xref: /illumos-gate/usr/src/lib/libproc/common/Pcore.c (revision cf397aabe4e38964cfeb03e56ca8b407986c3a10)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 /*
26  * Copyright 2012 DEY Storage Systems, Inc.  All rights reserved.
27  * Copyright (c) 2014, Joyent, Inc. All rights reserved.
28  * Copyright (c) 2013 by Delphix. All rights reserved.
29  * Copyright 2015 Gary Mills
30  */
31 
32 #include <sys/types.h>
33 #include <sys/utsname.h>
34 #include <sys/sysmacros.h>
35 #include <sys/proc.h>
36 
37 #include <alloca.h>
38 #include <rtld_db.h>
39 #include <libgen.h>
40 #include <limits.h>
41 #include <string.h>
42 #include <stdlib.h>
43 #include <unistd.h>
44 #include <errno.h>
45 #include <gelf.h>
46 #include <stddef.h>
47 #include <signal.h>
48 
49 #include "libproc.h"
50 #include "Pcontrol.h"
51 #include "P32ton.h"
52 #include "Putil.h"
53 #ifdef __x86
54 #include "Pcore_linux.h"
55 #endif
56 
57 /*
58  * Pcore.c - Code to initialize a ps_prochandle from a core dump.  We
59  * allocate an additional structure to hold information from the core
60  * file, and attach this to the standard ps_prochandle in place of the
61  * ability to examine /proc/<pid>/ files.
62  */
63 
64 /*
65  * Basic i/o function for reading and writing from the process address space
66  * stored in the core file and associated shared libraries.  We compute the
67  * appropriate fd and offsets, and let the provided prw function do the rest.
68  */
69 static ssize_t
70 core_rw(struct ps_prochandle *P, void *buf, size_t n, uintptr_t addr,
71     ssize_t (*prw)(int, void *, size_t, off64_t))
72 {
73 	ssize_t resid = n;
74 
75 	while (resid != 0) {
76 		map_info_t *mp = Paddr2mptr(P, addr);
77 
78 		uintptr_t mapoff;
79 		ssize_t len;
80 		off64_t off;
81 		int fd;
82 
83 		if (mp == NULL)
84 			break;	/* No mapping for this address */
85 
86 		if (mp->map_pmap.pr_mflags & MA_RESERVED1) {
87 			if (mp->map_file == NULL || mp->map_file->file_fd < 0)
88 				break;	/* No file or file not open */
89 
90 			fd = mp->map_file->file_fd;
91 		} else
92 			fd = P->asfd;
93 
94 		mapoff = addr - mp->map_pmap.pr_vaddr;
95 		len = MIN(resid, mp->map_pmap.pr_size - mapoff);
96 		off = mp->map_offset + mapoff;
97 
98 		if ((len = prw(fd, buf, len, off)) <= 0)
99 			break;
100 
101 		resid -= len;
102 		addr += len;
103 		buf = (char *)buf + len;
104 	}
105 
106 	/*
107 	 * Important: Be consistent with the behavior of i/o on the as file:
108 	 * writing to an invalid address yields EIO; reading from an invalid
109 	 * address falls through to returning success and zero bytes.
110 	 */
111 	if (resid == n && n != 0 && prw != pread64) {
112 		errno = EIO;
113 		return (-1);
114 	}
115 
116 	return (n - resid);
117 }
118 
119 /*ARGSUSED*/
120 static ssize_t
121 Pread_core(struct ps_prochandle *P, void *buf, size_t n, uintptr_t addr,
122     void *data)
123 {
124 	return (core_rw(P, buf, n, addr, pread64));
125 }
126 
127 /*ARGSUSED*/
128 static ssize_t
129 Pwrite_core(struct ps_prochandle *P, const void *buf, size_t n, uintptr_t addr,
130     void *data)
131 {
132 	return (core_rw(P, (void *)buf, n, addr,
133 	    (ssize_t (*)(int, void *, size_t, off64_t)) pwrite64));
134 }
135 
136 /*ARGSUSED*/
137 static int
138 Pcred_core(struct ps_prochandle *P, prcred_t *pcrp, int ngroups, void *data)
139 {
140 	core_info_t *core = data;
141 
142 	if (core->core_cred != NULL) {
143 		/*
144 		 * Avoid returning more supplementary group data than the
145 		 * caller has allocated in their buffer.  We expect them to
146 		 * check pr_ngroups afterward and potentially call us again.
147 		 */
148 		ngroups = MIN(ngroups, core->core_cred->pr_ngroups);
149 
150 		(void) memcpy(pcrp, core->core_cred,
151 		    sizeof (prcred_t) + (ngroups - 1) * sizeof (gid_t));
152 
153 		return (0);
154 	}
155 
156 	errno = ENODATA;
157 	return (-1);
158 }
159 
160 /*ARGSUSED*/
161 static int
162 Ppriv_core(struct ps_prochandle *P, prpriv_t **pprv, void *data)
163 {
164 	core_info_t *core = data;
165 
166 	if (core->core_priv == NULL) {
167 		errno = ENODATA;
168 		return (-1);
169 	}
170 
171 	*pprv = malloc(core->core_priv_size);
172 	if (*pprv == NULL) {
173 		return (-1);
174 	}
175 
176 	(void) memcpy(*pprv, core->core_priv, core->core_priv_size);
177 	return (0);
178 }
179 
180 /*ARGSUSED*/
181 static const psinfo_t *
182 Ppsinfo_core(struct ps_prochandle *P, psinfo_t *psinfo, void *data)
183 {
184 	return (&P->psinfo);
185 }
186 
187 /*ARGSUSED*/
188 static void
189 Pfini_core(struct ps_prochandle *P, void *data)
190 {
191 	core_info_t *core = data;
192 
193 	if (core != NULL) {
194 		extern void __priv_free_info(void *);
195 		lwp_info_t *nlwp, *lwp = list_next(&core->core_lwp_head);
196 		int i;
197 
198 		for (i = 0; i < core->core_nlwp; i++, lwp = nlwp) {
199 			nlwp = list_next(lwp);
200 #ifdef __sparc
201 			if (lwp->lwp_gwins != NULL)
202 				free(lwp->lwp_gwins);
203 			if (lwp->lwp_xregs != NULL)
204 				free(lwp->lwp_xregs);
205 			if (lwp->lwp_asrs != NULL)
206 				free(lwp->lwp_asrs);
207 #endif
208 			free(lwp);
209 		}
210 
211 		if (core->core_platform != NULL)
212 			free(core->core_platform);
213 		if (core->core_uts != NULL)
214 			free(core->core_uts);
215 		if (core->core_cred != NULL)
216 			free(core->core_cred);
217 		if (core->core_priv != NULL)
218 			free(core->core_priv);
219 		if (core->core_privinfo != NULL)
220 			__priv_free_info(core->core_privinfo);
221 		if (core->core_ppii != NULL)
222 			free(core->core_ppii);
223 		if (core->core_zonename != NULL)
224 			free(core->core_zonename);
225 #ifdef __x86
226 		if (core->core_ldt != NULL)
227 			free(core->core_ldt);
228 #endif
229 
230 		free(core);
231 	}
232 }
233 
234 /*ARGSUSED*/
235 static char *
236 Pplatform_core(struct ps_prochandle *P, char *s, size_t n, void *data)
237 {
238 	core_info_t *core = data;
239 
240 	if (core->core_platform == NULL) {
241 		errno = ENODATA;
242 		return (NULL);
243 	}
244 	(void) strncpy(s, core->core_platform, n - 1);
245 	s[n - 1] = '\0';
246 	return (s);
247 }
248 
249 /*ARGSUSED*/
250 static int
251 Puname_core(struct ps_prochandle *P, struct utsname *u, void *data)
252 {
253 	core_info_t *core = data;
254 
255 	if (core->core_uts == NULL) {
256 		errno = ENODATA;
257 		return (-1);
258 	}
259 	(void) memcpy(u, core->core_uts, sizeof (struct utsname));
260 	return (0);
261 }
262 
263 /*ARGSUSED*/
264 static char *
265 Pzonename_core(struct ps_prochandle *P, char *s, size_t n, void *data)
266 {
267 	core_info_t *core = data;
268 
269 	if (core->core_zonename == NULL) {
270 		errno = ENODATA;
271 		return (NULL);
272 	}
273 	(void) strlcpy(s, core->core_zonename, n);
274 	return (s);
275 }
276 
277 #ifdef __x86
278 /*ARGSUSED*/
279 static int
280 Pldt_core(struct ps_prochandle *P, struct ssd *pldt, int nldt, void *data)
281 {
282 	core_info_t *core = data;
283 
284 	if (pldt == NULL || nldt == 0)
285 		return (core->core_nldt);
286 
287 	if (core->core_ldt != NULL) {
288 		nldt = MIN(nldt, core->core_nldt);
289 
290 		(void) memcpy(pldt, core->core_ldt,
291 		    nldt * sizeof (struct ssd));
292 
293 		return (nldt);
294 	}
295 
296 	errno = ENODATA;
297 	return (-1);
298 }
299 #endif
300 
301 static const ps_ops_t P_core_ops = {
302 	.pop_pread	= Pread_core,
303 	.pop_pwrite	= Pwrite_core,
304 	.pop_cred	= Pcred_core,
305 	.pop_priv	= Ppriv_core,
306 	.pop_psinfo	= Ppsinfo_core,
307 	.pop_fini	= Pfini_core,
308 	.pop_platform	= Pplatform_core,
309 	.pop_uname	= Puname_core,
310 	.pop_zonename	= Pzonename_core,
311 #ifdef __x86
312 	.pop_ldt	= Pldt_core
313 #endif
314 };
315 
316 /*
317  * Return the lwp_info_t for the given lwpid.  If no such lwpid has been
318  * encountered yet, allocate a new structure and return a pointer to it.
319  * Create a list of lwp_info_t structures sorted in decreasing lwp_id order.
320  */
321 static lwp_info_t *
322 lwpid2info(struct ps_prochandle *P, lwpid_t id)
323 {
324 	core_info_t *core = P->data;
325 	lwp_info_t *lwp = list_next(&core->core_lwp_head);
326 	lwp_info_t *next;
327 	uint_t i;
328 
329 	for (i = 0; i < core->core_nlwp; i++, lwp = list_next(lwp)) {
330 		if (lwp->lwp_id == id) {
331 			core->core_lwp = lwp;
332 			return (lwp);
333 		}
334 		if (lwp->lwp_id < id) {
335 			break;
336 		}
337 	}
338 
339 	next = lwp;
340 	if ((lwp = calloc(1, sizeof (lwp_info_t))) == NULL)
341 		return (NULL);
342 
343 	list_link(lwp, next);
344 	lwp->lwp_id = id;
345 
346 	core->core_lwp = lwp;
347 	core->core_nlwp++;
348 
349 	return (lwp);
350 }
351 
352 /*
353  * The core file itself contains a series of NOTE segments containing saved
354  * structures from /proc at the time the process died.  For each note we
355  * comprehend, we define a function to read it in from the core file,
356  * convert it to our native data model if necessary, and store it inside
357  * the ps_prochandle.  Each function is invoked by Pfgrab_core() with the
358  * seek pointer on P->asfd positioned appropriately.  We populate a table
359  * of pointers to these note functions below.
360  */
361 
362 static int
363 note_pstatus(struct ps_prochandle *P, size_t nbytes)
364 {
365 #ifdef _LP64
366 	core_info_t *core = P->data;
367 
368 	if (core->core_dmodel == PR_MODEL_ILP32) {
369 		pstatus32_t ps32;
370 
371 		if (nbytes < sizeof (pstatus32_t) ||
372 		    read(P->asfd, &ps32, sizeof (ps32)) != sizeof (ps32))
373 			goto err;
374 
375 		pstatus_32_to_n(&ps32, &P->status);
376 
377 	} else
378 #endif
379 	if (nbytes < sizeof (pstatus_t) ||
380 	    read(P->asfd, &P->status, sizeof (pstatus_t)) != sizeof (pstatus_t))
381 		goto err;
382 
383 	P->orig_status = P->status;
384 	P->pid = P->status.pr_pid;
385 
386 	return (0);
387 
388 err:
389 	dprintf("Pgrab_core: failed to read NT_PSTATUS\n");
390 	return (-1);
391 }
392 
393 static int
394 note_lwpstatus(struct ps_prochandle *P, size_t nbytes)
395 {
396 	lwp_info_t *lwp;
397 	lwpstatus_t lps;
398 
399 #ifdef _LP64
400 	core_info_t *core = P->data;
401 
402 	if (core->core_dmodel == PR_MODEL_ILP32) {
403 		lwpstatus32_t l32;
404 
405 		if (nbytes < sizeof (lwpstatus32_t) ||
406 		    read(P->asfd, &l32, sizeof (l32)) != sizeof (l32))
407 			goto err;
408 
409 		lwpstatus_32_to_n(&l32, &lps);
410 	} else
411 #endif
412 	if (nbytes < sizeof (lwpstatus_t) ||
413 	    read(P->asfd, &lps, sizeof (lps)) != sizeof (lps))
414 		goto err;
415 
416 	if ((lwp = lwpid2info(P, lps.pr_lwpid)) == NULL) {
417 		dprintf("Pgrab_core: failed to add NT_LWPSTATUS\n");
418 		return (-1);
419 	}
420 
421 	/*
422 	 * Erase a useless and confusing artifact of the kernel implementation:
423 	 * the lwps which did *not* create the core will show SIGKILL.  We can
424 	 * be assured this is bogus because SIGKILL can't produce core files.
425 	 */
426 	if (lps.pr_cursig == SIGKILL)
427 		lps.pr_cursig = 0;
428 
429 	(void) memcpy(&lwp->lwp_status, &lps, sizeof (lps));
430 	return (0);
431 
432 err:
433 	dprintf("Pgrab_core: failed to read NT_LWPSTATUS\n");
434 	return (-1);
435 }
436 
437 #ifdef __x86
438 
439 static void
440 lx_prpsinfo32_to_psinfo(lx_prpsinfo32_t *p32, psinfo_t *psinfo)
441 {
442 	psinfo->pr_flag = p32->pr_flag;
443 	psinfo->pr_pid = p32->pr_pid;
444 	psinfo->pr_ppid = p32->pr_ppid;
445 	psinfo->pr_uid = p32->pr_uid;
446 	psinfo->pr_gid = p32->pr_gid;
447 	psinfo->pr_sid = p32->pr_sid;
448 	psinfo->pr_pgid = p32->pr_pgrp;
449 
450 	(void) memcpy(psinfo->pr_fname, p32->pr_fname,
451 	    sizeof (psinfo->pr_fname));
452 	(void) memcpy(psinfo->pr_psargs, p32->pr_psargs,
453 	    sizeof (psinfo->pr_psargs));
454 }
455 
456 static void
457 lx_prpsinfo64_to_psinfo(lx_prpsinfo64_t *p64, psinfo_t *psinfo)
458 {
459 	psinfo->pr_flag = p64->pr_flag;
460 	psinfo->pr_pid = p64->pr_pid;
461 	psinfo->pr_ppid = p64->pr_ppid;
462 	psinfo->pr_uid = p64->pr_uid;
463 	psinfo->pr_gid = p64->pr_gid;
464 	psinfo->pr_sid = p64->pr_sid;
465 	psinfo->pr_pgid = p64->pr_pgrp;
466 	psinfo->pr_pgid = p64->pr_pgrp;
467 
468 	(void) memcpy(psinfo->pr_fname, p64->pr_fname,
469 	    sizeof (psinfo->pr_fname));
470 	(void) memcpy(psinfo->pr_psargs, p64->pr_psargs,
471 	    sizeof (psinfo->pr_psargs));
472 }
473 
474 static int
475 note_linux_psinfo(struct ps_prochandle *P, size_t nbytes)
476 {
477 	core_info_t *core = P->data;
478 	lx_prpsinfo32_t p32;
479 	lx_prpsinfo64_t p64;
480 
481 	if (core->core_dmodel == PR_MODEL_ILP32) {
482 		if (nbytes < sizeof (p32) ||
483 		    read(P->asfd, &p32, sizeof (p32)) != sizeof (p32))
484 			goto err;
485 
486 		lx_prpsinfo32_to_psinfo(&p32, &P->psinfo);
487 	} else {
488 		if (nbytes < sizeof (p64) ||
489 		    read(P->asfd, &p64, sizeof (p64)) != sizeof (p64))
490 			goto err;
491 
492 		lx_prpsinfo64_to_psinfo(&p64, &P->psinfo);
493 	}
494 
495 
496 	P->status.pr_pid = P->psinfo.pr_pid;
497 	P->status.pr_ppid = P->psinfo.pr_ppid;
498 	P->status.pr_pgid = P->psinfo.pr_pgid;
499 	P->status.pr_sid = P->psinfo.pr_sid;
500 
501 	P->psinfo.pr_nlwp = 0;
502 	P->status.pr_nlwp = 0;
503 
504 	return (0);
505 err:
506 	dprintf("Pgrab_core: failed to read NT_PSINFO\n");
507 	return (-1);
508 }
509 
510 static void
511 lx_prstatus64_to_lwp(lx_prstatus64_t *prs64, lwp_info_t *lwp)
512 {
513 	LTIME_TO_TIMESPEC(lwp->lwp_status.pr_utime, prs64->pr_utime);
514 	LTIME_TO_TIMESPEC(lwp->lwp_status.pr_stime, prs64->pr_stime);
515 
516 	lwp->lwp_status.pr_reg[REG_R15] = prs64->pr_reg.lxr_r15;
517 	lwp->lwp_status.pr_reg[REG_R14] = prs64->pr_reg.lxr_r14;
518 	lwp->lwp_status.pr_reg[REG_R13] = prs64->pr_reg.lxr_r13;
519 	lwp->lwp_status.pr_reg[REG_R12] = prs64->pr_reg.lxr_r12;
520 	lwp->lwp_status.pr_reg[REG_R11] = prs64->pr_reg.lxr_r11;
521 	lwp->lwp_status.pr_reg[REG_R10] = prs64->pr_reg.lxr_r10;
522 	lwp->lwp_status.pr_reg[REG_R9] = prs64->pr_reg.lxr_r9;
523 	lwp->lwp_status.pr_reg[REG_R8] = prs64->pr_reg.lxr_r8;
524 
525 	lwp->lwp_status.pr_reg[REG_RDI] = prs64->pr_reg.lxr_rdi;
526 	lwp->lwp_status.pr_reg[REG_RSI] = prs64->pr_reg.lxr_rsi;
527 	lwp->lwp_status.pr_reg[REG_RBP] = prs64->pr_reg.lxr_rbp;
528 	lwp->lwp_status.pr_reg[REG_RBX] = prs64->pr_reg.lxr_rbx;
529 	lwp->lwp_status.pr_reg[REG_RDX] = prs64->pr_reg.lxr_rdx;
530 	lwp->lwp_status.pr_reg[REG_RCX] = prs64->pr_reg.lxr_rcx;
531 	lwp->lwp_status.pr_reg[REG_RAX] = prs64->pr_reg.lxr_rax;
532 
533 	lwp->lwp_status.pr_reg[REG_RIP] = prs64->pr_reg.lxr_rip;
534 	lwp->lwp_status.pr_reg[REG_CS] = prs64->pr_reg.lxr_cs;
535 	lwp->lwp_status.pr_reg[REG_RSP] = prs64->pr_reg.lxr_rsp;
536 	lwp->lwp_status.pr_reg[REG_FS] = prs64->pr_reg.lxr_fs;
537 	lwp->lwp_status.pr_reg[REG_SS] = prs64->pr_reg.lxr_ss;
538 	lwp->lwp_status.pr_reg[REG_GS] = prs64->pr_reg.lxr_gs;
539 	lwp->lwp_status.pr_reg[REG_ES] = prs64->pr_reg.lxr_es;
540 	lwp->lwp_status.pr_reg[REG_DS] = prs64->pr_reg.lxr_ds;
541 
542 	lwp->lwp_status.pr_reg[REG_GSBASE] = prs64->pr_reg.lxr_gs_base;
543 	lwp->lwp_status.pr_reg[REG_FSBASE] = prs64->pr_reg.lxr_fs_base;
544 }
545 
546 static void
547 lx_prstatus32_to_lwp(lx_prstatus32_t *prs32, lwp_info_t *lwp)
548 {
549 	LTIME_TO_TIMESPEC(lwp->lwp_status.pr_utime, prs32->pr_utime);
550 	LTIME_TO_TIMESPEC(lwp->lwp_status.pr_stime, prs32->pr_stime);
551 
552 #ifdef __amd64
553 	lwp->lwp_status.pr_reg[REG_GS] = prs32->pr_reg.lxr_gs;
554 	lwp->lwp_status.pr_reg[REG_FS] = prs32->pr_reg.lxr_fs;
555 	lwp->lwp_status.pr_reg[REG_DS] = prs32->pr_reg.lxr_ds;
556 	lwp->lwp_status.pr_reg[REG_ES] = prs32->pr_reg.lxr_es;
557 	lwp->lwp_status.pr_reg[REG_RDI] = prs32->pr_reg.lxr_di;
558 	lwp->lwp_status.pr_reg[REG_RSI] = prs32->pr_reg.lxr_si;
559 	lwp->lwp_status.pr_reg[REG_RBP] = prs32->pr_reg.lxr_bp;
560 	lwp->lwp_status.pr_reg[REG_RBX] = prs32->pr_reg.lxr_bx;
561 	lwp->lwp_status.pr_reg[REG_RDX] = prs32->pr_reg.lxr_dx;
562 	lwp->lwp_status.pr_reg[REG_RCX] = prs32->pr_reg.lxr_cx;
563 	lwp->lwp_status.pr_reg[REG_RAX] = prs32->pr_reg.lxr_ax;
564 	lwp->lwp_status.pr_reg[REG_RIP] = prs32->pr_reg.lxr_ip;
565 	lwp->lwp_status.pr_reg[REG_CS] = prs32->pr_reg.lxr_cs;
566 	lwp->lwp_status.pr_reg[REG_RFL] = prs32->pr_reg.lxr_flags;
567 	lwp->lwp_status.pr_reg[REG_RSP] = prs32->pr_reg.lxr_sp;
568 	lwp->lwp_status.pr_reg[REG_SS] = prs32->pr_reg.lxr_ss;
569 #else /* __amd64 */
570 	lwp->lwp_status.pr_reg[EBX] = prs32->pr_reg.lxr_bx;
571 	lwp->lwp_status.pr_reg[ECX] = prs32->pr_reg.lxr_cx;
572 	lwp->lwp_status.pr_reg[EDX] = prs32->pr_reg.lxr_dx;
573 	lwp->lwp_status.pr_reg[ESI] = prs32->pr_reg.lxr_si;
574 	lwp->lwp_status.pr_reg[EDI] = prs32->pr_reg.lxr_di;
575 	lwp->lwp_status.pr_reg[EBP] = prs32->pr_reg.lxr_bp;
576 	lwp->lwp_status.pr_reg[EAX] = prs32->pr_reg.lxr_ax;
577 	lwp->lwp_status.pr_reg[EIP] = prs32->pr_reg.lxr_ip;
578 	lwp->lwp_status.pr_reg[UESP] = prs32->pr_reg.lxr_sp;
579 
580 	lwp->lwp_status.pr_reg[DS] = prs32->pr_reg.lxr_ds;
581 	lwp->lwp_status.pr_reg[ES] = prs32->pr_reg.lxr_es;
582 	lwp->lwp_status.pr_reg[FS] = prs32->pr_reg.lxr_fs;
583 	lwp->lwp_status.pr_reg[GS] = prs32->pr_reg.lxr_gs;
584 	lwp->lwp_status.pr_reg[CS] = prs32->pr_reg.lxr_cs;
585 	lwp->lwp_status.pr_reg[SS] = prs32->pr_reg.lxr_ss;
586 
587 	lwp->lwp_status.pr_reg[EFL] = prs32->pr_reg.lxr_flags;
588 #endif	/* !__amd64 */
589 }
590 
591 static int
592 note_linux_prstatus(struct ps_prochandle *P, size_t nbytes)
593 {
594 	core_info_t *core = P->data;
595 
596 	lx_prstatus64_t prs64;
597 	lx_prstatus32_t prs32;
598 	lwp_info_t *lwp;
599 	lwpid_t tid;
600 
601 	dprintf("looking for model %d, %ld/%ld\n", core->core_dmodel,
602 	    (ulong_t)nbytes, (ulong_t)sizeof (prs32));
603 	if (core->core_dmodel == PR_MODEL_ILP32) {
604 		if (nbytes < sizeof (prs32) ||
605 		    read(P->asfd, &prs32, sizeof (prs32)) != nbytes)
606 			goto err;
607 		tid = prs32.pr_pid;
608 	} else {
609 		if (nbytes < sizeof (prs64) ||
610 		    read(P->asfd, &prs64, sizeof (prs64)) != nbytes)
611 			goto err;
612 		tid = prs64.pr_pid;
613 	}
614 
615 	if ((lwp = lwpid2info(P, tid)) == NULL) {
616 		dprintf("Pgrab_core: failed to add lwpid2info "
617 		    "linux_prstatus\n");
618 		return (-1);
619 	}
620 
621 	P->psinfo.pr_nlwp++;
622 	P->status.pr_nlwp++;
623 
624 	lwp->lwp_status.pr_lwpid = tid;
625 
626 	if (core->core_dmodel == PR_MODEL_ILP32)
627 		lx_prstatus32_to_lwp(&prs32, lwp);
628 	else
629 		lx_prstatus64_to_lwp(&prs64, lwp);
630 
631 	return (0);
632 err:
633 	dprintf("Pgrab_core: failed to read NT_PRSTATUS\n");
634 	return (-1);
635 }
636 
637 #endif /* __x86 */
638 
639 static int
640 note_psinfo(struct ps_prochandle *P, size_t nbytes)
641 {
642 #ifdef _LP64
643 	core_info_t *core = P->data;
644 
645 	if (core->core_dmodel == PR_MODEL_ILP32) {
646 		psinfo32_t ps32;
647 
648 		if (nbytes < sizeof (psinfo32_t) ||
649 		    read(P->asfd, &ps32, sizeof (ps32)) != sizeof (ps32))
650 			goto err;
651 
652 		psinfo_32_to_n(&ps32, &P->psinfo);
653 	} else
654 #endif
655 	if (nbytes < sizeof (psinfo_t) ||
656 	    read(P->asfd, &P->psinfo, sizeof (psinfo_t)) != sizeof (psinfo_t))
657 		goto err;
658 
659 	dprintf("pr_fname = <%s>\n", P->psinfo.pr_fname);
660 	dprintf("pr_psargs = <%s>\n", P->psinfo.pr_psargs);
661 	dprintf("pr_wstat = 0x%x\n", P->psinfo.pr_wstat);
662 
663 	return (0);
664 
665 err:
666 	dprintf("Pgrab_core: failed to read NT_PSINFO\n");
667 	return (-1);
668 }
669 
670 static int
671 note_lwpsinfo(struct ps_prochandle *P, size_t nbytes)
672 {
673 	lwp_info_t *lwp;
674 	lwpsinfo_t lps;
675 
676 #ifdef _LP64
677 	core_info_t *core = P->data;
678 
679 	if (core->core_dmodel == PR_MODEL_ILP32) {
680 		lwpsinfo32_t l32;
681 
682 		if (nbytes < sizeof (lwpsinfo32_t) ||
683 		    read(P->asfd, &l32, sizeof (l32)) != sizeof (l32))
684 			goto err;
685 
686 		lwpsinfo_32_to_n(&l32, &lps);
687 	} else
688 #endif
689 	if (nbytes < sizeof (lwpsinfo_t) ||
690 	    read(P->asfd, &lps, sizeof (lps)) != sizeof (lps))
691 		goto err;
692 
693 	if ((lwp = lwpid2info(P, lps.pr_lwpid)) == NULL) {
694 		dprintf("Pgrab_core: failed to add NT_LWPSINFO\n");
695 		return (-1);
696 	}
697 
698 	(void) memcpy(&lwp->lwp_psinfo, &lps, sizeof (lps));
699 	return (0);
700 
701 err:
702 	dprintf("Pgrab_core: failed to read NT_LWPSINFO\n");
703 	return (-1);
704 }
705 
706 static int
707 note_fdinfo(struct ps_prochandle *P, size_t nbytes)
708 {
709 	prfdinfo_t prfd;
710 	fd_info_t *fip;
711 
712 	if ((nbytes < sizeof (prfd)) ||
713 	    (read(P->asfd, &prfd, sizeof (prfd)) != sizeof (prfd))) {
714 		dprintf("Pgrab_core: failed to read NT_FDINFO\n");
715 		return (-1);
716 	}
717 
718 	if ((fip = Pfd2info(P, prfd.pr_fd)) == NULL) {
719 		dprintf("Pgrab_core: failed to add NT_FDINFO\n");
720 		return (-1);
721 	}
722 	(void) memcpy(&fip->fd_info, &prfd, sizeof (prfd));
723 	return (0);
724 }
725 
726 static int
727 note_platform(struct ps_prochandle *P, size_t nbytes)
728 {
729 	core_info_t *core = P->data;
730 	char *plat;
731 
732 	if (core->core_platform != NULL)
733 		return (0);	/* Already seen */
734 
735 	if (nbytes != 0 && ((plat = malloc(nbytes + 1)) != NULL)) {
736 		if (read(P->asfd, plat, nbytes) != nbytes) {
737 			dprintf("Pgrab_core: failed to read NT_PLATFORM\n");
738 			free(plat);
739 			return (-1);
740 		}
741 		plat[nbytes - 1] = '\0';
742 		core->core_platform = plat;
743 	}
744 
745 	return (0);
746 }
747 
748 static int
749 note_utsname(struct ps_prochandle *P, size_t nbytes)
750 {
751 	core_info_t *core = P->data;
752 	size_t ubytes = sizeof (struct utsname);
753 	struct utsname *utsp;
754 
755 	if (core->core_uts != NULL || nbytes < ubytes)
756 		return (0);	/* Already seen or bad size */
757 
758 	if ((utsp = malloc(ubytes)) == NULL)
759 		return (-1);
760 
761 	if (read(P->asfd, utsp, ubytes) != ubytes) {
762 		dprintf("Pgrab_core: failed to read NT_UTSNAME\n");
763 		free(utsp);
764 		return (-1);
765 	}
766 
767 	if (_libproc_debug) {
768 		dprintf("uts.sysname = \"%s\"\n", utsp->sysname);
769 		dprintf("uts.nodename = \"%s\"\n", utsp->nodename);
770 		dprintf("uts.release = \"%s\"\n", utsp->release);
771 		dprintf("uts.version = \"%s\"\n", utsp->version);
772 		dprintf("uts.machine = \"%s\"\n", utsp->machine);
773 	}
774 
775 	core->core_uts = utsp;
776 	return (0);
777 }
778 
779 static int
780 note_content(struct ps_prochandle *P, size_t nbytes)
781 {
782 	core_info_t *core = P->data;
783 	core_content_t content;
784 
785 	if (sizeof (core->core_content) != nbytes)
786 		return (-1);
787 
788 	if (read(P->asfd, &content, sizeof (content)) != sizeof (content))
789 		return (-1);
790 
791 	core->core_content = content;
792 
793 	dprintf("core content = %llx\n", content);
794 
795 	return (0);
796 }
797 
798 static int
799 note_cred(struct ps_prochandle *P, size_t nbytes)
800 {
801 	core_info_t *core = P->data;
802 	prcred_t *pcrp;
803 	int ngroups;
804 	const size_t min_size = sizeof (prcred_t) - sizeof (gid_t);
805 
806 	/*
807 	 * We allow for prcred_t notes that are actually smaller than a
808 	 * prcred_t since the last member isn't essential if there are
809 	 * no group memberships. This allows for more flexibility when it
810 	 * comes to slightly malformed -- but still valid -- notes.
811 	 */
812 	if (core->core_cred != NULL || nbytes < min_size)
813 		return (0);	/* Already seen or bad size */
814 
815 	ngroups = (nbytes - min_size) / sizeof (gid_t);
816 	nbytes = sizeof (prcred_t) + (ngroups - 1) * sizeof (gid_t);
817 
818 	if ((pcrp = malloc(nbytes)) == NULL)
819 		return (-1);
820 
821 	if (read(P->asfd, pcrp, nbytes) != nbytes) {
822 		dprintf("Pgrab_core: failed to read NT_PRCRED\n");
823 		free(pcrp);
824 		return (-1);
825 	}
826 
827 	if (pcrp->pr_ngroups > ngroups) {
828 		dprintf("pr_ngroups = %d; resetting to %d based on note size\n",
829 		    pcrp->pr_ngroups, ngroups);
830 		pcrp->pr_ngroups = ngroups;
831 	}
832 
833 	core->core_cred = pcrp;
834 	return (0);
835 }
836 
837 #ifdef __x86
838 static int
839 note_ldt(struct ps_prochandle *P, size_t nbytes)
840 {
841 	core_info_t *core = P->data;
842 	struct ssd *pldt;
843 	uint_t nldt;
844 
845 	if (core->core_ldt != NULL || nbytes < sizeof (struct ssd))
846 		return (0);	/* Already seen or bad size */
847 
848 	nldt = nbytes / sizeof (struct ssd);
849 	nbytes = nldt * sizeof (struct ssd);
850 
851 	if ((pldt = malloc(nbytes)) == NULL)
852 		return (-1);
853 
854 	if (read(P->asfd, pldt, nbytes) != nbytes) {
855 		dprintf("Pgrab_core: failed to read NT_LDT\n");
856 		free(pldt);
857 		return (-1);
858 	}
859 
860 	core->core_ldt = pldt;
861 	core->core_nldt = nldt;
862 	return (0);
863 }
864 #endif	/* __i386 */
865 
866 static int
867 note_priv(struct ps_prochandle *P, size_t nbytes)
868 {
869 	core_info_t *core = P->data;
870 	prpriv_t *pprvp;
871 
872 	if (core->core_priv != NULL || nbytes < sizeof (prpriv_t))
873 		return (0);	/* Already seen or bad size */
874 
875 	if ((pprvp = malloc(nbytes)) == NULL)
876 		return (-1);
877 
878 	if (read(P->asfd, pprvp, nbytes) != nbytes) {
879 		dprintf("Pgrab_core: failed to read NT_PRPRIV\n");
880 		free(pprvp);
881 		return (-1);
882 	}
883 
884 	core->core_priv = pprvp;
885 	core->core_priv_size = nbytes;
886 	return (0);
887 }
888 
889 static int
890 note_priv_info(struct ps_prochandle *P, size_t nbytes)
891 {
892 	core_info_t *core = P->data;
893 	extern void *__priv_parse_info();
894 	priv_impl_info_t *ppii;
895 
896 	if (core->core_privinfo != NULL ||
897 	    nbytes < sizeof (priv_impl_info_t))
898 		return (0);	/* Already seen or bad size */
899 
900 	if ((ppii = malloc(nbytes)) == NULL)
901 		return (-1);
902 
903 	if (read(P->asfd, ppii, nbytes) != nbytes ||
904 	    PRIV_IMPL_INFO_SIZE(ppii) != nbytes) {
905 		dprintf("Pgrab_core: failed to read NT_PRPRIVINFO\n");
906 		free(ppii);
907 		return (-1);
908 	}
909 
910 	core->core_privinfo = __priv_parse_info(ppii);
911 	core->core_ppii = ppii;
912 	return (0);
913 }
914 
915 static int
916 note_zonename(struct ps_prochandle *P, size_t nbytes)
917 {
918 	core_info_t *core = P->data;
919 	char *zonename;
920 
921 	if (core->core_zonename != NULL)
922 		return (0);	/* Already seen */
923 
924 	if (nbytes != 0) {
925 		if ((zonename = malloc(nbytes)) == NULL)
926 			return (-1);
927 		if (read(P->asfd, zonename, nbytes) != nbytes) {
928 			dprintf("Pgrab_core: failed to read NT_ZONENAME\n");
929 			free(zonename);
930 			return (-1);
931 		}
932 		zonename[nbytes - 1] = '\0';
933 		core->core_zonename = zonename;
934 	}
935 
936 	return (0);
937 }
938 
939 static int
940 note_auxv(struct ps_prochandle *P, size_t nbytes)
941 {
942 	size_t n, i;
943 
944 #ifdef _LP64
945 	core_info_t *core = P->data;
946 
947 	if (core->core_dmodel == PR_MODEL_ILP32) {
948 		auxv32_t *a32;
949 
950 		n = nbytes / sizeof (auxv32_t);
951 		nbytes = n * sizeof (auxv32_t);
952 		a32 = alloca(nbytes);
953 
954 		if (read(P->asfd, a32, nbytes) != nbytes) {
955 			dprintf("Pgrab_core: failed to read NT_AUXV\n");
956 			return (-1);
957 		}
958 
959 		if ((P->auxv = malloc(sizeof (auxv_t) * (n + 1))) == NULL)
960 			return (-1);
961 
962 		for (i = 0; i < n; i++)
963 			auxv_32_to_n(&a32[i], &P->auxv[i]);
964 
965 	} else {
966 #endif
967 		n = nbytes / sizeof (auxv_t);
968 		nbytes = n * sizeof (auxv_t);
969 
970 		if ((P->auxv = malloc(nbytes + sizeof (auxv_t))) == NULL)
971 			return (-1);
972 
973 		if (read(P->asfd, P->auxv, nbytes) != nbytes) {
974 			free(P->auxv);
975 			P->auxv = NULL;
976 			return (-1);
977 		}
978 #ifdef _LP64
979 	}
980 #endif
981 
982 	if (_libproc_debug) {
983 		for (i = 0; i < n; i++) {
984 			dprintf("P->auxv[%lu] = ( %d, 0x%lx )\n", (ulong_t)i,
985 			    P->auxv[i].a_type, P->auxv[i].a_un.a_val);
986 		}
987 	}
988 
989 	/*
990 	 * Defensive coding for loops which depend upon the auxv array being
991 	 * terminated by an AT_NULL element; in each case, we've allocated
992 	 * P->auxv to have an additional element which we force to be AT_NULL.
993 	 */
994 	P->auxv[n].a_type = AT_NULL;
995 	P->auxv[n].a_un.a_val = 0L;
996 	P->nauxv = (int)n;
997 
998 	return (0);
999 }
1000 
1001 #ifdef __sparc
1002 static int
1003 note_xreg(struct ps_prochandle *P, size_t nbytes)
1004 {
1005 	core_info_t *core = P->data;
1006 	lwp_info_t *lwp = core->core_lwp;
1007 	size_t xbytes = sizeof (prxregset_t);
1008 	prxregset_t *xregs;
1009 
1010 	if (lwp == NULL || lwp->lwp_xregs != NULL || nbytes < xbytes)
1011 		return (0);	/* No lwp yet, already seen, or bad size */
1012 
1013 	if ((xregs = malloc(xbytes)) == NULL)
1014 		return (-1);
1015 
1016 	if (read(P->asfd, xregs, xbytes) != xbytes) {
1017 		dprintf("Pgrab_core: failed to read NT_PRXREG\n");
1018 		free(xregs);
1019 		return (-1);
1020 	}
1021 
1022 	lwp->lwp_xregs = xregs;
1023 	return (0);
1024 }
1025 
1026 static int
1027 note_gwindows(struct ps_prochandle *P, size_t nbytes)
1028 {
1029 	core_info_t *core = P->data;
1030 	lwp_info_t *lwp = core->core_lwp;
1031 
1032 	if (lwp == NULL || lwp->lwp_gwins != NULL || nbytes == 0)
1033 		return (0);	/* No lwp yet or already seen or no data */
1034 
1035 	if ((lwp->lwp_gwins = malloc(sizeof (gwindows_t))) == NULL)
1036 		return (-1);
1037 
1038 	/*
1039 	 * Since the amount of gwindows data varies with how many windows were
1040 	 * actually saved, we just read up to the minimum of the note size
1041 	 * and the size of the gwindows_t type.  It doesn't matter if the read
1042 	 * fails since we have to zero out gwindows first anyway.
1043 	 */
1044 #ifdef _LP64
1045 	if (core->core_dmodel == PR_MODEL_ILP32) {
1046 		gwindows32_t g32;
1047 
1048 		(void) memset(&g32, 0, sizeof (g32));
1049 		(void) read(P->asfd, &g32, MIN(nbytes, sizeof (g32)));
1050 		gwindows_32_to_n(&g32, lwp->lwp_gwins);
1051 
1052 	} else {
1053 #endif
1054 		(void) memset(lwp->lwp_gwins, 0, sizeof (gwindows_t));
1055 		(void) read(P->asfd, lwp->lwp_gwins,
1056 		    MIN(nbytes, sizeof (gwindows_t)));
1057 #ifdef _LP64
1058 	}
1059 #endif
1060 	return (0);
1061 }
1062 
1063 #ifdef __sparcv9
1064 static int
1065 note_asrs(struct ps_prochandle *P, size_t nbytes)
1066 {
1067 	core_info_t *core = P->data;
1068 	lwp_info_t *lwp = core->core_lwp;
1069 	int64_t *asrs;
1070 
1071 	if (lwp == NULL || lwp->lwp_asrs != NULL || nbytes < sizeof (asrset_t))
1072 		return (0);	/* No lwp yet, already seen, or bad size */
1073 
1074 	if ((asrs = malloc(sizeof (asrset_t))) == NULL)
1075 		return (-1);
1076 
1077 	if (read(P->asfd, asrs, sizeof (asrset_t)) != sizeof (asrset_t)) {
1078 		dprintf("Pgrab_core: failed to read NT_ASRS\n");
1079 		free(asrs);
1080 		return (-1);
1081 	}
1082 
1083 	lwp->lwp_asrs = asrs;
1084 	return (0);
1085 }
1086 #endif	/* __sparcv9 */
1087 #endif	/* __sparc */
1088 
1089 static int
1090 note_spymaster(struct ps_prochandle *P, size_t nbytes)
1091 {
1092 #ifdef _LP64
1093 	core_info_t *core = P->data;
1094 
1095 	if (core->core_dmodel == PR_MODEL_ILP32) {
1096 		psinfo32_t ps32;
1097 
1098 		if (nbytes < sizeof (psinfo32_t) ||
1099 		    read(P->asfd, &ps32, sizeof (ps32)) != sizeof (ps32))
1100 			goto err;
1101 
1102 		psinfo_32_to_n(&ps32, &P->spymaster);
1103 	} else
1104 #endif
1105 	if (nbytes < sizeof (psinfo_t) || read(P->asfd,
1106 	    &P->spymaster, sizeof (psinfo_t)) != sizeof (psinfo_t))
1107 		goto err;
1108 
1109 	dprintf("spymaster pr_fname = <%s>\n", P->psinfo.pr_fname);
1110 	dprintf("spymaster pr_psargs = <%s>\n", P->psinfo.pr_psargs);
1111 	dprintf("spymaster pr_wstat = 0x%x\n", P->psinfo.pr_wstat);
1112 
1113 	return (0);
1114 
1115 err:
1116 	dprintf("Pgrab_core: failed to read NT_SPYMASTER\n");
1117 	return (-1);
1118 }
1119 
1120 /*ARGSUSED*/
1121 static int
1122 note_notsup(struct ps_prochandle *P, size_t nbytes)
1123 {
1124 	dprintf("skipping unsupported note type of size %ld bytes\n",
1125 	    (ulong_t)nbytes);
1126 	return (0);
1127 }
1128 
1129 /*
1130  * Populate a table of function pointers indexed by Note type with our
1131  * functions to process each type of core file note:
1132  */
1133 static int (*nhdlrs[])(struct ps_prochandle *, size_t) = {
1134 	note_notsup,		/*  0	unassigned		*/
1135 #ifdef __x86
1136 	note_linux_prstatus,		/*  1	NT_PRSTATUS (old)	*/
1137 #else
1138 	note_notsup,		/*  1	NT_PRSTATUS (old)	*/
1139 #endif
1140 	note_notsup,		/*  2	NT_PRFPREG (old)	*/
1141 #ifdef __x86
1142 	note_linux_psinfo,		/*  3	NT_PRPSINFO (old)	*/
1143 #else
1144 	note_notsup,		/*  3	NT_PRPSINFO (old)	*/
1145 #endif
1146 #ifdef __sparc
1147 	note_xreg,		/*  4	NT_PRXREG		*/
1148 #else
1149 	note_notsup,		/*  4	NT_PRXREG		*/
1150 #endif
1151 	note_platform,		/*  5	NT_PLATFORM		*/
1152 	note_auxv,		/*  6	NT_AUXV			*/
1153 #ifdef __sparc
1154 	note_gwindows,		/*  7	NT_GWINDOWS		*/
1155 #ifdef __sparcv9
1156 	note_asrs,		/*  8	NT_ASRS			*/
1157 #else
1158 	note_notsup,		/*  8	NT_ASRS			*/
1159 #endif
1160 #else
1161 	note_notsup,		/*  7	NT_GWINDOWS		*/
1162 	note_notsup,		/*  8	NT_ASRS			*/
1163 #endif
1164 #ifdef __x86
1165 	note_ldt,		/*  9	NT_LDT			*/
1166 #else
1167 	note_notsup,		/*  9	NT_LDT			*/
1168 #endif
1169 	note_pstatus,		/* 10	NT_PSTATUS		*/
1170 	note_notsup,		/* 11	unassigned		*/
1171 	note_notsup,		/* 12	unassigned		*/
1172 	note_psinfo,		/* 13	NT_PSINFO		*/
1173 	note_cred,		/* 14	NT_PRCRED		*/
1174 	note_utsname,		/* 15	NT_UTSNAME		*/
1175 	note_lwpstatus,		/* 16	NT_LWPSTATUS		*/
1176 	note_lwpsinfo,		/* 17	NT_LWPSINFO		*/
1177 	note_priv,		/* 18	NT_PRPRIV		*/
1178 	note_priv_info,		/* 19	NT_PRPRIVINFO		*/
1179 	note_content,		/* 20	NT_CONTENT		*/
1180 	note_zonename,		/* 21	NT_ZONENAME		*/
1181 	note_fdinfo,		/* 22	NT_FDINFO		*/
1182 	note_spymaster,		/* 23	NT_SPYMASTER		*/
1183 };
1184 
1185 static void
1186 core_report_mapping(struct ps_prochandle *P, GElf_Phdr *php)
1187 {
1188 	prkillinfo_t killinfo;
1189 	siginfo_t *si = &killinfo.prk_info;
1190 	char signame[SIG2STR_MAX], sig[64], info[64];
1191 	void *addr = (void *)(uintptr_t)php->p_vaddr;
1192 
1193 	const char *errfmt = "core file data for mapping at %p not saved: %s\n";
1194 	const char *incfmt = "core file incomplete due to %s%s\n";
1195 	const char *msgfmt = "mappings at and above %p are missing\n";
1196 
1197 	if (!(php->p_flags & PF_SUNW_KILLED)) {
1198 		int err = 0;
1199 
1200 		(void) pread64(P->asfd, &err,
1201 		    sizeof (err), (off64_t)php->p_offset);
1202 
1203 		Perror_printf(P, errfmt, addr, strerror(err));
1204 		dprintf(errfmt, addr, strerror(err));
1205 		return;
1206 	}
1207 
1208 	if (!(php->p_flags & PF_SUNW_SIGINFO))
1209 		return;
1210 
1211 	(void) memset(&killinfo, 0, sizeof (killinfo));
1212 
1213 	(void) pread64(P->asfd, &killinfo,
1214 	    sizeof (killinfo), (off64_t)php->p_offset);
1215 
1216 	/*
1217 	 * While there is (or at least should be) only one segment that has
1218 	 * PF_SUNW_SIGINFO set, the signal information there is globally
1219 	 * useful (even if only to those debugging libproc consumers); we hang
1220 	 * the signal information gleaned here off of the ps_prochandle.
1221 	 */
1222 	P->map_missing = php->p_vaddr;
1223 	P->killinfo = killinfo.prk_info;
1224 
1225 	if (sig2str(si->si_signo, signame) == -1) {
1226 		(void) snprintf(sig, sizeof (sig),
1227 		    "<Unknown signal: 0x%x>, ", si->si_signo);
1228 	} else {
1229 		(void) snprintf(sig, sizeof (sig), "SIG%s, ", signame);
1230 	}
1231 
1232 	if (si->si_code == SI_USER || si->si_code == SI_QUEUE) {
1233 		(void) snprintf(info, sizeof (info),
1234 		    "pid=%d uid=%d zone=%d ctid=%d",
1235 		    si->si_pid, si->si_uid, si->si_zoneid, si->si_ctid);
1236 	} else {
1237 		(void) snprintf(info, sizeof (info),
1238 		    "code=%d", si->si_code);
1239 	}
1240 
1241 	Perror_printf(P, incfmt, sig, info);
1242 	Perror_printf(P, msgfmt, addr);
1243 
1244 	dprintf(incfmt, sig, info);
1245 	dprintf(msgfmt, addr);
1246 }
1247 
1248 /*
1249  * Add information on the address space mapping described by the given
1250  * PT_LOAD program header.  We fill in more information on the mapping later.
1251  */
1252 static int
1253 core_add_mapping(struct ps_prochandle *P, GElf_Phdr *php)
1254 {
1255 	core_info_t *core = P->data;
1256 	prmap_t pmap;
1257 
1258 	dprintf("mapping base %llx filesz %llx memsz %llx offset %llx\n",
1259 	    (u_longlong_t)php->p_vaddr, (u_longlong_t)php->p_filesz,
1260 	    (u_longlong_t)php->p_memsz, (u_longlong_t)php->p_offset);
1261 
1262 	pmap.pr_vaddr = (uintptr_t)php->p_vaddr;
1263 	pmap.pr_size = php->p_memsz;
1264 
1265 	/*
1266 	 * If Pgcore() or elfcore() fail to write a mapping, they will set
1267 	 * PF_SUNW_FAILURE in the Phdr and try to stash away the errno for us.
1268 	 */
1269 	if (php->p_flags & PF_SUNW_FAILURE) {
1270 		core_report_mapping(P, php);
1271 	} else if (php->p_filesz != 0 && php->p_offset >= core->core_size) {
1272 		Perror_printf(P, "core file may be corrupt -- data for mapping "
1273 		    "at %p is missing\n", (void *)(uintptr_t)php->p_vaddr);
1274 		dprintf("core file may be corrupt -- data for mapping "
1275 		    "at %p is missing\n", (void *)(uintptr_t)php->p_vaddr);
1276 	}
1277 
1278 	/*
1279 	 * The mapping name and offset will hopefully be filled in
1280 	 * by the librtld_db agent.  Unfortunately, if it isn't a
1281 	 * shared library mapping, this information is gone forever.
1282 	 */
1283 	pmap.pr_mapname[0] = '\0';
1284 	pmap.pr_offset = 0;
1285 
1286 	pmap.pr_mflags = 0;
1287 	if (php->p_flags & PF_R)
1288 		pmap.pr_mflags |= MA_READ;
1289 	if (php->p_flags & PF_W)
1290 		pmap.pr_mflags |= MA_WRITE;
1291 	if (php->p_flags & PF_X)
1292 		pmap.pr_mflags |= MA_EXEC;
1293 
1294 	if (php->p_filesz == 0)
1295 		pmap.pr_mflags |= MA_RESERVED1;
1296 
1297 	/*
1298 	 * At the time of adding this mapping, we just zero the pagesize.
1299 	 * Once we've processed more of the core file, we'll have the
1300 	 * pagesize from the auxv's AT_PAGESZ element and we can fill this in.
1301 	 */
1302 	pmap.pr_pagesize = 0;
1303 
1304 	/*
1305 	 * Unfortunately whether or not the mapping was a System V
1306 	 * shared memory segment is lost.  We use -1 to mark it as not shm.
1307 	 */
1308 	pmap.pr_shmid = -1;
1309 
1310 	return (Padd_mapping(P, php->p_offset, NULL, &pmap));
1311 }
1312 
1313 /*
1314  * Given a virtual address, name the mapping at that address using the
1315  * specified name, and return the map_info_t pointer.
1316  */
1317 static map_info_t *
1318 core_name_mapping(struct ps_prochandle *P, uintptr_t addr, const char *name)
1319 {
1320 	map_info_t *mp = Paddr2mptr(P, addr);
1321 
1322 	if (mp != NULL) {
1323 		(void) strncpy(mp->map_pmap.pr_mapname, name, PRMAPSZ);
1324 		mp->map_pmap.pr_mapname[PRMAPSZ - 1] = '\0';
1325 	}
1326 
1327 	return (mp);
1328 }
1329 
1330 /*
1331  * libproc uses libelf for all of its symbol table manipulation. This function
1332  * takes a symbol table and string table from a core file and places them
1333  * in a memory backed elf file.
1334  */
1335 static void
1336 fake_up_symtab(struct ps_prochandle *P, const elf_file_header_t *ehdr,
1337     GElf_Shdr *symtab, GElf_Shdr *strtab)
1338 {
1339 	size_t size;
1340 	off64_t off, base;
1341 	map_info_t *mp;
1342 	file_info_t *fp;
1343 	Elf_Scn *scn;
1344 	Elf_Data *data;
1345 
1346 	if (symtab->sh_addr == 0 ||
1347 	    (mp = Paddr2mptr(P, symtab->sh_addr)) == NULL ||
1348 	    (fp = mp->map_file) == NULL) {
1349 		dprintf("fake_up_symtab: invalid section\n");
1350 		return;
1351 	}
1352 
1353 	if (fp->file_symtab.sym_data_pri != NULL) {
1354 		dprintf("Symbol table already loaded (sh_addr 0x%lx)\n",
1355 		    (long)symtab->sh_addr);
1356 		return;
1357 	}
1358 
1359 	if (P->status.pr_dmodel == PR_MODEL_ILP32) {
1360 		struct {
1361 			Elf32_Ehdr ehdr;
1362 			Elf32_Shdr shdr[3];
1363 			char data[1];
1364 		} *b;
1365 
1366 		base = sizeof (b->ehdr) + sizeof (b->shdr);
1367 		size = base + symtab->sh_size + strtab->sh_size;
1368 
1369 		if ((b = calloc(1, size)) == NULL)
1370 			return;
1371 
1372 		(void) memcpy(b->ehdr.e_ident, ehdr->e_ident,
1373 		    sizeof (ehdr->e_ident));
1374 		b->ehdr.e_type = ehdr->e_type;
1375 		b->ehdr.e_machine = ehdr->e_machine;
1376 		b->ehdr.e_version = ehdr->e_version;
1377 		b->ehdr.e_flags = ehdr->e_flags;
1378 		b->ehdr.e_ehsize = sizeof (b->ehdr);
1379 		b->ehdr.e_shoff = sizeof (b->ehdr);
1380 		b->ehdr.e_shentsize = sizeof (b->shdr[0]);
1381 		b->ehdr.e_shnum = 3;
1382 		off = 0;
1383 
1384 		b->shdr[1].sh_size = symtab->sh_size;
1385 		b->shdr[1].sh_type = SHT_SYMTAB;
1386 		b->shdr[1].sh_offset = off + base;
1387 		b->shdr[1].sh_entsize = sizeof (Elf32_Sym);
1388 		b->shdr[1].sh_link = 2;
1389 		b->shdr[1].sh_info =  symtab->sh_info;
1390 		b->shdr[1].sh_addralign = symtab->sh_addralign;
1391 
1392 		if (pread64(P->asfd, &b->data[off], b->shdr[1].sh_size,
1393 		    symtab->sh_offset) != b->shdr[1].sh_size) {
1394 			dprintf("fake_up_symtab: pread of symtab[1] failed\n");
1395 			free(b);
1396 			return;
1397 		}
1398 
1399 		off += b->shdr[1].sh_size;
1400 
1401 		b->shdr[2].sh_flags = SHF_STRINGS;
1402 		b->shdr[2].sh_size = strtab->sh_size;
1403 		b->shdr[2].sh_type = SHT_STRTAB;
1404 		b->shdr[2].sh_offset = off + base;
1405 		b->shdr[2].sh_info =  strtab->sh_info;
1406 		b->shdr[2].sh_addralign = 1;
1407 
1408 		if (pread64(P->asfd, &b->data[off], b->shdr[2].sh_size,
1409 		    strtab->sh_offset) != b->shdr[2].sh_size) {
1410 			dprintf("fake_up_symtab: pread of symtab[2] failed\n");
1411 			free(b);
1412 			return;
1413 		}
1414 
1415 		off += b->shdr[2].sh_size;
1416 
1417 		fp->file_symtab.sym_elf = elf_memory((char *)b, size);
1418 		if (fp->file_symtab.sym_elf == NULL) {
1419 			free(b);
1420 			return;
1421 		}
1422 
1423 		fp->file_symtab.sym_elfmem = b;
1424 #ifdef _LP64
1425 	} else {
1426 		struct {
1427 			Elf64_Ehdr ehdr;
1428 			Elf64_Shdr shdr[3];
1429 			char data[1];
1430 		} *b;
1431 
1432 		base = sizeof (b->ehdr) + sizeof (b->shdr);
1433 		size = base + symtab->sh_size + strtab->sh_size;
1434 
1435 		if ((b = calloc(1, size)) == NULL)
1436 			return;
1437 
1438 		(void) memcpy(b->ehdr.e_ident, ehdr->e_ident,
1439 		    sizeof (ehdr->e_ident));
1440 		b->ehdr.e_type = ehdr->e_type;
1441 		b->ehdr.e_machine = ehdr->e_machine;
1442 		b->ehdr.e_version = ehdr->e_version;
1443 		b->ehdr.e_flags = ehdr->e_flags;
1444 		b->ehdr.e_ehsize = sizeof (b->ehdr);
1445 		b->ehdr.e_shoff = sizeof (b->ehdr);
1446 		b->ehdr.e_shentsize = sizeof (b->shdr[0]);
1447 		b->ehdr.e_shnum = 3;
1448 		off = 0;
1449 
1450 		b->shdr[1].sh_size = symtab->sh_size;
1451 		b->shdr[1].sh_type = SHT_SYMTAB;
1452 		b->shdr[1].sh_offset = off + base;
1453 		b->shdr[1].sh_entsize = sizeof (Elf64_Sym);
1454 		b->shdr[1].sh_link = 2;
1455 		b->shdr[1].sh_info =  symtab->sh_info;
1456 		b->shdr[1].sh_addralign = symtab->sh_addralign;
1457 
1458 		if (pread64(P->asfd, &b->data[off], b->shdr[1].sh_size,
1459 		    symtab->sh_offset) != b->shdr[1].sh_size) {
1460 			free(b);
1461 			return;
1462 		}
1463 
1464 		off += b->shdr[1].sh_size;
1465 
1466 		b->shdr[2].sh_flags = SHF_STRINGS;
1467 		b->shdr[2].sh_size = strtab->sh_size;
1468 		b->shdr[2].sh_type = SHT_STRTAB;
1469 		b->shdr[2].sh_offset = off + base;
1470 		b->shdr[2].sh_info =  strtab->sh_info;
1471 		b->shdr[2].sh_addralign = 1;
1472 
1473 		if (pread64(P->asfd, &b->data[off], b->shdr[2].sh_size,
1474 		    strtab->sh_offset) != b->shdr[2].sh_size) {
1475 			free(b);
1476 			return;
1477 		}
1478 
1479 		off += b->shdr[2].sh_size;
1480 
1481 		fp->file_symtab.sym_elf = elf_memory((char *)b, size);
1482 		if (fp->file_symtab.sym_elf == NULL) {
1483 			free(b);
1484 			return;
1485 		}
1486 
1487 		fp->file_symtab.sym_elfmem = b;
1488 #endif
1489 	}
1490 
1491 	if ((scn = elf_getscn(fp->file_symtab.sym_elf, 1)) == NULL ||
1492 	    (fp->file_symtab.sym_data_pri = elf_getdata(scn, NULL)) == NULL ||
1493 	    (scn = elf_getscn(fp->file_symtab.sym_elf, 2)) == NULL ||
1494 	    (data = elf_getdata(scn, NULL)) == NULL) {
1495 		dprintf("fake_up_symtab: failed to get section data at %p\n",
1496 		    (void *)scn);
1497 		goto err;
1498 	}
1499 
1500 	fp->file_symtab.sym_strs = data->d_buf;
1501 	fp->file_symtab.sym_strsz = data->d_size;
1502 	fp->file_symtab.sym_symn = symtab->sh_size / symtab->sh_entsize;
1503 	fp->file_symtab.sym_hdr_pri = *symtab;
1504 	fp->file_symtab.sym_strhdr = *strtab;
1505 
1506 	optimize_symtab(&fp->file_symtab);
1507 
1508 	return;
1509 err:
1510 	(void) elf_end(fp->file_symtab.sym_elf);
1511 	free(fp->file_symtab.sym_elfmem);
1512 	fp->file_symtab.sym_elf = NULL;
1513 	fp->file_symtab.sym_elfmem = NULL;
1514 }
1515 
1516 static void
1517 core_phdr_to_gelf(const Elf32_Phdr *src, GElf_Phdr *dst)
1518 {
1519 	dst->p_type = src->p_type;
1520 	dst->p_flags = src->p_flags;
1521 	dst->p_offset = (Elf64_Off)src->p_offset;
1522 	dst->p_vaddr = (Elf64_Addr)src->p_vaddr;
1523 	dst->p_paddr = (Elf64_Addr)src->p_paddr;
1524 	dst->p_filesz = (Elf64_Xword)src->p_filesz;
1525 	dst->p_memsz = (Elf64_Xword)src->p_memsz;
1526 	dst->p_align = (Elf64_Xword)src->p_align;
1527 }
1528 
1529 static void
1530 core_shdr_to_gelf(const Elf32_Shdr *src, GElf_Shdr *dst)
1531 {
1532 	dst->sh_name = src->sh_name;
1533 	dst->sh_type = src->sh_type;
1534 	dst->sh_flags = (Elf64_Xword)src->sh_flags;
1535 	dst->sh_addr = (Elf64_Addr)src->sh_addr;
1536 	dst->sh_offset = (Elf64_Off)src->sh_offset;
1537 	dst->sh_size = (Elf64_Xword)src->sh_size;
1538 	dst->sh_link = src->sh_link;
1539 	dst->sh_info = src->sh_info;
1540 	dst->sh_addralign = (Elf64_Xword)src->sh_addralign;
1541 	dst->sh_entsize = (Elf64_Xword)src->sh_entsize;
1542 }
1543 
1544 /*
1545  * Perform elf_begin on efp->e_fd and verify the ELF file's type and class.
1546  */
1547 static int
1548 core_elf_fdopen(elf_file_t *efp, GElf_Half type, int *perr)
1549 {
1550 #ifdef _BIG_ENDIAN
1551 	uchar_t order = ELFDATA2MSB;
1552 #else
1553 	uchar_t order = ELFDATA2LSB;
1554 #endif
1555 	Elf32_Ehdr e32;
1556 	int is_noelf = -1;
1557 	int isa_err = 0;
1558 
1559 	/*
1560 	 * Because 32-bit libelf cannot deal with large files, we need to read,
1561 	 * check, and convert the file header manually in case type == ET_CORE.
1562 	 */
1563 	if (pread64(efp->e_fd, &e32, sizeof (e32), 0) != sizeof (e32)) {
1564 		if (perr != NULL)
1565 			*perr = G_FORMAT;
1566 		goto err;
1567 	}
1568 	if ((is_noelf = memcmp(&e32.e_ident[EI_MAG0], ELFMAG, SELFMAG)) != 0 ||
1569 	    e32.e_type != type || (isa_err = (e32.e_ident[EI_DATA] != order)) ||
1570 	    e32.e_version != EV_CURRENT) {
1571 		if (perr != NULL) {
1572 			if (is_noelf == 0 && isa_err) {
1573 				*perr = G_ISAINVAL;
1574 			} else {
1575 				*perr = G_FORMAT;
1576 			}
1577 		}
1578 		goto err;
1579 	}
1580 
1581 	/*
1582 	 * If the file is 64-bit and we are 32-bit, fail with G_LP64.  If the
1583 	 * file is 64-bit and we are 64-bit, re-read the header as a Elf64_Ehdr,
1584 	 * and convert it to a elf_file_header_t.  Otherwise, the file is
1585 	 * 32-bit, so convert e32 to a elf_file_header_t.
1586 	 */
1587 	if (e32.e_ident[EI_CLASS] == ELFCLASS64) {
1588 #ifdef _LP64
1589 		Elf64_Ehdr e64;
1590 
1591 		if (pread64(efp->e_fd, &e64, sizeof (e64), 0) != sizeof (e64)) {
1592 			if (perr != NULL)
1593 				*perr = G_FORMAT;
1594 			goto err;
1595 		}
1596 
1597 		(void) memcpy(efp->e_hdr.e_ident, e64.e_ident, EI_NIDENT);
1598 		efp->e_hdr.e_type = e64.e_type;
1599 		efp->e_hdr.e_machine = e64.e_machine;
1600 		efp->e_hdr.e_version = e64.e_version;
1601 		efp->e_hdr.e_entry = e64.e_entry;
1602 		efp->e_hdr.e_phoff = e64.e_phoff;
1603 		efp->e_hdr.e_shoff = e64.e_shoff;
1604 		efp->e_hdr.e_flags = e64.e_flags;
1605 		efp->e_hdr.e_ehsize = e64.e_ehsize;
1606 		efp->e_hdr.e_phentsize = e64.e_phentsize;
1607 		efp->e_hdr.e_phnum = (Elf64_Word)e64.e_phnum;
1608 		efp->e_hdr.e_shentsize = e64.e_shentsize;
1609 		efp->e_hdr.e_shnum = (Elf64_Word)e64.e_shnum;
1610 		efp->e_hdr.e_shstrndx = (Elf64_Word)e64.e_shstrndx;
1611 #else	/* _LP64 */
1612 		if (perr != NULL)
1613 			*perr = G_LP64;
1614 		goto err;
1615 #endif	/* _LP64 */
1616 	} else {
1617 		(void) memcpy(efp->e_hdr.e_ident, e32.e_ident, EI_NIDENT);
1618 		efp->e_hdr.e_type = e32.e_type;
1619 		efp->e_hdr.e_machine = e32.e_machine;
1620 		efp->e_hdr.e_version = e32.e_version;
1621 		efp->e_hdr.e_entry = (Elf64_Addr)e32.e_entry;
1622 		efp->e_hdr.e_phoff = (Elf64_Off)e32.e_phoff;
1623 		efp->e_hdr.e_shoff = (Elf64_Off)e32.e_shoff;
1624 		efp->e_hdr.e_flags = e32.e_flags;
1625 		efp->e_hdr.e_ehsize = e32.e_ehsize;
1626 		efp->e_hdr.e_phentsize = e32.e_phentsize;
1627 		efp->e_hdr.e_phnum = (Elf64_Word)e32.e_phnum;
1628 		efp->e_hdr.e_shentsize = e32.e_shentsize;
1629 		efp->e_hdr.e_shnum = (Elf64_Word)e32.e_shnum;
1630 		efp->e_hdr.e_shstrndx = (Elf64_Word)e32.e_shstrndx;
1631 	}
1632 
1633 	/*
1634 	 * If the number of section headers or program headers or the section
1635 	 * header string table index would overflow their respective fields
1636 	 * in the ELF header, they're stored in the section header at index
1637 	 * zero. To simplify use elsewhere, we look for those sentinel values
1638 	 * here.
1639 	 */
1640 	if ((efp->e_hdr.e_shnum == 0 && efp->e_hdr.e_shoff != 0) ||
1641 	    efp->e_hdr.e_shstrndx == SHN_XINDEX ||
1642 	    efp->e_hdr.e_phnum == PN_XNUM) {
1643 		GElf_Shdr shdr;
1644 
1645 		dprintf("extended ELF header\n");
1646 
1647 		if (efp->e_hdr.e_shoff == 0) {
1648 			if (perr != NULL)
1649 				*perr = G_FORMAT;
1650 			goto err;
1651 		}
1652 
1653 		if (efp->e_hdr.e_ident[EI_CLASS] == ELFCLASS32) {
1654 			Elf32_Shdr shdr32;
1655 
1656 			if (pread64(efp->e_fd, &shdr32, sizeof (shdr32),
1657 			    efp->e_hdr.e_shoff) != sizeof (shdr32)) {
1658 				if (perr != NULL)
1659 					*perr = G_FORMAT;
1660 				goto err;
1661 			}
1662 
1663 			core_shdr_to_gelf(&shdr32, &shdr);
1664 		} else {
1665 			if (pread64(efp->e_fd, &shdr, sizeof (shdr),
1666 			    efp->e_hdr.e_shoff) != sizeof (shdr)) {
1667 				if (perr != NULL)
1668 					*perr = G_FORMAT;
1669 				goto err;
1670 			}
1671 		}
1672 
1673 		if (efp->e_hdr.e_shnum == 0) {
1674 			efp->e_hdr.e_shnum = shdr.sh_size;
1675 			dprintf("section header count %lu\n",
1676 			    (ulong_t)shdr.sh_size);
1677 		}
1678 
1679 		if (efp->e_hdr.e_shstrndx == SHN_XINDEX) {
1680 			efp->e_hdr.e_shstrndx = shdr.sh_link;
1681 			dprintf("section string index %u\n", shdr.sh_link);
1682 		}
1683 
1684 		if (efp->e_hdr.e_phnum == PN_XNUM && shdr.sh_info != 0) {
1685 			efp->e_hdr.e_phnum = shdr.sh_info;
1686 			dprintf("program header count %u\n", shdr.sh_info);
1687 		}
1688 
1689 	} else if (efp->e_hdr.e_phoff != 0) {
1690 		GElf_Phdr phdr;
1691 		uint64_t phnum;
1692 
1693 		/*
1694 		 * It's possible this core file came from a system that
1695 		 * accidentally truncated the e_phnum field without correctly
1696 		 * using the extended format in the section header at index
1697 		 * zero. We try to detect and correct that specific type of
1698 		 * corruption by using the knowledge that the core dump
1699 		 * routines usually place the data referenced by the first
1700 		 * program header immediately after the last header element.
1701 		 */
1702 		if (efp->e_hdr.e_ident[EI_CLASS] == ELFCLASS32) {
1703 			Elf32_Phdr phdr32;
1704 
1705 			if (pread64(efp->e_fd, &phdr32, sizeof (phdr32),
1706 			    efp->e_hdr.e_phoff) != sizeof (phdr32)) {
1707 				if (perr != NULL)
1708 					*perr = G_FORMAT;
1709 				goto err;
1710 			}
1711 
1712 			core_phdr_to_gelf(&phdr32, &phdr);
1713 		} else {
1714 			if (pread64(efp->e_fd, &phdr, sizeof (phdr),
1715 			    efp->e_hdr.e_phoff) != sizeof (phdr)) {
1716 				if (perr != NULL)
1717 					*perr = G_FORMAT;
1718 				goto err;
1719 			}
1720 		}
1721 
1722 		phnum = phdr.p_offset - efp->e_hdr.e_ehsize -
1723 		    (uint64_t)efp->e_hdr.e_shnum * efp->e_hdr.e_shentsize;
1724 		phnum /= efp->e_hdr.e_phentsize;
1725 
1726 		if (phdr.p_offset != 0 && phnum != efp->e_hdr.e_phnum) {
1727 			dprintf("suspicious program header count %u %u\n",
1728 			    (uint_t)phnum, efp->e_hdr.e_phnum);
1729 
1730 			/*
1731 			 * If the new program header count we computed doesn't
1732 			 * jive with count in the ELF header, we'll use the
1733 			 * data that's there and hope for the best.
1734 			 *
1735 			 * If it does, it's also possible that the section
1736 			 * header offset is incorrect; we'll check that and
1737 			 * possibly try to fix it.
1738 			 */
1739 			if (phnum <= INT_MAX &&
1740 			    (uint16_t)phnum == efp->e_hdr.e_phnum) {
1741 
1742 				if (efp->e_hdr.e_shoff == efp->e_hdr.e_phoff +
1743 				    efp->e_hdr.e_phentsize *
1744 				    (uint_t)efp->e_hdr.e_phnum) {
1745 					efp->e_hdr.e_shoff =
1746 					    efp->e_hdr.e_phoff +
1747 					    efp->e_hdr.e_phentsize * phnum;
1748 				}
1749 
1750 				efp->e_hdr.e_phnum = (Elf64_Word)phnum;
1751 				dprintf("using new program header count\n");
1752 			} else {
1753 				dprintf("inconsistent program header count\n");
1754 			}
1755 		}
1756 	}
1757 
1758 	/*
1759 	 * The libelf implementation was never ported to be large-file aware.
1760 	 * This is typically not a problem for your average executable or
1761 	 * shared library, but a large 32-bit core file can exceed 2GB in size.
1762 	 * So if type is ET_CORE, we don't bother doing elf_begin; the code
1763 	 * in Pfgrab_core() below will do its own i/o and struct conversion.
1764 	 */
1765 
1766 	if (type == ET_CORE) {
1767 		efp->e_elf = NULL;
1768 		return (0);
1769 	}
1770 
1771 	if ((efp->e_elf = elf_begin(efp->e_fd, ELF_C_READ, NULL)) == NULL) {
1772 		if (perr != NULL)
1773 			*perr = G_ELF;
1774 		goto err;
1775 	}
1776 
1777 	return (0);
1778 
1779 err:
1780 	efp->e_elf = NULL;
1781 	return (-1);
1782 }
1783 
1784 /*
1785  * Open the specified file and then do a core_elf_fdopen on it.
1786  */
1787 static int
1788 core_elf_open(elf_file_t *efp, const char *path, GElf_Half type, int *perr)
1789 {
1790 	(void) memset(efp, 0, sizeof (elf_file_t));
1791 
1792 	if ((efp->e_fd = open64(path, O_RDONLY)) >= 0) {
1793 		if (core_elf_fdopen(efp, type, perr) == 0)
1794 			return (0);
1795 
1796 		(void) close(efp->e_fd);
1797 		efp->e_fd = -1;
1798 	}
1799 
1800 	return (-1);
1801 }
1802 
1803 /*
1804  * Close the ELF handle and file descriptor.
1805  */
1806 static void
1807 core_elf_close(elf_file_t *efp)
1808 {
1809 	if (efp->e_elf != NULL) {
1810 		(void) elf_end(efp->e_elf);
1811 		efp->e_elf = NULL;
1812 	}
1813 
1814 	if (efp->e_fd != -1) {
1815 		(void) close(efp->e_fd);
1816 		efp->e_fd = -1;
1817 	}
1818 }
1819 
1820 /*
1821  * Given an ELF file for a statically linked executable, locate the likely
1822  * primary text section and fill in rl_base with its virtual address.
1823  */
1824 static map_info_t *
1825 core_find_text(struct ps_prochandle *P, Elf *elf, rd_loadobj_t *rlp)
1826 {
1827 	GElf_Phdr phdr;
1828 	uint_t i;
1829 	size_t nphdrs;
1830 
1831 	if (elf_getphdrnum(elf, &nphdrs) == -1)
1832 		return (NULL);
1833 
1834 	for (i = 0; i < nphdrs; i++) {
1835 		if (gelf_getphdr(elf, i, &phdr) != NULL &&
1836 		    phdr.p_type == PT_LOAD && (phdr.p_flags & PF_X)) {
1837 			rlp->rl_base = phdr.p_vaddr;
1838 			return (Paddr2mptr(P, rlp->rl_base));
1839 		}
1840 	}
1841 
1842 	return (NULL);
1843 }
1844 
1845 /*
1846  * Given an ELF file and the librtld_db structure corresponding to its primary
1847  * text mapping, deduce where its data segment was loaded and fill in
1848  * rl_data_base and prmap_t.pr_offset accordingly.
1849  */
1850 static map_info_t *
1851 core_find_data(struct ps_prochandle *P, Elf *elf, rd_loadobj_t *rlp)
1852 {
1853 	GElf_Ehdr ehdr;
1854 	GElf_Phdr phdr;
1855 	map_info_t *mp;
1856 	uint_t i, pagemask;
1857 	size_t nphdrs;
1858 
1859 	rlp->rl_data_base = NULL;
1860 
1861 	/*
1862 	 * Find the first loadable, writeable Phdr and compute rl_data_base
1863 	 * as the virtual address at which is was loaded.
1864 	 */
1865 	if (gelf_getehdr(elf, &ehdr) == NULL ||
1866 	    elf_getphdrnum(elf, &nphdrs) == -1)
1867 		return (NULL);
1868 
1869 	for (i = 0; i < nphdrs; i++) {
1870 		if (gelf_getphdr(elf, i, &phdr) != NULL &&
1871 		    phdr.p_type == PT_LOAD && (phdr.p_flags & PF_W)) {
1872 			rlp->rl_data_base = phdr.p_vaddr;
1873 			if (ehdr.e_type == ET_DYN)
1874 				rlp->rl_data_base += rlp->rl_base;
1875 			break;
1876 		}
1877 	}
1878 
1879 	/*
1880 	 * If we didn't find an appropriate phdr or if the address we
1881 	 * computed has no mapping, return NULL.
1882 	 */
1883 	if (rlp->rl_data_base == NULL ||
1884 	    (mp = Paddr2mptr(P, rlp->rl_data_base)) == NULL)
1885 		return (NULL);
1886 
1887 	/*
1888 	 * It wouldn't be procfs-related code if we didn't make use of
1889 	 * unclean knowledge of segvn, even in userland ... the prmap_t's
1890 	 * pr_offset field will be the segvn offset from mmap(2)ing the
1891 	 * data section, which will be the file offset & PAGEMASK.
1892 	 */
1893 	pagemask = ~(mp->map_pmap.pr_pagesize - 1);
1894 	mp->map_pmap.pr_offset = phdr.p_offset & pagemask;
1895 
1896 	return (mp);
1897 }
1898 
1899 /*
1900  * Librtld_db agent callback for iterating over load object mappings.
1901  * For each load object, we allocate a new file_info_t, perform naming,
1902  * and attempt to construct a symbol table for the load object.
1903  */
1904 static int
1905 core_iter_mapping(const rd_loadobj_t *rlp, struct ps_prochandle *P)
1906 {
1907 	core_info_t *core = P->data;
1908 	char lname[PATH_MAX], buf[PATH_MAX];
1909 	file_info_t *fp;
1910 	map_info_t *mp;
1911 
1912 	if (Pread_string(P, lname, PATH_MAX, (off_t)rlp->rl_nameaddr) <= 0) {
1913 		dprintf("failed to read name %p\n", (void *)rlp->rl_nameaddr);
1914 		return (1); /* Keep going; forget this if we can't get a name */
1915 	}
1916 
1917 	dprintf("rd_loadobj name = \"%s\" rl_base = %p\n",
1918 	    lname, (void *)rlp->rl_base);
1919 
1920 	if ((mp = Paddr2mptr(P, rlp->rl_base)) == NULL) {
1921 		dprintf("no mapping for %p\n", (void *)rlp->rl_base);
1922 		return (1); /* No mapping; advance to next mapping */
1923 	}
1924 
1925 	/*
1926 	 * Create a new file_info_t for this mapping, and therefore for
1927 	 * this load object.
1928 	 *
1929 	 * If there's an ELF header at the beginning of this mapping,
1930 	 * file_info_new() will try to use its section headers to
1931 	 * identify any other mappings that belong to this load object.
1932 	 */
1933 	if ((fp = mp->map_file) == NULL &&
1934 	    (fp = file_info_new(P, mp)) == NULL) {
1935 		core->core_errno = errno;
1936 		dprintf("failed to malloc mapping data\n");
1937 		return (0); /* Abort */
1938 	}
1939 	fp->file_map = mp;
1940 
1941 	/* Create a local copy of the load object representation */
1942 	if ((fp->file_lo = calloc(1, sizeof (rd_loadobj_t))) == NULL) {
1943 		core->core_errno = errno;
1944 		dprintf("failed to malloc mapping data\n");
1945 		return (0); /* Abort */
1946 	}
1947 	*fp->file_lo = *rlp;
1948 
1949 	if (lname[0] != '\0') {
1950 		/*
1951 		 * Naming dance part 1: if we got a name from librtld_db, then
1952 		 * copy this name to the prmap_t if it is unnamed.  If the
1953 		 * file_info_t is unnamed, name it after the lname.
1954 		 */
1955 		if (mp->map_pmap.pr_mapname[0] == '\0') {
1956 			(void) strncpy(mp->map_pmap.pr_mapname, lname, PRMAPSZ);
1957 			mp->map_pmap.pr_mapname[PRMAPSZ - 1] = '\0';
1958 		}
1959 
1960 		if (fp->file_lname == NULL)
1961 			fp->file_lname = strdup(lname);
1962 
1963 	} else if (fp->file_lname == NULL &&
1964 	    mp->map_pmap.pr_mapname[0] != '\0') {
1965 		/*
1966 		 * Naming dance part 2: if the mapping is named and the
1967 		 * file_info_t is not, name the file after the mapping.
1968 		 */
1969 		fp->file_lname = strdup(mp->map_pmap.pr_mapname);
1970 	}
1971 
1972 	if ((fp->file_rname == NULL) &&
1973 	    (Pfindmap(P, mp, buf, sizeof (buf)) != NULL))
1974 		fp->file_rname = strdup(buf);
1975 
1976 	if (fp->file_lname != NULL)
1977 		fp->file_lbase = basename(fp->file_lname);
1978 	if (fp->file_rname != NULL)
1979 		fp->file_rbase = basename(fp->file_rname);
1980 
1981 	/* Associate the file and the mapping. */
1982 	(void) strncpy(fp->file_pname, mp->map_pmap.pr_mapname, PRMAPSZ);
1983 	fp->file_pname[PRMAPSZ - 1] = '\0';
1984 
1985 	/*
1986 	 * If no section headers were available then we'll have to
1987 	 * identify this load object's other mappings with what we've
1988 	 * got: the start and end of the object's corresponding
1989 	 * address space.
1990 	 */
1991 	if (fp->file_saddrs == NULL) {
1992 		for (mp = fp->file_map + 1; mp < P->mappings + P->map_count &&
1993 		    mp->map_pmap.pr_vaddr < rlp->rl_bend; mp++) {
1994 
1995 			if (mp->map_file == NULL) {
1996 				dprintf("core_iter_mapping %s: associating "
1997 				    "segment at %p\n",
1998 				    fp->file_pname,
1999 				    (void *)mp->map_pmap.pr_vaddr);
2000 				mp->map_file = fp;
2001 				fp->file_ref++;
2002 			} else {
2003 				dprintf("core_iter_mapping %s: segment at "
2004 				    "%p already associated with %s\n",
2005 				    fp->file_pname,
2006 				    (void *)mp->map_pmap.pr_vaddr,
2007 				    (mp == fp->file_map ? "this file" :
2008 				    mp->map_file->file_pname));
2009 			}
2010 		}
2011 	}
2012 
2013 	/* Ensure that all this file's mappings are named. */
2014 	for (mp = fp->file_map; mp < P->mappings + P->map_count &&
2015 	    mp->map_file == fp; mp++) {
2016 		if (mp->map_pmap.pr_mapname[0] == '\0' &&
2017 		    !(mp->map_pmap.pr_mflags & MA_BREAK)) {
2018 			(void) strncpy(mp->map_pmap.pr_mapname, fp->file_pname,
2019 			    PRMAPSZ);
2020 			mp->map_pmap.pr_mapname[PRMAPSZ - 1] = '\0';
2021 		}
2022 	}
2023 
2024 	/* Attempt to build a symbol table for this file. */
2025 	Pbuild_file_symtab(P, fp);
2026 	if (fp->file_elf == NULL)
2027 		dprintf("core_iter_mapping: no symtab for %s\n",
2028 		    fp->file_pname);
2029 
2030 	/* Locate the start of a data segment associated with this file. */
2031 	if ((mp = core_find_data(P, fp->file_elf, fp->file_lo)) != NULL) {
2032 		dprintf("found data for %s at %p (pr_offset 0x%llx)\n",
2033 		    fp->file_pname, (void *)fp->file_lo->rl_data_base,
2034 		    mp->map_pmap.pr_offset);
2035 	} else {
2036 		dprintf("core_iter_mapping: no data found for %s\n",
2037 		    fp->file_pname);
2038 	}
2039 
2040 	return (1); /* Advance to next mapping */
2041 }
2042 
2043 /*
2044  * Callback function for Pfindexec().  In order to confirm a given pathname,
2045  * we verify that we can open it as an ELF file of type ET_EXEC or ET_DYN.
2046  */
2047 static int
2048 core_exec_open(const char *path, void *efp)
2049 {
2050 	if (core_elf_open(efp, path, ET_EXEC, NULL) == 0)
2051 		return (1);
2052 	if (core_elf_open(efp, path, ET_DYN, NULL) == 0)
2053 		return (1);
2054 	return (0);
2055 }
2056 
2057 /*
2058  * Attempt to load any section headers found in the core file.  If present,
2059  * this will refer to non-loadable data added to the core file by the kernel
2060  * based on coreadm(1M) settings, including CTF data and the symbol table.
2061  */
2062 static void
2063 core_load_shdrs(struct ps_prochandle *P, elf_file_t *efp)
2064 {
2065 	GElf_Shdr *shp, *shdrs = NULL;
2066 	char *shstrtab = NULL;
2067 	ulong_t shstrtabsz;
2068 	const char *name;
2069 	map_info_t *mp;
2070 
2071 	size_t nbytes;
2072 	void *buf;
2073 	int i;
2074 
2075 	if (efp->e_hdr.e_shstrndx >= efp->e_hdr.e_shnum) {
2076 		dprintf("corrupt shstrndx (%u) exceeds shnum (%u)\n",
2077 		    efp->e_hdr.e_shstrndx, efp->e_hdr.e_shnum);
2078 		return;
2079 	}
2080 
2081 	/*
2082 	 * Read the section header table from the core file and then iterate
2083 	 * over the section headers, converting each to a GElf_Shdr.
2084 	 */
2085 	if ((shdrs = malloc(efp->e_hdr.e_shnum * sizeof (GElf_Shdr))) == NULL) {
2086 		dprintf("failed to malloc %u section headers: %s\n",
2087 		    (uint_t)efp->e_hdr.e_shnum, strerror(errno));
2088 		return;
2089 	}
2090 
2091 	nbytes = efp->e_hdr.e_shnum * efp->e_hdr.e_shentsize;
2092 	if ((buf = malloc(nbytes)) == NULL) {
2093 		dprintf("failed to malloc %d bytes: %s\n", (int)nbytes,
2094 		    strerror(errno));
2095 		free(shdrs);
2096 		goto out;
2097 	}
2098 
2099 	if (pread64(efp->e_fd, buf, nbytes, efp->e_hdr.e_shoff) != nbytes) {
2100 		dprintf("failed to read section headers at off %lld: %s\n",
2101 		    (longlong_t)efp->e_hdr.e_shoff, strerror(errno));
2102 		free(buf);
2103 		goto out;
2104 	}
2105 
2106 	for (i = 0; i < efp->e_hdr.e_shnum; i++) {
2107 		void *p = (uchar_t *)buf + efp->e_hdr.e_shentsize * i;
2108 
2109 		if (efp->e_hdr.e_ident[EI_CLASS] == ELFCLASS32)
2110 			core_shdr_to_gelf(p, &shdrs[i]);
2111 		else
2112 			(void) memcpy(&shdrs[i], p, sizeof (GElf_Shdr));
2113 	}
2114 
2115 	free(buf);
2116 	buf = NULL;
2117 
2118 	/*
2119 	 * Read the .shstrtab section from the core file, terminating it with
2120 	 * an extra \0 so that a corrupt section will not cause us to die.
2121 	 */
2122 	shp = &shdrs[efp->e_hdr.e_shstrndx];
2123 	shstrtabsz = shp->sh_size;
2124 
2125 	if ((shstrtab = malloc(shstrtabsz + 1)) == NULL) {
2126 		dprintf("failed to allocate %lu bytes for shstrtab\n",
2127 		    (ulong_t)shstrtabsz);
2128 		goto out;
2129 	}
2130 
2131 	if (pread64(efp->e_fd, shstrtab, shstrtabsz,
2132 	    shp->sh_offset) != shstrtabsz) {
2133 		dprintf("failed to read %lu bytes of shstrs at off %lld: %s\n",
2134 		    shstrtabsz, (longlong_t)shp->sh_offset, strerror(errno));
2135 		goto out;
2136 	}
2137 
2138 	shstrtab[shstrtabsz] = '\0';
2139 
2140 	/*
2141 	 * Now iterate over each section in the section header table, locating
2142 	 * sections of interest and initializing more of the ps_prochandle.
2143 	 */
2144 	for (i = 0; i < efp->e_hdr.e_shnum; i++) {
2145 		shp = &shdrs[i];
2146 		name = shstrtab + shp->sh_name;
2147 
2148 		if (shp->sh_name >= shstrtabsz) {
2149 			dprintf("skipping section [%d]: corrupt sh_name\n", i);
2150 			continue;
2151 		}
2152 
2153 		if (shp->sh_link >= efp->e_hdr.e_shnum) {
2154 			dprintf("skipping section [%d]: corrupt sh_link\n", i);
2155 			continue;
2156 		}
2157 
2158 		dprintf("found section header %s (sh_addr 0x%llx)\n",
2159 		    name, (u_longlong_t)shp->sh_addr);
2160 
2161 		if (strcmp(name, ".SUNW_ctf") == 0) {
2162 			if ((mp = Paddr2mptr(P, shp->sh_addr)) == NULL) {
2163 				dprintf("no map at addr 0x%llx for %s [%d]\n",
2164 				    (u_longlong_t)shp->sh_addr, name, i);
2165 				continue;
2166 			}
2167 
2168 			if (mp->map_file == NULL ||
2169 			    mp->map_file->file_ctf_buf != NULL) {
2170 				dprintf("no mapping file or duplicate buffer "
2171 				    "for %s [%d]\n", name, i);
2172 				continue;
2173 			}
2174 
2175 			if ((buf = malloc(shp->sh_size)) == NULL ||
2176 			    pread64(efp->e_fd, buf, shp->sh_size,
2177 			    shp->sh_offset) != shp->sh_size) {
2178 				dprintf("skipping section %s [%d]: %s\n",
2179 				    name, i, strerror(errno));
2180 				free(buf);
2181 				continue;
2182 			}
2183 
2184 			mp->map_file->file_ctf_size = shp->sh_size;
2185 			mp->map_file->file_ctf_buf = buf;
2186 
2187 			if (shdrs[shp->sh_link].sh_type == SHT_DYNSYM)
2188 				mp->map_file->file_ctf_dyn = 1;
2189 
2190 		} else if (strcmp(name, ".symtab") == 0) {
2191 			fake_up_symtab(P, &efp->e_hdr,
2192 			    shp, &shdrs[shp->sh_link]);
2193 		}
2194 	}
2195 out:
2196 	free(shstrtab);
2197 	free(shdrs);
2198 }
2199 
2200 /*
2201  * Main engine for core file initialization: given an fd for the core file
2202  * and an optional pathname, construct the ps_prochandle.  The aout_path can
2203  * either be a suggested executable pathname, or a suggested directory to
2204  * use as a possible current working directory.
2205  */
2206 struct ps_prochandle *
2207 Pfgrab_core(int core_fd, const char *aout_path, int *perr)
2208 {
2209 	struct ps_prochandle *P;
2210 	core_info_t *core_info;
2211 	map_info_t *stk_mp, *brk_mp;
2212 	const char *execname;
2213 	char *interp;
2214 	int i, notes, pagesize;
2215 	uintptr_t addr, base_addr;
2216 	struct stat64 stbuf;
2217 	void *phbuf, *php;
2218 	size_t nbytes;
2219 #ifdef __x86
2220 	boolean_t from_linux = B_FALSE;
2221 #endif
2222 
2223 	elf_file_t aout;
2224 	elf_file_t core;
2225 
2226 	Elf_Scn *scn, *intp_scn = NULL;
2227 	Elf_Data *dp;
2228 
2229 	GElf_Phdr phdr, note_phdr;
2230 	GElf_Shdr shdr;
2231 	GElf_Xword nleft;
2232 
2233 	if (elf_version(EV_CURRENT) == EV_NONE) {
2234 		dprintf("libproc ELF version is more recent than libelf\n");
2235 		*perr = G_ELF;
2236 		return (NULL);
2237 	}
2238 
2239 	aout.e_elf = NULL;
2240 	aout.e_fd = -1;
2241 
2242 	core.e_elf = NULL;
2243 	core.e_fd = core_fd;
2244 
2245 	/*
2246 	 * Allocate and initialize a ps_prochandle structure for the core.
2247 	 * There are several key pieces of initialization here:
2248 	 *
2249 	 * 1. The PS_DEAD state flag marks this prochandle as a core file.
2250 	 *    PS_DEAD also thus prevents all operations which require state
2251 	 *    to be PS_STOP from operating on this handle.
2252 	 *
2253 	 * 2. We keep the core file fd in P->asfd since the core file contains
2254 	 *    the remnants of the process address space.
2255 	 *
2256 	 * 3. We set the P->info_valid bit because all information about the
2257 	 *    core is determined by the end of this function; there is no need
2258 	 *    for proc_update_maps() to reload mappings at any later point.
2259 	 *
2260 	 * 4. The read/write ops vector uses our core_rw() function defined
2261 	 *    above to handle i/o requests.
2262 	 */
2263 	if ((P = malloc(sizeof (struct ps_prochandle))) == NULL) {
2264 		*perr = G_STRANGE;
2265 		return (NULL);
2266 	}
2267 
2268 	(void) memset(P, 0, sizeof (struct ps_prochandle));
2269 	(void) mutex_init(&P->proc_lock, USYNC_THREAD, NULL);
2270 	P->state = PS_DEAD;
2271 	P->pid = (pid_t)-1;
2272 	P->asfd = core.e_fd;
2273 	P->ctlfd = -1;
2274 	P->statfd = -1;
2275 	P->agentctlfd = -1;
2276 	P->agentstatfd = -1;
2277 	P->zoneroot = NULL;
2278 	P->info_valid = 1;
2279 	Pinit_ops(&P->ops, &P_core_ops);
2280 
2281 	Pinitsym(P);
2282 
2283 	/*
2284 	 * Fstat and open the core file and make sure it is a valid ELF core.
2285 	 */
2286 	if (fstat64(P->asfd, &stbuf) == -1) {
2287 		*perr = G_STRANGE;
2288 		goto err;
2289 	}
2290 
2291 	if (core_elf_fdopen(&core, ET_CORE, perr) == -1)
2292 		goto err;
2293 
2294 	/*
2295 	 * Allocate and initialize a core_info_t to hang off the ps_prochandle
2296 	 * structure.  We keep all core-specific information in this structure.
2297 	 */
2298 	if ((core_info = calloc(1, sizeof (core_info_t))) == NULL) {
2299 		*perr = G_STRANGE;
2300 		goto err;
2301 	}
2302 
2303 	P->data = core_info;
2304 	list_link(&core_info->core_lwp_head, NULL);
2305 	core_info->core_size = stbuf.st_size;
2306 	/*
2307 	 * In the days before adjustable core file content, this was the
2308 	 * default core file content. For new core files, this value will
2309 	 * be overwritten by the NT_CONTENT note section.
2310 	 */
2311 	core_info->core_content = CC_CONTENT_STACK | CC_CONTENT_HEAP |
2312 	    CC_CONTENT_DATA | CC_CONTENT_RODATA | CC_CONTENT_ANON |
2313 	    CC_CONTENT_SHANON;
2314 
2315 	switch (core.e_hdr.e_ident[EI_CLASS]) {
2316 	case ELFCLASS32:
2317 		core_info->core_dmodel = PR_MODEL_ILP32;
2318 		break;
2319 	case ELFCLASS64:
2320 		core_info->core_dmodel = PR_MODEL_LP64;
2321 		break;
2322 	default:
2323 		*perr = G_FORMAT;
2324 		goto err;
2325 	}
2326 	core_info->core_osabi = core.e_hdr.e_ident[EI_OSABI];
2327 
2328 	/*
2329 	 * Because the core file may be a large file, we can't use libelf to
2330 	 * read the Phdrs.  We use e_phnum and e_phentsize to simplify things.
2331 	 */
2332 	nbytes = core.e_hdr.e_phnum * core.e_hdr.e_phentsize;
2333 
2334 	if ((phbuf = malloc(nbytes)) == NULL) {
2335 		*perr = G_STRANGE;
2336 		goto err;
2337 	}
2338 
2339 	if (pread64(core_fd, phbuf, nbytes, core.e_hdr.e_phoff) != nbytes) {
2340 		*perr = G_STRANGE;
2341 		free(phbuf);
2342 		goto err;
2343 	}
2344 
2345 	/*
2346 	 * Iterate through the program headers in the core file.
2347 	 * We're interested in two types of Phdrs: PT_NOTE (which
2348 	 * contains a set of saved /proc structures), and PT_LOAD (which
2349 	 * represents a memory mapping from the process's address space).
2350 	 * In the case of PT_NOTE, we're interested in the last PT_NOTE
2351 	 * in the core file; currently the first PT_NOTE (if present)
2352 	 * contains /proc structs in the pre-2.6 unstructured /proc format.
2353 	 */
2354 	for (php = phbuf, notes = 0, i = 0; i < core.e_hdr.e_phnum; i++) {
2355 		if (core.e_hdr.e_ident[EI_CLASS] == ELFCLASS64)
2356 			(void) memcpy(&phdr, php, sizeof (GElf_Phdr));
2357 		else
2358 			core_phdr_to_gelf(php, &phdr);
2359 
2360 		switch (phdr.p_type) {
2361 		case PT_NOTE:
2362 			note_phdr = phdr;
2363 			notes++;
2364 			break;
2365 
2366 		case PT_LOAD:
2367 			if (core_add_mapping(P, &phdr) == -1) {
2368 				*perr = G_STRANGE;
2369 				free(phbuf);
2370 				goto err;
2371 			}
2372 			break;
2373 		default:
2374 			dprintf("Pgrab_core: unknown phdr %d\n", phdr.p_type);
2375 			break;
2376 		}
2377 
2378 		php = (char *)php + core.e_hdr.e_phentsize;
2379 	}
2380 
2381 	free(phbuf);
2382 
2383 	Psort_mappings(P);
2384 
2385 	/*
2386 	 * If we couldn't find anything of type PT_NOTE, or only one PT_NOTE
2387 	 * was present, abort.  The core file is either corrupt or too old.
2388 	 */
2389 	if (notes == 0 || (notes == 1 && core_info->core_osabi ==
2390 	    ELFOSABI_SOLARIS)) {
2391 		*perr = G_NOTE;
2392 		goto err;
2393 	}
2394 
2395 	/*
2396 	 * Advance the seek pointer to the start of the PT_NOTE data
2397 	 */
2398 	if (lseek64(P->asfd, note_phdr.p_offset, SEEK_SET) == (off64_t)-1) {
2399 		dprintf("Pgrab_core: failed to lseek to PT_NOTE data\n");
2400 		*perr = G_STRANGE;
2401 		goto err;
2402 	}
2403 
2404 	/*
2405 	 * Now process the PT_NOTE structures.  Each one is preceded by
2406 	 * an Elf{32/64}_Nhdr structure describing its type and size.
2407 	 *
2408 	 *  +--------+
2409 	 *  | header |
2410 	 *  +--------+
2411 	 *  | name   |
2412 	 *  | ...    |
2413 	 *  +--------+
2414 	 *  | desc   |
2415 	 *  | ...    |
2416 	 *  +--------+
2417 	 */
2418 	for (nleft = note_phdr.p_filesz; nleft > 0; ) {
2419 		Elf64_Nhdr nhdr;
2420 		off64_t off, namesz, descsz;
2421 
2422 		/*
2423 		 * Although <sys/elf.h> defines both Elf32_Nhdr and Elf64_Nhdr
2424 		 * as different types, they are both of the same content and
2425 		 * size, so we don't need to worry about 32/64 conversion here.
2426 		 */
2427 		if (read(P->asfd, &nhdr, sizeof (nhdr)) != sizeof (nhdr)) {
2428 			dprintf("Pgrab_core: failed to read ELF note header\n");
2429 			*perr = G_NOTE;
2430 			goto err;
2431 		}
2432 
2433 		/*
2434 		 * According to the System V ABI, the amount of padding
2435 		 * following the name field should align the description
2436 		 * field on a 4 byte boundary for 32-bit binaries or on an 8
2437 		 * byte boundary for 64-bit binaries. However, this change
2438 		 * was not made correctly during the 64-bit port so all
2439 		 * descriptions can assume only 4-byte alignment. We ignore
2440 		 * the name field and the padding to 4-byte alignment.
2441 		 */
2442 		namesz = P2ROUNDUP((off64_t)nhdr.n_namesz, (off64_t)4);
2443 
2444 		if (lseek64(P->asfd, namesz, SEEK_CUR) == (off64_t)-1) {
2445 			dprintf("failed to seek past name and padding\n");
2446 			*perr = G_STRANGE;
2447 			goto err;
2448 		}
2449 
2450 		dprintf("Note hdr n_type=%u n_namesz=%u n_descsz=%u\n",
2451 		    nhdr.n_type, nhdr.n_namesz, nhdr.n_descsz);
2452 
2453 		off = lseek64(P->asfd, (off64_t)0L, SEEK_CUR);
2454 
2455 		/*
2456 		 * Invoke the note handler function from our table
2457 		 */
2458 		if (nhdr.n_type < sizeof (nhdlrs) / sizeof (nhdlrs[0])) {
2459 			if (nhdlrs[nhdr.n_type](P, nhdr.n_descsz) < 0) {
2460 				dprintf("handler for type %d returned < 0",
2461 				    nhdr.n_type);
2462 				*perr = G_NOTE;
2463 				goto err;
2464 			}
2465 			/*
2466 			 * The presence of either of these notes indicates that
2467 			 * the dump was generated on Linux.
2468 			 */
2469 #ifdef __x86
2470 			if (nhdr.n_type == NT_PRSTATUS ||
2471 			    nhdr.n_type == NT_PRPSINFO)
2472 				from_linux = B_TRUE;
2473 #endif
2474 		} else {
2475 			(void) note_notsup(P, nhdr.n_descsz);
2476 		}
2477 
2478 		/*
2479 		 * Seek past the current note data to the next Elf_Nhdr
2480 		 */
2481 		descsz = P2ROUNDUP((off64_t)nhdr.n_descsz, (off64_t)4);
2482 		if (lseek64(P->asfd, off + descsz, SEEK_SET) == (off64_t)-1) {
2483 			dprintf("Pgrab_core: failed to seek to next nhdr\n");
2484 			*perr = G_STRANGE;
2485 			goto err;
2486 		}
2487 
2488 		/*
2489 		 * Subtract the size of the header and its data from what
2490 		 * we have left to process.
2491 		 */
2492 		nleft -= sizeof (nhdr) + namesz + descsz;
2493 	}
2494 
2495 #ifdef __x86
2496 	if (from_linux) {
2497 		size_t tcount, pid;
2498 		lwp_info_t *lwp;
2499 
2500 		P->status.pr_dmodel = core_info->core_dmodel;
2501 
2502 		lwp = list_next(&core_info->core_lwp_head);
2503 
2504 		pid = P->status.pr_pid;
2505 
2506 		for (tcount = 0; tcount < core_info->core_nlwp;
2507 		    tcount++, lwp = list_next(lwp)) {
2508 			dprintf("Linux thread with id %d\n", lwp->lwp_id);
2509 
2510 			/*
2511 			 * In the case we don't have a valid psinfo (i.e. pid is
2512 			 * 0, probably because of gdb creating the core) assume
2513 			 * lowest pid count is the first thread (what if the
2514 			 * next thread wraps the pid around?)
2515 			 */
2516 			if (P->status.pr_pid == 0 &&
2517 			    ((pid == 0 && lwp->lwp_id > 0) ||
2518 			    (lwp->lwp_id < pid))) {
2519 				pid = lwp->lwp_id;
2520 			}
2521 		}
2522 
2523 		if (P->status.pr_pid != pid) {
2524 			dprintf("No valid pid, setting to %ld\n", (ulong_t)pid);
2525 			P->status.pr_pid = pid;
2526 			P->psinfo.pr_pid = pid;
2527 		}
2528 
2529 		/*
2530 		 * Consumers like mdb expect the first thread to actually have
2531 		 * an id of 1, on linux that is actually the pid. Find the the
2532 		 * thread with our process id, and set the id to 1
2533 		 */
2534 		if ((lwp = lwpid2info(P, pid)) == NULL) {
2535 			dprintf("Couldn't find first thread\n");
2536 			*perr = G_STRANGE;
2537 			goto err;
2538 		}
2539 
2540 		dprintf("setting representative thread: %d\n", lwp->lwp_id);
2541 
2542 		lwp->lwp_id = 1;
2543 		lwp->lwp_status.pr_lwpid = 1;
2544 
2545 		/* set representative thread */
2546 		(void) memcpy(&P->status.pr_lwp, &lwp->lwp_status,
2547 		    sizeof (P->status.pr_lwp));
2548 	}
2549 #endif /* __x86 */
2550 
2551 	if (nleft != 0) {
2552 		dprintf("Pgrab_core: note section malformed\n");
2553 		*perr = G_STRANGE;
2554 		goto err;
2555 	}
2556 
2557 	if ((pagesize = Pgetauxval(P, AT_PAGESZ)) == -1) {
2558 		pagesize = getpagesize();
2559 		dprintf("AT_PAGESZ missing; defaulting to %d\n", pagesize);
2560 	}
2561 
2562 	/*
2563 	 * Locate and label the mappings corresponding to the end of the
2564 	 * heap (MA_BREAK) and the base of the stack (MA_STACK).
2565 	 */
2566 	if ((P->status.pr_brkbase != 0 || P->status.pr_brksize != 0) &&
2567 	    (brk_mp = Paddr2mptr(P, P->status.pr_brkbase +
2568 	    P->status.pr_brksize - 1)) != NULL)
2569 		brk_mp->map_pmap.pr_mflags |= MA_BREAK;
2570 	else
2571 		brk_mp = NULL;
2572 
2573 	if ((stk_mp = Paddr2mptr(P, P->status.pr_stkbase)) != NULL)
2574 		stk_mp->map_pmap.pr_mflags |= MA_STACK;
2575 
2576 	/*
2577 	 * At this point, we have enough information to look for the
2578 	 * executable and open it: we have access to the auxv, a psinfo_t,
2579 	 * and the ability to read from mappings provided by the core file.
2580 	 */
2581 	(void) Pfindexec(P, aout_path, core_exec_open, &aout);
2582 	dprintf("P->execname = \"%s\"\n", P->execname ? P->execname : "NULL");
2583 	execname = P->execname ? P->execname : "a.out";
2584 
2585 	/*
2586 	 * Iterate through the sections, looking for the .dynamic and .interp
2587 	 * sections.  If we encounter them, remember their section pointers.
2588 	 */
2589 	for (scn = NULL; (scn = elf_nextscn(aout.e_elf, scn)) != NULL; ) {
2590 		char *sname;
2591 
2592 		if ((gelf_getshdr(scn, &shdr) == NULL) ||
2593 		    (sname = elf_strptr(aout.e_elf, aout.e_hdr.e_shstrndx,
2594 		    (size_t)shdr.sh_name)) == NULL)
2595 			continue;
2596 
2597 		if (strcmp(sname, ".interp") == 0)
2598 			intp_scn = scn;
2599 	}
2600 
2601 	/*
2602 	 * Get the AT_BASE auxv element.  If this is missing (-1), then
2603 	 * we assume this is a statically-linked executable.
2604 	 */
2605 	base_addr = Pgetauxval(P, AT_BASE);
2606 
2607 	/*
2608 	 * In order to get librtld_db initialized, we'll need to identify
2609 	 * and name the mapping corresponding to the run-time linker.  The
2610 	 * AT_BASE auxv element tells us the address where it was mapped,
2611 	 * and the .interp section of the executable tells us its path.
2612 	 * If for some reason that doesn't pan out, just use ld.so.1.
2613 	 */
2614 	if (intp_scn != NULL && (dp = elf_getdata(intp_scn, NULL)) != NULL &&
2615 	    dp->d_size != 0) {
2616 		dprintf(".interp = <%s>\n", (char *)dp->d_buf);
2617 		interp = dp->d_buf;
2618 
2619 	} else if (base_addr != (uintptr_t)-1L) {
2620 		if (core_info->core_dmodel == PR_MODEL_LP64)
2621 			interp = "/usr/lib/64/ld.so.1";
2622 		else
2623 			interp = "/usr/lib/ld.so.1";
2624 
2625 		dprintf(".interp section is missing or could not be read; "
2626 		    "defaulting to %s\n", interp);
2627 	} else
2628 		dprintf("detected statically linked executable\n");
2629 
2630 	/*
2631 	 * If we have an AT_BASE element, name the mapping at that address
2632 	 * using the interpreter pathname.  Name the corresponding data
2633 	 * mapping after the interpreter as well.
2634 	 */
2635 	if (base_addr != (uintptr_t)-1L) {
2636 		elf_file_t intf;
2637 
2638 		P->map_ldso = core_name_mapping(P, base_addr, interp);
2639 
2640 		if (core_elf_open(&intf, interp, ET_DYN, NULL) == 0) {
2641 			rd_loadobj_t rl;
2642 			map_info_t *dmp;
2643 
2644 			rl.rl_base = base_addr;
2645 			dmp = core_find_data(P, intf.e_elf, &rl);
2646 
2647 			if (dmp != NULL) {
2648 				dprintf("renamed data at %p to %s\n",
2649 				    (void *)rl.rl_data_base, interp);
2650 				(void) strncpy(dmp->map_pmap.pr_mapname,
2651 				    interp, PRMAPSZ);
2652 				dmp->map_pmap.pr_mapname[PRMAPSZ - 1] = '\0';
2653 			}
2654 		}
2655 
2656 		core_elf_close(&intf);
2657 	}
2658 
2659 	/*
2660 	 * If we have an AT_ENTRY element, name the mapping at that address
2661 	 * using the special name "a.out" just like /proc does.
2662 	 */
2663 	if ((addr = Pgetauxval(P, AT_ENTRY)) != (uintptr_t)-1L)
2664 		P->map_exec = core_name_mapping(P, addr, "a.out");
2665 
2666 	/*
2667 	 * If we're a statically linked executable (or we're on x86 and looking
2668 	 * at a Linux core dump), then just locate the executable's text and
2669 	 * data and name them after the executable.
2670 	 */
2671 #ifndef __x86
2672 	if (base_addr == (uintptr_t)-1L) {
2673 #else
2674 	if (base_addr == (uintptr_t)-1L || from_linux) {
2675 #endif
2676 		dprintf("looking for text and data: %s\n", execname);
2677 		map_info_t *tmp, *dmp;
2678 		file_info_t *fp;
2679 		rd_loadobj_t rl;
2680 
2681 		if ((tmp = core_find_text(P, aout.e_elf, &rl)) != NULL &&
2682 		    (dmp = core_find_data(P, aout.e_elf, &rl)) != NULL) {
2683 			(void) strncpy(tmp->map_pmap.pr_mapname,
2684 			    execname, PRMAPSZ);
2685 			tmp->map_pmap.pr_mapname[PRMAPSZ - 1] = '\0';
2686 			(void) strncpy(dmp->map_pmap.pr_mapname,
2687 			    execname, PRMAPSZ);
2688 			dmp->map_pmap.pr_mapname[PRMAPSZ - 1] = '\0';
2689 		}
2690 
2691 		if ((P->map_exec = tmp) != NULL &&
2692 		    (fp = malloc(sizeof (file_info_t))) != NULL) {
2693 
2694 			(void) memset(fp, 0, sizeof (file_info_t));
2695 
2696 			list_link(fp, &P->file_head);
2697 			tmp->map_file = fp;
2698 			P->num_files++;
2699 
2700 			fp->file_ref = 1;
2701 			fp->file_fd = -1;
2702 
2703 			fp->file_lo = malloc(sizeof (rd_loadobj_t));
2704 			fp->file_lname = strdup(execname);
2705 
2706 			if (fp->file_lo)
2707 				*fp->file_lo = rl;
2708 			if (fp->file_lname)
2709 				fp->file_lbase = basename(fp->file_lname);
2710 			if (fp->file_rname)
2711 				fp->file_rbase = basename(fp->file_rname);
2712 
2713 			(void) strcpy(fp->file_pname,
2714 			    P->mappings[0].map_pmap.pr_mapname);
2715 			fp->file_map = tmp;
2716 
2717 			Pbuild_file_symtab(P, fp);
2718 
2719 			if (dmp != NULL) {
2720 				dmp->map_file = fp;
2721 				fp->file_ref++;
2722 			}
2723 		}
2724 	}
2725 
2726 	core_elf_close(&aout);
2727 
2728 	/*
2729 	 * We now have enough information to initialize librtld_db.
2730 	 * After it warms up, we can iterate through the load object chain
2731 	 * in the core, which will allow us to construct the file info
2732 	 * we need to provide symbol information for the other shared
2733 	 * libraries, and also to fill in the missing mapping names.
2734 	 */
2735 	rd_log(_libproc_debug);
2736 
2737 	if ((P->rap = rd_new(P)) != NULL) {
2738 		(void) rd_loadobj_iter(P->rap, (rl_iter_f *)
2739 		    core_iter_mapping, P);
2740 
2741 		if (core_info->core_errno != 0) {
2742 			errno = core_info->core_errno;
2743 			*perr = G_STRANGE;
2744 			goto err;
2745 		}
2746 	} else
2747 		dprintf("failed to initialize rtld_db agent\n");
2748 
2749 	/*
2750 	 * If there are sections, load them and process the data from any
2751 	 * sections that we can use to annotate the file_info_t's.
2752 	 */
2753 	core_load_shdrs(P, &core);
2754 
2755 	/*
2756 	 * If we previously located a stack or break mapping, and they are
2757 	 * still anonymous, we now assume that they were MAP_ANON mappings.
2758 	 * If brk_mp turns out to now have a name, then the heap is still
2759 	 * sitting at the end of the executable's data+bss mapping: remove
2760 	 * the previous MA_BREAK setting to be consistent with /proc.
2761 	 */
2762 	if (stk_mp != NULL && stk_mp->map_pmap.pr_mapname[0] == '\0')
2763 		stk_mp->map_pmap.pr_mflags |= MA_ANON;
2764 	if (brk_mp != NULL && brk_mp->map_pmap.pr_mapname[0] == '\0')
2765 		brk_mp->map_pmap.pr_mflags |= MA_ANON;
2766 	else if (brk_mp != NULL)
2767 		brk_mp->map_pmap.pr_mflags &= ~MA_BREAK;
2768 
2769 	*perr = 0;
2770 	return (P);
2771 
2772 err:
2773 	Pfree(P);
2774 	core_elf_close(&aout);
2775 	return (NULL);
2776 }
2777 
2778 /*
2779  * Grab a core file using a pathname.  We just open it and call Pfgrab_core().
2780  */
2781 struct ps_prochandle *
2782 Pgrab_core(const char *core, const char *aout, int gflag, int *perr)
2783 {
2784 	int fd, oflag = (gflag & PGRAB_RDONLY) ? O_RDONLY : O_RDWR;
2785 
2786 	if ((fd = open64(core, oflag)) >= 0)
2787 		return (Pfgrab_core(fd, aout, perr));
2788 
2789 	if (errno != ENOENT)
2790 		*perr = G_STRANGE;
2791 	else
2792 		*perr = G_NOCORE;
2793 
2794 	return (NULL);
2795 }
2796