1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * linux/fs/binfmt_elf.c 4 * 5 * These are the functions used to load ELF format executables as used 6 * on SVr4 machines. Information on the format may be found in the book 7 * "UNIX SYSTEM V RELEASE 4 Programmers Guide: Ansi C and Programming Support 8 * Tools". 9 * 10 * Copyright 1993, 1994: Eric Youngdale (ericy@cais.com). 11 */ 12 13 #include <linux/module.h> 14 #include <linux/kernel.h> 15 #include <linux/fs.h> 16 #include <linux/log2.h> 17 #include <linux/mm.h> 18 #include <linux/mman.h> 19 #include <linux/errno.h> 20 #include <linux/signal.h> 21 #include <linux/binfmts.h> 22 #include <linux/string.h> 23 #include <linux/file.h> 24 #include <linux/slab.h> 25 #include <linux/personality.h> 26 #include <linux/elfcore.h> 27 #include <linux/init.h> 28 #include <linux/highuid.h> 29 #include <linux/compiler.h> 30 #include <linux/highmem.h> 31 #include <linux/hugetlb.h> 32 #include <linux/pagemap.h> 33 #include <linux/vmalloc.h> 34 #include <linux/security.h> 35 #include <linux/random.h> 36 #include <linux/elf.h> 37 #include <linux/elf-randomize.h> 38 #include <linux/utsname.h> 39 #include <linux/coredump.h> 40 #include <linux/sched.h> 41 #include <linux/sched/coredump.h> 42 #include <linux/sched/task_stack.h> 43 #include <linux/sched/cputime.h> 44 #include <linux/sizes.h> 45 #include <linux/types.h> 46 #include <linux/cred.h> 47 #include <linux/dax.h> 48 #include <linux/uaccess.h> 49 #include <linux/rseq.h> 50 #include <asm/param.h> 51 #include <asm/page.h> 52 53 #ifndef ELF_COMPAT 54 #define ELF_COMPAT 0 55 #endif 56 57 #ifndef user_long_t 58 #define user_long_t long 59 #endif 60 #ifndef user_siginfo_t 61 #define user_siginfo_t siginfo_t 62 #endif 63 64 /* That's for binfmt_elf_fdpic to deal with */ 65 #ifndef elf_check_fdpic 66 #define elf_check_fdpic(ex) false 67 #endif 68 69 static int load_elf_binary(struct linux_binprm *bprm); 70 71 /* 72 * If we don't support core dumping, then supply a NULL so we 73 * don't even try. 74 */ 75 #ifdef CONFIG_ELF_CORE 76 static int elf_core_dump(struct coredump_params *cprm); 77 #else 78 #define elf_core_dump NULL 79 #endif 80 81 #if ELF_EXEC_PAGESIZE > PAGE_SIZE 82 #define ELF_MIN_ALIGN ELF_EXEC_PAGESIZE 83 #else 84 #define ELF_MIN_ALIGN PAGE_SIZE 85 #endif 86 87 #ifndef ELF_CORE_EFLAGS 88 #define ELF_CORE_EFLAGS 0 89 #endif 90 91 #define ELF_PAGESTART(_v) ((_v) & ~(int)(ELF_MIN_ALIGN-1)) 92 #define ELF_PAGEOFFSET(_v) ((_v) & (ELF_MIN_ALIGN-1)) 93 #define ELF_PAGEALIGN(_v) (((_v) + ELF_MIN_ALIGN - 1) & ~(ELF_MIN_ALIGN - 1)) 94 95 static struct linux_binfmt elf_format = { 96 .module = THIS_MODULE, 97 .load_binary = load_elf_binary, 98 #ifdef CONFIG_COREDUMP 99 .core_dump = elf_core_dump, 100 .min_coredump = ELF_EXEC_PAGESIZE, 101 #endif 102 }; 103 104 #define BAD_ADDR(x) (unlikely((unsigned long)(x) >= TASK_SIZE)) 105 106 /* 107 * We need to explicitly zero any trailing portion of the page that follows 108 * p_filesz when it ends before the page ends (e.g. bss), otherwise this 109 * memory will contain the junk from the file that should not be present. 110 */ 111 static int padzero(unsigned long address) 112 { 113 unsigned long nbyte; 114 115 nbyte = ELF_PAGEOFFSET(address); 116 if (nbyte) { 117 nbyte = ELF_MIN_ALIGN - nbyte; 118 if (clear_user((void __user *)address, nbyte)) 119 return -EFAULT; 120 } 121 return 0; 122 } 123 124 /* Let's use some macros to make this stack manipulation a little clearer */ 125 #ifdef CONFIG_STACK_GROWSUP 126 #define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) + (items)) 127 #define STACK_ROUND(sp, items) \ 128 ((15 + (unsigned long) ((sp) + (items))) &~ 15UL) 129 #define STACK_ALLOC(sp, len) ({ \ 130 elf_addr_t __user *old_sp = (elf_addr_t __user *)sp; sp += len; \ 131 old_sp; }) 132 #else 133 #define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) - (items)) 134 #define STACK_ROUND(sp, items) \ 135 (((unsigned long) (sp - items)) &~ 15UL) 136 #define STACK_ALLOC(sp, len) (sp -= len) 137 #endif 138 139 #ifndef ELF_BASE_PLATFORM 140 /* 141 * AT_BASE_PLATFORM indicates the "real" hardware/microarchitecture. 142 * If the arch defines ELF_BASE_PLATFORM (in asm/elf.h), the value 143 * will be copied to the user stack in the same manner as AT_PLATFORM. 144 */ 145 #define ELF_BASE_PLATFORM NULL 146 #endif 147 148 static int 149 create_elf_tables(struct linux_binprm *bprm, const struct elfhdr *exec, 150 unsigned long interp_load_addr, 151 unsigned long e_entry, unsigned long phdr_addr) 152 { 153 struct mm_struct *mm = current->mm; 154 unsigned long p = bprm->p; 155 int argc = bprm->argc; 156 int envc = bprm->envc; 157 elf_addr_t __user *sp; 158 elf_addr_t __user *u_platform; 159 elf_addr_t __user *u_base_platform; 160 elf_addr_t __user *u_rand_bytes; 161 const char *k_platform = ELF_PLATFORM; 162 const char *k_base_platform = ELF_BASE_PLATFORM; 163 unsigned char k_rand_bytes[16]; 164 int items; 165 elf_addr_t *elf_info; 166 elf_addr_t flags = 0; 167 int ei_index; 168 const struct cred *cred = current_cred(); 169 struct vm_area_struct *vma; 170 171 /* 172 * In some cases (e.g. Hyper-Threading), we want to avoid L1 173 * evictions by the processes running on the same package. One 174 * thing we can do is to shuffle the initial stack for them. 175 */ 176 177 p = arch_align_stack(p); 178 179 /* 180 * If this architecture has a platform capability string, copy it 181 * to userspace. In some cases (Sparc), this info is impossible 182 * for userspace to get any other way, in others (i386) it is 183 * merely difficult. 184 */ 185 u_platform = NULL; 186 if (k_platform) { 187 size_t len = strlen(k_platform) + 1; 188 189 u_platform = (elf_addr_t __user *)STACK_ALLOC(p, len); 190 if (copy_to_user(u_platform, k_platform, len)) 191 return -EFAULT; 192 } 193 194 /* 195 * If this architecture has a "base" platform capability 196 * string, copy it to userspace. 197 */ 198 u_base_platform = NULL; 199 if (k_base_platform) { 200 size_t len = strlen(k_base_platform) + 1; 201 202 u_base_platform = (elf_addr_t __user *)STACK_ALLOC(p, len); 203 if (copy_to_user(u_base_platform, k_base_platform, len)) 204 return -EFAULT; 205 } 206 207 /* 208 * Generate 16 random bytes for userspace PRNG seeding. 209 */ 210 get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes)); 211 u_rand_bytes = (elf_addr_t __user *) 212 STACK_ALLOC(p, sizeof(k_rand_bytes)); 213 if (copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes))) 214 return -EFAULT; 215 216 /* Create the ELF interpreter info */ 217 elf_info = (elf_addr_t *)mm->saved_auxv; 218 /* update AT_VECTOR_SIZE_BASE if the number of NEW_AUX_ENT() changes */ 219 #define NEW_AUX_ENT(id, val) \ 220 do { \ 221 *elf_info++ = id; \ 222 *elf_info++ = val; \ 223 } while (0) 224 225 #ifdef ARCH_DLINFO 226 /* 227 * ARCH_DLINFO must come first so PPC can do its special alignment of 228 * AUXV. 229 * update AT_VECTOR_SIZE_ARCH if the number of NEW_AUX_ENT() in 230 * ARCH_DLINFO changes 231 */ 232 ARCH_DLINFO; 233 #endif 234 NEW_AUX_ENT(AT_HWCAP, ELF_HWCAP); 235 NEW_AUX_ENT(AT_PAGESZ, ELF_EXEC_PAGESIZE); 236 NEW_AUX_ENT(AT_CLKTCK, CLOCKS_PER_SEC); 237 NEW_AUX_ENT(AT_PHDR, phdr_addr); 238 NEW_AUX_ENT(AT_PHENT, sizeof(struct elf_phdr)); 239 NEW_AUX_ENT(AT_PHNUM, exec->e_phnum); 240 NEW_AUX_ENT(AT_BASE, interp_load_addr); 241 if (bprm->interp_flags & BINPRM_FLAGS_PRESERVE_ARGV0) 242 flags |= AT_FLAGS_PRESERVE_ARGV0; 243 NEW_AUX_ENT(AT_FLAGS, flags); 244 NEW_AUX_ENT(AT_ENTRY, e_entry); 245 NEW_AUX_ENT(AT_UID, from_kuid_munged(cred->user_ns, cred->uid)); 246 NEW_AUX_ENT(AT_EUID, from_kuid_munged(cred->user_ns, cred->euid)); 247 NEW_AUX_ENT(AT_GID, from_kgid_munged(cred->user_ns, cred->gid)); 248 NEW_AUX_ENT(AT_EGID, from_kgid_munged(cred->user_ns, cred->egid)); 249 NEW_AUX_ENT(AT_SECURE, bprm->secureexec); 250 NEW_AUX_ENT(AT_RANDOM, (elf_addr_t)(unsigned long)u_rand_bytes); 251 #ifdef ELF_HWCAP2 252 NEW_AUX_ENT(AT_HWCAP2, ELF_HWCAP2); 253 #endif 254 #ifdef ELF_HWCAP3 255 NEW_AUX_ENT(AT_HWCAP3, ELF_HWCAP3); 256 #endif 257 #ifdef ELF_HWCAP4 258 NEW_AUX_ENT(AT_HWCAP4, ELF_HWCAP4); 259 #endif 260 NEW_AUX_ENT(AT_EXECFN, bprm->exec); 261 if (k_platform) { 262 NEW_AUX_ENT(AT_PLATFORM, 263 (elf_addr_t)(unsigned long)u_platform); 264 } 265 if (k_base_platform) { 266 NEW_AUX_ENT(AT_BASE_PLATFORM, 267 (elf_addr_t)(unsigned long)u_base_platform); 268 } 269 if (bprm->have_execfd) { 270 NEW_AUX_ENT(AT_EXECFD, bprm->execfd); 271 } 272 #ifdef CONFIG_RSEQ 273 NEW_AUX_ENT(AT_RSEQ_FEATURE_SIZE, offsetof(struct rseq, end)); 274 NEW_AUX_ENT(AT_RSEQ_ALIGN, __alignof__(struct rseq)); 275 #endif 276 #undef NEW_AUX_ENT 277 /* AT_NULL is zero; clear the rest too */ 278 memset(elf_info, 0, (char *)mm->saved_auxv + 279 sizeof(mm->saved_auxv) - (char *)elf_info); 280 281 /* And advance past the AT_NULL entry. */ 282 elf_info += 2; 283 284 ei_index = elf_info - (elf_addr_t *)mm->saved_auxv; 285 sp = STACK_ADD(p, ei_index); 286 287 items = (argc + 1) + (envc + 1) + 1; 288 bprm->p = STACK_ROUND(sp, items); 289 290 /* Point sp at the lowest address on the stack */ 291 #ifdef CONFIG_STACK_GROWSUP 292 sp = (elf_addr_t __user *)bprm->p - items - ei_index; 293 bprm->exec = (unsigned long)sp; /* XXX: PARISC HACK */ 294 #else 295 sp = (elf_addr_t __user *)bprm->p; 296 #endif 297 298 299 /* 300 * Grow the stack manually; some architectures have a limit on how 301 * far ahead a user-space access may be in order to grow the stack. 302 */ 303 if (mmap_write_lock_killable(mm)) 304 return -EINTR; 305 vma = find_extend_vma_locked(mm, bprm->p); 306 mmap_write_unlock(mm); 307 if (!vma) 308 return -EFAULT; 309 310 /* Now, let's put argc (and argv, envp if appropriate) on the stack */ 311 if (put_user(argc, sp++)) 312 return -EFAULT; 313 314 /* Populate list of argv pointers back to argv strings. */ 315 p = mm->arg_end = mm->arg_start; 316 while (argc-- > 0) { 317 size_t len; 318 if (put_user((elf_addr_t)p, sp++)) 319 return -EFAULT; 320 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN); 321 if (!len || len > MAX_ARG_STRLEN) 322 return -EINVAL; 323 p += len; 324 } 325 if (put_user(0, sp++)) 326 return -EFAULT; 327 mm->arg_end = p; 328 329 /* Populate list of envp pointers back to envp strings. */ 330 mm->env_end = mm->env_start = p; 331 while (envc-- > 0) { 332 size_t len; 333 if (put_user((elf_addr_t)p, sp++)) 334 return -EFAULT; 335 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN); 336 if (!len || len > MAX_ARG_STRLEN) 337 return -EINVAL; 338 p += len; 339 } 340 if (put_user(0, sp++)) 341 return -EFAULT; 342 mm->env_end = p; 343 344 /* Put the elf_info on the stack in the right place. */ 345 if (copy_to_user(sp, mm->saved_auxv, ei_index * sizeof(elf_addr_t))) 346 return -EFAULT; 347 return 0; 348 } 349 350 /* 351 * Map "eppnt->p_filesz" bytes from "filep" offset "eppnt->p_offset" 352 * into memory at "addr". (Note that p_filesz is rounded up to the 353 * next page, so any extra bytes from the file must be wiped.) 354 */ 355 static unsigned long elf_map(struct file *filep, unsigned long addr, 356 const struct elf_phdr *eppnt, int prot, int type, 357 unsigned long total_size) 358 { 359 unsigned long map_addr; 360 unsigned long size = eppnt->p_filesz + ELF_PAGEOFFSET(eppnt->p_vaddr); 361 unsigned long off = eppnt->p_offset - ELF_PAGEOFFSET(eppnt->p_vaddr); 362 addr = ELF_PAGESTART(addr); 363 size = ELF_PAGEALIGN(size); 364 365 /* mmap() will return -EINVAL if given a zero size, but a 366 * segment with zero filesize is perfectly valid */ 367 if (!size) 368 return addr; 369 370 /* 371 * total_size is the size of the ELF (interpreter) image. 372 * The _first_ mmap needs to know the full size, otherwise 373 * randomization might put this image into an overlapping 374 * position with the ELF binary image. (since size < total_size) 375 * So we first map the 'big' image - and unmap the remainder at 376 * the end. (which unmap is needed for ELF images with holes.) 377 */ 378 if (total_size) { 379 total_size = ELF_PAGEALIGN(total_size); 380 map_addr = vm_mmap(filep, addr, total_size, prot, type, off); 381 if (!BAD_ADDR(map_addr)) 382 vm_munmap(map_addr+size, total_size-size); 383 } else 384 map_addr = vm_mmap(filep, addr, size, prot, type, off); 385 386 if ((type & MAP_FIXED_NOREPLACE) && 387 PTR_ERR((void *)map_addr) == -EEXIST) 388 pr_info("%d (%s): Uhuuh, elf segment at %px requested but the memory is mapped already\n", 389 task_pid_nr(current), current->comm, (void *)addr); 390 391 return(map_addr); 392 } 393 394 /* 395 * Map "eppnt->p_filesz" bytes from "filep" offset "eppnt->p_offset" 396 * into memory at "addr". Memory from "p_filesz" through "p_memsz" 397 * rounded up to the next page is zeroed. 398 */ 399 static unsigned long elf_load(struct file *filep, unsigned long addr, 400 const struct elf_phdr *eppnt, int prot, int type, 401 unsigned long total_size) 402 { 403 unsigned long zero_start, zero_end; 404 unsigned long map_addr; 405 406 if (eppnt->p_filesz) { 407 map_addr = elf_map(filep, addr, eppnt, prot, type, total_size); 408 if (BAD_ADDR(map_addr)) 409 return map_addr; 410 if (eppnt->p_memsz > eppnt->p_filesz) { 411 zero_start = map_addr + ELF_PAGEOFFSET(eppnt->p_vaddr) + 412 eppnt->p_filesz; 413 zero_end = map_addr + ELF_PAGEOFFSET(eppnt->p_vaddr) + 414 eppnt->p_memsz; 415 416 /* 417 * Zero the end of the last mapped page but ignore 418 * any errors if the segment isn't writable. 419 */ 420 if (padzero(zero_start) && (prot & PROT_WRITE)) 421 return -EFAULT; 422 } 423 } else { 424 map_addr = zero_start = ELF_PAGESTART(addr); 425 zero_end = zero_start + ELF_PAGEOFFSET(eppnt->p_vaddr) + 426 eppnt->p_memsz; 427 } 428 if (eppnt->p_memsz > eppnt->p_filesz) { 429 /* 430 * Map the last of the segment. 431 * If the header is requesting these pages to be 432 * executable, honour that (ppc32 needs this). 433 */ 434 int error; 435 436 zero_start = ELF_PAGEALIGN(zero_start); 437 zero_end = ELF_PAGEALIGN(zero_end); 438 439 error = vm_brk_flags(zero_start, zero_end - zero_start, 440 prot & PROT_EXEC ? VM_EXEC : 0); 441 if (error) 442 map_addr = error; 443 } 444 return map_addr; 445 } 446 447 448 static unsigned long total_mapping_size(const struct elf_phdr *phdr, int nr) 449 { 450 elf_addr_t min_addr = -1; 451 elf_addr_t max_addr = 0; 452 bool pt_load = false; 453 int i; 454 455 for (i = 0; i < nr; i++) { 456 if (phdr[i].p_type == PT_LOAD) { 457 min_addr = min(min_addr, ELF_PAGESTART(phdr[i].p_vaddr)); 458 max_addr = max(max_addr, phdr[i].p_vaddr + phdr[i].p_memsz); 459 pt_load = true; 460 } 461 } 462 return pt_load ? (max_addr - min_addr) : 0; 463 } 464 465 static int elf_read(struct file *file, void *buf, size_t len, loff_t pos) 466 { 467 ssize_t rv; 468 469 rv = kernel_read(file, buf, len, &pos); 470 if (unlikely(rv != len)) { 471 return (rv < 0) ? rv : -EIO; 472 } 473 return 0; 474 } 475 476 static unsigned long maximum_alignment(struct elf_phdr *cmds, int nr) 477 { 478 unsigned long alignment = 0; 479 int i; 480 481 for (i = 0; i < nr; i++) { 482 if (cmds[i].p_type == PT_LOAD) { 483 unsigned long p_align = cmds[i].p_align; 484 485 /* skip non-power of two alignments as invalid */ 486 if (!is_power_of_2(p_align)) 487 continue; 488 alignment = max(alignment, p_align); 489 } 490 } 491 492 /* ensure we align to at least one page */ 493 return ELF_PAGEALIGN(alignment); 494 } 495 496 /** 497 * load_elf_phdrs() - load ELF program headers 498 * @elf_ex: ELF header of the binary whose program headers should be loaded 499 * @elf_file: the opened ELF binary file 500 * 501 * Loads ELF program headers from the binary file elf_file, which has the ELF 502 * header pointed to by elf_ex, into a newly allocated array. The caller is 503 * responsible for freeing the allocated data. Returns NULL upon failure. 504 */ 505 static struct elf_phdr *load_elf_phdrs(const struct elfhdr *elf_ex, 506 struct file *elf_file) 507 { 508 struct elf_phdr *elf_phdata = NULL; 509 int retval = -1; 510 unsigned int size; 511 512 /* 513 * If the size of this structure has changed, then punt, since 514 * we will be doing the wrong thing. 515 */ 516 if (elf_ex->e_phentsize != sizeof(struct elf_phdr)) 517 goto out; 518 519 /* Sanity check the number of program headers... */ 520 /* ...and their total size. */ 521 size = sizeof(struct elf_phdr) * elf_ex->e_phnum; 522 if (size == 0 || size > 65536) 523 goto out; 524 525 elf_phdata = kmalloc(size, GFP_KERNEL); 526 if (!elf_phdata) 527 goto out; 528 529 /* Read in the program headers */ 530 retval = elf_read(elf_file, elf_phdata, size, elf_ex->e_phoff); 531 532 out: 533 if (retval) { 534 kfree(elf_phdata); 535 elf_phdata = NULL; 536 } 537 return elf_phdata; 538 } 539 540 #ifndef CONFIG_ARCH_BINFMT_ELF_STATE 541 542 /** 543 * struct arch_elf_state - arch-specific ELF loading state 544 * 545 * This structure is used to preserve architecture specific data during 546 * the loading of an ELF file, throughout the checking of architecture 547 * specific ELF headers & through to the point where the ELF load is 548 * known to be proceeding (ie. SET_PERSONALITY). 549 * 550 * This implementation is a dummy for architectures which require no 551 * specific state. 552 */ 553 struct arch_elf_state { 554 }; 555 556 #define INIT_ARCH_ELF_STATE {} 557 558 /** 559 * arch_elf_pt_proc() - check a PT_LOPROC..PT_HIPROC ELF program header 560 * @ehdr: The main ELF header 561 * @phdr: The program header to check 562 * @elf: The open ELF file 563 * @is_interp: True if the phdr is from the interpreter of the ELF being 564 * loaded, else false. 565 * @state: Architecture-specific state preserved throughout the process 566 * of loading the ELF. 567 * 568 * Inspects the program header phdr to validate its correctness and/or 569 * suitability for the system. Called once per ELF program header in the 570 * range PT_LOPROC to PT_HIPROC, for both the ELF being loaded and its 571 * interpreter. 572 * 573 * Return: Zero to proceed with the ELF load, non-zero to fail the ELF load 574 * with that return code. 575 */ 576 static inline int arch_elf_pt_proc(struct elfhdr *ehdr, 577 struct elf_phdr *phdr, 578 struct file *elf, bool is_interp, 579 struct arch_elf_state *state) 580 { 581 /* Dummy implementation, always proceed */ 582 return 0; 583 } 584 585 /** 586 * arch_check_elf() - check an ELF executable 587 * @ehdr: The main ELF header 588 * @has_interp: True if the ELF has an interpreter, else false. 589 * @interp_ehdr: The interpreter's ELF header 590 * @state: Architecture-specific state preserved throughout the process 591 * of loading the ELF. 592 * 593 * Provides a final opportunity for architecture code to reject the loading 594 * of the ELF & cause an exec syscall to return an error. This is called after 595 * all program headers to be checked by arch_elf_pt_proc have been. 596 * 597 * Return: Zero to proceed with the ELF load, non-zero to fail the ELF load 598 * with that return code. 599 */ 600 static inline int arch_check_elf(struct elfhdr *ehdr, bool has_interp, 601 struct elfhdr *interp_ehdr, 602 struct arch_elf_state *state) 603 { 604 /* Dummy implementation, always proceed */ 605 return 0; 606 } 607 608 #endif /* !CONFIG_ARCH_BINFMT_ELF_STATE */ 609 610 static inline int make_prot(u32 p_flags, struct arch_elf_state *arch_state, 611 bool has_interp, bool is_interp) 612 { 613 int prot = 0; 614 615 if (p_flags & PF_R) 616 prot |= PROT_READ; 617 if (p_flags & PF_W) 618 prot |= PROT_WRITE; 619 if (p_flags & PF_X) 620 prot |= PROT_EXEC; 621 622 return arch_elf_adjust_prot(prot, arch_state, has_interp, is_interp); 623 } 624 625 /* This is much more generalized than the library routine read function, 626 so we keep this separate. Technically the library read function 627 is only provided so that we can read a.out libraries that have 628 an ELF header */ 629 630 static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, 631 struct file *interpreter, 632 unsigned long no_base, struct elf_phdr *interp_elf_phdata, 633 struct arch_elf_state *arch_state) 634 { 635 struct elf_phdr *eppnt; 636 unsigned long load_addr = 0; 637 int load_addr_set = 0; 638 unsigned long error = ~0UL; 639 unsigned long total_size; 640 int i; 641 642 /* First of all, some simple consistency checks */ 643 if (interp_elf_ex->e_type != ET_EXEC && 644 interp_elf_ex->e_type != ET_DYN) 645 goto out; 646 if (!elf_check_arch(interp_elf_ex) || 647 elf_check_fdpic(interp_elf_ex)) 648 goto out; 649 if (!can_mmap_file(interpreter)) 650 goto out; 651 652 total_size = total_mapping_size(interp_elf_phdata, 653 interp_elf_ex->e_phnum); 654 if (!total_size) { 655 error = -EINVAL; 656 goto out; 657 } 658 659 eppnt = interp_elf_phdata; 660 for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) { 661 if (eppnt->p_type == PT_LOAD) { 662 int elf_type = MAP_PRIVATE; 663 int elf_prot = make_prot(eppnt->p_flags, arch_state, 664 true, true); 665 unsigned long vaddr = 0; 666 unsigned long k, map_addr; 667 668 vaddr = eppnt->p_vaddr; 669 if (interp_elf_ex->e_type == ET_EXEC || load_addr_set) 670 elf_type |= MAP_FIXED; 671 else if (no_base && interp_elf_ex->e_type == ET_DYN) 672 load_addr = -vaddr; 673 674 map_addr = elf_load(interpreter, load_addr + vaddr, 675 eppnt, elf_prot, elf_type, total_size); 676 total_size = 0; 677 error = map_addr; 678 if (BAD_ADDR(map_addr)) 679 goto out; 680 681 if (!load_addr_set && 682 interp_elf_ex->e_type == ET_DYN) { 683 load_addr = map_addr - ELF_PAGESTART(vaddr); 684 load_addr_set = 1; 685 } 686 687 /* 688 * Check to see if the section's size will overflow the 689 * allowed task size. Note that p_filesz must always be 690 * <= p_memsize so it's only necessary to check p_memsz. 691 */ 692 k = load_addr + eppnt->p_vaddr; 693 if (BAD_ADDR(k) || 694 eppnt->p_filesz > eppnt->p_memsz || 695 eppnt->p_memsz > TASK_SIZE || 696 TASK_SIZE - eppnt->p_memsz < k) { 697 error = -ENOMEM; 698 goto out; 699 } 700 } 701 } 702 703 error = load_addr; 704 out: 705 return error; 706 } 707 708 /* 709 * These are the functions used to load ELF style executables and shared 710 * libraries. There is no binary dependent code anywhere else. 711 */ 712 713 static int parse_elf_property(const char *data, size_t *off, size_t datasz, 714 struct arch_elf_state *arch, 715 bool have_prev_type, u32 *prev_type) 716 { 717 size_t o, step; 718 const struct gnu_property *pr; 719 int ret; 720 721 if (*off == datasz) 722 return -ENOENT; 723 724 if (WARN_ON_ONCE(*off > datasz || *off % ELF_GNU_PROPERTY_ALIGN)) 725 return -EIO; 726 o = *off; 727 datasz -= *off; 728 729 if (datasz < sizeof(*pr)) 730 return -ENOEXEC; 731 pr = (const struct gnu_property *)(data + o); 732 o += sizeof(*pr); 733 datasz -= sizeof(*pr); 734 735 if (pr->pr_datasz > datasz) 736 return -ENOEXEC; 737 738 WARN_ON_ONCE(o % ELF_GNU_PROPERTY_ALIGN); 739 step = round_up(pr->pr_datasz, ELF_GNU_PROPERTY_ALIGN); 740 if (step > datasz) 741 return -ENOEXEC; 742 743 /* Properties are supposed to be unique and sorted on pr_type: */ 744 if (have_prev_type && pr->pr_type <= *prev_type) 745 return -ENOEXEC; 746 *prev_type = pr->pr_type; 747 748 ret = arch_parse_elf_property(pr->pr_type, data + o, 749 pr->pr_datasz, ELF_COMPAT, arch); 750 if (ret) 751 return ret; 752 753 *off = o + step; 754 return 0; 755 } 756 757 #define NOTE_DATA_SZ SZ_1K 758 #define NOTE_NAME_SZ (sizeof(NN_GNU_PROPERTY_TYPE_0)) 759 760 static int parse_elf_properties(struct file *f, const struct elf_phdr *phdr, 761 struct arch_elf_state *arch) 762 { 763 union { 764 struct elf_note nhdr; 765 char data[NOTE_DATA_SZ]; 766 } note; 767 loff_t pos; 768 ssize_t n; 769 size_t off, datasz; 770 int ret; 771 bool have_prev_type; 772 u32 prev_type; 773 774 if (!IS_ENABLED(CONFIG_ARCH_USE_GNU_PROPERTY) || !phdr) 775 return 0; 776 777 /* load_elf_binary() shouldn't call us unless this is true... */ 778 if (WARN_ON_ONCE(phdr->p_type != PT_GNU_PROPERTY)) 779 return -ENOEXEC; 780 781 /* If the properties are crazy large, that's too bad (for now): */ 782 if (phdr->p_filesz > sizeof(note)) 783 return -ENOEXEC; 784 785 pos = phdr->p_offset; 786 n = kernel_read(f, ¬e, phdr->p_filesz, &pos); 787 788 BUILD_BUG_ON(sizeof(note) < sizeof(note.nhdr) + NOTE_NAME_SZ); 789 if (n < 0 || n < sizeof(note.nhdr) + NOTE_NAME_SZ) 790 return -EIO; 791 792 if (note.nhdr.n_type != NT_GNU_PROPERTY_TYPE_0 || 793 note.nhdr.n_namesz != NOTE_NAME_SZ || 794 strncmp(note.data + sizeof(note.nhdr), 795 NN_GNU_PROPERTY_TYPE_0, n - sizeof(note.nhdr))) 796 return -ENOEXEC; 797 798 off = round_up(sizeof(note.nhdr) + NOTE_NAME_SZ, 799 ELF_GNU_PROPERTY_ALIGN); 800 if (off > n) 801 return -ENOEXEC; 802 803 if (note.nhdr.n_descsz > n - off) 804 return -ENOEXEC; 805 datasz = off + note.nhdr.n_descsz; 806 807 have_prev_type = false; 808 do { 809 ret = parse_elf_property(note.data, &off, datasz, arch, 810 have_prev_type, &prev_type); 811 have_prev_type = true; 812 } while (!ret); 813 814 return ret == -ENOENT ? 0 : ret; 815 } 816 817 static int load_elf_binary(struct linux_binprm *bprm) 818 { 819 struct file *interpreter = NULL; /* to shut gcc up */ 820 unsigned long load_bias = 0, phdr_addr = 0; 821 int first_pt_load = 1; 822 unsigned long error; 823 struct elf_phdr *elf_ppnt, *elf_phdata, *interp_elf_phdata = NULL; 824 struct elf_phdr *elf_property_phdata = NULL; 825 unsigned long elf_brk; 826 bool brk_moved = false; 827 int retval, i; 828 unsigned long elf_entry; 829 unsigned long e_entry; 830 unsigned long interp_load_addr = 0; 831 unsigned long start_code, end_code, start_data, end_data; 832 unsigned long reloc_func_desc __maybe_unused = 0; 833 int executable_stack = EXSTACK_DEFAULT; 834 struct elfhdr *elf_ex = (struct elfhdr *)bprm->buf; 835 struct elfhdr *interp_elf_ex = NULL; 836 struct arch_elf_state arch_state = INIT_ARCH_ELF_STATE; 837 struct mm_struct *mm; 838 struct pt_regs *regs; 839 840 retval = -ENOEXEC; 841 /* First of all, some simple consistency checks */ 842 if (memcmp(elf_ex->e_ident, ELFMAG, SELFMAG) != 0) 843 goto out; 844 845 if (elf_ex->e_type != ET_EXEC && elf_ex->e_type != ET_DYN) 846 goto out; 847 if (!elf_check_arch(elf_ex)) 848 goto out; 849 if (elf_check_fdpic(elf_ex)) 850 goto out; 851 if (!can_mmap_file(bprm->file)) 852 goto out; 853 854 elf_phdata = load_elf_phdrs(elf_ex, bprm->file); 855 if (!elf_phdata) 856 goto out; 857 858 elf_ppnt = elf_phdata; 859 for (i = 0; i < elf_ex->e_phnum; i++, elf_ppnt++) { 860 char *elf_interpreter; 861 862 if (elf_ppnt->p_type == PT_GNU_PROPERTY) { 863 elf_property_phdata = elf_ppnt; 864 continue; 865 } 866 867 if (elf_ppnt->p_type != PT_INTERP) 868 continue; 869 870 /* 871 * This is the program interpreter used for shared libraries - 872 * for now assume that this is an a.out format binary. 873 */ 874 retval = -ENOEXEC; 875 if (elf_ppnt->p_filesz > PATH_MAX || elf_ppnt->p_filesz < 2) 876 goto out_free_ph; 877 878 retval = -ENOMEM; 879 elf_interpreter = kmalloc(elf_ppnt->p_filesz, GFP_KERNEL); 880 if (!elf_interpreter) 881 goto out_free_ph; 882 883 retval = elf_read(bprm->file, elf_interpreter, elf_ppnt->p_filesz, 884 elf_ppnt->p_offset); 885 if (retval < 0) 886 goto out_free_interp; 887 /* make sure path is NULL terminated */ 888 retval = -ENOEXEC; 889 if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0') 890 goto out_free_interp; 891 892 interpreter = open_exec(elf_interpreter); 893 kfree(elf_interpreter); 894 retval = PTR_ERR(interpreter); 895 if (IS_ERR(interpreter)) 896 goto out_free_ph; 897 898 /* 899 * If the binary is not readable then enforce mm->dumpable = 0 900 * regardless of the interpreter's permissions. 901 */ 902 would_dump(bprm, interpreter); 903 904 interp_elf_ex = kmalloc(sizeof(*interp_elf_ex), GFP_KERNEL); 905 if (!interp_elf_ex) { 906 retval = -ENOMEM; 907 goto out_free_file; 908 } 909 910 /* Get the exec headers */ 911 retval = elf_read(interpreter, interp_elf_ex, 912 sizeof(*interp_elf_ex), 0); 913 if (retval < 0) 914 goto out_free_dentry; 915 916 break; 917 918 out_free_interp: 919 kfree(elf_interpreter); 920 goto out_free_ph; 921 } 922 923 elf_ppnt = elf_phdata; 924 for (i = 0; i < elf_ex->e_phnum; i++, elf_ppnt++) 925 switch (elf_ppnt->p_type) { 926 case PT_GNU_STACK: 927 if (elf_ppnt->p_flags & PF_X) 928 executable_stack = EXSTACK_ENABLE_X; 929 else 930 executable_stack = EXSTACK_DISABLE_X; 931 break; 932 933 case PT_LOPROC ... PT_HIPROC: 934 retval = arch_elf_pt_proc(elf_ex, elf_ppnt, 935 bprm->file, false, 936 &arch_state); 937 if (retval) 938 goto out_free_dentry; 939 break; 940 } 941 942 /* Some simple consistency checks for the interpreter */ 943 if (interpreter) { 944 retval = -ELIBBAD; 945 /* Not an ELF interpreter */ 946 if (memcmp(interp_elf_ex->e_ident, ELFMAG, SELFMAG) != 0) 947 goto out_free_dentry; 948 /* Verify the interpreter has a valid arch */ 949 if (!elf_check_arch(interp_elf_ex) || 950 elf_check_fdpic(interp_elf_ex)) 951 goto out_free_dentry; 952 953 /* Load the interpreter program headers */ 954 interp_elf_phdata = load_elf_phdrs(interp_elf_ex, 955 interpreter); 956 if (!interp_elf_phdata) 957 goto out_free_dentry; 958 959 /* Pass PT_LOPROC..PT_HIPROC headers to arch code */ 960 elf_property_phdata = NULL; 961 elf_ppnt = interp_elf_phdata; 962 for (i = 0; i < interp_elf_ex->e_phnum; i++, elf_ppnt++) 963 switch (elf_ppnt->p_type) { 964 case PT_GNU_PROPERTY: 965 elf_property_phdata = elf_ppnt; 966 break; 967 968 case PT_LOPROC ... PT_HIPROC: 969 retval = arch_elf_pt_proc(interp_elf_ex, 970 elf_ppnt, interpreter, 971 true, &arch_state); 972 if (retval) 973 goto out_free_dentry; 974 break; 975 } 976 } 977 978 retval = parse_elf_properties(interpreter ?: bprm->file, 979 elf_property_phdata, &arch_state); 980 if (retval) 981 goto out_free_dentry; 982 983 /* 984 * Allow arch code to reject the ELF at this point, whilst it's 985 * still possible to return an error to the code that invoked 986 * the exec syscall. 987 */ 988 retval = arch_check_elf(elf_ex, 989 !!interpreter, interp_elf_ex, 990 &arch_state); 991 if (retval) 992 goto out_free_dentry; 993 994 /* Flush all traces of the currently running executable */ 995 retval = begin_new_exec(bprm); 996 if (retval) 997 goto out_free_dentry; 998 999 /* Do this immediately, since STACK_TOP as used in setup_arg_pages 1000 may depend on the personality. */ 1001 SET_PERSONALITY2(*elf_ex, &arch_state); 1002 if (elf_read_implies_exec(*elf_ex, executable_stack)) 1003 current->personality |= READ_IMPLIES_EXEC; 1004 1005 const int snapshot_randomize_va_space = READ_ONCE(randomize_va_space); 1006 if (!(current->personality & ADDR_NO_RANDOMIZE) && snapshot_randomize_va_space) 1007 current->flags |= PF_RANDOMIZE; 1008 1009 setup_new_exec(bprm); 1010 1011 /* Do this so that we can load the interpreter, if need be. We will 1012 change some of these later */ 1013 retval = setup_arg_pages(bprm, randomize_stack_top(STACK_TOP), 1014 executable_stack); 1015 if (retval < 0) 1016 goto out_free_dentry; 1017 1018 elf_brk = 0; 1019 1020 start_code = ~0UL; 1021 end_code = 0; 1022 start_data = 0; 1023 end_data = 0; 1024 1025 /* Now we do a little grungy work by mmapping the ELF image into 1026 the correct location in memory. */ 1027 for(i = 0, elf_ppnt = elf_phdata; 1028 i < elf_ex->e_phnum; i++, elf_ppnt++) { 1029 int elf_prot, elf_flags; 1030 unsigned long k, vaddr; 1031 unsigned long total_size = 0; 1032 unsigned long alignment; 1033 1034 if (elf_ppnt->p_type != PT_LOAD) 1035 continue; 1036 1037 elf_prot = make_prot(elf_ppnt->p_flags, &arch_state, 1038 !!interpreter, false); 1039 1040 elf_flags = MAP_PRIVATE; 1041 1042 vaddr = elf_ppnt->p_vaddr; 1043 /* 1044 * The first time through the loop, first_pt_load is true: 1045 * layout will be calculated. Once set, use MAP_FIXED since 1046 * we know we've already safely mapped the entire region with 1047 * MAP_FIXED_NOREPLACE in the once-per-binary logic following. 1048 */ 1049 if (!first_pt_load) { 1050 elf_flags |= MAP_FIXED; 1051 } else if (elf_ex->e_type == ET_EXEC) { 1052 /* 1053 * This logic is run once for the first LOAD Program 1054 * Header for ET_EXEC binaries. No special handling 1055 * is needed. 1056 */ 1057 elf_flags |= MAP_FIXED_NOREPLACE; 1058 } else if (elf_ex->e_type == ET_DYN) { 1059 /* 1060 * This logic is run once for the first LOAD Program 1061 * Header for ET_DYN binaries to calculate the 1062 * randomization (load_bias) for all the LOAD 1063 * Program Headers. 1064 */ 1065 1066 /* 1067 * Calculate the entire size of the ELF mapping 1068 * (total_size), used for the initial mapping, 1069 * due to load_addr_set which is set to true later 1070 * once the initial mapping is performed. 1071 * 1072 * Note that this is only sensible when the LOAD 1073 * segments are contiguous (or overlapping). If 1074 * used for LOADs that are far apart, this would 1075 * cause the holes between LOADs to be mapped, 1076 * running the risk of having the mapping fail, 1077 * as it would be larger than the ELF file itself. 1078 * 1079 * As a result, only ET_DYN does this, since 1080 * some ET_EXEC (e.g. ia64) may have large virtual 1081 * memory holes between LOADs. 1082 * 1083 */ 1084 total_size = total_mapping_size(elf_phdata, 1085 elf_ex->e_phnum); 1086 if (!total_size) { 1087 retval = -EINVAL; 1088 goto out_free_dentry; 1089 } 1090 1091 /* Calculate any requested alignment. */ 1092 alignment = maximum_alignment(elf_phdata, elf_ex->e_phnum); 1093 1094 /** 1095 * DOC: PIE handling 1096 * 1097 * There are effectively two types of ET_DYN ELF 1098 * binaries: programs (i.e. PIE: ET_DYN with 1099 * PT_INTERP) and loaders (i.e. static PIE: ET_DYN 1100 * without PT_INTERP, usually the ELF interpreter 1101 * itself). Loaders must be loaded away from programs 1102 * since the program may otherwise collide with the 1103 * loader (especially for ET_EXEC which does not have 1104 * a randomized position). 1105 * 1106 * For example, to handle invocations of 1107 * "./ld.so someprog" to test out a new version of 1108 * the loader, the subsequent program that the 1109 * loader loads must avoid the loader itself, so 1110 * they cannot share the same load range. Sufficient 1111 * room for the brk must be allocated with the 1112 * loader as well, since brk must be available with 1113 * the loader. 1114 * 1115 * Therefore, programs are loaded offset from 1116 * ELF_ET_DYN_BASE and loaders are loaded into the 1117 * independently randomized mmap region (0 load_bias 1118 * without MAP_FIXED nor MAP_FIXED_NOREPLACE). 1119 * 1120 * See below for "brk" handling details, which is 1121 * also affected by program vs loader and ASLR. 1122 */ 1123 if (interpreter) { 1124 /* On ET_DYN with PT_INTERP, we do the ASLR. */ 1125 load_bias = ELF_ET_DYN_BASE; 1126 if (current->flags & PF_RANDOMIZE) 1127 load_bias += arch_mmap_rnd(); 1128 /* Adjust alignment as requested. */ 1129 if (alignment) 1130 load_bias &= ~(alignment - 1); 1131 elf_flags |= MAP_FIXED_NOREPLACE; 1132 } else { 1133 /* 1134 * For ET_DYN without PT_INTERP, we rely on 1135 * the architectures's (potentially ASLR) mmap 1136 * base address (via a load_bias of 0). 1137 * 1138 * When a large alignment is requested, we 1139 * must do the allocation at address "0" right 1140 * now to discover where things will load so 1141 * that we can adjust the resulting alignment. 1142 * In this case (load_bias != 0), we can use 1143 * MAP_FIXED_NOREPLACE to make sure the mapping 1144 * doesn't collide with anything. 1145 */ 1146 if (alignment > ELF_MIN_ALIGN) { 1147 load_bias = elf_load(bprm->file, 0, elf_ppnt, 1148 elf_prot, elf_flags, total_size); 1149 if (BAD_ADDR(load_bias)) { 1150 retval = IS_ERR_VALUE(load_bias) ? 1151 PTR_ERR((void*)load_bias) : -EINVAL; 1152 goto out_free_dentry; 1153 } 1154 vm_munmap(load_bias, total_size); 1155 /* Adjust alignment as requested. */ 1156 if (alignment) 1157 load_bias &= ~(alignment - 1); 1158 elf_flags |= MAP_FIXED_NOREPLACE; 1159 } else 1160 load_bias = 0; 1161 } 1162 1163 /* 1164 * Since load_bias is used for all subsequent loading 1165 * calculations, we must lower it by the first vaddr 1166 * so that the remaining calculations based on the 1167 * ELF vaddrs will be correctly offset. The result 1168 * is then page aligned. 1169 */ 1170 load_bias = ELF_PAGESTART(load_bias - vaddr); 1171 } 1172 1173 error = elf_load(bprm->file, load_bias + vaddr, elf_ppnt, 1174 elf_prot, elf_flags, total_size); 1175 if (BAD_ADDR(error)) { 1176 retval = IS_ERR_VALUE(error) ? 1177 PTR_ERR((void*)error) : -EINVAL; 1178 goto out_free_dentry; 1179 } 1180 1181 if (first_pt_load) { 1182 first_pt_load = 0; 1183 if (elf_ex->e_type == ET_DYN) { 1184 load_bias += error - 1185 ELF_PAGESTART(load_bias + vaddr); 1186 reloc_func_desc = load_bias; 1187 } 1188 } 1189 1190 /* 1191 * Figure out which segment in the file contains the Program 1192 * Header table, and map to the associated memory address. 1193 */ 1194 if (elf_ppnt->p_offset <= elf_ex->e_phoff && 1195 elf_ex->e_phoff < elf_ppnt->p_offset + elf_ppnt->p_filesz) { 1196 phdr_addr = elf_ex->e_phoff - elf_ppnt->p_offset + 1197 elf_ppnt->p_vaddr; 1198 } 1199 1200 k = elf_ppnt->p_vaddr; 1201 if ((elf_ppnt->p_flags & PF_X) && k < start_code) 1202 start_code = k; 1203 if (start_data < k) 1204 start_data = k; 1205 1206 /* 1207 * Check to see if the section's size will overflow the 1208 * allowed task size. Note that p_filesz must always be 1209 * <= p_memsz so it is only necessary to check p_memsz. 1210 */ 1211 if (BAD_ADDR(k) || elf_ppnt->p_filesz > elf_ppnt->p_memsz || 1212 elf_ppnt->p_memsz > TASK_SIZE || 1213 TASK_SIZE - elf_ppnt->p_memsz < k) { 1214 /* set_brk can never work. Avoid overflows. */ 1215 retval = -EINVAL; 1216 goto out_free_dentry; 1217 } 1218 1219 k = elf_ppnt->p_vaddr + elf_ppnt->p_filesz; 1220 1221 if ((elf_ppnt->p_flags & PF_X) && end_code < k) 1222 end_code = k; 1223 if (end_data < k) 1224 end_data = k; 1225 k = elf_ppnt->p_vaddr + elf_ppnt->p_memsz; 1226 if (k > elf_brk) 1227 elf_brk = k; 1228 } 1229 1230 e_entry = elf_ex->e_entry + load_bias; 1231 phdr_addr += load_bias; 1232 elf_brk += load_bias; 1233 start_code += load_bias; 1234 end_code += load_bias; 1235 start_data += load_bias; 1236 end_data += load_bias; 1237 1238 if (interpreter) { 1239 elf_entry = load_elf_interp(interp_elf_ex, 1240 interpreter, 1241 load_bias, interp_elf_phdata, 1242 &arch_state); 1243 if (!IS_ERR_VALUE(elf_entry)) { 1244 /* 1245 * load_elf_interp() returns relocation 1246 * adjustment 1247 */ 1248 interp_load_addr = elf_entry; 1249 elf_entry += interp_elf_ex->e_entry; 1250 } 1251 if (BAD_ADDR(elf_entry)) { 1252 retval = IS_ERR_VALUE(elf_entry) ? 1253 (int)elf_entry : -EINVAL; 1254 goto out_free_dentry; 1255 } 1256 reloc_func_desc = interp_load_addr; 1257 1258 exe_file_allow_write_access(interpreter); 1259 fput(interpreter); 1260 1261 kfree(interp_elf_ex); 1262 kfree(interp_elf_phdata); 1263 } else { 1264 elf_entry = e_entry; 1265 if (BAD_ADDR(elf_entry)) { 1266 retval = -EINVAL; 1267 goto out_free_dentry; 1268 } 1269 } 1270 1271 kfree(elf_phdata); 1272 1273 set_binfmt(&elf_format); 1274 1275 #ifdef ARCH_HAS_SETUP_ADDITIONAL_PAGES 1276 retval = ARCH_SETUP_ADDITIONAL_PAGES(bprm, elf_ex, !!interpreter); 1277 if (retval < 0) 1278 goto out; 1279 #endif /* ARCH_HAS_SETUP_ADDITIONAL_PAGES */ 1280 1281 retval = create_elf_tables(bprm, elf_ex, interp_load_addr, 1282 e_entry, phdr_addr); 1283 if (retval < 0) 1284 goto out; 1285 1286 mm = current->mm; 1287 mm->end_code = end_code; 1288 mm->start_code = start_code; 1289 mm->start_data = start_data; 1290 mm->end_data = end_data; 1291 mm->start_stack = bprm->p; 1292 1293 /** 1294 * DOC: "brk" handling 1295 * 1296 * For architectures with ELF randomization, when executing a 1297 * loader directly (i.e. static PIE: ET_DYN without PT_INTERP), 1298 * move the brk area out of the mmap region and into the unused 1299 * ELF_ET_DYN_BASE region. Since "brk" grows up it may collide 1300 * early with the stack growing down or other regions being put 1301 * into the mmap region by the kernel (e.g. vdso). 1302 * 1303 * In the CONFIG_COMPAT_BRK case, though, everything is turned 1304 * off because we're not allowed to move the brk at all. 1305 */ 1306 if (!IS_ENABLED(CONFIG_COMPAT_BRK) && 1307 IS_ENABLED(CONFIG_ARCH_HAS_ELF_RANDOMIZE) && 1308 elf_ex->e_type == ET_DYN && !interpreter) { 1309 elf_brk = ELF_ET_DYN_BASE; 1310 /* This counts as moving the brk, so let brk(2) know. */ 1311 brk_moved = true; 1312 } 1313 mm->start_brk = mm->brk = ELF_PAGEALIGN(elf_brk); 1314 1315 if ((current->flags & PF_RANDOMIZE) && snapshot_randomize_va_space > 1) { 1316 /* 1317 * If we didn't move the brk to ELF_ET_DYN_BASE (above), 1318 * leave a gap between .bss and brk. 1319 */ 1320 if (!brk_moved) 1321 mm->brk = mm->start_brk = mm->brk + PAGE_SIZE; 1322 1323 mm->brk = mm->start_brk = arch_randomize_brk(mm); 1324 brk_moved = true; 1325 } 1326 1327 #ifdef compat_brk_randomized 1328 if (brk_moved) 1329 current->brk_randomized = 1; 1330 #endif 1331 1332 if (current->personality & MMAP_PAGE_ZERO) { 1333 /* Why this, you ask??? Well SVr4 maps page 0 as read-only, 1334 and some applications "depend" upon this behavior. 1335 Since we do not have the power to recompile these, we 1336 emulate the SVr4 behavior. Sigh. */ 1337 error = vm_mmap(NULL, 0, PAGE_SIZE, PROT_READ | PROT_EXEC, 1338 MAP_FIXED | MAP_PRIVATE, 0); 1339 1340 retval = do_mseal(0, PAGE_SIZE, 0); 1341 if (retval) 1342 pr_warn_ratelimited("pid=%d, couldn't seal address 0, ret=%d.\n", 1343 task_pid_nr(current), retval); 1344 } 1345 1346 regs = current_pt_regs(); 1347 #ifdef ELF_PLAT_INIT 1348 /* 1349 * The ABI may specify that certain registers be set up in special 1350 * ways (on i386 %edx is the address of a DT_FINI function, for 1351 * example. In addition, it may also specify (eg, PowerPC64 ELF) 1352 * that the e_entry field is the address of the function descriptor 1353 * for the startup routine, rather than the address of the startup 1354 * routine itself. This macro performs whatever initialization to 1355 * the regs structure is required as well as any relocations to the 1356 * function descriptor entries when executing dynamically links apps. 1357 */ 1358 ELF_PLAT_INIT(regs, reloc_func_desc); 1359 #endif 1360 1361 finalize_exec(bprm); 1362 START_THREAD(elf_ex, regs, elf_entry, bprm->p); 1363 retval = 0; 1364 out: 1365 return retval; 1366 1367 /* error cleanup */ 1368 out_free_dentry: 1369 kfree(interp_elf_ex); 1370 kfree(interp_elf_phdata); 1371 out_free_file: 1372 exe_file_allow_write_access(interpreter); 1373 if (interpreter) 1374 fput(interpreter); 1375 out_free_ph: 1376 kfree(elf_phdata); 1377 goto out; 1378 } 1379 1380 #ifdef CONFIG_ELF_CORE 1381 /* 1382 * ELF core dumper 1383 * 1384 * Modelled on fs/exec.c:aout_core_dump() 1385 * Jeremy Fitzhardinge <jeremy@sw.oz.au> 1386 */ 1387 1388 /* An ELF note in memory */ 1389 struct memelfnote 1390 { 1391 const char *name; 1392 int type; 1393 unsigned int datasz; 1394 void *data; 1395 }; 1396 1397 static int notesize(struct memelfnote *en) 1398 { 1399 int sz; 1400 1401 sz = sizeof(struct elf_note); 1402 sz += roundup(strlen(en->name) + 1, 4); 1403 sz += roundup(en->datasz, 4); 1404 1405 return sz; 1406 } 1407 1408 static int writenote(struct memelfnote *men, struct coredump_params *cprm) 1409 { 1410 struct elf_note en; 1411 en.n_namesz = strlen(men->name) + 1; 1412 en.n_descsz = men->datasz; 1413 en.n_type = men->type; 1414 1415 return dump_emit(cprm, &en, sizeof(en)) && 1416 dump_emit(cprm, men->name, en.n_namesz) && dump_align(cprm, 4) && 1417 dump_emit(cprm, men->data, men->datasz) && dump_align(cprm, 4); 1418 } 1419 1420 static void fill_elf_header(struct elfhdr *elf, int segs, 1421 u16 machine, u32 flags) 1422 { 1423 memset(elf, 0, sizeof(*elf)); 1424 1425 memcpy(elf->e_ident, ELFMAG, SELFMAG); 1426 elf->e_ident[EI_CLASS] = ELF_CLASS; 1427 elf->e_ident[EI_DATA] = ELF_DATA; 1428 elf->e_ident[EI_VERSION] = EV_CURRENT; 1429 elf->e_ident[EI_OSABI] = ELF_OSABI; 1430 1431 elf->e_type = ET_CORE; 1432 elf->e_machine = machine; 1433 elf->e_version = EV_CURRENT; 1434 elf->e_phoff = sizeof(struct elfhdr); 1435 elf->e_flags = flags; 1436 elf->e_ehsize = sizeof(struct elfhdr); 1437 elf->e_phentsize = sizeof(struct elf_phdr); 1438 elf->e_phnum = segs; 1439 } 1440 1441 static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, loff_t offset) 1442 { 1443 phdr->p_type = PT_NOTE; 1444 phdr->p_offset = offset; 1445 phdr->p_vaddr = 0; 1446 phdr->p_paddr = 0; 1447 phdr->p_filesz = sz; 1448 phdr->p_memsz = 0; 1449 phdr->p_flags = 0; 1450 phdr->p_align = 4; 1451 } 1452 1453 static void __fill_note(struct memelfnote *note, const char *name, int type, 1454 unsigned int sz, void *data) 1455 { 1456 note->name = name; 1457 note->type = type; 1458 note->datasz = sz; 1459 note->data = data; 1460 } 1461 1462 #define fill_note(note, type, sz, data) \ 1463 __fill_note(note, NN_ ## type, NT_ ## type, sz, data) 1464 1465 /* 1466 * fill up all the fields in prstatus from the given task struct, except 1467 * registers which need to be filled up separately. 1468 */ 1469 static void fill_prstatus(struct elf_prstatus_common *prstatus, 1470 struct task_struct *p, long signr) 1471 { 1472 prstatus->pr_info.si_signo = prstatus->pr_cursig = signr; 1473 prstatus->pr_sigpend = p->pending.signal.sig[0]; 1474 prstatus->pr_sighold = p->blocked.sig[0]; 1475 rcu_read_lock(); 1476 prstatus->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent)); 1477 rcu_read_unlock(); 1478 prstatus->pr_pid = task_pid_vnr(p); 1479 prstatus->pr_pgrp = task_pgrp_vnr(p); 1480 prstatus->pr_sid = task_session_vnr(p); 1481 if (thread_group_leader(p)) { 1482 struct task_cputime cputime; 1483 1484 /* 1485 * This is the record for the group leader. It shows the 1486 * group-wide total, not its individual thread total. 1487 */ 1488 thread_group_cputime(p, &cputime); 1489 prstatus->pr_utime = ns_to_kernel_old_timeval(cputime.utime); 1490 prstatus->pr_stime = ns_to_kernel_old_timeval(cputime.stime); 1491 } else { 1492 u64 utime, stime; 1493 1494 task_cputime(p, &utime, &stime); 1495 prstatus->pr_utime = ns_to_kernel_old_timeval(utime); 1496 prstatus->pr_stime = ns_to_kernel_old_timeval(stime); 1497 } 1498 1499 prstatus->pr_cutime = ns_to_kernel_old_timeval(p->signal->cutime); 1500 prstatus->pr_cstime = ns_to_kernel_old_timeval(p->signal->cstime); 1501 } 1502 1503 static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p, 1504 struct mm_struct *mm) 1505 { 1506 const struct cred *cred; 1507 unsigned int i, len; 1508 unsigned int state; 1509 1510 /* first copy the parameters from user space */ 1511 memset(psinfo, 0, sizeof(struct elf_prpsinfo)); 1512 1513 len = mm->arg_end - mm->arg_start; 1514 if (len >= ELF_PRARGSZ) 1515 len = ELF_PRARGSZ-1; 1516 if (copy_from_user(&psinfo->pr_psargs, 1517 (const char __user *)mm->arg_start, len)) 1518 return -EFAULT; 1519 for(i = 0; i < len; i++) 1520 if (psinfo->pr_psargs[i] == 0) 1521 psinfo->pr_psargs[i] = ' '; 1522 psinfo->pr_psargs[len] = 0; 1523 1524 rcu_read_lock(); 1525 psinfo->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent)); 1526 rcu_read_unlock(); 1527 psinfo->pr_pid = task_pid_vnr(p); 1528 psinfo->pr_pgrp = task_pgrp_vnr(p); 1529 psinfo->pr_sid = task_session_vnr(p); 1530 1531 state = READ_ONCE(p->__state); 1532 i = state ? ffz(~state) + 1 : 0; 1533 psinfo->pr_state = i; 1534 psinfo->pr_sname = (i > 5) ? '.' : "RSDTZW"[i]; 1535 psinfo->pr_zomb = psinfo->pr_sname == 'Z'; 1536 psinfo->pr_nice = task_nice(p); 1537 psinfo->pr_flag = p->flags; 1538 rcu_read_lock(); 1539 cred = __task_cred(p); 1540 SET_UID(psinfo->pr_uid, from_kuid_munged(cred->user_ns, cred->uid)); 1541 SET_GID(psinfo->pr_gid, from_kgid_munged(cred->user_ns, cred->gid)); 1542 rcu_read_unlock(); 1543 get_task_comm(psinfo->pr_fname, p); 1544 1545 return 0; 1546 } 1547 1548 static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) 1549 { 1550 elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv; 1551 int i = 0; 1552 do 1553 i += 2; 1554 while (auxv[i - 2] != AT_NULL); 1555 fill_note(note, AUXV, i * sizeof(elf_addr_t), auxv); 1556 } 1557 1558 static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata, 1559 const kernel_siginfo_t *siginfo) 1560 { 1561 copy_siginfo_to_external(csigdata, siginfo); 1562 fill_note(note, SIGINFO, sizeof(*csigdata), csigdata); 1563 } 1564 1565 /* 1566 * Format of NT_FILE note: 1567 * 1568 * long count -- how many files are mapped 1569 * long page_size -- units for file_ofs 1570 * array of [COUNT] elements of 1571 * long start 1572 * long end 1573 * long file_ofs 1574 * followed by COUNT filenames in ASCII: "FILE1" NUL "FILE2" NUL... 1575 */ 1576 static int fill_files_note(struct memelfnote *note, struct coredump_params *cprm) 1577 { 1578 unsigned count, size, names_ofs, remaining, n; 1579 user_long_t *data; 1580 user_long_t *start_end_ofs; 1581 char *name_base, *name_curpos; 1582 int i; 1583 1584 /* *Estimated* file count and total data size needed */ 1585 count = cprm->vma_count; 1586 if (count > UINT_MAX / 64) 1587 return -EINVAL; 1588 size = count * 64; 1589 1590 names_ofs = (2 + 3 * count) * sizeof(data[0]); 1591 alloc: 1592 /* paranoia check */ 1593 if (size >= core_file_note_size_limit) { 1594 pr_warn_once("coredump Note size too large: %u (does kernel.core_file_note_size_limit sysctl need adjustment?\n", 1595 size); 1596 return -EINVAL; 1597 } 1598 size = round_up(size, PAGE_SIZE); 1599 /* 1600 * "size" can be 0 here legitimately. 1601 * Let it ENOMEM and omit NT_FILE section which will be empty anyway. 1602 */ 1603 data = kvmalloc(size, GFP_KERNEL); 1604 if (ZERO_OR_NULL_PTR(data)) 1605 return -ENOMEM; 1606 1607 start_end_ofs = data + 2; 1608 name_base = name_curpos = ((char *)data) + names_ofs; 1609 remaining = size - names_ofs; 1610 count = 0; 1611 for (i = 0; i < cprm->vma_count; i++) { 1612 struct core_vma_metadata *m = &cprm->vma_meta[i]; 1613 struct file *file; 1614 const char *filename; 1615 1616 file = m->file; 1617 if (!file) 1618 continue; 1619 filename = file_path(file, name_curpos, remaining); 1620 if (IS_ERR(filename)) { 1621 if (PTR_ERR(filename) == -ENAMETOOLONG) { 1622 kvfree(data); 1623 size = size * 5 / 4; 1624 goto alloc; 1625 } 1626 continue; 1627 } 1628 1629 /* file_path() fills at the end, move name down */ 1630 /* n = strlen(filename) + 1: */ 1631 n = (name_curpos + remaining) - filename; 1632 remaining = filename - name_curpos; 1633 memmove(name_curpos, filename, n); 1634 name_curpos += n; 1635 1636 *start_end_ofs++ = m->start; 1637 *start_end_ofs++ = m->end; 1638 *start_end_ofs++ = m->pgoff; 1639 count++; 1640 } 1641 1642 /* Now we know exact count of files, can store it */ 1643 data[0] = count; 1644 data[1] = PAGE_SIZE; 1645 /* 1646 * Count usually is less than mm->map_count, 1647 * we need to move filenames down. 1648 */ 1649 n = cprm->vma_count - count; 1650 if (n != 0) { 1651 unsigned shift_bytes = n * 3 * sizeof(data[0]); 1652 memmove(name_base - shift_bytes, name_base, 1653 name_curpos - name_base); 1654 name_curpos -= shift_bytes; 1655 } 1656 1657 size = name_curpos - (char *)data; 1658 fill_note(note, FILE, size, data); 1659 return 0; 1660 } 1661 1662 #include <linux/regset.h> 1663 1664 struct elf_thread_core_info { 1665 struct elf_thread_core_info *next; 1666 struct task_struct *task; 1667 struct elf_prstatus prstatus; 1668 struct memelfnote notes[]; 1669 }; 1670 1671 struct elf_note_info { 1672 struct elf_thread_core_info *thread; 1673 struct memelfnote psinfo; 1674 struct memelfnote signote; 1675 struct memelfnote auxv; 1676 struct memelfnote files; 1677 user_siginfo_t csigdata; 1678 size_t size; 1679 int thread_notes; 1680 }; 1681 1682 #ifdef CORE_DUMP_USE_REGSET 1683 /* 1684 * When a regset has a writeback hook, we call it on each thread before 1685 * dumping user memory. On register window machines, this makes sure the 1686 * user memory backing the register data is up to date before we read it. 1687 */ 1688 static void do_thread_regset_writeback(struct task_struct *task, 1689 const struct user_regset *regset) 1690 { 1691 if (regset->writeback) 1692 regset->writeback(task, regset, 1); 1693 } 1694 1695 #ifndef PRSTATUS_SIZE 1696 #define PRSTATUS_SIZE sizeof(struct elf_prstatus) 1697 #endif 1698 1699 #ifndef SET_PR_FPVALID 1700 #define SET_PR_FPVALID(S) ((S)->pr_fpvalid = 1) 1701 #endif 1702 1703 static int fill_thread_core_info(struct elf_thread_core_info *t, 1704 const struct user_regset_view *view, 1705 long signr, struct elf_note_info *info) 1706 { 1707 unsigned int note_iter, view_iter; 1708 1709 /* 1710 * NT_PRSTATUS is the one special case, because the regset data 1711 * goes into the pr_reg field inside the note contents, rather 1712 * than being the whole note contents. We fill the regset in here. 1713 * We assume that regset 0 is NT_PRSTATUS. 1714 */ 1715 fill_prstatus(&t->prstatus.common, t->task, signr); 1716 regset_get(t->task, &view->regsets[0], 1717 sizeof(t->prstatus.pr_reg), &t->prstatus.pr_reg); 1718 1719 fill_note(&t->notes[0], PRSTATUS, PRSTATUS_SIZE, &t->prstatus); 1720 info->size += notesize(&t->notes[0]); 1721 1722 do_thread_regset_writeback(t->task, &view->regsets[0]); 1723 1724 /* 1725 * Each other regset might generate a note too. For each regset 1726 * that has no core_note_type or is inactive, skip it. 1727 */ 1728 note_iter = 1; 1729 for (view_iter = 1; view_iter < view->n; ++view_iter) { 1730 const struct user_regset *regset = &view->regsets[view_iter]; 1731 int note_type = regset->core_note_type; 1732 const char *note_name = regset->core_note_name; 1733 bool is_fpreg = note_type == NT_PRFPREG; 1734 void *data; 1735 int ret; 1736 1737 do_thread_regset_writeback(t->task, regset); 1738 if (!note_type) // not for coredumps 1739 continue; 1740 if (regset->active && regset->active(t->task, regset) <= 0) 1741 continue; 1742 1743 ret = regset_get_alloc(t->task, regset, ~0U, &data); 1744 if (ret < 0) 1745 continue; 1746 1747 if (WARN_ON_ONCE(note_iter >= info->thread_notes)) 1748 break; 1749 1750 if (is_fpreg) 1751 SET_PR_FPVALID(&t->prstatus); 1752 1753 /* There should be a note name, but if not, guess: */ 1754 if (WARN_ON_ONCE(!note_name)) 1755 note_name = "LINUX"; 1756 else 1757 /* Warn on non-legacy-compatible names, for now. */ 1758 WARN_ON_ONCE(strcmp(note_name, 1759 is_fpreg ? "CORE" : "LINUX")); 1760 1761 __fill_note(&t->notes[note_iter], note_name, note_type, 1762 ret, data); 1763 1764 info->size += notesize(&t->notes[note_iter]); 1765 note_iter++; 1766 } 1767 1768 return 1; 1769 } 1770 #else 1771 static int fill_thread_core_info(struct elf_thread_core_info *t, 1772 const struct user_regset_view *view, 1773 long signr, struct elf_note_info *info) 1774 { 1775 struct task_struct *p = t->task; 1776 elf_fpregset_t *fpu; 1777 1778 fill_prstatus(&t->prstatus.common, p, signr); 1779 elf_core_copy_task_regs(p, &t->prstatus.pr_reg); 1780 1781 fill_note(&t->notes[0], PRSTATUS, sizeof(t->prstatus), &t->prstatus); 1782 info->size += notesize(&t->notes[0]); 1783 1784 fpu = kzalloc(sizeof(elf_fpregset_t), GFP_KERNEL); 1785 if (!fpu || !elf_core_copy_task_fpregs(p, fpu)) { 1786 kfree(fpu); 1787 return 1; 1788 } 1789 1790 t->prstatus.pr_fpvalid = 1; 1791 fill_note(&t->notes[1], PRFPREG, sizeof(*fpu), fpu); 1792 info->size += notesize(&t->notes[1]); 1793 1794 return 1; 1795 } 1796 #endif 1797 1798 static int fill_note_info(struct elfhdr *elf, int phdrs, 1799 struct elf_note_info *info, 1800 struct coredump_params *cprm) 1801 { 1802 struct task_struct *dump_task = current; 1803 const struct user_regset_view *view; 1804 struct elf_thread_core_info *t; 1805 struct elf_prpsinfo *psinfo; 1806 struct core_thread *ct; 1807 1808 psinfo = kmalloc(sizeof(*psinfo), GFP_KERNEL); 1809 if (!psinfo) 1810 return 0; 1811 fill_note(&info->psinfo, PRPSINFO, sizeof(*psinfo), psinfo); 1812 1813 #ifdef CORE_DUMP_USE_REGSET 1814 view = task_user_regset_view(dump_task); 1815 1816 /* 1817 * Figure out how many notes we're going to need for each thread. 1818 */ 1819 info->thread_notes = 0; 1820 for (int i = 0; i < view->n; ++i) 1821 if (view->regsets[i].core_note_type != 0) 1822 ++info->thread_notes; 1823 1824 /* 1825 * Sanity check. We rely on regset 0 being in NT_PRSTATUS, 1826 * since it is our one special case. 1827 */ 1828 if (unlikely(info->thread_notes == 0) || 1829 unlikely(view->regsets[0].core_note_type != NT_PRSTATUS)) { 1830 WARN_ON(1); 1831 return 0; 1832 } 1833 1834 /* 1835 * Initialize the ELF file header. 1836 */ 1837 fill_elf_header(elf, phdrs, 1838 view->e_machine, view->e_flags); 1839 #else 1840 view = NULL; 1841 info->thread_notes = 2; 1842 fill_elf_header(elf, phdrs, ELF_ARCH, ELF_CORE_EFLAGS); 1843 #endif 1844 1845 /* 1846 * Allocate a structure for each thread. 1847 */ 1848 info->thread = kzalloc(offsetof(struct elf_thread_core_info, 1849 notes[info->thread_notes]), 1850 GFP_KERNEL); 1851 if (unlikely(!info->thread)) 1852 return 0; 1853 1854 info->thread->task = dump_task; 1855 for (ct = dump_task->signal->core_state->dumper.next; ct; ct = ct->next) { 1856 t = kzalloc(offsetof(struct elf_thread_core_info, 1857 notes[info->thread_notes]), 1858 GFP_KERNEL); 1859 if (unlikely(!t)) 1860 return 0; 1861 1862 t->task = ct->task; 1863 t->next = info->thread->next; 1864 info->thread->next = t; 1865 } 1866 1867 /* 1868 * Now fill in each thread's information. 1869 */ 1870 for (t = info->thread; t != NULL; t = t->next) 1871 if (!fill_thread_core_info(t, view, cprm->siginfo->si_signo, info)) 1872 return 0; 1873 1874 /* 1875 * Fill in the two process-wide notes. 1876 */ 1877 fill_psinfo(psinfo, dump_task->group_leader, dump_task->mm); 1878 info->size += notesize(&info->psinfo); 1879 1880 fill_siginfo_note(&info->signote, &info->csigdata, cprm->siginfo); 1881 info->size += notesize(&info->signote); 1882 1883 fill_auxv_note(&info->auxv, current->mm); 1884 info->size += notesize(&info->auxv); 1885 1886 if (fill_files_note(&info->files, cprm) == 0) 1887 info->size += notesize(&info->files); 1888 1889 return 1; 1890 } 1891 1892 /* 1893 * Write all the notes for each thread. When writing the first thread, the 1894 * process-wide notes are interleaved after the first thread-specific note. 1895 */ 1896 static int write_note_info(struct elf_note_info *info, 1897 struct coredump_params *cprm) 1898 { 1899 bool first = true; 1900 struct elf_thread_core_info *t = info->thread; 1901 1902 do { 1903 int i; 1904 1905 if (!writenote(&t->notes[0], cprm)) 1906 return 0; 1907 1908 if (first && !writenote(&info->psinfo, cprm)) 1909 return 0; 1910 if (first && !writenote(&info->signote, cprm)) 1911 return 0; 1912 if (first && !writenote(&info->auxv, cprm)) 1913 return 0; 1914 if (first && info->files.data && 1915 !writenote(&info->files, cprm)) 1916 return 0; 1917 1918 for (i = 1; i < info->thread_notes; ++i) 1919 if (t->notes[i].data && 1920 !writenote(&t->notes[i], cprm)) 1921 return 0; 1922 1923 first = false; 1924 t = t->next; 1925 } while (t); 1926 1927 return 1; 1928 } 1929 1930 static void free_note_info(struct elf_note_info *info) 1931 { 1932 struct elf_thread_core_info *threads = info->thread; 1933 while (threads) { 1934 unsigned int i; 1935 struct elf_thread_core_info *t = threads; 1936 threads = t->next; 1937 WARN_ON(t->notes[0].data && t->notes[0].data != &t->prstatus); 1938 for (i = 1; i < info->thread_notes; ++i) 1939 kvfree(t->notes[i].data); 1940 kfree(t); 1941 } 1942 kfree(info->psinfo.data); 1943 kvfree(info->files.data); 1944 } 1945 1946 static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, 1947 elf_addr_t e_shoff, int segs) 1948 { 1949 elf->e_shoff = e_shoff; 1950 elf->e_shentsize = sizeof(*shdr4extnum); 1951 elf->e_shnum = 1; 1952 elf->e_shstrndx = SHN_UNDEF; 1953 1954 memset(shdr4extnum, 0, sizeof(*shdr4extnum)); 1955 1956 shdr4extnum->sh_type = SHT_NULL; 1957 shdr4extnum->sh_size = elf->e_shnum; 1958 shdr4extnum->sh_link = elf->e_shstrndx; 1959 shdr4extnum->sh_info = segs; 1960 } 1961 1962 /* 1963 * Actual dumper 1964 * 1965 * This is a two-pass process; first we find the offsets of the bits, 1966 * and then they are actually written out. If we run out of core limit 1967 * we just truncate. 1968 */ 1969 static int elf_core_dump(struct coredump_params *cprm) 1970 { 1971 int has_dumped = 0; 1972 int segs, i; 1973 struct elfhdr elf; 1974 loff_t offset = 0, dataoff; 1975 struct elf_note_info info = { }; 1976 struct elf_phdr *phdr4note = NULL; 1977 struct elf_shdr *shdr4extnum = NULL; 1978 Elf_Half e_phnum; 1979 elf_addr_t e_shoff; 1980 1981 /* 1982 * The number of segs are recored into ELF header as 16bit value. 1983 * Please check DEFAULT_MAX_MAP_COUNT definition when you modify here. 1984 */ 1985 segs = cprm->vma_count + elf_core_extra_phdrs(cprm); 1986 1987 /* for notes section */ 1988 segs++; 1989 1990 /* If segs > PN_XNUM(0xffff), then e_phnum overflows. To avoid 1991 * this, kernel supports extended numbering. Have a look at 1992 * include/linux/elf.h for further information. */ 1993 e_phnum = segs > PN_XNUM ? PN_XNUM : segs; 1994 1995 /* 1996 * Collect all the non-memory information about the process for the 1997 * notes. This also sets up the file header. 1998 */ 1999 if (!fill_note_info(&elf, e_phnum, &info, cprm)) 2000 goto end_coredump; 2001 2002 has_dumped = 1; 2003 2004 offset += sizeof(elf); /* ELF header */ 2005 offset += segs * sizeof(struct elf_phdr); /* Program headers */ 2006 2007 /* Write notes phdr entry */ 2008 { 2009 size_t sz = info.size; 2010 2011 /* For cell spufs and x86 xstate */ 2012 sz += elf_coredump_extra_notes_size(); 2013 2014 phdr4note = kmalloc(sizeof(*phdr4note), GFP_KERNEL); 2015 if (!phdr4note) 2016 goto end_coredump; 2017 2018 fill_elf_note_phdr(phdr4note, sz, offset); 2019 offset += sz; 2020 } 2021 2022 dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE); 2023 2024 offset += cprm->vma_data_size; 2025 offset += elf_core_extra_data_size(cprm); 2026 e_shoff = offset; 2027 2028 if (e_phnum == PN_XNUM) { 2029 shdr4extnum = kmalloc(sizeof(*shdr4extnum), GFP_KERNEL); 2030 if (!shdr4extnum) 2031 goto end_coredump; 2032 fill_extnum_info(&elf, shdr4extnum, e_shoff, segs); 2033 } 2034 2035 offset = dataoff; 2036 2037 if (!dump_emit(cprm, &elf, sizeof(elf))) 2038 goto end_coredump; 2039 2040 if (!dump_emit(cprm, phdr4note, sizeof(*phdr4note))) 2041 goto end_coredump; 2042 2043 /* Write program headers for segments dump */ 2044 for (i = 0; i < cprm->vma_count; i++) { 2045 struct core_vma_metadata *meta = cprm->vma_meta + i; 2046 struct elf_phdr phdr; 2047 2048 phdr.p_type = PT_LOAD; 2049 phdr.p_offset = offset; 2050 phdr.p_vaddr = meta->start; 2051 phdr.p_paddr = 0; 2052 phdr.p_filesz = meta->dump_size; 2053 phdr.p_memsz = meta->end - meta->start; 2054 offset += phdr.p_filesz; 2055 phdr.p_flags = 0; 2056 if (meta->flags & VM_READ) 2057 phdr.p_flags |= PF_R; 2058 if (meta->flags & VM_WRITE) 2059 phdr.p_flags |= PF_W; 2060 if (meta->flags & VM_EXEC) 2061 phdr.p_flags |= PF_X; 2062 phdr.p_align = ELF_EXEC_PAGESIZE; 2063 2064 if (!dump_emit(cprm, &phdr, sizeof(phdr))) 2065 goto end_coredump; 2066 } 2067 2068 if (!elf_core_write_extra_phdrs(cprm, offset)) 2069 goto end_coredump; 2070 2071 /* write out the notes section */ 2072 if (!write_note_info(&info, cprm)) 2073 goto end_coredump; 2074 2075 /* For cell spufs and x86 xstate */ 2076 if (elf_coredump_extra_notes_write(cprm)) 2077 goto end_coredump; 2078 2079 /* Align to page */ 2080 dump_skip_to(cprm, dataoff); 2081 2082 for (i = 0; i < cprm->vma_count; i++) { 2083 struct core_vma_metadata *meta = cprm->vma_meta + i; 2084 2085 if (!dump_user_range(cprm, meta->start, meta->dump_size)) 2086 goto end_coredump; 2087 } 2088 2089 if (!elf_core_write_extra_data(cprm)) 2090 goto end_coredump; 2091 2092 if (e_phnum == PN_XNUM) { 2093 if (!dump_emit(cprm, shdr4extnum, sizeof(*shdr4extnum))) 2094 goto end_coredump; 2095 } 2096 2097 end_coredump: 2098 free_note_info(&info); 2099 kfree(shdr4extnum); 2100 kfree(phdr4note); 2101 return has_dumped; 2102 } 2103 2104 #endif /* CONFIG_ELF_CORE */ 2105 2106 static int __init init_elf_binfmt(void) 2107 { 2108 register_binfmt(&elf_format); 2109 return 0; 2110 } 2111 2112 static void __exit exit_elf_binfmt(void) 2113 { 2114 /* Remove the COFF and ELF loaders. */ 2115 unregister_binfmt(&elf_format); 2116 } 2117 2118 core_initcall(init_elf_binfmt); 2119 module_exit(exit_elf_binfmt); 2120 2121 #ifdef CONFIG_BINFMT_ELF_KUNIT_TEST 2122 #include "tests/binfmt_elf_kunit.c" 2123 #endif 2124