ata: pata_cs5520: Avoid overwriting initialised field in 'cs5520_sht'
[platform/kernel/linux-starfive.git] / kernel / kexec_elf.c
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * Load ELF vmlinux file for the kexec_file_load syscall.
4  *
5  * Copyright (C) 2004  Adam Litke (agl@us.ibm.com)
6  * Copyright (C) 2004  IBM Corp.
7  * Copyright (C) 2005  R Sharada (sharada@in.ibm.com)
8  * Copyright (C) 2006  Mohan Kumar M (mohan@in.ibm.com)
9  * Copyright (C) 2016  IBM Corporation
10  *
11  * Based on kexec-tools' kexec-elf-exec.c and kexec-elf-ppc64.c.
12  * Heavily modified for the kernel by
13  * Thiago Jung Bauermann <bauerman@linux.vnet.ibm.com>.
14  */
15
16 #define pr_fmt(fmt)     "kexec_elf: " fmt
17
18 #include <linux/elf.h>
19 #include <linux/kexec.h>
20 #include <linux/module.h>
21 #include <linux/slab.h>
22 #include <linux/types.h>
23
24 static inline bool elf_is_elf_file(const struct elfhdr *ehdr)
25 {
26         return memcmp(ehdr->e_ident, ELFMAG, SELFMAG) == 0;
27 }
28
29 static uint64_t elf64_to_cpu(const struct elfhdr *ehdr, uint64_t value)
30 {
31         if (ehdr->e_ident[EI_DATA] == ELFDATA2LSB)
32                 value = le64_to_cpu(value);
33         else if (ehdr->e_ident[EI_DATA] == ELFDATA2MSB)
34                 value = be64_to_cpu(value);
35
36         return value;
37 }
38
39 static uint32_t elf32_to_cpu(const struct elfhdr *ehdr, uint32_t value)
40 {
41         if (ehdr->e_ident[EI_DATA] == ELFDATA2LSB)
42                 value = le32_to_cpu(value);
43         else if (ehdr->e_ident[EI_DATA] == ELFDATA2MSB)
44                 value = be32_to_cpu(value);
45
46         return value;
47 }
48
49 static uint16_t elf16_to_cpu(const struct elfhdr *ehdr, uint16_t value)
50 {
51         if (ehdr->e_ident[EI_DATA] == ELFDATA2LSB)
52                 value = le16_to_cpu(value);
53         else if (ehdr->e_ident[EI_DATA] == ELFDATA2MSB)
54                 value = be16_to_cpu(value);
55
56         return value;
57 }
58
59 /**
60  * elf_is_ehdr_sane - check that it is safe to use the ELF header
61  * @buf_len:    size of the buffer in which the ELF file is loaded.
62  */
63 static bool elf_is_ehdr_sane(const struct elfhdr *ehdr, size_t buf_len)
64 {
65         if (ehdr->e_phnum > 0 && ehdr->e_phentsize != sizeof(struct elf_phdr)) {
66                 pr_debug("Bad program header size.\n");
67                 return false;
68         } else if (ehdr->e_shnum > 0 &&
69                    ehdr->e_shentsize != sizeof(struct elf_shdr)) {
70                 pr_debug("Bad section header size.\n");
71                 return false;
72         } else if (ehdr->e_ident[EI_VERSION] != EV_CURRENT ||
73                    ehdr->e_version != EV_CURRENT) {
74                 pr_debug("Unknown ELF version.\n");
75                 return false;
76         }
77
78         if (ehdr->e_phoff > 0 && ehdr->e_phnum > 0) {
79                 size_t phdr_size;
80
81                 /*
82                  * e_phnum is at most 65535 so calculating the size of the
83                  * program header cannot overflow.
84                  */
85                 phdr_size = sizeof(struct elf_phdr) * ehdr->e_phnum;
86
87                 /* Sanity check the program header table location. */
88                 if (ehdr->e_phoff + phdr_size < ehdr->e_phoff) {
89                         pr_debug("Program headers at invalid location.\n");
90                         return false;
91                 } else if (ehdr->e_phoff + phdr_size > buf_len) {
92                         pr_debug("Program headers truncated.\n");
93                         return false;
94                 }
95         }
96
97         if (ehdr->e_shoff > 0 && ehdr->e_shnum > 0) {
98                 size_t shdr_size;
99
100                 /*
101                  * e_shnum is at most 65536 so calculating
102                  * the size of the section header cannot overflow.
103                  */
104                 shdr_size = sizeof(struct elf_shdr) * ehdr->e_shnum;
105
106                 /* Sanity check the section header table location. */
107                 if (ehdr->e_shoff + shdr_size < ehdr->e_shoff) {
108                         pr_debug("Section headers at invalid location.\n");
109                         return false;
110                 } else if (ehdr->e_shoff + shdr_size > buf_len) {
111                         pr_debug("Section headers truncated.\n");
112                         return false;
113                 }
114         }
115
116         return true;
117 }
118
119 static int elf_read_ehdr(const char *buf, size_t len, struct elfhdr *ehdr)
120 {
121         struct elfhdr *buf_ehdr;
122
123         if (len < sizeof(*buf_ehdr)) {
124                 pr_debug("Buffer is too small to hold ELF header.\n");
125                 return -ENOEXEC;
126         }
127
128         memset(ehdr, 0, sizeof(*ehdr));
129         memcpy(ehdr->e_ident, buf, sizeof(ehdr->e_ident));
130         if (!elf_is_elf_file(ehdr)) {
131                 pr_debug("No ELF header magic.\n");
132                 return -ENOEXEC;
133         }
134
135         if (ehdr->e_ident[EI_CLASS] != ELF_CLASS) {
136                 pr_debug("Not a supported ELF class.\n");
137                 return -ENOEXEC;
138         } else  if (ehdr->e_ident[EI_DATA] != ELFDATA2LSB &&
139                 ehdr->e_ident[EI_DATA] != ELFDATA2MSB) {
140                 pr_debug("Not a supported ELF data format.\n");
141                 return -ENOEXEC;
142         }
143
144         buf_ehdr = (struct elfhdr *) buf;
145         if (elf16_to_cpu(ehdr, buf_ehdr->e_ehsize) != sizeof(*buf_ehdr)) {
146                 pr_debug("Bad ELF header size.\n");
147                 return -ENOEXEC;
148         }
149
150         ehdr->e_type      = elf16_to_cpu(ehdr, buf_ehdr->e_type);
151         ehdr->e_machine   = elf16_to_cpu(ehdr, buf_ehdr->e_machine);
152         ehdr->e_version   = elf32_to_cpu(ehdr, buf_ehdr->e_version);
153         ehdr->e_flags     = elf32_to_cpu(ehdr, buf_ehdr->e_flags);
154         ehdr->e_phentsize = elf16_to_cpu(ehdr, buf_ehdr->e_phentsize);
155         ehdr->e_phnum     = elf16_to_cpu(ehdr, buf_ehdr->e_phnum);
156         ehdr->e_shentsize = elf16_to_cpu(ehdr, buf_ehdr->e_shentsize);
157         ehdr->e_shnum     = elf16_to_cpu(ehdr, buf_ehdr->e_shnum);
158         ehdr->e_shstrndx  = elf16_to_cpu(ehdr, buf_ehdr->e_shstrndx);
159
160         switch (ehdr->e_ident[EI_CLASS]) {
161         case ELFCLASS64:
162                 ehdr->e_entry = elf64_to_cpu(ehdr, buf_ehdr->e_entry);
163                 ehdr->e_phoff = elf64_to_cpu(ehdr, buf_ehdr->e_phoff);
164                 ehdr->e_shoff = elf64_to_cpu(ehdr, buf_ehdr->e_shoff);
165                 break;
166
167         case ELFCLASS32:
168                 ehdr->e_entry = elf32_to_cpu(ehdr, buf_ehdr->e_entry);
169                 ehdr->e_phoff = elf32_to_cpu(ehdr, buf_ehdr->e_phoff);
170                 ehdr->e_shoff = elf32_to_cpu(ehdr, buf_ehdr->e_shoff);
171                 break;
172
173         default:
174                 pr_debug("Unknown ELF class.\n");
175                 return -EINVAL;
176         }
177
178         return elf_is_ehdr_sane(ehdr, len) ? 0 : -ENOEXEC;
179 }
180
181 /**
182  * elf_is_phdr_sane - check that it is safe to use the program header
183  * @buf_len:    size of the buffer in which the ELF file is loaded.
184  */
185 static bool elf_is_phdr_sane(const struct elf_phdr *phdr, size_t buf_len)
186 {
187
188         if (phdr->p_offset + phdr->p_filesz < phdr->p_offset) {
189                 pr_debug("ELF segment location wraps around.\n");
190                 return false;
191         } else if (phdr->p_offset + phdr->p_filesz > buf_len) {
192                 pr_debug("ELF segment not in file.\n");
193                 return false;
194         } else if (phdr->p_paddr + phdr->p_memsz < phdr->p_paddr) {
195                 pr_debug("ELF segment address wraps around.\n");
196                 return false;
197         }
198
199         return true;
200 }
201
202 static int elf_read_phdr(const char *buf, size_t len,
203                          struct kexec_elf_info *elf_info,
204                          int idx)
205 {
206         /* Override the const in proghdrs, we are the ones doing the loading. */
207         struct elf_phdr *phdr = (struct elf_phdr *) &elf_info->proghdrs[idx];
208         const struct elfhdr *ehdr = elf_info->ehdr;
209         const char *pbuf;
210         struct elf_phdr *buf_phdr;
211
212         pbuf = buf + elf_info->ehdr->e_phoff + (idx * sizeof(*buf_phdr));
213         buf_phdr = (struct elf_phdr *) pbuf;
214
215         phdr->p_type   = elf32_to_cpu(elf_info->ehdr, buf_phdr->p_type);
216         phdr->p_flags  = elf32_to_cpu(elf_info->ehdr, buf_phdr->p_flags);
217
218         switch (ehdr->e_ident[EI_CLASS]) {
219         case ELFCLASS64:
220                 phdr->p_offset = elf64_to_cpu(ehdr, buf_phdr->p_offset);
221                 phdr->p_paddr  = elf64_to_cpu(ehdr, buf_phdr->p_paddr);
222                 phdr->p_vaddr  = elf64_to_cpu(ehdr, buf_phdr->p_vaddr);
223                 phdr->p_filesz = elf64_to_cpu(ehdr, buf_phdr->p_filesz);
224                 phdr->p_memsz  = elf64_to_cpu(ehdr, buf_phdr->p_memsz);
225                 phdr->p_align  = elf64_to_cpu(ehdr, buf_phdr->p_align);
226                 break;
227
228         case ELFCLASS32:
229                 phdr->p_offset = elf32_to_cpu(ehdr, buf_phdr->p_offset);
230                 phdr->p_paddr  = elf32_to_cpu(ehdr, buf_phdr->p_paddr);
231                 phdr->p_vaddr  = elf32_to_cpu(ehdr, buf_phdr->p_vaddr);
232                 phdr->p_filesz = elf32_to_cpu(ehdr, buf_phdr->p_filesz);
233                 phdr->p_memsz  = elf32_to_cpu(ehdr, buf_phdr->p_memsz);
234                 phdr->p_align  = elf32_to_cpu(ehdr, buf_phdr->p_align);
235                 break;
236
237         default:
238                 pr_debug("Unknown ELF class.\n");
239                 return -EINVAL;
240         }
241
242         return elf_is_phdr_sane(phdr, len) ? 0 : -ENOEXEC;
243 }
244
245 /**
246  * elf_read_phdrs - read the program headers from the buffer
247  *
248  * This function assumes that the program header table was checked for sanity.
249  * Use elf_is_ehdr_sane() if it wasn't.
250  */
251 static int elf_read_phdrs(const char *buf, size_t len,
252                           struct kexec_elf_info *elf_info)
253 {
254         size_t phdr_size, i;
255         const struct elfhdr *ehdr = elf_info->ehdr;
256
257         /*
258          * e_phnum is at most 65535 so calculating the size of the
259          * program header cannot overflow.
260          */
261         phdr_size = sizeof(struct elf_phdr) * ehdr->e_phnum;
262
263         elf_info->proghdrs = kzalloc(phdr_size, GFP_KERNEL);
264         if (!elf_info->proghdrs)
265                 return -ENOMEM;
266
267         for (i = 0; i < ehdr->e_phnum; i++) {
268                 int ret;
269
270                 ret = elf_read_phdr(buf, len, elf_info, i);
271                 if (ret) {
272                         kfree(elf_info->proghdrs);
273                         elf_info->proghdrs = NULL;
274                         return ret;
275                 }
276         }
277
278         return 0;
279 }
280
281 /**
282  * elf_read_from_buffer - read ELF file and sets up ELF header and ELF info
283  * @buf:        Buffer to read ELF file from.
284  * @len:        Size of @buf.
285  * @ehdr:       Pointer to existing struct which will be populated.
286  * @elf_info:   Pointer to existing struct which will be populated.
287  *
288  * This function allows reading ELF files with different byte order than
289  * the kernel, byte-swapping the fields as needed.
290  *
291  * Return:
292  * On success returns 0, and the caller should call
293  * kexec_free_elf_info(elf_info) to free the memory allocated for the section
294  * and program headers.
295  */
296 static int elf_read_from_buffer(const char *buf, size_t len,
297                                 struct elfhdr *ehdr,
298                                 struct kexec_elf_info *elf_info)
299 {
300         int ret;
301
302         ret = elf_read_ehdr(buf, len, ehdr);
303         if (ret)
304                 return ret;
305
306         elf_info->buffer = buf;
307         elf_info->ehdr = ehdr;
308         if (ehdr->e_phoff > 0 && ehdr->e_phnum > 0) {
309                 ret = elf_read_phdrs(buf, len, elf_info);
310                 if (ret)
311                         return ret;
312         }
313         return 0;
314 }
315
316 /**
317  * kexec_free_elf_info - free memory allocated by elf_read_from_buffer
318  */
319 void kexec_free_elf_info(struct kexec_elf_info *elf_info)
320 {
321         kfree(elf_info->proghdrs);
322         memset(elf_info, 0, sizeof(*elf_info));
323 }
324 /**
325  * kexec_build_elf_info - read ELF executable and check that we can use it
326  */
327 int kexec_build_elf_info(const char *buf, size_t len, struct elfhdr *ehdr,
328                                struct kexec_elf_info *elf_info)
329 {
330         int i;
331         int ret;
332
333         ret = elf_read_from_buffer(buf, len, ehdr, elf_info);
334         if (ret)
335                 return ret;
336
337         /* Big endian vmlinux has type ET_DYN. */
338         if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN) {
339                 pr_err("Not an ELF executable.\n");
340                 goto error;
341         } else if (!elf_info->proghdrs) {
342                 pr_err("No ELF program header.\n");
343                 goto error;
344         }
345
346         for (i = 0; i < ehdr->e_phnum; i++) {
347                 /*
348                  * Kexec does not support loading interpreters.
349                  * In addition this check keeps us from attempting
350                  * to kexec ordinay executables.
351                  */
352                 if (elf_info->proghdrs[i].p_type == PT_INTERP) {
353                         pr_err("Requires an ELF interpreter.\n");
354                         goto error;
355                 }
356         }
357
358         return 0;
359 error:
360         kexec_free_elf_info(elf_info);
361         return -ENOEXEC;
362 }
363
364
365 int kexec_elf_probe(const char *buf, unsigned long len)
366 {
367         struct elfhdr ehdr;
368         struct kexec_elf_info elf_info;
369         int ret;
370
371         ret = kexec_build_elf_info(buf, len, &ehdr, &elf_info);
372         if (ret)
373                 return ret;
374
375         kexec_free_elf_info(&elf_info);
376
377         return elf_check_arch(&ehdr) ? 0 : -ENOEXEC;
378 }
379
380 /**
381  * kexec_elf_load - load ELF executable image
382  * @lowest_load_addr:   On return, will be the address where the first PT_LOAD
383  *                      section will be loaded in memory.
384  *
385  * Return:
386  * 0 on success, negative value on failure.
387  */
388 int kexec_elf_load(struct kimage *image, struct elfhdr *ehdr,
389                          struct kexec_elf_info *elf_info,
390                          struct kexec_buf *kbuf,
391                          unsigned long *lowest_load_addr)
392 {
393         unsigned long lowest_addr = UINT_MAX;
394         int ret;
395         size_t i;
396
397         /* Read in the PT_LOAD segments. */
398         for (i = 0; i < ehdr->e_phnum; i++) {
399                 unsigned long load_addr;
400                 size_t size;
401                 const struct elf_phdr *phdr;
402
403                 phdr = &elf_info->proghdrs[i];
404                 if (phdr->p_type != PT_LOAD)
405                         continue;
406
407                 size = phdr->p_filesz;
408                 if (size > phdr->p_memsz)
409                         size = phdr->p_memsz;
410
411                 kbuf->buffer = (void *) elf_info->buffer + phdr->p_offset;
412                 kbuf->bufsz = size;
413                 kbuf->memsz = phdr->p_memsz;
414                 kbuf->buf_align = phdr->p_align;
415                 kbuf->buf_min = phdr->p_paddr;
416                 kbuf->mem = KEXEC_BUF_MEM_UNKNOWN;
417                 ret = kexec_add_buffer(kbuf);
418                 if (ret)
419                         goto out;
420                 load_addr = kbuf->mem;
421
422                 if (load_addr < lowest_addr)
423                         lowest_addr = load_addr;
424         }
425
426         *lowest_load_addr = lowest_addr;
427         ret = 0;
428  out:
429         return ret;
430 }