projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
fs/binfmt_elf.c: make scope of "pos" variable smaller
[linux-2.6-block.git] / fs / binfmt_elf.c
CommitLineData
1da177e4
LT		 1/*
2 * linux/fs/binfmt_elf.c
3 *
4 * These are the functions used to load ELF format executables as used
5 * on SVr4 machines. Information on the format may be found in the book
6 * "UNIX SYSTEM V RELEASE 4 Programmers Guide: Ansi C and Programming Support
7 * Tools".
8 *
9 * Copyright 1993, 1994: Eric Youngdale (ericy@cais.com).
10 */
11
12#include <linux/module.h>
13#include <linux/kernel.h>
14#include <linux/fs.h>
1da177e4
LT		 15#include <linux/mm.h>
16#include <linux/mman.h>
1da177e4
LT		 17#include <linux/errno.h>
18#include <linux/signal.h>
19#include <linux/binfmts.h>
20#include <linux/string.h>
21#include <linux/file.h>
1da177e4 22#include <linux/slab.h>
1da177e4
LT		 23#include <linux/personality.h>
24#include <linux/elfcore.h>
25#include <linux/init.h>
26#include <linux/highuid.h>
1da177e4
LT		 27#include <linux/compiler.h>
28#include <linux/highmem.h>
29#include <linux/pagemap.h>
2aa362c4 30#include <linux/vmalloc.h>
1da177e4 31#include <linux/security.h>
1da177e4 32#include <linux/random.h>
f4e5cc2c 33#include <linux/elf.h>
d1fd836d 34#include <linux/elf-randomize.h>
7e80d0d0 35#include <linux/utsname.h>
088e7af7 36#include <linux/coredump.h>
6fac4829 37#include <linux/sched.h>
f7ccbae4 38#include <linux/sched/coredump.h>
68db0cf1 39#include <linux/sched/task_stack.h>
32ef5517 40#include <linux/sched/cputime.h>
5b825c3a 41#include <linux/cred.h>
5037835c 42#include <linux/dax.h>
7c0f6ba6 43#include <linux/uaccess.h>
1da177e4
LT		 44#include <asm/param.h>
45#include <asm/page.h>
46
2aa362c4
DV		 47#ifndef user_long_t
48#define user_long_t long
49#endif
49ae4d4b
DV		 50#ifndef user_siginfo_t
51#define user_siginfo_t siginfo_t
52#endif
53
4755200b
NP		 54/* That's for binfmt_elf_fdpic to deal with */
55#ifndef elf_check_fdpic
56#define elf_check_fdpic(ex) false
57#endif
58
71613c3b 59static int load_elf_binary(struct linux_binprm *bprm);
1da177e4 60
69369a70
JT		 61#ifdef CONFIG_USELIB
62static int load_elf_library(struct file *);
63#else
64#define load_elf_library NULL
65#endif
66
1da177e4
LT		 67/*
68 * If we don't support core dumping, then supply a NULL so we
69 * don't even try.
70 */
698ba7b5 71#ifdef CONFIG_ELF_CORE
f6151dfe 72static int elf_core_dump(struct coredump_params *cprm);
1da177e4
LT		 73#else
74#define elf_core_dump NULL
75#endif
76
77#if ELF_EXEC_PAGESIZE > PAGE_SIZE
f4e5cc2c 78#define ELF_MIN_ALIGN ELF_EXEC_PAGESIZE
1da177e4 79#else
f4e5cc2c 80#define ELF_MIN_ALIGN PAGE_SIZE
1da177e4
LT		 81#endif
82
83#ifndef ELF_CORE_EFLAGS
84#define ELF_CORE_EFLAGS 0
85#endif
86
87#define ELF_PAGESTART(_v) ((_v) & ~(unsigned long)(ELF_MIN_ALIGN-1))
88#define ELF_PAGEOFFSET(_v) ((_v) & (ELF_MIN_ALIGN-1))
89#define ELF_PAGEALIGN(_v) (((_v) + ELF_MIN_ALIGN - 1) & ~(ELF_MIN_ALIGN - 1))
90
91static struct linux_binfmt elf_format = {
f670d0ec
MP		 92 .module = THIS_MODULE,
93 .load_binary = load_elf_binary,
94 .load_shlib = load_elf_library,
95 .core_dump = elf_core_dump,
96 .min_coredump = ELF_EXEC_PAGESIZE,
1da177e4
LT		 97};
98
d4e3cc38 99#define BAD_ADDR(x) ((unsigned long)(x) >= TASK_SIZE)
1da177e4 100
16e72e9b 101static int set_brk(unsigned long start, unsigned long end, int prot)
1da177e4
LT		 102{
103 start = ELF_PAGEALIGN(start);
104 end = ELF_PAGEALIGN(end);
105 if (end > start) {
16e72e9b
DV		 106 /*
107 * Map the last of the bss segment.
108 * If the header is requesting these pages to be
109 * executable, honour that (ppc32 needs this).
110 */
111 int error = vm_brk_flags(start, end - start,
112 prot & PROT_EXEC ? VM_EXEC : 0);
5d22fc25
LT		 113 if (error)
114 return error;
1da177e4
LT		 115 }
116 current->mm->start_brk = current->mm->brk = end;
117 return 0;
118}
119
1da177e4
LT		 120/* We need to explicitly zero any fractional pages
121 after the data section (i.e. bss). This would
122 contain the junk from the file that should not
f4e5cc2c
JJ		 123 be in memory
124 */
1da177e4
LT		 125static int padzero(unsigned long elf_bss)
126{
127 unsigned long nbyte;
128
129 nbyte = ELF_PAGEOFFSET(elf_bss);
130 if (nbyte) {
131 nbyte = ELF_MIN_ALIGN - nbyte;
132 if (clear_user((void __user *) elf_bss, nbyte))
133 return -EFAULT;
134 }
135 return 0;
136}
137
09c6dd3c 138/* Let's use some macros to make this stack manipulation a little clearer */
1da177e4
LT		 139#ifdef CONFIG_STACK_GROWSUP
140#define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) + (items))
141#define STACK_ROUND(sp, items) \
142 ((15 + (unsigned long) ((sp) + (items))) &~ 15UL)
f4e5cc2c
JJ		 143#define STACK_ALLOC(sp, len) ({ \
144 elf_addr_t __user *old_sp = (elf_addr_t __user *)sp; sp += len; \
145 old_sp; })
1da177e4
LT		 146#else
147#define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) - (items))
148#define STACK_ROUND(sp, items) \
149 (((unsigned long) (sp - items)) &~ 15UL)
150#define STACK_ALLOC(sp, len) ({ sp -= len ; sp; })
151#endif
152
483fad1c
NL		 153#ifndef ELF_BASE_PLATFORM
154/*
155 * AT_BASE_PLATFORM indicates the "real" hardware/microarchitecture.
156 * If the arch defines ELF_BASE_PLATFORM (in asm/elf.h), the value
157 * will be copied to the user stack in the same manner as AT_PLATFORM.
158 */
159#define ELF_BASE_PLATFORM NULL
160#endif
161
1da177e4 162static int
f4e5cc2c 163create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
d20894a2 164 unsigned long load_addr, unsigned long interp_load_addr)
1da177e4
LT		 165{
166 unsigned long p = bprm->p;
167 int argc = bprm->argc;
168 int envc = bprm->envc;
1da177e4
LT		 169 elf_addr_t __user *sp;
170 elf_addr_t __user *u_platform;
483fad1c 171 elf_addr_t __user *u_base_platform;
f06295b4 172 elf_addr_t __user *u_rand_bytes;
1da177e4 173 const char *k_platform = ELF_PLATFORM;
483fad1c 174 const char *k_base_platform = ELF_BASE_PLATFORM;
f06295b4 175 unsigned char k_rand_bytes[16];
1da177e4
LT		 176 int items;
177 elf_addr_t *elf_info;
178 int ei_index = 0;
86a264ab 179 const struct cred *cred = current_cred();
b6a2fea3 180 struct vm_area_struct *vma;
1da177e4 181
d68c9d6a
FBH		 182 /*
183 * In some cases (e.g. Hyper-Threading), we want to avoid L1
184 * evictions by the processes running on the same package. One
185 * thing we can do is to shuffle the initial stack for them.
186 */
187
188 p = arch_align_stack(p);
189
1da177e4
LT		 190 /*
191 * If this architecture has a platform capability string, copy it
192 * to userspace. In some cases (Sparc), this info is impossible
193 * for userspace to get any other way, in others (i386) it is
194 * merely difficult.
195 */
1da177e4
LT		 196 u_platform = NULL;
197 if (k_platform) {
198 size_t len = strlen(k_platform) + 1;
199
1da177e4
LT		 200 u_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
201 if (__copy_to_user(u_platform, k_platform, len))
202 return -EFAULT;
203 }
204
483fad1c
NL		 205 /*
206 * If this architecture has a "base" platform capability
207 * string, copy it to userspace.
208 */
209 u_base_platform = NULL;
210 if (k_base_platform) {
211 size_t len = strlen(k_base_platform) + 1;
212
213 u_base_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
214 if (__copy_to_user(u_base_platform, k_base_platform, len))
215 return -EFAULT;
216 }
217
f06295b4
KC		 218 /*
219 * Generate 16 random bytes for userspace PRNG seeding.
220 */
221 get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes));
222 u_rand_bytes = (elf_addr_t __user *)
223 STACK_ALLOC(p, sizeof(k_rand_bytes));
224 if (__copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes)))
225 return -EFAULT;
226
1da177e4 227 /* Create the ELF interpreter info */
785d5570 228 elf_info = (elf_addr_t *)current->mm->saved_auxv;
4f9a58d7 229 /* update AT_VECTOR_SIZE_BASE if the number of NEW_AUX_ENT() changes */
1da177e4 230#define NEW_AUX_ENT(id, val) \
f4e5cc2c 231 do { \
785d5570
JJ		 232 elf_info[ei_index++] = id; \
233 elf_info[ei_index++] = val; \
f4e5cc2c 234 } while (0)
1da177e4
LT		 235
236#ifdef ARCH_DLINFO
237 /*
238 * ARCH_DLINFO must come first so PPC can do its special alignment of
239 * AUXV.
4f9a58d7
OH		 240 * update AT_VECTOR_SIZE_ARCH if the number of NEW_AUX_ENT() in
241 * ARCH_DLINFO changes
1da177e4
LT		 242 */
243 ARCH_DLINFO;
244#endif
245 NEW_AUX_ENT(AT_HWCAP, ELF_HWCAP);
246 NEW_AUX_ENT(AT_PAGESZ, ELF_EXEC_PAGESIZE);
247 NEW_AUX_ENT(AT_CLKTCK, CLOCKS_PER_SEC);
248 NEW_AUX_ENT(AT_PHDR, load_addr + exec->e_phoff);
f4e5cc2c 249 NEW_AUX_ENT(AT_PHENT, sizeof(struct elf_phdr));
1da177e4
LT		 250 NEW_AUX_ENT(AT_PHNUM, exec->e_phnum);
251 NEW_AUX_ENT(AT_BASE, interp_load_addr);
252 NEW_AUX_ENT(AT_FLAGS, 0);
253 NEW_AUX_ENT(AT_ENTRY, exec->e_entry);
ebc887b2
EB		 254 NEW_AUX_ENT(AT_UID, from_kuid_munged(cred->user_ns, cred->uid));
255 NEW_AUX_ENT(AT_EUID, from_kuid_munged(cred->user_ns, cred->euid));
256 NEW_AUX_ENT(AT_GID, from_kgid_munged(cred->user_ns, cred->gid));
257 NEW_AUX_ENT(AT_EGID, from_kgid_munged(cred->user_ns, cred->egid));
c425e189 258 NEW_AUX_ENT(AT_SECURE, bprm->secureexec);
f06295b4 259 NEW_AUX_ENT(AT_RANDOM, (elf_addr_t)(unsigned long)u_rand_bytes);
2171364d
MN		 260#ifdef ELF_HWCAP2
261 NEW_AUX_ENT(AT_HWCAP2, ELF_HWCAP2);
262#endif
65191087 263 NEW_AUX_ENT(AT_EXECFN, bprm->exec);
1da177e4 264 if (k_platform) {
f4e5cc2c 265 NEW_AUX_ENT(AT_PLATFORM,
785d5570 266 (elf_addr_t)(unsigned long)u_platform);
1da177e4 267 }
483fad1c
NL		 268 if (k_base_platform) {
269 NEW_AUX_ENT(AT_BASE_PLATFORM,
270 (elf_addr_t)(unsigned long)u_base_platform);
271 }
1da177e4 272 if (bprm->interp_flags & BINPRM_FLAGS_EXECFD) {
785d5570 273 NEW_AUX_ENT(AT_EXECFD, bprm->interp_data);
1da177e4
LT		 274 }
275#undef NEW_AUX_ENT
276 /* AT_NULL is zero; clear the rest too */
277 memset(&elf_info[ei_index], 0,
278 sizeof current->mm->saved_auxv - ei_index * sizeof elf_info[0]);
279
280 /* And advance past the AT_NULL entry. */
281 ei_index += 2;
282
283 sp = STACK_ADD(p, ei_index);
284
d20894a2 285 items = (argc + 1) + (envc + 1) + 1;
1da177e4
LT		 286 bprm->p = STACK_ROUND(sp, items);
287
288 /* Point sp at the lowest address on the stack */
289#ifdef CONFIG_STACK_GROWSUP
290 sp = (elf_addr_t __user *)bprm->p - items - ei_index;
f4e5cc2c 291 bprm->exec = (unsigned long)sp; /* XXX: PARISC HACK */
1da177e4
LT		 292#else
293 sp = (elf_addr_t __user *)bprm->p;
294#endif
295
b6a2fea3
OW		 296
297 /*
298 * Grow the stack manually; some architectures have a limit on how
299 * far ahead a user-space access may be in order to grow the stack.
300 */
301 vma = find_extend_vma(current->mm, bprm->p);
302 if (!vma)
303 return -EFAULT;
304
1da177e4
LT		 305 /* Now, let's put argc (and argv, envp if appropriate) on the stack */
306 if (__put_user(argc, sp++))
307 return -EFAULT;
1da177e4 308
67c6777a 309 /* Populate list of argv pointers back to argv strings. */
a84a5059 310 p = current->mm->arg_end = current->mm->arg_start;
1da177e4
LT		 311 while (argc-- > 0) {
312 size_t len;
67c6777a 313 if (__put_user((elf_addr_t)p, sp++))
841d5fb7 314 return -EFAULT;
b6a2fea3
OW		 315 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
316 if (!len || len > MAX_ARG_STRLEN)
23c4971e 317 return -EINVAL;
1da177e4
LT		 318 p += len;
319 }
67c6777a 320 if (__put_user(0, sp++))
1da177e4 321 return -EFAULT;
67c6777a
KC		 322 current->mm->arg_end = p;
323
324 /* Populate list of envp pointers back to envp strings. */
325 current->mm->env_end = current->mm->env_start = p;
1da177e4
LT		 326 while (envc-- > 0) {
327 size_t len;
67c6777a 328 if (__put_user((elf_addr_t)p, sp++))
841d5fb7 329 return -EFAULT;
b6a2fea3
OW		 330 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
331 if (!len || len > MAX_ARG_STRLEN)
23c4971e 332 return -EINVAL;
1da177e4
LT		 333 p += len;
334 }
67c6777a 335 if (__put_user(0, sp++))
1da177e4
LT		 336 return -EFAULT;
337 current->mm->env_end = p;
338
339 /* Put the elf_info on the stack in the right place. */
1da177e4
LT		 340 if (copy_to_user(sp, elf_info, ei_index * sizeof(elf_addr_t)))
341 return -EFAULT;
342 return 0;
343}
344
c07380be
JH		 345#ifndef elf_map
346
1da177e4 347static unsigned long elf_map(struct file *filep, unsigned long addr,
49ac9819 348 const struct elf_phdr *eppnt, int prot, int type,
cc503c1b 349 unsigned long total_size)
1da177e4
LT		 350{
351 unsigned long map_addr;
cc503c1b
JK		 352 unsigned long size = eppnt->p_filesz + ELF_PAGEOFFSET(eppnt->p_vaddr);
353 unsigned long off = eppnt->p_offset - ELF_PAGEOFFSET(eppnt->p_vaddr);
354 addr = ELF_PAGESTART(addr);
355 size = ELF_PAGEALIGN(size);
1da177e4 356
dda6ebde
DG		 357 /* mmap() will return -EINVAL if given a zero size, but a
358 * segment with zero filesize is perfectly valid */
cc503c1b
JK		 359 if (!size)
360 return addr;
361
cc503c1b
JK		 362 /*
363 * total_size is the size of the ELF (interpreter) image.
364 * The _first_ mmap needs to know the full size, otherwise
365 * randomization might put this image into an overlapping
366 * position with the ELF binary image. (since size < total_size)
367 * So we first map the 'big' image - and unmap the remainder at
368 * the end. (which unmap is needed for ELF images with holes.)
369 */
370 if (total_size) {
371 total_size = ELF_PAGEALIGN(total_size);
5a5e4c2e 372 map_addr = vm_mmap(filep, addr, total_size, prot, type, off);
cc503c1b 373 if (!BAD_ADDR(map_addr))
5a5e4c2e 374 vm_munmap(map_addr+size, total_size-size);
cc503c1b 375 } else
5a5e4c2e 376 map_addr = vm_mmap(filep, addr, size, prot, type, off);
cc503c1b 377
d23a61ee
TH		 378 if ((type & MAP_FIXED_NOREPLACE) &&
379 PTR_ERR((void *)map_addr) == -EEXIST)
380 pr_info("%d (%s): Uhuuh, elf segment at %px requested but the memory is mapped already\n",
381 task_pid_nr(current), current->comm, (void *)addr);
4ed28639 382
1da177e4
LT		 383 return(map_addr);
384}
385
c07380be
JH		 386#endif /* !elf_map */
387
49ac9819 388static unsigned long total_mapping_size(const struct elf_phdr *cmds, int nr)
cc503c1b
JK		 389{
390 int i, first_idx = -1, last_idx = -1;
391
392 for (i = 0; i < nr; i++) {
393 if (cmds[i].p_type == PT_LOAD) {
394 last_idx = i;
395 if (first_idx == -1)
396 first_idx = i;
397 }
398 }
399 if (first_idx == -1)
400 return 0;
401
402 return cmds[last_idx].p_vaddr + cmds[last_idx].p_memsz -
403 ELF_PAGESTART(cmds[first_idx].p_vaddr);
404}
405
6a8d3894
PB		 406/**
407 * load_elf_phdrs() - load ELF program headers
408 * @elf_ex: ELF header of the binary whose program headers should be loaded
409 * @elf_file: the opened ELF binary file
410 *
411 * Loads ELF program headers from the binary file elf_file, which has the ELF
412 * header pointed to by elf_ex, into a newly allocated array. The caller is
413 * responsible for freeing the allocated data. Returns an ERR_PTR upon failure.
414 */
49ac9819 415static struct elf_phdr *load_elf_phdrs(const struct elfhdr *elf_ex,
6a8d3894
PB		 416 struct file *elf_file)
417{
418 struct elf_phdr *elf_phdata = NULL;
faf1c315 419 int retval, err = -1;
bdd1d2d3 420 loff_t pos = elf_ex->e_phoff;
faf1c315 421 unsigned int size;
6a8d3894
PB		 422
423 /*
424 * If the size of this structure has changed, then punt, since
425 * we will be doing the wrong thing.
426 */
427 if (elf_ex->e_phentsize != sizeof(struct elf_phdr))
428 goto out;
429
430 /* Sanity check the number of program headers... */
6a8d3894
PB		 431 /* ...and their total size. */
432 size = sizeof(struct elf_phdr) * elf_ex->e_phnum;
faf1c315 433 if (size == 0 || size > 65536 || size > ELF_MIN_ALIGN)
6a8d3894
PB		 434 goto out;
435
436 elf_phdata = kmalloc(size, GFP_KERNEL);
437 if (!elf_phdata)
438 goto out;
439
440 /* Read in the program headers */
bdd1d2d3 441 retval = kernel_read(elf_file, elf_phdata, size, &pos);
6a8d3894
PB		 442 if (retval != size) {
443 err = (retval < 0) ? retval : -EIO;
444 goto out;
445 }
446
447 /* Success! */
448 err = 0;
449out:
450 if (err) {
451 kfree(elf_phdata);
452 elf_phdata = NULL;
453 }
454 return elf_phdata;
455}
cc503c1b 456
774c105e
PB		 457#ifndef CONFIG_ARCH_BINFMT_ELF_STATE
458
459/**
460 * struct arch_elf_state - arch-specific ELF loading state
461 *
462 * This structure is used to preserve architecture specific data during
463 * the loading of an ELF file, throughout the checking of architecture
464 * specific ELF headers & through to the point where the ELF load is
465 * known to be proceeding (ie. SET_PERSONALITY).
466 *
467 * This implementation is a dummy for architectures which require no
468 * specific state.
469 */
470struct arch_elf_state {
471};
472
473#define INIT_ARCH_ELF_STATE {}
474
475/**
476 * arch_elf_pt_proc() - check a PT_LOPROC..PT_HIPROC ELF program header
477 * @ehdr: The main ELF header
478 * @phdr: The program header to check
479 * @elf: The open ELF file
480 * @is_interp: True if the phdr is from the interpreter of the ELF being
481 * loaded, else false.
482 * @state: Architecture-specific state preserved throughout the process
483 * of loading the ELF.
484 *
485 * Inspects the program header phdr to validate its correctness and/or
486 * suitability for the system. Called once per ELF program header in the
487 * range PT_LOPROC to PT_HIPROC, for both the ELF being loaded and its
488 * interpreter.
489 *
490 * Return: Zero to proceed with the ELF load, non-zero to fail the ELF load
491 * with that return code.
492 */
493static inline int arch_elf_pt_proc(struct elfhdr *ehdr,
494 struct elf_phdr *phdr,
495 struct file *elf, bool is_interp,
496 struct arch_elf_state *state)
497{
498 /* Dummy implementation, always proceed */
499 return 0;
500}
501
502/**
54d15714 503 * arch_check_elf() - check an ELF executable
774c105e
PB		 504 * @ehdr: The main ELF header
505 * @has_interp: True if the ELF has an interpreter, else false.
eb4bc076 506 * @interp_ehdr: The interpreter's ELF header
774c105e
PB		 507 * @state: Architecture-specific state preserved throughout the process
508 * of loading the ELF.
509 *
510 * Provides a final opportunity for architecture code to reject the loading
511 * of the ELF & cause an exec syscall to return an error. This is called after
512 * all program headers to be checked by arch_elf_pt_proc have been.
513 *
514 * Return: Zero to proceed with the ELF load, non-zero to fail the ELF load
515 * with that return code.
516 */
517static inline int arch_check_elf(struct elfhdr *ehdr, bool has_interp,
eb4bc076 518 struct elfhdr *interp_ehdr,
774c105e
PB		 519 struct arch_elf_state *state)
520{
521 /* Dummy implementation, always proceed */
522 return 0;
523}
524
525#endif /* !CONFIG_ARCH_BINFMT_ELF_STATE */
cc503c1b 526
1da177e4
LT		 527/* This is much more generalized than the library routine read function,
528 so we keep this separate. Technically the library read function
529 is only provided so that we can read a.out libraries that have
530 an ELF header */
531
f4e5cc2c 532static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
cc503c1b 533 struct file *interpreter, unsigned long *interp_map_addr,
a9d9ef13 534 unsigned long no_base, struct elf_phdr *interp_elf_phdata)
1da177e4 535{
1da177e4
LT		 536 struct elf_phdr *eppnt;
537 unsigned long load_addr = 0;
538 int load_addr_set = 0;
539 unsigned long last_bss = 0, elf_bss = 0;
16e72e9b 540 int bss_prot = 0;
1da177e4 541 unsigned long error = ~0UL;
cc503c1b 542 unsigned long total_size;
6a8d3894 543 int i;
1da177e4
LT		 544
545 /* First of all, some simple consistency checks */
546 if (interp_elf_ex->e_type != ET_EXEC &&
547 interp_elf_ex->e_type != ET_DYN)
548 goto out;
4755200b
NP		 549 if (!elf_check_arch(interp_elf_ex) ||
550 elf_check_fdpic(interp_elf_ex))
1da177e4 551 goto out;
72c2d531 552 if (!interpreter->f_op->mmap)
1da177e4
LT		 553 goto out;
554
a9d9ef13
PB		 555 total_size = total_mapping_size(interp_elf_phdata,
556 interp_elf_ex->e_phnum);
cc503c1b
JK		 557 if (!total_size) {
558 error = -EINVAL;
a9d9ef13 559 goto out;
cc503c1b
JK		 560 }
561
a9d9ef13 562 eppnt = interp_elf_phdata;
f4e5cc2c
JJ		 563 for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) {
564 if (eppnt->p_type == PT_LOAD) {
565 int elf_type = MAP_PRIVATE | MAP_DENYWRITE;
566 int elf_prot = 0;
567 unsigned long vaddr = 0;
568 unsigned long k, map_addr;
569
570 if (eppnt->p_flags & PF_R)
571 elf_prot = PROT_READ;
572 if (eppnt->p_flags & PF_W)
573 elf_prot |= PROT_WRITE;
574 if (eppnt->p_flags & PF_X)
575 elf_prot |= PROT_EXEC;
576 vaddr = eppnt->p_vaddr;
577 if (interp_elf_ex->e_type == ET_EXEC || load_addr_set)
4ed28639 578 elf_type |= MAP_FIXED_NOREPLACE;
cc503c1b
JK		 579 else if (no_base && interp_elf_ex->e_type == ET_DYN)
580 load_addr = -vaddr;
f4e5cc2c
JJ		 581
582 map_addr = elf_map(interpreter, load_addr + vaddr,
bb1ad820 583 eppnt, elf_prot, elf_type, total_size);
cc503c1b
JK		 584 total_size = 0;
585 if (!*interp_map_addr)
586 *interp_map_addr = map_addr;
f4e5cc2c
JJ		 587 error = map_addr;
588 if (BAD_ADDR(map_addr))
a9d9ef13 589 goto out;
f4e5cc2c
JJ		 590
591 if (!load_addr_set &&
592 interp_elf_ex->e_type == ET_DYN) {
593 load_addr = map_addr - ELF_PAGESTART(vaddr);
594 load_addr_set = 1;
595 }
596
597 /*
598 * Check to see if the section's size will overflow the
599 * allowed task size. Note that p_filesz must always be
600 * <= p_memsize so it's only necessary to check p_memsz.
601 */
602 k = load_addr + eppnt->p_vaddr;
ce51059b 603 if (BAD_ADDR(k) ||
f4e5cc2c
JJ		 604 eppnt->p_filesz > eppnt->p_memsz ||
605 eppnt->p_memsz > TASK_SIZE ||
606 TASK_SIZE - eppnt->p_memsz < k) {
607 error = -ENOMEM;
a9d9ef13 608 goto out;
f4e5cc2c
JJ		 609 }
610
611 /*
612 * Find the end of the file mapping for this phdr, and
613 * keep track of the largest address we see for this.
614 */
615 k = load_addr + eppnt->p_vaddr + eppnt->p_filesz;
616 if (k > elf_bss)
617 elf_bss = k;
618
619 /*
620 * Do the same thing for the memory mapping - between
621 * elf_bss and last_bss is the bss section.
622 */
0036d1f7 623 k = load_addr + eppnt->p_vaddr + eppnt->p_memsz;
16e72e9b 624 if (k > last_bss) {
f4e5cc2c 625 last_bss = k;
16e72e9b
DV		 626 bss_prot = elf_prot;
627 }
f4e5cc2c 628 }
1da177e4
LT		 629 }
630
0036d1f7
KC		 631 /*
632 * Now fill out the bss section: first pad the last page from
633 * the file up to the page boundary, and zero it from elf_bss
634 * up to the end of the page.
635 */
636 if (padzero(elf_bss)) {
637 error = -EFAULT;
638 goto out;
639 }
640 /*
641 * Next, align both the file and mem bss up to the page size,
642 * since this is where elf_bss was just zeroed up to, and where
16e72e9b 643 * last_bss will end after the vm_brk_flags() below.
0036d1f7
KC		 644 */
645 elf_bss = ELF_PAGEALIGN(elf_bss);
646 last_bss = ELF_PAGEALIGN(last_bss);
647 /* Finally, if there is still more bss to allocate, do it. */
752015d1 648 if (last_bss > elf_bss) {
16e72e9b
DV		 649 error = vm_brk_flags(elf_bss, last_bss - elf_bss,
650 bss_prot & PROT_EXEC ? VM_EXEC : 0);
5d22fc25 651 if (error)
a9d9ef13 652 goto out;
1da177e4
LT		 653 }
654
cc503c1b 655 error = load_addr;
1da177e4
LT		 656out:
657 return error;
658}
659
1da177e4
LT		 660/*
661 * These are the functions used to load ELF style executables and shared
662 * libraries. There is no binary dependent code anywhere else.
663 */
664
913bd906 665#ifndef STACK_RND_MASK
d1cabd63 666#define STACK_RND_MASK (0x7ff >> (PAGE_SHIFT - 12)) /* 8MB of VA */
913bd906 667#endif
1da177e4
LT		 668
669static unsigned long randomize_stack_top(unsigned long stack_top)
670{
4e7c22d4 671 unsigned long random_variable = 0;
1da177e4 672
01578e36 673 if (current->flags & PF_RANDOMIZE) {
5ef11c35 674 random_variable = get_random_long();
4e7c22d4 675 random_variable &= STACK_RND_MASK;
913bd906
AK		 676 random_variable <<= PAGE_SHIFT;
677 }
1da177e4 678#ifdef CONFIG_STACK_GROWSUP
913bd906 679 return PAGE_ALIGN(stack_top) + random_variable;
1da177e4 680#else
913bd906 681 return PAGE_ALIGN(stack_top) - random_variable;
1da177e4
LT		 682#endif
683}
684
71613c3b 685static int load_elf_binary(struct linux_binprm *bprm)
1da177e4
LT		 686{
687 struct file *interpreter = NULL; /* to shut gcc up */
688 unsigned long load_addr = 0, load_bias = 0;
689 int load_addr_set = 0;
690 char * elf_interpreter = NULL;
1da177e4 691 unsigned long error;
a9d9ef13 692 struct elf_phdr *elf_ppnt, *elf_phdata, *interp_elf_phdata = NULL;
1da177e4 693 unsigned long elf_bss, elf_brk;
16e72e9b 694 int bss_prot = 0;
1da177e4 695 int retval, i;
cc503c1b
JK		 696 unsigned long elf_entry;
697 unsigned long interp_load_addr = 0;
1da177e4 698 unsigned long start_code, end_code, start_data, end_data;
1a530a6f 699 unsigned long reloc_func_desc __maybe_unused = 0;
8de61e69 700 int executable_stack = EXSTACK_DEFAULT;
71613c3b 701 struct pt_regs *regs = current_pt_regs();
1da177e4
LT		 702 struct {
703 struct elfhdr elf_ex;
704 struct elfhdr interp_elf_ex;
1da177e4 705 } *loc;
774c105e 706 struct arch_elf_state arch_state = INIT_ARCH_ELF_STATE;
1da177e4
LT		 707
708 loc = kmalloc(sizeof(*loc), GFP_KERNEL);
709 if (!loc) {
710 retval = -ENOMEM;
711 goto out_ret;
712 }
713
714 /* Get the exec-header */
f4e5cc2c 715 loc->elf_ex = *((struct elfhdr *)bprm->buf);
1da177e4
LT		 716
717 retval = -ENOEXEC;
718 /* First of all, some simple consistency checks */
719 if (memcmp(loc->elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
720 goto out;
721
722 if (loc->elf_ex.e_type != ET_EXEC && loc->elf_ex.e_type != ET_DYN)
723 goto out;
724 if (!elf_check_arch(&loc->elf_ex))
725 goto out;
4755200b
NP		 726 if (elf_check_fdpic(&loc->elf_ex))
727 goto out;
72c2d531 728 if (!bprm->file->f_op->mmap)
1da177e4
LT		 729 goto out;
730
6a8d3894 731 elf_phdata = load_elf_phdrs(&loc->elf_ex, bprm->file);
1da177e4
LT		 732 if (!elf_phdata)
733 goto out;
734
1da177e4
LT		 735 elf_ppnt = elf_phdata;
736 elf_bss = 0;
737 elf_brk = 0;
738
739 start_code = ~0UL;
740 end_code = 0;
741 start_data = 0;
742 end_data = 0;
743
744 for (i = 0; i < loc->elf_ex.e_phnum; i++) {
745 if (elf_ppnt->p_type == PT_INTERP) {
5cf4a363
AD		 746 loff_t pos;
747
1da177e4
LT		 748 /* This is the program interpreter used for
749 * shared libraries - for now assume that this
750 * is an a.out format binary
751 */
1da177e4
LT		 752 retval = -ENOEXEC;
753 if (elf_ppnt->p_filesz > PATH_MAX ||
754 elf_ppnt->p_filesz < 2)
e7b9b550 755 goto out_free_ph;
1da177e4
LT		 756
757 retval = -ENOMEM;
792db3af 758 elf_interpreter = kmalloc(elf_ppnt->p_filesz,
f4e5cc2c 759 GFP_KERNEL);
1da177e4 760 if (!elf_interpreter)
e7b9b550 761 goto out_free_ph;
1da177e4 762
bdd1d2d3
CH		 763 pos = elf_ppnt->p_offset;
764 retval = kernel_read(bprm->file, elf_interpreter,
765 elf_ppnt->p_filesz, &pos);
1da177e4
LT		 766 if (retval != elf_ppnt->p_filesz) {
767 if (retval >= 0)
768 retval = -EIO;
769 goto out_free_interp;
770 }
771 /* make sure path is NULL terminated */
772 retval = -ENOEXEC;
773 if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0')
774 goto out_free_interp;
775
1da177e4
LT		 776 interpreter = open_exec(elf_interpreter);
777 retval = PTR_ERR(interpreter);
778 if (IS_ERR(interpreter))
779 goto out_free_interp;
1fb84496
AD		 780
781 /*
782 * If the binary is not readable then enforce
783 * mm->dumpable = 0 regardless of the interpreter's
784 * permissions.
785 */
1b5d783c 786 would_dump(bprm, interpreter);
1fb84496 787
b582ef5c 788 /* Get the exec headers */
bdd1d2d3
CH		 789 pos = 0;
790 retval = kernel_read(interpreter, &loc->interp_elf_ex,
791 sizeof(loc->interp_elf_ex), &pos);
b582ef5c 792 if (retval != sizeof(loc->interp_elf_ex)) {
1da177e4
LT		 793 if (retval >= 0)
794 retval = -EIO;
795 goto out_free_dentry;
796 }
797
1da177e4
LT		 798 break;
799 }
800 elf_ppnt++;
801 }
802
803 elf_ppnt = elf_phdata;
804 for (i = 0; i < loc->elf_ex.e_phnum; i++, elf_ppnt++)
774c105e
PB		 805 switch (elf_ppnt->p_type) {
806 case PT_GNU_STACK:
1da177e4
LT		 807 if (elf_ppnt->p_flags & PF_X)
808 executable_stack = EXSTACK_ENABLE_X;
809 else
810 executable_stack = EXSTACK_DISABLE_X;
811 break;
774c105e
PB		 812
813 case PT_LOPROC ... PT_HIPROC:
814 retval = arch_elf_pt_proc(&loc->elf_ex, elf_ppnt,
815 bprm->file, false,
816 &arch_state);
817 if (retval)
818 goto out_free_dentry;
819 break;
1da177e4 820 }
1da177e4
LT		 821
822 /* Some simple consistency checks for the interpreter */
823 if (elf_interpreter) {
1da177e4 824 retval = -ELIBBAD;
d20894a2
AK		 825 /* Not an ELF interpreter */
826 if (memcmp(loc->interp_elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
1da177e4 827 goto out_free_dentry;
1da177e4 828 /* Verify the interpreter has a valid arch */
4755200b
NP		 829 if (!elf_check_arch(&loc->interp_elf_ex) ||
830 elf_check_fdpic(&loc->interp_elf_ex))
1da177e4 831 goto out_free_dentry;
a9d9ef13
PB		 832
833 /* Load the interpreter program headers */
834 interp_elf_phdata = load_elf_phdrs(&loc->interp_elf_ex,
835 interpreter);
836 if (!interp_elf_phdata)
837 goto out_free_dentry;
774c105e
PB		 838
839 /* Pass PT_LOPROC..PT_HIPROC headers to arch code */
840 elf_ppnt = interp_elf_phdata;
841 for (i = 0; i < loc->interp_elf_ex.e_phnum; i++, elf_ppnt++)
842 switch (elf_ppnt->p_type) {
843 case PT_LOPROC ... PT_HIPROC:
844 retval = arch_elf_pt_proc(&loc->interp_elf_ex,
845 elf_ppnt, interpreter,
846 true, &arch_state);
847 if (retval)
848 goto out_free_dentry;
849 break;
850 }
1da177e4
LT		 851 }
852
774c105e
PB		 853 /*
854 * Allow arch code to reject the ELF at this point, whilst it's
855 * still possible to return an error to the code that invoked
856 * the exec syscall.
857 */
eb4bc076
MR		 858 retval = arch_check_elf(&loc->elf_ex,
859 !!interpreter, &loc->interp_elf_ex,
860 &arch_state);
774c105e
PB		 861 if (retval)
862 goto out_free_dentry;
863
1da177e4
LT		 864 /* Flush all traces of the currently running executable */
865 retval = flush_old_exec(bprm);
866 if (retval)
867 goto out_free_dentry;
868
1da177e4
LT		 869 /* Do this immediately, since STACK_TOP as used in setup_arg_pages
870 may depend on the personality. */
774c105e 871 SET_PERSONALITY2(loc->elf_ex, &arch_state);
1da177e4
LT		 872 if (elf_read_implies_exec(loc->elf_ex, executable_stack))
873 current->personality |= READ_IMPLIES_EXEC;
874
f4e5cc2c 875 if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
1da177e4 876 current->flags |= PF_RANDOMIZE;
221af7f8
LT		 877
878 setup_new_exec(bprm);
9f834ec1 879 install_exec_creds(bprm);
1da177e4
LT		 880
881 /* Do this so that we can load the interpreter, if need be. We will
882 change some of these later */
1da177e4
LT		 883 retval = setup_arg_pages(bprm, randomize_stack_top(STACK_TOP),
884 executable_stack);
19d860a1 885 if (retval < 0)
1da177e4 886 goto out_free_dentry;
1da177e4 887
af901ca1 888 /* Now we do a little grungy work by mmapping the ELF image into
cc503c1b 889 the correct location in memory. */
f4e5cc2c
JJ		 890 for(i = 0, elf_ppnt = elf_phdata;
891 i < loc->elf_ex.e_phnum; i++, elf_ppnt++) {
ad55eac7 892 int elf_prot = 0, elf_flags, elf_fixed = MAP_FIXED_NOREPLACE;
1da177e4 893 unsigned long k, vaddr;
a87938b2 894 unsigned long total_size = 0;
1da177e4
LT		 895
896 if (elf_ppnt->p_type != PT_LOAD)
897 continue;
898
899 if (unlikely (elf_brk > elf_bss)) {
900 unsigned long nbyte;
901
902 /* There was a PT_LOAD segment with p_memsz > p_filesz
903 before this one. Map anonymous pages, if needed,
904 and clear the area. */
f670d0ec 905 retval = set_brk(elf_bss + load_bias,
16e72e9b
DV		 906 elf_brk + load_bias,
907 bss_prot);
19d860a1 908 if (retval)
1da177e4 909 goto out_free_dentry;
1da177e4
LT		 910 nbyte = ELF_PAGEOFFSET(elf_bss);
911 if (nbyte) {
912 nbyte = ELF_MIN_ALIGN - nbyte;
913 if (nbyte > elf_brk - elf_bss)
914 nbyte = elf_brk - elf_bss;
915 if (clear_user((void __user *)elf_bss +
916 load_bias, nbyte)) {
917 /*
918 * This bss-zeroing can fail if the ELF
f4e5cc2c 919 * file specifies odd protections. So
1da177e4
LT		 920 * we don't check the return value
921 */
922 }
923 }
ad55eac7
MH		 924
925 /*
926 * Some binaries have overlapping elf segments and then
927 * we have to forcefully map over an existing mapping
928 * e.g. over this newly established brk mapping.
929 */
930 elf_fixed = MAP_FIXED;
1da177e4
LT		 931 }
932
f4e5cc2c
JJ		 933 if (elf_ppnt->p_flags & PF_R)
934 elf_prot |= PROT_READ;
935 if (elf_ppnt->p_flags & PF_W)
936 elf_prot |= PROT_WRITE;
937 if (elf_ppnt->p_flags & PF_X)
938 elf_prot |= PROT_EXEC;
1da177e4 939
f4e5cc2c 940 elf_flags = MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE;
1da177e4
LT		 941
942 vaddr = elf_ppnt->p_vaddr;
eab09532
KC		 943 /*
944 * If we are loading ET_EXEC or we have already performed
945 * the ET_DYN load_addr calculations, proceed normally.
946 */
1da177e4 947 if (loc->elf_ex.e_type == ET_EXEC || load_addr_set) {
ad55eac7 948 elf_flags |= elf_fixed;
1da177e4 949 } else if (loc->elf_ex.e_type == ET_DYN) {
eab09532
KC		 950 /*
951 * This logic is run once for the first LOAD Program
952 * Header for ET_DYN binaries to calculate the
953 * randomization (load_bias) for all the LOAD
954 * Program Headers, and to calculate the entire
955 * size of the ELF mapping (total_size). (Note that
956 * load_addr_set is set to true later once the
957 * initial mapping is performed.)
958 *
959 * There are effectively two types of ET_DYN
960 * binaries: programs (i.e. PIE: ET_DYN with INTERP)
961 * and loaders (ET_DYN without INTERP, since they
962 * _are_ the ELF interpreter). The loaders must
963 * be loaded away from programs since the program
964 * may otherwise collide with the loader (especially
965 * for ET_EXEC which does not have a randomized
966 * position). For example to handle invocations of
967 * "./ld.so someprog" to test out a new version of
968 * the loader, the subsequent program that the
969 * loader loads must avoid the loader itself, so
970 * they cannot share the same load range. Sufficient
971 * room for the brk must be allocated with the
972 * loader as well, since brk must be available with
973 * the loader.
974 *
975 * Therefore, programs are loaded offset from
976 * ELF_ET_DYN_BASE and loaders are loaded into the
977 * independently randomized mmap region (0 load_bias
978 * without MAP_FIXED).
979 */
980 if (elf_interpreter) {
981 load_bias = ELF_ET_DYN_BASE;
982 if (current->flags & PF_RANDOMIZE)
983 load_bias += arch_mmap_rnd();
ad55eac7 984 elf_flags |= elf_fixed;
eab09532
KC		 985 } else
986 load_bias = 0;
987
988 /*
989 * Since load_bias is used for all subsequent loading
990 * calculations, we must lower it by the first vaddr
991 * so that the remaining calculations based on the
992 * ELF vaddrs will be correctly offset. The result
993 * is then page aligned.
994 */
995 load_bias = ELF_PAGESTART(load_bias - vaddr);
996
a87938b2
MD		 997 total_size = total_mapping_size(elf_phdata,
998 loc->elf_ex.e_phnum);
999 if (!total_size) {
2b1d3ae9 1000 retval = -EINVAL;
a87938b2
MD		 1001 goto out_free_dentry;
1002 }
1da177e4
LT		 1003 }
1004
f4e5cc2c 1005 error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
a87938b2 1006 elf_prot, elf_flags, total_size);
1da177e4 1007 if (BAD_ADDR(error)) {
b140f251
AK		 1008 retval = IS_ERR((void *)error) ?
1009 PTR_ERR((void*)error) : -EINVAL;
1da177e4
LT		 1010 goto out_free_dentry;
1011 }
1012
1013 if (!load_addr_set) {
1014 load_addr_set = 1;
1015 load_addr = (elf_ppnt->p_vaddr - elf_ppnt->p_offset);
1016 if (loc->elf_ex.e_type == ET_DYN) {
1017 load_bias += error -
1018 ELF_PAGESTART(load_bias + vaddr);
1019 load_addr += load_bias;
1020 reloc_func_desc = load_bias;
1021 }
1022 }
1023 k = elf_ppnt->p_vaddr;
f4e5cc2c
JJ		 1024 if (k < start_code)
1025 start_code = k;
1026 if (start_data < k)
1027 start_data = k;
1da177e4
LT		 1028
1029 /*
1030 * Check to see if the section's size will overflow the
1031 * allowed task size. Note that p_filesz must always be
1032 * <= p_memsz so it is only necessary to check p_memsz.
1033 */
ce51059b 1034 if (BAD_ADDR(k) || elf_ppnt->p_filesz > elf_ppnt->p_memsz ||
1da177e4
LT		 1035 elf_ppnt->p_memsz > TASK_SIZE ||
1036 TASK_SIZE - elf_ppnt->p_memsz < k) {
f4e5cc2c 1037 /* set_brk can never work. Avoid overflows. */
b140f251 1038 retval = -EINVAL;
1da177e4
LT		 1039 goto out_free_dentry;
1040 }
1041
1042 k = elf_ppnt->p_vaddr + elf_ppnt->p_filesz;
1043
1044 if (k > elf_bss)
1045 elf_bss = k;
1046 if ((elf_ppnt->p_flags & PF_X) && end_code < k)
1047 end_code = k;
1048 if (end_data < k)
1049 end_data = k;
1050 k = elf_ppnt->p_vaddr + elf_ppnt->p_memsz;
16e72e9b
DV		 1051 if (k > elf_brk) {
1052 bss_prot = elf_prot;
1da177e4 1053 elf_brk = k;
16e72e9b 1054 }
1da177e4
LT		 1055 }
1056
1057 loc->elf_ex.e_entry += load_bias;
1058 elf_bss += load_bias;
1059 elf_brk += load_bias;
1060 start_code += load_bias;
1061 end_code += load_bias;
1062 start_data += load_bias;
1063 end_data += load_bias;
1064
1065 /* Calling set_brk effectively mmaps the pages that we need
1066 * for the bss and break sections. We must do this before
1067 * mapping in the interpreter, to make sure it doesn't wind
1068 * up getting placed where the bss needs to go.
1069 */
16e72e9b 1070 retval = set_brk(elf_bss, elf_brk, bss_prot);
19d860a1 1071 if (retval)
1da177e4 1072 goto out_free_dentry;
6de50517 1073 if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
1da177e4
LT		 1074 retval = -EFAULT; /* Nobody gets to see this, but.. */
1075 goto out_free_dentry;
1076 }
1077
1078 if (elf_interpreter) {
6eec482f 1079 unsigned long interp_map_addr = 0;
d20894a2
AK		 1080
1081 elf_entry = load_elf_interp(&loc->interp_elf_ex,
1082 interpreter,
1083 &interp_map_addr,
a9d9ef13 1084 load_bias, interp_elf_phdata);
d20894a2
AK		 1085 if (!IS_ERR((void *)elf_entry)) {
1086 /*
1087 * load_elf_interp() returns relocation
1088 * adjustment
1089 */
1090 interp_load_addr = elf_entry;
1091 elf_entry += loc->interp_elf_ex.e_entry;
cc503c1b 1092 }
1da177e4 1093 if (BAD_ADDR(elf_entry)) {
ce51059b
CE		 1094 retval = IS_ERR((void *)elf_entry) ?
1095 (int)elf_entry : -EINVAL;
1da177e4
LT		 1096 goto out_free_dentry;
1097 }
1098 reloc_func_desc = interp_load_addr;
1099
1100 allow_write_access(interpreter);
1101 fput(interpreter);
1102 kfree(elf_interpreter);
1103 } else {
1104 elf_entry = loc->elf_ex.e_entry;
5342fba5 1105 if (BAD_ADDR(elf_entry)) {
ce51059b 1106 retval = -EINVAL;
5342fba5
SS		 1107 goto out_free_dentry;
1108 }
1da177e4
LT		 1109 }
1110
774c105e 1111 kfree(interp_elf_phdata);
1da177e4
LT		 1112 kfree(elf_phdata);
1113
1da177e4
LT		 1114 set_binfmt(&elf_format);
1115
547ee84c 1116#ifdef ARCH_HAS_SETUP_ADDITIONAL_PAGES
fc5243d9 1117 retval = arch_setup_additional_pages(bprm, !!elf_interpreter);
19d860a1 1118 if (retval < 0)
18c8baff 1119 goto out;
547ee84c
BH		 1120#endif /* ARCH_HAS_SETUP_ADDITIONAL_PAGES */
1121
b6a2fea3 1122 retval = create_elf_tables(bprm, &loc->elf_ex,
f4e5cc2c 1123 load_addr, interp_load_addr);
19d860a1 1124 if (retval < 0)
b6a2fea3 1125 goto out;
1da177e4 1126 /* N.B. passed_fileno might not be initialized? */
1da177e4
LT		 1127 current->mm->end_code = end_code;
1128 current->mm->start_code = start_code;
1129 current->mm->start_data = start_data;
1130 current->mm->end_data = end_data;
1131 current->mm->start_stack = bprm->p;
1132
4471a675 1133 if ((current->flags & PF_RANDOMIZE) && (randomize_va_space > 1)) {
c1d171a0
JK		 1134 current->mm->brk = current->mm->start_brk =
1135 arch_randomize_brk(current->mm);
204db6ed 1136#ifdef compat_brk_randomized
4471a675
JK		 1137 current->brk_randomized = 1;
1138#endif
1139 }
c1d171a0 1140
1da177e4
LT		 1141 if (current->personality & MMAP_PAGE_ZERO) {
1142 /* Why this, you ask??? Well SVr4 maps page 0 as read-only,
1143 and some applications "depend" upon this behavior.
1144 Since we do not have the power to recompile these, we
f4e5cc2c 1145 emulate the SVr4 behavior. Sigh. */
6be5ceb0 1146 error = vm_mmap(NULL, 0, PAGE_SIZE, PROT_READ | PROT_EXEC,
1da177e4 1147 MAP_FIXED | MAP_PRIVATE, 0);
1da177e4
LT		 1148 }
1149
1150#ifdef ELF_PLAT_INIT
1151 /*
1152 * The ABI may specify that certain registers be set up in special
1153 * ways (on i386 %edx is the address of a DT_FINI function, for
1154 * example. In addition, it may also specify (eg, PowerPC64 ELF)
1155 * that the e_entry field is the address of the function descriptor
1156 * for the startup routine, rather than the address of the startup
1157 * routine itself. This macro performs whatever initialization to
1158 * the regs structure is required as well as any relocations to the
1159 * function descriptor entries when executing dynamically links apps.
1160 */
1161 ELF_PLAT_INIT(regs, reloc_func_desc);
1162#endif
1163
b8383831 1164 finalize_exec(bprm);
1da177e4 1165 start_thread(regs, elf_entry, bprm->p);
1da177e4
LT		 1166 retval = 0;
1167out:
1168 kfree(loc);
1169out_ret:
1170 return retval;
1171
1172 /* error cleanup */
1173out_free_dentry:
a9d9ef13 1174 kfree(interp_elf_phdata);
1da177e4
LT		 1175 allow_write_access(interpreter);
1176 if (interpreter)
1177 fput(interpreter);
1178out_free_interp:
f99d49ad 1179 kfree(elf_interpreter);
1da177e4
LT		 1180out_free_ph:
1181 kfree(elf_phdata);
1182 goto out;
1183}
1184
69369a70 1185#ifdef CONFIG_USELIB
1da177e4
LT		 1186/* This is really simpleminded and specialized - we are loading an
1187 a.out library that is given an ELF header. */
1da177e4
LT		 1188static int load_elf_library(struct file *file)
1189{
1190 struct elf_phdr *elf_phdata;
1191 struct elf_phdr *eppnt;
1192 unsigned long elf_bss, bss, len;
1193 int retval, error, i, j;
1194 struct elfhdr elf_ex;
bdd1d2d3 1195 loff_t pos = 0;
1da177e4
LT		 1196
1197 error = -ENOEXEC;
bdd1d2d3 1198 retval = kernel_read(file, &elf_ex, sizeof(elf_ex), &pos);
1da177e4
LT		 1199 if (retval != sizeof(elf_ex))
1200 goto out;
1201
1202 if (memcmp(elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
1203 goto out;
1204
1205 /* First of all, some simple consistency checks */
1206 if (elf_ex.e_type != ET_EXEC || elf_ex.e_phnum > 2 ||
72c2d531 1207 !elf_check_arch(&elf_ex) || !file->f_op->mmap)
1da177e4 1208 goto out;
4755200b
NP		 1209 if (elf_check_fdpic(&elf_ex))
1210 goto out;
1da177e4
LT		 1211
1212 /* Now read in all of the header information */
1213
1214 j = sizeof(struct elf_phdr) * elf_ex.e_phnum;
1215 /* j < ELF_MIN_ALIGN because elf_ex.e_phnum <= 2 */
1216
1217 error = -ENOMEM;
1218 elf_phdata = kmalloc(j, GFP_KERNEL);
1219 if (!elf_phdata)
1220 goto out;
1221
1222 eppnt = elf_phdata;
1223 error = -ENOEXEC;
bdd1d2d3
CH		 1224 pos = elf_ex.e_phoff;
1225 retval = kernel_read(file, eppnt, j, &pos);
1da177e4
LT		 1226 if (retval != j)
1227 goto out_free_ph;
1228
1229 for (j = 0, i = 0; i<elf_ex.e_phnum; i++)
1230 if ((eppnt + i)->p_type == PT_LOAD)
1231 j++;
1232 if (j != 1)
1233 goto out_free_ph;
1234
1235 while (eppnt->p_type != PT_LOAD)
1236 eppnt++;
1237
1238 /* Now use mmap to map the library into memory. */
6be5ceb0 1239 error = vm_mmap(file,
1da177e4
LT		 1240 ELF_PAGESTART(eppnt->p_vaddr),
1241 (eppnt->p_filesz +
1242 ELF_PAGEOFFSET(eppnt->p_vaddr)),
1243 PROT_READ | PROT_WRITE | PROT_EXEC,
4ed28639 1244 MAP_FIXED_NOREPLACE | MAP_PRIVATE | MAP_DENYWRITE,
1da177e4
LT		 1245 (eppnt->p_offset -
1246 ELF_PAGEOFFSET(eppnt->p_vaddr)));
1da177e4
LT		 1247 if (error != ELF_PAGESTART(eppnt->p_vaddr))
1248 goto out_free_ph;
1249
1250 elf_bss = eppnt->p_vaddr + eppnt->p_filesz;
1251 if (padzero(elf_bss)) {
1252 error = -EFAULT;
1253 goto out_free_ph;
1254 }
1255
24962af7
OS		 1256 len = ELF_PAGEALIGN(eppnt->p_filesz + eppnt->p_vaddr);
1257 bss = ELF_PAGEALIGN(eppnt->p_memsz + eppnt->p_vaddr);
ecc2bc8a
MH		 1258 if (bss > len) {
1259 error = vm_brk(len, bss - len);
5d22fc25 1260 if (error)
ecc2bc8a
MH		 1261 goto out_free_ph;
1262 }
1da177e4
LT		 1263 error = 0;
1264
1265out_free_ph:
1266 kfree(elf_phdata);
1267out:
1268 return error;
1269}
69369a70 1270#endif /* #ifdef CONFIG_USELIB */
1da177e4 1271
698ba7b5 1272#ifdef CONFIG_ELF_CORE
1da177e4
LT		 1273/*
1274 * ELF core dumper
1275 *
1276 * Modelled on fs/exec.c:aout_core_dump()
1277 * Jeremy Fitzhardinge <jeremy@sw.oz.au>
1278 */
1da177e4 1279
909af768
JB		 1280/*
1281 * The purpose of always_dump_vma() is to make sure that special kernel mappings
1282 * that are useful for post-mortem analysis are included in every core dump.
1283 * In that way we ensure that the core dump is fully interpretable later
1284 * without matching up the same kernel and hardware config to see what PC values
1285 * meant. These special mappings include - vDSO, vsyscall, and other
1286 * architecture specific mappings
1287 */
1288static bool always_dump_vma(struct vm_area_struct *vma)
1289{
1290 /* Any vsyscall mappings? */
1291 if (vma == get_gate_vma(vma->vm_mm))
1292 return true;
78d683e8
AL		 1293
1294 /*
1295 * Assume that all vmas with a .name op should always be dumped.
1296 * If this changes, a new vm_ops field can easily be added.
1297 */
1298 if (vma->vm_ops && vma->vm_ops->name && vma->vm_ops->name(vma))
1299 return true;
1300
909af768
JB		 1301 /*
1302 * arch_vma_name() returns non-NULL for special architecture mappings,
1303 * such as vDSO sections.
1304 */
1305 if (arch_vma_name(vma))
1306 return true;
1307
1308 return false;
1309}
1310
1da177e4 1311/*
82df3973 1312 * Decide what to dump of a segment, part, all or none.
1da177e4 1313 */
82df3973
RM		 1314static unsigned long vma_dump_size(struct vm_area_struct *vma,
1315 unsigned long mm_flags)
1da177e4 1316{
e575f111
KM		 1317#define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type))
1318
909af768
JB		 1319 /* always dump the vdso and vsyscall sections */
1320 if (always_dump_vma(vma))
82df3973 1321 goto whole;
e5b97dde 1322
0103bd16 1323 if (vma->vm_flags & VM_DONTDUMP)
accb61fe
JB		 1324 return 0;
1325
5037835c
RZ		 1326 /* support for DAX */
1327 if (vma_is_dax(vma)) {
1328 if ((vma->vm_flags & VM_SHARED) && FILTER(DAX_SHARED))
1329 goto whole;
1330 if (!(vma->vm_flags & VM_SHARED) && FILTER(DAX_PRIVATE))
1331 goto whole;
1332 return 0;
1333 }
1334
e575f111
KM		 1335 /* Hugetlb memory check */
1336 if (vma->vm_flags & VM_HUGETLB) {
1337 if ((vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_SHARED))
1338 goto whole;
1339 if (!(vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_PRIVATE))
1340 goto whole;
23d9e482 1341 return 0;
e575f111
KM		 1342 }
1343
1da177e4 1344 /* Do not dump I/O mapped devices or special mappings */
314e51b9 1345 if (vma->vm_flags & VM_IO)
1da177e4
LT		 1346 return 0;
1347
a1b59e80
KH		 1348 /* By default, dump shared memory if mapped from an anonymous file. */
1349 if (vma->vm_flags & VM_SHARED) {
496ad9aa 1350 if (file_inode(vma->vm_file)->i_nlink == 0 ?
82df3973
RM		 1351 FILTER(ANON_SHARED) : FILTER(MAPPED_SHARED))
1352 goto whole;
1353 return 0;
a1b59e80 1354 }
1da177e4 1355
82df3973
RM		 1356 /* Dump segments that have been written to. */
1357 if (vma->anon_vma && FILTER(ANON_PRIVATE))
1358 goto whole;
1359 if (vma->vm_file == NULL)
1360 return 0;
1da177e4 1361
82df3973
RM		 1362 if (FILTER(MAPPED_PRIVATE))
1363 goto whole;
1364
1365 /*
1366 * If this looks like the beginning of a DSO or executable mapping,
1367 * check for an ELF header. If we find one, dump the first page to
1368 * aid in determining what was mapped here.
1369 */
92dc07b1
RM		 1370 if (FILTER(ELF_HEADERS) &&
1371 vma->vm_pgoff == 0 && (vma->vm_flags & VM_READ)) {
82df3973
RM		 1372 u32 __user *header = (u32 __user *) vma->vm_start;
1373 u32 word;
92dc07b1 1374 mm_segment_t fs = get_fs();
82df3973
RM		 1375 /*
1376 * Doing it this way gets the constant folded by GCC.
1377 */
1378 union {
1379 u32 cmp;
1380 char elfmag[SELFMAG];
1381 } magic;
1382 BUILD_BUG_ON(SELFMAG != sizeof word);
1383 magic.elfmag[EI_MAG0] = ELFMAG0;
1384 magic.elfmag[EI_MAG1] = ELFMAG1;
1385 magic.elfmag[EI_MAG2] = ELFMAG2;
1386 magic.elfmag[EI_MAG3] = ELFMAG3;
92dc07b1
RM		 1387 /*
1388 * Switch to the user "segment" for get_user(),
1389 * then put back what elf_core_dump() had in place.
1390 */
1391 set_fs(USER_DS);
1392 if (unlikely(get_user(word, header)))
1393 word = 0;
1394 set_fs(fs);
1395 if (word == magic.cmp)
82df3973
RM		 1396 return PAGE_SIZE;
1397 }
1398
1399#undef FILTER
1400
1401 return 0;
1402
1403whole:
1404 return vma->vm_end - vma->vm_start;
1da177e4
LT		 1405}
1406
1da177e4
LT		 1407/* An ELF note in memory */
1408struct memelfnote
1409{
1410 const char *name;
1411 int type;
1412 unsigned int datasz;
1413 void *data;
1414};
1415
1416static int notesize(struct memelfnote *en)
1417{
1418 int sz;
1419
1420 sz = sizeof(struct elf_note);
1421 sz += roundup(strlen(en->name) + 1, 4);
1422 sz += roundup(en->datasz, 4);
1423
1424 return sz;
1425}
1426
ecc8c772 1427static int writenote(struct memelfnote *men, struct coredump_params *cprm)
d025c9db
AK		 1428{
1429 struct elf_note en;
1da177e4
LT		 1430 en.n_namesz = strlen(men->name) + 1;
1431 en.n_descsz = men->datasz;
1432 en.n_type = men->type;
1433
ecc8c772 1434 return dump_emit(cprm, &en, sizeof(en)) &&
22a8cb82
AV		 1435 dump_emit(cprm, men->name, en.n_namesz) && dump_align(cprm, 4) &&
1436 dump_emit(cprm, men->data, men->datasz) && dump_align(cprm, 4);
1da177e4 1437}
1da177e4 1438
3aba481f 1439static void fill_elf_header(struct elfhdr *elf, int segs,
d3330cf0 1440 u16 machine, u32 flags)
1da177e4 1441{
6970c8ef
CG		 1442 memset(elf, 0, sizeof(*elf));
1443
1da177e4
LT		 1444 memcpy(elf->e_ident, ELFMAG, SELFMAG);
1445 elf->e_ident[EI_CLASS] = ELF_CLASS;
1446 elf->e_ident[EI_DATA] = ELF_DATA;
1447 elf->e_ident[EI_VERSION] = EV_CURRENT;
1448 elf->e_ident[EI_OSABI] = ELF_OSABI;
1da177e4
LT		 1449
1450 elf->e_type = ET_CORE;
3aba481f 1451 elf->e_machine = machine;
1da177e4 1452 elf->e_version = EV_CURRENT;
1da177e4 1453 elf->e_phoff = sizeof(struct elfhdr);
3aba481f 1454 elf->e_flags = flags;
1da177e4
LT		 1455 elf->e_ehsize = sizeof(struct elfhdr);
1456 elf->e_phentsize = sizeof(struct elf_phdr);
1457 elf->e_phnum = segs;
6970c8ef 1458
1da177e4
LT		 1459 return;
1460}
1461
8d6b5eee 1462static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, loff_t offset)
1da177e4
LT		 1463{
1464 phdr->p_type = PT_NOTE;
1465 phdr->p_offset = offset;
1466 phdr->p_vaddr = 0;
1467 phdr->p_paddr = 0;
1468 phdr->p_filesz = sz;
1469 phdr->p_memsz = 0;
1470 phdr->p_flags = 0;
1471 phdr->p_align = 0;
1472 return;
1473}
1474
1475static void fill_note(struct memelfnote *note, const char *name, int type,
1476 unsigned int sz, void *data)
1477{
1478 note->name = name;
1479 note->type = type;
1480 note->datasz = sz;
1481 note->data = data;
1482 return;
1483}
1484
1485/*
f4e5cc2c
JJ		 1486 * fill up all the fields in prstatus from the given task struct, except
1487 * registers which need to be filled up separately.
1da177e4
LT		 1488 */
1489static void fill_prstatus(struct elf_prstatus *prstatus,
f4e5cc2c 1490 struct task_struct *p, long signr)
1da177e4
LT		 1491{
1492 prstatus->pr_info.si_signo = prstatus->pr_cursig = signr;
1493 prstatus->pr_sigpend = p->pending.signal.sig[0];
1494 prstatus->pr_sighold = p->blocked.sig[0];
3b34fc58
ON		 1495 rcu_read_lock();
1496 prstatus->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1497 rcu_read_unlock();
b488893a 1498 prstatus->pr_pid = task_pid_vnr(p);
b488893a
PE		 1499 prstatus->pr_pgrp = task_pgrp_vnr(p);
1500 prstatus->pr_sid = task_session_vnr(p);
1da177e4 1501 if (thread_group_leader(p)) {
cd19c364 1502 struct task_cputime cputime;
f06febc9 1503
1da177e4 1504 /*
f06febc9
FM		 1505 * This is the record for the group leader. It shows the
1506 * group-wide total, not its individual thread total.
1da177e4 1507 */
cd19c364
FW		 1508 thread_group_cputime(p, &cputime);
1509 prstatus->pr_utime = ns_to_timeval(cputime.utime);
1510 prstatus->pr_stime = ns_to_timeval(cputime.stime);
1da177e4 1511 } else {
cd19c364 1512 u64 utime, stime;
6fac4829 1513
cd19c364
FW		 1514 task_cputime(p, &utime, &stime);
1515 prstatus->pr_utime = ns_to_timeval(utime);
1516 prstatus->pr_stime = ns_to_timeval(stime);
1da177e4 1517 }
5613fda9 1518
cd19c364
FW		 1519 prstatus->pr_cutime = ns_to_timeval(p->signal->cutime);
1520 prstatus->pr_cstime = ns_to_timeval(p->signal->cstime);
1da177e4
LT		 1521}
1522
1523static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p,
1524 struct mm_struct *mm)
1525{
c69e8d9c 1526 const struct cred *cred;
a84a5059 1527 unsigned int i, len;
1da177e4
LT		 1528
1529 /* first copy the parameters from user space */
1530 memset(psinfo, 0, sizeof(struct elf_prpsinfo));
1531
1532 len = mm->arg_end - mm->arg_start;
1533 if (len >= ELF_PRARGSZ)
1534 len = ELF_PRARGSZ-1;
1535 if (copy_from_user(&psinfo->pr_psargs,
1536 (const char __user *)mm->arg_start, len))
1537 return -EFAULT;
1538 for(i = 0; i < len; i++)
1539 if (psinfo->pr_psargs[i] == 0)
1540 psinfo->pr_psargs[i] = ' ';
1541 psinfo->pr_psargs[len] = 0;
1542
3b34fc58
ON		 1543 rcu_read_lock();
1544 psinfo->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1545 rcu_read_unlock();
b488893a 1546 psinfo->pr_pid = task_pid_vnr(p);
b488893a
PE		 1547 psinfo->pr_pgrp = task_pgrp_vnr(p);
1548 psinfo->pr_sid = task_session_vnr(p);
1da177e4
LT		 1549
1550 i = p->state ? ffz(~p->state) + 1 : 0;
1551 psinfo->pr_state = i;
55148548 1552 psinfo->pr_sname = (i > 5) ? '.' : "RSDTZW"[i];
1da177e4
LT		 1553 psinfo->pr_zomb = psinfo->pr_sname == 'Z';
1554 psinfo->pr_nice = task_nice(p);
1555 psinfo->pr_flag = p->flags;
c69e8d9c
DH		 1556 rcu_read_lock();
1557 cred = __task_cred(p);
ebc887b2
EB		 1558 SET_UID(psinfo->pr_uid, from_kuid_munged(cred->user_ns, cred->uid));
1559 SET_GID(psinfo->pr_gid, from_kgid_munged(cred->user_ns, cred->gid));
c69e8d9c 1560 rcu_read_unlock();
1da177e4
LT		 1561 strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname));
1562
1563 return 0;
1564}
1565
3aba481f
RM		 1566static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
1567{
1568 elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
1569 int i = 0;
1570 do
1571 i += 2;
1572 while (auxv[i - 2] != AT_NULL);
1573 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
1574}
1575
49ae4d4b 1576static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata,
ae7795bc 1577 const kernel_siginfo_t *siginfo)
49ae4d4b
DV		 1578{
1579 mm_segment_t old_fs = get_fs();
1580 set_fs(KERNEL_DS);
1581 copy_siginfo_to_user((user_siginfo_t __user *) csigdata, siginfo);
1582 set_fs(old_fs);
1583 fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata);
1584}
1585
2aa362c4
DV		 1586#define MAX_FILE_NOTE_SIZE (4*1024*1024)
1587/*
1588 * Format of NT_FILE note:
1589 *
1590 * long count -- how many files are mapped
1591 * long page_size -- units for file_ofs
1592 * array of [COUNT] elements of
1593 * long start
1594 * long end
1595 * long file_ofs
1596 * followed by COUNT filenames in ASCII: "FILE1" NUL "FILE2" NUL...
1597 */
72023656 1598static int fill_files_note(struct memelfnote *note)
2aa362c4
DV		 1599{
1600 struct vm_area_struct *vma;
1601 unsigned count, size, names_ofs, remaining, n;
1602 user_long_t *data;
1603 user_long_t *start_end_ofs;
1604 char *name_base, *name_curpos;
1605
1606 /* *Estimated* file count and total data size needed */
1607 count = current->mm->map_count;
60c9d92f
AD		 1608 if (count > UINT_MAX / 64)
1609 return -EINVAL;
2aa362c4
DV		 1610 size = count * 64;
1611
1612 names_ofs = (2 + 3 * count) * sizeof(data[0]);
1613 alloc:
1614 if (size >= MAX_FILE_NOTE_SIZE) /* paranoia check */
72023656 1615 return -EINVAL;
2aa362c4 1616 size = round_up(size, PAGE_SIZE);
86a2bb5a
AD		 1617 data = kvmalloc(size, GFP_KERNEL);
1618 if (ZERO_OR_NULL_PTR(data))
72023656 1619 return -ENOMEM;
2aa362c4
DV		 1620
1621 start_end_ofs = data + 2;
1622 name_base = name_curpos = ((char *)data) + names_ofs;
1623 remaining = size - names_ofs;
1624 count = 0;
1625 for (vma = current->mm->mmap; vma != NULL; vma = vma->vm_next) {
1626 struct file *file;
1627 const char *filename;
1628
1629 file = vma->vm_file;
1630 if (!file)
1631 continue;
9bf39ab2 1632 filename = file_path(file, name_curpos, remaining);
2aa362c4
DV		 1633 if (IS_ERR(filename)) {
1634 if (PTR_ERR(filename) == -ENAMETOOLONG) {
86a2bb5a 1635 kvfree(data);
2aa362c4
DV		 1636 size = size * 5 / 4;
1637 goto alloc;
1638 }
1639 continue;
1640 }
1641
9bf39ab2 1642 /* file_path() fills at the end, move name down */
2aa362c4
DV		 1643 /* n = strlen(filename) + 1: */
1644 n = (name_curpos + remaining) - filename;
1645 remaining = filename - name_curpos;
1646 memmove(name_curpos, filename, n);
1647 name_curpos += n;
1648
1649 *start_end_ofs++ = vma->vm_start;
1650 *start_end_ofs++ = vma->vm_end;
1651 *start_end_ofs++ = vma->vm_pgoff;
1652 count++;
1653 }
1654
1655 /* Now we know exact count of files, can store it */
1656 data[0] = count;
1657 data[1] = PAGE_SIZE;
1658 /*
1659 * Count usually is less than current->mm->map_count,
1660 * we need to move filenames down.
1661 */
1662 n = current->mm->map_count - count;
1663 if (n != 0) {
1664 unsigned shift_bytes = n * 3 * sizeof(data[0]);
1665 memmove(name_base - shift_bytes, name_base,
1666 name_curpos - name_base);
1667 name_curpos -= shift_bytes;
1668 }
1669
1670 size = name_curpos - (char *)data;
1671 fill_note(note, "CORE", NT_FILE, size, data);
72023656 1672 return 0;
2aa362c4
DV		 1673}
1674
4206d3aa
RM		 1675#ifdef CORE_DUMP_USE_REGSET
1676#include <linux/regset.h>
1677
1678struct elf_thread_core_info {
1679 struct elf_thread_core_info *next;
1680 struct task_struct *task;
1681 struct elf_prstatus prstatus;
1682 struct memelfnote notes[0];
1683};
1684
1685struct elf_note_info {
1686 struct elf_thread_core_info *thread;
1687 struct memelfnote psinfo;
49ae4d4b 1688 struct memelfnote signote;
4206d3aa 1689 struct memelfnote auxv;
2aa362c4 1690 struct memelfnote files;
49ae4d4b 1691 user_siginfo_t csigdata;
4206d3aa
RM		 1692 size_t size;
1693 int thread_notes;
1694};
1695
d31472b6
RM		 1696/*
1697 * When a regset has a writeback hook, we call it on each thread before
1698 * dumping user memory. On register window machines, this makes sure the
1699 * user memory backing the register data is up to date before we read it.
1700 */
1701static void do_thread_regset_writeback(struct task_struct *task,
1702 const struct user_regset *regset)
1703{
1704 if (regset->writeback)
1705 regset->writeback(task, regset, 1);
1706}
1707
0953f65d 1708#ifndef PRSTATUS_SIZE
90954e7b 1709#define PRSTATUS_SIZE(S, R) sizeof(S)
0953f65d
L		 1710#endif
1711
1712#ifndef SET_PR_FPVALID
90954e7b 1713#define SET_PR_FPVALID(S, V, R) ((S)->pr_fpvalid = (V))
0953f65d
L		 1714#endif
1715
4206d3aa
RM		 1716static int fill_thread_core_info(struct elf_thread_core_info *t,
1717 const struct user_regset_view *view,
1718 long signr, size_t *total)
1719{
1720 unsigned int i;
27e64b4b 1721 unsigned int regset0_size = regset_size(t->task, &view->regsets[0]);
4206d3aa
RM		 1722
1723 /*
1724 * NT_PRSTATUS is the one special case, because the regset data
1725 * goes into the pr_reg field inside the note contents, rather
1726 * than being the whole note contents. We fill the reset in here.
1727 * We assume that regset 0 is NT_PRSTATUS.
1728 */
1729 fill_prstatus(&t->prstatus, t->task, signr);
27e64b4b 1730 (void) view->regsets[0].get(t->task, &view->regsets[0], 0, regset0_size,
90954e7b 1731 &t->prstatus.pr_reg, NULL);
4206d3aa
RM		 1732
1733 fill_note(&t->notes[0], "CORE", NT_PRSTATUS,
27e64b4b 1734 PRSTATUS_SIZE(t->prstatus, regset0_size), &t->prstatus);
4206d3aa
RM		 1735 *total += notesize(&t->notes[0]);
1736
d31472b6
RM		 1737 do_thread_regset_writeback(t->task, &view->regsets[0]);
1738
4206d3aa
RM		 1739 /*
1740 * Each other regset might generate a note too. For each regset
1741 * that has no core_note_type or is inactive, we leave t->notes[i]
1742 * all zero and we'll know to skip writing it later.
1743 */
1744 for (i = 1; i < view->n; ++i) {
1745 const struct user_regset *regset = &view->regsets[i];
d31472b6 1746 do_thread_regset_writeback(t->task, regset);
c8e25258 1747 if (regset->core_note_type && regset->get &&
2f819db5 1748 (!regset->active || regset->active(t->task, regset) > 0)) {
4206d3aa 1749 int ret;
27e64b4b 1750 size_t size = regset_size(t->task, regset);
4206d3aa
RM		 1751 void *data = kmalloc(size, GFP_KERNEL);
1752 if (unlikely(!data))
1753 return 0;
1754 ret = regset->get(t->task, regset,
1755 0, size, data, NULL);
1756 if (unlikely(ret))
1757 kfree(data);
1758 else {
1759 if (regset->core_note_type != NT_PRFPREG)
1760 fill_note(&t->notes[i], "LINUX",
1761 regset->core_note_type,
1762 size, data);
1763 else {
90954e7b 1764 SET_PR_FPVALID(&t->prstatus,
27e64b4b 1765 1, regset0_size);
4206d3aa
RM		 1766 fill_note(&t->notes[i], "CORE",
1767 NT_PRFPREG, size, data);
1768 }
1769 *total += notesize(&t->notes[i]);
1770 }
1771 }
1772 }
1773
1774 return 1;
1775}
1776
1777static int fill_note_info(struct elfhdr *elf, int phdrs,
1778 struct elf_note_info *info,
ae7795bc 1779 const kernel_siginfo_t *siginfo, struct pt_regs *regs)
4206d3aa
RM		 1780{
1781 struct task_struct *dump_task = current;
1782 const struct user_regset_view *view = task_user_regset_view(dump_task);
1783 struct elf_thread_core_info *t;
1784 struct elf_prpsinfo *psinfo;
83914441 1785 struct core_thread *ct;
4206d3aa
RM		 1786 unsigned int i;
1787
1788 info->size = 0;
1789 info->thread = NULL;
1790
1791 psinfo = kmalloc(sizeof(*psinfo), GFP_KERNEL);
6899e92d
AC		 1792 if (psinfo == NULL) {
1793 info->psinfo.data = NULL; /* So we don't free this wrongly */
4206d3aa 1794 return 0;
6899e92d 1795 }
4206d3aa 1796
e2dbe125
AW		 1797 fill_note(&info->psinfo, "CORE", NT_PRPSINFO, sizeof(*psinfo), psinfo);
1798
4206d3aa
RM		 1799 /*
1800 * Figure out how many notes we're going to need for each thread.
1801 */
1802 info->thread_notes = 0;
1803 for (i = 0; i < view->n; ++i)
1804 if (view->regsets[i].core_note_type != 0)
1805 ++info->thread_notes;
1806
1807 /*
1808 * Sanity check. We rely on regset 0 being in NT_PRSTATUS,
1809 * since it is our one special case.
1810 */
1811 if (unlikely(info->thread_notes == 0) ||
1812 unlikely(view->regsets[0].core_note_type != NT_PRSTATUS)) {
1813 WARN_ON(1);
1814 return 0;
1815 }
1816
1817 /*
1818 * Initialize the ELF file header.
1819 */
1820 fill_elf_header(elf, phdrs,
d3330cf0 1821 view->e_machine, view->e_flags);
4206d3aa
RM		 1822
1823 /*
1824 * Allocate a structure for each thread.
1825 */
83914441
ON		 1826 for (ct = &dump_task->mm->core_state->dumper; ct; ct = ct->next) {
1827 t = kzalloc(offsetof(struct elf_thread_core_info,
1828 notes[info->thread_notes]),
1829 GFP_KERNEL);
1830 if (unlikely(!t))
1831 return 0;
1832
1833 t->task = ct->task;
1834 if (ct->task == dump_task || !info->thread) {
1835 t->next = info->thread;
1836 info->thread = t;
1837 } else {
1838 /*
1839 * Make sure to keep the original task at
1840 * the head of the list.
1841 */
1842 t->next = info->thread->next;
1843 info->thread->next = t;
4206d3aa 1844 }
83914441 1845 }
4206d3aa
RM		 1846
1847 /*
1848 * Now fill in each thread's information.
1849 */
1850 for (t = info->thread; t != NULL; t = t->next)
5ab1c309 1851 if (!fill_thread_core_info(t, view, siginfo->si_signo, &info->size))
4206d3aa
RM		 1852 return 0;
1853
1854 /*
1855 * Fill in the two process-wide notes.
1856 */
1857 fill_psinfo(psinfo, dump_task->group_leader, dump_task->mm);
1858 info->size += notesize(&info->psinfo);
1859
49ae4d4b
DV		 1860 fill_siginfo_note(&info->signote, &info->csigdata, siginfo);
1861 info->size += notesize(&info->signote);
1862
4206d3aa
RM		 1863 fill_auxv_note(&info->auxv, current->mm);
1864 info->size += notesize(&info->auxv);
1865
72023656
DA		 1866 if (fill_files_note(&info->files) == 0)
1867 info->size += notesize(&info->files);
2aa362c4 1868
4206d3aa
RM		 1869 return 1;
1870}
1871
1872static size_t get_note_info_size(struct elf_note_info *info)
1873{
1874 return info->size;
1875}
1876
1877/*
1878 * Write all the notes for each thread. When writing the first thread, the
1879 * process-wide notes are interleaved after the first thread-specific note.
1880 */
1881static int write_note_info(struct elf_note_info *info,
ecc8c772 1882 struct coredump_params *cprm)
4206d3aa 1883{
b219e25f 1884 bool first = true;
4206d3aa
RM		 1885 struct elf_thread_core_info *t = info->thread;
1886
1887 do {
1888 int i;
1889
ecc8c772 1890 if (!writenote(&t->notes[0], cprm))
4206d3aa
RM		 1891 return 0;
1892
ecc8c772 1893 if (first && !writenote(&info->psinfo, cprm))
4206d3aa 1894 return 0;
ecc8c772 1895 if (first && !writenote(&info->signote, cprm))
49ae4d4b 1896 return 0;
ecc8c772 1897 if (first && !writenote(&info->auxv, cprm))
4206d3aa 1898 return 0;
72023656 1899 if (first && info->files.data &&
ecc8c772 1900 !writenote(&info->files, cprm))
2aa362c4 1901 return 0;
4206d3aa
RM		 1902
1903 for (i = 1; i < info->thread_notes; ++i)
1904 if (t->notes[i].data &&
ecc8c772 1905 !writenote(&t->notes[i], cprm))
4206d3aa
RM		 1906 return 0;
1907
b219e25f 1908 first = false;
4206d3aa
RM		 1909 t = t->next;
1910 } while (t);
1911
1912 return 1;
1913}
1914
1915static void free_note_info(struct elf_note_info *info)
1916{
1917 struct elf_thread_core_info *threads = info->thread;
1918 while (threads) {
1919 unsigned int i;
1920 struct elf_thread_core_info *t = threads;
1921 threads = t->next;
1922 WARN_ON(t->notes[0].data && t->notes[0].data != &t->prstatus);
1923 for (i = 1; i < info->thread_notes; ++i)
1924 kfree(t->notes[i].data);
1925 kfree(t);
1926 }
1927 kfree(info->psinfo.data);
86a2bb5a 1928 kvfree(info->files.data);
4206d3aa
RM		 1929}
1930
1931#else
1932
1da177e4
LT		 1933/* Here is the structure in which status of each thread is captured. */
1934struct elf_thread_status
1935{
1936 struct list_head list;
1937 struct elf_prstatus prstatus; /* NT_PRSTATUS */
1938 elf_fpregset_t fpu; /* NT_PRFPREG */
1939 struct task_struct *thread;
1940#ifdef ELF_CORE_COPY_XFPREGS
5b20cd80 1941 elf_fpxregset_t xfpu; /* ELF_CORE_XFPREG_TYPE */
1da177e4
LT		 1942#endif
1943 struct memelfnote notes[3];
1944 int num_notes;
1945};
1946
1947/*
1948 * In order to add the specific thread information for the elf file format,
f4e5cc2c
JJ		 1949 * we need to keep a linked list of every threads pr_status and then create
1950 * a single section for them in the final core file.
1da177e4
LT		 1951 */
1952static int elf_dump_thread_status(long signr, struct elf_thread_status *t)
1953{
1954 int sz = 0;
1955 struct task_struct *p = t->thread;
1956 t->num_notes = 0;
1957
1958 fill_prstatus(&t->prstatus, p, signr);
1959 elf_core_copy_task_regs(p, &t->prstatus.pr_reg);
1960
f4e5cc2c
JJ		 1961 fill_note(&t->notes[0], "CORE", NT_PRSTATUS, sizeof(t->prstatus),
1962 &(t->prstatus));
1da177e4
LT		 1963 t->num_notes++;
1964 sz += notesize(&t->notes[0]);
1965
f4e5cc2c
JJ		 1966 if ((t->prstatus.pr_fpvalid = elf_core_copy_task_fpregs(p, NULL,
1967 &t->fpu))) {
1968 fill_note(&t->notes[1], "CORE", NT_PRFPREG, sizeof(t->fpu),
1969 &(t->fpu));
1da177e4
LT		 1970 t->num_notes++;
1971 sz += notesize(&t->notes[1]);
1972 }
1973
1974#ifdef ELF_CORE_COPY_XFPREGS
1975 if (elf_core_copy_task_xfpregs(p, &t->xfpu)) {
5b20cd80
MN		 1976 fill_note(&t->notes[2], "LINUX", ELF_CORE_XFPREG_TYPE,
1977 sizeof(t->xfpu), &t->xfpu);
1da177e4
LT		 1978 t->num_notes++;
1979 sz += notesize(&t->notes[2]);
1980 }
1981#endif
1982 return sz;
1983}
1984
3aba481f
RM		 1985struct elf_note_info {
1986 struct memelfnote *notes;
72023656 1987 struct memelfnote *notes_files;
3aba481f
RM		 1988 struct elf_prstatus *prstatus; /* NT_PRSTATUS */
1989 struct elf_prpsinfo *psinfo; /* NT_PRPSINFO */
1990 struct list_head thread_list;
1991 elf_fpregset_t *fpu;
1992#ifdef ELF_CORE_COPY_XFPREGS
1993 elf_fpxregset_t *xfpu;
1994#endif
49ae4d4b 1995 user_siginfo_t csigdata;
3aba481f
RM		 1996 int thread_status_size;
1997 int numnote;
1998};
1999
0cf062d0 2000static int elf_note_info_init(struct elf_note_info *info)
3aba481f 2001{
0cf062d0 2002 memset(info, 0, sizeof(*info));
3aba481f
RM		 2003 INIT_LIST_HEAD(&info->thread_list);
2004
49ae4d4b 2005 /* Allocate space for ELF notes */
6da2ec56 2006 info->notes = kmalloc_array(8, sizeof(struct memelfnote), GFP_KERNEL);
3aba481f
RM		 2007 if (!info->notes)
2008 return 0;
2009 info->psinfo = kmalloc(sizeof(*info->psinfo), GFP_KERNEL);
2010 if (!info->psinfo)
f34f9d18 2011 return 0;
3aba481f
RM		 2012 info->prstatus = kmalloc(sizeof(*info->prstatus), GFP_KERNEL);
2013 if (!info->prstatus)
f34f9d18 2014 return 0;
3aba481f
RM		 2015 info->fpu = kmalloc(sizeof(*info->fpu), GFP_KERNEL);
2016 if (!info->fpu)
f34f9d18 2017 return 0;
3aba481f
RM		 2018#ifdef ELF_CORE_COPY_XFPREGS
2019 info->xfpu = kmalloc(sizeof(*info->xfpu), GFP_KERNEL);
2020 if (!info->xfpu)
f34f9d18 2021 return 0;
3aba481f 2022#endif
0cf062d0 2023 return 1;
0cf062d0
AW		 2024}
2025
2026static int fill_note_info(struct elfhdr *elf, int phdrs,
2027 struct elf_note_info *info,
ae7795bc 2028 const kernel_siginfo_t *siginfo, struct pt_regs *regs)
0cf062d0 2029{
afabada9
AV		 2030 struct core_thread *ct;
2031 struct elf_thread_status *ets;
0cf062d0
AW		 2032
2033 if (!elf_note_info_init(info))
2034 return 0;
3aba481f 2035
afabada9
AV		 2036 for (ct = current->mm->core_state->dumper.next;
2037 ct; ct = ct->next) {
2038 ets = kzalloc(sizeof(*ets), GFP_KERNEL);
2039 if (!ets)
2040 return 0;
83914441 2041
afabada9
AV		 2042 ets->thread = ct->task;
2043 list_add(&ets->list, &info->thread_list);
2044 }
83914441 2045
93f044e2 2046 list_for_each_entry(ets, &info->thread_list, list) {
afabada9 2047 int sz;
3aba481f 2048
afabada9
AV		 2049 sz = elf_dump_thread_status(siginfo->si_signo, ets);
2050 info->thread_status_size += sz;
3aba481f
RM		 2051 }
2052 /* now collect the dump for the current */
2053 memset(info->prstatus, 0, sizeof(*info->prstatus));
5ab1c309 2054 fill_prstatus(info->prstatus, current, siginfo->si_signo);
3aba481f
RM		 2055 elf_core_copy_regs(&info->prstatus->pr_reg, regs);
2056
2057 /* Set up header */
d3330cf0 2058 fill_elf_header(elf, phdrs, ELF_ARCH, ELF_CORE_EFLAGS);
3aba481f
RM		 2059
2060 /*
2061 * Set up the notes in similar form to SVR4 core dumps made
2062 * with info from their /proc.
2063 */
2064
2065 fill_note(info->notes + 0, "CORE", NT_PRSTATUS,
2066 sizeof(*info->prstatus), info->prstatus);
2067 fill_psinfo(info->psinfo, current->group_leader, current->mm);
2068 fill_note(info->notes + 1, "CORE", NT_PRPSINFO,
2069 sizeof(*info->psinfo), info->psinfo);
2070
2aa362c4
DV		 2071 fill_siginfo_note(info->notes + 2, &info->csigdata, siginfo);
2072 fill_auxv_note(info->notes + 3, current->mm);
72023656 2073 info->numnote = 4;
3aba481f 2074
72023656
DA		 2075 if (fill_files_note(info->notes + info->numnote) == 0) {
2076 info->notes_files = info->notes + info->numnote;
2077 info->numnote++;
2078 }
3aba481f
RM		 2079
2080 /* Try to dump the FPU. */
2081 info->prstatus->pr_fpvalid = elf_core_copy_task_fpregs(current, regs,
2082 info->fpu);
2083 if (info->prstatus->pr_fpvalid)
2084 fill_note(info->notes + info->numnote++,
2085 "CORE", NT_PRFPREG, sizeof(*info->fpu), info->fpu);
2086#ifdef ELF_CORE_COPY_XFPREGS
2087 if (elf_core_copy_task_xfpregs(current, info->xfpu))
2088 fill_note(info->notes + info->numnote++,
2089 "LINUX", ELF_CORE_XFPREG_TYPE,
2090 sizeof(*info->xfpu), info->xfpu);
2091#endif
2092
2093 return 1;
3aba481f
RM		 2094}
2095
2096static size_t get_note_info_size(struct elf_note_info *info)
2097{
2098 int sz = 0;
2099 int i;
2100
2101 for (i = 0; i < info->numnote; i++)
2102 sz += notesize(info->notes + i);
2103
2104 sz += info->thread_status_size;
2105
2106 return sz;
2107}
2108
2109static int write_note_info(struct elf_note_info *info,
ecc8c772 2110 struct coredump_params *cprm)
3aba481f 2111{
93f044e2 2112 struct elf_thread_status *ets;
3aba481f 2113 int i;
3aba481f
RM		 2114
2115 for (i = 0; i < info->numnote; i++)
ecc8c772 2116 if (!writenote(info->notes + i, cprm))
3aba481f
RM		 2117 return 0;
2118
2119 /* write out the thread status notes section */
93f044e2
AD		 2120 list_for_each_entry(ets, &info->thread_list, list) {
2121 for (i = 0; i < ets->num_notes; i++)
2122 if (!writenote(&ets->notes[i], cprm))
3aba481f
RM		 2123 return 0;
2124 }
2125
2126 return 1;
2127}
2128
2129static void free_note_info(struct elf_note_info *info)
2130{
2131 while (!list_empty(&info->thread_list)) {
2132 struct list_head *tmp = info->thread_list.next;
2133 list_del(tmp);
2134 kfree(list_entry(tmp, struct elf_thread_status, list));
2135 }
2136
72023656
DA		 2137 /* Free data possibly allocated by fill_files_note(): */
2138 if (info->notes_files)
86a2bb5a 2139 kvfree(info->notes_files->data);
2aa362c4 2140
3aba481f
RM		 2141 kfree(info->prstatus);
2142 kfree(info->psinfo);
2143 kfree(info->notes);
2144 kfree(info->fpu);
2145#ifdef ELF_CORE_COPY_XFPREGS
2146 kfree(info->xfpu);
2147#endif
2148}
2149
4206d3aa
RM		 2150#endif
2151
f47aef55
RM		 2152static struct vm_area_struct *first_vma(struct task_struct *tsk,
2153 struct vm_area_struct *gate_vma)
2154{
2155 struct vm_area_struct *ret = tsk->mm->mmap;
2156
2157 if (ret)
2158 return ret;
2159 return gate_vma;
2160}
2161/*
2162 * Helper function for iterating across a vma list. It ensures that the caller
2163 * will visit `gate_vma' prior to terminating the search.
2164 */
2165static struct vm_area_struct *next_vma(struct vm_area_struct *this_vma,
2166 struct vm_area_struct *gate_vma)
2167{
2168 struct vm_area_struct *ret;
2169
2170 ret = this_vma->vm_next;
2171 if (ret)
2172 return ret;
2173 if (this_vma == gate_vma)
2174 return NULL;
2175 return gate_vma;
2176}
2177
8d9032bb
DH		 2178static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
2179 elf_addr_t e_shoff, int segs)
2180{
2181 elf->e_shoff = e_shoff;
2182 elf->e_shentsize = sizeof(*shdr4extnum);
2183 elf->e_shnum = 1;
2184 elf->e_shstrndx = SHN_UNDEF;
2185
2186 memset(shdr4extnum, 0, sizeof(*shdr4extnum));
2187
2188 shdr4extnum->sh_type = SHT_NULL;
2189 shdr4extnum->sh_size = elf->e_shnum;
2190 shdr4extnum->sh_link = elf->e_shstrndx;
2191 shdr4extnum->sh_info = segs;
2192}
2193
1da177e4
LT		 2194/*
2195 * Actual dumper
2196 *
2197 * This is a two-pass process; first we find the offsets of the bits,
2198 * and then they are actually written out. If we run out of core limit
2199 * we just truncate.
2200 */
f6151dfe 2201static int elf_core_dump(struct coredump_params *cprm)
1da177e4 2202{
1da177e4
LT		 2203 int has_dumped = 0;
2204 mm_segment_t fs;
52f5592e
JL		 2205 int segs, i;
2206 size_t vma_data_size = 0;
f47aef55 2207 struct vm_area_struct *vma, *gate_vma;
1da177e4 2208 struct elfhdr *elf = NULL;
cdc3d562 2209 loff_t offset = 0, dataoff;
72023656 2210 struct elf_note_info info = { };
93eb211e 2211 struct elf_phdr *phdr4note = NULL;
8d9032bb
DH		 2212 struct elf_shdr *shdr4extnum = NULL;
2213 Elf_Half e_phnum;
2214 elf_addr_t e_shoff;
52f5592e 2215 elf_addr_t *vma_filesz = NULL;
1da177e4
LT		 2216
2217 /*
2218 * We no longer stop all VM operations.
2219 *
f4e5cc2c
JJ		 2220 * This is because those proceses that could possibly change map_count
2221 * or the mmap / vma pages are now blocked in do_exit on current
2222 * finishing this core dump.
1da177e4
LT		 2223 *
2224 * Only ptrace can touch these memory addresses, but it doesn't change
f4e5cc2c 2225 * the map_count or the pages allocated. So no possibility of crashing
1da177e4
LT		 2226 * exists while dumping the mm->vm_next areas to the core file.
2227 */
2228
2229 /* alloc memory for large data structures: too large to be on stack */
2230 elf = kmalloc(sizeof(*elf), GFP_KERNEL);
2231 if (!elf)
5f719558 2232 goto out;
341c87bf
KH		 2233 /*
2234 * The number of segs are recored into ELF header as 16bit value.
2235 * Please check DEFAULT_MAX_MAP_COUNT definition when you modify here.
2236 */
1da177e4 2237 segs = current->mm->map_count;
1fcccbac 2238 segs += elf_core_extra_phdrs();
1da177e4 2239
31db58b3 2240 gate_vma = get_gate_vma(current->mm);
f47aef55
RM		 2241 if (gate_vma != NULL)
2242 segs++;
2243
8d9032bb
DH		 2244 /* for notes section */
2245 segs++;
2246
2247 /* If segs > PN_XNUM(0xffff), then e_phnum overflows. To avoid
2248 * this, kernel supports extended numbering. Have a look at
2249 * include/linux/elf.h for further information. */
2250 e_phnum = segs > PN_XNUM ? PN_XNUM : segs;
2251
1da177e4 2252 /*
3aba481f
RM		 2253 * Collect all the non-memory information about the process for the
2254 * notes. This also sets up the file header.
1da177e4 2255 */
5ab1c309 2256 if (!fill_note_info(elf, e_phnum, &info, cprm->siginfo, cprm->regs))
3aba481f 2257 goto cleanup;
1da177e4 2258
3aba481f 2259 has_dumped = 1;
079148b9 2260
1da177e4
LT		 2261 fs = get_fs();
2262 set_fs(KERNEL_DS);
2263
1da177e4 2264 offset += sizeof(*elf); /* Elf header */
8d9032bb 2265 offset += segs * sizeof(struct elf_phdr); /* Program headers */
1da177e4
LT		 2266
2267 /* Write notes phdr entry */
2268 {
3aba481f 2269 size_t sz = get_note_info_size(&info);
1da177e4 2270
e5501492 2271 sz += elf_coredump_extra_notes_size();
bf1ab978 2272
93eb211e
DH		 2273 phdr4note = kmalloc(sizeof(*phdr4note), GFP_KERNEL);
2274 if (!phdr4note)
088e7af7 2275 goto end_coredump;
93eb211e
DH		 2276
2277 fill_elf_note_phdr(phdr4note, sz, offset);
2278 offset += sz;
1da177e4
LT		 2279 }
2280
1da177e4
LT		 2281 dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
2282
30f74aa0
JB		 2283 if (segs - 1 > ULONG_MAX / sizeof(*vma_filesz))
2284 goto end_coredump;
86a2bb5a
AD		 2285 vma_filesz = kvmalloc(array_size(sizeof(*vma_filesz), (segs - 1)),
2286 GFP_KERNEL);
2287 if (ZERO_OR_NULL_PTR(vma_filesz))
52f5592e
JL		 2288 goto end_coredump;
2289
2290 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
2291 vma = next_vma(vma, gate_vma)) {
2292 unsigned long dump_size;
2293
2294 dump_size = vma_dump_size(vma, cprm->mm_flags);
2295 vma_filesz[i++] = dump_size;
2296 vma_data_size += dump_size;
2297 }
2298
2299 offset += vma_data_size;
8d9032bb
DH		 2300 offset += elf_core_extra_data_size();
2301 e_shoff = offset;
2302
2303 if (e_phnum == PN_XNUM) {
2304 shdr4extnum = kmalloc(sizeof(*shdr4extnum), GFP_KERNEL);
2305 if (!shdr4extnum)
2306 goto end_coredump;
2307 fill_extnum_info(elf, shdr4extnum, e_shoff, segs);
2308 }
2309
2310 offset = dataoff;
2311
ecc8c772 2312 if (!dump_emit(cprm, elf, sizeof(*elf)))
93eb211e
DH		 2313 goto end_coredump;
2314
ecc8c772 2315 if (!dump_emit(cprm, phdr4note, sizeof(*phdr4note)))
93eb211e
DH		 2316 goto end_coredump;
2317
1da177e4 2318 /* Write program headers for segments dump */
52f5592e 2319 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
f47aef55 2320 vma = next_vma(vma, gate_vma)) {
1da177e4 2321 struct elf_phdr phdr;
1da177e4
LT		 2322
2323 phdr.p_type = PT_LOAD;
2324 phdr.p_offset = offset;
2325 phdr.p_vaddr = vma->vm_start;
2326 phdr.p_paddr = 0;
52f5592e 2327 phdr.p_filesz = vma_filesz[i++];
82df3973 2328 phdr.p_memsz = vma->vm_end - vma->vm_start;
1da177e4
LT		 2329 offset += phdr.p_filesz;
2330 phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
f4e5cc2c
JJ		 2331 if (vma->vm_flags & VM_WRITE)
2332 phdr.p_flags |= PF_W;
2333 if (vma->vm_flags & VM_EXEC)
2334 phdr.p_flags |= PF_X;
1da177e4
LT		 2335 phdr.p_align = ELF_EXEC_PAGESIZE;
2336
ecc8c772 2337 if (!dump_emit(cprm, &phdr, sizeof(phdr)))
088e7af7 2338 goto end_coredump;
1da177e4
LT		 2339 }
2340
506f21c5 2341 if (!elf_core_write_extra_phdrs(cprm, offset))
1fcccbac 2342 goto end_coredump;
1da177e4
LT		 2343
2344 /* write out the notes section */
ecc8c772 2345 if (!write_note_info(&info, cprm))
3aba481f 2346 goto end_coredump;
1da177e4 2347
cdc3d562 2348 if (elf_coredump_extra_notes_write(cprm))
e5501492 2349 goto end_coredump;
bf1ab978 2350
d025c9db 2351 /* Align to page */
1607f09c 2352 if (!dump_skip(cprm, dataoff - cprm->pos))
f3e8fccd 2353 goto end_coredump;
1da177e4 2354
52f5592e 2355 for (i = 0, vma = first_vma(current, gate_vma); vma != NULL;
f47aef55 2356 vma = next_vma(vma, gate_vma)) {
1da177e4 2357 unsigned long addr;
82df3973 2358 unsigned long end;
1da177e4 2359
52f5592e 2360 end = vma->vm_start + vma_filesz[i++];
1da177e4 2361
82df3973 2362 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
f4e5cc2c 2363 struct page *page;
f3e8fccd
HD		 2364 int stop;
2365
2366 page = get_dump_page(addr);
2367 if (page) {
2368 void *kaddr = kmap(page);
13046ece 2369 stop = !dump_emit(cprm, kaddr, PAGE_SIZE);
f3e8fccd 2370 kunmap(page);
09cbfeaf 2371 put_page(page);
f3e8fccd 2372 } else
9b56d543 2373 stop = !dump_skip(cprm, PAGE_SIZE);
f3e8fccd
HD		 2374 if (stop)
2375 goto end_coredump;
1da177e4
LT		 2376 }
2377 }
4d22c75d 2378 dump_truncate(cprm);
1da177e4 2379
aa3e7eaf 2380 if (!elf_core_write_extra_data(cprm))
1fcccbac 2381 goto end_coredump;
1da177e4 2382
8d9032bb 2383 if (e_phnum == PN_XNUM) {
13046ece 2384 if (!dump_emit(cprm, shdr4extnum, sizeof(*shdr4extnum)))
8d9032bb
DH		 2385 goto end_coredump;
2386 }
2387
1da177e4
LT		 2388end_coredump:
2389 set_fs(fs);
2390
2391cleanup:
3aba481f 2392 free_note_info(&info);
8d9032bb 2393 kfree(shdr4extnum);
86a2bb5a 2394 kvfree(vma_filesz);
93eb211e 2395 kfree(phdr4note);
5f719558
WC		 2396 kfree(elf);
2397out:
1da177e4 2398 return has_dumped;
1da177e4
LT		 2399}
2400
698ba7b5 2401#endif /* CONFIG_ELF_CORE */
1da177e4
LT		 2402
2403static int __init init_elf_binfmt(void)
2404{
8fc3dc5a
AV		 2405 register_binfmt(&elf_format);
2406 return 0;
1da177e4
LT		 2407}
2408
2409static void __exit exit_elf_binfmt(void)
2410{
2411 /* Remove the COFF and ELF loaders. */
2412 unregister_binfmt(&elf_format);
2413}
2414
2415core_initcall(init_elf_binfmt);
2416module_exit(exit_elf_binfmt);
2417MODULE_LICENSE("GPL");
Linux 6.x block layer and io_uring tree(s)