linux/kernel/kexec_elf.c
<<
>>
Prefs
   1// SPDX-License-Identifier: GPL-2.0-only
   2/*
   3 * Load ELF vmlinux file for the kexec_file_load syscall.
   4 *
   5 * Copyright (C) 2004  Adam Litke (agl@us.ibm.com)
   6 * Copyright (C) 2004  IBM Corp.
   7 * Copyright (C) 2005  R Sharada (sharada@in.ibm.com)
   8 * Copyright (C) 2006  Mohan Kumar M (mohan@in.ibm.com)
   9 * Copyright (C) 2016  IBM Corporation
  10 *
  11 * Based on kexec-tools' kexec-elf-exec.c and kexec-elf-ppc64.c.
  12 * Heavily modified for the kernel by
  13 * Thiago Jung Bauermann <bauerman@linux.vnet.ibm.com>.
  14 */
  15
  16#define pr_fmt(fmt)     "kexec_elf: " fmt
  17
  18#include <linux/elf.h>
  19#include <linux/kexec.h>
  20#include <linux/module.h>
  21#include <linux/slab.h>
  22#include <linux/types.h>
  23
  24static inline bool elf_is_elf_file(const struct elfhdr *ehdr)
  25{
  26        return memcmp(ehdr->e_ident, ELFMAG, SELFMAG) == 0;
  27}
  28
  29static uint64_t elf64_to_cpu(const struct elfhdr *ehdr, uint64_t value)
  30{
  31        if (ehdr->e_ident[EI_DATA] == ELFDATA2LSB)
  32                value = le64_to_cpu(value);
  33        else if (ehdr->e_ident[EI_DATA] == ELFDATA2MSB)
  34                value = be64_to_cpu(value);
  35
  36        return value;
  37}
  38
  39static uint32_t elf32_to_cpu(const struct elfhdr *ehdr, uint32_t value)
  40{
  41        if (ehdr->e_ident[EI_DATA] == ELFDATA2LSB)
  42                value = le32_to_cpu(value);
  43        else if (ehdr->e_ident[EI_DATA] == ELFDATA2MSB)
  44                value = be32_to_cpu(value);
  45
  46        return value;
  47}
  48
  49static uint16_t elf16_to_cpu(const struct elfhdr *ehdr, uint16_t value)
  50{
  51        if (ehdr->e_ident[EI_DATA] == ELFDATA2LSB)
  52                value = le16_to_cpu(value);
  53        else if (ehdr->e_ident[EI_DATA] == ELFDATA2MSB)
  54                value = be16_to_cpu(value);
  55
  56        return value;
  57}
  58
  59/**
  60 * elf_is_ehdr_sane - check that it is safe to use the ELF header
  61 * @buf_len:    size of the buffer in which the ELF file is loaded.
  62 */
  63static bool elf_is_ehdr_sane(const struct elfhdr *ehdr, size_t buf_len)
  64{
  65        if (ehdr->e_phnum > 0 && ehdr->e_phentsize != sizeof(struct elf_phdr)) {
  66                pr_debug("Bad program header size.\n");
  67                return false;
  68        } else if (ehdr->e_shnum > 0 &&
  69                   ehdr->e_shentsize != sizeof(struct elf_shdr)) {
  70                pr_debug("Bad section header size.\n");
  71                return false;
  72        } else if (ehdr->e_ident[EI_VERSION] != EV_CURRENT ||
  73                   ehdr->e_version != EV_CURRENT) {
  74                pr_debug("Unknown ELF version.\n");
  75                return false;
  76        }
  77
  78        if (ehdr->e_phoff > 0 && ehdr->e_phnum > 0) {
  79                size_t phdr_size;
  80
  81                /*
  82                 * e_phnum is at most 65535 so calculating the size of the
  83                 * program header cannot overflow.
  84                 */
  85                phdr_size = sizeof(struct elf_phdr) * ehdr->e_phnum;
  86
  87                /* Sanity check the program header table location. */
  88                if (ehdr->e_phoff + phdr_size < ehdr->e_phoff) {
  89                        pr_debug("Program headers at invalid location.\n");
  90                        return false;
  91                } else if (ehdr->e_phoff + phdr_size > buf_len) {
  92                        pr_debug("Program headers truncated.\n");
  93                        return false;
  94                }
  95        }
  96
  97        if (ehdr->e_shoff > 0 && ehdr->e_shnum > 0) {
  98                size_t shdr_size;
  99
 100                /*
 101                 * e_shnum is at most 65536 so calculating
 102                 * the size of the section header cannot overflow.
 103                 */
 104                shdr_size = sizeof(struct elf_shdr) * ehdr->e_shnum;
 105
 106                /* Sanity check the section header table location. */
 107                if (ehdr->e_shoff + shdr_size < ehdr->e_shoff) {
 108                        pr_debug("Section headers at invalid location.\n");
 109                        return false;
 110                } else if (ehdr->e_shoff + shdr_size > buf_len) {
 111                        pr_debug("Section headers truncated.\n");
 112                        return false;
 113                }
 114        }
 115
 116        return true;
 117}
 118
 119static int elf_read_ehdr(const char *buf, size_t len, struct elfhdr *ehdr)
 120{
 121        struct elfhdr *buf_ehdr;
 122
 123        if (len < sizeof(*buf_ehdr)) {
 124                pr_debug("Buffer is too small to hold ELF header.\n");
 125                return -ENOEXEC;
 126        }
 127
 128        memset(ehdr, 0, sizeof(*ehdr));
 129        memcpy(ehdr->e_ident, buf, sizeof(ehdr->e_ident));
 130        if (!elf_is_elf_file(ehdr)) {
 131                pr_debug("No ELF header magic.\n");
 132                return -ENOEXEC;
 133        }
 134
 135        if (ehdr->e_ident[EI_CLASS] != ELF_CLASS) {
 136                pr_debug("Not a supported ELF class.\n");
 137                return -ENOEXEC;
 138        } else  if (ehdr->e_ident[EI_DATA] != ELFDATA2LSB &&
 139                ehdr->e_ident[EI_DATA] != ELFDATA2MSB) {
 140                pr_debug("Not a supported ELF data format.\n");
 141                return -ENOEXEC;
 142        }
 143
 144        buf_ehdr = (struct elfhdr *) buf;
 145        if (elf16_to_cpu(ehdr, buf_ehdr->e_ehsize) != sizeof(*buf_ehdr)) {
 146                pr_debug("Bad ELF header size.\n");
 147                return -ENOEXEC;
 148        }
 149
 150        ehdr->e_type      = elf16_to_cpu(ehdr, buf_ehdr->e_type);
 151        ehdr->e_machine   = elf16_to_cpu(ehdr, buf_ehdr->e_machine);
 152        ehdr->e_version   = elf32_to_cpu(ehdr, buf_ehdr->e_version);
 153        ehdr->e_flags     = elf32_to_cpu(ehdr, buf_ehdr->e_flags);
 154        ehdr->e_phentsize = elf16_to_cpu(ehdr, buf_ehdr->e_phentsize);
 155        ehdr->e_phnum     = elf16_to_cpu(ehdr, buf_ehdr->e_phnum);
 156        ehdr->e_shentsize = elf16_to_cpu(ehdr, buf_ehdr->e_shentsize);
 157        ehdr->e_shnum     = elf16_to_cpu(ehdr, buf_ehdr->e_shnum);
 158        ehdr->e_shstrndx  = elf16_to_cpu(ehdr, buf_ehdr->e_shstrndx);
 159
 160        switch (ehdr->e_ident[EI_CLASS]) {
 161        case ELFCLASS64:
 162                ehdr->e_entry = elf64_to_cpu(ehdr, buf_ehdr->e_entry);
 163                ehdr->e_phoff = elf64_to_cpu(ehdr, buf_ehdr->e_phoff);
 164                ehdr->e_shoff = elf64_to_cpu(ehdr, buf_ehdr->e_shoff);
 165                break;
 166
 167        case ELFCLASS32:
 168                ehdr->e_entry = elf32_to_cpu(ehdr, buf_ehdr->e_entry);
 169                ehdr->e_phoff = elf32_to_cpu(ehdr, buf_ehdr->e_phoff);
 170                ehdr->e_shoff = elf32_to_cpu(ehdr, buf_ehdr->e_shoff);
 171                break;
 172
 173        default:
 174                pr_debug("Unknown ELF class.\n");
 175                return -EINVAL;
 176        }
 177
 178        return elf_is_ehdr_sane(ehdr, len) ? 0 : -ENOEXEC;
 179}
 180
 181/**
 182 * elf_is_phdr_sane - check that it is safe to use the program header
 183 * @buf_len:    size of the buffer in which the ELF file is loaded.
 184 */
 185static bool elf_is_phdr_sane(const struct elf_phdr *phdr, size_t buf_len)
 186{
 187
 188        if (phdr->p_offset + phdr->p_filesz < phdr->p_offset) {
 189                pr_debug("ELF segment location wraps around.\n");
 190                return false;
 191        } else if (phdr->p_offset + phdr->p_filesz > buf_len) {
 192                pr_debug("ELF segment not in file.\n");
 193                return false;
 194        } else if (phdr->p_paddr + phdr->p_memsz < phdr->p_paddr) {
 195                pr_debug("ELF segment address wraps around.\n");
 196                return false;
 197        }
 198
 199        return true;
 200}
 201
 202static int elf_read_phdr(const char *buf, size_t len,
 203                         struct kexec_elf_info *elf_info,
 204                         int idx)
 205{
 206        /* Override the const in proghdrs, we are the ones doing the loading. */
 207        struct elf_phdr *phdr = (struct elf_phdr *) &elf_info->proghdrs[idx];
 208        const struct elfhdr *ehdr = elf_info->ehdr;
 209        const char *pbuf;
 210        struct elf_phdr *buf_phdr;
 211
 212        pbuf = buf + elf_info->ehdr->e_phoff + (idx * sizeof(*buf_phdr));
 213        buf_phdr = (struct elf_phdr *) pbuf;
 214
 215        phdr->p_type   = elf32_to_cpu(elf_info->ehdr, buf_phdr->p_type);
 216        phdr->p_flags  = elf32_to_cpu(elf_info->ehdr, buf_phdr->p_flags);
 217
 218        switch (ehdr->e_ident[EI_CLASS]) {
 219        case ELFCLASS64:
 220                phdr->p_offset = elf64_to_cpu(ehdr, buf_phdr->p_offset);
 221                phdr->p_paddr  = elf64_to_cpu(ehdr, buf_phdr->p_paddr);
 222                phdr->p_vaddr  = elf64_to_cpu(ehdr, buf_phdr->p_vaddr);
 223                phdr->p_filesz = elf64_to_cpu(ehdr, buf_phdr->p_filesz);
 224                phdr->p_memsz  = elf64_to_cpu(ehdr, buf_phdr->p_memsz);
 225                phdr->p_align  = elf64_to_cpu(ehdr, buf_phdr->p_align);
 226                break;
 227
 228        case ELFCLASS32:
 229                phdr->p_offset = elf32_to_cpu(ehdr, buf_phdr->p_offset);
 230                phdr->p_paddr  = elf32_to_cpu(ehdr, buf_phdr->p_paddr);
 231                phdr->p_vaddr  = elf32_to_cpu(ehdr, buf_phdr->p_vaddr);
 232                phdr->p_filesz = elf32_to_cpu(ehdr, buf_phdr->p_filesz);
 233                phdr->p_memsz  = elf32_to_cpu(ehdr, buf_phdr->p_memsz);
 234                phdr->p_align  = elf32_to_cpu(ehdr, buf_phdr->p_align);
 235                break;
 236
 237        default:
 238                pr_debug("Unknown ELF class.\n");
 239                return -EINVAL;
 240        }
 241
 242        return elf_is_phdr_sane(phdr, len) ? 0 : -ENOEXEC;
 243}
 244
 245/**
 246 * elf_read_phdrs - read the program headers from the buffer
 247 *
 248 * This function assumes that the program header table was checked for sanity.
 249 * Use elf_is_ehdr_sane() if it wasn't.
 250 */
 251static int elf_read_phdrs(const char *buf, size_t len,
 252                          struct kexec_elf_info *elf_info)
 253{
 254        size_t phdr_size, i;
 255        const struct elfhdr *ehdr = elf_info->ehdr;
 256
 257        /*
 258         * e_phnum is at most 65535 so calculating the size of the
 259         * program header cannot overflow.
 260         */
 261        phdr_size = sizeof(struct elf_phdr) * ehdr->e_phnum;
 262
 263        elf_info->proghdrs = kzalloc(phdr_size, GFP_KERNEL);
 264        if (!elf_info->proghdrs)
 265                return -ENOMEM;
 266
 267        for (i = 0; i < ehdr->e_phnum; i++) {
 268                int ret;
 269
 270                ret = elf_read_phdr(buf, len, elf_info, i);
 271                if (ret) {
 272                        kfree(elf_info->proghdrs);
 273                        elf_info->proghdrs = NULL;
 274                        return ret;
 275                }
 276        }
 277
 278        return 0;
 279}
 280
 281/**
 282 * elf_read_from_buffer - read ELF file and sets up ELF header and ELF info
 283 * @buf:        Buffer to read ELF file from.
 284 * @len:        Size of @buf.
 285 * @ehdr:       Pointer to existing struct which will be populated.
 286 * @elf_info:   Pointer to existing struct which will be populated.
 287 *
 288 * This function allows reading ELF files with different byte order than
 289 * the kernel, byte-swapping the fields as needed.
 290 *
 291 * Return:
 292 * On success returns 0, and the caller should call
 293 * kexec_free_elf_info(elf_info) to free the memory allocated for the section
 294 * and program headers.
 295 */
 296static int elf_read_from_buffer(const char *buf, size_t len,
 297                                struct elfhdr *ehdr,
 298                                struct kexec_elf_info *elf_info)
 299{
 300        int ret;
 301
 302        ret = elf_read_ehdr(buf, len, ehdr);
 303        if (ret)
 304                return ret;
 305
 306        elf_info->buffer = buf;
 307        elf_info->ehdr = ehdr;
 308        if (ehdr->e_phoff > 0 && ehdr->e_phnum > 0) {
 309                ret = elf_read_phdrs(buf, len, elf_info);
 310                if (ret)
 311                        return ret;
 312        }
 313        return 0;
 314}
 315
 316/**
 317 * kexec_free_elf_info - free memory allocated by elf_read_from_buffer
 318 */
 319void kexec_free_elf_info(struct kexec_elf_info *elf_info)
 320{
 321        kfree(elf_info->proghdrs);
 322        memset(elf_info, 0, sizeof(*elf_info));
 323}
 324/**
 325 * kexec_build_elf_info - read ELF executable and check that we can use it
 326 */
 327int kexec_build_elf_info(const char *buf, size_t len, struct elfhdr *ehdr,
 328                               struct kexec_elf_info *elf_info)
 329{
 330        int i;
 331        int ret;
 332
 333        ret = elf_read_from_buffer(buf, len, ehdr, elf_info);
 334        if (ret)
 335                return ret;
 336
 337        /* Big endian vmlinux has type ET_DYN. */
 338        if (ehdr->e_type != ET_EXEC && ehdr->e_type != ET_DYN) {
 339                pr_err("Not an ELF executable.\n");
 340                goto error;
 341        } else if (!elf_info->proghdrs) {
 342                pr_err("No ELF program header.\n");
 343                goto error;
 344        }
 345
 346        for (i = 0; i < ehdr->e_phnum; i++) {
 347                /*
 348                 * Kexec does not support loading interpreters.
 349                 * In addition this check keeps us from attempting
 350                 * to kexec ordinay executables.
 351                 */
 352                if (elf_info->proghdrs[i].p_type == PT_INTERP) {
 353                        pr_err("Requires an ELF interpreter.\n");
 354                        goto error;
 355                }
 356        }
 357
 358        return 0;
 359error:
 360        kexec_free_elf_info(elf_info);
 361        return -ENOEXEC;
 362}
 363
 364
 365int kexec_elf_probe(const char *buf, unsigned long len)
 366{
 367        struct elfhdr ehdr;
 368        struct kexec_elf_info elf_info;
 369        int ret;
 370
 371        ret = kexec_build_elf_info(buf, len, &ehdr, &elf_info);
 372        if (ret)
 373                return ret;
 374
 375        kexec_free_elf_info(&elf_info);
 376
 377        return elf_check_arch(&ehdr) ? 0 : -ENOEXEC;
 378}
 379
 380/**
 381 * kexec_elf_load - load ELF executable image
 382 * @lowest_load_addr:   On return, will be the address where the first PT_LOAD
 383 *                      section will be loaded in memory.
 384 *
 385 * Return:
 386 * 0 on success, negative value on failure.
 387 */
 388int kexec_elf_load(struct kimage *image, struct elfhdr *ehdr,
 389                         struct kexec_elf_info *elf_info,
 390                         struct kexec_buf *kbuf,
 391                         unsigned long *lowest_load_addr)
 392{
 393        unsigned long lowest_addr = UINT_MAX;
 394        int ret;
 395        size_t i;
 396
 397        /* Read in the PT_LOAD segments. */
 398        for (i = 0; i < ehdr->e_phnum; i++) {
 399                unsigned long load_addr;
 400                size_t size;
 401                const struct elf_phdr *phdr;
 402
 403                phdr = &elf_info->proghdrs[i];
 404                if (phdr->p_type != PT_LOAD)
 405                        continue;
 406
 407                size = phdr->p_filesz;
 408                if (size > phdr->p_memsz)
 409                        size = phdr->p_memsz;
 410
 411                kbuf->buffer = (void *) elf_info->buffer + phdr->p_offset;
 412                kbuf->bufsz = size;
 413                kbuf->memsz = phdr->p_memsz;
 414                kbuf->buf_align = phdr->p_align;
 415                kbuf->buf_min = phdr->p_paddr;
 416                kbuf->mem = KEXEC_BUF_MEM_UNKNOWN;
 417                ret = kexec_add_buffer(kbuf);
 418                if (ret)
 419                        goto out;
 420                load_addr = kbuf->mem;
 421
 422                if (load_addr < lowest_addr)
 423                        lowest_addr = load_addr;
 424        }
 425
 426        *lowest_load_addr = lowest_addr;
 427        ret = 0;
 428 out:
 429        return ret;
 430}
 431