static int elf_check_ehdr(struct elf_hdr *ehdr)
{
return (elf_check_arch(ehdr->e_machine)
&& (ehdr->e_phnum == 0 || ehdr->e_ehsize == sizeof(struct elf_hdr))
&& (ehdr->e_shnum == 0 || ehdr->e_shentsize == sizeof(struct elf_shdr))
&& ehdr->e_shentsize == sizeof(struct elf_shdr));
}
static int is_elf_fdpic(struct elfhdr *hdr, struct file *file)
{
if (memcmp(hdr->e_ident, ELFMAG, SELFMAG) != 0)
return 0;
if (hdr->e_type != ET_EXEC && hdr->e_type != ET_DYN)
return 0;
if (!elf_check_arch(hdr) || !elf_check_fdpic(hdr))
return 0;
if (!file->f_op || !file->f_op->mmap)
return 0;
return 1;
}
static int elf64_probe(const char *buf, unsigned long len)
{
struct elfhdr ehdr;
struct elf_info elf_info;
int ret;
ret = build_elf_exec_info(buf, len, &ehdr, &elf_info);
if (ret)
return ret;
elf_free_info(&elf_info);
return elf_check_arch(&ehdr) ? 0 : -ENOEXEC;
}
/* Load relocatable purgatory object and relocate it appropriately */
int kexec_load_purgatory(struct kimage *image, unsigned long min,
unsigned long max, int top_down,
unsigned long *load_addr)
{
struct purgatory_info *pi = &image->purgatory_info;
int ret;
if (kexec_purgatory_size <= 0)
return -EINVAL;
if (kexec_purgatory_size < sizeof(Elf_Ehdr))
return -ENOEXEC;
pi->ehdr = (Elf_Ehdr *)kexec_purgatory;
if (memcmp(pi->ehdr->e_ident, ELFMAG, SELFMAG) != 0
|| pi->ehdr->e_type != ET_REL
|| !elf_check_arch(pi->ehdr)
|| pi->ehdr->e_shentsize != sizeof(Elf_Shdr))
return -ENOEXEC;
if (pi->ehdr->e_shoff >= kexec_purgatory_size
|| (pi->ehdr->e_shnum * sizeof(Elf_Shdr) >
kexec_purgatory_size - pi->ehdr->e_shoff))
return -ENOEXEC;
ret = __kexec_load_purgatory(image, min, max, top_down);
if (ret)
return ret;
ret = kexec_apply_relocations(image);
if (ret)
goto out;
*load_addr = pi->purgatory_load_addr;
return 0;
out:
vfree(pi->sechdrs);
pi->sechdrs = NULL;
vfree(pi->purgatory_buf);
pi->purgatory_buf = NULL;
return ret;
}
static __init void relocate_vdso(Elf32_Ehdr *ehdr)
{
Elf32_Phdr *phdr;
Elf32_Shdr *shdr;
int i;
BUG_ON(memcmp(ehdr->e_ident, ELFMAG, 4) != 0 ||
!elf_check_arch(ehdr) ||
ehdr->e_type != ET_DYN);
ehdr->e_entry += VDSO_HIGH_BASE;
/* rebase phdrs */
phdr = (void *)ehdr + ehdr->e_phoff;
for (i = 0; i < ehdr->e_phnum; i++) {
phdr[i].p_vaddr += VDSO_HIGH_BASE;
/* relocate dynamic stuff */
if (phdr[i].p_type == PT_DYNAMIC)
reloc_dyn(ehdr, phdr[i].p_offset);
}
/* rebase sections */
shdr = (void *)ehdr + ehdr->e_shoff;
for(i = 0; i < ehdr->e_shnum; i++) {
if (!(shdr[i].sh_flags & SHF_ALLOC))
continue;
shdr[i].sh_addr += VDSO_HIGH_BASE;
if (shdr[i].sh_type == SHT_SYMTAB ||
shdr[i].sh_type == SHT_DYNSYM)
reloc_symtab(ehdr, shdr[i].sh_offset,
shdr[i].sh_size);
}
}
//unsigned long fs_loadElfLibrary(struct file *file, unsigned long tmp_stack, unsigned long stack_len, unsigned long aux_addr) {
unsigned long fs_elf_load(struct file *file,unsigned long tmp_stack, unsigned long stack_len, unsigned long aux_addr) {
struct elf_phdr *elf_phdata;
struct elf_phdr *eppnt;
unsigned long elf_bss, bss_start, bss, len;
int retval, error, i, j;
struct elfhdr elf_ex;
Elf64_Addr p_entry;
unsigned long *aux_vec, aux_index, load_addr;
struct task_struct *task=g_current_task;
error = 0;
fs_lseek(file, 0, 0);
retval = fs_read(file, (unsigned char *) &elf_ex, sizeof(elf_ex));
if (retval != sizeof(elf_ex)) {
error = -1;
goto out;
}
if (ut_memcmp((unsigned char *) elf_ex.e_ident, (unsigned char *) ELFMAG, SELFMAG) != 0) {
error = -2;
goto out;
}
if (elf_ex.e_type == ET_DYN) elf_ex.e_type=ET_EXEC;
/* First of all, some simple consistency checks */
//if (elf_ex.e_type != ET_EXEC || elf_ex.e_phnum > 2 ||
if (elf_ex.e_type != ET_EXEC || !elf_check_arch(&elf_ex)) {
DEBUG("error:(not executable type or mismatch in architecture %x %x %x \n",elf_ex.e_type,elf_ex.e_phnum,elf_check_arch(&elf_ex));
error = -3;
goto out;
}
/* Now read in all of the header information */
j = sizeof(struct elf_phdr) * elf_ex.e_phnum;
/* j < ELF_MIN_ALIGN because elf_ex.e_phnum <= 2 */
elf_phdata = mm_malloc(j, 0);
if (!elf_phdata) {
error = -4;
goto out;
}
eppnt = elf_phdata;
fs_lseek(file, (unsigned long) elf_ex.e_phoff, 0);
retval = fs_read(file, (unsigned char *) eppnt, j);
if (retval != j) {
error = -5;
goto out;
}
DEBUG("START address : %x offset :%x \n",ELF_PAGESTART(eppnt->p_vaddr),eppnt->p_offset);
for (j = 0, i = 0; i < elf_ex.e_phnum; i++){
if ((eppnt + i)->p_type == PT_LOAD)
j++;
}
if (j == 0) {
error = -6;
goto out;
}
load_addr = ELF_PAGESTART(eppnt->p_vaddr);
p_entry = elf_ex.e_entry;
task->mm->start_code = 0;
task->mm->end_code =0;
for (i = 0; i < elf_ex.e_phnum; i++, eppnt++) /* mmap all loadable program headers */
{
if (eppnt->p_type != PT_LOAD)
continue;
//ut_log("%d: LOAD section: vaddr:%x filesz:%x offset:%x flags:%x \n",i,ELF_PAGESTART(eppnt->p_vaddr),eppnt->p_filesz,eppnt->p_offset,eppnt->p_flags);
/* Now use mmap to map the library into memory. */
error = 1;
if (eppnt->p_filesz > 0) {
unsigned long addr;
unsigned long start_addr = ELF_PAGESTART(eppnt->p_vaddr);
unsigned long end_addr= eppnt->p_filesz + ELF_PAGEOFFSET(eppnt->p_vaddr);
addr = vm_mmap(file, start_addr, end_addr, eppnt->p_flags, 0, (eppnt->p_offset
- ELF_PAGEOFFSET(eppnt->p_vaddr)),"text");
if (addr == 0)
error = 0;
if (task->mm->start_code ==0 || task->mm->start_code > start_addr ) task->mm->start_code = start_addr;
if (task->mm->end_code < end_addr ) task->mm->end_code = end_addr;
}
//if (error != ELF_PAGESTART(eppnt->p_vaddr))
if (error != 1) {
error = -6;
goto out;
}
elf_bss = eppnt->p_vaddr + eppnt->p_filesz;
// padzero(elf_bss);
/* TODO : bss start address in not at the PAGE_ALIGN or ELF_MIN_ALIGN , need to club this partial page with the data */
// len = ELF_PAGESTART(eppnt->p_filesz + eppnt->p_vaddr + ELF_MIN_ALIGN - 1);
bss_start = eppnt->p_filesz + eppnt->p_vaddr;
bss = eppnt->p_memsz + eppnt->p_vaddr;
//ut_log(" bss start :%x end:%x memsz:%x elf_bss:%x \n",bss_start, bss,eppnt->p_memsz,elf_bss);
if (bss > bss_start) {
vm_setupBrk(bss_start, bss - bss_start);
}
error = 0;
}
out:
if (elf_phdata) {
mm_free(elf_phdata);
}
if (error != 0) {
ut_log(" ERROR in elf loader filename :%s :%d\n",file->filename,-error);
} else {
task->mm->stack_bottom = USERSTACK_ADDR+USERSTACK_LEN;
elf_initialize_userspace_stack(elf_ex,aux_addr,tmp_stack, stack_len,load_addr);
vm_mmap(0, USER_SYSCALL_PAGE, 0x1000, PROT_READ | PROT_EXEC |PROT_WRITE, MAP_ANONYMOUS, 0,"fst_syscal");
//ut_memset((unsigned char *)SYSCALL_PAGE,(unsigned char )0xcc,0x1000);
ut_memcpy((unsigned char *)USER_SYSCALL_PAGE,(unsigned char *)&__vsyscall_page,0x1000);
if (g_conf_syscall_debug==1){
//pagetable_walk(4,g_current_task->mm->pgd,1,0);
}
}
DEBUG(" Program start address(autod) : %x \n",elf_ex.e_entry);
if (error == 0)
return p_entry;
else
return 0;
}
static int CVE_2010_0307_linux2_6_27_31_load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
{
struct file *interpreter = NULL; /* to shut gcc up */
unsigned long load_addr = 0, load_bias = 0;
int load_addr_set = 0;
char * elf_interpreter = NULL;
unsigned long error;
struct elf_phdr *elf_ppnt, *elf_phdata;
unsigned long elf_bss, elf_brk;
int elf_exec_fileno;
int retval, i;
unsigned int size;
unsigned long elf_entry;
unsigned long interp_load_addr = 0;
unsigned long start_code, end_code, start_data, end_data;
unsigned long reloc_func_desc = 0;
int executable_stack = EXSTACK_DEFAULT;
unsigned long def_flags = 0;
struct {
struct elfhdr elf_ex;
struct elfhdr interp_elf_ex;
} *loc;
loc = kmalloc(sizeof(*loc), GFP_KERNEL);
if (!loc) {
retval = -ENOMEM;
goto out_ret;
}
/* Get the exec-header */
loc->elf_ex = *((struct elfhdr *)bprm->buf);
retval = -ENOEXEC;
/* First of all, some simple consistency checks */
if (memcmp(loc->elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
goto out;
if (loc->elf_ex.e_type != ET_EXEC && loc->elf_ex.e_type != ET_DYN)
goto out;
if (!elf_check_arch(&loc->elf_ex))
goto out;
if (!bprm->file->f_op||!bprm->file->f_op->mmap)
goto out;
/* Now read in all of the header information */
if (loc->elf_ex.e_phentsize != sizeof(struct elf_phdr))
goto out;
if (loc->elf_ex.e_phnum < 1 ||
loc->elf_ex.e_phnum > 65536U / sizeof(struct elf_phdr))
goto out;
size = loc->elf_ex.e_phnum * sizeof(struct elf_phdr);
retval = -ENOMEM;
elf_phdata = kmalloc(size, GFP_KERNEL);
if (!elf_phdata)
goto out;
retval = kernel_read(bprm->file, loc->elf_ex.e_phoff,
(char *)elf_phdata, size);
if (retval != size) {
if (retval >= 0)
retval = -EIO;
goto out_free_ph;
}
retval = get_unused_fd();
if (retval < 0)
goto out_free_ph;
get_file(bprm->file);
fd_install(elf_exec_fileno = retval, bprm->file);
elf_ppnt = elf_phdata;
elf_bss = 0;
elf_brk = 0;
start_code = ~0UL;
end_code = 0;
start_data = 0;
end_data = 0;
for (i = 0; i < loc->elf_ex.e_phnum; i++) {
if (elf_ppnt->p_type == PT_INTERP) {
/* This is the program interpreter used for
* shared libraries - for now assume that this
* is an a.out format binary
*/
retval = -ENOEXEC;
if (elf_ppnt->p_filesz > PATH_MAX ||
elf_ppnt->p_filesz < 2)
goto out_free_file;
retval = -ENOMEM;
elf_interpreter = kmalloc(elf_ppnt->p_filesz,
GFP_KERNEL);
if (!elf_interpreter)
goto out_free_file;
retval = kernel_read(bprm->file, elf_ppnt->p_offset,
elf_interpreter,
elf_ppnt->p_filesz);
if (retval != elf_ppnt->p_filesz) {
if (retval >= 0)
retval = -EIO;
goto out_free_interp;
}
/* make sure path is NULL terminated */
retval = -ENOEXEC;
if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0')
goto out_free_interp;
/*
* The early SET_PERSONALITY here is so that the lookup
* for the interpreter happens in the namespace of the
* to-be-execed image. SET_PERSONALITY can select an
* alternate root.
*
* However, SET_PERSONALITY is NOT allowed to switch
* this task into the new images's memory mapping
* policy - that is, TASK_SIZE must still evaluate to
* that which is appropriate to the execing application.
* This is because exit_mmap() needs to have TASK_SIZE
* evaluate to the size of the old image.
*
* So if (say) a 64-bit application is execing a 32-bit
* application it is the architecture's responsibility
* to defer changing the value of TASK_SIZE until the
* switch really is going to happen - do this in
* flush_thread(). - akpm
*/
SET_PERSONALITY(loc->elf_ex, 0);
interpreter = open_exec(elf_interpreter);
retval = PTR_ERR(interpreter);
if (IS_ERR(interpreter))
goto out_free_interp;
/*
* If the binary is not readable then enforce
* mm->dumpable = 0 regardless of the interpreter's
* permissions.
*/
if (file_permission(interpreter, MAY_READ) < 0)
bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP;
retval = kernel_read(interpreter, 0, bprm->buf,
BINPRM_BUF_SIZE);
if (retval != BINPRM_BUF_SIZE) {
if (retval >= 0)
retval = -EIO;
goto out_free_dentry;
}
/* Get the exec headers */
loc->interp_elf_ex = *((struct elfhdr *)bprm->buf);
break;
}
elf_ppnt++;
}
elf_ppnt = elf_phdata;
for (i = 0; i < loc->elf_ex.e_phnum; i++, elf_ppnt++)
if (elf_ppnt->p_type == PT_GNU_STACK) {
if (elf_ppnt->p_flags & PF_X)
executable_stack = EXSTACK_ENABLE_X;
else
executable_stack = EXSTACK_DISABLE_X;
break;
}
/* Some simple consistency checks for the interpreter */
if (elf_interpreter) {
retval = -ELIBBAD;
/* Not an ELF interpreter */
if (memcmp(loc->interp_elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
goto out_free_dentry;
/* Verify the interpreter has a valid arch */
if (!elf_check_arch(&loc->interp_elf_ex))
goto out_free_dentry;
} else {
/* Executables without an interpreter also need a personality */
SET_PERSONALITY(loc->elf_ex, 0);
}
/* Flush all traces of the currently running executable */
retval = flush_old_exec(bprm);
if (retval)
goto out_free_dentry;
/* OK, This is the point of no return */
current->flags &= ~PF_FORKNOEXEC;
current->mm->def_flags = def_flags;
/* Do this immediately, since STACK_TOP as used in setup_arg_pages
may depend on the personality. */
SET_PERSONALITY(loc->elf_ex, 0);
if (elf_read_implies_exec(loc->elf_ex, executable_stack))
current->personality |= READ_IMPLIES_EXEC;
if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
current->flags |= PF_RANDOMIZE;
arch_pick_mmap_layout(current->mm);
/* Do this so that we can load the interpreter, if need be. We will
change some of these later */
current->mm->free_area_cache = current->mm->mmap_base;
current->mm->cached_hole_size = 0;
retval = setup_arg_pages(bprm, randomize_stack_top(STACK_TOP),
executable_stack);
if (retval < 0) {
send_sig(SIGKILL, current, 0);
goto out_free_dentry;
}
current->mm->start_stack = bprm->p;
/* Now we do a little grungy work by mmaping the ELF image into
the correct location in memory. */
for(i = 0, elf_ppnt = elf_phdata;
i < loc->elf_ex.e_phnum; i++, elf_ppnt++) {
int elf_prot = 0, elf_flags;
unsigned long k, vaddr;
if (elf_ppnt->p_type != PT_LOAD)
continue;
if (unlikely (elf_brk > elf_bss)) {
unsigned long nbyte;
/* There was a PT_LOAD segment with p_memsz > p_filesz
before this one. Map anonymous pages, if needed,
and clear the area. */
retval = set_brk (elf_bss + load_bias,
elf_brk + load_bias);
if (retval) {
send_sig(SIGKILL, current, 0);
goto out_free_dentry;
}
nbyte = ELF_PAGEOFFSET(elf_bss);
if (nbyte) {
nbyte = ELF_MIN_ALIGN - nbyte;
if (nbyte > elf_brk - elf_bss)
nbyte = elf_brk - elf_bss;
if (clear_user((void __user *)elf_bss +
load_bias, nbyte)) {
/*
* This bss-zeroing can fail if the ELF
* file specifies odd protections. So
* we don't check the return value
*/
}
}
}
if (elf_ppnt->p_flags & PF_R)
elf_prot |= PROT_READ;
if (elf_ppnt->p_flags & PF_W)
elf_prot |= PROT_WRITE;
if (elf_ppnt->p_flags & PF_X)
elf_prot |= PROT_EXEC;
elf_flags = MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE;
vaddr = elf_ppnt->p_vaddr;
if (loc->elf_ex.e_type == ET_EXEC || load_addr_set) {
elf_flags |= MAP_FIXED;
} else if (loc->elf_ex.e_type == ET_DYN) {
/* Try and get dynamic programs out of the way of the
* default mmap base, as well as whatever program they
* might try to exec. This is because the brk will
* follow the loader, and is not movable. */
#ifdef CONFIG_X86
load_bias = 0;
#else
load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
#endif
}
error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
elf_prot, elf_flags, 0);
if (BAD_ADDR(error)) {
send_sig(SIGKILL, current, 0);
retval = IS_ERR((void *)error) ?
PTR_ERR((void*)error) : -EINVAL;
goto out_free_dentry;
}
if (!load_addr_set) {
load_addr_set = 1;
load_addr = (elf_ppnt->p_vaddr - elf_ppnt->p_offset);
if (loc->elf_ex.e_type == ET_DYN) {
load_bias += error -
ELF_PAGESTART(load_bias + vaddr);
load_addr += load_bias;
reloc_func_desc = load_bias;
}
}
k = elf_ppnt->p_vaddr;
if (k < start_code)
start_code = k;
if (start_data < k)
start_data = k;
/*
* Check to see if the section's size will overflow the
* allowed task size. Note that p_filesz must always be
* <= p_memsz so it is only necessary to check p_memsz.
*/
if (BAD_ADDR(k) || elf_ppnt->p_filesz > elf_ppnt->p_memsz ||
elf_ppnt->p_memsz > TASK_SIZE ||
TASK_SIZE - elf_ppnt->p_memsz < k) {
/* set_brk can never work. Avoid overflows. */
send_sig(SIGKILL, current, 0);
retval = -EINVAL;
goto out_free_dentry;
}
k = elf_ppnt->p_vaddr + elf_ppnt->p_filesz;
if (k > elf_bss)
elf_bss = k;
if ((elf_ppnt->p_flags & PF_X) && end_code < k)
end_code = k;
if (end_data < k)
end_data = k;
k = elf_ppnt->p_vaddr + elf_ppnt->p_memsz;
if (k > elf_brk)
elf_brk = k;
}
loc->elf_ex.e_entry += load_bias;
elf_bss += load_bias;
elf_brk += load_bias;
start_code += load_bias;
end_code += load_bias;
start_data += load_bias;
end_data += load_bias;
/* Calling set_brk effectively mmaps the pages that we need
* for the bss and break sections. We must do this before
* mapping in the interpreter, to make sure it doesn't wind
* up getting placed where the bss needs to go.
*/
retval = set_brk(elf_bss, elf_brk);
if (retval) {
send_sig(SIGKILL, current, 0);
goto out_free_dentry;
}
if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
send_sig(SIGSEGV, current, 0);
retval = -EFAULT; /* Nobody gets to see this, but.. */
goto out_free_dentry;
}
if (elf_interpreter) {
unsigned long uninitialized_var(interp_map_addr);
elf_entry = load_elf_interp(&loc->interp_elf_ex,
interpreter,
&interp_map_addr,
load_bias);
if (!IS_ERR((void *)elf_entry)) {
/*
* load_elf_interp() returns relocation
* adjustment
*/
interp_load_addr = elf_entry;
elf_entry += loc->interp_elf_ex.e_entry;
}
if (BAD_ADDR(elf_entry)) {
force_sig(SIGSEGV, current);
retval = IS_ERR((void *)elf_entry) ?
(int)elf_entry : -EINVAL;
goto out_free_dentry;
}
reloc_func_desc = interp_load_addr;
allow_write_access(interpreter);
fput(interpreter);
kfree(elf_interpreter);
} else {
elf_entry = loc->elf_ex.e_entry;
if (BAD_ADDR(elf_entry)) {
force_sig(SIGSEGV, current);
retval = -EINVAL;
goto out_free_dentry;
}
}
kfree(elf_phdata);
sys_close(elf_exec_fileno);
set_binfmt(&elf_format);
#ifdef ARCH_HAS_SETUP_ADDITIONAL_PAGES
retval = arch_setup_additional_pages(bprm, executable_stack);
if (retval < 0) {
send_sig(SIGKILL, current, 0);
goto out;
}
#endif /* ARCH_HAS_SETUP_ADDITIONAL_PAGES */
compute_creds(bprm);
current->flags &= ~PF_FORKNOEXEC;
retval = create_elf_tables(bprm, &loc->elf_ex,
load_addr, interp_load_addr);
if (retval < 0) {
send_sig(SIGKILL, current, 0);
goto out;
}
/* N.B. passed_fileno might not be initialized? */
current->mm->end_code = end_code;
current->mm->start_code = start_code;
current->mm->start_data = start_data;
current->mm->end_data = end_data;
current->mm->start_stack = bprm->p;
#ifdef arch_randomize_brk
if ((current->flags & PF_RANDOMIZE) && (randomize_va_space > 1))
current->mm->brk = current->mm->start_brk =
arch_randomize_brk(current->mm);
#endif
if (current->personality & MMAP_PAGE_ZERO) {
/* Why this, you ask??? Well SVr4 maps page 0 as read-only,
and some applications "depend" upon this behavior.
Since we do not have the power to recompile these, we
emulate the SVr4 behavior. Sigh. */
down_write(¤t->mm->mmap_sem);
error = do_mmap(NULL, 0, PAGE_SIZE, PROT_READ | PROT_EXEC,
MAP_FIXED | MAP_PRIVATE, 0);
up_write(¤t->mm->mmap_sem);
}
#ifdef ELF_PLAT_INIT
/*
* The ABI may specify that certain registers be set up in special
* ways (on i386 %edx is the address of a DT_FINI function, for
* example. In addition, it may also specify (eg, PowerPC64 ELF)
* that the e_entry field is the address of the function descriptor
* for the startup routine, rather than the address of the startup
* routine itself. This macro performs whatever initialization to
* the regs structure is required as well as any relocations to the
* function descriptor entries when executing dynamically links apps.
*/
ELF_PLAT_INIT(regs, reloc_func_desc);
#endif
start_thread(regs, elf_entry, bprm->p);
retval = 0;
out:
kfree(loc);
out_ret:
return retval;
/* error cleanup */
out_free_dentry:
allow_write_access(interpreter);
if (interpreter)
fput(interpreter);
out_free_interp:
kfree(elf_interpreter);
out_free_file:
sys_close(elf_exec_fileno);
out_free_ph:
kfree(elf_phdata);
goto out;
}
static int load_elf_library(int fd)
{
/* uselib syscall isn't implemented so we don't need this function
just yet... */
return -EINVAL;
#if 0
struct file * file;
struct dentry * dentry;
struct inode * inode;
struct elf_phdr *elf_phdata;
unsigned long elf_bss = 0, bss, len, k;
int retval, error, i, j;
struct elfhdr elf_ex;
loff_t offset = 0;
error = -EACCES;
file = fget(fd);
if (!file || !file->f_op)
goto out;
dentry = file->f_dentry;
inode = dentry->d_inode;
/* seek to the beginning of the file */
error = -ENOEXEC;
/* N.B. save current DS?? */
set_fs(KERNEL_DS);
retval = file->f_op->read(file, (char *) &elf_ex, sizeof(elf_ex), &offset);
set_fs(USER_DS);
if (retval != sizeof(elf_ex))
goto out_putf;
if (elf_ex.e_ident[0] != 0x7f ||
strncmp(&elf_ex.e_ident[1], "ELF", 3) != 0)
goto out_putf;
/* First of all, some simple consistency checks */
if (elf_ex.e_type != ET_EXEC || elf_ex.e_phnum > 2 ||
!elf_check_arch(elf_ex.e_machine) ||
(!inode->i_op || !inode->i_op->default_file_ops->mmap))
goto out_putf;
/* Now read in all of the header information */
j = sizeof(struct elf_phdr) * elf_ex.e_phnum;
if (j > ELF_EXEC_PAGESIZE)
goto out_putf;
error = -ENOMEM;
elf_phdata = (struct elf_phdr *) kmalloc(j, GFP_KERNEL);
if (!elf_phdata)
goto out_putf;
/* N.B. check for error return?? */
retval = read_exec(dentry, elf_ex.e_phoff, (char *) elf_phdata,
sizeof(struct elf_phdr) * elf_ex.e_phnum, 1);
error = -ENOEXEC;
for (j = 0, i = 0; i<elf_ex.e_phnum; i++)
if ((elf_phdata + i)->p_type == PT_LOAD) j++;
if (j != 1)
goto out_free_ph;
while (elf_phdata->p_type != PT_LOAD) elf_phdata++;
/* Now use mmap to map the library into memory. */
error = do_mmap(file,
ELF_PAGESTART(elf_phdata->p_vaddr),
(elf_phdata->p_filesz +
ELF_PAGEOFFSET(elf_phdata->p_vaddr)),
PROT_READ | PROT_WRITE | PROT_EXEC,
MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE,
(elf_phdata->p_offset -
ELF_PAGEOFFSET(elf_phdata->p_vaddr)));
if (error != ELF_PAGESTART(elf_phdata->p_vaddr))
goto out_free_ph;
k = elf_phdata->p_vaddr + elf_phdata->p_filesz;
if (k > elf_bss)
elf_bss = k;
padzero(elf_bss);
len = ELF_PAGESTART(elf_phdata->p_filesz + elf_phdata->p_vaddr +
ELF_EXEC_PAGESIZE - 1);
bss = elf_phdata->p_memsz + elf_phdata->p_vaddr;
if (bss > len)
do_mmap(NULL, len, bss - len,
PROT_READ|PROT_WRITE|PROT_EXEC,
MAP_FIXED|MAP_PRIVATE, 0);
error = 0;
out_free_ph:
kfree(elf_phdata);
out_putf:
fput(file);
out:
return error;
#endif
}
unsigned long fs_elf_check_prepare(struct file *file,unsigned char **argv, unsigned char **env,unsigned long *t_argc, unsigned long *t_argv,unsigned long *stack_len, unsigned long *aux_addr,unsigned char **elf_interpreter, unsigned long *tmp_stackp) {
struct elf_phdr *elf_phdata=0;
struct elf_phdr *eppnt;
int retval, error, i, j;
struct elfhdr elf_ex;
Elf64_Addr p_entry;
unsigned long tmp_stack_top=0;
error = 0;
fs_lseek(file, 0, 0);
retval = fs_read(file, (unsigned char *) &elf_ex, sizeof(elf_ex));
if (retval != sizeof(elf_ex)) {
error = -1;
return 0;
}
if (ut_memcmp((unsigned char *) elf_ex.e_ident, (unsigned char *) ELFMAG, SELFMAG) != 0) {
error = -2;
return 0;
}
if (elf_ex.e_type == ET_DYN) elf_ex.e_type=ET_EXEC;
if (elf_ex.e_type != ET_EXEC || !elf_check_arch(&elf_ex)) {
DEBUG("error:(not executable type or mismatch in architecture %x %x %x \n",elf_ex.e_type,elf_ex.e_phnum,elf_check_arch(&elf_ex));
error = -3;
return 0;
}
/* Now read in all of the header information */
j = sizeof(struct elf_phdr) * elf_ex.e_phnum;
/* j < ELF_MIN_ALIGN because elf_ex.e_phnum <= 2 */
elf_phdata = mm_malloc(j, 0);
if (!elf_phdata) {
error = -4;
return 0;
}
eppnt = elf_phdata;
fs_lseek(file, (unsigned long) elf_ex.e_phoff, 0);
retval = fs_read(file, (unsigned char *) eppnt, j);
if (retval != j) {
goto out;
}
p_entry = elf_ex.e_entry;
*elf_interpreter=0;
for (i = 0; i < elf_ex.e_phnum; i++, eppnt++) /* mmap all loadable program headers */
{
if (eppnt->p_type == PT_INTERP){
*elf_interpreter = (char *) ut_calloc(eppnt->p_filesz+1);
fs_lseek(file, (unsigned long) eppnt->p_offset, 0);
retval = fs_read(file, (unsigned char *) *elf_interpreter, eppnt->p_filesz);
//ut_printf(" interpreter :%s: \n",*elf_interpreter);
break;
}
}
tmp_stack_top = setup_userstack(argv, env, stack_len, t_argc, t_argv, aux_addr, *elf_interpreter);
*tmp_stackp=tmp_stack_top;
if (tmp_stack_top == 0) {
goto out;
}
tmp_stack_top = tmp_stack_top + (MAX_USERSPACE_STACK_TEMPLEN - *stack_len);
out:
if (elf_phdata) {
mm_free(elf_phdata);
}
if (tmp_stack_top==0 && *elf_interpreter!=0){
ut_free(*elf_interpreter);
}
return tmp_stack_top;
}
static unsigned long load_elf_interp(struct task_struct *tsk,
struct elfhdr * interp_elf_ex,
struct file * interpreter,
unsigned long *interp_load_addr,
char *ld_name)
{
struct elf_phdr *elf_phdata;
struct elf_phdr *eppnt;
unsigned long load_addr = 0;
int load_addr_set = 0;
unsigned long last_bss = 0, elf_bss = 0;
unsigned long error = ~0UL;
int retval, i, size;
/* First of all, some simple consistency checks */
if (interp_elf_ex->e_type != ET_EXEC &&
interp_elf_ex->e_type != ET_DYN)
goto out;
if (!elf_check_arch(interp_elf_ex))
goto out;
if (!interpreter->f_op || !interpreter->f_op->mmap)
goto out;
/*
* If the size of this structure has changed, then punt, since
* we will be doing the wrong thing.
*/
if (interp_elf_ex->e_phentsize != sizeof(struct elf_phdr))
goto out;
if (interp_elf_ex->e_phnum < 1 ||
interp_elf_ex->e_phnum > 65536U / sizeof(struct elf_phdr))
goto out;
/* Now read in all of the header information */
size = sizeof(struct elf_phdr) * interp_elf_ex->e_phnum;
if (size > ELF_MIN_ALIGN)
goto out;
elf_phdata = (struct elf_phdr *) kmalloc(size, GFP_KERNEL);
if (!elf_phdata)
goto out;
retval = kernel_read(interpreter,interp_elf_ex->e_phoff,(char *)elf_phdata,size);
error = -EIO;
if (retval != size) {
if (retval < 0)
error = retval;
goto out_close;
}
eppnt = elf_phdata;
for (i=0; i<interp_elf_ex->e_phnum; i++, eppnt++) {
if (eppnt->p_type == PT_INTERP && ld_name)
kernel_read(interpreter, eppnt->p_offset, ld_name, eppnt->p_filesz);
if (eppnt->p_type == PT_LOAD) {
int elf_type = MAP_PRIVATE | MAP_DENYWRITE;
int elf_prot = 0;
unsigned long vaddr = 0;
unsigned long k, map_addr;
if (eppnt->p_flags & PF_R) elf_prot = PROT_READ | PROT_WRITE;
if (eppnt->p_flags & PF_W) elf_prot |= PROT_WRITE;
if (eppnt->p_flags & PF_X) elf_prot |= PROT_EXEC;
vaddr = eppnt->p_vaddr;
if (interp_elf_ex->e_type == ET_EXEC || load_addr_set)
elf_type |= MAP_FIXED;
map_addr = elf_map(tsk, interpreter, load_addr + vaddr, eppnt, elf_prot, elf_type);
error = map_addr;
if (map_addr > (unsigned long)TASK_SIZE)
goto out_close;
if (!load_addr_set && interp_elf_ex->e_type == ET_DYN) {
load_addr = map_addr - ELF_PAGESTART(vaddr);
*interp_load_addr = map_addr - eppnt->p_offset;
load_addr_set = 1;
}
/*
* Check to see if the section's size will overflow the
* allowed task size. Note that p_filesz must always be
* <= p_memsize so it is only necessary to check p_memsz.
*/
k = load_addr + eppnt->p_vaddr;
if (k > TASK_SIZE || eppnt->p_filesz > eppnt->p_memsz ||
eppnt->p_memsz > TASK_SIZE || TASK_SIZE - eppnt->p_memsz < k) {
error = -ENOMEM;
goto out_close;
}
/*
* Find the end of the file mapping for this phdr, and keep
* track of the largest address we see for this.
*/
k = load_addr + eppnt->p_vaddr + eppnt->p_filesz;
if (k > elf_bss)
elf_bss = k;
/*
* Do the same thing for the memory mapping - between
* elf_bss and last_bss is the bss section.
*/
k = load_addr + eppnt->p_memsz + eppnt->p_vaddr;
if (k > last_bss)
last_bss = k;
}
}
/*
* Now fill out the bss section. First pad the last page up
* to the page boundary, and then perform a mmap to make sure
* that there are zero-mapped pages up to and including the
* last bss page.
*/
if (padzero(tsk, elf_bss)) {
error = -EFAULT;
goto out_close;
}
elf_bss = ELF_PAGESTART(elf_bss + ELF_MIN_ALIGN - 1); /* What we have mapped so far */
/* Map the last of the bss segment */
if (last_bss > elf_bss) {
error = win32_do_mmap_pgoff(tsk, NULL, elf_bss, last_bss - elf_bss,
PROT_READ | PROT_WRITE, MAP_FIXED | MAP_ANONYMOUS | MAP_PRIVATE, 0);
if (error > (unsigned long)TASK_SIZE)
goto out_close;
}
error = ((unsigned long) interp_elf_ex->e_entry) + load_addr;
out_close:
kfree(elf_phdata);
out:
return error;
} /* end load_elf_interp */
static int load_elf_binary(struct linux_binprm *bprm)
{
struct pt_regs regs;
int interpreter_fd = -1;
unsigned long load_addr = 0, load_bias;
int load_addr_set = 0;
char * elf_interpreter = NULL;
unsigned int interpreter_type = INTERPRETER_NONE;
unsigned long error;
struct elf_phdr * elf_ppnt, *elf_phdata;
unsigned long elf_bss, k, elf_brk;
int elf_exec_fileno;
int retval, size, i;
unsigned long elf_entry, interp_load_addr = 0;
unsigned long start_code, end_code, end_data;
struct elfhdr elf_ex;
struct elfhdr interp_elf_ex;
struct exec interp_ex;
char passed_fileno[6];
/* Get the exec-header */
elf_ex = *((struct elfhdr *) bprm->buf);
my_print("[debug]here to run elf\n");
retval = -ENOEXEC;
/* First of all, some simple consistency checks */
if (elf_ex.e_ident[0] != 0x7f ||
strncmp(&elf_ex.e_ident[1], "ELF", 3) != 0)
goto out;
//my_print("[ender]1\n");
if (elf_ex.e_type != ET_EXEC && elf_ex.e_type != ET_DYN)
goto out;
if (!elf_check_arch(elf_ex.e_machine))
goto out;
//my_print("[ender]2\n");
/* Now read in all of the header information */
if (elf_ex.e_phentsize != sizeof(struct elf_phdr) ||
elf_ex.e_phnum < 1 ||
elf_ex.e_phnum > 65536 / sizeof(struct elf_phdr))
goto out;
// my_print("[ender]3\n");
retval = -ENOMEM;
size = elf_ex.e_phentsize * elf_ex.e_phnum;
elf_phdata = (struct elf_phdr *) malloc(size);
if (!elf_phdata)
goto out;
retval = read_exec(bprm->fd, elf_ex.e_phoff, (char *) elf_phdata, size, 1);
if (retval < 0)
goto out_free_ph;
//my_print("[ender]4\n");
elf_exec_fileno = dup(bprm->fd);
lseek(elf_exec_fileno, 0, SEEK_SET);
elf_ppnt = elf_phdata;
elf_bss = 0;
elf_brk = 0;
start_code = ~0UL;
end_code = 0;
end_data = 0;
/* look for interpreter */
for (i = 0; i < elf_ex.e_phnum; i++) {
if (elf_ppnt->p_type == PT_INTERP) {
retval = -ENOEXEC;
if (elf_interpreter ||
elf_ppnt->p_filesz < 2 ||
elf_ppnt->p_filesz > PAGE_SIZE)
goto out_free_dentry;
/* This is the program interpreter used for
* shared libraries - for now assume that this
* is an a.out format binary
*/
retval = -ENOMEM;
elf_interpreter = (char *)malloc(elf_ppnt->p_filesz);
if (!elf_interpreter)
goto out_free_file;
retval = read_exec(bprm->fd, elf_ppnt->p_offset,
elf_interpreter, elf_ppnt->p_filesz, 1);
if (retval < 0)
goto out_free_interp;
elf_interpreter[elf_ppnt->p_filesz - 1] = 0;
#if 0
/* If the program interpreter is one of these two,
* then assume an iBCS2 image. Otherwise assume
* a native linux image.
*/
if (strcmp(elf_interpreter,"/usr/lib/libc.so.1") == 0 ||
strcmp(elf_interpreter,"/usr/lib/ld.so.1") == 0)
ibcs2_interpreter = 1;
#endif
log_debug(LOG_LINEXEC_EXEC, "Using ELF interpreter: %s", elf_interpreter);
if( elf_interpreter[0] == '/'){
char tmp [MAX_PATH];
change_path_to_relative(tmp, elf_interpreter);
free(elf_interpreter);
//elf_interpreter = (char *)malloc(elf_ppnt->p_filesz);
elf_interpreter = (char *)malloc(strlen(tmp)+1);
if (!elf_interpreter)
goto out_free_file;
strcpy(elf_interpreter, tmp);
}
interpreter_fd = open(elf_interpreter, O_RDONLY);
my_print("[debug]open elf_interpreter %s\n", elf_interpreter);
if (interpreter_fd < 0) {
retval = -errno;
goto out_free_interp;
}
#if 0
retval = permission(interpreter_dentry->d_inode, MAY_EXEC);
if (retval < 0)
goto out_free_dentry;
#endif
retval = read_exec(interpreter_fd, 0, bprm->buf, 128, 1);
if (retval < 0)
goto out_free_dentry;
/* Get the exec headers */
interp_ex = *((struct exec *) bprm->buf);
interp_elf_ex = *((struct elfhdr *) bprm->buf);
}
elf_ppnt++;
//my_print("[ender]6\n");
}
/* Some simple consistency checks for the interpreter */
if (elf_interpreter) {
interpreter_type = INTERPRETER_ELF | INTERPRETER_AOUT;
/* Now figure out which format our binary is */
if ((N_MAGIC(interp_ex) != OMAGIC) &&
(N_MAGIC(interp_ex) != ZMAGIC) &&
(N_MAGIC(interp_ex) != QMAGIC))
interpreter_type = INTERPRETER_ELF;
if (interp_elf_ex.e_ident[0] != 0x7f ||
strncmp(&interp_elf_ex.e_ident[1], "ELF", 3) != 0)
interpreter_type &= ~INTERPRETER_ELF;
retval = -ELIBBAD;
if (!interpreter_type)
goto out_free_dentry;
/* Make sure only one type was selected */
if ((interpreter_type & INTERPRETER_ELF) &&
interpreter_type != INTERPRETER_ELF) {
printf("ELF: Ambiguous type, using ELF\n");
interpreter_type = INTERPRETER_ELF;
}
}
//my_print("[ender]7\n");
/* OK, we are done with that, now set up the arg stuff,
and then start this sucker up */
if (!bprm->sh_bang) {
char * passed_p;
if (interpreter_type == INTERPRETER_AOUT) {
sprintf(passed_fileno, "%d", elf_exec_fileno);
passed_p = passed_fileno;
if (elf_interpreter) {
bprm->p = copy_strings(1,&passed_p,bprm->page,bprm->p);
bprm->argc++;
}
}
retval = -E2BIG;
if (!bprm->p)
goto out_free_dentry;
}
#if 0
/* Flush all traces of the currently running executable */
retval = flush_old_exec(bprm);
if (retval)
goto out_free_dentry;
#endif
/* OK, This is the point of no return */
current->end_data = 0;
current->end_code = 0;
#if 0
current->mm->mmap = NULL;
current->flags &= ~PF_FORKNOEXEC;
#endif
elf_entry = (unsigned long) elf_ex.e_entry;
//printf("[ender]8\n");
#if 0
/* Do this immediately, since STACK_TOP as used in setup_arg_pages
may depend on the personality. */
SET_PERSONALITY(elf_ex, ibcs2_interpreter);
#endif
/* Do this so that we can load the interpreter, if need be. We will
change some of these later */
// current->mm->rss = 0;
bprm->p = setup_arg_pages(bprm->p, bprm);
current->start_stack = bprm->p;
/* Try and get dynamic programs out of the way of the default mmap
base, as well as whatever program they might try to exec. This
is because the brk will follow the loader, and is not movable. */
load_bias = ELF_PAGESTART(elf_ex.e_type==ET_DYN ? ELF_ET_DYN_BASE : 0);
#ifdef __VERBOSE__
printf("load_bias: %08lX\n", load_bias);
#endif
/* Now we do a little grungy work by mmaping the ELF image into
the correct location in memory. At this point, we assume that
the image should be loaded at fixed address, not at a variable
address. */
for(i = 0, elf_ppnt = elf_phdata; i < elf_ex.e_phnum; i++, elf_ppnt++) {
int elf_prot = 0, elf_flags;
unsigned long vaddr;
if (elf_ppnt->p_type != PT_LOAD)
continue;
if (elf_ppnt->p_flags & PF_R) elf_prot |= PROT_READ;
if (elf_ppnt->p_flags & PF_W) elf_prot |= PROT_WRITE;
if (elf_ppnt->p_flags & PF_X) elf_prot |= PROT_EXEC;
elf_flags = MAP_PRIVATE; // |MAP_DENYWRITE|MAP_EXECUTABLE;
vaddr = elf_ppnt->p_vaddr;
if (elf_ex.e_type == ET_EXEC || load_addr_set) {
elf_flags |= MAP_FIXED;
}
//my_print("[ender]9\n");
#ifdef __VERBOSE__
printf("mapping: %08lX\n", ELF_PAGESTART(load_bias + vaddr));
#endif
error = do_mmap(bprm->fd, ELF_PAGESTART(load_bias + vaddr),
(elf_ppnt->p_filesz + ELF_PAGEOFFSET(elf_ppnt->p_vaddr)),
elf_prot, elf_flags,
(elf_ppnt->p_offset - ELF_PAGEOFFSET(elf_ppnt->p_vaddr)));
#ifdef __VERBOSE__
printf("error: %08lX\n", error);
#endif
if (!load_addr_set) {
load_addr_set = 1;
load_addr = (elf_ppnt->p_vaddr - elf_ppnt->p_offset);
#ifdef __VERBOSE__
printf("load_addr: %08lX, vaddr: %08lX\n", load_addr, vaddr);
#endif
if (elf_ex.e_type == ET_DYN) {
load_bias += error - ELF_PAGESTART(load_bias + vaddr);
load_addr += error;
#ifdef __VERBOSE__
printf("new\nload_bias: %08lX, load_addr: %08lX\n", load_bias, load_addr);
#endif
}
}
k = elf_ppnt->p_vaddr;
if (k < start_code) start_code = k;
k = elf_ppnt->p_vaddr + elf_ppnt->p_filesz;
if (k > elf_bss)
elf_bss = k;
if ((elf_ppnt->p_flags & PF_X) && end_code < k)
end_code = k;
if (end_data < k)
end_data = k;
k = elf_ppnt->p_vaddr + elf_ppnt->p_memsz;
if (k > elf_brk)
elf_brk = k;
}
close(bprm->fd);
elf_entry += load_bias;
elf_bss += load_bias;
elf_brk += load_bias;
start_code += load_bias;
end_code += load_bias;
end_data += load_bias;
if (elf_interpreter) {
if (interpreter_type == INTERPRETER_AOUT) {
elf_entry = load_aout_interp(&interp_ex, interpreter_fd);
} else {
elf_entry = load_elf_interp(&interp_elf_ex, interpreter_fd,
&interp_load_addr);
}
close(interpreter_fd);
if (elf_entry == ~0UL) {
printf("Unable to load interpreter %.128s\n", elf_interpreter);
free(elf_interpreter);
free(elf_phdata);
//send_sig(SIGSEGV, current, 0);
exit(1);
return 0;
}
free(elf_interpreter);
}
free(elf_phdata);
if (interpreter_type != INTERPRETER_AOUT)
close(elf_exec_fileno);
#if 0
#ifndef VM_STACK_FLAGS
current->executable = dget(bprm->dentry);
#endif
#endif
bprm->p = (unsigned long)create_elf_tables((char *)bprm->p,
bprm->argc, bprm->envc,
(interpreter_type == INTERPRETER_ELF ? &elf_ex : NULL),
load_addr, load_bias, interp_load_addr,
(interpreter_type == INTERPRETER_AOUT ? 0 : 1));
#if 0
/* N.B. passed_fileno might not be initialized? */
if (interpreter_type == INTERPRETER_AOUT)
current->arg_start += strlen(passed_fileno) + 1;
#endif
current->start_brk = current->brk = elf_brk;
current->end_code = end_code;
current->start_code = start_code;
current->end_data = end_data;
current->start_stack = bprm->p;
/* Calling set_brk effectively mmaps the pages that we need
* for the bss and break sections
*/
set_brk(elf_bss, elf_brk);
padzero(elf_bss);
log_debug(LOG_LINEXEC_EXEC,"start_brk: %lx" , current->start_brk);
log_debug(LOG_LINEXEC_EXEC,"end_code: %lx" , current->end_code);
log_debug(LOG_LINEXEC_EXEC,"start_code: %lx" , current->start_code);
log_debug(LOG_LINEXEC_EXEC,"end_data: %lx" , current->end_data);
log_debug(LOG_LINEXEC_EXEC,"start_stack: %lx" , current->start_stack);
log_debug(LOG_LINEXEC_EXEC,"brk: %lx" , current->brk);
/*
* The ABI may specify that certain registers be set up in special
* ways (on i386 %edx is the address of a DT_FINI function, for
* example. This macro performs whatever initialization to
* the regs structure is required.
*/
ELF_PLAT_INIT((®s));
regs.eip = elf_entry;
regs.esp = bprm->p;
#if 0
if (current->flags & PF_PTRACED)
send_sig(SIGTRAP, current, 0);
#endif
#ifndef __DEBUG__
// dumpMemoryMap();
log_verbose(LOG_LINEXEC_EXEC, "[transfering control to Linux executable]");
//getchar();
//printf("[ender]11\n");
ASM_EXEC_JUMP(regs);
printf("You should never see this message!\n");
#else
printf("execve() finished, but in debug mode. exiting...\n");
#endif
retval = 0;
out:
return retval;
/* error cleanup */
out_free_dentry:
close(interpreter_fd);
out_free_interp:
if (elf_interpreter) {
free(elf_interpreter);
}
out_free_file:
close(elf_exec_fileno);
out_free_ph:
free(elf_phdata);
goto out;
}
static unsigned long load_elf_interp(struct elfhdr * interp_elf_ex,
struct file * interpreter,
unsigned long *interp_load_addr)
{
struct elf_phdr *elf_phdata;
struct elf_phdr *eppnt;
unsigned long load_addr = 0;
int load_addr_set = 0;
unsigned long last_bss = 0, elf_bss = 0;
unsigned long error = ~0UL;
int retval, i, size;
/* First of all, some simple consistency checks */
if (interp_elf_ex->e_type != ET_EXEC &&
interp_elf_ex->e_type != ET_DYN)
goto out;
if (!elf_check_arch(interp_elf_ex))
goto out;
if (!interpreter->f_op || !interpreter->f_op->mmap)
goto out;
/*
* If the size of this structure has changed, then punt, since
* we will be doing the wrong thing.
*/
if (interp_elf_ex->e_phentsize != sizeof(struct elf_phdr))
goto out;
if (interp_elf_ex->e_phnum > 65536U / sizeof(struct elf_phdr))
goto out;
/* Now read in all of the header information */
size = sizeof(struct elf_phdr) * interp_elf_ex->e_phnum;
if (size > ELF_MIN_ALIGN)
goto out;
elf_phdata = (struct elf_phdr *) kmalloc(size, GFP_KERNEL);
if (!elf_phdata)
goto out;
retval = kernel_read(interpreter,interp_elf_ex->e_phoff,(char *)elf_phdata,size);
error = retval;
if (retval < 0)
goto out_close;
eppnt = elf_phdata;
for (i=0; i<interp_elf_ex->e_phnum; i++, eppnt++) {
if (eppnt->p_type == PT_LOAD) {
int elf_type = MAP_PRIVATE | MAP_DENYWRITE;
int elf_prot = 0;
unsigned long vaddr = 0;
unsigned long k, map_addr;
if (eppnt->p_flags & PF_R) elf_prot = PROT_READ;
if (eppnt->p_flags & PF_W) elf_prot |= PROT_WRITE;
if (eppnt->p_flags & PF_X) elf_prot |= PROT_EXEC;
vaddr = eppnt->p_vaddr;
if (interp_elf_ex->e_type == ET_EXEC || load_addr_set)
elf_type |= MAP_FIXED;
map_addr = elf_map(interpreter, load_addr + vaddr, eppnt, elf_prot, elf_type);
if (BAD_ADDR(map_addr))
goto out_close;
if (!load_addr_set && interp_elf_ex->e_type == ET_DYN) {
load_addr = map_addr - ELF_PAGESTART(vaddr);
load_addr_set = 1;
}
/*
* Find the end of the file mapping for this phdr, and keep
* track of the largest address we see for this.
*/
k = load_addr + eppnt->p_vaddr + eppnt->p_filesz;
if (k > elf_bss)
elf_bss = k;
/*
* Do the same thing for the memory mapping - between
* elf_bss and last_bss is the bss section.
*/
k = load_addr + eppnt->p_memsz + eppnt->p_vaddr;
if (k > last_bss)
last_bss = k;
}
}
/* Now use mmap to map the library into memory. */
/*
* Now fill out the bss section. First pad the last page up
* to the page boundary, and then perform a mmap to make sure
* that there are zero-mapped pages up to and including the
* last bss page.
*/
padzero(elf_bss);
elf_bss = ELF_PAGESTART(elf_bss + ELF_MIN_ALIGN - 1); /* What we have mapped so far */
/* Map the last of the bss segment */
if (last_bss > elf_bss)
do_brk(elf_bss, last_bss - elf_bss);
*interp_load_addr = load_addr;
error = ((unsigned long) interp_elf_ex->e_entry) + load_addr;
out_close:
kfree(elf_phdata);
out:
return error;
}
static int load_elf_binary(struct linux_binprm * bprm, struct pt_regs * regs)
{
struct file *interpreter = NULL; /* to shut gcc up */
unsigned long load_addr = 0, load_bias = 0;
int load_addr_set = 0;
char * elf_interpreter = NULL;
unsigned int interpreter_type = INTERPRETER_NONE;
unsigned char ibcs2_interpreter = 0;
unsigned long error;
struct elf_phdr * elf_ppnt, *elf_phdata;
unsigned long elf_bss, k, elf_brk;
int elf_exec_fileno;
int retval, i;
unsigned int size;
unsigned long elf_entry, interp_load_addr = 0;
unsigned long start_code, end_code, start_data, end_data;
unsigned long reloc_func_desc = 0;
struct elfhdr elf_ex;
struct elfhdr interp_elf_ex;
struct exec interp_ex;
char passed_fileno[6];
struct files_struct *files;
/* Get the exec-header */
elf_ex = *((struct elfhdr *) bprm->buf);
retval = -ENOEXEC;
/* First of all, some simple consistency checks */
if (memcmp(elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
goto out;
if (elf_ex.e_type != ET_EXEC && elf_ex.e_type != ET_DYN)
goto out;
if (!elf_check_arch(&elf_ex))
goto out;
if (!bprm->file->f_op||!bprm->file->f_op->mmap)
goto out;
/* Now read in all of the header information */
if (elf_ex.e_phentsize != sizeof(struct elf_phdr))
goto out;
if (elf_ex.e_phnum < 1 ||
elf_ex.e_phnum > 65536U / sizeof(struct elf_phdr))
goto out;
size = elf_ex.e_phnum * sizeof(struct elf_phdr);
retval = -ENOMEM;
elf_phdata = (struct elf_phdr *) kmalloc(size, GFP_KERNEL);
if (!elf_phdata)
goto out;
retval = kernel_read(bprm->file, elf_ex.e_phoff, (char *) elf_phdata, size);
if (retval != size) {
if (retval >= 0)
retval = -EIO;
goto out_free_ph;
}
files = current->files; /* Refcounted so ok */
retval = unshare_files();
if (retval < 0)
goto out_free_ph;
if (files == current->files) {
put_files_struct(files);
files = NULL;
}
/* exec will make our files private anyway, but for the a.out
loader stuff we need to do it earlier */
retval = get_unused_fd();
if (retval < 0)
goto out_free_fh;
get_file(bprm->file);
fd_install(elf_exec_fileno = retval, bprm->file);
elf_ppnt = elf_phdata;
elf_bss = 0;
elf_brk = 0;
start_code = ~0UL;
end_code = 0;
start_data = 0;
end_data = 0;
for (i = 0; i < elf_ex.e_phnum; i++) {
if (elf_ppnt->p_type == PT_INTERP) {
/* This is the program interpreter used for
* shared libraries - for now assume that this
* is an a.out format binary
*/
retval = -ENOEXEC;
if (elf_ppnt->p_filesz > PATH_MAX ||
elf_ppnt->p_filesz < 2)
goto out_free_file;
retval = -ENOMEM;
elf_interpreter = (char *) kmalloc(elf_ppnt->p_filesz,
GFP_KERNEL);
if (!elf_interpreter)
goto out_free_file;
retval = kernel_read(bprm->file, elf_ppnt->p_offset,
elf_interpreter,
elf_ppnt->p_filesz);
if (retval != elf_ppnt->p_filesz) {
if (retval >= 0)
retval = -EIO;
goto out_free_interp;
}
/* make sure path is NULL terminated */
retval = -ENOEXEC;
if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0')
goto out_free_interp;
/* If the program interpreter is one of these two,
* then assume an iBCS2 image. Otherwise assume
* a native linux image.
*/
if (strcmp(elf_interpreter,"/usr/lib/libc.so.1") == 0 ||
strcmp(elf_interpreter,"/usr/lib/ld.so.1") == 0)
ibcs2_interpreter = 1;
#if 0
printk("Using ELF interpreter %s\n", elf_interpreter);
#endif
SET_PERSONALITY(elf_ex, ibcs2_interpreter);
interpreter = open_exec(elf_interpreter);
retval = PTR_ERR(interpreter);
if (IS_ERR(interpreter))
goto out_free_interp;
retval = kernel_read(interpreter, 0, bprm->buf, BINPRM_BUF_SIZE);
if (retval != BINPRM_BUF_SIZE) {
if (retval >= 0)
retval = -EIO;
goto out_free_dentry;
}
/* Get the exec headers */
interp_ex = *((struct exec *) bprm->buf);
interp_elf_ex = *((struct elfhdr *) bprm->buf);
break;
}
elf_ppnt++;
}
/* Some simple consistency checks for the interpreter */
if (elf_interpreter) {
interpreter_type = INTERPRETER_ELF | INTERPRETER_AOUT;
/* Now figure out which format our binary is */
if ((N_MAGIC(interp_ex) != OMAGIC) &&
(N_MAGIC(interp_ex) != ZMAGIC) &&
(N_MAGIC(interp_ex) != QMAGIC))
interpreter_type = INTERPRETER_ELF;
if (memcmp(interp_elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
interpreter_type &= ~INTERPRETER_ELF;
retval = -ELIBBAD;
if (!interpreter_type)
goto out_free_dentry;
/* Make sure only one type was selected */
if ((interpreter_type & INTERPRETER_ELF) &&
interpreter_type != INTERPRETER_ELF) {
// FIXME - ratelimit this before re-enabling
// printk(KERN_WARNING "ELF: Ambiguous type, using ELF\n");
interpreter_type = INTERPRETER_ELF;
}
/* Verify the interpreter has a valid arch */
if ((interpreter_type == INTERPRETER_ELF) &&
!elf_check_arch(&interp_elf_ex))
goto out_free_dentry;
} else {
/* Executables without an interpreter also need a personality */
SET_PERSONALITY(elf_ex, ibcs2_interpreter);
}
/* OK, we are done with that, now set up the arg stuff,
and then start this sucker up */
if (!bprm->sh_bang) {
char * passed_p;
if (interpreter_type == INTERPRETER_AOUT) {
sprintf(passed_fileno, "%d", elf_exec_fileno);
passed_p = passed_fileno;
if (elf_interpreter) {
retval = copy_strings_kernel(1,&passed_p,bprm);
if (retval)
goto out_free_dentry;
bprm->argc++;
}
}
} else {
/* Executables without an interpreter also need a personality */
SET_PERSONALITY(elf_ex, ibcs2_interpreter);
}
/* Flush all traces of the currently running executable */
retval = flush_old_exec(bprm);
if (retval)
goto out_free_dentry;
/* Discard our unneeded old files struct */
if (files) {
steal_locks(files);
put_files_struct(files);
files = NULL;
}
/* OK, This is the point of no return */
current->mm->start_data = 0;
current->mm->end_data = 0;
current->mm->end_code = 0;
current->mm->mmap = NULL;
current->flags &= ~PF_FORKNOEXEC;
elf_entry = (unsigned long) elf_ex.e_entry;
/* Do this so that we can load the interpreter, if need be. We will
change some of these later */
current->mm->rss = 0;
retval = setup_arg_pages(bprm);
if (retval < 0) {
send_sig(SIGKILL, current, 0);
return retval;
}
current->mm->start_stack = bprm->p;
/* Now we do a little grungy work by mmaping the ELF image into
the correct location in memory. At this point, we assume that
the image should be loaded at fixed address, not at a variable
address. */
for(i = 0, elf_ppnt = elf_phdata; i < elf_ex.e_phnum; i++, elf_ppnt++) {
int elf_prot = 0, elf_flags;
unsigned long vaddr;
if (elf_ppnt->p_type != PT_LOAD)
continue;
if (unlikely (elf_brk > elf_bss)) {
unsigned long nbyte;
/* There was a PT_LOAD segment with p_memsz > p_filesz
before this one. Map anonymous pages, if needed,
and clear the area. */
retval = set_brk (elf_bss + load_bias,
elf_brk + load_bias);
if (retval) {
send_sig(SIGKILL, current, 0);
goto out_free_dentry;
}
nbyte = ELF_PAGEOFFSET(elf_bss);
if (nbyte) {
nbyte = ELF_MIN_ALIGN - nbyte;
if (nbyte > elf_brk - elf_bss)
nbyte = elf_brk - elf_bss;
clear_user((void *) elf_bss + load_bias, nbyte);
}
}
if (elf_ppnt->p_flags & PF_R) elf_prot |= PROT_READ;
if (elf_ppnt->p_flags & PF_W) elf_prot |= PROT_WRITE;
if (elf_ppnt->p_flags & PF_X) elf_prot |= PROT_EXEC;
elf_flags = MAP_PRIVATE|MAP_DENYWRITE|MAP_EXECUTABLE;
vaddr = elf_ppnt->p_vaddr;
if (elf_ex.e_type == ET_EXEC || load_addr_set) {
elf_flags |= MAP_FIXED;
} else if (elf_ex.e_type == ET_DYN) {
/* Try and get dynamic programs out of the way of the default mmap
base, as well as whatever program they might try to exec. This
is because the brk will follow the loader, and is not movable. */
load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
}
error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, elf_prot, elf_flags);
if (BAD_ADDR(error)) {
send_sig(SIGKILL, current, 0);
goto out_free_dentry;
}
if (!load_addr_set) {
load_addr_set = 1;
load_addr = (elf_ppnt->p_vaddr - elf_ppnt->p_offset);
if (elf_ex.e_type == ET_DYN) {
load_bias += error -
ELF_PAGESTART(load_bias + vaddr);
load_addr += load_bias;
reloc_func_desc = load_addr;
}
}
k = elf_ppnt->p_vaddr;
if (k < start_code) start_code = k;
if (start_data < k) start_data = k;
/*
* Check to see if the section's size will overflow the
* allowed task size. Note that p_filesz must always be
* <= p_memsz so it is only necessary to check p_memsz.
*/
if (k > TASK_SIZE || elf_ppnt->p_filesz > elf_ppnt->p_memsz ||
elf_ppnt->p_memsz > TASK_SIZE ||
TASK_SIZE - elf_ppnt->p_memsz < k) {
/* set_brk can never work. Avoid overflows. */
send_sig(SIGKILL, current, 0);
goto out_free_dentry;
}
k = elf_ppnt->p_vaddr + elf_ppnt->p_filesz;
if (k > elf_bss)
elf_bss = k;
if ((elf_ppnt->p_flags & PF_X) && end_code < k)
end_code = k;
if (end_data < k)
end_data = k;
k = elf_ppnt->p_vaddr + elf_ppnt->p_memsz;
if (k > elf_brk)
elf_brk = k;
}
elf_entry += load_bias;
elf_bss += load_bias;
elf_brk += load_bias;
start_code += load_bias;
end_code += load_bias;
start_data += load_bias;
end_data += load_bias;
/* Calling set_brk effectively mmaps the pages that we need
* for the bss and break sections. We must do this before
* mapping in the interpreter, to make sure it doesn't wind
* up getting placed where the bss needs to go.
*/
retval = set_brk(elf_bss, elf_brk);
if (retval) {
send_sig(SIGKILL, current, 0);
goto out_free_dentry;
}
padzero(elf_bss);
if (elf_interpreter) {
if (interpreter_type == INTERPRETER_AOUT)
elf_entry = load_aout_interp(&interp_ex,
interpreter);
else
elf_entry = load_elf_interp(&interp_elf_ex,
interpreter,
&interp_load_addr);
if (BAD_ADDR(elf_entry)) {
printk(KERN_ERR "Unable to load interpreter %.128s\n",
elf_interpreter);
force_sig(SIGSEGV, current);
retval = -ENOEXEC; /* Nobody gets to see this, but.. */
goto out_free_dentry;
}
reloc_func_desc = interp_load_addr;
allow_write_access(interpreter);
fput(interpreter);
kfree(elf_interpreter);
}
kfree(elf_phdata);
if (interpreter_type != INTERPRETER_AOUT)
sys_close(elf_exec_fileno);
set_binfmt(&elf_format);
compute_creds(bprm);
current->flags &= ~PF_FORKNOEXEC;
bprm->p = (unsigned long)
create_elf_tables((char *)bprm->p,
bprm->argc,
bprm->envc,
&elf_ex,
load_addr, load_bias,
interp_load_addr,
(interpreter_type == INTERPRETER_AOUT ? 0 : 1));
/* N.B. passed_fileno might not be initialized? */
if (interpreter_type == INTERPRETER_AOUT)
current->mm->arg_start += strlen(passed_fileno) + 1;
current->mm->start_brk = current->mm->brk = elf_brk;
current->mm->end_code = end_code;
current->mm->start_code = start_code;
current->mm->start_data = start_data;
current->mm->end_data = end_data;
current->mm->start_stack = bprm->p;
#if 0
printk("(start_brk) %lx\n" , (long) current->mm->start_brk);
printk("(end_code) %lx\n" , (long) current->mm->end_code);
printk("(start_code) %lx\n" , (long) current->mm->start_code);
printk("(start_data) %lx\n" , (long) current->mm->start_data);
printk("(end_data) %lx\n" , (long) current->mm->end_data);
printk("(start_stack) %lx\n" , (long) current->mm->start_stack);
printk("(brk) %lx\n" , (long) current->mm->brk);
#endif
if (current->personality & MMAP_PAGE_ZERO) {
/* Why this, you ask??? Well SVr4 maps page 0 as read-only,
and some applications "depend" upon this behavior.
Since we do not have the power to recompile these, we
emulate the SVr4 behavior. Sigh. */
/* N.B. Shouldn't the size here be PAGE_SIZE?? */
down_write(¤t->mm->mmap_sem);
error = do_mmap(NULL, 0, 4096, PROT_READ | PROT_EXEC,
MAP_FIXED | MAP_PRIVATE, 0);
up_write(¤t->mm->mmap_sem);
}
#ifdef ELF_PLAT_INIT
/*
* The ABI may specify that certain registers be set up in special
* ways (on i386 %edx is the address of a DT_FINI function, for
* example. In addition, it may also specify (eg, PowerPC64 ELF)
* that the e_entry field is the address of the function descriptor
* for the startup routine, rather than the address of the startup
* routine itself. This macro performs whatever initialization to
* the regs structure is required as well as any relocations to the
* function descriptor entries when executing dynamically linked apps.
*/
ELF_PLAT_INIT(regs, reloc_func_desc);
#endif
start_thread(regs, elf_entry, bprm->p);
if (current->ptrace & PT_PTRACED)
send_sig(SIGTRAP, current, 0);
retval = 0;
out:
return retval;
/* error cleanup */
out_free_dentry:
allow_write_access(interpreter);
if (interpreter)
fput(interpreter);
out_free_interp:
if (elf_interpreter)
kfree(elf_interpreter);
out_free_file:
sys_close(elf_exec_fileno);
out_free_fh:
if (files) {
put_files_struct(current->files);
current->files = files;
}
out_free_ph:
kfree(elf_phdata);
goto out;
}
int load_elf_binary(struct linux_binprm * bprm, struct target_pt_regs * regs,
struct image_info * info)
{
struct elfhdr elf_ex;
struct elfhdr interp_elf_ex;
struct exec interp_ex;
int interpreter_fd = -1; /* avoid warning */
abi_ulong load_addr, load_bias;
int load_addr_set = 0;
unsigned int interpreter_type = INTERPRETER_NONE;
unsigned char ibcs2_interpreter;
int i;
abi_ulong mapped_addr;
struct elf_phdr * elf_ppnt;
struct elf_phdr *elf_phdata;
abi_ulong elf_bss, k, elf_brk;
int retval;
char * elf_interpreter;
abi_ulong elf_entry, interp_load_addr = 0;
int status;
abi_ulong start_code, end_code, start_data, end_data;
abi_ulong reloc_func_desc = 0;
abi_ulong elf_stack;
char passed_fileno[6];
ibcs2_interpreter = 0;
status = 0;
load_addr = 0;
load_bias = 0;
elf_ex = *((struct elfhdr *) bprm->buf); /* exec-header */
#ifdef BSWAP_NEEDED
bswap_ehdr(&elf_ex);
#endif
/* First of all, some simple consistency checks */
if ((elf_ex.e_type != ET_EXEC && elf_ex.e_type != ET_DYN) ||
(! elf_check_arch(elf_ex.e_machine))) {
return -ENOEXEC;
}
bprm->p = copy_elf_strings(1, &bprm->filename, bprm->page, bprm->p);
bprm->p = copy_elf_strings(bprm->envc,bprm->envp,bprm->page,bprm->p);
bprm->p = copy_elf_strings(bprm->argc,bprm->argv,bprm->page,bprm->p);
if (!bprm->p) {
retval = -E2BIG;
}
/* Now read in all of the header information */
elf_phdata = (struct elf_phdr *)malloc(elf_ex.e_phentsize*elf_ex.e_phnum);
if (elf_phdata == NULL) {
return -ENOMEM;
}
retval = lseek(bprm->fd, elf_ex.e_phoff, SEEK_SET);
if(retval > 0) {
retval = read(bprm->fd, (char *) elf_phdata,
elf_ex.e_phentsize * elf_ex.e_phnum);
}
if (retval < 0) {
perror("load_elf_binary");
exit(-1);
free (elf_phdata);
return -errno;
}
#ifdef BSWAP_NEEDED
elf_ppnt = elf_phdata;
for (i=0; i<elf_ex.e_phnum; i++, elf_ppnt++) {
bswap_phdr(elf_ppnt);
}
#endif
elf_ppnt = elf_phdata;
elf_bss = 0;
elf_brk = 0;
elf_stack = ~((abi_ulong)0UL);
elf_interpreter = NULL;
start_code = ~((abi_ulong)0UL);
end_code = 0;
start_data = 0;
end_data = 0;
interp_ex.a_info = 0;
for(i=0;i < elf_ex.e_phnum; i++) {
if (elf_ppnt->p_type == PT_INTERP) {
if ( elf_interpreter != NULL )
{
free (elf_phdata);
free(elf_interpreter);
close(bprm->fd);
return -EINVAL;
}
/* This is the program interpreter used for
* shared libraries - for now assume that this
* is an a.out format binary
*/
elf_interpreter = (char *)malloc(elf_ppnt->p_filesz);
if (elf_interpreter == NULL) {
free (elf_phdata);
close(bprm->fd);
return -ENOMEM;
}
retval = lseek(bprm->fd, elf_ppnt->p_offset, SEEK_SET);
if(retval >= 0) {
retval = read(bprm->fd, elf_interpreter, elf_ppnt->p_filesz);
}
if(retval < 0) {
perror("load_elf_binary2");
exit(-1);
}
/* If the program interpreter is one of these two,
then assume an iBCS2 image. Otherwise assume
a native linux image. */
/* JRP - Need to add X86 lib dir stuff here... */
if (strcmp(elf_interpreter,"/usr/lib/libc.so.1") == 0 ||
strcmp(elf_interpreter,"/usr/lib/ld.so.1") == 0) {
ibcs2_interpreter = 1;
}
#if 0
printf("Using ELF interpreter %s\n", elf_interpreter);
#endif
if (retval >= 0) {
retval = open(path(elf_interpreter), O_RDONLY);
if(retval >= 0) {
interpreter_fd = retval;
}
else {
perror(elf_interpreter);
exit(-1);
/* retval = -errno; */
}
}
if (retval >= 0) {
retval = lseek(interpreter_fd, 0, SEEK_SET);
if(retval >= 0) {
retval = read(interpreter_fd,bprm->buf,128);
}
}
if (retval >= 0) {
interp_ex = *((struct exec *) bprm->buf); /* aout exec-header */
interp_elf_ex=*((struct elfhdr *) bprm->buf); /* elf exec-header */
}
if (retval < 0) {
perror("load_elf_binary3");
exit(-1);
free (elf_phdata);
free(elf_interpreter);
close(bprm->fd);
return retval;
}
}
elf_ppnt++;
}
/* Some simple consistency checks for the interpreter */
if (elf_interpreter){
interpreter_type = INTERPRETER_ELF | INTERPRETER_AOUT;
/* Now figure out which format our binary is */
if ((N_MAGIC(interp_ex) != OMAGIC) && (N_MAGIC(interp_ex) != ZMAGIC) &&
(N_MAGIC(interp_ex) != QMAGIC)) {
interpreter_type = INTERPRETER_ELF;
}
if (interp_elf_ex.e_ident[0] != 0x7f ||
strncmp((char *)&interp_elf_ex.e_ident[1], "ELF",3) != 0) {
interpreter_type &= ~INTERPRETER_ELF;
}
if (!interpreter_type) {
free(elf_interpreter);
free(elf_phdata);
close(bprm->fd);
return -ELIBBAD;
}
}
/* OK, we are done with that, now set up the arg stuff,
and then start this sucker up */
{
char * passed_p;
if (interpreter_type == INTERPRETER_AOUT) {
snprintf(passed_fileno, sizeof(passed_fileno), "%d", bprm->fd);
passed_p = passed_fileno;
if (elf_interpreter) {
bprm->p = copy_elf_strings(1,&passed_p,bprm->page,bprm->p);
bprm->argc++;
}
}
if (!bprm->p) {
if (elf_interpreter) {
free(elf_interpreter);
}
free (elf_phdata);
close(bprm->fd);
return -E2BIG;
}
}
/* OK, This is the point of no return */
info->end_data = 0;
info->end_code = 0;
info->start_mmap = (abi_ulong)ELF_START_MMAP;
info->mmap = 0;
info->elf_flags = elf_ex.e_flags;
elf_entry = (abi_ulong) elf_ex.e_entry;
/* Do this so that we can load the interpreter, if need be. We will
change some of these later */
info->rss = 0;
bprm->p = setup_arg_pages(bprm->p, bprm, info);
info->start_stack = bprm->p;
/* Now we do a little grungy work by mmaping the ELF image into
* the correct location in memory. At this point, we assume that
* the image should be loaded at fixed address, not at a variable
* address.
*/
for(i = 0, elf_ppnt = elf_phdata; i < elf_ex.e_phnum; i++, elf_ppnt++) {
int elf_prot = 0;
int elf_flags = 0;
abi_ulong error;
if (elf_ppnt->p_type != PT_LOAD)
continue;
if (elf_ppnt->p_flags & PF_R) elf_prot |= PROT_READ;
if (elf_ppnt->p_flags & PF_W) elf_prot |= PROT_WRITE;
if (elf_ppnt->p_flags & PF_X) elf_prot |= PROT_EXEC;
elf_flags = MAP_PRIVATE | MAP_DENYWRITE;
if (elf_ex.e_type == ET_EXEC || load_addr_set) {
elf_flags |= MAP_FIXED;
} else if (elf_ex.e_type == ET_DYN) {
/* Try and get dynamic programs out of the way of the default mmap
base, as well as whatever program they might try to exec. This
is because the brk will follow the loader, and is not movable. */
/* NOTE: for qemu, we do a big mmap to get enough space
without hardcoding any address */
error = target_mmap(0, ET_DYN_MAP_SIZE,
PROT_NONE, MAP_PRIVATE | MAP_ANON,
-1, 0);
if (error == -1) {
perror("mmap");
exit(-1);
}
load_bias = TARGET_ELF_PAGESTART(error - elf_ppnt->p_vaddr);
}
error = target_mmap(TARGET_ELF_PAGESTART(load_bias + elf_ppnt->p_vaddr),
(elf_ppnt->p_filesz +
TARGET_ELF_PAGEOFFSET(elf_ppnt->p_vaddr)),
elf_prot,
(MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE),
bprm->fd,
(elf_ppnt->p_offset -
TARGET_ELF_PAGEOFFSET(elf_ppnt->p_vaddr)));
if (error == -1) {
perror("mmap");
exit(-1);
}
#ifdef LOW_ELF_STACK
if (TARGET_ELF_PAGESTART(elf_ppnt->p_vaddr) < elf_stack)
elf_stack = TARGET_ELF_PAGESTART(elf_ppnt->p_vaddr);
#endif
if (!load_addr_set) {
load_addr_set = 1;
load_addr = elf_ppnt->p_vaddr - elf_ppnt->p_offset;
if (elf_ex.e_type == ET_DYN) {
load_bias += error -
TARGET_ELF_PAGESTART(load_bias + elf_ppnt->p_vaddr);
load_addr += load_bias;
reloc_func_desc = load_bias;
}
}
k = elf_ppnt->p_vaddr;
if (k < start_code)
start_code = k;
if (start_data < k)
start_data = k;
k = elf_ppnt->p_vaddr + elf_ppnt->p_filesz;
if (k > elf_bss)
elf_bss = k;
if ((elf_ppnt->p_flags & PF_X) && end_code < k)
end_code = k;
if (end_data < k)
end_data = k;
k = elf_ppnt->p_vaddr + elf_ppnt->p_memsz;
if (k > elf_brk) elf_brk = k;
}
elf_entry += load_bias;
elf_bss += load_bias;
elf_brk += load_bias;
start_code += load_bias;
end_code += load_bias;
start_data += load_bias;
end_data += load_bias;
if (elf_interpreter) {
if (interpreter_type & 1) {
elf_entry = load_aout_interp(&interp_ex, interpreter_fd);
}
else if (interpreter_type & 2) {
elf_entry = load_elf_interp(&interp_elf_ex, interpreter_fd,
&interp_load_addr);
}
reloc_func_desc = interp_load_addr;
close(interpreter_fd);
free(elf_interpreter);
if (elf_entry == ~((abi_ulong)0UL)) {
printf("Unable to load interpreter\n");
free(elf_phdata);
exit(-1);
return 0;
}
}
free(elf_phdata);
if (loglevel)
load_symbols(&elf_ex, bprm->fd);
if (interpreter_type != INTERPRETER_AOUT) close(bprm->fd);
info->personality = (ibcs2_interpreter ? PER_SVR4 : PER_LINUX);
#ifdef LOW_ELF_STACK
info->start_stack = bprm->p = elf_stack - 4;
#endif
bprm->p = create_elf_tables(bprm->p,
bprm->argc,
bprm->envc,
&elf_ex,
load_addr, load_bias,
interp_load_addr,
(interpreter_type == INTERPRETER_AOUT ? 0 : 1),
info);
info->load_addr = reloc_func_desc;
info->start_brk = info->brk = elf_brk;
info->end_code = end_code;
info->start_code = start_code;
info->start_data = start_data;
info->end_data = end_data;
info->start_stack = bprm->p;
/* Calling set_brk effectively mmaps the pages that we need for the bss and break
sections */
set_brk(elf_bss, elf_brk);
padzero(elf_bss, elf_brk);
#if 0
printf("(start_brk) %x\n" , info->start_brk);
printf("(end_code) %x\n" , info->end_code);
printf("(start_code) %x\n" , info->start_code);
printf("(end_data) %x\n" , info->end_data);
printf("(start_stack) %x\n" , info->start_stack);
printf("(brk) %x\n" , info->brk);
#endif
if ( info->personality == PER_SVR4 )
{
/* Why this, you ask??? Well SVr4 maps page 0 as read-only,
and some applications "depend" upon this behavior.
Since we do not have the power to recompile these, we
emulate the SVr4 behavior. Sigh. */
mapped_addr = target_mmap(0, qemu_host_page_size, PROT_READ | PROT_EXEC,
MAP_FIXED | MAP_PRIVATE, -1, 0);
}
info->entry = elf_entry;
return 0;
}
int
main (int argc, char *argv[])
{
size_t nwritten, tocopy, n, mem_size, fil_size, pad = 0;
int fd, ofd, i, j, verbose = 0, primary = 0;
char buf[8192], *inname;
struct exec * aout; /* includes file & aout header */
long offset;
#ifdef __ELF__
struct elfhdr *elf;
struct elf_phdr *elf_phdr; /* program header */
unsigned long long e_entry;
#endif
prog_name = argv[0];
for (i = 1; i < argc && argv[i][0] == '-'; ++i) {
for (j = 1; argv[i][j]; ++j) {
switch (argv[i][j]) {
case 'v':
verbose = ~verbose;
break;
case 'b':
pad = BLOCK_SIZE;
break;
case 'p':
primary = 1; /* make primary bootblock */
break;
}
}
}
if (i >= argc) {
usage();
}
inname = argv[i++];
fd = open(inname, O_RDONLY);
if (fd == -1) {
perror("open");
exit(1);
}
ofd = 1;
if (i < argc) {
ofd = open(argv[i++], O_WRONLY | O_CREAT | O_TRUNC, 0666);
if (ofd == -1) {
perror("open");
exit(1);
}
}
if (primary) {
/* generate bootblock for primary loader */
unsigned long bb[64], sum = 0;
struct stat st;
off_t size;
int i;
if (ofd == 1) {
usage();
}
if (fstat(fd, &st) == -1) {
perror("fstat");
exit(1);
}
size = (st.st_size + BLOCK_SIZE - 1) & ~(BLOCK_SIZE - 1);
memset(bb, 0, sizeof(bb));
strcpy((char *) bb, "Linux SRM bootblock");
bb[60] = size / BLOCK_SIZE; /* count */
bb[61] = 1; /* starting sector # */
bb[62] = 0; /* flags---must be 0 */
for (i = 0; i < 63; ++i) {
sum += bb[i];
}
bb[63] = sum;
if (write(ofd, bb, sizeof(bb)) != sizeof(bb)) {
perror("boot-block write");
exit(1);
}
printf("%lu\n", size);
return 0;
}
/* read and inspect exec header: */
if (read(fd, buf, sizeof(buf)) < 0) {
perror("read");
exit(1);
}
#ifdef __ELF__
elf = (struct elfhdr *) buf;
if (elf->e_ident[0] == 0x7f && strncmp((char *)elf->e_ident + 1, "ELF", 3) == 0) {
if (elf->e_type != ET_EXEC) {
fprintf(stderr, "%s: %s is not an ELF executable\n",
prog_name, inname);
exit(1);
}
if (!elf_check_arch(elf)) {
fprintf(stderr, "%s: is not for this processor (e_machine=%d)\n",
prog_name, elf->e_machine);
exit(1);
}
if (elf->e_phnum != 1) {
fprintf(stderr,
"%s: %d program headers (forgot to link with -N?)\n",
prog_name, elf->e_phnum);
}
e_entry = elf->e_entry;
lseek(fd, elf->e_phoff, SEEK_SET);
if (read(fd, buf, sizeof(*elf_phdr)) != sizeof(*elf_phdr)) {
perror("read");
exit(1);
}
elf_phdr = (struct elf_phdr *) buf;
offset = elf_phdr->p_offset;
mem_size = elf_phdr->p_memsz;
fil_size = elf_phdr->p_filesz;
/* work around ELF bug: */
if (elf_phdr->p_vaddr < e_entry) {
unsigned long delta = e_entry - elf_phdr->p_vaddr;
offset += delta;
mem_size -= delta;
fil_size -= delta;
elf_phdr->p_vaddr += delta;
}
if (verbose) {
fprintf(stderr, "%s: extracting %#016lx-%#016lx (at %lx)\n",
prog_name, (long) elf_phdr->p_vaddr,
elf_phdr->p_vaddr + fil_size, offset);
}
} else
#endif
{
aout = (struct exec *) buf;
if (!(aout->fh.f_flags & COFF_F_EXEC)) {
fprintf(stderr, "%s: %s is not in executable format\n",
prog_name, inname);
exit(1);
}
if (aout->fh.f_opthdr != sizeof(aout->ah)) {
fprintf(stderr, "%s: %s has unexpected optional header size\n",
prog_name, inname);
exit(1);
}
if (N_MAGIC(*aout) != OMAGIC) {
fprintf(stderr, "%s: %s is not an OMAGIC file\n",
prog_name, inname);
exit(1);
}
offset = N_TXTOFF(*aout);
fil_size = aout->ah.tsize + aout->ah.dsize;
mem_size = fil_size + aout->ah.bsize;
if (verbose) {
fprintf(stderr, "%s: extracting %#016lx-%#016lx (at %lx)\n",
prog_name, aout->ah.text_start,
aout->ah.text_start + fil_size, offset);
}
}
if (lseek(fd, offset, SEEK_SET) != offset) {
perror("lseek");
exit(1);
}
if (verbose) {
fprintf(stderr, "%s: copying %lu byte from %s\n",
prog_name, (unsigned long) fil_size, inname);
}
tocopy = fil_size;
while (tocopy > 0) {
n = tocopy;
if (n > sizeof(buf)) {
n = sizeof(buf);
}
tocopy -= n;
if ((size_t) read(fd, buf, n) != n) {
perror("read");
exit(1);
}
do {
nwritten = write(ofd, buf, n);
if ((ssize_t) nwritten == -1) {
perror("write");
exit(1);
}
n -= nwritten;
} while (n > 0);
}
if (pad) {
mem_size = ((mem_size + pad - 1) / pad) * pad;
}
tocopy = mem_size - fil_size;
if (tocopy > 0) {
fprintf(stderr,
"%s: zero-filling bss and aligning to %lu with %lu bytes\n",
prog_name, pad, (unsigned long) tocopy);
memset(buf, 0x00, sizeof(buf));
do {
n = tocopy;
if (n > sizeof(buf)) {
n = sizeof(buf);
}
nwritten = write(ofd, buf, n);
if ((ssize_t) nwritten == -1) {
perror("write");
exit(1);
}
tocopy -= nwritten;
} while (tocopy > 0);
}
return 0;
}
static inline int
do_load_elf_binary(struct linux_binprm * bprm, struct pt_regs * regs)
{
struct file * file;
struct dentry *interpreter_dentry = NULL; /* to shut gcc up */
unsigned long load_addr = 0, load_bias;
int load_addr_set = 0;
char * elf_interpreter = NULL;
unsigned int interpreter_type = INTERPRETER_NONE;
unsigned char ibcs2_interpreter = 0;
mm_segment_t old_fs;
unsigned long error;
struct elf_phdr * elf_ppnt, *elf_phdata;
unsigned long elf_bss, k, elf_brk;
int elf_exec_fileno;
int retval, size, i;
unsigned long elf_entry, interp_load_addr = 0;
unsigned long start_code, end_code, end_data;
struct elfhdr elf_ex;
struct elfhdr interp_elf_ex;
struct exec interp_ex;
char passed_fileno[6];
/* Get the exec-header */
elf_ex = *((struct elfhdr *) bprm->buf);
retval = -ENOEXEC;
/* First of all, some simple consistency checks */
if (elf_ex.e_ident[0] != 0x7f ||
strncmp(&elf_ex.e_ident[1], "ELF", 3) != 0)
goto out;
if (elf_ex.e_type != ET_EXEC && elf_ex.e_type != ET_DYN)
goto out;
if (!elf_check_arch(elf_ex.e_machine))
goto out;
#ifdef __mips__
/* allow only mips1 if exec is MIPSEB elf,
because IRIX binaries handled elsewhere. */
/* borrowed from binutils/include/elf/common.h*/
#define EI_DATA 5 /* Data encoding */
#define ELFDATA2MSB 2 /* 2's complement, big endian */
if ((elf_ex.e_ident[EI_DATA] == ELFDATA2MSB ) &&
(elf_ex.e_flags & EF_MIPS_ARCH) ) {
retval = -ENOEXEC;
goto out;
}
#endif
if (!bprm->dentry->d_inode->i_op ||
!bprm->dentry->d_inode->i_op->default_file_ops ||
!bprm->dentry->d_inode->i_op->default_file_ops->mmap)
goto out;
/* Now read in all of the header information */
retval = -ENOMEM;
size = elf_ex.e_phentsize * elf_ex.e_phnum;
elf_phdata = (struct elf_phdr *) kmalloc(size, GFP_KERNEL);
if (!elf_phdata)
goto out;
retval = read_exec(bprm->dentry, elf_ex.e_phoff,
(char *) elf_phdata, size, 1);
if (retval < 0)
goto out_free_ph;
retval = open_dentry(bprm->dentry, O_RDONLY);
if (retval < 0)
goto out_free_ph;
elf_exec_fileno = retval;
file = fget(elf_exec_fileno);
elf_ppnt = elf_phdata;
elf_bss = 0;
elf_brk = 0;
start_code = ~0UL;
end_code = 0;
end_data = 0;
for (i = 0; i < elf_ex.e_phnum; i++) {
if (elf_ppnt->p_type == PT_INTERP) {
retval = -EINVAL;
if (elf_interpreter)
goto out_free_interp;
/* This is the program interpreter used for
* shared libraries - for now assume that this
* is an a.out format binary
*/
retval = -ENOMEM;
elf_interpreter = (char *) kmalloc(elf_ppnt->p_filesz,
GFP_KERNEL);
if (!elf_interpreter)
goto out_free_file;
retval = read_exec(bprm->dentry, elf_ppnt->p_offset,
elf_interpreter,
elf_ppnt->p_filesz, 1);
if (retval < 0)
goto out_free_interp;
/* If the program interpreter is one of these two,
* then assume an iBCS2 image. Otherwise assume
* a native linux image.
*/
if (strcmp(elf_interpreter,"/usr/lib/libc.so.1") == 0 ||
strcmp(elf_interpreter,"/usr/lib/ld.so.1") == 0)
ibcs2_interpreter = 1;
#if 0
printk("Using ELF interpreter %s\n", elf_interpreter);
#endif
old_fs = get_fs(); /* This could probably be optimized */
set_fs(get_ds());
#ifdef __sparc__
if (ibcs2_interpreter) {
unsigned long old_pers = current->personality;
current->personality = PER_SVR4;
interpreter_dentry = open_namei(elf_interpreter,
0, 0);
current->personality = old_pers;
} else
#endif
interpreter_dentry = open_namei(elf_interpreter,
0, 0);
set_fs(old_fs);
retval = PTR_ERR(interpreter_dentry);
if (IS_ERR(interpreter_dentry))
goto out_free_interp;
retval = permission(interpreter_dentry->d_inode, MAY_EXEC);
if (retval < 0)
goto out_free_dentry;
retval = read_exec(interpreter_dentry, 0, bprm->buf, 128, 1);
if (retval < 0)
goto out_free_dentry;
/* Get the exec headers */
interp_ex = *((struct exec *) bprm->buf);
interp_elf_ex = *((struct elfhdr *) bprm->buf);
}
elf_ppnt++;
}
/* Some simple consistency checks for the interpreter */
if (elf_interpreter) {
interpreter_type = INTERPRETER_ELF | INTERPRETER_AOUT;
/* Now figure out which format our binary is */
if ((N_MAGIC(interp_ex) != OMAGIC) &&
(N_MAGIC(interp_ex) != ZMAGIC) &&
(N_MAGIC(interp_ex) != QMAGIC))
interpreter_type = INTERPRETER_ELF;
if (interp_elf_ex.e_ident[0] != 0x7f ||
strncmp(&interp_elf_ex.e_ident[1], "ELF", 3) != 0)
interpreter_type &= ~INTERPRETER_ELF;
retval = -ELIBBAD;
if (!interpreter_type)
goto out_free_dentry;
/* Make sure only one type was selected */
if ((interpreter_type & INTERPRETER_ELF) &&
interpreter_type != INTERPRETER_ELF) {
printk(KERN_WARNING "ELF: Ambiguous type, using ELF\n");
interpreter_type = INTERPRETER_ELF;
}
}
/* OK, we are done with that, now set up the arg stuff,
and then start this sucker up */
if (!bprm->sh_bang) {
char * passed_p;
if (interpreter_type == INTERPRETER_AOUT) {
sprintf(passed_fileno, "%d", elf_exec_fileno);
passed_p = passed_fileno;
if (elf_interpreter) {
bprm->p = copy_strings(1,&passed_p,bprm->page,bprm->p,2);
bprm->argc++;
}
}
retval = -E2BIG;
if (!bprm->p)
goto out_free_dentry;
}
/* Flush all traces of the currently running executable */
retval = flush_old_exec(bprm);
if (retval)
goto out_free_dentry;
/* OK, This is the point of no return */
current->mm->end_data = 0;
current->mm->end_code = 0;
current->mm->mmap = NULL;
current->flags &= ~PF_FORKNOEXEC;
elf_entry = (unsigned long) elf_ex.e_entry;
/* Do this immediately, since STACK_TOP as used in setup_arg_pages
may depend on the personality. */
SET_PERSONALITY(elf_ex, ibcs2_interpreter);
/* Do this so that we can load the interpreter, if need be. We will
change some of these later */
current->mm->rss = 0;
bprm->p = setup_arg_pages(bprm->p, bprm);
current->mm->start_stack = bprm->p;
/* Try and get dynamic programs out of the way of the default mmap
base, as well as whatever program they might try to exec. This
is because the brk will follow the loader, and is not movable. */
load_bias = ELF_PAGESTART(elf_ex.e_type==ET_DYN ? ELF_ET_DYN_BASE : 0);
/* Now we do a little grungy work by mmaping the ELF image into
the correct location in memory. At this point, we assume that
the image should be loaded at fixed address, not at a variable
address. */
old_fs = get_fs();
set_fs(get_ds());
for(i = 0, elf_ppnt = elf_phdata; i < elf_ex.e_phnum; i++, elf_ppnt++) {
int elf_prot = 0, elf_flags;
unsigned long vaddr;
if (elf_ppnt->p_type != PT_LOAD)
continue;
if (elf_ppnt->p_flags & PF_R) elf_prot |= PROT_READ;
if (elf_ppnt->p_flags & PF_W) elf_prot |= PROT_WRITE;
if (elf_ppnt->p_flags & PF_X) elf_prot |= PROT_EXEC;
elf_flags = MAP_PRIVATE|MAP_DENYWRITE|MAP_EXECUTABLE;
vaddr = elf_ppnt->p_vaddr;
if (elf_ex.e_type == ET_EXEC || load_addr_set) {
elf_flags |= MAP_FIXED;
}
error = do_mmap(file, ELF_PAGESTART(load_bias + vaddr),
(elf_ppnt->p_filesz +
ELF_PAGEOFFSET(elf_ppnt->p_vaddr)),
elf_prot, elf_flags, (elf_ppnt->p_offset -
ELF_PAGEOFFSET(elf_ppnt->p_vaddr)));
if (!load_addr_set) {
load_addr_set = 1;
load_addr = (elf_ppnt->p_vaddr - elf_ppnt->p_offset);
if (elf_ex.e_type == ET_DYN) {
load_bias += error -
ELF_PAGESTART(load_bias + vaddr);
load_addr += error;
}
}
k = elf_ppnt->p_vaddr;
if (k < start_code) start_code = k;
k = elf_ppnt->p_vaddr + elf_ppnt->p_filesz;
if (k > elf_bss)
elf_bss = k;
if ((elf_ppnt->p_flags & PF_X) && end_code < k)
end_code = k;
if (end_data < k)
end_data = k;
k = elf_ppnt->p_vaddr + elf_ppnt->p_memsz;
if (k > elf_brk)
elf_brk = k;
}
set_fs(old_fs);
fput(file); /* all done with the file */
elf_entry += load_bias;
elf_bss += load_bias;
elf_brk += load_bias;
start_code += load_bias;
end_code += load_bias;
end_data += load_bias;
if (elf_interpreter) {
if (interpreter_type == INTERPRETER_AOUT)
elf_entry = load_aout_interp(&interp_ex,
interpreter_dentry);
else
elf_entry = load_elf_interp(&interp_elf_ex,
interpreter_dentry,
&interp_load_addr);
dput(interpreter_dentry);
kfree(elf_interpreter);
if (elf_entry == ~0UL) {
printk(KERN_ERR "Unable to load interpreter\n");
kfree(elf_phdata);
send_sig(SIGSEGV, current, 0);
return 0;
}
}
kfree(elf_phdata);
if (interpreter_type != INTERPRETER_AOUT)
sys_close(elf_exec_fileno);
if (current->exec_domain && current->exec_domain->module)
__MOD_DEC_USE_COUNT(current->exec_domain->module);
if (current->binfmt && current->binfmt->module)
__MOD_DEC_USE_COUNT(current->binfmt->module);
current->exec_domain = lookup_exec_domain(current->personality);
current->binfmt = &elf_format;
if (current->exec_domain && current->exec_domain->module)
__MOD_INC_USE_COUNT(current->exec_domain->module);
if (current->binfmt && current->binfmt->module)
__MOD_INC_USE_COUNT(current->binfmt->module);
#ifndef VM_STACK_FLAGS
current->executable = dget(bprm->dentry);
#endif
compute_creds(bprm);
current->flags &= ~PF_FORKNOEXEC;
bprm->p = (unsigned long)
create_elf_tables((char *)bprm->p,
bprm->argc,
bprm->envc,
(interpreter_type == INTERPRETER_ELF ? &elf_ex : NULL),
load_addr, load_bias,
interp_load_addr,
(interpreter_type == INTERPRETER_AOUT ? 0 : 1));
/* N.B. passed_fileno might not be initialized? */
if (interpreter_type == INTERPRETER_AOUT)
current->mm->arg_start += strlen(passed_fileno) + 1;
current->mm->start_brk = current->mm->brk = elf_brk;
current->mm->end_code = end_code;
current->mm->start_code = start_code;
current->mm->end_data = end_data;
current->mm->start_stack = bprm->p;
/* Calling set_brk effectively mmaps the pages that we need
* for the bss and break sections
*/
set_brk(elf_bss, elf_brk);
padzero(elf_bss);
#if 0
printk("(start_brk) %x\n" , current->mm->start_brk);
printk("(end_code) %x\n" , current->mm->end_code);
printk("(start_code) %x\n" , current->mm->start_code);
printk("(end_data) %x\n" , current->mm->end_data);
printk("(start_stack) %x\n" , current->mm->start_stack);
printk("(brk) %x\n" , current->mm->brk);
#endif
if ( current->personality == PER_SVR4 )
{
/* Why this, you ask??? Well SVr4 maps page 0 as read-only,
and some applications "depend" upon this behavior.
Since we do not have the power to recompile these, we
emulate the SVr4 behavior. Sigh. */
/* N.B. Shouldn't the size here be PAGE_SIZE?? */
error = do_mmap(NULL, 0, 4096, PROT_READ | PROT_EXEC,
MAP_FIXED | MAP_PRIVATE, 0);
}
#ifdef ELF_PLAT_INIT
/*
* The ABI may specify that certain registers be set up in special
* ways (on i386 %edx is the address of a DT_FINI function, for
* example. This macro performs whatever initialization to
* the regs structure is required.
*/
ELF_PLAT_INIT(regs);
#endif
start_thread(regs, elf_entry, bprm->p);
if (current->flags & PF_PTRACED)
send_sig(SIGTRAP, current, 0);
retval = 0;
out:
return retval;
/* error cleanup */
out_free_dentry:
dput(interpreter_dentry);
out_free_interp:
if (elf_interpreter)
kfree(elf_interpreter);
out_free_file:
fput(file);
sys_close(elf_exec_fileno);
out_free_ph:
kfree(elf_phdata);
goto out;
}
static unsigned long load_elf_interp(struct elfhdr * interp_elf_ex,
struct dentry * interpreter_dentry,
unsigned long *interp_load_addr)
{
struct file * file;
struct elf_phdr *elf_phdata;
struct elf_phdr *eppnt;
unsigned long load_addr = 0;
int load_addr_set = 0;
unsigned long last_bss = 0, elf_bss = 0;
unsigned long error = ~0UL;
int elf_exec_fileno;
int retval, i, size;
/* First of all, some simple consistency checks */
if (interp_elf_ex->e_type != ET_EXEC &&
interp_elf_ex->e_type != ET_DYN)
goto out;
if (!elf_check_arch(interp_elf_ex->e_machine))
goto out;
if (!interpreter_dentry->d_inode->i_op ||
!interpreter_dentry->d_inode->i_op->default_file_ops->mmap)
goto out;
/*
* If the size of this structure has changed, then punt, since
* we will be doing the wrong thing.
*/
if (interp_elf_ex->e_phentsize != sizeof(struct elf_phdr))
goto out;
/* Now read in all of the header information */
size = sizeof(struct elf_phdr) * interp_elf_ex->e_phnum;
if (size > ELF_EXEC_PAGESIZE)
goto out;
elf_phdata = (struct elf_phdr *) kmalloc(size, GFP_KERNEL);
if (!elf_phdata)
goto out;
retval = read_exec(interpreter_dentry, interp_elf_ex->e_phoff,
(char *) elf_phdata, size, 1);
error = retval;
if (retval < 0)
goto out_free;
error = ~0UL;
elf_exec_fileno = open_dentry(interpreter_dentry, O_RDONLY);
if (elf_exec_fileno < 0)
goto out_free;
file = fget(elf_exec_fileno);
eppnt = elf_phdata;
for (i=0; i<interp_elf_ex->e_phnum; i++, eppnt++) {
if (eppnt->p_type == PT_LOAD) {
int elf_type = MAP_PRIVATE | MAP_DENYWRITE;
int elf_prot = 0;
unsigned long vaddr = 0;
unsigned long k, map_addr;
if (eppnt->p_flags & PF_R) elf_prot = PROT_READ;
if (eppnt->p_flags & PF_W) elf_prot |= PROT_WRITE;
if (eppnt->p_flags & PF_X) elf_prot |= PROT_EXEC;
vaddr = eppnt->p_vaddr;
if (interp_elf_ex->e_type == ET_EXEC || load_addr_set) {
elf_type |= MAP_FIXED;
#ifdef __sparc__
} else {
load_addr = get_unmapped_area(0, eppnt->p_filesz +
ELF_PAGEOFFSET(vaddr));
#endif
}
map_addr = do_mmap(file,
load_addr + ELF_PAGESTART(vaddr),
eppnt->p_filesz + ELF_PAGEOFFSET(eppnt->p_vaddr),
elf_prot,
elf_type,
eppnt->p_offset - ELF_PAGEOFFSET(eppnt->p_vaddr));
if (map_addr > -1024UL) /* Real error */
goto out_close;
if (!load_addr_set && interp_elf_ex->e_type == ET_DYN) {
load_addr = map_addr - ELF_PAGESTART(vaddr);
load_addr_set = 1;
}
/*
* Find the end of the file mapping for this phdr, and keep
* track of the largest address we see for this.
*/
k = load_addr + eppnt->p_vaddr + eppnt->p_filesz;
if (k > elf_bss)
elf_bss = k;
/*
* Do the same thing for the memory mapping - between
* elf_bss and last_bss is the bss section.
*/
k = load_addr + eppnt->p_memsz + eppnt->p_vaddr;
if (k > last_bss)
last_bss = k;
}
}
/* Now use mmap to map the library into memory. */
/*
* Now fill out the bss section. First pad the last page up
* to the page boundary, and then perform a mmap to make sure
* that there are zero-mapped pages up to and including the
* last bss page.
*/
padzero(elf_bss);
elf_bss = ELF_PAGESTART(elf_bss + ELF_EXEC_PAGESIZE - 1); /* What we have mapped so far */
/* Map the last of the bss segment */
if (last_bss > elf_bss)
do_mmap(NULL, elf_bss, last_bss - elf_bss,
PROT_READ|PROT_WRITE|PROT_EXEC,
MAP_FIXED|MAP_PRIVATE, 0);
*interp_load_addr = load_addr;
error = ((unsigned long) interp_elf_ex->e_entry) + load_addr;
out_close:
fput(file);
sys_close(elf_exec_fileno);
out_free:
kfree(elf_phdata);
out:
return error;
}
void
start_bootloader (void)
{
static char mem[4096];
static char buffer[1024];
unsigned long off;
int fd, i;
struct disk_req req;
struct disk_stat stat;
struct elfhdr *elf;
struct elf_phdr *elf_phdr; /* program header */
unsigned long e_entry, e_phoff, e_phnum;
register struct ia64_boot_param *bp;
char *kpath, *args;
long arglen = 0;
ssc(0, 0, 0, 0, SSC_CONSOLE_INIT);
/*
* S.Eranian: extract the commandline argument from the simulator
*
* The expected format is as follows:
*
* kernelname args...
*
* Both are optional but you can't have the second one without the first.
*/
arglen = ssc((long) buffer, 0, 0, 0, SSC_GET_ARGS);
kpath = "vmlinux";
args = buffer;
if (arglen > 0) {
kpath = buffer;
while (*args != ' ' && *args != '\0')
++args, --arglen;
if (*args == ' ')
*args++ = '\0', --arglen;
}
if (arglen <= 0) {
args = "";
arglen = 1;
}
fd = ssc((long) kpath, 1, 0, 0, SSC_OPEN);
if (fd < 0) {
cons_write(kpath);
cons_write(": file not found, reboot now\n");
for(;;);
}
stat.fd = fd;
off = 0;
req.len = sizeof(mem);
req.addr = (long) mem;
ssc(fd, 1, (long) &req, off, SSC_READ);
ssc((long) &stat, 0, 0, 0, SSC_WAIT_COMPLETION);
elf = (struct elfhdr *) mem;
if (elf->e_ident[0] == 0x7f && strncmp(elf->e_ident + 1, "ELF", 3) != 0) {
cons_write("not an ELF file\n");
return;
}
if (elf->e_type != ET_EXEC) {
cons_write("not an ELF executable\n");
return;
}
if (!elf_check_arch(elf)) {
cons_write("kernel not for this processor\n");
return;
}
e_entry = elf->e_entry;
e_phnum = elf->e_phnum;
e_phoff = elf->e_phoff;
cons_write("loading ");
cons_write(kpath);
cons_write("...\n");
for (i = 0; i < e_phnum; ++i) {
req.len = sizeof(*elf_phdr);
req.addr = (long) mem;
ssc(fd, 1, (long) &req, e_phoff, SSC_READ);
ssc((long) &stat, 0, 0, 0, SSC_WAIT_COMPLETION);
if (stat.count != sizeof(*elf_phdr)) {
cons_write("failed to read phdr\n");
return;
}
e_phoff += sizeof(*elf_phdr);
elf_phdr = (struct elf_phdr *) mem;
if (elf_phdr->p_type != PT_LOAD)
continue;
req.len = elf_phdr->p_filesz;
req.addr = __pa(elf_phdr->p_paddr);
ssc(fd, 1, (long) &req, elf_phdr->p_offset, SSC_READ);
ssc((long) &stat, 0, 0, 0, SSC_WAIT_COMPLETION);
memset((char *)__pa(elf_phdr->p_paddr) + elf_phdr->p_filesz, 0,
elf_phdr->p_memsz - elf_phdr->p_filesz);
}
ssc(fd, 0, 0, 0, SSC_CLOSE);
cons_write("starting kernel...\n");
/* fake an I/O base address: */
ia64_setreg(_IA64_REG_AR_KR0, 0xffffc000000UL);
bp = sys_fw_init(args, arglen);
ssc(0, (long) kpath, 0, 0, SSC_LOAD_SYMBOLS);
debug_break();
jmp_to_kernel((unsigned long) bp, e_entry);
cons_write("kernel returned!\n");
ssc(-1, 0, 0, 0, SSC_EXIT);
}
static abi_ulong load_elf_interp(struct elfhdr * interp_elf_ex,
int interpreter_fd,
abi_ulong *interp_load_addr)
{
struct elf_phdr *elf_phdata = NULL;
struct elf_phdr *eppnt;
abi_ulong load_addr = 0;
int load_addr_set = 0;
int retval;
abi_ulong last_bss, elf_bss;
abi_ulong error;
int i;
elf_bss = 0;
last_bss = 0;
error = 0;
#ifdef BSWAP_NEEDED
bswap_ehdr(interp_elf_ex);
#endif
/* First of all, some simple consistency checks */
if ((interp_elf_ex->e_type != ET_EXEC &&
interp_elf_ex->e_type != ET_DYN) ||
!elf_check_arch(interp_elf_ex->e_machine)) {
return ~((abi_ulong)0UL);
}
/* Now read in all of the header information */
if (sizeof(struct elf_phdr) * interp_elf_ex->e_phnum > TARGET_PAGE_SIZE)
return ~(abi_ulong)0UL;
elf_phdata = (struct elf_phdr *)
malloc(sizeof(struct elf_phdr) * interp_elf_ex->e_phnum);
if (!elf_phdata)
return ~((abi_ulong)0UL);
/*
* If the size of this structure has changed, then punt, since
* we will be doing the wrong thing.
*/
if (interp_elf_ex->e_phentsize != sizeof(struct elf_phdr)) {
free(elf_phdata);
return ~((abi_ulong)0UL);
}
retval = lseek(interpreter_fd, interp_elf_ex->e_phoff, SEEK_SET);
if(retval >= 0) {
retval = read(interpreter_fd,
(char *) elf_phdata,
sizeof(struct elf_phdr) * interp_elf_ex->e_phnum);
}
if (retval < 0) {
perror("load_elf_interp");
exit(-1);
free (elf_phdata);
return retval;
}
#ifdef BSWAP_NEEDED
eppnt = elf_phdata;
for (i=0; i<interp_elf_ex->e_phnum; i++, eppnt++) {
bswap_phdr(eppnt);
}
#endif
if (interp_elf_ex->e_type == ET_DYN) {
/* in order to avoid hardcoding the interpreter load
address in qemu, we allocate a big enough memory zone */
error = target_mmap(0, INTERP_MAP_SIZE,
PROT_NONE, MAP_PRIVATE | MAP_ANON,
-1, 0);
if (error == -1) {
perror("mmap");
exit(-1);
}
load_addr = error;
load_addr_set = 1;
}
eppnt = elf_phdata;
for(i=0; i<interp_elf_ex->e_phnum; i++, eppnt++)
if (eppnt->p_type == PT_LOAD) {
int elf_type = MAP_PRIVATE | MAP_DENYWRITE;
int elf_prot = 0;
abi_ulong vaddr = 0;
abi_ulong k;
if (eppnt->p_flags & PF_R) elf_prot = PROT_READ;
if (eppnt->p_flags & PF_W) elf_prot |= PROT_WRITE;
if (eppnt->p_flags & PF_X) elf_prot |= PROT_EXEC;
if (interp_elf_ex->e_type == ET_EXEC || load_addr_set) {
elf_type |= MAP_FIXED;
vaddr = eppnt->p_vaddr;
}
error = target_mmap(load_addr+TARGET_ELF_PAGESTART(vaddr),
eppnt->p_filesz + TARGET_ELF_PAGEOFFSET(eppnt->p_vaddr),
elf_prot,
elf_type,
interpreter_fd,
eppnt->p_offset - TARGET_ELF_PAGEOFFSET(eppnt->p_vaddr));
if (error == -1) {
/* Real error */
close(interpreter_fd);
free(elf_phdata);
return ~((abi_ulong)0UL);
}
if (!load_addr_set && interp_elf_ex->e_type == ET_DYN) {
load_addr = error;
load_addr_set = 1;
}
/*
* Find the end of the file mapping for this phdr, and keep
* track of the largest address we see for this.
*/
k = load_addr + eppnt->p_vaddr + eppnt->p_filesz;
if (k > elf_bss) elf_bss = k;
/*
* Do the same thing for the memory mapping - between
* elf_bss and last_bss is the bss section.
*/
k = load_addr + eppnt->p_memsz + eppnt->p_vaddr;
if (k > last_bss) last_bss = k;
}
/* Now use mmap to map the library into memory. */
close(interpreter_fd);
/*
* Now fill out the bss section. First pad the last page up
* to the page boundary, and then perform a mmap to make sure
* that there are zeromapped pages up to and including the last
* bss page.
*/
padzero(elf_bss, last_bss);
elf_bss = TARGET_ELF_PAGESTART(elf_bss + qemu_host_page_size - 1); /* What we have mapped so far */
/* Map the last of the bss segment */
if (last_bss > elf_bss) {
target_mmap(elf_bss, last_bss-elf_bss,
PROT_READ|PROT_WRITE|PROT_EXEC,
MAP_FIXED|MAP_PRIVATE|MAP_ANONYMOUS, -1, 0);
}
free(elf_phdata);
*interp_load_addr = load_addr;
return ((abi_ulong) interp_elf_ex->e_entry) + load_addr;
}
static int load_exeso_binary(struct linux_binprm *bprm, struct pt_regs *regs)
{
struct elfhdr *elf_ex;
struct elf_phdr *elf_phdata = NULL;
struct mm_struct *mm;
unsigned long load_addr = 0;
unsigned long error;
int retval = 0;
unsigned long pe_entry, ntdll_load_addr = 0;
unsigned long start_code, end_code, start_data, end_data;
unsigned long ntdll_entry;
int executable_stack = EXSTACK_DEFAULT;
unsigned long def_flags = 0;
unsigned long stack_top;
#ifdef NTDLL_SO
unsigned long interp_load_addr;
unsigned long interp_entry;
#endif
struct eprocess *process;
struct ethread *thread;
PRTL_USER_PROCESS_PARAMETERS ppb;
OBJECT_ATTRIBUTES ObjectAttributes;
INITIAL_TEB init_teb;
BOOLEAN is_win32=FALSE;
struct startup_info *info=NULL;
struct eprocess *parent_eprocess=NULL;
struct ethread *parent_ethread=NULL;
struct w32process* child_w32process =NULL;
struct w32process* parent_w32process =NULL;
elf_ex = (struct elfhdr *)bprm->buf;
retval = -ENOEXEC;
/* First of all, some simple consistency checks */
if (memcmp(elf_ex->e_ident, ELFMAG, SELFMAG) != 0)
goto out;
if (elf_ex->e_type != ET_EXEC && elf_ex->e_type != ET_DYN)
goto out;
if (!elf_check_arch(elf_ex))
goto out;
if (!bprm->file->f_op||!bprm->file->f_op->mmap)
goto out;
if (elf_ex->e_phentsize != sizeof(struct elf_phdr))
goto out;
if (elf_ex->e_phnum < 1 ||
elf_ex->e_phnum > 65536U / sizeof(struct elf_phdr))
goto out;
if(!check_exeso(bprm))
goto out;
start_code = ~0UL;
end_code = 0;
start_data = 0;
end_data = 0;
if(current->parent->ethread)
{
is_win32 = TRUE;
parent_ethread = current->parent->ethread;
parent_eprocess = parent_ethread->threads_process;
}
/* Flush all traces of the currently running executable */
retval = flush_old_exec(bprm);
if (retval) {
goto out;
}
/* OK, This is the point of no return */
mm = current->mm;
current->flags &= ~PF_FORKNOEXEC;
mm->def_flags = def_flags;
current->signal->rlim[RLIMIT_STACK].rlim_cur = WIN32_STACK_LIMIT;
current->signal->rlim[RLIMIT_STACK].rlim_max = WIN32_STACK_LIMIT;
current->personality |= ADDR_COMPAT_LAYOUT;
arch_pick_mmap_layout(mm);
/* Do this so that we can load the ntdll, if need be. We will
change some of these later */
mm->free_area_cache = mm->mmap_base = WIN32_UNMAPPED_BASE;
mm->cached_hole_size = 0;
stack_top = WIN32_STACK_LIMIT + WIN32_LOWEST_ADDR;
retval = setup_arg_pages(bprm, stack_top, executable_stack);
if (retval < 0)
goto out_free_file;
down_write(&mm->mmap_sem);
/* reserve first 0x100000 */
do_mmap_pgoff(NULL, 0, WIN32_LOWEST_ADDR, PROT_NONE, MAP_PRIVATE | MAP_FIXED | MAP_ANONYMOUS, 0);
/* reserve first 0x7fff0000 - 0x80000000 */
do_mmap_pgoff(NULL, WIN32_TASK_SIZE - 0x10000, 0x10000,
PROT_NONE, MAP_PRIVATE | MAP_FIXED | MAP_ANONYMOUS, 0);
/* reserve first 0x81000000 - 0xc0000000
* 0x80000000 - 0x81000000 used for wine SYSTEM_HEAP */
do_mmap_pgoff(NULL, WIN32_TASK_SIZE + WIN32_SYSTEM_HEAP_SIZE,
TASK_SIZE - WIN32_TASK_SIZE - WIN32_SYSTEM_HEAP_SIZE,
PROT_NONE, MAP_PRIVATE | MAP_FIXED | MAP_ANONYMOUS, 0);
up_write(&mm->mmap_sem);
#ifdef NTDLL_SO
/* search ntdll.dll.so in $PATH, default is /usr/local/lib/wine/ntdll.dll.so */
if (!*ntdll_name)
search_ntdll();
/* map ntdll.dll.so */
map_system_dll(current, ntdll_name, &ntdll_load_addr, &interp_load_addr);
pe_entry = get_pe_entry();
ntdll_entry = get_ntdll_entry();
interp_entry = get_interp_entry();
#endif
set_binfmt(&exeso_format);
#ifdef ARCH_HAS_SETUP_ADDITIONAL_PAGES
retval = arch_setup_additional_pages(bprm, executable_stack);
if (retval < 0) {
goto out_free_file;
}
#endif /* ARCH_HAS_SETUP_ADDITIONAL_PAGES */
install_exec_creds(bprm);
current->flags &= ~PF_FORKNOEXEC;
#ifdef NTDLL_SO
/* copy argv, env, and auxvec to stack, all for interpreter */
create_elf_tables_aux(bprm,
ntdll_load_addr, ntdll_phoff, ntdll_phnum, get_ntdll_start_thunk(),
load_addr, elf_ex->e_phoff, elf_ex->e_phnum, 0,
interp_load_addr, interp_entry, 0);
#endif
mm->end_code = end_code;
mm->start_code = start_code;
mm->start_data = start_data;
mm->end_data = end_data;
mm->start_stack = bprm->p;
if (current->personality & MMAP_PAGE_ZERO) {
/* Why this, you ask??? Well SVr4 maps page 0 as read-only,
and some applications "depend" upon this behavior.
Since we do not have the power to recompile these, we
emulate the SVr4 behavior. Sigh. */
down_write(&mm->mmap_sem);
error = do_mmap(NULL, 0, PAGE_SIZE, PROT_READ | PROT_EXEC,
MAP_FIXED | MAP_PRIVATE, 0);
up_write(&mm->mmap_sem);
}
/* create win-related structure */
INIT_OBJECT_ATTR(&ObjectAttributes, NULL, 0, NULL, NULL);
/* Create EPROCESS */
retval = create_object(KernelMode,
process_object_type,
&ObjectAttributes,
KernelMode,
NULL,
sizeof(struct eprocess),
0,
0,
(PVOID *)&process);
if (retval != STATUS_SUCCESS) {
goto out_free_file;
}
/* init eprocess */
eprocess_init(NULL, FALSE, process);
process->unique_processid = create_cid_handle(process, process_object_type);
if (!process->unique_processid)
goto out_free_eproc;
/* initialize EProcess and KProcess */
process->section_base_address = (void *)load_addr;
/* FIXME: PsCreateCidHandle */
/* Create PEB */
if ((retval = create_peb(process)))
goto out_free_process_cid;
/* Create PPB */
if(is_win32 == FALSE)
{
create_ppb(&ppb, process, bprm, bprm->filename, NULL, NULL, NULL, NULL, NULL, NULL, NULL);
((PEB *)process->peb)->ProcessParameters = ppb;
}
/* allocate a Win32 thread object */
retval = create_object(KernelMode,
thread_object_type,
&ObjectAttributes,
KernelMode,
NULL,
sizeof(struct ethread),
0,
0,
(PVOID *)&thread);
if (retval) {
goto out_free_process_cid;
}
thread->cid.unique_thread = create_cid_handle(thread, thread_object_type);
thread->cid.unique_process = process->unique_processid;
if (!thread->cid.unique_thread)
goto out_free_ethread;
/* set the teb */
init_teb.StackBase = (PVOID)(bprm->p);
init_teb.StackLimit = (PVOID)WIN32_LOWEST_ADDR + PAGE_SIZE;
thread->tcb.teb = create_teb(process, (PCLIENT_ID)&thread->cid, &init_teb);
if (IS_ERR(thread->tcb.teb)) {
retval = PTR_ERR(thread->tcb.teb);
goto out_free_thread_cid;
}
/* Init KThreaad */
ethread_init(thread, process, current);
sema_init(&thread->exec_semaphore,0);
if (is_win32 == TRUE) //parent is a windows process
{
down(&thread->exec_semaphore); //wait for the parent
child_w32process = process->win32process;
parent_w32process = parent_eprocess->win32process;
info = child_w32process->startup_info;
//now parent has finished its work
if(thread->inherit_all)
{
create_handle_table(parent_eprocess, TRUE, process);
child_w32process = create_w32process(parent_w32process, TRUE, process);
}
}
deref_object(process);
deref_object(thread);
set_teb_selector(current, (long)thread->tcb.teb);
thread->start_address = (void *)pe_entry; /* FIXME */
/* save current trap frame */
thread->tcb.trap_frame = (struct ktrap_frame *)regs;
/* init apc, to call LdrInitializeThunk */
#if 0
thread_apc = kmalloc(sizeof(KAPC), GFP_KERNEL);
if (!thread_apc) {
retval = -ENOMEM;
goto out_free_thread_cid;
}
apc_init(thread_apc,
&thread->tcb,
OriginalApcEnvironment,
thread_special_apc,
NULL,
(PKNORMAL_ROUTINE)ntdll_entry,
UserMode,
(void *)(bprm->p + 12));
insert_queue_apc(thread_apc, (void *)interp_entry, (void *)extra_page, IO_NO_INCREMENT);
#ifndef TIF_APC
#define TIF_APC 13
#endif
set_tsk_thread_flag(current, TIF_APC);
#endif
#ifdef ELF_PLAT_INIT
/*
* The ABI may specify that certain registers be set up in special
* ways (on i386 %edx is the address of a DT_FINI function, for
* example. In addition, it may also specify (eg, PowerPC64 ELF)
* that the e_entry field is the address of the function descriptor
* for the startup routine, rather than the address of the startup
* routine itself. This macro performs whatever initialization to
* the regs structure is required as well as any relocations to the
* function descriptor entries when executing dynamically links apps.
*/
ELF_PLAT_INIT(regs, reloc_func_desc);
#endif
start_thread(regs, interp_entry, bprm->p);
if (unlikely(current->ptrace & PT_PTRACED)) {
if (current->ptrace & PT_TRACE_EXEC)
ptrace_notify ((PTRACE_EVENT_EXEC << 8) | SIGTRAP);
else
send_sig(SIGTRAP, current, 0);
}
retval = 0;
try_module_get(THIS_MODULE);
/* return from w32syscall_exit, not syscall_exit */
((unsigned long *)regs)[-1] = (unsigned long)w32syscall_exit;
regs->fs = TEB_SELECTOR;
out:
if(elf_phdata)
kfree(elf_phdata);
return retval;
/* error cleanup */
out_free_thread_cid:
delete_cid_handle(thread->cid.unique_thread, thread_object_type);
out_free_ethread:
deref_object(thread);
out_free_process_cid:
delete_cid_handle(process->unique_processid, process_object_type);
out_free_eproc:
deref_object(process);
out_free_file:
send_sig(SIGKILL, current, 0);
goto out;
}
static unsigned long load_elf_interp(struct elfhdr * interp_elf_ex,
struct file * interpreter,
unsigned long *interp_load_addr)
{
struct elf_phdr *elf_phdata;
struct elf_phdr *eppnt;
unsigned long load_addr = 0;
int load_addr_set = 0;
unsigned long last_bss = 0, elf_bss = 0;
unsigned long error = ~0UL;
int retval, i, size;
/* First of all, some simple consistency checks */
if (interp_elf_ex->e_type != ET_EXEC &&
interp_elf_ex->e_type != ET_DYN)
goto out;
if (!elf_check_arch(interp_elf_ex))
goto out;
if (!interpreter->f_op || !interpreter->f_op->mmap)
goto out;
/*
* If the size of this structure has changed, then punt, since
* we will be doing the wrong thing.
*/
if (interp_elf_ex->e_phentsize != sizeof(struct elf_phdr))
goto out;
if (interp_elf_ex->e_phnum < 1 ||
interp_elf_ex->e_phnum > 65536U / sizeof(struct elf_phdr))
goto out;
/* Now read in all of the header information */
size = sizeof(struct elf_phdr) * interp_elf_ex->e_phnum;
if (size > ELF_MIN_ALIGN)
goto out;
elf_phdata = (struct elf_phdr *) kmalloc(size, GFP_KERNEL);
if (!elf_phdata)
goto out;
retval = kernel_read(interpreter,interp_elf_ex->e_phoff,(char *)elf_phdata,size);
error = -EIO;
if (retval != size) {
if (retval < 0)
error = retval;
goto out_close;
}
eppnt = elf_phdata;
for (i=0; i<interp_elf_ex->e_phnum; i++, eppnt++) {
if (eppnt->p_type == PT_LOAD) {
int elf_type = MAP_PRIVATE | MAP_DENYWRITE;
int elf_prot = 0;
unsigned long vaddr = 0;
unsigned long k, map_addr;
if (eppnt->p_flags & PF_R) elf_prot = PROT_READ;
if (eppnt->p_flags & PF_W) elf_prot |= PROT_WRITE;
if (eppnt->p_flags & PF_X) elf_prot |= PROT_EXEC;
vaddr = eppnt->p_vaddr;
if (interp_elf_ex->e_type == ET_EXEC || load_addr_set)
elf_type |= MAP_FIXED;
map_addr = elf_map(interpreter, load_addr + vaddr, eppnt, elf_prot, elf_type);
if (BAD_ADDR(map_addr))
goto out_close;
if (!load_addr_set && interp_elf_ex->e_type == ET_DYN) {
load_addr = map_addr - ELF_PAGESTART(vaddr);
load_addr_set = 1;
}
/*
* Check to see if the section's size will overflow the
* allowed task size. Note that p_filesz must always be
* <= p_memsize so it is only necessary to check p_memsz.
*/
k = load_addr + eppnt->p_vaddr;
if (k > TASK_SIZE || eppnt->p_filesz > eppnt->p_memsz ||
eppnt->p_memsz > TASK_SIZE || TASK_SIZE - eppnt->p_memsz < k) {
error = -ENOMEM;
goto out_close;
}
/*
* Find the end of the file mapping for this phdr, and keep
* track of the largest address we see for this.
*/
k = load_addr + eppnt->p_vaddr + eppnt->p_filesz;
if (k > elf_bss)
elf_bss = k;
/*
* Do the same thing for the memory mapping - between
* elf_bss and last_bss is the bss section.
*/
k = load_addr + eppnt->p_memsz + eppnt->p_vaddr;
if (k > last_bss)
last_bss = k;
}
}
/* Now use mmap to map the library into memory. */
/*
* Now fill out the bss section. First pad the last page up
* to the page boundary, and then perform a mmap to make sure
* that there are zero-mapped pages up to and including the
* last bss page.
*/
padzero(elf_bss);
elf_bss = ELF_PAGESTART(elf_bss + ELF_MIN_ALIGN - 1); /* What we have mapped so far */
/* Map the last of the bss segment */
if (last_bss > elf_bss) {
down_write(¤t->mm->mmap_sem);
error = do_brk(elf_bss, last_bss - elf_bss);
up_write(¤t->mm->mmap_sem);
if (BAD_ADDR(error))
goto out_close;
}
*interp_load_addr = load_addr;
/*
* XXX: is everything deallocated properly if this happens
* to be ~0UL (that is, we succeeded, but the header is broken
* and thus the caller will think that we failed)? We'd better
* switch to out-of-band error reporting.
*/
error = ((unsigned long) interp_elf_ex->e_entry) + load_addr;
out_close:
kfree(elf_phdata);
out:
return error;
}
static unsigned long load_elf_interp(struct elfhdr * interp_elf_ex,
int interpreter_fd,
unsigned long *interp_load_addr)
{
struct elf_phdr *elf_phdata;
struct elf_phdr *eppnt;
unsigned long load_addr = 0;
int load_addr_set = 0;
unsigned long last_bss = 0, elf_bss = 0;
unsigned long error = ~0UL;
int elf_exec_fileno;
int retval, i, size;
/* First of all, some simple consistency checks */
if (interp_elf_ex->e_type != ET_EXEC &&
interp_elf_ex->e_type != ET_DYN)
goto out;
if (!elf_check_arch(interp_elf_ex->e_machine))
goto out;
/*
* If the size of this structure has changed, then punt, since
* we will be doing the wrong thing.
*/
if (interp_elf_ex->e_phentsize != sizeof(struct elf_phdr))
goto out;
/* Now read in all of the header information */
if (interp_elf_ex->e_phnum < 1 || interp_elf_ex->e_phnum >
ELF_EXEC_PAGESIZE / sizeof(struct elf_phdr))
goto out;
size = sizeof(struct elf_phdr) * interp_elf_ex->e_phnum;
elf_phdata = (struct elf_phdr *) malloc(size);
if (!elf_phdata)
goto out;
retval = read_exec(interpreter_fd, interp_elf_ex->e_phoff,
(char *) elf_phdata, size, 1);
error = retval;
if (retval < 0)
goto out_free;
error = ~0UL;
elf_exec_fileno = dup(interpreter_fd);
if (elf_exec_fileno < 0)
goto out_free;
eppnt = elf_phdata;
for (i=0; i<interp_elf_ex->e_phnum; i++, eppnt++) {
if (eppnt->p_type == PT_LOAD) {
int elf_type = MAP_PRIVATE; // | MAP_DENYWRITE;
int elf_prot = 0;
unsigned long vaddr = 0;
unsigned long k, map_addr;
if (eppnt->p_flags & PF_R) elf_prot = PROT_READ;
if (eppnt->p_flags & PF_W) elf_prot |= PROT_WRITE;
if (eppnt->p_flags & PF_X) elf_prot |= PROT_EXEC;
vaddr = eppnt->p_vaddr;
if (interp_elf_ex->e_type == ET_EXEC || load_addr_set) {
elf_type |= MAP_FIXED;
}
#ifdef __VERBOSE__
printf("mapping: %08lX (load_addr: %08lX, vaddr:%08lX)\n",
load_addr + ELF_PAGESTART(vaddr), load_addr, vaddr);
#endif
map_addr = do_mmap(elf_exec_fileno, load_addr + ELF_PAGESTART(vaddr),
eppnt->p_filesz + ELF_PAGEOFFSET(eppnt->p_vaddr),
elf_prot, elf_type,
eppnt->p_offset - ELF_PAGEOFFSET(eppnt->p_vaddr));
#ifdef __VERBOSE__
printf("map_addr: %08lX\n", map_addr);
#endif
if (map_addr > -1024UL) /* Real error */
goto out_close;
if (!load_addr_set && interp_elf_ex->e_type == ET_DYN) {
load_addr = map_addr - ELF_PAGESTART(vaddr);
load_addr_set = 1;
}
/*
* Find the end of the file mapping for this phdr, and keep
* track of the largest address we see for this.
*/
k = load_addr + eppnt->p_vaddr + eppnt->p_filesz;
if (k > elf_bss)
elf_bss = k;
/*
* Do the same thing for the memory mapping - between
* elf_bss and last_bss is the bss section.
*/
k = load_addr + eppnt->p_memsz + eppnt->p_vaddr;
if (k > last_bss)
last_bss = k;
}
}
/* Now use mmap to map the library into memory. */
/*
* Now fill out the bss section. First pad the last page up
* to the page boundary, and then perform a mmap to make sure
* that there are zero-mapped pages up to and including the
* last bss page.
*/
padzero(elf_bss);
elf_bss = ELF_PAGESTART(elf_bss + ELF_EXEC_PAGESIZE - 1); /* What we have mapped so far */
/* Map the last of the bss segment */
if (last_bss > elf_bss)
do_mmap(-1, elf_bss, last_bss - elf_bss, PROT_READ|PROT_WRITE|PROT_EXEC,
MAP_FIXED|MAP_PRIVATE|MAP_ANONYMOUS, 0);
*interp_load_addr = load_addr;
/*
* AUDIT: is everything deallocated properly if this happens
* to be ~0UL? We'd better switch to out-of-band error reporting.
* Also for a.out.
*/
error = ((unsigned long) interp_elf_ex->e_entry) + load_addr;
out_close:
close(elf_exec_fileno);
out_free:
free(elf_phdata);
out:
return error;
}
static int load_elf_library(struct file *file)
{
struct elf_phdr *elf_phdata;
struct elf_phdr *eppnt;
unsigned long elf_bss, bss, len;
int retval, error, i, j;
struct elfhdr elf_ex;
error = -ENOEXEC;
retval = kernel_read(file, 0, (char *) &elf_ex, sizeof(elf_ex));
if (retval != sizeof(elf_ex))
goto out;
if (memcmp(elf_ex.e_ident, ELFMAG, SELFMAG) != 0)
goto out;
/* First of all, some simple consistency checks */
if (elf_ex.e_type != ET_EXEC || elf_ex.e_phnum > 2 ||
!elf_check_arch(&elf_ex) || !file->f_op || !file->f_op->mmap)
goto out;
/* Now read in all of the header information */
j = sizeof(struct elf_phdr) * elf_ex.e_phnum;
/* j < ELF_MIN_ALIGN because elf_ex.e_phnum <= 2 */
error = -ENOMEM;
elf_phdata = kmalloc(j, GFP_KERNEL);
if (!elf_phdata)
goto out;
eppnt = elf_phdata;
error = -ENOEXEC;
retval = kernel_read(file, elf_ex.e_phoff, (char *)eppnt, j);
if (retval != j)
goto out_free_ph;
for (j = 0, i = 0; i<elf_ex.e_phnum; i++)
if ((eppnt + i)->p_type == PT_LOAD) j++;
if (j != 1)
goto out_free_ph;
while (eppnt->p_type != PT_LOAD)
eppnt++;
/* Now use mmap to map the library into memory. */
down_write(¤t->mm->mmap_sem);
error = do_mmap(file,
ELF_PAGESTART(eppnt->p_vaddr),
(eppnt->p_filesz +
ELF_PAGEOFFSET(eppnt->p_vaddr)),
PROT_READ | PROT_WRITE | PROT_EXEC,
MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE,
(eppnt->p_offset -
ELF_PAGEOFFSET(eppnt->p_vaddr)));
up_write(¤t->mm->mmap_sem);
if (error != ELF_PAGESTART(eppnt->p_vaddr))
goto out_free_ph;
elf_bss = eppnt->p_vaddr + eppnt->p_filesz;
padzero(elf_bss);
len = ELF_PAGESTART(eppnt->p_filesz + eppnt->p_vaddr + ELF_MIN_ALIGN - 1);
bss = eppnt->p_memsz + eppnt->p_vaddr;
if (bss > len) {
down_write(¤t->mm->mmap_sem);
do_brk(len, bss - len);
up_write(¤t->mm->mmap_sem);
}
error = 0;
out_free_ph:
kfree(elf_phdata);
out:
return error;
}
static noinline struct module *load_module(void __user * umod,
unsigned long len,
const char __user * uargs)
{
struct elfhdr *hdr;
struct secthdr *sechdrs;
char *secstrings, *args, *modmagic, *strtab = NULL;
//char *staging;
unsigned int i;
unsigned int symindex = 0;
unsigned int strindex = 0;
unsigned int modindex, versindex, infoindex, pcpuindex;
struct module *mod;
long err = 0;
void *ptr = NULL;
kprintf("load_module: umod=%p, len=%lu, uargs=%p\n", umod, len, uargs);
if (len < sizeof(*hdr))
return NULL;
if (len > 64 * 1024 * 1024 || (hdr = kmalloc(len)) == NULL)
return NULL;
kprintf("load_module: copy_from_user\n");
struct mm_struct *mm = current->mm;
lock_mm(mm);
if (!copy_from_user(mm, hdr, umod, len, 1)) {
unlock_mm(mm);
goto free_hdr;
}
unlock_mm(mm);
kprintf("load_module: hdr:%p\n", hdr);
// sanity check
if (memcmp(&(hdr->e_magic), ELFMAG, SELFMAG) != 0
|| hdr->e_type != ET_REL || !elf_check_arch(hdr)
|| hdr->e_shentsize != sizeof(*sechdrs)) {
kprintf("load_module: sanity check failed.\n");
goto free_hdr;
}
if (len < hdr->e_shoff + hdr->e_shnum * sizeof(*sechdrs))
goto truncated;
sechdrs = (void *)hdr + hdr->e_shoff;
secstrings = (void *)hdr + sechdrs[hdr->e_shstrndx].sh_offset;
sechdrs[0].sh_addr = 0;
for (i = 1; i < hdr->e_shnum; i++) {
if (sechdrs[i].sh_type != SHT_NOBITS
&& len < sechdrs[i].sh_offset + sechdrs[i].sh_size)
goto truncated;
// mark sh_addr
sechdrs[i].sh_addr = (size_t) hdr + sechdrs[i].sh_offset;
if (sechdrs[i].sh_type == SHT_SYMTAB) {
symindex = i;
strindex = sechdrs[i].sh_link;
strtab = (char *)hdr + sechdrs[strindex].sh_offset;
}
}
modindex =
find_sec(hdr, sechdrs, secstrings, ".gnu.linkonce.this_module");
if (!modindex) {
kprintf("load_module: No module found in object.\n");
goto free_hdr;
}
// temp: point mod into copy of data
mod = (void *)sechdrs[modindex].sh_addr;
if (symindex == 0) {
kprintf("load_module: %s module has no symbols (stripped?).\n",
mod->name);
goto free_hdr;
}
versindex = find_sec(hdr, sechdrs, secstrings, "__versions");
infoindex = find_sec(hdr, sechdrs, secstrings, ".modinfo");
pcpuindex = 0;//find_pcpusec(hdr, sechdrs, secstrings);
// don't keep modinfo and version
sechdrs[infoindex].sh_flags &= ~(unsigned long)SHF_ALLOC;
sechdrs[versindex].sh_flags &= ~(unsigned long)SHF_ALLOC;
// keep symbol and string tables
sechdrs[symindex].sh_flags |= SHF_ALLOC;
sechdrs[strindex].sh_flags |= SHF_ALLOC;
/*if (!check_modstruct_version(sechdrs, versindex, mod)) {
goto free_hdr;
}*/
/*
modmagic = get_modinfo(sechdrs, infoindex, "vermagic");
if (!modmagic) {
kprintf("load_module: bad vermagic\n");
goto free_hdr;
} else if (!same_magic(modmagic, vermagic, versindex)) {
;
// TODO: module magic is left for future use.
}
*/
//staging = get_modinfo(sechdrs, infoindex, "staging");
// TODO: staging is left for future use.
if (find_module(mod->name)) {
kprintf("load_module: module %s exists\n", mod->name);
goto free_mod;
}
mod->state = MODULE_STATE_COMING;
// err = module_frob_arch_sections(hdr, sechdrs, secstrings, mod);
// TODO: we do not need it for x86 or arm
// TODO: percpu is no longer needed.
layout_sections(mod, hdr, sechdrs, secstrings);
ptr = module_alloc_update_bounds(mod->core_size);
if (!ptr) {
goto free_percpu;
}
memset(ptr, 0, mod->core_size);
mod->module_core = ptr;
ptr = module_alloc_update_bounds(mod->init_size);
if (!ptr && mod->init_size) {
goto free_core;
}
memset(ptr, 0, mod->init_size);
mod->module_init = ptr;
kprintf("load_module: final section addresses:\n");
for (i = 0; i < hdr->e_shnum; i++) {
void *dest;
if (!(sechdrs[i].sh_flags & SHF_ALLOC)) {
kprintf("\tSkipped %s\n",
secstrings + sechdrs[i].sh_name);
continue;
}
if (sechdrs[i].sh_entsize & INIT_OFFSET_MASK)
dest =
mod->module_init +
(sechdrs[i].sh_entsize & ~INIT_OFFSET_MASK);
else
dest = mod->module_core + sechdrs[i].sh_entsize;
if (sechdrs[i].sh_type != SHT_NOBITS)
memcpy(dest, (void *)sechdrs[i].sh_addr,
sechdrs[i].sh_size);
sechdrs[i].sh_addr = (unsigned long)dest;
kprintf("\t0x%lx %s\n", sechdrs[i].sh_addr,
secstrings + sechdrs[i].sh_name);
}
/* Module has been moved. */
mod = (void *)sechdrs[modindex].sh_addr;
/* Now we've moved module, initialize linked lists, etc. */
module_unload_init(mod);
/* Set up license info based on the info section */
set_license(mod, get_modinfo(sechdrs, infoindex, "license"));
err = simplify_symbols(sechdrs, symindex, strtab, versindex, pcpuindex,
mod);
if (err < 0)
goto cleanup;
mod->syms = section_objs(hdr, sechdrs, secstrings, "__ksymtab",
sizeof(*mod->syms), &mod->num_syms);
mod->crcs = section_addr(hdr, sechdrs, secstrings, "__kcrctab");
// relocations
for (i = 1; i < hdr->e_shnum; i++) {
const char *strtab = (char *)sechdrs[strindex].sh_addr;
unsigned int info = sechdrs[i].sh_info;
/* Not a valid relocation section */
if (info >= hdr->e_shnum)
continue;
/* Don't bother with non-allocated sections */
if (!(sechdrs[info].sh_flags & SHF_ALLOC))
continue;
if (sechdrs[i].sh_type == SHT_REL)
err = apply_relocate(sechdrs, strtab, symindex, i, mod);
else if (sechdrs[i].sh_type == SHT_RELA)
err =
apply_relocate_add(sechdrs, strtab, symindex, i,
mod);
if (err < 0)
goto cleanup;
}
err = verify_export_symbols(mod);
if (err < 0)
goto cleanup;
// TODO: kallsyms is left for future use.
//add_kallsyms(mod, sechdrs, symindex, strindex, secstrings);
err = module_finalize(hdr, sechdrs, mod);
if (err < 0)
goto cleanup;
list_add(&modules, &mod->list);
kfree(hdr);
return mod;
cleanup:
module_unload_free(mod);
free_init:
module_free(mod, mod->module_init);
free_core:
module_free(mod, mod->module_core);
free_percpu:
free_mod:
free_hdr:
kfree(hdr);
return NULL;
truncated:
kprintf("load_module: module len %lu truncated.\n");
goto free_hdr;
}
