1 /* $NetBSD: core_elf32.c,v 1.67 2021/01/02 02:13:42 rin Exp $ */
2
3 /*
4 * Copyright (c) 2001 Wasabi Systems, Inc.
5 * All rights reserved.
6 *
7 * Written by Jason R. Thorpe for Wasabi Systems, Inc.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. All advertising materials mentioning features or use of this software
18 * must display the following acknowledgement:
19 * This product includes software developed for the NetBSD Project by
20 * Wasabi Systems, Inc.
21 * 4. The name of Wasabi Systems, Inc. may not be used to endorse
22 * or promote products derived from this software without specific prior
23 * written permission.
24 *
25 * THIS SOFTWARE IS PROVIDED BY WASABI SYSTEMS, INC. ``AS IS'' AND
26 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
27 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
28 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL WASABI SYSTEMS, INC
29 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
30 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
31 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
32 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
33 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
34 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
35 * POSSIBILITY OF SUCH DAMAGE.
36 */
37
38 /*
39 * core_elf32.c/core_elf64.c: Support for the Elf32/Elf64 core file format.
40 */
41
42 #include <sys/cdefs.h>
43 __KERNEL_RCSID(1, "$NetBSD: core_elf32.c,v 1.67 2021/01/02 02:13:42 rin Exp $");
44
45 #ifdef _KERNEL_OPT
46 #include "opt_compat_netbsd32.h"
47 #endif
48
49 #ifndef ELFSIZE
50 #define ELFSIZE 32
51 #endif
52
53 #include <sys/param.h>
54 #include <sys/systm.h>
55 #include <sys/proc.h>
56 #include <sys/vnode.h>
57 #include <sys/exec.h>
58 #include <sys/exec_elf.h>
59 #include <sys/ptrace.h>
60 #include <sys/kmem.h>
61 #include <sys/kauth.h>
62 #include <sys/compat_stub.h>
63
64 #include <machine/reg.h>
65
66 #include <uvm/uvm_extern.h>
67
68 #ifdef COMPAT_NETBSD32
69 #include <compat/netbsd32/netbsd32.h>
70 #endif
71
72 struct writesegs_state {
73 Elf_Phdr *psections;
74 proc_t *p;
75 off_t secoff;
76 size_t npsections;
77 };
78
79 /*
80 * We need to know how big the 'notes' are before we write the main header.
81 * To avoid problems with double-processing we save the data.
82 */
83 struct note_buf {
84 struct note_buf *nb_next;
85 unsigned char nb_data[4096 - sizeof (void *)];
86 };
87
88 struct note_state {
89 struct note_buf *ns_first;
90 struct note_buf *ns_last;
91 unsigned int ns_count; /* Of full buffers */
92 unsigned int ns_offset; /* Write point in last buffer */
93 };
94
95 static int ELFNAMEEND(coredump_getseghdrs)(struct uvm_coredump_state *);
96
97 static int ELFNAMEEND(coredump_notes)(struct lwp *, struct note_state *);
98 static int ELFNAMEEND(coredump_note)(struct lwp *, struct note_state *);
99
100 /* The 'note' section names and data are always 4-byte aligned. */
101 #define ELFROUNDSIZE 4 /* XXX Should it be sizeof(Elf_Word)? */
102
103 #define elf_read_lwpstatus CONCAT(process_read_lwpstatus, ELFSIZE)
104 #define elf_lwpstatus CONCAT(process_lwpstatus, ELFSIZE)
105
106 #define elf_process_read_regs CONCAT(process_read_regs, ELFSIZE)
107 #define elf_process_read_fpregs CONCAT(process_read_fpregs, ELFSIZE)
108 #define elf_reg CONCAT(process_reg, ELFSIZE)
109 #define elf_fpreg CONCAT(process_fpreg, ELFSIZE)
110
111 int
ELFNAMEEND(real_coredump)112 ELFNAMEEND(real_coredump)(struct lwp *l, struct coredump_iostate *cookie)
113 {
114 Elf_Ehdr ehdr;
115 Elf_Shdr shdr;
116 Elf_Phdr *psections;
117 size_t psectionssize;
118 int npsections;
119 struct writesegs_state ws;
120 off_t notestart;
121 size_t notesize;
122 int error, i;
123 off_t offset __diagused;
124
125 struct note_state ns;
126 struct note_buf *nb;
127
128 psections = NULL;
129
130 /* Get all of the notes (mostly all the registers). */
131 ns.ns_first = kmem_alloc(sizeof *ns.ns_first, KM_SLEEP);
132 ns.ns_last = ns.ns_first;
133 ns.ns_count = 0;
134 ns.ns_offset = 0;
135 error = ELFNAMEEND(coredump_notes)(l, &ns);
136 ns.ns_last->nb_next = NULL;
137 if (error)
138 goto out;
139 notesize = ns.ns_count * sizeof nb->nb_data + ns.ns_offset;
140
141 /*
142 * We have to make a total of 3 passes across the map:
143 *
144 * 1. Count the number of map entries (the number of
145 * PT_LOAD sections in the dump).
146 *
147 * 2. Write the P-section headers.
148 *
149 * 3. Write the P-sections.
150 */
151
152 /* Pass 1: count the entries. */
153 MODULE_HOOK_CALL(uvm_coredump_count_segs_hook,
154 (l->l_proc), 0, npsections);
155 /* Allow for the PT_NOTE section. */
156 npsections++;
157
158 /* Build the main elf header */
159 memset(&ehdr.e_ident[EI_PAD], 0, sizeof(ehdr.e_ident) - EI_PAD);
160 memcpy(ehdr.e_ident, ELFMAG, SELFMAG);
161 #if ELFSIZE == 32
162 ehdr.e_ident[EI_CLASS] = ELFCLASS32;
163 #elif ELFSIZE == 64
164 ehdr.e_ident[EI_CLASS] = ELFCLASS64;
165 #endif
166 ehdr.e_ident[EI_DATA] = ELFDEFNNAME(MACHDEP_ENDIANNESS);
167 ehdr.e_ident[EI_VERSION] = EV_CURRENT;
168 /*
169 * NetBSD sets generic SYSV OSABI and ABI version 0
170 * Native ELF files are distinguishable with NetBSD specific notes
171 */
172 ehdr.e_ident[EI_OSABI] = ELFOSABI_SYSV;
173 ehdr.e_ident[EI_ABIVERSION] = 0;
174
175 ehdr.e_type = ET_CORE;
176 /* XXX This should be the e_machine of the executable. */
177 ehdr.e_machine = ELFDEFNNAME(MACHDEP_ID);
178 ehdr.e_version = EV_CURRENT;
179 ehdr.e_entry = 0;
180 ehdr.e_flags = 0;
181 ehdr.e_ehsize = sizeof(ehdr);
182 ehdr.e_phentsize = sizeof(Elf_Phdr);
183 if (npsections < PN_XNUM) {
184 ehdr.e_phnum = npsections;
185 ehdr.e_shentsize = 0;
186 ehdr.e_shnum = 0;
187 ehdr.e_shoff = 0;
188 ehdr.e_phoff = sizeof(ehdr);
189 } else {
190 ehdr.e_phnum = PN_XNUM;
191 ehdr.e_shentsize = sizeof(Elf_Shdr);
192 ehdr.e_shnum = 1;
193 ehdr.e_shoff = sizeof(ehdr);
194 ehdr.e_phoff = sizeof(ehdr) + sizeof(shdr);
195 }
196 ehdr.e_shstrndx = 0;
197
198 #ifdef ELF_MD_COREDUMP_SETUP
199 ELF_MD_COREDUMP_SETUP(l, &ehdr);
200 #endif
201
202 /* Write out the ELF header. */
203 MODULE_HOOK_CALL(coredump_write_hook, (cookie, UIO_SYSSPACE, &ehdr,
204 sizeof(ehdr)), ENOSYS, error);
205 if (error)
206 goto out;
207
208 /* Write out sections, if needed */
209 if (npsections >= PN_XNUM) {
210 memset(&shdr, 0, sizeof(shdr));
211 shdr.sh_type = SHT_NULL;
212 shdr.sh_info = npsections;
213 MODULE_HOOK_CALL(coredump_write_hook, (cookie, UIO_SYSSPACE,
214 &shdr, sizeof(shdr)), ENOSYS, error);
215 if (error)
216 goto out;
217 }
218
219 psectionssize = npsections * sizeof(*psections);
220 notestart = ehdr.e_phoff + psectionssize;
221
222 psections = kmem_zalloc(psectionssize, KM_SLEEP);
223
224 /* Pass 2: now find the P-section headers. */
225 ws.secoff = notestart + notesize;
226 ws.psections = psections;
227 ws.npsections = npsections - 1;
228 ws.p = l->l_proc;
229 MODULE_HOOK_CALL(uvm_coredump_walkmap_hook,
230 (l->l_proc, ELFNAMEEND(coredump_getseghdrs), &ws), ENOSYS, error);
231 if (error)
232 goto out;
233 if (ws.npsections != 0) {
234 /* A section went away */
235 error = ENOMEM;
236 goto out;
237 }
238
239 /* Add the PT_NOTE header after the P-section headers. */
240 ws.psections->p_type = PT_NOTE;
241 ws.psections->p_offset = notestart;
242 ws.psections->p_vaddr = 0;
243 ws.psections->p_paddr = 0;
244 ws.psections->p_filesz = notesize;
245 ws.psections->p_memsz = 0;
246 ws.psections->p_flags = PF_R;
247 ws.psections->p_align = ELFROUNDSIZE;
248
249 /* Write the P-section headers followed by the PT_NOTE header */
250 MODULE_HOOK_CALL(coredump_write_hook, (cookie, UIO_SYSSPACE, psections,
251 psectionssize), ENOSYS, error);
252 if (error)
253 goto out;
254
255 #ifdef DIAGNOSTIC
256 MODULE_HOOK_CALL(coredump_offset_hook, (cookie), 0, offset);
257 if (offset != notestart)
258 panic("coredump: offset %lld != notestart %lld",
259 (long long) offset,
260 (long long) notestart);
261 #endif
262
263 /* Write out the notes. */
264 for (nb = ns.ns_first; nb != NULL; nb = nb->nb_next) {
265 MODULE_HOOK_CALL(coredump_write_hook, (cookie, UIO_SYSSPACE,
266 nb->nb_data,
267 nb->nb_next == NULL ? ns.ns_offset : sizeof nb->nb_data),
268 ENOSYS, error);
269 if (error)
270 goto out;
271 }
272
273 /* Finally, write the sections themselves. */
274 for (i = 0; i < npsections - 1; i++) {
275 if (psections[i].p_filesz == 0)
276 continue;
277
278 #ifdef DIAGNOSTIC
279 MODULE_HOOK_CALL(coredump_offset_hook, (cookie), 0, offset);
280 if (offset != psections[i].p_offset)
281 panic("coredump: offset %lld != p_offset[%d] %lld",
282 (long long) offset, i,
283 (long long) psections[i].p_filesz);
284 #endif
285
286 MODULE_HOOK_CALL(coredump_write_hook, (cookie, UIO_USERSPACE,
287 (void *)(vaddr_t)psections[i].p_vaddr,
288 psections[i].p_filesz), ENOSYS, error);
289 if (error)
290 goto out;
291 }
292
293 out:
294 if (psections)
295 kmem_free(psections, psectionssize);
296 while ((nb = ns.ns_first) != NULL) {
297 ns.ns_first = nb->nb_next;
298 kmem_free(nb, sizeof *nb);
299 }
300 return (error);
301 }
302
303 static int
ELFNAMEEND(coredump_getseghdrs)304 ELFNAMEEND(coredump_getseghdrs)(struct uvm_coredump_state *us)
305 {
306 struct writesegs_state *ws = us->cookie;
307 Elf_Phdr phdr;
308 vsize_t size, realsize;
309 vaddr_t end;
310 int error;
311
312 /* Don't overrun if there are more sections */
313 if (ws->npsections == 0)
314 return ENOMEM;
315 ws->npsections--;
316
317 size = us->end - us->start;
318 realsize = us->realend - us->start;
319 end = us->realend;
320
321 /* Don't bother writing out trailing zeros */
322 while (realsize > 0) {
323 long buf[1024 / sizeof(long)];
324 size_t slen = realsize > sizeof(buf) ? sizeof(buf) : realsize;
325 const long *ep;
326 int i;
327
328 end -= slen;
329 if ((error = copyin_proc(ws->p, (void *)end, buf, slen)) != 0) {
330 /*
331 * In case of any errors of scanning the segments reset
332 * their content to a default value with zeros. This is
333 * achieved with shortening the p_filesz parameter.
334 *
335 * This allows to emit core(5) files for a process
336 * regardless of its state of mappings, such as mapping
337 * pages after EOF in a file.
338 */
339 realsize -= slen;
340 continue;
341 }
342
343 ep = (const long *) &buf[slen / sizeof(buf[0])];
344 for (i = 0, ep--; buf <= ep; ep--, i++) {
345 if (*ep)
346 break;
347 }
348 realsize -= i * sizeof(buf[0]);
349 if (i * sizeof(buf[0]) < slen)
350 break;
351 }
352
353 phdr.p_type = PT_LOAD;
354 phdr.p_offset = ws->secoff;
355 phdr.p_vaddr = us->start;
356 phdr.p_paddr = 0;
357 phdr.p_filesz = realsize;
358 phdr.p_memsz = size;
359 phdr.p_flags = 0;
360 if (us->prot & VM_PROT_READ)
361 phdr.p_flags |= PF_R;
362 if (us->prot & VM_PROT_WRITE)
363 phdr.p_flags |= PF_W;
364 if (us->prot & VM_PROT_EXECUTE)
365 phdr.p_flags |= PF_X;
366 phdr.p_align = PAGE_SIZE;
367
368 ws->secoff += phdr.p_filesz;
369 *ws->psections++ = phdr;
370
371 return (0);
372 }
373
374 static void
coredump_note_procinfo(struct lwp * l,struct note_state * ns)375 coredump_note_procinfo(struct lwp *l, struct note_state *ns)
376 {
377 struct proc *p;
378 struct netbsd_elfcore_procinfo cpi;
379
380 p = l->l_proc;
381
382 /* First, write an elfcore_procinfo. */
383 cpi.cpi_version = NETBSD_ELFCORE_PROCINFO_VERSION;
384 cpi.cpi_cpisize = sizeof(cpi);
385 cpi.cpi_signo = p->p_sigctx.ps_info._signo;
386 cpi.cpi_sigcode = p->p_sigctx.ps_info._code;
387 cpi.cpi_siglwp = p->p_sigctx.ps_lwp;
388
389 /*
390 * per-LWP pending signals are stored in PT_LWPSTATUS@nnn.
391 */
392 memcpy(&cpi.cpi_sigpend, &p->p_sigpend.sp_set, sizeof(cpi.cpi_sigpend));
393
394 /*
395 * Signal mask is stored on a per-LWP basis in PT_LWPSTATUS@nnn.
396 * For compatibility purposes, cpi_sigmask is present, but zeroed.
397 */
398 memset(&cpi.cpi_sigmask, 0, sizeof(cpi.cpi_sigmask));
399
400 memcpy(&cpi.cpi_sigignore, &p->p_sigctx.ps_sigignore,
401 sizeof(cpi.cpi_sigignore));
402 memcpy(&cpi.cpi_sigcatch, &p->p_sigctx.ps_sigcatch,
403 sizeof(cpi.cpi_sigcatch));
404
405 cpi.cpi_pid = p->p_pid;
406 mutex_enter(&proc_lock);
407 cpi.cpi_ppid = p->p_pptr->p_pid;
408 cpi.cpi_pgrp = p->p_pgid;
409 cpi.cpi_sid = p->p_session->s_sid;
410 mutex_exit(&proc_lock);
411
412 cpi.cpi_ruid = kauth_cred_getuid(l->l_cred);
413 cpi.cpi_euid = kauth_cred_geteuid(l->l_cred);
414 cpi.cpi_svuid = kauth_cred_getsvuid(l->l_cred);
415
416 cpi.cpi_rgid = kauth_cred_getgid(l->l_cred);
417 cpi.cpi_egid = kauth_cred_getegid(l->l_cred);
418 cpi.cpi_svgid = kauth_cred_getsvgid(l->l_cred);
419
420 cpi.cpi_nlwps = p->p_nlwps;
421 (void)strncpy(cpi.cpi_name, p->p_comm, sizeof(cpi.cpi_name));
422 cpi.cpi_name[sizeof(cpi.cpi_name) - 1] = '\0';
423
424 ELFNAMEEND(coredump_savenote)(ns, ELF_NOTE_NETBSD_CORE_PROCINFO,
425 ELF_NOTE_NETBSD_CORE_NAME, &cpi, sizeof(cpi));
426 }
427
428 static int
coredump_note_auxv(struct lwp * l,struct note_state * ns)429 coredump_note_auxv(struct lwp *l, struct note_state *ns)
430 {
431 int error;
432 size_t len;
433 void *kauxv;
434
435 if ((error = proc_getauxv(l->l_proc, &kauxv, &len)) != 0)
436 return error;
437
438 ELFNAMEEND(coredump_savenote)(ns, ELF_NOTE_NETBSD_CORE_AUXV,
439 ELF_NOTE_NETBSD_CORE_NAME, kauxv, len);
440
441 kmem_free(kauxv, len);
442 return 0;
443 }
444
445 static int
ELFNAMEEND(coredump_notes)446 ELFNAMEEND(coredump_notes)(struct lwp *l, struct note_state *ns)
447 {
448 int error;
449 struct lwp *l0;
450 struct proc *p = l->l_proc;
451
452 coredump_note_procinfo(l, ns);
453 error = coredump_note_auxv(l, ns);
454 if (error)
455 return error;
456
457 /* XXX Add hook for machdep per-proc notes. */
458
459 /*
460 * Now write the register info for the thread that caused the
461 * coredump.
462 */
463 error = ELFNAMEEND(coredump_note)(l, ns);
464 if (error)
465 return error;
466
467 /*
468 * Now, for each LWP, write the register info and any other
469 * per-LWP notes.
470 * Lock in case this is a gcore requested dump.
471 */
472 mutex_enter(p->p_lock);
473 LIST_FOREACH(l0, &p->p_lwps, l_sibling) {
474 if (l0 == l) /* we've taken care of this thread */
475 continue;
476 error = ELFNAMEEND(coredump_note)(l0, ns);
477 if (error)
478 break;
479 }
480 mutex_exit(p->p_lock);
481
482 return error;
483 }
484
485 struct elf_coredump_note_data {
486 char name[64];
487 elf_lwpstatus els;
488 elf_reg intreg;
489 #ifdef PT_GETFPREGS
490 elf_fpreg freg;
491 #endif
492 };
493
494 static int
ELFNAMEEND(coredump_note)495 ELFNAMEEND(coredump_note)(struct lwp *l, struct note_state *ns)
496 {
497 struct elf_coredump_note_data *d;
498 #ifdef PT_GETFPREGS
499 size_t freglen;
500 #endif
501 int error;
502
503 d = kmem_alloc(sizeof(*d), KM_SLEEP);
504
505 snprintf(d->name, sizeof(d->name), "%s@%d",
506 ELF_NOTE_NETBSD_CORE_NAME, l->l_lid);
507
508 elf_read_lwpstatus(l, &d->els);
509
510 ELFNAMEEND(coredump_savenote)(ns, PT_LWPSTATUS, d->name, &d->els,
511 sizeof(d->els));
512
513 error = elf_process_read_regs(l, &d->intreg);
514 if (error)
515 goto out;
516
517 ELFNAMEEND(coredump_savenote)(ns,
518 #if ELFSIZE == 32 && defined(PT32_GETREGS)
519 PT32_GETREGS,
520 #else
521 PT_GETREGS,
522 #endif
523 d->name, &d->intreg, sizeof(d->intreg));
524
525 #ifdef PT_GETFPREGS
526 freglen = sizeof(d->freg);
527 error = elf_process_read_fpregs(l, &d->freg, &freglen);
528 if (error)
529 goto out;
530
531 ELFNAMEEND(coredump_savenote)(ns,
532 # if ELFSIZE == 32 && defined(PT32_GETFPREGS)
533 PT32_GETFPREGS,
534 # else
535 PT_GETFPREGS,
536 # endif
537 d->name, &d->freg, freglen);
538 #endif
539
540 #ifdef COREDUMP_MACHDEP_LWP_NOTES
541 COREDUMP_MACHDEP_LWP_NOTES(l, ns, d->name);
542 #endif
543
544 out:
545 kmem_free(d, sizeof(*d));
546 return (error);
547 }
548
549 static void
save_note_bytes(struct note_state * ns,const void * data,size_t len)550 save_note_bytes(struct note_state *ns, const void *data, size_t len)
551 {
552 struct note_buf *nb = ns->ns_last;
553 size_t copylen;
554 unsigned char *wp;
555
556 /*
557 * Just copy the data into a buffer list.
558 * All but the last buffer is full.
559 */
560 for (;;) {
561 copylen = uimin(len, sizeof(nb->nb_data) - ns->ns_offset);
562 wp = nb->nb_data + ns->ns_offset;
563 memcpy(wp, data, copylen);
564 if (copylen == len)
565 break;
566 nb->nb_next = kmem_alloc(sizeof(*nb->nb_next), KM_SLEEP);
567 nb = nb->nb_next;
568 ns->ns_last = nb;
569 ns->ns_count++;
570 ns->ns_offset = 0;
571 len -= copylen;
572 data = (const unsigned char *)data + copylen;
573 }
574
575 while ((copylen & (ELFROUNDSIZE - 1)) &&
576 wp + copylen < nb->nb_data + sizeof(nb->nb_data))
577 wp[copylen++] = 0;
578
579 ns->ns_offset += copylen;
580 }
581
582 void
ELFNAMEEND(coredump_savenote)583 ELFNAMEEND(coredump_savenote)(struct note_state *ns, unsigned int type,
584 const char *name, void *data, size_t data_len)
585 {
586 Elf_Nhdr nhdr;
587
588 nhdr.n_namesz = strlen(name) + 1;
589 nhdr.n_descsz = data_len;
590 nhdr.n_type = type;
591
592 save_note_bytes(ns, &nhdr, sizeof (nhdr));
593 save_note_bytes(ns, name, nhdr.n_namesz);
594 save_note_bytes(ns, data, data_len);
595 }
596