Eric Lee / smarc-ti-linux-kernel | Embedian Git Server

Commit 079148b919d0c58b796f9ae98bdb53028dbcd5e7

Authored by Oleg Nesterov 2013-05-01 06:28:16 +0800

Committed by Linus Torvalds 2013-05-01 08:04:06 +0800

coredump: factor out the setting of PF_DUMPCORE

Cleanup.  Every linux_binfmt->core_dump() sets PF_DUMPCORE, move this into
zap_threads() called by do_coredump().

Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Acked-by: Mandeep Singh Baines <msb@chromium.org>
Cc: Neil Horman <nhorman@redhat.com>
Cc: "Rafael J. Wysocki" <rjw@sisk.pl>
Cc: Tejun Heo <tj@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Showing 5 changed files with 2 additions and 6 deletions Inline Diff

arch/x86/ia32/ia32_aout.c
fs/binfmt_aout.c
fs/binfmt_elf.c
fs/binfmt_elf_fdpic.c
fs/coredump.c

arch/x86/ia32/ia32_aout.c

Diff comments View file @ 079148b

 /*
  *  a.out loader for x86-64
  *
  *  Copyright (C) 1991, 1992, 1996  Linus Torvalds
  *  Hacked together by Andi Kleen
  */
 #include <linux/module.h>
 #include <linux/time.h>
 #include <linux/kernel.h>
 #include <linux/mm.h>
 #include <linux/mman.h>
 #include <linux/a.out.h>
 #include <linux/errno.h>
 #include <linux/signal.h>
 #include <linux/string.h>
 #include <linux/fs.h>
 #include <linux/file.h>
 #include <linux/stat.h>
 #include <linux/fcntl.h>
 #include <linux/ptrace.h>
 #include <linux/user.h>
 #include <linux/binfmts.h>
 #include <linux/personality.h>
 #include <linux/init.h>
 #include <linux/jiffies.h>
 #include <asm/uaccess.h>
 #include <asm/pgalloc.h>
 #include <asm/cacheflush.h>
 #include <asm/user32.h>
 #include <asm/ia32.h>
 #undef WARN_OLD
 #undef CORE_DUMP /* definitely broken */
 static int load_aout_binary(struct linux_binprm *);
 static int load_aout_library(struct file *);
 #ifdef CORE_DUMP
 static int aout_core_dump(long signr, struct pt_regs *regs, struct file *file,
 			  unsigned long limit);
 /*
  * fill in the user structure for a core dump..
  */
 static void dump_thread32(struct pt_regs *regs, struct user32 *dump)
 {
 	u32 fs, gs;
 /* changed the size calculations - should hopefully work better. lbt */
 	dump->magic = CMAGIC;
 	dump->start_code = 0;
 	dump->start_stack = regs->sp & ~(PAGE_SIZE - 1);
 	dump->u_tsize = ((unsigned long) current->mm->end_code) >> PAGE_SHIFT;
 	dump->u_dsize = ((unsigned long)
 			 (current->mm->brk + (PAGE_SIZE-1))) >> PAGE_SHIFT;
 	dump->u_dsize -= dump->u_tsize;
 	dump->u_ssize = 0;
 	dump->u_debugreg[0] = current->thread.debugreg0;
 	dump->u_debugreg[1] = current->thread.debugreg1;
 	dump->u_debugreg[2] = current->thread.debugreg2;
 	dump->u_debugreg[3] = current->thread.debugreg3;
 	dump->u_debugreg[4] = 0;
 	dump->u_debugreg[5] = 0;
 	dump->u_debugreg[6] = current->thread.debugreg6;
 	dump->u_debugreg[7] = current->thread.debugreg7;
 	if (dump->start_stack < 0xc0000000) {
 		unsigned long tmp;
 		tmp = (unsigned long) (0xc0000000 - dump->start_stack);
 		dump->u_ssize = tmp >> PAGE_SHIFT;
 	}
 	dump->regs.bx = regs->bx;
 	dump->regs.cx = regs->cx;
 	dump->regs.dx = regs->dx;
 	dump->regs.si = regs->si;
 	dump->regs.di = regs->di;
 	dump->regs.bp = regs->bp;
 	dump->regs.ax = regs->ax;
 	dump->regs.ds = current->thread.ds;
 	dump->regs.es = current->thread.es;
 	savesegment(fs, fs);
 	dump->regs.fs = fs;
 	savesegment(gs, gs);
 	dump->regs.gs = gs;
 	dump->regs.orig_ax = regs->orig_ax;
 	dump->regs.ip = regs->ip;
 	dump->regs.cs = regs->cs;
 	dump->regs.flags = regs->flags;
 	dump->regs.sp = regs->sp;
 	dump->regs.ss = regs->ss;
 #if 1 /* FIXME */
 	dump->u_fpvalid = 0;
 #else
 	dump->u_fpvalid = dump_fpu(regs, &dump->i387);
 #endif
 }
 #endif
 static struct linux_binfmt aout_format = {
 	.module		= THIS_MODULE,
 	.load_binary	= load_aout_binary,
 	.load_shlib	= load_aout_library,
 #ifdef CORE_DUMP
 	.core_dump	= aout_core_dump,
 #endif
 	.min_coredump	= PAGE_SIZE
 };
 static void set_brk(unsigned long start, unsigned long end)
 {
 	start = PAGE_ALIGN(start);
 	end = PAGE_ALIGN(end);
 	if (end <= start)
 		return;
 	vm_brk(start, end - start);
 }
 #ifdef CORE_DUMP
 /*
  * These are the only things you should do on a core-file: use only these
  * macros to write out all the necessary info.
  */
 #include <linux/coredump.h>
 #define DUMP_WRITE(addr, nr)			     \
 	if (!dump_write(file, (void *)(addr), (nr))) \
 		goto end_coredump;
 #define DUMP_SEEK(offset)		\
 	if (!dump_seek(file, offset))	\
 		goto end_coredump;
 #define START_DATA()	(u.u_tsize << PAGE_SHIFT)
 #define START_STACK(u)	(u.start_stack)
 /*
  * Routine writes a core dump image in the current directory.
  * Currently only a stub-function.
  *
  * Note that setuid/setgid files won't make a core-dump if the uid/gid
  * changed due to the set[u|g]id. It's enforced by the "current->mm->dumpable"
  * field, which also makes sure the core-dumps won't be recursive if the
  * dumping of the process results in another error..
  */
 static int aout_core_dump(long signr, struct pt_regs *regs, struct file *file,
 			  unsigned long limit)
 {
 	mm_segment_t fs;
 	int has_dumped = 0;
 	unsigned long dump_start, dump_size;
 	struct user32 dump;
 	fs = get_fs();
 	set_fs(KERNEL_DS);
 	has_dumped = 1;
-	current->flags |= PF_DUMPCORE;
 	strncpy(dump.u_comm, current->comm, sizeof(current->comm));
 	dump.u_ar0 = offsetof(struct user32, regs);
 	dump.signal = signr;
 	dump_thread32(regs, &dump);
 	/*
 	 * If the size of the dump file exceeds the rlimit, then see
 	 * what would happen if we wrote the stack, but not the data
 	 * area.
 	 */
 	if ((dump.u_dsize + dump.u_ssize + 1) * PAGE_SIZE > limit)
 		dump.u_dsize = 0;
 	/* Make sure we have enough room to write the stack and data areas. */
 	if ((dump.u_ssize + 1) * PAGE_SIZE > limit)
 		dump.u_ssize = 0;
 	/* make sure we actually have a data and stack area to dump */
 	set_fs(USER_DS);
 	if (!access_ok(VERIFY_READ, (void *) (unsigned long)START_DATA(dump),
 		       dump.u_dsize << PAGE_SHIFT))
 		dump.u_dsize = 0;
 	if (!access_ok(VERIFY_READ, (void *) (unsigned long)START_STACK(dump),
 		       dump.u_ssize << PAGE_SHIFT))
 		dump.u_ssize = 0;
 	set_fs(KERNEL_DS);
 	/* struct user */
 	DUMP_WRITE(&dump, sizeof(dump));
 	/* Now dump all of the user data.  Include malloced stuff as well */
 	DUMP_SEEK(PAGE_SIZE);
 	/* now we start writing out the user space info */
 	set_fs(USER_DS);
 	/* Dump the data area */
 	if (dump.u_dsize != 0) {
 		dump_start = START_DATA(dump);
 		dump_size = dump.u_dsize << PAGE_SHIFT;
 		DUMP_WRITE(dump_start, dump_size);
 	}
 	/* Now prepare to dump the stack area */
 	if (dump.u_ssize != 0) {
 		dump_start = START_STACK(dump);
 		dump_size = dump.u_ssize << PAGE_SHIFT;
 		DUMP_WRITE(dump_start, dump_size);
 	}
 end_coredump:
 	set_fs(fs);
 	return has_dumped;
 }
 #endif
 /*
  * create_aout_tables() parses the env- and arg-strings in new user
  * memory and creates the pointer tables from them, and puts their
  * addresses on the "stack", returning the new stack pointer value.
  */
 static u32 __user *create_aout_tables(char __user *p, struct linux_binprm *bprm)
 {
 	u32 __user *argv, *envp, *sp;
 	int argc = bprm->argc, envc = bprm->envc;
 	sp = (u32 __user *) ((-(unsigned long)sizeof(u32)) & (unsigned long) p);
 	sp -= envc+1;
 	envp = sp;
 	sp -= argc+1;
 	argv = sp;
 	put_user((unsigned long) envp, --sp);
 	put_user((unsigned long) argv, --sp);
 	put_user(argc, --sp);
 	current->mm->arg_start = (unsigned long) p;
 	while (argc-- > 0) {
 		char c;
 		put_user((u32)(unsigned long)p, argv++);
 		do {
 			get_user(c, p++);
 		} while (c);
 	}
 	put_user(0, argv);
 	current->mm->arg_end = current->mm->env_start = (unsigned long) p;
 	while (envc-- > 0) {
 		char c;
 		put_user((u32)(unsigned long)p, envp++);
 		do {
 			get_user(c, p++);
 		} while (c);
 	}
 	put_user(0, envp);
 	current->mm->env_end = (unsigned long) p;
 	return sp;
 }
 /*
  * These are the functions used to load a.out style executables and shared
  * libraries.  There is no binary dependent code anywhere else.
  */
 static int load_aout_binary(struct linux_binprm *bprm)
 {
 	unsigned long error, fd_offset, rlim;
 	struct pt_regs *regs = current_pt_regs();
 	struct exec ex;
 	int retval;
 	ex = *((struct exec *) bprm->buf);		/* exec-header */
 	if ((N_MAGIC(ex) != ZMAGIC && N_MAGIC(ex) != OMAGIC &&
 	     N_MAGIC(ex) != QMAGIC && N_MAGIC(ex) != NMAGIC) ||
 	    N_TRSIZE(ex) || N_DRSIZE(ex) ||
 	    i_size_read(file_inode(bprm->file)) <
 	    ex.a_text+ex.a_data+N_SYMSIZE(ex)+N_TXTOFF(ex)) {
 		return -ENOEXEC;
 	}
 	fd_offset = N_TXTOFF(ex);
 	/* Check initial limits. This avoids letting people circumvent
 	 * size limits imposed on them by creating programs with large
 	 * arrays in the data or bss.
 	 */
 	rlim = rlimit(RLIMIT_DATA);
 	if (rlim >= RLIM_INFINITY)
 		rlim = ~0;
 	if (ex.a_data + ex.a_bss > rlim)
 		return -ENOMEM;
 	/* Flush all traces of the currently running executable */
 	retval = flush_old_exec(bprm);
 	if (retval)
 		return retval;
 	/* OK, This is the point of no return */
 	set_personality(PER_LINUX);
 	set_personality_ia32(false);
 	setup_new_exec(bprm);
 	regs->cs = __USER32_CS;
 	regs->r8 = regs->r9 = regs->r10 = regs->r11 = regs->r12 =
 		regs->r13 = regs->r14 = regs->r15 = 0;
 	current->mm->end_code = ex.a_text +
 		(current->mm->start_code = N_TXTADDR(ex));
 	current->mm->end_data = ex.a_data +
 		(current->mm->start_data = N_DATADDR(ex));
 	current->mm->brk = ex.a_bss +
 		(current->mm->start_brk = N_BSSADDR(ex));
 	current->mm->free_area_cache = TASK_UNMAPPED_BASE;
 	current->mm->cached_hole_size = 0;
 	retval = setup_arg_pages(bprm, IA32_STACK_TOP, EXSTACK_DEFAULT);
 	if (retval < 0) {
 		/* Someone check-me: is this error path enough? */
 		send_sig(SIGKILL, current, 0);
 		return retval;
 	}
 	install_exec_creds(bprm);
 	if (N_MAGIC(ex) == OMAGIC) {
 		unsigned long text_addr, map_size;
 		loff_t pos;
 		text_addr = N_TXTADDR(ex);
 		pos = 32;
 		map_size = ex.a_text+ex.a_data;
 		error = vm_brk(text_addr & PAGE_MASK, map_size);
 		if (error != (text_addr & PAGE_MASK)) {
 			send_sig(SIGKILL, current, 0);
 			return error;
 		}
 		error = bprm->file->f_op->read(bprm->file,
 			 (char __user *)text_addr,
 			  ex.a_text+ex.a_data, &pos);
 		if ((signed long)error < 0) {
 			send_sig(SIGKILL, current, 0);
 			return error;
 		}
 		flush_icache_range(text_addr, text_addr+ex.a_text+ex.a_data);
 	} else {
 #ifdef WARN_OLD
 		static unsigned long error_time, error_time2;
 		if ((ex.a_text & 0xfff || ex.a_data & 0xfff) &&
 		    (N_MAGIC(ex) != NMAGIC) &&
 				time_after(jiffies, error_time2 + 5*HZ)) {
 			printk(KERN_NOTICE "executable not page aligned\n");
 			error_time2 = jiffies;
 		}
 		if ((fd_offset & ~PAGE_MASK) != 0 &&
 			    time_after(jiffies, error_time + 5*HZ)) {
 			printk(KERN_WARNING
 			       "fd_offset is not page aligned. Please convert "
 			       "program: %s\n",
 			       bprm->file->f_path.dentry->d_name.name);
 			error_time = jiffies;
 		}
 #endif
 		if (!bprm->file->f_op->mmap || (fd_offset & ~PAGE_MASK) != 0) {
 			loff_t pos = fd_offset;
 			vm_brk(N_TXTADDR(ex), ex.a_text+ex.a_data);
 			bprm->file->f_op->read(bprm->file,
 					(char __user *)N_TXTADDR(ex),
 					ex.a_text+ex.a_data, &pos);
 			flush_icache_range((unsigned long) N_TXTADDR(ex),
 					   (unsigned long) N_TXTADDR(ex) +
 					   ex.a_text+ex.a_data);
 			goto beyond_if;
 		}
 		error = vm_mmap(bprm->file, N_TXTADDR(ex), ex.a_text,
 				PROT_READ | PROT_EXEC,
 				MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE |
 				MAP_EXECUTABLE | MAP_32BIT,
 				fd_offset);
 		if (error != N_TXTADDR(ex)) {
 			send_sig(SIGKILL, current, 0);
 			return error;
 		}
 		error = vm_mmap(bprm->file, N_DATADDR(ex), ex.a_data,
 				PROT_READ | PROT_WRITE | PROT_EXEC,
 				MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE |
 				MAP_EXECUTABLE | MAP_32BIT,
 				fd_offset + ex.a_text);
 		if (error != N_DATADDR(ex)) {
 			send_sig(SIGKILL, current, 0);
 			return error;
 		}
 	}
 beyond_if:
 	set_binfmt(&aout_format);
 	set_brk(current->mm->start_brk, current->mm->brk);
 	current->mm->start_stack =
 		(unsigned long)create_aout_tables((char __user *)bprm->p, bprm);
 	/* start thread */
 	loadsegment(fs, 0);
 	loadsegment(ds, __USER32_DS);
 	loadsegment(es, __USER32_DS);
 	load_gs_index(0);
 	(regs)->ip = ex.a_entry;
 	(regs)->sp = current->mm->start_stack;
 	(regs)->flags = 0x200;
 	(regs)->cs = __USER32_CS;
 	(regs)->ss = __USER32_DS;
 	regs->r8 = regs->r9 = regs->r10 = regs->r11 =
 	regs->r12 = regs->r13 = regs->r14 = regs->r15 = 0;
 	set_fs(USER_DS);
 	return 0;
 }
 static int load_aout_library(struct file *file)
 {
 	unsigned long bss, start_addr, len, error;
 	int retval;
 	struct exec ex;
 	retval = -ENOEXEC;
 	error = kernel_read(file, 0, (char *) &ex, sizeof(ex));
 	if (error != sizeof(ex))
 		goto out;
 	/* We come in here for the regular a.out style of shared libraries */
 	if ((N_MAGIC(ex) != ZMAGIC && N_MAGIC(ex) != QMAGIC) || N_TRSIZE(ex) ||
 	    N_DRSIZE(ex) || ((ex.a_entry & 0xfff) && N_MAGIC(ex) == ZMAGIC) ||
 	    i_size_read(file_inode(file)) <
 	    ex.a_text+ex.a_data+N_SYMSIZE(ex)+N_TXTOFF(ex)) {
 		goto out;
 	}
 	if (N_FLAGS(ex))
 		goto out;
 	/* For  QMAGIC, the starting address is 0x20 into the page.  We mask
 	   this off to get the starting address for the page */
 	start_addr =  ex.a_entry & 0xfffff000;
 	if ((N_TXTOFF(ex) & ~PAGE_MASK) != 0) {
 		loff_t pos = N_TXTOFF(ex);
 #ifdef WARN_OLD
 		static unsigned long error_time;
 		if (time_after(jiffies, error_time + 5*HZ)) {
 			printk(KERN_WARNING
 			       "N_TXTOFF is not page aligned. Please convert "
 			       "library: %s\n",
 			       file->f_path.dentry->d_name.name);
 			error_time = jiffies;
 		}
 #endif
 		vm_brk(start_addr, ex.a_text + ex.a_data + ex.a_bss);
 		file->f_op->read(file, (char __user *)start_addr,
 			ex.a_text + ex.a_data, &pos);
 		flush_icache_range((unsigned long) start_addr,
 				   (unsigned long) start_addr + ex.a_text +
 				   ex.a_data);
 		retval = 0;
 		goto out;
 	}
 	/* Now use mmap to map the library into memory. */
 	error = vm_mmap(file, start_addr, ex.a_text + ex.a_data,
 			PROT_READ | PROT_WRITE | PROT_EXEC,
 			MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE | MAP_32BIT,
 			N_TXTOFF(ex));
 	retval = error;
 	if (error != start_addr)
 		goto out;
 	len = PAGE_ALIGN(ex.a_text + ex.a_data);
 	bss = ex.a_text + ex.a_data + ex.a_bss;
 	if (bss > len) {
 		error = vm_brk(start_addr + len, bss - len);
 		retval = error;
 		if (error != start_addr + len)
 			goto out;
 	}
 	retval = 0;
 out:
 	return retval;
 }
 static int __init init_aout_binfmt(void)
 {
 	register_binfmt(&aout_format);
 	return 0;
 }
 static void __exit exit_aout_binfmt(void)
 {
 	unregister_binfmt(&aout_format);
 }
 module_init(init_aout_binfmt);
 module_exit(exit_aout_binfmt);
 MODULE_LICENSE("GPL");

fs/binfmt_aout.c

Diff comments View file @ 079148b

 /*
  *  linux/fs/binfmt_aout.c
  *
  *  Copyright (C) 1991, 1992, 1996  Linus Torvalds
  */
 #include <linux/module.h>
 #include <linux/time.h>
 #include <linux/kernel.h>
 #include <linux/mm.h>
 #include <linux/mman.h>
 #include <linux/a.out.h>
 #include <linux/errno.h>
 #include <linux/signal.h>
 #include <linux/string.h>
 #include <linux/fs.h>
 #include <linux/file.h>
 #include <linux/stat.h>
 #include <linux/fcntl.h>
 #include <linux/ptrace.h>
 #include <linux/user.h>
 #include <linux/binfmts.h>
 #include <linux/personality.h>
 #include <linux/init.h>
 #include <linux/coredump.h>
 #include <linux/slab.h>
 #include <asm/uaccess.h>
 #include <asm/cacheflush.h>
 #include <asm/a.out-core.h>
 static int load_aout_binary(struct linux_binprm *);
 static int load_aout_library(struct file*);
 #ifdef CONFIG_COREDUMP
 /*
  * Routine writes a core dump image in the current directory.
  * Currently only a stub-function.
  *
  * Note that setuid/setgid files won't make a core-dump if the uid/gid
  * changed due to the set[u|g]id. It's enforced by the "current->mm->dumpable"
  * field, which also makes sure the core-dumps won't be recursive if the
  * dumping of the process results in another error..
  */
 static int aout_core_dump(struct coredump_params *cprm)
 {
 	struct file *file = cprm->file;
 	mm_segment_t fs;
 	int has_dumped = 0;
 	void __user *dump_start;
 	int dump_size;
 	struct user dump;
 #ifdef __alpha__
 #       define START_DATA(u)	((void __user *)u.start_data)
 #else
 #	define START_DATA(u)	((void __user *)((u.u_tsize << PAGE_SHIFT) + \
 				 u.start_code))
 #endif
 #       define START_STACK(u)   ((void __user *)u.start_stack)
 	fs = get_fs();
 	set_fs(KERNEL_DS);
 	has_dumped = 1;
-	current->flags |= PF_DUMPCORE;
        	strncpy(dump.u_comm, current->comm, sizeof(dump.u_comm));
 	dump.u_ar0 = offsetof(struct user, regs);
 	dump.signal = cprm->siginfo->si_signo;
 	aout_dump_thread(cprm->regs, &dump);
 /* If the size of the dump file exceeds the rlimit, then see what would happen
    if we wrote the stack, but not the data area.  */
 	if ((dump.u_dsize + dump.u_ssize+1) * PAGE_SIZE > cprm->limit)
 		dump.u_dsize = 0;
 /* Make sure we have enough room to write the stack and data areas. */
 	if ((dump.u_ssize + 1) * PAGE_SIZE > cprm->limit)
 		dump.u_ssize = 0;
 /* make sure we actually have a data and stack area to dump */
 	set_fs(USER_DS);
 	if (!access_ok(VERIFY_READ, START_DATA(dump), dump.u_dsize << PAGE_SHIFT))
 		dump.u_dsize = 0;
 	if (!access_ok(VERIFY_READ, START_STACK(dump), dump.u_ssize << PAGE_SHIFT))
 		dump.u_ssize = 0;
 	set_fs(KERNEL_DS);
 /* struct user */
 	if (!dump_write(file, &dump, sizeof(dump)))
 		goto end_coredump;
 /* Now dump all of the user data.  Include malloced stuff as well */
 	if (!dump_seek(cprm->file, PAGE_SIZE - sizeof(dump)))
 		goto end_coredump;
 /* now we start writing out the user space info */
 	set_fs(USER_DS);
 /* Dump the data area */
 	if (dump.u_dsize != 0) {
 		dump_start = START_DATA(dump);
 		dump_size = dump.u_dsize << PAGE_SHIFT;
 		if (!dump_write(file, dump_start, dump_size))
 			goto end_coredump;
 	}
 /* Now prepare to dump the stack area */
 	if (dump.u_ssize != 0) {
 		dump_start = START_STACK(dump);
 		dump_size = dump.u_ssize << PAGE_SHIFT;
 		if (!dump_write(file, dump_start, dump_size))
 			goto end_coredump;
 	}
 end_coredump:
 	set_fs(fs);
 	return has_dumped;
 }
 #else
 #define aout_core_dump NULL
 #endif
 static struct linux_binfmt aout_format = {
 	.module		= THIS_MODULE,
 	.load_binary	= load_aout_binary,
 	.load_shlib	= load_aout_library,
 	.core_dump	= aout_core_dump,
 	.min_coredump	= PAGE_SIZE
 };
 #define BAD_ADDR(x)	((unsigned long)(x) >= TASK_SIZE)
 static int set_brk(unsigned long start, unsigned long end)
 {
 	start = PAGE_ALIGN(start);
 	end = PAGE_ALIGN(end);
 	if (end > start) {
 		unsigned long addr;
 		addr = vm_brk(start, end - start);
 		if (BAD_ADDR(addr))
 			return addr;
 	}
 	return 0;
 }
 /*
  * create_aout_tables() parses the env- and arg-strings in new user
  * memory and creates the pointer tables from them, and puts their
  * addresses on the "stack", returning the new stack pointer value.
  */
 static unsigned long __user *create_aout_tables(char __user *p, struct linux_binprm * bprm)
 {
 	char __user * __user *argv;
 	char __user * __user *envp;
 	unsigned long __user *sp;
 	int argc = bprm->argc;
 	int envc = bprm->envc;
 	sp = (void __user *)((-(unsigned long)sizeof(char *)) & (unsigned long) p);
 #ifdef __alpha__
 /* whee.. test-programs are so much fun. */
 	put_user(0, --sp);
 	put_user(0, --sp);
 	if (bprm->loader) {
 		put_user(0, --sp);
 		put_user(1003, --sp);
 		put_user(bprm->loader, --sp);
 		put_user(1002, --sp);
 	}
 	put_user(bprm->exec, --sp);
 	put_user(1001, --sp);
 #endif
 	sp -= envc+1;
 	envp = (char __user * __user *) sp;
 	sp -= argc+1;
 	argv = (char __user * __user *) sp;
 #ifndef __alpha__
 	put_user((unsigned long) envp,--sp);
 	put_user((unsigned long) argv,--sp);
 #endif
 	put_user(argc,--sp);
 	current->mm->arg_start = (unsigned long) p;
 	while (argc-->0) {
 		char c;
 		put_user(p,argv++);
 		do {
 			get_user(c,p++);
 		} while (c);
 	}
 	put_user(NULL,argv);
 	current->mm->arg_end = current->mm->env_start = (unsigned long) p;
 	while (envc-->0) {
 		char c;
 		put_user(p,envp++);
 		do {
 			get_user(c,p++);
 		} while (c);
 	}
 	put_user(NULL,envp);
 	current->mm->env_end = (unsigned long) p;
 	return sp;
 }
 /*
  * These are the functions used to load a.out style executables and shared
  * libraries.  There is no binary dependent code anywhere else.
  */
 static int load_aout_binary(struct linux_binprm * bprm)
 {
 	struct pt_regs *regs = current_pt_regs();
 	struct exec ex;
 	unsigned long error;
 	unsigned long fd_offset;
 	unsigned long rlim;
 	int retval;
 	ex = *((struct exec *) bprm->buf);		/* exec-header */
 	if ((N_MAGIC(ex) != ZMAGIC && N_MAGIC(ex) != OMAGIC &&
 	     N_MAGIC(ex) != QMAGIC && N_MAGIC(ex) != NMAGIC) ||
 	    N_TRSIZE(ex) || N_DRSIZE(ex) ||
 	    i_size_read(file_inode(bprm->file)) < ex.a_text+ex.a_data+N_SYMSIZE(ex)+N_TXTOFF(ex)) {
 		return -ENOEXEC;
 	}
 	/*
 	 * Requires a mmap handler. This prevents people from using a.out
 	 * as part of an exploit attack against /proc-related vulnerabilities.
 	 */
 	if (!bprm->file->f_op || !bprm->file->f_op->mmap)
 		return -ENOEXEC;
 	fd_offset = N_TXTOFF(ex);
 	/* Check initial limits. This avoids letting people circumvent
 	 * size limits imposed on them by creating programs with large
 	 * arrays in the data or bss.
 	 */
 	rlim = rlimit(RLIMIT_DATA);
 	if (rlim >= RLIM_INFINITY)
 		rlim = ~0;
 	if (ex.a_data + ex.a_bss > rlim)
 		return -ENOMEM;
 	/* Flush all traces of the currently running executable */
 	retval = flush_old_exec(bprm);
 	if (retval)
 		return retval;
 	/* OK, This is the point of no return */
 #ifdef __alpha__
 	SET_AOUT_PERSONALITY(bprm, ex);
 #else
 	set_personality(PER_LINUX);
 #endif
 	setup_new_exec(bprm);
 	current->mm->end_code = ex.a_text +
 		(current->mm->start_code = N_TXTADDR(ex));
 	current->mm->end_data = ex.a_data +
 		(current->mm->start_data = N_DATADDR(ex));
 	current->mm->brk = ex.a_bss +
 		(current->mm->start_brk = N_BSSADDR(ex));
 	current->mm->free_area_cache = current->mm->mmap_base;
 	current->mm->cached_hole_size = 0;
 	retval = setup_arg_pages(bprm, STACK_TOP, EXSTACK_DEFAULT);
 	if (retval < 0) {
 		/* Someone check-me: is this error path enough? */
 		send_sig(SIGKILL, current, 0);
 		return retval;
 	}
 	install_exec_creds(bprm);
 	if (N_MAGIC(ex) == OMAGIC) {
 		unsigned long text_addr, map_size;
 		loff_t pos;
 		text_addr = N_TXTADDR(ex);
 #ifdef __alpha__
 		pos = fd_offset;
 		map_size = ex.a_text+ex.a_data + PAGE_SIZE - 1;
 #else
 		pos = 32;
 		map_size = ex.a_text+ex.a_data;
 #endif
 		error = vm_brk(text_addr & PAGE_MASK, map_size);
 		if (error != (text_addr & PAGE_MASK)) {
 			send_sig(SIGKILL, current, 0);
 			return error;
 		}
 		error = bprm->file->f_op->read(bprm->file,
 			  (char __user *)text_addr,
 			  ex.a_text+ex.a_data, &pos);
 		if ((signed long)error < 0) {
 			send_sig(SIGKILL, current, 0);
 			return error;
 		}
 		flush_icache_range(text_addr, text_addr+ex.a_text+ex.a_data);
 	} else {
 		if ((ex.a_text & 0xfff || ex.a_data & 0xfff) &&
 		    (N_MAGIC(ex) != NMAGIC) && printk_ratelimit())
 		{
 			printk(KERN_NOTICE "executable not page aligned\n");
 		}
 		if ((fd_offset & ~PAGE_MASK) != 0 && printk_ratelimit())
 		{
 			printk(KERN_WARNING
 			       "fd_offset is not page aligned. Please convert program: %s\n",
 			       bprm->file->f_path.dentry->d_name.name);
 		}
 		if (!bprm->file->f_op->mmap||((fd_offset & ~PAGE_MASK) != 0)) {
 			loff_t pos = fd_offset;
 			vm_brk(N_TXTADDR(ex), ex.a_text+ex.a_data);
 			bprm->file->f_op->read(bprm->file,
 					(char __user *)N_TXTADDR(ex),
 					ex.a_text+ex.a_data, &pos);
 			flush_icache_range((unsigned long) N_TXTADDR(ex),
 					   (unsigned long) N_TXTADDR(ex) +
 					   ex.a_text+ex.a_data);
 			goto beyond_if;
 		}
 		error = vm_mmap(bprm->file, N_TXTADDR(ex), ex.a_text,
 			PROT_READ | PROT_EXEC,
 			MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE,
 			fd_offset);
 		if (error != N_TXTADDR(ex)) {
 			send_sig(SIGKILL, current, 0);
 			return error;
 		}
 		error = vm_mmap(bprm->file, N_DATADDR(ex), ex.a_data,
 				PROT_READ | PROT_WRITE | PROT_EXEC,
 				MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE,
 				fd_offset + ex.a_text);
 		if (error != N_DATADDR(ex)) {
 			send_sig(SIGKILL, current, 0);
 			return error;
 		}
 	}
 beyond_if:
 	set_binfmt(&aout_format);
 	retval = set_brk(current->mm->start_brk, current->mm->brk);
 	if (retval < 0) {
 		send_sig(SIGKILL, current, 0);
 		return retval;
 	}
 	current->mm->start_stack =
 		(unsigned long) create_aout_tables((char __user *) bprm->p, bprm);
 #ifdef __alpha__
 	regs->gp = ex.a_gpvalue;
 #endif
 	start_thread(regs, ex.a_entry, current->mm->start_stack);
 	return 0;
 }
 static int load_aout_library(struct file *file)
 {
 	struct inode * inode;
 	unsigned long bss, start_addr, len;
 	unsigned long error;
 	int retval;
 	struct exec ex;
 	inode = file_inode(file);
 	retval = -ENOEXEC;
 	error = kernel_read(file, 0, (char *) &ex, sizeof(ex));
 	if (error != sizeof(ex))
 		goto out;
 	/* We come in here for the regular a.out style of shared libraries */
 	if ((N_MAGIC(ex) != ZMAGIC && N_MAGIC(ex) != QMAGIC) || N_TRSIZE(ex) ||
 	    N_DRSIZE(ex) || ((ex.a_entry & 0xfff) && N_MAGIC(ex) == ZMAGIC) ||
 	    i_size_read(inode) < ex.a_text+ex.a_data+N_SYMSIZE(ex)+N_TXTOFF(ex)) {
 		goto out;
 	}
 	/*
 	 * Requires a mmap handler. This prevents people from using a.out
 	 * as part of an exploit attack against /proc-related vulnerabilities.
 	 */
 	if (!file->f_op || !file->f_op->mmap)
 		goto out;
 	if (N_FLAGS(ex))
 		goto out;
 	/* For  QMAGIC, the starting address is 0x20 into the page.  We mask
 	   this off to get the starting address for the page */
 	start_addr =  ex.a_entry & 0xfffff000;
 	if ((N_TXTOFF(ex) & ~PAGE_MASK) != 0) {
 		loff_t pos = N_TXTOFF(ex);
 		if (printk_ratelimit())
 		{
 			printk(KERN_WARNING
 			       "N_TXTOFF is not page aligned. Please convert library: %s\n",
 			       file->f_path.dentry->d_name.name);
 		}
 		vm_brk(start_addr, ex.a_text + ex.a_data + ex.a_bss);
 		file->f_op->read(file, (char __user *)start_addr,
 			ex.a_text + ex.a_data, &pos);
 		flush_icache_range((unsigned long) start_addr,
 				   (unsigned long) start_addr + ex.a_text + ex.a_data);
 		retval = 0;
 		goto out;
 	}
 	/* Now use mmap to map the library into memory. */
 	error = vm_mmap(file, start_addr, ex.a_text + ex.a_data,
 			PROT_READ | PROT_WRITE | PROT_EXEC,
 			MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE,
 			N_TXTOFF(ex));
 	retval = error;
 	if (error != start_addr)
 		goto out;
 	len = PAGE_ALIGN(ex.a_text + ex.a_data);
 	bss = ex.a_text + ex.a_data + ex.a_bss;
 	if (bss > len) {
 		error = vm_brk(start_addr + len, bss - len);
 		retval = error;
 		if (error != start_addr + len)
 			goto out;
 	}
 	retval = 0;
 out:
 	return retval;
 }
 static int __init init_aout_binfmt(void)
 {
 	register_binfmt(&aout_format);
 	return 0;
 }
 static void __exit exit_aout_binfmt(void)
 {
 	unregister_binfmt(&aout_format);
 }
 core_initcall(init_aout_binfmt);
 module_exit(exit_aout_binfmt);
 MODULE_LICENSE("GPL");

fs/binfmt_elf.c

Diff comments View file @ 079148b

1	/*	1	/*
2	* linux/fs/binfmt_elf.c	2	* linux/fs/binfmt_elf.c
3	*	3	*
4	* These are the functions used to load ELF format executables as used	4	* These are the functions used to load ELF format executables as used
5	* on SVr4 machines. Information on the format may be found in the book	5	* on SVr4 machines. Information on the format may be found in the book
6	* "UNIX SYSTEM V RELEASE 4 Programmers Guide: Ansi C and Programming Support	6	* "UNIX SYSTEM V RELEASE 4 Programmers Guide: Ansi C and Programming Support
7	* Tools".	7	* Tools".
8	*	8	*
9	* Copyright 1993, 1994: Eric Youngdale (ericy@cais.com).	9	* Copyright 1993, 1994: Eric Youngdale (ericy@cais.com).
10	*/	10	*/
11		11
12	#include <linux/module.h>	12	#include <linux/module.h>
13	#include <linux/kernel.h>	13	#include <linux/kernel.h>
14	#include <linux/fs.h>	14	#include <linux/fs.h>
15	#include <linux/mm.h>	15	#include <linux/mm.h>
16	#include <linux/mman.h>	16	#include <linux/mman.h>
17	#include <linux/errno.h>	17	#include <linux/errno.h>
18	#include <linux/signal.h>	18	#include <linux/signal.h>
19	#include <linux/binfmts.h>	19	#include <linux/binfmts.h>
20	#include <linux/string.h>	20	#include <linux/string.h>
21	#include <linux/file.h>	21	#include <linux/file.h>
22	#include <linux/slab.h>	22	#include <linux/slab.h>
23	#include <linux/personality.h>	23	#include <linux/personality.h>
24	#include <linux/elfcore.h>	24	#include <linux/elfcore.h>
25	#include <linux/init.h>	25	#include <linux/init.h>
26	#include <linux/highuid.h>	26	#include <linux/highuid.h>
27	#include <linux/compiler.h>	27	#include <linux/compiler.h>
28	#include <linux/highmem.h>	28	#include <linux/highmem.h>
29	#include <linux/pagemap.h>	29	#include <linux/pagemap.h>
30	#include <linux/vmalloc.h>	30	#include <linux/vmalloc.h>
31	#include <linux/security.h>	31	#include <linux/security.h>
32	#include <linux/random.h>	32	#include <linux/random.h>
33	#include <linux/elf.h>	33	#include <linux/elf.h>
34	#include <linux/utsname.h>	34	#include <linux/utsname.h>
35	#include <linux/coredump.h>	35	#include <linux/coredump.h>
36	#include <linux/sched.h>	36	#include <linux/sched.h>
37	#include <asm/uaccess.h>	37	#include <asm/uaccess.h>
38	#include <asm/param.h>	38	#include <asm/param.h>
39	#include <asm/page.h>	39	#include <asm/page.h>
40		40
41	#ifndef user_long_t	41	#ifndef user_long_t
42	#define user_long_t long	42	#define user_long_t long
43	#endif	43	#endif
44	#ifndef user_siginfo_t	44	#ifndef user_siginfo_t
45	#define user_siginfo_t siginfo_t	45	#define user_siginfo_t siginfo_t
46	#endif	46	#endif
47		47
48	static int load_elf_binary(struct linux_binprm *bprm);	48	static int load_elf_binary(struct linux_binprm *bprm);
49	static int load_elf_library(struct file *);	49	static int load_elf_library(struct file *);
50	static unsigned long elf_map(struct file , unsigned long, struct elf_phdr ,	50	static unsigned long elf_map(struct file , unsigned long, struct elf_phdr ,
51	int, int, unsigned long);	51	int, int, unsigned long);
52		52
53	/*	53	/*
54	* If we don't support core dumping, then supply a NULL so we	54	* If we don't support core dumping, then supply a NULL so we
55	* don't even try.	55	* don't even try.
56	*/	56	*/
57	#ifdef CONFIG_ELF_CORE	57	#ifdef CONFIG_ELF_CORE
58	static int elf_core_dump(struct coredump_params *cprm);	58	static int elf_core_dump(struct coredump_params *cprm);
59	#else	59	#else
60	#define elf_core_dump NULL	60	#define elf_core_dump NULL
61	#endif	61	#endif
62		62
63	#if ELF_EXEC_PAGESIZE > PAGE_SIZE	63	#if ELF_EXEC_PAGESIZE > PAGE_SIZE
64	#define ELF_MIN_ALIGN ELF_EXEC_PAGESIZE	64	#define ELF_MIN_ALIGN ELF_EXEC_PAGESIZE
65	#else	65	#else
66	#define ELF_MIN_ALIGN PAGE_SIZE	66	#define ELF_MIN_ALIGN PAGE_SIZE
67	#endif	67	#endif
68		68
69	#ifndef ELF_CORE_EFLAGS	69	#ifndef ELF_CORE_EFLAGS
70	#define ELF_CORE_EFLAGS 0	70	#define ELF_CORE_EFLAGS 0
71	#endif	71	#endif
72		72
73	#define ELF_PAGESTART(_v) ((_v) & ~(unsigned long)(ELF_MIN_ALIGN-1))	73	#define ELF_PAGESTART(_v) ((_v) & ~(unsigned long)(ELF_MIN_ALIGN-1))
74	#define ELF_PAGEOFFSET(_v) ((_v) & (ELF_MIN_ALIGN-1))	74	#define ELF_PAGEOFFSET(_v) ((_v) & (ELF_MIN_ALIGN-1))
75	#define ELF_PAGEALIGN(_v) (((_v) + ELF_MIN_ALIGN - 1) & ~(ELF_MIN_ALIGN - 1))	75	#define ELF_PAGEALIGN(_v) (((_v) + ELF_MIN_ALIGN - 1) & ~(ELF_MIN_ALIGN - 1))
76		76
77	static struct linux_binfmt elf_format = {	77	static struct linux_binfmt elf_format = {
78	.module = THIS_MODULE,	78	.module = THIS_MODULE,
79	.load_binary = load_elf_binary,	79	.load_binary = load_elf_binary,
80	.load_shlib = load_elf_library,	80	.load_shlib = load_elf_library,
81	.core_dump = elf_core_dump,	81	.core_dump = elf_core_dump,
82	.min_coredump = ELF_EXEC_PAGESIZE,	82	.min_coredump = ELF_EXEC_PAGESIZE,
83	};	83	};
84		84
85	#define BAD_ADDR(x) ((unsigned long)(x) >= TASK_SIZE)	85	#define BAD_ADDR(x) ((unsigned long)(x) >= TASK_SIZE)
86		86
87	static int set_brk(unsigned long start, unsigned long end)	87	static int set_brk(unsigned long start, unsigned long end)
88	{	88	{
89	start = ELF_PAGEALIGN(start);	89	start = ELF_PAGEALIGN(start);
90	end = ELF_PAGEALIGN(end);	90	end = ELF_PAGEALIGN(end);
91	if (end > start) {	91	if (end > start) {
92	unsigned long addr;	92	unsigned long addr;
93	addr = vm_brk(start, end - start);	93	addr = vm_brk(start, end - start);
94	if (BAD_ADDR(addr))	94	if (BAD_ADDR(addr))
95	return addr;	95	return addr;
96	}	96	}
97	current->mm->start_brk = current->mm->brk = end;	97	current->mm->start_brk = current->mm->brk = end;
98	return 0;	98	return 0;
99	}	99	}
100		100
101	/* We need to explicitly zero any fractional pages	101	/* We need to explicitly zero any fractional pages
102	after the data section (i.e. bss). This would	102	after the data section (i.e. bss). This would
103	contain the junk from the file that should not	103	contain the junk from the file that should not
104	be in memory	104	be in memory
105	*/	105	*/
106	static int padzero(unsigned long elf_bss)	106	static int padzero(unsigned long elf_bss)
107	{	107	{
108	unsigned long nbyte;	108	unsigned long nbyte;
109		109
110	nbyte = ELF_PAGEOFFSET(elf_bss);	110	nbyte = ELF_PAGEOFFSET(elf_bss);
111	if (nbyte) {	111	if (nbyte) {
112	nbyte = ELF_MIN_ALIGN - nbyte;	112	nbyte = ELF_MIN_ALIGN - nbyte;
113	if (clear_user((void __user *) elf_bss, nbyte))	113	if (clear_user((void __user *) elf_bss, nbyte))
114	return -EFAULT;	114	return -EFAULT;
115	}	115	}
116	return 0;	116	return 0;
117	}	117	}
118		118
119	/* Let's use some macros to make this stack manipulation a little clearer */	119	/* Let's use some macros to make this stack manipulation a little clearer */
120	#ifdef CONFIG_STACK_GROWSUP	120	#ifdef CONFIG_STACK_GROWSUP
121	#define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) + (items))	121	#define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) + (items))
122	#define STACK_ROUND(sp, items) \	122	#define STACK_ROUND(sp, items) \
123	((15 + (unsigned long) ((sp) + (items))) &~ 15UL)	123	((15 + (unsigned long) ((sp) + (items))) &~ 15UL)
124	#define STACK_ALLOC(sp, len) ({ \	124	#define STACK_ALLOC(sp, len) ({ \
125	elf_addr_t __user old_sp = (elf_addr_t __user )sp; sp += len; \	125	elf_addr_t __user old_sp = (elf_addr_t __user )sp; sp += len; \
126	old_sp; })	126	old_sp; })
127	#else	127	#else
128	#define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) - (items))	128	#define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) - (items))
129	#define STACK_ROUND(sp, items) \	129	#define STACK_ROUND(sp, items) \
130	(((unsigned long) (sp - items)) &~ 15UL)	130	(((unsigned long) (sp - items)) &~ 15UL)
131	#define STACK_ALLOC(sp, len) ({ sp -= len ; sp; })	131	#define STACK_ALLOC(sp, len) ({ sp -= len ; sp; })
132	#endif	132	#endif
133		133
134	#ifndef ELF_BASE_PLATFORM	134	#ifndef ELF_BASE_PLATFORM
135	/*	135	/*
136	* AT_BASE_PLATFORM indicates the "real" hardware/microarchitecture.	136	* AT_BASE_PLATFORM indicates the "real" hardware/microarchitecture.
137	* If the arch defines ELF_BASE_PLATFORM (in asm/elf.h), the value	137	* If the arch defines ELF_BASE_PLATFORM (in asm/elf.h), the value
138	* will be copied to the user stack in the same manner as AT_PLATFORM.	138	* will be copied to the user stack in the same manner as AT_PLATFORM.
139	*/	139	*/
140	#define ELF_BASE_PLATFORM NULL	140	#define ELF_BASE_PLATFORM NULL
141	#endif	141	#endif
142		142
143	static int	143	static int
144	create_elf_tables(struct linux_binprm bprm, struct elfhdr exec,	144	create_elf_tables(struct linux_binprm bprm, struct elfhdr exec,
145	unsigned long load_addr, unsigned long interp_load_addr)	145	unsigned long load_addr, unsigned long interp_load_addr)
146	{	146	{
147	unsigned long p = bprm->p;	147	unsigned long p = bprm->p;
148	int argc = bprm->argc;	148	int argc = bprm->argc;
149	int envc = bprm->envc;	149	int envc = bprm->envc;
150	elf_addr_t __user *argv;	150	elf_addr_t __user *argv;
151	elf_addr_t __user *envp;	151	elf_addr_t __user *envp;
152	elf_addr_t __user *sp;	152	elf_addr_t __user *sp;
153	elf_addr_t __user *u_platform;	153	elf_addr_t __user *u_platform;
154	elf_addr_t __user *u_base_platform;	154	elf_addr_t __user *u_base_platform;
155	elf_addr_t __user *u_rand_bytes;	155	elf_addr_t __user *u_rand_bytes;
156	const char *k_platform = ELF_PLATFORM;	156	const char *k_platform = ELF_PLATFORM;
157	const char *k_base_platform = ELF_BASE_PLATFORM;	157	const char *k_base_platform = ELF_BASE_PLATFORM;
158	unsigned char k_rand_bytes[16];	158	unsigned char k_rand_bytes[16];
159	int items;	159	int items;
160	elf_addr_t *elf_info;	160	elf_addr_t *elf_info;
161	int ei_index = 0;	161	int ei_index = 0;
162	const struct cred *cred = current_cred();	162	const struct cred *cred = current_cred();
163	struct vm_area_struct *vma;	163	struct vm_area_struct *vma;
164		164
165	/*	165	/*
166	* In some cases (e.g. Hyper-Threading), we want to avoid L1	166	* In some cases (e.g. Hyper-Threading), we want to avoid L1
167	* evictions by the processes running on the same package. One	167	* evictions by the processes running on the same package. One
168	* thing we can do is to shuffle the initial stack for them.	168	* thing we can do is to shuffle the initial stack for them.
169	*/	169	*/
170		170
171	p = arch_align_stack(p);	171	p = arch_align_stack(p);
172		172
173	/*	173	/*
174	* If this architecture has a platform capability string, copy it	174	* If this architecture has a platform capability string, copy it
175	* to userspace. In some cases (Sparc), this info is impossible	175	* to userspace. In some cases (Sparc), this info is impossible
176	* for userspace to get any other way, in others (i386) it is	176	* for userspace to get any other way, in others (i386) it is
177	* merely difficult.	177	* merely difficult.
178	*/	178	*/
179	u_platform = NULL;	179	u_platform = NULL;
180	if (k_platform) {	180	if (k_platform) {
181	size_t len = strlen(k_platform) + 1;	181	size_t len = strlen(k_platform) + 1;
182		182
183	u_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);	183	u_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
184	if (__copy_to_user(u_platform, k_platform, len))	184	if (__copy_to_user(u_platform, k_platform, len))
185	return -EFAULT;	185	return -EFAULT;
186	}	186	}
187		187
188	/*	188	/*
189	* If this architecture has a "base" platform capability	189	* If this architecture has a "base" platform capability
190	* string, copy it to userspace.	190	* string, copy it to userspace.
191	*/	191	*/
192	u_base_platform = NULL;	192	u_base_platform = NULL;
193	if (k_base_platform) {	193	if (k_base_platform) {
194	size_t len = strlen(k_base_platform) + 1;	194	size_t len = strlen(k_base_platform) + 1;
195		195
196	u_base_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);	196	u_base_platform = (elf_addr_t __user *)STACK_ALLOC(p, len);
197	if (__copy_to_user(u_base_platform, k_base_platform, len))	197	if (__copy_to_user(u_base_platform, k_base_platform, len))
198	return -EFAULT;	198	return -EFAULT;
199	}	199	}
200		200
201	/*	201	/*
202	* Generate 16 random bytes for userspace PRNG seeding.	202	* Generate 16 random bytes for userspace PRNG seeding.
203	*/	203	*/
204	get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes));	204	get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes));
205	u_rand_bytes = (elf_addr_t __user *)	205	u_rand_bytes = (elf_addr_t __user *)
206	STACK_ALLOC(p, sizeof(k_rand_bytes));	206	STACK_ALLOC(p, sizeof(k_rand_bytes));
207	if (__copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes)))	207	if (__copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes)))
208	return -EFAULT;	208	return -EFAULT;
209		209
210	/* Create the ELF interpreter info */	210	/* Create the ELF interpreter info */
211	elf_info = (elf_addr_t *)current->mm->saved_auxv;	211	elf_info = (elf_addr_t *)current->mm->saved_auxv;
212	/* update AT_VECTOR_SIZE_BASE if the number of NEW_AUX_ENT() changes */	212	/* update AT_VECTOR_SIZE_BASE if the number of NEW_AUX_ENT() changes */
213	#define NEW_AUX_ENT(id, val) \	213	#define NEW_AUX_ENT(id, val) \
214	do { \	214	do { \
215	elf_info[ei_index++] = id; \	215	elf_info[ei_index++] = id; \
216	elf_info[ei_index++] = val; \	216	elf_info[ei_index++] = val; \
217	} while (0)	217	} while (0)
218		218
219	#ifdef ARCH_DLINFO	219	#ifdef ARCH_DLINFO
220	/*	220	/*
221	* ARCH_DLINFO must come first so PPC can do its special alignment of	221	* ARCH_DLINFO must come first so PPC can do its special alignment of
222	* AUXV.	222	* AUXV.
223	* update AT_VECTOR_SIZE_ARCH if the number of NEW_AUX_ENT() in	223	* update AT_VECTOR_SIZE_ARCH if the number of NEW_AUX_ENT() in
224	* ARCH_DLINFO changes	224	* ARCH_DLINFO changes
225	*/	225	*/
226	ARCH_DLINFO;	226	ARCH_DLINFO;
227	#endif	227	#endif
228	NEW_AUX_ENT(AT_HWCAP, ELF_HWCAP);	228	NEW_AUX_ENT(AT_HWCAP, ELF_HWCAP);
229	NEW_AUX_ENT(AT_PAGESZ, ELF_EXEC_PAGESIZE);	229	NEW_AUX_ENT(AT_PAGESZ, ELF_EXEC_PAGESIZE);
230	NEW_AUX_ENT(AT_CLKTCK, CLOCKS_PER_SEC);	230	NEW_AUX_ENT(AT_CLKTCK, CLOCKS_PER_SEC);
231	NEW_AUX_ENT(AT_PHDR, load_addr + exec->e_phoff);	231	NEW_AUX_ENT(AT_PHDR, load_addr + exec->e_phoff);
232	NEW_AUX_ENT(AT_PHENT, sizeof(struct elf_phdr));	232	NEW_AUX_ENT(AT_PHENT, sizeof(struct elf_phdr));
233	NEW_AUX_ENT(AT_PHNUM, exec->e_phnum);	233	NEW_AUX_ENT(AT_PHNUM, exec->e_phnum);
234	NEW_AUX_ENT(AT_BASE, interp_load_addr);	234	NEW_AUX_ENT(AT_BASE, interp_load_addr);
235	NEW_AUX_ENT(AT_FLAGS, 0);	235	NEW_AUX_ENT(AT_FLAGS, 0);
236	NEW_AUX_ENT(AT_ENTRY, exec->e_entry);	236	NEW_AUX_ENT(AT_ENTRY, exec->e_entry);
237	NEW_AUX_ENT(AT_UID, from_kuid_munged(cred->user_ns, cred->uid));	237	NEW_AUX_ENT(AT_UID, from_kuid_munged(cred->user_ns, cred->uid));
238	NEW_AUX_ENT(AT_EUID, from_kuid_munged(cred->user_ns, cred->euid));	238	NEW_AUX_ENT(AT_EUID, from_kuid_munged(cred->user_ns, cred->euid));
239	NEW_AUX_ENT(AT_GID, from_kgid_munged(cred->user_ns, cred->gid));	239	NEW_AUX_ENT(AT_GID, from_kgid_munged(cred->user_ns, cred->gid));
240	NEW_AUX_ENT(AT_EGID, from_kgid_munged(cred->user_ns, cred->egid));	240	NEW_AUX_ENT(AT_EGID, from_kgid_munged(cred->user_ns, cred->egid));
241	NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm));	241	NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm));
242	NEW_AUX_ENT(AT_RANDOM, (elf_addr_t)(unsigned long)u_rand_bytes);	242	NEW_AUX_ENT(AT_RANDOM, (elf_addr_t)(unsigned long)u_rand_bytes);
243	NEW_AUX_ENT(AT_EXECFN, bprm->exec);	243	NEW_AUX_ENT(AT_EXECFN, bprm->exec);
244	if (k_platform) {	244	if (k_platform) {
245	NEW_AUX_ENT(AT_PLATFORM,	245	NEW_AUX_ENT(AT_PLATFORM,
246	(elf_addr_t)(unsigned long)u_platform);	246	(elf_addr_t)(unsigned long)u_platform);
247	}	247	}
248	if (k_base_platform) {	248	if (k_base_platform) {
249	NEW_AUX_ENT(AT_BASE_PLATFORM,	249	NEW_AUX_ENT(AT_BASE_PLATFORM,
250	(elf_addr_t)(unsigned long)u_base_platform);	250	(elf_addr_t)(unsigned long)u_base_platform);
251	}	251	}
252	if (bprm->interp_flags & BINPRM_FLAGS_EXECFD) {	252	if (bprm->interp_flags & BINPRM_FLAGS_EXECFD) {
253	NEW_AUX_ENT(AT_EXECFD, bprm->interp_data);	253	NEW_AUX_ENT(AT_EXECFD, bprm->interp_data);
254	}	254	}
255	#undef NEW_AUX_ENT	255	#undef NEW_AUX_ENT
256	/* AT_NULL is zero; clear the rest too */	256	/* AT_NULL is zero; clear the rest too */
257	memset(&elf_info[ei_index], 0,	257	memset(&elf_info[ei_index], 0,
258	sizeof current->mm->saved_auxv - ei_index * sizeof elf_info[0]);	258	sizeof current->mm->saved_auxv - ei_index * sizeof elf_info[0]);
259		259
260	/* And advance past the AT_NULL entry. */	260	/* And advance past the AT_NULL entry. */
261	ei_index += 2;	261	ei_index += 2;
262		262
263	sp = STACK_ADD(p, ei_index);	263	sp = STACK_ADD(p, ei_index);
264		264
265	items = (argc + 1) + (envc + 1) + 1;	265	items = (argc + 1) + (envc + 1) + 1;
266	bprm->p = STACK_ROUND(sp, items);	266	bprm->p = STACK_ROUND(sp, items);
267		267
268	/* Point sp at the lowest address on the stack */	268	/* Point sp at the lowest address on the stack */
269	#ifdef CONFIG_STACK_GROWSUP	269	#ifdef CONFIG_STACK_GROWSUP
270	sp = (elf_addr_t __user *)bprm->p - items - ei_index;	270	sp = (elf_addr_t __user *)bprm->p - items - ei_index;
271	bprm->exec = (unsigned long)sp; /* XXX: PARISC HACK */	271	bprm->exec = (unsigned long)sp; /* XXX: PARISC HACK */
272	#else	272	#else
273	sp = (elf_addr_t __user *)bprm->p;	273	sp = (elf_addr_t __user *)bprm->p;
274	#endif	274	#endif
275		275
276		276
277	/*	277	/*
278	* Grow the stack manually; some architectures have a limit on how	278	* Grow the stack manually; some architectures have a limit on how
279	* far ahead a user-space access may be in order to grow the stack.	279	* far ahead a user-space access may be in order to grow the stack.
280	*/	280	*/
281	vma = find_extend_vma(current->mm, bprm->p);	281	vma = find_extend_vma(current->mm, bprm->p);
282	if (!vma)	282	if (!vma)
283	return -EFAULT;	283	return -EFAULT;
284		284
285	/* Now, let's put argc (and argv, envp if appropriate) on the stack */	285	/* Now, let's put argc (and argv, envp if appropriate) on the stack */
286	if (__put_user(argc, sp++))	286	if (__put_user(argc, sp++))
287	return -EFAULT;	287	return -EFAULT;
288	argv = sp;	288	argv = sp;
289	envp = argv + argc + 1;	289	envp = argv + argc + 1;
290		290
291	/* Populate argv and envp */	291	/* Populate argv and envp */
292	p = current->mm->arg_end = current->mm->arg_start;	292	p = current->mm->arg_end = current->mm->arg_start;
293	while (argc-- > 0) {	293	while (argc-- > 0) {
294	size_t len;	294	size_t len;
295	if (__put_user((elf_addr_t)p, argv++))	295	if (__put_user((elf_addr_t)p, argv++))
296	return -EFAULT;	296	return -EFAULT;
297	len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);	297	len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
298	if (!len \|\| len > MAX_ARG_STRLEN)	298	if (!len \|\| len > MAX_ARG_STRLEN)
299	return -EINVAL;	299	return -EINVAL;
300	p += len;	300	p += len;
301	}	301	}
302	if (__put_user(0, argv))	302	if (__put_user(0, argv))
303	return -EFAULT;	303	return -EFAULT;
304	current->mm->arg_end = current->mm->env_start = p;	304	current->mm->arg_end = current->mm->env_start = p;
305	while (envc-- > 0) {	305	while (envc-- > 0) {
306	size_t len;	306	size_t len;
307	if (__put_user((elf_addr_t)p, envp++))	307	if (__put_user((elf_addr_t)p, envp++))
308	return -EFAULT;	308	return -EFAULT;
309	len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);	309	len = strnlen_user((void __user *)p, MAX_ARG_STRLEN);
310	if (!len \|\| len > MAX_ARG_STRLEN)	310	if (!len \|\| len > MAX_ARG_STRLEN)
311	return -EINVAL;	311	return -EINVAL;
312	p += len;	312	p += len;
313	}	313	}
314	if (__put_user(0, envp))	314	if (__put_user(0, envp))
315	return -EFAULT;	315	return -EFAULT;
316	current->mm->env_end = p;	316	current->mm->env_end = p;
317		317
318	/* Put the elf_info on the stack in the right place. */	318	/* Put the elf_info on the stack in the right place. */
319	sp = (elf_addr_t __user *)envp + 1;	319	sp = (elf_addr_t __user *)envp + 1;
320	if (copy_to_user(sp, elf_info, ei_index * sizeof(elf_addr_t)))	320	if (copy_to_user(sp, elf_info, ei_index * sizeof(elf_addr_t)))
321	return -EFAULT;	321	return -EFAULT;
322	return 0;	322	return 0;
323	}	323	}
324		324
325	#ifndef elf_map	325	#ifndef elf_map
326		326
327	static unsigned long elf_map(struct file *filep, unsigned long addr,	327	static unsigned long elf_map(struct file *filep, unsigned long addr,
328	struct elf_phdr *eppnt, int prot, int type,	328	struct elf_phdr *eppnt, int prot, int type,
329	unsigned long total_size)	329	unsigned long total_size)
330	{	330	{
331	unsigned long map_addr;	331	unsigned long map_addr;
332	unsigned long size = eppnt->p_filesz + ELF_PAGEOFFSET(eppnt->p_vaddr);	332	unsigned long size = eppnt->p_filesz + ELF_PAGEOFFSET(eppnt->p_vaddr);
333	unsigned long off = eppnt->p_offset - ELF_PAGEOFFSET(eppnt->p_vaddr);	333	unsigned long off = eppnt->p_offset - ELF_PAGEOFFSET(eppnt->p_vaddr);
334	addr = ELF_PAGESTART(addr);	334	addr = ELF_PAGESTART(addr);
335	size = ELF_PAGEALIGN(size);	335	size = ELF_PAGEALIGN(size);
336		336
337	/* mmap() will return -EINVAL if given a zero size, but a	337	/* mmap() will return -EINVAL if given a zero size, but a
338	* segment with zero filesize is perfectly valid */	338	* segment with zero filesize is perfectly valid */
339	if (!size)	339	if (!size)
340	return addr;	340	return addr;
341		341
342	/*	342	/*
343	* total_size is the size of the ELF (interpreter) image.	343	* total_size is the size of the ELF (interpreter) image.
344	* The _first_ mmap needs to know the full size, otherwise	344	* The _first_ mmap needs to know the full size, otherwise
345	* randomization might put this image into an overlapping	345	* randomization might put this image into an overlapping
346	* position with the ELF binary image. (since size < total_size)	346	* position with the ELF binary image. (since size < total_size)
347	* So we first map the 'big' image - and unmap the remainder at	347	* So we first map the 'big' image - and unmap the remainder at
348	* the end. (which unmap is needed for ELF images with holes.)	348	* the end. (which unmap is needed for ELF images with holes.)
349	*/	349	*/
350	if (total_size) {	350	if (total_size) {
351	total_size = ELF_PAGEALIGN(total_size);	351	total_size = ELF_PAGEALIGN(total_size);
352	map_addr = vm_mmap(filep, addr, total_size, prot, type, off);	352	map_addr = vm_mmap(filep, addr, total_size, prot, type, off);
353	if (!BAD_ADDR(map_addr))	353	if (!BAD_ADDR(map_addr))
354	vm_munmap(map_addr+size, total_size-size);	354	vm_munmap(map_addr+size, total_size-size);
355	} else	355	} else
356	map_addr = vm_mmap(filep, addr, size, prot, type, off);	356	map_addr = vm_mmap(filep, addr, size, prot, type, off);
357		357
358	return(map_addr);	358	return(map_addr);
359	}	359	}
360		360
361	#endif /* !elf_map */	361	#endif /* !elf_map */
362		362
363	static unsigned long total_mapping_size(struct elf_phdr *cmds, int nr)	363	static unsigned long total_mapping_size(struct elf_phdr *cmds, int nr)
364	{	364	{
365	int i, first_idx = -1, last_idx = -1;	365	int i, first_idx = -1, last_idx = -1;
366		366
367	for (i = 0; i < nr; i++) {	367	for (i = 0; i < nr; i++) {
368	if (cmds[i].p_type == PT_LOAD) {	368	if (cmds[i].p_type == PT_LOAD) {
369	last_idx = i;	369	last_idx = i;
370	if (first_idx == -1)	370	if (first_idx == -1)
371	first_idx = i;	371	first_idx = i;
372	}	372	}
373	}	373	}
374	if (first_idx == -1)	374	if (first_idx == -1)
375	return 0;	375	return 0;
376		376
377	return cmds[last_idx].p_vaddr + cmds[last_idx].p_memsz -	377	return cmds[last_idx].p_vaddr + cmds[last_idx].p_memsz -
378	ELF_PAGESTART(cmds[first_idx].p_vaddr);	378	ELF_PAGESTART(cmds[first_idx].p_vaddr);
379	}	379	}
380		380
381		381
382	/* This is much more generalized than the library routine read function,	382	/* This is much more generalized than the library routine read function,
383	so we keep this separate. Technically the library read function	383	so we keep this separate. Technically the library read function
384	is only provided so that we can read a.out libraries that have	384	is only provided so that we can read a.out libraries that have
385	an ELF header */	385	an ELF header */
386		386
387	static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,	387	static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
388	struct file interpreter, unsigned long interp_map_addr,	388	struct file interpreter, unsigned long interp_map_addr,
389	unsigned long no_base)	389	unsigned long no_base)
390	{	390	{
391	struct elf_phdr *elf_phdata;	391	struct elf_phdr *elf_phdata;
392	struct elf_phdr *eppnt;	392	struct elf_phdr *eppnt;
393	unsigned long load_addr = 0;	393	unsigned long load_addr = 0;
394	int load_addr_set = 0;	394	int load_addr_set = 0;
395	unsigned long last_bss = 0, elf_bss = 0;	395	unsigned long last_bss = 0, elf_bss = 0;
396	unsigned long error = ~0UL;	396	unsigned long error = ~0UL;
397	unsigned long total_size;	397	unsigned long total_size;
398	int retval, i, size;	398	int retval, i, size;
399		399
400	/* First of all, some simple consistency checks */	400	/* First of all, some simple consistency checks */
401	if (interp_elf_ex->e_type != ET_EXEC &&	401	if (interp_elf_ex->e_type != ET_EXEC &&
402	interp_elf_ex->e_type != ET_DYN)	402	interp_elf_ex->e_type != ET_DYN)
403	goto out;	403	goto out;
404	if (!elf_check_arch(interp_elf_ex))	404	if (!elf_check_arch(interp_elf_ex))
405	goto out;	405	goto out;
406	if (!interpreter->f_op \|\| !interpreter->f_op->mmap)	406	if (!interpreter->f_op \|\| !interpreter->f_op->mmap)
407	goto out;	407	goto out;
408		408
409	/*	409	/*
410	* If the size of this structure has changed, then punt, since	410	* If the size of this structure has changed, then punt, since
411	* we will be doing the wrong thing.	411	* we will be doing the wrong thing.
412	*/	412	*/
413	if (interp_elf_ex->e_phentsize != sizeof(struct elf_phdr))	413	if (interp_elf_ex->e_phentsize != sizeof(struct elf_phdr))
414	goto out;	414	goto out;
415	if (interp_elf_ex->e_phnum < 1 \|\|	415	if (interp_elf_ex->e_phnum < 1 \|\|
416	interp_elf_ex->e_phnum > 65536U / sizeof(struct elf_phdr))	416	interp_elf_ex->e_phnum > 65536U / sizeof(struct elf_phdr))
417	goto out;	417	goto out;
418		418
419	/* Now read in all of the header information */	419	/* Now read in all of the header information */
420	size = sizeof(struct elf_phdr) * interp_elf_ex->e_phnum;	420	size = sizeof(struct elf_phdr) * interp_elf_ex->e_phnum;
421	if (size > ELF_MIN_ALIGN)	421	if (size > ELF_MIN_ALIGN)
422	goto out;	422	goto out;
423	elf_phdata = kmalloc(size, GFP_KERNEL);	423	elf_phdata = kmalloc(size, GFP_KERNEL);
424	if (!elf_phdata)	424	if (!elf_phdata)
425	goto out;	425	goto out;
426		426
427	retval = kernel_read(interpreter, interp_elf_ex->e_phoff,	427	retval = kernel_read(interpreter, interp_elf_ex->e_phoff,
428	(char *)elf_phdata, size);	428	(char *)elf_phdata, size);
429	error = -EIO;	429	error = -EIO;
430	if (retval != size) {	430	if (retval != size) {
431	if (retval < 0)	431	if (retval < 0)
432	error = retval;	432	error = retval;
433	goto out_close;	433	goto out_close;
434	}	434	}
435		435
436	total_size = total_mapping_size(elf_phdata, interp_elf_ex->e_phnum);	436	total_size = total_mapping_size(elf_phdata, interp_elf_ex->e_phnum);
437	if (!total_size) {	437	if (!total_size) {
438	error = -EINVAL;	438	error = -EINVAL;
439	goto out_close;	439	goto out_close;
440	}	440	}
441		441
442	eppnt = elf_phdata;	442	eppnt = elf_phdata;
443	for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) {	443	for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) {
444	if (eppnt->p_type == PT_LOAD) {	444	if (eppnt->p_type == PT_LOAD) {
445	int elf_type = MAP_PRIVATE \| MAP_DENYWRITE;	445	int elf_type = MAP_PRIVATE \| MAP_DENYWRITE;
446	int elf_prot = 0;	446	int elf_prot = 0;
447	unsigned long vaddr = 0;	447	unsigned long vaddr = 0;
448	unsigned long k, map_addr;	448	unsigned long k, map_addr;
449		449
450	if (eppnt->p_flags & PF_R)	450	if (eppnt->p_flags & PF_R)
451	elf_prot = PROT_READ;	451	elf_prot = PROT_READ;
452	if (eppnt->p_flags & PF_W)	452	if (eppnt->p_flags & PF_W)
453	elf_prot \|= PROT_WRITE;	453	elf_prot \|= PROT_WRITE;
454	if (eppnt->p_flags & PF_X)	454	if (eppnt->p_flags & PF_X)
455	elf_prot \|= PROT_EXEC;	455	elf_prot \|= PROT_EXEC;
456	vaddr = eppnt->p_vaddr;	456	vaddr = eppnt->p_vaddr;
457	if (interp_elf_ex->e_type == ET_EXEC \|\| load_addr_set)	457	if (interp_elf_ex->e_type == ET_EXEC \|\| load_addr_set)
458	elf_type \|= MAP_FIXED;	458	elf_type \|= MAP_FIXED;
459	else if (no_base && interp_elf_ex->e_type == ET_DYN)	459	else if (no_base && interp_elf_ex->e_type == ET_DYN)
460	load_addr = -vaddr;	460	load_addr = -vaddr;
461		461
462	map_addr = elf_map(interpreter, load_addr + vaddr,	462	map_addr = elf_map(interpreter, load_addr + vaddr,
463	eppnt, elf_prot, elf_type, total_size);	463	eppnt, elf_prot, elf_type, total_size);
464	total_size = 0;	464	total_size = 0;
465	if (!*interp_map_addr)	465	if (!*interp_map_addr)
466	*interp_map_addr = map_addr;	466	*interp_map_addr = map_addr;
467	error = map_addr;	467	error = map_addr;
468	if (BAD_ADDR(map_addr))	468	if (BAD_ADDR(map_addr))
469	goto out_close;	469	goto out_close;
470		470
471	if (!load_addr_set &&	471	if (!load_addr_set &&
472	interp_elf_ex->e_type == ET_DYN) {	472	interp_elf_ex->e_type == ET_DYN) {
473	load_addr = map_addr - ELF_PAGESTART(vaddr);	473	load_addr = map_addr - ELF_PAGESTART(vaddr);
474	load_addr_set = 1;	474	load_addr_set = 1;
475	}	475	}
476		476
477	/*	477	/*
478	* Check to see if the section's size will overflow the	478	* Check to see if the section's size will overflow the
479	* allowed task size. Note that p_filesz must always be	479	* allowed task size. Note that p_filesz must always be
480	* <= p_memsize so it's only necessary to check p_memsz.	480	* <= p_memsize so it's only necessary to check p_memsz.
481	*/	481	*/
482	k = load_addr + eppnt->p_vaddr;	482	k = load_addr + eppnt->p_vaddr;
483	if (BAD_ADDR(k) \|\|	483	if (BAD_ADDR(k) \|\|
484	eppnt->p_filesz > eppnt->p_memsz \|\|	484	eppnt->p_filesz > eppnt->p_memsz \|\|
485	eppnt->p_memsz > TASK_SIZE \|\|	485	eppnt->p_memsz > TASK_SIZE \|\|
486	TASK_SIZE - eppnt->p_memsz < k) {	486	TASK_SIZE - eppnt->p_memsz < k) {
487	error = -ENOMEM;	487	error = -ENOMEM;
488	goto out_close;	488	goto out_close;
489	}	489	}
490		490
491	/*	491	/*
492	* Find the end of the file mapping for this phdr, and	492	* Find the end of the file mapping for this phdr, and
493	* keep track of the largest address we see for this.	493	* keep track of the largest address we see for this.
494	*/	494	*/
495	k = load_addr + eppnt->p_vaddr + eppnt->p_filesz;	495	k = load_addr + eppnt->p_vaddr + eppnt->p_filesz;
496	if (k > elf_bss)	496	if (k > elf_bss)
497	elf_bss = k;	497	elf_bss = k;
498		498
499	/*	499	/*
500	* Do the same thing for the memory mapping - between	500	* Do the same thing for the memory mapping - between
501	* elf_bss and last_bss is the bss section.	501	* elf_bss and last_bss is the bss section.
502	*/	502	*/
503	k = load_addr + eppnt->p_memsz + eppnt->p_vaddr;	503	k = load_addr + eppnt->p_memsz + eppnt->p_vaddr;
504	if (k > last_bss)	504	if (k > last_bss)
505	last_bss = k;	505	last_bss = k;
506	}	506	}
507	}	507	}
508		508
509	if (last_bss > elf_bss) {	509	if (last_bss > elf_bss) {
510	/*	510	/*
511	* Now fill out the bss section. First pad the last page up	511	* Now fill out the bss section. First pad the last page up
512	* to the page boundary, and then perform a mmap to make sure	512	* to the page boundary, and then perform a mmap to make sure
513	* that there are zero-mapped pages up to and including the	513	* that there are zero-mapped pages up to and including the
514	* last bss page.	514	* last bss page.
515	*/	515	*/
516	if (padzero(elf_bss)) {	516	if (padzero(elf_bss)) {
517	error = -EFAULT;	517	error = -EFAULT;
518	goto out_close;	518	goto out_close;
519	}	519	}
520		520
521	/* What we have mapped so far */	521	/* What we have mapped so far */
522	elf_bss = ELF_PAGESTART(elf_bss + ELF_MIN_ALIGN - 1);	522	elf_bss = ELF_PAGESTART(elf_bss + ELF_MIN_ALIGN - 1);
523		523
524	/* Map the last of the bss segment */	524	/* Map the last of the bss segment */
525	error = vm_brk(elf_bss, last_bss - elf_bss);	525	error = vm_brk(elf_bss, last_bss - elf_bss);
526	if (BAD_ADDR(error))	526	if (BAD_ADDR(error))
527	goto out_close;	527	goto out_close;
528	}	528	}
529		529
530	error = load_addr;	530	error = load_addr;
531		531
532	out_close:	532	out_close:
533	kfree(elf_phdata);	533	kfree(elf_phdata);
534	out:	534	out:
535	return error;	535	return error;
536	}	536	}
537		537
538	/*	538	/*
539	* These are the functions used to load ELF style executables and shared	539	* These are the functions used to load ELF style executables and shared
540	* libraries. There is no binary dependent code anywhere else.	540	* libraries. There is no binary dependent code anywhere else.
541	*/	541	*/
542		542
543	#define INTERPRETER_NONE 0	543	#define INTERPRETER_NONE 0
544	#define INTERPRETER_ELF 2	544	#define INTERPRETER_ELF 2
545		545
546	#ifndef STACK_RND_MASK	546	#ifndef STACK_RND_MASK
547	#define STACK_RND_MASK (0x7ff >> (PAGE_SHIFT - 12)) /* 8MB of VA */	547	#define STACK_RND_MASK (0x7ff >> (PAGE_SHIFT - 12)) /* 8MB of VA */
548	#endif	548	#endif
549		549
550	static unsigned long randomize_stack_top(unsigned long stack_top)	550	static unsigned long randomize_stack_top(unsigned long stack_top)
551	{	551	{
552	unsigned int random_variable = 0;	552	unsigned int random_variable = 0;
553		553
554	if ((current->flags & PF_RANDOMIZE) &&	554	if ((current->flags & PF_RANDOMIZE) &&
555	!(current->personality & ADDR_NO_RANDOMIZE)) {	555	!(current->personality & ADDR_NO_RANDOMIZE)) {
556	random_variable = get_random_int() & STACK_RND_MASK;	556	random_variable = get_random_int() & STACK_RND_MASK;
557	random_variable <<= PAGE_SHIFT;	557	random_variable <<= PAGE_SHIFT;
558	}	558	}
559	#ifdef CONFIG_STACK_GROWSUP	559	#ifdef CONFIG_STACK_GROWSUP
560	return PAGE_ALIGN(stack_top) + random_variable;	560	return PAGE_ALIGN(stack_top) + random_variable;
561	#else	561	#else
562	return PAGE_ALIGN(stack_top) - random_variable;	562	return PAGE_ALIGN(stack_top) - random_variable;
563	#endif	563	#endif
564	}	564	}
565		565
566	static int load_elf_binary(struct linux_binprm *bprm)	566	static int load_elf_binary(struct linux_binprm *bprm)
567	{	567	{
568	struct file interpreter = NULL; / to shut gcc up */	568	struct file interpreter = NULL; / to shut gcc up */
569	unsigned long load_addr = 0, load_bias = 0;	569	unsigned long load_addr = 0, load_bias = 0;
570	int load_addr_set = 0;	570	int load_addr_set = 0;
571	char * elf_interpreter = NULL;	571	char * elf_interpreter = NULL;
572	unsigned long error;	572	unsigned long error;
573	struct elf_phdr elf_ppnt, elf_phdata;	573	struct elf_phdr elf_ppnt, elf_phdata;
574	unsigned long elf_bss, elf_brk;	574	unsigned long elf_bss, elf_brk;
575	int retval, i;	575	int retval, i;
576	unsigned int size;	576	unsigned int size;
577	unsigned long elf_entry;	577	unsigned long elf_entry;
578	unsigned long interp_load_addr = 0;	578	unsigned long interp_load_addr = 0;
579	unsigned long start_code, end_code, start_data, end_data;	579	unsigned long start_code, end_code, start_data, end_data;
580	unsigned long reloc_func_desc __maybe_unused = 0;	580	unsigned long reloc_func_desc __maybe_unused = 0;
581	int executable_stack = EXSTACK_DEFAULT;	581	int executable_stack = EXSTACK_DEFAULT;
582	unsigned long def_flags = 0;	582	unsigned long def_flags = 0;
583	struct pt_regs *regs = current_pt_regs();	583	struct pt_regs *regs = current_pt_regs();
584	struct {	584	struct {
585	struct elfhdr elf_ex;	585	struct elfhdr elf_ex;
586	struct elfhdr interp_elf_ex;	586	struct elfhdr interp_elf_ex;
587	} *loc;	587	} *loc;
588		588
589	loc = kmalloc(sizeof(*loc), GFP_KERNEL);	589	loc = kmalloc(sizeof(*loc), GFP_KERNEL);
590	if (!loc) {	590	if (!loc) {
591	retval = -ENOMEM;	591	retval = -ENOMEM;
592	goto out_ret;	592	goto out_ret;
593	}	593	}
594		594
595	/* Get the exec-header */	595	/* Get the exec-header */
596	loc->elf_ex = ((struct elfhdr )bprm->buf);	596	loc->elf_ex = ((struct elfhdr )bprm->buf);
597		597
598	retval = -ENOEXEC;	598	retval = -ENOEXEC;
599	/* First of all, some simple consistency checks */	599	/* First of all, some simple consistency checks */
600	if (memcmp(loc->elf_ex.e_ident, ELFMAG, SELFMAG) != 0)	600	if (memcmp(loc->elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
601	goto out;	601	goto out;
602		602
603	if (loc->elf_ex.e_type != ET_EXEC && loc->elf_ex.e_type != ET_DYN)	603	if (loc->elf_ex.e_type != ET_EXEC && loc->elf_ex.e_type != ET_DYN)
604	goto out;	604	goto out;
605	if (!elf_check_arch(&loc->elf_ex))	605	if (!elf_check_arch(&loc->elf_ex))
606	goto out;	606	goto out;
607	if (!bprm->file->f_op \|\| !bprm->file->f_op->mmap)	607	if (!bprm->file->f_op \|\| !bprm->file->f_op->mmap)
608	goto out;	608	goto out;
609		609
610	/* Now read in all of the header information */	610	/* Now read in all of the header information */
611	if (loc->elf_ex.e_phentsize != sizeof(struct elf_phdr))	611	if (loc->elf_ex.e_phentsize != sizeof(struct elf_phdr))
612	goto out;	612	goto out;
613	if (loc->elf_ex.e_phnum < 1 \|\|	613	if (loc->elf_ex.e_phnum < 1 \|\|
614	loc->elf_ex.e_phnum > 65536U / sizeof(struct elf_phdr))	614	loc->elf_ex.e_phnum > 65536U / sizeof(struct elf_phdr))
615	goto out;	615	goto out;
616	size = loc->elf_ex.e_phnum * sizeof(struct elf_phdr);	616	size = loc->elf_ex.e_phnum * sizeof(struct elf_phdr);
617	retval = -ENOMEM;	617	retval = -ENOMEM;
618	elf_phdata = kmalloc(size, GFP_KERNEL);	618	elf_phdata = kmalloc(size, GFP_KERNEL);
619	if (!elf_phdata)	619	if (!elf_phdata)
620	goto out;	620	goto out;
621		621
622	retval = kernel_read(bprm->file, loc->elf_ex.e_phoff,	622	retval = kernel_read(bprm->file, loc->elf_ex.e_phoff,
623	(char *)elf_phdata, size);	623	(char *)elf_phdata, size);
624	if (retval != size) {	624	if (retval != size) {
625	if (retval >= 0)	625	if (retval >= 0)
626	retval = -EIO;	626	retval = -EIO;
627	goto out_free_ph;	627	goto out_free_ph;
628	}	628	}
629		629
630	elf_ppnt = elf_phdata;	630	elf_ppnt = elf_phdata;
631	elf_bss = 0;	631	elf_bss = 0;
632	elf_brk = 0;	632	elf_brk = 0;
633		633
634	start_code = ~0UL;	634	start_code = ~0UL;
635	end_code = 0;	635	end_code = 0;
636	start_data = 0;	636	start_data = 0;
637	end_data = 0;	637	end_data = 0;
638		638
639	for (i = 0; i < loc->elf_ex.e_phnum; i++) {	639	for (i = 0; i < loc->elf_ex.e_phnum; i++) {
640	if (elf_ppnt->p_type == PT_INTERP) {	640	if (elf_ppnt->p_type == PT_INTERP) {
641	/* This is the program interpreter used for	641	/* This is the program interpreter used for
642	* shared libraries - for now assume that this	642	* shared libraries - for now assume that this
643	* is an a.out format binary	643	* is an a.out format binary
644	*/	644	*/
645	retval = -ENOEXEC;	645	retval = -ENOEXEC;
646	if (elf_ppnt->p_filesz > PATH_MAX \|\|	646	if (elf_ppnt->p_filesz > PATH_MAX \|\|
647	elf_ppnt->p_filesz < 2)	647	elf_ppnt->p_filesz < 2)
648	goto out_free_ph;	648	goto out_free_ph;
649		649
650	retval = -ENOMEM;	650	retval = -ENOMEM;
651	elf_interpreter = kmalloc(elf_ppnt->p_filesz,	651	elf_interpreter = kmalloc(elf_ppnt->p_filesz,
652	GFP_KERNEL);	652	GFP_KERNEL);
653	if (!elf_interpreter)	653	if (!elf_interpreter)
654	goto out_free_ph;	654	goto out_free_ph;
655		655
656	retval = kernel_read(bprm->file, elf_ppnt->p_offset,	656	retval = kernel_read(bprm->file, elf_ppnt->p_offset,
657	elf_interpreter,	657	elf_interpreter,
658	elf_ppnt->p_filesz);	658	elf_ppnt->p_filesz);
659	if (retval != elf_ppnt->p_filesz) {	659	if (retval != elf_ppnt->p_filesz) {
660	if (retval >= 0)	660	if (retval >= 0)
661	retval = -EIO;	661	retval = -EIO;
662	goto out_free_interp;	662	goto out_free_interp;
663	}	663	}
664	/* make sure path is NULL terminated */	664	/* make sure path is NULL terminated */
665	retval = -ENOEXEC;	665	retval = -ENOEXEC;
666	if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0')	666	if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0')
667	goto out_free_interp;	667	goto out_free_interp;
668		668
669	interpreter = open_exec(elf_interpreter);	669	interpreter = open_exec(elf_interpreter);
670	retval = PTR_ERR(interpreter);	670	retval = PTR_ERR(interpreter);
671	if (IS_ERR(interpreter))	671	if (IS_ERR(interpreter))
672	goto out_free_interp;	672	goto out_free_interp;
673		673
674	/*	674	/*
675	* If the binary is not readable then enforce	675	* If the binary is not readable then enforce
676	* mm->dumpable = 0 regardless of the interpreter's	676	* mm->dumpable = 0 regardless of the interpreter's
677	* permissions.	677	* permissions.
678	*/	678	*/
679	would_dump(bprm, interpreter);	679	would_dump(bprm, interpreter);
680		680
681	retval = kernel_read(interpreter, 0, bprm->buf,	681	retval = kernel_read(interpreter, 0, bprm->buf,
682	BINPRM_BUF_SIZE);	682	BINPRM_BUF_SIZE);
683	if (retval != BINPRM_BUF_SIZE) {	683	if (retval != BINPRM_BUF_SIZE) {
684	if (retval >= 0)	684	if (retval >= 0)
685	retval = -EIO;	685	retval = -EIO;
686	goto out_free_dentry;	686	goto out_free_dentry;
687	}	687	}
688		688
689	/* Get the exec headers */	689	/* Get the exec headers */
690	loc->interp_elf_ex = ((struct elfhdr )bprm->buf);	690	loc->interp_elf_ex = ((struct elfhdr )bprm->buf);
691	break;	691	break;
692	}	692	}
693	elf_ppnt++;	693	elf_ppnt++;
694	}	694	}
695		695
696	elf_ppnt = elf_phdata;	696	elf_ppnt = elf_phdata;
697	for (i = 0; i < loc->elf_ex.e_phnum; i++, elf_ppnt++)	697	for (i = 0; i < loc->elf_ex.e_phnum; i++, elf_ppnt++)
698	if (elf_ppnt->p_type == PT_GNU_STACK) {	698	if (elf_ppnt->p_type == PT_GNU_STACK) {
699	if (elf_ppnt->p_flags & PF_X)	699	if (elf_ppnt->p_flags & PF_X)
700	executable_stack = EXSTACK_ENABLE_X;	700	executable_stack = EXSTACK_ENABLE_X;
701	else	701	else
702	executable_stack = EXSTACK_DISABLE_X;	702	executable_stack = EXSTACK_DISABLE_X;
703	break;	703	break;
704	}	704	}
705		705
706	/* Some simple consistency checks for the interpreter */	706	/* Some simple consistency checks for the interpreter */
707	if (elf_interpreter) {	707	if (elf_interpreter) {
708	retval = -ELIBBAD;	708	retval = -ELIBBAD;
709	/* Not an ELF interpreter */	709	/* Not an ELF interpreter */
710	if (memcmp(loc->interp_elf_ex.e_ident, ELFMAG, SELFMAG) != 0)	710	if (memcmp(loc->interp_elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
711	goto out_free_dentry;	711	goto out_free_dentry;
712	/* Verify the interpreter has a valid arch */	712	/* Verify the interpreter has a valid arch */
713	if (!elf_check_arch(&loc->interp_elf_ex))	713	if (!elf_check_arch(&loc->interp_elf_ex))
714	goto out_free_dentry;	714	goto out_free_dentry;
715	}	715	}
716		716
717	/* Flush all traces of the currently running executable */	717	/* Flush all traces of the currently running executable */
718	retval = flush_old_exec(bprm);	718	retval = flush_old_exec(bprm);
719	if (retval)	719	if (retval)
720	goto out_free_dentry;	720	goto out_free_dentry;
721		721
722	/* OK, This is the point of no return */	722	/* OK, This is the point of no return */
723	current->mm->def_flags = def_flags;	723	current->mm->def_flags = def_flags;
724		724
725	/* Do this immediately, since STACK_TOP as used in setup_arg_pages	725	/* Do this immediately, since STACK_TOP as used in setup_arg_pages
726	may depend on the personality. */	726	may depend on the personality. */
727	SET_PERSONALITY(loc->elf_ex);	727	SET_PERSONALITY(loc->elf_ex);
728	if (elf_read_implies_exec(loc->elf_ex, executable_stack))	728	if (elf_read_implies_exec(loc->elf_ex, executable_stack))
729	current->personality \|= READ_IMPLIES_EXEC;	729	current->personality \|= READ_IMPLIES_EXEC;
730		730
731	if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)	731	if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
732	current->flags \|= PF_RANDOMIZE;	732	current->flags \|= PF_RANDOMIZE;
733		733
734	setup_new_exec(bprm);	734	setup_new_exec(bprm);
735		735
736	/* Do this so that we can load the interpreter, if need be. We will	736	/* Do this so that we can load the interpreter, if need be. We will
737	change some of these later */	737	change some of these later */
738	current->mm->free_area_cache = current->mm->mmap_base;	738	current->mm->free_area_cache = current->mm->mmap_base;
739	current->mm->cached_hole_size = 0;	739	current->mm->cached_hole_size = 0;
740	retval = setup_arg_pages(bprm, randomize_stack_top(STACK_TOP),	740	retval = setup_arg_pages(bprm, randomize_stack_top(STACK_TOP),
741	executable_stack);	741	executable_stack);
742	if (retval < 0) {	742	if (retval < 0) {
743	send_sig(SIGKILL, current, 0);	743	send_sig(SIGKILL, current, 0);
744	goto out_free_dentry;	744	goto out_free_dentry;
745	}	745	}
746		746
747	current->mm->start_stack = bprm->p;	747	current->mm->start_stack = bprm->p;
748		748
749	/* Now we do a little grungy work by mmapping the ELF image into	749	/* Now we do a little grungy work by mmapping the ELF image into
750	the correct location in memory. */	750	the correct location in memory. */
751	for(i = 0, elf_ppnt = elf_phdata;	751	for(i = 0, elf_ppnt = elf_phdata;
752	i < loc->elf_ex.e_phnum; i++, elf_ppnt++) {	752	i < loc->elf_ex.e_phnum; i++, elf_ppnt++) {
753	int elf_prot = 0, elf_flags;	753	int elf_prot = 0, elf_flags;
754	unsigned long k, vaddr;	754	unsigned long k, vaddr;
755		755
756	if (elf_ppnt->p_type != PT_LOAD)	756	if (elf_ppnt->p_type != PT_LOAD)
757	continue;	757	continue;
758		758
759	if (unlikely (elf_brk > elf_bss)) {	759	if (unlikely (elf_brk > elf_bss)) {
760	unsigned long nbyte;	760	unsigned long nbyte;
761		761
762	/* There was a PT_LOAD segment with p_memsz > p_filesz	762	/* There was a PT_LOAD segment with p_memsz > p_filesz
763	before this one. Map anonymous pages, if needed,	763	before this one. Map anonymous pages, if needed,
764	and clear the area. */	764	and clear the area. */
765	retval = set_brk(elf_bss + load_bias,	765	retval = set_brk(elf_bss + load_bias,
766	elf_brk + load_bias);	766	elf_brk + load_bias);
767	if (retval) {	767	if (retval) {
768	send_sig(SIGKILL, current, 0);	768	send_sig(SIGKILL, current, 0);
769	goto out_free_dentry;	769	goto out_free_dentry;
770	}	770	}
771	nbyte = ELF_PAGEOFFSET(elf_bss);	771	nbyte = ELF_PAGEOFFSET(elf_bss);
772	if (nbyte) {	772	if (nbyte) {
773	nbyte = ELF_MIN_ALIGN - nbyte;	773	nbyte = ELF_MIN_ALIGN - nbyte;
774	if (nbyte > elf_brk - elf_bss)	774	if (nbyte > elf_brk - elf_bss)
775	nbyte = elf_brk - elf_bss;	775	nbyte = elf_brk - elf_bss;
776	if (clear_user((void __user *)elf_bss +	776	if (clear_user((void __user *)elf_bss +
777	load_bias, nbyte)) {	777	load_bias, nbyte)) {
778	/*	778	/*
779	* This bss-zeroing can fail if the ELF	779	* This bss-zeroing can fail if the ELF
780	* file specifies odd protections. So	780	* file specifies odd protections. So
781	* we don't check the return value	781	* we don't check the return value
782	*/	782	*/
783	}	783	}
784	}	784	}
785	}	785	}
786		786
787	if (elf_ppnt->p_flags & PF_R)	787	if (elf_ppnt->p_flags & PF_R)
788	elf_prot \|= PROT_READ;	788	elf_prot \|= PROT_READ;
789	if (elf_ppnt->p_flags & PF_W)	789	if (elf_ppnt->p_flags & PF_W)
790	elf_prot \|= PROT_WRITE;	790	elf_prot \|= PROT_WRITE;
791	if (elf_ppnt->p_flags & PF_X)	791	if (elf_ppnt->p_flags & PF_X)
792	elf_prot \|= PROT_EXEC;	792	elf_prot \|= PROT_EXEC;
793		793
794	elf_flags = MAP_PRIVATE \| MAP_DENYWRITE \| MAP_EXECUTABLE;	794	elf_flags = MAP_PRIVATE \| MAP_DENYWRITE \| MAP_EXECUTABLE;
795		795
796	vaddr = elf_ppnt->p_vaddr;	796	vaddr = elf_ppnt->p_vaddr;
797	if (loc->elf_ex.e_type == ET_EXEC \|\| load_addr_set) {	797	if (loc->elf_ex.e_type == ET_EXEC \|\| load_addr_set) {
798	elf_flags \|= MAP_FIXED;	798	elf_flags \|= MAP_FIXED;
799	} else if (loc->elf_ex.e_type == ET_DYN) {	799	} else if (loc->elf_ex.e_type == ET_DYN) {
800	/* Try and get dynamic programs out of the way of the	800	/* Try and get dynamic programs out of the way of the
801	* default mmap base, as well as whatever program they	801	* default mmap base, as well as whatever program they
802	* might try to exec. This is because the brk will	802	* might try to exec. This is because the brk will
803	* follow the loader, and is not movable. */	803	* follow the loader, and is not movable. */
804	#ifdef CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE	804	#ifdef CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE
805	/* Memory randomization might have been switched off	805	/* Memory randomization might have been switched off
806	* in runtime via sysctl or explicit setting of	806	* in runtime via sysctl or explicit setting of
807	* personality flags.	807	* personality flags.
808	* If that is the case, retain the original non-zero	808	* If that is the case, retain the original non-zero
809	* load_bias value in order to establish proper	809	* load_bias value in order to establish proper
810	* non-randomized mappings.	810	* non-randomized mappings.
811	*/	811	*/
812	if (current->flags & PF_RANDOMIZE)	812	if (current->flags & PF_RANDOMIZE)
813	load_bias = 0;	813	load_bias = 0;
814	else	814	else
815	load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);	815	load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
816	#else	816	#else
817	load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);	817	load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
818	#endif	818	#endif
819	}	819	}
820		820
821	error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,	821	error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
822	elf_prot, elf_flags, 0);	822	elf_prot, elf_flags, 0);
823	if (BAD_ADDR(error)) {	823	if (BAD_ADDR(error)) {
824	send_sig(SIGKILL, current, 0);	824	send_sig(SIGKILL, current, 0);
825	retval = IS_ERR((void *)error) ?	825	retval = IS_ERR((void *)error) ?
826	PTR_ERR((void*)error) : -EINVAL;	826	PTR_ERR((void*)error) : -EINVAL;
827	goto out_free_dentry;	827	goto out_free_dentry;
828	}	828	}
829		829
830	if (!load_addr_set) {	830	if (!load_addr_set) {
831	load_addr_set = 1;	831	load_addr_set = 1;
832	load_addr = (elf_ppnt->p_vaddr - elf_ppnt->p_offset);	832	load_addr = (elf_ppnt->p_vaddr - elf_ppnt->p_offset);
833	if (loc->elf_ex.e_type == ET_DYN) {	833	if (loc->elf_ex.e_type == ET_DYN) {
834	load_bias += error -	834	load_bias += error -
835	ELF_PAGESTART(load_bias + vaddr);	835	ELF_PAGESTART(load_bias + vaddr);
836	load_addr += load_bias;	836	load_addr += load_bias;
837	reloc_func_desc = load_bias;	837	reloc_func_desc = load_bias;
838	}	838	}
839	}	839	}
840	k = elf_ppnt->p_vaddr;	840	k = elf_ppnt->p_vaddr;
841	if (k < start_code)	841	if (k < start_code)
842	start_code = k;	842	start_code = k;
843	if (start_data < k)	843	if (start_data < k)
844	start_data = k;	844	start_data = k;
845		845
846	/*	846	/*
847	* Check to see if the section's size will overflow the	847	* Check to see if the section's size will overflow the
848	* allowed task size. Note that p_filesz must always be	848	* allowed task size. Note that p_filesz must always be
849	* <= p_memsz so it is only necessary to check p_memsz.	849	* <= p_memsz so it is only necessary to check p_memsz.
850	*/	850	*/
851	if (BAD_ADDR(k) \|\| elf_ppnt->p_filesz > elf_ppnt->p_memsz \|\|	851	if (BAD_ADDR(k) \|\| elf_ppnt->p_filesz > elf_ppnt->p_memsz \|\|
852	elf_ppnt->p_memsz > TASK_SIZE \|\|	852	elf_ppnt->p_memsz > TASK_SIZE \|\|
853	TASK_SIZE - elf_ppnt->p_memsz < k) {	853	TASK_SIZE - elf_ppnt->p_memsz < k) {
854	/* set_brk can never work. Avoid overflows. */	854	/* set_brk can never work. Avoid overflows. */
855	send_sig(SIGKILL, current, 0);	855	send_sig(SIGKILL, current, 0);
856	retval = -EINVAL;	856	retval = -EINVAL;
857	goto out_free_dentry;	857	goto out_free_dentry;
858	}	858	}
859		859
860	k = elf_ppnt->p_vaddr + elf_ppnt->p_filesz;	860	k = elf_ppnt->p_vaddr + elf_ppnt->p_filesz;
861		861
862	if (k > elf_bss)	862	if (k > elf_bss)
863	elf_bss = k;	863	elf_bss = k;
864	if ((elf_ppnt->p_flags & PF_X) && end_code < k)	864	if ((elf_ppnt->p_flags & PF_X) && end_code < k)
865	end_code = k;	865	end_code = k;
866	if (end_data < k)	866	if (end_data < k)
867	end_data = k;	867	end_data = k;
868	k = elf_ppnt->p_vaddr + elf_ppnt->p_memsz;	868	k = elf_ppnt->p_vaddr + elf_ppnt->p_memsz;
869	if (k > elf_brk)	869	if (k > elf_brk)
870	elf_brk = k;	870	elf_brk = k;
871	}	871	}
872		872
873	loc->elf_ex.e_entry += load_bias;	873	loc->elf_ex.e_entry += load_bias;
874	elf_bss += load_bias;	874	elf_bss += load_bias;
875	elf_brk += load_bias;	875	elf_brk += load_bias;
876	start_code += load_bias;	876	start_code += load_bias;
877	end_code += load_bias;	877	end_code += load_bias;
878	start_data += load_bias;	878	start_data += load_bias;
879	end_data += load_bias;	879	end_data += load_bias;
880		880
881	/* Calling set_brk effectively mmaps the pages that we need	881	/* Calling set_brk effectively mmaps the pages that we need
882	* for the bss and break sections. We must do this before	882	* for the bss and break sections. We must do this before
883	* mapping in the interpreter, to make sure it doesn't wind	883	* mapping in the interpreter, to make sure it doesn't wind
884	* up getting placed where the bss needs to go.	884	* up getting placed where the bss needs to go.
885	*/	885	*/
886	retval = set_brk(elf_bss, elf_brk);	886	retval = set_brk(elf_bss, elf_brk);
887	if (retval) {	887	if (retval) {
888	send_sig(SIGKILL, current, 0);	888	send_sig(SIGKILL, current, 0);
889	goto out_free_dentry;	889	goto out_free_dentry;
890	}	890	}
891	if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {	891	if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
892	send_sig(SIGSEGV, current, 0);	892	send_sig(SIGSEGV, current, 0);
893	retval = -EFAULT; /* Nobody gets to see this, but.. */	893	retval = -EFAULT; /* Nobody gets to see this, but.. */
894	goto out_free_dentry;	894	goto out_free_dentry;
895	}	895	}
896		896
897	if (elf_interpreter) {	897	if (elf_interpreter) {
898	unsigned long interp_map_addr = 0;	898	unsigned long interp_map_addr = 0;
899		899
900	elf_entry = load_elf_interp(&loc->interp_elf_ex,	900	elf_entry = load_elf_interp(&loc->interp_elf_ex,
901	interpreter,	901	interpreter,
902	&interp_map_addr,	902	&interp_map_addr,
903	load_bias);	903	load_bias);
904	if (!IS_ERR((void *)elf_entry)) {	904	if (!IS_ERR((void *)elf_entry)) {
905	/*	905	/*
906	* load_elf_interp() returns relocation	906	* load_elf_interp() returns relocation
907	* adjustment	907	* adjustment
908	*/	908	*/
909	interp_load_addr = elf_entry;	909	interp_load_addr = elf_entry;
910	elf_entry += loc->interp_elf_ex.e_entry;	910	elf_entry += loc->interp_elf_ex.e_entry;
911	}	911	}
912	if (BAD_ADDR(elf_entry)) {	912	if (BAD_ADDR(elf_entry)) {
913	force_sig(SIGSEGV, current);	913	force_sig(SIGSEGV, current);
914	retval = IS_ERR((void *)elf_entry) ?	914	retval = IS_ERR((void *)elf_entry) ?
915	(int)elf_entry : -EINVAL;	915	(int)elf_entry : -EINVAL;
916	goto out_free_dentry;	916	goto out_free_dentry;
917	}	917	}
918	reloc_func_desc = interp_load_addr;	918	reloc_func_desc = interp_load_addr;
919		919
920	allow_write_access(interpreter);	920	allow_write_access(interpreter);
921	fput(interpreter);	921	fput(interpreter);
922	kfree(elf_interpreter);	922	kfree(elf_interpreter);
923	} else {	923	} else {
924	elf_entry = loc->elf_ex.e_entry;	924	elf_entry = loc->elf_ex.e_entry;
925	if (BAD_ADDR(elf_entry)) {	925	if (BAD_ADDR(elf_entry)) {
926	force_sig(SIGSEGV, current);	926	force_sig(SIGSEGV, current);
927	retval = -EINVAL;	927	retval = -EINVAL;
928	goto out_free_dentry;	928	goto out_free_dentry;
929	}	929	}
930	}	930	}
931		931
932	kfree(elf_phdata);	932	kfree(elf_phdata);
933		933
934	set_binfmt(&elf_format);	934	set_binfmt(&elf_format);
935		935
936	#ifdef ARCH_HAS_SETUP_ADDITIONAL_PAGES	936	#ifdef ARCH_HAS_SETUP_ADDITIONAL_PAGES
937	retval = arch_setup_additional_pages(bprm, !!elf_interpreter);	937	retval = arch_setup_additional_pages(bprm, !!elf_interpreter);
938	if (retval < 0) {	938	if (retval < 0) {
939	send_sig(SIGKILL, current, 0);	939	send_sig(SIGKILL, current, 0);
940	goto out;	940	goto out;
941	}	941	}
942	#endif /* ARCH_HAS_SETUP_ADDITIONAL_PAGES */	942	#endif /* ARCH_HAS_SETUP_ADDITIONAL_PAGES */
943		943
944	install_exec_creds(bprm);	944	install_exec_creds(bprm);
945	retval = create_elf_tables(bprm, &loc->elf_ex,	945	retval = create_elf_tables(bprm, &loc->elf_ex,
946	load_addr, interp_load_addr);	946	load_addr, interp_load_addr);
947	if (retval < 0) {	947	if (retval < 0) {
948	send_sig(SIGKILL, current, 0);	948	send_sig(SIGKILL, current, 0);
949	goto out;	949	goto out;
950	}	950	}
951	/* N.B. passed_fileno might not be initialized? */	951	/* N.B. passed_fileno might not be initialized? */
952	current->mm->end_code = end_code;	952	current->mm->end_code = end_code;
953	current->mm->start_code = start_code;	953	current->mm->start_code = start_code;
954	current->mm->start_data = start_data;	954	current->mm->start_data = start_data;
955	current->mm->end_data = end_data;	955	current->mm->end_data = end_data;
956	current->mm->start_stack = bprm->p;	956	current->mm->start_stack = bprm->p;
957		957
958	#ifdef arch_randomize_brk	958	#ifdef arch_randomize_brk
959	if ((current->flags & PF_RANDOMIZE) && (randomize_va_space > 1)) {	959	if ((current->flags & PF_RANDOMIZE) && (randomize_va_space > 1)) {
960	current->mm->brk = current->mm->start_brk =	960	current->mm->brk = current->mm->start_brk =
961	arch_randomize_brk(current->mm);	961	arch_randomize_brk(current->mm);
962	#ifdef CONFIG_COMPAT_BRK	962	#ifdef CONFIG_COMPAT_BRK
963	current->brk_randomized = 1;	963	current->brk_randomized = 1;
964	#endif	964	#endif
965	}	965	}
966	#endif	966	#endif
967		967
968	if (current->personality & MMAP_PAGE_ZERO) {	968	if (current->personality & MMAP_PAGE_ZERO) {
969	/* Why this, you ask??? Well SVr4 maps page 0 as read-only,	969	/* Why this, you ask??? Well SVr4 maps page 0 as read-only,
970	and some applications "depend" upon this behavior.	970	and some applications "depend" upon this behavior.
971	Since we do not have the power to recompile these, we	971	Since we do not have the power to recompile these, we
972	emulate the SVr4 behavior. Sigh. */	972	emulate the SVr4 behavior. Sigh. */
973	error = vm_mmap(NULL, 0, PAGE_SIZE, PROT_READ \| PROT_EXEC,	973	error = vm_mmap(NULL, 0, PAGE_SIZE, PROT_READ \| PROT_EXEC,
974	MAP_FIXED \| MAP_PRIVATE, 0);	974	MAP_FIXED \| MAP_PRIVATE, 0);
975	}	975	}
976		976
977	#ifdef ELF_PLAT_INIT	977	#ifdef ELF_PLAT_INIT
978	/*	978	/*
979	* The ABI may specify that certain registers be set up in special	979	* The ABI may specify that certain registers be set up in special
980	* ways (on i386 %edx is the address of a DT_FINI function, for	980	* ways (on i386 %edx is the address of a DT_FINI function, for
981	* example. In addition, it may also specify (eg, PowerPC64 ELF)	981	* example. In addition, it may also specify (eg, PowerPC64 ELF)
982	* that the e_entry field is the address of the function descriptor	982	* that the e_entry field is the address of the function descriptor
983	* for the startup routine, rather than the address of the startup	983	* for the startup routine, rather than the address of the startup
984	* routine itself. This macro performs whatever initialization to	984	* routine itself. This macro performs whatever initialization to
985	* the regs structure is required as well as any relocations to the	985	* the regs structure is required as well as any relocations to the
986	* function descriptor entries when executing dynamically links apps.	986	* function descriptor entries when executing dynamically links apps.
987	*/	987	*/
988	ELF_PLAT_INIT(regs, reloc_func_desc);	988	ELF_PLAT_INIT(regs, reloc_func_desc);
989	#endif	989	#endif
990		990
991	start_thread(regs, elf_entry, bprm->p);	991	start_thread(regs, elf_entry, bprm->p);
992	retval = 0;	992	retval = 0;
993	out:	993	out:
994	kfree(loc);	994	kfree(loc);
995	out_ret:	995	out_ret:
996	return retval;	996	return retval;
997		997
998	/* error cleanup */	998	/* error cleanup */
999	out_free_dentry:	999	out_free_dentry:
1000	allow_write_access(interpreter);	1000	allow_write_access(interpreter);
1001	if (interpreter)	1001	if (interpreter)
1002	fput(interpreter);	1002	fput(interpreter);
1003	out_free_interp:	1003	out_free_interp:
1004	kfree(elf_interpreter);	1004	kfree(elf_interpreter);
1005	out_free_ph:	1005	out_free_ph:
1006	kfree(elf_phdata);	1006	kfree(elf_phdata);
1007	goto out;	1007	goto out;
1008	}	1008	}
1009		1009
1010	/* This is really simpleminded and specialized - we are loading an	1010	/* This is really simpleminded and specialized - we are loading an
1011	a.out library that is given an ELF header. */	1011	a.out library that is given an ELF header. */
1012	static int load_elf_library(struct file *file)	1012	static int load_elf_library(struct file *file)
1013	{	1013	{
1014	struct elf_phdr *elf_phdata;	1014	struct elf_phdr *elf_phdata;
1015	struct elf_phdr *eppnt;	1015	struct elf_phdr *eppnt;
1016	unsigned long elf_bss, bss, len;	1016	unsigned long elf_bss, bss, len;
1017	int retval, error, i, j;	1017	int retval, error, i, j;
1018	struct elfhdr elf_ex;	1018	struct elfhdr elf_ex;
1019		1019
1020	error = -ENOEXEC;	1020	error = -ENOEXEC;
1021	retval = kernel_read(file, 0, (char *)&elf_ex, sizeof(elf_ex));	1021	retval = kernel_read(file, 0, (char *)&elf_ex, sizeof(elf_ex));
1022	if (retval != sizeof(elf_ex))	1022	if (retval != sizeof(elf_ex))
1023	goto out;	1023	goto out;
1024		1024
1025	if (memcmp(elf_ex.e_ident, ELFMAG, SELFMAG) != 0)	1025	if (memcmp(elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
1026	goto out;	1026	goto out;
1027		1027
1028	/* First of all, some simple consistency checks */	1028	/* First of all, some simple consistency checks */
1029	if (elf_ex.e_type != ET_EXEC \|\| elf_ex.e_phnum > 2 \|\|	1029	if (elf_ex.e_type != ET_EXEC \|\| elf_ex.e_phnum > 2 \|\|
1030	!elf_check_arch(&elf_ex) \|\| !file->f_op \|\| !file->f_op->mmap)	1030	!elf_check_arch(&elf_ex) \|\| !file->f_op \|\| !file->f_op->mmap)
1031	goto out;	1031	goto out;
1032		1032
1033	/* Now read in all of the header information */	1033	/* Now read in all of the header information */
1034		1034
1035	j = sizeof(struct elf_phdr) * elf_ex.e_phnum;	1035	j = sizeof(struct elf_phdr) * elf_ex.e_phnum;
1036	/* j < ELF_MIN_ALIGN because elf_ex.e_phnum <= 2 */	1036	/* j < ELF_MIN_ALIGN because elf_ex.e_phnum <= 2 */
1037		1037
1038	error = -ENOMEM;	1038	error = -ENOMEM;
1039	elf_phdata = kmalloc(j, GFP_KERNEL);	1039	elf_phdata = kmalloc(j, GFP_KERNEL);
1040	if (!elf_phdata)	1040	if (!elf_phdata)
1041	goto out;	1041	goto out;
1042		1042
1043	eppnt = elf_phdata;	1043	eppnt = elf_phdata;
1044	error = -ENOEXEC;	1044	error = -ENOEXEC;
1045	retval = kernel_read(file, elf_ex.e_phoff, (char *)eppnt, j);	1045	retval = kernel_read(file, elf_ex.e_phoff, (char *)eppnt, j);
1046	if (retval != j)	1046	if (retval != j)
1047	goto out_free_ph;	1047	goto out_free_ph;
1048		1048
1049	for (j = 0, i = 0; i<elf_ex.e_phnum; i++)	1049	for (j = 0, i = 0; i<elf_ex.e_phnum; i++)
1050	if ((eppnt + i)->p_type == PT_LOAD)	1050	if ((eppnt + i)->p_type == PT_LOAD)
1051	j++;	1051	j++;
1052	if (j != 1)	1052	if (j != 1)
1053	goto out_free_ph;	1053	goto out_free_ph;
1054		1054
1055	while (eppnt->p_type != PT_LOAD)	1055	while (eppnt->p_type != PT_LOAD)
1056	eppnt++;	1056	eppnt++;
1057		1057
1058	/* Now use mmap to map the library into memory. */	1058	/* Now use mmap to map the library into memory. */
1059	error = vm_mmap(file,	1059	error = vm_mmap(file,
1060	ELF_PAGESTART(eppnt->p_vaddr),	1060	ELF_PAGESTART(eppnt->p_vaddr),
1061	(eppnt->p_filesz +	1061	(eppnt->p_filesz +
1062	ELF_PAGEOFFSET(eppnt->p_vaddr)),	1062	ELF_PAGEOFFSET(eppnt->p_vaddr)),
1063	PROT_READ \| PROT_WRITE \| PROT_EXEC,	1063	PROT_READ \| PROT_WRITE \| PROT_EXEC,
1064	MAP_FIXED \| MAP_PRIVATE \| MAP_DENYWRITE,	1064	MAP_FIXED \| MAP_PRIVATE \| MAP_DENYWRITE,
1065	(eppnt->p_offset -	1065	(eppnt->p_offset -
1066	ELF_PAGEOFFSET(eppnt->p_vaddr)));	1066	ELF_PAGEOFFSET(eppnt->p_vaddr)));
1067	if (error != ELF_PAGESTART(eppnt->p_vaddr))	1067	if (error != ELF_PAGESTART(eppnt->p_vaddr))
1068	goto out_free_ph;	1068	goto out_free_ph;
1069		1069
1070	elf_bss = eppnt->p_vaddr + eppnt->p_filesz;	1070	elf_bss = eppnt->p_vaddr + eppnt->p_filesz;
1071	if (padzero(elf_bss)) {	1071	if (padzero(elf_bss)) {
1072	error = -EFAULT;	1072	error = -EFAULT;
1073	goto out_free_ph;	1073	goto out_free_ph;
1074	}	1074	}
1075		1075
1076	len = ELF_PAGESTART(eppnt->p_filesz + eppnt->p_vaddr +	1076	len = ELF_PAGESTART(eppnt->p_filesz + eppnt->p_vaddr +
1077	ELF_MIN_ALIGN - 1);	1077	ELF_MIN_ALIGN - 1);
1078	bss = eppnt->p_memsz + eppnt->p_vaddr;	1078	bss = eppnt->p_memsz + eppnt->p_vaddr;
1079	if (bss > len)	1079	if (bss > len)
1080	vm_brk(len, bss - len);	1080	vm_brk(len, bss - len);
1081	error = 0;	1081	error = 0;
1082		1082
1083	out_free_ph:	1083	out_free_ph:
1084	kfree(elf_phdata);	1084	kfree(elf_phdata);
1085	out:	1085	out:
1086	return error;	1086	return error;
1087	}	1087	}
1088		1088
1089	#ifdef CONFIG_ELF_CORE	1089	#ifdef CONFIG_ELF_CORE
1090	/*	1090	/*
1091	* ELF core dumper	1091	* ELF core dumper
1092	*	1092	*
1093	* Modelled on fs/exec.c:aout_core_dump()	1093	* Modelled on fs/exec.c:aout_core_dump()
1094	* Jeremy Fitzhardinge <jeremy@sw.oz.au>	1094	* Jeremy Fitzhardinge <jeremy@sw.oz.au>
1095	*/	1095	*/
1096		1096
1097	/*	1097	/*
1098	* The purpose of always_dump_vma() is to make sure that special kernel mappings	1098	* The purpose of always_dump_vma() is to make sure that special kernel mappings
1099	* that are useful for post-mortem analysis are included in every core dump.	1099	* that are useful for post-mortem analysis are included in every core dump.
1100	* In that way we ensure that the core dump is fully interpretable later	1100	* In that way we ensure that the core dump is fully interpretable later
1101	* without matching up the same kernel and hardware config to see what PC values	1101	* without matching up the same kernel and hardware config to see what PC values
1102	* meant. These special mappings include - vDSO, vsyscall, and other	1102	* meant. These special mappings include - vDSO, vsyscall, and other
1103	* architecture specific mappings	1103	* architecture specific mappings
1104	*/	1104	*/
1105	static bool always_dump_vma(struct vm_area_struct *vma)	1105	static bool always_dump_vma(struct vm_area_struct *vma)
1106	{	1106	{
1107	/* Any vsyscall mappings? */	1107	/* Any vsyscall mappings? */
1108	if (vma == get_gate_vma(vma->vm_mm))	1108	if (vma == get_gate_vma(vma->vm_mm))
1109	return true;	1109	return true;
1110	/*	1110	/*
1111	* arch_vma_name() returns non-NULL for special architecture mappings,	1111	* arch_vma_name() returns non-NULL for special architecture mappings,
1112	* such as vDSO sections.	1112	* such as vDSO sections.
1113	*/	1113	*/
1114	if (arch_vma_name(vma))	1114	if (arch_vma_name(vma))
1115	return true;	1115	return true;
1116		1116
1117	return false;	1117	return false;
1118	}	1118	}
1119		1119
1120	/*	1120	/*
1121	* Decide what to dump of a segment, part, all or none.	1121	* Decide what to dump of a segment, part, all or none.
1122	*/	1122	*/
1123	static unsigned long vma_dump_size(struct vm_area_struct *vma,	1123	static unsigned long vma_dump_size(struct vm_area_struct *vma,
1124	unsigned long mm_flags)	1124	unsigned long mm_flags)
1125	{	1125	{
1126	#define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type))	1126	#define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type))
1127		1127
1128	/* always dump the vdso and vsyscall sections */	1128	/* always dump the vdso and vsyscall sections */
1129	if (always_dump_vma(vma))	1129	if (always_dump_vma(vma))
1130	goto whole;	1130	goto whole;
1131		1131
1132	if (vma->vm_flags & VM_DONTDUMP)	1132	if (vma->vm_flags & VM_DONTDUMP)
1133	return 0;	1133	return 0;
1134		1134
1135	/* Hugetlb memory check */	1135	/* Hugetlb memory check */
1136	if (vma->vm_flags & VM_HUGETLB) {	1136	if (vma->vm_flags & VM_HUGETLB) {
1137	if ((vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_SHARED))	1137	if ((vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_SHARED))
1138	goto whole;	1138	goto whole;
1139	if (!(vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_PRIVATE))	1139	if (!(vma->vm_flags & VM_SHARED) && FILTER(HUGETLB_PRIVATE))
1140	goto whole;	1140	goto whole;
1141	return 0;	1141	return 0;
1142	}	1142	}
1143		1143
1144	/* Do not dump I/O mapped devices or special mappings */	1144	/* Do not dump I/O mapped devices or special mappings */
1145	if (vma->vm_flags & VM_IO)	1145	if (vma->vm_flags & VM_IO)
1146	return 0;	1146	return 0;
1147		1147
1148	/* By default, dump shared memory if mapped from an anonymous file. */	1148	/* By default, dump shared memory if mapped from an anonymous file. */
1149	if (vma->vm_flags & VM_SHARED) {	1149	if (vma->vm_flags & VM_SHARED) {
1150	if (file_inode(vma->vm_file)->i_nlink == 0 ?	1150	if (file_inode(vma->vm_file)->i_nlink == 0 ?
1151	FILTER(ANON_SHARED) : FILTER(MAPPED_SHARED))	1151	FILTER(ANON_SHARED) : FILTER(MAPPED_SHARED))
1152	goto whole;	1152	goto whole;
1153	return 0;	1153	return 0;
1154	}	1154	}
1155		1155
1156	/* Dump segments that have been written to. */	1156	/* Dump segments that have been written to. */
1157	if (vma->anon_vma && FILTER(ANON_PRIVATE))	1157	if (vma->anon_vma && FILTER(ANON_PRIVATE))
1158	goto whole;	1158	goto whole;
1159	if (vma->vm_file == NULL)	1159	if (vma->vm_file == NULL)
1160	return 0;	1160	return 0;
1161		1161
1162	if (FILTER(MAPPED_PRIVATE))	1162	if (FILTER(MAPPED_PRIVATE))
1163	goto whole;	1163	goto whole;
1164		1164
1165	/*	1165	/*
1166	* If this looks like the beginning of a DSO or executable mapping,	1166	* If this looks like the beginning of a DSO or executable mapping,
1167	* check for an ELF header. If we find one, dump the first page to	1167	* check for an ELF header. If we find one, dump the first page to
1168	* aid in determining what was mapped here.	1168	* aid in determining what was mapped here.
1169	*/	1169	*/
1170	if (FILTER(ELF_HEADERS) &&	1170	if (FILTER(ELF_HEADERS) &&
1171	vma->vm_pgoff == 0 && (vma->vm_flags & VM_READ)) {	1171	vma->vm_pgoff == 0 && (vma->vm_flags & VM_READ)) {
1172	u32 __user header = (u32 __user ) vma->vm_start;	1172	u32 __user header = (u32 __user ) vma->vm_start;
1173	u32 word;	1173	u32 word;
1174	mm_segment_t fs = get_fs();	1174	mm_segment_t fs = get_fs();
1175	/*	1175	/*
1176	* Doing it this way gets the constant folded by GCC.	1176	* Doing it this way gets the constant folded by GCC.
1177	*/	1177	*/
1178	union {	1178	union {
1179	u32 cmp;	1179	u32 cmp;
1180	char elfmag[SELFMAG];	1180	char elfmag[SELFMAG];
1181	} magic;	1181	} magic;
1182	BUILD_BUG_ON(SELFMAG != sizeof word);	1182	BUILD_BUG_ON(SELFMAG != sizeof word);
1183	magic.elfmag[EI_MAG0] = ELFMAG0;	1183	magic.elfmag[EI_MAG0] = ELFMAG0;
1184	magic.elfmag[EI_MAG1] = ELFMAG1;	1184	magic.elfmag[EI_MAG1] = ELFMAG1;
1185	magic.elfmag[EI_MAG2] = ELFMAG2;	1185	magic.elfmag[EI_MAG2] = ELFMAG2;
1186	magic.elfmag[EI_MAG3] = ELFMAG3;	1186	magic.elfmag[EI_MAG3] = ELFMAG3;
1187	/*	1187	/*
1188	* Switch to the user "segment" for get_user(),	1188	* Switch to the user "segment" for get_user(),
1189	* then put back what elf_core_dump() had in place.	1189	* then put back what elf_core_dump() had in place.
1190	*/	1190	*/
1191	set_fs(USER_DS);	1191	set_fs(USER_DS);
1192	if (unlikely(get_user(word, header)))	1192	if (unlikely(get_user(word, header)))
1193	word = 0;	1193	word = 0;
1194	set_fs(fs);	1194	set_fs(fs);
1195	if (word == magic.cmp)	1195	if (word == magic.cmp)
1196	return PAGE_SIZE;	1196	return PAGE_SIZE;
1197	}	1197	}
1198		1198
1199	#undef FILTER	1199	#undef FILTER
1200		1200
1201	return 0;	1201	return 0;
1202		1202
1203	whole:	1203	whole:
1204	return vma->vm_end - vma->vm_start;	1204	return vma->vm_end - vma->vm_start;
1205	}	1205	}
1206		1206
1207	/* An ELF note in memory */	1207	/* An ELF note in memory */
1208	struct memelfnote	1208	struct memelfnote
1209	{	1209	{
1210	const char *name;	1210	const char *name;
1211	int type;	1211	int type;
1212	unsigned int datasz;	1212	unsigned int datasz;
1213	void *data;	1213	void *data;
1214	};	1214	};
1215		1215
1216	static int notesize(struct memelfnote *en)	1216	static int notesize(struct memelfnote *en)
1217	{	1217	{
1218	int sz;	1218	int sz;
1219		1219
1220	sz = sizeof(struct elf_note);	1220	sz = sizeof(struct elf_note);
1221	sz += roundup(strlen(en->name) + 1, 4);	1221	sz += roundup(strlen(en->name) + 1, 4);
1222	sz += roundup(en->datasz, 4);	1222	sz += roundup(en->datasz, 4);
1223		1223
1224	return sz;	1224	return sz;
1225	}	1225	}
1226		1226
1227	#define DUMP_WRITE(addr, nr, foffset) \	1227	#define DUMP_WRITE(addr, nr, foffset) \
1228	do { if (!dump_write(file, (addr), (nr))) return 0; *foffset += (nr); } while(0)	1228	do { if (!dump_write(file, (addr), (nr))) return 0; *foffset += (nr); } while(0)
1229		1229
1230	static int alignfile(struct file file, loff_t foffset)	1230	static int alignfile(struct file file, loff_t foffset)
1231	{	1231	{
1232	static const char buf[4] = { 0, };	1232	static const char buf[4] = { 0, };
1233	DUMP_WRITE(buf, roundup(foffset, 4) - foffset, foffset);	1233	DUMP_WRITE(buf, roundup(foffset, 4) - foffset, foffset);
1234	return 1;	1234	return 1;
1235	}	1235	}
1236		1236
1237	static int writenote(struct memelfnote men, struct file file,	1237	static int writenote(struct memelfnote men, struct file file,
1238	loff_t *foffset)	1238	loff_t *foffset)
1239	{	1239	{
1240	struct elf_note en;	1240	struct elf_note en;
1241	en.n_namesz = strlen(men->name) + 1;	1241	en.n_namesz = strlen(men->name) + 1;
1242	en.n_descsz = men->datasz;	1242	en.n_descsz = men->datasz;
1243	en.n_type = men->type;	1243	en.n_type = men->type;
1244		1244
1245	DUMP_WRITE(&en, sizeof(en), foffset);	1245	DUMP_WRITE(&en, sizeof(en), foffset);
1246	DUMP_WRITE(men->name, en.n_namesz, foffset);	1246	DUMP_WRITE(men->name, en.n_namesz, foffset);
1247	if (!alignfile(file, foffset))	1247	if (!alignfile(file, foffset))
1248	return 0;	1248	return 0;
1249	DUMP_WRITE(men->data, men->datasz, foffset);	1249	DUMP_WRITE(men->data, men->datasz, foffset);
1250	if (!alignfile(file, foffset))	1250	if (!alignfile(file, foffset))
1251	return 0;	1251	return 0;
1252		1252
1253	return 1;	1253	return 1;
1254	}	1254	}
1255	#undef DUMP_WRITE	1255	#undef DUMP_WRITE
1256		1256
1257	static void fill_elf_header(struct elfhdr *elf, int segs,	1257	static void fill_elf_header(struct elfhdr *elf, int segs,
1258	u16 machine, u32 flags)	1258	u16 machine, u32 flags)
1259	{	1259	{
1260	memset(elf, 0, sizeof(*elf));	1260	memset(elf, 0, sizeof(*elf));
1261		1261
1262	memcpy(elf->e_ident, ELFMAG, SELFMAG);	1262	memcpy(elf->e_ident, ELFMAG, SELFMAG);
1263	elf->e_ident[EI_CLASS] = ELF_CLASS;	1263	elf->e_ident[EI_CLASS] = ELF_CLASS;
1264	elf->e_ident[EI_DATA] = ELF_DATA;	1264	elf->e_ident[EI_DATA] = ELF_DATA;
1265	elf->e_ident[EI_VERSION] = EV_CURRENT;	1265	elf->e_ident[EI_VERSION] = EV_CURRENT;
1266	elf->e_ident[EI_OSABI] = ELF_OSABI;	1266	elf->e_ident[EI_OSABI] = ELF_OSABI;
1267		1267
1268	elf->e_type = ET_CORE;	1268	elf->e_type = ET_CORE;
1269	elf->e_machine = machine;	1269	elf->e_machine = machine;
1270	elf->e_version = EV_CURRENT;	1270	elf->e_version = EV_CURRENT;
1271	elf->e_phoff = sizeof(struct elfhdr);	1271	elf->e_phoff = sizeof(struct elfhdr);
1272	elf->e_flags = flags;	1272	elf->e_flags = flags;
1273	elf->e_ehsize = sizeof(struct elfhdr);	1273	elf->e_ehsize = sizeof(struct elfhdr);
1274	elf->e_phentsize = sizeof(struct elf_phdr);	1274	elf->e_phentsize = sizeof(struct elf_phdr);
1275	elf->e_phnum = segs;	1275	elf->e_phnum = segs;
1276		1276
1277	return;	1277	return;
1278	}	1278	}
1279		1279
1280	static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, loff_t offset)	1280	static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, loff_t offset)
1281	{	1281	{
1282	phdr->p_type = PT_NOTE;	1282	phdr->p_type = PT_NOTE;
1283	phdr->p_offset = offset;	1283	phdr->p_offset = offset;
1284	phdr->p_vaddr = 0;	1284	phdr->p_vaddr = 0;
1285	phdr->p_paddr = 0;	1285	phdr->p_paddr = 0;
1286	phdr->p_filesz = sz;	1286	phdr->p_filesz = sz;
1287	phdr->p_memsz = 0;	1287	phdr->p_memsz = 0;
1288	phdr->p_flags = 0;	1288	phdr->p_flags = 0;
1289	phdr->p_align = 0;	1289	phdr->p_align = 0;
1290	return;	1290	return;
1291	}	1291	}
1292		1292
1293	static void fill_note(struct memelfnote note, const char name, int type,	1293	static void fill_note(struct memelfnote note, const char name, int type,
1294	unsigned int sz, void *data)	1294	unsigned int sz, void *data)
1295	{	1295	{
1296	note->name = name;	1296	note->name = name;
1297	note->type = type;	1297	note->type = type;
1298	note->datasz = sz;	1298	note->datasz = sz;
1299	note->data = data;	1299	note->data = data;
1300	return;	1300	return;
1301	}	1301	}
1302		1302
1303	/*	1303	/*
1304	* fill up all the fields in prstatus from the given task struct, except	1304	* fill up all the fields in prstatus from the given task struct, except
1305	* registers which need to be filled up separately.	1305	* registers which need to be filled up separately.
1306	*/	1306	*/
1307	static void fill_prstatus(struct elf_prstatus *prstatus,	1307	static void fill_prstatus(struct elf_prstatus *prstatus,
1308	struct task_struct *p, long signr)	1308	struct task_struct *p, long signr)
1309	{	1309	{
1310	prstatus->pr_info.si_signo = prstatus->pr_cursig = signr;	1310	prstatus->pr_info.si_signo = prstatus->pr_cursig = signr;
1311	prstatus->pr_sigpend = p->pending.signal.sig[0];	1311	prstatus->pr_sigpend = p->pending.signal.sig[0];
1312	prstatus->pr_sighold = p->blocked.sig[0];	1312	prstatus->pr_sighold = p->blocked.sig[0];
1313	rcu_read_lock();	1313	rcu_read_lock();
1314	prstatus->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));	1314	prstatus->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1315	rcu_read_unlock();	1315	rcu_read_unlock();
1316	prstatus->pr_pid = task_pid_vnr(p);	1316	prstatus->pr_pid = task_pid_vnr(p);
1317	prstatus->pr_pgrp = task_pgrp_vnr(p);	1317	prstatus->pr_pgrp = task_pgrp_vnr(p);
1318	prstatus->pr_sid = task_session_vnr(p);	1318	prstatus->pr_sid = task_session_vnr(p);
1319	if (thread_group_leader(p)) {	1319	if (thread_group_leader(p)) {
1320	struct task_cputime cputime;	1320	struct task_cputime cputime;
1321		1321
1322	/*	1322	/*
1323	* This is the record for the group leader. It shows the	1323	* This is the record for the group leader. It shows the
1324	* group-wide total, not its individual thread total.	1324	* group-wide total, not its individual thread total.
1325	*/	1325	*/
1326	thread_group_cputime(p, &cputime);	1326	thread_group_cputime(p, &cputime);
1327	cputime_to_timeval(cputime.utime, &prstatus->pr_utime);	1327	cputime_to_timeval(cputime.utime, &prstatus->pr_utime);
1328	cputime_to_timeval(cputime.stime, &prstatus->pr_stime);	1328	cputime_to_timeval(cputime.stime, &prstatus->pr_stime);
1329	} else {	1329	} else {
1330	cputime_t utime, stime;	1330	cputime_t utime, stime;
1331		1331
1332	task_cputime(p, &utime, &stime);	1332	task_cputime(p, &utime, &stime);
1333	cputime_to_timeval(utime, &prstatus->pr_utime);	1333	cputime_to_timeval(utime, &prstatus->pr_utime);
1334	cputime_to_timeval(stime, &prstatus->pr_stime);	1334	cputime_to_timeval(stime, &prstatus->pr_stime);
1335	}	1335	}
1336	cputime_to_timeval(p->signal->cutime, &prstatus->pr_cutime);	1336	cputime_to_timeval(p->signal->cutime, &prstatus->pr_cutime);
1337	cputime_to_timeval(p->signal->cstime, &prstatus->pr_cstime);	1337	cputime_to_timeval(p->signal->cstime, &prstatus->pr_cstime);
1338	}	1338	}
1339		1339
1340	static int fill_psinfo(struct elf_prpsinfo psinfo, struct task_struct p,	1340	static int fill_psinfo(struct elf_prpsinfo psinfo, struct task_struct p,
1341	struct mm_struct *mm)	1341	struct mm_struct *mm)
1342	{	1342	{
1343	const struct cred *cred;	1343	const struct cred *cred;
1344	unsigned int i, len;	1344	unsigned int i, len;
1345		1345
1346	/* first copy the parameters from user space */	1346	/* first copy the parameters from user space */
1347	memset(psinfo, 0, sizeof(struct elf_prpsinfo));	1347	memset(psinfo, 0, sizeof(struct elf_prpsinfo));
1348		1348
1349	len = mm->arg_end - mm->arg_start;	1349	len = mm->arg_end - mm->arg_start;
1350	if (len >= ELF_PRARGSZ)	1350	if (len >= ELF_PRARGSZ)
1351	len = ELF_PRARGSZ-1;	1351	len = ELF_PRARGSZ-1;
1352	if (copy_from_user(&psinfo->pr_psargs,	1352	if (copy_from_user(&psinfo->pr_psargs,
1353	(const char __user *)mm->arg_start, len))	1353	(const char __user *)mm->arg_start, len))
1354	return -EFAULT;	1354	return -EFAULT;
1355	for(i = 0; i < len; i++)	1355	for(i = 0; i < len; i++)
1356	if (psinfo->pr_psargs[i] == 0)	1356	if (psinfo->pr_psargs[i] == 0)
1357	psinfo->pr_psargs[i] = ' ';	1357	psinfo->pr_psargs[i] = ' ';
1358	psinfo->pr_psargs[len] = 0;	1358	psinfo->pr_psargs[len] = 0;
1359		1359
1360	rcu_read_lock();	1360	rcu_read_lock();
1361	psinfo->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));	1361	psinfo->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
1362	rcu_read_unlock();	1362	rcu_read_unlock();
1363	psinfo->pr_pid = task_pid_vnr(p);	1363	psinfo->pr_pid = task_pid_vnr(p);
1364	psinfo->pr_pgrp = task_pgrp_vnr(p);	1364	psinfo->pr_pgrp = task_pgrp_vnr(p);
1365	psinfo->pr_sid = task_session_vnr(p);	1365	psinfo->pr_sid = task_session_vnr(p);
1366		1366
1367	i = p->state ? ffz(~p->state) + 1 : 0;	1367	i = p->state ? ffz(~p->state) + 1 : 0;
1368	psinfo->pr_state = i;	1368	psinfo->pr_state = i;
1369	psinfo->pr_sname = (i > 5) ? '.' : "RSDTZW"[i];	1369	psinfo->pr_sname = (i > 5) ? '.' : "RSDTZW"[i];
1370	psinfo->pr_zomb = psinfo->pr_sname == 'Z';	1370	psinfo->pr_zomb = psinfo->pr_sname == 'Z';
1371	psinfo->pr_nice = task_nice(p);	1371	psinfo->pr_nice = task_nice(p);
1372	psinfo->pr_flag = p->flags;	1372	psinfo->pr_flag = p->flags;
1373	rcu_read_lock();	1373	rcu_read_lock();
1374	cred = __task_cred(p);	1374	cred = __task_cred(p);
1375	SET_UID(psinfo->pr_uid, from_kuid_munged(cred->user_ns, cred->uid));	1375	SET_UID(psinfo->pr_uid, from_kuid_munged(cred->user_ns, cred->uid));
1376	SET_GID(psinfo->pr_gid, from_kgid_munged(cred->user_ns, cred->gid));	1376	SET_GID(psinfo->pr_gid, from_kgid_munged(cred->user_ns, cred->gid));
1377	rcu_read_unlock();	1377	rcu_read_unlock();
1378	strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname));	1378	strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname));
1379		1379
1380	return 0;	1380	return 0;
1381	}	1381	}
1382		1382
1383	static void fill_auxv_note(struct memelfnote note, struct mm_struct mm)	1383	static void fill_auxv_note(struct memelfnote note, struct mm_struct mm)
1384	{	1384	{
1385	elf_addr_t auxv = (elf_addr_t ) mm->saved_auxv;	1385	elf_addr_t auxv = (elf_addr_t ) mm->saved_auxv;
1386	int i = 0;	1386	int i = 0;
1387	do	1387	do
1388	i += 2;	1388	i += 2;
1389	while (auxv[i - 2] != AT_NULL);	1389	while (auxv[i - 2] != AT_NULL);
1390	fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);	1390	fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
1391	}	1391	}
1392		1392
1393	static void fill_siginfo_note(struct memelfnote note, user_siginfo_t csigdata,	1393	static void fill_siginfo_note(struct memelfnote note, user_siginfo_t csigdata,
1394	siginfo_t *siginfo)	1394	siginfo_t *siginfo)
1395	{	1395	{
1396	mm_segment_t old_fs = get_fs();	1396	mm_segment_t old_fs = get_fs();
1397	set_fs(KERNEL_DS);	1397	set_fs(KERNEL_DS);
1398	copy_siginfo_to_user((user_siginfo_t __user *) csigdata, siginfo);	1398	copy_siginfo_to_user((user_siginfo_t __user *) csigdata, siginfo);
1399	set_fs(old_fs);	1399	set_fs(old_fs);
1400	fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata);	1400	fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata);
1401	}	1401	}
1402		1402
1403	#define MAX_FILE_NOTE_SIZE (410241024)	1403	#define MAX_FILE_NOTE_SIZE (410241024)
1404	/*	1404	/*
1405	* Format of NT_FILE note:	1405	* Format of NT_FILE note:
1406	*	1406	*
1407	* long count -- how many files are mapped	1407	* long count -- how many files are mapped
1408	* long page_size -- units for file_ofs	1408	* long page_size -- units for file_ofs
1409	* array of [COUNT] elements of	1409	* array of [COUNT] elements of
1410	* long start	1410	* long start
1411	* long end	1411	* long end
1412	* long file_ofs	1412	* long file_ofs
1413	* followed by COUNT filenames in ASCII: "FILE1" NUL "FILE2" NUL...	1413	* followed by COUNT filenames in ASCII: "FILE1" NUL "FILE2" NUL...
1414	*/	1414	*/
1415	static void fill_files_note(struct memelfnote *note)	1415	static void fill_files_note(struct memelfnote *note)
1416	{	1416	{
1417	struct vm_area_struct *vma;	1417	struct vm_area_struct *vma;
1418	unsigned count, size, names_ofs, remaining, n;	1418	unsigned count, size, names_ofs, remaining, n;
1419	user_long_t *data;	1419	user_long_t *data;
1420	user_long_t *start_end_ofs;	1420	user_long_t *start_end_ofs;
1421	char name_base, name_curpos;	1421	char name_base, name_curpos;
1422		1422
1423	/* Estimated file count and total data size needed */	1423	/* Estimated file count and total data size needed */
1424	count = current->mm->map_count;	1424	count = current->mm->map_count;
1425	size = count * 64;	1425	size = count * 64;
1426		1426
1427	names_ofs = (2 + 3 * count) * sizeof(data[0]);	1427	names_ofs = (2 + 3 * count) * sizeof(data[0]);
1428	alloc:	1428	alloc:
1429	if (size >= MAX_FILE_NOTE_SIZE) /* paranoia check */	1429	if (size >= MAX_FILE_NOTE_SIZE) /* paranoia check */
1430	goto err;	1430	goto err;
1431	size = round_up(size, PAGE_SIZE);	1431	size = round_up(size, PAGE_SIZE);
1432	data = vmalloc(size);	1432	data = vmalloc(size);
1433	if (!data)	1433	if (!data)
1434	goto err;	1434	goto err;
1435		1435
1436	start_end_ofs = data + 2;	1436	start_end_ofs = data + 2;
1437	name_base = name_curpos = ((char *)data) + names_ofs;	1437	name_base = name_curpos = ((char *)data) + names_ofs;
1438	remaining = size - names_ofs;	1438	remaining = size - names_ofs;
1439	count = 0;	1439	count = 0;
1440	for (vma = current->mm->mmap; vma != NULL; vma = vma->vm_next) {	1440	for (vma = current->mm->mmap; vma != NULL; vma = vma->vm_next) {
1441	struct file *file;	1441	struct file *file;
1442	const char *filename;	1442	const char *filename;
1443		1443
1444	file = vma->vm_file;	1444	file = vma->vm_file;
1445	if (!file)	1445	if (!file)
1446	continue;	1446	continue;
1447	filename = d_path(&file->f_path, name_curpos, remaining);	1447	filename = d_path(&file->f_path, name_curpos, remaining);
1448	if (IS_ERR(filename)) {	1448	if (IS_ERR(filename)) {
1449	if (PTR_ERR(filename) == -ENAMETOOLONG) {	1449	if (PTR_ERR(filename) == -ENAMETOOLONG) {
1450	vfree(data);	1450	vfree(data);
1451	size = size * 5 / 4;	1451	size = size * 5 / 4;
1452	goto alloc;	1452	goto alloc;
1453	}	1453	}
1454	continue;	1454	continue;
1455	}	1455	}
1456		1456
1457	/* d_path() fills at the end, move name down */	1457	/* d_path() fills at the end, move name down */
1458	/* n = strlen(filename) + 1: */	1458	/* n = strlen(filename) + 1: */
1459	n = (name_curpos + remaining) - filename;	1459	n = (name_curpos + remaining) - filename;
1460	remaining = filename - name_curpos;	1460	remaining = filename - name_curpos;
1461	memmove(name_curpos, filename, n);	1461	memmove(name_curpos, filename, n);
1462	name_curpos += n;	1462	name_curpos += n;
1463		1463
1464	*start_end_ofs++ = vma->vm_start;	1464	*start_end_ofs++ = vma->vm_start;
1465	*start_end_ofs++ = vma->vm_end;	1465	*start_end_ofs++ = vma->vm_end;
1466	*start_end_ofs++ = vma->vm_pgoff;	1466	*start_end_ofs++ = vma->vm_pgoff;
1467	count++;	1467	count++;
1468	}	1468	}
1469		1469
1470	/* Now we know exact count of files, can store it */	1470	/* Now we know exact count of files, can store it */
1471	data[0] = count;	1471	data[0] = count;
1472	data[1] = PAGE_SIZE;	1472	data[1] = PAGE_SIZE;
1473	/*	1473	/*
1474	* Count usually is less than current->mm->map_count,	1474	* Count usually is less than current->mm->map_count,
1475	* we need to move filenames down.	1475	* we need to move filenames down.
1476	*/	1476	*/
1477	n = current->mm->map_count - count;	1477	n = current->mm->map_count - count;
1478	if (n != 0) {	1478	if (n != 0) {
1479	unsigned shift_bytes = n * 3 * sizeof(data[0]);	1479	unsigned shift_bytes = n * 3 * sizeof(data[0]);
1480	memmove(name_base - shift_bytes, name_base,	1480	memmove(name_base - shift_bytes, name_base,
1481	name_curpos - name_base);	1481	name_curpos - name_base);
1482	name_curpos -= shift_bytes;	1482	name_curpos -= shift_bytes;
1483	}	1483	}
1484		1484
1485	size = name_curpos - (char *)data;	1485	size = name_curpos - (char *)data;
1486	fill_note(note, "CORE", NT_FILE, size, data);	1486	fill_note(note, "CORE", NT_FILE, size, data);
1487	err: ;	1487	err: ;
1488	}	1488	}
1489		1489
1490	#ifdef CORE_DUMP_USE_REGSET	1490	#ifdef CORE_DUMP_USE_REGSET
1491	#include <linux/regset.h>	1491	#include <linux/regset.h>
1492		1492
1493	struct elf_thread_core_info {	1493	struct elf_thread_core_info {
1494	struct elf_thread_core_info *next;	1494	struct elf_thread_core_info *next;
1495	struct task_struct *task;	1495	struct task_struct *task;
1496	struct elf_prstatus prstatus;	1496	struct elf_prstatus prstatus;
1497	struct memelfnote notes[0];	1497	struct memelfnote notes[0];
1498	};	1498	};
1499		1499
1500	struct elf_note_info {	1500	struct elf_note_info {
1501	struct elf_thread_core_info *thread;	1501	struct elf_thread_core_info *thread;
1502	struct memelfnote psinfo;	1502	struct memelfnote psinfo;
1503	struct memelfnote signote;	1503	struct memelfnote signote;
1504	struct memelfnote auxv;	1504	struct memelfnote auxv;
1505	struct memelfnote files;	1505	struct memelfnote files;
1506	user_siginfo_t csigdata;	1506	user_siginfo_t csigdata;
1507	size_t size;	1507	size_t size;
1508	int thread_notes;	1508	int thread_notes;
1509	};	1509	};
1510		1510
1511	/*	1511	/*
1512	* When a regset has a writeback hook, we call it on each thread before	1512	* When a regset has a writeback hook, we call it on each thread before
1513	* dumping user memory. On register window machines, this makes sure the	1513	* dumping user memory. On register window machines, this makes sure the
1514	* user memory backing the register data is up to date before we read it.	1514	* user memory backing the register data is up to date before we read it.
1515	*/	1515	*/
1516	static void do_thread_regset_writeback(struct task_struct *task,	1516	static void do_thread_regset_writeback(struct task_struct *task,
1517	const struct user_regset *regset)	1517	const struct user_regset *regset)
1518	{	1518	{
1519	if (regset->writeback)	1519	if (regset->writeback)
1520	regset->writeback(task, regset, 1);	1520	regset->writeback(task, regset, 1);
1521	}	1521	}
1522		1522
1523	#ifndef PR_REG_SIZE	1523	#ifndef PR_REG_SIZE
1524	#define PR_REG_SIZE(S) sizeof(S)	1524	#define PR_REG_SIZE(S) sizeof(S)
1525	#endif	1525	#endif
1526		1526
1527	#ifndef PRSTATUS_SIZE	1527	#ifndef PRSTATUS_SIZE
1528	#define PRSTATUS_SIZE(S) sizeof(S)	1528	#define PRSTATUS_SIZE(S) sizeof(S)
1529	#endif	1529	#endif
1530		1530
1531	#ifndef PR_REG_PTR	1531	#ifndef PR_REG_PTR
1532	#define PR_REG_PTR(S) (&((S)->pr_reg))	1532	#define PR_REG_PTR(S) (&((S)->pr_reg))
1533	#endif	1533	#endif
1534		1534
1535	#ifndef SET_PR_FPVALID	1535	#ifndef SET_PR_FPVALID
1536	#define SET_PR_FPVALID(S, V) ((S)->pr_fpvalid = (V))	1536	#define SET_PR_FPVALID(S, V) ((S)->pr_fpvalid = (V))
1537	#endif	1537	#endif
1538		1538
1539	static int fill_thread_core_info(struct elf_thread_core_info *t,	1539	static int fill_thread_core_info(struct elf_thread_core_info *t,
1540	const struct user_regset_view *view,	1540	const struct user_regset_view *view,
1541	long signr, size_t *total)	1541	long signr, size_t *total)
1542	{	1542	{
1543	unsigned int i;	1543	unsigned int i;
1544		1544
1545	/*	1545	/*
1546	* NT_PRSTATUS is the one special case, because the regset data	1546	* NT_PRSTATUS is the one special case, because the regset data
1547	* goes into the pr_reg field inside the note contents, rather	1547	* goes into the pr_reg field inside the note contents, rather
1548	* than being the whole note contents. We fill the reset in here.	1548	* than being the whole note contents. We fill the reset in here.
1549	* We assume that regset 0 is NT_PRSTATUS.	1549	* We assume that regset 0 is NT_PRSTATUS.
1550	*/	1550	*/
1551	fill_prstatus(&t->prstatus, t->task, signr);	1551	fill_prstatus(&t->prstatus, t->task, signr);
1552	(void) view->regsets[0].get(t->task, &view->regsets[0],	1552	(void) view->regsets[0].get(t->task, &view->regsets[0],
1553	0, PR_REG_SIZE(t->prstatus.pr_reg),	1553	0, PR_REG_SIZE(t->prstatus.pr_reg),
1554	PR_REG_PTR(&t->prstatus), NULL);	1554	PR_REG_PTR(&t->prstatus), NULL);
1555		1555
1556	fill_note(&t->notes[0], "CORE", NT_PRSTATUS,	1556	fill_note(&t->notes[0], "CORE", NT_PRSTATUS,
1557	PRSTATUS_SIZE(t->prstatus), &t->prstatus);	1557	PRSTATUS_SIZE(t->prstatus), &t->prstatus);
1558	*total += notesize(&t->notes[0]);	1558	*total += notesize(&t->notes[0]);
1559		1559
1560	do_thread_regset_writeback(t->task, &view->regsets[0]);	1560	do_thread_regset_writeback(t->task, &view->regsets[0]);
1561		1561
1562	/*	1562	/*
1563	* Each other regset might generate a note too. For each regset	1563	* Each other regset might generate a note too. For each regset
1564	* that has no core_note_type or is inactive, we leave t->notes[i]	1564	* that has no core_note_type or is inactive, we leave t->notes[i]
1565	* all zero and we'll know to skip writing it later.	1565	* all zero and we'll know to skip writing it later.
1566	*/	1566	*/
1567	for (i = 1; i < view->n; ++i) {	1567	for (i = 1; i < view->n; ++i) {
1568	const struct user_regset *regset = &view->regsets[i];	1568	const struct user_regset *regset = &view->regsets[i];
1569	do_thread_regset_writeback(t->task, regset);	1569	do_thread_regset_writeback(t->task, regset);
1570	if (regset->core_note_type && regset->get &&	1570	if (regset->core_note_type && regset->get &&
1571	(!regset->active \|\| regset->active(t->task, regset))) {	1571	(!regset->active \|\| regset->active(t->task, regset))) {
1572	int ret;	1572	int ret;
1573	size_t size = regset->n * regset->size;	1573	size_t size = regset->n * regset->size;
1574	void *data = kmalloc(size, GFP_KERNEL);	1574	void *data = kmalloc(size, GFP_KERNEL);
1575	if (unlikely(!data))	1575	if (unlikely(!data))
1576	return 0;	1576	return 0;
1577	ret = regset->get(t->task, regset,	1577	ret = regset->get(t->task, regset,
1578	0, size, data, NULL);	1578	0, size, data, NULL);
1579	if (unlikely(ret))	1579	if (unlikely(ret))
1580	kfree(data);	1580	kfree(data);
1581	else {	1581	else {
1582	if (regset->core_note_type != NT_PRFPREG)	1582	if (regset->core_note_type != NT_PRFPREG)
1583	fill_note(&t->notes[i], "LINUX",	1583	fill_note(&t->notes[i], "LINUX",
1584	regset->core_note_type,	1584	regset->core_note_type,
1585	size, data);	1585	size, data);
1586	else {	1586	else {
1587	SET_PR_FPVALID(&t->prstatus, 1);	1587	SET_PR_FPVALID(&t->prstatus, 1);
1588	fill_note(&t->notes[i], "CORE",	1588	fill_note(&t->notes[i], "CORE",
1589	NT_PRFPREG, size, data);	1589	NT_PRFPREG, size, data);
1590	}	1590	}
1591	*total += notesize(&t->notes[i]);	1591	*total += notesize(&t->notes[i]);
1592	}	1592	}
1593	}	1593	}
1594	}	1594	}
1595		1595
1596	return 1;	1596	return 1;
1597	}	1597	}
1598		1598
1599	static int fill_note_info(struct elfhdr *elf, int phdrs,	1599	static int fill_note_info(struct elfhdr *elf, int phdrs,
1600	struct elf_note_info *info,	1600	struct elf_note_info *info,
1601	siginfo_t siginfo, struct pt_regs regs)	1601	siginfo_t siginfo, struct pt_regs regs)
1602	{	1602	{
1603	struct task_struct *dump_task = current;	1603	struct task_struct *dump_task = current;
1604	const struct user_regset_view *view = task_user_regset_view(dump_task);	1604	const struct user_regset_view *view = task_user_regset_view(dump_task);
1605	struct elf_thread_core_info *t;	1605	struct elf_thread_core_info *t;
1606	struct elf_prpsinfo *psinfo;	1606	struct elf_prpsinfo *psinfo;
1607	struct core_thread *ct;	1607	struct core_thread *ct;
1608	unsigned int i;	1608	unsigned int i;
1609		1609
1610	info->size = 0;	1610	info->size = 0;
1611	info->thread = NULL;	1611	info->thread = NULL;
1612		1612
1613	psinfo = kmalloc(sizeof(*psinfo), GFP_KERNEL);	1613	psinfo = kmalloc(sizeof(*psinfo), GFP_KERNEL);
1614	if (psinfo == NULL) {	1614	if (psinfo == NULL) {
1615	info->psinfo.data = NULL; /* So we don't free this wrongly */	1615	info->psinfo.data = NULL; /* So we don't free this wrongly */
1616	return 0;	1616	return 0;
1617	}	1617	}
1618		1618
1619	fill_note(&info->psinfo, "CORE", NT_PRPSINFO, sizeof(*psinfo), psinfo);	1619	fill_note(&info->psinfo, "CORE", NT_PRPSINFO, sizeof(*psinfo), psinfo);
1620		1620
1621	/*	1621	/*
1622	* Figure out how many notes we're going to need for each thread.	1622	* Figure out how many notes we're going to need for each thread.
1623	*/	1623	*/
1624	info->thread_notes = 0;	1624	info->thread_notes = 0;
1625	for (i = 0; i < view->n; ++i)	1625	for (i = 0; i < view->n; ++i)
1626	if (view->regsets[i].core_note_type != 0)	1626	if (view->regsets[i].core_note_type != 0)
1627	++info->thread_notes;	1627	++info->thread_notes;
1628		1628
1629	/*	1629	/*
1630	* Sanity check. We rely on regset 0 being in NT_PRSTATUS,	1630	* Sanity check. We rely on regset 0 being in NT_PRSTATUS,
1631	* since it is our one special case.	1631	* since it is our one special case.
1632	*/	1632	*/
1633	if (unlikely(info->thread_notes == 0) \|\|	1633	if (unlikely(info->thread_notes == 0) \|\|
1634	unlikely(view->regsets[0].core_note_type != NT_PRSTATUS)) {	1634	unlikely(view->regsets[0].core_note_type != NT_PRSTATUS)) {
1635	WARN_ON(1);	1635	WARN_ON(1);
1636	return 0;	1636	return 0;
1637	}	1637	}
1638		1638
1639	/*	1639	/*
1640	* Initialize the ELF file header.	1640	* Initialize the ELF file header.
1641	*/	1641	*/
1642	fill_elf_header(elf, phdrs,	1642	fill_elf_header(elf, phdrs,
1643	view->e_machine, view->e_flags);	1643	view->e_machine, view->e_flags);
1644		1644
1645	/*	1645	/*
1646	* Allocate a structure for each thread.	1646	* Allocate a structure for each thread.
1647	*/	1647	*/
1648	for (ct = &dump_task->mm->core_state->dumper; ct; ct = ct->next) {	1648	for (ct = &dump_task->mm->core_state->dumper; ct; ct = ct->next) {
1649	t = kzalloc(offsetof(struct elf_thread_core_info,	1649	t = kzalloc(offsetof(struct elf_thread_core_info,
1650	notes[info->thread_notes]),	1650	notes[info->thread_notes]),
1651	GFP_KERNEL);	1651	GFP_KERNEL);
1652	if (unlikely(!t))	1652	if (unlikely(!t))
1653	return 0;	1653	return 0;
1654		1654
1655	t->task = ct->task;	1655	t->task = ct->task;
1656	if (ct->task == dump_task \|\| !info->thread) {	1656	if (ct->task == dump_task \|\| !info->thread) {
1657	t->next = info->thread;	1657	t->next = info->thread;
1658	info->thread = t;	1658	info->thread = t;
1659	} else {	1659	} else {
1660	/*	1660	/*
1661	* Make sure to keep the original task at	1661	* Make sure to keep the original task at
1662	* the head of the list.	1662	* the head of the list.
1663	*/	1663	*/
1664	t->next = info->thread->next;	1664	t->next = info->thread->next;
1665	info->thread->next = t;	1665	info->thread->next = t;
1666	}	1666	}
1667	}	1667	}
1668		1668
1669	/*	1669	/*
1670	* Now fill in each thread's information.	1670	* Now fill in each thread's information.
1671	*/	1671	*/
1672	for (t = info->thread; t != NULL; t = t->next)	1672	for (t = info->thread; t != NULL; t = t->next)
1673	if (!fill_thread_core_info(t, view, siginfo->si_signo, &info->size))	1673	if (!fill_thread_core_info(t, view, siginfo->si_signo, &info->size))
1674	return 0;	1674	return 0;
1675		1675
1676	/*	1676	/*
1677	* Fill in the two process-wide notes.	1677	* Fill in the two process-wide notes.
1678	*/	1678	*/
1679	fill_psinfo(psinfo, dump_task->group_leader, dump_task->mm);	1679	fill_psinfo(psinfo, dump_task->group_leader, dump_task->mm);
1680	info->size += notesize(&info->psinfo);	1680	info->size += notesize(&info->psinfo);
1681		1681
1682	fill_siginfo_note(&info->signote, &info->csigdata, siginfo);	1682	fill_siginfo_note(&info->signote, &info->csigdata, siginfo);
1683	info->size += notesize(&info->signote);	1683	info->size += notesize(&info->signote);
1684		1684
1685	fill_auxv_note(&info->auxv, current->mm);	1685	fill_auxv_note(&info->auxv, current->mm);
1686	info->size += notesize(&info->auxv);	1686	info->size += notesize(&info->auxv);
1687		1687
1688	fill_files_note(&info->files);	1688	fill_files_note(&info->files);
1689	info->size += notesize(&info->files);	1689	info->size += notesize(&info->files);
1690		1690
1691	return 1;	1691	return 1;
1692	}	1692	}
1693		1693
1694	static size_t get_note_info_size(struct elf_note_info *info)	1694	static size_t get_note_info_size(struct elf_note_info *info)
1695	{	1695	{
1696	return info->size;	1696	return info->size;
1697	}	1697	}
1698		1698
1699	/*	1699	/*
1700	* Write all the notes for each thread. When writing the first thread, the	1700	* Write all the notes for each thread. When writing the first thread, the
1701	* process-wide notes are interleaved after the first thread-specific note.	1701	* process-wide notes are interleaved after the first thread-specific note.
1702	*/	1702	*/
1703	static int write_note_info(struct elf_note_info *info,	1703	static int write_note_info(struct elf_note_info *info,
1704	struct file file, loff_t foffset)	1704	struct file file, loff_t foffset)
1705	{	1705	{
1706	bool first = 1;	1706	bool first = 1;
1707	struct elf_thread_core_info *t = info->thread;	1707	struct elf_thread_core_info *t = info->thread;
1708		1708
1709	do {	1709	do {
1710	int i;	1710	int i;
1711		1711
1712	if (!writenote(&t->notes[0], file, foffset))	1712	if (!writenote(&t->notes[0], file, foffset))
1713	return 0;	1713	return 0;
1714		1714
1715	if (first && !writenote(&info->psinfo, file, foffset))	1715	if (first && !writenote(&info->psinfo, file, foffset))
1716	return 0;	1716	return 0;
1717	if (first && !writenote(&info->signote, file, foffset))	1717	if (first && !writenote(&info->signote, file, foffset))
1718	return 0;	1718	return 0;
1719	if (first && !writenote(&info->auxv, file, foffset))	1719	if (first && !writenote(&info->auxv, file, foffset))
1720	return 0;	1720	return 0;
1721	if (first && !writenote(&info->files, file, foffset))	1721	if (first && !writenote(&info->files, file, foffset))
1722	return 0;	1722	return 0;
1723		1723
1724	for (i = 1; i < info->thread_notes; ++i)	1724	for (i = 1; i < info->thread_notes; ++i)
1725	if (t->notes[i].data &&	1725	if (t->notes[i].data &&
1726	!writenote(&t->notes[i], file, foffset))	1726	!writenote(&t->notes[i], file, foffset))
1727	return 0;	1727	return 0;
1728		1728
1729	first = 0;	1729	first = 0;
1730	t = t->next;	1730	t = t->next;
1731	} while (t);	1731	} while (t);
1732		1732
1733	return 1;	1733	return 1;
1734	}	1734	}
1735		1735
1736	static void free_note_info(struct elf_note_info *info)	1736	static void free_note_info(struct elf_note_info *info)
1737	{	1737	{
1738	struct elf_thread_core_info *threads = info->thread;	1738	struct elf_thread_core_info *threads = info->thread;
1739	while (threads) {	1739	while (threads) {
1740	unsigned int i;	1740	unsigned int i;
1741	struct elf_thread_core_info *t = threads;	1741	struct elf_thread_core_info *t = threads;
1742	threads = t->next;	1742	threads = t->next;
1743	WARN_ON(t->notes[0].data && t->notes[0].data != &t->prstatus);	1743	WARN_ON(t->notes[0].data && t->notes[0].data != &t->prstatus);
1744	for (i = 1; i < info->thread_notes; ++i)	1744	for (i = 1; i < info->thread_notes; ++i)
1745	kfree(t->notes[i].data);	1745	kfree(t->notes[i].data);
1746	kfree(t);	1746	kfree(t);
1747	}	1747	}
1748	kfree(info->psinfo.data);	1748	kfree(info->psinfo.data);
1749	vfree(info->files.data);	1749	vfree(info->files.data);
1750	}	1750	}
1751		1751
1752	#else	1752	#else
1753		1753
1754	/* Here is the structure in which status of each thread is captured. */	1754	/* Here is the structure in which status of each thread is captured. */
1755	struct elf_thread_status	1755	struct elf_thread_status
1756	{	1756	{
1757	struct list_head list;	1757	struct list_head list;
1758	struct elf_prstatus prstatus; /* NT_PRSTATUS */	1758	struct elf_prstatus prstatus; /* NT_PRSTATUS */
1759	elf_fpregset_t fpu; /* NT_PRFPREG */	1759	elf_fpregset_t fpu; /* NT_PRFPREG */
1760	struct task_struct *thread;	1760	struct task_struct *thread;
1761	#ifdef ELF_CORE_COPY_XFPREGS	1761	#ifdef ELF_CORE_COPY_XFPREGS
1762	elf_fpxregset_t xfpu; /* ELF_CORE_XFPREG_TYPE */	1762	elf_fpxregset_t xfpu; /* ELF_CORE_XFPREG_TYPE */
1763	#endif	1763	#endif
1764	struct memelfnote notes[3];	1764	struct memelfnote notes[3];
1765	int num_notes;	1765	int num_notes;
1766	};	1766	};
1767		1767
1768	/*	1768	/*
1769	* In order to add the specific thread information for the elf file format,	1769	* In order to add the specific thread information for the elf file format,
1770	* we need to keep a linked list of every threads pr_status and then create	1770	* we need to keep a linked list of every threads pr_status and then create
1771	* a single section for them in the final core file.	1771	* a single section for them in the final core file.
1772	*/	1772	*/
1773	static int elf_dump_thread_status(long signr, struct elf_thread_status *t)	1773	static int elf_dump_thread_status(long signr, struct elf_thread_status *t)
1774	{	1774	{
1775	int sz = 0;	1775	int sz = 0;
1776	struct task_struct *p = t->thread;	1776	struct task_struct *p = t->thread;
1777	t->num_notes = 0;	1777	t->num_notes = 0;
1778		1778
1779	fill_prstatus(&t->prstatus, p, signr);	1779	fill_prstatus(&t->prstatus, p, signr);
1780	elf_core_copy_task_regs(p, &t->prstatus.pr_reg);	1780	elf_core_copy_task_regs(p, &t->prstatus.pr_reg);
1781		1781
1782	fill_note(&t->notes[0], "CORE", NT_PRSTATUS, sizeof(t->prstatus),	1782	fill_note(&t->notes[0], "CORE", NT_PRSTATUS, sizeof(t->prstatus),
1783	&(t->prstatus));	1783	&(t->prstatus));
1784	t->num_notes++;	1784	t->num_notes++;
1785	sz += notesize(&t->notes[0]);	1785	sz += notesize(&t->notes[0]);
1786		1786
1787	if ((t->prstatus.pr_fpvalid = elf_core_copy_task_fpregs(p, NULL,	1787	if ((t->prstatus.pr_fpvalid = elf_core_copy_task_fpregs(p, NULL,
1788	&t->fpu))) {	1788	&t->fpu))) {
1789	fill_note(&t->notes[1], "CORE", NT_PRFPREG, sizeof(t->fpu),	1789	fill_note(&t->notes[1], "CORE", NT_PRFPREG, sizeof(t->fpu),
1790	&(t->fpu));	1790	&(t->fpu));
1791	t->num_notes++;	1791	t->num_notes++;
1792	sz += notesize(&t->notes[1]);	1792	sz += notesize(&t->notes[1]);
1793	}	1793	}
1794		1794
1795	#ifdef ELF_CORE_COPY_XFPREGS	1795	#ifdef ELF_CORE_COPY_XFPREGS
1796	if (elf_core_copy_task_xfpregs(p, &t->xfpu)) {	1796	if (elf_core_copy_task_xfpregs(p, &t->xfpu)) {
1797	fill_note(&t->notes[2], "LINUX", ELF_CORE_XFPREG_TYPE,	1797	fill_note(&t->notes[2], "LINUX", ELF_CORE_XFPREG_TYPE,
1798	sizeof(t->xfpu), &t->xfpu);	1798	sizeof(t->xfpu), &t->xfpu);
1799	t->num_notes++;	1799	t->num_notes++;
1800	sz += notesize(&t->notes[2]);	1800	sz += notesize(&t->notes[2]);
1801	}	1801	}
1802	#endif	1802	#endif
1803	return sz;	1803	return sz;
1804	}	1804	}
1805		1805
1806	struct elf_note_info {	1806	struct elf_note_info {
1807	struct memelfnote *notes;	1807	struct memelfnote *notes;
1808	struct elf_prstatus prstatus; / NT_PRSTATUS */	1808	struct elf_prstatus prstatus; / NT_PRSTATUS */
1809	struct elf_prpsinfo psinfo; / NT_PRPSINFO */	1809	struct elf_prpsinfo psinfo; / NT_PRPSINFO */
1810	struct list_head thread_list;	1810	struct list_head thread_list;
1811	elf_fpregset_t *fpu;	1811	elf_fpregset_t *fpu;
1812	#ifdef ELF_CORE_COPY_XFPREGS	1812	#ifdef ELF_CORE_COPY_XFPREGS
1813	elf_fpxregset_t *xfpu;	1813	elf_fpxregset_t *xfpu;
1814	#endif	1814	#endif
1815	user_siginfo_t csigdata;	1815	user_siginfo_t csigdata;
1816	int thread_status_size;	1816	int thread_status_size;
1817	int numnote;	1817	int numnote;
1818	};	1818	};
1819		1819
1820	static int elf_note_info_init(struct elf_note_info *info)	1820	static int elf_note_info_init(struct elf_note_info *info)
1821	{	1821	{
1822	memset(info, 0, sizeof(*info));	1822	memset(info, 0, sizeof(*info));
1823	INIT_LIST_HEAD(&info->thread_list);	1823	INIT_LIST_HEAD(&info->thread_list);
1824		1824
1825	/* Allocate space for ELF notes */	1825	/* Allocate space for ELF notes */
1826	info->notes = kmalloc(8 * sizeof(struct memelfnote), GFP_KERNEL);	1826	info->notes = kmalloc(8 * sizeof(struct memelfnote), GFP_KERNEL);
1827	if (!info->notes)	1827	if (!info->notes)
1828	return 0;	1828	return 0;
1829	info->psinfo = kmalloc(sizeof(*info->psinfo), GFP_KERNEL);	1829	info->psinfo = kmalloc(sizeof(*info->psinfo), GFP_KERNEL);
1830	if (!info->psinfo)	1830	if (!info->psinfo)
1831	return 0;	1831	return 0;
1832	info->prstatus = kmalloc(sizeof(*info->prstatus), GFP_KERNEL);	1832	info->prstatus = kmalloc(sizeof(*info->prstatus), GFP_KERNEL);
1833	if (!info->prstatus)	1833	if (!info->prstatus)
1834	return 0;	1834	return 0;
1835	info->fpu = kmalloc(sizeof(*info->fpu), GFP_KERNEL);	1835	info->fpu = kmalloc(sizeof(*info->fpu), GFP_KERNEL);
1836	if (!info->fpu)	1836	if (!info->fpu)
1837	return 0;	1837	return 0;
1838	#ifdef ELF_CORE_COPY_XFPREGS	1838	#ifdef ELF_CORE_COPY_XFPREGS
1839	info->xfpu = kmalloc(sizeof(*info->xfpu), GFP_KERNEL);	1839	info->xfpu = kmalloc(sizeof(*info->xfpu), GFP_KERNEL);
1840	if (!info->xfpu)	1840	if (!info->xfpu)
1841	return 0;	1841	return 0;
1842	#endif	1842	#endif
1843	return 1;	1843	return 1;
1844	}	1844	}
1845		1845
1846	static int fill_note_info(struct elfhdr *elf, int phdrs,	1846	static int fill_note_info(struct elfhdr *elf, int phdrs,
1847	struct elf_note_info *info,	1847	struct elf_note_info *info,
1848	siginfo_t siginfo, struct pt_regs regs)	1848	siginfo_t siginfo, struct pt_regs regs)
1849	{	1849	{
1850	struct list_head *t;	1850	struct list_head *t;
1851		1851
1852	if (!elf_note_info_init(info))	1852	if (!elf_note_info_init(info))
1853	return 0;	1853	return 0;
1854		1854
1855	if (siginfo->si_signo) {	1855	if (siginfo->si_signo) {
1856	struct core_thread *ct;	1856	struct core_thread *ct;
1857	struct elf_thread_status *ets;	1857	struct elf_thread_status *ets;
1858		1858
1859	for (ct = current->mm->core_state->dumper.next;	1859	for (ct = current->mm->core_state->dumper.next;
1860	ct; ct = ct->next) {	1860	ct; ct = ct->next) {
1861	ets = kzalloc(sizeof(*ets), GFP_KERNEL);	1861	ets = kzalloc(sizeof(*ets), GFP_KERNEL);
1862	if (!ets)	1862	if (!ets)
1863	return 0;	1863	return 0;
1864		1864
1865	ets->thread = ct->task;	1865	ets->thread = ct->task;
1866	list_add(&ets->list, &info->thread_list);	1866	list_add(&ets->list, &info->thread_list);
1867	}	1867	}
1868		1868
1869	list_for_each(t, &info->thread_list) {	1869	list_for_each(t, &info->thread_list) {
1870	int sz;	1870	int sz;
1871		1871
1872	ets = list_entry(t, struct elf_thread_status, list);	1872	ets = list_entry(t, struct elf_thread_status, list);
1873	sz = elf_dump_thread_status(siginfo->si_signo, ets);	1873	sz = elf_dump_thread_status(siginfo->si_signo, ets);
1874	info->thread_status_size += sz;	1874	info->thread_status_size += sz;
1875	}	1875	}
1876	}	1876	}
1877	/* now collect the dump for the current */	1877	/* now collect the dump for the current */
1878	memset(info->prstatus, 0, sizeof(*info->prstatus));	1878	memset(info->prstatus, 0, sizeof(*info->prstatus));
1879	fill_prstatus(info->prstatus, current, siginfo->si_signo);	1879	fill_prstatus(info->prstatus, current, siginfo->si_signo);
1880	elf_core_copy_regs(&info->prstatus->pr_reg, regs);	1880	elf_core_copy_regs(&info->prstatus->pr_reg, regs);
1881		1881
1882	/* Set up header */	1882	/* Set up header */
1883	fill_elf_header(elf, phdrs, ELF_ARCH, ELF_CORE_EFLAGS);	1883	fill_elf_header(elf, phdrs, ELF_ARCH, ELF_CORE_EFLAGS);
1884		1884
1885	/*	1885	/*
1886	* Set up the notes in similar form to SVR4 core dumps made	1886	* Set up the notes in similar form to SVR4 core dumps made
1887	* with info from their /proc.	1887	* with info from their /proc.
1888	*/	1888	*/
1889		1889
1890	fill_note(info->notes + 0, "CORE", NT_PRSTATUS,	1890	fill_note(info->notes + 0, "CORE", NT_PRSTATUS,
1891	sizeof(*info->prstatus), info->prstatus);	1891	sizeof(*info->prstatus), info->prstatus);
1892	fill_psinfo(info->psinfo, current->group_leader, current->mm);	1892	fill_psinfo(info->psinfo, current->group_leader, current->mm);
1893	fill_note(info->notes + 1, "CORE", NT_PRPSINFO,	1893	fill_note(info->notes + 1, "CORE", NT_PRPSINFO,
1894	sizeof(*info->psinfo), info->psinfo);	1894	sizeof(*info->psinfo), info->psinfo);
1895		1895
1896	fill_siginfo_note(info->notes + 2, &info->csigdata, siginfo);	1896	fill_siginfo_note(info->notes + 2, &info->csigdata, siginfo);
1897	fill_auxv_note(info->notes + 3, current->mm);	1897	fill_auxv_note(info->notes + 3, current->mm);
1898	fill_files_note(info->notes + 4);	1898	fill_files_note(info->notes + 4);
1899		1899
1900	info->numnote = 5;	1900	info->numnote = 5;
1901		1901
1902	/* Try to dump the FPU. */	1902	/* Try to dump the FPU. */
1903	info->prstatus->pr_fpvalid = elf_core_copy_task_fpregs(current, regs,	1903	info->prstatus->pr_fpvalid = elf_core_copy_task_fpregs(current, regs,
1904	info->fpu);	1904	info->fpu);
1905	if (info->prstatus->pr_fpvalid)	1905	if (info->prstatus->pr_fpvalid)
1906	fill_note(info->notes + info->numnote++,	1906	fill_note(info->notes + info->numnote++,
1907	"CORE", NT_PRFPREG, sizeof(*info->fpu), info->fpu);	1907	"CORE", NT_PRFPREG, sizeof(*info->fpu), info->fpu);
1908	#ifdef ELF_CORE_COPY_XFPREGS	1908	#ifdef ELF_CORE_COPY_XFPREGS
1909	if (elf_core_copy_task_xfpregs(current, info->xfpu))	1909	if (elf_core_copy_task_xfpregs(current, info->xfpu))
1910	fill_note(info->notes + info->numnote++,	1910	fill_note(info->notes + info->numnote++,
1911	"LINUX", ELF_CORE_XFPREG_TYPE,	1911	"LINUX", ELF_CORE_XFPREG_TYPE,
1912	sizeof(*info->xfpu), info->xfpu);	1912	sizeof(*info->xfpu), info->xfpu);
1913	#endif	1913	#endif
1914		1914
1915	return 1;	1915	return 1;
1916	}	1916	}
1917		1917
1918	static size_t get_note_info_size(struct elf_note_info *info)	1918	static size_t get_note_info_size(struct elf_note_info *info)
1919	{	1919	{
1920	int sz = 0;	1920	int sz = 0;
1921	int i;	1921	int i;
1922		1922
1923	for (i = 0; i < info->numnote; i++)	1923	for (i = 0; i < info->numnote; i++)
1924	sz += notesize(info->notes + i);	1924	sz += notesize(info->notes + i);
1925		1925
1926	sz += info->thread_status_size;	1926	sz += info->thread_status_size;
1927		1927
1928	return sz;	1928	return sz;
1929	}	1929	}
1930		1930
1931	static int write_note_info(struct elf_note_info *info,	1931	static int write_note_info(struct elf_note_info *info,
1932	struct file file, loff_t foffset)	1932	struct file file, loff_t foffset)
1933	{	1933	{
1934	int i;	1934	int i;
1935	struct list_head *t;	1935	struct list_head *t;
1936		1936
1937	for (i = 0; i < info->numnote; i++)	1937	for (i = 0; i < info->numnote; i++)
1938	if (!writenote(info->notes + i, file, foffset))	1938	if (!writenote(info->notes + i, file, foffset))
1939	return 0;	1939	return 0;
1940		1940
1941	/* write out the thread status notes section */	1941	/* write out the thread status notes section */
1942	list_for_each(t, &info->thread_list) {	1942	list_for_each(t, &info->thread_list) {
1943	struct elf_thread_status *tmp =	1943	struct elf_thread_status *tmp =
1944	list_entry(t, struct elf_thread_status, list);	1944	list_entry(t, struct elf_thread_status, list);
1945		1945
1946	for (i = 0; i < tmp->num_notes; i++)	1946	for (i = 0; i < tmp->num_notes; i++)
1947	if (!writenote(&tmp->notes[i], file, foffset))	1947	if (!writenote(&tmp->notes[i], file, foffset))
1948	return 0;	1948	return 0;
1949	}	1949	}
1950		1950
1951	return 1;	1951	return 1;
1952	}	1952	}
1953		1953
1954	static void free_note_info(struct elf_note_info *info)	1954	static void free_note_info(struct elf_note_info *info)
1955	{	1955	{
1956	while (!list_empty(&info->thread_list)) {	1956	while (!list_empty(&info->thread_list)) {
1957	struct list_head *tmp = info->thread_list.next;	1957	struct list_head *tmp = info->thread_list.next;
1958	list_del(tmp);	1958	list_del(tmp);
1959	kfree(list_entry(tmp, struct elf_thread_status, list));	1959	kfree(list_entry(tmp, struct elf_thread_status, list));
1960	}	1960	}
1961		1961
1962	/* Free data allocated by fill_files_note(): */	1962	/* Free data allocated by fill_files_note(): */
1963	vfree(info->notes[4].data);	1963	vfree(info->notes[4].data);
1964		1964
1965	kfree(info->prstatus);	1965	kfree(info->prstatus);
1966	kfree(info->psinfo);	1966	kfree(info->psinfo);
1967	kfree(info->notes);	1967	kfree(info->notes);
1968	kfree(info->fpu);	1968	kfree(info->fpu);
1969	#ifdef ELF_CORE_COPY_XFPREGS	1969	#ifdef ELF_CORE_COPY_XFPREGS
1970	kfree(info->xfpu);	1970	kfree(info->xfpu);
1971	#endif	1971	#endif
1972	}	1972	}
1973		1973
1974	#endif	1974	#endif
1975		1975
1976	static struct vm_area_struct first_vma(struct task_struct tsk,	1976	static struct vm_area_struct first_vma(struct task_struct tsk,
1977	struct vm_area_struct *gate_vma)	1977	struct vm_area_struct *gate_vma)
1978	{	1978	{
1979	struct vm_area_struct *ret = tsk->mm->mmap;	1979	struct vm_area_struct *ret = tsk->mm->mmap;
1980		1980
1981	if (ret)	1981	if (ret)
1982	return ret;	1982	return ret;
1983	return gate_vma;	1983	return gate_vma;
1984	}	1984	}
1985	/*	1985	/*
1986	* Helper function for iterating across a vma list. It ensures that the caller	1986	* Helper function for iterating across a vma list. It ensures that the caller
1987	* will visit `gate_vma' prior to terminating the search.	1987	* will visit `gate_vma' prior to terminating the search.
1988	*/	1988	*/
1989	static struct vm_area_struct next_vma(struct vm_area_struct this_vma,	1989	static struct vm_area_struct next_vma(struct vm_area_struct this_vma,
1990	struct vm_area_struct *gate_vma)	1990	struct vm_area_struct *gate_vma)
1991	{	1991	{
1992	struct vm_area_struct *ret;	1992	struct vm_area_struct *ret;
1993		1993
1994	ret = this_vma->vm_next;	1994	ret = this_vma->vm_next;
1995	if (ret)	1995	if (ret)
1996	return ret;	1996	return ret;
1997	if (this_vma == gate_vma)	1997	if (this_vma == gate_vma)
1998	return NULL;	1998	return NULL;
1999	return gate_vma;	1999	return gate_vma;
2000	}	2000	}
2001		2001
2002	static void fill_extnum_info(struct elfhdr elf, struct elf_shdr shdr4extnum,	2002	static void fill_extnum_info(struct elfhdr elf, struct elf_shdr shdr4extnum,
2003	elf_addr_t e_shoff, int segs)	2003	elf_addr_t e_shoff, int segs)
2004	{	2004	{
2005	elf->e_shoff = e_shoff;	2005	elf->e_shoff = e_shoff;
2006	elf->e_shentsize = sizeof(*shdr4extnum);	2006	elf->e_shentsize = sizeof(*shdr4extnum);
2007	elf->e_shnum = 1;	2007	elf->e_shnum = 1;
2008	elf->e_shstrndx = SHN_UNDEF;	2008	elf->e_shstrndx = SHN_UNDEF;
2009		2009
2010	memset(shdr4extnum, 0, sizeof(*shdr4extnum));	2010	memset(shdr4extnum, 0, sizeof(*shdr4extnum));
2011		2011
2012	shdr4extnum->sh_type = SHT_NULL;	2012	shdr4extnum->sh_type = SHT_NULL;
2013	shdr4extnum->sh_size = elf->e_shnum;	2013	shdr4extnum->sh_size = elf->e_shnum;
2014	shdr4extnum->sh_link = elf->e_shstrndx;	2014	shdr4extnum->sh_link = elf->e_shstrndx;
2015	shdr4extnum->sh_info = segs;	2015	shdr4extnum->sh_info = segs;
2016	}	2016	}
2017		2017
2018	static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma,	2018	static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma,
2019	unsigned long mm_flags)	2019	unsigned long mm_flags)
2020	{	2020	{
2021	struct vm_area_struct *vma;	2021	struct vm_area_struct *vma;
2022	size_t size = 0;	2022	size_t size = 0;
2023		2023
2024	for (vma = first_vma(current, gate_vma); vma != NULL;	2024	for (vma = first_vma(current, gate_vma); vma != NULL;
2025	vma = next_vma(vma, gate_vma))	2025	vma = next_vma(vma, gate_vma))
2026	size += vma_dump_size(vma, mm_flags);	2026	size += vma_dump_size(vma, mm_flags);
2027	return size;	2027	return size;
2028	}	2028	}
2029		2029
2030	/*	2030	/*
2031	* Actual dumper	2031	* Actual dumper
2032	*	2032	*
2033	* This is a two-pass process; first we find the offsets of the bits,	2033	* This is a two-pass process; first we find the offsets of the bits,
2034	* and then they are actually written out. If we run out of core limit	2034	* and then they are actually written out. If we run out of core limit
2035	* we just truncate.	2035	* we just truncate.
2036	*/	2036	*/
2037	static int elf_core_dump(struct coredump_params *cprm)	2037	static int elf_core_dump(struct coredump_params *cprm)
2038	{	2038	{
2039	int has_dumped = 0;	2039	int has_dumped = 0;
2040	mm_segment_t fs;	2040	mm_segment_t fs;
2041	int segs;	2041	int segs;
2042	size_t size = 0;	2042	size_t size = 0;
2043	struct vm_area_struct vma, gate_vma;	2043	struct vm_area_struct vma, gate_vma;
2044	struct elfhdr *elf = NULL;	2044	struct elfhdr *elf = NULL;
2045	loff_t offset = 0, dataoff, foffset;	2045	loff_t offset = 0, dataoff, foffset;
2046	struct elf_note_info info;	2046	struct elf_note_info info;
2047	struct elf_phdr *phdr4note = NULL;	2047	struct elf_phdr *phdr4note = NULL;
2048	struct elf_shdr *shdr4extnum = NULL;	2048	struct elf_shdr *shdr4extnum = NULL;
2049	Elf_Half e_phnum;	2049	Elf_Half e_phnum;
2050	elf_addr_t e_shoff;	2050	elf_addr_t e_shoff;
2051		2051
2052	/*	2052	/*
2053	* We no longer stop all VM operations.	2053	* We no longer stop all VM operations.
2054	*	2054	*
2055	* This is because those proceses that could possibly change map_count	2055	* This is because those proceses that could possibly change map_count
2056	* or the mmap / vma pages are now blocked in do_exit on current	2056	* or the mmap / vma pages are now blocked in do_exit on current
2057	* finishing this core dump.	2057	* finishing this core dump.
2058	*	2058	*
2059	* Only ptrace can touch these memory addresses, but it doesn't change	2059	* Only ptrace can touch these memory addresses, but it doesn't change
2060	* the map_count or the pages allocated. So no possibility of crashing	2060	* the map_count or the pages allocated. So no possibility of crashing
2061	* exists while dumping the mm->vm_next areas to the core file.	2061	* exists while dumping the mm->vm_next areas to the core file.
2062	*/	2062	*/
2063		2063
2064	/* alloc memory for large data structures: too large to be on stack */	2064	/* alloc memory for large data structures: too large to be on stack */
2065	elf = kmalloc(sizeof(*elf), GFP_KERNEL);	2065	elf = kmalloc(sizeof(*elf), GFP_KERNEL);
2066	if (!elf)	2066	if (!elf)
2067	goto out;	2067	goto out;
2068	/*	2068	/*
2069	* The number of segs are recored into ELF header as 16bit value.	2069	* The number of segs are recored into ELF header as 16bit value.
2070	* Please check DEFAULT_MAX_MAP_COUNT definition when you modify here.	2070	* Please check DEFAULT_MAX_MAP_COUNT definition when you modify here.
2071	*/	2071	*/
2072	segs = current->mm->map_count;	2072	segs = current->mm->map_count;
2073	segs += elf_core_extra_phdrs();	2073	segs += elf_core_extra_phdrs();
2074		2074
2075	gate_vma = get_gate_vma(current->mm);	2075	gate_vma = get_gate_vma(current->mm);
2076	if (gate_vma != NULL)	2076	if (gate_vma != NULL)
2077	segs++;	2077	segs++;
2078		2078
2079	/* for notes section */	2079	/* for notes section */
2080	segs++;	2080	segs++;
2081		2081
2082	/* If segs > PN_XNUM(0xffff), then e_phnum overflows. To avoid	2082	/* If segs > PN_XNUM(0xffff), then e_phnum overflows. To avoid
2083	* this, kernel supports extended numbering. Have a look at	2083	* this, kernel supports extended numbering. Have a look at
2084	* include/linux/elf.h for further information. */	2084	* include/linux/elf.h for further information. */
2085	e_phnum = segs > PN_XNUM ? PN_XNUM : segs;	2085	e_phnum = segs > PN_XNUM ? PN_XNUM : segs;
2086		2086
2087	/*	2087	/*
2088	* Collect all the non-memory information about the process for the	2088	* Collect all the non-memory information about the process for the
2089	* notes. This also sets up the file header.	2089	* notes. This also sets up the file header.
2090	*/	2090	*/
2091	if (!fill_note_info(elf, e_phnum, &info, cprm->siginfo, cprm->regs))	2091	if (!fill_note_info(elf, e_phnum, &info, cprm->siginfo, cprm->regs))
2092	goto cleanup;	2092	goto cleanup;
2093		2093
2094	has_dumped = 1;	2094	has_dumped = 1;
2095	current->flags \|= PF_DUMPCORE;	2095
2096
2097	fs = get_fs();	2096	fs = get_fs();
2098	set_fs(KERNEL_DS);	2097	set_fs(KERNEL_DS);
2099		2098
2100	offset += sizeof(elf); / Elf header */	2099	offset += sizeof(elf); / Elf header */
2101	offset += segs * sizeof(struct elf_phdr); /* Program headers */	2100	offset += segs * sizeof(struct elf_phdr); /* Program headers */
2102	foffset = offset;	2101	foffset = offset;
2103		2102
2104	/* Write notes phdr entry */	2103	/* Write notes phdr entry */
2105	{	2104	{
2106	size_t sz = get_note_info_size(&info);	2105	size_t sz = get_note_info_size(&info);
2107		2106
2108	sz += elf_coredump_extra_notes_size();	2107	sz += elf_coredump_extra_notes_size();
2109		2108
2110	phdr4note = kmalloc(sizeof(*phdr4note), GFP_KERNEL);	2109	phdr4note = kmalloc(sizeof(*phdr4note), GFP_KERNEL);
2111	if (!phdr4note)	2110	if (!phdr4note)
2112	goto end_coredump;	2111	goto end_coredump;
2113		2112
2114	fill_elf_note_phdr(phdr4note, sz, offset);	2113	fill_elf_note_phdr(phdr4note, sz, offset);
2115	offset += sz;	2114	offset += sz;
2116	}	2115	}
2117		2116
2118	dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);	2117	dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
2119		2118
2120	offset += elf_core_vma_data_size(gate_vma, cprm->mm_flags);	2119	offset += elf_core_vma_data_size(gate_vma, cprm->mm_flags);
2121	offset += elf_core_extra_data_size();	2120	offset += elf_core_extra_data_size();
2122	e_shoff = offset;	2121	e_shoff = offset;
2123		2122
2124	if (e_phnum == PN_XNUM) {	2123	if (e_phnum == PN_XNUM) {
2125	shdr4extnum = kmalloc(sizeof(*shdr4extnum), GFP_KERNEL);	2124	shdr4extnum = kmalloc(sizeof(*shdr4extnum), GFP_KERNEL);
2126	if (!shdr4extnum)	2125	if (!shdr4extnum)
2127	goto end_coredump;	2126	goto end_coredump;
2128	fill_extnum_info(elf, shdr4extnum, e_shoff, segs);	2127	fill_extnum_info(elf, shdr4extnum, e_shoff, segs);
2129	}	2128	}
2130		2129
2131	offset = dataoff;	2130	offset = dataoff;
2132		2131
2133	size += sizeof(*elf);	2132	size += sizeof(*elf);
2134	if (size > cprm->limit \|\| !dump_write(cprm->file, elf, sizeof(*elf)))	2133	if (size > cprm->limit \|\| !dump_write(cprm->file, elf, sizeof(*elf)))
2135	goto end_coredump;	2134	goto end_coredump;
2136		2135
2137	size += sizeof(*phdr4note);	2136	size += sizeof(*phdr4note);
2138	if (size > cprm->limit	2137	if (size > cprm->limit
2139	\|\| !dump_write(cprm->file, phdr4note, sizeof(*phdr4note)))	2138	\|\| !dump_write(cprm->file, phdr4note, sizeof(*phdr4note)))
2140	goto end_coredump;	2139	goto end_coredump;
2141		2140
2142	/* Write program headers for segments dump */	2141	/* Write program headers for segments dump */
2143	for (vma = first_vma(current, gate_vma); vma != NULL;	2142	for (vma = first_vma(current, gate_vma); vma != NULL;
2144	vma = next_vma(vma, gate_vma)) {	2143	vma = next_vma(vma, gate_vma)) {
2145	struct elf_phdr phdr;	2144	struct elf_phdr phdr;
2146		2145
2147	phdr.p_type = PT_LOAD;	2146	phdr.p_type = PT_LOAD;
2148	phdr.p_offset = offset;	2147	phdr.p_offset = offset;
2149	phdr.p_vaddr = vma->vm_start;	2148	phdr.p_vaddr = vma->vm_start;
2150	phdr.p_paddr = 0;	2149	phdr.p_paddr = 0;
2151	phdr.p_filesz = vma_dump_size(vma, cprm->mm_flags);	2150	phdr.p_filesz = vma_dump_size(vma, cprm->mm_flags);
2152	phdr.p_memsz = vma->vm_end - vma->vm_start;	2151	phdr.p_memsz = vma->vm_end - vma->vm_start;
2153	offset += phdr.p_filesz;	2152	offset += phdr.p_filesz;
2154	phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;	2153	phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
2155	if (vma->vm_flags & VM_WRITE)	2154	if (vma->vm_flags & VM_WRITE)
2156	phdr.p_flags \|= PF_W;	2155	phdr.p_flags \|= PF_W;
2157	if (vma->vm_flags & VM_EXEC)	2156	if (vma->vm_flags & VM_EXEC)
2158	phdr.p_flags \|= PF_X;	2157	phdr.p_flags \|= PF_X;
2159	phdr.p_align = ELF_EXEC_PAGESIZE;	2158	phdr.p_align = ELF_EXEC_PAGESIZE;
2160		2159
2161	size += sizeof(phdr);	2160	size += sizeof(phdr);
2162	if (size > cprm->limit	2161	if (size > cprm->limit
2163	\|\| !dump_write(cprm->file, &phdr, sizeof(phdr)))	2162	\|\| !dump_write(cprm->file, &phdr, sizeof(phdr)))
2164	goto end_coredump;	2163	goto end_coredump;
2165	}	2164	}
2166		2165
2167	if (!elf_core_write_extra_phdrs(cprm->file, offset, &size, cprm->limit))	2166	if (!elf_core_write_extra_phdrs(cprm->file, offset, &size, cprm->limit))
2168	goto end_coredump;	2167	goto end_coredump;
2169		2168
2170	/* write out the notes section */	2169	/* write out the notes section */
2171	if (!write_note_info(&info, cprm->file, &foffset))	2170	if (!write_note_info(&info, cprm->file, &foffset))
2172	goto end_coredump;	2171	goto end_coredump;
2173		2172
2174	if (elf_coredump_extra_notes_write(cprm->file, &foffset))	2173	if (elf_coredump_extra_notes_write(cprm->file, &foffset))
2175	goto end_coredump;	2174	goto end_coredump;
2176		2175
2177	/* Align to page */	2176	/* Align to page */
2178	if (!dump_seek(cprm->file, dataoff - foffset))	2177	if (!dump_seek(cprm->file, dataoff - foffset))
2179	goto end_coredump;	2178	goto end_coredump;
2180		2179
2181	for (vma = first_vma(current, gate_vma); vma != NULL;	2180	for (vma = first_vma(current, gate_vma); vma != NULL;
2182	vma = next_vma(vma, gate_vma)) {	2181	vma = next_vma(vma, gate_vma)) {
2183	unsigned long addr;	2182	unsigned long addr;
2184	unsigned long end;	2183	unsigned long end;
2185		2184
2186	end = vma->vm_start + vma_dump_size(vma, cprm->mm_flags);	2185	end = vma->vm_start + vma_dump_size(vma, cprm->mm_flags);
2187		2186
2188	for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {	2187	for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
2189	struct page *page;	2188	struct page *page;
2190	int stop;	2189	int stop;
2191		2190
2192	page = get_dump_page(addr);	2191	page = get_dump_page(addr);
2193	if (page) {	2192	if (page) {
2194	void *kaddr = kmap(page);	2193	void *kaddr = kmap(page);
2195	stop = ((size += PAGE_SIZE) > cprm->limit) \|\|	2194	stop = ((size += PAGE_SIZE) > cprm->limit) \|\|
2196	!dump_write(cprm->file, kaddr,	2195	!dump_write(cprm->file, kaddr,
2197	PAGE_SIZE);	2196	PAGE_SIZE);
2198	kunmap(page);	2197	kunmap(page);
2199	page_cache_release(page);	2198	page_cache_release(page);
2200	} else	2199	} else
2201	stop = !dump_seek(cprm->file, PAGE_SIZE);	2200	stop = !dump_seek(cprm->file, PAGE_SIZE);
2202	if (stop)	2201	if (stop)
2203	goto end_coredump;	2202	goto end_coredump;
2204	}	2203	}
2205	}	2204	}
2206		2205
2207	if (!elf_core_write_extra_data(cprm->file, &size, cprm->limit))	2206	if (!elf_core_write_extra_data(cprm->file, &size, cprm->limit))
2208	goto end_coredump;	2207	goto end_coredump;
2209		2208
2210	if (e_phnum == PN_XNUM) {	2209	if (e_phnum == PN_XNUM) {
2211	size += sizeof(*shdr4extnum);	2210	size += sizeof(*shdr4extnum);
2212	if (size > cprm->limit	2211	if (size > cprm->limit
2213	\|\| !dump_write(cprm->file, shdr4extnum,	2212	\|\| !dump_write(cprm->file, shdr4extnum,
2214	sizeof(*shdr4extnum)))	2213	sizeof(*shdr4extnum)))
2215	goto end_coredump;	2214	goto end_coredump;
2216	}	2215	}
2217		2216
2218	end_coredump:	2217	end_coredump:
2219	set_fs(fs);	2218	set_fs(fs);
2220		2219
2221	cleanup:	2220	cleanup:
2222	free_note_info(&info);	2221	free_note_info(&info);
2223	kfree(shdr4extnum);	2222	kfree(shdr4extnum);
2224	kfree(phdr4note);	2223	kfree(phdr4note);
2225	kfree(elf);	2224	kfree(elf);
2226	out:	2225	out:
2227	return has_dumped;	2226	return has_dumped;
2228	}	2227	}
2229		2228
2230	#endif /* CONFIG_ELF_CORE */	2229	#endif /* CONFIG_ELF_CORE */
2231		2230
2232	static int __init init_elf_binfmt(void)	2231	static int __init init_elf_binfmt(void)
2233	{	2232	{
2234	register_binfmt(&elf_format);	2233	register_binfmt(&elf_format);
2235	return 0;	2234	return 0;
2236	}	2235	}
2237		2236
2238	static void __exit exit_elf_binfmt(void)	2237	static void __exit exit_elf_binfmt(void)
2239	{	2238	{
2240	/* Remove the COFF and ELF loaders. */	2239	/* Remove the COFF and ELF loaders. */
2241	unregister_binfmt(&elf_format);	2240	unregister_binfmt(&elf_format);
2242	}	2241	}
2243		2242
2244	core_initcall(init_elf_binfmt);	2243	core_initcall(init_elf_binfmt);
2245	module_exit(exit_elf_binfmt);	2244	module_exit(exit_elf_binfmt);
2246	MODULE_LICENSE("GPL");	2245	MODULE_LICENSE("GPL");
2247		2246

fs/binfmt_elf_fdpic.c

Diff comments View file @ 079148b

 /* binfmt_elf_fdpic.c: FDPIC ELF binary format
  *
  * Copyright (C) 2003, 2004, 2006 Red Hat, Inc. All Rights Reserved.
  * Written by David Howells (dhowells@redhat.com)
  * Derived from binfmt_elf.c
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
  * as published by the Free Software Foundation; either version
  * 2 of the License, or (at your option) any later version.
  */
 #include <linux/module.h>
 #include <linux/fs.h>
 #include <linux/stat.h>
 #include <linux/sched.h>
 #include <linux/mm.h>
 #include <linux/mman.h>
 #include <linux/errno.h>
 #include <linux/signal.h>
 #include <linux/binfmts.h>
 #include <linux/string.h>
 #include <linux/file.h>
 #include <linux/fcntl.h>
 #include <linux/slab.h>
 #include <linux/pagemap.h>
 #include <linux/security.h>
 #include <linux/highmem.h>
 #include <linux/highuid.h>
 #include <linux/personality.h>
 #include <linux/ptrace.h>
 #include <linux/init.h>
 #include <linux/elf.h>
 #include <linux/elf-fdpic.h>
 #include <linux/elfcore.h>
 #include <linux/coredump.h>
 #include <asm/uaccess.h>
 #include <asm/param.h>
 #include <asm/pgalloc.h>
 typedef char *elf_caddr_t;
 #if 0
 #define kdebug(fmt, ...) printk("FDPIC "fmt"\n" ,##__VA_ARGS__ )
 #else
 #define kdebug(fmt, ...) do {} while(0)
 #endif
 #if 0
 #define kdcore(fmt, ...) printk("FDPIC "fmt"\n" ,##__VA_ARGS__ )
 #else
 #define kdcore(fmt, ...) do {} while(0)
 #endif
 MODULE_LICENSE("GPL");
 static int load_elf_fdpic_binary(struct linux_binprm *);
 static int elf_fdpic_fetch_phdrs(struct elf_fdpic_params *, struct file *);
 static int elf_fdpic_map_file(struct elf_fdpic_params *, struct file *,
 			      struct mm_struct *, const char *);
 static int create_elf_fdpic_tables(struct linux_binprm *, struct mm_struct *,
 				   struct elf_fdpic_params *,
 				   struct elf_fdpic_params *);
 #ifndef CONFIG_MMU
 static int elf_fdpic_transfer_args_to_stack(struct linux_binprm *,
 					    unsigned long *);
 static int elf_fdpic_map_file_constdisp_on_uclinux(struct elf_fdpic_params *,
 						   struct file *,
 						   struct mm_struct *);
 #endif
 static int elf_fdpic_map_file_by_direct_mmap(struct elf_fdpic_params *,
 					     struct file *, struct mm_struct *);
 #ifdef CONFIG_ELF_CORE
 static int elf_fdpic_core_dump(struct coredump_params *cprm);
 #endif
 static struct linux_binfmt elf_fdpic_format = {
 	.module		= THIS_MODULE,
 	.load_binary	= load_elf_fdpic_binary,
 #ifdef CONFIG_ELF_CORE
 	.core_dump	= elf_fdpic_core_dump,
 #endif
 	.min_coredump	= ELF_EXEC_PAGESIZE,
 };
 static int __init init_elf_fdpic_binfmt(void)
 {
 	register_binfmt(&elf_fdpic_format);
 	return 0;
 }
 static void __exit exit_elf_fdpic_binfmt(void)
 {
 	unregister_binfmt(&elf_fdpic_format);
 }
 core_initcall(init_elf_fdpic_binfmt);
 module_exit(exit_elf_fdpic_binfmt);
 static int is_elf_fdpic(struct elfhdr *hdr, struct file *file)
 {
 	if (memcmp(hdr->e_ident, ELFMAG, SELFMAG) != 0)
 		return 0;
 	if (hdr->e_type != ET_EXEC && hdr->e_type != ET_DYN)
 		return 0;
 	if (!elf_check_arch(hdr) || !elf_check_fdpic(hdr))
 		return 0;
 	if (!file->f_op || !file->f_op->mmap)
 		return 0;
 	return 1;
 }
 /*****************************************************************************/
 /*
  * read the program headers table into memory
  */
 static int elf_fdpic_fetch_phdrs(struct elf_fdpic_params *params,
 				 struct file *file)
 {
 	struct elf32_phdr *phdr;
 	unsigned long size;
 	int retval, loop;
 	if (params->hdr.e_phentsize != sizeof(struct elf_phdr))
 		return -ENOMEM;
 	if (params->hdr.e_phnum > 65536U / sizeof(struct elf_phdr))
 		return -ENOMEM;
 	size = params->hdr.e_phnum * sizeof(struct elf_phdr);
 	params->phdrs = kmalloc(size, GFP_KERNEL);
 	if (!params->phdrs)
 		return -ENOMEM;
 	retval = kernel_read(file, params->hdr.e_phoff,
 			     (char *) params->phdrs, size);
 	if (unlikely(retval != size))
 		return retval < 0 ? retval : -ENOEXEC;
 	/* determine stack size for this binary */
 	phdr = params->phdrs;
 	for (loop = 0; loop < params->hdr.e_phnum; loop++, phdr++) {
 		if (phdr->p_type != PT_GNU_STACK)
 			continue;
 		if (phdr->p_flags & PF_X)
 			params->flags |= ELF_FDPIC_FLAG_EXEC_STACK;
 		else
 			params->flags |= ELF_FDPIC_FLAG_NOEXEC_STACK;
 		params->stack_size = phdr->p_memsz;
 		break;
 	}
 	return 0;
 }
 /*****************************************************************************/
 /*
  * load an fdpic binary into various bits of memory
  */
 static int load_elf_fdpic_binary(struct linux_binprm *bprm)
 {
 	struct elf_fdpic_params exec_params, interp_params;
 	struct pt_regs *regs = current_pt_regs();
 	struct elf_phdr *phdr;
 	unsigned long stack_size, entryaddr;
 #ifdef ELF_FDPIC_PLAT_INIT
 	unsigned long dynaddr;
 #endif
 #ifndef CONFIG_MMU
 	unsigned long stack_prot;
 #endif
 	struct file *interpreter = NULL; /* to shut gcc up */
 	char *interpreter_name = NULL;
 	int executable_stack;
 	int retval, i;
 	kdebug("____ LOAD %d ____", current->pid);
 	memset(&exec_params, 0, sizeof(exec_params));
 	memset(&interp_params, 0, sizeof(interp_params));
 	exec_params.hdr = *(struct elfhdr *) bprm->buf;
 	exec_params.flags = ELF_FDPIC_FLAG_PRESENT | ELF_FDPIC_FLAG_EXECUTABLE;
 	/* check that this is a binary we know how to deal with */
 	retval = -ENOEXEC;
 	if (!is_elf_fdpic(&exec_params.hdr, bprm->file))
 		goto error;
 	/* read the program header table */
 	retval = elf_fdpic_fetch_phdrs(&exec_params, bprm->file);
 	if (retval < 0)
 		goto error;
 	/* scan for a program header that specifies an interpreter */
 	phdr = exec_params.phdrs;
 	for (i = 0; i < exec_params.hdr.e_phnum; i++, phdr++) {
 		switch (phdr->p_type) {
 		case PT_INTERP:
 			retval = -ENOMEM;
 			if (phdr->p_filesz > PATH_MAX)
 				goto error;
 			retval = -ENOENT;
 			if (phdr->p_filesz < 2)
 				goto error;
 			/* read the name of the interpreter into memory */
 			interpreter_name = kmalloc(phdr->p_filesz, GFP_KERNEL);
 			if (!interpreter_name)
 				goto error;
 			retval = kernel_read(bprm->file,
 					     phdr->p_offset,
 					     interpreter_name,
 					     phdr->p_filesz);
 			if (unlikely(retval != phdr->p_filesz)) {
 				if (retval >= 0)
 					retval = -ENOEXEC;
 				goto error;
 			}
 			retval = -ENOENT;
 			if (interpreter_name[phdr->p_filesz - 1] != '\0')
 				goto error;
 			kdebug("Using ELF interpreter %s", interpreter_name);
 			/* replace the program with the interpreter */
 			interpreter = open_exec(interpreter_name);
 			retval = PTR_ERR(interpreter);
 			if (IS_ERR(interpreter)) {
 				interpreter = NULL;
 				goto error;
 			}
 			/*
 			 * If the binary is not readable then enforce
 			 * mm->dumpable = 0 regardless of the interpreter's
 			 * permissions.
 			 */
 			would_dump(bprm, interpreter);
 			retval = kernel_read(interpreter, 0, bprm->buf,
 					     BINPRM_BUF_SIZE);
 			if (unlikely(retval != BINPRM_BUF_SIZE)) {
 				if (retval >= 0)
 					retval = -ENOEXEC;
 				goto error;
 			}
 			interp_params.hdr = *((struct elfhdr *) bprm->buf);
 			break;
 		case PT_LOAD:
 #ifdef CONFIG_MMU
 			if (exec_params.load_addr == 0)
 				exec_params.load_addr = phdr->p_vaddr;
 #endif
 			break;
 		}
 	}
 	if (elf_check_const_displacement(&exec_params.hdr))
 		exec_params.flags |= ELF_FDPIC_FLAG_CONSTDISP;
 	/* perform insanity checks on the interpreter */
 	if (interpreter_name) {
 		retval = -ELIBBAD;
 		if (!is_elf_fdpic(&interp_params.hdr, interpreter))
 			goto error;
 		interp_params.flags = ELF_FDPIC_FLAG_PRESENT;
 		/* read the interpreter's program header table */
 		retval = elf_fdpic_fetch_phdrs(&interp_params, interpreter);
 		if (retval < 0)
 			goto error;
 	}
 	stack_size = exec_params.stack_size;
 	if (exec_params.flags & ELF_FDPIC_FLAG_EXEC_STACK)
 		executable_stack = EXSTACK_ENABLE_X;
 	else if (exec_params.flags & ELF_FDPIC_FLAG_NOEXEC_STACK)
 		executable_stack = EXSTACK_DISABLE_X;
 	else
 		executable_stack = EXSTACK_DEFAULT;
 	if (stack_size == 0) {
 		stack_size = interp_params.stack_size;
 		if (interp_params.flags & ELF_FDPIC_FLAG_EXEC_STACK)
 			executable_stack = EXSTACK_ENABLE_X;
 		else if (interp_params.flags & ELF_FDPIC_FLAG_NOEXEC_STACK)
 			executable_stack = EXSTACK_DISABLE_X;
 		else
 			executable_stack = EXSTACK_DEFAULT;
 	}
 	retval = -ENOEXEC;
 	if (stack_size == 0)
 		goto error;
 	if (elf_check_const_displacement(&interp_params.hdr))
 		interp_params.flags |= ELF_FDPIC_FLAG_CONSTDISP;
 	/* flush all traces of the currently running executable */
 	retval = flush_old_exec(bprm);
 	if (retval)
 		goto error;
 	/* there's now no turning back... the old userspace image is dead,
 	 * defunct, deceased, etc. after this point we have to exit via
 	 * error_kill */
 	set_personality(PER_LINUX_FDPIC);
 	if (elf_read_implies_exec(&exec_params.hdr, executable_stack))
 		current->personality |= READ_IMPLIES_EXEC;
 	setup_new_exec(bprm);
 	set_binfmt(&elf_fdpic_format);
 	current->mm->start_code = 0;
 	current->mm->end_code = 0;
 	current->mm->start_stack = 0;
 	current->mm->start_data = 0;
 	current->mm->end_data = 0;
 	current->mm->context.exec_fdpic_loadmap = 0;
 	current->mm->context.interp_fdpic_loadmap = 0;
 #ifdef CONFIG_MMU
 	elf_fdpic_arch_lay_out_mm(&exec_params,
 				  &interp_params,
 				  &current->mm->start_stack,
 				  &current->mm->start_brk);
 	retval = setup_arg_pages(bprm, current->mm->start_stack,
 				 executable_stack);
 	if (retval < 0) {
 		send_sig(SIGKILL, current, 0);
 		goto error_kill;
 	}
 #endif
 	/* load the executable and interpreter into memory */
 	retval = elf_fdpic_map_file(&exec_params, bprm->file, current->mm,
 				    "executable");
 	if (retval < 0)
 		goto error_kill;
 	if (interpreter_name) {
 		retval = elf_fdpic_map_file(&interp_params, interpreter,
 					    current->mm, "interpreter");
 		if (retval < 0) {
 			printk(KERN_ERR "Unable to load interpreter\n");
 			goto error_kill;
 		}
 		allow_write_access(interpreter);
 		fput(interpreter);
 		interpreter = NULL;
 	}
 #ifdef CONFIG_MMU
 	if (!current->mm->start_brk)
 		current->mm->start_brk = current->mm->end_data;
 	current->mm->brk = current->mm->start_brk =
 		PAGE_ALIGN(current->mm->start_brk);
 #else
 	/* create a stack and brk area big enough for everyone
 	 * - the brk heap starts at the bottom and works up
 	 * - the stack starts at the top and works down
 	 */
 	stack_size = (stack_size + PAGE_SIZE - 1) & PAGE_MASK;
 	if (stack_size < PAGE_SIZE * 2)
 		stack_size = PAGE_SIZE * 2;
 	stack_prot = PROT_READ | PROT_WRITE;
 	if (executable_stack == EXSTACK_ENABLE_X ||
 	    (executable_stack == EXSTACK_DEFAULT && VM_STACK_FLAGS & VM_EXEC))
 		stack_prot |= PROT_EXEC;
 	current->mm->start_brk = vm_mmap(NULL, 0, stack_size, stack_prot,
 					 MAP_PRIVATE | MAP_ANONYMOUS |
 					 MAP_UNINITIALIZED | MAP_GROWSDOWN,
 					 0);
 	if (IS_ERR_VALUE(current->mm->start_brk)) {
 		retval = current->mm->start_brk;
 		current->mm->start_brk = 0;
 		goto error_kill;
 	}
 	current->mm->brk = current->mm->start_brk;
 	current->mm->context.end_brk = current->mm->start_brk;
 	current->mm->context.end_brk +=
 		(stack_size > PAGE_SIZE) ? (stack_size - PAGE_SIZE) : 0;
 	current->mm->start_stack = current->mm->start_brk + stack_size;
 #endif
 	install_exec_creds(bprm);
 	if (create_elf_fdpic_tables(bprm, current->mm,
 				    &exec_params, &interp_params) < 0)
 		goto error_kill;
 	kdebug("- start_code  %lx", current->mm->start_code);
 	kdebug("- end_code    %lx", current->mm->end_code);
 	kdebug("- start_data  %lx", current->mm->start_data);
 	kdebug("- end_data    %lx", current->mm->end_data);
 	kdebug("- start_brk   %lx", current->mm->start_brk);
 	kdebug("- brk         %lx", current->mm->brk);
 	kdebug("- start_stack %lx", current->mm->start_stack);
 #ifdef ELF_FDPIC_PLAT_INIT
 	/*
 	 * The ABI may specify that certain registers be set up in special
 	 * ways (on i386 %edx is the address of a DT_FINI function, for
 	 * example.  This macro performs whatever initialization to
 	 * the regs structure is required.
 	 */
 	dynaddr = interp_params.dynamic_addr ?: exec_params.dynamic_addr;
 	ELF_FDPIC_PLAT_INIT(regs, exec_params.map_addr, interp_params.map_addr,
 			    dynaddr);
 #endif
 	/* everything is now ready... get the userspace context ready to roll */
 	entryaddr = interp_params.entry_addr ?: exec_params.entry_addr;
 	start_thread(regs, entryaddr, current->mm->start_stack);
 	retval = 0;
 error:
 	if (interpreter) {
 		allow_write_access(interpreter);
 		fput(interpreter);
 	}
 	kfree(interpreter_name);
 	kfree(exec_params.phdrs);
 	kfree(exec_params.loadmap);
 	kfree(interp_params.phdrs);
 	kfree(interp_params.loadmap);
 	return retval;
 	/* unrecoverable error - kill the process */
 error_kill:
 	send_sig(SIGSEGV, current, 0);
 	goto error;
 }
 /*****************************************************************************/
 #ifndef ELF_BASE_PLATFORM
 /*
  * AT_BASE_PLATFORM indicates the "real" hardware/microarchitecture.
  * If the arch defines ELF_BASE_PLATFORM (in asm/elf.h), the value
  * will be copied to the user stack in the same manner as AT_PLATFORM.
  */
 #define ELF_BASE_PLATFORM NULL
 #endif
 /*
  * present useful information to the program by shovelling it onto the new
  * process's stack
  */
 static int create_elf_fdpic_tables(struct linux_binprm *bprm,
 				   struct mm_struct *mm,
 				   struct elf_fdpic_params *exec_params,
 				   struct elf_fdpic_params *interp_params)
 {
 	const struct cred *cred = current_cred();
 	unsigned long sp, csp, nitems;
 	elf_caddr_t __user *argv, *envp;
 	size_t platform_len = 0, len;
 	char *k_platform, *k_base_platform;
 	char __user *u_platform, *u_base_platform, *p;
 	long hwcap;
 	int loop;
 	int nr;	/* reset for each csp adjustment */
 #ifdef CONFIG_MMU
 	/* In some cases (e.g. Hyper-Threading), we want to avoid L1 evictions
 	 * by the processes running on the same package. One thing we can do is
 	 * to shuffle the initial stack for them, so we give the architecture
 	 * an opportunity to do so here.
 	 */
 	sp = arch_align_stack(bprm->p);
 #else
 	sp = mm->start_stack;
 	/* stack the program arguments and environment */
 	if (elf_fdpic_transfer_args_to_stack(bprm, &sp) < 0)
 		return -EFAULT;
 #endif
 	hwcap = ELF_HWCAP;
 	/*
 	 * If this architecture has a platform capability string, copy it
 	 * to userspace.  In some cases (Sparc), this info is impossible
 	 * for userspace to get any other way, in others (i386) it is
 	 * merely difficult.
 	 */
 	k_platform = ELF_PLATFORM;
 	u_platform = NULL;
 	if (k_platform) {
 		platform_len = strlen(k_platform) + 1;
 		sp -= platform_len;
 		u_platform = (char __user *) sp;
 		if (__copy_to_user(u_platform, k_platform, platform_len) != 0)
 			return -EFAULT;
 	}
 	/*
 	 * If this architecture has a "base" platform capability
 	 * string, copy it to userspace.
 	 */
 	k_base_platform = ELF_BASE_PLATFORM;
 	u_base_platform = NULL;
 	if (k_base_platform) {
 		platform_len = strlen(k_base_platform) + 1;
 		sp -= platform_len;
 		u_base_platform = (char __user *) sp;
 		if (__copy_to_user(u_base_platform, k_base_platform, platform_len) != 0)
 			return -EFAULT;
 	}
 	sp &= ~7UL;
 	/* stack the load map(s) */
 	len = sizeof(struct elf32_fdpic_loadmap);
 	len += sizeof(struct elf32_fdpic_loadseg) * exec_params->loadmap->nsegs;
 	sp = (sp - len) & ~7UL;
 	exec_params->map_addr = sp;
 	if (copy_to_user((void __user *) sp, exec_params->loadmap, len) != 0)
 		return -EFAULT;
 	current->mm->context.exec_fdpic_loadmap = (unsigned long) sp;
 	if (interp_params->loadmap) {
 		len = sizeof(struct elf32_fdpic_loadmap);
 		len += sizeof(struct elf32_fdpic_loadseg) *
 			interp_params->loadmap->nsegs;
 		sp = (sp - len) & ~7UL;
 		interp_params->map_addr = sp;
 		if (copy_to_user((void __user *) sp, interp_params->loadmap,
 				 len) != 0)
 			return -EFAULT;
 		current->mm->context.interp_fdpic_loadmap = (unsigned long) sp;
 	}
 	/* force 16 byte _final_ alignment here for generality */
 #define DLINFO_ITEMS 15
 	nitems = 1 + DLINFO_ITEMS + (k_platform ? 1 : 0) +
 		(k_base_platform ? 1 : 0) + AT_VECTOR_SIZE_ARCH;
 	if (bprm->interp_flags & BINPRM_FLAGS_EXECFD)
 		nitems++;
 	csp = sp;
 	sp -= nitems * 2 * sizeof(unsigned long);
 	sp -= (bprm->envc + 1) * sizeof(char *);	/* envv[] */
 	sp -= (bprm->argc + 1) * sizeof(char *);	/* argv[] */
 	sp -= 1 * sizeof(unsigned long);		/* argc */
 	csp -= sp & 15UL;
 	sp -= sp & 15UL;
 	/* put the ELF interpreter info on the stack */
 #define NEW_AUX_ENT(id, val)						\
 	do {								\
 		struct { unsigned long _id, _val; } __user *ent;	\
 									\
 		ent = (void __user *) csp;				\
 		__put_user((id), &ent[nr]._id);				\
 		__put_user((val), &ent[nr]._val);			\
 		nr++;							\
 	} while (0)
 	nr = 0;
 	csp -= 2 * sizeof(unsigned long);
 	NEW_AUX_ENT(AT_NULL, 0);
 	if (k_platform) {
 		nr = 0;
 		csp -= 2 * sizeof(unsigned long);
 		NEW_AUX_ENT(AT_PLATFORM,
 			    (elf_addr_t) (unsigned long) u_platform);
 	}
 	if (k_base_platform) {
 		nr = 0;
 		csp -= 2 * sizeof(unsigned long);
 		NEW_AUX_ENT(AT_BASE_PLATFORM,
 			    (elf_addr_t) (unsigned long) u_base_platform);
 	}
 	if (bprm->interp_flags & BINPRM_FLAGS_EXECFD) {
 		nr = 0;
 		csp -= 2 * sizeof(unsigned long);
 		NEW_AUX_ENT(AT_EXECFD, bprm->interp_data);
 	}
 	nr = 0;
 	csp -= DLINFO_ITEMS * 2 * sizeof(unsigned long);
 	NEW_AUX_ENT(AT_HWCAP,	hwcap);
 	NEW_AUX_ENT(AT_PAGESZ,	PAGE_SIZE);
 	NEW_AUX_ENT(AT_CLKTCK,	CLOCKS_PER_SEC);
 	NEW_AUX_ENT(AT_PHDR,	exec_params->ph_addr);
 	NEW_AUX_ENT(AT_PHENT,	sizeof(struct elf_phdr));
 	NEW_AUX_ENT(AT_PHNUM,	exec_params->hdr.e_phnum);
 	NEW_AUX_ENT(AT_BASE,	interp_params->elfhdr_addr);
 	NEW_AUX_ENT(AT_FLAGS,	0);
 	NEW_AUX_ENT(AT_ENTRY,	exec_params->entry_addr);
 	NEW_AUX_ENT(AT_UID,	(elf_addr_t) from_kuid_munged(cred->user_ns, cred->uid));
 	NEW_AUX_ENT(AT_EUID,	(elf_addr_t) from_kuid_munged(cred->user_ns, cred->euid));
 	NEW_AUX_ENT(AT_GID,	(elf_addr_t) from_kgid_munged(cred->user_ns, cred->gid));
 	NEW_AUX_ENT(AT_EGID,	(elf_addr_t) from_kgid_munged(cred->user_ns, cred->egid));
 	NEW_AUX_ENT(AT_SECURE,	security_bprm_secureexec(bprm));
 	NEW_AUX_ENT(AT_EXECFN,	bprm->exec);
 #ifdef ARCH_DLINFO
 	nr = 0;
 	csp -= AT_VECTOR_SIZE_ARCH * 2 * sizeof(unsigned long);
 	/* ARCH_DLINFO must come last so platform specific code can enforce
 	 * special alignment requirements on the AUXV if necessary (eg. PPC).
 	 */
 	ARCH_DLINFO;
 #endif
 #undef NEW_AUX_ENT
 	/* allocate room for argv[] and envv[] */
 	csp -= (bprm->envc + 1) * sizeof(elf_caddr_t);
 	envp = (elf_caddr_t __user *) csp;
 	csp -= (bprm->argc + 1) * sizeof(elf_caddr_t);
 	argv = (elf_caddr_t __user *) csp;
 	/* stack argc */
 	csp -= sizeof(unsigned long);
 	__put_user(bprm->argc, (unsigned long __user *) csp);
 	BUG_ON(csp != sp);
 	/* fill in the argv[] array */
 #ifdef CONFIG_MMU
 	current->mm->arg_start = bprm->p;
 #else
 	current->mm->arg_start = current->mm->start_stack -
 		(MAX_ARG_PAGES * PAGE_SIZE - bprm->p);
 #endif
 	p = (char __user *) current->mm->arg_start;
 	for (loop = bprm->argc; loop > 0; loop--) {
 		__put_user((elf_caddr_t) p, argv++);
 		len = strnlen_user(p, MAX_ARG_STRLEN);
 		if (!len || len > MAX_ARG_STRLEN)
 			return -EINVAL;
 		p += len;
 	}
 	__put_user(NULL, argv);
 	current->mm->arg_end = (unsigned long) p;
 	/* fill in the envv[] array */
 	current->mm->env_start = (unsigned long) p;
 	for (loop = bprm->envc; loop > 0; loop--) {
 		__put_user((elf_caddr_t)(unsigned long) p, envp++);
 		len = strnlen_user(p, MAX_ARG_STRLEN);
 		if (!len || len > MAX_ARG_STRLEN)
 			return -EINVAL;
 		p += len;
 	}
 	__put_user(NULL, envp);
 	current->mm->env_end = (unsigned long) p;
 	mm->start_stack = (unsigned long) sp;
 	return 0;
 }
 /*****************************************************************************/
 /*
  * transfer the program arguments and environment from the holding pages onto
  * the stack
  */
 #ifndef CONFIG_MMU
 static int elf_fdpic_transfer_args_to_stack(struct linux_binprm *bprm,
 					    unsigned long *_sp)
 {
 	unsigned long index, stop, sp;
 	char *src;
 	int ret = 0;
 	stop = bprm->p >> PAGE_SHIFT;
 	sp = *_sp;
 	for (index = MAX_ARG_PAGES - 1; index >= stop; index--) {
 		src = kmap(bprm->page[index]);
 		sp -= PAGE_SIZE;
 		if (copy_to_user((void *) sp, src, PAGE_SIZE) != 0)
 			ret = -EFAULT;
 		kunmap(bprm->page[index]);
 		if (ret < 0)
 			goto out;
 	}
 	*_sp = (*_sp - (MAX_ARG_PAGES * PAGE_SIZE - bprm->p)) & ~15;
 out:
 	return ret;
 }
 #endif
 /*****************************************************************************/
 /*
  * load the appropriate binary image (executable or interpreter) into memory
  * - we assume no MMU is available
  * - if no other PIC bits are set in params->hdr->e_flags
  *   - we assume that the LOADable segments in the binary are independently relocatable
  *   - we assume R/O executable segments are shareable
  * - else
  *   - we assume the loadable parts of the image to require fixed displacement
  *   - the image is not shareable
  */
 static int elf_fdpic_map_file(struct elf_fdpic_params *params,
 			      struct file *file,
 			      struct mm_struct *mm,
 			      const char *what)
 {
 	struct elf32_fdpic_loadmap *loadmap;
 #ifdef CONFIG_MMU
 	struct elf32_fdpic_loadseg *mseg;
 #endif
 	struct elf32_fdpic_loadseg *seg;
 	struct elf32_phdr *phdr;
 	unsigned long load_addr, stop;
 	unsigned nloads, tmp;
 	size_t size;
 	int loop, ret;
 	/* allocate a load map table */
 	nloads = 0;
 	for (loop = 0; loop < params->hdr.e_phnum; loop++)
 		if (params->phdrs[loop].p_type == PT_LOAD)
 			nloads++;
 	if (nloads == 0)
 		return -ELIBBAD;
 	size = sizeof(*loadmap) + nloads * sizeof(*seg);
 	loadmap = kzalloc(size, GFP_KERNEL);
 	if (!loadmap)
 		return -ENOMEM;
 	params->loadmap = loadmap;
 	loadmap->version = ELF32_FDPIC_LOADMAP_VERSION;
 	loadmap->nsegs = nloads;
 	load_addr = params->load_addr;
 	seg = loadmap->segs;
 	/* map the requested LOADs into the memory space */
 	switch (params->flags & ELF_FDPIC_FLAG_ARRANGEMENT) {
 	case ELF_FDPIC_FLAG_CONSTDISP:
 	case ELF_FDPIC_FLAG_CONTIGUOUS:
 #ifndef CONFIG_MMU
 		ret = elf_fdpic_map_file_constdisp_on_uclinux(params, file, mm);
 		if (ret < 0)
 			return ret;
 		break;
 #endif
 	default:
 		ret = elf_fdpic_map_file_by_direct_mmap(params, file, mm);
 		if (ret < 0)
 			return ret;
 		break;
 	}
 	/* map the entry point */
 	if (params->hdr.e_entry) {
 		seg = loadmap->segs;
 		for (loop = loadmap->nsegs; loop > 0; loop--, seg++) {
 			if (params->hdr.e_entry >= seg->p_vaddr &&
 			    params->hdr.e_entry < seg->p_vaddr + seg->p_memsz) {
 				params->entry_addr =
 					(params->hdr.e_entry - seg->p_vaddr) +
 					seg->addr;
 				break;
 			}
 		}
 	}
 	/* determine where the program header table has wound up if mapped */
 	stop = params->hdr.e_phoff;
 	stop += params->hdr.e_phnum * sizeof (struct elf_phdr);
 	phdr = params->phdrs;
 	for (loop = 0; loop < params->hdr.e_phnum; loop++, phdr++) {
 		if (phdr->p_type != PT_LOAD)
 			continue;
 		if (phdr->p_offset > params->hdr.e_phoff ||
 		    phdr->p_offset + phdr->p_filesz < stop)
 			continue;
 		seg = loadmap->segs;
 		for (loop = loadmap->nsegs; loop > 0; loop--, seg++) {
 			if (phdr->p_vaddr >= seg->p_vaddr &&
 			    phdr->p_vaddr + phdr->p_filesz <=
 			    seg->p_vaddr + seg->p_memsz) {
 				params->ph_addr =
 					(phdr->p_vaddr - seg->p_vaddr) +
 					seg->addr +
 					params->hdr.e_phoff - phdr->p_offset;
 				break;
 			}
 		}
 		break;
 	}
 	/* determine where the dynamic section has wound up if there is one */
 	phdr = params->phdrs;
 	for (loop = 0; loop < params->hdr.e_phnum; loop++, phdr++) {
 		if (phdr->p_type != PT_DYNAMIC)
 			continue;
 		seg = loadmap->segs;
 		for (loop = loadmap->nsegs; loop > 0; loop--, seg++) {
 			if (phdr->p_vaddr >= seg->p_vaddr &&
 			    phdr->p_vaddr + phdr->p_memsz <=
 			    seg->p_vaddr + seg->p_memsz) {
 				params->dynamic_addr =
 					(phdr->p_vaddr - seg->p_vaddr) +
 					seg->addr;
 				/* check the dynamic section contains at least
 				 * one item, and that the last item is a NULL
 				 * entry */
 				if (phdr->p_memsz == 0 ||
 				    phdr->p_memsz % sizeof(Elf32_Dyn) != 0)
 					goto dynamic_error;
 				tmp = phdr->p_memsz / sizeof(Elf32_Dyn);
 				if (((Elf32_Dyn *)
 				     params->dynamic_addr)[tmp - 1].d_tag != 0)
 					goto dynamic_error;
 				break;
 			}
 		}
 		break;
 	}
 	/* now elide adjacent segments in the load map on MMU linux
 	 * - on uClinux the holes between may actually be filled with system
 	 *   stuff or stuff from other processes
 	 */
 #ifdef CONFIG_MMU
 	nloads = loadmap->nsegs;
 	mseg = loadmap->segs;
 	seg = mseg + 1;
 	for (loop = 1; loop < nloads; loop++) {
 		/* see if we have a candidate for merging */
 		if (seg->p_vaddr - mseg->p_vaddr == seg->addr - mseg->addr) {
 			load_addr = PAGE_ALIGN(mseg->addr + mseg->p_memsz);
 			if (load_addr == (seg->addr & PAGE_MASK)) {
 				mseg->p_memsz +=
 					load_addr -
 					(mseg->addr + mseg->p_memsz);
 				mseg->p_memsz += seg->addr & ~PAGE_MASK;
 				mseg->p_memsz += seg->p_memsz;
 				loadmap->nsegs--;
 				continue;
 			}
 		}
 		mseg++;
 		if (mseg != seg)
 			*mseg = *seg;
 	}
 #endif
 	kdebug("Mapped Object [%s]:", what);
 	kdebug("- elfhdr   : %lx", params->elfhdr_addr);
 	kdebug("- entry    : %lx", params->entry_addr);
 	kdebug("- PHDR[]   : %lx", params->ph_addr);
 	kdebug("- DYNAMIC[]: %lx", params->dynamic_addr);
 	seg = loadmap->segs;
 	for (loop = 0; loop < loadmap->nsegs; loop++, seg++)
 		kdebug("- LOAD[%d] : %08x-%08x [va=%x ms=%x]",
 		       loop,
 		       seg->addr, seg->addr + seg->p_memsz - 1,
 		       seg->p_vaddr, seg->p_memsz);
 	return 0;
 dynamic_error:
 	printk("ELF FDPIC %s with invalid DYNAMIC section (inode=%lu)\n",
 	       what, file_inode(file)->i_ino);
 	return -ELIBBAD;
 }
 /*****************************************************************************/
 /*
  * map a file with constant displacement under uClinux
  */
 #ifndef CONFIG_MMU
 static int elf_fdpic_map_file_constdisp_on_uclinux(
 	struct elf_fdpic_params *params,
 	struct file *file,
 	struct mm_struct *mm)
 {
 	struct elf32_fdpic_loadseg *seg;
 	struct elf32_phdr *phdr;
 	unsigned long load_addr, base = ULONG_MAX, top = 0, maddr = 0, mflags;
 	loff_t fpos;
 	int loop, ret;
 	load_addr = params->load_addr;
 	seg = params->loadmap->segs;
 	/* determine the bounds of the contiguous overall allocation we must
 	 * make */
 	phdr = params->phdrs;
 	for (loop = 0; loop < params->hdr.e_phnum; loop++, phdr++) {
 		if (params->phdrs[loop].p_type != PT_LOAD)
 			continue;
 		if (base > phdr->p_vaddr)
 			base = phdr->p_vaddr;
 		if (top < phdr->p_vaddr + phdr->p_memsz)
 			top = phdr->p_vaddr + phdr->p_memsz;
 	}
 	/* allocate one big anon block for everything */
 	mflags = MAP_PRIVATE;
 	if (params->flags & ELF_FDPIC_FLAG_EXECUTABLE)
 		mflags |= MAP_EXECUTABLE;
 	maddr = vm_mmap(NULL, load_addr, top - base,
 			PROT_READ | PROT_WRITE | PROT_EXEC, mflags, 0);
 	if (IS_ERR_VALUE(maddr))
 		return (int) maddr;
 	if (load_addr != 0)
 		load_addr += PAGE_ALIGN(top - base);
 	/* and then load the file segments into it */
 	phdr = params->phdrs;
 	for (loop = 0; loop < params->hdr.e_phnum; loop++, phdr++) {
 		if (params->phdrs[loop].p_type != PT_LOAD)
 			continue;
 		fpos = phdr->p_offset;
 		seg->addr = maddr + (phdr->p_vaddr - base);
 		seg->p_vaddr = phdr->p_vaddr;
 		seg->p_memsz = phdr->p_memsz;
 		ret = file->f_op->read(file, (void *) seg->addr,
 				       phdr->p_filesz, &fpos);
 		if (ret < 0)
 			return ret;
 		/* map the ELF header address if in this segment */
 		if (phdr->p_offset == 0)
 			params->elfhdr_addr = seg->addr;
 		/* clear any space allocated but not loaded */
 		if (phdr->p_filesz < phdr->p_memsz) {
 			if (clear_user((void *) (seg->addr + phdr->p_filesz),
 				       phdr->p_memsz - phdr->p_filesz))
 				return -EFAULT;
 		}
 		if (mm) {
 			if (phdr->p_flags & PF_X) {
 				if (!mm->start_code) {
 					mm->start_code = seg->addr;
 					mm->end_code = seg->addr +
 						phdr->p_memsz;
 				}
 			} else if (!mm->start_data) {
 				mm->start_data = seg->addr;
 				mm->end_data = seg->addr + phdr->p_memsz;
 			}
 		}
 		seg++;
 	}
 	return 0;
 }
 #endif
 /*****************************************************************************/
 /*
  * map a binary by direct mmap() of the individual PT_LOAD segments
  */
 static int elf_fdpic_map_file_by_direct_mmap(struct elf_fdpic_params *params,
 					     struct file *file,
 					     struct mm_struct *mm)
 {
 	struct elf32_fdpic_loadseg *seg;
 	struct elf32_phdr *phdr;
 	unsigned long load_addr, delta_vaddr;
 	int loop, dvset;
 	load_addr = params->load_addr;
 	delta_vaddr = 0;
 	dvset = 0;
 	seg = params->loadmap->segs;
 	/* deal with each load segment separately */
 	phdr = params->phdrs;
 	for (loop = 0; loop < params->hdr.e_phnum; loop++, phdr++) {
 		unsigned long maddr, disp, excess, excess1;
 		int prot = 0, flags;
 		if (phdr->p_type != PT_LOAD)
 			continue;
 		kdebug("[LOAD] va=%lx of=%lx fs=%lx ms=%lx",
 		       (unsigned long) phdr->p_vaddr,
 		       (unsigned long) phdr->p_offset,
 		       (unsigned long) phdr->p_filesz,
 		       (unsigned long) phdr->p_memsz);
 		/* determine the mapping parameters */
 		if (phdr->p_flags & PF_R) prot |= PROT_READ;
 		if (phdr->p_flags & PF_W) prot |= PROT_WRITE;
 		if (phdr->p_flags & PF_X) prot |= PROT_EXEC;
 		flags = MAP_PRIVATE | MAP_DENYWRITE;
 		if (params->flags & ELF_FDPIC_FLAG_EXECUTABLE)
 			flags |= MAP_EXECUTABLE;
 		maddr = 0;
 		switch (params->flags & ELF_FDPIC_FLAG_ARRANGEMENT) {
 		case ELF_FDPIC_FLAG_INDEPENDENT:
 			/* PT_LOADs are independently locatable */
 			break;
 		case ELF_FDPIC_FLAG_HONOURVADDR:
 			/* the specified virtual address must be honoured */
 			maddr = phdr->p_vaddr;
 			flags |= MAP_FIXED;
 			break;
 		case ELF_FDPIC_FLAG_CONSTDISP:
 			/* constant displacement
 			 * - can be mapped anywhere, but must be mapped as a
 			 *   unit
 			 */
 			if (!dvset) {
 				maddr = load_addr;
 				delta_vaddr = phdr->p_vaddr;
 				dvset = 1;
 			} else {
 				maddr = load_addr + phdr->p_vaddr - delta_vaddr;
 				flags |= MAP_FIXED;
 			}
 			break;
 		case ELF_FDPIC_FLAG_CONTIGUOUS:
 			/* contiguity handled later */
 			break;
 		default:
 			BUG();
 		}
 		maddr &= PAGE_MASK;
 		/* create the mapping */
 		disp = phdr->p_vaddr & ~PAGE_MASK;
 		maddr = vm_mmap(file, maddr, phdr->p_memsz + disp, prot, flags,
 				phdr->p_offset - disp);
 		kdebug("mmap[%d] <file> sz=%lx pr=%x fl=%x of=%lx --> %08lx",
 		       loop, phdr->p_memsz + disp, prot, flags,
 		       phdr->p_offset - disp, maddr);
 		if (IS_ERR_VALUE(maddr))
 			return (int) maddr;
 		if ((params->flags & ELF_FDPIC_FLAG_ARRANGEMENT) ==
 		    ELF_FDPIC_FLAG_CONTIGUOUS)
 			load_addr += PAGE_ALIGN(phdr->p_memsz + disp);
 		seg->addr = maddr + disp;
 		seg->p_vaddr = phdr->p_vaddr;
 		seg->p_memsz = phdr->p_memsz;
 		/* map the ELF header address if in this segment */
 		if (phdr->p_offset == 0)
 			params->elfhdr_addr = seg->addr;
 		/* clear the bit between beginning of mapping and beginning of
 		 * PT_LOAD */
 		if (prot & PROT_WRITE && disp > 0) {
 			kdebug("clear[%d] ad=%lx sz=%lx", loop, maddr, disp);
 			if (clear_user((void __user *) maddr, disp))
 				return -EFAULT;
 			maddr += disp;
 		}
 		/* clear any space allocated but not loaded
 		 * - on uClinux we can just clear the lot
 		 * - on MMU linux we'll get a SIGBUS beyond the last page
 		 *   extant in the file
 		 */
 		excess = phdr->p_memsz - phdr->p_filesz;
 		excess1 = PAGE_SIZE - ((maddr + phdr->p_filesz) & ~PAGE_MASK);
 #ifdef CONFIG_MMU
 		if (excess > excess1) {
 			unsigned long xaddr = maddr + phdr->p_filesz + excess1;
 			unsigned long xmaddr;
 			flags |= MAP_FIXED | MAP_ANONYMOUS;
 			xmaddr = vm_mmap(NULL, xaddr, excess - excess1,
 					 prot, flags, 0);
 			kdebug("mmap[%d] <anon>"
 			       " ad=%lx sz=%lx pr=%x fl=%x of=0 --> %08lx",
 			       loop, xaddr, excess - excess1, prot, flags,
 			       xmaddr);
 			if (xmaddr != xaddr)
 				return -ENOMEM;
 		}
 		if (prot & PROT_WRITE && excess1 > 0) {
 			kdebug("clear[%d] ad=%lx sz=%lx",
 			       loop, maddr + phdr->p_filesz, excess1);
 			if (clear_user((void __user *) maddr + phdr->p_filesz,
 				       excess1))
 				return -EFAULT;
 		}
 #else
 		if (excess > 0) {
 			kdebug("clear[%d] ad=%lx sz=%lx",
 			       loop, maddr + phdr->p_filesz, excess);
 			if (clear_user((void *) maddr + phdr->p_filesz, excess))
 				return -EFAULT;
 		}
 #endif
 		if (mm) {
 			if (phdr->p_flags & PF_X) {
 				if (!mm->start_code) {
 					mm->start_code = maddr;
 					mm->end_code = maddr + phdr->p_memsz;
 				}
 			} else if (!mm->start_data) {
 				mm->start_data = maddr;
 				mm->end_data = maddr + phdr->p_memsz;
 			}
 		}
 		seg++;
 	}
 	return 0;
 }
 /*****************************************************************************/
 /*
  * ELF-FDPIC core dumper
  *
  * Modelled on fs/exec.c:aout_core_dump()
  * Jeremy Fitzhardinge <jeremy@sw.oz.au>
  *
  * Modelled on fs/binfmt_elf.c core dumper
  */
 #ifdef CONFIG_ELF_CORE
 /*
  * Decide whether a segment is worth dumping; default is yes to be
  * sure (missing info is worse than too much; etc).
  * Personally I'd include everything, and use the coredump limit...
  *
  * I think we should skip something. But I am not sure how. H.J.
  */
 static int maydump(struct vm_area_struct *vma, unsigned long mm_flags)
 {
 	int dump_ok;
 	/* Do not dump I/O mapped devices or special mappings */
 	if (vma->vm_flags & VM_IO) {
 		kdcore("%08lx: %08lx: no (IO)", vma->vm_start, vma->vm_flags);
 		return 0;
 	}
 	/* If we may not read the contents, don't allow us to dump
 	 * them either. "dump_write()" can't handle it anyway.
 	 */
 	if (!(vma->vm_flags & VM_READ)) {
 		kdcore("%08lx: %08lx: no (!read)", vma->vm_start, vma->vm_flags);
 		return 0;
 	}
 	/* By default, dump shared memory if mapped from an anonymous file. */
 	if (vma->vm_flags & VM_SHARED) {
 		if (file_inode(vma->vm_file)->i_nlink == 0) {
 			dump_ok = test_bit(MMF_DUMP_ANON_SHARED, &mm_flags);
 			kdcore("%08lx: %08lx: %s (share)", vma->vm_start,
 			       vma->vm_flags, dump_ok ? "yes" : "no");
 			return dump_ok;
 		}
 		dump_ok = test_bit(MMF_DUMP_MAPPED_SHARED, &mm_flags);
 		kdcore("%08lx: %08lx: %s (share)", vma->vm_start,
 		       vma->vm_flags, dump_ok ? "yes" : "no");
 		return dump_ok;
 	}
 #ifdef CONFIG_MMU
 	/* By default, if it hasn't been written to, don't write it out */
 	if (!vma->anon_vma) {
 		dump_ok = test_bit(MMF_DUMP_MAPPED_PRIVATE, &mm_flags);
 		kdcore("%08lx: %08lx: %s (!anon)", vma->vm_start,
 		       vma->vm_flags, dump_ok ? "yes" : "no");
 		return dump_ok;
 	}
 #endif
 	dump_ok = test_bit(MMF_DUMP_ANON_PRIVATE, &mm_flags);
 	kdcore("%08lx: %08lx: %s", vma->vm_start, vma->vm_flags,
 	       dump_ok ? "yes" : "no");
 	return dump_ok;
 }
 /* An ELF note in memory */
 struct memelfnote
 {
 	const char *name;
 	int type;
 	unsigned int datasz;
 	void *data;
 };
 static int notesize(struct memelfnote *en)
 {
 	int sz;
 	sz = sizeof(struct elf_note);
 	sz += roundup(strlen(en->name) + 1, 4);
 	sz += roundup(en->datasz, 4);
 	return sz;
 }
 /* #define DEBUG */
 #define DUMP_WRITE(addr, nr, foffset)	\
 	do { if (!dump_write(file, (addr), (nr))) return 0; *foffset += (nr); } while(0)
 static int alignfile(struct file *file, loff_t *foffset)
 {
 	static const char buf[4] = { 0, };
 	DUMP_WRITE(buf, roundup(*foffset, 4) - *foffset, foffset);
 	return 1;
 }
 static int writenote(struct memelfnote *men, struct file *file,
 			loff_t *foffset)
 {
 	struct elf_note en;
 	en.n_namesz = strlen(men->name) + 1;
 	en.n_descsz = men->datasz;
 	en.n_type = men->type;
 	DUMP_WRITE(&en, sizeof(en), foffset);
 	DUMP_WRITE(men->name, en.n_namesz, foffset);
 	if (!alignfile(file, foffset))
 		return 0;
 	DUMP_WRITE(men->data, men->datasz, foffset);
 	if (!alignfile(file, foffset))
 		return 0;
 	return 1;
 }
 #undef DUMP_WRITE
 static inline void fill_elf_fdpic_header(struct elfhdr *elf, int segs)
 {
 	memcpy(elf->e_ident, ELFMAG, SELFMAG);
 	elf->e_ident[EI_CLASS] = ELF_CLASS;
 	elf->e_ident[EI_DATA] = ELF_DATA;
 	elf->e_ident[EI_VERSION] = EV_CURRENT;
 	elf->e_ident[EI_OSABI] = ELF_OSABI;
 	memset(elf->e_ident+EI_PAD, 0, EI_NIDENT-EI_PAD);
 	elf->e_type = ET_CORE;
 	elf->e_machine = ELF_ARCH;
 	elf->e_version = EV_CURRENT;
 	elf->e_entry = 0;
 	elf->e_phoff = sizeof(struct elfhdr);
 	elf->e_shoff = 0;
 	elf->e_flags = ELF_FDPIC_CORE_EFLAGS;
 	elf->e_ehsize = sizeof(struct elfhdr);
 	elf->e_phentsize = sizeof(struct elf_phdr);
 	elf->e_phnum = segs;
 	elf->e_shentsize = 0;
 	elf->e_shnum = 0;
 	elf->e_shstrndx = 0;
 	return;
 }
 static inline void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, loff_t offset)
 {
 	phdr->p_type = PT_NOTE;
 	phdr->p_offset = offset;
 	phdr->p_vaddr = 0;
 	phdr->p_paddr = 0;
 	phdr->p_filesz = sz;
 	phdr->p_memsz = 0;
 	phdr->p_flags = 0;
 	phdr->p_align = 0;
 	return;
 }
 static inline void fill_note(struct memelfnote *note, const char *name, int type,
 		unsigned int sz, void *data)
 {
 	note->name = name;
 	note->type = type;
 	note->datasz = sz;
 	note->data = data;
 	return;
 }
 /*
  * fill up all the fields in prstatus from the given task struct, except
  * registers which need to be filled up separately.
  */
 static void fill_prstatus(struct elf_prstatus *prstatus,
 			  struct task_struct *p, long signr)
 {
 	prstatus->pr_info.si_signo = prstatus->pr_cursig = signr;
 	prstatus->pr_sigpend = p->pending.signal.sig[0];
 	prstatus->pr_sighold = p->blocked.sig[0];
 	rcu_read_lock();
 	prstatus->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
 	rcu_read_unlock();
 	prstatus->pr_pid = task_pid_vnr(p);
 	prstatus->pr_pgrp = task_pgrp_vnr(p);
 	prstatus->pr_sid = task_session_vnr(p);
 	if (thread_group_leader(p)) {
 		struct task_cputime cputime;
 		/*
 		 * This is the record for the group leader.  It shows the
 		 * group-wide total, not its individual thread total.
 		 */
 		thread_group_cputime(p, &cputime);
 		cputime_to_timeval(cputime.utime, &prstatus->pr_utime);
 		cputime_to_timeval(cputime.stime, &prstatus->pr_stime);
 	} else {
 		cputime_t utime, stime;
 		task_cputime(p, &utime, &stime);
 		cputime_to_timeval(utime, &prstatus->pr_utime);
 		cputime_to_timeval(stime, &prstatus->pr_stime);
 	}
 	cputime_to_timeval(p->signal->cutime, &prstatus->pr_cutime);
 	cputime_to_timeval(p->signal->cstime, &prstatus->pr_cstime);
 	prstatus->pr_exec_fdpic_loadmap = p->mm->context.exec_fdpic_loadmap;
 	prstatus->pr_interp_fdpic_loadmap = p->mm->context.interp_fdpic_loadmap;
 }
 static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p,
 		       struct mm_struct *mm)
 {
 	const struct cred *cred;
 	unsigned int i, len;
 	/* first copy the parameters from user space */
 	memset(psinfo, 0, sizeof(struct elf_prpsinfo));
 	len = mm->arg_end - mm->arg_start;
 	if (len >= ELF_PRARGSZ)
 		len = ELF_PRARGSZ - 1;
 	if (copy_from_user(&psinfo->pr_psargs,
 		           (const char __user *) mm->arg_start, len))
 		return -EFAULT;
 	for (i = 0; i < len; i++)
 		if (psinfo->pr_psargs[i] == 0)
 			psinfo->pr_psargs[i] = ' ';
 	psinfo->pr_psargs[len] = 0;
 	rcu_read_lock();
 	psinfo->pr_ppid = task_pid_vnr(rcu_dereference(p->real_parent));
 	rcu_read_unlock();
 	psinfo->pr_pid = task_pid_vnr(p);
 	psinfo->pr_pgrp = task_pgrp_vnr(p);
 	psinfo->pr_sid = task_session_vnr(p);
 	i = p->state ? ffz(~p->state) + 1 : 0;
 	psinfo->pr_state = i;
 	psinfo->pr_sname = (i > 5) ? '.' : "RSDTZW"[i];
 	psinfo->pr_zomb = psinfo->pr_sname == 'Z';
 	psinfo->pr_nice = task_nice(p);
 	psinfo->pr_flag = p->flags;
 	rcu_read_lock();
 	cred = __task_cred(p);
 	SET_UID(psinfo->pr_uid, from_kuid_munged(cred->user_ns, cred->uid));
 	SET_GID(psinfo->pr_gid, from_kgid_munged(cred->user_ns, cred->gid));
 	rcu_read_unlock();
 	strncpy(psinfo->pr_fname, p->comm, sizeof(psinfo->pr_fname));
 	return 0;
 }
 /* Here is the structure in which status of each thread is captured. */
 struct elf_thread_status
 {
 	struct list_head list;
 	struct elf_prstatus prstatus;	/* NT_PRSTATUS */
 	elf_fpregset_t fpu;		/* NT_PRFPREG */
 	struct task_struct *thread;
 #ifdef ELF_CORE_COPY_XFPREGS
 	elf_fpxregset_t xfpu;		/* ELF_CORE_XFPREG_TYPE */
 #endif
 	struct memelfnote notes[3];
 	int num_notes;
 };
 /*
  * In order to add the specific thread information for the elf file format,
  * we need to keep a linked list of every thread's pr_status and then create
  * a single section for them in the final core file.
  */
 static int elf_dump_thread_status(long signr, struct elf_thread_status *t)
 {
 	struct task_struct *p = t->thread;
 	int sz = 0;
 	t->num_notes = 0;
 	fill_prstatus(&t->prstatus, p, signr);
 	elf_core_copy_task_regs(p, &t->prstatus.pr_reg);
 	fill_note(&t->notes[0], "CORE", NT_PRSTATUS, sizeof(t->prstatus),
 		  &t->prstatus);
 	t->num_notes++;
 	sz += notesize(&t->notes[0]);
 	t->prstatus.pr_fpvalid = elf_core_copy_task_fpregs(p, NULL, &t->fpu);
 	if (t->prstatus.pr_fpvalid) {
 		fill_note(&t->notes[1], "CORE", NT_PRFPREG, sizeof(t->fpu),
 			  &t->fpu);
 		t->num_notes++;
 		sz += notesize(&t->notes[1]);
 	}
 #ifdef ELF_CORE_COPY_XFPREGS
 	if (elf_core_copy_task_xfpregs(p, &t->xfpu)) {
 		fill_note(&t->notes[2], "LINUX", ELF_CORE_XFPREG_TYPE,
 			  sizeof(t->xfpu), &t->xfpu);
 		t->num_notes++;
 		sz += notesize(&t->notes[2]);
 	}
 #endif
 	return sz;
 }
 static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
 			     elf_addr_t e_shoff, int segs)
 {
 	elf->e_shoff = e_shoff;
 	elf->e_shentsize = sizeof(*shdr4extnum);
 	elf->e_shnum = 1;
 	elf->e_shstrndx = SHN_UNDEF;
 	memset(shdr4extnum, 0, sizeof(*shdr4extnum));
 	shdr4extnum->sh_type = SHT_NULL;
 	shdr4extnum->sh_size = elf->e_shnum;
 	shdr4extnum->sh_link = elf->e_shstrndx;
 	shdr4extnum->sh_info = segs;
 }
 /*
  * dump the segments for an MMU process
  */
 #ifdef CONFIG_MMU
 static int elf_fdpic_dump_segments(struct file *file, size_t *size,
 			   unsigned long *limit, unsigned long mm_flags)
 {
 	struct vm_area_struct *vma;
 	int err = 0;
 	for (vma = current->mm->mmap; vma; vma = vma->vm_next) {
 		unsigned long addr;
 		if (!maydump(vma, mm_flags))
 			continue;
 		for (addr = vma->vm_start; addr < vma->vm_end;
 							addr += PAGE_SIZE) {
 			struct page *page = get_dump_page(addr);
 			if (page) {
 				void *kaddr = kmap(page);
 				*size += PAGE_SIZE;
 				if (*size > *limit)
 					err = -EFBIG;
 				else if (!dump_write(file, kaddr, PAGE_SIZE))
 					err = -EIO;
 				kunmap(page);
 				page_cache_release(page);
 			} else if (!dump_seek(file, PAGE_SIZE))
 				err = -EFBIG;
 			if (err)
 				goto out;
 		}
 	}
 out:
 	return err;
 }
 #endif
 /*
  * dump the segments for a NOMMU process
  */
 #ifndef CONFIG_MMU
 static int elf_fdpic_dump_segments(struct file *file, size_t *size,
 			   unsigned long *limit, unsigned long mm_flags)
 {
 	struct vm_area_struct *vma;
 	for (vma = current->mm->mmap; vma; vma = vma->vm_next) {
 		if (!maydump(vma, mm_flags))
 			continue;
 		if ((*size += PAGE_SIZE) > *limit)
 			return -EFBIG;
 		if (!dump_write(file, (void *) vma->vm_start,
 				vma->vm_end - vma->vm_start))
 			return -EIO;
 	}
 	return 0;
 }
 #endif
 static size_t elf_core_vma_data_size(unsigned long mm_flags)
 {
 	struct vm_area_struct *vma;
 	size_t size = 0;
 	for (vma = current->mm->mmap; vma; vma = vma->vm_next)
 		if (maydump(vma, mm_flags))
 			size += vma->vm_end - vma->vm_start;
 	return size;
 }
 /*
  * Actual dumper
  *
  * This is a two-pass process; first we find the offsets of the bits,
  * and then they are actually written out.  If we run out of core limit
  * we just truncate.
  */
 static int elf_fdpic_core_dump(struct coredump_params *cprm)
 {
 #define	NUM_NOTES	6
 	int has_dumped = 0;
 	mm_segment_t fs;
 	int segs;
 	size_t size = 0;
 	int i;
 	struct vm_area_struct *vma;
 	struct elfhdr *elf = NULL;
 	loff_t offset = 0, dataoff, foffset;
 	int numnote;
 	struct memelfnote *notes = NULL;
 	struct elf_prstatus *prstatus = NULL;	/* NT_PRSTATUS */
 	struct elf_prpsinfo *psinfo = NULL;	/* NT_PRPSINFO */
  	LIST_HEAD(thread_list);
  	struct list_head *t;
 	elf_fpregset_t *fpu = NULL;
 #ifdef ELF_CORE_COPY_XFPREGS
 	elf_fpxregset_t *xfpu = NULL;
 #endif
 	int thread_status_size = 0;
 	elf_addr_t *auxv;
 	struct elf_phdr *phdr4note = NULL;
 	struct elf_shdr *shdr4extnum = NULL;
 	Elf_Half e_phnum;
 	elf_addr_t e_shoff;
 	/*
 	 * We no longer stop all VM operations.
 	 *
 	 * This is because those proceses that could possibly change map_count
 	 * or the mmap / vma pages are now blocked in do_exit on current
 	 * finishing this core dump.
 	 *
 	 * Only ptrace can touch these memory addresses, but it doesn't change
 	 * the map_count or the pages allocated. So no possibility of crashing
 	 * exists while dumping the mm->vm_next areas to the core file.
 	 */
 	/* alloc memory for large data structures: too large to be on stack */
 	elf = kmalloc(sizeof(*elf), GFP_KERNEL);
 	if (!elf)
 		goto cleanup;
 	prstatus = kzalloc(sizeof(*prstatus), GFP_KERNEL);
 	if (!prstatus)
 		goto cleanup;
 	psinfo = kmalloc(sizeof(*psinfo), GFP_KERNEL);
 	if (!psinfo)
 		goto cleanup;
 	notes = kmalloc(NUM_NOTES * sizeof(struct memelfnote), GFP_KERNEL);
 	if (!notes)
 		goto cleanup;
 	fpu = kmalloc(sizeof(*fpu), GFP_KERNEL);
 	if (!fpu)
 		goto cleanup;
 #ifdef ELF_CORE_COPY_XFPREGS
 	xfpu = kmalloc(sizeof(*xfpu), GFP_KERNEL);
 	if (!xfpu)
 		goto cleanup;
 #endif
 	if (cprm->siginfo->si_signo) {
 		struct core_thread *ct;
 		struct elf_thread_status *tmp;
 		for (ct = current->mm->core_state->dumper.next;
 						ct; ct = ct->next) {
 			tmp = kzalloc(sizeof(*tmp), GFP_KERNEL);
 			if (!tmp)
 				goto cleanup;
 			tmp->thread = ct->task;
 			list_add(&tmp->list, &thread_list);
 		}
 		list_for_each(t, &thread_list) {
 			struct elf_thread_status *tmp;
 			int sz;
 			tmp = list_entry(t, struct elf_thread_status, list);
 			sz = elf_dump_thread_status(cprm->siginfo->si_signo, tmp);
 			thread_status_size += sz;
 		}
 	}
 	/* now collect the dump for the current */
 	fill_prstatus(prstatus, current, cprm->siginfo->si_signo);
 	elf_core_copy_regs(&prstatus->pr_reg, cprm->regs);
 	segs = current->mm->map_count;
 	segs += elf_core_extra_phdrs();
 	/* for notes section */
 	segs++;
 	/* If segs > PN_XNUM(0xffff), then e_phnum overflows. To avoid
 	 * this, kernel supports extended numbering. Have a look at
 	 * include/linux/elf.h for further information. */
 	e_phnum = segs > PN_XNUM ? PN_XNUM : segs;
 	/* Set up header */
 	fill_elf_fdpic_header(elf, e_phnum);
 	has_dumped = 1;
-	current->flags |= PF_DUMPCORE;
 	/*
 	 * Set up the notes in similar form to SVR4 core dumps made
 	 * with info from their /proc.
 	 */
 	fill_note(notes + 0, "CORE", NT_PRSTATUS, sizeof(*prstatus), prstatus);
 	fill_psinfo(psinfo, current->group_leader, current->mm);
 	fill_note(notes + 1, "CORE", NT_PRPSINFO, sizeof(*psinfo), psinfo);
 	numnote = 2;
 	auxv = (elf_addr_t *) current->mm->saved_auxv;
 	i = 0;
 	do
 		i += 2;
 	while (auxv[i - 2] != AT_NULL);
 	fill_note(&notes[numnote++], "CORE", NT_AUXV,
 		  i * sizeof(elf_addr_t), auxv);
   	/* Try to dump the FPU. */
 	if ((prstatus->pr_fpvalid =
 	     elf_core_copy_task_fpregs(current, cprm->regs, fpu)))
 		fill_note(notes + numnote++,
 			  "CORE", NT_PRFPREG, sizeof(*fpu), fpu);
 #ifdef ELF_CORE_COPY_XFPREGS
 	if (elf_core_copy_task_xfpregs(current, xfpu))
 		fill_note(notes + numnote++,
 			  "LINUX", ELF_CORE_XFPREG_TYPE, sizeof(*xfpu), xfpu);
 #endif
 	fs = get_fs();
 	set_fs(KERNEL_DS);
 	offset += sizeof(*elf);				/* Elf header */
 	offset += segs * sizeof(struct elf_phdr);	/* Program headers */
 	foffset = offset;
 	/* Write notes phdr entry */
 	{
 		int sz = 0;
 		for (i = 0; i < numnote; i++)
 			sz += notesize(notes + i);
 		sz += thread_status_size;
 		phdr4note = kmalloc(sizeof(*phdr4note), GFP_KERNEL);
 		if (!phdr4note)
 			goto end_coredump;
 		fill_elf_note_phdr(phdr4note, sz, offset);
 		offset += sz;
 	}
 	/* Page-align dumped data */
 	dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
 	offset += elf_core_vma_data_size(cprm->mm_flags);
 	offset += elf_core_extra_data_size();
 	e_shoff = offset;
 	if (e_phnum == PN_XNUM) {
 		shdr4extnum = kmalloc(sizeof(*shdr4extnum), GFP_KERNEL);
 		if (!shdr4extnum)
 			goto end_coredump;
 		fill_extnum_info(elf, shdr4extnum, e_shoff, segs);
 	}
 	offset = dataoff;
 	size += sizeof(*elf);
 	if (size > cprm->limit || !dump_write(cprm->file, elf, sizeof(*elf)))
 		goto end_coredump;
 	size += sizeof(*phdr4note);
 	if (size > cprm->limit
 	    || !dump_write(cprm->file, phdr4note, sizeof(*phdr4note)))
 		goto end_coredump;
 	/* write program headers for segments dump */
 	for (vma = current->mm->mmap; vma; vma = vma->vm_next) {
 		struct elf_phdr phdr;
 		size_t sz;
 		sz = vma->vm_end - vma->vm_start;
 		phdr.p_type = PT_LOAD;
 		phdr.p_offset = offset;
 		phdr.p_vaddr = vma->vm_start;
 		phdr.p_paddr = 0;
 		phdr.p_filesz = maydump(vma, cprm->mm_flags) ? sz : 0;
 		phdr.p_memsz = sz;
 		offset += phdr.p_filesz;
 		phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
 		if (vma->vm_flags & VM_WRITE)
 			phdr.p_flags |= PF_W;
 		if (vma->vm_flags & VM_EXEC)
 			phdr.p_flags |= PF_X;
 		phdr.p_align = ELF_EXEC_PAGESIZE;
 		size += sizeof(phdr);
 		if (size > cprm->limit
 		    || !dump_write(cprm->file, &phdr, sizeof(phdr)))
 			goto end_coredump;
 	}
 	if (!elf_core_write_extra_phdrs(cprm->file, offset, &size, cprm->limit))
 		goto end_coredump;
  	/* write out the notes section */
 	for (i = 0; i < numnote; i++)
 		if (!writenote(notes + i, cprm->file, &foffset))
 			goto end_coredump;
 	/* write out the thread status notes section */
 	list_for_each(t, &thread_list) {
 		struct elf_thread_status *tmp =
 				list_entry(t, struct elf_thread_status, list);
 		for (i = 0; i < tmp->num_notes; i++)
 			if (!writenote(&tmp->notes[i], cprm->file, &foffset))
 				goto end_coredump;
 	}
 	if (!dump_seek(cprm->file, dataoff - foffset))
 		goto end_coredump;
 	if (elf_fdpic_dump_segments(cprm->file, &size, &cprm->limit,
 				    cprm->mm_flags) < 0)
 		goto end_coredump;
 	if (!elf_core_write_extra_data(cprm->file, &size, cprm->limit))
 		goto end_coredump;
 	if (e_phnum == PN_XNUM) {
 		size += sizeof(*shdr4extnum);
 		if (size > cprm->limit
 		    || !dump_write(cprm->file, shdr4extnum,
 				   sizeof(*shdr4extnum)))
 			goto end_coredump;
 	}
 	if (cprm->file->f_pos != offset) {
 		/* Sanity check */
 		printk(KERN_WARNING
 		       "elf_core_dump: file->f_pos (%lld) != offset (%lld)\n",
 		       cprm->file->f_pos, offset);
 	}
 end_coredump:
 	set_fs(fs);
 cleanup:
 	while (!list_empty(&thread_list)) {
 		struct list_head *tmp = thread_list.next;
 		list_del(tmp);
 		kfree(list_entry(tmp, struct elf_thread_status, list));
 	}
 	kfree(phdr4note);
 	kfree(elf);
 	kfree(prstatus);
 	kfree(psinfo);
 	kfree(notes);
 	kfree(fpu);
 	kfree(shdr4extnum);
 #ifdef ELF_CORE_COPY_XFPREGS
 	kfree(xfpu);
 #endif
 	return has_dumped;
 #undef NUM_NOTES
 }
 #endif		/* CONFIG_ELF_CORE */

fs/coredump.c

Diff comments View file @ 079148b

 #include <linux/slab.h>
 #include <linux/file.h>
 #include <linux/fdtable.h>
 #include <linux/mm.h>
 #include <linux/stat.h>
 #include <linux/fcntl.h>
 #include <linux/swap.h>
 #include <linux/string.h>
 #include <linux/init.h>
 #include <linux/pagemap.h>
 #include <linux/perf_event.h>
 #include <linux/highmem.h>
 #include <linux/spinlock.h>
 #include <linux/key.h>
 #include <linux/personality.h>
 #include <linux/binfmts.h>
 #include <linux/coredump.h>
 #include <linux/utsname.h>
 #include <linux/pid_namespace.h>
 #include <linux/module.h>
 #include <linux/namei.h>
 #include <linux/mount.h>
 #include <linux/security.h>
 #include <linux/syscalls.h>
 #include <linux/tsacct_kern.h>
 #include <linux/cn_proc.h>
 #include <linux/audit.h>
 #include <linux/tracehook.h>
 #include <linux/kmod.h>
 #include <linux/fsnotify.h>
 #include <linux/fs_struct.h>
 #include <linux/pipe_fs_i.h>
 #include <linux/oom.h>
 #include <linux/compat.h>
 #include <asm/uaccess.h>
 #include <asm/mmu_context.h>
 #include <asm/tlb.h>
 #include <asm/exec.h>
 #include <trace/events/task.h>
 #include "internal.h"
 #include "coredump.h"
 #include <trace/events/sched.h>
 int core_uses_pid;
 char core_pattern[CORENAME_MAX_SIZE] = "core";
 unsigned int core_pipe_limit;
 struct core_name {
 	char *corename;
 	int used, size;
 };
 static atomic_t call_count = ATOMIC_INIT(1);
 /* The maximal length of core_pattern is also specified in sysctl.c */
 static int expand_corename(struct core_name *cn)
 {
 	char *old_corename = cn->corename;
 	cn->size = CORENAME_MAX_SIZE * atomic_inc_return(&call_count);
 	cn->corename = krealloc(old_corename, cn->size, GFP_KERNEL);
 	if (!cn->corename) {
 		kfree(old_corename);
 		return -ENOMEM;
 	}
 	return 0;
 }
 static int cn_printf(struct core_name *cn, const char *fmt, ...)
 {
 	char *cur;
 	int need;
 	int ret;
 	va_list arg;
 	va_start(arg, fmt);
 	need = vsnprintf(NULL, 0, fmt, arg);
 	va_end(arg);
 	if (likely(need < cn->size - cn->used - 1))
 		goto out_printf;
 	ret = expand_corename(cn);
 	if (ret)
 		goto expand_fail;
 out_printf:
 	cur = cn->corename + cn->used;
 	va_start(arg, fmt);
 	vsnprintf(cur, need + 1, fmt, arg);
 	va_end(arg);
 	cn->used += need;
 	return 0;
 expand_fail:
 	return ret;
 }
 static void cn_escape(char *str)
 {
 	for (; *str; str++)
 		if (*str == '/')
 			*str = '!';
 }
 static int cn_print_exe_file(struct core_name *cn)
 {
 	struct file *exe_file;
 	char *pathbuf, *path;
 	int ret;
 	exe_file = get_mm_exe_file(current->mm);
 	if (!exe_file) {
 		char *commstart = cn->corename + cn->used;
 		ret = cn_printf(cn, "%s (path unknown)", current->comm);
 		cn_escape(commstart);
 		return ret;
 	}
 	pathbuf = kmalloc(PATH_MAX, GFP_TEMPORARY);
 	if (!pathbuf) {
 		ret = -ENOMEM;
 		goto put_exe_file;
 	}
 	path = d_path(&exe_file->f_path, pathbuf, PATH_MAX);
 	if (IS_ERR(path)) {
 		ret = PTR_ERR(path);
 		goto free_buf;
 	}
 	cn_escape(path);
 	ret = cn_printf(cn, "%s", path);
 free_buf:
 	kfree(pathbuf);
 put_exe_file:
 	fput(exe_file);
 	return ret;
 }
 /* format_corename will inspect the pattern parameter, and output a
  * name into corename, which must have space for at least
  * CORENAME_MAX_SIZE bytes plus one byte for the zero terminator.
  */
 static int format_corename(struct core_name *cn, struct coredump_params *cprm)
 {
 	const struct cred *cred = current_cred();
 	const char *pat_ptr = core_pattern;
 	int ispipe = (*pat_ptr == '|');
 	int pid_in_pattern = 0;
 	int err = 0;
 	cn->size = CORENAME_MAX_SIZE * atomic_read(&call_count);
 	cn->corename = kmalloc(cn->size, GFP_KERNEL);
 	cn->used = 0;
 	if (!cn->corename)
 		return -ENOMEM;
 	/* Repeat as long as we have more pattern to process and more output
 	   space */
 	while (*pat_ptr) {
 		if (*pat_ptr != '%') {
 			if (*pat_ptr == 0)
 				goto out;
 			err = cn_printf(cn, "%c", *pat_ptr++);
 		} else {
 			switch (*++pat_ptr) {
 			/* single % at the end, drop that */
 			case 0:
 				goto out;
 			/* Double percent, output one percent */
 			case '%':
 				err = cn_printf(cn, "%c", '%');
 				break;
 			/* pid */
 			case 'p':
 				pid_in_pattern = 1;
 				err = cn_printf(cn, "%d",
 					      task_tgid_vnr(current));
 				break;
 			/* uid */
 			case 'u':
 				err = cn_printf(cn, "%d", cred->uid);
 				break;
 			/* gid */
 			case 'g':
 				err = cn_printf(cn, "%d", cred->gid);
 				break;
 			case 'd':
 				err = cn_printf(cn, "%d",
 					__get_dumpable(cprm->mm_flags));
 				break;
 			/* signal that caused the coredump */
 			case 's':
 				err = cn_printf(cn, "%ld", cprm->siginfo->si_signo);
 				break;
 			/* UNIX time of coredump */
 			case 't': {
 				struct timeval tv;
 				do_gettimeofday(&tv);
 				err = cn_printf(cn, "%lu", tv.tv_sec);
 				break;
 			}
 			/* hostname */
 			case 'h': {
 				char *namestart = cn->corename + cn->used;
 				down_read(&uts_sem);
 				err = cn_printf(cn, "%s",
 					      utsname()->nodename);
 				up_read(&uts_sem);
 				cn_escape(namestart);
 				break;
 			}
 			/* executable */
 			case 'e': {
 				char *commstart = cn->corename + cn->used;
 				err = cn_printf(cn, "%s", current->comm);
 				cn_escape(commstart);
 				break;
 			}
 			case 'E':
 				err = cn_print_exe_file(cn);
 				break;
 			/* core limit size */
 			case 'c':
 				err = cn_printf(cn, "%lu",
 					      rlimit(RLIMIT_CORE));
 				break;
 			default:
 				break;
 			}
 			++pat_ptr;
 		}
 		if (err)
 			return err;
 	}
 	/* Backward compatibility with core_uses_pid:
 	 *
 	 * If core_pattern does not include a %p (as is the default)
 	 * and core_uses_pid is set, then .%pid will be appended to
 	 * the filename. Do not do this for piped commands. */
 	if (!ispipe && !pid_in_pattern && core_uses_pid) {
 		err = cn_printf(cn, ".%d", task_tgid_vnr(current));
 		if (err)
 			return err;
 	}
 out:
 	return ispipe;
 }
 static int zap_process(struct task_struct *start, int exit_code)
 {
 	struct task_struct *t;
 	int nr = 0;
 	start->signal->group_exit_code = exit_code;
 	start->signal->group_stop_count = 0;
 	t = start;
 	do {
 		task_clear_jobctl_pending(t, JOBCTL_PENDING_MASK);
 		if (t != current && t->mm) {
 			sigaddset(&t->pending.signal, SIGKILL);
 			signal_wake_up(t, 1);
 			nr++;
 		}
 	} while_each_thread(start, t);
 	return nr;
 }
 static int zap_threads(struct task_struct *tsk, struct mm_struct *mm,
 			struct core_state *core_state, int exit_code)
 {
 	struct task_struct *g, *p;
 	unsigned long flags;
 	int nr = -EAGAIN;
 	spin_lock_irq(&tsk->sighand->siglock);
 	if (!signal_group_exit(tsk->signal)) {
 		mm->core_state = core_state;
 		nr = zap_process(tsk, exit_code);
 		tsk->signal->group_exit_task = tsk;
 		/* ignore all signals except SIGKILL, see prepare_signal() */
 		tsk->signal->flags = SIGNAL_GROUP_COREDUMP;
 		clear_tsk_thread_flag(tsk, TIF_SIGPENDING);
 	}
 	spin_unlock_irq(&tsk->sighand->siglock);
 	if (unlikely(nr < 0))
 		return nr;
+	tsk->flags = PF_DUMPCORE;
 	if (atomic_read(&mm->mm_users) == nr + 1)
 		goto done;
 	/*
 	 * We should find and kill all tasks which use this mm, and we should
 	 * count them correctly into ->nr_threads. We don't take tasklist
 	 * lock, but this is safe wrt:
 	 *
 	 * fork:
 	 *	None of sub-threads can fork after zap_process(leader). All
 	 *	processes which were created before this point should be
 	 *	visible to zap_threads() because copy_process() adds the new
 	 *	process to the tail of init_task.tasks list, and lock/unlock
 	 *	of ->siglock provides a memory barrier.
 	 *
 	 * do_exit:
 	 *	The caller holds mm->mmap_sem. This means that the task which
 	 *	uses this mm can't pass exit_mm(), so it can't exit or clear
 	 *	its ->mm.
 	 *
 	 * de_thread:
 	 *	It does list_replace_rcu(&leader->tasks, &current->tasks),
 	 *	we must see either old or new leader, this does not matter.
 	 *	However, it can change p->sighand, so lock_task_sighand(p)
 	 *	must be used. Since p->mm != NULL and we hold ->mmap_sem
 	 *	it can't fail.
 	 *
 	 *	Note also that "g" can be the old leader with ->mm == NULL
 	 *	and already unhashed and thus removed from ->thread_group.
 	 *	This is OK, __unhash_process()->list_del_rcu() does not
 	 *	clear the ->next pointer, we will find the new leader via
 	 *	next_thread().
 	 */
 	rcu_read_lock();
 	for_each_process(g) {
 		if (g == tsk->group_leader)
 			continue;
 		if (g->flags & PF_KTHREAD)
 			continue;
 		p = g;
 		do {
 			if (p->mm) {
 				if (unlikely(p->mm == mm)) {
 					lock_task_sighand(p, &flags);
 					nr += zap_process(p, exit_code);
 					p->signal->flags = SIGNAL_GROUP_EXIT;
 					unlock_task_sighand(p, &flags);
 				}
 				break;
 			}
 		} while_each_thread(g, p);
 	}
 	rcu_read_unlock();
 done:
 	atomic_set(&core_state->nr_threads, nr);
 	return nr;
 }
 static int coredump_wait(int exit_code, struct core_state *core_state)
 {
 	struct task_struct *tsk = current;
 	struct mm_struct *mm = tsk->mm;
 	int core_waiters = -EBUSY;
 	init_completion(&core_state->startup);
 	core_state->dumper.task = tsk;
 	core_state->dumper.next = NULL;
 	down_write(&mm->mmap_sem);
 	if (!mm->core_state)
 		core_waiters = zap_threads(tsk, mm, core_state, exit_code);
 	up_write(&mm->mmap_sem);
 	if (core_waiters > 0) {
 		struct core_thread *ptr;
 		wait_for_completion(&core_state->startup);
 		/*
 		 * Wait for all the threads to become inactive, so that
 		 * all the thread context (extended register state, like
 		 * fpu etc) gets copied to the memory.
 		 */
 		ptr = core_state->dumper.next;
 		while (ptr != NULL) {
 			wait_task_inactive(ptr->task, 0);
 			ptr = ptr->next;
 		}
 	}
 	return core_waiters;
 }
 static void coredump_finish(struct mm_struct *mm, bool core_dumped)
 {
 	struct core_thread *curr, *next;
 	struct task_struct *task;
 	spin_lock_irq(&current->sighand->siglock);
 	if (core_dumped && !__fatal_signal_pending(current))
 		current->signal->group_exit_code |= 0x80;
 	current->signal->group_exit_task = NULL;
 	current->signal->flags = SIGNAL_GROUP_EXIT;
 	spin_unlock_irq(&current->sighand->siglock);
 	next = mm->core_state->dumper.next;
 	while ((curr = next) != NULL) {
 		next = curr->next;
 		task = curr->task;
 		/*
 		 * see exit_mm(), curr->task must not see
 		 * ->task == NULL before we read ->next.
 		 */
 		smp_mb();
 		curr->task = NULL;
 		wake_up_process(task);
 	}
 	mm->core_state = NULL;
 }
 static bool dump_interrupted(void)
 {
 	/*
 	 * SIGKILL or freezing() interrupt the coredumping. Perhaps we
 	 * can do try_to_freeze() and check __fatal_signal_pending(),
 	 * but then we need to teach dump_write() to restart and clear
 	 * TIF_SIGPENDING.
 	 */
 	return signal_pending(current);
 }
 static void wait_for_dump_helpers(struct file *file)
 {
 	struct pipe_inode_info *pipe;
 	pipe = file_inode(file)->i_pipe;
 	pipe_lock(pipe);
 	pipe->readers++;
 	pipe->writers--;
 	while ((pipe->readers > 1) && (!signal_pending(current))) {
 		wake_up_interruptible_sync(&pipe->wait);
 		kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
 		pipe_wait(pipe);
 	}
 	pipe->readers--;
 	pipe->writers++;
 	pipe_unlock(pipe);
 }
 /*
  * umh_pipe_setup
  * helper function to customize the process used
  * to collect the core in userspace.  Specifically
  * it sets up a pipe and installs it as fd 0 (stdin)
  * for the process.  Returns 0 on success, or
  * PTR_ERR on failure.
  * Note that it also sets the core limit to 1.  This
  * is a special value that we use to trap recursive
  * core dumps
  */
 static int umh_pipe_setup(struct subprocess_info *info, struct cred *new)
 {
 	struct file *files[2];
 	struct coredump_params *cp = (struct coredump_params *)info->data;
 	int err = create_pipe_files(files, 0);
 	if (err)
 		return err;
 	cp->file = files[1];
 	err = replace_fd(0, files[0], 0);
 	fput(files[0]);
 	/* and disallow core files too */
 	current->signal->rlim[RLIMIT_CORE] = (struct rlimit){1, 1};
 	return err;
 }
 void do_coredump(siginfo_t *siginfo)
 {
 	struct core_state core_state;
 	struct core_name cn;
 	struct mm_struct *mm = current->mm;
 	struct linux_binfmt * binfmt;
 	const struct cred *old_cred;
 	struct cred *cred;
 	int retval = 0;
 	int flag = 0;
 	int ispipe;
 	struct files_struct *displaced;
 	bool need_nonrelative = false;
 	bool core_dumped = false;
 	static atomic_t core_dump_count = ATOMIC_INIT(0);
 	struct coredump_params cprm = {
 		.siginfo = siginfo,
 		.regs = signal_pt_regs(),
 		.limit = rlimit(RLIMIT_CORE),
 		/*
 		 * We must use the same mm->flags while dumping core to avoid
 		 * inconsistency of bit flags, since this flag is not protected
 		 * by any locks.
 		 */
 		.mm_flags = mm->flags,
 	};
 	audit_core_dumps(siginfo->si_signo);
 	binfmt = mm->binfmt;
 	if (!binfmt || !binfmt->core_dump)
 		goto fail;
 	if (!__get_dumpable(cprm.mm_flags))
 		goto fail;
 	cred = prepare_creds();
 	if (!cred)
 		goto fail;
 	/*
 	 * We cannot trust fsuid as being the "true" uid of the process
 	 * nor do we know its entire history. We only know it was tainted
 	 * so we dump it as root in mode 2, and only into a controlled
 	 * environment (pipe handler or fully qualified path).
 	 */
 	if (__get_dumpable(cprm.mm_flags) == SUID_DUMP_ROOT) {
 		/* Setuid core dump mode */
 		flag = O_EXCL;		/* Stop rewrite attacks */
 		cred->fsuid = GLOBAL_ROOT_UID;	/* Dump root private */
 		need_nonrelative = true;
 	}
 	retval = coredump_wait(siginfo->si_signo, &core_state);
 	if (retval < 0)
 		goto fail_creds;
 	old_cred = override_creds(cred);
 	ispipe = format_corename(&cn, &cprm);
 	if (ispipe) {
 		int dump_count;
 		char **helper_argv;
 		struct subprocess_info *sub_info;
 		if (ispipe < 0) {
 			printk(KERN_WARNING "format_corename failed\n");
 			printk(KERN_WARNING "Aborting core\n");
 			goto fail_corename;
 		}
 		if (cprm.limit == 1) {
 			/* See umh_pipe_setup() which sets RLIMIT_CORE = 1.
 			 *
 			 * Normally core limits are irrelevant to pipes, since
 			 * we're not writing to the file system, but we use
 			 * cprm.limit of 1 here as a speacial value, this is a
 			 * consistent way to catch recursive crashes.
 			 * We can still crash if the core_pattern binary sets
 			 * RLIM_CORE = !1, but it runs as root, and can do
 			 * lots of stupid things.
 			 *
 			 * Note that we use task_tgid_vnr here to grab the pid
 			 * of the process group leader.  That way we get the
 			 * right pid if a thread in a multi-threaded
 			 * core_pattern process dies.
 			 */
 			printk(KERN_WARNING
 				"Process %d(%s) has RLIMIT_CORE set to 1\n",
 				task_tgid_vnr(current), current->comm);
 			printk(KERN_WARNING "Aborting core\n");
 			goto fail_unlock;
 		}
 		cprm.limit = RLIM_INFINITY;
 		dump_count = atomic_inc_return(&core_dump_count);
 		if (core_pipe_limit && (core_pipe_limit < dump_count)) {
 			printk(KERN_WARNING "Pid %d(%s) over core_pipe_limit\n",
 			       task_tgid_vnr(current), current->comm);
 			printk(KERN_WARNING "Skipping core dump\n");
 			goto fail_dropcount;
 		}
 		helper_argv = argv_split(GFP_KERNEL, cn.corename+1, NULL);
 		if (!helper_argv) {
 			printk(KERN_WARNING "%s failed to allocate memory\n",
 			       __func__);
 			goto fail_dropcount;
 		}
 		retval = -ENOMEM;
 		sub_info = call_usermodehelper_setup(helper_argv[0],
 						helper_argv, NULL, GFP_KERNEL,
 						umh_pipe_setup, NULL, &cprm);
 		if (sub_info)
 			retval = call_usermodehelper_exec(sub_info,
 							  UMH_WAIT_EXEC);
 		argv_free(helper_argv);
 		if (retval) {
 			printk(KERN_INFO "Core dump to %s pipe failed\n",
 			       cn.corename);
 			goto close_fail;
 		}
 	} else {
 		struct inode *inode;
 		if (cprm.limit < binfmt->min_coredump)
 			goto fail_unlock;
 		if (need_nonrelative && cn.corename[0] != '/') {
 			printk(KERN_WARNING "Pid %d(%s) can only dump core "\
 				"to fully qualified path!\n",
 				task_tgid_vnr(current), current->comm);
 			printk(KERN_WARNING "Skipping core dump\n");
 			goto fail_unlock;
 		}
 		cprm.file = filp_open(cn.corename,
 				 O_CREAT | 2 | O_NOFOLLOW | O_LARGEFILE | flag,
 				 0600);
 		if (IS_ERR(cprm.file))
 			goto fail_unlock;
 		inode = file_inode(cprm.file);
 		if (inode->i_nlink > 1)
 			goto close_fail;
 		if (d_unhashed(cprm.file->f_path.dentry))
 			goto close_fail;
 		/*
 		 * AK: actually i see no reason to not allow this for named
 		 * pipes etc, but keep the previous behaviour for now.
 		 */
 		if (!S_ISREG(inode->i_mode))
 			goto close_fail;
 		/*
 		 * Dont allow local users get cute and trick others to coredump
 		 * into their pre-created files.
 		 */
 		if (!uid_eq(inode->i_uid, current_fsuid()))
 			goto close_fail;
 		if (!cprm.file->f_op || !cprm.file->f_op->write)
 			goto close_fail;
 		if (do_truncate(cprm.file->f_path.dentry, 0, 0, cprm.file))
 			goto close_fail;
 	}
 	/* get us an unshared descriptor table; almost always a no-op */
 	retval = unshare_files(&displaced);
 	if (retval)
 		goto close_fail;
 	if (displaced)
 		put_files_struct(displaced);
 	core_dumped = !dump_interrupted() && binfmt->core_dump(&cprm);
 	if (ispipe && core_pipe_limit)
 		wait_for_dump_helpers(cprm.file);
 close_fail:
 	if (cprm.file)
 		filp_close(cprm.file, NULL);
 fail_dropcount:
 	if (ispipe)
 		atomic_dec(&core_dump_count);
 fail_unlock:
 	kfree(cn.corename);
 fail_corename:
 	coredump_finish(mm, core_dumped);
 	revert_creds(old_cred);
 fail_creds:
 	put_cred(cred);
 fail:
 	return;
 }
 /*
  * Core dumping helper functions.  These are the only things you should
  * do on a core-file: use only these functions to write out all the
  * necessary info.
  */
 int dump_write(struct file *file, const void *addr, int nr)
 {
 	return !dump_interrupted() &&
 		access_ok(VERIFY_READ, addr, nr) &&
 		file->f_op->write(file, addr, nr, &file->f_pos) == nr;
 }
 EXPORT_SYMBOL(dump_write);
 int dump_seek(struct file *file, loff_t off)
 {
 	int ret = 1;
 	if (file->f_op->llseek && file->f_op->llseek != no_llseek) {
 		if (dump_interrupted() ||
 		    file->f_op->llseek(file, off, SEEK_CUR) < 0)
 			return 0;
 	} else {
 		char *buf = (char *)get_zeroed_page(GFP_KERNEL);
 		if (!buf)
 			return 0;
 		while (off > 0) {
 			unsigned long n = off;
 			if (n > PAGE_SIZE)
 				n = PAGE_SIZE;
 			if (!dump_write(file, buf, n)) {
 				ret = 0;
 				break;
 			}
 			off -= n;
 		}
 		free_page((unsigned long)buf);
 	}
 	return ret;
 }
 EXPORT_SYMBOL(dump_seek);

Link here
Eric Lee 2014-08-13 04:30:02 UTC

mentioned in commit 1e6be3

_mentioned in commit 1e6be3_

Choose File ... File name...
Cancel
Link here
Eric Lee 2014-10-10 14:53:14 UTC

mentioned in commit f5eef0

_mentioned in commit f5eef0_

Choose File ... File name...
Cancel
Link here
Eric Lee 2014-11-07 08:26:57 UTC

mentioned in commit f5eef0

_mentioned in commit f5eef0_

Choose File ... File name...
Cancel
Link here
Eric Lee 2015-07-04 16:12:01 UTC

mentioned in commit f5eef0

_mentioned in commit f5eef0_

Choose File ... File name...
Cancel
Link here
Eric Lee 2015-09-11 17:21:27 UTC

mentioned in commit f5eef0

_mentioned in commit f5eef0_

Choose File ... File name...
Cancel
Link here
Eric Lee 2015-09-11 17:33:44 UTC

mentioned in commit f5eef0

_mentioned in commit f5eef0_

Choose File ... File name...
Cancel
Link here
Eric Lee 2015-10-21 05:06:30 UTC

mentioned in commit aed8ad

_mentioned in commit aed8ad_

Choose File ... File name...
Cancel
Link here
Eric Lee 2015-10-21 05:06:33 UTC

mentioned in commit aed8ad

_mentioned in commit aed8ad_

Choose File ... File name...
Cancel
Link here
Eric Lee 2016-01-07 07:15:01 UTC

mentioned in commit aed8ad

_mentioned in commit aed8ad_

Choose File ... File name...
Cancel
Link here
Eric Lee 2016-01-18 12:37:48 UTC

mentioned in commit aed8ad

_mentioned in commit aed8ad_

Choose File ... File name...
Cancel
Link here
Eric Lee 2016-01-20 17:41:12 UTC

mentioned in commit aed8ad

_mentioned in commit aed8ad_

Choose File ... File name...
Cancel
Link here
Eric Lee 2016-01-20 18:24:05 UTC

mentioned in commit aed8ad

_mentioned in commit aed8ad_

Choose File ... File name...
Cancel
Link here
Eric Lee 2016-01-21 10:51:22 UTC

mentioned in commit aed8ad

_mentioned in commit aed8ad_

Choose File ... File name...
Cancel
Link here
Eric Lee 2016-02-04 11:34:12 UTC

mentioned in commit aed8ad

_mentioned in commit aed8ad_

Choose File ... File name...
Cancel
Link here
Eric Lee 2016-08-17 08:39:50 UTC

mentioned in commit aed8ad

_mentioned in commit aed8ad_

Choose File ... File name...
Cancel
Link here
Eric Lee 2016-08-24 02:42:23 UTC

mentioned in commit aed8ad

_mentioned in commit aed8ad_

Choose File ... File name...
Cancel
Link here
Eric Lee 2017-03-31 16:04:07 UTC

mentioned in commit aed8ad

_mentioned in commit aed8ad_

Choose File ... File name...
Cancel
Link here
Eric Lee 2018-09-03 11:01:32 UTC

mentioned in commit aed8ad

_mentioned in commit aed8ad_

Choose File ... File name...
Cancel
Link here
Eric Lee 2018-09-03 11:16:46 UTC

mentioned in commit aed8ad

_mentioned in commit aed8ad_

Choose File ... File name...
Cancel