Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
binfmt_elf_fdpic.c
Go to the documentation of this file.
1 /* binfmt_elf_fdpic.c: FDPIC ELF binary format
2  *
3  * Copyright (C) 2003, 2004, 2006 Red Hat, Inc. All Rights Reserved.
4  * Written by David Howells ([email protected])
5  * Derived from binfmt_elf.c
6  *
7  * This program is free software; you can redistribute it and/or
8  * modify it under the terms of the GNU General Public License
9  * as published by the Free Software Foundation; either version
10  * 2 of the License, or (at your option) any later version.
11  */
12 
13 #include <linux/module.h>
14 
15 #include <linux/fs.h>
16 #include <linux/stat.h>
17 #include <linux/sched.h>
18 #include <linux/mm.h>
19 #include <linux/mman.h>
20 #include <linux/errno.h>
21 #include <linux/signal.h>
22 #include <linux/binfmts.h>
23 #include <linux/string.h>
24 #include <linux/file.h>
25 #include <linux/fcntl.h>
26 #include <linux/slab.h>
27 #include <linux/pagemap.h>
28 #include <linux/security.h>
29 #include <linux/highmem.h>
30 #include <linux/highuid.h>
31 #include <linux/personality.h>
32 #include <linux/ptrace.h>
33 #include <linux/init.h>
34 #include <linux/elf.h>
35 #include <linux/elf-fdpic.h>
36 #include <linux/elfcore.h>
37 #include <linux/coredump.h>
38 
39 #include <asm/uaccess.h>
40 #include <asm/param.h>
41 #include <asm/pgalloc.h>
42 
43 typedef char *elf_caddr_t;
44 
45 #if 0
46 #define kdebug(fmt, ...) printk("FDPIC "fmt"\n" ,##__VA_ARGS__ )
47 #else
48 #define kdebug(fmt, ...) do {} while(0)
49 #endif
50 
51 #if 0
52 #define kdcore(fmt, ...) printk("FDPIC "fmt"\n" ,##__VA_ARGS__ )
53 #else
54 #define kdcore(fmt, ...) do {} while(0)
55 #endif
56 
57 MODULE_LICENSE("GPL");
58 
59 static int load_elf_fdpic_binary(struct linux_binprm *, struct pt_regs *);
60 static int elf_fdpic_fetch_phdrs(struct elf_fdpic_params *, struct file *);
61 static int elf_fdpic_map_file(struct elf_fdpic_params *, struct file *,
62  struct mm_struct *, const char *);
63 
64 static int create_elf_fdpic_tables(struct linux_binprm *, struct mm_struct *,
65  struct elf_fdpic_params *,
66  struct elf_fdpic_params *);
67 
68 #ifndef CONFIG_MMU
69 static int elf_fdpic_transfer_args_to_stack(struct linux_binprm *,
70  unsigned long *);
71 static int elf_fdpic_map_file_constdisp_on_uclinux(struct elf_fdpic_params *,
72  struct file *,
73  struct mm_struct *);
74 #endif
75 
76 static int elf_fdpic_map_file_by_direct_mmap(struct elf_fdpic_params *,
77  struct file *, struct mm_struct *);
78 
79 #ifdef CONFIG_ELF_CORE
80 static int elf_fdpic_core_dump(struct coredump_params *cprm);
81 #endif
82 
83 static struct linux_binfmt elf_fdpic_format = {
84  .module = THIS_MODULE,
85  .load_binary = load_elf_fdpic_binary,
86 #ifdef CONFIG_ELF_CORE
87  .core_dump = elf_fdpic_core_dump,
88 #endif
89  .min_coredump = ELF_EXEC_PAGESIZE,
90 };
91 
92 static int __init init_elf_fdpic_binfmt(void)
93 {
94  register_binfmt(&elf_fdpic_format);
95  return 0;
96 }
97 
98 static void __exit exit_elf_fdpic_binfmt(void)
99 {
100  unregister_binfmt(&elf_fdpic_format);
101 }
102 
103 core_initcall(init_elf_fdpic_binfmt);
104 module_exit(exit_elf_fdpic_binfmt);
105 
106 static int is_elf_fdpic(struct elfhdr *hdr, struct file *file)
107 {
108  if (memcmp(hdr->e_ident, ELFMAG, SELFMAG) != 0)
109  return 0;
110  if (hdr->e_type != ET_EXEC && hdr->e_type != ET_DYN)
111  return 0;
112  if (!elf_check_arch(hdr) || !elf_check_fdpic(hdr))
113  return 0;
114  if (!file->f_op || !file->f_op->mmap)
115  return 0;
116  return 1;
117 }
118 
119 /*****************************************************************************/
120 /*
121  * read the program headers table into memory
122  */
123 static int elf_fdpic_fetch_phdrs(struct elf_fdpic_params *params,
124  struct file *file)
125 {
126  struct elf32_phdr *phdr;
127  unsigned long size;
128  int retval, loop;
129 
130  if (params->hdr.e_phentsize != sizeof(struct elf_phdr))
131  return -ENOMEM;
132  if (params->hdr.e_phnum > 65536U / sizeof(struct elf_phdr))
133  return -ENOMEM;
134 
135  size = params->hdr.e_phnum * sizeof(struct elf_phdr);
136  params->phdrs = kmalloc(size, GFP_KERNEL);
137  if (!params->phdrs)
138  return -ENOMEM;
139 
140  retval = kernel_read(file, params->hdr.e_phoff,
141  (char *) params->phdrs, size);
142  if (unlikely(retval != size))
143  return retval < 0 ? retval : -ENOEXEC;
144 
145  /* determine stack size for this binary */
146  phdr = params->phdrs;
147  for (loop = 0; loop < params->hdr.e_phnum; loop++, phdr++) {
148  if (phdr->p_type != PT_GNU_STACK)
149  continue;
150 
151  if (phdr->p_flags & PF_X)
152  params->flags |= ELF_FDPIC_FLAG_EXEC_STACK;
153  else
154  params->flags |= ELF_FDPIC_FLAG_NOEXEC_STACK;
155 
156  params->stack_size = phdr->p_memsz;
157  break;
158  }
159 
160  return 0;
161 }
162 
163 /*****************************************************************************/
164 /*
165  * load an fdpic binary into various bits of memory
166  */
167 static int load_elf_fdpic_binary(struct linux_binprm *bprm,
168  struct pt_regs *regs)
169 {
170  struct elf_fdpic_params exec_params, interp_params;
171  struct elf_phdr *phdr;
172  unsigned long stack_size, entryaddr;
173 #ifdef ELF_FDPIC_PLAT_INIT
174  unsigned long dynaddr;
175 #endif
176 #ifndef CONFIG_MMU
177  unsigned long stack_prot;
178 #endif
179  struct file *interpreter = NULL; /* to shut gcc up */
180  char *interpreter_name = NULL;
181  int executable_stack;
182  int retval, i;
183 
184  kdebug("____ LOAD %d ____", current->pid);
185 
186  memset(&exec_params, 0, sizeof(exec_params));
187  memset(&interp_params, 0, sizeof(interp_params));
188 
189  exec_params.hdr = *(struct elfhdr *) bprm->buf;
190  exec_params.flags = ELF_FDPIC_FLAG_PRESENT | ELF_FDPIC_FLAG_EXECUTABLE;
191 
192  /* check that this is a binary we know how to deal with */
193  retval = -ENOEXEC;
194  if (!is_elf_fdpic(&exec_params.hdr, bprm->file))
195  goto error;
196 
197  /* read the program header table */
198  retval = elf_fdpic_fetch_phdrs(&exec_params, bprm->file);
199  if (retval < 0)
200  goto error;
201 
202  /* scan for a program header that specifies an interpreter */
203  phdr = exec_params.phdrs;
204 
205  for (i = 0; i < exec_params.hdr.e_phnum; i++, phdr++) {
206  switch (phdr->p_type) {
207  case PT_INTERP:
208  retval = -ENOMEM;
209  if (phdr->p_filesz > PATH_MAX)
210  goto error;
211  retval = -ENOENT;
212  if (phdr->p_filesz < 2)
213  goto error;
214 
215  /* read the name of the interpreter into memory */
216  interpreter_name = kmalloc(phdr->p_filesz, GFP_KERNEL);
217  if (!interpreter_name)
218  goto error;
219 
220  retval = kernel_read(bprm->file,
221  phdr->p_offset,
222  interpreter_name,
223  phdr->p_filesz);
224  if (unlikely(retval != phdr->p_filesz)) {
225  if (retval >= 0)
226  retval = -ENOEXEC;
227  goto error;
228  }
229 
230  retval = -ENOENT;
231  if (interpreter_name[phdr->p_filesz - 1] != '\0')
232  goto error;
233 
234  kdebug("Using ELF interpreter %s", interpreter_name);
235 
236  /* replace the program with the interpreter */
237  interpreter = open_exec(interpreter_name);
238  retval = PTR_ERR(interpreter);
239  if (IS_ERR(interpreter)) {
240  interpreter = NULL;
241  goto error;
242  }
243 
244  /*
245  * If the binary is not readable then enforce
246  * mm->dumpable = 0 regardless of the interpreter's
247  * permissions.
248  */
249  would_dump(bprm, interpreter);
250 
251  retval = kernel_read(interpreter, 0, bprm->buf,
252  BINPRM_BUF_SIZE);
253  if (unlikely(retval != BINPRM_BUF_SIZE)) {
254  if (retval >= 0)
255  retval = -ENOEXEC;
256  goto error;
257  }
258 
259  interp_params.hdr = *((struct elfhdr *) bprm->buf);
260  break;
261 
262  case PT_LOAD:
263 #ifdef CONFIG_MMU
264  if (exec_params.load_addr == 0)
265  exec_params.load_addr = phdr->p_vaddr;
266 #endif
267  break;
268  }
269 
270  }
271 
272  if (elf_check_const_displacement(&exec_params.hdr))
273  exec_params.flags |= ELF_FDPIC_FLAG_CONSTDISP;
274 
275  /* perform insanity checks on the interpreter */
276  if (interpreter_name) {
277  retval = -ELIBBAD;
278  if (!is_elf_fdpic(&interp_params.hdr, interpreter))
279  goto error;
280 
281  interp_params.flags = ELF_FDPIC_FLAG_PRESENT;
282 
283  /* read the interpreter's program header table */
284  retval = elf_fdpic_fetch_phdrs(&interp_params, interpreter);
285  if (retval < 0)
286  goto error;
287  }
288 
289  stack_size = exec_params.stack_size;
290  if (exec_params.flags & ELF_FDPIC_FLAG_EXEC_STACK)
291  executable_stack = EXSTACK_ENABLE_X;
292  else if (exec_params.flags & ELF_FDPIC_FLAG_NOEXEC_STACK)
293  executable_stack = EXSTACK_DISABLE_X;
294  else
295  executable_stack = EXSTACK_DEFAULT;
296 
297  if (stack_size == 0) {
298  stack_size = interp_params.stack_size;
299  if (interp_params.flags & ELF_FDPIC_FLAG_EXEC_STACK)
300  executable_stack = EXSTACK_ENABLE_X;
301  else if (interp_params.flags & ELF_FDPIC_FLAG_NOEXEC_STACK)
302  executable_stack = EXSTACK_DISABLE_X;
303  else
304  executable_stack = EXSTACK_DEFAULT;
305  }
306 
307  retval = -ENOEXEC;
308  if (stack_size == 0)
309  goto error;
310 
311  if (elf_check_const_displacement(&interp_params.hdr))
312  interp_params.flags |= ELF_FDPIC_FLAG_CONSTDISP;
313 
314  /* flush all traces of the currently running executable */
315  retval = flush_old_exec(bprm);
316  if (retval)
317  goto error;
318 
319  /* there's now no turning back... the old userspace image is dead,
320  * defunct, deceased, etc. after this point we have to exit via
321  * error_kill */
322  set_personality(PER_LINUX_FDPIC);
323  if (elf_read_implies_exec(&exec_params.hdr, executable_stack))
324  current->personality |= READ_IMPLIES_EXEC;
325 
326  setup_new_exec(bprm);
327 
328  set_binfmt(&elf_fdpic_format);
329 
330  current->mm->start_code = 0;
331  current->mm->end_code = 0;
332  current->mm->start_stack = 0;
333  current->mm->start_data = 0;
334  current->mm->end_data = 0;
335  current->mm->context.exec_fdpic_loadmap = 0;
336  current->mm->context.interp_fdpic_loadmap = 0;
337 
338 #ifdef CONFIG_MMU
339  elf_fdpic_arch_lay_out_mm(&exec_params,
340  &interp_params,
341  &current->mm->start_stack,
342  &current->mm->start_brk);
343 
344  retval = setup_arg_pages(bprm, current->mm->start_stack,
345  executable_stack);
346  if (retval < 0) {
347  send_sig(SIGKILL, current, 0);
348  goto error_kill;
349  }
350 #endif
351 
352  /* load the executable and interpreter into memory */
353  retval = elf_fdpic_map_file(&exec_params, bprm->file, current->mm,
354  "executable");
355  if (retval < 0)
356  goto error_kill;
357 
358  if (interpreter_name) {
359  retval = elf_fdpic_map_file(&interp_params, interpreter,
360  current->mm, "interpreter");
361  if (retval < 0) {
362  printk(KERN_ERR "Unable to load interpreter\n");
363  goto error_kill;
364  }
365 
366  allow_write_access(interpreter);
367  fput(interpreter);
368  interpreter = NULL;
369  }
370 
371 #ifdef CONFIG_MMU
372  if (!current->mm->start_brk)
373  current->mm->start_brk = current->mm->end_data;
374 
375  current->mm->brk = current->mm->start_brk =
376  PAGE_ALIGN(current->mm->start_brk);
377 
378 #else
379  /* create a stack and brk area big enough for everyone
380  * - the brk heap starts at the bottom and works up
381  * - the stack starts at the top and works down
382  */
383  stack_size = (stack_size + PAGE_SIZE - 1) & PAGE_MASK;
384  if (stack_size < PAGE_SIZE * 2)
385  stack_size = PAGE_SIZE * 2;
386 
387  stack_prot = PROT_READ | PROT_WRITE;
388  if (executable_stack == EXSTACK_ENABLE_X ||
389  (executable_stack == EXSTACK_DEFAULT && VM_STACK_FLAGS & VM_EXEC))
390  stack_prot |= PROT_EXEC;
391 
392  current->mm->start_brk = vm_mmap(NULL, 0, stack_size, stack_prot,
393  MAP_PRIVATE | MAP_ANONYMOUS |
394  MAP_UNINITIALIZED | MAP_GROWSDOWN,
395  0);
396 
397  if (IS_ERR_VALUE(current->mm->start_brk)) {
398  retval = current->mm->start_brk;
399  current->mm->start_brk = 0;
400  goto error_kill;
401  }
402 
403  current->mm->brk = current->mm->start_brk;
404  current->mm->context.end_brk = current->mm->start_brk;
405  current->mm->context.end_brk +=
406  (stack_size > PAGE_SIZE) ? (stack_size - PAGE_SIZE) : 0;
407  current->mm->start_stack = current->mm->start_brk + stack_size;
408 #endif
409 
410  install_exec_creds(bprm);
411  if (create_elf_fdpic_tables(bprm, current->mm,
412  &exec_params, &interp_params) < 0)
413  goto error_kill;
414 
415  kdebug("- start_code %lx", current->mm->start_code);
416  kdebug("- end_code %lx", current->mm->end_code);
417  kdebug("- start_data %lx", current->mm->start_data);
418  kdebug("- end_data %lx", current->mm->end_data);
419  kdebug("- start_brk %lx", current->mm->start_brk);
420  kdebug("- brk %lx", current->mm->brk);
421  kdebug("- start_stack %lx", current->mm->start_stack);
422 
423 #ifdef ELF_FDPIC_PLAT_INIT
424  /*
425  * The ABI may specify that certain registers be set up in special
426  * ways (on i386 %edx is the address of a DT_FINI function, for
427  * example. This macro performs whatever initialization to
428  * the regs structure is required.
429  */
430  dynaddr = interp_params.dynamic_addr ?: exec_params.dynamic_addr;
431  ELF_FDPIC_PLAT_INIT(regs, exec_params.map_addr, interp_params.map_addr,
432  dynaddr);
433 #endif
434 
435  /* everything is now ready... get the userspace context ready to roll */
436  entryaddr = interp_params.entry_addr ?: exec_params.entry_addr;
437  start_thread(regs, entryaddr, current->mm->start_stack);
438 
439  retval = 0;
440 
441 error:
442  if (interpreter) {
443  allow_write_access(interpreter);
444  fput(interpreter);
445  }
446  kfree(interpreter_name);
447  kfree(exec_params.phdrs);
448  kfree(exec_params.loadmap);
449  kfree(interp_params.phdrs);
450  kfree(interp_params.loadmap);
451  return retval;
452 
453  /* unrecoverable error - kill the process */
454 error_kill:
455  send_sig(SIGSEGV, current, 0);
456  goto error;
457 
458 }
459 
460 /*****************************************************************************/
461 
462 #ifndef ELF_BASE_PLATFORM
463 /*
464  * AT_BASE_PLATFORM indicates the "real" hardware/microarchitecture.
465  * If the arch defines ELF_BASE_PLATFORM (in asm/elf.h), the value
466  * will be copied to the user stack in the same manner as AT_PLATFORM.
467  */
468 #define ELF_BASE_PLATFORM NULL
469 #endif
470 
471 /*
472  * present useful information to the program by shovelling it onto the new
473  * process's stack
474  */
475 static int create_elf_fdpic_tables(struct linux_binprm *bprm,
476  struct mm_struct *mm,
477  struct elf_fdpic_params *exec_params,
478  struct elf_fdpic_params *interp_params)
479 {
480  const struct cred *cred = current_cred();
481  unsigned long sp, csp, nitems;
482  elf_caddr_t __user *argv, *envp;
483  size_t platform_len = 0, len;
484  char *k_platform, *k_base_platform;
485  char __user *u_platform, *u_base_platform, *p;
486  long hwcap;
487  int loop;
488  int nr; /* reset for each csp adjustment */
489 
490 #ifdef CONFIG_MMU
491  /* In some cases (e.g. Hyper-Threading), we want to avoid L1 evictions
492  * by the processes running on the same package. One thing we can do is
493  * to shuffle the initial stack for them, so we give the architecture
494  * an opportunity to do so here.
495  */
496  sp = arch_align_stack(bprm->p);
497 #else
498  sp = mm->start_stack;
499 
500  /* stack the program arguments and environment */
501  if (elf_fdpic_transfer_args_to_stack(bprm, &sp) < 0)
502  return -EFAULT;
503 #endif
504 
505  hwcap = ELF_HWCAP;
506 
507  /*
508  * If this architecture has a platform capability string, copy it
509  * to userspace. In some cases (Sparc), this info is impossible
510  * for userspace to get any other way, in others (i386) it is
511  * merely difficult.
512  */
513  k_platform = ELF_PLATFORM;
514  u_platform = NULL;
515 
516  if (k_platform) {
517  platform_len = strlen(k_platform) + 1;
518  sp -= platform_len;
519  u_platform = (char __user *) sp;
520  if (__copy_to_user(u_platform, k_platform, platform_len) != 0)
521  return -EFAULT;
522  }
523 
524  /*
525  * If this architecture has a "base" platform capability
526  * string, copy it to userspace.
527  */
528  k_base_platform = ELF_BASE_PLATFORM;
529  u_base_platform = NULL;
530 
531  if (k_base_platform) {
532  platform_len = strlen(k_base_platform) + 1;
533  sp -= platform_len;
534  u_base_platform = (char __user *) sp;
535  if (__copy_to_user(u_base_platform, k_base_platform, platform_len) != 0)
536  return -EFAULT;
537  }
538 
539  sp &= ~7UL;
540 
541  /* stack the load map(s) */
542  len = sizeof(struct elf32_fdpic_loadmap);
543  len += sizeof(struct elf32_fdpic_loadseg) * exec_params->loadmap->nsegs;
544  sp = (sp - len) & ~7UL;
545  exec_params->map_addr = sp;
546 
547  if (copy_to_user((void __user *) sp, exec_params->loadmap, len) != 0)
548  return -EFAULT;
549 
550  current->mm->context.exec_fdpic_loadmap = (unsigned long) sp;
551 
552  if (interp_params->loadmap) {
553  len = sizeof(struct elf32_fdpic_loadmap);
554  len += sizeof(struct elf32_fdpic_loadseg) *
555  interp_params->loadmap->nsegs;
556  sp = (sp - len) & ~7UL;
557  interp_params->map_addr = sp;
558 
559  if (copy_to_user((void __user *) sp, interp_params->loadmap,
560  len) != 0)
561  return -EFAULT;
562 
563  current->mm->context.interp_fdpic_loadmap = (unsigned long) sp;
564  }
565 
566  /* force 16 byte _final_ alignment here for generality */
567 #define DLINFO_ITEMS 15
568 
569  nitems = 1 + DLINFO_ITEMS + (k_platform ? 1 : 0) +
570  (k_base_platform ? 1 : 0) + AT_VECTOR_SIZE_ARCH;
571 
572  if (bprm->interp_flags & BINPRM_FLAGS_EXECFD)
573  nitems++;
574 
575  csp = sp;
576  sp -= nitems * 2 * sizeof(unsigned long);
577  sp -= (bprm->envc + 1) * sizeof(char *); /* envv[] */
578  sp -= (bprm->argc + 1) * sizeof(char *); /* argv[] */
579  sp -= 1 * sizeof(unsigned long); /* argc */
580 
581  csp -= sp & 15UL;
582  sp -= sp & 15UL;
583 
584  /* put the ELF interpreter info on the stack */
585 #define NEW_AUX_ENT(id, val) \
586  do { \
587  struct { unsigned long _id, _val; } __user *ent; \
588  \
589  ent = (void __user *) csp; \
590  __put_user((id), &ent[nr]._id); \
591  __put_user((val), &ent[nr]._val); \
592  nr++; \
593  } while (0)
594 
595  nr = 0;
596  csp -= 2 * sizeof(unsigned long);
597  NEW_AUX_ENT(AT_NULL, 0);
598  if (k_platform) {
599  nr = 0;
600  csp -= 2 * sizeof(unsigned long);
601  NEW_AUX_ENT(AT_PLATFORM,
602  (elf_addr_t) (unsigned long) u_platform);
603  }
604 
605  if (k_base_platform) {
606  nr = 0;
607  csp -= 2 * sizeof(unsigned long);
608  NEW_AUX_ENT(AT_BASE_PLATFORM,
609  (elf_addr_t) (unsigned long) u_base_platform);
610  }
611 
612  if (bprm->interp_flags & BINPRM_FLAGS_EXECFD) {
613  nr = 0;
614  csp -= 2 * sizeof(unsigned long);
615  NEW_AUX_ENT(AT_EXECFD, bprm->interp_data);
616  }
617 
618  nr = 0;
619  csp -= DLINFO_ITEMS * 2 * sizeof(unsigned long);
620  NEW_AUX_ENT(AT_HWCAP, hwcap);
621  NEW_AUX_ENT(AT_PAGESZ, PAGE_SIZE);
622  NEW_AUX_ENT(AT_CLKTCK, CLOCKS_PER_SEC);
623  NEW_AUX_ENT(AT_PHDR, exec_params->ph_addr);
624  NEW_AUX_ENT(AT_PHENT, sizeof(struct elf_phdr));
625  NEW_AUX_ENT(AT_PHNUM, exec_params->hdr.e_phnum);
626  NEW_AUX_ENT(AT_BASE, interp_params->elfhdr_addr);
627  NEW_AUX_ENT(AT_FLAGS, 0);
628  NEW_AUX_ENT(AT_ENTRY, exec_params->entry_addr);
629  NEW_AUX_ENT(AT_UID, (elf_addr_t) from_kuid_munged(cred->user_ns, cred->uid));
630  NEW_AUX_ENT(AT_EUID, (elf_addr_t) from_kuid_munged(cred->user_ns, cred->euid));
631  NEW_AUX_ENT(AT_GID, (elf_addr_t) from_kgid_munged(cred->user_ns, cred->gid));
632  NEW_AUX_ENT(AT_EGID, (elf_addr_t) from_kgid_munged(cred->user_ns, cred->egid));
633  NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm));
634  NEW_AUX_ENT(AT_EXECFN, bprm->exec);
635 
636 #ifdef ARCH_DLINFO
637  nr = 0;
638  csp -= AT_VECTOR_SIZE_ARCH * 2 * sizeof(unsigned long);
639 
640  /* ARCH_DLINFO must come last so platform specific code can enforce
641  * special alignment requirements on the AUXV if necessary (eg. PPC).
642  */
643  ARCH_DLINFO;
644 #endif
645 #undef NEW_AUX_ENT
646 
647  /* allocate room for argv[] and envv[] */
648  csp -= (bprm->envc + 1) * sizeof(elf_caddr_t);
649  envp = (elf_caddr_t __user *) csp;
650  csp -= (bprm->argc + 1) * sizeof(elf_caddr_t);
651  argv = (elf_caddr_t __user *) csp;
652 
653  /* stack argc */
654  csp -= sizeof(unsigned long);
655  __put_user(bprm->argc, (unsigned long __user *) csp);
656 
657  BUG_ON(csp != sp);
658 
659  /* fill in the argv[] array */
660 #ifdef CONFIG_MMU
661  current->mm->arg_start = bprm->p;
662 #else
663  current->mm->arg_start = current->mm->start_stack -
664  (MAX_ARG_PAGES * PAGE_SIZE - bprm->p);
665 #endif
666 
667  p = (char __user *) current->mm->arg_start;
668  for (loop = bprm->argc; loop > 0; loop--) {
669  __put_user((elf_caddr_t) p, argv++);
670  len = strnlen_user(p, MAX_ARG_STRLEN);
671  if (!len || len > MAX_ARG_STRLEN)
672  return -EINVAL;
673  p += len;
674  }
675  __put_user(NULL, argv);
676  current->mm->arg_end = (unsigned long) p;
677 
678  /* fill in the envv[] array */
679  current->mm->env_start = (unsigned long) p;
680  for (loop = bprm->envc; loop > 0; loop--) {
681  __put_user((elf_caddr_t)(unsigned long) p, envp++);
682  len = strnlen_user(p, MAX_ARG_STRLEN);
683  if (!len || len > MAX_ARG_STRLEN)
684  return -EINVAL;
685  p += len;
686  }
687  __put_user(NULL, envp);
688  current->mm->env_end = (unsigned long) p;
689 
690  mm->start_stack = (unsigned long) sp;
691  return 0;
692 }
693 
694 /*****************************************************************************/
695 /*
696  * transfer the program arguments and environment from the holding pages onto
697  * the stack
698  */
699 #ifndef CONFIG_MMU
700 static int elf_fdpic_transfer_args_to_stack(struct linux_binprm *bprm,
701  unsigned long *_sp)
702 {
703  unsigned long index, stop, sp;
704  char *src;
705  int ret = 0;
706 
707  stop = bprm->p >> PAGE_SHIFT;
708  sp = *_sp;
709 
710  for (index = MAX_ARG_PAGES - 1; index >= stop; index--) {
711  src = kmap(bprm->page[index]);
712  sp -= PAGE_SIZE;
713  if (copy_to_user((void *) sp, src, PAGE_SIZE) != 0)
714  ret = -EFAULT;
715  kunmap(bprm->page[index]);
716  if (ret < 0)
717  goto out;
718  }
719 
720  *_sp = (*_sp - (MAX_ARG_PAGES * PAGE_SIZE - bprm->p)) & ~15;
721 
722 out:
723  return ret;
724 }
725 #endif
726 
727 /*****************************************************************************/
728 /*
729  * load the appropriate binary image (executable or interpreter) into memory
730  * - we assume no MMU is available
731  * - if no other PIC bits are set in params->hdr->e_flags
732  * - we assume that the LOADable segments in the binary are independently relocatable
733  * - we assume R/O executable segments are shareable
734  * - else
735  * - we assume the loadable parts of the image to require fixed displacement
736  * - the image is not shareable
737  */
738 static int elf_fdpic_map_file(struct elf_fdpic_params *params,
739  struct file *file,
740  struct mm_struct *mm,
741  const char *what)
742 {
743  struct elf32_fdpic_loadmap *loadmap;
744 #ifdef CONFIG_MMU
745  struct elf32_fdpic_loadseg *mseg;
746 #endif
747  struct elf32_fdpic_loadseg *seg;
748  struct elf32_phdr *phdr;
749  unsigned long load_addr, stop;
750  unsigned nloads, tmp;
751  size_t size;
752  int loop, ret;
753 
754  /* allocate a load map table */
755  nloads = 0;
756  for (loop = 0; loop < params->hdr.e_phnum; loop++)
757  if (params->phdrs[loop].p_type == PT_LOAD)
758  nloads++;
759 
760  if (nloads == 0)
761  return -ELIBBAD;
762 
763  size = sizeof(*loadmap) + nloads * sizeof(*seg);
764  loadmap = kzalloc(size, GFP_KERNEL);
765  if (!loadmap)
766  return -ENOMEM;
767 
768  params->loadmap = loadmap;
769 
770  loadmap->version = ELF32_FDPIC_LOADMAP_VERSION;
771  loadmap->nsegs = nloads;
772 
773  load_addr = params->load_addr;
774  seg = loadmap->segs;
775 
776  /* map the requested LOADs into the memory space */
777  switch (params->flags & ELF_FDPIC_FLAG_ARRANGEMENT) {
778  case ELF_FDPIC_FLAG_CONSTDISP:
779  case ELF_FDPIC_FLAG_CONTIGUOUS:
780 #ifndef CONFIG_MMU
781  ret = elf_fdpic_map_file_constdisp_on_uclinux(params, file, mm);
782  if (ret < 0)
783  return ret;
784  break;
785 #endif
786  default:
787  ret = elf_fdpic_map_file_by_direct_mmap(params, file, mm);
788  if (ret < 0)
789  return ret;
790  break;
791  }
792 
793  /* map the entry point */
794  if (params->hdr.e_entry) {
795  seg = loadmap->segs;
796  for (loop = loadmap->nsegs; loop > 0; loop--, seg++) {
797  if (params->hdr.e_entry >= seg->p_vaddr &&
798  params->hdr.e_entry < seg->p_vaddr + seg->p_memsz) {
799  params->entry_addr =
800  (params->hdr.e_entry - seg->p_vaddr) +
801  seg->addr;
802  break;
803  }
804  }
805  }
806 
807  /* determine where the program header table has wound up if mapped */
808  stop = params->hdr.e_phoff;
809  stop += params->hdr.e_phnum * sizeof (struct elf_phdr);
810  phdr = params->phdrs;
811 
812  for (loop = 0; loop < params->hdr.e_phnum; loop++, phdr++) {
813  if (phdr->p_type != PT_LOAD)
814  continue;
815 
816  if (phdr->p_offset > params->hdr.e_phoff ||
817  phdr->p_offset + phdr->p_filesz < stop)
818  continue;
819 
820  seg = loadmap->segs;
821  for (loop = loadmap->nsegs; loop > 0; loop--, seg++) {
822  if (phdr->p_vaddr >= seg->p_vaddr &&
823  phdr->p_vaddr + phdr->p_filesz <=
824  seg->p_vaddr + seg->p_memsz) {
825  params->ph_addr =
826  (phdr->p_vaddr - seg->p_vaddr) +
827  seg->addr +
828  params->hdr.e_phoff - phdr->p_offset;
829  break;
830  }
831  }
832  break;
833  }
834 
835  /* determine where the dynamic section has wound up if there is one */
836  phdr = params->phdrs;
837  for (loop = 0; loop < params->hdr.e_phnum; loop++, phdr++) {
838  if (phdr->p_type != PT_DYNAMIC)
839  continue;
840 
841  seg = loadmap->segs;
842  for (loop = loadmap->nsegs; loop > 0; loop--, seg++) {
843  if (phdr->p_vaddr >= seg->p_vaddr &&
844  phdr->p_vaddr + phdr->p_memsz <=
845  seg->p_vaddr + seg->p_memsz) {
846  params->dynamic_addr =
847  (phdr->p_vaddr - seg->p_vaddr) +
848  seg->addr;
849 
850  /* check the dynamic section contains at least
851  * one item, and that the last item is a NULL
852  * entry */
853  if (phdr->p_memsz == 0 ||
854  phdr->p_memsz % sizeof(Elf32_Dyn) != 0)
855  goto dynamic_error;
856 
857  tmp = phdr->p_memsz / sizeof(Elf32_Dyn);
858  if (((Elf32_Dyn *)
859  params->dynamic_addr)[tmp - 1].d_tag != 0)
860  goto dynamic_error;
861  break;
862  }
863  }
864  break;
865  }
866 
867  /* now elide adjacent segments in the load map on MMU linux
868  * - on uClinux the holes between may actually be filled with system
869  * stuff or stuff from other processes
870  */
871 #ifdef CONFIG_MMU
872  nloads = loadmap->nsegs;
873  mseg = loadmap->segs;
874  seg = mseg + 1;
875  for (loop = 1; loop < nloads; loop++) {
876  /* see if we have a candidate for merging */
877  if (seg->p_vaddr - mseg->p_vaddr == seg->addr - mseg->addr) {
878  load_addr = PAGE_ALIGN(mseg->addr + mseg->p_memsz);
879  if (load_addr == (seg->addr & PAGE_MASK)) {
880  mseg->p_memsz +=
881  load_addr -
882  (mseg->addr + mseg->p_memsz);
883  mseg->p_memsz += seg->addr & ~PAGE_MASK;
884  mseg->p_memsz += seg->p_memsz;
885  loadmap->nsegs--;
886  continue;
887  }
888  }
889 
890  mseg++;
891  if (mseg != seg)
892  *mseg = *seg;
893  }
894 #endif
895 
896  kdebug("Mapped Object [%s]:", what);
897  kdebug("- elfhdr : %lx", params->elfhdr_addr);
898  kdebug("- entry : %lx", params->entry_addr);
899  kdebug("- PHDR[] : %lx", params->ph_addr);
900  kdebug("- DYNAMIC[]: %lx", params->dynamic_addr);
901  seg = loadmap->segs;
902  for (loop = 0; loop < loadmap->nsegs; loop++, seg++)
903  kdebug("- LOAD[%d] : %08x-%08x [va=%x ms=%x]",
904  loop,
905  seg->addr, seg->addr + seg->p_memsz - 1,
906  seg->p_vaddr, seg->p_memsz);
907 
908  return 0;
909 
910 dynamic_error:
911  printk("ELF FDPIC %s with invalid DYNAMIC section (inode=%lu)\n",
912  what, file->f_path.dentry->d_inode->i_ino);
913  return -ELIBBAD;
914 }
915 
916 /*****************************************************************************/
917 /*
918  * map a file with constant displacement under uClinux
919  */
920 #ifndef CONFIG_MMU
921 static int elf_fdpic_map_file_constdisp_on_uclinux(
922  struct elf_fdpic_params *params,
923  struct file *file,
924  struct mm_struct *mm)
925 {
926  struct elf32_fdpic_loadseg *seg;
927  struct elf32_phdr *phdr;
928  unsigned long load_addr, base = ULONG_MAX, top = 0, maddr = 0, mflags;
929  loff_t fpos;
930  int loop, ret;
931 
932  load_addr = params->load_addr;
933  seg = params->loadmap->segs;
934 
935  /* determine the bounds of the contiguous overall allocation we must
936  * make */
937  phdr = params->phdrs;
938  for (loop = 0; loop < params->hdr.e_phnum; loop++, phdr++) {
939  if (params->phdrs[loop].p_type != PT_LOAD)
940  continue;
941 
942  if (base > phdr->p_vaddr)
943  base = phdr->p_vaddr;
944  if (top < phdr->p_vaddr + phdr->p_memsz)
945  top = phdr->p_vaddr + phdr->p_memsz;
946  }
947 
948  /* allocate one big anon block for everything */
949  mflags = MAP_PRIVATE;
950  if (params->flags & ELF_FDPIC_FLAG_EXECUTABLE)
951  mflags |= MAP_EXECUTABLE;
952 
953  maddr = vm_mmap(NULL, load_addr, top - base,
954  PROT_READ | PROT_WRITE | PROT_EXEC, mflags, 0);
955  if (IS_ERR_VALUE(maddr))
956  return (int) maddr;
957 
958  if (load_addr != 0)
959  load_addr += PAGE_ALIGN(top - base);
960 
961  /* and then load the file segments into it */
962  phdr = params->phdrs;
963  for (loop = 0; loop < params->hdr.e_phnum; loop++, phdr++) {
964  if (params->phdrs[loop].p_type != PT_LOAD)
965  continue;
966 
967  fpos = phdr->p_offset;
968 
969  seg->addr = maddr + (phdr->p_vaddr - base);
970  seg->p_vaddr = phdr->p_vaddr;
971  seg->p_memsz = phdr->p_memsz;
972 
973  ret = file->f_op->read(file, (void *) seg->addr,
974  phdr->p_filesz, &fpos);
975  if (ret < 0)
976  return ret;
977 
978  /* map the ELF header address if in this segment */
979  if (phdr->p_offset == 0)
980  params->elfhdr_addr = seg->addr;
981 
982  /* clear any space allocated but not loaded */
983  if (phdr->p_filesz < phdr->p_memsz) {
984  if (clear_user((void *) (seg->addr + phdr->p_filesz),
985  phdr->p_memsz - phdr->p_filesz))
986  return -EFAULT;
987  }
988 
989  if (mm) {
990  if (phdr->p_flags & PF_X) {
991  if (!mm->start_code) {
992  mm->start_code = seg->addr;
993  mm->end_code = seg->addr +
994  phdr->p_memsz;
995  }
996  } else if (!mm->start_data) {
997  mm->start_data = seg->addr;
998  mm->end_data = seg->addr + phdr->p_memsz;
999  }
1000  }
1001 
1002  seg++;
1003  }
1004 
1005  return 0;
1006 }
1007 #endif
1008 
1009 /*****************************************************************************/
1010 /*
1011  * map a binary by direct mmap() of the individual PT_LOAD segments
1012  */
1013 static int elf_fdpic_map_file_by_direct_mmap(struct elf_fdpic_params *params,
1014  struct file *file,
1015  struct mm_struct *mm)
1016 {
1017  struct elf32_fdpic_loadseg *seg;
1018  struct elf32_phdr *phdr;
1019  unsigned long load_addr, delta_vaddr;
1020  int loop, dvset;
1021 
1022  load_addr = params->load_addr;
1023  delta_vaddr = 0;
1024  dvset = 0;
1025 
1026  seg = params->loadmap->segs;
1027 
1028  /* deal with each load segment separately */
1029  phdr = params->phdrs;
1030  for (loop = 0; loop < params->hdr.e_phnum; loop++, phdr++) {
1031  unsigned long maddr, disp, excess, excess1;
1032  int prot = 0, flags;
1033 
1034  if (phdr->p_type != PT_LOAD)
1035  continue;
1036 
1037  kdebug("[LOAD] va=%lx of=%lx fs=%lx ms=%lx",
1038  (unsigned long) phdr->p_vaddr,
1039  (unsigned long) phdr->p_offset,
1040  (unsigned long) phdr->p_filesz,
1041  (unsigned long) phdr->p_memsz);
1042 
1043  /* determine the mapping parameters */
1044  if (phdr->p_flags & PF_R) prot |= PROT_READ;
1045  if (phdr->p_flags & PF_W) prot |= PROT_WRITE;
1046  if (phdr->p_flags & PF_X) prot |= PROT_EXEC;
1047 
1048  flags = MAP_PRIVATE | MAP_DENYWRITE;
1049  if (params->flags & ELF_FDPIC_FLAG_EXECUTABLE)
1050  flags |= MAP_EXECUTABLE;
1051 
1052  maddr = 0;
1053 
1054  switch (params->flags & ELF_FDPIC_FLAG_ARRANGEMENT) {
1055  case ELF_FDPIC_FLAG_INDEPENDENT:
1056  /* PT_LOADs are independently locatable */
1057  break;
1058 
1059  case ELF_FDPIC_FLAG_HONOURVADDR:
1060  /* the specified virtual address must be honoured */
1061  maddr = phdr->p_vaddr;
1062  flags |= MAP_FIXED;
1063  break;
1064 
1065  case ELF_FDPIC_FLAG_CONSTDISP:
1066  /* constant displacement
1067  * - can be mapped anywhere, but must be mapped as a
1068  * unit
1069  */
1070  if (!dvset) {
1071  maddr = load_addr;
1072  delta_vaddr = phdr->p_vaddr;
1073  dvset = 1;
1074  } else {
1075  maddr = load_addr + phdr->p_vaddr - delta_vaddr;
1076  flags |= MAP_FIXED;
1077  }
1078  break;
1079 
1080  case ELF_FDPIC_FLAG_CONTIGUOUS:
1081  /* contiguity handled later */
1082  break;
1083 
1084  default:
1085  BUG();
1086  }
1087 
1088  maddr &= PAGE_MASK;
1089 
1090  /* create the mapping */
1091  disp = phdr->p_vaddr & ~PAGE_MASK;
1092  maddr = vm_mmap(file, maddr, phdr->p_memsz + disp, prot, flags,
1093  phdr->p_offset - disp);
1094 
1095  kdebug("mmap[%d] <file> sz=%lx pr=%x fl=%x of=%lx --> %08lx",
1096  loop, phdr->p_memsz + disp, prot, flags,
1097  phdr->p_offset - disp, maddr);
1098 
1099  if (IS_ERR_VALUE(maddr))
1100  return (int) maddr;
1101 
1102  if ((params->flags & ELF_FDPIC_FLAG_ARRANGEMENT) ==
1103  ELF_FDPIC_FLAG_CONTIGUOUS)
1104  load_addr += PAGE_ALIGN(phdr->p_memsz + disp);
1105 
1106  seg->addr = maddr + disp;
1107  seg->p_vaddr = phdr->p_vaddr;
1108  seg->p_memsz = phdr->p_memsz;
1109 
1110  /* map the ELF header address if in this segment */
1111  if (phdr->p_offset == 0)
1112  params->elfhdr_addr = seg->addr;
1113 
1114  /* clear the bit between beginning of mapping and beginning of
1115  * PT_LOAD */
1116  if (prot & PROT_WRITE && disp > 0) {
1117  kdebug("clear[%d] ad=%lx sz=%lx", loop, maddr, disp);
1118  if (clear_user((void __user *) maddr, disp))
1119  return -EFAULT;
1120  maddr += disp;
1121  }
1122 
1123  /* clear any space allocated but not loaded
1124  * - on uClinux we can just clear the lot
1125  * - on MMU linux we'll get a SIGBUS beyond the last page
1126  * extant in the file
1127  */
1128  excess = phdr->p_memsz - phdr->p_filesz;
1129  excess1 = PAGE_SIZE - ((maddr + phdr->p_filesz) & ~PAGE_MASK);
1130 
1131 #ifdef CONFIG_MMU
1132  if (excess > excess1) {
1133  unsigned long xaddr = maddr + phdr->p_filesz + excess1;
1134  unsigned long xmaddr;
1135 
1136  flags |= MAP_FIXED | MAP_ANONYMOUS;
1137  xmaddr = vm_mmap(NULL, xaddr, excess - excess1,
1138  prot, flags, 0);
1139 
1140  kdebug("mmap[%d] <anon>"
1141  " ad=%lx sz=%lx pr=%x fl=%x of=0 --> %08lx",
1142  loop, xaddr, excess - excess1, prot, flags,
1143  xmaddr);
1144 
1145  if (xmaddr != xaddr)
1146  return -ENOMEM;
1147  }
1148 
1149  if (prot & PROT_WRITE && excess1 > 0) {
1150  kdebug("clear[%d] ad=%lx sz=%lx",
1151  loop, maddr + phdr->p_filesz, excess1);
1152  if (clear_user((void __user *) maddr + phdr->p_filesz,
1153  excess1))
1154  return -EFAULT;
1155  }
1156 
1157 #else
1158  if (excess > 0) {
1159  kdebug("clear[%d] ad=%lx sz=%lx",
1160  loop, maddr + phdr->p_filesz, excess);
1161  if (clear_user((void *) maddr + phdr->p_filesz, excess))
1162  return -EFAULT;
1163  }
1164 #endif
1165 
1166  if (mm) {
1167  if (phdr->p_flags & PF_X) {
1168  if (!mm->start_code) {
1169  mm->start_code = maddr;
1170  mm->end_code = maddr + phdr->p_memsz;
1171  }
1172  } else if (!mm->start_data) {
1173  mm->start_data = maddr;
1174  mm->end_data = maddr + phdr->p_memsz;
1175  }
1176  }
1177 
1178  seg++;
1179  }
1180 
1181  return 0;
1182 }
1183 
1184 /*****************************************************************************/
1185 /*
1186  * ELF-FDPIC core dumper
1187  *
1188  * Modelled on fs/exec.c:aout_core_dump()
1189  * Jeremy Fitzhardinge <[email protected]>
1190  *
1191  * Modelled on fs/binfmt_elf.c core dumper
1192  */
1193 #ifdef CONFIG_ELF_CORE
1194 
1195 /*
1196  * Decide whether a segment is worth dumping; default is yes to be
1197  * sure (missing info is worse than too much; etc).
1198  * Personally I'd include everything, and use the coredump limit...
1199  *
1200  * I think we should skip something. But I am not sure how. H.J.
1201  */
1202 static int maydump(struct vm_area_struct *vma, unsigned long mm_flags)
1203 {
1204  int dump_ok;
1205 
1206  /* Do not dump I/O mapped devices or special mappings */
1207  if (vma->vm_flags & VM_IO) {
1208  kdcore("%08lx: %08lx: no (IO)", vma->vm_start, vma->vm_flags);
1209  return 0;
1210  }
1211 
1212  /* If we may not read the contents, don't allow us to dump
1213  * them either. "dump_write()" can't handle it anyway.
1214  */
1215  if (!(vma->vm_flags & VM_READ)) {
1216  kdcore("%08lx: %08lx: no (!read)", vma->vm_start, vma->vm_flags);
1217  return 0;
1218  }
1219 
1220  /* By default, dump shared memory if mapped from an anonymous file. */
1221  if (vma->vm_flags & VM_SHARED) {
1222  if (vma->vm_file->f_path.dentry->d_inode->i_nlink == 0) {
1223  dump_ok = test_bit(MMF_DUMP_ANON_SHARED, &mm_flags);
1224  kdcore("%08lx: %08lx: %s (share)", vma->vm_start,
1225  vma->vm_flags, dump_ok ? "yes" : "no");
1226  return dump_ok;
1227  }
1228 
1229  dump_ok = test_bit(MMF_DUMP_MAPPED_SHARED, &mm_flags);
1230  kdcore("%08lx: %08lx: %s (share)", vma->vm_start,
1231  vma->vm_flags, dump_ok ? "yes" : "no");
1232  return dump_ok;
1233  }
1234 
1235 #ifdef CONFIG_MMU
1236  /* By default, if it hasn't been written to, don't write it out */
1237  if (!vma->anon_vma) {
1238  dump_ok = test_bit(MMF_DUMP_MAPPED_PRIVATE, &mm_flags);
1239  kdcore("%08lx: %08lx: %s (!anon)", vma->vm_start,
1240  vma->vm_flags, dump_ok ? "yes" : "no");
1241  return dump_ok;
1242  }
1243 #endif
1244 
1245  dump_ok = test_bit(MMF_DUMP_ANON_PRIVATE, &mm_flags);
1246  kdcore("%08lx: %08lx: %s", vma->vm_start, vma->vm_flags,
1247  dump_ok ? "yes" : "no");
1248  return dump_ok;
1249 }
1250 
1251 /* An ELF note in memory */
1252 struct memelfnote
1253 {
1254  const char *name;
1255  int type;
1256  unsigned int datasz;
1257  void *data;
1258 };
1259 
1260 static int notesize(struct memelfnote *en)
1261 {
1262  int sz;
1263 
1264  sz = sizeof(struct elf_note);
1265  sz += roundup(strlen(en->name) + 1, 4);
1266  sz += roundup(en->datasz, 4);
1267 
1268  return sz;
1269 }
1270 
1271 /* #define DEBUG */
1272 
1273 #define DUMP_WRITE(addr, nr, foffset) \
1274  do { if (!dump_write(file, (addr), (nr))) return 0; *foffset += (nr); } while(0)
1275 
1276 static int alignfile(struct file *file, loff_t *foffset)
1277 {
1278  static const char buf[4] = { 0, };
1279  DUMP_WRITE(buf, roundup(*foffset, 4) - *foffset, foffset);
1280  return 1;
1281 }
1282 
1283 static int writenote(struct memelfnote *men, struct file *file,
1284  loff_t *foffset)
1285 {
1286  struct elf_note en;
1287  en.n_namesz = strlen(men->name) + 1;
1288  en.n_descsz = men->datasz;
1289  en.n_type = men->type;
1290 
1291  DUMP_WRITE(&en, sizeof(en), foffset);
1292  DUMP_WRITE(men->name, en.n_namesz, foffset);
1293  if (!alignfile(file, foffset))
1294  return 0;
1295  DUMP_WRITE(men->data, men->datasz, foffset);
1296  if (!alignfile(file, foffset))
1297  return 0;
1298 
1299  return 1;
1300 }
1301 #undef DUMP_WRITE
1302 
1303 static inline void fill_elf_fdpic_header(struct elfhdr *elf, int segs)
1304 {
1305  memcpy(elf->e_ident, ELFMAG, SELFMAG);
1306  elf->e_ident[EI_CLASS] = ELF_CLASS;
1307  elf->e_ident[EI_DATA] = ELF_DATA;
1308  elf->e_ident[EI_VERSION] = EV_CURRENT;
1309  elf->e_ident[EI_OSABI] = ELF_OSABI;
1310  memset(elf->e_ident+EI_PAD, 0, EI_NIDENT-EI_PAD);
1311 
1312  elf->e_type = ET_CORE;
1313  elf->e_machine = ELF_ARCH;
1314  elf->e_version = EV_CURRENT;
1315  elf->e_entry = 0;
1316  elf->e_phoff = sizeof(struct elfhdr);
1317  elf->e_shoff = 0;
1318  elf->e_flags = ELF_FDPIC_CORE_EFLAGS;
1319  elf->e_ehsize = sizeof(struct elfhdr);
1320  elf->e_phentsize = sizeof(struct elf_phdr);
1321  elf->e_phnum = segs;
1322  elf->e_shentsize = 0;
1323  elf->e_shnum = 0;
1324  elf->e_shstrndx = 0;
1325  return;
1326 }
1327 
1328 static inline void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, loff_t offset)
1329 {
1330  phdr->p_type = PT_NOTE;
1331  phdr->p_offset = offset;
1332  phdr->p_vaddr = 0;
1333  phdr->p_paddr = 0;
1334  phdr->p_filesz = sz;
1335  phdr->p_memsz = 0;
1336  phdr->p_flags = 0;
1337  phdr->p_align = 0;
1338  return;
1339 }
1340 
1341 static inline void fill_note(struct memelfnote *note, const char *name, int type,
1342  unsigned int sz, void *data)
1343 {
1344  note->name = name;
1345  note->type = type;
1346  note->datasz = sz;
1347  note->data = data;
1348  return;
1349 }
1350 
1351 /*
1352  * fill up all the fields in prstatus from the given task struct, except
1353  * registers which need to be filled up separately.
1354  */
1355 static void fill_prstatus(struct elf_prstatus *prstatus,
1356  struct task_struct *p, long signr)
1357 {
1358  prstatus->pr_info.si_signo = prstatus->pr_cursig = signr;
1359  prstatus->pr_sigpend = p->pending.signal.sig[0];
1360  prstatus->pr_sighold = p->blocked.sig[0];
1361  rcu_read_lock();
1362  prstatus->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1363  rcu_read_unlock();
1364  prstatus->pr_pid = task_pid_vnr(p);
1365  prstatus->pr_pgrp = task_pgrp_vnr(p);
1366  prstatus->pr_sid = task_session_vnr(p);
1367  if (thread_group_leader(p)) {
1368  struct task_cputime cputime;
1369 
1370  /*
1371  * This is the record for the group leader. It shows the
1372  * group-wide total, not its individual thread total.
1373  */
1374  thread_group_cputime(p, &cputime);
1375  cputime_to_timeval(cputime.utime, &prstatus->pr_utime);
1376  cputime_to_timeval(cputime.stime, &prstatus->pr_stime);
1377  } else {
1378  cputime_to_timeval(p->utime, &prstatus->pr_utime);
1379  cputime_to_timeval(p->stime, &prstatus->pr_stime);
1380  }
1381  cputime_to_timeval(p->signal->cutime, &prstatus->pr_cutime);
1382  cputime_to_timeval(p->signal->cstime, &prstatus->pr_cstime);
1383 
1384  prstatus->pr_exec_fdpic_loadmap = p->mm->context.exec_fdpic_loadmap;
1385  prstatus->pr_interp_fdpic_loadmap = p->mm->context.interp_fdpic_loadmap;
1386 }
1387 
1388 static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p,
1389  struct mm_struct *mm)
1390 {
1391  const struct cred *cred;
1392  unsigned int i, len;
1393 
1394  /* first copy the parameters from user space */
1395  memset(psinfo, 0, sizeof(struct elf_prpsinfo));
1396 
1397  len = mm->arg_end - mm->arg_start;
1398  if (len >= ELF_PRARGSZ)
1399  len = ELF_PRARGSZ - 1;
1400  if (copy_from_user(&psinfo->pr_psargs,
1401  (const char __user *) mm->arg_start, len))
1402  return -EFAULT;
1403  for (i = 0; i < len; i++)
1404  if (psinfo->pr_psargs[i] == 0)
1405  psinfo->pr_psargs[i] = ' ';
1406  psinfo->pr_psargs[len] = 0;
1407 
1408  rcu_read_lock();
1409  psinfo->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1410  rcu_read_unlock();
1411  psinfo->pr_pid = task_pid_vnr(p);
1412  psinfo->pr_pgrp = task_pgrp_vnr(p);
1413  psinfo->pr_sid = task_session_vnr(p);
1414 
1415  i = p->state ? ffz(~p->state) + 1 : 0;
1416  psinfo->pr_state = i;
1417  psinfo->pr_sname = (i > 5) ? '.' : "RSDTZW"[i];
1418  psinfo->pr_zomb = psinfo->pr_sname == 'Z';
1419  psinfo->pr_nice = task_nice(p);
1420  psinfo->pr_flag = p->flags;
1421  rcu_read_lock();
1422  cred = __task_cred(p);
1423  SET_UID(psinfo->pr_uid, from_kuid_munged(cred->user_ns, cred->uid));
1424  SET_GID(psinfo->pr_gid, from_kgid_munged(cred->user_ns, cred->gid));
1425  rcu_read_unlock();
1426  strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname));
1427 
1428  return 0;
1429 }
1430 
1431 /* Here is the structure in which status of each thread is captured. */
1432 struct elf_thread_status
1433 {
1434  struct list_head list;
1435  struct elf_prstatus prstatus; /* NT_PRSTATUS */
1436  elf_fpregset_t fpu; /* NT_PRFPREG */
1437  struct task_struct *thread;
1438 #ifdef ELF_CORE_COPY_XFPREGS
1439  elf_fpxregset_t xfpu; /* ELF_CORE_XFPREG_TYPE */
1440 #endif
1441  struct memelfnote notes[3];
1442  int num_notes;
1443 };
1444 
1445 /*
1446  * In order to add the specific thread information for the elf file format,
1447  * we need to keep a linked list of every thread's pr_status and then create
1448  * a single section for them in the final core file.
1449  */
1450 static int elf_dump_thread_status(long signr, struct elf_thread_status *t)
1451 {
1452  struct task_struct *p = t->thread;
1453  int sz = 0;
1454 
1455  t->num_notes = 0;
1456 
1457  fill_prstatus(&t->prstatus, p, signr);
1458  elf_core_copy_task_regs(p, &t->prstatus.pr_reg);
1459 
1460  fill_note(&t->notes[0], "CORE", NT_PRSTATUS, sizeof(t->prstatus),
1461  &t->prstatus);
1462  t->num_notes++;
1463  sz += notesize(&t->notes[0]);
1464 
1465  t->prstatus.pr_fpvalid = elf_core_copy_task_fpregs(p, NULL, &t->fpu);
1466  if (t->prstatus.pr_fpvalid) {
1467  fill_note(&t->notes[1], "CORE", NT_PRFPREG, sizeof(t->fpu),
1468  &t->fpu);
1469  t->num_notes++;
1470  sz += notesize(&t->notes[1]);
1471  }
1472 
1473 #ifdef ELF_CORE_COPY_XFPREGS
1474  if (elf_core_copy_task_xfpregs(p, &t->xfpu)) {
1475  fill_note(&t->notes[2], "LINUX", ELF_CORE_XFPREG_TYPE,
1476  sizeof(t->xfpu), &t->xfpu);
1477  t->num_notes++;
1478  sz += notesize(&t->notes[2]);
1479  }
1480 #endif
1481  return sz;
1482 }
1483 
1484 static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
1485  elf_addr_t e_shoff, int segs)
1486 {
1487  elf->e_shoff = e_shoff;
1488  elf->e_shentsize = sizeof(*shdr4extnum);
1489  elf->e_shnum = 1;
1490  elf->e_shstrndx = SHN_UNDEF;
1491 
1492  memset(shdr4extnum, 0, sizeof(*shdr4extnum));
1493 
1494  shdr4extnum->sh_type = SHT_NULL;
1495  shdr4extnum->sh_size = elf->e_shnum;
1496  shdr4extnum->sh_link = elf->e_shstrndx;
1497  shdr4extnum->sh_info = segs;
1498 }
1499 
1500 /*
1501  * dump the segments for an MMU process
1502  */
1503 #ifdef CONFIG_MMU
1504 static int elf_fdpic_dump_segments(struct file *file, size_t *size,
1505  unsigned long *limit, unsigned long mm_flags)
1506 {
1507  struct vm_area_struct *vma;
1508  int err = 0;
1509 
1510  for (vma = current->mm->mmap; vma; vma = vma->vm_next) {
1511  unsigned long addr;
1512 
1513  if (!maydump(vma, mm_flags))
1514  continue;
1515 
1516  for (addr = vma->vm_start; addr < vma->vm_end;
1517  addr += PAGE_SIZE) {
1518  struct page *page = get_dump_page(addr);
1519  if (page) {
1520  void *kaddr = kmap(page);
1521  *size += PAGE_SIZE;
1522  if (*size > *limit)
1523  err = -EFBIG;
1524  else if (!dump_write(file, kaddr, PAGE_SIZE))
1525  err = -EIO;
1526  kunmap(page);
1527  page_cache_release(page);
1528  } else if (!dump_seek(file, PAGE_SIZE))
1529  err = -EFBIG;
1530  if (err)
1531  goto out;
1532  }
1533  }
1534 out:
1535  return err;
1536 }
1537 #endif
1538 
1539 /*
1540  * dump the segments for a NOMMU process
1541  */
1542 #ifndef CONFIG_MMU
1543 static int elf_fdpic_dump_segments(struct file *file, size_t *size,
1544  unsigned long *limit, unsigned long mm_flags)
1545 {
1546  struct vm_area_struct *vma;
1547 
1548  for (vma = current->mm->mmap; vma; vma = vma->vm_next) {
1549  if (!maydump(vma, mm_flags))
1550  continue;
1551 
1552  if ((*size += PAGE_SIZE) > *limit)
1553  return -EFBIG;
1554 
1555  if (!dump_write(file, (void *) vma->vm_start,
1556  vma->vm_end - vma->vm_start))
1557  return -EIO;
1558  }
1559 
1560  return 0;
1561 }
1562 #endif
1563 
1564 static size_t elf_core_vma_data_size(unsigned long mm_flags)
1565 {
1566  struct vm_area_struct *vma;
1567  size_t size = 0;
1568 
1569  for (vma = current->mm->mmap; vma; vma = vma->vm_next)
1570  if (maydump(vma, mm_flags))
1571  size += vma->vm_end - vma->vm_start;
1572  return size;
1573 }
1574 
1575 /*
1576  * Actual dumper
1577  *
1578  * This is a two-pass process; first we find the offsets of the bits,
1579  * and then they are actually written out. If we run out of core limit
1580  * we just truncate.
1581  */
1582 static int elf_fdpic_core_dump(struct coredump_params *cprm)
1583 {
1584 #define NUM_NOTES 6
1585  int has_dumped = 0;
1586  mm_segment_t fs;
1587  int segs;
1588  size_t size = 0;
1589  int i;
1590  struct vm_area_struct *vma;
1591  struct elfhdr *elf = NULL;
1592  loff_t offset = 0, dataoff, foffset;
1593  int numnote;
1594  struct memelfnote *notes = NULL;
1595  struct elf_prstatus *prstatus = NULL; /* NT_PRSTATUS */
1596  struct elf_prpsinfo *psinfo = NULL; /* NT_PRPSINFO */
1597  LIST_HEAD(thread_list);
1598  struct list_head *t;
1599  elf_fpregset_t *fpu = NULL;
1600 #ifdef ELF_CORE_COPY_XFPREGS
1601  elf_fpxregset_t *xfpu = NULL;
1602 #endif
1603  int thread_status_size = 0;
1604  elf_addr_t *auxv;
1605  struct elf_phdr *phdr4note = NULL;
1606  struct elf_shdr *shdr4extnum = NULL;
1607  Elf_Half e_phnum;
1608  elf_addr_t e_shoff;
1609 
1610  /*
1611  * We no longer stop all VM operations.
1612  *
1613  * This is because those proceses that could possibly change map_count
1614  * or the mmap / vma pages are now blocked in do_exit on current
1615  * finishing this core dump.
1616  *
1617  * Only ptrace can touch these memory addresses, but it doesn't change
1618  * the map_count or the pages allocated. So no possibility of crashing
1619  * exists while dumping the mm->vm_next areas to the core file.
1620  */
1621 
1622  /* alloc memory for large data structures: too large to be on stack */
1623  elf = kmalloc(sizeof(*elf), GFP_KERNEL);
1624  if (!elf)
1625  goto cleanup;
1626  prstatus = kzalloc(sizeof(*prstatus), GFP_KERNEL);
1627  if (!prstatus)
1628  goto cleanup;
1629  psinfo = kmalloc(sizeof(*psinfo), GFP_KERNEL);
1630  if (!psinfo)
1631  goto cleanup;
1632  notes = kmalloc(NUM_NOTES * sizeof(struct memelfnote), GFP_KERNEL);
1633  if (!notes)
1634  goto cleanup;
1635  fpu = kmalloc(sizeof(*fpu), GFP_KERNEL);
1636  if (!fpu)
1637  goto cleanup;
1638 #ifdef ELF_CORE_COPY_XFPREGS
1639  xfpu = kmalloc(sizeof(*xfpu), GFP_KERNEL);
1640  if (!xfpu)
1641  goto cleanup;
1642 #endif
1643 
1644  if (cprm->siginfo->si_signo) {
1645  struct core_thread *ct;
1646  struct elf_thread_status *tmp;
1647 
1648  for (ct = current->mm->core_state->dumper.next;
1649  ct; ct = ct->next) {
1650  tmp = kzalloc(sizeof(*tmp), GFP_KERNEL);
1651  if (!tmp)
1652  goto cleanup;
1653 
1654  tmp->thread = ct->task;
1655  list_add(&tmp->list, &thread_list);
1656  }
1657 
1658  list_for_each(t, &thread_list) {
1659  struct elf_thread_status *tmp;
1660  int sz;
1661 
1662  tmp = list_entry(t, struct elf_thread_status, list);
1663  sz = elf_dump_thread_status(cprm->siginfo->si_signo, tmp);
1664  thread_status_size += sz;
1665  }
1666  }
1667 
1668  /* now collect the dump for the current */
1669  fill_prstatus(prstatus, current, cprm->siginfo->si_signo);
1670  elf_core_copy_regs(&prstatus->pr_reg, cprm->regs);
1671 
1672  segs = current->mm->map_count;
1673  segs += elf_core_extra_phdrs();
1674 
1675  /* for notes section */
1676  segs++;
1677 
1678  /* If segs > PN_XNUM(0xffff), then e_phnum overflows. To avoid
1679  * this, kernel supports extended numbering. Have a look at
1680  * include/linux/elf.h for further information. */
1681  e_phnum = segs > PN_XNUM ? PN_XNUM : segs;
1682 
1683  /* Set up header */
1684  fill_elf_fdpic_header(elf, e_phnum);
1685 
1686  has_dumped = 1;
1687  current->flags |= PF_DUMPCORE;
1688 
1689  /*
1690  * Set up the notes in similar form to SVR4 core dumps made
1691  * with info from their /proc.
1692  */
1693 
1694  fill_note(notes + 0, "CORE", NT_PRSTATUS, sizeof(*prstatus), prstatus);
1695  fill_psinfo(psinfo, current->group_leader, current->mm);
1696  fill_note(notes + 1, "CORE", NT_PRPSINFO, sizeof(*psinfo), psinfo);
1697 
1698  numnote = 2;
1699 
1700  auxv = (elf_addr_t *) current->mm->saved_auxv;
1701 
1702  i = 0;
1703  do
1704  i += 2;
1705  while (auxv[i - 2] != AT_NULL);
1706  fill_note(&notes[numnote++], "CORE", NT_AUXV,
1707  i * sizeof(elf_addr_t), auxv);
1708 
1709  /* Try to dump the FPU. */
1710  if ((prstatus->pr_fpvalid =
1711  elf_core_copy_task_fpregs(current, cprm->regs, fpu)))
1712  fill_note(notes + numnote++,
1713  "CORE", NT_PRFPREG, sizeof(*fpu), fpu);
1714 #ifdef ELF_CORE_COPY_XFPREGS
1715  if (elf_core_copy_task_xfpregs(current, xfpu))
1716  fill_note(notes + numnote++,
1717  "LINUX", ELF_CORE_XFPREG_TYPE, sizeof(*xfpu), xfpu);
1718 #endif
1719 
1720  fs = get_fs();
1721  set_fs(KERNEL_DS);
1722 
1723  offset += sizeof(*elf); /* Elf header */
1724  offset += segs * sizeof(struct elf_phdr); /* Program headers */
1725  foffset = offset;
1726 
1727  /* Write notes phdr entry */
1728  {
1729  int sz = 0;
1730 
1731  for (i = 0; i < numnote; i++)
1732  sz += notesize(notes + i);
1733 
1734  sz += thread_status_size;
1735 
1736  phdr4note = kmalloc(sizeof(*phdr4note), GFP_KERNEL);
1737  if (!phdr4note)
1738  goto end_coredump;
1739 
1740  fill_elf_note_phdr(phdr4note, sz, offset);
1741  offset += sz;
1742  }
1743 
1744  /* Page-align dumped data */
1745  dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
1746 
1747  offset += elf_core_vma_data_size(cprm->mm_flags);
1748  offset += elf_core_extra_data_size();
1749  e_shoff = offset;
1750 
1751  if (e_phnum == PN_XNUM) {
1752  shdr4extnum = kmalloc(sizeof(*shdr4extnum), GFP_KERNEL);
1753  if (!shdr4extnum)
1754  goto end_coredump;
1755  fill_extnum_info(elf, shdr4extnum, e_shoff, segs);
1756  }
1757 
1758  offset = dataoff;
1759 
1760  size += sizeof(*elf);
1761  if (size > cprm->limit || !dump_write(cprm->file, elf, sizeof(*elf)))
1762  goto end_coredump;
1763 
1764  size += sizeof(*phdr4note);
1765  if (size > cprm->limit
1766  || !dump_write(cprm->file, phdr4note, sizeof(*phdr4note)))
1767  goto end_coredump;
1768 
1769  /* write program headers for segments dump */
1770  for (vma = current->mm->mmap; vma; vma = vma->vm_next) {
1771  struct elf_phdr phdr;
1772  size_t sz;
1773 
1774  sz = vma->vm_end - vma->vm_start;
1775 
1776  phdr.p_type = PT_LOAD;
1777  phdr.p_offset = offset;
1778  phdr.p_vaddr = vma->vm_start;
1779  phdr.p_paddr = 0;
1780  phdr.p_filesz = maydump(vma, cprm->mm_flags) ? sz : 0;
1781  phdr.p_memsz = sz;
1782  offset += phdr.p_filesz;
1783  phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
1784  if (vma->vm_flags & VM_WRITE)
1785  phdr.p_flags |= PF_W;
1786  if (vma->vm_flags & VM_EXEC)
1787  phdr.p_flags |= PF_X;
1788  phdr.p_align = ELF_EXEC_PAGESIZE;
1789 
1790  size += sizeof(phdr);
1791  if (size > cprm->limit
1792  || !dump_write(cprm->file, &phdr, sizeof(phdr)))
1793  goto end_coredump;
1794  }
1795 
1796  if (!elf_core_write_extra_phdrs(cprm->file, offset, &size, cprm->limit))
1797  goto end_coredump;
1798 
1799  /* write out the notes section */
1800  for (i = 0; i < numnote; i++)
1801  if (!writenote(notes + i, cprm->file, &foffset))
1802  goto end_coredump;
1803 
1804  /* write out the thread status notes section */
1805  list_for_each(t, &thread_list) {
1806  struct elf_thread_status *tmp =
1807  list_entry(t, struct elf_thread_status, list);
1808 
1809  for (i = 0; i < tmp->num_notes; i++)
1810  if (!writenote(&tmp->notes[i], cprm->file, &foffset))
1811  goto end_coredump;
1812  }
1813 
1814  if (!dump_seek(cprm->file, dataoff - foffset))
1815  goto end_coredump;
1816 
1817  if (elf_fdpic_dump_segments(cprm->file, &size, &cprm->limit,
1818  cprm->mm_flags) < 0)
1819  goto end_coredump;
1820 
1821  if (!elf_core_write_extra_data(cprm->file, &size, cprm->limit))
1822  goto end_coredump;
1823 
1824  if (e_phnum == PN_XNUM) {
1825  size += sizeof(*shdr4extnum);
1826  if (size > cprm->limit
1827  || !dump_write(cprm->file, shdr4extnum,
1828  sizeof(*shdr4extnum)))
1829  goto end_coredump;
1830  }
1831 
1832  if (cprm->file->f_pos != offset) {
1833  /* Sanity check */
1834  printk(KERN_WARNING
1835  "elf_core_dump: file->f_pos (%lld) != offset (%lld)\n",
1836  cprm->file->f_pos, offset);
1837  }
1838 
1839 end_coredump:
1840  set_fs(fs);
1841 
1842 cleanup:
1843  while (!list_empty(&thread_list)) {
1844  struct list_head *tmp = thread_list.next;
1845  list_del(tmp);
1846  kfree(list_entry(tmp, struct elf_thread_status, list));
1847  }
1848  kfree(phdr4note);
1849  kfree(elf);
1850  kfree(prstatus);
1851  kfree(psinfo);
1852  kfree(notes);
1853  kfree(fpu);
1854  kfree(shdr4extnum);
1855 #ifdef ELF_CORE_COPY_XFPREGS
1856  kfree(xfpu);
1857 #endif
1858  return has_dumped;
1859 #undef NUM_NOTES
1860 }
1861 
1862 #endif /* CONFIG_ELF_CORE */
Generated on Thu Jan 10 2013 14:45:10 for Linux Kernel by   doxygen 1.8.2