diff options
Diffstat (limited to 'arch/mips/kernel/irixelf.c')
-rw-r--r-- | arch/mips/kernel/irixelf.c | 254 |
1 files changed, 133 insertions, 121 deletions
diff --git a/arch/mips/kernel/irixelf.c b/arch/mips/kernel/irixelf.c index 4af20cd91f9..10d3644e360 100644 --- a/arch/mips/kernel/irixelf.c +++ b/arch/mips/kernel/irixelf.c @@ -8,7 +8,7 @@ * * Copyright (C) 1993 - 1994 Eric Youngdale <ericy@cais.com> * Copyright (C) 1996 - 2004 David S. Miller <dm@engr.sgi.com> - * Copyright (C) 2004 Steven J. Hill <sjhill@realitydiluted.com> + * Copyright (C) 2004 - 2005 Steven J. Hill <sjhill@realitydiluted.com> */ #include <linux/module.h> #include <linux/fs.h> @@ -31,15 +31,16 @@ #include <linux/elfcore.h> #include <linux/smp_lock.h> -#include <asm/uaccess.h> #include <asm/mipsregs.h> +#include <asm/namei.h> #include <asm/prctl.h> +#include <asm/uaccess.h> #define DLINFO_ITEMS 12 #include <linux/elf.h> -#undef DEBUG_ELF +#undef DEBUG static int load_irix_binary(struct linux_binprm * bprm, struct pt_regs * regs); static int load_irix_library(struct file *); @@ -55,7 +56,7 @@ static struct linux_binfmt irix_format = { #define elf_addr_t unsigned long #endif -#ifdef DEBUG_ELF +#ifdef DEBUG /* Debugging routines. */ static char *get_elf_p_type(Elf32_Word p_type) { @@ -120,7 +121,7 @@ static void dump_phdrs(struct elf_phdr *ep, int pnum) print_phdr(i, ep); } } -#endif /* (DEBUG_ELF) */ +#endif /* DEBUG */ static void set_brk(unsigned long start, unsigned long end) { @@ -146,20 +147,20 @@ static void padzero(unsigned long elf_bss) nbyte = elf_bss & (PAGE_SIZE-1); if (nbyte) { nbyte = PAGE_SIZE - nbyte; - clear_user((void *) elf_bss, nbyte); + clear_user((void __user *) elf_bss, nbyte); } } -unsigned long * create_irix_tables(char * p, int argc, int envc, - struct elfhdr * exec, unsigned int load_addr, - unsigned int interp_load_addr, - struct pt_regs *regs, struct elf_phdr *ephdr) +static unsigned long * create_irix_tables(char * p, int argc, int envc, + struct elfhdr * exec, unsigned int load_addr, + unsigned int interp_load_addr, struct pt_regs *regs, + struct elf_phdr *ephdr) { elf_addr_t *argv; elf_addr_t *envp; elf_addr_t *sp, *csp; -#ifdef DEBUG_ELF +#ifdef DEBUG printk("create_irix_tables: p[%p] argc[%d] envc[%d] " "load_addr[%08x] interp_load_addr[%08x]\n", p, argc, envc, load_addr, interp_load_addr); @@ -248,14 +249,13 @@ static unsigned int load_irix_interp(struct elfhdr * interp_elf_ex, last_bss = 0; error = load_addr = 0; -#ifdef DEBUG_ELF +#ifdef DEBUG print_elfhdr(interp_elf_ex); #endif /* First of all, some simple consistency checks */ if ((interp_elf_ex->e_type != ET_EXEC && interp_elf_ex->e_type != ET_DYN) || - !irix_elf_check_arch(interp_elf_ex) || !interpreter->f_op->mmap) { printk("IRIX interp has bad e_type %d\n", interp_elf_ex->e_type); return 0xffffffff; @@ -290,7 +290,7 @@ static unsigned int load_irix_interp(struct elfhdr * interp_elf_ex, (char *) elf_phdata, sizeof(struct elf_phdr) * interp_elf_ex->e_phnum); -#ifdef DEBUG_ELF +#ifdef DEBUG dump_phdrs(elf_phdata, interp_elf_ex->e_phnum); #endif @@ -306,13 +306,11 @@ static unsigned int load_irix_interp(struct elfhdr * interp_elf_ex, elf_type |= MAP_FIXED; vaddr = eppnt->p_vaddr; -#ifdef DEBUG_ELF - printk("INTERP do_mmap(%p, %08lx, %08lx, %08lx, %08lx, %08lx) ", + pr_debug("INTERP do_mmap(%p, %08lx, %08lx, %08lx, %08lx, %08lx) ", interpreter, vaddr, (unsigned long) (eppnt->p_filesz + (eppnt->p_vaddr & 0xfff)), (unsigned long) elf_prot, (unsigned long) elf_type, (unsigned long) (eppnt->p_offset & 0xfffff000)); -#endif down_write(¤t->mm->mmap_sem); error = do_mmap(interpreter, vaddr, eppnt->p_filesz + (eppnt->p_vaddr & 0xfff), @@ -324,14 +322,10 @@ static unsigned int load_irix_interp(struct elfhdr * interp_elf_ex, printk("Aieee IRIX interp mmap error=%d\n", error); break; /* Real error */ } -#ifdef DEBUG_ELF - printk("error=%08lx ", (unsigned long) error); -#endif + pr_debug("error=%08lx ", (unsigned long) error); if(!load_addr && interp_elf_ex->e_type == ET_DYN) { load_addr = error; -#ifdef DEBUG_ELF - printk("load_addr = error "); -#endif + pr_debug("load_addr = error "); } /* Find the end of the file mapping for this phdr, and keep @@ -345,17 +339,13 @@ static unsigned int load_irix_interp(struct elfhdr * interp_elf_ex, */ k = eppnt->p_memsz + eppnt->p_vaddr; if(k > last_bss) last_bss = k; -#ifdef DEBUG_ELF - printk("\n"); -#endif + pr_debug("\n"); } } /* Now use mmap to map the library into memory. */ if(error < 0 && error > -1024) { -#ifdef DEBUG_ELF - printk("got error %d\n", error); -#endif + pr_debug("got error %d\n", error); kfree(elf_phdata); return 0xffffffff; } @@ -365,16 +355,12 @@ static unsigned int load_irix_interp(struct elfhdr * interp_elf_ex, * that there are zero-mapped pages up to and including the * last bss page. */ -#ifdef DEBUG_ELF - printk("padzero(%08lx) ", (unsigned long) (elf_bss)); -#endif + pr_debug("padzero(%08lx) ", (unsigned long) (elf_bss)); padzero(elf_bss); len = (elf_bss + 0xfff) & 0xfffff000; /* What we have mapped so far */ -#ifdef DEBUG_ELF - printk("last_bss[%08lx] len[%08lx]\n", (unsigned long) last_bss, - (unsigned long) len); -#endif + pr_debug("last_bss[%08lx] len[%08lx]\n", (unsigned long) last_bss, + (unsigned long) len); /* Map the last of the bss segment */ if (last_bss > len) { @@ -396,12 +382,7 @@ static int verify_binary(struct elfhdr *ehp, struct linux_binprm *bprm) /* First of all, some simple consistency checks */ if((ehp->e_type != ET_EXEC && ehp->e_type != ET_DYN) || - !irix_elf_check_arch(ehp) || !bprm->file->f_op->mmap) { - return -ENOEXEC; - } - - /* Only support MIPS ARCH2 or greater IRIX binaries for now. */ - if(!(ehp->e_flags & EF_MIPS_ARCH) && !(ehp->e_flags & 0x04)) { + !bprm->file->f_op->mmap) { return -ENOEXEC; } @@ -411,16 +392,17 @@ static int verify_binary(struct elfhdr *ehp, struct linux_binprm *bprm) * XXX all registers as 64bits on cpu's capable of this at * XXX exception time plus frob the XTLB exception vector. */ - if((ehp->e_flags & 0x20)) { + if((ehp->e_flags & EF_MIPS_ABI2)) return -ENOEXEC; - } - return 0; /* It's ok. */ + return 0; } -#define IRIX_INTERP_PREFIX "/usr/gnemul/irix" - -/* Look for an IRIX ELF interpreter. */ +/* + * This is where the detailed check is performed. Irix binaries + * use interpreters with 'libc.so' in the name, so this function + * can differentiate between Linux and Irix binaries. + */ static inline int look_for_irix_interpreter(char **name, struct file **interpreter, struct elfhdr *interp_elf_ex, @@ -440,12 +422,11 @@ static inline int look_for_irix_interpreter(char **name, if (*name != NULL) goto out; - *name = kmalloc((epp->p_filesz + strlen(IRIX_INTERP_PREFIX)), - GFP_KERNEL); + *name = kmalloc(epp->p_filesz + strlen(IRIX_EMUL), GFP_KERNEL); if (!*name) return -ENOMEM; - strcpy(*name, IRIX_INTERP_PREFIX); + strcpy(*name, IRIX_EMUL); retval = kernel_read(bprm->file, epp->p_offset, (*name + 16), epp->p_filesz); if (retval < 0) @@ -562,7 +543,7 @@ static inline int map_interpreter(struct elf_phdr *epp, struct elfhdr *ihp, * process and the system, here we map the page and fill the * structure */ -void irix_map_prda_page (void) +static void irix_map_prda_page(void) { unsigned long v; struct prda *pp; @@ -601,14 +582,33 @@ static int load_irix_binary(struct linux_binprm * bprm, struct pt_regs * regs) load_addr = 0; has_interp = has_ephdr = 0; - elf_ihdr = elf_ephdr = 0; + elf_ihdr = elf_ephdr = NULL; elf_ex = *((struct elfhdr *) bprm->buf); retval = -ENOEXEC; if (verify_binary(&elf_ex, bprm)) goto out; -#ifdef DEBUG_ELF + /* + * Telling -o32 static binaries from Linux and Irix apart from each + * other is difficult. There are 2 differences to be noted for static + * binaries from the 2 operating systems: + * + * 1) Irix binaries have their .text section before their .init + * section. Linux binaries are just the opposite. + * + * 2) Irix binaries usually have <= 12 sections and Linux + * binaries have > 20. + * + * We will use Method #2 since Method #1 would require us to read in + * the section headers which is way too much overhead. This appears + * to work for everything we have ran into so far. If anyone has a + * better method to tell the binaries apart, I'm listening. + */ + if (elf_ex.e_shnum > 20) + goto out; + +#ifdef DEBUG print_elfhdr(&elf_ex); #endif @@ -623,11 +623,10 @@ static int load_irix_binary(struct linux_binprm * bprm, struct pt_regs * regs) } retval = kernel_read(bprm->file, elf_ex.e_phoff, (char *)elf_phdata, size); - if (retval < 0) goto out_free_ph; -#ifdef DEBUG_ELF +#ifdef DEBUG dump_phdrs(elf_phdata, elf_ex.e_phnum); #endif @@ -644,9 +643,8 @@ static int load_irix_binary(struct linux_binprm * bprm, struct pt_regs * regs) break; }; } -#ifdef DEBUG_ELF - printk("\n"); -#endif + + pr_debug("\n"); elf_bss = 0; elf_brk = 0; @@ -657,12 +655,19 @@ static int load_irix_binary(struct linux_binprm * bprm, struct pt_regs * regs) end_code = 0; end_data = 0; - retval = look_for_irix_interpreter(&elf_interpreter, - &interpreter, + /* + * If we get a return value, we change the value to be ENOEXEC + * so that we can exit gracefully and the main binary format + * search loop in 'fs/exec.c' will move onto the next handler + * which should be the normal ELF binary handler. + */ + retval = look_for_irix_interpreter(&elf_interpreter, &interpreter, &interp_elf_ex, elf_phdata, bprm, elf_ex.e_phnum); - if (retval) + if (retval) { + retval = -ENOEXEC; goto out_free_file; + } if (elf_interpreter) { retval = verify_irix_interpreter(&interp_elf_ex); @@ -692,7 +697,6 @@ static int load_irix_binary(struct linux_binprm * bprm, struct pt_regs * regs) /* Do this so that we can load the interpreter, if need be. We will * change some of these later. */ - set_mm_counter(current->mm, rss, 0); setup_arg_pages(bprm, STACK_TOP, EXSTACK_DEFAULT); current->mm->start_stack = bprm->p; @@ -746,18 +750,16 @@ static int load_irix_binary(struct linux_binprm * bprm, struct pt_regs * regs) * IRIX maps a page at 0x200000 which holds some system * information. Programs depend on this. */ - irix_map_prda_page (); + irix_map_prda_page(); padzero(elf_bss); -#ifdef DEBUG_ELF - printk("(start_brk) %lx\n" , (long) current->mm->start_brk); - printk("(end_code) %lx\n" , (long) current->mm->end_code); - printk("(start_code) %lx\n" , (long) current->mm->start_code); - printk("(end_data) %lx\n" , (long) current->mm->end_data); - printk("(start_stack) %lx\n" , (long) current->mm->start_stack); - printk("(brk) %lx\n" , (long) current->mm->brk); -#endif + pr_debug("(start_brk) %lx\n" , (long) current->mm->start_brk); + pr_debug("(end_code) %lx\n" , (long) current->mm->end_code); + pr_debug("(start_code) %lx\n" , (long) current->mm->start_code); + pr_debug("(end_data) %lx\n" , (long) current->mm->end_data); + pr_debug("(start_stack) %lx\n" , (long) current->mm->start_stack); + pr_debug("(brk) %lx\n" , (long) current->mm->brk); #if 0 /* XXX No fucking way dude... */ /* Why this, you ask??? Well SVr4 maps page 0 as read-only, @@ -782,8 +784,7 @@ out_free_dentry: allow_write_access(interpreter); fput(interpreter); out_free_interp: - if (elf_interpreter) - kfree(elf_interpreter); + kfree(elf_interpreter); out_free_file: out_free_ph: kfree (elf_phdata); @@ -813,7 +814,7 @@ static int load_irix_library(struct file *file) /* First of all, some simple consistency checks. */ if(elf_ex.e_type != ET_EXEC || elf_ex.e_phnum > 2 || - !irix_elf_check_arch(&elf_ex) || !file->f_op->mmap) + !file->f_op->mmap) return -ENOEXEC; /* Now read in all of the header information. */ @@ -874,35 +875,36 @@ static int load_irix_library(struct file *file) * phdrs there are in the USER_PHDRP array. We return the vaddr the * first phdr was successfully mapped to. */ -unsigned long irix_mapelf(int fd, struct elf_phdr *user_phdrp, int cnt) +unsigned long irix_mapelf(int fd, struct elf_phdr __user *user_phdrp, int cnt) { - struct elf_phdr *hp; + unsigned long type, vaddr, filesz, offset, flags; + struct elf_phdr __user *hp; struct file *filp; int i, retval; -#ifdef DEBUG_ELF - printk("irix_mapelf: fd[%d] user_phdrp[%p] cnt[%d]\n", - fd, user_phdrp, cnt); -#endif + pr_debug("irix_mapelf: fd[%d] user_phdrp[%p] cnt[%d]\n", + fd, user_phdrp, cnt); /* First get the verification out of the way. */ hp = user_phdrp; if (!access_ok(VERIFY_READ, hp, (sizeof(struct elf_phdr) * cnt))) { -#ifdef DEBUG_ELF - printk("irix_mapelf: access_ok fails!\n"); -#endif + pr_debug("irix_mapelf: bad pointer to ELF PHDR!\n"); + return -EFAULT; } -#ifdef DEBUG_ELF +#ifdef DEBUG dump_phdrs(user_phdrp, cnt); #endif - for(i = 0; i < cnt; i++, hp++) - if(hp->p_type != PT_LOAD) { + for (i = 0; i < cnt; i++, hp++) { + if (__get_user(type, &hp->p_type)) + return -EFAULT; + if (type != PT_LOAD) { printk("irix_mapelf: One section is not PT_LOAD!\n"); return -ENOEXEC; } + } filp = fget(fd); if (!filp) @@ -917,29 +919,40 @@ unsigned long irix_mapelf(int fd, struct elf_phdr *user_phdrp, int cnt) for(i = 0; i < cnt; i++, hp++) { int prot; - prot = (hp->p_flags & PF_R) ? PROT_READ : 0; - prot |= (hp->p_flags & PF_W) ? PROT_WRITE : 0; - prot |= (hp->p_flags & PF_X) ? PROT_EXEC : 0; + retval = __get_user(vaddr, &hp->p_vaddr); + retval |= __get_user(filesz, &hp->p_filesz); + retval |= __get_user(offset, &hp->p_offset); + retval |= __get_user(flags, &hp->p_flags); + if (retval) + return retval; + + prot = (flags & PF_R) ? PROT_READ : 0; + prot |= (flags & PF_W) ? PROT_WRITE : 0; + prot |= (flags & PF_X) ? PROT_EXEC : 0; + down_write(¤t->mm->mmap_sem); - retval = do_mmap(filp, (hp->p_vaddr & 0xfffff000), - (hp->p_filesz + (hp->p_vaddr & 0xfff)), + retval = do_mmap(filp, (vaddr & 0xfffff000), + (filesz + (vaddr & 0xfff)), prot, (MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE), - (hp->p_offset & 0xfffff000)); + (offset & 0xfffff000)); up_write(¤t->mm->mmap_sem); - if(retval != (hp->p_vaddr & 0xfffff000)) { + if (retval != (vaddr & 0xfffff000)) { printk("irix_mapelf: do_mmap fails with %d!\n", retval); fput(filp); return retval; } } -#ifdef DEBUG_ELF - printk("irix_mapelf: Success, returning %08lx\n", - (unsigned long) user_phdrp->p_vaddr); -#endif + pr_debug("irix_mapelf: Success, returning %08lx\n", + (unsigned long) user_phdrp->p_vaddr); + fput(filp); - return user_phdrp->p_vaddr; + + if (__get_user(vaddr, &user_phdrp->p_vaddr)) + return -EFAULT; + + return vaddr; } /* @@ -952,9 +965,9 @@ unsigned long irix_mapelf(int fd, struct elf_phdr *user_phdrp, int cnt) /* These are the only things you should do on a core-file: use only these * functions to write out all the necessary info. */ -static int dump_write(struct file *file, const void *addr, int nr) +static int dump_write(struct file *file, const void __user *addr, int nr) { - return file->f_op->write(file, addr, nr, &file->f_pos) == nr; + return file->f_op->write(file, (const char __user *) addr, nr, &file->f_pos) == nr; } static int dump_seek(struct file *file, off_t off) @@ -1064,8 +1077,8 @@ static int irix_core_dump(long signr, struct pt_regs * regs, struct file *file) struct elfhdr elf; off_t offset = 0, dataoff; int limit = current->signal->rlim[RLIMIT_CORE].rlim_cur; - int numnote = 4; - struct memelfnote notes[4]; + int numnote = 3; + struct memelfnote notes[3]; struct elf_prstatus prstatus; /* NT_PRSTATUS */ elf_fpregset_t fpu; /* NT_PRFPREG */ struct elf_prpsinfo psinfo; /* NT_PRPSINFO */ @@ -1073,7 +1086,7 @@ static int irix_core_dump(long signr, struct pt_regs * regs, struct file *file) /* Count what's needed to dump, up to the limit of coredump size. */ segs = 0; size = 0; - for(vma = current->mm->mmap; vma != NULL; vma = vma->vm_next) { + for (vma = current->mm->mmap; vma != NULL; vma = vma->vm_next) { if (maydump(vma)) { int sz = vma->vm_end-vma->vm_start; @@ -1187,9 +1200,9 @@ static int irix_core_dump(long signr, struct pt_regs * regs, struct file *file) len = current->mm->arg_end - current->mm->arg_start; len = len >= ELF_PRARGSZ ? ELF_PRARGSZ : len; - copy_from_user(&psinfo.pr_psargs, - (const char *)current->mm->arg_start, len); - for(i = 0; i < len; i++) + (void *) copy_from_user(&psinfo.pr_psargs, + (const char __user *)current->mm->arg_start, len); + for (i = 0; i < len; i++) if (psinfo.pr_psargs[i] == 0) psinfo.pr_psargs[i] = ' '; psinfo.pr_psargs[len] = 0; @@ -1198,20 +1211,15 @@ static int irix_core_dump(long signr, struct pt_regs * regs, struct file *file) } strlcpy(psinfo.pr_fname, current->comm, sizeof(psinfo.pr_fname)); - notes[2].name = "CORE"; - notes[2].type = NT_TASKSTRUCT; - notes[2].datasz = sizeof(*current); - notes[2].data = current; - /* Try to dump the FPU. */ prstatus.pr_fpvalid = dump_fpu (regs, &fpu); if (!prstatus.pr_fpvalid) { numnote--; } else { - notes[3].name = "CORE"; - notes[3].type = NT_PRFPREG; - notes[3].datasz = sizeof(fpu); - notes[3].data = &fpu; + notes[2].name = "CORE"; + notes[2].type = NT_PRFPREG; + notes[2].datasz = sizeof(fpu); + notes[2].data = &fpu; } /* Write notes phdr entry. */ @@ -1256,8 +1264,10 @@ static int irix_core_dump(long signr, struct pt_regs * regs, struct file *file) phdr.p_memsz = sz; offset += phdr.p_filesz; phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0; - if (vma->vm_flags & VM_WRITE) phdr.p_flags |= PF_W; - if (vma->vm_flags & VM_EXEC) phdr.p_flags |= PF_X; + if (vma->vm_flags & VM_WRITE) + phdr.p_flags |= PF_W; + if (vma->vm_flags & VM_EXEC) + phdr.p_flags |= PF_X; phdr.p_align = PAGE_SIZE; DUMP_WRITE(&phdr, sizeof(phdr)); @@ -1283,7 +1293,7 @@ static int irix_core_dump(long signr, struct pt_regs * regs, struct file *file) #ifdef DEBUG printk("elf_core_dump: writing %08lx %lx\n", addr, len); #endif - DUMP_WRITE((void *)addr, len); + DUMP_WRITE((void __user *)addr, len); } if ((off_t) file->f_pos != offset) { @@ -1299,7 +1309,7 @@ end_coredump: static int __init init_irix_binfmt(void) { - int init_inventory(void); + extern int init_inventory(void); extern asmlinkage unsigned long sys_call_table; extern asmlinkage unsigned long sys_call_table_irix5; @@ -1318,7 +1328,9 @@ static int __init init_irix_binfmt(void) static void __exit exit_irix_binfmt(void) { - /* Remove the IRIX ELF loaders. */ + /* + * Remove the Irix ELF loader. + */ unregister_binfmt(&irix_format); } |