projects / linux-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
coredump: rework elf/elf_fdpic vma_dump_size() into common helper
[linux-block.git] / fs / binfmt_elf.c
CommitLineData
09c434b8 1// SPDX-License-Identifier: GPL-2.0-only
1da177e4
LT		 2/*
3 * linux/fs/binfmt_elf.c
4 *
5 * These are the functions used to load ELF format executables as used
6 * on SVr4 machines. Information on the format may be found in the book
7 * "UNIX SYSTEM V RELEASE 4 Programmers Guide: Ansi C and Programming Support
8 * Tools".
9 *
10 * Copyright 1993, 1994: Eric Youngdale (ericy@cais.com).
11 */
12
13#include <linux/module.h>
14#include <linux/kernel.h>
15#include <linux/fs.h>
ce81bb25 16#include <linux/log2.h>
1da177e4
LT		 17#include <linux/mm.h>
18#include <linux/mman.h>
1da177e4
LT		 19#include <linux/errno.h>
20#include <linux/signal.h>
21#include <linux/binfmts.h>
22#include <linux/string.h>
23#include <linux/file.h>
1da177e4 24#include <linux/slab.h>
1da177e4
LT		 25#include <linux/personality.h>
26#include <linux/elfcore.h>
27#include <linux/init.h>
28#include <linux/highuid.h>
1da177e4
LT		 29#include <linux/compiler.h>
30#include <linux/highmem.h>
03911132 31#include <linux/hugetlb.h>
1da177e4 32#include <linux/pagemap.h>
2aa362c4 33#include <linux/vmalloc.h>
1da177e4 34#include <linux/security.h>
1da177e4 35#include <linux/random.h>
f4e5cc2c 36#include <linux/elf.h>
d1fd836d 37#include <linux/elf-randomize.h>
7e80d0d0 38#include <linux/utsname.h>
088e7af7 39#include <linux/coredump.h>
6fac4829 40#include <linux/sched.h>
f7ccbae4 41#include <linux/sched/coredump.h>
68db0cf1 42#include <linux/sched/task_stack.h>
32ef5517 43#include <linux/sched/cputime.h>
00e19cee
DM		 44#include <linux/sizes.h>
45#include <linux/types.h>
5b825c3a 46#include <linux/cred.h>
5037835c 47#include <linux/dax.h>
7c0f6ba6 48#include <linux/uaccess.h>
1da177e4
LT		 49#include <asm/param.h>
50#include <asm/page.h>
51
00e19cee
DM		 52#ifndef ELF_COMPAT
53#define ELF_COMPAT 0
54#endif
55
2aa362c4
DV		 56#ifndef user_long_t
57#define user_long_t long
58#endif
49ae4d4b
DV		 59#ifndef user_siginfo_t
60#define user_siginfo_t siginfo_t
61#endif
62
4755200b
NP		 63/* That's for binfmt_elf_fdpic to deal with */
64#ifndef elf_check_fdpic
65#define elf_check_fdpic(ex) false
66#endif
67
71613c3b 68static int load_elf_binary(struct linux_binprm *bprm);
1da177e4 69
69369a70
JT		 70#ifdef CONFIG_USELIB
71static int load_elf_library(struct file *);
72#else
73#define load_elf_library NULL
74#endif
75
1da177e4
LT		 76/*
77 * If we don't support core dumping, then supply a NULL so we
78 * don't even try.
79 */
698ba7b5 80#ifdef CONFIG_ELF_CORE
f6151dfe 81static int elf_core_dump(struct coredump_params *cprm);
1da177e4
LT		 82#else
83#define elf_core_dump NULL
84#endif
85
86#if ELF_EXEC_PAGESIZE > PAGE_SIZE
f4e5cc2c 87#define ELF_MIN_ALIGN ELF_EXEC_PAGESIZE
1da177e4 88#else
f4e5cc2c 89#define ELF_MIN_ALIGN PAGE_SIZE
1da177e4
LT		 90#endif
91
92#ifndef ELF_CORE_EFLAGS
93#define ELF_CORE_EFLAGS 0
94#endif
95
96#define ELF_PAGESTART(_v) ((_v) & ~(unsigned long)(ELF_MIN_ALIGN-1))
97#define ELF_PAGEOFFSET(_v) ((_v) & (ELF_MIN_ALIGN-1))
98#define ELF_PAGEALIGN(_v) (((_v) + ELF_MIN_ALIGN - 1) & ~(ELF_MIN_ALIGN - 1))
99
100static struct linux_binfmt elf_format = {
f670d0ec
MP		 101 .module = THIS_MODULE,
102 .load_binary = load_elf_binary,
103 .load_shlib = load_elf_library,
104 .core_dump = elf_core_dump,
105 .min_coredump = ELF_EXEC_PAGESIZE,
1da177e4
LT		 106};
107
18676ffc 108#define BAD_ADDR(x) (unlikely((unsigned long)(x) >= TASK_SIZE))
1da177e4 109
16e72e9b 110static int set_brk(unsigned long start, unsigned long end, int prot)
1da177e4
LT		 111{
112 start = ELF_PAGEALIGN(start);
113 end = ELF_PAGEALIGN(end);
114 if (end > start) {
16e72e9b
DV		 115 /*
116 * Map the last of the bss segment.
117 * If the header is requesting these pages to be
118 * executable, honour that (ppc32 needs this).
119 */
120 int error = vm_brk_flags(start, end - start,
121 prot & PROT_EXEC ? VM_EXEC : 0);
5d22fc25
LT		 122 if (error)
123 return error;
1da177e4
LT		 124 }
125 current->mm->start_brk = current->mm->brk = end;
126 return 0;
127}
128
1da177e4
LT		 129/* We need to explicitly zero any fractional pages
130 after the data section (i.e. bss). This would
131 contain the junk from the file that should not
f4e5cc2c
JJ		 132 be in memory
133 */
1da177e4
LT		 134static int padzero(unsigned long elf_bss)
135{
136 unsigned long nbyte;
137
138 nbyte = ELF_PAGEOFFSET(elf_bss);
139 if (nbyte) {
140 nbyte = ELF_MIN_ALIGN - nbyte;
141 if (clear_user((void __user *) elf_bss, nbyte))
142 return -EFAULT;
143 }
144 return 0;
145}
146
09c6dd3c 147/* Let's use some macros to make this stack manipulation a little clearer */
1da177e4
LT		 148#ifdef CONFIG_STACK_GROWSUP
149#define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) + (items))
150#define STACK_ROUND(sp, items) \
151 ((15 + (unsigned long) ((sp) + (items))) &~ 15UL)
f4e5cc2c
JJ		 152#define STACK_ALLOC(sp, len) ({ \
153 elf_addr_t __user *old_sp = (elf_addr_t __user *)sp; sp += len; \
154 old_sp; })
1da177e4
LT		 155#else
156#define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) - (items))
157#define STACK_ROUND(sp, items) \
158 (((unsigned long) (sp - items)) &~ 15UL)
159#define STACK_ALLOC(sp, len) ({ sp -= len ; sp; })
160#endif
161
483fad1c
NL		 162#ifndef ELF_BASE_PLATFORM
163/*
164 * AT_BASE_PLATFORM indicates the "real" hardware/microarchitecture.
165 * If the arch defines ELF_BASE_PLATFORM (in asm/elf.h), the value
166 * will be copied to the user stack in the same manner as AT_PLATFORM.
167 */
168#define ELF_BASE_PLATFORM NULL
169#endif
170
1da177e4 171static int
a62c5b1b
AD		 172create_elf_tables(struct linux_binprm *bprm, const struct elfhdr *exec,
173 unsigned long load_addr, unsigned long interp_load_addr,
174 unsigned long e_entry)
1da177e4 175{
03c6d723 176 struct mm_struct *mm = current->mm;
1da177e4
LT		 177 unsigned long p = bprm->p;
178 int argc = bprm->argc;
179 int envc = bprm->envc;
1da177e4
LT		 180 elf_addr_t __user *sp;
181 elf_addr_t __user *u_platform;
483fad1c 182 elf_addr_t __user *u_base_platform;
f06295b4 183 elf_addr_t __user *u_rand_bytes;
1da177e4 184 const char *k_platform = ELF_PLATFORM;
483fad1c 185 const char *k_base_platform = ELF_BASE_PLATFORM;
f06295b4 186 unsigned char k_rand_bytes[16];
1da177e4
LT		 187 int items;
188 elf_addr_t *elf_info;
1f83d806 189 int ei_index;
86a264ab 190 const struct cred *cred = current_cred();
b6a2fea3 191 struct vm_area_struct *vma;
1da177e4 192
d68c9d6a
FBH		 193 /*
194 * In some cases (e.g. Hyper-Threading), we want to avoid L1
195 * evictions by the processes running on the same package. One
196 * thing we can do is to shuffle the initial stack for them.
197 */
198
199 p = arch_align_stack(p);
200
1da177e4
LT		 201 /*
202 * If this architecture has a platform capability string, copy it
203 * to userspace. In some cases (Sparc), this info is impossible
204 * for userspace to get any other way, in others (i386) it is
205 * merely difficult.
206 */
1da177e4
LT		 207 u_platform = NULL;
208 if (k_platform) {
209 size_t len = strlen(k_platform) + 1;
210
1da177e4 211 u_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
646e84de 212 if (copy_to_user(u_platform, k_platform, len))
1da177e4
LT		 213 return -EFAULT;
214 }
215
483fad1c
NL		 216 /*
217 * If this architecture has a "base" platform capability
218 * string, copy it to userspace.
219 */
220 u_base_platform = NULL;
221 if (k_base_platform) {
222 size_t len = strlen(k_base_platform) + 1;
223
224 u_base_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
646e84de 225 if (copy_to_user(u_base_platform, k_base_platform, len))
483fad1c
NL		 226 return -EFAULT;
227 }
228
f06295b4
KC		 229 /*
230 * Generate 16 random bytes for userspace PRNG seeding.
231 */
232 get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes));
233 u_rand_bytes = (elf_addr_t __user *)
234 STACK_ALLOC(p, sizeof(k_rand_bytes));
646e84de 235 if (copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes)))
f06295b4
KC		 236 return -EFAULT;
237
1da177e4 238 /* Create the ELF interpreter info */
03c6d723 239 elf_info = (elf_addr_t *)mm->saved_auxv;
4f9a58d7 240 /* update AT_VECTOR_SIZE_BASE if the number of NEW_AUX_ENT() changes */
1da177e4 241#define NEW_AUX_ENT(id, val) \
f4e5cc2c 242 do { \
1f83d806
AD		 243 *elf_info++ = id; \
244 *elf_info++ = val; \
f4e5cc2c 245 } while (0)
1da177e4
LT		 246
247#ifdef ARCH_DLINFO
248 /*
249 * ARCH_DLINFO must come first so PPC can do its special alignment of
250 * AUXV.
4f9a58d7
OH		 251 * update AT_VECTOR_SIZE_ARCH if the number of NEW_AUX_ENT() in
252 * ARCH_DLINFO changes
1da177e4
LT		 253 */
254 ARCH_DLINFO;
255#endif
256 NEW_AUX_ENT(AT_HWCAP, ELF_HWCAP);
257 NEW_AUX_ENT(AT_PAGESZ, ELF_EXEC_PAGESIZE);
258 NEW_AUX_ENT(AT_CLKTCK, CLOCKS_PER_SEC);
259 NEW_AUX_ENT(AT_PHDR, load_addr + exec->e_phoff);
f4e5cc2c 260 NEW_AUX_ENT(AT_PHENT, sizeof(struct elf_phdr));
1da177e4
LT		 261 NEW_AUX_ENT(AT_PHNUM, exec->e_phnum);
262 NEW_AUX_ENT(AT_BASE, interp_load_addr);
263 NEW_AUX_ENT(AT_FLAGS, 0);
a62c5b1b 264 NEW_AUX_ENT(AT_ENTRY, e_entry);
ebc887b2
EB		 265 NEW_AUX_ENT(AT_UID, from_kuid_munged(cred->user_ns, cred->uid));
266 NEW_AUX_ENT(AT_EUID, from_kuid_munged(cred->user_ns, cred->euid));
267 NEW_AUX_ENT(AT_GID, from_kgid_munged(cred->user_ns, cred->gid));
268 NEW_AUX_ENT(AT_EGID, from_kgid_munged(cred->user_ns, cred->egid));
c425e189 269 NEW_AUX_ENT(AT_SECURE, bprm->secureexec);
f06295b4 270 NEW_AUX_ENT(AT_RANDOM, (elf_addr_t)(unsigned long)u_rand_bytes);
2171364d
MN		 271#ifdef ELF_HWCAP2
272 NEW_AUX_ENT(AT_HWCAP2, ELF_HWCAP2);
273#endif
65191087 274 NEW_AUX_ENT(AT_EXECFN, bprm->exec);
1da177e4 275 if (k_platform) {
f4e5cc2c 276 NEW_AUX_ENT(AT_PLATFORM,
785d5570 277 (elf_addr_t)(unsigned long)u_platform);
1da177e4 278 }
483fad1c
NL		 279 if (k_base_platform) {
280 NEW_AUX_ENT(AT_BASE_PLATFORM,
281 (elf_addr_t)(unsigned long)u_base_platform);
282 }
b8a61c9e
EB		 283 if (bprm->have_execfd) {
284 NEW_AUX_ENT(AT_EXECFD, bprm->execfd);
1da177e4
LT		 285 }
286#undef NEW_AUX_ENT
287 /* AT_NULL is zero; clear the rest too */
03c6d723
AD		 288 memset(elf_info, 0, (char *)mm->saved_auxv +
289 sizeof(mm->saved_auxv) - (char *)elf_info);
1da177e4
LT		 290
291 /* And advance past the AT_NULL entry. */
1f83d806 292 elf_info += 2;
1da177e4 293
03c6d723 294 ei_index = elf_info - (elf_addr_t *)mm->saved_auxv;
1da177e4
LT		 295 sp = STACK_ADD(p, ei_index);
296
d20894a2 297 items = (argc + 1) + (envc + 1) + 1;
1da177e4
LT		 298 bprm->p = STACK_ROUND(sp, items);
299
300 /* Point sp at the lowest address on the stack */
301#ifdef CONFIG_STACK_GROWSUP
302 sp = (elf_addr_t __user *)bprm->p - items - ei_index;
f4e5cc2c 303 bprm->exec = (unsigned long)sp; /* XXX: PARISC HACK */
1da177e4
LT		 304#else
305 sp = (elf_addr_t __user *)bprm->p;
306#endif
307
b6a2fea3
OW		 308
309 /*
310 * Grow the stack manually; some architectures have a limit on how
311 * far ahead a user-space access may be in order to grow the stack.
312 */
03c6d723 313 vma = find_extend_vma(mm, bprm->p);
b6a2fea3
OW		 314 if (!vma)
315 return -EFAULT;
316
1da177e4 317 /* Now, let's put argc (and argv, envp if appropriate) on the stack */
646e84de 318 if (put_user(argc, sp++))
1da177e4 319 return -EFAULT;
1da177e4 320
67c6777a 321 /* Populate list of argv pointers back to argv strings. */
03c6d723 322 p = mm->arg_end = mm->arg_start;
1da177e4
LT		 323 while (argc-- > 0) {
324 size_t len;
646e84de 325 if (put_user((elf_addr_t)p, sp++))
841d5fb7 326 return -EFAULT;
b6a2fea3
OW		 327 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
328 if (!len || len > MAX_ARG_STRLEN)
23c4971e 329 return -EINVAL;
1da177e4
LT		 330 p += len;
331 }
646e84de 332 if (put_user(0, sp++))
1da177e4 333 return -EFAULT;
03c6d723 334 mm->arg_end = p;
67c6777a
KC		 335
336 /* Populate list of envp pointers back to envp strings. */
03c6d723 337 mm->env_end = mm->env_start = p;
1da177e4
LT		 338 while (envc-- > 0) {
339 size_t len;
646e84de 340 if (put_user((elf_addr_t)p, sp++))
841d5fb7 341 return -EFAULT;
b6a2fea3
OW		 342 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
343 if (!len || len > MAX_ARG_STRLEN)
23c4971e 344 return -EINVAL;
1da177e4
LT		 345 p += len;
346 }
646e84de 347 if (put_user(0, sp++))
1da177e4 348 return -EFAULT;
03c6d723 349 mm->env_end = p;
1da177e4
LT		 350
351 /* Put the elf_info on the stack in the right place. */
03c6d723 352 if (copy_to_user(sp, mm->saved_auxv, ei_index * sizeof(elf_addr_t)))
1da177e4
LT		 353 return -EFAULT;
354 return 0;
355}
356
1da177e4 357static unsigned long elf_map(struct file *filep, unsigned long addr,
49ac9819 358 const struct elf_phdr *eppnt, int prot, int type,
cc503c1b 359 unsigned long total_size)
1da177e4
LT		 360{
361 unsigned long map_addr;
cc503c1b
JK		 362 unsigned long size = eppnt->p_filesz + ELF_PAGEOFFSET(eppnt->p_vaddr);
363 unsigned long off = eppnt->p_offset - ELF_PAGEOFFSET(eppnt->p_vaddr);
364 addr = ELF_PAGESTART(addr);
365 size = ELF_PAGEALIGN(size);
1da177e4 366
dda6ebde
DG		 367 /* mmap() will return -EINVAL if given a zero size, but a
368 * segment with zero filesize is perfectly valid */
cc503c1b
JK		 369 if (!size)
370 return addr;
371
cc503c1b
JK		 372 /*
373 * total_size is the size of the ELF (interpreter) image.
374 * The _first_ mmap needs to know the full size, otherwise
375 * randomization might put this image into an overlapping
376 * position with the ELF binary image. (since size < total_size)
377 * So we first map the 'big' image - and unmap the remainder at
378 * the end. (which unmap is needed for ELF images with holes.)
379 */
380 if (total_size) {
381 total_size = ELF_PAGEALIGN(total_size);
5a5e4c2e 382 map_addr = vm_mmap(filep, addr, total_size, prot, type, off);
cc503c1b 383 if (!BAD_ADDR(map_addr))
5a5e4c2e 384 vm_munmap(map_addr+size, total_size-size);
cc503c1b 385 } else
5a5e4c2e 386 map_addr = vm_mmap(filep, addr, size, prot, type, off);
cc503c1b 387
d23a61ee
TH		 388 if ((type & MAP_FIXED_NOREPLACE) &&
389 PTR_ERR((void *)map_addr) == -EEXIST)
390 pr_info("%d (%s): Uhuuh, elf segment at %px requested but the memory is mapped already\n",
391 task_pid_nr(current), current->comm, (void *)addr);
4ed28639 392
1da177e4
LT		 393 return(map_addr);
394}
395
49ac9819 396static unsigned long total_mapping_size(const struct elf_phdr *cmds, int nr)
cc503c1b
JK		 397{
398 int i, first_idx = -1, last_idx = -1;
399
400 for (i = 0; i < nr; i++) {
401 if (cmds[i].p_type == PT_LOAD) {
402 last_idx = i;
403 if (first_idx == -1)
404 first_idx = i;
405 }
406 }
407 if (first_idx == -1)
408 return 0;
409
410 return cmds[last_idx].p_vaddr + cmds[last_idx].p_memsz -
411 ELF_PAGESTART(cmds[first_idx].p_vaddr);
412}
413
658c0335
AD		 414static int elf_read(struct file *file, void *buf, size_t len, loff_t pos)
415{
416 ssize_t rv;
417
418 rv = kernel_read(file, buf, len, &pos);
419 if (unlikely(rv != len)) {
420 return (rv < 0) ? rv : -EIO;
421 }
422 return 0;
423}
424
ce81bb25
CK		 425static unsigned long maximum_alignment(struct elf_phdr *cmds, int nr)
426{
427 unsigned long alignment = 0;
428 int i;
429
430 for (i = 0; i < nr; i++) {
431 if (cmds[i].p_type == PT_LOAD) {
432 unsigned long p_align = cmds[i].p_align;
433
434 /* skip non-power of two alignments as invalid */
435 if (!is_power_of_2(p_align))
436 continue;
437 alignment = max(alignment, p_align);
438 }
439 }
440
441 /* ensure we align to at least one page */
442 return ELF_PAGEALIGN(alignment);
443}
444
6a8d3894
PB		 445/**
446 * load_elf_phdrs() - load ELF program headers
447 * @elf_ex: ELF header of the binary whose program headers should be loaded
448 * @elf_file: the opened ELF binary file
449 *
450 * Loads ELF program headers from the binary file elf_file, which has the ELF
451 * header pointed to by elf_ex, into a newly allocated array. The caller is
452 * responsible for freeing the allocated data. Returns an ERR_PTR upon failure.
453 */
49ac9819 454static struct elf_phdr *load_elf_phdrs(const struct elfhdr *elf_ex,
6a8d3894
PB		 455 struct file *elf_file)
456{
457 struct elf_phdr *elf_phdata = NULL;
faf1c315 458 int retval, err = -1;
faf1c315 459 unsigned int size;
6a8d3894
PB		 460
461 /*
462 * If the size of this structure has changed, then punt, since
463 * we will be doing the wrong thing.
464 */
465 if (elf_ex->e_phentsize != sizeof(struct elf_phdr))
466 goto out;
467
468 /* Sanity check the number of program headers... */
6a8d3894
PB		 469 /* ...and their total size. */
470 size = sizeof(struct elf_phdr) * elf_ex->e_phnum;
faf1c315 471 if (size == 0 || size > 65536 || size > ELF_MIN_ALIGN)
6a8d3894
PB		 472 goto out;
473
474 elf_phdata = kmalloc(size, GFP_KERNEL);
475 if (!elf_phdata)
476 goto out;
477
478 /* Read in the program headers */
658c0335
AD		 479 retval = elf_read(elf_file, elf_phdata, size, elf_ex->e_phoff);
480 if (retval < 0) {
481 err = retval;
6a8d3894
PB		 482 goto out;
483 }
484
485 /* Success! */
486 err = 0;
487out:
488 if (err) {
489 kfree(elf_phdata);
490 elf_phdata = NULL;
491 }
492 return elf_phdata;
493}
cc503c1b 494
774c105e
PB		 495#ifndef CONFIG_ARCH_BINFMT_ELF_STATE
496
497/**
498 * struct arch_elf_state - arch-specific ELF loading state
499 *
500 * This structure is used to preserve architecture specific data during
501 * the loading of an ELF file, throughout the checking of architecture
502 * specific ELF headers & through to the point where the ELF load is
503 * known to be proceeding (ie. SET_PERSONALITY).
504 *
505 * This implementation is a dummy for architectures which require no
506 * specific state.
507 */
508struct arch_elf_state {
509};
510
511#define INIT_ARCH_ELF_STATE {}
512
513/**
514 * arch_elf_pt_proc() - check a PT_LOPROC..PT_HIPROC ELF program header
515 * @ehdr: The main ELF header
516 * @phdr: The program header to check
517 * @elf: The open ELF file
518 * @is_interp: True if the phdr is from the interpreter of the ELF being
519 * loaded, else false.
520 * @state: Architecture-specific state preserved throughout the process
521 * of loading the ELF.
522 *
523 * Inspects the program header phdr to validate its correctness and/or
524 * suitability for the system. Called once per ELF program header in the
525 * range PT_LOPROC to PT_HIPROC, for both the ELF being loaded and its
526 * interpreter.
527 *
528 * Return: Zero to proceed with the ELF load, non-zero to fail the ELF load
529 * with that return code.
530 */
531static inline int arch_elf_pt_proc(struct elfhdr *ehdr,
532 struct elf_phdr *phdr,
533 struct file *elf, bool is_interp,
534 struct arch_elf_state *state)
535{
536 /* Dummy implementation, always proceed */
537 return 0;
538}
539
540/**
54d15714 541 * arch_check_elf() - check an ELF executable
774c105e
PB		 542 * @ehdr: The main ELF header
543 * @has_interp: True if the ELF has an interpreter, else false.
eb4bc076 544 * @interp_ehdr: The interpreter's ELF header
774c105e
PB		 545 * @state: Architecture-specific state preserved throughout the process
546 * of loading the ELF.
547 *
548 * Provides a final opportunity for architecture code to reject the loading
549 * of the ELF & cause an exec syscall to return an error. This is called after
550 * all program headers to be checked by arch_elf_pt_proc have been.
551 *
552 * Return: Zero to proceed with the ELF load, non-zero to fail the ELF load
553 * with that return code.
554 */
555static inline int arch_check_elf(struct elfhdr *ehdr, bool has_interp,
eb4bc076 556 struct elfhdr *interp_ehdr,
774c105e
PB		 557 struct arch_elf_state *state)
558{
559 /* Dummy implementation, always proceed */
560 return 0;
561}
562
563#endif /* !CONFIG_ARCH_BINFMT_ELF_STATE */
cc503c1b 564
fe0f6766
DM		 565static inline int make_prot(u32 p_flags, struct arch_elf_state *arch_state,
566 bool has_interp, bool is_interp)
d8e7cb39
AD		 567{
568 int prot = 0;
569
570 if (p_flags & PF_R)
571 prot |= PROT_READ;
572 if (p_flags & PF_W)
573 prot |= PROT_WRITE;
574 if (p_flags & PF_X)
575 prot |= PROT_EXEC;
fe0f6766
DM		 576
577 return arch_elf_adjust_prot(prot, arch_state, has_interp, is_interp);
d8e7cb39
AD		 578}
579
1da177e4
LT		 580/* This is much more generalized than the library routine read function,
581 so we keep this separate. Technically the library read function
582 is only provided so that we can read a.out libraries that have
583 an ELF header */
584
f4e5cc2c 585static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
81696d5d 586 struct file *interpreter,
fe0f6766
DM		 587 unsigned long no_base, struct elf_phdr *interp_elf_phdata,
588 struct arch_elf_state *arch_state)
1da177e4 589{
1da177e4
LT		 590 struct elf_phdr *eppnt;
591 unsigned long load_addr = 0;
592 int load_addr_set = 0;
593 unsigned long last_bss = 0, elf_bss = 0;
16e72e9b 594 int bss_prot = 0;
1da177e4 595 unsigned long error = ~0UL;
cc503c1b 596 unsigned long total_size;
6a8d3894 597 int i;
1da177e4
LT		 598
599 /* First of all, some simple consistency checks */
600 if (interp_elf_ex->e_type != ET_EXEC &&
601 interp_elf_ex->e_type != ET_DYN)
602 goto out;
4755200b
NP		 603 if (!elf_check_arch(interp_elf_ex) ||
604 elf_check_fdpic(interp_elf_ex))
1da177e4 605 goto out;
72c2d531 606 if (!interpreter->f_op->mmap)
1da177e4
LT		 607 goto out;
608
a9d9ef13
PB		 609 total_size = total_mapping_size(interp_elf_phdata,
610 interp_elf_ex->e_phnum);
cc503c1b
JK		 611 if (!total_size) {
612 error = -EINVAL;
a9d9ef13 613 goto out;
cc503c1b
JK		 614 }
615
a9d9ef13 616 eppnt = interp_elf_phdata;
f4e5cc2c
JJ		 617 for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) {
618 if (eppnt->p_type == PT_LOAD) {
619 int elf_type = MAP_PRIVATE | MAP_DENYWRITE;
fe0f6766
DM		 620 int elf_prot = make_prot(eppnt->p_flags, arch_state,
621 true, true);
f4e5cc2c
JJ		 622 unsigned long vaddr = 0;
623 unsigned long k, map_addr;
624
f4e5cc2c
JJ		 625 vaddr = eppnt->p_vaddr;
626 if (interp_elf_ex->e_type == ET_EXEC || load_addr_set)
4ed28639 627 elf_type |= MAP_FIXED_NOREPLACE;
cc503c1b
JK		 628 else if (no_base && interp_elf_ex->e_type == ET_DYN)
629 load_addr = -vaddr;
f4e5cc2c
JJ		 630
631 map_addr = elf_map(interpreter, load_addr + vaddr,
bb1ad820 632 eppnt, elf_prot, elf_type, total_size);
cc503c1b 633 total_size = 0;
f4e5cc2c
JJ		 634 error = map_addr;
635 if (BAD_ADDR(map_addr))
a9d9ef13 636 goto out;
f4e5cc2c
JJ		 637
638 if (!load_addr_set &&
639 interp_elf_ex->e_type == ET_DYN) {
640 load_addr = map_addr - ELF_PAGESTART(vaddr);
641 load_addr_set = 1;
642 }
643
644 /*
645 * Check to see if the section's size will overflow the
646 * allowed task size. Note that p_filesz must always be
647 * <= p_memsize so it's only necessary to check p_memsz.
648 */
649 k = load_addr + eppnt->p_vaddr;
ce51059b 650 if (BAD_ADDR(k) ||
f4e5cc2c
JJ		 651 eppnt->p_filesz > eppnt->p_memsz ||
652 eppnt->p_memsz > TASK_SIZE ||
653 TASK_SIZE - eppnt->p_memsz < k) {
654 error = -ENOMEM;
a9d9ef13 655 goto out;
f4e5cc2c
JJ		 656 }
657
658 /*
659 * Find the end of the file mapping for this phdr, and
660 * keep track of the largest address we see for this.
661 */
662 k = load_addr + eppnt->p_vaddr + eppnt->p_filesz;
663 if (k > elf_bss)
664 elf_bss = k;
665
666 /*
667 * Do the same thing for the memory mapping - between
668 * elf_bss and last_bss is the bss section.
669 */
0036d1f7 670 k = load_addr + eppnt->p_vaddr + eppnt->p_memsz;
16e72e9b 671 if (k > last_bss) {
f4e5cc2c 672 last_bss = k;
16e72e9b
DV		 673 bss_prot = elf_prot;
674 }
f4e5cc2c 675 }
1da177e4
LT		 676 }
677
0036d1f7
KC		 678 /*
679 * Now fill out the bss section: first pad the last page from
680 * the file up to the page boundary, and zero it from elf_bss
681 * up to the end of the page.
682 */
683 if (padzero(elf_bss)) {
684 error = -EFAULT;
685 goto out;
686 }
687 /*
688 * Next, align both the file and mem bss up to the page size,
689 * since this is where elf_bss was just zeroed up to, and where
16e72e9b 690 * last_bss will end after the vm_brk_flags() below.
0036d1f7
KC		 691 */
692 elf_bss = ELF_PAGEALIGN(elf_bss);
693 last_bss = ELF_PAGEALIGN(last_bss);
694 /* Finally, if there is still more bss to allocate, do it. */
752015d1 695 if (last_bss > elf_bss) {
16e72e9b
DV		 696 error = vm_brk_flags(elf_bss, last_bss - elf_bss,
697 bss_prot & PROT_EXEC ? VM_EXEC : 0);
5d22fc25 698 if (error)
a9d9ef13 699 goto out;
1da177e4
LT		 700 }
701
cc503c1b 702 error = load_addr;
1da177e4
LT		 703out:
704 return error;
705}
706
1da177e4
LT		 707/*
708 * These are the functions used to load ELF style executables and shared
709 * libraries. There is no binary dependent code anywhere else.
710 */
711
00e19cee
DM		 712static int parse_elf_property(const char *data, size_t *off, size_t datasz,
713 struct arch_elf_state *arch,
714 bool have_prev_type, u32 *prev_type)
715{
716 size_t o, step;
717 const struct gnu_property *pr;
718 int ret;
719
720 if (*off == datasz)
721 return -ENOENT;
722
723 if (WARN_ON_ONCE(*off > datasz || *off % ELF_GNU_PROPERTY_ALIGN))
724 return -EIO;
725 o = *off;
726 datasz -= *off;
727
728 if (datasz < sizeof(*pr))
729 return -ENOEXEC;
730 pr = (const struct gnu_property *)(data + o);
731 o += sizeof(*pr);
732 datasz -= sizeof(*pr);
733
734 if (pr->pr_datasz > datasz)
735 return -ENOEXEC;
736
737 WARN_ON_ONCE(o % ELF_GNU_PROPERTY_ALIGN);
738 step = round_up(pr->pr_datasz, ELF_GNU_PROPERTY_ALIGN);
739 if (step > datasz)
740 return -ENOEXEC;
741
742 /* Properties are supposed to be unique and sorted on pr_type: */
743 if (have_prev_type && pr->pr_type <= *prev_type)
744 return -ENOEXEC;
745 *prev_type = pr->pr_type;
746
747 ret = arch_parse_elf_property(pr->pr_type, data + o,
748 pr->pr_datasz, ELF_COMPAT, arch);
749 if (ret)
750 return ret;
751
752 *off = o + step;
753 return 0;
754}
755
756#define NOTE_DATA_SZ SZ_1K
757#define GNU_PROPERTY_TYPE_0_NAME "GNU"
758#define NOTE_NAME_SZ (sizeof(GNU_PROPERTY_TYPE_0_NAME))
759
760static int parse_elf_properties(struct file *f, const struct elf_phdr *phdr,
761 struct arch_elf_state *arch)
762{
763 union {
764 struct elf_note nhdr;
765 char data[NOTE_DATA_SZ];
766 } note;
767 loff_t pos;
768 ssize_t n;
769 size_t off, datasz;
770 int ret;
771 bool have_prev_type;
772 u32 prev_type;
773
774 if (!IS_ENABLED(CONFIG_ARCH_USE_GNU_PROPERTY) || !phdr)
775 return 0;
776
777 /* load_elf_binary() shouldn't call us unless this is true... */
778 if (WARN_ON_ONCE(phdr->p_type != PT_GNU_PROPERTY))
779 return -ENOEXEC;
780
781 /* If the properties are crazy large, that's too bad (for now): */
782 if (phdr->p_filesz > sizeof(note))
783 return -ENOEXEC;
784
785 pos = phdr->p_offset;
786 n = kernel_read(f, &note, phdr->p_filesz, &pos);
787
788 BUILD_BUG_ON(sizeof(note) < sizeof(note.nhdr) + NOTE_NAME_SZ);
789 if (n < 0 || n < sizeof(note.nhdr) + NOTE_NAME_SZ)
790 return -EIO;
791
792 if (note.nhdr.n_type != NT_GNU_PROPERTY_TYPE_0 ||
793 note.nhdr.n_namesz != NOTE_NAME_SZ ||
794 strncmp(note.data + sizeof(note.nhdr),
795 GNU_PROPERTY_TYPE_0_NAME, n - sizeof(note.nhdr)))
796 return -ENOEXEC;
797
798 off = round_up(sizeof(note.nhdr) + NOTE_NAME_SZ,
799 ELF_GNU_PROPERTY_ALIGN);
800 if (off > n)
801 return -ENOEXEC;
802
803 if (note.nhdr.n_descsz > n - off)
804 return -ENOEXEC;
805 datasz = off + note.nhdr.n_descsz;
806
807 have_prev_type = false;
808 do {
809 ret = parse_elf_property(note.data, &off, datasz, arch,
810 have_prev_type, &prev_type);
811 have_prev_type = true;
812 } while (!ret);
813
814 return ret == -ENOENT ? 0 : ret;
815}
816
71613c3b 817static int load_elf_binary(struct linux_binprm *bprm)
1da177e4
LT		 818{
819 struct file *interpreter = NULL; /* to shut gcc up */
820 unsigned long load_addr = 0, load_bias = 0;
821 int load_addr_set = 0;
1da177e4 822 unsigned long error;
a9d9ef13 823 struct elf_phdr *elf_ppnt, *elf_phdata, *interp_elf_phdata = NULL;
00e19cee 824 struct elf_phdr *elf_property_phdata = NULL;
1da177e4 825 unsigned long elf_bss, elf_brk;
16e72e9b 826 int bss_prot = 0;
1da177e4 827 int retval, i;
cc503c1b 828 unsigned long elf_entry;
a62c5b1b 829 unsigned long e_entry;
cc503c1b 830 unsigned long interp_load_addr = 0;
1da177e4 831 unsigned long start_code, end_code, start_data, end_data;
1a530a6f 832 unsigned long reloc_func_desc __maybe_unused = 0;
8de61e69 833 int executable_stack = EXSTACK_DEFAULT;
a62c5b1b 834 struct elfhdr *elf_ex = (struct elfhdr *)bprm->buf;
0693ffeb 835 struct elfhdr *interp_elf_ex = NULL;
774c105e 836 struct arch_elf_state arch_state = INIT_ARCH_ELF_STATE;
03c6d723 837 struct mm_struct *mm;
249b08e4 838 struct pt_regs *regs;
1da177e4 839
1da177e4
LT		 840 retval = -ENOEXEC;
841 /* First of all, some simple consistency checks */
a62c5b1b 842 if (memcmp(elf_ex->e_ident, ELFMAG, SELFMAG) != 0)
1da177e4
LT		 843 goto out;
844
a62c5b1b 845 if (elf_ex->e_type != ET_EXEC && elf_ex->e_type != ET_DYN)
1da177e4 846 goto out;
a62c5b1b 847 if (!elf_check_arch(elf_ex))
1da177e4 848 goto out;
a62c5b1b 849 if (elf_check_fdpic(elf_ex))
4755200b 850 goto out;
72c2d531 851 if (!bprm->file->f_op->mmap)
1da177e4
LT		 852 goto out;
853
a62c5b1b 854 elf_phdata = load_elf_phdrs(elf_ex, bprm->file);
1da177e4
LT		 855 if (!elf_phdata)
856 goto out;
857
1da177e4 858 elf_ppnt = elf_phdata;
a62c5b1b 859 for (i = 0; i < elf_ex->e_phnum; i++, elf_ppnt++) {
be0deb58 860 char *elf_interpreter;
1da177e4 861
00e19cee
DM		 862 if (elf_ppnt->p_type == PT_GNU_PROPERTY) {
863 elf_property_phdata = elf_ppnt;
864 continue;
865 }
866
be0deb58
AD		 867 if (elf_ppnt->p_type != PT_INTERP)
868 continue;
1fb84496 869
be0deb58
AD		 870 /*
871 * This is the program interpreter used for shared libraries -
872 * for now assume that this is an a.out format binary.
873 */
874 retval = -ENOEXEC;
875 if (elf_ppnt->p_filesz > PATH_MAX || elf_ppnt->p_filesz < 2)
876 goto out_free_ph;
1da177e4 877
be0deb58
AD		 878 retval = -ENOMEM;
879 elf_interpreter = kmalloc(elf_ppnt->p_filesz, GFP_KERNEL);
880 if (!elf_interpreter)
881 goto out_free_ph;
cc338010 882
658c0335
AD		 883 retval = elf_read(bprm->file, elf_interpreter, elf_ppnt->p_filesz,
884 elf_ppnt->p_offset);
885 if (retval < 0)
be0deb58 886 goto out_free_interp;
be0deb58
AD		 887 /* make sure path is NULL terminated */
888 retval = -ENOEXEC;
889 if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0')
890 goto out_free_interp;
891
892 interpreter = open_exec(elf_interpreter);
893 kfree(elf_interpreter);
894 retval = PTR_ERR(interpreter);
895 if (IS_ERR(interpreter))
cc338010 896 goto out_free_ph;
be0deb58
AD		 897
898 /*
899 * If the binary is not readable then enforce mm->dumpable = 0
900 * regardless of the interpreter's permissions.
901 */
902 would_dump(bprm, interpreter);
903
0693ffeb
AD		 904 interp_elf_ex = kmalloc(sizeof(*interp_elf_ex), GFP_KERNEL);
905 if (!interp_elf_ex) {
906 retval = -ENOMEM;
907 goto out_free_ph;
908 }
909
be0deb58 910 /* Get the exec headers */
c69bcc93
AD		 911 retval = elf_read(interpreter, interp_elf_ex,
912 sizeof(*interp_elf_ex), 0);
658c0335 913 if (retval < 0)
be0deb58 914 goto out_free_dentry;
be0deb58
AD		 915
916 break;
917
918out_free_interp:
919 kfree(elf_interpreter);
920 goto out_free_ph;
1da177e4
LT		 921 }
922
923 elf_ppnt = elf_phdata;
a62c5b1b 924 for (i = 0; i < elf_ex->e_phnum; i++, elf_ppnt++)
774c105e
PB		 925 switch (elf_ppnt->p_type) {
926 case PT_GNU_STACK:
1da177e4
LT		 927 if (elf_ppnt->p_flags & PF_X)
928 executable_stack = EXSTACK_ENABLE_X;
929 else
930 executable_stack = EXSTACK_DISABLE_X;
931 break;
774c105e
PB		 932
933 case PT_LOPROC ... PT_HIPROC:
a62c5b1b 934 retval = arch_elf_pt_proc(elf_ex, elf_ppnt,
774c105e
PB		 935 bprm->file, false,
936 &arch_state);
937 if (retval)
938 goto out_free_dentry;
939 break;
1da177e4 940 }
1da177e4
LT		 941
942 /* Some simple consistency checks for the interpreter */
cc338010 943 if (interpreter) {
1da177e4 944 retval = -ELIBBAD;
d20894a2 945 /* Not an ELF interpreter */
c69bcc93 946 if (memcmp(interp_elf_ex->e_ident, ELFMAG, SELFMAG) != 0)
1da177e4 947 goto out_free_dentry;
1da177e4 948 /* Verify the interpreter has a valid arch */
c69bcc93
AD		 949 if (!elf_check_arch(interp_elf_ex) ||
950 elf_check_fdpic(interp_elf_ex))
1da177e4 951 goto out_free_dentry;
a9d9ef13
PB		 952
953 /* Load the interpreter program headers */
c69bcc93 954 interp_elf_phdata = load_elf_phdrs(interp_elf_ex,
a9d9ef13
PB		 955 interpreter);
956 if (!interp_elf_phdata)
957 goto out_free_dentry;
774c105e
PB		 958
959 /* Pass PT_LOPROC..PT_HIPROC headers to arch code */
00e19cee 960 elf_property_phdata = NULL;
774c105e 961 elf_ppnt = interp_elf_phdata;
c69bcc93 962 for (i = 0; i < interp_elf_ex->e_phnum; i++, elf_ppnt++)
774c105e 963 switch (elf_ppnt->p_type) {
00e19cee
DM		 964 case PT_GNU_PROPERTY:
965 elf_property_phdata = elf_ppnt;
966 break;
967
774c105e 968 case PT_LOPROC ... PT_HIPROC:
c69bcc93 969 retval = arch_elf_pt_proc(interp_elf_ex,
774c105e
PB		 970 elf_ppnt, interpreter,
971 true, &arch_state);
972 if (retval)
973 goto out_free_dentry;
974 break;
975 }
1da177e4
LT		 976 }
977
00e19cee
DM		 978 retval = parse_elf_properties(interpreter ?: bprm->file,
979 elf_property_phdata, &arch_state);
980 if (retval)
981 goto out_free_dentry;
982
774c105e
PB		 983 /*
984 * Allow arch code to reject the ELF at this point, whilst it's
985 * still possible to return an error to the code that invoked
986 * the exec syscall.
987 */
a62c5b1b 988 retval = arch_check_elf(elf_ex,
c69bcc93 989 !!interpreter, interp_elf_ex,
eb4bc076 990 &arch_state);
774c105e
PB		 991 if (retval)
992 goto out_free_dentry;
993
1da177e4 994 /* Flush all traces of the currently running executable */
2388777a 995 retval = begin_new_exec(bprm);
1da177e4
LT		 996 if (retval)
997 goto out_free_dentry;
998
1da177e4
LT		 999 /* Do this immediately, since STACK_TOP as used in setup_arg_pages
1000 may depend on the personality. */
a62c5b1b
AD		 1001 SET_PERSONALITY2(*elf_ex, &arch_state);
1002 if (elf_read_implies_exec(*elf_ex, executable_stack))
1da177e4
LT		 1003 current->personality |= READ_IMPLIES_EXEC;
1004
f4e5cc2c 1005 if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
1da177e4 1006 current->flags |= PF_RANDOMIZE;
221af7f8
LT		 1007
1008 setup_new_exec(bprm);
1da177e4
LT		 1009
1010 /* Do this so that we can load the interpreter, if need be. We will
1011 change some of these later */
1da177e4
LT		 1012 retval = setup_arg_pages(bprm, randomize_stack_top(STACK_TOP),
1013 executable_stack);
19d860a1 1014 if (retval < 0)
1da177e4 1015 goto out_free_dentry;
1da177e4 1016
85264316
AD		 1017 elf_bss = 0;
1018 elf_brk = 0;
1019
1020 start_code = ~0UL;
1021 end_code = 0;
1022 start_data = 0;
1023 end_data = 0;
1024
af901ca1 1025 /* Now we do a little grungy work by mmapping the ELF image into
cc503c1b 1026 the correct location in memory. */
f4e5cc2c 1027 for(i = 0, elf_ppnt = elf_phdata;
a62c5b1b 1028 i < elf_ex->e_phnum; i++, elf_ppnt++) {
b212921b 1029 int elf_prot, elf_flags;
1da177e4 1030 unsigned long k, vaddr;
a87938b2 1031 unsigned long total_size = 0;
ce81bb25 1032 unsigned long alignment;
1da177e4
LT		 1033
1034 if (elf_ppnt->p_type != PT_LOAD)
1035 continue;
1036
1037 if (unlikely (elf_brk > elf_bss)) {
1038 unsigned long nbyte;
1039
1040 /* There was a PT_LOAD segment with p_memsz > p_filesz
1041 before this one. Map anonymous pages, if needed,
1042 and clear the area. */
f670d0ec 1043 retval = set_brk(elf_bss + load_bias,
16e72e9b
DV		 1044 elf_brk + load_bias,
1045 bss_prot);
19d860a1 1046 if (retval)
1da177e4 1047 goto out_free_dentry;
1da177e4
LT		 1048 nbyte = ELF_PAGEOFFSET(elf_bss);
1049 if (nbyte) {
1050 nbyte = ELF_MIN_ALIGN - nbyte;
1051 if (nbyte > elf_brk - elf_bss)
1052 nbyte = elf_brk - elf_bss;
1053 if (clear_user((void __user *)elf_bss +
1054 load_bias, nbyte)) {
1055 /*
1056 * This bss-zeroing can fail if the ELF
f4e5cc2c 1057 * file specifies odd protections. So
1da177e4
LT		 1058 * we don't check the return value
1059 */
1060 }
1061 }
1062 }
1063
fe0f6766
DM		 1064 elf_prot = make_prot(elf_ppnt->p_flags, &arch_state,
1065 !!interpreter, false);
1da177e4 1066
f4e5cc2c 1067 elf_flags = MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE;
1da177e4
LT		 1068
1069 vaddr = elf_ppnt->p_vaddr;
eab09532
KC		 1070 /*
1071 * If we are loading ET_EXEC or we have already performed
1072 * the ET_DYN load_addr calculations, proceed normally.
1073 */
a62c5b1b 1074 if (elf_ex->e_type == ET_EXEC || load_addr_set) {
b212921b 1075 elf_flags |= MAP_FIXED;
a62c5b1b 1076 } else if (elf_ex->e_type == ET_DYN) {
eab09532
KC		 1077 /*
1078 * This logic is run once for the first LOAD Program
1079 * Header for ET_DYN binaries to calculate the
1080 * randomization (load_bias) for all the LOAD
1081 * Program Headers, and to calculate the entire
1082 * size of the ELF mapping (total_size). (Note that
1083 * load_addr_set is set to true later once the
1084 * initial mapping is performed.)
1085 *
1086 * There are effectively two types of ET_DYN
1087 * binaries: programs (i.e. PIE: ET_DYN with INTERP)
1088 * and loaders (ET_DYN without INTERP, since they
1089 * _are_ the ELF interpreter). The loaders must
1090 * be loaded away from programs since the program
1091 * may otherwise collide with the loader (especially
1092 * for ET_EXEC which does not have a randomized
1093 * position). For example to handle invocations of
1094 * "./ld.so someprog" to test out a new version of
1095 * the loader, the subsequent program that the
1096 * loader loads must avoid the loader itself, so
1097 * they cannot share the same load range. Sufficient
1098 * room for the brk must be allocated with the
1099 * loader as well, since brk must be available with
1100 * the loader.
1101 *
1102 * Therefore, programs are loaded offset from
1103 * ELF_ET_DYN_BASE and loaders are loaded into the
1104 * independently randomized mmap region (0 load_bias
1105 * without MAP_FIXED).
1106 */
cc338010 1107 if (interpreter) {
eab09532
KC		 1108 load_bias = ELF_ET_DYN_BASE;
1109 if (current->flags & PF_RANDOMIZE)
1110 load_bias += arch_mmap_rnd();
ce81bb25
CK		 1111 alignment = maximum_alignment(elf_phdata, elf_ex->e_phnum);
1112 if (alignment)
1113 load_bias &= ~(alignment - 1);
b212921b 1114 elf_flags |= MAP_FIXED;
eab09532
KC		 1115 } else
1116 load_bias = 0;
1117
1118 /*
1119 * Since load_bias is used for all subsequent loading
1120 * calculations, we must lower it by the first vaddr
1121 * so that the remaining calculations based on the
1122 * ELF vaddrs will be correctly offset. The result
1123 * is then page aligned.
1124 */
1125 load_bias = ELF_PAGESTART(load_bias - vaddr);
1126
a87938b2 1127 total_size = total_mapping_size(elf_phdata,
a62c5b1b 1128 elf_ex->e_phnum);
a87938b2 1129 if (!total_size) {
2b1d3ae9 1130 retval = -EINVAL;
a87938b2
MD		 1131 goto out_free_dentry;
1132 }
1da177e4
LT		 1133 }
1134
f4e5cc2c 1135 error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
a87938b2 1136 elf_prot, elf_flags, total_size);
1da177e4 1137 if (BAD_ADDR(error)) {
b140f251
AK		 1138 retval = IS_ERR((void *)error) ?
1139 PTR_ERR((void*)error) : -EINVAL;
1da177e4
LT		 1140 goto out_free_dentry;
1141 }
1142
1143 if (!load_addr_set) {
1144 load_addr_set = 1;
1145 load_addr = (elf_ppnt->p_vaddr - elf_ppnt->p_offset);
a62c5b1b 1146 if (elf_ex->e_type == ET_DYN) {
1da177e4
LT		 1147 load_bias += error -
1148 ELF_PAGESTART(load_bias + vaddr);
1149 load_addr += load_bias;
1150 reloc_func_desc = load_bias;
1151 }
1152 }
1153 k = elf_ppnt->p_vaddr;
f67ef446 1154 if ((elf_ppnt->p_flags & PF_X) && k < start_code)
f4e5cc2c
JJ		 1155 start_code = k;
1156 if (start_data < k)
1157 start_data = k;
1da177e4
LT		 1158
1159 /*
1160 * Check to see if the section's size will overflow the
1161 * allowed task size. Note that p_filesz must always be
1162 * <= p_memsz so it is only necessary to check p_memsz.
1163 */
ce51059b 1164 if (BAD_ADDR(k) || elf_ppnt->p_filesz > elf_ppnt->p_memsz ||
1da177e4
LT		 1165 elf_ppnt->p_memsz > TASK_SIZE ||
1166 TASK_SIZE - elf_ppnt->p_memsz < k) {
f4e5cc2c 1167 /* set_brk can never work. Avoid overflows. */
b140f251 1168 retval = -EINVAL;
1da177e4
LT		 1169 goto out_free_dentry;
1170 }
1171
1172 k = elf_ppnt->p_vaddr + elf_ppnt->p_filesz;
1173
1174 if (k > elf_bss)
1175 elf_bss = k;
1176 if ((elf_ppnt->p_flags & PF_X) && end_code < k)
1177 end_code = k;
1178 if (end_data < k)
1179 end_data = k;
1180 k = elf_ppnt->p_vaddr + elf_ppnt->p_memsz;
16e72e9b
DV		 1181 if (k > elf_brk) {
1182 bss_prot = elf_prot;
1da177e4 1183 elf_brk = k;
16e72e9b 1184 }
1da177e4
LT		 1185 }
1186
a62c5b1b 1187 e_entry = elf_ex->e_entry + load_bias;
1da177e4
LT		 1188 elf_bss += load_bias;
1189 elf_brk += load_bias;
1190 start_code += load_bias;
1191 end_code += load_bias;
1192 start_data += load_bias;
1193 end_data += load_bias;
1194
1195 /* Calling set_brk effectively mmaps the pages that we need
1196 * for the bss and break sections. We must do this before
1197 * mapping in the interpreter, to make sure it doesn't wind
1198 * up getting placed where the bss needs to go.
1199 */
16e72e9b 1200 retval = set_brk(elf_bss, elf_brk, bss_prot);
19d860a1 1201 if (retval)
1da177e4 1202 goto out_free_dentry;
6de50517 1203 if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
1da177e4
LT		 1204 retval = -EFAULT; /* Nobody gets to see this, but.. */
1205 goto out_free_dentry;
1206 }
1207
cc338010 1208 if (interpreter) {
c69bcc93 1209 elf_entry = load_elf_interp(interp_elf_ex,
d20894a2 1210 interpreter,
fe0f6766
DM		 1211 load_bias, interp_elf_phdata,
1212 &arch_state);
d20894a2
AK		 1213 if (!IS_ERR((void *)elf_entry)) {
1214 /*
1215 * load_elf_interp() returns relocation
1216 * adjustment
1217 */
1218 interp_load_addr = elf_entry;
c69bcc93 1219 elf_entry += interp_elf_ex->e_entry;
cc503c1b 1220 }
1da177e4 1221 if (BAD_ADDR(elf_entry)) {
ce51059b
CE		 1222 retval = IS_ERR((void *)elf_entry) ?
1223 (int)elf_entry : -EINVAL;
1da177e4
LT		 1224 goto out_free_dentry;
1225 }
1226 reloc_func_desc = interp_load_addr;
1227
1228 allow_write_access(interpreter);
1229 fput(interpreter);
0693ffeb
AD		 1230
1231 kfree(interp_elf_ex);
aa0d1564 1232 kfree(interp_elf_phdata);
1da177e4 1233 } else {
a62c5b1b 1234 elf_entry = e_entry;
5342fba5 1235 if (BAD_ADDR(elf_entry)) {
ce51059b 1236 retval = -EINVAL;
5342fba5
SS		 1237 goto out_free_dentry;
1238 }
1da177e4
LT		 1239 }
1240
1241 kfree(elf_phdata);
1242
1da177e4
LT		 1243 set_binfmt(&elf_format);
1244
547ee84c 1245#ifdef ARCH_HAS_SETUP_ADDITIONAL_PAGES
cc338010 1246 retval = arch_setup_additional_pages(bprm, !!interpreter);
19d860a1 1247 if (retval < 0)
18c8baff 1248 goto out;
547ee84c
BH		 1249#endif /* ARCH_HAS_SETUP_ADDITIONAL_PAGES */
1250
a62c5b1b
AD		 1251 retval = create_elf_tables(bprm, elf_ex,
1252 load_addr, interp_load_addr, e_entry);
19d860a1 1253 if (retval < 0)
b6a2fea3 1254 goto out;
03c6d723
AD		 1255
1256 mm = current->mm;
1257 mm->end_code = end_code;
1258 mm->start_code = start_code;
1259 mm->start_data = start_data;
1260 mm->end_data = end_data;
1261 mm->start_stack = bprm->p;
1da177e4 1262
4471a675 1263 if ((current->flags & PF_RANDOMIZE) && (randomize_va_space > 1)) {
bbdc6076
KC		 1264 /*
1265 * For architectures with ELF randomization, when executing
1266 * a loader directly (i.e. no interpreter listed in ELF
1267 * headers), move the brk area out of the mmap region
1268 * (since it grows up, and may collide early with the stack
1269 * growing down), and into the unused ELF_ET_DYN_BASE region.
1270 */
7be3cb01 1271 if (IS_ENABLED(CONFIG_ARCH_HAS_ELF_RANDOMIZE) &&
03c6d723
AD		 1272 elf_ex->e_type == ET_DYN && !interpreter) {
1273 mm->brk = mm->start_brk = ELF_ET_DYN_BASE;
1274 }
bbdc6076 1275
03c6d723 1276 mm->brk = mm->start_brk = arch_randomize_brk(mm);
204db6ed 1277#ifdef compat_brk_randomized
4471a675
JK		 1278 current->brk_randomized = 1;
1279#endif
1280 }
c1d171a0 1281
1da177e4
LT		 1282 if (current->personality & MMAP_PAGE_ZERO) {
1283 /* Why this, you ask??? Well SVr4 maps page 0 as read-only,
1284 and some applications "depend" upon this behavior.
1285 Since we do not have the power to recompile these, we
f4e5cc2c 1286 emulate the SVr4 behavior. Sigh. */
6be5ceb0 1287 error = vm_mmap(NULL, 0, PAGE_SIZE, PROT_READ | PROT_EXEC,
1da177e4 1288 MAP_FIXED | MAP_PRIVATE, 0);
1da177e4
LT		 1289 }
1290
249b08e4 1291 regs = current_pt_regs();
1da177e4
LT		 1292#ifdef ELF_PLAT_INIT
1293 /*
1294 * The ABI may specify that certain registers be set up in special
1295 * ways (on i386 %edx is the address of a DT_FINI function, for
1296 * example. In addition, it may also specify (eg, PowerPC64 ELF)
1297 * that the e_entry field is the address of the function descriptor
1298 * for the startup routine, rather than the address of the startup
1299 * routine itself. This macro performs whatever initialization to
1300 * the regs structure is required as well as any relocations to the
1301 * function descriptor entries when executing dynamically links apps.
1302 */
1303 ELF_PLAT_INIT(regs, reloc_func_desc);
1304#endif
1305
b8383831 1306 finalize_exec(bprm);
1da177e4 1307 start_thread(regs, elf_entry, bprm->p);
1da177e4
LT		 1308 retval = 0;
1309out:
1da177e4
LT		 1310 return retval;
1311
1312 /* error cleanup */
1313out_free_dentry:
0693ffeb 1314 kfree(interp_elf_ex);
a9d9ef13 1315 kfree(interp_elf_phdata);
1da177e4
LT		 1316 allow_write_access(interpreter);
1317 if (interpreter)
1318 fput(interpreter);
1da177e4
LT		 1319out_free_ph:
1320 kfree(elf_phdata);
1321 goto out;
1322}
1323
69369a70 1324#ifdef CONFIG_USELIB
1da177e4
LT		 1325/* This is really simpleminded and specialized - we are loading an
1326 a.out library that is given an ELF header. */
1da177e4
LT		 1327static int load_elf_library(struct file *file)
1328{
1329 struct elf_phdr *elf_phdata;
1330 struct elf_phdr *eppnt;
1331 unsigned long elf_bss, bss, len;
1332 int retval, error, i, j;
1333 struct elfhdr elf_ex;
1334
1335 error = -ENOEXEC;
658c0335
AD		 1336 retval = elf_read(file, &elf_ex, sizeof(elf_ex), 0);
1337 if (retval < 0)
1da177e4
LT		 1338 goto out;
1339
1340 if (memcmp(elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
1341 goto out;
1342
1343 /* First of all, some simple consistency checks */
1344 if (elf_ex.e_type != ET_EXEC || elf_ex.e_phnum > 2 ||
72c2d531 1345 !elf_check_arch(&elf_ex) || !file->f_op->mmap)
1da177e4 1346 goto out;
4755200b
NP		 1347 if (elf_check_fdpic(&elf_ex))
1348 goto out;
1da177e4
LT		 1349
1350 /* Now read in all of the header information */
1351
1352 j = sizeof(struct elf_phdr) * elf_ex.e_phnum;
1353 /* j < ELF_MIN_ALIGN because elf_ex.e_phnum <= 2 */
1354
1355 error = -ENOMEM;
1356 elf_phdata = kmalloc(j, GFP_KERNEL);
1357 if (!elf_phdata)
1358 goto out;
1359
1360 eppnt = elf_phdata;
1361 error = -ENOEXEC;
658c0335
AD		 1362 retval = elf_read(file, eppnt, j, elf_ex.e_phoff);
1363 if (retval < 0)
1da177e4
LT		 1364 goto out_free_ph;
1365
1366 for (j = 0, i = 0; i<elf_ex.e_phnum; i++)
1367 if ((eppnt + i)->p_type == PT_LOAD)
1368 j++;
1369 if (j != 1)
1370 goto out_free_ph;
1371
1372 while (eppnt->p_type != PT_LOAD)
1373 eppnt++;
1374
1375 /* Now use mmap to map the library into memory. */
6be5ceb0 1376 error = vm_mmap(file,
1da177e4
LT		 1377 ELF_PAGESTART(eppnt->p_vaddr),
1378 (eppnt->p_filesz +
1379 ELF_PAGEOFFSET(eppnt->p_vaddr)),
1380 PROT_READ | PROT_WRITE | PROT_EXEC,
4ed28639 1381 MAP_FIXED_NOREPLACE | MAP_PRIVATE | MAP_DENYWRITE,
1da177e4
LT		 1382 (eppnt->p_offset -
1383 ELF_PAGEOFFSET(eppnt->p_vaddr)));
1da177e4
LT		 1384 if (error != ELF_PAGESTART(eppnt->p_vaddr))
1385 goto out_free_ph;
1386
1387 elf_bss = eppnt->p_vaddr + eppnt->p_filesz;
1388 if (padzero(elf_bss)) {
1389 error = -EFAULT;
1390 goto out_free_ph;
1391 }
1392
24962af7
OS		 1393 len = ELF_PAGEALIGN(eppnt->p_filesz + eppnt->p_vaddr);
1394 bss = ELF_PAGEALIGN(eppnt->p_memsz + eppnt->p_vaddr);
ecc2bc8a
MH		 1395 if (bss > len) {
1396 error = vm_brk(len, bss - len);
5d22fc25 1397 if (error)
ecc2bc8a
MH		 1398 goto out_free_ph;
1399 }
1da177e4
LT		 1400 error = 0;
1401
1402out_free_ph:
1403 kfree(elf_phdata);
1404out:
1405 return error;
1406}
69369a70 1407#endif /* #ifdef CONFIG_USELIB */
1da177e4 1408
698ba7b5 1409#ifdef CONFIG_ELF_CORE
1da177e4
LT		 1410/*
1411 * ELF core dumper
1412 *
1413 * Modelled on fs/exec.c:aout_core_dump()
1414 * Jeremy Fitzhardinge <jeremy@sw.oz.au>
1415 */
1da177e4 1416
1da177e4
LT		 1417/* An ELF note in memory */
1418struct memelfnote
1419{
1420 const char *name;
1421 int type;
1422 unsigned int datasz;
1423 void *data;
1424};
1425
1426static int notesize(struct memelfnote *en)
1427{
1428 int sz;
1429
1430 sz = sizeof(struct elf_note);
1431 sz += roundup(strlen(en->name) + 1, 4);
1432 sz += roundup(en->datasz, 4);
1433
1434 return sz;
1435}
1436
ecc8c772 1437static int writenote(struct memelfnote *men, struct coredump_params *cprm)
d025c9db
AK		 1438{
1439 struct elf_note en;
1da177e4
LT		 1440 en.n_namesz = strlen(men->name) + 1;
1441 en.n_descsz = men->datasz;
1442 en.n_type = men->type;
1443
ecc8c772 1444 return dump_emit(cprm, &en, sizeof(en)) &&
22a8cb82
AV		 1445 dump_emit(cprm, men->name, en.n_namesz) && dump_align(cprm, 4) &&
1446 dump_emit(cprm, men->data, men->datasz) && dump_align(cprm, 4);
1da177e4 1447}
1da177e4 1448
3aba481f 1449static void fill_elf_header(struct elfhdr *elf, int segs,
d3330cf0 1450 u16 machine, u32 flags)
1da177e4 1451{
6970c8ef
CG		 1452 memset(elf, 0, sizeof(*elf));
1453
1da177e4
LT		 1454 memcpy(elf->e_ident, ELFMAG, SELFMAG);
1455 elf->e_ident[EI_CLASS] = ELF_CLASS;
1456 elf->e_ident[EI_DATA] = ELF_DATA;
1457 elf->e_ident[EI_VERSION] = EV_CURRENT;
1458 elf->e_ident[EI_OSABI] = ELF_OSABI;
1da177e4
LT		 1459
1460 elf->e_type = ET_CORE;
3aba481f 1461 elf->e_machine = machine;
1da177e4 1462 elf->e_version = EV_CURRENT;
1da177e4 1463 elf->e_phoff = sizeof(struct elfhdr);
3aba481f 1464 elf->e_flags = flags;
1da177e4
LT		 1465 elf->e_ehsize = sizeof(struct elfhdr);
1466 elf->e_phentsize = sizeof(struct elf_phdr);
1467 elf->e_phnum = segs;
1da177e4
LT		 1468}
1469
8d6b5eee 1470static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, loff_t offset)
1da177e4
LT		 1471{
1472 phdr->p_type = PT_NOTE;
1473 phdr->p_offset = offset;
1474 phdr->p_vaddr = 0;
1475 phdr->p_paddr = 0;
1476 phdr->p_filesz = sz;
1477 phdr->p_memsz = 0;
1478 phdr->p_flags = 0;
1479 phdr->p_align = 0;
1da177e4
LT		 1480}
1481
1482static void fill_note(struct memelfnote *note, const char *name, int type,
1483 unsigned int sz, void *data)
1484{
1485 note->name = name;
1486 note->type = type;
1487 note->datasz = sz;
1488 note->data = data;
1da177e4
LT		 1489}
1490
1491/*
f4e5cc2c
JJ		 1492 * fill up all the fields in prstatus from the given task struct, except
1493 * registers which need to be filled up separately.
1da177e4
LT		 1494 */
1495static void fill_prstatus(struct elf_prstatus *prstatus,
f4e5cc2c 1496 struct task_struct *p, long signr)
1da177e4
LT		 1497{
1498 prstatus->pr_info.si_signo = prstatus->pr_cursig = signr;
1499 prstatus->pr_sigpend = p->pending.signal.sig[0];
1500 prstatus->pr_sighold = p->blocked.sig[0];
3b34fc58
ON		 1501 rcu_read_lock();
1502 prstatus->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1503 rcu_read_unlock();
b488893a 1504 prstatus->pr_pid = task_pid_vnr(p);
b488893a
PE		 1505 prstatus->pr_pgrp = task_pgrp_vnr(p);
1506 prstatus->pr_sid = task_session_vnr(p);
1da177e4 1507 if (thread_group_leader(p)) {
cd19c364 1508 struct task_cputime cputime;
f06febc9 1509
1da177e4 1510 /*
f06febc9
FM		 1511 * This is the record for the group leader. It shows the
1512 * group-wide total, not its individual thread total.
1da177e4 1513 */
cd19c364 1514 thread_group_cputime(p, &cputime);
e2bb80d5
AB		 1515 prstatus->pr_utime = ns_to_kernel_old_timeval(cputime.utime);
1516 prstatus->pr_stime = ns_to_kernel_old_timeval(cputime.stime);
1da177e4 1517 } else {
cd19c364 1518 u64 utime, stime;
6fac4829 1519
cd19c364 1520 task_cputime(p, &utime, &stime);
e2bb80d5
AB		 1521 prstatus->pr_utime = ns_to_kernel_old_timeval(utime);
1522 prstatus->pr_stime = ns_to_kernel_old_timeval(stime);
1da177e4 1523 }
5613fda9 1524
e2bb80d5
AB		 1525 prstatus->pr_cutime = ns_to_kernel_old_timeval(p->signal->cutime);
1526 prstatus->pr_cstime = ns_to_kernel_old_timeval(p->signal->cstime);
1da177e4
LT		 1527}
1528
1529static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p,
1530 struct mm_struct *mm)
1531{
c69e8d9c 1532 const struct cred *cred;
a84a5059 1533 unsigned int i, len;
1da177e4
LT		 1534
1535 /* first copy the parameters from user space */
1536 memset(psinfo, 0, sizeof(struct elf_prpsinfo));
1537
1538 len = mm->arg_end - mm->arg_start;
1539 if (len >= ELF_PRARGSZ)
1540 len = ELF_PRARGSZ-1;
1541 if (copy_from_user(&psinfo->pr_psargs,
1542 (const char __user *)mm->arg_start, len))
1543 return -EFAULT;
1544 for(i = 0; i < len; i++)
1545 if (psinfo->pr_psargs[i] == 0)
1546 psinfo->pr_psargs[i] = ' ';
1547 psinfo->pr_psargs[len] = 0;
1548
3b34fc58
ON		 1549 rcu_read_lock();
1550 psinfo->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1551 rcu_read_unlock();
b488893a 1552 psinfo->pr_pid = task_pid_vnr(p);
b488893a
PE		 1553 psinfo->pr_pgrp = task_pgrp_vnr(p);
1554 psinfo->pr_sid = task_session_vnr(p);
1da177e4
LT		 1555
1556 i = p->state ? ffz(~p->state) + 1 : 0;
1557 psinfo->pr_state = i;
55148548 1558 psinfo->pr_sname = (i > 5) ? '.' : "RSDTZW"[i];
1da177e4
LT		 1559 psinfo->pr_zomb = psinfo->pr_sname == 'Z';
1560 psinfo->pr_nice = task_nice(p);
1561 psinfo->pr_flag = p->flags;
c69e8d9c
DH		 1562 rcu_read_lock();
1563 cred = __task_cred(p);
ebc887b2
EB		 1564 SET_UID(psinfo->pr_uid, from_kuid_munged(cred->user_ns, cred->uid));
1565 SET_GID(psinfo->pr_gid, from_kgid_munged(cred->user_ns, cred->gid));
c69e8d9c 1566 rcu_read_unlock();
1da177e4
LT		 1567 strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname));
1568
1569 return 0;
1570}
1571
3aba481f
RM		 1572static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
1573{
1574 elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
1575 int i = 0;
1576 do
1577 i += 2;
1578 while (auxv[i - 2] != AT_NULL);
1579 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
1580}
1581
49ae4d4b 1582static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata,
ae7795bc 1583 const kernel_siginfo_t *siginfo)
49ae4d4b 1584{
fa4751f4 1585 copy_siginfo_to_external(csigdata, siginfo);
49ae4d4b
DV		 1586 fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata);
1587}
1588
2aa362c4
DV		 1589#define MAX_FILE_NOTE_SIZE (4*1024*1024)
1590/*
1591 * Format of NT_FILE note:
1592 *
1593 * long count -- how many files are mapped
1594 * long page_size -- units for file_ofs
1595 * array of [COUNT] elements of
1596 * long start
1597 * long end
1598 * long file_ofs
1599 * followed by COUNT filenames in ASCII: "FILE1" NUL "FILE2" NUL...
1600 */
72023656 1601static int fill_files_note(struct memelfnote *note)
2aa362c4 1602{
03c6d723 1603 struct mm_struct *mm = current->mm;
2aa362c4
DV		 1604 struct vm_area_struct *vma;
1605 unsigned count, size, names_ofs, remaining, n;
1606 user_long_t *data;
1607 user_long_t *start_end_ofs;
1608 char *name_base, *name_curpos;
1609
1610 /* *Estimated* file count and total data size needed */
03c6d723 1611 count = mm->map_count;
60c9d92f
AD		 1612 if (count > UINT_MAX / 64)
1613 return -EINVAL;
2aa362c4
DV		 1614 size = count * 64;
1615
1616 names_ofs = (2 + 3 * count) * sizeof(data[0]);
1617 alloc:
1618 if (size >= MAX_FILE_NOTE_SIZE) /* paranoia check */
72023656 1619 return -EINVAL;
2aa362c4 1620 size = round_up(size, PAGE_SIZE);
1fbede6e
AD		 1621 /*
1622 * "size" can be 0 here legitimately.
1623 * Let it ENOMEM and omit NT_FILE section which will be empty anyway.
1624 */
86a2bb5a
AD		 1625 data = kvmalloc(size, GFP_KERNEL);
1626 if (ZERO_OR_NULL_PTR(data))
72023656 1627 return -ENOMEM;
2aa362c4
DV		 1628
1629 start_end_ofs = data + 2;
1630 name_base = name_curpos = ((char *)data) + names_ofs;
1631 remaining = size - names_ofs;
1632 count = 0;
03c6d723 1633 for (vma = mm->mmap; vma != NULL; vma = vma->vm_next) {
2aa362c4
DV		 1634 struct file *file;
1635 const char *filename;
1636
1637 file = vma->vm_file;
1638 if (!file)
1639 continue;
9bf39ab2 1640 filename = file_path(file, name_curpos, remaining);
2aa362c4
DV		 1641 if (IS_ERR(filename)) {
1642 if (PTR_ERR(filename) == -ENAMETOOLONG) {
86a2bb5a 1643 kvfree(data);
2aa362c4
DV		 1644 size = size * 5 / 4;
1645 goto alloc;
1646 }
1647 continue;
1648 }
1649
9bf39ab2 1650 /* file_path() fills at the end, move name down */
2aa362c4
DV		 1651 /* n = strlen(filename) + 1: */
1652 n = (name_curpos + remaining) - filename;
1653 remaining = filename - name_curpos;
1654 memmove(name_curpos, filename, n);
1655 name_curpos += n;
1656
1657 *start_end_ofs++ = vma->vm_start;
1658 *start_end_ofs++ = vma->vm_end;
1659 *start_end_ofs++ = vma->vm_pgoff;
1660 count++;
1661 }
1662
1663 /* Now we know exact count of files, can store it */
1664 data[0] = count;
1665 data[1] = PAGE_SIZE;
1666 /*
03c6d723 1667 * Count usually is less than mm->map_count,
2aa362c4
DV		 1668 * we need to move filenames down.
1669 */
03c6d723 1670 n = mm->map_count - count;
2aa362c4
DV		 1671 if (n != 0) {
1672 unsigned shift_bytes = n * 3 * sizeof(data[0]);
1673 memmove(name_base - shift_bytes, name_base,
1674 name_curpos - name_base);
1675 name_curpos -= shift_bytes;
1676 }
1677
1678 size = name_curpos - (char *)data;
1679 fill_note(note, "CORE", NT_FILE, size, data);
72023656 1680 return 0;
2aa362c4
DV		 1681}
1682
4206d3aa
RM		 1683#ifdef CORE_DUMP_USE_REGSET
1684#include <linux/regset.h>
1685
1686struct elf_thread_core_info {
1687 struct elf_thread_core_info *next;
1688 struct task_struct *task;
1689 struct elf_prstatus prstatus;
1690 struct memelfnote notes[0];
1691};
1692
1693struct elf_note_info {
1694 struct elf_thread_core_info *thread;
1695 struct memelfnote psinfo;
49ae4d4b 1696 struct memelfnote signote;
4206d3aa 1697 struct memelfnote auxv;
2aa362c4 1698 struct memelfnote files;
49ae4d4b 1699 user_siginfo_t csigdata;
4206d3aa
RM		 1700 size_t size;
1701 int thread_notes;
1702};
1703
d31472b6
RM		 1704/*
1705 * When a regset has a writeback hook, we call it on each thread before
1706 * dumping user memory. On register window machines, this makes sure the
1707 * user memory backing the register data is up to date before we read it.
1708 */
1709static void do_thread_regset_writeback(struct task_struct *task,
1710 const struct user_regset *regset)
1711{
1712 if (regset->writeback)
1713 regset->writeback(task, regset, 1);
1714}
1715
0953f65d 1716#ifndef PRSTATUS_SIZE
90954e7b 1717#define PRSTATUS_SIZE(S, R) sizeof(S)
0953f65d
L		 1718#endif
1719
1720#ifndef SET_PR_FPVALID
90954e7b 1721#define SET_PR_FPVALID(S, V, R) ((S)->pr_fpvalid = (V))
0953f65d
L		 1722#endif
1723
4206d3aa
RM		 1724static int fill_thread_core_info(struct elf_thread_core_info *t,
1725 const struct user_regset_view *view,
1726 long signr, size_t *total)
1727{
1728 unsigned int i;
b4e9c954 1729 int regset0_size;
4206d3aa
RM		 1730
1731 /*
1732 * NT_PRSTATUS is the one special case, because the regset data
1733 * goes into the pr_reg field inside the note contents, rather
1734 * than being the whole note contents. We fill the reset in here.
1735 * We assume that regset 0 is NT_PRSTATUS.
1736 */
1737 fill_prstatus(&t->prstatus, t->task, signr);
b4e9c954
AV		 1738 regset0_size = regset_get(t->task, &view->regsets[0],
1739 sizeof(t->prstatus.pr_reg), &t->prstatus.pr_reg);
1740 if (regset0_size < 0)
1741 return 0;
4206d3aa
RM		 1742
1743 fill_note(&t->notes[0], "CORE", NT_PRSTATUS,
27e64b4b 1744 PRSTATUS_SIZE(t->prstatus, regset0_size), &t->prstatus);
4206d3aa
RM		 1745 *total += notesize(&t->notes[0]);
1746
d31472b6
RM		 1747 do_thread_regset_writeback(t->task, &view->regsets[0]);
1748
4206d3aa
RM		 1749 /*
1750 * Each other regset might generate a note too. For each regset
1751 * that has no core_note_type or is inactive, we leave t->notes[i]
1752 * all zero and we'll know to skip writing it later.
1753 */
1754 for (i = 1; i < view->n; ++i) {
1755 const struct user_regset *regset = &view->regsets[i];
b4e9c954
AV		 1756 int note_type = regset->core_note_type;
1757 bool is_fpreg = note_type == NT_PRFPREG;
1758 void *data;
1759 int ret;
1760
d31472b6 1761 do_thread_regset_writeback(t->task, regset);
b4e9c954
AV		 1762 if (!note_type) // not for coredumps
1763 continue;
1764 if (regset->active && regset->active(t->task, regset) <= 0)
1765 continue;
1766
1767 ret = regset_get_alloc(t->task, regset, ~0U, &data);
1768 if (ret < 0)
1769 continue;
1770
1771 if (is_fpreg)
1772 SET_PR_FPVALID(&t->prstatus, 1, regset0_size);
1773
1774 fill_note(&t->notes[i], is_fpreg ? "CORE" : "LINUX",
1775 note_type, ret, data);
1776
1777 *total += notesize(&t->notes[i]);
4206d3aa
RM		 1778 }
1779
1780 return 1;
1781}
1782
1783static int fill_note_info(struct elfhdr *elf, int phdrs,
1784 struct elf_note_info *info,
ae7795bc 1785 const kernel_siginfo_t *siginfo, struct pt_regs *regs)
4206d3aa
RM		 1786{
1787 struct task_struct *dump_task = current;
1788 const struct user_regset_view *view = task_user_regset_view(dump_task);
1789 struct elf_thread_core_info *t;
1790 struct elf_prpsinfo *psinfo;
83914441 1791 struct core_thread *ct;
4206d3aa
RM		 1792 unsigned int i;
1793
1794 info->size = 0;
1795 info->thread = NULL;
1796
1797 psinfo = kmalloc(sizeof(*psinfo), GFP_KERNEL);
6899e92d
AC		 1798 if (psinfo == NULL) {
1799 info->psinfo.data = NULL; /* So we don't free this wrongly */
4206d3aa 1800 return 0;
6899e92d 1801 }
4206d3aa 1802
e2dbe125
AW		 1803 fill_note(&info->psinfo, "CORE", NT_PRPSINFO, sizeof(*psinfo), psinfo);
1804
4206d3aa
RM		 1805 /*
1806 * Figure out how many notes we're going to need for each thread.
1807 */
1808 info->thread_notes = 0;
1809 for (i = 0; i < view->n; ++i)
1810 if (view->regsets[i].core_note_type != 0)
1811 ++info->thread_notes;
1812
1813 /*
1814 * Sanity check. We rely on regset 0 being in NT_PRSTATUS,
1815 * since it is our one special case.
1816 */
1817 if (unlikely(info->thread_notes == 0) ||
1818 unlikely(view->regsets[0].core_note_type != NT_PRSTATUS)) {
1819 WARN_ON(1);
1820 return 0;
1821 }
1822
1823 /*
1824 * Initialize the ELF file header.
1825 */
1826 fill_elf_header(elf, phdrs,
d3330cf0 1827 view->e_machine, view->e_flags);
4206d3aa
RM		 1828
1829 /*
1830 * Allocate a structure for each thread.
1831 */
83914441
ON		 1832 for (ct = &dump_task->mm->core_state->dumper; ct; ct = ct->next) {
1833 t = kzalloc(offsetof(struct elf_thread_core_info,
1834 notes[info->thread_notes]),
1835 GFP_KERNEL);
1836 if (unlikely(!t))
1837 return 0;
1838
1839 t->task = ct->task;
1840 if (ct->task == dump_task || !info->thread) {
1841 t->next = info->thread;
1842 info->thread = t;
1843 } else {
1844 /*
1845 * Make sure to keep the original task at
1846 * the head of the list.
1847 */
1848 t->next = info->thread->next;
1849 info->thread->next = t;
4206d3aa 1850 }
83914441 1851 }
4206d3aa
RM		 1852
1853 /*
1854 * Now fill in each thread's information.
1855 */
1856 for (t = info->thread; t != NULL; t = t->next)
5ab1c309 1857 if (!fill_thread_core_info(t, view, siginfo->si_signo, &info->size))
4206d3aa
RM		 1858 return 0;
1859
1860 /*
1861 * Fill in the two process-wide notes.
1862 */
1863 fill_psinfo(psinfo, dump_task->group_leader, dump_task->mm);
1864 info->size += notesize(&info->psinfo);
1865
49ae4d4b
DV		 1866 fill_siginfo_note(&info->signote, &info->csigdata, siginfo);
1867 info->size += notesize(&info->signote);
1868
4206d3aa
RM		 1869 fill_auxv_note(&info->auxv, current->mm);
1870 info->size += notesize(&info->auxv);
1871
72023656
DA		 1872 if (fill_files_note(&info->files) == 0)
1873 info->size += notesize(&info->files);
2aa362c4 1874
4206d3aa
RM		 1875 return 1;
1876}
1877
1878static size_t get_note_info_size(struct elf_note_info *info)
1879{
1880 return info->size;
1881}
1882
1883/*
1884 * Write all the notes for each thread. When writing the first thread, the
1885 * process-wide notes are interleaved after the first thread-specific note.
1886 */
1887static int write_note_info(struct elf_note_info *info,
ecc8c772 1888 struct coredump_params *cprm)
4206d3aa 1889{
b219e25f 1890 bool first = true;
4206d3aa
RM		 1891 struct elf_thread_core_info *t = info->thread;
1892
1893 do {
1894 int i;
1895
ecc8c772 1896 if (!writenote(&t->notes[0], cprm))
4206d3aa
RM		 1897 return 0;
1898
ecc8c772 1899 if (first && !writenote(&info->psinfo, cprm))
4206d3aa 1900 return 0;
ecc8c772 1901 if (first && !writenote(&info->signote, cprm))
49ae4d4b 1902 return 0;
ecc8c772 1903 if (first && !writenote(&info->auxv, cprm))
4206d3aa 1904 return 0;
72023656 1905 if (first && info->files.data &&
ecc8c772 1906 !writenote(&info->files, cprm))
2aa362c4 1907 return 0;
4206d3aa
RM		 1908
1909 for (i = 1; i < info->thread_notes; ++i)
1910 if (t->notes[i].data &&
ecc8c772 1911 !writenote(&t->notes[i], cprm))
4206d3aa
RM		 1912 return 0;
1913
b219e25f 1914 first = false;
4206d3aa
RM		 1915 t = t->next;
1916 } while (t);
1917
1918 return 1;
1919}
1920
1921static void free_note_info(struct elf_note_info *info)
1922{
1923 struct elf_thread_core_info *threads = info->thread;
1924 while (threads) {
1925 unsigned int i;
1926 struct elf_thread_core_info *t = threads;
1927 threads = t->next;
1928 WARN_ON(t->notes[0].data && t->notes[0].data != &t->prstatus);
1929 for (i = 1; i < info->thread_notes; ++i)
1930 kfree(t->notes[i].data);
1931 kfree(t);
1932 }
1933 kfree(info->psinfo.data);
86a2bb5a 1934 kvfree(info->files.data);
4206d3aa
RM		 1935}
1936
1937#else
1938
1da177e4
LT		 1939/* Here is the structure in which status of each thread is captured. */
1940struct elf_thread_status
1941{
1942 struct list_head list;
1943 struct elf_prstatus prstatus; /* NT_PRSTATUS */
1944 elf_fpregset_t fpu; /* NT_PRFPREG */
1945 struct task_struct *thread;
1da177e4
LT		 1946 struct memelfnote notes[3];
1947 int num_notes;
1948};
1949
1950/*
1951 * In order to add the specific thread information for the elf file format,
f4e5cc2c
JJ		 1952 * we need to keep a linked list of every threads pr_status and then create
1953 * a single section for them in the final core file.
1da177e4
LT		 1954 */
1955static int elf_dump_thread_status(long signr, struct elf_thread_status *t)
1956{
1957 int sz = 0;
1958 struct task_struct *p = t->thread;
1959 t->num_notes = 0;
1960
1961 fill_prstatus(&t->prstatus, p, signr);
1962 elf_core_copy_task_regs(p, &t->prstatus.pr_reg);
1963
f4e5cc2c
JJ		 1964 fill_note(&t->notes[0], "CORE", NT_PRSTATUS, sizeof(t->prstatus),
1965 &(t->prstatus));
1da177e4
LT		 1966 t->num_notes++;
1967 sz += notesize(&t->notes[0]);
1968
f4e5cc2c
JJ		 1969 if ((t->prstatus.pr_fpvalid = elf_core_copy_task_fpregs(p, NULL,
1970 &t->fpu))) {
1971 fill_note(&t->notes[1], "CORE", NT_PRFPREG, sizeof(t->fpu),
1972 &(t->fpu));
1da177e4
LT		 1973 t->num_notes++;
1974 sz += notesize(&t->notes[1]);
1975 }
1da177e4
LT		 1976 return sz;
1977}
1978
3aba481f
RM		 1979struct elf_note_info {
1980 struct memelfnote *notes;
72023656 1981 struct memelfnote *notes_files;
3aba481f
RM		 1982 struct elf_prstatus *prstatus; /* NT_PRSTATUS */
1983 struct elf_prpsinfo *psinfo; /* NT_PRPSINFO */
1984 struct list_head thread_list;
1985 elf_fpregset_t *fpu;
49ae4d4b 1986 user_siginfo_t csigdata;
3aba481f
RM		 1987 int thread_status_size;
1988 int numnote;
1989};
1990
0cf062d0 1991static int elf_note_info_init(struct elf_note_info *info)
3aba481f 1992{
0cf062d0 1993 memset(info, 0, sizeof(*info));
3aba481f
RM		 1994 INIT_LIST_HEAD(&info->thread_list);
1995
49ae4d4b 1996 /* Allocate space for ELF notes */
6da2ec56 1997 info->notes = kmalloc_array(8, sizeof(struct memelfnote), GFP_KERNEL);
3aba481f
RM		 1998 if (!info->notes)
1999 return 0;
2000 info->psinfo = kmalloc(sizeof(*info->psinfo), GFP_KERNEL);
2001 if (!info->psinfo)
f34f9d18 2002 return 0;
3aba481f
RM		 2003 info->prstatus = kmalloc(sizeof(*info->prstatus), GFP_KERNEL);
2004 if (!info->prstatus)
f34f9d18 2005 return 0;
3aba481f
RM		 2006 info->fpu = kmalloc(sizeof(*info->fpu), GFP_KERNEL);
2007 if (!info->fpu)
f34f9d18 2008 return 0;
0cf062d0 2009 return 1;
0cf062d0
AW		 2010}
2011
2012static int fill_note_info(struct elfhdr *elf, int phdrs,
2013 struct elf_note_info *info,
ae7795bc 2014 const kernel_siginfo_t *siginfo, struct pt_regs *regs)
0cf062d0 2015{
afabada9
AV		 2016 struct core_thread *ct;
2017 struct elf_thread_status *ets;
0cf062d0
AW		 2018
2019 if (!elf_note_info_init(info))
2020 return 0;
3aba481f 2021
afabada9
AV		 2022 for (ct = current->mm->core_state->dumper.next;
2023 ct; ct = ct->next) {
2024 ets = kzalloc(sizeof(*ets), GFP_KERNEL);
2025 if (!ets)
2026 return 0;
83914441 2027
afabada9
AV		 2028 ets->thread = ct->task;
2029 list_add(&ets->list, &info->thread_list);
2030 }
83914441 2031
93f044e2 2032 list_for_each_entry(ets, &info->thread_list, list) {
afabada9 2033 int sz;
3aba481f 2034
afabada9
AV		 2035 sz = elf_dump_thread_status(siginfo->si_signo, ets);
2036 info->thread_status_size += sz;
3aba481f
RM		 2037 }
2038 /* now collect the dump for the current */
2039 memset(info->prstatus, 0, sizeof(*info->prstatus));
5ab1c309 2040 fill_prstatus(info->prstatus, current, siginfo->si_signo);
3aba481f
RM		 2041 elf_core_copy_regs(&info->prstatus->pr_reg, regs);
2042
2043 /* Set up header */
d3330cf0 2044 fill_elf_header(elf, phdrs, ELF_ARCH, ELF_CORE_EFLAGS);
3aba481f
RM		 2045
2046 /*
2047 * Set up the notes in similar form to SVR4 core dumps made
2048 * with info from their /proc.
2049 */
2050
2051 fill_note(info->notes + 0, "CORE", NT_PRSTATUS,
2052 sizeof(*info->prstatus), info->prstatus);
2053 fill_psinfo(info->psinfo, current->group_leader, current->mm);
2054 fill_note(info->notes + 1, "CORE", NT_PRPSINFO,
2055 sizeof(*info->psinfo), info->psinfo);
2056
2aa362c4
DV		 2057 fill_siginfo_note(info->notes + 2, &info->csigdata, siginfo);
2058 fill_auxv_note(info->notes + 3, current->mm);
72023656 2059 info->numnote = 4;
3aba481f 2060
72023656
DA		 2061 if (fill_files_note(info->notes + info->numnote) == 0) {
2062 info->notes_files = info->notes + info->numnote;
2063 info->numnote++;
2064 }
3aba481f
RM		 2065
2066 /* Try to dump the FPU. */
2067 info->prstatus->pr_fpvalid = elf_core_copy_task_fpregs(current, regs,
2068 info->fpu);
2069 if (info->prstatus->pr_fpvalid)
2070 fill_note(info->notes + info->numnote++,
2071 "CORE", NT_PRFPREG, sizeof(*info->fpu), info->fpu);
3aba481f 2072 return 1;
3aba481f
RM		 2073}
2074
2075static size_t get_note_info_size(struct elf_note_info *info)
2076{
2077 int sz = 0;
2078 int i;
2079
2080 for (i = 0; i < info->numnote; i++)
2081 sz += notesize(info->notes + i);
2082
2083 sz += info->thread_status_size;
2084
2085 return sz;
2086}
2087
2088static int write_note_info(struct elf_note_info *info,
ecc8c772 2089 struct coredump_params *cprm)
3aba481f 2090{
93f044e2 2091 struct elf_thread_status *ets;
3aba481f 2092 int i;
3aba481f
RM		 2093
2094 for (i = 0; i < info->numnote; i++)
ecc8c772 2095 if (!writenote(info->notes + i, cprm))
3aba481f
RM		 2096 return 0;
2097
2098 /* write out the thread status notes section */
93f044e2
AD		 2099 list_for_each_entry(ets, &info->thread_list, list) {
2100 for (i = 0; i < ets->num_notes; i++)
2101 if (!writenote(&ets->notes[i], cprm))
3aba481f
RM		 2102 return 0;
2103 }
2104
2105 return 1;
2106}
2107
2108static void free_note_info(struct elf_note_info *info)
2109{
2110 while (!list_empty(&info->thread_list)) {
2111 struct list_head *tmp = info->thread_list.next;
2112 list_del(tmp);
2113 kfree(list_entry(tmp, struct elf_thread_status, list));
2114 }
2115
72023656
DA		 2116 /* Free data possibly allocated by fill_files_note(): */
2117 if (info->notes_files)
86a2bb5a 2118 kvfree(info->notes_files->data);
2aa362c4 2119
3aba481f
RM		 2120 kfree(info->prstatus);
2121 kfree(info->psinfo);
2122 kfree(info->notes);
2123 kfree(info->fpu);
3aba481f
RM		 2124}
2125
4206d3aa
RM		 2126#endif
2127
f47aef55
RM		 2128static struct vm_area_struct *first_vma(struct task_struct *tsk,
2129 struct vm_area_struct *gate_vma)
2130{
2131 struct vm_area_struct *ret = tsk->mm->mmap;
2132
2133 if (ret)
2134 return ret;
2135 return gate_vma;
2136}
2137/*
2138 * Helper function for iterating across a vma list. It ensures that the caller
2139 * will visit `gate_vma' prior to terminating the search.
2140 */
2141static struct vm_area_struct *next_vma(struct vm_area_struct *this_vma,
2142 struct vm_area_struct *gate_vma)
2143{
2144 struct vm_area_struct *ret;
2145
2146 ret = this_vma->vm_next;
2147 if (ret)
2148 return ret;
2149 if (this_vma == gate_vma)
2150 return NULL;
2151 return gate_vma;
2152}
2153
8d9032bb
DH		 2154static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
2155 elf_addr_t e_shoff, int segs)
2156{
2157 elf->e_shoff = e_shoff;
2158 elf->e_shentsize = sizeof(*shdr4extnum);
2159 elf->e_shnum = 1;
2160 elf->e_shstrndx = SHN_UNDEF;
2161
2162 memset(shdr4extnum, 0, sizeof(*shdr4extnum));
2163
2164 shdr4extnum->sh_type = SHT_NULL;
2165 shdr4extnum->sh_size = elf->e_shnum;
2166 shdr4extnum->sh_link = elf->e_shstrndx;
2167 shdr4extnum->sh_info = segs;
2168}
2169
1da177e4
LT		 2170/*
2171 * Actual dumper
2172 *
2173 * This is a two-pass process; first we find the offsets of the bits,
2174 * and then they are actually written out. If we run out of core limit
2175 * we just truncate.
2176 */
f6151dfe 2177static int elf_core_dump(struct coredump_params *cprm)
1da177e4 2178{
1da177e4 2179 int has_dumped = 0;
52f5592e
JL		 2180 int segs, i;
2181 size_t vma_data_size = 0;
f47aef55 2182 struct vm_area_struct *vma, *gate_vma;
225a3f53 2183 struct elfhdr elf;
cdc3d562 2184 loff_t offset = 0, dataoff;
72023656 2185 struct elf_note_info info = { };
93eb211e 2186 struct elf_phdr *phdr4note = NULL;
8d9032bb
DH		 2187 struct elf_shdr *shdr4extnum = NULL;
2188 Elf_Half e_phnum;
2189 elf_addr_t e_shoff;
52f5592e 2190 elf_addr_t *vma_filesz = NULL;
1da177e4
LT		 2191
2192 /*
2193 * We no longer stop all VM operations.
2194 *
f4e5cc2c
JJ		 2195 * This is because those proceses that could possibly change map_count
2196 * or the mmap / vma pages are now blocked in do_exit on current
2197 * finishing this core dump.
1da177e4
LT		 2198 *
2199 * Only ptrace can touch these memory addresses, but it doesn't change
f4e5cc2c 2200 * the map_count or the pages allocated. So no possibility of crashing
1da177e4
LT		 2201 * exists while dumping the mm->vm_next areas to the core file.
2202 */
2203
341c87bf
KH		 2204 /*
2205 * The number of segs are recored into ELF header as 16bit value.
2206 * Please check DEFAULT_MAX_MAP_COUNT definition when you modify here.
2207 */
1da177e4 2208 segs = current->mm->map_count;
1fcccbac 2209 segs += elf_core_extra_phdrs();
1da177e4 2210
31db58b3 2211 gate_vma = get_gate_vma(current->mm);
f47aef55
RM		 2212 if (gate_vma != NULL)
2213 segs++;
2214
8d9032bb
DH		 2215 /* for notes section */
2216 segs++;
2217
2218 /* If segs > PN_XNUM(0xffff), then e_phnum overflows. To avoid
2219 * this, kernel supports extended numbering. Have a look at
2220 * include/linux/elf.h for further information. */
2221 e_phnum = segs > PN_XNUM ? PN_XNUM : segs;
2222
1da177e4 2223 /*
3aba481f
RM		 2224 * Collect all the non-memory information about the process for the
2225 * notes. This also sets up the file header.
1da177e4 2226 */
225a3f53 2227 if (!fill_note_info(&elf, e_phnum, &info, cprm->siginfo, cprm->regs))
d2530b43 2228 goto end_coredump;
1da177e4 2229
3aba481f 2230 has_dumped = 1;
079148b9 2231
225a3f53 2232 offset += sizeof(elf); /* Elf header */
8d9032bb 2233 offset += segs * sizeof(struct elf_phdr); /* Program headers */
1da177e4
LT		 2234
2235 /* Write notes phdr entry */
2236 {
3aba481f 2237 size_t sz = get_note_info_size(&info);
1da177e4 2238
e5501492 2239 sz += elf_coredump_extra_notes_size();
bf1ab978 2240
93eb211e
DH		 2241 phdr4note = kmalloc(sizeof(*phdr4note), GFP_KERNEL);
2242 if (!phdr4note)
088e7af7 2243 goto end_coredump;
93eb211e
DH		 2244
2245 fill_elf_note_phdr(phdr4note, sz, offset);
2246 offset += sz;
1da177e4
LT		 2247 }
2248
1da177e4
LT		 2249 dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
2250
1fbede6e
AD		 2251 /*
2252 * Zero vma process will get ZERO_SIZE_PTR here.
2253 * Let coredump continue for register state at least.
2254 */
86a2bb5a
AD		 2255 vma_filesz = kvmalloc(array_size(sizeof(*vma_filesz), (segs - 1)),
2256 GFP_KERNEL);
1fbede6e 2257 if (!vma_filesz)
52f5592e
JL		 2258 goto end_coredump;
2259
2260 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
2261 vma = next_vma(vma, gate_vma)) {
2262 unsigned long dump_size;
2263
2264 dump_size = vma_dump_size(vma, cprm->mm_flags);
2265 vma_filesz[i++] = dump_size;
2266 vma_data_size += dump_size;
2267 }
2268
2269 offset += vma_data_size;
8d9032bb
DH		 2270 offset += elf_core_extra_data_size();
2271 e_shoff = offset;
2272
2273 if (e_phnum == PN_XNUM) {
2274 shdr4extnum = kmalloc(sizeof(*shdr4extnum), GFP_KERNEL);
2275 if (!shdr4extnum)
2276 goto end_coredump;
225a3f53 2277 fill_extnum_info(&elf, shdr4extnum, e_shoff, segs);
8d9032bb
DH		 2278 }
2279
2280 offset = dataoff;
2281
225a3f53 2282 if (!dump_emit(cprm, &elf, sizeof(elf)))
93eb211e
DH		 2283 goto end_coredump;
2284
ecc8c772 2285 if (!dump_emit(cprm, phdr4note, sizeof(*phdr4note)))
93eb211e
DH		 2286 goto end_coredump;
2287
1da177e4 2288 /* Write program headers for segments dump */
52f5592e 2289 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
f47aef55 2290 vma = next_vma(vma, gate_vma)) {
1da177e4 2291 struct elf_phdr phdr;
1da177e4
LT		 2292
2293 phdr.p_type = PT_LOAD;
2294 phdr.p_offset = offset;
2295 phdr.p_vaddr = vma->vm_start;
2296 phdr.p_paddr = 0;
52f5592e 2297 phdr.p_filesz = vma_filesz[i++];
82df3973 2298 phdr.p_memsz = vma->vm_end - vma->vm_start;
1da177e4
LT		 2299 offset += phdr.p_filesz;
2300 phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
f4e5cc2c
JJ		 2301 if (vma->vm_flags & VM_WRITE)
2302 phdr.p_flags |= PF_W;
2303 if (vma->vm_flags & VM_EXEC)
2304 phdr.p_flags |= PF_X;
1da177e4
LT		 2305 phdr.p_align = ELF_EXEC_PAGESIZE;
2306
ecc8c772 2307 if (!dump_emit(cprm, &phdr, sizeof(phdr)))
088e7af7 2308 goto end_coredump;
1da177e4
LT		 2309 }
2310
506f21c5 2311 if (!elf_core_write_extra_phdrs(cprm, offset))
1fcccbac 2312 goto end_coredump;
1da177e4
LT		 2313
2314 /* write out the notes section */
ecc8c772 2315 if (!write_note_info(&info, cprm))
3aba481f 2316 goto end_coredump;
1da177e4 2317
cdc3d562 2318 if (elf_coredump_extra_notes_write(cprm))
e5501492 2319 goto end_coredump;
bf1ab978 2320
d025c9db 2321 /* Align to page */
1607f09c 2322 if (!dump_skip(cprm, dataoff - cprm->pos))
f3e8fccd 2323 goto end_coredump;
1da177e4 2324
52f5592e 2325 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
f47aef55 2326 vma = next_vma(vma, gate_vma)) {
afc63a97
JH		 2327 if (!dump_user_range(cprm, vma->vm_start, vma_filesz[i++]))
2328 goto end_coredump;
1da177e4 2329 }
4d22c75d 2330 dump_truncate(cprm);
1da177e4 2331
aa3e7eaf 2332 if (!elf_core_write_extra_data(cprm))
1fcccbac 2333 goto end_coredump;
1da177e4 2334
8d9032bb 2335 if (e_phnum == PN_XNUM) {
13046ece 2336 if (!dump_emit(cprm, shdr4extnum, sizeof(*shdr4extnum)))
8d9032bb
DH		 2337 goto end_coredump;
2338 }
2339
1da177e4 2340end_coredump:
3aba481f 2341 free_note_info(&info);
8d9032bb 2342 kfree(shdr4extnum);
86a2bb5a 2343 kvfree(vma_filesz);
93eb211e 2344 kfree(phdr4note);
1da177e4 2345 return has_dumped;
1da177e4
LT		 2346}
2347
698ba7b5 2348#endif /* CONFIG_ELF_CORE */
1da177e4
LT		 2349
2350static int __init init_elf_binfmt(void)
2351{
8fc3dc5a
AV		 2352 register_binfmt(&elf_format);
2353 return 0;
1da177e4
LT		 2354}
2355
2356static void __exit exit_elf_binfmt(void)
2357{
2358 /* Remove the COFF and ELF loaders. */
2359 unregister_binfmt(&elf_format);
2360}
2361
2362core_initcall(init_elf_binfmt);
2363module_exit(exit_elf_binfmt);
2364MODULE_LICENSE("GPL");
Linux 6.x block layer and io_uring tree(s)