xref: /illumos-gate/usr/src/lib/libproc/common/Pcore.c (revision 0250c53ad267726f2438e3c6556199a0bbf588a2)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 /*
26  * Copyright 2012 DEY Storage Systems, Inc.  All rights reserved.
27  * Copyright (c) 2018, Joyent, Inc. All rights reserved.
28  * Copyright (c) 2013 by Delphix. All rights reserved.
29  * Copyright 2015 Gary Mills
30  * Copyright 2020 OmniOS Community Edition (OmniOSce) Association.
31  * Copyright 2024 Oxide Computer Company
32  */
33 
34 #include <sys/types.h>
35 #include <sys/utsname.h>
36 #include <sys/sysmacros.h>
37 #include <sys/proc.h>
38 
39 #include <alloca.h>
40 #include <rtld_db.h>
41 #include <libgen.h>
42 #include <limits.h>
43 #include <string.h>
44 #include <stdlib.h>
45 #include <unistd.h>
46 #include <errno.h>
47 #include <gelf.h>
48 #include <stddef.h>
49 #include <signal.h>
50 
51 #include "libproc.h"
52 #include "Pcontrol.h"
53 #include "P32ton.h"
54 #include "Putil.h"
55 #include "proc_fd.h"
56 #ifdef __x86
57 #include "Pcore_linux.h"
58 #endif
59 
60 /*
61  * Pcore.c - Code to initialize a ps_prochandle from a core dump.  We
62  * allocate an additional structure to hold information from the core
63  * file, and attach this to the standard ps_prochandle in place of the
64  * ability to examine /proc/<pid>/ files.
65  */
66 
67 /*
68  * Basic i/o function for reading and writing from the process address space
69  * stored in the core file and associated shared libraries.  We compute the
70  * appropriate fd and offsets, and let the provided prw function do the rest.
71  */
72 static ssize_t
73 core_rw(struct ps_prochandle *P, void *buf, size_t n, uintptr_t addr,
74     ssize_t (*prw)(int, void *, size_t, off64_t))
75 {
76 	ssize_t resid = n;
77 
78 	while (resid != 0) {
79 		map_info_t *mp = Paddr2mptr(P, addr);
80 
81 		uintptr_t mapoff;
82 		ssize_t len;
83 		off64_t off;
84 		int fd;
85 
86 		if (mp == NULL)
87 			break;	/* No mapping for this address */
88 
89 		if (mp->map_pmap.pr_mflags & MA_RESERVED1) {
90 			if (mp->map_file == NULL || mp->map_file->file_fd < 0)
91 				break;	/* No file or file not open */
92 
93 			fd = mp->map_file->file_fd;
94 		} else
95 			fd = P->asfd;
96 
97 		mapoff = addr - mp->map_pmap.pr_vaddr;
98 		len = MIN(resid, mp->map_pmap.pr_size - mapoff);
99 		off = mp->map_offset + mapoff;
100 
101 		if ((len = prw(fd, buf, len, off)) <= 0)
102 			break;
103 
104 		resid -= len;
105 		addr += len;
106 		buf = (char *)buf + len;
107 	}
108 
109 	/*
110 	 * Important: Be consistent with the behavior of i/o on the as file:
111 	 * writing to an invalid address yields EIO; reading from an invalid
112 	 * address falls through to returning success and zero bytes.
113 	 */
114 	if (resid == n && n != 0 && prw != pread64) {
115 		errno = EIO;
116 		return (-1);
117 	}
118 
119 	return (n - resid);
120 }
121 
122 static ssize_t
123 Pread_core(struct ps_prochandle *P, void *buf, size_t n, uintptr_t addr,
124     void *data)
125 {
126 	return (core_rw(P, buf, n, addr, pread64));
127 }
128 
129 static ssize_t
130 Pwrite_core(struct ps_prochandle *P, const void *buf, size_t n, uintptr_t addr,
131     void *data)
132 {
133 	return (core_rw(P, (void *)buf, n, addr,
134 	    (ssize_t (*)(int, void *, size_t, off64_t)) pwrite64));
135 }
136 
137 static int
138 Pcred_core(struct ps_prochandle *P, prcred_t *pcrp, int ngroups, void *data)
139 {
140 	core_info_t *core = data;
141 
142 	if (core->core_cred != NULL) {
143 		/*
144 		 * Avoid returning more supplementary group data than the
145 		 * caller has allocated in their buffer.  We expect them to
146 		 * check pr_ngroups afterward and potentially call us again.
147 		 */
148 		ngroups = MIN(ngroups, core->core_cred->pr_ngroups);
149 
150 		(void) memcpy(pcrp, core->core_cred,
151 		    sizeof (prcred_t) + (ngroups - 1) * sizeof (gid_t));
152 
153 		return (0);
154 	}
155 
156 	errno = ENODATA;
157 	return (-1);
158 }
159 
160 static int
161 Psecflags_core(struct ps_prochandle *P, prsecflags_t **psf, void *data)
162 {
163 	core_info_t *core = data;
164 
165 	if (core->core_secflags == NULL) {
166 		errno = ENODATA;
167 		return (-1);
168 	}
169 
170 	if ((*psf = calloc(1, sizeof (prsecflags_t))) == NULL)
171 		return (-1);
172 
173 	(void) memcpy(*psf, core->core_secflags, sizeof (prsecflags_t));
174 
175 	return (0);
176 }
177 
178 static int
179 Ppriv_core(struct ps_prochandle *P, prpriv_t **pprv, void *data)
180 {
181 	core_info_t *core = data;
182 
183 	if (core->core_priv == NULL) {
184 		errno = ENODATA;
185 		return (-1);
186 	}
187 
188 	*pprv = malloc(core->core_priv_size);
189 	if (*pprv == NULL) {
190 		return (-1);
191 	}
192 
193 	(void) memcpy(*pprv, core->core_priv, core->core_priv_size);
194 	return (0);
195 }
196 
197 static const psinfo_t *
198 Ppsinfo_core(struct ps_prochandle *P, psinfo_t *psinfo, void *data)
199 {
200 	return (&P->psinfo);
201 }
202 
203 static void
204 Pfini_core(struct ps_prochandle *P, void *data)
205 {
206 	core_info_t *core = data;
207 
208 	if (core != NULL) {
209 		extern void __priv_free_info(void *);
210 		lwp_info_t *lwp;
211 
212 		while ((lwp = list_remove_head(&core->core_lwp_head)) != NULL) {
213 #ifdef __sparc
214 			if (lwp->lwp_gwins != NULL)
215 				free(lwp->lwp_gwins);
216 			if (lwp->lwp_xregs != NULL)
217 				free(lwp->lwp_xregs);
218 			if (lwp->lwp_asrs != NULL)
219 				free(lwp->lwp_asrs);
220 #endif
221 			free(lwp);
222 		}
223 
224 		if (core->core_platform != NULL)
225 			free(core->core_platform);
226 		if (core->core_uts != NULL)
227 			free(core->core_uts);
228 		if (core->core_cred != NULL)
229 			free(core->core_cred);
230 		if (core->core_priv != NULL)
231 			free(core->core_priv);
232 		if (core->core_privinfo != NULL)
233 			__priv_free_info(core->core_privinfo);
234 		if (core->core_ppii != NULL)
235 			free(core->core_ppii);
236 		if (core->core_zonename != NULL)
237 			free(core->core_zonename);
238 		if (core->core_secflags != NULL)
239 			free(core->core_secflags);
240 		if (core->core_upanic != NULL)
241 			free(core->core_upanic);
242 		if (core->core_cwd != NULL)
243 			free(core->core_cwd);
244 #ifdef __x86
245 		if (core->core_ldt != NULL)
246 			free(core->core_ldt);
247 #endif
248 
249 		free(core);
250 	}
251 }
252 
253 static char *
254 Pplatform_core(struct ps_prochandle *P, char *s, size_t n, void *data)
255 {
256 	core_info_t *core = data;
257 
258 	if (core->core_platform == NULL) {
259 		errno = ENODATA;
260 		return (NULL);
261 	}
262 	(void) strncpy(s, core->core_platform, n - 1);
263 	s[n - 1] = '\0';
264 	return (s);
265 }
266 
267 static int
268 Puname_core(struct ps_prochandle *P, struct utsname *u, void *data)
269 {
270 	core_info_t *core = data;
271 
272 	if (core->core_uts == NULL) {
273 		errno = ENODATA;
274 		return (-1);
275 	}
276 	(void) memcpy(u, core->core_uts, sizeof (struct utsname));
277 	return (0);
278 }
279 
280 static char *
281 Pzonename_core(struct ps_prochandle *P, char *s, size_t n, void *data)
282 {
283 	core_info_t *core = data;
284 
285 	if (core->core_zonename == NULL) {
286 		errno = ENODATA;
287 		return (NULL);
288 	}
289 	(void) strlcpy(s, core->core_zonename, n);
290 	return (s);
291 }
292 
293 static int
294 Pcwd_core(struct ps_prochandle *P, prcwd_t **cwdp, void *data)
295 {
296 	prcwd_t *cwd;
297 	core_info_t *core = data;
298 
299 	if (core->core_cwd == NULL) {
300 		errno = ENODATA;
301 		return (-1);
302 	}
303 
304 	if ((cwd = calloc(1, sizeof (prcwd_t))) == NULL)
305 		return (-1);
306 
307 	(void) memcpy(cwd, core->core_cwd, sizeof (prcwd_t));
308 	cwd->prcwd_fsname[sizeof (cwd->prcwd_fsname) - 1] = '\0';
309 	cwd->prcwd_mntpt[sizeof (cwd->prcwd_mntpt) - 1] = '\0';
310 	cwd->prcwd_mntspec[sizeof (cwd->prcwd_mntpt) - 1] = '\0';
311 	cwd->prcwd_cwd[sizeof (cwd->prcwd_mntpt) - 1] = '\0';
312 	*cwdp = cwd;
313 
314 	return (0);
315 }
316 
317 #ifdef __x86
318 static int
319 Pldt_core(struct ps_prochandle *P, struct ssd *pldt, int nldt, void *data)
320 {
321 	core_info_t *core = data;
322 
323 	if (pldt == NULL || nldt == 0)
324 		return (core->core_nldt);
325 
326 	if (core->core_ldt != NULL) {
327 		nldt = MIN(nldt, core->core_nldt);
328 
329 		(void) memcpy(pldt, core->core_ldt,
330 		    nldt * sizeof (struct ssd));
331 
332 		return (nldt);
333 	}
334 
335 	errno = ENODATA;
336 	return (-1);
337 }
338 #endif
339 
340 static const ps_ops_t P_core_ops = {
341 	.pop_pread	= Pread_core,
342 	.pop_pwrite	= Pwrite_core,
343 	.pop_cred	= Pcred_core,
344 	.pop_priv	= Ppriv_core,
345 	.pop_psinfo	= Ppsinfo_core,
346 	.pop_fini	= Pfini_core,
347 	.pop_platform	= Pplatform_core,
348 	.pop_uname	= Puname_core,
349 	.pop_zonename	= Pzonename_core,
350 	.pop_secflags	= Psecflags_core,
351 	.pop_cwd	= Pcwd_core,
352 #ifdef __x86
353 	.pop_ldt	= Pldt_core
354 #endif
355 };
356 
357 /*
358  * Return the lwp_info_t for the given lwpid.  If no such lwpid has been
359  * encountered yet, allocate a new structure and return a pointer to it.
360  * Create a list of lwp_info_t structures sorted in decreasing lwp_id order.
361  */
362 static lwp_info_t *
363 lwpid2info(struct ps_prochandle *P, lwpid_t id)
364 {
365 	core_info_t *core = P->data;
366 	lwp_info_t *lwp, *prev;
367 
368 	for (lwp = list_head(&core->core_lwp_head); lwp != NULL;
369 	    lwp = list_next(&core->core_lwp_head, lwp)) {
370 		if (lwp->lwp_id == id) {
371 			core->core_lwp = lwp;
372 			return (lwp);
373 		}
374 		if (lwp->lwp_id < id) {
375 			break;
376 		}
377 	}
378 
379 	prev = lwp;
380 	if ((lwp = calloc(1, sizeof (lwp_info_t))) == NULL)
381 		return (NULL);
382 
383 	list_insert_before(&core->core_lwp_head, prev, lwp);
384 	lwp->lwp_id = id;
385 
386 	core->core_lwp = lwp;
387 
388 	return (lwp);
389 }
390 
391 /*
392  * The core file itself contains a series of NOTE segments containing saved
393  * structures from /proc at the time the process died.  For each note we
394  * comprehend, we define a function to read it in from the core file,
395  * convert it to our native data model if necessary, and store it inside
396  * the ps_prochandle.  Each function is invoked by Pfgrab_core() with the
397  * seek pointer on P->asfd positioned appropriately.  We populate a table
398  * of pointers to these note functions below.
399  */
400 
401 static int
402 note_pstatus(struct ps_prochandle *P, size_t nbytes)
403 {
404 #ifdef _LP64
405 	core_info_t *core = P->data;
406 
407 	if (core->core_dmodel == PR_MODEL_ILP32) {
408 		pstatus32_t ps32;
409 
410 		if (nbytes < sizeof (pstatus32_t) ||
411 		    read(P->asfd, &ps32, sizeof (ps32)) != sizeof (ps32))
412 			goto err;
413 
414 		pstatus_32_to_n(&ps32, &P->status);
415 
416 	} else
417 #endif
418 	if (nbytes < sizeof (pstatus_t) ||
419 	    read(P->asfd, &P->status, sizeof (pstatus_t)) != sizeof (pstatus_t))
420 		goto err;
421 
422 	P->orig_status = P->status;
423 	P->pid = P->status.pr_pid;
424 
425 	return (0);
426 
427 err:
428 	dprintf("Pgrab_core: failed to read NT_PSTATUS\n");
429 	return (-1);
430 }
431 
432 static int
433 note_lwpstatus(struct ps_prochandle *P, size_t nbytes)
434 {
435 	lwp_info_t *lwp;
436 	lwpstatus_t lps;
437 
438 #ifdef _LP64
439 	core_info_t *core = P->data;
440 
441 	if (core->core_dmodel == PR_MODEL_ILP32) {
442 		lwpstatus32_t l32;
443 
444 		if (nbytes < sizeof (lwpstatus32_t) ||
445 		    read(P->asfd, &l32, sizeof (l32)) != sizeof (l32))
446 			goto err;
447 
448 		lwpstatus_32_to_n(&l32, &lps);
449 	} else
450 #endif
451 	if (nbytes < sizeof (lwpstatus_t) ||
452 	    read(P->asfd, &lps, sizeof (lps)) != sizeof (lps))
453 		goto err;
454 
455 	if ((lwp = lwpid2info(P, lps.pr_lwpid)) == NULL) {
456 		dprintf("Pgrab_core: failed to add NT_LWPSTATUS\n");
457 		return (-1);
458 	}
459 
460 	/*
461 	 * Erase a useless and confusing artifact of the kernel implementation:
462 	 * the lwps which did *not* create the core will show SIGKILL.  We can
463 	 * be assured this is bogus because SIGKILL can't produce core files.
464 	 */
465 	if (lps.pr_cursig == SIGKILL)
466 		lps.pr_cursig = 0;
467 
468 	(void) memcpy(&lwp->lwp_status, &lps, sizeof (lps));
469 	return (0);
470 
471 err:
472 	dprintf("Pgrab_core: failed to read NT_LWPSTATUS\n");
473 	return (-1);
474 }
475 
476 #ifdef __x86
477 
478 static void
479 lx_prpsinfo32_to_psinfo(lx_prpsinfo32_t *p32, psinfo_t *psinfo)
480 {
481 	psinfo->pr_flag = p32->pr_flag;
482 	psinfo->pr_pid = p32->pr_pid;
483 	psinfo->pr_ppid = p32->pr_ppid;
484 	psinfo->pr_uid = p32->pr_uid;
485 	psinfo->pr_gid = p32->pr_gid;
486 	psinfo->pr_sid = p32->pr_sid;
487 	psinfo->pr_pgid = p32->pr_pgrp;
488 
489 	(void) memcpy(psinfo->pr_fname, p32->pr_fname,
490 	    sizeof (psinfo->pr_fname));
491 	(void) memcpy(psinfo->pr_psargs, p32->pr_psargs,
492 	    sizeof (psinfo->pr_psargs));
493 }
494 
495 static void
496 lx_prpsinfo64_to_psinfo(lx_prpsinfo64_t *p64, psinfo_t *psinfo)
497 {
498 	psinfo->pr_flag = p64->pr_flag;
499 	psinfo->pr_pid = p64->pr_pid;
500 	psinfo->pr_ppid = p64->pr_ppid;
501 	psinfo->pr_uid = p64->pr_uid;
502 	psinfo->pr_gid = p64->pr_gid;
503 	psinfo->pr_sid = p64->pr_sid;
504 	psinfo->pr_pgid = p64->pr_pgrp;
505 	psinfo->pr_pgid = p64->pr_pgrp;
506 
507 	(void) memcpy(psinfo->pr_fname, p64->pr_fname,
508 	    sizeof (psinfo->pr_fname));
509 	(void) memcpy(psinfo->pr_psargs, p64->pr_psargs,
510 	    sizeof (psinfo->pr_psargs));
511 }
512 
513 static int
514 note_linux_psinfo(struct ps_prochandle *P, size_t nbytes)
515 {
516 	core_info_t *core = P->data;
517 	lx_prpsinfo32_t p32;
518 	lx_prpsinfo64_t p64;
519 
520 	if (core->core_dmodel == PR_MODEL_ILP32) {
521 		if (nbytes < sizeof (p32) ||
522 		    read(P->asfd, &p32, sizeof (p32)) != sizeof (p32))
523 			goto err;
524 
525 		lx_prpsinfo32_to_psinfo(&p32, &P->psinfo);
526 	} else {
527 		if (nbytes < sizeof (p64) ||
528 		    read(P->asfd, &p64, sizeof (p64)) != sizeof (p64))
529 			goto err;
530 
531 		lx_prpsinfo64_to_psinfo(&p64, &P->psinfo);
532 	}
533 
534 
535 	P->status.pr_pid = P->psinfo.pr_pid;
536 	P->status.pr_ppid = P->psinfo.pr_ppid;
537 	P->status.pr_pgid = P->psinfo.pr_pgid;
538 	P->status.pr_sid = P->psinfo.pr_sid;
539 
540 	P->psinfo.pr_nlwp = 0;
541 	P->status.pr_nlwp = 0;
542 
543 	return (0);
544 err:
545 	dprintf("Pgrab_core: failed to read NT_PSINFO\n");
546 	return (-1);
547 }
548 
549 static void
550 lx_prstatus64_to_lwp(lx_prstatus64_t *prs64, lwp_info_t *lwp)
551 {
552 	LTIME_TO_TIMESPEC(lwp->lwp_status.pr_utime, prs64->pr_utime);
553 	LTIME_TO_TIMESPEC(lwp->lwp_status.pr_stime, prs64->pr_stime);
554 
555 	lwp->lwp_status.pr_reg[REG_R15] = prs64->pr_reg.lxr_r15;
556 	lwp->lwp_status.pr_reg[REG_R14] = prs64->pr_reg.lxr_r14;
557 	lwp->lwp_status.pr_reg[REG_R13] = prs64->pr_reg.lxr_r13;
558 	lwp->lwp_status.pr_reg[REG_R12] = prs64->pr_reg.lxr_r12;
559 	lwp->lwp_status.pr_reg[REG_R11] = prs64->pr_reg.lxr_r11;
560 	lwp->lwp_status.pr_reg[REG_R10] = prs64->pr_reg.lxr_r10;
561 	lwp->lwp_status.pr_reg[REG_R9] = prs64->pr_reg.lxr_r9;
562 	lwp->lwp_status.pr_reg[REG_R8] = prs64->pr_reg.lxr_r8;
563 
564 	lwp->lwp_status.pr_reg[REG_RDI] = prs64->pr_reg.lxr_rdi;
565 	lwp->lwp_status.pr_reg[REG_RSI] = prs64->pr_reg.lxr_rsi;
566 	lwp->lwp_status.pr_reg[REG_RBP] = prs64->pr_reg.lxr_rbp;
567 	lwp->lwp_status.pr_reg[REG_RBX] = prs64->pr_reg.lxr_rbx;
568 	lwp->lwp_status.pr_reg[REG_RDX] = prs64->pr_reg.lxr_rdx;
569 	lwp->lwp_status.pr_reg[REG_RCX] = prs64->pr_reg.lxr_rcx;
570 	lwp->lwp_status.pr_reg[REG_RAX] = prs64->pr_reg.lxr_rax;
571 
572 	lwp->lwp_status.pr_reg[REG_RIP] = prs64->pr_reg.lxr_rip;
573 	lwp->lwp_status.pr_reg[REG_CS] = prs64->pr_reg.lxr_cs;
574 	lwp->lwp_status.pr_reg[REG_RSP] = prs64->pr_reg.lxr_rsp;
575 	lwp->lwp_status.pr_reg[REG_FS] = prs64->pr_reg.lxr_fs;
576 	lwp->lwp_status.pr_reg[REG_SS] = prs64->pr_reg.lxr_ss;
577 	lwp->lwp_status.pr_reg[REG_GS] = prs64->pr_reg.lxr_gs;
578 	lwp->lwp_status.pr_reg[REG_ES] = prs64->pr_reg.lxr_es;
579 	lwp->lwp_status.pr_reg[REG_DS] = prs64->pr_reg.lxr_ds;
580 
581 	lwp->lwp_status.pr_reg[REG_GSBASE] = prs64->pr_reg.lxr_gs_base;
582 	lwp->lwp_status.pr_reg[REG_FSBASE] = prs64->pr_reg.lxr_fs_base;
583 }
584 
585 static void
586 lx_prstatus32_to_lwp(lx_prstatus32_t *prs32, lwp_info_t *lwp)
587 {
588 	LTIME_TO_TIMESPEC(lwp->lwp_status.pr_utime, prs32->pr_utime);
589 	LTIME_TO_TIMESPEC(lwp->lwp_status.pr_stime, prs32->pr_stime);
590 
591 #ifdef __amd64
592 	lwp->lwp_status.pr_reg[REG_GS] = prs32->pr_reg.lxr_gs;
593 	lwp->lwp_status.pr_reg[REG_FS] = prs32->pr_reg.lxr_fs;
594 	lwp->lwp_status.pr_reg[REG_DS] = prs32->pr_reg.lxr_ds;
595 	lwp->lwp_status.pr_reg[REG_ES] = prs32->pr_reg.lxr_es;
596 	lwp->lwp_status.pr_reg[REG_RDI] = prs32->pr_reg.lxr_di;
597 	lwp->lwp_status.pr_reg[REG_RSI] = prs32->pr_reg.lxr_si;
598 	lwp->lwp_status.pr_reg[REG_RBP] = prs32->pr_reg.lxr_bp;
599 	lwp->lwp_status.pr_reg[REG_RBX] = prs32->pr_reg.lxr_bx;
600 	lwp->lwp_status.pr_reg[REG_RDX] = prs32->pr_reg.lxr_dx;
601 	lwp->lwp_status.pr_reg[REG_RCX] = prs32->pr_reg.lxr_cx;
602 	lwp->lwp_status.pr_reg[REG_RAX] = prs32->pr_reg.lxr_ax;
603 	lwp->lwp_status.pr_reg[REG_RIP] = prs32->pr_reg.lxr_ip;
604 	lwp->lwp_status.pr_reg[REG_CS] = prs32->pr_reg.lxr_cs;
605 	lwp->lwp_status.pr_reg[REG_RFL] = prs32->pr_reg.lxr_flags;
606 	lwp->lwp_status.pr_reg[REG_RSP] = prs32->pr_reg.lxr_sp;
607 	lwp->lwp_status.pr_reg[REG_SS] = prs32->pr_reg.lxr_ss;
608 #else /* __amd64 */
609 	lwp->lwp_status.pr_reg[EBX] = prs32->pr_reg.lxr_bx;
610 	lwp->lwp_status.pr_reg[ECX] = prs32->pr_reg.lxr_cx;
611 	lwp->lwp_status.pr_reg[EDX] = prs32->pr_reg.lxr_dx;
612 	lwp->lwp_status.pr_reg[ESI] = prs32->pr_reg.lxr_si;
613 	lwp->lwp_status.pr_reg[EDI] = prs32->pr_reg.lxr_di;
614 	lwp->lwp_status.pr_reg[EBP] = prs32->pr_reg.lxr_bp;
615 	lwp->lwp_status.pr_reg[EAX] = prs32->pr_reg.lxr_ax;
616 	lwp->lwp_status.pr_reg[EIP] = prs32->pr_reg.lxr_ip;
617 	lwp->lwp_status.pr_reg[UESP] = prs32->pr_reg.lxr_sp;
618 
619 	lwp->lwp_status.pr_reg[DS] = prs32->pr_reg.lxr_ds;
620 	lwp->lwp_status.pr_reg[ES] = prs32->pr_reg.lxr_es;
621 	lwp->lwp_status.pr_reg[FS] = prs32->pr_reg.lxr_fs;
622 	lwp->lwp_status.pr_reg[GS] = prs32->pr_reg.lxr_gs;
623 	lwp->lwp_status.pr_reg[CS] = prs32->pr_reg.lxr_cs;
624 	lwp->lwp_status.pr_reg[SS] = prs32->pr_reg.lxr_ss;
625 
626 	lwp->lwp_status.pr_reg[EFL] = prs32->pr_reg.lxr_flags;
627 #endif	/* !__amd64 */
628 }
629 
630 static int
631 note_linux_prstatus(struct ps_prochandle *P, size_t nbytes)
632 {
633 	core_info_t *core = P->data;
634 
635 	lx_prstatus64_t prs64;
636 	lx_prstatus32_t prs32;
637 	lwp_info_t *lwp;
638 	lwpid_t tid;
639 
640 	dprintf("looking for model %d, %ld/%ld\n", core->core_dmodel,
641 	    (ulong_t)nbytes, (ulong_t)sizeof (prs32));
642 	if (core->core_dmodel == PR_MODEL_ILP32) {
643 		if (nbytes < sizeof (prs32) ||
644 		    read(P->asfd, &prs32, sizeof (prs32)) != nbytes)
645 			goto err;
646 		tid = prs32.pr_pid;
647 	} else {
648 		if (nbytes < sizeof (prs64) ||
649 		    read(P->asfd, &prs64, sizeof (prs64)) != nbytes)
650 			goto err;
651 		tid = prs64.pr_pid;
652 	}
653 
654 	if ((lwp = lwpid2info(P, tid)) == NULL) {
655 		dprintf("Pgrab_core: failed to add lwpid2info "
656 		    "linux_prstatus\n");
657 		return (-1);
658 	}
659 
660 	P->psinfo.pr_nlwp++;
661 	P->status.pr_nlwp++;
662 
663 	lwp->lwp_status.pr_lwpid = tid;
664 
665 	if (core->core_dmodel == PR_MODEL_ILP32)
666 		lx_prstatus32_to_lwp(&prs32, lwp);
667 	else
668 		lx_prstatus64_to_lwp(&prs64, lwp);
669 
670 	return (0);
671 err:
672 	dprintf("Pgrab_core: failed to read NT_PRSTATUS\n");
673 	return (-1);
674 }
675 
676 #endif /* __x86 */
677 
678 static int
679 note_psinfo(struct ps_prochandle *P, size_t nbytes)
680 {
681 #ifdef _LP64
682 	core_info_t *core = P->data;
683 
684 	if (core->core_dmodel == PR_MODEL_ILP32) {
685 		psinfo32_t ps32;
686 
687 		if (nbytes < sizeof (psinfo32_t) ||
688 		    read(P->asfd, &ps32, sizeof (ps32)) != sizeof (ps32))
689 			goto err;
690 
691 		psinfo_32_to_n(&ps32, &P->psinfo);
692 	} else
693 #endif
694 	if (nbytes < sizeof (psinfo_t) ||
695 	    read(P->asfd, &P->psinfo, sizeof (psinfo_t)) != sizeof (psinfo_t))
696 		goto err;
697 
698 	dprintf("pr_fname = <%s>\n", P->psinfo.pr_fname);
699 	dprintf("pr_psargs = <%s>\n", P->psinfo.pr_psargs);
700 	dprintf("pr_wstat = 0x%x\n", P->psinfo.pr_wstat);
701 
702 	return (0);
703 
704 err:
705 	dprintf("Pgrab_core: failed to read NT_PSINFO\n");
706 	return (-1);
707 }
708 
709 static int
710 note_lwpsinfo(struct ps_prochandle *P, size_t nbytes)
711 {
712 	lwp_info_t *lwp;
713 	lwpsinfo_t lps;
714 
715 #ifdef _LP64
716 	core_info_t *core = P->data;
717 
718 	if (core->core_dmodel == PR_MODEL_ILP32) {
719 		lwpsinfo32_t l32;
720 
721 		if (nbytes < sizeof (lwpsinfo32_t) ||
722 		    read(P->asfd, &l32, sizeof (l32)) != sizeof (l32))
723 			goto err;
724 
725 		lwpsinfo_32_to_n(&l32, &lps);
726 	} else
727 #endif
728 	if (nbytes < sizeof (lwpsinfo_t) ||
729 	    read(P->asfd, &lps, sizeof (lps)) != sizeof (lps))
730 		goto err;
731 
732 	if ((lwp = lwpid2info(P, lps.pr_lwpid)) == NULL) {
733 		dprintf("Pgrab_core: failed to add NT_LWPSINFO\n");
734 		return (-1);
735 	}
736 
737 	(void) memcpy(&lwp->lwp_psinfo, &lps, sizeof (lps));
738 	return (0);
739 
740 err:
741 	dprintf("Pgrab_core: failed to read NT_LWPSINFO\n");
742 	return (-1);
743 }
744 
745 static int
746 note_lwpname(struct ps_prochandle *P, size_t nbytes)
747 {
748 	prlwpname_t name;
749 	lwp_info_t *lwp;
750 
751 	if (nbytes != sizeof (name) ||
752 	    read(P->asfd, &name, sizeof (name)) != sizeof (name))
753 		goto err;
754 
755 	if ((lwp = lwpid2info(P, name.pr_lwpid)) == NULL)
756 		goto err;
757 
758 	if (strlcpy(lwp->lwp_name, name.pr_lwpname,
759 	    sizeof (lwp->lwp_name)) >= sizeof (lwp->lwp_name)) {
760 		errno = ENAMETOOLONG;
761 		goto err;
762 	}
763 
764 	return (0);
765 
766 err:
767 	dprintf("Pgrab_core: failed to read NT_LWPNAME\n");
768 	return (-1);
769 }
770 
771 static int
772 note_fdinfo(struct ps_prochandle *P, size_t nbytes)
773 {
774 	prfdinfo_core_t prfd;
775 	fd_info_t *fip;
776 
777 	if ((nbytes < sizeof (prfd)) ||
778 	    (read(P->asfd, &prfd, sizeof (prfd)) != sizeof (prfd))) {
779 		dprintf("Pgrab_core: failed to read NT_FDINFO\n");
780 		return (-1);
781 	}
782 
783 	if ((fip = Pfd2info(P, prfd.pr_fd)) == NULL) {
784 		dprintf("Pgrab_core: failed to add NT_FDINFO\n");
785 		return (-1);
786 	}
787 	if (fip->fd_info == NULL) {
788 		if (proc_fdinfo_from_core(&prfd, &fip->fd_info) != 0) {
789 			dprintf("Pgrab_core: failed to convert NT_FDINFO\n");
790 			return (-1);
791 		}
792 	}
793 
794 	return (0);
795 }
796 
797 static int
798 note_platform(struct ps_prochandle *P, size_t nbytes)
799 {
800 	core_info_t *core = P->data;
801 	char *plat;
802 
803 	if (core->core_platform != NULL)
804 		return (0);	/* Already seen */
805 
806 	if (nbytes != 0 && ((plat = malloc(nbytes + 1)) != NULL)) {
807 		if (read(P->asfd, plat, nbytes) != nbytes) {
808 			dprintf("Pgrab_core: failed to read NT_PLATFORM\n");
809 			free(plat);
810 			return (-1);
811 		}
812 		plat[nbytes - 1] = '\0';
813 		core->core_platform = plat;
814 	}
815 
816 	return (0);
817 }
818 
819 static int
820 note_secflags(struct ps_prochandle *P, size_t nbytes)
821 {
822 	core_info_t *core = P->data;
823 	prsecflags_t *psf;
824 
825 	if (core->core_secflags != NULL)
826 		return (0);	/* Already seen */
827 
828 	if (sizeof (*psf) != nbytes) {
829 		dprintf("Pgrab_core: NT_SECFLAGS changed size."
830 		    "  Need to handle a version change?\n");
831 		return (-1);
832 	}
833 
834 	if (nbytes != 0 && ((psf = malloc(nbytes)) != NULL)) {
835 		if (read(P->asfd, psf, nbytes) != nbytes) {
836 			dprintf("Pgrab_core: failed to read NT_SECFLAGS\n");
837 			free(psf);
838 			return (-1);
839 		}
840 
841 		core->core_secflags = psf;
842 	}
843 
844 	return (0);
845 }
846 
847 static int
848 note_utsname(struct ps_prochandle *P, size_t nbytes)
849 {
850 	core_info_t *core = P->data;
851 	size_t ubytes = sizeof (struct utsname);
852 	struct utsname *utsp;
853 
854 	if (core->core_uts != NULL || nbytes < ubytes)
855 		return (0);	/* Already seen or bad size */
856 
857 	if ((utsp = malloc(ubytes)) == NULL)
858 		return (-1);
859 
860 	if (read(P->asfd, utsp, ubytes) != ubytes) {
861 		dprintf("Pgrab_core: failed to read NT_UTSNAME\n");
862 		free(utsp);
863 		return (-1);
864 	}
865 
866 	if (_libproc_debug) {
867 		dprintf("uts.sysname = \"%s\"\n", utsp->sysname);
868 		dprintf("uts.nodename = \"%s\"\n", utsp->nodename);
869 		dprintf("uts.release = \"%s\"\n", utsp->release);
870 		dprintf("uts.version = \"%s\"\n", utsp->version);
871 		dprintf("uts.machine = \"%s\"\n", utsp->machine);
872 	}
873 
874 	core->core_uts = utsp;
875 	return (0);
876 }
877 
878 static int
879 note_content(struct ps_prochandle *P, size_t nbytes)
880 {
881 	core_info_t *core = P->data;
882 	core_content_t content;
883 
884 	if (sizeof (core->core_content) != nbytes)
885 		return (-1);
886 
887 	if (read(P->asfd, &content, sizeof (content)) != sizeof (content))
888 		return (-1);
889 
890 	core->core_content = content;
891 
892 	dprintf("core content = %llx\n", content);
893 
894 	return (0);
895 }
896 
897 static int
898 note_cred(struct ps_prochandle *P, size_t nbytes)
899 {
900 	core_info_t *core = P->data;
901 	prcred_t *pcrp;
902 	int ngroups;
903 	const size_t min_size = sizeof (prcred_t) - sizeof (gid_t);
904 
905 	/*
906 	 * We allow for prcred_t notes that are actually smaller than a
907 	 * prcred_t since the last member isn't essential if there are
908 	 * no group memberships. This allows for more flexibility when it
909 	 * comes to slightly malformed -- but still valid -- notes.
910 	 */
911 	if (core->core_cred != NULL || nbytes < min_size)
912 		return (0);	/* Already seen or bad size */
913 
914 	ngroups = (nbytes - min_size) / sizeof (gid_t);
915 	nbytes = sizeof (prcred_t) + (ngroups - 1) * sizeof (gid_t);
916 
917 	if ((pcrp = malloc(nbytes)) == NULL)
918 		return (-1);
919 
920 	if (read(P->asfd, pcrp, nbytes) != nbytes) {
921 		dprintf("Pgrab_core: failed to read NT_PRCRED\n");
922 		free(pcrp);
923 		return (-1);
924 	}
925 
926 	if (pcrp->pr_ngroups > ngroups) {
927 		dprintf("pr_ngroups = %d; resetting to %d based on note size\n",
928 		    pcrp->pr_ngroups, ngroups);
929 		pcrp->pr_ngroups = ngroups;
930 	}
931 
932 	core->core_cred = pcrp;
933 	return (0);
934 }
935 
936 #ifdef __x86
937 static int
938 note_ldt(struct ps_prochandle *P, size_t nbytes)
939 {
940 	core_info_t *core = P->data;
941 	struct ssd *pldt;
942 	uint_t nldt;
943 
944 	if (core->core_ldt != NULL || nbytes < sizeof (struct ssd))
945 		return (0);	/* Already seen or bad size */
946 
947 	nldt = nbytes / sizeof (struct ssd);
948 	nbytes = nldt * sizeof (struct ssd);
949 
950 	if ((pldt = malloc(nbytes)) == NULL)
951 		return (-1);
952 
953 	if (read(P->asfd, pldt, nbytes) != nbytes) {
954 		dprintf("Pgrab_core: failed to read NT_LDT\n");
955 		free(pldt);
956 		return (-1);
957 	}
958 
959 	core->core_ldt = pldt;
960 	core->core_nldt = nldt;
961 	return (0);
962 }
963 #endif	/* __i386 */
964 
965 static int
966 note_priv(struct ps_prochandle *P, size_t nbytes)
967 {
968 	core_info_t *core = P->data;
969 	prpriv_t *pprvp;
970 
971 	if (core->core_priv != NULL || nbytes < sizeof (prpriv_t))
972 		return (0);	/* Already seen or bad size */
973 
974 	if ((pprvp = malloc(nbytes)) == NULL)
975 		return (-1);
976 
977 	if (read(P->asfd, pprvp, nbytes) != nbytes) {
978 		dprintf("Pgrab_core: failed to read NT_PRPRIV\n");
979 		free(pprvp);
980 		return (-1);
981 	}
982 
983 	core->core_priv = pprvp;
984 	core->core_priv_size = nbytes;
985 	return (0);
986 }
987 
988 static int
989 note_priv_info(struct ps_prochandle *P, size_t nbytes)
990 {
991 	core_info_t *core = P->data;
992 	extern void *__priv_parse_info();
993 	priv_impl_info_t *ppii;
994 
995 	if (core->core_privinfo != NULL ||
996 	    nbytes < sizeof (priv_impl_info_t))
997 		return (0);	/* Already seen or bad size */
998 
999 	if ((ppii = malloc(nbytes)) == NULL)
1000 		return (-1);
1001 
1002 	if (read(P->asfd, ppii, nbytes) != nbytes ||
1003 	    PRIV_IMPL_INFO_SIZE(ppii) != nbytes) {
1004 		dprintf("Pgrab_core: failed to read NT_PRPRIVINFO\n");
1005 		free(ppii);
1006 		return (-1);
1007 	}
1008 
1009 	core->core_privinfo = __priv_parse_info(ppii);
1010 	core->core_ppii = ppii;
1011 	return (0);
1012 }
1013 
1014 static int
1015 note_zonename(struct ps_prochandle *P, size_t nbytes)
1016 {
1017 	core_info_t *core = P->data;
1018 	char *zonename;
1019 
1020 	if (core->core_zonename != NULL)
1021 		return (0);	/* Already seen */
1022 
1023 	if (nbytes != 0) {
1024 		if ((zonename = malloc(nbytes)) == NULL)
1025 			return (-1);
1026 		if (read(P->asfd, zonename, nbytes) != nbytes) {
1027 			dprintf("Pgrab_core: failed to read NT_ZONENAME\n");
1028 			free(zonename);
1029 			return (-1);
1030 		}
1031 		zonename[nbytes - 1] = '\0';
1032 		core->core_zonename = zonename;
1033 	}
1034 
1035 	return (0);
1036 }
1037 
1038 static int
1039 note_auxv(struct ps_prochandle *P, size_t nbytes)
1040 {
1041 	size_t n, i;
1042 
1043 #ifdef _LP64
1044 	core_info_t *core = P->data;
1045 
1046 	if (core->core_dmodel == PR_MODEL_ILP32) {
1047 		auxv32_t *a32;
1048 
1049 		n = nbytes / sizeof (auxv32_t);
1050 		nbytes = n * sizeof (auxv32_t);
1051 		a32 = alloca(nbytes);
1052 
1053 		if (read(P->asfd, a32, nbytes) != nbytes) {
1054 			dprintf("Pgrab_core: failed to read NT_AUXV\n");
1055 			return (-1);
1056 		}
1057 
1058 		if ((P->auxv = malloc(sizeof (auxv_t) * (n + 1))) == NULL)
1059 			return (-1);
1060 
1061 		for (i = 0; i < n; i++)
1062 			auxv_32_to_n(&a32[i], &P->auxv[i]);
1063 
1064 	} else {
1065 #endif
1066 		n = nbytes / sizeof (auxv_t);
1067 		nbytes = n * sizeof (auxv_t);
1068 
1069 		if ((P->auxv = malloc(nbytes + sizeof (auxv_t))) == NULL)
1070 			return (-1);
1071 
1072 		if (read(P->asfd, P->auxv, nbytes) != nbytes) {
1073 			free(P->auxv);
1074 			P->auxv = NULL;
1075 			return (-1);
1076 		}
1077 #ifdef _LP64
1078 	}
1079 #endif
1080 
1081 	if (_libproc_debug) {
1082 		for (i = 0; i < n; i++) {
1083 			dprintf("P->auxv[%lu] = ( %d, 0x%lx )\n", (ulong_t)i,
1084 			    P->auxv[i].a_type, P->auxv[i].a_un.a_val);
1085 		}
1086 	}
1087 
1088 	/*
1089 	 * Defensive coding for loops which depend upon the auxv array being
1090 	 * terminated by an AT_NULL element; in each case, we've allocated
1091 	 * P->auxv to have an additional element which we force to be AT_NULL.
1092 	 */
1093 	P->auxv[n].a_type = AT_NULL;
1094 	P->auxv[n].a_un.a_val = 0L;
1095 	P->nauxv = (int)n;
1096 
1097 	return (0);
1098 }
1099 
1100 /*
1101  * The xregs are not a fixed size on all architectures (notably x86) and in
1102  * general the prxregset_t has become opaque to deal with this. This means that
1103  * validating the note itself can be a little more challenging. Especially as
1104  * this can change across time. In this case we require that our consumers
1105  * perform this validation.
1106  */
1107 static int
1108 note_xreg(struct ps_prochandle *P, size_t nbytes)
1109 {
1110 	core_info_t *core = P->data;
1111 	lwp_info_t *lwp = core->core_lwp;
1112 	prxregset_t *xregs;
1113 	ssize_t sret;
1114 
1115 	if (lwp == NULL || lwp->lwp_xregs != NULL)
1116 		return (0);	/* No lwp yet, already seen, or bad size */
1117 
1118 	if ((xregs = malloc(nbytes)) == NULL)
1119 		return (-1);
1120 
1121 	sret = read(P->asfd, xregs, nbytes);
1122 	if (sret < 0 || (size_t)sret != nbytes) {
1123 		dprintf("Pgrab_core: failed to read NT_PRXREG\n");
1124 		free(xregs);
1125 		return (-1);
1126 	}
1127 
1128 	lwp->lwp_xregs = xregs;
1129 	lwp->lwp_xregsize = nbytes;
1130 	return (0);
1131 }
1132 
1133 #ifdef __sparc
1134 static int
1135 note_gwindows(struct ps_prochandle *P, size_t nbytes)
1136 {
1137 	core_info_t *core = P->data;
1138 	lwp_info_t *lwp = core->core_lwp;
1139 
1140 	if (lwp == NULL || lwp->lwp_gwins != NULL || nbytes == 0)
1141 		return (0);	/* No lwp yet or already seen or no data */
1142 
1143 	if ((lwp->lwp_gwins = malloc(sizeof (gwindows_t))) == NULL)
1144 		return (-1);
1145 
1146 	/*
1147 	 * Since the amount of gwindows data varies with how many windows were
1148 	 * actually saved, we just read up to the minimum of the note size
1149 	 * and the size of the gwindows_t type.  It doesn't matter if the read
1150 	 * fails since we have to zero out gwindows first anyway.
1151 	 */
1152 #ifdef _LP64
1153 	if (core->core_dmodel == PR_MODEL_ILP32) {
1154 		gwindows32_t g32;
1155 
1156 		(void) memset(&g32, 0, sizeof (g32));
1157 		(void) read(P->asfd, &g32, MIN(nbytes, sizeof (g32)));
1158 		gwindows_32_to_n(&g32, lwp->lwp_gwins);
1159 
1160 	} else {
1161 #endif
1162 		(void) memset(lwp->lwp_gwins, 0, sizeof (gwindows_t));
1163 		(void) read(P->asfd, lwp->lwp_gwins,
1164 		    MIN(nbytes, sizeof (gwindows_t)));
1165 #ifdef _LP64
1166 	}
1167 #endif
1168 	return (0);
1169 }
1170 
1171 #ifdef __sparcv9
1172 static int
1173 note_asrs(struct ps_prochandle *P, size_t nbytes)
1174 {
1175 	core_info_t *core = P->data;
1176 	lwp_info_t *lwp = core->core_lwp;
1177 	int64_t *asrs;
1178 
1179 	if (lwp == NULL || lwp->lwp_asrs != NULL || nbytes < sizeof (asrset_t))
1180 		return (0);	/* No lwp yet, already seen, or bad size */
1181 
1182 	if ((asrs = malloc(sizeof (asrset_t))) == NULL)
1183 		return (-1);
1184 
1185 	if (read(P->asfd, asrs, sizeof (asrset_t)) != sizeof (asrset_t)) {
1186 		dprintf("Pgrab_core: failed to read NT_ASRS\n");
1187 		free(asrs);
1188 		return (-1);
1189 	}
1190 
1191 	lwp->lwp_asrs = asrs;
1192 	return (0);
1193 }
1194 #endif	/* __sparcv9 */
1195 #endif	/* __sparc */
1196 
1197 static int
1198 note_spymaster(struct ps_prochandle *P, size_t nbytes)
1199 {
1200 #ifdef _LP64
1201 	core_info_t *core = P->data;
1202 
1203 	if (core->core_dmodel == PR_MODEL_ILP32) {
1204 		psinfo32_t ps32;
1205 
1206 		if (nbytes < sizeof (psinfo32_t) ||
1207 		    read(P->asfd, &ps32, sizeof (ps32)) != sizeof (ps32))
1208 			goto err;
1209 
1210 		psinfo_32_to_n(&ps32, &P->spymaster);
1211 	} else
1212 #endif
1213 	if (nbytes < sizeof (psinfo_t) || read(P->asfd,
1214 	    &P->spymaster, sizeof (psinfo_t)) != sizeof (psinfo_t))
1215 		goto err;
1216 
1217 	dprintf("spymaster pr_fname = <%s>\n", P->psinfo.pr_fname);
1218 	dprintf("spymaster pr_psargs = <%s>\n", P->psinfo.pr_psargs);
1219 	dprintf("spymaster pr_wstat = 0x%x\n", P->psinfo.pr_wstat);
1220 
1221 	return (0);
1222 
1223 err:
1224 	dprintf("Pgrab_core: failed to read NT_SPYMASTER\n");
1225 	return (-1);
1226 }
1227 
1228 static int
1229 note_upanic(struct ps_prochandle *P, size_t nbytes)
1230 {
1231 	core_info_t *core = P->data;
1232 	prupanic_t *pru;
1233 
1234 	if (core->core_upanic != NULL)
1235 		return (0);
1236 
1237 	if (sizeof (*pru) != nbytes) {
1238 		dprintf("Pgrab_core: NT_UPANIC changed size."
1239 		    "  Need to handle a version change?\n");
1240 		return (-1);
1241 	}
1242 
1243 	if (nbytes != 0 && ((pru = malloc(nbytes)) != NULL)) {
1244 		if (read(P->asfd, pru, nbytes) != nbytes) {
1245 			dprintf("Pgrab_core: failed to read NT_UPANIC\n");
1246 			free(pru);
1247 			return (-1);
1248 		}
1249 
1250 		core->core_upanic = pru;
1251 	}
1252 
1253 	return (0);
1254 }
1255 
1256 static int
1257 note_cwd(struct ps_prochandle *P, size_t nbytes)
1258 {
1259 	core_info_t *core = P->data;
1260 	prcwd_t *cwd;
1261 
1262 	if (core->core_cwd != NULL)
1263 		return (0);
1264 
1265 	if (sizeof (*cwd) != nbytes) {
1266 		dprintf("Pgrab_core: NT_CWD changed size."
1267 		    "  Need to handle a version change?\n");
1268 		return (-1);
1269 	}
1270 
1271 	if (nbytes != 0 && ((cwd = malloc(nbytes)) != NULL)) {
1272 		if (read(P->asfd, cwd, nbytes) != nbytes) {
1273 			dprintf("Pgrab_core: failed to read NT_CWD\n");
1274 			free(cwd);
1275 			return (-1);
1276 		}
1277 
1278 		core->core_cwd = cwd;
1279 	}
1280 
1281 	return (0);
1282 }
1283 
1284 static int
1285 note_notsup(struct ps_prochandle *P, size_t nbytes)
1286 {
1287 	dprintf("skipping unsupported note type of size %ld bytes\n",
1288 	    (ulong_t)nbytes);
1289 	return (0);
1290 }
1291 
1292 #if NT_NUM != NT_CWD
1293 #error "NT_NUM has grown. Update nhdlrs array"
1294 #endif
1295 
1296 /*
1297  * Populate a table of function pointers indexed by Note type with our
1298  * functions to process each type of core file note:
1299  */
1300 static int (*nhdlrs[NT_NUM + 1])(struct ps_prochandle *, size_t) = {
1301 #ifdef __x86
1302 	[NT_PRSTATUS] = note_linux_prstatus,
1303 #endif
1304 	[NT_PRFPREG] = note_notsup,
1305 #ifdef __x86
1306 	[NT_PRPSINFO] = note_linux_psinfo,
1307 #endif
1308 	[NT_PRXREG] = note_xreg,
1309 	[NT_PLATFORM] = note_platform,
1310 	[NT_AUXV] = note_auxv,
1311 #ifdef __sparc
1312 	[NT_GWINDOWS] = note_gwindows,
1313 #ifdef __sparcv9
1314 	[NT_ASRS] = note_asrs,
1315 #endif
1316 #endif
1317 #ifdef __x86
1318 	[NT_LDT] = note_ldt,
1319 #endif
1320 	[NT_PSTATUS] = note_pstatus,
1321 	[NT_PSINFO] = note_psinfo,
1322 	[NT_PRCRED] = note_cred,
1323 	[NT_UTSNAME] = note_utsname,
1324 	[NT_LWPSTATUS] = note_lwpstatus,
1325 	[NT_LWPSINFO] = note_lwpsinfo,
1326 	[NT_PRPRIV] = note_priv,
1327 	[NT_PRPRIVINFO] = note_priv_info,
1328 	[NT_CONTENT] = note_content,
1329 	[NT_ZONENAME] = note_zonename,
1330 	[NT_FDINFO] = note_fdinfo,
1331 	[NT_SPYMASTER] = note_spymaster,
1332 	[NT_SECFLAGS] = note_secflags,
1333 	[NT_LWPNAME] = note_lwpname,
1334 	[NT_UPANIC] = note_upanic,
1335 	[NT_CWD] = note_cwd
1336 };
1337 
1338 static void
1339 core_report_mapping(struct ps_prochandle *P, GElf_Phdr *php)
1340 {
1341 	prkillinfo_t killinfo;
1342 	siginfo_t *si = &killinfo.prk_info;
1343 	char signame[SIG2STR_MAX], sig[64], info[64];
1344 	void *addr = (void *)(uintptr_t)php->p_vaddr;
1345 
1346 	const char *errfmt = "core file data for mapping at %p not saved: %s\n";
1347 	const char *incfmt = "core file incomplete due to %s%s\n";
1348 	const char *msgfmt = "mappings at and above %p are missing\n";
1349 
1350 	if (!(php->p_flags & PF_SUNW_KILLED)) {
1351 		int err = 0;
1352 
1353 		(void) pread64(P->asfd, &err,
1354 		    sizeof (err), (off64_t)php->p_offset);
1355 
1356 		Perror_printf(P, errfmt, addr, strerror(err));
1357 		dprintf(errfmt, addr, strerror(err));
1358 		return;
1359 	}
1360 
1361 	if (!(php->p_flags & PF_SUNW_SIGINFO))
1362 		return;
1363 
1364 	(void) memset(&killinfo, 0, sizeof (killinfo));
1365 
1366 	(void) pread64(P->asfd, &killinfo,
1367 	    sizeof (killinfo), (off64_t)php->p_offset);
1368 
1369 	/*
1370 	 * While there is (or at least should be) only one segment that has
1371 	 * PF_SUNW_SIGINFO set, the signal information there is globally
1372 	 * useful (even if only to those debugging libproc consumers); we hang
1373 	 * the signal information gleaned here off of the ps_prochandle.
1374 	 */
1375 	P->map_missing = php->p_vaddr;
1376 	P->killinfo = killinfo.prk_info;
1377 
1378 	if (sig2str(si->si_signo, signame) == -1) {
1379 		(void) snprintf(sig, sizeof (sig),
1380 		    "<Unknown signal: 0x%x>, ", si->si_signo);
1381 	} else {
1382 		(void) snprintf(sig, sizeof (sig), "SIG%s, ", signame);
1383 	}
1384 
1385 	if (si->si_code == SI_USER || si->si_code == SI_QUEUE) {
1386 		(void) snprintf(info, sizeof (info),
1387 		    "pid=%d uid=%d zone=%d ctid=%d",
1388 		    si->si_pid, si->si_uid, si->si_zoneid, si->si_ctid);
1389 	} else {
1390 		(void) snprintf(info, sizeof (info),
1391 		    "code=%d", si->si_code);
1392 	}
1393 
1394 	Perror_printf(P, incfmt, sig, info);
1395 	Perror_printf(P, msgfmt, addr);
1396 
1397 	dprintf(incfmt, sig, info);
1398 	dprintf(msgfmt, addr);
1399 }
1400 
1401 /*
1402  * Add information on the address space mapping described by the given
1403  * PT_LOAD program header.  We fill in more information on the mapping later.
1404  */
1405 static int
1406 core_add_mapping(struct ps_prochandle *P, GElf_Phdr *php)
1407 {
1408 	core_info_t *core = P->data;
1409 	prmap_t pmap;
1410 
1411 	dprintf("mapping base %llx filesz %llx memsz %llx offset %llx\n",
1412 	    (u_longlong_t)php->p_vaddr, (u_longlong_t)php->p_filesz,
1413 	    (u_longlong_t)php->p_memsz, (u_longlong_t)php->p_offset);
1414 
1415 	pmap.pr_vaddr = (uintptr_t)php->p_vaddr;
1416 	pmap.pr_size = php->p_memsz;
1417 
1418 	/*
1419 	 * If Pgcore() or elfcore() fail to write a mapping, they will set
1420 	 * PF_SUNW_FAILURE in the Phdr and try to stash away the errno for us.
1421 	 */
1422 	if (php->p_flags & PF_SUNW_FAILURE) {
1423 		core_report_mapping(P, php);
1424 	} else if (php->p_filesz != 0 && php->p_offset >= core->core_size) {
1425 		Perror_printf(P, "core file may be corrupt -- data for mapping "
1426 		    "at %p is missing\n", (void *)(uintptr_t)php->p_vaddr);
1427 		dprintf("core file may be corrupt -- data for mapping "
1428 		    "at %p is missing\n", (void *)(uintptr_t)php->p_vaddr);
1429 	}
1430 
1431 	/*
1432 	 * The mapping name and offset will hopefully be filled in
1433 	 * by the librtld_db agent.  Unfortunately, if it isn't a
1434 	 * shared library mapping, this information is gone forever.
1435 	 */
1436 	pmap.pr_mapname[0] = '\0';
1437 	pmap.pr_offset = 0;
1438 
1439 	pmap.pr_mflags = 0;
1440 	if (php->p_flags & PF_R)
1441 		pmap.pr_mflags |= MA_READ;
1442 	if (php->p_flags & PF_W)
1443 		pmap.pr_mflags |= MA_WRITE;
1444 	if (php->p_flags & PF_X)
1445 		pmap.pr_mflags |= MA_EXEC;
1446 
1447 	if (php->p_filesz == 0)
1448 		pmap.pr_mflags |= MA_RESERVED1;
1449 
1450 	/*
1451 	 * At the time of adding this mapping, we just zero the pagesize.
1452 	 * Once we've processed more of the core file, we'll have the
1453 	 * pagesize from the auxv's AT_PAGESZ element and we can fill this in.
1454 	 */
1455 	pmap.pr_pagesize = 0;
1456 
1457 	/*
1458 	 * Unfortunately whether or not the mapping was a System V
1459 	 * shared memory segment is lost.  We use -1 to mark it as not shm.
1460 	 */
1461 	pmap.pr_shmid = -1;
1462 
1463 	return (Padd_mapping(P, php->p_offset, NULL, &pmap));
1464 }
1465 
1466 /*
1467  * Given a virtual address, name the mapping at that address using the
1468  * specified name, and return the map_info_t pointer.
1469  */
1470 static map_info_t *
1471 core_name_mapping(struct ps_prochandle *P, uintptr_t addr, const char *name)
1472 {
1473 	map_info_t *mp = Paddr2mptr(P, addr);
1474 
1475 	if (mp != NULL) {
1476 		(void) strncpy(mp->map_pmap.pr_mapname, name, PRMAPSZ);
1477 		mp->map_pmap.pr_mapname[PRMAPSZ - 1] = '\0';
1478 	}
1479 
1480 	return (mp);
1481 }
1482 
1483 /*
1484  * libproc uses libelf for all of its symbol table manipulation. This function
1485  * takes a symbol table and string table from a core file and places them
1486  * in a memory backed elf file.
1487  */
1488 static void
1489 fake_up_symtab(struct ps_prochandle *P, const elf_file_header_t *ehdr,
1490     GElf_Shdr *symtab, GElf_Shdr *strtab)
1491 {
1492 	size_t size;
1493 	off64_t off, base;
1494 	map_info_t *mp;
1495 	file_info_t *fp;
1496 	Elf_Scn *scn;
1497 	Elf_Data *data;
1498 
1499 	if (symtab->sh_addr == 0 ||
1500 	    (mp = Paddr2mptr(P, symtab->sh_addr)) == NULL ||
1501 	    (fp = mp->map_file) == NULL) {
1502 		dprintf("fake_up_symtab: invalid section\n");
1503 		return;
1504 	}
1505 
1506 	if (fp->file_symtab.sym_data_pri != NULL) {
1507 		dprintf("Symbol table already loaded (sh_addr 0x%lx)\n",
1508 		    (long)symtab->sh_addr);
1509 		return;
1510 	}
1511 
1512 	if (P->status.pr_dmodel == PR_MODEL_ILP32) {
1513 		struct {
1514 			Elf32_Ehdr ehdr;
1515 			Elf32_Shdr shdr[3];
1516 			char data[1];
1517 		} *b;
1518 
1519 		base = sizeof (b->ehdr) + sizeof (b->shdr);
1520 		size = base + symtab->sh_size + strtab->sh_size;
1521 
1522 		if ((b = calloc(1, size)) == NULL)
1523 			return;
1524 
1525 		(void) memcpy(b->ehdr.e_ident, ehdr->e_ident,
1526 		    sizeof (ehdr->e_ident));
1527 		b->ehdr.e_type = ehdr->e_type;
1528 		b->ehdr.e_machine = ehdr->e_machine;
1529 		b->ehdr.e_version = ehdr->e_version;
1530 		b->ehdr.e_flags = ehdr->e_flags;
1531 		b->ehdr.e_ehsize = sizeof (b->ehdr);
1532 		b->ehdr.e_shoff = sizeof (b->ehdr);
1533 		b->ehdr.e_shentsize = sizeof (b->shdr[0]);
1534 		b->ehdr.e_shnum = 3;
1535 		off = 0;
1536 
1537 		b->shdr[1].sh_size = symtab->sh_size;
1538 		b->shdr[1].sh_type = SHT_SYMTAB;
1539 		b->shdr[1].sh_offset = off + base;
1540 		b->shdr[1].sh_entsize = sizeof (Elf32_Sym);
1541 		b->shdr[1].sh_link = 2;
1542 		b->shdr[1].sh_info =  symtab->sh_info;
1543 		b->shdr[1].sh_addralign = symtab->sh_addralign;
1544 
1545 		if (pread64(P->asfd, &b->data[off], b->shdr[1].sh_size,
1546 		    symtab->sh_offset) != b->shdr[1].sh_size) {
1547 			dprintf("fake_up_symtab: pread of symtab[1] failed\n");
1548 			free(b);
1549 			return;
1550 		}
1551 
1552 		off += b->shdr[1].sh_size;
1553 
1554 		b->shdr[2].sh_flags = SHF_STRINGS;
1555 		b->shdr[2].sh_size = strtab->sh_size;
1556 		b->shdr[2].sh_type = SHT_STRTAB;
1557 		b->shdr[2].sh_offset = off + base;
1558 		b->shdr[2].sh_info =  strtab->sh_info;
1559 		b->shdr[2].sh_addralign = 1;
1560 
1561 		if (pread64(P->asfd, &b->data[off], b->shdr[2].sh_size,
1562 		    strtab->sh_offset) != b->shdr[2].sh_size) {
1563 			dprintf("fake_up_symtab: pread of symtab[2] failed\n");
1564 			free(b);
1565 			return;
1566 		}
1567 
1568 		off += b->shdr[2].sh_size;
1569 
1570 		fp->file_symtab.sym_elf = elf_memory((char *)b, size);
1571 		if (fp->file_symtab.sym_elf == NULL) {
1572 			free(b);
1573 			return;
1574 		}
1575 
1576 		fp->file_symtab.sym_elfmem = b;
1577 #ifdef _LP64
1578 	} else {
1579 		struct {
1580 			Elf64_Ehdr ehdr;
1581 			Elf64_Shdr shdr[3];
1582 			char data[1];
1583 		} *b;
1584 
1585 		base = sizeof (b->ehdr) + sizeof (b->shdr);
1586 		size = base + symtab->sh_size + strtab->sh_size;
1587 
1588 		if ((b = calloc(1, size)) == NULL)
1589 			return;
1590 
1591 		(void) memcpy(b->ehdr.e_ident, ehdr->e_ident,
1592 		    sizeof (ehdr->e_ident));
1593 		b->ehdr.e_type = ehdr->e_type;
1594 		b->ehdr.e_machine = ehdr->e_machine;
1595 		b->ehdr.e_version = ehdr->e_version;
1596 		b->ehdr.e_flags = ehdr->e_flags;
1597 		b->ehdr.e_ehsize = sizeof (b->ehdr);
1598 		b->ehdr.e_shoff = sizeof (b->ehdr);
1599 		b->ehdr.e_shentsize = sizeof (b->shdr[0]);
1600 		b->ehdr.e_shnum = 3;
1601 		off = 0;
1602 
1603 		b->shdr[1].sh_size = symtab->sh_size;
1604 		b->shdr[1].sh_type = SHT_SYMTAB;
1605 		b->shdr[1].sh_offset = off + base;
1606 		b->shdr[1].sh_entsize = sizeof (Elf64_Sym);
1607 		b->shdr[1].sh_link = 2;
1608 		b->shdr[1].sh_info =  symtab->sh_info;
1609 		b->shdr[1].sh_addralign = symtab->sh_addralign;
1610 
1611 		if (pread64(P->asfd, &b->data[off], b->shdr[1].sh_size,
1612 		    symtab->sh_offset) != b->shdr[1].sh_size) {
1613 			free(b);
1614 			return;
1615 		}
1616 
1617 		off += b->shdr[1].sh_size;
1618 
1619 		b->shdr[2].sh_flags = SHF_STRINGS;
1620 		b->shdr[2].sh_size = strtab->sh_size;
1621 		b->shdr[2].sh_type = SHT_STRTAB;
1622 		b->shdr[2].sh_offset = off + base;
1623 		b->shdr[2].sh_info =  strtab->sh_info;
1624 		b->shdr[2].sh_addralign = 1;
1625 
1626 		if (pread64(P->asfd, &b->data[off], b->shdr[2].sh_size,
1627 		    strtab->sh_offset) != b->shdr[2].sh_size) {
1628 			free(b);
1629 			return;
1630 		}
1631 
1632 		off += b->shdr[2].sh_size;
1633 
1634 		fp->file_symtab.sym_elf = elf_memory((char *)b, size);
1635 		if (fp->file_symtab.sym_elf == NULL) {
1636 			free(b);
1637 			return;
1638 		}
1639 
1640 		fp->file_symtab.sym_elfmem = b;
1641 #endif
1642 	}
1643 
1644 	if ((scn = elf_getscn(fp->file_symtab.sym_elf, 1)) == NULL ||
1645 	    (fp->file_symtab.sym_data_pri = elf_getdata(scn, NULL)) == NULL ||
1646 	    (scn = elf_getscn(fp->file_symtab.sym_elf, 2)) == NULL ||
1647 	    (data = elf_getdata(scn, NULL)) == NULL) {
1648 		dprintf("fake_up_symtab: failed to get section data at %p\n",
1649 		    (void *)scn);
1650 		goto err;
1651 	}
1652 
1653 	fp->file_symtab.sym_strs = data->d_buf;
1654 	fp->file_symtab.sym_strsz = data->d_size;
1655 	fp->file_symtab.sym_symn = symtab->sh_size / symtab->sh_entsize;
1656 	fp->file_symtab.sym_hdr_pri = *symtab;
1657 	fp->file_symtab.sym_strhdr = *strtab;
1658 
1659 	optimize_symtab(&fp->file_symtab);
1660 
1661 	return;
1662 err:
1663 	(void) elf_end(fp->file_symtab.sym_elf);
1664 	free(fp->file_symtab.sym_elfmem);
1665 	fp->file_symtab.sym_elf = NULL;
1666 	fp->file_symtab.sym_elfmem = NULL;
1667 }
1668 
1669 static void
1670 core_phdr_to_gelf(const Elf32_Phdr *src, GElf_Phdr *dst)
1671 {
1672 	dst->p_type = src->p_type;
1673 	dst->p_flags = src->p_flags;
1674 	dst->p_offset = (Elf64_Off)src->p_offset;
1675 	dst->p_vaddr = (Elf64_Addr)src->p_vaddr;
1676 	dst->p_paddr = (Elf64_Addr)src->p_paddr;
1677 	dst->p_filesz = (Elf64_Xword)src->p_filesz;
1678 	dst->p_memsz = (Elf64_Xword)src->p_memsz;
1679 	dst->p_align = (Elf64_Xword)src->p_align;
1680 }
1681 
1682 static void
1683 core_shdr_to_gelf(const Elf32_Shdr *src, GElf_Shdr *dst)
1684 {
1685 	dst->sh_name = src->sh_name;
1686 	dst->sh_type = src->sh_type;
1687 	dst->sh_flags = (Elf64_Xword)src->sh_flags;
1688 	dst->sh_addr = (Elf64_Addr)src->sh_addr;
1689 	dst->sh_offset = (Elf64_Off)src->sh_offset;
1690 	dst->sh_size = (Elf64_Xword)src->sh_size;
1691 	dst->sh_link = src->sh_link;
1692 	dst->sh_info = src->sh_info;
1693 	dst->sh_addralign = (Elf64_Xword)src->sh_addralign;
1694 	dst->sh_entsize = (Elf64_Xword)src->sh_entsize;
1695 }
1696 
1697 /*
1698  * Perform elf_begin on efp->e_fd and verify the ELF file's type and class.
1699  */
1700 static int
1701 core_elf_fdopen(elf_file_t *efp, GElf_Half type, int *perr)
1702 {
1703 #ifdef _BIG_ENDIAN
1704 	uchar_t order = ELFDATA2MSB;
1705 #else
1706 	uchar_t order = ELFDATA2LSB;
1707 #endif
1708 	Elf32_Ehdr e32;
1709 	int is_noelf = -1;
1710 	int isa_err = 0;
1711 
1712 	/*
1713 	 * Because 32-bit libelf cannot deal with large files, we need to read,
1714 	 * check, and convert the file header manually in case type == ET_CORE.
1715 	 */
1716 	if (pread64(efp->e_fd, &e32, sizeof (e32), 0) != sizeof (e32)) {
1717 		if (perr != NULL)
1718 			*perr = G_FORMAT;
1719 		goto err;
1720 	}
1721 	if ((is_noelf = memcmp(&e32.e_ident[EI_MAG0], ELFMAG, SELFMAG)) != 0 ||
1722 	    e32.e_type != type || (isa_err = (e32.e_ident[EI_DATA] != order)) ||
1723 	    e32.e_version != EV_CURRENT) {
1724 		if (perr != NULL) {
1725 			if (is_noelf == 0 && isa_err) {
1726 				*perr = G_ISAINVAL;
1727 			} else {
1728 				*perr = G_FORMAT;
1729 			}
1730 		}
1731 		goto err;
1732 	}
1733 
1734 	/*
1735 	 * If the file is 64-bit and we are 32-bit, fail with G_LP64.  If the
1736 	 * file is 64-bit and we are 64-bit, re-read the header as a Elf64_Ehdr,
1737 	 * and convert it to a elf_file_header_t.  Otherwise, the file is
1738 	 * 32-bit, so convert e32 to a elf_file_header_t.
1739 	 */
1740 	if (e32.e_ident[EI_CLASS] == ELFCLASS64) {
1741 #ifdef _LP64
1742 		Elf64_Ehdr e64;
1743 
1744 		if (pread64(efp->e_fd, &e64, sizeof (e64), 0) != sizeof (e64)) {
1745 			if (perr != NULL)
1746 				*perr = G_FORMAT;
1747 			goto err;
1748 		}
1749 
1750 		(void) memcpy(efp->e_hdr.e_ident, e64.e_ident, EI_NIDENT);
1751 		efp->e_hdr.e_type = e64.e_type;
1752 		efp->e_hdr.e_machine = e64.e_machine;
1753 		efp->e_hdr.e_version = e64.e_version;
1754 		efp->e_hdr.e_entry = e64.e_entry;
1755 		efp->e_hdr.e_phoff = e64.e_phoff;
1756 		efp->e_hdr.e_shoff = e64.e_shoff;
1757 		efp->e_hdr.e_flags = e64.e_flags;
1758 		efp->e_hdr.e_ehsize = e64.e_ehsize;
1759 		efp->e_hdr.e_phentsize = e64.e_phentsize;
1760 		efp->e_hdr.e_phnum = (Elf64_Word)e64.e_phnum;
1761 		efp->e_hdr.e_shentsize = e64.e_shentsize;
1762 		efp->e_hdr.e_shnum = (Elf64_Word)e64.e_shnum;
1763 		efp->e_hdr.e_shstrndx = (Elf64_Word)e64.e_shstrndx;
1764 #else	/* _LP64 */
1765 		if (perr != NULL)
1766 			*perr = G_LP64;
1767 		goto err;
1768 #endif	/* _LP64 */
1769 	} else {
1770 		(void) memcpy(efp->e_hdr.e_ident, e32.e_ident, EI_NIDENT);
1771 		efp->e_hdr.e_type = e32.e_type;
1772 		efp->e_hdr.e_machine = e32.e_machine;
1773 		efp->e_hdr.e_version = e32.e_version;
1774 		efp->e_hdr.e_entry = (Elf64_Addr)e32.e_entry;
1775 		efp->e_hdr.e_phoff = (Elf64_Off)e32.e_phoff;
1776 		efp->e_hdr.e_shoff = (Elf64_Off)e32.e_shoff;
1777 		efp->e_hdr.e_flags = e32.e_flags;
1778 		efp->e_hdr.e_ehsize = e32.e_ehsize;
1779 		efp->e_hdr.e_phentsize = e32.e_phentsize;
1780 		efp->e_hdr.e_phnum = (Elf64_Word)e32.e_phnum;
1781 		efp->e_hdr.e_shentsize = e32.e_shentsize;
1782 		efp->e_hdr.e_shnum = (Elf64_Word)e32.e_shnum;
1783 		efp->e_hdr.e_shstrndx = (Elf64_Word)e32.e_shstrndx;
1784 	}
1785 
1786 	/*
1787 	 * If the number of section headers or program headers or the section
1788 	 * header string table index would overflow their respective fields
1789 	 * in the ELF header, they're stored in the section header at index
1790 	 * zero. To simplify use elsewhere, we look for those sentinel values
1791 	 * here.
1792 	 */
1793 	if ((efp->e_hdr.e_shnum == 0 && efp->e_hdr.e_shoff != 0) ||
1794 	    efp->e_hdr.e_shstrndx == SHN_XINDEX ||
1795 	    efp->e_hdr.e_phnum == PN_XNUM) {
1796 		GElf_Shdr shdr;
1797 
1798 		dprintf("extended ELF header\n");
1799 
1800 		if (efp->e_hdr.e_shoff == 0) {
1801 			if (perr != NULL)
1802 				*perr = G_FORMAT;
1803 			goto err;
1804 		}
1805 
1806 		if (efp->e_hdr.e_ident[EI_CLASS] == ELFCLASS32) {
1807 			Elf32_Shdr shdr32;
1808 
1809 			if (pread64(efp->e_fd, &shdr32, sizeof (shdr32),
1810 			    efp->e_hdr.e_shoff) != sizeof (shdr32)) {
1811 				if (perr != NULL)
1812 					*perr = G_FORMAT;
1813 				goto err;
1814 			}
1815 
1816 			core_shdr_to_gelf(&shdr32, &shdr);
1817 		} else {
1818 			if (pread64(efp->e_fd, &shdr, sizeof (shdr),
1819 			    efp->e_hdr.e_shoff) != sizeof (shdr)) {
1820 				if (perr != NULL)
1821 					*perr = G_FORMAT;
1822 				goto err;
1823 			}
1824 		}
1825 
1826 		if (efp->e_hdr.e_shnum == 0) {
1827 			efp->e_hdr.e_shnum = shdr.sh_size;
1828 			dprintf("section header count %lu\n",
1829 			    (ulong_t)shdr.sh_size);
1830 		}
1831 
1832 		if (efp->e_hdr.e_shstrndx == SHN_XINDEX) {
1833 			efp->e_hdr.e_shstrndx = shdr.sh_link;
1834 			dprintf("section string index %u\n", shdr.sh_link);
1835 		}
1836 
1837 		if (efp->e_hdr.e_phnum == PN_XNUM && shdr.sh_info != 0) {
1838 			efp->e_hdr.e_phnum = shdr.sh_info;
1839 			dprintf("program header count %u\n", shdr.sh_info);
1840 		}
1841 
1842 	} else if (efp->e_hdr.e_phoff != 0) {
1843 		GElf_Phdr phdr;
1844 		uint64_t phnum;
1845 
1846 		/*
1847 		 * It's possible this core file came from a system that
1848 		 * accidentally truncated the e_phnum field without correctly
1849 		 * using the extended format in the section header at index
1850 		 * zero. We try to detect and correct that specific type of
1851 		 * corruption by using the knowledge that the core dump
1852 		 * routines usually place the data referenced by the first
1853 		 * program header immediately after the last header element.
1854 		 */
1855 		if (efp->e_hdr.e_ident[EI_CLASS] == ELFCLASS32) {
1856 			Elf32_Phdr phdr32;
1857 
1858 			if (pread64(efp->e_fd, &phdr32, sizeof (phdr32),
1859 			    efp->e_hdr.e_phoff) != sizeof (phdr32)) {
1860 				if (perr != NULL)
1861 					*perr = G_FORMAT;
1862 				goto err;
1863 			}
1864 
1865 			core_phdr_to_gelf(&phdr32, &phdr);
1866 		} else {
1867 			if (pread64(efp->e_fd, &phdr, sizeof (phdr),
1868 			    efp->e_hdr.e_phoff) != sizeof (phdr)) {
1869 				if (perr != NULL)
1870 					*perr = G_FORMAT;
1871 				goto err;
1872 			}
1873 		}
1874 
1875 		phnum = phdr.p_offset - efp->e_hdr.e_ehsize -
1876 		    (uint64_t)efp->e_hdr.e_shnum * efp->e_hdr.e_shentsize;
1877 		phnum /= efp->e_hdr.e_phentsize;
1878 
1879 		if (phdr.p_offset != 0 && phnum != efp->e_hdr.e_phnum) {
1880 			dprintf("suspicious program header count %u %u\n",
1881 			    (uint_t)phnum, efp->e_hdr.e_phnum);
1882 
1883 			/*
1884 			 * If the new program header count we computed doesn't
1885 			 * jive with count in the ELF header, we'll use the
1886 			 * data that's there and hope for the best.
1887 			 *
1888 			 * If it does, it's also possible that the section
1889 			 * header offset is incorrect; we'll check that and
1890 			 * possibly try to fix it.
1891 			 */
1892 			if (phnum <= INT_MAX &&
1893 			    (uint16_t)phnum == efp->e_hdr.e_phnum) {
1894 
1895 				if (efp->e_hdr.e_shoff == efp->e_hdr.e_phoff +
1896 				    efp->e_hdr.e_phentsize *
1897 				    (uint_t)efp->e_hdr.e_phnum) {
1898 					efp->e_hdr.e_shoff =
1899 					    efp->e_hdr.e_phoff +
1900 					    efp->e_hdr.e_phentsize * phnum;
1901 				}
1902 
1903 				efp->e_hdr.e_phnum = (Elf64_Word)phnum;
1904 				dprintf("using new program header count\n");
1905 			} else {
1906 				dprintf("inconsistent program header count\n");
1907 			}
1908 		}
1909 	}
1910 
1911 	/*
1912 	 * The libelf implementation was never ported to be large-file aware.
1913 	 * This is typically not a problem for your average executable or
1914 	 * shared library, but a large 32-bit core file can exceed 2GB in size.
1915 	 * So if type is ET_CORE, we don't bother doing elf_begin; the code
1916 	 * in Pfgrab_core() below will do its own i/o and struct conversion.
1917 	 */
1918 
1919 	if (type == ET_CORE) {
1920 		efp->e_elf = NULL;
1921 		return (0);
1922 	}
1923 
1924 	if ((efp->e_elf = elf_begin(efp->e_fd, ELF_C_READ, NULL)) == NULL) {
1925 		if (perr != NULL)
1926 			*perr = G_ELF;
1927 		goto err;
1928 	}
1929 
1930 	return (0);
1931 
1932 err:
1933 	efp->e_elf = NULL;
1934 	return (-1);
1935 }
1936 
1937 /*
1938  * Open the specified file and then do a core_elf_fdopen on it.
1939  */
1940 static int
1941 core_elf_open(elf_file_t *efp, const char *path, GElf_Half type, int *perr)
1942 {
1943 	(void) memset(efp, 0, sizeof (elf_file_t));
1944 
1945 	if ((efp->e_fd = open64(path, O_RDONLY)) >= 0) {
1946 		if (core_elf_fdopen(efp, type, perr) == 0)
1947 			return (0);
1948 
1949 		(void) close(efp->e_fd);
1950 		efp->e_fd = -1;
1951 	}
1952 
1953 	return (-1);
1954 }
1955 
1956 /*
1957  * Close the ELF handle and file descriptor.
1958  */
1959 static void
1960 core_elf_close(elf_file_t *efp)
1961 {
1962 	if (efp->e_elf != NULL) {
1963 		(void) elf_end(efp->e_elf);
1964 		efp->e_elf = NULL;
1965 	}
1966 
1967 	if (efp->e_fd != -1) {
1968 		(void) close(efp->e_fd);
1969 		efp->e_fd = -1;
1970 	}
1971 }
1972 
1973 /*
1974  * Given an ELF file for a statically linked executable, locate the likely
1975  * primary text section and fill in rl_base with its virtual address.
1976  */
1977 static map_info_t *
1978 core_find_text(struct ps_prochandle *P, Elf *elf, rd_loadobj_t *rlp)
1979 {
1980 	GElf_Phdr phdr;
1981 	uint_t i;
1982 	size_t nphdrs;
1983 
1984 	if (elf_getphdrnum(elf, &nphdrs) == -1)
1985 		return (NULL);
1986 
1987 	for (i = 0; i < nphdrs; i++) {
1988 		if (gelf_getphdr(elf, i, &phdr) != NULL &&
1989 		    phdr.p_type == PT_LOAD && (phdr.p_flags & PF_X)) {
1990 			rlp->rl_base = phdr.p_vaddr;
1991 			return (Paddr2mptr(P, rlp->rl_base));
1992 		}
1993 	}
1994 
1995 	return (NULL);
1996 }
1997 
1998 /*
1999  * Given an ELF file and the librtld_db structure corresponding to its primary
2000  * text mapping, deduce where its data segment was loaded and fill in
2001  * rl_data_base and prmap_t.pr_offset accordingly.
2002  */
2003 static map_info_t *
2004 core_find_data(struct ps_prochandle *P, Elf *elf, rd_loadobj_t *rlp)
2005 {
2006 	GElf_Ehdr ehdr;
2007 	GElf_Phdr phdr;
2008 	map_info_t *mp;
2009 	uint_t i, pagemask;
2010 	size_t nphdrs;
2011 
2012 	rlp->rl_data_base = (uintptr_t)NULL;
2013 
2014 	/*
2015 	 * Find the first loadable, writeable Phdr and compute rl_data_base
2016 	 * as the virtual address at which is was loaded.
2017 	 */
2018 	if (gelf_getehdr(elf, &ehdr) == NULL ||
2019 	    elf_getphdrnum(elf, &nphdrs) == -1)
2020 		return (NULL);
2021 
2022 	for (i = 0; i < nphdrs; i++) {
2023 		if (gelf_getphdr(elf, i, &phdr) != NULL &&
2024 		    phdr.p_type == PT_LOAD && (phdr.p_flags & PF_W)) {
2025 			rlp->rl_data_base = phdr.p_vaddr;
2026 			if (ehdr.e_type == ET_DYN)
2027 				rlp->rl_data_base += rlp->rl_base;
2028 			break;
2029 		}
2030 	}
2031 
2032 	/*
2033 	 * If we didn't find an appropriate phdr or if the address we
2034 	 * computed has no mapping, return NULL.
2035 	 */
2036 	if (rlp->rl_data_base == (uintptr_t)NULL ||
2037 	    (mp = Paddr2mptr(P, rlp->rl_data_base)) == NULL)
2038 		return (NULL);
2039 
2040 	/*
2041 	 * It wouldn't be procfs-related code if we didn't make use of
2042 	 * unclean knowledge of segvn, even in userland ... the prmap_t's
2043 	 * pr_offset field will be the segvn offset from mmap(2)ing the
2044 	 * data section, which will be the file offset & PAGEMASK.
2045 	 */
2046 	pagemask = ~(mp->map_pmap.pr_pagesize - 1);
2047 	mp->map_pmap.pr_offset = phdr.p_offset & pagemask;
2048 
2049 	return (mp);
2050 }
2051 
2052 /*
2053  * Librtld_db agent callback for iterating over load object mappings.
2054  * For each load object, we allocate a new file_info_t, perform naming,
2055  * and attempt to construct a symbol table for the load object.
2056  */
2057 static int
2058 core_iter_mapping(const rd_loadobj_t *rlp, struct ps_prochandle *P)
2059 {
2060 	core_info_t *core = P->data;
2061 	char lname[PATH_MAX], buf[PATH_MAX];
2062 	file_info_t *fp;
2063 	map_info_t *mp;
2064 
2065 	if (Pread_string(P, lname, PATH_MAX, (off_t)rlp->rl_nameaddr) <= 0) {
2066 		dprintf("failed to read name %p\n", (void *)rlp->rl_nameaddr);
2067 		return (1); /* Keep going; forget this if we can't get a name */
2068 	}
2069 
2070 	dprintf("rd_loadobj name = \"%s\" rl_base = %p\n",
2071 	    lname, (void *)rlp->rl_base);
2072 
2073 	if ((mp = Paddr2mptr(P, rlp->rl_base)) == NULL) {
2074 		dprintf("no mapping for %p\n", (void *)rlp->rl_base);
2075 		return (1); /* No mapping; advance to next mapping */
2076 	}
2077 
2078 	/*
2079 	 * Create a new file_info_t for this mapping, and therefore for
2080 	 * this load object.
2081 	 *
2082 	 * If there's an ELF header at the beginning of this mapping,
2083 	 * file_info_new() will try to use its section headers to
2084 	 * identify any other mappings that belong to this load object.
2085 	 */
2086 	if ((fp = mp->map_file) == NULL &&
2087 	    (fp = file_info_new(P, mp)) == NULL) {
2088 		core->core_errno = errno;
2089 		dprintf("failed to malloc mapping data\n");
2090 		return (0); /* Abort */
2091 	}
2092 	fp->file_map = mp;
2093 
2094 	/* Create a local copy of the load object representation */
2095 	if ((fp->file_lo = calloc(1, sizeof (rd_loadobj_t))) == NULL) {
2096 		core->core_errno = errno;
2097 		dprintf("failed to malloc mapping data\n");
2098 		return (0); /* Abort */
2099 	}
2100 	*fp->file_lo = *rlp;
2101 
2102 	if (lname[0] != '\0') {
2103 		/*
2104 		 * Naming dance part 1: if we got a name from librtld_db, then
2105 		 * copy this name to the prmap_t if it is unnamed.  If the
2106 		 * file_info_t is unnamed, name it after the lname.
2107 		 */
2108 		if (mp->map_pmap.pr_mapname[0] == '\0') {
2109 			(void) strncpy(mp->map_pmap.pr_mapname, lname, PRMAPSZ);
2110 			mp->map_pmap.pr_mapname[PRMAPSZ - 1] = '\0';
2111 		}
2112 
2113 		if (fp->file_lname == NULL)
2114 			fp->file_lname = strdup(lname);
2115 
2116 	} else if (fp->file_lname == NULL &&
2117 	    mp->map_pmap.pr_mapname[0] != '\0') {
2118 		/*
2119 		 * Naming dance part 2: if the mapping is named and the
2120 		 * file_info_t is not, name the file after the mapping.
2121 		 */
2122 		fp->file_lname = strdup(mp->map_pmap.pr_mapname);
2123 	}
2124 
2125 	if ((fp->file_rname == NULL) &&
2126 	    (Pfindmap(P, mp, buf, sizeof (buf)) != NULL))
2127 		fp->file_rname = strdup(buf);
2128 
2129 	if (fp->file_lname != NULL)
2130 		fp->file_lbase = basename(fp->file_lname);
2131 	if (fp->file_rname != NULL)
2132 		fp->file_rbase = basename(fp->file_rname);
2133 
2134 	/* Associate the file and the mapping. */
2135 	(void) strncpy(fp->file_pname, mp->map_pmap.pr_mapname, PRMAPSZ);
2136 	fp->file_pname[PRMAPSZ - 1] = '\0';
2137 
2138 	/*
2139 	 * If no section headers were available then we'll have to
2140 	 * identify this load object's other mappings with what we've
2141 	 * got: the start and end of the object's corresponding
2142 	 * address space.
2143 	 */
2144 	if (fp->file_saddrs == NULL) {
2145 		for (mp = fp->file_map + 1; mp < P->mappings + P->map_count &&
2146 		    mp->map_pmap.pr_vaddr < rlp->rl_bend; mp++) {
2147 
2148 			if (mp->map_file == NULL) {
2149 				dprintf("core_iter_mapping %s: associating "
2150 				    "segment at %p\n",
2151 				    fp->file_pname,
2152 				    (void *)mp->map_pmap.pr_vaddr);
2153 				mp->map_file = fp;
2154 				fp->file_ref++;
2155 			} else {
2156 				dprintf("core_iter_mapping %s: segment at "
2157 				    "%p already associated with %s\n",
2158 				    fp->file_pname,
2159 				    (void *)mp->map_pmap.pr_vaddr,
2160 				    (mp == fp->file_map ? "this file" :
2161 				    mp->map_file->file_pname));
2162 			}
2163 		}
2164 	}
2165 
2166 	/* Ensure that all this file's mappings are named. */
2167 	for (mp = fp->file_map; mp < P->mappings + P->map_count &&
2168 	    mp->map_file == fp; mp++) {
2169 		if (mp->map_pmap.pr_mapname[0] == '\0' &&
2170 		    !(mp->map_pmap.pr_mflags & MA_BREAK)) {
2171 			(void) strncpy(mp->map_pmap.pr_mapname, fp->file_pname,
2172 			    PRMAPSZ);
2173 			mp->map_pmap.pr_mapname[PRMAPSZ - 1] = '\0';
2174 		}
2175 	}
2176 
2177 	/* Attempt to build a symbol table for this file. */
2178 	Pbuild_file_symtab(P, fp);
2179 	if (fp->file_elf == NULL)
2180 		dprintf("core_iter_mapping: no symtab for %s\n",
2181 		    fp->file_pname);
2182 
2183 	/* Locate the start of a data segment associated with this file. */
2184 	if ((mp = core_find_data(P, fp->file_elf, fp->file_lo)) != NULL) {
2185 		dprintf("found data for %s at %p (pr_offset 0x%llx)\n",
2186 		    fp->file_pname, (void *)fp->file_lo->rl_data_base,
2187 		    mp->map_pmap.pr_offset);
2188 	} else {
2189 		dprintf("core_iter_mapping: no data found for %s\n",
2190 		    fp->file_pname);
2191 	}
2192 
2193 	return (1); /* Advance to next mapping */
2194 }
2195 
2196 /*
2197  * Callback function for Pfindexec().  In order to confirm a given pathname,
2198  * we verify that we can open it as an ELF file of type ET_EXEC or ET_DYN.
2199  */
2200 static int
2201 core_exec_open(const char *path, void *efp)
2202 {
2203 	if (core_elf_open(efp, path, ET_EXEC, NULL) == 0)
2204 		return (1);
2205 	if (core_elf_open(efp, path, ET_DYN, NULL) == 0)
2206 		return (1);
2207 	return (0);
2208 }
2209 
2210 /*
2211  * Attempt to load any section headers found in the core file.  If present,
2212  * this will refer to non-loadable data added to the core file by the kernel
2213  * based on coreadm(8) settings, including CTF data and the symbol table.
2214  */
2215 static void
2216 core_load_shdrs(struct ps_prochandle *P, elf_file_t *efp)
2217 {
2218 	GElf_Shdr *shp, *shdrs = NULL;
2219 	char *shstrtab = NULL;
2220 	ulong_t shstrtabsz;
2221 	const char *name;
2222 	map_info_t *mp;
2223 
2224 	size_t nbytes;
2225 	void *buf;
2226 	int i;
2227 
2228 	if (efp->e_hdr.e_shstrndx >= efp->e_hdr.e_shnum) {
2229 		dprintf("corrupt shstrndx (%u) exceeds shnum (%u)\n",
2230 		    efp->e_hdr.e_shstrndx, efp->e_hdr.e_shnum);
2231 		return;
2232 	}
2233 
2234 	/*
2235 	 * Read the section header table from the core file and then iterate
2236 	 * over the section headers, converting each to a GElf_Shdr.
2237 	 */
2238 	if ((shdrs = malloc(efp->e_hdr.e_shnum * sizeof (GElf_Shdr))) == NULL) {
2239 		dprintf("failed to malloc %u section headers: %s\n",
2240 		    (uint_t)efp->e_hdr.e_shnum, strerror(errno));
2241 		return;
2242 	}
2243 
2244 	nbytes = efp->e_hdr.e_shnum * efp->e_hdr.e_shentsize;
2245 	if ((buf = malloc(nbytes)) == NULL) {
2246 		dprintf("failed to malloc %d bytes: %s\n", (int)nbytes,
2247 		    strerror(errno));
2248 		free(shdrs);
2249 		goto out;
2250 	}
2251 
2252 	if (pread64(efp->e_fd, buf, nbytes, efp->e_hdr.e_shoff) != nbytes) {
2253 		dprintf("failed to read section headers at off %lld: %s\n",
2254 		    (longlong_t)efp->e_hdr.e_shoff, strerror(errno));
2255 		free(buf);
2256 		goto out;
2257 	}
2258 
2259 	for (i = 0; i < efp->e_hdr.e_shnum; i++) {
2260 		void *p = (uchar_t *)buf + efp->e_hdr.e_shentsize * i;
2261 
2262 		if (efp->e_hdr.e_ident[EI_CLASS] == ELFCLASS32)
2263 			core_shdr_to_gelf(p, &shdrs[i]);
2264 		else
2265 			(void) memcpy(&shdrs[i], p, sizeof (GElf_Shdr));
2266 	}
2267 
2268 	free(buf);
2269 	buf = NULL;
2270 
2271 	/*
2272 	 * Read the .shstrtab section from the core file, terminating it with
2273 	 * an extra \0 so that a corrupt section will not cause us to die.
2274 	 */
2275 	shp = &shdrs[efp->e_hdr.e_shstrndx];
2276 	shstrtabsz = shp->sh_size;
2277 
2278 	if ((shstrtab = malloc(shstrtabsz + 1)) == NULL) {
2279 		dprintf("failed to allocate %lu bytes for shstrtab\n",
2280 		    (ulong_t)shstrtabsz);
2281 		goto out;
2282 	}
2283 
2284 	if (pread64(efp->e_fd, shstrtab, shstrtabsz,
2285 	    shp->sh_offset) != shstrtabsz) {
2286 		dprintf("failed to read %lu bytes of shstrs at off %lld: %s\n",
2287 		    shstrtabsz, (longlong_t)shp->sh_offset, strerror(errno));
2288 		goto out;
2289 	}
2290 
2291 	shstrtab[shstrtabsz] = '\0';
2292 
2293 	/*
2294 	 * Now iterate over each section in the section header table, locating
2295 	 * sections of interest and initializing more of the ps_prochandle.
2296 	 */
2297 	for (i = 0; i < efp->e_hdr.e_shnum; i++) {
2298 		shp = &shdrs[i];
2299 		name = shstrtab + shp->sh_name;
2300 
2301 		if (shp->sh_name >= shstrtabsz) {
2302 			dprintf("skipping section [%d]: corrupt sh_name\n", i);
2303 			continue;
2304 		}
2305 
2306 		if (shp->sh_link >= efp->e_hdr.e_shnum) {
2307 			dprintf("skipping section [%d]: corrupt sh_link\n", i);
2308 			continue;
2309 		}
2310 
2311 		dprintf("found section header %s (sh_addr 0x%llx)\n",
2312 		    name, (u_longlong_t)shp->sh_addr);
2313 
2314 		if (strcmp(name, ".SUNW_ctf") == 0) {
2315 			if ((mp = Paddr2mptr(P, shp->sh_addr)) == NULL) {
2316 				dprintf("no map at addr 0x%llx for %s [%d]\n",
2317 				    (u_longlong_t)shp->sh_addr, name, i);
2318 				continue;
2319 			}
2320 
2321 			if (mp->map_file == NULL ||
2322 			    mp->map_file->file_ctf_buf != NULL) {
2323 				dprintf("no mapping file or duplicate buffer "
2324 				    "for %s [%d]\n", name, i);
2325 				continue;
2326 			}
2327 
2328 			if ((buf = malloc(shp->sh_size)) == NULL ||
2329 			    pread64(efp->e_fd, buf, shp->sh_size,
2330 			    shp->sh_offset) != shp->sh_size) {
2331 				dprintf("skipping section %s [%d]: %s\n",
2332 				    name, i, strerror(errno));
2333 				free(buf);
2334 				continue;
2335 			}
2336 
2337 			mp->map_file->file_ctf_size = shp->sh_size;
2338 			mp->map_file->file_ctf_buf = buf;
2339 
2340 			if (shdrs[shp->sh_link].sh_type == SHT_DYNSYM)
2341 				mp->map_file->file_ctf_dyn = 1;
2342 
2343 		} else if (strcmp(name, ".symtab") == 0) {
2344 			fake_up_symtab(P, &efp->e_hdr,
2345 			    shp, &shdrs[shp->sh_link]);
2346 		}
2347 	}
2348 out:
2349 	free(shstrtab);
2350 	free(shdrs);
2351 }
2352 
2353 /*
2354  * Main engine for core file initialization: given an fd for the core file
2355  * and an optional pathname, construct the ps_prochandle.  The aout_path can
2356  * either be a suggested executable pathname, or a suggested directory to
2357  * use as a possible current working directory.
2358  */
2359 struct ps_prochandle *
2360 Pfgrab_core(int core_fd, const char *aout_path, int *perr)
2361 {
2362 	struct ps_prochandle *P;
2363 	core_info_t *core_info;
2364 	map_info_t *stk_mp, *brk_mp;
2365 	const char *execname;
2366 	char *interp;
2367 	int i, notes, pagesize;
2368 	uintptr_t addr, base_addr;
2369 	struct stat64 stbuf;
2370 	void *phbuf, *php;
2371 	size_t nbytes;
2372 #ifdef __x86
2373 	boolean_t from_linux = B_FALSE;
2374 #endif
2375 
2376 	elf_file_t aout;
2377 	elf_file_t core;
2378 
2379 	Elf_Scn *scn, *intp_scn = NULL;
2380 	Elf_Data *dp;
2381 
2382 	GElf_Phdr phdr, note_phdr;
2383 	GElf_Shdr shdr;
2384 	GElf_Xword nleft;
2385 
2386 	if (elf_version(EV_CURRENT) == EV_NONE) {
2387 		dprintf("libproc ELF version is more recent than libelf\n");
2388 		*perr = G_ELF;
2389 		return (NULL);
2390 	}
2391 
2392 	aout.e_elf = NULL;
2393 	aout.e_fd = -1;
2394 
2395 	core.e_elf = NULL;
2396 	core.e_fd = core_fd;
2397 
2398 	/*
2399 	 * Allocate and initialize a ps_prochandle structure for the core.
2400 	 * There are several key pieces of initialization here:
2401 	 *
2402 	 * 1. The PS_DEAD state flag marks this prochandle as a core file.
2403 	 *    PS_DEAD also thus prevents all operations which require state
2404 	 *    to be PS_STOP from operating on this handle.
2405 	 *
2406 	 * 2. We keep the core file fd in P->asfd since the core file contains
2407 	 *    the remnants of the process address space.
2408 	 *
2409 	 * 3. We set the P->info_valid bit because all information about the
2410 	 *    core is determined by the end of this function; there is no need
2411 	 *    for proc_update_maps() to reload mappings at any later point.
2412 	 *
2413 	 * 4. The read/write ops vector uses our core_rw() function defined
2414 	 *    above to handle i/o requests.
2415 	 */
2416 	if ((P = malloc(sizeof (struct ps_prochandle))) == NULL) {
2417 		*perr = G_STRANGE;
2418 		return (NULL);
2419 	}
2420 
2421 	(void) memset(P, 0, sizeof (struct ps_prochandle));
2422 	(void) mutex_init(&P->proc_lock, USYNC_THREAD, NULL);
2423 	P->state = PS_DEAD;
2424 	P->pid = (pid_t)-1;
2425 	P->asfd = core.e_fd;
2426 	P->ctlfd = -1;
2427 	P->statfd = -1;
2428 	P->agentctlfd = -1;
2429 	P->agentstatfd = -1;
2430 	P->zoneroot = NULL;
2431 	P->info_valid = 1;
2432 	Pinit_ops(&P->ops, &P_core_ops);
2433 
2434 	Pinitsym(P);
2435 	Pinitfd(P);
2436 
2437 	/*
2438 	 * Fstat and open the core file and make sure it is a valid ELF core.
2439 	 */
2440 	if (fstat64(P->asfd, &stbuf) == -1) {
2441 		*perr = G_STRANGE;
2442 		goto err;
2443 	}
2444 
2445 	if (core_elf_fdopen(&core, ET_CORE, perr) == -1)
2446 		goto err;
2447 
2448 	/*
2449 	 * Allocate and initialize a core_info_t to hang off the ps_prochandle
2450 	 * structure.  We keep all core-specific information in this structure.
2451 	 */
2452 	if ((core_info = calloc(1, sizeof (core_info_t))) == NULL) {
2453 		*perr = G_STRANGE;
2454 		goto err;
2455 	}
2456 
2457 	P->data = core_info;
2458 	list_create(&core_info->core_lwp_head, sizeof (lwp_info_t),
2459 	    offsetof(lwp_info_t, lwp_list));
2460 	core_info->core_size = stbuf.st_size;
2461 	/*
2462 	 * In the days before adjustable core file content, this was the
2463 	 * default core file content. For new core files, this value will
2464 	 * be overwritten by the NT_CONTENT note section.
2465 	 */
2466 	core_info->core_content = CC_CONTENT_STACK | CC_CONTENT_HEAP |
2467 	    CC_CONTENT_DATA | CC_CONTENT_RODATA | CC_CONTENT_ANON |
2468 	    CC_CONTENT_SHANON;
2469 
2470 	switch (core.e_hdr.e_ident[EI_CLASS]) {
2471 	case ELFCLASS32:
2472 		core_info->core_dmodel = PR_MODEL_ILP32;
2473 		break;
2474 	case ELFCLASS64:
2475 		core_info->core_dmodel = PR_MODEL_LP64;
2476 		break;
2477 	default:
2478 		*perr = G_FORMAT;
2479 		goto err;
2480 	}
2481 	core_info->core_osabi = core.e_hdr.e_ident[EI_OSABI];
2482 
2483 	/*
2484 	 * Because the core file may be a large file, we can't use libelf to
2485 	 * read the Phdrs.  We use e_phnum and e_phentsize to simplify things.
2486 	 */
2487 	nbytes = core.e_hdr.e_phnum * core.e_hdr.e_phentsize;
2488 
2489 	if ((phbuf = malloc(nbytes)) == NULL) {
2490 		*perr = G_STRANGE;
2491 		goto err;
2492 	}
2493 
2494 	if (pread64(core_fd, phbuf, nbytes, core.e_hdr.e_phoff) != nbytes) {
2495 		*perr = G_STRANGE;
2496 		free(phbuf);
2497 		goto err;
2498 	}
2499 
2500 	/*
2501 	 * Iterate through the program headers in the core file.
2502 	 * We're interested in two types of Phdrs: PT_NOTE (which
2503 	 * contains a set of saved /proc structures), and PT_LOAD (which
2504 	 * represents a memory mapping from the process's address space).
2505 	 * In the case of PT_NOTE, we're interested in the last PT_NOTE
2506 	 * in the core file; currently the first PT_NOTE (if present)
2507 	 * contains /proc structs in the pre-2.6 unstructured /proc format.
2508 	 */
2509 	for (php = phbuf, notes = 0, i = 0; i < core.e_hdr.e_phnum; i++) {
2510 		if (core.e_hdr.e_ident[EI_CLASS] == ELFCLASS64)
2511 			(void) memcpy(&phdr, php, sizeof (GElf_Phdr));
2512 		else
2513 			core_phdr_to_gelf(php, &phdr);
2514 
2515 		switch (phdr.p_type) {
2516 		case PT_NOTE:
2517 			note_phdr = phdr;
2518 			notes++;
2519 			break;
2520 
2521 		case PT_LOAD:
2522 			if (core_add_mapping(P, &phdr) == -1) {
2523 				*perr = G_STRANGE;
2524 				free(phbuf);
2525 				goto err;
2526 			}
2527 			break;
2528 		default:
2529 			dprintf("Pgrab_core: unknown phdr %d\n", phdr.p_type);
2530 			break;
2531 		}
2532 
2533 		php = (char *)php + core.e_hdr.e_phentsize;
2534 	}
2535 
2536 	free(phbuf);
2537 
2538 	Psort_mappings(P);
2539 
2540 	/*
2541 	 * If we couldn't find anything of type PT_NOTE, or only one PT_NOTE
2542 	 * was present, abort.  The core file is either corrupt or too old.
2543 	 */
2544 	if (notes == 0 || (notes == 1 && core_info->core_osabi ==
2545 	    ELFOSABI_SOLARIS)) {
2546 		*perr = G_NOTE;
2547 		goto err;
2548 	}
2549 
2550 	/*
2551 	 * Advance the seek pointer to the start of the PT_NOTE data
2552 	 */
2553 	if (lseek64(P->asfd, note_phdr.p_offset, SEEK_SET) == (off64_t)-1) {
2554 		dprintf("Pgrab_core: failed to lseek to PT_NOTE data\n");
2555 		*perr = G_STRANGE;
2556 		goto err;
2557 	}
2558 
2559 	/*
2560 	 * Now process the PT_NOTE structures.  Each one is preceded by
2561 	 * an Elf{32/64}_Nhdr structure describing its type and size.
2562 	 *
2563 	 *  +--------+
2564 	 *  | header |
2565 	 *  +--------+
2566 	 *  | name   |
2567 	 *  | ...    |
2568 	 *  +--------+
2569 	 *  | desc   |
2570 	 *  | ...    |
2571 	 *  +--------+
2572 	 */
2573 	for (nleft = note_phdr.p_filesz; nleft > 0; ) {
2574 		Elf64_Nhdr nhdr;
2575 		off64_t off, namesz, descsz;
2576 
2577 		/*
2578 		 * Although <sys/elf.h> defines both Elf32_Nhdr and Elf64_Nhdr
2579 		 * as different types, they are both of the same content and
2580 		 * size, so we don't need to worry about 32/64 conversion here.
2581 		 */
2582 		if (read(P->asfd, &nhdr, sizeof (nhdr)) != sizeof (nhdr)) {
2583 			dprintf("Pgrab_core: failed to read ELF note header\n");
2584 			*perr = G_NOTE;
2585 			goto err;
2586 		}
2587 
2588 		/*
2589 		 * According to the System V ABI, the amount of padding
2590 		 * following the name field should align the description
2591 		 * field on a 4 byte boundary for 32-bit binaries or on an 8
2592 		 * byte boundary for 64-bit binaries. However, this change
2593 		 * was not made correctly during the 64-bit port so all
2594 		 * descriptions can assume only 4-byte alignment. We ignore
2595 		 * the name field and the padding to 4-byte alignment.
2596 		 */
2597 		namesz = P2ROUNDUP((off64_t)nhdr.n_namesz, (off64_t)4);
2598 
2599 		if (lseek64(P->asfd, namesz, SEEK_CUR) == (off64_t)-1) {
2600 			dprintf("failed to seek past name and padding\n");
2601 			*perr = G_STRANGE;
2602 			goto err;
2603 		}
2604 
2605 		dprintf("Note hdr n_type=%u n_namesz=%u n_descsz=%u\n",
2606 		    nhdr.n_type, nhdr.n_namesz, nhdr.n_descsz);
2607 
2608 		off = lseek64(P->asfd, (off64_t)0L, SEEK_CUR);
2609 
2610 		/*
2611 		 * Invoke the note handler function from our table
2612 		 */
2613 		if (nhdr.n_type < ARRAY_SIZE(nhdlrs) &&
2614 		    nhdlrs[nhdr.n_type] != NULL) {
2615 			if (nhdlrs[nhdr.n_type](P, nhdr.n_descsz) < 0) {
2616 				dprintf("handler for type %d returned < 0",
2617 				    nhdr.n_type);
2618 				*perr = G_NOTE;
2619 				goto err;
2620 			}
2621 			/*
2622 			 * The presence of either of these notes indicates that
2623 			 * the dump was generated on Linux.
2624 			 */
2625 #ifdef __x86
2626 			if (nhdr.n_type == NT_PRSTATUS ||
2627 			    nhdr.n_type == NT_PRPSINFO)
2628 				from_linux = B_TRUE;
2629 #endif
2630 		} else {
2631 			(void) note_notsup(P, nhdr.n_descsz);
2632 		}
2633 
2634 		/*
2635 		 * Seek past the current note data to the next Elf_Nhdr
2636 		 */
2637 		descsz = P2ROUNDUP((off64_t)nhdr.n_descsz, (off64_t)4);
2638 		if (lseek64(P->asfd, off + descsz, SEEK_SET) == (off64_t)-1) {
2639 			dprintf("Pgrab_core: failed to seek to next nhdr\n");
2640 			*perr = G_STRANGE;
2641 			goto err;
2642 		}
2643 
2644 		/*
2645 		 * Subtract the size of the header and its data from what
2646 		 * we have left to process.
2647 		 */
2648 		nleft -= sizeof (nhdr) + namesz + descsz;
2649 	}
2650 
2651 #ifdef __x86
2652 	if (from_linux) {
2653 		size_t pid;
2654 		lwp_info_t *lwp;
2655 
2656 		P->status.pr_dmodel = core_info->core_dmodel;
2657 
2658 		pid = P->status.pr_pid;
2659 
2660 		for (lwp = list_head(&core_info->core_lwp_head); lwp != NULL;
2661 		    lwp = list_next(&core_info->core_lwp_head, lwp)) {
2662 			dprintf("Linux thread with id %d\n", lwp->lwp_id);
2663 
2664 			/*
2665 			 * In the case we don't have a valid psinfo (i.e. pid is
2666 			 * 0, probably because of gdb creating the core) assume
2667 			 * lowest pid count is the first thread (what if the
2668 			 * next thread wraps the pid around?)
2669 			 */
2670 			if (P->status.pr_pid == 0 &&
2671 			    ((pid == 0 && lwp->lwp_id > 0) ||
2672 			    (lwp->lwp_id < pid))) {
2673 				pid = lwp->lwp_id;
2674 			}
2675 		}
2676 
2677 		if (P->status.pr_pid != pid) {
2678 			dprintf("No valid pid, setting to %ld\n", (ulong_t)pid);
2679 			P->status.pr_pid = pid;
2680 			P->psinfo.pr_pid = pid;
2681 		}
2682 
2683 		/*
2684 		 * Consumers like mdb expect the first thread to actually have
2685 		 * an id of 1, on linux that is actually the pid. Find the the
2686 		 * thread with our process id, and set the id to 1
2687 		 */
2688 		if ((lwp = lwpid2info(P, pid)) == NULL) {
2689 			dprintf("Couldn't find first thread\n");
2690 			*perr = G_STRANGE;
2691 			goto err;
2692 		}
2693 
2694 		dprintf("setting representative thread: %d\n", lwp->lwp_id);
2695 
2696 		lwp->lwp_id = 1;
2697 		lwp->lwp_status.pr_lwpid = 1;
2698 
2699 		/* set representative thread */
2700 		(void) memcpy(&P->status.pr_lwp, &lwp->lwp_status,
2701 		    sizeof (P->status.pr_lwp));
2702 	}
2703 #endif /* __x86 */
2704 
2705 	if (nleft != 0) {
2706 		dprintf("Pgrab_core: note section malformed\n");
2707 		*perr = G_STRANGE;
2708 		goto err;
2709 	}
2710 
2711 	if ((pagesize = Pgetauxval(P, AT_PAGESZ)) == -1) {
2712 		pagesize = getpagesize();
2713 		dprintf("AT_PAGESZ missing; defaulting to %d\n", pagesize);
2714 	}
2715 
2716 	/*
2717 	 * Locate and label the mappings corresponding to the end of the
2718 	 * heap (MA_BREAK) and the base of the stack (MA_STACK).
2719 	 */
2720 	if ((P->status.pr_brkbase != 0 || P->status.pr_brksize != 0) &&
2721 	    (brk_mp = Paddr2mptr(P, P->status.pr_brkbase +
2722 	    P->status.pr_brksize - 1)) != NULL)
2723 		brk_mp->map_pmap.pr_mflags |= MA_BREAK;
2724 	else
2725 		brk_mp = NULL;
2726 
2727 	if ((stk_mp = Paddr2mptr(P, P->status.pr_stkbase)) != NULL)
2728 		stk_mp->map_pmap.pr_mflags |= MA_STACK;
2729 
2730 	/*
2731 	 * At this point, we have enough information to look for the
2732 	 * executable and open it: we have access to the auxv, a psinfo_t,
2733 	 * and the ability to read from mappings provided by the core file.
2734 	 */
2735 	(void) Pfindexec(P, aout_path, core_exec_open, &aout);
2736 	dprintf("P->execname = \"%s\"\n", P->execname ? P->execname : "NULL");
2737 	execname = P->execname ? P->execname : "a.out";
2738 
2739 	/*
2740 	 * Iterate through the sections, looking for the .dynamic and .interp
2741 	 * sections.  If we encounter them, remember their section pointers.
2742 	 */
2743 	for (scn = NULL; (scn = elf_nextscn(aout.e_elf, scn)) != NULL; ) {
2744 		char *sname;
2745 
2746 		if ((gelf_getshdr(scn, &shdr) == NULL) ||
2747 		    (sname = elf_strptr(aout.e_elf, aout.e_hdr.e_shstrndx,
2748 		    (size_t)shdr.sh_name)) == NULL)
2749 			continue;
2750 
2751 		if (strcmp(sname, ".interp") == 0)
2752 			intp_scn = scn;
2753 	}
2754 
2755 	/*
2756 	 * Get the AT_BASE auxv element.  If this is missing (-1), then
2757 	 * we assume this is a statically-linked executable.
2758 	 */
2759 	base_addr = Pgetauxval(P, AT_BASE);
2760 
2761 	/*
2762 	 * In order to get librtld_db initialized, we'll need to identify
2763 	 * and name the mapping corresponding to the run-time linker.  The
2764 	 * AT_BASE auxv element tells us the address where it was mapped,
2765 	 * and the .interp section of the executable tells us its path.
2766 	 * If for some reason that doesn't pan out, just use ld.so.1.
2767 	 */
2768 	if (intp_scn != NULL && (dp = elf_getdata(intp_scn, NULL)) != NULL &&
2769 	    dp->d_size != 0) {
2770 		dprintf(".interp = <%s>\n", (char *)dp->d_buf);
2771 		interp = dp->d_buf;
2772 
2773 	} else if (base_addr != (uintptr_t)-1L) {
2774 		if (core_info->core_dmodel == PR_MODEL_LP64)
2775 			interp = "/usr/lib/64/ld.so.1";
2776 		else
2777 			interp = "/usr/lib/ld.so.1";
2778 
2779 		dprintf(".interp section is missing or could not be read; "
2780 		    "defaulting to %s\n", interp);
2781 	} else
2782 		dprintf("detected statically linked executable\n");
2783 
2784 	/*
2785 	 * If we have an AT_BASE element, name the mapping at that address
2786 	 * using the interpreter pathname.  Name the corresponding data
2787 	 * mapping after the interpreter as well.
2788 	 */
2789 	if (base_addr != (uintptr_t)-1L) {
2790 		elf_file_t intf;
2791 
2792 		P->map_ldso = core_name_mapping(P, base_addr, interp);
2793 
2794 		if (core_elf_open(&intf, interp, ET_DYN, NULL) == 0) {
2795 			rd_loadobj_t rl;
2796 			map_info_t *dmp;
2797 
2798 			rl.rl_base = base_addr;
2799 			dmp = core_find_data(P, intf.e_elf, &rl);
2800 
2801 			if (dmp != NULL) {
2802 				dprintf("renamed data at %p to %s\n",
2803 				    (void *)rl.rl_data_base, interp);
2804 				(void) strncpy(dmp->map_pmap.pr_mapname,
2805 				    interp, PRMAPSZ);
2806 				dmp->map_pmap.pr_mapname[PRMAPSZ - 1] = '\0';
2807 			}
2808 		}
2809 
2810 		core_elf_close(&intf);
2811 	}
2812 
2813 	/*
2814 	 * If we have an AT_ENTRY element, name the mapping at that address
2815 	 * using the special name "a.out" just like /proc does.
2816 	 */
2817 	if ((addr = Pgetauxval(P, AT_ENTRY)) != (uintptr_t)-1L)
2818 		P->map_exec = core_name_mapping(P, addr, "a.out");
2819 
2820 	/*
2821 	 * If we're a statically linked executable (or we're on x86 and looking
2822 	 * at a Linux core dump), then just locate the executable's text and
2823 	 * data and name them after the executable.
2824 	 */
2825 #ifndef __x86
2826 	if (base_addr == (uintptr_t)-1L) {
2827 #else
2828 	if (base_addr == (uintptr_t)-1L || from_linux) {
2829 #endif
2830 		dprintf("looking for text and data: %s\n", execname);
2831 		map_info_t *tmp, *dmp;
2832 		file_info_t *fp;
2833 		rd_loadobj_t rl;
2834 
2835 		if ((tmp = core_find_text(P, aout.e_elf, &rl)) != NULL &&
2836 		    (dmp = core_find_data(P, aout.e_elf, &rl)) != NULL) {
2837 			(void) strncpy(tmp->map_pmap.pr_mapname,
2838 			    execname, PRMAPSZ);
2839 			tmp->map_pmap.pr_mapname[PRMAPSZ - 1] = '\0';
2840 			(void) strncpy(dmp->map_pmap.pr_mapname,
2841 			    execname, PRMAPSZ);
2842 			dmp->map_pmap.pr_mapname[PRMAPSZ - 1] = '\0';
2843 		}
2844 
2845 		if ((P->map_exec = tmp) != NULL &&
2846 		    (fp = malloc(sizeof (file_info_t))) != NULL) {
2847 
2848 			(void) memset(fp, 0, sizeof (file_info_t));
2849 
2850 			list_insert_head(&P->file_head, fp);
2851 			tmp->map_file = fp;
2852 			P->num_files++;
2853 
2854 			fp->file_ref = 1;
2855 			fp->file_fd = -1;
2856 			fp->file_dbgfile = -1;
2857 
2858 			fp->file_lo = malloc(sizeof (rd_loadobj_t));
2859 			fp->file_lname = strdup(execname);
2860 
2861 			if (fp->file_lo)
2862 				*fp->file_lo = rl;
2863 			if (fp->file_lname)
2864 				fp->file_lbase = basename(fp->file_lname);
2865 			if (fp->file_rname)
2866 				fp->file_rbase = basename(fp->file_rname);
2867 
2868 			(void) strcpy(fp->file_pname,
2869 			    P->mappings[0].map_pmap.pr_mapname);
2870 			fp->file_map = tmp;
2871 
2872 			Pbuild_file_symtab(P, fp);
2873 
2874 			if (dmp != NULL) {
2875 				dmp->map_file = fp;
2876 				fp->file_ref++;
2877 			}
2878 		}
2879 	}
2880 
2881 	core_elf_close(&aout);
2882 
2883 	/*
2884 	 * We now have enough information to initialize librtld_db.
2885 	 * After it warms up, we can iterate through the load object chain
2886 	 * in the core, which will allow us to construct the file info
2887 	 * we need to provide symbol information for the other shared
2888 	 * libraries, and also to fill in the missing mapping names.
2889 	 */
2890 	rd_log(_libproc_debug);
2891 
2892 	if ((P->rap = rd_new(P)) != NULL) {
2893 		(void) rd_loadobj_iter(P->rap, (rl_iter_f *)
2894 		    core_iter_mapping, P);
2895 
2896 		if (core_info->core_errno != 0) {
2897 			errno = core_info->core_errno;
2898 			*perr = G_STRANGE;
2899 			goto err;
2900 		}
2901 	} else
2902 		dprintf("failed to initialize rtld_db agent\n");
2903 
2904 	/*
2905 	 * If there are sections, load them and process the data from any
2906 	 * sections that we can use to annotate the file_info_t's.
2907 	 */
2908 	core_load_shdrs(P, &core);
2909 
2910 	/*
2911 	 * If we previously located a stack or break mapping, and they are
2912 	 * still anonymous, we now assume that they were MAP_ANON mappings.
2913 	 * If brk_mp turns out to now have a name, then the heap is still
2914 	 * sitting at the end of the executable's data+bss mapping: remove
2915 	 * the previous MA_BREAK setting to be consistent with /proc.
2916 	 */
2917 	if (stk_mp != NULL && stk_mp->map_pmap.pr_mapname[0] == '\0')
2918 		stk_mp->map_pmap.pr_mflags |= MA_ANON;
2919 	if (brk_mp != NULL && brk_mp->map_pmap.pr_mapname[0] == '\0')
2920 		brk_mp->map_pmap.pr_mflags |= MA_ANON;
2921 	else if (brk_mp != NULL)
2922 		brk_mp->map_pmap.pr_mflags &= ~MA_BREAK;
2923 
2924 	*perr = 0;
2925 	return (P);
2926 
2927 err:
2928 	Pfree(P);
2929 	core_elf_close(&aout);
2930 	return (NULL);
2931 }
2932 
2933 /*
2934  * Grab a core file using a pathname.  We just open it and call Pfgrab_core().
2935  */
2936 struct ps_prochandle *
2937 Pgrab_core(const char *core, const char *aout, int gflag, int *perr)
2938 {
2939 	int fd, oflag = (gflag & PGRAB_RDONLY) ? O_RDONLY : O_RDWR;
2940 
2941 	if ((fd = open64(core, oflag)) >= 0)
2942 		return (Pfgrab_core(fd, aout, perr));
2943 
2944 	if (errno != ENOENT)
2945 		*perr = G_STRANGE;
2946 	else
2947 		*perr = G_NOCORE;
2948 
2949 	return (NULL);
2950 }
2951 
2952 int
2953 Pupanic(struct ps_prochandle *P, prupanic_t **pru)
2954 {
2955 	core_info_t *core;
2956 
2957 	if (P->state != PS_DEAD) {
2958 		errno = ENODATA;
2959 		return (-1);
2960 	}
2961 
2962 	core = P->data;
2963 	if (core->core_upanic == NULL) {
2964 		errno = ENOENT;
2965 		return (-1);
2966 	}
2967 
2968 	if (core->core_upanic->pru_version != PRUPANIC_VERSION_1) {
2969 		errno = EINVAL;
2970 		return (-1);
2971 	}
2972 
2973 	if ((*pru = calloc(1, sizeof (prupanic_t))) == NULL)
2974 		return (-1);
2975 	(void) memcpy(*pru, core->core_upanic, sizeof (prupanic_t));
2976 
2977 	return (0);
2978 }
2979 
2980 void
2981 Pupanic_free(prupanic_t *pru)
2982 {
2983 	free(pru);
2984 }
2985