X-Git-Url: http://ftp.safe.ca/?a=blobdiff_plain;f=fs%2Fbinfmt_elf.c;h=4482a0673b1591869c63358a1db6a21582848252;hb=313b0d3d863453cb596ea42aed07f8e1a9b0a7e2;hp=f36f2210204f524b2922fa69ea704295bfbe5a59;hpb=f99d49adf527fa6f7a9c42257fa76bca6b8df1e3;p=safe%2Fjmp%2Flinux-2.6 diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index f36f221..4482a06 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -31,43 +31,36 @@ #include #include #include -#include #include #include #include #include #include #include - +#include +#include #include #include #include -#include - -static int load_elf_binary(struct linux_binprm * bprm, struct pt_regs * regs); -static int load_elf_library(struct file*); +static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs); +static int load_elf_library(struct file *); static unsigned long elf_map (struct file *, unsigned long, struct elf_phdr *, int, int); -extern int dump_fpu (struct pt_regs *, elf_fpregset_t *); - -#ifndef elf_addr_t -#define elf_addr_t unsigned long -#endif /* * If we don't support core dumping, then supply a NULL so we * don't even try. */ -#ifdef USE_ELF_CORE_DUMP -static int elf_core_dump(long signr, struct pt_regs * regs, struct file * file); +#if defined(USE_ELF_CORE_DUMP) && defined(CONFIG_ELF_CORE) +static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file); #else #define elf_core_dump NULL #endif #if ELF_EXEC_PAGESIZE > PAGE_SIZE -# define ELF_MIN_ALIGN ELF_EXEC_PAGESIZE +#define ELF_MIN_ALIGN ELF_EXEC_PAGESIZE #else -# define ELF_MIN_ALIGN PAGE_SIZE +#define ELF_MIN_ALIGN PAGE_SIZE #endif #ifndef ELF_CORE_EFLAGS @@ -83,10 +76,11 @@ static struct linux_binfmt elf_format = { .load_binary = load_elf_binary, .load_shlib = load_elf_library, .core_dump = elf_core_dump, - .min_coredump = ELF_EXEC_PAGESIZE + .min_coredump = ELF_EXEC_PAGESIZE, + .hasvdso = 1 }; -#define BAD_ADDR(x) ((unsigned long)(x) > TASK_SIZE) +#define BAD_ADDR(x) ((unsigned long)(x) >= TASK_SIZE) static int set_brk(unsigned long start, unsigned long end) { @@ -104,13 +98,11 @@ static int set_brk(unsigned long start, unsigned long end) return 0; } - /* We need to explicitly zero any fractional pages after the data section (i.e. bss). This would contain the junk from the file that should not - be in memory */ - - + be in memory + */ static int padzero(unsigned long elf_bss) { unsigned long nbyte; @@ -129,7 +121,9 @@ static int padzero(unsigned long elf_bss) #define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) + (items)) #define STACK_ROUND(sp, items) \ ((15 + (unsigned long) ((sp) + (items))) &~ 15UL) -#define STACK_ALLOC(sp, len) ({ elf_addr_t __user *old_sp = (elf_addr_t __user *)sp; sp += len; old_sp; }) +#define STACK_ALLOC(sp, len) ({ \ + elf_addr_t __user *old_sp = (elf_addr_t __user *)sp; sp += len; \ + old_sp; }) #else #define STACK_ADD(sp, items) ((elf_addr_t __user *)(sp) - (items)) #define STACK_ROUND(sp, items) \ @@ -138,7 +132,7 @@ static int padzero(unsigned long elf_bss) #endif static int -create_elf_tables(struct linux_binprm *bprm, struct elfhdr * exec, +create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec, int interp_aout, unsigned long load_addr, unsigned long interp_load_addr) { @@ -154,6 +148,7 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr * exec, elf_addr_t *elf_info; int ei_index = 0; struct task_struct *tsk = current; + struct vm_area_struct *vma; /* * If this architecture has a platform capability string, copy it @@ -161,7 +156,6 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr * exec, * for userspace to get any other way, in others (i386) it is * merely difficult. */ - u_platform = NULL; if (k_platform) { size_t len = strlen(k_platform) + 1; @@ -171,7 +165,7 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr * exec, * evictions by the processes running on the same package. One * thing we can do is to shuffle the initial stack for them. */ - + p = arch_align_stack(p); u_platform = (elf_addr_t __user *)STACK_ALLOC(p, len); @@ -180,9 +174,12 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr * exec, } /* Create the ELF interpreter info */ - elf_info = (elf_addr_t *) current->mm->saved_auxv; + elf_info = (elf_addr_t *)current->mm->saved_auxv; #define NEW_AUX_ENT(id, val) \ - do { elf_info[ei_index++] = id; elf_info[ei_index++] = val; } while (0) + do { \ + elf_info[ei_index++] = id; \ + elf_info[ei_index++] = val; \ + } while (0) #ifdef ARCH_DLINFO /* @@ -195,21 +192,22 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr * exec, NEW_AUX_ENT(AT_PAGESZ, ELF_EXEC_PAGESIZE); NEW_AUX_ENT(AT_CLKTCK, CLOCKS_PER_SEC); NEW_AUX_ENT(AT_PHDR, load_addr + exec->e_phoff); - NEW_AUX_ENT(AT_PHENT, sizeof (struct elf_phdr)); + NEW_AUX_ENT(AT_PHENT, sizeof(struct elf_phdr)); NEW_AUX_ENT(AT_PHNUM, exec->e_phnum); NEW_AUX_ENT(AT_BASE, interp_load_addr); NEW_AUX_ENT(AT_FLAGS, 0); NEW_AUX_ENT(AT_ENTRY, exec->e_entry); - NEW_AUX_ENT(AT_UID, (elf_addr_t) tsk->uid); - NEW_AUX_ENT(AT_EUID, (elf_addr_t) tsk->euid); - NEW_AUX_ENT(AT_GID, (elf_addr_t) tsk->gid); - NEW_AUX_ENT(AT_EGID, (elf_addr_t) tsk->egid); - NEW_AUX_ENT(AT_SECURE, (elf_addr_t) security_bprm_secureexec(bprm)); + NEW_AUX_ENT(AT_UID, tsk->uid); + NEW_AUX_ENT(AT_EUID, tsk->euid); + NEW_AUX_ENT(AT_GID, tsk->gid); + NEW_AUX_ENT(AT_EGID, tsk->egid); + NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm)); if (k_platform) { - NEW_AUX_ENT(AT_PLATFORM, (elf_addr_t)(unsigned long)u_platform); + NEW_AUX_ENT(AT_PLATFORM, + (elf_addr_t)(unsigned long)u_platform); } if (bprm->interp_flags & BINPRM_FLAGS_EXECFD) { - NEW_AUX_ENT(AT_EXECFD, (elf_addr_t) bprm->interp_data); + NEW_AUX_ENT(AT_EXECFD, bprm->interp_data); } #undef NEW_AUX_ENT /* AT_NULL is zero; clear the rest too */ @@ -232,19 +230,29 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr * exec, /* Point sp at the lowest address on the stack */ #ifdef CONFIG_STACK_GROWSUP sp = (elf_addr_t __user *)bprm->p - items - ei_index; - bprm->exec = (unsigned long) sp; /* XXX: PARISC HACK */ + bprm->exec = (unsigned long)sp; /* XXX: PARISC HACK */ #else sp = (elf_addr_t __user *)bprm->p; #endif + + /* + * Grow the stack manually; some architectures have a limit on how + * far ahead a user-space access may be in order to grow the stack. + */ + vma = find_extend_vma(current->mm, bprm->p); + if (!vma) + return -EFAULT; + /* Now, let's put argc (and argv, envp if appropriate) on the stack */ if (__put_user(argc, sp++)) return -EFAULT; if (interp_aout) { argv = sp + 2; envp = argv + argc + 1; - __put_user((elf_addr_t)(unsigned long)argv, sp++); - __put_user((elf_addr_t)(unsigned long)envp, sp++); + if (__put_user((elf_addr_t)(unsigned long)argv, sp++) || + __put_user((elf_addr_t)(unsigned long)envp, sp++)) + return -EFAULT; } else { argv = sp; envp = argv + argc + 1; @@ -254,9 +262,10 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr * exec, p = current->mm->arg_end = current->mm->arg_start; while (argc-- > 0) { size_t len; - __put_user((elf_addr_t)p, argv++); - len = strnlen_user((void __user *)p, PAGE_SIZE*MAX_ARG_PAGES); - if (!len || len > PAGE_SIZE*MAX_ARG_PAGES) + if (__put_user((elf_addr_t)p, argv++)) + return -EFAULT; + len = strnlen_user((void __user *)p, MAX_ARG_STRLEN); + if (!len || len > MAX_ARG_STRLEN) return 0; p += len; } @@ -265,9 +274,10 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr * exec, current->mm->arg_end = current->mm->env_start = p; while (envc-- > 0) { size_t len; - __put_user((elf_addr_t)p, envp++); - len = strnlen_user((void __user *)p, PAGE_SIZE*MAX_ARG_PAGES); - if (!len || len > PAGE_SIZE*MAX_ARG_PAGES) + if (__put_user((elf_addr_t)p, envp++)) + return -EFAULT; + len = strnlen_user((void __user *)p, MAX_ARG_STRLEN); + if (!len || len > MAX_ARG_STRLEN) return 0; p += len; } @@ -285,14 +295,20 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr * exec, #ifndef elf_map static unsigned long elf_map(struct file *filep, unsigned long addr, - struct elf_phdr *eppnt, int prot, int type) + struct elf_phdr *eppnt, int prot, int type) { unsigned long map_addr; + unsigned long pageoffset = ELF_PAGEOFFSET(eppnt->p_vaddr); down_write(¤t->mm->mmap_sem); - map_addr = do_mmap(filep, ELF_PAGESTART(addr), - eppnt->p_filesz + ELF_PAGEOFFSET(eppnt->p_vaddr), prot, type, - eppnt->p_offset - ELF_PAGEOFFSET(eppnt->p_vaddr)); + /* mmap() will return -EINVAL if given a zero size, but a + * segment with zero filesize is perfectly valid */ + if (eppnt->p_filesz + pageoffset) + map_addr = do_mmap(filep, ELF_PAGESTART(addr), + eppnt->p_filesz + pageoffset, prot, type, + eppnt->p_offset - pageoffset); + else + map_addr = ELF_PAGESTART(addr); up_write(¤t->mm->mmap_sem); return(map_addr); } @@ -304,9 +320,8 @@ static unsigned long elf_map(struct file *filep, unsigned long addr, is only provided so that we can read a.out libraries that have an ELF header */ -static unsigned long load_elf_interp(struct elfhdr * interp_elf_ex, - struct file * interpreter, - unsigned long *interp_load_addr) +static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, + struct file *interpreter, unsigned long *interp_load_addr) { struct elf_phdr *elf_phdata; struct elf_phdr *eppnt; @@ -336,15 +351,15 @@ static unsigned long load_elf_interp(struct elfhdr * interp_elf_ex, goto out; /* Now read in all of the header information */ - size = sizeof(struct elf_phdr) * interp_elf_ex->e_phnum; if (size > ELF_MIN_ALIGN) goto out; - elf_phdata = (struct elf_phdr *) kmalloc(size, GFP_KERNEL); + elf_phdata = kmalloc(size, GFP_KERNEL); if (!elf_phdata) goto out; - retval = kernel_read(interpreter,interp_elf_ex->e_phoff,(char *)elf_phdata,size); + retval = kernel_read(interpreter, interp_elf_ex->e_phoff, + (char *)elf_phdata,size); error = -EIO; if (retval != size) { if (retval < 0) @@ -353,58 +368,65 @@ static unsigned long load_elf_interp(struct elfhdr * interp_elf_ex, } eppnt = elf_phdata; - for (i=0; ie_phnum; i++, eppnt++) { - if (eppnt->p_type == PT_LOAD) { - int elf_type = MAP_PRIVATE | MAP_DENYWRITE; - int elf_prot = 0; - unsigned long vaddr = 0; - unsigned long k, map_addr; - - if (eppnt->p_flags & PF_R) elf_prot = PROT_READ; - if (eppnt->p_flags & PF_W) elf_prot |= PROT_WRITE; - if (eppnt->p_flags & PF_X) elf_prot |= PROT_EXEC; - vaddr = eppnt->p_vaddr; - if (interp_elf_ex->e_type == ET_EXEC || load_addr_set) - elf_type |= MAP_FIXED; - - map_addr = elf_map(interpreter, load_addr + vaddr, eppnt, elf_prot, elf_type); - error = map_addr; - if (BAD_ADDR(map_addr)) - goto out_close; - - if (!load_addr_set && interp_elf_ex->e_type == ET_DYN) { - load_addr = map_addr - ELF_PAGESTART(vaddr); - load_addr_set = 1; - } - - /* - * Check to see if the section's size will overflow the - * allowed task size. Note that p_filesz must always be - * <= p_memsize so it is only necessary to check p_memsz. - */ - k = load_addr + eppnt->p_vaddr; - if (k > TASK_SIZE || eppnt->p_filesz > eppnt->p_memsz || - eppnt->p_memsz > TASK_SIZE || TASK_SIZE - eppnt->p_memsz < k) { - error = -ENOMEM; - goto out_close; - } - - /* - * Find the end of the file mapping for this phdr, and keep - * track of the largest address we see for this. - */ - k = load_addr + eppnt->p_vaddr + eppnt->p_filesz; - if (k > elf_bss) - elf_bss = k; - - /* - * Do the same thing for the memory mapping - between - * elf_bss and last_bss is the bss section. - */ - k = load_addr + eppnt->p_memsz + eppnt->p_vaddr; - if (k > last_bss) - last_bss = k; - } + for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) { + if (eppnt->p_type == PT_LOAD) { + int elf_type = MAP_PRIVATE | MAP_DENYWRITE; + int elf_prot = 0; + unsigned long vaddr = 0; + unsigned long k, map_addr; + + if (eppnt->p_flags & PF_R) + elf_prot = PROT_READ; + if (eppnt->p_flags & PF_W) + elf_prot |= PROT_WRITE; + if (eppnt->p_flags & PF_X) + elf_prot |= PROT_EXEC; + vaddr = eppnt->p_vaddr; + if (interp_elf_ex->e_type == ET_EXEC || load_addr_set) + elf_type |= MAP_FIXED; + + map_addr = elf_map(interpreter, load_addr + vaddr, + eppnt, elf_prot, elf_type); + error = map_addr; + if (BAD_ADDR(map_addr)) + goto out_close; + + if (!load_addr_set && + interp_elf_ex->e_type == ET_DYN) { + load_addr = map_addr - ELF_PAGESTART(vaddr); + load_addr_set = 1; + } + + /* + * Check to see if the section's size will overflow the + * allowed task size. Note that p_filesz must always be + * <= p_memsize so it's only necessary to check p_memsz. + */ + k = load_addr + eppnt->p_vaddr; + if (BAD_ADDR(k) || + eppnt->p_filesz > eppnt->p_memsz || + eppnt->p_memsz > TASK_SIZE || + TASK_SIZE - eppnt->p_memsz < k) { + error = -ENOMEM; + goto out_close; + } + + /* + * Find the end of the file mapping for this phdr, and + * keep track of the largest address we see for this. + */ + k = load_addr + eppnt->p_vaddr + eppnt->p_filesz; + if (k > elf_bss) + elf_bss = k; + + /* + * Do the same thing for the memory mapping - between + * elf_bss and last_bss is the bss section. + */ + k = load_addr + eppnt->p_memsz + eppnt->p_vaddr; + if (k > last_bss) + last_bss = k; + } } /* @@ -418,7 +440,8 @@ static unsigned long load_elf_interp(struct elfhdr * interp_elf_ex, goto out_close; } - elf_bss = ELF_PAGESTART(elf_bss + ELF_MIN_ALIGN - 1); /* What we have mapped so far */ + /* What we have mapped so far */ + elf_bss = ELF_PAGESTART(elf_bss + ELF_MIN_ALIGN - 1); /* Map the last of the bss segment */ if (last_bss > elf_bss) { @@ -430,7 +453,7 @@ static unsigned long load_elf_interp(struct elfhdr * interp_elf_ex, } *interp_load_addr = load_addr; - error = ((unsigned long) interp_elf_ex->e_entry) + load_addr; + error = ((unsigned long)interp_elf_ex->e_entry) + load_addr; out_close: kfree(elf_phdata); @@ -438,8 +461,8 @@ out: return error; } -static unsigned long load_aout_interp(struct exec * interp_ex, - struct file * interpreter) +static unsigned long load_aout_interp(struct exec *interp_ex, + struct file *interpreter) { unsigned long text_data, elf_entry = ~0UL; char __user * addr; @@ -458,7 +481,7 @@ static unsigned long load_aout_interp(struct exec * interp_ex, case ZMAGIC: case QMAGIC: offset = N_TXTOFF(*interp_ex); - addr = (char __user *) N_TXTADDR(*interp_ex); + addr = (char __user *)N_TXTADDR(*interp_ex); break; default: goto out; @@ -474,7 +497,6 @@ static unsigned long load_aout_interp(struct exec * interp_ex, flush_icache_range((unsigned long)addr, (unsigned long)addr + text_data); - down_write(¤t->mm->mmap_sem); do_brk(ELF_PAGESTART(text_data + ELF_MIN_ALIGN - 1), interp_ex->a_bss); @@ -494,21 +516,27 @@ out: #define INTERPRETER_AOUT 1 #define INTERPRETER_ELF 2 +#ifndef STACK_RND_MASK +#define STACK_RND_MASK (0x7ff >> (PAGE_SHIFT - 12)) /* 8MB of VA */ +#endif static unsigned long randomize_stack_top(unsigned long stack_top) { unsigned int random_variable = 0; - if (current->flags & PF_RANDOMIZE) - random_variable = get_random_int() % (8*1024*1024); + if ((current->flags & PF_RANDOMIZE) && + !(current->personality & ADDR_NO_RANDOMIZE)) { + random_variable = get_random_int() & STACK_RND_MASK; + random_variable <<= PAGE_SHIFT; + } #ifdef CONFIG_STACK_GROWSUP - return PAGE_ALIGN(stack_top + random_variable); + return PAGE_ALIGN(stack_top) + random_variable; #else - return PAGE_ALIGN(stack_top - random_variable); + return PAGE_ALIGN(stack_top) - random_variable; #endif } -static int load_elf_binary(struct linux_binprm * bprm, struct pt_regs * regs) +static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) { struct file *interpreter = NULL; /* to shut gcc up */ unsigned long load_addr = 0, load_bias = 0; @@ -517,7 +545,7 @@ static int load_elf_binary(struct linux_binprm * bprm, struct pt_regs * regs) unsigned int interpreter_type = INTERPRETER_NONE; unsigned char ibcs2_interpreter = 0; unsigned long error; - struct elf_phdr * elf_ppnt, *elf_phdata; + struct elf_phdr *elf_ppnt, *elf_phdata; unsigned long elf_bss, elf_brk; int elf_exec_fileno; int retval, i; @@ -527,7 +555,7 @@ static int load_elf_binary(struct linux_binprm * bprm, struct pt_regs * regs) unsigned long reloc_func_desc = 0; char passed_fileno[6]; struct files_struct *files; - int have_pt_gnu_stack, executable_stack = EXSTACK_DEFAULT; + int executable_stack = EXSTACK_DEFAULT; unsigned long def_flags = 0; struct { struct elfhdr elf_ex; @@ -542,7 +570,7 @@ static int load_elf_binary(struct linux_binprm * bprm, struct pt_regs * regs) } /* Get the exec-header */ - loc->elf_ex = *((struct elfhdr *) bprm->buf); + loc->elf_ex = *((struct elfhdr *)bprm->buf); retval = -ENOEXEC; /* First of all, some simple consistency checks */ @@ -557,7 +585,6 @@ static int load_elf_binary(struct linux_binprm * bprm, struct pt_regs * regs) goto out; /* Now read in all of the header information */ - if (loc->elf_ex.e_phentsize != sizeof(struct elf_phdr)) goto out; if (loc->elf_ex.e_phnum < 1 || @@ -565,18 +592,19 @@ static int load_elf_binary(struct linux_binprm * bprm, struct pt_regs * regs) goto out; size = loc->elf_ex.e_phnum * sizeof(struct elf_phdr); retval = -ENOMEM; - elf_phdata = (struct elf_phdr *) kmalloc(size, GFP_KERNEL); + elf_phdata = kmalloc(size, GFP_KERNEL); if (!elf_phdata) goto out; - retval = kernel_read(bprm->file, loc->elf_ex.e_phoff, (char *) elf_phdata, size); + retval = kernel_read(bprm->file, loc->elf_ex.e_phoff, + (char *)elf_phdata, size); if (retval != size) { if (retval >= 0) retval = -EIO; goto out_free_ph; } - files = current->files; /* Refcounted so ok */ + files = current->files; /* Refcounted so ok */ retval = unshare_files(); if (retval < 0) goto out_free_ph; @@ -587,7 +615,6 @@ static int load_elf_binary(struct linux_binprm * bprm, struct pt_regs * regs) /* exec will make our files private anyway, but for the a.out loader stuff we need to do it earlier */ - retval = get_unused_fd(); if (retval < 0) goto out_free_fh; @@ -609,21 +636,20 @@ static int load_elf_binary(struct linux_binprm * bprm, struct pt_regs * regs) * shared libraries - for now assume that this * is an a.out format binary */ - retval = -ENOEXEC; if (elf_ppnt->p_filesz > PATH_MAX || elf_ppnt->p_filesz < 2) goto out_free_file; retval = -ENOMEM; - elf_interpreter = (char *) kmalloc(elf_ppnt->p_filesz, - GFP_KERNEL); + elf_interpreter = kmalloc(elf_ppnt->p_filesz, + GFP_KERNEL); if (!elf_interpreter) goto out_free_file; retval = kernel_read(bprm->file, elf_ppnt->p_offset, - elf_interpreter, - elf_ppnt->p_filesz); + elf_interpreter, + elf_ppnt->p_filesz); if (retval != elf_ppnt->p_filesz) { if (retval >= 0) retval = -EIO; @@ -667,7 +693,17 @@ static int load_elf_binary(struct linux_binprm * bprm, struct pt_regs * regs) retval = PTR_ERR(interpreter); if (IS_ERR(interpreter)) goto out_free_interp; - retval = kernel_read(interpreter, 0, bprm->buf, BINPRM_BUF_SIZE); + + /* + * If the binary is not readable then enforce + * mm->dumpable = 0 regardless of the interpreter's + * permissions. + */ + if (file_permission(interpreter, MAY_READ) < 0) + bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP; + + retval = kernel_read(interpreter, 0, bprm->buf, + BINPRM_BUF_SIZE); if (retval != BINPRM_BUF_SIZE) { if (retval >= 0) retval = -EIO; @@ -675,8 +711,8 @@ static int load_elf_binary(struct linux_binprm * bprm, struct pt_regs * regs) } /* Get the exec headers */ - loc->interp_ex = *((struct exec *) bprm->buf); - loc->interp_elf_ex = *((struct elfhdr *) bprm->buf); + loc->interp_ex = *((struct exec *)bprm->buf); + loc->interp_elf_ex = *((struct elfhdr *)bprm->buf); break; } elf_ppnt++; @@ -691,7 +727,6 @@ static int load_elf_binary(struct linux_binprm * bprm, struct pt_regs * regs) executable_stack = EXSTACK_DISABLE_X; break; } - have_pt_gnu_stack = (i < loc->elf_ex.e_phnum); /* Some simple consistency checks for the interpreter */ if (elf_interpreter) { @@ -728,7 +763,6 @@ static int load_elf_binary(struct linux_binprm * bprm, struct pt_regs * regs) /* OK, we are done with that, now set up the arg stuff, and then start this sucker up */ - if ((!bprm->sh_bang) && (interpreter_type == INTERPRETER_AOUT)) { char *passed_p = passed_fileno; sprintf(passed_fileno, "%d", elf_exec_fileno); @@ -748,16 +782,11 @@ static int load_elf_binary(struct linux_binprm * bprm, struct pt_regs * regs) /* Discard our unneeded old files struct */ if (files) { - steal_locks(files); put_files_struct(files); files = NULL; } /* OK, This is the point of no return */ - current->mm->start_data = 0; - current->mm->end_data = 0; - current->mm->end_code = 0; - current->mm->mmap = NULL; current->flags &= ~PF_FORKNOEXEC; current->mm->def_flags = def_flags; @@ -767,7 +796,7 @@ static int load_elf_binary(struct linux_binprm * bprm, struct pt_regs * regs) if (elf_read_implies_exec(loc->elf_ex, executable_stack)) current->personality |= READ_IMPLIES_EXEC; - if ( !(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space) + if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space) current->flags |= PF_RANDOMIZE; arch_pick_mmap_layout(current->mm); @@ -788,8 +817,8 @@ static int load_elf_binary(struct linux_binprm * bprm, struct pt_regs * regs) the correct location in memory. At this point, we assume that the image should be loaded at fixed address, not at a variable address. */ - - for(i = 0, elf_ppnt = elf_phdata; i < loc->elf_ex.e_phnum; i++, elf_ppnt++) { + for(i = 0, elf_ppnt = elf_phdata; + i < loc->elf_ex.e_phnum; i++, elf_ppnt++) { int elf_prot = 0, elf_flags; unsigned long k, vaddr; @@ -817,32 +846,39 @@ static int load_elf_binary(struct linux_binprm * bprm, struct pt_regs * regs) load_bias, nbyte)) { /* * This bss-zeroing can fail if the ELF - * file specifies odd protections. So + * file specifies odd protections. So * we don't check the return value */ } } } - if (elf_ppnt->p_flags & PF_R) elf_prot |= PROT_READ; - if (elf_ppnt->p_flags & PF_W) elf_prot |= PROT_WRITE; - if (elf_ppnt->p_flags & PF_X) elf_prot |= PROT_EXEC; + if (elf_ppnt->p_flags & PF_R) + elf_prot |= PROT_READ; + if (elf_ppnt->p_flags & PF_W) + elf_prot |= PROT_WRITE; + if (elf_ppnt->p_flags & PF_X) + elf_prot |= PROT_EXEC; - elf_flags = MAP_PRIVATE|MAP_DENYWRITE|MAP_EXECUTABLE; + elf_flags = MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE; vaddr = elf_ppnt->p_vaddr; if (loc->elf_ex.e_type == ET_EXEC || load_addr_set) { elf_flags |= MAP_FIXED; } else if (loc->elf_ex.e_type == ET_DYN) { - /* Try and get dynamic programs out of the way of the default mmap - base, as well as whatever program they might try to exec. This - is because the brk will follow the loader, and is not movable. */ + /* Try and get dynamic programs out of the way of the + * default mmap base, as well as whatever program they + * might try to exec. This is because the brk will + * follow the loader, and is not movable. */ load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr); } - error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, elf_prot, elf_flags); + error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, + elf_prot, elf_flags); if (BAD_ADDR(error)) { send_sig(SIGKILL, current, 0); + retval = IS_ERR((void *)error) ? + PTR_ERR((void*)error) : -EINVAL; goto out_free_dentry; } @@ -857,19 +893,22 @@ static int load_elf_binary(struct linux_binprm * bprm, struct pt_regs * regs) } } k = elf_ppnt->p_vaddr; - if (k < start_code) start_code = k; - if (start_data < k) start_data = k; + if (k < start_code) + start_code = k; + if (start_data < k) + start_data = k; /* * Check to see if the section's size will overflow the * allowed task size. Note that p_filesz must always be * <= p_memsz so it is only necessary to check p_memsz. */ - if (k > TASK_SIZE || elf_ppnt->p_filesz > elf_ppnt->p_memsz || + if (BAD_ADDR(k) || elf_ppnt->p_filesz > elf_ppnt->p_memsz || elf_ppnt->p_memsz > TASK_SIZE || TASK_SIZE - elf_ppnt->p_memsz < k) { - /* set_brk can never work. Avoid overflows. */ + /* set_brk can never work. Avoid overflows. */ send_sig(SIGKILL, current, 0); + retval = -EINVAL; goto out_free_dentry; } @@ -919,10 +958,9 @@ static int load_elf_binary(struct linux_binprm * bprm, struct pt_regs * regs) interpreter, &interp_load_addr); if (BAD_ADDR(elf_entry)) { - printk(KERN_ERR "Unable to load interpreter %.128s\n", - elf_interpreter); force_sig(SIGSEGV, current); - retval = -ENOEXEC; /* Nobody gets to see this, but.. */ + retval = IS_ERR((void *)elf_entry) ? + (int)elf_entry : -EINVAL; goto out_free_dentry; } reloc_func_desc = interp_load_addr; @@ -932,6 +970,11 @@ static int load_elf_binary(struct linux_binprm * bprm, struct pt_regs * regs) kfree(elf_interpreter); } else { elf_entry = loc->elf_ex.e_entry; + if (BAD_ADDR(elf_entry)) { + force_sig(SIGSEGV, current); + retval = -EINVAL; + goto out_free_dentry; + } } kfree(elf_phdata); @@ -951,8 +994,13 @@ static int load_elf_binary(struct linux_binprm * bprm, struct pt_regs * regs) compute_creds(bprm); current->flags &= ~PF_FORKNOEXEC; - create_elf_tables(bprm, &loc->elf_ex, (interpreter_type == INTERPRETER_AOUT), - load_addr, interp_load_addr); + retval = create_elf_tables(bprm, &loc->elf_ex, + (interpreter_type == INTERPRETER_AOUT), + load_addr, interp_load_addr); + if (retval < 0) { + send_sig(SIGKILL, current, 0); + goto out; + } /* N.B. passed_fileno might not be initialized? */ if (interpreter_type == INTERPRETER_AOUT) current->mm->arg_start += strlen(passed_fileno) + 1; @@ -966,7 +1014,7 @@ static int load_elf_binary(struct linux_binprm * bprm, struct pt_regs * regs) /* Why this, you ask??? Well SVr4 maps page 0 as read-only, and some applications "depend" upon this behavior. Since we do not have the power to recompile these, we - emulate the SVr4 behavior. Sigh. */ + emulate the SVr4 behavior. Sigh. */ down_write(¤t->mm->mmap_sem); error = do_mmap(NULL, 0, PAGE_SIZE, PROT_READ | PROT_EXEC, MAP_FIXED | MAP_PRIVATE, 0); @@ -1010,10 +1058,8 @@ out_free_interp: out_free_file: sys_close(elf_exec_fileno); out_free_fh: - if (files) { - put_files_struct(current->files); - current->files = files; - } + if (files) + reset_files_struct(current, files); out_free_ph: kfree(elf_phdata); goto out; @@ -1021,7 +1067,6 @@ out_free_ph: /* This is really simpleminded and specialized - we are loading an a.out library that is given an ELF header. */ - static int load_elf_library(struct file *file) { struct elf_phdr *elf_phdata; @@ -1031,7 +1076,7 @@ static int load_elf_library(struct file *file) struct elfhdr elf_ex; error = -ENOEXEC; - retval = kernel_read(file, 0, (char *) &elf_ex, sizeof(elf_ex)); + retval = kernel_read(file, 0, (char *)&elf_ex, sizeof(elf_ex)); if (retval != sizeof(elf_ex)) goto out; @@ -1040,7 +1085,7 @@ static int load_elf_library(struct file *file) /* First of all, some simple consistency checks */ if (elf_ex.e_type != ET_EXEC || elf_ex.e_phnum > 2 || - !elf_check_arch(&elf_ex) || !file->f_op || !file->f_op->mmap) + !elf_check_arch(&elf_ex) || !file->f_op || !file->f_op->mmap) goto out; /* Now read in all of the header information */ @@ -1088,7 +1133,8 @@ static int load_elf_library(struct file *file) goto out_free_ph; } - len = ELF_PAGESTART(eppnt->p_filesz + eppnt->p_vaddr + ELF_MIN_ALIGN - 1); + len = ELF_PAGESTART(eppnt->p_filesz + eppnt->p_vaddr + + ELF_MIN_ALIGN - 1); bss = eppnt->p_memsz + eppnt->p_vaddr; if (bss > len) { down_write(¤t->mm->mmap_sem); @@ -1107,7 +1153,7 @@ out: * Note that some platforms still use traditional core dumps and not * the ELF core dump. Each platform can select it as appropriate. */ -#ifdef USE_ELF_CORE_DUMP +#if defined(USE_ELF_CORE_DUMP) && defined(CONFIG_ELF_CORE) /* * ELF core dumper @@ -1126,11 +1172,23 @@ static int dump_write(struct file *file, const void *addr, int nr) static int dump_seek(struct file *file, loff_t off) { - if (file->f_op->llseek) { - if (file->f_op->llseek(file, off, 0) != off) + if (file->f_op->llseek && file->f_op->llseek != no_llseek) { + if (file->f_op->llseek(file, off, SEEK_CUR) < 0) return 0; - } else - file->f_pos = off; + } else { + char *buf = (char *)get_zeroed_page(GFP_KERNEL); + if (!buf) + return 0; + while (off > 0) { + unsigned long n = off; + if (n > PAGE_SIZE) + n = PAGE_SIZE; + if (!dump_write(file, buf, n)) + return 0; + off -= n; + } + free_page((unsigned long)buf); + } return 1; } @@ -1141,25 +1199,31 @@ static int dump_seek(struct file *file, loff_t off) * * I think we should skip something. But I am not sure how. H.J. */ -static int maydump(struct vm_area_struct *vma) +static int maydump(struct vm_area_struct *vma, unsigned long mm_flags) { + /* The vma can be set up to tell us the answer directly. */ + if (vma->vm_flags & VM_ALWAYSDUMP) + return 1; + /* Do not dump I/O mapped devices or special mappings */ if (vma->vm_flags & (VM_IO | VM_RESERVED)) return 0; - /* Dump shared memory only if mapped from an anonymous file. */ - if (vma->vm_flags & VM_SHARED) - return vma->vm_file->f_dentry->d_inode->i_nlink == 0; + /* By default, dump shared memory if mapped from an anonymous file. */ + if (vma->vm_flags & VM_SHARED) { + if (vma->vm_file->f_path.dentry->d_inode->i_nlink == 0) + return test_bit(MMF_DUMP_ANON_SHARED, &mm_flags); + else + return test_bit(MMF_DUMP_MAPPED_SHARED, &mm_flags); + } - /* If it hasn't been written to, don't write it out */ + /* By default, if it hasn't been written to, don't write it out. */ if (!vma->anon_vma) - return 0; + return test_bit(MMF_DUMP_MAPPED_PRIVATE, &mm_flags); - return 1; + return test_bit(MMF_DUMP_ANON_PRIVATE, &mm_flags); } -#define roundup(x, y) ((((x)+((y)-1))/(y))*(y)) - /* An ELF note in memory */ struct memelfnote { @@ -1180,30 +1244,35 @@ static int notesize(struct memelfnote *en) return sz; } -#define DUMP_WRITE(addr, nr) \ - do { if (!dump_write(file, (addr), (nr))) return 0; } while(0) -#define DUMP_SEEK(off) \ - do { if (!dump_seek(file, (off))) return 0; } while(0) +#define DUMP_WRITE(addr, nr, foffset) \ + do { if (!dump_write(file, (addr), (nr))) return 0; *foffset += (nr); } while(0) -static int writenote(struct memelfnote *men, struct file *file) +static int alignfile(struct file *file, loff_t *foffset) { - struct elf_note en; + static const char buf[4] = { 0, }; + DUMP_WRITE(buf, roundup(*foffset, 4) - *foffset, foffset); + return 1; +} +static int writenote(struct memelfnote *men, struct file *file, + loff_t *foffset) +{ + struct elf_note en; en.n_namesz = strlen(men->name) + 1; en.n_descsz = men->datasz; en.n_type = men->type; - DUMP_WRITE(&en, sizeof(en)); - DUMP_WRITE(men->name, en.n_namesz); - /* XXX - cast from long long to long to avoid need for libgcc.a */ - DUMP_SEEK(roundup((unsigned long)file->f_pos, 4)); /* XXX */ - DUMP_WRITE(men->data, men->datasz); - DUMP_SEEK(roundup((unsigned long)file->f_pos, 4)); /* XXX */ + DUMP_WRITE(&en, sizeof(en), foffset); + DUMP_WRITE(men->name, en.n_namesz, foffset); + if (!alignfile(file, foffset)) + return 0; + DUMP_WRITE(men->data, men->datasz, foffset); + if (!alignfile(file, foffset)) + return 0; return 1; } #undef DUMP_WRITE -#undef DUMP_SEEK #define DUMP_WRITE(addr, nr) \ if ((size += (nr)) > limit || !dump_write(file, (addr), (nr))) \ @@ -1212,7 +1281,7 @@ static int writenote(struct memelfnote *men, struct file *file) if (!dump_seek(file, (off))) \ goto end_coredump; -static inline void fill_elf_header(struct elfhdr *elf, int segs) +static void fill_elf_header(struct elfhdr *elf, int segs) { memcpy(elf->e_ident, ELFMAG, SELFMAG); elf->e_ident[EI_CLASS] = ELF_CLASS; @@ -1237,7 +1306,7 @@ static inline void fill_elf_header(struct elfhdr *elf, int segs) return; } -static inline void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, off_t offset) +static void fill_elf_note_phdr(struct elf_phdr *phdr, int sz, loff_t offset) { phdr->p_type = PT_NOTE; phdr->p_offset = offset; @@ -1261,11 +1330,11 @@ static void fill_note(struct memelfnote *note, const char *name, int type, } /* - * fill up all the fields in prstatus from the given task struct, except registers - * which need to be filled up separately. + * fill up all the fields in prstatus from the given task struct, except + * registers which need to be filled up separately. */ static void fill_prstatus(struct elf_prstatus *prstatus, - struct task_struct *p, long signr) + struct task_struct *p, long signr) { prstatus->pr_info.si_signo = prstatus->pr_cursig = signr; prstatus->pr_sigpend = p->pending.signal.sig[0]; @@ -1273,7 +1342,7 @@ static void fill_prstatus(struct elf_prstatus *prstatus, prstatus->pr_pid = p->pid; prstatus->pr_ppid = p->parent->pid; prstatus->pr_pgrp = process_group(p); - prstatus->pr_sid = p->signal->session; + prstatus->pr_sid = process_session(p); if (thread_group_leader(p)) { /* * This is the record for the group leader. Add in the @@ -1319,11 +1388,11 @@ static int fill_psinfo(struct elf_prpsinfo *psinfo, struct task_struct *p, psinfo->pr_pid = p->pid; psinfo->pr_ppid = p->parent->pid; psinfo->pr_pgrp = process_group(p); - psinfo->pr_sid = p->signal->session; + psinfo->pr_sid = process_session(p); i = p->state ? ffz(~p->state) + 1 : 0; psinfo->pr_state = i; - psinfo->pr_sname = (i < 0 || i > 5) ? '.' : "RSDTZW"[i]; + psinfo->pr_sname = (i > 5) ? '.' : "RSDTZW"[i]; psinfo->pr_zomb = psinfo->pr_sname == 'Z'; psinfo->pr_nice = task_nice(p); psinfo->pr_flag = p->flags; @@ -1350,8 +1419,8 @@ struct elf_thread_status /* * In order to add the specific thread information for the elf file format, - * we need to keep a linked list of every threads pr_status and then - * create a single section for them in the final core file. + * we need to keep a linked list of every threads pr_status and then create + * a single section for them in the final core file. */ static int elf_dump_thread_status(long signr, struct elf_thread_status *t) { @@ -1362,19 +1431,23 @@ static int elf_dump_thread_status(long signr, struct elf_thread_status *t) fill_prstatus(&t->prstatus, p, signr); elf_core_copy_task_regs(p, &t->prstatus.pr_reg); - fill_note(&t->notes[0], "CORE", NT_PRSTATUS, sizeof(t->prstatus), &(t->prstatus)); + fill_note(&t->notes[0], "CORE", NT_PRSTATUS, sizeof(t->prstatus), + &(t->prstatus)); t->num_notes++; sz += notesize(&t->notes[0]); - if ((t->prstatus.pr_fpvalid = elf_core_copy_task_fpregs(p, NULL, &t->fpu))) { - fill_note(&t->notes[1], "CORE", NT_PRFPREG, sizeof(t->fpu), &(t->fpu)); + if ((t->prstatus.pr_fpvalid = elf_core_copy_task_fpregs(p, NULL, + &t->fpu))) { + fill_note(&t->notes[1], "CORE", NT_PRFPREG, sizeof(t->fpu), + &(t->fpu)); t->num_notes++; sz += notesize(&t->notes[1]); } #ifdef ELF_CORE_COPY_XFPREGS if (elf_core_copy_task_xfpregs(p, &t->xfpu)) { - fill_note(&t->notes[2], "LINUX", NT_PRXFPREG, sizeof(t->xfpu), &t->xfpu); + fill_note(&t->notes[2], "LINUX", NT_PRXFPREG, sizeof(t->xfpu), + &t->xfpu); t->num_notes++; sz += notesize(&t->notes[2]); } @@ -1382,6 +1455,32 @@ static int elf_dump_thread_status(long signr, struct elf_thread_status *t) return sz; } +static struct vm_area_struct *first_vma(struct task_struct *tsk, + struct vm_area_struct *gate_vma) +{ + struct vm_area_struct *ret = tsk->mm->mmap; + + if (ret) + return ret; + return gate_vma; +} +/* + * Helper function for iterating across a vma list. It ensures that the caller + * will visit `gate_vma' prior to terminating the search. + */ +static struct vm_area_struct *next_vma(struct vm_area_struct *this_vma, + struct vm_area_struct *gate_vma) +{ + struct vm_area_struct *ret; + + ret = this_vma->vm_next; + if (ret) + return ret; + if (this_vma == gate_vma) + return NULL; + return gate_vma; +} + /* * Actual dumper * @@ -1389,7 +1488,7 @@ static int elf_dump_thread_status(long signr, struct elf_thread_status *t) * and then they are actually written out. If we run out of core limit * we just truncate. */ -static int elf_core_dump(long signr, struct pt_regs * regs, struct file * file) +static int elf_core_dump(long signr, struct pt_regs *regs, struct file *file) { #define NUM_NOTES 6 int has_dumped = 0; @@ -1397,9 +1496,9 @@ static int elf_core_dump(long signr, struct pt_regs * regs, struct file * file) int segs; size_t size = 0; int i; - struct vm_area_struct *vma; + struct vm_area_struct *vma, *gate_vma; struct elfhdr *elf = NULL; - off_t offset = 0, dataoff; + loff_t offset = 0, dataoff, foffset; unsigned long limit = current->signal->rlim[RLIMIT_CORE].rlim_cur; int numnote; struct memelfnote *notes = NULL; @@ -1414,16 +1513,20 @@ static int elf_core_dump(long signr, struct pt_regs * regs, struct file * file) #endif int thread_status_size = 0; elf_addr_t *auxv; + unsigned long mm_flags; +#ifdef ELF_CORE_WRITE_EXTRA_NOTES + int extra_notes_size; +#endif /* * We no longer stop all VM operations. * - * This is because those proceses that could possibly change map_count or - * the mmap / vma pages are now blocked in do_exit on current finishing - * this core dump. + * This is because those proceses that could possibly change map_count + * or the mmap / vma pages are now blocked in do_exit on current + * finishing this core dump. * * Only ptrace can touch these memory addresses, but it doesn't change - * the map_count or the pages allocated. So no possibility of crashing + * the map_count or the pages allocated. So no possibility of crashing * exists while dumping the mm->vm_next areas to the core file. */ @@ -1451,21 +1554,19 @@ static int elf_core_dump(long signr, struct pt_regs * regs, struct file * file) if (signr) { struct elf_thread_status *tmp; - read_lock(&tasklist_lock); + rcu_read_lock(); do_each_thread(g,p) if (current->mm == p->mm && current != p) { - tmp = kmalloc(sizeof(*tmp), GFP_ATOMIC); + tmp = kzalloc(sizeof(*tmp), GFP_ATOMIC); if (!tmp) { - read_unlock(&tasklist_lock); + rcu_read_unlock(); goto cleanup; } - memset(tmp, 0, sizeof(*tmp)); - INIT_LIST_HEAD(&tmp->list); tmp->thread = p; list_add(&tmp->list, &thread_list); } while_each_thread(g,p); - read_unlock(&tasklist_lock); + rcu_read_unlock(); list_for_each(t, &thread_list) { struct elf_thread_status *tmp; int sz; @@ -1485,8 +1586,12 @@ static int elf_core_dump(long signr, struct pt_regs * regs, struct file * file) segs += ELF_CORE_EXTRA_PHDRS; #endif + gate_vma = get_gate_vma(current); + if (gate_vma != NULL) + segs++; + /* Set up header */ - fill_elf_header(elf, segs+1); /* including notes section */ + fill_elf_header(elf, segs + 1); /* including notes section */ has_dumped = 1; current->flags |= PF_DUMPCORE; @@ -1496,24 +1601,24 @@ static int elf_core_dump(long signr, struct pt_regs * regs, struct file * file) * with info from their /proc. */ - fill_note(notes +0, "CORE", NT_PRSTATUS, sizeof(*prstatus), prstatus); - + fill_note(notes + 0, "CORE", NT_PRSTATUS, sizeof(*prstatus), prstatus); fill_psinfo(psinfo, current->group_leader, current->mm); - fill_note(notes +1, "CORE", NT_PRPSINFO, sizeof(*psinfo), psinfo); + fill_note(notes + 1, "CORE", NT_PRPSINFO, sizeof(*psinfo), psinfo); numnote = 2; - auxv = (elf_addr_t *) current->mm->saved_auxv; + auxv = (elf_addr_t *)current->mm->saved_auxv; i = 0; do i += 2; while (auxv[i - 2] != AT_NULL); fill_note(¬es[numnote++], "CORE", NT_AUXV, - i * sizeof (elf_addr_t), auxv); + i * sizeof(elf_addr_t), auxv); /* Try to dump the FPU. */ - if ((prstatus->pr_fpvalid = elf_core_copy_task_fpregs(current, regs, fpu))) + if ((prstatus->pr_fpvalid = + elf_core_copy_task_fpregs(current, regs, fpu))) fill_note(notes + numnote++, "CORE", NT_PRFPREG, sizeof(*fpu), fpu); #ifdef ELF_CORE_COPY_XFPREGS @@ -1527,7 +1632,8 @@ static int elf_core_dump(long signr, struct pt_regs * regs, struct file * file) DUMP_WRITE(elf, sizeof(*elf)); offset += sizeof(*elf); /* Elf header */ - offset += (segs+1) * sizeof(struct elf_phdr); /* Program headers */ + offset += (segs + 1) * sizeof(struct elf_phdr); /* Program headers */ + foffset = offset; /* Write notes phdr entry */ { @@ -1539,16 +1645,28 @@ static int elf_core_dump(long signr, struct pt_regs * regs, struct file * file) sz += thread_status_size; +#ifdef ELF_CORE_WRITE_EXTRA_NOTES + extra_notes_size = ELF_CORE_EXTRA_NOTES_SIZE; + sz += extra_notes_size; +#endif + fill_elf_note_phdr(&phdr, sz, offset); offset += sz; DUMP_WRITE(&phdr, sizeof(phdr)); } - /* Page-align dumped data */ dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE); + /* + * We must use the same mm->flags while dumping core to avoid + * inconsistency between the program headers and bodies, otherwise an + * unusable core file can be generated. + */ + mm_flags = current->mm->flags; + /* Write program headers for segments dump */ - for (vma = current->mm->mmap; vma != NULL; vma = vma->vm_next) { + for (vma = first_vma(current, gate_vma); vma != NULL; + vma = next_vma(vma, gate_vma)) { struct elf_phdr phdr; size_t sz; @@ -1558,12 +1676,14 @@ static int elf_core_dump(long signr, struct pt_regs * regs, struct file * file) phdr.p_offset = offset; phdr.p_vaddr = vma->vm_start; phdr.p_paddr = 0; - phdr.p_filesz = maydump(vma) ? sz : 0; + phdr.p_filesz = maydump(vma, mm_flags) ? sz : 0; phdr.p_memsz = sz; offset += phdr.p_filesz; phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0; - if (vma->vm_flags & VM_WRITE) phdr.p_flags |= PF_W; - if (vma->vm_flags & VM_EXEC) phdr.p_flags |= PF_X; + if (vma->vm_flags & VM_WRITE) + phdr.p_flags |= PF_W; + if (vma->vm_flags & VM_EXEC) + phdr.p_flags |= PF_X; phdr.p_align = ELF_EXEC_PAGESIZE; DUMP_WRITE(&phdr, sizeof(phdr)); @@ -1575,40 +1695,53 @@ static int elf_core_dump(long signr, struct pt_regs * regs, struct file * file) /* write out the notes section */ for (i = 0; i < numnote; i++) - if (!writenote(notes + i, file)) + if (!writenote(notes + i, file, &foffset)) goto end_coredump; +#ifdef ELF_CORE_WRITE_EXTRA_NOTES + ELF_CORE_WRITE_EXTRA_NOTES; + foffset += extra_notes_size; +#endif + /* write out the thread status notes section */ list_for_each(t, &thread_list) { - struct elf_thread_status *tmp = list_entry(t, struct elf_thread_status, list); + struct elf_thread_status *tmp = + list_entry(t, struct elf_thread_status, list); + for (i = 0; i < tmp->num_notes; i++) - if (!writenote(&tmp->notes[i], file)) + if (!writenote(&tmp->notes[i], file, &foffset)) goto end_coredump; } - - DUMP_SEEK(dataoff); - for (vma = current->mm->mmap; vma != NULL; vma = vma->vm_next) { + /* Align to page */ + DUMP_SEEK(dataoff - foffset); + + for (vma = first_vma(current, gate_vma); vma != NULL; + vma = next_vma(vma, gate_vma)) { unsigned long addr; - if (!maydump(vma)) + if (!maydump(vma, mm_flags)) continue; for (addr = vma->vm_start; addr < vma->vm_end; addr += PAGE_SIZE) { - struct page* page; + struct page *page; struct vm_area_struct *vma; if (get_user_pages(current, current->mm, addr, 1, 0, 1, &page, &vma) <= 0) { - DUMP_SEEK (file->f_pos + PAGE_SIZE); + DUMP_SEEK(PAGE_SIZE); } else { if (page == ZERO_PAGE(addr)) { - DUMP_SEEK (file->f_pos + PAGE_SIZE); + if (!dump_seek(file, PAGE_SIZE)) { + page_cache_release(page); + goto end_coredump; + } } else { void *kaddr; - flush_cache_page(vma, addr, page_to_pfn(page)); + flush_cache_page(vma, addr, + page_to_pfn(page)); kaddr = kmap(page); if ((size += PAGE_SIZE) > limit || !dump_write(file, kaddr, @@ -1628,17 +1761,11 @@ static int elf_core_dump(long signr, struct pt_regs * regs, struct file * file) ELF_CORE_WRITE_EXTRA_DATA; #endif - if ((off_t) file->f_pos != offset) { - /* Sanity check */ - printk("elf_core_dump: file->f_pos (%ld) != offset (%ld)\n", - (off_t) file->f_pos, offset); - } - end_coredump: set_fs(fs); cleanup: - while(!list_empty(&thread_list)) { + while (!list_empty(&thread_list)) { struct list_head *tmp = thread_list.next; list_del(tmp); kfree(list_entry(tmp, struct elf_thread_status, list));