1
2
3
4
5
6
7
8
9
10
11
12#include <linux/module.h>
13#include <linux/kernel.h>
14#include <linux/fs.h>
15#include <linux/mm.h>
16#include <linux/mman.h>
17#include <linux/errno.h>
18#include <linux/signal.h>
19#include <linux/binfmts.h>
20#include <linux/string.h>
21#include <linux/file.h>
22#include <linux/slab.h>
23#include <linux/personality.h>
24#include <linux/elfcore.h>
25#include <linux/init.h>
26#include <linux/highuid.h>
27#include <linux/compiler.h>
28#include <linux/highmem.h>
29#include <linux/pagemap.h>
30#include <linux/security.h>
31#include <linux/random.h>
32#include <linux/elf.h>
33#include <linux/utsname.h>
34#include <linux/coredump.h>
35#include <asm/uaccess.h>
36#include <asm/param.h>
37#include <asm/page.h>
38
39static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs);
40static int load_elf_library(struct file *);
41static unsigned long elf_map(struct file *, unsigned long, struct elf_phdr *,
42 int, int, unsigned long);
43
44
45
46
47
48#ifdef CONFIG_ELF_CORE
49static int elf_core_dump(struct coredump_params *cprm);
50#else
51#define elf_core_dump NULL
52#endif
53
54#if ELF_EXEC_PAGESIZE > PAGE_SIZE
55#define ELF_MIN_ALIGN ELF_EXEC_PAGESIZE
56#else
57#define ELF_MIN_ALIGN PAGE_SIZE
58#endif
59
60#ifndef ELF_CORE_EFLAGS
61#define ELF_CORE_EFLAGS 0
62#endif
63
64#define ELF_PAGESTART(_v) ((_v) & ~(unsigned long)(ELF_MIN_ALIGN-1))
65#define ELF_PAGEOFFSET(_v) ((_v) & (ELF_MIN_ALIGN-1))
66#define ELF_PAGEALIGN(_v) (((_v) + ELF_MIN_ALIGN - 1) & ~(ELF_MIN_ALIGN - 1))
67
68static struct linux_binfmt elf_format = {
69 .module = THIS_MODULE,
70 .load_binary = load_elf_binary,
71 .load_shlib = load_elf_library,
72 .core_dump = elf_core_dump,
73 .min_coredump = ELF_EXEC_PAGESIZE,
74 .hasvdso = 1
75};
76
77#define BAD_ADDR(x) ((unsigned long)(x) >= TASK_SIZE)
78
79static int set_brk(unsigned long start, unsigned long end)
80{
81 start = ELF_PAGEALIGN(start);
82 end = ELF_PAGEALIGN(end);
83 if (end > start) {
84 unsigned long addr;
85 down_write(¤t->mm->mmap_sem);
86 addr = do_brk(start, end - start);
87 up_write(¤t->mm->mmap_sem);
88 if (BAD_ADDR(addr))
89 return addr;
90 }
91 current->mm->start_brk = current->mm->brk = end;
92 return 0;
93}
94
95
96
97
98
99
100static int padzero(unsigned long elf_bss)
101{
102 unsigned long nbyte;
103
104 nbyte = ELF_PAGEOFFSET(elf_bss);
105 if (nbyte) {
106 nbyte = ELF_MIN_ALIGN - nbyte;
107 if (clear_user((void __user *) elf_bss, nbyte))
108 return -EFAULT;
109 }
110 return 0;
111}
112
113
114#ifdef CONFIG_STACK_GROWSUP
115#define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) + (items))
116#define STACK_ROUND(sp, items) \
117 ((15 + (unsigned long) ((sp) + (items))) &~ 15UL)
118#define STACK_ALLOC(sp, len) ({ \
119 elf_addr_t __user *old_sp = (elf_addr_t __user *)sp; sp += len; \
120 old_sp; })
121#else
122#define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) - (items))
123#define STACK_ROUND(sp, items) \
124 (((unsigned long) (sp - items)) &~ 15UL)
125#define STACK_ALLOC(sp, len) ({ sp -= len ; sp; })
126#endif
127
128#ifndef ELF_BASE_PLATFORM
129
130
131
132
133
134#define ELF_BASE_PLATFORM NULL
135#endif
136
137static int
138create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
139 unsigned long load_addr, unsigned long interp_load_addr)
140{
141 unsigned long p = bprm->p;
142 int argc = bprm->argc;
143 int envc = bprm->envc;
144 elf_addr_t __user *argv;
145 elf_addr_t __user *envp;
146 elf_addr_t __user *sp;
147 elf_addr_t __user *u_platform;
148 elf_addr_t __user *u_base_platform;
149 elf_addr_t __user *u_rand_bytes;
150 const char *k_platform = ELF_PLATFORM;
151 const char *k_base_platform = ELF_BASE_PLATFORM;
152 unsigned char k_rand_bytes[16];
153 int items;
154 elf_addr_t *elf_info;
155 int ei_index = 0;
156 const struct cred *cred = current_cred();
157 struct vm_area_struct *vma;
158
159
160
161
162
163
164
165 p = arch_align_stack(p);
166
167
168
169
170
171
172
173 u_platform = NULL;
174 if (k_platform) {
175 size_t len = strlen(k_platform) + 1;
176
177 u_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
178 if (__copy_to_user(u_platform, k_platform, len))
179 return -EFAULT;
180 }
181
182
183
184
185
186 u_base_platform = NULL;
187 if (k_base_platform) {
188 size_t len = strlen(k_base_platform) + 1;
189
190 u_base_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
191 if (__copy_to_user(u_base_platform, k_base_platform, len))
192 return -EFAULT;
193 }
194
195
196
197
198 get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes));
199 u_rand_bytes = (elf_addr_t __user *)
200 STACK_ALLOC(p, sizeof(k_rand_bytes));
201 if (__copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes)))
202 return -EFAULT;
203
204
205 elf_info = (elf_addr_t *)current->mm->saved_auxv;
206
207#define NEW_AUX_ENT(id, val) \
208 do { \
209 elf_info[ei_index++] = id; \
210 elf_info[ei_index++] = val; \
211 } while (0)
212
213#ifdef ARCH_DLINFO
214
215
216
217
218
219
220 ARCH_DLINFO;
221#endif
222 NEW_AUX_ENT(AT_HWCAP, ELF_HWCAP);
223 NEW_AUX_ENT(AT_PAGESZ, ELF_EXEC_PAGESIZE);
224 NEW_AUX_ENT(AT_CLKTCK, CLOCKS_PER_SEC);
225 NEW_AUX_ENT(AT_PHDR, load_addr + exec->e_phoff);
226 NEW_AUX_ENT(AT_PHENT, sizeof(struct elf_phdr));
227 NEW_AUX_ENT(AT_PHNUM, exec->e_phnum);
228 NEW_AUX_ENT(AT_BASE, interp_load_addr);
229 NEW_AUX_ENT(AT_FLAGS, 0);
230 NEW_AUX_ENT(AT_ENTRY, exec->e_entry);
231 NEW_AUX_ENT(AT_UID, cred->uid);
232 NEW_AUX_ENT(AT_EUID, cred->euid);
233 NEW_AUX_ENT(AT_GID, cred->gid);
234 NEW_AUX_ENT(AT_EGID, cred->egid);
235 NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm));
236 NEW_AUX_ENT(AT_RANDOM, (elf_addr_t)(unsigned long)u_rand_bytes);
237 NEW_AUX_ENT(AT_EXECFN, bprm->exec);
238 if (k_platform) {
239 NEW_AUX_ENT(AT_PLATFORM,
240 (elf_addr_t)(unsigned long)u_platform);
241 }
242 if (k_base_platform) {
243 NEW_AUX_ENT(AT_BASE_PLATFORM,
244 (elf_addr_t)(unsigned long)u_base_platform);
245 }
246 if (bprm->interp_flags & BINPRM_FLAGS_EXECFD) {
247 NEW_AUX_ENT(AT_EXECFD, bprm->interp_data);
248 }
249#undef NEW_AUX_ENT
250
251 memset(&elf_info[ei_index], 0,
252 sizeof current->mm->saved_auxv - ei_index * sizeof elf_info[0]);
253
254
255 ei_index += 2;
256
257 sp = STACK_ADD(p, ei_index);
258
259 items = (argc + 1) + (envc + 1) + 1;
260 bprm->p = STACK_ROUND(sp, items);
261
262
263#ifdef CONFIG_STACK_GROWSUP
264 sp = (elf_addr_t __user *)bprm->p - items - ei_index;
265 bprm->exec = (unsigned long)sp;
266#else
267 sp = (elf_addr_t __user *)bprm->p;
268#endif
269
270
271
272
273
274
275 vma = find_extend_vma(current->mm, bprm->p);
276 if (!vma)
277 return -EFAULT;
278
279
280 if (__put_user(argc, sp++))
281 return -EFAULT;
282 argv = sp;
283 envp = argv + argc + 1;
284
285
286 p = current->mm->arg_end = current->mm->arg_start;
287 while (argc-- > 0) {
288 size_t len;
289 if (__put_user((elf_addr_t)p, argv++))
290 return -EFAULT;
291 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
292 if (!len || len > MAX_ARG_STRLEN)
293 return -EINVAL;
294 p += len;
295 }
296 if (__put_user(0, argv))
297 return -EFAULT;
298 current->mm->arg_end = current->mm->env_start = p;
299 while (envc-- > 0) {
300 size_t len;
301 if (__put_user((elf_addr_t)p, envp++))
302 return -EFAULT;
303 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
304 if (!len || len > MAX_ARG_STRLEN)
305 return -EINVAL;
306 p += len;
307 }
308 if (__put_user(0, envp))
309 return -EFAULT;
310 current->mm->env_end = p;
311
312
313 sp = (elf_addr_t __user *)envp + 1;
314 if (copy_to_user(sp, elf_info, ei_index * sizeof(elf_addr_t)))
315 return -EFAULT;
316 return 0;
317}
318
319#ifndef elf_map
320
321static unsigned long elf_map(struct file *filep, unsigned long addr,
322 struct elf_phdr *eppnt, int prot, int type,
323 unsigned long total_size)
324{
325 unsigned long map_addr;
326 unsigned long size = eppnt->p_filesz + ELF_PAGEOFFSET(eppnt->p_vaddr);
327 unsigned long off = eppnt->p_offset - ELF_PAGEOFFSET(eppnt->p_vaddr);
328 addr = ELF_PAGESTART(addr);
329 size = ELF_PAGEALIGN(size);
330
331
332
333 if (!size)
334 return addr;
335
336 down_write(¤t->mm->mmap_sem);
337
338
339
340
341
342
343
344
345 if (total_size) {
346 total_size = ELF_PAGEALIGN(total_size);
347 map_addr = do_mmap(filep, addr, total_size, prot, type, off);
348 if (!BAD_ADDR(map_addr))
349 do_munmap(current->mm, map_addr+size, total_size-size);
350 } else
351 map_addr = do_mmap(filep, addr, size, prot, type, off);
352
353 up_write(¤t->mm->mmap_sem);
354 return(map_addr);
355}
356
357#endif
358
359static unsigned long total_mapping_size(struct elf_phdr *cmds, int nr)
360{
361 int i, first_idx = -1, last_idx = -1;
362
363 for (i = 0; i < nr; i++) {
364 if (cmds[i].p_type == PT_LOAD) {
365 last_idx = i;
366 if (first_idx == -1)
367 first_idx = i;
368 }
369 }
370 if (first_idx == -1)
371 return 0;
372
373 return cmds[last_idx].p_vaddr + cmds[last_idx].p_memsz -
374 ELF_PAGESTART(cmds[first_idx].p_vaddr);
375}
376
377
378
379
380
381
382
383static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
384 struct file *interpreter, unsigned long *interp_map_addr,
385 unsigned long no_base)
386{
387 struct elf_phdr *elf_phdata;
388 struct elf_phdr *eppnt;
389 unsigned long load_addr = 0;
390 int load_addr_set = 0;
391 unsigned long last_bss = 0, elf_bss = 0;
392 unsigned long error = ~0UL;
393 unsigned long total_size;
394 int retval, i, size;
395
396
397 if (interp_elf_ex->e_type != ET_EXEC &&
398 interp_elf_ex->e_type != ET_DYN)
399 goto out;
400 if (!elf_check_arch(interp_elf_ex))
401 goto out;
402 if (!interpreter->f_op || !interpreter->f_op->mmap)
403 goto out;
404
405
406
407
408
409 if (interp_elf_ex->e_phentsize != sizeof(struct elf_phdr))
410 goto out;
411 if (interp_elf_ex->e_phnum < 1 ||
412 interp_elf_ex->e_phnum > 65536U / sizeof(struct elf_phdr))
413 goto out;
414
415
416 size = sizeof(struct elf_phdr) * interp_elf_ex->e_phnum;
417 if (size > ELF_MIN_ALIGN)
418 goto out;
419 elf_phdata = kmalloc(size, GFP_KERNEL);
420 if (!elf_phdata)
421 goto out;
422
423 retval = kernel_read(interpreter, interp_elf_ex->e_phoff,
424 (char *)elf_phdata,size);
425 error = -EIO;
426 if (retval != size) {
427 if (retval < 0)
428 error = retval;
429 goto out_close;
430 }
431
432 total_size = total_mapping_size(elf_phdata, interp_elf_ex->e_phnum);
433 if (!total_size) {
434 error = -EINVAL;
435 goto out_close;
436 }
437
438 eppnt = elf_phdata;
439 for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) {
440 if (eppnt->p_type == PT_LOAD) {
441 int elf_type = MAP_PRIVATE | MAP_DENYWRITE;
442 int elf_prot = 0;
443 unsigned long vaddr = 0;
444 unsigned long k, map_addr;
445
446 if (eppnt->p_flags & PF_R)
447 elf_prot = PROT_READ;
448 if (eppnt->p_flags & PF_W)
449 elf_prot |= PROT_WRITE;
450 if (eppnt->p_flags & PF_X)
451 elf_prot |= PROT_EXEC;
452 vaddr = eppnt->p_vaddr;
453 if (interp_elf_ex->e_type == ET_EXEC || load_addr_set)
454 elf_type |= MAP_FIXED;
455 else if (no_base && interp_elf_ex->e_type == ET_DYN)
456 load_addr = -vaddr;
457
458 map_addr = elf_map(interpreter, load_addr + vaddr,
459 eppnt, elf_prot, elf_type, total_size);
460 total_size = 0;
461 if (!*interp_map_addr)
462 *interp_map_addr = map_addr;
463 error = map_addr;
464 if (BAD_ADDR(map_addr))
465 goto out_close;
466
467 if (!load_addr_set &&
468 interp_elf_ex->e_type == ET_DYN) {
469 load_addr = map_addr - ELF_PAGESTART(vaddr);
470 load_addr_set = 1;
471 }
472
473
474
475
476
477
478 k = load_addr + eppnt->p_vaddr;
479 if (BAD_ADDR(k) ||
480 eppnt->p_filesz > eppnt->p_memsz ||
481 eppnt->p_memsz > TASK_SIZE ||
482 TASK_SIZE - eppnt->p_memsz < k) {
483 error = -ENOMEM;
484 goto out_close;
485 }
486
487
488
489
490
491 k = load_addr + eppnt->p_vaddr + eppnt->p_filesz;
492 if (k > elf_bss)
493 elf_bss = k;
494
495
496
497
498
499 k = load_addr + eppnt->p_memsz + eppnt->p_vaddr;
500 if (k > last_bss)
501 last_bss = k;
502 }
503 }
504
505 if (last_bss > elf_bss) {
506
507
508
509
510
511
512 if (padzero(elf_bss)) {
513 error = -EFAULT;
514 goto out_close;
515 }
516
517
518 elf_bss = ELF_PAGESTART(elf_bss + ELF_MIN_ALIGN - 1);
519
520
521 down_write(¤t->mm->mmap_sem);
522 error = do_brk(elf_bss, last_bss - elf_bss);
523 up_write(¤t->mm->mmap_sem);
524 if (BAD_ADDR(error))
525 goto out_close;
526 }
527
528 error = load_addr;
529
530out_close:
531 kfree(elf_phdata);
532out:
533 return error;
534}
535
536
537
538
539
540
541#define INTERPRETER_NONE 0
542#define INTERPRETER_ELF 2
543
544#ifndef STACK_RND_MASK
545#define STACK_RND_MASK (0x7ff >> (PAGE_SHIFT - 12))
546#endif
547
548static unsigned long randomize_stack_top(unsigned long stack_top)
549{
550 unsigned int random_variable = 0;
551
552 if ((current->flags & PF_RANDOMIZE) &&
553 !(current->personality & ADDR_NO_RANDOMIZE)) {
554 random_variable = get_random_int() & STACK_RND_MASK;
555 random_variable <<= PAGE_SHIFT;
556 }
557#ifdef CONFIG_STACK_GROWSUP
558 return PAGE_ALIGN(stack_top) + random_variable;
559#else
560 return PAGE_ALIGN(stack_top) - random_variable;
561#endif
562}
563
564static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
565{
566 struct file *interpreter = NULL;
567 unsigned long load_addr = 0, load_bias = 0;
568 int load_addr_set = 0;
569 char * elf_interpreter = NULL;
570 unsigned long error;
571 struct elf_phdr *elf_ppnt, *elf_phdata;
572 unsigned long elf_bss, elf_brk;
573 int retval, i;
574 unsigned int size;
575 unsigned long elf_entry;
576 unsigned long interp_load_addr = 0;
577 unsigned long start_code, end_code, start_data, end_data;
578 unsigned long reloc_func_desc = 0;
579 int executable_stack = EXSTACK_DEFAULT;
580 unsigned long def_flags = 0;
581 struct {
582 struct elfhdr elf_ex;
583 struct elfhdr interp_elf_ex;
584 } *loc;
585
586 loc = kmalloc(sizeof(*loc), GFP_KERNEL);
587 if (!loc) {
588 retval = -ENOMEM;
589 goto out_ret;
590 }
591
592
593 loc->elf_ex = *((struct elfhdr *)bprm->buf);
594
595 retval = -ENOEXEC;
596
597 if (memcmp(loc->elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
598 goto out;
599
600 if (loc->elf_ex.e_type != ET_EXEC && loc->elf_ex.e_type != ET_DYN)
601 goto out;
602 if (!elf_check_arch(&loc->elf_ex))
603 goto out;
604 if (!bprm->file->f_op||!bprm->file->f_op->mmap)
605 goto out;
606
607
608 if (loc->elf_ex.e_phentsize != sizeof(struct elf_phdr))
609 goto out;
610 if (loc->elf_ex.e_phnum < 1 ||
611 loc->elf_ex.e_phnum > 65536U / sizeof(struct elf_phdr))
612 goto out;
613 size = loc->elf_ex.e_phnum * sizeof(struct elf_phdr);
614 retval = -ENOMEM;
615 elf_phdata = kmalloc(size, GFP_KERNEL);
616 if (!elf_phdata)
617 goto out;
618
619 retval = kernel_read(bprm->file, loc->elf_ex.e_phoff,
620 (char *)elf_phdata, size);
621 if (retval != size) {
622 if (retval >= 0)
623 retval = -EIO;
624 goto out_free_ph;
625 }
626
627 elf_ppnt = elf_phdata;
628 elf_bss = 0;
629 elf_brk = 0;
630
631 start_code = ~0UL;
632 end_code = 0;
633 start_data = 0;
634 end_data = 0;
635
636 for (i = 0; i < loc->elf_ex.e_phnum; i++) {
637 if (elf_ppnt->p_type == PT_INTERP) {
638
639
640
641
642 retval = -ENOEXEC;
643 if (elf_ppnt->p_filesz > PATH_MAX ||
644 elf_ppnt->p_filesz < 2)
645 goto out_free_ph;
646
647 retval = -ENOMEM;
648 elf_interpreter = kmalloc(elf_ppnt->p_filesz,
649 GFP_KERNEL);
650 if (!elf_interpreter)
651 goto out_free_ph;
652
653 retval = kernel_read(bprm->file, elf_ppnt->p_offset,
654 elf_interpreter,
655 elf_ppnt->p_filesz);
656 if (retval != elf_ppnt->p_filesz) {
657 if (retval >= 0)
658 retval = -EIO;
659 goto out_free_interp;
660 }
661
662 retval = -ENOEXEC;
663 if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0')
664 goto out_free_interp;
665
666 interpreter = open_exec(elf_interpreter);
667 retval = PTR_ERR(interpreter);
668 if (IS_ERR(interpreter))
669 goto out_free_interp;
670
671
672
673
674
675
676 if (file_permission(interpreter, MAY_READ) < 0)
677 bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP;
678
679 retval = kernel_read(interpreter, 0, bprm->buf,
680 BINPRM_BUF_SIZE);
681 if (retval != BINPRM_BUF_SIZE) {
682 if (retval >= 0)
683 retval = -EIO;
684 goto out_free_dentry;
685 }
686
687
688 loc->interp_elf_ex = *((struct elfhdr *)bprm->buf);
689 break;
690 }
691 elf_ppnt++;
692 }
693
694 elf_ppnt = elf_phdata;
695 for (i = 0; i < loc->elf_ex.e_phnum; i++, elf_ppnt++)
696 if (elf_ppnt->p_type == PT_GNU_STACK) {
697 if (elf_ppnt->p_flags & PF_X)
698 executable_stack = EXSTACK_ENABLE_X;
699 else
700 executable_stack = EXSTACK_DISABLE_X;
701 break;
702 }
703
704
705 if (elf_interpreter) {
706 retval = -ELIBBAD;
707
708 if (memcmp(loc->interp_elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
709 goto out_free_dentry;
710
711 if (!elf_check_arch(&loc->interp_elf_ex))
712 goto out_free_dentry;
713 }
714
715
716 retval = flush_old_exec(bprm);
717 if (retval)
718 goto out_free_dentry;
719
720
721 current->flags &= ~PF_FORKNOEXEC;
722 current->mm->def_flags = def_flags;
723
724
725
726 SET_PERSONALITY(loc->elf_ex);
727 if (elf_read_implies_exec(loc->elf_ex, executable_stack))
728 current->personality |= READ_IMPLIES_EXEC;
729
730 if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
731 current->flags |= PF_RANDOMIZE;
732
733 setup_new_exec(bprm);
734
735
736
737 current->mm->free_area_cache = current->mm->mmap_base;
738 current->mm->cached_hole_size = 0;
739 retval = setup_arg_pages(bprm, randomize_stack_top(STACK_TOP),
740 executable_stack);
741 if (retval < 0) {
742 send_sig(SIGKILL, current, 0);
743 goto out_free_dentry;
744 }
745
746 current->mm->start_stack = bprm->p;
747
748
749
750 for(i = 0, elf_ppnt = elf_phdata;
751 i < loc->elf_ex.e_phnum; i++, elf_ppnt++) {
752 int elf_prot = 0, elf_flags;
753 unsigned long k, vaddr;
754
755 if (elf_ppnt->p_type != PT_LOAD)
756 continue;
757
758 if (unlikely (elf_brk > elf_bss)) {
759 unsigned long nbyte;
760
761
762
763
764 retval = set_brk (elf_bss + load_bias,
765 elf_brk + load_bias);
766 if (retval) {
767 send_sig(SIGKILL, current, 0);
768 goto out_free_dentry;
769 }
770 nbyte = ELF_PAGEOFFSET(elf_bss);
771 if (nbyte) {
772 nbyte = ELF_MIN_ALIGN - nbyte;
773 if (nbyte > elf_brk - elf_bss)
774 nbyte = elf_brk - elf_bss;
775 if (clear_user((void __user *)elf_bss +
776 load_bias, nbyte)) {
777
778
779
780
781
782 }
783 }
784 }
785
786 if (elf_ppnt->p_flags & PF_R)
787 elf_prot |= PROT_READ;
788 if (elf_ppnt->p_flags & PF_W)
789 elf_prot |= PROT_WRITE;
790 if (elf_ppnt->p_flags & PF_X)
791 elf_prot |= PROT_EXEC;
792
793 elf_flags = MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE;
794
795 vaddr = elf_ppnt->p_vaddr;
796 if (loc->elf_ex.e_type == ET_EXEC || load_addr_set) {
797 elf_flags |= MAP_FIXED;
798 } else if (loc->elf_ex.e_type == ET_DYN) {
799
800
801
802
803#ifdef CONFIG_X86
804 load_bias = 0;
805#else
806 load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
807#endif
808 }
809
810 error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
811 elf_prot, elf_flags, 0);
812 if (BAD_ADDR(error)) {
813 send_sig(SIGKILL, current, 0);
814 retval = IS_ERR((void *)error) ?
815 PTR_ERR((void*)error) : -EINVAL;
816 goto out_free_dentry;
817 }
818
819 if (!load_addr_set) {
820 load_addr_set = 1;
821 load_addr = (elf_ppnt->p_vaddr - elf_ppnt->p_offset);
822 if (loc->elf_ex.e_type == ET_DYN) {
823 load_bias += error -
824 ELF_PAGESTART(load_bias + vaddr);
825 load_addr += load_bias;
826 reloc_func_desc = load_bias;
827 }
828 }
829 k = elf_ppnt->p_vaddr;
830 if (k < start_code)
831 start_code = k;
832 if (start_data < k)
833 start_data = k;
834
835
836
837
838
839
840 if (BAD_ADDR(k) || elf_ppnt->p_filesz > elf_ppnt->p_memsz ||
841 elf_ppnt->p_memsz > TASK_SIZE ||
842 TASK_SIZE - elf_ppnt->p_memsz < k) {
843
844 send_sig(SIGKILL, current, 0);
845 retval = -EINVAL;
846 goto out_free_dentry;
847 }
848
849 k = elf_ppnt->p_vaddr + elf_ppnt->p_filesz;
850
851 if (k > elf_bss)
852 elf_bss = k;
853 if ((elf_ppnt->p_flags & PF_X) && end_code < k)
854 end_code = k;
855 if (end_data < k)
856 end_data = k;
857 k = elf_ppnt->p_vaddr + elf_ppnt->p_memsz;
858 if (k > elf_brk)
859 elf_brk = k;
860 }
861
862 loc->elf_ex.e_entry += load_bias;
863 elf_bss += load_bias;
864 elf_brk += load_bias;
865 start_code += load_bias;
866 end_code += load_bias;
867 start_data += load_bias;
868 end_data += load_bias;
869
870
871
872
873
874
875 retval = set_brk(elf_bss, elf_brk);
876 if (retval) {
877 send_sig(SIGKILL, current, 0);
878 goto out_free_dentry;
879 }
880 if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
881 send_sig(SIGSEGV, current, 0);
882 retval = -EFAULT;
883 goto out_free_dentry;
884 }
885
886 if (elf_interpreter) {
887 unsigned long uninitialized_var(interp_map_addr);
888
889 elf_entry = load_elf_interp(&loc->interp_elf_ex,
890 interpreter,
891 &interp_map_addr,
892 load_bias);
893 if (!IS_ERR((void *)elf_entry)) {
894
895
896
897
898 interp_load_addr = elf_entry;
899 elf_entry += loc->interp_elf_ex.e_entry;
900 }
901 if (BAD_ADDR(elf_entry)) {
902 force_sig(SIGSEGV, current);
903 retval = IS_ERR((void *)elf_entry) ?
904 (int)elf_entry : -EINVAL;
905 goto out_free_dentry;
906 }
907 reloc_func_desc = interp_load_addr;
908
909 allow_write_access(interpreter);
910 fput(interpreter);
911 kfree(elf_interpreter);
912 } else {
913 elf_entry = loc->elf_ex.e_entry;
914 if (BAD_ADDR(elf_entry)) {
915 force_sig(SIGSEGV, current);
916 retval = -EINVAL;
917 goto out_free_dentry;
918 }
919 }
920
921 kfree(elf_phdata);
922
923 set_binfmt(&elf_format);
924
925#ifdef ARCH_HAS_SETUP_ADDITIONAL_PAGES
926 retval = arch_setup_additional_pages(bprm, !!elf_interpreter);
927 if (retval < 0) {
928 send_sig(SIGKILL, current, 0);
929 goto out;
930 }
931#endif
932
933 install_exec_creds(bprm);
934 current->flags &= ~PF_FORKNOEXEC;
935 retval = create_elf_tables(bprm, &loc->elf_ex,
936 load_addr, interp_load_addr);
937 if (retval < 0) {
938 send_sig(SIGKILL, current, 0);
939 goto out;
940 }
941
942 current->mm->end_code = end_code;
943 current->mm->start_code = start_code;
944 current->mm->start_data = start_data;
945 current->mm->end_data = end_data;
946 current->mm->start_stack = bprm->p;
947
948#ifdef arch_randomize_brk
949 if ((current->flags & PF_RANDOMIZE) && (randomize_va_space > 1))
950 current->mm->brk = current->mm->start_brk =
951 arch_randomize_brk(current->mm);
952#endif
953
954 if (current->personality & MMAP_PAGE_ZERO) {
955
956
957
958
959 down_write(¤t->mm->mmap_sem);
960 error = do_mmap(NULL, 0, PAGE_SIZE, PROT_READ | PROT_EXEC,
961 MAP_FIXED | MAP_PRIVATE, 0);
962 up_write(¤t->mm->mmap_sem);
963 }
964
965#ifdef ELF_PLAT_INIT
966
967
968
969
970
971
972
973
974
975
976 ELF_PLAT_INIT(regs, reloc_func_desc);
977#endif
978
979 start_thread(regs, elf_entry, bprm->p);
980 retval = 0;
981out:
982 kfree(loc);
983out_ret:
984 return retval;
985
986
987out_free_dentry:
988 allow_write_access(interpreter);
989 if (interpreter)
990 fput(interpreter);
991out_free_interp:
992 kfree(elf_interpreter);
993out_free_ph:
994 kfree(elf_phdata);
995 goto out;
996}
997
998
999
1000static int load_elf_library(struct file *file)
1001{
1002 struct elf_phdr *elf_phdata;
1003 struct elf_phdr *eppnt;
1004 unsigned long elf_bss, bss, len;
1005 int retval, error, i, j;
1006 struct elfhdr elf_ex;
1007
1008 error = -ENOEXEC;
1009 retval = kernel_read(file, 0, (char *)&elf_ex, sizeof(elf_ex));
1010 if (retval != sizeof(elf_ex))
1011 goto out;
1012
1013 if (memcmp(elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
1014 goto out;
1015
1016
1017 if (elf_ex.e_type != ET_EXEC || elf_ex.e_phnum > 2 ||
1018 !elf_check_arch(&elf_ex) || !file->f_op || !file->f_op->mmap)
1019 goto out;
1020
1021
1022
1023 j = sizeof(struct elf_phdr) * elf_ex.e_phnum;
1024
1025
1026 error = -ENOMEM;
1027 elf_phdata = kmalloc(j, GFP_KERNEL);
1028 if (!elf_phdata)
1029 goto out;
1030
1031 eppnt = elf_phdata;
1032 error = -ENOEXEC;
1033 retval = kernel_read(file, elf_ex.e_phoff, (char *)eppnt, j);
1034 if (retval != j)
1035 goto out_free_ph;
1036
1037 for (j = 0, i = 0; i<elf_ex.e_phnum; i++)
1038 if ((eppnt + i)->p_type == PT_LOAD)
1039 j++;
1040 if (j != 1)
1041 goto out_free_ph;
1042
1043 while (eppnt->p_type != PT_LOAD)
1044 eppnt++;
1045
1046
1047 down_write(¤t->mm->mmap_sem);
1048 error = do_mmap(file,
1049 ELF_PAGESTART(eppnt->p_vaddr),
1050 (eppnt->p_filesz +
1051 ELF_PAGEOFFSET(eppnt->p_vaddr)),
1052 PROT_READ | PROT_WRITE | PROT_EXEC,
1053 MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE,
1054 (eppnt->p_offset -
1055 ELF_PAGEOFFSET(eppnt->p_vaddr)));
1056 up_write(¤t->mm->mmap_sem);
1057 if (error != ELF_PAGESTART(eppnt->p_vaddr))
1058 goto out_free_ph;
1059
1060 elf_bss = eppnt->p_vaddr + eppnt->p_filesz;
1061 if (padzero(elf_bss)) {
1062 error = -EFAULT;
1063 goto out_free_ph;
1064 }
1065
1066 len = ELF_PAGESTART(eppnt->p_filesz + eppnt->p_vaddr +
1067 ELF_MIN_ALIGN - 1);
1068 bss = eppnt->p_memsz + eppnt->p_vaddr;
1069 if (bss > len) {
1070 down_write(¤t->mm->mmap_sem);
1071 do_brk(len, bss - len);
1072 up_write(¤t->mm->mmap_sem);
1073 }
1074 error = 0;
1075
1076out_free_ph:
1077 kfree(elf_phdata);
1078out:
1079 return error;
1080}
1081
1082#ifdef CONFIG_ELF_CORE
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093static unsigned long vma_dump_size(struct vm_area_struct *vma,
1094 unsigned long mm_flags)
1095{
1096#define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type))
1097
1098
1099 if (vma->vm_flags & VM_ALWAYSDUMP)
1100 goto whole;
1101
1102
1103 if (vma->vm_flags & VM_HUGETLB) {
1104 if ((vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_SHARED))
1105 goto whole;
1106 if (!(vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_PRIVATE))
1107 goto whole;
1108 }
1109
1110
1111 if (vma->vm_flags & (VM_IO | VM_RESERVED))
1112 return 0;
1113
1114
1115 if (vma->vm_flags & VM_SHARED) {
1116 if (vma->vm_file->f_path.dentry->d_inode->i_nlink == 0 ?
1117 FILTER(ANON_SHARED) : FILTER(MAPPED_SHARED))
1118 goto whole;
1119 return 0;
1120 }
1121
1122
1123 if (vma->anon_vma && FILTER(ANON_PRIVATE))
1124 goto whole;
1125 if (vma->vm_file == NULL)
1126 return 0;
1127
1128 if (FILTER(MAPPED_PRIVATE))
1129 goto whole;
1130
1131
1132
1133
1134
1135
1136 if (FILTER(ELF_HEADERS) &&
1137 vma->vm_pgoff == 0 && (vma->vm_flags & VM_READ)) {
1138 u32 __user *header = (u32 __user *) vma->vm_start;
1139 u32 word;
1140 mm_segment_t fs = get_fs();
1141
1142
1143
1144 union {
1145 u32 cmp;
1146 char elfmag[SELFMAG];
1147 } magic;
1148 BUILD_BUG_ON(SELFMAG != sizeof word);
1149 magic.elfmag[EI_MAG0] = ELFMAG0;
1150 magic.elfmag[EI_MAG1] = ELFMAG1;
1151 magic.elfmag[EI_MAG2] = ELFMAG2;
1152 magic.elfmag[EI_MAG3] = ELFMAG3;
1153
1154
1155
1156
1157 set_fs(USER_DS);
1158 if (unlikely(get_user(word, header)))
1159 word = 0;
1160 set_fs(fs);
1161 if (word == magic.cmp)
1162 return PAGE_SIZE;
1163 }
1164
1165#undef FILTER
1166
1167 return 0;
1168
1169whole:
1170 return vma->vm_end - vma->vm_start;
1171}
1172
1173
1174struct memelfnote
1175{
1176 const char *name;
1177 int type;
1178 unsigned int datasz;
1179 void *data;
1180};
1181
1182static int notesize(struct memelfnote *en)
1183{
1184 int sz;
1185
1186 sz = sizeof(struct elf_note);
1187 sz += roundup(strlen(en->name) + 1, 4);
1188 sz += roundup(en->datasz, 4);
1189
1190 return sz;
1191}
1192
1193#define DUMP_WRITE(addr, nr, foffset) \
1194 do { if (!dump_write(file, (addr), (nr))) return 0; *foffset += (nr); } while(0)
1195
1196static int alignfile(struct file *file, loff_t *foffset)
1197{
1198 static const char buf[4] = { 0, };
1199 DUMP_WRITE(buf, roundup(*foffset, 4) - *foffset, foffset);
1200 return 1;
1201}
1202
1203static int writenote(struct memelfnote *men, struct file *file,
1204 loff_t *foffset)
1205{
1206 struct elf_note en;
1207 en.n_namesz = strlen(men->name) + 1;
1208 en.n_descsz = men->datasz;
1209 en.n_type = men->type;
1210
1211 DUMP_WRITE(&en, sizeof(en), foffset);
1212 DUMP_WRITE(men->name, en.n_namesz, foffset);
1213 if (!alignfile(file, foffset))
1214 return 0;
1215 DUMP_WRITE(men->data, men->datasz, foffset);
1216 if (!alignfile(file, foffset))
1217 return 0;
1218
1219 return 1;
1220}
1221#undef DUMP_WRITE
1222
1223static void fill_elf_header(struct elfhdr *elf, int segs,
1224 u16 machine, u32 flags, u8 osabi)
1225{
1226 memset(elf, 0, sizeof(*elf));
1227
1228 memcpy(elf->e_ident, ELFMAG, SELFMAG);
1229 elf->e_ident[EI_CLASS] = ELF_CLASS;
1230 elf->e_ident[EI_DATA] = ELF_DATA;
1231 elf->e_ident[EI_VERSION] = EV_CURRENT;
1232 elf->e_ident[EI_OSABI] = ELF_OSABI;
1233
1234 elf->e_type = ET_CORE;
1235 elf->e_machine = machine;
1236 elf->e_version = EV_CURRENT;
1237 elf->e_phoff = sizeof(struct elfhdr);
1238 elf->e_flags = flags;
1239 elf->e_ehsize = sizeof(struct elfhdr);
1240 elf->e_phentsize = sizeof(struct elf_phdr);
1241 elf->e_phnum = segs;
1242
1243 return;
1244}
1245
1246static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, loff_t offset)
1247{
1248 phdr->p_type = PT_NOTE;
1249 phdr->p_offset = offset;
1250 phdr->p_vaddr = 0;
1251 phdr->p_paddr = 0;
1252 phdr->p_filesz = sz;
1253 phdr->p_memsz = 0;
1254 phdr->p_flags = 0;
1255 phdr->p_align = 0;
1256 return;
1257}
1258
1259static void fill_note(struct memelfnote *note, const char *name, int type,
1260 unsigned int sz, void *data)
1261{
1262 note->name = name;
1263 note->type = type;
1264 note->datasz = sz;
1265 note->data = data;
1266 return;
1267}
1268
1269
1270
1271
1272
1273static void fill_prstatus(struct elf_prstatus *prstatus,
1274 struct task_struct *p, long signr)
1275{
1276 prstatus->pr_info.si_signo = prstatus->pr_cursig = signr;
1277 prstatus->pr_sigpend = p->pending.signal.sig[0];
1278 prstatus->pr_sighold = p->blocked.sig[0];
1279 rcu_read_lock();
1280 prstatus->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1281 rcu_read_unlock();
1282 prstatus->pr_pid = task_pid_vnr(p);
1283 prstatus->pr_pgrp = task_pgrp_vnr(p);
1284 prstatus->pr_sid = task_session_vnr(p);
1285 if (thread_group_leader(p)) {
1286 struct task_cputime cputime;
1287
1288
1289
1290
1291
1292 thread_group_cputime(p, &cputime);
1293 cputime_to_timeval(cputime.utime, &prstatus->pr_utime);
1294 cputime_to_timeval(cputime.stime, &prstatus->pr_stime);
1295 } else {
1296 cputime_to_timeval(p->utime, &prstatus->pr_utime);
1297 cputime_to_timeval(p->stime, &prstatus->pr_stime);
1298 }
1299 cputime_to_timeval(p->signal->cutime, &prstatus->pr_cutime);
1300 cputime_to_timeval(p->signal->cstime, &prstatus->pr_cstime);
1301}
1302
1303static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p,
1304 struct mm_struct *mm)
1305{
1306 const struct cred *cred;
1307 unsigned int i, len;
1308
1309
1310 memset(psinfo, 0, sizeof(struct elf_prpsinfo));
1311
1312 len = mm->arg_end - mm->arg_start;
1313 if (len >= ELF_PRARGSZ)
1314 len = ELF_PRARGSZ-1;
1315 if (copy_from_user(&psinfo->pr_psargs,
1316 (const char __user *)mm->arg_start, len))
1317 return -EFAULT;
1318 for(i = 0; i < len; i++)
1319 if (psinfo->pr_psargs[i] == 0)
1320 psinfo->pr_psargs[i] = ' ';
1321 psinfo->pr_psargs[len] = 0;
1322
1323 rcu_read_lock();
1324 psinfo->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1325 rcu_read_unlock();
1326 psinfo->pr_pid = task_pid_vnr(p);
1327 psinfo->pr_pgrp = task_pgrp_vnr(p);
1328 psinfo->pr_sid = task_session_vnr(p);
1329
1330 i = p->state ? ffz(~p->state) + 1 : 0;
1331 psinfo->pr_state = i;
1332 psinfo->pr_sname = (i > 5) ? '.' : "RSDTZW"[i];
1333 psinfo->pr_zomb = psinfo->pr_sname == 'Z';
1334 psinfo->pr_nice = task_nice(p);
1335 psinfo->pr_flag = p->flags;
1336 rcu_read_lock();
1337 cred = __task_cred(p);
1338 SET_UID(psinfo->pr_uid, cred->uid);
1339 SET_GID(psinfo->pr_gid, cred->gid);
1340 rcu_read_unlock();
1341 strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname));
1342
1343 return 0;
1344}
1345
1346static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
1347{
1348 elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
1349 int i = 0;
1350 do
1351 i += 2;
1352 while (auxv[i - 2] != AT_NULL);
1353 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
1354}
1355
1356#ifdef CORE_DUMP_USE_REGSET
1357#include <linux/regset.h>
1358
1359struct elf_thread_core_info {
1360 struct elf_thread_core_info *next;
1361 struct task_struct *task;
1362 struct elf_prstatus prstatus;
1363 struct memelfnote notes[0];
1364};
1365
1366struct elf_note_info {
1367 struct elf_thread_core_info *thread;
1368 struct memelfnote psinfo;
1369 struct memelfnote auxv;
1370 size_t size;
1371 int thread_notes;
1372};
1373
1374
1375
1376
1377
1378
1379static void do_thread_regset_writeback(struct task_struct *task,
1380 const struct user_regset *regset)
1381{
1382 if (regset->writeback)
1383 regset->writeback(task, regset, 1);
1384}
1385
1386static int fill_thread_core_info(struct elf_thread_core_info *t,
1387 const struct user_regset_view *view,
1388 long signr, size_t *total)
1389{
1390 unsigned int i;
1391
1392
1393
1394
1395
1396
1397
1398 fill_prstatus(&t->prstatus, t->task, signr);
1399 (void) view->regsets[0].get(t->task, &view->regsets[0],
1400 0, sizeof(t->prstatus.pr_reg),
1401 &t->prstatus.pr_reg, NULL);
1402
1403 fill_note(&t->notes[0], "CORE", NT_PRSTATUS,
1404 sizeof(t->prstatus), &t->prstatus);
1405 *total += notesize(&t->notes[0]);
1406
1407 do_thread_regset_writeback(t->task, &view->regsets[0]);
1408
1409
1410
1411
1412
1413
1414 for (i = 1; i < view->n; ++i) {
1415 const struct user_regset *regset = &view->regsets[i];
1416 do_thread_regset_writeback(t->task, regset);
1417 if (regset->core_note_type &&
1418 (!regset->active || regset->active(t->task, regset))) {
1419 int ret;
1420 size_t size = regset->n * regset->size;
1421 void *data = kmalloc(size, GFP_KERNEL);
1422 if (unlikely(!data))
1423 return 0;
1424 ret = regset->get(t->task, regset,
1425 0, size, data, NULL);
1426 if (unlikely(ret))
1427 kfree(data);
1428 else {
1429 if (regset->core_note_type != NT_PRFPREG)
1430 fill_note(&t->notes[i], "LINUX",
1431 regset->core_note_type,
1432 size, data);
1433 else {
1434 t->prstatus.pr_fpvalid = 1;
1435 fill_note(&t->notes[i], "CORE",
1436 NT_PRFPREG, size, data);
1437 }
1438 *total += notesize(&t->notes[i]);
1439 }
1440 }
1441 }
1442
1443 return 1;
1444}
1445
1446static int fill_note_info(struct elfhdr *elf, int phdrs,
1447 struct elf_note_info *info,
1448 long signr, struct pt_regs *regs)
1449{
1450 struct task_struct *dump_task = current;
1451 const struct user_regset_view *view = task_user_regset_view(dump_task);
1452 struct elf_thread_core_info *t;
1453 struct elf_prpsinfo *psinfo;
1454 struct core_thread *ct;
1455 unsigned int i;
1456
1457 info->size = 0;
1458 info->thread = NULL;
1459
1460 psinfo = kmalloc(sizeof(*psinfo), GFP_KERNEL);
1461 if (psinfo == NULL)
1462 return 0;
1463
1464 fill_note(&info->psinfo, "CORE", NT_PRPSINFO, sizeof(*psinfo), psinfo);
1465
1466
1467
1468
1469 info->thread_notes = 0;
1470 for (i = 0; i < view->n; ++i)
1471 if (view->regsets[i].core_note_type != 0)
1472 ++info->thread_notes;
1473
1474
1475
1476
1477
1478 if (unlikely(info->thread_notes == 0) ||
1479 unlikely(view->regsets[0].core_note_type != NT_PRSTATUS)) {
1480 WARN_ON(1);
1481 return 0;
1482 }
1483
1484
1485
1486
1487 fill_elf_header(elf, phdrs,
1488 view->e_machine, view->e_flags, view->ei_osabi);
1489
1490
1491
1492
1493 for (ct = &dump_task->mm->core_state->dumper; ct; ct = ct->next) {
1494 t = kzalloc(offsetof(struct elf_thread_core_info,
1495 notes[info->thread_notes]),
1496 GFP_KERNEL);
1497 if (unlikely(!t))
1498 return 0;
1499
1500 t->task = ct->task;
1501 if (ct->task == dump_task || !info->thread) {
1502 t->next = info->thread;
1503 info->thread = t;
1504 } else {
1505
1506
1507
1508
1509 t->next = info->thread->next;
1510 info->thread->next = t;
1511 }
1512 }
1513
1514
1515
1516
1517 for (t = info->thread; t != NULL; t = t->next)
1518 if (!fill_thread_core_info(t, view, signr, &info->size))
1519 return 0;
1520
1521
1522
1523
1524 fill_psinfo(psinfo, dump_task->group_leader, dump_task->mm);
1525 info->size += notesize(&info->psinfo);
1526
1527 fill_auxv_note(&info->auxv, current->mm);
1528 info->size += notesize(&info->auxv);
1529
1530 return 1;
1531}
1532
1533static size_t get_note_info_size(struct elf_note_info *info)
1534{
1535 return info->size;
1536}
1537
1538
1539
1540
1541
1542static int write_note_info(struct elf_note_info *info,
1543 struct file *file, loff_t *foffset)
1544{
1545 bool first = 1;
1546 struct elf_thread_core_info *t = info->thread;
1547
1548 do {
1549 int i;
1550
1551 if (!writenote(&t->notes[0], file, foffset))
1552 return 0;
1553
1554 if (first && !writenote(&info->psinfo, file, foffset))
1555 return 0;
1556 if (first && !writenote(&info->auxv, file, foffset))
1557 return 0;
1558
1559 for (i = 1; i < info->thread_notes; ++i)
1560 if (t->notes[i].data &&
1561 !writenote(&t->notes[i], file, foffset))
1562 return 0;
1563
1564 first = 0;
1565 t = t->next;
1566 } while (t);
1567
1568 return 1;
1569}
1570
1571static void free_note_info(struct elf_note_info *info)
1572{
1573 struct elf_thread_core_info *threads = info->thread;
1574 while (threads) {
1575 unsigned int i;
1576 struct elf_thread_core_info *t = threads;
1577 threads = t->next;
1578 WARN_ON(t->notes[0].data && t->notes[0].data != &t->prstatus);
1579 for (i = 1; i < info->thread_notes; ++i)
1580 kfree(t->notes[i].data);
1581 kfree(t);
1582 }
1583 kfree(info->psinfo.data);
1584}
1585
1586#else
1587
1588
1589struct elf_thread_status
1590{
1591 struct list_head list;
1592 struct elf_prstatus prstatus;
1593 elf_fpregset_t fpu;
1594 struct task_struct *thread;
1595#ifdef ELF_CORE_COPY_XFPREGS
1596 elf_fpxregset_t xfpu;
1597#endif
1598 struct memelfnote notes[3];
1599 int num_notes;
1600};
1601
1602
1603
1604
1605
1606
1607static int elf_dump_thread_status(long signr, struct elf_thread_status *t)
1608{
1609 int sz = 0;
1610 struct task_struct *p = t->thread;
1611 t->num_notes = 0;
1612
1613 fill_prstatus(&t->prstatus, p, signr);
1614 elf_core_copy_task_regs(p, &t->prstatus.pr_reg);
1615
1616 fill_note(&t->notes[0], "CORE", NT_PRSTATUS, sizeof(t->prstatus),
1617 &(t->prstatus));
1618 t->num_notes++;
1619 sz += notesize(&t->notes[0]);
1620
1621 if ((t->prstatus.pr_fpvalid = elf_core_copy_task_fpregs(p, NULL,
1622 &t->fpu))) {
1623 fill_note(&t->notes[1], "CORE", NT_PRFPREG, sizeof(t->fpu),
1624 &(t->fpu));
1625 t->num_notes++;
1626 sz += notesize(&t->notes[1]);
1627 }
1628
1629#ifdef ELF_CORE_COPY_XFPREGS
1630 if (elf_core_copy_task_xfpregs(p, &t->xfpu)) {
1631 fill_note(&t->notes[2], "LINUX", ELF_CORE_XFPREG_TYPE,
1632 sizeof(t->xfpu), &t->xfpu);
1633 t->num_notes++;
1634 sz += notesize(&t->notes[2]);
1635 }
1636#endif
1637 return sz;
1638}
1639
1640struct elf_note_info {
1641 struct memelfnote *notes;
1642 struct elf_prstatus *prstatus;
1643 struct elf_prpsinfo *psinfo;
1644 struct list_head thread_list;
1645 elf_fpregset_t *fpu;
1646#ifdef ELF_CORE_COPY_XFPREGS
1647 elf_fpxregset_t *xfpu;
1648#endif
1649 int thread_status_size;
1650 int numnote;
1651};
1652
1653static int elf_note_info_init(struct elf_note_info *info)
1654{
1655 memset(info, 0, sizeof(*info));
1656 INIT_LIST_HEAD(&info->thread_list);
1657
1658
1659 info->notes = kmalloc(6 * sizeof(struct memelfnote), GFP_KERNEL);
1660 if (!info->notes)
1661 return 0;
1662 info->psinfo = kmalloc(sizeof(*info->psinfo), GFP_KERNEL);
1663 if (!info->psinfo)
1664 goto notes_free;
1665 info->prstatus = kmalloc(sizeof(*info->prstatus), GFP_KERNEL);
1666 if (!info->prstatus)
1667 goto psinfo_free;
1668 info->fpu = kmalloc(sizeof(*info->fpu), GFP_KERNEL);
1669 if (!info->fpu)
1670 goto prstatus_free;
1671#ifdef ELF_CORE_COPY_XFPREGS
1672 info->xfpu = kmalloc(sizeof(*info->xfpu), GFP_KERNEL);
1673 if (!info->xfpu)
1674 goto fpu_free;
1675#endif
1676 return 1;
1677#ifdef ELF_CORE_COPY_XFPREGS
1678 fpu_free:
1679 kfree(info->fpu);
1680#endif
1681 prstatus_free:
1682 kfree(info->prstatus);
1683 psinfo_free:
1684 kfree(info->psinfo);
1685 notes_free:
1686 kfree(info->notes);
1687 return 0;
1688}
1689
1690static int fill_note_info(struct elfhdr *elf, int phdrs,
1691 struct elf_note_info *info,
1692 long signr, struct pt_regs *regs)
1693{
1694 struct list_head *t;
1695
1696 if (!elf_note_info_init(info))
1697 return 0;
1698
1699 if (signr) {
1700 struct core_thread *ct;
1701 struct elf_thread_status *ets;
1702
1703 for (ct = current->mm->core_state->dumper.next;
1704 ct; ct = ct->next) {
1705 ets = kzalloc(sizeof(*ets), GFP_KERNEL);
1706 if (!ets)
1707 return 0;
1708
1709 ets->thread = ct->task;
1710 list_add(&ets->list, &info->thread_list);
1711 }
1712
1713 list_for_each(t, &info->thread_list) {
1714 int sz;
1715
1716 ets = list_entry(t, struct elf_thread_status, list);
1717 sz = elf_dump_thread_status(signr, ets);
1718 info->thread_status_size += sz;
1719 }
1720 }
1721
1722 memset(info->prstatus, 0, sizeof(*info->prstatus));
1723 fill_prstatus(info->prstatus, current, signr);
1724 elf_core_copy_regs(&info->prstatus->pr_reg, regs);
1725
1726
1727 fill_elf_header(elf, phdrs, ELF_ARCH, ELF_CORE_EFLAGS, ELF_OSABI);
1728
1729
1730
1731
1732
1733
1734 fill_note(info->notes + 0, "CORE", NT_PRSTATUS,
1735 sizeof(*info->prstatus), info->prstatus);
1736 fill_psinfo(info->psinfo, current->group_leader, current->mm);
1737 fill_note(info->notes + 1, "CORE", NT_PRPSINFO,
1738 sizeof(*info->psinfo), info->psinfo);
1739
1740 info->numnote = 2;
1741
1742 fill_auxv_note(&info->notes[info->numnote++], current->mm);
1743
1744
1745 info->prstatus->pr_fpvalid = elf_core_copy_task_fpregs(current, regs,
1746 info->fpu);
1747 if (info->prstatus->pr_fpvalid)
1748 fill_note(info->notes + info->numnote++,
1749 "CORE", NT_PRFPREG, sizeof(*info->fpu), info->fpu);
1750#ifdef ELF_CORE_COPY_XFPREGS
1751 if (elf_core_copy_task_xfpregs(current, info->xfpu))
1752 fill_note(info->notes + info->numnote++,
1753 "LINUX", ELF_CORE_XFPREG_TYPE,
1754 sizeof(*info->xfpu), info->xfpu);
1755#endif
1756
1757 return 1;
1758}
1759
1760static size_t get_note_info_size(struct elf_note_info *info)
1761{
1762 int sz = 0;
1763 int i;
1764
1765 for (i = 0; i < info->numnote; i++)
1766 sz += notesize(info->notes + i);
1767
1768 sz += info->thread_status_size;
1769
1770 return sz;
1771}
1772
1773static int write_note_info(struct elf_note_info *info,
1774 struct file *file, loff_t *foffset)
1775{
1776 int i;
1777 struct list_head *t;
1778
1779 for (i = 0; i < info->numnote; i++)
1780 if (!writenote(info->notes + i, file, foffset))
1781 return 0;
1782
1783
1784 list_for_each(t, &info->thread_list) {
1785 struct elf_thread_status *tmp =
1786 list_entry(t, struct elf_thread_status, list);
1787
1788 for (i = 0; i < tmp->num_notes; i++)
1789 if (!writenote(&tmp->notes[i], file, foffset))
1790 return 0;
1791 }
1792
1793 return 1;
1794}
1795
1796static void free_note_info(struct elf_note_info *info)
1797{
1798 while (!list_empty(&info->thread_list)) {
1799 struct list_head *tmp = info->thread_list.next;
1800 list_del(tmp);
1801 kfree(list_entry(tmp, struct elf_thread_status, list));
1802 }
1803
1804 kfree(info->prstatus);
1805 kfree(info->psinfo);
1806 kfree(info->notes);
1807 kfree(info->fpu);
1808#ifdef ELF_CORE_COPY_XFPREGS
1809 kfree(info->xfpu);
1810#endif
1811}
1812
1813#endif
1814
1815static struct vm_area_struct *first_vma(struct task_struct *tsk,
1816 struct vm_area_struct *gate_vma)
1817{
1818 struct vm_area_struct *ret = tsk->mm->mmap;
1819
1820 if (ret)
1821 return ret;
1822 return gate_vma;
1823}
1824
1825
1826
1827
1828static struct vm_area_struct *next_vma(struct vm_area_struct *this_vma,
1829 struct vm_area_struct *gate_vma)
1830{
1831 struct vm_area_struct *ret;
1832
1833 ret = this_vma->vm_next;
1834 if (ret)
1835 return ret;
1836 if (this_vma == gate_vma)
1837 return NULL;
1838 return gate_vma;
1839}
1840
1841static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
1842 elf_addr_t e_shoff, int segs)
1843{
1844 elf->e_shoff = e_shoff;
1845 elf->e_shentsize = sizeof(*shdr4extnum);
1846 elf->e_shnum = 1;
1847 elf->e_shstrndx = SHN_UNDEF;
1848
1849 memset(shdr4extnum, 0, sizeof(*shdr4extnum));
1850
1851 shdr4extnum->sh_type = SHT_NULL;
1852 shdr4extnum->sh_size = elf->e_shnum;
1853 shdr4extnum->sh_link = elf->e_shstrndx;
1854 shdr4extnum->sh_info = segs;
1855}
1856
1857static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma,
1858 unsigned long mm_flags)
1859{
1860 struct vm_area_struct *vma;
1861 size_t size = 0;
1862
1863 for (vma = first_vma(current, gate_vma); vma != NULL;
1864 vma = next_vma(vma, gate_vma))
1865 size += vma_dump_size(vma, mm_flags);
1866 return size;
1867}
1868
1869
1870
1871
1872
1873
1874
1875
1876static int elf_core_dump(struct coredump_params *cprm)
1877{
1878 int has_dumped = 0;
1879 mm_segment_t fs;
1880 int segs;
1881 size_t size = 0;
1882 struct vm_area_struct *vma, *gate_vma;
1883 struct elfhdr *elf = NULL;
1884 loff_t offset = 0, dataoff, foffset;
1885 struct elf_note_info info;
1886 struct elf_phdr *phdr4note = NULL;
1887 struct elf_shdr *shdr4extnum = NULL;
1888 Elf_Half e_phnum;
1889 elf_addr_t e_shoff;
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904 elf = kmalloc(sizeof(*elf), GFP_KERNEL);
1905 if (!elf)
1906 goto out;
1907
1908
1909
1910
1911 segs = current->mm->map_count;
1912 segs += elf_core_extra_phdrs();
1913
1914 gate_vma = get_gate_vma(current);
1915 if (gate_vma != NULL)
1916 segs++;
1917
1918
1919 segs++;
1920
1921
1922
1923
1924 e_phnum = segs > PN_XNUM ? PN_XNUM : segs;
1925
1926
1927
1928
1929
1930 if (!fill_note_info(elf, e_phnum, &info, cprm->signr, cprm->regs))
1931 goto cleanup;
1932
1933 has_dumped = 1;
1934 current->flags |= PF_DUMPCORE;
1935
1936 fs = get_fs();
1937 set_fs(KERNEL_DS);
1938
1939 offset += sizeof(*elf);
1940 offset += segs * sizeof(struct elf_phdr);
1941 foffset = offset;
1942
1943
1944 {
1945 size_t sz = get_note_info_size(&info);
1946
1947 sz += elf_coredump_extra_notes_size();
1948
1949 phdr4note = kmalloc(sizeof(*phdr4note), GFP_KERNEL);
1950 if (!phdr4note)
1951 goto end_coredump;
1952
1953 fill_elf_note_phdr(phdr4note, sz, offset);
1954 offset += sz;
1955 }
1956
1957 dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
1958
1959 offset += elf_core_vma_data_size(gate_vma, cprm->mm_flags);
1960 offset += elf_core_extra_data_size();
1961 e_shoff = offset;
1962
1963 if (e_phnum == PN_XNUM) {
1964 shdr4extnum = kmalloc(sizeof(*shdr4extnum), GFP_KERNEL);
1965 if (!shdr4extnum)
1966 goto end_coredump;
1967 fill_extnum_info(elf, shdr4extnum, e_shoff, segs);
1968 }
1969
1970 offset = dataoff;
1971
1972 size += sizeof(*elf);
1973 if (size > cprm->limit || !dump_write(cprm->file, elf, sizeof(*elf)))
1974 goto end_coredump;
1975
1976 size += sizeof(*phdr4note);
1977 if (size > cprm->limit
1978 || !dump_write(cprm->file, phdr4note, sizeof(*phdr4note)))
1979 goto end_coredump;
1980
1981
1982 for (vma = first_vma(current, gate_vma); vma != NULL;
1983 vma = next_vma(vma, gate_vma)) {
1984 struct elf_phdr phdr;
1985
1986 phdr.p_type = PT_LOAD;
1987 phdr.p_offset = offset;
1988 phdr.p_vaddr = vma->vm_start;
1989 phdr.p_paddr = 0;
1990 phdr.p_filesz = vma_dump_size(vma, cprm->mm_flags);
1991 phdr.p_memsz = vma->vm_end - vma->vm_start;
1992 offset += phdr.p_filesz;
1993 phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
1994 if (vma->vm_flags & VM_WRITE)
1995 phdr.p_flags |= PF_W;
1996 if (vma->vm_flags & VM_EXEC)
1997 phdr.p_flags |= PF_X;
1998 phdr.p_align = ELF_EXEC_PAGESIZE;
1999
2000 size += sizeof(phdr);
2001 if (size > cprm->limit
2002 || !dump_write(cprm->file, &phdr, sizeof(phdr)))
2003 goto end_coredump;
2004 }
2005
2006 if (!elf_core_write_extra_phdrs(cprm->file, offset, &size, cprm->limit))
2007 goto end_coredump;
2008
2009
2010 if (!write_note_info(&info, cprm->file, &foffset))
2011 goto end_coredump;
2012
2013 if (elf_coredump_extra_notes_write(cprm->file, &foffset))
2014 goto end_coredump;
2015
2016
2017 if (!dump_seek(cprm->file, dataoff - foffset))
2018 goto end_coredump;
2019
2020 for (vma = first_vma(current, gate_vma); vma != NULL;
2021 vma = next_vma(vma, gate_vma)) {
2022 unsigned long addr;
2023 unsigned long end;
2024
2025 end = vma->vm_start + vma_dump_size(vma, cprm->mm_flags);
2026
2027 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
2028 struct page *page;
2029 int stop;
2030
2031 page = get_dump_page(addr);
2032 if (page) {
2033 void *kaddr = kmap(page);
2034 stop = ((size += PAGE_SIZE) > cprm->limit) ||
2035 !dump_write(cprm->file, kaddr,
2036 PAGE_SIZE);
2037 kunmap(page);
2038 page_cache_release(page);
2039 } else
2040 stop = !dump_seek(cprm->file, PAGE_SIZE);
2041 if (stop)
2042 goto end_coredump;
2043 }
2044 }
2045
2046 if (!elf_core_write_extra_data(cprm->file, &size, cprm->limit))
2047 goto end_coredump;
2048
2049 if (e_phnum == PN_XNUM) {
2050 size += sizeof(*shdr4extnum);
2051 if (size > cprm->limit
2052 || !dump_write(cprm->file, shdr4extnum,
2053 sizeof(*shdr4extnum)))
2054 goto end_coredump;
2055 }
2056
2057end_coredump:
2058 set_fs(fs);
2059
2060cleanup:
2061 free_note_info(&info);
2062 kfree(shdr4extnum);
2063 kfree(phdr4note);
2064 kfree(elf);
2065out:
2066 return has_dumped;
2067}
2068
2069#endif
2070
2071static int __init init_elf_binfmt(void)
2072{
2073 return register_binfmt(&elf_format);
2074}
2075
2076static void __exit exit_elf_binfmt(void)
2077{
2078
2079 unregister_binfmt(&elf_format);
2080}
2081
2082core_initcall(init_elf_binfmt);
2083module_exit(exit_elf_binfmt);
2084MODULE_LICENSE("GPL");
2085
