xref: /illumos-gate/usr/src/lib/libproc/common/Pcore.c (revision d8849d7dee03b84a3fa281ec65eb9e3d86d3756b)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 /*
26  * Copyright 2012 DEY Storage Systems, Inc.  All rights reserved.
27  * Copyright (c) 2018, Joyent, Inc. All rights reserved.
28  * Copyright (c) 2013 by Delphix. All rights reserved.
29  * Copyright 2015 Gary Mills
30  */
31 
32 #include <sys/types.h>
33 #include <sys/utsname.h>
34 #include <sys/sysmacros.h>
35 #include <sys/proc.h>
36 
37 #include <alloca.h>
38 #include <rtld_db.h>
39 #include <libgen.h>
40 #include <limits.h>
41 #include <string.h>
42 #include <stdlib.h>
43 #include <unistd.h>
44 #include <errno.h>
45 #include <gelf.h>
46 #include <stddef.h>
47 #include <signal.h>
48 
49 #include "libproc.h"
50 #include "Pcontrol.h"
51 #include "P32ton.h"
52 #include "Putil.h"
53 #ifdef __x86
54 #include "Pcore_linux.h"
55 #endif
56 
57 /*
58  * Pcore.c - Code to initialize a ps_prochandle from a core dump.  We
59  * allocate an additional structure to hold information from the core
60  * file, and attach this to the standard ps_prochandle in place of the
61  * ability to examine /proc/<pid>/ files.
62  */
63 
64 /*
65  * Basic i/o function for reading and writing from the process address space
66  * stored in the core file and associated shared libraries.  We compute the
67  * appropriate fd and offsets, and let the provided prw function do the rest.
68  */
69 static ssize_t
70 core_rw(struct ps_prochandle *P, void *buf, size_t n, uintptr_t addr,
71     ssize_t (*prw)(int, void *, size_t, off64_t))
72 {
73 	ssize_t resid = n;
74 
75 	while (resid != 0) {
76 		map_info_t *mp = Paddr2mptr(P, addr);
77 
78 		uintptr_t mapoff;
79 		ssize_t len;
80 		off64_t off;
81 		int fd;
82 
83 		if (mp == NULL)
84 			break;	/* No mapping for this address */
85 
86 		if (mp->map_pmap.pr_mflags & MA_RESERVED1) {
87 			if (mp->map_file == NULL || mp->map_file->file_fd < 0)
88 				break;	/* No file or file not open */
89 
90 			fd = mp->map_file->file_fd;
91 		} else
92 			fd = P->asfd;
93 
94 		mapoff = addr - mp->map_pmap.pr_vaddr;
95 		len = MIN(resid, mp->map_pmap.pr_size - mapoff);
96 		off = mp->map_offset + mapoff;
97 
98 		if ((len = prw(fd, buf, len, off)) <= 0)
99 			break;
100 
101 		resid -= len;
102 		addr += len;
103 		buf = (char *)buf + len;
104 	}
105 
106 	/*
107 	 * Important: Be consistent with the behavior of i/o on the as file:
108 	 * writing to an invalid address yields EIO; reading from an invalid
109 	 * address falls through to returning success and zero bytes.
110 	 */
111 	if (resid == n && n != 0 && prw != pread64) {
112 		errno = EIO;
113 		return (-1);
114 	}
115 
116 	return (n - resid);
117 }
118 
119 /*ARGSUSED*/
120 static ssize_t
121 Pread_core(struct ps_prochandle *P, void *buf, size_t n, uintptr_t addr,
122     void *data)
123 {
124 	return (core_rw(P, buf, n, addr, pread64));
125 }
126 
127 /*ARGSUSED*/
128 static ssize_t
129 Pwrite_core(struct ps_prochandle *P, const void *buf, size_t n, uintptr_t addr,
130     void *data)
131 {
132 	return (core_rw(P, (void *)buf, n, addr,
133 	    (ssize_t (*)(int, void *, size_t, off64_t)) pwrite64));
134 }
135 
136 /*ARGSUSED*/
137 static int
138 Pcred_core(struct ps_prochandle *P, prcred_t *pcrp, int ngroups, void *data)
139 {
140 	core_info_t *core = data;
141 
142 	if (core->core_cred != NULL) {
143 		/*
144 		 * Avoid returning more supplementary group data than the
145 		 * caller has allocated in their buffer.  We expect them to
146 		 * check pr_ngroups afterward and potentially call us again.
147 		 */
148 		ngroups = MIN(ngroups, core->core_cred->pr_ngroups);
149 
150 		(void) memcpy(pcrp, core->core_cred,
151 		    sizeof (prcred_t) + (ngroups - 1) * sizeof (gid_t));
152 
153 		return (0);
154 	}
155 
156 	errno = ENODATA;
157 	return (-1);
158 }
159 
160 /*ARGSUSED*/
161 static int
162 Psecflags_core(struct ps_prochandle *P, prsecflags_t **psf, void *data)
163 {
164 	core_info_t *core = data;
165 
166 	if (core->core_secflags == NULL) {
167 		errno = ENODATA;
168 		return (-1);
169 	}
170 
171 	if ((*psf = calloc(1, sizeof (prsecflags_t))) == NULL)
172 		return (-1);
173 
174 	(void) memcpy(*psf, core->core_secflags, sizeof (prsecflags_t));
175 
176 	return (0);
177 }
178 
179 /*ARGSUSED*/
180 static int
181 Ppriv_core(struct ps_prochandle *P, prpriv_t **pprv, void *data)
182 {
183 	core_info_t *core = data;
184 
185 	if (core->core_priv == NULL) {
186 		errno = ENODATA;
187 		return (-1);
188 	}
189 
190 	*pprv = malloc(core->core_priv_size);
191 	if (*pprv == NULL) {
192 		return (-1);
193 	}
194 
195 	(void) memcpy(*pprv, core->core_priv, core->core_priv_size);
196 	return (0);
197 }
198 
199 /*ARGSUSED*/
200 static const psinfo_t *
201 Ppsinfo_core(struct ps_prochandle *P, psinfo_t *psinfo, void *data)
202 {
203 	return (&P->psinfo);
204 }
205 
206 /*ARGSUSED*/
207 static void
208 Pfini_core(struct ps_prochandle *P, void *data)
209 {
210 	core_info_t *core = data;
211 
212 	if (core != NULL) {
213 		extern void __priv_free_info(void *);
214 		lwp_info_t *nlwp, *lwp = list_next(&core->core_lwp_head);
215 		int i;
216 
217 		for (i = 0; i < core->core_nlwp; i++, lwp = nlwp) {
218 			nlwp = list_next(lwp);
219 #ifdef __sparc
220 			if (lwp->lwp_gwins != NULL)
221 				free(lwp->lwp_gwins);
222 			if (lwp->lwp_xregs != NULL)
223 				free(lwp->lwp_xregs);
224 			if (lwp->lwp_asrs != NULL)
225 				free(lwp->lwp_asrs);
226 #endif
227 			free(lwp);
228 		}
229 
230 		if (core->core_platform != NULL)
231 			free(core->core_platform);
232 		if (core->core_uts != NULL)
233 			free(core->core_uts);
234 		if (core->core_cred != NULL)
235 			free(core->core_cred);
236 		if (core->core_priv != NULL)
237 			free(core->core_priv);
238 		if (core->core_privinfo != NULL)
239 			__priv_free_info(core->core_privinfo);
240 		if (core->core_ppii != NULL)
241 			free(core->core_ppii);
242 		if (core->core_zonename != NULL)
243 			free(core->core_zonename);
244 		if (core->core_secflags != NULL)
245 			free(core->core_secflags);
246 #ifdef __x86
247 		if (core->core_ldt != NULL)
248 			free(core->core_ldt);
249 #endif
250 
251 		free(core);
252 	}
253 }
254 
255 /*ARGSUSED*/
256 static char *
257 Pplatform_core(struct ps_prochandle *P, char *s, size_t n, void *data)
258 {
259 	core_info_t *core = data;
260 
261 	if (core->core_platform == NULL) {
262 		errno = ENODATA;
263 		return (NULL);
264 	}
265 	(void) strncpy(s, core->core_platform, n - 1);
266 	s[n - 1] = '\0';
267 	return (s);
268 }
269 
270 /*ARGSUSED*/
271 static int
272 Puname_core(struct ps_prochandle *P, struct utsname *u, void *data)
273 {
274 	core_info_t *core = data;
275 
276 	if (core->core_uts == NULL) {
277 		errno = ENODATA;
278 		return (-1);
279 	}
280 	(void) memcpy(u, core->core_uts, sizeof (struct utsname));
281 	return (0);
282 }
283 
284 /*ARGSUSED*/
285 static char *
286 Pzonename_core(struct ps_prochandle *P, char *s, size_t n, void *data)
287 {
288 	core_info_t *core = data;
289 
290 	if (core->core_zonename == NULL) {
291 		errno = ENODATA;
292 		return (NULL);
293 	}
294 	(void) strlcpy(s, core->core_zonename, n);
295 	return (s);
296 }
297 
298 #ifdef __x86
299 /*ARGSUSED*/
300 static int
301 Pldt_core(struct ps_prochandle *P, struct ssd *pldt, int nldt, void *data)
302 {
303 	core_info_t *core = data;
304 
305 	if (pldt == NULL || nldt == 0)
306 		return (core->core_nldt);
307 
308 	if (core->core_ldt != NULL) {
309 		nldt = MIN(nldt, core->core_nldt);
310 
311 		(void) memcpy(pldt, core->core_ldt,
312 		    nldt * sizeof (struct ssd));
313 
314 		return (nldt);
315 	}
316 
317 	errno = ENODATA;
318 	return (-1);
319 }
320 #endif
321 
322 static const ps_ops_t P_core_ops = {
323 	.pop_pread	= Pread_core,
324 	.pop_pwrite	= Pwrite_core,
325 	.pop_cred	= Pcred_core,
326 	.pop_priv	= Ppriv_core,
327 	.pop_psinfo	= Ppsinfo_core,
328 	.pop_fini	= Pfini_core,
329 	.pop_platform	= Pplatform_core,
330 	.pop_uname	= Puname_core,
331 	.pop_zonename	= Pzonename_core,
332 	.pop_secflags	= Psecflags_core,
333 #ifdef __x86
334 	.pop_ldt	= Pldt_core
335 #endif
336 };
337 
338 /*
339  * Return the lwp_info_t for the given lwpid.  If no such lwpid has been
340  * encountered yet, allocate a new structure and return a pointer to it.
341  * Create a list of lwp_info_t structures sorted in decreasing lwp_id order.
342  */
343 static lwp_info_t *
344 lwpid2info(struct ps_prochandle *P, lwpid_t id)
345 {
346 	core_info_t *core = P->data;
347 	lwp_info_t *lwp = list_next(&core->core_lwp_head);
348 	lwp_info_t *next;
349 	uint_t i;
350 
351 	for (i = 0; i < core->core_nlwp; i++, lwp = list_next(lwp)) {
352 		if (lwp->lwp_id == id) {
353 			core->core_lwp = lwp;
354 			return (lwp);
355 		}
356 		if (lwp->lwp_id < id) {
357 			break;
358 		}
359 	}
360 
361 	next = lwp;
362 	if ((lwp = calloc(1, sizeof (lwp_info_t))) == NULL)
363 		return (NULL);
364 
365 	list_link(lwp, next);
366 	lwp->lwp_id = id;
367 
368 	core->core_lwp = lwp;
369 	core->core_nlwp++;
370 
371 	return (lwp);
372 }
373 
374 /*
375  * The core file itself contains a series of NOTE segments containing saved
376  * structures from /proc at the time the process died.  For each note we
377  * comprehend, we define a function to read it in from the core file,
378  * convert it to our native data model if necessary, and store it inside
379  * the ps_prochandle.  Each function is invoked by Pfgrab_core() with the
380  * seek pointer on P->asfd positioned appropriately.  We populate a table
381  * of pointers to these note functions below.
382  */
383 
384 static int
385 note_pstatus(struct ps_prochandle *P, size_t nbytes)
386 {
387 #ifdef _LP64
388 	core_info_t *core = P->data;
389 
390 	if (core->core_dmodel == PR_MODEL_ILP32) {
391 		pstatus32_t ps32;
392 
393 		if (nbytes < sizeof (pstatus32_t) ||
394 		    read(P->asfd, &ps32, sizeof (ps32)) != sizeof (ps32))
395 			goto err;
396 
397 		pstatus_32_to_n(&ps32, &P->status);
398 
399 	} else
400 #endif
401 	if (nbytes < sizeof (pstatus_t) ||
402 	    read(P->asfd, &P->status, sizeof (pstatus_t)) != sizeof (pstatus_t))
403 		goto err;
404 
405 	P->orig_status = P->status;
406 	P->pid = P->status.pr_pid;
407 
408 	return (0);
409 
410 err:
411 	dprintf("Pgrab_core: failed to read NT_PSTATUS\n");
412 	return (-1);
413 }
414 
415 static int
416 note_lwpstatus(struct ps_prochandle *P, size_t nbytes)
417 {
418 	lwp_info_t *lwp;
419 	lwpstatus_t lps;
420 
421 #ifdef _LP64
422 	core_info_t *core = P->data;
423 
424 	if (core->core_dmodel == PR_MODEL_ILP32) {
425 		lwpstatus32_t l32;
426 
427 		if (nbytes < sizeof (lwpstatus32_t) ||
428 		    read(P->asfd, &l32, sizeof (l32)) != sizeof (l32))
429 			goto err;
430 
431 		lwpstatus_32_to_n(&l32, &lps);
432 	} else
433 #endif
434 	if (nbytes < sizeof (lwpstatus_t) ||
435 	    read(P->asfd, &lps, sizeof (lps)) != sizeof (lps))
436 		goto err;
437 
438 	if ((lwp = lwpid2info(P, lps.pr_lwpid)) == NULL) {
439 		dprintf("Pgrab_core: failed to add NT_LWPSTATUS\n");
440 		return (-1);
441 	}
442 
443 	/*
444 	 * Erase a useless and confusing artifact of the kernel implementation:
445 	 * the lwps which did *not* create the core will show SIGKILL.  We can
446 	 * be assured this is bogus because SIGKILL can't produce core files.
447 	 */
448 	if (lps.pr_cursig == SIGKILL)
449 		lps.pr_cursig = 0;
450 
451 	(void) memcpy(&lwp->lwp_status, &lps, sizeof (lps));
452 	return (0);
453 
454 err:
455 	dprintf("Pgrab_core: failed to read NT_LWPSTATUS\n");
456 	return (-1);
457 }
458 
459 #ifdef __x86
460 
461 static void
462 lx_prpsinfo32_to_psinfo(lx_prpsinfo32_t *p32, psinfo_t *psinfo)
463 {
464 	psinfo->pr_flag = p32->pr_flag;
465 	psinfo->pr_pid = p32->pr_pid;
466 	psinfo->pr_ppid = p32->pr_ppid;
467 	psinfo->pr_uid = p32->pr_uid;
468 	psinfo->pr_gid = p32->pr_gid;
469 	psinfo->pr_sid = p32->pr_sid;
470 	psinfo->pr_pgid = p32->pr_pgrp;
471 
472 	(void) memcpy(psinfo->pr_fname, p32->pr_fname,
473 	    sizeof (psinfo->pr_fname));
474 	(void) memcpy(psinfo->pr_psargs, p32->pr_psargs,
475 	    sizeof (psinfo->pr_psargs));
476 }
477 
478 static void
479 lx_prpsinfo64_to_psinfo(lx_prpsinfo64_t *p64, psinfo_t *psinfo)
480 {
481 	psinfo->pr_flag = p64->pr_flag;
482 	psinfo->pr_pid = p64->pr_pid;
483 	psinfo->pr_ppid = p64->pr_ppid;
484 	psinfo->pr_uid = p64->pr_uid;
485 	psinfo->pr_gid = p64->pr_gid;
486 	psinfo->pr_sid = p64->pr_sid;
487 	psinfo->pr_pgid = p64->pr_pgrp;
488 	psinfo->pr_pgid = p64->pr_pgrp;
489 
490 	(void) memcpy(psinfo->pr_fname, p64->pr_fname,
491 	    sizeof (psinfo->pr_fname));
492 	(void) memcpy(psinfo->pr_psargs, p64->pr_psargs,
493 	    sizeof (psinfo->pr_psargs));
494 }
495 
496 static int
497 note_linux_psinfo(struct ps_prochandle *P, size_t nbytes)
498 {
499 	core_info_t *core = P->data;
500 	lx_prpsinfo32_t p32;
501 	lx_prpsinfo64_t p64;
502 
503 	if (core->core_dmodel == PR_MODEL_ILP32) {
504 		if (nbytes < sizeof (p32) ||
505 		    read(P->asfd, &p32, sizeof (p32)) != sizeof (p32))
506 			goto err;
507 
508 		lx_prpsinfo32_to_psinfo(&p32, &P->psinfo);
509 	} else {
510 		if (nbytes < sizeof (p64) ||
511 		    read(P->asfd, &p64, sizeof (p64)) != sizeof (p64))
512 			goto err;
513 
514 		lx_prpsinfo64_to_psinfo(&p64, &P->psinfo);
515 	}
516 
517 
518 	P->status.pr_pid = P->psinfo.pr_pid;
519 	P->status.pr_ppid = P->psinfo.pr_ppid;
520 	P->status.pr_pgid = P->psinfo.pr_pgid;
521 	P->status.pr_sid = P->psinfo.pr_sid;
522 
523 	P->psinfo.pr_nlwp = 0;
524 	P->status.pr_nlwp = 0;
525 
526 	return (0);
527 err:
528 	dprintf("Pgrab_core: failed to read NT_PSINFO\n");
529 	return (-1);
530 }
531 
532 static void
533 lx_prstatus64_to_lwp(lx_prstatus64_t *prs64, lwp_info_t *lwp)
534 {
535 	LTIME_TO_TIMESPEC(lwp->lwp_status.pr_utime, prs64->pr_utime);
536 	LTIME_TO_TIMESPEC(lwp->lwp_status.pr_stime, prs64->pr_stime);
537 
538 	lwp->lwp_status.pr_reg[REG_R15] = prs64->pr_reg.lxr_r15;
539 	lwp->lwp_status.pr_reg[REG_R14] = prs64->pr_reg.lxr_r14;
540 	lwp->lwp_status.pr_reg[REG_R13] = prs64->pr_reg.lxr_r13;
541 	lwp->lwp_status.pr_reg[REG_R12] = prs64->pr_reg.lxr_r12;
542 	lwp->lwp_status.pr_reg[REG_R11] = prs64->pr_reg.lxr_r11;
543 	lwp->lwp_status.pr_reg[REG_R10] = prs64->pr_reg.lxr_r10;
544 	lwp->lwp_status.pr_reg[REG_R9] = prs64->pr_reg.lxr_r9;
545 	lwp->lwp_status.pr_reg[REG_R8] = prs64->pr_reg.lxr_r8;
546 
547 	lwp->lwp_status.pr_reg[REG_RDI] = prs64->pr_reg.lxr_rdi;
548 	lwp->lwp_status.pr_reg[REG_RSI] = prs64->pr_reg.lxr_rsi;
549 	lwp->lwp_status.pr_reg[REG_RBP] = prs64->pr_reg.lxr_rbp;
550 	lwp->lwp_status.pr_reg[REG_RBX] = prs64->pr_reg.lxr_rbx;
551 	lwp->lwp_status.pr_reg[REG_RDX] = prs64->pr_reg.lxr_rdx;
552 	lwp->lwp_status.pr_reg[REG_RCX] = prs64->pr_reg.lxr_rcx;
553 	lwp->lwp_status.pr_reg[REG_RAX] = prs64->pr_reg.lxr_rax;
554 
555 	lwp->lwp_status.pr_reg[REG_RIP] = prs64->pr_reg.lxr_rip;
556 	lwp->lwp_status.pr_reg[REG_CS] = prs64->pr_reg.lxr_cs;
557 	lwp->lwp_status.pr_reg[REG_RSP] = prs64->pr_reg.lxr_rsp;
558 	lwp->lwp_status.pr_reg[REG_FS] = prs64->pr_reg.lxr_fs;
559 	lwp->lwp_status.pr_reg[REG_SS] = prs64->pr_reg.lxr_ss;
560 	lwp->lwp_status.pr_reg[REG_GS] = prs64->pr_reg.lxr_gs;
561 	lwp->lwp_status.pr_reg[REG_ES] = prs64->pr_reg.lxr_es;
562 	lwp->lwp_status.pr_reg[REG_DS] = prs64->pr_reg.lxr_ds;
563 
564 	lwp->lwp_status.pr_reg[REG_GSBASE] = prs64->pr_reg.lxr_gs_base;
565 	lwp->lwp_status.pr_reg[REG_FSBASE] = prs64->pr_reg.lxr_fs_base;
566 }
567 
568 static void
569 lx_prstatus32_to_lwp(lx_prstatus32_t *prs32, lwp_info_t *lwp)
570 {
571 	LTIME_TO_TIMESPEC(lwp->lwp_status.pr_utime, prs32->pr_utime);
572 	LTIME_TO_TIMESPEC(lwp->lwp_status.pr_stime, prs32->pr_stime);
573 
574 #ifdef __amd64
575 	lwp->lwp_status.pr_reg[REG_GS] = prs32->pr_reg.lxr_gs;
576 	lwp->lwp_status.pr_reg[REG_FS] = prs32->pr_reg.lxr_fs;
577 	lwp->lwp_status.pr_reg[REG_DS] = prs32->pr_reg.lxr_ds;
578 	lwp->lwp_status.pr_reg[REG_ES] = prs32->pr_reg.lxr_es;
579 	lwp->lwp_status.pr_reg[REG_RDI] = prs32->pr_reg.lxr_di;
580 	lwp->lwp_status.pr_reg[REG_RSI] = prs32->pr_reg.lxr_si;
581 	lwp->lwp_status.pr_reg[REG_RBP] = prs32->pr_reg.lxr_bp;
582 	lwp->lwp_status.pr_reg[REG_RBX] = prs32->pr_reg.lxr_bx;
583 	lwp->lwp_status.pr_reg[REG_RDX] = prs32->pr_reg.lxr_dx;
584 	lwp->lwp_status.pr_reg[REG_RCX] = prs32->pr_reg.lxr_cx;
585 	lwp->lwp_status.pr_reg[REG_RAX] = prs32->pr_reg.lxr_ax;
586 	lwp->lwp_status.pr_reg[REG_RIP] = prs32->pr_reg.lxr_ip;
587 	lwp->lwp_status.pr_reg[REG_CS] = prs32->pr_reg.lxr_cs;
588 	lwp->lwp_status.pr_reg[REG_RFL] = prs32->pr_reg.lxr_flags;
589 	lwp->lwp_status.pr_reg[REG_RSP] = prs32->pr_reg.lxr_sp;
590 	lwp->lwp_status.pr_reg[REG_SS] = prs32->pr_reg.lxr_ss;
591 #else /* __amd64 */
592 	lwp->lwp_status.pr_reg[EBX] = prs32->pr_reg.lxr_bx;
593 	lwp->lwp_status.pr_reg[ECX] = prs32->pr_reg.lxr_cx;
594 	lwp->lwp_status.pr_reg[EDX] = prs32->pr_reg.lxr_dx;
595 	lwp->lwp_status.pr_reg[ESI] = prs32->pr_reg.lxr_si;
596 	lwp->lwp_status.pr_reg[EDI] = prs32->pr_reg.lxr_di;
597 	lwp->lwp_status.pr_reg[EBP] = prs32->pr_reg.lxr_bp;
598 	lwp->lwp_status.pr_reg[EAX] = prs32->pr_reg.lxr_ax;
599 	lwp->lwp_status.pr_reg[EIP] = prs32->pr_reg.lxr_ip;
600 	lwp->lwp_status.pr_reg[UESP] = prs32->pr_reg.lxr_sp;
601 
602 	lwp->lwp_status.pr_reg[DS] = prs32->pr_reg.lxr_ds;
603 	lwp->lwp_status.pr_reg[ES] = prs32->pr_reg.lxr_es;
604 	lwp->lwp_status.pr_reg[FS] = prs32->pr_reg.lxr_fs;
605 	lwp->lwp_status.pr_reg[GS] = prs32->pr_reg.lxr_gs;
606 	lwp->lwp_status.pr_reg[CS] = prs32->pr_reg.lxr_cs;
607 	lwp->lwp_status.pr_reg[SS] = prs32->pr_reg.lxr_ss;
608 
609 	lwp->lwp_status.pr_reg[EFL] = prs32->pr_reg.lxr_flags;
610 #endif	/* !__amd64 */
611 }
612 
613 static int
614 note_linux_prstatus(struct ps_prochandle *P, size_t nbytes)
615 {
616 	core_info_t *core = P->data;
617 
618 	lx_prstatus64_t prs64;
619 	lx_prstatus32_t prs32;
620 	lwp_info_t *lwp;
621 	lwpid_t tid;
622 
623 	dprintf("looking for model %d, %ld/%ld\n", core->core_dmodel,
624 	    (ulong_t)nbytes, (ulong_t)sizeof (prs32));
625 	if (core->core_dmodel == PR_MODEL_ILP32) {
626 		if (nbytes < sizeof (prs32) ||
627 		    read(P->asfd, &prs32, sizeof (prs32)) != nbytes)
628 			goto err;
629 		tid = prs32.pr_pid;
630 	} else {
631 		if (nbytes < sizeof (prs64) ||
632 		    read(P->asfd, &prs64, sizeof (prs64)) != nbytes)
633 			goto err;
634 		tid = prs64.pr_pid;
635 	}
636 
637 	if ((lwp = lwpid2info(P, tid)) == NULL) {
638 		dprintf("Pgrab_core: failed to add lwpid2info "
639 		    "linux_prstatus\n");
640 		return (-1);
641 	}
642 
643 	P->psinfo.pr_nlwp++;
644 	P->status.pr_nlwp++;
645 
646 	lwp->lwp_status.pr_lwpid = tid;
647 
648 	if (core->core_dmodel == PR_MODEL_ILP32)
649 		lx_prstatus32_to_lwp(&prs32, lwp);
650 	else
651 		lx_prstatus64_to_lwp(&prs64, lwp);
652 
653 	return (0);
654 err:
655 	dprintf("Pgrab_core: failed to read NT_PRSTATUS\n");
656 	return (-1);
657 }
658 
659 #endif /* __x86 */
660 
661 static int
662 note_psinfo(struct ps_prochandle *P, size_t nbytes)
663 {
664 #ifdef _LP64
665 	core_info_t *core = P->data;
666 
667 	if (core->core_dmodel == PR_MODEL_ILP32) {
668 		psinfo32_t ps32;
669 
670 		if (nbytes < sizeof (psinfo32_t) ||
671 		    read(P->asfd, &ps32, sizeof (ps32)) != sizeof (ps32))
672 			goto err;
673 
674 		psinfo_32_to_n(&ps32, &P->psinfo);
675 	} else
676 #endif
677 	if (nbytes < sizeof (psinfo_t) ||
678 	    read(P->asfd, &P->psinfo, sizeof (psinfo_t)) != sizeof (psinfo_t))
679 		goto err;
680 
681 	dprintf("pr_fname = <%s>\n", P->psinfo.pr_fname);
682 	dprintf("pr_psargs = <%s>\n", P->psinfo.pr_psargs);
683 	dprintf("pr_wstat = 0x%x\n", P->psinfo.pr_wstat);
684 
685 	return (0);
686 
687 err:
688 	dprintf("Pgrab_core: failed to read NT_PSINFO\n");
689 	return (-1);
690 }
691 
692 static int
693 note_lwpsinfo(struct ps_prochandle *P, size_t nbytes)
694 {
695 	lwp_info_t *lwp;
696 	lwpsinfo_t lps;
697 
698 #ifdef _LP64
699 	core_info_t *core = P->data;
700 
701 	if (core->core_dmodel == PR_MODEL_ILP32) {
702 		lwpsinfo32_t l32;
703 
704 		if (nbytes < sizeof (lwpsinfo32_t) ||
705 		    read(P->asfd, &l32, sizeof (l32)) != sizeof (l32))
706 			goto err;
707 
708 		lwpsinfo_32_to_n(&l32, &lps);
709 	} else
710 #endif
711 	if (nbytes < sizeof (lwpsinfo_t) ||
712 	    read(P->asfd, &lps, sizeof (lps)) != sizeof (lps))
713 		goto err;
714 
715 	if ((lwp = lwpid2info(P, lps.pr_lwpid)) == NULL) {
716 		dprintf("Pgrab_core: failed to add NT_LWPSINFO\n");
717 		return (-1);
718 	}
719 
720 	(void) memcpy(&lwp->lwp_psinfo, &lps, sizeof (lps));
721 	return (0);
722 
723 err:
724 	dprintf("Pgrab_core: failed to read NT_LWPSINFO\n");
725 	return (-1);
726 }
727 
728 static int
729 note_lwpname(struct ps_prochandle *P, size_t nbytes)
730 {
731 	prlwpname_t name;
732 	lwp_info_t *lwp;
733 
734 	if (nbytes != sizeof (name) ||
735 	    read(P->asfd, &name, sizeof (name)) != sizeof (name))
736 		goto err;
737 
738 	if ((lwp = lwpid2info(P, name.pr_lwpid)) == NULL)
739 		goto err;
740 
741 	if (strlcpy(lwp->lwp_name, name.pr_lwpname,
742 	    sizeof (lwp->lwp_name)) >= sizeof (lwp->lwp_name)) {
743 		errno = ENAMETOOLONG;
744 		goto err;
745 	}
746 
747 	return (0);
748 
749 err:
750 	dprintf("Pgrab_core: failed to read NT_LWPNAME\n");
751 	return (-1);
752 }
753 
754 static int
755 note_fdinfo(struct ps_prochandle *P, size_t nbytes)
756 {
757 	prfdinfo_t prfd;
758 	fd_info_t *fip;
759 
760 	if ((nbytes < sizeof (prfd)) ||
761 	    (read(P->asfd, &prfd, sizeof (prfd)) != sizeof (prfd))) {
762 		dprintf("Pgrab_core: failed to read NT_FDINFO\n");
763 		return (-1);
764 	}
765 
766 	if ((fip = Pfd2info(P, prfd.pr_fd)) == NULL) {
767 		dprintf("Pgrab_core: failed to add NT_FDINFO\n");
768 		return (-1);
769 	}
770 	(void) memcpy(&fip->fd_info, &prfd, sizeof (prfd));
771 	return (0);
772 }
773 
774 static int
775 note_platform(struct ps_prochandle *P, size_t nbytes)
776 {
777 	core_info_t *core = P->data;
778 	char *plat;
779 
780 	if (core->core_platform != NULL)
781 		return (0);	/* Already seen */
782 
783 	if (nbytes != 0 && ((plat = malloc(nbytes + 1)) != NULL)) {
784 		if (read(P->asfd, plat, nbytes) != nbytes) {
785 			dprintf("Pgrab_core: failed to read NT_PLATFORM\n");
786 			free(plat);
787 			return (-1);
788 		}
789 		plat[nbytes - 1] = '\0';
790 		core->core_platform = plat;
791 	}
792 
793 	return (0);
794 }
795 
796 static int
797 note_secflags(struct ps_prochandle *P, size_t nbytes)
798 {
799 	core_info_t *core = P->data;
800 	prsecflags_t *psf;
801 
802 	if (core->core_secflags != NULL)
803 		return (0);	/* Already seen */
804 
805 	if (sizeof (*psf) != nbytes) {
806 		dprintf("Pgrab_core: NT_SECFLAGS changed size."
807 		    "  Need to handle a version change?\n");
808 		return (-1);
809 	}
810 
811 	if (nbytes != 0 && ((psf = malloc(nbytes)) != NULL)) {
812 		if (read(P->asfd, psf, nbytes) != nbytes) {
813 			dprintf("Pgrab_core: failed to read NT_SECFLAGS\n");
814 			free(psf);
815 			return (-1);
816 		}
817 
818 		core->core_secflags = psf;
819 	}
820 
821 	return (0);
822 }
823 
824 static int
825 note_utsname(struct ps_prochandle *P, size_t nbytes)
826 {
827 	core_info_t *core = P->data;
828 	size_t ubytes = sizeof (struct utsname);
829 	struct utsname *utsp;
830 
831 	if (core->core_uts != NULL || nbytes < ubytes)
832 		return (0);	/* Already seen or bad size */
833 
834 	if ((utsp = malloc(ubytes)) == NULL)
835 		return (-1);
836 
837 	if (read(P->asfd, utsp, ubytes) != ubytes) {
838 		dprintf("Pgrab_core: failed to read NT_UTSNAME\n");
839 		free(utsp);
840 		return (-1);
841 	}
842 
843 	if (_libproc_debug) {
844 		dprintf("uts.sysname = \"%s\"\n", utsp->sysname);
845 		dprintf("uts.nodename = \"%s\"\n", utsp->nodename);
846 		dprintf("uts.release = \"%s\"\n", utsp->release);
847 		dprintf("uts.version = \"%s\"\n", utsp->version);
848 		dprintf("uts.machine = \"%s\"\n", utsp->machine);
849 	}
850 
851 	core->core_uts = utsp;
852 	return (0);
853 }
854 
855 static int
856 note_content(struct ps_prochandle *P, size_t nbytes)
857 {
858 	core_info_t *core = P->data;
859 	core_content_t content;
860 
861 	if (sizeof (core->core_content) != nbytes)
862 		return (-1);
863 
864 	if (read(P->asfd, &content, sizeof (content)) != sizeof (content))
865 		return (-1);
866 
867 	core->core_content = content;
868 
869 	dprintf("core content = %llx\n", content);
870 
871 	return (0);
872 }
873 
874 static int
875 note_cred(struct ps_prochandle *P, size_t nbytes)
876 {
877 	core_info_t *core = P->data;
878 	prcred_t *pcrp;
879 	int ngroups;
880 	const size_t min_size = sizeof (prcred_t) - sizeof (gid_t);
881 
882 	/*
883 	 * We allow for prcred_t notes that are actually smaller than a
884 	 * prcred_t since the last member isn't essential if there are
885 	 * no group memberships. This allows for more flexibility when it
886 	 * comes to slightly malformed -- but still valid -- notes.
887 	 */
888 	if (core->core_cred != NULL || nbytes < min_size)
889 		return (0);	/* Already seen or bad size */
890 
891 	ngroups = (nbytes - min_size) / sizeof (gid_t);
892 	nbytes = sizeof (prcred_t) + (ngroups - 1) * sizeof (gid_t);
893 
894 	if ((pcrp = malloc(nbytes)) == NULL)
895 		return (-1);
896 
897 	if (read(P->asfd, pcrp, nbytes) != nbytes) {
898 		dprintf("Pgrab_core: failed to read NT_PRCRED\n");
899 		free(pcrp);
900 		return (-1);
901 	}
902 
903 	if (pcrp->pr_ngroups > ngroups) {
904 		dprintf("pr_ngroups = %d; resetting to %d based on note size\n",
905 		    pcrp->pr_ngroups, ngroups);
906 		pcrp->pr_ngroups = ngroups;
907 	}
908 
909 	core->core_cred = pcrp;
910 	return (0);
911 }
912 
913 #ifdef __x86
914 static int
915 note_ldt(struct ps_prochandle *P, size_t nbytes)
916 {
917 	core_info_t *core = P->data;
918 	struct ssd *pldt;
919 	uint_t nldt;
920 
921 	if (core->core_ldt != NULL || nbytes < sizeof (struct ssd))
922 		return (0);	/* Already seen or bad size */
923 
924 	nldt = nbytes / sizeof (struct ssd);
925 	nbytes = nldt * sizeof (struct ssd);
926 
927 	if ((pldt = malloc(nbytes)) == NULL)
928 		return (-1);
929 
930 	if (read(P->asfd, pldt, nbytes) != nbytes) {
931 		dprintf("Pgrab_core: failed to read NT_LDT\n");
932 		free(pldt);
933 		return (-1);
934 	}
935 
936 	core->core_ldt = pldt;
937 	core->core_nldt = nldt;
938 	return (0);
939 }
940 #endif	/* __i386 */
941 
942 static int
943 note_priv(struct ps_prochandle *P, size_t nbytes)
944 {
945 	core_info_t *core = P->data;
946 	prpriv_t *pprvp;
947 
948 	if (core->core_priv != NULL || nbytes < sizeof (prpriv_t))
949 		return (0);	/* Already seen or bad size */
950 
951 	if ((pprvp = malloc(nbytes)) == NULL)
952 		return (-1);
953 
954 	if (read(P->asfd, pprvp, nbytes) != nbytes) {
955 		dprintf("Pgrab_core: failed to read NT_PRPRIV\n");
956 		free(pprvp);
957 		return (-1);
958 	}
959 
960 	core->core_priv = pprvp;
961 	core->core_priv_size = nbytes;
962 	return (0);
963 }
964 
965 static int
966 note_priv_info(struct ps_prochandle *P, size_t nbytes)
967 {
968 	core_info_t *core = P->data;
969 	extern void *__priv_parse_info();
970 	priv_impl_info_t *ppii;
971 
972 	if (core->core_privinfo != NULL ||
973 	    nbytes < sizeof (priv_impl_info_t))
974 		return (0);	/* Already seen or bad size */
975 
976 	if ((ppii = malloc(nbytes)) == NULL)
977 		return (-1);
978 
979 	if (read(P->asfd, ppii, nbytes) != nbytes ||
980 	    PRIV_IMPL_INFO_SIZE(ppii) != nbytes) {
981 		dprintf("Pgrab_core: failed to read NT_PRPRIVINFO\n");
982 		free(ppii);
983 		return (-1);
984 	}
985 
986 	core->core_privinfo = __priv_parse_info(ppii);
987 	core->core_ppii = ppii;
988 	return (0);
989 }
990 
991 static int
992 note_zonename(struct ps_prochandle *P, size_t nbytes)
993 {
994 	core_info_t *core = P->data;
995 	char *zonename;
996 
997 	if (core->core_zonename != NULL)
998 		return (0);	/* Already seen */
999 
1000 	if (nbytes != 0) {
1001 		if ((zonename = malloc(nbytes)) == NULL)
1002 			return (-1);
1003 		if (read(P->asfd, zonename, nbytes) != nbytes) {
1004 			dprintf("Pgrab_core: failed to read NT_ZONENAME\n");
1005 			free(zonename);
1006 			return (-1);
1007 		}
1008 		zonename[nbytes - 1] = '\0';
1009 		core->core_zonename = zonename;
1010 	}
1011 
1012 	return (0);
1013 }
1014 
1015 static int
1016 note_auxv(struct ps_prochandle *P, size_t nbytes)
1017 {
1018 	size_t n, i;
1019 
1020 #ifdef _LP64
1021 	core_info_t *core = P->data;
1022 
1023 	if (core->core_dmodel == PR_MODEL_ILP32) {
1024 		auxv32_t *a32;
1025 
1026 		n = nbytes / sizeof (auxv32_t);
1027 		nbytes = n * sizeof (auxv32_t);
1028 		a32 = alloca(nbytes);
1029 
1030 		if (read(P->asfd, a32, nbytes) != nbytes) {
1031 			dprintf("Pgrab_core: failed to read NT_AUXV\n");
1032 			return (-1);
1033 		}
1034 
1035 		if ((P->auxv = malloc(sizeof (auxv_t) * (n + 1))) == NULL)
1036 			return (-1);
1037 
1038 		for (i = 0; i < n; i++)
1039 			auxv_32_to_n(&a32[i], &P->auxv[i]);
1040 
1041 	} else {
1042 #endif
1043 		n = nbytes / sizeof (auxv_t);
1044 		nbytes = n * sizeof (auxv_t);
1045 
1046 		if ((P->auxv = malloc(nbytes + sizeof (auxv_t))) == NULL)
1047 			return (-1);
1048 
1049 		if (read(P->asfd, P->auxv, nbytes) != nbytes) {
1050 			free(P->auxv);
1051 			P->auxv = NULL;
1052 			return (-1);
1053 		}
1054 #ifdef _LP64
1055 	}
1056 #endif
1057 
1058 	if (_libproc_debug) {
1059 		for (i = 0; i < n; i++) {
1060 			dprintf("P->auxv[%lu] = ( %d, 0x%lx )\n", (ulong_t)i,
1061 			    P->auxv[i].a_type, P->auxv[i].a_un.a_val);
1062 		}
1063 	}
1064 
1065 	/*
1066 	 * Defensive coding for loops which depend upon the auxv array being
1067 	 * terminated by an AT_NULL element; in each case, we've allocated
1068 	 * P->auxv to have an additional element which we force to be AT_NULL.
1069 	 */
1070 	P->auxv[n].a_type = AT_NULL;
1071 	P->auxv[n].a_un.a_val = 0L;
1072 	P->nauxv = (int)n;
1073 
1074 	return (0);
1075 }
1076 
1077 #ifdef __sparc
1078 static int
1079 note_xreg(struct ps_prochandle *P, size_t nbytes)
1080 {
1081 	core_info_t *core = P->data;
1082 	lwp_info_t *lwp = core->core_lwp;
1083 	size_t xbytes = sizeof (prxregset_t);
1084 	prxregset_t *xregs;
1085 
1086 	if (lwp == NULL || lwp->lwp_xregs != NULL || nbytes < xbytes)
1087 		return (0);	/* No lwp yet, already seen, or bad size */
1088 
1089 	if ((xregs = malloc(xbytes)) == NULL)
1090 		return (-1);
1091 
1092 	if (read(P->asfd, xregs, xbytes) != xbytes) {
1093 		dprintf("Pgrab_core: failed to read NT_PRXREG\n");
1094 		free(xregs);
1095 		return (-1);
1096 	}
1097 
1098 	lwp->lwp_xregs = xregs;
1099 	return (0);
1100 }
1101 
1102 static int
1103 note_gwindows(struct ps_prochandle *P, size_t nbytes)
1104 {
1105 	core_info_t *core = P->data;
1106 	lwp_info_t *lwp = core->core_lwp;
1107 
1108 	if (lwp == NULL || lwp->lwp_gwins != NULL || nbytes == 0)
1109 		return (0);	/* No lwp yet or already seen or no data */
1110 
1111 	if ((lwp->lwp_gwins = malloc(sizeof (gwindows_t))) == NULL)
1112 		return (-1);
1113 
1114 	/*
1115 	 * Since the amount of gwindows data varies with how many windows were
1116 	 * actually saved, we just read up to the minimum of the note size
1117 	 * and the size of the gwindows_t type.  It doesn't matter if the read
1118 	 * fails since we have to zero out gwindows first anyway.
1119 	 */
1120 #ifdef _LP64
1121 	if (core->core_dmodel == PR_MODEL_ILP32) {
1122 		gwindows32_t g32;
1123 
1124 		(void) memset(&g32, 0, sizeof (g32));
1125 		(void) read(P->asfd, &g32, MIN(nbytes, sizeof (g32)));
1126 		gwindows_32_to_n(&g32, lwp->lwp_gwins);
1127 
1128 	} else {
1129 #endif
1130 		(void) memset(lwp->lwp_gwins, 0, sizeof (gwindows_t));
1131 		(void) read(P->asfd, lwp->lwp_gwins,
1132 		    MIN(nbytes, sizeof (gwindows_t)));
1133 #ifdef _LP64
1134 	}
1135 #endif
1136 	return (0);
1137 }
1138 
1139 #ifdef __sparcv9
1140 static int
1141 note_asrs(struct ps_prochandle *P, size_t nbytes)
1142 {
1143 	core_info_t *core = P->data;
1144 	lwp_info_t *lwp = core->core_lwp;
1145 	int64_t *asrs;
1146 
1147 	if (lwp == NULL || lwp->lwp_asrs != NULL || nbytes < sizeof (asrset_t))
1148 		return (0);	/* No lwp yet, already seen, or bad size */
1149 
1150 	if ((asrs = malloc(sizeof (asrset_t))) == NULL)
1151 		return (-1);
1152 
1153 	if (read(P->asfd, asrs, sizeof (asrset_t)) != sizeof (asrset_t)) {
1154 		dprintf("Pgrab_core: failed to read NT_ASRS\n");
1155 		free(asrs);
1156 		return (-1);
1157 	}
1158 
1159 	lwp->lwp_asrs = asrs;
1160 	return (0);
1161 }
1162 #endif	/* __sparcv9 */
1163 #endif	/* __sparc */
1164 
1165 static int
1166 note_spymaster(struct ps_prochandle *P, size_t nbytes)
1167 {
1168 #ifdef _LP64
1169 	core_info_t *core = P->data;
1170 
1171 	if (core->core_dmodel == PR_MODEL_ILP32) {
1172 		psinfo32_t ps32;
1173 
1174 		if (nbytes < sizeof (psinfo32_t) ||
1175 		    read(P->asfd, &ps32, sizeof (ps32)) != sizeof (ps32))
1176 			goto err;
1177 
1178 		psinfo_32_to_n(&ps32, &P->spymaster);
1179 	} else
1180 #endif
1181 	if (nbytes < sizeof (psinfo_t) || read(P->asfd,
1182 	    &P->spymaster, sizeof (psinfo_t)) != sizeof (psinfo_t))
1183 		goto err;
1184 
1185 	dprintf("spymaster pr_fname = <%s>\n", P->psinfo.pr_fname);
1186 	dprintf("spymaster pr_psargs = <%s>\n", P->psinfo.pr_psargs);
1187 	dprintf("spymaster pr_wstat = 0x%x\n", P->psinfo.pr_wstat);
1188 
1189 	return (0);
1190 
1191 err:
1192 	dprintf("Pgrab_core: failed to read NT_SPYMASTER\n");
1193 	return (-1);
1194 }
1195 
1196 /*ARGSUSED*/
1197 static int
1198 note_notsup(struct ps_prochandle *P, size_t nbytes)
1199 {
1200 	dprintf("skipping unsupported note type of size %ld bytes\n",
1201 	    (ulong_t)nbytes);
1202 	return (0);
1203 }
1204 
1205 /*
1206  * Populate a table of function pointers indexed by Note type with our
1207  * functions to process each type of core file note:
1208  */
1209 static int (*nhdlrs[])(struct ps_prochandle *, size_t) = {
1210 	note_notsup,		/*  0	unassigned		*/
1211 #ifdef __x86
1212 	note_linux_prstatus,		/*  1	NT_PRSTATUS (old)	*/
1213 #else
1214 	note_notsup,		/*  1	NT_PRSTATUS (old)	*/
1215 #endif
1216 	note_notsup,		/*  2	NT_PRFPREG (old)	*/
1217 #ifdef __x86
1218 	note_linux_psinfo,		/*  3	NT_PRPSINFO (old)	*/
1219 #else
1220 	note_notsup,		/*  3	NT_PRPSINFO (old)	*/
1221 #endif
1222 #ifdef __sparc
1223 	note_xreg,		/*  4	NT_PRXREG		*/
1224 #else
1225 	note_notsup,		/*  4	NT_PRXREG		*/
1226 #endif
1227 	note_platform,		/*  5	NT_PLATFORM		*/
1228 	note_auxv,		/*  6	NT_AUXV			*/
1229 #ifdef __sparc
1230 	note_gwindows,		/*  7	NT_GWINDOWS		*/
1231 #ifdef __sparcv9
1232 	note_asrs,		/*  8	NT_ASRS			*/
1233 #else
1234 	note_notsup,		/*  8	NT_ASRS			*/
1235 #endif
1236 #else
1237 	note_notsup,		/*  7	NT_GWINDOWS		*/
1238 	note_notsup,		/*  8	NT_ASRS			*/
1239 #endif
1240 #ifdef __x86
1241 	note_ldt,		/*  9	NT_LDT			*/
1242 #else
1243 	note_notsup,		/*  9	NT_LDT			*/
1244 #endif
1245 	note_pstatus,		/* 10	NT_PSTATUS		*/
1246 	note_notsup,		/* 11	unassigned		*/
1247 	note_notsup,		/* 12	unassigned		*/
1248 	note_psinfo,		/* 13	NT_PSINFO		*/
1249 	note_cred,		/* 14	NT_PRCRED		*/
1250 	note_utsname,		/* 15	NT_UTSNAME		*/
1251 	note_lwpstatus,		/* 16	NT_LWPSTATUS		*/
1252 	note_lwpsinfo,		/* 17	NT_LWPSINFO		*/
1253 	note_priv,		/* 18	NT_PRPRIV		*/
1254 	note_priv_info,		/* 19	NT_PRPRIVINFO		*/
1255 	note_content,		/* 20	NT_CONTENT		*/
1256 	note_zonename,		/* 21	NT_ZONENAME		*/
1257 	note_fdinfo,		/* 22	NT_FDINFO		*/
1258 	note_spymaster,		/* 23	NT_SPYMASTER		*/
1259 	note_secflags,		/* 24	NT_SECFLAGS		*/
1260 	note_lwpname,		/* 25	NT_LWPNAME		*/
1261 };
1262 
1263 static void
1264 core_report_mapping(struct ps_prochandle *P, GElf_Phdr *php)
1265 {
1266 	prkillinfo_t killinfo;
1267 	siginfo_t *si = &killinfo.prk_info;
1268 	char signame[SIG2STR_MAX], sig[64], info[64];
1269 	void *addr = (void *)(uintptr_t)php->p_vaddr;
1270 
1271 	const char *errfmt = "core file data for mapping at %p not saved: %s\n";
1272 	const char *incfmt = "core file incomplete due to %s%s\n";
1273 	const char *msgfmt = "mappings at and above %p are missing\n";
1274 
1275 	if (!(php->p_flags & PF_SUNW_KILLED)) {
1276 		int err = 0;
1277 
1278 		(void) pread64(P->asfd, &err,
1279 		    sizeof (err), (off64_t)php->p_offset);
1280 
1281 		Perror_printf(P, errfmt, addr, strerror(err));
1282 		dprintf(errfmt, addr, strerror(err));
1283 		return;
1284 	}
1285 
1286 	if (!(php->p_flags & PF_SUNW_SIGINFO))
1287 		return;
1288 
1289 	(void) memset(&killinfo, 0, sizeof (killinfo));
1290 
1291 	(void) pread64(P->asfd, &killinfo,
1292 	    sizeof (killinfo), (off64_t)php->p_offset);
1293 
1294 	/*
1295 	 * While there is (or at least should be) only one segment that has
1296 	 * PF_SUNW_SIGINFO set, the signal information there is globally
1297 	 * useful (even if only to those debugging libproc consumers); we hang
1298 	 * the signal information gleaned here off of the ps_prochandle.
1299 	 */
1300 	P->map_missing = php->p_vaddr;
1301 	P->killinfo = killinfo.prk_info;
1302 
1303 	if (sig2str(si->si_signo, signame) == -1) {
1304 		(void) snprintf(sig, sizeof (sig),
1305 		    "<Unknown signal: 0x%x>, ", si->si_signo);
1306 	} else {
1307 		(void) snprintf(sig, sizeof (sig), "SIG%s, ", signame);
1308 	}
1309 
1310 	if (si->si_code == SI_USER || si->si_code == SI_QUEUE) {
1311 		(void) snprintf(info, sizeof (info),
1312 		    "pid=%d uid=%d zone=%d ctid=%d",
1313 		    si->si_pid, si->si_uid, si->si_zoneid, si->si_ctid);
1314 	} else {
1315 		(void) snprintf(info, sizeof (info),
1316 		    "code=%d", si->si_code);
1317 	}
1318 
1319 	Perror_printf(P, incfmt, sig, info);
1320 	Perror_printf(P, msgfmt, addr);
1321 
1322 	dprintf(incfmt, sig, info);
1323 	dprintf(msgfmt, addr);
1324 }
1325 
1326 /*
1327  * Add information on the address space mapping described by the given
1328  * PT_LOAD program header.  We fill in more information on the mapping later.
1329  */
1330 static int
1331 core_add_mapping(struct ps_prochandle *P, GElf_Phdr *php)
1332 {
1333 	core_info_t *core = P->data;
1334 	prmap_t pmap;
1335 
1336 	dprintf("mapping base %llx filesz %llx memsz %llx offset %llx\n",
1337 	    (u_longlong_t)php->p_vaddr, (u_longlong_t)php->p_filesz,
1338 	    (u_longlong_t)php->p_memsz, (u_longlong_t)php->p_offset);
1339 
1340 	pmap.pr_vaddr = (uintptr_t)php->p_vaddr;
1341 	pmap.pr_size = php->p_memsz;
1342 
1343 	/*
1344 	 * If Pgcore() or elfcore() fail to write a mapping, they will set
1345 	 * PF_SUNW_FAILURE in the Phdr and try to stash away the errno for us.
1346 	 */
1347 	if (php->p_flags & PF_SUNW_FAILURE) {
1348 		core_report_mapping(P, php);
1349 	} else if (php->p_filesz != 0 && php->p_offset >= core->core_size) {
1350 		Perror_printf(P, "core file may be corrupt -- data for mapping "
1351 		    "at %p is missing\n", (void *)(uintptr_t)php->p_vaddr);
1352 		dprintf("core file may be corrupt -- data for mapping "
1353 		    "at %p is missing\n", (void *)(uintptr_t)php->p_vaddr);
1354 	}
1355 
1356 	/*
1357 	 * The mapping name and offset will hopefully be filled in
1358 	 * by the librtld_db agent.  Unfortunately, if it isn't a
1359 	 * shared library mapping, this information is gone forever.
1360 	 */
1361 	pmap.pr_mapname[0] = '\0';
1362 	pmap.pr_offset = 0;
1363 
1364 	pmap.pr_mflags = 0;
1365 	if (php->p_flags & PF_R)
1366 		pmap.pr_mflags |= MA_READ;
1367 	if (php->p_flags & PF_W)
1368 		pmap.pr_mflags |= MA_WRITE;
1369 	if (php->p_flags & PF_X)
1370 		pmap.pr_mflags |= MA_EXEC;
1371 
1372 	if (php->p_filesz == 0)
1373 		pmap.pr_mflags |= MA_RESERVED1;
1374 
1375 	/*
1376 	 * At the time of adding this mapping, we just zero the pagesize.
1377 	 * Once we've processed more of the core file, we'll have the
1378 	 * pagesize from the auxv's AT_PAGESZ element and we can fill this in.
1379 	 */
1380 	pmap.pr_pagesize = 0;
1381 
1382 	/*
1383 	 * Unfortunately whether or not the mapping was a System V
1384 	 * shared memory segment is lost.  We use -1 to mark it as not shm.
1385 	 */
1386 	pmap.pr_shmid = -1;
1387 
1388 	return (Padd_mapping(P, php->p_offset, NULL, &pmap));
1389 }
1390 
1391 /*
1392  * Given a virtual address, name the mapping at that address using the
1393  * specified name, and return the map_info_t pointer.
1394  */
1395 static map_info_t *
1396 core_name_mapping(struct ps_prochandle *P, uintptr_t addr, const char *name)
1397 {
1398 	map_info_t *mp = Paddr2mptr(P, addr);
1399 
1400 	if (mp != NULL) {
1401 		(void) strncpy(mp->map_pmap.pr_mapname, name, PRMAPSZ);
1402 		mp->map_pmap.pr_mapname[PRMAPSZ - 1] = '\0';
1403 	}
1404 
1405 	return (mp);
1406 }
1407 
1408 /*
1409  * libproc uses libelf for all of its symbol table manipulation. This function
1410  * takes a symbol table and string table from a core file and places them
1411  * in a memory backed elf file.
1412  */
1413 static void
1414 fake_up_symtab(struct ps_prochandle *P, const elf_file_header_t *ehdr,
1415     GElf_Shdr *symtab, GElf_Shdr *strtab)
1416 {
1417 	size_t size;
1418 	off64_t off, base;
1419 	map_info_t *mp;
1420 	file_info_t *fp;
1421 	Elf_Scn *scn;
1422 	Elf_Data *data;
1423 
1424 	if (symtab->sh_addr == 0 ||
1425 	    (mp = Paddr2mptr(P, symtab->sh_addr)) == NULL ||
1426 	    (fp = mp->map_file) == NULL) {
1427 		dprintf("fake_up_symtab: invalid section\n");
1428 		return;
1429 	}
1430 
1431 	if (fp->file_symtab.sym_data_pri != NULL) {
1432 		dprintf("Symbol table already loaded (sh_addr 0x%lx)\n",
1433 		    (long)symtab->sh_addr);
1434 		return;
1435 	}
1436 
1437 	if (P->status.pr_dmodel == PR_MODEL_ILP32) {
1438 		struct {
1439 			Elf32_Ehdr ehdr;
1440 			Elf32_Shdr shdr[3];
1441 			char data[1];
1442 		} *b;
1443 
1444 		base = sizeof (b->ehdr) + sizeof (b->shdr);
1445 		size = base + symtab->sh_size + strtab->sh_size;
1446 
1447 		if ((b = calloc(1, size)) == NULL)
1448 			return;
1449 
1450 		(void) memcpy(b->ehdr.e_ident, ehdr->e_ident,
1451 		    sizeof (ehdr->e_ident));
1452 		b->ehdr.e_type = ehdr->e_type;
1453 		b->ehdr.e_machine = ehdr->e_machine;
1454 		b->ehdr.e_version = ehdr->e_version;
1455 		b->ehdr.e_flags = ehdr->e_flags;
1456 		b->ehdr.e_ehsize = sizeof (b->ehdr);
1457 		b->ehdr.e_shoff = sizeof (b->ehdr);
1458 		b->ehdr.e_shentsize = sizeof (b->shdr[0]);
1459 		b->ehdr.e_shnum = 3;
1460 		off = 0;
1461 
1462 		b->shdr[1].sh_size = symtab->sh_size;
1463 		b->shdr[1].sh_type = SHT_SYMTAB;
1464 		b->shdr[1].sh_offset = off + base;
1465 		b->shdr[1].sh_entsize = sizeof (Elf32_Sym);
1466 		b->shdr[1].sh_link = 2;
1467 		b->shdr[1].sh_info =  symtab->sh_info;
1468 		b->shdr[1].sh_addralign = symtab->sh_addralign;
1469 
1470 		if (pread64(P->asfd, &b->data[off], b->shdr[1].sh_size,
1471 		    symtab->sh_offset) != b->shdr[1].sh_size) {
1472 			dprintf("fake_up_symtab: pread of symtab[1] failed\n");
1473 			free(b);
1474 			return;
1475 		}
1476 
1477 		off += b->shdr[1].sh_size;
1478 
1479 		b->shdr[2].sh_flags = SHF_STRINGS;
1480 		b->shdr[2].sh_size = strtab->sh_size;
1481 		b->shdr[2].sh_type = SHT_STRTAB;
1482 		b->shdr[2].sh_offset = off + base;
1483 		b->shdr[2].sh_info =  strtab->sh_info;
1484 		b->shdr[2].sh_addralign = 1;
1485 
1486 		if (pread64(P->asfd, &b->data[off], b->shdr[2].sh_size,
1487 		    strtab->sh_offset) != b->shdr[2].sh_size) {
1488 			dprintf("fake_up_symtab: pread of symtab[2] failed\n");
1489 			free(b);
1490 			return;
1491 		}
1492 
1493 		off += b->shdr[2].sh_size;
1494 
1495 		fp->file_symtab.sym_elf = elf_memory((char *)b, size);
1496 		if (fp->file_symtab.sym_elf == NULL) {
1497 			free(b);
1498 			return;
1499 		}
1500 
1501 		fp->file_symtab.sym_elfmem = b;
1502 #ifdef _LP64
1503 	} else {
1504 		struct {
1505 			Elf64_Ehdr ehdr;
1506 			Elf64_Shdr shdr[3];
1507 			char data[1];
1508 		} *b;
1509 
1510 		base = sizeof (b->ehdr) + sizeof (b->shdr);
1511 		size = base + symtab->sh_size + strtab->sh_size;
1512 
1513 		if ((b = calloc(1, size)) == NULL)
1514 			return;
1515 
1516 		(void) memcpy(b->ehdr.e_ident, ehdr->e_ident,
1517 		    sizeof (ehdr->e_ident));
1518 		b->ehdr.e_type = ehdr->e_type;
1519 		b->ehdr.e_machine = ehdr->e_machine;
1520 		b->ehdr.e_version = ehdr->e_version;
1521 		b->ehdr.e_flags = ehdr->e_flags;
1522 		b->ehdr.e_ehsize = sizeof (b->ehdr);
1523 		b->ehdr.e_shoff = sizeof (b->ehdr);
1524 		b->ehdr.e_shentsize = sizeof (b->shdr[0]);
1525 		b->ehdr.e_shnum = 3;
1526 		off = 0;
1527 
1528 		b->shdr[1].sh_size = symtab->sh_size;
1529 		b->shdr[1].sh_type = SHT_SYMTAB;
1530 		b->shdr[1].sh_offset = off + base;
1531 		b->shdr[1].sh_entsize = sizeof (Elf64_Sym);
1532 		b->shdr[1].sh_link = 2;
1533 		b->shdr[1].sh_info =  symtab->sh_info;
1534 		b->shdr[1].sh_addralign = symtab->sh_addralign;
1535 
1536 		if (pread64(P->asfd, &b->data[off], b->shdr[1].sh_size,
1537 		    symtab->sh_offset) != b->shdr[1].sh_size) {
1538 			free(b);
1539 			return;
1540 		}
1541 
1542 		off += b->shdr[1].sh_size;
1543 
1544 		b->shdr[2].sh_flags = SHF_STRINGS;
1545 		b->shdr[2].sh_size = strtab->sh_size;
1546 		b->shdr[2].sh_type = SHT_STRTAB;
1547 		b->shdr[2].sh_offset = off + base;
1548 		b->shdr[2].sh_info =  strtab->sh_info;
1549 		b->shdr[2].sh_addralign = 1;
1550 
1551 		if (pread64(P->asfd, &b->data[off], b->shdr[2].sh_size,
1552 		    strtab->sh_offset) != b->shdr[2].sh_size) {
1553 			free(b);
1554 			return;
1555 		}
1556 
1557 		off += b->shdr[2].sh_size;
1558 
1559 		fp->file_symtab.sym_elf = elf_memory((char *)b, size);
1560 		if (fp->file_symtab.sym_elf == NULL) {
1561 			free(b);
1562 			return;
1563 		}
1564 
1565 		fp->file_symtab.sym_elfmem = b;
1566 #endif
1567 	}
1568 
1569 	if ((scn = elf_getscn(fp->file_symtab.sym_elf, 1)) == NULL ||
1570 	    (fp->file_symtab.sym_data_pri = elf_getdata(scn, NULL)) == NULL ||
1571 	    (scn = elf_getscn(fp->file_symtab.sym_elf, 2)) == NULL ||
1572 	    (data = elf_getdata(scn, NULL)) == NULL) {
1573 		dprintf("fake_up_symtab: failed to get section data at %p\n",
1574 		    (void *)scn);
1575 		goto err;
1576 	}
1577 
1578 	fp->file_symtab.sym_strs = data->d_buf;
1579 	fp->file_symtab.sym_strsz = data->d_size;
1580 	fp->file_symtab.sym_symn = symtab->sh_size / symtab->sh_entsize;
1581 	fp->file_symtab.sym_hdr_pri = *symtab;
1582 	fp->file_symtab.sym_strhdr = *strtab;
1583 
1584 	optimize_symtab(&fp->file_symtab);
1585 
1586 	return;
1587 err:
1588 	(void) elf_end(fp->file_symtab.sym_elf);
1589 	free(fp->file_symtab.sym_elfmem);
1590 	fp->file_symtab.sym_elf = NULL;
1591 	fp->file_symtab.sym_elfmem = NULL;
1592 }
1593 
1594 static void
1595 core_phdr_to_gelf(const Elf32_Phdr *src, GElf_Phdr *dst)
1596 {
1597 	dst->p_type = src->p_type;
1598 	dst->p_flags = src->p_flags;
1599 	dst->p_offset = (Elf64_Off)src->p_offset;
1600 	dst->p_vaddr = (Elf64_Addr)src->p_vaddr;
1601 	dst->p_paddr = (Elf64_Addr)src->p_paddr;
1602 	dst->p_filesz = (Elf64_Xword)src->p_filesz;
1603 	dst->p_memsz = (Elf64_Xword)src->p_memsz;
1604 	dst->p_align = (Elf64_Xword)src->p_align;
1605 }
1606 
1607 static void
1608 core_shdr_to_gelf(const Elf32_Shdr *src, GElf_Shdr *dst)
1609 {
1610 	dst->sh_name = src->sh_name;
1611 	dst->sh_type = src->sh_type;
1612 	dst->sh_flags = (Elf64_Xword)src->sh_flags;
1613 	dst->sh_addr = (Elf64_Addr)src->sh_addr;
1614 	dst->sh_offset = (Elf64_Off)src->sh_offset;
1615 	dst->sh_size = (Elf64_Xword)src->sh_size;
1616 	dst->sh_link = src->sh_link;
1617 	dst->sh_info = src->sh_info;
1618 	dst->sh_addralign = (Elf64_Xword)src->sh_addralign;
1619 	dst->sh_entsize = (Elf64_Xword)src->sh_entsize;
1620 }
1621 
1622 /*
1623  * Perform elf_begin on efp->e_fd and verify the ELF file's type and class.
1624  */
1625 static int
1626 core_elf_fdopen(elf_file_t *efp, GElf_Half type, int *perr)
1627 {
1628 #ifdef _BIG_ENDIAN
1629 	uchar_t order = ELFDATA2MSB;
1630 #else
1631 	uchar_t order = ELFDATA2LSB;
1632 #endif
1633 	Elf32_Ehdr e32;
1634 	int is_noelf = -1;
1635 	int isa_err = 0;
1636 
1637 	/*
1638 	 * Because 32-bit libelf cannot deal with large files, we need to read,
1639 	 * check, and convert the file header manually in case type == ET_CORE.
1640 	 */
1641 	if (pread64(efp->e_fd, &e32, sizeof (e32), 0) != sizeof (e32)) {
1642 		if (perr != NULL)
1643 			*perr = G_FORMAT;
1644 		goto err;
1645 	}
1646 	if ((is_noelf = memcmp(&e32.e_ident[EI_MAG0], ELFMAG, SELFMAG)) != 0 ||
1647 	    e32.e_type != type || (isa_err = (e32.e_ident[EI_DATA] != order)) ||
1648 	    e32.e_version != EV_CURRENT) {
1649 		if (perr != NULL) {
1650 			if (is_noelf == 0 && isa_err) {
1651 				*perr = G_ISAINVAL;
1652 			} else {
1653 				*perr = G_FORMAT;
1654 			}
1655 		}
1656 		goto err;
1657 	}
1658 
1659 	/*
1660 	 * If the file is 64-bit and we are 32-bit, fail with G_LP64.  If the
1661 	 * file is 64-bit and we are 64-bit, re-read the header as a Elf64_Ehdr,
1662 	 * and convert it to a elf_file_header_t.  Otherwise, the file is
1663 	 * 32-bit, so convert e32 to a elf_file_header_t.
1664 	 */
1665 	if (e32.e_ident[EI_CLASS] == ELFCLASS64) {
1666 #ifdef _LP64
1667 		Elf64_Ehdr e64;
1668 
1669 		if (pread64(efp->e_fd, &e64, sizeof (e64), 0) != sizeof (e64)) {
1670 			if (perr != NULL)
1671 				*perr = G_FORMAT;
1672 			goto err;
1673 		}
1674 
1675 		(void) memcpy(efp->e_hdr.e_ident, e64.e_ident, EI_NIDENT);
1676 		efp->e_hdr.e_type = e64.e_type;
1677 		efp->e_hdr.e_machine = e64.e_machine;
1678 		efp->e_hdr.e_version = e64.e_version;
1679 		efp->e_hdr.e_entry = e64.e_entry;
1680 		efp->e_hdr.e_phoff = e64.e_phoff;
1681 		efp->e_hdr.e_shoff = e64.e_shoff;
1682 		efp->e_hdr.e_flags = e64.e_flags;
1683 		efp->e_hdr.e_ehsize = e64.e_ehsize;
1684 		efp->e_hdr.e_phentsize = e64.e_phentsize;
1685 		efp->e_hdr.e_phnum = (Elf64_Word)e64.e_phnum;
1686 		efp->e_hdr.e_shentsize = e64.e_shentsize;
1687 		efp->e_hdr.e_shnum = (Elf64_Word)e64.e_shnum;
1688 		efp->e_hdr.e_shstrndx = (Elf64_Word)e64.e_shstrndx;
1689 #else	/* _LP64 */
1690 		if (perr != NULL)
1691 			*perr = G_LP64;
1692 		goto err;
1693 #endif	/* _LP64 */
1694 	} else {
1695 		(void) memcpy(efp->e_hdr.e_ident, e32.e_ident, EI_NIDENT);
1696 		efp->e_hdr.e_type = e32.e_type;
1697 		efp->e_hdr.e_machine = e32.e_machine;
1698 		efp->e_hdr.e_version = e32.e_version;
1699 		efp->e_hdr.e_entry = (Elf64_Addr)e32.e_entry;
1700 		efp->e_hdr.e_phoff = (Elf64_Off)e32.e_phoff;
1701 		efp->e_hdr.e_shoff = (Elf64_Off)e32.e_shoff;
1702 		efp->e_hdr.e_flags = e32.e_flags;
1703 		efp->e_hdr.e_ehsize = e32.e_ehsize;
1704 		efp->e_hdr.e_phentsize = e32.e_phentsize;
1705 		efp->e_hdr.e_phnum = (Elf64_Word)e32.e_phnum;
1706 		efp->e_hdr.e_shentsize = e32.e_shentsize;
1707 		efp->e_hdr.e_shnum = (Elf64_Word)e32.e_shnum;
1708 		efp->e_hdr.e_shstrndx = (Elf64_Word)e32.e_shstrndx;
1709 	}
1710 
1711 	/*
1712 	 * If the number of section headers or program headers or the section
1713 	 * header string table index would overflow their respective fields
1714 	 * in the ELF header, they're stored in the section header at index
1715 	 * zero. To simplify use elsewhere, we look for those sentinel values
1716 	 * here.
1717 	 */
1718 	if ((efp->e_hdr.e_shnum == 0 && efp->e_hdr.e_shoff != 0) ||
1719 	    efp->e_hdr.e_shstrndx == SHN_XINDEX ||
1720 	    efp->e_hdr.e_phnum == PN_XNUM) {
1721 		GElf_Shdr shdr;
1722 
1723 		dprintf("extended ELF header\n");
1724 
1725 		if (efp->e_hdr.e_shoff == 0) {
1726 			if (perr != NULL)
1727 				*perr = G_FORMAT;
1728 			goto err;
1729 		}
1730 
1731 		if (efp->e_hdr.e_ident[EI_CLASS] == ELFCLASS32) {
1732 			Elf32_Shdr shdr32;
1733 
1734 			if (pread64(efp->e_fd, &shdr32, sizeof (shdr32),
1735 			    efp->e_hdr.e_shoff) != sizeof (shdr32)) {
1736 				if (perr != NULL)
1737 					*perr = G_FORMAT;
1738 				goto err;
1739 			}
1740 
1741 			core_shdr_to_gelf(&shdr32, &shdr);
1742 		} else {
1743 			if (pread64(efp->e_fd, &shdr, sizeof (shdr),
1744 			    efp->e_hdr.e_shoff) != sizeof (shdr)) {
1745 				if (perr != NULL)
1746 					*perr = G_FORMAT;
1747 				goto err;
1748 			}
1749 		}
1750 
1751 		if (efp->e_hdr.e_shnum == 0) {
1752 			efp->e_hdr.e_shnum = shdr.sh_size;
1753 			dprintf("section header count %lu\n",
1754 			    (ulong_t)shdr.sh_size);
1755 		}
1756 
1757 		if (efp->e_hdr.e_shstrndx == SHN_XINDEX) {
1758 			efp->e_hdr.e_shstrndx = shdr.sh_link;
1759 			dprintf("section string index %u\n", shdr.sh_link);
1760 		}
1761 
1762 		if (efp->e_hdr.e_phnum == PN_XNUM && shdr.sh_info != 0) {
1763 			efp->e_hdr.e_phnum = shdr.sh_info;
1764 			dprintf("program header count %u\n", shdr.sh_info);
1765 		}
1766 
1767 	} else if (efp->e_hdr.e_phoff != 0) {
1768 		GElf_Phdr phdr;
1769 		uint64_t phnum;
1770 
1771 		/*
1772 		 * It's possible this core file came from a system that
1773 		 * accidentally truncated the e_phnum field without correctly
1774 		 * using the extended format in the section header at index
1775 		 * zero. We try to detect and correct that specific type of
1776 		 * corruption by using the knowledge that the core dump
1777 		 * routines usually place the data referenced by the first
1778 		 * program header immediately after the last header element.
1779 		 */
1780 		if (efp->e_hdr.e_ident[EI_CLASS] == ELFCLASS32) {
1781 			Elf32_Phdr phdr32;
1782 
1783 			if (pread64(efp->e_fd, &phdr32, sizeof (phdr32),
1784 			    efp->e_hdr.e_phoff) != sizeof (phdr32)) {
1785 				if (perr != NULL)
1786 					*perr = G_FORMAT;
1787 				goto err;
1788 			}
1789 
1790 			core_phdr_to_gelf(&phdr32, &phdr);
1791 		} else {
1792 			if (pread64(efp->e_fd, &phdr, sizeof (phdr),
1793 			    efp->e_hdr.e_phoff) != sizeof (phdr)) {
1794 				if (perr != NULL)
1795 					*perr = G_FORMAT;
1796 				goto err;
1797 			}
1798 		}
1799 
1800 		phnum = phdr.p_offset - efp->e_hdr.e_ehsize -
1801 		    (uint64_t)efp->e_hdr.e_shnum * efp->e_hdr.e_shentsize;
1802 		phnum /= efp->e_hdr.e_phentsize;
1803 
1804 		if (phdr.p_offset != 0 && phnum != efp->e_hdr.e_phnum) {
1805 			dprintf("suspicious program header count %u %u\n",
1806 			    (uint_t)phnum, efp->e_hdr.e_phnum);
1807 
1808 			/*
1809 			 * If the new program header count we computed doesn't
1810 			 * jive with count in the ELF header, we'll use the
1811 			 * data that's there and hope for the best.
1812 			 *
1813 			 * If it does, it's also possible that the section
1814 			 * header offset is incorrect; we'll check that and
1815 			 * possibly try to fix it.
1816 			 */
1817 			if (phnum <= INT_MAX &&
1818 			    (uint16_t)phnum == efp->e_hdr.e_phnum) {
1819 
1820 				if (efp->e_hdr.e_shoff == efp->e_hdr.e_phoff +
1821 				    efp->e_hdr.e_phentsize *
1822 				    (uint_t)efp->e_hdr.e_phnum) {
1823 					efp->e_hdr.e_shoff =
1824 					    efp->e_hdr.e_phoff +
1825 					    efp->e_hdr.e_phentsize * phnum;
1826 				}
1827 
1828 				efp->e_hdr.e_phnum = (Elf64_Word)phnum;
1829 				dprintf("using new program header count\n");
1830 			} else {
1831 				dprintf("inconsistent program header count\n");
1832 			}
1833 		}
1834 	}
1835 
1836 	/*
1837 	 * The libelf implementation was never ported to be large-file aware.
1838 	 * This is typically not a problem for your average executable or
1839 	 * shared library, but a large 32-bit core file can exceed 2GB in size.
1840 	 * So if type is ET_CORE, we don't bother doing elf_begin; the code
1841 	 * in Pfgrab_core() below will do its own i/o and struct conversion.
1842 	 */
1843 
1844 	if (type == ET_CORE) {
1845 		efp->e_elf = NULL;
1846 		return (0);
1847 	}
1848 
1849 	if ((efp->e_elf = elf_begin(efp->e_fd, ELF_C_READ, NULL)) == NULL) {
1850 		if (perr != NULL)
1851 			*perr = G_ELF;
1852 		goto err;
1853 	}
1854 
1855 	return (0);
1856 
1857 err:
1858 	efp->e_elf = NULL;
1859 	return (-1);
1860 }
1861 
1862 /*
1863  * Open the specified file and then do a core_elf_fdopen on it.
1864  */
1865 static int
1866 core_elf_open(elf_file_t *efp, const char *path, GElf_Half type, int *perr)
1867 {
1868 	(void) memset(efp, 0, sizeof (elf_file_t));
1869 
1870 	if ((efp->e_fd = open64(path, O_RDONLY)) >= 0) {
1871 		if (core_elf_fdopen(efp, type, perr) == 0)
1872 			return (0);
1873 
1874 		(void) close(efp->e_fd);
1875 		efp->e_fd = -1;
1876 	}
1877 
1878 	return (-1);
1879 }
1880 
1881 /*
1882  * Close the ELF handle and file descriptor.
1883  */
1884 static void
1885 core_elf_close(elf_file_t *efp)
1886 {
1887 	if (efp->e_elf != NULL) {
1888 		(void) elf_end(efp->e_elf);
1889 		efp->e_elf = NULL;
1890 	}
1891 
1892 	if (efp->e_fd != -1) {
1893 		(void) close(efp->e_fd);
1894 		efp->e_fd = -1;
1895 	}
1896 }
1897 
1898 /*
1899  * Given an ELF file for a statically linked executable, locate the likely
1900  * primary text section and fill in rl_base with its virtual address.
1901  */
1902 static map_info_t *
1903 core_find_text(struct ps_prochandle *P, Elf *elf, rd_loadobj_t *rlp)
1904 {
1905 	GElf_Phdr phdr;
1906 	uint_t i;
1907 	size_t nphdrs;
1908 
1909 	if (elf_getphdrnum(elf, &nphdrs) == -1)
1910 		return (NULL);
1911 
1912 	for (i = 0; i < nphdrs; i++) {
1913 		if (gelf_getphdr(elf, i, &phdr) != NULL &&
1914 		    phdr.p_type == PT_LOAD && (phdr.p_flags & PF_X)) {
1915 			rlp->rl_base = phdr.p_vaddr;
1916 			return (Paddr2mptr(P, rlp->rl_base));
1917 		}
1918 	}
1919 
1920 	return (NULL);
1921 }
1922 
1923 /*
1924  * Given an ELF file and the librtld_db structure corresponding to its primary
1925  * text mapping, deduce where its data segment was loaded and fill in
1926  * rl_data_base and prmap_t.pr_offset accordingly.
1927  */
1928 static map_info_t *
1929 core_find_data(struct ps_prochandle *P, Elf *elf, rd_loadobj_t *rlp)
1930 {
1931 	GElf_Ehdr ehdr;
1932 	GElf_Phdr phdr;
1933 	map_info_t *mp;
1934 	uint_t i, pagemask;
1935 	size_t nphdrs;
1936 
1937 	rlp->rl_data_base = (uintptr_t)NULL;
1938 
1939 	/*
1940 	 * Find the first loadable, writeable Phdr and compute rl_data_base
1941 	 * as the virtual address at which is was loaded.
1942 	 */
1943 	if (gelf_getehdr(elf, &ehdr) == NULL ||
1944 	    elf_getphdrnum(elf, &nphdrs) == -1)
1945 		return (NULL);
1946 
1947 	for (i = 0; i < nphdrs; i++) {
1948 		if (gelf_getphdr(elf, i, &phdr) != NULL &&
1949 		    phdr.p_type == PT_LOAD && (phdr.p_flags & PF_W)) {
1950 			rlp->rl_data_base = phdr.p_vaddr;
1951 			if (ehdr.e_type == ET_DYN)
1952 				rlp->rl_data_base += rlp->rl_base;
1953 			break;
1954 		}
1955 	}
1956 
1957 	/*
1958 	 * If we didn't find an appropriate phdr or if the address we
1959 	 * computed has no mapping, return NULL.
1960 	 */
1961 	if (rlp->rl_data_base == (uintptr_t)NULL ||
1962 	    (mp = Paddr2mptr(P, rlp->rl_data_base)) == NULL)
1963 		return (NULL);
1964 
1965 	/*
1966 	 * It wouldn't be procfs-related code if we didn't make use of
1967 	 * unclean knowledge of segvn, even in userland ... the prmap_t's
1968 	 * pr_offset field will be the segvn offset from mmap(2)ing the
1969 	 * data section, which will be the file offset & PAGEMASK.
1970 	 */
1971 	pagemask = ~(mp->map_pmap.pr_pagesize - 1);
1972 	mp->map_pmap.pr_offset = phdr.p_offset & pagemask;
1973 
1974 	return (mp);
1975 }
1976 
1977 /*
1978  * Librtld_db agent callback for iterating over load object mappings.
1979  * For each load object, we allocate a new file_info_t, perform naming,
1980  * and attempt to construct a symbol table for the load object.
1981  */
1982 static int
1983 core_iter_mapping(const rd_loadobj_t *rlp, struct ps_prochandle *P)
1984 {
1985 	core_info_t *core = P->data;
1986 	char lname[PATH_MAX], buf[PATH_MAX];
1987 	file_info_t *fp;
1988 	map_info_t *mp;
1989 
1990 	if (Pread_string(P, lname, PATH_MAX, (off_t)rlp->rl_nameaddr) <= 0) {
1991 		dprintf("failed to read name %p\n", (void *)rlp->rl_nameaddr);
1992 		return (1); /* Keep going; forget this if we can't get a name */
1993 	}
1994 
1995 	dprintf("rd_loadobj name = \"%s\" rl_base = %p\n",
1996 	    lname, (void *)rlp->rl_base);
1997 
1998 	if ((mp = Paddr2mptr(P, rlp->rl_base)) == NULL) {
1999 		dprintf("no mapping for %p\n", (void *)rlp->rl_base);
2000 		return (1); /* No mapping; advance to next mapping */
2001 	}
2002 
2003 	/*
2004 	 * Create a new file_info_t for this mapping, and therefore for
2005 	 * this load object.
2006 	 *
2007 	 * If there's an ELF header at the beginning of this mapping,
2008 	 * file_info_new() will try to use its section headers to
2009 	 * identify any other mappings that belong to this load object.
2010 	 */
2011 	if ((fp = mp->map_file) == NULL &&
2012 	    (fp = file_info_new(P, mp)) == NULL) {
2013 		core->core_errno = errno;
2014 		dprintf("failed to malloc mapping data\n");
2015 		return (0); /* Abort */
2016 	}
2017 	fp->file_map = mp;
2018 
2019 	/* Create a local copy of the load object representation */
2020 	if ((fp->file_lo = calloc(1, sizeof (rd_loadobj_t))) == NULL) {
2021 		core->core_errno = errno;
2022 		dprintf("failed to malloc mapping data\n");
2023 		return (0); /* Abort */
2024 	}
2025 	*fp->file_lo = *rlp;
2026 
2027 	if (lname[0] != '\0') {
2028 		/*
2029 		 * Naming dance part 1: if we got a name from librtld_db, then
2030 		 * copy this name to the prmap_t if it is unnamed.  If the
2031 		 * file_info_t is unnamed, name it after the lname.
2032 		 */
2033 		if (mp->map_pmap.pr_mapname[0] == '\0') {
2034 			(void) strncpy(mp->map_pmap.pr_mapname, lname, PRMAPSZ);
2035 			mp->map_pmap.pr_mapname[PRMAPSZ - 1] = '\0';
2036 		}
2037 
2038 		if (fp->file_lname == NULL)
2039 			fp->file_lname = strdup(lname);
2040 
2041 	} else if (fp->file_lname == NULL &&
2042 	    mp->map_pmap.pr_mapname[0] != '\0') {
2043 		/*
2044 		 * Naming dance part 2: if the mapping is named and the
2045 		 * file_info_t is not, name the file after the mapping.
2046 		 */
2047 		fp->file_lname = strdup(mp->map_pmap.pr_mapname);
2048 	}
2049 
2050 	if ((fp->file_rname == NULL) &&
2051 	    (Pfindmap(P, mp, buf, sizeof (buf)) != NULL))
2052 		fp->file_rname = strdup(buf);
2053 
2054 	if (fp->file_lname != NULL)
2055 		fp->file_lbase = basename(fp->file_lname);
2056 	if (fp->file_rname != NULL)
2057 		fp->file_rbase = basename(fp->file_rname);
2058 
2059 	/* Associate the file and the mapping. */
2060 	(void) strncpy(fp->file_pname, mp->map_pmap.pr_mapname, PRMAPSZ);
2061 	fp->file_pname[PRMAPSZ - 1] = '\0';
2062 
2063 	/*
2064 	 * If no section headers were available then we'll have to
2065 	 * identify this load object's other mappings with what we've
2066 	 * got: the start and end of the object's corresponding
2067 	 * address space.
2068 	 */
2069 	if (fp->file_saddrs == NULL) {
2070 		for (mp = fp->file_map + 1; mp < P->mappings + P->map_count &&
2071 		    mp->map_pmap.pr_vaddr < rlp->rl_bend; mp++) {
2072 
2073 			if (mp->map_file == NULL) {
2074 				dprintf("core_iter_mapping %s: associating "
2075 				    "segment at %p\n",
2076 				    fp->file_pname,
2077 				    (void *)mp->map_pmap.pr_vaddr);
2078 				mp->map_file = fp;
2079 				fp->file_ref++;
2080 			} else {
2081 				dprintf("core_iter_mapping %s: segment at "
2082 				    "%p already associated with %s\n",
2083 				    fp->file_pname,
2084 				    (void *)mp->map_pmap.pr_vaddr,
2085 				    (mp == fp->file_map ? "this file" :
2086 				    mp->map_file->file_pname));
2087 			}
2088 		}
2089 	}
2090 
2091 	/* Ensure that all this file's mappings are named. */
2092 	for (mp = fp->file_map; mp < P->mappings + P->map_count &&
2093 	    mp->map_file == fp; mp++) {
2094 		if (mp->map_pmap.pr_mapname[0] == '\0' &&
2095 		    !(mp->map_pmap.pr_mflags & MA_BREAK)) {
2096 			(void) strncpy(mp->map_pmap.pr_mapname, fp->file_pname,
2097 			    PRMAPSZ);
2098 			mp->map_pmap.pr_mapname[PRMAPSZ - 1] = '\0';
2099 		}
2100 	}
2101 
2102 	/* Attempt to build a symbol table for this file. */
2103 	Pbuild_file_symtab(P, fp);
2104 	if (fp->file_elf == NULL)
2105 		dprintf("core_iter_mapping: no symtab for %s\n",
2106 		    fp->file_pname);
2107 
2108 	/* Locate the start of a data segment associated with this file. */
2109 	if ((mp = core_find_data(P, fp->file_elf, fp->file_lo)) != NULL) {
2110 		dprintf("found data for %s at %p (pr_offset 0x%llx)\n",
2111 		    fp->file_pname, (void *)fp->file_lo->rl_data_base,
2112 		    mp->map_pmap.pr_offset);
2113 	} else {
2114 		dprintf("core_iter_mapping: no data found for %s\n",
2115 		    fp->file_pname);
2116 	}
2117 
2118 	return (1); /* Advance to next mapping */
2119 }
2120 
2121 /*
2122  * Callback function for Pfindexec().  In order to confirm a given pathname,
2123  * we verify that we can open it as an ELF file of type ET_EXEC or ET_DYN.
2124  */
2125 static int
2126 core_exec_open(const char *path, void *efp)
2127 {
2128 	if (core_elf_open(efp, path, ET_EXEC, NULL) == 0)
2129 		return (1);
2130 	if (core_elf_open(efp, path, ET_DYN, NULL) == 0)
2131 		return (1);
2132 	return (0);
2133 }
2134 
2135 /*
2136  * Attempt to load any section headers found in the core file.  If present,
2137  * this will refer to non-loadable data added to the core file by the kernel
2138  * based on coreadm(1M) settings, including CTF data and the symbol table.
2139  */
2140 static void
2141 core_load_shdrs(struct ps_prochandle *P, elf_file_t *efp)
2142 {
2143 	GElf_Shdr *shp, *shdrs = NULL;
2144 	char *shstrtab = NULL;
2145 	ulong_t shstrtabsz;
2146 	const char *name;
2147 	map_info_t *mp;
2148 
2149 	size_t nbytes;
2150 	void *buf;
2151 	int i;
2152 
2153 	if (efp->e_hdr.e_shstrndx >= efp->e_hdr.e_shnum) {
2154 		dprintf("corrupt shstrndx (%u) exceeds shnum (%u)\n",
2155 		    efp->e_hdr.e_shstrndx, efp->e_hdr.e_shnum);
2156 		return;
2157 	}
2158 
2159 	/*
2160 	 * Read the section header table from the core file and then iterate
2161 	 * over the section headers, converting each to a GElf_Shdr.
2162 	 */
2163 	if ((shdrs = malloc(efp->e_hdr.e_shnum * sizeof (GElf_Shdr))) == NULL) {
2164 		dprintf("failed to malloc %u section headers: %s\n",
2165 		    (uint_t)efp->e_hdr.e_shnum, strerror(errno));
2166 		return;
2167 	}
2168 
2169 	nbytes = efp->e_hdr.e_shnum * efp->e_hdr.e_shentsize;
2170 	if ((buf = malloc(nbytes)) == NULL) {
2171 		dprintf("failed to malloc %d bytes: %s\n", (int)nbytes,
2172 		    strerror(errno));
2173 		free(shdrs);
2174 		goto out;
2175 	}
2176 
2177 	if (pread64(efp->e_fd, buf, nbytes, efp->e_hdr.e_shoff) != nbytes) {
2178 		dprintf("failed to read section headers at off %lld: %s\n",
2179 		    (longlong_t)efp->e_hdr.e_shoff, strerror(errno));
2180 		free(buf);
2181 		goto out;
2182 	}
2183 
2184 	for (i = 0; i < efp->e_hdr.e_shnum; i++) {
2185 		void *p = (uchar_t *)buf + efp->e_hdr.e_shentsize * i;
2186 
2187 		if (efp->e_hdr.e_ident[EI_CLASS] == ELFCLASS32)
2188 			core_shdr_to_gelf(p, &shdrs[i]);
2189 		else
2190 			(void) memcpy(&shdrs[i], p, sizeof (GElf_Shdr));
2191 	}
2192 
2193 	free(buf);
2194 	buf = NULL;
2195 
2196 	/*
2197 	 * Read the .shstrtab section from the core file, terminating it with
2198 	 * an extra \0 so that a corrupt section will not cause us to die.
2199 	 */
2200 	shp = &shdrs[efp->e_hdr.e_shstrndx];
2201 	shstrtabsz = shp->sh_size;
2202 
2203 	if ((shstrtab = malloc(shstrtabsz + 1)) == NULL) {
2204 		dprintf("failed to allocate %lu bytes for shstrtab\n",
2205 		    (ulong_t)shstrtabsz);
2206 		goto out;
2207 	}
2208 
2209 	if (pread64(efp->e_fd, shstrtab, shstrtabsz,
2210 	    shp->sh_offset) != shstrtabsz) {
2211 		dprintf("failed to read %lu bytes of shstrs at off %lld: %s\n",
2212 		    shstrtabsz, (longlong_t)shp->sh_offset, strerror(errno));
2213 		goto out;
2214 	}
2215 
2216 	shstrtab[shstrtabsz] = '\0';
2217 
2218 	/*
2219 	 * Now iterate over each section in the section header table, locating
2220 	 * sections of interest and initializing more of the ps_prochandle.
2221 	 */
2222 	for (i = 0; i < efp->e_hdr.e_shnum; i++) {
2223 		shp = &shdrs[i];
2224 		name = shstrtab + shp->sh_name;
2225 
2226 		if (shp->sh_name >= shstrtabsz) {
2227 			dprintf("skipping section [%d]: corrupt sh_name\n", i);
2228 			continue;
2229 		}
2230 
2231 		if (shp->sh_link >= efp->e_hdr.e_shnum) {
2232 			dprintf("skipping section [%d]: corrupt sh_link\n", i);
2233 			continue;
2234 		}
2235 
2236 		dprintf("found section header %s (sh_addr 0x%llx)\n",
2237 		    name, (u_longlong_t)shp->sh_addr);
2238 
2239 		if (strcmp(name, ".SUNW_ctf") == 0) {
2240 			if ((mp = Paddr2mptr(P, shp->sh_addr)) == NULL) {
2241 				dprintf("no map at addr 0x%llx for %s [%d]\n",
2242 				    (u_longlong_t)shp->sh_addr, name, i);
2243 				continue;
2244 			}
2245 
2246 			if (mp->map_file == NULL ||
2247 			    mp->map_file->file_ctf_buf != NULL) {
2248 				dprintf("no mapping file or duplicate buffer "
2249 				    "for %s [%d]\n", name, i);
2250 				continue;
2251 			}
2252 
2253 			if ((buf = malloc(shp->sh_size)) == NULL ||
2254 			    pread64(efp->e_fd, buf, shp->sh_size,
2255 			    shp->sh_offset) != shp->sh_size) {
2256 				dprintf("skipping section %s [%d]: %s\n",
2257 				    name, i, strerror(errno));
2258 				free(buf);
2259 				continue;
2260 			}
2261 
2262 			mp->map_file->file_ctf_size = shp->sh_size;
2263 			mp->map_file->file_ctf_buf = buf;
2264 
2265 			if (shdrs[shp->sh_link].sh_type == SHT_DYNSYM)
2266 				mp->map_file->file_ctf_dyn = 1;
2267 
2268 		} else if (strcmp(name, ".symtab") == 0) {
2269 			fake_up_symtab(P, &efp->e_hdr,
2270 			    shp, &shdrs[shp->sh_link]);
2271 		}
2272 	}
2273 out:
2274 	free(shstrtab);
2275 	free(shdrs);
2276 }
2277 
2278 /*
2279  * Main engine for core file initialization: given an fd for the core file
2280  * and an optional pathname, construct the ps_prochandle.  The aout_path can
2281  * either be a suggested executable pathname, or a suggested directory to
2282  * use as a possible current working directory.
2283  */
2284 struct ps_prochandle *
2285 Pfgrab_core(int core_fd, const char *aout_path, int *perr)
2286 {
2287 	struct ps_prochandle *P;
2288 	core_info_t *core_info;
2289 	map_info_t *stk_mp, *brk_mp;
2290 	const char *execname;
2291 	char *interp;
2292 	int i, notes, pagesize;
2293 	uintptr_t addr, base_addr;
2294 	struct stat64 stbuf;
2295 	void *phbuf, *php;
2296 	size_t nbytes;
2297 #ifdef __x86
2298 	boolean_t from_linux = B_FALSE;
2299 #endif
2300 
2301 	elf_file_t aout;
2302 	elf_file_t core;
2303 
2304 	Elf_Scn *scn, *intp_scn = NULL;
2305 	Elf_Data *dp;
2306 
2307 	GElf_Phdr phdr, note_phdr;
2308 	GElf_Shdr shdr;
2309 	GElf_Xword nleft;
2310 
2311 	if (elf_version(EV_CURRENT) == EV_NONE) {
2312 		dprintf("libproc ELF version is more recent than libelf\n");
2313 		*perr = G_ELF;
2314 		return (NULL);
2315 	}
2316 
2317 	aout.e_elf = NULL;
2318 	aout.e_fd = -1;
2319 
2320 	core.e_elf = NULL;
2321 	core.e_fd = core_fd;
2322 
2323 	/*
2324 	 * Allocate and initialize a ps_prochandle structure for the core.
2325 	 * There are several key pieces of initialization here:
2326 	 *
2327 	 * 1. The PS_DEAD state flag marks this prochandle as a core file.
2328 	 *    PS_DEAD also thus prevents all operations which require state
2329 	 *    to be PS_STOP from operating on this handle.
2330 	 *
2331 	 * 2. We keep the core file fd in P->asfd since the core file contains
2332 	 *    the remnants of the process address space.
2333 	 *
2334 	 * 3. We set the P->info_valid bit because all information about the
2335 	 *    core is determined by the end of this function; there is no need
2336 	 *    for proc_update_maps() to reload mappings at any later point.
2337 	 *
2338 	 * 4. The read/write ops vector uses our core_rw() function defined
2339 	 *    above to handle i/o requests.
2340 	 */
2341 	if ((P = malloc(sizeof (struct ps_prochandle))) == NULL) {
2342 		*perr = G_STRANGE;
2343 		return (NULL);
2344 	}
2345 
2346 	(void) memset(P, 0, sizeof (struct ps_prochandle));
2347 	(void) mutex_init(&P->proc_lock, USYNC_THREAD, NULL);
2348 	P->state = PS_DEAD;
2349 	P->pid = (pid_t)-1;
2350 	P->asfd = core.e_fd;
2351 	P->ctlfd = -1;
2352 	P->statfd = -1;
2353 	P->agentctlfd = -1;
2354 	P->agentstatfd = -1;
2355 	P->zoneroot = NULL;
2356 	P->info_valid = 1;
2357 	Pinit_ops(&P->ops, &P_core_ops);
2358 
2359 	Pinitsym(P);
2360 
2361 	/*
2362 	 * Fstat and open the core file and make sure it is a valid ELF core.
2363 	 */
2364 	if (fstat64(P->asfd, &stbuf) == -1) {
2365 		*perr = G_STRANGE;
2366 		goto err;
2367 	}
2368 
2369 	if (core_elf_fdopen(&core, ET_CORE, perr) == -1)
2370 		goto err;
2371 
2372 	/*
2373 	 * Allocate and initialize a core_info_t to hang off the ps_prochandle
2374 	 * structure.  We keep all core-specific information in this structure.
2375 	 */
2376 	if ((core_info = calloc(1, sizeof (core_info_t))) == NULL) {
2377 		*perr = G_STRANGE;
2378 		goto err;
2379 	}
2380 
2381 	P->data = core_info;
2382 	list_link(&core_info->core_lwp_head, NULL);
2383 	core_info->core_size = stbuf.st_size;
2384 	/*
2385 	 * In the days before adjustable core file content, this was the
2386 	 * default core file content. For new core files, this value will
2387 	 * be overwritten by the NT_CONTENT note section.
2388 	 */
2389 	core_info->core_content = CC_CONTENT_STACK | CC_CONTENT_HEAP |
2390 	    CC_CONTENT_DATA | CC_CONTENT_RODATA | CC_CONTENT_ANON |
2391 	    CC_CONTENT_SHANON;
2392 
2393 	switch (core.e_hdr.e_ident[EI_CLASS]) {
2394 	case ELFCLASS32:
2395 		core_info->core_dmodel = PR_MODEL_ILP32;
2396 		break;
2397 	case ELFCLASS64:
2398 		core_info->core_dmodel = PR_MODEL_LP64;
2399 		break;
2400 	default:
2401 		*perr = G_FORMAT;
2402 		goto err;
2403 	}
2404 	core_info->core_osabi = core.e_hdr.e_ident[EI_OSABI];
2405 
2406 	/*
2407 	 * Because the core file may be a large file, we can't use libelf to
2408 	 * read the Phdrs.  We use e_phnum and e_phentsize to simplify things.
2409 	 */
2410 	nbytes = core.e_hdr.e_phnum * core.e_hdr.e_phentsize;
2411 
2412 	if ((phbuf = malloc(nbytes)) == NULL) {
2413 		*perr = G_STRANGE;
2414 		goto err;
2415 	}
2416 
2417 	if (pread64(core_fd, phbuf, nbytes, core.e_hdr.e_phoff) != nbytes) {
2418 		*perr = G_STRANGE;
2419 		free(phbuf);
2420 		goto err;
2421 	}
2422 
2423 	/*
2424 	 * Iterate through the program headers in the core file.
2425 	 * We're interested in two types of Phdrs: PT_NOTE (which
2426 	 * contains a set of saved /proc structures), and PT_LOAD (which
2427 	 * represents a memory mapping from the process's address space).
2428 	 * In the case of PT_NOTE, we're interested in the last PT_NOTE
2429 	 * in the core file; currently the first PT_NOTE (if present)
2430 	 * contains /proc structs in the pre-2.6 unstructured /proc format.
2431 	 */
2432 	for (php = phbuf, notes = 0, i = 0; i < core.e_hdr.e_phnum; i++) {
2433 		if (core.e_hdr.e_ident[EI_CLASS] == ELFCLASS64)
2434 			(void) memcpy(&phdr, php, sizeof (GElf_Phdr));
2435 		else
2436 			core_phdr_to_gelf(php, &phdr);
2437 
2438 		switch (phdr.p_type) {
2439 		case PT_NOTE:
2440 			note_phdr = phdr;
2441 			notes++;
2442 			break;
2443 
2444 		case PT_LOAD:
2445 			if (core_add_mapping(P, &phdr) == -1) {
2446 				*perr = G_STRANGE;
2447 				free(phbuf);
2448 				goto err;
2449 			}
2450 			break;
2451 		default:
2452 			dprintf("Pgrab_core: unknown phdr %d\n", phdr.p_type);
2453 			break;
2454 		}
2455 
2456 		php = (char *)php + core.e_hdr.e_phentsize;
2457 	}
2458 
2459 	free(phbuf);
2460 
2461 	Psort_mappings(P);
2462 
2463 	/*
2464 	 * If we couldn't find anything of type PT_NOTE, or only one PT_NOTE
2465 	 * was present, abort.  The core file is either corrupt or too old.
2466 	 */
2467 	if (notes == 0 || (notes == 1 && core_info->core_osabi ==
2468 	    ELFOSABI_SOLARIS)) {
2469 		*perr = G_NOTE;
2470 		goto err;
2471 	}
2472 
2473 	/*
2474 	 * Advance the seek pointer to the start of the PT_NOTE data
2475 	 */
2476 	if (lseek64(P->asfd, note_phdr.p_offset, SEEK_SET) == (off64_t)-1) {
2477 		dprintf("Pgrab_core: failed to lseek to PT_NOTE data\n");
2478 		*perr = G_STRANGE;
2479 		goto err;
2480 	}
2481 
2482 	/*
2483 	 * Now process the PT_NOTE structures.  Each one is preceded by
2484 	 * an Elf{32/64}_Nhdr structure describing its type and size.
2485 	 *
2486 	 *  +--------+
2487 	 *  | header |
2488 	 *  +--------+
2489 	 *  | name   |
2490 	 *  | ...    |
2491 	 *  +--------+
2492 	 *  | desc   |
2493 	 *  | ...    |
2494 	 *  +--------+
2495 	 */
2496 	for (nleft = note_phdr.p_filesz; nleft > 0; ) {
2497 		Elf64_Nhdr nhdr;
2498 		off64_t off, namesz, descsz;
2499 
2500 		/*
2501 		 * Although <sys/elf.h> defines both Elf32_Nhdr and Elf64_Nhdr
2502 		 * as different types, they are both of the same content and
2503 		 * size, so we don't need to worry about 32/64 conversion here.
2504 		 */
2505 		if (read(P->asfd, &nhdr, sizeof (nhdr)) != sizeof (nhdr)) {
2506 			dprintf("Pgrab_core: failed to read ELF note header\n");
2507 			*perr = G_NOTE;
2508 			goto err;
2509 		}
2510 
2511 		/*
2512 		 * According to the System V ABI, the amount of padding
2513 		 * following the name field should align the description
2514 		 * field on a 4 byte boundary for 32-bit binaries or on an 8
2515 		 * byte boundary for 64-bit binaries. However, this change
2516 		 * was not made correctly during the 64-bit port so all
2517 		 * descriptions can assume only 4-byte alignment. We ignore
2518 		 * the name field and the padding to 4-byte alignment.
2519 		 */
2520 		namesz = P2ROUNDUP((off64_t)nhdr.n_namesz, (off64_t)4);
2521 
2522 		if (lseek64(P->asfd, namesz, SEEK_CUR) == (off64_t)-1) {
2523 			dprintf("failed to seek past name and padding\n");
2524 			*perr = G_STRANGE;
2525 			goto err;
2526 		}
2527 
2528 		dprintf("Note hdr n_type=%u n_namesz=%u n_descsz=%u\n",
2529 		    nhdr.n_type, nhdr.n_namesz, nhdr.n_descsz);
2530 
2531 		off = lseek64(P->asfd, (off64_t)0L, SEEK_CUR);
2532 
2533 		/*
2534 		 * Invoke the note handler function from our table
2535 		 */
2536 		if (nhdr.n_type < sizeof (nhdlrs) / sizeof (nhdlrs[0])) {
2537 			if (nhdlrs[nhdr.n_type](P, nhdr.n_descsz) < 0) {
2538 				dprintf("handler for type %d returned < 0",
2539 				    nhdr.n_type);
2540 				*perr = G_NOTE;
2541 				goto err;
2542 			}
2543 			/*
2544 			 * The presence of either of these notes indicates that
2545 			 * the dump was generated on Linux.
2546 			 */
2547 #ifdef __x86
2548 			if (nhdr.n_type == NT_PRSTATUS ||
2549 			    nhdr.n_type == NT_PRPSINFO)
2550 				from_linux = B_TRUE;
2551 #endif
2552 		} else {
2553 			(void) note_notsup(P, nhdr.n_descsz);
2554 		}
2555 
2556 		/*
2557 		 * Seek past the current note data to the next Elf_Nhdr
2558 		 */
2559 		descsz = P2ROUNDUP((off64_t)nhdr.n_descsz, (off64_t)4);
2560 		if (lseek64(P->asfd, off + descsz, SEEK_SET) == (off64_t)-1) {
2561 			dprintf("Pgrab_core: failed to seek to next nhdr\n");
2562 			*perr = G_STRANGE;
2563 			goto err;
2564 		}
2565 
2566 		/*
2567 		 * Subtract the size of the header and its data from what
2568 		 * we have left to process.
2569 		 */
2570 		nleft -= sizeof (nhdr) + namesz + descsz;
2571 	}
2572 
2573 #ifdef __x86
2574 	if (from_linux) {
2575 		size_t tcount, pid;
2576 		lwp_info_t *lwp;
2577 
2578 		P->status.pr_dmodel = core_info->core_dmodel;
2579 
2580 		lwp = list_next(&core_info->core_lwp_head);
2581 
2582 		pid = P->status.pr_pid;
2583 
2584 		for (tcount = 0; tcount < core_info->core_nlwp;
2585 		    tcount++, lwp = list_next(lwp)) {
2586 			dprintf("Linux thread with id %d\n", lwp->lwp_id);
2587 
2588 			/*
2589 			 * In the case we don't have a valid psinfo (i.e. pid is
2590 			 * 0, probably because of gdb creating the core) assume
2591 			 * lowest pid count is the first thread (what if the
2592 			 * next thread wraps the pid around?)
2593 			 */
2594 			if (P->status.pr_pid == 0 &&
2595 			    ((pid == 0 && lwp->lwp_id > 0) ||
2596 			    (lwp->lwp_id < pid))) {
2597 				pid = lwp->lwp_id;
2598 			}
2599 		}
2600 
2601 		if (P->status.pr_pid != pid) {
2602 			dprintf("No valid pid, setting to %ld\n", (ulong_t)pid);
2603 			P->status.pr_pid = pid;
2604 			P->psinfo.pr_pid = pid;
2605 		}
2606 
2607 		/*
2608 		 * Consumers like mdb expect the first thread to actually have
2609 		 * an id of 1, on linux that is actually the pid. Find the the
2610 		 * thread with our process id, and set the id to 1
2611 		 */
2612 		if ((lwp = lwpid2info(P, pid)) == NULL) {
2613 			dprintf("Couldn't find first thread\n");
2614 			*perr = G_STRANGE;
2615 			goto err;
2616 		}
2617 
2618 		dprintf("setting representative thread: %d\n", lwp->lwp_id);
2619 
2620 		lwp->lwp_id = 1;
2621 		lwp->lwp_status.pr_lwpid = 1;
2622 
2623 		/* set representative thread */
2624 		(void) memcpy(&P->status.pr_lwp, &lwp->lwp_status,
2625 		    sizeof (P->status.pr_lwp));
2626 	}
2627 #endif /* __x86 */
2628 
2629 	if (nleft != 0) {
2630 		dprintf("Pgrab_core: note section malformed\n");
2631 		*perr = G_STRANGE;
2632 		goto err;
2633 	}
2634 
2635 	if ((pagesize = Pgetauxval(P, AT_PAGESZ)) == -1) {
2636 		pagesize = getpagesize();
2637 		dprintf("AT_PAGESZ missing; defaulting to %d\n", pagesize);
2638 	}
2639 
2640 	/*
2641 	 * Locate and label the mappings corresponding to the end of the
2642 	 * heap (MA_BREAK) and the base of the stack (MA_STACK).
2643 	 */
2644 	if ((P->status.pr_brkbase != 0 || P->status.pr_brksize != 0) &&
2645 	    (brk_mp = Paddr2mptr(P, P->status.pr_brkbase +
2646 	    P->status.pr_brksize - 1)) != NULL)
2647 		brk_mp->map_pmap.pr_mflags |= MA_BREAK;
2648 	else
2649 		brk_mp = NULL;
2650 
2651 	if ((stk_mp = Paddr2mptr(P, P->status.pr_stkbase)) != NULL)
2652 		stk_mp->map_pmap.pr_mflags |= MA_STACK;
2653 
2654 	/*
2655 	 * At this point, we have enough information to look for the
2656 	 * executable and open it: we have access to the auxv, a psinfo_t,
2657 	 * and the ability to read from mappings provided by the core file.
2658 	 */
2659 	(void) Pfindexec(P, aout_path, core_exec_open, &aout);
2660 	dprintf("P->execname = \"%s\"\n", P->execname ? P->execname : "NULL");
2661 	execname = P->execname ? P->execname : "a.out";
2662 
2663 	/*
2664 	 * Iterate through the sections, looking for the .dynamic and .interp
2665 	 * sections.  If we encounter them, remember their section pointers.
2666 	 */
2667 	for (scn = NULL; (scn = elf_nextscn(aout.e_elf, scn)) != NULL; ) {
2668 		char *sname;
2669 
2670 		if ((gelf_getshdr(scn, &shdr) == NULL) ||
2671 		    (sname = elf_strptr(aout.e_elf, aout.e_hdr.e_shstrndx,
2672 		    (size_t)shdr.sh_name)) == NULL)
2673 			continue;
2674 
2675 		if (strcmp(sname, ".interp") == 0)
2676 			intp_scn = scn;
2677 	}
2678 
2679 	/*
2680 	 * Get the AT_BASE auxv element.  If this is missing (-1), then
2681 	 * we assume this is a statically-linked executable.
2682 	 */
2683 	base_addr = Pgetauxval(P, AT_BASE);
2684 
2685 	/*
2686 	 * In order to get librtld_db initialized, we'll need to identify
2687 	 * and name the mapping corresponding to the run-time linker.  The
2688 	 * AT_BASE auxv element tells us the address where it was mapped,
2689 	 * and the .interp section of the executable tells us its path.
2690 	 * If for some reason that doesn't pan out, just use ld.so.1.
2691 	 */
2692 	if (intp_scn != NULL && (dp = elf_getdata(intp_scn, NULL)) != NULL &&
2693 	    dp->d_size != 0) {
2694 		dprintf(".interp = <%s>\n", (char *)dp->d_buf);
2695 		interp = dp->d_buf;
2696 
2697 	} else if (base_addr != (uintptr_t)-1L) {
2698 		if (core_info->core_dmodel == PR_MODEL_LP64)
2699 			interp = "/usr/lib/64/ld.so.1";
2700 		else
2701 			interp = "/usr/lib/ld.so.1";
2702 
2703 		dprintf(".interp section is missing or could not be read; "
2704 		    "defaulting to %s\n", interp);
2705 	} else
2706 		dprintf("detected statically linked executable\n");
2707 
2708 	/*
2709 	 * If we have an AT_BASE element, name the mapping at that address
2710 	 * using the interpreter pathname.  Name the corresponding data
2711 	 * mapping after the interpreter as well.
2712 	 */
2713 	if (base_addr != (uintptr_t)-1L) {
2714 		elf_file_t intf;
2715 
2716 		P->map_ldso = core_name_mapping(P, base_addr, interp);
2717 
2718 		if (core_elf_open(&intf, interp, ET_DYN, NULL) == 0) {
2719 			rd_loadobj_t rl;
2720 			map_info_t *dmp;
2721 
2722 			rl.rl_base = base_addr;
2723 			dmp = core_find_data(P, intf.e_elf, &rl);
2724 
2725 			if (dmp != NULL) {
2726 				dprintf("renamed data at %p to %s\n",
2727 				    (void *)rl.rl_data_base, interp);
2728 				(void) strncpy(dmp->map_pmap.pr_mapname,
2729 				    interp, PRMAPSZ);
2730 				dmp->map_pmap.pr_mapname[PRMAPSZ - 1] = '\0';
2731 			}
2732 		}
2733 
2734 		core_elf_close(&intf);
2735 	}
2736 
2737 	/*
2738 	 * If we have an AT_ENTRY element, name the mapping at that address
2739 	 * using the special name "a.out" just like /proc does.
2740 	 */
2741 	if ((addr = Pgetauxval(P, AT_ENTRY)) != (uintptr_t)-1L)
2742 		P->map_exec = core_name_mapping(P, addr, "a.out");
2743 
2744 	/*
2745 	 * If we're a statically linked executable (or we're on x86 and looking
2746 	 * at a Linux core dump), then just locate the executable's text and
2747 	 * data and name them after the executable.
2748 	 */
2749 #ifndef __x86
2750 	if (base_addr == (uintptr_t)-1L) {
2751 #else
2752 	if (base_addr == (uintptr_t)-1L || from_linux) {
2753 #endif
2754 		dprintf("looking for text and data: %s\n", execname);
2755 		map_info_t *tmp, *dmp;
2756 		file_info_t *fp;
2757 		rd_loadobj_t rl;
2758 
2759 		if ((tmp = core_find_text(P, aout.e_elf, &rl)) != NULL &&
2760 		    (dmp = core_find_data(P, aout.e_elf, &rl)) != NULL) {
2761 			(void) strncpy(tmp->map_pmap.pr_mapname,
2762 			    execname, PRMAPSZ);
2763 			tmp->map_pmap.pr_mapname[PRMAPSZ - 1] = '\0';
2764 			(void) strncpy(dmp->map_pmap.pr_mapname,
2765 			    execname, PRMAPSZ);
2766 			dmp->map_pmap.pr_mapname[PRMAPSZ - 1] = '\0';
2767 		}
2768 
2769 		if ((P->map_exec = tmp) != NULL &&
2770 		    (fp = malloc(sizeof (file_info_t))) != NULL) {
2771 
2772 			(void) memset(fp, 0, sizeof (file_info_t));
2773 
2774 			list_link(fp, &P->file_head);
2775 			tmp->map_file = fp;
2776 			P->num_files++;
2777 
2778 			fp->file_ref = 1;
2779 			fp->file_fd = -1;
2780 
2781 			fp->file_lo = malloc(sizeof (rd_loadobj_t));
2782 			fp->file_lname = strdup(execname);
2783 
2784 			if (fp->file_lo)
2785 				*fp->file_lo = rl;
2786 			if (fp->file_lname)
2787 				fp->file_lbase = basename(fp->file_lname);
2788 			if (fp->file_rname)
2789 				fp->file_rbase = basename(fp->file_rname);
2790 
2791 			(void) strcpy(fp->file_pname,
2792 			    P->mappings[0].map_pmap.pr_mapname);
2793 			fp->file_map = tmp;
2794 
2795 			Pbuild_file_symtab(P, fp);
2796 
2797 			if (dmp != NULL) {
2798 				dmp->map_file = fp;
2799 				fp->file_ref++;
2800 			}
2801 		}
2802 	}
2803 
2804 	core_elf_close(&aout);
2805 
2806 	/*
2807 	 * We now have enough information to initialize librtld_db.
2808 	 * After it warms up, we can iterate through the load object chain
2809 	 * in the core, which will allow us to construct the file info
2810 	 * we need to provide symbol information for the other shared
2811 	 * libraries, and also to fill in the missing mapping names.
2812 	 */
2813 	rd_log(_libproc_debug);
2814 
2815 	if ((P->rap = rd_new(P)) != NULL) {
2816 		(void) rd_loadobj_iter(P->rap, (rl_iter_f *)
2817 		    core_iter_mapping, P);
2818 
2819 		if (core_info->core_errno != 0) {
2820 			errno = core_info->core_errno;
2821 			*perr = G_STRANGE;
2822 			goto err;
2823 		}
2824 	} else
2825 		dprintf("failed to initialize rtld_db agent\n");
2826 
2827 	/*
2828 	 * If there are sections, load them and process the data from any
2829 	 * sections that we can use to annotate the file_info_t's.
2830 	 */
2831 	core_load_shdrs(P, &core);
2832 
2833 	/*
2834 	 * If we previously located a stack or break mapping, and they are
2835 	 * still anonymous, we now assume that they were MAP_ANON mappings.
2836 	 * If brk_mp turns out to now have a name, then the heap is still
2837 	 * sitting at the end of the executable's data+bss mapping: remove
2838 	 * the previous MA_BREAK setting to be consistent with /proc.
2839 	 */
2840 	if (stk_mp != NULL && stk_mp->map_pmap.pr_mapname[0] == '\0')
2841 		stk_mp->map_pmap.pr_mflags |= MA_ANON;
2842 	if (brk_mp != NULL && brk_mp->map_pmap.pr_mapname[0] == '\0')
2843 		brk_mp->map_pmap.pr_mflags |= MA_ANON;
2844 	else if (brk_mp != NULL)
2845 		brk_mp->map_pmap.pr_mflags &= ~MA_BREAK;
2846 
2847 	*perr = 0;
2848 	return (P);
2849 
2850 err:
2851 	Pfree(P);
2852 	core_elf_close(&aout);
2853 	return (NULL);
2854 }
2855 
2856 /*
2857  * Grab a core file using a pathname.  We just open it and call Pfgrab_core().
2858  */
2859 struct ps_prochandle *
2860 Pgrab_core(const char *core, const char *aout, int gflag, int *perr)
2861 {
2862 	int fd, oflag = (gflag & PGRAB_RDONLY) ? O_RDONLY : O_RDWR;
2863 
2864 	if ((fd = open64(core, oflag)) >= 0)
2865 		return (Pfgrab_core(fd, aout, perr));
2866 
2867 	if (errno != ENOENT)
2868 		*perr = G_STRANGE;
2869 	else
2870 		*perr = G_NOCORE;
2871 
2872 	return (NULL);
2873 }
2874