122int
123__elfN(insert_brand_entry)(Elf_Brandinfo *entry)
124{
125 int i;
126
127 for (i = 0; i < MAX_BRANDS; i++) {
128 if (elf_brand_list[i] == NULL) {
129 elf_brand_list[i] = entry;
130 break;
131 }
132 }
133 if (i == MAX_BRANDS)
134 return (-1);
135 return (0);
136}
137
138int
139__elfN(remove_brand_entry)(Elf_Brandinfo *entry)
140{
141 int i;
142
143 for (i = 0; i < MAX_BRANDS; i++) {
144 if (elf_brand_list[i] == entry) {
145 elf_brand_list[i] = NULL;
146 break;
147 }
148 }
149 if (i == MAX_BRANDS)
150 return (-1);
151 return (0);
152}
153
154int
155__elfN(brand_inuse)(Elf_Brandinfo *entry)
156{
157 struct proc *p;
158 int rval = FALSE;
159
160 sx_slock(&allproc_lock);
161 FOREACH_PROC_IN_SYSTEM(p) {
162 if (p->p_sysent == entry->sysvec) {
163 rval = TRUE;
164 break;
165 }
166 }
167 sx_sunlock(&allproc_lock);
168
169 return (rval);
170}
171
172static Elf_Brandinfo *
173__elfN(get_brandinfo)(struct image_params *imgp, const char *interp,
174 int32_t *osrel)
175{
176 const Elf_Ehdr *hdr = (const Elf_Ehdr *)imgp->image_header;
177 Elf_Brandinfo *bi;
178 boolean_t ret;
179 int i;
180
181 /*
182 * We support four types of branding -- (1) the ELF EI_OSABI field
183 * that SCO added to the ELF spec, (2) FreeBSD 3.x's traditional string
184 * branding w/in the ELF header, (3) path of the `interp_path'
185 * field, and (4) the ".note.ABI-tag" ELF section.
186 */
187
188 /* Look for an ".note.ABI-tag" ELF section */
189 for (i = 0; i < MAX_BRANDS; i++) {
190 bi = elf_brand_list[i];
191 if (bi != NULL && hdr->e_machine == bi->machine &&
192 (bi->flags & BI_BRAND_NOTE) != 0) {
193 ret = __elfN(check_note)(imgp, bi->brand_note, osrel);
194 if (ret)
195 return (bi);
196 }
197 }
198
199 /* If the executable has a brand, search for it in the brand list. */
200 for (i = 0; i < MAX_BRANDS; i++) {
201 bi = elf_brand_list[i];
202 if (bi != NULL && hdr->e_machine == bi->machine &&
203 (hdr->e_ident[EI_OSABI] == bi->brand ||
204 strncmp((const char *)&hdr->e_ident[OLD_EI_BRAND],
205 bi->compat_3_brand, strlen(bi->compat_3_brand)) == 0))
206 return (bi);
207 }
208
209 /* Lacking a known brand, search for a recognized interpreter. */
210 if (interp != NULL) {
211 for (i = 0; i < MAX_BRANDS; i++) {
212 bi = elf_brand_list[i];
213 if (bi != NULL && hdr->e_machine == bi->machine &&
214 strcmp(interp, bi->interp_path) == 0)
215 return (bi);
216 }
217 }
218
219 /* Lacking a recognized interpreter, try the default brand */
220 for (i = 0; i < MAX_BRANDS; i++) {
221 bi = elf_brand_list[i];
222 if (bi != NULL && hdr->e_machine == bi->machine &&
223 __elfN(fallback_brand) == bi->brand)
224 return (bi);
225 }
226 return (NULL);
227}
228
229static int
230__elfN(check_header)(const Elf_Ehdr *hdr)
231{
232 Elf_Brandinfo *bi;
233 int i;
234
235 if (!IS_ELF(*hdr) ||
236 hdr->e_ident[EI_CLASS] != ELF_TARG_CLASS ||
237 hdr->e_ident[EI_DATA] != ELF_TARG_DATA ||
238 hdr->e_ident[EI_VERSION] != EV_CURRENT ||
239 hdr->e_phentsize != sizeof(Elf_Phdr) ||
240 hdr->e_version != ELF_TARG_VER)
241 return (ENOEXEC);
242
243 /*
244 * Make sure we have at least one brand for this machine.
245 */
246
247 for (i = 0; i < MAX_BRANDS; i++) {
248 bi = elf_brand_list[i];
249 if (bi != NULL && bi->machine == hdr->e_machine)
250 break;
251 }
252 if (i == MAX_BRANDS)
253 return (ENOEXEC);
254
255 return (0);
256}
257
258static int
259__elfN(map_partial)(vm_map_t map, vm_object_t object, vm_ooffset_t offset,
260 vm_offset_t start, vm_offset_t end, vm_prot_t prot)
261{
262 struct sf_buf *sf;
263 int error;
264 vm_offset_t off;
265
266 /*
267 * Create the page if it doesn't exist yet. Ignore errors.
268 */
269 vm_map_lock(map);
270 vm_map_insert(map, NULL, 0, trunc_page(start), round_page(end),
271 VM_PROT_ALL, VM_PROT_ALL, 0);
272 vm_map_unlock(map);
273
274 /*
275 * Find the page from the underlying object.
276 */
277 if (object) {
278 sf = vm_imgact_map_page(object, offset);
279 if (sf == NULL)
280 return (KERN_FAILURE);
281 off = offset - trunc_page(offset);
282 error = copyout((caddr_t)sf_buf_kva(sf) + off, (caddr_t)start,
283 end - start);
284 vm_imgact_unmap_page(sf);
285 if (error) {
286 return (KERN_FAILURE);
287 }
288 }
289
290 return (KERN_SUCCESS);
291}
292
293static int
294__elfN(map_insert)(vm_map_t map, vm_object_t object, vm_ooffset_t offset,
295 vm_offset_t start, vm_offset_t end, vm_prot_t prot, int cow)
296{
297 struct sf_buf *sf;
298 vm_offset_t off;
299 vm_size_t sz;
300 int error, rv;
301
302 if (start != trunc_page(start)) {
303 rv = __elfN(map_partial)(map, object, offset, start,
304 round_page(start), prot);
305 if (rv)
306 return (rv);
307 offset += round_page(start) - start;
308 start = round_page(start);
309 }
310 if (end != round_page(end)) {
311 rv = __elfN(map_partial)(map, object, offset +
312 trunc_page(end) - start, trunc_page(end), end, prot);
313 if (rv)
314 return (rv);
315 end = trunc_page(end);
316 }
317 if (end > start) {
318 if (offset & PAGE_MASK) {
319 /*
320 * The mapping is not page aligned. This means we have
321 * to copy the data. Sigh.
322 */
323 rv = vm_map_find(map, NULL, 0, &start, end - start,
324 FALSE, prot | VM_PROT_WRITE, VM_PROT_ALL, 0);
325 if (rv)
326 return (rv);
327 if (object == NULL)
328 return (KERN_SUCCESS);
329 for (; start < end; start += sz) {
330 sf = vm_imgact_map_page(object, offset);
331 if (sf == NULL)
332 return (KERN_FAILURE);
333 off = offset - trunc_page(offset);
334 sz = end - start;
335 if (sz > PAGE_SIZE - off)
336 sz = PAGE_SIZE - off;
337 error = copyout((caddr_t)sf_buf_kva(sf) + off,
338 (caddr_t)start, sz);
339 vm_imgact_unmap_page(sf);
340 if (error) {
341 return (KERN_FAILURE);
342 }
343 offset += sz;
344 }
345 rv = KERN_SUCCESS;
346 } else {
347 vm_object_reference(object);
348 vm_map_lock(map);
349 rv = vm_map_insert(map, object, offset, start, end,
350 prot, VM_PROT_ALL, cow);
351 vm_map_unlock(map);
352 if (rv != KERN_SUCCESS)
353 vm_object_deallocate(object);
354 }
355 return (rv);
356 } else {
357 return (KERN_SUCCESS);
358 }
359}
360
361static int
362__elfN(load_section)(struct vmspace *vmspace,
363 vm_object_t object, vm_offset_t offset,
364 caddr_t vmaddr, size_t memsz, size_t filsz, vm_prot_t prot,
365 size_t pagesize)
366{
367 struct sf_buf *sf;
368 size_t map_len;
369 vm_offset_t map_addr;
370 int error, rv, cow;
371 size_t copy_len;
372 vm_offset_t file_addr;
373
374 /*
375 * It's necessary to fail if the filsz + offset taken from the
376 * header is greater than the actual file pager object's size.
377 * If we were to allow this, then the vm_map_find() below would
378 * walk right off the end of the file object and into the ether.
379 *
380 * While I'm here, might as well check for something else that
381 * is invalid: filsz cannot be greater than memsz.
382 */
383 if ((off_t)filsz + offset > object->un_pager.vnp.vnp_size ||
384 filsz > memsz) {
385 uprintf("elf_load_section: truncated ELF file\n");
386 return (ENOEXEC);
387 }
388
389 map_addr = trunc_page_ps((vm_offset_t)vmaddr, pagesize);
390 file_addr = trunc_page_ps(offset, pagesize);
391
392 /*
393 * We have two choices. We can either clear the data in the last page
394 * of an oversized mapping, or we can start the anon mapping a page
395 * early and copy the initialized data into that first page. We
396 * choose the second..
397 */
398 if (memsz > filsz)
399 map_len = trunc_page_ps(offset + filsz, pagesize) - file_addr;
400 else
401 map_len = round_page_ps(offset + filsz, pagesize) - file_addr;
402
403 if (map_len != 0) {
404 /* cow flags: don't dump readonly sections in core */
405 cow = MAP_COPY_ON_WRITE | MAP_PREFAULT |
406 (prot & VM_PROT_WRITE ? 0 : MAP_DISABLE_COREDUMP);
407
408 rv = __elfN(map_insert)(&vmspace->vm_map,
409 object,
410 file_addr, /* file offset */
411 map_addr, /* virtual start */
412 map_addr + map_len,/* virtual end */
413 prot,
414 cow);
415 if (rv != KERN_SUCCESS)
416 return (EINVAL);
417
418 /* we can stop now if we've covered it all */
419 if (memsz == filsz) {
420 return (0);
421 }
422 }
423
424
425 /*
426 * We have to get the remaining bit of the file into the first part
427 * of the oversized map segment. This is normally because the .data
428 * segment in the file is extended to provide bss. It's a neat idea
429 * to try and save a page, but it's a pain in the behind to implement.
430 */
431 copy_len = (offset + filsz) - trunc_page_ps(offset + filsz, pagesize);
432 map_addr = trunc_page_ps((vm_offset_t)vmaddr + filsz, pagesize);
433 map_len = round_page_ps((vm_offset_t)vmaddr + memsz, pagesize) -
434 map_addr;
435
436 /* This had damn well better be true! */
437 if (map_len != 0) {
438 rv = __elfN(map_insert)(&vmspace->vm_map, NULL, 0, map_addr,
439 map_addr + map_len, VM_PROT_ALL, 0);
440 if (rv != KERN_SUCCESS) {
441 return (EINVAL);
442 }
443 }
444
445 if (copy_len != 0) {
446 vm_offset_t off;
447
448 sf = vm_imgact_map_page(object, offset + filsz);
449 if (sf == NULL)
450 return (EIO);
451
452 /* send the page fragment to user space */
453 off = trunc_page_ps(offset + filsz, pagesize) -
454 trunc_page(offset + filsz);
455 error = copyout((caddr_t)sf_buf_kva(sf) + off,
456 (caddr_t)map_addr, copy_len);
457 vm_imgact_unmap_page(sf);
458 if (error) {
459 return (error);
460 }
461 }
462
463 /*
464 * set it to the specified protection.
465 * XXX had better undo the damage from pasting over the cracks here!
466 */
467 vm_map_protect(&vmspace->vm_map, trunc_page(map_addr),
468 round_page(map_addr + map_len), prot, FALSE);
469
470 return (0);
471}
472
473/*
474 * Load the file "file" into memory. It may be either a shared object
475 * or an executable.
476 *
477 * The "addr" reference parameter is in/out. On entry, it specifies
478 * the address where a shared object should be loaded. If the file is
479 * an executable, this value is ignored. On exit, "addr" specifies
480 * where the file was actually loaded.
481 *
482 * The "entry" reference parameter is out only. On exit, it specifies
483 * the entry point for the loaded file.
484 */
485static int
486__elfN(load_file)(struct proc *p, const char *file, u_long *addr,
487 u_long *entry, size_t pagesize)
488{
489 struct {
490 struct nameidata nd;
491 struct vattr attr;
492 struct image_params image_params;
493 } *tempdata;
494 const Elf_Ehdr *hdr = NULL;
495 const Elf_Phdr *phdr = NULL;
496 struct nameidata *nd;
497 struct vmspace *vmspace = p->p_vmspace;
498 struct vattr *attr;
499 struct image_params *imgp;
500 vm_prot_t prot;
501 u_long rbase;
502 u_long base_addr = 0;
503 int vfslocked, error, i, numsegs;
504
505 tempdata = malloc(sizeof(*tempdata), M_TEMP, M_WAITOK);
506 nd = &tempdata->nd;
507 attr = &tempdata->attr;
508 imgp = &tempdata->image_params;
509
510 /*
511 * Initialize part of the common data
512 */
513 imgp->proc = p;
514 imgp->attr = attr;
515 imgp->firstpage = NULL;
516 imgp->image_header = NULL;
517 imgp->object = NULL;
518 imgp->execlabel = NULL;
519
520 NDINIT(nd, LOOKUP, MPSAFE|LOCKLEAF|FOLLOW, UIO_SYSSPACE, file,
521 curthread);
522 vfslocked = 0;
523 if ((error = namei(nd)) != 0) {
524 nd->ni_vp = NULL;
525 goto fail;
526 }
527 vfslocked = NDHASGIANT(nd);
528 NDFREE(nd, NDF_ONLY_PNBUF);
529 imgp->vp = nd->ni_vp;
530
531 /*
532 * Check permissions, modes, uid, etc on the file, and "open" it.
533 */
534 error = exec_check_permissions(imgp);
535 if (error)
536 goto fail;
537
538 error = exec_map_first_page(imgp);
539 if (error)
540 goto fail;
541
542 /*
543 * Also make certain that the interpreter stays the same, so set
544 * its VV_TEXT flag, too.
545 */
546 nd->ni_vp->v_vflag |= VV_TEXT;
547
548 imgp->object = nd->ni_vp->v_object;
549
550 hdr = (const Elf_Ehdr *)imgp->image_header;
551 if ((error = __elfN(check_header)(hdr)) != 0)
552 goto fail;
553 if (hdr->e_type == ET_DYN)
554 rbase = *addr;
555 else if (hdr->e_type == ET_EXEC)
556 rbase = 0;
557 else {
558 error = ENOEXEC;
559 goto fail;
560 }
561
562 /* Only support headers that fit within first page for now */
563 /* (multiplication of two Elf_Half fields will not overflow) */
564 if ((hdr->e_phoff > PAGE_SIZE) ||
565 (hdr->e_phentsize * hdr->e_phnum) > PAGE_SIZE - hdr->e_phoff) {
566 error = ENOEXEC;
567 goto fail;
568 }
569
570 phdr = (const Elf_Phdr *)(imgp->image_header + hdr->e_phoff);
571 if (!aligned(phdr, Elf_Addr)) {
572 error = ENOEXEC;
573 goto fail;
574 }
575
576 for (i = 0, numsegs = 0; i < hdr->e_phnum; i++) {
577 if (phdr[i].p_type == PT_LOAD) { /* Loadable segment */
578 prot = 0;
579 if (phdr[i].p_flags & PF_X)
580 prot |= VM_PROT_EXECUTE;
581 if (phdr[i].p_flags & PF_W)
582 prot |= VM_PROT_WRITE;
583 if (phdr[i].p_flags & PF_R)
584 prot |= VM_PROT_READ;
585
586 if ((error = __elfN(load_section)(vmspace,
587 imgp->object, phdr[i].p_offset,
588 (caddr_t)(uintptr_t)phdr[i].p_vaddr + rbase,
589 phdr[i].p_memsz, phdr[i].p_filesz, prot,
590 pagesize)) != 0)
591 goto fail;
592 /*
593 * Establish the base address if this is the
594 * first segment.
595 */
596 if (numsegs == 0)
597 base_addr = trunc_page(phdr[i].p_vaddr +
598 rbase);
599 numsegs++;
600 }
601 }
602 *addr = base_addr;
603 *entry = (unsigned long)hdr->e_entry + rbase;
604
605fail:
606 if (imgp->firstpage)
607 exec_unmap_first_page(imgp);
608
609 if (nd->ni_vp)
610 vput(nd->ni_vp);
611
612 VFS_UNLOCK_GIANT(vfslocked);
613 free(tempdata, M_TEMP);
614
615 return (error);
616}
617
618static int
619__CONCAT(exec_, __elfN(imgact))(struct image_params *imgp)
620{
621 const Elf_Ehdr *hdr = (const Elf_Ehdr *)imgp->image_header;
622 const Elf_Phdr *phdr;
623 Elf_Auxargs *elf_auxargs;
624 struct vmspace *vmspace;
625 vm_prot_t prot;
626 u_long text_size = 0, data_size = 0, total_size = 0;
627 u_long text_addr = 0, data_addr = 0;
628 u_long seg_size, seg_addr;
629 u_long addr, entry = 0, proghdr = 0;
630 int32_t osrel = 0;
631 int error = 0, i;
632 const char *interp = NULL, *newinterp = NULL;
633 Elf_Brandinfo *brand_info;
634 char *path;
635 struct sysentvec *sv;
636
637 /*
638 * Do we have a valid ELF header ?
639 *
640 * Only allow ET_EXEC & ET_DYN here, reject ET_DYN later
641 * if particular brand doesn't support it.
642 */
643 if (__elfN(check_header)(hdr) != 0 ||
644 (hdr->e_type != ET_EXEC && hdr->e_type != ET_DYN))
645 return (-1);
646
647 /*
648 * From here on down, we return an errno, not -1, as we've
649 * detected an ELF file.
650 */
651
652 if ((hdr->e_phoff > PAGE_SIZE) ||
653 (hdr->e_phoff + hdr->e_phentsize * hdr->e_phnum) > PAGE_SIZE) {
654 /* Only support headers in first page for now */
655 return (ENOEXEC);
656 }
657 phdr = (const Elf_Phdr *)(imgp->image_header + hdr->e_phoff);
658 if (!aligned(phdr, Elf_Addr))
659 return (ENOEXEC);
660 for (i = 0; i < hdr->e_phnum; i++) {
661 if (phdr[i].p_type == PT_INTERP) {
662 /* Path to interpreter */
663 if (phdr[i].p_filesz > MAXPATHLEN ||
664 phdr[i].p_offset + phdr[i].p_filesz > PAGE_SIZE)
665 return (ENOEXEC);
666 interp = imgp->image_header + phdr[i].p_offset;
667 break;
668 }
669 }
670
671 brand_info = __elfN(get_brandinfo)(imgp, interp, &osrel);
672 if (brand_info == NULL) {
673 uprintf("ELF binary type \"%u\" not known.\n",
674 hdr->e_ident[EI_OSABI]);
675 return (ENOEXEC);
676 }
677 if (hdr->e_type == ET_DYN &&
678 (brand_info->flags & BI_CAN_EXEC_DYN) == 0)
679 return (ENOEXEC);
680 sv = brand_info->sysvec;
681 if (interp != NULL && brand_info->interp_newpath != NULL)
682 newinterp = brand_info->interp_newpath;
683
684 /*
685 * Avoid a possible deadlock if the current address space is destroyed
686 * and that address space maps the locked vnode. In the common case,
687 * the locked vnode's v_usecount is decremented but remains greater
688 * than zero. Consequently, the vnode lock is not needed by vrele().
689 * However, in cases where the vnode lock is external, such as nullfs,
690 * v_usecount may become zero.
691 */
692 VOP_UNLOCK(imgp->vp, 0);
693
694 error = exec_new_vmspace(imgp, sv);
695 imgp->proc->p_sysent = sv;
696
697 vn_lock(imgp->vp, LK_EXCLUSIVE | LK_RETRY);
698 if (error)
699 return (error);
700
701 vmspace = imgp->proc->p_vmspace;
702
703 for (i = 0; i < hdr->e_phnum; i++) {
704 switch (phdr[i].p_type) {
705 case PT_LOAD: /* Loadable segment */
706 prot = 0;
707 if (phdr[i].p_flags & PF_X)
708 prot |= VM_PROT_EXECUTE;
709 if (phdr[i].p_flags & PF_W)
710 prot |= VM_PROT_WRITE;
711 if (phdr[i].p_flags & PF_R)
712 prot |= VM_PROT_READ;
713
714#if defined(__ia64__) && __ELF_WORD_SIZE == 32 && defined(IA32_ME_HARDER)
715 /*
716 * Some x86 binaries assume read == executable,
717 * notably the M3 runtime and therefore cvsup
718 */
719 if (prot & VM_PROT_READ)
720 prot |= VM_PROT_EXECUTE;
721#endif
722
723 if ((error = __elfN(load_section)(vmspace,
724 imgp->object, phdr[i].p_offset,
725 (caddr_t)(uintptr_t)phdr[i].p_vaddr,
726 phdr[i].p_memsz, phdr[i].p_filesz, prot,
727 sv->sv_pagesize)) != 0)
728 return (error);
729
730 /*
731 * If this segment contains the program headers,
732 * remember their virtual address for the AT_PHDR
733 * aux entry. Static binaries don't usually include
734 * a PT_PHDR entry.
735 */
736 if (phdr[i].p_offset == 0 &&
737 hdr->e_phoff + hdr->e_phnum * hdr->e_phentsize
738 <= phdr[i].p_filesz)
739 proghdr = phdr[i].p_vaddr + hdr->e_phoff;
740
741 seg_addr = trunc_page(phdr[i].p_vaddr);
742 seg_size = round_page(phdr[i].p_memsz +
743 phdr[i].p_vaddr - seg_addr);
744
745 /*
746 * Is this .text or .data? We can't use
747 * VM_PROT_WRITE or VM_PROT_EXEC, it breaks the
748 * alpha terribly and possibly does other bad
749 * things so we stick to the old way of figuring
750 * it out: If the segment contains the program
751 * entry point, it's a text segment, otherwise it
752 * is a data segment.
753 *
754 * Note that obreak() assumes that data_addr +
755 * data_size == end of data load area, and the ELF
756 * file format expects segments to be sorted by
757 * address. If multiple data segments exist, the
758 * last one will be used.
759 */
760 if (hdr->e_entry >= phdr[i].p_vaddr &&
761 hdr->e_entry < (phdr[i].p_vaddr +
762 phdr[i].p_memsz)) {
763 text_size = seg_size;
764 text_addr = seg_addr;
765 entry = (u_long)hdr->e_entry;
766 } else {
767 data_size = seg_size;
768 data_addr = seg_addr;
769 }
770 total_size += seg_size;
771 break;
772 case PT_PHDR: /* Program header table info */
773 proghdr = phdr[i].p_vaddr;
774 break;
775 default:
776 break;
777 }
778 }
779
780 if (data_addr == 0 && data_size == 0) {
781 data_addr = text_addr;
782 data_size = text_size;
783 }
784
785 /*
786 * Check limits. It should be safe to check the
787 * limits after loading the segments since we do
788 * not actually fault in all the segments pages.
789 */
790 PROC_LOCK(imgp->proc);
791 if (data_size > lim_cur(imgp->proc, RLIMIT_DATA) ||
792 text_size > maxtsiz ||
793 total_size > lim_cur(imgp->proc, RLIMIT_VMEM)) {
794 PROC_UNLOCK(imgp->proc);
795 return (ENOMEM);
796 }
797
798 vmspace->vm_tsize = text_size >> PAGE_SHIFT;
799 vmspace->vm_taddr = (caddr_t)(uintptr_t)text_addr;
800 vmspace->vm_dsize = data_size >> PAGE_SHIFT;
801 vmspace->vm_daddr = (caddr_t)(uintptr_t)data_addr;
802
803 /*
804 * We load the dynamic linker where a userland call
805 * to mmap(0, ...) would put it. The rationale behind this
806 * calculation is that it leaves room for the heap to grow to
807 * its maximum allowed size.
808 */
809 addr = round_page((vm_offset_t)imgp->proc->p_vmspace->vm_daddr +
810 lim_max(imgp->proc, RLIMIT_DATA));
811 PROC_UNLOCK(imgp->proc);
812
813 imgp->entry_addr = entry;
814
815 if (interp != NULL) {
816 int have_interp = FALSE;
817 VOP_UNLOCK(imgp->vp, 0);
818 if (brand_info->emul_path != NULL &&
819 brand_info->emul_path[0] != '\0') {
820 path = malloc(MAXPATHLEN, M_TEMP, M_WAITOK);
821 snprintf(path, MAXPATHLEN, "%s%s",
822 brand_info->emul_path, interp);
823 error = __elfN(load_file)(imgp->proc, path, &addr,
824 &imgp->entry_addr, sv->sv_pagesize);
825 free(path, M_TEMP);
826 if (error == 0)
827 have_interp = TRUE;
828 }
829 if (!have_interp && newinterp != NULL) {
830 error = __elfN(load_file)(imgp->proc, newinterp, &addr,
831 &imgp->entry_addr, sv->sv_pagesize);
832 if (error == 0)
833 have_interp = TRUE;
834 }
835 if (!have_interp) {
836 error = __elfN(load_file)(imgp->proc, interp, &addr,
837 &imgp->entry_addr, sv->sv_pagesize);
838 }
839 vn_lock(imgp->vp, LK_EXCLUSIVE | LK_RETRY);
840 if (error != 0) {
841 uprintf("ELF interpreter %s not found\n", interp);
842 return (error);
843 }
844 } else
845 addr = 0;
846
847 /*
848 * Construct auxargs table (used by the fixup routine)
849 */
850 elf_auxargs = malloc(sizeof(Elf_Auxargs), M_TEMP, M_WAITOK);
851 elf_auxargs->execfd = -1;
852 elf_auxargs->phdr = proghdr;
853 elf_auxargs->phent = hdr->e_phentsize;
854 elf_auxargs->phnum = hdr->e_phnum;
855 elf_auxargs->pagesz = PAGE_SIZE;
856 elf_auxargs->base = addr;
857 elf_auxargs->flags = 0;
858 elf_auxargs->entry = entry;
859
860 imgp->auxargs = elf_auxargs;
861 imgp->interpreted = 0;
862 imgp->proc->p_osrel = osrel;
863
864 return (error);
865}
866
867#define suword __CONCAT(suword, __ELF_WORD_SIZE)
868
869int
870__elfN(freebsd_fixup)(register_t **stack_base, struct image_params *imgp)
871{
872 Elf_Auxargs *args = (Elf_Auxargs *)imgp->auxargs;
873 Elf_Addr *base;
874 Elf_Addr *pos;
875
876 base = (Elf_Addr *)*stack_base;
877 pos = base + (imgp->args->argc + imgp->args->envc + 2);
878
879 if (args->execfd != -1)
880 AUXARGS_ENTRY(pos, AT_EXECFD, args->execfd);
881 AUXARGS_ENTRY(pos, AT_PHDR, args->phdr);
882 AUXARGS_ENTRY(pos, AT_PHENT, args->phent);
883 AUXARGS_ENTRY(pos, AT_PHNUM, args->phnum);
884 AUXARGS_ENTRY(pos, AT_PAGESZ, args->pagesz);
885 AUXARGS_ENTRY(pos, AT_FLAGS, args->flags);
886 AUXARGS_ENTRY(pos, AT_ENTRY, args->entry);
887 AUXARGS_ENTRY(pos, AT_BASE, args->base);
888 if (imgp->execpathp != 0)
889 AUXARGS_ENTRY(pos, AT_EXECPATH, imgp->execpathp);
890 AUXARGS_ENTRY(pos, AT_NULL, 0);
891
892 free(imgp->auxargs, M_TEMP);
893 imgp->auxargs = NULL;
894
895 base--;
896 suword(base, (long)imgp->args->argc);
897 *stack_base = (register_t *)base;
898 return (0);
899}
900
901/*
902 * Code for generating ELF core dumps.
903 */
904
905typedef void (*segment_callback)(vm_map_entry_t, void *);
906
907/* Closure for cb_put_phdr(). */
908struct phdr_closure {
909 Elf_Phdr *phdr; /* Program header to fill in */
910 Elf_Off offset; /* Offset of segment in core file */
911};
912
913/* Closure for cb_size_segment(). */
914struct sseg_closure {
915 int count; /* Count of writable segments. */
916 size_t size; /* Total size of all writable segments. */
917};
918
919static void cb_put_phdr(vm_map_entry_t, void *);
920static void cb_size_segment(vm_map_entry_t, void *);
921static void each_writable_segment(struct thread *, segment_callback, void *);
922static int __elfN(corehdr)(struct thread *, struct vnode *, struct ucred *,
923 int, void *, size_t);
924static void __elfN(puthdr)(struct thread *, void *, size_t *, int);
925static void __elfN(putnote)(void *, size_t *, const char *, int,
926 const void *, size_t);
927
928int
929__elfN(coredump)(td, vp, limit)
930 struct thread *td;
931 struct vnode *vp;
932 off_t limit;
933{
934 struct ucred *cred = td->td_ucred;
935 int error = 0;
936 struct sseg_closure seginfo;
937 void *hdr;
938 size_t hdrsize;
939
940 /* Size the program segments. */
941 seginfo.count = 0;
942 seginfo.size = 0;
943 each_writable_segment(td, cb_size_segment, &seginfo);
944
945 /*
946 * Calculate the size of the core file header area by making
947 * a dry run of generating it. Nothing is written, but the
948 * size is calculated.
949 */
950 hdrsize = 0;
951 __elfN(puthdr)(td, (void *)NULL, &hdrsize, seginfo.count);
952
953 if (hdrsize + seginfo.size >= limit)
954 return (EFAULT);
955
956 /*
957 * Allocate memory for building the header, fill it up,
958 * and write it out.
959 */
960 hdr = malloc(hdrsize, M_TEMP, M_WAITOK);
961 if (hdr == NULL) {
962 return (EINVAL);
963 }
964 error = __elfN(corehdr)(td, vp, cred, seginfo.count, hdr, hdrsize);
965
966 /* Write the contents of all of the writable segments. */
967 if (error == 0) {
968 Elf_Phdr *php;
969 off_t offset;
970 int i;
971
972 php = (Elf_Phdr *)((char *)hdr + sizeof(Elf_Ehdr)) + 1;
973 offset = hdrsize;
974 for (i = 0; i < seginfo.count; i++) {
975 error = vn_rdwr_inchunks(UIO_WRITE, vp,
976 (caddr_t)(uintptr_t)php->p_vaddr,
977 php->p_filesz, offset, UIO_USERSPACE,
978 IO_UNIT | IO_DIRECT, cred, NOCRED, NULL,
979 curthread);
980 if (error != 0)
981 break;
982 offset += php->p_filesz;
983 php++;
984 }
985 }
986 free(hdr, M_TEMP);
987
988 return (error);
989}
990
991/*
992 * A callback for each_writable_segment() to write out the segment's
993 * program header entry.
994 */
995static void
996cb_put_phdr(entry, closure)
997 vm_map_entry_t entry;
998 void *closure;
999{
1000 struct phdr_closure *phc = (struct phdr_closure *)closure;
1001 Elf_Phdr *phdr = phc->phdr;
1002
1003 phc->offset = round_page(phc->offset);
1004
1005 phdr->p_type = PT_LOAD;
1006 phdr->p_offset = phc->offset;
1007 phdr->p_vaddr = entry->start;
1008 phdr->p_paddr = 0;
1009 phdr->p_filesz = phdr->p_memsz = entry->end - entry->start;
1010 phdr->p_align = PAGE_SIZE;
1011 phdr->p_flags = 0;
1012 if (entry->protection & VM_PROT_READ)
1013 phdr->p_flags |= PF_R;
1014 if (entry->protection & VM_PROT_WRITE)
1015 phdr->p_flags |= PF_W;
1016 if (entry->protection & VM_PROT_EXECUTE)
1017 phdr->p_flags |= PF_X;
1018
1019 phc->offset += phdr->p_filesz;
1020 phc->phdr++;
1021}
1022
1023/*
1024 * A callback for each_writable_segment() to gather information about
1025 * the number of segments and their total size.
1026 */
1027static void
1028cb_size_segment(entry, closure)
1029 vm_map_entry_t entry;
1030 void *closure;
1031{
1032 struct sseg_closure *ssc = (struct sseg_closure *)closure;
1033
1034 ssc->count++;
1035 ssc->size += entry->end - entry->start;
1036}
1037
1038/*
1039 * For each writable segment in the process's memory map, call the given
1040 * function with a pointer to the map entry and some arbitrary
1041 * caller-supplied data.
1042 */
1043static void
1044each_writable_segment(td, func, closure)
1045 struct thread *td;
1046 segment_callback func;
1047 void *closure;
1048{
1049 struct proc *p = td->td_proc;
1050 vm_map_t map = &p->p_vmspace->vm_map;
1051 vm_map_entry_t entry;
1052 vm_object_t backing_object, object;
1053 boolean_t ignore_entry;
1054
1055 vm_map_lock_read(map);
1056 for (entry = map->header.next; entry != &map->header;
1057 entry = entry->next) {
1058 /*
1059 * Don't dump inaccessible mappings, deal with legacy
1060 * coredump mode.
1061 *
1062 * Note that read-only segments related to the elf binary
1063 * are marked MAP_ENTRY_NOCOREDUMP now so we no longer
1064 * need to arbitrarily ignore such segments.
1065 */
1066 if (elf_legacy_coredump) {
1067 if ((entry->protection & VM_PROT_RW) != VM_PROT_RW)
1068 continue;
1069 } else {
1070 if ((entry->protection & VM_PROT_ALL) == 0)
1071 continue;
1072 }
1073
1074 /*
1075 * Dont include memory segment in the coredump if
1076 * MAP_NOCORE is set in mmap(2) or MADV_NOCORE in
1077 * madvise(2). Do not dump submaps (i.e. parts of the
1078 * kernel map).
1079 */
1080 if (entry->eflags & (MAP_ENTRY_NOCOREDUMP|MAP_ENTRY_IS_SUB_MAP))
1081 continue;
1082
1083 if ((object = entry->object.vm_object) == NULL)
1084 continue;
1085
1086 /* Ignore memory-mapped devices and such things. */
1087 VM_OBJECT_LOCK(object);
1088 while ((backing_object = object->backing_object) != NULL) {
1089 VM_OBJECT_LOCK(backing_object);
1090 VM_OBJECT_UNLOCK(object);
1091 object = backing_object;
1092 }
1093 ignore_entry = object->type != OBJT_DEFAULT &&
1094 object->type != OBJT_SWAP && object->type != OBJT_VNODE;
1095 VM_OBJECT_UNLOCK(object);
1096 if (ignore_entry)
1097 continue;
1098
1099 (*func)(entry, closure);
1100 }
1101 vm_map_unlock_read(map);
1102}
1103
1104/*
1105 * Write the core file header to the file, including padding up to
1106 * the page boundary.
1107 */
1108static int
1109__elfN(corehdr)(td, vp, cred, numsegs, hdr, hdrsize)
1110 struct thread *td;
1111 struct vnode *vp;
1112 struct ucred *cred;
1113 int numsegs;
1114 size_t hdrsize;
1115 void *hdr;
1116{
1117 size_t off;
1118
1119 /* Fill in the header. */
1120 bzero(hdr, hdrsize);
1121 off = 0;
1122 __elfN(puthdr)(td, hdr, &off, numsegs);
1123
1124 /* Write it to the core file. */
1125 return (vn_rdwr_inchunks(UIO_WRITE, vp, hdr, hdrsize, (off_t)0,
1126 UIO_SYSSPACE, IO_UNIT | IO_DIRECT, cred, NOCRED, NULL,
1127 td));
1128}
1129
1130#if defined(COMPAT_IA32) && __ELF_WORD_SIZE == 32
1131typedef struct prstatus32 elf_prstatus_t;
1132typedef struct prpsinfo32 elf_prpsinfo_t;
1133typedef struct fpreg32 elf_prfpregset_t;
1134typedef struct fpreg32 elf_fpregset_t;
1135typedef struct reg32 elf_gregset_t;
1136#else
1137typedef prstatus_t elf_prstatus_t;
1138typedef prpsinfo_t elf_prpsinfo_t;
1139typedef prfpregset_t elf_prfpregset_t;
1140typedef prfpregset_t elf_fpregset_t;
1141typedef gregset_t elf_gregset_t;
1142#endif
1143
1144static void
1145__elfN(puthdr)(struct thread *td, void *dst, size_t *off, int numsegs)
1146{
1147 struct {
1148 elf_prstatus_t status;
1149 elf_prfpregset_t fpregset;
1150 elf_prpsinfo_t psinfo;
1151 } *tempdata;
1152 elf_prstatus_t *status;
1153 elf_prfpregset_t *fpregset;
1154 elf_prpsinfo_t *psinfo;
1155 struct proc *p;
1156 struct thread *thr;
1157 size_t ehoff, noteoff, notesz, phoff;
1158
1159 p = td->td_proc;
1160
1161 ehoff = *off;
1162 *off += sizeof(Elf_Ehdr);
1163
1164 phoff = *off;
1165 *off += (numsegs + 1) * sizeof(Elf_Phdr);
1166
1167 noteoff = *off;
1168 /*
1169 * Don't allocate space for the notes if we're just calculating
1170 * the size of the header. We also don't collect the data.
1171 */
1172 if (dst != NULL) {
1173 tempdata = malloc(sizeof(*tempdata), M_TEMP, M_ZERO|M_WAITOK);
1174 status = &tempdata->status;
1175 fpregset = &tempdata->fpregset;
1176 psinfo = &tempdata->psinfo;
1177 } else {
1178 tempdata = NULL;
1179 status = NULL;
1180 fpregset = NULL;
1181 psinfo = NULL;
1182 }
1183
1184 if (dst != NULL) {
1185 psinfo->pr_version = PRPSINFO_VERSION;
1186 psinfo->pr_psinfosz = sizeof(elf_prpsinfo_t);
1187 strlcpy(psinfo->pr_fname, p->p_comm, sizeof(psinfo->pr_fname));
1188 /*
1189 * XXX - We don't fill in the command line arguments properly
1190 * yet.
1191 */
1192 strlcpy(psinfo->pr_psargs, p->p_comm,
1193 sizeof(psinfo->pr_psargs));
1194 }
1195 __elfN(putnote)(dst, off, "FreeBSD", NT_PRPSINFO, psinfo,
1196 sizeof *psinfo);
1197
1198 /*
1199 * To have the debugger select the right thread (LWP) as the initial
1200 * thread, we dump the state of the thread passed to us in td first.
1201 * This is the thread that causes the core dump and thus likely to
1202 * be the right thread one wants to have selected in the debugger.
1203 */
1204 thr = td;
1205 while (thr != NULL) {
1206 if (dst != NULL) {
1207 status->pr_version = PRSTATUS_VERSION;
1208 status->pr_statussz = sizeof(elf_prstatus_t);
1209 status->pr_gregsetsz = sizeof(elf_gregset_t);
1210 status->pr_fpregsetsz = sizeof(elf_fpregset_t);
1211 status->pr_osreldate = osreldate;
1212 status->pr_cursig = p->p_sig;
1213 status->pr_pid = thr->td_tid;
1214#if defined(COMPAT_IA32) && __ELF_WORD_SIZE == 32
1215 fill_regs32(thr, &status->pr_reg);
1216 fill_fpregs32(thr, fpregset);
1217#else
1218 fill_regs(thr, &status->pr_reg);
1219 fill_fpregs(thr, fpregset);
1220#endif
1221 }
1222 __elfN(putnote)(dst, off, "FreeBSD", NT_PRSTATUS, status,
1223 sizeof *status);
1224 __elfN(putnote)(dst, off, "FreeBSD", NT_FPREGSET, fpregset,
1225 sizeof *fpregset);
1226 /*
1227 * Allow for MD specific notes, as well as any MD
1228 * specific preparations for writing MI notes.
1229 */
1230 __elfN(dump_thread)(thr, dst, off);
1231
1232 thr = (thr == td) ? TAILQ_FIRST(&p->p_threads) :
1233 TAILQ_NEXT(thr, td_plist);
1234 if (thr == td)
1235 thr = TAILQ_NEXT(thr, td_plist);
1236 }
1237
1238 notesz = *off - noteoff;
1239
1240 if (dst != NULL)
1241 free(tempdata, M_TEMP);
1242
1243 /* Align up to a page boundary for the program segments. */
1244 *off = round_page(*off);
1245
1246 if (dst != NULL) {
1247 Elf_Ehdr *ehdr;
1248 Elf_Phdr *phdr;
1249 struct phdr_closure phc;
1250
1251 /*
1252 * Fill in the ELF header.
1253 */
1254 ehdr = (Elf_Ehdr *)((char *)dst + ehoff);
1255 ehdr->e_ident[EI_MAG0] = ELFMAG0;
1256 ehdr->e_ident[EI_MAG1] = ELFMAG1;
1257 ehdr->e_ident[EI_MAG2] = ELFMAG2;
1258 ehdr->e_ident[EI_MAG3] = ELFMAG3;
1259 ehdr->e_ident[EI_CLASS] = ELF_CLASS;
1260 ehdr->e_ident[EI_DATA] = ELF_DATA;
1261 ehdr->e_ident[EI_VERSION] = EV_CURRENT;
1262 ehdr->e_ident[EI_OSABI] = ELFOSABI_FREEBSD;
1263 ehdr->e_ident[EI_ABIVERSION] = 0;
1264 ehdr->e_ident[EI_PAD] = 0;
1265 ehdr->e_type = ET_CORE;
1266#if defined(COMPAT_IA32) && __ELF_WORD_SIZE == 32
1267 ehdr->e_machine = EM_386;
1268#else
1269 ehdr->e_machine = ELF_ARCH;
1270#endif
1271 ehdr->e_version = EV_CURRENT;
1272 ehdr->e_entry = 0;
1273 ehdr->e_phoff = phoff;
1274 ehdr->e_flags = 0;
1275 ehdr->e_ehsize = sizeof(Elf_Ehdr);
1276 ehdr->e_phentsize = sizeof(Elf_Phdr);
1277 ehdr->e_phnum = numsegs + 1;
1278 ehdr->e_shentsize = sizeof(Elf_Shdr);
1279 ehdr->e_shnum = 0;
1280 ehdr->e_shstrndx = SHN_UNDEF;
1281
1282 /*
1283 * Fill in the program header entries.
1284 */
1285 phdr = (Elf_Phdr *)((char *)dst + phoff);
1286
1287 /* The note segement. */
1288 phdr->p_type = PT_NOTE;
1289 phdr->p_offset = noteoff;
1290 phdr->p_vaddr = 0;
1291 phdr->p_paddr = 0;
1292 phdr->p_filesz = notesz;
1293 phdr->p_memsz = 0;
1294 phdr->p_flags = 0;
1295 phdr->p_align = 0;
1296 phdr++;
1297
1298 /* All the writable segments from the program. */
1299 phc.phdr = phdr;
1300 phc.offset = *off;
1301 each_writable_segment(td, cb_put_phdr, &phc);
1302 }
1303}
1304
1305static void
1306__elfN(putnote)(void *dst, size_t *off, const char *name, int type,
1307 const void *desc, size_t descsz)
1308{
1309 Elf_Note note;
1310
1311 note.n_namesz = strlen(name) + 1;
1312 note.n_descsz = descsz;
1313 note.n_type = type;
1314 if (dst != NULL)
1315 bcopy(¬e, (char *)dst + *off, sizeof note);
1316 *off += sizeof note;
1317 if (dst != NULL)
1318 bcopy(name, (char *)dst + *off, note.n_namesz);
1319 *off += roundup2(note.n_namesz, sizeof(Elf_Size));
1320 if (dst != NULL)
1321 bcopy(desc, (char *)dst + *off, note.n_descsz);
1322 *off += roundup2(note.n_descsz, sizeof(Elf_Size));
1323}
1324
1325/*
1326 * Try to find the appropriate ABI-note section for checknote,
1327 * fetch the osreldate for binary from the ELF OSABI-note. Only the
1328 * first page of the image is searched, the same as for headers.
1329 */
1330static boolean_t
1331__elfN(check_note)(struct image_params *imgp, Elf_Brandnote *checknote,
1332 int32_t *osrel)
1333{
1334 const Elf_Note *note, *note0, *note_end;
1335 const Elf_Phdr *phdr, *pnote;
1336 const Elf_Ehdr *hdr;
1337 const char *note_name;
1338 int i;
1339
1340 pnote = NULL;
1341 hdr = (const Elf_Ehdr *)imgp->image_header;
1342 phdr = (const Elf_Phdr *)(imgp->image_header + hdr->e_phoff);
1343
1344 for (i = 0; i < hdr->e_phnum; i++) {
1345 if (phdr[i].p_type == PT_NOTE) {
1346 pnote = &phdr[i];
1347 break;
1348 }
1349 }
1350
1351 if (pnote == NULL || pnote->p_offset >= PAGE_SIZE ||
1352 pnote->p_offset + pnote->p_filesz >= PAGE_SIZE)
1353 return (FALSE);
1354
1355 note = note0 = (const Elf_Note *)(imgp->image_header + pnote->p_offset);
1356 note_end = (const Elf_Note *)(imgp->image_header +
1357 pnote->p_offset + pnote->p_filesz);
1358 for (i = 0; i < 100 && note >= note0 && note < note_end; i++) {
1359 if (!aligned(note, Elf32_Addr))
1360 return (FALSE);
1361 if (note->n_namesz != checknote->hdr.n_namesz ||
1362 note->n_descsz != checknote->hdr.n_descsz ||
1363 note->n_type != checknote->hdr.n_type)
1364 goto nextnote;
1365 note_name = (const char *)(note + 1);
1366 if (strncmp(checknote->vendor, note_name,
1367 checknote->hdr.n_namesz) != 0)
1368 goto nextnote;
1369
1370 /*
1371 * Fetch the osreldate for binary
1372 * from the ELF OSABI-note if necessary.
1373 */
| 172int
173__elfN(insert_brand_entry)(Elf_Brandinfo *entry)
174{
175 int i;
176
177 for (i = 0; i < MAX_BRANDS; i++) {
178 if (elf_brand_list[i] == NULL) {
179 elf_brand_list[i] = entry;
180 break;
181 }
182 }
183 if (i == MAX_BRANDS)
184 return (-1);
185 return (0);
186}
187
188int
189__elfN(remove_brand_entry)(Elf_Brandinfo *entry)
190{
191 int i;
192
193 for (i = 0; i < MAX_BRANDS; i++) {
194 if (elf_brand_list[i] == entry) {
195 elf_brand_list[i] = NULL;
196 break;
197 }
198 }
199 if (i == MAX_BRANDS)
200 return (-1);
201 return (0);
202}
203
204int
205__elfN(brand_inuse)(Elf_Brandinfo *entry)
206{
207 struct proc *p;
208 int rval = FALSE;
209
210 sx_slock(&allproc_lock);
211 FOREACH_PROC_IN_SYSTEM(p) {
212 if (p->p_sysent == entry->sysvec) {
213 rval = TRUE;
214 break;
215 }
216 }
217 sx_sunlock(&allproc_lock);
218
219 return (rval);
220}
221
222static Elf_Brandinfo *
223__elfN(get_brandinfo)(struct image_params *imgp, const char *interp,
224 int32_t *osrel)
225{
226 const Elf_Ehdr *hdr = (const Elf_Ehdr *)imgp->image_header;
227 Elf_Brandinfo *bi;
228 boolean_t ret;
229 int i;
230
231 /*
232 * We support four types of branding -- (1) the ELF EI_OSABI field
233 * that SCO added to the ELF spec, (2) FreeBSD 3.x's traditional string
234 * branding w/in the ELF header, (3) path of the `interp_path'
235 * field, and (4) the ".note.ABI-tag" ELF section.
236 */
237
238 /* Look for an ".note.ABI-tag" ELF section */
239 for (i = 0; i < MAX_BRANDS; i++) {
240 bi = elf_brand_list[i];
241 if (bi != NULL && hdr->e_machine == bi->machine &&
242 (bi->flags & BI_BRAND_NOTE) != 0) {
243 ret = __elfN(check_note)(imgp, bi->brand_note, osrel);
244 if (ret)
245 return (bi);
246 }
247 }
248
249 /* If the executable has a brand, search for it in the brand list. */
250 for (i = 0; i < MAX_BRANDS; i++) {
251 bi = elf_brand_list[i];
252 if (bi != NULL && hdr->e_machine == bi->machine &&
253 (hdr->e_ident[EI_OSABI] == bi->brand ||
254 strncmp((const char *)&hdr->e_ident[OLD_EI_BRAND],
255 bi->compat_3_brand, strlen(bi->compat_3_brand)) == 0))
256 return (bi);
257 }
258
259 /* Lacking a known brand, search for a recognized interpreter. */
260 if (interp != NULL) {
261 for (i = 0; i < MAX_BRANDS; i++) {
262 bi = elf_brand_list[i];
263 if (bi != NULL && hdr->e_machine == bi->machine &&
264 strcmp(interp, bi->interp_path) == 0)
265 return (bi);
266 }
267 }
268
269 /* Lacking a recognized interpreter, try the default brand */
270 for (i = 0; i < MAX_BRANDS; i++) {
271 bi = elf_brand_list[i];
272 if (bi != NULL && hdr->e_machine == bi->machine &&
273 __elfN(fallback_brand) == bi->brand)
274 return (bi);
275 }
276 return (NULL);
277}
278
279static int
280__elfN(check_header)(const Elf_Ehdr *hdr)
281{
282 Elf_Brandinfo *bi;
283 int i;
284
285 if (!IS_ELF(*hdr) ||
286 hdr->e_ident[EI_CLASS] != ELF_TARG_CLASS ||
287 hdr->e_ident[EI_DATA] != ELF_TARG_DATA ||
288 hdr->e_ident[EI_VERSION] != EV_CURRENT ||
289 hdr->e_phentsize != sizeof(Elf_Phdr) ||
290 hdr->e_version != ELF_TARG_VER)
291 return (ENOEXEC);
292
293 /*
294 * Make sure we have at least one brand for this machine.
295 */
296
297 for (i = 0; i < MAX_BRANDS; i++) {
298 bi = elf_brand_list[i];
299 if (bi != NULL && bi->machine == hdr->e_machine)
300 break;
301 }
302 if (i == MAX_BRANDS)
303 return (ENOEXEC);
304
305 return (0);
306}
307
308static int
309__elfN(map_partial)(vm_map_t map, vm_object_t object, vm_ooffset_t offset,
310 vm_offset_t start, vm_offset_t end, vm_prot_t prot)
311{
312 struct sf_buf *sf;
313 int error;
314 vm_offset_t off;
315
316 /*
317 * Create the page if it doesn't exist yet. Ignore errors.
318 */
319 vm_map_lock(map);
320 vm_map_insert(map, NULL, 0, trunc_page(start), round_page(end),
321 VM_PROT_ALL, VM_PROT_ALL, 0);
322 vm_map_unlock(map);
323
324 /*
325 * Find the page from the underlying object.
326 */
327 if (object) {
328 sf = vm_imgact_map_page(object, offset);
329 if (sf == NULL)
330 return (KERN_FAILURE);
331 off = offset - trunc_page(offset);
332 error = copyout((caddr_t)sf_buf_kva(sf) + off, (caddr_t)start,
333 end - start);
334 vm_imgact_unmap_page(sf);
335 if (error) {
336 return (KERN_FAILURE);
337 }
338 }
339
340 return (KERN_SUCCESS);
341}
342
343static int
344__elfN(map_insert)(vm_map_t map, vm_object_t object, vm_ooffset_t offset,
345 vm_offset_t start, vm_offset_t end, vm_prot_t prot, int cow)
346{
347 struct sf_buf *sf;
348 vm_offset_t off;
349 vm_size_t sz;
350 int error, rv;
351
352 if (start != trunc_page(start)) {
353 rv = __elfN(map_partial)(map, object, offset, start,
354 round_page(start), prot);
355 if (rv)
356 return (rv);
357 offset += round_page(start) - start;
358 start = round_page(start);
359 }
360 if (end != round_page(end)) {
361 rv = __elfN(map_partial)(map, object, offset +
362 trunc_page(end) - start, trunc_page(end), end, prot);
363 if (rv)
364 return (rv);
365 end = trunc_page(end);
366 }
367 if (end > start) {
368 if (offset & PAGE_MASK) {
369 /*
370 * The mapping is not page aligned. This means we have
371 * to copy the data. Sigh.
372 */
373 rv = vm_map_find(map, NULL, 0, &start, end - start,
374 FALSE, prot | VM_PROT_WRITE, VM_PROT_ALL, 0);
375 if (rv)
376 return (rv);
377 if (object == NULL)
378 return (KERN_SUCCESS);
379 for (; start < end; start += sz) {
380 sf = vm_imgact_map_page(object, offset);
381 if (sf == NULL)
382 return (KERN_FAILURE);
383 off = offset - trunc_page(offset);
384 sz = end - start;
385 if (sz > PAGE_SIZE - off)
386 sz = PAGE_SIZE - off;
387 error = copyout((caddr_t)sf_buf_kva(sf) + off,
388 (caddr_t)start, sz);
389 vm_imgact_unmap_page(sf);
390 if (error) {
391 return (KERN_FAILURE);
392 }
393 offset += sz;
394 }
395 rv = KERN_SUCCESS;
396 } else {
397 vm_object_reference(object);
398 vm_map_lock(map);
399 rv = vm_map_insert(map, object, offset, start, end,
400 prot, VM_PROT_ALL, cow);
401 vm_map_unlock(map);
402 if (rv != KERN_SUCCESS)
403 vm_object_deallocate(object);
404 }
405 return (rv);
406 } else {
407 return (KERN_SUCCESS);
408 }
409}
410
411static int
412__elfN(load_section)(struct vmspace *vmspace,
413 vm_object_t object, vm_offset_t offset,
414 caddr_t vmaddr, size_t memsz, size_t filsz, vm_prot_t prot,
415 size_t pagesize)
416{
417 struct sf_buf *sf;
418 size_t map_len;
419 vm_offset_t map_addr;
420 int error, rv, cow;
421 size_t copy_len;
422 vm_offset_t file_addr;
423
424 /*
425 * It's necessary to fail if the filsz + offset taken from the
426 * header is greater than the actual file pager object's size.
427 * If we were to allow this, then the vm_map_find() below would
428 * walk right off the end of the file object and into the ether.
429 *
430 * While I'm here, might as well check for something else that
431 * is invalid: filsz cannot be greater than memsz.
432 */
433 if ((off_t)filsz + offset > object->un_pager.vnp.vnp_size ||
434 filsz > memsz) {
435 uprintf("elf_load_section: truncated ELF file\n");
436 return (ENOEXEC);
437 }
438
439 map_addr = trunc_page_ps((vm_offset_t)vmaddr, pagesize);
440 file_addr = trunc_page_ps(offset, pagesize);
441
442 /*
443 * We have two choices. We can either clear the data in the last page
444 * of an oversized mapping, or we can start the anon mapping a page
445 * early and copy the initialized data into that first page. We
446 * choose the second..
447 */
448 if (memsz > filsz)
449 map_len = trunc_page_ps(offset + filsz, pagesize) - file_addr;
450 else
451 map_len = round_page_ps(offset + filsz, pagesize) - file_addr;
452
453 if (map_len != 0) {
454 /* cow flags: don't dump readonly sections in core */
455 cow = MAP_COPY_ON_WRITE | MAP_PREFAULT |
456 (prot & VM_PROT_WRITE ? 0 : MAP_DISABLE_COREDUMP);
457
458 rv = __elfN(map_insert)(&vmspace->vm_map,
459 object,
460 file_addr, /* file offset */
461 map_addr, /* virtual start */
462 map_addr + map_len,/* virtual end */
463 prot,
464 cow);
465 if (rv != KERN_SUCCESS)
466 return (EINVAL);
467
468 /* we can stop now if we've covered it all */
469 if (memsz == filsz) {
470 return (0);
471 }
472 }
473
474
475 /*
476 * We have to get the remaining bit of the file into the first part
477 * of the oversized map segment. This is normally because the .data
478 * segment in the file is extended to provide bss. It's a neat idea
479 * to try and save a page, but it's a pain in the behind to implement.
480 */
481 copy_len = (offset + filsz) - trunc_page_ps(offset + filsz, pagesize);
482 map_addr = trunc_page_ps((vm_offset_t)vmaddr + filsz, pagesize);
483 map_len = round_page_ps((vm_offset_t)vmaddr + memsz, pagesize) -
484 map_addr;
485
486 /* This had damn well better be true! */
487 if (map_len != 0) {
488 rv = __elfN(map_insert)(&vmspace->vm_map, NULL, 0, map_addr,
489 map_addr + map_len, VM_PROT_ALL, 0);
490 if (rv != KERN_SUCCESS) {
491 return (EINVAL);
492 }
493 }
494
495 if (copy_len != 0) {
496 vm_offset_t off;
497
498 sf = vm_imgact_map_page(object, offset + filsz);
499 if (sf == NULL)
500 return (EIO);
501
502 /* send the page fragment to user space */
503 off = trunc_page_ps(offset + filsz, pagesize) -
504 trunc_page(offset + filsz);
505 error = copyout((caddr_t)sf_buf_kva(sf) + off,
506 (caddr_t)map_addr, copy_len);
507 vm_imgact_unmap_page(sf);
508 if (error) {
509 return (error);
510 }
511 }
512
513 /*
514 * set it to the specified protection.
515 * XXX had better undo the damage from pasting over the cracks here!
516 */
517 vm_map_protect(&vmspace->vm_map, trunc_page(map_addr),
518 round_page(map_addr + map_len), prot, FALSE);
519
520 return (0);
521}
522
523/*
524 * Load the file "file" into memory. It may be either a shared object
525 * or an executable.
526 *
527 * The "addr" reference parameter is in/out. On entry, it specifies
528 * the address where a shared object should be loaded. If the file is
529 * an executable, this value is ignored. On exit, "addr" specifies
530 * where the file was actually loaded.
531 *
532 * The "entry" reference parameter is out only. On exit, it specifies
533 * the entry point for the loaded file.
534 */
535static int
536__elfN(load_file)(struct proc *p, const char *file, u_long *addr,
537 u_long *entry, size_t pagesize)
538{
539 struct {
540 struct nameidata nd;
541 struct vattr attr;
542 struct image_params image_params;
543 } *tempdata;
544 const Elf_Ehdr *hdr = NULL;
545 const Elf_Phdr *phdr = NULL;
546 struct nameidata *nd;
547 struct vmspace *vmspace = p->p_vmspace;
548 struct vattr *attr;
549 struct image_params *imgp;
550 vm_prot_t prot;
551 u_long rbase;
552 u_long base_addr = 0;
553 int vfslocked, error, i, numsegs;
554
555 tempdata = malloc(sizeof(*tempdata), M_TEMP, M_WAITOK);
556 nd = &tempdata->nd;
557 attr = &tempdata->attr;
558 imgp = &tempdata->image_params;
559
560 /*
561 * Initialize part of the common data
562 */
563 imgp->proc = p;
564 imgp->attr = attr;
565 imgp->firstpage = NULL;
566 imgp->image_header = NULL;
567 imgp->object = NULL;
568 imgp->execlabel = NULL;
569
570 NDINIT(nd, LOOKUP, MPSAFE|LOCKLEAF|FOLLOW, UIO_SYSSPACE, file,
571 curthread);
572 vfslocked = 0;
573 if ((error = namei(nd)) != 0) {
574 nd->ni_vp = NULL;
575 goto fail;
576 }
577 vfslocked = NDHASGIANT(nd);
578 NDFREE(nd, NDF_ONLY_PNBUF);
579 imgp->vp = nd->ni_vp;
580
581 /*
582 * Check permissions, modes, uid, etc on the file, and "open" it.
583 */
584 error = exec_check_permissions(imgp);
585 if (error)
586 goto fail;
587
588 error = exec_map_first_page(imgp);
589 if (error)
590 goto fail;
591
592 /*
593 * Also make certain that the interpreter stays the same, so set
594 * its VV_TEXT flag, too.
595 */
596 nd->ni_vp->v_vflag |= VV_TEXT;
597
598 imgp->object = nd->ni_vp->v_object;
599
600 hdr = (const Elf_Ehdr *)imgp->image_header;
601 if ((error = __elfN(check_header)(hdr)) != 0)
602 goto fail;
603 if (hdr->e_type == ET_DYN)
604 rbase = *addr;
605 else if (hdr->e_type == ET_EXEC)
606 rbase = 0;
607 else {
608 error = ENOEXEC;
609 goto fail;
610 }
611
612 /* Only support headers that fit within first page for now */
613 /* (multiplication of two Elf_Half fields will not overflow) */
614 if ((hdr->e_phoff > PAGE_SIZE) ||
615 (hdr->e_phentsize * hdr->e_phnum) > PAGE_SIZE - hdr->e_phoff) {
616 error = ENOEXEC;
617 goto fail;
618 }
619
620 phdr = (const Elf_Phdr *)(imgp->image_header + hdr->e_phoff);
621 if (!aligned(phdr, Elf_Addr)) {
622 error = ENOEXEC;
623 goto fail;
624 }
625
626 for (i = 0, numsegs = 0; i < hdr->e_phnum; i++) {
627 if (phdr[i].p_type == PT_LOAD) { /* Loadable segment */
628 prot = 0;
629 if (phdr[i].p_flags & PF_X)
630 prot |= VM_PROT_EXECUTE;
631 if (phdr[i].p_flags & PF_W)
632 prot |= VM_PROT_WRITE;
633 if (phdr[i].p_flags & PF_R)
634 prot |= VM_PROT_READ;
635
636 if ((error = __elfN(load_section)(vmspace,
637 imgp->object, phdr[i].p_offset,
638 (caddr_t)(uintptr_t)phdr[i].p_vaddr + rbase,
639 phdr[i].p_memsz, phdr[i].p_filesz, prot,
640 pagesize)) != 0)
641 goto fail;
642 /*
643 * Establish the base address if this is the
644 * first segment.
645 */
646 if (numsegs == 0)
647 base_addr = trunc_page(phdr[i].p_vaddr +
648 rbase);
649 numsegs++;
650 }
651 }
652 *addr = base_addr;
653 *entry = (unsigned long)hdr->e_entry + rbase;
654
655fail:
656 if (imgp->firstpage)
657 exec_unmap_first_page(imgp);
658
659 if (nd->ni_vp)
660 vput(nd->ni_vp);
661
662 VFS_UNLOCK_GIANT(vfslocked);
663 free(tempdata, M_TEMP);
664
665 return (error);
666}
667
668static int
669__CONCAT(exec_, __elfN(imgact))(struct image_params *imgp)
670{
671 const Elf_Ehdr *hdr = (const Elf_Ehdr *)imgp->image_header;
672 const Elf_Phdr *phdr;
673 Elf_Auxargs *elf_auxargs;
674 struct vmspace *vmspace;
675 vm_prot_t prot;
676 u_long text_size = 0, data_size = 0, total_size = 0;
677 u_long text_addr = 0, data_addr = 0;
678 u_long seg_size, seg_addr;
679 u_long addr, entry = 0, proghdr = 0;
680 int32_t osrel = 0;
681 int error = 0, i;
682 const char *interp = NULL, *newinterp = NULL;
683 Elf_Brandinfo *brand_info;
684 char *path;
685 struct sysentvec *sv;
686
687 /*
688 * Do we have a valid ELF header ?
689 *
690 * Only allow ET_EXEC & ET_DYN here, reject ET_DYN later
691 * if particular brand doesn't support it.
692 */
693 if (__elfN(check_header)(hdr) != 0 ||
694 (hdr->e_type != ET_EXEC && hdr->e_type != ET_DYN))
695 return (-1);
696
697 /*
698 * From here on down, we return an errno, not -1, as we've
699 * detected an ELF file.
700 */
701
702 if ((hdr->e_phoff > PAGE_SIZE) ||
703 (hdr->e_phoff + hdr->e_phentsize * hdr->e_phnum) > PAGE_SIZE) {
704 /* Only support headers in first page for now */
705 return (ENOEXEC);
706 }
707 phdr = (const Elf_Phdr *)(imgp->image_header + hdr->e_phoff);
708 if (!aligned(phdr, Elf_Addr))
709 return (ENOEXEC);
710 for (i = 0; i < hdr->e_phnum; i++) {
711 if (phdr[i].p_type == PT_INTERP) {
712 /* Path to interpreter */
713 if (phdr[i].p_filesz > MAXPATHLEN ||
714 phdr[i].p_offset + phdr[i].p_filesz > PAGE_SIZE)
715 return (ENOEXEC);
716 interp = imgp->image_header + phdr[i].p_offset;
717 break;
718 }
719 }
720
721 brand_info = __elfN(get_brandinfo)(imgp, interp, &osrel);
722 if (brand_info == NULL) {
723 uprintf("ELF binary type \"%u\" not known.\n",
724 hdr->e_ident[EI_OSABI]);
725 return (ENOEXEC);
726 }
727 if (hdr->e_type == ET_DYN &&
728 (brand_info->flags & BI_CAN_EXEC_DYN) == 0)
729 return (ENOEXEC);
730 sv = brand_info->sysvec;
731 if (interp != NULL && brand_info->interp_newpath != NULL)
732 newinterp = brand_info->interp_newpath;
733
734 /*
735 * Avoid a possible deadlock if the current address space is destroyed
736 * and that address space maps the locked vnode. In the common case,
737 * the locked vnode's v_usecount is decremented but remains greater
738 * than zero. Consequently, the vnode lock is not needed by vrele().
739 * However, in cases where the vnode lock is external, such as nullfs,
740 * v_usecount may become zero.
741 */
742 VOP_UNLOCK(imgp->vp, 0);
743
744 error = exec_new_vmspace(imgp, sv);
745 imgp->proc->p_sysent = sv;
746
747 vn_lock(imgp->vp, LK_EXCLUSIVE | LK_RETRY);
748 if (error)
749 return (error);
750
751 vmspace = imgp->proc->p_vmspace;
752
753 for (i = 0; i < hdr->e_phnum; i++) {
754 switch (phdr[i].p_type) {
755 case PT_LOAD: /* Loadable segment */
756 prot = 0;
757 if (phdr[i].p_flags & PF_X)
758 prot |= VM_PROT_EXECUTE;
759 if (phdr[i].p_flags & PF_W)
760 prot |= VM_PROT_WRITE;
761 if (phdr[i].p_flags & PF_R)
762 prot |= VM_PROT_READ;
763
764#if defined(__ia64__) && __ELF_WORD_SIZE == 32 && defined(IA32_ME_HARDER)
765 /*
766 * Some x86 binaries assume read == executable,
767 * notably the M3 runtime and therefore cvsup
768 */
769 if (prot & VM_PROT_READ)
770 prot |= VM_PROT_EXECUTE;
771#endif
772
773 if ((error = __elfN(load_section)(vmspace,
774 imgp->object, phdr[i].p_offset,
775 (caddr_t)(uintptr_t)phdr[i].p_vaddr,
776 phdr[i].p_memsz, phdr[i].p_filesz, prot,
777 sv->sv_pagesize)) != 0)
778 return (error);
779
780 /*
781 * If this segment contains the program headers,
782 * remember their virtual address for the AT_PHDR
783 * aux entry. Static binaries don't usually include
784 * a PT_PHDR entry.
785 */
786 if (phdr[i].p_offset == 0 &&
787 hdr->e_phoff + hdr->e_phnum * hdr->e_phentsize
788 <= phdr[i].p_filesz)
789 proghdr = phdr[i].p_vaddr + hdr->e_phoff;
790
791 seg_addr = trunc_page(phdr[i].p_vaddr);
792 seg_size = round_page(phdr[i].p_memsz +
793 phdr[i].p_vaddr - seg_addr);
794
795 /*
796 * Is this .text or .data? We can't use
797 * VM_PROT_WRITE or VM_PROT_EXEC, it breaks the
798 * alpha terribly and possibly does other bad
799 * things so we stick to the old way of figuring
800 * it out: If the segment contains the program
801 * entry point, it's a text segment, otherwise it
802 * is a data segment.
803 *
804 * Note that obreak() assumes that data_addr +
805 * data_size == end of data load area, and the ELF
806 * file format expects segments to be sorted by
807 * address. If multiple data segments exist, the
808 * last one will be used.
809 */
810 if (hdr->e_entry >= phdr[i].p_vaddr &&
811 hdr->e_entry < (phdr[i].p_vaddr +
812 phdr[i].p_memsz)) {
813 text_size = seg_size;
814 text_addr = seg_addr;
815 entry = (u_long)hdr->e_entry;
816 } else {
817 data_size = seg_size;
818 data_addr = seg_addr;
819 }
820 total_size += seg_size;
821 break;
822 case PT_PHDR: /* Program header table info */
823 proghdr = phdr[i].p_vaddr;
824 break;
825 default:
826 break;
827 }
828 }
829
830 if (data_addr == 0 && data_size == 0) {
831 data_addr = text_addr;
832 data_size = text_size;
833 }
834
835 /*
836 * Check limits. It should be safe to check the
837 * limits after loading the segments since we do
838 * not actually fault in all the segments pages.
839 */
840 PROC_LOCK(imgp->proc);
841 if (data_size > lim_cur(imgp->proc, RLIMIT_DATA) ||
842 text_size > maxtsiz ||
843 total_size > lim_cur(imgp->proc, RLIMIT_VMEM)) {
844 PROC_UNLOCK(imgp->proc);
845 return (ENOMEM);
846 }
847
848 vmspace->vm_tsize = text_size >> PAGE_SHIFT;
849 vmspace->vm_taddr = (caddr_t)(uintptr_t)text_addr;
850 vmspace->vm_dsize = data_size >> PAGE_SHIFT;
851 vmspace->vm_daddr = (caddr_t)(uintptr_t)data_addr;
852
853 /*
854 * We load the dynamic linker where a userland call
855 * to mmap(0, ...) would put it. The rationale behind this
856 * calculation is that it leaves room for the heap to grow to
857 * its maximum allowed size.
858 */
859 addr = round_page((vm_offset_t)imgp->proc->p_vmspace->vm_daddr +
860 lim_max(imgp->proc, RLIMIT_DATA));
861 PROC_UNLOCK(imgp->proc);
862
863 imgp->entry_addr = entry;
864
865 if (interp != NULL) {
866 int have_interp = FALSE;
867 VOP_UNLOCK(imgp->vp, 0);
868 if (brand_info->emul_path != NULL &&
869 brand_info->emul_path[0] != '\0') {
870 path = malloc(MAXPATHLEN, M_TEMP, M_WAITOK);
871 snprintf(path, MAXPATHLEN, "%s%s",
872 brand_info->emul_path, interp);
873 error = __elfN(load_file)(imgp->proc, path, &addr,
874 &imgp->entry_addr, sv->sv_pagesize);
875 free(path, M_TEMP);
876 if (error == 0)
877 have_interp = TRUE;
878 }
879 if (!have_interp && newinterp != NULL) {
880 error = __elfN(load_file)(imgp->proc, newinterp, &addr,
881 &imgp->entry_addr, sv->sv_pagesize);
882 if (error == 0)
883 have_interp = TRUE;
884 }
885 if (!have_interp) {
886 error = __elfN(load_file)(imgp->proc, interp, &addr,
887 &imgp->entry_addr, sv->sv_pagesize);
888 }
889 vn_lock(imgp->vp, LK_EXCLUSIVE | LK_RETRY);
890 if (error != 0) {
891 uprintf("ELF interpreter %s not found\n", interp);
892 return (error);
893 }
894 } else
895 addr = 0;
896
897 /*
898 * Construct auxargs table (used by the fixup routine)
899 */
900 elf_auxargs = malloc(sizeof(Elf_Auxargs), M_TEMP, M_WAITOK);
901 elf_auxargs->execfd = -1;
902 elf_auxargs->phdr = proghdr;
903 elf_auxargs->phent = hdr->e_phentsize;
904 elf_auxargs->phnum = hdr->e_phnum;
905 elf_auxargs->pagesz = PAGE_SIZE;
906 elf_auxargs->base = addr;
907 elf_auxargs->flags = 0;
908 elf_auxargs->entry = entry;
909
910 imgp->auxargs = elf_auxargs;
911 imgp->interpreted = 0;
912 imgp->proc->p_osrel = osrel;
913
914 return (error);
915}
916
917#define suword __CONCAT(suword, __ELF_WORD_SIZE)
918
919int
920__elfN(freebsd_fixup)(register_t **stack_base, struct image_params *imgp)
921{
922 Elf_Auxargs *args = (Elf_Auxargs *)imgp->auxargs;
923 Elf_Addr *base;
924 Elf_Addr *pos;
925
926 base = (Elf_Addr *)*stack_base;
927 pos = base + (imgp->args->argc + imgp->args->envc + 2);
928
929 if (args->execfd != -1)
930 AUXARGS_ENTRY(pos, AT_EXECFD, args->execfd);
931 AUXARGS_ENTRY(pos, AT_PHDR, args->phdr);
932 AUXARGS_ENTRY(pos, AT_PHENT, args->phent);
933 AUXARGS_ENTRY(pos, AT_PHNUM, args->phnum);
934 AUXARGS_ENTRY(pos, AT_PAGESZ, args->pagesz);
935 AUXARGS_ENTRY(pos, AT_FLAGS, args->flags);
936 AUXARGS_ENTRY(pos, AT_ENTRY, args->entry);
937 AUXARGS_ENTRY(pos, AT_BASE, args->base);
938 if (imgp->execpathp != 0)
939 AUXARGS_ENTRY(pos, AT_EXECPATH, imgp->execpathp);
940 AUXARGS_ENTRY(pos, AT_NULL, 0);
941
942 free(imgp->auxargs, M_TEMP);
943 imgp->auxargs = NULL;
944
945 base--;
946 suword(base, (long)imgp->args->argc);
947 *stack_base = (register_t *)base;
948 return (0);
949}
950
951/*
952 * Code for generating ELF core dumps.
953 */
954
955typedef void (*segment_callback)(vm_map_entry_t, void *);
956
957/* Closure for cb_put_phdr(). */
958struct phdr_closure {
959 Elf_Phdr *phdr; /* Program header to fill in */
960 Elf_Off offset; /* Offset of segment in core file */
961};
962
963/* Closure for cb_size_segment(). */
964struct sseg_closure {
965 int count; /* Count of writable segments. */
966 size_t size; /* Total size of all writable segments. */
967};
968
969static void cb_put_phdr(vm_map_entry_t, void *);
970static void cb_size_segment(vm_map_entry_t, void *);
971static void each_writable_segment(struct thread *, segment_callback, void *);
972static int __elfN(corehdr)(struct thread *, struct vnode *, struct ucred *,
973 int, void *, size_t);
974static void __elfN(puthdr)(struct thread *, void *, size_t *, int);
975static void __elfN(putnote)(void *, size_t *, const char *, int,
976 const void *, size_t);
977
978int
979__elfN(coredump)(td, vp, limit)
980 struct thread *td;
981 struct vnode *vp;
982 off_t limit;
983{
984 struct ucred *cred = td->td_ucred;
985 int error = 0;
986 struct sseg_closure seginfo;
987 void *hdr;
988 size_t hdrsize;
989
990 /* Size the program segments. */
991 seginfo.count = 0;
992 seginfo.size = 0;
993 each_writable_segment(td, cb_size_segment, &seginfo);
994
995 /*
996 * Calculate the size of the core file header area by making
997 * a dry run of generating it. Nothing is written, but the
998 * size is calculated.
999 */
1000 hdrsize = 0;
1001 __elfN(puthdr)(td, (void *)NULL, &hdrsize, seginfo.count);
1002
1003 if (hdrsize + seginfo.size >= limit)
1004 return (EFAULT);
1005
1006 /*
1007 * Allocate memory for building the header, fill it up,
1008 * and write it out.
1009 */
1010 hdr = malloc(hdrsize, M_TEMP, M_WAITOK);
1011 if (hdr == NULL) {
1012 return (EINVAL);
1013 }
1014 error = __elfN(corehdr)(td, vp, cred, seginfo.count, hdr, hdrsize);
1015
1016 /* Write the contents of all of the writable segments. */
1017 if (error == 0) {
1018 Elf_Phdr *php;
1019 off_t offset;
1020 int i;
1021
1022 php = (Elf_Phdr *)((char *)hdr + sizeof(Elf_Ehdr)) + 1;
1023 offset = hdrsize;
1024 for (i = 0; i < seginfo.count; i++) {
1025 error = vn_rdwr_inchunks(UIO_WRITE, vp,
1026 (caddr_t)(uintptr_t)php->p_vaddr,
1027 php->p_filesz, offset, UIO_USERSPACE,
1028 IO_UNIT | IO_DIRECT, cred, NOCRED, NULL,
1029 curthread);
1030 if (error != 0)
1031 break;
1032 offset += php->p_filesz;
1033 php++;
1034 }
1035 }
1036 free(hdr, M_TEMP);
1037
1038 return (error);
1039}
1040
1041/*
1042 * A callback for each_writable_segment() to write out the segment's
1043 * program header entry.
1044 */
1045static void
1046cb_put_phdr(entry, closure)
1047 vm_map_entry_t entry;
1048 void *closure;
1049{
1050 struct phdr_closure *phc = (struct phdr_closure *)closure;
1051 Elf_Phdr *phdr = phc->phdr;
1052
1053 phc->offset = round_page(phc->offset);
1054
1055 phdr->p_type = PT_LOAD;
1056 phdr->p_offset = phc->offset;
1057 phdr->p_vaddr = entry->start;
1058 phdr->p_paddr = 0;
1059 phdr->p_filesz = phdr->p_memsz = entry->end - entry->start;
1060 phdr->p_align = PAGE_SIZE;
1061 phdr->p_flags = 0;
1062 if (entry->protection & VM_PROT_READ)
1063 phdr->p_flags |= PF_R;
1064 if (entry->protection & VM_PROT_WRITE)
1065 phdr->p_flags |= PF_W;
1066 if (entry->protection & VM_PROT_EXECUTE)
1067 phdr->p_flags |= PF_X;
1068
1069 phc->offset += phdr->p_filesz;
1070 phc->phdr++;
1071}
1072
1073/*
1074 * A callback for each_writable_segment() to gather information about
1075 * the number of segments and their total size.
1076 */
1077static void
1078cb_size_segment(entry, closure)
1079 vm_map_entry_t entry;
1080 void *closure;
1081{
1082 struct sseg_closure *ssc = (struct sseg_closure *)closure;
1083
1084 ssc->count++;
1085 ssc->size += entry->end - entry->start;
1086}
1087
1088/*
1089 * For each writable segment in the process's memory map, call the given
1090 * function with a pointer to the map entry and some arbitrary
1091 * caller-supplied data.
1092 */
1093static void
1094each_writable_segment(td, func, closure)
1095 struct thread *td;
1096 segment_callback func;
1097 void *closure;
1098{
1099 struct proc *p = td->td_proc;
1100 vm_map_t map = &p->p_vmspace->vm_map;
1101 vm_map_entry_t entry;
1102 vm_object_t backing_object, object;
1103 boolean_t ignore_entry;
1104
1105 vm_map_lock_read(map);
1106 for (entry = map->header.next; entry != &map->header;
1107 entry = entry->next) {
1108 /*
1109 * Don't dump inaccessible mappings, deal with legacy
1110 * coredump mode.
1111 *
1112 * Note that read-only segments related to the elf binary
1113 * are marked MAP_ENTRY_NOCOREDUMP now so we no longer
1114 * need to arbitrarily ignore such segments.
1115 */
1116 if (elf_legacy_coredump) {
1117 if ((entry->protection & VM_PROT_RW) != VM_PROT_RW)
1118 continue;
1119 } else {
1120 if ((entry->protection & VM_PROT_ALL) == 0)
1121 continue;
1122 }
1123
1124 /*
1125 * Dont include memory segment in the coredump if
1126 * MAP_NOCORE is set in mmap(2) or MADV_NOCORE in
1127 * madvise(2). Do not dump submaps (i.e. parts of the
1128 * kernel map).
1129 */
1130 if (entry->eflags & (MAP_ENTRY_NOCOREDUMP|MAP_ENTRY_IS_SUB_MAP))
1131 continue;
1132
1133 if ((object = entry->object.vm_object) == NULL)
1134 continue;
1135
1136 /* Ignore memory-mapped devices and such things. */
1137 VM_OBJECT_LOCK(object);
1138 while ((backing_object = object->backing_object) != NULL) {
1139 VM_OBJECT_LOCK(backing_object);
1140 VM_OBJECT_UNLOCK(object);
1141 object = backing_object;
1142 }
1143 ignore_entry = object->type != OBJT_DEFAULT &&
1144 object->type != OBJT_SWAP && object->type != OBJT_VNODE;
1145 VM_OBJECT_UNLOCK(object);
1146 if (ignore_entry)
1147 continue;
1148
1149 (*func)(entry, closure);
1150 }
1151 vm_map_unlock_read(map);
1152}
1153
1154/*
1155 * Write the core file header to the file, including padding up to
1156 * the page boundary.
1157 */
1158static int
1159__elfN(corehdr)(td, vp, cred, numsegs, hdr, hdrsize)
1160 struct thread *td;
1161 struct vnode *vp;
1162 struct ucred *cred;
1163 int numsegs;
1164 size_t hdrsize;
1165 void *hdr;
1166{
1167 size_t off;
1168
1169 /* Fill in the header. */
1170 bzero(hdr, hdrsize);
1171 off = 0;
1172 __elfN(puthdr)(td, hdr, &off, numsegs);
1173
1174 /* Write it to the core file. */
1175 return (vn_rdwr_inchunks(UIO_WRITE, vp, hdr, hdrsize, (off_t)0,
1176 UIO_SYSSPACE, IO_UNIT | IO_DIRECT, cred, NOCRED, NULL,
1177 td));
1178}
1179
1180#if defined(COMPAT_IA32) && __ELF_WORD_SIZE == 32
1181typedef struct prstatus32 elf_prstatus_t;
1182typedef struct prpsinfo32 elf_prpsinfo_t;
1183typedef struct fpreg32 elf_prfpregset_t;
1184typedef struct fpreg32 elf_fpregset_t;
1185typedef struct reg32 elf_gregset_t;
1186#else
1187typedef prstatus_t elf_prstatus_t;
1188typedef prpsinfo_t elf_prpsinfo_t;
1189typedef prfpregset_t elf_prfpregset_t;
1190typedef prfpregset_t elf_fpregset_t;
1191typedef gregset_t elf_gregset_t;
1192#endif
1193
1194static void
1195__elfN(puthdr)(struct thread *td, void *dst, size_t *off, int numsegs)
1196{
1197 struct {
1198 elf_prstatus_t status;
1199 elf_prfpregset_t fpregset;
1200 elf_prpsinfo_t psinfo;
1201 } *tempdata;
1202 elf_prstatus_t *status;
1203 elf_prfpregset_t *fpregset;
1204 elf_prpsinfo_t *psinfo;
1205 struct proc *p;
1206 struct thread *thr;
1207 size_t ehoff, noteoff, notesz, phoff;
1208
1209 p = td->td_proc;
1210
1211 ehoff = *off;
1212 *off += sizeof(Elf_Ehdr);
1213
1214 phoff = *off;
1215 *off += (numsegs + 1) * sizeof(Elf_Phdr);
1216
1217 noteoff = *off;
1218 /*
1219 * Don't allocate space for the notes if we're just calculating
1220 * the size of the header. We also don't collect the data.
1221 */
1222 if (dst != NULL) {
1223 tempdata = malloc(sizeof(*tempdata), M_TEMP, M_ZERO|M_WAITOK);
1224 status = &tempdata->status;
1225 fpregset = &tempdata->fpregset;
1226 psinfo = &tempdata->psinfo;
1227 } else {
1228 tempdata = NULL;
1229 status = NULL;
1230 fpregset = NULL;
1231 psinfo = NULL;
1232 }
1233
1234 if (dst != NULL) {
1235 psinfo->pr_version = PRPSINFO_VERSION;
1236 psinfo->pr_psinfosz = sizeof(elf_prpsinfo_t);
1237 strlcpy(psinfo->pr_fname, p->p_comm, sizeof(psinfo->pr_fname));
1238 /*
1239 * XXX - We don't fill in the command line arguments properly
1240 * yet.
1241 */
1242 strlcpy(psinfo->pr_psargs, p->p_comm,
1243 sizeof(psinfo->pr_psargs));
1244 }
1245 __elfN(putnote)(dst, off, "FreeBSD", NT_PRPSINFO, psinfo,
1246 sizeof *psinfo);
1247
1248 /*
1249 * To have the debugger select the right thread (LWP) as the initial
1250 * thread, we dump the state of the thread passed to us in td first.
1251 * This is the thread that causes the core dump and thus likely to
1252 * be the right thread one wants to have selected in the debugger.
1253 */
1254 thr = td;
1255 while (thr != NULL) {
1256 if (dst != NULL) {
1257 status->pr_version = PRSTATUS_VERSION;
1258 status->pr_statussz = sizeof(elf_prstatus_t);
1259 status->pr_gregsetsz = sizeof(elf_gregset_t);
1260 status->pr_fpregsetsz = sizeof(elf_fpregset_t);
1261 status->pr_osreldate = osreldate;
1262 status->pr_cursig = p->p_sig;
1263 status->pr_pid = thr->td_tid;
1264#if defined(COMPAT_IA32) && __ELF_WORD_SIZE == 32
1265 fill_regs32(thr, &status->pr_reg);
1266 fill_fpregs32(thr, fpregset);
1267#else
1268 fill_regs(thr, &status->pr_reg);
1269 fill_fpregs(thr, fpregset);
1270#endif
1271 }
1272 __elfN(putnote)(dst, off, "FreeBSD", NT_PRSTATUS, status,
1273 sizeof *status);
1274 __elfN(putnote)(dst, off, "FreeBSD", NT_FPREGSET, fpregset,
1275 sizeof *fpregset);
1276 /*
1277 * Allow for MD specific notes, as well as any MD
1278 * specific preparations for writing MI notes.
1279 */
1280 __elfN(dump_thread)(thr, dst, off);
1281
1282 thr = (thr == td) ? TAILQ_FIRST(&p->p_threads) :
1283 TAILQ_NEXT(thr, td_plist);
1284 if (thr == td)
1285 thr = TAILQ_NEXT(thr, td_plist);
1286 }
1287
1288 notesz = *off - noteoff;
1289
1290 if (dst != NULL)
1291 free(tempdata, M_TEMP);
1292
1293 /* Align up to a page boundary for the program segments. */
1294 *off = round_page(*off);
1295
1296 if (dst != NULL) {
1297 Elf_Ehdr *ehdr;
1298 Elf_Phdr *phdr;
1299 struct phdr_closure phc;
1300
1301 /*
1302 * Fill in the ELF header.
1303 */
1304 ehdr = (Elf_Ehdr *)((char *)dst + ehoff);
1305 ehdr->e_ident[EI_MAG0] = ELFMAG0;
1306 ehdr->e_ident[EI_MAG1] = ELFMAG1;
1307 ehdr->e_ident[EI_MAG2] = ELFMAG2;
1308 ehdr->e_ident[EI_MAG3] = ELFMAG3;
1309 ehdr->e_ident[EI_CLASS] = ELF_CLASS;
1310 ehdr->e_ident[EI_DATA] = ELF_DATA;
1311 ehdr->e_ident[EI_VERSION] = EV_CURRENT;
1312 ehdr->e_ident[EI_OSABI] = ELFOSABI_FREEBSD;
1313 ehdr->e_ident[EI_ABIVERSION] = 0;
1314 ehdr->e_ident[EI_PAD] = 0;
1315 ehdr->e_type = ET_CORE;
1316#if defined(COMPAT_IA32) && __ELF_WORD_SIZE == 32
1317 ehdr->e_machine = EM_386;
1318#else
1319 ehdr->e_machine = ELF_ARCH;
1320#endif
1321 ehdr->e_version = EV_CURRENT;
1322 ehdr->e_entry = 0;
1323 ehdr->e_phoff = phoff;
1324 ehdr->e_flags = 0;
1325 ehdr->e_ehsize = sizeof(Elf_Ehdr);
1326 ehdr->e_phentsize = sizeof(Elf_Phdr);
1327 ehdr->e_phnum = numsegs + 1;
1328 ehdr->e_shentsize = sizeof(Elf_Shdr);
1329 ehdr->e_shnum = 0;
1330 ehdr->e_shstrndx = SHN_UNDEF;
1331
1332 /*
1333 * Fill in the program header entries.
1334 */
1335 phdr = (Elf_Phdr *)((char *)dst + phoff);
1336
1337 /* The note segement. */
1338 phdr->p_type = PT_NOTE;
1339 phdr->p_offset = noteoff;
1340 phdr->p_vaddr = 0;
1341 phdr->p_paddr = 0;
1342 phdr->p_filesz = notesz;
1343 phdr->p_memsz = 0;
1344 phdr->p_flags = 0;
1345 phdr->p_align = 0;
1346 phdr++;
1347
1348 /* All the writable segments from the program. */
1349 phc.phdr = phdr;
1350 phc.offset = *off;
1351 each_writable_segment(td, cb_put_phdr, &phc);
1352 }
1353}
1354
1355static void
1356__elfN(putnote)(void *dst, size_t *off, const char *name, int type,
1357 const void *desc, size_t descsz)
1358{
1359 Elf_Note note;
1360
1361 note.n_namesz = strlen(name) + 1;
1362 note.n_descsz = descsz;
1363 note.n_type = type;
1364 if (dst != NULL)
1365 bcopy(¬e, (char *)dst + *off, sizeof note);
1366 *off += sizeof note;
1367 if (dst != NULL)
1368 bcopy(name, (char *)dst + *off, note.n_namesz);
1369 *off += roundup2(note.n_namesz, sizeof(Elf_Size));
1370 if (dst != NULL)
1371 bcopy(desc, (char *)dst + *off, note.n_descsz);
1372 *off += roundup2(note.n_descsz, sizeof(Elf_Size));
1373}
1374
1375/*
1376 * Try to find the appropriate ABI-note section for checknote,
1377 * fetch the osreldate for binary from the ELF OSABI-note. Only the
1378 * first page of the image is searched, the same as for headers.
1379 */
1380static boolean_t
1381__elfN(check_note)(struct image_params *imgp, Elf_Brandnote *checknote,
1382 int32_t *osrel)
1383{
1384 const Elf_Note *note, *note0, *note_end;
1385 const Elf_Phdr *phdr, *pnote;
1386 const Elf_Ehdr *hdr;
1387 const char *note_name;
1388 int i;
1389
1390 pnote = NULL;
1391 hdr = (const Elf_Ehdr *)imgp->image_header;
1392 phdr = (const Elf_Phdr *)(imgp->image_header + hdr->e_phoff);
1393
1394 for (i = 0; i < hdr->e_phnum; i++) {
1395 if (phdr[i].p_type == PT_NOTE) {
1396 pnote = &phdr[i];
1397 break;
1398 }
1399 }
1400
1401 if (pnote == NULL || pnote->p_offset >= PAGE_SIZE ||
1402 pnote->p_offset + pnote->p_filesz >= PAGE_SIZE)
1403 return (FALSE);
1404
1405 note = note0 = (const Elf_Note *)(imgp->image_header + pnote->p_offset);
1406 note_end = (const Elf_Note *)(imgp->image_header +
1407 pnote->p_offset + pnote->p_filesz);
1408 for (i = 0; i < 100 && note >= note0 && note < note_end; i++) {
1409 if (!aligned(note, Elf32_Addr))
1410 return (FALSE);
1411 if (note->n_namesz != checknote->hdr.n_namesz ||
1412 note->n_descsz != checknote->hdr.n_descsz ||
1413 note->n_type != checknote->hdr.n_type)
1414 goto nextnote;
1415 note_name = (const char *)(note + 1);
1416 if (strncmp(checknote->vendor, note_name,
1417 checknote->hdr.n_namesz) != 0)
1418 goto nextnote;
1419
1420 /*
1421 * Fetch the osreldate for binary
1422 * from the ELF OSABI-note if necessary.
1423 */
|