1/* 2 * This file is subject to the terms and conditions of the GNU General Public 3 * License. See the file "COPYING" in the main directory of this archive 4 * for more details. 5 * 6 * irixelf.c: Code to load IRIX ELF executables conforming to the MIPS ABI. 7 * Based off of work by Eric Youngdale. 8 * 9 * Copyright (C) 1993 - 1994 Eric Youngdale <ericy@cais.com> 10 * Copyright (C) 1996 - 2004 David S. Miller <dm@engr.sgi.com> 11 * Copyright (C) 2004 - 2005 Steven J. Hill <sjhill@realitydiluted.com> 12 */ 13#undef DEBUG 14 15#include <linux/module.h> 16#include <linux/fs.h> 17#include <linux/stat.h> 18#include <linux/sched.h> 19#include <linux/mm.h> 20#include <linux/mman.h> 21#include <linux/a.out.h> 22#include <linux/errno.h> 23#include <linux/init.h> 24#include <linux/signal.h> 25#include <linux/binfmts.h> 26#include <linux/string.h> 27#include <linux/file.h> 28#include <linux/fcntl.h> 29#include <linux/ptrace.h> 30#include <linux/slab.h> 31#include <linux/shm.h> 32#include <linux/personality.h> 33#include <linux/elfcore.h> 34 35#include <asm/mipsregs.h> 36#include <asm/namei.h> 37#include <asm/prctl.h> 38#include <asm/uaccess.h> 39 40#define DLINFO_ITEMS 12 41 42#include <linux/elf.h> 43 44static int load_irix_binary(struct linux_binprm * bprm, struct pt_regs * regs); 45static int load_irix_library(struct file *); 46static int irix_core_dump(long signr, struct pt_regs * regs, 47 struct file *file); 48 49static struct linux_binfmt irix_format = { 50 NULL, THIS_MODULE, load_irix_binary, load_irix_library, 51 irix_core_dump, PAGE_SIZE 52}; 53 54/* Debugging routines. */ 55static char *get_elf_p_type(Elf32_Word p_type) 56{ 57#ifdef DEBUG 58 switch (p_type) { 59 case PT_NULL: 60 return "PT_NULL"; 61 break; 62 63 case PT_LOAD: 64 return "PT_LOAD"; 65 break; 66 67 case PT_DYNAMIC: 68 return "PT_DYNAMIC"; 69 break; 70 71 case PT_INTERP: 72 return "PT_INTERP"; 73 break; 74 75 case PT_NOTE: 76 return "PT_NOTE"; 77 break; 78 79 case PT_SHLIB: 80 return "PT_SHLIB"; 81 break; 82 83 case PT_PHDR: 84 return "PT_PHDR"; 85 break; 86 87 case PT_LOPROC: 88 return "PT_LOPROC/REGINFO"; 89 break; 90 91 case PT_HIPROC: 92 return "PT_HIPROC"; 93 break; 94 95 default: 96 return "PT_BOGUS"; 97 break; 98 } 99#endif 100} 101 102static void print_elfhdr(struct elfhdr *ehp) 103{ 104 int i; 105 106 pr_debug("ELFHDR: e_ident<"); 107 for (i = 0; i < (EI_NIDENT - 1); i++) 108 pr_debug("%x ", ehp->e_ident[i]); 109 pr_debug("%x>\n", ehp->e_ident[i]); 110 pr_debug(" e_type[%04x] e_machine[%04x] e_version[%08lx]\n", 111 (unsigned short) ehp->e_type, (unsigned short) ehp->e_machine, 112 (unsigned long) ehp->e_version); 113 pr_debug(" e_entry[%08lx] e_phoff[%08lx] e_shoff[%08lx] " 114 "e_flags[%08lx]\n", 115 (unsigned long) ehp->e_entry, (unsigned long) ehp->e_phoff, 116 (unsigned long) ehp->e_shoff, (unsigned long) ehp->e_flags); 117 pr_debug(" e_ehsize[%04x] e_phentsize[%04x] e_phnum[%04x]\n", 118 (unsigned short) ehp->e_ehsize, 119 (unsigned short) ehp->e_phentsize, 120 (unsigned short) ehp->e_phnum); 121 pr_debug(" e_shentsize[%04x] e_shnum[%04x] e_shstrndx[%04x]\n", 122 (unsigned short) ehp->e_shentsize, 123 (unsigned short) ehp->e_shnum, 124 (unsigned short) ehp->e_shstrndx); 125} 126 127static void print_phdr(int i, struct elf_phdr *ep) 128{ 129 pr_debug("PHDR[%d]: p_type[%s] p_offset[%08lx] p_vaddr[%08lx] " 130 "p_paddr[%08lx]\n", i, get_elf_p_type(ep->p_type), 131 (unsigned long) ep->p_offset, (unsigned long) ep->p_vaddr, 132 (unsigned long) ep->p_paddr); 133 pr_debug(" p_filesz[%08lx] p_memsz[%08lx] p_flags[%08lx] " 134 "p_align[%08lx]\n", (unsigned long) ep->p_filesz, 135 (unsigned long) ep->p_memsz, (unsigned long) ep->p_flags, 136 (unsigned long) ep->p_align); 137} 138 139static void dump_phdrs(struct elf_phdr *ep, int pnum) 140{ 141 int i; 142 143 for (i = 0; i < pnum; i++, ep++) { 144 if ((ep->p_type == PT_LOAD) || 145 (ep->p_type == PT_INTERP) || 146 (ep->p_type == PT_PHDR)) 147 print_phdr(i, ep); 148 } 149} 150 151static void set_brk(unsigned long start, unsigned long end) 152{ 153 start = PAGE_ALIGN(start); 154 end = PAGE_ALIGN(end); 155 if (end <= start) 156 return; 157 down_write(¤t->mm->mmap_sem); 158 do_brk(start, end - start); 159 up_write(¤t->mm->mmap_sem); 160} 161 162 163/* We need to explicitly zero any fractional pages 164 * after the data section (i.e. bss). This would 165 * contain the junk from the file that should not 166 * be in memory. 167 */ 168static void padzero(unsigned long elf_bss) 169{ 170 unsigned long nbyte; 171 172 nbyte = elf_bss & (PAGE_SIZE-1); 173 if (nbyte) { 174 nbyte = PAGE_SIZE - nbyte; 175 clear_user((void __user *) elf_bss, nbyte); 176 } 177} 178 179static unsigned long * create_irix_tables(char * p, int argc, int envc, 180 struct elfhdr * exec, unsigned int load_addr, 181 unsigned int interp_load_addr, struct pt_regs *regs, 182 struct elf_phdr *ephdr) 183{ 184 elf_addr_t *argv; 185 elf_addr_t *envp; 186 elf_addr_t *sp, *csp; 187 188 pr_debug("create_irix_tables: p[%p] argc[%d] envc[%d] " 189 "load_addr[%08x] interp_load_addr[%08x]\n", 190 p, argc, envc, load_addr, interp_load_addr); 191 192 sp = (elf_addr_t *) (~15UL & (unsigned long) p); 193 csp = sp; 194 csp -= exec ? DLINFO_ITEMS*2 : 2; 195 csp -= envc+1; 196 csp -= argc+1; 197 csp -= 1; /* argc itself */ 198 if ((unsigned long)csp & 15UL) { 199 sp -= (16UL - ((unsigned long)csp & 15UL)) / sizeof(*sp); 200 } 201 202 /* 203 * Put the ELF interpreter info on the stack 204 */ 205#define NEW_AUX_ENT(nr, id, val) \ 206 __put_user ((id), sp+(nr*2)); \ 207 __put_user ((val), sp+(nr*2+1)); \ 208 209 sp -= 2; 210 NEW_AUX_ENT(0, AT_NULL, 0); 211 212 if (exec) { 213 sp -= 11*2; 214 215 NEW_AUX_ENT (0, AT_PHDR, load_addr + exec->e_phoff); 216 NEW_AUX_ENT (1, AT_PHENT, sizeof (struct elf_phdr)); 217 NEW_AUX_ENT (2, AT_PHNUM, exec->e_phnum); 218 NEW_AUX_ENT (3, AT_PAGESZ, ELF_EXEC_PAGESIZE); 219 NEW_AUX_ENT (4, AT_BASE, interp_load_addr); 220 NEW_AUX_ENT (5, AT_FLAGS, 0); 221 NEW_AUX_ENT (6, AT_ENTRY, (elf_addr_t) exec->e_entry); 222 NEW_AUX_ENT (7, AT_UID, (elf_addr_t) current->uid); 223 NEW_AUX_ENT (8, AT_EUID, (elf_addr_t) current->euid); 224 NEW_AUX_ENT (9, AT_GID, (elf_addr_t) current->gid); 225 NEW_AUX_ENT (10, AT_EGID, (elf_addr_t) current->egid); 226 } 227#undef NEW_AUX_ENT 228 229 sp -= envc+1; 230 envp = sp; 231 sp -= argc+1; 232 argv = sp; 233 234 __put_user((elf_addr_t)argc,--sp); 235 current->mm->arg_start = (unsigned long) p; 236 while (argc-->0) { 237 __put_user((unsigned long)p,argv++); 238 p += strlen_user(p); 239 } 240 __put_user((unsigned long) NULL, argv); 241 current->mm->arg_end = current->mm->env_start = (unsigned long) p; 242 while (envc-->0) { 243 __put_user((unsigned long)p,envp++); 244 p += strlen_user(p); 245 } 246 __put_user((unsigned long) NULL, envp); 247 current->mm->env_end = (unsigned long) p; 248 return sp; 249} 250 251 252/* This is much more generalized than the library routine read function, 253 * so we keep this separate. Technically the library read function 254 * is only provided so that we can read a.out libraries that have 255 * an ELF header. 256 */ 257static unsigned int load_irix_interp(struct elfhdr * interp_elf_ex, 258 struct file * interpreter, 259 unsigned int *interp_load_addr) 260{ 261 struct elf_phdr *elf_phdata = NULL; 262 struct elf_phdr *eppnt; 263 unsigned int len; 264 unsigned int load_addr; 265 int elf_bss; 266 int retval; 267 unsigned int last_bss; 268 int error; 269 int i; 270 unsigned int k; 271 272 elf_bss = 0; 273 last_bss = 0; 274 error = load_addr = 0; 275 276 print_elfhdr(interp_elf_ex); 277 278 /* First of all, some simple consistency checks */ 279 if ((interp_elf_ex->e_type != ET_EXEC && 280 interp_elf_ex->e_type != ET_DYN) || 281 !interpreter->f_op->mmap) { 282 printk("IRIX interp has bad e_type %d\n", interp_elf_ex->e_type); 283 return 0xffffffff; 284 } 285 286 /* Now read in all of the header information */ 287 if (sizeof(struct elf_phdr) * interp_elf_ex->e_phnum > PAGE_SIZE) { 288 printk("IRIX interp header bigger than a page (%d)\n", 289 (sizeof(struct elf_phdr) * interp_elf_ex->e_phnum)); 290 return 0xffffffff; 291 } 292 293 elf_phdata = kmalloc(sizeof(struct elf_phdr) * interp_elf_ex->e_phnum, 294 GFP_KERNEL); 295 296 if (!elf_phdata) { 297 printk("Cannot kmalloc phdata for IRIX interp.\n"); 298 return 0xffffffff; 299 } 300 301 /* If the size of this structure has changed, then punt, since 302 * we will be doing the wrong thing. 303 */ 304 if (interp_elf_ex->e_phentsize != 32) { 305 printk("IRIX interp e_phentsize == %d != 32 ", 306 interp_elf_ex->e_phentsize); 307 kfree(elf_phdata); 308 return 0xffffffff; 309 } 310 311 retval = kernel_read(interpreter, interp_elf_ex->e_phoff, 312 (char *) elf_phdata, 313 sizeof(struct elf_phdr) * interp_elf_ex->e_phnum); 314 315 dump_phdrs(elf_phdata, interp_elf_ex->e_phnum); 316 317 eppnt = elf_phdata; 318 for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) { 319 if (eppnt->p_type == PT_LOAD) { 320 int elf_type = MAP_PRIVATE | MAP_DENYWRITE; 321 int elf_prot = 0; 322 unsigned long vaddr = 0; 323 if (eppnt->p_flags & PF_R) 324 elf_prot = PROT_READ; 325 if (eppnt->p_flags & PF_W) 326 elf_prot |= PROT_WRITE; 327 if (eppnt->p_flags & PF_X) 328 elf_prot |= PROT_EXEC; 329 elf_type |= MAP_FIXED; 330 vaddr = eppnt->p_vaddr; 331 332 pr_debug("INTERP do_mmap" 333 "(%p, %08lx, %08lx, %08lx, %08lx, %08lx) ", 334 interpreter, vaddr, 335 (unsigned long) 336 (eppnt->p_filesz + (eppnt->p_vaddr & 0xfff)), 337 (unsigned long) 338 elf_prot, (unsigned long) elf_type, 339 (unsigned long) 340 (eppnt->p_offset & 0xfffff000)); 341 342 down_write(¤t->mm->mmap_sem); 343 error = do_mmap(interpreter, vaddr, 344 eppnt->p_filesz + (eppnt->p_vaddr & 0xfff), 345 elf_prot, elf_type, 346 eppnt->p_offset & 0xfffff000); 347 up_write(¤t->mm->mmap_sem); 348 349 if (error < 0 && error > -1024) { 350 printk("Aieee IRIX interp mmap error=%d\n", 351 error); 352 break; /* Real error */ 353 } 354 pr_debug("error=%08lx ", (unsigned long) error); 355 if (!load_addr && interp_elf_ex->e_type == ET_DYN) { 356 load_addr = error; 357 pr_debug("load_addr = error "); 358 } 359 360 /* 361 * Find the end of the file mapping for this phdr, and 362 * keep track of the largest address we see for this. 363 */ 364 k = eppnt->p_vaddr + eppnt->p_filesz; 365 if (k > elf_bss) 366 elf_bss = k; 367 368 /* Do the same thing for the memory mapping - between 369 * elf_bss and last_bss is the bss section. 370 */ 371 k = eppnt->p_memsz + eppnt->p_vaddr; 372 if (k > last_bss) 373 last_bss = k; 374 pr_debug("\n"); 375 } 376 } 377 378 /* Now use mmap to map the library into memory. */ 379 if (error < 0 && error > -1024) { 380 pr_debug("got error %d\n", error); 381 kfree(elf_phdata); 382 return 0xffffffff; 383 } 384 385 /* Now fill out the bss section. First pad the last page up 386 * to the page boundary, and then perform a mmap to make sure 387 * that there are zero-mapped pages up to and including the 388 * last bss page. 389 */ 390 pr_debug("padzero(%08lx) ", (unsigned long) (elf_bss)); 391 padzero(elf_bss); 392 len = (elf_bss + 0xfff) & 0xfffff000; /* What we have mapped so far */ 393 394 pr_debug("last_bss[%08lx] len[%08lx]\n", (unsigned long) last_bss, 395 (unsigned long) len); 396 397 /* Map the last of the bss segment */ 398 if (last_bss > len) { 399 down_write(¤t->mm->mmap_sem); 400 do_brk(len, (last_bss - len)); 401 up_write(¤t->mm->mmap_sem); 402 } 403 kfree(elf_phdata); 404 405 *interp_load_addr = load_addr; 406 return ((unsigned int) interp_elf_ex->e_entry); 407} 408 409/* Check sanity of IRIX elf executable header. */ 410static int verify_binary(struct elfhdr *ehp, struct linux_binprm *bprm) 411{ 412 if (memcmp(ehp->e_ident, ELFMAG, SELFMAG) != 0) 413 return -ENOEXEC; 414 415 /* First of all, some simple consistency checks */ 416 if ((ehp->e_type != ET_EXEC && ehp->e_type != ET_DYN) || 417 !bprm->file->f_op->mmap) { 418 return -ENOEXEC; 419 } 420 421 if ((ehp->e_flags & EF_MIPS_ABI2)) 422 return -ENOEXEC; 423 424 return 0; 425} 426 427/* 428 * This is where the detailed check is performed. Irix binaries 429 * use interpreters with 'libc.so' in the name, so this function 430 * can differentiate between Linux and Irix binaries. 431 */ 432static inline int look_for_irix_interpreter(char **name, 433 struct file **interpreter, 434 struct elfhdr *interp_elf_ex, 435 struct elf_phdr *epp, 436 struct linux_binprm *bprm, int pnum) 437{ 438 int i; 439 int retval = -EINVAL; 440 struct file *file = NULL; 441 442 *name = NULL; 443 for (i = 0; i < pnum; i++, epp++) { 444 if (epp->p_type != PT_INTERP) 445 continue; 446 447 /* It is illegal to have two interpreters for one executable. */ 448 if (*name != NULL) 449 goto out; 450 451 *name = kmalloc(epp->p_filesz + strlen(IRIX_EMUL), GFP_KERNEL); 452 if (!*name) 453 return -ENOMEM; 454 455 strcpy(*name, IRIX_EMUL); 456 retval = kernel_read(bprm->file, epp->p_offset, (*name + 16), 457 epp->p_filesz); 458 if (retval < 0) 459 goto out; 460 461 file = open_exec(*name); 462 if (IS_ERR(file)) { 463 retval = PTR_ERR(file); 464 goto out; 465 } 466 retval = kernel_read(file, 0, bprm->buf, 128); 467 if (retval < 0) 468 goto dput_and_out; 469 470 *interp_elf_ex = *(struct elfhdr *) bprm->buf; 471 } 472 *interpreter = file; 473 return 0; 474 475dput_and_out: 476 fput(file); 477out: 478 kfree(*name); 479 return retval; 480} 481 482static inline int verify_irix_interpreter(struct elfhdr *ihp) 483{ 484 if (memcmp(ihp->e_ident, ELFMAG, SELFMAG) != 0) 485 return -ELIBBAD; 486 return 0; 487} 488 489#define EXEC_MAP_FLAGS (MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE) 490 491static inline void map_executable(struct file *fp, struct elf_phdr *epp, int pnum, 492 unsigned int *estack, unsigned int *laddr, 493 unsigned int *scode, unsigned int *ebss, 494 unsigned int *ecode, unsigned int *edata, 495 unsigned int *ebrk) 496{ 497 unsigned int tmp; 498 int i, prot; 499 500 for (i = 0; i < pnum; i++, epp++) { 501 if (epp->p_type != PT_LOAD) 502 continue; 503 504 /* Map it. */ 505 prot = (epp->p_flags & PF_R) ? PROT_READ : 0; 506 prot |= (epp->p_flags & PF_W) ? PROT_WRITE : 0; 507 prot |= (epp->p_flags & PF_X) ? PROT_EXEC : 0; 508 down_write(¤t->mm->mmap_sem); 509 (void) do_mmap(fp, (epp->p_vaddr & 0xfffff000), 510 (epp->p_filesz + (epp->p_vaddr & 0xfff)), 511 prot, EXEC_MAP_FLAGS, 512 (epp->p_offset & 0xfffff000)); 513 up_write(¤t->mm->mmap_sem); 514 515 /* Fixup location tracking vars. */ 516 if ((epp->p_vaddr & 0xfffff000) < *estack) 517 *estack = (epp->p_vaddr & 0xfffff000); 518 if (!*laddr) 519 *laddr = epp->p_vaddr - epp->p_offset; 520 if (epp->p_vaddr < *scode) 521 *scode = epp->p_vaddr; 522 523 tmp = epp->p_vaddr + epp->p_filesz; 524 if (tmp > *ebss) 525 *ebss = tmp; 526 if ((epp->p_flags & PF_X) && *ecode < tmp) 527 *ecode = tmp; 528 if (*edata < tmp) 529 *edata = tmp; 530 531 tmp = epp->p_vaddr + epp->p_memsz; 532 if (tmp > *ebrk) 533 *ebrk = tmp; 534 } 535 536} 537 538static inline int map_interpreter(struct elf_phdr *epp, struct elfhdr *ihp, 539 struct file *interp, unsigned int *iladdr, 540 int pnum, mm_segment_t old_fs, 541 unsigned int *eentry) 542{ 543 int i; 544 545 *eentry = 0xffffffff; 546 for (i = 0; i < pnum; i++, epp++) { 547 if (epp->p_type != PT_INTERP) 548 continue; 549 550 /* We should have fielded this error elsewhere... */ 551 if (*eentry != 0xffffffff) 552 return -1; 553 554 set_fs(old_fs); 555 *eentry = load_irix_interp(ihp, interp, iladdr); 556 old_fs = get_fs(); 557 set_fs(get_ds()); 558 559 fput(interp); 560 561 if (*eentry == 0xffffffff) 562 return -1; 563 } 564 return 0; 565} 566 567/* 568 * IRIX maps a page at 0x200000 that holds information about the 569 * process and the system, here we map the page and fill the 570 * structure 571 */ 572static void irix_map_prda_page(void) 573{ 574 unsigned long v; 575 struct prda *pp; 576 577 down_write(¤t->mm->mmap_sem); 578 v = do_brk (PRDA_ADDRESS, PAGE_SIZE); 579 up_write(¤t->mm->mmap_sem); 580 581 if (v < 0) 582 return; 583 584 pp = (struct prda *) v; 585 pp->prda_sys.t_pid = current->pid; 586 pp->prda_sys.t_prid = read_c0_prid(); 587 pp->prda_sys.t_rpid = current->pid; 588 589 /* We leave the rest set to zero */ 590} 591 592 593 594/* These are the functions used to load ELF style executables and shared 595 * libraries. There is no binary dependent code anywhere else. 596 */ 597static int load_irix_binary(struct linux_binprm * bprm, struct pt_regs * regs) 598{ 599 struct elfhdr elf_ex, interp_elf_ex; 600 struct file *interpreter; 601 struct elf_phdr *elf_phdata, *elf_ihdr, *elf_ephdr; 602 unsigned int load_addr, elf_bss, elf_brk; 603 unsigned int elf_entry, interp_load_addr = 0; 604 unsigned int start_code, end_code, end_data, elf_stack; 605 int retval, has_interp, has_ephdr, size, i; 606 char *elf_interpreter; 607 mm_segment_t old_fs; 608 609 load_addr = 0; 610 has_interp = has_ephdr = 0; 611 elf_ihdr = elf_ephdr = NULL; 612 elf_ex = *((struct elfhdr *) bprm->buf); 613 retval = -ENOEXEC; 614 615 if (verify_binary(&elf_ex, bprm)) 616 goto out; 617 618 /* 619 * Telling -o32 static binaries from Linux and Irix apart from each 620 * other is difficult. There are 2 differences to be noted for static 621 * binaries from the 2 operating systems: 622 * 623 * 1) Irix binaries have their .text section before their .init 624 * section. Linux binaries are just the opposite. 625 * 626 * 2) Irix binaries usually have <= 12 sections and Linux 627 * binaries have > 20. 628 * 629 * We will use Method #2 since Method #1 would require us to read in 630 * the section headers which is way too much overhead. This appears 631 * to work for everything we have ran into so far. If anyone has a 632 * better method to tell the binaries apart, I'm listening. 633 */ 634 if (elf_ex.e_shnum > 20) 635 goto out; 636 637 print_elfhdr(&elf_ex); 638 639 /* Now read in all of the header information */ 640 size = elf_ex.e_phentsize * elf_ex.e_phnum; 641 if (size > 65536) 642 goto out; 643 elf_phdata = kmalloc(size, GFP_KERNEL); 644 if (elf_phdata == NULL) { 645 retval = -ENOMEM; 646 goto out; 647 } 648 649 retval = kernel_read(bprm->file, elf_ex.e_phoff, (char *)elf_phdata, size); 650 if (retval < 0) 651 goto out_free_ph; 652 653 dump_phdrs(elf_phdata, elf_ex.e_phnum); 654 655 /* Set some things for later. */ 656 for (i = 0; i < elf_ex.e_phnum; i++) { 657 switch (elf_phdata[i].p_type) { 658 case PT_INTERP: 659 has_interp = 1; 660 elf_ihdr = &elf_phdata[i]; 661 break; 662 case PT_PHDR: 663 has_ephdr = 1; 664 elf_ephdr = &elf_phdata[i]; 665 break; 666 }; 667 } 668 669 pr_debug("\n"); 670 671 elf_bss = 0; 672 elf_brk = 0; 673 674 elf_stack = 0xffffffff; 675 elf_interpreter = NULL; 676 start_code = 0xffffffff; 677 end_code = 0; 678 end_data = 0; 679 680 /* 681 * If we get a return value, we change the value to be ENOEXEC 682 * so that we can exit gracefully and the main binary format 683 * search loop in 'fs/exec.c' will move onto the next handler 684 * which should be the normal ELF binary handler. 685 */ 686 retval = look_for_irix_interpreter(&elf_interpreter, &interpreter, 687 &interp_elf_ex, elf_phdata, bprm, 688 elf_ex.e_phnum); 689 if (retval) { 690 retval = -ENOEXEC; 691 goto out_free_file; 692 } 693 694 if (elf_interpreter) { 695 retval = verify_irix_interpreter(&interp_elf_ex); 696 if (retval) 697 goto out_free_interp; 698 } 699 700 /* OK, we are done with that, now set up the arg stuff, 701 * and then start this sucker up. 702 */ 703 retval = -E2BIG; 704 if (!bprm->sh_bang && !bprm->p) 705 goto out_free_interp; 706 707 /* Flush all traces of the currently running executable */ 708 retval = flush_old_exec(bprm); 709 if (retval) 710 goto out_free_dentry; 711 712 /* OK, This is the point of no return */ 713 current->mm->end_data = 0; 714 current->mm->end_code = 0; 715 current->mm->mmap = NULL; 716 current->flags &= ~PF_FORKNOEXEC; 717 elf_entry = (unsigned int) elf_ex.e_entry; 718 719 /* Do this so that we can load the interpreter, if need be. We will 720 * change some of these later. 721 */ 722 setup_arg_pages(bprm, STACK_TOP, EXSTACK_DEFAULT); 723 current->mm->start_stack = bprm->p; 724 725 /* At this point, we assume that the image should be loaded at 726 * fixed address, not at a variable address. 727 */ 728 old_fs = get_fs(); 729 set_fs(get_ds()); 730 731 map_executable(bprm->file, elf_phdata, elf_ex.e_phnum, &elf_stack, 732 &load_addr, &start_code, &elf_bss, &end_code, 733 &end_data, &elf_brk); 734 735 if (elf_interpreter) { 736 retval = map_interpreter(elf_phdata, &interp_elf_ex, 737 interpreter, &interp_load_addr, 738 elf_ex.e_phnum, old_fs, &elf_entry); 739 kfree(elf_interpreter); 740 if (retval) { 741 set_fs(old_fs); 742 printk("Unable to load IRIX ELF interpreter\n"); 743 send_sig(SIGSEGV, current, 0); 744 retval = 0; 745 goto out_free_file; 746 } 747 } 748 749 set_fs(old_fs); 750 751 kfree(elf_phdata); 752 set_personality(PER_IRIX32); 753 set_binfmt(&irix_format); 754 compute_creds(bprm); 755 current->flags &= ~PF_FORKNOEXEC; 756 bprm->p = (unsigned long) 757 create_irix_tables((char *)bprm->p, bprm->argc, bprm->envc, 758 (elf_interpreter ? &elf_ex : NULL), 759 load_addr, interp_load_addr, regs, elf_ephdr); 760 current->mm->start_brk = current->mm->brk = elf_brk; 761 current->mm->end_code = end_code; 762 current->mm->start_code = start_code; 763 current->mm->end_data = end_data; 764 current->mm->start_stack = bprm->p; 765 766 /* Calling set_brk effectively mmaps the pages that we need for the 767 * bss and break sections. 768 */ 769 set_brk(elf_bss, elf_brk); 770 771 /* 772 * IRIX maps a page at 0x200000 which holds some system 773 * information. Programs depend on this. 774 */ 775 irix_map_prda_page(); 776 777 padzero(elf_bss); 778 779 pr_debug("(start_brk) %lx\n" , (long) current->mm->start_brk); 780 pr_debug("(end_code) %lx\n" , (long) current->mm->end_code); 781 pr_debug("(start_code) %lx\n" , (long) current->mm->start_code); 782 pr_debug("(end_data) %lx\n" , (long) current->mm->end_data); 783 pr_debug("(start_stack) %lx\n" , (long) current->mm->start_stack); 784 pr_debug("(brk) %lx\n" , (long) current->mm->brk); 785 786 787 start_thread(regs, elf_entry, bprm->p); 788 if (current->ptrace & PT_PTRACED) 789 send_sig(SIGTRAP, current, 0); 790 return 0; 791out: 792 return retval; 793 794out_free_dentry: 795 allow_write_access(interpreter); 796 fput(interpreter); 797out_free_interp: 798 kfree(elf_interpreter); 799out_free_file: 800out_free_ph: 801 kfree (elf_phdata); 802 goto out; 803} 804 805/* This is really simpleminded and specialized - we are loading an 806 * a.out library that is given an ELF header. 807 */ 808static int load_irix_library(struct file *file) 809{ 810 struct elfhdr elf_ex; 811 struct elf_phdr *elf_phdata = NULL; 812 unsigned int len = 0; 813 int elf_bss = 0; 814 int retval; 815 unsigned int bss; 816 int error; 817 int i,j, k; 818 819 error = kernel_read(file, 0, (char *) &elf_ex, sizeof(elf_ex)); 820 if (error != sizeof(elf_ex)) 821 return -ENOEXEC; 822 823 if (memcmp(elf_ex.e_ident, ELFMAG, SELFMAG) != 0) 824 return -ENOEXEC; 825 826 /* First of all, some simple consistency checks. */ 827 if (elf_ex.e_type != ET_EXEC || elf_ex.e_phnum > 2 || 828 !file->f_op->mmap) 829 return -ENOEXEC; 830 831 /* Now read in all of the header information. */ 832 if (sizeof(struct elf_phdr) * elf_ex.e_phnum > PAGE_SIZE) 833 return -ENOEXEC; 834 835 elf_phdata = kmalloc(sizeof(struct elf_phdr) * elf_ex.e_phnum, GFP_KERNEL); 836 if (elf_phdata == NULL) 837 return -ENOMEM; 838 839 retval = kernel_read(file, elf_ex.e_phoff, (char *) elf_phdata, 840 sizeof(struct elf_phdr) * elf_ex.e_phnum); 841 842 j = 0; 843 for (i=0; i<elf_ex.e_phnum; i++) 844 if ((elf_phdata + i)->p_type == PT_LOAD) j++; 845 846 if (j != 1) { 847 kfree(elf_phdata); 848 return -ENOEXEC; 849 } 850 851 while (elf_phdata->p_type != PT_LOAD) elf_phdata++; 852 853 /* Now use mmap to map the library into memory. */ 854 down_write(¤t->mm->mmap_sem); 855 error = do_mmap(file, 856 elf_phdata->p_vaddr & 0xfffff000, 857 elf_phdata->p_filesz + (elf_phdata->p_vaddr & 0xfff), 858 PROT_READ | PROT_WRITE | PROT_EXEC, 859 MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE, 860 elf_phdata->p_offset & 0xfffff000); 861 up_write(¤t->mm->mmap_sem); 862 863 k = elf_phdata->p_vaddr + elf_phdata->p_filesz; 864 if (k > elf_bss) elf_bss = k; 865 866 if (error != (elf_phdata->p_vaddr & 0xfffff000)) { 867 kfree(elf_phdata); 868 return error; 869 } 870 871 padzero(elf_bss); 872 873 len = (elf_phdata->p_filesz + elf_phdata->p_vaddr+ 0xfff) & 0xfffff000; 874 bss = elf_phdata->p_memsz + elf_phdata->p_vaddr; 875 if (bss > len) { 876 down_write(¤t->mm->mmap_sem); 877 do_brk(len, bss-len); 878 up_write(¤t->mm->mmap_sem); 879 } 880 kfree(elf_phdata); 881 return 0; 882} 883 884/* Called through irix_syssgi() to map an elf image given an FD, 885 * a phdr ptr USER_PHDRP in userspace, and a count CNT telling how many 886 * phdrs there are in the USER_PHDRP array. We return the vaddr the 887 * first phdr was successfully mapped to. 888 */ 889unsigned long irix_mapelf(int fd, struct elf_phdr __user *user_phdrp, int cnt) 890{ 891 unsigned long type, vaddr, filesz, offset, flags; 892 struct elf_phdr __user *hp; 893 struct file *filp; 894 int i, retval; 895 896 pr_debug("irix_mapelf: fd[%d] user_phdrp[%p] cnt[%d]\n", 897 fd, user_phdrp, cnt); 898 899 /* First get the verification out of the way. */ 900 hp = user_phdrp; 901 if (!access_ok(VERIFY_READ, hp, (sizeof(struct elf_phdr) * cnt))) { 902 pr_debug("irix_mapelf: bad pointer to ELF PHDR!\n"); 903 904 return -EFAULT; 905 } 906 907 dump_phdrs(user_phdrp, cnt); 908 909 for (i = 0; i < cnt; i++, hp++) { 910 if (__get_user(type, &hp->p_type)) 911 return -EFAULT; 912 if (type != PT_LOAD) { 913 printk("irix_mapelf: One section is not PT_LOAD!\n"); 914 return -ENOEXEC; 915 } 916 } 917 918 filp = fget(fd); 919 if (!filp) 920 return -EACCES; 921 if (!filp->f_op) { 922 printk("irix_mapelf: Bogon filp!\n"); 923 fput(filp); 924 return -EACCES; 925 } 926 927 hp = user_phdrp; 928 for (i = 0; i < cnt; i++, hp++) { 929 int prot; 930 931 retval = __get_user(vaddr, &hp->p_vaddr); 932 retval |= __get_user(filesz, &hp->p_filesz); 933 retval |= __get_user(offset, &hp->p_offset); 934 retval |= __get_user(flags, &hp->p_flags); 935 if (retval) 936 return retval; 937 938 prot = (flags & PF_R) ? PROT_READ : 0; 939 prot |= (flags & PF_W) ? PROT_WRITE : 0; 940 prot |= (flags & PF_X) ? PROT_EXEC : 0; 941 942 down_write(¤t->mm->mmap_sem); 943 retval = do_mmap(filp, (vaddr & 0xfffff000), 944 (filesz + (vaddr & 0xfff)), 945 prot, (MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE), 946 (offset & 0xfffff000)); 947 up_write(¤t->mm->mmap_sem); 948 949 if (retval != (vaddr & 0xfffff000)) { 950 printk("irix_mapelf: do_mmap fails with %d!\n", retval); 951 fput(filp); 952 return retval; 953 } 954 } 955 956 pr_debug("irix_mapelf: Success, returning %08lx\n", 957 (unsigned long) user_phdrp->p_vaddr); 958 959 fput(filp); 960 961 if (__get_user(vaddr, &user_phdrp->p_vaddr)) 962 return -EFAULT; 963 964 return vaddr; 965} 966 967/* 968 * ELF core dumper 969 * 970 * Modelled on fs/exec.c:aout_core_dump() 971 * Jeremy Fitzhardinge <jeremy@sw.oz.au> 972 */ 973 974/* These are the only things you should do on a core-file: use only these 975 * functions to write out all the necessary info. 976 */ 977static int dump_write(struct file *file, const void __user *addr, int nr) 978{ 979 return file->f_op->write(file, (const char __user *) addr, nr, &file->f_pos) == nr; 980} 981 982static int dump_seek(struct file *file, off_t off) 983{ 984 if (file->f_op->llseek) { 985 if (file->f_op->llseek(file, off, 0) != off) 986 return 0; 987 } else 988 file->f_pos = off; 989 return 1; 990} 991 992/* Decide whether a segment is worth dumping; default is yes to be 993 * sure (missing info is worse than too much; etc). 994 * Personally I'd include everything, and use the coredump limit... 995 * 996 * I think we should skip something. But I am not sure how. H.J. 997 */ 998static inline int maydump(struct vm_area_struct *vma) 999{ 1000 if (!(vma->vm_flags & (VM_READ|VM_WRITE|VM_EXEC))) 1001 return 0; 1002 if (vma->vm_flags & (VM_WRITE|VM_GROWSUP|VM_GROWSDOWN)) 1003 return 1; 1004 if (vma->vm_flags & (VM_READ|VM_EXEC|VM_EXECUTABLE|VM_SHARED)) 1005 return 0; 1006 return 1; 1007} 1008 1009/* An ELF note in memory. */ 1010struct memelfnote 1011{ 1012 const char *name; 1013 int type; 1014 unsigned int datasz; 1015 void *data; 1016}; 1017 1018static int notesize(struct memelfnote *en) 1019{ 1020 int sz; 1021 1022 sz = sizeof(struct elf_note); 1023 sz += roundup(strlen(en->name) + 1, 4); 1024 sz += roundup(en->datasz, 4); 1025 1026 return sz; 1027} 1028 1029#define DUMP_WRITE(addr, nr) \ 1030 if (!dump_write(file, (addr), (nr))) \ 1031 goto end_coredump; 1032#define DUMP_SEEK(off) \ 1033 if (!dump_seek(file, (off))) \ 1034 goto end_coredump; 1035 1036static int writenote(struct memelfnote *men, struct file *file) 1037{ 1038 struct elf_note en; 1039 1040 en.n_namesz = strlen(men->name) + 1; 1041 en.n_descsz = men->datasz; 1042 en.n_type = men->type; 1043 1044 DUMP_WRITE(&en, sizeof(en)); 1045 DUMP_WRITE(men->name, en.n_namesz); 1046 DUMP_SEEK(roundup((unsigned long)file->f_pos, 4)); 1047 DUMP_WRITE(men->data, men->datasz); 1048 DUMP_SEEK(roundup((unsigned long)file->f_pos, 4)); 1049 1050 return 1; 1051 1052end_coredump: 1053 return 0; 1054} 1055#undef DUMP_WRITE 1056#undef DUMP_SEEK 1057 1058#define DUMP_WRITE(addr, nr) \ 1059 if (!dump_write(file, (addr), (nr))) \ 1060 goto end_coredump; 1061#define DUMP_SEEK(off) \ 1062 if (!dump_seek(file, (off))) \ 1063 goto end_coredump; 1064 1065/* Actual dumper. 1066 * 1067 * This is a two-pass process; first we find the offsets of the bits, 1068 * and then they are actually written out. If we run out of core limit 1069 * we just truncate. 1070 */ 1071static int irix_core_dump(long signr, struct pt_regs * regs, struct file *file) 1072{ 1073 int has_dumped = 0; 1074 mm_segment_t fs; 1075 int segs; 1076 int i; 1077 size_t size; 1078 struct vm_area_struct *vma; 1079 struct elfhdr elf; 1080 off_t offset = 0, dataoff; 1081 int limit = current->signal->rlim[RLIMIT_CORE].rlim_cur; 1082 int numnote = 3; 1083 struct memelfnote notes[3]; 1084 struct elf_prstatus prstatus; /* NT_PRSTATUS */ 1085 elf_fpregset_t fpu; /* NT_PRFPREG */ 1086 struct elf_prpsinfo psinfo; /* NT_PRPSINFO */ 1087 1088 /* Count what's needed to dump, up to the limit of coredump size. */ 1089 segs = 0; 1090 size = 0; 1091 for (vma = current->mm->mmap; vma != NULL; vma = vma->vm_next) { 1092 if (maydump(vma)) 1093 { 1094 int sz = vma->vm_end-vma->vm_start; 1095 1096 if (size+sz >= limit) 1097 break; 1098 else 1099 size += sz; 1100 } 1101 1102 segs++; 1103 } 1104 pr_debug("irix_core_dump: %d segs taking %d bytes\n", segs, size); 1105 1106 /* Set up header. */ 1107 memcpy(elf.e_ident, ELFMAG, SELFMAG); 1108 elf.e_ident[EI_CLASS] = ELFCLASS32; 1109 elf.e_ident[EI_DATA] = ELFDATA2LSB; 1110 elf.e_ident[EI_VERSION] = EV_CURRENT; 1111 elf.e_ident[EI_OSABI] = ELF_OSABI; 1112 memset(elf.e_ident+EI_PAD, 0, EI_NIDENT-EI_PAD); 1113 1114 elf.e_type = ET_CORE; 1115 elf.e_machine = ELF_ARCH; 1116 elf.e_version = EV_CURRENT; 1117 elf.e_entry = 0; 1118 elf.e_phoff = sizeof(elf); 1119 elf.e_shoff = 0; 1120 elf.e_flags = 0; 1121 elf.e_ehsize = sizeof(elf); 1122 elf.e_phentsize = sizeof(struct elf_phdr); 1123 elf.e_phnum = segs+1; /* Include notes. */ 1124 elf.e_shentsize = 0; 1125 elf.e_shnum = 0; 1126 elf.e_shstrndx = 0; 1127 1128 fs = get_fs(); 1129 set_fs(KERNEL_DS); 1130 1131 has_dumped = 1; 1132 current->flags |= PF_DUMPCORE; 1133 1134 DUMP_WRITE(&elf, sizeof(elf)); 1135 offset += sizeof(elf); /* Elf header. */ 1136 offset += (segs+1) * sizeof(struct elf_phdr); /* Program headers. */ 1137 1138 /* Set up the notes in similar form to SVR4 core dumps made 1139 * with info from their /proc. 1140 */ 1141 memset(&psinfo, 0, sizeof(psinfo)); 1142 memset(&prstatus, 0, sizeof(prstatus)); 1143 1144 notes[0].name = "CORE"; 1145 notes[0].type = NT_PRSTATUS; 1146 notes[0].datasz = sizeof(prstatus); 1147 notes[0].data = &prstatus; 1148 prstatus.pr_info.si_signo = prstatus.pr_cursig = signr; 1149 prstatus.pr_sigpend = current->pending.signal.sig[0]; 1150 prstatus.pr_sighold = current->blocked.sig[0]; 1151 psinfo.pr_pid = prstatus.pr_pid = current->pid; 1152 psinfo.pr_ppid = prstatus.pr_ppid = current->parent->pid; 1153 psinfo.pr_pgrp = prstatus.pr_pgrp = process_group(current); 1154 psinfo.pr_sid = prstatus.pr_sid = process_session(current); 1155 if (current->pid == current->tgid) { 1156 /* 1157 * This is the record for the group leader. Add in the 1158 * cumulative times of previous dead threads. This total 1159 * won't include the time of each live thread whose state 1160 * is included in the core dump. The final total reported 1161 * to our parent process when it calls wait4 will include 1162 * those sums as well as the little bit more time it takes 1163 * this and each other thread to finish dying after the 1164 * core dump synchronization phase. 1165 */ 1166 jiffies_to_timeval(current->utime + current->signal->utime, 1167 &prstatus.pr_utime); 1168 jiffies_to_timeval(current->stime + current->signal->stime, 1169 &prstatus.pr_stime); 1170 } else { 1171 jiffies_to_timeval(current->utime, &prstatus.pr_utime); 1172 jiffies_to_timeval(current->stime, &prstatus.pr_stime); 1173 } 1174 jiffies_to_timeval(current->signal->cutime, &prstatus.pr_cutime); 1175 jiffies_to_timeval(current->signal->cstime, &prstatus.pr_cstime); 1176 1177 if (sizeof(elf_gregset_t) != sizeof(struct pt_regs)) { 1178 printk("sizeof(elf_gregset_t) (%d) != sizeof(struct pt_regs) " 1179 "(%d)\n", sizeof(elf_gregset_t), sizeof(struct pt_regs)); 1180 } else { 1181 *(struct pt_regs *)&prstatus.pr_reg = *regs; 1182 } 1183 1184 notes[1].name = "CORE"; 1185 notes[1].type = NT_PRPSINFO; 1186 notes[1].datasz = sizeof(psinfo); 1187 notes[1].data = &psinfo; 1188 i = current->state ? ffz(~current->state) + 1 : 0; 1189 psinfo.pr_state = i; 1190 psinfo.pr_sname = (i < 0 || i > 5) ? '.' : "RSDZTD"[i]; 1191 psinfo.pr_zomb = psinfo.pr_sname == 'Z'; 1192 psinfo.pr_nice = task_nice(current); 1193 psinfo.pr_flag = current->flags; 1194 psinfo.pr_uid = current->uid; 1195 psinfo.pr_gid = current->gid; 1196 { 1197 int i, len; 1198 1199 set_fs(fs); 1200 1201 len = current->mm->arg_end - current->mm->arg_start; 1202 len = len >= ELF_PRARGSZ ? ELF_PRARGSZ : len; 1203 (void *) copy_from_user(&psinfo.pr_psargs, 1204 (const char __user *)current->mm->arg_start, len); 1205 for (i = 0; i < len; i++) 1206 if (psinfo.pr_psargs[i] == 0) 1207 psinfo.pr_psargs[i] = ' '; 1208 psinfo.pr_psargs[len] = 0; 1209 1210 set_fs(KERNEL_DS); 1211 } 1212 strlcpy(psinfo.pr_fname, current->comm, sizeof(psinfo.pr_fname)); 1213 1214 /* Try to dump the FPU. */ 1215 prstatus.pr_fpvalid = dump_fpu (regs, &fpu); 1216 if (!prstatus.pr_fpvalid) { 1217 numnote--; 1218 } else { 1219 notes[2].name = "CORE"; 1220 notes[2].type = NT_PRFPREG; 1221 notes[2].datasz = sizeof(fpu); 1222 notes[2].data = &fpu; 1223 } 1224 1225 /* Write notes phdr entry. */ 1226 { 1227 struct elf_phdr phdr; 1228 int sz = 0; 1229 1230 for (i = 0; i < numnote; i++) 1231 sz += notesize(¬es[i]); 1232 1233 phdr.p_type = PT_NOTE; 1234 phdr.p_offset = offset; 1235 phdr.p_vaddr = 0; 1236 phdr.p_paddr = 0; 1237 phdr.p_filesz = sz; 1238 phdr.p_memsz = 0; 1239 phdr.p_flags = 0; 1240 phdr.p_align = 0; 1241 1242 offset += phdr.p_filesz; 1243 DUMP_WRITE(&phdr, sizeof(phdr)); 1244 } 1245 1246 /* Page-align dumped data. */ 1247 dataoff = offset = roundup(offset, PAGE_SIZE); 1248 1249 /* Write program headers for segments dump. */ 1250 for (vma = current->mm->mmap, i = 0; 1251 i < segs && vma != NULL; vma = vma->vm_next) { 1252 struct elf_phdr phdr; 1253 size_t sz; 1254 1255 i++; 1256 1257 sz = vma->vm_end - vma->vm_start; 1258 1259 phdr.p_type = PT_LOAD; 1260 phdr.p_offset = offset; 1261 phdr.p_vaddr = vma->vm_start; 1262 phdr.p_paddr = 0; 1263 phdr.p_filesz = maydump(vma) ? sz : 0; 1264 phdr.p_memsz = sz; 1265 offset += phdr.p_filesz; 1266 phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0; 1267 if (vma->vm_flags & VM_WRITE) 1268 phdr.p_flags |= PF_W; 1269 if (vma->vm_flags & VM_EXEC) 1270 phdr.p_flags |= PF_X; 1271 phdr.p_align = PAGE_SIZE; 1272 1273 DUMP_WRITE(&phdr, sizeof(phdr)); 1274 } 1275 1276 for (i = 0; i < numnote; i++) 1277 if (!writenote(¬es[i], file)) 1278 goto end_coredump; 1279 1280 set_fs(fs); 1281 1282 DUMP_SEEK(dataoff); 1283 1284 for (i = 0, vma = current->mm->mmap; 1285 i < segs && vma != NULL; 1286 vma = vma->vm_next) { 1287 unsigned long addr = vma->vm_start; 1288 unsigned long len = vma->vm_end - vma->vm_start; 1289 1290 if (!maydump(vma)) 1291 continue; 1292 i++; 1293 pr_debug("elf_core_dump: writing %08lx %lx\n", addr, len); 1294 DUMP_WRITE((void __user *)addr, len); 1295 } 1296 1297 if ((off_t) file->f_pos != offset) { 1298 /* Sanity check. */ 1299 printk("elf_core_dump: file->f_pos (%ld) != offset (%ld)\n", 1300 (off_t) file->f_pos, offset); 1301 } 1302 1303end_coredump: 1304 set_fs(fs); 1305 return has_dumped; 1306} 1307 1308static int __init init_irix_binfmt(void) 1309{ 1310 extern int init_inventory(void); 1311 extern asmlinkage unsigned long sys_call_table; 1312 extern asmlinkage unsigned long sys_call_table_irix5; 1313 1314 init_inventory(); 1315 1316 /* 1317 * Copy the IRIX5 syscall table (8000 bytes) into the main syscall 1318 * table. The IRIX5 calls are located by an offset of 8000 bytes 1319 * from the beginning of the main table. 1320 */ 1321 memcpy((void *) ((unsigned long) &sys_call_table + 8000), 1322 &sys_call_table_irix5, 8000); 1323 1324 return register_binfmt(&irix_format); 1325} 1326 1327static void __exit exit_irix_binfmt(void) 1328{ 1329 /* 1330 * Remove the Irix ELF loader. 1331 */ 1332 unregister_binfmt(&irix_format); 1333} 1334 1335module_init(init_irix_binfmt) 1336module_exit(exit_irix_binfmt) 1337