &view->regsets[0],
1781 sizeof(t->prstatus.pr_reg), &t->prstatus.pr_reg);
1783 fill_note(&t->notes[0], "CORE", NT_PRSTATUS,
1784 PRSTATUS_SIZE, &t->prstatus);
1785 info->size += notesize(&t->notes[0]);
1787 do_thread_regset_writeback(t->task, &view->regsets[0]);
1790 * Each other regset might generate a note too. For each regset
1791 * that has no core_note_type or is inactive, skip it.
1794 for (view_iter = 1; view_iter < view->n; ++view_iter) {
1795 const struct user_regset *regset = &view->regsets[view_iter];
1796 int note_type = regset->core_note_type;
1797 bool is_fpreg = note_type == NT_PRFPREG;
1801 do_thread_regset_writeback(t->task, regset);
1802 if (!note_type) // not for coredumps
1804 if (regset->active && regset->active(t->task, regset) <= 0)
1807 ret = regset_get_alloc(t->task, regset, ~0U, &data);
1811 if (WARN_ON_ONCE(note_iter >= info->thread_notes))
1815 SET_PR_FPVALID(&t->prstatus);
1817 fill_note(&t->notes[note_iter], is_fpreg ? "CORE" : "LINUX",
1818 note_type, ret, data);
1820 info->size += notesize(&t->notes[note_iter]);
1827 static int fill_note_info(struct elfhdr *elf, int phdrs,
1828 struct elf_note_info *info,
1829 struct coredump_params *cprm)
1831 struct task_struct *dump_task = current;
1832 const struct user_regset_view *view = task_user_regset_view(dump_task);
1833 struct elf_thread_core_info *t;
1834 struct elf_prpsinfo *psinfo;
1835 struct core_thread *ct;
1839 info->thread = NULL;
1841 psinfo = kmalloc(sizeof(*psinfo), GFP_KERNEL);
1842 if (psinfo == NULL) {
1843 info->psinfo.data = NULL; /* So we don't free this wrongly */
1847 fill_note(&info->psinfo, "CORE", NT_PRPSINFO, sizeof(*psinfo), psinfo);
1850 * Figure out how many notes we're going to need for each thread.
1852 info->thread_notes = 0;
1853 for (i = 0; i < view->n; ++i)
1854 if (view->regsets[i].core_note_type != 0)
1855 ++info->thread_notes;
1858 * Sanity check. We rely on regset 0 being in NT_PRSTATUS,
1859 * since it is our one special case.
1861 if (unlikely(info->thread_notes == 0) ||
1862 unlikely(view->regsets[0].core_note_type != NT_PRSTATUS)) {
1868 * Initialize the ELF file header.
1870 fill_elf_header(elf, phdrs,
1871 view->e_machine, view->e_flags);
1874 * Allocate a structure for each thread.
1876 for (ct = &dump_task->signal->core_state->dumper; ct; ct = ct->next) {
1877 t = kzalloc(offsetof(struct elf_thread_core_info,
1878 notes[info->thread_notes]),
1884 if (ct->task == dump_task || !info->thread) {
1885 t->next = info->thread;
1889 * Make sure to keep the original task at
1890 * the head of the list.
1892 t->next = info->thread->next;
1893 info->thread->next = t;
1898 * Now fill in each thread's information.
1900 for (t = info->thread; t != NULL; t = t->next)
1901 if (!fill_thread_core_info(t, view, cprm->siginfo->si_signo, info))
1905 * Fill in the two process-wide notes.
1907 fill_psinfo(psinfo, dump_task->group_leader, dump_task->mm);
1908 info->size += notesize(&info->psinfo);
1910 fill_siginfo_note(&info->signote, &info->csigdata, cprm->siginfo);
1911 info->size += notesize(&info->signote);
1913 fill_auxv_note(&info->auxv, current->mm);
1914 info->size += notesize(&info->auxv);
1916 if (fill_files_note(&info->files, cprm) == 0)
1917 info->size += notesize(&info->files);
1922 static size_t get_note_info_size(struct elf_note_info *info)
1928 * Write all the notes for each thread. When writing the first thread, the
1929 * process-wide notes are interleaved after the first thread-specific note.
1931 static int write_note_info(struct elf_note_info *info,
1932 struct coredump_params *cprm)
1935 struct elf_thread_core_info *t = info->thread;
1940 if (!writenote(&t->notes[0], cprm))
1943 if (first && !writenote(&info->psinfo, cprm))
1945 if (first && !writenote(&info->signote, cprm))
1947 if (first && !writenote(&info->auxv, cprm))
1949 if (first && info->files.data &&
1950 !writenote(&info->files, cprm))
1953 for (i = 1; i < info->thread_notes; ++i)
1954 if (t->notes[i].data &&
1955 !writenote(&t->notes[i], cprm))
1965 static void free_note_info(struct elf_note_info *info)
1967 struct elf_thread_core_info *threads = info->thread;
1970 struct elf_thread_core_info *t = threads;
1972 WARN_ON(t->notes[0].data && t->notes[0].data != &t->prstatus);
1973 for (i = 1; i < info->thread_notes; ++i)
1974 kfree(t->notes[i].data);
1977 kfree(info->psinfo.data);
1978 kvfree(info->files.data);
1983 /* Here is the structure in which status of each thread is captured. */
1984 struct elf_thread_status
1986 struct list_head list;
1987 struct elf_prstatus prstatus; /* NT_PRSTATUS */
1988 elf_fpregset_t fpu; /* NT_PRFPREG */
1989 struct task_struct *thread;
1990 struct memelfnote notes[3];
1995 * In order to add the specific thread information for the elf file format,
1996 * we need to keep a linked list of every threads pr_status and then create
1997 * a single section for them in the final core file.
1999 static int elf_dump_thread_status(long signr, struct elf_thread_status *t)
2002 struct task_struct *p = t->thread;
2005 fill_prstatus(&t->prstatus.common, p, signr);
2006 elf_core_copy_task_regs(p, &t->prstatus.pr_reg);
2008 fill_note(&t->notes[0], "CORE", NT_PRSTATUS, sizeof(t->prstatus),
2011 sz += notesize(&t->notes[0]);
2013 if ((t->prstatus.pr_fpvalid = elf_core_copy_task_fpregs(p, NULL,
2015 fill_note(&t->notes[1], "CORE", NT_PRFPREG, sizeof(t->fpu),
2018 sz += notesize(&t->notes[1]);
2023 struct elf_note_info {
2024 struct memelfnote *notes;
2025 struct memelfnote *notes_files;
2026 struct elf_prstatus *prstatus; /* NT_PRSTATUS */
2027 struct elf_prpsinfo *psinfo; /* NT_PRPSINFO */
2028 struct list_head thread_list;
2029 elf_fpregset_t *fpu;
2030 user_siginfo_t csigdata;
2031 int thread_status_size;
2035 static int elf_note_info_init(struct elf_note_info *info)
2037 memset(info, 0, sizeof(*info));
2038 INIT_LIST_HEAD(&info->thread_list);
2040 /* Allocate space for ELF notes */
2041 info->notes = kmalloc_array(8, sizeof(struct memelfnote), GFP_KERNEL);
2044 info->psinfo = kmalloc(sizeof(*info->psinfo), GFP_KERNEL);
2047 info->prstatus = kmalloc(sizeof(*info->prstatus), GFP_KERNEL);
2048 if (!info->prstatus)
2050 info->fpu = kmalloc(sizeof(*info->fpu), GFP_KERNEL);
2056 static int fill_note_info(struct elfhdr *elf, int phdrs,
2057 struct elf_note_info *info,
2058 struct coredump_params *cprm)
2060 struct core_thread *ct;
2061 struct elf_thread_status *ets;
2063 if (!elf_note_info_init(info))
2066 for (ct = current->signal->core_state->dumper.next;
2067 ct; ct = ct->next) {
2068 ets = kzalloc(sizeof(*ets), GFP_KERNEL);
2072 ets->thread = ct->task;
2073 list_add(&ets->list, &info->thread_list);
2076 list_for_each_entry(ets, &info->thread_list, list) {
2079 sz = elf_dump_thread_status(cprm->siginfo->si_signo, ets);
2080 info->thread_status_size += sz;
2082 /* now collect the dump for the current */
2083 memset(info->prstatus, 0, sizeof(*info->prstatus));
2084 fill_prstatus(&info->prstatus->common, current, cprm->siginfo->si_signo);
2085 elf_core_copy_regs(&info->prstatus->pr_reg, cprm->regs);
2088 fill_elf_header(elf, phdrs, ELF_ARCH, ELF_CORE_EFLAGS);
2091 * Set up the notes in similar form to SVR4 core dumps made
2092 * with info from their /proc.
2095 fill_note(info->notes + 0, "CORE", NT_PRSTATUS,
2096 sizeof(*info->prstatus), info->prstatus);
2097 fill_psinfo(info->psinfo, current->group_leader, current->mm);
2098 fill_note(info->notes + 1, "CORE", NT_PRPSINFO,
2099 sizeof(*info->psinfo), info->psinfo);
2101 fill_siginfo_note(info->notes + 2, &info->csigdata, cprm->siginfo);
2102 fill_auxv_note(info->notes + 3, current->mm);
2105 if (fill_files_note(info->notes + info->numnote, cprm) == 0) {
2106 info->notes_files = info->notes + info->numnote;
2110 /* Try to dump the FPU. */
2111 info->prstatus->pr_fpvalid =
2112 elf_core_copy_task_fpregs(current, cprm->regs, info->fpu);
2113 if (info->prstatus->pr_fpvalid)
2114 fill_note(info->notes + info->numnote++,
2115 "CORE", NT_PRFPREG, sizeof(*info->fpu), info->fpu);
2119 static size_t get_note_info_size(struct elf_note_info *info)
2124 for (i = 0; i < info->numnote; i++)
2125 sz += notesize(info->notes + i);
2127 sz += info->thread_status_size;
2132 static int write_note_info(struct elf_note_info *info,
2133 struct coredump_params *cprm)
2135 struct elf_thread_status *ets;
2138 for (i = 0; i < info->numnote; i++)
2139 if (!writenote(info->notes + i, cprm))
2142 /* write out the thread status notes section */
2143 list_for_each_entry(ets, &info->thread_list, list) {
2144 for (i = 0; i < ets->num_notes; i++)
2145 if (!writenote(&ets->notes[i], cprm))
2152 static void free_note_info(struct elf_note_info *info)
2154 while (!list_empty(&info->thread_list)) {
2155 struct list_head *tmp = info->thread_list.next;
2157 kfree(list_entry(tmp, struct elf_thread_status, list));
2160 /* Free data possibly allocated by fill_files_note(): */
2161 if (info->notes_files)
2162 kvfree(info->notes_files->data);
2164 kfree(info->prstatus);
2165 kfree(info->psinfo);
2172 static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
2173 elf_addr_t e_shoff, int segs)
2175 elf->e_shoff = e_shoff;
2176 elf->e_shentsize = sizeof(*shdr4extnum);
2178 elf->e_shstrndx = SHN_UNDEF;
2180 memset(shdr4extnum, 0, sizeof(*shdr4extnum));
2182 shdr4extnum->sh_type = SHT_NULL;
2183 shdr4extnum->sh_size = elf->e_shnum;
2184 shdr4extnum->sh_link = elf->e_shstrndx;
2185 shdr4extnum->sh_info = segs;
2191 * This is a two-pass process; first we find the offsets of the bits,
2192 * and then they are actually written out. If we run out of core limit
2195 static int elf_core_dump(struct coredump_params *cprm)
2200 loff_t offset = 0, dataoff;
2201 struct elf_note_info info = { };
2202 struct elf_phdr *phdr4note = NULL;
2203 struct elf_shdr *shdr4extnum = NULL;
2208 * The number of segs are recored into ELF header as 16bit value.
2209 * Please check DEFAULT_MAX_MAP_COUNT definition when you modify here.
2211 segs = cprm->vma_count + elf_core_extra_phdrs();
2213 /* for notes section */
2216 /* If segs > PN_XNUM(0xffff), then e_phnum overflows. To avoid
2217 * this, kernel supports extended numbering. Have a look at
2218 * include/linux/elf.h for further information. */
2219 e_phnum = segs > PN_XNUM ? PN_XNUM : segs;
2222 * Collect all the non-memory information about the process for the
2223 * notes. This also sets up the file header.
2225 if (!fill_note_info(&elf, e_phnum, &info, cprm))
2230 offset += sizeof(elf); /* Elf header */
2231 offset += segs * sizeof(struct elf_phdr); /* Program headers */
2233 /* Write notes phdr entry */
2235 size_t sz = get_note_info_size(&info);
2237 /* For cell spufs */
2238 sz += elf_coredump_extra_notes_size();
2240 phdr4note = kmalloc(sizeof(*phdr4note), GFP_KERNEL);
2244 fill_elf_note_phdr(phdr4note, sz, offset);
2248 dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
2250 offset += cprm->vma_data_size;
2251 offset += elf_core_extra_data_size();
2254 if (e_phnum == PN_XNUM) {
2255 shdr4extnum = kmalloc(sizeof(*shdr4extnum), GFP_KERNEL);
2258 fill_extnum_info(&elf, shdr4extnum, e_shoff, segs);
2263 if (!dump_emit(cprm, &elf, sizeof(elf)))
2266 if (!dump_emit(cprm, phdr4note, sizeof(*phdr4note)))
2269 /* Write program headers for segments dump */
2270 for (i = 0; i < cprm->vma_count; i++) {
2271 struct core_vma_metadata *meta = cprm->vma_meta + i;
2272 struct elf_phdr phdr;
2274 phdr.p_type = PT_LOAD;
2275 phdr.p_offset = offset;
2276 phdr.p_vaddr = meta->start;
2278 phdr.p_filesz = meta->dump_size;
2279 phdr.p_memsz = meta->end - meta->start;
2280 offset += phdr.p_filesz;
2282 if (meta->flags & VM_READ)
2283 phdr.p_flags |= PF_R;
2284 if (meta->flags & VM_WRITE)
2285 phdr.p_flags |= PF_W;
2286 if (meta->flags & VM_EXEC)
2287 phdr.p_flags |= PF_X;
2288 phdr.p_align = ELF_EXEC_PAGESIZE;
2290 if (!dump_emit(cprm, &phdr, sizeof(phdr)))
2294 if (!elf_core_write_extra_phdrs(cprm, offset))
2297 /* write out the notes section */
2298 if (!write_note_info(&info, cprm))
2301 /* For cell spufs */
2302 if (elf_coredump_extra_notes_write(cprm))
2306 dump_skip_to(cprm, dataoff);
2308 for (i = 0; i < cprm->vma_count; i++) {
2309 struct core_vma_metadata *meta = cprm->vma_meta + i;
2311 if (!dump_user_range(cprm, meta->start, meta->dump_size))
2315 if (!elf_core_write_extra_data(cprm))
2318 if (e_phnum == PN_XNUM) {
2319 if (!dump_emit(cprm, shdr4extnum, sizeof(*shdr4extnum)))
2324 free_note_info(&info);
2330 #endif /* CONFIG_ELF_CORE */
2332 static int __init init_elf_binfmt(void)
2334 register_binfmt(&elf_format);
2338 static void __exit exit_elf_binfmt(void)
2340 /* Remove the COFF and ELF loaders. */
2341 unregister_binfmt(&elf_format);
2344 core_initcall(init_elf_binfmt);
2345 module_exit(exit_elf_binfmt);
2346 MODULE_LICENSE("GPL");
2348 #ifdef CONFIG_BINFMT_ELF_KUNIT_TEST
2349 #include "binfmt_elf_test.c"
projects / platform / kernel / linux-rpi.git / blob