projects / GitHub / LineageOS / android_kernel_samsung_universal7580.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
battery: sec_battery: export {CURRENT/VOLTAGE}_MAX to sysfs
[GitHub/LineageOS/android_kernel_samsung_universal7580.git] / fs / binfmt_elf.c
CommitLineData
1da177e4
LT		 1/*
2 * linux/fs/binfmt_elf.c
3 *
4 * These are the functions used to load ELF format executables as used
5 * on SVr4 machines. Information on the format may be found in the book
6 * "UNIX SYSTEM V RELEASE 4 Programmers Guide: Ansi C and Programming Support
7 * Tools".
8 *
9 * Copyright 1993, 1994: Eric Youngdale (ericy@cais.com).
10 */
11
12#include <linux/module.h>
13#include <linux/kernel.h>
14#include <linux/fs.h>
1da177e4
LT		 15#include <linux/mm.h>
16#include <linux/mman.h>
1da177e4
LT		 17#include <linux/errno.h>
18#include <linux/signal.h>
19#include <linux/binfmts.h>
20#include <linux/string.h>
21#include <linux/file.h>
1da177e4 22#include <linux/slab.h>
1da177e4
LT		 23#include <linux/personality.h>
24#include <linux/elfcore.h>
25#include <linux/init.h>
26#include <linux/highuid.h>
1da177e4
LT		 27#include <linux/compiler.h>
28#include <linux/highmem.h>
29#include <linux/pagemap.h>
2aa362c4 30#include <linux/vmalloc.h>
1da177e4 31#include <linux/security.h>
1da177e4 32#include <linux/random.h>
f4e5cc2c 33#include <linux/elf.h>
7e80d0d0 34#include <linux/utsname.h>
088e7af7 35#include <linux/coredump.h>
6fac4829 36#include <linux/sched.h>
1da177e4
LT		 37#include <asm/uaccess.h>
38#include <asm/param.h>
39#include <asm/page.h>
40
2aa362c4
DV		 41#ifndef user_long_t
42#define user_long_t long
43#endif
49ae4d4b
DV		 44#ifndef user_siginfo_t
45#define user_siginfo_t siginfo_t
46#endif
47
71613c3b 48static int load_elf_binary(struct linux_binprm *bprm);
f4e5cc2c 49static int load_elf_library(struct file *);
bb1ad820
AM		 50static unsigned long elf_map(struct file *, unsigned long, struct elf_phdr *,
51 int, int, unsigned long);
1da177e4 52
1da177e4
LT		 53/*
54 * If we don't support core dumping, then supply a NULL so we
55 * don't even try.
56 */
698ba7b5 57#ifdef CONFIG_ELF_CORE
f6151dfe 58static int elf_core_dump(struct coredump_params *cprm);
1da177e4
LT		 59#else
60#define elf_core_dump NULL
61#endif
62
63#if ELF_EXEC_PAGESIZE > PAGE_SIZE
f4e5cc2c 64#define ELF_MIN_ALIGN ELF_EXEC_PAGESIZE
1da177e4 65#else
f4e5cc2c 66#define ELF_MIN_ALIGN PAGE_SIZE
1da177e4
LT		 67#endif
68
69#ifndef ELF_CORE_EFLAGS
70#define ELF_CORE_EFLAGS 0
71#endif
72
73#define ELF_PAGESTART(_v) ((_v) & ~(unsigned long)(ELF_MIN_ALIGN-1))
74#define ELF_PAGEOFFSET(_v) ((_v) & (ELF_MIN_ALIGN-1))
75#define ELF_PAGEALIGN(_v) (((_v) + ELF_MIN_ALIGN - 1) & ~(ELF_MIN_ALIGN - 1))
76
77static struct linux_binfmt elf_format = {
f670d0ec
MP		 78 .module = THIS_MODULE,
79 .load_binary = load_elf_binary,
80 .load_shlib = load_elf_library,
81 .core_dump = elf_core_dump,
82 .min_coredump = ELF_EXEC_PAGESIZE,
1da177e4
LT		 83};
84
d4e3cc38 85#define BAD_ADDR(x) ((unsigned long)(x) >= TASK_SIZE)
1da177e4
LT		 86
87static int set_brk(unsigned long start, unsigned long end)
88{
89 start = ELF_PAGEALIGN(start);
90 end = ELF_PAGEALIGN(end);
91 if (end > start) {
92 unsigned long addr;
e4eb1ff6 93 addr = vm_brk(start, end - start);
1da177e4
LT		 94 if (BAD_ADDR(addr))
95 return addr;
96 }
97 current->mm->start_brk = current->mm->brk = end;
98 return 0;
99}
100
1da177e4
LT		 101/* We need to explicitly zero any fractional pages
102 after the data section (i.e. bss). This would
103 contain the junk from the file that should not
f4e5cc2c
JJ		 104 be in memory
105 */
1da177e4
LT		 106static int padzero(unsigned long elf_bss)
107{
108 unsigned long nbyte;
109
110 nbyte = ELF_PAGEOFFSET(elf_bss);
111 if (nbyte) {
112 nbyte = ELF_MIN_ALIGN - nbyte;
113 if (clear_user((void __user *) elf_bss, nbyte))
114 return -EFAULT;
115 }
116 return 0;
117}
118
09c6dd3c 119/* Let's use some macros to make this stack manipulation a little clearer */
1da177e4
LT		 120#ifdef CONFIG_STACK_GROWSUP
121#define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) + (items))
122#define STACK_ROUND(sp, items) \
123 ((15 + (unsigned long) ((sp) + (items))) &~ 15UL)
f4e5cc2c
JJ		 124#define STACK_ALLOC(sp, len) ({ \
125 elf_addr_t __user *old_sp = (elf_addr_t __user *)sp; sp += len; \
126 old_sp; })
1da177e4
LT		 127#else
128#define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) - (items))
129#define STACK_ROUND(sp, items) \
130 (((unsigned long) (sp - items)) &~ 15UL)
131#define STACK_ALLOC(sp, len) ({ sp -= len ; sp; })
132#endif
133
483fad1c
NL		 134#ifndef ELF_BASE_PLATFORM
135/*
136 * AT_BASE_PLATFORM indicates the "real" hardware/microarchitecture.
137 * If the arch defines ELF_BASE_PLATFORM (in asm/elf.h), the value
138 * will be copied to the user stack in the same manner as AT_PLATFORM.
139 */
140#define ELF_BASE_PLATFORM NULL
141#endif
142
1da177e4 143static int
f4e5cc2c 144create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
d20894a2 145 unsigned long load_addr, unsigned long interp_load_addr)
1da177e4
LT		 146{
147 unsigned long p = bprm->p;
148 int argc = bprm->argc;
149 int envc = bprm->envc;
150 elf_addr_t __user *argv;
151 elf_addr_t __user *envp;
152 elf_addr_t __user *sp;
153 elf_addr_t __user *u_platform;
483fad1c 154 elf_addr_t __user *u_base_platform;
f06295b4 155 elf_addr_t __user *u_rand_bytes;
1da177e4 156 const char *k_platform = ELF_PLATFORM;
483fad1c 157 const char *k_base_platform = ELF_BASE_PLATFORM;
f06295b4 158 unsigned char k_rand_bytes[16];
1da177e4
LT		 159 int items;
160 elf_addr_t *elf_info;
161 int ei_index = 0;
86a264ab 162 const struct cred *cred = current_cred();
b6a2fea3 163 struct vm_area_struct *vma;
1da177e4 164
d68c9d6a
FBH		 165 /*
166 * In some cases (e.g. Hyper-Threading), we want to avoid L1
167 * evictions by the processes running on the same package. One
168 * thing we can do is to shuffle the initial stack for them.
169 */
170
171 p = arch_align_stack(p);
172
1da177e4
LT		 173 /*
174 * If this architecture has a platform capability string, copy it
175 * to userspace. In some cases (Sparc), this info is impossible
176 * for userspace to get any other way, in others (i386) it is
177 * merely difficult.
178 */
1da177e4
LT		 179 u_platform = NULL;
180 if (k_platform) {
181 size_t len = strlen(k_platform) + 1;
182
1da177e4
LT		 183 u_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
184 if (__copy_to_user(u_platform, k_platform, len))
185 return -EFAULT;
186 }
187
483fad1c
NL		 188 /*
189 * If this architecture has a "base" platform capability
190 * string, copy it to userspace.
191 */
192 u_base_platform = NULL;
193 if (k_base_platform) {
194 size_t len = strlen(k_base_platform) + 1;
195
196 u_base_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
197 if (__copy_to_user(u_base_platform, k_base_platform, len))
198 return -EFAULT;
199 }
200
f06295b4
KC		 201 /*
202 * Generate 16 random bytes for userspace PRNG seeding.
203 */
204 get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes));
205 u_rand_bytes = (elf_addr_t __user *)
206 STACK_ALLOC(p, sizeof(k_rand_bytes));
207 if (__copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes)))
208 return -EFAULT;
209
1da177e4 210 /* Create the ELF interpreter info */
785d5570 211 elf_info = (elf_addr_t *)current->mm->saved_auxv;
4f9a58d7 212 /* update AT_VECTOR_SIZE_BASE if the number of NEW_AUX_ENT() changes */
1da177e4 213#define NEW_AUX_ENT(id, val) \
f4e5cc2c 214 do { \
785d5570
JJ		 215 elf_info[ei_index++] = id; \
216 elf_info[ei_index++] = val; \
f4e5cc2c 217 } while (0)
1da177e4
LT		 218
219#ifdef ARCH_DLINFO
220 /*
221 * ARCH_DLINFO must come first so PPC can do its special alignment of
222 * AUXV.
4f9a58d7
OH		 223 * update AT_VECTOR_SIZE_ARCH if the number of NEW_AUX_ENT() in
224 * ARCH_DLINFO changes
1da177e4
LT		 225 */
226 ARCH_DLINFO;
227#endif
228 NEW_AUX_ENT(AT_HWCAP, ELF_HWCAP);
229 NEW_AUX_ENT(AT_PAGESZ, ELF_EXEC_PAGESIZE);
230 NEW_AUX_ENT(AT_CLKTCK, CLOCKS_PER_SEC);
231 NEW_AUX_ENT(AT_PHDR, load_addr + exec->e_phoff);
f4e5cc2c 232 NEW_AUX_ENT(AT_PHENT, sizeof(struct elf_phdr));
1da177e4
LT		 233 NEW_AUX_ENT(AT_PHNUM, exec->e_phnum);
234 NEW_AUX_ENT(AT_BASE, interp_load_addr);
235 NEW_AUX_ENT(AT_FLAGS, 0);
236 NEW_AUX_ENT(AT_ENTRY, exec->e_entry);
ebc887b2
EB		 237 NEW_AUX_ENT(AT_UID, from_kuid_munged(cred->user_ns, cred->uid));
238 NEW_AUX_ENT(AT_EUID, from_kuid_munged(cred->user_ns, cred->euid));
239 NEW_AUX_ENT(AT_GID, from_kgid_munged(cred->user_ns, cred->gid));
240 NEW_AUX_ENT(AT_EGID, from_kgid_munged(cred->user_ns, cred->egid));
785d5570 241 NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm));
f06295b4 242 NEW_AUX_ENT(AT_RANDOM, (elf_addr_t)(unsigned long)u_rand_bytes);
2171364d
MN		 243#ifdef ELF_HWCAP2
244 NEW_AUX_ENT(AT_HWCAP2, ELF_HWCAP2);
245#endif
65191087 246 NEW_AUX_ENT(AT_EXECFN, bprm->exec);
1da177e4 247 if (k_platform) {
f4e5cc2c 248 NEW_AUX_ENT(AT_PLATFORM,
785d5570 249 (elf_addr_t)(unsigned long)u_platform);
1da177e4 250 }
483fad1c
NL		 251 if (k_base_platform) {
252 NEW_AUX_ENT(AT_BASE_PLATFORM,
253 (elf_addr_t)(unsigned long)u_base_platform);
254 }
1da177e4 255 if (bprm->interp_flags & BINPRM_FLAGS_EXECFD) {
785d5570 256 NEW_AUX_ENT(AT_EXECFD, bprm->interp_data);
1da177e4
LT		 257 }
258#undef NEW_AUX_ENT
259 /* AT_NULL is zero; clear the rest too */
260 memset(&elf_info[ei_index], 0,
261 sizeof current->mm->saved_auxv - ei_index * sizeof elf_info[0]);
262
263 /* And advance past the AT_NULL entry. */
264 ei_index += 2;
265
266 sp = STACK_ADD(p, ei_index);
267
d20894a2 268 items = (argc + 1) + (envc + 1) + 1;
1da177e4
LT		 269 bprm->p = STACK_ROUND(sp, items);
270
271 /* Point sp at the lowest address on the stack */
272#ifdef CONFIG_STACK_GROWSUP
273 sp = (elf_addr_t __user *)bprm->p - items - ei_index;
f4e5cc2c 274 bprm->exec = (unsigned long)sp; /* XXX: PARISC HACK */
1da177e4
LT		 275#else
276 sp = (elf_addr_t __user *)bprm->p;
277#endif
278
b6a2fea3
OW		 279
280 /*
281 * Grow the stack manually; some architectures have a limit on how
282 * far ahead a user-space access may be in order to grow the stack.
283 */
284 vma = find_extend_vma(current->mm, bprm->p);
285 if (!vma)
286 return -EFAULT;
287
1da177e4
LT		 288 /* Now, let's put argc (and argv, envp if appropriate) on the stack */
289 if (__put_user(argc, sp++))
290 return -EFAULT;
d20894a2
AK		 291 argv = sp;
292 envp = argv + argc + 1;
1da177e4
LT		 293
294 /* Populate argv and envp */
a84a5059 295 p = current->mm->arg_end = current->mm->arg_start;
1da177e4
LT		 296 while (argc-- > 0) {
297 size_t len;
841d5fb7
HC		 298 if (__put_user((elf_addr_t)p, argv++))
299 return -EFAULT;
b6a2fea3
OW		 300 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
301 if (!len || len > MAX_ARG_STRLEN)
23c4971e 302 return -EINVAL;
1da177e4
LT		 303 p += len;
304 }
305 if (__put_user(0, argv))
306 return -EFAULT;
307 current->mm->arg_end = current->mm->env_start = p;
308 while (envc-- > 0) {
309 size_t len;
841d5fb7
HC		 310 if (__put_user((elf_addr_t)p, envp++))
311 return -EFAULT;
b6a2fea3
OW		 312 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
313 if (!len || len > MAX_ARG_STRLEN)
23c4971e 314 return -EINVAL;
1da177e4
LT		 315 p += len;
316 }
317 if (__put_user(0, envp))
318 return -EFAULT;
319 current->mm->env_end = p;
320
321 /* Put the elf_info on the stack in the right place. */
322 sp = (elf_addr_t __user *)envp + 1;
323 if (copy_to_user(sp, elf_info, ei_index * sizeof(elf_addr_t)))
324 return -EFAULT;
325 return 0;
326}
327
c07380be
JH		 328#ifndef elf_map
329
1da177e4 330static unsigned long elf_map(struct file *filep, unsigned long addr,
cc503c1b
JK		 331 struct elf_phdr *eppnt, int prot, int type,
332 unsigned long total_size)
1da177e4
LT		 333{
334 unsigned long map_addr;
cc503c1b
JK		 335 unsigned long size = eppnt->p_filesz + ELF_PAGEOFFSET(eppnt->p_vaddr);
336 unsigned long off = eppnt->p_offset - ELF_PAGEOFFSET(eppnt->p_vaddr);
337 addr = ELF_PAGESTART(addr);
338 size = ELF_PAGEALIGN(size);
1da177e4 339
dda6ebde
DG		 340 /* mmap() will return -EINVAL if given a zero size, but a
341 * segment with zero filesize is perfectly valid */
cc503c1b
JK		 342 if (!size)
343 return addr;
344
cc503c1b
JK		 345 /*
346 * total_size is the size of the ELF (interpreter) image.
347 * The _first_ mmap needs to know the full size, otherwise
348 * randomization might put this image into an overlapping
349 * position with the ELF binary image. (since size < total_size)
350 * So we first map the 'big' image - and unmap the remainder at
351 * the end. (which unmap is needed for ELF images with holes.)
352 */
353 if (total_size) {
354 total_size = ELF_PAGEALIGN(total_size);
5a5e4c2e 355 map_addr = vm_mmap(filep, addr, total_size, prot, type, off);
cc503c1b 356 if (!BAD_ADDR(map_addr))
5a5e4c2e 357 vm_munmap(map_addr+size, total_size-size);
cc503c1b 358 } else
5a5e4c2e 359 map_addr = vm_mmap(filep, addr, size, prot, type, off);
cc503c1b 360
1da177e4
LT		 361 return(map_addr);
362}
363
c07380be
JH		 364#endif /* !elf_map */
365
cc503c1b
JK		 366static unsigned long total_mapping_size(struct elf_phdr *cmds, int nr)
367{
368 int i, first_idx = -1, last_idx = -1;
369
370 for (i = 0; i < nr; i++) {
371 if (cmds[i].p_type == PT_LOAD) {
372 last_idx = i;
373 if (first_idx == -1)
374 first_idx = i;
375 }
376 }
377 if (first_idx == -1)
378 return 0;
379
380 return cmds[last_idx].p_vaddr + cmds[last_idx].p_memsz -
381 ELF_PAGESTART(cmds[first_idx].p_vaddr);
382}
383
384
1da177e4
LT		 385/* This is much more generalized than the library routine read function,
386 so we keep this separate. Technically the library read function
387 is only provided so that we can read a.out libraries that have
388 an ELF header */
389
f4e5cc2c 390static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
cc503c1b
JK		 391 struct file *interpreter, unsigned long *interp_map_addr,
392 unsigned long no_base)
1da177e4
LT		 393{
394 struct elf_phdr *elf_phdata;
395 struct elf_phdr *eppnt;
396 unsigned long load_addr = 0;
397 int load_addr_set = 0;
398 unsigned long last_bss = 0, elf_bss = 0;
399 unsigned long error = ~0UL;
cc503c1b 400 unsigned long total_size;
1da177e4
LT		 401 int retval, i, size;
402
403 /* First of all, some simple consistency checks */
404 if (interp_elf_ex->e_type != ET_EXEC &&
405 interp_elf_ex->e_type != ET_DYN)
406 goto out;
407 if (!elf_check_arch(interp_elf_ex))
408 goto out;
409 if (!interpreter->f_op || !interpreter->f_op->mmap)
410 goto out;
411
412 /*
413 * If the size of this structure has changed, then punt, since
414 * we will be doing the wrong thing.
415 */
416 if (interp_elf_ex->e_phentsize != sizeof(struct elf_phdr))
417 goto out;
418 if (interp_elf_ex->e_phnum < 1 ||
419 interp_elf_ex->e_phnum > 65536U / sizeof(struct elf_phdr))
420 goto out;
421
422 /* Now read in all of the header information */
1da177e4
LT		 423 size = sizeof(struct elf_phdr) * interp_elf_ex->e_phnum;
424 if (size > ELF_MIN_ALIGN)
425 goto out;
f4e5cc2c 426 elf_phdata = kmalloc(size, GFP_KERNEL);
1da177e4
LT		 427 if (!elf_phdata)
428 goto out;
429
f4e5cc2c 430 retval = kernel_read(interpreter, interp_elf_ex->e_phoff,
f670d0ec 431 (char *)elf_phdata, size);
1da177e4
LT		 432 error = -EIO;
433 if (retval != size) {
434 if (retval < 0)
435 error = retval;
436 goto out_close;
437 }
438
cc503c1b
JK		 439 total_size = total_mapping_size(elf_phdata, interp_elf_ex->e_phnum);
440 if (!total_size) {
441 error = -EINVAL;
442 goto out_close;
443 }
444
1da177e4 445 eppnt = elf_phdata;
f4e5cc2c
JJ		 446 for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) {
447 if (eppnt->p_type == PT_LOAD) {
448 int elf_type = MAP_PRIVATE | MAP_DENYWRITE;
449 int elf_prot = 0;
450 unsigned long vaddr = 0;
451 unsigned long k, map_addr;
452
453 if (eppnt->p_flags & PF_R)
454 elf_prot = PROT_READ;
455 if (eppnt->p_flags & PF_W)
456 elf_prot |= PROT_WRITE;
457 if (eppnt->p_flags & PF_X)
458 elf_prot |= PROT_EXEC;
459 vaddr = eppnt->p_vaddr;
460 if (interp_elf_ex->e_type == ET_EXEC || load_addr_set)
461 elf_type |= MAP_FIXED;
cc503c1b
JK		 462 else if (no_base && interp_elf_ex->e_type == ET_DYN)
463 load_addr = -vaddr;
f4e5cc2c
JJ		 464
465 map_addr = elf_map(interpreter, load_addr + vaddr,
bb1ad820 466 eppnt, elf_prot, elf_type, total_size);
cc503c1b
JK		 467 total_size = 0;
468 if (!*interp_map_addr)
469 *interp_map_addr = map_addr;
f4e5cc2c
JJ		 470 error = map_addr;
471 if (BAD_ADDR(map_addr))
472 goto out_close;
473
474 if (!load_addr_set &&
475 interp_elf_ex->e_type == ET_DYN) {
476 load_addr = map_addr - ELF_PAGESTART(vaddr);
477 load_addr_set = 1;
478 }
479
480 /*
481 * Check to see if the section's size will overflow the
482 * allowed task size. Note that p_filesz must always be
483 * <= p_memsize so it's only necessary to check p_memsz.
484 */
485 k = load_addr + eppnt->p_vaddr;
ce51059b 486 if (BAD_ADDR(k) ||
f4e5cc2c
JJ		 487 eppnt->p_filesz > eppnt->p_memsz ||
488 eppnt->p_memsz > TASK_SIZE ||
489 TASK_SIZE - eppnt->p_memsz < k) {
490 error = -ENOMEM;
491 goto out_close;
492 }
493
494 /*
495 * Find the end of the file mapping for this phdr, and
496 * keep track of the largest address we see for this.
497 */
498 k = load_addr + eppnt->p_vaddr + eppnt->p_filesz;
499 if (k > elf_bss)
500 elf_bss = k;
501
502 /*
503 * Do the same thing for the memory mapping - between
504 * elf_bss and last_bss is the bss section.
505 */
506 k = load_addr + eppnt->p_memsz + eppnt->p_vaddr;
507 if (k > last_bss)
508 last_bss = k;
509 }
1da177e4
LT		 510 }
511
752015d1
RM		 512 if (last_bss > elf_bss) {
513 /*
514 * Now fill out the bss section. First pad the last page up
515 * to the page boundary, and then perform a mmap to make sure
516 * that there are zero-mapped pages up to and including the
517 * last bss page.
518 */
519 if (padzero(elf_bss)) {
520 error = -EFAULT;
521 goto out_close;
522 }
1da177e4 523
752015d1
RM		 524 /* What we have mapped so far */
525 elf_bss = ELF_PAGESTART(elf_bss + ELF_MIN_ALIGN - 1);
1da177e4 526
752015d1 527 /* Map the last of the bss segment */
e4eb1ff6 528 error = vm_brk(elf_bss, last_bss - elf_bss);
1da177e4
LT		 529 if (BAD_ADDR(error))
530 goto out_close;
531 }
532
cc503c1b 533 error = load_addr;
1da177e4
LT		 534
535out_close:
536 kfree(elf_phdata);
537out:
538 return error;
539}
540
1da177e4
LT		 541/*
542 * These are the functions used to load ELF style executables and shared
543 * libraries. There is no binary dependent code anywhere else.
544 */
545
546#define INTERPRETER_NONE 0
1da177e4
LT		 547#define INTERPRETER_ELF 2
548
913bd906 549#ifndef STACK_RND_MASK
d1cabd63 550#define STACK_RND_MASK (0x7ff >> (PAGE_SHIFT - 12)) /* 8MB of VA */
913bd906 551#endif
1da177e4
LT		 552
553static unsigned long randomize_stack_top(unsigned long stack_top)
554{
dd8abd0c 555 unsigned long random_variable = 0;
1da177e4 556
c16b63e0
AK		 557 if ((current->flags & PF_RANDOMIZE) &&
558 !(current->personality & ADDR_NO_RANDOMIZE)) {
dd8abd0c
HMG		 559 random_variable = (unsigned long) get_random_int();
560 random_variable &= STACK_RND_MASK;
913bd906
AK		 561 random_variable <<= PAGE_SHIFT;
562 }
1da177e4 563#ifdef CONFIG_STACK_GROWSUP
913bd906 564 return PAGE_ALIGN(stack_top) + random_variable;
1da177e4 565#else
913bd906 566 return PAGE_ALIGN(stack_top) - random_variable;
1da177e4
LT		 567#endif
568}
569
71613c3b 570static int load_elf_binary(struct linux_binprm *bprm)
1da177e4
LT		 571{
572 struct file *interpreter = NULL; /* to shut gcc up */
573 unsigned long load_addr = 0, load_bias = 0;
574 int load_addr_set = 0;
575 char * elf_interpreter = NULL;
1da177e4 576 unsigned long error;
f4e5cc2c 577 struct elf_phdr *elf_ppnt, *elf_phdata;
1da177e4 578 unsigned long elf_bss, elf_brk;
1da177e4
LT		 579 int retval, i;
580 unsigned int size;
cc503c1b
JK		 581 unsigned long elf_entry;
582 unsigned long interp_load_addr = 0;
1da177e4 583 unsigned long start_code, end_code, start_data, end_data;
1a530a6f 584 unsigned long reloc_func_desc __maybe_unused = 0;
8de61e69 585 int executable_stack = EXSTACK_DEFAULT;
71613c3b 586 struct pt_regs *regs = current_pt_regs();
1da177e4
LT		 587 struct {
588 struct elfhdr elf_ex;
589 struct elfhdr interp_elf_ex;
1da177e4
LT		 590 } *loc;
591
592 loc = kmalloc(sizeof(*loc), GFP_KERNEL);
593 if (!loc) {
594 retval = -ENOMEM;
595 goto out_ret;
596 }
597
598 /* Get the exec-header */
f4e5cc2c 599 loc->elf_ex = *((struct elfhdr *)bprm->buf);
1da177e4
LT		 600
601 retval = -ENOEXEC;
602 /* First of all, some simple consistency checks */
603 if (memcmp(loc->elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
604 goto out;
605
606 if (loc->elf_ex.e_type != ET_EXEC && loc->elf_ex.e_type != ET_DYN)
607 goto out;
608 if (!elf_check_arch(&loc->elf_ex))
609 goto out;
f670d0ec 610 if (!bprm->file->f_op || !bprm->file->f_op->mmap)
1da177e4
LT		 611 goto out;
612
613 /* Now read in all of the header information */
1da177e4
LT		 614 if (loc->elf_ex.e_phentsize != sizeof(struct elf_phdr))
615 goto out;
616 if (loc->elf_ex.e_phnum < 1 ||
617 loc->elf_ex.e_phnum > 65536U / sizeof(struct elf_phdr))
618 goto out;
619 size = loc->elf_ex.e_phnum * sizeof(struct elf_phdr);
620 retval = -ENOMEM;
f4e5cc2c 621 elf_phdata = kmalloc(size, GFP_KERNEL);
1da177e4
LT		 622 if (!elf_phdata)
623 goto out;
624
f4e5cc2c
JJ		 625 retval = kernel_read(bprm->file, loc->elf_ex.e_phoff,
626 (char *)elf_phdata, size);
1da177e4
LT		 627 if (retval != size) {
628 if (retval >= 0)
629 retval = -EIO;
630 goto out_free_ph;
631 }
632
1da177e4
LT		 633 elf_ppnt = elf_phdata;
634 elf_bss = 0;
635 elf_brk = 0;
636
637 start_code = ~0UL;
638 end_code = 0;
639 start_data = 0;
640 end_data = 0;
641
642 for (i = 0; i < loc->elf_ex.e_phnum; i++) {
643 if (elf_ppnt->p_type == PT_INTERP) {
644 /* This is the program interpreter used for
645 * shared libraries - for now assume that this
646 * is an a.out format binary
647 */
1da177e4
LT		 648 retval = -ENOEXEC;
649 if (elf_ppnt->p_filesz > PATH_MAX ||
650 elf_ppnt->p_filesz < 2)
e7b9b550 651 goto out_free_ph;
1da177e4
LT		 652
653 retval = -ENOMEM;
792db3af 654 elf_interpreter = kmalloc(elf_ppnt->p_filesz,
f4e5cc2c 655 GFP_KERNEL);
1da177e4 656 if (!elf_interpreter)
e7b9b550 657 goto out_free_ph;
1da177e4
LT		 658
659 retval = kernel_read(bprm->file, elf_ppnt->p_offset,
f4e5cc2c
JJ		 660 elf_interpreter,
661 elf_ppnt->p_filesz);
1da177e4
LT		 662 if (retval != elf_ppnt->p_filesz) {
663 if (retval >= 0)
664 retval = -EIO;
665 goto out_free_interp;
666 }
667 /* make sure path is NULL terminated */
668 retval = -ENOEXEC;
669 if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0')
670 goto out_free_interp;
671
1da177e4
LT		 672 interpreter = open_exec(elf_interpreter);
673 retval = PTR_ERR(interpreter);
674 if (IS_ERR(interpreter))
675 goto out_free_interp;
1fb84496
AD		 676
677 /*
678 * If the binary is not readable then enforce
679 * mm->dumpable = 0 regardless of the interpreter's
680 * permissions.
681 */
1b5d783c 682 would_dump(bprm, interpreter);
1fb84496 683
12252dbe
MR		 684 /* Get the exec headers */
685 retval = kernel_read(interpreter, 0,
686 (void *)&loc->interp_elf_ex,
687 sizeof(loc->interp_elf_ex));
688 if (retval != sizeof(loc->interp_elf_ex)) {
1da177e4
LT		 689 if (retval >= 0)
690 retval = -EIO;
691 goto out_free_dentry;
692 }
693
1da177e4
LT		 694 break;
695 }
696 elf_ppnt++;
697 }
698
699 elf_ppnt = elf_phdata;
700 for (i = 0; i < loc->elf_ex.e_phnum; i++, elf_ppnt++)
701 if (elf_ppnt->p_type == PT_GNU_STACK) {
702 if (elf_ppnt->p_flags & PF_X)
703 executable_stack = EXSTACK_ENABLE_X;
704 else
705 executable_stack = EXSTACK_DISABLE_X;
706 break;
707 }
1da177e4
LT		 708
709 /* Some simple consistency checks for the interpreter */
710 if (elf_interpreter) {
1da177e4 711 retval = -ELIBBAD;
d20894a2
AK		 712 /* Not an ELF interpreter */
713 if (memcmp(loc->interp_elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
1da177e4 714 goto out_free_dentry;
1da177e4 715 /* Verify the interpreter has a valid arch */
d20894a2 716 if (!elf_check_arch(&loc->interp_elf_ex))
1da177e4 717 goto out_free_dentry;
1da177e4
LT		 718 }
719
1da177e4
LT		 720 /* Flush all traces of the currently running executable */
721 retval = flush_old_exec(bprm);
722 if (retval)
723 goto out_free_dentry;
724
1da177e4
LT		 725 /* Do this immediately, since STACK_TOP as used in setup_arg_pages
726 may depend on the personality. */
0b592682 727 SET_PERSONALITY(loc->elf_ex);
1da177e4
LT		 728 if (elf_read_implies_exec(loc->elf_ex, executable_stack))
729 current->personality |= READ_IMPLIES_EXEC;
730
f4e5cc2c 731 if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
1da177e4 732 current->flags |= PF_RANDOMIZE;
221af7f8
LT		 733
734 setup_new_exec(bprm);
1da177e4
LT		 735
736 /* Do this so that we can load the interpreter, if need be. We will
737 change some of these later */
1da177e4 738 current->mm->free_area_cache = current->mm->mmap_base;
1363c3cd 739 current->mm->cached_hole_size = 0;
1da177e4
LT		 740 retval = setup_arg_pages(bprm, randomize_stack_top(STACK_TOP),
741 executable_stack);
742 if (retval < 0) {
743 send_sig(SIGKILL, current, 0);
744 goto out_free_dentry;
745 }
746
1da177e4
LT		 747 current->mm->start_stack = bprm->p;
748
af901ca1 749 /* Now we do a little grungy work by mmapping the ELF image into
cc503c1b 750 the correct location in memory. */
f4e5cc2c
JJ		 751 for(i = 0, elf_ppnt = elf_phdata;
752 i < loc->elf_ex.e_phnum; i++, elf_ppnt++) {
1da177e4
LT		 753 int elf_prot = 0, elf_flags;
754 unsigned long k, vaddr;
b2656c64 755 unsigned long total_size = 0;
1da177e4
LT		 756
757 if (elf_ppnt->p_type != PT_LOAD)
758 continue;
759
760 if (unlikely (elf_brk > elf_bss)) {
761 unsigned long nbyte;
762
763 /* There was a PT_LOAD segment with p_memsz > p_filesz
764 before this one. Map anonymous pages, if needed,
765 and clear the area. */
f670d0ec
MP		 766 retval = set_brk(elf_bss + load_bias,
767 elf_brk + load_bias);
1da177e4
LT		 768 if (retval) {
769 send_sig(SIGKILL, current, 0);
770 goto out_free_dentry;
771 }
772 nbyte = ELF_PAGEOFFSET(elf_bss);
773 if (nbyte) {
774 nbyte = ELF_MIN_ALIGN - nbyte;
775 if (nbyte > elf_brk - elf_bss)
776 nbyte = elf_brk - elf_bss;
777 if (clear_user((void __user *)elf_bss +
778 load_bias, nbyte)) {
779 /*
780 * This bss-zeroing can fail if the ELF
f4e5cc2c 781 * file specifies odd protections. So
1da177e4
LT		 782 * we don't check the return value
783 */
784 }
785 }
786 }
787
f4e5cc2c
JJ		 788 if (elf_ppnt->p_flags & PF_R)
789 elf_prot |= PROT_READ;
790 if (elf_ppnt->p_flags & PF_W)
791 elf_prot |= PROT_WRITE;
792 if (elf_ppnt->p_flags & PF_X)
793 elf_prot |= PROT_EXEC;
1da177e4 794
f4e5cc2c 795 elf_flags = MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE;
1da177e4
LT		 796
797 vaddr = elf_ppnt->p_vaddr;
798 if (loc->elf_ex.e_type == ET_EXEC || load_addr_set) {
799 elf_flags |= MAP_FIXED;
800 } else if (loc->elf_ex.e_type == ET_DYN) {
f4e5cc2c
JJ		 801 /* Try and get dynamic programs out of the way of the
802 * default mmap base, as well as whatever program they
803 * might try to exec. This is because the brk will
804 * follow the loader, and is not movable. */
e39f5602 805#ifdef CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE
a3defbe5 806 /* Memory randomization might have been switched off
c1d025e2
JK		 807 * in runtime via sysctl or explicit setting of
808 * personality flags.
a3defbe5
JK		 809 * If that is the case, retain the original non-zero
810 * load_bias value in order to establish proper
811 * non-randomized mappings.
812 */
813 if (current->flags & PF_RANDOMIZE)
814 load_bias = 0;
815 else
816 load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
cc503c1b 817#else
90cb28e8 818 load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
cc503c1b 819#endif
b2656c64
MD		 820 total_size = total_mapping_size(elf_phdata,
821 loc->elf_ex.e_phnum);
822 if (!total_size) {
55b9a5f8 823 retval = -EINVAL;
b2656c64
MD		 824 goto out_free_dentry;
825 }
1da177e4
LT		 826 }
827
f4e5cc2c 828 error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
b2656c64 829 elf_prot, elf_flags, total_size);
1da177e4
LT		 830 if (BAD_ADDR(error)) {
831 send_sig(SIGKILL, current, 0);
b140f251
AK		 832 retval = IS_ERR((void *)error) ?
833 PTR_ERR((void*)error) : -EINVAL;
1da177e4
LT		 834 goto out_free_dentry;
835 }
836
837 if (!load_addr_set) {
838 load_addr_set = 1;
839 load_addr = (elf_ppnt->p_vaddr - elf_ppnt->p_offset);
840 if (loc->elf_ex.e_type == ET_DYN) {
841 load_bias += error -
842 ELF_PAGESTART(load_bias + vaddr);
843 load_addr += load_bias;
844 reloc_func_desc = load_bias;
845 }
846 }
847 k = elf_ppnt->p_vaddr;
f4e5cc2c
JJ		 848 if (k < start_code)
849 start_code = k;
850 if (start_data < k)
851 start_data = k;
1da177e4
LT		 852
853 /*
854 * Check to see if the section's size will overflow the
855 * allowed task size. Note that p_filesz must always be
856 * <= p_memsz so it is only necessary to check p_memsz.
857 */
ce51059b 858 if (BAD_ADDR(k) || elf_ppnt->p_filesz > elf_ppnt->p_memsz ||
1da177e4
LT		 859 elf_ppnt->p_memsz > TASK_SIZE ||
860 TASK_SIZE - elf_ppnt->p_memsz < k) {
f4e5cc2c 861 /* set_brk can never work. Avoid overflows. */
1da177e4 862 send_sig(SIGKILL, current, 0);
b140f251 863 retval = -EINVAL;
1da177e4
LT		 864 goto out_free_dentry;
865 }
866
867 k = elf_ppnt->p_vaddr + elf_ppnt->p_filesz;
868
869 if (k > elf_bss)
870 elf_bss = k;
871 if ((elf_ppnt->p_flags & PF_X) && end_code < k)
872 end_code = k;
873 if (end_data < k)
874 end_data = k;
875 k = elf_ppnt->p_vaddr + elf_ppnt->p_memsz;
876 if (k > elf_brk)
877 elf_brk = k;
878 }
879
880 loc->elf_ex.e_entry += load_bias;
881 elf_bss += load_bias;
882 elf_brk += load_bias;
883 start_code += load_bias;
884 end_code += load_bias;
885 start_data += load_bias;
886 end_data += load_bias;
887
888 /* Calling set_brk effectively mmaps the pages that we need
889 * for the bss and break sections. We must do this before
890 * mapping in the interpreter, to make sure it doesn't wind
891 * up getting placed where the bss needs to go.
892 */
893 retval = set_brk(elf_bss, elf_brk);
894 if (retval) {
895 send_sig(SIGKILL, current, 0);
896 goto out_free_dentry;
897 }
6de50517 898 if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
1da177e4
LT		 899 send_sig(SIGSEGV, current, 0);
900 retval = -EFAULT; /* Nobody gets to see this, but.. */
901 goto out_free_dentry;
902 }
903
904 if (elf_interpreter) {
6eec482f 905 unsigned long interp_map_addr = 0;
d20894a2
AK		 906
907 elf_entry = load_elf_interp(&loc->interp_elf_ex,
908 interpreter,
909 &interp_map_addr,
910 load_bias);
911 if (!IS_ERR((void *)elf_entry)) {
912 /*
913 * load_elf_interp() returns relocation
914 * adjustment
915 */
916 interp_load_addr = elf_entry;
917 elf_entry += loc->interp_elf_ex.e_entry;
cc503c1b 918 }
1da177e4 919 if (BAD_ADDR(elf_entry)) {
1da177e4 920 force_sig(SIGSEGV, current);
ce51059b
CE		 921 retval = IS_ERR((void *)elf_entry) ?
922 (int)elf_entry : -EINVAL;
1da177e4
LT		 923 goto out_free_dentry;
924 }
925 reloc_func_desc = interp_load_addr;
926
927 allow_write_access(interpreter);
928 fput(interpreter);
929 kfree(elf_interpreter);
930 } else {
931 elf_entry = loc->elf_ex.e_entry;
5342fba5 932 if (BAD_ADDR(elf_entry)) {
ce51059b
CE		 933 force_sig(SIGSEGV, current);
934 retval = -EINVAL;
5342fba5
SS		 935 goto out_free_dentry;
936 }
1da177e4
LT		 937 }
938
939 kfree(elf_phdata);
940
1da177e4
LT		 941 set_binfmt(&elf_format);
942
547ee84c 943#ifdef ARCH_HAS_SETUP_ADDITIONAL_PAGES
fc5243d9 944 retval = arch_setup_additional_pages(bprm, !!elf_interpreter);
547ee84c
BH		 945 if (retval < 0) {
946 send_sig(SIGKILL, current, 0);
18c8baff 947 goto out;
547ee84c
BH		 948 }
949#endif /* ARCH_HAS_SETUP_ADDITIONAL_PAGES */
950
a6f76f23 951 install_exec_creds(bprm);
b6a2fea3 952 retval = create_elf_tables(bprm, &loc->elf_ex,
f4e5cc2c 953 load_addr, interp_load_addr);
b6a2fea3
OW		 954 if (retval < 0) {
955 send_sig(SIGKILL, current, 0);
956 goto out;
957 }
1da177e4 958 /* N.B. passed_fileno might not be initialized? */
1da177e4
LT		 959 current->mm->end_code = end_code;
960 current->mm->start_code = start_code;
961 current->mm->start_data = start_data;
962 current->mm->end_data = end_data;
963 current->mm->start_stack = bprm->p;
964
c1d171a0 965#ifdef arch_randomize_brk
4471a675 966 if ((current->flags & PF_RANDOMIZE) && (randomize_va_space > 1)) {
c1d171a0
JK		 967 current->mm->brk = current->mm->start_brk =
968 arch_randomize_brk(current->mm);
4471a675
JK		 969#ifdef CONFIG_COMPAT_BRK
970 current->brk_randomized = 1;
971#endif
972 }
c1d171a0
JK		 973#endif
974
1da177e4
LT		 975 if (current->personality & MMAP_PAGE_ZERO) {
976 /* Why this, you ask??? Well SVr4 maps page 0 as read-only,
977 and some applications "depend" upon this behavior.
978 Since we do not have the power to recompile these, we
f4e5cc2c 979 emulate the SVr4 behavior. Sigh. */
6be5ceb0 980 error = vm_mmap(NULL, 0, PAGE_SIZE, PROT_READ | PROT_EXEC,
1da177e4 981 MAP_FIXED | MAP_PRIVATE, 0);
1da177e4
LT		 982 }
983
984#ifdef ELF_PLAT_INIT
985 /*
986 * The ABI may specify that certain registers be set up in special
987 * ways (on i386 %edx is the address of a DT_FINI function, for
988 * example. In addition, it may also specify (eg, PowerPC64 ELF)
989 * that the e_entry field is the address of the function descriptor
990 * for the startup routine, rather than the address of the startup
991 * routine itself. This macro performs whatever initialization to
992 * the regs structure is required as well as any relocations to the
993 * function descriptor entries when executing dynamically links apps.
994 */
995 ELF_PLAT_INIT(regs, reloc_func_desc);
996#endif
997
998 start_thread(regs, elf_entry, bprm->p);
1da177e4
LT		 999 retval = 0;
1000out:
1001 kfree(loc);
1002out_ret:
1003 return retval;
1004
1005 /* error cleanup */
1006out_free_dentry:
1007 allow_write_access(interpreter);
1008 if (interpreter)
1009 fput(interpreter);
1010out_free_interp:
f99d49ad 1011 kfree(elf_interpreter);
1da177e4
LT		 1012out_free_ph:
1013 kfree(elf_phdata);
1014 goto out;
1015}
1016
1017/* This is really simpleminded and specialized - we are loading an
1018 a.out library that is given an ELF header. */
1da177e4
LT		 1019static int load_elf_library(struct file *file)
1020{
1021 struct elf_phdr *elf_phdata;
1022 struct elf_phdr *eppnt;
1023 unsigned long elf_bss, bss, len;
1024 int retval, error, i, j;
1025 struct elfhdr elf_ex;
1026
1027 error = -ENOEXEC;
f4e5cc2c 1028 retval = kernel_read(file, 0, (char *)&elf_ex, sizeof(elf_ex));
1da177e4
LT		 1029 if (retval != sizeof(elf_ex))
1030 goto out;
1031
1032 if (memcmp(elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
1033 goto out;
1034
1035 /* First of all, some simple consistency checks */
1036 if (elf_ex.e_type != ET_EXEC || elf_ex.e_phnum > 2 ||
f4e5cc2c 1037 !elf_check_arch(&elf_ex) || !file->f_op || !file->f_op->mmap)
1da177e4
LT		 1038 goto out;
1039
1040 /* Now read in all of the header information */
1041
1042 j = sizeof(struct elf_phdr) * elf_ex.e_phnum;
1043 /* j < ELF_MIN_ALIGN because elf_ex.e_phnum <= 2 */
1044
1045 error = -ENOMEM;
1046 elf_phdata = kmalloc(j, GFP_KERNEL);
1047 if (!elf_phdata)
1048 goto out;
1049
1050 eppnt = elf_phdata;
1051 error = -ENOEXEC;
1052 retval = kernel_read(file, elf_ex.e_phoff, (char *)eppnt, j);
1053 if (retval != j)
1054 goto out_free_ph;
1055
1056 for (j = 0, i = 0; i<elf_ex.e_phnum; i++)
1057 if ((eppnt + i)->p_type == PT_LOAD)
1058 j++;
1059 if (j != 1)
1060 goto out_free_ph;
1061
1062 while (eppnt->p_type != PT_LOAD)
1063 eppnt++;
1064
1065 /* Now use mmap to map the library into memory. */
6be5ceb0 1066 error = vm_mmap(file,
1da177e4
LT		 1067 ELF_PAGESTART(eppnt->p_vaddr),
1068 (eppnt->p_filesz +
1069 ELF_PAGEOFFSET(eppnt->p_vaddr)),
1070 PROT_READ | PROT_WRITE | PROT_EXEC,
1071 MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE,
1072 (eppnt->p_offset -
1073 ELF_PAGEOFFSET(eppnt->p_vaddr)));
1da177e4
LT		 1074 if (error != ELF_PAGESTART(eppnt->p_vaddr))
1075 goto out_free_ph;
1076
1077 elf_bss = eppnt->p_vaddr + eppnt->p_filesz;
1078 if (padzero(elf_bss)) {
1079 error = -EFAULT;
1080 goto out_free_ph;
1081 }
1082
f4e5cc2c
JJ		 1083 len = ELF_PAGESTART(eppnt->p_filesz + eppnt->p_vaddr +
1084 ELF_MIN_ALIGN - 1);
1da177e4 1085 bss = eppnt->p_memsz + eppnt->p_vaddr;
e4eb1ff6
LT		 1086 if (bss > len)
1087 vm_brk(len, bss - len);
1da177e4
LT		 1088 error = 0;
1089
1090out_free_ph:
1091 kfree(elf_phdata);
1092out:
1093 return error;
1094}
1095
698ba7b5 1096#ifdef CONFIG_ELF_CORE
1da177e4
LT		 1097/*
1098 * ELF core dumper
1099 *
1100 * Modelled on fs/exec.c:aout_core_dump()
1101 * Jeremy Fitzhardinge <jeremy@sw.oz.au>
1102 */
1da177e4 1103
909af768
JB		 1104/*
1105 * The purpose of always_dump_vma() is to make sure that special kernel mappings
1106 * that are useful for post-mortem analysis are included in every core dump.
1107 * In that way we ensure that the core dump is fully interpretable later
1108 * without matching up the same kernel and hardware config to see what PC values
1109 * meant. These special mappings include - vDSO, vsyscall, and other
1110 * architecture specific mappings
1111 */
1112static bool always_dump_vma(struct vm_area_struct *vma)
1113{
1114 /* Any vsyscall mappings? */
1115 if (vma == get_gate_vma(vma->vm_mm))
1116 return true;
1117 /*
1118 * arch_vma_name() returns non-NULL for special architecture mappings,
1119 * such as vDSO sections.
1120 */
1121 if (arch_vma_name(vma))
1122 return true;
1123
1124 return false;
1125}
1126
1da177e4 1127/*
82df3973 1128 * Decide what to dump of a segment, part, all or none.
1da177e4 1129 */
82df3973
RM		 1130static unsigned long vma_dump_size(struct vm_area_struct *vma,
1131 unsigned long mm_flags)
1da177e4 1132{
e575f111
KM		 1133#define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type))
1134
909af768
JB		 1135 /* always dump the vdso and vsyscall sections */
1136 if (always_dump_vma(vma))
82df3973 1137 goto whole;
e5b97dde 1138
0103bd16 1139 if (vma->vm_flags & VM_DONTDUMP)
accb61fe
JB		 1140 return 0;
1141
e575f111
KM		 1142 /* Hugetlb memory check */
1143 if (vma->vm_flags & VM_HUGETLB) {
1144 if ((vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_SHARED))
1145 goto whole;
1146 if (!(vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_PRIVATE))
1147 goto whole;
23d9e482 1148 return 0;
e575f111
KM		 1149 }
1150
1da177e4 1151 /* Do not dump I/O mapped devices or special mappings */
314e51b9 1152 if (vma->vm_flags & VM_IO)
1da177e4
LT		 1153 return 0;
1154
a1b59e80
KH		 1155 /* By default, dump shared memory if mapped from an anonymous file. */
1156 if (vma->vm_flags & VM_SHARED) {
496ad9aa 1157 if (file_inode(vma->vm_file)->i_nlink == 0 ?
82df3973
RM		 1158 FILTER(ANON_SHARED) : FILTER(MAPPED_SHARED))
1159 goto whole;
1160 return 0;
a1b59e80 1161 }
1da177e4 1162
82df3973
RM		 1163 /* Dump segments that have been written to. */
1164 if (vma->anon_vma && FILTER(ANON_PRIVATE))
1165 goto whole;
1166 if (vma->vm_file == NULL)
1167 return 0;
1da177e4 1168
82df3973
RM		 1169 if (FILTER(MAPPED_PRIVATE))
1170 goto whole;
1171
1172 /*
1173 * If this looks like the beginning of a DSO or executable mapping,
1174 * check for an ELF header. If we find one, dump the first page to
1175 * aid in determining what was mapped here.
1176 */
92dc07b1
RM		 1177 if (FILTER(ELF_HEADERS) &&
1178 vma->vm_pgoff == 0 && (vma->vm_flags & VM_READ)) {
82df3973
RM		 1179 u32 __user *header = (u32 __user *) vma->vm_start;
1180 u32 word;
92dc07b1 1181 mm_segment_t fs = get_fs();
82df3973
RM		 1182 /*
1183 * Doing it this way gets the constant folded by GCC.
1184 */
1185 union {
1186 u32 cmp;
1187 char elfmag[SELFMAG];
1188 } magic;
1189 BUILD_BUG_ON(SELFMAG != sizeof word);
1190 magic.elfmag[EI_MAG0] = ELFMAG0;
1191 magic.elfmag[EI_MAG1] = ELFMAG1;
1192 magic.elfmag[EI_MAG2] = ELFMAG2;
1193 magic.elfmag[EI_MAG3] = ELFMAG3;
92dc07b1
RM		 1194 /*
1195 * Switch to the user "segment" for get_user(),
1196 * then put back what elf_core_dump() had in place.
1197 */
1198 set_fs(USER_DS);
1199 if (unlikely(get_user(word, header)))
1200 word = 0;
1201 set_fs(fs);
1202 if (word == magic.cmp)
82df3973
RM		 1203 return PAGE_SIZE;
1204 }
1205
1206#undef FILTER
1207
1208 return 0;
1209
1210whole:
1211 return vma->vm_end - vma->vm_start;
1da177e4
LT		 1212}
1213
1da177e4
LT		 1214/* An ELF note in memory */
1215struct memelfnote
1216{
1217 const char *name;
1218 int type;
1219 unsigned int datasz;
1220 void *data;
1221};
1222
1223static int notesize(struct memelfnote *en)
1224{
1225 int sz;
1226
1227 sz = sizeof(struct elf_note);
1228 sz += roundup(strlen(en->name) + 1, 4);
1229 sz += roundup(en->datasz, 4);
1230
1231 return sz;
1232}
1233
d025c9db
AK		 1234#define DUMP_WRITE(addr, nr, foffset) \
1235 do { if (!dump_write(file, (addr), (nr))) return 0; *foffset += (nr); } while(0)
1da177e4 1236
d025c9db 1237static int alignfile(struct file *file, loff_t *foffset)
1da177e4 1238{
a7a0d86f 1239 static const char buf[4] = { 0, };
d025c9db
AK		 1240 DUMP_WRITE(buf, roundup(*foffset, 4) - *foffset, foffset);
1241 return 1;
1242}
1da177e4 1243
d025c9db
AK		 1244static int writenote(struct memelfnote *men, struct file *file,
1245 loff_t *foffset)
1246{
1247 struct elf_note en;
1da177e4
LT		 1248 en.n_namesz = strlen(men->name) + 1;
1249 en.n_descsz = men->datasz;
1250 en.n_type = men->type;
1251
d025c9db
AK		 1252 DUMP_WRITE(&en, sizeof(en), foffset);
1253 DUMP_WRITE(men->name, en.n_namesz, foffset);
1254 if (!alignfile(file, foffset))
1255 return 0;
1256 DUMP_WRITE(men->data, men->datasz, foffset);
1257 if (!alignfile(file, foffset))
1258 return 0;
1da177e4
LT		 1259
1260 return 1;
1261}
1262#undef DUMP_WRITE
1da177e4 1263
3aba481f 1264static void fill_elf_header(struct elfhdr *elf, int segs,
d3330cf0 1265 u16 machine, u32 flags)
1da177e4 1266{
6970c8ef
CG		 1267 memset(elf, 0, sizeof(*elf));
1268
1da177e4
LT		 1269 memcpy(elf->e_ident, ELFMAG, SELFMAG);
1270 elf->e_ident[EI_CLASS] = ELF_CLASS;
1271 elf->e_ident[EI_DATA] = ELF_DATA;
1272 elf->e_ident[EI_VERSION] = EV_CURRENT;
1273 elf->e_ident[EI_OSABI] = ELF_OSABI;
1da177e4
LT		 1274
1275 elf->e_type = ET_CORE;
3aba481f 1276 elf->e_machine = machine;
1da177e4 1277 elf->e_version = EV_CURRENT;
1da177e4 1278 elf->e_phoff = sizeof(struct elfhdr);
3aba481f 1279 elf->e_flags = flags;
1da177e4
LT		 1280 elf->e_ehsize = sizeof(struct elfhdr);
1281 elf->e_phentsize = sizeof(struct elf_phdr);
1282 elf->e_phnum = segs;
6970c8ef 1283
1da177e4
LT		 1284 return;
1285}
1286
8d6b5eee 1287static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, loff_t offset)
1da177e4
LT		 1288{
1289 phdr->p_type = PT_NOTE;
1290 phdr->p_offset = offset;
1291 phdr->p_vaddr = 0;
1292 phdr->p_paddr = 0;
1293 phdr->p_filesz = sz;
1294 phdr->p_memsz = 0;
1295 phdr->p_flags = 0;
1296 phdr->p_align = 0;
1297 return;
1298}
1299
1300static void fill_note(struct memelfnote *note, const char *name, int type,
1301 unsigned int sz, void *data)
1302{
1303 note->name = name;
1304 note->type = type;
1305 note->datasz = sz;
1306 note->data = data;
1307 return;
1308}
1309
1310/*
f4e5cc2c
JJ		 1311 * fill up all the fields in prstatus from the given task struct, except
1312 * registers which need to be filled up separately.
1da177e4
LT		 1313 */
1314static void fill_prstatus(struct elf_prstatus *prstatus,
f4e5cc2c 1315 struct task_struct *p, long signr)
1da177e4
LT		 1316{
1317 prstatus->pr_info.si_signo = prstatus->pr_cursig = signr;
1318 prstatus->pr_sigpend = p->pending.signal.sig[0];
1319 prstatus->pr_sighold = p->blocked.sig[0];
3b34fc58
ON		 1320 rcu_read_lock();
1321 prstatus->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1322 rcu_read_unlock();
b488893a 1323 prstatus->pr_pid = task_pid_vnr(p);
b488893a
PE		 1324 prstatus->pr_pgrp = task_pgrp_vnr(p);
1325 prstatus->pr_sid = task_session_vnr(p);
1da177e4 1326 if (thread_group_leader(p)) {
f06febc9
FM		 1327 struct task_cputime cputime;
1328
1da177e4 1329 /*
f06febc9
FM		 1330 * This is the record for the group leader. It shows the
1331 * group-wide total, not its individual thread total.
1da177e4 1332 */
f06febc9
FM		 1333 thread_group_cputime(p, &cputime);
1334 cputime_to_timeval(cputime.utime, &prstatus->pr_utime);
1335 cputime_to_timeval(cputime.stime, &prstatus->pr_stime);
1da177e4 1336 } else {
6fac4829
FW		 1337 cputime_t utime, stime;
1338
1339 task_cputime(p, &utime, &stime);
1340 cputime_to_timeval(utime, &prstatus->pr_utime);
1341 cputime_to_timeval(stime, &prstatus->pr_stime);
1da177e4
LT		 1342 }
1343 cputime_to_timeval(p->signal->cutime, &prstatus->pr_cutime);
1344 cputime_to_timeval(p->signal->cstime, &prstatus->pr_cstime);
1345}
1346
1347static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p,
1348 struct mm_struct *mm)
1349{
c69e8d9c 1350 const struct cred *cred;
a84a5059 1351 unsigned int i, len;
1da177e4
LT		 1352
1353 /* first copy the parameters from user space */
1354 memset(psinfo, 0, sizeof(struct elf_prpsinfo));
1355
1356 len = mm->arg_end - mm->arg_start;
1357 if (len >= ELF_PRARGSZ)
1358 len = ELF_PRARGSZ-1;
1359 if (copy_from_user(&psinfo->pr_psargs,
1360 (const char __user *)mm->arg_start, len))
1361 return -EFAULT;
1362 for(i = 0; i < len; i++)
1363 if (psinfo->pr_psargs[i] == 0)
1364 psinfo->pr_psargs[i] = ' ';
1365 psinfo->pr_psargs[len] = 0;
1366
3b34fc58
ON		 1367 rcu_read_lock();
1368 psinfo->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1369 rcu_read_unlock();
b488893a 1370 psinfo->pr_pid = task_pid_vnr(p);
b488893a
PE		 1371 psinfo->pr_pgrp = task_pgrp_vnr(p);
1372 psinfo->pr_sid = task_session_vnr(p);
1da177e4
LT		 1373
1374 i = p->state ? ffz(~p->state) + 1 : 0;
1375 psinfo->pr_state = i;
55148548 1376 psinfo->pr_sname = (i > 5) ? '.' : "RSDTZW"[i];
1da177e4
LT		 1377 psinfo->pr_zomb = psinfo->pr_sname == 'Z';
1378 psinfo->pr_nice = task_nice(p);
1379 psinfo->pr_flag = p->flags;
c69e8d9c
DH		 1380 rcu_read_lock();
1381 cred = __task_cred(p);
ebc887b2
EB		 1382 SET_UID(psinfo->pr_uid, from_kuid_munged(cred->user_ns, cred->uid));
1383 SET_GID(psinfo->pr_gid, from_kgid_munged(cred->user_ns, cred->gid));
c69e8d9c 1384 rcu_read_unlock();
1da177e4
LT		 1385 strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname));
1386
1387 return 0;
1388}
1389
3aba481f
RM		 1390static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
1391{
1392 elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
1393 int i = 0;
1394 do
1395 i += 2;
1396 while (auxv[i - 2] != AT_NULL);
1397 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
1398}
1399
49ae4d4b
DV		 1400static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata,
1401 siginfo_t *siginfo)
1402{
1403 mm_segment_t old_fs = get_fs();
1404 set_fs(KERNEL_DS);
1405 copy_siginfo_to_user((user_siginfo_t __user *) csigdata, siginfo);
1406 set_fs(old_fs);
1407 fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata);
1408}
1409
2aa362c4
DV		 1410#define MAX_FILE_NOTE_SIZE (4*1024*1024)
1411/*
1412 * Format of NT_FILE note:
1413 *
1414 * long count -- how many files are mapped
1415 * long page_size -- units for file_ofs
1416 * array of [COUNT] elements of
1417 * long start
1418 * long end
1419 * long file_ofs
1420 * followed by COUNT filenames in ASCII: "FILE1" NUL "FILE2" NUL...
1421 */
cc748eed 1422static int fill_files_note(struct memelfnote *note)
2aa362c4
DV		 1423{
1424 struct vm_area_struct *vma;
1425 unsigned count, size, names_ofs, remaining, n;
1426 user_long_t *data;
1427 user_long_t *start_end_ofs;
1428 char *name_base, *name_curpos;
1429
1430 /* *Estimated* file count and total data size needed */
1431 count = current->mm->map_count;
1432 size = count * 64;
1433
1434 names_ofs = (2 + 3 * count) * sizeof(data[0]);
1435 alloc:
1436 if (size >= MAX_FILE_NOTE_SIZE) /* paranoia check */
cc748eed 1437 return -EINVAL;
2aa362c4
DV		 1438 size = round_up(size, PAGE_SIZE);
1439 data = vmalloc(size);
1440 if (!data)
cc748eed 1441 return -ENOMEM;
2aa362c4
DV		 1442
1443 start_end_ofs = data + 2;
1444 name_base = name_curpos = ((char *)data) + names_ofs;
1445 remaining = size - names_ofs;
1446 count = 0;
1447 for (vma = current->mm->mmap; vma != NULL; vma = vma->vm_next) {
1448 struct file *file;
1449 const char *filename;
1450
1451 file = vma->vm_file;
1452 if (!file)
1453 continue;
1454 filename = d_path(&file->f_path, name_curpos, remaining);
1455 if (IS_ERR(filename)) {
1456 if (PTR_ERR(filename) == -ENAMETOOLONG) {
1457 vfree(data);
1458 size = size * 5 / 4;
1459 goto alloc;
1460 }
1461 continue;
1462 }
1463
1464 /* d_path() fills at the end, move name down */
1465 /* n = strlen(filename) + 1: */
1466 n = (name_curpos + remaining) - filename;
1467 remaining = filename - name_curpos;
1468 memmove(name_curpos, filename, n);
1469 name_curpos += n;
1470
1471 *start_end_ofs++ = vma->vm_start;
1472 *start_end_ofs++ = vma->vm_end;
1473 *start_end_ofs++ = vma->vm_pgoff;
1474 count++;
1475 }
1476
1477 /* Now we know exact count of files, can store it */
1478 data[0] = count;
1479 data[1] = PAGE_SIZE;
1480 /*
1481 * Count usually is less than current->mm->map_count,
1482 * we need to move filenames down.
1483 */
1484 n = current->mm->map_count - count;
1485 if (n != 0) {
1486 unsigned shift_bytes = n * 3 * sizeof(data[0]);
1487 memmove(name_base - shift_bytes, name_base,
1488 name_curpos - name_base);
1489 name_curpos -= shift_bytes;
1490 }
1491
1492 size = name_curpos - (char *)data;
1493 fill_note(note, "CORE", NT_FILE, size, data);
cc748eed 1494 return 0;
2aa362c4
DV		 1495}
1496
4206d3aa
RM		 1497#ifdef CORE_DUMP_USE_REGSET
1498#include <linux/regset.h>
1499
1500struct elf_thread_core_info {
1501 struct elf_thread_core_info *next;
1502 struct task_struct *task;
1503 struct elf_prstatus prstatus;
1504 struct memelfnote notes[0];
1505};
1506
1507struct elf_note_info {
1508 struct elf_thread_core_info *thread;
1509 struct memelfnote psinfo;
49ae4d4b 1510 struct memelfnote signote;
4206d3aa 1511 struct memelfnote auxv;
2aa362c4 1512 struct memelfnote files;
49ae4d4b 1513 user_siginfo_t csigdata;
4206d3aa
RM		 1514 size_t size;
1515 int thread_notes;
1516};
1517
d31472b6
RM		 1518/*
1519 * When a regset has a writeback hook, we call it on each thread before
1520 * dumping user memory. On register window machines, this makes sure the
1521 * user memory backing the register data is up to date before we read it.
1522 */
1523static void do_thread_regset_writeback(struct task_struct *task,
1524 const struct user_regset *regset)
1525{
1526 if (regset->writeback)
1527 regset->writeback(task, regset, 1);
1528}
1529
0953f65d
L		 1530#ifndef PR_REG_SIZE
1531#define PR_REG_SIZE(S) sizeof(S)
1532#endif
1533
1534#ifndef PRSTATUS_SIZE
1535#define PRSTATUS_SIZE(S) sizeof(S)
1536#endif
1537
1538#ifndef PR_REG_PTR
1539#define PR_REG_PTR(S) (&((S)->pr_reg))
1540#endif
1541
1542#ifndef SET_PR_FPVALID
1543#define SET_PR_FPVALID(S, V) ((S)->pr_fpvalid = (V))
1544#endif
1545
4206d3aa
RM		 1546static int fill_thread_core_info(struct elf_thread_core_info *t,
1547 const struct user_regset_view *view,
1548 long signr, size_t *total)
1549{
1550 unsigned int i;
1551
1552 /*
1553 * NT_PRSTATUS is the one special case, because the regset data
1554 * goes into the pr_reg field inside the note contents, rather
1555 * than being the whole note contents. We fill the reset in here.
1556 * We assume that regset 0 is NT_PRSTATUS.
1557 */
1558 fill_prstatus(&t->prstatus, t->task, signr);
1559 (void) view->regsets[0].get(t->task, &view->regsets[0],
0953f65d
L		 1560 0, PR_REG_SIZE(t->prstatus.pr_reg),
1561 PR_REG_PTR(&t->prstatus), NULL);
4206d3aa
RM		 1562
1563 fill_note(&t->notes[0], "CORE", NT_PRSTATUS,
0953f65d 1564 PRSTATUS_SIZE(t->prstatus), &t->prstatus);
4206d3aa
RM		 1565 *total += notesize(&t->notes[0]);
1566
d31472b6
RM		 1567 do_thread_regset_writeback(t->task, &view->regsets[0]);
1568
4206d3aa
RM		 1569 /*
1570 * Each other regset might generate a note too. For each regset
1571 * that has no core_note_type or is inactive, we leave t->notes[i]
1572 * all zero and we'll know to skip writing it later.
1573 */
1574 for (i = 1; i < view->n; ++i) {
1575 const struct user_regset *regset = &view->regsets[i];
d31472b6 1576 do_thread_regset_writeback(t->task, regset);
c8e25258 1577 if (regset->core_note_type && regset->get &&
4206d3aa
RM		 1578 (!regset->active || regset->active(t->task, regset))) {
1579 int ret;
1580 size_t size = regset->n * regset->size;
1581 void *data = kmalloc(size, GFP_KERNEL);
1582 if (unlikely(!data))
1583 return 0;
1584 ret = regset->get(t->task, regset,
1585 0, size, data, NULL);
1586 if (unlikely(ret))
1587 kfree(data);
1588 else {
1589 if (regset->core_note_type != NT_PRFPREG)
1590 fill_note(&t->notes[i], "LINUX",
1591 regset->core_note_type,
1592 size, data);
1593 else {
0953f65d 1594 SET_PR_FPVALID(&t->prstatus, 1);
4206d3aa
RM		 1595 fill_note(&t->notes[i], "CORE",
1596 NT_PRFPREG, size, data);
1597 }
1598 *total += notesize(&t->notes[i]);
1599 }
1600 }
1601 }
1602
1603 return 1;
1604}
1605
1606static int fill_note_info(struct elfhdr *elf, int phdrs,
1607 struct elf_note_info *info,
5ab1c309 1608 siginfo_t *siginfo, struct pt_regs *regs)
4206d3aa
RM		 1609{
1610 struct task_struct *dump_task = current;
1611 const struct user_regset_view *view = task_user_regset_view(dump_task);
1612 struct elf_thread_core_info *t;
1613 struct elf_prpsinfo *psinfo;
83914441 1614 struct core_thread *ct;
4206d3aa
RM		 1615 unsigned int i;
1616
1617 info->size = 0;
1618 info->thread = NULL;
1619
1620 psinfo = kmalloc(sizeof(*psinfo), GFP_KERNEL);
6899e92d
AC		 1621 if (psinfo == NULL) {
1622 info->psinfo.data = NULL; /* So we don't free this wrongly */
4206d3aa 1623 return 0;
6899e92d 1624 }
4206d3aa 1625
e2dbe125
AW		 1626 fill_note(&info->psinfo, "CORE", NT_PRPSINFO, sizeof(*psinfo), psinfo);
1627
4206d3aa
RM		 1628 /*
1629 * Figure out how many notes we're going to need for each thread.
1630 */
1631 info->thread_notes = 0;
1632 for (i = 0; i < view->n; ++i)
1633 if (view->regsets[i].core_note_type != 0)
1634 ++info->thread_notes;
1635
1636 /*
1637 * Sanity check. We rely on regset 0 being in NT_PRSTATUS,
1638 * since it is our one special case.
1639 */
1640 if (unlikely(info->thread_notes == 0) ||
1641 unlikely(view->regsets[0].core_note_type != NT_PRSTATUS)) {
1642 WARN_ON(1);
1643 return 0;
1644 }
1645
1646 /*
1647 * Initialize the ELF file header.
1648 */
1649 fill_elf_header(elf, phdrs,
d3330cf0 1650 view->e_machine, view->e_flags);
4206d3aa
RM		 1651
1652 /*
1653 * Allocate a structure for each thread.
1654 */
83914441
ON		 1655 for (ct = &dump_task->mm->core_state->dumper; ct; ct = ct->next) {
1656 t = kzalloc(offsetof(struct elf_thread_core_info,
1657 notes[info->thread_notes]),
1658 GFP_KERNEL);
1659 if (unlikely(!t))
1660 return 0;
1661
1662 t->task = ct->task;
1663 if (ct->task == dump_task || !info->thread) {
1664 t->next = info->thread;
1665 info->thread = t;
1666 } else {
1667 /*
1668 * Make sure to keep the original task at
1669 * the head of the list.
1670 */
1671 t->next = info->thread->next;
1672 info->thread->next = t;
4206d3aa 1673 }
83914441 1674 }
4206d3aa
RM		 1675
1676 /*
1677 * Now fill in each thread's information.
1678 */
1679 for (t = info->thread; t != NULL; t = t->next)
5ab1c309 1680 if (!fill_thread_core_info(t, view, siginfo->si_signo, &info->size))
4206d3aa
RM		 1681 return 0;
1682
1683 /*
1684 * Fill in the two process-wide notes.
1685 */
1686 fill_psinfo(psinfo, dump_task->group_leader, dump_task->mm);
1687 info->size += notesize(&info->psinfo);
1688
49ae4d4b
DV		 1689 fill_siginfo_note(&info->signote, &info->csigdata, siginfo);
1690 info->size += notesize(&info->signote);
1691
4206d3aa
RM		 1692 fill_auxv_note(&info->auxv, current->mm);
1693 info->size += notesize(&info->auxv);
1694
cc748eed
DA		 1695 if (fill_files_note(&info->files) == 0)
1696 info->size += notesize(&info->files);
2aa362c4 1697
4206d3aa
RM		 1698 return 1;
1699}
1700
1701static size_t get_note_info_size(struct elf_note_info *info)
1702{
1703 return info->size;
1704}
1705
1706/*
1707 * Write all the notes for each thread. When writing the first thread, the
1708 * process-wide notes are interleaved after the first thread-specific note.
1709 */
1710static int write_note_info(struct elf_note_info *info,
1711 struct file *file, loff_t *foffset)
1712{
1713 bool first = 1;
1714 struct elf_thread_core_info *t = info->thread;
1715
1716 do {
1717 int i;
1718
1719 if (!writenote(&t->notes[0], file, foffset))
1720 return 0;
1721
1722 if (first && !writenote(&info->psinfo, file, foffset))
1723 return 0;
49ae4d4b
DV		 1724 if (first && !writenote(&info->signote, file, foffset))
1725 return 0;
4206d3aa
RM		 1726 if (first && !writenote(&info->auxv, file, foffset))
1727 return 0;
cc748eed
DA		 1728 if (first && info->files.data &&
1729 !writenote(&info->files, file, foffset))
2aa362c4 1730 return 0;
4206d3aa
RM		 1731
1732 for (i = 1; i < info->thread_notes; ++i)
1733 if (t->notes[i].data &&
1734 !writenote(&t->notes[i], file, foffset))
1735 return 0;
1736
1737 first = 0;
1738 t = t->next;
1739 } while (t);
1740
1741 return 1;
1742}
1743
1744static void free_note_info(struct elf_note_info *info)
1745{
1746 struct elf_thread_core_info *threads = info->thread;
1747 while (threads) {
1748 unsigned int i;
1749 struct elf_thread_core_info *t = threads;
1750 threads = t->next;
1751 WARN_ON(t->notes[0].data && t->notes[0].data != &t->prstatus);
1752 for (i = 1; i < info->thread_notes; ++i)
1753 kfree(t->notes[i].data);
1754 kfree(t);
1755 }
1756 kfree(info->psinfo.data);
2aa362c4 1757 vfree(info->files.data);
4206d3aa
RM		 1758}
1759
1760#else
1761
1da177e4
LT		 1762/* Here is the structure in which status of each thread is captured. */
1763struct elf_thread_status
1764{
1765 struct list_head list;
1766 struct elf_prstatus prstatus; /* NT_PRSTATUS */
1767 elf_fpregset_t fpu; /* NT_PRFPREG */
1768 struct task_struct *thread;
1769#ifdef ELF_CORE_COPY_XFPREGS
5b20cd80 1770 elf_fpxregset_t xfpu; /* ELF_CORE_XFPREG_TYPE */
1da177e4
LT		 1771#endif
1772 struct memelfnote notes[3];
1773 int num_notes;
1774};
1775
1776/*
1777 * In order to add the specific thread information for the elf file format,
f4e5cc2c
JJ		 1778 * we need to keep a linked list of every threads pr_status and then create
1779 * a single section for them in the final core file.
1da177e4
LT		 1780 */
1781static int elf_dump_thread_status(long signr, struct elf_thread_status *t)
1782{
1783 int sz = 0;
1784 struct task_struct *p = t->thread;
1785 t->num_notes = 0;
1786
1787 fill_prstatus(&t->prstatus, p, signr);
1788 elf_core_copy_task_regs(p, &t->prstatus.pr_reg);
1789
f4e5cc2c
JJ		 1790 fill_note(&t->notes[0], "CORE", NT_PRSTATUS, sizeof(t->prstatus),
1791 &(t->prstatus));
1da177e4
LT		 1792 t->num_notes++;
1793 sz += notesize(&t->notes[0]);
1794
f4e5cc2c
JJ		 1795 if ((t->prstatus.pr_fpvalid = elf_core_copy_task_fpregs(p, NULL,
1796 &t->fpu))) {
1797 fill_note(&t->notes[1], "CORE", NT_PRFPREG, sizeof(t->fpu),
1798 &(t->fpu));
1da177e4
LT		 1799 t->num_notes++;
1800 sz += notesize(&t->notes[1]);
1801 }
1802
1803#ifdef ELF_CORE_COPY_XFPREGS
1804 if (elf_core_copy_task_xfpregs(p, &t->xfpu)) {
5b20cd80
MN		 1805 fill_note(&t->notes[2], "LINUX", ELF_CORE_XFPREG_TYPE,
1806 sizeof(t->xfpu), &t->xfpu);
1da177e4
LT		 1807 t->num_notes++;
1808 sz += notesize(&t->notes[2]);
1809 }
1810#endif
1811 return sz;
1812}
1813
3aba481f
RM		 1814struct elf_note_info {
1815 struct memelfnote *notes;
cc748eed 1816 struct memelfnote *notes_files;
3aba481f
RM		 1817 struct elf_prstatus *prstatus; /* NT_PRSTATUS */
1818 struct elf_prpsinfo *psinfo; /* NT_PRPSINFO */
1819 struct list_head thread_list;
1820 elf_fpregset_t *fpu;
1821#ifdef ELF_CORE_COPY_XFPREGS
1822 elf_fpxregset_t *xfpu;
1823#endif
49ae4d4b 1824 user_siginfo_t csigdata;
3aba481f
RM		 1825 int thread_status_size;
1826 int numnote;
1827};
1828
0cf062d0 1829static int elf_note_info_init(struct elf_note_info *info)
3aba481f 1830{
0cf062d0 1831 memset(info, 0, sizeof(*info));
3aba481f
RM		 1832 INIT_LIST_HEAD(&info->thread_list);
1833
49ae4d4b 1834 /* Allocate space for ELF notes */
2aa362c4 1835 info->notes = kmalloc(8 * sizeof(struct memelfnote), GFP_KERNEL);
3aba481f
RM		 1836 if (!info->notes)
1837 return 0;
1838 info->psinfo = kmalloc(sizeof(*info->psinfo), GFP_KERNEL);
1839 if (!info->psinfo)
f34f9d18 1840 return 0;
3aba481f
RM		 1841 info->prstatus = kmalloc(sizeof(*info->prstatus), GFP_KERNEL);
1842 if (!info->prstatus)
f34f9d18 1843 return 0;
3aba481f
RM		 1844 info->fpu = kmalloc(sizeof(*info->fpu), GFP_KERNEL);
1845 if (!info->fpu)
f34f9d18 1846 return 0;
3aba481f
RM		 1847#ifdef ELF_CORE_COPY_XFPREGS
1848 info->xfpu = kmalloc(sizeof(*info->xfpu), GFP_KERNEL);
1849 if (!info->xfpu)
f34f9d18 1850 return 0;
3aba481f 1851#endif
0cf062d0 1852 return 1;
0cf062d0
AW		 1853}
1854
1855static int fill_note_info(struct elfhdr *elf, int phdrs,
1856 struct elf_note_info *info,
5ab1c309 1857 siginfo_t *siginfo, struct pt_regs *regs)
0cf062d0
AW		 1858{
1859 struct list_head *t;
1860
1861 if (!elf_note_info_init(info))
1862 return 0;
3aba481f 1863
5ab1c309 1864 if (siginfo->si_signo) {
83914441 1865 struct core_thread *ct;
4220b7fe 1866 struct elf_thread_status *ets;
83914441
ON		 1867
1868 for (ct = current->mm->core_state->dumper.next;
1869 ct; ct = ct->next) {
1870 ets = kzalloc(sizeof(*ets), GFP_KERNEL);
1871 if (!ets)
1872 return 0;
1873
1874 ets->thread = ct->task;
1875 list_add(&ets->list, &info->thread_list);
1876 }
1877
3aba481f 1878 list_for_each(t, &info->thread_list) {
3aba481f
RM		 1879 int sz;
1880
4220b7fe 1881 ets = list_entry(t, struct elf_thread_status, list);
5ab1c309 1882 sz = elf_dump_thread_status(siginfo->si_signo, ets);
3aba481f
RM		 1883 info->thread_status_size += sz;
1884 }
1885 }
1886 /* now collect the dump for the current */
1887 memset(info->prstatus, 0, sizeof(*info->prstatus));
5ab1c309 1888 fill_prstatus(info->prstatus, current, siginfo->si_signo);
3aba481f
RM		 1889 elf_core_copy_regs(&info->prstatus->pr_reg, regs);
1890
1891 /* Set up header */
d3330cf0 1892 fill_elf_header(elf, phdrs, ELF_ARCH, ELF_CORE_EFLAGS);
3aba481f
RM		 1893
1894 /*
1895 * Set up the notes in similar form to SVR4 core dumps made
1896 * with info from their /proc.
1897 */
1898
1899 fill_note(info->notes + 0, "CORE", NT_PRSTATUS,
1900 sizeof(*info->prstatus), info->prstatus);
1901 fill_psinfo(info->psinfo, current->group_leader, current->mm);
1902 fill_note(info->notes + 1, "CORE", NT_PRPSINFO,
1903 sizeof(*info->psinfo), info->psinfo);
1904
2aa362c4
DV		 1905 fill_siginfo_note(info->notes + 2, &info->csigdata, siginfo);
1906 fill_auxv_note(info->notes + 3, current->mm);
cc748eed 1907 info->numnote = 4;
3aba481f 1908
cc748eed
DA		 1909 if (fill_files_note(info->notes + info->numnote) == 0) {
1910 info->notes_files = info->notes + info->numnote;
1911 info->numnote++;
1912 }
3aba481f
RM		 1913
1914 /* Try to dump the FPU. */
1915 info->prstatus->pr_fpvalid = elf_core_copy_task_fpregs(current, regs,
1916 info->fpu);
1917 if (info->prstatus->pr_fpvalid)
1918 fill_note(info->notes + info->numnote++,
1919 "CORE", NT_PRFPREG, sizeof(*info->fpu), info->fpu);
1920#ifdef ELF_CORE_COPY_XFPREGS
1921 if (elf_core_copy_task_xfpregs(current, info->xfpu))
1922 fill_note(info->notes + info->numnote++,
1923 "LINUX", ELF_CORE_XFPREG_TYPE,
1924 sizeof(*info->xfpu), info->xfpu);
1925#endif
1926
1927 return 1;
3aba481f
RM		 1928}
1929
1930static size_t get_note_info_size(struct elf_note_info *info)
1931{
1932 int sz = 0;
1933 int i;
1934
1935 for (i = 0; i < info->numnote; i++)
1936 sz += notesize(info->notes + i);
1937
1938 sz += info->thread_status_size;
1939
1940 return sz;
1941}
1942
1943static int write_note_info(struct elf_note_info *info,
1944 struct file *file, loff_t *foffset)
1945{
1946 int i;
1947 struct list_head *t;
1948
1949 for (i = 0; i < info->numnote; i++)
1950 if (!writenote(info->notes + i, file, foffset))
1951 return 0;
1952
1953 /* write out the thread status notes section */
1954 list_for_each(t, &info->thread_list) {
1955 struct elf_thread_status *tmp =
1956 list_entry(t, struct elf_thread_status, list);
1957
1958 for (i = 0; i < tmp->num_notes; i++)
1959 if (!writenote(&tmp->notes[i], file, foffset))
1960 return 0;
1961 }
1962
1963 return 1;
1964}
1965
1966static void free_note_info(struct elf_note_info *info)
1967{
1968 while (!list_empty(&info->thread_list)) {
1969 struct list_head *tmp = info->thread_list.next;
1970 list_del(tmp);
1971 kfree(list_entry(tmp, struct elf_thread_status, list));
1972 }
1973
cc748eed
DA		 1974 /* Free data possibly allocated by fill_files_note(): */
1975 if (info->notes_files)
1976 vfree(info->notes_files->data);
2aa362c4 1977
3aba481f
RM		 1978 kfree(info->prstatus);
1979 kfree(info->psinfo);
1980 kfree(info->notes);
1981 kfree(info->fpu);
1982#ifdef ELF_CORE_COPY_XFPREGS
1983 kfree(info->xfpu);
1984#endif
1985}
1986
4206d3aa
RM		 1987#endif
1988
f47aef55
RM		 1989static struct vm_area_struct *first_vma(struct task_struct *tsk,
1990 struct vm_area_struct *gate_vma)
1991{
1992 struct vm_area_struct *ret = tsk->mm->mmap;
1993
1994 if (ret)
1995 return ret;
1996 return gate_vma;
1997}
1998/*
1999 * Helper function for iterating across a vma list. It ensures that the caller
2000 * will visit `gate_vma' prior to terminating the search.
2001 */
2002static struct vm_area_struct *next_vma(struct vm_area_struct *this_vma,
2003 struct vm_area_struct *gate_vma)
2004{
2005 struct vm_area_struct *ret;
2006
2007 ret = this_vma->vm_next;
2008 if (ret)
2009 return ret;
2010 if (this_vma == gate_vma)
2011 return NULL;
2012 return gate_vma;
2013}
2014
8d9032bb
DH		 2015static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
2016 elf_addr_t e_shoff, int segs)
2017{
2018 elf->e_shoff = e_shoff;
2019 elf->e_shentsize = sizeof(*shdr4extnum);
2020 elf->e_shnum = 1;
2021 elf->e_shstrndx = SHN_UNDEF;
2022
2023 memset(shdr4extnum, 0, sizeof(*shdr4extnum));
2024
2025 shdr4extnum->sh_type = SHT_NULL;
2026 shdr4extnum->sh_size = elf->e_shnum;
2027 shdr4extnum->sh_link = elf->e_shstrndx;
2028 shdr4extnum->sh_info = segs;
2029}
2030
2031static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma,
2032 unsigned long mm_flags)
2033{
2034 struct vm_area_struct *vma;
2035 size_t size = 0;
2036
2037 for (vma = first_vma(current, gate_vma); vma != NULL;
2038 vma = next_vma(vma, gate_vma))
2039 size += vma_dump_size(vma, mm_flags);
2040 return size;
2041}
2042
1da177e4
LT		 2043/*
2044 * Actual dumper
2045 *
2046 * This is a two-pass process; first we find the offsets of the bits,
2047 * and then they are actually written out. If we run out of core limit
2048 * we just truncate.
2049 */
f6151dfe 2050static int elf_core_dump(struct coredump_params *cprm)
1da177e4 2051{
1da177e4
LT		 2052 int has_dumped = 0;
2053 mm_segment_t fs;
2054 int segs;
2055 size_t size = 0;
f47aef55 2056 struct vm_area_struct *vma, *gate_vma;
1da177e4 2057 struct elfhdr *elf = NULL;
d025c9db 2058 loff_t offset = 0, dataoff, foffset;
cc748eed 2059 struct elf_note_info info = { };
93eb211e 2060 struct elf_phdr *phdr4note = NULL;
8d9032bb
DH		 2061 struct elf_shdr *shdr4extnum = NULL;
2062 Elf_Half e_phnum;
2063 elf_addr_t e_shoff;
1da177e4
LT		 2064
2065 /*
2066 * We no longer stop all VM operations.
2067 *
f4e5cc2c
JJ		 2068 * This is because those proceses that could possibly change map_count
2069 * or the mmap / vma pages are now blocked in do_exit on current
2070 * finishing this core dump.
1da177e4
LT		 2071 *
2072 * Only ptrace can touch these memory addresses, but it doesn't change
f4e5cc2c 2073 * the map_count or the pages allocated. So no possibility of crashing
1da177e4
LT		 2074 * exists while dumping the mm->vm_next areas to the core file.
2075 */
2076
2077 /* alloc memory for large data structures: too large to be on stack */
2078 elf = kmalloc(sizeof(*elf), GFP_KERNEL);
2079 if (!elf)
5f719558 2080 goto out;
341c87bf
KH		 2081 /*
2082 * The number of segs are recored into ELF header as 16bit value.
2083 * Please check DEFAULT_MAX_MAP_COUNT definition when you modify here.
2084 */
1da177e4 2085 segs = current->mm->map_count;
1fcccbac 2086 segs += elf_core_extra_phdrs();
1da177e4 2087
31db58b3 2088 gate_vma = get_gate_vma(current->mm);
f47aef55
RM		 2089 if (gate_vma != NULL)
2090 segs++;
2091
8d9032bb
DH		 2092 /* for notes section */
2093 segs++;
2094
2095 /* If segs > PN_XNUM(0xffff), then e_phnum overflows. To avoid
2096 * this, kernel supports extended numbering. Have a look at
2097 * include/linux/elf.h for further information. */
2098 e_phnum = segs > PN_XNUM ? PN_XNUM : segs;
2099
1da177e4 2100 /*
3aba481f
RM		 2101 * Collect all the non-memory information about the process for the
2102 * notes. This also sets up the file header.
1da177e4 2103 */
5ab1c309 2104 if (!fill_note_info(elf, e_phnum, &info, cprm->siginfo, cprm->regs))
3aba481f 2105 goto cleanup;
1da177e4 2106
3aba481f 2107 has_dumped = 1;
079148b9 2108
1da177e4
LT		 2109 fs = get_fs();
2110 set_fs(KERNEL_DS);
2111
1da177e4 2112 offset += sizeof(*elf); /* Elf header */
8d9032bb 2113 offset += segs * sizeof(struct elf_phdr); /* Program headers */
a7a0d86f 2114 foffset = offset;
1da177e4
LT		 2115
2116 /* Write notes phdr entry */
2117 {
3aba481f 2118 size_t sz = get_note_info_size(&info);
1da177e4 2119
e5501492 2120 sz += elf_coredump_extra_notes_size();
bf1ab978 2121
93eb211e
DH		 2122 phdr4note = kmalloc(sizeof(*phdr4note), GFP_KERNEL);
2123 if (!phdr4note)
088e7af7 2124 goto end_coredump;
93eb211e
DH		 2125
2126 fill_elf_note_phdr(phdr4note, sz, offset);
2127 offset += sz;
1da177e4
LT		 2128 }
2129
1da177e4
LT		 2130 dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
2131
30736a4d 2132 offset += elf_core_vma_data_size(gate_vma, cprm->mm_flags);
8d9032bb
DH		 2133 offset += elf_core_extra_data_size();
2134 e_shoff = offset;
2135
2136 if (e_phnum == PN_XNUM) {
2137 shdr4extnum = kmalloc(sizeof(*shdr4extnum), GFP_KERNEL);
2138 if (!shdr4extnum)
2139 goto end_coredump;
2140 fill_extnum_info(elf, shdr4extnum, e_shoff, segs);
2141 }
2142
2143 offset = dataoff;
2144
93eb211e
DH		 2145 size += sizeof(*elf);
2146 if (size > cprm->limit || !dump_write(cprm->file, elf, sizeof(*elf)))
2147 goto end_coredump;
2148
2149 size += sizeof(*phdr4note);
2150 if (size > cprm->limit
2151 || !dump_write(cprm->file, phdr4note, sizeof(*phdr4note)))
2152 goto end_coredump;
2153
1da177e4 2154 /* Write program headers for segments dump */
f47aef55
RM		 2155 for (vma = first_vma(current, gate_vma); vma != NULL;
2156 vma = next_vma(vma, gate_vma)) {
1da177e4 2157 struct elf_phdr phdr;
1da177e4
LT		 2158
2159 phdr.p_type = PT_LOAD;
2160 phdr.p_offset = offset;
2161 phdr.p_vaddr = vma->vm_start;
2162 phdr.p_paddr = 0;
30736a4d 2163 phdr.p_filesz = vma_dump_size(vma, cprm->mm_flags);
82df3973 2164 phdr.p_memsz = vma->vm_end - vma->vm_start;
1da177e4
LT		 2165 offset += phdr.p_filesz;
2166 phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
f4e5cc2c
JJ		 2167 if (vma->vm_flags & VM_WRITE)
2168 phdr.p_flags |= PF_W;
2169 if (vma->vm_flags & VM_EXEC)
2170 phdr.p_flags |= PF_X;
1da177e4
LT		 2171 phdr.p_align = ELF_EXEC_PAGESIZE;
2172
088e7af7
DH		 2173 size += sizeof(phdr);
2174 if (size > cprm->limit
2175 || !dump_write(cprm->file, &phdr, sizeof(phdr)))
2176 goto end_coredump;
1da177e4
LT		 2177 }
2178
1fcccbac
DH		 2179 if (!elf_core_write_extra_phdrs(cprm->file, offset, &size, cprm->limit))
2180 goto end_coredump;
1da177e4
LT		 2181
2182 /* write out the notes section */
f6151dfe 2183 if (!write_note_info(&info, cprm->file, &foffset))
3aba481f 2184 goto end_coredump;
1da177e4 2185
f6151dfe 2186 if (elf_coredump_extra_notes_write(cprm->file, &foffset))
e5501492 2187 goto end_coredump;
bf1ab978 2188
d025c9db 2189 /* Align to page */
f6151dfe 2190 if (!dump_seek(cprm->file, dataoff - foffset))
f3e8fccd 2191 goto end_coredump;
1da177e4 2192
f47aef55
RM		 2193 for (vma = first_vma(current, gate_vma); vma != NULL;
2194 vma = next_vma(vma, gate_vma)) {
1da177e4 2195 unsigned long addr;
82df3973 2196 unsigned long end;
1da177e4 2197
30736a4d 2198 end = vma->vm_start + vma_dump_size(vma, cprm->mm_flags);
1da177e4 2199
82df3973 2200 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
f4e5cc2c 2201 struct page *page;
f3e8fccd
HD		 2202 int stop;
2203
2204 page = get_dump_page(addr);
2205 if (page) {
2206 void *kaddr = kmap(page);
f6151dfe
MH		 2207 stop = ((size += PAGE_SIZE) > cprm->limit) ||
2208 !dump_write(cprm->file, kaddr,
2209 PAGE_SIZE);
f3e8fccd 2210 kunmap(page);
1da177e4 2211 page_cache_release(page);
f3e8fccd 2212 } else
f6151dfe 2213 stop = !dump_seek(cprm->file, PAGE_SIZE);
f3e8fccd
HD		 2214 if (stop)
2215 goto end_coredump;
1da177e4
LT		 2216 }
2217 }
2218
1fcccbac
DH		 2219 if (!elf_core_write_extra_data(cprm->file, &size, cprm->limit))
2220 goto end_coredump;
1da177e4 2221
8d9032bb
DH		 2222 if (e_phnum == PN_XNUM) {
2223 size += sizeof(*shdr4extnum);
2224 if (size > cprm->limit
2225 || !dump_write(cprm->file, shdr4extnum,
2226 sizeof(*shdr4extnum)))
2227 goto end_coredump;
2228 }
2229
1da177e4
LT		 2230end_coredump:
2231 set_fs(fs);
2232
2233cleanup:
3aba481f 2234 free_note_info(&info);
8d9032bb 2235 kfree(shdr4extnum);
93eb211e 2236 kfree(phdr4note);
5f719558
WC		 2237 kfree(elf);
2238out:
1da177e4 2239 return has_dumped;
1da177e4
LT		 2240}
2241
698ba7b5 2242#endif /* CONFIG_ELF_CORE */
1da177e4
LT		 2243
2244static int __init init_elf_binfmt(void)
2245{
8fc3dc5a
AV		 2246 register_binfmt(&elf_format);
2247 return 0;
1da177e4
LT		 2248}
2249
2250static void __exit exit_elf_binfmt(void)
2251{
2252 /* Remove the COFF and ELF loaders. */
2253 unregister_binfmt(&elf_format);
2254}
2255
2256core_initcall(init_elf_binfmt);
2257module_exit(exit_elf_binfmt);
2258MODULE_LICENSE("GPL");