1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * linux/fs/binfmt_elf.c
4 *
5 * These are the functions used to load ELF format executables as used
6 * on SVr4 machines. Information on the format may be found in the book
7 * "UNIX SYSTEM V RELEASE 4 Programmers Guide: Ansi C and Programming Support
8 * Tools".
9 *
10 * Copyright 1993, 1994: Eric Youngdale (ericy@cais.com).
11 */
12
13 #include <linux/module.h>
14 #include <linux/kernel.h>
15 #include <linux/fs.h>
16 #include <linux/log2.h>
17 #include <linux/mm.h>
18 #include <linux/mman.h>
19 #include <linux/errno.h>
20 #include <linux/signal.h>
21 #include <linux/binfmts.h>
22 #include <linux/string.h>
23 #include <linux/file.h>
24 #include <linux/slab.h>
25 #include <linux/personality.h>
26 #include <linux/elfcore.h>
27 #include <linux/init.h>
28 #include <linux/highuid.h>
29 #include <linux/compiler.h>
30 #include <linux/highmem.h>
31 #include <linux/hugetlb.h>
32 #include <linux/pagemap.h>
33 #include <linux/vmalloc.h>
34 #include <linux/security.h>
35 #include <linux/random.h>
36 #include <linux/elf.h>
37 #include <linux/elf-randomize.h>
38 #include <linux/utsname.h>
39 #include <linux/coredump.h>
40 #include <linux/sched.h>
41 #include <linux/sched/coredump.h>
42 #include <linux/sched/task_stack.h>
43 #include <linux/sched/cputime.h>
44 #include <linux/sizes.h>
45 #include <linux/types.h>
46 #include <linux/cred.h>
47 #include <linux/dax.h>
48 #include <linux/uaccess.h>
49 #include <asm/param.h>
50 #include <asm/page.h>
51
52 #ifndef ELF_COMPAT
53 #define ELF_COMPAT 0
54 #endif
55
56 #ifndef user_long_t
57 #define user_long_t long
58 #endif
59 #ifndef user_siginfo_t
60 #define user_siginfo_t siginfo_t
61 #endif
62
63 /* That's for binfmt_elf_fdpic to deal with */
64 #ifndef elf_check_fdpic
65 #define elf_check_fdpic(ex) false
66 #endif
67
68 static int load_elf_binary(struct linux_binprm *bprm);
69
70 #ifdef CONFIG_USELIB
71 static int load_elf_library(struct file *);
72 #else
73 #define load_elf_library NULL
74 #endif
75
76 /*
77 * If we don't support core dumping, then supply a NULL so we
78 * don't even try.
79 */
80 #ifdef CONFIG_ELF_CORE
81 static int elf_core_dump(struct coredump_params *cprm);
82 #else
83 #define elf_core_dump NULL
84 #endif
85
86 #if ELF_EXEC_PAGESIZE > PAGE_SIZE
87 #define ELF_MIN_ALIGN ELF_EXEC_PAGESIZE
88 #else
89 #define ELF_MIN_ALIGN PAGE_SIZE
90 #endif
91
92 #ifndef ELF_CORE_EFLAGS
93 #define ELF_CORE_EFLAGS 0
94 #endif
95
96 #define ELF_PAGESTART(_v) ((_v) & ~(unsigned long)(ELF_MIN_ALIGN-1))
97 #define ELF_PAGEOFFSET(_v) ((_v) & (ELF_MIN_ALIGN-1))
98 #define ELF_PAGEALIGN(_v) (((_v) + ELF_MIN_ALIGN - 1) & ~(ELF_MIN_ALIGN - 1))
99
100 static struct linux_binfmt elf_format = {
101 .module = THIS_MODULE,
102 .load_binary = load_elf_binary,
103 .load_shlib = load_elf_library,
104 .core_dump = elf_core_dump,
105 .min_coredump = ELF_EXEC_PAGESIZE,
106 };
107
108 #define BAD_ADDR(x) (unlikely((unsigned long)(x) >= TASK_SIZE))
109
set_brk(unsigned long start,unsigned long end,int prot)110 static int set_brk(unsigned long start, unsigned long end, int prot)
111 {
112 start = ELF_PAGEALIGN(start);
113 end = ELF_PAGEALIGN(end);
114 if (end > start) {
115 /*
116 * Map the last of the bss segment.
117 * If the header is requesting these pages to be
118 * executable, honour that (ppc32 needs this).
119 */
120 int error = vm_brk_flags(start, end - start,
121 prot & PROT_EXEC ? VM_EXEC : 0);
122 if (error)
123 return error;
124 }
125 current->mm->start_brk = current->mm->brk = end;
126 return 0;
127 }
128
129 /* We need to explicitly zero any fractional pages
130 after the data section (i.e. bss). This would
131 contain the junk from the file that should not
132 be in memory
133 */
padzero(unsigned long elf_bss)134 static int padzero(unsigned long elf_bss)
135 {
136 unsigned long nbyte;
137
138 nbyte = ELF_PAGEOFFSET(elf_bss);
139 if (nbyte) {
140 nbyte = ELF_MIN_ALIGN - nbyte;
141 if (clear_user((void __user *) elf_bss, nbyte))
142 return -EFAULT;
143 }
144 return 0;
145 }
146
147 /* Let's use some macros to make this stack manipulation a little clearer */
148 #ifdef CONFIG_STACK_GROWSUP
149 #define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) + (items))
150 #define STACK_ROUND(sp, items) \
151 ((15 + (unsigned long) ((sp) + (items))) &~ 15UL)
152 #define STACK_ALLOC(sp, len) ({ \
153 elf_addr_t __user *old_sp = (elf_addr_t __user *)sp; sp += len; \
154 old_sp; })
155 #else
156 #define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) - (items))
157 #define STACK_ROUND(sp, items) \
158 (((unsigned long) (sp - items)) &~ 15UL)
159 #define STACK_ALLOC(sp, len) ({ sp -= len ; sp; })
160 #endif
161
162 #ifndef ELF_BASE_PLATFORM
163 /*
164 * AT_BASE_PLATFORM indicates the "real" hardware/microarchitecture.
165 * If the arch defines ELF_BASE_PLATFORM (in asm/elf.h), the value
166 * will be copied to the user stack in the same manner as AT_PLATFORM.
167 */
168 #define ELF_BASE_PLATFORM NULL
169 #endif
170
171 static int
create_elf_tables(struct linux_binprm * bprm,const struct elfhdr * exec,unsigned long interp_load_addr,unsigned long e_entry,unsigned long phdr_addr)172 create_elf_tables(struct linux_binprm *bprm, const struct elfhdr *exec,
173 unsigned long interp_load_addr,
174 unsigned long e_entry, unsigned long phdr_addr)
175 {
176 struct mm_struct *mm = current->mm;
177 unsigned long p = bprm->p;
178 int argc = bprm->argc;
179 int envc = bprm->envc;
180 elf_addr_t __user *sp;
181 elf_addr_t __user *u_platform;
182 elf_addr_t __user *u_base_platform;
183 elf_addr_t __user *u_rand_bytes;
184 const char *k_platform = ELF_PLATFORM;
185 const char *k_base_platform = ELF_BASE_PLATFORM;
186 unsigned char k_rand_bytes[16];
187 int items;
188 elf_addr_t *elf_info;
189 int ei_index;
190 const struct cred *cred = current_cred();
191 struct vm_area_struct *vma;
192
193 /*
194 * In some cases (e.g. Hyper-Threading), we want to avoid L1
195 * evictions by the processes running on the same package. One
196 * thing we can do is to shuffle the initial stack for them.
197 */
198
199 p = arch_align_stack(p);
200
201 /*
202 * If this architecture has a platform capability string, copy it
203 * to userspace. In some cases (Sparc), this info is impossible
204 * for userspace to get any other way, in others (i386) it is
205 * merely difficult.
206 */
207 u_platform = NULL;
208 if (k_platform) {
209 size_t len = strlen(k_platform) + 1;
210
211 u_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
212 if (copy_to_user(u_platform, k_platform, len))
213 return -EFAULT;
214 }
215
216 /*
217 * If this architecture has a "base" platform capability
218 * string, copy it to userspace.
219 */
220 u_base_platform = NULL;
221 if (k_base_platform) {
222 size_t len = strlen(k_base_platform) + 1;
223
224 u_base_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
225 if (copy_to_user(u_base_platform, k_base_platform, len))
226 return -EFAULT;
227 }
228
229 /*
230 * Generate 16 random bytes for userspace PRNG seeding.
231 */
232 get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes));
233 u_rand_bytes = (elf_addr_t __user *)
234 STACK_ALLOC(p, sizeof(k_rand_bytes));
235 if (copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes)))
236 return -EFAULT;
237
238 /* Create the ELF interpreter info */
239 elf_info = (elf_addr_t *)mm->saved_auxv;
240 /* update AT_VECTOR_SIZE_BASE if the number of NEW_AUX_ENT() changes */
241 #define NEW_AUX_ENT(id, val) \
242 do { \
243 *elf_info++ = id; \
244 *elf_info++ = val; \
245 } while (0)
246
247 #ifdef ARCH_DLINFO
248 /*
249 * ARCH_DLINFO must come first so PPC can do its special alignment of
250 * AUXV.
251 * update AT_VECTOR_SIZE_ARCH if the number of NEW_AUX_ENT() in
252 * ARCH_DLINFO changes
253 */
254 ARCH_DLINFO;
255 #endif
256 NEW_AUX_ENT(AT_HWCAP, ELF_HWCAP);
257 NEW_AUX_ENT(AT_PAGESZ, ELF_EXEC_PAGESIZE);
258 NEW_AUX_ENT(AT_CLKTCK, CLOCKS_PER_SEC);
259 NEW_AUX_ENT(AT_PHDR, phdr_addr);
260 NEW_AUX_ENT(AT_PHENT, sizeof(struct elf_phdr));
261 NEW_AUX_ENT(AT_PHNUM, exec->e_phnum);
262 NEW_AUX_ENT(AT_BASE, interp_load_addr);
263 NEW_AUX_ENT(AT_FLAGS, 0);
264 NEW_AUX_ENT(AT_ENTRY, e_entry);
265 NEW_AUX_ENT(AT_UID, from_kuid_munged(cred->user_ns, cred->uid));
266 NEW_AUX_ENT(AT_EUID, from_kuid_munged(cred->user_ns, cred->euid));
267 NEW_AUX_ENT(AT_GID, from_kgid_munged(cred->user_ns, cred->gid));
268 NEW_AUX_ENT(AT_EGID, from_kgid_munged(cred->user_ns, cred->egid));
269 NEW_AUX_ENT(AT_SECURE, bprm->secureexec);
270 NEW_AUX_ENT(AT_RANDOM, (elf_addr_t)(unsigned long)u_rand_bytes);
271 #ifdef ELF_HWCAP2
272 NEW_AUX_ENT(AT_HWCAP2, ELF_HWCAP2);
273 #endif
274 NEW_AUX_ENT(AT_EXECFN, bprm->exec);
275 if (k_platform) {
276 NEW_AUX_ENT(AT_PLATFORM,
277 (elf_addr_t)(unsigned long)u_platform);
278 }
279 if (k_base_platform) {
280 NEW_AUX_ENT(AT_BASE_PLATFORM,
281 (elf_addr_t)(unsigned long)u_base_platform);
282 }
283 if (bprm->have_execfd) {
284 NEW_AUX_ENT(AT_EXECFD, bprm->execfd);
285 }
286 #undef NEW_AUX_ENT
287 /* AT_NULL is zero; clear the rest too */
288 memset(elf_info, 0, (char *)mm->saved_auxv +
289 sizeof(mm->saved_auxv) - (char *)elf_info);
290
291 /* And advance past the AT_NULL entry. */
292 elf_info += 2;
293
294 ei_index = elf_info - (elf_addr_t *)mm->saved_auxv;
295 sp = STACK_ADD(p, ei_index);
296
297 items = (argc + 1) + (envc + 1) + 1;
298 bprm->p = STACK_ROUND(sp, items);
299
300 /* Point sp at the lowest address on the stack */
301 #ifdef CONFIG_STACK_GROWSUP
302 sp = (elf_addr_t __user *)bprm->p - items - ei_index;
303 bprm->exec = (unsigned long)sp; /* XXX: PARISC HACK */
304 #else
305 sp = (elf_addr_t __user *)bprm->p;
306 #endif
307
308
309 /*
310 * Grow the stack manually; some architectures have a limit on how
311 * far ahead a user-space access may be in order to grow the stack.
312 */
313 if (mmap_read_lock_killable(mm))
314 return -EINTR;
315 vma = find_extend_vma(mm, bprm->p);
316 mmap_read_unlock(mm);
317 if (!vma)
318 return -EFAULT;
319
320 /* Now, let's put argc (and argv, envp if appropriate) on the stack */
321 if (put_user(argc, sp++))
322 return -EFAULT;
323
324 /* Populate list of argv pointers back to argv strings. */
325 p = mm->arg_end = mm->arg_start;
326 while (argc-- > 0) {
327 size_t len;
328 if (put_user((elf_addr_t)p, sp++))
329 return -EFAULT;
330 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
331 if (!len || len > MAX_ARG_STRLEN)
332 return -EINVAL;
333 p += len;
334 }
335 if (put_user(0, sp++))
336 return -EFAULT;
337 mm->arg_end = p;
338
339 /* Populate list of envp pointers back to envp strings. */
340 mm->env_end = mm->env_start = p;
341 while (envc-- > 0) {
342 size_t len;
343 if (put_user((elf_addr_t)p, sp++))
344 return -EFAULT;
345 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
346 if (!len || len > MAX_ARG_STRLEN)
347 return -EINVAL;
348 p += len;
349 }
350 if (put_user(0, sp++))
351 return -EFAULT;
352 mm->env_end = p;
353
354 /* Put the elf_info on the stack in the right place. */
355 if (copy_to_user(sp, mm->saved_auxv, ei_index * sizeof(elf_addr_t)))
356 return -EFAULT;
357 return 0;
358 }
359
elf_map(struct file * filep,unsigned long addr,const struct elf_phdr * eppnt,int prot,int type,unsigned long total_size)360 static unsigned long elf_map(struct file *filep, unsigned long addr,
361 const struct elf_phdr *eppnt, int prot, int type,
362 unsigned long total_size)
363 {
364 unsigned long map_addr;
365 unsigned long size = eppnt->p_filesz + ELF_PAGEOFFSET(eppnt->p_vaddr);
366 unsigned long off = eppnt->p_offset - ELF_PAGEOFFSET(eppnt->p_vaddr);
367 addr = ELF_PAGESTART(addr);
368 size = ELF_PAGEALIGN(size);
369
370 /* mmap() will return -EINVAL if given a zero size, but a
371 * segment with zero filesize is perfectly valid */
372 if (!size)
373 return addr;
374
375 /*
376 * total_size is the size of the ELF (interpreter) image.
377 * The _first_ mmap needs to know the full size, otherwise
378 * randomization might put this image into an overlapping
379 * position with the ELF binary image. (since size < total_size)
380 * So we first map the 'big' image - and unmap the remainder at
381 * the end. (which unmap is needed for ELF images with holes.)
382 */
383 if (total_size) {
384 total_size = ELF_PAGEALIGN(total_size);
385 map_addr = vm_mmap(filep, addr, total_size, prot, type, off);
386 if (!BAD_ADDR(map_addr))
387 vm_munmap(map_addr+size, total_size-size);
388 } else
389 map_addr = vm_mmap(filep, addr, size, prot, type, off);
390
391 if ((type & MAP_FIXED_NOREPLACE) &&
392 PTR_ERR((void *)map_addr) == -EEXIST)
393 pr_info("%d (%s): Uhuuh, elf segment at %px requested but the memory is mapped already\n",
394 task_pid_nr(current), current->comm, (void *)addr);
395
396 return(map_addr);
397 }
398
total_mapping_size(const struct elf_phdr * cmds,int nr)399 static unsigned long total_mapping_size(const struct elf_phdr *cmds, int nr)
400 {
401 int i, first_idx = -1, last_idx = -1;
402
403 for (i = 0; i < nr; i++) {
404 if (cmds[i].p_type == PT_LOAD) {
405 last_idx = i;
406 if (first_idx == -1)
407 first_idx = i;
408 }
409 }
410 if (first_idx == -1)
411 return 0;
412
413 return cmds[last_idx].p_vaddr + cmds[last_idx].p_memsz -
414 ELF_PAGESTART(cmds[first_idx].p_vaddr);
415 }
416
elf_read(struct file * file,void * buf,size_t len,loff_t pos)417 static int elf_read(struct file *file, void *buf, size_t len, loff_t pos)
418 {
419 ssize_t rv;
420
421 rv = kernel_read(file, buf, len, &pos);
422 if (unlikely(rv != len)) {
423 return (rv < 0) ? rv : -EIO;
424 }
425 return 0;
426 }
427
maximum_alignment(struct elf_phdr * cmds,int nr)428 static unsigned long maximum_alignment(struct elf_phdr *cmds, int nr)
429 {
430 unsigned long alignment = 0;
431 int i;
432
433 for (i = 0; i < nr; i++) {
434 if (cmds[i].p_type == PT_LOAD) {
435 unsigned long p_align = cmds[i].p_align;
436
437 /* skip non-power of two alignments as invalid */
438 if (!is_power_of_2(p_align))
439 continue;
440 alignment = max(alignment, p_align);
441 }
442 }
443
444 /* ensure we align to at least one page */
445 return ELF_PAGEALIGN(alignment);
446 }
447
448 /**
449 * load_elf_phdrs() - load ELF program headers
450 * @elf_ex: ELF header of the binary whose program headers should be loaded
451 * @elf_file: the opened ELF binary file
452 *
453 * Loads ELF program headers from the binary file elf_file, which has the ELF
454 * header pointed to by elf_ex, into a newly allocated array. The caller is
455 * responsible for freeing the allocated data. Returns an ERR_PTR upon failure.
456 */
load_elf_phdrs(const struct elfhdr * elf_ex,struct file * elf_file)457 static struct elf_phdr *load_elf_phdrs(const struct elfhdr *elf_ex,
458 struct file *elf_file)
459 {
460 struct elf_phdr *elf_phdata = NULL;
461 int retval, err = -1;
462 unsigned int size;
463
464 /*
465 * If the size of this structure has changed, then punt, since
466 * we will be doing the wrong thing.
467 */
468 if (elf_ex->e_phentsize != sizeof(struct elf_phdr))
469 goto out;
470
471 /* Sanity check the number of program headers... */
472 /* ...and their total size. */
473 size = sizeof(struct elf_phdr) * elf_ex->e_phnum;
474 if (size == 0 || size > 65536 || size > ELF_MIN_ALIGN)
475 goto out;
476
477 elf_phdata = kmalloc(size, GFP_KERNEL);
478 if (!elf_phdata)
479 goto out;
480
481 /* Read in the program headers */
482 retval = elf_read(elf_file, elf_phdata, size, elf_ex->e_phoff);
483 if (retval < 0) {
484 err = retval;
485 goto out;
486 }
487
488 /* Success! */
489 err = 0;
490 out:
491 if (err) {
492 kfree(elf_phdata);
493 elf_phdata = NULL;
494 }
495 return elf_phdata;
496 }
497
498 #ifndef CONFIG_ARCH_BINFMT_ELF_STATE
499
500 /**
501 * struct arch_elf_state - arch-specific ELF loading state
502 *
503 * This structure is used to preserve architecture specific data during
504 * the loading of an ELF file, throughout the checking of architecture
505 * specific ELF headers & through to the point where the ELF load is
506 * known to be proceeding (ie. SET_PERSONALITY).
507 *
508 * This implementation is a dummy for architectures which require no
509 * specific state.
510 */
511 struct arch_elf_state {
512 };
513
514 #define INIT_ARCH_ELF_STATE {}
515
516 /**
517 * arch_elf_pt_proc() - check a PT_LOPROC..PT_HIPROC ELF program header
518 * @ehdr: The main ELF header
519 * @phdr: The program header to check
520 * @elf: The open ELF file
521 * @is_interp: True if the phdr is from the interpreter of the ELF being
522 * loaded, else false.
523 * @state: Architecture-specific state preserved throughout the process
524 * of loading the ELF.
525 *
526 * Inspects the program header phdr to validate its correctness and/or
527 * suitability for the system. Called once per ELF program header in the
528 * range PT_LOPROC to PT_HIPROC, for both the ELF being loaded and its
529 * interpreter.
530 *
531 * Return: Zero to proceed with the ELF load, non-zero to fail the ELF load
532 * with that return code.
533 */
arch_elf_pt_proc(struct elfhdr * ehdr,struct elf_phdr * phdr,struct file * elf,bool is_interp,struct arch_elf_state * state)534 static inline int arch_elf_pt_proc(struct elfhdr *ehdr,
535 struct elf_phdr *phdr,
536 struct file *elf, bool is_interp,
537 struct arch_elf_state *state)
538 {
539 /* Dummy implementation, always proceed */
540 return 0;
541 }
542
543 /**
544 * arch_check_elf() - check an ELF executable
545 * @ehdr: The main ELF header
546 * @has_interp: True if the ELF has an interpreter, else false.
547 * @interp_ehdr: The interpreter's ELF header
548 * @state: Architecture-specific state preserved throughout the process
549 * of loading the ELF.
550 *
551 * Provides a final opportunity for architecture code to reject the loading
552 * of the ELF & cause an exec syscall to return an error. This is called after
553 * all program headers to be checked by arch_elf_pt_proc have been.
554 *
555 * Return: Zero to proceed with the ELF load, non-zero to fail the ELF load
556 * with that return code.
557 */
arch_check_elf(struct elfhdr * ehdr,bool has_interp,struct elfhdr * interp_ehdr,struct arch_elf_state * state)558 static inline int arch_check_elf(struct elfhdr *ehdr, bool has_interp,
559 struct elfhdr *interp_ehdr,
560 struct arch_elf_state *state)
561 {
562 /* Dummy implementation, always proceed */
563 return 0;
564 }
565
566 #endif /* !CONFIG_ARCH_BINFMT_ELF_STATE */
567
make_prot(u32 p_flags,struct arch_elf_state * arch_state,bool has_interp,bool is_interp)568 static inline int make_prot(u32 p_flags, struct arch_elf_state *arch_state,
569 bool has_interp, bool is_interp)
570 {
571 int prot = 0;
572
573 if (p_flags & PF_R)
574 prot |= PROT_READ;
575 if (p_flags & PF_W)
576 prot |= PROT_WRITE;
577 if (p_flags & PF_X)
578 prot |= PROT_EXEC;
579
580 return arch_elf_adjust_prot(prot, arch_state, has_interp, is_interp);
581 }
582
583 /* This is much more generalized than the library routine read function,
584 so we keep this separate. Technically the library read function
585 is only provided so that we can read a.out libraries that have
586 an ELF header */
587
load_elf_interp(struct elfhdr * interp_elf_ex,struct file * interpreter,unsigned long no_base,struct elf_phdr * interp_elf_phdata,struct arch_elf_state * arch_state)588 static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
589 struct file *interpreter,
590 unsigned long no_base, struct elf_phdr *interp_elf_phdata,
591 struct arch_elf_state *arch_state)
592 {
593 struct elf_phdr *eppnt;
594 unsigned long load_addr = 0;
595 int load_addr_set = 0;
596 unsigned long last_bss = 0, elf_bss = 0;
597 int bss_prot = 0;
598 unsigned long error = ~0UL;
599 unsigned long total_size;
600 int i;
601
602 /* First of all, some simple consistency checks */
603 if (interp_elf_ex->e_type != ET_EXEC &&
604 interp_elf_ex->e_type != ET_DYN)
605 goto out;
606 if (!elf_check_arch(interp_elf_ex) ||
607 elf_check_fdpic(interp_elf_ex))
608 goto out;
609 if (!interpreter->f_op->mmap)
610 goto out;
611
612 total_size = total_mapping_size(interp_elf_phdata,
613 interp_elf_ex->e_phnum);
614 if (!total_size) {
615 error = -EINVAL;
616 goto out;
617 }
618
619 eppnt = interp_elf_phdata;
620 for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) {
621 if (eppnt->p_type == PT_LOAD) {
622 int elf_type = MAP_PRIVATE | MAP_DENYWRITE;
623 int elf_prot = make_prot(eppnt->p_flags, arch_state,
624 true, true);
625 unsigned long vaddr = 0;
626 unsigned long k, map_addr;
627
628 vaddr = eppnt->p_vaddr;
629 if (interp_elf_ex->e_type == ET_EXEC || load_addr_set)
630 elf_type |= MAP_FIXED;
631 else if (no_base && interp_elf_ex->e_type == ET_DYN)
632 load_addr = -vaddr;
633
634 map_addr = elf_map(interpreter, load_addr + vaddr,
635 eppnt, elf_prot, elf_type, total_size);
636 total_size = 0;
637 error = map_addr;
638 if (BAD_ADDR(map_addr))
639 goto out;
640
641 if (!load_addr_set &&
642 interp_elf_ex->e_type == ET_DYN) {
643 load_addr = map_addr - ELF_PAGESTART(vaddr);
644 load_addr_set = 1;
645 }
646
647 /*
648 * Check to see if the section's size will overflow the
649 * allowed task size. Note that p_filesz must always be
650 * <= p_memsize so it's only necessary to check p_memsz.
651 */
652 k = load_addr + eppnt->p_vaddr;
653 if (BAD_ADDR(k) ||
654 eppnt->p_filesz > eppnt->p_memsz ||
655 eppnt->p_memsz > TASK_SIZE ||
656 TASK_SIZE - eppnt->p_memsz < k) {
657 error = -ENOMEM;
658 goto out;
659 }
660
661 /*
662 * Find the end of the file mapping for this phdr, and
663 * keep track of the largest address we see for this.
664 */
665 k = load_addr + eppnt->p_vaddr + eppnt->p_filesz;
666 if (k > elf_bss)
667 elf_bss = k;
668
669 /*
670 * Do the same thing for the memory mapping - between
671 * elf_bss and last_bss is the bss section.
672 */
673 k = load_addr + eppnt->p_vaddr + eppnt->p_memsz;
674 if (k > last_bss) {
675 last_bss = k;
676 bss_prot = elf_prot;
677 }
678 }
679 }
680
681 /*
682 * Now fill out the bss section: first pad the last page from
683 * the file up to the page boundary, and zero it from elf_bss
684 * up to the end of the page.
685 */
686 if (padzero(elf_bss)) {
687 error = -EFAULT;
688 goto out;
689 }
690 /*
691 * Next, align both the file and mem bss up to the page size,
692 * since this is where elf_bss was just zeroed up to, and where
693 * last_bss will end after the vm_brk_flags() below.
694 */
695 elf_bss = ELF_PAGEALIGN(elf_bss);
696 last_bss = ELF_PAGEALIGN(last_bss);
697 /* Finally, if there is still more bss to allocate, do it. */
698 if (last_bss > elf_bss) {
699 error = vm_brk_flags(elf_bss, last_bss - elf_bss,
700 bss_prot & PROT_EXEC ? VM_EXEC : 0);
701 if (error)
702 goto out;
703 }
704
705 error = load_addr;
706 out:
707 return error;
708 }
709
710 /*
711 * These are the functions used to load ELF style executables and shared
712 * libraries. There is no binary dependent code anywhere else.
713 */
714
parse_elf_property(const char * data,size_t * off,size_t datasz,struct arch_elf_state * arch,bool have_prev_type,u32 * prev_type)715 static int parse_elf_property(const char *data, size_t *off, size_t datasz,
716 struct arch_elf_state *arch,
717 bool have_prev_type, u32 *prev_type)
718 {
719 size_t o, step;
720 const struct gnu_property *pr;
721 int ret;
722
723 if (*off == datasz)
724 return -ENOENT;
725
726 if (WARN_ON_ONCE(*off > datasz || *off % ELF_GNU_PROPERTY_ALIGN))
727 return -EIO;
728 o = *off;
729 datasz -= *off;
730
731 if (datasz < sizeof(*pr))
732 return -ENOEXEC;
733 pr = (const struct gnu_property *)(data + o);
734 o += sizeof(*pr);
735 datasz -= sizeof(*pr);
736
737 if (pr->pr_datasz > datasz)
738 return -ENOEXEC;
739
740 WARN_ON_ONCE(o % ELF_GNU_PROPERTY_ALIGN);
741 step = round_up(pr->pr_datasz, ELF_GNU_PROPERTY_ALIGN);
742 if (step > datasz)
743 return -ENOEXEC;
744
745 /* Properties are supposed to be unique and sorted on pr_type: */
746 if (have_prev_type && pr->pr_type <= *prev_type)
747 return -ENOEXEC;
748 *prev_type = pr->pr_type;
749
750 ret = arch_parse_elf_property(pr->pr_type, data + o,
751 pr->pr_datasz, ELF_COMPAT, arch);
752 if (ret)
753 return ret;
754
755 *off = o + step;
756 return 0;
757 }
758
759 #define NOTE_DATA_SZ SZ_1K
760 #define GNU_PROPERTY_TYPE_0_NAME "GNU"
761 #define NOTE_NAME_SZ (sizeof(GNU_PROPERTY_TYPE_0_NAME))
762
parse_elf_properties(struct file * f,const struct elf_phdr * phdr,struct arch_elf_state * arch)763 static int parse_elf_properties(struct file *f, const struct elf_phdr *phdr,
764 struct arch_elf_state *arch)
765 {
766 union {
767 struct elf_note nhdr;
768 char data[NOTE_DATA_SZ];
769 } note;
770 loff_t pos;
771 ssize_t n;
772 size_t off, datasz;
773 int ret;
774 bool have_prev_type;
775 u32 prev_type;
776
777 if (!IS_ENABLED(CONFIG_ARCH_USE_GNU_PROPERTY) || !phdr)
778 return 0;
779
780 /* load_elf_binary() shouldn't call us unless this is true... */
781 if (WARN_ON_ONCE(phdr->p_type != PT_GNU_PROPERTY))
782 return -ENOEXEC;
783
784 /* If the properties are crazy large, that's too bad (for now): */
785 if (phdr->p_filesz > sizeof(note))
786 return -ENOEXEC;
787
788 pos = phdr->p_offset;
789 n = kernel_read(f, ¬e, phdr->p_filesz, &pos);
790
791 BUILD_BUG_ON(sizeof(note) < sizeof(note.nhdr) + NOTE_NAME_SZ);
792 if (n < 0 || n < sizeof(note.nhdr) + NOTE_NAME_SZ)
793 return -EIO;
794
795 if (note.nhdr.n_type != NT_GNU_PROPERTY_TYPE_0 ||
796 note.nhdr.n_namesz != NOTE_NAME_SZ ||
797 strncmp(note.data + sizeof(note.nhdr),
798 GNU_PROPERTY_TYPE_0_NAME, n - sizeof(note.nhdr)))
799 return -ENOEXEC;
800
801 off = round_up(sizeof(note.nhdr) + NOTE_NAME_SZ,
802 ELF_GNU_PROPERTY_ALIGN);
803 if (off > n)
804 return -ENOEXEC;
805
806 if (note.nhdr.n_descsz > n - off)
807 return -ENOEXEC;
808 datasz = off + note.nhdr.n_descsz;
809
810 have_prev_type = false;
811 do {
812 ret = parse_elf_property(note.data, &off, datasz, arch,
813 have_prev_type, &prev_type);
814 have_prev_type = true;
815 } while (!ret);
816
817 return ret == -ENOENT ? 0 : ret;
818 }
819
load_elf_binary(struct linux_binprm * bprm)820 static int load_elf_binary(struct linux_binprm *bprm)
821 {
822 struct file *interpreter = NULL; /* to shut gcc up */
823 unsigned long load_addr, load_bias = 0, phdr_addr = 0;
824 int load_addr_set = 0;
825 unsigned long error;
826 struct elf_phdr *elf_ppnt, *elf_phdata, *interp_elf_phdata = NULL;
827 struct elf_phdr *elf_property_phdata = NULL;
828 unsigned long elf_bss, elf_brk;
829 int bss_prot = 0;
830 int retval, i;
831 unsigned long elf_entry;
832 unsigned long e_entry;
833 unsigned long interp_load_addr = 0;
834 unsigned long start_code, end_code, start_data, end_data;
835 unsigned long reloc_func_desc __maybe_unused = 0;
836 int executable_stack = EXSTACK_DEFAULT;
837 struct elfhdr *elf_ex = (struct elfhdr *)bprm->buf;
838 struct elfhdr *interp_elf_ex = NULL;
839 struct arch_elf_state arch_state = INIT_ARCH_ELF_STATE;
840 struct mm_struct *mm;
841 struct pt_regs *regs;
842 const int snapshot_randomize_va_space = READ_ONCE(randomize_va_space);
843
844 retval = -ENOEXEC;
845 /* First of all, some simple consistency checks */
846 if (memcmp(elf_ex->e_ident, ELFMAG, SELFMAG) != 0)
847 goto out;
848
849 if (elf_ex->e_type != ET_EXEC && elf_ex->e_type != ET_DYN)
850 goto out;
851 if (!elf_check_arch(elf_ex))
852 goto out;
853 if (elf_check_fdpic(elf_ex))
854 goto out;
855 if (!bprm->file->f_op->mmap)
856 goto out;
857
858 elf_phdata = load_elf_phdrs(elf_ex, bprm->file);
859 if (!elf_phdata)
860 goto out;
861
862 elf_ppnt = elf_phdata;
863 for (i = 0; i < elf_ex->e_phnum; i++, elf_ppnt++) {
864 char *elf_interpreter;
865
866 if (elf_ppnt->p_type == PT_GNU_PROPERTY) {
867 elf_property_phdata = elf_ppnt;
868 continue;
869 }
870
871 if (elf_ppnt->p_type != PT_INTERP)
872 continue;
873
874 /*
875 * This is the program interpreter used for shared libraries -
876 * for now assume that this is an a.out format binary.
877 */
878 retval = -ENOEXEC;
879 if (elf_ppnt->p_filesz > PATH_MAX || elf_ppnt->p_filesz < 2)
880 goto out_free_ph;
881
882 retval = -ENOMEM;
883 elf_interpreter = kmalloc(elf_ppnt->p_filesz, GFP_KERNEL);
884 if (!elf_interpreter)
885 goto out_free_ph;
886
887 retval = elf_read(bprm->file, elf_interpreter, elf_ppnt->p_filesz,
888 elf_ppnt->p_offset);
889 if (retval < 0)
890 goto out_free_interp;
891 /* make sure path is NULL terminated */
892 retval = -ENOEXEC;
893 if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0')
894 goto out_free_interp;
895
896 interpreter = open_exec(elf_interpreter);
897 kfree(elf_interpreter);
898 retval = PTR_ERR(interpreter);
899 if (IS_ERR(interpreter))
900 goto out_free_ph;
901
902 /*
903 * If the binary is not readable then enforce mm->dumpable = 0
904 * regardless of the interpreter's permissions.
905 */
906 would_dump(bprm, interpreter);
907
908 interp_elf_ex = kmalloc(sizeof(*interp_elf_ex), GFP_KERNEL);
909 if (!interp_elf_ex) {
910 retval = -ENOMEM;
911 goto out_free_file;
912 }
913
914 /* Get the exec headers */
915 retval = elf_read(interpreter, interp_elf_ex,
916 sizeof(*interp_elf_ex), 0);
917 if (retval < 0)
918 goto out_free_dentry;
919
920 break;
921
922 out_free_interp:
923 kfree(elf_interpreter);
924 goto out_free_ph;
925 }
926
927 elf_ppnt = elf_phdata;
928 for (i = 0; i < elf_ex->e_phnum; i++, elf_ppnt++)
929 switch (elf_ppnt->p_type) {
930 case PT_GNU_STACK:
931 if (elf_ppnt->p_flags & PF_X)
932 executable_stack = EXSTACK_ENABLE_X;
933 else
934 executable_stack = EXSTACK_DISABLE_X;
935 break;
936
937 case PT_LOPROC ... PT_HIPROC:
938 retval = arch_elf_pt_proc(elf_ex, elf_ppnt,
939 bprm->file, false,
940 &arch_state);
941 if (retval)
942 goto out_free_dentry;
943 break;
944 }
945
946 /* Some simple consistency checks for the interpreter */
947 if (interpreter) {
948 retval = -ELIBBAD;
949 /* Not an ELF interpreter */
950 if (memcmp(interp_elf_ex->e_ident, ELFMAG, SELFMAG) != 0)
951 goto out_free_dentry;
952 /* Verify the interpreter has a valid arch */
953 if (!elf_check_arch(interp_elf_ex) ||
954 elf_check_fdpic(interp_elf_ex))
955 goto out_free_dentry;
956
957 /* Load the interpreter program headers */
958 interp_elf_phdata = load_elf_phdrs(interp_elf_ex,
959 interpreter);
960 if (!interp_elf_phdata)
961 goto out_free_dentry;
962
963 /* Pass PT_LOPROC..PT_HIPROC headers to arch code */
964 elf_property_phdata = NULL;
965 elf_ppnt = interp_elf_phdata;
966 for (i = 0; i < interp_elf_ex->e_phnum; i++, elf_ppnt++)
967 switch (elf_ppnt->p_type) {
968 case PT_GNU_PROPERTY:
969 elf_property_phdata = elf_ppnt;
970 break;
971
972 case PT_LOPROC ... PT_HIPROC:
973 retval = arch_elf_pt_proc(interp_elf_ex,
974 elf_ppnt, interpreter,
975 true, &arch_state);
976 if (retval)
977 goto out_free_dentry;
978 break;
979 }
980 }
981
982 retval = parse_elf_properties(interpreter ?: bprm->file,
983 elf_property_phdata, &arch_state);
984 if (retval)
985 goto out_free_dentry;
986
987 /*
988 * Allow arch code to reject the ELF at this point, whilst it's
989 * still possible to return an error to the code that invoked
990 * the exec syscall.
991 */
992 retval = arch_check_elf(elf_ex,
993 !!interpreter, interp_elf_ex,
994 &arch_state);
995 if (retval)
996 goto out_free_dentry;
997
998 /* Flush all traces of the currently running executable */
999 retval = begin_new_exec(bprm);
1000 if (retval)
1001 goto out_free_dentry;
1002
1003 /* Do this immediately, since STACK_TOP as used in setup_arg_pages
1004 may depend on the personality. */
1005 SET_PERSONALITY2(*elf_ex, &arch_state);
1006 if (elf_read_implies_exec(*elf_ex, executable_stack))
1007 current->personality |= READ_IMPLIES_EXEC;
1008
1009 if (!(current->personality & ADDR_NO_RANDOMIZE) && snapshot_randomize_va_space)
1010 current->flags |= PF_RANDOMIZE;
1011
1012 setup_new_exec(bprm);
1013
1014 /* Do this so that we can load the interpreter, if need be. We will
1015 change some of these later */
1016 retval = setup_arg_pages(bprm, randomize_stack_top(STACK_TOP),
1017 executable_stack);
1018 if (retval < 0)
1019 goto out_free_dentry;
1020
1021 elf_bss = 0;
1022 elf_brk = 0;
1023
1024 start_code = ~0UL;
1025 end_code = 0;
1026 start_data = 0;
1027 end_data = 0;
1028
1029 /* Now we do a little grungy work by mmapping the ELF image into
1030 the correct location in memory. */
1031 for(i = 0, elf_ppnt = elf_phdata;
1032 i < elf_ex->e_phnum; i++, elf_ppnt++) {
1033 int elf_prot, elf_flags;
1034 unsigned long k, vaddr;
1035 unsigned long total_size = 0;
1036 unsigned long alignment;
1037
1038 if (elf_ppnt->p_type == PT_OHOS_RANDOMDATA) {
1039 void *temp_buf = NULL;
1040
1041 if (elf_ppnt->p_memsz > PT_OHOS_RANDOMDATA_SIZE_LIMIT) {
1042 retval = -EINVAL;
1043 goto out_free_dentry;
1044 }
1045
1046 temp_buf = vmalloc(elf_ppnt->p_memsz);
1047 if (!temp_buf) {
1048 retval = -ENOMEM;
1049 goto out_free_dentry;
1050 }
1051
1052 get_random_bytes(temp_buf, (int)elf_ppnt->p_memsz);
1053 if (copy_to_user((void *)(elf_ppnt->p_vaddr + load_bias), temp_buf, (unsigned long)elf_ppnt->p_memsz)) {
1054 retval = -EFAULT;
1055 vfree(temp_buf);
1056 goto out_free_dentry;
1057 }
1058 vfree(temp_buf);
1059 continue;
1060 }
1061
1062 if (elf_ppnt->p_type != PT_LOAD)
1063 continue;
1064
1065 if (unlikely (elf_brk > elf_bss)) {
1066 unsigned long nbyte;
1067
1068 /* There was a PT_LOAD segment with p_memsz > p_filesz
1069 before this one. Map anonymous pages, if needed,
1070 and clear the area. */
1071 retval = set_brk(elf_bss + load_bias,
1072 elf_brk + load_bias,
1073 bss_prot);
1074 if (retval)
1075 goto out_free_dentry;
1076 nbyte = ELF_PAGEOFFSET(elf_bss);
1077 if (nbyte) {
1078 nbyte = ELF_MIN_ALIGN - nbyte;
1079 if (nbyte > elf_brk - elf_bss)
1080 nbyte = elf_brk - elf_bss;
1081 if (clear_user((void __user *)elf_bss +
1082 load_bias, nbyte)) {
1083 /*
1084 * This bss-zeroing can fail if the ELF
1085 * file specifies odd protections. So
1086 * we don't check the return value
1087 */
1088 }
1089 }
1090 }
1091
1092 elf_prot = make_prot(elf_ppnt->p_flags, &arch_state,
1093 !!interpreter, false);
1094
1095 elf_flags = MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE;
1096
1097 vaddr = elf_ppnt->p_vaddr;
1098 /*
1099 * If we are loading ET_EXEC or we have already performed
1100 * the ET_DYN load_addr calculations, proceed normally.
1101 */
1102 if (elf_ex->e_type == ET_EXEC || load_addr_set) {
1103 elf_flags |= MAP_FIXED;
1104 } else if (elf_ex->e_type == ET_DYN) {
1105 /*
1106 * This logic is run once for the first LOAD Program
1107 * Header for ET_DYN binaries to calculate the
1108 * randomization (load_bias) for all the LOAD
1109 * Program Headers, and to calculate the entire
1110 * size of the ELF mapping (total_size). (Note that
1111 * load_addr_set is set to true later once the
1112 * initial mapping is performed.)
1113 *
1114 * There are effectively two types of ET_DYN
1115 * binaries: programs (i.e. PIE: ET_DYN with INTERP)
1116 * and loaders (ET_DYN without INTERP, since they
1117 * _are_ the ELF interpreter). The loaders must
1118 * be loaded away from programs since the program
1119 * may otherwise collide with the loader (especially
1120 * for ET_EXEC which does not have a randomized
1121 * position). For example to handle invocations of
1122 * "./ld.so someprog" to test out a new version of
1123 * the loader, the subsequent program that the
1124 * loader loads must avoid the loader itself, so
1125 * they cannot share the same load range. Sufficient
1126 * room for the brk must be allocated with the
1127 * loader as well, since brk must be available with
1128 * the loader.
1129 *
1130 * Therefore, programs are loaded offset from
1131 * ELF_ET_DYN_BASE and loaders are loaded into the
1132 * independently randomized mmap region (0 load_bias
1133 * without MAP_FIXED).
1134 */
1135 if (interpreter) {
1136 load_bias = ELF_ET_DYN_BASE;
1137 if (current->flags & PF_RANDOMIZE)
1138 load_bias += arch_mmap_rnd();
1139 alignment = maximum_alignment(elf_phdata, elf_ex->e_phnum);
1140 if (alignment)
1141 load_bias &= ~(alignment - 1);
1142 elf_flags |= MAP_FIXED;
1143 } else
1144 load_bias = 0;
1145
1146 /*
1147 * Since load_bias is used for all subsequent loading
1148 * calculations, we must lower it by the first vaddr
1149 * so that the remaining calculations based on the
1150 * ELF vaddrs will be correctly offset. The result
1151 * is then page aligned.
1152 */
1153 load_bias = ELF_PAGESTART(load_bias - vaddr);
1154
1155 total_size = total_mapping_size(elf_phdata,
1156 elf_ex->e_phnum);
1157 if (!total_size) {
1158 retval = -EINVAL;
1159 goto out_free_dentry;
1160 }
1161 }
1162
1163 error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
1164 elf_prot, elf_flags, total_size);
1165 if (BAD_ADDR(error)) {
1166 retval = IS_ERR((void *)error) ?
1167 PTR_ERR((void*)error) : -EINVAL;
1168 goto out_free_dentry;
1169 }
1170
1171 if (!load_addr_set) {
1172 load_addr_set = 1;
1173 load_addr = (elf_ppnt->p_vaddr - elf_ppnt->p_offset);
1174 if (elf_ex->e_type == ET_DYN) {
1175 load_bias += error -
1176 ELF_PAGESTART(load_bias + vaddr);
1177 load_addr += load_bias;
1178 reloc_func_desc = load_bias;
1179 }
1180 }
1181
1182 /*
1183 * Figure out which segment in the file contains the Program
1184 * Header table, and map to the associated memory address.
1185 */
1186 if (elf_ppnt->p_offset <= elf_ex->e_phoff &&
1187 elf_ex->e_phoff < elf_ppnt->p_offset + elf_ppnt->p_filesz) {
1188 phdr_addr = elf_ex->e_phoff - elf_ppnt->p_offset +
1189 elf_ppnt->p_vaddr;
1190 }
1191
1192 k = elf_ppnt->p_vaddr;
1193 if ((elf_ppnt->p_flags & PF_X) && k < start_code)
1194 start_code = k;
1195 if (start_data < k)
1196 start_data = k;
1197
1198 /*
1199 * Check to see if the section's size will overflow the
1200 * allowed task size. Note that p_filesz must always be
1201 * <= p_memsz so it is only necessary to check p_memsz.
1202 */
1203 if (BAD_ADDR(k) || elf_ppnt->p_filesz > elf_ppnt->p_memsz ||
1204 elf_ppnt->p_memsz > TASK_SIZE ||
1205 TASK_SIZE - elf_ppnt->p_memsz < k) {
1206 /* set_brk can never work. Avoid overflows. */
1207 retval = -EINVAL;
1208 goto out_free_dentry;
1209 }
1210
1211 k = elf_ppnt->p_vaddr + elf_ppnt->p_filesz;
1212
1213 if (k > elf_bss)
1214 elf_bss = k;
1215 if ((elf_ppnt->p_flags & PF_X) && end_code < k)
1216 end_code = k;
1217 if (end_data < k)
1218 end_data = k;
1219 k = elf_ppnt->p_vaddr + elf_ppnt->p_memsz;
1220 if (k > elf_brk) {
1221 bss_prot = elf_prot;
1222 elf_brk = k;
1223 }
1224 }
1225
1226 e_entry = elf_ex->e_entry + load_bias;
1227 phdr_addr += load_bias;
1228 elf_bss += load_bias;
1229 elf_brk += load_bias;
1230 start_code += load_bias;
1231 end_code += load_bias;
1232 start_data += load_bias;
1233 end_data += load_bias;
1234
1235 /* Calling set_brk effectively mmaps the pages that we need
1236 * for the bss and break sections. We must do this before
1237 * mapping in the interpreter, to make sure it doesn't wind
1238 * up getting placed where the bss needs to go.
1239 */
1240 retval = set_brk(elf_bss, elf_brk, bss_prot);
1241 if (retval)
1242 goto out_free_dentry;
1243 if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
1244 retval = -EFAULT; /* Nobody gets to see this, but.. */
1245 goto out_free_dentry;
1246 }
1247
1248 if (interpreter) {
1249 elf_entry = load_elf_interp(interp_elf_ex,
1250 interpreter,
1251 load_bias, interp_elf_phdata,
1252 &arch_state);
1253 if (!IS_ERR((void *)elf_entry)) {
1254 /*
1255 * load_elf_interp() returns relocation
1256 * adjustment
1257 */
1258 interp_load_addr = elf_entry;
1259 elf_entry += interp_elf_ex->e_entry;
1260 }
1261 if (BAD_ADDR(elf_entry)) {
1262 retval = IS_ERR((void *)elf_entry) ?
1263 (int)elf_entry : -EINVAL;
1264 goto out_free_dentry;
1265 }
1266 reloc_func_desc = interp_load_addr;
1267
1268 allow_write_access(interpreter);
1269 fput(interpreter);
1270
1271 kfree(interp_elf_ex);
1272 kfree(interp_elf_phdata);
1273 } else {
1274 elf_entry = e_entry;
1275 if (BAD_ADDR(elf_entry)) {
1276 retval = -EINVAL;
1277 goto out_free_dentry;
1278 }
1279 }
1280
1281 kfree(elf_phdata);
1282
1283 set_binfmt(&elf_format);
1284
1285 #ifdef ARCH_HAS_SETUP_ADDITIONAL_PAGES
1286 retval = arch_setup_additional_pages(bprm, !!interpreter);
1287 if (retval < 0)
1288 goto out;
1289 #endif /* ARCH_HAS_SETUP_ADDITIONAL_PAGES */
1290
1291 retval = create_elf_tables(bprm, elf_ex, interp_load_addr,
1292 e_entry, phdr_addr);
1293 if (retval < 0)
1294 goto out;
1295
1296 mm = current->mm;
1297 mm->end_code = end_code;
1298 mm->start_code = start_code;
1299 mm->start_data = start_data;
1300 mm->end_data = end_data;
1301 mm->start_stack = bprm->p;
1302
1303 if ((current->flags & PF_RANDOMIZE) && (snapshot_randomize_va_space > 1)) {
1304 /*
1305 * For architectures with ELF randomization, when executing
1306 * a loader directly (i.e. no interpreter listed in ELF
1307 * headers), move the brk area out of the mmap region
1308 * (since it grows up, and may collide early with the stack
1309 * growing down), and into the unused ELF_ET_DYN_BASE region.
1310 */
1311 if (IS_ENABLED(CONFIG_ARCH_HAS_ELF_RANDOMIZE) &&
1312 elf_ex->e_type == ET_DYN && !interpreter) {
1313 mm->brk = mm->start_brk = ELF_ET_DYN_BASE;
1314 }
1315
1316 mm->brk = mm->start_brk = arch_randomize_brk(mm);
1317 #ifdef compat_brk_randomized
1318 current->brk_randomized = 1;
1319 #endif
1320 }
1321
1322 if (current->personality & MMAP_PAGE_ZERO) {
1323 /* Why this, you ask??? Well SVr4 maps page 0 as read-only,
1324 and some applications "depend" upon this behavior.
1325 Since we do not have the power to recompile these, we
1326 emulate the SVr4 behavior. Sigh. */
1327 error = vm_mmap(NULL, 0, PAGE_SIZE, PROT_READ | PROT_EXEC,
1328 MAP_FIXED | MAP_PRIVATE, 0);
1329 }
1330
1331 regs = current_pt_regs();
1332 #ifdef ELF_PLAT_INIT
1333 /*
1334 * The ABI may specify that certain registers be set up in special
1335 * ways (on i386 %edx is the address of a DT_FINI function, for
1336 * example. In addition, it may also specify (eg, PowerPC64 ELF)
1337 * that the e_entry field is the address of the function descriptor
1338 * for the startup routine, rather than the address of the startup
1339 * routine itself. This macro performs whatever initialization to
1340 * the regs structure is required as well as any relocations to the
1341 * function descriptor entries when executing dynamically links apps.
1342 */
1343 ELF_PLAT_INIT(regs, reloc_func_desc);
1344 #endif
1345
1346 finalize_exec(bprm);
1347 start_thread(regs, elf_entry, bprm->p);
1348 retval = 0;
1349 out:
1350 return retval;
1351
1352 /* error cleanup */
1353 out_free_dentry:
1354 kfree(interp_elf_ex);
1355 kfree(interp_elf_phdata);
1356 out_free_file:
1357 allow_write_access(interpreter);
1358 if (interpreter)
1359 fput(interpreter);
1360 out_free_ph:
1361 kfree(elf_phdata);
1362 goto out;
1363 }
1364
1365 #ifdef CONFIG_USELIB
1366 /* This is really simpleminded and specialized - we are loading an
1367 a.out library that is given an ELF header. */
load_elf_library(struct file * file)1368 static int load_elf_library(struct file *file)
1369 {
1370 struct elf_phdr *elf_phdata;
1371 struct elf_phdr *eppnt;
1372 unsigned long elf_bss, bss, len;
1373 int retval, error, i, j;
1374 struct elfhdr elf_ex;
1375
1376 error = -ENOEXEC;
1377 retval = elf_read(file, &elf_ex, sizeof(elf_ex), 0);
1378 if (retval < 0)
1379 goto out;
1380
1381 if (memcmp(elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
1382 goto out;
1383
1384 /* First of all, some simple consistency checks */
1385 if (elf_ex.e_type != ET_EXEC || elf_ex.e_phnum > 2 ||
1386 !elf_check_arch(&elf_ex) || !file->f_op->mmap)
1387 goto out;
1388 if (elf_check_fdpic(&elf_ex))
1389 goto out;
1390
1391 /* Now read in all of the header information */
1392
1393 j = sizeof(struct elf_phdr) * elf_ex.e_phnum;
1394 /* j < ELF_MIN_ALIGN because elf_ex.e_phnum <= 2 */
1395
1396 error = -ENOMEM;
1397 elf_phdata = kmalloc(j, GFP_KERNEL);
1398 if (!elf_phdata)
1399 goto out;
1400
1401 eppnt = elf_phdata;
1402 error = -ENOEXEC;
1403 retval = elf_read(file, eppnt, j, elf_ex.e_phoff);
1404 if (retval < 0)
1405 goto out_free_ph;
1406
1407 for (j = 0, i = 0; i<elf_ex.e_phnum; i++)
1408 if ((eppnt + i)->p_type == PT_LOAD)
1409 j++;
1410 if (j != 1)
1411 goto out_free_ph;
1412
1413 while (eppnt->p_type != PT_LOAD)
1414 eppnt++;
1415
1416 /* Now use mmap to map the library into memory. */
1417 error = vm_mmap(file,
1418 ELF_PAGESTART(eppnt->p_vaddr),
1419 (eppnt->p_filesz +
1420 ELF_PAGEOFFSET(eppnt->p_vaddr)),
1421 PROT_READ | PROT_WRITE | PROT_EXEC,
1422 MAP_FIXED_NOREPLACE | MAP_PRIVATE | MAP_DENYWRITE,
1423 (eppnt->p_offset -
1424 ELF_PAGEOFFSET(eppnt->p_vaddr)));
1425 if (error != ELF_PAGESTART(eppnt->p_vaddr))
1426 goto out_free_ph;
1427
1428 elf_bss = eppnt->p_vaddr + eppnt->p_filesz;
1429 if (padzero(elf_bss)) {
1430 error = -EFAULT;
1431 goto out_free_ph;
1432 }
1433
1434 len = ELF_PAGEALIGN(eppnt->p_filesz + eppnt->p_vaddr);
1435 bss = ELF_PAGEALIGN(eppnt->p_memsz + eppnt->p_vaddr);
1436 if (bss > len) {
1437 error = vm_brk(len, bss - len);
1438 if (error)
1439 goto out_free_ph;
1440 }
1441 error = 0;
1442
1443 out_free_ph:
1444 kfree(elf_phdata);
1445 out:
1446 return error;
1447 }
1448 #endif /* #ifdef CONFIG_USELIB */
1449
1450 #ifdef CONFIG_ELF_CORE
1451 /*
1452 * ELF core dumper
1453 *
1454 * Modelled on fs/exec.c:aout_core_dump()
1455 * Jeremy Fitzhardinge <jeremy@sw.oz.au>
1456 */
1457
1458 /* An ELF note in memory */
1459 struct memelfnote
1460 {
1461 const char *name;
1462 int type;
1463 unsigned int datasz;
1464 void *data;
1465 };
1466
notesize(struct memelfnote * en)1467 static int notesize(struct memelfnote *en)
1468 {
1469 int sz;
1470
1471 sz = sizeof(struct elf_note);
1472 sz += roundup(strlen(en->name) + 1, 4);
1473 sz += roundup(en->datasz, 4);
1474
1475 return sz;
1476 }
1477
writenote(struct memelfnote * men,struct coredump_params * cprm)1478 static int writenote(struct memelfnote *men, struct coredump_params *cprm)
1479 {
1480 struct elf_note en;
1481 en.n_namesz = strlen(men->name) + 1;
1482 en.n_descsz = men->datasz;
1483 en.n_type = men->type;
1484
1485 return dump_emit(cprm, &en, sizeof(en)) &&
1486 dump_emit(cprm, men->name, en.n_namesz) && dump_align(cprm, 4) &&
1487 dump_emit(cprm, men->data, men->datasz) && dump_align(cprm, 4);
1488 }
1489
fill_elf_header(struct elfhdr * elf,int segs,u16 machine,u32 flags)1490 static void fill_elf_header(struct elfhdr *elf, int segs,
1491 u16 machine, u32 flags)
1492 {
1493 memset(elf, 0, sizeof(*elf));
1494
1495 memcpy(elf->e_ident, ELFMAG, SELFMAG);
1496 elf->e_ident[EI_CLASS] = ELF_CLASS;
1497 elf->e_ident[EI_DATA] = ELF_DATA;
1498 elf->e_ident[EI_VERSION] = EV_CURRENT;
1499 elf->e_ident[EI_OSABI] = ELF_OSABI;
1500
1501 elf->e_type = ET_CORE;
1502 elf->e_machine = machine;
1503 elf->e_version = EV_CURRENT;
1504 elf->e_phoff = sizeof(struct elfhdr);
1505 elf->e_flags = flags;
1506 elf->e_ehsize = sizeof(struct elfhdr);
1507 elf->e_phentsize = sizeof(struct elf_phdr);
1508 elf->e_phnum = segs;
1509 }
1510
fill_elf_note_phdr(struct elf_phdr * phdr,int sz,loff_t offset)1511 static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, loff_t offset)
1512 {
1513 phdr->p_type = PT_NOTE;
1514 phdr->p_offset = offset;
1515 phdr->p_vaddr = 0;
1516 phdr->p_paddr = 0;
1517 phdr->p_filesz = sz;
1518 phdr->p_memsz = 0;
1519 phdr->p_flags = 0;
1520 phdr->p_align = 0;
1521 }
1522
fill_note(struct memelfnote * note,const char * name,int type,unsigned int sz,void * data)1523 static void fill_note(struct memelfnote *note, const char *name, int type,
1524 unsigned int sz, void *data)
1525 {
1526 note->name = name;
1527 note->type = type;
1528 note->datasz = sz;
1529 note->data = data;
1530 }
1531
1532 /*
1533 * fill up all the fields in prstatus from the given task struct, except
1534 * registers which need to be filled up separately.
1535 */
fill_prstatus(struct elf_prstatus * prstatus,struct task_struct * p,long signr)1536 static void fill_prstatus(struct elf_prstatus *prstatus,
1537 struct task_struct *p, long signr)
1538 {
1539 prstatus->pr_info.si_signo = prstatus->pr_cursig = signr;
1540 prstatus->pr_sigpend = p->pending.signal.sig[0];
1541 prstatus->pr_sighold = p->blocked.sig[0];
1542 rcu_read_lock();
1543 prstatus->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1544 rcu_read_unlock();
1545 prstatus->pr_pid = task_pid_vnr(p);
1546 prstatus->pr_pgrp = task_pgrp_vnr(p);
1547 prstatus->pr_sid = task_session_vnr(p);
1548 if (thread_group_leader(p)) {
1549 struct task_cputime cputime;
1550
1551 /*
1552 * This is the record for the group leader. It shows the
1553 * group-wide total, not its individual thread total.
1554 */
1555 thread_group_cputime(p, &cputime);
1556 prstatus->pr_utime = ns_to_kernel_old_timeval(cputime.utime);
1557 prstatus->pr_stime = ns_to_kernel_old_timeval(cputime.stime);
1558 } else {
1559 u64 utime, stime;
1560
1561 task_cputime(p, &utime, &stime);
1562 prstatus->pr_utime = ns_to_kernel_old_timeval(utime);
1563 prstatus->pr_stime = ns_to_kernel_old_timeval(stime);
1564 }
1565
1566 prstatus->pr_cutime = ns_to_kernel_old_timeval(p->signal->cutime);
1567 prstatus->pr_cstime = ns_to_kernel_old_timeval(p->signal->cstime);
1568 }
1569
fill_psinfo(struct elf_prpsinfo * psinfo,struct task_struct * p,struct mm_struct * mm)1570 static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p,
1571 struct mm_struct *mm)
1572 {
1573 const struct cred *cred;
1574 unsigned int i, len;
1575
1576 /* first copy the parameters from user space */
1577 memset(psinfo, 0, sizeof(struct elf_prpsinfo));
1578
1579 len = mm->arg_end - mm->arg_start;
1580 if (len >= ELF_PRARGSZ)
1581 len = ELF_PRARGSZ-1;
1582 if (copy_from_user(&psinfo->pr_psargs,
1583 (const char __user *)mm->arg_start, len))
1584 return -EFAULT;
1585 for(i = 0; i < len; i++)
1586 if (psinfo->pr_psargs[i] == 0)
1587 psinfo->pr_psargs[i] = ' ';
1588 psinfo->pr_psargs[len] = 0;
1589
1590 rcu_read_lock();
1591 psinfo->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1592 rcu_read_unlock();
1593 psinfo->pr_pid = task_pid_vnr(p);
1594 psinfo->pr_pgrp = task_pgrp_vnr(p);
1595 psinfo->pr_sid = task_session_vnr(p);
1596
1597 i = p->state ? ffz(~p->state) + 1 : 0;
1598 psinfo->pr_state = i;
1599 psinfo->pr_sname = (i > 5) ? '.' : "RSDTZW"[i];
1600 psinfo->pr_zomb = psinfo->pr_sname == 'Z';
1601 psinfo->pr_nice = task_nice(p);
1602 psinfo->pr_flag = p->flags;
1603 rcu_read_lock();
1604 cred = __task_cred(p);
1605 SET_UID(psinfo->pr_uid, from_kuid_munged(cred->user_ns, cred->uid));
1606 SET_GID(psinfo->pr_gid, from_kgid_munged(cred->user_ns, cred->gid));
1607 rcu_read_unlock();
1608 strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname));
1609
1610 return 0;
1611 }
1612
fill_auxv_note(struct memelfnote * note,struct mm_struct * mm)1613 static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
1614 {
1615 elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
1616 int i = 0;
1617 do
1618 i += 2;
1619 while (auxv[i - 2] != AT_NULL);
1620 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
1621 }
1622
fill_siginfo_note(struct memelfnote * note,user_siginfo_t * csigdata,const kernel_siginfo_t * siginfo)1623 static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata,
1624 const kernel_siginfo_t *siginfo)
1625 {
1626 copy_siginfo_to_external(csigdata, siginfo);
1627 fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata);
1628 }
1629
1630 #define MAX_FILE_NOTE_SIZE (4*1024*1024)
1631 /*
1632 * Format of NT_FILE note:
1633 *
1634 * long count -- how many files are mapped
1635 * long page_size -- units for file_ofs
1636 * array of [COUNT] elements of
1637 * long start
1638 * long end
1639 * long file_ofs
1640 * followed by COUNT filenames in ASCII: "FILE1" NUL "FILE2" NUL...
1641 */
fill_files_note(struct memelfnote * note,struct coredump_params * cprm)1642 static int fill_files_note(struct memelfnote *note, struct coredump_params *cprm)
1643 {
1644 unsigned count, size, names_ofs, remaining, n;
1645 user_long_t *data;
1646 user_long_t *start_end_ofs;
1647 char *name_base, *name_curpos;
1648 int i;
1649
1650 /* *Estimated* file count and total data size needed */
1651 count = cprm->vma_count;
1652 if (count > UINT_MAX / 64)
1653 return -EINVAL;
1654 size = count * 64;
1655
1656 names_ofs = (2 + 3 * count) * sizeof(data[0]);
1657 alloc:
1658 if (size >= MAX_FILE_NOTE_SIZE) /* paranoia check */
1659 return -EINVAL;
1660 size = round_up(size, PAGE_SIZE);
1661 /*
1662 * "size" can be 0 here legitimately.
1663 * Let it ENOMEM and omit NT_FILE section which will be empty anyway.
1664 */
1665 data = kvmalloc(size, GFP_KERNEL);
1666 if (ZERO_OR_NULL_PTR(data))
1667 return -ENOMEM;
1668
1669 start_end_ofs = data + 2;
1670 name_base = name_curpos = ((char *)data) + names_ofs;
1671 remaining = size - names_ofs;
1672 count = 0;
1673 for (i = 0; i < cprm->vma_count; i++) {
1674 struct core_vma_metadata *m = &cprm->vma_meta[i];
1675 struct file *file;
1676 const char *filename;
1677
1678 file = m->file;
1679 if (!file)
1680 continue;
1681 filename = file_path(file, name_curpos, remaining);
1682 if (IS_ERR(filename)) {
1683 if (PTR_ERR(filename) == -ENAMETOOLONG) {
1684 kvfree(data);
1685 size = size * 5 / 4;
1686 goto alloc;
1687 }
1688 continue;
1689 }
1690
1691 /* file_path() fills at the end, move name down */
1692 /* n = strlen(filename) + 1: */
1693 n = (name_curpos + remaining) - filename;
1694 remaining = filename - name_curpos;
1695 memmove(name_curpos, filename, n);
1696 name_curpos += n;
1697
1698 *start_end_ofs++ = m->start;
1699 *start_end_ofs++ = m->end;
1700 *start_end_ofs++ = m->pgoff;
1701 count++;
1702 }
1703
1704 /* Now we know exact count of files, can store it */
1705 data[0] = count;
1706 data[1] = PAGE_SIZE;
1707 /*
1708 * Count usually is less than mm->map_count,
1709 * we need to move filenames down.
1710 */
1711 n = cprm->vma_count - count;
1712 if (n != 0) {
1713 unsigned shift_bytes = n * 3 * sizeof(data[0]);
1714 memmove(name_base - shift_bytes, name_base,
1715 name_curpos - name_base);
1716 name_curpos -= shift_bytes;
1717 }
1718
1719 size = name_curpos - (char *)data;
1720 fill_note(note, "CORE", NT_FILE, size, data);
1721 return 0;
1722 }
1723
1724 #ifdef CORE_DUMP_USE_REGSET
1725 #include <linux/regset.h>
1726
1727 struct elf_thread_core_info {
1728 struct elf_thread_core_info *next;
1729 struct task_struct *task;
1730 struct elf_prstatus prstatus;
1731 struct memelfnote notes[];
1732 };
1733
1734 struct elf_note_info {
1735 struct elf_thread_core_info *thread;
1736 struct memelfnote psinfo;
1737 struct memelfnote signote;
1738 struct memelfnote auxv;
1739 struct memelfnote files;
1740 user_siginfo_t csigdata;
1741 size_t size;
1742 int thread_notes;
1743 };
1744
1745 /*
1746 * When a regset has a writeback hook, we call it on each thread before
1747 * dumping user memory. On register window machines, this makes sure the
1748 * user memory backing the register data is up to date before we read it.
1749 */
do_thread_regset_writeback(struct task_struct * task,const struct user_regset * regset)1750 static void do_thread_regset_writeback(struct task_struct *task,
1751 const struct user_regset *regset)
1752 {
1753 if (regset->writeback)
1754 regset->writeback(task, regset, 1);
1755 }
1756
1757 #ifndef PRSTATUS_SIZE
1758 #define PRSTATUS_SIZE(S, R) sizeof(S)
1759 #endif
1760
1761 #ifndef SET_PR_FPVALID
1762 #define SET_PR_FPVALID(S, V, R) ((S)->pr_fpvalid = (V))
1763 #endif
1764
fill_thread_core_info(struct elf_thread_core_info * t,const struct user_regset_view * view,long signr,size_t * total)1765 static int fill_thread_core_info(struct elf_thread_core_info *t,
1766 const struct user_regset_view *view,
1767 long signr, size_t *total)
1768 {
1769 unsigned int i;
1770 int regset0_size;
1771
1772 /*
1773 * NT_PRSTATUS is the one special case, because the regset data
1774 * goes into the pr_reg field inside the note contents, rather
1775 * than being the whole note contents. We fill the reset in here.
1776 * We assume that regset 0 is NT_PRSTATUS.
1777 */
1778 fill_prstatus(&t->prstatus, t->task, signr);
1779 regset0_size = regset_get(t->task, &view->regsets[0],
1780 sizeof(t->prstatus.pr_reg), &t->prstatus.pr_reg);
1781 if (regset0_size < 0)
1782 return 0;
1783
1784 fill_note(&t->notes[0], "CORE", NT_PRSTATUS,
1785 PRSTATUS_SIZE(t->prstatus, regset0_size), &t->prstatus);
1786 *total += notesize(&t->notes[0]);
1787
1788 do_thread_regset_writeback(t->task, &view->regsets[0]);
1789
1790 /*
1791 * Each other regset might generate a note too. For each regset
1792 * that has no core_note_type or is inactive, we leave t->notes[i]
1793 * all zero and we'll know to skip writing it later.
1794 */
1795 for (i = 1; i < view->n; ++i) {
1796 const struct user_regset *regset = &view->regsets[i];
1797 int note_type = regset->core_note_type;
1798 bool is_fpreg = note_type == NT_PRFPREG;
1799 void *data;
1800 int ret;
1801
1802 do_thread_regset_writeback(t->task, regset);
1803 if (!note_type) // not for coredumps
1804 continue;
1805 if (regset->active && regset->active(t->task, regset) <= 0)
1806 continue;
1807
1808 ret = regset_get_alloc(t->task, regset, ~0U, &data);
1809 if (ret < 0)
1810 continue;
1811
1812 if (is_fpreg)
1813 SET_PR_FPVALID(&t->prstatus, 1, regset0_size);
1814
1815 fill_note(&t->notes[i], is_fpreg ? "CORE" : "LINUX",
1816 note_type, ret, data);
1817
1818 *total += notesize(&t->notes[i]);
1819 }
1820
1821 return 1;
1822 }
1823
fill_note_info(struct elfhdr * elf,int phdrs,struct elf_note_info * info,struct coredump_params * cprm)1824 static int fill_note_info(struct elfhdr *elf, int phdrs,
1825 struct elf_note_info *info,
1826 struct coredump_params *cprm)
1827 {
1828 struct task_struct *dump_task = current;
1829 const struct user_regset_view *view = task_user_regset_view(dump_task);
1830 struct elf_thread_core_info *t;
1831 struct elf_prpsinfo *psinfo;
1832 struct core_thread *ct;
1833 unsigned int i;
1834
1835 info->size = 0;
1836 info->thread = NULL;
1837
1838 psinfo = kmalloc(sizeof(*psinfo), GFP_KERNEL);
1839 if (psinfo == NULL) {
1840 info->psinfo.data = NULL; /* So we don't free this wrongly */
1841 return 0;
1842 }
1843
1844 fill_note(&info->psinfo, "CORE", NT_PRPSINFO, sizeof(*psinfo), psinfo);
1845
1846 /*
1847 * Figure out how many notes we're going to need for each thread.
1848 */
1849 info->thread_notes = 0;
1850 for (i = 0; i < view->n; ++i)
1851 if (view->regsets[i].core_note_type != 0)
1852 ++info->thread_notes;
1853
1854 /*
1855 * Sanity check. We rely on regset 0 being in NT_PRSTATUS,
1856 * since it is our one special case.
1857 */
1858 if (unlikely(info->thread_notes == 0) ||
1859 unlikely(view->regsets[0].core_note_type != NT_PRSTATUS)) {
1860 WARN_ON(1);
1861 return 0;
1862 }
1863
1864 /*
1865 * Initialize the ELF file header.
1866 */
1867 fill_elf_header(elf, phdrs,
1868 view->e_machine, view->e_flags);
1869
1870 /*
1871 * Allocate a structure for each thread.
1872 */
1873 for (ct = &dump_task->mm->core_state->dumper; ct; ct = ct->next) {
1874 t = kzalloc(offsetof(struct elf_thread_core_info,
1875 notes[info->thread_notes]),
1876 GFP_KERNEL);
1877 if (unlikely(!t))
1878 return 0;
1879
1880 t->task = ct->task;
1881 if (ct->task == dump_task || !info->thread) {
1882 t->next = info->thread;
1883 info->thread = t;
1884 } else {
1885 /*
1886 * Make sure to keep the original task at
1887 * the head of the list.
1888 */
1889 t->next = info->thread->next;
1890 info->thread->next = t;
1891 }
1892 }
1893
1894 /*
1895 * Now fill in each thread's information.
1896 */
1897 for (t = info->thread; t != NULL; t = t->next)
1898 if (!fill_thread_core_info(t, view, cprm->siginfo->si_signo, &info->size))
1899 return 0;
1900
1901 /*
1902 * Fill in the two process-wide notes.
1903 */
1904 fill_psinfo(psinfo, dump_task->group_leader, dump_task->mm);
1905 info->size += notesize(&info->psinfo);
1906
1907 fill_siginfo_note(&info->signote, &info->csigdata, cprm->siginfo);
1908 info->size += notesize(&info->signote);
1909
1910 fill_auxv_note(&info->auxv, current->mm);
1911 info->size += notesize(&info->auxv);
1912
1913 if (fill_files_note(&info->files, cprm) == 0)
1914 info->size += notesize(&info->files);
1915
1916 return 1;
1917 }
1918
get_note_info_size(struct elf_note_info * info)1919 static size_t get_note_info_size(struct elf_note_info *info)
1920 {
1921 return info->size;
1922 }
1923
1924 /*
1925 * Write all the notes for each thread. When writing the first thread, the
1926 * process-wide notes are interleaved after the first thread-specific note.
1927 */
write_note_info(struct elf_note_info * info,struct coredump_params * cprm)1928 static int write_note_info(struct elf_note_info *info,
1929 struct coredump_params *cprm)
1930 {
1931 bool first = true;
1932 struct elf_thread_core_info *t = info->thread;
1933
1934 do {
1935 int i;
1936
1937 if (!writenote(&t->notes[0], cprm))
1938 return 0;
1939
1940 if (first && !writenote(&info->psinfo, cprm))
1941 return 0;
1942 if (first && !writenote(&info->signote, cprm))
1943 return 0;
1944 if (first && !writenote(&info->auxv, cprm))
1945 return 0;
1946 if (first && info->files.data &&
1947 !writenote(&info->files, cprm))
1948 return 0;
1949
1950 for (i = 1; i < info->thread_notes; ++i)
1951 if (t->notes[i].data &&
1952 !writenote(&t->notes[i], cprm))
1953 return 0;
1954
1955 first = false;
1956 t = t->next;
1957 } while (t);
1958
1959 return 1;
1960 }
1961
free_note_info(struct elf_note_info * info)1962 static void free_note_info(struct elf_note_info *info)
1963 {
1964 struct elf_thread_core_info *threads = info->thread;
1965 while (threads) {
1966 unsigned int i;
1967 struct elf_thread_core_info *t = threads;
1968 threads = t->next;
1969 WARN_ON(t->notes[0].data && t->notes[0].data != &t->prstatus);
1970 for (i = 1; i < info->thread_notes; ++i)
1971 kfree(t->notes[i].data);
1972 kfree(t);
1973 }
1974 kfree(info->psinfo.data);
1975 kvfree(info->files.data);
1976 }
1977
1978 #else
1979
1980 /* Here is the structure in which status of each thread is captured. */
1981 struct elf_thread_status
1982 {
1983 struct list_head list;
1984 struct elf_prstatus prstatus; /* NT_PRSTATUS */
1985 elf_fpregset_t fpu; /* NT_PRFPREG */
1986 struct task_struct *thread;
1987 struct memelfnote notes[3];
1988 int num_notes;
1989 };
1990
1991 /*
1992 * In order to add the specific thread information for the elf file format,
1993 * we need to keep a linked list of every threads pr_status and then create
1994 * a single section for them in the final core file.
1995 */
elf_dump_thread_status(long signr,struct elf_thread_status * t)1996 static int elf_dump_thread_status(long signr, struct elf_thread_status *t)
1997 {
1998 int sz = 0;
1999 struct task_struct *p = t->thread;
2000 t->num_notes = 0;
2001
2002 fill_prstatus(&t->prstatus, p, signr);
2003 elf_core_copy_task_regs(p, &t->prstatus.pr_reg);
2004
2005 fill_note(&t->notes[0], "CORE", NT_PRSTATUS, sizeof(t->prstatus),
2006 &(t->prstatus));
2007 t->num_notes++;
2008 sz += notesize(&t->notes[0]);
2009
2010 if ((t->prstatus.pr_fpvalid = elf_core_copy_task_fpregs(p, NULL,
2011 &t->fpu))) {
2012 fill_note(&t->notes[1], "CORE", NT_PRFPREG, sizeof(t->fpu),
2013 &(t->fpu));
2014 t->num_notes++;
2015 sz += notesize(&t->notes[1]);
2016 }
2017 return sz;
2018 }
2019
2020 struct elf_note_info {
2021 struct memelfnote *notes;
2022 struct memelfnote *notes_files;
2023 struct elf_prstatus *prstatus; /* NT_PRSTATUS */
2024 struct elf_prpsinfo *psinfo; /* NT_PRPSINFO */
2025 struct list_head thread_list;
2026 elf_fpregset_t *fpu;
2027 user_siginfo_t csigdata;
2028 int thread_status_size;
2029 int numnote;
2030 };
2031
elf_note_info_init(struct elf_note_info * info)2032 static int elf_note_info_init(struct elf_note_info *info)
2033 {
2034 memset(info, 0, sizeof(*info));
2035 INIT_LIST_HEAD(&info->thread_list);
2036
2037 /* Allocate space for ELF notes */
2038 info->notes = kmalloc_array(8, sizeof(struct memelfnote), GFP_KERNEL);
2039 if (!info->notes)
2040 return 0;
2041 info->psinfo = kmalloc(sizeof(*info->psinfo), GFP_KERNEL);
2042 if (!info->psinfo)
2043 return 0;
2044 info->prstatus = kmalloc(sizeof(*info->prstatus), GFP_KERNEL);
2045 if (!info->prstatus)
2046 return 0;
2047 info->fpu = kmalloc(sizeof(*info->fpu), GFP_KERNEL);
2048 if (!info->fpu)
2049 return 0;
2050 return 1;
2051 }
2052
fill_note_info(struct elfhdr * elf,int phdrs,struct elf_note_info * info,struct coredump_params * cprm)2053 static int fill_note_info(struct elfhdr *elf, int phdrs,
2054 struct elf_note_info *info,
2055 struct coredump_params *cprm)
2056 {
2057 struct core_thread *ct;
2058 struct elf_thread_status *ets;
2059
2060 if (!elf_note_info_init(info))
2061 return 0;
2062
2063 for (ct = current->mm->core_state->dumper.next;
2064 ct; ct = ct->next) {
2065 ets = kzalloc(sizeof(*ets), GFP_KERNEL);
2066 if (!ets)
2067 return 0;
2068
2069 ets->thread = ct->task;
2070 list_add(&ets->list, &info->thread_list);
2071 }
2072
2073 list_for_each_entry(ets, &info->thread_list, list) {
2074 int sz;
2075
2076 sz = elf_dump_thread_status(cprm->siginfo->si_signo, ets);
2077 info->thread_status_size += sz;
2078 }
2079 /* now collect the dump for the current */
2080 memset(info->prstatus, 0, sizeof(*info->prstatus));
2081 fill_prstatus(info->prstatus, current, cprm->siginfo->si_signo);
2082 elf_core_copy_regs(&info->prstatus->pr_reg, cprm->regs);
2083
2084 /* Set up header */
2085 fill_elf_header(elf, phdrs, ELF_ARCH, ELF_CORE_EFLAGS);
2086
2087 /*
2088 * Set up the notes in similar form to SVR4 core dumps made
2089 * with info from their /proc.
2090 */
2091
2092 fill_note(info->notes + 0, "CORE", NT_PRSTATUS,
2093 sizeof(*info->prstatus), info->prstatus);
2094 fill_psinfo(info->psinfo, current->group_leader, current->mm);
2095 fill_note(info->notes + 1, "CORE", NT_PRPSINFO,
2096 sizeof(*info->psinfo), info->psinfo);
2097
2098 fill_siginfo_note(info->notes + 2, &info->csigdata, cprm->siginfo);
2099 fill_auxv_note(info->notes + 3, current->mm);
2100 info->numnote = 4;
2101
2102 if (fill_files_note(info->notes + info->numnote, cprm) == 0) {
2103 info->notes_files = info->notes + info->numnote;
2104 info->numnote++;
2105 }
2106
2107 /* Try to dump the FPU. */
2108 info->prstatus->pr_fpvalid =
2109 elf_core_copy_task_fpregs(current, cprm->regs, info->fpu);
2110 if (info->prstatus->pr_fpvalid)
2111 fill_note(info->notes + info->numnote++,
2112 "CORE", NT_PRFPREG, sizeof(*info->fpu), info->fpu);
2113 return 1;
2114 }
2115
get_note_info_size(struct elf_note_info * info)2116 static size_t get_note_info_size(struct elf_note_info *info)
2117 {
2118 int sz = 0;
2119 int i;
2120
2121 for (i = 0; i < info->numnote; i++)
2122 sz += notesize(info->notes + i);
2123
2124 sz += info->thread_status_size;
2125
2126 return sz;
2127 }
2128
write_note_info(struct elf_note_info * info,struct coredump_params * cprm)2129 static int write_note_info(struct elf_note_info *info,
2130 struct coredump_params *cprm)
2131 {
2132 struct elf_thread_status *ets;
2133 int i;
2134
2135 for (i = 0; i < info->numnote; i++)
2136 if (!writenote(info->notes + i, cprm))
2137 return 0;
2138
2139 /* write out the thread status notes section */
2140 list_for_each_entry(ets, &info->thread_list, list) {
2141 for (i = 0; i < ets->num_notes; i++)
2142 if (!writenote(&ets->notes[i], cprm))
2143 return 0;
2144 }
2145
2146 return 1;
2147 }
2148
free_note_info(struct elf_note_info * info)2149 static void free_note_info(struct elf_note_info *info)
2150 {
2151 while (!list_empty(&info->thread_list)) {
2152 struct list_head *tmp = info->thread_list.next;
2153 list_del(tmp);
2154 kfree(list_entry(tmp, struct elf_thread_status, list));
2155 }
2156
2157 /* Free data possibly allocated by fill_files_note(): */
2158 if (info->notes_files)
2159 kvfree(info->notes_files->data);
2160
2161 kfree(info->prstatus);
2162 kfree(info->psinfo);
2163 kfree(info->notes);
2164 kfree(info->fpu);
2165 }
2166
2167 #endif
2168
fill_extnum_info(struct elfhdr * elf,struct elf_shdr * shdr4extnum,elf_addr_t e_shoff,int segs)2169 static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
2170 elf_addr_t e_shoff, int segs)
2171 {
2172 elf->e_shoff = e_shoff;
2173 elf->e_shentsize = sizeof(*shdr4extnum);
2174 elf->e_shnum = 1;
2175 elf->e_shstrndx = SHN_UNDEF;
2176
2177 memset(shdr4extnum, 0, sizeof(*shdr4extnum));
2178
2179 shdr4extnum->sh_type = SHT_NULL;
2180 shdr4extnum->sh_size = elf->e_shnum;
2181 shdr4extnum->sh_link = elf->e_shstrndx;
2182 shdr4extnum->sh_info = segs;
2183 }
2184
2185 /*
2186 * Actual dumper
2187 *
2188 * This is a two-pass process; first we find the offsets of the bits,
2189 * and then they are actually written out. If we run out of core limit
2190 * we just truncate.
2191 */
elf_core_dump(struct coredump_params * cprm)2192 static int elf_core_dump(struct coredump_params *cprm)
2193 {
2194 int has_dumped = 0;
2195 int segs, i;
2196 struct elfhdr elf;
2197 loff_t offset = 0, dataoff;
2198 struct elf_note_info info = { };
2199 struct elf_phdr *phdr4note = NULL;
2200 struct elf_shdr *shdr4extnum = NULL;
2201 Elf_Half e_phnum;
2202 elf_addr_t e_shoff;
2203
2204 /*
2205 * The number of segs are recored into ELF header as 16bit value.
2206 * Please check DEFAULT_MAX_MAP_COUNT definition when you modify here.
2207 */
2208 segs = cprm->vma_count + elf_core_extra_phdrs();
2209
2210 /* for notes section */
2211 segs++;
2212
2213 /* If segs > PN_XNUM(0xffff), then e_phnum overflows. To avoid
2214 * this, kernel supports extended numbering. Have a look at
2215 * include/linux/elf.h for further information. */
2216 e_phnum = segs > PN_XNUM ? PN_XNUM : segs;
2217
2218 /*
2219 * Collect all the non-memory information about the process for the
2220 * notes. This also sets up the file header.
2221 */
2222 if (!fill_note_info(&elf, e_phnum, &info, cprm))
2223 goto end_coredump;
2224
2225 has_dumped = 1;
2226
2227 offset += sizeof(elf); /* Elf header */
2228 offset += segs * sizeof(struct elf_phdr); /* Program headers */
2229
2230 /* Write notes phdr entry */
2231 {
2232 size_t sz = get_note_info_size(&info);
2233
2234 sz += elf_coredump_extra_notes_size();
2235
2236 phdr4note = kmalloc(sizeof(*phdr4note), GFP_KERNEL);
2237 if (!phdr4note)
2238 goto end_coredump;
2239
2240 fill_elf_note_phdr(phdr4note, sz, offset);
2241 offset += sz;
2242 }
2243
2244 dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
2245
2246 offset += cprm->vma_data_size;
2247 offset += elf_core_extra_data_size();
2248 e_shoff = offset;
2249
2250 if (e_phnum == PN_XNUM) {
2251 shdr4extnum = kmalloc(sizeof(*shdr4extnum), GFP_KERNEL);
2252 if (!shdr4extnum)
2253 goto end_coredump;
2254 fill_extnum_info(&elf, shdr4extnum, e_shoff, segs);
2255 }
2256
2257 offset = dataoff;
2258
2259 if (!dump_emit(cprm, &elf, sizeof(elf)))
2260 goto end_coredump;
2261
2262 if (!dump_emit(cprm, phdr4note, sizeof(*phdr4note)))
2263 goto end_coredump;
2264
2265 /* Write program headers for segments dump */
2266 for (i = 0; i < cprm->vma_count; i++) {
2267 struct core_vma_metadata *meta = cprm->vma_meta + i;
2268 struct elf_phdr phdr;
2269
2270 phdr.p_type = PT_LOAD;
2271 phdr.p_offset = offset;
2272 phdr.p_vaddr = meta->start;
2273 phdr.p_paddr = 0;
2274 phdr.p_filesz = meta->dump_size;
2275 phdr.p_memsz = meta->end - meta->start;
2276 offset += phdr.p_filesz;
2277 phdr.p_flags = 0;
2278 if (meta->flags & VM_READ)
2279 phdr.p_flags |= PF_R;
2280 if (meta->flags & VM_WRITE)
2281 phdr.p_flags |= PF_W;
2282 if (meta->flags & VM_EXEC)
2283 phdr.p_flags |= PF_X;
2284 phdr.p_align = ELF_EXEC_PAGESIZE;
2285
2286 if (!dump_emit(cprm, &phdr, sizeof(phdr)))
2287 goto end_coredump;
2288 }
2289
2290 if (!elf_core_write_extra_phdrs(cprm, offset))
2291 goto end_coredump;
2292
2293 /* write out the notes section */
2294 if (!write_note_info(&info, cprm))
2295 goto end_coredump;
2296
2297 if (elf_coredump_extra_notes_write(cprm))
2298 goto end_coredump;
2299
2300 /* Align to page */
2301 if (!dump_skip(cprm, dataoff - cprm->pos))
2302 goto end_coredump;
2303
2304 for (i = 0; i < cprm->vma_count; i++) {
2305 struct core_vma_metadata *meta = cprm->vma_meta + i;
2306
2307 if (!dump_user_range(cprm, meta->start, meta->dump_size))
2308 goto end_coredump;
2309 }
2310 dump_truncate(cprm);
2311
2312 if (!elf_core_write_extra_data(cprm))
2313 goto end_coredump;
2314
2315 if (e_phnum == PN_XNUM) {
2316 if (!dump_emit(cprm, shdr4extnum, sizeof(*shdr4extnum)))
2317 goto end_coredump;
2318 }
2319
2320 end_coredump:
2321 free_note_info(&info);
2322 kfree(shdr4extnum);
2323 kfree(phdr4note);
2324 return has_dumped;
2325 }
2326
2327 #endif /* CONFIG_ELF_CORE */
2328
init_elf_binfmt(void)2329 static int __init init_elf_binfmt(void)
2330 {
2331 register_binfmt(&elf_format);
2332 return 0;
2333 }
2334
exit_elf_binfmt(void)2335 static void __exit exit_elf_binfmt(void)
2336 {
2337 /* Remove the COFF and ELF loaders. */
2338 unregister_binfmt(&elf_format);
2339 }
2340
2341 core_initcall(init_elf_binfmt);
2342 module_exit(exit_elf_binfmt);
2343 MODULE_LICENSE("GPL");
2344