~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/fs/binfmt_elf.c

Version: ~ [ linux-5.4-rc7 ] ~ [ linux-5.3.10 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.83 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.153 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.200 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.200 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.140 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.76 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-3.9.11 ] ~ [ linux-3.8.13 ] ~ [ linux-3.7.10 ] ~ [ linux-3.6.11 ] ~ [ linux-3.5.7 ] ~ [ linux-3.4.113 ] ~ [ linux-3.3.8 ] ~ [ linux-3.2.102 ] ~ [ linux-3.1.10 ] ~ [ linux-3.0.101 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2  * linux/fs/binfmt_elf.c
  3  *
  4  * These are the functions used to load ELF format executables as used
  5  * on SVr4 machines.  Information on the format may be found in the book
  6  * "UNIX SYSTEM V RELEASE 4 Programmers Guide: Ansi C and Programming Support
  7  * Tools".
  8  *
  9  * Copyright 1993, 1994: Eric Youngdale (ericy@cais.com).
 10  */
 11 
 12 #include <linux/module.h>
 13 #include <linux/kernel.h>
 14 #include <linux/fs.h>
 15 #include <linux/mm.h>
 16 #include <linux/mman.h>
 17 #include <linux/errno.h>
 18 #include <linux/signal.h>
 19 #include <linux/binfmts.h>
 20 #include <linux/string.h>
 21 #include <linux/file.h>
 22 #include <linux/slab.h>
 23 #include <linux/personality.h>
 24 #include <linux/elfcore.h>
 25 #include <linux/init.h>
 26 #include <linux/highuid.h>
 27 #include <linux/compiler.h>
 28 #include <linux/highmem.h>
 29 #include <linux/pagemap.h>
 30 #include <linux/security.h>
 31 #include <linux/random.h>
 32 #include <linux/elf.h>
 33 #include <linux/utsname.h>
 34 #include <asm/uaccess.h>
 35 #include <asm/param.h>
 36 #include <asm/page.h>
 37 
 38 static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs);
 39 static int load_elf_library(struct file *);
 40 static unsigned long elf_map(struct file *, unsigned long, struct elf_phdr *,
 41                                 int, int, unsigned long);
 42 
 43 /*
 44  * If we don't support core dumping, then supply a NULL so we
 45  * don't even try.
 46  */
 47 #if defined(USE_ELF_CORE_DUMP) && defined(CONFIG_ELF_CORE)
 48 static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file, unsigned long limit);
 49 #else
 50 #define elf_core_dump   NULL
 51 #endif
 52 
 53 #if ELF_EXEC_PAGESIZE > PAGE_SIZE
 54 #define ELF_MIN_ALIGN   ELF_EXEC_PAGESIZE
 55 #else
 56 #define ELF_MIN_ALIGN   PAGE_SIZE
 57 #endif
 58 
 59 #ifndef ELF_CORE_EFLAGS
 60 #define ELF_CORE_EFLAGS 0
 61 #endif
 62 
 63 #define ELF_PAGESTART(_v) ((_v) & ~(unsigned long)(ELF_MIN_ALIGN-1))
 64 #define ELF_PAGEOFFSET(_v) ((_v) & (ELF_MIN_ALIGN-1))
 65 #define ELF_PAGEALIGN(_v) (((_v) + ELF_MIN_ALIGN - 1) & ~(ELF_MIN_ALIGN - 1))
 66 
 67 static struct linux_binfmt elf_format = {
 68                 .module         = THIS_MODULE,
 69                 .load_binary    = load_elf_binary,
 70                 .load_shlib     = load_elf_library,
 71                 .core_dump      = elf_core_dump,
 72                 .min_coredump   = ELF_EXEC_PAGESIZE,
 73                 .hasvdso        = 1
 74 };
 75 
 76 #define BAD_ADDR(x) ((unsigned long)(x) >= TASK_SIZE)
 77 
 78 static int set_brk(unsigned long start, unsigned long end)
 79 {
 80         start = ELF_PAGEALIGN(start);
 81         end = ELF_PAGEALIGN(end);
 82         if (end > start) {
 83                 unsigned long addr;
 84                 down_write(&current->mm->mmap_sem);
 85                 addr = do_brk(start, end - start);
 86                 up_write(&current->mm->mmap_sem);
 87                 if (BAD_ADDR(addr))
 88                         return addr;
 89         }
 90         current->mm->start_brk = current->mm->brk = end;
 91         return 0;
 92 }
 93 
 94 /* We need to explicitly zero any fractional pages
 95    after the data section (i.e. bss).  This would
 96    contain the junk from the file that should not
 97    be in memory
 98  */
 99 static int padzero(unsigned long elf_bss)
100 {
101         unsigned long nbyte;
102 
103         nbyte = ELF_PAGEOFFSET(elf_bss);
104         if (nbyte) {
105                 nbyte = ELF_MIN_ALIGN - nbyte;
106                 if (clear_user((void __user *) elf_bss, nbyte))
107                         return -EFAULT;
108         }
109         return 0;
110 }
111 
112 /* Let's use some macros to make this stack manipulation a little clearer */
113 #ifdef CONFIG_STACK_GROWSUP
114 #define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) + (items))
115 #define STACK_ROUND(sp, items) \
116         ((15 + (unsigned long) ((sp) + (items))) &~ 15UL)
117 #define STACK_ALLOC(sp, len) ({ \
118         elf_addr_t __user *old_sp = (elf_addr_t __user *)sp; sp += len; \
119         old_sp; })
120 #else
121 #define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) - (items))
122 #define STACK_ROUND(sp, items) \
123         (((unsigned long) (sp - items)) &~ 15UL)
124 #define STACK_ALLOC(sp, len) ({ sp -= len ; sp; })
125 #endif
126 
127 #ifndef ELF_BASE_PLATFORM
128 /*
129  * AT_BASE_PLATFORM indicates the "real" hardware/microarchitecture.
130  * If the arch defines ELF_BASE_PLATFORM (in asm/elf.h), the value
131  * will be copied to the user stack in the same manner as AT_PLATFORM.
132  */
133 #define ELF_BASE_PLATFORM NULL
134 #endif
135 
136 static int
137 create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
138                 unsigned long load_addr, unsigned long interp_load_addr)
139 {
140         unsigned long p = bprm->p;
141         int argc = bprm->argc;
142         int envc = bprm->envc;
143         elf_addr_t __user *argv;
144         elf_addr_t __user *envp;
145         elf_addr_t __user *sp;
146         elf_addr_t __user *u_platform;
147         elf_addr_t __user *u_base_platform;
148         elf_addr_t __user *u_rand_bytes;
149         const char *k_platform = ELF_PLATFORM;
150         const char *k_base_platform = ELF_BASE_PLATFORM;
151         unsigned char k_rand_bytes[16];
152         int items;
153         elf_addr_t *elf_info;
154         int ei_index = 0;
155         const struct cred *cred = current_cred();
156         struct vm_area_struct *vma;
157 
158         /*
159          * In some cases (e.g. Hyper-Threading), we want to avoid L1
160          * evictions by the processes running on the same package. One
161          * thing we can do is to shuffle the initial stack for them.
162          */
163 
164         p = arch_align_stack(p);
165 
166         /*
167          * If this architecture has a platform capability string, copy it
168          * to userspace.  In some cases (Sparc), this info is impossible
169          * for userspace to get any other way, in others (i386) it is
170          * merely difficult.
171          */
172         u_platform = NULL;
173         if (k_platform) {
174                 size_t len = strlen(k_platform) + 1;
175 
176                 u_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
177                 if (__copy_to_user(u_platform, k_platform, len))
178                         return -EFAULT;
179         }
180 
181         /*
182          * If this architecture has a "base" platform capability
183          * string, copy it to userspace.
184          */
185         u_base_platform = NULL;
186         if (k_base_platform) {
187                 size_t len = strlen(k_base_platform) + 1;
188 
189                 u_base_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
190                 if (__copy_to_user(u_base_platform, k_base_platform, len))
191                         return -EFAULT;
192         }
193 
194         /*
195          * Generate 16 random bytes for userspace PRNG seeding.
196          */
197         get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes));
198         u_rand_bytes = (elf_addr_t __user *)
199                        STACK_ALLOC(p, sizeof(k_rand_bytes));
200         if (__copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes)))
201                 return -EFAULT;
202 
203         /* Create the ELF interpreter info */
204         elf_info = (elf_addr_t *)current->mm->saved_auxv;
205         /* update AT_VECTOR_SIZE_BASE if the number of NEW_AUX_ENT() changes */
206 #define NEW_AUX_ENT(id, val) \
207         do { \
208                 elf_info[ei_index++] = id; \
209                 elf_info[ei_index++] = val; \
210         } while (0)
211 
212 #ifdef ARCH_DLINFO
213         /* 
214          * ARCH_DLINFO must come first so PPC can do its special alignment of
215          * AUXV.
216          * update AT_VECTOR_SIZE_ARCH if the number of NEW_AUX_ENT() in
217          * ARCH_DLINFO changes
218          */
219         ARCH_DLINFO;
220 #endif
221         NEW_AUX_ENT(AT_HWCAP, ELF_HWCAP);
222         NEW_AUX_ENT(AT_PAGESZ, ELF_EXEC_PAGESIZE);
223         NEW_AUX_ENT(AT_CLKTCK, CLOCKS_PER_SEC);
224         NEW_AUX_ENT(AT_PHDR, load_addr + exec->e_phoff);
225         NEW_AUX_ENT(AT_PHENT, sizeof(struct elf_phdr));
226         NEW_AUX_ENT(AT_PHNUM, exec->e_phnum);
227         NEW_AUX_ENT(AT_BASE, interp_load_addr);
228         NEW_AUX_ENT(AT_FLAGS, 0);
229         NEW_AUX_ENT(AT_ENTRY, exec->e_entry);
230         NEW_AUX_ENT(AT_UID, cred->uid);
231         NEW_AUX_ENT(AT_EUID, cred->euid);
232         NEW_AUX_ENT(AT_GID, cred->gid);
233         NEW_AUX_ENT(AT_EGID, cred->egid);
234         NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm));
235         NEW_AUX_ENT(AT_RANDOM, (elf_addr_t)(unsigned long)u_rand_bytes);
236         NEW_AUX_ENT(AT_EXECFN, bprm->exec);
237         if (k_platform) {
238                 NEW_AUX_ENT(AT_PLATFORM,
239                             (elf_addr_t)(unsigned long)u_platform);
240         }
241         if (k_base_platform) {
242                 NEW_AUX_ENT(AT_BASE_PLATFORM,
243                             (elf_addr_t)(unsigned long)u_base_platform);
244         }
245         if (bprm->interp_flags & BINPRM_FLAGS_EXECFD) {
246                 NEW_AUX_ENT(AT_EXECFD, bprm->interp_data);
247         }
248 #undef NEW_AUX_ENT
249         /* AT_NULL is zero; clear the rest too */
250         memset(&elf_info[ei_index], 0,
251                sizeof current->mm->saved_auxv - ei_index * sizeof elf_info[0]);
252 
253         /* And advance past the AT_NULL entry.  */
254         ei_index += 2;
255 
256         sp = STACK_ADD(p, ei_index);
257 
258         items = (argc + 1) + (envc + 1) + 1;
259         bprm->p = STACK_ROUND(sp, items);
260 
261         /* Point sp at the lowest address on the stack */
262 #ifdef CONFIG_STACK_GROWSUP
263         sp = (elf_addr_t __user *)bprm->p - items - ei_index;
264         bprm->exec = (unsigned long)sp; /* XXX: PARISC HACK */
265 #else
266         sp = (elf_addr_t __user *)bprm->p;
267 #endif
268 
269 
270         /*
271          * Grow the stack manually; some architectures have a limit on how
272          * far ahead a user-space access may be in order to grow the stack.
273          */
274         vma = find_extend_vma(current->mm, bprm->p);
275         if (!vma)
276                 return -EFAULT;
277 
278         /* Now, let's put argc (and argv, envp if appropriate) on the stack */
279         if (__put_user(argc, sp++))
280                 return -EFAULT;
281         argv = sp;
282         envp = argv + argc + 1;
283 
284         /* Populate argv and envp */
285         p = current->mm->arg_end = current->mm->arg_start;
286         while (argc-- > 0) {
287                 size_t len;
288                 if (__put_user((elf_addr_t)p, argv++))
289                         return -EFAULT;
290                 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
291                 if (!len || len > MAX_ARG_STRLEN)
292                         return -EINVAL;
293                 p += len;
294         }
295         if (__put_user(0, argv))
296                 return -EFAULT;
297         current->mm->arg_end = current->mm->env_start = p;
298         while (envc-- > 0) {
299                 size_t len;
300                 if (__put_user((elf_addr_t)p, envp++))
301                         return -EFAULT;
302                 len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
303                 if (!len || len > MAX_ARG_STRLEN)
304                         return -EINVAL;
305                 p += len;
306         }
307         if (__put_user(0, envp))
308                 return -EFAULT;
309         current->mm->env_end = p;
310 
311         /* Put the elf_info on the stack in the right place.  */
312         sp = (elf_addr_t __user *)envp + 1;
313         if (copy_to_user(sp, elf_info, ei_index * sizeof(elf_addr_t)))
314                 return -EFAULT;
315         return 0;
316 }
317 
318 #ifndef elf_map
319 
320 static unsigned long elf_map(struct file *filep, unsigned long addr,
321                 struct elf_phdr *eppnt, int prot, int type,
322                 unsigned long total_size)
323 {
324         unsigned long map_addr;
325         unsigned long size = eppnt->p_filesz + ELF_PAGEOFFSET(eppnt->p_vaddr);
326         unsigned long off = eppnt->p_offset - ELF_PAGEOFFSET(eppnt->p_vaddr);
327         addr = ELF_PAGESTART(addr);
328         size = ELF_PAGEALIGN(size);
329 
330         /* mmap() will return -EINVAL if given a zero size, but a
331          * segment with zero filesize is perfectly valid */
332         if (!size)
333                 return addr;
334 
335         down_write(&current->mm->mmap_sem);
336         /*
337         * total_size is the size of the ELF (interpreter) image.
338         * The _first_ mmap needs to know the full size, otherwise
339         * randomization might put this image into an overlapping
340         * position with the ELF binary image. (since size < total_size)
341         * So we first map the 'big' image - and unmap the remainder at
342         * the end. (which unmap is needed for ELF images with holes.)
343         */
344         if (total_size) {
345                 total_size = ELF_PAGEALIGN(total_size);
346                 map_addr = do_mmap(filep, addr, total_size, prot, type, off);
347                 if (!BAD_ADDR(map_addr))
348                         do_munmap(current->mm, map_addr+size, total_size-size);
349         } else
350                 map_addr = do_mmap(filep, addr, size, prot, type, off);
351 
352         up_write(&current->mm->mmap_sem);
353         return(map_addr);
354 }
355 
356 #endif /* !elf_map */
357 
358 static unsigned long total_mapping_size(struct elf_phdr *cmds, int nr)
359 {
360         int i, first_idx = -1, last_idx = -1;
361 
362         for (i = 0; i < nr; i++) {
363                 if (cmds[i].p_type == PT_LOAD) {
364                         last_idx = i;
365                         if (first_idx == -1)
366                                 first_idx = i;
367                 }
368         }
369         if (first_idx == -1)
370                 return 0;
371 
372         return cmds[last_idx].p_vaddr + cmds[last_idx].p_memsz -
373                                 ELF_PAGESTART(cmds[first_idx].p_vaddr);
374 }
375 
376 
377 /* This is much more generalized than the library routine read function,
378    so we keep this separate.  Technically the library read function
379    is only provided so that we can read a.out libraries that have
380    an ELF header */
381 
382 static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
383                 struct file *interpreter, unsigned long *interp_map_addr,
384                 unsigned long no_base)
385 {
386         struct elf_phdr *elf_phdata;
387         struct elf_phdr *eppnt;
388         unsigned long load_addr = 0;
389         int load_addr_set = 0;
390         unsigned long last_bss = 0, elf_bss = 0;
391         unsigned long error = ~0UL;
392         unsigned long total_size;
393         int retval, i, size;
394 
395         /* First of all, some simple consistency checks */
396         if (interp_elf_ex->e_type != ET_EXEC &&
397             interp_elf_ex->e_type != ET_DYN)
398                 goto out;
399         if (!elf_check_arch(interp_elf_ex))
400                 goto out;
401         if (!interpreter->f_op || !interpreter->f_op->mmap)
402                 goto out;
403 
404         /*
405          * If the size of this structure has changed, then punt, since
406          * we will be doing the wrong thing.
407          */
408         if (interp_elf_ex->e_phentsize != sizeof(struct elf_phdr))
409                 goto out;
410         if (interp_elf_ex->e_phnum < 1 ||
411                 interp_elf_ex->e_phnum > 65536U / sizeof(struct elf_phdr))
412                 goto out;
413 
414         /* Now read in all of the header information */
415         size = sizeof(struct elf_phdr) * interp_elf_ex->e_phnum;
416         if (size > ELF_MIN_ALIGN)
417                 goto out;
418         elf_phdata = kmalloc(size, GFP_KERNEL);
419         if (!elf_phdata)
420                 goto out;
421 
422         retval = kernel_read(interpreter, interp_elf_ex->e_phoff,
423                              (char *)elf_phdata,size);
424         error = -EIO;
425         if (retval != size) {
426                 if (retval < 0)
427                         error = retval; 
428                 goto out_close;
429         }
430 
431         total_size = total_mapping_size(elf_phdata, interp_elf_ex->e_phnum);
432         if (!total_size) {
433                 error = -EINVAL;
434                 goto out_close;
435         }
436 
437         eppnt = elf_phdata;
438         for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) {
439                 if (eppnt->p_type == PT_LOAD) {
440                         int elf_type = MAP_PRIVATE | MAP_DENYWRITE;
441                         int elf_prot = 0;
442                         unsigned long vaddr = 0;
443                         unsigned long k, map_addr;
444 
445                         if (eppnt->p_flags & PF_R)
446                                 elf_prot = PROT_READ;
447                         if (eppnt->p_flags & PF_W)
448                                 elf_prot |= PROT_WRITE;
449                         if (eppnt->p_flags & PF_X)
450                                 elf_prot |= PROT_EXEC;
451                         vaddr = eppnt->p_vaddr;
452                         if (interp_elf_ex->e_type == ET_EXEC || load_addr_set)
453                                 elf_type |= MAP_FIXED;
454                         else if (no_base && interp_elf_ex->e_type == ET_DYN)
455                                 load_addr = -vaddr;
456 
457                         map_addr = elf_map(interpreter, load_addr + vaddr,
458                                         eppnt, elf_prot, elf_type, total_size);
459                         total_size = 0;
460                         if (!*interp_map_addr)
461                                 *interp_map_addr = map_addr;
462                         error = map_addr;
463                         if (BAD_ADDR(map_addr))
464                                 goto out_close;
465 
466                         if (!load_addr_set &&
467                             interp_elf_ex->e_type == ET_DYN) {
468                                 load_addr = map_addr - ELF_PAGESTART(vaddr);
469                                 load_addr_set = 1;
470                         }
471 
472                         /*
473                          * Check to see if the section's size will overflow the
474                          * allowed task size. Note that p_filesz must always be
475                          * <= p_memsize so it's only necessary to check p_memsz.
476                          */
477                         k = load_addr + eppnt->p_vaddr;
478                         if (BAD_ADDR(k) ||
479                             eppnt->p_filesz > eppnt->p_memsz ||
480                             eppnt->p_memsz > TASK_SIZE ||
481                             TASK_SIZE - eppnt->p_memsz < k) {
482                                 error = -ENOMEM;
483                                 goto out_close;
484                         }
485 
486                         /*
487                          * Find the end of the file mapping for this phdr, and
488                          * keep track of the largest address we see for this.
489                          */
490                         k = load_addr + eppnt->p_vaddr + eppnt->p_filesz;
491                         if (k > elf_bss)
492                                 elf_bss = k;
493 
494                         /*
495                          * Do the same thing for the memory mapping - between
496                          * elf_bss and last_bss is the bss section.
497                          */
498                         k = load_addr + eppnt->p_memsz + eppnt->p_vaddr;
499                         if (k > last_bss)
500                                 last_bss = k;
501                 }
502         }
503 
504         if (last_bss > elf_bss) {
505                 /*
506                  * Now fill out the bss section.  First pad the last page up
507                  * to the page boundary, and then perform a mmap to make sure
508                  * that there are zero-mapped pages up to and including the
509                  * last bss page.
510                  */
511                 if (padzero(elf_bss)) {
512                         error = -EFAULT;
513                         goto out_close;
514                 }
515 
516                 /* What we have mapped so far */
517                 elf_bss = ELF_PAGESTART(elf_bss + ELF_MIN_ALIGN - 1);
518 
519                 /* Map the last of the bss segment */
520                 down_write(&current->mm->mmap_sem);
521                 error = do_brk(elf_bss, last_bss - elf_bss);
522                 up_write(&current->mm->mmap_sem);
523                 if (BAD_ADDR(error))
524                         goto out_close;
525         }
526 
527         error = load_addr;
528 
529 out_close:
530         kfree(elf_phdata);
531 out:
532         return error;
533 }
534 
535 /*
536  * These are the functions used to load ELF style executables and shared
537  * libraries.  There is no binary dependent code anywhere else.
538  */
539 
540 #define INTERPRETER_NONE 0
541 #define INTERPRETER_ELF 2
542 
543 #ifndef STACK_RND_MASK
544 #define STACK_RND_MASK (0x7ff >> (PAGE_SHIFT - 12))     /* 8MB of VA */
545 #endif
546 
547 static unsigned long randomize_stack_top(unsigned long stack_top)
548 {
549         unsigned long random_variable = 0;
550 
551         if ((current->flags & PF_RANDOMIZE) &&
552                 !(current->personality & ADDR_NO_RANDOMIZE)) {
553                 random_variable = (unsigned long) get_random_int();
554                 random_variable &= STACK_RND_MASK;
555                 random_variable <<= PAGE_SHIFT;
556         }
557 #ifdef CONFIG_STACK_GROWSUP
558         return PAGE_ALIGN(stack_top) + random_variable;
559 #else
560         return PAGE_ALIGN(stack_top) - random_variable;
561 #endif
562 }
563 
564 static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
565 {
566         struct file *interpreter = NULL; /* to shut gcc up */
567         unsigned long load_addr = 0, load_bias = 0;
568         int load_addr_set = 0;
569         char * elf_interpreter = NULL;
570         unsigned long error;
571         struct elf_phdr *elf_ppnt, *elf_phdata;
572         unsigned long elf_bss, elf_brk;
573         int retval, i;
574         unsigned int size;
575         unsigned long elf_entry;
576         unsigned long interp_load_addr = 0;
577         unsigned long start_code, end_code, start_data, end_data;
578         unsigned long reloc_func_desc = 0;
579         int executable_stack = EXSTACK_DEFAULT;
580         unsigned long def_flags = 0;
581         struct {
582                 struct elfhdr elf_ex;
583                 struct elfhdr interp_elf_ex;
584         } *loc;
585 
586         loc = kmalloc(sizeof(*loc), GFP_KERNEL);
587         if (!loc) {
588                 retval = -ENOMEM;
589                 goto out_ret;
590         }
591         
592         /* Get the exec-header */
593         loc->elf_ex = *((struct elfhdr *)bprm->buf);
594 
595         retval = -ENOEXEC;
596         /* First of all, some simple consistency checks */
597         if (memcmp(loc->elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
598                 goto out;
599 
600         if (loc->elf_ex.e_type != ET_EXEC && loc->elf_ex.e_type != ET_DYN)
601                 goto out;
602         if (!elf_check_arch(&loc->elf_ex))
603                 goto out;
604         if (!bprm->file->f_op||!bprm->file->f_op->mmap)
605                 goto out;
606 
607         /* Now read in all of the header information */
608         if (loc->elf_ex.e_phentsize != sizeof(struct elf_phdr))
609                 goto out;
610         if (loc->elf_ex.e_phnum < 1 ||
611                 loc->elf_ex.e_phnum > 65536U / sizeof(struct elf_phdr))
612                 goto out;
613         size = loc->elf_ex.e_phnum * sizeof(struct elf_phdr);
614         retval = -ENOMEM;
615         elf_phdata = kmalloc(size, GFP_KERNEL);
616         if (!elf_phdata)
617                 goto out;
618 
619         retval = kernel_read(bprm->file, loc->elf_ex.e_phoff,
620                              (char *)elf_phdata, size);
621         if (retval != size) {
622                 if (retval >= 0)
623                         retval = -EIO;
624                 goto out_free_ph;
625         }
626 
627         elf_ppnt = elf_phdata;
628         elf_bss = 0;
629         elf_brk = 0;
630 
631         start_code = ~0UL;
632         end_code = 0;
633         start_data = 0;
634         end_data = 0;
635 
636         for (i = 0; i < loc->elf_ex.e_phnum; i++) {
637                 if (elf_ppnt->p_type == PT_INTERP) {
638                         /* This is the program interpreter used for
639                          * shared libraries - for now assume that this
640                          * is an a.out format binary
641                          */
642                         retval = -ENOEXEC;
643                         if (elf_ppnt->p_filesz > PATH_MAX || 
644                             elf_ppnt->p_filesz < 2)
645                                 goto out_free_ph;
646 
647                         retval = -ENOMEM;
648                         elf_interpreter = kmalloc(elf_ppnt->p_filesz,
649                                                   GFP_KERNEL);
650                         if (!elf_interpreter)
651                                 goto out_free_ph;
652 
653                         retval = kernel_read(bprm->file, elf_ppnt->p_offset,
654                                              elf_interpreter,
655                                              elf_ppnt->p_filesz);
656                         if (retval != elf_ppnt->p_filesz) {
657                                 if (retval >= 0)
658                                         retval = -EIO;
659                                 goto out_free_interp;
660                         }
661                         /* make sure path is NULL terminated */
662                         retval = -ENOEXEC;
663                         if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0')
664                                 goto out_free_interp;
665 
666                         interpreter = open_exec(elf_interpreter);
667                         retval = PTR_ERR(interpreter);
668                         if (IS_ERR(interpreter))
669                                 goto out_free_interp;
670 
671                         /*
672                          * If the binary is not readable then enforce
673                          * mm->dumpable = 0 regardless of the interpreter's
674                          * permissions.
675                          */
676                         if (file_permission(interpreter, MAY_READ) < 0)
677                                 bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP;
678 
679                         /* Get the exec headers */
680                         retval = kernel_read(interpreter, 0,
681                                              (void *)&loc->interp_elf_ex,
682                                              sizeof(loc->interp_elf_ex));
683                         if (retval != sizeof(loc->interp_elf_ex)) {
684                                 if (retval >= 0)
685                                         retval = -EIO;
686                                 goto out_free_dentry;
687                         }
688 
689                         break;
690                 }
691                 elf_ppnt++;
692         }
693 
694         elf_ppnt = elf_phdata;
695         for (i = 0; i < loc->elf_ex.e_phnum; i++, elf_ppnt++)
696                 if (elf_ppnt->p_type == PT_GNU_STACK) {
697                         if (elf_ppnt->p_flags & PF_X)
698                                 executable_stack = EXSTACK_ENABLE_X;
699                         else
700                                 executable_stack = EXSTACK_DISABLE_X;
701                         break;
702                 }
703 
704         /* Some simple consistency checks for the interpreter */
705         if (elf_interpreter) {
706                 retval = -ELIBBAD;
707                 /* Not an ELF interpreter */
708                 if (memcmp(loc->interp_elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
709                         goto out_free_dentry;
710                 /* Verify the interpreter has a valid arch */
711                 if (!elf_check_arch(&loc->interp_elf_ex))
712                         goto out_free_dentry;
713         }
714 
715         /* Flush all traces of the currently running executable */
716         retval = flush_old_exec(bprm);
717         if (retval)
718                 goto out_free_dentry;
719 
720         /* OK, This is the point of no return */
721         current->flags &= ~PF_FORKNOEXEC;
722         current->mm->def_flags = def_flags;
723 
724         /* Do this immediately, since STACK_TOP as used in setup_arg_pages
725            may depend on the personality.  */
726         SET_PERSONALITY(loc->elf_ex);
727         if (elf_read_implies_exec(loc->elf_ex, executable_stack))
728                 current->personality |= READ_IMPLIES_EXEC;
729 
730         if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
731                 current->flags |= PF_RANDOMIZE;
732 
733         setup_new_exec(bprm);
734 
735         /* Do this so that we can load the interpreter, if need be.  We will
736            change some of these later */
737         current->mm->free_area_cache = current->mm->mmap_base;
738         current->mm->cached_hole_size = 0;
739         retval = setup_arg_pages(bprm, randomize_stack_top(STACK_TOP),
740                                  executable_stack);
741         if (retval < 0) {
742                 send_sig(SIGKILL, current, 0);
743                 goto out_free_dentry;
744         }
745         
746         current->mm->start_stack = bprm->p;
747 
748         /* Now we do a little grungy work by mmaping the ELF image into
749            the correct location in memory. */
750         for(i = 0, elf_ppnt = elf_phdata;
751             i < loc->elf_ex.e_phnum; i++, elf_ppnt++) {
752                 int elf_prot = 0, elf_flags;
753                 unsigned long k, vaddr;
754 
755                 if (elf_ppnt->p_type != PT_LOAD)
756                         continue;
757 
758                 if (unlikely (elf_brk > elf_bss)) {
759                         unsigned long nbyte;
760                     
761                         /* There was a PT_LOAD segment with p_memsz > p_filesz
762                            before this one. Map anonymous pages, if needed,
763                            and clear the area.  */
764                         retval = set_brk (elf_bss + load_bias,
765                                           elf_brk + load_bias);
766                         if (retval) {
767                                 send_sig(SIGKILL, current, 0);
768                                 goto out_free_dentry;
769                         }
770                         nbyte = ELF_PAGEOFFSET(elf_bss);
771                         if (nbyte) {
772                                 nbyte = ELF_MIN_ALIGN - nbyte;
773                                 if (nbyte > elf_brk - elf_bss)
774                                         nbyte = elf_brk - elf_bss;
775                                 if (clear_user((void __user *)elf_bss +
776                                                         load_bias, nbyte)) {
777                                         /*
778                                          * This bss-zeroing can fail if the ELF
779                                          * file specifies odd protections. So
780                                          * we don't check the return value
781                                          */
782                                 }
783                         }
784                 }
785 
786                 if (elf_ppnt->p_flags & PF_R)
787                         elf_prot |= PROT_READ;
788                 if (elf_ppnt->p_flags & PF_W)
789                         elf_prot |= PROT_WRITE;
790                 if (elf_ppnt->p_flags & PF_X)
791                         elf_prot |= PROT_EXEC;
792 
793                 elf_flags = MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE;
794 
795                 vaddr = elf_ppnt->p_vaddr;
796                 if (loc->elf_ex.e_type == ET_EXEC || load_addr_set) {
797                         elf_flags |= MAP_FIXED;
798                 } else if (loc->elf_ex.e_type == ET_DYN) {
799                         /* Try and get dynamic programs out of the way of the
800                          * default mmap base, as well as whatever program they
801                          * might try to exec.  This is because the brk will
802                          * follow the loader, and is not movable.  */
803 #ifdef CONFIG_X86
804                         load_bias = 0;
805 #else
806                         load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
807 #endif
808                 }
809 
810                 error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
811                                 elf_prot, elf_flags, 0);
812                 if (BAD_ADDR(error)) {
813                         send_sig(SIGKILL, current, 0);
814                         retval = IS_ERR((void *)error) ?
815                                 PTR_ERR((void*)error) : -EINVAL;
816                         goto out_free_dentry;
817                 }
818 
819                 if (!load_addr_set) {
820                         load_addr_set = 1;
821                         load_addr = (elf_ppnt->p_vaddr - elf_ppnt->p_offset);
822                         if (loc->elf_ex.e_type == ET_DYN) {
823                                 load_bias += error -
824                                              ELF_PAGESTART(load_bias + vaddr);
825                                 load_addr += load_bias;
826                                 reloc_func_desc = load_bias;
827                         }
828                 }
829                 k = elf_ppnt->p_vaddr;
830                 if (k < start_code)
831                         start_code = k;
832                 if (start_data < k)
833                         start_data = k;
834 
835                 /*
836                  * Check to see if the section's size will overflow the
837                  * allowed task size. Note that p_filesz must always be
838                  * <= p_memsz so it is only necessary to check p_memsz.
839                  */
840                 if (BAD_ADDR(k) || elf_ppnt->p_filesz > elf_ppnt->p_memsz ||
841                     elf_ppnt->p_memsz > TASK_SIZE ||
842                     TASK_SIZE - elf_ppnt->p_memsz < k) {
843                         /* set_brk can never work. Avoid overflows. */
844                         send_sig(SIGKILL, current, 0);
845                         retval = -EINVAL;
846                         goto out_free_dentry;
847                 }
848 
849                 k = elf_ppnt->p_vaddr + elf_ppnt->p_filesz;
850 
851                 if (k > elf_bss)
852                         elf_bss = k;
853                 if ((elf_ppnt->p_flags & PF_X) && end_code < k)
854                         end_code = k;
855                 if (end_data < k)
856                         end_data = k;
857                 k = elf_ppnt->p_vaddr + elf_ppnt->p_memsz;
858                 if (k > elf_brk)
859                         elf_brk = k;
860         }
861 
862         loc->elf_ex.e_entry += load_bias;
863         elf_bss += load_bias;
864         elf_brk += load_bias;
865         start_code += load_bias;
866         end_code += load_bias;
867         start_data += load_bias;
868         end_data += load_bias;
869 
870         /* Calling set_brk effectively mmaps the pages that we need
871          * for the bss and break sections.  We must do this before
872          * mapping in the interpreter, to make sure it doesn't wind
873          * up getting placed where the bss needs to go.
874          */
875         retval = set_brk(elf_bss, elf_brk);
876         if (retval) {
877                 send_sig(SIGKILL, current, 0);
878                 goto out_free_dentry;
879         }
880         if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
881                 send_sig(SIGSEGV, current, 0);
882                 retval = -EFAULT; /* Nobody gets to see this, but.. */
883                 goto out_free_dentry;
884         }
885 
886         if (elf_interpreter) {
887                 unsigned long uninitialized_var(interp_map_addr);
888 
889                 elf_entry = load_elf_interp(&loc->interp_elf_ex,
890                                             interpreter,
891                                             &interp_map_addr,
892                                             load_bias);
893                 if (!IS_ERR((void *)elf_entry)) {
894                         /*
895                          * load_elf_interp() returns relocation
896                          * adjustment
897                          */
898                         interp_load_addr = elf_entry;
899                         elf_entry += loc->interp_elf_ex.e_entry;
900                 }
901                 if (BAD_ADDR(elf_entry)) {
902                         force_sig(SIGSEGV, current);
903                         retval = IS_ERR((void *)elf_entry) ?
904                                         (int)elf_entry : -EINVAL;
905                         goto out_free_dentry;
906                 }
907                 reloc_func_desc = interp_load_addr;
908 
909                 allow_write_access(interpreter);
910                 fput(interpreter);
911                 kfree(elf_interpreter);
912         } else {
913                 elf_entry = loc->elf_ex.e_entry;
914                 if (BAD_ADDR(elf_entry)) {
915                         force_sig(SIGSEGV, current);
916                         retval = -EINVAL;
917                         goto out_free_dentry;
918                 }
919         }
920 
921         kfree(elf_phdata);
922 
923         set_binfmt(&elf_format);
924 
925 #ifdef ARCH_HAS_SETUP_ADDITIONAL_PAGES
926         retval = arch_setup_additional_pages(bprm, !!elf_interpreter);
927         if (retval < 0) {
928                 send_sig(SIGKILL, current, 0);
929                 goto out;
930         }
931 #endif /* ARCH_HAS_SETUP_ADDITIONAL_PAGES */
932 
933         install_exec_creds(bprm);
934         current->flags &= ~PF_FORKNOEXEC;
935         retval = create_elf_tables(bprm, &loc->elf_ex,
936                           load_addr, interp_load_addr);
937         if (retval < 0) {
938                 send_sig(SIGKILL, current, 0);
939                 goto out;
940         }
941         /* N.B. passed_fileno might not be initialized? */
942         current->mm->end_code = end_code;
943         current->mm->start_code = start_code;
944         current->mm->start_data = start_data;
945         current->mm->end_data = end_data;
946         current->mm->start_stack = bprm->p;
947 
948 #ifdef arch_randomize_brk
949         if ((current->flags & PF_RANDOMIZE) && (randomize_va_space > 1))
950                 current->mm->brk = current->mm->start_brk =
951                         arch_randomize_brk(current->mm);
952 #endif
953 
954         if (current->personality & MMAP_PAGE_ZERO) {
955                 /* Why this, you ask???  Well SVr4 maps page 0 as read-only,
956                    and some applications "depend" upon this behavior.
957                    Since we do not have the power to recompile these, we
958                    emulate the SVr4 behavior. Sigh. */
959                 down_write(&current->mm->mmap_sem);
960                 error = do_mmap(NULL, 0, PAGE_SIZE, PROT_READ | PROT_EXEC,
961                                 MAP_FIXED | MAP_PRIVATE, 0);
962                 up_write(&current->mm->mmap_sem);
963         }
964 
965 #ifdef ELF_PLAT_INIT
966         /*
967          * The ABI may specify that certain registers be set up in special
968          * ways (on i386 %edx is the address of a DT_FINI function, for
969          * example.  In addition, it may also specify (eg, PowerPC64 ELF)
970          * that the e_entry field is the address of the function descriptor
971          * for the startup routine, rather than the address of the startup
972          * routine itself.  This macro performs whatever initialization to
973          * the regs structure is required as well as any relocations to the
974          * function descriptor entries when executing dynamically links apps.
975          */
976         ELF_PLAT_INIT(regs, reloc_func_desc);
977 #endif
978 
979         start_thread(regs, elf_entry, bprm->p);
980         retval = 0;
981 out:
982         kfree(loc);
983 out_ret:
984         return retval;
985 
986         /* error cleanup */
987 out_free_dentry:
988         allow_write_access(interpreter);
989         if (interpreter)
990                 fput(interpreter);
991 out_free_interp:
992         kfree(elf_interpreter);
993 out_free_ph:
994         kfree(elf_phdata);
995         goto out;
996 }
997 
998 /* This is really simpleminded and specialized - we are loading an
999    a.out library that is given an ELF header. */
1000 static int load_elf_library(struct file *file)
1001 {
1002         struct elf_phdr *elf_phdata;
1003         struct elf_phdr *eppnt;
1004         unsigned long elf_bss, bss, len;
1005         int retval, error, i, j;
1006         struct elfhdr elf_ex;
1007 
1008         error = -ENOEXEC;
1009         retval = kernel_read(file, 0, (char *)&elf_ex, sizeof(elf_ex));
1010         if (retval != sizeof(elf_ex))
1011                 goto out;
1012 
1013         if (memcmp(elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
1014                 goto out;
1015 
1016         /* First of all, some simple consistency checks */
1017         if (elf_ex.e_type != ET_EXEC || elf_ex.e_phnum > 2 ||
1018             !elf_check_arch(&elf_ex) || !file->f_op || !file->f_op->mmap)
1019                 goto out;
1020 
1021         /* Now read in all of the header information */
1022 
1023         j = sizeof(struct elf_phdr) * elf_ex.e_phnum;
1024         /* j < ELF_MIN_ALIGN because elf_ex.e_phnum <= 2 */
1025 
1026         error = -ENOMEM;
1027         elf_phdata = kmalloc(j, GFP_KERNEL);
1028         if (!elf_phdata)
1029                 goto out;
1030 
1031         eppnt = elf_phdata;
1032         error = -ENOEXEC;
1033         retval = kernel_read(file, elf_ex.e_phoff, (char *)eppnt, j);
1034         if (retval != j)
1035                 goto out_free_ph;
1036 
1037         for (j = 0, i = 0; i<elf_ex.e_phnum; i++)
1038                 if ((eppnt + i)->p_type == PT_LOAD)
1039                         j++;
1040         if (j != 1)
1041                 goto out_free_ph;
1042 
1043         while (eppnt->p_type != PT_LOAD)
1044                 eppnt++;
1045 
1046         /* Now use mmap to map the library into memory. */
1047         down_write(&current->mm->mmap_sem);
1048         error = do_mmap(file,
1049                         ELF_PAGESTART(eppnt->p_vaddr),
1050                         (eppnt->p_filesz +
1051                          ELF_PAGEOFFSET(eppnt->p_vaddr)),
1052                         PROT_READ | PROT_WRITE | PROT_EXEC,
1053                         MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE,
1054                         (eppnt->p_offset -
1055                          ELF_PAGEOFFSET(eppnt->p_vaddr)));
1056         up_write(&current->mm->mmap_sem);
1057         if (error != ELF_PAGESTART(eppnt->p_vaddr))
1058                 goto out_free_ph;
1059 
1060         elf_bss = eppnt->p_vaddr + eppnt->p_filesz;
1061         if (padzero(elf_bss)) {
1062                 error = -EFAULT;
1063                 goto out_free_ph;
1064         }
1065 
1066         len = ELF_PAGESTART(eppnt->p_filesz + eppnt->p_vaddr +
1067                             ELF_MIN_ALIGN - 1);
1068         bss = eppnt->p_memsz + eppnt->p_vaddr;
1069         if (bss > len) {
1070                 down_write(&current->mm->mmap_sem);
1071                 do_brk(len, bss - len);
1072                 up_write(&current->mm->mmap_sem);
1073         }
1074         error = 0;
1075 
1076 out_free_ph:
1077         kfree(elf_phdata);
1078 out:
1079         return error;
1080 }
1081 
1082 /*
1083  * Note that some platforms still use traditional core dumps and not
1084  * the ELF core dump.  Each platform can select it as appropriate.
1085  */
1086 #if defined(USE_ELF_CORE_DUMP) && defined(CONFIG_ELF_CORE)
1087 
1088 /*
1089  * ELF core dumper
1090  *
1091  * Modelled on fs/exec.c:aout_core_dump()
1092  * Jeremy Fitzhardinge <jeremy@sw.oz.au>
1093  */
1094 /*
1095  * These are the only things you should do on a core-file: use only these
1096  * functions to write out all the necessary info.
1097  */
1098 static int dump_write(struct file *file, const void *addr, int nr)
1099 {
1100         return file->f_op->write(file, addr, nr, &file->f_pos) == nr;
1101 }
1102 
1103 static int dump_seek(struct file *file, loff_t off)
1104 {
1105         if (file->f_op->llseek && file->f_op->llseek != no_llseek) {
1106                 if (file->f_op->llseek(file, off, SEEK_CUR) < 0)
1107                         return 0;
1108         } else {
1109                 char *buf = (char *)get_zeroed_page(GFP_KERNEL);
1110                 if (!buf)
1111                         return 0;
1112                 while (off > 0) {
1113                         unsigned long n = off;
1114                         if (n > PAGE_SIZE)
1115                                 n = PAGE_SIZE;
1116                         if (!dump_write(file, buf, n))
1117                                 return 0;
1118                         off -= n;
1119                 }
1120                 free_page((unsigned long)buf);
1121         }
1122         return 1;
1123 }
1124 
1125 /*
1126  * Decide what to dump of a segment, part, all or none.
1127  */
1128 static unsigned long vma_dump_size(struct vm_area_struct *vma,
1129                                    unsigned long mm_flags)
1130 {
1131 #define FILTER(type)    (mm_flags & (1UL << MMF_DUMP_##type))
1132 
1133         /* The vma can be set up to tell us the answer directly.  */
1134         if (vma->vm_flags & VM_ALWAYSDUMP)
1135                 goto whole;
1136 
1137         /* Hugetlb memory check */
1138         if (vma->vm_flags & VM_HUGETLB) {
1139                 if ((vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_SHARED))
1140                         goto whole;
1141                 if (!(vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_PRIVATE))
1142                         goto whole;
1143         }
1144 
1145         /* Do not dump I/O mapped devices or special mappings */
1146         if (vma->vm_flags & (VM_IO | VM_RESERVED))
1147                 return 0;
1148 
1149         /* By default, dump shared memory if mapped from an anonymous file. */
1150         if (vma->vm_flags & VM_SHARED) {
1151                 if (vma->vm_file->f_path.dentry->d_inode->i_nlink == 0 ?
1152                     FILTER(ANON_SHARED) : FILTER(MAPPED_SHARED))
1153                         goto whole;
1154                 return 0;
1155         }
1156 
1157         /* Dump segments that have been written to.  */
1158         if (vma->anon_vma && FILTER(ANON_PRIVATE))
1159                 goto whole;
1160         if (vma->vm_file == NULL)
1161                 return 0;
1162 
1163         if (FILTER(MAPPED_PRIVATE))
1164                 goto whole;
1165 
1166         /*
1167          * If this looks like the beginning of a DSO or executable mapping,
1168          * check for an ELF header.  If we find one, dump the first page to
1169          * aid in determining what was mapped here.
1170          */
1171         if (FILTER(ELF_HEADERS) &&
1172             vma->vm_pgoff == 0 && (vma->vm_flags & VM_READ)) {
1173                 u32 __user *header = (u32 __user *) vma->vm_start;
1174                 u32 word;
1175                 mm_segment_t fs = get_fs();
1176                 /*
1177                  * Doing it this way gets the constant folded by GCC.
1178                  */
1179                 union {
1180                         u32 cmp;
1181                         char elfmag[SELFMAG];
1182                 } magic;
1183                 BUILD_BUG_ON(SELFMAG != sizeof word);
1184                 magic.elfmag[EI_MAG0] = ELFMAG0;
1185                 magic.elfmag[EI_MAG1] = ELFMAG1;
1186                 magic.elfmag[EI_MAG2] = ELFMAG2;
1187                 magic.elfmag[EI_MAG3] = ELFMAG3;
1188                 /*
1189                  * Switch to the user "segment" for get_user(),
1190                  * then put back what elf_core_dump() had in place.
1191                  */
1192                 set_fs(USER_DS);
1193                 if (unlikely(get_user(word, header)))
1194                         word = 0;
1195                 set_fs(fs);
1196                 if (word == magic.cmp)
1197                         return PAGE_SIZE;
1198         }
1199 
1200 #undef  FILTER
1201 
1202         return 0;
1203 
1204 whole:
1205         return vma->vm_end - vma->vm_start;
1206 }
1207 
1208 /* An ELF note in memory */
1209 struct memelfnote
1210 {
1211         const char *name;
1212         int type;
1213         unsigned int datasz;
1214         void *data;
1215 };
1216 
1217 static int notesize(struct memelfnote *en)
1218 {
1219         int sz;
1220 
1221         sz = sizeof(struct elf_note);
1222         sz += roundup(strlen(en->name) + 1, 4);
1223         sz += roundup(en->datasz, 4);
1224 
1225         return sz;
1226 }
1227 
1228 #define DUMP_WRITE(addr, nr, foffset)   \
1229         do { if (!dump_write(file, (addr), (nr))) return 0; *foffset += (nr); } while(0)
1230 
1231 static int alignfile(struct file *file, loff_t *foffset)
1232 {
1233         static const char buf[4] = { 0, };
1234         DUMP_WRITE(buf, roundup(*foffset, 4) - *foffset, foffset);
1235         return 1;
1236 }
1237 
1238 static int writenote(struct memelfnote *men, struct file *file,
1239                         loff_t *foffset)
1240 {
1241         struct elf_note en;
1242         en.n_namesz = strlen(men->name) + 1;
1243         en.n_descsz = men->datasz;
1244         en.n_type = men->type;
1245 
1246         DUMP_WRITE(&en, sizeof(en), foffset);
1247         DUMP_WRITE(men->name, en.n_namesz, foffset);
1248         if (!alignfile(file, foffset))
1249                 return 0;
1250         DUMP_WRITE(men->data, men->datasz, foffset);
1251         if (!alignfile(file, foffset))
1252                 return 0;
1253 
1254         return 1;
1255 }
1256 #undef DUMP_WRITE
1257 
1258 #define DUMP_WRITE(addr, nr)    \
1259         if ((size += (nr)) > limit || !dump_write(file, (addr), (nr))) \
1260                 goto end_coredump;
1261 
1262 static void fill_elf_header(struct elfhdr *elf, int segs,
1263                             u16 machine, u32 flags, u8 osabi)
1264 {
1265         memset(elf, 0, sizeof(*elf));
1266 
1267         memcpy(elf->e_ident, ELFMAG, SELFMAG);
1268         elf->e_ident[EI_CLASS] = ELF_CLASS;
1269         elf->e_ident[EI_DATA] = ELF_DATA;
1270         elf->e_ident[EI_VERSION] = EV_CURRENT;
1271         elf->e_ident[EI_OSABI] = ELF_OSABI;
1272 
1273         elf->e_type = ET_CORE;
1274         elf->e_machine = machine;
1275         elf->e_version = EV_CURRENT;
1276         elf->e_phoff = sizeof(struct elfhdr);
1277         elf->e_flags = flags;
1278         elf->e_ehsize = sizeof(struct elfhdr);
1279         elf->e_phentsize = sizeof(struct elf_phdr);
1280         elf->e_phnum = segs;
1281 
1282         return;
1283 }
1284 
1285 static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, loff_t offset)
1286 {
1287         phdr->p_type = PT_NOTE;
1288         phdr->p_offset = offset;
1289         phdr->p_vaddr = 0;
1290         phdr->p_paddr = 0;
1291         phdr->p_filesz = sz;
1292         phdr->p_memsz = 0;
1293         phdr->p_flags = 0;
1294         phdr->p_align = 0;
1295         return;
1296 }
1297 
1298 static void fill_note(struct memelfnote *note, const char *name, int type, 
1299                 unsigned int sz, void *data)
1300 {
1301         note->name = name;
1302         note->type = type;
1303         note->datasz = sz;
1304         note->data = data;
1305         return;
1306 }
1307 
1308 /*
1309  * fill up all the fields in prstatus from the given task struct, except
1310  * registers which need to be filled up separately.
1311  */
1312 static void fill_prstatus(struct elf_prstatus *prstatus,
1313                 struct task_struct *p, long signr)
1314 {
1315         prstatus->pr_info.si_signo = prstatus->pr_cursig = signr;
1316         prstatus->pr_sigpend = p->pending.signal.sig[0];
1317         prstatus->pr_sighold = p->blocked.sig[0];
1318         rcu_read_lock();
1319         prstatus->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1320         rcu_read_unlock();
1321         prstatus->pr_pid = task_pid_vnr(p);
1322         prstatus->pr_pgrp = task_pgrp_vnr(p);
1323         prstatus->pr_sid = task_session_vnr(p);
1324         if (thread_group_leader(p)) {
1325                 struct task_cputime cputime;
1326 
1327                 /*
1328                  * This is the record for the group leader.  It shows the
1329                  * group-wide total, not its individual thread total.
1330                  */
1331                 thread_group_cputime(p, &cputime);
1332                 cputime_to_timeval(cputime.utime, &prstatus->pr_utime);
1333                 cputime_to_timeval(cputime.stime, &prstatus->pr_stime);
1334         } else {
1335                 cputime_to_timeval(p->utime, &prstatus->pr_utime);
1336                 cputime_to_timeval(p->stime, &prstatus->pr_stime);
1337         }
1338         cputime_to_timeval(p->signal->cutime, &prstatus->pr_cutime);
1339         cputime_to_timeval(p->signal->cstime, &prstatus->pr_cstime);
1340 }
1341 
1342 static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p,
1343                        struct mm_struct *mm)
1344 {
1345         const struct cred *cred;
1346         unsigned int i, len;
1347         
1348         /* first copy the parameters from user space */
1349         memset(psinfo, 0, sizeof(struct elf_prpsinfo));
1350 
1351         len = mm->arg_end - mm->arg_start;
1352         if (len >= ELF_PRARGSZ)
1353                 len = ELF_PRARGSZ-1;
1354         if (copy_from_user(&psinfo->pr_psargs,
1355                            (const char __user *)mm->arg_start, len))
1356                 return -EFAULT;
1357         for(i = 0; i < len; i++)
1358                 if (psinfo->pr_psargs[i] == 0)
1359                         psinfo->pr_psargs[i] = ' ';
1360         psinfo->pr_psargs[len] = 0;
1361 
1362         rcu_read_lock();
1363         psinfo->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1364         rcu_read_unlock();
1365         psinfo->pr_pid = task_pid_vnr(p);
1366         psinfo->pr_pgrp = task_pgrp_vnr(p);
1367         psinfo->pr_sid = task_session_vnr(p);
1368 
1369         i = p->state ? ffz(~p->state) + 1 : 0;
1370         psinfo->pr_state = i;
1371         psinfo->pr_sname = (i > 5) ? '.' : "RSDTZW"[i];
1372         psinfo->pr_zomb = psinfo->pr_sname == 'Z';
1373         psinfo->pr_nice = task_nice(p);
1374         psinfo->pr_flag = p->flags;
1375         rcu_read_lock();
1376         cred = __task_cred(p);
1377         SET_UID(psinfo->pr_uid, cred->uid);
1378         SET_GID(psinfo->pr_gid, cred->gid);
1379         rcu_read_unlock();
1380         strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname));
1381         
1382         return 0;
1383 }
1384 
1385 static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
1386 {
1387         elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
1388         int i = 0;
1389         do
1390                 i += 2;
1391         while (auxv[i - 2] != AT_NULL);
1392         fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
1393 }
1394 
1395 #ifdef CORE_DUMP_USE_REGSET
1396 #include <linux/regset.h>
1397 
1398 struct elf_thread_core_info {
1399         struct elf_thread_core_info *next;
1400         struct task_struct *task;
1401         struct elf_prstatus prstatus;
1402         struct memelfnote notes[0];
1403 };
1404 
1405 struct elf_note_info {
1406         struct elf_thread_core_info *thread;
1407         struct memelfnote psinfo;
1408         struct memelfnote auxv;
1409         size_t size;
1410         int thread_notes;
1411 };
1412 
1413 /*
1414  * When a regset has a writeback hook, we call it on each thread before
1415  * dumping user memory.  On register window machines, this makes sure the
1416  * user memory backing the register data is up to date before we read it.
1417  */
1418 static void do_thread_regset_writeback(struct task_struct *task,
1419                                        const struct user_regset *regset)
1420 {
1421         if (regset->writeback)
1422                 regset->writeback(task, regset, 1);
1423 }
1424 
1425 static int fill_thread_core_info(struct elf_thread_core_info *t,
1426                                  const struct user_regset_view *view,
1427                                  long signr, size_t *total)
1428 {
1429         unsigned int i;
1430 
1431         /*
1432          * NT_PRSTATUS is the one special case, because the regset data
1433          * goes into the pr_reg field inside the note contents, rather
1434          * than being the whole note contents.  We fill the reset in here.
1435          * We assume that regset 0 is NT_PRSTATUS.
1436          */
1437         fill_prstatus(&t->prstatus, t->task, signr);
1438         (void) view->regsets[0].get(t->task, &view->regsets[0],
1439                                     0, sizeof(t->prstatus.pr_reg),
1440                                     &t->prstatus.pr_reg, NULL);
1441 
1442         fill_note(&t->notes[0], "CORE", NT_PRSTATUS,
1443                   sizeof(t->prstatus), &t->prstatus);
1444         *total += notesize(&t->notes[0]);
1445 
1446         do_thread_regset_writeback(t->task, &view->regsets[0]);
1447 
1448         /*
1449          * Each other regset might generate a note too.  For each regset
1450          * that has no core_note_type or is inactive, we leave t->notes[i]
1451          * all zero and we'll know to skip writing it later.
1452          */
1453         for (i = 1; i < view->n; ++i) {
1454                 const struct user_regset *regset = &view->regsets[i];
1455                 do_thread_regset_writeback(t->task, regset);
1456                 if (regset->core_note_type && regset->get &&
1457                     (!regset->active || regset->active(t->task, regset))) {
1458                         int ret;
1459                         size_t size = regset->n * regset->size;
1460                         void *data = kmalloc(size, GFP_KERNEL);
1461                         if (unlikely(!data))
1462                                 return 0;
1463                         ret = regset->get(t->task, regset,
1464                                           0, size, data, NULL);
1465                         if (unlikely(ret))
1466                                 kfree(data);
1467                         else {
1468                                 if (regset->core_note_type != NT_PRFPREG)
1469                                         fill_note(&t->notes[i], "LINUX",
1470                                                   regset->core_note_type,
1471                                                   size, data);
1472                                 else {
1473                                         t->prstatus.pr_fpvalid = 1;
1474                                         fill_note(&t->notes[i], "CORE",
1475                                                   NT_PRFPREG, size, data);
1476                                 }
1477                                 *total += notesize(&t->notes[i]);
1478                         }
1479                 }
1480         }
1481 
1482         return 1;
1483 }
1484 
1485 static int fill_note_info(struct elfhdr *elf, int phdrs,
1486                           struct elf_note_info *info,
1487                           long signr, struct pt_regs *regs)
1488 {
1489         struct task_struct *dump_task = current;
1490         const struct user_regset_view *view = task_user_regset_view(dump_task);
1491         struct elf_thread_core_info *t;
1492         struct elf_prpsinfo *psinfo;
1493         struct core_thread *ct;
1494         unsigned int i;
1495 
1496         info->size = 0;
1497         info->thread = NULL;
1498 
1499         psinfo = kmalloc(sizeof(*psinfo), GFP_KERNEL);
1500         if (psinfo == NULL)
1501                 return 0;
1502 
1503         fill_note(&info->psinfo, "CORE", NT_PRPSINFO, sizeof(*psinfo), psinfo);
1504 
1505         /*
1506          * Figure out how many notes we're going to need for each thread.
1507          */
1508         info->thread_notes = 0;
1509         for (i = 0; i < view->n; ++i)
1510                 if (view->regsets[i].core_note_type != 0)
1511                         ++info->thread_notes;
1512 
1513         /*
1514          * Sanity check.  We rely on regset 0 being in NT_PRSTATUS,
1515          * since it is our one special case.
1516          */
1517         if (unlikely(info->thread_notes == 0) ||
1518             unlikely(view->regsets[0].core_note_type != NT_PRSTATUS)) {
1519                 WARN_ON(1);
1520                 return 0;
1521         }
1522 
1523         /*
1524          * Initialize the ELF file header.
1525          */
1526         fill_elf_header(elf, phdrs,
1527                         view->e_machine, view->e_flags, view->ei_osabi);
1528 
1529         /*
1530          * Allocate a structure for each thread.
1531          */
1532         for (ct = &dump_task->mm->core_state->dumper; ct; ct = ct->next) {
1533                 t = kzalloc(offsetof(struct elf_thread_core_info,
1534                                      notes[info->thread_notes]),
1535                             GFP_KERNEL);
1536                 if (unlikely(!t))
1537                         return 0;
1538 
1539                 t->task = ct->task;
1540                 if (ct->task == dump_task || !info->thread) {
1541                         t->next = info->thread;
1542                         info->thread = t;
1543                 } else {
1544                         /*
1545                          * Make sure to keep the original task at
1546                          * the head of the list.
1547                          */
1548                         t->next = info->thread->next;
1549                         info->thread->next = t;
1550                 }
1551         }
1552 
1553         /*
1554          * Now fill in each thread's information.
1555          */
1556         for (t = info->thread; t != NULL; t = t->next)
1557                 if (!fill_thread_core_info(t, view, signr, &info->size))
1558                         return 0;
1559 
1560         /*
1561          * Fill in the two process-wide notes.
1562          */
1563         fill_psinfo(psinfo, dump_task->group_leader, dump_task->mm);
1564         info->size += notesize(&info->psinfo);
1565 
1566         fill_auxv_note(&info->auxv, current->mm);
1567         info->size += notesize(&info->auxv);
1568 
1569         return 1;
1570 }
1571 
1572 static size_t get_note_info_size(struct elf_note_info *info)
1573 {
1574         return info->size;
1575 }
1576 
1577 /*
1578  * Write all the notes for each thread.  When writing the first thread, the
1579  * process-wide notes are interleaved after the first thread-specific note.
1580  */
1581 static int write_note_info(struct elf_note_info *info,
1582                            struct file *file, loff_t *foffset)
1583 {
1584         bool first = 1;
1585         struct elf_thread_core_info *t = info->thread;
1586 
1587         do {
1588                 int i;
1589 
1590                 if (!writenote(&t->notes[0], file, foffset))
1591                         return 0;
1592 
1593                 if (first && !writenote(&info->psinfo, file, foffset))
1594                         return 0;
1595                 if (first && !writenote(&info->auxv, file, foffset))
1596                         return 0;
1597 
1598                 for (i = 1; i < info->thread_notes; ++i)
1599                         if (t->notes[i].data &&
1600                             !writenote(&t->notes[i], file, foffset))
1601                                 return 0;
1602 
1603                 first = 0;
1604                 t = t->next;
1605         } while (t);
1606 
1607         return 1;
1608 }
1609 
1610 static void free_note_info(struct elf_note_info *info)
1611 {
1612         struct elf_thread_core_info *threads = info->thread;
1613         while (threads) {
1614                 unsigned int i;
1615                 struct elf_thread_core_info *t = threads;
1616                 threads = t->next;
1617                 WARN_ON(t->notes[0].data && t->notes[0].data != &t->prstatus);
1618                 for (i = 1; i < info->thread_notes; ++i)
1619                         kfree(t->notes[i].data);
1620                 kfree(t);
1621         }
1622         kfree(info->psinfo.data);
1623 }
1624 
1625 #else
1626 
1627 /* Here is the structure in which status of each thread is captured. */
1628 struct elf_thread_status
1629 {
1630         struct list_head list;
1631         struct elf_prstatus prstatus;   /* NT_PRSTATUS */
1632         elf_fpregset_t fpu;             /* NT_PRFPREG */
1633         struct task_struct *thread;
1634 #ifdef ELF_CORE_COPY_XFPREGS
1635         elf_fpxregset_t xfpu;           /* ELF_CORE_XFPREG_TYPE */
1636 #endif
1637         struct memelfnote notes[3];
1638         int num_notes;
1639 };
1640 
1641 /*
1642  * In order to add the specific thread information for the elf file format,
1643  * we need to keep a linked list of every threads pr_status and then create
1644  * a single section for them in the final core file.
1645  */
1646 static int elf_dump_thread_status(long signr, struct elf_thread_status *t)
1647 {
1648         int sz = 0;
1649         struct task_struct *p = t->thread;
1650         t->num_notes = 0;
1651 
1652         fill_prstatus(&t->prstatus, p, signr);
1653         elf_core_copy_task_regs(p, &t->prstatus.pr_reg);        
1654         
1655         fill_note(&t->notes[0], "CORE", NT_PRSTATUS, sizeof(t->prstatus),
1656                   &(t->prstatus));
1657         t->num_notes++;
1658         sz += notesize(&t->notes[0]);
1659 
1660         if ((t->prstatus.pr_fpvalid = elf_core_copy_task_fpregs(p, NULL,
1661                                                                 &t->fpu))) {
1662                 fill_note(&t->notes[1], "CORE", NT_PRFPREG, sizeof(t->fpu),
1663                           &(t->fpu));
1664                 t->num_notes++;
1665                 sz += notesize(&t->notes[1]);
1666         }
1667 
1668 #ifdef ELF_CORE_COPY_XFPREGS
1669         if (elf_core_copy_task_xfpregs(p, &t->xfpu)) {
1670                 fill_note(&t->notes[2], "LINUX", ELF_CORE_XFPREG_TYPE,
1671                           sizeof(t->xfpu), &t->xfpu);
1672                 t->num_notes++;
1673                 sz += notesize(&t->notes[2]);
1674         }
1675 #endif  
1676         return sz;
1677 }
1678 
1679 struct elf_note_info {
1680         struct memelfnote *notes;
1681         struct elf_prstatus *prstatus;  /* NT_PRSTATUS */
1682         struct elf_prpsinfo *psinfo;    /* NT_PRPSINFO */
1683         struct list_head thread_list;
1684         elf_fpregset_t *fpu;
1685 #ifdef ELF_CORE_COPY_XFPREGS
1686         elf_fpxregset_t *xfpu;
1687 #endif
1688         int thread_status_size;
1689         int numnote;
1690 };
1691 
1692 static int elf_note_info_init(struct elf_note_info *info)
1693 {
1694         memset(info, 0, sizeof(*info));
1695         INIT_LIST_HEAD(&info->thread_list);
1696 
1697         /* Allocate space for six ELF notes */
1698         info->notes = kmalloc(6 * sizeof(struct memelfnote), GFP_KERNEL);
1699         if (!info->notes)
1700                 return 0;
1701         info->psinfo = kmalloc(sizeof(*info->psinfo), GFP_KERNEL);
1702         if (!info->psinfo)
1703                 return 0;
1704         info->prstatus = kmalloc(sizeof(*info->prstatus), GFP_KERNEL);
1705         if (!info->prstatus)
1706                 return 0;
1707         info->fpu = kmalloc(sizeof(*info->fpu), GFP_KERNEL);
1708         if (!info->fpu)
1709                 return 0;
1710 #ifdef ELF_CORE_COPY_XFPREGS
1711         info->xfpu = kmalloc(sizeof(*info->xfpu), GFP_KERNEL);
1712         if (!info->xfpu)
1713                 return 0;
1714 #endif
1715         return 1;
1716 }
1717 
1718 static int fill_note_info(struct elfhdr *elf, int phdrs,
1719                           struct elf_note_info *info,
1720                           long signr, struct pt_regs *regs)
1721 {
1722         struct list_head *t;
1723 
1724         if (!elf_note_info_init(info))
1725                 return 0;
1726 
1727         if (signr) {
1728                 struct core_thread *ct;
1729                 struct elf_thread_status *ets;
1730 
1731                 for (ct = current->mm->core_state->dumper.next;
1732                                                 ct; ct = ct->next) {
1733                         ets = kzalloc(sizeof(*ets), GFP_KERNEL);
1734                         if (!ets)
1735                                 return 0;
1736 
1737                         ets->thread = ct->task;
1738                         list_add(&ets->list, &info->thread_list);
1739                 }
1740 
1741                 list_for_each(t, &info->thread_list) {
1742                         int sz;
1743 
1744                         ets = list_entry(t, struct elf_thread_status, list);
1745                         sz = elf_dump_thread_status(signr, ets);
1746                         info->thread_status_size += sz;
1747                 }
1748         }
1749         /* now collect the dump for the current */
1750         memset(info->prstatus, 0, sizeof(*info->prstatus));
1751         fill_prstatus(info->prstatus, current, signr);
1752         elf_core_copy_regs(&info->prstatus->pr_reg, regs);
1753 
1754         /* Set up header */
1755         fill_elf_header(elf, phdrs, ELF_ARCH, ELF_CORE_EFLAGS, ELF_OSABI);
1756 
1757         /*
1758          * Set up the notes in similar form to SVR4 core dumps made
1759          * with info from their /proc.
1760          */
1761 
1762         fill_note(info->notes + 0, "CORE", NT_PRSTATUS,
1763                   sizeof(*info->prstatus), info->prstatus);
1764         fill_psinfo(info->psinfo, current->group_leader, current->mm);
1765         fill_note(info->notes + 1, "CORE", NT_PRPSINFO,
1766                   sizeof(*info->psinfo), info->psinfo);
1767 
1768         info->numnote = 2;
1769 
1770         fill_auxv_note(&info->notes[info->numnote++], current->mm);
1771 
1772         /* Try to dump the FPU. */
1773         info->prstatus->pr_fpvalid = elf_core_copy_task_fpregs(current, regs,
1774                                                                info->fpu);
1775         if (info->prstatus->pr_fpvalid)
1776                 fill_note(info->notes + info->numnote++,
1777                           "CORE", NT_PRFPREG, sizeof(*info->fpu), info->fpu);
1778 #ifdef ELF_CORE_COPY_XFPREGS
1779         if (elf_core_copy_task_xfpregs(current, info->xfpu))
1780                 fill_note(info->notes + info->numnote++,
1781                           "LINUX", ELF_CORE_XFPREG_TYPE,
1782                           sizeof(*info->xfpu), info->xfpu);
1783 #endif
1784 
1785         return 1;
1786 }
1787 
1788 static size_t get_note_info_size(struct elf_note_info *info)
1789 {
1790         int sz = 0;
1791         int i;
1792 
1793         for (i = 0; i < info->numnote; i++)
1794                 sz += notesize(info->notes + i);
1795 
1796         sz += info->thread_status_size;
1797 
1798         return sz;
1799 }
1800 
1801 static int write_note_info(struct elf_note_info *info,
1802                            struct file *file, loff_t *foffset)
1803 {
1804         int i;
1805         struct list_head *t;
1806 
1807         for (i = 0; i < info->numnote; i++)
1808                 if (!writenote(info->notes + i, file, foffset))
1809                         return 0;
1810 
1811         /* write out the thread status notes section */
1812         list_for_each(t, &info->thread_list) {
1813                 struct elf_thread_status *tmp =
1814                                 list_entry(t, struct elf_thread_status, list);
1815 
1816                 for (i = 0; i < tmp->num_notes; i++)
1817                         if (!writenote(&tmp->notes[i], file, foffset))
1818                                 return 0;
1819         }
1820 
1821         return 1;
1822 }
1823 
1824 static void free_note_info(struct elf_note_info *info)
1825 {
1826         while (!list_empty(&info->thread_list)) {
1827                 struct list_head *tmp = info->thread_list.next;
1828                 list_del(tmp);
1829                 kfree(list_entry(tmp, struct elf_thread_status, list));
1830         }
1831 
1832         kfree(info->prstatus);
1833         kfree(info->psinfo);
1834         kfree(info->notes);
1835         kfree(info->fpu);
1836 #ifdef ELF_CORE_COPY_XFPREGS
1837         kfree(info->xfpu);
1838 #endif
1839 }
1840 
1841 #endif
1842 
1843 static struct vm_area_struct *first_vma(struct task_struct *tsk,
1844                                         struct vm_area_struct *gate_vma)
1845 {
1846         struct vm_area_struct *ret = tsk->mm->mmap;
1847 
1848         if (ret)
1849                 return ret;
1850         return gate_vma;
1851 }
1852 /*
1853  * Helper function for iterating across a vma list.  It ensures that the caller
1854  * will visit `gate_vma' prior to terminating the search.
1855  */
1856 static struct vm_area_struct *next_vma(struct vm_area_struct *this_vma,
1857                                         struct vm_area_struct *gate_vma)
1858 {
1859         struct vm_area_struct *ret;
1860 
1861         ret = this_vma->vm_next;
1862         if (ret)
1863                 return ret;
1864         if (this_vma == gate_vma)
1865                 return NULL;
1866         return gate_vma;
1867 }
1868 
1869 /*
1870  * Actual dumper
1871  *
1872  * This is a two-pass process; first we find the offsets of the bits,
1873  * and then they are actually written out.  If we run out of core limit
1874  * we just truncate.
1875  */
1876 static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file, unsigned long limit)
1877 {
1878         int has_dumped = 0;
1879         mm_segment_t fs;
1880         int segs;
1881         size_t size = 0;
1882         struct vm_area_struct *vma, *gate_vma;
1883         struct elfhdr *elf = NULL;
1884         loff_t offset = 0, dataoff, foffset;
1885         unsigned long mm_flags;
1886         struct elf_note_info info;
1887 
1888         /*
1889          * We no longer stop all VM operations.
1890          * 
1891          * This is because those proceses that could possibly change map_count
1892          * or the mmap / vma pages are now blocked in do_exit on current
1893          * finishing this core dump.
1894          *
1895          * Only ptrace can touch these memory addresses, but it doesn't change
1896          * the map_count or the pages allocated. So no possibility of crashing
1897          * exists while dumping the mm->vm_next areas to the core file.
1898          */
1899   
1900         /* alloc memory for large data structures: too large to be on stack */
1901         elf = kmalloc(sizeof(*elf), GFP_KERNEL);
1902         if (!elf)
1903                 goto out;
1904         /*
1905          * The number of segs are recored into ELF header as 16bit value.
1906          * Please check DEFAULT_MAX_MAP_COUNT definition when you modify here.
1907          */
1908         segs = current->mm->map_count;
1909 #ifdef ELF_CORE_EXTRA_PHDRS
1910         segs += ELF_CORE_EXTRA_PHDRS;
1911 #endif
1912 
1913         gate_vma = get_gate_vma(current);
1914         if (gate_vma != NULL)
1915                 segs++;
1916 
1917         /*
1918          * Collect all the non-memory information about the process for the
1919          * notes.  This also sets up the file header.
1920          */
1921         if (!fill_note_info(elf, segs + 1, /* including notes section */
1922                             &info, signr, regs))
1923                 goto cleanup;
1924 
1925         has_dumped = 1;
1926         current->flags |= PF_DUMPCORE;
1927   
1928         fs = get_fs();
1929         set_fs(KERNEL_DS);
1930 
1931         DUMP_WRITE(elf, sizeof(*elf));
1932         offset += sizeof(*elf);                         /* Elf header */
1933         offset += (segs + 1) * sizeof(struct elf_phdr); /* Program headers */
1934         foffset = offset;
1935 
1936         /* Write notes phdr entry */
1937         {
1938                 struct elf_phdr phdr;
1939                 size_t sz = get_note_info_size(&info);
1940 
1941                 sz += elf_coredump_extra_notes_size();
1942 
1943                 fill_elf_note_phdr(&phdr, sz, offset);
1944                 offset += sz;
1945                 DUMP_WRITE(&phdr, sizeof(phdr));
1946         }
1947 
1948         dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
1949 
1950         /*
1951          * We must use the same mm->flags while dumping core to avoid
1952          * inconsistency between the program headers and bodies, otherwise an
1953          * unusable core file can be generated.
1954          */
1955         mm_flags = current->mm->flags;
1956 
1957         /* Write program headers for segments dump */
1958         for (vma = first_vma(current, gate_vma); vma != NULL;
1959                         vma = next_vma(vma, gate_vma)) {
1960                 struct elf_phdr phdr;
1961 
1962                 phdr.p_type = PT_LOAD;
1963                 phdr.p_offset = offset;
1964                 phdr.p_vaddr = vma->vm_start;
1965                 phdr.p_paddr = 0;
1966                 phdr.p_filesz = vma_dump_size(vma, mm_flags);
1967                 phdr.p_memsz = vma->vm_end - vma->vm_start;
1968                 offset += phdr.p_filesz;
1969                 phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
1970                 if (vma->vm_flags & VM_WRITE)
1971                         phdr.p_flags |= PF_W;
1972                 if (vma->vm_flags & VM_EXEC)
1973                         phdr.p_flags |= PF_X;
1974                 phdr.p_align = ELF_EXEC_PAGESIZE;
1975 
1976                 DUMP_WRITE(&phdr, sizeof(phdr));
1977         }
1978 
1979 #ifdef ELF_CORE_WRITE_EXTRA_PHDRS
1980         ELF_CORE_WRITE_EXTRA_PHDRS;
1981 #endif
1982 
1983         /* write out the notes section */
1984         if (!write_note_info(&info, file, &foffset))
1985                 goto end_coredump;
1986 
1987         if (elf_coredump_extra_notes_write(file, &foffset))
1988                 goto end_coredump;
1989 
1990         /* Align to page */
1991         if (!dump_seek(file, dataoff - foffset))
1992                 goto end_coredump;
1993 
1994         for (vma = first_vma(current, gate_vma); vma != NULL;
1995                         vma = next_vma(vma, gate_vma)) {
1996                 unsigned long addr;
1997                 unsigned long end;
1998 
1999                 end = vma->vm_start + vma_dump_size(vma, mm_flags);
2000 
2001                 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
2002                         struct page *page;
2003                         int stop;
2004 
2005                         page = get_dump_page(addr);
2006                         if (page) {
2007                                 void *kaddr = kmap(page);
2008                                 stop = ((size += PAGE_SIZE) > limit) ||
2009                                         !dump_write(file, kaddr, PAGE_SIZE);
2010                                 kunmap(page);
2011                                 page_cache_release(page);
2012                         } else
2013                                 stop = !dump_seek(file, PAGE_SIZE);
2014                         if (stop)
2015                                 goto end_coredump;
2016                 }
2017         }
2018 
2019 #ifdef ELF_CORE_WRITE_EXTRA_DATA
2020         ELF_CORE_WRITE_EXTRA_DATA;
2021 #endif
2022 
2023 end_coredump:
2024         set_fs(fs);
2025 
2026 cleanup:
2027         free_note_info(&info);
2028         kfree(elf);
2029 out:
2030         return has_dumped;
2031 }
2032 
2033 #endif          /* USE_ELF_CORE_DUMP */
2034 
2035 static int __init init_elf_binfmt(void)
2036 {
2037         return register_binfmt(&elf_format);
2038 }
2039 
2040 static void __exit exit_elf_binfmt(void)
2041 {
2042         /* Remove the COFF and ELF loaders. */
2043         unregister_binfmt(&elf_format);
2044 }
2045 
2046 core_initcall(init_elf_binfmt);
2047 module_exit(exit_elf_binfmt);
2048 MODULE_LICENSE("GPL");
2049 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp